Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/dist/ipf Pull up revision 1.1 (new) (requested by darre...
details: https://anonhg.NetBSD.org/src/rev/0218053c9b9c
branches: netbsd-1-4
changeset: 469932:0218053c9b9c
user: he <he%NetBSD.org@localhost>
date: Mon Dec 20 20:56:33 1999 +0000
description:
Pull up revision 1.1 (new) (requested by darrenr):
Update IPF to version 3.3.5.
diffstat:
dist/ipf/fils.c | 643 ++++++++++++++++++++++++++
dist/ipf/ipf.c | 578 ++++++++++++++++++++++++
dist/ipf/ipf2netbsd | 120 +++++
dist/ipf/iplang/iplang_l.l | 324 +++++++++++++
dist/ipf/ipmon.c | 1056 ++++++++++++++++++++++++++++++++++++++++++++
dist/ipf/ipnat.c | 454 ++++++++++++++++++
dist/ipf/ipsend/ipresend.1 | 108 ++++
dist/ipf/ipsend/ipsend.1 | 111 ++++
dist/ipf/ipsend/iptest.1 | 103 ++++
dist/ipf/man/ipf.5 | 543 ++++++++++++++++++++++
dist/ipf/man/ipfstat.8 | 85 +++
dist/ipf/man/ipftest.1 | 128 +++++
dist/ipf/man/ipnat.5 | 162 ++++++
dist/ipf/man/ipnat.8 | 50 ++
dist/ipf/man/mkfilters.1 | 16 +
dist/ipf/rules/mediaone | 45 +
dist/ipf/test/dotest | 30 +
dist/ipf/test/hextest | 30 +
dist/ipf/test/itest | 24 +
dist/ipf/test/nattest | 30 +
20 files changed, 4640 insertions(+), 0 deletions(-)
diffs (truncated from 4720 to 300 lines):
diff -r 76f79180383e -r 0218053c9b9c dist/ipf/fils.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/fils.c Mon Dec 20 20:56:33 1999 +0000
@@ -0,0 +1,643 @@
+/* $NetBSD: fils.c,v 1.2.2.2 1999/12/20 20:56:33 he Exp $ */
+
+/*
+ * Copyright (C) 1993-1998 by Darren Reed.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and due credit is given
+ * to the original author and the contributors.
+ */
+#ifdef __FreeBSD__
+# include <osreldate.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#if !defined(__SVR4) && !defined(__svr4__)
+# include <strings.h>
+#endif
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/param.h>
+#include <sys/file.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stddef.h>
+#include <nlist.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <net/if.h>
+#if __FreeBSD_version >= 300000
+# include <net/if_var.h>
+#endif
+#include <netdb.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#include <netinet/tcp.h>
+#include "netinet/ip_compat.h"
+#include "netinet/ip_fil.h"
+#include "ipf.h"
+#include "netinet/ip_proxy.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_frag.h"
+#include "netinet/ip_state.h"
+#include "netinet/ip_auth.h"
+#include "kmem.h"
+#if defined(__NetBSD__) || (__OpenBSD__)
+# include <paths.h>
+#endif
+
+#if !defined(lint)
+static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-1996 Darren Reed";
+static const char rcsid[] = "@(#)Id: fils.c,v 2.2.2.4 1999/12/04 02:06:24 darrenr Exp";
+#endif
+
+extern char *optarg;
+
+#define PRINTF (void)printf
+#define FPRINTF (void)fprintf
+#define F_IN 0
+#define F_OUT 1
+#define F_AC 2
+static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
+ "ipacct(in)", "ipacct(out)" };
+
+int opts = 0;
+
+extern int main __P((int, char *[]));
+static void showstats __P((int, friostat_t *));
+static void showfrstates __P((int, ipfrstat_t *));
+static void showlist __P((friostat_t *));
+static void showipstates __P((int, ips_stat_t *));
+static void showauthstates __P((int, fr_authstat_t *));
+static void showgroups __P((friostat_t *));
+static void Usage __P((char *));
+static void printlist __P((frentry_t *));
+static char *get_ifname __P((void *));
+
+
+static void Usage(name)
+char *name;
+{
+ fprintf(stderr, "Usage: %s [-aAfhIinosv] [-d <device>]\n", name);
+ exit(1);
+}
+
+
+int main(argc,argv)
+int argc;
+char *argv[];
+{
+ fr_authstat_t frauthst;
+ friostat_t fio;
+ ips_stat_t ipsst;
+ ipfrstat_t ifrst;
+ char *name = NULL, *device = IPL_NAME;
+ int c, fd;
+
+ if (openkmem() == -1)
+ exit(-1);
+
+ (void)setuid(getuid());
+ (void)setgid(getgid());
+
+ while ((c = getopt(argc, argv, "aAfghIinosvd:")) != -1)
+ {
+ switch (c)
+ {
+ case 'a' :
+ opts |= OPT_ACCNT|OPT_SHOWLIST;
+ break;
+ case 'A' :
+ opts |= OPT_AUTHSTATS;
+ break;
+ case 'd' :
+ device = optarg;
+ break;
+ case 'f' :
+ opts |= OPT_FRSTATES;
+ break;
+ case 'g' :
+ opts |= OPT_GROUPS;
+ break;
+ case 'h' :
+ opts |= OPT_HITS;
+ break;
+ case 'i' :
+ opts |= OPT_INQUE|OPT_SHOWLIST;
+ break;
+ case 'I' :
+ opts |= OPT_INACTIVE;
+ break;
+ case 'n' :
+ opts |= OPT_SHOWLINENO;
+ break;
+ case 'o' :
+ opts |= OPT_OUTQUE|OPT_SHOWLIST;
+ break;
+ case 's' :
+ opts |= OPT_IPSTATES;
+ break;
+ case 'v' :
+ opts |= OPT_VERBOSE;
+ break;
+ default :
+ Usage(argv[0]);
+ break;
+ }
+ }
+
+ if ((fd = open(device, O_RDONLY)) < 0) {
+ perror("open");
+ exit(-1);
+ }
+
+ bzero((char *)&fio, sizeof(fio));
+ bzero((char *)&ipsst, sizeof(ipsst));
+ bzero((char *)&ifrst, sizeof(ifrst));
+
+ if (ioctl(fd, SIOCGETFS, &fio) == -1) {
+ perror("ioctl(SIOCGETFS)");
+ exit(-1);
+ }
+ if ((opts & OPT_IPSTATES)) {
+ int sfd = open(IPL_STATE, O_RDONLY);
+
+ if (sfd == -1) {
+ perror("open");
+ exit(-1);
+ }
+ if ((ioctl(sfd, SIOCGIPST, &ipsst) == -1)) {
+ perror("ioctl(SIOCGIPST)");
+ exit(-1);
+ }
+ close(sfd);
+ }
+ if ((opts & OPT_FRSTATES) && (ioctl(fd, SIOCGFRST, &ifrst) == -1)) {
+ perror("ioctl(SIOCGFRST)");
+ exit(-1);
+ }
+
+ if (opts & OPT_VERBOSE)
+ PRINTF("opts %#x name %s\n", opts, name ? name : "<>");
+
+ if ((opts & OPT_AUTHSTATS) &&
+ (ioctl(fd, SIOCATHST, &frauthst) == -1)) {
+ perror("ioctl(SIOCATHST)");
+ exit(-1);
+ }
+
+ if (opts & OPT_SHOWLIST) {
+ showlist(&fio);
+ if ((opts & OPT_OUTQUE) && (opts & OPT_INQUE)){
+ opts &= ~OPT_OUTQUE;
+ showlist(&fio);
+ }
+ } else {
+ if (opts & OPT_IPSTATES)
+ showipstates(fd, &ipsst);
+ else if (opts & OPT_FRSTATES)
+ showfrstates(fd, &ifrst);
+ else if (opts & OPT_AUTHSTATS)
+ showauthstates(fd, &frauthst);
+ else if (opts & OPT_GROUPS)
+ showgroups(&fio);
+ else
+ showstats(fd, &fio);
+ }
+ return 0;
+}
+
+
+/*
+ * read the kernel stats for packets blocked and passed
+ */
+static void showstats(fd, fp)
+int fd;
+struct friostat *fp;
+{
+ u_32_t frf = 0;
+
+ if (ioctl(fd, SIOCGETFF, &frf) == -1)
+ perror("ioctl(SIOCGETFF)");
+
+#if SOLARIS
+ PRINTF("dropped packets:\tin %lu\tout %lu\n",
+ fp->f_st[0].fr_drop, fp->f_st[1].fr_drop);
+ PRINTF("non-data packets:\tin %lu\tout %lu\n",
+ fp->f_st[0].fr_notdata, fp->f_st[1].fr_notdata);
+ PRINTF("no-data packets:\tin %lu\tout %lu\n",
+ fp->f_st[0].fr_nodata, fp->f_st[1].fr_nodata);
+ PRINTF("non-ip packets:\t\tin %lu\tout %lu\n",
+ fp->f_st[0].fr_notip, fp->f_st[1].fr_notip);
+ PRINTF(" bad packets:\t\tin %lu\tout %lu\n",
+ fp->f_st[0].fr_bad, fp->f_st[1].fr_bad);
+#endif
+ PRINTF(" input packets:\t\tblocked %lu passed %lu nomatch %lu",
+ fp->f_st[0].fr_block, fp->f_st[0].fr_pass,
+ fp->f_st[0].fr_nom);
+ PRINTF(" counted %lu\n", fp->f_st[0].fr_acct);
+ PRINTF("output packets:\t\tblocked %lu passed %lu nomatch %lu",
+ fp->f_st[1].fr_block, fp->f_st[1].fr_pass,
+ fp->f_st[1].fr_nom);
+ PRINTF(" counted %lu\n", fp->f_st[0].fr_acct);
+ PRINTF(" input packets logged:\tblocked %lu passed %lu\n",
+ fp->f_st[0].fr_bpkl, fp->f_st[0].fr_ppkl);
+ PRINTF("output packets logged:\tblocked %lu passed %lu\n",
+ fp->f_st[1].fr_bpkl, fp->f_st[1].fr_ppkl);
+ PRINTF(" packets logged:\tinput %lu output %lu\n",
+ fp->f_st[0].fr_pkl, fp->f_st[1].fr_pkl);
+ PRINTF(" log failures:\t\tinput %lu output %lu\n",
+ fp->f_st[0].fr_skip, fp->f_st[1].fr_skip);
+ PRINTF("fragment state(in):\tkept %lu\tlost %lu\n",
+ fp->f_st[0].fr_nfr, fp->f_st[0].fr_bnfr);
+ PRINTF("fragment state(out):\tkept %lu\tlost %lu\n",
+ fp->f_st[1].fr_nfr, fp->f_st[1].fr_bnfr);
+ PRINTF("packet state(in):\tkept %lu\tlost %lu\n",
+ fp->f_st[0].fr_ads, fp->f_st[0].fr_bads);
+ PRINTF("packet state(out):\tkept %lu\tlost %lu\n",
+ fp->f_st[1].fr_ads, fp->f_st[1].fr_bads);
+ PRINTF("ICMP replies:\t%lu\tTCP RSTs sent:\t%lu\n",
+ fp->f_st[0].fr_ret, fp->f_st[1].fr_ret);
+ PRINTF("Result cache hits(in):\t%lu\t(out):\t%lu\n",
+ fp->f_st[0].fr_chit, fp->f_st[1].fr_chit);
+ PRINTF("IN Pullups succeeded:\t%lu\tfailed:\t%lu\n",
+ fp->f_st[0].fr_pull[0], fp->f_st[0].fr_pull[1]);
+ PRINTF("OUT Pullups succeeded:\t%lu\tfailed:\t%lu\n",
+ fp->f_st[1].fr_pull[0], fp->f_st[1].fr_pull[1]);
+ PRINTF("Fastroute successes:\t%lu\tfailures:\t%lu\n",
+ fp->f_froute[0], fp->f_froute[1]);
+ PRINTF("TCP cksum fails(in):\t%lu\t(out):\t%lu\n",
+ fp->f_st[0].fr_tcpbad, fp->f_st[1].fr_tcpbad);
+
+ PRINTF("Packet log flags set: (%#x)\n", frf);
+ if (frf & FF_LOGPASS)
+ PRINTF("\tpackets passed through filter\n");
+ if (frf & FF_LOGBLOCK)
+ PRINTF("\tpackets blocked by filter\n");
+ if (frf & FF_LOGNOMATCH)
+ PRINTF("\tpackets not matched by filter\n");
+ if (!frf)
+ PRINTF("\tnone\n");
+}
+
+
+static void printlist(fp)
+frentry_t *fp;
+{
+ struct frentry fb;
+ int n;
+
+ for (n = 1; fp; n++) {
+ if (kmemcpy((char *)&fb, (u_long)fp, sizeof(fb)) == -1) {
Home |
Main Index |
Thread Index |
Old Index