diff options
Diffstat (limited to 'contrib/ipfilter/tools')
-rw-r--r-- | contrib/ipfilter/tools/ipf.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipf_y.y | 59 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfcomp.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfs.c | 55 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfstat.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipftest.c | 6 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipmon.c | 56 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipnat_y.y | 63 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipsyncm.c | 9 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipsyncs.c | 18 | ||||
-rw-r--r-- | contrib/ipfilter/tools/lexer.c | 2 |
11 files changed, 188 insertions, 92 deletions
diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index 2454124..8e352a9 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -19,7 +19,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.4 2006/03/17 11:48:08 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) @@ -196,7 +196,7 @@ static void closedevice() static int get_flags() { - int i; + int i = 0; if ((opendevice(ipfname, 1) != -2) && (ioctl(fd, SIOCGETFF, &i) == -1)) { diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index a65a2e2..d03887c 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -79,6 +79,10 @@ static struct wordtab logwords[33]; union i6addr m; } ipp; union i6addr ip6; + struct { + char *if1; + char *if2; + } ifs; }; %type <port> portnum @@ -91,6 +95,7 @@ static struct wordtab logwords[33]; %type <str> servicename name interfacename %type <pc> portrange portcomp %type <alist> addrlist poollist +%type <ifs> onname %token <num> YY_NUMBER YY_HEX %token <str> YY_STR @@ -99,7 +104,7 @@ static struct wordtab logwords[33]; %token YY_RANGE_OUT YY_RANGE_IN %token <ip6> YY_IPV6 -%token IPFY_PASS IPFY_BLOCK IPFY_COUNT IPFY_CALL +%token IPFY_PASS IPFY_BLOCK IPFY_COUNT IPFY_CALL IPFY_NOMATCH %token IPFY_RETICMP IPFY_RETRST IPFY_RETICMPASDST %token IPFY_IN IPFY_OUT %token IPFY_QUICK IPFY_ON IPFY_OUTVIA IPFY_INVIA @@ -176,7 +181,7 @@ line: xx rule { while ((fr = frtop) != NULL) { | YY_COMMENT ; -xx: { newrule(); } +xx: { newrule(); } ; assign: YY_STR assigning YY_STR ';' { set_variable($1, $3); @@ -255,6 +260,7 @@ collection: action: block | IPFY_PASS { fr->fr_flags |= FR_PASS; } + | IPFY_NOMATCH { fr->fr_flags |= FR_NOMATCH; } | log | IPFY_COUNT { fr->fr_flags |= FR_ACCOUNT; } | auth @@ -284,7 +290,7 @@ log: IPFY_LOG { fr->fr_flags |= FR_LOG; } ; auth: IPFY_AUTH { fr->fr_flags |= FR_AUTH; } - | IPFY_AUTH IPFY_RETRST { fr->fr_flags |= (FR_AUTH|FR_RETRST);} + | IPFY_AUTH blockreturn { fr->fr_flags |= FR_AUTH;} | IPFY_PREAUTH { fr->fr_flags |= FR_PREAUTH; } ; @@ -465,18 +471,41 @@ quick: ; on: IPFY_ON onname + | IPFY_ON lstart onlist lend | IPFY_ON onname IPFY_INVIA vianame | IPFY_ON onname IPFY_OUTVIA vianame ; +onlist: onname { DOREM(strncpy(fr->fr_ifnames[0], $1.if1, \ + sizeof(fr->fr_ifnames[0])); \ + if ($1.if2 != NULL) { \ + strncpy(fr->fr_ifnames[1], \ + $1.if2, \ + sizeof(fr->fr_ifnames[1]));\ + } \ + ) } + | onlist lmore onname { DOREM(strncpy(fr->fr_ifnames[0], $3.if1, \ + sizeof(fr->fr_ifnames[0])); \ + if ($3.if2 != NULL) { \ + strncpy(fr->fr_ifnames[1], \ + $3.if2, \ + sizeof(fr->fr_ifnames[1]));\ + } \ + ) } + ; + onname: interfacename { strncpy(fr->fr_ifnames[0], $1, sizeof(fr->fr_ifnames[0])); + $$.if1 = fr->fr_ifnames[0]; + $$.if2 = NULL; free($1); } | interfacename ',' interfacename { strncpy(fr->fr_ifnames[0], $1, sizeof(fr->fr_ifnames[0])); + $$.if1 = fr->fr_ifnames[0]; free($1); strncpy(fr->fr_ifnames[1], $3, sizeof(fr->fr_ifnames[1])); + $$.if1 = fr->fr_ifnames[1]; free($3); } ; @@ -1025,7 +1054,8 @@ codelist: icmpcode { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) } | codelist lmore icmpcode - { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } + { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); \ + fr->fr_icmpm |= htons(0xff);) } ; age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ @@ -1085,7 +1115,11 @@ stateopt: | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) } | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) } - age; + | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ + fr->fr_age[1] = $2;) } + | IPFY_AGE YY_NUMBER '/' YY_NUMBER + { DOALL(fr->fr_age[0] = $2; \ + fr->fr_age[1] = $4;) } ; portnum: @@ -1443,6 +1477,7 @@ static struct wordtab ipfwords[95] = { { "newisn", IPFY_NEWISN }, { "no", IPFY_NO }, { "no-icmp-err", IPFY_NOICMPERR }, + { "nomatch", IPFY_NOMATCH }, { "now", IPFY_NOW }, { "not", IPFY_NOT }, { "oow", IPFY_OOW }, @@ -1751,18 +1786,6 @@ static frentry_t *addrule() ; count = nrules; - if (count == 0) { - f = (frentry_t *)calloc(sizeof(*f), 1); - added++; - f2->fr_next = f; - bcopy(f2, f, sizeof(*f)); - if (f2->fr_caddr != NULL) { - f->fr_caddr = malloc(f->fr_dsize); - bcopy(f2->fr_caddr, f->fr_caddr, f->fr_dsize); - } - f->fr_next = NULL; - return f; - } f = f2; for (f1 = frc; count > 0; count--, f1 = f1->fr_next) { f->fr_next = (frentry_t *)calloc(sizeof(*f), 1); @@ -2033,7 +2056,7 @@ void *ptr; del = SIOCRMAFR; } - if (fr && (opts & OPT_OUTQUE)) + if ((opts & OPT_OUTQUE) != 0) fr->fr_flags |= FR_OUTQUE; if (fr->fr_hits) fr->fr_hits--; diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index f09bfd3..0362877 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -5,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.3 2006/03/17 22:31:57 darrenr Exp $"; #endif #include "ipf.h" @@ -1222,7 +1222,7 @@ frgroup_t *grp; char *instr; group = grp->fg_name; - dogrp = 0; + dogrp = *group ? 1 : 0; if (in && out) { fprintf(stderr, diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c index 767dffb..4479d19 100644 --- a/contrib/ipfilter/tools/ipfs.c +++ b/contrib/ipfilter/tools/ipfs.c @@ -458,21 +458,19 @@ char *file; i = read(sfd, &ips, sizeof(ips)); if (i == -1) { perror("read"); - close(sfd); - return 1; + goto freeipshead; } if (i == 0) break; if (i != sizeof(ips)) { fprintf(stderr, "state:incomplete read: %d != %d\n", i, (int)sizeof(ips)); - close(sfd); - return 1; + goto freeipshead; } is = (ipstate_save_t *)malloc(sizeof(*is)); - if(!is) { + if (is == NULL) { fprintf(stderr, "malloc failed\n"); - return 1; + goto freeipshead; } bcopy((char *)&ips, (char *)is, sizeof(ips)); @@ -510,7 +508,7 @@ char *file; obj.ipfo_size = sizeof(*is); obj.ipfo_type = IPFOBJ_STATESAVE; - for (is = ipshead; is; is = is->ips_next) { + while ((is = ipshead) != NULL) { if (opts & OPT_VERBOSE) printf("Loading new state table entry\n"); if (is->ips_is.is_flags & SI_NEWFR) { @@ -522,7 +520,7 @@ char *file; if (!(opts & OPT_DONOTHING)) if (ioctl(fd, SIOCSTPUT, &obj)) { perror("SIOCSTPUT"); - return 1; + goto freeipshead; } if (is->ips_is.is_flags & SI_NEWFR) { @@ -532,9 +530,21 @@ char *file; if (is1->ips_rule == (frentry_t *)&is->ips_rule) is1->ips_rule = is->ips_rule; } + + ipshead = is->ips_next; + free(is); } return 0; + +freeipshead: + while ((is = ipshead) != NULL) { + ipshead = is->ips_next; + free(is); + } + if (sfd != -1) + close(sfd); + return 1; } @@ -573,21 +583,21 @@ char *file; i = read(nfd, &ipn, sizeof(ipn)); if (i == -1) { perror("read"); - close(nfd); - return 1; + goto freenathead; } if (i == 0) break; if (i != sizeof(ipn)) { fprintf(stderr, "nat:incomplete read: %d != %d\n", i, (int)sizeof(ipn)); - close(nfd); - return 1; + goto freenathead; } in = (nat_save_t *)malloc(ipn.ipn_dsize); - if (!in) - break; + if (in == NULL) { + fprintf(stderr, "nat:cannot malloc nat save atruct\n"); + goto freenathead; + } if (ipn.ipn_dsize > sizeof(ipn)) { n = ipn.ipn_dsize - sizeof(ipn); @@ -600,8 +610,7 @@ char *file; fprintf(stderr, "nat:incomplete read: %d != %d\n", i, n); - close(nfd); - return 1; + goto freenathead; } } } @@ -643,7 +652,7 @@ char *file; obj.ipfo_rev = IPFILTER_VERSION; obj.ipfo_type = IPFOBJ_NATSAVE; - for (in = ipnhead; in; in = in->ipn_next) { + while ((in = ipnhead) != NULL) { if (opts & OPT_VERBOSE) printf("Loading new NAT table entry\n"); nat = &in->ipn_nat; @@ -668,9 +677,21 @@ char *file; if (in1->ipn_rule == &in->ipn_fr) in1->ipn_rule = nat->nat_fr; } + + ipnhead = in->ipn_next; + free(in); } return 0; + +freenathead: + while ((in = ipnhead) != NULL) { + ipnhead = in->ipn_next; + free(in); + } + if (nfd != -1) + close(nfd); + return 1; } diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index fb0c433..5745f13 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -68,7 +68,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.13 2005/10/17 17:26:32 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.14 2006/03/21 16:09:58 darrenr Exp $"; #endif #ifdef __hpux @@ -923,8 +923,6 @@ ips_stat_t *ipsp; ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp); PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits, ipsp->iss_miss); - PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu max bucket\n", - ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_bucketfull); PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu bkts in use\n", ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_inuse); PRINTF("\t%lu active\n\t%lu expired\n\t%lu closed\n", diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index 913f756..ec78d0d 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -10,7 +10,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.7 2005/12/07 08:29:19 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.9 2006/03/29 11:21:13 darrenr Exp $"; #endif extern char *optarg; @@ -210,7 +210,7 @@ char *argv[]; ip = MTOD(m, ip_t *); while ((i = (*r->r_readip)(MTOD(m, char *), sizeof(m->mb_buf), &iface, &dir)) > 0) { - if (iface == NULL || *iface == '\0') + if ((iface == NULL) || (*iface == '\0')) iface = ifname; ifp = get_unit(iface, IP_V(ip)); if (!use_inet6) { @@ -797,6 +797,6 @@ ip_t *ip; } if (hdr != NULL) { *csump = 0; - *(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr); + *(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr, ip->ip_len); } } diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index 1ef3351..58a4390 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -76,7 +76,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.15 2006/03/18 06:59:39 darrenr Exp $"; #endif @@ -189,6 +189,7 @@ static char *conf_file = NULL; #ifndef LOGFAC #define LOGFAC LOG_LOCAL0 #endif +int logfac = LOGFAC; static icmp_subtype_t icmpunreachnames[] = { @@ -648,10 +649,10 @@ int len; if (j && !(j & 0xf)) { *t++ = '\n'; *t = '\0'; - if (!(dopts & OPT_SYSLOG)) - fputs(hline, log); - else + if ((dopts & OPT_SYSLOG)) syslog(LOG_INFO, "%s", hline); + else if (log != NULL) + fputs(hline, log); t = (u_char *)hline; *t = '\0'; } @@ -684,11 +685,12 @@ int len; *t++ = '\n'; *t = '\0'; } - if (!(dopts & OPT_SYSLOG)) { + if ((dopts & OPT_SYSLOG) != 0) + syslog(LOG_INFO, "%s", hline); + else if (log != NULL) { fputs(hline, log); fflush(log); - } else - syslog(LOG_INFO, "%s", hline); + } } @@ -782,7 +784,7 @@ int blen; *t++ = '\0'; if (opts & OPT_SYSLOG) syslog(LOG_INFO, "%s", line); - else + else if (log != NULL) (void) fprintf(log, "%s", line); } @@ -899,7 +901,7 @@ int blen; *t++ = '\0'; if (opts & OPT_SYSLOG) syslog(LOG_INFO, "%s", line); - else + else if (log != NULL) (void) fprintf(log, "%s", line); } @@ -1030,12 +1032,7 @@ int blen; (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); t += strlen(t); #endif -#if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \ - defined(__arm__) - if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0')) -#else - if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0')) -#endif + if ((ipf->fl_group[0] == (char)~0) && (ipf->fl_group[1] == '\0')) strcat(t, " @-1:"); else if (ipf->fl_group[0] == '\0') (void) strcpy(t, " @0:"); @@ -1305,8 +1302,9 @@ printipflog: if (defaction == 0) { if (opts & OPT_SYSLOG) syslog(lvl, "%s", line); - else + else if (log != NULL) (void) fprintf(log, "%s", line); + if (opts & OPT_HEXHDR) dumphex(log, opts, buf, sizeof(iplog_t) + sizeof(*ipf)); @@ -1369,11 +1367,12 @@ FILE *log; (void) close(fd); if (flushed) { - if (opts & OPT_SYSLOG) + if (opts & OPT_SYSLOG) { syslog(LOG_INFO, "%d bytes flushed from log\n", flushed); - else if (log != stdout) + } else if ((log != stdout) && (log != NULL)) { fprintf(log, "%d bytes flushed from log\n", flushed); + } } } @@ -1431,7 +1430,8 @@ char *argv[]; iplfile[1] = IPNAT_NAME; iplfile[2] = IPSTATE_NAME; - while ((c = getopt(argc, argv, "?abB:C:Df:FhnN:o:O:pP:sS:tvxX")) != -1) + while ((c = getopt(argc, argv, + "?abB:C:Df:FhL:nN:o:O:pP:sS:tvxX")) != -1) switch (c) { case 'a' : @@ -1463,6 +1463,15 @@ char *argv[]; flushlogs(iplfile[1], log); flushlogs(iplfile[2], log); break; + case 'L' : + logfac = fac_findname(optarg); + if (logfac == -1) { + fprintf(stderr, + "Unknown syslog facility '%s'\n", + optarg); + exit(1); + } + break; case 'n' : opts |= OPT_RESOLVE; break; @@ -1493,7 +1502,7 @@ char *argv[]; s = argv[0]; else s++; - openlog(s, LOG_NDELAY|LOG_PID, LOGFAC); + openlog(s, LOG_NDELAY|LOG_PID, logfac); s = NULL; opts |= OPT_SYSLOG; log = NULL; @@ -1588,8 +1597,8 @@ char *argv[]; #endif /* !BSD */ close(0); close(1); + write_pid(pidfile); } - write_pid(pidfile); signal(SIGHUP, handlehup); @@ -1625,7 +1634,8 @@ char *argv[]; fclose(log); log = fp; } - if (binarylogfile && (fp = fopen(binarylogfile, "a"))) { + if (binarylogfile && + (fp = fopen(binarylogfile, "a"))) { fclose(binarylog); binarylog = fp; } @@ -1647,7 +1657,7 @@ char *argv[]; case 1 : if (opts & OPT_SYSLOG) syslog(LOG_CRIT, "aborting logging\n"); - else + else if (log != NULL) fprintf(log, "aborting logging\n"); doread = 0; break; diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index ddd4311..095b294 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -52,6 +52,7 @@ static ipnat_t *nat = NULL; static int natfd = -1; static ioctlfunc_t natioctlfunc = NULL; static addfunc_t nataddfunc = NULL; +static int suggest_port = 0; static void newnatrule __P((void)); static void setnatproto __P((int)); @@ -170,6 +171,9 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); + if ((suggest_port == 1) && + (nat->in_flags & IPN_TCPUDP) == 0) + nat->in_flags |= IPN_TCPUDP; if ((nat->in_flags & IPN_TCPUDP) == 0) setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || @@ -184,6 +188,9 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); + if ((suggest_port == 1) && + (nat->in_flags & IPN_TCPUDP) == 0) + nat->in_flags |= IPN_TCPUDP; if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -222,7 +229,7 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions (nat->in_pmin != 0 || nat->in_pmax != 0 || nat->in_pnext != 0)) - setnatproto(IPPROTO_TCP); + setnatproto(IPPROTO_TCP); } | rdrit ifnames rdrfrom IPNY_TLATE dip nport setproto rdroptions { nat->in_v = 4; @@ -232,6 +239,9 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions nat->in_pmax != 0 || nat->in_pnext != 0)) setnatproto(IPPROTO_TCP); + if ((suggest_port == 1) && + (nat->in_flags & IPN_TCPUDP) == 0) + nat->in_flags |= IPN_TCPUDP; if (nat->in_ifnames[1][0] == '\0') strncpy(nat->in_ifnames[1], nat->in_ifnames[0], @@ -246,9 +256,19 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); } + | rdrit ifnames rdrfrom IPNY_TLATE dip setproto rdroptions + { nat->in_v = 4; + if ((suggest_port == 1) && + (nat->in_flags & IPN_TCPUDP) == 0) + nat->in_flags |= IPN_TCPUDP; + if (nat->in_ifnames[1][0] == '\0') + strncpy(nat->in_ifnames[1], + nat->in_ifnames[0], + sizeof(nat->in_ifnames[0])); + } ; -proxy: | IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto +proxy: | IPNY_PROXY port portspec YY_STR '/' proto { strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel)); if (nat->in_dcmp == 0) { nat->in_dport = htons($3); @@ -258,7 +278,7 @@ proxy: | IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto setnatproto($6); free($4); } - | IPNY_PROXY IPNY_PORT YY_STR YY_STR '/' proto + | IPNY_PROXY port YY_STR YY_STR '/' proto { int pnum; strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel)); pnum = getportproto($3, $6); @@ -310,6 +330,9 @@ dip: nat->in_inmsk = $3.s_addr; } ; +port: IPNY_PORT { suggest_port = 1; } + ; + portspec: YY_NUMBER { if ($1 > 65535) /* Unsigned */ yyerror("invalid port number"); @@ -322,16 +345,16 @@ portspec: } ; -dport: | IPNY_PORT portspec { nat->in_pmin = htons($2); +dport: | port portspec { nat->in_pmin = htons($2); nat->in_pmax = htons($2); } - | IPNY_PORT portspec '-' portspec { nat->in_pmin = htons($2); + | port portspec '-' portspec { nat->in_pmin = htons($2); nat->in_pmax = htons($4); } - | IPNY_PORT portspec ':' portspec { nat->in_pmin = htons($2); + | port portspec ':' portspec { nat->in_pmin = htons($2); nat->in_pmax = htons($4); } ; -nport: IPNY_PORT portspec { nat->in_pnext = htons($2); } - | IPNY_PORT '=' portspec { nat->in_pnext = htons($3); +nport: port portspec { nat->in_pnext = htons($2); } + | port '=' portspec { nat->in_pnext = htons($3); nat->in_flags |= IPN_FIXEDDPORT; } ; @@ -355,12 +378,16 @@ mapfrom: from sobject IPNY_TO dobject | from sobject '!' IPNY_TO dobject { nat->in_flags |= IPN_NOTDST; } + | from sobject IPNY_TO '!' dobject + { nat->in_flags |= IPN_NOTDST; } ; rdrfrom: from sobject IPNY_TO dobject | '!' from sobject IPNY_TO dobject { nat->in_flags |= IPN_NOTSRC; } + | from '!' sobject IPNY_TO dobject + { nat->in_flags |= IPN_NOTSRC; } ; from: IPNY_FROM { nat->in_flags |= IPN_FILTER; } @@ -413,7 +440,7 @@ mapport: sobject: saddr - | saddr IPNY_PORT portstuff { nat->in_sport = $3.p1; + | saddr port portstuff { nat->in_sport = $3.p1; nat->in_stop = $3.p2; nat->in_scmp = $3.pc; } ; @@ -430,7 +457,7 @@ saddr: addr { if (nat->in_redir == NAT_REDIRECT) { dobject: daddr - | daddr IPNY_PORT portstuff { nat->in_dport = $3.p1; + | daddr port portstuff { nat->in_dport = $3.p1; nat->in_dtop = $3.p2; nat->in_dcmp = $3.pc; if (nat->in_redir == NAT_REDIRECT) @@ -535,10 +562,18 @@ rdrproxy: } ; -proto: YY_NUMBER { $$ = $1; } +proto: YY_NUMBER { $$ = $1; + if ($$ != IPPROTO_TCP && + $$ != IPPROTO_UDP) + suggest_port = 0; + } | IPNY_TCP { $$ = IPPROTO_TCP; } | IPNY_UDP { $$ = IPPROTO_UDP; } - | YY_STR { $$ = getproto($1); free($1); } + | YY_STR { $$ = getproto($1); free($1); + if ($$ != IPPROTO_TCP && + $$ != IPPROTO_UDP) + suggest_port = 0; + } ; hexnumber: @@ -706,6 +741,8 @@ static void newnatrule() nat->in_next = n; nat = n; } + + suggest_port = 0; } @@ -782,7 +819,7 @@ void *ptr; del = SIOCRMNAT; } - if (ipn && (opts & OPT_VERBOSE)) + if ((opts & OPT_VERBOSE) != 0) printnat(ipn, opts); if (opts & OPT_DEBUG) diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index 8a87974..abc48fe 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -5,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.4 2006/03/27 02:09:46 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/time.h> @@ -20,7 +20,7 @@ static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 da #include <stdlib.h> #include <fcntl.h> #include <unistd.h> -#include <strings.h> +#include <string.h> #include <syslog.h> #include <signal.h> @@ -32,6 +32,7 @@ static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 da int main __P((int, char *[])); +void usage __P((const char *)); int terminate = 0; @@ -39,10 +40,12 @@ void usage(const char *progname) { fprintf(stderr, "Usage: %s <destination IP> <destination port>\n", progname); } +#if 0 static void handleterm(int sig) { terminate = sig; } +#endif /* should be large enough to hold header + any datatype */ @@ -115,7 +118,7 @@ char *argv[]; goto tryagain; } - syslog(LOG_INFO, "Established connection to %s", + syslog(LOG_INFO, "Sending data to %s", inet_ntoa(sin.sin_addr)); inbuf = 0; diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index 29c63af..0d95a9d 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -5,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.3 2006/03/27 02:09:47 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/time.h> @@ -19,7 +19,7 @@ static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 da #include <stdio.h> #include <stdlib.h> #include <fcntl.h> -#include <strings.h> +#include <string.h> #include <unistd.h> #include <syslog.h> #include <errno.h> @@ -32,6 +32,7 @@ static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 da #include "netinet/ip_sync.h" int main __P((int, char *[])); +void usage __P((const char *progname)); int terminate = 0; @@ -41,11 +42,12 @@ void usage(const char *progname) { progname); } +#if 0 static void handleterm(int sig) { terminate = sig; - } +#endif #define BUFFERLEN 1400 @@ -130,8 +132,7 @@ char *argv[]; goto tryagain; } - syslog(LOG_INFO, "Established connection to %s", - inet_ntoa(sin.sin_addr)); + syslog(LOG_INFO, "Listening to %s", inet_ntoa(sin.sin_addr)); inbuf = 0; while (1) { @@ -223,14 +224,15 @@ moreinbuf: n2 = sizeof(*sh) + len; n3 = write(lfd, buff, n2); if (n3 <= 0) { - syslog(LOG_ERR, "Write error: %m"); + syslog(LOG_ERR, "%s: Write error: %m", + IPSYNC_NAME); goto tryagain; } if (n3 != n2) { - syslog(LOG_ERR, "Incomplete write (%d/%d)", - n3, n2); + syslog(LOG_ERR, "%s: Incomplete write (%d/%d)", + IPSYNC_NAME, n3, n2); goto tryagain; } diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index 66de8fc..49eeb51 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -170,6 +170,8 @@ nextchar: switch (c) { case '\n' : + lnext = 0; + nokey = 0; case '\t' : case '\r' : case ' ' : |