diff options
Diffstat (limited to 'contrib/ipfilter/ipt.c')
| -rw-r--r-- | contrib/ipfilter/ipt.c | 86 |
1 files changed, 57 insertions, 29 deletions
diff --git a/contrib/ipfilter/ipt.c b/contrib/ipfilter/ipt.c index adf0f91..c87b5b2 100644 --- a/contrib/ipfilter/ipt.c +++ b/contrib/ipfilter/ipt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1993-1997 by Darren Reed. + * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given @@ -48,12 +48,14 @@ #include "ip_compat.h" #include <netinet/tcpip.h> #include "ip_fil.h" +#include "ip_nat.h" +#include "ip_state.h" #include "ipf.h" #include "ipt.h" #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipt.c,v 2.0.2.12.2.1 1997/11/12 10:58:10 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipt.c,v 2.1 1999/08/04 17:30:08 darrenr Exp $"; #endif extern char *optarg; @@ -61,6 +63,7 @@ extern struct frentry *ipfilter[2][2]; extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex; extern struct ifnet *get_unit __P((char *)); extern void init_ifp __P((void)); +extern ipnat_t *natparse __P((char *, int)); int opts = 0; int main __P((int, char *[])); @@ -70,13 +73,13 @@ int argc; char *argv[]; { struct ipread *r = &iptext; - u_long buf[64]; + u_long buf[2048]; struct ifnet *ifp; char *rules = NULL, *datain = NULL, *iface = NULL; ip_t *ip; int fd, i, dir = 0, c; - while ((c = getopt(argc, argv, "bdEHi:I:oPr:STvX")) != -1) + while ((c = getopt(argc, argv, "bdEHi:I:NoPr:STvX")) != -1) switch (c) { case 'b' : @@ -106,6 +109,9 @@ char *argv[]; case 'H' : r = &iphex; break; + case 'N' : + opts |= OPT_NAT; + break; case 'P' : r = &pcap; break; @@ -125,12 +131,15 @@ char *argv[]; exit(-1); } + nat_init(); + fr_stateinit(); initparse(); if (rules) { - struct frentry *fr; char line[513], *s; + void *fr; FILE *fp; + int linenum = 0; if (!strcmp(rules, "-")) fp = stdin; @@ -141,6 +150,7 @@ char *argv[]; if (!(opts & OPT_BRIEF)) (void)printf("opening rule file \"%s\"\n", rules); while (fgets(line, sizeof(line)-1, fp)) { + linenum++; /* * treat both CR and LF as EOL */ @@ -157,14 +167,27 @@ char *argv[]; if (!*line) continue; - if (!(fr = parse(line))) - continue; /* fake an `ioctl' call :) */ - i = IPL_EXTERN(ioctl)(0, SIOCADDFR, (caddr_t)fr, FWRITE|FREAD); - if (opts & OPT_DEBUG) - fprintf(stderr, - "iplioctl(SIOCADDFR,%p,1) = %d\n", - fr, i); + + if ((opts & OPT_NAT) != 0) { + if (!(fr = natparse(line, linenum))) + continue; + i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT, + fr, FWRITE|FREAD); + if (opts & OPT_DEBUG) + fprintf(stderr, + "iplioctl(ADNAT,%p,1) = %d\n", + fr, i); + } else { + if (!(fr = parse(line, linenum))) + continue; + i = IPL_EXTERN(ioctl)(0, SIOCADDFR, fr, + FWRITE|FREAD); + if (opts & OPT_DEBUG) + fprintf(stderr, + "iplioctl(ADDFR,%p,1) = %d\n", + fr, i); + } } (void)fclose(fp); } @@ -186,26 +209,30 @@ char *argv[]; ifp = iface ? get_unit(iface) : NULL; ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - switch (fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf)) - { - case -2 : - (void)printf("auth"); - break; - case -1 : - (void)printf("block"); - break; - case 0 : - (void)printf("pass"); - break; - case 1 : - (void)printf("nomatch"); - break; - } + i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf); + if ((opts & OPT_NAT) == 0) + switch (i) + { + case -2 : + (void)printf("auth"); + break; + case -1 : + (void)printf("block"); + break; + case 0 : + (void)printf("pass"); + break; + case 1 : + (void)printf("nomatch"); + break; + } + if (!(opts & OPT_BRIEF)) { putchar(' '); printpacket((ip_t *)buf); printf("--------------"); - } + } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF)) + printpacket((ip_t *)buf); #ifndef linux if (dir && ifp && ip->ip_v) # ifdef __sgi @@ -214,7 +241,8 @@ char *argv[]; (*ifp->if_output)(ifp, (void *)buf, NULL, 0); # endif #endif - putchar('\n'); + if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF)) + putchar('\n'); dir = 0; } (*r->r_close)(); |
