diff options
author | peter <peter@FreeBSD.org> | 1997-03-02 15:40:21 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1997-03-02 15:40:21 +0000 |
commit | 2d94e888ee6d73e6d599e49598a12d8da9f74f69 (patch) | |
tree | 0c47f6260ed69e9661116832151ae20f9162b28c /contrib/ipfilter/FWTK | |
parent | cb8d46a179f2d30ac1cd0a01eb156e1a4c08d717 (diff) | |
download | FreeBSD-src-2d94e888ee6d73e6d599e49598a12d8da9f74f69.zip FreeBSD-src-2d94e888ee6d73e6d599e49598a12d8da9f74f69.tar.gz |
reimport ipfilter v3.1.8 to get it onto the vendor branch again.
Diffstat (limited to 'contrib/ipfilter/FWTK')
-rw-r--r-- | contrib/ipfilter/FWTK/Index | 3 | ||||
-rw-r--r-- | contrib/ipfilter/FWTK/README.ipfilter | 20 | ||||
-rw-r--r-- | contrib/ipfilter/FWTK/fwtk_transparent.diff | 1025 |
3 files changed, 1048 insertions, 0 deletions
diff --git a/contrib/ipfilter/FWTK/Index b/contrib/ipfilter/FWTK/Index new file mode 100644 index 0000000..f5d7043 --- /dev/null +++ b/contrib/ipfilter/FWTK/Index @@ -0,0 +1,3 @@ +README - Readme for ftp-gw.diff and fwtkp +README.ipfilter - README for fwtk_transparent.diff +fwtk_transparent.diff - patches for 2.0beta diff --git a/contrib/ipfilter/FWTK/README.ipfilter b/contrib/ipfilter/FWTK/README.ipfilter new file mode 100644 index 0000000..fd461cc --- /dev/null +++ b/contrib/ipfilter/FWTK/README.ipfilter @@ -0,0 +1,20 @@ + +there was a patch for fwtk with ip_filter 3.1.5 from James B. Croall +(thanx for his work) which I put onto fwtk 2.0beta. + +Now, if you decide to do transparent proxying with ip-filter you +have to put -DUSE_IP_FILTER to COPTS in Makefile.config. +With Solaris 2.x you have to correctly replace the path to your +ip_filter sources. (lib/hnam.c needs ip_nat.h) + +I also patched plug-gw to be configured to accept not only one +destination with the parameter "-all-destinations" in netperm-table. +Perhaps this is a security hole... + +The patched fwtk worked fine for me with linux (kernel 2.0.28 and ipfadm 2.1) +and Solaris 2.5 (ip_filter 3.1.5). + +If you try to enhance the transparent proxy features for other +architectures, see lib/hnam.c (getdsthost). + +Michael Kutzner, Michael.Kutzner@paderlinx.de diff --git a/contrib/ipfilter/FWTK/fwtk_transparent.diff b/contrib/ipfilter/FWTK/fwtk_transparent.diff new file mode 100644 index 0000000..4fe5808 --- /dev/null +++ b/contrib/ipfilter/FWTK/fwtk_transparent.diff @@ -0,0 +1,1025 @@ +diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux +*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996 +--- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997 +*************** +*** 13,19 **** + + + # Your C compiler (eg, "cc" or "gcc") +! CC= cc + + + # program to use for installation -- this may or may not preserve +--- 13,19 ---- + + + # Your C compiler (eg, "cc" or "gcc") +! CC= gcc + + + # program to use for installation -- this may or may not preserve +*************** +*** 24,37 **** + + # Defines for your operating system + # +! DEFINES=-DLINUX + #DEFINES=-DSYSV -DSOLARIS + + # Options for your compiler (eg, "-g" for debugging, "-O" for + # optimizing, or "-g -O" for both under GCC) + #COPT= -g -traditional $(DEFINES) +! COPT= -g $(DEFINES) +! #COPT= -O $(DEFINES) + + # Version of "make" you want to use + #MAKE= gnumake +--- 24,37 ---- + + # Defines for your operating system + # +! DEFINES=-DLINUX -DUSE_IP_FILTER + #DEFINES=-DSYSV -DSOLARIS + + # Options for your compiler (eg, "-g" for debugging, "-O" for + # optimizing, or "-g -O" for both under GCC) + #COPT= -g -traditional $(DEFINES) +! #COPT= -g $(DEFINES) +! COPT= -O $(DEFINES) + + # Version of "make" you want to use + #MAKE= gnumake +*************** +*** 44,50 **** + + + # Destination directory for installation of binaries +! DEST= /usr/local/etc + + + # Destination directory for installation of man pages +--- 44,50 ---- + + + # Destination directory for installation of binaries +! DEST= /usr/local/sbin + + + # Destination directory for installation of man pages +*************** +*** 72,78 **** + # or -Bstatic for static binaries under SunOS 4.1.x) + #LDFL= -Bstatic + #LDFL= +! LDFL= -g + + + # Location of the fwtk sources [For #include by any external tools needing it] +--- 72,79 ---- + # or -Bstatic for static binaries under SunOS 4.1.x) + #LDFL= -Bstatic + #LDFL= +! #LDFL= -g +! LDFL= -O + + + # Location of the fwtk sources [For #include by any external tools needing it] +*************** +*** 81,87 **** + + + # Location of X libraries for X-gw +! XLIBDIR=/usr/X11/lib + #XLIBDIR=/usr/local/X11R5/lib + + # X Libraries +--- 82,88 ---- + + + # Location of X libraries for X-gw +! XLIBDIR=/usr/X11R6/lib + #XLIBDIR=/usr/local/X11R5/lib + + # X Libraries +*************** +*** 96,102 **** + #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 + + # Location of X include files +! XINCLUDE=/usr/X11/include + #XINCLUDE=/usr/local/X11R5/include + + # Objects to include in libfwall for SYSV +--- 97,103 ---- + #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 + + # Location of X include files +! XINCLUDE=/usr/X11R6/include + #XINCLUDE=/usr/local/X11R5/include + + # Objects to include in libfwall for SYSV +diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris +*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996 +--- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997 +*************** +*** 11,30 **** + # + # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.0.1.1 1997/02/19 13:02:37 darrenr Exp $" + + + # Your C compiler (eg, "cc" or "gcc") +! CC= cc + + + # program to use for installation -- this may or may not preserve + # old versions (or whatever). assumes that it takes parameters: + # copy source dest +! CP= cp + + + # Defines for your operating system + # +! DEFINES=-DSYSV -DSOLARIS + + #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ + -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ +--- 11,34 ---- + # + # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.0.1.1 1997/02/19 13:02:37 darrenr Exp $" + ++ # ++ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c) ++ # ++ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5 + + # Your C compiler (eg, "cc" or "gcc") +! CC= gcc + + + # program to use for installation -- this may or may not preserve + # old versions (or whatever). assumes that it takes parameters: + # copy source dest +! CP= /usr/ucb/install -c -s + + + # Defines for your operating system + # +! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH) + + #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ + -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ +*************** +*** 45,52 **** + + + # Your ranlib utility (use "touch" if you don't have ranlib) +! RANLIB= ranlib +! #RANLIB= touch + + + # Destination directory for installation of binaries +--- 49,56 ---- + + + # Your ranlib utility (use "touch" if you don't have ranlib) +! # RANLIB= ranlib +! RANLIB= touch + + + # Destination directory for installation of binaries +diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h +*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996 +--- fwtk/firewall.h Sun Feb 2 05:23:33 1997 +*************** +*** 47,53 **** + system. + */ + #ifndef PERMFILE +! #define PERMFILE "/usr/local/etc/netperm-table" + #endif + + /* +--- 47,53 ---- + system. + */ + #ifndef PERMFILE +! #define PERMFILE "/etc/fwtk/netperm-table" + #endif + + /* +*************** +*** 67,73 **** + + /* Choose a system logging facility for the firewall toolkit. */ + #ifndef LFAC +! #define LFAC LOG_DAEMON + #endif + + +--- 67,73 ---- + + /* Choose a system logging facility for the firewall toolkit. */ + #ifndef LFAC +! #define LFAC LOG_LOCAL5 + #endif + + +*************** +*** 215,220 **** + #define PERM_ALLOW 01 + #define PERM_DENY 02 + +! + #define _INCL_FWALL_H + #endif +--- 215,222 ---- + #define PERM_ALLOW 01 + #define PERM_DENY 02 + +! #ifdef USE_IP_FILTER +! extern char *getdsthost(int, int*); +! #endif + #define _INCL_FWALL_H + #endif +diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c +*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996 +--- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997 +*************** +*** 50,55 **** +--- 50,59 ---- + #ifndef FTPPORT + #define FTPPORT 21 + #endif ++ #ifdef USE_IP_FILTER ++ static int do_transparent=0; ++ static int connectdest(); ++ #endif + + static Cfg *confp; + static char **validests = (char **)0; +*************** +*** 170,175 **** +--- 174,182 ---- + char xuf[1024]; + char huf[128]; + char *passuser = (char *)0; /* passed user as av */ ++ #ifdef USE_IP_FILTER ++ char *psychic, *hotline; ++ #endif + + #ifndef LOG_DAEMON + openlog("ftp-gw",LOG_PID); +*************** +*** 313,320 **** + } + } else + timeout = 60*60; + +- + /* display a welcome file or message */ + if(passuser == (char *)0) { + if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { +--- 320,330 ---- + } + } else + timeout = 60*60; ++ #ifdef USE_IP_FILTER ++ psychic=getdsthost(0,NULL); ++ if(psychic) { do_transparent++; } ++ #endif + + /* display a welcome file or message */ + if(passuser == (char *)0) { + if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { +*************** +*** 322,327 **** +--- 332,345 ---- + syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); + exit(1); + } ++ #ifdef USE_IP_FILTER ++ if(do_transparent) { ++ if(sayfile2(0,cf->argv[0],220)) { ++ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); ++ exit(1); ++ } ++ } else ++ #endif /* USE_IP_FILTER */ + if(sayfile(0,cf->argv[0],220)) { + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); + exit(1); +*************** +*** 332,338 **** + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); + if(say(0,xuf)) + exit(1); + } +--- 350,361 ---- + if(authallflg) + if(say(0,"220-Proxy first requires authentication")) + exit(1); +! #ifdef USE_IP_FILTER +! if(do_transparent) +! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); +! else +! #endif +! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); + if(say(0,xuf)) + exit(1); + } +*************** +*** 352,358 **** + if(cmd_user(2,fakav,"user internal")) + exit(1); + } +! + /* main loop */ + while(1) { + FD_ZERO(&rdy); +--- 375,386 ---- + if(cmd_user(2,fakav,"user internal")) + exit(1); + } +! #ifdef USE_IP_FILTER +! if(do_transparent) { +! connectdest(psychic,21); +! } +! #endif +! + /* main loop */ + while(1) { + FD_ZERO(&rdy); +*************** +*** 676,681 **** +--- 704,719 ---- + return(sayn(0,noad,sizeof(noad)-1)); + } + ++ #ifdef USE_IP_FILTER ++ if(do_transparent) { ++ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; ++ sprintf(buf,"USER %s",user); ++ if(say(rfd,buf)) return(1); ++ x=getresp(rfd,buf,sizeof(buf),1); ++ if(sendsaved(0,x)) return(1); ++ return(say(0,buf)); ++ } ++ #endif + if(*dest == '\0') + dest = "localhost"; + +*************** +*** 717,723 **** + char ebuf[512]; + + strcpy(ebuf,buf); +! sprintf(buf,"521 %s: %s",dest,ebuf); + rfd = -1; + return(say(0,buf)); + } +--- 755,766 ---- + char ebuf[512]; + + strcpy(ebuf,buf); +! #ifdef USE_IP_FILTER +! if(do_transparent) { +! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); +! } else +! #endif +! sprintf(buf,"521 %s: %s",dest,ebuf); + rfd = -1; + return(say(0,buf)); + } +*************** +*** 1874,1876 **** +--- 1917,2036 ---- + dup(nread); + } + #endif ++ ++ #ifdef USE_IP_FILTER ++ static int connectdest(dest, port) ++ char *dest; ++ short port; ++ { ++ char buf[1024], mbuf[512]; ++ int msg_int, x; ++ ++ if(*dest == '\0') ++ dest = "localhost"; ++ ++ if(validests != (char **)0) { ++ char **xp; ++ int x; ++ ++ for(xp = validests; *xp != (char *)0; xp++) { ++ if(**xp == '!' && hostmatch(*xp + 1,dest)) { ++ return(baddest(0,dest)); ++ } else { ++ if(hostmatch(*xp,dest)) ++ break; ++ } ++ } ++ if(*xp == (char *)0) ++ return(baddest(0,dest)); ++ } ++ ++ /* Extended permissions processing goes in here for destination */ ++ if(extendperm) { ++ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); ++ if(msg_int == 1) { ++ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); ++ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); ++ say(0,mbuf); ++ return(1); ++ } else { ++ if(msg_int == -1) { ++ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); ++ say(0,mbuf); ++ return(1); ++ } ++ } ++ } ++ ++ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); ++ ++ if((rfd = conn_server(dest,port,0,buf)) < 0) { ++ char ebuf[512]; ++ ++ strcpy(ebuf,buf); ++ sprintf(buf,"521 %s: %s",dest,ebuf); ++ rfd = -1; ++ return(say(0,buf)); ++ } ++ if(!do_transparent) { ++ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); ++ saveline(buf); ++ } ++ ++ /* we are now connected and need to try the autologin thing */ ++ x = getresp(rfd,buf,sizeof(buf),1); ++ if(x / 100 != COMPLETE) { ++ sendsaved(0,-1); ++ return(say(0,buf)); ++ } ++ saveline(buf); ++ ++ sendsaved(0,-1); ++ return 0; ++ } ++ ++ ++ /* ok, so i'm in a hurry. english paper due RSN. */ ++ sayfile2(fd,fn,code) ++ int fd; ++ char *fn; ++ int code; ++ { ++ FILE *f; ++ char buf[BUFSIZ]; ++ char yuf[BUFSIZ]; ++ char *c; ++ int x; ++ int saidsomething = 0; ++ ++ if((f = fopen(fn,"r")) == (FILE *)0) ++ return(1); ++ while(fgets(buf,sizeof(buf),f) != (char *)0) { ++ if((c = index(buf,'\n')) != (char *)0) ++ *c = '\0'; ++ x = fgetc(f); ++ if(feof(f)) ++ sprintf(yuf,"%3.3d-%s",code,buf); ++ else { ++ sprintf(yuf,"%3.3d-%s",code,buf); ++ ungetc(x,f); ++ } ++ if(say(fd,yuf)) { ++ fclose(f); ++ return(1); ++ } ++ saidsomething++; ++ } ++ fclose(f); ++ if (!saidsomething) { ++ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); ++ sprintf(yuf, "%3.3d The file to display is empty",code); ++ if(say(fd,yuf)) { ++ fclose(f); ++ return(1); ++ } ++ } ++ return(0); ++ } ++ ++ #endif /* USE_IP_FILTER */ +diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c +*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996 +--- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997 +*************** +*** 27,32 **** +--- 27,35 ---- + static char http_buffer[8192]; + static char reason[8192]; + static int checkBrowserType = 1; ++ #ifdef USE_IP_FILTER ++ static int do_transparent=0; ++ #endif + + static void do_logging() + { char *proto = "GOPHER"; +*************** +*** 422,427 **** +--- 425,441 ---- + /*(NOT A SPECIAL FORM)*/ + + if((rem_type & TYPE_LOCAL)== 0){ ++ #ifdef USE_IP_FILTER ++ char *psychic=getdsthost(sockfd,&def_port); ++ if(psychic) { ++ if(strlen(psychic)<=MAXHOSTNAMELEN) { ++ do_transparent++; ++ strncpy(def_httpd,psychic,strlen(psychic)); ++ strncpy(def_server,psychic,strlen(psychic)); ++ } ++ } ++ ++ #endif /* USE_IP_FILTER */ + /* See if it can be forwarded */ + + if( can_forward(buf)){ +*************** +*** 1513,1518 **** +--- 1527,1537 ---- + parse_vec[0], + parse_vec[1], + ourname, ourport); ++ } ++ #ifdef USE_IP_FILTER ++ else if(do_transparent) { ++ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); ++ #endif /* USE_IP_FILTER */ + }else{ + sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", + parse_vec[0], parse_vec[2], +diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c +*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994 +--- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997 +*************** +*** 20,25 **** +--- 20,37 ---- + + extern char *inet_ntoa(); + ++ #if defined(USE_IP_FILTER) ++ #include <net/if.h> ++ #ifndef LINUX ++ #include "ip_nat.h" ++ #endif ++ #if defined(SOLARIS) ++ #include <sys/stat.h> ++ #include <fcntl.h> ++ #include <unistd.h> ++ #include <sys/ioccom.h> ++ #endif ++ #endif /* IP_FILTER */ + + #include "firewall.h" + +*************** +*** 45,47 **** +--- 57,158 ---- + bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); + return(inet_ntoa(sin.sin_addr)); + } ++ ++ ++ ++ #ifdef USE_IP_FILTER ++ char *getdsthost(fd, ptr) ++ int fd; ++ int *ptr; ++ { ++ struct sockaddr_in sin; ++ struct hostent *hp; ++ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; ++ static char buf[255], hostbuf[255]; ++ #if defined(__FreeBSD__) || defined(SOLARIS) ++ struct sockaddr_in rsin; ++ struct natlookup natlookup; ++ int natfd; ++ #endif ++ ++ #ifdef linux ++ /* This should also work for UDP. Unfortunately, it doesn't. ++ Maybe when the Linux UDP proxy code gets a little cleaner. ++ */ ++ if(!(err=getsockname(0,&sin,&sl))) { ++ if(ptr) *ptr=ntohs(sin.sin_port); ++ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); ++ gethostname(hostbuf,254); ++ hp=gethostbyname(hostbuf); ++ while(hp->h_addr_list[i]) { ++ bzero(&sin,&sl); ++ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); ++ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; ++ } ++ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } ++ else { return(buf); } ++ } ++ #endif ++ ++ #if defined(__FreeBSD__) ++ /* The basis for this block of code is Darren Reed's ++ patches to the TIS ftwk's ftp-gw. ++ */ ++ bzero((char*)&sin,sizeof(sin)); ++ bzero((char*)&rsin,sizeof(rsin)); ++ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { ++ return NULL; ++ } ++ sl=sizeof(rsin); ++ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { ++ return NULL; ++ } ++ natlookup.nl_inport=sin.sin_port; ++ natlookup.nl_outport=rsin.sin_port; ++ natlookup.nl_inip=sin.sin_addr; ++ natlookup.nl_outip=rsin.sin_addr; ++ if((natfd=open("/dev/ipl",O_RDONLY))<0) { ++ return(NULL); ++ } ++ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { ++ return(NULL); ++ } ++ close(natfd); ++ if(ptr) *ptr=ntohs(natlookup.nl_inport); ++ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); ++ #endif ++ ++ #if defined(SOLARIS) /* for Solaris */ ++ /* The basis for this block of code is Darren Reed's ++ * patches to the TIS ftwk's ftp-gw. ++ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de ++ */ ++ memset((char*)&sin, 0, sizeof(sin)); ++ memset((char*)&rsin, 0, sizeof(rsin)); ++ ++ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { ++ return NULL; ++ } ++ sl=sizeof(rsin); ++ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { ++ return NULL; ++ } ++ natlookup.nl_inport=sin.sin_port; ++ natlookup.nl_outport=rsin.sin_port; ++ natlookup.nl_inip=sin.sin_addr; ++ natlookup.nl_outip=rsin.sin_addr; ++ if( (natfd=open("/dev/ipl",O_RDONLY)) < 0) { ++ return(NULL); ++ } ++ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { ++ return(NULL); ++ } ++ close(natfd); ++ if(ptr) *ptr=ntohs(natlookup.nl_inport); ++ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); ++ #endif ++ ++ /* No transparent proxy support */ ++ return(NULL); ++ } ++ #endif /* USE_IP_FILTER */ +diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c +*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996 +--- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997 +*************** +*** 38,44 **** + static int timeout = PROXY_TIMEOUT; + static char **validdests = (char **)0; + static Cfg *confp; +! + main(ac,av) + int ac; + char *av[]; +--- 38,46 ---- + static int timeout = PROXY_TIMEOUT; + static char **validdests = (char **)0; + static Cfg *confp; +! #ifdef USE_IP_FILTER +! static int do_transparent=0; +! #endif + main(ac,av) + int ac; + char *av[]; +*************** +*** 189,201 **** + static char buf[1024 * 4]; + void (*op)(); + char *dhost = NULL; + char hostport[1024 * 4]; + char *ptr; + int state = 0; + int ssl_plug = 0; +! + struct timeval timo; + + if(c->flags & PERM_DENY) { + if (p == -1) + syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); +--- 191,215 ---- + static char buf[1024 * 4]; + void (*op)(); + char *dhost = NULL; ++ char *transhost = NULL; + char hostport[1024 * 4]; + char *ptr; + int state = 0; + int ssl_plug = 0; +! #ifdef USE_IP_FILTER +! int pport; +! #endif + struct timeval timo; + ++ #ifdef USE_IP_FILTER ++ /* Transparent plug-gw is probably a bad idea, but hey .. */ ++ transhost=getdsthost(0,&pport); ++ if(transhost) { ++ do_transparent++; ++ portid=pport; ++ } ++ #endif ++ + if(c->flags & PERM_DENY) { + if (p == -1) + syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); +*************** +*** 223,229 **** + privport = 1; + continue; + } +! + if (!strcmp(av[x], "-port")) { + if (++x >= ac) { + syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); +--- 237,248 ---- + privport = 1; + continue; + } +! #ifdef USE_IP_FILTER +! if (!strcmp(av[x],"-all-destinations")) { +! dhost = transhost; +! continue; +! } +! #endif + if (!strcmp(av[x], "-port")) { + if (++x >= ac) { + syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); +diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c +*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996 +--- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997 +*************** +*** 40,46 **** + + extern char *maphostname(); + +! + static int cmd_quit(); + static int cmd_help(); + static int cmd_connect(); +--- 40,48 ---- + + extern char *maphostname(); + +! #ifdef USE_IP_FILTER +! static int do_transparent=0; +! #endif + static int cmd_quit(); + static int cmd_help(); + static int cmd_connect(); +*************** +*** 120,125 **** +--- 122,130 ---- + static char *tokav[56]; + int tokac; + struct timeval timo; ++ #ifdef USE_IP_FILTER ++ char *psychic; ++ #endif + + #ifndef LOG_NDELAY + openlog("rlogin-gw",LOG_PID); +*************** +*** 186,192 **** + } + + +! + if((cf = cfg_get("directory",confp)) != (Cfg *)0) { + if(cf->argc != 1) { + syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); +--- 191,204 ---- + } + + +! #ifdef USE_IP_FILTER +! psychic=getdsthost(0,NULL); +! if(psychic) { +! do_transparent++; +! strncpy(dest,psychic,511); +! dest[511]='\0'; +! } +! #endif /* USE_IP_FILTER */ + if((cf = cfg_get("directory",confp)) != (Cfg *)0) { + if(cf->argc != 1) { + syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); +*************** +*** 260,269 **** + } + + /* if present a host name, chop and save username and hostname */ +- dest[0] = '\0'; + if((p = index(rusername,'@')) != (char *)0) { + char *namp; + + *p++ = '\0'; + if(*p == '\0') + p = "localhost"; +--- 272,281 ---- + } + + /* if present a host name, chop and save username and hostname */ + if((p = index(rusername,'@')) != (char *)0) { + char *namp; + ++ dest[0] = '\0'; + *p++ = '\0'; + if(*p == '\0') + p = "localhost"; +*************** +*** 532,539 **** +--- 544,557 ---- + sprintf(ebuf,"Trying %s@%s...",rusername,namp); + else + sprintf(ebuf,"Trying %s...",namp); ++ #ifdef USE_IP_FILTER ++ if(!do_transparent) { ++ #endif + if(say(0,ebuf)) + return(1); ++ #ifdef USE_IP_FILTER ++ } ++ #endif + } else + syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); + if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { +diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c +*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996 +--- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997 +*************** +*** 97,102 **** +--- 97,106 ---- + static int timeout = PROXY_TIMEOUT; + static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; + ++ #ifdef USE_IP_FILTER ++ static int do_transparent=0; ++ #endif ++ + typedef struct { + char *name; + char *hmsg; +*************** +*** 140,145 **** +--- 144,153 ---- + char tokbuf[BSIZ]; + char *tokav[56]; + int tokac; ++ #ifdef USE_IP_FILTER ++ int port; ++ char *psychic; ++ #endif + + #ifndef LOG_DAEMON + openlog("tn-gw",LOG_PID); +*************** +*** 307,313 **** + exit(1); + } + } +! + while (argc > 1) { + argc--; + argv++; +--- 315,349 ---- + exit(1); + } + } +! #ifdef USE_IP_FILTER +! psychic=getdsthost(0,&port); +! if(psychic) { +! if((strlen(psychic) + 10) < 510) { +! do_transparent++; +! if(port) +! sprintf(dest,"%s:%d",psychic,port); +! else +! sprintf(dest,"%s",psychic); +! +! +! if(!welcomedone) +! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { +! if(cf->argc != 1) { +! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); +! exit(1); +! } +! if(sayfile(0,cf->argv[0])) { +! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); +! exit(1); +! } +! welcomedone = 1; +! } +! +! +! } +! } +! +! #endif /* USE_IP_FILTER */ + while (argc > 1) { + argc--; + argv++; +*************** +*** 870,877 **** + + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); + sprintf(ebuf,"Trying %s port %d...",namp,port); +! if(say(0,ebuf)) +! return(1); + } else + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); + +--- 906,920 ---- + + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); + sprintf(ebuf,"Trying %s port %d...",namp,port); +! #ifdef USE_IP_FILTER +! if(!do_transparent) { +! sprintf(ebuf,"Trying %s port %d...",namp,port); +! #endif +! if(say(0,ebuf)) +! return(1); +! #ifdef USE_IP_FILTER +! } +! #endif + } else + syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); + +*************** +*** 903,910 **** + + syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); + strncpy(dest,av[1], 511); +! sprintf(buf, "Connected to %s.", dest); + say(0, buf); + return(2); + } + +--- 946,959 ---- + + syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); + strncpy(dest,av[1], 511); +! #ifdef USE_IP_FILTER +! if(!do_transparent) { +! sprintf(buf, "Connected to %s.", dest); +! say(0, buf); +! } +! #else + say(0, buf); ++ #endif + return(2); + } + +diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c +*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996 +--- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997 +*************** +*** 212,218 **** + case AF_UNIX: un_name = (struct sockaddr_un *)addr; + len = sizeof(un_name->sun_family) + + sizeof(un_name->sun_path) +! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */ + + sizeof(un_name->sun_len) + 1 + #endif + ; +--- 212,218 ---- + case AF_UNIX: un_name = (struct sockaddr_un *)addr; + len = sizeof(un_name->sun_family) + + sizeof(un_name->sun_path) +! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */ + + sizeof(un_name->sun_len) + 1 + #endif + ; +Only in fwtk/x-gw: socket.c.bak |