d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFC: ipfilter 4.1.13

Browse Source
This commit is contained in:
guido 2006-08-24 07:37:12 +00:00
parent 36e4535367
commit f3324cfdfc
254 changed files with 3925 additions and 2344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
contrib/ipfilter/BSD/Makefile
View File

@ -3,12 +3,14 @@
#
# See the IPFILTER.LICENCE file for details on licencing.
#
TOP=../..
BINDEST=/usr/sbin
SBINDEST=/sbin
MANDIR=/usr/share/man
SEARCHDIRS!=echo $(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin | awk '{for(i=1;i<NF;i++){print $$i;}}' - | sort -u
CC=cc -Wall -Wuninitialized -Wstrict-prototypes -O
CC=gcc -Wall -Wuninitialized -Wstrict-prototypes -O -Wmissing-prototypes -Wpointer-arith -Wno-sign-compare -Wno-traditional -Werror
#UFLAGS=-fprofile-arcs -ftest-coverage
CFLAGS=-g -I$(TOP)
#
# For NetBSD/FreeBSD
@ -16,7 +18,7 @@ CFLAGS=-g -I$(TOP)
DEVFS!=/usr/bin/lsvfs 2>&1 | sed -n 's/.*devfs.*/-DDEVFS/p'
CPU!=uname -m
INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch
DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEVFS)
DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEVFS) -fno-builtin
IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST
VNODESHDIR=/sys/kern
MLD=$(ML)
@ -45,7 +47,7 @@ MODOBJS=ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
ip_scan.o ip_sync.o
# ip_trafcon.o
DFLAGS=$(IPFLKM) $(IPFLOG) $(LOOKUP) $(SYNC) $(DEF) $(DLKM) $(IPFBPF)
IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o bpf_filter_u.o
IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o \
ip_proxy_u.o ip_auth_u.o ip_htable_u.o ip_lookup_u.o ip_pool_u.o \
ip_scan_u.o ip_sync_u.o ip_rules_u.o ip_fil_u.o ip_log_u.o \
@ -66,7 +68,8 @@ LIBSRC=$(TOP)/lib
RANLIB=ranlib
AROPTS=cq
HERE!=pwd
CCARGS=-I. $(DEBUG) $(CFLAGS)
CCARGS=-I. $(DEBUG) $(CFLAGS) $(UFLAGS)
KCARGS=-I. $(DEBUG) $(CFLAGS)
#
# Extra is option kernel things we always want in user space.
#
@ -77,6 +80,9 @@ include $(TOP)/lib/Makefile
build all: machine $(OBJ)/libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \
ippool ipscan ipsyncm ipsyncs $(LKM) $(LKMR)
-sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
-/bin/rm -f ../tools ./tools
-ln -s ../tools .
-ln -s ../tools ..
machine: Makefile.kmod
if [ -f Makefile.kmod ] ; then \
@ -135,7 +141,7 @@ fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ipl.h \
$(TOP)/ip_rules.h
$(CC) $(CCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) $(COMPIPF) \
$(CC) $(KCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) $(COMPIPF) \
-c $(TOP)/fil.c -o $@
ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/opts.h
@ -240,8 +246,8 @@ ipfrule.ko.5: ip_rulesx.o $(MLR)
ld -Bshareable -d -warn-common -o $(LKMR:S/.5$//) $(.TARGET:S/.ko/.kld/)
ipfrule.ko: ip_rulesx.o $(MLR)
gensetdefs ip_rulesx.o $(MLR)
$(CC) $(CCARGS) -c setdef0.c
$(CC) $(CCARGS) -c setdef1.c
$(CC) $(KCARGS) -c setdef0.c
$(CC) $(KCARGS) -c setdef1.c
ld -Bshareable -o $@ setdef0.o ip_rulesx.o $(MLR) setdef1.o
ipf.ko.5 ipl.ko.5: $(MODOBJS)
@ -250,59 +256,59 @@ ipf.ko.5 ipl.ko.5: $(MODOBJS)
ipf.ko ipl.ko: $(MODOBJS)
gensetdefs $(MODOBJS)
$(CC) $(CCARGS) -c setdef0.c
$(CC) $(CCARGS) -c setdef1.c
$(CC) $(KCARGS) -c setdef0.c
$(CC) $(KCARGS) -c setdef1.c
ld -Bshareable -o $@ setdef0.o $(MODOBJS) setdef1.o
ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_state.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_state.c -o $@
ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(PROXYLIST) $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@
ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@
ip_fil.c:
/bin/rm -f ip_fil.c
ln -s $(TOP)/ip_fil_`uname -s|tr A-Z a-z`.c ip_fil.c
ip_fil.o: ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(DFLAGS) $(COMPIPF) -c ip_fil.c -o $@
$(CC) $(KCARGS) $(DFLAGS) $(COMPIPF) -c ip_fil.c -o $@
ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
ip_scan.o: $(TOP)/ip_scan.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_scan.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_scan.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_scan.c -o $@
ip_sync.o: $(TOP)/ip_sync.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_sync.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_sync.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_sync.c -o $@
ip_pool.o: $(TOP)/ip_pool.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_lookup.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_pool.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_pool.c -o $@
ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_lookup.h $(TOP)/ip_htable.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_htable.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_lookup.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_lookup.c -o $@
ip_trafcon.o: $(TOP)/ip_trafcon.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_trafcon.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_trafcon.c -o $@
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_trafcon.c -o $@
vnode_if.h: $(VNODESHDIR)/vnode_if.src
mkdir -p ../sys
@ -449,6 +455,7 @@ clean:
${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h
${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h
${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h
${RM} -f *.da *.gcov *.bb *.bbg tools
${MAKE} -f Makefile.ipsend ${MFLAGS} clean
if [ -f Makefile.kmod ] ; then \
@ -508,3 +515,10 @@ install:
fi \
done
(cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP))
coverage:
ksh -c 'for i in *.da; do j=$${i%%.da}.c; gcov $$j 2>&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -k 1n -k 3n > report
sort -k 1n -k 3n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += ($$F[0]/100)*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,($$t/$$lc)*100;' >> report
clean-coverage:
/bin/rm -f *.gcov *.da

2
contrib/ipfilter/BSD/Makefile.ipsend
View File

@ -1,5 +1,5 @@
#
# Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp
# $Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp $
#
BINDEST=/usr/sbin

8
contrib/ipfilter/BSD/kupgrade
View File

@ -31,6 +31,14 @@ else
major=x
fi
if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then
echo "Please do a build of ipfilter and then run the following"
echo "command to build extra files:"
echo
echo "make ip_rules.c"
exit 1
fi
echo -n "Installing "
for j in auth frag nat proxy scan state sync pool htable lookup rules; do
for i in ip_$j.[ch]; do

161
contrib/ipfilter/HISTORY
View File

@ -10,6 +10,167 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
4.1.13 - Released 4 April 2006
fix bug where null pointers introduced by proxies could cause a crash
pass out the rule flags with SIOCAUTHW
force loading NAT rules with bad proxy labels to cause an error
nat_state is used unsafely in calls to fr_addstate
make return-rst and return-icmp* work with auth rules
4.1.12 - Released 28 March 2006
poll support on FreeBSD/NetBSD needs to use selrecord/selwakeup
make the fastroute code used by ipftest invoke state/NAT
move verbose/debug macros out of fil.c and into ip_fil.h (for wider use)
remove unused code in fr_fastroute
fix NAT with rules that specify forward and reverise interfaces
add missing ipfsync_canread() and ipfsync_canwrite()
behaviour of \ on the end of a line in ipf.conf does not match older behaviour
remove duplicate statistics line output with "ipfstat -s"
4.1.11 - Released 19 March 2006
Patch for NAT with ipfsync from N. Ersen (SESCI) - www.enderunix.org
NetBSD coverity report fixes (from run 5)
Possible to reacquire ipf_auth without releasing it in some circumstances
Locking in FreeBSD's iplioctl for ipf_global isn't present like it shoudl be
Add poll support for platforms I can build on: NetBSD, FreeBSD, Solaris, Linux
Using auth rules to return "keep state" got broken with pushing fr_addstate
call into fr_firewall
all use of '!' in map/rdr rules to match use in ipf configs
add -L command line option to ipmon to set the default syslog facility
looking up a port number is more complex than needed in ipft_tx.c
allow lib/getport to work when neither tcp or udp are specified in a rule
remove some dead code from lib/addicmpc, lib/facpri.c, lib/icmpcode.c
program in some more cases where TCP packets fail an initial in-window
check but should be allowed to match
filter rule added with NAT/state handling of SIOCSTPUT doesn't properly
initialise all fields, making it possible to panic
simplify NAT ICMP error handling where it updates checksums
rename "min" variables to "xmin" on NetBSD to avoid problems with the
macro "min"
#ifdef's for NetBSD compile incorrect for pfil interface
support select/poll on NetBSD
copying out a packet with an auth rule fails (EFAULT) because the wrong
pointer is passed to copyoutptr
ip_len/ip_off where byte swapped twice instead of once for packets
going to be stored on the auth queue
change timeout queue manipulation functions to make fewer mutex calls
fix use of skip rules with groups
fix coding problems discovered by the coverity project for FreeBSD
update BPF program validation with FreeBSD changes
4.1.10 - Released 6 December 2005
Expand regression testing to cover more features
Add "coverage" build target for BSD
Fix building 64bit sparc target for Solaris
Add IPv6 mobility header to list of accepted keywords for V6 headers
Resolve locking problems on Solaris when sending RST/icmp packets
#ifdef's for IPFILTER_BPF need to check if words are defined before
using them in comparisons
Add checking for SACK permitted option in TCP SYN packets
Fix loading anonymous pools from inline rule configuration groups
Add -C command line option to ipftest
Include extra "const" from NetBSD
Don't require SIOCKSTLCK for SIOCSTPUT
Fix some use of "sticky" on NAT rules
Fix statistical counting of deleting state for TCP connections
Fix compile problems caused by changes to is_opt/is_optmsk in ip_sync.c
Fix TCP out-of-window (OOW) problems:
- window scaling turned off if one chose for its scale factor
- Microsoft Windows TCP sends the "next packet" to the right of the window
when using SACK and filling in a hole
4.1.9 - Released 13 August 2005
make ipfilter fix IPv4 header checksums for outgoing packets if BRIDGE_IPF
is defined when compiled.
move the definition of SIOCPROXY from ip_nat.h to ip_proxy.h
make the BSD/upgrade script more instructive about the requiements for
ip_rules.[ch] when it is run
register for interface events on FreeBSD (>5.2.1) and NetBSD so that
"ipf -y" is not not requried to tell ipfilter about interface changes.
for "quick" rules that do "keep state", move the state adding into the rule
evaluation so that we can detect it failing as rules are evaluated and
continue on to the next rather than wait until we're done and it's too late
to recover for more rule processing.
mark ICMP packets advertising an MTU that's too small as being bad
rework ipv6 header parsing to get better code reuse and fix logic errors
in dealing with ipv6 packets containing fragment headers. Also, where a
protocol handler was doing both v4 & v6, make a seperate function for each.
build for both amd64 and i86pc (32bit) on Solaris10 and later, if possible
include start of work to get IPFilter working on AIX 5.3
Use FI_ICMPERR flag rather than try to compute its equivalent all the time
Rewrork IPv6 extension header parsing to get better code reuse
Add missing timeout on Linux
Fix for locking when reading from ipsync (Frank Volf)
Fix insertion/appending of rules that use a collection number
Somehow turning up the spl knob to splnet disappeared on platforms that still
use the spl interface.
fix problems with "ipf -T" not listing multiple variables properly
4.1.8 - Released 29 March 2005
include path from Phil Dibowitz for sorting ipfstat -t output by source or

29
contrib/ipfilter/Makefile
View File

@ -6,7 +6,7 @@
# to the original author and the contributors.
#
# $FreeBSD$
# Id: Makefile,v 2.76.2.13 2004/11/08 18:42:40 darrenr Exp
# Id: Makefile,v 2.76.2.19 2006/03/17 10:38:38 darrenr Exp $
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
@ -135,6 +135,7 @@ all:
@echo "freebsd3 - compile for FreeBSD-3.x"
@echo "freebsd4 - compile for FreeBSD-4.x"
@echo "freebsd5 - compile for FreeBSD-5.x"
@echo "freebsd6 - compile for FreeBSD-6.x"
@echo "bsd - compile for generic 4.4BSD systems"
@echo "bsdi - compile for BSD/OS"
@echo "irix - compile for SGI IRIX"
@ -187,12 +188,21 @@ freebsd22: include
fi
make freebsd20
freebsd5: include
freebsd5 freebsd6: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
echo "#define INET6" > opt_inet6.h; \
fi
if [ "x$(IPFBPF)" = "x" ] ; then \
echo "#undef NBPF" > opt_bpf.h; \
echo "#undef NBPFILTER" > opt_bpf.h; \
echo "#undef DEV_BPF" > opt_bpf.h; \
else \
echo "#define NBPF" > opt_bpf.h; \
echo "#define NBPFILTER" > opt_bpf.h; \
echo "#define DEV_BPF" > opt_bpf.h; \
fi
if [ x$(ENABLE_PFIL) = x ] ; then \
echo "#undef PFIL_HOOKS" > opt_pfil.h; \
else \
@ -238,6 +248,11 @@ osf tru64: null include
(cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..)
(cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
aix: null include
make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`"
(cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..)
# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..)
bsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..)
@ -278,6 +293,7 @@ clean: clean-include
(cd HPUX; $(MAKE) BITS=32 TOP=.. clean)
(cd Linux; $(MAKE) TOP=.. clean)
(cd OSF; $(MAKE) TOP=.. clean)
(cd AIX; $(MAKE) TOP=.. clean)
if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi
[ -d test ] && (cd test; $(MAKE) clean)
(cd ipsend; $(MAKE) clean)
@ -296,6 +312,9 @@ clean-hpux: clean-include
clean-osf: clean-include
(cd OSF; make clean)
clean-aix: clean-include
(cd AIX; make clean)
clean-linux: clean-include
(cd Linux; make clean)
@ -348,6 +367,10 @@ install-sunos4: solaris
install-sunos5: solaris null
(cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install)
install-aix:
(cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-hpux: hpux
(cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install)
@ -356,7 +379,6 @@ install-irix: irix
install-osf install-tru64:
(cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..)
(cd OSF/`OSF/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
do-cvs:
find . -type d -name CVS -print | xargs /bin/rm -rf
@ -379,3 +401,4 @@ mdb:
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h

135
contrib/ipfilter/bpf_filter.c
View File

@ -42,7 +42,7 @@
#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
static const char rcsid[] =
"@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2 2003/08/19 16:49:58 darrenr Exp $ (LBL)";
"@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.2 2005/12/30 12:57:28 darrenr Exp $ (LBL)";
#endif
#include <sys/param.h>
@ -468,9 +468,10 @@ bpf_filter(pc, p, wirelen, buflen)
/*
* Return true if the 'fcode' is a valid filter program.
* The constraints are that each jump be forward and to a valid
* code. The code must terminate with either an accept or reject.
* 'valid' is an array for use by the routine (it must be at least
* 'len' bytes long).
* code, that memory accesses are within valid ranges (to the
* extent that this can be checked statically; loads of packet
* data have to be, and are, also checked at run time), and that
* the code terminates with either an accept or reject.
*
* The kernel needs to be able to verify an application's filter code.
* Otherwise, a bogus program could easily crash the system.
@ -480,38 +481,114 @@ bpf_validate(f, len)
struct bpf_insn *f;
int len;
{
register int i;
register struct bpf_insn *p;
u_int i, from;
const struct bpf_insn *p;
if (len == 0)
return 1;
if (len < 1 || len > BPF_MAXINSNS)
return 0;
for (i = 0; i < len; ++i) {
/*
* Check that that jumps are forward, and within
* the code block.
*/
p = &f[i];
if (BPF_CLASS(p->code) == BPF_JMP) {
register int from = i + 1;
if (BPF_OP(p->code) == BPF_JA) {
if (from + p->k >= (unsigned)len)
return 0;
}
else if (from + p->jt >= len || from + p->jf >= len)
return 0;
}
switch (BPF_CLASS(p->code)) {
/*
* Check that memory operations use valid addresses.
*/
if ((BPF_CLASS(p->code) == BPF_ST ||
(BPF_CLASS(p->code) == BPF_LD &&
(p->code & 0xe0) == BPF_MEM)) &&
(p->k >= BPF_MEMWORDS || p->k < 0))
return 0;
/*
* Check for constant division by 0.
*/
if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0)
case BPF_LD:
case BPF_LDX:
switch (BPF_MODE(p->code)) {
case BPF_IMM:
break;
case BPF_ABS:
case BPF_IND:
case BPF_MSH:
/*
* More strict check with actual packet length
* is done runtime.
*/
#if 0
if (p->k >= bpf_maxbufsize)
return 0;
#endif
break;
case BPF_MEM:
if (p->k >= BPF_MEMWORDS)
return 0;
break;
case BPF_LEN:
break;
default:
return 0;
}
break;
case BPF_ST:
case BPF_STX:
if (p->k >= BPF_MEMWORDS)
return 0;
break;
case BPF_ALU:
switch (BPF_OP(p->code)) {
case BPF_ADD:
case BPF_SUB:
case BPF_OR:
case BPF_AND:
case BPF_LSH:
case BPF_RSH:
case BPF_NEG:
break;
case BPF_DIV:
/*
* Check for constant division by 0.
*/
if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
return 0;
default:
return 0;
}
break;
case BPF_JMP:
/*
* Check that jumps are within the code block,
* and that unconditional branches don't go
* backwards as a result of an overflow.
* Unconditional branches have a 32-bit offset,
* so they could overflow; we check to make
* sure they don't. Conditional branches have
* an 8-bit offset, and the from address is <=
* BPF_MAXINSNS, and we assume that BPF_MAXINSNS
* is sufficiently small that adding 255 to it
* won't overflow.
*
* We know that len is <= BPF_MAXINSNS, and we
* assume that BPF_MAXINSNS is < the maximum size
* of a u_int, so that i + 1 doesn't overflow.
*/
from = i + 1;
switch (BPF_OP(p->code)) {
case BPF_JA:
if (from + p->k < from || from + p->k >= len)
return 0;
break;
case BPF_JEQ:
case BPF_JGT:
case BPF_JGE:
case BPF_JSET:
if (from + p->jt >= len || from + p->jf >= len)
return 0;
break;
default:
return 0;
}
break;
case BPF_RET:
break;
case BPF_MISC:
break;
default:
return 0;
}
}
return BPF_CLASS(f[len - 1].code) == BPF_RET;
}

43
contrib/ipfilter/ip_fil.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.9 2005/01/08 14:22:18 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.11 2006/03/25 11:15:30 darrenr Exp $";
#endif
#ifndef SOLARIS
@ -138,7 +138,7 @@ struct rtentry;
#include "md5.h"
#if !defined(__osf__)
#if !defined(__osf__) && !defined(__linux__)
extern struct protosw inetsw[];
#endif
@ -718,13 +718,45 @@ frdest_t *fdp;
{
struct ifnet *ifp = fdp->fd_ifp;
ip_t *ip = fin->fin_ip;
int error = 0;
frentry_t *fr;
void *sifp;
if (!ifp)
return 0; /* no routing table out here */
ip->ip_len = htons((u_short)ip->ip_len);
ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
fr = fin->fin_fr;
ip->ip_sum = 0;
if (fin->fin_out == 0) {
sifp = fin->fin_ifp;
fin->fin_ifp = ifp;
fin->fin_out = 1;
(void) fr_acctpkt(fin, NULL);
fin->fin_fr = NULL;
if (!fr || !(fr->fr_flags & FR_RETMASK)) {
u_32_t pass;
(void) fr_checkstate(fin, &pass);
}
switch (fr_checknatout(fin, NULL))
{
case 0 :
break;
case 1 :
ip->ip_sum = 0;
break;
case -1 :
error = -1;
goto done;
break;
}
fin->fin_ifp = sifp;
fin->fin_out = 0;
}
#if defined(__sgi) && (IRIX < 60500)
(*ifp->if_output)(ifp, (void *)ip, NULL);
# if TRU64 >= 1885
@ -733,7 +765,8 @@ frdest_t *fdp;
(*ifp->if_output)(ifp, (void *)m, NULL, 0);
# endif
#endif
return 0;
done:
return error;
}

4
contrib/ipfilter/ipf.h
View File

@ -6,7 +6,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
* Id: ipf.h,v 2.71.2.6 2005/02/21 05:05:29 darrenr Exp
* $Id: ipf.h,v 2.71.2.8 2005/12/30 07:03:21 darrenr Exp $
*/
#ifndef __IPF_H__
@ -184,7 +184,6 @@ extern struct ipopt_names v6ionames[];
extern int addicmp __P((char ***, struct frentry *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
extern int addkeep __P((char ***, struct frentry *, int));
extern int bcopywrap __P((void *, void *, size_t));
extern void binprint __P((void *, size_t));
extern void initparse __P((void));
extern u_32_t buildopts __P((char *, char *, int));
@ -265,6 +264,7 @@ extern void printpacket6 __P((struct ip *));
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
char *, int));
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int));
extern void printproto __P((struct protoent *, int, struct ipnat *));
extern void printportcmp __P((int, struct frpcmp *));
extern void optprint __P((u_short *, u_long, u_long));
#ifdef USE_INET6

2
contrib/ipfilter/iplang/iplang_l.l
View File

@ -6,7 +6,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp
* $Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp $
*/
#include <stdio.h>
#include <string.h>

12
contrib/ipfilter/iplang/iplang_y.y
View File

@ -6,7 +6,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: iplang_y.y,v 2.9.2.2 2004/12/09 19:41:10 darrenr Exp
* Id: iplang_y.y,v 2.9.2.4 2006/03/17 12:11:29 darrenr Exp $
* $FreeBSD$
*/
@ -1291,8 +1291,14 @@ void prep_packet()
if (ifp->if_fd == -1)
ifp->if_fd = initdevice(ifp->if_name, 5);
gwip = sending.snd_gw;
if (!gwip.s_addr)
if (!gwip.s_addr) {
if (aniphead == NULL) {
fprintf(stderr,
"no destination address defined for sending\n");
return;
}
gwip = aniphead->ah_ip->ip_dst;
}
(void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2);
}
@ -1643,7 +1649,7 @@ void *ptr;
for (sto = toipopts; sto->sto_st; sto++)
if (sto->sto_st == state)
break;
if (!sto || !sto->sto_st) {
if (!sto->sto_st) {
fprintf(stderr, "No mapping for state %d to IP option\n",
state);
return;

3
contrib/ipfilter/ipmon.h
View File

@ -6,7 +6,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
* Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp
* $Id: ipmon.h,v 2.8.2.1 2006/03/21 16:13:31 darrenr Exp $
*/
@ -94,3 +94,4 @@ extern int load_config __P((char *));
extern void dumphex __P((FILE *, int, char *, int));
extern int check_action __P((char *, char *, int, int));
extern char *getword __P((int));
extern int fac_findname __P((char *));

2
contrib/ipfilter/ipsd/ipsd.c
View File

@ -34,7 +34,7 @@
#ifndef lint
static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $";
#endif
extern char *optarg;

2
contrib/ipfilter/ipsd/ipsdr.c
View File

@ -35,7 +35,7 @@
#ifndef lint
static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $";
#endif
extern char *optarg;

16
contrib/ipfilter/ipsd/sbpf.c
View File

@ -11,6 +11,9 @@
#include <ctype.h>
#include <signal.h>
#include <errno.h>
#ifdef __NetBSD__
# include <paths.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/mbuf.h>
@ -123,8 +126,18 @@ int tout;
struct bpf_version bv;
struct timeval to;
struct ifreq ifr;
#ifdef _PATH_BPF
char *bpfname = _PATH_BPF;
int fd;
if ((fd = open(bpfname, O_RDWR)) < 0)
{
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#else
char bpfname[16];
int fd, i;
int fd = -1, i;
for (i = 0; i < 16; i++)
{
@ -137,6 +150,7 @@ int tout;
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#endif
if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0)
{

4
contrib/ipfilter/ipsend/arp.c
View File

@ -7,11 +7,11 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: arp.c,v 2.8 2003/12/01 02:01:15 darrenr Exp";
static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $";
#endif
#include <sys/types.h>
#include <sys/socket.h>
#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__)
#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51)
#include <sys/sockio.h>
#endif
#include <sys/ioctl.h>

2
contrib/ipfilter/ipsend/ip.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
static const char rcsid[] = "@(#)Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>

2
contrib/ipfilter/ipsend/ipresend.c
View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>

4
contrib/ipfilter/ipsend/ipsend.c
View File

@ -6,7 +6,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.8.2.3 2006/03/17 13:45:34 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -155,6 +155,8 @@ struct in_addr gwip;
int wfd;
wfd = initdevice(dev, 5);
if (wfd == -1)
return -1;
return send_packet(wfd, mtu, ip, gwip);
}

2
contrib/ipfilter/ipsend/ipsopt.c
View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>

2
contrib/ipfilter/ipsend/iptest.c
View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp";
static const char rcsid[] = "@(#)$Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>

35
contrib/ipfilter/ipsend/iptests.c
View File

@ -8,10 +8,18 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 darrenr Exp";
static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.7 2006/03/21 16:10:55 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
#if defined(__NetBSD__) && defined(__vax__)
/*
* XXX need to declare boolean_t for _KERNEL <sys/files.h>
* which ends up including <sys/device.h> for vax. See PR#32907
* for further details.
*/
typedef int boolean_t;
#endif
#include <sys/time.h>
#if !defined(__osf__)
# define _KERNEL
@ -32,7 +40,7 @@ static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 dar
# include <sys/proc.h>
#endif
#if !defined(ultrix) && !defined(hpux) && !defined(linux) && \
!defined(__sgi) && !defined(__osf__)
!defined(__sgi) && !defined(__osf__) && !defined(_AIX51)
# include <kvm.h>
#endif
#ifndef ultrix
@ -136,7 +144,10 @@ int ptest;
u->uh_ulen = htons(sizeof(*u) + 4);
ip->ip_len = sizeof(*ip) + ntohs(u->uh_ulen);
len = ip->ip_len;
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
if (!ptest || (ptest == 1)) {
/*
@ -470,11 +481,14 @@ int ptest;
int nfd;
u_char *s;
s = (u_char *)(ip + 1);
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
IP_HL_A(ip, 6);
ip->ip_len = IP_HL(ip) << 2;
s = (u_char *)(ip + 1);
s[IPOPT_OPTVAL] = IPOPT_NOP;
s++;
if (!ptest || (ptest == 1)) {
@ -574,7 +588,10 @@ int ptest;
ip->ip_sum = 0;
ip->ip_len = sizeof(*ip) + sizeof(*icp);
icp = (struct icmp *)((char *)ip + (IP_HL(ip) << 2));
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
if (!ptest || (ptest == 1)) {
/*
@ -773,7 +790,10 @@ int ptest;
u->uh_sport = htons(1);
u->uh_dport = htons(1);
u->uh_ulen = htons(sizeof(*u) + 4);
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
if (!ptest || (ptest == 1)) {
/*
@ -936,7 +956,10 @@ int ptest;
t->th_seq = htonl(1);
t->th_ack = 0;
ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t);
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
if (!ptest || (ptest == 1)) {
/*
@ -1281,6 +1304,9 @@ int ptest;
u->uh_sum = 0;
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
u->uh_ulen = htons(7168);
printf("6. Exhaustive mbuf test.\n");
@ -1350,6 +1376,9 @@ int ptest;
u_char *s;
nfd = initdevice(dev, 1);
if (nfd == -1)
return;
pip = (ip_t *)tbuf;
srand(time(NULL) ^ (getpid() * getppid()));

2
contrib/ipfilter/ipsend/larp.c
View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp";
static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>

4
contrib/ipfilter/ipsend/lsock.c
View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp";
static const char rcsid[] = "@(#)$Id: lsock.c,v 2.3.4.1 2006/03/17 13:45:34 darrenr Exp $";
#endif
#include <stdio.h>
#include <unistd.h>
@ -227,6 +227,8 @@ struct in_addr gwip;
ti->ti_sport = lsin.sin_port;
printf("sport %d\n", ntohs(lsin.sin_port));
nfd = initdevice(dev, 0);
if (nfd == -1)
return -1;
if (!(s = find_tcp(fd, ti)))
return -1;

7
contrib/ipfilter/ipsend/resend.c
View File

@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp";
static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.2 2006/03/17 13:45:34 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -81,6 +81,9 @@ char *datain;
ip_t *ip;
int fd, wfd = initdevice(dev, 5), len, i;
if (wfd == -1)
return -1;
if (datain)
fd = (*r->r_open)(datain);
else
@ -101,6 +104,7 @@ char *datain;
if (gwip.s_addr && (arp((char *)&gwip, dhost) == -1))
{
perror("arp");
free(eh);
return -2;
}
@ -137,5 +141,6 @@ char *datain;
}
}
(*r->r_close)();
free(eh);
return 0;
}

16
contrib/ipfilter/ipsend/sbpf.c
View File

@ -37,6 +37,9 @@
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#ifdef __NetBSD__
# include <paths.h>
#endif
#include <ctype.h>
#include <signal.h>
#include <errno.h>
@ -45,7 +48,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp";
static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.5.4.1 2006/03/21 16:32:58 darrenr Exp $";
#endif
/*
@ -62,6 +65,16 @@ int tout;
struct bpf_version bv;
struct timeval to;
struct ifreq ifr;
#ifdef _PATH_BPF
char *bpfname = _PATH_BPF;
int fd;
if ((fd = open(bpfname, O_RDWR)) < 0)
{
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#else
char bpfname[16];
int fd = 0, i;
@ -76,6 +89,7 @@ int tout;
fprintf(stderr, "no bpf devices available as /dev/bpfxx\n");
return -1;
}
#endif
if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0)
{

2
contrib/ipfilter/ipsend/sdlpi.c
View File

@ -48,7 +48,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp";
static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $";
#endif
#define CHUNKSIZE 8192

2
contrib/ipfilter/ipsend/slinux.c
View File

@ -30,7 +30,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95";
static const char rcsid[] = "@(#)Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp";
static const char rcsid[] = "@(#)$Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $";
#endif
#define CHUNKSIZE 8192

2
contrib/ipfilter/ipsend/snit.c
View File

@ -41,7 +41,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp";
static const char rcsid[] = "@(#)$Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $";
#endif
#define CHUNKSIZE 8192

45
contrib/ipfilter/ipsend/sock.c
View File

@ -7,12 +7,20 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp";
static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.4 2006/03/21 16:10:56 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#if defined(__NetBSD__) && defined(__vax__)
/*
* XXX need to declare boolean_t for _KERNEL <sys/files.h>
* which ends up including <sys/device.h> for vax. See PR#32907
* for further details.
*/
typedef int boolean_t;
#endif
#ifndef ultrix
#include <fcntl.h>
#endif
@ -302,28 +310,33 @@ struct tcpiphdr *ti;
}
#endif
o = NULL;
f = NULL;
s = NULL;
i = NULL;
t = NULL;
o = (struct file **)calloc(1, sizeof(*o) * (fd->fd_lastfile + 1));
if (KMCPY(o, fd->fd_ofiles, (fd->fd_lastfile + 1) * sizeof(*o)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - u_ofile - failed\n",
(u_long)fd->fd_ofiles, (u_long)o, (u_long)sizeof(*o));
return NULL;
goto finderror;
}
f = (struct file *)calloc(1, sizeof(*f));
if (KMCPY(f, o[tfd], sizeof(*f)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - o[tfd] - failed\n",
(u_long)o[tfd], (u_long)f, (u_long)sizeof(*f));
return NULL;
goto finderror;
}
s = (struct socket *)calloc(1, sizeof(*s));
if (KMCPY(s, f->f_data, sizeof(*s)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - f_data - failed\n",
(u_long)f->f_data, (u_long)s,
(u_long)sizeof(*s));
return NULL;
(u_long)f->f_data, (u_long)s, (u_long)sizeof(*s));
goto finderror;
}
i = (struct inpcb *)calloc(1, sizeof(*i));
@ -331,7 +344,7 @@ struct tcpiphdr *ti;
{
fprintf(stderr, "kvm_read(%#lx,%#lx,%lu) - so_pcb - failed\n",
(u_long)s->so_pcb, (u_long)i, (u_long)sizeof(*i));
return NULL;
goto finderror;
}
t = (struct tcpcb *)calloc(1, sizeof(*t));
@ -339,9 +352,22 @@ struct tcpiphdr *ti;
{
fprintf(stderr, "read(%#lx,%#lx,%lu) - inp_ppcb - failed\n",
(u_long)i->inp_ppcb, (u_long)t, (u_long)sizeof(*t));
return NULL;
goto finderror;
}
return (struct tcpcb *)i->inp_ppcb;
finderror:
if (o != NULL)
free(o);
if (f != NULL)
free(f);
if (s != NULL)
free(s);
if (i != NULL)
free(i);
if (t != NULL)
free(t);
return NULL;
}
#endif /* BSD < 199301 */
@ -383,7 +409,10 @@ struct in_addr gwip;
(void) getsockname(fd, (struct sockaddr *)&lsin, &len);
ti->ti_sport = lsin.sin_port;
printf("sport %d\n", ntohs(lsin.sin_port));
nfd = initdevice(dev, 1);
if (nfd == -1)
return -1;
if (!(t = find_tcp(fd, ti)))
return -1;

2
contrib/ipfilter/ipsend/tcpip.h
View File

@ -29,7 +29,7 @@
* SUCH DAMAGE.
*
* @(#)tcpip.h 8.1 (Berkeley) 6/10/93
* Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp
* $Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp $
*/
#ifndef _NETINET_TCPIP_H_

2
contrib/ipfilter/ipt.h
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp
* $Id: ipt.h,v 2.6.4.2 2006/03/26 23:42:04 darrenr Exp $
*/
#ifndef __IPT_H__

2
contrib/ipfilter/kmem.h
View File

@ -4,7 +4,7 @@
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
* Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp
* $Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp $
*/
#ifndef __KMEM_H__

2
contrib/ipfilter/l4check/http.ok
View File

@ -1 +1 @@
<HTML>
<HTML>

7
contrib/ipfilter/lib/Makefile
View File

@ -2,7 +2,6 @@ INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h
LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/addipopt.o \
$(DEST)/addkeep.o \
$(DEST)/bcopywrap.o \
$(DEST)/binprint.o \
$(DEST)/buildopts.o \
@ -47,7 +46,6 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/load_pool.o \
$(DEST)/load_poolnode.o \
$(DEST)/loglevel.o \
$(DEST)/make_range.o \
$(DEST)/mutex_emul.o \
$(DEST)/nametokva.o \
$(DEST)/nat_setgroupmap.o \
@ -68,6 +66,7 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/printip.o \
$(DEST)/printpool.o \
$(DEST)/printpoolnode.o \
$(DEST)/printproto.o \
$(DEST)/printfr.o \
$(DEST)/printfraginfo.o \
$(DEST)/printhostmap.o \
@ -107,8 +106,6 @@ $(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@
$(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@
$(DEST)/addkeep.o: $(LIBSRC)/addkeep.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addkeep.c -o $@
$(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@
$(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP)
@ -246,6 +243,8 @@ $(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
$(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@
$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@
$(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@
$(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP)

75
contrib/ipfilter/lib/addicmp.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp
* $Id: addicmp.c,v 1.10.2.4 2006/02/25 17:41:57 darrenr Exp $
*/
#include <ctype.h>
@ -19,76 +19,3 @@ char *icmptypes[MAX_ICMPTYPE + 1] = {
"routersol", "timex", "paramprob", "timest", "timestrep",
"inforeq", "inforep", "maskreq", "maskrep", "END"
};
/*
* set the icmp field to the correct type if "icmp" word is found
*/
int addicmp(cp, fp, linenum)
char ***cp;
struct frentry *fp;
int linenum;
{
char **t;
int i;
(*cp)++;
if (!**cp)
return -1;
if (!fp->fr_proto) /* to catch lusers */
fp->fr_proto = IPPROTO_ICMP;
if (ISDIGIT(***cp)) {
if (!ratoi(**cp, &i, 0, 255)) {
fprintf(stderr,
"%d: Invalid icmp-type (%s) specified\n",
linenum, **cp);
return -1;
}
} else {
for (t = icmptypes, i = 0; ; t++, i++) {
if (!*t)
continue;
if (!strcasecmp("END", *t)) {
i = -1;
break;
}
if (!strcasecmp(*t, **cp))
break;
}
if (i == -1) {
fprintf(stderr,
"%d: Unknown icmp-type (%s) specified\n",
linenum, **cp);
return -1;
}
}
fp->fr_icmp = (u_short)(i << 8);
fp->fr_icmpm = (u_short)0xff00;
(*cp)++;
if (!**cp)
return 0;
if (**cp && strcasecmp("code", **cp))
return 0;
(*cp)++;
if (ISDIGIT(***cp)) {
if (!ratoi(**cp, &i, 0, 255)) {
fprintf(stderr,
"%d: Invalid icmp code (%s) specified\n",
linenum, **cp);
return -1;
}
} else {
i = icmpcode(**cp);
if (i == -1) {
fprintf(stderr,
"%d: Unknown icmp code (%s) specified\n",
linenum, **cp);
return -1;
}
}
i &= 0xff;
fp->fr_icmp |= (u_short)i;
fp->fr_icmpm = (u_short)0xffff;
(*cp)++;
return 0;
}

2
contrib/ipfilter/lib/addipopt.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp
* $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/binprint.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp
* $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/buildopts.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp
* $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/checkrev.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp
* $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $
*/
#include <sys/ioctl.h>

2
contrib/ipfilter/lib/count4bits.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp
* $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/count6bits.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp
* $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/debug.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp
* $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $
*/
#if defined(__STDC__)

2
contrib/ipfilter/lib/extras.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp
* $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $
*/
#include "ipf.h"

36
contrib/ipfilter/lib/facpri.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp
* $Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $
*/
#include <stdio.h>
@ -22,7 +22,7 @@
#include "facpri.h"
#if !defined(lint)
static const char rcsid[] = "@(#)Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp";
static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $";
#endif
@ -42,10 +42,10 @@ table_t facs[] = {
#else
{ "cron", LOG_CRON1 },
#endif
#ifdef LOG_FTP
#ifdef LOG_FTP
{ "ftp", LOG_FTP },
#endif
#ifdef LOG_AUTHPRIV
#ifdef LOG_AUTHPRIV
{ "authpriv", LOG_AUTHPRIV },
#endif
#ifdef LOG_AUDIT
@ -81,13 +81,13 @@ fac_toname(facpri)
fac = facpri & LOG_FACMASK;
j = fac >> 3;
if (j < 24) {
if (j < (sizeof(facs)/sizeof(facs[0]))) {
if (facs[j].value == fac)
return facs[j].name;
for (i = 0; facs[i].name; i++)
if (fac == facs[i].value)
return facs[i].name;
}
for (i = 0; facs[i].name; i++)
if (fac == facs[i].value)
return facs[i].name;
return NULL;
}
@ -96,11 +96,11 @@ fac_toname(facpri)
/*
* map a facility name to its number
*/
int
int
fac_findname(name)
char *name;
{
int i;
int i;
for (i = 0; facs[i].name; i++)
if (!strcmp(facs[i].name, name))
@ -118,22 +118,6 @@ table_t pris[] = {
};
/*
* map a priority name to its number
*/
int
pri_findname(name)
char *name;
{
int i;
for (i = 0; pris[i].name; i++)
if (!strcmp(pris[i].name, name))
return pris[i].value;
return -1;
}
/*
* map a priority number to its name
*/

2
contrib/ipfilter/lib/facpri.h
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp
* $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $
*/
#ifndef __FACPRI_H__

2
contrib/ipfilter/lib/fill6bits.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp
* $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/flags.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp
* $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/genmask.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp
* $Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/getline.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp
* $Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $
*/
#include <stdio.h>

2
contrib/ipfilter/lib/getnattype.c
View File

@ -11,7 +11,7 @@
#include "kmem.h"
#if !defined(lint)
static const char rcsid[] = "@(#)Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp";
static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $";
#endif

27
contrib/ipfilter/lib/getport.c
View File

@ -20,6 +20,33 @@ u_short *port;
return -1;
}
/*
* Some people will use port names in rules without specifying
* either TCP or UDP because it is implied by the group head.
* If we don't know the protocol, then the best we can do here is
* to take either only the TCP or UDP mapping (if one or the other
* is missing) or make sure both of them agree.
*/
if (fr->fr_proto == 0) {
s = getservbyname(name, "tcp");
if (s != NULL)
p1 = s->s_port;
else
p1 = 0;
s = getservbyname(name, "udp");
if (s != NULL) {
if (p1 != s->s_port)
return -1;
}
if ((p1 == 0) && (s == NULL))
return -1;
if (p1)
*port = p1;
else
*port = s->s_port;
return 0;
}
if ((fr->fr_flx & FI_TCPUDP) != 0) {
/*
* If a rule is "tcp/udp" then check that both TCP and UDP

8
contrib/ipfilter/lib/getproto.c
View File

@ -14,6 +14,14 @@ char *name;
if (*s == '\0')
return atoi(name);
#ifdef _AIX51
/*
* For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5
*/
if (!strcasecmp(name, "ip"))
return 0;
#endif
p = getprotobyname(name);
if (p != NULL)
return p->p_proto;

2
contrib/ipfilter/lib/hostmask.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp
* $Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/hostnum.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp
* $Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp $
*/
#include <ctype.h>

27
contrib/ipfilter/lib/icmpcode.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp
* $Id: icmpcode.c,v 1.7.2.4 2006/02/25 17:40:22 darrenr Exp $
*/
#include <ctype.h>
@ -22,28 +22,3 @@ char *icmpcodes[MAX_ICMPCODE + 1] = {
"net-unk", "host-unk", "isolate", "net-prohib", "host-prohib",
"net-tos", "host-tos", "filter-prohib", "host-preced", "preced-cutoff",
NULL };
/*
* Return the number for the associated ICMP unreachable code.
*/
int icmpcode(str)
char *str;
{
char *s;
int i, len;
if ((s = strrchr(str, ')')))
*s = '\0';
if (ISDIGIT(*str)) {
if (!ratoi(str, &i, 0, 255))
return -1;
else
return i;
}
len = strlen(str);
for (i = 0; icmpcodes[i]; i++)
if (!strncasecmp(str, icmpcodes[i], MIN(len,
strlen(icmpcodes[i])) ))
return i;
return -1;
}

2
contrib/ipfilter/lib/inet_addr.c
View File

@ -57,7 +57,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
static const char rcsid[] = "@(#)Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp";
static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>

2
contrib/ipfilter/lib/initparse.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp
* $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/ionames.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp
* $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $
*/
#include "ipf.h"

4
contrib/ipfilter/lib/ipft_ef.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp
* $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $
*/
/*
@ -33,7 +33,7 @@ etherfind -n -t
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $";
#endif
static int etherf_open __P((char *));

8
contrib/ipfilter/lib/ipft_hx.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
static const char rcsid[] = "@(#)Id: ipft_hx.c,v 1.11.4.1 2004/12/09 19:41:20 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $";
#endif
#include <ctype.h>
@ -83,7 +83,7 @@ int cnt, *dir;
*s = '\0';
if (!*line)
continue;
if (!(opts & OPT_BRIEF)) {
if ((opts & OPT_DEBUG) != 0) {
printf("input: %s", line);
}
@ -108,7 +108,7 @@ int cnt, *dir;
s = line;
t = (char *)ip;
ip = (ip_t *)readhex(s, (char *)ip);
if (!(opts & OPT_BRIEF)) {
if ((opts & OPT_DEBUG) != 0) {
if (opts & OPT_ASCII) {
if (t < (char *)ip)
putchar('\t');
@ -124,6 +124,8 @@ int cnt, *dir;
fflush(stdout);
}
}
if (feof(tfp))
return 0;
return -1;
}

33
contrib/ipfilter/lib/ipft_pc.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp
* $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $
*/
#include "ipf.h"
#include "pcap-ipf.h"
@ -13,7 +13,7 @@
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $";
#endif
struct llc {
@ -162,10 +162,19 @@ static int pcap_close()
static int pcap_read_rec(rec)
struct pcap_pkthdr *rec;
{
int n, p;
int n, p, i;
char *s;
if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec))
return -2;
s = (char *)rec;
n = sizeof(*rec);
while (n > 0) {
i = read(pfd, (char *)rec, sizeof(*rec));
if (i <= 0)
return -2;
s += i;
n -= i;
}
if (swapped) {
rec->ph_clen = SWAPLONG(rec->ph_clen);
@ -178,6 +187,8 @@ struct pcap_pkthdr *rec;
if (!n || n < 0)
return -3;
if (p < 0 || p > 65536)
return -4;
return p;
}
@ -224,7 +235,7 @@ int cnt, *dir;
struct pcap_pkthdr rec;
struct llc *l;
char *s, ty[4];
int i, n;
int i, j, n;
l = llcp;
@ -238,8 +249,14 @@ int cnt, *dir;
bufp = realloc(bufp, i);
s = bufp;
if (read(pfd, s, i) != i)
return -2;
for (j = i, n = 0; j > 0; ) {
n = read(pfd, s, j);
if (n <= 0)
return -2;
j -= n;
s += n;
}
s = bufp;
i -= l->lc_sz;
s += l->lc_to;

4
contrib/ipfilter/lib/ipft_sn.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp
* $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $
*/
/*
@ -16,7 +16,7 @@
#include "ipt.h"
#if !defined(lint)
static const char rcsid[] = "@(#)Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $";
#endif
struct llc {

4
contrib/ipfilter/lib/ipft_td.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp
* $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $
*/
/*
@ -42,7 +42,7 @@ tcpdump -nqte
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $";
#endif
static int tcpd_open __P((char *));

54
contrib/ipfilter/lib/ipft_tx.c
View File

@ -5,11 +5,11 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp
* $Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp";
static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $";
#endif
#include <ctype.h>
@ -75,36 +75,15 @@ int *resolved;
static u_short tx_portnum(name)
char *name;
{
struct servent *sp, *sp2;
u_short p1 = 0;
struct servent *sp;
if (ISDIGIT(*name))
return (u_short)atoi(name);
if (!tx_proto)
tx_proto = "tcp/udp";
if (strcasecmp(tx_proto, "tcp/udp")) {
sp = getservbyname(name, tx_proto);
if (sp)
return ntohs(sp->s_port);
(void) fprintf(stderr, "unknown service \"%s\".\n", name);
return 0;
}
sp = getservbyname(name, "tcp");
sp = getservbyname(name, tx_proto);
if (sp)
p1 = sp->s_port;
sp2 = getservbyname(name, "udp");
if (!sp || !sp2) {
(void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n",
name);
return 0;
}
if (p1 != sp2->s_port) {
(void) fprintf(stderr, "%s %d/tcp is a different port to ",
name, p1);
(void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port);
return 0;
}
return ntohs(p1);
return ntohs(sp->s_port);
(void) fprintf(stderr, "unknown service \"%s\".\n", name);
return 0;
}
@ -161,7 +140,7 @@ int cnt, *dir;
*s = '\0';
if (!*line)
continue;
if (!(opts & OPT_BRIEF))
if ((opts & OPT_DEBUG) != 0)
printf("input: %s\n", line);
*ifn = NULL;
*dir = 0;
@ -172,6 +151,8 @@ int cnt, *dir;
return sizeof(ip_t);
#endif
}
if (feof(tfp))
return 0;
return -1;
}
@ -297,15 +278,22 @@ int *out;
char **s, *t;
int i;
t = strchr(*cpp, ',');
if (t != NULL)
*t = '\0';
for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END");
s++, i++)
if (*s && !strncasecmp(*cpp, *s, strlen(*s))) {
s++, i++) {
if (*s && !strcasecmp(*cpp, *s)) {
ic->icmp_type = i;
if ((t = strchr(*cpp, ',')))
ic->icmp_code = atoi(t+1);
if (t != NULL)
ic->icmp_code = atoi(t + 1);
cpp++;
break;
}
}
if (t != NULL)
*t = ',';
}
if (*cpp && !strcasecmp(*cpp, "opt")) {

2
contrib/ipfilter/lib/ipoptsec.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp
* $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $
*/
#include "ipf.h"

7
contrib/ipfilter/lib/kmem.c
View File

@ -18,7 +18,7 @@
#include <string.h>
#include <fcntl.h>
#include <sys/file.h>
#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux)
#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51)
#include <kvm.h>
#endif
#include <fcntl.h>
@ -44,12 +44,13 @@
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static const char rcsid[] = "@(#)Id: kmem.c,v 1.16.2.1 2004/06/20 10:25:58 darrenr Exp";
static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $";
#endif
#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux)
#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \
!defined(linux) && !defined(_AIX51)
/*
* For all platforms where there is a libkvm and a kvm_t, we use that...
*/

2
contrib/ipfilter/lib/kmem.h
View File

@ -4,7 +4,7 @@
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
* Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp
* $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $
*/
#ifndef __KMEM_H__

6
contrib/ipfilter/lib/load_hash.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: load_hash.c,v 1.11.2.2 2005/02/01 02:44:05 darrenr Exp
* $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $
*/
#include <fcntl.h>
@ -72,8 +72,8 @@ ioctlfunc_t iocfunc;
}
}
strncpy(op.iplo_name, iph.iph_name, sizeof(op.iplo_name));
strncpy(iphp->iph_name, iph.iph_name, sizeof(op.iplo_name));
strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name));
strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name));
if (opts & OPT_VERBOSE) {
for (a = list; a != NULL; a = a->ipe_next) {

2
contrib/ipfilter/lib/load_hashnode.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp
* $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $
*/
#include <fcntl.h>

9
contrib/ipfilter/lib/load_pool.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: load_pool.c,v 1.14.2.2 2005/02/01 02:44:06 darrenr Exp
* $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $
*/
#include <fcntl.h>
@ -38,7 +38,7 @@ ioctlfunc_t iocfunc;
op.iplo_struct = &pool;
bzero((char *)&pool, sizeof(pool));
strncpy(pool.ipo_name, plp->ipo_name, sizeof(pool.ipo_name));
if (*plp->ipo_name == '\0')
if (plp->ipo_name[0] == '\0')
op.iplo_arg |= IPOOL_ANON;
if ((opts & OPT_REMOVE) == 0) {
@ -49,6 +49,9 @@ ioctlfunc_t iocfunc;
}
}
if (op.iplo_arg & IPOOL_ANON)
strncpy(pool.ipo_name, op.iplo_name, sizeof(pool.ipo_name));
if ((opts & OPT_VERBOSE) != 0) {
pool.ipo_list = plp->ipo_list;
printpool(&pool, bcopywrap, pool.ipo_name, opts);
@ -56,7 +59,7 @@ ioctlfunc_t iocfunc;
}
for (a = plp->ipo_list; a != NULL; a = a->ipn_next)
load_poolnode(plp->ipo_unit, plp->ipo_name, a, iocfunc);
load_poolnode(plp->ipo_unit, pool.ipo_name, a, iocfunc);
if ((opts & OPT_REMOVE) != 0) {
if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op))

2
contrib/ipfilter/lib/load_poolnode.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp
* $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $
*/
#include <fcntl.h>

2
contrib/ipfilter/lib/loglevel.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp
* $Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/nat_setgroupmap.c
View File

@ -6,7 +6,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char rcsid[] = "@(#)Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp";
static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $";
#endif
#include "ipf.h"

2
contrib/ipfilter/lib/natparse.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
static const char rcsid[] = "@(#)Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp";
static const char rcsid[] = "@(#)$Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp $";
#endif
#include <sys/ioctl.h>

2
contrib/ipfilter/lib/optname.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp
* $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $
*/
#include "ipf.h"

6
contrib/ipfilter/lib/optprint.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp
* $Id: optprint.c,v 1.6.4.1 2005/12/18 14:51:28 darrenr Exp $
*/
#include "ipf.h"
@ -25,6 +25,10 @@ u_long optmsk, optbits;
if ((io->on_value != IPOPT_SECURITY) ||
(!secmsk && !secbits)) {
printf("%s%s", s, io->on_name);
/*
* Because the ionames table has this entry
* twice.
*/
if (io->on_value == IPOPT_SECURITY)
io++;
s = ",";

2
contrib/ipfilter/lib/optprintv6.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp
* $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/optvalue.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp
* $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/parse.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp
* $Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp $
*/
#include <ctype.h>
#include "ipf.h"

2
contrib/ipfilter/lib/portname.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp
* $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/portnum.c
View File

@ -6,7 +6,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
*
* Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp
* $Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp $
*/
#include <ctype.h>

2
contrib/ipfilter/lib/ports.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp
* $Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp $
*/
#include <ctype.h>

2
contrib/ipfilter/lib/print_toif.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp
* $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/printactivenat.c
View File

@ -12,7 +12,7 @@
#if !defined(lint)
static const char rcsid[] = "@(#)Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp";
static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $";
#endif

2
contrib/ipfilter/lib/printaps.c
View File

@ -13,7 +13,7 @@
#if !defined(lint)
static const char rcsid[] = "@(#)Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp";
static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $";
#endif

2
contrib/ipfilter/lib/printbuf.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp
* $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $
*/
#include <ctype.h>

85
contrib/ipfilter/lib/printfr.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printfr.c,v 1.43.2.10 2005/03/16 15:38:13 darrenr Exp
* $Id: printfr.c,v 1.43.2.16 2006/03/29 11:19:59 darrenr Exp $
*/
#include "ipf.h"
@ -22,7 +22,7 @@ u_32_t *addr, *mask;
switch (type)
{
case FRI_BROADCAST :
suffix = "/bcast";
suffix = "bcast";
break;
case FRI_DYNAMIC :
@ -32,15 +32,15 @@ u_32_t *addr, *mask;
break;
case FRI_NETWORK :
suffix = "/net";
suffix = "net";
break;
case FRI_NETMASKED :
suffix = "/netmasked";
suffix = "netmasked";
break;
case FRI_PEERADDR :
suffix = "/peer";
suffix = "peer";
break;
case FRI_LOOKUP :
@ -107,6 +107,9 @@ ioctlfunc_t iocfunc;
if ((fp->fr_type & FR_T_BUILTIN) != 0)
printf("# Builtin: ");
if (fp->fr_collect != 0)
printf("%u ", fp->fr_collect);
if (fp->fr_type == FR_T_CALLFUNC) {
;
} else if (fp->fr_func != NULL) {
@ -119,20 +122,6 @@ ioctlfunc_t iocfunc;
printf("pass");
else if (FR_ISBLOCK(fp->fr_flags)) {
printf("block");
if (fp->fr_flags & FR_RETICMP) {
if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP)
printf(" return-icmp-as-dest");
else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP)
printf(" return-icmp");
if (fp->fr_icode) {
if (fp->fr_icode <= MAX_ICMPCODE)
printf("(%s)",
icmpcodes[(int)fp->fr_icode]);
else
printf("(%d)", fp->fr_icode);
}
} else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
printf(" return-rst");
} else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) {
printlog(fp);
} else if (FR_ISACCOUNT(fp->fr_flags))
@ -148,6 +137,20 @@ ioctlfunc_t iocfunc;
else {
printf("%x", fp->fr_flags);
}
if (fp->fr_flags & FR_RETICMP) {
if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP)
printf(" return-icmp-as-dest");
else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP)
printf(" return-icmp");
if (fp->fr_icode) {
if (fp->fr_icode <= MAX_ICMPCODE)
printf("(%s)",
icmpcodes[(int)fp->fr_icode]);
else
printf("(%d)", fp->fr_icode);
}
} else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
printf(" return-rst");
if (fp->fr_flags & FR_OUTQUE)
printf(" out ");
@ -189,12 +192,11 @@ ioctlfunc_t iocfunc;
if (*fp->fr_ifnames[2]) {
printifname("", fp->fr_ifnames[2],
fp->fr_ifas[2]);
putchar(' ');
if (*fp->fr_ifnames[3]) {
printifname(",", fp->fr_ifnames[3],
fp->fr_ifas[3]);
}
putchar(' ');
}
}
@ -208,10 +210,10 @@ ioctlfunc_t iocfunc;
pr = -1;
} else if (fp->fr_mip.fi_p) {
pr = fp->fr_ip.fi_p;
if ((p = getprotobynumber(fp->fr_proto)))
printf("proto %s ", p->p_name);
else
printf("proto %d ", fp->fr_proto);
p = getprotobynumber(pr);
printf("proto ");
printproto(p, pr, NULL);
putchar(' ');
}
}
@ -370,6 +372,35 @@ ioctlfunc_t iocfunc;
if (!(fp->fr_flx & FI_OOW))
printf("not ");
printf("oow");
comma = ",";
}
if (fp->fr_mflx & FI_MBCAST) {
fputs(comma, stdout);
if (!(fp->fr_flx & FI_MBCAST))
printf("not ");
printf("mbcast");
comma = ",";
}
if (fp->fr_mflx & FI_BROADCAST) {
fputs(comma, stdout);
if (!(fp->fr_flx & FI_BROADCAST))
printf("not ");
printf("bcast");
comma = ",";
}
if (fp->fr_mflx & FI_MULTICAST) {
fputs(comma, stdout);
if (!(fp->fr_flx & FI_MULTICAST))
printf("not ");
printf("mcast");
comma = ",";
}
if (fp->fr_mflx & FI_STATE) {
fputs(comma, stdout);
if (!(fp->fr_flx & FI_STATE))
printf("not ");
printf("state");
comma = ",";
}
}
@ -410,8 +441,8 @@ ioctlfunc_t iocfunc;
if (fp->fr_flags & (FR_FRSTRICT)) {
printf(" (");
if (fp->fr_flags & FR_FRSTRICT)
printf(" strict");
printf(" )");
printf("strict");
printf(")");
}
}

2
contrib/ipfilter/lib/printfraginfo.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp
* $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $
*/
#include "ipf.h"
#include "kmem.h"

5
contrib/ipfilter/lib/printhostmap.c
View File

@ -6,8 +6,11 @@ void printhostmap(hmp, hv)
hostmap_t *hmp;
u_int hv;
{
struct in_addr in;
printf("%s,", inet_ntoa(hmp->hm_srcip));
printf("%s -> ", inet_ntoa(hmp->hm_dstip));
printf("%s ", inet_ntoa(hmp->hm_mapip));
in.s_addr = htonl(hmp->hm_mapip.s_addr);
printf("%s ", inet_ntoa(in));
printf("(use = %d hv = %u)\n", hmp->hm_ref, hv);
}

2
contrib/ipfilter/lib/printhostmask.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp
* $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/printifname.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp
* $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/printip.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp
* $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $
*/
#include "ipf.h"

18
contrib/ipfilter/lib/printlog.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printlog.c,v 1.6 2002/01/28 06:50:47 darrenr Exp
* $Id: printlog.c,v 1.6.4.2 2005/12/18 14:49:06 darrenr Exp $
*/
#include "ipf.h"
@ -27,18 +27,12 @@ frentry_t *fp;
printf(" or-block");
if (fp->fr_loglevel != 0xffff) {
printf(" level ");
if (fp->fr_loglevel & LOG_FACMASK) {
s = fac_toname(fp->fr_loglevel);
if (s == NULL)
s = "!!!";
} else
s = "";
s = fac_toname(fp->fr_loglevel);
if (s == NULL || *s == '\0')
s = "!!!";
u = pri_toname(fp->fr_loglevel);
if (u == NULL)
if (u == NULL || *u == '\0')
u = "!!!";
if (*s)
printf("%s.%s", s, u);
else
printf("%s", u);
printf("%s.%s", s, u);
}
}

2
contrib/ipfilter/lib/printmask.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp
* $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $
*/
#include "ipf.h"

46
contrib/ipfilter/lib/printnat.c
View File

@ -13,11 +13,9 @@
#if !defined(lint)
static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.8 2005/01/12 03:39:04 darrenr Exp";
static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $";
#endif
static void printproto __P((ipnat_t *, struct protoent *));
/*
* Print out a NAT rule
*/
@ -53,7 +51,7 @@ int opts;
printf(" %s", np->in_ifnames[0]);
if ((np->in_ifnames[1][0] != '\0') &&
(strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) {
printf(",%s ", np->in_ifnames[1]);
printf(",%s", np->in_ifnames[1]);
}
putchar(' ');
@ -102,13 +100,16 @@ int opts;
printf(" -> %s", inet_ntoa(np->in_in[0].in4));
if (np->in_flags & IPN_SPLIT)
printf(",%s", inet_ntoa(np->in_in[1].in4));
else if (np->in_inmsk == 0 && np->in_inip == 0)
printf("/0");
if (np->in_flags & IPN_TCPUDP) {
if ((np->in_flags & IPN_FIXEDDPORT) != 0)
printf(" port = %d", ntohs(np->in_pnext));
else
printf(" port %d", ntohs(np->in_pnext));
}
printproto(np, pr);
putchar(' ');
printproto(pr, np->in_p, np);
if (np->in_flags & IPN_ROUNDR)
printf(" round-robin");
if (np->in_flags & IPN_FRAG)
@ -164,10 +165,7 @@ int opts;
}
printf(" %.*s/", (int)sizeof(np->in_plabel),
np->in_plabel);
if (pr != NULL)
fputs(pr->p_name, stdout);
else
printf("%d", np->in_p);
printproto(pr, np->in_p, NULL);
} else if (np->in_redir == NAT_MAPBLK) {
if ((np->in_pmin == 0) &&
(np->in_flags & IPN_AUTOPORTMAP))
@ -178,11 +176,11 @@ int opts;
printf("\n\tip modulous %d", np->in_pmax);
} else if (np->in_pmin || np->in_pmax) {
if (np->in_flags & IPN_ICMPQUERY) {
printf(" icmpidmap");
printf(" icmpidmap ");
} else {
printf(" portmap");
printf(" portmap ");
}
printproto(np, pr);
printproto(pr, np->in_p, np);
if (np->in_flags & IPN_AUTOPORTMAP) {
printf(" auto");
if (opts & OPT_DEBUG)
@ -194,8 +192,10 @@ int opts;
printf(" %d:%d", ntohs(np->in_pmin),
ntohs(np->in_pmax));
}
} else if (np->in_flags & IPN_TCPUDP || np->in_p)
printproto(np, pr);
} else if (np->in_flags & IPN_TCPUDP || np->in_p) {
putchar(' ');
printproto(pr, np->in_p, np);
}
if (np->in_flags & IPN_FRAG)
printf(" frag");
@ -227,21 +227,3 @@ int opts;
np->in_tqehead[0], np->in_tqehead[1], np->in_comment);
}
}
static void printproto(np, pr)
ipnat_t *np;
struct protoent *pr;
{
if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
printf(" tcp/udp");
else if (np->in_flags & IPN_TCP)
printf(" tcp");
else if (np->in_flags & IPN_UDP)
printf(" udp");
else if (np->in_flags & IPN_ICMPQUERY)
printf(" icmp");
else if (pr != NULL)
printf(" %s", pr->p_name);
else
printf(" %d", np->in_p);
}

5
contrib/ipfilter/lib/printpacket.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printpacket.c,v 1.12.4.1 2005/02/21 05:09:24 darrenr Exp
* $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $
*/
#include "ipf.h"
@ -52,7 +52,8 @@ struct ip *ip;
}
tcp = (struct tcphdr *)((char *)ip + (IP_HL(ip) << 2));
printf("ip %d(%d) %d", ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p);
printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len),
IP_HL(ip) << 2, ip->ip_p);
if (off & IP_OFFMASK)
printf(" @%d", off << 3);
printf(" %s", inet_ntoa(ip->ip_src));

2
contrib/ipfilter/lib/printportcmp.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp
* $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $
*/
#include "ipf.h"

4
contrib/ipfilter/lib/printstate.c
View File

@ -144,8 +144,8 @@ u_long now;
PRINTF("\tpkt_flags & %x(%x) = %x,\t",
ips.is_flags & 0xf, ips.is_flags,
ips.is_flags >> 4);
PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk,
ips.is_opt);
PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0],
ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]);
PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
ips.is_secmsk, ips.is_sec, ips.is_authmsk,
ips.is_auth);

2
contrib/ipfilter/lib/ratoi.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp
* $Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $
*/
#include "ipf.h"

2
contrib/ipfilter/lib/ratoui.c
View File

@ -5,7 +5,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp
* $Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $
*/
#include "ipf.h"

Some files were not shown because too many files have changed in this diff Show More