diff options
author | darrenr <darrenr@FreeBSD.org> | 2005-04-25 17:31:50 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2005-04-25 17:31:50 +0000 |
commit | d438802dcb3e270d6fcc65f075c808c64853a7c2 (patch) | |
tree | e2e1c7115044e6dfc86ff65598566fa32e5f7421 /contrib/ipfilter/samples | |
parent | 590450fec65a8e72a8965117398bc8f14938b4a8 (diff) | |
download | FreeBSD-src-d438802dcb3e270d6fcc65f075c808c64853a7c2.zip FreeBSD-src-d438802dcb3e270d6fcc65f075c808c64853a7c2.tar.gz |
import ipfilter 4.1.8 into the vendor branch
Diffstat (limited to 'contrib/ipfilter/samples')
-rw-r--r-- | contrib/ipfilter/samples/.cvsignore | 4 | ||||
-rw-r--r-- | contrib/ipfilter/samples/Makefile | 10 | ||||
-rw-r--r-- | contrib/ipfilter/samples/ipfilter-pb.gif | bin | 795 -> 796 bytes | |||
-rw-r--r-- | contrib/ipfilter/samples/proxy.c | 33 | ||||
-rw-r--r-- | contrib/ipfilter/samples/relay.c | 196 | ||||
-rw-r--r-- | contrib/ipfilter/samples/userauth.c | 12 |
6 files changed, 240 insertions, 15 deletions
diff --git a/contrib/ipfilter/samples/.cvsignore b/contrib/ipfilter/samples/.cvsignore new file mode 100644 index 0000000..4d38251 --- /dev/null +++ b/contrib/ipfilter/samples/.cvsignore @@ -0,0 +1,4 @@ +userauth +proxy +relay +trans_relay diff --git a/contrib/ipfilter/samples/Makefile b/contrib/ipfilter/samples/Makefile index 1dad079..47ab4a2 100644 --- a/contrib/ipfilter/samples/Makefile +++ b/contrib/ipfilter/samples/Makefile @@ -11,14 +11,14 @@ all: @echo "make sunos5" sunos5: - $(CC) -DSOLARIS2=`uname -r | sh -c 'IFS=. read j n x; echo $$n'` \ - -I.. userauth.c -o userauth -lsocket -lnsl - $(CC) -DSOLARIS2=`uname -r | sh -c 'IFS=. read j n x; echo $$n'` \ - -I.. proxy.c -o proxy -lsocket -lnsl + $(CC) -I.. userauth.c -o userauth -lsocket -lnsl + $(CC) -I.. proxy.c -o proxy -lsocket -lnsl + $(CC) -I.. relay.c -o relay -lsocket -lnsl freebsd freebsd22 netbsd bsd bsdi sunos4 openbsd: $(CC) -I.. userauth.c -o userauth $(CC) -I.. proxy.c -o proxy + $(CC) -I.. relay.c -o relay clean: - /bin/rm -f userauth proxy + /bin/rm -f userauth proxy relay diff --git a/contrib/ipfilter/samples/ipfilter-pb.gif b/contrib/ipfilter/samples/ipfilter-pb.gif Binary files differindex afaefa8..f729ab1 100644 --- a/contrib/ipfilter/samples/ipfilter-pb.gif +++ b/contrib/ipfilter/samples/ipfilter-pb.gif diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c index ef9a69c..ccf2ac6 100644 --- a/contrib/ipfilter/samples/proxy.c +++ b/contrib/ipfilter/samples/proxy.c @@ -1,3 +1,5 @@ +/* $NetBSD$ */ + /* * Sample transparent proxy program. * @@ -45,6 +47,7 @@ #include "netinet/ip_state.h" #include "netinet/ip_proxy.h" #include "netinet/ip_nat.h" +#include "netinet/ipl.h" main(argc, argv) @@ -52,6 +55,7 @@ int argc; char *argv[]; { struct sockaddr_in sin, sloc, sout; + ipfobj_t obj; natlookup_t natlook; natlookup_t *natlookp = &natlook; char buffer[512]; @@ -77,21 +81,27 @@ char *argv[]; exit(-1); } + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(natlook); + obj.ipfo_ptr = &natlook; + obj.ipfo_type = IPFOBJ_NATLOOKUP; + /* * Build up the NAT natlookup structure. */ bzero((char *)&natlook, sizeof(natlook)); natlook.nl_outip = sin.sin_addr; natlook.nl_inip = sloc.sin_addr; - natlook.nl_flags = IPN_TCPUDP; + natlook.nl_flags = IPN_TCP; natlook.nl_outport = ntohs(sin.sin_port); natlook.nl_inport = ntohs(sloc.sin_port); /* * Open the NAT device and lookup the mapping pair. */ - fd = open(IPL_NAT, O_RDONLY); - if (ioctl(fd, SIOCGNATL, &natlookp) == -1) { + fd = open(IPNAT_NAME, O_RDONLY); + if (ioctl(fd, SIOCGNATL, &obj) == -1) { perror("ioctl(SIOCGNATL)"); exit(-1); } @@ -131,6 +141,7 @@ char *extif; struct sockaddr_in usin; u_32_t sum1, sum2, sumd; int onoff, ofd, slen; + ipfobj_t obj; ipnat_t *ipn; nat_t *nat; @@ -140,8 +151,12 @@ char *extif; nat->nat_p = IPPROTO_TCP; nat->nat_dir = NAT_OUTBOUND; if ((extif != NULL) && (*extif != '\0')) { - strncpy(nat->nat_ifname, extif, sizeof(nat->nat_ifname)); - nat->nat_ifname[sizeof(nat->nat_ifname) - 1] = '\0'; + strncpy(nat->nat_ifnames[0], extif, + sizeof(nat->nat_ifnames[0])); + strncpy(nat->nat_ifnames[1], extif, + sizeof(nat->nat_ifnames[1])); + nat->nat_ifnames[0][sizeof(nat->nat_ifnames[0]) - 1] = '\0'; + nat->nat_ifnames[1][sizeof(nat->nat_ifnames[1]) - 1] = '\0'; } ofd = socket(AF_INET, SOCK_DGRAM, 0); @@ -186,9 +201,15 @@ printf("local port# to use: %d\n", ntohs(usin.sin_port)); nat->nat_flags = IPN_TCPUDP; + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(*nsp); + obj.ipfo_ptr = nsp; + obj.ipfo_type = IPFOBJ_NATSAVE; + onoff = 1; if (ioctl(fd, SIOCSTLCK, &onoff) == 0) { - if (ioctl(fd, SIOCSTPUT, &nsp) != 0) + if (ioctl(fd, SIOCSTPUT, &obj) != 0) perror("SIOCSTPUT"); onoff = 0; if (ioctl(fd, SIOCSTLCK, &onoff) != 0) diff --git a/contrib/ipfilter/samples/relay.c b/contrib/ipfilter/samples/relay.c new file mode 100644 index 0000000..b91779a --- /dev/null +++ b/contrib/ipfilter/samples/relay.c @@ -0,0 +1,196 @@ +/* $NetBSD$ */ + +/* + * Sample program to be used as a transparent proxy. + * + * Must be executed with permission enough to do an ioctl on /dev/ipl + * or equivalent. This is just a sample and is only alpha quality. + * - Darren Reed (8 April 1996) + */ +#include <unistd.h> +#include <stdio.h> +#include <fcntl.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/syslog.h> +#include <sys/socket.h> +#include <sys/ioctl.h> +#include <netinet/in.h> +#include <net/if.h> +#include "ip_compat.h" +#include "ip_fil.h" +#include "ip_nat.h" +#include "ipl.h" + +#define RELAY_BUFSZ 8192 + +char ibuff[RELAY_BUFSZ]; +char obuff[RELAY_BUFSZ]; + +int relay(ifd, ofd, rfd) +int ifd, ofd, rfd; +{ + fd_set rfds, wfds; + char *irh, *irt, *rrh, *rrt; + char *iwh, *iwt, *rwh, *rwt; + int nfd, n, rw; + + irh = irt = ibuff; + iwh = iwt = obuff; + nfd = ifd; + if (nfd < ofd) + nfd = ofd; + if (nfd < rfd) + nfd = rfd; + + while (1) { + FD_ZERO(&rfds); + FD_ZERO(&wfds); + if (irh > irt) + FD_SET(rfd, &wfds); + if (irh < (ibuff + RELAY_BUFSZ)) + FD_SET(ifd, &rfds); + if (iwh > iwt) + FD_SET(ofd, &wfds); + if (iwh < (obuff + RELAY_BUFSZ)) + FD_SET(rfd, &rfds); + + switch ((n = select(nfd + 1, &rfds, &wfds, NULL, NULL))) + { + case -1 : + case 0 : + return -1; + default : + if (FD_ISSET(ifd, &rfds)) { + rw = read(ifd, irh, ibuff + RELAY_BUFSZ - irh); + if (rw == -1) + return -1; + if (rw == 0) + return 0; + irh += rw; + n--; + } + if (n && FD_ISSET(ofd, &wfds)) { + rw = write(ofd, iwt, iwh - iwt); + if (rw == -1) + return -1; + iwt += rw; + n--; + } + if (n && FD_ISSET(rfd, &rfds)) { + rw = read(rfd, iwh, obuff + RELAY_BUFSZ - iwh); + if (rw == -1) + return -1; + if (rw == 0) + return 0; + iwh += rw; + n--; + } + if (n && FD_ISSET(rfd, &wfds)) { + rw = write(rfd, irt, irh - irt); + if (rw == -1) + return -1; + irt += rw; + n--; + } + if (irh == irt) + irh = irt = ibuff; + if (iwh == iwt) + iwh = iwt = obuff; + } + } +} + +main(argc, argv) +int argc; +char *argv[]; +{ + struct sockaddr_in sin; + ipfobj_t obj; + natlookup_t nl; + natlookup_t *nlp = &nl; + int fd, sl = sizeof(sl), se; + + openlog(argv[0], LOG_PID|LOG_NDELAY, LOG_DAEMON); + if ((fd = open(IPNAT_NAME, O_RDONLY)) == -1) { + se = errno; + perror("open"); + errno = se; + syslog(LOG_ERR, "open: %m\n"); + exit(-1); + } + + bzero(&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(nl); + obj.ipfo_ptr = &nl; + obj.ipfo_type = IPFOBJ_NATLOOKUP; + + bzero(&nl, sizeof(nl)); + nl.nl_flags = IPN_TCP; + + bzero(&sin, sizeof(sin)); + sin.sin_family = AF_INET; + sl = sizeof(sin); + if (getsockname(0, (struct sockaddr *)&sin, &sl) == -1) { + se = errno; + perror("getsockname"); + errno = se; + syslog(LOG_ERR, "getsockname: %m\n"); + exit(-1); + } else { + nl.nl_inip.s_addr = sin.sin_addr.s_addr; + nl.nl_inport = sin.sin_port; + } + + bzero(&sin, sizeof(sin)); + sin.sin_family = AF_INET; + sl = sizeof(sin); + if (getpeername(0, (struct sockaddr *)&sin, &sl) == -1) { + se = errno; + perror("getpeername"); + errno = se; + syslog(LOG_ERR, "getpeername: %m\n"); + exit(-1); + } else { + nl.nl_outip.s_addr = sin.sin_addr.s_addr; + nl.nl_outport = sin.sin_port; + } + + if (ioctl(fd, SIOCGNATL, &obj) == -1) { + se = errno; + perror("ioctl"); + errno = se; + syslog(LOG_ERR, "ioctl: %m\n"); + exit(-1); + } + + sin.sin_port = nl.nl_realport; + sin.sin_addr = nl.nl_realip; + sl = sizeof(sin); + + fd = socket(AF_INET, SOCK_STREAM, 0); + if (connect(fd, (struct sockaddr *)&sin, sl) == -1) { + se = errno; + perror("connect"); + errno = se; + syslog(LOG_ERR, "connect: %m\n"); + exit(-1); + } + + (void) ioctl(fd, F_SETFL, ioctl(fd, F_GETFL, 0)|O_NONBLOCK); + (void) ioctl(0, F_SETFL, ioctl(fd, F_GETFL, 0)|O_NONBLOCK); + (void) ioctl(1, F_SETFL, ioctl(fd, F_GETFL, 0)|O_NONBLOCK); + + syslog(LOG_NOTICE, "connected to %s,%d\n", inet_ntoa(sin.sin_addr), + ntohs(sin.sin_port)); + if (relay(0, 1, fd) == -1) { + se = errno; + perror("relay"); + errno = se; + syslog(LOG_ERR, "relay: %m\n"); + exit(-1); + } + exit(0); +} diff --git a/contrib/ipfilter/samples/userauth.c b/contrib/ipfilter/samples/userauth.c index 5b50a94..ef059ac 100644 --- a/contrib/ipfilter/samples/userauth.c +++ b/contrib/ipfilter/samples/userauth.c @@ -1,3 +1,5 @@ +/* $NetBSD$ */ + #include <sys/types.h> #include <sys/socket.h> #include <fcntl.h> @@ -21,7 +23,9 @@ main() char yn[16]; int fd; - fd = open(IPL_AUTH, O_RDWR); + fd = open(IPL_NAME, O_RDWR); + fra.fra_len = 0; + fra.fra_buf = NULL; while (ioctl(fd, SIOCAUTHW, &frap) == 0) { if (fra.fra_info.fin_out) fra.fra_pass = FR_OUTQUE; @@ -29,10 +33,10 @@ main() fra.fra_pass = FR_INQUE; printf("%s ", inet_ntoa(fi->fi_src)); - if (fi->fi_fl & FI_TCPUDP) + if (fi->fi_flx & FI_TCPUDP) printf("port %d ", fin->fin_data[0]); printf("-> %s ", inet_ntoa(fi->fi_dst)); - if (fi->fi_fl & FI_TCPUDP) + if (fi->fi_flx & FI_TCPUDP) printf("port %d ", fin->fin_data[1]); printf("\n"); printf("Allow packet through ? [y/n]"); @@ -44,7 +48,7 @@ main() fra.fra_pass |= FR_BLOCK; else if (yn[0] == 'y' || yn[0] == 'Y') { fra.fra_pass |= FR_PASS; - if (fra.fra_info.fin_fi.fi_fl & FI_TCPUDP) + if (fra.fra_info.fin_fi.fi_flx & FI_TCPUDP) fra.fra_pass |= FR_KEEPSTATE; } else fra.fra_pass |= FR_NOMATCH; |