diff options
| author | darrenr <darrenr@FreeBSD.org> | 2001-07-28 11:59:33 +0000 |
|---|---|---|
| committer | darrenr <darrenr@FreeBSD.org> | 2001-07-28 11:59:33 +0000 |
| commit | 99e3b6df8393bbba193b443140fea021aa898be9 (patch) | |
| tree | 05f9d13cb19e0aa93749b6b2a5beee6f4f1caa5f /contrib/ipfilter | |
| parent | 8c6429f93edf1a181ec4dc15d5bceb4a8bfa0f51 (diff) | |
| parent | c51cd1facc817411a340278e6e0b901d53f11cc5 (diff) | |
| download | FreeBSD-src-99e3b6df8393bbba193b443140fea021aa898be9.zip FreeBSD-src-99e3b6df8393bbba193b443140fea021aa898be9.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r80486,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/ipfilter')
69 files changed, 924 insertions, 514 deletions
diff --git a/contrib/ipfilter/BNF b/contrib/ipfilter/BNF index 556171d..ac2381b 100644 --- a/contrib/ipfilter/BNF +++ b/contrib/ipfilter/BNF @@ -17,7 +17,7 @@ log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . call = "call" [ "now" ] function-name . skip = "skip" decnumber . dup = "dup-to" interface-name[":"ipaddr] . -froute = "fastroute" | "to" interface-name . +froute = "fastroute" | "to" interface-name [ ":" ipaddr ] . protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . srcdst = "all" | fromto . fromto = "from" object "to" object . diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY index 0249367..584f4f2 100644 --- a/contrib/ipfilter/HISTORY +++ b/contrib/ipfilter/HISTORY @@ -22,6 +22,121 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +3.4.20 24/07/2001 - Released + +adjust NAT hashing to give a better spread across the table + +show icmp code/type names in output, where known + +fix bug in altering cached interface names in state when resync'ing + +fix bug in real audio proxy that caused crashs + +fix compiling using sunos4 cc + +patch from casper to address weird exit problem for ipstat in top mode + +patch from Greg Woods to produce names for icmp types/unreach codes, +where they are known + +fix bug where ipfr_fastroute() would use a mblk and it would also get +freed later. + +don't match fragments which would cause 64k length to be exceeded + +ftp proxy fix for port numbers being setup for pasv ftp with state/nat + +change hashing for NAT to include both IP#'s and ports. + +Solaris fixes for IPv6 + +fix compiling iplang bits, under Solaris, for ipsend + +3.4.19 29/06/2001 - Released + +fix to support suspend/resume on solaris8 as well as ipv6 + +include group/group-head in match of filter rules + +fix endian problem reading snoop files + +make all licence comments point to the one place + +fix ftp proxy to only advance state if a reply is received in response to +a recognised command + +3.4.18 05/06/2001 - Released + +fix up parsing of "from ! host" where '!' is separate + +disable hardware checksums for NetBSD + +put ipftest temporary files in . rather than /tmp + +modify ftp proxy to be more intelligent about moving between states +and recognise new authentication commands + +allow state/nat table sizes to be externally influenced + +print out host mapping table for NAT with ipnat -l + +fix handling of hardware checksum'ing on Solaris + +fixup makefiles for Solaris + +update regression tests + +fix surrender of SPL's for failure cases + +include patches for OpenBSD's new timeout mechanism + +default ipl_unreach to ICMP_UNREACH_FILTER_PROHIB if defined, else make it +ICMP_UNREACH_FILTER + +fix up handling of packets matching auth rules and interaction with state + +add -q command line option to ipfstat on Solaris to list bound interfaces + +add command line option to ipfstat/ipnat to select different core image + +don't use ncurses on Solaris for STATETOP + +fix includes to get FreeBSD version + +do not byte swap ip_id + +fix handling success for packets matching the auth rule + +don't double-count short packets + +add ICMP router discovery message size recognition + +fix packet length calculation for IPv6 + +set CPUDIR when for install-sunos5 make target + +SUNWspro -xF causes Solaris 2.5.1 kernel to crash + +3.4.17 06/04/2001 - Released + +fix fragment#0 handling bug where they could get in via cache information +created by state table entries + +use ire_walk to look for ire cache entries with link layer headers cached + +deal with bad SPL assumptions for log reading on BSD + +fix ftp proxy to allow logins with passwords + +some auth rule patches, fixing byte endian problems and returning as an error + +support LOG_SECURITY, where available, in ipmon + +don't return an error for packets which match auth rules + +introduce fr_icmpacktimeout to timeout entries once an ICMP reply has +been seen separately to when created + 3.4.16 15/01/2001 - Released fix race condition in flushing of state entries that are timing out diff --git a/contrib/ipfilter/IMPORTANT b/contrib/ipfilter/IMPORTANT index de2cc85..0ef7a3d 100644 --- a/contrib/ipfilter/IMPORTANT +++ b/contrib/ipfilter/IMPORTANT @@ -3,41 +3,6 @@ **************************************** 1) -If you're using this software and have a rule which ends like this: - -flags S - -(for TCP), then to make it totally effective, you need to change it to appear -as follows: - -flags S/SA - -The problem is that the old code would compare all the TCP flags against the -rule (which just has "S") to see if that matched exactly. It is very possible -for this to not be the case and in these cases, the rule would fail to match -a 'valid' TCP SYN packet. - -Why does it need to be "S/SA" and not "S/S" ? - -"S/S" will match the SYN-ACK as well the SYN. - -By defalt, "flags S" will now be converted to "flags S/AUPRFS". - -If you have any queries regarding this, see the examples and ipf(4). -If you still have a query or suggestion, please email me. - - -2) - -If a filter rule used, in combination port comparisons and the flags -keywords, a "short" TCP packet, if not explicitly blocked high up in -the list of packets, would actually get matched even though it would -otherwise not have been (due to the ports not). This behaviour has -subsequently been fixed. - - -3) - If you have BOTH GNU make and the normal make shipped with your system, DO NOT use the GNU make to build this package. diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile index 5770d40..09b5db6 100644 --- a/contrib/ipfilter/Makefile +++ b/contrib/ipfilter/Makefile @@ -1,11 +1,9 @@ # -# Copyright (C) 1993-2000 by Darren Reed. +# Copyright (C) 1993-2001 by Darren Reed. # -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original author and the contributors. +# See the IPFILTER.LICENCE file for details on licencing. # -# $Id: Makefile,v 2.11.2.6 2000/12/17 12:43:15 darrenr Exp $ +# $Id: Makefile,v 2.11.2.8 2001/06/26 10:43:10 darrenr Exp $ # BINDEST=/usr/local/bin SBINDEST=/sbin @@ -19,6 +17,7 @@ TOP=../.. CFLAGS=-I$$(TOP) CPU=`uname -m` CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` +IPFILKERN=`/bin/ls -1tr /usr/src/sys/compile | grep -v .bak | tail -1` # # To enable this to work as a Loadable Kernel Module... # @@ -262,7 +261,7 @@ install-sunos4: solaris (cd SunOS4; $(MAKE) "CPU=$(CPU) TOP=.." install) install-sunos5: solaris - (cd SunOS5; $(MAKE) "CPU=$(CPU) TOP=.." install) + (cd SunOS5; $(MAKE) "CPUDIR=`uname -p`-`uname -r`" "CPU=$(CPU) TOP=.." install) install-irix: irix (cd IRIX; smake install "CPU=$(CPU) TOP=.." $(DEST) $(MFLAGS)) diff --git a/contrib/ipfilter/common.c b/contrib/ipfilter/common.c index afcc95c..e46e63e 100644 --- a/contrib/ipfilter/common.c +++ b/contrib/ipfilter/common.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <sys/types.h> #if !defined(__SVR4) && !defined(__svr4__) diff --git a/contrib/ipfilter/etc/services b/contrib/ipfilter/etc/services index 7afcde8..01c4b782 100644 --- a/contrib/ipfilter/etc/services +++ b/contrib/ipfilter/etc/services @@ -2360,6 +2360,7 @@ dpserve 7020/udp # DP Serve dpserveadmin 7021/tcp # DP Serve Admin dpserveadmin 7021/udp # DP Serve Admin arcp 7070/tcp # ARCP +raudio 7070/tcp # Real Audio arcp 7070/udp # ARCP clutild 7174/tcp # Clutild clutild 7174/udp # Clutild diff --git a/contrib/ipfilter/facpri.c b/contrib/ipfilter/facpri.c index f851918..79afdd2 100644 --- a/contrib/ipfilter/facpri.c +++ b/contrib/ipfilter/facpri.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <string.h> @@ -18,8 +16,12 @@ #include <syslog.h> #include "facpri.h" +#ifndef __STDC__ +# define const +#endif + #if !defined(lint) -static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3 2000/03/13 22:10:18 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $"; #endif typedef struct table { @@ -55,6 +57,9 @@ table_t facs[] = { #else { "cron2", LOG_CRON2 }, #endif +#ifdef LOG_SECURITY + { "security", LOG_SECURITY }, +#endif { "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 }, { "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 }, { "local4", LOG_LOCAL4 }, { "local5", LOG_LOCAL5 }, diff --git a/contrib/ipfilter/facpri.h b/contrib/ipfilter/facpri.h index b80dbe8..7b80377 100644 --- a/contrib/ipfilter/facpri.h +++ b/contrib/ipfilter/facpri.h @@ -1,10 +1,8 @@ /* - * Copyright (C) 1999-2000 by Darren Reed. + * Copyright (C) 1999-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * $Id: facpri.h,v 1.3 2000/03/13 22:10:18 darrenr Exp $ + * See the IPFILTER.LICENCE file for details on licencing. + * $Id: facpri.h,v 1.3.2.1 2001/06/26 10:43:11 darrenr Exp $ */ #ifndef __FACPRI_H__ diff --git a/contrib/ipfilter/fils.c b/contrib/ipfilter/fils.c index 3184e4c..3ed698a 100644 --- a/contrib/ipfilter/fils.c +++ b/contrib/ipfilter/fils.c @@ -1,12 +1,16 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#ifdef __FreeBSD__ -# include <osreldate.h> +#ifdef __FreeBSD__ +# ifndef __FreeBSD_cc_version +# include <osreldate.h> +# else +# if __FreeBSD_cc_version < 430000 +# include <osreldate.h> +# endif +# endif #endif #include <stdio.h> #include <string.h> @@ -25,10 +29,6 @@ #include <fcntl.h> #include <stddef.h> #include <nlist.h> -#ifdef STATETOP -#include <ctype.h> -#include <ncurses.h> -#endif #include <sys/socket.h> #include <sys/ioctl.h> #include <netinet/in.h> @@ -56,8 +56,17 @@ #include "netinet/ip_state.h" #include "netinet/ip_auth.h" #ifdef STATETOP -#include "netinet/ipl.h" -#endif +# include "netinet/ipl.h" +# include <ctype.h> +# if SOLARIS +# ifdef ERR +# undef ERR +# endif +# include <curses.h> +# else /* SOLARIS */ +# include <ncurses.h> +# endif /* SOLARIS */ +#endif /* STATETOP */ #include "kmem.h" #if defined(__NetBSD__) || (__OpenBSD__) # include <paths.h> @@ -65,10 +74,11 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.7 2000/12/02 00:13:56 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.17 2001/07/19 12:24:09 darrenr Exp $"; #endif extern char *optarg; +extern int optind; #define PRINTF (void)printf #define FPRINTF (void)fprintf @@ -86,6 +96,7 @@ int use_inet6 = 0; #ifdef STATETOP #define STSTRSIZE 80 #define STGROWSIZE 16 +#define HOSTNMLEN 40 #define STSORT_PR 0 #define STSORT_PKTS 1 @@ -128,6 +139,9 @@ static int sort_pkts __P((const void *, const void *)); static int sort_bytes __P((const void *, const void *)); static int sort_ttl __P((const void *, const void *)); #endif +#if SOLARIS +void showqiflist __P((char *)); +#endif static char *hostname(v, ip) int v; @@ -160,7 +174,11 @@ char *name; #else fprintf(stderr, "Usage: %s [-aAfhIinosv] [-d <device>]\n", name); #endif - fprintf(stderr, " %s -t [-S source address] [-D destination address] [-P protocol] [-T refreshtime] [-C] [-d <device>]\n", name); + fprintf(stderr, "\t\t[-M corefile]"); +#if SOLARIS + fprintf(stderr, " [-N symbol-list]"); +#endif + fprintf(stderr, "\n %s -t [-S source address] [-D destination address] [-P protocol] [-T refreshtime] [-C] [-d <device>]\n", name); exit(1); } @@ -177,8 +195,11 @@ char *argv[]; ips_stat_t *ipsstp = &ipsst; ipfrstat_t ifrst; ipfrstat_t *ifrstp = &ifrst; - char *name = NULL, *device = IPL_NAME; - int c, fd; + char *name = NULL, *device = IPL_NAME, *memf = NULL; +#if SOLARIS + char *kern = NULL; +#endif + int c, fd, myoptind; struct protoent *proto; int protocol = -1; /* -1 = wild card for any protocol */ @@ -190,13 +211,50 @@ char *argv[]; saddr.s_addr = INADDR_ANY; /* default any source addr */ daddr.s_addr = INADDR_ANY; /* default any dest addr */ - if (openkmem() == -1) + /* + * Parse these two arguments now lest there be any buffer overflows + * in the parsing of the rest. + */ + myoptind = optind; +#if SOLARIS + while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:N:P:S:T:")) != -1) +#else + while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:P:S:T:")) != -1) +#endif + switch (c) + { + case 'M' : + memf = optarg; + break; +#if SOLARIS + case 'N' : + kern = optarg; + break; +#endif + } + optind = myoptind; + +#if SOLARIS + if (kern != NULL || memf != NULL) +#else + if (memf != NULL) +#endif + { + (void)setuid(getuid()); + (void)setgid(getgid()); + } + + if (openkmem(memf) == -1) exit(-1); (void)setuid(getuid()); (void)setgid(getgid()); - while ((c = getopt(argc, argv, "6aACfghIilnostvd:D:P:S:T:")) != -1) +#if SOLARIS + while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:N:P:S:T:")) != -1) +#else + while ((c = getopt(argc, argv, "6aACfghIilnostvd:D:M:P:S:T:")) != -1) +#endif { switch (c) { @@ -207,8 +265,7 @@ char *argv[]; #endif case 'a' : opts |= OPT_ACCNT|OPT_SHOWLIST; - break; - case 'A' : + break; case 'A' : device = IPAUTH_NAME; opts |= OPT_AUTHSTATS; break; @@ -239,6 +296,10 @@ char *argv[]; case 'l' : opts |= OPT_SHOWLIST; break; + case 'M' : + break; + case 'N' : + break; case 'n' : opts |= OPT_SHOWLINENO; break; @@ -255,6 +316,12 @@ char *argv[]; exit(-2); } break; +#if SOLARIS + case 'q' : + showqiflist(kern); + exit(0); + break; +#endif case 's' : opts |= OPT_IPSTATES; break; @@ -653,13 +720,52 @@ ips_stat_t *ipsp; PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); - PRINTF("interfaces: in %s[%p] ", + PRINTF("\tinterfaces: in %s[%p] ", get_ifname(ips.is_ifpin), ips.is_ifpin); PRINTF("out %s[%p]\n", get_ifname(ips.is_ifpout), ips.is_ifpout); } } + +#if SOLARIS +void showqiflist(kern) +char *kern; +{ + struct nlist qifnlist[2] = { + { "qif_head" }, + { NULL } + }; + qif_t qif, *qf; + + if (kern == NULL) + kern = "/dev/ksyms"; + + if (nlist(kern, qifnlist) == -1) { + fprintf(stderr, "nlist error\n"); + return; + } + + printf("List of interfaces bound by IPFilter:\n"); + if (kmemcpy((char *)&qf, (u_long)qifnlist[0].n_value, sizeof(qf))) + return; + while (qf) { + if (kmemcpy((char *)&qif, (u_long)qf, sizeof(qif))) + break; + printf("\tName: %-8s Header Length: %2d SAP: %s (%04x)\n", + qif.qf_name, qif.qf_hl, +#ifdef IP6_DL_SAP + (qif.qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4" +#else + "IPv4" +#endif + , qif.qf_sap); + qf = qif.qf_next; + } +} +#endif + + #ifdef STATETOP static void topipstates(fd, saddr, daddr, sport, dport, protocol, refreshtime, topclosed) @@ -679,9 +785,10 @@ int topclosed; ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; struct timeval selecttimeout; + char hostnm[HOSTNMLEN]; struct protoent *proto; fd_set readfd; - char c = '\0'; + int c = 0; time_t t; /* open state device */ @@ -694,7 +801,10 @@ int topclosed; initscr(); cbreak(); noecho(); - nodelay(stdscr, 1); + + /* init hostname */ + gethostname(hostnm, sizeof(hostnm) - 1); + hostnm[sizeof(hostnm) - 1] = '\0'; /* repeat until user aborts */ while ( 1 ) { @@ -799,8 +909,8 @@ int topclosed; attron(A_BOLD); winx = 0; move(winx,0); - sprintf(str1, "%s - state top", IPL_VERSION); - for(j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++) + sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION); + for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++) printw(" "); printw("%s", str1); attroff(A_BOLD); @@ -873,7 +983,9 @@ int topclosed; if (reverse) tp += tsentry; - for(i = 0; i <= tsentry; i++) { + if (tsentry > maxy - 6) + tsentry = maxy - 6; + for (i = 0; i <= tsentry; i++) { /* print src/dest and port */ if ((tp->st_p == IPPROTO_TCP) || (tp->st_p == IPPROTO_UDP)) { @@ -938,22 +1050,25 @@ int topclosed; select(1, &readfd, NULL, NULL, &selecttimeout); /* if key pressed, read all waiting keys */ - if (FD_ISSET(0, &readfd)) - while ((c = wgetch(stdscr)) != ERR) { - if (tolower(c) == 'l') { - redraw = 1; - } else if (tolower(c) == 'q') { - nocbreak(); - endwin(); - exit(0); - } else if (tolower(c) == 'r') { - reverse = !reverse; - } else if (tolower(c) == 's') { - sorting++; - if (sorting > STSORT_MAX) - sorting = 0; - } + if (FD_ISSET(0, &readfd)) { + c = wgetch(stdscr); + if (c == ERR) + continue; + + if (tolower(c) == 'l') { + redraw = 1; + } else if (tolower(c) == 'q') { + nocbreak(); + endwin(); + exit(0); + } else if (tolower(c) == 'r') { + reverse = !reverse; + } else if (tolower(c) == 's') { + sorting++; + if (sorting > STSORT_MAX) + sorting = 0; } + } } /* while */ close(sfd); diff --git a/contrib/ipfilter/inet_addr.c b/contrib/ipfilter/inet_addr.c index 49278a8..03bcf23 100644 --- a/contrib/ipfilter/inet_addr.c +++ b/contrib/ipfilter/inet_addr.c @@ -52,10 +52,20 @@ * - * --Copyright-- */ +#ifdef __STDC__ +# ifndef __P +# define __P(x) x +# endif +#else +# undef __P +# define __P(x) () +# undef const +# define const +#endif #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1 1999/08/04 17:29:54 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/param.h> @@ -63,13 +73,6 @@ static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1 1999/08/04 17:29:54 darr #include <arpa/inet.h> #include <ctype.h> -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif int inet_aton __P((const char *, struct in_addr *)); /* diff --git a/contrib/ipfilter/ip_lfil.c b/contrib/ipfilter/ip_lfil.c index 4763ad7..14e6b42 100644 --- a/contrib/ipfilter/ip_lfil.c +++ b/contrib/ipfilter/ip_lfil.c @@ -1,12 +1,10 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6 2000/03/13 22:10:21 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.2 2001/07/18 14:57:09 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) @@ -337,7 +335,7 @@ int iplioctl(dev_t dev, int cmd, caddr_t data, int mode) break; } case SIOCATHST : - error = fr_auth_ioctl(data, cmd, NULL, NULL); + error = fr_auth_ioctl(data, mode, cmd, NULL, NULL); break; case SIOCFRSYN : if (!(mode & FWRITE)) @@ -484,7 +482,7 @@ caddr_t data; if (fg && fg->fg_head) fg->fg_head->fr_ref--; if (unit == IPL_LOGAUTH) - return fr_auth_ioctl(data, req, f, ftail); + return fr_auth_ioctl(data, mode, req, f, ftail); if (f->fr_grhead) fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, unit, set); @@ -497,7 +495,7 @@ caddr_t data; error = EEXIST; else { if (unit == IPL_LOGAUTH) - return fr_auth_ioctl(data, req, f, ftail); + return fr_auth_ioctl(data, mode, req, f, ftail); KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) diff --git a/contrib/ipfilter/ip_sfil.c b/contrib/ipfilter/ip_sfil.c index f6373811..26ef65f 100644 --- a/contrib/ipfilter/ip_sfil.c +++ b/contrib/ipfilter/ip_sfil.c @@ -1,15 +1,13 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * I hate legaleese, don't you ? */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.9 2000/11/12 11:55:17 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.12 2001/07/18 14:57:09 darrenr Exp $"; #endif #include <sys/types.h> @@ -197,7 +195,7 @@ int *rp; return error; } if (unit == IPL_LOGAUTH) { - error = fr_auth_ioctl((caddr_t)data, cmd, NULL, NULL); + error = fr_auth_ioctl((caddr_t)data, mode, cmd, NULL, NULL); RWLOCK_EXIT(&ipf_solaris); return error; } @@ -458,6 +456,7 @@ caddr_t data; } fdp = &fp->fr_dif; + fdp->fd_mp = NULL; fp->fr_flags &= ~FR_DUP; if (*fdp->fd_ifname) { ill = get_unit(fdp->fd_ifname, (int)fp->fr_v); @@ -491,6 +490,7 @@ caddr_t data; } fdp = &fp->fr_tif; + fdp->fd_mp = NULL; if (*fdp->fd_ifname) { ill = get_unit(fdp->fd_ifname, (int)fp->fr_v); if (!ill) @@ -577,10 +577,6 @@ caddr_t data; } if (fg && fg->fg_head) fg->fg_head->fr_ref--; - if (unit == IPL_LOGAUTH) { - error = fr_auth_ioctl(data, req, fp, ftail); - goto out; - } if (f->fr_grhead) fr_delgroup(f->fr_grhead, fp->fr_flags, unit, set); @@ -594,10 +590,6 @@ caddr_t data; if (f) { error = EEXIST; } else { - if (unit == IPL_LOGAUTH) { - error = fr_auth_ioctl(data, req, fp, ftail); - goto out; - } KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) diff --git a/contrib/ipfilter/ipf.c b/contrib/ipfilter/ipf.c index 355c42a..4d25fce 100644 --- a/contrib/ipfilter/ipf.c +++ b/contrib/ipfilter/ipf.c @@ -1,12 +1,16 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #ifdef __FreeBSD__ -# include <osreldate.h> +# ifndef __FreeBSD_cc_version +# include <osreldate.h> +# else +# if __FreeBSD_cc_version < 430000 +# include <osreldate.h> +# endif +# endif #endif #include <stdio.h> #include <unistd.h> @@ -43,7 +47,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.5 2000/10/25 10:37:11 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.10 2001/07/18 11:34:19 darrenr Exp $"; #endif #if SOLARIS @@ -74,13 +78,19 @@ static void closedevice __P((void)); static char *getline __P((char *, size_t, FILE *, int *)); static char *ipfname = IPL_NAME; static void usage __P((void)); -static void showversion __P((void)); +static int showversion __P((void)); static int get_flags __P((void)); +#if SOLARIS +# define OPTS "6AdDEf:F:Il:noPrsUvVyzZ" +#else +# define OPTS "6AdDEf:F:Il:noPrsvVyzZ" +#endif + static void usage() { - fprintf(stderr, "usage: ipf [-6AdDEInoPrsUvVyzZ] %s %s %s\n", + fprintf(stderr, "usage: ipf [-%s] %s %s %s\n", OPTS, "[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]"); exit(1); } @@ -92,11 +102,9 @@ char *argv[]; { int c; - while ((c = getopt(argc, argv, "6AdDEf:F:Il:noPrsUvVyzZ")) != -1) { + while ((c = getopt(argc, argv, OPTS)) != -1) { switch (c) { - case '?' : - usage(); #ifdef USE_INET6 case '6' : use_inet6 = 1; @@ -146,10 +154,11 @@ char *argv[]; break; #endif case 'v' : - opts |= OPT_VERBOSE; + opts += OPT_VERBOSE; break; case 'V' : - showversion(); + if (showversion()) + exit(1); break; case 'y' : frsync(); @@ -160,6 +169,9 @@ char *argv[]; case 'Z' : zerostats(); break; + default : + usage(); + break; } } @@ -553,7 +565,7 @@ static void blockunknown() #endif -static void showversion() +static int showversion() { struct friostat fio; struct friostat *fiop=&fio; @@ -565,13 +577,13 @@ static void showversion() if ((vfd = open(ipfname, O_RDONLY)) == -1) { perror("open device"); - return; + return 1; } if (ioctl(vfd, SIOCGETFS, &fiop)) { perror("ioctl(SIOCGETFS)"); close(vfd); - return; + return 1; } close(vfd); flags = get_flags(); @@ -610,4 +622,6 @@ static void showversion() s = "nomatch -> block"; printf("%s all, Logging: %savailable\n", s, fio.f_logging ? "" : "un"); printf("Active list: %d\n", fio.f_active); + + return 0; } diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h index ee6ae4d..e7a70ca 100644 --- a/contrib/ipfilter/ipf.h +++ b/contrib/ipfilter/ipf.h @@ -1,12 +1,10 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 - * $Id: ipf.h,v 2.9.2.2 2000/05/06 11:20:20 darrenr Exp $ + * $Id: ipf.h,v 2.9.2.3 2001/06/26 10:43:18 darrenr Exp $ */ #ifndef __IPF_H__ diff --git a/contrib/ipfilter/ipfs.c b/contrib/ipfilter/ipfs.c index d43fc56..baf3d1c 100644 --- a/contrib/ipfilter/ipfs.c +++ b/contrib/ipfilter/ipfs.c @@ -1,12 +1,16 @@ /* - * Copyright (C) 1999 by Darren Reed. + * Copyright (C) 1999-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #ifdef __FreeBSD__ -# include <osreldate.h> +# ifndef __FreeBSD_cc_version +# include <osreldate.h> +# else +# if __FreeBSD_cc_version < 430000 +# include <osreldate.h> +# endif +# endif #endif #include <stdio.h> #include <unistd.h> @@ -41,7 +45,7 @@ #include "ipf.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.3 2001/01/10 06:20:12 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.7 2001/06/26 10:43:18 darrenr Exp $"; #endif #ifndef IPF_SAVEDIR @@ -532,6 +536,7 @@ char *file; } bzero((char *)&ipn, sizeof(ipn)); + ipnp = &ipn; /* * 1. Read all state information in. @@ -573,7 +578,7 @@ char *file; } } else in = (nat_save_t *)malloc(sizeof(*in)); - bcopy((char *)&ipnp, (char *)in, sizeof(ipn)); + bcopy((char *)ipnp, (char *)in, sizeof(ipn)); /* * Check to see if this is the first state entry that will diff --git a/contrib/ipfilter/ipft_ef.c b/contrib/ipfilter/ipft_ef.c index cbdc599..0cb4623 100644 --- a/contrib/ipfilter/ipft_ef.c +++ b/contrib/ipfilter/ipft_ef.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* @@ -51,7 +49,7 @@ etherfind -n -t #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $"; #endif static int etherf_open __P((char *)); diff --git a/contrib/ipfilter/ipft_hx.c b/contrib/ipfilter/ipft_hx.c index ccbc3ee..2be1698 100644 --- a/contrib/ipfilter/ipft_hx.c +++ b/contrib/ipfilter/ipft_hx.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1995-2000 by Darren Reed. + * Copyright (C) 1995-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <ctype.h> @@ -42,7 +40,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $"; #endif extern int opts; diff --git a/contrib/ipfilter/ipft_pc.c b/contrib/ipfilter/ipft_pc.c index 061b7e4..eced91f 100644 --- a/contrib/ipfilter/ipft_pc.c +++ b/contrib/ipfilter/ipft_pc.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <string.h> @@ -33,7 +31,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $"; #endif struct llc { @@ -46,7 +44,7 @@ struct llc { * While many of these maybe the same, some do have different header formats * which make this useful. */ -#define DLT_MAX 10 +#define DLT_MAX 14 static struct llc llcs[DLT_MAX+1] = { { 0, 0, 0 }, /* DLT_NULL */ @@ -59,7 +57,10 @@ static struct llc llcs[DLT_MAX+1] = { { 0, 0, 0 }, /* DLT_ARCNET */ { 0, 0, 0 }, /* DLT_SLIP */ { 0, 0, 0 }, /* DLT_PPP */ - { 0, 0, 0 } /* DLT_FDDI */ + { 0, 0, 0 }, /* DLT_FDDI */ + { 0, 0, 0 }, /* DLT_ATMRFC1483 */ + { 0, 0, 0 }, /* DLT_LOOP */ + { 0, 0, 0 } /* DLT_ENC */ }; static int pcap_open __P((char *)); @@ -114,7 +115,7 @@ char *fname; swap_hdr(&ph); } - if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type > DLT_MAX) { + if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type >= DLT_MAX) { (void) close(fd); return -2; } diff --git a/contrib/ipfilter/ipft_sn.c b/contrib/ipfilter/ipft_sn.c index 573c007..1b5e219 100644 --- a/contrib/ipfilter/ipft_sn.c +++ b/contrib/ipfilter/ipft_sn.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* @@ -37,7 +35,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $"; #endif struct llc { @@ -78,6 +76,7 @@ char *fname; { struct snoophdr sh; int fd; + int s_v; if (sfd != -1) return sfd; @@ -90,16 +89,18 @@ char *fname; if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh)) return -2; - if (sh.s_v != SNOOP_VERSION || - sh.s_type < 0 || sh.s_type > SDL_MAX) { + s_v = (int)ntohl(sh.s_v); + s_type = (int)ntohl(sh.s_type); + + if (s_v != SNOOP_VERSION || + s_type < 0 || s_type > SDL_MAX) { (void) close(fd); return -2; } sfd = fd; - s_type = sh.s_type; printf("opened snoop file %s:\n", fname); - printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, sh.s_v, s_type); + printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type); return fd; } @@ -118,20 +119,22 @@ static int snoop_close() static int snoop_read_rec(rec) struct snooppkt *rec; { - int n, p; + int n, plen, ilen; if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) return -2; - if (rec->sp_ilen > rec->sp_plen || rec->sp_plen < sizeof(*rec)) + ilen = (int)ntohl(rec->sp_ilen); + plen = (int)ntohl(rec->sp_plen); + if (ilen > plen || plen < sizeof(*rec)) return -2; - p = rec->sp_plen - sizeof(*rec); - n = MIN(p, rec->sp_ilen); + plen -= sizeof(*rec); + n = MIN(plen, ilen); if (!n || n < 0) return -3; - return p; + return plen; } diff --git a/contrib/ipfilter/ipft_td.c b/contrib/ipfilter/ipft_td.c index 457591c..5f470ee 100644 --- a/contrib/ipfilter/ipft_td.c +++ b/contrib/ipfilter/ipft_td.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* @@ -60,7 +58,7 @@ tcpdump -nqte #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $"; #endif static int tcpd_open __P((char *)); diff --git a/contrib/ipfilter/ipft_tx.c b/contrib/ipfilter/ipft_tx.c index 2668976..1e650f5 100644 --- a/contrib/ipfilter/ipft_tx.c +++ b/contrib/ipfilter/ipft_tx.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1995-2000 by Darren Reed. + * Copyright (C) 1995-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <ctype.h> @@ -43,7 +41,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.1 2001/01/10 06:19:53 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.4 2001/06/26 10:43:18 darrenr Exp $"; #endif extern int opts; @@ -223,12 +221,12 @@ int *out; bzero(ipopts, sizeof(ipopts)); ip->ip_hl = sizeof(*ip) >> 2; ip->ip_v = IPVERSION; - for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; ) + for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && (i < 19); ) cps[++i] = strtok(NULL, " \b\t\r\n"); - if (i < 2) - return 1; cpp = cps; + if (!*cpp) + return 1; c = **cpp; if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) { @@ -237,12 +235,16 @@ int *out; } *out = (tolower(c) == 'o') ? 1 : 0; cpp++; + if (!*cpp) + return 1; if (!strcasecmp(*cpp, "on")) { cpp++; if (!*cpp) return 1; *ifn = strdup(*cpp++); + if (!*cpp) + return 1; } c = **cpp; diff --git a/contrib/ipfilter/iplang/iplang.h b/contrib/ipfilter/iplang/iplang.h index d8986c8..f36a384 100644 --- a/contrib/ipfilter/iplang/iplang.h +++ b/contrib/ipfilter/iplang/iplang.h @@ -1,9 +1,7 @@ /* * Copyright (C) 1997-1998 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ typedef struct iface { int if_MTU; diff --git a/contrib/ipfilter/ipnat.c b/contrib/ipfilter/ipnat.c index 51af2e1..b8cb37e 100644 --- a/contrib/ipfilter/ipnat.c +++ b/contrib/ipfilter/ipnat.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com) */ @@ -57,7 +55,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.5 2000/12/02 00:15:04 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.9 2001/07/18 15:06:33 darrenr Exp $"; #endif @@ -110,10 +108,10 @@ int main(argc, argv) int argc; char *argv[]; { - char *file = NULL; int fd = -1, opts = 0, c, mode = O_RDWR; + char *file = NULL, *core = NULL; - while ((c = getopt(argc, argv, "CdFf:hlnrsv")) != -1) + while ((c = getopt(argc, argv, "CdFf:hlM:nrsv")) != -1) switch (c) { case 'C' : @@ -135,6 +133,9 @@ char *argv[]; opts |= OPT_LIST; mode = O_RDONLY; break; + case 'M' : + core = optarg; + break; case 'n' : opts |= OPT_NODO; mode = O_RDONLY; @@ -153,6 +154,13 @@ char *argv[]; usage(argv[0]); } + if (core != NULL) { + if (openkmem(core) == -1) + exit(1); + (void) setgid(getgid()); + (void) setuid(getuid()); + } + gethostname(thishost, sizeof(thishost)); thishost[sizeof(thishost) - 1] = '\0'; @@ -292,8 +300,10 @@ ipnat_t *ipnat; void dostats(fd, opts) int fd, opts; { + hostmap_t hm, *hmp, **maptable; natstat_t ns, *nsp = &ns; nat_t **nt[2], *np, nat; + u_int hv, hv1, hv2; ipnat_t ipn; bzero((char *)&ns, sizeof(ns)); @@ -353,15 +363,21 @@ int fd, opts; printf("\n\tage %lu use %hu sumd %s/", nat.nat_age, nat.nat_use, getsumd(nat.nat_sumd[0])); + hv1 = NAT_HASH_FN(nat.nat_inip.s_addr, + nat.nat_inport, + 0xffffffff), + hv1 = NAT_HASH_FN(nat.nat_oip.s_addr, + hv1 + nat.nat_oport, + NAT_TABLE_SZ), + hv2 = NAT_HASH_FN(nat.nat_outip.s_addr, + nat.nat_outport, + 0xffffffff), + hv2 = NAT_HASH_FN(nat.nat_oip.s_addr, + hv2 + nat.nat_oport, + NAT_TABLE_SZ), printf("%s pr %u bkt %d/%d flags %x ", getsumd(nat.nat_sumd[1]), nat.nat_p, - (int)NAT_HASH_FN(nat.nat_inip.s_addr, - nat.nat_inport, - NAT_TABLE_SZ), - (int)NAT_HASH_FN(nat.nat_outip.s_addr, - nat.nat_outport, - NAT_TABLE_SZ), - nat.nat_flags); + hv1, hv2, nat.nat_flags); #ifdef USE_QUAD_T printf("bytes %qu pkts %qu", (unsigned long long)nat.nat_bytes, @@ -379,6 +395,38 @@ int fd, opts; printaps(nat.nat_aps, opts); } + if (opts & OPT_VERBOSE) { + printf("\nList of active host mappings:\n"); + + maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) * + ns.ns_hostmap_sz); + if (kmemcpy((char *)maptable, (u_long)ns.ns_maptable, + sizeof(hostmap_t *) * ns.ns_hostmap_sz)) { + perror("kmemcpy (maptable)"); + return; + } + + for (hv = 0; hv < ns.ns_hostmap_sz; hv++) { + hmp = maptable[hv]; + + while(hmp) { + + if (kmemcpy((char *)&hm, (u_long)hmp, + sizeof(hostmap_t))) { + perror("kmemcpy (hostmap)"); + return; + } + + printf("%s -> ", + inet_ntoa(hm.hm_realip)); + printf("%s ", inet_ntoa(hm.hm_mapip)); + printf("(use = %d hv = %u)\n", + hm.hm_ref, hv); + hmp = hm.hm_next; + } + } + free(maptable); + } free(nt[0]); } } diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c index 4ed6d70..261ad89 100644 --- a/contrib/ipfilter/ipsd/ipsd.c +++ b/contrib/ipfilter/ipsd/ipsd.c @@ -1,9 +1,7 @@ /* * (C)opyright 1995-1998 Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * The author of this software makes no garuntee about the * performance of this package or its suitability to fulfill any purpose. @@ -37,7 +35,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.1 1999/08/04 17:30:56 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/ipsd.h b/contrib/ipfilter/ipsd/ipsd.h index 1dbe1c4..a8f58c3 100644 --- a/contrib/ipfilter/ipsd/ipsd.h +++ b/contrib/ipfilter/ipsd/ipsd.h @@ -1,9 +1,7 @@ /* * (C)opyright 1995-1998 Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * The author of this software makes no garuntee about the * performance of this package or its suitability to fulfill any purpose. diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c index 3b95ca0..298f655 100644 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ b/contrib/ipfilter/ipsd/ipsdr.c @@ -1,9 +1,7 @@ /* * (C)opyright 1995-1998 Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * The author of this software makes no garuntee about the * performance of this package or its suitability to fulfill any purpose. @@ -38,7 +36,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.1 1999/08/04 17:30:57 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/linux.h b/contrib/ipfilter/ipsd/linux.h index 61f52b3..d9606cb 100644 --- a/contrib/ipfilter/ipsd/linux.h +++ b/contrib/ipfilter/ipsd/linux.h @@ -1,9 +1,7 @@ /* * Copyright (C) 1997-1998 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * @(#)linux.h 1.1 8/19/95 */ diff --git a/contrib/ipfilter/ipsd/sbpf.c b/contrib/ipfilter/ipsd/sbpf.c index 5d128c4..97bb4ce 100644 --- a/contrib/ipfilter/ipsd/sbpf.c +++ b/contrib/ipfilter/ipsd/sbpf.c @@ -1,9 +1,7 @@ /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * */ #include <stdio.h> diff --git a/contrib/ipfilter/ipsd/sdlpi.c b/contrib/ipfilter/ipsd/sdlpi.c index 9ec7b3f..c08fe69 100644 --- a/contrib/ipfilter/ipsd/sdlpi.c +++ b/contrib/ipfilter/ipsd/sdlpi.c @@ -1,9 +1,7 @@ /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * */ diff --git a/contrib/ipfilter/ipsd/slinux.c b/contrib/ipfilter/ipsd/slinux.c index 5b2734b..2c5aa97d 100644 --- a/contrib/ipfilter/ipsd/slinux.c +++ b/contrib/ipfilter/ipsd/slinux.c @@ -1,9 +1,7 @@ /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * The author of this software makes no garuntee about the * performance of this package or its suitability to fulfill any purpose. diff --git a/contrib/ipfilter/ipsd/snit.c b/contrib/ipfilter/ipsd/snit.c index 3f3aa50..ec7178f 100644 --- a/contrib/ipfilter/ipsd/snit.c +++ b/contrib/ipfilter/ipsd/snit.c @@ -1,9 +1,7 @@ /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. * * The author of this software makes no garuntee about the * performance of this package or its suitability to fulfill any purpose. diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c index e4159fa..898815a 100644 --- a/contrib/ipfilter/ipsend/arp.c +++ b/contrib/ipfilter/ipsend/arp.c @@ -1,14 +1,8 @@ /* * arp.c (C) 1995-1998 Darren Reed * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#if !defined(lint) -static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: arp.c,v 2.1 1999/08/04 17:31:03 darrenr Exp $"; -#endif #include <stdio.h> #include <errno.h> #include <sys/types.h> @@ -30,6 +24,11 @@ static const char rcsid[] = "@(#)$Id: arp.c,v 2.1 1999/08/04 17:31:03 darrenr Ex #include "ipsend.h" #include "iplang/iplang.h" +#if !defined(lint) +static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; +static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $"; +#endif + /* * lookup host and return diff --git a/contrib/ipfilter/ipsend/hpux.c b/contrib/ipfilter/ipsend/hpux.c index 42078e3..463fdbf 100644 --- a/contrib/ipfilter/ipsend/hpux.c +++ b/contrib/ipfilter/ipsend/hpux.c @@ -1,9 +1,7 @@ /* * (C)opyright 1997-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <strings.h> diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c index c5eacb3..db6d477 100644 --- a/contrib/ipfilter/ipsend/ip.c +++ b/contrib/ipfilter/ipsend/ip.c @@ -1,14 +1,8 @@ /* * ip.c (C) 1995-1998 Darren Reed * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.1 2001/01/10 06:21:19 darrenr Exp $"; -#endif #include <errno.h> #include <stdio.h> #include <stdlib.h> @@ -33,6 +27,10 @@ static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.1 2001/01/10 06:21:19 darrenr #endif #include "ipsend.h" +#if !defined(lint) +static const char sccsid[] = "%W% %G% (C)1995"; +static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.3 2001/07/15 22:00:13 darrenr Exp $"; +#endif static char *ipbuf = NULL, *ethbuf = NULL; diff --git a/contrib/ipfilter/ipsend/ipresend.1 b/contrib/ipfilter/ipsend/ipresend.1 index ab90471..6014313 100644 --- a/contrib/ipfilter/ipsend/ipresend.1 +++ b/contrib/ipfilter/ipsend/ipresend.1 @@ -2,7 +2,7 @@ .SH NAME ipresend \- resend IP packets out to network .SH SYNOPSIS -.B ipsend +.B ipresend [ .B \-EHPRSTX ] [ diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c index bad0f67..4a4ec1c 100644 --- a/contrib/ipfilter/ipsend/ipresend.c +++ b/contrib/ipfilter/ipsend/ipresend.c @@ -6,14 +6,8 @@ * conditions, enough of the TCP header is missing for unpredictable * results unless the filter is aware that this can happen. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1 1999/08/04 17:31:05 darrenr Exp $"; -#endif #include <stdio.h> #include <stdlib.h> #include <unistd.h> @@ -34,6 +28,11 @@ static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1 1999/08/04 17:31:05 darre #endif #include "ipsend.h" +#if !defined(lint) +static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; +static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $"; +#endif + extern char *optarg; extern int optind; diff --git a/contrib/ipfilter/ipsend/ipsend.h b/contrib/ipfilter/ipsend/ipsend.h index e2f8ff8..71e5490 100644 --- a/contrib/ipfilter/ipsend/ipsend.h +++ b/contrib/ipfilter/ipsend/ipsend.h @@ -6,11 +6,7 @@ * conditions, enough of the TCP header is missing for unpredictable * results unless the filter is aware that this can happen. * - * The author provides this program as-is, with no gaurantee for its - * suitability for any specific purpose. The author takes no responsibility - * for the misuse/abuse of this program and provides it for the sole purpose - * of testing packet filter policies. This file maybe distributed freely - * providing it is not modified and that this notice remains in tact. + * See the IPFILTER.LICENCE file for details on licencing. * */ #ifndef __P @@ -67,3 +63,9 @@ extern int kmemcpy __P((char *, void *, int)); #ifndef OPT_RAW #define OPT_RAW 0x80000 #endif + +#ifndef __STDC__ +# ifndef const +# define const +# endif +#endif diff --git a/contrib/ipfilter/ipsend/ipsopt.c b/contrib/ipfilter/ipsend/ipsopt.c index 2827c77..691ee7d 100644 --- a/contrib/ipfilter/ipsend/ipsopt.c +++ b/contrib/ipfilter/ipsend/ipsopt.c @@ -1,14 +1,8 @@ /* * Copyright (C) 1995-1998 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#if !defined(lint) -static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1 1999/08/04 17:31:07 darrenr Exp $"; -#endif #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -25,13 +19,9 @@ static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1 1999/08/04 17:31:07 darrenr #include <arpa/inet.h> #include "ipsend.h" - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif +#if !defined(lint) +static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; +static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/ipsend/iptest.c b/contrib/ipfilter/ipsend/iptest.c index dffee98..d4d37ba 100644 --- a/contrib/ipfilter/ipsend/iptest.c +++ b/contrib/ipfilter/ipsend/iptest.c @@ -6,14 +6,8 @@ * conditions, enough of the TCP header is missing for unpredictable * results unless the filter is aware that this can happen. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2 1999/12/04 03:37:05 darrenr Exp $"; -#endif #include <stdio.h> #include <netdb.h> #include <unistd.h> @@ -38,6 +32,11 @@ static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2 1999/12/04 03:37:05 darrenr #endif #include "ipsend.h" +#if !defined(lint) +static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; +static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.2 2001/07/15 22:00:14 darrenr Exp $"; +#endif + extern char *optarg; extern int optind; diff --git a/contrib/ipfilter/ipsend/larp.c b/contrib/ipfilter/ipsend/larp.c index d64e701..d178d64 100644 --- a/contrib/ipfilter/ipsend/larp.c +++ b/contrib/ipfilter/ipsend/larp.c @@ -1,13 +1,11 @@ /* * larp.c (C) 1995-1998 Darren Reed * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: larp.c,v 2.1 1999/08/04 17:31:10 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: larp.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $"; #endif #include <stdio.h> #include <errno.h> diff --git a/contrib/ipfilter/ipsend/linux.h b/contrib/ipfilter/ipsend/linux.h index ae2e05f..2d2a243 100644 --- a/contrib/ipfilter/ipsend/linux.h +++ b/contrib/ipfilter/ipsend/linux.h @@ -1,9 +1,7 @@ /* * Copyright (C) 1995-1998 by Darren Reed. * - * This code may be freely distributed as long as it retains this notice - * and is not changed in any way. The author accepts no responsibility - * for the use of this software. I hate legaleese, don't you ? + * See the IPFILTER.LICENCE file for details on licencing. * * @(#)linux.h 1.1 8/19/95 */ diff --git a/contrib/ipfilter/ipsend/lsock.c b/contrib/ipfilter/ipsend/lsock.c index a430e19..058ab40 100644 --- a/contrib/ipfilter/ipsend/lsock.c +++ b/contrib/ipfilter/ipsend/lsock.c @@ -1,13 +1,11 @@ /* * lsock.c (C) 1995-1998 Darren Reed * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1 1999/08/04 17:31:11 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: lsock.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $"; #endif #include <stdio.h> #include <unistd.h> diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c index 095aa9e..0d4102c 100644 --- a/contrib/ipfilter/ipsend/resend.c +++ b/contrib/ipfilter/ipsend/resend.c @@ -6,14 +6,8 @@ * conditions, enough of the TCP header is missing for unpredictable * results unless the filter is aware that this can happen. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ -#if !defined(lint) -static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.1 2001/01/10 06:21:20 darrenr Exp $"; -#endif #include <stdio.h> #include <netdb.h> #include <string.h> @@ -39,6 +33,12 @@ static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.1 2001/01/10 06:21:20 dar #endif #include "ipsend.h" +#if !defined(lint) +static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; +static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $"; +#endif + + extern int opts; static u_char pbuf[65536]; /* 1 big packet */ diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c index 3d797c1..dcd8422 100644 --- a/contrib/ipfilter/ipsend/sdlpi.c +++ b/contrib/ipfilter/ipsend/sdlpi.c @@ -1,9 +1,7 @@ /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> @@ -40,7 +38,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.1 1999/08/04 17:31:13 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $"; #endif #define CHUNKSIZE 8192 @@ -58,7 +56,8 @@ int sport, tout; char devname[16], *s, buf[256]; int i, fd; - (void) sprintf(devname, "/dev/%s", device); + (void) strcpy(devname, "/dev/"); + (void) strncat(devname, device, sizeof(devname) - strlen(devname)); s = devname + 5; while (*s && !isdigit(*s)) diff --git a/contrib/ipfilter/ipsend/sirix.c b/contrib/ipfilter/ipsend/sirix.c index 5317a90..4178c0e 100644 --- a/contrib/ipfilter/ipsend/sirix.c +++ b/contrib/ipfilter/ipsend/sirix.c @@ -2,9 +2,7 @@ * (C)opyright 1992-1998 Darren Reed. * (C)opyright 1997 Marc Boucher. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <sys/types.h> diff --git a/contrib/ipfilter/ipsend/slinux.c b/contrib/ipfilter/ipsend/slinux.c index 353f3ad..7438d1c 100644 --- a/contrib/ipfilter/ipsend/slinux.c +++ b/contrib/ipfilter/ipsend/slinux.c @@ -1,9 +1,7 @@ /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> @@ -29,7 +27,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95"; -static const char rcsid[] = "@(#)$Id: slinux.c,v 2.1 1999/08/04 17:31:14 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: slinux.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/snit.c b/contrib/ipfilter/ipsend/snit.c index 40aaae5..6f2c662 100644 --- a/contrib/ipfilter/ipsend/snit.c +++ b/contrib/ipfilter/ipsend/snit.c @@ -1,9 +1,7 @@ /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> @@ -40,7 +38,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: snit.c,v 2.1 1999/08/04 17:31:15 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: snit.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/ultrix.c b/contrib/ipfilter/ipsend/ultrix.c index ffab2ce..f41a8a9 100644 --- a/contrib/ipfilter/ipsend/ultrix.c +++ b/contrib/ipfilter/ipsend/ultrix.c @@ -1,9 +1,7 @@ /* * (C)opyright 1998 Darren Reed. (from tcplog) * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <strings.h> diff --git a/contrib/ipfilter/ipt.c b/contrib/ipfilter/ipt.c index 34a35e9..4749e38 100644 --- a/contrib/ipfilter/ipt.c +++ b/contrib/ipfilter/ipt.c @@ -1,12 +1,16 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #ifdef __FreeBSD__ -# include <osreldate.h> +# ifndef __FreeBSD_cc_version +# include <osreldate.h> +# else +# if __FreeBSD_cc_version < 430000 +# include <osreldate.h> +# endif +# endif #endif #include <stdio.h> #include <assert.h> @@ -55,7 +59,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6 2000/03/13 22:10:25 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.2 2001/06/26 10:43:19 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipt.h b/contrib/ipfilter/ipt.h index bdc6a29..677c74a 100644 --- a/contrib/ipfilter/ipt.h +++ b/contrib/ipfilter/ipt.h @@ -1,10 +1,8 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * $Id: ipt.h,v 2.2 2000/03/13 22:10:25 darrenr Exp $ + * See the IPFILTER.LICENCE file for details on licencing. + * $Id: ipt.h,v 2.2.2.1 2001/06/26 10:43:19 darrenr Exp $ */ #ifndef __IPT_H__ diff --git a/contrib/ipfilter/kmem.c b/contrib/ipfilter/kmem.c index ab90bba..3cad5a0 100644 --- a/contrib/ipfilter/kmem.c +++ b/contrib/ipfilter/kmem.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* * kmemcpy() - copies n bytes from kernel memory into user buffer. @@ -18,16 +16,24 @@ #include <sys/file.h> #include "kmem.h" +#ifndef __STDC__ +# define const +#endif + #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2 2000/03/13 22:10:25 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.3 2001/07/15 22:06:16 darrenr Exp $"; #endif static int kmemfd = -1; -int openkmem() +int openkmem(core) +char *core; { - if ((kmemfd = open(KMEM,O_RDONLY)) == -1) + if (core == NULL) + core = KMEM; + + if ((kmemfd = open(core, O_RDONLY)) == -1) { perror("kmeminit:open"); return -1; @@ -45,7 +51,7 @@ register int n; if (!n) return 0; if (kmemfd == -1) - if (openkmem() == -1) + if (openkmem(NULL) == -1) return -1; if (lseek(kmemfd, pos, 0) == -1) { @@ -76,7 +82,7 @@ register int n; if (!n) return 0; if (kmemfd == -1) - if (openkmem() == -1) + if (openkmem(NULL) == -1) return -1; if (lseek(kmemfd, pos, 0) == -1) { diff --git a/contrib/ipfilter/kmem.h b/contrib/ipfilter/kmem.h index d6ed3c4..08a6c5e 100644 --- a/contrib/ipfilter/kmem.h +++ b/contrib/ipfilter/kmem.h @@ -1,10 +1,8 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * $Id: kmem.h,v 2.2 2000/03/13 22:10:25 darrenr Exp $ + * See the IPFILTER.LICENCE file for details on licencing. + * $Id: kmem.h,v 2.2.2.2 2001/06/26 10:43:19 darrenr Exp $ */ #ifndef __KMEM_H__ @@ -17,7 +15,7 @@ # define __P(x) () # endif #endif -extern int openkmem __P((void)); +extern int openkmem __P((char *)); extern int kmemcpy __P((char *, long, int)); extern int kstrncpy __P((char *, long, int)); diff --git a/contrib/ipfilter/man/ipl.4 b/contrib/ipfilter/man/ipl.4 index 26aa604..15f587b 100644 --- a/contrib/ipfilter/man/ipl.4 +++ b/contrib/ipfilter/man/ipl.4 @@ -76,4 +76,4 @@ ipf(4) .SH BUGS Packet headers are dropped when the internal buffer (static size) fills. .SH FILES -/dev/ipl0 +/dev/ipl diff --git a/contrib/ipfilter/misc.c b/contrib/ipfilter/misc.c index 38b385d..df65e2c 100644 --- a/contrib/ipfilter/misc.c +++ b/contrib/ipfilter/misc.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #if (SOLARIS2 >= 7) # define _SYS_VARARGS_H @@ -52,7 +50,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: misc.c,v 2.2 2000/03/13 22:10:25 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: misc.c,v 2.2.2.1 2001/06/26 10:43:19 darrenr Exp $"; #endif extern int opts; diff --git a/contrib/ipfilter/ml_ipl.c b/contrib/ipfilter/ml_ipl.c index 0ee29cb..4db9a9b 100644 --- a/contrib/ipfilter/ml_ipl.c +++ b/contrib/ipfilter/ml_ipl.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. The author accepts no + * See the IPFILTER.LICENCE file for details on licencing. * responsibility and is not changed in any way. * * I hate legaleese, don't you ? diff --git a/contrib/ipfilter/mlf_ipl.c b/contrib/ipfilter/mlf_ipl.c index 3ca7df3..50c2d94 100644 --- a/contrib/ipfilter/mlf_ipl.c +++ b/contrib/ipfilter/mlf_ipl.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate @@ -13,12 +11,24 @@ #include <sys/param.h> -#if defined(__FreeBSD__) && (__FreeBSD__ > 1) +#if defined(__FreeBSD__) # ifdef IPFILTER_LKM -# include <osreldate.h> +# ifndef __FreeBSD_cc_version +# include <osreldate.h> +# else +# if __FreeBSD_cc_version < 430000 +# include <osreldate.h> +# endif +# endif # define ACTUALLY_LKM_NOT_KERNEL # else -# include <sys/osreldate.h> +# ifndef __FreeBSD_cc_version +# include <sys/osreldate.h> +# else +# if __FreeBSD_cc_version < 430000 +# include <sys/osreldate.h> +# endif +# endif # endif #endif #include <sys/systm.h> @@ -53,19 +63,16 @@ #if (__FreeBSD_version >= 300000) # include <sys/socket.h> #endif -#if (__FreeBSD_version >= 199511) #include <net/if.h> #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/ip.h> #include <net/route.h> +#include <net/if.h> #include <netinet/ip_var.h> #include <netinet/tcp.h> #include <netinet/tcpip.h> -#endif -#if (__FreeBSD__ > 1) -# include <sys/sysent.h> -#endif +#include <sys/sysent.h> #include <sys/lkm.h> #include "netinet/ipl.h" #include "netinet/ip_compat.h" @@ -392,7 +399,7 @@ int cmd, ver; # endif } # endif /* IPFILTER_LKM */ -static ipl_devsw_installed = 0; +static int ipl_devsw_installed = 0; static void ipl_drvinit __P((void *unused)) { diff --git a/contrib/ipfilter/mli_ipl.c b/contrib/ipfilter/mli_ipl.c index a451a10..2412029 100644 --- a/contrib/ipfilter/mli_ipl.c +++ b/contrib/ipfilter/mli_ipl.c @@ -1,10 +1,8 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * (C)opyright 1997 by Marc Boucher. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original authors and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* TODO: (MARCXXX) diff --git a/contrib/ipfilter/mln_ipl.c b/contrib/ipfilter/mln_ipl.c index 777ca9f..bda0f2e 100644 --- a/contrib/ipfilter/mln_ipl.c +++ b/contrib/ipfilter/mln_ipl.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate diff --git a/contrib/ipfilter/mls_ipl.c b/contrib/ipfilter/mls_ipl.c index 391b814..bc8f3ed 100644 --- a/contrib/ipfilter/mls_ipl.c +++ b/contrib/ipfilter/mls_ipl.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate @@ -42,7 +40,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2 2000/03/13 22:10:26 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $"; #endif extern int ipldetach __P((void)); diff --git a/contrib/ipfilter/natparse.c b/contrib/ipfilter/natparse.c index 9655615..f237708 100644 --- a/contrib/ipfilter/natparse.c +++ b/contrib/ipfilter/natparse.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <string.h> @@ -54,7 +52,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.6 2000/07/08 02:14:40 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.11 2001/07/17 14:33:09 darrenr Exp $"; #endif @@ -160,6 +158,8 @@ void *ptr; printf(" udp"); if (np->in_flags & IPN_ROUNDR) printf(" round-robin"); + if (np->in_flags & IPN_FRAG) + printf(" frag"); printf("\n"); if (opts & OPT_DEBUG) printf("\t%p %lu %#x %u %p %d\n", np->in_ifp, @@ -231,6 +231,8 @@ void *ptr; ntohs(np->in_pmax)); } } + if (np->in_flags & IPN_FRAG) + printf(" frag"); printf("\n"); if (opts & OPT_DEBUG) { printf("\tifp %p space %lu nextip %s pnext %d", @@ -277,6 +279,7 @@ int linenum; char *s, *t, *cps[31], **cpp; int i, cnt; + proto = NULL; if ((s = strchr(line, '\n'))) *s = '\0'; @@ -553,7 +556,7 @@ int linenum; } else ipn.in_pmin = 0; } else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) { - if (strrchr(*cpp, '/') != NULL) { + if (!*cpp || strrchr(*cpp, '/') != NULL) { fprintf(stderr, "%d: No netmask supported in %s\n", linenum, "destination host for redirect"); return NULL; @@ -623,6 +626,11 @@ int linenum; ipn.in_flags |= IPN_ROUNDR; } + if (*cpp && !strcasecmp(*cpp, "frag")) { + cpp++; + ipn.in_flags |= IPN_FRAG; + } + if (*cpp) { fprintf(stderr, "%d: extra junk at the end of rdr: %s\n", @@ -641,6 +649,11 @@ int linenum; if ((ipn.in_redir & NAT_MAPBLK) != 0) nat_setgroupmap(&ipn); + if (*cpp && !strcasecmp(*cpp, "frag")) { + cpp++; + ipn.in_flags |= IPN_FRAG; + } + if (!*cpp) return &ipn; diff --git a/contrib/ipfilter/opt.c b/contrib/ipfilter/opt.c index ae153a1..e0dd125 100644 --- a/contrib/ipfilter/opt.c +++ b/contrib/ipfilter/opt.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <stdio.h> #include <string.h> @@ -27,7 +25,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: opt.c,v 2.2 2000/03/13 22:10:26 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: opt.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $"; #endif extern int opts; diff --git a/contrib/ipfilter/parse.c b/contrib/ipfilter/parse.c index 0441ad5..56bc3fc 100644 --- a/contrib/ipfilter/parse.c +++ b/contrib/ipfilter/parse.c @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #include <sys/types.h> #if !defined(__SVR4) && !defined(__svr4__) @@ -394,7 +392,15 @@ int linenum; linenum); return NULL; } - if (**cpp == '!') { + if (!strcmp(*cpp, "!")) { + fil.fr_flags |= FR_NOTSRCIP; + if (!*++cpp) { + fprintf(stderr, + "%d: missing host after from\n", + linenum); + return NULL; + } + } else if (**cpp == '!') { fil.fr_flags |= FR_NOTSRCIP; (*cpp)++; } @@ -424,7 +430,15 @@ int linenum; return NULL; } ch = 0; - if (**cpp == '!') { + if (!strcmp(*cpp, "!")) { + fil.fr_flags |= FR_NOTDSTIP; + if (!*++cpp) { + fprintf(stderr, + "%d: missing host after from\n", + linenum); + return NULL; + } + } else if (**cpp == '!') { fil.fr_flags |= FR_NOTDSTIP; (*cpp)++; } diff --git a/contrib/ipfilter/pcap.h b/contrib/ipfilter/pcap.h index 1a53382..aa24798 100644 --- a/contrib/ipfilter/pcap.h +++ b/contrib/ipfilter/pcap.h @@ -1,10 +1,9 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * $Id: pcap.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $ + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: pcap.h,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $ */ /* * This header file is constructed to match the version described by diff --git a/contrib/ipfilter/relay.c b/contrib/ipfilter/relay.c index 5919086..58a44f0 100644 --- a/contrib/ipfilter/relay.c +++ b/contrib/ipfilter/relay.c @@ -107,7 +107,7 @@ char *argv[]; int fd, sl = sizeof(sl), se; openlog(argv[0], LOG_PID|LOG_NDELAY, LOG_DAEMON); - if ((fd = open("/dev/ipl", O_RDONLY)) == -1) { + if ((fd = open("/dev/ipnat", O_RDONLY)) == -1) { se = errno; perror("open"); errno = se; @@ -115,6 +115,9 @@ char *argv[]; exit(-1); } + bzero(&nl, sizeof(nl)); + nl.nl_flags = IPN_TCP; + bzero(&sin, sizeof(sin)); sin.sin_family = AF_INET; sl = sizeof(sin); @@ -151,8 +154,8 @@ char *argv[]; exit(-1); } - sin.sin_port = nl.nl_inport; - sin.sin_addr = nl.nl_inip; + sin.sin_port = nl.nl_realport; + sin.sin_addr = nl.nl_realip; sl = sizeof(sin); fd = socket(AF_INET, SOCK_STREAM, 0); diff --git a/contrib/ipfilter/snoop.h b/contrib/ipfilter/snoop.h index df800ae..2f6c305 100644 --- a/contrib/ipfilter/snoop.h +++ b/contrib/ipfilter/snoop.h @@ -1,9 +1,7 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ #ifndef __SNOOP_H__ @@ -11,7 +9,7 @@ /* * written to comply with the RFC (1761) from Sun. - * $Id: snoop.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $ + * $Id: snoop.h,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $ */ struct snoophdr { char s_id[8]; diff --git a/contrib/ipfilter/solaris.c b/contrib/ipfilter/solaris.c index 1e82ec0..b526327 100644 --- a/contrib/ipfilter/solaris.c +++ b/contrib/ipfilter/solaris.c @@ -1,12 +1,10 @@ /* - * Copyright (C) 1993-2000 by Darren Reed. + * Copyright (C) 1993-2001 by Darren Reed. * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. + * See the IPFILTER.LICENCE file for details on licencing. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ -#pragma ident "@(#)$Id: solaris.c,v 2.15.2.8 2000/11/27 10:28:41 darrenr Exp $" +#pragma ident "@(#)$Id: solaris.c,v 2.15.2.20 2001/07/18 14:58:28 darrenr Exp $" #include <sys/systm.h> #include <sys/types.h> @@ -147,7 +145,7 @@ static struct modlinkage modlink1 = { MODREV_1, &iplmod, NULL }; static size_t hdrsizes[57][2] = { { 0, 0 }, { IFT_OTHER, 0 }, - { IFT_1822, 0 }, + { IFT_1822, 14 }, /* 14 for ire0 ?? */ { IFT_HDH1822, 0 }, { IFT_X25DDN, 0 }, { IFT_X25, 0 }, @@ -210,8 +208,6 @@ int _init() { int ipfinst; - if (fr_running < 0) - return -1; ipfinst = mod_install(&modlink1); #ifdef IPFDEBUG cmn_err(CE_NOTE, "IP Filter: _init() = %d", ipfinst); @@ -224,8 +220,6 @@ int _fini(void) { int ipfinst; - if (fr_running < 0) - return -1; ipfinst = mod_remove(&modlink1); #ifdef IPFDEBUG cmn_err(CE_NOTE, "IP Filter: _fini() = %d", ipfinst); @@ -239,8 +233,6 @@ struct modinfo *modinfop; { int ipfinst; - if (fr_running < 0) - return -1; ipfinst = mod_info(&modlink1, modinfop); #ifdef IPFDEBUG cmn_err(CE_NOTE, "IP Filter: _info(%x) = %x", modinfop, ipfinst); @@ -275,6 +267,31 @@ dev_info_t *dip; } +static void ipf_ire_walk(ire, arg) +ire_t *ire; +void *arg; +{ + qif_t *qif = arg; + + if ((ire->ire_type == IRE_CACHE) && +#if SOLARIS2 >= 6 + (ire->ire_ipif != NULL) && + (ire->ire_ipif->ipif_ill == qif->qf_ill) +#else + (ire_to_ill(ire) == qif->qf_ill) +#endif + ) { +#if SOLARIS2 >= 8 + mblk_t *m = ire->ire_fp_mp; +#else + mblk_t *m = ire->ire_ll_hdr_mp; +#endif + if (m != NULL) + qif->qf_hl = m->b_wptr - m->b_rptr; + } +} + + static int ipf_attach(dip, cmd) dev_info_t *dip; ddi_attach_cmd_t cmd; @@ -336,6 +353,14 @@ ddi_attach_cmd_t cmd; drv_usectohz(500000)); if (fr_running == 1) return DDI_SUCCESS; +#if SOLARIS2 >= 8 + case DDI_RESUME : + case DDI_PM_RESUME : + if (ipfr_timer_id == 0) + ipfr_timer_id = timeout(ipfr_slowtimer, NULL, + drv_usectohz(500000)); + return DDI_SUCCESS; +#endif default: return DDI_FAILURE; } @@ -403,6 +428,19 @@ ddi_detach_cmd_t cmd; cmn_err(CE_CONT, "%s detached\n", ipfilter_version); return (DDI_SUCCESS); } +#if SOLARIS2 >= 8 + case DDI_SUSPEND : + case DDI_PM_SUSPEND : + if (ipfr_timer_id != 0) { + untimeout(ipfr_timer_id); + ipfr_timer_id = 0; + } + if (synctimeoutid) { + untimeout(synctimeoutid); + synctimeoutid = 0; + } + return DDI_SUCCESS; +#endif default: return (DDI_FAILURE); } @@ -479,7 +517,7 @@ size_t off; m = m->b_cont; cmn_err(CE_CONT, " !IP %s:%d %d %p %p %p %d %p/%d %p/%d %p %d %d %p\n", - qif ? qif->qf_name : "?", out, qif->qf_hl, q, + qif ? qif->qf_name : "?", out, qif ? qif->qf_hl : -1, q, q ? q->q_ptr : NULL, q ? q->q_qinfo : NULL, mt->b_wptr - mt->b_rptr, m, MTYPE(m), mt, MTYPE(mt), m->b_rptr, m->b_wptr - m->b_rptr, off, ip); @@ -529,8 +567,8 @@ int out; { register mblk_t *m, *mt = *mp; register ip_t *ip; - size_t hlen, len, off, mlen, iphlen, plen; - int err, synced = 0, sap, p; + size_t hlen, len, off, off2, mlen, iphlen, plen, woff; + int err, synced = 0, sap, p, realigned = 0, multi = 0; u_char *bp; #if SOLARIS2 >= 8 ip6_t *ip6; @@ -556,8 +594,21 @@ tryagain: bp = (u_char *)ALIGN32(mt->b_rptr); if (MTYPE(mt) == M_PROTO || MTYPE(mt) == M_PCPROTO) { dl_unitdata_ind_t *dl = (dl_unitdata_ind_t *)bp; - if (dl->dl_primitive != DL_UNITDATA_IND && - dl->dl_primitive != DL_UNITDATA_REQ) { + if (dl->dl_primitive == DL_UNITDATA_IND) { + multi = dl->dl_group_address; + m = mt->b_cont; + /* + * This is a complete kludge to try and work around + * some bizarre packets which drop through into + * fr_donotip. + */ + if (m && multi && ((*((u_char *)m->b_rptr) == 0x0) && + ((*((u_char *)m->b_rptr + 2) == 0x45)))) { + ip = (ip_t *)(m->b_rptr + 2); + off = 2; + } else + off = 0; + } else if (dl->dl_primitive != DL_UNITDATA_REQ) { ip = (ip_t *)dl; if ((ip->ip_v == IPVERSION) && (ip->ip_hl == (sizeof(*ip) >> 2)) && @@ -584,19 +635,6 @@ tryagain: return 0; /* No data blocks */ } - /* - * This is a complete kludge to try and work around some bizarre - * packets which drop through into fr_donotip. - */ - if ((mt != m) && (MTYPE(mt) == M_PROTO || MTYPE(mt) == M_PCPROTO)) { - dl_unitdata_ind_t *dl = (dl_unitdata_ind_t *)bp; - if ((dl->dl_primitive == DL_UNITDATA_IND) && - (dl->dl_group_address == 1)) - if (((*((u_char *)m->b_rptr) == 0x0) && - ((*((u_char *)m->b_rptr + 2) == 0x45)))) - off += 2; - } - ip = (ip_t *)(m->b_rptr + off); /* MMM */ /* @@ -648,10 +686,13 @@ tryagain: ((char *)&tlen)[0] = ((char *)&ip6->ip6_plen)[0]; ((char *)&tlen)[1] = ((char *)&ip6->ip6_plen)[1]; plen = ntohs(tlen); - sap = IP6_DL_SAP; + if (!plen) + return -1; /* Jumbo gram */ + plen += sizeof(*ip6); } #endif else { + plen = 0; hlen = 0; sap = -1; } @@ -659,34 +700,77 @@ tryagain: /* * Ok, the IP header isn't on a 32bit aligned address so junk it. */ - if (((u_int)ip & 0x3) || (len < hlen) || (sap == -1)) { - mblk_t *m2; - u_char *s; + if (((u_long)ip & 0x3) || (plen > mlen) || (len < hlen) || + (sap == -1)) { + mblk_t *m1, *m2; + u_char *s, c; + int v; /* * Junk using pullupmsg - it's next to useless. */ fixalign: + if (off) + m->b_rptr -= off; + c = *(u_char *)ip; + c >>= 4; + if (c != 4 +#if SOLARIS2 >= 8 + && c != 6 +#endif + ) { + frstats[out].fr_notip++; + return (fr_flags & FF_BLOCKNONIP) ? -1 : 0; + } + + if (realigned) + return -1; + realigned = 1; + off2 = (size_t)((u_long)ip & 0x3); + if (off2) + off2 = 4 - off2; len = msgdsize(m); - m2 = allocb(len, BPRI_HI); + m2 = allocb(len + off2, BPRI_HI); if (m2 == NULL) { frstats[out].fr_pull[1]++; return -1; } + MTYPE(m2) = M_DATA; + if (m->b_rptr != (u_char *)ip) + m2->b_rptr += off2; m2->b_wptr = m2->b_rptr + len; - s = (u_char *)ip; - for (bp = m2->b_rptr; m; bp += len) { - len = m->b_wptr - s; - bcopy(m->b_rptr, bp, len); - m = m->b_cont; - if (m) - s = m->b_rptr; + m1 = m; + s = (u_char *)m->b_rptr; + for (bp = m2->b_rptr; m1 && (bp < m2->b_wptr); bp += len) { + len = MIN(m1->b_wptr - s, m2->b_wptr - bp); + bcopy(s, bp, len); + m1 = m1->b_cont; + if (m1) + s = m1->b_rptr; + } + + if (mt != m && mt->b_cont == m && !off) { + /* + * check if the buffer we're changing is chained in- + * between other buffers and unlink/relink as required. + */ + (void) unlinkb(mt); /* should return 'm' */ + m1 = unlinkb(m); + if (m1) + linkb(m2, m1); + freemsg(m); + linkb(mt, m2); + } else { + if (m == mt) { + m1 = unlinkb(mt); + if (m1) + linkb(m2, m1); + } + freemsg(mt); + *mp = m2; + mt = m2; } - *mp = m2; - MTYPE(m2) = M_DATA; - freemsg(mt); - mt = m2; frstats[out].fr_pull[0]++; synced = 1; @@ -714,7 +798,7 @@ fixalign: #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { - ip6->ip6_plen = plen; + ip6->ip6_plen = plen - sizeof(*ip6); } else { # endif __ipoff = (u_short)ip->ip_off; @@ -734,7 +818,7 @@ fixalign: if (( #if SOLARIS2 >= 8 - (sap == IP6_DL_SAP) && (mlen < iphlen + plen)) || + (sap == IP6_DL_SAP) && (mlen < plen)) || ((sap == 0) && #endif ((iphlen < hlen) || (iphlen > plen) || (mlen < plen)))) { @@ -744,7 +828,7 @@ fixalign: #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { - ip6->ip6_plen = htons(plen); + ip6->ip6_plen = htons(plen - sizeof(*ip6)); } else { # endif __ipoff = (u_short)ip->ip_off; @@ -790,15 +874,13 @@ fixalign: break; } + woff = 0; if (hlen > mlen) { hlen = mlen; -#if SOLARIS2 >= 8 - } else if (sap == IP6_DL_SAP) { - if (m->b_wptr - m->b_rptr > plen + hlen) - m->b_wptr = m->b_rptr + plen + hlen; -#endif - } else if (m->b_wptr - m->b_rptr > plen) - m->b_wptr = m->b_rptr + plen; + } else if (m->b_wptr - m->b_rptr > plen) { + woff = m->b_wptr - m->b_rptr - plen; + m->b_wptr -= woff; + } /* * If we don't have enough data in the mblk or we haven't yet copied @@ -806,7 +888,7 @@ fixalign: */ if ((hlen > len)) { if (!pullupmsg(m, (int)hlen)) { - cmn_err(CE_NOTE, "pullupmsg failed\n"); + cmn_err(CE_NOTE, "pullupmsg failed"); frstats[out].fr_pull[1]++; return -1; } @@ -818,8 +900,9 @@ fixalign: qif->qf_off = off; qif->qf_len = len; err = fr_check(ip, iphlen, qif->qf_ill, out, qif, mp); - if (err == 2) + if (err == 2) { goto fixalign; + } /* * Copy back the ip header data if it was changed, we haven't yet * freed the message and we aren't going to drop the packet. @@ -828,11 +911,12 @@ fixalign: */ if (*mp != NULL) { if (*mp == mt) { + m->b_wptr += woff; m->b_rptr -= off; #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { - ip6->ip6_plen = htons(plen); + ip6->ip6_plen = htons(plen - sizeof(*ip6)); } else { # endif __ipoff = (u_short)ip->ip_off; @@ -847,13 +931,37 @@ fixalign: #endif } else cmn_err(CE_NOTE, - "!IP Filter: *mp %p mt %p %s\n", *mp, mt, + "!IP Filter: *mp %p mt %p %s", *mp, mt, "mblk changed, cannot revert ip_len, ip_off"); } return err; } +/* + * Only called for M_IOCACK messages + */ +void fr_qif_update(qif, mp) +qif_t *qif; +mblk_t *mp; +{ + struct iocblk *iocp; + + if (!qif || !mp) + return; + iocp = (struct iocblk *)mp->b_rptr; + if (mp->b_cont && (iocp->ioc_cmd == DL_IOC_HDR_INFO)) { + mp = mp->b_cont; + if (MTYPE(mp) == M_PROTO && mp->b_cont) { + mp = mp->b_cont; + if (MTYPE(mp) == M_DATA) { + qif->qf_hl = mp->b_wptr - mp->b_rptr; + } + } + } +} + + int fr_qin(q, mb) queue_t *q; mblk_t *mb; @@ -863,6 +971,7 @@ mblk_t *mb; if (fr_running <= 0) { mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } @@ -871,6 +980,17 @@ mblk_t *mb; mblk_t *m1; m1 = copymsg(mb); + if (!m1) { + frstats[0].fr_drop++; + mb->b_next = NULL; + mb->b_prev = NULL; + freemsg(mb); + return 0; + } + m1->b_next = mb->b_next; + mb->b_next = NULL; + m1->b_prev = mb->b_prev; + mb->b_prev = NULL; freemsg(mb); mb = m1; frstats[0].fr_copy++; @@ -881,6 +1001,7 @@ again: if (fr_running <= 0) { RWLOCK_EXIT(&ipf_solaris); mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } @@ -925,17 +1046,21 @@ again: frstats[0].fr_drop++; RWLOCK_EXIT(&ipf_solaris); mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } - bcopy((char *)qif, (char *)&qf, sizeof(qf)); - qif = &qf; - type = MTYPE(mb); pnext = qif->qf_rqinfo->qi_putp; + type = MTYPE(mb); + if (type == M_IOCACK) + fr_qif_update(qif, mb); + else { + bcopy((char *)qif, (char *)&qf, sizeof(qf)); - if (datamsg(type) || (type == M_BREAK)) - err = fr_precheck(&mb, q, qif, 0); + if (datamsg(type) || (type == M_BREAK)) + err = fr_precheck(&mb, q, &qf, 0); + } RWLOCK_EXIT(&ipfs_mutex); RWLOCK_EXIT(&ipf_solaris); @@ -944,11 +1069,13 @@ again: if (pnext) return (*pnext)(q, mb); - cmn_err(CE_WARN, "!IP Filter: inp NULL: qif %x q %x info %x", - qif, q, q->q_qinfo); + cmn_err(CE_WARN, + "!IP Filter: inp NULL: qif %x %s q %x info %x", + &qf, qf.qf_name, q, q->q_qinfo); } if (mb) { mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); } return 0; @@ -964,14 +1091,32 @@ mblk_t *mb; if (fr_running <= 0) { mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } - if (mb->b_datap->db_ref > 1) { +#if SOLARIS2 >= 6 + if ((!dohwcksum || mb->b_ick_flag != ICK_VALID) && + (mb->b_datap->db_ref > 1)) +#else + if (mb->b_datap->db_ref > 1) +#endif + { mblk_t *m1; m1 = copymsg(mb); + if (!m1) { + frstats[1].fr_drop++; + mb->b_next = NULL; + mb->b_prev = NULL; + freemsg(mb); + return 0; + } + m1->b_next = mb->b_next; + mb->b_next = NULL; + m1->b_prev = mb->b_prev; + mb->b_prev = NULL; freemsg(mb); mb = m1; frstats[1].fr_copy++; @@ -982,6 +1127,7 @@ again: if (fr_running <= 0) { RWLOCK_EXIT(&ipf_solaris); mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } @@ -998,7 +1144,7 @@ again: synced = 1; goto again; } - /* fr_donotip(0, NULL, q, mb, mb, NULL, 0); */ + /* fr_donotip(1, NULL, q, mb, mb, NULL, 0); */ RWLOCK_EXIT(&ipf_solaris); return (*pnext)(q, mb); } @@ -1036,17 +1182,21 @@ again: frstats[1].fr_drop++; RWLOCK_EXIT(&ipf_solaris); mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } - bcopy((char *)qif, (char *)&qf, sizeof(qf)); - qif = &qf; - type = MTYPE(mb); pnext = qif->qf_wqinfo->qi_putp; + type = MTYPE(mb); + if (type == M_IOCACK) + fr_qif_update(qif, mb); + else { + bcopy((char *)qif, (char *)&qf, sizeof(qf)); - if (datamsg(type) || (type == M_BREAK)) - err = fr_precheck(&mb, q, qif, 1); + if (datamsg(type) || (type == M_BREAK)) + err = fr_precheck(&mb, q, &qf, 1); + } RWLOCK_EXIT(&ipfs_mutex); RWLOCK_EXIT(&ipf_solaris); @@ -1057,10 +1207,11 @@ again: cmn_err(CE_WARN, "!IP Filter: outp NULL: qif %x %s q %x info %x", - qif, qif->qf_name, q, q->q_qinfo); + &qf, qf.qf_name, q, q->q_qinfo); } if (mb) { mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); } return 0; @@ -1080,6 +1231,7 @@ void *arg; RWLOCK_EXIT(&ipf_solaris); } + static int ipf_ip_qin(q, mb) queue_t *q; mblk_t *mb; @@ -1089,6 +1241,7 @@ mblk_t *mb; if (fr_running <= 0) { mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } @@ -1100,18 +1253,24 @@ mblk_t *mb; if (fr_running <= 0) { RWLOCK_EXIT(&ipf_solaris); mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); return 0; } ioc = (struct iocblk *)mb->b_rptr; - switch (ioc->ioc_cmd) { + switch (ioc->ioc_cmd) + { + case DL_IOC_HDR_INFO: + fr_qif_update(qif_from_queue(q), mb); + break; case I_LINK: case I_UNLINK: case SIOCSIFADDR: case SIOCSIFFLAGS: #ifdef IPFDEBUG - cmn_err(CE_NOTE, "IP Filter: ipf_ip_qin() M_IOCTL type=0x%x\n", ioc->ioc_cmd); + cmn_err(CE_NOTE, "IP Filter: ipf_ip_qin() M_IOCTL type=0x%x", + ioc->ioc_cmd); #endif WRITE_ENTER(&ipfs_mutex); if (synctimeoutid == 0) { @@ -1135,7 +1294,7 @@ extern struct streamtab ipinfo; void solipdrvattach() { #ifdef IPFDEBUG - cmn_err(CE_NOTE, "IP Filter: solipdrvattach() %d ipinfo=0x%lx\n", + cmn_err(CE_NOTE, "IP Filter: solipdrvattach() %d ipinfo=0x%lx", ipdrvattcnt, &ipinfo); #endif @@ -1150,7 +1309,7 @@ void solipdrvattach() int solipdrvdetach() { #ifdef IPFDEBUG - cmn_err(CE_NOTE, "IP Filter: solipdrvdetach() %d ipinfo=0x%lx\n", + cmn_err(CE_NOTE, "IP Filter: solipdrvdetach() %d ipinfo=0x%lx", ipdrvattcnt, &ipinfo); #endif @@ -1212,7 +1371,7 @@ void solattach() KMALLOC(qif, qif_t *); if (!qif) { cmn_err(CE_WARN, - "IP Filter: malloc(%d) for qif_t failed\n", + "IP Filter: malloc(%d) for qif_t failed", sizeof(qif_t)); RWLOCK_EXIT(&ipfs_mutex); continue; @@ -1288,11 +1447,17 @@ void solattach() (hdrsizes[il->ill_type][0] == il->ill_type)) qif->qf_hl = hdrsizes[il->ill_type][1]; - if (qif->qf_hl == 0) + if (qif->qf_hl == 0 && il->ill_type != IFT_OTHER) cmn_err(CE_WARN, - "Unknown layer 2 header size for %s type %d\n", - qif->qf_name, il->ill_type); + "Unknown layer 2 header size for %s type %d", + il->ill_name, il->ill_type); } + + /* + * XXX Awful hack for PPP; fix when PPP/snoop fixed. + */ + if (il->ill_type == IFT_ETHER && !il->ill_bcast_addr_length) + qif->qf_hl = 0; #endif strncpy(qif->qf_name, il->ill_name, sizeof(qif->qf_name)); qif->qf_name[sizeof(qif->qf_name) - 1] = '\0'; @@ -1377,6 +1542,7 @@ void solattach() #endif out->q_qinfo = &qif->qf_wqinit; + ire_walk(ipf_ire_walk, (char *)qif); RWLOCK_EXIT(&ipfs_mutex); cmn_err(CE_CONT, "IP Filter: attach to [%s,%d] - %s\n", qif->qf_name, il->ill_ppa, @@ -1634,7 +1800,7 @@ frdest_t *fdp; * data, not the original, if and only if it is already pointing at * the current mblk data. */ - if (ip == (ip_t *)qf->qf_m->b_rptr && qf->qf_m != mb) + if ((ip == (ip_t *)qf->qf_m->b_rptr) && (qf->qf_m != mb)) ip = (ip_t *)mb->b_rptr; /* @@ -1646,6 +1812,7 @@ frdest_t *fdp; mp = (*mpp)->b_cont; (*mpp)->b_cont = NULL; (*mpp)->b_prev = NULL; + (*mpp)->b_next = NULL; freemsg(*mpp); *mpp = mp; } @@ -1666,7 +1833,7 @@ frdest_t *fdp; if (!ir) ir = (ire_t *)-1; - fd.fd_ifp = (struct ifnet *)ir; + fd.fd_ifp = (struct ifnet *)ir; fd.fd_ip = ip->ip_dst; fdp = &fd; } @@ -1715,6 +1882,7 @@ frdest_t *fdp; if (ifp == NULL) goto bad_fastroute; fr = fin->fin_fr; + /* * In case we're here due to "to <if>" being used with * "keep state", check that we're going in the correct @@ -1722,7 +1890,7 @@ frdest_t *fdp; */ if ((fr != NULL) && (fdp->fd_ifp != NULL) && (fin->fin_rev != 0) && (fdp == &fr->fr_tif)) - return -1; + return 1; fin->fin_ifp = ifp; if (fin->fin_out == 0) { @@ -1783,6 +1951,7 @@ frdest_t *fdp; q = WR(ir->ire_rfq); if (q) { mb->b_prev = NULL; + mb->b_next = NULL; mb->b_queue = q; RWLOCK_EXIT(&ipfs_mutex); RWLOCK_EXIT(&ipf_solaris); @@ -1804,13 +1973,16 @@ frdest_t *fdp; READ_ENTER(&ipf_solaris); READ_ENTER(&ipfs_mutex); ipl_frouteok[0]++; + *mpp = NULL; return 0; } } bad_fastroute: mb->b_prev = NULL; + mb->b_next = NULL; freemsg(mb); ipl_frouteok[1]++; + *mpp = NULL; return -1; } diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile index 0726cdd..385c1de 100644 --- a/contrib/ipfilter/test/Makefile +++ b/contrib/ipfilter/test/Makefile @@ -15,7 +15,7 @@ first: -mkdir -p results # Filtering tests -ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 +ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 # Rule parsing tests ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 @@ -28,7 +28,7 @@ ntests: n1 n2 n3 n4 n5 n6 n7 f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f14: @/bin/sh ./dotest $@ -f12: +f12 f13: @/bin/sh ./hextest $@ i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11: @@ -38,6 +38,6 @@ n1 n2 n3 n4 n5 n6 n7: @/bin/sh ./nattest $@ clean: - /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14 results/* + /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 results/* /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 /bin/rm -f n1 n2 n3 n4 n5 n6 n7 diff --git a/contrib/ipfilter/test/expected/i7 b/contrib/ipfilter/test/expected/i7 index d1b7978..db9cd01 100644 --- a/contrib/ipfilter/test/expected/i7 +++ b/contrib/ipfilter/test/expected/i7 @@ -1,4 +1,4 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 flags S/SA -block in on lo0(!) proto tcp from any to any flags A/0xbf +block in on lo0(!) proto tcp from any to any flags A/FSRPAUC pass in on lo0(!) proto tcp from any to any flags /SPA -block in on lo0(!) proto tcp from any to any flags 0x80/A +block in on lo0(!) proto tcp from any to any flags C/A diff --git a/contrib/ipfilter/test/input/f13 b/contrib/ipfilter/test/input/f13 index 56ec16d..b90d6ba 100644 --- a/contrib/ipfilter/test/input/f13 +++ b/contrib/ipfilter/test/input/f13 @@ -33,6 +33,10 @@ 45 00 001c 0008 2000 3f 11 0000 01010101 02010101 0035003500040000 +# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0 (short) +45 00 0018 0008 2000 3f 11 0000 01010101 02010101 +00350036 + # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP FO=1 45 00 001c 0008 0001 3f 11 0000 01010101 02010101 0000000000000000 |
