Import IPFilter 3.4.25

2 files changed, 205 insertions, 8 deletions

diff --git a/contrib/ipfilter/samples/Makefile b/contrib/ipfilter/samples/Makefile
index 5bd03b31..1dad079 100644
--- a/contrib/ipfilter/samples/Makefile
+++ b/contrib/ipfilter/samples/Makefile
@@ -1,10 +1,22 @@
 CC=gcc
+all:
+	@echo "Please do one of the following:"
+	@echo "make bsd"
+	@echo "make bsdi"
+	@echo "make freebsd"
+	@echo "make freebsd22"
+	@echo "make netbsd"
+	@echo "make openbsd"
+	@echo "make sunos4"
+	@echo "make sunos5"
 
 sunos5:
-	$(CC) -I.. userauth.c -o userauth -lsocket -lnsl
-	$(CC) -I.. proxy.c -o proxy -lsocket -lnsl
+	$(CC) -DSOLARIS2=`uname -r | sh -c 'IFS=. read j n x; echo $$n'` \
+		-I.. userauth.c -o userauth -lsocket -lnsl
+	$(CC) -DSOLARIS2=`uname -r | sh -c 'IFS=. read j n x; echo $$n'` \
+		-I.. proxy.c -o proxy -lsocket -lnsl
 
-freebsd freebsd22 netbsd bsd bsdi sunos4:
+freebsd freebsd22 netbsd bsd bsdi sunos4 openbsd:
 	$(CC) -I.. userauth.c -o userauth
 	$(CC) -I.. proxy.c -o proxy
 
diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c
index 7ac6ec9..ef9a69c 100644
--- a/contrib/ipfilter/samples/proxy.c
+++ b/contrib/ipfilter/samples/proxy.c
@@ -41,6 +41,8 @@
 #include <ctype.h>
 #include "netinet/ip_compat.h"
 #include "netinet/ip_fil.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_state.h"
 #include "netinet/ip_proxy.h"
 #include "netinet/ip_nat.h"
 
@@ -81,19 +83,25 @@ char *argv[];
 	bzero((char *)&natlook, sizeof(natlook));
 	natlook.nl_outip = sin.sin_addr;
 	natlook.nl_inip = sloc.sin_addr;
-	natlook.nl_flags = IPN_TCP;
-	natlook.nl_outport = sin.sin_port;
-	natlook.nl_inport = sloc.sin_port;
+	natlook.nl_flags = IPN_TCPUDP;
+	natlook.nl_outport = ntohs(sin.sin_port);
+	natlook.nl_inport = ntohs(sloc.sin_port);
 
 	/*
 	 * Open the NAT device and lookup the mapping pair.
 	 */
 	fd = open(IPL_NAT, O_RDONLY);
 	if (ioctl(fd, SIOCGNATL, &natlookp) == -1) {
-		perror("ioctl");
+		perror("ioctl(SIOCGNATL)");
 		exit(-1);
 	}
-	close(fd);
+
+#define	DO_NAT_OUT
+#ifdef	DO_NAT_OUT
+	if (argc > 1)
+		do_nat_out(0, 1, fd, &natlook, argv[1]);
+#else
+
 	/*
 	 * Log it
 	 */
@@ -109,4 +117,181 @@ char *argv[];
 		if (write(1, buffer, n) != n)
 			break;
 	close(0);
+#endif
 }
+
+
+#ifdef	DO_NAT_OUT
+do_nat_out(in, out, fd, nlp, extif)
+int fd;
+natlookup_t *nlp;
+char *extif;
+{
+	nat_save_t ns, *nsp = &ns;
+	struct sockaddr_in usin;
+	u_32_t sum1, sum2, sumd;
+	int onoff, ofd, slen;
+	ipnat_t *ipn;
+	nat_t *nat;
+
+	bzero((char *)&ns, sizeof(ns));
+
+	nat = &ns.ipn_nat;
+	nat->nat_p = IPPROTO_TCP;
+	nat->nat_dir = NAT_OUTBOUND;
+	if ((extif != NULL) && (*extif != '\0')) {
+		strncpy(nat->nat_ifname, extif, sizeof(nat->nat_ifname));
+		nat->nat_ifname[sizeof(nat->nat_ifname) - 1] = '\0';
+	}
+
+	ofd = socket(AF_INET, SOCK_DGRAM, 0);
+	bzero((char *)&usin, sizeof(usin));
+	usin.sin_family = AF_INET;
+	usin.sin_addr = nlp->nl_realip;
+	usin.sin_port = nlp->nl_realport;
+	(void) connect(ofd, (struct sockaddr *)&usin, sizeof(usin));
+	slen = sizeof(usin);
+	(void) getsockname(ofd, (struct sockaddr *)&usin, &slen);
+	close(ofd);
+printf("local IP# to use: %s\n", inet_ntoa(usin.sin_addr));
+
+	if ((ofd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
+		perror("socket");
+	usin.sin_port = 0;
+	if (bind(ofd, (struct sockaddr *)&usin, sizeof(usin)))
+		perror("bind");
+	slen = sizeof(usin);
+	if (getsockname(ofd, (struct sockaddr *)&usin, &slen))
+		perror("getsockname");
+printf("local port# to use: %d\n", ntohs(usin.sin_port));
+
+	nat->nat_inip = usin.sin_addr;
+	nat->nat_outip = nlp->nl_outip;
+	nat->nat_oip = nlp->nl_realip;
+
+	sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr)) + ntohs(usin.sin_port);
+	sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr)) + ntohs(nlp->nl_outport);
+	CALC_SUMD(sum1, sum2, sumd);
+	nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
+	nat->nat_sumd[1] = nat->nat_sumd[0];
+
+	sum1 = LONG_SUM(ntohl(usin.sin_addr.s_addr));
+	sum2 = LONG_SUM(ntohl(nat->nat_outip.s_addr));
+	CALC_SUMD(sum1, sum2, sumd);
+	nat->nat_ipsumd = (sumd & 0xffff) + (sumd >> 16);
+
+	nat->nat_inport = usin.sin_port;
+	nat->nat_outport = nlp->nl_outport;
+	nat->nat_oport = nlp->nl_realport;
+
+	nat->nat_flags = IPN_TCPUDP;
+
+	onoff = 1;
+	if (ioctl(fd, SIOCSTLCK, &onoff) == 0) {
+		if (ioctl(fd, SIOCSTPUT, &nsp) != 0)
+			perror("SIOCSTPUT");
+		onoff = 0;
+		if (ioctl(fd, SIOCSTLCK, &onoff) != 0)
+			perror("SIOCSTLCK");
+	}
+
+	usin.sin_addr = nlp->nl_realip;
+	usin.sin_port = nlp->nl_realport;
+printf("remote end for connection: %s,%d\n", inet_ntoa(usin.sin_addr),
+ntohs(usin.sin_port));
+fflush(stdout);
+	if (connect(ofd, (struct sockaddr *)&usin, sizeof(usin)))
+		perror("connect");
+
+	relay(in, out, ofd);
+}
+
+
+relay(in, out, net)
+int in, out, net;
+{
+	char netbuf[1024], outbuf[1024];
+	char *nwptr, *nrptr, *owptr, *orptr;
+	size_t nsz, osz;
+	fd_set rd, wr;
+	int i, n, maxfd;
+
+	n = 0;
+	maxfd = in;
+	if (out > maxfd)
+		maxfd = out;
+	if (net > maxfd)
+		maxfd = net;
+
+	nrptr = netbuf;
+	nwptr = netbuf;
+	nsz = sizeof(netbuf);
+	orptr = outbuf;
+	owptr = outbuf;
+	osz = sizeof(outbuf);
+
+	while (n >= 0) {
+		FD_ZERO(&rd);
+		FD_ZERO(&wr);
+
+		if (nrptr - netbuf < sizeof(netbuf))
+			FD_SET(in, &rd);
+		if (orptr - outbuf < sizeof(outbuf))
+			FD_SET(net, &rd);
+
+		if (nsz < sizeof(netbuf))
+			FD_SET(net, &wr);
+		if (osz < sizeof(outbuf))
+			FD_SET(out, &wr);
+
+		n = select(maxfd + 1, &rd, &wr, NULL, NULL);
+
+		if ((n > 0) && FD_ISSET(in, &rd)) {
+			i = read(in, nrptr, sizeof(netbuf) - (nrptr - netbuf));
+			if (i <= 0)
+				break;
+			nsz -= i;
+			nrptr += i;
+			n--;
+		}
+
+		if ((n > 0) && FD_ISSET(net, &rd)) {
+			i = read(net, orptr, sizeof(outbuf) - (orptr - outbuf));
+			if (i <= 0)
+				break;
+			osz -= i;
+			orptr += i;
+			n--;
+		}
+
+		if ((n > 0) && FD_ISSET(out, &wr)) {
+			i = write(out, owptr, orptr - owptr);
+			if (i <= 0)
+				break;
+			osz += i;
+			if (osz == sizeof(outbuf) || owptr == orptr) {
+				orptr = outbuf;
+				owptr = outbuf;
+			} else
+				owptr += i;
+			n--;
+		}
+
+		if ((n > 0) && FD_ISSET(net, &wr)) {
+			i = write(net, nwptr, nrptr - nwptr);
+			if (i <= 0)
+				break;
+			nsz += i;
+			if (nsz == sizeof(netbuf) || nwptr == nrptr) {
+				nrptr = netbuf;
+				nwptr = netbuf;
+			} else
+				nwptr += i;
+		}
+	}
+
+	close(net);
+	close(out);
+	close(in);
+}
+#endif