diff options
| author | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
| commit | 672af8808c0e7c15f330b401482f9271c2eb3fa6 (patch) | |
| tree | 225b5acf68c01bc6a260b386c2b2dbf4fa2839e3 /contrib/ipfilter/lib | |
| parent | 71e82d94e82560b20789833f60056506de34de8b (diff) | |
| download | FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.zip FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.tar.gz | |
As per the developers handbook (5.3.1 step 1), prepare the vendor trees for
import of new ipfilter vendor sources by flattening them.
To keep the tags consistent with dist, the tags are also flattened.
Approved by: glebius (Mentor)
Diffstat (limited to 'contrib/ipfilter/lib')
114 files changed, 0 insertions, 9600 deletions
diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile deleted file mode 100644 index a838063..0000000 --- a/contrib/ipfilter/lib/Makefile +++ /dev/null @@ -1,310 +0,0 @@ -# -# Copyright (C) 1993-2001 by Darren Reed. -# -# See the IPFILTER.LICENCE file for details on licencing. -# -# $Id: Makefile,v 1.41.2.14 2007/09/21 08:30:43 darrenr Exp $ -# -INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h - -LIBOBJS=$(DEST)/addicmp.o \ - $(DEST)/addipopt.o \ - $(DEST)/alist_free.o \ - $(DEST)/alist_new.o \ - $(DEST)/bcopywrap.o \ - $(DEST)/binprint.o \ - $(DEST)/buildopts.o \ - $(DEST)/checkrev.o \ - $(DEST)/count6bits.o \ - $(DEST)/count4bits.o \ - $(DEST)/debug.o \ - $(DEST)/facpri.o \ - $(DEST)/flags.o \ - $(DEST)/fill6bits.o \ - $(DEST)/gethost.o \ - $(DEST)/getifname.o \ - $(DEST)/getnattype.o \ - $(DEST)/getport.o \ - $(DEST)/getportproto.o \ - $(DEST)/getproto.o \ - $(DEST)/getsumd.o \ - $(DEST)/hostname.o \ - $(DEST)/icmpcode.o \ - $(DEST)/inet_addr.o \ - $(DEST)/initparse.o \ - $(DEST)/ionames.o \ - $(DEST)/ipoptsec.o \ - $(DEST)/ipf_dotuning.o \ - $(DEST)/ipft_ef.o \ - $(DEST)/ipft_hx.o \ - $(DEST)/ipft_pc.o \ - $(DEST)/ipft_sn.o \ - $(DEST)/ipft_td.o \ - $(DEST)/ipft_tx.o \ - $(DEST)/kmem.o \ - $(DEST)/kmemcpywrap.o \ - $(DEST)/kvatoname.o \ - $(DEST)/load_file.o \ - $(DEST)/load_hash.o \ - $(DEST)/load_hashnode.o \ - $(DEST)/load_http.o \ - $(DEST)/load_pool.o \ - $(DEST)/load_poolnode.o \ - $(DEST)/load_url.o \ - $(DEST)/mutex_emul.o \ - $(DEST)/nametokva.o \ - $(DEST)/nat_setgroupmap.o \ - $(DEST)/ntomask.o \ - $(DEST)/optname.o \ - $(DEST)/optprint.o \ - $(DEST)/optprintv6.o \ - $(DEST)/optvalue.o \ - $(DEST)/portname.o \ - $(DEST)/print_toif.o \ - $(DEST)/printactivenat.o \ - $(DEST)/printaps.o \ - $(DEST)/printbuf.o \ - $(DEST)/printhash.o \ - $(DEST)/printhashdata.o \ - $(DEST)/printhashnode.o \ - $(DEST)/printhash_live.o \ - $(DEST)/printip.o \ - $(DEST)/printpool.o \ - $(DEST)/printpooldata.o \ - $(DEST)/printpoolnode.o \ - $(DEST)/printpool_live.o \ - $(DEST)/printproto.o \ - $(DEST)/printfr.o \ - $(DEST)/printfraginfo.o \ - $(DEST)/printhostmap.o \ - $(DEST)/printifname.o \ - $(DEST)/printhostmask.o \ - $(DEST)/printlog.o \ - $(DEST)/printmask.o \ - $(DEST)/printnat.o \ - $(DEST)/printportcmp.o \ - $(DEST)/printpacket.o \ - $(DEST)/printpacket6.o \ - $(DEST)/printsbuf.o \ - $(DEST)/printstate.o \ - $(DEST)/printtqtable.o \ - $(DEST)/printtunable.o \ - $(DEST)/remove_hash.o \ - $(DEST)/remove_hashnode.o \ - $(DEST)/remove_pool.o \ - $(DEST)/remove_poolnode.o \ - $(DEST)/resetlexer.o \ - $(DEST)/rwlock_emul.o \ - $(DEST)/tcpflags.o \ - $(DEST)/tcp_flags.o \ - $(DEST)/var.o \ - $(DEST)/verbose.o \ - $(DEST)/v6ionames.o \ - $(DEST)/v6optvalue.o - -$(DEST)/libipf.a: $(LIBOBJS) - /bin/rm -f $@ - ar $(AROPTS) $@ $(LIBOBJS) - $(RANLIB) $@ - -$(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@ -$(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@ -$(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@ -$(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@ -$(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@ -$(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/binprint.c -o $@ -$(DEST)/buildopts.o: $(LIBSRC)/buildopts.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/buildopts.c -o $@ -$(DEST)/count6bits.o: $(LIBSRC)/count6bits.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/count6bits.c -o $@ -$(DEST)/checkrev.o: $(LIBSRC)/checkrev.c $(INCDEP) $(TOP)/ipl.h - $(CC) $(CCARGS) -c $(LIBSRC)/checkrev.c -o $@ -$(DEST)/count4bits.o: $(LIBSRC)/count4bits.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@ -$(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@ -$(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@ -$(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@ -$(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@ -$(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@ -$(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getifname.c -o $@ -$(DEST)/getnattype.o: $(LIBSRC)/getnattype.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getnattype.c -o $@ -$(DEST)/getport.o: $(LIBSRC)/getport.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getport.c -o $@ -$(DEST)/getportproto.o: $(LIBSRC)/getportproto.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getportproto.c -o $@ -$(DEST)/getproto.o: $(LIBSRC)/getproto.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getproto.c -o $@ -$(DEST)/getsumd.o: $(LIBSRC)/getsumd.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getsumd.c -o $@ -$(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@ -$(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@ -$(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipoptsec.c -o $@ -$(DEST)/inet_addr.o: $(LIBSRC)/inet_addr.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/inet_addr.c -o $@ -$(DEST)/initparse.o: $(LIBSRC)/initparse.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/initparse.c -o $@ -$(DEST)/ionames.o: $(LIBSRC)/ionames.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ionames.c -o $@ -$(DEST)/ipf_dotuning.o: $(LIBSRC)/ipf_dotuning.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipf_dotuning.c -o $@ -$(DEST)/ipft_ef.o: $(LIBSRC)/ipft_ef.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipft_ef.c -o $@ -$(DEST)/ipft_hx.o: $(LIBSRC)/ipft_hx.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipft_hx.c -o $@ -$(DEST)/ipft_pc.o: $(LIBSRC)/ipft_pc.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipft_pc.c -o $@ -$(DEST)/ipft_sn.o: $(LIBSRC)/ipft_sn.c $(TOP)/snoop.h - $(CC) $(CCARGS) -c $(LIBSRC)/ipft_sn.c -o $@ -$(DEST)/ipft_td.o: $(LIBSRC)/ipft_td.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipft_td.c -o $@ -$(DEST)/ipft_tx.o: $(LIBSRC)/ipft_tx.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ipft_tx.c -o $@ -$(DEST)/kmem.o: $(LIBSRC)/kmem.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/kmem.c -o $@ -$(DEST)/kmemcpywrap.o: $(LIBSRC)/kmemcpywrap.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/kmemcpywrap.c -o $@ -$(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@ -$(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@ -$(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@ -$(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/load_hashnode.c -o $@ -$(DEST)/load_http.o: $(LIBSRC)/load_http.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/load_http.c -o $@ -$(DEST)/load_pool.o: $(LIBSRC)/load_pool.c $(INCDEP) $(TOP)/ip_pool.h - $(CC) $(CCARGS) -c $(LIBSRC)/load_pool.c -o $@ -$(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h - $(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@ -$(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@ -$(DEST)/make_range.o: $(LIBSRC)/make_range.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/make_range.c -o $@ -$(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/mutex_emul.c -o $@ -$(DEST)/nametokva.o: $(LIBSRC)/nametokva.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/nametokva.c -o $@ -$(DEST)/nat_setgroupmap.o: $(LIBSRC)/nat_setgroupmap.c $(TOP)/ip_compat.h \ - $(TOP)/ipf.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) -c $(LIBSRC)/nat_setgroupmap.c -o $@ -$(DEST)/ntomask.o: $(LIBSRC)/ntomask.c $(TOP)/ip_compat.h - $(CC) $(CCARGS) -c $(LIBSRC)/ntomask.c -o $@ -$(DEST)/optname.o: $(LIBSRC)/optname.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/optname.c -o $@ -$(DEST)/optprint.o: $(LIBSRC)/optprint.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/optprint.c -o $@ -$(DEST)/optprintv6.o: $(LIBSRC)/optprintv6.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/optprintv6.c -o $@ -$(DEST)/optvalue.o: $(LIBSRC)/optvalue.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@ -$(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@ -$(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@ -$(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printactivenat.c -o $@ -$(DEST)/printaps.o: $(LIBSRC)/printaps.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printaps.c -o $@ -$(DEST)/printbuf.o: $(LIBSRC)/printbuf.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printbuf.c -o $@ -$(DEST)/printfr.o: $(LIBSRC)/printfr.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(LIBSRC)/printfr.c -o $@ -$(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@ -$(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@ -$(DEST)/printhashdata.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@ -$(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \ - $(TOP)/ip_htable.h $(TOP)/ip_lookup.h - $(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@ -$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@ -$(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@ -$(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h - $(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@ -$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h - $(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@ -$(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \ - $(TOP)/ip_pool.h $(TOP)/ip_lookup.h - $(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@ -$(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \ - $(TOP)/ip_pool.h $(TOP)/ip_lookup.h - $(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@ -$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@ -$(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@ -$(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printifname.c -o $@ -$(DEST)/printmask.o: $(LIBSRC)/printmask.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printmask.c -o $@ -$(DEST)/printnat.o: $(LIBSRC)/printnat.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printnat.c -o $@ -$(DEST)/printhostmask.o: $(LIBSRC)/printhostmask.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printhostmask.c -o $@ -$(DEST)/printlog.o: $(LIBSRC)/printlog.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printlog.c -o $@ -$(DEST)/printpacket.o: $(LIBSRC)/printpacket.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printpacket.c -o $@ -$(DEST)/printpacket6.o: $(LIBSRC)/printpacket6.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printpacket6.c -o $@ -$(DEST)/printportcmp.o: $(LIBSRC)/printportcmp.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printportcmp.c -o $@ -$(DEST)/printsbuf.o: $(LIBSRC)/printsbuf.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printsbuf.c -o $@ -$(DEST)/printstate.o: $(LIBSRC)/printstate.c $(INCDEP) $(TOP)/ip_state.h - $(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@ -$(DEST)/printtqtable.o: $(LIBSRC)/printtqtable.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printtqtable.c -o $@ -$(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@ -$(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \ - $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@ -$(DEST)/remove_hashnode.o: $(LIBSRC)/remove_hashnode.c $(INCDEP) \ - $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/remove_hashnode.c -o $@ -$(DEST)/remove_pool.o: $(LIBSRC)/remove_pool.c $(INCDEP) \ - $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/remove_pool.c -o $@ -$(DEST)/remove_poolnode.o: $(LIBSRC)/remove_poolnode.c $(INCDEP) \ - $(TOP)/ip_htable.h - $(CC) $(CCARGS) -c $(LIBSRC)/remove_poolnode.c -o $@ -$(DEST)/resetlexer.o: $(LIBSRC)/resetlexer.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/resetlexer.c -o $@ -$(DEST)/rwlock_emul.o: $(LIBSRC)/rwlock_emul.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/rwlock_emul.c -o $@ -$(DEST)/tcpflags.o: $(LIBSRC)/tcpflags.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/tcpflags.c -o $@ -$(DEST)/tcp_flags.o: $(LIBSRC)/tcp_flags.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/tcp_flags.c -o $@ -$(DEST)/var.o: $(LIBSRC)/var.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/var.c -o $@ -$(DEST)/verbose.o: $(LIBSRC)/verbose.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/verbose.c -o $@ -$(DEST)/v6ionames.o: $(LIBSRC)/v6ionames.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/v6ionames.c -o $@ -$(DEST)/v6optvalue.o: $(LIBSRC)/v6optvalue.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/v6optvalue.c -o $@ - -clean-lib: - /bin/rm -f ${LIBOBJS} ${LIB} diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c deleted file mode 100644 index 2567397..0000000 --- a/contrib/ipfilter/lib/addicmp.c +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: addicmp.c,v 1.10.2.5 2006/06/16 17:20:55 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - - -char *icmptypes[MAX_ICMPTYPE + 1] = { - "echorep", (char *)NULL, (char *)NULL, "unreach", "squench", - "redir", (char *)NULL, (char *)NULL, "echo", "routerad", - "routersol", "timex", "paramprob", "timest", "timestrep", - "inforeq", "inforep", "maskreq", "maskrep", "END" -}; diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c deleted file mode 100644 index 17fac0d..0000000 --- a/contrib/ipfilter/lib/addipopt.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: addipopt.c,v 1.7.4.1 2006/06/16 17:20:56 darrenr Exp $ - */ - -#include "ipf.h" - - -int addipopt(op, io, len, class) -char *op; -struct ipopt_names *io; -int len; -char *class; -{ - int olen = len; - struct in_addr ipadr; - u_short val; - u_char lvl; - char *s; - - if ((len + io->on_siz) > 48) { - fprintf(stderr, "options too long\n"); - return 0; - } - len += io->on_siz; - *op++ = io->on_value; - if (io->on_siz > 1) { - s = op; - *op++ = io->on_siz; - *op++ = IPOPT_MINOFF; - - if (class) { - switch (io->on_value) - { - case IPOPT_SECURITY : - lvl = seclevel(class); - *(op - 1) = lvl; - break; - case IPOPT_LSRR : - case IPOPT_SSRR : - ipadr.s_addr = inet_addr(class); - s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4; - bcopy((char *)&ipadr, op, sizeof(ipadr)); - break; - case IPOPT_SATID : - val = atoi(class); - bcopy((char *)&val, op, 2); - break; - } - } - - op += io->on_siz - 3; - if (len & 3) { - *op++ = IPOPT_NOP; - len++; - } - } - if (opts & OPT_DEBUG) - fprintf(stderr, "bo: %s %d %#x: %d\n", - io->on_name, io->on_value, io->on_bit, len); - return len - olen; -} diff --git a/contrib/ipfilter/lib/addkeep.c b/contrib/ipfilter/lib/addkeep.c deleted file mode 100644 index bbc7759..0000000 --- a/contrib/ipfilter/lib/addkeep.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $ - */ - -#include "ipf.h" - - -/* - * Parses "keep state" and "keep frags" stuff on the end of a line. - */ -int addkeep(cp, fp, linenum) -char ***cp; -struct frentry *fp; -int linenum; -{ - char *s; - - (*cp)++; - if (!**cp) { - fprintf(stderr, "%d: Missing state/frag after keep\n", - linenum); - return -1; - } - - if (!strcasecmp(**cp, "state")) { - fp->fr_flags |= FR_KEEPSTATE; - (*cp)++; - if (**cp && !strcasecmp(**cp, "limit")) { - (*cp)++; - fp->fr_statemax = atoi(**cp); - (*cp)++; - } - if (**cp && !strcasecmp(**cp, "scan")) { - (*cp)++; - if (!strcmp(**cp, "*")) { - fp->fr_isc = NULL; - fp->fr_isctag[0] = '\0'; - } else { - strncpy(fp->fr_isctag, **cp, - sizeof(fp->fr_isctag)); - fp->fr_isctag[sizeof(fp->fr_isctag)-1] = '\0'; - fp->fr_isc = NULL; - } - (*cp)++; - } else - fp->fr_isc = (struct ipscan *)-1; - } else if (!strncasecmp(**cp, "frag", 4)) { - fp->fr_flags |= FR_KEEPFRAG; - (*cp)++; - } else if (!strcasecmp(**cp, "state-age")) { - if (fp->fr_ip.fi_p == IPPROTO_TCP) { - fprintf(stderr, "%d: cannot use state-age with tcp\n", - linenum); - return -1; - } - if ((fp->fr_flags & FR_KEEPSTATE) == 0) { - fprintf(stderr, "%d: state-age with no 'keep state'\n", - linenum); - return -1; - } - (*cp)++; - if (!**cp) { - fprintf(stderr, "%d: state-age with no arg\n", - linenum); - return -1; - } - fp->fr_age[0] = atoi(**cp); - s = strchr(**cp, '/'); - if (s != NULL) { - s++; - fp->fr_age[1] = atoi(s); - } else - fp->fr_age[1] = fp->fr_age[0]; - } else { - fprintf(stderr, "%d: Unrecognised state keyword \"%s\"\n", - linenum, **cp); - return -1; - } - return 0; -} diff --git a/contrib/ipfilter/lib/alist_free.c b/contrib/ipfilter/lib/alist_free.c deleted file mode 100644 index 3c1a518..0000000 --- a/contrib/ipfilter/lib/alist_free.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright (C) 2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: alist_free.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ - */ -#include "ipf.h" - -void -alist_free(hosts) -alist_t *hosts; -{ - alist_t *a, *next; - - for (a = hosts; a != NULL; a = next) { - next = a->al_next; - free(a); - } -} diff --git a/contrib/ipfilter/lib/alist_new.c b/contrib/ipfilter/lib/alist_new.c deleted file mode 100644 index 50a4275..0000000 --- a/contrib/ipfilter/lib/alist_new.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: alist_new.c,v 1.1.2.3 2007/06/06 08:05:33 darrenr Exp $ - */ - -#include "ipf.h" - -alist_t * -alist_new(int v, char *host) -{ - int a, b, c, d, bits; - char *slash; - alist_t *al; - u_int mask; - - al = calloc(1, sizeof(*al)); - if (al == NULL) { - fprintf(stderr, "alist_new out of memory\n"); - return NULL; - } - - bits = -1; - slash = strchr(host, '/'); - if (slash != NULL) { - *slash = '\0'; - bits = atoi(slash + 1); - } - - a = b = c = d = -1; - sscanf(host, "%d.%d.%d.%d", &a, &b, &c, &d); - - if (bits > 0 && bits < 33) { - mask = 0xffffffff << (32 - bits); - } else if (b == -1) { - mask = 0xff000000; - b = c = d = 0; - } else if (c == -1) { - mask = 0xffff0000; - c = d = 0; - } else if (d == -1) { - mask = 0xffffff00; - d = 0; - } else { - mask = 0xffffffff; - } - - if (*host == '!') { - al->al_not = 1; - host++; - } - - if (gethost(host, &al->al_addr) == -1) { - if (slash != NULL) - *slash = '/'; - fprintf(stderr, "Cannot parse hostname\n"); - free(al); - return NULL; - } - al->al_mask = htonl(mask); - if (slash != NULL) - *slash = '/'; - return al; -} diff --git a/contrib/ipfilter/lib/bcopywrap.c b/contrib/ipfilter/lib/bcopywrap.c deleted file mode 100644 index 83fd04b..0000000 --- a/contrib/ipfilter/lib/bcopywrap.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: bcopywrap.c,v 1.1.4.1 2006/06/16 17:20:56 darrenr Exp $ - */ - -#include "ipf.h" - -int bcopywrap(from, to, size) -void *from, *to; -size_t size; -{ - bcopy((caddr_t)from, (caddr_t)to, size); - return 0; -} - diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c deleted file mode 100644 index 4eb3828..0000000 --- a/contrib/ipfilter/lib/binprint.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: binprint.c,v 1.8.4.1 2006/06/16 17:20:56 darrenr Exp $ - */ - -#include "ipf.h" - - -void binprint(ptr, size) -void *ptr; -size_t size; -{ - u_char *s; - int i, j; - - for (i = size, j = 0, s = (u_char *)ptr; i; i--, s++) { - j++; - printf("%02x ", *s); - if (j == 16) { - printf("\n"); - j = 0; - } - } - putchar('\n'); - (void)fflush(stdout); -} diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c deleted file mode 100644 index d493f5e..0000000 --- a/contrib/ipfilter/lib/buildopts.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: buildopts.c,v 1.6.4.1 2006/06/16 17:20:56 darrenr Exp $ - */ - -#include "ipf.h" - - -u_32_t buildopts(cp, op, len) -char *cp, *op; -int len; -{ - struct ipopt_names *io; - u_32_t msk = 0; - char *s, *t; - int inc; - - for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) { - if ((t = strchr(s, '='))) - *t++ = '\0'; - for (io = ionames; io->on_name; io++) { - if (strcasecmp(s, io->on_name) || (msk & io->on_bit)) - continue; - if ((inc = addipopt(op, io, len, t))) { - op += inc; - len += inc; - } - msk |= io->on_bit; - break; - } - if (!io->on_name) { - fprintf(stderr, "unknown IP option name %s\n", s); - return 0; - } - } - *op++ = IPOPT_EOL; - len++; - return len; -} diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c deleted file mode 100644 index 3c40226..0000000 --- a/contrib/ipfilter/lib/checkrev.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (C) 2000-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: checkrev.c,v 1.12.2.2 2006/06/16 17:20:56 darrenr Exp $ - */ - -#include <sys/ioctl.h> -#include <fcntl.h> - -#include "ipf.h" -#include "netinet/ipl.h" - -int checkrev(ipfname) -char *ipfname; -{ - static int vfd = -1; - struct friostat fio, *fiop = &fio; - ipfobj_t ipfo; - - bzero((caddr_t)&ipfo, sizeof(ipfo)); - ipfo.ipfo_rev = IPFILTER_VERSION; - ipfo.ipfo_size = sizeof(*fiop); - ipfo.ipfo_ptr = (void *)fiop; - ipfo.ipfo_type = IPFOBJ_IPFSTAT; - - if ((vfd == -1) && ((vfd = open(ipfname, O_RDONLY)) == -1)) { - perror("open device"); - return -1; - } - - if (ioctl(vfd, SIOCGETFS, &ipfo)) { - perror("ioctl(SIOCGETFS)"); - close(vfd); - vfd = -1; - return -1; - } - - if (strncmp(IPL_VERSION, fio.f_version, sizeof(fio.f_version))) { - return -1; - } - return 0; -} diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c deleted file mode 100644 index 51e6025..0000000 --- a/contrib/ipfilter/lib/count4bits.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: count4bits.c,v 1.1.4.1 2006/06/16 17:20:57 darrenr Exp $ - */ - -#include "ipf.h" - - -/* - * count consecutive 1's in bit mask. If the mask generated by counting - * consecutive 1's is different to that passed, return -1, else return # - * of bits. - */ -int count4bits(ip) -u_int ip; -{ - int cnt = 0, i, j; - u_int ipn; - - ip = ipn = ntohl(ip); - for (i = 32; i; i--, ipn *= 2) - if (ipn & 0x80000000) - cnt++; - else - break; - ipn = 0; - for (i = 32, j = cnt; i; i--, j--) { - ipn *= 2; - if (j > 0) - ipn++; - } - if (ipn == ip) - return cnt; - return -1; -} diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c deleted file mode 100644 index be090b7..0000000 --- a/contrib/ipfilter/lib/count6bits.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2000-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: count6bits.c,v 1.4.4.1 2006/06/16 17:20:57 darrenr Exp $ - */ - -#include "ipf.h" - - -int count6bits(msk) -u_32_t *msk; -{ - int i = 0, k; - u_32_t j; - - for (k = 3; k >= 0; k--) - if (msk[k] == 0xffffffff) - i += 32; - else { - for (j = msk[k]; j; j <<= 1) - if (j & 0x80000000) - i++; - } - return i; -} diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c deleted file mode 100644 index 144bc02..0000000 --- a/contrib/ipfilter/lib/debug.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) 2000-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: debug.c,v 1.6.4.1 2006/06/16 17:20:57 darrenr Exp $ - */ - -#if defined(__STDC__) -# include <stdarg.h> -#else -# include <varargs.h> -#endif -#include <stdio.h> - -#include "ipt.h" -#include "opts.h" - - -#ifdef __STDC__ -void debug(char *fmt, ...) -#else -void debug(fmt, va_alist) -char *fmt; -va_dcl -#endif -{ - va_list pvar; - - va_start(pvar, fmt); - - if (opts & OPT_DEBUG) - vprintf(fmt, pvar); - va_end(pvar); -} diff --git a/contrib/ipfilter/lib/extras.c b/contrib/ipfilter/lib/extras.c deleted file mode 100644 index 9087ca6..0000000 --- a/contrib/ipfilter/lib/extras.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $ - */ - -#include "ipf.h" - - -/* - * deal with extra bits on end of the line - */ -int extras(cp, fr, linenum) -char ***cp; -struct frentry *fr; -int linenum; -{ - u_short secmsk; - u_long opts; - int notopt; - - opts = 0; - secmsk = 0; - notopt = 0; - (*cp)++; - if (!**cp) - return -1; - - while (**cp) { - if (!strcasecmp(**cp, "not") || !strcasecmp(**cp, "no")) { - notopt = 1; - (*cp)++; - continue; - } else if (!strncasecmp(**cp, "ipopt", 5)) { - if (!notopt) - fr->fr_flx |= FI_OPTIONS; - fr->fr_mflx |= FI_OPTIONS; - goto nextopt; - } else if (!strcasecmp(**cp, "lowttl")) { - if (!notopt) - fr->fr_flx |= FI_LOWTTL; - fr->fr_mflx |= FI_LOWTTL; - goto nextopt; - } else if (!strcasecmp(**cp, "bad-src")) { - if (!notopt) - fr->fr_flx |= FI_BADSRC; - fr->fr_mflx |= FI_BADSRC; - goto nextopt; - } else if (!strncasecmp(**cp, "mbcast", 6)) { - if (!notopt) - fr->fr_flx |= FI_MBCAST; - fr->fr_mflx |= FI_MBCAST; - goto nextopt; - } else if (!strncasecmp(**cp, "nat", 3)) { - if (!notopt) - fr->fr_flx |= FI_NATED; - fr->fr_mflx |= FI_NATED; - goto nextopt; - } else if (!strncasecmp(**cp, "frag", 4)) { - if (!notopt) - fr->fr_flx |= FI_FRAG; - fr->fr_mflx |= FI_FRAG; - goto nextopt; - } else if (!strncasecmp(**cp, "opt", 3)) { - if (!*(*cp + 1)) { - fprintf(stderr, "%d: opt missing arguements\n", - linenum); - return -1; - } - (*cp)++; - if (!(opts = optname(cp, &secmsk, linenum))) - return -1; - - if (notopt) { - if (!secmsk) { - fr->fr_optmask |= opts; - } else { - fr->fr_optmask |= (opts & ~0x0100); - fr->fr_secmask |= secmsk; - } - fr->fr_secbits &= ~secmsk; - fr->fr_optbits &= ~opts; - } else { - fr->fr_optmask |= opts; - fr->fr_secmask |= secmsk; - fr->fr_optbits |= opts; - fr->fr_secbits |= secmsk; - } - } else if (!strncasecmp(**cp, "short", 5)) { - if (fr->fr_tcpf) { - fprintf(stderr, - "%d: short cannot be used with TCP flags\n", - linenum); - return -1; - } - - if (!notopt) - fr->fr_flx |= FI_SHORT; - fr->fr_mflx |= FI_SHORT; - goto nextopt; - } else - return -1; -nextopt: - notopt = 0; - opts = 0; - secmsk = 0; - (*cp)++; - } - return 0; -} diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c deleted file mode 100644 index 6785e22..0000000 --- a/contrib/ipfilter/lib/facpri.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $ - */ - -#include <stdio.h> -#include <string.h> -#include <limits.h> -#include <sys/types.h> -#if !defined(__SVR4) && !defined(__svr4__) -#include <strings.h> -#endif -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <syslog.h> -#include "facpri.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $"; -#endif - - -typedef struct table { - char *name; - int value; -} table_t; - -table_t facs[] = { - { "kern", LOG_KERN }, { "user", LOG_USER }, - { "mail", LOG_MAIL }, { "daemon", LOG_DAEMON }, - { "auth", LOG_AUTH }, { "syslog", LOG_SYSLOG }, - { "lpr", LOG_LPR }, { "news", LOG_NEWS }, - { "uucp", LOG_UUCP }, -#if LOG_CRON == LOG_CRON2 - { "cron2", LOG_CRON1 }, -#else - { "cron", LOG_CRON1 }, -#endif -#ifdef LOG_FTP - { "ftp", LOG_FTP }, -#endif -#ifdef LOG_AUTHPRIV - { "authpriv", LOG_AUTHPRIV }, -#endif -#ifdef LOG_AUDIT - { "audit", LOG_AUDIT }, -#endif -#ifdef LOG_LFMT - { "logalert", LOG_LFMT }, -#endif -#if LOG_CRON == LOG_CRON1 - { "cron", LOG_CRON2 }, -#else - { "cron2", LOG_CRON2 }, -#endif -#ifdef LOG_SECURITY - { "security", LOG_SECURITY }, -#endif - { "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 }, - { "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 }, - { "local4", LOG_LOCAL4 }, { "local5", LOG_LOCAL5 }, - { "local6", LOG_LOCAL6 }, { "local7", LOG_LOCAL7 }, - { NULL, 0 } -}; - - -/* - * map a facility number to its name - */ -char * -fac_toname(facpri) - int facpri; -{ - int i, j, fac; - - fac = facpri & LOG_FACMASK; - j = fac >> 3; - if (j < (sizeof(facs)/sizeof(facs[0]))) { - if (facs[j].value == fac) - return facs[j].name; - } - for (i = 0; facs[i].name; i++) - if (fac == facs[i].value) - return facs[i].name; - - return NULL; -} - - -/* - * map a facility name to its number - */ -int -fac_findname(name) - char *name; -{ - int i; - - for (i = 0; facs[i].name; i++) - if (!strcmp(facs[i].name, name)) - return facs[i].value; - return -1; -} - - -table_t pris[] = { - { "emerg", LOG_EMERG }, { "alert", LOG_ALERT }, - { "crit", LOG_CRIT }, { "err", LOG_ERR }, - { "warn", LOG_WARNING }, { "notice", LOG_NOTICE }, - { "info", LOG_INFO }, { "debug", LOG_DEBUG }, - { NULL, 0 } -}; - - -/* - * map a priority number to its name - */ -char * -pri_toname(facpri) - int facpri; -{ - int i, pri; - - pri = facpri & LOG_PRIMASK; - if (pris[pri].value == pri) - return pris[pri].name; - for (i = 0; pris[i].name; i++) - if (pri == pris[i].value) - return pris[i].name; - return NULL; -} diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h deleted file mode 100644 index b6d5f5a..0000000 --- a/contrib/ipfilter/lib/facpri.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (C) 2000-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: facpri.h,v 1.3.4.1 2006/06/16 17:20:58 darrenr Exp $ - */ - -#ifndef __FACPRI_H__ -#define __FACPRI_H__ - -#ifndef __P -# define P_DEF -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -extern char *fac_toname __P((int)); -extern int fac_findname __P((char *)); - -extern char *pri_toname __P((int)); -extern int pri_findname __P((char *)); - -#ifdef P_DEF -# undef __P -# undef P_DEF -#endif - -#if LOG_CRON == (9<<3) -# define LOG_CRON1 LOG_CRON -# define LOG_CRON2 (15<<3) -#endif -#if LOG_CRON == (15<<3) -# define LOG_CRON1 (9<<3) -# define LOG_CRON2 LOG_CRON -#endif - -#endif /* __FACPRI_H__ */ diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c deleted file mode 100644 index a5f459a..0000000 --- a/contrib/ipfilter/lib/fill6bits.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: fill6bits.c,v 1.5.4.1 2006/06/16 17:20:58 darrenr Exp $ - */ - -#include "ipf.h" - - -void fill6bits(bits, msk) -int bits; -u_int *msk; -{ - if (bits == 0) { - msk[0] = 0; - msk[1] = 0; - msk[2] = 0; - msk[3] = 0; - return; - } - - msk[0] = 0xffffffff; - msk[1] = 0xffffffff; - msk[2] = 0xffffffff; - msk[3] = 0xffffffff; - - if (bits == 128) - return; - if (bits > 96) { - msk[3] = htonl(msk[3] << (128 - bits)); - } else if (bits > 64) { - msk[3] = 0; - msk[2] = htonl(msk[2] << (96 - bits)); - } else if (bits > 32) { - msk[3] = 0; - msk[2] = 0; - msk[1] = htonl(msk[1] << (64 - bits)); - } else { - msk[3] = 0; - msk[2] = 0; - msk[1] = 0; - msk[0] = htonl(msk[0] << (32 - bits)); - } -} diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c deleted file mode 100644 index 4baf3bd..0000000 --- a/contrib/ipfilter/lib/flags.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (C) 2001-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: flags.c,v 1.4.4.1 2006/06/16 17:20:58 darrenr Exp $ - */ - -#include "ipf.h" - -/* - * ECN is a new addition to TCP - RFC 2481 - */ -#ifndef TH_ECN -# define TH_ECN 0x40 -#endif -#ifndef TH_CWR -# define TH_CWR 0x80 -#endif - -char flagset[] = "FSRPAUEC"; -u_char flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG, - TH_ECN, TH_CWR }; diff --git a/contrib/ipfilter/lib/genmask.c b/contrib/ipfilter/lib/genmask.c deleted file mode 100644 index 238e5b6..0000000 --- a/contrib/ipfilter/lib/genmask.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp $ - */ - -#include "ipf.h" - - -int genmask(msk, mskp) -char *msk; -u_32_t *mskp; -{ - char *endptr = 0L; - int bits; - - if (strchr(msk, '.') || strchr(msk, 'x') || strchr(msk, ':')) { - /* possibly of the form xxx.xxx.xxx.xxx - * or 0xYYYYYYYY */ -#ifdef USE_INET6 - if (use_inet6) { - if (inet_pton(AF_INET6, msk, mskp) != 1) - return -1; - } else -#endif - if (inet_aton(msk, (struct in_addr *)mskp) == 0) - return -1; - } else { - /* - * set x most significant bits - */ - bits = (int)strtol(msk, &endptr, 0); -#ifdef USE_INET6 - if ((*endptr != '\0') || - ((bits > 32) && !use_inet6) || (bits < 0) || - ((bits > 128) && use_inet6)) -#else - if (*endptr != '\0' || bits > 32 || bits < 0) -#endif - return -1; -#ifdef USE_INET6 - if (use_inet6) - fill6bits(bits, mskp); - else -#endif - if (bits == 0) - *mskp = 0; - else - *mskp = htonl(0xffffffff << (32 - bits)); - } - return 0; -} diff --git a/contrib/ipfilter/lib/gethost.c b/contrib/ipfilter/lib/gethost.c deleted file mode 100644 index d97766f..0000000 --- a/contrib/ipfilter/lib/gethost.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: gethost.c,v 1.3.2.2 2006/06/16 17:20:59 darrenr Exp $ - */ - -#include "ipf.h" - -int gethost(name, hostp) -char *name; -u_32_t *hostp; -{ - struct hostent *h; - struct netent *n; - u_32_t addr; - - if (!strcmp(name, "test.host.dots")) { - *hostp = htonl(0xfedcba98); - return 0; - } - - if (!strcmp(name, "<thishost>")) - name = thishost; - - h = gethostbyname(name); - if (h != NULL) { - if ((h->h_addr != NULL) && (h->h_length == sizeof(addr))) { - bcopy(h->h_addr, (char *)&addr, sizeof(addr)); - *hostp = addr; - return 0; - } - } - - n = getnetbyname(name); - if (n != NULL) { - *hostp = (u_32_t)htonl(n->n_net & 0xffffffff); - return 0; - } - return -1; -} diff --git a/contrib/ipfilter/lib/getifname.c b/contrib/ipfilter/lib/getifname.c deleted file mode 100644 index 6163239..0000000 --- a/contrib/ipfilter/lib/getifname.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: getifname.c,v 1.5.2.3 2006/07/14 06:12:24 darrenr Exp $ - */ - -#include "ipf.h" - -#include "kmem.h" - -/* - * Given a pointer to an interface in the kernel, return a pointer to a - * string which is the interface name. - */ -#if 0 -char *getifname(ptr) -struct ifnet *ptr; -{ -#if SOLARIS || defined(__hpux) -# if SOLARIS -# include <sys/mutex.h> -# include <sys/condvar.h> -# endif -# ifdef __hpux -# include "compat.h" -# endif -# include "../pfil/qif.h" - char *ifname; - qif_t qif; - - if ((void *)ptr == (void *)-1) - return "!"; - if (ptr == NULL) - return "-"; - - if (kmemcpy((char *)&qif, (u_long)ptr, sizeof(qif)) == -1) - return "X"; - ifname = strdup(qif.qf_name); - if ((ifname != NULL) && (*ifname == '\0')) { - free(ifname); - return "!"; - } - return ifname; -#else -# if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \ - defined(__OpenBSD__) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) -#else - char buf[32]; - int len; -# endif - struct ifnet netif; - - if ((void *)ptr == (void *)-1) - return "!"; - if (ptr == NULL) - return "-"; - - if (kmemcpy((char *)&netif, (u_long)ptr, sizeof(netif)) == -1) - return "X"; -# if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \ - defined(__OpenBSD__) || defined(linux) || \ - (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) - return strdup(netif.if_xname); -# else - if (kstrncpy(buf, (u_long)netif.if_name, sizeof(buf)) == -1) - return "X"; - if (netif.if_unit < 10) - len = 2; - else if (netif.if_unit < 1000) - len = 3; - else if (netif.if_unit < 10000) - len = 4; - else - len = 5; - buf[sizeof(buf) - len] = '\0'; - sprintf(buf + strlen(buf), "%d", netif.if_unit % 10000); - return strdup(buf); -# endif -#endif -} -#else -char *getifname(ptr) -struct ifnet *ptr; -{ - return "X"; -} -#endif diff --git a/contrib/ipfilter/lib/getline.c b/contrib/ipfilter/lib/getline.c deleted file mode 100644 index 7d06d43..0000000 --- a/contrib/ipfilter/lib/getline.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ - */ - -#include <stdio.h> -#if !defined(__SVR4) && !defined(__GNUC__) -#include <strings.h> -#endif -#include <string.h> -#include "ipf.h" - - -/* - * Similar to fgets(3) but can handle '\\' and NL is converted to NUL. - * Returns NULL if error occured, EOF encounterd or input line is too long. - */ -char *getline(str, size, file, linenum) -register char *str; -size_t size; -FILE *file; -int *linenum; -{ - char *p; - int s, len; - - do { - for (p = str, s = size;; p += (len - 1), s -= (len - 1)) { - /* - * if an error occured, EOF was encounterd, or there - * was no room to put NUL, return NULL. - */ - if (fgets(p, s, file) == NULL) - return (NULL); - len = strlen(p); - if (p[len - 1] != '\n') { - p[len] = '\0'; - break; - } - (*linenum)++; - p[len - 1] = '\0'; - if (len < 2 || p[len - 2] != '\\') - break; - else - /* - * Convert '\\' to a space so words don't - * run together - */ - p[len - 2] = ' '; - } - } while (*str == '\0'); - return (str); -} diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c deleted file mode 100644 index 04463c2..0000000 --- a/contrib/ipfilter/lib/getnattype.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com) - */ -#include "ipf.h" -#include "kmem.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3.2.2 2006/07/14 06:12:24 darrenr Exp $"; -#endif - - -/* - * Get a nat filter type given its kernel address. - */ -char *getnattype(nat, alive) -nat_t *nat; -int alive; -{ - static char unknownbuf[20]; - ipnat_t *ipn, ipnat; - char *which; - int type; - - if (!nat) - return "???"; - if (alive) { - type = nat->nat_redir; - } else { - ipn = nat->nat_ptr; - if (kmemcpy((char *)&ipnat, (long)ipn, sizeof(ipnat))) - return "!!!"; - type = ipnat.in_redir; - } - - switch (type) - { - case NAT_MAP : - which = "MAP"; - break; - case NAT_MAPBLK : - which = "MAP-BLOCK"; - break; - case NAT_REDIRECT : - which = "RDR"; - break; - case NAT_BIMAP : - which = "BIMAP"; - break; - default : - sprintf(unknownbuf, "unknown(%04x)", type & 0xffffffff); - which = unknownbuf; - break; - } - return which; -} diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c deleted file mode 100644 index 1c5177c..0000000 --- a/contrib/ipfilter/lib/getport.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: getport.c,v 1.1.4.6 2006/06/16 17:21:00 darrenr Exp $ - */ - -#include "ipf.h" - -int getport(fr, name, port) -frentry_t *fr; -char *name; -u_short *port; -{ - struct protoent *p; - struct servent *s; - u_short p1; - - if (fr == NULL || fr->fr_type != FR_T_IPF) { - s = getservbyname(name, NULL); - if (s != NULL) { - *port = s->s_port; - return 0; - } - return -1; - } - - /* - * Some people will use port names in rules without specifying - * either TCP or UDP because it is implied by the group head. - * If we don't know the protocol, then the best we can do here is - * to take either only the TCP or UDP mapping (if one or the other - * is missing) or make sure both of them agree. - */ - if (fr->fr_proto == 0) { - s = getservbyname(name, "tcp"); - if (s != NULL) - p1 = s->s_port; - else - p1 = 0; - s = getservbyname(name, "udp"); - if (s != NULL) { - if (p1 != s->s_port) - return -1; - } - if ((p1 == 0) && (s == NULL)) - return -1; - if (p1) - *port = p1; - else - *port = s->s_port; - return 0; - } - - if ((fr->fr_flx & FI_TCPUDP) != 0) { - /* - * If a rule is "tcp/udp" then check that both TCP and UDP - * mappings for this protocol name match ports. - */ - s = getservbyname(name, "tcp"); - if (s == NULL) - return -1; - p1 = s->s_port; - s = getservbyname(name, "udp"); - if (s == NULL || s->s_port != p1) - return -1; - *port = p1; - return 0; - } - - p = getprotobynumber(fr->fr_proto); - s = getservbyname(name, p ? p->p_name : NULL); - if (s != NULL) { - *port = s->s_port; - return 0; - } - return -1; -} diff --git a/contrib/ipfilter/lib/getportproto.c b/contrib/ipfilter/lib/getportproto.c deleted file mode 100644 index 5a247ae..0000000 --- a/contrib/ipfilter/lib/getportproto.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: getportproto.c,v 1.2.4.4 2006/06/16 17:21:00 darrenr Exp $ - */ - -#include <ctype.h> -#include "ipf.h" - -int getportproto(name, proto) -char *name; -int proto; -{ - struct servent *s; - struct protoent *p; - - if (ISDIGIT(*name)) { - int number; - char *s; - - for (s = name; *s != '\0'; s++) - if (!ISDIGIT(*s)) - return -1; - - number = atoi(name); - if (number < 0 || number > 65535) - return -1; - return htons(number); - } - - p = getprotobynumber(proto); - s = getservbyname(name, p ? p->p_name : NULL); - if (s != NULL) - return s->s_port; - return -1; -} diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c deleted file mode 100644 index 9714da2..0000000 --- a/contrib/ipfilter/lib/getproto.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: getproto.c,v 1.2.2.3 2006/06/16 17:21:00 darrenr Exp $ - */ - -#include "ipf.h" - -int getproto(name) -char *name; -{ - struct protoent *p; - char *s; - - for (s = name; *s != '\0'; s++) - if (!ISDIGIT(*s)) - break; - if (*s == '\0') - return atoi(name); - -#ifdef _AIX51 - /* - * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 - */ - if (!strcasecmp(name, "ip")) - return 0; -#endif - - p = getprotobyname(name); - if (p != NULL) - return p->p_proto; - return -1; -} diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c deleted file mode 100644 index 00974bc..0000000 --- a/contrib/ipfilter/lib/getsumd.c +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: getsumd.c,v 1.2.4.1 2006/06/16 17:21:01 darrenr Exp $ - */ - -#include "ipf.h" - -char *getsumd(sum) -u_32_t sum; -{ - static char sumdbuf[17]; - - if (sum & NAT_HW_CKSUM) - sprintf(sumdbuf, "hw(%#0x)", sum & 0xffff); - else - sprintf(sumdbuf, "%#0x", sum); - return sumdbuf; -} diff --git a/contrib/ipfilter/lib/hexdump.c b/contrib/ipfilter/lib/hexdump.c deleted file mode 100644 index 86e731e..0000000 --- a/contrib/ipfilter/lib/hexdump.c +++ /dev/null @@ -1,28 +0,0 @@ -#include <ctype.h> - -#include "ipf.h" - -void hexdump(out, addr, len, ascii) -FILE *out; -void *addr; -int len, ascii; -{ - FILE *fpout; - u_char *s, *t; - int i; - - fpout = out ? out : stdout; - for (i = 0, s = addr; i < len; i++, s++) { - fprintf(fpout, "%02x", *s); - if (i % 16 == 15) { - if (ascii != 0) { - fputc('\t', fpout); - for (t = s - 15; t<= s; t++) - fputc(ISPRINT(*t) ? *t : '.', fpout); - } - fputc('\n', fpout); - } else if (i % 4 == 3) { - fputc(' ', fpout); - } - } -} diff --git a/contrib/ipfilter/lib/hostmask.c b/contrib/ipfilter/lib/hostmask.c deleted file mode 100644 index 4ee41e16..0000000 --- a/contrib/ipfilter/lib/hostmask.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp $ - */ - -#include "ipf.h" - - -/* - * returns -1 if neither "hostmask/num" or "hostmask mask addr" are - * found in the line segments, there is an error processing this information, - * or there is an error processing ports information. - */ -int hostmask(seg, proto, ifname, sa, msk, linenum) -char ***seg, *proto, *ifname; -u_32_t *sa, *msk; -int linenum; -{ - struct in_addr maskaddr; - char *s; - - if ((s = strchr(**seg, '='))) { - *s++ = '\0'; - if (!strcmp(**seg, "pool")) { - *sa = atoi(s); - return 1; - } - } - - /* - * is it possibly hostname/num ? - */ - if ((s = strchr(**seg, '/')) || - ((s = strchr(**seg, ':')) && !strchr(s + 1, ':'))) { - *s++ ='\0'; - if (genmask(s, msk) == -1) { - fprintf(stderr, "%d: bad mask (%s)\n", linenum, s); - return -1; - } - if (hostnum(sa, **seg, linenum, ifname) == -1) { - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; - } - *sa &= *msk; - (*seg)++; - return 0; - } - - /* - * look for extra segments if "mask" found in right spot - */ - if (*(*seg+1) && *(*seg+2) && !strcasecmp(*(*seg+1), "mask")) { - if (hostnum(sa, **seg, linenum, ifname) == -1) { - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; - } - (*seg)++; - (*seg)++; - if (inet_aton(**seg, &maskaddr) == 0) { - fprintf(stderr, "%d: bad mask (%s)\n", linenum, **seg); - return -1; - } - *msk = maskaddr.s_addr; - (*seg)++; - *sa &= *msk; - return 0; - } - - if (**seg) { - u_32_t k; - - if (hostnum(sa, **seg, linenum, ifname) == -1) { - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; - } - (*seg)++; - k = *sa ? 0xffffffff : 0; -#ifdef USE_INET6 - if (use_inet6) { - msk[1] = k; - msk[2] = k; - msk[3] = k; - } -#endif - *msk = k; - return 0; - } - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; -} diff --git a/contrib/ipfilter/lib/hostname.c b/contrib/ipfilter/lib/hostname.c deleted file mode 100644 index b8295d4..0000000 --- a/contrib/ipfilter/lib/hostname.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2002-2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: hostname.c,v 1.6.2.2 2007/01/16 02:25:22 darrenr Exp $ - */ - -#include "ipf.h" - -char *hostname(v, ip) -int v; -void *ip; -{ - static char hostbuf[MAXHOSTNAMELEN+1]; - struct hostent *hp; - struct in_addr ipa; - struct netent *np; - - memset(&ipa, 0, sizeof(ipa)); /* XXX gcc */ - - if (v == 4) { - ipa.s_addr = *(u_32_t *)ip; - if (ipa.s_addr == htonl(0xfedcba98)) - return "test.host.dots"; - } - - if ((opts & OPT_NORESOLVE) == 0) { - if (v == 4) { - hp = gethostbyaddr(ip, 4, AF_INET); - if (hp != NULL && hp->h_name != NULL && - *hp->h_name != '\0') { - strncpy(hostbuf, hp->h_name, sizeof(hostbuf)); - hostbuf[sizeof(hostbuf) - 1] = '\0'; - return hostbuf; - } - - np = getnetbyaddr(ipa.s_addr, AF_INET); - if (np != NULL && np->n_name != NULL && - *np->n_name != '\0') { - strncpy(hostbuf, np->n_name, sizeof(hostbuf)); - hostbuf[sizeof(hostbuf) - 1] = '\0'; - return hostbuf; - } - } - } - - if (v == 4) { - return inet_ntoa(ipa); - } -#ifdef USE_INET6 - (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1); - hostbuf[MAXHOSTNAMELEN] = '\0'; - return hostbuf; -#else - return "IPv6"; -#endif -} diff --git a/contrib/ipfilter/lib/hostnum.c b/contrib/ipfilter/lib/hostnum.c deleted file mode 100644 index 2ec0529..0000000 --- a/contrib/ipfilter/lib/hostnum.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - - -/* - * returns an ip address as a long var as a result of either a DNS lookup or - * straight inet_addr() call - */ -int hostnum(ipa, host, linenum, ifname) -u_32_t *ipa; -char *host; -int linenum; -char *ifname; -{ - struct in_addr ip; - - if (!strcasecmp("any", host) || - (ifname && *ifname && !strcasecmp(ifname, host))) - return 0; - -#ifdef USE_INET6 - if (use_inet6) { - if (inet_pton(AF_INET6, host, ipa) == 1) - return 0; - else - return -1; - } -#endif - if (ISDIGIT(*host) && inet_aton(host, &ip)) { - *ipa = ip.s_addr; - return 0; - } - - if (!strcasecmp("<thishost>", host)) - host = thishost; - - return gethost(host, ipa); -} diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c deleted file mode 100644 index 69841e0..0000000 --- a/contrib/ipfilter/lib/icmpcode.c +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: icmpcode.c,v 1.7.2.5 2006/06/16 17:21:02 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - -#ifndef MIN -# define MIN(a,b) ((a) > (b) ? (b) : (a)) -#endif - - -char *icmpcodes[MAX_ICMPCODE + 1] = { - "net-unr", "host-unr", "proto-unr", "port-unr", "needfrag", "srcfail", - "net-unk", "host-unk", "isolate", "net-prohib", "host-prohib", - "net-tos", "host-tos", "filter-prohib", "host-preced", "preced-cutoff", - NULL }; diff --git a/contrib/ipfilter/lib/inet_addr.c b/contrib/ipfilter/lib/inet_addr.c deleted file mode 100644 index 820b7b5..0000000 --- a/contrib/ipfilter/lib/inet_addr.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * ++Copyright++ 1983, 1990, 1993 - * - - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -#if !defined(lint) -static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include <sys/param.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <ctype.h> - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif -#ifndef linux -int inet_aton __P((const char *, struct in_addr *)); - -/* - * Because the ctype(3) posix definition, if used "safely" in code everywhere, - * would mean all normal code that walks through strings needed casts. Yuck. - */ -#define ISALNUM(x) isalnum((u_char)(x)) -#define ISALPHA(x) isalpha((u_char)(x)) -#define ISASCII(x) isascii((u_char)(x)) -#define ISDIGIT(x) isdigit((u_char)(x)) -#define ISPRINT(x) isprint((u_char)(x)) -#define ISSPACE(x) isspace((u_char)(x)) -#define ISUPPER(x) isupper((u_char)(x)) -#define ISXDIGIT(x) isxdigit((u_char)(x)) -#define ISLOWER(x) islower((u_char)(x)) - -/* - * Check whether "cp" is a valid ascii representation - * of an Internet address and convert to a binary address. - * Returns 1 if the address is valid, 0 if not. - * This replaces inet_addr, the return value from which - * cannot distinguish between failure and a local broadcast address. - */ -int -inet_aton(cp, addr) - register const char *cp; - struct in_addr *addr; -{ - register u_long val; - register int base, n; - register char c; - u_int parts[4]; - register u_int *pp = parts; - - c = *cp; - for (;;) { - /* - * Collect number up to ``.''. - * Values are specified as for C: - * 0x=hex, 0=octal, isdigit=decimal. - */ - if (!ISDIGIT(c)) - return (0); - val = 0; base = 10; - if (c == '0') { - c = *++cp; - if (c == 'x' || c == 'X') - base = 16, c = *++cp; - else - base = 8; - } - for (;;) { - if (ISASCII(c) && ISDIGIT(c)) { - val = (val * base) + (c - '0'); - c = *++cp; - } else if (base == 16 && ISASCII(c) && ISXDIGIT(c)) { - val = (val << 4) | - (c + 10 - (ISLOWER(c) ? 'a' : 'A')); - c = *++cp; - } else - break; - } - if (c == '.') { - /* - * Internet format: - * a.b.c.d - * a.b.c (with c treated as 16 bits) - * a.b (with b treated as 24 bits) - */ - if (pp >= parts + 3) - return (0); - *pp++ = val; - c = *++cp; - } else - break; - } - /* - * Check for trailing characters. - */ - if (c != '\0' && (!ISASCII(c) || !ISSPACE(c))) - return (0); - /* - * Concoct the address according to - * the number of parts specified. - */ - n = pp - parts + 1; - switch (n) { - - case 0: - return (0); /* initial nondigit */ - - case 1: /* a -- 32 bits */ - break; - - case 2: /* a.b -- 8.24 bits */ - if (val > 0xffffff) - return (0); - val |= parts[0] << 24; - break; - - case 3: /* a.b.c -- 8.8.16 bits */ - if (val > 0xffff) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16); - break; - - case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if (val > 0xff) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); - break; - } - if (addr) - addr->s_addr = htonl(val); - return (1); -} -#endif - -/* these are compatibility routines, not needed on recent BSD releases */ - -/* - * Ascii internet address interpretation routine. - * The value returned is in network order. - */ -#if 0 -inet_addr(cp) - const char *cp; -{ - struct in_addr val; - - if (inet_aton(cp, &val)) - return (val.s_addr); - return (0xffffffff); -} -#endif diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c deleted file mode 100644 index b9f162f..0000000 --- a/contrib/ipfilter/lib/initparse.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: initparse.c,v 1.6.4.1 2006/06/16 17:21:02 darrenr Exp $ - */ -#include "ipf.h" - - -char thishost[MAXHOSTNAMELEN]; - - -void initparse __P((void)) -{ - gethostname(thishost, sizeof(thishost)); - thishost[sizeof(thishost) - 1] = '\0'; -} diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c deleted file mode 100644 index cc9374d..0000000 --- a/contrib/ipfilter/lib/ionames.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ionames.c,v 1.7.4.1 2006/06/16 17:21:02 darrenr Exp $ - */ -#include "ipf.h" - - -struct ipopt_names ionames[] ={ - { IPOPT_NOP, 0x000001, 1, "nop" }, /* RFC791 */ - { IPOPT_RR, 0x000002, 7, "rr" }, /* 1 route */ - { IPOPT_ZSU, 0x000004, 3, "zsu" }, /* size ?? */ - { IPOPT_MTUP, 0x000008, 3, "mtup" }, /* RFC1191 */ - { IPOPT_MTUR, 0x000010, 3, "mtur" }, /* RFC1191 */ - { IPOPT_ENCODE, 0x000020, 3, "encode" }, /* size ?? */ - { IPOPT_TS, 0x000040, 8, "ts" }, /* 1 TS */ - { IPOPT_TR, 0x000080, 3, "tr" }, /* RFC1393 */ - { IPOPT_SECURITY,0x000100, 11, "sec" }, /* RFC1108 */ - { IPOPT_SECURITY,0x000100, 11, "sec-class" }, /* RFC1108 */ - { IPOPT_LSRR, 0x000200, 7, "lsrr" }, /* 1 route */ - { IPOPT_E_SEC, 0x000400, 3, "e-sec" }, /* RFC1108 */ - { IPOPT_CIPSO, 0x000800, 3, "cipso" }, /* size ?? */ - { IPOPT_SATID, 0x001000, 4, "satid" }, /* RFC791 */ - { IPOPT_SSRR, 0x002000, 7, "ssrr" }, /* 1 route */ - { IPOPT_ADDEXT, 0x004000, 3, "addext" }, /* IPv7 ?? */ - { IPOPT_VISA, 0x008000, 3, "visa" }, /* size ?? */ - { IPOPT_IMITD, 0x010000, 3, "imitd" }, /* size ?? */ - { IPOPT_EIP, 0x020000, 3, "eip" }, /* RFC1385 */ - { IPOPT_FINN, 0x040000, 3, "finn" }, /* size ?? */ - { IPOPT_DPS, 0x080000, 3, "dps" }, /* size ?? */ - { IPOPT_SDB, 0x100000, 3, "sdb" }, /* size ?? */ - { IPOPT_NSAPA, 0x200000, 3, "nsapa" }, /* size ?? */ - { IPOPT_RTRALRT,0x400000, 3, "rtralrt" }, /* RFC2113 */ - { IPOPT_UMP, 0x800000, 3, "ump" }, /* size ?? */ - { 0, 0, 0, (char *)NULL } /* must be last */ -}; diff --git a/contrib/ipfilter/lib/ipf_dotuning.c b/contrib/ipfilter/lib/ipf_dotuning.c deleted file mode 100644 index 8f90fdb..0000000 --- a/contrib/ipfilter/lib/ipf_dotuning.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (C) 2003-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipf_dotuning.c,v 1.2.4.3 2006/06/16 17:21:02 darrenr Exp $ - */ - -#include "ipf.h" -#include "netinet/ipl.h" -#include <sys/ioctl.h> - -void ipf_dotuning(fd, tuneargs, iocfn) -int fd; -char *tuneargs; -ioctlfunc_t iocfn; -{ - ipfobj_t obj; - ipftune_t tu; - char *s, *t; - - bzero((char *)&tu, sizeof(tu)); - obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_size = sizeof(tu);; - obj.ipfo_ptr = (void *)&tu; - obj.ipfo_type = IPFOBJ_TUNEABLE; - - for (s = strtok(tuneargs, ","); s != NULL; s = strtok(NULL, ",")) { - if (!strcmp(s, "list")) { - while (1) { - if ((*iocfn)(fd, SIOCIPFGETNEXT, &obj) == -1) { - perror("ioctl(SIOCIPFGETNEXT)"); - break; - } - if (tu.ipft_cookie == NULL) - break; - - tu.ipft_name[sizeof(tu.ipft_name) - 1] = '\0'; - printtunable(&tu); - } - } else if ((t = strchr(s, '=')) != NULL) { - tu.ipft_cookie = NULL; - *t++ = '\0'; - strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); - if (sscanf(t, "%lu", &tu.ipft_vlong) == 1) { - if ((*iocfn)(fd, SIOCIPFSET, &obj) == -1) { - perror("ioctl(SIOCIPFSET)"); - return; - } - } else { - fprintf(stderr, "invalid value '%s'\n", s); - return; - } - } else { - tu.ipft_cookie = NULL; - strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); - if ((*iocfn)(fd, SIOCIPFGET, &obj) == -1) { - perror("ioctl(SIOCIPFGET)"); - return; - } - if (tu.ipft_cookie == NULL) { - fprintf(stderr, "Null cookie for %s\n", s); - return; - } - - tu.ipft_name[sizeof(tu.ipft_name) - 1] = '\0'; - printtunable(&tu); - } - } -} diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c deleted file mode 100644 index 52eb508..0000000 --- a/contrib/ipfilter/lib/ipft_ef.c +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $ - */ - -/* - icmp type - lnth proto source destination src port dst port - -etherfind -n - - 60 tcp 128.250.20.20 128.250.133.13 2419 telnet - -etherfind -n -t - - 0.32 91 04 131.170.1.10 128.250.133.13 - 0.33 566 udp 128.250.37.155 128.250.133.3 901 901 -*/ - -#include "ipf.h" -#include "ipt.h" - -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/tcpip.h> - - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $"; -#endif - -static int etherf_open __P((char *)); -static int etherf_close __P((void)); -static int etherf_readip __P((char *, int, char **, int *)); - -struct ipread etherf = { etherf_open, etherf_close, etherf_readip, 0 }; - -static FILE *efp = NULL; -static int efd = -1; - - -static int etherf_open(fname) -char *fname; -{ - if (efd != -1) - return efd; - - if (!strcmp(fname, "-")) { - efd = 0; - efp = stdin; - } else { - efd = open(fname, O_RDONLY); - efp = fdopen(efd, "r"); - } - return efd; -} - - -static int etherf_close() -{ - return close(efd); -} - - -static int etherf_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - struct tcpiphdr pkt; - ip_t *ip = (ip_t *)&pkt; - char src[16], dst[16], sprt[16], dprt[16]; - char lbuf[128], len[8], prot[8], time[8], *s; - int slen, extra = 0, i; - - if (!fgets(lbuf, sizeof(lbuf) - 1, efp)) - return 0; - - if ((s = strchr(lbuf, '\n'))) - *s = '\0'; - lbuf[sizeof(lbuf)-1] = '\0'; - - bzero(&pkt, sizeof(pkt)); - - if (sscanf(lbuf, "%7s %7s %15s %15s %15s %15s", len, prot, src, dst, - sprt, dprt) != 6) - if (sscanf(lbuf, "%7s %7s %7s %15s %15s %15s %15s", time, - len, prot, src, dst, sprt, dprt) != 7) - return -1; - - ip->ip_p = getproto(prot); - - switch (ip->ip_p) { - case IPPROTO_TCP : - if (isdigit(*sprt)) - pkt.ti_sport = htons(atoi(sprt) & 65535); - if (isdigit(*dprt)) - pkt.ti_dport = htons(atoi(dprt) & 65535); - extra = sizeof(struct tcphdr); - break; - case IPPROTO_UDP : - if (isdigit(*sprt)) - pkt.ti_sport = htons(atoi(sprt) & 65535); - if (isdigit(*dprt)) - pkt.ti_dport = htons(atoi(dprt) & 65535); - extra = sizeof(struct udphdr); - break; -#ifdef IGMP - case IPPROTO_IGMP : - extra = sizeof(struct igmp); - break; -#endif - case IPPROTO_ICMP : - extra = sizeof(struct icmp); - break; - default : - break; - } - - (void) inet_aton(src, &ip->ip_src); - (void) inet_aton(dst, &ip->ip_dst); - ip->ip_len = atoi(len); - IP_HL_A(ip, sizeof(ip_t)); - - slen = IP_HL(ip) + extra; - i = MIN(cnt, slen); - bcopy((char *)&pkt, buf, i); - return i; -} diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c deleted file mode 100644 index 4851fff..0000000 --- a/contrib/ipfilter/lib/ipft_hx.c +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.4 2006/06/16 17:21:03 darrenr Exp $"; -#endif - -#include <ctype.h> - -#include "ipf.h" -#include "ipt.h" - - -extern int opts; - -static int hex_open __P((char *)); -static int hex_close __P((void)); -static int hex_readip __P((char *, int, char **, int *)); -static char *readhex __P((char *, char *)); - -struct ipread iphex = { hex_open, hex_close, hex_readip, 0 }; -static FILE *tfp = NULL; -static int tfd = -1; - -static int hex_open(fname) -char *fname; -{ - if (tfp && tfd != -1) { - rewind(tfp); - return tfd; - } - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - if (tfd != -1) - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int hex_close() -{ - int cfd = tfd; - - tfd = -1; - return close(cfd); -} - - -static int hex_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - register char *s, *t, *u; - char line[513]; - ip_t *ip; - - /* - * interpret start of line as possibly "[ifname]" or - * "[in/out,ifname]". - */ - if (ifn) - *ifn = NULL; - if (dir) - *dir = 0; - ip = (ip_t *)buf; - while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = strchr(line, '\n'))) { - if (s == line) - return (char *)ip - buf; - *s = '\0'; - } - if ((s = strchr(line, '#'))) - *s = '\0'; - if (!*line) - continue; - if ((opts & OPT_DEBUG) != 0) { - printf("input: %s", line); - } - - if ((*line == '[') && (s = strchr(line, ']'))) { - t = line + 1; - if (s - t > 0) { - *s++ = '\0'; - if ((u = strchr(t, ',')) && (u < s)) { - u++; - if (ifn) - *ifn = strdup(u); - if (dir) { - if (*t == 'i') - *dir = 0; - else if (*t == 'o') - *dir = 1; - } - } else if (ifn) - *ifn = t; - } - } else - s = line; - t = (char *)ip; - ip = (ip_t *)readhex(s, (char *)ip); - if ((opts & OPT_DEBUG) != 0) { - if (opts & OPT_ASCII) { - if (t < (char *)ip) - putchar('\t'); - while (t < (char *)ip) { - if (ISPRINT(*t) && ISASCII(*t)) - putchar(*t); - else - putchar('.'); - t++; - } - } - putchar('\n'); - fflush(stdout); - } - } - if (feof(tfp)) - return 0; - return -1; -} - - -static char *readhex(src, dst) -register char *src, *dst; -{ - int state = 0; - char c; - - while ((c = *src++)) { - if (ISSPACE(c)) { - if (state) { - dst++; - state = 0; - } - continue; - } else if ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || - (c >= 'A' && c <= 'F')) { - c = ISDIGIT(c) ? (c - '0') : (TOUPPER(c) - 55); - if (state == 0) { - *dst = (c << 4); - state++; - } else { - *dst++ |= c; - state = 0; - } - } else - break; - } - return dst; -} diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c deleted file mode 100644 index fbfe6b0..0000000 --- a/contrib/ipfilter/lib/ipft_pc.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $ - */ -#include "ipf.h" -#include "pcap-ipf.h" -#include "bpf-ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $"; -#endif - -struct llc { - int lc_type; - int lc_sz; /* LLC header length */ - int lc_to; /* LLC Type offset */ - int lc_tl; /* LLC Type length */ -}; - -/* - * While many of these maybe the same, some do have different header formats - * which make this useful. - */ - -static struct llc llcs[] = { - { DLT_NULL, 0, 0, 0 }, - { DLT_EN10MB, 14, 12, 2 }, - { DLT_EN3MB, 0, 0, 0 }, - { DLT_AX25, 0, 0, 0 }, - { DLT_PRONET, 0, 0, 0 }, - { DLT_CHAOS, 0, 0, 0 }, - { DLT_IEEE802, 0, 0, 0 }, - { DLT_ARCNET, 0, 0, 0 }, - { DLT_SLIP, 0, 0, 0 }, - { DLT_PPP, 0, 0, 0 }, - { DLT_FDDI, 0, 0, 0 }, -#ifdef DLT_ATMRFC1483 - { DLT_ATMRFC1483, 0, 0, 0 }, -#endif - { DLT_RAW, 0, 0, 0 }, -#ifdef DLT_ENC - { DLT_ENC, 0, 0, 0 }, -#endif -#ifdef DLT_SLIP_BSDOS - { DLT_SLIP_BSDOS, 0, 0, 0 }, -#endif -#ifdef DLT_PPP_BSDOS - { DLT_PPP_BSDOS, 0, 0, 0 }, -#endif -#ifdef DLT_HIPPI - { DLT_HIPPI, 0, 0, 0 }, -#endif -#ifdef DLT_HDLC - { DLT_HDLC, 0, 0, 0 }, -#endif -#ifdef DLT_PPP_SERIAL - { DLT_PPP_SERIAL, 4, 4, 0 }, -#endif -#ifdef DLT_PPP_ETHER - { DLT_PPP_ETHER, 8, 8, 0 }, -#endif -#ifdef DLT_ECONET - { DLT_ECONET, 0, 0, 0 }, -#endif - { -1, -1, -1, -1 } -}; - -static int pcap_open __P((char *)); -static int pcap_close __P((void)); -static int pcap_readip __P((char *, int, char **, int *)); -static void swap_hdr __P((pcaphdr_t *)); -static int pcap_read_rec __P((struct pcap_pkthdr *)); - -static int pfd = -1, swapped = 0; -static struct llc *llcp = NULL; - -struct ipread pcap = { pcap_open, pcap_close, pcap_readip, 0 }; - -#define SWAPLONG(y) \ - ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) -#define SWAPSHORT(y) \ - ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) ) - -static void swap_hdr(p) -pcaphdr_t *p; -{ - p->pc_v_maj = SWAPSHORT(p->pc_v_maj); - p->pc_v_min = SWAPSHORT(p->pc_v_min); - p->pc_zone = SWAPLONG(p->pc_zone); - p->pc_sigfigs = SWAPLONG(p->pc_sigfigs); - p->pc_slen = SWAPLONG(p->pc_slen); - p->pc_type = SWAPLONG(p->pc_type); -} - -static int pcap_open(fname) -char *fname; -{ - pcaphdr_t ph; - int fd, i; - - if (pfd != -1) - return pfd; - - if (!strcmp(fname, "-")) - fd = 0; - else if ((fd = open(fname, O_RDONLY)) == -1) - return -1; - - if (read(fd, (char *)&ph, sizeof(ph)) != sizeof(ph)) - return -2; - - if (ph.pc_id != TCPDUMP_MAGIC) { - if (SWAPLONG(ph.pc_id) != TCPDUMP_MAGIC) { - (void) close(fd); - return -2; - } - swapped = 1; - swap_hdr(&ph); - } - - if (ph.pc_v_maj != PCAP_VERSION_MAJ) { - (void) close(fd); - return -2; - } - - for (i = 0; llcs[i].lc_type != -1; i++) - if (llcs[i].lc_type == ph.pc_type) { - llcp = llcs + i; - break; - } - - if (llcp == NULL) { - (void) close(fd); - return -2; - } - - pfd = fd; - printf("opened pcap file %s:\n", fname); - printf("\tid: %08x version: %d.%d type: %d snap %d\n", - ph.pc_id, ph.pc_v_maj, ph.pc_v_min, ph.pc_type, ph.pc_slen); - - return fd; -} - - -static int pcap_close() -{ - return close(pfd); -} - - -/* - * read in the header (and validate) which should be the first record - * in a pcap file. - */ -static int pcap_read_rec(rec) -struct pcap_pkthdr *rec; -{ - int n, p, i; - char *s; - - s = (char *)rec; - n = sizeof(*rec); - - while (n > 0) { - i = read(pfd, (char *)rec, sizeof(*rec)); - if (i <= 0) - return -2; - s += i; - n -= i; - } - - if (swapped) { - rec->ph_clen = SWAPLONG(rec->ph_clen); - rec->ph_len = SWAPLONG(rec->ph_len); - rec->ph_ts.tv_sec = SWAPLONG(rec->ph_ts.tv_sec); - rec->ph_ts.tv_usec = SWAPLONG(rec->ph_ts.tv_usec); - } - p = rec->ph_clen; - n = MIN(p, rec->ph_len); - if (!n || n < 0) - return -3; - - if (p < 0 || p > 65536) - return -4; - return p; -} - - -#ifdef notyet -/* - * read an entire pcap packet record. only the data part is copied into - * the available buffer, with the number of bytes copied returned. - */ -static int pcap_read(buf, cnt) -char *buf; -int cnt; -{ - struct pcap_pkthdr rec; - static char *bufp = NULL; - int i, n; - - if ((i = pcap_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - - if (read(pfd, bufp, i) != i) - return -2; - - n = MIN(i, cnt); - bcopy(bufp, buf, n); - return n; -} -#endif - - -/* - * return only an IP packet read into buf - */ -static int pcap_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - static char *bufp = NULL; - struct pcap_pkthdr rec; - struct llc *l; - char *s, ty[4]; - int i, j, n; - - l = llcp; - - /* do { */ - if ((i = pcap_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - s = bufp; - - for (j = i, n = 0; j > 0; ) { - n = read(pfd, s, j); - if (n <= 0) - return -2; - j -= n; - s += n; - } - s = bufp; - - i -= l->lc_sz; - s += l->lc_to; - bcopy(s, ty, l->lc_tl); - s += l->lc_tl; - /* } while (ty[0] != 0x8 && ty[1] != 0); */ - n = MIN(i, cnt); - bcopy(s, buf, n); - return n; -} diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c deleted file mode 100644 index a4c7318..0000000 --- a/contrib/ipfilter/lib/ipft_sn.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (C) 2000-2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $ - */ - -/* - * Written to comply with the recent RFC 1761 from Sun. - */ -#include "ipf.h" -#include "snoop.h" -#include "ipt.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $"; -#endif - -struct llc { - int lc_sz; /* LLC header length */ - int lc_to; /* LLC Type offset */ - int lc_tl; /* LLC Type length */ -}; - -/* - * While many of these maybe the same, some do have different header formats - * which make this useful. - */ -static struct llc llcs[SDL_MAX+1] = { - { 0, 0, 0 }, /* SDL_8023 */ - { 0, 0, 0 }, /* SDL_8024 */ - { 0, 0, 0 }, /* SDL_8025 */ - { 0, 0, 0 }, /* SDL_8026 */ - { 14, 12, 2 }, /* SDL_ETHER */ - { 0, 0, 0 }, /* SDL_HDLC */ - { 0, 0, 0 }, /* SDL_CHSYNC */ - { 0, 0, 0 }, /* SDL_IBMCC */ - { 0, 0, 0 }, /* SDL_FDDI */ - { 0, 0, 0 }, /* SDL_OTHER */ -}; - -static int snoop_open __P((char *)); -static int snoop_close __P((void)); -static int snoop_readip __P((char *, int, char **, int *)); - -static int sfd = -1, s_type = -1; -static int snoop_read_rec __P((struct snooppkt *)); - -struct ipread snoop = { snoop_open, snoop_close, snoop_readip, 0 }; - - -static int snoop_open(fname) -char *fname; -{ - struct snoophdr sh; - int fd; - int s_v; - - if (sfd != -1) - return sfd; - - if (!strcmp(fname, "-")) - fd = 0; - else if ((fd = open(fname, O_RDONLY)) == -1) - return -1; - - if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh)) - return -2; - - s_v = (int)ntohl(sh.s_v); - s_type = (int)ntohl(sh.s_type); - - if (s_v != SNOOP_VERSION || - s_type < 0 || s_type > SDL_MAX) { - (void) close(fd); - return -2; - } - - sfd = fd; - printf("opened snoop file %s:\n", fname); - printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type); - - return fd; -} - - -static int snoop_close() -{ - return close(sfd); -} - - -/* - * read in the header (and validate) which should be the first record - * in a snoop file. - */ -static int snoop_read_rec(rec) -struct snooppkt *rec; -{ - int n, plen, ilen; - - if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; - - ilen = (int)ntohl(rec->sp_ilen); - plen = (int)ntohl(rec->sp_plen); - if (ilen > plen || plen < sizeof(*rec)) - return -2; - - plen -= sizeof(*rec); - n = MIN(plen, ilen); - if (!n || n < 0) - return -3; - - return plen; -} - - -#ifdef notyet -/* - * read an entire snoop packet record. only the data part is copied into - * the available buffer, with the number of bytes copied returned. - */ -static int snoop_read(buf, cnt) -char *buf; -int cnt; -{ - struct snooppkt rec; - static char *bufp = NULL; - int i, n; - - if ((i = snoop_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - - if (read(sfd, bufp, i) != i) - return -2; - - n = MIN(i, cnt); - bcopy(bufp, buf, n); - return n; -} -#endif - - -/* - * return only an IP packet read into buf - */ -static int snoop_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - static char *bufp = NULL; - struct snooppkt rec; - struct llc *l; - char ty[4], *s; - int i, n; - - do { - if ((i = snoop_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - s = bufp; - - if (read(sfd, s, i) != i) - return -2; - - l = &llcs[s_type]; - i -= l->lc_to; - s += l->lc_to; - /* - * XXX - bogus assumption here on the part of the time field - * that it won't be greater than 4 bytes and the 1st two will - * have the values 8 and 0 for IP. Should be a table of - * these too somewhere. Really only works for SDL_ETHER. - */ - bcopy(s, ty, l->lc_tl); - } while (ty[0] != 0x8 && ty[1] != 0); - - i -= l->lc_tl; - s += l->lc_tl; - n = MIN(i, cnt); - bcopy(s, buf, n); - - return n; -} diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c deleted file mode 100644 index 21bb764..0000000 --- a/contrib/ipfilter/lib/ipft_td.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $ - */ - -/* -tcpdump -n - -00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap) - -tcpdump -nq - -00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap) - -tcpdump -nqt - -128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -tcpdump -nqtt - -123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -tcpdump -nqte - -8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -*/ - -#include "ipf.h" -#include "ipt.h" - -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/tcpip.h> - - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $"; -#endif - -static int tcpd_open __P((char *)); -static int tcpd_close __P((void)); -static int tcpd_readip __P((char *, int, char **, int *)); -static int count_dots __P((char *)); - -struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip, 0 }; - -static FILE *tfp = NULL; -static int tfd = -1; - - -static int tcpd_open(fname) -char *fname; -{ - if (tfd != -1) - return tfd; - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int tcpd_close() -{ - (void) fclose(tfp); - return close(tfd); -} - - -static int count_dots(str) -char *str; -{ - int i = 0; - - while (*str) - if (*str++ == '.') - i++; - return i; -} - - -static int tcpd_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - struct tcpiphdr pkt; - ip_t *ip = (ip_t *)&pkt; - char src[32], dst[32], misc[256], time[32], link1[32], link2[32]; - char lbuf[160], *s; - int n, slen, extra = 0; - - if (!fgets(lbuf, sizeof(lbuf) - 1, tfp)) - return 0; - - if ((s = strchr(lbuf, '\n'))) - *s = '\0'; - lbuf[sizeof(lbuf)-1] = '\0'; - - bzero(&pkt, sizeof(pkt)); - - if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3) - if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s", - time, src, dst, misc)) != 4) - if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s", - link1, link2, src, dst, misc)) != 5) { - n = sscanf(lbuf, - "%31s %31s %31s: %31s > %31s: %255s", - time, link1, link2, src, dst, misc); - if (n != 6) - return -1; - } - - if (count_dots(dst) == 4) { - s = strrchr(src, '.'); - *s++ = '\0'; - (void) inet_aton(src, &ip->ip_src); - pkt.ti_sport = htons(atoi(s)); - *--s = '.'; - s = strrchr(dst, '.'); - - *s++ = '\0'; - (void) inet_aton(src, &ip->ip_dst); - pkt.ti_dport = htons(atoi(s)); - *--s = '.'; - - } else { - (void) inet_aton(src, &ip->ip_src); - (void) inet_aton(src, &ip->ip_dst); - } - ip->ip_len = sizeof(ip_t); - IP_HL_A(ip, sizeof(ip_t)); - - s = strtok(misc, " :"); - if (s == NULL) - return 0; - ip->ip_p = getproto(s); - - switch (ip->ip_p) - { - case IPPROTO_TCP : - case IPPROTO_UDP : - s = strtok(NULL, " :"); - if (s == NULL) - return 0; - ip->ip_len += atoi(s); - if (ip->ip_p == IPPROTO_TCP) - extra = sizeof(struct tcphdr); - else if (ip->ip_p == IPPROTO_UDP) - extra = sizeof(struct udphdr); - break; -#ifdef IGMP - case IPPROTO_IGMP : - extra = sizeof(struct igmp); - break; -#endif - case IPPROTO_ICMP : - extra = sizeof(struct icmp); - break; - default : - break; - } - - slen = IP_HL(ip) + extra + ip->ip_len; - return slen; -} diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c deleted file mode 100644 index 5dc65b4..0000000 --- a/contrib/ipfilter/lib/ipft_tx.c +++ /dev/null @@ -1,325 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $ - */ -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $"; -#endif - -#include <ctype.h> - -#include "ipf.h" -#include "ipt.h" - -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/tcpip.h> - - -extern int opts; - -static char *tx_proto = ""; - -static int text_open __P((char *)), text_close __P((void)); -static int text_readip __P((char *, int, char **, int *)); -static int parseline __P((char *, ip_t *, char **, int *)); - -static char myflagset[] = "FSRPAUEC"; -static u_char myflags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, - TH_ACK, TH_URG, TH_ECN, TH_CWR }; - -struct ipread iptext = { text_open, text_close, text_readip, R_DO_CKSUM }; -static FILE *tfp = NULL; -static int tfd = -1; - -static u_32_t tx_hostnum __P((char *, int *)); -static u_short tx_portnum __P((char *)); - - -/* - * returns an ip address as a long var as a result of either a DNS lookup or - * straight inet_addr() call - */ -static u_32_t tx_hostnum(host, resolved) -char *host; -int *resolved; -{ - u_32_t ipa; - - *resolved = 0; - if (!strcasecmp("any", host)) - return 0L; - if (ISDIGIT(*host)) - return inet_addr(host); - - if (gethost(host, &ipa) == -1) { - *resolved = -1; - fprintf(stderr, "can't resolve hostname: %s\n", host); - return 0; - } - return ipa; -} - - -/* - * find the port number given by the name, either from getservbyname() or - * straight atoi() - */ -static u_short tx_portnum(name) -char *name; -{ - struct servent *sp; - - if (ISDIGIT(*name)) - return (u_short)atoi(name); - sp = getservbyname(name, tx_proto); - if (sp) - return ntohs(sp->s_port); - (void) fprintf(stderr, "unknown service \"%s\".\n", name); - return 0; -} - - -char *tx_icmptypes[] = { - "echorep", (char *)NULL, (char *)NULL, "unreach", "squench", - "redir", (char *)NULL, (char *)NULL, "echo", "routerad", - "routersol", "timex", "paramprob", "timest", "timestrep", - "inforeq", "inforep", "maskreq", "maskrep", "END" -}; - -static int text_open(fname) -char *fname; -{ - if (tfp && tfd != -1) { - rewind(tfp); - return tfd; - } - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - if (tfd != -1) - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int text_close() -{ - int cfd = tfd; - - tfd = -1; - return close(cfd); -} - - -static int text_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - register char *s; - char line[513]; - ip_t *ip; - - *ifn = NULL; - while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = strchr(line, '\n'))) - *s = '\0'; - if ((s = strchr(line, '\r'))) - *s = '\0'; - if ((s = strchr(line, '#'))) - *s = '\0'; - if (!*line) - continue; - if ((opts & OPT_DEBUG) != 0) - printf("input: %s\n", line); - *ifn = NULL; - *dir = 0; - if (!parseline(line, (ip_t *)buf, ifn, dir)) { - ip = (ip_t *)buf; - return ntohs(ip->ip_len); - } - } - if (feof(tfp)) - return 0; - return -1; -} - -static int parseline(line, ip, ifn, out) -char *line; -ip_t *ip; -char **ifn; -int *out; -{ - tcphdr_t th, *tcp = &th; - struct icmp icmp, *ic = &icmp; - char *cps[20], **cpp, c, ipopts[68]; - int i, r; - - if (*ifn) - free(*ifn); - bzero((char *)ip, MAX(sizeof(*tcp), sizeof(*ic)) + sizeof(*ip)); - bzero((char *)tcp, sizeof(*tcp)); - bzero((char *)ic, sizeof(*ic)); - bzero(ipopts, sizeof(ipopts)); - IP_HL_A(ip, sizeof(*ip) >> 2); - IP_V_A(ip, IPVERSION); - for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; ) - cps[++i] = strtok(NULL, " \b\t\r\n"); - - cpp = cps; - if (!*cpp) - return 1; - - c = **cpp; - if (!ISALPHA(c) || (TOLOWER(c) != 'o' && TOLOWER(c) != 'i')) { - fprintf(stderr, "bad direction \"%s\"\n", *cpp); - return 1; - } - *out = (TOLOWER(c) == 'o') ? 1 : 0; - cpp++; - if (!*cpp) - return 1; - - if (!strcasecmp(*cpp, "on")) { - cpp++; - if (!*cpp) - return 1; - *ifn = strdup(*cpp++); - if (!*cpp) - return 1; - } - - c = **cpp; - ip->ip_len = sizeof(ip_t); - if (!strcasecmp(*cpp, "tcp") || !strcasecmp(*cpp, "udp") || - !strcasecmp(*cpp, "icmp")) { - if (c == 't') { - ip->ip_p = IPPROTO_TCP; - ip->ip_len += sizeof(struct tcphdr); - tx_proto = "tcp"; - } else if (c == 'u') { - ip->ip_p = IPPROTO_UDP; - ip->ip_len += sizeof(struct udphdr); - tx_proto = "udp"; - } else { - ip->ip_p = IPPROTO_ICMP; - ip->ip_len += ICMPERR_IPICMPHLEN; - tx_proto = "icmp"; - } - cpp++; - } else if (ISDIGIT(**cpp) && !index(*cpp, '.')) { - ip->ip_p = atoi(*cpp); - cpp++; - } else - ip->ip_p = IPPROTO_IP; - - if (!*cpp) - return 1; - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { - char *last; - - last = strchr(*cpp, ','); - if (!last) { - fprintf(stderr, "tcp/udp with no source port\n"); - return 1; - } - *last++ = '\0'; - tcp->th_sport = htons(tx_portnum(last)); - if (ip->ip_p == IPPROTO_TCP) { - tcp->th_win = htons(4096); - TCP_OFF_A(tcp, sizeof(*tcp) >> 2); - } - } - ip->ip_src.s_addr = tx_hostnum(*cpp, &r); - cpp++; - if (!*cpp) - return 1; - - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { - char *last; - - last = strchr(*cpp, ','); - if (!last) { - fprintf(stderr, "tcp/udp with no destination port\n"); - return 1; - } - *last++ = '\0'; - tcp->th_dport = htons(tx_portnum(last)); - } - ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); - cpp++; - if (ip->ip_p == IPPROTO_TCP) { - if (*cpp != NULL) { - char *s, *t; - - tcp->th_flags = 0; - for (s = *cpp; *s; s++) - if ((t = strchr(myflagset, *s))) - tcp->th_flags |= myflags[t-myflagset]; - if (tcp->th_flags) - cpp++; - } - - if (tcp->th_flags & TH_URG) - tcp->th_urp = htons(1); - - if (*cpp && !strncasecmp(*cpp, "seq=", 4)) { - tcp->th_seq = htonl(atoi(*cpp + 4)); - cpp++; - } - - if (*cpp && !strncasecmp(*cpp, "ack=", 4)) { - tcp->th_ack = htonl(atoi(*cpp + 4)); - cpp++; - } - } else if (*cpp && ip->ip_p == IPPROTO_ICMP) { - extern char *tx_icmptypes[]; - char **s, *t; - int i; - - t = strchr(*cpp, ','); - if (t != NULL) - *t = '\0'; - - for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) { - if (*s && !strcasecmp(*cpp, *s)) { - ic->icmp_type = i; - if (t != NULL) - ic->icmp_code = atoi(t + 1); - cpp++; - break; - } - } - if (t != NULL) - *t = ','; - } - - if (*cpp && !strcasecmp(*cpp, "opt")) { - u_long olen; - - cpp++; - olen = buildopts(*cpp, ipopts, (IP_HL(ip) - 5) << 2); - if (olen) { - bcopy(ipopts, (char *)(ip + 1), olen); - IP_HL_A(ip, IP_HL(ip) + (olen >> 2)); - } - } - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - bcopy((char *)tcp, ((char *)ip) + (IP_HL(ip) << 2), - sizeof(*tcp)); - else if (ip->ip_p == IPPROTO_ICMP) - bcopy((char *)ic, ((char *)ip) + (IP_HL(ip) << 2), - sizeof(*ic)); - ip->ip_len = htons(ip->ip_len); - return 0; -} diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c deleted file mode 100644 index a59db23..0000000 --- a/contrib/ipfilter/lib/ipoptsec.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (C) 2001-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ipoptsec.c,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $ - */ - -#include "ipf.h" - - -struct ipopt_names secclass[] = { - { IPSO_CLASS_RES4, 0x01, 0, "reserv-4" }, - { IPSO_CLASS_TOPS, 0x02, 0, "topsecret" }, - { IPSO_CLASS_SECR, 0x04, 0, "secret" }, - { IPSO_CLASS_RES3, 0x08, 0, "reserv-3" }, - { IPSO_CLASS_CONF, 0x10, 0, "confid" }, - { IPSO_CLASS_UNCL, 0x20, 0, "unclass" }, - { IPSO_CLASS_RES2, 0x40, 0, "reserv-2" }, - { IPSO_CLASS_RES1, 0x80, 0, "reserv-1" }, - { 0, 0, 0, NULL } /* must be last */ -}; - - -u_char seclevel(slevel) -char *slevel; -{ - struct ipopt_names *so; - - for (so = secclass; so->on_name; so++) - if (!strcasecmp(slevel, so->on_name)) - break; - - if (!so->on_name) { - fprintf(stderr, "no such security level: %s\n", slevel); - return 0; - } - return (u_char)so->on_value; -} - - -u_char secbit(class) -int class; -{ - struct ipopt_names *so; - - for (so = secclass; so->on_name; so++) - if (so->on_value == class) - break; - - if (!so->on_name) { - fprintf(stderr, "no such security class: %d\n", class); - return 0; - } - return (u_char)so->on_bit; -} diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c deleted file mode 100644 index 07830fb..0000000 --- a/contrib/ipfilter/lib/kmem.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -/* - * kmemcpy() - copies n bytes from kernel memory into user buffer. - * returns 0 on success, -1 on error. - */ - -#include <stdio.h> -#include <sys/param.h> -#include <sys/types.h> -#include <sys/uio.h> -#include <unistd.h> -#include <string.h> -#include <fcntl.h> -#include <sys/file.h> -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51) -#include <kvm.h> -#endif -#include <fcntl.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <net/if.h> -#if __FreeBSD_version >= 300000 -# include <net/if_var.h> -#endif -#if defined(linux) || defined(__osf__) || defined(__sgi) || defined(__hpux) -# include <stdlib.h> -#endif - -#include "kmem.h" - -#ifndef __STDC__ -# define const -#endif - -#if !defined(lint) -static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.3 2006/06/16 17:21:04 darrenr Exp $"; -#endif - - - -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \ - !defined(linux) && !defined(_AIX51) -/* - * For all platforms where there is a libkvm and a kvm_t, we use that... - */ -static kvm_t *kvm_f = NULL; - -#else -/* - *...and for the others (HP-UX, IRIX, Tru64), we have to provide our own. - */ - -typedef int * kvm_t; - -static kvm_t kvm_f = NULL; -static char *kvm_errstr = NULL; - -kvm_t kvm_open __P((char *, char *, char *, int, char *)); -int kvm_read __P((kvm_t, u_long, char *, size_t)); - -kvm_t kvm_open(kernel, core, swap, mode, errstr) -char *kernel, *core, *swap; -int mode; -char *errstr; -{ - kvm_t k; - int fd; - - kvm_errstr = errstr; - - if (core == NULL) - core = "/dev/kmem"; - - fd = open(core, mode); - if (fd == -1) - return NULL; - k = malloc(sizeof(*k)); - if (k == NULL) - return NULL; - *k = fd; - return k; -} - -int kvm_read(kvm, pos, buffer, size) -kvm_t kvm; -u_long pos; -char *buffer; -size_t size; -{ - int r = 0, left; - char *bufp; - - if (lseek(*kvm, pos, 0) == -1) { - if (kvm_errstr != NULL) { - fprintf(stderr, "%s", kvm_errstr); - perror("lseek"); - } - return -1; - } - - for (bufp = buffer, left = size; left > 0; bufp += r, left -= r) { - r = read(*kvm, bufp, left); -#ifdef __osf__ - /* - * Tru64 returns "0" for successful operation, not the number - * of bytes read. - */ - if (r == 0) - r = left; -#endif - if (r <= 0) - return -1; - } - return r; -} -#endif /* !defined(__sgi) && !defined(__hpux) && !defined(__osf__) */ - -int openkmem(kern, core) -char *kern, *core; -{ - kvm_f = kvm_open(kern, core, NULL, O_RDONLY, NULL); - if (kvm_f == NULL) - { - perror("openkmem:open"); - return -1; - } - return kvm_f != NULL; -} - -int kmemcpy(buf, pos, n) -register char *buf; -long pos; -register int n; -{ - register int r; - - if (!n) - return 0; - - if (kvm_f == NULL) - if (openkmem(NULL, NULL) == -1) - return -1; - - while ((r = kvm_read(kvm_f, pos, buf, n)) < n) - if (r <= 0) - { - fprintf(stderr, "pos=0x%lx ", (u_long)pos); - perror("kmemcpy:read"); - return -1; - } - else - { - buf += r; - pos += r; - n -= r; - } - return 0; -} - -int kstrncpy(buf, pos, n) -register char *buf; -long pos; -register int n; -{ - register int r; - - if (!n) - return 0; - - if (kvm_f == NULL) - if (openkmem(NULL, NULL) == -1) - return -1; - - while (n > 0) - { - r = kvm_read(kvm_f, pos, buf, 1); - if (r <= 0) - { - fprintf(stderr, "pos=0x%lx ", (u_long)pos); - perror("kmemcpy:read"); - return -1; - } - else - { - if (*buf == '\0') - break; - buf++; - pos++; - n--; - } - } - return 0; -} diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h deleted file mode 100644 index 70f0a7a..0000000 --- a/contrib/ipfilter/lib/kmem.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * $Id: kmem.h,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $ - */ - -#ifndef __KMEM_H__ -#define __KMEM_H__ - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif -extern int openkmem __P((char *, char *)); -extern int kmemcpy __P((char *, long, int)); -extern int kstrncpy __P((char *, long, int)); - -#if defined(__NetBSD__) || defined(__OpenBSD) -# include <paths.h> -#endif - -#ifdef _PATH_KMEM -# define KMEM _PATH_KMEM -#else -# define KMEM "/dev/kmem" -#endif - -#endif /* __KMEM_H__ */ diff --git a/contrib/ipfilter/lib/kmemcpywrap.c b/contrib/ipfilter/lib/kmemcpywrap.c deleted file mode 100644 index 7a4a161..0000000 --- a/contrib/ipfilter/lib/kmemcpywrap.c +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: kmemcpywrap.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $ - */ - -#include "ipf.h" -#include "kmem.h" - -int kmemcpywrap(from, to, size) -void *from, *to; -size_t size; -{ - int ret; - - ret = kmemcpy((caddr_t)to, (u_long)from, size); - return ret; -} - diff --git a/contrib/ipfilter/lib/kvatoname.c b/contrib/ipfilter/lib/kvatoname.c deleted file mode 100644 index b0fe69d..0000000 --- a/contrib/ipfilter/lib/kvatoname.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: kvatoname.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $ - */ - -#include "ipf.h" - -#include <fcntl.h> -#include <sys/ioctl.h> - -char *kvatoname(func, iocfunc) -ipfunc_t func; -ioctlfunc_t iocfunc; -{ - static char funcname[40]; - ipfunc_resolve_t res; - int fd; - - res.ipfu_addr = func; - res.ipfu_name[0] = '\0'; - fd = -1; - - if ((opts & OPT_DONOTHING) == 0) { - fd = open(IPL_NAME, O_RDONLY); - if (fd == -1) - return NULL; - } - (void) (*iocfunc)(fd, SIOCFUNCL, &res); - if (fd >= 0) - close(fd); - strncpy(funcname, res.ipfu_name, sizeof(funcname)); - funcname[sizeof(funcname) - 1] = '\0'; - return funcname; -} diff --git a/contrib/ipfilter/lib/load_file.c b/contrib/ipfilter/lib/load_file.c deleted file mode 100644 index 9bb3899..0000000 --- a/contrib/ipfilter/lib/load_file.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (C) 2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_file.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ - */ - -#include "ipf.h" - -alist_t * -load_file(char *filename) -{ - alist_t *a, *rtop, *rbot; - char *s, line[1024], *t; - int linenum, not; - FILE *fp; - - fp = fopen(filename + 7, "r"); - if (fp == NULL) { - fprintf(stderr, "load_file cannot open '%s'\n", filename); - return NULL; - } - - a = NULL; - rtop = NULL; - rbot = NULL; - linenum = 0; - - while (fgets(line, sizeof(line) - 1, fp)) { - line[sizeof(line) - 1] = '\0'; - linenum++; - /* - * Hunt for CR/LF. If no LF, stop processing. - */ - s = strchr(line, '\n'); - if (s == NULL) { - fprintf(stderr, "%d:%s: line too long\n", linenum, filename); - fclose(fp); - alist_free(rtop); - return NULL; - } - - *s = '\0'; - s = strchr(line, '\r'); - if (s != NULL) - *s = '\0'; - for (t = line; isspace(*t); t++) - ; - if (*t == '!') { - not = 1; - t++; - } else - not = 0; - - /* - * Remove comment markers - */ - for (s = t; *s; s++) { - if (*s == '#') - *s = '\0'; - } - if (!*t) - continue; - /* - * Trim off tailing white spaces - */ - s = strlen(t) + t - 1; - while (isspace(*s)) - *s-- = '\0'; - - if (isdigit(*t)) { - a = alist_new(4, t); - a->al_not = not; - if (rbot != NULL) - rbot->al_next = a; - else - rtop = a; - rbot = a; - } else { - fprintf(stderr, "%s: unrecognised content line %d\n", - filename, linenum); - } - } - fclose(fp); - - return rtop; -} diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c deleted file mode 100644 index 84abca0..0000000 --- a/contrib/ipfilter/lib/load_hash.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_hash.c,v 1.11.2.5 2006/07/14 06:12:25 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_htable.h" - -static int hashfd = -1; - - -int load_hash(iphp, list, iocfunc) -iphtable_t *iphp; -iphtent_t *list; -ioctlfunc_t iocfunc; -{ - iplookupop_t op; - iphtable_t iph; - iphtent_t *a; - size_t size; - int n; - - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - hashfd = open(IPLOOKUP_NAME, O_RDWR); - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - for (n = 0, a = list; a != NULL; a = a->ipe_next) - n++; - - op.iplo_arg = 0; - op.iplo_type = IPLT_HASH; - op.iplo_unit = iphp->iph_unit; - strncpy(op.iplo_name, iphp->iph_name, sizeof(op.iplo_name)); - if (*op.iplo_name == '\0') - op.iplo_arg = IPHASH_ANON; - op.iplo_size = sizeof(iph); - op.iplo_struct = &iph; - iph.iph_unit = iphp->iph_unit; - iph.iph_type = iphp->iph_type; - strncpy(iph.iph_name, iphp->iph_name, sizeof(iph.iph_name)); - iph.iph_flags = iphp->iph_flags; - if (n <= 0) - n = 1; - if (iphp->iph_size == 0) - size = n * 2 - 1; - else - size = iphp->iph_size; - if ((list == NULL) && (size == 1)) { - fprintf(stderr, - "WARNING: empty hash table %s, recommend setting %s\n", - iphp->iph_name, "size to match expected use"); - } - iph.iph_size = size; - iph.iph_seed = iphp->iph_seed; - iph.iph_table = NULL; - iph.iph_list = NULL; - iph.iph_ref = 0; - - if ((opts & OPT_REMOVE) == 0) { - if ((*iocfunc)(hashfd, SIOCLOOKUPADDTABLE, &op)) - if ((opts & OPT_DONOTHING) == 0) { - perror("load_hash:SIOCLOOKUPADDTABLE"); - return -1; - } - } - - strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name)); - strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name)); - - if (opts & OPT_VERBOSE) { - for (a = list; a != NULL; a = a->ipe_next) { - a->ipe_addr.in4_addr = ntohl(a->ipe_addr.in4_addr); - a->ipe_mask.in4_addr = ntohl(a->ipe_mask.in4_addr); - } - iph.iph_table = calloc(size, sizeof(*iph.iph_table)); - if (iph.iph_table == NULL) { - perror("calloc(size, sizeof(*iph.iph_table))"); - return -1; - } - iph.iph_list = list; - printhash(&iph, bcopywrap, iph.iph_name, opts); - free(iph.iph_table); - iph.iph_list = NULL; - - for (a = list; a != NULL; a = a->ipe_next) { - a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr); - a->ipe_mask.in4_addr = htonl(a->ipe_mask.in4_addr); - } - } - - if (opts & OPT_DEBUG) - printf("Hash %s:\n", iph.iph_name); - - for (a = list; a != NULL; a = a->ipe_next) - load_hashnode(iphp->iph_unit, iph.iph_name, a, iocfunc); - - if ((opts & OPT_REMOVE) != 0) { - if ((*iocfunc)(hashfd, SIOCLOOKUPDELTABLE, &op)) - if ((opts & OPT_DONOTHING) == 0) { - perror("load_hash:SIOCLOOKUPDELTABLE"); - return -1; - } - } - return 0; -} diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c deleted file mode 100644 index 8ff907a..0000000 --- a/contrib/ipfilter/lib/load_hashnode.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2003-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_hashnode.c,v 1.2.4.2 2006/06/16 17:21:05 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_htable.h" - -static int hashfd = -1; - - -int load_hashnode(unit, name, node, iocfunc) -int unit; -char *name; -iphtent_t *node; -ioctlfunc_t iocfunc; -{ - iplookupop_t op; - iphtent_t ipe; - int err; - - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - hashfd = open(IPLOOKUP_NAME, O_RDWR); - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_type = IPLT_HASH; - op.iplo_unit = unit; - op.iplo_arg = 0; - op.iplo_size = sizeof(ipe); - op.iplo_struct = &ipe; - strncpy(op.iplo_name, name, sizeof(op.iplo_name)); - - bzero((char *)&ipe, sizeof(ipe)); - bcopy((char *)&node->ipe_addr, (char *)&ipe.ipe_addr, - sizeof(ipe.ipe_addr)); - bcopy((char *)&node->ipe_mask, (char *)&ipe.ipe_mask, - sizeof(ipe.ipe_mask)); - bcopy((char *)&node->ipe_group, (char *)&ipe.ipe_group, - sizeof(ipe.ipe_group)); - - if ((opts & OPT_REMOVE) == 0) - err = (*iocfunc)(hashfd, SIOCLOOKUPADDNODE, &op); - else - err = (*iocfunc)(hashfd, SIOCLOOKUPDELNODE, &op); - - if (err != 0) - if (!(opts & OPT_DONOTHING)) { - perror("load_hash:SIOCLOOKUP*NODE"); - return -1; - } - return 0; -} diff --git a/contrib/ipfilter/lib/load_http.c b/contrib/ipfilter/lib/load_http.c deleted file mode 100644 index 164b8b4..0000000 --- a/contrib/ipfilter/lib/load_http.c +++ /dev/null @@ -1,182 +0,0 @@ -/* - * Copyright (C) 2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_http.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ - */ - -#include "ipf.h" - -/* - * Format expected is one addres per line, at the start of each line. - */ -alist_t * -load_http(char *url) -{ - int fd, len, left, port, endhdr, removed; - char *s, *t, *u, buffer[1024], *myurl; - alist_t *a, *rtop, *rbot; - struct sockaddr_in sin; - struct hostent *host; - - /* - * More than this would just be absurd. - */ - if (strlen(url) > 512) { - fprintf(stderr, "load_http has a URL > 512 bytes?!\n"); - return NULL; - } - - fd = -1; - rtop = NULL; - rbot = NULL; - - sprintf(buffer, "GET %s HTTP/1.0\r\n", url); - - myurl = strdup(url); - if (myurl == NULL) - goto done; - - s = myurl + 7; /* http:// */ - t = strchr(s, '/'); - if (t == NULL) { - fprintf(stderr, "load_http has a malformed URL '%s'\n", url); - free(myurl); - return NULL; - } - *t++ = '\0'; - - u = strchr(s, '@'); - if (u != NULL) - s = u + 1; /* AUTH */ - - sprintf(buffer + strlen(buffer), "Host: %s\r\n\r\n", s); - - u = strchr(s, ':'); - if (u != NULL) { - *u++ = '\0'; - port = atoi(u); - if (port < 0 || port > 65535) - goto done; - } else { - port = 80; - } - - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_port = htons(port); - - if (isdigit(*s)) { - if (inet_aton(s, &sin.sin_addr) == -1) { - goto done; - } - } else { - host = gethostbyname(s); - if (host == NULL) - goto done; - memcpy(&sin.sin_addr, host->h_addr_list[0], - sizeof(sin.sin_addr)); - } - - fd = socket(AF_INET, SOCK_STREAM, 0); - if (fd == -1) - goto done; - - if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) == -1) { - close(fd); - goto done; - } - - len = strlen(buffer); - if (write(fd, buffer, len) != len) { - close(fd); - goto done; - } - - s = buffer; - endhdr = 0; - left = sizeof(buffer) - 1; - - while ((len = read(fd, s, left)) > 0) { - s[len] = '\0'; - left -= len; - s += len; - - if (endhdr >= 0) { - if (endhdr == 0) { - t = strchr(buffer, ' '); - if (t == NULL) - continue; - t++; - if (*t != '2') - break; - } - - u = buffer; - while ((t = strchr(u, '\r')) != NULL) { - if (t == u) { - if (*(t + 1) == '\n') { - u = t + 2; - endhdr = -1; - break; - } else - t++; - } else if (*(t + 1) == '\n') { - endhdr++; - u = t + 2; - } else - u = t + 1; - } - if (endhdr >= 0) - continue; - removed = (u - buffer) + 1; - memmove(buffer, u, (sizeof(buffer) - left) - removed); - s -= removed; - left += removed; - } - - do { - t = strchr(buffer, '\n'); - if (t == NULL) - break; - - *t++ = '\0'; - for (u = buffer; isdigit(*u) || (*u == '.'); u++) - ; - if (*u == '/') { - char *slash; - - slash = u; - u++; - while (isdigit(*u)) - u++; - if (!isspace(*u) && *u) - u = slash; - } - *u = '\0'; - - a = alist_new(4, buffer); - if (a != NULL) { - if (rbot != NULL) - rbot->al_next = a; - else - rtop = a; - rbot = a; - } - - removed = t - buffer; - memmove(buffer, t, sizeof(buffer) - left - removed); - s -= removed; - left += removed; - - } while (1); - } - -done: - if (myurl != NULL) - free(myurl); - if (fd != -1) - close(fd); - return rtop; -} diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c deleted file mode 100644 index f22b063..0000000 --- a/contrib/ipfilter/lib/load_pool.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_pool.c,v 1.14.2.4 2006/06/16 17:21:06 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_pool.h" - -static int poolfd = -1; - - -int load_pool(plp, iocfunc) -ip_pool_t *plp; -ioctlfunc_t iocfunc; -{ - iplookupop_t op; - ip_pool_node_t *a; - ip_pool_t pool; - - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - poolfd = open(IPLOOKUP_NAME, O_RDWR); - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_unit = plp->ipo_unit; - op.iplo_type = IPLT_POOL; - op.iplo_arg = 0; - strncpy(op.iplo_name, plp->ipo_name, sizeof(op.iplo_name)); - op.iplo_size = sizeof(pool); - op.iplo_struct = &pool; - bzero((char *)&pool, sizeof(pool)); - strncpy(pool.ipo_name, plp->ipo_name, sizeof(pool.ipo_name)); - if (plp->ipo_name[0] == '\0') - op.iplo_arg |= IPOOL_ANON; - - if ((opts & OPT_REMOVE) == 0) { - if ((*iocfunc)(poolfd, SIOCLOOKUPADDTABLE, &op)) - if ((opts & OPT_DONOTHING) == 0) { - perror("load_pool:SIOCLOOKUPADDTABLE"); - return -1; - } - } - - if (op.iplo_arg & IPOOL_ANON) - strncpy(pool.ipo_name, op.iplo_name, sizeof(pool.ipo_name)); - - if ((opts & OPT_VERBOSE) != 0) { - pool.ipo_list = plp->ipo_list; - printpool(&pool, bcopywrap, pool.ipo_name, opts); - pool.ipo_list = NULL; - } - - for (a = plp->ipo_list; a != NULL; a = a->ipn_next) - load_poolnode(plp->ipo_unit, pool.ipo_name, a, iocfunc); - - if ((opts & OPT_REMOVE) != 0) { - if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op)) - if ((opts & OPT_DONOTHING) == 0) { - perror("load_pool:SIOCLOOKUPDELTABLE"); - return -1; - } - } - return 0; -} diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c deleted file mode 100644 index 2afc4d2..0000000 --- a/contrib/ipfilter/lib/load_poolnode.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (C) 2003-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_poolnode.c,v 1.3.2.3 2006/06/16 17:21:06 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_pool.h" - -static int poolfd = -1; - - -int load_poolnode(role, name, node, iocfunc) -int role; -char *name; -ip_pool_node_t *node; -ioctlfunc_t iocfunc; -{ - ip_pool_node_t pn; - iplookupop_t op; - int err; - - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - poolfd = open(IPLOOKUP_NAME, O_RDWR); - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_unit = role; - op.iplo_type = IPLT_POOL; - op.iplo_arg = 0; - op.iplo_struct = &pn; - op.iplo_size = sizeof(pn); - strncpy(op.iplo_name, name, sizeof(op.iplo_name)); - - bzero((char *)&pn, sizeof(pn)); - bcopy((char *)&node->ipn_addr, (char *)&pn.ipn_addr, - sizeof(pn.ipn_addr)); - bcopy((char *)&node->ipn_mask, (char *)&pn.ipn_mask, - sizeof(pn.ipn_mask)); - pn.ipn_info = node->ipn_info; - strncpy(pn.ipn_name, node->ipn_name, sizeof(pn.ipn_name)); - - if ((opts & OPT_REMOVE) == 0) - err = (*iocfunc)(poolfd, SIOCLOOKUPADDNODE, &op); - else - err = (*iocfunc)(poolfd, SIOCLOOKUPDELNODE, &op); - - if (err != 0) { - if ((opts & OPT_DONOTHING) == 0) { - perror("load_poolnode:SIOCLOOKUP*NODE"); - return -1; - } - } - - return 0; -} diff --git a/contrib/ipfilter/lib/load_url.c b/contrib/ipfilter/lib/load_url.c deleted file mode 100644 index 7709153..0000000 --- a/contrib/ipfilter/lib/load_url.c +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (C) 2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: load_url.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ - */ - -#include "ipf.h" - -alist_t * -load_url(char *url) -{ - alist_t *hosts = NULL; - - if (strncmp(url, "file://", 7) == 0) { - /* - * file:///etc/passwd - * ^------------s - */ - hosts = load_file(url); - - } else if (*url == '/' || *url == '.') { - hosts = load_file(url); - - } else if (strncmp(url, "http://", 7) == 0) { - hosts = load_http(url); - } - - return hosts; -} diff --git a/contrib/ipfilter/lib/loglevel.c b/contrib/ipfilter/lib/loglevel.c deleted file mode 100644 index 47dd8ba..0000000 --- a/contrib/ipfilter/lib/loglevel.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp $ - */ - -#include "ipf.h" - - -int loglevel(cpp, facpri, linenum) -char **cpp; -u_int *facpri; -int linenum; -{ - int fac, pri; - char *s; - - fac = 0; - pri = 0; - if (!*++cpp) { - fprintf(stderr, "%d: %s\n", linenum, - "missing identifier after level"); - return -1; - } - - s = strchr(*cpp, '.'); - if (s) { - *s++ = '\0'; - fac = fac_findname(*cpp); - if (fac == -1) { - fprintf(stderr, "%d: %s %s\n", linenum, - "Unknown facility", *cpp); - return -1; - } - pri = pri_findname(s); - if (pri == -1) { - fprintf(stderr, "%d: %s %s\n", linenum, - "Unknown priority", s); - return -1; - } - } else { - pri = pri_findname(*cpp); - if (pri == -1) { - fprintf(stderr, "%d: %s %s\n", linenum, - "Unknown priority", *cpp); - return -1; - } - } - *facpri = fac|pri; - return 0; -} diff --git a/contrib/ipfilter/lib/make_range.c b/contrib/ipfilter/lib/make_range.c deleted file mode 100644 index e4335cd..0000000 --- a/contrib/ipfilter/lib/make_range.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp $ - */ -#include "ipf.h" - - -alist_t *make_range(not, a1, a2) -int not; -struct in_addr a1, a2; -{ - alist_t *a; - - a = (alist_t *)calloc(1, sizeof(*a)); - if (a != NULL) { - a->al_1 = a1.s_addr; - a->al_2 = a2.s_addr; - a->al_not = not; - } - return a; -} diff --git a/contrib/ipfilter/lib/mutex_emul.c b/contrib/ipfilter/lib/mutex_emul.c deleted file mode 100644 index 1a58156..0000000 --- a/contrib/ipfilter/lib/mutex_emul.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: mutex_emul.c,v 1.2.4.1 2006/06/16 17:21:06 darrenr Exp $ - */ - -#include "ipf.h" - -#define EMM_MAGIC 0x9d7adba3 - -void eMmutex_enter(mtx, file, line) -eMmutex_t *mtx; -char *file; -int line; -{ - if (mtx->eMm_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMmutex_enter(%p): bad magic: %#x\n", - mtx->eMm_owner, mtx, mtx->eMm_magic); - abort(); - } - if (mtx->eMm_held != 0) { - fprintf(stderr, "%s:eMmutex_enter(%p): already locked: %d\n", - mtx->eMm_owner, mtx, mtx->eMm_held); - abort(); - } - mtx->eMm_held++; - mtx->eMm_heldin = file; - mtx->eMm_heldat = line; -} - - -void eMmutex_exit(mtx) -eMmutex_t *mtx; -{ - if (mtx->eMm_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMmutex_exit(%p): bad magic: %#x\n", - mtx->eMm_owner, mtx, mtx->eMm_magic); - abort(); - } - if (mtx->eMm_held != 1) { - fprintf(stderr, "%s:eMmutex_exit(%p): not locked: %d\n", - mtx->eMm_owner, mtx, mtx->eMm_held); - abort(); - } - mtx->eMm_held--; - mtx->eMm_heldin = NULL; - mtx->eMm_heldat = 0; -} - - -void eMmutex_init(mtx, who) -eMmutex_t *mtx; -char *who; -{ - if (mtx->eMm_magic == EMM_MAGIC) { /* safe bet ? */ - fprintf(stderr, - "%s:eMmutex_init(%p): already initialised?: %#x\n", - mtx->eMm_owner, mtx, mtx->eMm_magic); - abort(); - } - mtx->eMm_magic = EMM_MAGIC; - mtx->eMm_held = 0; - if (who != NULL) - mtx->eMm_owner = strdup(who); - else - mtx->eMm_owner = NULL; -} - - -void eMmutex_destroy(mtx) -eMmutex_t *mtx; -{ - if (mtx->eMm_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMmutex_destroy(%p): bad magic: %#x\n", - mtx->eMm_owner, mtx, mtx->eMm_magic); - abort(); - } - if (mtx->eMm_held != 0) { - fprintf(stderr, "%s:eMmutex_enter(%p): still locked: %d\n", - mtx->eMm_owner, mtx, mtx->eMm_held); - abort(); - } - memset(mtx, 0xa5, sizeof(*mtx)); -} diff --git a/contrib/ipfilter/lib/nametokva.c b/contrib/ipfilter/lib/nametokva.c deleted file mode 100644 index 89e3474..0000000 --- a/contrib/ipfilter/lib/nametokva.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: nametokva.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $ - */ - -#include "ipf.h" - -#include <sys/ioctl.h> -#include <fcntl.h> - -ipfunc_t nametokva(name, iocfunc) -char *name; -ioctlfunc_t iocfunc; -{ - ipfunc_resolve_t res; - int fd; - - strncpy(res.ipfu_name, name, sizeof(res.ipfu_name)); - res.ipfu_addr = NULL; - fd = -1; - - if ((opts & OPT_DONOTHING) == 0) { - fd = open(IPL_NAME, O_RDONLY); - if (fd == -1) - return NULL; - } - (void) (*iocfunc)(fd, SIOCFUNCL, &res); - if (fd >= 0) - close(fd); - if (res.ipfu_addr == NULL) - res.ipfu_addr = (ipfunc_t)-1; - return res.ipfu_addr; -} diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c deleted file mode 100644 index ccf7864..0000000 --- a/contrib/ipfilter/lib/nat_setgroupmap.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $"; -#endif - -#include "ipf.h" - -void nat_setgroupmap(n) -ipnat_t *n; -{ - if (n->in_outmsk == n->in_inmsk) - n->in_ippip = 1; - else if (n->in_flags & IPN_AUTOPORTMAP) { - n->in_ippip = ~ntohl(n->in_inmsk); - if (n->in_outmsk != 0xffffffff) - n->in_ippip /= (~ntohl(n->in_outmsk) + 1); - n->in_ippip++; - if (n->in_ippip == 0) - n->in_ippip = 1; - n->in_ppip = USABLE_PORTS / n->in_ippip; - } else { - n->in_space = USABLE_PORTS * ~ntohl(n->in_outmsk); - n->in_nip = 0; - if (!(n->in_ppip = n->in_pmin)) - n->in_ppip = 1; - n->in_ippip = USABLE_PORTS / n->in_ppip; - } -} diff --git a/contrib/ipfilter/lib/natparse.c b/contrib/ipfilter/lib/natparse.c deleted file mode 100644 index 9937380..0000000 --- a/contrib/ipfilter/lib/natparse.c +++ /dev/null @@ -1,728 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if !defined(lint) -static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp $"; -#endif - -#include <sys/ioctl.h> -#include <errno.h> -#include <ctype.h> - -#include "ipf.h" -#include "opts.h" - - -void nat_setgroupmap(n) -ipnat_t *n; -{ - if (n->in_outmsk == n->in_inmsk) - n->in_ippip = 1; - else if (n->in_flags & IPN_AUTOPORTMAP) { - n->in_ippip = ~ntohl(n->in_inmsk); - if (n->in_outmsk != 0xffffffff) - n->in_ippip /= (~ntohl(n->in_outmsk) + 1); - n->in_ippip++; - if (n->in_ippip == 0) - n->in_ippip = 1; - n->in_ppip = USABLE_PORTS / n->in_ippip; - } else { - n->in_space = USABLE_PORTS * ~ntohl(n->in_outmsk); - n->in_nip = 0; - if (!(n->in_ppip = n->in_pmin)) - n->in_ppip = 1; - n->in_ippip = USABLE_PORTS / n->in_ppip; - } -} - - - -ipnat_t *natparse(line, linenum) -char *line; -int linenum; -{ - static ipnat_t ipn; - struct protoent *pr; - char *dnetm = NULL, *dport = NULL, *proto = NULL; - char *s, *t, *cps[31], **cpp; - int i, cnt; - - - if ((s = strchr(line, '\n'))) - *s = '\0'; - if ((s = strchr(line, '#'))) - *s = '\0'; - while (*line && ISSPACE(*line)) - line++; - if (!*line) - return NULL; - - bzero((char *)&ipn, sizeof(ipn)); - cnt = 0; - - for (i = 0, *cps = strtok(line, " \b\t\r\n"); cps[i] && i < 30; cnt++) - cps[++i] = strtok(NULL, " \b\t\r\n"); - - cps[i] = NULL; - - if (cnt < 3) { - fprintf(stderr, "%d: not enough segments in line\n", linenum); - return NULL; - } - - cpp = cps; - - if (!strcasecmp(*cpp, "map")) - ipn.in_redir = NAT_MAP; - else if (!strcasecmp(*cpp, "map-block")) - ipn.in_redir = NAT_MAPBLK; - else if (!strcasecmp(*cpp, "rdr")) - ipn.in_redir = NAT_REDIRECT; - else if (!strcasecmp(*cpp, "bimap")) - ipn.in_redir = NAT_BIMAP; - else { - fprintf(stderr, "%d: unknown mapping: \"%s\"\n", - linenum, *cpp); - return NULL; - } - - cpp++; - - strncpy(ipn.in_ifnames[0], *cpp, sizeof(ipn.in_ifnames[0]) - 1); - ipn.in_ifnames[0][sizeof(ipn.in_ifnames[0]) - 1] = '\0'; - cpp++; - - if (!strcasecmp(*cpp, "from") || (**cpp == '!')) { - if (!strcmp(*cpp, "!")) { - cpp++; - if (strcasecmp(*cpp, "from")) { - fprintf(stderr, "Missing from after !\n"); - return NULL; - } - ipn.in_flags |= IPN_NOTSRC; - } else if (**cpp == '!') { - if (strcasecmp(*cpp + 1, "from")) { - fprintf(stderr, "Missing from after !\n"); - return NULL; - } - ipn.in_flags |= IPN_NOTSRC; - } - if ((ipn.in_flags & IPN_NOTSRC) && - (ipn.in_redir & (NAT_MAP|NAT_MAPBLK))) { - fprintf(stderr, "Cannot use '! from' with map\n"); - return NULL; - } - - ipn.in_flags |= IPN_FILTER; - cpp++; - if (ipn.in_redir == NAT_REDIRECT) { - if (hostmask(&cpp, proto, NULL, - (u_32_t *)&ipn.in_srcip, - (u_32_t *)&ipn.in_srcmsk, linenum) == -1) - return NULL; - - if (ports(&cpp, proto, &ipn.in_sport, - &ipn.in_scmp, &ipn.in_stop, linenum)) - return NULL; - } else { - if (hostmask(&cpp, proto, NULL, - (u_32_t *)&ipn.in_inip, - (u_32_t *)&ipn.in_inmsk, linenum) == -1) - return NULL; - - if (ports(&cpp, proto, &ipn.in_dport, - &ipn.in_dcmp, &ipn.in_dtop, linenum)) - return NULL; - } - - if (!strcmp(*cpp, "!")) { - cpp++; - ipn.in_flags |= IPN_NOTDST; - } else if (**cpp == '!') { - (*cpp)++; - ipn.in_flags |= IPN_NOTDST; - } - - if (strcasecmp(*cpp, "to")) { - fprintf(stderr, "%d: unexpected keyword (%s) - to\n", - linenum, *cpp); - return NULL; - } - if ((ipn.in_flags & IPN_NOTDST) && - (ipn.in_redir & (NAT_REDIRECT))) { - fprintf(stderr, "Cannot use '! to' with rdr\n"); - return NULL; - } - - if (!*++cpp) { - fprintf(stderr, "%d: missing host after to\n", linenum); - return NULL; - } - if (ipn.in_redir == NAT_REDIRECT) { - if (hostmask(&cpp, proto, NULL, - (u_32_t *)&ipn.in_outip, - (u_32_t *)&ipn.in_outmsk, linenum)) - return NULL; - - if (ports(&cpp, proto, &ipn.in_dport, - &ipn.in_dcmp, &ipn.in_dtop, linenum)) - return NULL; - ipn.in_pmin = htons(ipn.in_dport); - } else { - if (hostmask(&cpp, proto, NULL, - (u_32_t *)&ipn.in_srcip, - (u_32_t *)&ipn.in_srcmsk, linenum)) - return NULL; - - if (ports(&cpp, proto, &ipn.in_sport, - &ipn.in_scmp, &ipn.in_stop, linenum)) - return NULL; - } - } else { - s = *cpp; - if (!s) - return NULL; - t = strchr(s, '/'); - if (!t) - return NULL; - *t++ = '\0'; - if (ipn.in_redir == NAT_REDIRECT) { - if (hostnum((u_32_t *)&ipn.in_outip, s, linenum, NULL)) - return NULL; - if (genmask(t, (u_32_t *)&ipn.in_outmsk) == -1) { - return NULL; - } - } else { - if (hostnum((u_32_t *)&ipn.in_inip, s, linenum, NULL)) - return NULL; - if (genmask(t, (u_32_t *)&ipn.in_inmsk) == -1) { - return NULL; - } - } - cpp++; - if (!*cpp) - return NULL; - } - - if ((ipn.in_redir == NAT_REDIRECT) && !(ipn.in_flags & IPN_FILTER)) { - if (strcasecmp(*cpp, "port")) { - fprintf(stderr, "%d: missing fields - 1st port\n", - linenum); - return NULL; - } - - cpp++; - - if (!*cpp) { - fprintf(stderr, - "%d: missing fields (destination port)\n", - linenum); - return NULL; - } - - if (ISDIGIT(**cpp) && (s = strchr(*cpp, '-'))) - *s++ = '\0'; - else - s = NULL; - - if (!portnum(*cpp, proto, &ipn.in_pmin, linenum)) - return NULL; - ipn.in_pmin = htons(ipn.in_pmin); - cpp++; - - if (!strcmp(*cpp, "-")) { - cpp++; - s = *cpp++; - } - - if (s) { - if (!portnum(s, proto, &ipn.in_pmax, linenum)) - return NULL; - ipn.in_pmax = htons(ipn.in_pmax); - } else - ipn.in_pmax = ipn.in_pmin; - } - - if (!*cpp) { - fprintf(stderr, "%d: missing fields (->)\n", linenum); - return NULL; - } - if (strcmp(*cpp, "->")) { - fprintf(stderr, "%d: missing ->\n", linenum); - return NULL; - } - cpp++; - - if (!*cpp) { - fprintf(stderr, "%d: missing fields (%s)\n", - linenum, ipn.in_redir ? "destination" : "target"); - return NULL; - } - - if (ipn.in_redir == NAT_MAP) { - if (!strcasecmp(*cpp, "range")) { - cpp++; - ipn.in_flags |= IPN_IPRANGE; - if (!*cpp) { - fprintf(stderr, "%d: missing fields (%s)\n", - linenum, - ipn.in_redir ? "destination":"target"); - return NULL; - } - } - } - - if (ipn.in_flags & IPN_IPRANGE) { - dnetm = strrchr(*cpp, '-'); - if (dnetm == NULL) { - cpp++; - if (*cpp && !strcmp(*cpp, "-") && *(cpp + 1)) - dnetm = *(cpp + 1); - } else - *dnetm++ = '\0'; - if (dnetm == NULL || *dnetm == '\0') { - fprintf(stderr, - "%d: desination range not specified\n", - linenum); - return NULL; - } - } else if (ipn.in_redir != NAT_REDIRECT) { - dnetm = strrchr(*cpp, '/'); - if (dnetm == NULL) { - cpp++; - if (*cpp && !strcasecmp(*cpp, "netmask")) - dnetm = *++cpp; - } - if (dnetm == NULL) { - fprintf(stderr, - "%d: missing fields (dest netmask)\n", - linenum); - return NULL; - } - if (*dnetm == '/') - *dnetm++ = '\0'; - } - - if (ipn.in_redir == NAT_REDIRECT) { - dnetm = strchr(*cpp, ','); - if (dnetm != NULL) { - ipn.in_flags |= IPN_SPLIT; - *dnetm++ = '\0'; - } - if (hostnum((u_32_t *)&ipn.in_inip, *cpp, linenum, NULL)) - return NULL; - } else { - if (hostnum((u_32_t *)&ipn.in_outip, *cpp, linenum, NULL)) - return NULL; - } - cpp++; - - if (ipn.in_redir & NAT_MAPBLK) { - if (*cpp && strcasecmp(*cpp, "ports")) { - fprintf(stderr, - "%d: expected \"ports\" - got \"%s\"\n", - linenum, *cpp); - return NULL; - } - cpp++; - if (*cpp) { - ipn.in_pmin = atoi(*cpp); - cpp++; - } else - ipn.in_pmin = 0; - } else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) { - if (*cpp && strrchr(*cpp, '/') != NULL) { - fprintf(stderr, "%d: No netmask supported in %s\n", - linenum, "destination host for redirect"); - return NULL; - } - /* If it's a in_redir, expect target port */ - - if (!*cpp || strcasecmp(*cpp, "port")) { - fprintf(stderr, "%d: missing fields - 2nd port (%s)\n", - linenum, *cpp); - return NULL; - } - cpp++; - if (!*cpp) { - fprintf(stderr, - "%d: missing fields (destination port)\n", - linenum); - return NULL; - } - if (!portnum(*cpp, proto, &ipn.in_pnext, linenum)) - return NULL; - ipn.in_pnext = htons(ipn.in_pnext); - cpp++; - } - if (dnetm && *dnetm == '/') - *dnetm++ = '\0'; - - if (ipn.in_redir & (NAT_MAP|NAT_MAPBLK)) { - if (ipn.in_flags & IPN_IPRANGE) { - if (hostnum((u_32_t *)&ipn.in_outmsk, dnetm, - linenum, NULL) == -1) - return NULL; - } else if (genmask(dnetm, (u_32_t *)&ipn.in_outmsk)) - return NULL; - } else { - if (ipn.in_flags & IPN_SPLIT) { - if (hostnum((u_32_t *)&ipn.in_inmsk, dnetm, - linenum, NULL) == -1) - return NULL; - } else if (genmask("255.255.255.255", (u_32_t *)&ipn.in_inmsk)) - return NULL; - if (!*cpp) { - ipn.in_flags |= IPN_TCP; /* XXX- TCP only by default */ - proto = "tcp"; - } else { - if (!strcasecmp(*cpp, "tcp")) - ipn.in_flags |= IPN_TCP; - else if (!strcasecmp(*cpp, "udp")) - ipn.in_flags |= IPN_UDP; - else if (!strcasecmp(*cpp, "tcp/udp")) - ipn.in_flags |= IPN_TCPUDP; - else if (!strcasecmp(*cpp, "tcpudp")) - ipn.in_flags |= IPN_TCPUDP; - else if (!strcasecmp(*cpp, "ip")) - ipn.in_flags |= IPN_ANY; - else { - ipn.in_flags |= IPN_ANY; - ipn.in_p = getproto(*cpp); - } - proto = *cpp; - cpp++; - - if (*cpp && !strcasecmp(*cpp, "round-robin")) { - cpp++; - ipn.in_flags |= IPN_ROUNDR; - } - - if (*cpp && !strcasecmp(*cpp, "frag")) { - cpp++; - ipn.in_flags |= IPN_FRAG; - } - - if (*cpp && !strcasecmp(*cpp, "age")) { - cpp++; - if (!*cpp) { - fprintf(stderr, - "%d: age with no parameters\n", - linenum); - return NULL; - } - - ipn.in_age[0] = atoi(*cpp); - s = strchr(*cpp, '/'); - if (s != NULL) - ipn.in_age[1] = atoi(s + 1); - else - ipn.in_age[1] = ipn.in_age[0]; - cpp++; - } - - if (*cpp && !strcasecmp(*cpp, "mssclamp")) { - cpp++; - if (*cpp) { - ipn.in_mssclamp = atoi(*cpp); - cpp++; - } else { - fprintf(stderr, - "%d: mssclamp with no parameters\n", - linenum); - return NULL; - } - } - - if (*cpp) { - fprintf(stderr, - "%d: extra junk at the end of rdr: %s\n", - linenum, *cpp); - return NULL; - } - } - } - - if (!(ipn.in_flags & IPN_SPLIT)) - ipn.in_inip &= ipn.in_inmsk; - if ((ipn.in_flags & IPN_IPRANGE) == 0) - ipn.in_outip &= ipn.in_outmsk; - ipn.in_srcip &= ipn.in_srcmsk; - - if ((ipn.in_redir & NAT_MAPBLK) != 0) - nat_setgroupmap(&ipn); - - if (*cpp && !strcasecmp(*cpp, "frag")) { - cpp++; - ipn.in_flags |= IPN_ROUNDR; - } - - if (!*cpp) - return &ipn; - - if (ipn.in_redir != NAT_BIMAP && !strcasecmp(*cpp, "proxy")) { - if (ipn.in_redir == NAT_BIMAP) { - fprintf(stderr, "%d: cannot use proxy with bimap\n", - linenum); - return NULL; - } - - cpp++; - if (!*cpp) { - fprintf(stderr, - "%d: missing parameter for \"proxy\"\n", - linenum); - return NULL; - } - dport = NULL; - - if (!strcasecmp(*cpp, "port")) { - cpp++; - if (!*cpp) { - fprintf(stderr, - "%d: missing parameter for \"port\"\n", - linenum); - return NULL; - } - - dport = *cpp; - cpp++; - - if (!*cpp) { - fprintf(stderr, - "%d: missing parameter for \"proxy\"\n", - linenum); - return NULL; - } - } else { - fprintf(stderr, - "%d: missing keyword \"port\"\n", linenum); - return NULL; - } - - if ((proto = strchr(*cpp, '/'))) { - *proto++ = '\0'; - ipn.in_p = getproto(proto); - } else - ipn.in_p = 0; - - if (dport && !portnum(dport, proto, &ipn.in_dport, linenum)) - return NULL; - ipn.in_dport = htons(ipn.in_dport); - - (void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel)); - cpp++; - - if (*cpp) { - fprintf(stderr, - "%d: too many parameters for \"proxy\"\n", - linenum); - return NULL; - } - return &ipn; - } - - - if (!strcasecmp(*cpp, "icmpidmap")) { - - cpp++; - if (!*cpp) { - fprintf(stderr, - "%d: icmpidmap misses protocol and range\n", - linenum); - return NULL; - }; - - if (!strcasecmp(*cpp, "icmp")) - ipn.in_flags = IPN_ICMPQUERY; - else { - fprintf(stderr, "%d: icmpidmap only valid for icmp\n", - linenum); - return NULL; - } - cpp++; - - if (!*cpp) { - fprintf(stderr, "%d: no icmp id argument found\n", - linenum); - return NULL; - } - - if (!(t = strchr(*cpp, ':'))) { - fprintf(stderr, - "%d: no icmp id range detected in \"%s\"\n", - linenum, *cpp); - return NULL; - } - *t++ = '\0'; - - if (!icmpidnum(*cpp, &ipn.in_pmin, linenum) || - !icmpidnum(t, &ipn.in_pmax, linenum)) - return NULL; - } else if (!strcasecmp(*cpp, "portmap")) { - if (ipn.in_redir == NAT_BIMAP) { - fprintf(stderr, "%d: cannot use proxy with bimap\n", - linenum); - return NULL; - } - cpp++; - if (!*cpp) { - fprintf(stderr, - "%d: missing expression following portmap\n", - linenum); - return NULL; - } - - if (!strcasecmp(*cpp, "tcp")) - ipn.in_flags |= IPN_TCP; - else if (!strcasecmp(*cpp, "udp")) - ipn.in_flags |= IPN_UDP; - else if (!strcasecmp(*cpp, "tcpudp")) - ipn.in_flags |= IPN_TCPUDP; - else if (!strcasecmp(*cpp, "tcp/udp")) - ipn.in_flags |= IPN_TCPUDP; - else { - fprintf(stderr, - "%d: expected protocol name - got \"%s\"\n", - linenum, *cpp); - return NULL; - } - proto = *cpp; - cpp++; - - if (!*cpp) { - fprintf(stderr, "%d: no port range found\n", linenum); - return NULL; - } - - if (!strcasecmp(*cpp, "auto")) { - ipn.in_flags |= IPN_AUTOPORTMAP; - ipn.in_pmin = htons(1024); - ipn.in_pmax = htons(65535); - nat_setgroupmap(&ipn); - } else { - if (!(t = strchr(*cpp, ':'))) { - fprintf(stderr, - "%d: no port range in \"%s\"\n", - linenum, *cpp); - return NULL; - } - *t++ = '\0'; - if (!portnum(*cpp, proto, &ipn.in_pmin, linenum) || - !portnum(t, proto, &ipn.in_pmax, linenum)) - return NULL; - } - cpp++; - } - - if (*cpp && !strcasecmp(*cpp, "round-robin")) { - cpp++; - ipn.in_flags |= IPN_ROUNDR; - } - - if (*cpp && !strcasecmp(*cpp, "age")) { - cpp++; - if (!*cpp) { - fprintf(stderr, "%d: age with no parameters\n", - linenum); - return NULL; - } - s = strchr(*cpp, '/'); - if (s != NULL) - ipn.in_age[1] = atoi(s + 1); - else - ipn.in_age[1] = ipn.in_age[0]; - cpp++; - } - - if (*cpp && !strcasecmp(*cpp, "mssclamp")) { - cpp++; - if (*cpp) { - ipn.in_mssclamp = atoi(*cpp); - cpp++; - } else { - fprintf(stderr, "%d: mssclamp with no parameters\n", - linenum); - return NULL; - } - } - - if (*cpp) { - fprintf(stderr, "%d: extra junk at the end of the line: %s\n", - linenum, *cpp); - return NULL; - } - - ipn.in_pmin = htons(ipn.in_pmin); - ipn.in_pmax = htons(ipn.in_pmax); - return &ipn; -} - - -void natparsefile(fd, file, opts) -int fd; -char *file; -int opts; -{ - char line[512], *s; - ipnat_t *np; - FILE *fp; - int linenum = 0; - - if (strcmp(file, "-")) { - if (!(fp = fopen(file, "r"))) { - fprintf(stderr, "%s: open: %s\n", file, - STRERROR(errno)); - exit(1); - } - } else - fp = stdin; - - while (getline(line, sizeof(line) - 1, fp, &linenum)) { - line[sizeof(line) - 1] = '\0'; - if ((s = strchr(line, '\n'))) - *s = '\0'; - - if (!(np = natparse(line, linenum))) { - if (*line) - fprintf(stderr, "%d: syntax error in \"%s\"\n", - linenum, line); - } else { - if ((opts & OPT_VERBOSE) && np) - printnat(np, opts); - if (!(opts & OPT_DONOTHING)) { - if (!(opts & OPT_REMOVE)) { - if (ioctl(fd, SIOCADNAT, &np) == -1) - perror("ioctl(SIOCADNAT)"); - } else if (ioctl(fd, SIOCRMNAT, &np) == -1) - perror("ioctl(SIOCRMNAT)"); - } - } - } - if (fp != stdin) - fclose(fp); -} - - -int icmpidnum(str, id, linenum) -char *str; -u_short *id; -int linenum; -{ - int i; - - - i = atoi(str); - - if ((i<0) || (i>65535)) { - fprintf(stderr, "%d: invalid icmp id\"%s\".\n", linenum, str); - return 0; - } - - *id = (u_short)i; - - return 1; -} diff --git a/contrib/ipfilter/lib/ntomask.c b/contrib/ipfilter/lib/ntomask.c deleted file mode 100644 index 4a50ef8..0000000 --- a/contrib/ipfilter/lib/ntomask.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ntomask.c,v 1.6.2.1 2006/06/16 17:21:07 darrenr Exp $ - */ - -#include "ipf.h" - -int ntomask(v, nbits, ap) -int v, nbits; -u_32_t *ap; -{ - u_32_t mask; - - if (nbits < 0) - return -1; - - switch (v) - { - case 4 : - if (nbits > 32 || use_inet6 != 0) - return -1; - if (nbits == 0) { - mask = 0; - } else { - mask = 0xffffffff; - mask <<= (32 - nbits); - } - *ap = htonl(mask); - break; - - case 6 : - if ((nbits > 128) || (use_inet6 == 0)) - return -1; - fill6bits(nbits, ap); - break; - - default : - return -1; - } - return 0; -} diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c deleted file mode 100644 index 33e5f17..0000000 --- a/contrib/ipfilter/lib/optname.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (C) 2000-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: optname.c,v 1.3.4.1 2006/06/16 17:21:07 darrenr Exp $ - */ - -#include "ipf.h" - - -u_32_t optname(cp, sp, linenum) -char ***cp; -u_short *sp; -int linenum; -{ - struct ipopt_names *io, *so; - u_long msk = 0; - u_short smsk = 0; - char *s; - int sec = 0; - - for (s = strtok(**cp, ","); s; s = strtok(NULL, ",")) { - for (io = ionames; io->on_name; io++) - if (!strcasecmp(s, io->on_name)) { - msk |= io->on_bit; - break; - } - if (!io->on_name) { - fprintf(stderr, "%d: unknown IP option name %s\n", - linenum, s); - return 0; - } - if (!strcasecmp(s, "sec-class")) - sec = 1; - } - - if (sec && !*(*cp + 1)) { - fprintf(stderr, "%d: missing security level after sec-class\n", - linenum); - return 0; - } - - if (sec) { - (*cp)++; - for (s = strtok(**cp, ","); s; s = strtok(NULL, ",")) { - for (so = secclass; so->on_name; so++) - if (!strcasecmp(s, so->on_name)) { - smsk |= so->on_bit; - break; - } - if (!so->on_name) { - fprintf(stderr, - "%d: no such security level: %s\n", - linenum, s); - return 0; - } - } - if (smsk) - *sp = smsk; - } - return msk; -} diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c deleted file mode 100644 index 8c14fe4..0000000 --- a/contrib/ipfilter/lib/optprint.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: optprint.c,v 1.6.4.2 2006/06/16 17:21:08 darrenr Exp $ - */ -#include "ipf.h" - - -void optprint(sec, optmsk, optbits) -u_short *sec; -u_long optmsk, optbits; -{ - u_short secmsk = sec[0], secbits = sec[1]; - struct ipopt_names *io, *so; - char *s; - - s = " opt "; - for (io = ionames; io->on_name; io++) - if ((io->on_bit & optmsk) && - ((io->on_bit & optmsk) == (io->on_bit & optbits))) { - if ((io->on_value != IPOPT_SECURITY) || - (!secmsk && !secbits)) { - printf("%s%s", s, io->on_name); - /* - * Because the ionames table has this entry - * twice. - */ - if (io->on_value == IPOPT_SECURITY) - io++; - s = ","; - } - } - - - if (secmsk & secbits) { - printf("%ssec-class", s); - s = " "; - for (so = secclass; so->on_name; so++) - if ((secmsk & so->on_bit) && - ((so->on_bit & secmsk) == (so->on_bit & secbits))) { - printf("%s%s", s, so->on_name); - s = ","; - } - } - - if ((optmsk && (optmsk != optbits)) || - (secmsk && (secmsk != secbits))) { - s = " "; - printf(" not opt"); - if (optmsk != optbits) { - for (io = ionames; io->on_name; io++) - if ((io->on_bit & optmsk) && - ((io->on_bit & optmsk) != - (io->on_bit & optbits))) { - if ((io->on_value != IPOPT_SECURITY) || - (!secmsk && !secbits)) { - printf("%s%s", s, io->on_name); - s = ","; - if (io->on_value == - IPOPT_SECURITY) - io++; - } else - io++; - } - } - - if (secmsk != secbits) { - printf("%ssec-class", s); - s = " "; - for (so = secclass; so->on_name; so++) - if ((so->on_bit & secmsk) && - ((so->on_bit & secmsk) != - (so->on_bit & secbits))) { - printf("%s%s", s, so->on_name); - s = ","; - } - } - } -} diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c deleted file mode 100644 index 5172b5c..0000000 --- a/contrib/ipfilter/lib/optprintv6.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: optprintv6.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $ - */ -#include "ipf.h" - - -#ifdef USE_INET6 - -void optprintv6(sec, optmsk, optbits) -u_short *sec; -u_long optmsk, optbits; -{ - u_short secmsk = sec[0], secbits = sec[1]; - struct ipopt_names *io; - char *s; - - s = " v6hdrs "; - for (io = v6ionames; io->on_name; io++) - if ((io->on_bit & optmsk) && - ((io->on_bit & optmsk) == (io->on_bit & optbits))) { - printf("%s%s", s, io->on_name); - s = ","; - } - - if ((optmsk && (optmsk != optbits)) || - (secmsk && (secmsk != secbits))) { - s = " "; - printf(" not v6hdrs"); - if (optmsk != optbits) { - for (io = v6ionames; io->on_name; io++) - if ((io->on_bit & optmsk) && - ((io->on_bit & optmsk) != - (io->on_bit & optbits))) { - printf("%s%s", s, io->on_name); - s = ","; - } - } - - } -} -#endif diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c deleted file mode 100644 index 37bfcf9..0000000 --- a/contrib/ipfilter/lib/optvalue.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) 2001-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: optvalue.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $ - */ -#include "ipf.h" - - -u_32_t getoptbyname(optname) -char *optname; -{ - struct ipopt_names *io; - - for (io = ionames; io->on_name; io++) - if (!strcasecmp(optname, io->on_name)) - return io->on_bit; - return -1; -} - - -u_32_t getoptbyvalue(optval) -int optval; -{ - struct ipopt_names *io; - - for (io = ionames; io->on_name; io++) - if (io->on_value == optval) - return io->on_bit; - return -1; -} diff --git a/contrib/ipfilter/lib/parse.c b/contrib/ipfilter/lib/parse.c deleted file mode 100644 index 1a49d16..0000000 --- a/contrib/ipfilter/lib/parse.c +++ /dev/null @@ -1,752 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp $ - */ -#include <ctype.h> -#include "ipf.h" -#include "opts.h" - -static frentry_t *fp = NULL; - -/* parse() - * - * parse a line read from the input filter rule file - */ -struct frentry *parse(line, linenum) -char *line; -int linenum; -{ - static fripf_t fip; - char *cps[31], **cpp, *endptr, *proto = NULL, *s; - struct protoent *p = NULL; - int i, cnt = 1, j; - u_int k; - - if (fp == NULL) { - fp = malloc(sizeof(*fp)); - if (fp == NULL) - return NULL; - } - - while (*line && ISSPACE(*line)) - line++; - if (!*line) - return NULL; - - bzero((char *)fp, sizeof(*fp)); - bzero((char *)&fip, sizeof(fip)); - fp->fr_v = use_inet6 ? 6 : 4; - fp->fr_ipf = &fip; - fp->fr_dsize = sizeof(fip); - fp->fr_ip.fi_v = fp->fr_v; - fp->fr_mip.fi_v = 0xf; - fp->fr_type = FR_T_NONE; - fp->fr_loglevel = 0xffff; - fp->fr_isc = (void *)-1; - fp->fr_tag = FR_NOTAG; - - /* - * break line up into max of 20 segments - */ - if (opts & OPT_DEBUG) - fprintf(stderr, "parse [%s]\n", line); - for (i = 0, *cps = strtok(line, " \b\t\r\n"); cps[i] && i < 30; cnt++) - cps[++i] = strtok(NULL, " \b\t\r\n"); - cps[i] = NULL; - - if (cnt < 3) { - fprintf(stderr, "%d: not enough segments in line\n", linenum); - return NULL; - } - - cpp = cps; - /* - * The presence of an '@' followed by a number gives the position in - * the current rule list to insert this one. - */ - if (**cpp == '@') - fp->fr_hits = (U_QUAD_T)atoi(*cpp++ + 1) + 1; - - /* - * Check the first keyword in the rule and any options that are - * expected to follow it. - */ - if (!strcasecmp("block", *cpp)) { - fp->fr_flags |= FR_BLOCK; - if (!strncasecmp(*(cpp+1), "return-icmp-as-dest", 19) && - (i = 19)) - fp->fr_flags |= FR_FAKEICMP; - else if (!strncasecmp(*(cpp+1), "return-icmp", 11) && (i = 11)) - fp->fr_flags |= FR_RETICMP; - if (fp->fr_flags & FR_RETICMP) { - cpp++; - if (strlen(*cpp) == i) { - if (*(cpp + 1) && **(cpp +1) == '(') { - cpp++; - i = 0; - } else - i = -1; - } - - /* - * The ICMP code is not required to follow in ()'s - */ - if ((i >= 0) && (*(*cpp + i) == '(')) { - i++; - j = icmpcode(*cpp + i); - if (j == -1) { - fprintf(stderr, - "%d: unrecognised icmp code %s\n", - linenum, *cpp + 20); - return NULL; - } - fp->fr_icode = j; - } - } else if (!strncasecmp(*(cpp+1), "return-rst", 10)) { - fp->fr_flags |= FR_RETRST; - cpp++; - } - } else if (!strcasecmp("count", *cpp)) { - fp->fr_flags |= FR_ACCOUNT; - } else if (!strcasecmp("pass", *cpp)) { - fp->fr_flags |= FR_PASS; - } else if (!strcasecmp("auth", *cpp)) { - fp->fr_flags |= FR_AUTH; - } else if (fp->fr_arg != 0) { - printf("skip %u", fp->fr_arg); - } else if (!strcasecmp("preauth", *cpp)) { - fp->fr_flags |= FR_PREAUTH; - } else if (!strcasecmp("nomatch", *cpp)) { - fp->fr_flags |= FR_NOMATCH; - } else if (!strcasecmp("skip", *cpp)) { - cpp++; - if (ratoui(*cpp, &k, 0, UINT_MAX)) - fp->fr_arg = k; - else { - fprintf(stderr, "%d: integer must follow skip\n", - linenum); - return NULL; - } - } else if (!strcasecmp("log", *cpp)) { - fp->fr_flags |= FR_LOG; - if (!strcasecmp(*(cpp+1), "body")) { - fp->fr_flags |= FR_LOGBODY; - cpp++; - } - if (!strcasecmp(*(cpp+1), "first")) { - fp->fr_flags |= FR_LOGFIRST; - cpp++; - } - if (*cpp && !strcasecmp(*(cpp+1), "or-block")) { - fp->fr_flags |= FR_LOGORBLOCK; - cpp++; - } - if (!strcasecmp(*(cpp+1), "level")) { - cpp++; - if (loglevel(cpp, &fp->fr_loglevel, linenum) == -1) - return NULL; - cpp++; - } - } else { - /* - * Doesn't start with one of the action words - */ - fprintf(stderr, "%d: unknown keyword (%s)\n", linenum, *cpp); - return NULL; - } - if (!*++cpp) { - fprintf(stderr, "%d: missing 'in'/'out' keyword\n", linenum); - return NULL; - } - - /* - * Get the direction for filtering. Impose restrictions on direction - * if blocking with returning ICMP or an RST has been requested. - */ - if (!strcasecmp("in", *cpp)) - fp->fr_flags |= FR_INQUE; - else if (!strcasecmp("out", *cpp)) { - fp->fr_flags |= FR_OUTQUE; - if (fp->fr_flags & FR_RETICMP) { - fprintf(stderr, - "%d: Can only use return-icmp with 'in'\n", - linenum); - return NULL; - } else if (fp->fr_flags & FR_RETRST) { - fprintf(stderr, - "%d: Can only use return-rst with 'in'\n", - linenum); - return NULL; - } - } - if (!*++cpp) { - fprintf(stderr, "%d: missing source specification\n", linenum); - return NULL; - } - - if (!strcasecmp("log", *cpp)) { - if (!*++cpp) { - fprintf(stderr, "%d: missing source specification\n", - linenum); - return NULL; - } - if (FR_ISPASS(fp->fr_flags)) - fp->fr_flags |= FR_LOGP; - else if (FR_ISBLOCK(fp->fr_flags)) - fp->fr_flags |= FR_LOGB; - if (*cpp && !strcasecmp(*cpp, "body")) { - fp->fr_flags |= FR_LOGBODY; - cpp++; - } - if (*cpp && !strcasecmp(*cpp, "first")) { - fp->fr_flags |= FR_LOGFIRST; - cpp++; - } - if (*cpp && !strcasecmp(*cpp, "or-block")) { - if (!FR_ISPASS(fp->fr_flags)) { - fprintf(stderr, - "%d: or-block must be used with pass\n", - linenum); - return NULL; - } - fp->fr_flags |= FR_LOGORBLOCK; - cpp++; - } - if (*cpp && !strcasecmp(*cpp, "level")) { - if (loglevel(cpp, &fp->fr_loglevel, linenum) == -1) - return NULL; - cpp++; - cpp++; - } - } - - if (*cpp && !strcasecmp("quick", *cpp)) { - if (fp->fr_arg != 0) { - fprintf(stderr, "%d: cannot use skip with quick\n", - linenum); - return NULL; - } - cpp++; - fp->fr_flags |= FR_QUICK; - } - - /* - * Parse rule options that are available if a rule is tied to an - * interface. - */ - *fp->fr_ifname = '\0'; - *fp->fr_oifname = '\0'; - if (*cpp && !strcasecmp(*cpp, "on")) { - if (!*++cpp) { - fprintf(stderr, "%d: interface name missing\n", - linenum); - return NULL; - } - (void)strncpy(fp->fr_ifname, *cpp, IFNAMSIZ-1); - fp->fr_ifname[IFNAMSIZ-1] = '\0'; - cpp++; - if (!*cpp) { - if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) { - fprintf(stderr, - "%d: %s can only be used with TCP\n", - linenum, "return-rst"); - return NULL; - } - return fp; - } - - if (!strcasecmp(*cpp, "out-via")) { - if (fp->fr_flags & FR_OUTQUE) { - fprintf(stderr, - "out-via must be used with in\n"); - return NULL; - } - cpp++; - (void)strncpy(fp->fr_oifname, *cpp, IFNAMSIZ-1); - fp->fr_oifname[IFNAMSIZ-1] = '\0'; - cpp++; - } else if (!strcasecmp(*cpp, "in-via")) { - if (fp->fr_flags & FR_INQUE) { - fprintf(stderr, - "in-via must be used with out\n"); - return NULL; - } - cpp++; - (void)strncpy(fp->fr_oifname, *cpp, IFNAMSIZ-1); - fp->fr_oifname[IFNAMSIZ-1] = '\0'; - cpp++; - } - - if (!strcasecmp(*cpp, "dup-to") && *(cpp + 1)) { - cpp++; - if (to_interface(&fp->fr_dif, *cpp, linenum)) - return NULL; - cpp++; - } - if (*cpp && !strcasecmp(*cpp, "to") && *(cpp + 1)) { - cpp++; - if (to_interface(&fp->fr_tif, *cpp, linenum)) - return NULL; - cpp++; - } else if (*cpp && !strcasecmp(*cpp, "fastroute")) { - if (!(fp->fr_flags & FR_INQUE)) { - fprintf(stderr, - "can only use %s with 'in'\n", - "fastroute"); - return NULL; - } - fp->fr_flags |= FR_FASTROUTE; - cpp++; - } - - /* - * Set the "other" interface name. Lets you specify both - * inbound and outbound interfaces for state rules. Do not - * prevent both interfaces from being the same. - */ - strcpy(fp->fr_ifnames[3], "*"); - if ((*cpp != NULL) && (*(cpp + 1) != NULL) && - ((((fp->fr_flags & FR_INQUE) != 0) && - (strcasecmp(*cpp, "out-via") == 0)) || - (((fp->fr_flags & FR_OUTQUE) != 0) && - (strcasecmp(*cpp, "in-via") == 0)))) { - cpp++; - - s = strchr(*cpp, ','); - if (s != NULL) { - *s++ = '\0'; - (void)strncpy(fp->fr_ifnames[3], s, - IFNAMSIZ - 1); - fp->fr_ifnames[3][IFNAMSIZ - 1] = '\0'; - } - - (void)strncpy(fp->fr_ifnames[2], *cpp, IFNAMSIZ - 1); - fp->fr_ifnames[2][IFNAMSIZ - 1] = '\0'; - cpp++; - } else - strcpy(fp->fr_ifnames[2], "*"); - - } - - if (*cpp && !strcasecmp(*cpp, "tos")) { - if (!*++cpp) { - fprintf(stderr, "%d: tos missing value\n", linenum); - return NULL; - } - fp->fr_tos = strtol(*cpp, NULL, 0); - fp->fr_mip.fi_tos = 0xff; - cpp++; - } - - if (*cpp && !strcasecmp(*cpp, "ttl")) { - if (!*++cpp) { - fprintf(stderr, "%d: ttl missing hopcount value\n", - linenum); - return NULL; - } - if (ratoi(*cpp, &i, 0, 255)) - fp->fr_ttl = i; - else { - fprintf(stderr, "%d: invalid ttl (%s)\n", - linenum, *cpp); - return NULL; - } - fp->fr_mip.fi_ttl = 0xff; - cpp++; - } - - /* - * check for "proto <protoname>" only decode udp/tcp/icmp as protoname - */ - if (*cpp && !strcasecmp(*cpp, "proto")) { - if (!*++cpp) { - fprintf(stderr, "%d: protocol name missing\n", linenum); - return NULL; - } - fp->fr_type = FR_T_IPF; - proto = *cpp++; - if (!strcasecmp(proto, "tcp/udp")) { - fp->fr_flx |= FI_TCPUDP; - fp->fr_mflx |= FI_TCPUDP; - } else if (use_inet6 && !strcasecmp(proto, "icmp")) { - fprintf(stderr, -"%d: use proto ipv6-icmp with IPv6 (or use proto 1 if you really mean icmp)\n", - linenum); - return NULL; - } else { - fp->fr_proto = getproto(proto); - fp->fr_mip.fi_p = 0xff; - } - } - if ((fp->fr_proto != IPPROTO_TCP) && - ((fp->fr_flags & FR_RETMASK) == FR_RETRST)) { - fprintf(stderr, "%d: %s can only be used with TCP\n", - linenum, "return-rst"); - return NULL; - } - - /* - * get the from host and bit mask to use against packets - */ - - if (!*cpp) { - fprintf(stderr, "%d: missing source specification\n", linenum); - return NULL; - } - if (!strcasecmp(*cpp, "all")) { - cpp++; - if (!*cpp) { - if (fp->fr_type == FR_T_NONE) { - fp->fr_dsize = 0; - fp->fr_data = NULL; - } - return fp; - } - fp->fr_type = FR_T_IPF; -#ifdef IPFILTER_BPF - } else if (!strcmp(*cpp, "{")) { - struct bpf_program bpf; - struct pcap *p; - char **cp; - u_32_t l; - - if (fp->fr_type != FR_T_NONE) { - fprintf(stderr, - "%d: cannot mix BPF/ipf matching\n", linenum); - return NULL; - } - fp->fr_type = FR_T_BPFOPC; - cpp++; - if (!strncmp(*cpp, "0x", 2)) { - fp->fr_data = malloc(4); - for (cp = cpp, i = 0; *cp; cp++, i++) { - if (!strcmp(*cp, "}")) - break; - fp->fr_data = realloc(fp->fr_data, - (i + 1) * 4); - l = strtoul(*cp, NULL, 0); - ((u_32_t *)fp->fr_data)[i] = l; - } - if (!*cp) { - fprintf(stderr, "Missing closing '}'\n"); - return NULL; - } - fp->fr_dsize = i * sizeof(l); - bpf.bf_insns = fp->fr_data; - bpf.bf_len = fp->fr_dsize / sizeof(struct bpf_insn); - } else { - for (cp = cpp; *cp; cp++) { - if (!strcmp(*cp, "}")) - break; - (*cp)[-1] = ' '; - } - if (!*cp) { - fprintf(stderr, "Missing closing '}'\n"); - return NULL; - } - - bzero((char *)&bpf, sizeof(bpf)); - p = pcap_open_dead(DLT_RAW, 1); - if (!p) { - fprintf(stderr, "pcap_open_dead failed\n"); - return NULL; - } - - if (pcap_compile(p, &bpf, *cpp, 1, 0xffffffff)) { - pcap_perror(p, "ipf"); - pcap_close(p); - fprintf(stderr, "pcap parsing failed\n"); - return NULL; - } - pcap_close(p); - fp->fr_dsize = bpf.bf_len * sizeof(struct bpf_insn); - fp->fr_data = bpf.bf_insns; - if (!bpf_validate(fp->fr_data, bpf.bf_len)) { - fprintf(stderr, "BPF validation failed\n"); - return NULL; - } - if (opts & OPT_DEBUG) - bpf_dump(&bpf, 0); - } - cpp = cp; - (*cpp)++; -#endif - } else { - fp->fr_type = FR_T_IPF; - - if (strcasecmp(*cpp, "from")) { - fprintf(stderr, "%d: unexpected keyword (%s) - from\n", - linenum, *cpp); - return NULL; - } - if (!*++cpp) { - fprintf(stderr, "%d: missing host after from\n", - linenum); - return NULL; - } - if (**cpp == '!') { - fp->fr_flags |= FR_NOTSRCIP; - (*cpp)++; - } else if (!strcmp(*cpp, "!")) { - fp->fr_flags |= FR_NOTSRCIP; - cpp++; - } - - s = *cpp; - i = hostmask(&cpp, proto, fp->fr_ifname, (u_32_t *)&fp->fr_src, - (u_32_t *)&fp->fr_smsk, linenum); - if (i == -1) - return NULL; - if (*fp->fr_ifname && !strcasecmp(s, fp->fr_ifname)) - fp->fr_satype = FRI_DYNAMIC; - if (i == 1) { - if (fp->fr_v == 6) { - fprintf(stderr, - "can only use pools with ipv4\n"); - return NULL; - } - fp->fr_satype = FRI_LOOKUP; - } - - if (ports(&cpp, proto, &fp->fr_sport, &fp->fr_scmp, - &fp->fr_stop, linenum)) - return NULL; - - if (!*cpp) { - fprintf(stderr, "%d: missing to fields\n", linenum); - return NULL; - } - - /* - * do the same for the to field (destination host) - */ - if (strcasecmp(*cpp, "to")) { - fprintf(stderr, "%d: unexpected keyword (%s) - to\n", - linenum, *cpp); - return NULL; - } - if (!*++cpp) { - fprintf(stderr, "%d: missing host after to\n", linenum); - return NULL; - } - - if (**cpp == '!') { - fp->fr_flags |= FR_NOTDSTIP; - (*cpp)++; - } else if (!strcmp(*cpp, "!")) { - fp->fr_flags |= FR_NOTDSTIP; - cpp++; - } - - s = *cpp; - i = hostmask(&cpp, proto, fp->fr_ifname, (u_32_t *)&fp->fr_dst, - (u_32_t *)&fp->fr_dmsk, linenum); - if (i == -1) - return NULL; - if (*fp->fr_ifname && !strcasecmp(s, fp->fr_ifname)) - fp->fr_datype = FRI_DYNAMIC; - if (i == 1) { - if (fp->fr_v == 6) { - fprintf(stderr, - "can only use pools with ipv4\n"); - return NULL; - } - fp->fr_datype = FRI_LOOKUP; - } - - if (ports(&cpp, proto, &fp->fr_dport, &fp->fr_dcmp, - &fp->fr_dtop, linenum)) - return NULL; - } - - if (fp->fr_type == FR_T_IPF) { - /* - * check some sanity, make sure we don't have icmp checks - * with tcp or udp or visa versa. - */ - if (fp->fr_proto && (fp->fr_dcmp || fp->fr_scmp) && - fp->fr_proto != IPPROTO_TCP && - fp->fr_proto != IPPROTO_UDP) { - fprintf(stderr, - "%d: port operation on non tcp/udp\n",linenum); - return NULL; - } - if (fp->fr_icmp && fp->fr_proto != IPPROTO_ICMP) { - fprintf(stderr, - "%d: icmp comparisons on wrong protocol\n", - linenum); - return NULL; - } - - if (!*cpp) - return fp; - - if (*cpp && (fp->fr_type == FR_T_IPF) && - !strcasecmp(*cpp, "flags")) { - if (!*++cpp) { - fprintf(stderr, "%d: no flags present\n", - linenum); - return NULL; - } - fp->fr_tcpf = tcp_flags(*cpp, &fp->fr_tcpfm, linenum); - cpp++; - } - - /* - * extras... - */ - if ((fp->fr_v == 4) && *cpp && (!strcasecmp(*cpp, "with") || - !strcasecmp(*cpp, "and"))) - if (extras(&cpp, fp, linenum)) - return NULL; - - /* - * icmp types for use with the icmp protocol - */ - if (*cpp && !strcasecmp(*cpp, "icmp-type")) { - if (fp->fr_proto != IPPROTO_ICMP && - fp->fr_proto != IPPROTO_ICMPV6) { - fprintf(stderr, - "%d: icmp with wrong protocol (%d)\n", - linenum, fp->fr_proto); - return NULL; - } - if (addicmp(&cpp, fp, linenum)) - return NULL; - fp->fr_icmp = htons(fp->fr_icmp); - fp->fr_icmpm = htons(fp->fr_icmpm); - } - } - - /* - * Keep something... - */ - while (*cpp && !strcasecmp(*cpp, "keep")) - if (addkeep(&cpp, fp, linenum)) - return NULL; - - /* - * This is here to enforce the old interface binding behaviour. - * That is, "on X" is equivalent to "<dir> on X <!dir>-via -,X" - */ - if (fp->fr_flags & FR_KEEPSTATE) { - if (*fp->fr_ifnames[0] && !*fp->fr_ifnames[3]) { - bcopy(fp->fr_ifnames[0], fp->fr_ifnames[3], - sizeof(fp->fr_ifnames[3])); - strncpy(fp->fr_ifnames[2], "*", - sizeof(fp->fr_ifnames[3])); - } - } - - /* - * head of a new group ? - */ - if (*cpp && !strcasecmp(*cpp, "head")) { - if (fp->fr_arg != 0) { - fprintf(stderr, "%d: cannot use skip with head\n", - linenum); - return NULL; - } - if (!*++cpp) { - fprintf(stderr, "%d: head without group #\n", linenum); - return NULL; - } - if (strlen(*cpp) > FR_GROUPLEN) { - fprintf(stderr, "%d: head name too long #\n", linenum); - return NULL; - } - strncpy(fp->fr_grhead, *cpp, FR_GROUPLEN); - cpp++; - } - - /* - * reference to an already existing group ? - */ - if (*cpp && !strcasecmp(*cpp, "group")) { - if (!*++cpp) { - fprintf(stderr, "%d: group without group #\n", - linenum); - return NULL; - } - if (strlen(*cpp) > FR_GROUPLEN) { - fprintf(stderr, "%d: group name too long #\n", linenum); - return NULL; - } - strncpy(fp->fr_group, *cpp, FR_GROUPLEN); - cpp++; - } - - if (*cpp && !strcasecmp(*cpp, "tag")) { - if (!*++cpp) { - fprintf(stderr, "%d: tag id missing value\n", linenum); - return NULL; - } - fp->fr_tag = strtol(*cpp, NULL, 0); - cpp++; - } - - /* - * pps counter - */ - if (*cpp && !strcasecmp(*cpp, "pps")) { - if (!*++cpp) { - fprintf(stderr, "%d: pps without rate\n", linenum); - return NULL; - } - if (ratoui(*cpp, &k, 0, INT_MAX)) - fp->fr_pps = k; - else { - fprintf(stderr, "%d: invalid pps rate (%s)\n", - linenum, *cpp); - return NULL; - } - cpp++; - } - - /* - * leftovers...yuck - */ - if (*cpp && **cpp) { - fprintf(stderr, "%d: unknown words at end: [", linenum); - for (; *cpp; cpp++) - fprintf(stderr, "%s ", *cpp); - fprintf(stderr, "]\n"); - return NULL; - } - - /* - * lazy users... - */ - if (fp->fr_type == FR_T_IPF) { - if ((fp->fr_tcpf || fp->fr_tcpfm) && - (fp->fr_proto != IPPROTO_TCP)) { - fprintf(stderr, - "%d: TCP protocol not specified\n", linenum); - return NULL; - } - if (!(fp->fr_flx & FI_TCPUDP) && - (fp->fr_proto != IPPROTO_TCP) && - (fp->fr_proto != IPPROTO_UDP) && - (fp->fr_dcmp || fp->fr_scmp)) { - if (!fp->fr_proto) { - fp->fr_flx |= FI_TCPUDP; - fp->fr_mflx |= FI_TCPUDP; - } else { - fprintf(stderr, - "%d: port check for non-TCP/UDP\n", - linenum); - return NULL; - } - } - } - if (*fp->fr_oifname && strcmp(fp->fr_oifname, "*") && - !(fp->fr_flags & FR_KEEPSTATE)) { - fprintf(stderr, "%d: *-via <if> must be used %s\n", - linenum, "with keep-state"); - return NULL; - } - return fp; -} diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c deleted file mode 100644 index d8bf1d9..0000000 --- a/contrib/ipfilter/lib/portname.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2000-2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: portname.c,v 1.7.2.1 2006/06/16 17:21:09 darrenr Exp $ - */ -#include "ipf.h" - - -char *portname(pr, port) -int pr, port; -{ - static char buf[32]; - struct protoent *p = NULL; - struct servent *sv = NULL, *sv1 = NULL; - - if ((opts & OPT_NORESOLVE) == 0) { - if (pr == -1) { - if ((sv = getservbyport(htons(port), "tcp"))) { - strncpy(buf, sv->s_name, sizeof(buf)-1); - buf[sizeof(buf)-1] = '\0'; - sv1 = getservbyport(htons(port), "udp"); - sv = strncasecmp(buf, sv->s_name, strlen(buf)) ? - NULL : sv1; - } - if (sv) - return buf; - } else if ((pr != -2) && (p = getprotobynumber(pr))) { - if ((sv = getservbyport(htons(port), p->p_name))) { - strncpy(buf, sv->s_name, sizeof(buf)-1); - buf[sizeof(buf)-1] = '\0'; - return buf; - } - } - } - - (void) sprintf(buf, "%d", port); - return buf; -} diff --git a/contrib/ipfilter/lib/portnum.c b/contrib/ipfilter/lib/portnum.c deleted file mode 100644 index 4079f46..0000000 --- a/contrib/ipfilter/lib/portnum.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * - * $Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - - -/* - * find the port number given by the name, either from getservbyname() or - * straight atoi(). Return 1 on success, 0 on failure - */ -int portnum(name, proto, port, linenum) -char *name, *proto; -u_short *port; -int linenum; -{ - struct servent *sp, *sp2; - u_short p1 = 0; - int i; - - if (ISDIGIT(*name)) { - if (ratoi(name, &i, 0, USHRT_MAX)) { - *port = (u_short)i; - return 1; - } - fprintf(stderr, "%d: unknown port \"%s\"\n", linenum, name); - return 0; - } - if (proto != NULL && strcasecmp(proto, "tcp/udp") != 0) { - sp = getservbyname(name, proto); - if (sp) { - *port = ntohs(sp->s_port); - return 1; - } - fprintf(stderr, "%d: unknown service \"%s\".\n", linenum, name); - return 0; - } - sp = getservbyname(name, "tcp"); - if (sp) - p1 = sp->s_port; - sp2 = getservbyname(name, "udp"); - if (!sp || !sp2) { - fprintf(stderr, "%d: unknown tcp/udp service \"%s\".\n", - linenum, name); - return 0; - } - if (p1 != sp2->s_port) { - fprintf(stderr, "%d: %s %d/tcp is a different port to ", - linenum, name, p1); - fprintf(stderr, "%d: %s %d/udp\n", linenum, name, sp->s_port); - return 0; - } - *port = ntohs(p1); - return 1; -} diff --git a/contrib/ipfilter/lib/ports.c b/contrib/ipfilter/lib/ports.c deleted file mode 100644 index 9a44e2c..0000000 --- a/contrib/ipfilter/lib/ports.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - - -/* - * check for possible presence of the port fields in the line - */ -int ports(seg, proto, pp, cp, tp, linenum) -char ***seg; -char *proto; -u_short *pp; -int *cp; -u_short *tp; -int linenum; -{ - int comp = -1; - - if (!*seg || !**seg || !***seg) - return 0; - if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) { - (*seg)++; - if (ISALNUM(***seg) && *(*seg + 2)) { - if (portnum(**seg, proto, pp, linenum) == 0) - return -1; - (*seg)++; - if (!strcmp(**seg, "<>")) - comp = FR_OUTRANGE; - else if (!strcmp(**seg, "><")) - comp = FR_INRANGE; - else { - fprintf(stderr, - "%d: unknown range operator (%s)\n", - linenum, **seg); - return -1; - } - (*seg)++; - if (**seg == NULL) { - fprintf(stderr, "%d: missing 2nd port value\n", - linenum); - return -1; - } - if (portnum(**seg, proto, tp, linenum) == 0) - return -1; - } else if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq")) - comp = FR_EQUAL; - else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne")) - comp = FR_NEQUAL; - else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt")) - comp = FR_LESST; - else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt")) - comp = FR_GREATERT; - else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le")) - comp = FR_LESSTE; - else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge")) - comp = FR_GREATERTE; - else { - fprintf(stderr, "%d: unknown comparator (%s)\n", - linenum, **seg); - return -1; - } - if (comp != FR_OUTRANGE && comp != FR_INRANGE) { - (*seg)++; - if (portnum(**seg, proto, pp, linenum) == 0) - return -1; - } - *cp = comp; - (*seg)++; - } - return 0; -} diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c deleted file mode 100644 index 696fcd3..0000000 --- a/contrib/ipfilter/lib/print_toif.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: print_toif.c,v 1.8.4.1 2006/06/16 17:21:09 darrenr Exp $ - */ - -#include "ipf.h" - - -void print_toif(tag, fdp) -char *tag; -frdest_t *fdp; -{ - printf("%s %s%s", tag, fdp->fd_ifname, - (fdp->fd_ifp || (long)fdp->fd_ifp == -1) ? "" : "(!)"); -#ifdef USE_INET6 - if (use_inet6 && IP6_NOTZERO(&fdp->fd_ip6.in6)) { - char ipv6addr[80]; - - inet_ntop(AF_INET6, &fdp->fd_ip6, ipv6addr, - sizeof(fdp->fd_ip6)); - printf(":%s", ipv6addr); - } else -#endif - if (fdp->fd_ip.s_addr) - printf(":%s", inet_ntoa(fdp->fd_ip)); - putchar(' '); -} diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c deleted file mode 100644 index 99f3e58..0000000 --- a/contrib/ipfilter/lib/printactivenat.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com) - */ - -#include "ipf.h" - - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.7 2006/12/12 16:13:00 darrenr Exp $"; -#endif - - -void printactivenat(nat, opts, alive, now) -nat_t *nat; -int opts, alive; -u_long now; -{ - - printf("%s", getnattype(nat, alive)); - - if (nat->nat_flags & SI_CLONE) - printf(" CLONE"); - - printf(" %-15s", inet_ntoa(nat->nat_inip)); - - if ((nat->nat_flags & IPN_TCPUDP) != 0) - printf(" %-5hu", ntohs(nat->nat_inport)); - - printf(" <- -> %-15s",inet_ntoa(nat->nat_outip)); - - if ((nat->nat_flags & IPN_TCPUDP) != 0) - printf(" %-5hu", ntohs(nat->nat_outport)); - - printf(" [%s", inet_ntoa(nat->nat_oip)); - if ((nat->nat_flags & IPN_TCPUDP) != 0) - printf(" %hu", ntohs(nat->nat_oport)); - printf("]"); - - if (opts & OPT_VERBOSE) { - printf("\n\tttl %lu use %hu sumd %s/", - nat->nat_age - now, nat->nat_use, - getsumd(nat->nat_sumd[0])); - printf("%s pr %u bkt %d/%d flags %x\n", - getsumd(nat->nat_sumd[1]), nat->nat_p, - nat->nat_hv[0], nat->nat_hv[1], nat->nat_flags); - printf("\tifp %s", getifname(nat->nat_ifps[0])); - printf(",%s ", getifname(nat->nat_ifps[1])); -#ifdef USE_QUAD_T - printf("bytes %qu/%qu pkts %qu/%qu", - (unsigned long long)nat->nat_bytes[0], - (unsigned long long)nat->nat_bytes[1], - (unsigned long long)nat->nat_pkts[0], - (unsigned long long)nat->nat_pkts[1]); -#else - printf("bytes %lu/%lu pkts %lu/%lu", nat->nat_bytes[0], - nat->nat_bytes[1], nat->nat_pkts[0], nat->nat_pkts[1]); -#endif - printf(" ipsumd %x", nat->nat_ipsumd); - } - - if (opts & OPT_DEBUG) { - printf("\n\tnat_next %p _pnext %p _hm %p\n", - nat->nat_next, nat->nat_pnext, nat->nat_hm); - printf("\t_hnext %p/%p _phnext %p/%p\n", - nat->nat_hnext[0], nat->nat_hnext[1], - nat->nat_phnext[0], nat->nat_phnext[1]); - printf("\t_data %p _me %p _state %p _aps %p\n", - nat->nat_data, nat->nat_me, nat->nat_state, nat->nat_aps); - printf("\tfr %p ptr %p ifps %p/%p sync %p\n", - nat->nat_fr, nat->nat_ptr, nat->nat_ifps[0], - nat->nat_ifps[1], nat->nat_sync); - printf("\ttqe:pnext %p next %p ifq %p parent %p/%p\n", - nat->nat_tqe.tqe_pnext, nat->nat_tqe.tqe_next, - nat->nat_tqe.tqe_ifq, nat->nat_tqe.tqe_parent, nat); - printf("\ttqe:die %ld touched %ld flags %x state %d/%d\n", - nat->nat_tqe.tqe_die, nat->nat_tqe.tqe_touched, - nat->nat_tqe.tqe_flags, nat->nat_tqe.tqe_state[0], - nat->nat_tqe.tqe_state[1]); - } - putchar('\n'); -} diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c deleted file mode 100644 index c0c36d4..0000000 --- a/contrib/ipfilter/lib/printaps.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com) - */ - -#include "ipf.h" -#include "kmem.h" - - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4.2.1 2006/06/16 17:21:10 darrenr Exp $"; -#endif - - -void printaps(aps, opts) -ap_session_t *aps; -int opts; -{ - ipsec_pxy_t ipsec; - ap_session_t ap; - ftpinfo_t ftp; - aproxy_t apr; - raudio_t ra; - - if (kmemcpy((char *)&ap, (long)aps, sizeof(ap))) - return; - if (kmemcpy((char *)&apr, (long)ap.aps_apr, sizeof(apr))) - return; - printf("\tproxy %s/%d use %d flags %x\n", apr.apr_label, - apr.apr_p, apr.apr_ref, apr.apr_flags); - printf("\t\tproto %d flags %#x bytes ", ap.aps_p, ap.aps_flags); -#ifdef USE_QUAD_T - printf("%qu pkts %qu", (unsigned long long)ap.aps_bytes, - (unsigned long long)ap.aps_pkts); -#else - printf("%lu pkts %lu", ap.aps_bytes, ap.aps_pkts); -#endif - printf(" data %s size %d\n", ap.aps_data ? "YES" : "NO", ap.aps_psiz); - if ((ap.aps_p == IPPROTO_TCP) && (opts & OPT_VERBOSE)) { - printf("\t\tstate[%u,%u], sel[%d,%d]\n", - ap.aps_state[0], ap.aps_state[1], - ap.aps_sel[0], ap.aps_sel[1]); -#if (defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011)) || \ - (__FreeBSD_version >= 300000) || defined(OpenBSD) - printf("\t\tseq: off %hd/%hd min %x/%x\n", - ap.aps_seqoff[0], ap.aps_seqoff[1], - ap.aps_seqmin[0], ap.aps_seqmin[1]); - printf("\t\tack: off %hd/%hd min %x/%x\n", - ap.aps_ackoff[0], ap.aps_ackoff[1], - ap.aps_ackmin[0], ap.aps_ackmin[1]); -#else - printf("\t\tseq: off %hd/%hd min %lx/%lx\n", - ap.aps_seqoff[0], ap.aps_seqoff[1], - ap.aps_seqmin[0], ap.aps_seqmin[1]); - printf("\t\tack: off %hd/%hd min %lx/%lx\n", - ap.aps_ackoff[0], ap.aps_ackoff[1], - ap.aps_ackmin[0], ap.aps_ackmin[1]); -#endif - } - - if (!strcmp(apr.apr_label, "raudio") && ap.aps_psiz == sizeof(ra)) { - if (kmemcpy((char *)&ra, (long)ap.aps_data, sizeof(ra))) - return; - printf("\tReal Audio Proxy:\n"); - printf("\t\tSeen PNA: %d\tVersion: %d\tEOS: %d\n", - ra.rap_seenpna, ra.rap_version, ra.rap_eos); - printf("\t\tMode: %#x\tSBF: %#x\n", ra.rap_mode, ra.rap_sbf); - printf("\t\tPorts:pl %hu, pr %hu, sr %hu\n", - ra.rap_plport, ra.rap_prport, ra.rap_srport); - } else if (!strcmp(apr.apr_label, "ftp") && - (ap.aps_psiz == sizeof(ftp))) { - if (kmemcpy((char *)&ftp, (long)ap.aps_data, sizeof(ftp))) - return; - printf("\tFTP Proxy:\n"); - printf("\t\tpassok: %d\n", ftp.ftp_passok); - ftp.ftp_side[0].ftps_buf[FTP_BUFSZ - 1] = '\0'; - ftp.ftp_side[1].ftps_buf[FTP_BUFSZ - 1] = '\0'; - printf("\tClient:\n"); - printf("\t\tseq %x (ack %x) len %d junk %d cmds %d\n", - ftp.ftp_side[0].ftps_seq[0], - ftp.ftp_side[0].ftps_seq[1], - ftp.ftp_side[0].ftps_len, ftp.ftp_side[0].ftps_junk, - ftp.ftp_side[0].ftps_cmds); - printf("\t\tbuf ["); - printbuf(ftp.ftp_side[0].ftps_buf, FTP_BUFSZ, 1); - printf("]\n\tServer:\n"); - printf("\t\tseq %x (ack %x) len %d junk %d cmds %d\n", - ftp.ftp_side[1].ftps_seq[0], - ftp.ftp_side[1].ftps_seq[1], - ftp.ftp_side[1].ftps_len, ftp.ftp_side[1].ftps_junk, - ftp.ftp_side[1].ftps_cmds); - printf("\t\tbuf ["); - printbuf(ftp.ftp_side[1].ftps_buf, FTP_BUFSZ, 1); - printf("]\n"); - } else if (!strcmp(apr.apr_label, "ipsec") && - (ap.aps_psiz == sizeof(ipsec))) { - if (kmemcpy((char *)&ipsec, (long)ap.aps_data, sizeof(ipsec))) - return; - printf("\tIPSec Proxy:\n"); - printf("\t\tICookie %08x%08x RCookie %08x%08x %s\n", - (u_int)ntohl(ipsec.ipsc_icookie[0]), - (u_int)ntohl(ipsec.ipsc_icookie[1]), - (u_int)ntohl(ipsec.ipsc_rcookie[0]), - (u_int)ntohl(ipsec.ipsc_rcookie[1]), - ipsec.ipsc_rckset ? "(Set)" : "(Not set)"); - } -} diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c deleted file mode 100644 index bc097e0..0000000 --- a/contrib/ipfilter/lib/printbuf.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (C) 2000-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printbuf.c,v 1.5.4.2 2006/06/16 17:21:10 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - - -void printbuf(buf, len, zend) -char *buf; -int len, zend; -{ - char *s, c; - int i; - - for (s = buf, i = len; i; i--) { - c = *s++; - if (ISPRINT(c)) - putchar(c); - else - printf("\\%03o", c); - if ((c == '\0') && zend) - break; - } -} diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c deleted file mode 100644 index 0750694..0000000 --- a/contrib/ipfilter/lib/printfr.c +++ /dev/null @@ -1,479 +0,0 @@ -/* - * Copyright (C) 2000-2006 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printfr.c,v 1.43.2.18 2007/05/07 06:55:38 darrenr Exp $ - */ - -#include "ipf.h" - -static void printaddr(int, int, char *, u_32_t *, u_32_t *); - -static void printaddr(v, type, ifname, addr, mask) -int v, type; -char *ifname; -u_32_t *addr, *mask; -{ - char *suffix; - - switch (type) - { - case FRI_BROADCAST : - suffix = "bcast"; - break; - - case FRI_DYNAMIC : - printf("%s", ifname); - printmask(mask); - suffix = NULL; - break; - - case FRI_NETWORK : - suffix = "net"; - break; - - case FRI_NETMASKED : - suffix = "netmasked"; - break; - - case FRI_PEERADDR : - suffix = "peer"; - break; - - case FRI_LOOKUP : - suffix = NULL; - printlookup((i6addr_t *)addr, (i6addr_t *)mask); - break; - - case FRI_NORMAL : - printhostmask(v, addr, mask); - suffix = NULL; - break; - default : - printf("<%d>", type); - printmask(mask); - suffix = NULL; - break; - } - - if (suffix != NULL) { - printf("%s/%s", ifname, suffix); - } -} - - -void printlookup(addr, mask) -i6addr_t *addr, *mask; -{ - switch (addr->iplookuptype) - { - case IPLT_POOL : - printf("pool/"); - break; - case IPLT_HASH : - printf("hash/"); - break; - default : - printf("lookup(%x)=", addr->iplookuptype); - break; - } - - printf("%u", addr->iplookupnum); - if (mask->iplookupptr == NULL) - printf("(!)"); -} - - -/* - * print the filter structure in a useful way - */ -void printfr(fp, iocfunc) -struct frentry *fp; -ioctlfunc_t iocfunc; -{ - struct protoent *p; - u_short sec[2]; - u_32_t type; - u_char *t; - char *s; - int pr; - - pr = -2; - type = fp->fr_type & ~FR_T_BUILTIN; - - if ((fp->fr_type & FR_T_BUILTIN) != 0) - printf("# Builtin: "); - - if (fp->fr_collect != 0) - printf("%u ", fp->fr_collect); - - if (fp->fr_type == FR_T_CALLFUNC) { - ; - } else if (fp->fr_func != NULL) { - printf("call"); - if ((fp->fr_flags & FR_CALLNOW) != 0) - printf(" now"); - s = kvatoname(fp->fr_func, iocfunc); - printf(" %s/%u", s ? s : "?", fp->fr_arg); - } else if (FR_ISPASS(fp->fr_flags)) - printf("pass"); - else if (FR_ISBLOCK(fp->fr_flags)) { - printf("block"); - } else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) { - printlog(fp); - } else if (FR_ISACCOUNT(fp->fr_flags)) - printf("count"); - else if (FR_ISAUTH(fp->fr_flags)) - printf("auth"); - else if (FR_ISPREAUTH(fp->fr_flags)) - printf("preauth"); - else if (FR_ISNOMATCH(fp->fr_flags)) - printf("nomatch"); - else if (FR_ISSKIP(fp->fr_flags)) - printf("skip %u", fp->fr_arg); - else { - printf("%x", fp->fr_flags); - } - if (fp->fr_flags & FR_RETICMP) { - if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP) - printf(" return-icmp-as-dest"); - else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP) - printf(" return-icmp"); - if (fp->fr_icode) { - if (fp->fr_icode <= MAX_ICMPCODE) - printf("(%s)", - icmpcodes[(int)fp->fr_icode]); - else - printf("(%d)", fp->fr_icode); - } - } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST) - printf(" return-rst"); - - if (fp->fr_flags & FR_OUTQUE) - printf(" out "); - else - printf(" in "); - - if (((fp->fr_flags & FR_LOGB) == FR_LOGB) || - ((fp->fr_flags & FR_LOGP) == FR_LOGP)) { - printlog(fp); - putchar(' '); - } - - if (fp->fr_flags & FR_QUICK) - printf("quick "); - - if (*fp->fr_ifname) { - printifname("on ", fp->fr_ifname, fp->fr_ifa); - if (*fp->fr_ifnames[1] && strcmp(fp->fr_ifnames[1], "*")) - printifname(",", fp->fr_ifnames[1], fp->fr_ifas[1]); - putchar(' '); - } - - if (*fp->fr_dif.fd_ifname || (fp->fr_flags & FR_DUP)) - print_toif("dup-to", &fp->fr_dif); - if (*fp->fr_tif.fd_ifname) - print_toif("to", &fp->fr_tif); - if (*fp->fr_rif.fd_ifname) - print_toif("reply-to", &fp->fr_rif); - if (fp->fr_flags & FR_FASTROUTE) - printf("fastroute "); - - if ((*fp->fr_ifnames[2] && strcmp(fp->fr_ifnames[2], "*")) || - (*fp->fr_ifnames[3] && strcmp(fp->fr_ifnames[3], "*"))) { - if (fp->fr_flags & FR_OUTQUE) - printf("in-via "); - else - printf("out-via "); - - if (*fp->fr_ifnames[2]) { - printifname("", fp->fr_ifnames[2], - fp->fr_ifas[2]); - if (*fp->fr_ifnames[3]) { - printifname(",", fp->fr_ifnames[3], - fp->fr_ifas[3]); - } - putchar(' '); - } - } - - if (type == FR_T_IPF) { - if (fp->fr_mip.fi_tos) - printf("tos %#x ", fp->fr_tos); - if (fp->fr_mip.fi_ttl) - printf("ttl %d ", fp->fr_ttl); - if (fp->fr_flx & FI_TCPUDP) { - printf("proto tcp/udp "); - pr = -1; - } else if (fp->fr_mip.fi_p) { - pr = fp->fr_ip.fi_p; - p = getprotobynumber(pr); - printf("proto "); - printproto(p, pr, NULL); - putchar(' '); - } - } - - if (type == FR_T_NONE) { - printf("all"); - } else if (type == FR_T_IPF) { - printf("from %s", fp->fr_flags & FR_NOTSRCIP ? "!" : ""); - printaddr(fp->fr_v, fp->fr_satype, fp->fr_ifname, - &fp->fr_src.s_addr, &fp->fr_smsk.s_addr); - if (fp->fr_scmp) - printportcmp(pr, &fp->fr_tuc.ftu_src); - - printf(" to %s", fp->fr_flags & FR_NOTDSTIP ? "!" : ""); - printaddr(fp->fr_v, fp->fr_datype, fp->fr_ifname, - &fp->fr_dst.s_addr, &fp->fr_dmsk.s_addr); - if (fp->fr_dcmp) - printportcmp(pr, &fp->fr_tuc.ftu_dst); - - if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm) { - int type = fp->fr_icmp, code; - - type = ntohs(fp->fr_icmp); - code = type & 0xff; - type /= 256; - if (type < (sizeof(icmptypes) / sizeof(char *) - 1) && - icmptypes[type]) - printf(" icmp-type %s", icmptypes[type]); - else - printf(" icmp-type %d", type); - if (ntohs(fp->fr_icmpm) & 0xff) - printf(" code %d", code); - } - if ((fp->fr_proto == IPPROTO_TCP) && - (fp->fr_tcpf || fp->fr_tcpfm)) { - printf(" flags "); - if (fp->fr_tcpf & ~TCPF_ALL) - printf("0x%x", fp->fr_tcpf); - else - for (s = flagset, t = flags; *s; s++, t++) - if (fp->fr_tcpf & *t) - (void)putchar(*s); - if (fp->fr_tcpfm) { - (void)putchar('/'); - if (fp->fr_tcpfm & ~TCPF_ALL) - printf("0x%x", fp->fr_tcpfm); - else - for (s = flagset, t = flags; *s; - s++, t++) - if (fp->fr_tcpfm & *t) - (void)putchar(*s); - } - } - } else if (type == FR_T_BPFOPC) { - fakebpf_t *fb; - int i; - - printf("bpf-v%d { \"", fp->fr_v); - i = fp->fr_dsize / sizeof(*fb); - - for (fb = fp->fr_data, s = ""; i; i--, fb++, s = " ") - printf("%s%#x %#x %#x %#x", s, fb->fb_c, fb->fb_t, - fb->fb_f, fb->fb_k); - - printf("\" }"); - } else if (type == FR_T_COMPIPF) { - ; - } else if (type == FR_T_CALLFUNC) { - printf("call function at %p", fp->fr_data); - } else { - printf("[unknown filter type %#x]", fp->fr_type); - } - - if ((type == FR_T_IPF) && - ((fp->fr_flx & FI_WITH) || (fp->fr_mflx & FI_WITH) || - fp->fr_optbits || fp->fr_optmask || - fp->fr_secbits || fp->fr_secmask)) { - char *comma = " "; - - printf(" with"); - if (fp->fr_optbits || fp->fr_optmask || - fp->fr_secbits || fp->fr_secmask) { - sec[0] = fp->fr_secmask; - sec[1] = fp->fr_secbits; - if (fp->fr_v == 4) - optprint(sec, fp->fr_optmask, fp->fr_optbits); -#ifdef USE_INET6 - else - optprintv6(sec, fp->fr_optmask, - fp->fr_optbits); -#endif - } else if (fp->fr_mflx & FI_OPTIONS) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_OPTIONS)) - printf("not "); - printf("ipopts"); - comma = ","; - } - if (fp->fr_mflx & FI_SHORT) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_SHORT)) - printf("not "); - printf("short"); - comma = ","; - } - if (fp->fr_mflx & FI_FRAG) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_FRAG)) - printf("not "); - printf("frag"); - comma = ","; - } - if (fp->fr_mflx & FI_FRAGBODY) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_FRAGBODY)) - printf("not "); - printf("frag-body"); - comma = ","; - } - if (fp->fr_mflx & FI_NATED) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_NATED)) - printf("not "); - printf("nat"); - comma = ","; - } - if (fp->fr_mflx & FI_LOWTTL) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_LOWTTL)) - printf("not "); - printf("lowttl"); - comma = ","; - } - if (fp->fr_mflx & FI_BAD) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_BAD)) - printf("not "); - printf("bad"); - comma = ","; - } - if (fp->fr_mflx & FI_BADSRC) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_BADSRC)) - printf("not "); - printf("bad-src"); - comma = ","; - } - if (fp->fr_mflx & FI_BADNAT) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_BADNAT)) - printf("not "); - printf("bad-nat"); - comma = ","; - } - if (fp->fr_mflx & FI_OOW) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_OOW)) - printf("not "); - printf("oow"); - comma = ","; - } - if (fp->fr_mflx & FI_MBCAST) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_MBCAST)) - printf("not "); - printf("mbcast"); - comma = ","; - } - if (fp->fr_mflx & FI_BROADCAST) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_BROADCAST)) - printf("not "); - printf("bcast"); - comma = ","; - } - if (fp->fr_mflx & FI_MULTICAST) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_MULTICAST)) - printf("not "); - printf("mcast"); - comma = ","; - } - if (fp->fr_mflx & FI_STATE) { - fputs(comma, stdout); - if (!(fp->fr_flx & FI_STATE)) - printf("not "); - printf("state"); - comma = ","; - } - } - - if (fp->fr_flags & FR_KEEPSTATE) { - printf(" keep state"); - if ((fp->fr_flags & (FR_STSTRICT|FR_NEWISN|FR_NOICMPERR|FR_STATESYNC)) || - (fp->fr_statemax != 0) || (fp->fr_age[0] != 0)) { - char *comma = ""; - printf(" ("); - if (fp->fr_statemax != 0) { - printf("limit %u", fp->fr_statemax); - comma = ","; - } - if (fp->fr_flags & FR_STSTRICT) { - printf("%sstrict", comma); - comma = ","; - } - if (fp->fr_flags & FR_NEWISN) { - printf("%snewisn", comma); - comma = ","; - } - if (fp->fr_flags & FR_NOICMPERR) { - printf("%sno-icmp-err", comma); - comma = ","; - } - if (fp->fr_flags & FR_STATESYNC) { - printf("%ssync", comma); - comma = ","; - } - if (fp->fr_age[0] || fp->fr_age[1]) - printf("%sage %d/%d", comma, fp->fr_age[0], - fp->fr_age[1]); - printf(")"); - } - } - if (fp->fr_flags & FR_KEEPFRAG) { - printf(" keep frags"); - if (fp->fr_flags & (FR_FRSTRICT)) { - printf(" ("); - if (fp->fr_flags & FR_FRSTRICT) - printf("strict"); - printf(")"); - - } - } - if (fp->fr_isc != (struct ipscan *)-1) { - if (fp->fr_isctag[0]) - printf(" scan %s", fp->fr_isctag); - else - printf(" scan *"); - } - if (*fp->fr_grhead != '\0') - printf(" head %s", fp->fr_grhead); - if (*fp->fr_group != '\0') - printf(" group %s", fp->fr_group); - if (fp->fr_logtag != FR_NOLOGTAG || *fp->fr_nattag.ipt_tag) { - char *s = ""; - - printf(" set-tag("); - if (fp->fr_logtag != FR_NOLOGTAG) { - printf("log=%u", fp->fr_logtag); - s = ", "; - } - if (*fp->fr_nattag.ipt_tag) { - printf("%snat=%-.*s", s, IPFTAG_LEN, - fp->fr_nattag.ipt_tag); - } - printf(")"); - } - - if (fp->fr_pps) - printf(" pps %d", fp->fr_pps); - - if ((fp->fr_flags & FR_KEEPSTATE) && (opts & OPT_VERBOSE)) { - printf(" # count %d", fp->fr_statecnt); - } - (void)putchar('\n'); -} diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c deleted file mode 100644 index 012df06..0000000 --- a/contrib/ipfilter/lib/printfraginfo.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (C) 2004-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printfraginfo.c,v 1.1.2.5 2006/12/25 15:10:37 darrenr Exp $ - */ -#include "ipf.h" -#include "kmem.h" - -void printfraginfo(prefix, ifr) -char *prefix; -struct ipfr *ifr; -{ - frentry_t fr; - - fr.fr_flags = 0xffffffff; - - printf("%s%s -> ", prefix, hostname(4, &ifr->ipfr_src)); -/* - if (kmemcpy((char *)&fr, (u_long)ifr->ipfr_rule, - sizeof(fr)) == -1) - return; -*/ - printf("%s id %d ttl %ld pr %d seen0 %d ref %d tos %#02x\n", - hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_ttl, - ifr->ipfr_p, ifr->ipfr_seen0, ifr->ipfr_ref, ifr->ipfr_tos); -} diff --git a/contrib/ipfilter/lib/printhash.c b/contrib/ipfilter/lib/printhash.c deleted file mode 100644 index 8e7948b..0000000 --- a/contrib/ipfilter/lib/printhash.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - - -iphtable_t *printhash(hp, copyfunc, name, opts) -iphtable_t *hp; -copyfunc_t copyfunc; -char *name; -int opts; -{ - iphtent_t *ipep, **table; - iphtable_t iph; - int printed; - size_t sz; - - if ((*copyfunc)((char *)hp, (char *)&iph, sizeof(iph))) - return NULL; - - if ((name != NULL) && strncmp(name, iph.iph_name, FR_GROUPLEN)) - return iph.iph_next; - - printhashdata(hp, opts); - - if ((hp->iph_flags & IPHASH_DELETE) != 0) - PRINTF("# "); - - if ((opts & OPT_DEBUG) == 0) - PRINTF("\t{"); - - sz = iph.iph_size * sizeof(*table); - table = malloc(sz); - if ((*copyfunc)((char *)iph.iph_table, (char *)table, sz)) - return NULL; - - for (printed = 0, ipep = iph.iph_list; ipep != NULL; ) { - ipep = printhashnode(&iph, ipep, copyfunc, opts); - printed++; - } - if (printed == 0) - putchar(';'); - - free(table); - - if ((opts & OPT_DEBUG) == 0) - PRINTF(" };\n"); - - return iph.iph_next; -} diff --git a/contrib/ipfilter/lib/printhash_live.c b/contrib/ipfilter/lib/printhash_live.c deleted file mode 100644 index 1afe632..0000000 --- a/contrib/ipfilter/lib/printhash_live.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ipl.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - - -iphtable_t *printhash_live(hp, fd, name, opts) -iphtable_t *hp; -int fd; -char *name; -int opts; -{ - iphtent_t entry, *top, *node; - ipflookupiter_t iter; - int printed, last; - ipfobj_t obj; - - if ((name != NULL) && strncmp(name, hp->iph_name, FR_GROUPLEN)) - return hp->iph_next; - - printhashdata(hp, opts); - - if ((hp->iph_flags & IPHASH_DELETE) != 0) - PRINTF("# "); - - if ((opts & OPT_DEBUG) == 0) - PRINTF("\t{"); - - obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_type = IPFOBJ_LOOKUPITER; - obj.ipfo_ptr = &iter; - obj.ipfo_size = sizeof(iter); - - iter.ili_data = &entry; - iter.ili_type = IPLT_HASH; - iter.ili_otype = IPFLOOKUPITER_NODE; - iter.ili_ival = IPFGENITER_LOOKUP; - iter.ili_unit = hp->iph_unit; - strncpy(iter.ili_name, hp->iph_name, FR_GROUPLEN); - - last = 0; - top = NULL; - printed = 0; - - while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) { - if (entry.ipe_next == NULL) - last = 1; - entry.ipe_next = top; - top = malloc(sizeof(*top)); - if (top == NULL) - break; - bcopy(&entry, top, sizeof(entry)); - } - - while (top != NULL) { - node = top; - (void) printhashnode(hp, node, bcopywrap, opts); - top = node->ipe_next; - free(node); - printed++; - } - - if (printed == 0) - putchar(';'); - - if ((opts & OPT_DEBUG) == 0) - PRINTF(" };\n"); - return hp->iph_next; -} diff --git a/contrib/ipfilter/lib/printhashdata.c b/contrib/ipfilter/lib/printhashdata.c deleted file mode 100644 index d278c36..0000000 --- a/contrib/ipfilter/lib/printhashdata.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - - -void printhashdata(hp, opts) -iphtable_t *hp; -int opts; -{ - - if ((opts & OPT_DEBUG) == 0) { - if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON) - PRINTF("# 'anonymous' table\n"); - if ((hp->iph_flags & IPHASH_DELETE) == IPHASH_DELETE) - PRINTF("# "); - switch (hp->iph_type & ~IPHASH_ANON) - { - case IPHASH_LOOKUP : - PRINTF("table"); - break; - case IPHASH_GROUPMAP : - PRINTF("group-map"); - if (hp->iph_flags & FR_INQUE) - PRINTF(" in"); - else if (hp->iph_flags & FR_OUTQUE) - PRINTF(" out"); - else - PRINTF(" ???"); - break; - default : - PRINTF("%#x", hp->iph_type); - break; - } - PRINTF(" role = "); - } else { - PRINTF("Hash Table %s: %s", - isdigit(*hp->iph_name) ? "Number" : "Name", - hp->iph_name); - if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON) - PRINTF("(anon)"); - putchar(' '); - PRINTF("Role: "); - } - - switch (hp->iph_unit) - { - case IPL_LOGNAT : - PRINTF("nat"); - break; - case IPL_LOGIPF : - PRINTF("ipf"); - break; - case IPL_LOGAUTH : - PRINTF("auth"); - break; - case IPL_LOGCOUNT : - PRINTF("count"); - break; - default : - PRINTF("#%d", hp->iph_unit); - break; - } - - if ((opts & OPT_DEBUG) == 0) { - if ((hp->iph_type & ~IPHASH_ANON) == IPHASH_LOOKUP) - PRINTF(" type = hash"); - PRINTF(" %s = %s size = %lu", - isdigit(*hp->iph_name) ? "number" : "name", - hp->iph_name, (u_long)hp->iph_size); - if (hp->iph_seed != 0) - PRINTF(" seed = %lu", hp->iph_seed); - putchar('\n'); - } else { - PRINTF(" Type: "); - switch (hp->iph_type & ~IPHASH_ANON) - { - case IPHASH_LOOKUP : - PRINTF("lookup"); - break; - case IPHASH_GROUPMAP : - PRINTF("groupmap Group. %s", hp->iph_name); - break; - default : - break; - } - - putchar('\n'); - PRINTF("\t\tSize: %lu\tSeed: %lu", - (u_long)hp->iph_size, hp->iph_seed); - PRINTF("\tRef. Count: %d\tMasks: %#x\n", hp->iph_ref, - hp->iph_masks); - } - - if ((opts & OPT_DEBUG) != 0) { - struct in_addr m; - int i; - - for (i = 0; i < 32; i++) { - if ((1 << i) & hp->iph_masks) { - ntomask(4, i, &m.s_addr); - PRINTF("\t\tMask: %s\n", inet_ntoa(m)); - } - } - } -} diff --git a/contrib/ipfilter/lib/printhashnode.c b/contrib/ipfilter/lib/printhashnode.c deleted file mode 100644 index 9b51af9..0000000 --- a/contrib/ipfilter/lib/printhashnode.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - -iphtent_t *printhashnode(iph, ipep, copyfunc, opts) -iphtable_t *iph; -iphtent_t *ipep; -copyfunc_t copyfunc; -int opts; -{ - iphtent_t ipe; - - if ((*copyfunc)(ipep, &ipe, sizeof(ipe))) - return NULL; - - ipe.ipe_addr.in4_addr = htonl(ipe.ipe_addr.in4_addr); - ipe.ipe_mask.in4_addr = htonl(ipe.ipe_mask.in4_addr); - - if ((opts & OPT_DEBUG) != 0) { - PRINTF("\tAddress: %s", - inet_ntoa(ipe.ipe_addr.in4)); - printmask((u_32_t *)&ipe.ipe_mask.in4_addr); - PRINTF("\tRef. Count: %d\tGroup: %s\n", ipe.ipe_ref, - ipe.ipe_group); - } else { - putchar(' '); - printip((u_32_t *)&ipe.ipe_addr.in4_addr); - printmask((u_32_t *)&ipe.ipe_mask.in4_addr); - if (ipe.ipe_value != 0) { - switch (iph->iph_type & ~IPHASH_ANON) - { - case IPHASH_GROUPMAP : - if (strncmp(ipe.ipe_group, iph->iph_name, - FR_GROUPLEN)) - PRINTF(", group = %s", ipe.ipe_group); - break; - } - } - putchar(';'); - } - - ipep = ipe.ipe_next; - return ipep; -} diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c deleted file mode 100644 index 92996ed..0000000 --- a/contrib/ipfilter/lib/printhostmap.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printhostmap.c,v 1.3.2.3 2006/09/30 21:42:07 darrenr Exp $ - */ - -#include "ipf.h" - -void printhostmap(hmp, hv) -hostmap_t *hmp; -u_int hv; -{ - - printf("%s,", inet_ntoa(hmp->hm_srcip)); - printf("%s -> ", inet_ntoa(hmp->hm_dstip)); - printf("%s ", inet_ntoa(hmp->hm_mapip)); - printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); -} diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c deleted file mode 100644 index 105fb20..0000000 --- a/contrib/ipfilter/lib/printhostmask.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printhostmask.c,v 1.8.4.1 2006/06/16 17:21:12 darrenr Exp $ - */ - -#include "ipf.h" - - -void printhostmask(v, addr, mask) -int v; -u_32_t *addr, *mask; -{ -#ifdef USE_INET6 - char ipbuf[64]; -#else - struct in_addr ipa; -#endif - - if (!*addr && !*mask) - printf("any"); - else { -#ifdef USE_INET6 - void *ptr = addr; - int af; - - if (v == 4) { - ptr = addr; - af = AF_INET; - } else if (v == 6) { - ptr = addr; - af = AF_INET6; - } else - af = 0; - printf("%s", inet_ntop(af, ptr, ipbuf, sizeof(ipbuf))); -#else - ipa.s_addr = *addr; - printf("%s", inet_ntoa(ipa)); -#endif - printmask(mask); - } -} diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c deleted file mode 100644 index 1bfe27d..0000000 --- a/contrib/ipfilter/lib/printifname.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printifname.c,v 1.2.4.1 2006/06/16 17:21:12 darrenr Exp $ - */ - -#include "ipf.h" - -void printifname(format, name, ifp) -char *format, *name; -void *ifp; -{ - printf("%s%s", format, name); - if ((ifp == NULL) && strcmp(name, "-") && strcmp(name, "*")) - printf("(!)"); -} diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c deleted file mode 100644 index fb91208..0000000 --- a/contrib/ipfilter/lib/printip.c +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printip.c,v 1.3.4.1 2006/06/16 17:21:12 darrenr Exp $ - */ - -#include "ipf.h" - - -void printip(addr) -u_32_t *addr; -{ - struct in_addr ipa; - - ipa.s_addr = *addr; - if (ntohl(ipa.s_addr) < 256) - printf("%lu", (u_long)ntohl(ipa.s_addr)); - else - printf("%s", inet_ntoa(ipa)); -} diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c deleted file mode 100644 index 192c671..0000000 --- a/contrib/ipfilter/lib/printlog.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printlog.c,v 1.6.4.3 2006/06/16 17:21:12 darrenr Exp $ - */ - -#include "ipf.h" - -#include <syslog.h> - - -void printlog(fp) -frentry_t *fp; -{ - char *s, *u; - - printf("log"); - if (fp->fr_flags & FR_LOGBODY) - printf(" body"); - if (fp->fr_flags & FR_LOGFIRST) - printf(" first"); - if (fp->fr_flags & FR_LOGORBLOCK) - printf(" or-block"); - if (fp->fr_loglevel != 0xffff) { - printf(" level "); - s = fac_toname(fp->fr_loglevel); - if (s == NULL || *s == '\0') - s = "!!!"; - u = pri_toname(fp->fr_loglevel); - if (u == NULL || *u == '\0') - u = "!!!"; - printf("%s.%s", s, u); - } -} diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c deleted file mode 100644 index 27b3e6c..0000000 --- a/contrib/ipfilter/lib/printmask.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printmask.c,v 1.5.4.1 2006/06/16 17:21:13 darrenr Exp $ - */ - -#include "ipf.h" - - -void printmask(mask) -u_32_t *mask; -{ - struct in_addr ipa; - int ones; - -#ifdef USE_INET6 - if (use_inet6) - printf("/%d", count6bits(mask)); - else -#endif - if ((ones = count4bits(*mask)) == -1) { - ipa.s_addr = *mask; - printf("/%s", inet_ntoa(ipa)); - } else - printf("/%d", ones); -} diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c deleted file mode 100644 index 37666a2..0000000 --- a/contrib/ipfilter/lib/printnat.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com) - */ - -#include "ipf.h" -#include "kmem.h" - - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.14 2007/09/06 16:40:11 darrenr Exp $"; -#endif - -/* - * Print out a NAT rule - */ -void printnat(np, opts) -ipnat_t *np; -int opts; -{ - struct protoent *pr; - int bits; - - pr = getprotobynumber(np->in_p); - - switch (np->in_redir) - { - case NAT_REDIRECT : - printf("rdr"); - break; - case NAT_MAP : - printf("map"); - break; - case NAT_MAPBLK : - printf("map-block"); - break; - case NAT_BIMAP : - printf("bimap"); - break; - default : - fprintf(stderr, "unknown value for in_redir: %#x\n", - np->in_redir); - break; - } - - if (!strcmp(np->in_ifnames[0], "-")) - printf(" \"%s\"", np->in_ifnames[0]); - else - printf(" %s", np->in_ifnames[0]); - if ((np->in_ifnames[1][0] != '\0') && - (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) { - if (!strcmp(np->in_ifnames[1], "-")) - printf(",\"%s\"", np->in_ifnames[1]); - else - printf(",%s", np->in_ifnames[1]); - } - putchar(' '); - - if (np->in_flags & IPN_FILTER) { - if (np->in_flags & IPN_NOTSRC) - printf("! "); - printf("from "); - if (np->in_redir == NAT_REDIRECT) { - printhostmask(4, (u_32_t *)&np->in_srcip, - (u_32_t *)&np->in_srcmsk); - } else { - printhostmask(4, (u_32_t *)&np->in_inip, - (u_32_t *)&np->in_inmsk); - } - if (np->in_scmp) - printportcmp(np->in_p, &np->in_tuc.ftu_src); - - if (np->in_flags & IPN_NOTDST) - printf(" !"); - printf(" to "); - if (np->in_redir == NAT_REDIRECT) { - printhostmask(4, (u_32_t *)&np->in_outip, - (u_32_t *)&np->in_outmsk); - } else { - printhostmask(4, (u_32_t *)&np->in_srcip, - (u_32_t *)&np->in_srcmsk); - } - if (np->in_dcmp) - printportcmp(np->in_p, &np->in_tuc.ftu_dst); - } - - if (np->in_redir == NAT_REDIRECT) { - if (!(np->in_flags & IPN_FILTER)) { - printf("%s", inet_ntoa(np->in_out[0].in4)); - bits = count4bits(np->in_outmsk); - if (bits != -1) - printf("/%d", bits); - else - printf("/%s", inet_ntoa(np->in_out[1].in4)); - if (np->in_flags & IPN_TCPUDP) { - printf(" port %d", ntohs(np->in_pmin)); - if (np->in_pmax != np->in_pmin) - printf("-%d", ntohs(np->in_pmax)); - } - } - printf(" -> %s", inet_ntoa(np->in_in[0].in4)); - if (np->in_flags & IPN_SPLIT) - printf(",%s", inet_ntoa(np->in_in[1].in4)); - else if (np->in_inmsk == 0 && np->in_inip == 0) - printf("/0"); - if (np->in_flags & IPN_TCPUDP) { - if ((np->in_flags & IPN_FIXEDDPORT) != 0) - printf(" port = %d", ntohs(np->in_pnext)); - else - printf(" port %d", ntohs(np->in_pnext)); - } - putchar(' '); - printproto(pr, np->in_p, np); - if (np->in_flags & IPN_ROUNDR) - printf(" round-robin"); - if (np->in_flags & IPN_FRAG) - printf(" frag"); - if (np->in_age[0] != 0 || np->in_age[1] != 0) { - printf(" age %d/%d", np->in_age[0], np->in_age[1]); - } - if (np->in_flags & IPN_STICKY) - printf(" sticky"); - if (np->in_mssclamp != 0) - printf(" mssclamp %d", np->in_mssclamp); - if (*np->in_plabel != '\0') - printf(" proxy %.*s", (int)sizeof(np->in_plabel), - np->in_plabel); - if (np->in_tag.ipt_tag[0] != '\0') - printf(" tag %-.*s", IPFTAG_LEN, np->in_tag.ipt_tag); - printf("\n"); - if (opts & OPT_DEBUG) - printf("\tpmax %u\n", np->in_pmax); - } else { - int protoprinted = 0; - - if (!(np->in_flags & IPN_FILTER)) { - printf("%s/", inet_ntoa(np->in_in[0].in4)); - bits = count4bits(np->in_inmsk); - if (bits != -1) - printf("%d", bits); - else - printf("%s", inet_ntoa(np->in_in[1].in4)); - } - printf(" -> "); - if (np->in_flags & IPN_IPRANGE) { - printf("range %s-", inet_ntoa(np->in_out[0].in4)); - printf("%s", inet_ntoa(np->in_out[1].in4)); - } else { - printf("%s/", inet_ntoa(np->in_out[0].in4)); - bits = count4bits(np->in_outmsk); - if (bits != -1) - printf("%d", bits); - else - printf("%s", inet_ntoa(np->in_out[1].in4)); - } - if (*np->in_plabel != '\0') { - printf(" proxy port "); - if (np->in_dcmp != 0) - np->in_dport = htons(np->in_dport); - if (np->in_dport != 0) { - char *s; - - s = portname(np->in_p, ntohs(np->in_dport)); - if (s != NULL) - fputs(s, stdout); - else - fputs("???", stdout); - } - printf(" %.*s/", (int)sizeof(np->in_plabel), - np->in_plabel); - printproto(pr, np->in_p, NULL); - protoprinted = 1; - } else if (np->in_redir == NAT_MAPBLK) { - if ((np->in_pmin == 0) && - (np->in_flags & IPN_AUTOPORTMAP)) - printf(" ports auto"); - else - printf(" ports %d", np->in_pmin); - if (opts & OPT_DEBUG) - printf("\n\tip modulous %d", np->in_pmax); - } else if (np->in_pmin || np->in_pmax) { - if (np->in_flags & IPN_ICMPQUERY) { - printf(" icmpidmap "); - } else { - printf(" portmap "); - } - printproto(pr, np->in_p, np); - protoprinted = 1; - if (np->in_flags & IPN_AUTOPORTMAP) { - printf(" auto"); - if (opts & OPT_DEBUG) - printf(" [%d:%d %d %d]", - ntohs(np->in_pmin), - ntohs(np->in_pmax), - np->in_ippip, np->in_ppip); - } else { - printf(" %d:%d", ntohs(np->in_pmin), - ntohs(np->in_pmax)); - } - } - - if (np->in_flags & IPN_FRAG) - printf(" frag"); - if (np->in_age[0] != 0 || np->in_age[1] != 0) { - printf(" age %d/%d", np->in_age[0], np->in_age[1]); - } - if (np->in_mssclamp != 0) - printf(" mssclamp %d", np->in_mssclamp); - if (np->in_tag.ipt_tag[0] != '\0') - printf(" tag %s", np->in_tag.ipt_tag); - if (!protoprinted && (np->in_flags & IPN_TCPUDP || np->in_p)) { - putchar(' '); - printproto(pr, np->in_p, np); - } - printf("\n"); - if (opts & OPT_DEBUG) { - struct in_addr nip; - - nip.s_addr = htonl(np->in_nextip.s_addr); - - printf("\tnextip %s pnext %d\n", - inet_ntoa(nip), np->in_pnext); - } - } - - if (opts & OPT_DEBUG) { - printf("\tspace %lu use %u hits %lu flags %#x proto %d hv %d\n", - np->in_space, np->in_use, np->in_hits, - np->in_flags, np->in_p, np->in_hv); - printf("\tifp[0] %p ifp[1] %p apr %p\n", - np->in_ifps[0], np->in_ifps[1], np->in_apr); - printf("\ttqehead %p/%p comment %p\n", - np->in_tqehead[0], np->in_tqehead[1], np->in_comment); - } -} diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c deleted file mode 100644 index 6ee3679..0000000 --- a/contrib/ipfilter/lib/printpacket.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (C) 2000-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printpacket.c,v 1.12.4.5 2007/09/09 22:15:30 darrenr Exp $ - */ - -#include "ipf.h" - -#ifndef IP_OFFMASK -# define IP_OFFMASK 0x3fff -#endif - - -void printpacket(ip) -struct ip *ip; -{ - struct tcphdr *tcp; - u_short len; - u_short off; - - if (IP_V(ip) == 6) { - off = 0; - len = ntohs(((u_short *)ip)[2]) + 40; - } else { - off = ntohs(ip->ip_off); - len = ntohs(ip->ip_len); - } - - if ((opts & OPT_HEX) == OPT_HEX) { - u_char *s; - int i; - - for (s = (u_char *)ip, i = 0; i < len; i++) { - printf("%02x", *s++ & 0xff); - if (len - i > 1) { - i++; - printf("%02x", *s++ & 0xff); - } - putchar(' '); - } - putchar('\n'); - putchar('\n'); - return; - } - - if (IP_V(ip) == 6) { - printpacket6(ip); - return; - } - - tcp = (struct tcphdr *)((char *)ip + (IP_HL(ip) << 2)); - printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), - IP_HL(ip) << 2, ip->ip_p); - if (off & IP_OFFMASK) - printf(" @%d", (off & IP_OFFMASK) << 3); - printf(" %s", inet_ntoa(ip->ip_src)); - if (!(off & IP_OFFMASK)) - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - printf(",%d", ntohs(tcp->th_sport)); - printf(" > "); - printf("%s", inet_ntoa(ip->ip_dst)); - if (!(off & IP_OFFMASK)) { - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - printf(",%d", ntohs(tcp->th_dport)); - if ((ip->ip_p == IPPROTO_TCP) && (tcp->th_flags != 0)) { - putchar(' '); - if (tcp->th_flags & TH_FIN) - putchar('F'); - if (tcp->th_flags & TH_SYN) - putchar('S'); - if (tcp->th_flags & TH_RST) - putchar('R'); - if (tcp->th_flags & TH_PUSH) - putchar('P'); - if (tcp->th_flags & TH_ACK) - putchar('A'); - if (tcp->th_flags & TH_URG) - putchar('U'); - if (tcp->th_flags & TH_ECN) - putchar('E'); - if (tcp->th_flags & TH_CWR) - putchar('C'); - } - } - - putchar('\n'); -} diff --git a/contrib/ipfilter/lib/printpacket6.c b/contrib/ipfilter/lib/printpacket6.c deleted file mode 100644 index 16c807d..0000000 --- a/contrib/ipfilter/lib/printpacket6.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printpacket6.c,v 1.3.4.1 2006/06/16 17:21:13 darrenr Exp $ - */ - -#include "ipf.h" - -/* - * This is meant to work without the IPv6 header files being present or - * the inet_ntop() library. - */ -void printpacket6(ip) -struct ip *ip; -{ - u_char *buf, p; - u_short plen, *addrs; - tcphdr_t *tcp; - u_32_t flow; - - buf = (u_char *)ip; - tcp = (tcphdr_t *)(buf + 40); - p = buf[6]; - flow = ntohl(*(u_32_t *)buf); - flow &= 0xfffff; - plen = ntohs(*((u_short *)buf +2)); - addrs = (u_short *)buf + 4; - - printf("ip6/%d %d %#x %d", buf[0] & 0xf, plen, flow, p); - printf(" %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", - ntohs(addrs[0]), ntohs(addrs[1]), ntohs(addrs[2]), - ntohs(addrs[3]), ntohs(addrs[4]), ntohs(addrs[5]), - ntohs(addrs[6]), ntohs(addrs[7])); - if (plen >= 4) - if (p == IPPROTO_TCP || p == IPPROTO_UDP) - (void)printf(",%d", ntohs(tcp->th_sport)); - printf(" >"); - addrs += 8; - printf(" %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", - ntohs(addrs[0]), ntohs(addrs[1]), ntohs(addrs[2]), - ntohs(addrs[3]), ntohs(addrs[4]), ntohs(addrs[5]), - ntohs(addrs[6]), ntohs(addrs[7])); - if (plen >= 4) - if (p == IPPROTO_TCP || p == IPPROTO_UDP) - (void)printf(",%d", ntohs(tcp->th_dport)); - putchar('\n'); -} diff --git a/contrib/ipfilter/lib/printpool.c b/contrib/ipfilter/lib/printpool.c deleted file mode 100644 index cfb1e78..0000000 --- a/contrib/ipfilter/lib/printpool.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - -ip_pool_t *printpool(pp, copyfunc, name, opts) -ip_pool_t *pp; -copyfunc_t copyfunc; -char *name; -int opts; -{ - ip_pool_node_t *ipnp, *ipnpn, ipn; - ip_pool_t ipp; - - if ((*copyfunc)(pp, &ipp, sizeof(ipp))) - return NULL; - - if ((name != NULL) && strncmp(name, ipp.ipo_name, FR_GROUPLEN)) - return ipp.ipo_next; - - printpooldata(&ipp, opts); - - if ((ipp.ipo_flags & IPOOL_DELETE) != 0) - PRINTF("# "); - if ((opts & OPT_DEBUG) == 0) - PRINTF("\t{"); - - ipnpn = ipp.ipo_list; - ipp.ipo_list = NULL; - while (ipnpn != NULL) { - ipnp = (ip_pool_node_t *)malloc(sizeof(*ipnp)); - (*copyfunc)(ipnpn, ipnp, sizeof(ipn)); - ipnpn = ipnp->ipn_next; - ipnp->ipn_next = ipp.ipo_list; - ipp.ipo_list = ipnp; - } - - if (ipp.ipo_list == NULL) { - putchar(';'); - } else { - for (ipnp = ipp.ipo_list; ipnp != NULL; ) { - ipnp = printpoolnode(ipnp, opts); - - if ((opts & OPT_DEBUG) == 0) { - putchar(';'); - } - } - } - - if ((opts & OPT_DEBUG) == 0) - PRINTF(" };\n"); - - return ipp.ipo_next; -} diff --git a/contrib/ipfilter/lib/printpool_live.c b/contrib/ipfilter/lib/printpool_live.c deleted file mode 100644 index e228a39..0000000 --- a/contrib/ipfilter/lib/printpool_live.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ipl.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - - -ip_pool_t *printpool_live(pool, fd, name, opts) -ip_pool_t *pool; -int fd; -char *name; -int opts; -{ - ip_pool_node_t entry, *top, *node; - ipflookupiter_t iter; - int printed, last; - ipfobj_t obj; - - if ((name != NULL) && strncmp(name, pool->ipo_name, FR_GROUPLEN)) - return pool->ipo_next; - - printpooldata(pool, opts); - - if ((pool->ipo_flags & IPOOL_DELETE) != 0) - PRINTF("# "); - if ((opts & OPT_DEBUG) == 0) - PRINTF("\t{"); - - obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_type = IPFOBJ_LOOKUPITER; - obj.ipfo_ptr = &iter; - obj.ipfo_size = sizeof(iter); - - iter.ili_data = &entry; - iter.ili_type = IPLT_POOL; - iter.ili_otype = IPFLOOKUPITER_NODE; - iter.ili_ival = IPFGENITER_LOOKUP; - iter.ili_unit = pool->ipo_unit; - strncpy(iter.ili_name, pool->ipo_name, FR_GROUPLEN); - - last = 0; - top = NULL; - printed = 0; - - while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) { - if (entry.ipn_next == NULL) - last = 1; - node = malloc(sizeof(*top)); - if (node == NULL) - break; - bcopy(&entry, node, sizeof(entry)); - node->ipn_next = top; - top = node; - } - - while (top != NULL) { - node = top; - (void) printpoolnode(node, opts); - if ((opts & OPT_DEBUG) == 0) - putchar(';'); - top = node->ipn_next; - free(node); - printed++; - } - - if (printed == 0) - putchar(';'); - - if ((opts & OPT_DEBUG) == 0) - PRINTF(" };\n"); - - if (ioctl(fd, SIOCIPFDELTOK, &iter.ili_key) != 0) - perror("SIOCIPFDELTOK"); - - return pool->ipo_next; -} diff --git a/contrib/ipfilter/lib/printpooldata.c b/contrib/ipfilter/lib/printpooldata.c deleted file mode 100644 index 8d8e962..0000000 --- a/contrib/ipfilter/lib/printpooldata.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - -void printpooldata(pool, opts) -ip_pool_t *pool; -int opts; -{ - - if ((opts & OPT_DEBUG) == 0) { - if ((pool->ipo_flags & IPOOL_ANON) != 0) - PRINTF("# 'anonymous' tree %s\n", pool->ipo_name); - if ((pool->ipo_flags & IPOOL_DELETE) != 0) - PRINTF("# "); - PRINTF("table role = "); - } else { - if ((pool->ipo_flags & IPOOL_DELETE) != 0) - PRINTF("# "); - PRINTF("%s: %s", - isdigit(*pool->ipo_name) ? "Number" : "Name", - pool->ipo_name); - if ((pool->ipo_flags & IPOOL_ANON) == IPOOL_ANON) - PRINTF("(anon)"); - putchar(' '); - PRINTF("Role: "); - } - - switch (pool->ipo_unit) - { - case IPL_LOGIPF : - printf("ipf"); - break; - case IPL_LOGNAT : - printf("nat"); - break; - case IPL_LOGSTATE : - printf("state"); - break; - case IPL_LOGAUTH : - printf("auth"); - break; - case IPL_LOGSYNC : - printf("sync"); - break; - case IPL_LOGSCAN : - printf("scan"); - break; - case IPL_LOGLOOKUP : - printf("lookup"); - break; - case IPL_LOGCOUNT : - printf("count"); - break; - default : - printf("unknown(%d)", pool->ipo_unit); - } - - if ((opts & OPT_DEBUG) == 0) { - PRINTF(" type = tree %s = %s\n", - isdigit(*pool->ipo_name) ? "number" : "name", - pool->ipo_name); - } else { - putchar(' '); - - PRINTF("\tReferences: %d\tHits: %lu\n", pool->ipo_ref, - pool->ipo_hits); - if ((pool->ipo_flags & IPOOL_DELETE) != 0) - PRINTF("# "); - PRINTF("\tNodes Starting at %p\n", pool->ipo_list); - } -} diff --git a/contrib/ipfilter/lib/printpoolnode.c b/contrib/ipfilter/lib/printpoolnode.c deleted file mode 100644 index a53ee33..0000000 --- a/contrib/ipfilter/lib/printpoolnode.c +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - -ip_pool_node_t *printpoolnode(np, opts) -ip_pool_node_t *np; -int opts; -{ - - if ((opts & OPT_DEBUG) == 0) { - putchar(' '); - if (np->ipn_info == 1) - PRINTF("! "); - printip((u_32_t *)&np->ipn_addr.adf_addr.in4); - printmask((u_32_t *)&np->ipn_mask.adf_addr); - } else { - PRINTF("\tAddress: %s%s", np->ipn_info ? "! " : "", - inet_ntoa(np->ipn_addr.adf_addr.in4)); - printmask((u_32_t *)&np->ipn_mask.adf_addr); - PRINTF("\t\tHits %lu\tName %s\tRef %d\n", - np->ipn_hits, np->ipn_name, np->ipn_ref); - } - return np->ipn_next; -} diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c deleted file mode 100644 index a820387..0000000 --- a/contrib/ipfilter/lib/printportcmp.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2000-2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printportcmp.c,v 1.7.4.1 2006/06/16 17:21:14 darrenr Exp $ - */ - -#include "ipf.h" - - -void printportcmp(pr, frp) -int pr; -frpcmp_t *frp; -{ - static char *pcmp1[] = { "*", "=", "!=", "<", ">", "<=", ">=", - "<>", "><", ":" }; - - if (frp->frp_cmp == FR_INRANGE || frp->frp_cmp == FR_OUTRANGE) - printf(" port %d %s %d", frp->frp_port, - pcmp1[frp->frp_cmp], frp->frp_top); - else if (frp->frp_cmp == FR_INCRANGE) - printf(" port %d:%d", frp->frp_port, frp->frp_top); - else - printf(" port %s %s", pcmp1[frp->frp_cmp], - portname(pr, frp->frp_port)); -} diff --git a/contrib/ipfilter/lib/printproto.c b/contrib/ipfilter/lib/printproto.c deleted file mode 100644 index e65ec11..0000000 --- a/contrib/ipfilter/lib/printproto.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" - - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.2 2006/06/16 17:21:14 darrenr Exp $"; -#endif - - -void printproto(pr, p, np) -struct protoent *pr; -int p; -ipnat_t *np; -{ - if (np != NULL) { - if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) - printf("tcp/udp"); - else if (np->in_flags & IPN_TCP) - printf("tcp"); - else if (np->in_flags & IPN_UDP) - printf("udp"); - else if (np->in_flags & IPN_ICMPQUERY) - printf("icmp"); -#ifdef _AIX51 - /* - * To make up for "ip = 252" and "hopopt = 0" in /etc/protocols - */ - else if (np->in_p == 0) - printf("ip"); -#endif - else if (pr != NULL) - printf("%s", pr->p_name); - else - printf("%d", np->in_p); - } else { -#ifdef _AIX51 - if (p == 0) - printf("ip"); - else -#endif - if (pr != NULL) - printf("%s", pr->p_name); - else - printf("%d", p); - } -} diff --git a/contrib/ipfilter/lib/printsbuf.c b/contrib/ipfilter/lib/printsbuf.c deleted file mode 100644 index 81f5e0b..0000000 --- a/contrib/ipfilter/lib/printsbuf.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printsbuf.c,v 1.2.4.2 2006/06/16 17:21:14 darrenr Exp $ - */ - -#ifdef IPFILTER_SCAN - -#include <ctype.h> -#include <stdio.h> -#include "ipf.h" -#include "netinet/ip_scan.h" - -void printsbuf(buf) -char *buf; -{ - u_char *s; - int i; - - for (s = (u_char *)buf, i = ISC_TLEN; i; i--, s++) { - if (ISPRINT(*s)) - putchar(*s); - else - printf("\\%o", *s); - } -} - -#endif diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c deleted file mode 100644 index fcf42d6..0000000 --- a/contrib/ipfilter/lib/printstate.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright (C) 2002-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include "ipf.h" -#include "kmem.h" - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf - -ipstate_t *printstate(sp, opts, now) -ipstate_t *sp; -int opts; -u_long now; -{ - synclist_t ipsync; - - if (sp->is_phnext == NULL) - PRINTF("ORPHAN "); - PRINTF("%s -> ", hostname(sp->is_v, &sp->is_src.in4)); - PRINTF("%s pass %#x pr %d state %d/%d", - hostname(sp->is_v, &sp->is_dst.in4), sp->is_pass, sp->is_p, - sp->is_state[0], sp->is_state[1]); - if (opts & OPT_DEBUG) - PRINTF(" bkt %d ref %d", sp->is_hv, sp->is_ref); - PRINTF("\n\ttag %u ttl %lu", sp->is_tag, sp->is_die - now); - - if (sp->is_p == IPPROTO_TCP) { - PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", - ntohs(sp->is_sport), ntohs(sp->is_dport), - sp->is_send, sp->is_dend, - sp->is_maxswin, sp->is_swinscale, - sp->is_maxdwin, sp->is_dwinscale); - PRINTF("\tcmsk %04x smsk %04x s0 %08x/%08x\n", - sp->is_smsk[0], sp->is_smsk[1], - sp->is_s0[0], sp->is_s0[1]); - PRINTF("\tFWD:ISN inc %x sumd %x\n", - sp->is_isninc[0], sp->is_sumd[0]); - PRINTF("\tREV:ISN inc %x sumd %x\n", - sp->is_isninc[1], sp->is_sumd[1]); -#ifdef IPFILTER_SCAN - PRINTF("\tsbuf[0] ["); - printsbuf(sp->is_sbuf[0]); - PRINTF("] sbuf[1] ["); - printsbuf(sp->is_sbuf[1]); - PRINTF("]\n"); -#endif - } else if (sp->is_p == IPPROTO_UDP) { - PRINTF(" %hu -> %hu\n", ntohs(sp->is_sport), - ntohs(sp->is_dport)); - } else if (sp->is_p == IPPROTO_GRE) { - PRINTF(" call %hx/%hx\n", ntohs(sp->is_gre.gs_call[0]), - ntohs(sp->is_gre.gs_call[1])); - } else if (sp->is_p == IPPROTO_ICMP -#ifdef USE_INET6 - || sp->is_p == IPPROTO_ICMPV6 -#endif - ) - PRINTF(" id %hu seq %hu type %d\n", sp->is_icmp.ici_id, - sp->is_icmp.ici_seq, sp->is_icmp.ici_type); - -#ifdef USE_QUAD_T - PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n", - sp->is_pkts[0], sp->is_bytes[0], - sp->is_pkts[1], sp->is_bytes[1], - sp->is_pkts[2], sp->is_bytes[2], - sp->is_pkts[3], sp->is_bytes[3]); -#else - PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", - sp->is_pkts[0], sp->is_bytes[0], - sp->is_pkts[1], sp->is_bytes[1], - sp->is_pkts[2], sp->is_bytes[2], - sp->is_pkts[3], sp->is_bytes[3]); -#endif - - PRINTF("\t"); - - /* - * Print out bits set in the result code for the state being - * kept as they would for a rule. - */ - if (FR_ISPASS(sp->is_pass)) { - PRINTF("pass"); - } else if (FR_ISBLOCK(sp->is_pass)) { - PRINTF("block"); - switch (sp->is_pass & FR_RETMASK) - { - case FR_RETICMP : - PRINTF(" return-icmp"); - break; - case FR_FAKEICMP : - PRINTF(" return-icmp-as-dest"); - break; - case FR_RETRST : - PRINTF(" return-rst"); - break; - default : - break; - } - } else if ((sp->is_pass & FR_LOGMASK) == FR_LOG) { - PRINTF("log"); - if (sp->is_pass & FR_LOGBODY) - PRINTF(" body"); - if (sp->is_pass & FR_LOGFIRST) - PRINTF(" first"); - } else if (FR_ISACCOUNT(sp->is_pass)) { - PRINTF("count"); - } else if (FR_ISPREAUTH(sp->is_pass)) { - PRINTF("preauth"); - } else if (FR_ISAUTH(sp->is_pass)) - PRINTF("auth"); - - if (sp->is_pass & FR_OUTQUE) - PRINTF(" out"); - else - PRINTF(" in"); - - if ((sp->is_pass & FR_LOG) != 0) { - PRINTF(" log"); - if (sp->is_pass & FR_LOGBODY) - PRINTF(" body"); - if (sp->is_pass & FR_LOGFIRST) - PRINTF(" first"); - if (sp->is_pass & FR_LOGORBLOCK) - PRINTF(" or-block"); - } - if (sp->is_pass & FR_QUICK) - PRINTF(" quick"); - if (sp->is_pass & FR_KEEPFRAG) - PRINTF(" keep frags"); - /* a given; no? */ - if (sp->is_pass & FR_KEEPSTATE) { - PRINTF(" keep state"); - if (sp->is_pass & FR_STATESYNC) - PRINTF(" ( sync )"); - } - PRINTF("\tIPv%d", sp->is_v); - PRINTF("\n"); - - PRINTF("\tpkt_flags & %x(%x) = %x,\t", - sp->is_flags & 0xf, sp->is_flags, - sp->is_flags >> 4); - PRINTF("\tpkt_options & %x = %x, %x = %x \n", sp->is_optmsk[0], - sp->is_opt[0], sp->is_optmsk[1], sp->is_opt[1]); - PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", - sp->is_secmsk, sp->is_sec, sp->is_authmsk, - sp->is_auth); - PRINTF("\tis_flx %#x %#x %#x %#x\n", sp->is_flx[0][0], sp->is_flx[0][1], - sp->is_flx[1][0], sp->is_flx[1][1]); - PRINTF("\tinterfaces: in %s[%s", getifname(sp->is_ifp[0]), - sp->is_ifname[0]); - if (opts & OPT_DEBUG) - PRINTF("/%p", sp->is_ifp[0]); - putchar(']'); - PRINTF(",%s[%s", getifname(sp->is_ifp[1]), sp->is_ifname[1]); - if (opts & OPT_DEBUG) - PRINTF("/%p", sp->is_ifp[1]); - putchar(']'); - PRINTF(" out %s[%s", getifname(sp->is_ifp[2]), sp->is_ifname[2]); - if (opts & OPT_DEBUG) - PRINTF("/%p", sp->is_ifp[2]); - putchar(']'); - PRINTF(",%s[%s", getifname(sp->is_ifp[3]), sp->is_ifname[3]); - if (opts & OPT_DEBUG) - PRINTF("/%p", sp->is_ifp[3]); - PRINTF("]\n"); - - if (sp->is_sync != NULL) { - - if (kmemcpy((char *)&ipsync, (u_long)sp->is_sync, sizeof(ipsync))) { - - PRINTF("\tSync status: status could not be retrieved\n"); - return NULL; - } - - PRINTF("\tSync status: idx %d num %d v %d pr %d rev %d\n", - ipsync.sl_idx, ipsync.sl_num, ipsync.sl_v, - ipsync.sl_p, ipsync.sl_rev); - - } else { - PRINTF("\tSync status: not synchronized\n"); - } - - return sp->is_next; -} diff --git a/contrib/ipfilter/lib/printtqtable.c b/contrib/ipfilter/lib/printtqtable.c deleted file mode 100644 index 67adb53..0000000 --- a/contrib/ipfilter/lib/printtqtable.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (C) 2007 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" - - -void printtqtable(table) -ipftq_t *table; -{ - int i; - - printf("TCP Entries per state\n"); - for (i = 0; i < IPF_TCP_NSTATES; i++) - printf(" %5d", i); - printf("\n"); - - for (i = 0; i < IPF_TCP_NSTATES; i++) - printf(" %5d", table[i].ifq_ref - 1); - printf("\n"); -} diff --git a/contrib/ipfilter/lib/printtunable.c b/contrib/ipfilter/lib/printtunable.c deleted file mode 100644 index dcf9f85..0000000 --- a/contrib/ipfilter/lib/printtunable.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: printtunable.c,v 1.1.4.1 2006/06/16 17:21:15 darrenr Exp $ - */ - -#include "ipf.h" - -void printtunable(tup) -ipftune_t *tup; -{ - printf("%s\tmin %#lx\tmax %#lx\tcurrent ", - tup->ipft_name, tup->ipft_min, tup->ipft_max); - if (tup->ipft_sz == sizeof(u_long)) - printf("%lu\n", tup->ipft_vlong); - else if (tup->ipft_sz == sizeof(u_int)) - printf("%u\n", tup->ipft_vint); - else if (tup->ipft_sz == sizeof(u_short)) - printf("%hu\n", tup->ipft_vshort); - else if (tup->ipft_sz == sizeof(u_char)) - printf("%u\n", (u_int)tup->ipft_vchar); - else { - printf("sz = %d\n", tup->ipft_sz); - } -} diff --git a/contrib/ipfilter/lib/ratoi.c b/contrib/ipfilter/lib/ratoi.c deleted file mode 100644 index fb8552d..0000000 --- a/contrib/ipfilter/lib/ratoi.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ - */ - -#include "ipf.h" - - -int ratoi(ps, pi, min, max) -char *ps; -int *pi, min, max; -{ - int i; - char *pe; - - i = (int)strtol(ps, &pe, 0); - if (*pe != '\0' || i < min || i > max) - return 0; - *pi = i; - return 1; -} diff --git a/contrib/ipfilter/lib/ratoui.c b/contrib/ipfilter/lib/ratoui.c deleted file mode 100644 index 191f87f..0000000 --- a/contrib/ipfilter/lib/ratoui.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ - */ - -#include "ipf.h" - - -int ratoui(ps, pi, min, max) -char *ps; -u_int *pi, min, max; -{ - u_int i; - char *pe; - - i = (u_int)strtol(ps, &pe, 0); - if (*pe != '\0' || i < min || i > max) - return 0; - *pi = i; - return 1; -} diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c deleted file mode 100644 index 55dab91..0000000 --- a/contrib/ipfilter/lib/remove_hash.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: remove_hash.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_htable.h" - -static int hashfd = -1; - - -int remove_hash(iphp, iocfunc) -iphtable_t *iphp; -ioctlfunc_t iocfunc; -{ - iplookupop_t op; - iphtable_t iph; - - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - hashfd = open(IPLOOKUP_NAME, O_RDWR); - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_type = IPLT_HASH; - op.iplo_unit = iphp->iph_unit; - strncpy(op.iplo_name, iphp->iph_name, sizeof(op.iplo_name)); - if (*op.iplo_name == '\0') - op.iplo_arg = IPHASH_ANON; - op.iplo_size = sizeof(iph); - op.iplo_struct = &iph; - - bzero((char *)&iph, sizeof(iph)); - iph.iph_unit = iphp->iph_unit; - iph.iph_type = iphp->iph_type; - strncpy(iph.iph_name, iphp->iph_name, sizeof(iph.iph_name)); - iph.iph_flags = iphp->iph_flags; - - if ((*iocfunc)(hashfd, SIOCLOOKUPDELTABLE, &op)) - if ((opts & OPT_DONOTHING) == 0) { - perror("remove_hash:SIOCLOOKUPDELTABLE"); - return -1; - } - - return 0; -} diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c deleted file mode 100644 index d51f8ab..0000000 --- a/contrib/ipfilter/lib/remove_hashnode.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: remove_hashnode.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_htable.h" - -static int hashfd = -1; - - -int remove_hashnode(unit, name, node, iocfunc) -int unit; -char *name; -iphtent_t *node; -ioctlfunc_t iocfunc; -{ - iplookupop_t op; - iphtent_t ipe; - - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - hashfd = open(IPLOOKUP_NAME, O_RDWR); - if ((hashfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_type = IPLT_HASH; - op.iplo_unit = unit; - op.iplo_size = sizeof(ipe); - op.iplo_struct = &ipe; - op.iplo_arg = 0; - strncpy(op.iplo_name, name, sizeof(op.iplo_name)); - - bzero((char *)&ipe, sizeof(ipe)); - bcopy((char *)&node->ipe_addr, (char *)&ipe.ipe_addr, - sizeof(ipe.ipe_addr)); - bcopy((char *)&node->ipe_mask, (char *)&ipe.ipe_mask, - sizeof(ipe.ipe_mask)); - - if (opts & OPT_DEBUG) { - printf("\t%s - ", inet_ntoa(ipe.ipe_addr.in4)); - printf("%s\n", inet_ntoa(ipe.ipe_mask.in4)); - } - - if ((*iocfunc)(hashfd, SIOCLOOKUPDELNODE, &op)) - if (!(opts & OPT_DONOTHING)) { - perror("remove_hash:SIOCLOOKUPDELNODE"); - return -1; - } - return 0; -} diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c deleted file mode 100644 index 19ab4c6..0000000 --- a/contrib/ipfilter/lib/remove_pool.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: remove_pool.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_htable.h" - -static int poolfd = -1; - - -int remove_pool(poolp, iocfunc) -ip_pool_t *poolp; -ioctlfunc_t iocfunc; -{ - iplookupop_t op; - ip_pool_t pool; - - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - poolfd = open(IPLOOKUP_NAME, O_RDWR); - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_type = IPLT_POOL; - op.iplo_unit = poolp->ipo_unit; - strncpy(op.iplo_name, poolp->ipo_name, sizeof(op.iplo_name)); - op.iplo_size = sizeof(pool); - op.iplo_struct = &pool; - - bzero((char *)&pool, sizeof(pool)); - pool.ipo_unit = poolp->ipo_unit; - strncpy(pool.ipo_name, poolp->ipo_name, sizeof(pool.ipo_name)); - pool.ipo_flags = poolp->ipo_flags; - - if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op)) - if ((opts & OPT_DONOTHING) == 0) { - perror("remove_pool:SIOCLOOKUPDELTABLE"); - return -1; - } - - return 0; -} diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c deleted file mode 100644 index ad04b23..0000000 --- a/contrib/ipfilter/lib/remove_poolnode.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: remove_poolnode.c,v 1.3.2.1 2006/06/16 17:21:16 darrenr Exp $ - */ - -#include <fcntl.h> -#include <sys/ioctl.h> -#include "ipf.h" -#include "netinet/ip_lookup.h" -#include "netinet/ip_pool.h" - -static int poolfd = -1; - - -int remove_poolnode(unit, name, node, iocfunc) -int unit; -char *name; -ip_pool_node_t *node; -ioctlfunc_t iocfunc; -{ - ip_pool_node_t pn; - iplookupop_t op; - - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - poolfd = open(IPLOOKUP_NAME, O_RDWR); - if ((poolfd == -1) && ((opts & OPT_DONOTHING) == 0)) - return -1; - - op.iplo_unit = unit; - op.iplo_type = IPLT_POOL; - op.iplo_arg = 0; - strncpy(op.iplo_name, name, sizeof(op.iplo_name)); - op.iplo_struct = &pn; - op.iplo_size = sizeof(pn); - - bzero((char *)&pn, sizeof(pn)); - bcopy((char *)&node->ipn_addr, (char *)&pn.ipn_addr, - sizeof(pn.ipn_addr)); - bcopy((char *)&node->ipn_mask, (char *)&pn.ipn_mask, - sizeof(pn.ipn_mask)); - pn.ipn_info = node->ipn_info; - strncpy(pn.ipn_name, node->ipn_name, sizeof(pn.ipn_name)); - - if ((*iocfunc)(poolfd, SIOCLOOKUPDELNODE, &op)) { - if ((opts & OPT_DONOTHING) == 0) { - perror("remove_pool:SIOCLOOKUPDELNODE"); - return -1; - } - } - - return 0; -} diff --git a/contrib/ipfilter/lib/resetlexer.c b/contrib/ipfilter/lib/resetlexer.c deleted file mode 100644 index ab9b82e..0000000 --- a/contrib/ipfilter/lib/resetlexer.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (C) 2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: resetlexer.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ - */ - -#include "ipf.h" - -long string_start = -1; -long string_end = -1; -char *string_val = NULL; -long pos = 0; - - -void resetlexer() -{ - string_start = -1; - string_end = -1; - string_val = NULL; - pos = 0; -} diff --git a/contrib/ipfilter/lib/rwlock_emul.c b/contrib/ipfilter/lib/rwlock_emul.c deleted file mode 100644 index 1f0c3a8..0000000 --- a/contrib/ipfilter/lib/rwlock_emul.c +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: rwlock_emul.c,v 1.1.4.1 2006/06/16 17:21:17 darrenr Exp $ - */ - -#include "ipf.h" - -#define EMM_MAGIC 0x97dd8b3a - -void eMrwlock_read_enter(rw, file, line) -eMrwlock_t *rw; -char *file; -int line; -{ - if (rw->eMrw_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMrwlock_read_enter(%p): bad magic: %#x\n", - rw->eMrw_owner, rw, rw->eMrw_magic); - abort(); - } - if (rw->eMrw_read != 0 || rw->eMrw_write != 0) { - fprintf(stderr, - "%s:eMrwlock_read_enter(%p): already locked: %d/%d\n", - rw->eMrw_owner, rw, rw->eMrw_read, rw->eMrw_write); - abort(); - } - rw->eMrw_read++; - rw->eMrw_heldin = file; - rw->eMrw_heldat = line; -} - - -void eMrwlock_write_enter(rw, file, line) -eMrwlock_t *rw; -char *file; -int line; -{ - if (rw->eMrw_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMrwlock_write_enter(%p): bad magic: %#x\n", - rw->eMrw_owner, rw, rw->eMrw_magic); - abort(); - } - if (rw->eMrw_read != 0 || rw->eMrw_write != 0) { - fprintf(stderr, - "%s:eMrwlock_write_enter(%p): already locked: %d/%d\n", - rw->eMrw_owner, rw, rw->eMrw_read, rw->eMrw_write); - abort(); - } - rw->eMrw_write++; - rw->eMrw_heldin = file; - rw->eMrw_heldat = line; -} - - -void eMrwlock_downgrade(rw, file, line) -eMrwlock_t *rw; -char *file; -int line; -{ - if (rw->eMrw_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMrwlock_write_enter(%p): bad magic: %#x\n", - rw->eMrw_owner, rw, rw->eMrw_magic); - abort(); - } - if (rw->eMrw_read != 0 || rw->eMrw_write != 1) { - fprintf(stderr, - "%s:eMrwlock_write_enter(%p): already locked: %d/%d\n", - rw->eMrw_owner, rw, rw->eMrw_read, rw->eMrw_write); - abort(); - } - rw->eMrw_write--; - rw->eMrw_read++; - rw->eMrw_heldin = file; - rw->eMrw_heldat = line; -} - - -void eMrwlock_exit(rw) -eMrwlock_t *rw; -{ - if (rw->eMrw_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMrwlock_exit(%p): bad magic: %#x\n", - rw->eMrw_owner, rw, rw->eMrw_magic); - abort(); - } - if (rw->eMrw_read != 1 && rw->eMrw_write != 1) { - fprintf(stderr, "%s:eMrwlock_exit(%p): not locked: %d/%d\n", - rw->eMrw_owner, rw, rw->eMrw_read, rw->eMrw_write); - abort(); - } - if (rw->eMrw_read == 1) - rw->eMrw_read--; - else if (rw->eMrw_write == 1) - rw->eMrw_write--; - rw->eMrw_heldin = NULL; - rw->eMrw_heldat = 0; -} - - -void eMrwlock_init(rw, who) -eMrwlock_t *rw; -char *who; -{ - if (rw->eMrw_magic == EMM_MAGIC) { /* safe bet ? */ - fprintf(stderr, - "%s:eMrwlock_init(%p): already initialised?: %#x\n", - rw->eMrw_owner, rw, rw->eMrw_magic); - abort(); - } - rw->eMrw_magic = EMM_MAGIC; - rw->eMrw_read = 0; - rw->eMrw_write = 0; - if (who != NULL) - rw->eMrw_owner = strdup(who); - else - rw->eMrw_owner = NULL; -} - - -void eMrwlock_destroy(rw) -eMrwlock_t *rw; -{ - if (rw->eMrw_magic != EMM_MAGIC) { - fprintf(stderr, "%s:eMrwlock_destroy(%p): bad magic: %#x\n", - rw->eMrw_owner, rw, rw->eMrw_magic); - abort(); - } - memset(rw, 0xa5, sizeof(*rw)); -} diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c deleted file mode 100644 index 67b7dad..0000000 --- a/contrib/ipfilter/lib/tcp_flags.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (C) 2000-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: tcp_flags.c,v 1.8.2.1 2006/06/16 17:21:17 darrenr Exp $ - */ - -#include "ipf.h" - -extern char flagset[]; -extern u_char flags[]; - - -u_char tcp_flags(flgs, mask, linenum) -char *flgs; -u_char *mask; -int linenum; -{ - u_char tcpf = 0, tcpfm = 0; - char *s; - - s = strchr(flgs, '/'); - if (s) - *s++ = '\0'; - - if (*flgs == '0') { - tcpf = strtol(flgs, NULL, 0); - } else { - tcpf = tcpflags(flgs); - } - - if (s != NULL) { - if (*s == '0') - tcpfm = strtol(s, NULL, 0); - else - tcpfm = tcpflags(s); - } - - if (!tcpfm) { - if (tcpf == TH_SYN) - tcpfm = 0xff & ~(TH_ECN|TH_CWR); - else - tcpfm = 0xff & ~(TH_ECN); - } - *mask = tcpfm; - return tcpf; -} diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c deleted file mode 100644 index bf2c284..0000000 --- a/contrib/ipfilter/lib/tcpflags.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (C) 2001-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: tcpflags.c,v 1.3.4.1 2006/06/16 17:21:17 darrenr Exp $ - */ - -#include "ipf.h" - - -/* - * ECN is a new addition to TCP - RFC 2481 - */ -#ifndef TH_ECN -# define TH_ECN 0x40 -#endif -#ifndef TH_CWR -# define TH_CWR 0x80 -#endif - -extern char flagset[]; -extern u_char flags[]; - - -u_char tcpflags(flgs) -char *flgs; -{ - u_char tcpf = 0; - char *s, *t; - - for (s = flgs; *s; s++) { - if (*s == 'W') - tcpf |= TH_CWR; - else { - if (!(t = strchr(flagset, *s))) { - return 0; - } - tcpf |= flags[t - flagset]; - } - } - return tcpf; -} diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c deleted file mode 100644 index 7c03736..0000000 --- a/contrib/ipfilter/lib/tcpoptnames.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright (C) 2000-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: tcpoptnames.c,v 1.5.4.1 2006/06/16 17:21:17 darrenr Exp $ - */ - -#include "ipf.h" - - -struct ipopt_names tcpoptnames[] ={ - { TCPOPT_NOP, 0x000001, 1, "nop" }, - { TCPOPT_MAXSEG, 0x000002, 4, "maxseg" }, - { TCPOPT_WINDOW, 0x000004, 3, "wscale" }, - { TCPOPT_SACK_PERMITTED, 0x000008, 2, "sackok" }, - { TCPOPT_SACK, 0x000010, 3, "sack" }, - { TCPOPT_TIMESTAMP, 0x000020, 10, "tstamp" }, - { 0, 0, 0, (char *)NULL } /* must be last */ -}; diff --git a/contrib/ipfilter/lib/to_interface.c b/contrib/ipfilter/lib/to_interface.c deleted file mode 100644 index 8f2c16f..0000000 --- a/contrib/ipfilter/lib/to_interface.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp $ - */ - -#include "ipf.h" - - -int to_interface(fdp, to, linenum) -frdest_t *fdp; -char *to; -int linenum; -{ - char *s; - - s = strchr(to, ':'); - fdp->fd_ifp = NULL; - if (s) { - *s++ = '\0'; - if (hostnum((u_32_t *)&fdp->fd_ip, s, linenum, NULL) == -1) - return -1; - } - (void) strncpy(fdp->fd_ifname, to, sizeof(fdp->fd_ifname) - 1); - fdp->fd_ifname[sizeof(fdp->fd_ifname) - 1] = '\0'; - return 0; -} diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c deleted file mode 100644 index 97c20b0..0000000 --- a/contrib/ipfilter/lib/v6ionames.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (C) 2003-2005 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: v6ionames.c,v 1.1.4.3 2006/06/16 17:21:18 darrenr Exp $ - */ -#include "ipf.h" - - -#ifdef USE_INET6 - -struct ipopt_names v6ionames[] ={ - { IPPROTO_HOPOPTS, 0x000001, 0, "hopopts" }, - { IPPROTO_IPV6, 0x000002, 0, "ipv6" }, - { IPPROTO_ROUTING, 0x000004, 0, "routing" }, - { IPPROTO_FRAGMENT, 0x000008, 0, "frag" }, - { IPPROTO_ESP, 0x000010, 0, "esp" }, - { IPPROTO_AH, 0x000020, 0, "ah" }, - { IPPROTO_NONE, 0x000040, 0, "none" }, - { IPPROTO_DSTOPTS, 0x000080, 0, "dstopts" }, - { IPPROTO_MOBILITY, 0x000100, 0, "mobility" }, - { 0, 0, 0, (char *)NULL } -}; - -#endif diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c deleted file mode 100644 index 6123fc2..0000000 --- a/contrib/ipfilter/lib/v6optvalue.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) 2003 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: v6optvalue.c,v 1.1.4.1 2006/06/16 17:21:18 darrenr Exp $ - */ -#include "ipf.h" - - - -u_32_t getv6optbyname(optname) -char *optname; -{ -#ifdef USE_INET6 - struct ipopt_names *io; - - for (io = v6ionames; io->on_name; io++) - if (!strcasecmp(optname, io->on_name)) - return io->on_bit; -#endif - return -1; -} - - -u_32_t getv6optbyvalue(optval) -int optval; -{ -#ifdef USE_INET6 - struct ipopt_names *io; - - for (io = v6ionames; io->on_name; io++) - if (io->on_value == optval) - return io->on_bit; -#endif - return -1; -} diff --git a/contrib/ipfilter/lib/var.c b/contrib/ipfilter/lib/var.c deleted file mode 100644 index 3d90a23..0000000 --- a/contrib/ipfilter/lib/var.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Copyright (C) 2002-2004 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: var.c,v 1.4.2.3 2006/06/16 17:21:18 darrenr Exp $ - */ - -#include <ctype.h> - -#include "ipf.h" - -typedef struct variable { - struct variable *v_next; - char *v_name; - char *v_value; -} variable_t; - -static variable_t *vtop = NULL; - -static variable_t *find_var __P((char *)); -static char *expand_string __P((char *, int)); - - -static variable_t *find_var(name) -char *name; -{ - variable_t *v; - - for (v = vtop; v != NULL; v = v->v_next) - if (!strcmp(name, v->v_name)) - return v; - return NULL; -} - - -char *get_variable(string, after, line) -char *string, **after; -int line; -{ - char c, *s, *t, *value; - variable_t *v; - - s = string; - - if (*s == '{') { - s++; - for (t = s; *t != '\0'; t++) - if (*t == '}') - break; - if (*t == '\0') { - fprintf(stderr, "%d: { without }\n", line); - return NULL; - } - } else if (ISALPHA(*s)) { - for (t = s + 1; *t != '\0'; t++) - if (!ISALPHA(*t) && !ISDIGIT(*t) && (*t != '_')) - break; - } else { - fprintf(stderr, "%d: variables cannot start with '%c'\n", - line, *s); - return NULL; - } - - if (after != NULL) - *after = t; - c = *t; - *t = '\0'; - v = find_var(s); - *t = c; - if (v == NULL) { - fprintf(stderr, "%d: unknown variable '%s'\n", line, s); - return NULL; - } - - s = strdup(v->v_value); - value = expand_string(s, line); - if (value != s) - free(s); - return value; -} - - -static char *expand_string(oldstring, line) -char *oldstring; -int line; -{ - char c, *s, *p1, *p2, *p3, *newstring, *value; - int len; - - p3 = NULL; - newstring = oldstring; - - for (s = oldstring; *s != '\0'; s++) - if (*s == '$') { - *s = '\0'; - s++; - - switch (*s) - { - case '$' : - bcopy(s, s - 1, strlen(s)); - break; - default : - c = *s; - if (c == '\0') - return newstring; - - value = get_variable(s, &p3, line); - if (value == NULL) - return NULL; - - p2 = expand_string(value, line); - if (p2 == NULL) - return NULL; - - len = strlen(newstring) + strlen(p2); - if (p3 != NULL) { - if (c == '{' && *p3 == '}') - p3++; - len += strlen(p3); - } - p1 = malloc(len + 1); - if (p1 == NULL) - return NULL; - - *(s - 1) = '\0'; - strcpy(p1, newstring); - strcat(p1, p2); - if (p3 != NULL) - strcat(p1, p3); - - s = p1 + len - strlen(p3) - 1; - if (newstring != oldstring) - free(newstring); - newstring = p1; - break; - } - } - return newstring; -} - - -void set_variable(name, value) -char *name; -char *value; -{ - variable_t *v; - int len; - - if (name == NULL || value == NULL || *name == '\0') - return; - - v = find_var(name); - if (v != NULL) { - free(v->v_value); - v->v_value = strdup(value); - return; - } - - len = strlen(value); - - if ((*value == '"' && value[len - 1] == '"') || - (*value == '\'' && value[len - 1] == '\'')) { - value[len - 1] = '\0'; - value++; - len -=2; - } - - v = (variable_t *)malloc(sizeof(*v)); - if (v == NULL) - return; - v->v_name = strdup(name); - v->v_value = strdup(value); - v->v_next = vtop; - vtop = v; -} diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c deleted file mode 100644 index 4a856b0..0000000 --- a/contrib/ipfilter/lib/verbose.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) 2000-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * $Id: verbose.c,v 1.6.4.1 2006/06/16 17:21:18 darrenr Exp $ - */ - -#if defined(__STDC__) -# include <stdarg.h> -#else -# include <varargs.h> -#endif -#include <stdio.h> - -#include "ipt.h" -#include "opts.h" - - -#if defined(__STDC__) -void verbose(char *fmt, ...) -#else -void verbose(fmt, va_alist) -char *fmt; -va_dcl -#endif -{ - va_list pvar; - - va_start(pvar, fmt); - - if (opts & OPT_VERBOSE) - vprintf(fmt, pvar); - va_end(pvar); -} |
