Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf Import IP Filter 3.4.1
details: https://anonhg.NetBSD.org/src/rev/9687b46a13db
branches: trunk
changeset: 485686:9687b46a13db
user: veego <veego%NetBSD.org@localhost>
date: Wed May 03 10:56:46 2000 +0000
description:
Import IP Filter 3.4.1
diffstat:
dist/ipf/SunOS4/mkroutes | 35 +
dist/ipf/SunOS4/rc.ipf | 41 +
dist/ipf/SunOS4/reload | 21 +
dist/ipf/iplang/Makefile | 17 +-
dist/ipf/iplang/iplang_y.y | 4 +-
dist/ipf/ipsend/ipsend.c | 4 +-
dist/ipf/ipsend/iptest.c | 4 +-
dist/ipf/l4check/Makefile | 10 +
dist/ipf/l4check/http.check | 2 +
dist/ipf/l4check/http.ok | 1 +
dist/ipf/l4check/l4check.c | 807 ++++++++++++++++++++++++++++++++
dist/ipf/l4check/l4check.conf | 31 +
dist/ipf/man/Makefile | 1 +
dist/ipf/man/ipf.8 | 7 +-
dist/ipf/man/ipfs.8 | 121 ++++
dist/ipf/perl/ipf-mrtg.pl | 22 +
dist/ipf/perl/plog | 1020 +++++++++++++++++++++++++---------------
dist/ipf/samples/proxy.c | 5 +-
dist/ipf/samples/userauth.c | 7 +-
19 files changed, 1762 insertions(+), 398 deletions(-)
diffs (truncated from 2593 to 300 lines):
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/SunOS4/mkroutes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/SunOS4/mkroutes Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,35 @@
+#!/usr/local/bin/perl
+# for best results, bring up all your interfaces before running this
+open(I, "ifconfig -a|") || die $!;
+while (<I>) {
+ chop;
+ if (/^[a-zA-Z]+\d+:/) {
+ ($iface = $_) =~ s/^([a-zA-Z]+\d+).*/$1/;
+ $ifaces{$iface} = $iface;
+ next;
+ }
+ if (/inet/) {
+ if (/\-\-\>/) { # PPP, (SLIP?)
+ ($inet{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$1/;
+ ($ppp{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$2/;
+ } else {
+ ($inet{$iface} = $_) =~ s/.*inet ([^ ]+).*/$1/;
+ }
+ }
+ if (/netmask/) {
+ ($mask = $_) =~ s/.*netmask ([^ ]+).*/$1/;
+ $mask =~ s/^/0x/ if ($mask =~ /^[0-9a-f]*$/);
+ $netmask{$iface} = $mask;
+ }
+ if (/broadcast/) {
+ ($bcast{$iface} = $_) =~ s/.*broadcast ([^ ]+).*/$1/;
+ }
+}
+foreach $i (keys %ifaces) {
+ $net{$i} = $inet{$i}."/".$netmask{$i} if (defined($inet{$i}));
+}
+foreach $i (keys %ifaces) {
+ next if (($i =~ /lo/) || !defined($net{$i}));
+# 8/25/97; removed || defined($ppp{$i})
+ system("route add $inet{$i} localhost 0");
+}
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/SunOS4/rc.ipf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/SunOS4/rc.ipf Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Id: rc.ipf,v 2.1 2000/01/14 15:29:06 darrenr Exp
+
+cd /usr/local/ip_fil || exit 1
+
+umask 022
+
+#SYM='-sym'
+
+if /usr/etc/modstat | grep -s 'IP Filter'; then
+ echo ip filter module already loaded
+else
+ if [ ! -f if_ipl.o ]; then
+ echo missing if_ipl.o
+ exit 1
+ fi
+ if modload $SYM if_ipl.o; then
+ echo loaded if_ipl
+ else
+ echo if_ipl load failed
+ exit 1
+ fi
+
+ echo starting ipmon
+ # syslog any logged packets
+ /usr/local/bin/ipmon -s &
+fi
+
+# allow me to run ipfstat as myself (i'm in group kmem)
+chmod 640 /dev/ipl /dev/ipauth /dev/ipnat /dev/ipstate
+chgrp kmem /dev/ipl /dev/ipauth /dev/ipnat /dev/ipstate
+
+# create loopback routes for all interface addrs
+echo adding loopback routes
+./mkroutes
+
+echo loading filters
+./reload
+
+# pass reload status:
+exit $?
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/SunOS4/reload
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/SunOS4/reload Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,21 @@
+#!/bin/sh
+# Id: reload,v 2.1 2000/01/14 15:29:05 darrenr Exp
+
+DIR=/usr/local/ip_fil
+
+if [ -f $DIR/mkroutes ]; then
+ $DIR/mkroutes >/dev/null 2>&1
+fi
+
+#LOG=none
+LOG=nomatch
+
+# perform changes to inactive filter set
+# clear all filters
+# load filters
+# select log flags
+# swap filter sets
+/usr/local/etc/ipf -I -Fa -f $DIR/filters -l $LOG -s
+
+# load ip translations
+/usr/local/etc/ipnat -Cf $DIR/trans
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/iplang/Makefile
--- a/dist/ipf/iplang/Makefile Wed May 03 10:56:45 2000 +0000
+++ b/dist/ipf/iplang/Makefile Wed May 03 10:56:46 2000 +0000
@@ -6,13 +6,13 @@
#CC=gcc -Wuninitialized -Wstrict-prototypes -Werror -O
CFLAGS=-I..
-all: $(DESTDIR)/y.tab.o $(DESTDIR)/lex.yy.o y.tab.o lex.yy.o
+all: $(DESTDIR)/y.tab.o $(DESTDIR)/lex.yy.o
-$(DESTDIR)/y.tab.o: y.tab.c
- $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c y.tab.c -o $@
+$(DESTDIR)/y.tab.o: $(DESTDIR)/y.tab.c
+ $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/y.tab.c -o $@
-$(DESTDIR)/lex.yy.o: lex.yy.c
- $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c lex.yy.c -o $@
+$(DESTDIR)/lex.yy.o: $(DESTDIR)/lex.yy.c
+ $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/lex.yy.c -o $@
y.tab.o: y.tab.c
$(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c y.tab.c -o $@
@@ -20,11 +20,14 @@
lex.yy.o: lex.yy.c
$(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c lex.yy.c -o $@
-lex.yy.c: iplang_l.l y.tab.h
+$(DESTDIR)/lex.yy.c: iplang_l.l $(DESTDIR)/y.tab.h
lex iplang_l.l
+ mv lex.yy.c $(DESTDIR)
-y.tab.c y.tab.h: iplang_y.y
+$(DESTDIR)/y.tab.c $(DESTDIR)/y.tab.h: iplang_y.y
yacc -d iplang_y.y
+ mv y.tab.c $(DESTDIR)
+ mv y.tab.h $(DESTDIR)
clean:
/bin/rm -f *.o lex.yy.c y.tab.c y.tab.h
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/iplang/iplang_y.y
--- a/dist/ipf/iplang/iplang_y.y Wed May 03 10:56:45 2000 +0000
+++ b/dist/ipf/iplang/iplang_y.y Wed May 03 10:56:46 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: iplang_y.y,v 1.1.1.1 1999/12/11 22:24:07 veego Exp $ */
+/* $NetBSD: iplang_y.y,v 1.1.1.2 2000/05/03 10:56:53 veego Exp $ */
%{
/*
@@ -8,7 +8,7 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
- * Id: iplang_y.y,v 2.1.2.1 1999/11/21 11:05:09 darrenr Exp
+ * Id: iplang_y.y,v 2.2 1999/12/04 03:37:04 darrenr Exp
*/
#include <stdio.h>
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/ipsend/ipsend.c
--- a/dist/ipf/ipsend/ipsend.c Wed May 03 10:56:45 2000 +0000
+++ b/dist/ipf/ipsend/ipsend.c Wed May 03 10:56:46 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsend.c,v 1.1.1.1 1999/12/11 22:24:09 veego Exp $ */
+/* $NetBSD: ipsend.c,v 1.1.1.2 2000/05/03 10:57:02 veego Exp $ */
/*
* ipsend.c (C) 1995-1998 Darren Reed
@@ -14,7 +14,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipsend.c,v 2.1.2.2 1999/11/28 03:43:44 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipsend.c,v 2.2 1999/12/04 03:37:05 darrenr Exp";
#endif
#include <stdio.h>
#include <stdlib.h>
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/ipsend/iptest.c
--- a/dist/ipf/ipsend/iptest.c Wed May 03 10:56:45 2000 +0000
+++ b/dist/ipf/ipsend/iptest.c Wed May 03 10:56:46 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: iptest.c,v 1.1.1.1 1999/12/11 22:24:10 veego Exp $ */
+/* $NetBSD: iptest.c,v 1.1.1.2 2000/05/03 10:57:03 veego Exp $ */
/*
* ipsend.c (C) 1995-1998 Darren Reed
@@ -14,7 +14,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: iptest.c,v 2.1.2.2 1999/11/28 03:43:45 darrenr Exp";
+static const char rcsid[] = "@(#)Id: iptest.c,v 2.2 1999/12/04 03:37:05 darrenr Exp";
#endif
#include <stdio.h>
#include <netdb.h>
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/l4check/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/l4check/Makefile Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,10 @@
+# For Solaris
+#LIBS=-lsocket -lnsl
+
+all: l4check
+
+l4check: l4check.c
+ $(CC) -g -I.. $(CFLAGS) $(LIBS) l4check.c -o $@
+
+clean:
+ /bin/rm -f l4check
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/l4check/http.check
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/l4check/http.check Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,2 @@
+GET /
+
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/l4check/http.ok
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/l4check/http.ok Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,1 @@
+<HTML>
\ No newline at end of file
diff -r e7c79bf4606f -r 9687b46a13db dist/ipf/l4check/l4check.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/l4check/l4check.c Wed May 03 10:56:46 2000 +0000
@@ -0,0 +1,807 @@
+/* $NetBSD: l4check.c,v 1.1.1.1 2000/05/03 10:57:06 veego Exp $ */
+
+/*
+ * (C)Copyright March, 2000 - Darren Reed.
+ */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <net/if.h>
+
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdlib.h>
+
+#include "ip_compat.h"
+#include "ip_fil.h"
+#include "ip_nat.h"
+
+#include "ipf.h"
+
+extern char *optarg;
+
+
+typedef struct l4cfg {
+ struct l4cfg *l4_next;
+ struct ipnat l4_nat; /* NAT rule */
+ struct sockaddr_in l4_sin; /* remote socket to connect */
+ time_t l4_last; /* when we last connected */
+ int l4_alive; /* 1 = remote alive */
+ int l4_fd;
+ int l4_rw; /* 0 = reading, 1 = writing */
+ char *l4_rbuf; /* read buffer */
+ int l4_rsize; /* size of buffer */
+ int l4_rlen; /* how much used */
+ char *l4_wptr; /* next byte to write */
+ int l4_wlen; /* length yet to be written */
+} l4cfg_t;
+
+
+l4cfg_t *l4list = NULL;
+char *response = NULL;
+char *probe = NULL;
+l4cfg_t template;
+int frequency = 20;
+int ctimeout = 1;
+int rtimeout = 1;
+size_t plen = 0;
+size_t rlen = 0;
+int natfd = -1;
+int opts = 0;
+
+#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+# define strerror(x) sys_errlist[x]
+#endif
+
+
Home |
Main Index |
Thread Index |
Old Index