Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/dist/ipf Pull up revisions 1.7-1.8 (requested by martti):
details: https://anonhg.NetBSD.org/src/rev/49827fafb1e6
branches: netbsd-1-5
changeset: 492685:49827fafb1e6
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:55:52 2002 +0000
description:
Pull up revisions 1.7-1.8 (requested by martti):
Updated IPFilter to 3.4.23
diffstat:
dist/ipf/ipnat.c | 377 ++++++++++++++++++++++++++----------------------------
1 files changed, 179 insertions(+), 198 deletions(-)
diffs (truncated from 508 to 300 lines):
diff -r 45f3fce8f67e -r 49827fafb1e6 dist/ipf/ipnat.c
--- a/dist/ipf/ipnat.c Sat Feb 09 16:55:50 2002 +0000
+++ b/dist/ipf/ipnat.c Sat Feb 09 16:55:52 2002 +0000
@@ -1,11 +1,9 @@
-/* $NetBSD: ipnat.c,v 1.5.4.1 2000/08/31 14:49:46 veego Exp $ */
+/* $NetBSD: ipnat.c,v 1.5.4.2 2002/02/09 16:55:52 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2002 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*
* Added redirect stuff and a variety of bug fixes. (mcn%EnGarde.com@localhost)
*/
@@ -43,10 +41,12 @@
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
+#include <nlist.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
-#include "netinet/ip_nat.h"
#include "ipf.h"
#include "kmem.h"
@@ -59,32 +59,32 @@
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipnat.c,v 2.16.2.3 2000/07/27 13:07:13 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipnat.c,v 2.16.2.19 2002/01/15 14:36:51 darrenr Exp";
#endif
#if SOLARIS
#define bzero(a,b) memset(a,0,b)
#endif
-#ifdef USE_INET6
int use_inet6 = 0;
-#endif
-
-static char thishost[MAXHOSTNAMELEN];
-
+char thishost[MAXHOSTNAMELEN];
extern char *optarg;
extern ipnat_t *natparse __P((char *, int));
extern void natparsefile __P((int, char *, int));
-extern void printnat __P((ipnat_t *, int, void *));
+extern void printnat __P((ipnat_t *, int));
+extern void printactivenat __P((nat_t *, int));
+extern void printhostmap __P((hostmap_t *, u_int));
+extern char *getsumd __P((u_32_t));
-void dostats __P((int, int)), flushtable __P((int, int));
+void dostats __P((natstat_t *, int)), flushtable __P((int, int));
void usage __P((char *));
int countbits __P((u_32_t));
char *getnattype __P((ipnat_t *));
int main __P((int, char*[]));
void printaps __P((ap_session_t *, int));
-char *getsumd __P((u_32_t));
+void showhostmap __P((natstat_t *nsp));
+void natstat_dead __P((natstat_t *, char *));
void usage(name)
@@ -95,27 +95,22 @@
}
-char *getsumd(sum)
-u_32_t sum;
-{
- static char sumdbuf[17];
-
- if (sum & NAT_HW_CKSUM)
- sprintf(sumdbuf, "hw(%#0x)", sum & 0xffff);
- else
- sprintf(sumdbuf, "%#0x", sum);
- return sumdbuf;
-}
-
-
int main(argc, argv)
int argc;
char *argv[];
{
- char *file = NULL;
- int fd = -1, opts = 0, c, mode = O_RDWR;
+ natstat_t ns, *nsp = &ns;
+ char *file, *core, *kernel;
+ int fd, opts, c, mode;
- while ((c = getopt(argc, argv, "CdFf:hlnrsv")) != -1)
+ fd = -1;
+ opts = 0;
+ file = NULL;
+ core = NULL;
+ kernel = NULL;
+ mode = O_RDWR;
+
+ while ((c = getopt(argc, argv, "CdFf:hlM:N:nrsv")) != -1)
switch (c)
{
case 'C' :
@@ -137,6 +132,12 @@
opts |= OPT_LIST;
mode = O_RDONLY;
break;
+ case 'M' :
+ core = optarg;
+ break;
+ case 'N' :
+ kernel = optarg;
+ break;
case 'n' :
opts |= OPT_NODO;
mode = O_RDONLY;
@@ -155,14 +156,40 @@
usage(argv[0]);
}
+ if ((kernel != NULL) || (core != NULL)) {
+ (void) setgid(getgid());
+ (void) setuid(getuid());
+ }
+
+ bzero((char *)&ns, sizeof(ns));
+
gethostname(thishost, sizeof(thishost));
thishost[sizeof(thishost) - 1] = '\0';
- if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, mode)) == -1) &&
- ((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
- (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
- STRERROR(errno));
- exit(-1);
+ if (!(opts & OPT_NODO) && (kernel == NULL) && (core == NULL)) {
+ if (openkmem(kernel, core) == -1)
+ exit(1);
+
+ if (((fd = open(IPL_NAT, mode)) == -1) &&
+ ((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
+ (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
+ STRERROR(errno));
+ exit(1);
+ }
+ if (ioctl(fd, SIOCGNATS, &nsp) == -1) {
+ perror("ioctl(SIOCGNATS)");
+ exit(1);
+ }
+ (void) setgid(getgid());
+ (void) setuid(getuid());
+ } else if ((kernel != NULL) || (core != NULL)) {
+ if (openkmem(kernel, core) == -1)
+ exit(1);
+
+ natstat_dead(nsp, kernel);
+ if (opts & (OPT_LIST|OPT_STAT))
+ dostats(nsp, opts);
+ exit(0);
}
if (opts & (OPT_FLUSH|OPT_CLEAR))
@@ -170,167 +197,113 @@
if (file)
natparsefile(fd, file, opts);
if (opts & (OPT_LIST|OPT_STAT))
- dostats(fd, opts);
+ dostats(nsp, opts);
return 0;
}
-void printaps(aps, opts)
-ap_session_t *aps;
-int opts;
+/*
+ * Read nat statistic information in using a symbol table and memory file
+ * rather than doing ioctl's.
+ */
+void natstat_dead(nsp, kernel)
+natstat_t *nsp;
+char *kernel;
{
- ap_session_t ap;
- ftpinfo_t ftp;
- aproxy_t apr;
- raudio_t ra;
+ struct nlist nat_nlist[10] = {
+ { "nat_table" }, /* 0 */
+ { "nat_list" },
+ { "maptable" },
+ { "ipf_nattable_sz" },
+ { "ipf_natrules_sz" },
+ { "ipf_rdrrules_sz" }, /* 5 */
+ { "ipf_hostmap_sz" },
+ { "nat_instances" },
+ { "ap_sess_list" },
+ { NULL }
+ };
+ void *tables[2];
- if (kmemcpy((char *)&ap, (long)aps, sizeof(ap)))
- return;
- if (kmemcpy((char *)&apr, (long)ap.aps_apr, sizeof(apr)))
+ if (nlist(kernel, nat_nlist) == -1) {
+ fprintf(stderr, "nlist error\n");
return;
- printf("\tproxy %s/%d use %d flags %x\n", apr.apr_label,
- apr.apr_p, apr.apr_ref, apr.apr_flags);
- printf("\t\tproto %d flags %#x bytes ", ap.aps_p, ap.aps_flags);
-#ifdef USE_QUAD_T
- printf("%qu pkts %qu", (unsigned long long)ap.aps_bytes,
- (unsigned long long)ap.aps_pkts);
-#else
- printf("%lu pkts %lu", ap.aps_bytes, ap.aps_pkts);
-#endif
- printf(" data %p psiz %d\n", ap.aps_data, ap.aps_psiz);
- if ((ap.aps_p == IPPROTO_TCP) && (opts & OPT_VERBOSE)) {
- printf("\t\tstate[%u,%u], sel[%d,%d]\n",
- ap.aps_state[0], ap.aps_state[1],
- ap.aps_sel[0], ap.aps_sel[1]);
-#if (defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011)) || \
- (__FreeBSD_version >= 300000) || defined(OpenBSD)
- printf("\t\tseq: off %hd/%hd min %x/%x\n",
- ap.aps_seqoff[0], ap.aps_seqoff[1],
- ap.aps_seqmin[0], ap.aps_seqmin[1]);
- printf("\t\tack: off %hd/%hd min %x/%x\n",
- ap.aps_ackoff[0], ap.aps_ackoff[1],
- ap.aps_ackmin[0], ap.aps_ackmin[1]);
-#else
- printf("\t\tseq: off %hd/%hd min %lx/%lx\n",
- ap.aps_seqoff[0], ap.aps_seqoff[1],
- ap.aps_seqmin[0], ap.aps_seqmin[1]);
- printf("\t\tack: off %hd/%hd min %lx/%lx\n",
- ap.aps_ackoff[0], ap.aps_ackoff[1],
- ap.aps_ackmin[0], ap.aps_ackmin[1]);
-#endif
}
- if (!strcmp(apr.apr_label, "raudio") && ap.aps_psiz == sizeof(ra)) {
- if (kmemcpy((char *)&ra, (long)ap.aps_data, sizeof(ra)))
- return;
- printf("\tReal Audio Proxy:\n");
- printf("\t\tSeen PNA: %d\tVersion: %d\tEOS: %d\n",
- ra.rap_seenpna, ra.rap_version, ra.rap_eos);
- printf("\t\tMode: %#x\tSBF: %#x\n", ra.rap_mode, ra.rap_sbf);
- printf("\t\tPorts:pl %hu, pr %hu, sr %hu\n",
- ra.rap_plport, ra.rap_prport, ra.rap_srport);
- } else if (!strcmp(apr.apr_label, "ftp") &&
- (ap.aps_psiz == sizeof(ftp))) {
- if (kmemcpy((char *)&ftp, (long)ap.aps_data, sizeof(ftp)))
- return;
- printf("\tFTP Proxy:\n");
- printf("\t\tpassok: %d\n", ftp.ftp_passok);
- ftp.ftp_side[0].ftps_buf[FTP_BUFSZ - 1] = '\0';
- ftp.ftp_side[1].ftps_buf[FTP_BUFSZ - 1] = '\0';
- printf("\tClient:\n");
- printf("\t\trptr %p wptr %p seq %x junk %d\n",
- ftp.ftp_side[0].ftps_rptr, ftp.ftp_side[0].ftps_wptr,
- ftp.ftp_side[0].ftps_seq, ftp.ftp_side[0].ftps_junk);
- printf("\t\tbuf [");
- printbuf(ftp.ftp_side[0].ftps_buf, FTP_BUFSZ, 1);
- printf("]\n\tServer:\n");
- printf("\t\trptr %p wptr %p seq %x junk %d\n",
- ftp.ftp_side[1].ftps_rptr, ftp.ftp_side[1].ftps_wptr,
- ftp.ftp_side[1].ftps_seq, ftp.ftp_side[1].ftps_junk);
- printf("\t\tbuf [");
- printbuf(ftp.ftp_side[1].ftps_buf, FTP_BUFSZ, 1);
- printf("]\n");
- }
+ /*
+ * Normally the ioctl copies all of these values into the structure
+ * for us, before returning it to useland, so here we must copy each
+ * one in individually.
+ */
+ kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables));
+ nsp->ns_table[0] = tables[0];
+ nsp->ns_table[1] = tables[1];
+
+ kmemcpy((char *)&nsp->ns_list, nat_nlist[1].n_value,
+ sizeof(nsp->ns_list));
+ kmemcpy((char *)&nsp->ns_maptable, nat_nlist[2].n_value,
+ sizeof(nsp->ns_maptable));
+ kmemcpy((char *)&nsp->ns_nattab_sz, nat_nlist[3].n_value,
+ sizeof(nsp->ns_nattab_sz));
+ kmemcpy((char *)&nsp->ns_rultab_sz, nat_nlist[4].n_value,
+ sizeof(nsp->ns_rultab_sz));
+ kmemcpy((char *)&nsp->ns_rdrtab_sz, nat_nlist[5].n_value,
+ sizeof(nsp->ns_rdrtab_sz));
+ kmemcpy((char *)&nsp->ns_hostmap_sz, nat_nlist[6].n_value,
Home |
Main Index |
Thread Index |
Old Index