diff options
Diffstat (limited to 'contrib')
119 files changed, 1788 insertions, 1036 deletions
diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile index 4b45a0a..9b4673e 100644 --- a/contrib/ipfilter/Makefile +++ b/contrib/ipfilter/Makefile @@ -188,7 +188,7 @@ freebsd22: include fi make freebsd20 -freebsd5 freebsd6: include +freebsd5 freebsd6 freebsd7: include if [ x$(INET6) = x ] ; then \ echo "#undef INET6" > opt_inet6.h; \ else \ @@ -230,6 +230,15 @@ freebsd3 freebsd30: include netbsd: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" + @if [ ! -d /sys -o ! -d /sys/arch ] ; then \ + echo "*****************************************************"; \ + echo "* *"; \ + echo "* Please extract source code to create /sys and *";\ + echo "* /sys/arch and run 'config GENERIC' *"; \ + echo "* *"; \ + echo "*****************************************************"; \ + exit 1; \ + fi (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..) (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..) diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c index 9291163..d75570e 100644 --- a/contrib/ipfilter/bpf_filter.c +++ b/contrib/ipfilter/bpf_filter.c @@ -42,7 +42,7 @@ #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL)) static const char rcsid[] = - "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.2 2005/12/30 12:57:28 darrenr Exp $ (LBL)"; + "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.3 2006/10/03 11:25:56 darrenr Exp $ (LBL)"; #endif #include <sys/param.h> @@ -195,7 +195,8 @@ bpf_filter(pc, p, wirelen, buflen) register int k; int32 mem[BPF_MEMWORDS]; mb_t *m, *n; - int merr, len; + int merr = 0; /* XXX: GCC */ + int len; if (buflen == 0) { m = (mb_t *)p; diff --git a/contrib/ipfilter/ip_fil.c b/contrib/ipfilter/ip_fil.c index 2bb4f5a..45bbf94 100644 --- a/contrib/ipfilter/ip_fil.c +++ b/contrib/ipfilter/ip_fil.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.11 2006/03/25 11:15:30 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.16 2007/05/28 11:56:22 darrenr Exp $"; #endif #ifndef SOLARIS @@ -64,7 +64,6 @@ struct file; #include <stdlib.h> #include <ctype.h> #include <fcntl.h> -#include <arpa/inet.h> #ifdef __hpux # define _NET_ROUTE_INCLUDED @@ -85,7 +84,9 @@ struct file; #if defined(__FreeBSD__) # include "radix_ipf.h" #endif -#include <net/route.h> +#ifndef __osf__ +# include <net/route.h> +#endif #include <netinet/in.h> #if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /* IRIX < 6 */ && \ !defined(__hpux) && !defined(linux) @@ -109,6 +110,7 @@ struct file; #include <netinet/ip_icmp.h> #include <unistd.h> #include <syslog.h> +#include <arpa/inet.h> #ifdef __hpux # undef _NET_ROUTE_INCLUDED #endif @@ -146,7 +148,6 @@ extern struct protosw inetsw[]; static struct ifnet **ifneta = NULL; static int nifs = 0; -static int frzerostats __P((caddr_t)); static void fr_setifpaddr __P((struct ifnet *, char *)); void init_ifp __P((void)); #if defined(__sgi) && (IRIX < 60500) @@ -169,37 +170,20 @@ static int write_output __P((struct ifnet *, struct mbuf *, #endif -int iplattach() +int ipfattach() { fr_running = 1; return 0; } -int ipldetach() +int ipfdetach() { fr_running = -1; return 0; } -static int frzerostats(data) -caddr_t data; -{ - friostat_t fio; - int error; - - fr_getstat(&fio); - error = copyoutptr(&fio, data, sizeof(fio)); - if (error) - return EFAULT; - - bzero((char *)frstats, sizeof(*frstats) * 2); - - return 0; -} - - /* * Filter ioctl interface. */ @@ -209,210 +193,20 @@ ioctlcmd_t cmd; caddr_t data; int mode; { - int error = 0, unit = 0, tmp; - friostat_t fio; + int error = 0, unit = 0, uid; + SPL_INT(s); + uid = getuid(); unit = dev; SPL_NET(s); - if (unit == IPL_LOGNAT) { - if (fr_running > 0) - error = fr_nat_ioctl(data, cmd, mode); - else - error = EIO; - SPL_X(s); - return error; - } - if (unit == IPL_LOGSTATE) { - if (fr_running > 0) - error = fr_state_ioctl(data, cmd, mode); - else - error = EIO; - SPL_X(s); - return error; - } - if (unit == IPL_LOGAUTH) { - if (fr_running > 0) { - if ((cmd == (ioctlcmd_t)SIOCADAFR) || - (cmd == (ioctlcmd_t)SIOCRMAFR)) { - if (!(mode & FWRITE)) { - error = EPERM; - } else { - error = frrequest(unit, cmd, data, - fr_active, 1); - } - } else { - error = fr_auth_ioctl(data, mode, cmd); - } - } else - error = EIO; - SPL_X(s); - return error; - } - if (unit == IPL_LOGSYNC) { -#ifdef IPFILTER_SYNC - if (fr_running > 0) - error = fr_sync_ioctl(data, cmd, mode); - else -#endif - error = EIO; - SPL_X(s); - return error; - } - if (unit == IPL_LOGSCAN) { -#ifdef IPFILTER_SCAN - if (fr_running > 0) - error = fr_scan_ioctl(data, cmd, mode); - else -#endif - error = EIO; - SPL_X(s); - return error; - } - if (unit == IPL_LOGLOOKUP) { - if (fr_running > 0) - error = ip_lookup_ioctl(data, cmd, mode); - else - error = EIO; + error = fr_ioctlswitch(unit, data, cmd, mode, uid, NULL); + if (error != -1) { SPL_X(s); return error; } - switch (cmd) - { - case FIONREAD : -#ifdef IPFILTER_LOG - error = COPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); -#endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error) - break; - if (tmp) - error = iplattach(); - else - error = ipldetach(); - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, (void *)data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - error = COPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - error = COPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frzerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; -#ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; -#endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; -#ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; -#endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } @@ -652,7 +446,7 @@ int v; ifp->if_unit = -1; } #endif - ifp->if_output = no_output; + ifp->if_output = (void *)no_output; if (addr != NULL) { fr_setifpaddr(ifp, addr); @@ -688,7 +482,7 @@ void init_ifp() (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { - ifp->if_output = write_output; + ifp->if_output = (void *)write_output; sprintf(fname, "/tmp/%s", ifp->if_xname); fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); if (fd == -1) @@ -998,3 +792,9 @@ struct in_addr *inp, *inpmask; } return 0; } + + +int ipfsync() +{ + return 0; +} diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h index 25401c4..ae05ca7 100644 --- a/contrib/ipfilter/ipf.h +++ b/contrib/ipfilter/ipf.h @@ -6,7 +6,7 @@ * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 - * $Id: ipf.h,v 2.71.2.8 2005/12/30 07:03:21 darrenr Exp $ + * $Id: ipf.h,v 2.71.2.15 2007/05/11 10:44:14 darrenr Exp $ */ #ifndef __IPF_H__ @@ -183,14 +183,14 @@ extern struct ipopt_names v6ionames[]; extern int addicmp __P((char ***, struct frentry *, int)); extern int addipopt __P((char *, struct ipopt_names *, int, char *)); -extern int addkeep __P((char ***, struct frentry *, int)); +extern void alist_free __P((alist_t *)); +extern alist_t *alist_new __P((int, char *)); extern void binprint __P((void *, size_t)); extern void initparse __P((void)); extern u_32_t buildopts __P((char *, char *, int)); extern int checkrev __P((char *)); extern int count6bits __P((u_32_t *)); extern int count4bits __P((u_32_t)); -extern int extras __P((char ***, struct frentry *, int)); extern char *fac_toname __P((int)); extern int fac_findname __P((char *)); extern void fill6bits __P((int, u_int *)); @@ -198,19 +198,12 @@ extern int gethost __P((char *, u_32_t *)); extern int getport __P((struct frentry *, char *, u_short *)); extern int getportproto __P((char *, int)); extern int getproto __P((char *)); -extern char *getline __P((char *, size_t, FILE *, int *)); -extern int genmask __P((char *, u_32_t *)); -extern char *getnattype __P((struct ipnat *)); +extern char *getnattype __P((struct nat *, int)); extern char *getsumd __P((u_32_t)); extern u_32_t getoptbyname __P((char *)); extern u_32_t getoptbyvalue __P((int)); extern u_32_t getv6optbyname __P((char *)); extern u_32_t getv6optbyvalue __P((int)); -extern void hexdump __P((FILE *, void *, int, int)); -extern int hostmask __P((char ***, char *, char *, u_32_t *, u_32_t *, int)); -extern int hostnum __P((u_32_t *, char *, int, char *)); -extern int icmpcode __P((char *)); -extern int icmpidnum __P((char *, u_short *, int)); extern void initparse __P((void)); extern void ipf_dotuning __P((int, char *, ioctlfunc_t)); extern void ipf_addrule __P((int, ioctlfunc_t, void *)); @@ -225,23 +218,21 @@ extern int ippool_parsefile __P((int, char *, ioctlfunc_t)); extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t)); extern int kmemcpywrap __P((void *, void *, size_t)); extern char *kvatoname __P((ipfunc_t, ioctlfunc_t)); +extern alist_t *load_file __P((char *)); extern int load_hash __P((struct iphtable_s *, struct iphtent_s *, ioctlfunc_t)); extern int load_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); +extern alist_t *load_http __P((char *)); extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t)); extern int load_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); -extern int loglevel __P((char **, u_int *, int)); +extern alist_t *load_url __P((char *)); extern alist_t *make_range __P((int, struct in_addr, struct in_addr)); extern ipfunc_t nametokva __P((char *, ioctlfunc_t)); -extern ipnat_t *natparse __P((char *, int)); -extern void natparsefile __P((int, char *, int)); extern void nat_setgroupmap __P((struct ipnat *)); extern int ntomask __P((int, int, u_32_t *)); extern u_32_t optname __P((char ***, u_short *, int)); extern struct frentry *parse __P((char *, int)); extern char *portname __P((int, int)); -extern int portnum __P((char *, char *, u_short *, int)); -extern int ports __P((char ***, char *, u_short *, int *, u_short *, int)); extern int pri_findname __P((char *)); extern char *pri_toname __P((int)); extern void print_toif __P((char *, struct frdest *)); @@ -251,6 +242,8 @@ extern void printfr __P((struct frentry *, ioctlfunc_t)); extern void printtunable __P((ipftune_t *)); extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t, char *, int)); +extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, int)); +extern void printhashdata __P((iphtable_t *, int)); extern struct iphtent_s *printhashnode __P((struct iphtable_s *, struct iphtent_s *, copyfunc_t, int)); @@ -263,6 +256,9 @@ extern void printpacket __P((struct ip *)); extern void printpacket6 __P((struct ip *)); extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, char *, int)); +extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int, + char *, int)); +extern void printpooldata __P((ip_pool_t *, int)); extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int)); extern void printproto __P((struct protoent *, int, struct ipnat *)); extern void printportcmp __P((int, struct frpcmp *)); @@ -270,15 +266,12 @@ extern void optprint __P((u_short *, u_long, u_long)); #ifdef USE_INET6 extern void optprintv6 __P((u_short *, u_long, u_long)); #endif -extern int ratoi __P((char *, int *, int, int)); -extern int ratoui __P((char *, u_int *, u_int, u_int)); extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t)); extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); extern int remove_pool __P((ip_pool_t *, ioctlfunc_t)); extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); extern u_char tcp_flags __P((char *, u_char *, int)); extern u_char tcpflags __P((char *)); -extern int to_interface __P((struct frdest *, char *, int)); extern void printc __P((struct frentry *)); extern void printC __P((int)); extern void emit __P((int, int, void *, struct frentry *)); @@ -290,9 +283,9 @@ extern char *hostname __P((int, void *)); extern struct ipstate *printstate __P((struct ipstate *, int, u_long)); extern void printsbuf __P((char *)); extern void printnat __P((struct ipnat *, int)); -extern void printactivenat __P((struct nat *, int)); +extern void printactivenat __P((struct nat *, int, int, u_long)); extern void printhostmap __P((struct hostmap *, u_int)); -extern void printpacket __P((struct ip *)); +extern void printtqtable __P((ipftq_t *)); extern void set_variable __P((char *, char *)); extern char *get_variable __P((char *, char **, int)); diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y index 34a980f..773f27f 100644 --- a/contrib/ipfilter/iplang/iplang_y.y +++ b/contrib/ipfilter/iplang/iplang_y.y @@ -14,9 +14,9 @@ #include <string.h> #include <fcntl.h> #if !defined(__SVR4) && !defined(__svr4__) -#include <strings.h> +# include <strings.h> #else -#include <sys/byteorder.h> +# include <sys/byteorder.h> #endif #include <sys/types.h> #include <sys/stat.h> @@ -30,11 +30,14 @@ #include <netinet/in_systm.h> #include <netinet/ip.h> #ifndef linux -#include <netinet/ip_var.h> +# include <netinet/ip_var.h> +#endif +#ifdef __osf__ +# include "radix_ipf_local.h" #endif #include <net/if.h> #ifndef linux -#include <netinet/if_ether.h> +# include <netinet/if_ether.h> #endif #include <netdb.h> #include <arpa/nameser.h> diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c index 1063d3a..6ee4f1b 100644 --- a/contrib/ipfilter/ipsend/44arp.c +++ b/contrib/ipfilter/ipsend/44arp.c @@ -16,7 +16,9 @@ #if defined(__FreeBSD__) # include "radix_ipf.h" #endif -#include <net/route.h> +#ifndef __osf__ +# include <net/route.h> +#endif #include <netinet/in.h> #include <netinet/if_ether.h> #include <arpa/inet.h> diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c index d519a54..8670bda 100644 --- a/contrib/ipfilter/ipsend/arp.c +++ b/contrib/ipfilter/ipsend/arp.c @@ -7,20 +7,23 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.2 2007/02/17 12:41:50 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/socket.h> #if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51) -#include <sys/sockio.h> +# include <sys/sockio.h> #endif #include <sys/ioctl.h> #include <netinet/in_systm.h> #include <netinet/in.h> +#ifdef __osf__ +# include "radix_ipf_local.h" +#endif #include <net/if.h> #include <netinet/if_ether.h> #ifndef ultrix -#include <net/if_arp.h> +# include <net/if_arp.h> #endif #include <netinet/in.h> #include <netinet/ip.h> diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c index 8d469ef..26a7a89 100644 --- a/contrib/ipfilter/ipsend/ip.c +++ b/contrib/ipfilter/ipsend/ip.c @@ -7,12 +7,15 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp $"; #endif #include <sys/param.h> #include <sys/types.h> #include <netinet/in_systm.h> #include <sys/socket.h> +#ifdef __osf__ +# include "radix_ipf_local.h" +#endif #include <net/if.h> #include <netinet/in.h> #include <netinet/ip.h> diff --git a/contrib/ipfilter/ipsend/iptests.c b/contrib/ipfilter/ipsend/iptests.c index ea358df..a58131d 100644 --- a/contrib/ipfilter/ipsend/iptests.c +++ b/contrib/ipfilter/ipsend/iptests.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.7 2006/03/21 16:10:55 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.8 2007/02/17 12:41:51 darrenr Exp $"; #endif #include <sys/param.h> #include <sys/types.h> @@ -64,6 +64,9 @@ typedef int boolean_t; #ifdef __hpux # define _NET_ROUTE_INCLUDED #endif +#ifdef __osf__ +# include "radix_ipf_local.h" +#endif #include <net/if.h> #if defined(linux) && (LINUX >= 0200) # include <asm/atomic.h> diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c index da5c2bf..b988e9b 100644 --- a/contrib/ipfilter/ipsend/resend.c +++ b/contrib/ipfilter/ipsend/resend.c @@ -8,12 +8,15 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.2 2006/03/17 13:45:34 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.3 2007/02/17 12:41:51 darrenr Exp $"; #endif #include <sys/param.h> #include <sys/types.h> #include <sys/time.h> #include <sys/socket.h> +#ifdef __osf__ +# include "radix_ipf_local.h" +#endif #include <net/if.h> #include <netinet/in.h> #include <arpa/inet.h> diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c index 5b58359..f48fd06 100644 --- a/contrib/ipfilter/ipsend/sdlpi.c +++ b/contrib/ipfilter/ipsend/sdlpi.c @@ -27,6 +27,7 @@ #endif #ifdef __osf__ # include <sys/dlpihdr.h> +# include "radix_ipf_local.h" #else # include <sys/dlpi.h> #endif @@ -48,7 +49,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sock.c b/contrib/ipfilter/ipsend/sock.c index f6edbd2..7aac448 100644 --- a/contrib/ipfilter/ipsend/sock.c +++ b/contrib/ipfilter/ipsend/sock.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.4 2006/03/21 16:10:56 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.6 2007/02/17 12:41:51 darrenr Exp $"; #endif #include <sys/param.h> #include <sys/types.h> @@ -66,7 +66,9 @@ typedef int boolean_t; #if defined(__FreeBSD__) # include "radix_ipf.h" #endif -#include <net/route.h> +#ifndef __osf__ +# include <net/route.h> +#endif #include <netinet/ip_var.h> #include <netinet/in_pcb.h> #include <netinet/tcp_timer.h> @@ -294,11 +296,14 @@ struct tcpiphdr *ti; return NULL; fd = (struct filedesc *)malloc(sizeof(*fd)); + if (fd == NULL) + return NULL; #if defined( __FreeBSD_version) && __FreeBSD_version >= 500013 if (KMCPY(fd, p->ki_fd, sizeof(*fd)) == -1) { fprintf(stderr, "read(%#lx,%#lx) failed\n", (u_long)p, (u_long)p->ki_fd); + free(fd); return NULL; } #else @@ -306,6 +311,7 @@ struct tcpiphdr *ti; { fprintf(stderr, "read(%#lx,%#lx) failed\n", (u_long)p, (u_long)p->kp_proc.p_fd); + free(fd); return NULL; } #endif diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index 39b6fd4..ef9abfe 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: addicmp.c,v 1.10.2.4 2006/02/25 17:41:57 darrenr Exp $ + * $Id: addicmp.c,v 1.10.2.5 2006/06/16 17:20:55 darrenr Exp $ */ #include <ctype.h> diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c index 6dc7f48..79155e7 100644 --- a/contrib/ipfilter/lib/addipopt.c +++ b/contrib/ipfilter/lib/addipopt.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $ + * $Id: addipopt.c,v 1.7.4.1 2006/06/16 17:20:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/bcopywrap.c b/contrib/ipfilter/lib/bcopywrap.c index 4c68930..b2e8427 100644 --- a/contrib/ipfilter/lib/bcopywrap.c +++ b/contrib/ipfilter/lib/bcopywrap.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: bcopywrap.c,v 1.1.4.1 2006/06/16 17:20:56 darrenr Exp $ + */ + #include "ipf.h" int bcopywrap(from, to, size) diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c index b475aa1..fcb47ed 100644 --- a/contrib/ipfilter/lib/binprint.c +++ b/contrib/ipfilter/lib/binprint.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $ + * $Id: binprint.c,v 1.8.4.1 2006/06/16 17:20:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c index 7a8df09..bdd0538 100644 --- a/contrib/ipfilter/lib/buildopts.c +++ b/contrib/ipfilter/lib/buildopts.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $ + * $Id: buildopts.c,v 1.6.4.1 2006/06/16 17:20:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c index 97ed689..9e584cc 100644 --- a/contrib/ipfilter/lib/checkrev.c +++ b/contrib/ipfilter/lib/checkrev.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $ + * $Id: checkrev.c,v 1.12.2.2 2006/06/16 17:20:56 darrenr Exp $ */ #include <sys/ioctl.h> diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c index b2aaa3b..38e5742 100644 --- a/contrib/ipfilter/lib/count4bits.c +++ b/contrib/ipfilter/lib/count4bits.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $ + * $Id: count4bits.c,v 1.1.4.1 2006/06/16 17:20:57 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c index 6011e96..15538c3 100644 --- a/contrib/ipfilter/lib/count6bits.c +++ b/contrib/ipfilter/lib/count6bits.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $ + * $Id: count6bits.c,v 1.4.4.1 2006/06/16 17:20:57 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c index d5f6ab2..3181e78 100644 --- a/contrib/ipfilter/lib/debug.c +++ b/contrib/ipfilter/lib/debug.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $ + * $Id: debug.c,v 1.6.4.1 2006/06/16 17:20:57 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index a9bae6d..b89e0f8 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $ + * $Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $ */ #include <stdio.h> @@ -22,7 +22,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h index 212cd15..ca53e05 100644 --- a/contrib/ipfilter/lib/facpri.h +++ b/contrib/ipfilter/lib/facpri.h @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1999-2001 by Darren Reed. + * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $ + * $Id: facpri.h,v 1.3.4.1 2006/06/16 17:20:58 darrenr Exp $ */ #ifndef __FACPRI_H__ diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c index ec34d4e..c0faf6a 100644 --- a/contrib/ipfilter/lib/fill6bits.c +++ b/contrib/ipfilter/lib/fill6bits.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $ + * $Id: fill6bits.c,v 1.5.4.1 2006/06/16 17:20:58 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c index 1b9dc72..200484c 100644 --- a/contrib/ipfilter/lib/flags.c +++ b/contrib/ipfilter/lib/flags.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $ + * $Id: flags.c,v 1.4.4.1 2006/06/16 17:20:58 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/gethost.c b/contrib/ipfilter/lib/gethost.c index f9034cc..be536c1 100644 --- a/contrib/ipfilter/lib/gethost.c +++ b/contrib/ipfilter/lib/gethost.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: gethost.c,v 1.3.2.2 2006/06/16 17:20:59 darrenr Exp $ + */ + #include "ipf.h" int gethost(name, hostp) diff --git a/contrib/ipfilter/lib/getifname.c b/contrib/ipfilter/lib/getifname.c index 35acb32..7246fbb 100644 --- a/contrib/ipfilter/lib/getifname.c +++ b/contrib/ipfilter/lib/getifname.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getifname.c,v 1.5.2.3 2006/07/14 06:12:24 darrenr Exp $ + */ + #include "ipf.h" #include "kmem.h" @@ -8,6 +16,7 @@ * Given a pointer to an interface in the kernel, return a pointer to a * string which is the interface name. */ +#if 0 char *getifname(ptr) struct ifnet *ptr; { @@ -74,3 +83,10 @@ struct ifnet *ptr; # endif #endif } +#else +char *getifname(ptr) +struct ifnet *ptr; +{ + return "X"; +} +#endif diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c index beb0a8a..2fb5d17 100644 --- a/contrib/ipfilter/lib/getnattype.c +++ b/contrib/ipfilter/lib/getnattype.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * @@ -11,26 +11,34 @@ #include "kmem.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3.2.2 2006/07/14 06:12:24 darrenr Exp $"; #endif /* * Get a nat filter type given its kernel address. */ -char *getnattype(ipnat) -ipnat_t *ipnat; +char *getnattype(nat, alive) +nat_t *nat; +int alive; { static char unknownbuf[20]; - ipnat_t ipnatbuff; + ipnat_t *ipn, ipnat; char *which; + int type; - if (!ipnat) + if (!nat) return "???"; - if (kmemcpy((char *)&ipnatbuff, (long)ipnat, sizeof(ipnatbuff))) - return "!!!"; + if (alive) { + type = nat->nat_redir; + } else { + ipn = nat->nat_ptr; + if (kmemcpy((char *)&ipnat, (long)ipn, sizeof(ipnat))) + return "!!!"; + type = ipnat.in_redir; + } - switch (ipnatbuff.in_redir) + switch (type) { case NAT_MAP : which = "MAP"; @@ -45,8 +53,7 @@ ipnat_t *ipnat; which = "BIMAP"; break; default : - sprintf(unknownbuf, "unknown(%04x)", - ipnatbuff.in_redir & 0xffffffff); + sprintf(unknownbuf, "unknown(%04x)", type & 0xffffffff); which = unknownbuf; break; } diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c index 51c39b1..69e897c 100644 --- a/contrib/ipfilter/lib/getport.c +++ b/contrib/ipfilter/lib/getport.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getport.c,v 1.1.4.6 2006/06/16 17:21:00 darrenr Exp $ + */ + #include "ipf.h" int getport(fr, name, port) diff --git a/contrib/ipfilter/lib/getportproto.c b/contrib/ipfilter/lib/getportproto.c index 02e3c20..23e5fb1 100644 --- a/contrib/ipfilter/lib/getportproto.c +++ b/contrib/ipfilter/lib/getportproto.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getportproto.c,v 1.2.4.4 2006/06/16 17:21:00 darrenr Exp $ + */ + #include <ctype.h> #include "ipf.h" diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c index ec87490..33f6f47 100644 --- a/contrib/ipfilter/lib/getproto.c +++ b/contrib/ipfilter/lib/getproto.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getproto.c,v 1.2.2.3 2006/06/16 17:21:00 darrenr Exp $ + */ + #include "ipf.h" int getproto(name) diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c index 44ff3aa..fdad461 100644 --- a/contrib/ipfilter/lib/getsumd.c +++ b/contrib/ipfilter/lib/getsumd.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getsumd.c,v 1.2.4.1 2006/06/16 17:21:01 darrenr Exp $ + */ + #include "ipf.h" char *getsumd(sum) diff --git a/contrib/ipfilter/lib/hostname.c b/contrib/ipfilter/lib/hostname.c index c4950e9..e8fde98 100644 --- a/contrib/ipfilter/lib/hostname.c +++ b/contrib/ipfilter/lib/hostname.c @@ -1,5 +1,12 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: hostname.c,v 1.6.2.2 2007/01/16 02:25:22 darrenr Exp $ + */ #include "ipf.h" @@ -12,6 +19,8 @@ void *ip; struct in_addr ipa; struct netent *np; + memset(&ipa, 0, sizeof(ipa)); /* XXX gcc */ + if (v == 4) { ipa.s_addr = *(u_32_t *)ip; if (ipa.s_addr == htonl(0xfedcba98)) diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index 864fac1..d558beb 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: icmpcode.c,v 1.7.2.4 2006/02/25 17:40:22 darrenr Exp $ + * $Id: icmpcode.c,v 1.7.2.5 2006/06/16 17:21:02 darrenr Exp $ */ #include <ctype.h> diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c index 5f52f95..6fdfc8a 100644 --- a/contrib/ipfilter/lib/initparse.c +++ b/contrib/ipfilter/lib/initparse.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $ + * $Id: initparse.c,v 1.6.4.1 2006/06/16 17:21:02 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c index 5d7d2ac..d2fc977 100644 --- a/contrib/ipfilter/lib/ionames.c +++ b/contrib/ipfilter/lib/ionames.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $ + * $Id: ionames.c,v 1.7.4.1 2006/06/16 17:21:02 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ipf_dotuning.c b/contrib/ipfilter/lib/ipf_dotuning.c index 3f146d7..6508a26 100644 --- a/contrib/ipfilter/lib/ipf_dotuning.c +++ b/contrib/ipfilter/lib/ipf_dotuning.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2003-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: ipf_dotuning.c,v 1.2.4.3 2006/06/16 17:21:02 darrenr Exp $ + */ + #include "ipf.h" #include "netinet/ipl.h" #include <sys/ioctl.h> diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c index 9e2093f..2d50f07 100644 --- a/contrib/ipfilter/lib/ipft_ef.c +++ b/contrib/ipfilter/lib/ipft_ef.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $ + * $Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $ */ /* @@ -33,7 +33,7 @@ etherfind -n -t #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $"; #endif static int etherf_open __P((char *)); @@ -98,13 +98,18 @@ int cnt, *dir; switch (ip->ip_p) { case IPPROTO_TCP : + if (isdigit(*sprt)) + pkt.ti_sport = htons(atoi(sprt) & 65535); + if (isdigit(*dprt)) + pkt.ti_dport = htons(atoi(dprt) & 65535); + extra = sizeof(struct tcphdr); + break; case IPPROTO_UDP : - s = strtok(NULL, " :"); - ip->ip_len += atoi(s); - if (ip->ip_p == IPPROTO_TCP) - extra = sizeof(struct tcphdr); - else if (ip->ip_p == IPPROTO_UDP) - extra = sizeof(struct udphdr); + if (isdigit(*sprt)) + pkt.ti_sport = htons(atoi(sprt) & 65535); + if (isdigit(*dprt)) + pkt.ti_dport = htons(atoi(dprt) & 65535); + extra = sizeof(struct udphdr); break; #ifdef IGMP case IPPROTO_IGMP : diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c index efc0a413..d295c21 100644 --- a/contrib/ipfilter/lib/ipft_hx.c +++ b/contrib/ipfilter/lib/ipft_hx.c @@ -1,13 +1,13 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1995-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.4 2006/06/16 17:21:03 darrenr Exp $"; #endif #include <ctype.h> diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c index e3e2bd3..0f31a10 100644 --- a/contrib/ipfilter/lib/ipft_pc.c +++ b/contrib/ipfilter/lib/ipft_pc.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $ + * $Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" @@ -13,7 +13,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $"; #endif struct llc { diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c index 5841ed5..2beb6ee 100644 --- a/contrib/ipfilter/lib/ipft_sn.c +++ b/contrib/ipfilter/lib/ipft_sn.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $ + * $Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $ */ /* @@ -16,7 +16,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $"; #endif struct llc { diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c index 758eb51..d571ada 100644 --- a/contrib/ipfilter/lib/ipft_td.c +++ b/contrib/ipfilter/lib/ipft_td.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ + * $Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $ */ /* @@ -42,7 +42,7 @@ tcpdump -nqte #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $"; #endif static int tcpd_open __P((char *)); @@ -144,6 +144,8 @@ int cnt, *dir; IP_HL_A(ip, sizeof(ip_t)); s = strtok(misc, " :"); + if (s == NULL) + return 0; ip->ip_p = getproto(s); switch (ip->ip_p) @@ -151,6 +153,8 @@ int cnt, *dir; case IPPROTO_TCP : case IPPROTO_UDP : s = strtok(NULL, " :"); + if (s == NULL) + return 0; ip->ip_len += atoi(s); if (ip->ip_p == IPPROTO_TCP) extra = sizeof(struct tcphdr); diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index 36d89be..c613d6b 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -1,15 +1,15 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1995-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $"; #endif #include <ctype.h> @@ -129,6 +129,7 @@ int cnt, *dir; { register char *s; char line[513]; + ip_t *ip; *ifn = NULL; while (fgets(line, sizeof(line)-1, tfp)) { @@ -144,12 +145,10 @@ int cnt, *dir; printf("input: %s\n", line); *ifn = NULL; *dir = 0; - if (!parseline(line, (ip_t *)buf, ifn, dir)) -#if 0 - return sizeof(ip_t) + sizeof(tcphdr_t); -#else - return sizeof(ip_t); -#endif + if (!parseline(line, (ip_t *)buf, ifn, dir)) { + ip = (ip_t *)buf; + return ntohs(ip->ip_len); + } } if (feof(tfp)) return 0; diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c index 5990170..66a55c8 100644 --- a/contrib/ipfilter/lib/ipoptsec.c +++ b/contrib/ipfilter/lib/ipoptsec.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $ + * $Id: ipoptsec.c,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c index 04a64d1..26da2d0 100644 --- a/contrib/ipfilter/lib/kmem.c +++ b/contrib/ipfilter/lib/kmem.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -44,7 +44,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.3 2006/06/16 17:21:04 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h index c1dd7f9..bcfde06 100644 --- a/contrib/ipfilter/lib/kmem.h +++ b/contrib/ipfilter/lib/kmem.h @@ -1,10 +1,10 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $ + * $Id: kmem.h,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/lib/kmemcpywrap.c b/contrib/ipfilter/lib/kmemcpywrap.c index 4eeb62d..8747491 100644 --- a/contrib/ipfilter/lib/kmemcpywrap.c +++ b/contrib/ipfilter/lib/kmemcpywrap.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: kmemcpywrap.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $ + */ + #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/kvatoname.c b/contrib/ipfilter/lib/kvatoname.c index a3764e4..c8c0d8f 100644 --- a/contrib/ipfilter/lib/kvatoname.c +++ b/contrib/ipfilter/lib/kvatoname.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: kvatoname.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $ + */ + #include "ipf.h" #include <fcntl.h> diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c index ff093c9..7683470 100644 --- a/contrib/ipfilter/lib/load_hash.c +++ b/contrib/ipfilter/lib/load_hash.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $ + * $Id: load_hash.c,v 1.11.2.5 2006/07/14 06:12:25 darrenr Exp $ */ #include <fcntl.h> @@ -62,6 +62,7 @@ ioctlfunc_t iocfunc; iph.iph_size = size; iph.iph_seed = iphp->iph_seed; iph.iph_table = NULL; + iph.iph_list = NULL; iph.iph_ref = 0; if ((opts & OPT_REMOVE) == 0) { @@ -85,9 +86,10 @@ ioctlfunc_t iocfunc; perror("calloc(size, sizeof(*iph.iph_table))"); return -1; } - iph.iph_table[0] = list; + iph.iph_list = list; printhash(&iph, bcopywrap, iph.iph_name, opts); free(iph.iph_table); + iph.iph_list = NULL; for (a = list; a != NULL; a = a->ipe_next) { a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr); diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c index 083bea8..3c3416d 100644 --- a/contrib/ipfilter/lib/load_hashnode.c +++ b/contrib/ipfilter/lib/load_hashnode.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2003-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $ + * $Id: load_hashnode.c,v 1.2.4.2 2006/06/16 17:21:05 darrenr Exp $ */ #include <fcntl.h> diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c index 574cd2c..08baae7 100644 --- a/contrib/ipfilter/lib/load_pool.c +++ b/contrib/ipfilter/lib/load_pool.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $ + * $Id: load_pool.c,v 1.14.2.4 2006/06/16 17:21:06 darrenr Exp $ */ #include <fcntl.h> diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c index e8a6fe6..110a8b9 100644 --- a/contrib/ipfilter/lib/load_poolnode.c +++ b/contrib/ipfilter/lib/load_poolnode.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2003-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $ + * $Id: load_poolnode.c,v 1.3.2.3 2006/06/16 17:21:06 darrenr Exp $ */ #include <fcntl.h> @@ -54,7 +54,7 @@ ioctlfunc_t iocfunc; if (err != 0) { if ((opts & OPT_DONOTHING) == 0) { - perror("load_pool:SIOCLOOKUP*NODE"); + perror("load_poolnode:SIOCLOOKUP*NODE"); return -1; } } diff --git a/contrib/ipfilter/lib/mutex_emul.c b/contrib/ipfilter/lib/mutex_emul.c index 10472e5..3983f04 100644 --- a/contrib/ipfilter/lib/mutex_emul.c +++ b/contrib/ipfilter/lib/mutex_emul.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: mutex_emul.c,v 1.2.4.1 2006/06/16 17:21:06 darrenr Exp $ + */ + #include "ipf.h" #define EMM_MAGIC 0x9d7adba3 diff --git a/contrib/ipfilter/lib/nametokva.c b/contrib/ipfilter/lib/nametokva.c index b2854d6..deee439 100644 --- a/contrib/ipfilter/lib/nametokva.c +++ b/contrib/ipfilter/lib/nametokva.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: nametokva.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $ + */ + #include "ipf.h" #include <sys/ioctl.h> diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c index d4e637e..08b1a0a 100644 --- a/contrib/ipfilter/lib/nat_setgroupmap.c +++ b/contrib/ipfilter/lib/nat_setgroupmap.c @@ -1,12 +1,12 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/lib/ntomask.c b/contrib/ipfilter/lib/ntomask.c index c95f78f..ba91a65 100644 --- a/contrib/ipfilter/lib/ntomask.c +++ b/contrib/ipfilter/lib/ntomask.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: ntomask.c,v 1.6.2.1 2006/06/16 17:21:07 darrenr Exp $ + */ + #include "ipf.h" int ntomask(v, nbits, ap) diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c index 813a0df..f41cab1 100644 --- a/contrib/ipfilter/lib/optname.c +++ b/contrib/ipfilter/lib/optname.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ + * $Id: optname.c,v 1.3.4.1 2006/06/16 17:21:07 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 7f18318..81a3287 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: optprint.c,v 1.6.4.1 2005/12/18 14:51:28 darrenr Exp $ + * $Id: optprint.c,v 1.6.4.2 2006/06/16 17:21:08 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c index 086496d..f6ea6ec 100644 --- a/contrib/ipfilter/lib/optprintv6.c +++ b/contrib/ipfilter/lib/optprintv6.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $ + * $Id: optprintv6.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c index 3609448..aa1ef2e 100644 --- a/contrib/ipfilter/lib/optvalue.c +++ b/contrib/ipfilter/lib/optvalue.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ + * $Id: optvalue.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c index 4bf1c09..f0c8625 100644 --- a/contrib/ipfilter/lib/portname.c +++ b/contrib/ipfilter/lib/portname.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $ + * $Id: portname.c,v 1.7.2.1 2006/06/16 17:21:09 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c index 4431004..94a4618 100644 --- a/contrib/ipfilter/lib/print_toif.c +++ b/contrib/ipfilter/lib/print_toif.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $ + * $Id: print_toif.c,v 1.8.4.1 2006/06/16 17:21:09 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c index 2155378..a2e2924 100644 --- a/contrib/ipfilter/lib/printactivenat.c +++ b/contrib/ipfilter/lib/printactivenat.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * @@ -12,16 +12,17 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.7 2006/12/12 16:13:00 darrenr Exp $"; #endif -void printactivenat(nat, opts) +void printactivenat(nat, opts, alive, now) nat_t *nat; -int opts; +int opts, alive; +u_long now; { - printf("%s", getnattype(nat->nat_ptr)); + printf("%s", getnattype(nat, alive)); if (nat->nat_flags & SI_CLONE) printf(" CLONE"); @@ -42,8 +43,9 @@ int opts; printf("]"); if (opts & OPT_VERBOSE) { - printf("\n\tage %lu use %hu sumd %s/", - nat->nat_age, nat->nat_use, getsumd(nat->nat_sumd[0])); + printf("\n\tttl %lu use %hu sumd %s/", + nat->nat_age - now, nat->nat_use, + getsumd(nat->nat_sumd[0])); printf("%s pr %u bkt %d/%d flags %x\n", getsumd(nat->nat_sumd[1]), nat->nat_p, nat->nat_hv[0], nat->nat_hv[1], nat->nat_flags); diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c index 235a5fd..87a12cd4 100644 --- a/contrib/ipfilter/lib/printaps.c +++ b/contrib/ipfilter/lib/printaps.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * @@ -13,7 +13,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4.2.1 2006/06/16 17:21:10 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c index 1f0763e..b2e209a 100644 --- a/contrib/ipfilter/lib/printbuf.c +++ b/contrib/ipfilter/lib/printbuf.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $ + * $Id: printbuf.c,v 1.5.4.2 2006/06/16 17:21:10 darrenr Exp $ */ #include <ctype.h> diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index 6ad81e1..587d8cb 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printfr.c,v 1.43.2.16 2006/03/29 11:19:59 darrenr Exp $ + * $Id: printfr.c,v 1.43.2.18 2007/05/07 06:55:38 darrenr Exp $ */ #include "ipf.h" @@ -470,7 +470,12 @@ ioctlfunc_t iocfunc; } printf(")"); } + if (fp->fr_pps) printf(" pps %d", fp->fr_pps); + + if ((fp->fr_flags & FR_KEEPSTATE) && (opts & OPT_VERBOSE)) { + printf(" # count %d", fp->fr_statecnt); + } (void)putchar('\n'); } diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c index 05c0399..d9317e8 100644 --- a/contrib/ipfilter/lib/printfraginfo.c +++ b/contrib/ipfilter/lib/printfraginfo.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2004 by Darren Reed. + * Copyright (C) 2004-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $ + * $Id: printfraginfo.c,v 1.1.2.5 2006/12/25 15:10:37 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" @@ -19,11 +19,12 @@ struct ipfr *ifr; fr.fr_flags = 0xffffffff; printf("%s%s -> ", prefix, hostname(4, &ifr->ipfr_src)); +/* if (kmemcpy((char *)&fr, (u_long)ifr->ipfr_rule, sizeof(fr)) == -1) return; - printf("%s id %d ttl %d pr %d seen0 %d ifp %p tos %#02x = %#x\n", - hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_seen0, - ifr->ipfr_ttl, ifr->ipfr_p, ifr->ipfr_ifp, ifr->ipfr_tos, - fr.fr_flags); +*/ + printf("%s id %d ttl %ld pr %d seen0 %d ref %d tos %#02x\n", + hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_ttl, + ifr->ipfr_p, ifr->ipfr_seen0, ifr->ipfr_ref, ifr->ipfr_tos); } diff --git a/contrib/ipfilter/lib/printhash.c b/contrib/ipfilter/lib/printhash.c index fab0659..975b60e 100644 --- a/contrib/ipfilter/lib/printhash.c +++ b/contrib/ipfilter/lib/printhash.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -20,7 +20,7 @@ int opts; { iphtent_t *ipep, **table; iphtable_t iph; - int i, printed; + int printed; size_t sz; if ((*copyfunc)((char *)hp, (char *)&iph, sizeof(iph))) @@ -29,94 +29,10 @@ int opts; if ((name != NULL) && strncmp(name, iph.iph_name, FR_GROUPLEN)) return iph.iph_next; - if ((opts & OPT_DEBUG) == 0) { - if ((iph.iph_type & IPHASH_ANON) == IPHASH_ANON) - PRINTF("# 'anonymous' table\n"); - switch (iph.iph_type & ~IPHASH_ANON) - { - case IPHASH_LOOKUP : - PRINTF("table"); - break; - case IPHASH_GROUPMAP : - PRINTF("group-map"); - if (iph.iph_flags & FR_INQUE) - PRINTF(" in"); - else if (iph.iph_flags & FR_OUTQUE) - PRINTF(" out"); - else - PRINTF(" ???"); - break; - default : - PRINTF("%#x", iph.iph_type); - break; - } - PRINTF(" role = "); - } else { - PRINTF("Hash Table Number: %s", iph.iph_name); - if ((iph.iph_type & IPHASH_ANON) == IPHASH_ANON) - PRINTF("(anon)"); - putchar(' '); - PRINTF("Role: "); - } - - switch (iph.iph_unit) - { - case IPL_LOGNAT : - PRINTF("nat"); - break; - case IPL_LOGIPF : - PRINTF("ipf"); - break; - case IPL_LOGAUTH : - PRINTF("auth"); - break; - case IPL_LOGCOUNT : - PRINTF("count"); - break; - default : - PRINTF("#%d", iph.iph_unit); - break; - } - - if ((opts & OPT_DEBUG) == 0) { - if ((iph.iph_type & ~IPHASH_ANON) == IPHASH_LOOKUP) - PRINTF(" type = hash"); - PRINTF(" number = %s size = %lu", - iph.iph_name, (u_long)iph.iph_size); - if (iph.iph_seed != 0) - PRINTF(" seed = %lu", iph.iph_seed); - putchar('\n'); - } else { - PRINTF(" Type: "); - switch (iph.iph_type & ~IPHASH_ANON) - { - case IPHASH_LOOKUP : - PRINTF("lookup"); - break; - case IPHASH_GROUPMAP : - PRINTF("groupmap Group. %s", iph.iph_name); - break; - default : - break; - } + printhashdata(hp, opts); - putchar('\n'); - PRINTF("\t\tSize: %lu\tSeed: %lu", - (u_long)iph.iph_size, iph.iph_seed); - PRINTF("\tRef. Count: %d\tMasks: %#x\n", iph.iph_ref, - iph.iph_masks); - } - - if ((opts & OPT_DEBUG) != 0) { - struct in_addr m; - - for (i = 0; i < 32; i++) { - if ((1 << i) & iph.iph_masks) { - ntomask(4, i, &m.s_addr); - PRINTF("\t\tMask: %s\n", inet_ntoa(m)); - } - } - } + if ((hp->iph_flags & IPHASH_DELETE) != 0) + PRINTF("# "); if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); @@ -126,11 +42,9 @@ int opts; if ((*copyfunc)((char *)iph.iph_table, (char *)table, sz)) return NULL; - for (i = 0, printed = 0; i < iph.iph_size; i++) { - for (ipep = table[i]; ipep != NULL; ) { - ipep = printhashnode(&iph, ipep, copyfunc, opts); - printed++; - } + for (printed = 0, ipep = iph.iph_list; ipep != NULL; ) { + ipep = printhashnode(&iph, ipep, copyfunc, opts); + printed++; } if (printed == 0) putchar(';'); diff --git a/contrib/ipfilter/lib/printhashnode.c b/contrib/ipfilter/lib/printhashnode.c index b5eda15..ed83c39 100644 --- a/contrib/ipfilter/lib/printhashnode.c +++ b/contrib/ipfilter/lib/printhashnode.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -47,6 +47,7 @@ int opts; } putchar(';'); } + ipep = ipe.ipe_next; return ipep; } diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c index cb5f8e7..0c9242f 100644 --- a/contrib/ipfilter/lib/printhostmap.c +++ b/contrib/ipfilter/lib/printhostmap.c @@ -1,16 +1,22 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printhostmap.c,v 1.3.2.3 2006/09/30 21:42:07 darrenr Exp $ + */ + #include "ipf.h" void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { - struct in_addr in; printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); - in.s_addr = htonl(hmp->hm_mapip.s_addr); - printf("%s ", inet_ntoa(in)); + printf("%s ", inet_ntoa(hmp->hm_mapip)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c index 19f87a6..44703c4 100644 --- a/contrib/ipfilter/lib/printhostmask.c +++ b/contrib/ipfilter/lib/printhostmask.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $ + * $Id: printhostmask.c,v 1.8.4.1 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c index bc74a34..2f7d912 100644 --- a/contrib/ipfilter/lib/printifname.c +++ b/contrib/ipfilter/lib/printifname.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ + * $Id: printifname.c,v 1.2.4.1 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c index 8841f0a..8c008af 100644 --- a/contrib/ipfilter/lib/printip.c +++ b/contrib/ipfilter/lib/printip.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $ + * $Id: printip.c,v 1.3.4.1 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index dd18e98..82c0400 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printlog.c,v 1.6.4.2 2005/12/18 14:49:06 darrenr Exp $ + * $Id: printlog.c,v 1.6.4.3 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c index 195b9a9..9230dc0 100644 --- a/contrib/ipfilter/lib/printmask.c +++ b/contrib/ipfilter/lib/printmask.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $ + * $Id: printmask.c,v 1.5.4.1 2006/06/16 17:21:13 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index 67b5a27..06ed9a3 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * @@ -13,7 +13,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.13 2006/12/09 10:37:47 darrenr Exp $"; #endif /* @@ -48,10 +48,16 @@ int opts; break; } - printf(" %s", np->in_ifnames[0]); + if (!strcmp(np->in_ifnames[0], "-")) + printf(" \"%s\"", np->in_ifnames[0]); + else + printf(" %s", np->in_ifnames[0]); if ((np->in_ifnames[1][0] != '\0') && (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) { - printf(",%s", np->in_ifnames[1]); + if (!strcmp(np->in_ifnames[1], "-")) + printf(",\"%s\"", np->in_ifnames[1]); + else + printf(",%s", np->in_ifnames[1]); } putchar(' '); diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index 7090e38..cff13eb 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $ + * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $ */ #include "ipf.h" @@ -43,6 +43,7 @@ struct ip *ip; putchar(' '); } putchar('\n'); + putchar('\n'); return; } diff --git a/contrib/ipfilter/lib/printpacket6.c b/contrib/ipfilter/lib/printpacket6.c index 2ddffed..ca3b421 100644 --- a/contrib/ipfilter/lib/printpacket6.c +++ b/contrib/ipfilter/lib/printpacket6.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printpacket6.c,v 1.3.4.1 2006/06/16 17:21:13 darrenr Exp $ + */ + #include "ipf.h" /* diff --git a/contrib/ipfilter/lib/printpool.c b/contrib/ipfilter/lib/printpool.c index 4bd48aa..4ab85fa 100644 --- a/contrib/ipfilter/lib/printpool.c +++ b/contrib/ipfilter/lib/printpool.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -26,58 +26,12 @@ int opts; if ((name != NULL) && strncmp(name, ipp.ipo_name, FR_GROUPLEN)) return ipp.ipo_next; - if ((opts & OPT_DEBUG) == 0) { - if ((ipp.ipo_flags & IPOOL_ANON) != 0) - PRINTF("# 'anonymous' tree %s\n", ipp.ipo_name); - PRINTF("table role = "); - } else { - PRINTF("Name: %s", ipp.ipo_name); - if ((ipp.ipo_flags & IPOOL_ANON) == IPOOL_ANON) - PRINTF("(anon)"); - putchar(' '); - PRINTF("Role: "); - } - - switch (ipp.ipo_unit) - { - case IPL_LOGIPF : - printf("ipf"); - break; - case IPL_LOGNAT : - printf("nat"); - break; - case IPL_LOGSTATE : - printf("state"); - break; - case IPL_LOGAUTH : - printf("auth"); - break; - case IPL_LOGSYNC : - printf("sync"); - break; - case IPL_LOGSCAN : - printf("scan"); - break; - case IPL_LOGLOOKUP : - printf("lookup"); - break; - case IPL_LOGCOUNT : - printf("count"); - break; - default : - printf("unknown(%d)", ipp.ipo_unit); - } + printpooldata(&ipp, opts); - if ((opts & OPT_DEBUG) == 0) { - PRINTF(" type = tree number = %s\n", ipp.ipo_name); + if ((ipp.ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); + if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); - } else { - putchar(' '); - - PRINTF("\tReferences: %d\tHits: %lu\n", ipp.ipo_ref, - ipp.ipo_hits); - PRINTF("\tNodes Starting at %p\n", ipp.ipo_list); - } ipnpn = ipp.ipo_list; ipp.ipo_list = NULL; diff --git a/contrib/ipfilter/lib/printpoolnode.c b/contrib/ipfilter/lib/printpoolnode.c index ec8ac3e..3327b8a 100644 --- a/contrib/ipfilter/lib/printpoolnode.c +++ b/contrib/ipfilter/lib/printpoolnode.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -23,11 +23,11 @@ int opts; printip((u_32_t *)&np->ipn_addr.adf_addr.in4); printmask((u_32_t *)&np->ipn_mask.adf_addr); } else { - PRINTF("\t\t%s%s", np->ipn_info ? "! " : "", + PRINTF("\tAddress: %s%s", np->ipn_info ? "! " : "", inet_ntoa(np->ipn_addr.adf_addr.in4)); printmask((u_32_t *)&np->ipn_mask.adf_addr); - PRINTF("\n\t\tHits %lu\tName %s\n", - np->ipn_hits, np->ipn_name); + PRINTF("\t\tHits %lu\tName %s\tRef %d\n", + np->ipn_hits, np->ipn_name, np->ipn_ref); } return np->ipn_next; } diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c index 3f00db7..6a1a461 100644 --- a/contrib/ipfilter/lib/printportcmp.c +++ b/contrib/ipfilter/lib/printportcmp.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $ + * $Id: printportcmp.c,v 1.7.4.1 2006/06/16 17:21:14 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printsbuf.c b/contrib/ipfilter/lib/printsbuf.c index cfa9171..f6c633c 100644 --- a/contrib/ipfilter/lib/printsbuf.c +++ b/contrib/ipfilter/lib/printsbuf.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printsbuf.c,v 1.2.4.2 2006/06/16 17:21:14 darrenr Exp $ + */ + #ifdef IPFILTER_SCAN #include <ctype.h> diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index c8e238d..43621ef 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -17,64 +17,64 @@ ipstate_t *sp; int opts; u_long now; { - ipstate_t ips; synclist_t ipsync; - if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips))) - return NULL; - - PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4)); - PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n", - hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p, - ips.is_state[0], ips.is_state[1], ips.is_hv); - PRINTF("\ttag %u ttl %lu", ips.is_tag, ips.is_die - now); + if (sp->is_phnext == NULL) + PRINTF("ORPHAN "); + PRINTF("%s -> ", hostname(sp->is_v, &sp->is_src.in4)); + PRINTF("%s pass %#x pr %d state %d/%d", + hostname(sp->is_v, &sp->is_dst.in4), sp->is_pass, sp->is_p, + sp->is_state[0], sp->is_state[1]); + if (opts & OPT_DEBUG) + PRINTF(" bkt %d ref %d", sp->is_hv, sp->is_ref); + PRINTF("\n\ttag %u ttl %lu", sp->is_tag, sp->is_die - now); - if (ips.is_p == IPPROTO_TCP) { + if (sp->is_p == IPPROTO_TCP) { PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", - ntohs(ips.is_sport), ntohs(ips.is_dport), - ips.is_send, ips.is_dend, - ips.is_maxswin, ips.is_swinscale, - ips.is_maxdwin, ips.is_dwinscale); + ntohs(sp->is_sport), ntohs(sp->is_dport), + sp->is_send, sp->is_dend, + sp->is_maxswin, sp->is_swinscale, + sp->is_maxdwin, sp->is_dwinscale); PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", - ips.is_smsk[0], ips.is_smsk[1], ips.is_isc, - ips.is_s0[0], ips.is_s0[1]); + sp->is_smsk[0], sp->is_smsk[1], sp->is_isc, + sp->is_s0[0], sp->is_s0[1]); PRINTF("\tFWD:ISN inc %x sumd %x\n", - ips.is_isninc[0], ips.is_sumd[0]); + sp->is_isninc[0], sp->is_sumd[0]); PRINTF("\tREV:ISN inc %x sumd %x\n", - ips.is_isninc[1], ips.is_sumd[1]); + sp->is_isninc[1], sp->is_sumd[1]); #ifdef IPFILTER_SCAN PRINTF("\tsbuf[0] ["); - printsbuf(ips.is_sbuf[0]); + printsbuf(sp->is_sbuf[0]); PRINTF("] sbuf[1] ["); - printsbuf(ips.is_sbuf[1]); + printsbuf(sp->is_sbuf[1]); PRINTF("]\n"); #endif - } else if (ips.is_p == IPPROTO_UDP) { - PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport), - ntohs(ips.is_dport)); - } else if (ips.is_p == IPPROTO_GRE) { - PRINTF(" call %hx/%hx\n", ntohs(ips.is_gre.gs_call[0]), - ntohs(ips.is_gre.gs_call[1])); - } else if (ips.is_p == IPPROTO_ICMP + } else if (sp->is_p == IPPROTO_UDP) { + PRINTF(" %hu -> %hu\n", ntohs(sp->is_sport), + ntohs(sp->is_dport)); + } else if (sp->is_p == IPPROTO_GRE) { + PRINTF(" call %hx/%hx\n", ntohs(sp->is_gre.gs_call[0]), + ntohs(sp->is_gre.gs_call[1])); + } else if (sp->is_p == IPPROTO_ICMP #ifdef USE_INET6 - || ips.is_p == IPPROTO_ICMPV6 + || sp->is_p == IPPROTO_ICMPV6 #endif ) - PRINTF(" id %hu seq %hu type %d\n", ips.is_icmp.ici_id, - ips.is_icmp.ici_seq, ips.is_icmp.ici_type); + PRINTF(" id %hu seq %hu type %d\n", sp->is_icmp.ici_id, + sp->is_icmp.ici_seq, sp->is_icmp.ici_type); #ifdef USE_QUAD_T PRINTF("\tforward: pkts in %lld bytes in %lld pkts out %lld bytes out %lld\n\tbackward: pkts in %lld bytes in %lld pkts out %lld bytes out %lld\n", - ips.is_pkts[0], ips.is_bytes[0], - ips.is_pkts[1], ips.is_bytes[1], - ips.is_pkts[2], ips.is_bytes[2], - ips.is_pkts[3], ips.is_bytes[3]); + sp->is_pkts[0], sp->is_bytes[0], + sp->is_pkts[1], sp->is_bytes[1], + sp->is_pkts[2], sp->is_bytes[2], + sp->is_pkts[3], sp->is_bytes[3]); #else PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", - ips.is_pkts[0], ips.is_bytes[0], - ips.is_pkts[1], ips.is_bytes[1], - ips.is_pkts[2], ips.is_bytes[2], - ips.is_pkts[3], ips.is_bytes[3]); + sp->is_pkts[0], sp->is_bytes[0], + sp->is_pkts[1], sp->is_bytes[1], + sp->is_pkts[2], sp->is_bytes[2], + sp->is_pkts[3], sp->is_bytes[3]); #endif PRINTF("\t"); @@ -83,11 +83,11 @@ u_long now; * Print out bits set in the result code for the state being * kept as they would for a rule. */ - if (FR_ISPASS(ips.is_pass)) { + if (FR_ISPASS(sp->is_pass)) { PRINTF("pass"); - } else if (FR_ISBLOCK(ips.is_pass)) { + } else if (FR_ISBLOCK(sp->is_pass)) { PRINTF("block"); - switch (ips.is_pass & FR_RETMASK) + switch (sp->is_pass & FR_RETMASK) { case FR_RETICMP : PRINTF(" return-icmp"); @@ -101,77 +101,77 @@ u_long now; default : break; } - } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) { + } else if ((sp->is_pass & FR_LOGMASK) == FR_LOG) { PRINTF("log"); - if (ips.is_pass & FR_LOGBODY) + if (sp->is_pass & FR_LOGBODY) PRINTF(" body"); - if (ips.is_pass & FR_LOGFIRST) + if (sp->is_pass & FR_LOGFIRST) PRINTF(" first"); - } else if (FR_ISACCOUNT(ips.is_pass)) { + } else if (FR_ISACCOUNT(sp->is_pass)) { PRINTF("count"); - } else if (FR_ISPREAUTH(ips.is_pass)) { + } else if (FR_ISPREAUTH(sp->is_pass)) { PRINTF("preauth"); - } else if (FR_ISAUTH(ips.is_pass)) + } else if (FR_ISAUTH(sp->is_pass)) PRINTF("auth"); - if (ips.is_pass & FR_OUTQUE) + if (sp->is_pass & FR_OUTQUE) PRINTF(" out"); else PRINTF(" in"); - if ((ips.is_pass & FR_LOG) != 0) { + if ((sp->is_pass & FR_LOG) != 0) { PRINTF(" log"); - if (ips.is_pass & FR_LOGBODY) + if (sp->is_pass & FR_LOGBODY) PRINTF(" body"); - if (ips.is_pass & FR_LOGFIRST) + if (sp->is_pass & FR_LOGFIRST) PRINTF(" first"); - if (ips.is_pass & FR_LOGORBLOCK) + if (sp->is_pass & FR_LOGORBLOCK) PRINTF(" or-block"); } - if (ips.is_pass & FR_QUICK) + if (sp->is_pass & FR_QUICK) PRINTF(" quick"); - if (ips.is_pass & FR_KEEPFRAG) + if (sp->is_pass & FR_KEEPFRAG) PRINTF(" keep frags"); /* a given; no? */ - if (ips.is_pass & FR_KEEPSTATE) { + if (sp->is_pass & FR_KEEPSTATE) { PRINTF(" keep state"); - if (ips.is_pass & FR_STATESYNC) + if (sp->is_pass & FR_STATESYNC) PRINTF(" ( sync )"); } - PRINTF("\tIPv%d", ips.is_v); + PRINTF("\tIPv%d", sp->is_v); PRINTF("\n"); PRINTF("\tpkt_flags & %x(%x) = %x,\t", - ips.is_flags & 0xf, ips.is_flags, - ips.is_flags >> 4); - PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], - ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); + sp->is_flags & 0xf, sp->is_flags, + sp->is_flags >> 4); + PRINTF("\tpkt_options & %x = %x, %x = %x \n", sp->is_optmsk[0], + sp->is_opt[0], sp->is_optmsk[1], sp->is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", - ips.is_secmsk, ips.is_sec, ips.is_authmsk, - ips.is_auth); - PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1], - ips.is_flx[1][0], ips.is_flx[1][1]); - PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]), - ips.is_ifname[0]); + sp->is_secmsk, sp->is_sec, sp->is_authmsk, + sp->is_auth); + PRINTF("\tis_flx %#x %#x %#x %#x\n", sp->is_flx[0][0], sp->is_flx[0][1], + sp->is_flx[1][0], sp->is_flx[1][1]); + PRINTF("\tinterfaces: in %s[%s", getifname(sp->is_ifp[0]), + sp->is_ifname[0]); if (opts & OPT_DEBUG) - PRINTF("/%p", ips.is_ifp[0]); + PRINTF("/%p", sp->is_ifp[0]); putchar(']'); - PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]); + PRINTF(",%s[%s", getifname(sp->is_ifp[1]), sp->is_ifname[1]); if (opts & OPT_DEBUG) - PRINTF("/%p", ips.is_ifp[1]); + PRINTF("/%p", sp->is_ifp[1]); putchar(']'); - PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]); + PRINTF(" out %s[%s", getifname(sp->is_ifp[2]), sp->is_ifname[2]); if (opts & OPT_DEBUG) - PRINTF("/%p", ips.is_ifp[2]); + PRINTF("/%p", sp->is_ifp[2]); putchar(']'); - PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]); + PRINTF(",%s[%s", getifname(sp->is_ifp[3]), sp->is_ifname[3]); if (opts & OPT_DEBUG) - PRINTF("/%p", ips.is_ifp[3]); + PRINTF("/%p", sp->is_ifp[3]); PRINTF("]\n"); - if (ips.is_sync != NULL) { + if (sp->is_sync != NULL) { - if (kmemcpy((char *)&ipsync, (u_long)ips.is_sync, sizeof(ipsync))) { + if (kmemcpy((char *)&ipsync, (u_long)sp->is_sync, sizeof(ipsync))) { PRINTF("\tSync status: status could not be retrieved\n"); return NULL; @@ -185,5 +185,5 @@ u_long now; PRINTF("\tSync status: not synchronized\n"); } - return ips.is_next; + return sp->is_next; } diff --git a/contrib/ipfilter/lib/printtunable.c b/contrib/ipfilter/lib/printtunable.c index 12e019d..aa7ae5d 100644 --- a/contrib/ipfilter/lib/printtunable.c +++ b/contrib/ipfilter/lib/printtunable.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printtunable.c,v 1.1.4.1 2006/06/16 17:21:15 darrenr Exp $ + */ + #include "ipf.h" void printtunable(tup) diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c index a60bdd3..297db48 100644 --- a/contrib/ipfilter/lib/remove_hash.c +++ b/contrib/ipfilter/lib/remove_hash.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ + * $Id: remove_hash.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ */ #include <fcntl.h> diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c index 0b2098c..47a19dc 100644 --- a/contrib/ipfilter/lib/remove_hashnode.c +++ b/contrib/ipfilter/lib/remove_hashnode.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ + * $Id: remove_hashnode.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ */ #include <fcntl.h> diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c index 8fbad2e..1e7fe5f 100644 --- a/contrib/ipfilter/lib/remove_pool.c +++ b/contrib/ipfilter/lib/remove_pool.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ + * $Id: remove_pool.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ */ #include <fcntl.h> diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c index 51649ba..c80ff70 100644 --- a/contrib/ipfilter/lib/remove_poolnode.c +++ b/contrib/ipfilter/lib/remove_poolnode.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2002 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $ + * $Id: remove_poolnode.c,v 1.3.2.1 2006/06/16 17:21:16 darrenr Exp $ */ #include <fcntl.h> diff --git a/contrib/ipfilter/lib/resetlexer.c b/contrib/ipfilter/lib/resetlexer.c index 19eb161..8ea83f1 100644 --- a/contrib/ipfilter/lib/resetlexer.c +++ b/contrib/ipfilter/lib/resetlexer.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: resetlexer.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ + */ + #include "ipf.h" long string_start = -1; diff --git a/contrib/ipfilter/lib/rwlock_emul.c b/contrib/ipfilter/lib/rwlock_emul.c index d3beb60..1ee2475 100644 --- a/contrib/ipfilter/lib/rwlock_emul.c +++ b/contrib/ipfilter/lib/rwlock_emul.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: rwlock_emul.c,v 1.1.4.1 2006/06/16 17:21:17 darrenr Exp $ + */ + #include "ipf.h" #define EMM_MAGIC 0x97dd8b3a diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c index d6b5034..0b602e6 100644 --- a/contrib/ipfilter/lib/tcp_flags.c +++ b/contrib/ipfilter/lib/tcp_flags.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $ + * $Id: tcp_flags.c,v 1.8.2.1 2006/06/16 17:21:17 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c index e5763d7..f01d7dc 100644 --- a/contrib/ipfilter/lib/tcpflags.c +++ b/contrib/ipfilter/lib/tcpflags.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $ + * $Id: tcpflags.c,v 1.3.4.1 2006/06/16 17:21:17 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c index a215c55..25e3b27 100644 --- a/contrib/ipfilter/lib/tcpoptnames.c +++ b/contrib/ipfilter/lib/tcpoptnames.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $ + * $Id: tcpoptnames.c,v 1.5.4.1 2006/06/16 17:21:17 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c index 224a815..b57b301 100644 --- a/contrib/ipfilter/lib/v6ionames.c +++ b/contrib/ipfilter/lib/v6ionames.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2003-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $ + * $Id: v6ionames.c,v 1.1.4.3 2006/06/16 17:21:18 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c index a2e0139..a60d076 100644 --- a/contrib/ipfilter/lib/v6optvalue.c +++ b/contrib/ipfilter/lib/v6optvalue.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $ + * $Id: v6optvalue.c,v 1.1.4.1 2006/06/16 17:21:18 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/var.c b/contrib/ipfilter/lib/var.c index 5f3e015..4a62d7a 100644 --- a/contrib/ipfilter/lib/var.c +++ b/contrib/ipfilter/lib/var.c @@ -1,5 +1,13 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: var.c,v 1.4.2.3 2006/06/16 17:21:18 darrenr Exp $ + */ + #include <ctype.h> #include "ipf.h" diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c index bd01bcd..f1b4516 100644 --- a/contrib/ipfilter/lib/verbose.c +++ b/contrib/ipfilter/lib/verbose.c @@ -1,11 +1,11 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $ + * $Id: verbose.c,v 1.6.4.1 2006/06/16 17:21:18 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8 index bcf9307..678010f 100644 --- a/contrib/ipfilter/man/ipf.8 +++ b/contrib/ipfilter/man/ipf.8 @@ -74,6 +74,17 @@ one of the two options may be given. A fully established connection will show up in \fBipfstat -s\fP output as 5/5, with deviations either way indicating it is not fully established any more. .TP +.BR \-F <5|6|7|8|9|10|11> +For the TCP states that represent the closing of a connection has begun, +be it only one side or the complete connection, it is possible to flush +those states directly using the number corresponding to that state. +The numbers relate to the states as follows: 5 = close-wait, 6 = fin-wait-1, +7 = closing, 8 = last-ack, 9 = fin-wait-2, 10 = time-wait, 11 = closed. +.TP +.BR \-F <number> +If the argument supplied to \fB-F\fP is greater than 30, then state table +entries that have been idle for more than this many seconds will be flushed. +.TP .BR \-f \0<filename> This option specifies which files \fBipf\fP should use to get input from for modifying the packet filter rule @@ -105,6 +116,7 @@ Remove matching filter rules rather than add them to the internal lists .TP .B \-s Swap the active filter list in use to be the "other" one. +.TP .B \-T <optionlist> This option allows run-time changing of IPFilter kernel variables. Some variables require IPFilter to be in a disabled state (\fB-D\fP) for changing, diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index d0cb2a9..44ba8ba 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -124,7 +124,11 @@ seconds between an update. Any positive integer can be used. The default (and minimal update time) is 1. .TP .B \-v -Turn verbose mode on. Displays more debugging information. +Turn verbose mode on. Displays more debugging information. When used with +either \fB-i\fP or \fB-o\fP, counters associated with the rule, such as the +number of times it has been matched and the number of bytes from such packets +is displayed. For "keep state" rules, a count of the number of state sessions +active against the rule is also displayed. .SH SYNOPSIS The role of \fBipfstat\fP is to display current kernel statistics gathered as a result of applying the filters in place (if any) to packets going in and diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 2a35d16..1082e06 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -107,6 +107,7 @@ even should the result be zero. .B \-L <facility> Using this option allows you to change the default syslog facility that ipmon uses for syslog messages. The default is local0. +.TP .B \-n IP addresses and port numbers will be mapped, where possible, back into hostnames and service names. diff --git a/contrib/ipfilter/radix_ipf.h b/contrib/ipfilter/radix_ipf.h index 294407b..220a389 100644 --- a/contrib/ipfilter/radix_ipf.h +++ b/contrib/ipfilter/radix_ipf.h @@ -42,7 +42,7 @@ # endif #endif -#if defined(__sgi) +#if defined(__sgi) || defined(__osf__) # define radix_mask ipf_radix_mask # define radix_node ipf_radix_node # define radix_node_head ipf_radix_node_head diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index b923f58..fe9fec2 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -21,7 +21,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.4 2006/03/17 11:48:08 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.8 2007/05/10 06:12:01 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) @@ -344,11 +344,13 @@ char *arg; if (!arg || !*arg) return; - if (!strcmp(arg, "s") || !strcmp(arg, "S")) { + if (!strcmp(arg, "s") || !strcmp(arg, "S") || ISDIGIT(*arg)) { if (*arg == 'S') fl = 0; - else + else if (*arg == 's') fl = 1; + else + fl = atoi(arg); rem = fl; closedevice(); @@ -370,7 +372,7 @@ char *arg; } if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) { printf("remove flags %s (%d)\n", arg, rem); - printf("removed %d filter rules\n", fl); + printf("removed %d entries\n", fl); } closedevice(); return; diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index 5a24592..e8789e0 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2001-2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include "ipf.h" #include <sys/ioctl.h> @@ -171,7 +176,7 @@ file: line | file assign ; -line: xx rule { while ((fr = frtop) != NULL) { +line: rule { while ((fr = frtop) != NULL) { frtop = fr->fr_next; fr->fr_next = NULL; (*ipfaddfunc)(ipffd, ipfioctl[IPL_LOGIPF], fr); @@ -190,6 +195,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3); resetlexer(); free($1); free($3); + yyvarnext = 0; } ; @@ -213,8 +219,8 @@ outrule: ; rulehead: - collection action - | insert collection action + xx collection action + | xx insert collection action ; markin: IPFY_IN { fr->fr_flags |= FR_INQUE; } @@ -837,20 +843,32 @@ dstportlist: ; addr: pool '/' YY_NUMBER { pooled = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_POOL; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = $3; } + | pool '/' YY_STR { pooled = 1; + $$.a.iplookuptype = IPLT_POOL; + $$.a.iplookupsubtype = 1; + strncpy($$.a.iplookupname, $3, + sizeof($$.a.iplookupname)); + } | pool '=' '(' poollist ')' { pooled = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_POOL; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = makepool($4); } | hash '/' YY_NUMBER { hashed = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_HASH; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = $3; } + | hash '/' YY_STR { pooled = 1; + $$.a.iplookuptype = IPLT_HASH; + $$.a.iplookupsubtype = 1; + strncpy($$.a.iplookupname, $3, + sizeof($$.a.iplookupname)); + } | hash '=' '(' addrlist ')' { hashed = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_HASH; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = makehash($4); } | ipaddr { bcopy(&$1, &$$, sizeof($$)); yyexpectaddr = 0; } @@ -1375,8 +1393,8 @@ servicename: YY_STR { $$ = $1; } ; -interfacename: YY_STR { $$ = $1; } - | YY_STR ':' YY_NUMBER +interfacename: name { $$ = $1; } + | name ':' YY_NUMBER { $$ = $1; fprintf(stderr, "%d: Logical interface %s:%d unsupported, " "use the physical interface %s instead.\n", @@ -1385,6 +1403,7 @@ interfacename: YY_STR { $$ = $1; } ; name: YY_STR { $$ = $1; } + | '-' { $$ = strdup("-"); } ; ipv4_16: @@ -2033,6 +2052,9 @@ void *ptr; frentry_t *fr; ipfobj_t obj; + if (ptr == NULL) + return; + fr = ptr; add = 0; del = 0; @@ -2062,10 +2084,10 @@ void *ptr; fr->fr_flags |= FR_OUTQUE; if (fr->fr_hits) fr->fr_hits--; - if (fr && (opts & OPT_VERBOSE)) + if ((opts & OPT_VERBOSE) != 0) printfr(fr, ioctlfunc); - if (opts & OPT_DEBUG) { + if ((opts & OPT_DEBUG) != 0) { binprint(fr, sizeof(*fr)); if (fr->fr_data != NULL) binprint(fr->fr_data, fr->fr_dsize); diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index da80da8..1e26de5 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -1,13 +1,13 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.3 2006/03/17 22:31:57 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.7 2007/05/01 22:15:00 darrenr Exp $"; #endif #include "ipf.h" @@ -94,11 +94,22 @@ frentry_t *fr; fprintf(fp, "* to the original author and the contributors.\n"); fprintf(fp, "*/\n\n"); + fprintf(fp, "#include <sys/param.h>\n"); fprintf(fp, "#include <sys/types.h>\n"); fprintf(fp, "#include <sys/time.h>\n"); fprintf(fp, "#include <sys/socket.h>\n"); - fprintf(fp, "#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)\n"); - fprintf(fp, "# include <sys/systm.h>\n"); + fprintf(fp, "#if (__FreeBSD_version >= 40000)\n"); + fprintf(fp, "# if defined(_KERNEL)\n"); + fprintf(fp, "# include <sys/libkern.h>\n"); + fprintf(fp, "# else\n"); + fprintf(fp, "# include <sys/unistd.h>\n"); + fprintf(fp, "# endif\n"); + fprintf(fp, "#endif\n"); + fprintf(fp, "#if (__NetBSD_Version__ >= 399000000)\n"); + fprintf(fp, "#else\n"); + fprintf(fp, "# if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)\n"); + fprintf(fp, "# include <sys/systm.h>\n"); + fprintf(fp, "# endif\n"); fprintf(fp, "#endif\n"); fprintf(fp, "#include <sys/errno.h>\n"); fprintf(fp, "#include <sys/param.h>\n"); @@ -493,7 +504,8 @@ u_int incount, outcount; /* * Output the array of pointers to rules for this group. */ - if (num == -2 && dir == 0 && header[0] == 0 && incount != 0) { + if (g != NULL && num == -2 && dir == 0 && header[0] == 0 && + incount != 0) { fprintf(fp, "\nfrentry_t *ipf_rules_in_%s[%d] = {", group, incount); for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) { @@ -512,7 +524,8 @@ u_int incount, outcount; fprintf(fp, "\n};\n"); } - if (num == -2 && dir == 1 && header[1] == 0 && outcount != 0) { + if (g != NULL && num == -2 && dir == 1 && header[0] == 0 && + outcount != 0) { fprintf(fp, "\nfrentry_t *ipf_rules_out_%s[%d] = {", group, outcount); for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) { @@ -541,7 +554,7 @@ u_int incount, outcount; /* * If the function header has not been printed then print it now. */ - if (header[dir] == 0) { + if (g != NULL && header[dir] == 0) { int pdst = 0, psrc = 0; openfunc = 1; diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c index a89ea0b..eab650a 100644 --- a/contrib/ipfilter/tools/ipfs.c +++ b/contrib/ipfilter/tools/ipfs.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1999-2001, 2003 by Darren Reed. + * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -133,6 +133,14 @@ char *ifs, *fname; strcpy(ips.ips_is.is_ifname[1], s); rw = 1; } + if (!strncmp(ips.ips_is.is_ifname[2], ifs, olen + 1)) { + strcpy(ips.ips_is.is_ifname[2], s); + rw = 1; + } + if (!strncmp(ips.ips_is.is_ifname[3], ifs, olen + 1)) { + strcpy(ips.ips_is.is_ifname[3], s); + rw = 1; + } if (rw == 1) { if (lseek(fd, pos, SEEK_SET) != pos) { perror("lseek"); @@ -190,6 +198,14 @@ char *ifs, *fname; strcpy(nat->nat_ifnames[1], s); rw = 1; } + if (!strncmp(nat->nat_ifnames[2], ifs, olen + 1)) { + strcpy(nat->nat_ifnames[2], s); + rw = 1; + } + if (!strncmp(nat->nat_ifnames[3], ifs, olen + 1)) { + strcpy(nat->nat_ifnames[3], s); + rw = 1; + } if (rw == 1) { if (lseek(fd, pos, SEEK_SET) != pos) { perror("lseek"); @@ -216,7 +232,7 @@ char *argv[]; char *dirname = NULL, *filename = NULL, *ifs = NULL; progname = argv[0]; - while ((c = getopt(argc, argv, "d:f:lNnSRruvWw")) != -1) + while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1) switch (c) { case 'd' : diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index 85eba20..db362d2 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001, 2003 by Darren Reed. + * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -53,6 +53,7 @@ #ifdef STATETOP # include <ctype.h> # include <signal.h> +# include <time.h> # if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \ defined(__sgi) # ifdef ERR @@ -70,7 +71,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.14 2006/03/21 16:09:58 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.23 2007/05/31 13:13:02 darrenr Exp $"; #endif #ifdef __hpux @@ -83,10 +84,6 @@ extern int opterr; #define PRINTF (void)printf #define FPRINTF (void)fprintf -#define F_IN 0 -#define F_OUT 1 -#define F_ACIN 2 -#define F_ACOUT 3 static char *filters[4] = { "ipfilter(in)", "ipfilter(out)", "ipacct(in)", "ipacct(out)" }; static int state_logging = -1; @@ -96,6 +93,10 @@ int use_inet6 = 0; int live_kernel = 1; int state_fd = -1; int ipf_fd = -1; +int auth_fd = -1; +int nat_fd = -1; +frgroup_t *grtop = NULL; +frgroup_t *grtail = NULL; #ifdef STATETOP #define STSTRSIZE 80 @@ -130,19 +131,23 @@ typedef struct statetop { int main __P((int, char *[])); +static int fetchfrag __P((int, int, ipfr_t *)); static void showstats __P((friostat_t *, u_32_t)); -static void showfrstates __P((ipfrstat_t *)); +static void showfrstates __P((ipfrstat_t *, u_long)); static void showlist __P((friostat_t *)); static void showipstates __P((ips_stat_t *)); static void showauthstates __P((fr_authstat_t *)); static void showgroups __P((friostat_t *)); static void usage __P((char *)); -static void printlist __P((frentry_t *, char *)); +static void showtqtable_live __P((int)); +static void printlivelist __P((int, int, frentry_t *, char *, char *)); +static void printdeadlist __P((int, int, frentry_t *, char *, char *)); static void parse_ipportstr __P((const char *, i6addr_t *, int *)); static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **, ipfrstat_t **, fr_authstat_t **, u_32_t *)); static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **, ipfrstat_t **, fr_authstat_t **, u_32_t *)); +static ipstate_t *fetchstate __P((ipstate_t *, ipstate_t *)); #ifdef STATETOP static void topipstates __P((i6addr_t, i6addr_t, int, int, int, int, int, int)); @@ -192,7 +197,7 @@ char *argv[]; ips_stat_t *ipsstp = &ipsst; ipfrstat_t ifrst; ipfrstat_t *ifrstp = &ifrst; - char *device = IPL_NAME, *memf = NULL; + char *memf = NULL; char *options, *kern = NULL; int c, myoptind; @@ -245,8 +250,16 @@ char *argv[]; perror("open(IPSTATE_NAME)"); exit(-1); } - if ((ipf_fd = open(device, O_RDONLY)) == -1) { - fprintf(stderr, "open(%s)", device); + if ((auth_fd = open(IPAUTH_NAME, O_RDONLY)) == -1) { + perror("open(IPAUTH_NAME)"); + exit(-1); + } + if ((nat_fd = open(IPNAT_NAME, O_RDONLY)) == -1) { + perror("open(IPAUTH_NAME)"); + exit(-1); + } + if ((ipf_fd = open(IPL_NAME, O_RDONLY)) == -1) { + fprintf(stderr, "open(%s)", IPL_NAME); perror(""); exit(-1); } @@ -257,10 +270,12 @@ char *argv[]; (void)setuid(getuid()); } - if (live_kernel == 1) - (void) checkrev(device); - if (openkmem(kern, memf) == -1) - exit(-1); + if (live_kernel == 1) { + (void) checkrev(IPL_NAME); + } else { + if (openkmem(kern, memf) == -1) + exit(-1); + } (void)setgid(getgid()); (void)setuid(getuid()); @@ -369,7 +384,7 @@ char *argv[]; bzero((char *)&ipsst, sizeof(ipsst)); bzero((char *)&ifrst, sizeof(ifrst)); - ipfstate_live(device, &fiop, &ipsstp, &ifrstp, + ipfstate_live(IPL_NAME, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); } else ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); @@ -383,7 +398,7 @@ char *argv[]; showlist(fiop); } } else if (opts & OPT_FRSTATES) - showfrstates(ifrstp); + showfrstates(ifrstp, fiop->f_ticks); #ifdef STATETOP else if (opts & OPT_STATETOP) topipstates(saddr, daddr, sport, dport, protocol, @@ -422,9 +437,9 @@ u_32_t *frfp; if ((opts & OPT_AUTHSTATS) == 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_IPFSTAT; ipfo.ipfo_size = sizeof(friostat_t); ipfo.ipfo_ptr = (void *)*fiopp; - ipfo.ipfo_type = IPFOBJ_IPFSTAT; if (ioctl(ipf_fd, SIOCGETFS, &ipfo) == -1) { perror("ioctl(ipf:SIOCGETFS)"); @@ -439,9 +454,9 @@ u_32_t *frfp; bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_STATESTAT; ipfo.ipfo_size = sizeof(ips_stat_t); ipfo.ipfo_ptr = (void *)*ipsstpp; - ipfo.ipfo_type = IPFOBJ_STATESTAT; if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { perror("ioctl(state:SIOCGETFS)"); @@ -456,9 +471,9 @@ u_32_t *frfp; if ((opts & OPT_FRSTATES) != 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_FRAGSTAT; ipfo.ipfo_size = sizeof(ipfrstat_t); ipfo.ipfo_ptr = (void *)*ifrstpp; - ipfo.ipfo_type = IPFOBJ_FRAGSTAT; if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) { perror("ioctl(SIOCGFRST)"); @@ -466,27 +481,17 @@ u_32_t *frfp; } } - if (opts & OPT_VERBOSE) + if (opts & OPT_DEBUG) PRINTF("opts %#x name %s\n", opts, device); if ((opts & OPT_AUTHSTATS) != 0) { - if (ipf_fd >= 0) { - close(ipf_fd); - ipf_fd = -1; - } - device = IPAUTH_NAME; - if ((ipf_fd = open(device, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_AUTHSTAT; ipfo.ipfo_size = sizeof(fr_authstat_t); ipfo.ipfo_ptr = (void *)*frauthstpp; - ipfo.ipfo_type = IPFOBJ_AUTHSTAT; - if (ioctl(ipf_fd, SIOCATHST, &ipfo) == -1) { + if (ioctl(auth_fd, SIOCATHST, &ipfo) == -1) { perror("ioctl(SIOCATHST)"); exit(-1); } @@ -511,10 +516,11 @@ u_32_t *frfp; static ips_stat_t ipsst, *ipsstp; static ipfrstat_t ifrst, *ifrstp; static friostat_t fio, *fiop; + static ipftq_t ipssttab[IPF_TCP_NSTATES]; int temp; void *rules[2][2]; - struct nlist deadlist[43] = { + struct nlist deadlist[44] = { { "fr_authstats" }, /* 0 */ { "fae_list" }, { "ipauth" }, @@ -557,6 +563,7 @@ u_32_t *frfp; { "fr_pass" }, { "fr_flags" }, /* 40 */ { "ipstate_logging" }, + { "ips_tqtqb" }, { NULL } }; @@ -669,9 +676,12 @@ u_32_t *frfp; */ kmemcpy((char *)ipsstp, (u_long)deadlist[14].n_value, sizeof(*ipsstp)); kmemcpy((char *)&temp, (u_long)deadlist[15].n_value, sizeof(temp)); + kmemcpy((char *)ipssttab, (u_long)deadlist[42].n_value, + sizeof(ipssttab)); ipsstp->iss_active = temp; ipsstp->iss_table = (void *)deadlist[18].n_value; ipsstp->iss_list = (void *)deadlist[17].n_value; + ipsstp->iss_tcptab = ipssttab; /* * Build up the authentiation information stats structure. @@ -771,21 +781,62 @@ u_32_t frf; /* * Print out a list of rules from the kernel, starting at the one passed. */ -static void printlist(fp, comment) +static void printlivelist(out, set, fp, group, comment) +int out, set; frentry_t *fp; -char *comment; +char *group, *comment; { - struct frentry fb, *fg; - char *data; - u_32_t type; - int n; - - for (n = 1; fp; n++) { - if (kmemcpy((char *)&fb, (u_long)fp, sizeof(fb)) == -1) { - perror("kmemcpy"); + struct frentry fb; + ipfruleiter_t rule; + frentry_t zero; + frgroup_t *g; + ipfobj_t obj; + int n; + + if (use_inet6 == 1) + fb.fr_v = 6; + else + fb.fr_v = 4; + fb.fr_next = fp; + n = 0; + + rule.iri_inout = out; + rule.iri_active = set; + rule.iri_rule = &fb; + rule.iri_nrules = 1; + rule.iri_v = use_inet6 ? 6 : 4; + if (group != NULL) + strncpy(rule.iri_group, group, FR_GROUPLEN); + else + rule.iri_group[0] = '\0'; + + bzero((char *)&zero, sizeof(zero)); + + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_IPFITER; + obj.ipfo_size = sizeof(rule); + obj.ipfo_ptr = &rule; + + do { + u_long array[1000]; + + memset(array, 0xff, sizeof(array)); + fp = (frentry_t *)array; + rule.iri_rule = fp; + if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) { + perror("ioctl(SIOCIPFITER)"); + n = IPFGENITER_IPF; + ioctl(ipf_fd, SIOCIPFDELTOK, &n); return; } - fp = &fb; + if (bcmp(fp, &zero, sizeof(zero)) == 0) + break; + if (fp->fr_data != NULL) + fp->fr_data = (char *)fp + sizeof(*fp); + + n++; + if (opts & (OPT_HITS|OPT_VERBOSE)) #ifdef USE_QUAD_T PRINTF("%qu ", (unsigned long long) fp->fr_hits); @@ -800,38 +851,144 @@ char *comment; #endif if (opts & OPT_SHOWLINENO) PRINTF("@%d ", n); + + printfr(fp, ioctl); + if (opts & OPT_DEBUG) { + binprint(fp, sizeof(*fp)); + if (fp->fr_data != NULL && fp->fr_dsize > 0) + binprint(fp->fr_data, fp->fr_dsize); + } + if (fp->fr_grhead[0] != '\0') { + for (g = grtop; g != NULL; g = g->fg_next) { + if (!strncmp(fp->fr_grhead, g->fg_name, + FR_GROUPLEN)) + break; + } + if (g == NULL) { + g = calloc(1, sizeof(*g)); + + if (g != NULL) { + strncpy(g->fg_name, fp->fr_grhead, + FR_GROUPLEN); + if (grtop == NULL) { + grtop = g; + grtail = g; + } else { + grtail->fg_next = g; + grtail = g; + } + } + } + } + if (fp->fr_type == FR_T_CALLFUNC) { + printlivelist(out, set, fp->fr_data, group, + "# callfunc: "); + } + } while (fp->fr_next != NULL); + + n = IPFGENITER_IPF; + ioctl(ipf_fd, SIOCIPFDELTOK, &n); + + if (group == NULL) { + while ((g = grtop) != NULL) { + printf("# Group %s\n", g->fg_name); + printlivelist(out, set, NULL, g->fg_name, comment); + grtop = g->fg_next; + free(g); + } + } +} + + +static void printdeadlist(out, set, fp, group, comment) +int out, set; +frentry_t *fp; +char *group, *comment; +{ + frgroup_t *grtop, *grtail, *g; + struct frentry fb; + char *data; + u_32_t type; + int n; + + fb.fr_next = fp; + n = 0; + grtop = NULL; + grtail = NULL; + + do { + fp = fb.fr_next; + if (kmemcpy((char *)&fb, (u_long)fb.fr_next, + sizeof(fb)) == -1) { + perror("kmemcpy"); + return; + } + data = NULL; - type = fp->fr_type & ~FR_T_BUILTIN; + type = fb.fr_type & ~FR_T_BUILTIN; if (type == FR_T_IPF || type == FR_T_BPFOPC) { - if (fp->fr_dsize) { - data = malloc(fp->fr_dsize); + if (fb.fr_dsize) { + data = malloc(fb.fr_dsize); - if (kmemcpy(data, (u_long)fp->fr_data, - fp->fr_dsize) == -1) { + if (kmemcpy(data, (u_long)fb.fr_data, + fb.fr_dsize) == -1) { perror("kmemcpy"); return; } - fp->fr_data = data; + fb.fr_data = data; } } + n++; + + if (opts & (OPT_HITS|OPT_VERBOSE)) +#ifdef USE_QUAD_T + PRINTF("%qu ", (unsigned long long) fb.fr_hits); +#else + PRINTF("%lu ", fb.fr_hits); +#endif + if (opts & (OPT_ACCNT|OPT_VERBOSE)) +#ifdef USE_QUAD_T + PRINTF("%qu ", (unsigned long long) fb.fr_bytes); +#else + PRINTF("%lu ", fb.fr_bytes); +#endif + if (opts & OPT_SHOWLINENO) + PRINTF("@%d ", n); + printfr(fp, ioctl); if (opts & OPT_DEBUG) { binprint(fp, sizeof(*fp)); - if (fp->fr_data != NULL && fp->fr_dsize > 0) - binprint(fp->fr_data, fp->fr_dsize); + if (fb.fr_data != NULL && fb.fr_dsize > 0) + binprint(fb.fr_data, fb.fr_dsize); } if (data != NULL) free(data); - if (fp->fr_grp != NULL) { - if (!kmemcpy((char *)&fg, (u_long)fp->fr_grp, - sizeof(fg))) - printlist(fg, comment); + if (fb.fr_grhead[0] != '\0') { + g = calloc(1, sizeof(*g)); + + if (g != NULL) { + strncpy(g->fg_name, fb.fr_grhead, + FR_GROUPLEN); + if (grtop == NULL) { + grtop = g; + grtail = g; + } else { + grtail->fg_next = g; + grtail = g; + } + } } if (type == FR_T_CALLFUNC) { - printlist(fp->fr_data, "# callfunc: "); + printdeadlist(out, set, fb.fr_data, group, + "# callfunc: "); } - fp = fp->fr_next; + } while (fb.fr_next != NULL); + + while ((g = grtop) != NULL) { + printdeadlist(out, set, NULL, g->fg_name, comment); + grtop = g->fg_next; + free(g); } } @@ -887,17 +1044,20 @@ struct friostat *fiop; } else return; } - if (opts & OPT_VERBOSE) + if (opts & OPT_DEBUG) FPRINTF(stderr, "showlist:opts %#x i %d\n", opts, i); - if (opts & OPT_VERBOSE) + if (opts & OPT_DEBUG) PRINTF("fp %p set %d\n", fp, set); if (!fp) { FPRINTF(stderr, "empty list for %s%s\n", (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]); return; } - printlist(fp, NULL); + if (live_kernel == 1) + printlivelist(i, set, fp, NULL, NULL); + else + printdeadlist(i, set, fp, NULL, NULL); } @@ -908,23 +1068,45 @@ static void showipstates(ipsp) ips_stat_t *ipsp; { u_long minlen, maxlen, totallen, *buckets; + ipftable_t table; + ipfobj_t obj; int i, sz; - sz = sizeof(*buckets) * ipsp->iss_statesize; - buckets = (u_long *)malloc(sz); - if (kmemcpy((char *)buckets, (u_long)ipsp->iss_bucketlen, sz)) { - free(buckets); - return; - } - /* * If a list of states hasn't been asked for, only print out stats */ if (!(opts & OPT_SHOWLIST)) { + + sz = sizeof(*buckets) * ipsp->iss_statesize; + buckets = (u_long *)malloc(sz); + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GTABLE; + obj.ipfo_size = sizeof(table); + obj.ipfo_ptr = &table; + + table.ita_type = IPFTABLE_BUCKETS; + table.ita_table = buckets; + + if (live_kernel == 1) { + if (ioctl(state_fd, SIOCGTABL, &obj) != 0) { + free(buckets); + return; + } + } else { + if (kmemcpy((char *)buckets, + (u_long)ipsp->iss_bucketlen, sz)) { + free(buckets); + return; + } + } + PRINTF("IP states added:\n\t%lu TCP\n\t%lu UDP\n\t%lu ICMP\n", ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp); PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits, ipsp->iss_miss); + PRINTF("\t%lu bucket full\n", ipsp->iss_bucketfull); + PRINTF("\t%lu maximum rule references\n", ipsp->iss_maxref); PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu bkts in use\n", ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_inuse); PRINTF("\t%lu active\n\t%lu expired\n\t%lu closed\n", @@ -935,6 +1117,8 @@ ips_stat_t *ipsp; PRINTF("\nState table bucket statistics:\n"); PRINTF("\t%lu in use\t\n", ipsp->iss_inuse); + PRINTF("\t%u%% hash efficiency\n", ipsp->iss_active ? + (u_int)(ipsp->iss_inuse * 100 / ipsp->iss_active) : 0); minlen = ipsp->iss_max; totallen = 0; @@ -975,18 +1159,30 @@ ips_stat_t *ipsp; PRINTF("\n"); free(buckets); + + if (live_kernel == 1) { + showtqtable_live(state_fd); + } else { + printtqtable(ipsp->iss_tcptab); + } + return; + } /* * Print out all the state information currently held in the kernel. */ while (ipsp->iss_list != NULL) { - ipsp->iss_list = printstate(ipsp->iss_list, opts, - ipsp->iss_ticks); - } + ipstate_t ips; + + ipsp->iss_list = fetchstate(ipsp->iss_list, &ips); - free(buckets); + if (ipsp->iss_list != NULL) { + ipsp->iss_list = ips.is_next; + printstate(&ips, opts, ipsp->iss_ticks); + } + } } @@ -1040,9 +1236,9 @@ int topclosed; /* init ipfobj_t stuff */ bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_STATESTAT; ipfo.ipfo_size = sizeof(*ipsstp); ipfo.ipfo_ptr = (void *)ipsstp; - ipfo.ipfo_type = IPFOBJ_STATESTAT; /* repeat until user aborts */ while ( 1 ) { @@ -1064,8 +1260,8 @@ int topclosed; /* read the state table and store in tstable */ for (; ipsstp->iss_list; ipsstp->iss_list = ips.is_next) { - if (kmemcpy((char *)&ips, (u_long)ipsstp->iss_list, - sizeof(ips))) + ipsstp->iss_list = fetchstate(ipsstp->iss_list, &ips); + if (ipsstp->iss_list == NULL) break; if (ips.is_v != ver) @@ -1432,8 +1628,9 @@ out: /* * Show fragment cache information that's held in the kernel. */ -static void showfrstates(ifsp) +static void showfrstates(ifsp, ticks) ipfrstat_t *ifsp; +u_long ticks; { struct ipfr *ipfrtab[IPFT_SIZE], ifr; int i; @@ -1448,34 +1645,65 @@ ipfrstat_t *ifsp; PRINTF("\t%lu no memory\n\t%lu already exist\n", ifsp->ifs_nomem, ifsp->ifs_exists); PRINTF("\t%lu inuse\n", ifsp->ifs_inuse); - if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table, sizeof(ipfrtab))) - return; + PRINTF("\n"); + + if (live_kernel == 0) { + if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table, + sizeof(ipfrtab))) + return; + } /* * Print out the contents (if any) of the fragment cache table. */ - PRINTF("\n"); - for (i = 0; i < IPFT_SIZE; i++) - while (ipfrtab[i] != NULL) { - if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], - sizeof(ifr)) == -1) + if (live_kernel == 1) { + do { + if (fetchfrag(ipf_fd, IPFGENITER_FRAG, &ifr) != 0) + break; + if (ifr.ipfr_ifp == NULL) break; + ifr.ipfr_ttl -= ticks; printfraginfo("", &ifr); - ipfrtab[i] = ifr.ipfr_next; - } + } while (1); + } else { + for (i = 0; i < IPFT_SIZE; i++) + while (ipfrtab[i] != NULL) { + if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], + sizeof(ifr)) == -1) + break; + printfraginfo("", &ifr); + ipfrtab[i] = ifr.ipfr_next; + } + } /* * Print out the contents (if any) of the NAT fragment cache table. */ - if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,sizeof(ipfrtab))) - return; - for (i = 0; i < IPFT_SIZE; i++) - while (ipfrtab[i] != NULL) { - if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], - sizeof(ifr)) == -1) + + if (live_kernel == 0) { + if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab, + sizeof(ipfrtab))) + return; + } + + if (live_kernel == 1) { + do { + if (fetchfrag(nat_fd, IPFGENITER_NATFRAG, &ifr) != 0) + break; + if (ifr.ipfr_ifp == NULL) break; + ifr.ipfr_ttl -= ticks; printfraginfo("NAT: ", &ifr); - ipfrtab[i] = ifr.ipfr_next; - } + } while (1); + } else { + for (i = 0; i < IPFT_SIZE; i++) + while (ipfrtab[i] != NULL) { + if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], + sizeof(ifr)) == -1) + break; + printfraginfo("NAT: ", &ifr); + ipfrtab[i] = ifr.ipfr_next; + } + } } @@ -1486,6 +1714,17 @@ static void showauthstates(asp) fr_authstat_t *asp; { frauthent_t *frap, fra; + ipfgeniter_t auth; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(auth); + obj.ipfo_ptr = &auth; + + auth.igi_type = IPFGENITER_AUTH; + auth.igi_nitems = 1; + auth.igi_data = &fra; #ifdef USE_QUAD_T printf("Authorisation hits: %qu\tmisses %qu\n", @@ -1503,9 +1742,14 @@ fr_authstat_t *asp; frap = asp->fas_faelist; while (frap) { - if (kmemcpy((char *)&fra, (u_long)frap, sizeof(fra)) == -1) - break; - + if (live_kernel == 1) { + if (ioctl(auth_fd, SIOCGENITER, &obj)) + break; + } else { + if (kmemcpy((char *)&fra, (u_long)frap, + sizeof(fra)) == -1) + break; + } printf("age %ld\t", fra.fae_age); printfr(&fra.fae_fr, ioctl); frap = fra.fae_next; @@ -1795,3 +2039,75 @@ const void *b; } #endif + + +ipstate_t *fetchstate(src, dst) +ipstate_t *src, *dst; +{ + int i; + + if (live_kernel == 1) { + ipfgeniter_t state; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(state); + obj.ipfo_ptr = &state; + + state.igi_type = IPFGENITER_STATE; + state.igi_nitems = 1; + state.igi_data = dst; + + if (ioctl(state_fd, SIOCGENITER, &obj) != 0) + return NULL; + if (dst->is_next == NULL) { + i = IPFGENITER_STATE; + ioctl(state_fd, SIOCIPFDELTOK, &i); + } + } else { + if (kmemcpy((char *)dst, (u_long)src, sizeof(*dst))) + return NULL; + } + return dst; +} + + +static int fetchfrag(fd, type, frp) +int fd, type; +ipfr_t *frp; +{ + ipfgeniter_t frag; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(frag); + obj.ipfo_ptr = &frag; + + frag.igi_type = type; + frag.igi_nitems = 1; + frag.igi_data = frp; + + if (ioctl(fd, SIOCGENITER, &obj)) + return EFAULT; + return 0; +} + + +static void showtqtable_live(fd) +int fd; +{ + ipftq_t table[IPF_TCP_NSTATES]; + ipfobj_t obj; + + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(table); + obj.ipfo_ptr = (void *)table; + obj.ipfo_type = IPFOBJ_STATETQTAB; + + if (ioctl(fd, SIOCGTQTAB, &obj) == 0) { + printtqtable(table); + } +} diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index 3b99a0b..963ed19 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -12,7 +12,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.9 2006/03/29 11:21:13 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.13 2006/12/12 16:13:01 darrenr Exp $"; #endif extern char *optarg; @@ -22,12 +22,13 @@ extern struct ifnet *get_unit __P((char *, int)); extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; -extern hostmap_t **maptable; +extern hostmap_t **ipf_hm_maptable; +extern hostmap_t *ipf_hm_maplist; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; -ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; +ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth, ipf_tokens; int opts = OPT_DONOTHING; int use_inet6 = 0; int docksum = 0; @@ -103,6 +104,7 @@ char *argv[]; RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); initparse(); if (fr_initialise() == -1) @@ -251,7 +253,10 @@ char *argv[]; (void)printf("pass"); break; case 1 : - (void)printf("nomatch"); + if (m == NULL) + (void)printf("bad-packet"); + else + (void)printf("nomatch"); break; case 3 : (void)printf("block return-rst"); @@ -631,26 +636,23 @@ int n; */ void dumpnat() { - ipnat_t *ipn; - nat_t *nat; hostmap_t *hm; - int i; + ipnat_t *ipn; + nat_t *nat; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); printf("\nList of active sessions:\n"); for (nat = nat_instances; nat; nat = nat->nat_next) { - printactivenat(nat, opts); + printactivenat(nat, opts, 0, 0); if (nat->nat_aps) printaps(nat->nat_aps, opts); } printf("\nHostmap table:\n"); - for (i = 0; i < ipf_hostmap_sz; i++) { - for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) - printhostmap(hm, i); - } + for (hm = ipf_hm_maplist; hm != NULL; hm = hm->hm_next) + printhostmap(hm, 0); } diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index fea09f3..f651f86 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001, 2003 by Darren Reed. + * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -78,7 +78,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.15 2006/03/18 06:59:39 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.18 2007/05/27 11:12:12 darrenr Exp $"; #endif @@ -817,27 +817,49 @@ int blen; (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec); t += strlen(t); - if (sl->isl_type == ISL_NEW) + switch (sl->isl_type) + { + case ISL_NEW : strcpy(t, "STATE:NEW "); - else if (sl->isl_type == ISL_CLONE) + break; + + case ISL_CLONE : strcpy(t, "STATE:CLONED "); - else if (sl->isl_type == ISL_EXPIRE) { + break; + + case ISL_EXPIRE : if ((sl->isl_p == IPPROTO_TCP) && (sl->isl_state[0] > IPF_TCPS_ESTABLISHED || sl->isl_state[1] > IPF_TCPS_ESTABLISHED)) strcpy(t, "STATE:CLOSE "); else strcpy(t, "STATE:EXPIRE "); - } else if (sl->isl_type == ISL_FLUSH) + break; + + case ISL_FLUSH : strcpy(t, "STATE:FLUSH "); - else if (sl->isl_type == ISL_INTERMEDIATE) + break; + + case ISL_INTERMEDIATE : strcpy(t, "STATE:INTERMEDIATE "); - else if (sl->isl_type == ISL_REMOVE) + break; + + case ISL_REMOVE : strcpy(t, "STATE:REMOVE "); - else if (sl->isl_type == ISL_KILLED) + break; + + case ISL_KILLED : strcpy(t, "STATE:KILLED "); - else + break; + + case ISL_UNLOAD : + strcpy(t, "STATE:UNLOAD "); + break; + + default : sprintf(t, "Type: %d ", sl->isl_type); + break; + } t += strlen(t); proto = getproto(sl->isl_p); @@ -1629,6 +1651,7 @@ char *argv[]; if (!tr) continue; nr += tr; + n = 0; tr = read_log(fd[i], &n, buf, sizeof(buf)); if (donehup) { diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y index e1aa812..98042d8 100644 --- a/contrib/ipfilter/tools/ipmon_y.y +++ b/contrib/ipfilter/tools/ipmon_y.y @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2001-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include "ipf.h" #include <syslog.h> @@ -77,6 +82,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3); resetlexer(); free($1); free($3); + yyvarnext = 0; } ; diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index 5ebea45..c9954ab 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * @@ -67,7 +67,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.6 2007/05/11 11:16:55 darrenr Exp $"; #endif @@ -79,11 +79,17 @@ char thishost[MAXHOSTNAMELEN]; extern char *optarg; -void dostats __P((natstat_t *, int)), flushtable __P((int, int)); +void dostats __P((int, natstat_t *, int, int)); +void flushtable __P((int, int)); void usage __P((char *)); int main __P((int, char*[])); void showhostmap __P((natstat_t *nsp)); void natstat_dead __P((natstat_t *, char *)); +void dostats_live __P((int, natstat_t *, int)); +void showhostmap_dead __P((natstat_t *)); +void showhostmap_live __P((int, natstat_t *)); +void dostats_dead __P((natstat_t *, int)); +void showtqtable_live __P((int)); int opts; @@ -168,6 +174,15 @@ char *argv[]; (void) setuid(getuid()); } + if (!(opts & OPT_DONOTHING)) { + if (((fd = open(IPNAT_NAME, mode)) == -1) && + ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) { + (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME, + STRERROR(errno)); + exit(1); + } + } + bzero((char *)&ns, sizeof(ns)); if ((opts & OPT_DONOTHING) == 0) { @@ -177,22 +192,11 @@ char *argv[]; } } - if (!(opts & OPT_DONOTHING) && (kernel == NULL) && (core == NULL)) { - if (openkmem(kernel, core) == -1) - exit(1); - - if (((fd = open(IPNAT_NAME, mode)) == -1) && - ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) { - (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME, - STRERROR(errno)); - exit(1); - } - bzero((char *)&obj, sizeof(obj)); obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_size = sizeof(*nsp); obj.ipfo_type = IPFOBJ_NATSTAT; + obj.ipfo_size = sizeof(*nsp); obj.ipfo_ptr = (void *)nsp; if (ioctl(fd, SIOCGNATS, &obj) == -1) { perror("ioctl(SIOCGNATS)"); @@ -206,7 +210,7 @@ char *argv[]; natstat_dead(nsp, kernel); if (opts & (OPT_LIST|OPT_STAT)) - dostats(nsp, opts); + dostats(fd, nsp, opts, 0); exit(0); } @@ -216,7 +220,7 @@ char *argv[]; ipnat_parsefile(fd, ipnat_addrule, ioctl, file); } if (opts & (OPT_LIST|OPT_STAT)) - dostats(nsp, opts); + dostats(fd, nsp, opts, 1); return 0; } @@ -277,15 +281,74 @@ char *kernel; /* + * Issue an ioctl to flush either the NAT rules table or the active mapping + * table or both. + */ +void flushtable(fd, opts) +int fd, opts; +{ + int n = 0; + + if (opts & OPT_FLUSH) { + n = 0; + if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) + perror("ioctl(SIOCFLNAT)"); + else + printf("%d entries flushed from NAT table\n", n); + } + + if (opts & OPT_CLEAR) { + n = 1; + if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) + perror("ioctl(SIOCCNATL)"); + else + printf("%d entries flushed from NAT list\n", n); + } +} + + +/* * Display NAT statistics. */ -void dostats(nsp, opts) +void dostats_dead(nsp, opts) natstat_t *nsp; int opts; { nat_t *np, nat; ipnat_t ipn; + printf("List of active MAP/Redirect filters:\n"); + while (nsp->ns_list) { + if (kmemcpy((char *)&ipn, (long)nsp->ns_list, + sizeof(ipn))) { + perror("kmemcpy"); + break; + } + if (opts & OPT_HITS) + printf("%lu ", ipn.in_hits); + printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); + nsp->ns_list = ipn.in_next; + } + + printf("\nList of active sessions:\n"); + + for (np = nsp->ns_instances; np; np = nat.nat_next) { + if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) + break; + printactivenat(&nat, opts, 0, nsp->ns_ticks); + if (nat.nat_aps) + printaps(nat.nat_aps, opts); + } + + if (opts & OPT_VERBOSE) + showhostmap_dead(nsp); +} + + +void dostats(fd, nsp, opts, alive) +natstat_t *nsp; +int fd, opts, alive; +{ /* * Show statistics ? */ @@ -302,45 +365,78 @@ int opts; if (opts & OPT_VERBOSE) printf("table %p list %p\n", nsp->ns_table, nsp->ns_list); + if (alive) + showtqtable_live(fd); + } + + if (opts & OPT_LIST) { + if (alive) + dostats_live(fd, nsp, opts); + else + dostats_dead(nsp, opts); } +} + + +/* + * Display NAT statistics. + */ +void dostats_live(fd, nsp, opts) +natstat_t *nsp; +int fd, opts; +{ + ipfgeniter_t iter; + ipfobj_t obj; + ipnat_t ipn; + nat_t nat; + + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.igi_type = IPFGENITER_IPNAT; + iter.igi_nitems = 1; + iter.igi_data = &ipn; /* * Show list of NAT rules and NAT sessions ? */ - if (opts & OPT_LIST) { - printf("List of active MAP/Redirect filters:\n"); - while (nsp->ns_list) { - if (kmemcpy((char *)&ipn, (long)nsp->ns_list, - sizeof(ipn))) { - perror("kmemcpy"); - break; - } - if (opts & OPT_HITS) - printf("%lu ", ipn.in_hits); - printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); - nsp->ns_list = ipn.in_next; - } + printf("List of active MAP/Redirect filters:\n"); + while (nsp->ns_list) { + if (ioctl(fd, SIOCGENITER, &obj) == -1) + break; + if (opts & OPT_HITS) + printf("%lu ", ipn.in_hits); + printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); + nsp->ns_list = ipn.in_next; + } - printf("\nList of active sessions:\n"); + printf("\nList of active sessions:\n"); - for (np = nsp->ns_instances; np; np = nat.nat_next) { - if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) - break; - printactivenat(&nat, opts); - if (nat.nat_aps) - printaps(nat.nat_aps, opts); - } + iter.igi_type = IPFGENITER_NAT; + iter.igi_nitems = 1; + iter.igi_data = &nat; - if (opts & OPT_VERBOSE) - showhostmap(nsp); + while (nsp->ns_instances != NULL) { + if (ioctl(fd, SIOCGENITER, &obj) == -1) + break; + printactivenat(&nat, opts, 1, nsp->ns_ticks); + if (nat.nat_aps) + printaps(nat.nat_aps, opts); + nsp->ns_instances = nat.nat_next; } + + if (opts & OPT_VERBOSE) + showhostmap_live(fd, nsp); } /* * Display the active host mapping table. */ -void showhostmap(nsp) +void showhostmap_dead(nsp) natstat_t *nsp; { hostmap_t hm, *hmp, **maptable; @@ -374,27 +470,50 @@ natstat_t *nsp; /* - * Issue an ioctl to flush either the NAT rules table or the active mapping - * table or both. + * Display the active host mapping table. */ -void flushtable(fd, opts) -int fd, opts; +void showhostmap_live(fd, nsp) +int fd; +natstat_t *nsp; { - int n = 0; + ipfgeniter_t iter; + hostmap_t hm; + ipfobj_t obj; - if (opts & OPT_FLUSH) { - n = 0; - if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) - perror("ioctl(SIOCFLNAT)"); - else - printf("%d entries flushed from NAT table\n", n); + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.igi_type = IPFGENITER_HOSTMAP; + iter.igi_nitems = 1; + iter.igi_data = &hm; + + printf("\nList of active host mappings:\n"); + + while (nsp->ns_maplist != NULL) { + if (ioctl(fd, SIOCGENITER, &obj) == -1) + break; + printhostmap(&hm, 0); + nsp->ns_maplist = hm.hm_next; } +} - if (opts & OPT_CLEAR) { - n = 1; - if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) - perror("ioctl(SIOCCNATL)"); - else - printf("%d entries flushed from NAT list\n", n); + +void showtqtable_live(fd) +int fd; +{ + ipftq_t table[IPF_TCP_NSTATES]; + ipfobj_t obj; + + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(table); + obj.ipfo_ptr = (void *)table; + obj.ipfo_type = IPFOBJ_STATETQTAB; + + if (ioctl(fd, SIOCGTQTAB, &obj) == 0) { + printtqtable(table); } } diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index a01ec56..1857219 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2001-2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version @@ -117,6 +122,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3); resetlexer(); free($1); free($3); + yyvarnext = 0; } ; @@ -348,11 +354,11 @@ portspec: ; dport: | port portspec { nat->in_pmin = htons($2); - nat->in_pmax = htons($2); } + nat->in_pmax = htons($2); } | port portspec '-' portspec { nat->in_pmin = htons($2); - nat->in_pmax = htons($4); } + nat->in_pmax = htons($4); } | port portspec ':' portspec { nat->in_pmin = htons($2); - nat->in_pmax = htons($4); } + nat->in_pmax = htons($4); } ; nport: port portspec { nat->in_pnext = htons($2); } diff --git a/contrib/ipfilter/tools/ippool.c b/contrib/ipfilter/tools/ippool.c index 5cefc66..8b70960 100644 --- a/contrib/ipfilter/tools/ippool.c +++ b/contrib/ipfilter/tools/ippool.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2003 by Darren Reed. + * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -29,8 +29,14 @@ #include <netdb.h> #include <ctype.h> #include <unistd.h> +#ifdef linux +# include <linux/a.out.h> +#else +# include <nlist.h> +#endif #include "ipf.h" +#include "netinet/ipl.h" #include "netinet/ip_lookup.h" #include "netinet/ip_pool.h" #include "netinet/ip_htable.h" @@ -43,17 +49,21 @@ extern FILE *ippool_yyin; extern char *optarg; extern int lineNum; -void showpools __P((ip_pool_stat_t *)); void usage __P((char *)); int main __P((int, char **)); int poolcommand __P((int, int, char *[])); int poolnodecommand __P((int, int, char *[])); int loadpoolfile __P((int, char *[], char *)); int poollist __P((int, char *[])); +void poollist_dead __P((int, char *, int, char *, char *)); +void poollist_live __P((int, char *, int, int)); int poolflush __P((int, char *[])); int poolstats __P((int, char *[])); int gettype __P((char *, u_int *)); int getrole __P((char *)); +int setnodeaddr __P((ip_pool_node_t *node, char *arg)); +void showpools_live __P((int, int, ip_pool_stat_t *, char *)); +void showhashs_live __P((int, int, iphtstat_t *, char *)); int opts = 0; int fd = -1; @@ -115,7 +125,9 @@ char *argv[]; exit(1); } - return err; + if (err != 0) + exit(1); + return 0; } @@ -123,10 +135,9 @@ int poolnodecommand(remove, argc, argv) int remove, argc; char *argv[]; { - char *poolname = NULL, *s; int err, c, ipset, role; + char *poolname = NULL; ip_pool_node_t node; - struct in_addr mask; ipset = 0; role = IPL_LOGIPF; @@ -140,22 +151,8 @@ char *argv[]; ippool_yydebug++; break; case 'i' : - s = strchr(optarg, '/'); - if (s == NULL) - mask.s_addr = 0xffffffff; - else if (strchr(s, '.') == NULL) { - if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0) - return -1; - } else { - mask.s_addr = inet_addr(s + 1); - } - if (s != NULL) - *s = '\0'; - ipset = 1; - node.ipn_addr.adf_len = sizeof(node.ipn_addr); - node.ipn_addr.adf_addr.in4.s_addr = inet_addr(optarg); - node.ipn_mask.adf_len = sizeof(node.ipn_mask); - node.ipn_mask.adf_addr.in4.s_addr = mask.s_addr; + if (setnodeaddr(&node, optarg) == 0) + ipset = 1; break; case 'm' : poolname = optarg; @@ -176,11 +173,19 @@ char *argv[]; break; } + if (argv[optind] != NULL && ipset == 0) { + if (setnodeaddr(&node, argv[optind]) == 0) + ipset = 1; + } + if (opts & OPT_DEBUG) fprintf(stderr, "poolnodecommand: opts = %#x\n", opts); - if (ipset == 0) + if (ipset == 0) { + fprintf(stderr, "no IP address given with -i\n"); return -1; + } + if (poolname == NULL) { fprintf(stderr, "poolname not given with add/remove node\n"); return -1; @@ -338,151 +343,6 @@ char *argv[], *infile; } -int poollist(argc, argv) -int argc; -char *argv[]; -{ - char *kernel, *core, *poolname; - int c, role, type, live_kernel; - ip_pool_stat_t *plstp, plstat; - iphtstat_t *htstp, htstat; - iphtable_t *hptr; - iplookupop_t op; - ip_pool_t *ptr; - - core = NULL; - kernel = NULL; - live_kernel = 1; - type = IPLT_ALL; - poolname = NULL; - role = IPL_LOGALL; - - while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1) - switch (c) - { - case 'd' : - opts |= OPT_DEBUG; - break; - case 'm' : - poolname = optarg; - break; - case 'M' : - live_kernel = 0; - core = optarg; - break; - case 'N' : - live_kernel = 0; - kernel = optarg; - break; - case 'o' : - role = getrole(optarg); - if (role == IPL_LOGNONE) { - fprintf(stderr, "unknown role '%s'\n", optarg); - return -1; - } - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 't' : - type = gettype(optarg, NULL); - if (type == IPLT_NONE) { - fprintf(stderr, "unknown type '%s'\n", optarg); - return -1; - } - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - } - - if (opts & OPT_DEBUG) - fprintf(stderr, "poollist: opts = %#x\n", opts); - - if (!(opts & OPT_DONOTHING) && (fd == -1)) { - fd = open(IPLOOKUP_NAME, O_RDWR); - if (fd == -1) { - perror("open(IPLOOKUP_NAME)"); - exit(1); - } - } - - bzero((char *)&op, sizeof(op)); - if (poolname != NULL) { - strncpy(op.iplo_name, poolname, sizeof(op.iplo_name)); - op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; - } - op.iplo_unit = role; - - if (openkmem(kernel, core) == -1) - exit(-1); - - if (type == IPLT_ALL || type == IPLT_POOL) { - plstp = &plstat; - op.iplo_type = IPLT_POOL; - op.iplo_size = sizeof(plstat); - op.iplo_struct = &plstat; - c = ioctl(fd, SIOCLOOKUPSTAT, &op); - if (c == -1) { - perror("ioctl(SIOCLOOKUPSTAT)"); - return -1; - } - - if (role != IPL_LOGALL) { - ptr = plstp->ipls_list[role]; - while (ptr != NULL) { - ptr = printpool(ptr, kmemcpywrap, poolname, - opts); - } - } else { - for (role = 0; role <= IPL_LOGMAX; role++) { - ptr = plstp->ipls_list[role]; - while (ptr != NULL) { - ptr = printpool(ptr, kmemcpywrap, - poolname, opts); - } - } - role = IPL_LOGALL; - } - } - if (type == IPLT_ALL || type == IPLT_HASH) { - htstp = &htstat; - op.iplo_type = IPLT_HASH; - op.iplo_size = sizeof(htstat); - op.iplo_struct = &htstat; - c = ioctl(fd, SIOCLOOKUPSTAT, &op); - if (c == -1) { - perror("ioctl(SIOCLOOKUPSTAT)"); - return -1; - } - - if (role != IPL_LOGALL) { - hptr = htstp->iphs_tables; - while (hptr != NULL) { - hptr = printhash(hptr, kmemcpywrap, - poolname, opts); - } - } else { - for (role = 0; role <= IPL_LOGMAX; role++) { - hptr = htstp->iphs_tables; - while (hptr != NULL) { - hptr = printhash(hptr, kmemcpywrap, - poolname, opts); - } - - op.iplo_unit = role; - c = ioctl(fd, SIOCLOOKUPSTAT, &op); - if (c == -1) { - perror("ioctl(SIOCLOOKUPSTAT)"); - return -1; - } - } - } - } - return 0; -} - - int poolstats(argc, argv) int argc; char *argv[]; @@ -683,7 +543,7 @@ u_int *minor; { int type; - if (!strcasecmp(optarg, "tree")) { + if (!strcasecmp(optarg, "tree") || !strcasecmp(optarg, "pool")) { type = IPLT_POOL; } else if (!strcasecmp(optarg, "hash")) { type = IPLT_HASH; @@ -698,3 +558,321 @@ u_int *minor; } return type; } + + +int poollist(argc, argv) +int argc; +char *argv[]; +{ + char *kernel, *core, *poolname; + int c, role, type, live_kernel; + iplookupop_t op; + + core = NULL; + kernel = NULL; + live_kernel = 1; + type = IPLT_ALL; + poolname = NULL; + role = IPL_LOGALL; + + while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1) + switch (c) + { + case 'd' : + opts |= OPT_DEBUG; + break; + case 'm' : + poolname = optarg; + break; + case 'M' : + live_kernel = 0; + core = optarg; + break; + case 'N' : + live_kernel = 0; + kernel = optarg; + break; + case 'o' : + role = getrole(optarg); + if (role == IPL_LOGNONE) { + fprintf(stderr, "unknown role '%s'\n", optarg); + return -1; + } + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; + case 't' : + type = gettype(optarg, NULL); + if (type == IPLT_NONE) { + fprintf(stderr, "unknown type '%s'\n", optarg); + return -1; + } + break; + case 'v' : + opts |= OPT_VERBOSE; + break; + } + + if (opts & OPT_DEBUG) + fprintf(stderr, "poollist: opts = %#x\n", opts); + + if (!(opts & OPT_DONOTHING) && (fd == -1)) { + fd = open(IPLOOKUP_NAME, O_RDWR); + if (fd == -1) { + perror("open(IPLOOKUP_NAME)"); + exit(1); + } + } + + bzero((char *)&op, sizeof(op)); + if (poolname != NULL) { + strncpy(op.iplo_name, poolname, sizeof(op.iplo_name)); + op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; + } + op.iplo_unit = role; + + if (live_kernel) + poollist_live(role, poolname, type, fd); + else + poollist_dead(role, poolname, type, kernel, core); + return 0; +} + + +void poollist_dead(role, poolname, type, kernel, core) +int role, type; +char *poolname, *kernel, *core; +{ + iphtable_t *hptr; + ip_pool_t *ptr; + + if (openkmem(kernel, core) == -1) + exit(-1); + + if (type == IPLT_ALL || type == IPLT_POOL) { + ip_pool_t *pools[IPL_LOGSIZE]; + struct nlist names[2] = { { "ip_pool_list" } , { "" } }; + + if (nlist(kernel, names) != 1) + return; + + bzero(&pools, sizeof(pools)); + if (kmemcpy((char *)&pools, names[0].n_value, sizeof(pools))) + return; + + if (role != IPL_LOGALL) { + ptr = pools[role]; + while (ptr != NULL) { + ptr = printpool(ptr, kmemcpywrap, poolname, + opts); + } + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + ptr = pools[role]; + while (ptr != NULL) { + ptr = printpool(ptr, kmemcpywrap, + poolname, opts); + } + } + role = IPL_LOGALL; + } + } + if (type == IPLT_ALL || type == IPLT_HASH) { + iphtable_t *tables[IPL_LOGSIZE]; + struct nlist names[2] = { { "ipf_htables" } , { "" } }; + + if (nlist(kernel, names) != 1) + return; + + bzero(&tables, sizeof(tables)); + if (kmemcpy((char *)&tables, names[0].n_value, sizeof(tables))) + return; + + if (role != IPL_LOGALL) { + hptr = tables[role]; + while (hptr != NULL) { + hptr = printhash(hptr, kmemcpywrap, + poolname, opts); + } + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + hptr = tables[role]; + while (hptr != NULL) { + hptr = printhash(hptr, kmemcpywrap, + poolname, opts); + } + } + } + } +} + + +void poollist_live(role, poolname, type, fd) +int role, type, fd; +char *poolname; +{ + ip_pool_stat_t plstat; + iphtstat_t htstat; + iplookupop_t op; + int c; + + if (type == IPLT_ALL || type == IPLT_POOL) { + op.iplo_type = IPLT_POOL; + op.iplo_size = sizeof(plstat); + op.iplo_struct = &plstat; + op.iplo_name[0] = '\0'; + op.iplo_arg = 0; + + if (role != IPL_LOGALL) { + op.iplo_unit = role; + + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + + showpools_live(fd, role, &plstat, poolname); + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + op.iplo_unit = role; + + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + + showpools_live(fd, role, &plstat, poolname); + } + + role = IPL_LOGALL; + } + } + + if (type == IPLT_ALL || type == IPLT_HASH) { + op.iplo_type = IPLT_HASH; + op.iplo_size = sizeof(htstat); + op.iplo_struct = &htstat; + op.iplo_name[0] = '\0'; + op.iplo_arg = 0; + + if (role != IPL_LOGALL) { + op.iplo_unit = role; + + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + showhashs_live(fd, role, &htstat, poolname); + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + + op.iplo_unit = role; + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + + showhashs_live(fd, role, &htstat, poolname); + } + } + } +} + + +void showpools_live(fd, role, plstp, poolname) +int fd, role; +ip_pool_stat_t *plstp; +char *poolname; +{ + ipflookupiter_t iter; + ip_pool_t pool; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_LOOKUPITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.ili_type = IPLT_POOL; + iter.ili_otype = IPFLOOKUPITER_LIST; + iter.ili_ival = IPFGENITER_LOOKUP; + iter.ili_nitems = 1; + iter.ili_data = &pool; + iter.ili_unit = role; + *iter.ili_name = '\0'; + + while (plstp->ipls_list[role] != NULL) { + if (ioctl(fd, SIOCLOOKUPITER, &obj)) { + perror("ioctl(SIOCLOOKUPITER)"); + break; + } + printpool_live(&pool, fd, poolname, opts); + + plstp->ipls_list[role] = pool.ipo_next; + } +} + + +void showhashs_live(fd, role, htstp, poolname) +int fd, role; +iphtstat_t *htstp; +char *poolname; +{ + ipflookupiter_t iter; + iphtable_t table; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_LOOKUPITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.ili_type = IPLT_HASH; + iter.ili_otype = IPFLOOKUPITER_LIST; + iter.ili_ival = IPFGENITER_LOOKUP; + iter.ili_nitems = 1; + iter.ili_data = &table; + iter.ili_unit = role; + *iter.ili_name = '\0'; + + while (htstp->iphs_tables != NULL) { + if (ioctl(fd, SIOCLOOKUPITER, &obj)) { + perror("ioctl(SIOCLOOKUPITER)"); + break; + } + + printhash_live(&table, fd, poolname, opts); + + htstp->iphs_tables = table.iph_next; + } +} + + +int setnodeaddr(ip_pool_node_t *node, char *arg) +{ + struct in_addr mask; + char *s; + + s = strchr(arg, '/'); + if (s == NULL) + mask.s_addr = 0xffffffff; + else if (strchr(s, '.') == NULL) { + if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0) + return -1; + } else { + mask.s_addr = inet_addr(s + 1); + } + if (s != NULL) + *s = '\0'; + node->ipn_addr.adf_len = sizeof(node->ipn_addr); + node->ipn_addr.adf_addr.in4.s_addr = inet_addr(arg); + node->ipn_mask.adf_len = sizeof(node->ipn_mask); + node->ipn_mask.adf_addr.in4.s_addr = mask.s_addr; + + return 0; +} diff --git a/contrib/ipfilter/tools/ippool_y.y b/contrib/ipfilter/tools/ippool_y.y index f0ba451..24f683b 100644 --- a/contrib/ipfilter/tools/ippool_y.y +++ b/contrib/ipfilter/tools/ippool_y.y @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2001-2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include <sys/types.h> #include <sys/time.h> @@ -34,6 +39,7 @@ #include "kmem.h" #define YYDEBUG 1 +#define YYSTACKSIZE 0x00ffffff extern int yyparse __P((void)); extern int yydebug; @@ -45,6 +51,9 @@ static ip_pool_t iplo; static ioctlfunc_t poolioctl = NULL; static char poolname[FR_GROUPLEN]; +static iphtent_t *add_htablehosts __P((char *)); +static ip_pool_node_t *add_poolhosts __P((char *)); + %} %union { @@ -112,6 +121,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3); resetlexer(); free($1); free($3); + yyvarnext = 0; } ; @@ -248,6 +258,7 @@ groupentry: FR_GROUPLEN); free($3); } + | YY_STR { $$ = add_htablehosts($1); } ; range: addrmask { $$ = calloc(1, sizeof(*$$)); @@ -264,6 +275,7 @@ range: addrmask { $$ = calloc(1, sizeof(*$$)); $$->ipn_mask.adf_len = sizeof($$->ipn_mask); $$->ipn_mask.adf_addr.in4.s_addr = $2[1].s_addr; } + | YY_STR { $$ = add_poolhosts($1); } hashlist: next { $$ = NULL; } @@ -280,6 +292,7 @@ hashentry: (char *)&($$->ipe_mask), sizeof($$->ipe_mask)); } + | YY_STR { $$ = add_htablehosts($1); } ; addrmask: @@ -293,9 +306,6 @@ addrmask: ipaddr: ipv4 { $$ = $1; } | YY_NUMBER { $$.s_addr = htonl($1); } - | YY_STR { if (gethost($1, &($$.s_addr)) == -1) - yyerror("Unknown hostname"); - } ; mask: YY_NUMBER { ntomask(4, $1, (u_32_t *)&$$.s_addr); } @@ -413,3 +423,100 @@ ioctlfunc_t iocfunc; yyparse(); return 1; } + + +static iphtent_t * +add_htablehosts(url) +char *url; +{ + iphtent_t *htop, *hbot, *h; + alist_t *a, *hlist; + + if (!strncmp(url, "file://", 7) || !strncmp(url, "http://", 7)) { + hlist = load_url(url); + } else { + use_inet6 = 0; + + hlist = calloc(1, sizeof(*hlist)); + if (hlist == NULL) + return NULL; + + if (gethost(url, &hlist->al_addr) == -1) + yyerror("Unknown hostname"); + } + + hbot = NULL; + htop = NULL; + + for (a = hlist; a != NULL; a = a->al_next) { + h = calloc(1, sizeof(*h)); + if (h == NULL) + break; + + bcopy((char *)&a->al_addr, (char *)&h->ipe_addr, + sizeof(h->ipe_addr)); + bcopy((char *)&a->al_mask, (char *)&h->ipe_mask, + sizeof(h->ipe_mask)); + + if (hbot != NULL) + hbot->ipe_next = h; + else + htop = h; + hbot = h; + } + + alist_free(hlist); + + return htop; +} + + +static ip_pool_node_t * +add_poolhosts(url) +char *url; +{ + ip_pool_node_t *ptop, *pbot, *p; + alist_t *a, *hlist; + + if (!strncmp(url, "file://", 7) || !strncmp(url, "http://", 7)) { + hlist = load_url(url); + } else { + use_inet6 = 0; + + hlist = calloc(1, sizeof(*hlist)); + if (hlist == NULL) + return NULL; + + if (gethost(url, &hlist->al_addr) == -1) + yyerror("Unknown hostname"); + } + + pbot = NULL; + ptop = NULL; + + for (a = hlist; a != NULL; a = a->al_next) { + p = calloc(1, sizeof(*p)); + if (p == NULL) + break; + + p->ipn_addr.adf_len = 8; + p->ipn_mask.adf_len = 8; + + p->ipn_info = a->al_not; + + bcopy((char *)&a->al_addr, (char *)&p->ipn_addr.adf_addr, + sizeof(p->ipn_addr.adf_addr)); + bcopy((char *)&a->al_mask, (char *)&p->ipn_mask.adf_addr, + sizeof(p->ipn_mask.adf_addr)); + + if (pbot != NULL) + pbot->ipn_next = p; + else + ptop = p; + pbot = p; + } + + alist_free(hlist); + + return ptop; +} diff --git a/contrib/ipfilter/tools/ipscan_y.y b/contrib/ipfilter/tools/ipscan_y.y index af360d4..5dbefd6 100644 --- a/contrib/ipfilter/tools/ipscan_y.y +++ b/contrib/ipfilter/tools/ipscan_y.y @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2001-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include <sys/types.h> #include <sys/ioctl.h> @@ -94,6 +99,7 @@ assign: YY_STR assigning YY_STR resetlexer(); free($1); free($3); + yyvarnext = 0; } ; diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index c712435..600d39a 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -1,13 +1,13 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.4 2006/03/27 02:09:46 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.5 2006/08/26 11:21:14 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/time.h> diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index c6662b7..887eeab 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -1,13 +1,13 @@ /* $FreeBSD$ */ /* - * Copyright (C) 1993-2001 by Darren Reed. + * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.3 2006/03/27 02:09:47 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.4 2006/08/26 11:21:15 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/time.h> diff --git a/contrib/ipfilter/tools/lex_var.h b/contrib/ipfilter/tools/lex_var.h index 547ebf3..78c5efc 100644 --- a/contrib/ipfilter/tools/lex_var.h +++ b/contrib/ipfilter/tools/lex_var.h @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ extern long string_start; extern long string_end; diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index 3969a5f..2969f86 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -1,7 +1,7 @@ /* $FreeBSD$ */ /* - * Copyright (C) 2003 by Darren Reed. + * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -285,8 +285,9 @@ nextchar: yypos++; } } while (n != c); - yyunputc(n); - break; + rval = YY_STR; + goto done; + /* NOTREACHED */ case EOF : yylineNum = 1; @@ -467,6 +468,9 @@ nextchar: done: yystr = yytexttostr(0, yypos); + if (yydebug) + printf("isbuilding %d yyvarnext %d nokey %d\n", + isbuilding, yyvarnext, nokey); if (isbuilding == 1) { wordtab_t *w; @@ -493,8 +497,8 @@ done: yytokentype = rval; if (yydebug) - printf("lexed(%s) [%d,%d,%d] => %d\n", yystr, string_start, - string_end, pos, rval); + printf("lexed(%s) [%d,%d,%d] => %d @%d\n", yystr, string_start, + string_end, pos, rval, yysavedepth); switch (rval) { @@ -609,6 +613,8 @@ wordtab_t *newdict; void yyresetdict() { + if (yydebug) + printf("yyresetdict(%d)\n", yysavedepth); if (yysavedepth > 0) { yysettab(yysavewords[--yysavedepth]); if (yydebug) diff --git a/contrib/ipfilter/tools/lexer.h b/contrib/ipfilter/tools/lexer.h index b172c93..d973ea4 100644 --- a/contrib/ipfilter/tools/lexer.h +++ b/contrib/ipfilter/tools/lexer.h @@ -1,5 +1,10 @@ /* $FreeBSD$ */ +/* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ typedef struct wordtab { char *w_word; |
