diff options
author | darrenr <darrenr@FreeBSD.org> | 2007-10-18 21:42:51 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2007-10-18 21:42:51 +0000 |
commit | 71e82d94e82560b20789833f60056506de34de8b (patch) | |
tree | da6aaa7272c76c9c4cad931122fd1f4e4db237a5 /contrib/ipfilter/tools | |
parent | e2e28d4361fc9bdb67694eedaf349bdc7ca088a3 (diff) | |
download | FreeBSD-src-71e82d94e82560b20789833f60056506de34de8b.zip FreeBSD-src-71e82d94e82560b20789833f60056506de34de8b.tar.gz |
Import IPFilter 4.1.28
Diffstat (limited to 'contrib/ipfilter/tools')
-rw-r--r-- | contrib/ipfilter/tools/ipf_y.y | 24 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfstat.c | 9 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipmon.c | 35 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipnat.c | 65 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipnat_y.y | 1 | ||||
-rw-r--r-- | contrib/ipfilter/tools/lexer.c | 55 |
6 files changed, 163 insertions, 26 deletions
diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index dfda237..4156250 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -770,8 +770,20 @@ fromport: srcportlist: portnum { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $1;) } + | portnum ':' portnum + { DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $1; \ + fr->fr_stop = $3;) } + | portnum YY_RANGE_IN portnum + { DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $1; \ + fr->fr_stop = $3;) } | srcportlist lmore portnum { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $3;) } + | srcportlist lmore portnum ':' portnum + { DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $3; \ + fr->fr_stop = $5;) } + | srcportlist lmore portnum YY_RANGE_IN portnum + { DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $3; \ + fr->fr_stop = $5;) } ; dstobject: @@ -836,8 +848,20 @@ toport: dstportlist: portnum { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $1;) } + | portnum ':' portnum + { DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $1; \ + fr->fr_dtop = $3;) } + | portnum YY_RANGE_IN portnum + { DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $1; \ + fr->fr_dtop = $3;) } | dstportlist lmore portnum { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $3;) } + | dstportlist lmore portnum ':' portnum + { DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $3; \ + fr->fr_dtop = $5;) } + | dstportlist lmore portnum YY_RANGE_IN portnum + { DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $3; \ + fr->fr_dtop = $5;) } ; addr: pool '/' YY_NUMBER { pooled = 1; diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index db8de45..e28fe4c 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -69,7 +69,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.23 2007/05/31 13:13:02 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.25 2007/06/30 09:48:50 darrenr Exp $"; #endif #ifdef __hpux @@ -1118,7 +1118,7 @@ ips_stat_t *ipsp; PRINTF("\t%u%% hash efficiency\n", ipsp->iss_active ? (u_int)(ipsp->iss_inuse * 100 / ipsp->iss_active) : 0); - minlen = ipsp->iss_max; + minlen = ipsp->iss_inuse; totallen = 0; maxlen = 0; @@ -1126,7 +1126,7 @@ ips_stat_t *ipsp; if (buckets[i] > maxlen) maxlen = buckets[i]; if (buckets[i] < minlen) - minlen = buckets[i]; + minlen = buckets[i]; totallen += buckets[i]; } @@ -1809,7 +1809,7 @@ int *port; *port = -1; } else if (!sscanf(comma + 1, "%d", port) || (*port < 0) || (*port > 65535)) { - fprintf(stderr, "Invalid port specfication in %s\n", + fprintf(stderr, "Invalid port specification in %s\n", argument); free(s); exit(-2); @@ -1821,6 +1821,7 @@ int *port; /* get ip address */ if (!strcasecmp(s, "any")) { ip->in4.s_addr = INADDR_ANY; + ok = 1; #ifdef USE_INET6 ip->in6 = in6addr_any; } else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) { diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index 3bc0555..f07396d 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -76,7 +76,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.18 2007/05/27 11:12:12 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.20 2007/09/20 12:51:56 darrenr Exp $"; #endif @@ -750,6 +750,8 @@ int blen; strcpy(t, "NAT:MAPBLOCK "); else if (nl->nl_type == NL_CLONE) strcpy(t, "NAT:CLONE "); + else if (nl->nl_type == NL_DESTROY) + strcpy(t, "NAT:DESTROY "); else sprintf(t, "Type: %d ", nl->nl_type); t += strlen(t); @@ -762,8 +764,9 @@ int blen; (void) sprintf(t, "%s,%s ", HOSTNAME_V4(res, nl->nl_outip), portname(res, proto, (u_int)nl->nl_outport)); t += strlen(t); - (void) sprintf(t, "[%s,%s]", HOSTNAME_V4(res, nl->nl_origip), - portname(res, proto, (u_int)nl->nl_origport)); + (void) sprintf(t, "[%s,%s PR %s]", HOSTNAME_V4(res, nl->nl_origip), + portname(res, proto, (u_int)nl->nl_origport), + getproto(nl->nl_p)); t += strlen(t); if (nl->nl_type == NL_EXPIRE) { #ifdef USE_QUAD_T @@ -1000,7 +1003,10 @@ int blen; ipflog_t *ipf; iplog_t *ipl; #ifdef USE_INET6 + struct ip6_ext *ehp; + u_short ehl; ip6_t *ip6; + int go; #endif ipl = (iplog_t *)buf; @@ -1109,6 +1115,29 @@ int blen; s = (u_32_t *)&ip6->ip6_src; d = (u_32_t *)&ip6->ip6_dst; plen = hl + ntohs(ip6->ip6_plen); + go = 1; + ehp = (struct ip6_ext *)((char *)ip6 + hl); + while (go == 1) { + switch (p) + { + case IPPROTO_HOPOPTS : + case IPPROTO_MOBILITY : + case IPPROTO_DSTOPTS : + case IPPROTO_ROUTING : + case IPPROTO_AH : + p = ehp->ip6e_nxt; + ehl = 8 + (ehp->ip6e_len << 3); + hl += ehl; + ehp = (struct ip6_ext *)((char *)ehp + ehl); + break; + case IPPROTO_FRAGMENT : + hl += sizeof(struct ip6_frag); + /* FALLTHROUGH */ + default : + go = 0; + break; + } + } #else sprintf(t, "ipv6"); goto printipflog; diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index 83eb5be..038df6d 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -65,7 +65,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.6 2007/05/11 11:16:55 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.11 2007/09/25 08:27:34 darrenr Exp $"; #endif @@ -78,6 +78,7 @@ char thishost[MAXHOSTNAMELEN]; extern char *optarg; void dostats __P((int, natstat_t *, int, int)); +void dotable __P((natstat_t *, int, int)); void flushtable __P((int, int)); void usage __P((char *)); int main __P((int, char*[])); @@ -357,9 +358,10 @@ int fd, opts, alive; nsp->ns_added, nsp->ns_expire); printf("no memory\t%lu\tbad nat\t%lu\n", nsp->ns_memfail, nsp->ns_badnat); - printf("inuse\t%lu\nrules\t%lu\n", - nsp->ns_inuse, nsp->ns_rules); + printf("inuse\t%lu\norphans\t%u\nrules\t%lu\n", + nsp->ns_inuse, nsp->ns_orphans, nsp->ns_rules); printf("wilds\t%u\n", nsp->ns_wilds); + dotable(nsp, fd, alive); if (opts & OPT_VERBOSE) printf("table %p list %p\n", nsp->ns_table, nsp->ns_list); @@ -376,6 +378,63 @@ int fd, opts, alive; } +void dotable(nsp, fd, alive) +natstat_t *nsp; +int fd, alive; +{ + int sz, i, used, totallen, maxlen, minlen; + ipftable_t table; + u_long *buckets; + ipfobj_t obj; + + sz = sizeof(*buckets) * nsp->ns_nattab_sz; + buckets = (u_long *)malloc(sz); + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GTABLE; + obj.ipfo_size = sizeof(table); + obj.ipfo_ptr = &table; + + table.ita_type = IPFTABLE_BUCKETS_NATIN; + table.ita_table = buckets; + + if (alive) { + if (ioctl(fd, SIOCGTABL, &obj) != 0) { + free(buckets); + return; + } + } else { + if (kmemcpy((char *)buckets, (u_long)nsp->ns_nattab_sz, sz)) { + free(buckets); + return; + } + } + + totallen = 0; + maxlen = 0; + minlen = nsp->ns_inuse; + used = 0; + + for (i = 0; i < nsp->ns_nattab_sz; i++) { + if (buckets[i] > maxlen) + maxlen = buckets[i]; + if (buckets[i] < minlen) + minlen = buckets[i]; + if (buckets[i] != 0) + used++; + totallen += buckets[i]; + } + + printf("hash efficiency\t%2.2f%%\n", + totallen ? ((float)used / totallen) * 100.0 : 0.0); + printf("bucket usage\t%2.2f%%\n", + ((float)used / nsp->ns_nattab_sz) * 100.0); + printf("minimal length\t%d\n", minlen); + printf("maximal length\t%d\n", maxlen); + printf("average length\t%.3f\n", used ? (float)totallen / used : 0.0); +} + + /* * Display NAT statistics. */ diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index b20f623..6208c98 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -609,6 +609,7 @@ compare: range: YY_RANGE_OUT { $$ = FR_OUTRANGE; } | YY_RANGE_IN { $$ = FR_INRANGE; } + | ':' { $$ = FR_INCRANGE; } ; ipv4: YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index 9810345..1ad00c4 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -36,6 +36,7 @@ extern int yydebug; char *yystr = NULL; int yytext[YYBUFSIZ+1]; +char yychars[YYBUFSIZ+1]; int yylineNum = 1; int yypos = 0; int yylast = -1; @@ -49,13 +50,15 @@ wordtab_t *yysavewords[30]; static wordtab_t *yyfindkey __P((char *)); -static int yygetc __P((void)); +static int yygetc __P((int)); static void yyunputc __P((int)); static int yyswallow __P((int)); static char *yytexttostr __P((int, int)); static void yystrtotext __P((char *)); +static char *yytexttochar __P((void)); -static int yygetc() +static int yygetc(docont) +int docont; { int c; @@ -74,6 +77,13 @@ static int yygetc() yypos++; } else { c = fgetc(yyin); + if (docont && (c == '\\')) { + c = fgetc(yyin); + if (c == '\n') { + yylineNum++; + c = fgetc(yyin); + } + } } if (c == '\n') yylineNum++; @@ -99,7 +109,7 @@ int last; { int c; - while (((c = yygetc()) > '\0') && (c != last)) + while (((c = yygetc(0)) > '\0') && (c != last)) ; if (c != EOF) @@ -110,6 +120,17 @@ int last; } +static char *yytexttochar() +{ + int i; + + for (i = 0; i < yypos; i++) + yychars[i] = (char)(yytext[i] & 0xff); + yychars[i] = '\0'; + return yychars; +} + + static void yystrtotext(str) char *str; { @@ -165,7 +186,9 @@ int yylex() } nextchar: - c = yygetc(); + c = yygetc(0); + if (yydebug > 1) + printf("yygetc = (%x) %c [%*.*s]\n", c, c, yypos, yypos, yytexttochar()); switch (c) { @@ -228,20 +251,20 @@ nextchar: yyunputc(c); goto done; } - n = yygetc(); + n = yygetc(0); if (n == '{') { if (yyswallow('}') == -1) { rval = -2; goto done; } - (void) yygetc(); + (void) yygetc(0); } else { if (!ISALPHA(n)) { yyunputc(n); break; } do { - n = yygetc(); + n = yygetc(1); } while (ISALPHA(n) || ISDIGIT(n) || n == '_'); yyunputc(n); } @@ -273,7 +296,7 @@ nextchar: goto done; } do { - n = yygetc(); + n = yygetc(1); if (n == EOF || n == TOOLONG) { rval = -2; goto done; @@ -323,7 +346,7 @@ nextchar: break; if (isbuilding == 1) break; - n = yygetc(); + n = yygetc(0); if (n == '>') { isbuilding = 1; goto done; @@ -337,7 +360,7 @@ nextchar: yyunputc(c); goto done; } - n = yygetc(); + n = yygetc(0); if (n == '=') { rval = YY_CMP_NE; goto done; @@ -353,7 +376,7 @@ nextchar: yyunputc(c); goto done; } - n = yygetc(); + n = yygetc(0); if (n == '=') { rval = YY_CMP_LE; goto done; @@ -373,7 +396,7 @@ nextchar: yyunputc(c); goto done; } - n = yygetc(); + n = yygetc(0); if (n == '=') { rval = YY_CMP_GE; goto done; @@ -410,7 +433,7 @@ nextchar: */ do { *s++ = c; - c = yygetc(); + c = yygetc(1); } while ((ishex(c) || c == ':' || c == '.') && (s - ipv6buf < 46)); yyunputc(c); @@ -436,10 +459,10 @@ nextchar: } if (isbuilding == 0 && c == '0') { - n = yygetc(); + n = yygetc(0); if (n == 'x') { do { - n = yygetc(); + n = yygetc(1); } while (ishex(n)); yyunputc(n); rval = YY_HEX; @@ -453,7 +476,7 @@ nextchar: */ if (isbuilding == 0 && ISDIGIT(c)) { do { - n = yygetc(); + n = yygetc(1); } while (ISDIGIT(n)); yyunputc(n); rval = YY_NUMBER; |