Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/dist/ipf Pull up revision 1.4 (requested by martti):
details: https://anonhg.NetBSD.org/src/rev/c363291b032e
branches: netbsd-1-5
changeset: 492682:c363291b032e
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:55:44 2002 +0000
description:
Pull up revision 1.4 (requested by martti):
Updated IPFilter to 3.4.23
diffstat:
dist/ipf/ipf.h | 20 ++-
dist/ipf/ipt.c | 325 ++++++++++++++++++++++++++++++++++------------
dist/ipf/ipt.h | 10 +-
dist/ipf/man/ipf.8 | 4 +-
dist/ipf/man/ipnat.5 | 6 +-
dist/ipf/man/mkfilters.1 | 4 +-
6 files changed, 262 insertions(+), 107 deletions(-)
diffs (truncated from 566 to 300 lines):
diff -r 2672c15ef0d9 -r c363291b032e dist/ipf/ipf.h
--- a/dist/ipf/ipf.h Sat Feb 09 16:55:41 2002 +0000
+++ b/dist/ipf/ipf.h Sat Feb 09 16:55:44 2002 +0000
@@ -1,14 +1,12 @@
-/* $NetBSD: ipf.h,v 1.3 2000/05/11 19:54:35 veego Exp $ */
+/* $NetBSD: ipf.h,v 1.3.4.1 2002/02/09 16:55:44 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2001 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
- * Id: ipf.h,v 2.9.2.2 2000/05/06 11:20:20 darrenr Exp
+ * Id: ipf.h,v 2.9.2.6 2002/01/03 08:00:12 darrenr Exp
*/
#ifndef __IPF_H__
@@ -42,6 +40,7 @@
#define OPT_STATETOP 0x400000
#define OPT_FLUSH 0x800000
#define OPT_CLEAR 0x1000000
+#define OPT_HEX 0x2000000
#define OPT_NODO 0x80000000
#define OPT_STAT OPT_FRSTATES
@@ -56,7 +55,10 @@
# endif
#endif
+struct ipstate;
struct frpcmp;
+struct ipnat;
+struct nat;
#ifdef ultrix
extern char *strdup __P((char *));
@@ -94,9 +96,15 @@
extern int hostnum __P((u_32_t *, char *, int));
extern u_32_t optname __P((char ***, u_short *, int));
extern void printpacket __P((ip_t *));
+extern void printpacket6 __P((ip_t *));
extern void printportcmp __P((int, struct frpcmp *));
extern void printhostmask __P((int, u_32_t *, u_32_t *));
extern void printbuf __P((char *, int, int));
+extern char *hostname __P((int, void *));
+extern struct ipstate *printstate __P((struct ipstate *, int));
+extern void printnat __P((struct ipnat *, int));
+extern void printactivenat __P((struct nat *, int));
+
#if SOLARIS
extern int inet_aton __P((const char *, struct in_addr *));
extern int gethostname __P((char *, int ));
diff -r 2672c15ef0d9 -r c363291b032e dist/ipf/ipt.c
--- a/dist/ipf/ipt.c Sat Feb 09 16:55:41 2002 +0000
+++ b/dist/ipf/ipt.c Sat Feb 09 16:55:44 2002 +0000
@@ -1,14 +1,18 @@
-/* $NetBSD: ipt.c,v 1.3 2000/05/03 11:40:16 veego Exp $ */
+/* $NetBSD: ipt.c,v 1.3.4.1 2002/02/09 16:55:44 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2002 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
-# include <osreldate.h>
+# ifndef __FreeBSD_cc_version
+# include <osreldate.h>
+# else
+# if __FreeBSD_cc_version < 430000
+# include <osreldate.h>
+# endif
+# endif
#endif
#include <stdio.h>
#include <assert.h>
@@ -52,12 +56,13 @@
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
+#include "ip_frag.h"
#include "ipf.h"
#include "ipt.h"
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipt.c,v 2.6 2000/03/13 22:10:25 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipt.c,v 2.6.2.14 2002/01/15 14:36:53 darrenr Exp";
#endif
extern char *optarg;
@@ -69,23 +74,39 @@
extern int fr_running;
int opts = 0;
-#ifdef USE_INET6
int use_inet6 = 0;
-#endif
int main __P((int, char *[]));
+int loadrules __P((char *));
+int kmemcpy __P((char *, long, int));
+void dumpnat __P((void));
+void dumpstate __P((void));
+char *getifname __P((void *));
int main(argc,argv)
int argc;
char *argv[];
{
- struct ipread *r = &iptext;
- u_long buf[2048];
+ char *datain, *iface, *ifname, *packet;
+ int fd, i, dir, c, loaded, dump, hlen;
struct ifnet *ifp;
- char *rules = NULL, *datain = NULL, *iface = NULL;
+ struct ipread *r;
+ u_long buf[2048];
ip_t *ip;
- int fd, i, dir = 0, c;
- while ((c = getopt(argc, argv, "6bdEHi:I:NoPr:STvX")) != -1)
+ dir = 0;
+ dump = 0;
+ loaded = 0;
+ r = &iptext;
+ iface = NULL;
+ ifname = "anon0";
+ datain = NULL;
+
+ nat_init();
+ fr_stateinit();
+ initparse();
+ fr_running = 1;
+
+ while ((c = getopt(argc, argv, "6bdDEHi:I:NoPr:STvxX")) != -1)
switch (c)
{
#ifdef USE_INET6
@@ -99,17 +120,22 @@
case 'd' :
opts |= OPT_DEBUG;
break;
+ case 'D' :
+ dump = 1;
+ break;
case 'i' :
datain = optarg;
break;
case 'I' :
- iface = optarg;
+ ifname = optarg;
break;
case 'o' :
opts |= OPT_SAVEOUT;
break;
case 'r' :
- rules = optarg;
+ if (loadrules(optarg) == -1)
+ return -1;
+ loaded = 1;
break;
case 'v' :
opts |= OPT_VERBOSE;
@@ -132,80 +158,19 @@
case 'T' :
r = &tcpd;
break;
+ case 'x' :
+ opts |= OPT_HEX;
+ break;
case 'X' :
r = &iptext;
break;
}
- if (!rules) {
- (void)fprintf(stderr,"no rule file present\n");
+ if (loaded == 0) {
+ (void)fprintf(stderr,"no rules loaded\n");
exit(-1);
}
- nat_init();
- fr_stateinit();
- initparse();
- fr_running = 1;
-
- if (rules) {
- char line[513], *s;
- void *fr;
- FILE *fp;
- int linenum = 0;
-
- if (!strcmp(rules, "-"))
- fp = stdin;
- else if (!(fp = fopen(rules, "r"))) {
- (void)fprintf(stderr, "couldn't open %s\n", rules);
- exit(-1);
- }
- if (!(opts & OPT_BRIEF))
- (void)printf("opening rule file \"%s\"\n", rules);
- while (fgets(line, sizeof(line)-1, fp)) {
- linenum++;
- /*
- * treat both CR and LF as EOL
- */
- if ((s = index(line, '\n')))
- *s = '\0';
- if ((s = index(line, '\r')))
- *s = '\0';
- /*
- * # is comment marker, everything after is a ignored
- */
- if ((s = index(line, '#')))
- *s = '\0';
-
- if (!*line)
- continue;
-
- /* fake an `ioctl' call :) */
-
- if ((opts & OPT_NAT) != 0) {
- if (!(fr = natparse(line, linenum)))
- continue;
- i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
- (caddr_t)&fr,
- FWRITE|FREAD);
- if (opts & OPT_DEBUG)
- fprintf(stderr,
- "iplioctl(ADNAT,%p,1) = %d\n",
- fr, i);
- } else {
- if (!(fr = parse(line, linenum)))
- continue;
- i = IPL_EXTERN(ioctl)(0, SIOCADAFR,
- (caddr_t)&fr,
- FWRITE|FREAD);
- if (opts & OPT_DEBUG)
- fprintf(stderr,
- "iplioctl(ADAFR,%p,1) = %d\n",
- fr, i);
- }
- }
- (void)fclose(fp);
- }
-
if (opts & OPT_SAVEOUT)
init_ifp();
@@ -220,10 +185,22 @@
ip = (ip_t *)buf;
while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
&iface, &dir)) > 0) {
- ifp = iface ? get_unit(iface, ip->ip_v) : NULL;
- ip->ip_off = ntohs(ip->ip_off);
- ip->ip_len = ntohs(ip->ip_len);
- i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf);
+ if (iface == NULL || *iface == '\0')
+ iface = ifname;
+ ifp = get_unit(iface, ip->ip_v);
+ hlen = 0;
+ if (!use_inet6) {
+ ip->ip_off = ntohs(ip->ip_off);
+ ip->ip_len = ntohs(ip->ip_len);
+ hlen = ip->ip_hl << 2;
+ }
+#ifdef USE_INET6
+ else
+ hlen = sizeof(ip6_t);
+#endif
+ packet = (char *)buf;
+ ipfr_slowtimer();
+ i = fr_check(ip, hlen, ifp, dir, (mb_t **)&packet);
if ((opts & OPT_NAT) == 0)
switch (i)
{
@@ -240,6 +217,10 @@
(void)printf("nomatch");
break;
}
+ if (!use_inet6) {
+ ip->ip_off = htons(ip->ip_off);
+ ip->ip_len = htons(ip->ip_len);
+ }
if (!(opts & OPT_BRIEF)) {
putchar(' ');
@@ -248,17 +229,183 @@
} else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
printpacket((ip_t *)buf);
#ifndef linux
Home |
Main Index |
Thread Index |
Old Index