From 1cb3b2e42d861a60a72ce8eb389630d86d4784f4 Mon Sep 17 00:00:00 2001 From: Sascha Wildner Date: Sat, 7 May 2011 00:12:05 +0200 Subject: [PATCH] Remove ipfilter from the system. --- contrib/ipfilter/BNF | 80 - contrib/ipfilter/BSD/Makefile | 273 -- contrib/ipfilter/BSD/Makefile.ipsend | 109 - contrib/ipfilter/BSD/kupgrade | 60 - contrib/ipfilter/BSD/make-devices | 28 - contrib/ipfilter/BugReport | 10 - contrib/ipfilter/FAQ.FreeBSD | 104 - contrib/ipfilter/FWTK/Index | 3 - contrib/ipfilter/FWTK/README | 18 - contrib/ipfilter/FWTK/README.ipfilter | 20 - contrib/ipfilter/FWTK/ftp-gw.diff | 232 -- .../ipfilter/FWTK/fwtk-2.1-transparency.txt | 707 ---- contrib/ipfilter/FWTK/fwtk_transparent.diff | 1025 ------ contrib/ipfilter/FWTK/fwtkp | 812 ----- contrib/ipfilter/FWTK/tproxy.diff | 82 - contrib/ipfilter/FreeBSD-2.2/files.diffs | 20 - .../ipfilter/FreeBSD-2.2/files.newconf.diffs | 20 - contrib/ipfilter/FreeBSD-2.2/in_proto.c.diffs | 16 - contrib/ipfilter/FreeBSD-2.2/ip_input.c.diffs | 32 - .../ipfilter/FreeBSD-2.2/ip_output.c.diffs | 67 - contrib/ipfilter/FreeBSD-2.2/kinstall | 68 - contrib/ipfilter/FreeBSD-2.2/minstall | 38 - contrib/ipfilter/FreeBSD-2.2/unkinstall | 57 - contrib/ipfilter/FreeBSD-2.2/unminstall | 36 - contrib/ipfilter/FreeBSD-3/INST.FreeBSD-3 | 24 - contrib/ipfilter/FreeBSD-3/kinstall | 52 - contrib/ipfilter/FreeBSD-3/unkinstall | 45 - contrib/ipfilter/FreeBSD-4.0/INST.FreeBSD-4 | 24 - contrib/ipfilter/FreeBSD/conf.c.diffs | 46 - contrib/ipfilter/FreeBSD/files.diffs | 19 - contrib/ipfilter/FreeBSD/files.newconf.diffs | 19 - contrib/ipfilter/FreeBSD/files.oldconf.diffs | 19 - contrib/ipfilter/FreeBSD/filez.diffs | 19 - contrib/ipfilter/FreeBSD/in_proto.c.diffs | 16 - contrib/ipfilter/FreeBSD/ip_input.c.diffs | 88 - contrib/ipfilter/FreeBSD/ip_output.c.diffs | 36 - contrib/ipfilter/FreeBSD/kinstall | 72 - contrib/ipfilter/FreeBSD/minstall | 51 - contrib/ipfilter/FreeBSD/unkinstall | 58 - contrib/ipfilter/FreeBSD/unminstall | 49 - contrib/ipfilter/HISTORY | 2248 ------------ contrib/ipfilter/IMPORTANT | 11 - contrib/ipfilter/INST.FreeBSD-2.2 | 60 - contrib/ipfilter/INSTALL.FreeBSD | 7 - contrib/ipfilter/INSTALL.xBSD | 44 - contrib/ipfilter/IPF.KANJI | 465 --- contrib/ipfilter/IPFILTER.LICENCE | 28 - contrib/ipfilter/Makefile | 316 -- contrib/ipfilter/NAT.FreeBSD | 104 - contrib/ipfilter/QNX_OCL.txt | 275 -- contrib/ipfilter/README | 98 - contrib/ipfilter/UPGRADE_NOTICE | 10 - contrib/ipfilter/Y2K | 3 - contrib/ipfilter/bpf.h | 450 --- contrib/ipfilter/bsdinstall | 83 - contrib/ipfilter/common.c | 610 ---- contrib/ipfilter/etc/protocols | 101 - contrib/ipfilter/etc/services | 2536 ------------- contrib/ipfilter/facpri.c | 151 - contrib/ipfilter/facpri.h | 40 - contrib/ipfilter/fils.c | 1536 -------- contrib/ipfilter/inet_addr.c | 199 -- contrib/ipfilter/ip_h323_pxy.c | 295 -- contrib/ipfilter/ip_ipsec_pxy.c | 292 -- contrib/ipfilter/ip_lfil.c | 975 ----- contrib/ipfilter/ip_netbios_pxy.c | 109 - contrib/ipfilter/ip_sfil.c | 991 ------ contrib/ipfilter/ipf.c | 764 ---- contrib/ipfilter/ipf.h | 123 - contrib/ipfilter/ipfs.c | 859 ----- contrib/ipfilter/ipft_ef.c | 155 - contrib/ipfilter/ipft_hx.c | 173 - contrib/ipfilter/ipft_pc.c | 275 -- contrib/ipfilter/ipft_sn.c | 219 -- contrib/ipfilter/ipft_td.c | 193 - contrib/ipfilter/ipft_tx.c | 353 -- contrib/ipfilter/iplang/BNF | 69 - contrib/ipfilter/iplang/Makefile | 36 - contrib/ipfilter/iplang/iplang.h | 52 - contrib/ipfilter/iplang/iplang.tst | 11 - contrib/ipfilter/iplang/iplang_l.l | 323 -- contrib/ipfilter/iplang/iplang_y.y | 1870 ---------- contrib/ipfilter/ipmon.c | 1495 -------- contrib/ipfilter/ipnat.c | 433 --- contrib/ipfilter/ipsd/Celler/ip_compat.h | 201 -- contrib/ipfilter/ipsd/Makefile | 63 - contrib/ipfilter/ipsd/README | 32 - contrib/ipfilter/ipsd/ipsd.c | 297 -- contrib/ipfilter/ipsd/ipsd.h | 29 - contrib/ipfilter/ipsd/ipsdr.c | 315 -- contrib/ipfilter/ipsd/linux.h | 15 - contrib/ipfilter/ipsd/sbpf.c | 194 - contrib/ipfilter/ipsd/sdlpi.c | 259 -- contrib/ipfilter/ipsd/slinux.c | 119 - contrib/ipfilter/ipsd/snit.c | 229 -- contrib/ipfilter/ipsend/.OLD/ip_compat.h | 242 -- contrib/ipfilter/ipsend/44arp.c | 112 - contrib/ipfilter/ipsend/Crashable | 21 - contrib/ipfilter/ipsend/Makefile | 177 - contrib/ipfilter/ipsend/README | 8 - contrib/ipfilter/ipsend/arp.c | 130 - contrib/ipfilter/ipsend/dlcommon.c | 1359 ------- contrib/ipfilter/ipsend/dltest.h | 32 - contrib/ipfilter/ipsend/hpux.c | 110 - contrib/ipfilter/ipsend/in_var.h | 177 - contrib/ipfilter/ipsend/ip.c | 356 -- contrib/ipfilter/ipsend/ip_var.h | 123 - contrib/ipfilter/ipsend/ipresend.1 | 106 - contrib/ipfilter/ipsend/ipresend.c | 169 - contrib/ipfilter/ipsend/ipsend.1 | 109 - contrib/ipfilter/ipsend/ipsend.5 | 401 --- contrib/ipfilter/ipsend/ipsend.c | 460 --- contrib/ipfilter/ipsend/ipsend.h | 71 - contrib/ipfilter/ipsend/ipsopt.c | 192 - contrib/ipfilter/ipsend/iptest.1 | 101 - contrib/ipfilter/ipsend/iptest.c | 227 -- contrib/ipfilter/ipsend/iptests.c | 1378 ------- contrib/ipfilter/ipsend/larp.c | 89 - contrib/ipfilter/ipsend/linux.h | 15 - contrib/ipfilter/ipsend/lsock.c | 257 -- contrib/ipfilter/ipsend/resend.c | 150 - contrib/ipfilter/ipsend/sbpf.c | 142 - contrib/ipfilter/ipsend/sdlpi.c | 132 - contrib/ipfilter/ipsend/sirix.c | 95 - contrib/ipfilter/ipsend/slinux.c | 89 - contrib/ipfilter/ipsend/snit.c | 157 - contrib/ipfilter/ipsend/sock.c | 404 --- contrib/ipfilter/ipsend/tcpip.h | 91 - contrib/ipfilter/ipsend/ultrix.c | 84 - contrib/ipfilter/ipt.c | 549 --- contrib/ipfilter/ipt.h | 37 - contrib/ipfilter/kmem.c | 242 -- contrib/ipfilter/kmem.h | 33 - contrib/ipfilter/man/Makefile | 23 - contrib/ipfilter/man/ipf.4 | 257 -- contrib/ipfilter/man/ipf.5 | 542 --- contrib/ipfilter/man/ipf.8 | 137 - contrib/ipfilter/man/ipfilter.5 | 12 - contrib/ipfilter/man/ipfs.8 | 125 - contrib/ipfilter/man/ipfstat.8 | 189 - contrib/ipfilter/man/ipftest.1 | 143 - contrib/ipfilter/man/ipl.4 | 79 - contrib/ipfilter/man/ipmon.8 | 176 - contrib/ipfilter/man/ipnat.4 | 100 - contrib/ipfilter/man/ipnat.5 | 251 -- contrib/ipfilter/man/ipnat.8 | 48 - contrib/ipfilter/man/mkfilters.1 | 12 - contrib/ipfilter/misc.c | 207 -- contrib/ipfilter/mkfilters | 116 - contrib/ipfilter/ml_ipl.c | 165 - contrib/ipfilter/mlf_ipl.c | 431 --- contrib/ipfilter/mli_ipl.c | 596 ---- contrib/ipfilter/mln_ipl.c | 295 -- contrib/ipfilter/mls_ipl.c | 213 -- contrib/ipfilter/natparse.c | 902 ----- contrib/ipfilter/opt.c | 179 - contrib/ipfilter/parse.c | 1510 -------- contrib/ipfilter/pcap.h | 34 - contrib/ipfilter/perl/Ipfanaly.pl | 639 ---- contrib/ipfilter/perl/Isbgraph | 297 -- contrib/ipfilter/perl/LICENSE | 6 - contrib/ipfilter/perl/Services | 2146 ----------- contrib/ipfilter/perl/ipf-mrtg.pl | 22 - contrib/ipfilter/perl/logfilter.pl | 181 - contrib/ipfilter/perl/plog | 1061 ------ contrib/ipfilter/printnat.c | 487 --- contrib/ipfilter/printstate.c | 151 - contrib/ipfilter/relay.c | 227 -- contrib/ipfilter/rules/BASIC.NAT | 46 - contrib/ipfilter/rules/BASIC_1.FW | 99 - contrib/ipfilter/rules/BASIC_2.FW | 72 - contrib/ipfilter/rules/example.1 | 4 - contrib/ipfilter/rules/example.10 | 12 - contrib/ipfilter/rules/example.11 | 26 - contrib/ipfilter/rules/example.12 | 17 - contrib/ipfilter/rules/example.13 | 17 - contrib/ipfilter/rules/example.2 | 5 - contrib/ipfilter/rules/example.3 | 40 - contrib/ipfilter/rules/example.4 | 4 - contrib/ipfilter/rules/example.5 | 25 - contrib/ipfilter/rules/example.6 | 5 - contrib/ipfilter/rules/example.7 | 12 - contrib/ipfilter/rules/example.8 | 10 - contrib/ipfilter/rules/example.9 | 12 - contrib/ipfilter/rules/example.sr | 61 - contrib/ipfilter/rules/firewall | 39 - contrib/ipfilter/rules/ftp-proxy | 45 - contrib/ipfilter/rules/ftppxy | 6 - contrib/ipfilter/rules/nat-setup | 77 - contrib/ipfilter/rules/nat.eg | 14 - contrib/ipfilter/rules/server | 11 - contrib/ipfilter/rules/tcpstate | 13 - contrib/ipfilter/samples/Makefile | 24 - contrib/ipfilter/samples/ipfilter-pb.gif | Bin 795 -> 0 bytes contrib/ipfilter/samples/proxy.c | 297 -- contrib/ipfilter/samples/userauth.c | 58 - contrib/ipfilter/snoop.h | 45 - contrib/ipfilter/test/Makefile | 75 - contrib/ipfilter/test/dotest | 27 - contrib/ipfilter/test/dotest6 | 33 - contrib/ipfilter/test/expected/f1 | 20 - contrib/ipfilter/test/expected/f10 | 126 - contrib/ipfilter/test/expected/f11 | 119 - contrib/ipfilter/test/expected/f12 | 60 - contrib/ipfilter/test/expected/f13 | 84 - contrib/ipfilter/test/expected/f14 | 48 - contrib/ipfilter/test/expected/f15 | 9 - contrib/ipfilter/test/expected/f16 | 9 - contrib/ipfilter/test/expected/f17 | 10 - contrib/ipfilter/test/expected/f2 | 42 - contrib/ipfilter/test/expected/f3 | 48 - contrib/ipfilter/test/expected/f4 | 48 - contrib/ipfilter/test/expected/f5 | 1392 -------- contrib/ipfilter/test/expected/f6 | 1392 -------- contrib/ipfilter/test/expected/f7 | 60 - contrib/ipfilter/test/expected/f8 | 42 - contrib/ipfilter/test/expected/f9 | 126 - contrib/ipfilter/test/expected/i1 | 13 - contrib/ipfilter/test/expected/i10 | 4 - contrib/ipfilter/test/expected/i11 | 4 - contrib/ipfilter/test/expected/i12 | 4 - contrib/ipfilter/test/expected/i2 | 6 - contrib/ipfilter/test/expected/i3 | 10 - contrib/ipfilter/test/expected/i4 | 7 - contrib/ipfilter/test/expected/i5 | 5 - contrib/ipfilter/test/expected/i6 | 4 - contrib/ipfilter/test/expected/i7 | 4 - contrib/ipfilter/test/expected/i8 | 2 - contrib/ipfilter/test/expected/i9 | 5 - contrib/ipfilter/test/expected/in1 | 25 - contrib/ipfilter/test/expected/in2 | 22 - contrib/ipfilter/test/expected/in3 | 5 - contrib/ipfilter/test/expected/in4 | 5 - contrib/ipfilter/test/expected/ipv6.1 | 3 - contrib/ipfilter/test/expected/ipv6.2 | 15 - contrib/ipfilter/test/expected/ipv6.3 | 6 - contrib/ipfilter/test/expected/l1 | 49 - contrib/ipfilter/test/expected/l1.b | 47 - contrib/ipfilter/test/expected/n1 | 96 - contrib/ipfilter/test/expected/n2 | 80 - contrib/ipfilter/test/expected/n3 | 12 - contrib/ipfilter/test/expected/n4 | 30 - contrib/ipfilter/test/expected/n5 | 330 -- contrib/ipfilter/test/expected/n6 | 70 - contrib/ipfilter/test/expected/n7 | 20 - contrib/ipfilter/test/expected/ni1 | 4 - contrib/ipfilter/test/expected/ni2 | 10 - contrib/ipfilter/test/expected/ni3 | 4 - contrib/ipfilter/test/expected/ni4 | 4 - contrib/ipfilter/test/expected/ni5 | 48 - contrib/ipfilter/test/hextest | 27 - contrib/ipfilter/test/input/f1 | 4 - contrib/ipfilter/test/input/f10 | 6 - contrib/ipfilter/test/input/f11 | 16 - contrib/ipfilter/test/input/f12 | 35 - contrib/ipfilter/test/input/f13 | 51 - contrib/ipfilter/test/input/f14 | 5 - contrib/ipfilter/test/input/f15 | 8 - contrib/ipfilter/test/input/f16 | 8 - contrib/ipfilter/test/input/f17 | 61 - contrib/ipfilter/test/input/f2 | 6 - contrib/ipfilter/test/input/f3 | 5 - contrib/ipfilter/test/input/f4 | 5 - contrib/ipfilter/test/input/f5 | 28 - contrib/ipfilter/test/input/f6 | 28 - contrib/ipfilter/test/input/f7 | 9 - contrib/ipfilter/test/input/f8 | 6 - contrib/ipfilter/test/input/f9 | 6 - contrib/ipfilter/test/input/ipv6.1 | 20 - contrib/ipfilter/test/input/ipv6.2 | 26 - contrib/ipfilter/test/input/ipv6.3 | 30 - contrib/ipfilter/test/input/l1 | 52 - contrib/ipfilter/test/input/n1 | 31 - contrib/ipfilter/test/input/n2 | 19 - contrib/ipfilter/test/input/n3 | 5 - contrib/ipfilter/test/input/n4 | 5 - contrib/ipfilter/test/input/n5 | 54 - contrib/ipfilter/test/input/n6 | 13 - contrib/ipfilter/test/input/n7 | 9 - contrib/ipfilter/test/input/ni1 | 19 - contrib/ipfilter/test/input/ni2 | 161 - contrib/ipfilter/test/input/ni3 | 10 - contrib/ipfilter/test/input/ni4 | 10 - contrib/ipfilter/test/input/ni5 | 276 -- contrib/ipfilter/test/intest | 21 - contrib/ipfilter/test/itest | 21 - contrib/ipfilter/test/logtest | 48 - contrib/ipfilter/test/mhtest | 36 - contrib/ipfilter/test/mtest | 36 - contrib/ipfilter/test/natipftest | 28 - contrib/ipfilter/test/nattest | 27 - contrib/ipfilter/test/regress/f1 | 4 - contrib/ipfilter/test/regress/f10 | 18 - contrib/ipfilter/test/regress/f11 | 7 - contrib/ipfilter/test/regress/f12 | 6 - contrib/ipfilter/test/regress/f13 | 6 - contrib/ipfilter/test/regress/f14 | 8 - contrib/ipfilter/test/regress/f15 | 8 - contrib/ipfilter/test/regress/f16 | 10 - contrib/ipfilter/test/regress/f17 | 4 - contrib/ipfilter/test/regress/f2 | 6 - contrib/ipfilter/test/regress/f3 | 8 - contrib/ipfilter/test/regress/f4 | 8 - contrib/ipfilter/test/regress/f5 | 48 - contrib/ipfilter/test/regress/f6 | 48 - contrib/ipfilter/test/regress/f7 | 6 - contrib/ipfilter/test/regress/f8 | 6 - contrib/ipfilter/test/regress/f9 | 18 - contrib/ipfilter/test/regress/i1 | 13 - contrib/ipfilter/test/regress/i10 | 4 - contrib/ipfilter/test/regress/i11 | 4 - contrib/ipfilter/test/regress/i12 | 4 - contrib/ipfilter/test/regress/i2 | 6 - contrib/ipfilter/test/regress/i3 | 10 - contrib/ipfilter/test/regress/i4 | 7 - contrib/ipfilter/test/regress/i5 | 5 - contrib/ipfilter/test/regress/i6 | 4 - contrib/ipfilter/test/regress/i7 | 4 - contrib/ipfilter/test/regress/i8 | 2 - contrib/ipfilter/test/regress/i9 | 5 - contrib/ipfilter/test/regress/in1 | 25 - contrib/ipfilter/test/regress/in2 | 22 - contrib/ipfilter/test/regress/in3 | 5 - contrib/ipfilter/test/regress/in4 | 5 - contrib/ipfilter/test/regress/ipv6.1 | 1 - contrib/ipfilter/test/regress/ipv6.2 | 3 - contrib/ipfilter/test/regress/ipv6.3 | 1 - contrib/ipfilter/test/regress/l1 | 6 - contrib/ipfilter/test/regress/n1 | 3 - contrib/ipfilter/test/regress/n2 | 4 - contrib/ipfilter/test/regress/n3 | 2 - contrib/ipfilter/test/regress/n4 | 5 - contrib/ipfilter/test/regress/n5 | 6 - contrib/ipfilter/test/regress/n6 | 5 - contrib/ipfilter/test/regress/n7 | 2 - contrib/ipfilter/test/regress/ni1.ipf | 4 - contrib/ipfilter/test/regress/ni1.nat | 1 - contrib/ipfilter/test/regress/ni2.ipf | 1 - contrib/ipfilter/test/regress/ni2.nat | 1 - contrib/ipfilter/test/regress/ni3.ipf | 4 - contrib/ipfilter/test/regress/ni3.nat | 1 - contrib/ipfilter/test/regress/ni4.ipf | 4 - contrib/ipfilter/test/regress/ni4.nat | 1 - contrib/ipfilter/test/regress/ni5.ipf | 3 - contrib/ipfilter/test/regress/ni5.nat | 1 - contrib/ipfilter/todo | 98 - etc/defaults/make.conf | 1 - etc/defaults/rc.conf | 19 - etc/mtree/BSD.usr.dist | 2 - etc/mtree/BSD.var.dist | 3 - etc/periodic/security/510.ipfdenied | 54 - etc/periodic/security/Makefile | 2 - etc/rc.d/Makefile | 5 +- etc/rc.d/ipfilter | 121 - etc/rc.d/ipfs | 54 - etc/rc.d/ipmon | 35 - etc/rc.d/ipnat | 49 - etc/rc.d/netif | 6 +- etc/rc.d/ppp-user | 6 - sbin/Makefile | 9 - sbin/ipf/Makefile | 14 - sbin/ipfs/Makefile | 14 - sbin/ipfstat/Makefile | 18 - sbin/ipmon/Makefile | 16 - sbin/ipnat/Makefile | 18 - sbin/kldload/kldload.8 | 3 +- share/examples/Makefile | 6 +- share/examples/ipfilter/Makefile | 29 - share/examples/ipfilter/README | 16 - share/examples/ipfilter/example.14 | 63 - share/examples/ipfilter/examples.txt | 515 --- share/examples/ipfilter/firewall.1 | 37 - share/examples/ipfilter/firewall.2 | 71 - share/examples/ipfilter/ipf-howto.txt | 3169 ----------------- share/examples/ipfilter/ipf.conf.permissive | 31 - share/examples/ipfilter/ipf.conf.restrictive | 78 - share/examples/ipfilter/ipf.conf.sample | 20 - share/examples/ipfilter/ipnat.conf.sample | 4 - share/examples/ipfilter/rules.txt | 183 - share/man/man5/make.conf.5 | 3 - share/man/man5/periodic.conf.5 | 7 - share/man/man5/rc.conf.5 | 231 +- share/man/man7/firewall.7 | 5 - share/man/man9/ioctl.9 | 2 - sys/conf/files | 9 - sys/conf/kern.pre.mk | 4 - sys/conf/options | 3 - sys/config/LINT | 5 +- sys/config/LINT64 | 3 - sys/contrib/ipfilter/netinet/fil.c | 2461 ------------- sys/contrib/ipfilter/netinet/ip_auth.c | 675 ---- sys/contrib/ipfilter/netinet/ip_auth.h | 65 - sys/contrib/ipfilter/netinet/ip_compat.h | 1391 -------- sys/contrib/ipfilter/netinet/ip_fil.c | 2397 ------------- sys/contrib/ipfilter/netinet/ip_fil.h | 602 ---- sys/contrib/ipfilter/netinet/ip_frag.c | 641 ---- sys/contrib/ipfilter/netinet/ip_frag.h | 76 - sys/contrib/ipfilter/netinet/ip_ftp_pxy.c | 1223 ------- sys/contrib/ipfilter/netinet/ip_h323_pxy.c | 298 -- sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c | 294 -- sys/contrib/ipfilter/netinet/ip_log.c | 514 --- sys/contrib/ipfilter/netinet/ip_nat.c | 2991 ---------------- sys/contrib/ipfilter/netinet/ip_nat.h | 344 -- sys/contrib/ipfilter/netinet/ip_netbios_pxy.c | 111 - sys/contrib/ipfilter/netinet/ip_proxy.c | 616 ---- sys/contrib/ipfilter/netinet/ip_proxy.h | 176 - sys/contrib/ipfilter/netinet/ip_raudio_pxy.c | 312 -- sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c | 173 - sys/contrib/ipfilter/netinet/ip_state.c | 2315 ------------ sys/contrib/ipfilter/netinet/ip_state.h | 216 -- sys/contrib/ipfilter/netinet/ipl.h | 17 - sys/contrib/ipfilter/netinet/mlfk_ipl.c | 184 - sys/net/Makefile | 5 +- sys/net/ipfilter/Makefile | 24 - sys/net/ipfilter/ipf_inet6.h | 8 - sys/netinet/ip_input.c | 2 - sys/netinet/ip_output.c | 2 - usr.sbin/Makefile | 7 - usr.sbin/ipftest/Makefile | 22 - usr.sbin/ipresend/Makefile | 17 - usr.sbin/ipsend/Makefile | 27 - usr.sbin/iptest/Makefile | 17 - 422 files changed, 9 insertions(+), 77081 deletions(-) delete mode 100644 contrib/ipfilter/BNF delete mode 100644 contrib/ipfilter/BSD/Makefile delete mode 100644 contrib/ipfilter/BSD/Makefile.ipsend delete mode 100644 contrib/ipfilter/BSD/kupgrade delete mode 100755 contrib/ipfilter/BSD/make-devices delete mode 100644 contrib/ipfilter/BugReport delete mode 100644 contrib/ipfilter/FAQ.FreeBSD delete mode 100644 contrib/ipfilter/FWTK/Index delete mode 100644 contrib/ipfilter/FWTK/README delete mode 100644 contrib/ipfilter/FWTK/README.ipfilter delete mode 100644 contrib/ipfilter/FWTK/ftp-gw.diff delete mode 100644 contrib/ipfilter/FWTK/fwtk-2.1-transparency.txt delete mode 100644 contrib/ipfilter/FWTK/fwtk_transparent.diff delete mode 100644 contrib/ipfilter/FWTK/fwtkp delete mode 100644 contrib/ipfilter/FWTK/tproxy.diff delete mode 100644 contrib/ipfilter/FreeBSD-2.2/files.diffs delete mode 100644 contrib/ipfilter/FreeBSD-2.2/files.newconf.diffs delete mode 100644 contrib/ipfilter/FreeBSD-2.2/in_proto.c.diffs delete mode 100644 contrib/ipfilter/FreeBSD-2.2/ip_input.c.diffs delete mode 100644 contrib/ipfilter/FreeBSD-2.2/ip_output.c.diffs delete mode 100755 contrib/ipfilter/FreeBSD-2.2/kinstall delete mode 100755 contrib/ipfilter/FreeBSD-2.2/minstall delete mode 100755 contrib/ipfilter/FreeBSD-2.2/unkinstall delete mode 100755 contrib/ipfilter/FreeBSD-2.2/unminstall delete mode 100644 contrib/ipfilter/FreeBSD-3/INST.FreeBSD-3 delete mode 100755 contrib/ipfilter/FreeBSD-3/kinstall delete mode 100755 contrib/ipfilter/FreeBSD-3/unkinstall delete mode 100644 contrib/ipfilter/FreeBSD-4.0/INST.FreeBSD-4 delete mode 100644 contrib/ipfilter/FreeBSD/conf.c.diffs delete mode 100644 contrib/ipfilter/FreeBSD/files.diffs delete mode 100644 contrib/ipfilter/FreeBSD/files.newconf.diffs delete mode 100644 contrib/ipfilter/FreeBSD/files.oldconf.diffs delete mode 100644 contrib/ipfilter/FreeBSD/filez.diffs delete mode 100644 contrib/ipfilter/FreeBSD/in_proto.c.diffs delete mode 100644 contrib/ipfilter/FreeBSD/ip_input.c.diffs delete mode 100644 contrib/ipfilter/FreeBSD/ip_output.c.diffs delete mode 100755 contrib/ipfilter/FreeBSD/kinstall delete mode 100755 contrib/ipfilter/FreeBSD/minstall delete mode 100755 contrib/ipfilter/FreeBSD/unkinstall delete mode 100755 contrib/ipfilter/FreeBSD/unminstall delete mode 100644 contrib/ipfilter/HISTORY delete mode 100644 contrib/ipfilter/IMPORTANT delete mode 100644 contrib/ipfilter/INST.FreeBSD-2.2 delete mode 100644 contrib/ipfilter/INSTALL.FreeBSD delete mode 100644 contrib/ipfilter/INSTALL.xBSD delete mode 100644 contrib/ipfilter/IPF.KANJI delete mode 100644 contrib/ipfilter/IPFILTER.LICENCE delete mode 100644 contrib/ipfilter/Makefile delete mode 100644 contrib/ipfilter/NAT.FreeBSD delete mode 100644 contrib/ipfilter/QNX_OCL.txt delete mode 100644 contrib/ipfilter/README delete mode 100644 contrib/ipfilter/UPGRADE_NOTICE delete mode 100644 contrib/ipfilter/Y2K delete mode 100644 contrib/ipfilter/bpf.h delete mode 100755 contrib/ipfilter/bsdinstall delete mode 100644 contrib/ipfilter/common.c delete mode 100644 contrib/ipfilter/etc/protocols delete mode 100644 contrib/ipfilter/etc/services delete mode 100644 contrib/ipfilter/facpri.c delete mode 100644 contrib/ipfilter/facpri.h delete mode 100644 contrib/ipfilter/fils.c delete mode 100644 contrib/ipfilter/inet_addr.c delete mode 100644 contrib/ipfilter/ip_h323_pxy.c delete mode 100644 contrib/ipfilter/ip_ipsec_pxy.c delete mode 100644 contrib/ipfilter/ip_lfil.c delete mode 100644 contrib/ipfilter/ip_netbios_pxy.c delete mode 100644 contrib/ipfilter/ip_sfil.c delete mode 100644 contrib/ipfilter/ipf.c delete mode 100644 contrib/ipfilter/ipf.h delete mode 100644 contrib/ipfilter/ipfs.c delete mode 100644 contrib/ipfilter/ipft_ef.c delete mode 100644 contrib/ipfilter/ipft_hx.c delete mode 100644 contrib/ipfilter/ipft_pc.c delete mode 100644 contrib/ipfilter/ipft_sn.c delete mode 100644 contrib/ipfilter/ipft_td.c delete mode 100644 contrib/ipfilter/ipft_tx.c delete mode 100644 contrib/ipfilter/iplang/BNF delete mode 100644 contrib/ipfilter/iplang/Makefile delete mode 100644 contrib/ipfilter/iplang/iplang.h delete mode 100644 contrib/ipfilter/iplang/iplang.tst delete mode 100644 contrib/ipfilter/iplang/iplang_l.l delete mode 100644 contrib/ipfilter/iplang/iplang_y.y delete mode 100644 contrib/ipfilter/ipmon.c delete mode 100644 contrib/ipfilter/ipnat.c delete mode 100644 contrib/ipfilter/ipsd/Celler/ip_compat.h delete mode 100644 contrib/ipfilter/ipsd/Makefile delete mode 100644 contrib/ipfilter/ipsd/README delete mode 100644 contrib/ipfilter/ipsd/ipsd.c delete mode 100644 contrib/ipfilter/ipsd/ipsd.h delete mode 100644 contrib/ipfilter/ipsd/ipsdr.c delete mode 100644 contrib/ipfilter/ipsd/linux.h delete mode 100644 contrib/ipfilter/ipsd/sbpf.c delete mode 100644 contrib/ipfilter/ipsd/sdlpi.c delete mode 100644 contrib/ipfilter/ipsd/slinux.c delete mode 100644 contrib/ipfilter/ipsd/snit.c delete mode 100644 contrib/ipfilter/ipsend/.OLD/ip_compat.h delete mode 100644 contrib/ipfilter/ipsend/44arp.c delete mode 100644 contrib/ipfilter/ipsend/Crashable delete mode 100644 contrib/ipfilter/ipsend/Makefile delete mode 100644 contrib/ipfilter/ipsend/README delete mode 100644 contrib/ipfilter/ipsend/arp.c delete mode 100644 contrib/ipfilter/ipsend/dlcommon.c delete mode 100644 contrib/ipfilter/ipsend/dltest.h delete mode 100644 contrib/ipfilter/ipsend/hpux.c delete mode 100644 contrib/ipfilter/ipsend/in_var.h delete mode 100644 contrib/ipfilter/ipsend/ip.c delete mode 100644 contrib/ipfilter/ipsend/ip_var.h delete mode 100644 contrib/ipfilter/ipsend/ipresend.1 delete mode 100644 contrib/ipfilter/ipsend/ipresend.c delete mode 100644 contrib/ipfilter/ipsend/ipsend.1 delete mode 100644 contrib/ipfilter/ipsend/ipsend.5 delete mode 100644 contrib/ipfilter/ipsend/ipsend.c delete mode 100644 contrib/ipfilter/ipsend/ipsend.h delete mode 100644 contrib/ipfilter/ipsend/ipsopt.c delete mode 100644 contrib/ipfilter/ipsend/iptest.1 delete mode 100644 contrib/ipfilter/ipsend/iptest.c delete mode 100644 contrib/ipfilter/ipsend/iptests.c delete mode 100644 contrib/ipfilter/ipsend/larp.c delete mode 100644 contrib/ipfilter/ipsend/linux.h delete mode 100644 contrib/ipfilter/ipsend/lsock.c delete mode 100644 contrib/ipfilter/ipsend/resend.c delete mode 100644 contrib/ipfilter/ipsend/sbpf.c delete mode 100644 contrib/ipfilter/ipsend/sdlpi.c delete mode 100644 contrib/ipfilter/ipsend/sirix.c delete mode 100644 contrib/ipfilter/ipsend/slinux.c delete mode 100644 contrib/ipfilter/ipsend/snit.c delete mode 100644 contrib/ipfilter/ipsend/sock.c delete mode 100644 contrib/ipfilter/ipsend/tcpip.h delete mode 100644 contrib/ipfilter/ipsend/ultrix.c delete mode 100644 contrib/ipfilter/ipt.c delete mode 100644 contrib/ipfilter/ipt.h delete mode 100644 contrib/ipfilter/kmem.c delete mode 100644 contrib/ipfilter/kmem.h delete mode 100644 contrib/ipfilter/man/Makefile delete mode 100644 contrib/ipfilter/man/ipf.4 delete mode 100644 contrib/ipfilter/man/ipf.5 delete mode 100644 contrib/ipfilter/man/ipf.8 delete mode 100644 contrib/ipfilter/man/ipfilter.5 delete mode 100644 contrib/ipfilter/man/ipfs.8 delete mode 100644 contrib/ipfilter/man/ipfstat.8 delete mode 100644 contrib/ipfilter/man/ipftest.1 delete mode 100644 contrib/ipfilter/man/ipl.4 delete mode 100644 contrib/ipfilter/man/ipmon.8 delete mode 100644 contrib/ipfilter/man/ipnat.4 delete mode 100644 contrib/ipfilter/man/ipnat.5 delete mode 100644 contrib/ipfilter/man/ipnat.8 delete mode 100644 contrib/ipfilter/man/mkfilters.1 delete mode 100644 contrib/ipfilter/misc.c delete mode 100644 contrib/ipfilter/mkfilters delete mode 100644 contrib/ipfilter/ml_ipl.c delete mode 100644 contrib/ipfilter/mlf_ipl.c delete mode 100644 contrib/ipfilter/mli_ipl.c delete mode 100644 contrib/ipfilter/mln_ipl.c delete mode 100644 contrib/ipfilter/mls_ipl.c delete mode 100644 contrib/ipfilter/natparse.c delete mode 100644 contrib/ipfilter/opt.c delete mode 100644 contrib/ipfilter/parse.c delete mode 100644 contrib/ipfilter/pcap.h delete mode 100644 contrib/ipfilter/perl/Ipfanaly.pl delete mode 100644 contrib/ipfilter/perl/Isbgraph delete mode 100644 contrib/ipfilter/perl/LICENSE delete mode 100644 contrib/ipfilter/perl/Services delete mode 100644 contrib/ipfilter/perl/ipf-mrtg.pl delete mode 100644 contrib/ipfilter/perl/logfilter.pl delete mode 100644 contrib/ipfilter/perl/plog delete mode 100644 contrib/ipfilter/printnat.c delete mode 100644 contrib/ipfilter/printstate.c delete mode 100644 contrib/ipfilter/relay.c delete mode 100644 contrib/ipfilter/rules/BASIC.NAT delete mode 100644 contrib/ipfilter/rules/BASIC_1.FW delete mode 100644 contrib/ipfilter/rules/BASIC_2.FW delete mode 100644 contrib/ipfilter/rules/example.1 delete mode 100644 contrib/ipfilter/rules/example.10 delete mode 100644 contrib/ipfilter/rules/example.11 delete mode 100644 contrib/ipfilter/rules/example.12 delete mode 100644 contrib/ipfilter/rules/example.13 delete mode 100644 contrib/ipfilter/rules/example.2 delete mode 100644 contrib/ipfilter/rules/example.3 delete mode 100644 contrib/ipfilter/rules/example.4 delete mode 100644 contrib/ipfilter/rules/example.5 delete mode 100644 contrib/ipfilter/rules/example.6 delete mode 100644 contrib/ipfilter/rules/example.7 delete mode 100644 contrib/ipfilter/rules/example.8 delete mode 100644 contrib/ipfilter/rules/example.9 delete mode 100644 contrib/ipfilter/rules/example.sr delete mode 100644 contrib/ipfilter/rules/firewall delete mode 100644 contrib/ipfilter/rules/ftp-proxy delete mode 100755 contrib/ipfilter/rules/ftppxy delete mode 100644 contrib/ipfilter/rules/nat-setup delete mode 100644 contrib/ipfilter/rules/nat.eg delete mode 100644 contrib/ipfilter/rules/server delete mode 100644 contrib/ipfilter/rules/tcpstate delete mode 100644 contrib/ipfilter/samples/Makefile delete mode 100644 contrib/ipfilter/samples/ipfilter-pb.gif delete mode 100644 contrib/ipfilter/samples/proxy.c delete mode 100644 contrib/ipfilter/samples/userauth.c delete mode 100644 contrib/ipfilter/snoop.h delete mode 100644 contrib/ipfilter/test/Makefile delete mode 100644 contrib/ipfilter/test/dotest delete mode 100755 contrib/ipfilter/test/dotest6 delete mode 100644 contrib/ipfilter/test/expected/f1 delete mode 100644 contrib/ipfilter/test/expected/f10 delete mode 100644 contrib/ipfilter/test/expected/f11 delete mode 100644 contrib/ipfilter/test/expected/f12 delete mode 100644 contrib/ipfilter/test/expected/f13 delete mode 100644 contrib/ipfilter/test/expected/f14 delete mode 100644 contrib/ipfilter/test/expected/f15 delete mode 100644 contrib/ipfilter/test/expected/f16 delete mode 100644 contrib/ipfilter/test/expected/f17 delete mode 100644 contrib/ipfilter/test/expected/f2 delete mode 100644 contrib/ipfilter/test/expected/f3 delete mode 100644 contrib/ipfilter/test/expected/f4 delete mode 100644 contrib/ipfilter/test/expected/f5 delete mode 100644 contrib/ipfilter/test/expected/f6 delete mode 100644 contrib/ipfilter/test/expected/f7 delete mode 100644 contrib/ipfilter/test/expected/f8 delete mode 100644 contrib/ipfilter/test/expected/f9 delete mode 100644 contrib/ipfilter/test/expected/i1 delete mode 100644 contrib/ipfilter/test/expected/i10 delete mode 100644 contrib/ipfilter/test/expected/i11 delete mode 100644 contrib/ipfilter/test/expected/i12 delete mode 100644 contrib/ipfilter/test/expected/i2 delete mode 100644 contrib/ipfilter/test/expected/i3 delete mode 100644 contrib/ipfilter/test/expected/i4 delete mode 100644 contrib/ipfilter/test/expected/i5 delete mode 100644 contrib/ipfilter/test/expected/i6 delete mode 100644 contrib/ipfilter/test/expected/i7 delete mode 100644 contrib/ipfilter/test/expected/i8 delete mode 100644 contrib/ipfilter/test/expected/i9 delete mode 100644 contrib/ipfilter/test/expected/in1 delete mode 100644 contrib/ipfilter/test/expected/in2 delete mode 100644 contrib/ipfilter/test/expected/in3 delete mode 100644 contrib/ipfilter/test/expected/in4 delete mode 100644 contrib/ipfilter/test/expected/ipv6.1 delete mode 100644 contrib/ipfilter/test/expected/ipv6.2 delete mode 100644 contrib/ipfilter/test/expected/ipv6.3 delete mode 100644 contrib/ipfilter/test/expected/l1 delete mode 100644 contrib/ipfilter/test/expected/l1.b delete mode 100644 contrib/ipfilter/test/expected/n1 delete mode 100644 contrib/ipfilter/test/expected/n2 delete mode 100644 contrib/ipfilter/test/expected/n3 delete mode 100644 contrib/ipfilter/test/expected/n4 delete mode 100644 contrib/ipfilter/test/expected/n5 delete mode 100644 contrib/ipfilter/test/expected/n6 delete mode 100644 contrib/ipfilter/test/expected/n7 delete mode 100644 contrib/ipfilter/test/expected/ni1 delete mode 100644 contrib/ipfilter/test/expected/ni2 delete mode 100644 contrib/ipfilter/test/expected/ni3 delete mode 100644 contrib/ipfilter/test/expected/ni4 delete mode 100644 contrib/ipfilter/test/expected/ni5 delete mode 100644 contrib/ipfilter/test/hextest delete mode 100644 contrib/ipfilter/test/input/f1 delete mode 100644 contrib/ipfilter/test/input/f10 delete mode 100644 contrib/ipfilter/test/input/f11 delete mode 100644 contrib/ipfilter/test/input/f12 delete mode 100644 contrib/ipfilter/test/input/f13 delete mode 100644 contrib/ipfilter/test/input/f14 delete mode 100644 contrib/ipfilter/test/input/f15 delete mode 100644 contrib/ipfilter/test/input/f16 delete mode 100644 contrib/ipfilter/test/input/f17 delete mode 100644 contrib/ipfilter/test/input/f2 delete mode 100644 contrib/ipfilter/test/input/f3 delete mode 100644 contrib/ipfilter/test/input/f4 delete mode 100644 contrib/ipfilter/test/input/f5 delete mode 100644 contrib/ipfilter/test/input/f6 delete mode 100644 contrib/ipfilter/test/input/f7 delete mode 100644 contrib/ipfilter/test/input/f8 delete mode 100644 contrib/ipfilter/test/input/f9 delete mode 100644 contrib/ipfilter/test/input/ipv6.1 delete mode 100644 contrib/ipfilter/test/input/ipv6.2 delete mode 100644 contrib/ipfilter/test/input/ipv6.3 delete mode 100644 contrib/ipfilter/test/input/l1 delete mode 100644 contrib/ipfilter/test/input/n1 delete mode 100644 contrib/ipfilter/test/input/n2 delete mode 100644 contrib/ipfilter/test/input/n3 delete mode 100644 contrib/ipfilter/test/input/n4 delete mode 100644 contrib/ipfilter/test/input/n5 delete mode 100644 contrib/ipfilter/test/input/n6 delete mode 100644 contrib/ipfilter/test/input/n7 delete mode 100644 contrib/ipfilter/test/input/ni1 delete mode 100644 contrib/ipfilter/test/input/ni2 delete mode 100644 contrib/ipfilter/test/input/ni3 delete mode 100644 contrib/ipfilter/test/input/ni4 delete mode 100644 contrib/ipfilter/test/input/ni5 delete mode 100755 contrib/ipfilter/test/intest delete mode 100644 contrib/ipfilter/test/itest delete mode 100755 contrib/ipfilter/test/logtest delete mode 100755 contrib/ipfilter/test/mhtest delete mode 100755 contrib/ipfilter/test/mtest delete mode 100755 contrib/ipfilter/test/natipftest delete mode 100755 contrib/ipfilter/test/nattest delete mode 100644 contrib/ipfilter/test/regress/f1 delete mode 100644 contrib/ipfilter/test/regress/f10 delete mode 100644 contrib/ipfilter/test/regress/f11 delete mode 100644 contrib/ipfilter/test/regress/f12 delete mode 100644 contrib/ipfilter/test/regress/f13 delete mode 100644 contrib/ipfilter/test/regress/f14 delete mode 100644 contrib/ipfilter/test/regress/f15 delete mode 100644 contrib/ipfilter/test/regress/f16 delete mode 100644 contrib/ipfilter/test/regress/f17 delete mode 100644 contrib/ipfilter/test/regress/f2 delete mode 100644 contrib/ipfilter/test/regress/f3 delete mode 100644 contrib/ipfilter/test/regress/f4 delete mode 100644 contrib/ipfilter/test/regress/f5 delete mode 100644 contrib/ipfilter/test/regress/f6 delete mode 100644 contrib/ipfilter/test/regress/f7 delete mode 100644 contrib/ipfilter/test/regress/f8 delete mode 100644 contrib/ipfilter/test/regress/f9 delete mode 100644 contrib/ipfilter/test/regress/i1 delete mode 100644 contrib/ipfilter/test/regress/i10 delete mode 100644 contrib/ipfilter/test/regress/i11 delete mode 100644 contrib/ipfilter/test/regress/i12 delete mode 100644 contrib/ipfilter/test/regress/i2 delete mode 100644 contrib/ipfilter/test/regress/i3 delete mode 100644 contrib/ipfilter/test/regress/i4 delete mode 100644 contrib/ipfilter/test/regress/i5 delete mode 100644 contrib/ipfilter/test/regress/i6 delete mode 100644 contrib/ipfilter/test/regress/i7 delete mode 100644 contrib/ipfilter/test/regress/i8 delete mode 100644 contrib/ipfilter/test/regress/i9 delete mode 100644 contrib/ipfilter/test/regress/in1 delete mode 100644 contrib/ipfilter/test/regress/in2 delete mode 100644 contrib/ipfilter/test/regress/in3 delete mode 100644 contrib/ipfilter/test/regress/in4 delete mode 100644 contrib/ipfilter/test/regress/ipv6.1 delete mode 100644 contrib/ipfilter/test/regress/ipv6.2 delete mode 100644 contrib/ipfilter/test/regress/ipv6.3 delete mode 100644 contrib/ipfilter/test/regress/l1 delete mode 100644 contrib/ipfilter/test/regress/n1 delete mode 100644 contrib/ipfilter/test/regress/n2 delete mode 100644 contrib/ipfilter/test/regress/n3 delete mode 100644 contrib/ipfilter/test/regress/n4 delete mode 100644 contrib/ipfilter/test/regress/n5 delete mode 100644 contrib/ipfilter/test/regress/n6 delete mode 100644 contrib/ipfilter/test/regress/n7 delete mode 100644 contrib/ipfilter/test/regress/ni1.ipf delete mode 100644 contrib/ipfilter/test/regress/ni1.nat delete mode 100644 contrib/ipfilter/test/regress/ni2.ipf delete mode 100644 contrib/ipfilter/test/regress/ni2.nat delete mode 100644 contrib/ipfilter/test/regress/ni3.ipf delete mode 100644 contrib/ipfilter/test/regress/ni3.nat delete mode 100644 contrib/ipfilter/test/regress/ni4.ipf delete mode 100644 contrib/ipfilter/test/regress/ni4.nat delete mode 100644 contrib/ipfilter/test/regress/ni5.ipf delete mode 100644 contrib/ipfilter/test/regress/ni5.nat delete mode 100644 contrib/ipfilter/todo delete mode 100644 etc/periodic/security/510.ipfdenied delete mode 100644 etc/rc.d/ipfilter delete mode 100644 etc/rc.d/ipfs delete mode 100644 etc/rc.d/ipmon delete mode 100644 etc/rc.d/ipnat delete mode 100644 sbin/ipf/Makefile delete mode 100644 sbin/ipfs/Makefile delete mode 100644 sbin/ipfstat/Makefile delete mode 100644 sbin/ipmon/Makefile delete mode 100644 sbin/ipnat/Makefile delete mode 100644 share/examples/ipfilter/Makefile delete mode 100644 share/examples/ipfilter/README delete mode 100644 share/examples/ipfilter/example.14 delete mode 100644 share/examples/ipfilter/examples.txt delete mode 100644 share/examples/ipfilter/firewall.1 delete mode 100644 share/examples/ipfilter/firewall.2 delete mode 100644 share/examples/ipfilter/ipf-howto.txt delete mode 100644 share/examples/ipfilter/ipf.conf.permissive delete mode 100644 share/examples/ipfilter/ipf.conf.restrictive delete mode 100644 share/examples/ipfilter/ipf.conf.sample delete mode 100644 share/examples/ipfilter/ipnat.conf.sample delete mode 100644 share/examples/ipfilter/rules.txt delete mode 100644 sys/contrib/ipfilter/netinet/fil.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_auth.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_auth.h delete mode 100644 sys/contrib/ipfilter/netinet/ip_compat.h delete mode 100644 sys/contrib/ipfilter/netinet/ip_fil.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_fil.h delete mode 100644 sys/contrib/ipfilter/netinet/ip_frag.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_frag.h delete mode 100644 sys/contrib/ipfilter/netinet/ip_ftp_pxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_h323_pxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_log.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_nat.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_nat.h delete mode 100644 sys/contrib/ipfilter/netinet/ip_netbios_pxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_proxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_proxy.h delete mode 100644 sys/contrib/ipfilter/netinet/ip_raudio_pxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_state.c delete mode 100644 sys/contrib/ipfilter/netinet/ip_state.h delete mode 100644 sys/contrib/ipfilter/netinet/ipl.h delete mode 100644 sys/contrib/ipfilter/netinet/mlfk_ipl.c delete mode 100644 sys/net/ipfilter/Makefile delete mode 100644 sys/net/ipfilter/ipf_inet6.h delete mode 100644 usr.sbin/ipftest/Makefile delete mode 100644 usr.sbin/ipresend/Makefile delete mode 100644 usr.sbin/ipsend/Makefile delete mode 100644 usr.sbin/iptest/Makefile diff --git a/contrib/ipfilter/BNF b/contrib/ipfilter/BNF deleted file mode 100644 index cf30ab6f10..0000000000 --- a/contrib/ipfilter/BNF +++ /dev/null @@ -1,80 +0,0 @@ -filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ] - [ proto ] [ ip ] [ group ]. - -insert = "@" decnumber . -action = block | "no-match" | "pass" | log | "count" | skip | auth | call . -in-out = "in" | "out" . -options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] - [ via ] ] . -tos = "tos" decnumber | "tos" hexnumber . -ttl = "ttl" decnumber . -proto = "proto" protocol . -ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] . -group = [ "head" decnumber ] [ "group" decnumber ] . - -block = "block" [ return-icmp[return-code] | "return-rst" ] . -auth = "auth" | "preauth" . -log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . -call = "call" [ "now" ] function-name . -skip = "skip" decnumber . -dup = "dup-to" interface-name[":"ipaddr] . -via = "in-via" interface-name | "out-via" interface-name . -froute = "fastroute" | "to" interface-name [ ":" ipaddr ] . -protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . -srcdst = "all" | fromto . -fromto = "from" object "to" object . - -return-icmp = "return-icmp" | "return-icmp-as-dest" . -loglevel = facility"."priority | priority . -object = addr [ port-comp | port-range ] . -addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . -port-comp = "port" compare port-num . -port-range = "port" port-num range port-num . -flags = "flags" flag { flag } [ "/" flag { flag } ] . -with = "with" | "and" . -icmp = "icmp-type" icmp-type [ "code" decnumber ] . -return-code = "("icmp-code")" . -keep = "keep" "state" | "keep" "frags" | "keep" "state-age" state-age . -state-age = decnmber [ "/" decnumber ] . - -nummask = host-name [ "/" decnumber ] . -host-name = ipaddr | hostname | "any" . -ipaddr = host-num "." host-num "." host-num "." host-num . -host-num = digit [ digit [ digit ] ] . -port-num = service-name | decnumber . - -withopt = [ "not" | "no" ] opttype [ withopt ] . -opttype = "ipopts" | "short" | "frag" | "opt" ipopts . -optname = ipopts [ "," optname ] . -ipopts = optlist | "sec-class" [ secname ] . -secname = seclvl [ "," secname ] . -seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" | - "reserv-4" | "secret" | "topsecret" . -icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" | - "timex" | "paramprob" | "timest" | "timestrep" | "inforeq" | - "inforep" | "maskreq" | "maskrep" | "routerad" | - "routersol" | decnumber . -icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" | - "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | - "net-prohib" | "host-prohib" | "net-tos" | "host-tos" | - "filter-prohib" | "host-preced" | "cutoff-preced" . -optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" | - "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" | - "visa" | "imitd" | "eip" | "finn" . -facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" | - "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" | - "audit" | "logalert" | "local0" | "local1" | "local2" | - "local3" | "local4" | "local5" | "local6" | "local7" . -priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" | - "info" | "debug" . - -hexnumber = "0" "x" hexstring . -hexstring = hexdigit [ hexstring ] . -decnumber = digit [ decnumber ] . - -compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" | - "le" | "ge" . -range = "<>" | "><" . -hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" . -digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" . -flag = "F" | "S" | "R" | "P" | "A" | "U" . diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile deleted file mode 100644 index 50a61e886a..0000000000 --- a/contrib/ipfilter/BSD/Makefile +++ /dev/null @@ -1,273 +0,0 @@ -# -# Copyright (C) 1993-1998 by Darren Reed. -# -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original author and the contributors. -# -BINDEST=/usr/sbin -SBINDEST=/sbin -SEARCHDIRS=$(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin \ - /usr/local/bin /usr/local/sbin -MANDIR=/usr/share/man -CC=cc -Wall -Wstrict-prototypes -Wuninitialized -O -CFLAGS=-g -I$(TOP) -# -# For NetBSD/FreeBSD -# -DEVFS!=/usr/bin/lsvfs 2>&1 | sed -n 's/.*devfs.*/-DDEVFS/p' -CPU!=uname -m -INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch -DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEVFS) -IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST -VNODESHDIR=/sys/kern -MLD=$(ML) vnode_if.h -ML=mln_ipl.c -IPFILC=ip_fil.c -LKM=if_ipl.o -DLKM= -MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ - 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \ - "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ - "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ - "CPUDIR=$(CPUDIR)" -# -########## ########## ########## ########## ########## ########## ########## -# -CP=/bin/cp -RM=/bin/rm -CHMOD=/bin/chmod -INSTALL=install -# -MODOBJS=ip_fil.o fil_k.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \ - ip_auth.o ip_log.o -DFLAGS=$(IPFLKM) $(DEF) $(DLKM) -IPF=ipf.o parse.o common.o opt.o facpri.o -IPT=ipt.o parse.o common.o fil.o ipft_sn.o ipft_ef.o ipft_td.o ipft_pc.o \ - opt.o ipft_tx.o misc.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_proxy_u.o \ - ip_auth_u.o ipft_hx.o ip_fil_u.o ip_log_u.o natparse.o facpri.o \ - printnat.o printstate.o -IPNAT=ipnat.o kmem.o natparse.o common.o printnat.o -FILS=fils.o parse.o kmem.o opt.o facpri.o common.o printstate.o - -build all: ipf ipfs ipfstat ipftest ipmon ipnat $(LKM) - /bin/rm -f $(TOP)/ipf - ln -s `pwd`/ipf $(TOP) - /bin/rm -f $(TOP)/ipftest - ln -s `pwd`/ipftest $(TOP) - /bin/rm -f $(TOP)/ipmon - ln -s `pwd`/ipmon $(TOP) - /bin/rm -f $(TOP)/ipnat - ln -s `pwd`/ipnat $(TOP) - -ipfstat: $(FILS) - $(CC) -static $(DEBUG) $(CFLAGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \ - $(FILS) -o $@ $(LIBS) $(STATETOP_LIB) -lkvm - -ipf: $(IPF) - $(CC) -static $(DEBUG) $(CFLAGS) $(IPF) -o $@ $(LIBS) - -ipftest: $(IPT) - $(CC) $(DEBUG) $(CFLAGS) $(IPT) -o $@ $(LIBS) - -ipnat: $(IPNAT) - $(CC) -static $(DEBUG) $(CFLAGS) $(IPNAT) -o $@ $(LIBS) -lkvm - -ipfs: ipfs.o - $(CC) -static $(DEBUG) $(CFLAGS) ipfs.o -o $@ $(LIBS) - -tests: - (cd test; make ) - -fils.o: $(TOP)/fils.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_frag.h \ - $(TOP)/ip_compat.h $(TOP)/ip_state.h $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \ - -c $(TOP)/fils.c -o $@ - -ipfs.o: $(TOP)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \ - $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipfs.c -o $@ - -fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/fil.c -o $@ - -fil_k.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \ - $(TOP)/ipl.h - $(CC) $(DEBUG) $(CFLAGS) $(POLICY) $(DFLAGS) -c $(TOP)/fil.c -o $@ - -ipf.o: $(TOP)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipf.c -o $@ - -ipt.o: $(TOP)/ipt.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipt.c -o $@ - -misc.o: $(TOP)/misc.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/misc.c -o $@ - -opt.o: $(TOP)/opt.c $(TOP)/ip_fil.h $(TOP)/ipf.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/opt.c -o $@ - -ipnat.o: $(TOP)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipnat.c -o $@ - -natparse.o: $(TOP)/natparse.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h \ - $(TOP)/ip_compat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/natparse.c -o $@ - -printnat.o: $(TOP)/printnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h \ - $(TOP)/ip_compat.h $(TOP)/ip_proxy.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/printnat.c -o $@ - -printstate.o: $(TOP)/printstate.c $(TOP)/ip_fil.h $(TOP)/ipf.h \ - $(TOP)/ip_state.h $(TOP)/ip_compat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/printstate.c -o $@ - -ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \ - $(TOP)/snoop.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@ - -ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_ef.c -o $@ - -ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_td.c -o $@ - -ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@ - -ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_tx.c -o $@ - -ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_hx.c -o $@ - -ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_nat.c -o $@ - -ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c \ - $(TOP)/ip_raudio_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_proxy.c -o $@ - -ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_frag.c -o $@ - -ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_state.c -o $@ - -ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_auth.c -o $@ - -ip_fil_u.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/$(IPFILC) -o $@ - -ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_log.c -o $@ - -if_ipl.o: $(MODOBJS) - ld -r $(MODOBJS) -o $(LKM) - ${RM} -f if_ipl - -ipf.ko ipl.ko: $(MODOBJS) - gensetdefs $(MODOBJS) - $(CC) $(DEBUG) $(CFLAGS) -c setdef0.c - $(CC) $(DEBUG) $(CFLAGS) -c setdef1.c - ld -Bshareable -o $(LKM) setdef0.o $(MODOBJS) setdef1.o - -ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@ - -ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@ - -ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/ip_state.c -o $@ - -ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_ftp_pxy.c $(TOP)/ip_raudio_pxy.c \ - $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@ - -ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@ - -ip_fil.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/$(IPFILC) -o $@ - -ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@ - -vnode_if.h: $(VNODESHDIR)/vnode_if.sh $(VNODESHDIR)/vnode_if.src - mkdir -p ../sys - sh $(VNODESHDIR)/vnode_if.sh $(VNODESHDIR)/vnode_if.src - if [ -f ../sys/vnode_if.h ] ; then mv ../sys/vnode_if.h .; fi - rmdir ../sys - -ml_ipl.o: $(TOP)/$(MLD) $(TOP)/ipl.h - -/bin/rm -f vnode_if.c - $(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@ - -kmem.o: $(TOP)/kmem.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/kmem.c -o $@ - -parse.o: $(TOP)/parse.c $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/parse.c -o $@ - -common.o: $(TOP)/common.c $(TOP)/ip_fil.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/common.c -o $@ - -facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/facpri.c -o $@ - -ipmon: $(TOP)/ipmon.c - $(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS) - -clean: - ${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipnat \ - vnode_if.h $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h \ - y.tab.? lex.yy.c ipfs - ${RM} -f ../opt_inet6.h ../ipftest ../ipmon ../ipf ../ipnat - - ${MAKE} -f Makefile.ipsend ${MFLAGS} clean - -(for i in *; do \ - if [ -d $${i} -a -f $${i}/Makefile ] ; then \ - cd $${i}; (make clean); cd ..; \ - rm $${i}/Makefile $${i}/Makefile.ipsend; \ - rmdir $${i}; \ - fi \ - done) - -install: - for i in ip_compat.h ip_fil.h ip_nat.h ip_state.h ip_proxy.h \ - ip_frag.h ip_auth.h; do \ - /bin/cp $(TOP)/$$i /usr/include/netinet/; \ - $(CHMOD) 444 /usr/include/netinet/$$i; \ - done - -if [ -d /lkm -a -f if_ipl.o ] ; then \ - cp if_ipl.o /lkm; \ - fi - -if [ -d /modules -a -f ipf.ko ] ; then \ - cp ipf.ko /modules; \ - fi - @for i in ipf:$(SBINDEST) ipfs:$(SBINDEST) ipnat:$(SBINDEST) \ - ipfstat:$(SBINDEST) ipftest:$(SBINDEST) ipmon:$(BINDEST); do \ - def="`expr $$i : '[^:]*:\(.*\)'`"; \ - p="`expr $$i : '\([^:]*\):.*'`"; \ - for d in $(SEARCHDIRS); do \ - if [ -f $$d/$$p ] ; then \ - echo "$(INSTALL) -cs -g wheel -m 755 -o root $$p $$d"; \ - $(INSTALL) -cs -g wheel -m 755 -o root $$p $$d; \ - dd=$$d; \ - fi; \ - done; \ - if [ -z "$$dd" ] ; then \ - echo $(INSTALL) -cs -g wheel -m 755 -o root $$p $$def; \ - $(INSTALL) -cs -g wheel -m 755 -o root $$p $$def; \ - fi \ - done - (cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP)) diff --git a/contrib/ipfilter/BSD/Makefile.ipsend b/contrib/ipfilter/BSD/Makefile.ipsend deleted file mode 100644 index 94a3c7ad10..0000000000 --- a/contrib/ipfilter/BSD/Makefile.ipsend +++ /dev/null @@ -1,109 +0,0 @@ -# -# $Id: Makefile.ipsend,v 2.2 2000/02/28 08:27:51 darrenr Exp $ -# - -BINDEST=/usr/sbin -SBINDEST=/sbin -MANDIR=/usr/share/man - -OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o -IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o -ROBJS=ipresend.o ip.o resend.o $(IPFTO) opt.o -TOBJS=iptest.o iptests.o ip.o -UNIXOBJS=sbpf.o sock.o 44arp.o - -CC=gcc -Wuninitialized -Wstrict-prototypes -O -CFLAGS=-g -I$(TOP) -# -MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ - 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \ - "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ - "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ - "CPUDIR=$(CPUDIR)" -# -all build bsd-bpf : ipsend ipresend iptest - -y.tab.o: $(TOP)/iplang/iplang_y.y - (cd $(TOP)/iplang; $(MAKE) ../BSD/$(CPUDIR)/$@ $(MFLAGS) 'DESTDIR=../BSD/$(CPUDIR)' ) - -lex.yy.o: $(TOP)/iplang/iplang_l.l - (cd $(TOP)/iplang; $(MAKE) ../BSD/$(CPUDIR)/$@ $(MFLAGS) 'DESTDIR=../BSD/$(CPUDIR)' ) - -.c.o: - $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ - -ipsend: $(OBJS) $(UNIXOBJS) - $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll - -ipresend: $(ROBJS) $(UNIXOBJS) - $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) - -iptest: $(TOBJS) $(UNIXOBJS) - $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) - -clean: - rm -rf *.o core a.out ipsend ipresend iptest - -ipsend.o: $(TOP)/ipsend/ipsend.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsend.c -o $@ - -ipsopt.o: $(TOP)/ipsend/ipsopt.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsopt.c -o $@ - -ipresend.o: $(TOP)/ipsend/ipresend.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipresend.c -o $@ - -ip.o: $(TOP)/ipsend/ip.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ip.c -o $@ - -resend.o: $(TOP)/ipsend/resend.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/resend.c -o $@ - -ipft_sn.o: $(TOP)/ipft_sn.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@ - -ipft_pc.o: $(TOP)/ipft_pc.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@ - -iptest.o: $(TOP)/ipsend/iptest.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptest.c -o $@ - -iptests.o: $(TOP)/ipsend/iptests.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptests.c -o $@ - -sbpf.o: $(TOP)/ipsend/sbpf.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sbpf.c -o $@ - -snit.o: $(TOP)/ipsend/snit.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/snit.c -o $@ - -sock.o: $(TOP)/ipsend/sock.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sock.c -o $@ - -arp.o: $(TOP)/ipsend/arp.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/arp.c -o $@ - -44arp.o: $(TOP)/ipsend/44arp.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/44arp.c -o $@ - -lsock.o: $(TOP)/ipsend/lsock.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/lsock.c -o $@ - -slinux.o: $(TOP)/ipsend/slinux.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/slinux.c -o $@ - -larp.o: $(TOP)/ipsend/larp.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/larp.c -o $@ - -dlcommon.o: $(TOP)/ipsend/dlcommon.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/dlcommon.c -o $@ - -sdlpi.o: $(TOP)/ipsend/sdlpi.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sdlpi.c -o $@ - -arp.o: $(TOP)/ipsend/arp.c - $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/arp.c -o $@ - -install: - -$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST) - diff --git a/contrib/ipfilter/BSD/kupgrade b/contrib/ipfilter/BSD/kupgrade deleted file mode 100644 index ae0b71f4e6..0000000000 --- a/contrib/ipfilter/BSD/kupgrade +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# -PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH - -# try to bomb out fast if anything fails.... -set -e - -argv0=`basename $0` -dir=`pwd` -karch=`uname -m` -os=`uname -s` -if [ $os = FreeBSD ] ; then - rev=`uname -r` - rev=`expr $rev : '\([0-9]*\)\..*'` - if [ $rev = 2 ] ; then - echo "Copying /usr/include/osreldate.h to /sys/sys" - cp /usr/include/osreldate.h /sys/sys - fi - if [ -f /sys/contrib/ipfilter/netinet/mlfk_ipl.c ] ; then - /bin/cp mlfk_ipl.c /sys/contrib/ipfilter/netinet/ - fi -fi -archdir="/sys/arch/$karch" -ipfdir=/sys/netinet -if [ -d /sys/contrib/ipfilter ] ; then - ipfdir=/sys/contrib/ipfilter/netinet -fi -confdir="$archdir/conf" - -echo -n "Installing " -for i in ip_fil.[ch] fil.c ip_nat.[ch] ip_frag.[ch] ip_state.[ch] ip_proxy.[ch] ip_auth.[ch] ip_log.c ip_compat.h ipl.h ip_*_pxy.c ; do - echo -n "$i " - cp $i $ipfdir - chmod 644 $ipfdir/$i -done -echo "" -echo -n "Installing into /usr/include/netinet" -for j in auth compat fil frag nat proxy state ; do - i=ip_$j.h - if [ -f "$i" ] ; then - echo -n " $i" - cp $i /usr/include/netinet/$i - chmod 644 /usr/include/netinet/$i - fi -done -for j in ipl.h; do - if [ -f "$j" ] ; then - echo -n " $j" - cp $j /usr/include/netinet/$j - chmod 644 /usr/include/netinet/$j - fi -done -echo - -if [ -f /sys/netinet/ip_fil_compat.h ] ; then - echo "Linking /sys/netinet/ip_compat.h to /sys/netinet/ip_fil_compat.h" - rm /sys/netinet/ip_fil_compat.h - ln -s /sys/netinet/ip_compat.h /sys/netinet/ip_fil_compat.h -fi -exit 0 diff --git a/contrib/ipfilter/BSD/make-devices b/contrib/ipfilter/BSD/make-devices deleted file mode 100755 index 320bd8075d..0000000000 --- a/contrib/ipfilter/BSD/make-devices +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -os=`uname -s`-`uname -r` - -case "$os" in - FreeBSD-2.2*) - major=79 - ;; - FreeBSD-*) - major=20 - ;; - NetBSD-*) - echo "see /dev/MAKEDEV" - exit 0 - ;; - OpenBSD-*) - echo "see /dev/MAKEDEV" - exit 0 - ;; - *) - ;; -esac - -umask 037 -mknod /dev/ipl c $major 0 -mknod /dev/ipnat c $major 1 -mknod /dev/ipstate c $major 2 -mknod /dev/ipauth c $major 3 diff --git a/contrib/ipfilter/BugReport b/contrib/ipfilter/BugReport deleted file mode 100644 index 0bd243ca1f..0000000000 --- a/contrib/ipfilter/BugReport +++ /dev/null @@ -1,10 +0,0 @@ -IP Filter bug report form. --------------------------- -IP Filter Version: -Operating System Version: -Configuration: - -Description of problem: - -How to repeat: - diff --git a/contrib/ipfilter/FAQ.FreeBSD b/contrib/ipfilter/FAQ.FreeBSD deleted file mode 100644 index 3b069c9f4b..0000000000 --- a/contrib/ipfilter/FAQ.FreeBSD +++ /dev/null @@ -1,104 +0,0 @@ -These are Instructions for Configuring A FreeBSD Box For NAT -After you have installed IP-Filter. - -You will need to change three files: - -/etc/rc.local -/etc/sysconfig -/etc/natrules - -You will have to: - -1) Load the kernel module -2) Make the ipnat rules -3) Load the ipnat rules -4) Enable routing between interfaces -5) Add static routes for the subnet ranges -6) Configure your network interfaces -7) reboot the computer for the changes to take effect. - -The FAQ was written by Chris Coleman -This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE -_________________________________________________________ -1) Loading the Kernel Module - -If you are using a Kernal Loadable Module you need to edit your -/etc/rc.local file and load the module at boot time. -use the line: - - modload /lkm/if_ipl.o - -If you are not loading a kernel module, skip this step. -_________________________________________________________ -2) Setting up the NAT Rules - -Make a file called /etc/natrules -put in the rules that you need for your system. - -If you want to use the whole 10 Network. Try: - -map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000 - -_________________________________________________________ -Here is an explaination of each part of the command: - -map starts the command. - -fpx0 is the interface with the real internet address. - -10.0.0.0 is the subnet you want to use. - -/8 is the subnet mask. ie 255.0.0.0 - -208.8.0.1 is the real ip address that you use. - -/32 is the subnet mask 255.255.255.255, ie only use this ip address. - -portmap tcp/udp 10000:65000 - tells it to use the ports to redirect the tcp/udp calls through - - -The one line should work for the whole network. -_________________________________________________________ -3) Loading the NAT Rules: - -The NAT Rules will need to be loaded every time the computer -reboots. - -In your /etc/rc.local put the line: - -ipnat -f /etc/natrules - -To check and see if it is loaded, as root type - ipnat -ls -_________________________________________________________ -4) Enable Routing between interfaces. - -Tell the kernel to route these addresses. - -in the rc.local file put the line: - -sysctl -w net.inet.ip.forwarding=1 - -_________________________________________________________ -5) Static Routes to Subnet Ranges - -Now you have to add a static routes for the subnet ranges. -Edit your /etc/sysconfig to add them at bootup. - -static_routes="foo" -route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1" - - -_________________________________________________________ -6) Make sure that you have your interfaces configured. - -I have two Intel Ether Express Pro B cards. -One is on 208.8.0.1 The other is on 10.0.0.1 - -You need to configure these in the /etc/sysconfig - -network_interfaces="fxp0 fxp1" -ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0" -ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0" -_________________________________________________________ diff --git a/contrib/ipfilter/FWTK/Index b/contrib/ipfilter/FWTK/Index deleted file mode 100644 index f5d7043ca3..0000000000 --- a/contrib/ipfilter/FWTK/Index +++ /dev/null @@ -1,3 +0,0 @@ -README - Readme for ftp-gw.diff and fwtkp -README.ipfilter - README for fwtk_transparent.diff -fwtk_transparent.diff - patches for 2.0beta diff --git a/contrib/ipfilter/FWTK/README b/contrib/ipfilter/FWTK/README deleted file mode 100644 index 3ed0e2fa6d..0000000000 --- a/contrib/ipfilter/FWTK/README +++ /dev/null @@ -1,18 +0,0 @@ - -There are two patch files in this directory, each allowing for the Firewall -Toolkit to be used in a transparent proxy configuration. - -ftp-gw.diff - A patch written by myself for use only with IP Filter and - ftp-gw from the Firewall Toolkit. You need to copy ip_nat.h, - ip_fil.h and ip_compat.h to the ftp-gw directory to compile - once this patch has been applied. - -fwtkp - A set of patches written by James B. Croall (jcroall@foo.org) - for use with both IP Filter and ipfwadm (for Linux) and more - of the various FWTK gateway plugins, including: - ftp-gw http-gw plug-gw rlogin-gw tn-gw - -Both patches when applied to the Firewall toolkit require the same -configuration for IP Filter. - -Darren diff --git a/contrib/ipfilter/FWTK/README.ipfilter b/contrib/ipfilter/FWTK/README.ipfilter deleted file mode 100644 index fd461cc6cf..0000000000 --- a/contrib/ipfilter/FWTK/README.ipfilter +++ /dev/null @@ -1,20 +0,0 @@ - -there was a patch for fwtk with ip_filter 3.1.5 from James B. Croall -(thanx for his work) which I put onto fwtk 2.0beta. - -Now, if you decide to do transparent proxying with ip-filter you -have to put -DUSE_IP_FILTER to COPTS in Makefile.config. -With Solaris 2.x you have to correctly replace the path to your -ip_filter sources. (lib/hnam.c needs ip_nat.h) - -I also patched plug-gw to be configured to accept not only one -destination with the parameter "-all-destinations" in netperm-table. -Perhaps this is a security hole... - -The patched fwtk worked fine for me with linux (kernel 2.0.28 and ipfadm 2.1) -and Solaris 2.5 (ip_filter 3.1.5). - -If you try to enhance the transparent proxy features for other -architectures, see lib/hnam.c (getdsthost). - -Michael Kutzner, Michael.Kutzner@paderlinx.de diff --git a/contrib/ipfilter/FWTK/ftp-gw.diff b/contrib/ipfilter/FWTK/ftp-gw.diff deleted file mode 100644 index be613423c8..0000000000 --- a/contrib/ipfilter/FWTK/ftp-gw.diff +++ /dev/null @@ -1,232 +0,0 @@ -*** ftp-gw.c.orig Sun Jun 22 16:27:42 1997 ---- ftp-gw.c Sun Jun 22 17:02:16 1997 -*************** -*** 11,31 **** ---- 11,41 ---- - */ - static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.1 1999/08/04 17:30:30 darrenr Exp $"; - -+ /* -+ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96 -+ * darrenr@cyber.com.au -+ */ -+ static char vIpFilter[] = "v3.1.11"; - - #include - #include - #include -+ #include -+ #include - #include - #include - #include - extern int errno; -+ #ifdef sun - extern char *sys_errlist[]; -+ #endif - #include - #include - #include - #include - #include - #include -+ #include - - extern char *rindex(); - extern char *index(); -*************** -*** 36,41 **** ---- 46,54 ---- - - #include "firewall.h" - -+ #include "ip_compat.h" -+ #include "ip_fil.h" -+ #include "ip_nat.h" - - #ifndef BSIZ - #define BSIZ 2048 -*************** -*** 83,88 **** ---- 96,103 ---- - static int cmd_noop(); - static int cmd_abor(); - static int cmd_passthru(); -+ static int nat_destination(); -+ static int connectdest(); - static void saveline(); - static void flushsaved(); - static void trap_sigurg(); -*************** -*** 317,323 **** - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); - } ---- 332,341 ---- - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); -! if(say(0,xuf)) -! exit(1); -! sprintf(xuf,"220-%s TIS ftp-gw with IP Filter %s NAT extensions",huf,vIpFilter); - if(say(0,xuf)) - exit(1); - } -*************** -*** 338,343 **** ---- 356,363 ---- - exit(1); - } - -+ nat_destination(0); -+ - /* main loop */ - while(1) { - FD_ZERO(&rdy); -*************** -*** 608,619 **** - static char narg[] = "501 Missing or extra username"; - static char noad[] = "501 Use user@site to connect via proxy"; - char buf[1024]; -- char mbuf[512]; - char *p; - char *dest; - char *user; - int x; -- int msg_int; - short port = FTPPORT; - - /* kludgy but effective. if authorizing everything call auth instead */ ---- 628,637 ---- -*************** -*** 643,648 **** ---- 661,687 ---- - return(sayn(0,noad,sizeof(noad))); - } - -+ if((rfd == -1) && (x = connectdest(dest,port))) -+ return x; -+ sprintf(buf,"USER %s",user); -+ if(say(rfd,buf)) -+ return(1); -+ x = getresp(rfd,buf,sizeof(buf),1); -+ if(sendsaved(0,x)) -+ return(1); -+ return(say(0,buf)); -+ } -+ -+ static int -+ connectdest(dest,port) -+ char *dest; -+ short port; -+ { -+ char buf[1024]; -+ char mbuf[512]; -+ int msg_int; -+ int x; -+ - if(*dest == '\0') - dest = "localhost"; - -*************** -*** 685,693 **** - char ebuf[512]; - - strcpy(ebuf,buf); -! sprintf(buf,"521 %s: %s",dest,ebuf); - return(say(0,buf)); - } - sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); - saveline(buf); - ---- 724,733 ---- - char ebuf[512]; - - strcpy(ebuf,buf); -! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); - return(say(0,buf)); - } -+ - sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); - saveline(buf); - -*************** -*** 698,711 **** - return(say(0,buf)); - } - saveline(buf); -! -! sprintf(buf,"USER %s",user); -! if(say(rfd,buf)) -! return(1); -! x = getresp(rfd,buf,sizeof(buf),1); -! if(sendsaved(0,x)) -! return(1); -! return(say(0,buf)); - } - - ---- 738,745 ---- - return(say(0,buf)); - } - saveline(buf); -! sendsaved(0,-1); -! return 0; - } - - -*************** -*** 1591,1593 **** ---- 1625,1671 ---- - dup(nread); - } - #endif -+ -+ -+ static int -+ nat_destination(fd) -+ int fd; -+ { -+ struct sockaddr_in laddr, faddr; -+ struct natlookup natlookup; -+ char *dest; -+ int slen, natfd; -+ -+ bzero((char *)&laddr, sizeof(laddr)); -+ bzero((char *)&faddr, sizeof(faddr)); -+ slen = sizeof(laddr); -+ if(getsockname(fd,(struct sockaddr *)&laddr,&slen) < 0) { -+ perror("getsockname"); -+ exit(1); -+ } -+ slen = sizeof(faddr); -+ if(getpeername(fd,(struct sockaddr *)&faddr,&slen) < 0) { -+ perror("getsockname"); -+ exit(1); -+ } -+ -+ natlookup.nl_inport = laddr.sin_port; -+ natlookup.nl_outport = faddr.sin_port; -+ natlookup.nl_inip = laddr.sin_addr; -+ natlookup.nl_outip = faddr.sin_addr; -+ natlookup.nl_flags = IPN_TCP; -+ if((natfd = open(IPL_NAT, O_RDONLY)) < 0) { -+ perror("open"); -+ exit(1); -+ } -+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { -+ syslog(LOG_ERR, "SIOCGNATL failed: %m\n"); -+ close(natfd); -+ if(say(0,"220 Ready")) -+ exit(1); -+ return 0; -+ } -+ close(natfd); -+ return connectdest(inet_ntoa(natlookup.nl_realip), -+ ntohs(natlookup.nl_realport)); -+ } diff --git a/contrib/ipfilter/FWTK/fwtk-2.1-transparency.txt b/contrib/ipfilter/FWTK/fwtk-2.1-transparency.txt deleted file mode 100644 index 2e719383f3..0000000000 --- a/contrib/ipfilter/FWTK/fwtk-2.1-transparency.txt +++ /dev/null @@ -1,707 +0,0 @@ -diff -c -r ./ftp-gw/ftp-gw.c ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c -*** ./ftp-gw/ftp-gw.c Thu Feb 5 19:05:43 1998 ---- ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c Thu May 21 17:36:09 1998 -*************** -*** 44,49 **** ---- 44,51 ---- - - extern char *optarg; - -+ char *getdsthost(); -+ - #include "firewall.h" - - -*************** -*** 88,93 **** ---- 90,97 ---- - static int cmdcnt = 0; - static int timeout = PROXY_TIMEOUT; - -+ static int do_transparent = 0; -+ - - static int cmd_user(); - static int cmd_authorize(); -*************** -*** 101,106 **** ---- 105,111 ---- - static int cmd_passthru(); - static void saveline(); - static void flushsaved(); -+ static int connectdest(); - - #define OP_CONN 001 /* only valid if connected */ - #define OP_WCON 002 /* writethrough if connected */ -*************** -*** 173,178 **** ---- 178,184 ---- - char xuf[1024]; - char huf[512]; - char *passuser = (char *)0; /* passed user as av */ -+ char *psychic, *hotline; - - #ifndef LOG_DAEMON - openlog("ftp-gw",LOG_PID); -*************** -*** 317,322 **** ---- 323,332 ---- - } else - timeout = PROXY_TIMEOUT; - -+ psychic = getdsthost(0, NULL); -+ if (psychic) -+ do_transparent++; -+ - /* display a welcome file or message */ - if(passuser == (char *)0) { - if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -*************** -*** 324,329 **** ---- 334,345 ---- - syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); - exit(1); - } -+ if (do_transparent) { -+ if (sayfile2(0, cf->argv[0], 220)) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]); -+ exit(1); -+ } -+ } else - if(sayfile(0,cf->argv[0],220)) { - syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]); - exit(1); -*************** -*** 336,341 **** ---- 352,360 ---- - if(say(0,"220-Proxy first requires authentication")) - exit(1); - -+ if (do_transparent) -+ sprintf(xuf, "220-%s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR); -+ else - sprintf(xuf, "220 %s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); -*************** -*** 357,362 **** ---- 376,384 ---- - exit(1); - } - -+ if (do_transparent) -+ connectdest(psychic, 21); -+ - /* main loop */ - while(1) { - FD_ZERO(&rdy); -*************** -*** 653,658 **** ---- 675,696 ---- - return(sayn(0,noad,sizeof(noad)-1)); - } - -+ if (do_transparent) { -+ if((rfd == (-1)) && (x = connectdest(dest,port))) -+ return x; -+ -+ sprintf(buf,"USER %s",user); -+ -+ if (say(rfd, buf)) -+ return(1); -+ -+ x = getresp(rfd, buf, sizeof(buf), 1); -+ if (sendsaved(0, x)) -+ return(1); -+ -+ return(say(0, buf)); -+ } -+ - if(*dest == '\0') - dest = "localhost"; - -*************** -*** 694,705 **** - char ebuf[512]; - - strcpy(ebuf,buf); -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } -! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); -! saveline(buf); - - /* we are now connected and need to try the autologin thing */ - x = getresp(rfd,buf,sizeof(buf),1); ---- 732,748 ---- - char ebuf[512]; - - strcpy(ebuf,buf); -! if (do_transparent) -! sprintf(buf, "521 %s,%d: %s", dest, ntohs(port), ebuf); -! else -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } -! if (!do_transparent) { -! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); -! saveline(buf); -! } - - /* we are now connected and need to try the autologin thing */ - x = getresp(rfd,buf,sizeof(buf),1); -*************** -*** 1889,1891 **** ---- 1932,2050 ---- - dup(nread); - } - #endif -+ -+ static int connectdest(dest, port) -+ char *dest; -+ short port; -+ { -+ char buf[1024], mbuf[512]; -+ int msg_int, x; -+ -+ if(*dest == '\0') -+ dest = "localhost"; -+ -+ if(validests != (char **)0) { -+ char **xp; -+ int x; -+ -+ for(xp = validests; *xp != (char *)0; xp++) { -+ if(**xp == '!' && hostmatch(*xp + 1,dest)) { -+ return(baddest(0,dest)); -+ } else { -+ if(hostmatch(*xp,dest)) -+ break; -+ } -+ } -+ if(*xp == (char *)0) -+ return(baddest(0,dest)); -+ } -+ -+ /* Extended permissions processing goes in here for destination */ -+ if(extendperm) { -+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); -+ if(msg_int == 1) { -+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); -+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); -+ say(0,mbuf); -+ return(1); -+ } else { -+ if(msg_int == -1) { -+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); -+ say(0,mbuf); -+ return(1); -+ } -+ } -+ } -+ -+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); -+ -+ if((rfd = conn_server(dest,port,0,buf)) < 0) { -+ char ebuf[512]; -+ -+ strcpy(ebuf,buf); -+ if (do_transparent) -+ sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); -+ else -+ sprintf(buf,"521 %s: %s",dest,ebuf); -+ rfd = -1; -+ return(say(0,buf)); -+ } -+ if (!do_transparent) { -+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); -+ saveline(buf); -+ } -+ -+ /* we are now connected and need to try the autologin thing */ -+ x = getresp(rfd,buf,sizeof(buf),1); -+ if(x / 100 != COMPLETE) { -+ sendsaved(0,-1); -+ return(say(0,buf)); -+ } -+ saveline(buf); -+ -+ sendsaved(0,-1); -+ return 0; -+ } -+ -+ /* quick hack */ -+ sayfile2(fd,fn,code) -+ int fd; -+ char *fn; -+ int code; -+ { -+ FILE *f; -+ char buf[BUFSIZ]; -+ char yuf[BUFSIZ]; -+ char *c; -+ int x; -+ int saidsomething = 0; -+ -+ if((f = fopen(fn,"r")) == (FILE *)0) -+ return(1); -+ while(fgets(buf,sizeof(buf),f) != (char *)0) { -+ if((c = index(buf,'\n')) != (char *)0) -+ *c = '\0'; -+ x = fgetc(f); -+ if(feof(f)) -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ else { -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ ungetc(x,f); -+ } -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ saidsomething++; -+ } -+ fclose(f); -+ if (!saidsomething) { -+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); -+ sprintf(yuf, "%3.3d The file to display is empty",code); -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ } -+ return(0); -+ } -diff -c -r ./http-gw/http-gw.c ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c -*** ./http-gw/http-gw.c Fri Feb 6 18:32:25 1998 ---- ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c Thu May 21 17:00:47 1998 -*************** -*** 27,32 **** ---- 27,35 ---- - static char http_buffer[8192]; - static char reason[8192]; - static int checkBrowserType = 1; -+ static int do_transparent = 0; -+ -+ char * getdsthost(); - - static void do_logging() - { char *proto = "GOPHER"; -*************** -*** 473,478 **** ---- 476,490 ---- - /*(NOT A SPECIAL FORM)*/ - - if((rem_type & TYPE_LOCAL)== 0){ -+ char * psychic = getdsthost(sockfd, &def_port); -+ if (psychic) { -+ if (strlen(psychic) <= MAXHOSTNAMELEN) { -+ do_transparent ++; -+ strncpy(def_httpd, psychic, strlen(psychic)); -+ strncpy(def_server, psychic, strlen(psychic)); -+ } -+ } -+ - /* See if it can be forwarded */ - - if( can_forward(buf)){ -*************** -*** 1564,1570 **** - parse_vec[0], - parse_vec[1], - ourname, ourport); -! }else{ - sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", - parse_vec[0], parse_vec[2], - parse_vec[3], chk_type_ch, ---- 1576,1589 ---- - parse_vec[0], - parse_vec[1], - ourname, ourport); -! } -! else -! if (do_transparent) { -! sprintf(new_reply, "%s\t%s\t%s\t%s", -! parse_vec[0], parse_vec[1], -! parse_vec[2],parse_vec[3]); -! } -! else { - sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", - parse_vec[0], parse_vec[2], - parse_vec[3], chk_type_ch, -diff -c -r ./lib/hnam.c ../../fwtk-2.1-violated/fwtk/lib/hnam.c -*** ./lib/hnam.c Tue Dec 10 13:08:48 1996 ---- ../../fwtk-2.1-violated/fwtk/lib/hnam.c Thu May 21 17:10:00 1998 -*************** -*** 23,28 **** ---- 23,33 ---- - - #include "firewall.h" - -+ #ifdef __FreeBSD__ /* or OpenBSD, NetBSD, BSDI, etc. Fix this for your system. */ -+ #include -+ #include "ip_nat.h" -+ #endif /* __FreeBSD__ */ -+ - - char * - maphostname(name) -*************** -*** 49,52 **** ---- 54,132 ---- - } - bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); - return(inet_ntoa(sin.sin_addr)); -+ } -+ -+ char *getdsthost(fd, ptr) -+ int fd; -+ int *ptr; -+ { -+ struct sockaddr_in sin; -+ struct hostent * hp; -+ int sl = sizeof(struct sockaddr_in), err = 0, local_h = 0, i = 0; -+ char buf[255], hostbuf[255]; -+ #ifdef __FreeBSD__ -+ struct sockaddr_in rsin; -+ struct natlookup natlookup; -+ #endif -+ -+ #ifdef linux -+ if (!(err = getsockname(0, &sin, &sl))) { -+ if(ptr) -+ * ptr = ntohs(sin.sin_port); -+ -+ sprintf(buf, "%s", inet_ntoa(sin.sin_addr)); -+ gethostname(hostbuf, 254); -+ hp = gethostbyname(hostbuf); -+ while (hp->h_addr_list[i]) { -+ bzero(&sin, &sl); -+ memcpy(&sin.sin_addr, hp->h_addr_list[i++], -+ sizeof(hp->h_addr_list[i++])); -+ -+ if (!strcmp(buf, inet_ntoa(sin.sin_addr))) -+ local_h++; -+ } -+ -+ if(local_h) -+ return(NULL); -+ else -+ return(buf); -+ } -+ #endif -+ -+ #ifdef __FreeBSD__ -+ /* The basis for this block of code is Darren Reed's -+ * patches to the TIS ftwk's ftp-gw. -+ */ -+ bzero((char*)&sin, sizeof(sin)); -+ bzero((char*)&rsin, sizeof(rsin)); -+ -+ if (getsockname(fd, (struct sockaddr*)&sin, &sl) < 0) -+ return NULL; -+ -+ sl = sizeof(rsin); -+ -+ if(getpeername(fd, (struct sockaddr*)&rsin, &sl) < 0) -+ return NULL; -+ -+ natlookup.nl_inport=sin.sin_port; -+ natlookup.nl_outport=rsin.sin_port; -+ natlookup.nl_inip=sin.sin_addr; -+ natlookup.nl_outip=rsin.sin_addr; -+ -+ if ((natfd = open("/dev/ipl",O_RDONLY)) < 0) -+ return NULL; -+ -+ if (ioctl(natfd, SIOCGNATL,&natlookup) == (-1)) -+ return NULL; -+ -+ close(natfd); -+ -+ if (ptr) -+ *ptr = ntohs(natlookup.nl_inport); -+ -+ sprintf(buf, "%s", inet_ntoa(natlookup.nl_inip)); -+ #endif -+ -+ /* No transparent proxy support */ -+ return(NULL); - } -diff -c -r ./plug-gw/plug-gw.c ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c -*** ./plug-gw/plug-gw.c Thu Feb 5 19:07:35 1998 ---- ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c Thu May 21 17:29:01 1998 -*************** -*** 43,48 **** ---- 43,50 ---- - static char **validdests = (char **)0; - static int net_write(); - -+ static int do_transparent = 0; -+ - main(ac,av) - int ac; - char *av[]; -*************** -*** 198,206 **** ---- 200,220 ---- - char *ptr; - int state = 0; - int ssl_plug = 0; -+ char * getdsthost(); -+ int pport = 0; - - struct timeval timo; - -+ /* Transparent plug-gw is probably a bad idea, but then, plug-gw is a bad -+ * idea .. -+ */ -+ dhost = getdsthost(0, &pport); -+ if (dhost) { -+ do_transparent++; -+ portid = pport; -+ } -+ -+ - if(c->flags & PERM_DENY) { - if (p == -1) - syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr); -*************** -*** 220,226 **** - syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); - exit (1); - } -! dhost = av[x]; - continue; - } - ---- 234,241 ---- - syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); - exit (1); - } -! if (!dhost) -! dhost = av[x]; - continue; - } - -diff -c -r ./rlogin-gw/rlogin-gw.c ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c -*** ./rlogin-gw/rlogin-gw.c Thu Feb 5 19:08:38 1998 ---- ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c Thu May 21 17:20:25 1998 -*************** -*** 103,108 **** ---- 103,111 ---- - static int trusted = 0; - static int doX = 0; - static char *prompt; -+ static int do_transparent = 0; -+ -+ char * getdsthost(); - - main(ac,av) - int ac; -*************** -*** 123,128 **** ---- 126,132 ---- - static char *tokav[56]; - int tokac; - struct timeval timo; -+ char * psychic; - - #ifndef LOG_NDELAY - openlog("rlogin-gw",LOG_PID); -*************** -*** 188,194 **** - xforwarder = cf->argv[0]; - } - -! - - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { ---- 192,203 ---- - xforwarder = cf->argv[0]; - } - -! psychic = getdsthost(0, NULL); -! if (psychic) { -! do_transparent++; -! strncpy(dest, psychic, 511); -! dest[511] = '\0'; -! } - - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { -*************** -*** 266,271 **** ---- 275,281 ---- - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - -+ dest[0] = '\0'; - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; -*************** -*** 297,302 **** ---- 307,326 ---- - - if(dest[0] != '\0') { - /* Setup connection directly to remote machine */ -+ if ((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -+ if (cf->argc != 1) { -+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); -+ exit(1); -+ } -+ -+ if (sayfile(0, cf->argv[0])) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); -+ exit(1); -+ } -+ } -+ -+ /* Hey fwtk developer people -- this connect_dest thing is *nasty!* */ -+ - sprintf(buf,"connect %.1000s",dest); - tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf)); - if (cmd_connect(tokac, tokav, buf) != 2) -*************** -*** 535,548 **** - char ebuf[512]; - - syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp); -! if(strlen(namp) > 20) -! namp[20] = '\0'; -! if(rusername[0] != '\0') -! sprintf(ebuf,"Trying %s@%s...",rusername,namp); -! else -! sprintf(ebuf,"Trying %s...",namp); -! if(say(0,ebuf)) -! return(1); - } else - syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]); - if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { ---- 559,574 ---- - char ebuf[512]; - - syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp); -! if (!do_transparent) { -! if(strlen(namp) > 20) -! namp[20] = '\0'; -! if(rusername[0] != '\0') -! sprintf(ebuf,"Trying %s@%s...",rusername,namp); -! else -! sprintf(ebuf,"Trying %s...",namp); -! if(say(0,ebuf)) -! return(1); -! } - } else - syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]); - if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { -diff -c -r ./tn-gw/tn-gw.c ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c -*** ./tn-gw/tn-gw.c Thu Feb 5 19:11:36 1998 ---- ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c Thu May 21 17:25:06 1998 -*************** -*** 91,96 **** ---- 91,100 ---- - static int cmd_xforward(); - static int cmd_timeout(); - -+ char * getdsthost(); -+ -+ static int do_transparent = 0; -+ - static int tn3270 = 1; /* don't do tn3270 stuff */ - static int doX; - -*************** -*** 144,149 **** ---- 148,155 ---- - char tokbuf[BSIZ]; - char *tokav[56]; - int tokac; -+ int port; -+ char * psychic; - - #ifndef LOG_DAEMON - openlog("tn-gw",LOG_PID); -*************** -*** 325,330 **** ---- 331,362 ---- - } - } - -+ psychic = getdsthost(0, &port); -+ if (psychic) { -+ if ((strlen(psychic) + 10) < 510) { -+ do_transparent++; -+ if (port) -+ sprintf(dest, "%s:%d", psychic, port); -+ else -+ sprintf(dest, "%s", psychic); -+ -+ if (!welcomedone) -+ if ((cf = cfg_get("welcome-msg", confp)) != (Cfg *)0) { -+ if (cf->argc != 1) { -+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); -+ exit(1); -+ } -+ -+ if (sayfile(0, cf->argv[0])) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); -+ exit(1); -+ } -+ -+ welcomedone = 1; -+ } -+ } -+ } -+ - while (argc > 1) { - argc--; - argv++; -*************** -*** 947,955 **** - char ebuf[512]; - - syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp); -! sprintf(ebuf,"Trying %.100s port %d...",namp,port); -! if(say(0,ebuf)) -! return(1); - } else - syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]); - ---- 979,989 ---- - char ebuf[512]; - - syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp); -! if (!do_transparent) { -! sprintf(ebuf,"Trying %.100s port %d...",namp,port); -! if(say(0,ebuf)) -! return(1); -! } - } else - syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]); - -*************** -*** 991,998 **** - - syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! sprintf(buf, "Connected to %.512s.", dest); -! say(0, buf); - return(2); - } - ---- 1025,1034 ---- - - syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! if (!do_transparent) { -! sprintf(buf, "Connected to %.512s.", dest); -! say(0, buf); -! } - return(2); - } - diff --git a/contrib/ipfilter/FWTK/fwtk_transparent.diff b/contrib/ipfilter/FWTK/fwtk_transparent.diff deleted file mode 100644 index 69962b6fe9..0000000000 --- a/contrib/ipfilter/FWTK/fwtk_transparent.diff +++ /dev/null @@ -1,1025 +0,0 @@ -diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux -*** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996 ---- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997 -*************** -*** 13,19 **** - - - # Your C compiler (eg, "cc" or "gcc") -! CC= cc - - - # program to use for installation -- this may or may not preserve ---- 13,19 ---- - - - # Your C compiler (eg, "cc" or "gcc") -! CC= gcc - - - # program to use for installation -- this may or may not preserve -*************** -*** 24,37 **** - - # Defines for your operating system - # -! DEFINES=-DLINUX - #DEFINES=-DSYSV -DSOLARIS - - # Options for your compiler (eg, "-g" for debugging, "-O" for - # optimizing, or "-g -O" for both under GCC) - #COPT= -g -traditional $(DEFINES) -! COPT= -g $(DEFINES) -! #COPT= -O $(DEFINES) - - # Version of "make" you want to use - #MAKE= gnumake ---- 24,37 ---- - - # Defines for your operating system - # -! DEFINES=-DLINUX -DUSE_IP_FILTER - #DEFINES=-DSYSV -DSOLARIS - - # Options for your compiler (eg, "-g" for debugging, "-O" for - # optimizing, or "-g -O" for both under GCC) - #COPT= -g -traditional $(DEFINES) -! #COPT= -g $(DEFINES) -! COPT= -O $(DEFINES) - - # Version of "make" you want to use - #MAKE= gnumake -*************** -*** 44,50 **** - - - # Destination directory for installation of binaries -! DEST= /usr/local/etc - - - # Destination directory for installation of man pages ---- 44,50 ---- - - - # Destination directory for installation of binaries -! DEST= /usr/local/sbin - - - # Destination directory for installation of man pages -*************** -*** 72,78 **** - # or -Bstatic for static binaries under SunOS 4.1.x) - #LDFL= -Bstatic - #LDFL= -! LDFL= -g - - - # Location of the fwtk sources [For #include by any external tools needing it] ---- 72,79 ---- - # or -Bstatic for static binaries under SunOS 4.1.x) - #LDFL= -Bstatic - #LDFL= -! #LDFL= -g -! LDFL= -O - - - # Location of the fwtk sources [For #include by any external tools needing it] -*************** -*** 81,87 **** - - - # Location of X libraries for X-gw -! XLIBDIR=/usr/X11/lib - #XLIBDIR=/usr/local/X11R5/lib - - # X Libraries ---- 82,88 ---- - - - # Location of X libraries for X-gw -! XLIBDIR=/usr/X11R6/lib - #XLIBDIR=/usr/local/X11R5/lib - - # X Libraries -*************** -*** 96,102 **** - #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 - - # Location of X include files -! XINCLUDE=/usr/X11/include - #XINCLUDE=/usr/local/X11R5/include - - # Objects to include in libfwall for SYSV ---- 97,103 ---- - #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 - - # Location of X include files -! XINCLUDE=/usr/X11R6/include - #XINCLUDE=/usr/local/X11R5/include - - # Objects to include in libfwall for SYSV -diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris -*** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996 ---- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997 -*************** -*** 11,30 **** - # - # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.1 1999/08/04 17:40:48 darrenr Exp $" - - - # Your C compiler (eg, "cc" or "gcc") -! CC= cc - - - # program to use for installation -- this may or may not preserve - # old versions (or whatever). assumes that it takes parameters: - # copy source dest -! CP= cp - - - # Defines for your operating system - # -! DEFINES=-DSYSV -DSOLARIS - - #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ - -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ ---- 11,34 ---- - # - # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.1 1999/08/04 17:40:48 darrenr Exp $" - -+ # -+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c) -+ # -+ IPFPATH=/src/unpacked/firewall/ip_fil3.1.5 - - # Your C compiler (eg, "cc" or "gcc") -! CC= gcc - - - # program to use for installation -- this may or may not preserve - # old versions (or whatever). assumes that it takes parameters: - # copy source dest -! CP= /usr/ucb/install -c -s - - - # Defines for your operating system - # -! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH) - - #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ - -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ -*************** -*** 45,52 **** - - - # Your ranlib utility (use "touch" if you don't have ranlib) -! RANLIB= ranlib -! #RANLIB= touch - - - # Destination directory for installation of binaries ---- 49,56 ---- - - - # Your ranlib utility (use "touch" if you don't have ranlib) -! # RANLIB= ranlib -! RANLIB= touch - - - # Destination directory for installation of binaries -diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h -*** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996 ---- fwtk/firewall.h Sun Feb 2 05:23:33 1997 -*************** -*** 47,53 **** - system. - */ - #ifndef PERMFILE -! #define PERMFILE "/usr/local/etc/netperm-table" - #endif - - /* ---- 47,53 ---- - system. - */ - #ifndef PERMFILE -! #define PERMFILE "/etc/fwtk/netperm-table" - #endif - - /* -*************** -*** 67,73 **** - - /* Choose a system logging facility for the firewall toolkit. */ - #ifndef LFAC -! #define LFAC LOG_DAEMON - #endif - - ---- 67,73 ---- - - /* Choose a system logging facility for the firewall toolkit. */ - #ifndef LFAC -! #define LFAC LOG_LOCAL5 - #endif - - -*************** -*** 215,220 **** - #define PERM_ALLOW 01 - #define PERM_DENY 02 - -! - #define _INCL_FWALL_H - #endif ---- 215,222 ---- - #define PERM_ALLOW 01 - #define PERM_DENY 02 - -! #ifdef USE_IP_FILTER -! extern char *getdsthost(int, int*); -! #endif - #define _INCL_FWALL_H - #endif -diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c -*** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996 ---- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997 -*************** -*** 50,55 **** ---- 50,59 ---- - #ifndef FTPPORT - #define FTPPORT 21 - #endif -+ #ifdef USE_IP_FILTER -+ static int do_transparent=0; -+ static int connectdest(); -+ #endif - - static Cfg *confp; - static char **validests = (char **)0; -*************** -*** 170,175 **** ---- 174,182 ---- - char xuf[1024]; - char huf[128]; - char *passuser = (char *)0; /* passed user as av */ -+ #ifdef USE_IP_FILTER -+ char *psychic, *hotline; -+ #endif - - #ifndef LOG_DAEMON - openlog("ftp-gw",LOG_PID); -*************** -*** 313,320 **** - } - } else - timeout = 60*60; - -- - /* display a welcome file or message */ - if(passuser == (char *)0) { - if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { ---- 320,330 ---- - } - } else - timeout = 60*60; -+ #ifdef USE_IP_FILTER -+ psychic=getdsthost(0,NULL); -+ if(psychic) { do_transparent++; } -+ #endif - - /* display a welcome file or message */ - if(passuser == (char *)0) { - if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -*************** -*** 322,327 **** ---- 332,345 ---- - syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); - exit(1); - } -+ #ifdef USE_IP_FILTER -+ if(do_transparent) { -+ if(sayfile2(0,cf->argv[0],220)) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); -+ exit(1); -+ } -+ } else -+ #endif /* USE_IP_FILTER */ - if(sayfile(0,cf->argv[0],220)) { - syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); - exit(1); -*************** -*** 332,338 **** - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); - } ---- 350,361 ---- - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! #ifdef USE_IP_FILTER -! if(do_transparent) -! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); -! else -! #endif -! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); - } -*************** -*** 352,358 **** - if(cmd_user(2,fakav,"user internal")) - exit(1); - } -! - /* main loop */ - while(1) { - FD_ZERO(&rdy); ---- 375,386 ---- - if(cmd_user(2,fakav,"user internal")) - exit(1); - } -! #ifdef USE_IP_FILTER -! if(do_transparent) { -! connectdest(psychic,21); -! } -! #endif -! - /* main loop */ - while(1) { - FD_ZERO(&rdy); -*************** -*** 676,681 **** ---- 704,719 ---- - return(sayn(0,noad,sizeof(noad)-1)); - } - -+ #ifdef USE_IP_FILTER -+ if(do_transparent) { -+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; -+ sprintf(buf,"USER %s",user); -+ if(say(rfd,buf)) return(1); -+ x=getresp(rfd,buf,sizeof(buf),1); -+ if(sendsaved(0,x)) return(1); -+ return(say(0,buf)); -+ } -+ #endif - if(*dest == '\0') - dest = "localhost"; - -*************** -*** 717,723 **** - char ebuf[512]; - - strcpy(ebuf,buf); -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } ---- 755,766 ---- - char ebuf[512]; - - strcpy(ebuf,buf); -! #ifdef USE_IP_FILTER -! if(do_transparent) { -! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); -! } else -! #endif -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } -*************** -*** 1874,1876 **** ---- 1917,2036 ---- - dup(nread); - } - #endif -+ -+ #ifdef USE_IP_FILTER -+ static int connectdest(dest, port) -+ char *dest; -+ short port; -+ { -+ char buf[1024], mbuf[512]; -+ int msg_int, x; -+ -+ if(*dest == '\0') -+ dest = "localhost"; -+ -+ if(validests != (char **)0) { -+ char **xp; -+ int x; -+ -+ for(xp = validests; *xp != (char *)0; xp++) { -+ if(**xp == '!' && hostmatch(*xp + 1,dest)) { -+ return(baddest(0,dest)); -+ } else { -+ if(hostmatch(*xp,dest)) -+ break; -+ } -+ } -+ if(*xp == (char *)0) -+ return(baddest(0,dest)); -+ } -+ -+ /* Extended permissions processing goes in here for destination */ -+ if(extendperm) { -+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); -+ if(msg_int == 1) { -+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); -+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); -+ say(0,mbuf); -+ return(1); -+ } else { -+ if(msg_int == -1) { -+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); -+ say(0,mbuf); -+ return(1); -+ } -+ } -+ } -+ -+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); -+ -+ if((rfd = conn_server(dest,port,0,buf)) < 0) { -+ char ebuf[512]; -+ -+ strcpy(ebuf,buf); -+ sprintf(buf,"521 %s: %s",dest,ebuf); -+ rfd = -1; -+ return(say(0,buf)); -+ } -+ if(!do_transparent) { -+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); -+ saveline(buf); -+ } -+ -+ /* we are now connected and need to try the autologin thing */ -+ x = getresp(rfd,buf,sizeof(buf),1); -+ if(x / 100 != COMPLETE) { -+ sendsaved(0,-1); -+ return(say(0,buf)); -+ } -+ saveline(buf); -+ -+ sendsaved(0,-1); -+ return 0; -+ } -+ -+ -+ /* ok, so i'm in a hurry. english paper due RSN. */ -+ sayfile2(fd,fn,code) -+ int fd; -+ char *fn; -+ int code; -+ { -+ FILE *f; -+ char buf[BUFSIZ]; -+ char yuf[BUFSIZ]; -+ char *c; -+ int x; -+ int saidsomething = 0; -+ -+ if((f = fopen(fn,"r")) == (FILE *)0) -+ return(1); -+ while(fgets(buf,sizeof(buf),f) != (char *)0) { -+ if((c = index(buf,'\n')) != (char *)0) -+ *c = '\0'; -+ x = fgetc(f); -+ if(feof(f)) -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ else { -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ ungetc(x,f); -+ } -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ saidsomething++; -+ } -+ fclose(f); -+ if (!saidsomething) { -+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); -+ sprintf(yuf, "%3.3d The file to display is empty",code); -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ } -+ return(0); -+ } -+ -+ #endif /* USE_IP_FILTER */ -diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c -*** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996 ---- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997 -*************** -*** 27,32 **** ---- 27,35 ---- - static char http_buffer[8192]; - static char reason[8192]; - static int checkBrowserType = 1; -+ #ifdef USE_IP_FILTER -+ static int do_transparent=0; -+ #endif - - static void do_logging() - { char *proto = "GOPHER"; -*************** -*** 422,427 **** ---- 425,441 ---- - /*(NOT A SPECIAL FORM)*/ - - if((rem_type & TYPE_LOCAL)== 0){ -+ #ifdef USE_IP_FILTER -+ char *psychic=getdsthost(sockfd,&def_port); -+ if(psychic) { -+ if(strlen(psychic)<=MAXHOSTNAMELEN) { -+ do_transparent++; -+ strncpy(def_httpd,psychic,strlen(psychic)); -+ strncpy(def_server,psychic,strlen(psychic)); -+ } -+ } -+ -+ #endif /* USE_IP_FILTER */ - /* See if it can be forwarded */ - - if( can_forward(buf)){ -*************** -*** 1513,1518 **** ---- 1527,1537 ---- - parse_vec[0], - parse_vec[1], - ourname, ourport); -+ } -+ #ifdef USE_IP_FILTER -+ else if(do_transparent) { -+ sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); -+ #endif /* USE_IP_FILTER */ - }else{ - sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", - parse_vec[0], parse_vec[2], -diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c -*** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994 ---- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997 -*************** -*** 20,25 **** ---- 20,37 ---- - - extern char *inet_ntoa(); - -+ #if defined(USE_IP_FILTER) -+ #include -+ #ifndef LINUX -+ #include "ip_nat.h" -+ #endif -+ #if defined(SOLARIS) -+ #include -+ #include -+ #include -+ #include -+ #endif -+ #endif /* IP_FILTER */ - - #include "firewall.h" - -*************** -*** 45,47 **** ---- 57,158 ---- - bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); - return(inet_ntoa(sin.sin_addr)); - } -+ -+ -+ -+ #ifdef USE_IP_FILTER -+ char *getdsthost(fd, ptr) -+ int fd; -+ int *ptr; -+ { -+ struct sockaddr_in sin; -+ struct hostent *hp; -+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; -+ static char buf[255], hostbuf[255]; -+ #if defined(__FreeBSD__) || defined(SOLARIS) -+ struct sockaddr_in rsin; -+ struct natlookup natlookup; -+ int natfd; -+ #endif -+ -+ #ifdef linux -+ /* This should also work for UDP. Unfortunately, it doesn't. -+ Maybe when the Linux UDP proxy code gets a little cleaner. -+ */ -+ if(!(err=getsockname(0,&sin,&sl))) { -+ if(ptr) *ptr=ntohs(sin.sin_port); -+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); -+ gethostname(hostbuf,254); -+ hp=gethostbyname(hostbuf); -+ while(hp->h_addr_list[i]) { -+ bzero(&sin,&sl); -+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); -+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; -+ } -+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } -+ else { return(buf); } -+ } -+ #endif -+ -+ #if defined(__FreeBSD__) -+ /* The basis for this block of code is Darren Reed's -+ patches to the TIS ftwk's ftp-gw. -+ */ -+ bzero((char*)&sin,sizeof(sin)); -+ bzero((char*)&rsin,sizeof(rsin)); -+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { -+ return NULL; -+ } -+ sl=sizeof(rsin); -+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { -+ return NULL; -+ } -+ natlookup.nl_inport=sin.sin_port; -+ natlookup.nl_outport=rsin.sin_port; -+ natlookup.nl_inip=sin.sin_addr; -+ natlookup.nl_outip=rsin.sin_addr; -+ if((natfd=open("/dev/ipl",O_RDONLY))<0) { -+ return(NULL); -+ } -+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { -+ return(NULL); -+ } -+ close(natfd); -+ if(ptr) *ptr=ntohs(natlookup.nl_inport); -+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); -+ #endif -+ -+ #if defined(SOLARIS) /* for Solaris */ -+ /* The basis for this block of code is Darren Reed's -+ * patches to the TIS ftwk's ftp-gw. -+ * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de -+ */ -+ memset((char*)&sin, 0, sizeof(sin)); -+ memset((char*)&rsin, 0, sizeof(rsin)); -+ -+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { -+ return NULL; -+ } -+ sl=sizeof(rsin); -+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { -+ return NULL; -+ } -+ natlookup.nl_inport=sin.sin_port; -+ natlookup.nl_outport=rsin.sin_port; -+ natlookup.nl_inip=sin.sin_addr; -+ natlookup.nl_outip=rsin.sin_addr; -+ if( (natfd=open("/dev/ipl",O_RDONLY)) < 0) { -+ return(NULL); -+ } -+ if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { -+ return(NULL); -+ } -+ close(natfd); -+ if(ptr) *ptr=ntohs(natlookup.nl_inport); -+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); -+ #endif -+ -+ /* No transparent proxy support */ -+ return(NULL); -+ } -+ #endif /* USE_IP_FILTER */ -diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c -*** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996 ---- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997 -*************** -*** 38,44 **** - static int timeout = PROXY_TIMEOUT; - static char **validdests = (char **)0; - static Cfg *confp; -! - main(ac,av) - int ac; - char *av[]; ---- 38,46 ---- - static int timeout = PROXY_TIMEOUT; - static char **validdests = (char **)0; - static Cfg *confp; -! #ifdef USE_IP_FILTER -! static int do_transparent=0; -! #endif - main(ac,av) - int ac; - char *av[]; -*************** -*** 189,201 **** - static char buf[1024 * 4]; - void (*op)(); - char *dhost = NULL; - char hostport[1024 * 4]; - char *ptr; - int state = 0; - int ssl_plug = 0; -! - struct timeval timo; - - if(c->flags & PERM_DENY) { - if (p == -1) - syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); ---- 191,215 ---- - static char buf[1024 * 4]; - void (*op)(); - char *dhost = NULL; -+ char *transhost = NULL; - char hostport[1024 * 4]; - char *ptr; - int state = 0; - int ssl_plug = 0; -! #ifdef USE_IP_FILTER -! int pport; -! #endif - struct timeval timo; - -+ #ifdef USE_IP_FILTER -+ /* Transparent plug-gw is probably a bad idea, but hey .. */ -+ transhost=getdsthost(0,&pport); -+ if(transhost) { -+ do_transparent++; -+ portid=pport; -+ } -+ #endif -+ - if(c->flags & PERM_DENY) { - if (p == -1) - syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); -*************** -*** 223,229 **** - privport = 1; - continue; - } -! - if (!strcmp(av[x], "-port")) { - if (++x >= ac) { - syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); ---- 237,248 ---- - privport = 1; - continue; - } -! #ifdef USE_IP_FILTER -! if (!strcmp(av[x],"-all-destinations")) { -! dhost = transhost; -! continue; -! } -! #endif - if (!strcmp(av[x], "-port")) { - if (++x >= ac) { - syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); -diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c -*** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996 ---- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997 -*************** -*** 40,46 **** - - extern char *maphostname(); - -! - static int cmd_quit(); - static int cmd_help(); - static int cmd_connect(); ---- 40,48 ---- - - extern char *maphostname(); - -! #ifdef USE_IP_FILTER -! static int do_transparent=0; -! #endif - static int cmd_quit(); - static int cmd_help(); - static int cmd_connect(); -*************** -*** 120,125 **** ---- 122,130 ---- - static char *tokav[56]; - int tokac; - struct timeval timo; -+ #ifdef USE_IP_FILTER -+ char *psychic; -+ #endif - - #ifndef LOG_NDELAY - openlog("rlogin-gw",LOG_PID); -*************** -*** 186,192 **** - } - - -! - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { - syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); ---- 191,204 ---- - } - - -! #ifdef USE_IP_FILTER -! psychic=getdsthost(0,NULL); -! if(psychic) { -! do_transparent++; -! strncpy(dest,psychic,511); -! dest[511]='\0'; -! } -! #endif /* USE_IP_FILTER */ - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { - syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); -*************** -*** 260,269 **** - } - - /* if present a host name, chop and save username and hostname */ -- dest[0] = '\0'; - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; ---- 272,281 ---- - } - - /* if present a host name, chop and save username and hostname */ - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - -+ dest[0] = '\0'; - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; -*************** -*** 532,539 **** ---- 544,557 ---- - sprintf(ebuf,"Trying %s@%s...",rusername,namp); - else - sprintf(ebuf,"Trying %s...",namp); -+ #ifdef USE_IP_FILTER -+ if(!do_transparent) { -+ #endif - if(say(0,ebuf)) - return(1); -+ #ifdef USE_IP_FILTER -+ } -+ #endif - } else - syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); - if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { -diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c -*** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996 ---- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997 -*************** -*** 97,102 **** ---- 97,106 ---- - static int timeout = PROXY_TIMEOUT; - static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; - -+ #ifdef USE_IP_FILTER -+ static int do_transparent=0; -+ #endif -+ - typedef struct { - char *name; - char *hmsg; -*************** -*** 140,145 **** ---- 144,153 ---- - char tokbuf[BSIZ]; - char *tokav[56]; - int tokac; -+ #ifdef USE_IP_FILTER -+ int port; -+ char *psychic; -+ #endif - - #ifndef LOG_DAEMON - openlog("tn-gw",LOG_PID); -*************** -*** 307,313 **** - exit(1); - } - } -! - while (argc > 1) { - argc--; - argv++; ---- 315,349 ---- - exit(1); - } - } -! #ifdef USE_IP_FILTER -! psychic=getdsthost(0,&port); -! if(psychic) { -! if((strlen(psychic) + 10) < 510) { -! do_transparent++; -! if(port) -! sprintf(dest,"%s:%d",psychic,port); -! else -! sprintf(dest,"%s",psychic); -! -! -! if(!welcomedone) -! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -! if(cf->argc != 1) { -! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); -! exit(1); -! } -! if(sayfile(0,cf->argv[0])) { -! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); -! exit(1); -! } -! welcomedone = 1; -! } -! -! -! } -! } -! -! #endif /* USE_IP_FILTER */ - while (argc > 1) { - argc--; - argv++; -*************** -*** 870,877 **** - - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); - sprintf(ebuf,"Trying %s port %d...",namp,port); -! if(say(0,ebuf)) -! return(1); - } else - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); - ---- 906,920 ---- - - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); - sprintf(ebuf,"Trying %s port %d...",namp,port); -! #ifdef USE_IP_FILTER -! if(!do_transparent) { -! sprintf(ebuf,"Trying %s port %d...",namp,port); -! #endif -! if(say(0,ebuf)) -! return(1); -! #ifdef USE_IP_FILTER -! } -! #endif - } else - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); - -*************** -*** 903,910 **** - - syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! sprintf(buf, "Connected to %s.", dest); - say(0, buf); - return(2); - } - ---- 946,959 ---- - - syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! #ifdef USE_IP_FILTER -! if(!do_transparent) { -! sprintf(buf, "Connected to %s.", dest); -! say(0, buf); -! } -! #else - say(0, buf); -+ #endif - return(2); - } - -diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c -*** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996 ---- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997 -*************** -*** 212,218 **** - case AF_UNIX: un_name = (struct sockaddr_un *)addr; - len = sizeof(un_name->sun_family) + - sizeof(un_name->sun_path) -! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */ - + sizeof(un_name->sun_len) + 1 - #endif - ; ---- 212,218 ---- - case AF_UNIX: un_name = (struct sockaddr_un *)addr; - len = sizeof(un_name->sun_family) + - sizeof(un_name->sun_path) -! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */ - + sizeof(un_name->sun_len) + 1 - #endif - ; -Only in fwtk/x-gw: socket.c.bak diff --git a/contrib/ipfilter/FWTK/fwtkp b/contrib/ipfilter/FWTK/fwtkp deleted file mode 100644 index 8f4819a16f..0000000000 --- a/contrib/ipfilter/FWTK/fwtkp +++ /dev/null @@ -1,812 +0,0 @@ -diff -c -r ./ftp-gw/ftp-gw.c ../../NEW/fwtk/ftp-gw/ftp-gw.c -*** ./ftp-gw/ftp-gw.c Fri Sep 6 12:55:05 1996 ---- ../../NEW/fwtk/ftp-gw/ftp-gw.c Wed Oct 9 02:51:35 1996 -*************** -*** 40,47 **** - - extern char *optarg; - -! #include "firewall.h" - - - #ifndef BSIZ - #define BSIZ 2048 ---- 40,48 ---- - - extern char *optarg; - -! char *getdsthost(); - -+ #include "firewall.h" - - #ifndef BSIZ - #define BSIZ 2048 -*************** -*** 84,89 **** ---- 85,92 ---- - static int cmdcnt = 0; - static int timeout = PROXY_TIMEOUT; - -+ static int do_transparent=0; -+ - - static int cmd_user(); - static int cmd_authorize(); -*************** -*** 98,103 **** ---- 101,107 ---- - static void saveline(); - static void flushsaved(); - static void trap_sigurg(); -+ static int connectdest(); - - #define OP_CONN 001 /* only valid if connected */ - #define OP_WCON 002 /* writethrough if connected */ -*************** -*** 170,175 **** ---- 174,180 ---- - char xuf[1024]; - char huf[128]; - char *passuser = (char *)0; /* passed user as av */ -+ char *psychic, *hotline; - - #ifndef LOG_DAEMON - openlog("ftp-gw",LOG_PID); -*************** -*** 314,319 **** ---- 319,326 ---- - } else - timeout = 60*60; - -+ psychic=getdsthost(0,NULL); -+ if(psychic) { do_transparent++; } - - /* display a welcome file or message */ - if(passuser == (char *)0) { -*************** -*** 322,327 **** ---- 329,340 ---- - syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); - exit(1); - } -+ if(do_transparent) { -+ if(sayfile2(0,cf->argv[0],220)) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); -+ exit(1); -+ } -+ } else - if(sayfile(0,cf->argv[0],220)) { - syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); - exit(1); -*************** -*** 332,338 **** - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); - if(say(0,xuf)) - exit(1); - } ---- 345,357 ---- - if(authallflg) - if(say(0,"220-Proxy first requires authentication")) - exit(1); -! /* foo */ -! if(do_transparent) -! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); -! else -! sprintf(xuf,"220 %s FTP Proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); -! /* foo */ -! - if(say(0,xuf)) - exit(1); - } -*************** -*** 353,358 **** ---- 372,381 ---- - exit(1); - } - -+ if(do_transparent) { -+ connectdest(psychic,21); -+ } -+ - /* main loop */ - while(1) { - FD_ZERO(&rdy); -*************** -*** 676,681 **** ---- 699,713 ---- - return(sayn(0,noad,sizeof(noad)-1)); - } - -+ if(do_transparent) { -+ if((rfd==(-1)) && (x=connectdest(dest,port))) return x; -+ sprintf(buf,"USER %s",user); -+ if(say(rfd,buf)) return(1); -+ x=getresp(rfd,buf,sizeof(buf),1); -+ if(sendsaved(0,x)) return(1); -+ return(say(0,buf)); -+ } -+ - if(*dest == '\0') - dest = "localhost"; - -*************** -*** 701,708 **** - if(msg_int == 1) { - sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); - syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); -! say(0,mbuf); -! return(1); - } else { - if(msg_int == -1) { - sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); ---- 733,740 ---- - if(msg_int == 1) { - sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); - syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); -! say(0,mbuf); -! return(1); - } else { - if(msg_int == -1) { - sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); -*************** -*** 717,723 **** - char ebuf[512]; - - strcpy(ebuf,buf); -! sprintf(buf,"521 %s: %s",dest,ebuf); - rfd = -1; - return(say(0,buf)); - } ---- 749,759 ---- - char ebuf[512]; - - strcpy(ebuf,buf); -! if(do_transparent) { -! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); -! } else { -! sprintf(buf,"521 %s: %s",dest,ebuf); -! } - rfd = -1; - return(say(0,buf)); - } -*************** -*** 732,737 **** ---- 768,778 ---- - } - saveline(buf); - -+ /* if(do_transparent) { -+ sendsaved(0,-1); -+ return(0); -+ } /* EEEk. I can't remember what this does. */ -+ - sprintf(buf,"USER %s",user); - if(say(rfd,buf)) - return(1); -*************** -*** 744,749 **** ---- 785,860 ---- - return 0; - } - -+ static int connectdest(dest, port) -+ char *dest; -+ short port; -+ { -+ char buf[1024], mbuf[512]; -+ int msg_int, x; -+ -+ if(*dest == '\0') -+ dest = "localhost"; -+ -+ if(validests != (char **)0) { -+ char **xp; -+ int x; -+ -+ for(xp = validests; *xp != (char *)0; xp++) { -+ if(**xp == '!' && hostmatch(*xp + 1,dest)) { -+ return(baddest(0,dest)); -+ } else { -+ if(hostmatch(*xp,dest)) -+ break; -+ } -+ } -+ if(*xp == (char *)0) -+ return(baddest(0,dest)); -+ } -+ -+ /* Extended permissions processing goes in here for destination */ -+ if(extendperm) { -+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); -+ if(msg_int == 1) { -+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); -+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); -+ say(0,mbuf); -+ return(1); -+ } else { -+ if(msg_int == -1) { -+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); -+ say(0,mbuf); -+ return(1); -+ } -+ } -+ } -+ -+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); -+ -+ if((rfd = conn_server(dest,port,0,buf)) < 0) { -+ char ebuf[512]; -+ -+ strcpy(ebuf,buf); -+ sprintf(buf,"521 %s: %s",dest,ebuf); -+ rfd = -1; -+ return(say(0,buf)); -+ } -+ if(!do_transparent) { -+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); -+ saveline(buf); -+ } -+ -+ /* we are now connected and need to try the autologin thing */ -+ x = getresp(rfd,buf,sizeof(buf),1); -+ if(x / 100 != COMPLETE) { -+ sendsaved(0,-1); -+ return(say(0,buf)); -+ } -+ saveline(buf); -+ -+ sendsaved(0,-1); -+ return 0; -+ } -+ - - - static int -*************** -*** 1053,1058 **** ---- 1164,1171 ---- - static char nprn[] = "500 cannot get peername"; - char buf[512]; - -+ /* syslog(LLEV,"DEBUG: port cmd"); */ -+ - if(ac < 2) - return(sayn(0,narg,sizeof(narg)-1)); - -*************** -*** 1119,1124 **** ---- 1232,1238 ---- - #define UC(c) (((int)c) & 0xff) - sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]), - UC(k[3]),UC(l[0]),UC(l[1])); -+ /* syslog(LLEV,"DEBUG: %s",buf); */ - s = strlen(buf); - if (write(rfd, buf, s) != s) - return 1; -*************** -*** 1330,1335 **** ---- 1444,1450 ---- - callback() - { - /* if we haven't gotten a valid PORT scrub the connection */ -+ /* syslog(LLEV,"DEBUG: callback()."); */ - if((outgoing = accept(boundport,(struct sockaddr *)0,(int *)0)) < 0 || clntport.sin_port == 0) - goto bomb; - if(pasvport != -1) { /* incoming handled by PASVcallback */ -*************** -*** 1796,1801 **** ---- 1911,1960 ---- - } - return(0); - } -+ -+ /* ok, so i'm in a hurry. english paper due RSN. */ -+ sayfile2(fd,fn,code) -+ int fd; -+ char *fn; -+ int code; -+ { -+ FILE *f; -+ char buf[BUFSIZ]; -+ char yuf[BUFSIZ]; -+ char *c; -+ int x; -+ int saidsomething = 0; -+ -+ if((f = fopen(fn,"r")) == (FILE *)0) -+ return(1); -+ while(fgets(buf,sizeof(buf),f) != (char *)0) { -+ if((c = index(buf,'\n')) != (char *)0) -+ *c = '\0'; -+ x = fgetc(f); -+ if(feof(f)) -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ else { -+ sprintf(yuf,"%3.3d-%s",code,buf); -+ ungetc(x,f); -+ } -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ saidsomething++; -+ } -+ fclose(f); -+ if (!saidsomething) { -+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); -+ sprintf(yuf, "%3.3d The file to display is empty",code); -+ if(say(fd,yuf)) { -+ fclose(f); -+ return(1); -+ } -+ } -+ return(0); -+ } -+ - - - porttoaddr(s,a) -diff -c -r ./http-gw/http-gw.c ../../NEW/fwtk/http-gw/http-gw.c -*** ./http-gw/http-gw.c Mon Sep 9 14:40:53 1996 ---- ../../NEW/fwtk/http-gw/http-gw.c Wed Oct 9 02:51:57 1996 -*************** -*** 27,32 **** ---- 27,37 ---- - static char http_buffer[8192]; - static char reason[8192]; - static int checkBrowserType = 1; -+ /* foo */ -+ static int do_transparent=0; -+ /* foo */ -+ -+ char *getdsthost(); - - static void do_logging() - { char *proto = "GOPHER"; -*************** -*** 422,427 **** ---- 427,443 ---- - /*(NOT A SPECIAL FORM)*/ - - if((rem_type & TYPE_LOCAL)== 0){ -+ /* foo */ -+ char *psychic=getdsthost(sockfd,&def_port); -+ if(psychic) { -+ if(strlen(psychic)<=MAXHOSTNAMELEN) { -+ do_transparent++; -+ strncpy(def_httpd,psychic,strlen(psychic)); -+ strncpy(def_server,psychic,strlen(psychic)); -+ } -+ } -+ -+ /* foo */ - /* See if it can be forwarded */ - - if( can_forward(buf)){ -*************** -*** 1513,1519 **** - parse_vec[0], - parse_vec[1], - ourname, ourport); -! }else{ - sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", - parse_vec[0], parse_vec[2], - parse_vec[3], chk_type_ch, ---- 1529,1541 ---- - parse_vec[0], - parse_vec[1], - ourname, ourport); -! } -! /* FOO */ -! else if(do_transparent) { -! sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); -! } -! /* FOO */ -! else{ - sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", - parse_vec[0], parse_vec[2], - parse_vec[3], chk_type_ch, -diff -c -r ./lib/hnam.c ../../NEW/fwtk/lib/hnam.c -*** ./lib/hnam.c Fri Nov 4 18:30:19 1994 ---- ../../NEW/fwtk/lib/hnam.c Wed Oct 9 02:34:13 1996 -*************** -*** 22,27 **** ---- 22,31 ---- - - - #include "firewall.h" -+ #ifdef __FreeBSD__ -+ #include -+ #include "ip_nat.h" -+ #endif /* __FreeBSD__ */ - - - char * -*************** -*** 44,47 **** ---- 48,115 ---- - - bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); - return(inet_ntoa(sin.sin_addr)); -+ } -+ -+ char *getdsthost(fd, ptr) -+ int fd; -+ int *ptr; -+ { -+ struct sockaddr_in sin; -+ struct hostent *hp; -+ int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; -+ char buf[255], hostbuf[255]; -+ #ifdef __FreeBSD__ -+ struct sockaddr_in rsin; -+ struct natlookup natlookup; -+ #endif -+ -+ #ifdef linux -+ /* This should also work for UDP. Unfortunately, it doesn't. -+ Maybe when the Linux UDP proxy code gets a little cleaner. -+ */ -+ if(!(err=getsockname(0,&sin,&sl))) { -+ if(ptr) *ptr=ntohs(sin.sin_port); -+ sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); -+ gethostname(hostbuf,254); -+ hp=gethostbyname(hostbuf); -+ while(hp->h_addr_list[i]) { -+ bzero(&sin,&sl); -+ memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); -+ if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; -+ } -+ if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } -+ else { return(buf); } -+ } -+ #endif -+ -+ #ifdef __FreeBSD__ -+ /* The basis for this block of code is Darren Reed's -+ patches to the TIS ftwk's ftp-gw. -+ */ -+ bzero((char*)&sin,sizeof(sin)); -+ bzero((char*)&rsin,sizeof(rsin)); -+ if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { -+ return NULL; -+ } -+ sl=sizeof(rsin); -+ if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { -+ return NULL; -+ } -+ natlookup.nl_inport=sin.sin_port; -+ natlookup.nl_outport=rsin.sin_port; -+ natlookup.nl_inip=sin.sin_addr; -+ natlookup.nl_outip=rsin.sin_addr; -+ if((natfd=open("/dev/ipl",O_RDONLY))<0) { -+ return(NULL); -+ } -+ if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { -+ return(NULL); -+ } -+ close(natfd); -+ if(ptr) *ptr=ntohs(natlookup.nl_inport); -+ sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); -+ #endif -+ -+ /* No transparent proxy support */ -+ return(NULL); - } -Only in ./lib: hnam.c.orig -diff -c -r ./plug-gw/plug-gw.c ../../NEW/fwtk/plug-gw/plug-gw.c -*** ./plug-gw/plug-gw.c Thu Sep 5 15:36:33 1996 ---- ../../NEW/fwtk/plug-gw/plug-gw.c Wed Oct 9 02:46:48 1996 -*************** -*** 39,44 **** ---- 39,48 ---- - static char **validdests = (char **)0; - static Cfg *confp; - -+ int do_transparent=0; -+ -+ char *getdsthost(); -+ - main(ac,av) - int ac; - char *av[]; -*************** -*** 193,201 **** ---- 197,213 ---- - char *ptr; - int state = 0; - int ssl_plug = 0; -+ int pport=0; - - struct timeval timo; - -+ /* Transparent plug-gw is probably a bad idea, but hey .. */ -+ dhost=getdsthost(0,&pport); -+ if(dhost) { -+ do_transparent++; -+ portid=pport; -+ } -+ - if(c->flags & PERM_DENY) { - if (p == -1) - syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); -*************** -*** 215,221 **** - syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); - exit (1); - } -! dhost = av[x]; - continue; - } - ---- 227,234 ---- - syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln); - exit (1); - } -! if(!dhost) dhost = av[x]; -! /* syslog(LLEV,"DEBUG: dhost now is [%s]",dhost); */ - continue; - } - -diff -c -r ./rlogin-gw/rlogin-gw.c ../../NEW/fwtk/rlogin-gw/rlogin-gw.c -*** ./rlogin-gw/rlogin-gw.c Fri Sep 6 12:56:33 1996 ---- ../../NEW/fwtk/rlogin-gw/rlogin-gw.c Wed Oct 9 02:49:04 1996 -*************** -*** 39,45 **** ---- 39,47 ---- - - - extern char *maphostname(); -+ char *getdsthost(); - -+ int do_transparent=0; - - static int cmd_quit(); - static int cmd_help(); -*************** -*** 120,125 **** ---- 122,130 ---- - static char *tokav[56]; - int tokac; - struct timeval timo; -+ /* foo */ -+ char *psychic; -+ /* foo */ - - #ifndef LOG_NDELAY - openlog("rlogin-gw",LOG_PID); -*************** -*** 185,191 **** - xforwarder = cf->argv[0]; - } - -! - - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { ---- 190,203 ---- - xforwarder = cf->argv[0]; - } - -! /* foo */ -! psychic=getdsthost(0,NULL); -! if(psychic) { -! do_transparent++; -! strncpy(dest,psychic,511); -! dest[511]='\0'; -! } -! /* foo */ - - if((cf = cfg_get("directory",confp)) != (Cfg *)0) { - if(cf->argc != 1) { -*************** -*** 260,269 **** - } - - /* if present a host name, chop and save username and hostname */ -! dest[0] = '\0'; - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; ---- 272,282 ---- - } - - /* if present a host name, chop and save username and hostname */ -! /* dest[0] = '\0'; */ - if((p = index(rusername,'@')) != (char *)0) { - char *namp; - -+ dest[0] = '\0'; - *p++ = '\0'; - if(*p == '\0') - p = "localhost"; -*************** -*** 293,300 **** ---- 306,326 ---- - goto leave; - } - -+ /* syslog(LLEV,"DEBUG: Uh-oh, $dest = %s\n",dest); */ -+ - if(dest[0] != '\0') { - /* Setup connection directly to remote machine */ -+ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -+ if(cf->argc != 1) { -+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); -+ exit(1); -+ } -+ if(sayfile(0,cf->argv[0])) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); -+ exit(1); -+ } -+ } -+ /* Does this cmd_connect thing feel like a kludge or what? */ - sprintf(buf,"connect %.1000s",dest); - tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf)); - if (cmd_connect(tokac, tokav, buf) != 2) -*************** -*** 526,539 **** - char ebuf[512]; - - syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp); - if(strlen(namp) > 20) - namp[20] = '\0'; - if(rusername[0] != '\0') - sprintf(ebuf,"Trying %s@%s...",rusername,namp); - else - sprintf(ebuf,"Trying %s...",namp); -! if(say(0,ebuf)) -! return(1); - } else - syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); - if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { ---- 552,567 ---- - char ebuf[512]; - - syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,namp); -+ if(!do_transparent) { - if(strlen(namp) > 20) - namp[20] = '\0'; - if(rusername[0] != '\0') - sprintf(ebuf,"Trying %s@%s...",rusername,namp); - else - sprintf(ebuf,"Trying %s...",namp); -! if(say(0,ebuf)) -! return(1); -! } - } else - syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); - if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { -diff -c -r ./tn-gw/tn-gw.c ../../NEW/fwtk/tn-gw/tn-gw.c -*** ./tn-gw/tn-gw.c Fri Sep 6 12:55:48 1996 ---- ../../NEW/fwtk/tn-gw/tn-gw.c Wed Oct 9 02:50:17 1996 -*************** -*** 87,92 **** ---- 87,94 ---- - static int cmd_xforward(); - static int cmd_timeout(); - -+ char *getdsthost(); -+ - static int tn3270 = 1; /* don't do tn3270 stuff */ - static int doX; - -*************** -*** 97,102 **** ---- 99,106 ---- - static int timeout = PROXY_TIMEOUT; - static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; - -+ int do_transparent=0; -+ - typedef struct { - char *name; - char *hmsg; -*************** -*** 140,145 **** ---- 144,151 ---- - char tokbuf[BSIZ]; - char *tokav[56]; - int tokac; -+ int port; -+ char *psychic; - - #ifndef LOG_DAEMON - openlog("tn-gw",LOG_PID); -*************** -*** 308,313 **** ---- 314,346 ---- - } - } - -+ psychic=getdsthost(0,&port); -+ if(psychic) { -+ if((strlen(psychic) + 10) < 510) { -+ do_transparent++; -+ if(port) -+ sprintf(dest,"%s:%d",psychic,port); -+ else -+ sprintf(dest,"%s",psychic); -+ -+ -+ if(!welcomedone) -+ if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { -+ if(cf->argc != 1) { -+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); -+ exit(1); -+ } -+ if(sayfile(0,cf->argv[0])) { -+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); -+ exit(1); -+ } -+ welcomedone = 1; -+ } -+ -+ -+ } -+ } -+ - while (argc > 1) { - argc--; - argv++; -*************** -*** 864,877 **** - } - } - -- - if((namp = maphostname(av[1])) != (char *)0) { - char ebuf[512]; - - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); -! sprintf(ebuf,"Trying %s port %d...",namp,port); -! if(say(0,ebuf)) -! return(1); - } else - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); - ---- 897,911 ---- - } - } - - if((namp = maphostname(av[1])) != (char *)0) { - char ebuf[512]; - - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); -! if(!do_transparent) { -! sprintf(ebuf,"Trying %s port %d...",namp,port); -! if(say(0,ebuf)) -! return(1); -! } - } else - syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); - -*************** -*** 903,910 **** - - syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! sprintf(buf, "Connected to %s.", dest); -! say(0, buf); - return(2); - } - ---- 937,946 ---- - - syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); - strncpy(dest,av[1], 511); -! if(!do_transparent) { -! sprintf(buf, "Connected to %s.", dest); -! say(0, buf); -! } - return(2); - } - - - diff --git a/contrib/ipfilter/FWTK/tproxy.diff b/contrib/ipfilter/FWTK/tproxy.diff deleted file mode 100644 index 234404bf23..0000000000 --- a/contrib/ipfilter/FWTK/tproxy.diff +++ /dev/null @@ -1,82 +0,0 @@ -*** tproxy.c.orig Fri Dec 20 10:53:24 1996 ---- tproxy.c Sun Jan 3 11:33:55 1999 -*************** -*** 135,140 **** ---- 135,144 ---- - #include - #include - #include -+ #include -+ #include -+ #include -+ #include - #include "tproxy.h" - - #ifdef AIX -*************** -*** 147,152 **** ---- 151,159 ---- - #define bzero(buf,size) memset(buf, '\0', size); - #endif /* SYSV */ - -+ #include "ip_compat.h" -+ #include "ip_fil.h" -+ #include "ip_nat.h" - - - /* socket to audio server */ -*************** -*** 324,329 **** ---- 331,369 ---- - char localbuf[2048]; - void timeout(); - extern int errno; -+ /* -+ * IP-Filter block -+ */ -+ struct sockaddr_in laddr, faddr; -+ struct natlookup natlookup; -+ int slen, natfd; -+ -+ bzero((char *)&laddr, sizeof(laddr)); -+ bzero((char *)&faddr, sizeof(faddr)); -+ slen = sizeof(laddr); -+ if (getsockname(0, (struct sockaddr *)&laddr, &slen) < 0) -+ return -1; -+ slen = sizeof(faddr); -+ if (getpeername(0, (struct sockaddr *)&faddr, &slen) < 0) -+ return -1; -+ natlookup.nl_inport = laddr.sin_port; -+ natlookup.nl_outport = faddr.sin_port; -+ natlookup.nl_inip = laddr.sin_addr; -+ natlookup.nl_outip = faddr.sin_addr; -+ natlookup.nl_flags = IPN_TCP; -+ if ((natfd = open(IPL_NAT, O_RDONLY)) < 0) -+ return -1; -+ if (ioctl(natfd, SIOCGNATL, &natlookup) == -1) { -+ syslog(LOG_ERR, "SIOCGNATL failed: %m\n"); -+ close(natfd); -+ return -1; -+ } -+ close(natfd); -+ strcpy(hostname, inet_ntoa(natlookup.nl_realip)); -+ serverport = ntohs(natlookup.nl_realport); -+ /* -+ * End of IP-Filter block -+ */ - - /* setup a timeout in case dialog doesn't finish */ - signal(SIGALRM, timeout); -*************** -*** 337,344 **** ---- 377,386 ---- - * and modify the call to (and subroutine) serverconnect() as - * appropriate. - */ -+ #if 0 - strcpy(hostname, "randomhostname"); - serverport = 7070; -+ #endif - /* Can we connect to the server */ - if ( (serverfd = serverconnect(hostname, serverport)) < 0 ) { - /* errno may still be set from previous call */ diff --git a/contrib/ipfilter/FreeBSD-2.2/files.diffs b/contrib/ipfilter/FreeBSD-2.2/files.diffs deleted file mode 100644 index 10bce4b28e..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/files.diffs +++ /dev/null @@ -1,20 +0,0 @@ -*** files.orig Tue Sep 9 16:58:40 1997 ---- files Sat Apr 4 10:52:58 1998 -*************** -*** 222,227 **** ---- 222,236 ---- - netinet/tcp_timer.c optional inet - netinet/tcp_usrreq.c optional inet - netinet/udp_usrreq.c optional inet -+ netinet/ip_fil.c optional ipfilter inet -+ netinet/fil.c optional ipfilter inet -+ netinet/ip_nat.c optional ipfilter inet -+ netinet/ip_frag.c optional ipfilter inet -+ netinet/ip_state.c optional ipfilter inet -+ netinet/ip_proxy.c optional ipfilter inet -+ netinet/mlf_ipl.c optional ipfilter inet -+ netinet/ip_auth.c optional ipfilter inet -+ netinet/ip_log.c optional ipfilter inet - netipx/ipx.c optional ipx - netipx/ipx_cksum.c optional ipx - netipx/ipx_input.c optional ipx diff --git a/contrib/ipfilter/FreeBSD-2.2/files.newconf.diffs b/contrib/ipfilter/FreeBSD-2.2/files.newconf.diffs deleted file mode 100644 index 67894d0f87..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/files.newconf.diffs +++ /dev/null @@ -1,20 +0,0 @@ -*** files.newconf.orig Sun Jun 25 02:17:29 1995 ---- files.newconf Sun Jun 25 02:19:10 1995 -*************** -*** 161,166 **** ---- 161,175 ---- - file netinet/ip_input.c inet - file netinet/ip_mroute.c inet - file netinet/ip_output.c inet -+ file netinet/ip_fil.c ipfilter -+ file netinet/fil.c ipfilter -+ file netinet/ip_nat.c ipfilter -+ file netinet/ip_frag.c ipfilter -+ file netinet/ip_state.c ipfilter -+ file netinet/ip_proxy.c ipfilter -+ file netinet/ip_auth.c ipfilter -+ file netinet/ip_log.c ipfilter -+ file netinet/mlf_ipl.c ipfilter - file netinet/raw_ip.c inet - file netinet/tcp_debug.c inet - file netinet/tcp_input.c inet diff --git a/contrib/ipfilter/FreeBSD-2.2/in_proto.c.diffs b/contrib/ipfilter/FreeBSD-2.2/in_proto.c.diffs deleted file mode 100644 index c2822d3ff9..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/in_proto.c.diffs +++ /dev/null @@ -1,16 +0,0 @@ -*** /sys/netinet/in_proto.c.orig Sat May 24 13:42:26 1997 ---- /sys/netinet/in_proto.c Sat May 24 13:42:36 1997 -*************** -*** 89,94 **** ---- 89,99 ---- - void eoninput(), eonctlinput(), eonprotoinit(); - #endif /* EON */ - -+ #if defined(IPFILTER) && !defined(IPFILTER_LKM) -+ void iplinit(); -+ #define ip_init iplinit -+ #endif -+ - extern struct domain inetdomain; - - struct protosw inetsw[] = { diff --git a/contrib/ipfilter/FreeBSD-2.2/ip_input.c.diffs b/contrib/ipfilter/FreeBSD-2.2/ip_input.c.diffs deleted file mode 100644 index c2b2b15301..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/ip_input.c.diffs +++ /dev/null @@ -1,32 +0,0 @@ -*** /sys/netinet/ip_input.c.orig Sat May 24 13:37:16 1997 ---- /sys/netinet/ip_input.c Sat May 24 13:38:58 1997 -*************** -*** 74,79 **** ---- 74,82 ---- - #ifdef IPFIREWALL - #include - #endif -+ #if defined(IPFILTER_LKM) || defined(IPFILTER) -+ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif - - int rsvp_on = 0; - static int ip_rsvp_on; -*************** -*** 310,315 **** ---- 313,327 ---- - * - Wrap: fake packet's addr/port - * - Encapsulate: put it in another IP and send out. - */ -+ #if defined(IPFILTER_LKM) || defined(IPFILTER) -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) -+ return; -+ ip = mtod(m = m1, struct ip *); -+ } -+ #endif - - #ifdef COMPAT_IPFW - if (ip_fw_chk_ptr) { diff --git a/contrib/ipfilter/FreeBSD-2.2/ip_output.c.diffs b/contrib/ipfilter/FreeBSD-2.2/ip_output.c.diffs deleted file mode 100644 index ff5ae0a5d6..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/ip_output.c.diffs +++ /dev/null @@ -1,67 +0,0 @@ -*** /sys/netinet/ip_output.c.orig Sat May 24 14:07:24 1997 ---- /sys/netinet/ip_output.c Sat May 24 15:00:29 1997 -*************** -*** 67,72 **** ---- 67,76 ---- - #else - #undef COMPAT_IPFW - #endif -+ #if defined(IPFILTER_LKM) || defined(IPFILTER) -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif -+ - - u_short ip_id; - -*************** -*** 75,81 **** - __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); - static int ip_getmoptions - __P((int, struct ip_moptions *, struct mbuf **)); -! static int ip_optcopy __P((struct ip *, struct ip *)); - static int ip_pcbopts __P((struct mbuf **, struct mbuf *)); - static int ip_setmoptions - __P((int, struct ip_moptions **, struct mbuf *)); ---- 79,85 ---- - __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); - static int ip_getmoptions - __P((int, struct ip_moptions *, struct mbuf **)); -! int ip_optcopy __P((struct ip *, struct ip *)); - static int ip_pcbopts __P((struct mbuf **, struct mbuf *)); - static int ip_setmoptions - __P((int, struct ip_moptions **, struct mbuf *)); -*************** -*** 338,343 **** ---- 342,356 ---- - * - Wrap: fake packet's addr/port - * - Encapsulate: put it in another IP and send out. - */ -+ #if defined(IPFILTER_LKM) || defined(IPFILTER) -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1) -+ goto done; -+ ip = mtod(m = m1, struct ip *); -+ } -+ #endif - - #ifdef COMPAT_IPFW - if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, ifp, IP_NAT_OUT)) { -*************** -*** 559,565 **** - * Copy options from ip to jp, - * omitting those not copied during fragmentation. - */ -! static int - ip_optcopy(ip, jp) - struct ip *ip, *jp; - { ---- 574,580 ---- - * Copy options from ip to jp, - * omitting those not copied during fragmentation. - */ -! int - ip_optcopy(ip, jp) - struct ip *ip, *jp; - { diff --git a/contrib/ipfilter/FreeBSD-2.2/kinstall b/contrib/ipfilter/FreeBSD-2.2/kinstall deleted file mode 100755 index 9ecadc4ce2..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/kinstall +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD* ) cd .. -echo -n "Installing " -foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \ - ip_proxy.[ch] ip_*_pxy.c mlf_ipl.c ipl.h ip_compat.h \ - ip_auth.[ch] ip_log.c) - echo -n "$i "; - cp $i /sys/netinet - chmod 644 /sys/netinet/$i - switch ( $i ) - case *.h: - /bin/cp $i /usr/include/netinet/$i - chmod 644 /usr/include/netinet/$i - breaksw - endsw -end -echo "" -echo "Copying /usr/include/osreldate.h to /sys/sys" -cp /usr/include/osreldate.h /sys/sys -echo "Patching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD-2.2/ip_{in,out}put.c.diffs FreeBSD-2.2/in_proto.c.diffs | \ -(cd /sys/netinet; patch) - -if ( -f /sys/conf/files.newconf ) then - echo "Patching /sys/conf/files.newconf" - cat FreeBSD-2.2/files.newconf.diffs | (cd /sys/conf; patch) - echo "Patching /sys/conf/files" - cat FreeBSD-2.2/files.diffs | (cd /sys/conf; patch) -endif -if ( -f /sys/conf/files.oldconf ) then - echo "Patching /sys/conf/files.oldconf" - cat FreeBSD-2.2/files.oldconf.diffs | (cd /sys/conf; patch) - echo "Patching /sys/conf/files" - cat FreeBSD-2.2/filez.diffs | (cd /sys/conf; patch) -endif - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -echo "Re-config'ing $newconfig..." -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak} -endif -awk '{print $0;if($2=="INET"){print"options IPFILTER"}}' \ - $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD-2.2/minstall b/contrib/ipfilter/FreeBSD-2.2/minstall deleted file mode 100755 index 832b68e81a..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/minstall +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD-2.2 ) cd .. -echo "Patching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD-2.2/ip_{in,out}put.c.diffs FreeBSD-2.2/in_proto.c.diffs | \ -(cd /sys/netinet; patch) - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -echo "Re-config'ing $newconfig..." -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}${bak} ) - set bak=".bak."$dot - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}$bak -endif -awk '{print $0;if($2=="INET"){print"options IPFILTER_LKM\noptions IPFILTER_LOG"}}' \ - $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD-2.2/unkinstall b/contrib/ipfilter/FreeBSD-2.2/unkinstall deleted file mode 100755 index 1955f5c415..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/unkinstall +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD* ) cd .. -echo -n "Uninstalling " -foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \ - ip_auth.[ch] ip_proxy.[ch] ip_ftp_pxy.c ip_compat.h ip_log.c \ - mlf_ipl.c ipl.h) - echo -n "$i "; - /bin/rm -f /sys/netinet/$i -end -echo "" -echo "Unpatching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD-2.2/ip_{in,out}put.c.diffs FreeBSD-2.2/in_proto.c.diffs | \ -(cd /sys/netinet; patch -R) - -if ( -f /sys/conf/files.newconf ) then - echo "Unpatching /sys/conf/files.newconf" - cat FreeBSD-2.2/files.newconf.diffs | (cd /sys/conf; patch -R) - echo "Unpatching /sys/conf/files" - cat FreeBSD-2.2/files.diffs | (cd /sys/conf; patch -R) -endif -if ( -f /sys/conf/files.oldconf ) then - echo "Unpatching /sys/conf/files.oldconf" - cat FreeBSD-2.2/files.oldconf.diffs | (cd /sys/conf; patch -R) - echo "Unpatching /sys/conf/files" - cat FreeBSD-2.2/filez.diffs | (cd /sys/conf; patch -R) -endif - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak} -endif -egrep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD-2.2/unminstall b/contrib/ipfilter/FreeBSD-2.2/unminstall deleted file mode 100755 index 07aaac08f2..0000000000 --- a/contrib/ipfilter/FreeBSD-2.2/unminstall +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD* ) cd .. -echo "Unpatching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD-2.2/ip_{in,out}put.c.diffs FreeBSD-2.2/in_proto.c.diffs | \ -(cd /sys/netinet; patch -R) - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.$bak -endif -grep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD-3/INST.FreeBSD-3 b/contrib/ipfilter/FreeBSD-3/INST.FreeBSD-3 deleted file mode 100644 index 6c68dbbda9..0000000000 --- a/contrib/ipfilter/FreeBSD-3/INST.FreeBSD-3 +++ /dev/null @@ -1,24 +0,0 @@ -To build a kernel with the IP filter, follow these seven steps: - - 1. do "make freebsd3" - - 2. do "make install-bsd" - (probably has to be done as root) - - 3. run "FreeBSD-3/kinstall" as root - - 4. build a new kernel - - 5. install the new kernel - - 6. If not using DEVFS, create devices for IP Filter as follows: - mknod /dev/ipl c 79 0 - mknod /dev/ipnat c 79 1 - mknod /dev/ipstate c 79 2 - mknod /dev/ipauth c 79 3 - - 7. reboot - - -Darren Reed -darrenr@pobox.com diff --git a/contrib/ipfilter/FreeBSD-3/kinstall b/contrib/ipfilter/FreeBSD-3/kinstall deleted file mode 100755 index 8282de731d..0000000000 --- a/contrib/ipfilter/FreeBSD-3/kinstall +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD* ) cd .. -echo -n "Installing " -foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \ - ip_proxy.[ch] ip_*_pxy.c mlf_ipl.c ipl.h \ - ip_compat.h ip_auth.[ch] ip_log.c) - echo -n "$i "; - cp $i /sys/netinet - chmod 644 /sys/netinet/$i - switch ( $i ) - case *.h: - /bin/cp $i /usr/include/netinet/$i - chmod 644 /usr/include/netinet/$i - breaksw - endsw -end -echo "" -echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h" -ln -s /usr/include/osreldate.h /sys/sys/osreldate.h - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -echo "Rewriting $newconfig..." -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak} -endif -awk '{print $0;if($2=="INET"){print"options IPFILTER\noptions IPFILTER_LOG"}}'\ - $confdir/$newconfig.bak > $confdir/$newconfig -echo "You will now need to run config on $newconfig and build a new kernel." -exit 0 diff --git a/contrib/ipfilter/FreeBSD-3/unkinstall b/contrib/ipfilter/FreeBSD-3/unkinstall deleted file mode 100755 index 687ebc62a7..0000000000 --- a/contrib/ipfilter/FreeBSD-3/unkinstall +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/csh -f -# -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD* ) cd .. -echo -n "Uninstalling " -foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \ - ip_auth.[ch] ip_proxy.[ch] ip_{ftp,rcmd,raudio}_pxy.c ip_compat.h \ - ip_log.c mlf_ipl.c ipl.h) - echo -n "$i "; - /bin/rm -f /sys/netinet/$i -end -echo "" - -echo "Removing link from /usr/include/osreldate.h to /sys/sys/osreldate.h" -rm /sys/sys/osreldate.h - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak} -endif -egrep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD-4.0/INST.FreeBSD-4 b/contrib/ipfilter/FreeBSD-4.0/INST.FreeBSD-4 deleted file mode 100644 index 7d1b7a2b8f..0000000000 --- a/contrib/ipfilter/FreeBSD-4.0/INST.FreeBSD-4 +++ /dev/null @@ -1,24 +0,0 @@ -To build a kernel with the IP filter, follow these seven steps: - - 1. do "make freebsd4" - - 2. do "make install-bsd" - (probably has to be done as root) - - 3. run "FreeBSD-4.0/kinstall" as root - - 4. build a new kernel - - 5. install the new kernel - - 6. If not using DEVFS, create devices for IP Filter as follows: - mknod /dev/ipl c 79 0 - mknod /dev/ipnat c 79 1 - mknod /dev/ipstate c 79 2 - mknod /dev/ipauth c 79 3 - - 7. reboot - - -Darren Reed -darrenr@pobox.com diff --git a/contrib/ipfilter/FreeBSD/conf.c.diffs b/contrib/ipfilter/FreeBSD/conf.c.diffs deleted file mode 100644 index afd288040d..0000000000 --- a/contrib/ipfilter/FreeBSD/conf.c.diffs +++ /dev/null @@ -1,46 +0,0 @@ -*** conf.c.orig Sun Jan 14 15:39:32 1996 ---- conf.c Sun Jan 14 15:48:21 1996 -*************** -*** 1128,1133 **** ---- 1128,1149 ---- - #define labpcioctl nxioctl - #endif - -+ #ifdef IPFILTER -+ d_open_t iplopen; -+ d_close_t iplclose; -+ d_ioctl_t iplioctl; -+ # ifdef IPFILTER_LOG -+ d_read_t iplread; -+ # else -+ #define iplread nxread -+ # endif -+ #else -+ #define iplopen nxopen -+ #define iplclose nxclose -+ #define iplioctl nxioctl -+ #define iplread nxread -+ #endif -+ - /* open, close, read, write, ioctl, stop, reset, ttys, select, mmap, strat */ - struct cdevsw cdevsw[] = - { -*************** -*** 1199,1206 **** - * Otherwise, simply use the one reserved for local use. - */ - /* character device 20 is reserved for local use */ -! { nxopen, nxclose, nxread, nxwrite, /*20*/ -! nxioctl, nxstop, nxreset, nxdevtotty,/* reserved */ - nxselect, nxmmap, NULL }, - { psmopen, psmclose, psmread, nowrite, /*21*/ - psmioctl, nostop, nullreset, nodevtotty,/* psm mice */ ---- 1215,1222 ---- - * Otherwise, simply use the one reserved for local use. - */ - /* character device 20 is reserved for local use */ -! { iplopen, iplclose, iplread, nxwrite, /*20*/ -! iplioctl, nxstop, nxreset, nxdevtotty,/* reserved */ - nxselect, nxmmap, NULL }, - { psmopen, psmclose, psmread, nowrite, /*21*/ - psmioctl, nostop, nullreset, nodevtotty,/* psm mice */ diff --git a/contrib/ipfilter/FreeBSD/files.diffs b/contrib/ipfilter/FreeBSD/files.diffs deleted file mode 100644 index 84893d47f0..0000000000 --- a/contrib/ipfilter/FreeBSD/files.diffs +++ /dev/null @@ -1,19 +0,0 @@ -*** files.orig Sat Sep 30 18:01:55 1995 ---- files Sun Jan 14 14:32:25 1996 -*************** -*** 208,213 **** ---- 208,221 ---- - netinet/tcp_timer.c optional inet - netinet/tcp_usrreq.c optional inet - netinet/udp_usrreq.c optional inet -+ netinet/ip_fil.c optional ipfilter inet -+ netinet/fil.c optional ipfilter inet -+ netinet/ip_nat.c optional ipfilter inet -+ netinet/ip_frag.c optional ipfilter inet -+ netinet/ip_state.c optional ipfilter inet -+ netinet/ip_auth.c optional ipfilter inet -+ netinet/ip_proxy.c optional ipfilter inet -+ netinet/ip_log.c optional ipfilter inet - netiso/clnp_debug.c optional iso - netiso/clnp_er.c optional iso - netiso/clnp_frag.c optional iso diff --git a/contrib/ipfilter/FreeBSD/files.newconf.diffs b/contrib/ipfilter/FreeBSD/files.newconf.diffs deleted file mode 100644 index cc7cf41492..0000000000 --- a/contrib/ipfilter/FreeBSD/files.newconf.diffs +++ /dev/null @@ -1,19 +0,0 @@ -*** files.newconf.orig Sun Jun 25 02:17:29 1995 ---- files.newconf Sun Jun 25 02:19:10 1995 -*************** -*** 161,166 **** ---- 161,174 ---- - file netinet/ip_input.c inet - file netinet/ip_mroute.c inet - file netinet/ip_output.c inet -+ file netinet/ip_fil.c ipfilter -+ file netinet/fil.c ipfilter -+ file netinet/ip_nat.c ipfilter -+ file netinet/ip_frag.c ipfilter -+ file netinet/ip_state.c ipfilter -+ file netinet/ip_proxy.c ipfilter -+ file netinet/ip_auth.c ipfilter -+ file netinet/ip_log.c ipfilter - file netinet/raw_ip.c inet - file netinet/tcp_debug.c inet - file netinet/tcp_input.c inet diff --git a/contrib/ipfilter/FreeBSD/files.oldconf.diffs b/contrib/ipfilter/FreeBSD/files.oldconf.diffs deleted file mode 100644 index 55b526fff7..0000000000 --- a/contrib/ipfilter/FreeBSD/files.oldconf.diffs +++ /dev/null @@ -1,19 +0,0 @@ -*** files.oldconf.orig Sat Apr 29 19:59:31 1995 ---- files.oldconf Sun Apr 23 17:54:18 1995 -*************** -*** 180,185 **** ---- 180,193 ---- - netinet/tcp_timer.c optional inet - netinet/tcp_usrreq.c optional inet - netinet/udp_usrreq.c optional inet -+ netinet/ip_fil.c optional ipfilter requires inet -+ netinet/fil.c optional ipfilter requires inet -+ netinet/ip_nat.c optional ipfilter requires inet -+ netinet/ip_frag.c optional ipfilter requires inet -+ netinet/ip_state.c optional ipfilter requires inet -+ netinet/ip_proxy.c optional ipfilter requires inet -+ netinet/ip_auth.c optional ipfilter requires inet -+ netinet/ip_log.c optional ipfilter requires inet - netiso/clnp_debug.c optional iso - netiso/clnp_er.c optional iso - netiso/clnp_frag.c optional iso diff --git a/contrib/ipfilter/FreeBSD/filez.diffs b/contrib/ipfilter/FreeBSD/filez.diffs deleted file mode 100644 index 52492e8a22..0000000000 --- a/contrib/ipfilter/FreeBSD/filez.diffs +++ /dev/null @@ -1,19 +0,0 @@ -*** files.orig Sat Apr 29 20:00:02 1995 ---- files Sun Apr 23 17:53:58 1995 -*************** -*** 222,227 **** ---- 222,235 ---- - file netinet/tcp_timer.c inet - file netinet/tcp_usrreq.c inet - file netinet/udp_usrreq.c inet -+ file netinet/ip_fil.c ipfilter -+ file netinet/fil.c ipfilter -+ file netinet/ip_nat.c ipfilter -+ file netinet/ip_frag.c ipfilter -+ file netinet/ip_state.c ipfilter -+ file netinet/ip_proxy.c ipfilter -+ file netinet/ip_auth.c ipfilter -+ file netinet/ip_log.c ipfilter - file netiso/clnp_debug.c iso - file netiso/clnp_er.c iso - file netiso/clnp_frag.c iso diff --git a/contrib/ipfilter/FreeBSD/in_proto.c.diffs b/contrib/ipfilter/FreeBSD/in_proto.c.diffs deleted file mode 100644 index 052dd514ee..0000000000 --- a/contrib/ipfilter/FreeBSD/in_proto.c.diffs +++ /dev/null @@ -1,16 +0,0 @@ -*** in_proto.c.orig Wed Sep 6 20:31:34 1995 ---- in_proto.c Mon Mar 11 22:40:03 1996 -*************** -*** 81,86 **** ---- 81,91 ---- - void eoninput(), eonctlinput(), eonprotoinit(); - #endif /* EON */ - -+ #ifdef IPFILTER -+ void iplinit(); -+ #define ip_init iplinit -+ #endif -+ - void rsvp_input(struct mbuf *, int); - void ipip_input(struct mbuf *, int); - diff --git a/contrib/ipfilter/FreeBSD/ip_input.c.diffs b/contrib/ipfilter/FreeBSD/ip_input.c.diffs deleted file mode 100644 index a70be897ea..0000000000 --- a/contrib/ipfilter/FreeBSD/ip_input.c.diffs +++ /dev/null @@ -1,88 +0,0 @@ -*** /sys/netinet/ip_input.c.orig Thu Oct 24 22:27:27 1996 ---- /sys/netinet/ip_input.c Tue Feb 18 21:18:19 1997 -*************** -*** 93,98 **** ---- 93,102 ---- - int ipqmaxlen = IFQ_MAXLEN; - struct in_ifaddr *in_ifaddr; /* first inet address */ - struct ifqueue ipintrq; -+ #if defined(IPFILTER_LKM) || defined(IPFILTER) -+ int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif - - struct ipstat ipstat; - struct ipq ipq; -*************** -*** 219,226 **** - } - ip = mtod(m, struct ip *); - } -! ip->ip_sum = in_cksum(m, hlen); -! if (ip->ip_sum) { - ipstat.ips_badsum++; - goto bad; - } ---- 223,229 ---- - } - ip = mtod(m, struct ip *); - } -! if (in_cksum(m, hlen)) { - ipstat.ips_badsum++; - goto bad; - } -*************** -*** 267,272 **** ---- 270,288 ---- - goto next; - } - -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * Check if we want to allow this packet to be processed. -+ * Consider it to be bad if not. -+ */ -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) -+ goto next; -+ ip = mtod(m = m1, struct ip *); -+ } -+ #endif - /* - * Process options and, if not destined for us, - * ship it on. ip_dooptions returns 1 when an -*************** -*** 527,532 **** ---- 533,540 ---- - * if they are completely covered, dequeue them. - */ - while (q != (struct ipasfrag *)fp && ip->ip_off + ip->ip_len > q->ip_off) { -+ struct mbuf *m0; -+ - i = (ip->ip_off + ip->ip_len) - q->ip_off; - if (i < q->ip_len) { - q->ip_len -= i; -*************** -*** 526,534 **** - m_adj(dtom(q), i); - break; - } - q = q->ipf_next; -- m_freem(dtom(q->ipf_prev)); - ip_deq(q->ipf_prev); - } - - insert: ---- 542,551 ---- - m_adj(dtom(q), i); - break; - } -+ m0 = dtom(q); - q = q->ipf_next; - ip_deq(q->ipf_prev); -+ m_freem(m0); - } - - insert: diff --git a/contrib/ipfilter/FreeBSD/ip_output.c.diffs b/contrib/ipfilter/FreeBSD/ip_output.c.diffs deleted file mode 100644 index f1fe9accea..0000000000 --- a/contrib/ipfilter/FreeBSD/ip_output.c.diffs +++ /dev/null @@ -1,36 +0,0 @@ -*** /sys/netinet/ip_output.c.orig Thu Oct 24 22:27:28 1996 ---- /sys/netinet/ip_output.c Tue Feb 18 21:38:23 1997 -*************** -*** 65,70 **** ---- 65,74 ---- - static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); - static void ip_mloopback - __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); -+ #if defined(IPFILTER_LKM) || defined(IPFILTER) -+ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif - - /* - * IP output. The packet in mbuf chain m contains a skeletal IP -*************** -*** 330,335 **** ---- 334,351 ---- - m->m_flags &= ~M_BCAST; - - sendit: -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * looks like most checking has been done now...do a filter check -+ */ -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1) -+ goto done; -+ ip = mtod(m = m1, struct ip *); -+ } -+ #endif - /* - * Check with the firewall... - */ diff --git a/contrib/ipfilter/FreeBSD/kinstall b/contrib/ipfilter/FreeBSD/kinstall deleted file mode 100755 index ef2db54b27..0000000000 --- a/contrib/ipfilter/FreeBSD/kinstall +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD ) cd .. -echo -n "Installing " -foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \ - ip_proxy.[ch] ip_auth.[ch] ip_*_pxy.c ip_compat.h ip_log.c) - echo -n "$i "; - cp $i /sys/netinet - chmod 644 /sys/netinet/$i - switch ( $i ) - case *.h: - /bin/cp $i /usr/include/netinet/$i - chmod 644 /usr/include/netinet/$i - breaksw - endsw -end -echo "" -grep iplopen $archdir/$karch/conf.c >& /dev/null -if ( $status != 0 ) then - echo "Patching $archdir/$karch/conf.c" - cat FreeBSD/conf.c.diffs | (cd $archdir/$karch; patch) -endif -grep fr_checkp /sys/netinet/ip_input.c >& /dev/null -if ( $status != 0 ) then - echo "Patching ip_input.c, ip_output.c and in_proto.c" - cat FreeBSD/ip_{in,out}put.c.diffs FreeBSD/in_proto.c.diffs | \ - (cd /sys/netinet; patch) -endif -if ( -f /sys/conf/files.newconf ) then - echo "Patching /sys/conf/files.newconf" - cat FreeBSD/files.newconf.diffs | (cd /sys/conf; patch) - echo "Patching /sys/conf/files" - cat FreeBSD/files.diffs | (cd /sys/conf; patch) -endif -if ( -f /sys/conf/files.oldconf ) then - echo "Patching /sys/conf/files.oldconf" - cat FreeBSD/files.oldconf.diffs | (cd /sys/conf; patch) - echo "Patching /sys/conf/files" - cat FreeBSD/filez.diffs | (cd /sys/conf; patch) -endif - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -echo "Re-config'ing $newconfig..." -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak} -endif -awk '{print $0;if($2=="INET"){print"options IPFILTER"}}' \ - $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD/minstall b/contrib/ipfilter/FreeBSD/minstall deleted file mode 100755 index 0cfe7c360d..0000000000 --- a/contrib/ipfilter/FreeBSD/minstall +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD ) cd .. -echo "Patching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD/ip_{in,out}put.c.diffs FreeBSD/in_proto.c.diffs | \ -(cd /sys/netinet; patch) - -if ( -f /sys/conf/files.newconf ) then - echo "Patching /sys/conf/files.newconf" - cat FreeBSD/files.newconf.diffs | (cd /sys/conf; patch) - echo "Patching /sys/conf/files" - cat FreeBSD/files.diffs | (cd /sys/conf; patch) -endif -if ( -f /sys/conf/files.oldconf ) then - echo "Patching /sys/conf/files.oldconf" - cat FreeBSD/files.oldconf.diffs | (cd /sys/conf; patch) - echo "Patching /sys/conf/files" - cat FreeBSD/filez.diffs | (cd /sys/conf; patch) -endif - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -echo "Re-config'ing $newconfig..." -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.$bak -endif -awk '{print $0;if($2=="INET"){print"options IPFILTER_LKM"}}' \ - $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD/unkinstall b/contrib/ipfilter/FreeBSD/unkinstall deleted file mode 100755 index 8547fcd90d..0000000000 --- a/contrib/ipfilter/FreeBSD/unkinstall +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD ) cd .. -echo -n "Uninstalling " -foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \ - ip_compat.h ip_auth.[ch] ip_proxy.[ch] ip_ftp_pxy.c ip_log.c) - echo -n "$i "; - /bin/rm -f /sys/netinet/$i -end -echo "" -echo "Unpatching $archdir/$karch/conf.c" -cat FreeBSD/conf.c.diffs | (cd $archdir/$karch; patch -R) -echo "Unpatching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD/ip_{in,out}put.c.diffs FreeBSD/in_proto.c.diffs | \ -(cd /sys/netinet; patch -R) - -if ( -f /sys/conf/files.newconf ) then - echo "Unpatching /sys/conf/files.newconf" - cat FreeBSD/files.newconf.diffs | (cd /sys/conf; patch -R) - echo "Unpatching /sys/conf/files" - cat FreeBSD/files.diffs | (cd /sys/conf; patch -R) -endif -if ( -f /sys/conf/files.oldconf ) then - echo "Unpatching /sys/conf/files.oldconf" - cat FreeBSD/files.oldconf.diffs | (cd /sys/conf; patch -R) - echo "Unpatching /sys/conf/files" - cat FreeBSD/filez.diffs | (cd /sys/conf; patch -R) -endif - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak} -endif -egrep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/FreeBSD/unminstall b/contrib/ipfilter/FreeBSD/unminstall deleted file mode 100755 index a25746cb4f..0000000000 --- a/contrib/ipfilter/FreeBSD/unminstall +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/csh -f -# -set dir=`pwd` -set karch=`uname -m` -if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" -if ( -d /sys/$karch ) set archdir="/sys/$karch" -set confdir="$archdir/conf" - -if ( $dir =~ */FreeBSD ) cd .. -echo "Unpatching ip_input.c, ip_output.c and in_proto.c" -cat FreeBSD/ip_{in,out}put.c.diffs FreeBSD/in_proto.c.diffs | \ -(cd /sys/netinet; patch -R) - -if ( -f /sys/conf/files.newconf ) then - echo "Unpatching /sys/conf/files.newconf" - cat FreeBSD/files.newconf.diffs | (cd /sys/conf; patch -R) - echo "Unpatching /sys/conf/files" - cat FreeBSD/files.diffs | (cd /sys/conf; patch -R) -endif -if ( -f /sys/conf/files.oldconf ) then - echo "Unpatching /sys/conf/files.oldconf" - cat FreeBSD/files.oldconf.diffs | (cd /sys/conf; patch -R) - echo "Unpatching /sys/conf/files" - cat FreeBSD/filez.diffs | (cd /sys/conf; patch -R) -endif - -set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1` -echo -n "Kernel configuration to update [$config] " -set newconfig=$< -if ( "$newconfig" != "" ) then - set config="$confdir/$newconfig" -else - set newconfig=$config -endif -if ( -f $confdir/$newconfig ) then - mv $confdir/$newconfig $confdir/$newconfig.bak -endif -if ( -d $archdir/../compile/$newconfig ) then - set bak=".bak" - set dot=0 - while ( -d $archdir/../compile/${newconfig}.${bak} ) - set bak=".bak.$dot" - set dot=`expr 1 + $dot` - end - mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.$bak -endif -grep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig -echo 'You will now need to run "config" and build a new kernel.' -exit 0 diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY deleted file mode 100644 index 85a8b5fff0..0000000000 --- a/contrib/ipfilter/HISTORY +++ /dev/null @@ -1,2248 +0,0 @@ -# -# NOTE: Quite a few patches and suggestions come from other sources, to whom -# I'm greatly indebted, even if no names are mentioned. -# -# Thanks to the Coombs Computing Unit at the ANU for their continued support -# in providing a very available location for the IP Filter home page and -# distribution center. -# -# Thanks to Hewlett Packard for making it possible to port IP Filter to -# HP-UX 11.00. -# -# Thanks to Tel.Net Media for supplying me with equipment to ensure that -# IP Filter continues to work on Solaris/sparc64. -# -# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means -# to further support development of IP Filter under BSDI. -# -# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the -# loan of a machine to work on a Solaris 2.x port of this software. -# -# Thanks also to all those who have contributed patches and other code, -# and especially those who have found the time to port IP Filter to new -# platforms. -# -3.4.35 21/6/2004 - Released - -some cases of ICMP checksum alteration were wrong - -block packets that fail to create state table entries - -correctly handle all return values from ip_natout() when fastrouting - -ipmon was not correctly calculating the length of the IPv6 packet (excluded -ipv6 header length) - -3.4.34 20/4/2004 - Released - -correct the ICMP packet checksum fixing up when processing ICMP errors for NAT - -various changes to ipsend for sending packets with ipv4 options - -look for ipmon's pidfile in /var/run and /etc/opt/ipf in Solaris' init script - -only allow non-fragmented packets to influence whether or not a logged -packet is the same as the one logged before. - -make "ipfstat -f" output more informative - -compatibility for openbsd byte order changes to ip_off/ip_len - -disallow "freebsd" as a make target (encourages people to do the wrong thing) - -3.4.33 15/12/2003 - Released - -pass on messages moving through ipfilter when it is unloading itself on Solaris - -add disabling of auto-detach when the module attaches on Solaris - -compatibility patches for 'struct ifnet' changes on FreeBSD - -implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX -and ipf_nattable_max) - -fix ipfstat -A - -frsynclist() wasn't paying attention to all the places where interface -names are, like it should. - -fix where packet header pointers are pointing to after doing an ipf_pullup - -fix comparing ICMP packets with established TCP state where only 8 bytes -of header are returned in the ICMP error. - -3.4.32 18/6/2003 - Released - -fix up the behaviour of ipfs - -make parsing errors in ipf/ipnat return an error rather than return -indicating success. - -window scaling patch - -make ipfstat work as a set{g,u}id thing - gave up privs before opening -/dev/ipl - -checksum adjustment corrections for ICMP & NAT - -attempt to always get an mbuf full of data through pullup if possible - -Fix bug with NAT and fragments causing system to crash - -Add patches for OpenBSD 3.3 - -stop LKM locking up the machine on modern NetBSD(?) - -allow timeouts in NAT rules to over-ride fr_defnatage if LARGE_NAT is defined - -Locking patches for IRIX 6.5 from SGI. - -fix bug in synchronising state sessions where all interfaces were invalidated - -fix bug in openbsd 3.2 bridge diffs - -fix bug parsing port comparisons in proxy rules - -3.4.31 7/12/2002 - Released - -Solaris 10 compatibility - -fix linking into pfil in NetBSD - -fix IRIX 6.2 compatibility - -add code to check consistency of fr_checkp/fr_check on non-Solaris - -OpenBSD: missing patches for ip6_output.c on OpenBSD 3.2, - make LKM work for 3.2 (OpenBSD LKMs now match NetBSD) - -3.4.30 26/11/2002 - Released - -attempt to detect using GNU make and abort if so - -OpenBSD 3.2 patches from Stefan Hermes von GMX - -add MSS clamping code from NetBSD - -correctly display ipv6 output with ipfstat for (accounting) rules - -fix problems with ioctl handling for /dev/ipauth - -set SYN bit in rcmd fake packet to create back channel - -make libpcap reader capable of determining in/out (not in libpcap file) -and add more DLT types - -do not allow redirects to localhost for Solaris in NAT parser - -allow return-rst with auth rules - -man page corrections - -fix for handling ipv6 icmp errors - -fix up ipfs command line option processing - -only allow processing a ftp 227 response following a PASV command - -NetBSD: use poll() and adapt to new cdevsw mechanism - -make flushing for just ipv6 things work - -3.4.29 28/8/2002 - Released - -Make substantial changes to the FTP proxy to improve reliability, security -and functionality. - -don't send ICMP errors/TCP RST's in response to blocked proxy packets - -fix potential memory leaks when unloading ipfilter from kernel - -fix bug in SIOCGNATL handler that did not preserve the expected -byte order from earlier versions in the port number - -set do not fragment flag in generated packets according to system flags, -where available. - -preserve filter rule number and group number in state structure - -fix bug in ipmon printing of p/P/b/B - -make some changes to the kmem.c code for IRIX compatibility - -add code to specifically handle ip.tun* interfaces on Solaris - -3.4.28 6/6/2002 - Released - -Fix for H.323 proxy to work on little endian boxes - -IRIX: Update installation documentation - add route lock patch - -allow use of groups > 65535 - -create a new packet info summary for packets going through ipfr_fastroute() -so that where details are different (RST/ICMP errors), the packet now gets -correctly NAT'd, etc. - -fix the FTP proxy so that checks for TCP sequence numbers outside the -normal offset due to data changes use absolute numbers - -make it possible to remove rules in ipftest - -Update installing onto OpenBSD and split into two directories: -OpenBSD-2 and OpenBSD-3 - -fix error in printout out the protocol in NAT rules - -always unlock ipfilter if locking fails half way through in ipfs - -fix problems with TCP window scaling - -update of man pages for ipnat(4) and ipftest(1) - -3.4.27 28/04/2002 - Released - -fix calculation of 2's complmenent 16 bit checksum for user space - -add mbuflen() to usespace compiles. - -add more #ifdef complexity for platform portability - -add OpenBSD 3.1 diffs - -3.4.26 25/04/2002 - Released - -fix parsing and printing of NAT rules with regression tests. - -add code to adjust TCP checksums inside ICMP errors where present and as -required for NAT. - -fix documentation problems in instal documents - -fix locking problem with auth code on Solaris - -fix use of version macros for FreeBSD and make the use of __FreeBSD_version -override previous hacks except when not present - -fix the macros defined for SIOCAUTHR and SIOCAUTHW - -fix the H.323 proxy so it no longer panics (multiple issues: re-entry into -nat_ioctl with lock held on Solaris, trying to copy data from kernel space -with copyin, unaligned access to get 32bit & 16bit numbers) - -use the ip_ttl ndd parameter on Solaris to fill in ip_ttl for packets -generated by IPFilter - -fix comparing state information to delete state table entries - -flag packets as being "bad state" if they're outside the window and prevent -them from being able to cause new state to be created - except for SYN packets - -be stricter about what packets match a TCP state table entry if its creation -was triggered by a SYN packet. - -add patches to handle TCP window scaling - -don't update TCP state table entries if the packet is not considered to be -part of the connection - -ipfs wasn't allowing -i command line option in getopt - -IRIX: fix kvm interface, fix compile warnings, compile the kernel with -O2 - regardless of user compile, fix the getkflags script to prune down the - output more so it is acceptable - -change building in Makefiles to create links to the application in $(TOP) -at the end of "build" rather than when each is created. - -update BSD/kupgrade for FreeBSD - -l4check wasn't properly closing things when a connection fails - -man page updates for ipmon(8) and ipnat(5) - -more regression tests added. - -3.4.25 13/03/2002 - Released - -retain rule # in state information - -log the direction of a packet so ipmon gets it right rather than incorrectly -deriving it from the rule flags - -add #ifdef for IPFILTER_LOGSIZE (put options IPFILTER_LOGSIZE=16384 in BSD -kernel config files to increase that buffer size) - -recognise return-* rules differently to block in ipftest - -fix bug in ipmon output for solaris - -add regression testing for skip rules, logging and using head/group - -fix output of ipmon: was displaying large unsigned ints rather than -1 -when no rules matched. - -make logging code compile into ipftest and add -l command line option to -dump binary log file (read with ipmon -f) when it finishes. - -protect rule # and group # from interference when checking accounting rules - -add regression testing for log output (text) from ipmon. - -document -b command line option for ipmon - -fix double-quick in Solaris startup script - -3.4.24 01/03/2002 - Released - -fix how files are installed on SunOS5 - -fix some minor problems in SunOS5 ipfboot script - -by default, compile all OpenBSD tools in 3.0 for IPv6 - -fix NULL-pointer dereference in NAT code - -make a better attempt at replacing the appropriate binaries on BSD systems - -always print IPv6 icmp-types as a number - -impose some rules about what "skip" can be used with - -fix parsing problems with "keep state" and "keep state-age" - -Try to read as much data as is in the log device in ipmon - -remove some redundant checks when searching for rdr/nat rules - -fix bug in handling of ACCT with FTP proxy - -increase array size for interface names, using LIFNAMSIZ - -include H.323 proxy from QNX - -3.4.23 16/01/2002 - Released - -Include patches to install IPFilter into OpenBSD 3.0, both for just kernel -compiles and complete system builds. - -Fix bug in automatic flushing of state table which would cause it to hang -in an infinite loop bug introduced in 3.4.20. - -Modify the sample proxy (samples/proxy.c) so that it ads a NAT mapping for -the outgoing connection to make it look like it comes from the real source. - -Only support ICMPv6 with IPv6. - -Move ipnat.1 to ipnat.8 - -Enhance ipmon to print textual ICMP[v6] types and subtypes where possible. - -Make it possible to do IPv6 regression testing with ipftest. - -Use kvm library for kmem access, rather than trying to do it manually with -open/lseek/read. - -Fix diffs for ip_input.c on BSDOS so it doesn't crash with fastroute. - -Remove Berkeley advertising licence clause. Reference: -ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - -Add more regression tests: ICMPv6 neighbour discovery, ICMP time exceeded -and fragmentation required. - -Fix ipfboot script on Solaris to deal with no nameservers or no route to -them in a clean manner. - -Support per-rule set timeouts for non-TCP NAT and state - -Add netbios proxy - -Add ICMPv6 stateful checking, including handling multicast destination -addresses for neighbour discovery. - -Fix problems with internals of ICMP messages for MTU discovery and -unreachables not being correctly adjust on little endian boxes. - -Add "in-via" and "out-via" to filtering rules grammar. It is now possible -to bind a rule to both incoming and outgoing interfaces, in both forward -and reverse directions (4 directions in total). allows for asymetric flows -through a firewall. - -Fix ipfstat and ipnat for working on crash dumps. - -Don't let USE_INET6 stay defined for SunOS4 - -Count things we see for each interface on solaris. - -Include when compiling with USE_INET6 defined and -also include a whole bunch of #define's to make sure the symbols expected -can be used. - -Fix up fastroute on BSD systems. - -Make fastrouting work for IPv6 just a bit better. doesn't split up big -packets into fragments like the IPv4 one does. You can now do a -"to :" - -Remove some of the differences between user-space and kernel-space code -that is internal to ipfilter. - -Call ipfr_slowtimer() after each packet is processed in ipftest to artificially -create the illusion of passing time and include the expire functions in the -code compiled for user-space. - -Fix issues with the IPSec proxy not working or leading to a system crash. - -Junk all processing of SPIs and special handling for ESP. - -Add "no-match" as a filter rule action (resets _LAST_ match) - -Add hack to workaround problems with Cassini interface cards on -Solaris and VLANs - -Add some protocols to etc/protocols - -3.4.22 03/12/2001 - Released - -various openbsd changes - -sorting based on IP numbers for ipfstat top output - -fix various IPv6 code & compile problems - -modify ip_fil.c to be more netbsd friendly - -fix fastroute bug where it modified a packet post-sending - -fix get_unit() - don't understand why it was broken. - -add FI_IGNOREPKT and don't count so marked packets when doing stats or -state/nat. - -extend the interface name saved to log output - -make proxies capable of extending the matching done on a packet with a -particular nat session - -change interfaces inside NAT & state code to accomodate redesign to allow -IPsec proxy to work. - -fix bug when free'ing loaded rules that results in a memory leak -(only an issue with "ipf -rf -", not flush) - -make ipftest capable of loading > 1 file or rules, making it now possible -to load both NAT & filter rules - -fix hex input for ipftest to allow interface name & direction to work - -show ipsec proxy details in ipnat output - -if OPT_HEX is set in opts, print a packet out as hex - -don't modify b_next or preseve it or preserve b_prev for solaris - -fix up kinstall scripts to install all the files everywhere they need to - -fix overflowing of bits in ip_off inside iptest - -make userauth and proxy in samples directory compile - -fix minimum size when doing a pullup for ESP & ICMPv6 - -3.4.21 24/10/2001 - Released - -include ipsec proxy - -make state work for non-tcp/udp/icmp in a very simple way - -include diffs for ipv6 firewall on openbsd-2.9 - -add compatibility filter wrapper for NetBSD-current - -fix command line option problems with ipfs - -if we fill the state table and a automated flush doesn't purge any -expiring entries, remove all entries idle for more than half a day - -fix bug with sending resets/icmp errors where the pointer to the data -section of the packet was not being set (BSD only) - -split out validating ftp commands and responses into different halves, -one for each of server & client. - -do not compile in STATETOP support for specific architectures - -fix INSTALL.FreeBSD to no longer provide directions and properly direct -people to the right file for the right version of FreeBSD. - -3.4.20 24/07/2001 - Released - -adjust NAT hashing to give a better spread across the table - -show icmp code/type names in output, where known - -fix bug in altering cached interface names in state when resync'ing - -fix bug in real audio proxy that caused crashs - -fix compiling using sunos4 cc - -patch from casper to address weird exit problem for ipstat in top mode - -patch from Greg Woods to produce names for icmp types/unreach codes, -where they are known - -fix bug where ipfr_fastroute() would use a mblk and it would also get -freed later. - -don't match fragments which would cause 64k length to be exceeded - -ftp proxy fix for port numbers being setup for pasv ftp with state/nat - -change hashing for NAT to include both IP#'s and ports. - -Solaris fixes for IPv6 - -fix compiling iplang bits, under Solaris, for ipsend - -3.4.19 29/06/2001 - Released - -fix to support suspend/resume on solaris8 as well as ipv6 - -include group/group-head in match of filter rules - -fix endian problem reading snoop files - -make all licence comments point to the one place - -fix ftp proxy to only advance state if a reply is received in response to -a recognised command - -3.4.18 05/06/2001 - Released - -fix up parsing of "from ! host" where '!' is separate - -disable hardware checksums for NetBSD - -put ipftest temporary files in . rather than /tmp - -modify ftp proxy to be more intelligent about moving between states -and recognise new authentication commands - -allow state/nat table sizes to be externally influenced - -print out host mapping table for NAT with ipnat -l - -fix handling of hardware checksum'ing on Solaris - -fixup makefiles for Solaris - -update regression tests - -fix surrender of SPL's for failure cases - -include patches for OpenBSD's new timeout mechanism - -default ipl_unreach to ICMP_UNREACH_FILTER_PROHIB if defined, else make it -ICMP_UNREACH_FILTER - -fix up handling of packets matching auth rules and interaction with state - -add -q command line option to ipfstat on Solaris to list bound interfaces - -add command line option to ipfstat/ipnat to select different core image - -don't use ncurses on Solaris for STATETOP - -fix includes to get FreeBSD version - -do not byte swap ip_id - -fix handling success for packets matching the auth rule - -don't double-count short packets - -add ICMP router discovery message size recognition - -fix packet length calculation for IPv6 - -set CPUDIR when for install-sunos5 make target - -SUNWspro -xF causes Solaris 2.5.1 kernel to crash - -3.4.17 06/04/2001 - Released - -fix fragment#0 handling bug where they could get in via cache information -created by state table entries - -use ire_walk to look for ire cache entries with link layer headers cached - -deal with bad SPL assumptions for log reading on BSD - -fix ftp proxy to allow logins with passwords - -some auth rule patches, fixing byte endian problems and returning as an error - -support LOG_SECURITY, where available, in ipmon - -don't return an error for packets which match auth rules - -introduce fr_icmpacktimeout to timeout entries once an ICMP reply has -been seen separately to when created - -3.4.16 15/01/2001 - Released - -fix race condition in flushing of state entries that are timing out - -Add TCP ECN patches - -log all NAT entries created, not just those via rules - -3.4.15 17/12/2000 - Released - -add minimum ttl filtering (to be replaced later by return-icmp-as-dest -for all ICMP packets matching state entries). - -fix NAT'ing of fragments - -fix sanity checks for ICMPV6 - -fix up compiling on IRIX 6.2 with IDF/IDL installed - -3.4.14 02/11/2000 - Released - -cause flushing NAT table to generate log records the same as state flush -does. - -fix ftp proxy port/pasv - -fix problem where nat_{in,out}lookup() would release a write lock when it -didn't need to. - -add check for ipf6.conf in Solaris ipfboot - -3.4.13 28/10/2000 - Released - -fix introduced bug with ICMP packets being rejected when valid - -fix bug with proxy's that don't set fin_dlen correctly when calling -fr_addstate() - -3.4.12 26/10/2000 - Released - -fix installing into FreeBSD-4.1 - -fix FTP proxy bug where it'd hang and make NAT slightly more efficient - -fix general compiling errors/warnings on various platforms - -don't access ICMP data fields that aren't there - -3.4.11 09/10/2000 - Released - -return NULL for IPv6 access control lists if it is disabled rather than -random garbage. - -fix for getting protocol & packet length for IPv6 packets for pullup. - -update plog script from version 0.8 to version 0.10 - -patch from Frank Volf adding fix_datacksum() to NAT code, enhancing the -capabilities for "fixing" checksums. - -3.4.10 03/09/2000 - Released - -merge patch from Frank Volf for ICMP nat handling of TCP/UDP data `errors' - -getline() adjusts linenum now - -add tcphalfclosed timeout - -fill in icmp_nextmtu field if it is defined on the platform - -RST generation fix from guido - -force 32bit compile for gcc on solaris if it can't generate 64bit code - -encase logging when fr_chksrc == 2 in #ifdef IPFILTER_LOG - -fix up line wrap problems in plog script - -fix ICMP packet handling to not drop valid ICMP errors - -freebsd 5.0 compat changes - -3.4.9 08/08/2000 - Released - -implement new aging mechanism in fr_tcp_age() - -fix icmp state checking bug - -revamp buildsunos script and build both sparcv7/sparcv9 for Solaris -if on an Ultra with a 64bit system & compiler (Caseper Dik) - -open ipfilter device read only if we know we can - -print out better information for ICMP packets in ipmon - -move checking for source spoofed packets to a point where we can generate -logs of them - -return EFAULT from ircopyptr/iwcopyptr - -don't do ioctl(SIOCGETFS) for auth stats - -fix up freeing mbufs for post-4.3BSD - -fix returning of inc from ftp proxy - -fix bugs with ipfs -R/-W (Caseper Dik) - -3.4.8 19/07/2000 - Released - -create fake opt_inet6.h for FreeBSD-4 compile as LKM - -add #ifdef's for KLD_MODULE sanity - -NAT fastroute'd packets which come out of return-* - -fix upper/lower case crap in ftp proxy and get seq# checking fixed up. - -3.4.7 08/07/2000 - Released - -make "ipf -y" lookup NAT if's which are unknown - -prepend line numbers to ioctl error messages in ipf/ipnat - -don't apply patches to FreeBSD twice - -allow for ip_len to be on an unaligned boundary early on in fr_precheck - -fix printing of icmp code when it is 0 - -correct printing of port numbers in map rules with from/to - -don't allow fr_func to be called at securelevel > 0 or rules to be added -if securelevel > 0 if they have a non-zero fr_func. - -3.4.6 11/06/2000 - Released - -add extra regression tests for new nat functionality - -place restrictions on using '!' in map/rdr rules - -fix up solaris compile problems - -3.4.5 10/06/2000 - Released - -mention -sl in ipfstat.8 - -fix/support '!' in from/to rules (rdr) for NAT - -add from/to support to rdr NAT rules - -don't send ICMP errors in response to ICMP errors - -fix sunos5 compilation for "ipfstat-top" and cleanup ipfboot - -input accounting list used for both outbound and inbound packets - -3.4.4 23/05/2000 - Released - -don't add TCP state if it is an RST packet and (attempt) to send out -RST/ICMP packets in a manner that bypasses IP Filter. - -add patch to work with 4.0_STABLE delayed checksums - -3.4.3 20/05/2000 - Released - -fix ipmon -F - -don't truncate IPv6 packets on Solaris - -fix keep state for ICMP ECHO - -add some NAT stats and use def_nat_age rather than DEF_NAT_AGE - -don't make ftp proxy drop packets - -use MCLISREFERENCED() in tandem with M_EXT to check if IP fields need to be -swapped back. - -fix up RST generation for non-Solaris - -get "short" flag right for IPv6 - -3.4.2 - 10/5/2000 - Released - -Fix bug in dealing with "hlen == 1 and opt > 1" - Itojun - -ignore previous NAT mappings for 0/0 and 0/32 rules - -bring in a completely new ftp proxy - -allow NAT to cause packets to be dropped. - -add NetBSD callout support for 1.4-current - -3.4.1 - 30/4/2000 - Released - -add ratoui() and fix parsing of group numbers to allow 0 - UINT_MAX - -don't include opt_inet6.h for FreeBSD if KLD_MODULE is defined - -Solaris must use copyin() for all types of ioctl() args - -fix up screen/tty when leaving "top mode" of ipfstat - -linked list for maptable not setup correctly in nat_hostmap() - -check for maptable rather than nat_table[1] to see if malloc for maptable -succeeded in nat_init - -fix handling of map NAT rules with "from/to" host specs - -fix printout out of source address when using "from/to" with map rules - -convert ip_len back to network byte order, not plen, for solaris as ip_len -may have been changed by NAT and plen won't reflect this - -3.4 - 27/4/2000 - Released - -source address spoofing can be turned on (fr_chksrc) without using -filter rules - -group numbers are now 32bits in size, up from 16bits - -IPv6 filtering available - -add frank volf's state-top patches - -add load splitting and round-robin attribute to redirect rules - -FreeBSD-4.0 support (including KLD) - -add top-style operation mode for ipfstat (-t) - -add save/restore of IP Filter state/NAT information (ipfs) - -further ftp proxy security checks - -support for adding and removing proxies at runtime - -3.3.13 26/04/2000 - Released - -Fix parsing of "range" with "portmap" - -Relax checking of ftp replies, slightly. - -Fix NAT timeouts for ICMP packets - -SunOS4 patches for ICMP redirects from Jurgen Keil (jk@tools.de) - -3.3.12 16/03/2000 - Released - -tighten up ftp proxy behaviour. sigh. yuck. hate. - -fix bug in range check for NAT where the last IP# was not used. - -fix problem with icmp codes > 127 in filter rules caused bad things to -happen and in particular, where #18 caused the rule to be printed -erroneously. - -fix bug with the spl level not being reset when returning EIO from -iplioctl due to ipfilter not being initialized yet. - -3.3.11 04/03/2000 - Released - -make "or-block" work with lines that start with "log" - -fix up parsing and printing of rules with syslog levels in them - -fix from Cy Schubert for calling of apr_fini only if non-null - - -3.3.10 24/02/2000 - Released - -* fix back from guido for state tracking interfaces - -* update for NetBSD pfil interface changes - -* if attaching fails and we can abort, then cleanup when doing so. - -julian@computer.org: -* solaris.c (fr_precheck): After calling freemsg on mt, set it point to *mp. -* ipf.c (packetlogon): use flag to store the return value from get_flags. -* ipmon.c (init_tabs): General cleanup so we do not have to cast - an int s->s_port to u_int port and try to check if the u_int port - is less than zero. - -3.3.9 15/02/2000 - Released - -fix scheduling of bad locking in fr_addstate() used when we attach onto -a filter rule. - -fix up ip_statesync() with storing interface names in ipstate_t - -fix fr_running for LKM's - Eugene Polovnikov - -junk using pullupmsg() for solaris - it's next to useless for what we -need to do here anyway - and implement what we require. - -don't call fr_delstate() in fr_checkstate(), when compiled for a user -program, early but when we're finished with it (got fr & pass) - -ipnat(5) fix from Guido - -on solaris2, copy message and use that with filter if there is another -copy if it being used (db_ref > 1). bad for performance, but better -than causing a crash. - -patch for solaris8-fcs compile from Casper Dik - -3.3.8 01/02/2000 - Released - -fix state handling of SYN packets. - -add parsing recognition of extra icmp types/codes and fix handling of -icmp time stamps and mask requests - Frank volf - -3.3.7 25/01/2000 - Released - -sync on state information as well as NAT information when required - -record nat protocol in all nat log records - -don't reuse the IP# from an active NAT session if the IP# in the rule -has changed dynamically. - -lookup the protocol for NAT log information in ipmon and pass that to -portname. - -fix the bug with changing the outbound interface of a packet where it -would lead to a panic. - -use fr_running instead of ipl_inited. (sysctl name change on freebsd) - -return EIO if someone attempts an ioctl on state/nat if ipfilter is not -enabled. - -fix rule insertion bug - -make state flushing clean anything that's not fully established (4/4) - -call fr_state_flush() after we've released ipf_state so we don't generate -a recursive mutex acquisition panic - -fix parsing of icmp code after return-icmp/return-icmp-as-dest and add -some patches to enhance parsing strength - -3.3.6 28/12/1999 - Released - -add in missing rwlock release in fr_checkicmpmatchingstate() and fix check -for ICMP_ECHO to only be for packet, not state entry which we don't have yet. - -handle SIOCIPFFB in nat_ioctl() and fr_state_ioctl() - -fix size of friostat for SunOS4 - -fix bug in running off the end of a buffer in real audio proxy - -3.3.5 11/12/1999 - Released - -fix parsing of "log level" and printing it back out too - - is only present on Solaris2.6/7/8 - -use send_icmp_err rather than icmp_error to send back a frag-needed error -when doing PMTU - -do not use -b with add_drv on Solaris unless $BASEDIR is set. - -fix problem where source address in icmp replies is reversed - -fix yet another problem with real audio. - -3.3.4 4/12/1999 - Released - -fix up the real audio proxy to properly setup state information and NAT -entries, thanks to Laine Stump for testing/advice/fixes. - -fix ipfr_fastroute to set dst->sin_addr (Sean Farley - appears to prevent -FreeBSD 3.3 from panic'ing) as this had been removed in prior hacks to this -routine. - -fix kinstall for BSDI - -support ICMP errors being allowed through for ICMP packets going out with -keep state enabled - -support hardware checksumming (gigabit ethernet cards) on Solaris thanks to -Tel.Net Media for providing hardware for testing. - -patched from Frank Volf for ipmon (ICMP & fragmented packets) and allowing -ICMP responses to ICMP packets in the keep state table. - -add in patches for hardware checksumming under solaris - -Solaris install scripts now use $BASEDIR as appropriate. - -add Solaris8 support - -fix "ipf -y" on solaris so that it rescans rules also for changes in -interface pointers - -let ipmon become a daemon with -D if it is using syslog - -fix parsing of return-icmp-as-dest(foo) - -add reference to ipfstat -g to ipfstat.8 - -ipf_mutex needs to be declared for irix in ip_fil.c - -3.3.3 22/10/1999 - Released - -add -g command line option to ipfstat to show groups still define. - -fix problem with fragment table not recording rule pointer when called -from state functions (fin_fr not set). - -fixup fastroute problems with keep state rules. - -load rules into inactive set first, so we don't disable things like NIS -lookups half way through processing - found by Kevin Littlejohn - -fix handling of unaligned ip pointer for solaris - -patch for fr_newauth from Rudi Sluijtman - -fixed htons() bug in fr_tcpsum() where ip_p wasn't cast to u_short - -3.3.2 23/09/1999 - Released - -patches from Scott Presnell to fix rcmd proxy - -patches from Greg to fix Solaris detachment of interfaces - -add openbsd compatibility fixes - -fix free'ing already freed memory in ipfr_slowtimer() - -fix for deferencing invalid memory in cleaning up after a device disappears - -3.3.1 14/8/1999 - Released - -remove include file sys/user.h for irix - -prevent people from running buildsunos directly - -fix up some problems with the saving of rule pointers so that NAT saves -that information in case it should need to call fr_addstate() from a proxy. - -fix up scanning for the end of FTP messages - -don't remove /etc/opt/ipf in postremove - -attempt to prevent people running buildsolaris script without doing a -"make solaris" - -fix timeout losing on freebsd3 - -3.3 7/8/1999 - Released - -NAT: information (rules, mappings) are stored in hash tables; setup some -basic NAT regression testing. - -display version name of installed kernel code when initializing. - -add -V command line option to ipf, showing version (program and kernel -module) as well as the run-status of the kernel code. - -fix problem with "log" rules actually affecting result of filtering. - -automatically use SUNWspro if available and on a 64bit Solaris system for -compiling. - -add kernel proxies for rcmd(3) and RealAudio (PNA) - -use timeout/untimeout on SunOS4/BSD platforms too rather than hijacking -ip_slowtimo - -fix IP headers generated through parsing of text information - -fix NAT rules to be in the correct order again. - -make keep-state work with to/fastroute keywords and enforce usage of those -interfaces. - -update keep-state code with new algorithm from Guido - -add FreeBSD-3 support - -add return-icmp-as-dest option to retrun an ICMP packet using the original -destination as the source rather than a local IP address - -add "level [facility.]" option to filter language - -add changes from Guido to state code. - -add code to return EPERM if the device is opened for writing and we're -in securelevel 2 or greater. - -authentication code patches from Guido - -fix real audio proxy - -fix ipmon rule printing of interfaces and add IN/OUT to the end of ipmon -log output. - -fix bimap rules with hash tables - -update addresses used in NAT mappings for 0/32 rules for any protocol but TCP -if it changes on the interface - check every ip_natexpire() - -add redirect regression test - -count buckets used in the state hash table. - -fix sending of RST's with return-rst to use the ack number provided in -the packet being replied to in addition to the sequence number. - -fix to compile as a 64bit application on solaris7-64bit - -add NAT IP mapping to ranges of IP addresses that aren't CIDR specified - -fix calculation of in_space parameter for NAT - -fix `wrapping' when incrementing the next ip address for use in NAT - -fix free'ing of kernel memory in ip_natunload on solaris - -fix -l/-U command line options from interfering with each other - -fix fastroute under solaris2 and cleanup compilation for solaris7 - -add install scripts and compile cleanly on BSD/OS 4.0 - -safely open files in /tmp for writing device output when testing. - -fix uninitialized pointer bug in NAT - -fix SIOCZRLST (zero list rule stats) bug with groups - -change some usage of u_short to u_int in function calling - -fix compilation for Solaris7 (SUNWspro) - -change solaris makefiles to build for either sparc or i386 rather than -per-cpu (sun4u, etc). - -fixed bug in ipllog - -add patches from George Michaelson for FreeBSD 3.0 - -add patch from Guido to provide ICMP checking for known state in the same -manner as is done for NAT. - -enable FTP PASV proxying and enable wildcarding in NAT/state code for ports -for better PORT/PASV support with FTP. - -bring into main tree static nat features: map-block and "auto" portmapping. - -add in source host filtering for redirects (alan jones) - -3.2.10 22/11/98 - Released - -3.2.10beta9 17/11/98 - Released - -fix fr_tcpsum problems in handling mbufs with an odd number of bytes -and/or split across an mbuf boundary - -fix NAT list entry comparisons and allow multiple entries for the same -proxy (but on different ports). - -don't create duplicate NAT entries for repeated PORT commands. - -3.2.10beta8 14/11/98 - Released - -always exit an rwlock before expecting to enter it again on solaris - -fix loop in nat_new for pre-existing nat - -don't setup state for an ftp connection if creating nat fails. - -3.2.10beta7 05/11/98 - Released - -set fake window in ipft_tx.c to ensure code passes tests. - -cleaned up/enhanced ipnat -l/ipnat -lv output - -fixed NAT handling of non-TCP/UDP packets, esp. for ICMP errors returned. - -Solaris recusive mutex on icmp-error/tcp-reset - requires rwlock's rather -than mutexes. - -3.2.10beta6 03/11/98 - Released - -fix mixed use of krwlock_t and kmutex_t on Solaris2 - -fix FTP proxy back up, splitting pasv code out of port code. - -3.2.10beta5 02/11/98 - Released - -fixed port translation in ICMP reply handling - -3.2.10beta4 01/11/98 - Released - -increase useful statistic collection on solaris - -filter DL_UNITDATA_REQ as well as DL_UNITDATA_IND on solaris - -disable PASV reply translation for now - -fail with an error if we try to load a NAT rule with a non-existant - proxy name - Guido - -fix portmap usage with 0/0 and 0/32 map rules - -remove ap_unload/ap_expire - automatically done when NAT is cleaned up - -print "STATE:CLOSED" from ipmon if the connection progresses past established - rather than "STATE:EXPIRED" - -3.2.10beta3 26/10/98 - Released - -fixed traceroute/nat problem - -rewrote nat/proxy interface - -ipnat now lists associated proxy sessions for each NAT where applicable - -3.2.10beta2 13/10/98 - Released - -use KRWLOCK_T in place of krwlock_t for solaris as well as irix - -disable use of read-write lock acquisition by default - -add in mb_t for linux, non-kernel - -some changes to progress compilation on linux with glibc - -change PASV as well as PORT when passed through kernel ftp proxy. - -don't allow window to become 0 in tcp state code - -make ipmon compile cleaner - -irix patches - -3.2.10beta 11/09/98 - Released - -stop fr_tcpsum() thinking it has run out of data when it hasn't. - -stop solaris panics due to fin_dp being something wild. - -revisit usage of ATOMIC_*() - -log closing state of TCP connection in "keep state" - -fix fake-arp table code for ipsend. - -ipmon now writes pid to a file. - -fix "ipmon -a" to actually activate all logging devices. - -add patches for BSDOS4. - -perl scripts for log analysis donated. - -3.2.9 22/06/98 - Released - -fix byte order for ICMP packets generated on Solaris - -fix some locking problems. - -fix malloc bug in NAT (introduced in 3.2.8). - -patch from guido for state connections that get fragmented - -3.2.8 08/06/98 - Released - -use readers/writers locks in Solaris2 in place of some mutexes. - -Solaris2 installation enhancements - Martin Forssen (maf@carlstedt.se) - -3.2.7 24/05/98 - Released - -u_long -> u_32_t conversions - -patches from Bernd Ernesti for NetBSD - -fixup ipmon to actually handle HUP's. - -Linux fixes from Michael H. Warfield (mhw@wittsend.com) - -update for keep state patch (not security related) - Guido - -dumphex() uses stdout rather than log - -3.2.6 18/05/98 - Released - -fix potential security loop hole in keep state code. - -update examples. - -3.2.5 09/05/98 - Released - -BSD/OS 3.1 .o files added for the kernel. - -fix sequence # skew vs window size check. - -fix minimum ICMP header size check. - -remove references to Cybersource. - -fix my email address. - -remove ntohl in ipnat - Thomas Tornblom - -3.2.4 09/04/98 - Released - -add script to make devices for /dev on BSD boxes - -fixup building into the kernel for FreeBSD 2.2.5 - -add -D command line option to ipmon to make it a daemon and SIGHUP causes -it to close and reopen the logfile - -fixup make clean and make package for SunOS5 - Marc Boucher - -postinstall keeps adding "minor=ipf ipl" - George Ross - -protected by IP Filter gif - Sergey Solyanik - -3.2.3 10/11/97 - Released - -fix some iplang bugs - -fix tcp checksum data overrun, sgi #define changes, -avoid infinite loop when nat'ing to single IP# - Marc Boucher - -fixup DEVFS usage for FreeBSD - -fix sunos5 "make clean" cleaning up too much - -3.2.2 28/11/97 - Released - -change packet matching to return actual error, if bad packet, to facilitate -ECONNRESET for TCP. - -allow ip:netmask in grammar too now - Guido - -assume IRIX has u_int32_t in sys/types.h (needed for R10000) - -rewrite parts of command line options for ipmon - -fix TCP urgent packet & offset testing and add LAND attack test for iptest - -fix grammar error in yacc grammar for iplang - -redirect (rdr) destination port bytes-wapped when it shouldn't be. - -general: fr_check now returns error code, such as EHOSTUNREACH or -ECONNRESET (attempt to make ECONNRESET work for locally outbound -packets). - -linux: enable return-rst, need to filter tcp retransmits which are sent - separately from normal packets - -memory leak plugged in ip_proxy.c - -BSDI compatibility patches from Guido - -tcp checksum fix - Marc Boucher - -recursive mutex and ioctl param fix - Marc Boucher - -3.2.1 12/11/97 - Released - -port to BSD/OS 3.0 - -port to Linux 2.0.31 - -patches to make "map a/m -> 0/0" work with ftp proxying properly - Marc Boucher - -add "ipf -F s" and "ipf -F S" to flush state table entries. - -announce if logging is on or off when ip filter initializes. - -"ipf -F a" doesn't flush groups properly for Solaris. - -3.2 30/10/97 - Released - -ipnat doesn't successfully remove proxy mappings with "-rf" - -Alexander Romanyu - -use K&R C function style for solaris kernel code - -use m_adj() to decrease packet size in ftp proxy - -use mbufchainlen rather than msgdsize, -IRIX update - Marc Boucher - -fix NetBSD modunload bug (pfil_add_hook done twice) - -patches for OpenBSD 2.1 - Craig Bevins - -3.2beta10 24/10/97 - Released - -fix fragment table entries allocated for NAT. - -fix tcp checksum calculations over mbuf/mblk boundaries - -fix panic for blen < 0 in ftp kernel proxy - marc boucher - -fix flushing of rules which have been grouped. - -3.2beta9 20/10/97 - Released - -some nit picking on solaris2 with SUNWspro - Michael Lyle - -ftp kernel proxy patches from Marc Boucher - -3.2beta8 13/10/97 - Released - -add support for passing ICMP errors back through NAT. - -IRIX port update - Marc Boucher - -calculate correct MIN size of packet to log for UDP - Marc Boucher - -need htons(ETHERTYPE_x) on little endian BSD boxes - Dave Huang - -copyright header fixups - -3.2beta7 23/09/97 - Released - -fickup problems introduced by prior merges & changes. - -3.2beta6 23/09/97 - Released - -patch for spin-reading race condition - Marc Boucher. - -IRIX port by Marc Boucher. - -compatibility updates for Linux to ipsend - -3.2beta5 13/09/97 - Released - -patches from Bernd Ernesti for NetBSD integration (mostly prototyping and -compiler warning things) - -ipf -y will resync IP#'s allocated with 0/32 in NAT to match interface if it -changes. - -update manual pages and other documentation updates. - -3.2beta4 27/8/97 - Released - -enable setting IP and TCP options for iplang/ - -Solaris2 patches from Marc Boucher. - -add groups for filter rules. - -3.2beta3 21/8/97 - Released - -patches for Solaris2 (interface panic solution ?): fix FIONREAD and -replacing q_qinfo points - Marc Boucher - -change ipsend/* and ipsd/* copyright notices to be the same as ip filter's - -patch for SYN-ACK skew testing fix from Eric V. Smith - -3.2beta2 6/8/97 - Released - -make it load on Solaris 2.3 - -rewrote logging to remove solaris errors, introduced checking to see if the -same packet is logged successively. - -fix filter cache to work when there are no rules loaded. - -add "raw" option to ipresend to send entire ethernet frames. - -nat list corruption bug - NetBSD - Klaus Klein - -3.2beta1 5/7/97 - Released - -patches from Jason Thorpe fixing: UNSIGNED_CHAR lossage, off_t being 64bits -lossage, and other NetBSD bits. - -NetBSD 1.2G update. - -fixup fwtk patches and add protocol field for SIOCGNATL. - -rdr bugs reported by Alexander Romanyu (alexr@aix.krid.crimea.ua), with -fixes: -* rdr matched all packets of a given protocol (ignored ports). -* severe bug in nat_delete which caused system crash/freeze. - -change Makefile so that CC isn't passed on for FreeBSD/NetBSD (will use -the default CC - cc, not gcc) - -3.2alpha9 16/6/97 - Released - -added "skip" keyword. - -implement preauthentication of packets, as outlined by Guido. - -Make it compile as cleanly as possible with -Wall & general code cleanup - -getopt returns int, not char. Bernd Ernesti - -3.2alpha8 13/6/97 - Released - -code added to support "auth" rules which require a user program to allow them -through. First revision and much of the code came from Guido. - -hex output from ipmon doesn't goto syslog when recovering from out of sync -error. Luke Mewburn (lukem@connect.com.au) - -fix solaris2.6 lookup of destination ire's. - -ipnat doesn't throw away unused bits (after masking), causing it to -behave incorrectly. Carson Gaspar - -NAT code doesn't include inteface name when matching - Alexey Mavrin - - -replace old SunOS tcpip.h with new tcpip.h (from 4.4BSD) - Jason Thorpe. - -update install procedures to include ip_proxy.c - -mask out unused bits in NAT/RDR rules. - -use a generic type (u_32_t) for 32bit variables, rather than rely on -u_long being such - Jason Thorpe. - -create a local "netinet" directory and include from ~netinet/*" rather than -just "*" to make keeping the code working on ports easier. - -add an m_copydata and m_copyback for SunOS4 (based on 4.4BSD-Lite versions) - -documentation updates. - -NetBSD update from Jason Thorpe - -allow RST's through with a matching SEQ # and 0 ACK. Guido Van Rooij - -ipmon uses excessive amounts of CPU on Solaris2 - Reinhard Bertram - - -3.2alpha7 25/5/97 - Released - -add strlen for pre-2.2 kernels - Doug Kite - -setup bits and pieces for compiling into a FreeBSD-2.2 kernel. - -split up "bsd" targets. Now a separate netbsd/freebsd/bsd target. -mln_ipl.c has been split up into itself and mlf_ipl.c (for freebsd). - -fix (negative) host matching in filtering. - -add sysctl interface for some variables when compiled into FreeBSD-2.2 kernels -or later. - -make all the candidates for kernel compiling include "netinet/..." and build -a subdirectory "netinet" when compiling and symlink all .h files into this. - -add install make target to Makefile.ipsend - -3.2alpha6 8/5/97 - Released - -Add "!" (not) to hostname/ip matching. - -Automatically add packet info to the fragment cache if it is a fragment -and we're translating addreses for. - -Automatically add packet info to the fragment cache if it is a fragment -and we're "keeping state" for the packet. - -Solaris2 patches - Anthony Baxter (arb@connect.com.au) - -change install procedure for FreeBSD 2.2 to allow building to a kernel -which is different to the running kernel. - -add FIONREAD for Solaris2! - -when expiring NAT table entries, if we would set a time to fr_tcpclosed -(which is 1), make it fr_tcplaskack(20) so that the state tables have a -chance to clear up. - -3.2alpha5 - -add proxying skeleton support and sample ftp transparent proxy code. - -add printfs at startup to tell user what is happening. - -add packets & bytes for EXPIRE NAT log records. - -fix the "install-bsd" target in the root Makefile. Chris Williams - - -Fixes for FreeBSD 2.2 (and later revs) to prevent panics. Julian Assange. - -3.2alpha4 2/4/97 - Released - -Some compiler warnings cleaned up. - -FreeBSD-2.2 patches for LKM completed. - -3.2alpha3 31/3/97 - Released - -ipmon changes: -N for reading NAT logfile, -S for reading state logfile. --a for reading all. -n now toggles hostname resolution. - -Add logging of new state entries and expiration of old state entries. -count log successes and failures. - -Add logging of new NAT entries and expiration of old NAT entries. -count log successes and failures. - -Use u_quad_t for records of bytes & packets where kept -(IP Accounting: fr_hits, fr_bytes; IP state: is_pkts, is_bytes). - -Fixup use of CPU and DCPU in Makefiles. - -Fix broken 0/32 NAT mapping. Carl Makin - -3.2alpha2 - -Implement mapping to 0/32 as being an alias for automatically using the -interface's first IP address. - -Implement separate minor devices for both NAT and IP state code. - -Fully prototype all functions. - -Fix Makefile problem due to attempt to fix Sun compiling problems. - -3.1.10 23/3/97 - Released - -ipfstat -a requires a -i or -o command line option too. Print an error -when not present rather than attempt to do something. - -patch updates for SunOS4 for kernel compiling. -patch for ipmon -s (flush's syslog file which isn't good). Andrew J. Schorr - - -too many people hit their heads hard when compiling code into the kernel -that doesn't let any packets through. (fil.c - IPF_NOMATCH) - -icmp-type parsing doesn't return any errors when it isn't constructed -correctly. Neil Readwin - -Using "-conf" with modload on SunOS4 doesn't work. -Timothy Demarest - -Need to define ARCH in makefile for SunOS4 building. "make sunos4" -in INSTALL.SunOS is incorrect. James R Grinter -[all SunOS targets now run buildsunos] - -NAT lookups are still incorrect, matching non-TCP/UDP with TCP/UDP -information. ArkanoiD - -Need to check for __FreeBSD_version being 199511 rather than 199607 -in mln_ipl.c. Eric Feillant - -3.1.9 8/3/97 - Released - -fixed incorrect lookup of active NAT entries. - -patch for ip_deq() wrong for pre 2.1.6 FreeBSD. -fyeung@fyeung8.netific.com (Francis Yeung) - -check for out with return-rst/return-icmp at wrong place - Erkki Ritoniemi -(erkki@vlsi.fi) - -text_readip returns the interface pointer pointing to text on stack - -Neil Readwin - -fix from Pradeep Krishnan for printout rules "with not opt sec". - -3.1.8 18/2/97 - Released - -Diffs for ip_output.c and ip_input.c updated to fix bug with fastroute and -compiling warnings about reuse of m0. - -prevent use of return-rst and return-icmp with rules blocking packets going -out, preventing panics in certain situations. - -loop forms in frag cache table - Yury Pshenychny - -should use SPLNET/SPLX around expire routines in NAT/frag/state code. - -redeclared malloc in 44arp.c - - -3.1.7 8/2/97 - Released - -Macros used for ntohs/htons supplied with gcc don't always work very well -when the assignment is the same variable being converted. - -Filter matching doesn't not match rule which checks tcp flags on packets -which are fragments - David Wilson - -3.1.7beta 30/1/97 - Released - -Fix up NAT bugs introduced in last major change (now tested), including -nat_delete(), nat_lookupredir(), checksum changes, etc. - -3.1.7alpha 30/1/97 - Released - -Many changes to NAT code, including contributions from Laurent Joncheray - - -Use "NO_SLEEP" when allocating memory under SunOS. - -Make kernel printf's nicer for BSD/SunOS4 - -Always do a checksum for packets being filtered going out and being -processed by fastroute. - -Leave kernel to play with cdevsw on *BSD systems with LKM's. - -ipnat.1 man page fixes. - -3.1.6 21/1/97 - Released - -Allow NAT to work on BSD systems in conjunction with "pass .. to ifname" - -Memory leak introduced in 3.1.3 in NAT lists, clearing of NAT table tried -to free memory twice. - -NAT recalculates IP header checksum based on difference between IP#'s and -port numbers - should be just IP#'s (Solaris2 only) - -3.1.5 13/1/97 - Released - -fixed setting of NAT timeouts and use different timeouts for concurrent -TCP sessions using the same IP# mapping (when port mapping isn't used) - -multiple loading/unloading of LKM's doesn't clean up cdevsw properly for -*BSD systems. - -3.1.4 10/1/97 - Released - -add command line options -C and -F to ipnat to flush NAT list and table - -ipnat -l loops on output - Neil Readwin (nreadwin@nysales.micrognosis.com) - -NetBSD/FreeBSD kernel malloc changes - Daniel Carosone - -3.1.3 10/1/97 - Released - -NAT chains not constructed correctly in hash tables - Antony Y.R Lu -(antony@hawk.ee.ncku.edu.tw) - -Updated INSTALL.NetBSD, INSTALL.FreeBSD and INSTALL.Sol2 - -man page update (ipf.5) from Daniel Carosone (dan@geek.com.au) - -ICMP header checksum update now included in NAT. - -Solaris2 needs to modify IP header checksums in ip_natin and ip_natout. - -3.1.2 4/12/96 - Released - -ipmon doesn't use syslog all the time when given -s option - -fixed mclput panic in ip_input.c and replace ntohs() with NTOHS() macro - -check the results of hostname resolution in ipnat - -"make *install" fixed for subdirectories. - -problems with "ARCH:=" and gnu make resolved - -parser reports an error for lines with whitespaces only rather than skipping -them. D.Carosone@abm.com.au (Daniel Carosone) - -patches for integration into NetBSD-current (post 1.2). - -add an option to allow non-IP packets going up/down the stream on Solaris2 -to be dropped. John Bass. - -3.1.2beta 21/11/96 - Released - -make ipsend compile on Linux 2.0.24 - -changes to TCP kept state algorithm, making it watch state on TCP -connections in both directions. Also use the same algorithm for NAT TCP. - --Wall cleanup - Bernd Ernesti - -added "or-block" for "pass .. log or-block" after a suggestion from -David Oppenheim (davido@optimation.com.au) - -added subdirectories for building IP Filter in SunOS5/BSD for different -cpu architecures - -Solaris2 fixes to logging and pre-filtering packet processing - 3.1.1p2 - -mbuf logging not using mtod(), remove iplbusy - 3.1.1p1 1/11/96 - -3.1.1 28/10/96 - Released - -Installation script fixes and deinstall scripts for IP Filter on: -SunOS4/FreeBSD/NetBSD - -Man page fixes - Paul Dubois (dubois@primate.wisc.edu) - -Fix use of SOLARIS macro in ipmon, rewrote ipllog() (again!) - -parsing isn't completely case insensitive - David Wilson -(davidw@optimation.com.au) - -Release ipl_mutex across uiomove() calls - -print entire rule entries out for "ipf -z" when zero'ing per-rule stats. - -ipfstat returns same output for "hits" in "ipfstat -aio" - Terletsky Slavik -(ts@polynet.lviv.ua) - -New algorithm for setting timeouts for TCP connection (more closely follow -TCP FSM) - Pradeep Krishnan (pkrishna@netcom.com) - -Track both window sizes for TCP connections through "keep state". - -Solaris2 doesn't like _KERNEL defined in stdargs.h - Jos van Wezel -(wezel@bio.vu.nl) - -3.1.1-beta2 6/10/96 - Released - -Solaris2 fastroute/dup-to/to now works - -ipmon `record' reading rewritten - -Added post-NetBSD1.2 packet filter patches - Mathew Green (mrg@eterna.com.au) - -Attempt to use in_proto.c.diff, not "..diffs" for SunOS4 - David Wilson -(davidw@optimation.com.au) - -Michael Ryan (mike@NetworX.ie) reports the following: -* The Trumpet WinSock under Windows always sends its SYN packet with an ACK - value of 1, unlike any other implementation I've seen, which would set it - to zero. The "keep state" feature of IP Filter doesn't work when receiving - non-zero ACK values on new connection requests. -* */Makefile install rule doesn't install all the binaries/man pages -* Make ipnat use "tcp/udp" instead of "tcpudp" -* Print out "tcp/udp" properly -* ipnat "portmap tcp" matches "portmap udp" when adding/removing -* NAT dest. ip# increased by one on mask of 0xffffffff when it shouldn't - -3.1.1-beta 1/9/96 - Released - -add better detection of TCP connections closing to TCP state monitoring. - -fr_addstate() not called correctly for fragments. "keep state" and -"keep frag" code don't work together 100% - Songqing Cai -(songqing_cai@sterling.com) - -call to fr_addstate() incorrect for adding state in combination with keeping -fragment information - Songqing Cai (songqing_cai@sterling.com) - -KFREE() passed fp (incorrect) and not fr (correct) in ip_frag.c - John Hood -(cgull@smoke.marlboro.vt.us) - -make ipf parser recognise '\\' as a `continued line' marker - Dima Ruban -(dima@best.net) - -3.1.1-alpha 23/8/96 - Released - -kernel panic's when ICMP packets go through NAT code - -stats aren't zero'd properly with ipf -Z - -ipnat doesn't show port numbers correctly all the time and also add the -protocol (tcp/udp/tcpudp) to rdr output - Carson Gaspar (carson@lehman.com) - -fast checksum fixing not 100% - backout patch - Bill Dorsey (dorsey@lila.com) - -NetBSD-1.2 patches from - VaX#n8 - -Usage() call error in fils.c - Ajay Shekhawat (ajay@cedar.buffalo.edu) - -ip_optcopy() staticly defined in ip_output.c in SunOS4 - Nick Hall -(nrh@tardis.ed.ac.uk) - -3.1.0 7/7/96 - Released - -Reformatted ipnat output to be compatible with it's input, so that -"ipnat -l | ipnat -rf -" is possible. - -3.1.0beta 30/6/96 - Released - -NetBSD-1.2 patches from Greg Woods (woods@most.weird.com) - -kernel module must not be installed stripped (Solaris2), as created by -"make package" for Solaris2 - Peter Heimann -(peter@i3.informatik.rwth-aachen.de) - -3.1.0alpha 5/6/96 - Released - -include examples in package for solaris2 - -patches for removing an extra ip header checksum (FreeBSD/NetBSD/SunOS) - -removed trailing space from printouts of rules in ipf. - -ipresend supports the same range of inputs that ipftest does. - -sending a duplicate copy of a packet to another network devices is now -supported. ("dup-to") - -sending a packet to an arbitary interface is now supported, irrespective -of its actual route, with no ttl decrement. Can also be routed without -the ttl being decremented. ("to" and "fastroute"). - -"call" option added to support calling a generic function if a packet is -matched. - -show all (upto 4) recorded bytes from the interface name in logging from -ipmon. - -support for using unix file permissions for read/write access on the device -is now in place. - -recursive mutex in nat_new() for Solaris 2.x - Per L. Hagen - -ipftest doesn't call initparse() for THISHOST - Catherine Allen -(cla@connect.com.au) - -Man page corrections from Rex Bona (rex@pengo.comsmiths.com.au) - -3.0.4 10/4/96 - Released - -looop in `parsing' IP packets with optlen 0 for ip options. - -rule number not initialized and resulted in unexpected results for state -maching. - -option parsing and printing bugs - Pradeep Krishnan - -3.0.4beta 25/3/96 - Released - -wouldn't parse "keep flags keep state" correctly. - -SunOS4.1.x ip_input.c doesn't recognise all 1s broadcast address - Nigel Verdon - -patches for BSDI's BSD/OS 2.1 and libpcap reader on little endian systems -from Thorsten Lockert - -b* functions in fil.c on Solaris 2.4 - -3.0.3 17/3/96 - Released - -added patches to support IP Filter initialisation when compiled into the -kernel. - -added -x option to ipmon to display hex dumps of logged packets. - -added -H option to ipftest to allow ascii-hex formatted input to specify -arbitary IP packets. - -Sending TCP RSTs as a response now work for Solaris2 x86 - -add patches to make IP Filter compile into NetBSD kernels properly. - -patch to stop SunOS 4.1.x kernels panicing with "data traps". - -ipfboot script unloads and reloads ipf module on Solaris2 if it is already -loaded into the kernel. - -Installation of IP Filter as a Solaris2 package is now supported. - -Man pages for ipnat.4, ipnat.5 added. - -added some more regression tests and fixed up IP Filter to pass the new tests -(previous versions failed some of the tests in set 12). - -IP option filter processing has changed so that saying "with opt lsrr" will -check only for that one, but not mask out other options, so a packet with -strict source routing, along with loose source routing will match all of -"with opt lsrr", "with opt ssrr" and "with opt lsrr,ssrr". - -IPL_NAME needed in ipnat.c - Kelly (kelly@count04.mry.scruznet.com) - -patches for clean NetBSD compilation from Bernd Ernesti (bernd@arresum.inka.de) - -make install is incorrect - Julian Briggs (julian@lightwork.co.uk) - -strtol() returns 0x7fffffff for all negative numbers, -printfr() generates incorrect output for "opt sec-class *", -handling of "not opt xxx opt yyy" incorrect. -- Minh Tonthat (minht@sbei.com)/Pradeep Krishnan (pradeepk@sbei.com) - -m_pullup() called only for input and not output; caused problems -with filtering icmp - Nigel Verdon (verdenn@gb.swissbank.com) - -parsing problem for "port 1" and NetBSD patches incorrect - -Andreas Gustafsson (gson@guava.araneus.fi) - -3.0.2 4/2/96 - Released - -Corrected bug where NAT recalculates checksums for fragments. - -make NAT recalculate UDP checksums (rather than setting them to 0), -if they're non-zero. - -DNS patches - Real Page (Real.Page@Matrox.com) - -alteration of checksum recalculations in NAT code and addition of -redirection with NAT - Mike Neuman - -core dump, if tcp/udp is used with a port number and not service name, -in ipf - Mike Neuman (mcn@engarde.com) - -initparse() call, missing to prime "" hook - Craig Bishop - -3.0.1 14/1/96 - Released - -miscellaneous patches for Solaris2 - -3.0 14/1/96 - Released - -Patch included for FDDI, from Richard Ohnemus -(Richard_Ohnemus@dallas.csd.sterling.com) - -Code cleanup for release. - -3.0beta4 10/1/96 - -recursive mutex in ipfr_slowtimer fixed, reported by Craig Bishop - -recursive mutex in sending TCP RSTs fixed, reported by Tony Becker - -3.0beta3 9/1/96 - -FIxup for Solaris2.5 install and interface name bug in ipftest from -Julian Briggs (julian@lightwork.co.uk) - -Byte order patches for ipmon from Tony Becker (tony@mcrsys.com) - -3.0beta2 7/1/96 - -Added the (somewhat warped) IP accounting as it exists in ipfw on FreeBSD. -Note, this isn't really what one would call IP account, when compared to -process accounting, sigh. - -Split up ipresend into iptest/ipresend/ipsend - -Added another m_pullup() inside fr_check() for BSD style kernels and -added some checks to ipllog() to not log more than is present (for short -packets). - -Fixed bug where failed hostname/netname resolution goes undetecte and -becomes 0.0.0.0 (any) (reported Guido van Rooij) - -3.0beta 11/11/95 - Released - -Rewrote the way rule testing is done, reducing the number of files needed and -generated. - -SIOCIPFFL was incorrectly affected by IPFILTER_LOG (Mathew Green) - -Patches from Guido van Rooij to fix sending back TCP RSTs on Net-2/Net-3 -BSD based Unixes (panic'd) - -Patches for FreeBSD/i86 ipmon from Riku Kalinen -(I think someone else already told me about these but they got lost :-/) - -Changed Makefile structure to build object files for different operating -systems in separate directories by default. - -BSDI has ef0 for first ethernet interface - -Allow for a "not" operator before optional keywords. - -The "rule number" was being incorrectly incremented every time it went through -the loop rather than when it matched a rule. - -2.8.2 24/10/95 - Released - -Fixed up problems with "textip" for doing lots of testing. - -Fixed bug in detection of "short" tcp/ip packets (all reported as being short). - -Solaris 2.4 port now works 100%. - -Man page errors reported and fixed. - -Removed duplicate entry in etc/services for login on port 49 (Craig Bishop). - -Fixed ipmon output to put a space after the log-letter. - -Patch from Guido van Rooij to fix parsing problem. - -2.8.1 15/10/95 - Released - -Added ttl and tos filtering. - -Patches for fixing up compilation and port problems (little endian) -from Guido van Rooij . - -Man page problems reported and fixed by Carson Gaspar . - -ipsend doesn't compile properly on Solaris2.4 - -Lots of work done for Solaris2.4 to make it MT/MP safe and work. - -2.8 15/9/95 - Released - -ipmon can now send messages to syslogd (-s) and use names instead of -numbers (-N). - -IP packets are now "compiled" into a structure only containing filterable -bits. - -Added regression testing in the test/ subdirectory, using a new option -(-b) with the ipftest program. - -Added "nomatch" return to filter results. These are counted and show -up in reports from ipfstat. - -Moved filter code out of ip_fil.c and into fil.c - there is now only one -instance of it in the package. - -Added Solaris 2.4 support. - -Added IPSO basic security option filtering. - -Added name support for filtering on all 19 named IP options. - -Patches from Ivan Brawley to log packet contents as well as packet headers. - -Update for sun/conf.c.diff from Ivan Brawley - -Added patches for FreeBSD 1, and added two new switches (-E, -D) to ipf, -along with a new ioctl, SIOCFRENB. -From: Dieter Dworkin Muller - -2.7.3 31/7.95 - Released - -Didn't compile cleanly without IPFILTER_LOG defined (Mathew Green). - -ipftest now deals with tcpdump3 binary output files (from libpcap) with -P. - -Brought ipftest program upto date with actual filter code. - -Filter would cause a match to occur when it wasn't meant to if the packet -had short headers and was missing portions that should have been there. -Err, it would rightly not match on them, but their absence caused a match -when it shouldn't have been. - -2.7.2 26/7/95 - Released - -Problem with filtering just SYN flagged packets reported by -Dieter Dworkin Muller . To solve this -problem, added support for masking TCP flags for comparison "flags X/Y". - -2.7.1 9/7/95 - Released - -Added ip_dirbroadcast support for Sun ip_input.c - -Fixed up the install scripts for FreeBSD/NetBSD to recognise where they are -better. - -2.7 7/7/95 - Released - -Added "return-rst" to return TCP RST's to TCP packets. - -Actually ported it to FreeBSD-i386 2.0.0, so it works there properly now. - -Added insertion of filter rules. Use "@<#>" at the beginning of a filter -to insert a rule at row #. - -Filter keeps track of how many times each rule is matched. - -Changed compile time things to match kernel option (IPFILTER_LKM & -IPFILTER_LOG). - -Updated ip_input.c and ip_output.c with paches for 3.5 Multicast IP. -(No change required for 3.6) - -Now includes TCP fragments which start inside the TCP header as being short. -Added counting the number of times each rule is matched. - - -2.6 11/5/95 - Released - -Added -n option to ipf: when supplied, no changes are made to the kernel. - -Added installation scripts for SunOS 4.1.x and NetBSD/FreeBSD/BSDI. - -Rewrote filtering to use a more generic mask & match procedure for -checking if a packet matches a rule. - -2.5.2 27/4/95 - Released - -"tcp/udp" and a non-initialised pointer caused the "proto" to become -a `random' value; added "ip#/dotted.mask" notation to the BNF. -From Adam W. Feigin - -2.5.1 22/3/95 - Released - -"tcp/udp" had a strange effect (undesired) on getserv*() functions, -causing protocol/service lookups to fail. Reported by Matthew Green. - -2.5 17/3/95 - Released - -Added a new keyword "all" to BNF and parsing of tcpdump/etherfind/snoop -output through the ipftest program. Suggestions from: -Michael Ciavarella (mikec@phyto.apana.org.au) - -Conflicts occur when "general" filter rules are used for ports and the -lack of a "proto" when used with "port" matches other packets when only -TCP/UDP are implied. -Reported Matthew Green (mrg@fulcom.com.au); -reported & fixed 6-8/3/95 - -Added filtering of short TCP packets using "with short" 28/2/95 -(These can possibly slip by checks for the various flags). Short UDP -or ICMP are dropped to the floor and logged. - -Added filtering of fragmented packets using "with frag" 24/2/95 - -Port to NetBSD-current completed 20/2/95, using LKM. - -Added logging of the rule # which caused the logging to happen and the -interface on which the packet is currently as suggested by -Andreas Greulich (greulich@math-stat.unibe.ch) 10/2/95 - -2.4 9/2/95 - Released -Fixed saving of IP headers in ICMP packets. - -2.3 29/1/95 -Added ipf -F [in|out|all] to flush filter rule sets (SIOCIPFFL). -Fixed iplread() and iplsave() with help from Marc Huber. - -2.2 7/1/95 - Released -Added code from Marc Huber to allow it to allocate -its own major char number dynamically when modload'ing. Fixed up -use of <, >, <=, >= and >< for ports. - -2.1 21/12/94 - Released -repackaged to include the correct ip_output.c and ip_input.c *goof* - -2.0 18/12/94 - Released -added code to check for port ranges - complete. -rewrote to work as a loadable kernel module - complete. - -1.1 -added code for ouput filtering as well as input filtering and added support for logging to a simple character device of packet headers. - -1.0 22/04/93 - Released -First release cut. diff --git a/contrib/ipfilter/IMPORTANT b/contrib/ipfilter/IMPORTANT deleted file mode 100644 index 0ef7a3d390..0000000000 --- a/contrib/ipfilter/IMPORTANT +++ /dev/null @@ -1,11 +0,0 @@ - **************************************** - IMPORTANT NOTICE - **************************************** -1) - -If you have BOTH GNU make and the normal make shipped with your system, -DO NOT use the GNU make to build this package. - -Darren -darrenr@pobox.com - **************************************** diff --git a/contrib/ipfilter/INST.FreeBSD-2.2 b/contrib/ipfilter/INST.FreeBSD-2.2 deleted file mode 100644 index 78f7295e08..0000000000 --- a/contrib/ipfilter/INST.FreeBSD-2.2 +++ /dev/null @@ -1,60 +0,0 @@ - -To build a kernel for use with the loadable kernel module, follow these -steps: - 1. In /sys/i386/conf, create a new kernel config file (to be used - with IPFILTER), i.e. FIREWALL and run config, i.e. "config FIREWALL" - - 2. build the object files, telling it the name of the kernel to be - used. "freebsd22" MUST be the target, so the command would be - something like this: "make freebsd22 IPFILKERN=FIREWALL" - - 3. do "make install-bsd" - (probably has to be done as root) - - 4. run "FreeBSD-2.2/minstall" as root - - 5. build a new kernel - - 6. install and reboot with the new kernel - - 7. use modload(8) to load the packet filter with: - modload if_ipl.o - - 8. do "modstat" to confirm that it has been loaded successfully. - -There is no need to use mknod to create the device in /dev; -- upon loading the module, it will create itself with the correct values, - under the name (IPL_NAME) from the Makefile. It will also remove itself - from /dev when it is modunload'd. - -To build a kernel with the IP filter, follow these steps: - -*** KERNEL INSTALL CURRENTLY UNSUPPORTED *** - 1. do "make freebsd22" - - 2. do "make install-bsd" - (probably has to be done as root) - - 3. run "FreeBSD-2.2/kinstall" as root - - 4. build a new kernel - - 5a) For FreeBSD 2.2 (or later) - create devices for IP Filter as follows: - mknod /dev/ipl c 79 0 - mknod /dev/ipnat c 79 1 - mknod /dev/ipstate c 79 2 - mknod /dev/ipauth c 79 3 - - 5b) For versions prior to FreeBSD 2.2: - create devices for IP Filter as follows (assuming it was - installed into the device table as char dev 20): - mknod /dev/ipl c 20 0 - mknod /dev/ipnat c 20 1 - mknod /dev/ipstate c 20 2 - mknod /dev/ipauth c 20 3 - - 6. install and reboot with the new kernel - -Darren Reed -darrenr@pobox.com diff --git a/contrib/ipfilter/INSTALL.FreeBSD b/contrib/ipfilter/INSTALL.FreeBSD deleted file mode 100644 index c732bacfaa..0000000000 --- a/contrib/ipfilter/INSTALL.FreeBSD +++ /dev/null @@ -1,7 +0,0 @@ - -*** IF you are using FreeBSD 2.2.x, see the file "INST.FreeBSD-2.2" *** -*** IF you are using FreeBSD 3.x, see the file "FreeBSD-3/INST.FreeBSD-3" *** -*** IF you are using FreeBSD 4.x, see the file "FreeBSD-4.0/INST.FreeBSD-4" *** - -Darren Reed -darrenr@pobox.com diff --git a/contrib/ipfilter/INSTALL.xBSD b/contrib/ipfilter/INSTALL.xBSD deleted file mode 100644 index b06ad4b8ab..0000000000 --- a/contrib/ipfilter/INSTALL.xBSD +++ /dev/null @@ -1,44 +0,0 @@ - -To build a kernel for use with the loadable kernel module, follow these -steps: - 1. do "make bsd" - - 2. cd to the "BSD" directory and type "make install" - - 3. run "4bsd/minstall" as root - - 4. build a new kernel - - 5. install and reboot with the new kernel - - 6. use modload(8) to load the packet filter with: - modload if_ipl.o - - 7. do "modstat" to confirm that it has been loaded successfully. - -There is no need to use mknod to create the device in /dev; -- upon loading the module, it will create itself with the correct values, - under the name (IPL_NAME) from the Makefile. It will also remove itself - from /dev when it is modunload'd. - -To build a kernel with the IP filter, follow these steps: - - 1. do "make bsd" - - 2. cd to the "BSD" directory and type "make install" - - 3. run "4bsd/kinstall" as root - - 4. build a new kernel - - 5. create devices for IP Filter as follows (assuming it was - installed into the device table as char dev 20): - mknod /dev/ipl c 20 0 - mknod /dev/ipnat c 20 1 - mknod /dev/ipstate c 20 2 - mknod /dev/ipauth c 20 3 - - 6. install and reboot with the new kernel - -Darren -darrenr@pobox.com diff --git a/contrib/ipfilter/IPF.KANJI b/contrib/ipfilter/IPF.KANJI deleted file mode 100644 index 85af5ce9e9..0000000000 --- a/contrib/ipfilter/IPF.KANJI +++ /dev/null @@ -1,465 +0,0 @@ -IP filter $B%7%g!<%H%,%$%I(B Dec, 1999 - -$B%[!<%`%Z!<%8(B: http://coombs.anu.edu.au/~avalon/ip-filter.html -FTP: ftp://coombs.anu.edu.au/pub/net/ip-filter/ - - $B30;3(B $B=c@8(B - $B;3K\(B $BBY1'(B - ------ -$B$O$8$a$K(B - -IP filter $B$r(B gateway $B%^%7%s$K%$%s%9%H!<%k$9$k$3$H$G%Q%1%C%H%U%#(B -$B%k%?%j%s%0$r9T$&$3$H$,$G$-$^$9!#(B - -$B%$%s%9%H!<%k$NJ}K!$O!"(BINSTALL$B$K=q$$$F$"$k$N$G!"$=$A$i$r;2>H$7$F(B -$B$/$@$5$$!#(BIP filter $B$N%P!<%8%g%s(B 3.3.5 $B$O!"(B - Solaris/Solaris-x86 2.3 - 8 (early access) - SunOS 4.1.1 - 4.1.4 - NetBSD 1.0 - 1.4 - FreeBSD 2.0.0 - 2.2.8 - BSD/OS-1.1 - 4 - IRIX 6.2 -$B$GF0:n$9$k$3$H$,3NG'$5$l$F$$$^$9!#(B - -$B$J$*!"(B64 bit kernel $B$NAv$C$F$k(B Solaris7 $B%^%7%s$G$O!"(Bgcc $B$H$+$G%3(B -$B%s%Q%$%k$7$?(B kernel driver $B$OF0:n$7$^$;$s!#(B - -$B$=$N$h$&$J>l9g$K$O!"(Bprecompiled binary $B$r(B -ftp://coombs.anu.edu.au/pub/net/ip-filter/ip_fil3.3.2-sparcv9.pkg.gz -(1999$BG/(B12$B7n(B14$BF|8=:_!"$^$@(B3.3.5$B$O%Q%C%1!<%8$K$J$C$F$$$^$;$s(B) -$B$+$il9g$O(B pass $B$H$J$j$^$9!#(B - -log $B$H$$$&$N$O!"$3$N%k!<%k$K%^%C%A$9$k%Q%1%C%H$N%m%0$re$N%m%0$O>C$($F(B -$B$7$^$$$^$9!#(B - -/dev/ipl $B$NFbMF$rFI$_=P$9$K$O(B ipmon $B$H$$$&%W%m%0%i%`$r;H$$$^$9!#(B -ipmon $B$O(B stdout, syslog, $B$b$7$/$ODL>o$N%U%!%$%k$K%m%0$r=PNO$7$^(B -$B$9!#5/F0;~$K(B ipmon $B$rN)$A>e$2$k$J$i!" /dev/null 2>&1 & - -${IPMONLOG} $B$OE,Ev$J%U%!%$%kL>$KCV49$7$F$/$@$5$$!#(Bsyslog $B$K=PNO(B -$B$9$k>l9g$O!"(B-s $B%*%W%7%g%s$rIU$1$^$9!#(Bsyslog $B$K=PNO$9$k>l9g!"(B -local0.info $B$r5-O?$9$k$h$&$K(B syslog.conf $B$rJT=8$7$F$/$@$5$$!#(B -$BNc$($P!"(B - -local0.info ifdef(`LOGHOST', /var/log/syslog, @loghost) - - -quick $B$H$$$&$N$O!"$3$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$O0J9_$N%k!<%k$r(B -$BD4$Y$:$K!"%"%/%7%g%s(B(block or pass)$B$K=>$o$;$k$H$$$&$b$N$G$9!#$?(B -$B$@$7!"Nc30$,$"$j$^$9!#8e=R$7$^$9!#(B - - -===================== $B$3$3$+$i(B ==================== -########## group setup -# -block in on hme1 all head 100 -block out on hme1 all head 150 -pass in quick on hme0 all -pass out quick on hme0 all -===================== $B$3$3$^$G(B ==================== - -$BJN,7A$G$9!#(B - -$B30It$H$N%$%s%?!<%U%'!<%9$G$"$k(B hme1 $B$O(B incoming $B$H(B outgoing $B$G!"(B -$B$=$l$>$l(B group 100 $BHV$H(B 150 $BHV$KJ,N`$7$^$9!#(Bhead $B$H$$$&$N$O!"$3(B -$B$N%k!<%k$K%^%C%A$7$?%Q%1%C%H$r< 140 group 160 -# -## pass all TCP connection setup packets except for netbios ports (137-139). -# -pass out quick proto tcp from any to any flags S/SAFR keep state head 170 group 150 -block out log quick proto tcp from any to any port 136 >< 140 group 170 -===================== $B$3$3$^$G(B ==================== - -$B$3$l$O4pK\E*$KA4$F$N%Q%1%C%H$r5v$9%k!<%k$G$9!#$7$+$7!"(Bnetbios -(137-139/udp, tcp)$B$N%]!<%H$@$1$O6X;_$7$F$$$^$9!#(Bnetbios$B$O(B Windows -$B$N%U%!%$%k6&M-$G;H$o$l$k%]!<%H$G!"$3$N%]!<%H$,3+$$$F$$$k$H!"(B -Windows$B$N@_Dj$K$h$C$F$O!"@$3&Cf$+$i%U%!%$%k$rFI$_=q$-$G$-$k(B -$B62$l$,$"$j$^$9!#(B - -$B$3$3$G!"4JC1$K=q<0$r8+$F$*$/$H!"(B -* $B:G=i$NC18l$G!"(Bblock$B$9$k$+(Bpass$B$9$k$+;XDj$9$k(B -* proto $B$N8e$NC18l$G!"(Bprotocol$B$r;XDj$9$k(B(udp, tcp, icmp, etc.)$B!#(B -* from A to B $B$G!"$I$3$+$i$I$3$X$N%Q%1%C%H$+$r;XDj$9$k(B -* head XXX$B$r;XDj$9$k$H!"$=$N9T$G;XDj$5$l$"$?%Q%1%C%H$O!"(Bgroup - XXX$B$H$7$F;2>H$G$-$k(B -* group$B$r;XDj$9$k$3$H$G!"5,B'$rE,MQ$9$k8uJd$r(B($BM=$a(Bhead$B$G@_Dj$7$?(B) - group$B$K8BDj$G$-$k!#(B - -$B$^$?!"(Bfrom A to B$B$N(BA$B$d(BB$B$O!"(BIP$B%"%I%l%9$H(Bport$B$r=q$/$3$H$,$G$-$^$9!#(B - from any to any port 136 >< 140 -$B$H$$$&$N$O!"(B - $B!VG$0U$N%]!<%H$NG$0U$N%"%I%l%9$+$i!"(B137$BHV$+$i(B139$BHV%]!<%H$NG$0U$N(B - $B%"%I%l%9$X$N%Q%1%C%H!W(B -$B;XDj$7$F$$$k$3$H$K$J$j$^$9!#$^$?!"HV9f$NBe$o$j$K(B/etc/service$B$K5-(B -$B=R$5$l$F$$$k%5!<%S%9L>$r5-=R$9$k$3$H$b$G$-$^$9!#(B -$B$?$H$($P(B - from any to any port = telnet -$B$H(B - from any to any port = 23 -$B$OF1$80UL#$H$J$j$^$9!#(B - -$B$5$F!"$3$3$G(B quick $B$NNc30$r@bL@$7$F$*$-$^$9!#(Bquick $B$NIU$$$?(B -rule $B$,(B head $B$G?7$?$J%0%k!<%W$r:n$k>l9g!"=hM}$O$^$@$3$N;~E@(B -$B$G$O3NDj$7$^$;$s!#0J9_!"!V(Bhead $B$G@k8@$5$l$?%0%k!<%W$N%k!<%k!W(B -$B$N$_=hM}$9$k$H$$$&0UL#$K$J$j$^$9!#$G$9$+$i>e$N!"(B - -pass out quick proto udp from any to any keep state head 160 group 150 -block out log quick proto udp from any to any port 136 >< 140 group 160 - -$B$O!"$^$:(B 150$BHV%0%k!<%W$K%^%C%A$9$k(B UDP $B%Q%1%C%H$OAGDL$7(B -$B$9$k!"$,!"0J2<$N(B 160$BHV$KB0$9$k%k!<%k$r$^$@=hM}$9$k!#(B -$B$=$7$F(B2$B9TL\$G(B 160$BHV%0%k!<%W$KBP$7$F(B netbios packet $B$r(B -block $B$7$F$$$kLu$G$9!#(B -$B0l9TL\$K%^%C%A$7$?%Q%1%C%H$O0J2<$K$b$7(B150$BHV$N%0%k!<%W$N(B -$B%k!<%k$,$"$C$?$H$7$F$b!"L5;k$9$k$3$H$KCm0U$7$F$/$@$5$$!#(B - ----------- -$BpJs(B(RIP)$B$N%Q%1%C%H$O!"A4It5v$7$^$9!#(B -pass in quick proto udp from any to any port = 520 keep state group 100 - -* ICMP$B$N%Q%1%C%H$OA4It5v$7$^$9!#(B -pass in quick proto icmp from any to any group 100 - -* $BFbIt$+$i30It$X$N(Bftp$B$r5v$9$?$a$K!"(Bftp-data port$B$+$i0lHL%]!<%H$X(B - $B$NG$0U$N@\B3$r 1023 flags S/SA keep state group 100 - - $B$7$+$7!"$3$l$O0lHL$K8@$C$FB?>/4m81$J9T0Y$G$9!#@\B3$G$-$k$N$,(B - 1024$BHV0J9_$N0lHL%]!<%H$K8BDj$O$5$l$^$9$,!"$"$^$j$*4+$a$G$-$^$;$s!#(B - $B$3$N9T$r2C$($:$K!"(Bpassive mode (ftp $B$G(B pasv $B%3%^%s%I$GF~$l$k(B) - $B$G(B FTP $B$r$9$k$3$H$r4+$a$^$9!#$J$*!":G6a$N(B FTP client $B$O:G=i(B - $B$+$i(B passive mode $B$KL5>r7o$G$7$F$7$^$&$b$N$,B?$$$h$&$G$9!#(B - -* sendmail$B$d(Bftpd$B$K7R$0$H!"Ajo$O5/F0$5$l$F$$(B - $B$J$$(B daemon $B$J$N$G!"AGDL$7$7$F$b%;%-%e%j%F%#%[!<%k$K$J$k$3$H$O$"(B - $B$j$^$;$s(B(connection refused$B$K$J$k$@$1$G$9(B)$B!#$3$l$r3+$1$J$$$H!"(B - $BAjH$9$k$3$H$,$G$-$^$9!#(B - -$BB>$K$b5v$7$?$$%[%9%H$rA}$d$7$?$$$H$-$O!">e$HF1MM$K$7$F!"(Bhead$B$N8e(B -$B$K!"?7$7$$?t;z(B(112, 113$B$J$I(B)$B$r3d$jEv$F$F$/$@$5$$!#(B - -$B$b$&0lEYCm0U$7$F$*$-$^$9$,!"(Bquick $B$H(B head $B$,F1;~$K8=$l$k%k!<%k(B -$B0J9_$G$O!"(Bhead $B$G@k8@$5$l$?%0%k!<%W$N%k!<%k$7$+E,MQ$5$l$J$/$J$j(B -$B$^$9!#$G$9$+$i!">e$N(B ident $B$d(B ftp data-port $B$N$h$&$K!"FbIt$N(B -$BA4$F$N%[%9%H$K%^%C%A$9$k%k!<%k$O!"$3$N%[%9%H$K$h$k%0%k!<%WJ,$1(B -$B$NA0$KCV$/I,MW$,$"$j$^$9!#(B - - -X$B$X$O!"(Btelnet, ftp, ssh $B$r!"(BY$B$X$O!"(Bftp, http, smtp, pop $B$r5v$9$3(B -$B$H$K$7$^$9!#(B - -* X(group 110)$B$X$N(Btelnet$B$r5v$7$^$9(B -pass in quick proto tcp from any to any port = telnet keep state group 110 - -* X$B$X$N(Bftp$B$r5v$7$^$9!#(Bftp-data port $B$b3+$1$F$*$-$^$9!#(B - ($BI,MW$,$"$k$+$I$&$+3NG'$O$7$F$$$^$;$s$,!"3+$1$F$$$F$b0BA4$G$7$g$&(B)$B!#(B -pass in quick proto tcp from any to any port = ftp keep state group 110 -pass in quick proto tcp from any to any port = ftp-data keep state group 110 - -* X$B$X$N(Bssh$B$r5v$7$^$9!#(B -pass in quick proto tcp from any to any port = 22 keep state group 110 - -* Y$B$X$N(Bftp$B$r5v$7$^$9!#(B -pass in quick proto tcp from any to any port = ftp keep state group 111 -pass in quick proto tcp from any to any port = ftp-data keep state group 111 -pass in quick proto tcp from any to any port 2999 >< 3100 keep state group 111 - - Y$B$O(B anonoymous ftp $B%5!<%P$r1?1D$7$F$$$k$?$a(B wu-ftpd $B$r;H$C$F$$(B - $B$^$9!#(Bwu-ftpd $B$O(B passive mode $B$N(BFTP$B$K$bBP1~$7$F$$$^$9$N$G!"$I(B - $B$N%]!<%H$r(BPASV$BMQ$K;H$&$+!"(Bwu-ftpd $B$N@_Dj$K=q$$$F$*$/I,MW$,$"$j(B - $B$^$9!#$3$3$G$O(B3000$B$+$i(B3099$BHV%]!<%H$r;HMQ$9$k$h$&$K!"(Bwu-ftpd $B$r(B - $B@_Dj$7$F$$$^$9!#(B - - passive FTP $B$K$D$$$F2r@b$7$^$9!#(Bpassive FTP $B$O!"%/%i%$%"%s%H$,(B - $B%U%!%$%"%&%)!<%k$NFbB&$K$$$k>l9g$N$?$a$K3+H/$5$l$?%W%m%H%3%k$G(B - $B$9!#%G%U%)%k%H$G$O>e$G@bL@$7$?$h$&$K!"%G!<%?E>Aw$N$?$a!"%5!<%P(B - $B$N(B ftp-data port $B$+$i%/%i%$%"%s%H$K@\B3$,$$$-$^$9!#(B - - passive FTP $B$G$O!"%G!<%?E>Aw$b(B client $B$+$i%5!<%P$K@\B3$9$k$h$&(B - $B$K$J$j$^$9!#$=$N:]!"%5!<%P$OE,Ev$J%]!<%HHV9f$r3d$j?6$C$F!"$=$3(B - $B$K%/%i%$%"%s%H$,@\B3$9$k$h$&;X<($7$^$9!#(B - - $B$3$N$?$a!"%5!<%P$,%U%!%$%"%&%)!<%kFb$K$$$k>l9g!"E,Ev$J%]!<%HHV(B - $B9f$O%U%!%$%"%&%)!<%k$G$O$M$i$l$F$7$^$$$^$9!#$=$3$G!"(Bwu-ftpd $B$N(B - $B@_Dj$G!"3d$j?6$k%]!<%HHV9f$NHO0O$r8BDj$7$F!"$=$3$@$1%U%!%$%"(B - $B%&%)!<%k$K7j$r3+$1$F$$$k$o$1$G$9!#(Bwu-ftpd $B$N>l9g$O!"(Bftpaccess - $B$H$$$&%U%!%$%k$K(B - - # passive ports - passive ports 0.0.0.0/0 3000 3099 - - $B$HDI2C$9$k$3$H$G@_Dj$G$-$^$9!#(Bftpaccess(5)$B$r;2>H$7$F$/$@$5$$!#(B - -* Y$B$X$N(Bhttp$B$r5v$7$^$9!#(B -pass in quick proto tcp from any to any port = 80 keep state group 111 - -* Y$B$X$N(Bsmtp$B$r5v$7$^$9!#(B -pass in quick proto tcp from any to any port = smtp keep state group 111 - -* Y$B$X$N(Bpop$B$r5v$7$^$9!#(B -pass in quick proto tcp from any to any port = 110 keep state group 111 - -$B0J>e$N@_Dj$K$h$j!"(BX, Y $B0J30$N%^%7%s$X$N!"30It$+$i$N@\B3$O!"0l@Z(B -$B9T$($J$/$J$j$^$9$N$G!"(Bremote exploit $BBP:v$O!"(BX, Y $B$K$N$_9T$($P$h(B -$B$/$J$j!"4IM}$N$N%W%m%H%3%k$rDL$9>l9g$b!">e$r;29M$K$7$FDL$7$?$$%]!<%HHV9f$r=q(B -$B$/$@$1$G$9$,!"$$$/$D$+Cm0UE@$,$"$j$^$9!#0J2<$bL\$rDL$7$F$/$@$5$$!#(B - ------ -$B$=$NB>$NCm0U(B - -1) gateway $B%^%7%s$N$h$&$K!"J#?t$N(BIP$B%"%I%l%9$r;}$D%^%7%s$G%5!<%S(B -$B%9$rN)$A>e$2$k>l9g$O!"$=$l$>$l$N(BIP$B%"%I%l%9$KBP$7$F!"(Bport $B$r3+$/(B -$BI,MW$,$"$j$^$9!#Nc$($P(B X $B$,(B IP:a $B$H(B IP:b $B$r;}$D$J$i!"(Bgroup $B$O(B a, -b $B$=$l$>$lMQ0U$7$F!"N>J}$N%0%k!<%WMQ$K(B rule $B$rDI2C$9$kI,MW$,$"$j(B -$B$^$9!#0J2<$NNc$G$O!"%2!<%H%&%'%$%^%7%s(B(123.45.2.10$B$H(B123.45.1.111 -$B$N(BIP$B$r;}$D(B)$B$K(BNNTP$B%5!<%P$rN)$F$F$$$^$9!#(B - -($BNc(B) -#### grouping by host -block in log quick proto tcp from any to 123.45.2.10 flags S/SA head 112 group 100 -block in log quick proto tcp from any to 123.45.1.111 flags S/SA head 113 group 100 -#### allow NNTP -pass in quick proto tcp from any to any port = nntp keep state group 112 -pass in quick proto tcp from any to any port = nntp keep state group 113 - -gateway $B$,(B2$B$D0J>e$"$k%M%C%H%o!<%/$G$O!"N>J}$N(B gateway $B$K(B IP -filter $B$,I,MW$K$J$j!"@_Dj$O99$KJ#;($K$J$j$^$9!#$=$N$h$&$J4D6-$N(B -$B>l9g$K$O!"%^%K%e%"%k$rFI$s$G8!F$$7$F$/$@$5$$!#(B - -2) NFS$B$H(Brsh$B$O%W%m%H%3%k$N4X78>e!"(Bfirewall$BD6$($OIT2DG=$G$9!#(B - NFS$B$NBeBX$K$D$$$F$OITL@$G$9$,!"(Brsh$B$NBeBX$H$7$F$O(Bssh$B$,;H$($^$9!#(B - -3) $B30It$N(BX client $B$r!"%U%!%$%"%&%)!<%kFb$N(BX$B%5!<%P$K@\B3$5$;$?$$!"(B - $B$H$$$&$N$O(B FAQ $B$N0l$D$G$9!#$*4+$a$N2r7h:v$O!"(Bssh $B$N(B X forwarding - $B5!9=$r;H$&$3$H$G$9!#(Bssh$B$G@\B3$G$-$k$J$i$P!"$3$l$O40A4$K(B secure - $B$GHFMQE*$JJ}K!$G$9!#(B - -$B$=$l$,=PMh$J$$>l9g$O!"2f!9$O@\B3$5$;$?$$%[%9%H$N%Z%"$r%f!<%6$KJs(B -$B9p$7$F$b$i$C$F!"0J2<$N$h$&$J%k!<%k$rDI2C$7$F$$$^$9!#(B -# X:0 $B$O(B tcp:6000 $BHV$K$J$j$^$9!#(B - -# 123.45.1.Z:0 (server) <-> A.B.C.D (client) -pass in quick proto tcp from A.B.C.D port > 1023 to 123.45.1.Z port = 6000 flags S/SA keep state group 100 - ------ -$B:G8e$K!";D$k%Q%1%C%H$OA4$F%V%m%C%/$5$l$kLu$G$9$,!"$=$l$K$D$$$F$N(B -$BA4$F$N%m%0$r;D$9$3$H$r4uK>$9$k>l9g!"< 140 group 160 -# -## pass all TCP connection setup packets except for netbios ports (137-139). -# -pass out quick proto tcp from any to any flags S/SAFR keep state head 170 group 150 -block out log quick proto tcp from any to any port 136 >< 140 group 170 -# -######### INCOMING -## ICMP -pass in quick proto icmp from any to any group 100 -## RIP -pass in quick proto udp from any to any port = 520 keep state group 100 -## FTP -pass in quick proto tcp from any port = ftp-data to any port > 1023 flags S/SA keep state group 100 -## IDENT -pass in quick proto tcp from any to any port = 113 flags S/SA keep state group 100 -# -## grouping by host (112 & 113 is the gateway address) -block in log quick proto tcp from any to 123.45.1.X flags S/SA head 110 group 100 -block in log quick proto tcp from any to 123.45.1.Y flags S/SA head 111 group 100 -block in log quick proto tcp from any to 123.45.2.10 flags S/SA head 112 group 100 -block in log quick proto tcp from any to 123.45.1.111 flags S/SA head 113 group 100 -# -## telnet, ftp, ssh, www, smtp, pop -pass in quick proto tcp from any to any port = telnet keep state group 110 -pass in quick proto tcp from any to any port = ftp keep state group 110 -pass in quick proto tcp from any to any port = ftp-data keep state group 110 -pass in quick proto tcp from any to any port = 22 keep state group 110 -pass in quick proto tcp from any to any port = ftp keep state group 111 -pass in quick proto tcp from any to any port = ftp-data keep state group 111 -pass in quick proto tcp from any to any port 2999 >< 3100 keep state group 111 -pass in quick proto tcp from any to any port = 80 keep state group 111 -pass in quick proto tcp from any to any port = smtp keep state group 111 -pass in quick proto tcp from any to any port = 110 keep state -group 111 -# -## allow NNTP on the gateway -pass in quick proto tcp from any to any port = nntp keep state group 112 -pass in quick proto tcp from any to any port = nntp keep state group 113 -# -## X connections -# 123.45.1.Z:0 (server) <-> A.B.C.D (client) -pass in quick proto tcp from A.B.C.D port > 1023 to 123.45.1.Z port = 6000 flags S/SA keep state group 100 -# -## log blocked packets -## THIS MUST BE THE LAST RULE! -block in log quick from any to 123.45.1.111/24 group 100 -block in log quick from any to 123.45.2.10 group 100 -===================== $B$3$3$^$G(B ==================== - ----- -$B$3$NJ8=q$N - and YAMAMOTO Hirotaka - -THIS DOCUMENT IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. - -Permission to modify this document and to distribute it is hereby -granted, as long as above notices and copyright notice are retained. diff --git a/contrib/ipfilter/IPFILTER.LICENCE b/contrib/ipfilter/IPFILTER.LICENCE deleted file mode 100644 index 2b4b67e86f..0000000000 --- a/contrib/ipfilter/IPFILTER.LICENCE +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (C) 1993-2002 by Darren Reed. - -The author accepts no responsibility for the use of this software and -provides it on an ``as is'' basis without express or implied warranty. - -Redistribution and use, with or without modification, in source and binary -forms, are permitted provided that this notice is preserved in its entirety -and due credit is given to the original author and the contributors. - -The licence and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied, in part or in whole, and put under another distribution licence -[including the GNU Public Licence.] - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -I hate legalese, don't you ? - diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile deleted file mode 100644 index a20c1d6be4..0000000000 --- a/contrib/ipfilter/Makefile +++ /dev/null @@ -1,316 +0,0 @@ -# -# Copyright (C) 1993-2001 by Darren Reed. -# -# See the IPFILTER.LICENCE file for details on licencing. -# -# $Id: Makefile,v 2.11.2.15 2002/12/02 04:22:56 darrenr Exp $ -# -.PATH: ${.CURDIR}../../contrib/ipfilter ${.CURDIR}/../../sys/contrib/ipfilter - -BINDEST=/usr/local/bin -SBINDEST=/sbin -MANDIR=/usr/local/man -#To test prototyping -CC=gcc -Wstrict-prototypes -Wmissing-prototypes -#CC=gcc -#CC=cc -Dconst= -DEBUG=-g -TOP=../.. -CFLAGS=-I$$(TOP) -CPU=`uname -m` -CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` -IPFILKERN=`/bin/ls -1tr /usr/src/sys/compile | grep -v .bak | tail -1` -# -# To enable this to work as a Loadable Kernel Module... -# -IPFLKM=-DIPFILTER_LKM -# -# To enable logging of blocked/passed packets... -# -IPFLOG=-DIPFILTER_LOG -# -# The facility you wish to log messages from ipmon to syslogd with. -# -LOGFAC=-DLOGFAC=LOG_LOCAL0 - -# -# Uncomment the next 3 lines if you want to view the state table a la top(1) -# (requires that you have installed ncurses). -STATETOP_CFLAGS=-DSTATETOP -# -# Where to find the ncurses include files (if not in default path), -# -#STATETOP_INC= -#STATETOP_INC=-I/usr/local/include -# -# How to link the ncurses library -# -STATETOP_LIB=-lcurses -#STATETOP_LIB=-L/usr/local/lib -lncurses - -# -# Uncomment this when building IPv6 capability. -# -#INET6=-DUSE_INET6 -# -# For packets which don't match any pass rules or any block rules, set either -# FR_PASS or FR_BLOCK (respectively). It defaults to FR_PASS if left -# undefined. This is ignored for ipftest, which can thus return three -# results: pass, block and nomatch. This is the sort of "block unless -# explicitly allowed" type #define switch. -# -POLICY=-DIPF_DEFAULT_PASS=FR_PASS -# -MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(INET6) $(IPFLOG)' \ - "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ - "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ - "CPUDIR=$(CPUDIR)" 'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' \ - 'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \ - "BITS=$(BITS)" "OBJ=$(OBJ)" -DEST="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" -MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)" -# -SHELL=/bin/sh -# -########## ########## ########## ########## ########## ########## ########## -# -CP=/bin/cp -RM=/bin/rm -CHMOD=/bin/chmod -INSTALL=install -# - -all: - @echo "Chose one of the following targets for making IP filter:" - @echo "" - @echo "solaris - auto-selects SunOS4.1.x/Solaris 2.3-6/Solaris2.4-6x86" - @echo "netbsd - compile for NetBSD" - @echo "openbsd - compile for OpenBSD" - @echo "freebsd20 - compile for FreeBSD 2.0, 2.1 or earlier" - @echo "freebsd22 - compile for FreeBSD-2.2 or greater" - @echo "freebsd3 - compile for FreeBSD-3.x" - @echo "freebsd4 - compile for FreeBSD-4.x" - @echo "bsd - compile for generic 4.4BSD systems" - @echo "bsdi - compile for BSD/OS" - @echo "irix - compile for SGI IRIX" - @echo "" - -tests: - @if [ -d test ]; then (cd test; make) \ - else echo test directory not present, sorry; fi - -include: - if [ ! -f netinet/done ] ; then \ - (cd netinet; ln -s ../*.h .; ln -s ../ip_*_pxy.c .; ); \ - (cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); \ - touch netinet/done; \ - fi - -sunos solaris: include - CC="$(CC)" ./buildsunos - -freebsd22: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - -rm -f BSD/$(CPUDIR)/ioconf.h - @if [ -n $(IPFILKERN) ] ; then \ - if [ -f /sys/compile/$(IPFILKERN)/ioconf.h ] ; then \ - ln -s /sys/compile/$(IPFILKERN)/ioconf.h BSD/$(CPUDIR); \ - else \ - ln -s /sys/$(IPFILKERN)/ioconf.h BSD/$(CPUDIR); \ - fi \ - elif [ ! -f `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h ] ; then \ - echo -n "Can't find ioconf.h in "; \ - echo `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`; \ - exit 1;\ - else \ - ln -s `uname -v|sed -e 's@^.*:\(/[^: ]*\).*@\1@'`/ioconf.h BSD/$(CPU) ; \ - fi - make freebsd20 - -freebsd4: include - if [ x$INET6 = x ] ; then \ - echo "#undef INET6" > opt_inet6.h; \ - else \ - echo "#define INET6" > opt_inet6.h; \ - fi - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "DLKM=-DKLD_MODULE -I/sys"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS1); cd ..) - -freebsd3 freebsd30: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS1) "ML=mlf_ipl.c" LKM= ; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS1); cd ..) - -netbsd: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..) - -openbsd openbsd21: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..) - -freebsd20 freebsd21: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlf_ipl.c"; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..) - -bsd: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS); cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS); cd ..) - -bsdi bsdos: include - make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" - (cd BSD/$(CPUDIR); make build "CC=$(CC)" TOP=../.. $(MFLAGS) LKM= ; cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend "CC=$(CC)" TOP=../.. $(MFLAGS); cd ..) - -irix IRIX: include - make setup "TARGOS=IRIX" "CPUDIR=$(CPUDIR)" - -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.std build TOP=../.. $(DEST) SGI=`../getrev` $(MFLAGS); else smake build SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); fi;) - -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.ipsend.std SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); else smake -f Makefile.ipsend SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); fi) - -linux: include - make setup "TARGOS=Linux" "CPUDIR=$(CPUDIR)" - ./buildlinux - -linuxrev: - (cd Linux/$(CPUDIR); make build TOP=../.. $(DEST) $(MFLAGS) LKM= ; cd ..) - (cd Linux/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(DEST) $(MFLAGS); cd ..) - -setup: - -if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi - -rm -f $(TARGOS)/$(CPUDIR)/Makefile $(TARGOS)/$(CPUDIR)/Makefile.ipsend - -ln -s ../Makefile $(TARGOS)/$(CPUDIR)/Makefile - -if [ ! -f $(TARGOS)/$(CPUDIR)/Makefile.std -a \ - -f $(TARGOS)/Makefile.std ] ; then \ - ln -s ../Makefile.std $(TARGOS)/$(CPUDIR)/Makefile.std; \ - fi - -if [ ! -f $(TARGOS)/$(CPUDIR)/Makefile.ipsend.std -a \ - -f $(TARGOS)/Makefile.ipsend.std ] ; then \ - ln -s ../Makefile.ipsend.std $(TARGOS)/$(CPUDIR)/Makefile.ipsend.std; \ - fi - -ln -s ../Makefile.ipsend $(TARGOS)/$(CPUDIR)/Makefile.ipsend - -clean: clean-include - ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \ - vnode_if.h $(LKM) *~ - ${RM} -rf sparcv7 sparcv9 - (cd SunOS4; make clean) - (cd SunOS5; make clean) - (cd BSD; make clean) - (cd Linux; make clean) - if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; make clean); fi - [ -d test ] && (cd test; make clean) - (cd ipsend; make clean) - -clean-include: - sh -c 'cd netinet; for i in *; do if [ -h $$i ] ; then /bin/rm -f $$i; fi; done' - ${RM} -f netinet/done - -clean-bsd: clean-include - (cd BSD; make clean) - -clean-sunos4: clean-include - (cd SunOS4; make clean) - -clean-sunos5: clean-include - (cd SunOS5; make clean) - -clean-irix: clean-include - (cd IRIX; make clean) - -clean-linux: clean-include - (cd Linux; make clean) - -get: - -@for i in ipf.c ipt.h solaris.c ipf.h kmem.c ipft_ef.c linux.h \ - ipft_pc.c fil.c ipft_sn.c mln_ipl.c fils.c ipft_td.c \ - mls_ipl.c ip_compat.h ipl.h opt.c ip_fil.c ipl_ldev.c \ - parse.c ip_fil.h ipmon.c pcap.h ip_sfil.c ipt.c snoop.h \ - ip_state.c ip_state.h ip_nat.c ip_nat.h ip_frag.c \ - ip_frag.h ip_sfil.c misc.c; do \ - if [ ! -f $$i ] ; then \ - echo "getting $$i"; \ - sccs get $$i; \ - fi \ - done - -sunos4 solaris1: null - (cd SunOS4; make build TOP=.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) - (cd SunOS4; make -f Makefile.ipsend "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..) - -sunos5 solaris2: null - (cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..) - (cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) - -sunos5x86 solaris2x86: null - (cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..) - (cd SunOS5/$(CPUDIR); make -f Makefile.ipsend TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) - -install-linux: - (cd Linux/$(CPUDIR); make install "TOP=../.." $(DEST) $(MFLAGS); cd ..) - (cd Linux/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(DEST) $(MFLAGS); cd ..) - -install-bsd: - (cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..) - (cd BSD/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) - -install-sunos4: solaris - (cd SunOS4; $(MAKE) "CPU=$(CPU)" "TOP=.." install) - -install-sunos5: solaris - (cd SunOS5; $(MAKE) "CPUDIR=`uname -p`-`uname -r`" "CPU=$(CPU) TOP=.." install) - -install-irix: irix - (cd IRIX; smake install "CPU=$(CPU) TOP=.." $(DEST) $(MFLAGS)) - -rcsget: - -@for i in ipf.c ipt.h solaris.c ipf.h kmem.c ipft_ef.c linux.h \ - ipft_pc.c fil.c ipft_sn.c mln_ipl.c fils.c ipft_td.c \ - mls_ipl.c ip_compat.h ipl.h opt.c ip_fil.c ipl_ldev.c \ - parse.c ip_fil.h ipmon.c pcap.h ip_sfil.c ipt.c snoop.h \ - ip_state.c ip_state.h ip_nat.c ip_nat.h ip_frag.c \ - ip_frag.h ip_sfil.c misc.c; do \ - if [ ! -f $$i ] ; then \ - echo "getting $$i"; \ - co $$i; \ - fi \ - done - -do-cvs: - find . -type d -name CVS -print | xargs /bin/rm -rf - find . -type f -name .cvsignore -print | xargs /bin/rm -f - -null: - -@if [ "`$(MAKE) -v 2>&1 | sed -ne 's/GNU.*/GNU/p'`" = "GNU" ] ; then \ - echo 'Do not use GNU make (gmake) to compile IPFilter'; \ - exit 1; \ - fi - -@echo make ok - -test-solaris test-sunos4 test-sunos5: solaris - (cd test && make clean && make) - -test-freebsd: freebsd - (cd test && make clean && make) - -test-freebsd22: freebsd22 - (cd test && make clean && make) - -test-freebsd3: freebsd3 - (cd test && make clean && make) - -test-freebsd4: freebsd4 - (cd test && make clean && make) - -test-netbsd: netbsd - (cd test && make clean && make) - -test-openbsd: openbsd - (cd test && make clean && make) - -test-irix: irix - (cd test && make clean && make) diff --git a/contrib/ipfilter/NAT.FreeBSD b/contrib/ipfilter/NAT.FreeBSD deleted file mode 100644 index 8a7e95262f..0000000000 --- a/contrib/ipfilter/NAT.FreeBSD +++ /dev/null @@ -1,104 +0,0 @@ -These are Instructions for Configuring A FreeBSD Box For NAT -After you have installed IpFilter. - -You will need to change three files: - -/etc/rc.local -/etc/rc.conf -/etc/natrules - -You will have to: - -1) Load the kernel module -2) Make the ipnat rules -3) Load the ipnat rules -4) Enable routing between interfaces -5) Add static routes for the subnet ranges -6) Configure your network interfaces -7) reboot the computer for the changes to take effect. - -The FAQ was written by Chris Coleman -This was tested using ipfilter 3.1.4 and FreeBSD 2.1.6-RELEASE -_________________________________________________________ -1) Loading the Kernel Module - -If you are using a Kernal Loadable Module you need to edit your -/etc/rc.local file and load the module at boot time. -use the line: - - modload /lkm/if_ipl.o - -If you are not loading a kernel module, skip this step. -_________________________________________________________ -2) Setting up the NAT Rules - -Make a file called /etc/natrules -put in the rules that you need for your system. - -If you want to use the whole 10 Network. Try: - -map fpx0 10.0.0.0/8 -> 208.8.0.1/32 portmap tcp/udp 10000:65000 - -_________________________________________________________ -Here is an explaination of each part of the command: - -map starts the command. - -fpx0 is the interface with the real internet address. - -10.0.0.0 is the subnet you want to use. - -/8 is the subnet mask. ie 255.0.0.0 - -208.8.0.1 is the real ip address that you use. - -/32 is the subnet mask 255.255.255.255, ie only use this ip address. - -portmap tcp/udp 10000:65000 - tells it to use the ports to redirect the tcp/udp calls through - - -The one line should work for the whole network. -_________________________________________________________ -3) Loading the NAT Rules: - -The NAT Rules will need to be loaded every time the computer -reboots. - -In your /etc/rc.local put the line: - -ipnat -f /etc/natrules - -To check and see if it is loaded, as root type - ipnat -ls -_________________________________________________________ -4) Enable Routing between interfaces. - -Tell the kernel to route these addresses. - -in the rc.local file put the line: - -sysctl -w net.inet.ip.forwarding=1 - -_________________________________________________________ -5) Static Routes to Subnet Ranges - -Now you have to add a static routes for the subnet ranges. -Edit your /etc/sysconfig to add them at bootup. - -static_routes="foo" -route_foo="10.0.0.0 -netmask 0xf0000000 -interface 10.0.0.1" - - -_________________________________________________________ -6) Make sure that you have your interfaces configured. - -I have two Intel Ether Express Pro B cards. -One is on 208.8.0.1 The other is on 10.0.0.1 - -You need to configure these in the /etc/sysconfig - -network_interfaces="fxp0 fxp1" -ifconfig_fxp0="inet 208.8.0.1 netmask 255.255.255.0" -ifconfig_fxp1="inet 10.0.0.1 netmask 255.0.0.0" -_________________________________________________________ diff --git a/contrib/ipfilter/QNX_OCL.txt b/contrib/ipfilter/QNX_OCL.txt deleted file mode 100644 index 6aa33eaf6b..0000000000 --- a/contrib/ipfilter/QNX_OCL.txt +++ /dev/null @@ -1,275 +0,0 @@ - End User License Certificate (EULA) End User License Certificate - (EULA) - Support Support - QNX Source Licenses QNX Source Licenses - License of the month - Confidential Source License - Version 1.0 - -QNX Open Community License Version 1.0 - - THIS QNX OPEN COMMUNITY LICENSE ( "THE OCL", OR "THIS AGREEMENT") - APPLIES TO PROGRAMS THAT QNX SOFTWARE SYSTEMS LTD. ("QSS") EXPRESSLY - ELECTS TO LICENSE UNDER THE OCL TERMS. IT ALSO APPLIES TO DERIVATIVE - WORKS CREATED UNDER THIS AGREEMENT THAT CREATORS ELECT TO LICENSE TO - OTHERS IN SOURCE CODE FORM. ANY USE, REPRODUCTION, MODIFICATION OR - DISTRIBUTION OF SUCH PROGRAMS CONSTITUTES RECIPIENT'S ACCEPTANCE OF - THE OCL. THE LICENSE RIGHTS GRANTED BELOW ARE CONDITIONAL UPON - RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT AND THE FORMATION OF A - BINDING CONTRACT. NOTHING ELSE GRANTS PERMISSION TO USE, REPRODUCE, - MODIFY OR DISTRIBUTE SUCH PROGRAMS OR THEIR DERIVATIVE WORKS. THESE - ACTIONS ARE OTHERWISE PROHIBITED. CONTACT QSS IF OTHER STEPS ARE - REQUIRED LOCALLY TO CREATE A BINDING CONTRACT. - - The OCL is intended to promote the development, use and distribution - of derivative works created from QSS source code. This includes - commercial distribution of object code versions under the terms of - Recipient's own license agreement and, at Recipient's option, sharing - of source code modifications within the QNX developer's community. The - license granted under the OCL is royalty free. Recipient is entitled - to charge royalties for object code versions of derivative works that - originate with Recipient. If Recipient elects to license source code - for its derivative works to others, then it must be licensed under the - OCL. The terms of the OCL are as follows: - -1. DEFINITIONS - - "Contribution" means: - - a. in the case of QSS: (i) the Original Program, where the Original - Program originates from QSS, (ii) changes and/or additions to - Unrestricted Open Source, where the Original Program originates - from Unrestricted Open Source and where such changes and/or - additions originate from QSS, and (iii) changes and/or additions - to the Program where such changes and/or additions originate from - QSS. - b. in the case of each Contributor, changes and/or additions to the - Program, where such changes and/or additions originate from and - are distributed by that particular Contributor. - - A Contribution 'originates' from a Contributor if it was added to the - Program by such Contributor itself or anyone acting on such - Contributor's behalf. Contributions do not include additions to the - Program which: (i) are separate modules of software distributed in - conjunction with the Program under their own license agreement, and - (ii) are not derivative works of the Program. - - "Contributor" means QSS and any other entity that distributes the - Program. - - "Licensed Patents " mean patent claims licensable by Contributor to - others, which are necessarily infringed by the use or sale of its - Contribution alone or when combined with the Program. - - "Unrestricted Open Source" means published source code that is - licensed for free use and distribution under an unrestricted licensing - and distribution model, such as the Berkley Software Design ("BSD") - and "BSD-like" licenses. It specifically excludes any source code - licensed under any version of the GNU General Public License (GPL) or - the GNU Lesser/Library GPL. All "Unrestricted Open Source" license - terms appear or are clearly identified in the header of any affected - source code for the Original Program. - - "Original Program" means the original version of the software - accompanying this Agreement as released by QSS, including source code, - object code and documentation, if any. - - "Program" means the Original Program and Contributions. - - "Recipient" means anyone who receives the Program under this - Agreement, including all Contributors. - -2. GRANT OF RIGHTS - - a. Subject to the terms of this Agreement, each Contributor hereby - grants Recipient a non-exclusive, worldwide, royalty-free - copyright license to reproduce, prepare derivative works of, - publicly display, publicly perform, and directly and indirectly - sublicense and distribute the Contribution of such Contributor, if - any, and such derivative works, in source code and object code - form. - b. Subject to the terms of this Agreement, each Contributor hereby - grants Recipient a non-exclusive, worldwide, royalty-free patent - license under Licensed Patents to make, use, sell, offer to sell, - import and otherwise transfer the Contribution of such - Contributor, if any, in source code and object code form. This - patent license shall apply to the combination of the Contribution - and the Program if, at the time the Contribution is added by the - Contributor, such addition of the Contribution causes such - combination to be covered by the Licensed Patents. The patent - license shall not apply to any other combinations which include - the Contribution. - c. Recipient understands that although each Contributor grants the - licenses to its Contributions set forth herein, no assurances are - provided by any Contributor that the Program does not infringe the - patent or other intellectual property rights of any other entity. - Each Contributor disclaims any liability to Recipient for claims - brought by any other entity based on infringement of intellectual - property rights or otherwise. As a condition to exercising the - rights and licenses granted hereunder, each Recipient hereby - assumes sole responsibility to secure any other intellectual - property rights needed, if any. For example, if a third party - patent license is required to allow Recipient to distribute the - Program, it is Recipient's responsibility to acquire that license - before distributing the Program. - d. Each Contributor represents that to its knowledge it has - sufficient copyright rights in its Contribution, if any, to grant - the copyright license set forth in this Agreement. - - 3. REQUIREMENTS - - A Contributor may choose to distribute the Program in object code form - under its own license agreement, provided that: - - a. it complies with the terms and conditions of this Agreement; and - b. its license agreement: - i. effectively disclaims on behalf of all Contributors all - warranties and conditions, express and implied, including - warranties or conditions of title and non-infringement, and - implied warranties or conditions of merchantability and - fitness for a particular purpose; - ii. effectively excludes on behalf of all Contributors all - liability for damages, including direct, indirect, special, - incidental and consequential damages, such as lost profits; - and - iii. states that any provisions which differ from this Agreement - are offered by that Contributor alone and not by any other - party. - - If the Program is made available in source code form: - - a. it must be made available under this Agreement; and - b. a copy of this Agreement must be included with each copy of the - Program. Each Contributor must include the following in a - conspicuous location in the Program along with any other copyright - or attribution statements required by the terms of any applicable - Unrestricted Open Source license: - Copyright {date here}, QNX Software Systems Ltd. and others. All - Rights Reserved. - - In addition, each Contributor must identify itself as the originator - of its Contribution, if any, in a manner that reasonably allows - subsequent Recipients to identify the originator of the Contribution. - - 4. COMMERCIAL DISTRIBUTION - - Commercial distributors of software may accept certain - responsibilities with respect to end users, business partners and the - like. While this license is intended to facilitate the commercial use - of the Program, the Contributor who includes the Program in a - commercial product offering should do so in a manner which does not - create potential liability for other Contributors. Therefore, if a - Contributor includes the Program in a commercial product offering, - such Contributor ("Commercial Contributor") hereby agrees to defend - and indemnify every other Contributor ("Indemnified Contributor") - against any losses, damages and costs (collectively "Losses") arising - from claims, lawsuits and other legal actions brought by a third party - against the Indemnified Contributor to the extent caused by the acts - or omissions of such Commercial Contributor in connection with its - distribution of the Program in a commercial product offering. The - obligations in this section do not apply to any claims or Losses - relating to any actual or alleged intellectual property infringement. - In order to qualify, an Indemnified Contributor must: a) promptly - notify the Commercial Contributor in writing of such claim, and b) - allow the Commercial Contributor to control, and cooperate with the - Commercial Contributor in, the defense and any related settlement - negotiations. The Indemnified Contributor may participate in any such - claim at its own expense. - - For example, a Contributor might include the Program in a commercial - product offering, Product X. That Contributor is then a Commercial - Contributor. If that Commercial Contributor then makes performance - claims, or offers warranties related to Product X, those performance - claims and warranties are such Commercial Contributor's responsibility - alone. Under this section, the Commercial Contributor would have to - defend claims against the other Contributors related to those - performance claims and warranties, and if a court requires any other - Contributor to pay any damages as a result, the Commercial Contributor - must pay those damages. - - 5. NO WARRANTY - - Recipient acknowledges that there may be errors or bugs in the Program - and that it is imperative that Recipient conduct thorough testing to - identify and correct any problems prior to the productive use or - commercial release of any products that use the Program, and prior to - the release of any modifications, updates or enhancements thereto. - - EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS - PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY - WARRANTIES OR CONDITIONS OF TITLE, NON- INFRINGEMENT, MERCHANTABILITY - OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely - responsible for determining the appropriateness of using and - distributing the Program and assumes all risks associated with its - exercise of rights under this Agreement, including but not limited to - the risks and costs of program errors, compliance with applicable - laws, damage to or loss of data, programs or equipment, and - unavailability or interruption of operations. - - 6. DISCLAIMER OF LIABILITY - - EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR - ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING - WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR - DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED - HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - - 7. GENERAL - - If any provision of this Agreement is invalid or unenforceable under - applicable law, it shall not affect the validity or enforceability of - the remainder of the terms of this Agreement, and without further - action by the parties hereto, such provision shall be reformed to the - minimum extent necessary to make such provision valid and enforceable. - - If Recipient institutes patent litigation against a Contributor with - respect to a patent applicable to software (including a cross-claim or - counterclaim in a lawsuit), then any patent licenses granted by that - Contributor to such recipient under this Agreement shall terminate as - of the date such litigation is filed. In addition, If Recipient - institutes patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Program - itself (excluding combinations of the Program with other software or - hardware) infringes such Recipient's patent(s), then such Recipient's - rights granted under Section 2(b) shall terminate as of the date such - litigation is filed. - - All Recipient's rights under this Agreement shall terminate if it - fails to comply with any of the material terms or conditions of this - Agreement and does not cure such failure in a reasonable period of - time after becoming aware of such noncompliance. If all Recipient's - rights under this Agreement terminate, Recipient agrees to cease use - and distribution of the Program as soon as reasonably practicable. - However, Recipient's obligations under this Agreement and any licenses - granted by Recipient relating to the Program shall continue and - survive. - - QSS may publish new versions (including revisions) of this Agreement - from time to time. Each new version of the Agreement will be given a - distinguishing version number. The Program (including Contributions) - may always be distributed subject to the version of the Agreement - under which it was received. In addition, after a new version of the - Agreement is published, Contributor may elect to distribute the - Program (including its Contributions) under the new version. No one - other than QSS has the right to modify this Agreement. Except as - expressly stated in Sections 2(a) and 2(b) above, Recipient receives - no rights or licenses to the intellectual property of any Contributor - under this Agreement, whether expressly, by implication, estoppel or - otherwise. All rights in the Program not expressly granted under this - Agreement are reserved. - - This Agreement is governed by the laws in force in the Province of - Ontario, Canada without regard to the conflict of law provisions - therein. The parties expressly disclaim the provisions of the United - Nations Convention on Contracts for the International Sale of Goods. - No party to this Agreement will bring a legal action under this - Agreement more than one year after the cause of action arose. Each - party waives its rights to a jury trial in any resulting litigation. - - * QNX is a registered trademark of QNX Software Systems Ltd. - - Document Version: ocl1_00 diff --git a/contrib/ipfilter/README b/contrib/ipfilter/README deleted file mode 100644 index 80ce748c56..0000000000 --- a/contrib/ipfilter/README +++ /dev/null @@ -1,98 +0,0 @@ -IP Filter - What's this about ? -============================ - - The idea behind this package is allow those who use Unix workstations as -routers (a common occurance in Universities it appears) to apply packet -filtering to packets going in and out of them. This package has been -tested on all versions of SunOS 4.1 and Solaris 2.4/2.5, running on Sparcs. -It is also quite possible for this small kernel extension to be installed -and used effectively on Sun workstations which don't route IP, just for -added security. It can also be integrated with the multicast patches. -It has also been tested successfully on all of the modern free BSDs as -well as BSDI, and SGI's IRIX 6.2. - - The filter keeps a rule list for both inbound and outbound sides of -the IP packet queue and a check is made as early as possible, aiming to -stop the packet before it even gets as far as being checked for source -route options. In the file "BNF", a set of rules for constructing filter -rules understood by this package is given. The files in the directory -"rules", "example.1" ... "example.sr" show example rules you might apply. - - In practise, I've successfully isolated a workstation from all -machines except the NFS file servers on its local subnets (yeah, ok, so -this doesn't really increase security, because of NFS, but you get the -drift on how it can be applied and used). I've also successfully -setup and maintained my own firewalls using it with TIS's Firewall Toolkit, -including using it on an mbone router. - - When using it with multicast IP, the calls to fr_check() should be -before the packet is unwrapped and after it is encapsulated. So the -filter routines will see the packet as a UDP packet, protocol XYZ. -Whether this is better or worse than having it filter on class D addresses -is debateable, but the idea behind this package is to be able to -discriminate between packets as they are on the 'wire', before they -get routed anywhere, etc. - - It is worth noting, that it is possible, using a small MTU and -generating tiny fragmented IP packets to generate a TCP packet which -doesn't contain enough information to filter on the "flags". Filtering -on these types of packets is possible, but under the more general case -of the packets being "short". ICMP and UDP packets which are too small -(they don't contain a complete header) are dropped and logged, no questions -asked. When filtering on fragmented packets, the last fragment will get -through for TCP/UDP/ICMP packets. - -Bugs/Problems -------------- -If you have a problem with IP Filter on your operating system, please email -a copy of the file "BugReport" with the details of your setup as required -and email to darrenr@pobox.com. - -Some general notes. -------------------- - To add/delete a rule from memory, access to the device in /dev is needed, -allowing non-root maintenaince. The filter list in kernel memory is built -from the kernel's heap. Each packet coming *in* or *out* is checked against -the appropriate list, rejects dropped, others passed through. Thus this will -work on an individual host, not just gateways. Presently there is only one -list for all interfaces, the changes required to make it a per-interface list -require more .o replacements for the kernel. When checking a packet, the -packet is compared to the entire list from top to bottom, the last matching -line being effective. - - -What does what ? ----------------- -if_fil.o (Loadable kernel module) - - additional kernel routines to check an access list as to whether - or not to drop or pass a packet. It currently defaults to pass - on all packets. - -ipfstat - - digs through your kernel (need to check #define VMUNIX in fils.c) - and /dev/kmem for the access filter list and mini stats table. - Obviously needs to be run priviledged if required. - -ipf - - reads the files passed as parameters as input files containing new - filter rules to add/delete to the kernel list. The lines are - inserted in order; the first line is inserted first, and ends up - first on the list. Subsequent invocations append to the list - unless specified otherwise. - -ipftest - - test the ruleset given by filename. Reads in the ruleset and then - waits for stdin. - - See the man pages (ipf.1, ipftest.1, ipfstat.8) for more detailed - information on what the above do. - -mkfilters - - suggests a set of filter rules to employ and suggests how to add - routes to back these up. - -BNF - - BNF rule set for the filter rules - -Darren Reed -darrenr@pobox.com diff --git a/contrib/ipfilter/UPGRADE_NOTICE b/contrib/ipfilter/UPGRADE_NOTICE deleted file mode 100644 index 8b4476072b..0000000000 --- a/contrib/ipfilter/UPGRADE_NOTICE +++ /dev/null @@ -1,10 +0,0 @@ - -NOTE: To all those upgrading from versions prior to 3.2.11 who used NAT - AND setup ACL's to allow untranslated address through from outside, - - THIS HAS BEEN FIXED - - so your ACL's will now be `broken'. Please correct your ACL's to - match the the untranslated addresses (the way it was meant to work). - -Darren diff --git a/contrib/ipfilter/Y2K b/contrib/ipfilter/Y2K deleted file mode 100644 index a8350a5900..0000000000 --- a/contrib/ipfilter/Y2K +++ /dev/null @@ -1,3 +0,0 @@ -IP Filter is Year 2000 (Y2K) Compliant. - -Darren diff --git a/contrib/ipfilter/bpf.h b/contrib/ipfilter/bpf.h deleted file mode 100644 index 715c79a8d1..0000000000 --- a/contrib/ipfilter/bpf.h +++ /dev/null @@ -1,450 +0,0 @@ -/*- - * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from the Stanford/CMU enet packet filter, - * (net/enet.c) distributed as part of 4.3BSD, and code contributed - * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence - * Berkeley Laboratory. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)bpf.h 7.1 (Berkeley) 5/7/91 - * - * @(#) $Header: /devel/CVS/IP-Filter/Attic/bpf.h,v 1.1.2.1 2002/11/07 13:18:35 darrenr Exp $ (LBL) - */ - -#ifndef BPF_MAJOR_VERSION - -#ifdef __cplusplus -extern "C" { -#endif - -/* BSD style release date */ -#define BPF_RELEASE 199606 - -typedef int bpf_int32; -typedef u_int bpf_u_int32; - -/* - * Alignment macros. BPF_WORDALIGN rounds up to the next - * even multiple of BPF_ALIGNMENT. - */ -#ifndef __NetBSD__ -#define BPF_ALIGNMENT sizeof(bpf_int32) -#else -#define BPF_ALIGNMENT sizeof(long) -#endif -#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) - -#define BPF_MAXINSNS 512 -#define BPF_MAXBUFSIZE 0x8000 -#define BPF_MINBUFSIZE 32 - -/* - * Structure for BIOCSETF. - */ -struct bpf_program { - u_int bf_len; - struct bpf_insn *bf_insns; -}; - -/* - * Struct returned by BIOCGSTATS. - */ -struct bpf_stat { - u_int bs_recv; /* number of packets received */ - u_int bs_drop; /* number of packets dropped */ -}; - -/* - * Struct return by BIOCVERSION. This represents the version number of - * the filter language described by the instruction encodings below. - * bpf understands a program iff kernel_major == filter_major && - * kernel_minor >= filter_minor, that is, if the value returned by the - * running kernel has the same major number and a minor number equal - * equal to or less than the filter being downloaded. Otherwise, the - * results are undefined, meaning an error may be returned or packets - * may be accepted haphazardly. - * It has nothing to do with the source code version. - */ -struct bpf_version { - u_short bv_major; - u_short bv_minor; -}; -/* Current version number of filter architecture. */ -#define BPF_MAJOR_VERSION 1 -#define BPF_MINOR_VERSION 1 - -/* - * BPF ioctls - * - * The first set is for compatibility with Sun's pcc style - * header files. If your using gcc, we assume that you - * have run fixincludes so the latter set should work. - */ -#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__) -#define BIOCGBLEN _IOR(B,102, u_int) -#define BIOCSBLEN _IOWR(B,102, u_int) -#define BIOCSETF _IOW(B,103, struct bpf_program) -#define BIOCFLUSH _IO(B,104) -#define BIOCPROMISC _IO(B,105) -#define BIOCGDLT _IOR(B,106, u_int) -#define BIOCGETIF _IOR(B,107, struct ifreq) -#define BIOCSETIF _IOW(B,108, struct ifreq) -#define BIOCSRTIMEOUT _IOW(B,109, struct timeval) -#define BIOCGRTIMEOUT _IOR(B,110, struct timeval) -#define BIOCGSTATS _IOR(B,111, struct bpf_stat) -#define BIOCIMMEDIATE _IOW(B,112, u_int) -#define BIOCVERSION _IOR(B,113, struct bpf_version) -#define BIOCSTCPF _IOW(B,114, struct bpf_program) -#define BIOCSUDPF _IOW(B,115, struct bpf_program) -#else -#define BIOCGBLEN _IOR('B',102, u_int) -#define BIOCSBLEN _IOWR('B',102, u_int) -#define BIOCSETF _IOW('B',103, struct bpf_program) -#define BIOCFLUSH _IO('B',104) -#define BIOCPROMISC _IO('B',105) -#define BIOCGDLT _IOR('B',106, u_int) -#define BIOCGETIF _IOR('B',107, struct ifreq) -#define BIOCSETIF _IOW('B',108, struct ifreq) -#define BIOCSRTIMEOUT _IOW('B',109, struct timeval) -#define BIOCGRTIMEOUT _IOR('B',110, struct timeval) -#define BIOCGSTATS _IOR('B',111, struct bpf_stat) -#define BIOCIMMEDIATE _IOW('B',112, u_int) -#define BIOCVERSION _IOR('B',113, struct bpf_version) -#define BIOCSTCPF _IOW('B',114, struct bpf_program) -#define BIOCSUDPF _IOW('B',115, struct bpf_program) -#endif - -/* - * Structure prepended to each packet. - */ -struct bpf_hdr { - struct timeval bh_tstamp; /* time stamp */ - bpf_u_int32 bh_caplen; /* length of captured portion */ - bpf_u_int32 bh_datalen; /* original length of packet */ - u_short bh_hdrlen; /* length of bpf header (this struct - plus alignment padding) */ -}; -/* - * Because the structure above is not a multiple of 4 bytes, some compilers - * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. - * Only the kernel needs to know about it; applications use bh_hdrlen. - */ -#if defined(KERNEL) || defined(_KERNEL) -#define SIZEOF_BPF_HDR 18 -#endif - -/* - * Data-link level type codes. - */ - -/* - * These are the types that are the same on all platforms; on other - * platforms, a should be supplied that defines the additional - * DLT_* codes appropriately for that platform (the BSDs, for example, - * should not just pick up this version of "bpf.h"; they should also define - * the additional DLT_* codes used by their kernels, as well as the values - * defined here - and, if the values they use for particular DLT_ types - * differ from those here, they should use their values, not the ones - * here). - */ -#define DLT_NULL 0 /* no link-layer encapsulation */ -#define DLT_EN10MB 1 /* Ethernet (10Mb) */ -#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ -#define DLT_AX25 3 /* Amateur Radio AX.25 */ -#define DLT_PRONET 4 /* Proteon ProNET Token Ring */ -#define DLT_CHAOS 5 /* Chaos */ -#define DLT_IEEE802 6 /* IEEE 802 Networks */ -#define DLT_ARCNET 7 /* ARCNET */ -#define DLT_SLIP 8 /* Serial Line IP */ -#define DLT_PPP 9 /* Point-to-point Protocol */ -#define DLT_FDDI 10 /* FDDI */ - -/* - * These are values from the traditional libpcap "bpf.h". - * Ports of this to particular platforms should replace these definitions - * with the ones appropriate to that platform, if the values are - * different on that platform. - */ -#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ -#define DLT_RAW 12 /* raw IP */ - -/* - * These are values from BSD/OS's "bpf.h". - * These are not the same as the values from the traditional libpcap - * "bpf.h"; however, these values shouldn't be generated by any - * OS other than BSD/OS, so the correct values to use here are the - * BSD/OS values. - * - * Platforms that have already assigned these values to other - * DLT_ codes, however, should give these codes the values - * from that platform, so that programs that use these codes will - * continue to compile - even though they won't correctly read - * files of these types. - */ -#ifdef __NetBSD__ -#ifndef DLT_SLIP_BSDOS -#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ -#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ -#endif -#else -#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ -#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ -#endif - -#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ - -/* - * These values are defined by NetBSD; other platforms should refrain from - * using them for other purposes, so that NetBSD savefiles with link - * types of 50 or 51 can be read as this type on all platforms. - */ -#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ -#define DLT_PPP_ETHER 51 /* PPP over Ethernet */ - -/* - * Values between 100 and 103 are used in capture file headers as - * link-layer types corresponding to DLT_ types that differ - * between platforms; don't use those values for new DLT_ new types. - */ - -/* - * This value was defined by libpcap 0.5; platforms that have defined - * it with a different value should define it here with that value - - * a link type of 104 in a save file will be mapped to DLT_C_HDLC, - * whatever value that happens to be, so programs will correctly - * handle files with that link type regardless of the value of - * DLT_C_HDLC. - * - * The name DLT_C_HDLC was used by BSD/OS; we use that name for source - * compatibility with programs written for BSD/OS. - * - * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, - * for source compatibility with programs written for libpcap 0.5. - */ -#define DLT_C_HDLC 104 /* Cisco HDLC */ -#define DLT_CHDLC DLT_C_HDLC - -#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ - -/* - * Values between 106 and 107 are used in capture file headers as - * link-layer types corresponding to DLT_ types that might differ - * between platforms; don't use those values for new DLT_ new types. - */ - -/* - * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except - * that the AF_ type in the link-layer header is in network byte order. - * - * OpenBSD defines it as 12, but that collides with DLT_RAW, so we - * define it as 108 here. If OpenBSD picks up this file, it should - * define DLT_LOOP as 12 in its version, as per the comment above - - * and should not use 108 as a DLT_ value. - */ -#define DLT_LOOP 108 - -/* - * Values between 109 and 112 are used in capture file headers as - * link-layer types corresponding to DLT_ types that might differ - * between platforms; don't use those values for new DLT_ types - * other than the corresponding DLT_ types. - */ - -/* - * This is for Linux cooked sockets. - */ -#define DLT_LINUX_SLL 113 - -/* - * Apple LocalTalk hardware. - */ -#define DLT_LTALK 114 - -/* - * Acorn Econet. - */ -#define DLT_ECONET 115 - -/* - * Reserved for use with OpenBSD ipfilter. - */ -#define DLT_IPFILTER 116 - -/* - * Reserved for use in capture-file headers as a link-layer type - * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, - * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it - * in capture-file headers. - */ -#define DLT_PFLOG 117 - -/* - * Registered for Cisco-internal use. - */ -#define DLT_CISCO_IOS 118 - -/* - * Reserved for 802.11 cards using the Prism II chips, with a link-layer - * header including Prism monitor mode information plus an 802.11 - * header. - */ -#define DLT_PRISM_HEADER 119 - -/* - * Reserved for Aironet 802.11 cards, with an Aironet link-layer header - * (see Doug Ambrisko's FreeBSD patches). - */ -#define DLT_AIRONET_HEADER 120 - -/* - * Reserved for Siemens HiPath HDLC. - */ -#define DLT_HHDLC 121 - -/* - * Reserved for RFC 2625 IP-over-Fibre Channel, as per a request from - * Don Lee . - * - * This is not for use with raw Fibre Channel, where the link-layer - * header starts with a Fibre Channel frame header; it's for IP-over-FC, - * where the link-layer header starts with an RFC 2625 Network_Header - * field. - */ -#define DLT_IP_OVER_FC 122 - -/* - * The instruction encodings. - */ -/* instruction classes */ -#define BPF_CLASS(code) ((code) & 0x07) -#define BPF_LD 0x00 -#define BPF_LDX 0x01 -#define BPF_ST 0x02 -#define BPF_STX 0x03 -#define BPF_ALU 0x04 -#define BPF_JMP 0x05 -#define BPF_RET 0x06 -#define BPF_MISC 0x07 - -/* ld/ldx fields */ -#define BPF_SIZE(code) ((code) & 0x18) -#define BPF_W 0x00 -#define BPF_H 0x08 -#define BPF_B 0x10 -#define BPF_MODE(code) ((code) & 0xe0) -#define BPF_IMM 0x00 -#define BPF_ABS 0x20 -#define BPF_IND 0x40 -#define BPF_MEM 0x60 -#define BPF_LEN 0x80 -#define BPF_MSH 0xa0 - -/* alu/jmp fields */ -#define BPF_OP(code) ((code) & 0xf0) -#define BPF_ADD 0x00 -#define BPF_SUB 0x10 -#define BPF_MUL 0x20 -#define BPF_DIV 0x30 -#define BPF_OR 0x40 -#define BPF_AND 0x50 -#define BPF_LSH 0x60 -#define BPF_RSH 0x70 -#define BPF_NEG 0x80 -#define BPF_JA 0x00 -#define BPF_JEQ 0x10 -#define BPF_JGT 0x20 -#define BPF_JGE 0x30 -#define BPF_JSET 0x40 -#define BPF_SRC(code) ((code) & 0x08) -#define BPF_K 0x00 -#define BPF_X 0x08 - -/* ret - BPF_K and BPF_X also apply */ -#define BPF_RVAL(code) ((code) & 0x18) -#define BPF_A 0x10 - -/* misc */ -#define BPF_MISCOP(code) ((code) & 0xf8) -#define BPF_TAX 0x00 -#define BPF_TXA 0x80 - -/* - * The instruction data structure. - */ -struct bpf_insn { - u_short code; - u_char jt; - u_char jf; - bpf_int32 k; -}; - -/* - * Macros for insn array initializers. - */ -#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } -#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } - -#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL)) -/* - * Systems based on non-BSD kernels don't have ifnet's (or they don't mean - * anything if it is in ) and won't work like this. - */ -# if __STDC__ -extern void bpf_tap(struct ifnet *, u_char *, u_int); -extern void bpf_mtap(struct ifnet *, struct mbuf *); -extern void bpfattach(struct ifnet *, u_int, u_int); -extern void bpfilterattach(int); -# else -extern void bpf_tap(); -extern void bpf_mtap(); -extern void bpfattach(); -extern void bpfilterattach(); -# endif /* __STDC__ */ -#endif /* BSD && (_KERNEL || KERNEL) */ -#if __STDC__ || defined(__cplusplus) -extern int bpf_validate(struct bpf_insn *, int); -extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); -#else -extern int bpf_validate(); -extern u_int bpf_filter(); -#endif - -/* - * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). - */ -#define BPF_MEMWORDS 16 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/contrib/ipfilter/bsdinstall b/contrib/ipfilter/bsdinstall deleted file mode 100755 index ce921b60fa..0000000000 --- a/contrib/ipfilter/bsdinstall +++ /dev/null @@ -1,83 +0,0 @@ -#! /bin/sh -# -# @(#)install.sh 4.5 (Berkeley) 10/12/83 -# -cmd=/bin/mv -strip="" -chmod="chmod 755" -chown="chown -f root" -chgrp="chgrp -f bin" -while true ; do - case $1 in - -s ) strip="strip" - shift - ;; - -c ) cmd="cp" - shift - ;; - -m ) chmod="chmod $2" - shift - shift - ;; - -o ) chown="chown -f $2" - shift - shift - ;; - -g ) chgrp="chgrp -f $2" - shift - shift - ;; - -d ) cmd="mkdir" - shift - ;; - * ) break - ;; - esac -done - -if [ ! ${2-""} ] -then echo "install: no destination specified" - exit 1 -fi -if [ ${3-""} ] -then echo "install: too many files specified -> $*" - exit 1 -fi -if [ $1 = $2 -o $2 = . ] -then echo "install: can't move $1 onto itself" - exit 1 -fi -case $cmd in -/bin/mkdir ) - file=$2/$1 - ;; -* ) - if [ '!' -f $1 ] - then echo "install: can't open $1" - exit 1 - fi - if [ -d $2 ] - then file=$2/$1 - else file=$2 - fi - /bin/rm -f $file - ;; -esac - -case $cmd in -/bin/mkdir ) - if [ ! -d "$file" ] - then $cmd $file - fi - ;; -* ) - $cmd $1 $file - if [ $strip ] - then $strip $file - fi - ;; -esac - -$chown $file -$chgrp $file -$chmod $file diff --git a/contrib/ipfilter/common.c b/contrib/ipfilter/common.c deleted file mode 100644 index fa21fc97b5..0000000000 --- a/contrib/ipfilter/common.c +++ /dev/null @@ -1,610 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#if !defined(__SVR4) && !defined(__svr4__) -#include -#else -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 300000 -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ipf.h" -#include "facpri.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $"; -#endif - -extern struct ipopt_names ionames[], secclass[]; -extern int opts; -extern int use_inet6; - - -char *proto = NULL; -char flagset[] = "FSRPAUEC"; -u_char flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG, - TH_ECN, TH_CWR }; - -void fill6bits __P((int, u_32_t *)); -int count6bits __P((u_32_t *)); - -static char thishost[MAXHOSTNAMELEN]; - - -void initparse() -{ - gethostname(thishost, sizeof(thishost)); - thishost[sizeof(thishost) - 1] = '\0'; -} - - -int genmask(msk, mskp) -char *msk; -u_32_t *mskp; -{ - char *endptr = NULL; -#ifdef USE_INET6 - u_32_t addr; -#endif - int bits; - - if (index(msk, '.') || index(msk, 'x') || index(msk, ':')) { - /* possibly of the form xxx.xxx.xxx.xxx - * or 0xYYYYYYYY */ -#ifdef USE_INET6 - if (use_inet6) { - if (inet_pton(AF_INET6, msk, &addr) != 1) - return -1; - } else -#endif - if (inet_aton(msk, (struct in_addr *)mskp) == 0) - return -1; - } else { - /* - * set x most significant bits - */ - bits = (int)strtol(msk, &endptr, 0); - if ((*endptr != '\0') || - ((bits > 32) && !use_inet6) || (bits < 0) || - ((bits > 128) && use_inet6)) - return -1; - if (use_inet6) - fill6bits(bits, mskp); - else { - if (bits == 0) - *mskp = 0; - else - *mskp = htonl(0xffffffff << (32 - bits)); - } - } - return 0; -} - - - -void fill6bits(bits, msk) -int bits; -u_32_t *msk; -{ - int i; - - for (i = 0; bits >= 32 && i < 4 ; ++i, bits -= 32) - msk[i] = 0xffffffff; - - if (bits > 0 && i < 4) - msk[i++] = htonl(0xffffffff << (32 - bits)); - - while (i < 4) - msk[i++] = 0; -} - - -/* - * returns -1 if neither "hostmask/num" or "hostmask mask addr" are - * found in the line segments, there is an error processing this information, - * or there is an error processing ports information. - */ -int hostmask(seg, sa, msk, pp, cp, tp, linenum) -char ***seg; -u_32_t *sa, *msk; -u_short *pp, *tp; -int *cp; -int linenum; -{ - struct in_addr maskaddr; - char *s; - - /* - * is it possibly hostname/num ? - */ - if ((s = index(**seg, '/')) || - ((s = index(**seg, ':')) && !index(s + 1, ':'))) { - *s++ = '\0'; - if (genmask(s, msk) == -1) { - fprintf(stderr, "%d: bad mask (%s)\n", linenum, s); - return -1; - } - if (hostnum(sa, **seg, linenum) == -1) { - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; - } - *sa &= *msk; - (*seg)++; - return ports(seg, pp, cp, tp, linenum); - } - - /* - * look for extra segments if "mask" found in right spot - */ - if (*(*seg+1) && *(*seg+2) && !strcasecmp(*(*seg+1), "mask")) { - if (hostnum(sa, **seg, linenum) == -1) { - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; - } - (*seg)++; - (*seg)++; - if (inet_aton(**seg, &maskaddr) == 0) { - fprintf(stderr, "%d: bad mask (%s)\n", linenum, **seg); - return -1; - } - *msk = maskaddr.s_addr; - (*seg)++; - *sa &= *msk; - return ports(seg, pp, cp, tp, linenum); - } - - if (**seg) { - if (hostnum(sa, **seg, linenum) == -1) { - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; - } - (*seg)++; - if (use_inet6) { - u_32_t k = 0; - if (sa[0] || sa[1] || sa[2] || sa[3]) - k = 0xffffffff; - msk[0] = msk[1] = msk[2] = msk[3] = k; - } - else - *msk = *sa ? 0xffffffff : 0; - return ports(seg, pp, cp, tp, linenum); - } - fprintf(stderr, "%d: bad host (%s)\n", linenum, **seg); - return -1; -} - -/* - * returns an ip address as a long var as a result of either a DNS lookup or - * straight inet_addr() call - */ -int hostnum(ipa, host, linenum) -u_32_t *ipa; -char *host; -int linenum; -{ - struct hostent *hp; - struct netent *np; - struct in_addr ip; - - if (!strcasecmp("any", host)) - return 0; -#ifdef USE_INET6 - if (use_inet6) { - if (inet_pton(AF_INET6, host, ipa) == 1) - return 0; - else - return -1; - } -#endif - if (isdigit(*host) && inet_aton(host, &ip)) { - *ipa = ip.s_addr; - return 0; - } - - if (!strcasecmp("", host)) - host = thishost; - - if (!(hp = gethostbyname(host))) { - if (!(np = getnetbyname(host))) { - fprintf(stderr, "%d: can't resolve hostname: %s\n", - linenum, host); - return -1; - } - *ipa = htonl(np->n_net); - return 0; - } - *ipa = *(u_32_t *)hp->h_addr; - return 0; -} - - -/* - * check for possible presence of the port fields in the line - */ -int ports(seg, pp, cp, tp, linenum) -char ***seg; -u_short *pp, *tp; -int *cp; -int linenum; -{ - int comp = -1; - - if (!*seg || !**seg || !***seg) - return 0; - if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) { - (*seg)++; - if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq")) - comp = FR_EQUAL; - else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne")) - comp = FR_NEQUAL; - else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt")) - comp = FR_LESST; - else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt")) - comp = FR_GREATERT; - else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le")) - comp = FR_LESSTE; - else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge")) - comp = FR_GREATERTE; - else if (isalnum(***seg) && *(*seg + 2)) { - if (portnum(**seg, pp, linenum) == 0) - return -1; - (*seg)++; - if (!strcmp(**seg, "<>")) - comp = FR_OUTRANGE; - else if (!strcmp(**seg, "><")) - comp = FR_INRANGE; - else { - fprintf(stderr, - "%d: unknown range operator (%s)\n", - linenum, **seg); - return -1; - } - (*seg)++; - if (**seg == NULL) { - fprintf(stderr, "%d: missing 2nd port value\n", - linenum); - return -1; - } - if (portnum(**seg, tp, linenum) == 0) - return -1; - } else { - fprintf(stderr, "%d: unknown comparator (%s)\n", - linenum, **seg); - return -1; - } - if (comp != FR_OUTRANGE && comp != FR_INRANGE) { - (*seg)++; - if (portnum(**seg, pp, linenum) == 0) - return -1; - } - *cp = comp; - (*seg)++; - } - return 0; -} - - -/* - * find the port number given by the name, either from getservbyname() or - * straight atoi(). Return 1 on success, 0 on failure - */ -int portnum(name, port, linenum) -char *name; -u_short *port; -int linenum; -{ - struct servent *sp, *sp2; - u_short p1 = 0; - int i; - - if (isdigit(*name)) { - if (ratoi(name, &i, 0, USHRT_MAX)) { - *port = (u_short)i; - return 1; - } - fprintf(stderr, "%d: unknown port \"%s\"\n", linenum, name); - return 0; - } - if (proto != NULL && strcasecmp(proto, "tcp/udp") != 0) { - sp = getservbyname(name, proto); - if (sp) { - *port = ntohs(sp->s_port); - return 1; - } - fprintf(stderr, "%d: unknown service \"%s\".\n", linenum, name); - return 0; - } - sp = getservbyname(name, "tcp"); - if (sp) - p1 = sp->s_port; - sp2 = getservbyname(name, "udp"); - if (!sp || !sp2) { - fprintf(stderr, "%d: unknown tcp/udp service \"%s\".\n", - linenum, name); - return 0; - } - if (p1 != sp2->s_port) { - fprintf(stderr, "%d: %s %d/tcp is a different port to ", - linenum, name, p1); - fprintf(stderr, "%d: %s %d/udp\n", linenum, name, sp->s_port); - return 0; - } - *port = ntohs(p1); - return 1; -} - - -u_char tcp_flags(flgs, mask, linenum) -char *flgs; -u_char *mask; -int linenum; -{ - u_char tcpf = 0, tcpfm = 0, *fp = &tcpf; - char *s, *t; - - if (*flgs == '0') { - s = strchr(flgs, '/'); - if (s) - *s++ = '\0'; - tcpf = strtol(flgs, NULL, 0); - fp = &tcpfm; - } else - s = flgs; - - for (; *s; s++) { - if (*s == '/' && fp == &tcpf) { - fp = &tcpfm; - if (*(s + 1) == '0') - break; - continue; - } - if (!(t = index(flagset, *s))) { - fprintf(stderr, "%d: unknown flag (%c)\n", linenum, *s); - return 0; - } - *fp |= flags[t - flagset]; - } - - if (s && *s == '0') - tcpfm = strtol(s, NULL, 0); - - if (!tcpfm) { - if (tcpf == TH_SYN) - tcpfm = 0xff & ~(TH_ECN|TH_CWR); - else - tcpfm = 0xff & ~(TH_ECN); - } - *mask = tcpfm; - return tcpf; -} - - -/* - * count consecutive 1's in bit mask. If the mask generated by counting - * consecutive 1's is different to that passed, return -1, else return # - * of bits. - */ -int countbits(ip) -u_32_t ip; -{ - u_32_t ipn; - int cnt = 0, i, j; - - ip = ipn = ntohl(ip); - for (i = 32; i; i--, ipn *= 2) - if (ipn & 0x80000000) - cnt++; - else - break; - ipn = 0; - for (i = 32, j = cnt; i; i--, j--) { - ipn *= 2; - if (j > 0) - ipn++; - } - if (ipn == ip) - return cnt; - return -1; -} - - -int count6bits(msk) -u_32_t *msk; -{ - int i = 0, k; - u_32_t j; - - for (k = 3; k >= 0; k--) - if (msk[k] == 0xffffffff) - i += 32; - else { - for (j = msk[k]; j; j <<= 1) - if (j & 0x80000000) - i++; - } - return i; -} - - -char *portname(pr, port) -int pr, port; -{ - static char buf[32]; - struct protoent *p = NULL; - struct servent *sv = NULL, *sv1 = NULL; - - if (pr == -1) { - if ((sv = getservbyport(htons(port), "tcp"))) { - strncpy(buf, sv->s_name, sizeof(buf)-1); - buf[sizeof(buf)-1] = '\0'; - sv1 = getservbyport(htons(port), "udp"); - sv = strncasecmp(buf, sv->s_name, strlen(buf)) ? - NULL : sv1; - } - if (sv) - return buf; - } else if (pr && (p = getprotobynumber(pr))) { - if ((sv = getservbyport(htons(port), p->p_name))) { - strncpy(buf, sv->s_name, sizeof(buf)-1); - buf[sizeof(buf)-1] = '\0'; - return buf; - } - } - - (void) sprintf(buf, "%d", port); - return buf; -} - - -int ratoi(ps, pi, min, max) -char *ps; -int *pi, min, max; -{ - int i; - char *pe; - - i = (int)strtol(ps, &pe, 0); - if (*pe != '\0' || i < min || i > max) - return 0; - *pi = i; - return 1; -} - - -int ratoui(ps, pi, min, max) -char *ps; -u_int *pi, min, max; -{ - u_int i; - char *pe; - - i = (u_int)strtol(ps, &pe, 0); - if (*pe != '\0' || i < min || i > max) - return 0; - *pi = i; - return 1; -} - - -void printhostmask(v, addr, mask) -int v; -u_32_t *addr, *mask; -{ - struct in_addr ipa; - int ones; - -#ifdef USE_INET6 - if (v == 6) { - ones = count6bits(mask); - if (ones == 0 && !addr[0] && !addr[1] && !addr[2] && !addr[3]) - printf("any"); - else { - char ipbuf[64]; - printf("%s/%d", - inet_ntop(AF_INET6, addr, ipbuf, sizeof(ipbuf)), - ones); - } - } - else -#endif - if (!*addr && !*mask) - printf("any"); - else { - ipa.s_addr = *addr; - printf("%s", inet_ntoa(ipa)); - if ((ones = countbits(*mask)) == -1) { - ipa.s_addr = *mask; - printf("/%s", inet_ntoa(ipa)); - } else - printf("/%d", ones); - } -} - - -void printportcmp(pr, frp) -int pr; -frpcmp_t *frp; -{ - static char *pcmp1[] = { "*", "=", "!=", "<", ">", "<=", ">=", - "<>", "><"}; - - if (frp->frp_cmp == FR_INRANGE || frp->frp_cmp == FR_OUTRANGE) - printf(" port %d %s %d", frp->frp_port, - pcmp1[frp->frp_cmp], frp->frp_top); - else - printf(" port %s %s", pcmp1[frp->frp_cmp], - portname(pr, frp->frp_port)); -} - - -void printbuf(buf, len, zend) -char *buf; -int len, zend; -{ - char *s, c; - int i; - - for (s = buf, i = len; i; i--) { - c = *s++; - if (isprint(c)) - putchar(c); - else - printf("\\%03o", c); - if ((c == '\0') && zend) - break; - } -} - - - -char *hostname(v, ip) -int v; -void *ip; -{ -#ifdef USE_INET6 - static char hostbuf[MAXHOSTNAMELEN+1]; -#endif - struct in_addr ipa; - - if (v == 4) { - ipa.s_addr = *(u_32_t *)ip; - return inet_ntoa(ipa); - } -#ifdef USE_INET6 - (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1); - hostbuf[MAXHOSTNAMELEN] = '\0'; - return hostbuf; -#else - return "IPv6"; -#endif -} diff --git a/contrib/ipfilter/etc/protocols b/contrib/ipfilter/etc/protocols deleted file mode 100644 index fd7a1d246b..0000000000 --- a/contrib/ipfilter/etc/protocols +++ /dev/null @@ -1,101 +0,0 @@ -icmp 1 ICMP # Internet Control Message -igmp 2 IGMP # Internet Group Management -ggp 3 GGP # Gateway-to-Gateway -ip 4 IP # IP in IP (encasulation) -st 5 ST # Stream -tcp 6 TCP # Transmission Control -ucl 7 UCL # UCL -egp 8 EGP # Exterior Gateway Protocol -igp 9 IGP # any private interior gateway -bbn-rcc-mon 10 BBN-RCC-MON # BBN RCC Monitoring -nvp-ii 11 NVP-II # Network Voice Protocol -pup 12 PUP # PUP -argus 13 ARGUS # ARGUS -emcon 14 EMCON # EMCON -xnet 15 XNET # Cross Net Debugger -chaos 16 CHAOS # Chaos -udp 17 UDP # User Datagram -mux 18 MUX # Multiplexing -dcn-meas 19 DCN-MEAS # DCN Measurement Subsystems -hmp 20 HMP # Host Monitoring -prm 21 PRM # Packet Radio Measurement -xns-idp 22 XNS-IDP # XEROX NS IDP -trunk-1 23 TRUNK-1 # Trunk-1 -trunk-2 24 TRUNK-2 # Trunk-2 -leaf-1 25 LEAF-1 # Leaf-1 -leaf-2 26 LEAF-2 # Leaf-2 -rdp 27 RDP # Reliable Data Protocol -irtp 28 IRTP # Internet Reliable Transaction -iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4 -netblt 30 NETBLT # Bulk Data Transfer Protocol -mfe-nsp 31 MFE-NSP # MFE Network Services Protocol -merit-inp 32 MERIT-INP # MERIT Internodal Protocol -sep 33 SEP # Sequential Exchange Protocol -3pc 34 3PC # Third Party Connect Protocol -idpr 35 IDPR # Inter-Domain Policy Routing Protocol -xtp 36 XTP # XTP -ddp 37 DDP # Datagram Delivery Protocol -idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto -tp++ 39 TP++ # TP++ Transport Protocol -il 40 IL # IL Transport Protocol -sip 41 SIP # Simple Internet Protocol -sdrp 42 SDRP # Source Demand Routing Protocol -sip-sr 43 SIP-SR # SIP Source Route -sip-frag 44 SIP-FRAG # SIP Fragment -idrp 45 IDRP # Inter-Domain Routing Protocol -rsvp 46 RSVP # Reservation Protocol -gre 47 GRE # General Routing Encapsulation -mhrp 48 MHRP # Mobile Host Routing Protocol -bna 49 BNA # BNA -esp 50 esp # Encap Security Payload -ah 51 AH # Authentication Header -i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA -swipe 53 SWIPE # IP with Encryption -nhrp 54 NHRP # NBMA Next Hop Resolution Protocol -mobile 55 MOBILE # IP Mobility (IP tunneling) -ipv6-icmp 58 icmpv6 IPv6-ICMP ICMPv6 # ICMP version 6 -ipv6-nonxt 59 IPv6-Nonxt # No Next Header for IPv6 -ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 -any 61 any # host internal protocol -cftp 62 CFTP # CFTP -any 63 any # local network -sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK -kryptolan 65 KRYPTOLAN # Kryptolan -rvd 66 RVD # MIT Remote Virtual Disk Protocol -ippc 67 IPPC # Internet Pluribus Packet Core -any 68 any # distributed file system -sat-mon 69 SAT-MON # SATNET Monitoring -visa 70 VISA # VISA Protocol -ipcv 71 IPCV # Internet Packet Core Utility -cpnx 72 CPNX # Computer Protocol Network Executive -cphb 73 CPHB # Computer Protocol Heart Beat -wsn 74 WSN # Wang Span Network -pvp 75 PVP # Packet Video Protocol -br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring -sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary -wb-mon 78 WB-MON # WIDEBAND Monitoring -wb-expak 79 WB-EXPAK # WIDEBAND EXPAK -iso-ip 80 ISO-IP # ISO Internet Protocol -vmtp 81 VMTP # VMTP -secure-vmtp 82 SECURE-VMTP # SECURE-VMTP -vines 83 VINES # VINES -ttp 84 TTP # TTP -nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP -dgp 86 DGP # Dissimilar Gateway Protocol -tcf 87 TCF # TCF -igrp 88 IGRP # IGRP -ospfigp 89 OSPFIGP # OSPFIGP -sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol -larp 91 LARP # Locus Address Resolution Protocol -mtp 92 MTP # Multicast Transport Protocol -ax.25 93 AX.25 # AX.25 Frames -ipip 94 IPIP # IP-within-IP Encapsulation Protocol -micp 95 MICP # Mobile Internetworking Control Pro. -scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. -etherip 97 ETHERIP # Ethernet-within-IP Encapsulation -encap 98 ENCAP # Encapsulation Header -any 99 any # private encryption scheme -gmtp 100 GMTP # GMTP -pim 103 PIM # Protocol Independant Multicast -ipcomp 108 IPCOMP # IP Payload Compression Protocol -reserved 255 Reserved # diff --git a/contrib/ipfilter/etc/services b/contrib/ipfilter/etc/services deleted file mode 100644 index 01c4b782e2..0000000000 --- a/contrib/ipfilter/etc/services +++ /dev/null @@ -1,2536 +0,0 @@ -tcpmux 1/tcp # TCP Port Service Multiplexer -tcpmux 1/udp # TCP Port Service Multiplexer -compressnet 2/tcp # Management Utility -compressnet 2/udp # Management Utility -compressnet 3/tcp # Compression Process -compressnet 3/udp # Compression Process -rje 5/tcp # Remote Job Entry -rje 5/udp # Remote Job Entry -echo 7/tcp # Echo -echo 7/udp # Echo -discard 9/tcp # Discard -discard 9/udp # Discard -systat 11/tcp # Active Users -systat 11/udp # Active Users -daytime 13/tcp # Daytime (RFC 867) -daytime 13/udp # Daytime (RFC 867) -qotd 17/tcp # Quote of the Day -qotd 17/udp # Quote of the Day -msp 18/tcp # Message Send Protocol -msp 18/udp # Message Send Protocol -chargen 19/tcp # Character Generator -chargen 19/udp # Character Generator -ftp 21/tcp # File Transfer [Control] -ftp 21/udp # File Transfer [Control] -ssh 22/tcp # SSH Remote Login Protocol -ssh 22/udp # SSH Remote Login Protocol -telnet 23/tcp # Telnet -telnet 23/udp # Telnet -smtp 25/tcp # Simple Mail Transfer -smtp 25/udp # Simple Mail Transfer -dsp 33/tcp # Display Support Protocol -dsp 33/udp # Display Support Protocol -time 37/tcp # Time -time 37/udp # Time -rap 38/tcp # Route Access Protocol -rap 38/udp # Route Access Protocol -rlp 39/tcp # Resource Location Protocol -rlp 39/udp # Resource Location Protocol -graphics 41/tcp # Graphics -graphics 41/udp # Graphics -name 42/tcp # Host Name Server -name 42/udp # Host Name Server -nameserver 42/tcp # Host Name Server -nameserver 42/udp # Host Name Server -nicname 43/tcp # Who Is -nicname 43/udp # Who Is -mpm 45/tcp # Message Processing Module [recv] -mpm 45/udp # Message Processing Module [recv] -auditd 48/tcp # Digital Audit Daemon -auditd 48/udp # Digital Audit Daemon -tacacs 49/tcp # Login Host Protocol (TACACS) -tacacs 49/udp # Login Host Protocol (TACACS) -domain 53/tcp # Domain Name Server -domain 53/udp # Domain Name Server -acas 62/tcp # ACA Services -acas 62/udp # ACA Services -covia 64/tcp # Communications Integrator (CI) -covia 64/udp # Communications Integrator (CI) -sql*net 66/tcp # Oracle SQL*NET -sql*net 66/udp # Oracle SQL*NET -bootps 67/tcp # Bootstrap Protocol Server -bootps 67/udp # Bootstrap Protocol Server -bootpc 68/tcp # Bootstrap Protocol Client -bootpc 68/udp # Bootstrap Protocol Client -tftp 69/tcp # Trivial File Transfer -tftp 69/udp # Trivial File Transfer -gopher 70/tcp # Gopher -gopher 70/udp # Gopher -deos 76/tcp # Distributed External Object Store -deos 76/udp # Distributed External Object Store -vettcp 78/tcp # vettcp -vettcp 78/udp # vettcp -finger 79/tcp # Finger -finger 79/udp # Finger -http 80/tcp # World Wide Web HTTP -http 80/udp # World Wide Web HTTP -www 80/tcp # World Wide Web HTTP -www 80/udp # World Wide Web HTTP -xfer 82/tcp # XFER Utility -xfer 82/udp # XFER Utility -ctf 84/tcp # Common Trace Facility -ctf 84/udp # Common Trace Facility -mfcobol 86/tcp # Micro Focus Cobol -mfcobol 86/udp # Micro Focus Cobol -kerberos 88/tcp # Kerberos -kerberos 88/udp # Kerberos -dnsix 90/tcp # DNSIX Securit Attribute Token Map -dnsix 90/udp # DNSIX Securit Attribute Token Map -npp 92/tcp # Network Printing Protocol -npp 92/udp # Network Printing Protocol -dcp 93/tcp # Device Control Protocol -dcp 93/udp # Device Control Protocol -objcall 94/tcp # Tivoli Object Dispatcher -objcall 94/udp # Tivoli Object Dispatcher -supdup 95/tcp # SUPDUP -supdup 95/udp # SUPDUP -dixie 96/tcp # DIXIE Protocol Specification -dixie 96/udp # DIXIE Protocol Specification -tacnews 98/tcp # TAC News -tacnews 98/udp # TAC News -metagram 99/tcp # Metagram Relay -metagram 99/udp # Metagram Relay -newacct 100/tcp [unauthorized use] -hostname 101/tcp # NIC Host Name Server -hostname 101/udp # NIC Host Name Server -gppitnp 103/tcp # Genesis Point-to-Point Trans Net -gppitnp 103/udp # Genesis Point-to-Point Trans Net -cso 105/tcp # CCSO name server protocol -cso 105/udp # CCSO name server protocol -rtelnet 107/tcp # Remote Telnet Service -rtelnet 107/udp # Remote Telnet Service -snagas 108/tcp # SNA Gateway Access Server -snagas 108/udp # SNA Gateway Access Server -pop2 109/tcp # Post Office Protocol - Version 2 -pop2 109/udp # Post Office Protocol - Version 2 -pop3 110/tcp # Post Office Protocol - Version 3 -pop3 110/udp # Post Office Protocol - Version 3 -sunrpc 111/tcp # SUN Remote Procedure Call -sunrpc 111/udp # SUN Remote Procedure Call -mcidas 112/tcp # McIDAS Data Transmission Protocol -mcidas 112/udp # McIDAS Data Transmission Protocol -ident 113/tcp -auth 113/tcp # Authentication Service -auth 113/udp # Authentication Service -audionews 114/tcp # Audio News Multicast -audionews 114/udp # Audio News Multicast -sftp 115/tcp # Simple File Transfer Protocol -sftp 115/udp # Simple File Transfer Protocol -ansanotify 116/tcp # ANSA REX Notify -ansanotify 116/udp # ANSA REX Notify -sqlserv 118/tcp # SQL Services -sqlserv 118/udp # SQL Services -nntp 119/tcp # Network News Transfer Protocol -nntp 119/udp # Network News Transfer Protocol -cfdptkt 120/tcp # CFDPTKT -cfdptkt 120/udp # CFDPTKT -erpc 121/tcp # Encore Expedited Remote Pro.Call -erpc 121/udp # Encore Expedited Remote Pro.Call -smakynet 122/tcp # SMAKYNET -smakynet 122/udp # SMAKYNET -ntp 123/tcp # Network Time Protocol -ntp 123/udp # Network Time Protocol -ansatrader 124/tcp # ANSA REX Trader -ansatrader 124/udp # ANSA REX Trader -nxedit 126/tcp # NXEdit -nxedit 126/udp # NXEdit -pwdgen 129/tcp # Password Generator Protocol -pwdgen 129/udp # Password Generator Protocol -statsrv 133/tcp # Statistics Service -statsrv 133/udp # Statistics Service -epmap 135/tcp # DCE endpoint resolution -epmap 135/udp # DCE endpoint resolution -profile 136/tcp # PROFILE Naming System -profile 136/udp # PROFILE Naming System -imap 143/tcp # Internet Message Access Protocol -imap 143/udp # Internet Message Access Protocol -uma 144/tcp # Universal Management Architecture -uma 144/udp # Universal Management Architecture -uaac 145/tcp # UAAC Protocol -uaac 145/udp # UAAC Protocol -jargon 148/tcp # Jargon -jargon 148/udp # Jargon -hems 151/tcp # HEMS -hems 151/udp # HEMS -bftp 152/tcp # Background File Transfer Program -bftp 152/udp # Background File Transfer Program -sgmp 153/tcp # SGMP -sgmp 153/udp # SGMP -sqlsrv 156/tcp # SQL Service -sqlsrv 156/udp # SQL Service -snmp 161/tcp # SNMP -snmp 161/udp # SNMP -snmptrap 162/tcp # SNMPTRAP -snmptrap 162/udp # SNMPTRAP -namp 167/tcp # NAMP -namp 167/udp # NAMP -rsvd 168/tcp # RSVD -rsvd 168/udp # RSVD -send 169/tcp # SEND -send 169/udp # SEND -multiplex 171/tcp # Network Innovations Multiplex -multiplex 171/udp # Network Innovations Multiplex -cl/1 172/tcp # Network Innovations CL/1 -cl/1 172/udp # Network Innovations CL/1 -mailq 174/tcp # MAILQ -mailq 174/udp # MAILQ -vmnet 175/tcp # VMNET -vmnet 175/udp # VMNET -xdmcp 177/tcp # X Display Manager Control Protocol -xdmcp 177/udp # X Display Manager Control Protocol -nextstep 178/tcp # NextStep Window Server -nextstep 178/udp # NextStep Window Server -bgp 179/tcp # Border Gateway Protocol -bgp 179/udp # Border Gateway Protocol -ris 180/tcp # Intergraph -ris 180/udp # Intergraph -unify 181/tcp # Unify -unify 181/udp # Unify -audit 182/tcp # Unisys Audit SITP -audit 182/udp # Unisys Audit SITP -ocbinder 183/tcp # OCBinder -ocbinder 183/udp # OCBinder -ocserver 184/tcp # OCServer -ocserver 184/udp # OCServer -kis 186/tcp # KIS Protocol -kis 186/udp # KIS Protocol -aci 187/tcp # Application Communication Interface -aci 187/udp # Application Communication Interface -mumps 188/tcp # Plus Five's MUMPS -mumps 188/udp # Plus Five's MUMPS -qft 189/tcp # Queued File Transport -qft 189/udp # Queued File Transport -gacp 190/tcp # Gateway Access Control Protocol -gacp 190/udp # Gateway Access Control Protocol -prospero 191/tcp # Prospero Directory Service -prospero 191/udp # Prospero Directory Service -srmp 193/tcp # Spider Remote Monitoring Protocol -srmp 193/udp # Spider Remote Monitoring Protocol -irc 194/tcp # Internet Relay Chat Protocol -irc 194/udp # Internet Relay Chat Protocol -dls 197/tcp # Directory Location Service -dls 197/udp # Directory Location Service -smux 199/tcp # SMUX -smux 199/udp # SMUX -src 200/tcp # IBM System Resource Controller -src 200/udp # IBM System Resource Controller -qmtp 209/tcp # The Quick Mail Transfer Protocol -qmtp 209/udp # The Quick Mail Transfer Protocol -anet 212/tcp # ATEXSSTR -anet 212/udp # ATEXSSTR -ipx 213/tcp # IPX -ipx 213/udp # IPX -vmpwscs 214/tcp # VM PWSCS -vmpwscs 214/udp # VM PWSCS -softpc 215/tcp # Insignia Solutions -softpc 215/udp # Insignia Solutions -dbase 217/tcp # dBASE Unix -dbase 217/udp # dBASE Unix -mpp 218/tcp # Netix Message Posting Protocol -mpp 218/udp # Netix Message Posting Protocol -uarps 219/tcp # Unisys ARPs -uarps 219/udp # Unisys ARPs -imap3 220/tcp # Interactive Mail Access Protocol v3 -imap3 220/udp # Interactive Mail Access Protocol v3 -cdc 223/tcp # Certificate Distribution Center -cdc 223/udp # Certificate Distribution Center -masqdialer 224/tcp # masqdialer -masqdialer 224/udp # masqdialer -direct 242/tcp # Direct -direct 242/udp # Direct -dayna 244/tcp # Dayna -dayna 244/udp # Dayna -link 245/tcp # LINK -link 245/udp # LINK -dsp3270 246/tcp # Display Systems Protocol -dsp3270 246/udp # Display Systems Protocol -bhfhs 248/tcp # bhfhs -bhfhs 248/udp # bhfhs -rap 256/tcp # RAP -rap 256/udp # RAP -set 257/tcp # Secure Electronic Transaction -set 257/udp # Secure Electronic Transaction -openport 260/tcp # Openport -openport 260/udp # Openport -nsiiops 261/tcp # IIOP Name Service over TLS/SSL -nsiiops 261/udp # IIOP Name Service over TLS/SSL -arcisdms 262/tcp # Arcisdms -arcisdms 262/udp Arcisdms -hdap 263/tcp # HDAP -hdap 263/udp # HDAP -bgmp 264/tcp # BGMP -bgmp 264/udp # BGMP -rescap 283/tcp # rescap -rescap 283/udp # rescap -novastorbakcup 308/tcp # Novastor Backup -novastorbakcup 308/udp # Novastor Backup -entrusttime 309/tcp # EntrustTime -entrusttime 309/udp # EntrustTime -bhmds 310/tcp # bhmds -bhmds 310/udp # bhmds -vslmp 312/tcp # VSLMP -vslmp 312/udp # VSLMP -dpsi 315/tcp # DPSI -dpsi 315/udp # DPSI -decauth 316/tcp # decAuth -decauth 316/udp # decAuth -zannet 317/tcp # Zannet -zannet 317/udp # Zannet -pip 321/tcp # PIP -pip 321/udp # PIP -rtsps 322/tcp # RTSPS -rtsps 322/udp # RTSPS -pdap 344/tcp # Prospero Data Access Protocol -pdap 344/udp # Prospero Data Access Protocol -pawserv 345/tcp # Perf Analysis Workbench -pawserv 345/udp # Perf Analysis Workbench -zserv 346/tcp # Zebra server -zserv 346/udp # Zebra server -fatserv 347/tcp # Fatmen Server -fatserv 347/udp # Fatmen Server -mftp 349/tcp # mftp -mftp 349/udp # mftp -bhoetty 351/tcp bhoetty (added 5/21/97) -bhoetty 351/udp # bhoetty -bhoedap4 352/tcp # bhoedap4 (added 5/21/97) -bhoedap4 352/udp # bhoedap4 -ndsauth 353/tcp # NDSAUTH -ndsauth 353/udp # NDSAUTH -bh611 354/tcp bh611 -bh611 354/udp # bh611 -bhevent 357/tcp bhevent -bhevent 357/udp # bhevent -shrinkwrap 358/tcp # Shrinkwrap -shrinkwrap 358/udp # Shrinkwrap -scoi2odialog 360/tcp # scoi2odialog -scoi2odialog 360/udp # scoi2odialog -semantix 361/tcp # Semantix -semantix 361/udp # Semantix -srssend 362/tcp # SRS Send -srssend 362/udp # SRS Send -dtk 365/tcp # DTK -dtk 365/udp # DTK -odmr 366/tcp # ODMR -odmr 366/udp # ODMR -mortgageware 367/tcp # MortgageWare -mortgageware 367/udp # MortgageWare -qbikgdp 368/tcp # QbikGDP -qbikgdp 368/udp # QbikGDP -rpc2portmap 369/tcp # rpc2portmap -rpc2portmap 369/udp # rpc2portmap -codaauth2 370/tcp # codaauth2 -codaauth2 370/udp # codaauth2 -clearcase 371/tcp # Clearcase -clearcase 371/udp # Clearcase -ulistproc 372/tcp # ListProcessor -ulistproc 372/udp # ListProcessor -hassle 375/tcp # Hassle -hassle 375/udp # Hassle -nip 376/tcp # Amiga Envoy Network Inquiry Proto -nip 376/udp # Amiga Envoy Network Inquiry Proto -tnETOS 377/tcp # NEC Corporation -tnETOS 377/udp # NEC Corporation -dsETOS 378/tcp # NEC Corporation -dsETOS 378/udp # NEC Corporation -is99c 379/tcp # TIA/EIA/IS-99 modem client -is99c 379/udp # TIA/EIA/IS-99 modem client -is99s 380/tcp # TIA/EIA/IS-99 modem server -is99s 380/udp # TIA/EIA/IS-99 modem server -arns 384/tcp # A Remote Network Server System -arns 384/udp # A Remote Network Server System -asa 386/tcp # ASA Message Router Object Def. -asa 386/udp # ASA Message Router Object Def. -aurp 387/tcp # Appletalk Update-Based Routing Pro. -aurp 387/udp # Appletalk Update-Based Routing Pro. -ldap 389/tcp # Lightweight Directory Access Protocol -ldap 389/udp # Lightweight Directory Access Protocol -uis 390/tcp # UIS -uis 390/udp # UIS -dis 393/tcp # Data Interpretation System -dis 393/udp # Data Interpretation System -netcp 395/tcp # NETscout Control Protocol -netcp 395/udp # NETscout Control Protocol -mptn 397/tcp # Multi Protocol Trans. Net. -mptn 397/udp # Multi Protocol Trans. Net. -kryptolan 398/tcp # Kryptolan -kryptolan 398/udp # Kryptolan -ups 401/tcp # Uninterruptible Power Supply -ups 401/udp # Uninterruptible Power Supply -genie 402/tcp # Genie Protocol -genie 402/udp # Genie Protocol -decap 403/tcp # decap -decap 403/udp # decap -nced 404/tcp # nced -nced 404/udp # nced -ncld 405/tcp # ncld -ncld 405/udp # ncld -imsp 406/tcp # Interactive Mail Support Protocol -imsp 406/udp # Interactive Mail Support Protocol -timbuktu 407/tcp # Timbuktu -timbuktu 407/udp # Timbuktu -decladebug 410/tcp # DECLadebug Remote Debug Protocol -decladebug 410/udp # DECLadebug Remote Debug Protocol -rmt 411/tcp # Remote MT Protocol -rmt 411/udp # Remote MT Protocol -smsp 413/tcp # SMSP -smsp 413/udp # SMSP -infoseek 414/tcp # InfoSeek -infoseek 414/udp # InfoSeek -bnet 415/tcp # BNet -bnet 415/udp # BNet -silverplatter 416/tcp # Silverplatter -silverplatter 416/udp # Silverplatter -onmux 417/tcp # Onmux -onmux 417/udp # Onmux -ariel1 419/tcp # Ariel -ariel1 419/udp # Ariel -smpte 420/tcp # SMPTE -smpte 420/udp # SMPTE -ariel2 421/tcp # Ariel -ariel2 421/udp # Ariel -ariel3 422/tcp # Ariel -ariel3 422/udp # Ariel -smartsdp 426/tcp # smartsdp -smartsdp 426/udp # smartsdp -svrloc 427/tcp # Server Location -svrloc 427/udp # Server Location -utmpsd 430/tcp # UTMPSD -utmpsd 430/udp # UTMPSD -utmpcd 431/tcp # UTMPCD -utmpcd 431/udp # UTMPCD -iasd 432/tcp # IASD -iasd 432/udp # IASD -nnsp 433/tcp # NNSP -nnsp 433/udp # NNSP -comscm 437/tcp # comscm -comscm 437/udp # comscm -dsfgw 438/tcp # dsfgw -dsfgw 438/udp # dsfgw -dasp 439/tcp # dasp Thomas Obermair -dasp 439/udp # dasp tommy@inlab.m.eunet.de -sgcp 440/tcp # sgcp -sgcp 440/udp # sgcp -https 443/tcp # http protocol over TLS/SSL -https 443/udp # http protocol over TLS/SSL -snpp 444/tcp # Simple Network Paging Protocol -snpp 444/udp # Simple Network Paging Protocol -tserver 450/tcp # TServer -tserver 450/udp # TServer -creativeserver 453/tcp # CreativeServer -creativeserver 453/udp # CreativeServer -contentserver 454/tcp # ContentServer -contentserver 454/udp # ContentServer -creativepartnr 455/tcp # CreativePartnr -creativepartnr 455/udp # CreativePartnr -scohelp 457/tcp # scohelp -scohelp 457/udp # scohelp -appleqtc 458/tcp # apple quick time -appleqtc 458/udp # apple quick time -skronk 460/tcp # skronk -skronk 460/udp # skronk -datasurfsrv 461/tcp # DataRampSrv -datasurfsrv 461/udp # DataRampSrv -datasurfsrvsec 462/tcp # DataRampSrvSec -datasurfsrvsec 462/udp # DataRampSrvSec -alpes 463/tcp # alpes -alpes 463/udp # alpes -kpasswd 464/tcp # kpasswd -kpasswd 464/udp # kpasswd -photuris 468/tcp # proturis -photuris 468/udp # proturis -rcp 469/tcp # Radio Control Protocol -rcp 469/udp # Radio Control Protocol -mondex 471/tcp # Mondex -mondex 471/udp # Mondex -tcp # nethaspsrv 475/tcp # tcpnethaspsrv -tcp # nethaspsrv 475/udp # tcp # nethaspsrv -ss7ns 477/tcp # ss7ns -ss7ns 477/udp # ss7ns -spsc 478/tcp # spsc -spsc 478/udp # spsc -iafserver 479/tcp # iafserver -iafserver 479/udp # iafserver -iafdbase 480/tcp # iafdbase -iafdbase 480/udp # iafdbase -ph 481/tcp # Ph service -ph 481/udp # Ph service -ulpnet 483/tcp # ulpnet -ulpnet 483/udp # ulpnet -powerburst 485/tcp # Air Soft Power Burst -powerburst 485/udp # Air Soft Power Burst -avian 486/tcp # avian -avian 486/udp # avian -saft 487/tcp # saft Simple Asynchronous File Transfer -saft 487/udp # saft Simple Asynchronous File Transfer -intecourier 495/tcp # intecourier -intecourier 495/udp # intecourier -dantz 497/tcp # dantz -dantz 497/udp # dantz -siam 498/tcp # siam -siam 498/udp # siam -isakmp 500/tcp # isakmp -isakmp 500/udp # isakmp -stmf 501/tcp # STMF -stmf 501/udp # STMF -intrinsa 503/tcp # Intrinsa -intrinsa 503/udp # Intrinsa -citadel 504/tcp # citadel -citadel 504/udp # citadel -ohimsrv 506/tcp # ohimsrv -ohimsrv 506/udp # ohimsrv -crs 507/tcp # crs -crs 507/udp # crs -xvttp 508/tcp # xvttp -xvttp 508/udp # xvttp -snare 509/tcp # snare -snare 509/udp # snare -fcp 510/tcp # FirstClass Protocol -fcp 510/udp # FirstClass Protocol -passgo 511/tcp # PassGo -passgo 511/udp # PassGo -exec 512/tcp # remote process execution; -comsat 512/udp -biff 512/udp # used by mail system to notify users -login 513/tcp # remote login a la telnet; -who 513/udp # maintains data bases showing who's -shell 514/tcp # cmd -syslog 514/udp -printer 515/tcp # spooler -printer 515/udp # spooler -videotex 516/tcp # videotex -videotex 516/udp # videotex -talk 517/tcp # like tenex link, but across -talk 517/udp # like tenex link, but across -ntalk 518/tcp -ntalk 518/udp -utime 519/tcp # unixtime -utime 519/udp # unixtime -efs 520/tcp # extended file name server -router 520/udp # local routing process (on site); -ripng 521/tcp # ripng -ripng 521/udp # ripng -ulp 522/tcp # ULP -ulp 522/udp # ULP -ncp 524/tcp # NCP -ncp 524/udp # NCP -timed 525/tcp # timeserver -timed 525/udp # timeserver -tempo 526/tcp # newdate -tempo 526/udp # newdate -stx 527/tcp # Stock IXChange -stx 527/udp # Stock IXChange -custix 528/tcp # Customer IXChange -custix 528/udp # Customer IXChange -courier 530/tcp # rpc -courier 530/udp # rpc -conference 531/tcp # chat -conference 531/udp # chat -netnews 532/tcp # readnews -netnews 532/udp # readnews -netwall 533/tcp # for emergency broadcasts -netwall 533/udp # for emergency broadcasts -iiop 535/tcp # iiop -iiop 535/udp # iiop -nmsp 537/tcp # Networked Media Streaming Protocol -nmsp 537/udp # Networked Media Streaming Protocol -gdomap 538/tcp # gdomap -gdomap 538/udp # gdomap -uucp 540/tcp # uucpd -uucp 540/udp # uucpd -commerce 542/tcp # commerce -commerce 542/udp # commerce -klogin 543/tcp -klogin 543/udp -kshell 544/tcp # krcmd -kshell 544/udp # krcmd -appleqtcsrvr 545/tcp # appleqtcsrvr -appleqtcsrvr 545/udp # appleqtcsrvr -afpovertcp 548/tcp # AFP over TCP -afpovertcp 548/udp # AFP over TCP -idfp 549/tcp # IDFP -idfp 549/udp # IDFP -cybercash 551/tcp # cybercash -cybercash 551/udp # cybercash -deviceshare 552/tcp # deviceshare -deviceshare 552/udp # deviceshare -pirp 553/tcp # pirp -pirp 553/udp # pirp -rtsp 554/tcp # Real Time Stream Control Protocol -rtsp 554/udp # Real Time Stream Control Protocol -dsf 555/tcp -dsf 555/udp -remotefs 556/tcp # rfs server -remotefs 556/udp # rfs server -sdnskmp 558/tcp # SDNSKMP -sdnskmp 558/udp # SDNSKMP -teedtap 559/tcp # TEEDTAP -teedtap 559/udp # TEEDTAP -rmonitor 560/tcp # rmonitord -rmonitor 560/udp # rmonitord -monitor 561/tcp -monitor 561/udp -chshell 562/tcp # chcmd -chshell 562/udp # chcmd -nntps 563/tcp # nntp protocol over TLS/SSL (was snntp) -nntps 563/udp # nntp protocol over TLS/SSL (was snntp) -whoami 565/tcp # whoami -whoami 565/udp # whoami -streettalk 566/tcp # streettalk -streettalk 566/udp # streettalk -meter 570/tcp # demon -meter 570/udp # demon -meter 571/tcp # udemon -meter 571/udp # udemon -sonar 572/tcp # sonar -sonar 572/udp # sonar -vemmi 575/tcp # VEMMI -vemmi 575/udp # VEMMI -ipcd 576/tcp # ipcd -ipcd 576/udp # ipcd -vnas 577/tcp # vnas -vnas 577/udp # vnas -ipdd 578/tcp # ipdd -ipdd 578/udp # ipdd -decbsrv 579/tcp # decbsrv -decbsrv 579/udp # decbsrv -bdp 581/tcp # Bundle Discovery Protocol -bdp 581/udp # Bundle Discovery Protocol -keyserver 584/tcp # Key Server -keyserver 584/udp # Key Server -submission 587/tcp # Submission -submission 587/udp # Submission -cal 588/tcp # CAL -cal 588/udp # CAL -eyelink 589/tcp # EyeLink -eyelink 589/udp # EyeLink -tpip 594/tcp # TPIP -tpip 594/udp # TPIP -smsd 596/tcp # SMSD -smsd 596/udp # SMSD -ptcnameservice 597/tcp # PTC Name Service -ptcnameservice 597/udp # PTC Name Service -acp 599/tcp # Aeolon Core Protocol -acp 599/udp # Aeolon Core Protocol -ipcserver 600/tcp # Sun IPC server -ipcserver 600/udp # Sun IPC server -urm 606/tcp # Cray Unified Resource Manager -urm 606/udp # Cray Unified Resource Manager -nqs 607/tcp # nqs -nqs 607/udp # nqs -sshell 614/tcp # SSLshell -sshell 614/udp # SSLshell -collaborator 622/tcp # Collaborator -collaborator 622/udp # Collaborator -cryptoadmin 624/tcp # Crypto Admin -cryptoadmin 624/udp # Crypto Admin -asia 626/tcp # ASIA -asia 626/udp # ASIA -qmqp 628/tcp # QMQP -qmqp 628/udp # QMQP -rda 630/tcp # RDA -rda 630/udp # RDA -ipp 631/tcp # IPP (Internet Printing Protocol) -ipp 631/udp # IPP (Internet Printing Protocol) -bmpp 632/tcp # bmpp -bmpp 632/udp # bmpp -servstat 633/tcp # Service Status update (Sterling Software) -servstat 633/udp # Service Status update (Sterling Software) -ginad 634/tcp # ginad -ginad 634/udp # ginad -rlzdbase 635/tcp # RLZ DBase -rlzdbase 635/udp # RLZ DBase -ldaps 636/tcp # ldap protocol over TLS/SSL (was sldap) -ldaps 636/udp # ldap protocol over TLS/SSL (was sldap) -lanserver 637/tcp # lanserver -lanserver 637/udp # lanserver -msdp 639/tcp # MSDP -msdp 639/udp # MSDP -repcmd 641/tcp # repcmd -repcmd 641/udp # repcmd -sanity 643/tcp # SANity -sanity 643/udp # SANity -dwr 644/tcp # dwr -dwr 644/udp # dwr -pssc 645/tcp # PSSC -pssc 645/udp # PSSC -ldp 646/tcp # LDP -ldp 646/udp # LDP -rrp 648/tcp # Registry Registrar Protocol (RRP) -rrp 648/udp # Registry Registrar Protocol (RRP) -aminet 649/tcp # Aminet -aminet 649/udp # Aminet -obex 650/tcp # OBEX -obex 650/udp # OBEX -repscmd 653/tcp # RepCmd -repscmd 653/udp # RepCmd -aodv 654/tcp # AODV -aodv 654/udp # AODV -tinc 655/tcp # TINC -tinc 655/udp # TINC -spmp 656/tcp # SPMP -spmp 656/udp # SPMP -mdqs 666/tcp -mdqs 666/udp -doom 666/tcp # doom Id Software -doom 666/udp # doom Id Software -disclose 667/tcp # campaign contribution disclosures - SDR Technologies -disclose 667/udp # campaign contribution disclosures - SDR Technologies -mecomm 668/tcp # MeComm -mecomm 668/udp # MeComm -meregister 669/tcp # MeRegister -meregister 669/udp # MeRegister -cimplex 673/tcp # CIMPLEX -cimplex 673/udp # CIMPLEX -acap 674/tcp # ACAP -acap 674/udp # ACAP -dctp 675/tcp # DCTP -dctp 675/udp # DCTP -vpp 677/tcp # Virtual Presence Protocol -vpp 677/udp # Virtual Presence Protocol -mrm 679/tcp # MRM -mrm 679/udp # MRM -xfr 682/tcp # XFR -xfr 682/udp # XFR -asipregistry 687/tcp # asipregistry -asipregistry 687/udp # asipregistry -elcsd 704/tcp # errlog copy/server daemon -elcsd 704/udp # errlog copy/server daemon -agentx 705/tcp # AgentX -agentx 705/udp # AgentX -netviewdm1 729/tcp # IBM NetView DM/6000 Server/Client -netviewdm1 729/udp # IBM NetView DM/6000 Server/Client -netviewdm2 730/tcp # IBM NetView DM/6000 send/tcp -netviewdm2 730/udp # IBM NetView DM/6000 send/tcp -netviewdm3 731/tcp # IBM NetView DM/6000 receive/tcp -netviewdm3 731/udp # IBM NetView DM/6000 receive/tcp -netgw 741/tcp # netGW -netgw 741/udp # netGW -netrcs 742/tcp # Network based Rev. Cont. Sys. -netrcs 742/udp # Network based Rev. Cont. Sys. -flexlm 744/tcp # Flexible License Manager -flexlm 744/udp # Flexible License Manager -rfile 750/tcp -loadav 750/udp -pump 751/tcp -pump 751/udp -qrh 752/tcp -qrh 752/udp -rrh 753/tcp -rrh 753/udp -tell 754/tcp send -tell 754/udp send -nlogin 758/tcp -nlogin 758/udp -con 759/tcp -con 759/udp -ns 760/tcp -ns 760/udp -rxe 761/tcp -rxe 761/udp -quotad 762/tcp -quotad 762/udp -cycleserv 763/tcp -cycleserv 763/udp -omserv 764/tcp -omserv 764/udp -webster 765/tcp -webster 765/udp -phonebook 767/tcp phone -phonebook 767/udp phone -vid 769/tcp -vid 769/udp -cadlock 770/tcp -cadlock 770/udp -rtip 771/tcp -rtip 771/udp -cycleserv2 772/tcp -cycleserv2 772/udp -submit 773/tcp -notify 773/udp -rpasswd 774/tcp -entomb 775/tcp -wpages 776/tcp -wpages 776/udp -wpgs 780/tcp -wpgs 780/udp -concert 786/tcp # Concert -concert 786/udp # Concert -qsc 787/tcp # QSC -qsc 787/udp # QSC -device 801/tcp -device 801/udp -rsync 873/tcp # rsync -rsync 873/udp # rsync -accessbuilder 888/tcp # AccessBuilder -accessbuilder 888/udp # AccessBuilder -cddbp 888/tcp # CD Database Protocol -omginitialrefs 900/tcp # OMG Initial Refs -omginitialrefs 900/udp # OMG Initial Refs -ftps 990/tcp # ftp protocol, control, over TLS/SSL -ftps 990/udp # ftp protocol, control, over TLS/SSL -nas 991/tcp # Netnews Administration System -nas 991/udp # Netnews Administration System -telnets 992/tcp # telnet protocol over TLS/SSL -telnets 992/udp # telnet protocol over TLS/SSL -imaps 993/tcp # imap4 protocol over TLS/SSL -imaps 993/udp # imap4 protocol over TLS/SSL -ircs 994/tcp # irc protocol over TLS/SSL -ircs 994/udp # irc protocol over TLS/SSL -pop3s 995/tcp # pop3 protocol over TLS/SSL (was spop3) -pop3s 995/udp # pop3 protocol over TLS/SSL (was spop3) -vsinet 996/tcp # vsinet -vsinet 996/udp # vsinet -maitrd 997/tcp -maitrd 997/udp -busboy 998/tcp -puparp 998/udp -garcon 999/tcp -applix 999/udp # Applix ac -puprouter 999/tcp -puprouter 999/udp -cadlock 1000/tcp -ock 1000/udp -surf 1010/tcp # surf -surf 1010/udp # surf -blackjack 1025/tcp # network blackjack -blackjack 1025/udp # network blackjack -iad1 1030/tcp # BBN IAD -iad1 1030/udp # BBN IAD -iad2 1031/tcp # BBN IAD -iad2 1031/udp # BBN IAD -iad3 1032/tcp # BBN IAD -iad3 1032/udp # BBN IAD -neod1 1047/tcp # Sun's NEO Object Request Broker -neod1 1047/udp # Sun's NEO Object Request Broker -neod2 1048/tcp # Sun's NEO Object Request Broker -neod2 1048/udp # Sun's NEO Object Request Broker -nim 1058/tcp # nim -nim 1058/udp # nim -nimreg 1059/tcp # nimreg -nimreg 1059/udp # nimreg -socks 1080/tcp # Socks -socks 1080/udp # Socks -sunclustermgr 1097/tcp # Sun Cluster Manager -sunclustermgr 1097/udp # Sun Cluster Manager -rmiactivation 1098/tcp # RMI Activation -rmiactivation 1098/udp # RMI Activation -rmiregistry 1099/tcp # RMI Registry -rmiregistry 1099/udp # RMI Registry -lmsocialserver 1111/tcp # LM Social Server -lmsocialserver 1111/udp # LM Social Server -murray 1123/tcp # Murray -murray 1123/udp # Murray -nfa 1155/tcp # Network File Access -nfa 1155/udp # Network File Access -caiccipc 1202/tcp # caiccipc -caiccipc 1202/udp # caiccipc -lupa 1212/tcp # lupa -lupa 1212/udp # lupa -nerv 1222/tcp # SNI R&D network -nerv 1222/udp # SNI R&D network -nmsd 1239/tcp # NMSD -nmsd 1239/udp # NMSD -hermes 1248/tcp -hermes 1248/udp -h323hostcallsc 1300/tcp # H323 Host Call Secure -h323hostcallsc 1300/udp # H323 Host Call Secure -husky 1310/tcp # Husky -husky 1310/udp # Husky -rxmon 1311/tcp # RxMon -rxmon 1311/udp # RxMon -pdps 1314/tcp # Photoscript Distributed Printing System -pdps 1314/udp # Photoscript Distributed Printing System -pip 1321/tcp # PIP -pip 1321/udp # PIP -vpjp 1345/tcp # VPJP -vpjp 1345/udp # VPJP -sbook 1349/tcp # Registration Network Protocol -sbook 1349/udp # Registration Network Protocol -editbench 1350/tcp # Registration Network Protocol -editbench 1350/udp # Registration Network Protocol -equationbuilder 1351/tcp # Digital Tool Works (MIT) -equationbuilder 1351/udp # Digital Tool Works (MIT) -lotusnote 1352/tcp # Lotus Note -lotusnote 1352/udp # Lotus Note -relief 1353/tcp # Relief Consulting -relief 1353/udp # Relief Consulting -rightbrain 1354/tcp # RightBrain Software -rightbrain 1354/udp # RightBrain Software -cuillamartin 1356/tcp # CuillaMartin Company -cuillamartin 1356/udp # CuillaMartin Company -pegboard 1357/tcp # Electronic PegBoard -pegboard 1357/udp # Electronic PegBoard -connlcli 1358/tcp # CONNLCLI -connlcli 1358/udp # CONNLCLI -ftsrv 1359/tcp # FTSRV -ftsrv 1359/udp # FTSRV -mimer 1360/tcp # MIMER -mimer 1360/udp # MIMER -linx 1361/tcp # LinX -linx 1361/udp # LinX -timeflies 1362/tcp # TimeFlies -timeflies 1362/udp # TimeFlies -dcs 1367/tcp # DCS -dcs 1367/udp # DCS -screencast 1368/tcp # ScreenCast -screencast 1368/udp # ScreenCast -chromagrafx 1373/tcp # Chromagrafx -chromagrafx 1373/udp # Chromagrafx -molly 1374/tcp # EPI Software Systems -molly 1374/udp # EPI Software Systems -bytex 1375/tcp # Bytex -bytex 1375/udp # Bytex -cichlid 1377/tcp # Cichlid License Manager -cichlid 1377/udp # Cichlid License Manager -elan 1378/tcp # Elan License Manager -elan 1378/udp # Elan License Manager -dbreporter 1379/tcp # Integrity Solutions -dbreporter 1379/udp # Integrity Solutions -gwha 1383/tcp # GW Hannaway Network License Manager -gwha 1383/udp # GW Hannaway Network License Manager -checksum 1386/tcp # CheckSum License Manager -checksum 1386/udp # CheckSum License Manager -hiq 1410/tcp # HiQ License Manager -hiq 1410/udp # HiQ License Manager -af 1411/tcp # AudioFile -af 1411/udp # AudioFile -innosys 1412/tcp # InnoSys -innosys 1412/udp # InnoSys -dbstar 1415/tcp # DBStar -dbstar 1415/udp # DBStar -essbase 1423/tcp # Essbase Arbor Software -essbase 1423/udp # Essbase Arbor Software -hybrid 1424/tcp # Hybrid Encryption Protocol -hybrid 1424/udp # Hybrid Encryption Protocol -sais 1426/tcp # Satellite-data Acquisition System 1 -sais 1426/udp # Satellite-data Acquisition System 1 -mloadd 1427/tcp # mloadd monitoring tool -mloadd 1427/udp # mloadd monitoring tool -nms 1429/tcp # Hypercom NMS -nms 1429/udp # Hypercom NMS -tpdu 1430/tcp # Hypercom TPDU -tpdu 1430/udp # Hypercom TPDU -rgtp 1431/tcp # Reverse Gossip Transport -rgtp 1431/udp # Reverse Gossip Transport -saism 1436/tcp # Satellite-data Acquisition System 2 -saism 1436/udp # Satellite-data Acquisition System 2 -tabula 1437/tcp # Tabula -tabula 1437/udp # Tabula -peport 1449/tcp # PEport -peport 1449/udp # PEport -dwf 1450/tcp # Tandem Distributed Workbench Facility -dwf 1450/udp # Tandem Distributed Workbench Facility -infoman 1451/tcp # IBM Information Management -infoman 1451/udp # IBM Information Management -dca 1456/tcp # DCA -dca 1456/udp # DCA -proshare1 1459/tcp # Proshare Notebook Application -proshare1 1459/udp # Proshare Notebook Application -proshare2 1460/tcp # Proshare Notebook Application -proshare2 1460/udp # Proshare Notebook Application -nucleus 1463/tcp # Nucleus -nucleus 1463/udp # Nucleus -pipes 1465/tcp # Pipes Platform -pipes 1465/udp # Pipes Platform mfarlin@peerlogic.com -csdmbase 1467/tcp # CSDMBASE -csdmbase 1467/udp # CSDMBASE -csdm 1468/tcp # CSDM -csdm 1468/udp # CSDM -uaiact 1470/tcp # Universal Analytics -uaiact 1470/udp # Universal Analytics -csdmbase 1471/tcp # csdmbase -csdmbase 1471/udp # csdmbase -csdm 1472/tcp # csdm -csdm 1472/udp # csdm -openmath 1473/tcp # OpenMath -openmath 1473/udp # OpenMath -telefinder 1474/tcp # Telefinder -telefinder 1474/udp # Telefinder -dberegister 1479/tcp # dberegister -dberegister 1479/udp # dberegister -pacerforum 1480/tcp # PacerForum -pacerforum 1480/udp # PacerForum -airs 1481/tcp # AIRS -airs 1481/udp # AIRS -afs 1483/tcp # AFS License Manager -afs 1483/udp # AFS License Manager -confluent 1484/tcp # Confluent License Manager -confluent 1484/udp # Confluent License Manager -lansource 1485/tcp # LANSource -lansource 1485/udp # LANSource -localinfosrvr 1487/tcp # LocalInfoSrvr -localinfosrvr 1487/udp # LocalInfoSrvr -docstor 1488/tcp # DocStor -docstor 1488/udp # DocStor -dmdocbroker 1489/tcp # dmdocbroker -dmdocbroker 1489/udp # dmdocbroker -anynetgateway 1491/tcp # anynetgateway -anynetgateway 1491/udp # anynetgateway -ica 1494/tcp # ica -ica 1494/udp # ica -cvc 1495/tcp # cvc -cvc 1495/udp # cvc -fhc 1499/tcp # Federico Heinz Consultora -fhc 1499/udp # Federico Heinz Consultora -saiscm 1501/tcp # Satellite-data Acquisition System 3 -saiscm 1501/udp # Satellite-data Acquisition System 3 -shivadiscovery 1502/tcp # Shiva -shivadiscovery 1502/udp # Shiva -funkproxy 1505/tcp # Funk Software, Inc. -funkproxy 1505/udp # Funk Software, Inc. -utcd 1506/tcp # Universal Time daemon (utcd) -utcd 1506/udp # Universal Time daemon (utcd) -symplex 1507/tcp # symplex -symplex 1507/udp # symplex -diagmond 1508/tcp # diagmond -diagmond 1508/udp # diagmond -wins 1512/tcp # Microsoft's Windows Internet Name Service -wins 1512/udp # Microsoft's Windows Internet Name Service -vpad 1516/tcp # Virtual Places Audio data -vpad 1516/udp # Virtual Places Audio data -vpac 1517/tcp # Virtual Places Audio control -vpac 1517/udp # Virtual Places Audio control -vpvd 1518/tcp # Virtual Places Video data -vpvd 1518/udp # Virtual Places Video data -vpvc 1519/tcp # Virtual Places Video control -vpvc 1519/udp # Virtual Places Video control -ingreslock 1524/tcp # ingres -ingreslock 1524/udp # ingres -orasrv 1525/tcp # oracle -orasrv 1525/udp # oracle -tlisrv 1527/tcp # oracle -tlisrv 1527/udp # oracle -mciautoreg 1528/tcp # micautoreg -mciautoreg 1528/udp # micautoreg -coauthor 1529/tcp # oracle -coauthor 1529/udp # oracle -miroconnect 1532/tcp # miroconnect -miroconnect 1532/udp # miroconnect -rds 1540/tcp # rds -rds 1540/udp # rds -rds2 1541/tcp # rds2 -rds2 1541/udp # rds2 -aspeclmd 1544/tcp # aspeclmd -aspeclmd 1544/udp # aspeclmd -abbaccuray 1546/tcp # abbaccuray -abbaccuray 1546/udp # abbaccuray -laplink 1547/tcp # laplink -laplink 1547/udp # laplink -shivahose 1549/tcp # Shiva Hose -shivasound 1549/udp # Shiva Sound -pciarray 1552/tcp # pciarray -pciarray 1552/udp # pciarray -livelan 1555/tcp # livelan -livelan 1555/udp # livelan -ashwin 1556/tcp # AshWin CI Tecnologies -ashwin 1556/udp # AshWin CI Tecnologies -xingmpeg 1558/tcp # xingmpeg -xingmpeg 1558/udp # xingmpeg -web2host 1559/tcp # web2host -web2host 1559/udp # web2host -facilityview 1561/tcp # facilityview -facilityview 1561/udp # facilityview -pconnectmgr 1562/tcp # pconnectmgr -pconnectmgr 1562/udp # pconnectmgr -winddlb 1565/tcp # WinDD -winddlb 1565/udp # WinDD -corelvideo 1566/tcp # CORELVIDEO -corelvideo 1566/udp # CORELVIDEO -jlicelmd 1567/tcp # jlicelmd -jlicelmd 1567/udp # jlicelmd -tsspmap 1568/tcp # tsspmap -tsspmap 1568/udp # tsspmap -ets 1569/tcp # ets -ets 1569/udp # ets -orbixd 1570/tcp # orbixd -orbixd 1570/udp # orbixd -oraclenames 1575/tcp # oraclenames -oraclenames 1575/udp # oraclenames -msims 1582/tcp # MSIMS -msims 1582/udp # MSIMS -simbaexpress 1583/tcp # simbaexpress -simbaexpress 1583/udp # simbaexpress -intv 1585/tcp # intv -intv 1585/udp # intv -vqp 1589/tcp # VQP -vqp 1589/udp # VQP -commonspace 1592/tcp # commonspace -commonspace 1592/udp # commonspace -sixtrak 1594/tcp # sixtrak -sixtrak 1594/udp # sixtrak -radio 1595/tcp # radio -radio 1595/udp # radio -picknfs 1598/tcp # picknfs -picknfs 1598/udp # picknfs -simbaservices 1599/tcp # simbaservices -simbaservices 1599/udp # simbaservices -issd 1600/tcp -issd 1600/udp -aas 1601/tcp # aas -aas 1601/udp # aas -inspect 1602/tcp # inspect -inspect 1602/udp # inspect -picodbc 1603/tcp # pickodbc -picodbc 1603/udp # pickodbc -icabrowser 1604/tcp # icabrowser -icabrowser 1604/udp # icabrowser -slp 1605/tcp # Salutation Manager (Salutation Protocol) -slp 1605/udp # Salutation Manager (Salutation Protocol) -stt 1607/tcp # stt -stt 1607/udp # stt -ill 1611/tcp # Inter Library Loan -ill 1611/udp # Inter Library Loan -skytelnet 1618/tcp # skytelnet -skytelnet 1618/udp # skytelnet -faxportwinport 1620/tcp # faxportwinport -faxportwinport 1620/udp # faxportwinport -softdataphone 1621/tcp # softdataphone -softdataphone 1621/udp # softdataphone -ontime 1622/tcp # ontime -ontime 1622/udp # ontime -jaleosnd 1623/tcp # jaleosnd -jaleosnd 1623/udp # jaleosnd -shockwave 1626/tcp # Shockwave -shockwave 1626/udp # Shockwave -oraclenet8cman 1630/tcp # Oracle Net8 Cman -oraclenet8cman 1630/udp # Oracle Net8 Cman -visitview 1631/tcp # Visit view -visitview 1631/udp # Visit view -pammratc 1632/tcp # PAMMRATC -pammratc 1632/udp # PAMMRATC -pammrpc 1633/tcp # PAMMRPC -pammrpc 1633/udp # PAMMRPC -loaprobe 1634/tcp # Log On America Probe -loaprobe 1634/udp # Log On America Probe -cncp 1636/tcp # CableNet Control Protocol -cncp 1636/udp # CableNet Control Protocol -cnap 1637/tcp # CableNet Admin Protocol -cnap 1637/udp # CableNet Admin Protocol -cnip 1638/tcp # CableNet Info Protocol -cnip 1638/udp # CableNet Info Protocol -invision 1641/tcp # InVision -invision 1641/udp # InVision -saiseh 1644/tcp # Satellite-data Acquisition System 4 -datametrics 1645/tcp # datametrics -datametrics 1645/udp # datametrics -rsap 1647/tcp # rsap -rsap 1647/udp # rsap -kermit 1649/tcp # kermit -kermit 1649/udp # kermit -nkd 1650/tcp # nkd -nkd 1650/udp # nkd -xnmp 1652/tcp # xnmp -xnmp 1652/udp # xnmp -stargatealerts 1654/tcp # stargatealerts -stargatealerts 1654/udp # stargatealerts -sixnetudr 1658/tcp # sixnetudr -sixnetudr 1658/udp # sixnetudr -pdp 1675/tcp # Pacific Data Products -pdp 1675/udp # Pacific Data Products -netcomm1 1676/tcp # netcomm1 -netcomm2 1676/udp # netcomm2 -groupwise 1677/tcp # groupwise -groupwise 1677/udp # groupwise -prolink 1678/tcp # prolink -prolink 1678/udp # prolink -snaresecure 1684/tcp # SnareSecure -snaresecure 1684/udp # SnareSecure -n2nremote 1685/tcp # n2nremote -n2nremote 1685/udp # n2nremote -cvmon 1686/tcp # cvmon -cvmon 1686/udp # cvmon -firefox 1689/tcp # firefox -firefox 1689/udp # firefox -rrirtr 1693/tcp # rrirtr -rrirtr 1693/udp # rrirtr -rrimwm 1694/tcp # rrimwm -rrimwm 1694/udp # rrimwm -rrilwm 1695/tcp # rrilwm -rrilwm 1695/udp # rrilwm -rrifmm 1696/tcp # rrifmm -rrifmm 1696/udp # rrifmm -rrisat 1697/tcp # rrisat -rrisat 1697/udp # rrisat -l2f 1701/tcp # l2f -l2f 1701/udp # l2f -l2tp 1701/tcp # l2tp -l2tp 1701/udp # l2tp -deskshare 1702/tcp # deskshare -deskshare 1702/udp # deskshare -slingshot 1705/tcp # slingshot -slingshot 1705/udp # slingshot -jetform 1706/tcp # jetform -jetform 1706/udp # jetform -vdmplay 1707/tcp # vdmplay -vdmplay 1707/udp # vdmplay -centra 1709/tcp # centra -centra 1709/udp # centra -impera 1710/tcp # impera -impera 1710/udp # impera -pptconference 1711/tcp # pptconference -pptconference 1711/udp # pptconference -registrar 1712/tcp # resource monitoring service -registrar 1712/udp # resource monitoring service -conferencetalk 1713/tcp # ConferenceTalk -conferencetalk 1713/udp # ConferenceTalk -xmsg 1716/tcp # xmsg -xmsg 1716/udp # xmsg -h323gatedisc 1718/tcp # h323gatedisc -h323gatedisc 1718/udp # h323gatedisc -h323gatestat 1719/tcp # h323gatestat -h323gatestat 1719/udp # h323gatestat -h323hostcall 1720/tcp # h323hostcall -h323hostcall 1720/udp # h323hostcall -caicci 1721/tcp # caicci -caicci 1721/udp # caicci -pptp 1723/tcp # pptp -pptp 1723/udp # pptp -csbphonemaster 1724/tcp # csbphonemaster -csbphonemaster 1724/udp # csbphonemaster -iberiagames 1726/tcp # IBERIAGAMES -iberiagames 1726/udp # IBERIAGAMES -winddx 1727/tcp # winddx -winddx 1727/udp # winddx -telindus 1728/tcp # TELINDUS -telindus 1728/udp # TELINDUS -citynl 1729/tcp # CityNL License Management -citynl 1729/udp # CityNL License Management -roketz 1730/tcp # roketz -roketz 1730/udp # roketz -msiccp 1731/tcp # MSICCP -msiccp 1731/udp # MSICCP -proxim 1732/tcp # proxim -proxim 1732/udp # proxim -siipat 1733/tcp # SIMS - SIIPAT Protocol for Alarm Transmission -siipat 1733/udp # SIMS - SIIPAT Protocol for Alarm Transmission -privatechat 1735/tcp # PrivateChat -privatechat 1735/udp # PrivateChat -ultimad 1737/tcp # ultimad -ultimad 1737/udp # ultimad -gamegen1 1738/tcp # GameGen1 -gamegen1 1738/udp # GameGen1 -webaccess 1739/tcp # webaccess -webaccess 1739/udp # webaccess -encore 1740/tcp # encore -encore 1740/udp # encore -sslp 1750/tcp # Simple Socket Library's PortMaster -sslp 1750/udp # Simple Socket Library's PortMaster -swiftnet 1751/tcp # SwiftNet -swiftnet 1751/udp # SwiftNet -cnhrp 1757/tcp # cnhrp -cnhrp 1757/udp # cnhrp -vaultbase 1771/tcp # vaultbase -vaultbase 1771/udp # vaultbase -kmscontrol 1773/tcp # KMSControl -kmscontrol 1773/udp # KMSControl -femis 1776/tcp # Federal Emergency Management Information System -femis 1776/udp # Federal Emergency Management Information System -powerguardian 1777/tcp # powerguardian -powerguardian 1777/udp # powerguardian -pharmasoft 1779/tcp # pharmasoft -pharmasoft 1779/udp # pharmasoft -dpkeyserv 1780/tcp # dpkeyserv -dpkeyserv 1780/udp # dpkeyserv -fjris 1783/tcp # Fujitsu Remote Install Service -fjris 1783/udp # Fujitsu Remote Install Service -windlm 1785/tcp # Wind River Systems License Manager -windlm 1785/udp # Wind River Systems License Manager -psmond 1788/tcp # psmond -psmond 1788/udp # psmond -hello 1789/tcp # hello -hello 1789/udp # hello -nmsp 1790/tcp # Narrative Media Streaming Protocol -nmsp 1790/udp # Narrative Media Streaming Protocol -ea1 1791/tcp # EA1 -ea1 1791/udp # EA1 -uma 1797/tcp # UMA -uma 1797/udp # UMA -etp 1798/tcp # Event Transfer Protocol -etp 1798/udp # Event Transfer Protocol -netrisk 1799/tcp # NETRISK -netrisk 1799/udp # NETRISK -msmq 1801/tcp # Microsoft Message Que -msmq 1801/udp # Microsoft Message Que -concomp1 1802/tcp # ConComp1 -concomp1 1802/udp # ConComp1 -enl 1804/tcp # ENL -enl 1804/udp # ENL -musiconline 1806/tcp # Musiconline -musiconline 1806/udp # Musiconline -fhsp 1807/tcp # Fujitsu Hot Standby Protocol -fhsp 1807/udp # Fujitsu Hot Standby Protocol -radius 1812/tcp # RADIUS -radius 1812/udp # RADIUS -mmpft 1815/tcp # MMPFT -mmpft 1815/udp # MMPFT -harp 1816/tcp # HARP -harp 1816/udp # HARP -etftp 1818/tcp # Enhanced Trivial File Transfer Protocol -etftp 1818/udp # Enhanced Trivial File Transfer Protocol -mcagent 1820/tcp # mcagent -mcagent 1820/udp # mcagent -donnyworld 1821/tcp # donnyworld -donnyworld 1821/udp # donnyworld -ardt 1826/tcp # ARDT -ardt 1826/udp # ARDT -asi 1827/tcp # ASI -asi 1827/udp # ASI -myrtle 1831/tcp # Myrtle -myrtle 1831/udp # Myrtle -udp # radio 1833/tcp # udp # radio -udp # radio 1833/udp # udpradio -ardusuni 1834/tcp # ARDUS Unicast -ardusuni 1834/udp # ARDUS Unicast -ardusmul 1835/tcp # ARDUS Multicast -ardusmul 1835/udp # ARDUS Multicast -csoft1 1837/tcp # csoft1 -csoft1 1837/udp # csoft1 -talnet 1838/tcp # TALNET -talnet 1838/udp # TALNET -gsi 1850/tcp # GSI -gsi 1850/udp # GSI -ctcd 1851/tcp # ctcd -ctcd 1851/udp # ctcd -msnp 1863/tcp # MSNP -msnp 1863/udp # MSNP -entp 1865/tcp # ENTP -entp 1865/udp # ENTP -canocentral0 1871/tcp # Cano Central 0 -canocentral0 1871/udp # Cano Central 0 -canocentral1 1872/tcp # Cano Central 1 -canocentral1 1872/udp # Cano Central 1 -fjmpjps 1873/tcp # Fjmpjps -fjmpjps 1873/udp # Fjmpjps -fjswapsnp 1874/tcp # Fjswapsnp -fjswapsnp 1874/udp # Fjswapsnp -mc2studios 1899/tcp # MC2Studios -mc2studios 1899/udp # MC2Studios -linkname 1903/tcp # Local Link Name Resolution -linkname 1903/udp # Local Link Name Resolution -sugp 1905/tcp # Secure UP.Link Gateway Protocol -sugp 1905/udp # Secure UP.Link Gateway Protocol -tpmd 1906/tcp # TPortMapperReq -tpmd 1906/udp # TPortMapperReq -intrastar 1907/tcp # IntraSTAR -intrastar 1907/udp # IntraSTAR -dawn 1908/tcp # Dawn -dawn 1908/udp # Dawn -ultrabac 1910/tcp # ultrabac -ultrabac 1910/udp # ultrabac -mtp 1911/tcp # Starlight Networks Multimedia Transport Protocol -mtp 1911/udp # Starlight Networks Multimedia Transport Protocol -armadp 1913/tcp # armadp -armadp 1913/udp # armadp -facelink 1915/tcp # FACELINK -facelink 1915/udp # FACELINK -persona 1916/tcp # Persoft Persona -persona 1916/udp # Persoft Persona -noagent 1917/tcp # nOAgent -noagent 1917/udp # nOAgent -noadmin 1921/tcp # NoAdmin -noadmin 1921/udp # NoAdmin -tapestry 1922/tcp # Tapestry -tapestry 1922/udp # Tapestry -spice 1923/tcp # SPICE -spice 1923/udp # SPICE -xiip 1924/tcp # XIIP -xiip 1924/udp # XIIP -tekpls 1946/tcp # tekpls -tekpls 1946/udp # tekpls -hlserver 1947/tcp # hlserver -hlserver 1947/udp # hlserver -eye2eye 1948/tcp # eye2eye -eye2eye 1948/udp # eye2eye -ismaeasdaqlive 1949/tcp # ISMA Easdaq Live -ismaeasdaqlive 1949/udp # ISMA Easdaq Live -ismaeasdaqtest 1950/tcp # ISMA Easdaq Test -ismaeasdaqtest 1950/udp # ISMA Easdaq Test -mpnjsc 1952/tcp # mpnjsc -mpnjsc 1952/udp # mpnjsc -rapidbase 1953/tcp # Rapid Base -rapidbase 1953/udp # Rapid Base -dlsrap 1973/tcp # Data Link Switching Remote Access Protocol -dlsrap 1973/udp # Data Link Switching Remote Access Protocol -bb 1984/tcp # BB -bb 1984/udp # BB -hsrp 1985/tcp # Hot Standby Router Protocol -hsrp 1985/udp # Hot Standby Router Protocol -licensedaemon 1986/tcp # cisco license management -licensedaemon 1986/udp # cisco license management -mshnet 1989/tcp # MHSnet system -mshnet 1989/udp # MHSnet system -ipsendmsg 1992/tcp # IPsendmsg -ipsendmsg 1992/udp # IPsendmsg -callbook 2000/tcp -callbook 2000/udp -dc 2001/tcp -wizard 2001/udp # curry -globe 2002/tcp -globe 2002/udp -mailbox 2004/tcp -emce 2004/udp # CCWS mm conf -berknet 2005/tcp -oracle 2005/udp -invokator 2006/tcp -dectalk 2007/tcp -conf 2008/tcp -terminaldb 2008/udp -news 2009/tcp -whosockami 2009/udp -search 2010/tcp -servserv 2011/udp -ttyinfo 2012/tcp -troff 2014/tcp -cypress 2015/tcp -bootserver 2016/tcp -bootserver 2016/udp -bootclient 2017/udp -terminaldb 2018/tcp -rellpack 2018/udp -whosockami 2019/tcp -about 2019/udp -xinupageserver 2020/tcp -xinupageserver 2020/udp -servexec 2021/tcp -xinuexpansion1 2021/udp -down 2022/tcp -xinuexpansion2 2022/udp -xinuexpansion3 2023/tcp -xinuexpansion3 2023/udp -xinuexpansion4 2024/tcp -xinuexpansion4 2024/udp -ellpack 2025/tcp -xribs 2025/udp -scrabble 2026/tcp -scrabble 2026/udp -shadowserver 2027/tcp -shadowserver 2027/udp -submitserver 2028/tcp -submitserver 2028/udp -device2 2030/tcp -device2 2030/udp -blackboard 2032/tcp -blackboard 2032/udp -glogger 2033/tcp -glogger 2033/udp -scoremgr 2034/tcp -scoremgr 2034/udp -imsldoc 2035/tcp -imsldoc 2035/udp -objectmanager 2038/tcp -objectmanager 2038/udp -lam 2040/tcp -lam 2040/udp -interbase 2041/tcp -interbase 2041/udp -isis 2042/tcp # isis -isis 2042/udp # isis -rimsl 2044/tcp -rimsl 2044/udp -cdfunc 2045/tcp -cdfunc 2045/udp -sdfunc 2046/tcp -sdfunc 2046/udp -dls 2047/tcp -dls 2047/udp -shilp 2049/tcp -shilp 2049/udp -nfs 2049/tcp # Network File System - Sun Microsystems -nfs 2049/udp # Network File System - Sun Microsystems -dlsrpn 2065/tcp # Data Link Switch Read Port Number -dlsrpn 2065/udp # Data Link Switch Read Port Number -dlswpn 2067/tcp # Data Link Switch Write Port Number -dlswpn 2067/udp # Data Link Switch Write Port Number -lrp 2090/tcp # Load Report Protocol -lrp 2090/udp # Load Report Protocol -prp 2091/tcp # PRP -prp 2091/udp # PRP -descent3 2092/tcp # Descent 3 -descent3 2092/udp # Descent 3 -jetformpreview 2097/tcp # Jet Form Preview -jetformpreview 2097/udp # Jet Form Preview -amiganetfs 2100/tcp # amiganetfs -amiganetfs 2100/udp # amiganetfs -minipay 2105/tcp # MiniPay -minipay 2105/udp # MiniPay -mzap 2106/tcp # MZAP -mzap 2106/udp # MZAP -comcam 2108/tcp # Comcam -comcam 2108/udp # Comcam -ergolight 2109/tcp # Ergolight -ergolight 2109/udp # Ergolight -ici 2200/tcp # ICI -ici 2200/udp # ICI -ats 2201/tcp # Advanced Training System Program -ats 2201/udp # Advanced Training System Program -kali 2213/tcp # Kali -kali 2213/udp # Kali -ganymede 2220/tcp # Ganymede -ganymede 2220/udp # Ganymede -infocrypt 2233/tcp # INFOCRYPT -infocrypt 2233/udp # INFOCRYPT -directplay 2234/tcp # DirectPlay -directplay 2234/udp # DirectPlay -nani 2236/tcp # Nani -nani 2236/udp # Nani -imagequery 2239/tcp # Image Query -imagequery 2239/udp # Image Query -recipe 2240/tcp # RECIPe -recipe 2240/udp # RECIPe -ivsd 2241/tcp # IVS Daemon -ivsd 2241/udp # IVS Daemon -foliocorp 2242/tcp # Folio Remote Server -foliocorp 2242/udp # Folio Remote Server -magicom 2243/tcp # Magicom Protocol -magicom 2243/udp # Magicom Protocol -nmsserver 2244/tcp # NMS Server -nmsserver 2244/udp # NMS Server -hao 2245/tcp # HaO -hao 2245/udp # HaO -xmquery 2279/tcp # xmquery -xmquery 2279/udp # xmquery -lnvpoller 2280/tcp # LNVPOLLER -lnvpoller 2280/udp # LNVPOLLER -lnvconsole 2281/tcp # LNVCONSOLE -lnvconsole 2281/udp # LNVCONSOLE -lnvalarm 2282/tcp # LNVALARM -lnvalarm 2282/udp # LNVALARM -lnvstatus 2283/tcp # LNVSTATUS -lnvstatus 2283/udp # LNVSTATUS -lnvmaps 2284/tcp # LNVMAPS -lnvmaps 2284/udp # LNVMAPS -lnvmailmon 2285/tcp # LNVMAILMON -lnvmailmon 2285/udp # LNVMAILMON -dna 2287/tcp # DNA -dna 2287/udp # DNA -netml 2288/tcp # NETML -netml 2288/udp # NETML -cvmmon 2300/tcp # CVMMON -cvmmon 2300/udp # CVMMON -binderysupport 2302/tcp # Bindery Support -binderysupport 2302/udp # Bindery Support -pehelp 2307/tcp # pehelp -pehelp 2307/udp # pehelp -sdhelp 2308/tcp # sdhelp -sdhelp 2308/udp # sdhelp -sdserver 2309/tcp # SD Server -sdserver 2309/udp # SD Server -sdclient 2310/tcp # SD Client -sdclient 2310/udp # SD Client -messageservice 2311/tcp # Message Service -messageservice 2311/udp # Message Service -iapp 2313/tcp # IAPP (Inter Access Point Protocol) -iapp 2313/udp # IAPP (Inter Access Point Protocol) -cadencecontrol 2318/tcp # Cadence Control -cadencecontrol 2318/udp # Cadence Control -infolibria 2319/tcp # InfoLibria -infolibria 2319/udp # InfoLibria -rdlap 2321/tcp # RDLAP over UDP -rdlap 2321/udp # RDLAP -ofsd 2322/tcp # ofsd -ofsd 2322/udp # ofsd -cosmocall 2324/tcp # Cosmocall -cosmocall 2324/udp # Cosmocall -idcp 2326/tcp # IDCP -idcp 2326/udp # IDCP -xingcsm 2327/tcp # xingcsm -xingcsm 2327/udp # xingcsm -nvd 2329/tcp # NVD -nvd 2329/udp # NVD -tscchat 2330/tcp # TSCCHAT -tscchat 2330/udp # TSCCHAT -agentview 2331/tcp # AGENTVIEW -agentview 2331/udp # AGENTVIEW -snapp 2333/tcp # SNAPP -snapp 2333/udp # SNAPP -appleugcontrol 2336/tcp # Apple UG Control -appleugcontrol 2336/udp # Apple UG Control -ideesrv 2337/tcp # ideesrv -ideesrv 2337/udp # ideesrv -xiostatus 2341/tcp # XIO Status -xiostatus 2341/udp # XIO Status -fcmsys 2344/tcp # fcmsys -fcmsys 2344/udp # fcmsys -dbm 2345/tcp # dbm -dbm 2345/udp # dbm -psbserver 2350/tcp # psbserver -psbserver 2350/udp # psbserver -psrserver 2351/tcp # psrserver -psrserver 2351/udp # psrserver -pslserver 2352/tcp # pslserver -pslserver 2352/udp # pslserver -pspserver 2353/tcp # pspserver -pspserver 2353/udp # pspserver -psprserver 2354/tcp # psprserver -psprserver 2354/udp # psprserver -psdbserver 2355/tcp # psdbserver -psdbserver 2355/udp # psdbserver -gxtelmd 2356/tcp # GXT License Managemant -gxtelmd 2356/udp # GXT License Managemant -futrix 2358/tcp # Futrix -futrix 2358/udp # Futrix -flukeserver 2359/tcp # FlukeServer -flukeserver 2359/udp # FlukeServer -nexstorindltd 2360/tcp # NexstorIndLtd -nexstorindltd 2360/udp # NexstorIndLtd -tl1 2361/tcp # TL1 -tl1 2361/udp # TL1 -ovsessionmgr 2389/tcp # OpenView Session Mgr -ovsessionmgr 2389/udp # OpenView Session Mgr -rsmtp 2390/tcp # RSMTP -rsmtp 2390/udp # RSMTP -tacticalauth 2392/tcp # Tactical Auth -tacticalauth 2392/udp # Tactical Auth -wusage 2396/tcp # Wusage -wusage 2396/udp # Wusage -ncl 2397/tcp # NCL -ncl 2397/udp # NCL -orbiter 2398/tcp # Orbiter -orbiter 2398/udp # Orbiter -cvspserver 2401/tcp # cvspserver -cvspserver 2401/udp # cvspserver -taskmaster2000 2402/tcp # TaskMaster 2000 Server -taskmaster2000 2402/udp # TaskMaster 2000 Server -taskmaster2000 2403/tcp # TaskMaster 2000 Web -taskmaster2000 2403/udp # TaskMaster 2000 Web -jediserver 2406/tcp # JediServer -jediserver 2406/udp # JediServer -orion 2407/tcp # Orion -orion 2407/udp # Orion -optimanet 2408/tcp # OptimaNet -optimanet 2408/udp # OptimaNet -cdn 2412/tcp # CDN -cdn 2412/udp # CDN -interlingua 2414/tcp # Interlingua -interlingua 2414/udp # Interlingua -comtest 2415/tcp # COMTEST -comtest 2415/udp # COMTEST -rmtserver 2416/tcp # RMT Server -rmtserver 2416/udp # RMT Server -cas 2418/tcp # cas -cas 2418/udp # cas -crmsbits 2422/tcp # CRMSBITS -crmsbits 2422/udp # CRMSBITS -rnrp 2423/tcp # RNRP -rnrp 2423/udp # RNRP -fjitsuappmgr 2425/tcp # Fujitsu App Manager -fjitsuappmgr 2425/udp # Fujitsu App Manager -applianttcp 2426/tcp # Appliant TCP -appliantudp 2426/udp # Appliant UDP -stgcp 2427/tcp # Simple telephony Gateway Control Protocol -stgcp 2427/udp # Simple telephony Gateway Control Protocol -ott 2428/tcp # One Way Trip Time -ott 2428/udp # One Way Trip Time -venus 2430/tcp # venus -venus 2430/udp # venus -codasrv 2432/tcp # codasrv -codasrv 2432/udp # codasrv -optilogic 2435/tcp # OptiLogic -optilogic 2435/udp # OptiLogic -topx 2436/tcp # TOP/X -topx 2436/udp # TOP/X -unicontrol 2437/tcp # UniControl -unicontrol 2437/udp # UniControl -msp 2438/tcp # MSP -msp 2438/udp # MSP -sybasedbsynch 2439/tcp # SybaseDBSynch -sybasedbsynch 2439/udp # SybaseDBSynch -spearway 2440/tcp # Spearway Lockers -spearway 2440/udp # Spearway Lockser -netangel 2442/tcp # Netangel -netangel 2442/udp # Netangel -powerclientcsf 2443/tcp # PowerClient Central Storage Facility -powerclientcsf 2443/udp # PowerClient Central Storage Facility -btpp2sectrans 2444/tcp # BT PP2 Sectrans -btpp2sectrans 2444/udp # BT PP2 Sectrans -dtn1 2445/tcp # DTN1 -dtn1 2445/udp # DTN1 -ovwdb 2447/tcp # OpenView NNM daemon -ovwdb 2447/udp # OpenView NNM daemon -hpppssvr 2448/tcp # hpppsvr -hpppssvr 2448/udp # hpppsvr -ratl 2449/tcp # RATL -ratl 2449/udp # RATL -netadmin 2450/tcp # netadmin -netadmin 2450/udp # netadmin -netchat 2451/tcp # netchat -netchat 2451/udp # netchat -snifferclient 2452/tcp # SnifferClient -snifferclient 2452/udp # SnifferClient -griffin 2458/tcp # griffin -griffin 2458/udp # griffin -community 2459/tcp # Community -community 2459/udp # Community -qadmifoper 2461/tcp # qadmifoper -qadmifoper 2461/udp # qadmifoper -qadmifevent 2462/tcp # qadmifevent -qadmifevent 2462/udp # qadmifevent -lbm 2465/tcp # Load Balance Management -lbm 2465/udp # Load Balance Management -lbf 2466/tcp # Load Balance Forwarding -lbf 2466/udp # Load Balance Forwarding -seaodbc 2471/tcp # SeaODBC -seaodbc 2471/udp # SeaODBC -c3 2472/tcp # C3 -c3 2472/udp # C3 -vitalanalysis 2474/tcp # Vital Analysis -vitalanalysis 2474/udp # Vital Analysis -lingwood 2480/tcp # Lingwood's Detail -lingwood 2480/udp # Lingwood's Detail -giop 2481/tcp # Oracle GIOP -giop 2481/udp # Oracle GIOP -ttc 2483/tcp # Oracle TTC -ttc 2483/udp # Oracel TTC -netobjects1 2485/tcp # Net Objects1 -netobjects1 2485/udp # Net Objects1 -netobjects2 2486/tcp # Net Objects2 -netobjects2 2486/udp # Net Objects2 -pns 2487/tcp # Policy Notice Service -pns 2487/udp # Policy Notice Service -tsilb 2489/tcp # TSILB -tsilb 2489/udp # TSILB -groove 2492/tcp # GROOVE -groove 2492/udp # GROOVE -dirgis 2496/tcp # DIRGIS -dirgis 2496/udp # DIRGIS -quaddb 2497/tcp # Quad DB -quaddb 2497/udp # Quad DB -unicontrol 2499/tcp # UniControl -unicontrol 2499/udp # UniControl -rtsserv 2500/tcp # Resource Tracking system server -rtsserv 2500/udp # Resource Tracking system server -rtsclient 2501/tcp # Resource Tracking system client -rtsclient 2501/udp # Resource Tracking system client -wlbs 2504/tcp # WLBS -wlbs 2504/udp # WLBS -jbroker 2506/tcp # jbroker -jbroker 2506/udp # jbroker -spock 2507/tcp # spock -spock 2507/udp # spock -datastore 2508/tcp # datastore -datastore 2508/udp # datastore -fjmpss 2509/tcp # fjmpss -fjmpss 2509/udp # fjmpss -fjappmgrbulk 2510/tcp # fjappmgrbulk -fjappmgrbulk 2510/udp # fjappmgrbulk -metastorm 2511/tcp # Metastorm -metastorm 2511/udp # Metastorm -citrixima 2512/tcp # Citrix IMA -citrixima 2512/udp # Citrix IMA -citrixadmin 2513/tcp # Citrix ADMIN -citrixadmin 2513/udp # Citrix ADMIN -maincontrol 2516/tcp # Main Control -maincontrol 2516/udp # Main Control -willy 2518/tcp # Willy -willy 2518/udp # Willy -globmsgsvc 2519/tcp # globmsgsvc -globmsgsvc 2519/udp # globmsgsvc -pvsw 2520/tcp # pvsw -pvsw 2520/udp # pvsw -adaptecmgr 2521/tcp # Adaptec Manager -adaptecmgr 2521/udp # Adaptec Manager -windb 2522/tcp # WinDb -windb 2522/udp # WinDb -iqserver 2527/tcp # IQ Server -iqserver 2527/udp # IQ Server -utsftp 2529/tcp # UTS FTP -utsftp 2529/udp # UTS FTP -vrcommerce 2530/tcp # VR Commerce -vrcommerce 2530/udp # VR Commerce -ovtopmd 2532/tcp # OVTOPMD -ovtopmd 2532/udp # OVTOPMD -snifferserver 2533/tcp # SnifferServer -snifferserver 2533/udp # SnifferServer -mdhcp 2535/tcp # MDHCP -mdhcp 2535/udp # MDHCP -btpp2audctr1 2536/tcp # btpp2audctr1 -btpp2audctr1 2536/udp # btpp2audctr1 -upgrade 2537/tcp # Upgrade Protocol -upgrade 2537/udp # Upgrade Protocol -vsiadmin 2539/tcp # VSI Admin -vsiadmin 2539/udp # VSI Admin -lonworks 2540/tcp # LonWorks -lonworks 2540/udp # LonWorks -lonworks2 2541/tcp # LonWorks2 -lonworks2 2541/udp # LonWorks2 -davinci 2542/tcp # daVinci -davinci 2542/udp # daVinci -reftek 2543/tcp # REFTEK -reftek 2543/udp # REFTEK -vytalvaultbrtp 2546/tcp # vytalvaultbrtp -vytalvaultbrtp 2546/udp # vytalvaultbrtp -vytalvaultvsmp 2547/tcp # vytalvaultvsmp -vytalvaultvsmp 2547/udp # vytalvaultvsmp -vytalvaultpipe 2548/tcp # vytalvaultpipe -vytalvaultpipe 2548/udp # vytalvaultpipe -ipass 2549/tcp # IPASS -ipass 2549/udp # IPASS -ads 2550/tcp # ADS -ads 2550/udp # ADS -efidiningport 2553/tcp # efidiningport -efidiningport 2553/udp # efidiningport -pclemultimedia 2558/tcp # PCLE Multi Media -pclemultimedia 2558/udp # PCLE Multi Media -lstp 2559/tcp # LSTP -lstp 2559/udp # LSTP -labrat 2560/tcp # labrat -labrat 2560/udp # labrat -mosaixcc 2561/tcp # MosaixCC -mosaixcc 2561/udp # MosaixCC -delibo 2562/tcp # Delibo -delibo 2562/udp # Delibo -clp 2567/tcp # Cisco Line Protocol -clp 2567/udp # Cisco Line Protocol -spamtrap 2568/tcp # SPAM TRAP -spamtrap 2568/udp # SPAM TRAP -sonuscallsig 2569/tcp # Sonus Call Signal -sonuscallsig 2569/udp # Sonus Call Signal -cecsvc 2571/tcp # CECSVC -cecsvc 2571/udp # CECSVC -ibp 2572/tcp # IBP -ibp 2572/udp # IBP -trustestablish 2573/tcp # Trust Establish -trustestablish 2573/udp # Trust Establish -hl7 2575/tcp # HL7 -hl7 2575/udp # HL7 -tclprodebugger 2576/tcp # TCL Pro Debugger -tclprodebugger 2576/udp # TCL Pro Debugger -scipticslsrvr 2577/tcp # Scriptics Lsrvr -scipticslsrvr 2577/udp # Scriptics Lsrvr -mpfoncl 2579/tcp # mpfoncl -mpfoncl 2579/udp # mpfoncl -tributary 2580/tcp # Tributary -tributary 2580/udp # Tributary -mon 2583/tcp # MON -mon 2583/udp # MON -cyaserv 2584/tcp # cyaserv -cyaserv 2584/udp # cyaserv -masc 2587/tcp # MASC -masc 2587/udp # MASC -privilege 2588/tcp # Privilege -privilege 2588/udp # Privilege -idotdist 2590/tcp # idotdist -idotdist 2590/udp # idotdist -maytagshuffle 2591/tcp # Maytag Shuffle -maytagshuffle 2591/udp # Maytag Shuffle -netrek 2592/tcp # netrek -netrek 2592/udp # netrek -dts 2594/tcp # Data Base Server -dts 2594/udp # Data Base Server -worldfusion1 2595/tcp # World Fusion 1 -worldfusion1 2595/udp # World Fusion 1 -worldfusion2 2596/tcp # World Fusion 2 -worldfusion2 2596/udp # World Fusion 2 -homesteadglory 2597/tcp # Homestead Glory -homesteadglory 2597/udp # Homestead Glory -citriximaclient 2598/tcp # Citrix MA Client -citriximaclient 2598/udp # Citrix MA Client -meridiandata 2599/tcp # Meridian Data -meridiandata 2599/udp # Meridian Data -hpstgmgr 2600/tcp # HPSTGMGR -hpstgmgr 2600/udp # HPSTGMGR -servicemeter 2603/tcp # Service Meter -servicemeter 2603/udp # Service Meter -netmon 2606/tcp # Dell Netmon -netmon 2606/udp # Dell Netmon -connection 2607/tcp # Dell Connection -connection 2607/udp # Dell Connection -lionhead 2611/tcp # LIONHEAD -lionhead 2611/udp # LIONHEAD -smntubootstrap 2613/tcp # SMNTUBootstrap -smntubootstrap 2613/udp # SMNTUBootstrap -neveroffline 2614/tcp # Never Off Line -neveroffline 2614/udp # Never Off Line -firepower 2615/tcp # firepower -firepower 2615/udp # firepower -cmadmin 2617/tcp # Clinical Context Managers -cmadmin 2617/udp # Clinical Context Managers -bruce 2619/tcp # bruce -bruce 2619/udp # bruce -lpsrecommender 2620/tcp # LPSRecommender -lpsrecommender 2620/udp # LPSRecommender -dict 2628/tcp # DICT -dict 2628/udp # DICT -sitaraserver 2629/tcp # Sitara Server -sitaraserver 2629/udp # Sitara Server -sitaramgmt 2630/tcp # Sitara Management -sitaramgmt 2630/udp # Sitara Management -sitaradir 2631/tcp # Sitara Dir -sitaradir 2631/udp # Sitara Dir -interintelli 2633/tcp # InterIntelli -interintelli 2633/udp # InterIntelli -backburner 2635/tcp # Back Burner -backburner 2635/udp # Back Burner -solve 2636/tcp # Solve -solve 2636/udp # Solve -imdocsvc 2637/tcp # Import Document Service -imdocsvc 2637/udp # Import Document Service -sybaseanywhere 2638/tcp # Sybase Anywhere -sybaseanywhere 2638/udp # Sybase Anywhere -aminet 2639/tcp # AMInet -aminet 2639/udp # AMInet -tragic 2642/tcp # Tragic -tragic 2642/udp # Tragic -syncserver 2647/tcp # SyncServer -syncserver 2647/udp # SyncServer -upsnotifyprot 2648/tcp # Upsnotifyprot -upsnotifyprot 2648/udp # Upsnotifyprot -vpsipport 2649/tcp # VPSIPPORT -vpsipport 2649/udp # VPSIPPORT -eristwoguns 2650/tcp # eristwoguns -eristwoguns 2650/udp # eristwoguns -ebinsite 2651/tcp # EBInSite -ebinsite 2651/udp # EBInSite -interpathpanel 2652/tcp # InterPathPanel -interpathpanel 2652/udp # InterPathPanel -sonus 2653/tcp # Sonus -sonus 2653/udp # Sonus -unglue 2655/tcp # UNIX Nt Glue -unglue 2655/udp # UNIX Nt Glue -kana 2656/tcp # Kana -kana 2656/udp # Kana -gcmonitor 2660/tcp # GC Monitor -gcmonitor 2660/udp # GC Monitor -olhost 2661/tcp # OLHOST -olhost 2661/udp # OLHOST -extensis 2666/tcp # extensis -extensis 2666/udp # extensis -toad 2669/tcp # TOAD -toad 2669/udp # TOAD -newlixreg 2671/tcp # newlixreg -newlixreg 2671/udp # newlixreg -nhserver 2672/tcp # nhserver -nhserver 2672/udp # nhserver -firstcall42 2673/tcp # First Call 42 -firstcall42 2673/udp # First Call 42 -ewnn 2674/tcp # ewnn -ewnn 2674/udp # ewnn -simslink 2676/tcp # SIMSLink -simslink 2676/udp # SIMSLink -gadgetgate1way 2677/tcp # Gadget Gate 1 Way -gadgetgate1way 2677/udp # Gadget Gate 1 Way -gadgetgate2way 2678/tcp # Gadget Gate 2 Way -gadgetgate2way 2678/udp # Gadget Gate 2 Way -syncserverssl 2679/tcp # Sync Server SSL -syncserverssl 2679/udp # Sync Server SSL -mpnjsomb 2681/tcp # mpnjsomb -mpnjsomb 2681/udp # mpnjsomb -srsp 2682/tcp # SRSP -srsp 2682/udp # SRSP -ncdloadbalance 2683/tcp # NCDLoadBalance -ncdloadbalance 2683/udp # NCDLoadBalance -mpnjsosv 2684/tcp # mpnjsosv -mpnjsosv 2684/udp # mpnjsosv -mpnjsocl 2685/tcp # mpnjsocl -mpnjsocl 2685/udp # mpnjsocl -mpnjsomg 2686/tcp # mpnjsomg -mpnjsomg 2686/udp # mpnjsomg -fastlynx 2689/tcp # FastLynx -fastlynx 2689/udp # FastLynx -tqdata 2700/tcp # tqdata -tqdata 2700/udp # tqdata -piccolo 2787/tcp # piccolo - Cornerstone Software -piccolo 2787/udp # piccolo - Cornerstone Software -fryeserv 2788/tcp # NetWare Loadable Module - Seagate Software -fryeserv 2788/udp # NetWare Loadable Module - Seagate Software -mao 2908/tcp # mao -mao 2908/udp # mao -tdaccess 2910/tcp # TDAccess -tdaccess 2910/udp # TDAccess -blockade 2911/tcp # Blockade -blockade 2911/udp # Blockade -epicon 2912/tcp # Epicon -epicon 2912/udp # Epicon -boosterware 2913/tcp # Booster Ware -boosterware 2913/udp # Booster Ware -gamelobby 2914/tcp # Game Lobby -gamelobby 2914/udp # Game Lobby -tksocket 2915/tcp # TK Socket -tksocket 2915/udp # TK Socket -kastenchasepad 2918/tcp # Kasten Chase Pad -kastenchasepad 2918/udp # Kasten Chase Pad -netclip 2971/tcp # Net Clip -netclip 2971/udp # Net Clip -svnetworks 2973/tcp # SV Networks -svnetworks 2973/udp # SV Networks -signal 2974/tcp # Signal -signal 2974/udp # Signal -fjmpcm 2975/tcp # Fujitsu Configuration Management Service -fjmpcm 2975/udp # Fujitsu Configuration Management Service -realsecure 2998/tcp # Real Secure -realsecure 2998/udp # Real Secure -hbci 3000/tcp # HBCI -hbci 3000/udp # HBCI -cgms 3003/tcp # CGMS -cgms 3003/udp # CGMS -csoftragent 3004/tcp # Csoft Agent -csoftragent 3004/udp # Csoft Agent -geniuslm 3005/tcp # Genius License Manager -geniuslm 3005/udp # Genius License Manager -lotusmtap 3007/tcp # Lotus Mail Tracking Agent Protocol -lotusmtap 3007/udp # Lotus Mail Tracking Agent Protocol -gw 3010/tcp # Telerate Workstation -twsdss 3012/tcp # Trusted Web Client -twsdss 3012/udp # Trusted Web Client -gilatskysurfer 3013/tcp # Gilat Sky Surfer -gilatskysurfer 3013/udp # Gilat Sky Surfer -cifs 3020/tcp # CIFS -cifs 3020/udp # CIFS -agriserver 3021/tcp # AGRI Server -agriserver 3021/udp # AGRI Server -csregagent 3022/tcp # CSREGAGENT -csregagent 3022/udp # CSREGAGENT -magicnotes 3023/tcp # magicnotes -magicnotes 3023/udp # magicnotes -agentvu 3031/tcp # AgentVU -agentvu 3031/udp # AgentVU -pdb 3033/tcp # PDB -pdb 3033/udp # PDB -cogitate 3039/tcp # Cogitate, Inc. -cogitate 3039/udp # Cogitate, Inc. -journee 3042/tcp # journee -journee 3042/udp # journee -brp 3043/tcp # BRP -brp 3043/udp # BRP -responsenet 3045/tcp # ResponseNet -responsenet 3045/udp # ResponseNet -hlserver 3047/tcp # Fast Security HL Server -hlserver 3047/udp # Fast Security HL Server -pctrader 3048/tcp # Sierra Net PC Trader -pctrader 3048/udp # Sierra Net PC Trader -nsws 3049/tcp # NSWS -nsws 3049/udp # NSWS -interserver 3060/tcp # interserver -interserver 3060/udp # interserver -cardbox 3105/tcp # Cardbox -cardbox 3105/udp # Cardbox -icpv2 3130/tcp # ICPv2 -icpv2 3130/udp # ICPv2 -netbookmark 3131/tcp # Net Book Mark -netbookmark 3131/udp # Net Book Mark -vmodem 3141/tcp # VMODEM -vmodem 3141/udp # VMODEM -seaview 3143/tcp # Sea View -seaview 3143/udp # Sea View -tarantella 3144/tcp # Tarantella -tarantella 3144/udp # Tarantella -rfio 3147/tcp # RFIO -rfio 3147/udp # RFIO -ccmail 3264/tcp # cc:mail/lotus -ccmail 3264/udp # cc:mail/lotus -verismart 3270/tcp # Verismart -verismart 3270/udp # Verismart -sxmp 3273/tcp # Simple Extensible Multiplexed Protocol -sxmp 3273/udp # Simple Extensible Multiplexed Protocol -samd 3275/tcp # SAMD -samd 3275/udp # SAMD -lkcmserver 3278/tcp # LKCM Server -lkcmserver 3278/udp # LKCM Server -admind 3279/tcp # admind -admind 3279/udp # admind -sysopt 3281/tcp # SYSOPT -sysopt 3281/udp # SYSOPT -datusorb 3282/tcp # Datusorb -datusorb 3282/udp # Datusorb -plato 3285/tcp # Plato -plato 3285/udp # Plato -directvdata 3287/tcp # DIRECTVDATA -directvdata 3287/udp # DIRECTVDATA -cops 3288/tcp # COPS -cops 3288/udp # COPS -enpc 3289/tcp # ENPC -enpc 3289/udp # ENPC -dyniplookup 3295/tcp # Dynamic IP Lookup -dyniplookup 3295/udp # Dynamic IP Lookup -transview 3298/tcp # Transview -transview 3298/udp # Transview -pdrncs 3299/tcp # pdrncs -pdrncs 3299/udp # pdrncs -bmcpatrolagent 3300/tcp # BMC Patrol Agent -bmcpatrolagent 3300/udp # BMC Patrol Agent -bmcpatrolrnvu 3301/tcp # BMC Patrol Rendezvous -bmcpatrolrnvu 3301/udp # BMC Patrol Rendezvous -mysql 3306/tcp # MySQL -mysql 3306/udp # MySQL -uorb 3313/tcp # Unify Object Broker -uorb 3313/udp # Unify Object Broker -uohost 3314/tcp # Unify Object Host -uohost 3314/udp # Unify Object Host -cdid 3315/tcp # CDID -cdid 3315/udp # CDID -vsaiport 3317/tcp # VSAI PORT -vsaiport 3317/udp # VSAI PORT -ssrip 3318/tcp # Swith to Swith Routing Information Protocol -ssrip 3318/udp # Swith to Swith Routing Information Protocol -officelink2000 3320/tcp # Office Link 2000 -officelink2000 3320/udp # Office Link 2000 -vnsstr 3321/tcp # VNSSTR -vnsstr 3321/udp # VNSSTR -sftu 3326/tcp # SFTU -sftu 3326/udp # SFTU -bbars 3327/tcp # BBARS -bbars 3327/udp # BBARS -egptlm 3328/tcp # Eaglepoint License Manager -egptlm 3328/udp # Eaglepoint License Manager -webtie 3342/tcp # WebTIE -webtie 3342/udp # WebTIE -influence 3345/tcp # Influence -influence 3345/udp # Influence -trnsprntproxy 3346/tcp # Trnsprnt Proxy -trnsprntproxy 3346/udp # Trnsprnt Proxy -chevinservices 3349/tcp # Chevin Services -chevinservices 3349/udp # Chevin Services -findviatv 3350/tcp # FINDVIATV -findviatv 3350/udp # FINDVIATV -btrieve 3351/tcp # BTRIEVE -btrieve 3351/udp # BTRIEVE -ssql 3352/tcp # SSQL -ssql 3352/udp # SSQL -fatpipe 3353/tcp # FATPIPE -fatpipe 3353/udp # FATPIPE -suitjd 3354/tcp # SUITJD -suitjd 3354/udp # SUITJD -upnotifyps 3356/tcp # UPNOTIFYPS -upnotifyps 3356/udp # UPNOTIFYPS -mpsysrmsvr 3358/tcp # Mp Sys Rmsvr -mpsysrmsvr 3358/udp # Mp Sys Rmsvr -creativeserver 3364/tcp # Creative Server -creativeserver 3364/udp # Creative Server -contentserver 3365/tcp # Content Server -contentserver 3365/udp # Content Server -creativepartnr 3366/tcp # Creative Partner -creativepartnr 3366/udp # Creative Partner -tip2 3372/tcp # TIP 2 -tip2 3372/udp # TIP 2 -cdborker 3376/tcp # CD Broker -cdbroker 3376/udp # CD Broker -wsicopy 3378/tcp # WSICOPY -wsicopy 3378/udp # WSICOPY -socorfs 3379/tcp # SOCORFS -socorfs 3379/udp # SOCORFS -geneous 3381/tcp # Geneous -geneous 3381/udp # Geneous -qnxnetman 3385/tcp # qnxnetman -qnxnetman 3385/udp # qnxnetman -backroomnet 3387/tcp # Back Room Net -backroomnet 3387/udp # Back Room Net -cbserver 3388/tcp # CB Server -cbserver 3388/udp # CB Server -dsc 3390/tcp # Distributed Service Coordinator -dsc 3390/udp # Distributed Service Coordinator -savant 3391/tcp # SAVANT -savant 3391/udp # SAVANT -mercantile 3398/tcp # Mercantile -mercantile 3398/udp # Mercantile -csms 3399/tcp # CSMS -csms 3399/udp # CSMS -csms2 3400/tcp # CSMS2 -csms2 3400/udp # CSMS2 -bmap 3421/tcp # Bull Apprise portmapper -bmap 3421/udp # Bull Apprise portmapper -mira 3454/tcp # Apple Remote Access Protocol -prsvp 3455/tcp # RSVP Port -prsvp 3455/udp # RSVP Port -vat 3456/tcp # VAT default data -vat 3456/udp # VAT default data -d3winosfi 3458/tcp # D3WinOsfi -d3winosfi 3458/udp # DsWinOSFI -integral 3459/tcp # Integral -integral 3459/udp # Integral -workflow 3466/tcp # WORKFLOW -workflow 3466/udp # WORKFLOW -rcst 3467/tcp # RCST -rcst 3467/udp # RCST -ttcmremotectrl 3468/tcp # TTCM Remote Controll -ttcmremotectrl 3468/udp # TTCM Remote Controll -pluribus 3469/tcp # Pluribus -pluribus 3469/udp # Pluribus -jt400 3470/tcp # jt400 -jt400 3470/udp # jt400 -watcomdebug 3563/tcp # Watcom Debug -watcomdebug 3563/udp # Watcom Debug -harlequinorb 3672/tcp # harlequinorb -harlequinorb 3672/udp # harlequinorb -centerline 3987/tcp # Centerline -centerline 3987/udp # Centerline -terabase 4000/tcp # Terabase -terabase 4000/udp # Terabase -newoak 4001/tcp # NewOak -newoak 4001/udp # NewOak -netcheque 4008/tcp # NetCheque accounting -netcheque 4008/udp # NetCheque accounting -altserviceboot 4011/tcp # Alternate Service Boot -altserviceboot 4011/udp # Alternate Service Boot -taiclock 4014/tcp # TAICLOCK -taiclock 4014/udp # TAICLOCK -bre 4096/tcp # BRE (Bridge Relay Element) -bre 4096/udp # BRE (Bridge Relay Element) -patrolview 4097/tcp # Patrol View -patrolview 4097/udp # Patrol View -drmsfsd 4098/tcp # drmsfsd -drmsfsd 4098/udp # drmsfsd -dpcp 4099/tcp # DPCP -dpcp 4099/udp # DPCP -oirtgsvc 4141/tcp # Workflow Server -oirtgsvc 4141/udp # Workflow Server -oidocsvc 4142/tcp # Document Server -oidocsvc 4142/udp # Document Server -oidsr 4143/tcp # Document Replication -oidsr 4143/udp # Document Replication -corelccam 4300/tcp # Corel CCam -corelccam 4300/udp # Corel CCam -rwhois 4321/tcp # Remote Who Is -rwhois 4321/udp # Remote Who Is -unicall 4343/tcp # UNICALL -unicall 4343/udp # UNICALL -vinainstall 4344/tcp # VinaInstall -vinainstall 4344/udp # VinaInstall -elanlm 4346/tcp # ELAN LM -elanlm 4346/udp # ELAN LM -lansurveyor 4347/tcp # LAN Surveyor -lansurveyor 4347/udp # LAN Surveyor -itose 4348/tcp # ITOSE -itose 4348/udp # ITOSE -fsportmap 4349/tcp # File System Port Map -fsportmap 4349/udp # File System Port Map -saris 4442/tcp # Saris -saris 4442/udp # Saris -pharos 4443/tcp # Pharos -pharos 4443/udp # Pharos -krb524 4444/tcp # KRB524 -krb524 4444/udp # KRB524 -upnotifyp 4445/tcp # UPNOTIFYP -upnotifyp 4445/udp # UPNOTIFYP -privatewire 4449/tcp # PrivateWire -privatewire 4449/udp # PrivateWire -camp 4450/tcp # Camp -camp 4450/udp # Camp -ctisystemmsg 4451/tcp # CTI System Msg -ctisystemmsg 4451/udp # CTI System Msg -ctiprogramload 4452/tcp # CTI Program Load -ctiprogramload 4452/udp # CTI Program Load -nssalertmgr 4453/tcp # NSS Alert Manager -nssalertmgr 4453/udp # NSS Alert Manager -nssagentmgr 4454/tcp # NSS Agent Manager -nssagentmgr 4454/udp # NSS Agent Manager -prRegister 4457/tcp # PR Register -prRegister 4457/udp # PR Register -worldscores 4545/tcp # WorldScores -worldscores 4545/udp # WorldScores -piranha1 4600/tcp # Piranha1 -piranha1 4600/udp # Piranha1 -piranha2 4601/tcp # Piranha2 -piranha2 4601/udp # Piranha2 -rfa 4672/tcp # remote file access server -rfa 4672/udp # remote file access server -iims 4800/tcp # Icona Instant Messenging System -iims 4800/udp # Icona Instant Messenging System -iwec 4801/tcp # Icona Web Embedded Chat -iwec 4801/udp # Icona Web Embedded Chat -ilss 4802/tcp # Icona License System Server -ilss 4802/udp # Icona License System Server -htcp 4827/tcp # HTCP -htcp 4827/udp # HTCP -phrelay 4868/tcp # Photon Relay -phrelay 4868/udp # Photon Relay -phrelaydbg 4869/tcp # Photon Relay Debug -phrelaydbg 4869/udp # Photon Relay Debug -abbs 4885/tcp # ABBS -abbs 4885/udp # ABBS -rfe 5002/tcp # radio free ethernet -rfe 5002/udp # radio free ethernet -telelpathstart 5010/tcp # TelepathStart -telelpathstart 5010/udp # TelepathStart -telelpathattack 5011/tcp # TelepathAttack -telelpathattack 5011/udp # TelepathAttack -asnaacceler8db 5042/tcp # asnaacceler8db -asnaacceler8db 5042/udp # asnaacceler8db -mmcc 5050/tcp # multimedia conference control tool -mmcc 5050/udp # multimedia conference control tool -sip 5060/tcp # SIP -sip 5060/udp # SIP -atmp 5150/tcp # Ascend Tunnel Management Protocol -atmp 5150/udp # Ascend Tunnel Management Protocol -aol 5190/tcp # America-Online -aol 5190/udp # America-Online -padl2sim 5236/tcp -padl2sim 5236/udp -pk 5272/tcp # PK -pk 5272/udp # PK -cfengine 5308/tcp # CFengine -cfengine 5308/udp # CFengine -jprinter 5309/tcp # J Printer -jprinter 5309/udp # J Printer -outlaws 5310/tcp # Outlaws -outlaws 5310/udp # Outlaws -tmlogin 5311/tcp # TM Login -tmlogin 5311/udp # TM Login -excerpt 5400/tcp # Excerpt Search -excerpt 5400/udp # Excerpt Search -excerpts 5401/tcp # Excerpt Search Secure -excerpts 5401/udp # Excerpt Search Secure -mftp 5402/tcp # MFTP -mftp 5402/udp # MFTP -netsupport 5405/tcp # NetSupport -netsupport 5405/udp # NetSupport -actnet 5411/tcp # ActNet -actnet 5411/udp # ActNet -continuus 5412/tcp # Continuus -continuus 5412/udp # Continuus -wwiotalk 5413/tcp # WWIOTALK -wwiotalk 5413/udp # WWIOTALK -statusd 5414/tcp # StatusD -statusd 5414/udp # StatusD -mcntp 5418/tcp # MCNTP -mcntp 5418/udp # MCNTP -esinstall 5599/tcp # Enterprise Security Remote Install -esinstall 5599/udp # Enterprise Security Remote Install -esmmanager 5600/tcp # Enterprise Security Manager -esmmanager 5600/udp # Enterprise Security Manager -esmagent 5601/tcp # Enterprise Security Agent -esmagent 5601/udp # Enterprise Security Agent -pcanywheredata 5631/tcp # pcANYWHEREdata -pcanywheredata 5631/udp # pcANYWHEREdata -pcanywherestat 5632/tcp # pcANYWHEREstat -pcanywherestat 5632/udp # pcANYWHEREstat -rrac 5678/tcp # Remote Replication Agent Connection -rrac 5678/udp # Remote Replication Agent Connection -dccm 5679/tcp # Direct Cable Connect Manager -dccm 5679/udp # Direct Cable Connect Manager -proshareaudio 5713/tcp # proshare conf audio -proshareaudio 5713/udp # proshare conf audio -prosharevideo 5714/tcp # proshare conf video -prosharevideo 5714/udp # proshare conf video -prosharedata 5715/tcp # proshare conf data -prosharedata 5715/udp # proshare conf data -prosharerequest 5716/tcp # proshare conf request -prosharerequest 5716/udp # proshare conf request -prosharenotify 5717/tcp # proshare conf notify -prosharenotify 5717/udp # proshare conf notify -openmail 5729/tcp # Openmail User Agent Layer -openmail 5729/udp # Openmail User Agent Layer -openmailg 5755/tcp # OpenMail Desk Gateway server -openmailg 5755/udp # OpenMail Desk Gateway server -x500ms 5757/tcp # OpenMail X.500 Directory Server -x500ms 5757/udp # OpenMail X.500 Directory Server -openmailns 5766/tcp # OpenMail NewMail Server -openmailns 5766/udp # OpenMail NewMail Server -openmailpxy 5768/tcp # OpenMail CMTS Server -openmailpxy 5768/udp # OpenMail CMTS Server -softcm 6110/tcp # HP SoftBench CM -softcm 6110/udp # HP SoftBench CM -spc 6111/tcp # HP SoftBench Sub-Process Control -spc 6111/udp # HP SoftBench Sub-Process Control -dtspcd 6112/tcp # dtspcd -dtspcd 6112/udp # dtspcd -crip 6253/tcp # CRIP -crip 6253/udp # CRIP -boks 6500/tcp # BoKS Master -boks 6500/udp # BoKS Master -xdsxdm 6558/tcp -xdsxdm 6558/udp -hnmp 6790/tcp # HNMP -hnmp 6790/udp # HNMP -jmact3 6961/tcp # JMACT3 -jmact3 6961/udp # JMACT3 -jmevt2 6962/tcp # jmevt2 -jmevt2 6962/udp # jmevt2 -swismgr1 6963/tcp # swismgr1 -swismgr1 6963/udp # swismgr1 -swismgr2 6964/tcp # swismgr2 -swismgr2 6964/udp # swismgr2 -swistrap 6965/tcp # swistrap -swistrap 6965/udp # swistrap -swispol 6966/tcp # swispol -swispol 6966/udp # swispol -acmsoda 6969/tcp # acmsoda -acmsoda 6969/udp # acmsoda -dpserve 7020/tcp # DP Serve -dpserve 7020/udp # DP Serve -dpserveadmin 7021/tcp # DP Serve Admin -dpserveadmin 7021/udp # DP Serve Admin -arcp 7070/tcp # ARCP -raudio 7070/tcp # Real Audio -arcp 7070/udp # ARCP -clutild 7174/tcp # Clutild -clutild 7174/udp # Clutild -fodms 7200/tcp # FODMS FLIP -fodms 7200/udp # FODMS FLIP -dlip 7201/tcp # DLIP -dlip 7201/udp # DLIP -winqedit 7395/tcp # winqedit -winqedit 7395/udp # winqedit -pmdmgr 7426/tcp # OpenView DM Postmaster Manager -pmdmgr 7426/udp # OpenView DM Postmaster Manager -oveadmgr 7427/tcp # OpenView DM Event Agent Manager -oveadmgr 7427/udp # OpenView DM Event Agent Manager -ovladmgr 7428/tcp # OpenView DM Log Agent Manager -ovladmgr 7428/udp # OpenView DM Log Agent Manager -xmpv7 7430/tcp # OpenView DM xmpv7 api pipe -xmpv7 7430/udp # OpenView DM xmpv7 api pipe -pmd 7431/tcp # OpenView DM ovc/xmpv3 api pipe -pmd 7431/udp # OpenView DM ovc/xmpv3 api pipe -faximum 7437/tcp # Faximum -faximum 7437/udp # Faximum -pmdfmgt 7633/tcp # PMDF Management -pmdfmgt 7633/udp # PMDF Management -cbt 7777/tcp # cbt -cbt 7777/udp # cbt -supercell 7967/tcp # Supercell -supercell 7967/udp # Supercell -irdmi2 7999/tcp # iRDMI2 -irdmi2 7999/udp # iRDMI2 -irdmi 8000/tcp # iRDMI -irdmi 8000/udp # iRDMI -mindprint 8033/tcp # MindPrint -mindprint 8033/udp # MindPrint -trivnet1 8200/tcp # TRIVNET -trivnet1 8200/udp # TRIVNET -trivnet2 8201/tcp # TRIVNET -trivnet2 8201/udp # TRIVNET -cvd 8400/tcp # cvd -cvd 8400/udp # cvd -sabarsd 8401/tcp # sabarsd -sabarsd 8401/udp # sabarsd -abarsd 8402/tcp # abarsd -abarsd 8402/udp # abarsd -admind 8403/tcp # admind -admind 8403/udp # admind -npmp 8450/tcp # npmp -npmp 8450/udp # npmp -vp2p 8473/tcp # Virtual Point to Point -vp2p 8473/udp # Virtual Point to Point -ibus 8733/tcp # iBus -ibus 8733/udp # iBus -cslistener 9000/tcp # CSlistener -cslistener 9000/udp # CSlistener -sctp 9006/tcp # SCTP -sctp 9006/udp # SCTP -websm 9090/tcp # WebSM -websm 9090/udp # WebSM -guibase 9321/tcp # guibase -guibase 9321/udp # guibase -mpidcmgr 9343/tcp # MpIdcMgr -mpidcmgr 9343/udp # MpIdcMgr -fjdmimgr 9374/tcp # fjdmimgr -fjdmimgr 9374/udp # fjdmimgr -fjinvmgr 9396/tcp # fjinvmgr -fjinvmgr 9396/udp # fjinvmgr -mpidcagt 9397/tcp # MpIdcAgt -mpidcagt 9397/udp # MpIdcAgt -ismserver 9500/tcp # ismserver -ismserver 9500/udp # ismserver -man 9535/tcp -man 9535/udp -msgsys 9594/tcp # Message System -msgsys 9594/udp # Message System -pds 9595/tcp # Ping Discovery Service -pds 9595/udp # Ping Discovery Service -sd 9876/tcp # Session Director -sd 9876/udp # Session Director -monkeycom 9898/tcp # MonkeyCom -monkeycom 9898/udp # MonkeyCom -palace 9992/tcp # Palace -palace 9992/udp # Palace -palace 9993/tcp # Palace -palace 9993/udp # Palace -palace 9994/tcp # Palace -palace 9994/udp # Palace -palace 9995/tcp # Palace -palace 9995/udp # Palace -palace 9996/tcp # Palace -palace 9996/udp # Palace -palace 9997/tcp # Palace -palace 9997/udp # Palace -distinct32 9998/tcp # Distinct32 -distinct32 9998/udp # Distinct32 -distinct 9999/tcp # distinct -distinct 9999/udp # distinct -ndmp 10000/tcp # Network Data Management Protocol -ndmp 10000/udp # Network Data Management Protocol -amanda 10080/tcp # Amanda -amanda 10080/udp # Amanda -blocks 10288/tcp # Blocks -blocks 10288/udp # Blocks -irisa 11000/tcp # IRISA -irisa 11000/udp # IRISA -metasys 11001/tcp # Metasys -metasys 11001/udp # Metasys -vce 11111/tcp # Viral Computing Environment (VCE) -vce 11111/udp # Viral Computing Environment (VCE) -entextxid 12000/tcp # IBM Enterprise Extender SNA XID Exchange -entextxid 12000/udp # IBM Enterprise Extender SNA XID Exchange -entextnetwk 12001/tcp # IBM Enterprise Extender SNA COS Network Priority -entextnetwk 12001/udp # IBM Enterprise Extender SNA COS Network Priority -entexthigh 12002/tcp # IBM Enterprise Extender SNA COS High Priority -entexthigh 12002/udp # IBM Enterprise Extender SNA COS High Priority -entextmed 12003/tcp # IBM Enterprise Extender SNA COS Medium Priority -entextmed 12003/udp # IBM Enterprise Extender SNA COS Medium Priority -entextlow 12004/tcp # IBM Enterprise Extender SNA COS Low Priority -entextlow 12004/udp # IBM Enterprise Extender SNA COS Low Priority -tsaf 12753/tcp # tsaf port -tsaf 12753/udp # tsaf port -bprd 13720/tcp # BPRD Protocol (VERITAS NetBackup) -bprd 13720/udp # BPRD Protocol (VERITAS NetBackup) -bpbrm 13721/tcp # BPBRM Protocol (VERITAS NetBackup) -bpbrm 13721/udp # BPBRM Protocol (VERITAS NetBackup) -bpcd 13782/tcp # VERITAS NetBackup -bpcd 13782/udp # VERITAS NetBackup -vopied 13783/tcp # VOPIED Protocol -vopied 13783/udp # VOPIED Protocol -netserialext1 16360/tcp # netserialext1 -netserialext1 16360/udp # netserialext1 -netserialext2 16361/tcp # netserialext2 -netserialext2 16361/udp # netserialext2 -netserialext3 16367/tcp # netserialext3 -netserialext3 16367/udp # netserialext3 -netserialext4 16368/tcp # netserialext4 -netserialext4 16368/udp # netserialext4 -chipper 17219/tcp # Chipper -chipper 17219/udp # Chipper -biimenu 18000/tcp # Beckman Instruments, Inc. -biimenu 18000/udp # Beckman Instruments, Inc. -jcp 19541/tcp # JCP Client -jcp 19541/udp # JCP Client -dnp 20000/tcp # DNP -dnp 20000/udp # DNP -track 20670/tcp # Track -track 20670/udp # Track -webphone 21845/tcp # webphone -webphone 21845/udp # webphone -wnn6 22273/tcp # wnn6 -wnn6 22273/udp # wnn6 -quake 26000/tcp # quake -quake 26000/udp # quake -traceroute 33434/tcp # traceroute use -traceroute 33434/udp # traceroute use -kastenxpipe 36865/tcp # KastenX Pipe -kastenxpipe 36865/udp # KastenX Pipe -eba 45678/tcp # EBA PRISE -eba 45678/udp # EBA PRISE -dbbrowse 47557/tcp # Databeam Corporation -dbbrowse 47557/udp # Databeam Corporation -directplaysrvr 47624/tcp # Direct Play Server -directplaysrvr 47624/udp # Direct Play Server -ap 47806/tcp # ALC Protocol -ap 47806/udp # ALC Protocol -bacnet 47808/tcp # Building Automation and Control Networks -bacnet 47808/udp # Building Automation and Control Networks -nimcontroller 48000/tcp # Nimbus Controller -nimcontroller 48000/udp # Nimbus Controller -nimspooler 48001/tcp # Nimbus Spooler -nimspooler 48001/udp # Nimbus Spooler -nimhub 48002/tcp # Nimbus Hub -nimhub 48002/udp # Nimbus Hub -nimgtw 48003/tcp # Nimbus Gateway -nimgtw 48003/udp # Nimbus Gateway diff --git a/contrib/ipfilter/facpri.c b/contrib/ipfilter/facpri.c deleted file mode 100644 index 79afdd2147..0000000000 --- a/contrib/ipfilter/facpri.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -#include -#endif -#include -#include -#include -#include -#include "facpri.h" - -#ifndef __STDC__ -# define const -#endif - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $"; -#endif - -typedef struct table { - char *name; - int value; -} table_t; - -table_t facs[] = { - { "kern", LOG_KERN }, { "user", LOG_USER }, - { "mail", LOG_MAIL }, { "daemon", LOG_DAEMON }, - { "auth", LOG_AUTH }, { "syslog", LOG_SYSLOG }, - { "lpr", LOG_LPR }, { "news", LOG_NEWS }, - { "uucp", LOG_UUCP }, -#if LOG_CRON == LOG_CRON2 - { "cron2", LOG_CRON1 }, -#else - { "cron", LOG_CRON1 }, -#endif -#ifdef LOG_FTP - { "ftp", LOG_FTP }, -#endif -#ifdef LOG_AUTHPRIV - { "authpriv", LOG_AUTHPRIV }, -#endif -#ifdef LOG_AUDIT - { "audit", LOG_AUDIT }, -#endif -#ifdef LOG_LFMT - { "logalert", LOG_LFMT }, -#endif -#if LOG_CRON == LOG_CRON1 - { "cron", LOG_CRON2 }, -#else - { "cron2", LOG_CRON2 }, -#endif -#ifdef LOG_SECURITY - { "security", LOG_SECURITY }, -#endif - { "local0", LOG_LOCAL0 }, { "local1", LOG_LOCAL1 }, - { "local2", LOG_LOCAL2 }, { "local3", LOG_LOCAL3 }, - { "local4", LOG_LOCAL4 }, { "local5", LOG_LOCAL5 }, - { "local6", LOG_LOCAL6 }, { "local7", LOG_LOCAL7 }, - { NULL, 0 } -}; - - -/* - * map a facility number to its name - */ -char * -fac_toname(facpri) - int facpri; -{ - int i, j, fac; - - fac = facpri & LOG_FACMASK; - j = fac >> 3; - if (j < 24) { - if (facs[j].value == fac) - return facs[j].name; - for (i = 0; facs[i].name; i++) - if (fac == facs[i].value) - return facs[i].name; - } - - return NULL; -} - - -/* - * map a facility name to its number - */ -int -fac_findname(name) - char *name; -{ - int i; - - for (i = 0; facs[i].name; i++) - if (!strcmp(facs[i].name, name)) - return facs[i].value; - return -1; -} - - -table_t pris[] = { - { "emerg", LOG_EMERG }, { "alert", LOG_ALERT }, - { "crit", LOG_CRIT }, { "err", LOG_ERR }, - { "warn", LOG_WARNING }, { "notice", LOG_NOTICE }, - { "info", LOG_INFO }, { "debug", LOG_DEBUG }, - { NULL, 0 } -}; - - -/* - * map a priority name to its number - */ -int -pri_findname(name) - char *name; -{ - int i; - - for (i = 0; pris[i].name; i++) - if (!strcmp(pris[i].name, name)) - return pris[i].value; - return -1; -} - - -/* - * map a priority number to its name - */ -char * -pri_toname(facpri) - int facpri; -{ - int i, pri; - - pri = facpri & LOG_PRIMASK; - if (pris[pri].value == pri) - return pris[pri].name; - for (i = 0; pris[i].name; i++) - if (pri == pris[i].value) - return pris[i].name; - return NULL; -} diff --git a/contrib/ipfilter/facpri.h b/contrib/ipfilter/facpri.h deleted file mode 100644 index 7b80377d11..0000000000 --- a/contrib/ipfilter/facpri.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 1999-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * $Id: facpri.h,v 1.3.2.1 2001/06/26 10:43:11 darrenr Exp $ - */ - -#ifndef __FACPRI_H__ -#define __FACPRI_H__ - -#ifndef __P -# define P_DEF -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -extern char *fac_toname __P((int)); -extern int fac_findname __P((char *)); - -extern char *pri_toname __P((int)); -extern int pri_findname __P((char *)); - -#ifdef P_DEF -# undef __P -# undef P_DEF -#endif - -#if LOG_CRON == (9<<3) -# define LOG_CRON1 LOG_CRON -# define LOG_CRON2 (15<<3) -#endif -#if LOG_CRON == (15<<3) -# define LOG_CRON1 (9<<3) -# define LOG_CRON2 LOG_CRON -#endif - -#endif /* __FACPRI_H__ */ diff --git a/contrib/ipfilter/fils.c b/contrib/ipfilter/fils.c deleted file mode 100644 index e21af892a5..0000000000 --- a/contrib/ipfilter/fils.c +++ /dev/null @@ -1,1536 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#ifdef __FreeBSD__ -# ifndef __FreeBSD_cc_version -# include -# else -# if __FreeBSD_cc_version < 430000 -# include -# endif -# endif -#endif -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -# include -#endif -#include -#include -#include -#include -#if defined(STATETOP) -# if defined(_BSDI_VERSION) -# undef STATETOP) -# endif -# if defined(__FreeBSD__) && \ - (!defined(__FreeBSD_version) || (__FreeBSD_version < 430000)) -# undef STATETOP -# endif -# if defined(__NetBSD_Version__) -# if (__NetBSD_Version__ < 105000000) -# undef STATETOP -# else -# include -# define USE_POLL -# endif -# endif -# if defined(sun) -# if defined(__svr4__) || defined(__SVR4) -# include -# else -# undef STATETOP /* NOT supported on SunOS4 */ -# endif -# endif -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 300000 -# include -#endif -#include -#include -#include -#include -#if defined(STATETOP) && !defined(linux) -# include -# include -#endif -#include "netinet/ip_compat.h" -#include "netinet/ip_fil.h" -#include "ipf.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_frag.h" -#include "netinet/ip_state.h" -#include "netinet/ip_proxy.h" -#include "netinet/ip_auth.h" -#ifdef STATETOP -# include "netinet/ipl.h" -# include -# if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \ - defined(__sgi) -# ifdef ERR -# undef ERR -# endif -# include -# else /* SOLARIS */ -# include -# endif /* SOLARIS */ -#endif /* STATETOP */ -#include "kmem.h" -#if defined(__NetBSD__) || (__OpenBSD__) -# include -#endif - -#if !defined(lint) -static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.45 2004/04/10 11:45:48 darrenr Exp $"; -#endif - -extern char *optarg; -extern int optind; - -#define PRINTF (void)printf -#define FPRINTF (void)fprintf -#define F_IN 0 -#define F_OUT 1 -#define F_ACIN 2 -#define F_ACOUT 3 -static char *filters[4] = { "ipfilter(in)", "ipfilter(out)", - "ipacct(in)", "ipacct(out)" }; - -int opts = 0; -int use_inet6 = 0; -int live_kernel = 1; -int state_fd = -1; -int auth_fd = -1; -int ipf_fd = -1; - -#ifdef STATETOP -#define STSTRSIZE 80 -#define STGROWSIZE 16 -#define HOSTNMLEN 40 - -#define STSORT_PR 0 -#define STSORT_PKTS 1 -#define STSORT_BYTES 2 -#define STSORT_TTL 3 -#define STSORT_SRCIP 4 -#define STSORT_DSTIP 5 -#define STSORT_MAX STSORT_DSTIP -#define STSORT_DEFAULT STSORT_BYTES - - -typedef struct statetop { - union i6addr st_src; - union i6addr st_dst; - u_short st_sport; - u_short st_dport; - u_char st_p; - u_char st_state[2]; - U_QUAD_T st_pkts; - U_QUAD_T st_bytes; - u_long st_age; -} statetop_t; -#endif - -extern int main __P((int, char *[])); -static void showstats __P((friostat_t *, u_32_t)); -static void showfrstates __P((ipfrstat_t *)); -static void showlist __P((friostat_t *)); -static void showipstates __P((ips_stat_t *)); -static void showauthstates __P((fr_authstat_t *)); -static void showgroups __P((friostat_t *)); -static void Usage __P((char *)); -static void printlist __P((frentry_t *)); -static void parse_ipportstr __P((const char *, struct in_addr *, int *)); -static int ipfstate_live __P((char *, friostat_t **, ips_stat_t **, - ipfrstat_t **, fr_authstat_t **, u_32_t *)); -static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **, - ipfrstat_t **, fr_authstat_t **, u_32_t *)); -#ifdef STATETOP -static void topipstates __P((struct in_addr, struct in_addr, int, int, int, int, int)); -static char *ttl_to_string __P((long)); -static int sort_p __P((const void *, const void *)); -static int sort_pkts __P((const void *, const void *)); -static int sort_bytes __P((const void *, const void *)); -static int sort_ttl __P((const void *, const void *)); -static int sort_srcip __P((const void *, const void *)); -static int sort_dstip __P((const void *, const void *)); -#endif -#if SOLARIS -void showqiflist __P((char *)); -#endif - - -static void Usage(name) -char *name; -{ -#ifdef USE_INET6 - fprintf(stderr, "Usage: %s [-6aAfhIinosv] [-d ]\n", name); -#else - fprintf(stderr, "Usage: %s [-aAfhIinosv] [-d ]\n", name); -#endif - fprintf(stderr, "\t\t[-M corefile] [-N symbol-list]\n"); - fprintf(stderr, " %s -t [-S source address] [-D destination address] [-P protocol] [-T refreshtime] [-C] [-d ]\n", name); - exit(1); -} - - -int main(argc,argv) -int argc; -char *argv[]; -{ - fr_authstat_t frauthst; - fr_authstat_t *frauthstp = &frauthst; - friostat_t fio; - friostat_t *fiop = &fio; - ips_stat_t ipsst; - ips_stat_t *ipsstp = &ipsst; - ipfrstat_t ifrst; - ipfrstat_t *ifrstp = &ifrst; - char *device = IPL_NAME, *memf = NULL; - char *kern = NULL; - int c, myoptind; - struct protoent *proto; - - int protocol = -1; /* -1 = wild card for any protocol */ - int refreshtime = 1; /* default update time */ - int sport = -1; /* -1 = wild card for any source port */ - int dport = -1; /* -1 = wild card for any dest port */ - int topclosed = 0; /* do not show closed tcp sessions */ - struct in_addr saddr, daddr; - u_32_t frf; - - saddr.s_addr = INADDR_ANY; /* default any source addr */ - daddr.s_addr = INADDR_ANY; /* default any dest addr */ - - /* - * Parse these two arguments now lest there be any buffer overflows - * in the parsing of the rest. - */ - myoptind = optind; - while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:N:P:S:T:")) != -1) - switch (c) - { - case 'M' : - memf = optarg; - live_kernel = 0; - break; - case 'N' : - kern = optarg; - live_kernel = 0; - break; - } - optind = myoptind; - - if (live_kernel == 1) { - if ((state_fd = open(IPL_STATE, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - if ((auth_fd = open(IPL_AUTH, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - if ((ipf_fd = open(device, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - } - - if (kern != NULL || memf != NULL) - { - (void)setuid(getuid()); - (void)setgid(getgid()); - } - - if (openkmem(kern, memf) == -1) - exit(-1); - - (void)setuid(getuid()); - (void)setgid(getgid()); - - while ((c = getopt(argc, argv, "6aACfghIilnoqstvd:D:M:N:P:S:T:")) != -1) - { - switch (c) - { -#ifdef USE_INET6 - case '6' : - use_inet6 = 1; - break; -#endif - case 'a' : - opts |= OPT_ACCNT|OPT_SHOWLIST; - break; - case 'A' : - device = IPAUTH_NAME; - opts |= OPT_AUTHSTATS; - break; - case 'C' : - topclosed = 1; - break; - case 'd' : - device = optarg; - break; - case 'D' : - parse_ipportstr(optarg, &daddr, &dport); - break; - case 'f' : - opts |= OPT_FRSTATES; - break; - case 'g' : - opts |= OPT_GROUPS; - break; - case 'h' : - opts |= OPT_HITS; - break; - case 'i' : - opts |= OPT_INQUE|OPT_SHOWLIST; - break; - case 'I' : - opts |= OPT_INACTIVE; - break; - case 'l' : - opts |= OPT_SHOWLIST; - break; - case 'M' : - break; - case 'N' : - break; - case 'n' : - opts |= OPT_SHOWLINENO; - break; - case 'o' : - opts |= OPT_OUTQUE|OPT_SHOWLIST; - break; - case 'P' : - if ((proto = getprotobyname(optarg)) != NULL) { - protocol = proto->p_proto; - } else if (!sscanf(optarg, "%ud", &protocol) || - (protocol < 0)) { - fprintf(stderr, "%s : Invalid protocol: %s\n", - argv[0], optarg); - exit(-2); - } - break; - case 'q' : -#if SOLARIS - showqiflist(kern); - exit(0); - break; -#else - fprintf(stderr, "-q only availble on Solaris\n"); - exit(1); - break; -#endif - case 's' : - opts |= OPT_IPSTATES; - break; - case 'S' : - parse_ipportstr(optarg, &saddr, &sport); - break; - case 't' : -#ifdef STATETOP - opts |= OPT_STATETOP; - break; -#else - fprintf(stderr, - "%s : state top facility not compiled in\n", - argv[0]); - exit(-2); -#endif - case 'T' : - if (!sscanf(optarg, "%d", &refreshtime) || - (refreshtime <= 0)) { - fprintf(stderr, - "%s : Invalid refreshtime < 1 : %s\n", - argv[0], optarg); - exit(-2); - } - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - default : - Usage(argv[0]); - break; - } - } - - if (live_kernel == 1) { - bzero((char *)&fio, sizeof(fio)); - bzero((char *)&ipsst, sizeof(ipsst)); - bzero((char *)&ifrst, sizeof(ifrst)); - - ipfstate_live(device, &fiop, &ipsstp, &ifrstp, - &frauthstp, &frf); - } else - ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); - - if (opts & OPT_IPSTATES) { - showipstates(ipsstp); - } else if (opts & OPT_SHOWLIST) { - showlist(fiop); - if ((opts & OPT_OUTQUE) && (opts & OPT_INQUE)){ - opts &= ~OPT_OUTQUE; - showlist(fiop); - } - } else { - if (opts & OPT_FRSTATES) - showfrstates(ifrstp); -#ifdef STATETOP - else if (opts & OPT_STATETOP) - topipstates(saddr, daddr, sport, dport, - protocol, refreshtime, topclosed); -#endif - else if (opts & OPT_AUTHSTATS) - showauthstates(frauthstp); - else if (opts & OPT_GROUPS) - showgroups(fiop); - else - showstats(fiop, frf); - } - return 0; -} - - -/* - * Fill in the stats structures from the live kernel, using a combination - * of ioctl's and copying directly from kernel memory. - */ -int ipfstate_live(device, fiopp, ipsstpp, ifrstpp, frauthstpp, frfp) -char *device; -friostat_t **fiopp; -ips_stat_t **ipsstpp; -ipfrstat_t **ifrstpp; -fr_authstat_t **frauthstpp; -u_32_t *frfp; -{ - - if (!(opts & OPT_AUTHSTATS) && ioctl(ipf_fd, SIOCGETFS, fiopp) == -1) { - perror("ioctl(ipf:SIOCGETFS)"); - exit(-1); - } - - if ((opts & OPT_IPSTATES)) { - if ((ioctl(state_fd, SIOCGETFS, ipsstpp) == -1)) { - perror("ioctl(state:SIOCGETFS)"); - exit(-1); - } - } - if ((opts & OPT_FRSTATES) && - (ioctl(ipf_fd, SIOCGFRST, ifrstpp) == -1)) { - perror("ioctl(SIOCGFRST)"); - exit(-1); - } - - if (opts & OPT_VERBOSE) - PRINTF("opts %#x name %s\n", opts, device); - - if ((opts & OPT_AUTHSTATS) && - (ioctl(auth_fd, SIOCATHST, frauthstpp) == -1)) { - perror("ioctl(SIOCATHST)"); - exit(-1); - } - - if (ioctl(ipf_fd, SIOCGETFF, frfp) == -1) - perror("ioctl(SIOCGETFF)"); - - return ipf_fd; -} - - -/* - * Build up the stats structures from data held in the "core" memory. - * This is mainly useful when looking at data in crash dumps and ioctl's - * just won't work any more. - */ -void ipfstate_dead(kernel, fiopp, ipsstpp, ifrstpp, frauthstpp, frfp) -char *kernel; -friostat_t **fiopp; -ips_stat_t **ipsstpp; -ipfrstat_t **ifrstpp; -fr_authstat_t **frauthstpp; -u_32_t *frfp; -{ - static fr_authstat_t frauthst, *frauthstp; - static ips_stat_t ipsst, *ipsstp; - static ipfrstat_t ifrst, *ifrstp; - static friostat_t fio, *fiop; - - void *rules[2][2]; - struct nlist deadlist[42] = { - { "fr_authstats" }, /* 0 */ - { "fae_list" }, - { "ipauth" }, - { "fr_authlist" }, - { "fr_authstart" }, - { "fr_authend" }, /* 5 */ - { "fr_authnext" }, - { "fr_auth" }, - { "fr_authused" }, - { "fr_authsize" }, - { "fr_defaultauthage" }, /* 10 */ - { "fr_authpkts" }, - { "fr_auth_lock" }, - { "frstats" }, - { "ips_stats" }, - { "ips_num" }, /* 15 */ - { "ips_wild" }, - { "ips_list" }, - { "ips_table" }, - { "fr_statemax" }, - { "fr_statesize" }, /* 20 */ - { "fr_state_doflush" }, - { "fr_state_lock" }, - { "ipfr_heads" }, - { "ipfr_nattab" }, - { "ipfr_stats" }, /* 25 */ - { "ipfr_inuse" }, - { "fr_ipfrttl" }, - { "fr_frag_lock" }, - { "ipfr_timer_id" }, - { "fr_nat_lock" }, /* 30 */ - { "ipfilter" }, - { "ipfilter6" }, - { "ipacct" }, - { "ipacct6" }, - { "ipl_frouteok" }, /* 35 */ - { "fr_running" }, - { "ipfgroups" }, - { "fr_active" }, - { "fr_pass" }, - { "fr_flags" }, /* 40 */ - { NULL } - }; - - - frauthstp = &frauthst; - ipsstp = &ipsst; - ifrstp = &ifrst; - fiop = &fio; - - *frfp = 0; - *fiopp = fiop; - *ipsstpp = ipsstp; - *ifrstpp = ifrstp; - *frauthstpp = frauthstp; - - bzero((char *)fiop, sizeof(*fiop)); - bzero((char *)ipsstp, sizeof(*ipsstp)); - bzero((char *)ifrstp, sizeof(*ifrstp)); - bzero((char *)frauthstp, sizeof(*frauthstp)); - - if (nlist(kernel, deadlist) == -1) { - fprintf(stderr, "nlist error\n"); - return; - } - - /* - * This is for SIOCGETFF. - */ - kmemcpy((char *)frfp, (u_long)deadlist[40].n_value, sizeof(*frfp)); - - /* - * f_locks is a combination of the lock variable from each part of - * ipfilter (state, auth, nat, fragments). - */ - kmemcpy((char *)fiop, (u_long)deadlist[13].n_value, sizeof(*fiop)); - kmemcpy((char *)&fiop->f_locks[0], (u_long)deadlist[22].n_value, - sizeof(fiop->f_locks[0])); - kmemcpy((char *)&fiop->f_locks[0], (u_long)deadlist[30].n_value, - sizeof(fiop->f_locks[1])); - kmemcpy((char *)&fiop->f_locks[2], (u_long)deadlist[28].n_value, - sizeof(fiop->f_locks[2])); - kmemcpy((char *)&fiop->f_locks[3], (u_long)deadlist[12].n_value, - sizeof(fiop->f_locks[3])); - - /* - * Get pointers to each list of rules (active, inactive, in, out) - */ - kmemcpy((char *)&rules, (u_long)deadlist[31].n_value, sizeof(rules)); - fiop->f_fin[0] = rules[0][0]; - fiop->f_fin[1] = rules[0][1]; - fiop->f_fout[0] = rules[1][0]; - fiop->f_fout[1] = rules[1][1]; - - /* - * Same for IPv6, except make them null if support for it is not - * being compiled in. - */ -#ifdef USE_INET6 - kmemcpy((char *)&rules, (u_long)deadlist[32].n_value, sizeof(rules)); - fiop->f_fin6[0] = rules[0][0]; - fiop->f_fin6[1] = rules[0][1]; - fiop->f_fout6[0] = rules[1][0]; - fiop->f_fout6[1] = rules[1][1]; -#else - fiop->f_fin6[0] = NULL; - fiop->f_fin6[1] = NULL; - fiop->f_fout6[0] = NULL; - fiop->f_fout6[1] = NULL; -#endif - - /* - * Now get accounting rules pointers. - */ - kmemcpy((char *)&rules, (u_long)deadlist[33].n_value, sizeof(rules)); - fiop->f_acctin[0] = rules[0][0]; - fiop->f_acctin[1] = rules[0][1]; - fiop->f_acctout[0] = rules[1][0]; - fiop->f_acctout[1] = rules[1][1]; - -#ifdef USE_INET6 - kmemcpy((char *)&rules, (u_long)deadlist[34].n_value, sizeof(rules)); - fiop->f_acctin6[0] = rules[0][0]; - fiop->f_acctin6[1] = rules[0][1]; - fiop->f_acctout6[0] = rules[1][0]; - fiop->f_acctout6[1] = rules[1][1]; -#else - fiop->f_acctin6[0] = NULL; - fiop->f_acctin6[1] = NULL; - fiop->f_acctout6[0] = NULL; - fiop->f_acctout6[1] = NULL; -#endif - - /* - * A collection of "global" variables used inside the kernel which - * are all collected in friostat_t via ioctl. - */ - kmemcpy((char *)&fiop->f_froute, (u_long)deadlist[35].n_value, - sizeof(fiop->f_froute)); - kmemcpy((char *)&fiop->f_running, (u_long)deadlist[36].n_value, - sizeof(fiop->f_running)); - kmemcpy((char *)&fiop->f_groups, (u_long)deadlist[37].n_value, - sizeof(fiop->f_groups)); - kmemcpy((char *)&fiop->f_active, (u_long)deadlist[38].n_value, - sizeof(fiop->f_active)); - kmemcpy((char *)&fiop->f_defpass, (u_long)deadlist[39].n_value, - sizeof(fiop->f_defpass)); - - /* - * Build up the state information stats structure. - */ - kmemcpy((char *)ipsstp, (u_long)deadlist[14].n_value, sizeof(*ipsstp)); - kmemcpy((char *)&ipsstp->iss_active, (u_long)deadlist[15].n_value, - sizeof(ipsstp->iss_active)); - ipsstp->iss_table = (void *)deadlist[18].n_value; - ipsstp->iss_list = (void *)deadlist[17].n_value; - - /* - * Build up the authentiation information stats structure. - */ - kmemcpy((char *)frauthstp, (u_long)deadlist[0].n_value, - sizeof(*frauthstp)); - frauthstp->fas_faelist = (void *)deadlist[1].n_value; - - /* - * Build up the fragment information stats structure. - */ - kmemcpy((char *)ifrstp, (u_long)deadlist[25].n_value, - sizeof(*ifrstp)); - ifrstp->ifs_table = (void *)deadlist[23].n_value; - ifrstp->ifs_nattab = (void *)deadlist[24].n_value; - kmemcpy((char *)&ifrstp->ifs_inuse, (u_long)deadlist[26].n_value, - sizeof(ifrstp->ifs_inuse)); -} - - -/* - * Display the kernel stats for packets blocked and passed and other - * associated running totals which are kept. - */ -static void showstats(fp, frf) -struct friostat *fp; -u_32_t frf; -{ - -#if SOLARIS - PRINTF("dropped packets:\tin %lu\tout %lu\n", - fp->f_st[0].fr_drop, fp->f_st[1].fr_drop); - PRINTF("non-data packets:\tin %lu\tout %lu\n", - fp->f_st[0].fr_notdata, fp->f_st[1].fr_notdata); - PRINTF("no-data packets:\tin %lu\tout %lu\n", - fp->f_st[0].fr_nodata, fp->f_st[1].fr_nodata); - PRINTF("non-ip packets:\t\tin %lu\tout %lu\n", - fp->f_st[0].fr_notip, fp->f_st[1].fr_notip); - PRINTF(" bad packets:\t\tin %lu\tout %lu\n", - fp->f_st[0].fr_bad, fp->f_st[1].fr_bad); - PRINTF("copied messages:\tin %lu\tout %lu\n", - fp->f_st[0].fr_copy, fp->f_st[1].fr_copy); -#endif -#ifdef USE_INET6 - PRINTF(" IPv6 packets:\t\tin %lu out %lu\n", - fp->f_st[0].fr_ipv6[0], fp->f_st[0].fr_ipv6[1]); -#endif - PRINTF(" input packets:\t\tblocked %lu passed %lu nomatch %lu", - fp->f_st[0].fr_block, fp->f_st[0].fr_pass, - fp->f_st[0].fr_nom); - PRINTF(" counted %lu short %lu\n", - fp->f_st[0].fr_acct, fp->f_st[0].fr_short); - PRINTF("output packets:\t\tblocked %lu passed %lu nomatch %lu", - fp->f_st[1].fr_block, fp->f_st[1].fr_pass, - fp->f_st[1].fr_nom); - PRINTF(" counted %lu short %lu\n", - fp->f_st[1].fr_acct, fp->f_st[1].fr_short); - PRINTF(" input packets logged:\tblocked %lu passed %lu\n", - fp->f_st[0].fr_bpkl, fp->f_st[0].fr_ppkl); - PRINTF("output packets logged:\tblocked %lu passed %lu\n", - fp->f_st[1].fr_bpkl, fp->f_st[1].fr_ppkl); - PRINTF(" packets logged:\tinput %lu output %lu\n", - fp->f_st[0].fr_pkl, fp->f_st[1].fr_pkl); - PRINTF(" log failures:\t\tinput %lu output %lu\n", - fp->f_st[0].fr_skip, fp->f_st[1].fr_skip); - PRINTF("fragment state(in):\tkept %lu\tlost %lu\tnot fragmented %lu\n", - fp->f_st[0].fr_nfr, fp->f_st[0].fr_bnfr, fp->f_st[0].fr_cfr); - PRINTF("fragment state(out):\tkept %lu\tlost %lu\tnot fragmented %lu\n", - fp->f_st[1].fr_nfr, fp->f_st[1].fr_bnfr, fp->f_st[1].fr_cfr); - PRINTF("packet state(in):\tkept %lu\tlost %lu\n", - fp->f_st[0].fr_ads, fp->f_st[0].fr_bads); - PRINTF("packet state(out):\tkept %lu\tlost %lu\n", - fp->f_st[1].fr_ads, fp->f_st[1].fr_bads); - PRINTF("ICMP replies:\t%lu\tTCP RSTs sent:\t%lu\n", - fp->f_st[0].fr_ret, fp->f_st[1].fr_ret); - PRINTF("Invalid source(in):\t%lu\n", fp->f_st[0].fr_badsrc); - PRINTF("Result cache hits(in):\t%lu\t(out):\t%lu\n", - fp->f_st[0].fr_chit, fp->f_st[1].fr_chit); - PRINTF("IN Pullups succeeded:\t%lu\tfailed:\t%lu\n", - fp->f_st[0].fr_pull[0], fp->f_st[0].fr_pull[1]); - PRINTF("OUT Pullups succeeded:\t%lu\tfailed:\t%lu\n", - fp->f_st[1].fr_pull[0], fp->f_st[1].fr_pull[1]); - PRINTF("Fastroute successes:\t%lu\tfailures:\t%lu\n", - fp->f_froute[0], fp->f_froute[1]); - PRINTF("TCP cksum fails(in):\t%lu\t(out):\t%lu\n", - fp->f_st[0].fr_tcpbad, fp->f_st[1].fr_tcpbad); - - PRINTF("Packet log flags set: (%#x)\n", frf); - if (frf & FF_LOGPASS) - PRINTF("\tpackets passed through filter\n"); - if (frf & FF_LOGBLOCK) - PRINTF("\tpackets blocked by filter\n"); - if (frf & FF_LOGNOMATCH) - PRINTF("\tpackets not matched by filter\n"); - if (!frf) - PRINTF("\tnone\n"); -} - - -/* - * Print out a list of rules from the kernel, starting at the one passed. - */ -static void printlist(fp) -frentry_t *fp; -{ - struct frentry fb; - int n; - - for (n = 1; fp; n++) { - if (kmemcpy((char *)&fb, (u_long)fp, sizeof(fb)) == -1) { - perror("kmemcpy"); - return; - } - fp = &fb; - if (opts & OPT_OUTQUE) - fp->fr_flags |= FR_OUTQUE; - if (opts & (OPT_HITS|OPT_VERBOSE)) -#ifdef USE_QUAD_T - PRINTF("%qu ", (unsigned long long) fp->fr_hits); -#else - PRINTF("%lu ", fp->fr_hits); -#endif - if (opts & (OPT_ACCNT|OPT_VERBOSE)) -#ifdef USE_QUAD_T - PRINTF("%qu ", (unsigned long long) fp->fr_bytes); -#else - PRINTF("%lu ", fp->fr_bytes); -#endif - if (opts & OPT_SHOWLINENO) - PRINTF("@%d ", n); - printfr(fp); - if (opts & OPT_VERBOSE) - binprint(fp); - if (fp->fr_grp) - printlist(fp->fr_grp); - fp = fp->fr_next; - } -} - -/* - * print out all of the asked for rule sets, using the stats struct as - * the base from which to get the pointers. - */ -static void showlist(fiop) -struct friostat *fiop; -{ - struct frentry *fp = NULL; - int i, set; - - set = fiop->f_active; - if (opts & OPT_INACTIVE) - set = 1 - set; - if (opts & OPT_ACCNT) { -#ifdef USE_INET6 - if ((use_inet6) && (opts & OPT_OUTQUE)) { - i = F_ACOUT; - fp = (struct frentry *)fiop->f_acctout6[set]; - } else if ((use_inet6) && (opts & OPT_INQUE)) { - i = F_ACIN; - fp = (struct frentry *)fiop->f_acctin6[set]; - } else -#endif - if (opts & OPT_OUTQUE) { - i = F_ACOUT; - fp = (struct frentry *)fiop->f_acctout[set]; - } else if (opts & OPT_INQUE) { - i = F_ACIN; - fp = (struct frentry *)fiop->f_acctin[set]; - } else { - FPRINTF(stderr, "No -i or -o given with -a\n"); - return; - } - } else { -#ifdef USE_INET6 - if ((use_inet6) && (opts & OPT_OUTQUE)) { - i = F_OUT; - fp = (struct frentry *)fiop->f_fout6[set]; - } else if ((use_inet6) && (opts & OPT_INQUE)) { - i = F_IN; - fp = (struct frentry *)fiop->f_fin6[set]; - } else -#endif - if (opts & OPT_OUTQUE) { - i = F_OUT; - fp = (struct frentry *)fiop->f_fout[set]; - } else if (opts & OPT_INQUE) { - i = F_IN; - fp = (struct frentry *)fiop->f_fin[set]; - } else - return; - } - if (opts & OPT_VERBOSE) - FPRINTF(stderr, "showlist:opts %#x i %d\n", opts, i); - - if (opts & OPT_VERBOSE) - PRINTF("fp %p set %d\n", fp, set); - if (fp == NULL) { - FPRINTF(stderr, "empty list for %s%s\n", - (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]); - return; - } - printlist(fp); -} - - -/* - * Display ipfilter stateful filtering information - */ -static void showipstates(ipsp) -ips_stat_t *ipsp; -{ - ipstate_t *istab[IPSTATE_SIZE]; - - /* - * If a list of states hasn't been asked for, only print out stats - */ - if (!(opts & OPT_SHOWLIST)) { - PRINTF("IP states added:\n\t%lu TCP\n\t%lu UDP\n\t%lu ICMP\n", - ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp); - PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits, - ipsp->iss_miss); - PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu bkts in use\n", - ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_inuse); - PRINTF("\t%lu logged\n\t%lu log failures\n", - ipsp->iss_logged, ipsp->iss_logfail); - PRINTF("\t%lu active\n\t%lu expired\n\t%lu closed\n", - ipsp->iss_active, ipsp->iss_expire, ipsp->iss_fin); - return; - } - - if (kmemcpy((char *)istab, (u_long)ipsp->iss_table, sizeof(istab))) - return; - - /* - * Print out all the state information currently held in the kernel. - */ - while (ipsp->iss_list != NULL) { - ipsp->iss_list = printstate(ipsp->iss_list, opts); - } -} - - -#if SOLARIS -/* - * Displays the list of interfaces of which IPFilter has taken control in - * Solaris. - */ -void showqiflist(kern) -char *kern; -{ - struct nlist qifnlist[2] = { - { "_qif_head" }, - { NULL } - }; - qif_t qif, *qf; - ill_t ill; - - if (kern == NULL) - kern = "/dev/ksyms"; - - if (nlist(kern, qifnlist) == -1) { - fprintf(stderr, "nlist error\n"); - return; - } - - printf("List of interfaces bound by IPFilter:\n"); - if (kmemcpy((char *)&qf, (u_long)qifnlist[0].n_value, sizeof(qf))) - return; - while (qf) { - if (kmemcpy((char *)&qif, (u_long)qf, sizeof(qif))) - break; - if (kmemcpy((char *)&ill, (u_long)qif.qf_ill, sizeof(ill))) - ill.ill_ppa = -1; - printf("Name: %-8s Header Length: %2d SAP: %s (%04x) PPA %d", - qif.qf_name, qif.qf_hl, -#ifdef IP6_DL_SAP - (qif.qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4" -#else - "IPv4" -#endif - , qif.qf_sap, ill.ill_ppa); - printf(" %ld %ld", qif.qf_incnt, qif.qf_outcnt); - qf = qif.qf_next; - putchar('\n'); - } -} -#endif - - -#ifdef STATETOP -static void topipstates(saddr, daddr, sport, dport, protocol, - refreshtime, topclosed) -struct in_addr saddr; -struct in_addr daddr; -int sport; -int dport; -int protocol; -int refreshtime; -int topclosed; -{ - char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE]; - int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT; - int i, j, winx, tsentry, maxx, maxy, redraw = 0; - ipstate_t *istab[IPSTATE_SIZE], ips; - ips_stat_t ipsst, *ipsstp = &ipsst; - statetop_t *tstable = NULL, *tp; - char hostnm[HOSTNMLEN]; - struct protoent *proto; - int c = 0; - time_t t; -#ifdef USE_POLL - struct pollfd set[1]; -#else - struct timeval selecttimeout; - fd_set readfd; -#endif - - /* init ncurses stuff */ - initscr(); - cbreak(); - noecho(); - - /* init hostname */ - gethostname(hostnm, sizeof(hostnm) - 1); - hostnm[sizeof(hostnm) - 1] = '\0'; - - /* repeat until user aborts */ - while ( 1 ) { - - /* get state table */ - bzero((char *)&ipsst, sizeof(&ipsst)); - if ((ioctl(state_fd, SIOCGETFS, &ipsstp) == -1)) { - perror("ioctl(SIOCGETFS)"); - exit(-1); - } - if (kmemcpy((char *)istab, (u_long)ipsstp->iss_table, - sizeof(ips))) - return; - - /* clear the history */ - tsentry = -1; - - /* read the state table and store in tstable */ - while (ipsstp->iss_list) { - if (kmemcpy((char *)&ips, (u_long)ipsstp->iss_list, - sizeof(ips))) - break; - ipsstp->iss_list = ips.is_next; - - if (((saddr.s_addr == INADDR_ANY) || - (saddr.s_addr == ips.is_saddr)) && - ((daddr.s_addr == INADDR_ANY) || - (daddr.s_addr == ips.is_daddr)) && - ((protocol < 0) || (protocol == ips.is_p)) && - (((ips.is_p != IPPROTO_TCP) && - (ips.is_p != IPPROTO_UDP)) || - (((sport < 0) || - (htons(sport) == ips.is_sport)) && - ((dport < 0) || - (htons(dport) == ips.is_dport)))) && - (topclosed || (ips.is_p != IPPROTO_TCP) || - (ips.is_state[0] < TCPS_LAST_ACK) || - (ips.is_state[1] < TCPS_LAST_ACK))) { - /* - * if necessary make room for this state - * entry - */ - tsentry++; - if (!maxtsentries || - (tsentry == maxtsentries)) { - - maxtsentries += STGROWSIZE; - tstable = realloc(tstable, maxtsentries * sizeof(statetop_t)); - if (!tstable) { - perror("malloc"); - exit(-1); - } - } - - /* fill structure */ - tp = tstable + tsentry; - tp->st_src = ips.is_src; - tp->st_dst = ips.is_dst; - tp->st_p = ips.is_p; - tp->st_state[0] = ips.is_state[0]; - tp->st_state[1] = ips.is_state[1]; - tp->st_pkts = ips.is_pkts; - tp->st_bytes = ips.is_bytes; - tp->st_age = ips.is_age; - if ((ips.is_p == IPPROTO_TCP) || - (ips.is_p == IPPROTO_UDP)) { - tp->st_sport = ips.is_sport; - tp->st_dport = ips.is_dport; - } - - } - } - - - /* sort the array */ - if (tsentry != -1) - switch (sorting) - { - case STSORT_PR: - qsort(tstable, tsentry + 1, - sizeof(statetop_t), sort_p); - break; - case STSORT_PKTS: - qsort(tstable, tsentry + 1, - sizeof(statetop_t), sort_pkts); - break; - case STSORT_BYTES: - qsort(tstable, tsentry + 1, - sizeof(statetop_t), sort_bytes); - break; - case STSORT_TTL: - qsort(tstable, tsentry + 1, - sizeof(statetop_t), sort_ttl); - break; - case STSORT_SRCIP: - qsort(tstable, tsentry + 1, - sizeof(statetop_t), sort_srcip); - break; - case STSORT_DSTIP: - qsort(tstable, tsentry + 1, - sizeof(statetop_t), sort_dstip); - break; - default: - break; - } - - /* print title */ - erase(); - getmaxyx(stdscr, maxy, maxx); - attron(A_BOLD); - winx = 0; - move(winx,0); - sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION); - for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++) - printw(" "); - printw("%s", str1); - attroff(A_BOLD); - - /* just for fun add a clock */ - move(winx, maxx - 8); - t = time(NULL); - strftime(str1, 80, "%T", localtime(&t)); - printw("%s\n", str1); - - /* - * print the display filters, this is placed in the loop, - * because someday I might add code for changing these - * while the programming is running :-) - */ - if (sport >= 0) - sprintf(str1, "%s,%d", inet_ntoa(saddr), sport); - else - sprintf(str1, "%s", inet_ntoa(saddr)); - - if (dport >= 0) - sprintf(str2, "%s,%d", inet_ntoa(daddr), dport); - else - sprintf(str2, "%s", inet_ntoa(daddr)); - - if (protocol < 0) - strcpy(str3, "any"); - else if ((proto = getprotobynumber(protocol)) != NULL) - sprintf(str3, "%s", proto->p_name); - else - sprintf(str3, "%d", protocol); - - switch (sorting) - { - case STSORT_PR: - sprintf(str4, "proto"); - break; - case STSORT_PKTS: - sprintf(str4, "# pkts"); - break; - case STSORT_BYTES: - sprintf(str4, "# bytes"); - break; - case STSORT_TTL: - sprintf(str4, "ttl"); - break; - case STSORT_SRCIP: - sprintf(str4, "srcip"); - break; - case STSORT_DSTIP: - sprintf(str4, "dstip"); - break; - default: - sprintf(str4, "unknown"); - break; - } - - if (reverse) - strcat(str4, " (reverse)"); - - winx += 2; - move(winx,0); - printw("Src = %s Dest = %s Proto = %s Sorted by = %s\n\n", - str1, str2, str3, str4); - - /* print column description */ - winx += 2; - move(winx,0); - attron(A_BOLD); - printw("%-21s %-21s %3s %4s %7s %9s %9s\n", "Source IP", - "Destination IP", "ST", "PR", "#pkts", "#bytes", "ttl"); - attroff(A_BOLD); - - /* print all the entries */ - tp = tstable; - if (reverse) - tp += tsentry; - - if (tsentry > maxy - 6) - tsentry = maxy - 6; - for (i = 0; i <= tsentry; i++) { - /* print src/dest and port */ - if ((tp->st_p == IPPROTO_TCP) || - (tp->st_p == IPPROTO_UDP)) { - sprintf(str1, "%s,%hu", - inet_ntoa(tp->st_src.in4), - ntohs(tp->st_sport)); - sprintf(str2, "%s,%hu", - inet_ntoa(tp->st_dst.in4), - ntohs(tp->st_dport)); - } else { - sprintf(str1, "%s", inet_ntoa(tp->st_src.in4)); - sprintf(str2, "%s", inet_ntoa(tp->st_dst.in4)); - } - winx++; - move(winx, 0); - printw("%-21s %-21s", str1, str2); - - /* print state */ - sprintf(str1, "%X/%X", tp->st_state[0], - tp->st_state[1]); - printw(" %3s", str1); - - /* print proto */ - proto = getprotobynumber(tp->st_p); - if (proto) { - strncpy(str1, proto->p_name, 4); - str1[4] = '\0'; - } else { - sprintf(str1, "%d", tp->st_p); - } - printw(" %4s", str1); - /* print #pkt/#bytes */ -#ifdef USE_QUAD_T - printw(" %7qu %9qu", (unsigned long long) tp->st_pkts, - (unsigned long long) tp->st_bytes); -#else - printw(" %7lu %9lu", tp->st_pkts, tp->st_bytes); -#endif - printw(" %9s", ttl_to_string(tp->st_age)); - - if (reverse) - tp--; - else - tp++; - } - - /* screen data structure is filled, now update the screen */ - if (redraw) - clearok(stdscr,1); - - refresh(); - if (redraw) { - clearok(stdscr,0); - redraw = 0; - } - - /* wait for key press or a 1 second time out period */ -#ifdef USE_POLL - set[0].fd = 0; - set[0].events = POLLIN; - poll(set, 1, refreshtime * 1000); - - /* if key pressed, read all waiting keys */ - if (set[0].revents & POLLIN) -#else - selecttimeout.tv_sec = refreshtime; - selecttimeout.tv_usec = 0; - FD_ZERO(&readfd); - FD_SET(0, &readfd); - select(1, &readfd, NULL, NULL, &selecttimeout); - - /* if key pressed, read all waiting keys */ - if (FD_ISSET(0, &readfd)) -#endif - - { - c = wgetch(stdscr); - if (c == ERR) - continue; - - if (isalpha(c) && isupper(c)) - c = tolower(c); - if (c == 'l') { - redraw = 1; - } else if (c == 'q') { - break; /* exits while() loop */ - } else if (c == 'r') { - reverse = !reverse; - } else if (c == 's') { - sorting++; - if (sorting > STSORT_MAX) - sorting = 0; - } - } - } /* while */ - - printw("\n"); - nocbreak(); - endwin(); -} -#endif - - -/* - * Show fragment cache information that's held in the kernel. - */ -static void showfrstates(ifsp) -ipfrstat_t *ifsp; -{ - struct ipfr *ipfrtab[IPFT_SIZE], ifr; - frentry_t fr; - int i; - - /* - * print out the numeric statistics - */ - PRINTF("IP fragment states:\n\t%lu new\n\t%lu expired\n\t%lu hits\n", - ifsp->ifs_new, ifsp->ifs_expire, ifsp->ifs_hits); - PRINTF("\t%lu no memory\n\t%lu already exist\n", - ifsp->ifs_nomem, ifsp->ifs_exists); - PRINTF("\t%lu inuse\n", ifsp->ifs_inuse); - if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table, sizeof(ipfrtab))) - return; - - /* - * Print out the contents (if any) of the fragment cache table. - */ - PRINTF("\n"); - for (i = 0; i < IPFT_SIZE; i++) - while (ipfrtab[i]) { - if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], - sizeof(ifr)) == -1) - break; - PRINTF("%s -> ", hostname(4, &ifr.ipfr_src)); - if (kmemcpy((char *)&fr, (u_long)ifr.ipfr_rule, - sizeof(fr)) == -1) - break; - PRINTF("%s id %d ttl %d pr %d seen0 %d ifp %p tos %#02x = fl %#x\n", - hostname(4, &ifr.ipfr_dst), ntohs(ifr.ipfr_id), - ifr.ipfr_ttl, ifr.ipfr_p, ifr.ipfr_seen0, - ifr.ipfr_ifp, ifr.ipfr_tos, fr.fr_flags); - ipfrtab[i] = ifr.ipfr_next; - } - if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,sizeof(ipfrtab))) - return; - for (i = 0; i < IPFT_SIZE; i++) - while (ipfrtab[i]) { - if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], - sizeof(ifr)) == -1) - break; - PRINTF("NAT: %s -> ", hostname(4, &ifr.ipfr_src)); - if (kmemcpy((char *)&fr, (u_long)ifr.ipfr_rule, - sizeof(fr)) == -1) - break; - PRINTF("%s %d %d %d %#02x = %#x\n", - hostname(4, &ifr.ipfr_dst), ifr.ipfr_id, - ifr.ipfr_ttl, ifr.ipfr_p, ifr.ipfr_tos, - fr.fr_flags); - ipfrtab[i] = ifr.ipfr_next; - } -} - - -/* - * Show stats on how auth within IPFilter has been used - */ -static void showauthstates(asp) -fr_authstat_t *asp; -{ - frauthent_t *frap, fra; - -#ifdef USE_QUAD_T - printf("Authorisation hits: %qu\tmisses %qu\n", - (unsigned long long) asp->fas_hits, - (unsigned long long) asp->fas_miss); -#else - printf("Authorisation hits: %ld\tmisses %ld\n", asp->fas_hits, - asp->fas_miss); -#endif - printf("nospace %ld\nadded %ld\nsendfail %ld\nsendok %ld\n", - asp->fas_nospace, asp->fas_added, asp->fas_sendfail, - asp->fas_sendok); - printf("queok %ld\nquefail %ld\nexpire %ld\n", - asp->fas_queok, asp->fas_quefail, asp->fas_expire); - - frap = asp->fas_faelist; - while (frap) { - if (kmemcpy((char *)&fra, (u_long)frap, sizeof(fra)) == -1) - break; - - printf("age %ld\t", fra.fae_age); - printfr(&fra.fae_fr); - frap = fra.fae_next; - } -} - - -/* - * Display groups used for each of filter rules, accounting rules and - * authentication, separately. - */ -static void showgroups(fiop) -struct friostat *fiop; -{ - static char *gnames[3] = { "Filter", "Accounting", "Authentication" }; - frgroup_t *fp, grp; - int on, off, i; - - on = fiop->f_active; - off = 1 - on; - - for (i = 0; i < 3; i++) { - printf("%s groups (active):\n", gnames[i]); - for (fp = fiop->f_groups[i][on]; fp; fp = grp.fg_next) - if (kmemcpy((char *)&grp, (u_long)fp, sizeof(grp))) - break; - else - printf("%hu\n", grp.fg_num); - printf("%s groups (inactive):\n", gnames[i]); - for (fp = fiop->f_groups[i][off]; fp; fp = grp.fg_next) - if (kmemcpy((char *)&grp, (u_long)fp, sizeof(grp))) - break; - else - printf("%hu\n", grp.fg_num); - } -} - -static void parse_ipportstr(argument, ip, port) -const char *argument; -struct in_addr *ip; -int *port; -{ - - char *s, *comma; - - /* make working copy of argument, Theoretically you must be able - * to write to optarg, but that seems very ugly to me.... - */ - if ((s = malloc(strlen(argument) + 1)) == NULL) - perror("malloc"); - strcpy(s, argument); - - /* get port */ - if ((comma = strchr(s, ',')) != NULL) { - if (!strcasecmp(s, "any")) { - *port = -1; - } else if (!sscanf(comma + 1, "%d", port) || - (*port < 0) || (*port > 65535)) { - fprintf(stderr, "Invalid port specfication in %s\n", - argument); - exit(-2); - } - *comma = '\0'; - } - - - /* get ip address */ - if (!strcasecmp(s, "any")) { - ip->s_addr = INADDR_ANY; - } else if (!inet_aton(s, ip)) { - fprintf(stderr, "Invalid IP address: %s\n", s); - exit(-2); - } - - /* free allocated memory */ - free(s); -} - - -#ifdef STATETOP -static char ttlbuf[STSTRSIZE]; - -static char *ttl_to_string(ttl) -long int ttl; -{ - - int hours, minutes, seconds; - - /* ttl is in half seconds */ - ttl /= 2; - - hours = ttl / 3600; - ttl = ttl % 3600; - minutes = ttl / 60; - seconds = ttl % 60; - - if (hours > 0 ) - sprintf(ttlbuf, "%2d:%02d:%02d", hours, minutes, seconds); - else - sprintf(ttlbuf, "%2d:%02d", minutes, seconds); - return ttlbuf; -} - - -static int sort_pkts(a, b) -const void *a; -const void *b; -{ - - register const statetop_t *ap = a; - register const statetop_t *bp = b; - - if (ap->st_pkts == bp->st_pkts) - return 0; - else if (ap->st_pkts < bp->st_pkts) - return 1; - return -1; -} - - -static int sort_bytes(a, b) -const void *a; -const void *b; -{ - register const statetop_t *ap = a; - register const statetop_t *bp = b; - - if (ap->st_bytes == bp->st_bytes) - return 0; - else if (ap->st_bytes < bp->st_bytes) - return 1; - return -1; -} - - -static int sort_p(a, b) -const void *a; -const void *b; -{ - register const statetop_t *ap = a; - register const statetop_t *bp = b; - - if (ap->st_p == bp->st_p) - return 0; - else if (ap->st_p < bp->st_p) - return 1; - return -1; -} - - -static int sort_ttl(a, b) -const void *a; -const void *b; -{ - register const statetop_t *ap = a; - register const statetop_t *bp = b; - - if (ap->st_age == bp->st_age) - return 0; - else if (ap->st_age < bp->st_age) - return 1; - return -1; -} - -static int sort_srcip(a, b) -const void *a; -const void *b; -{ - register const statetop_t *ap = a; - register const statetop_t *bp = b; - - if (ntohl(ap->st_src.in4.s_addr) == ntohl(bp->st_src.in4.s_addr)) - return 0; - else if (ntohl(ap->st_src.in4.s_addr) > ntohl(bp->st_src.in4.s_addr)) - return 1; - return -1; -} - -static int sort_dstip(a, b) -const void *a; -const void *b; -{ - register const statetop_t *ap = a; - register const statetop_t *bp = b; - - if (ntohl(ap->st_dst.in4.s_addr) == ntohl(bp->st_dst.in4.s_addr)) - return 0; - else if (ntohl(ap->st_dst.in4.s_addr) > ntohl(bp->st_dst.in4.s_addr)) - return 1; - return -1; -} -#endif diff --git a/contrib/ipfilter/inet_addr.c b/contrib/ipfilter/inet_addr.c deleted file mode 100644 index e940280a28..0000000000 --- a/contrib/ipfilter/inet_addr.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * ++Copyright++ 1983, 1990, 1993 - * - - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ -#ifdef __STDC__ -# ifndef __P -# define __P(x) x -# endif -#else -# undef __P -# define __P(x) () -# undef const -# define const -#endif - -#if !defined(lint) -static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1.4.2 2002/02/22 15:32:46 darrenr Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include - -int inet_aton __P((const char *, struct in_addr *)); - -/* - * Check whether "cp" is a valid ascii representation - * of an Internet address and convert to a binary address. - * Returns 1 if the address is valid, 0 if not. - * This replaces inet_addr, the return value from which - * cannot distinguish between failure and a local broadcast address. - */ -int -inet_aton(cp, addr) - register const char *cp; - struct in_addr *addr; -{ - register u_long val; - register int base, n; - register char c; - u_int parts[4]; - register u_int *pp = parts; - - c = *cp; - for (;;) { - /* - * Collect number up to ``.''. - * Values are specified as for C: - * 0x=hex, 0=octal, isdigit=decimal. - */ - if (!isdigit(c)) - return (0); - val = 0; base = 10; - if (c == '0') { - c = *++cp; - if (c == 'x' || c == 'X') - base = 16, c = *++cp; - else - base = 8; - } - for (;;) { - if (isascii(c) && isdigit(c)) { - val = (val * base) + (c - '0'); - c = *++cp; - } else if (base == 16 && isascii(c) && isxdigit(c)) { - val = (val << 4) | - (c + 10 - (islower(c) ? 'a' : 'A')); - c = *++cp; - } else - break; - } - if (c == '.') { - /* - * Internet format: - * a.b.c.d - * a.b.c (with c treated as 16 bits) - * a.b (with b treated as 24 bits) - */ - if (pp >= parts + 3) - return (0); - *pp++ = val; - c = *++cp; - } else - break; - } - /* - * Check for trailing characters. - */ - if (c != '\0' && (!isascii(c) || !isspace(c))) - return (0); - /* - * Concoct the address according to - * the number of parts specified. - */ - n = pp - parts + 1; - switch (n) { - - case 0: - return (0); /* initial nondigit */ - - case 1: /* a -- 32 bits */ - break; - - case 2: /* a.b -- 8.24 bits */ - if (val > 0xffffff) - return (0); - val |= parts[0] << 24; - break; - - case 3: /* a.b.c -- 8.8.16 bits */ - if (val > 0xffff) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16); - break; - - case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if (val > 0xff) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); - break; - } - if (addr) - addr->s_addr = htonl(val); - return (1); -} - -/* these are compatibility routines, not needed on recent BSD releases */ - -/* - * Ascii internet address interpretation routine. - * The value returned is in network order. - */ -#if (defined(SOLARIS2) && (SOLARIS2 > 5)) || \ - (defined(IRIX) && (IRIX >= 605)) -in_addr_t -#else -u_long -#endif -inet_addr(cp) - register const char *cp; -{ - struct in_addr val; - - if (inet_aton(cp, &val)) - return (val.s_addr); - return (0xffffffff); -} diff --git a/contrib/ipfilter/ip_h323_pxy.c b/contrib/ipfilter/ip_h323_pxy.c deleted file mode 100644 index 8d8ef923f7..0000000000 --- a/contrib/ipfilter/ip_h323_pxy.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright 2001, QNX Software Systems Ltd. All Rights Reserved - * - * This source code has been published by QNX Software Systems Ltd. (QSSL). - * However, any use, reproduction, modification, distribution or transfer of - * this software, or any software which includes or is based upon any of this - * code, is only permitted under the terms of the QNX Open Community License - * version 1.0 (see licensing.qnx.com for details) or as otherwise expressly - * authorized by a written license agreement from QSSL. For more information, - * please email licensing@qnx.com. - * - * For more details, see QNX_OCL.txt provided with this distribution. - */ - -/* - * Simple H.323 proxy - * - * by xtang@canada.com - * ported to ipfilter 3.4.20 by Michael Grant mg-ipf@grant.org - */ - -#if __FreeBSD_version >= 220000 && defined(_KERNEL) -# include -# include -#else -# include -#endif - -#define IPF_H323_PROXY - -int ippr_h323_init __P((void)); -int ippr_h323_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); -void ippr_h323_del __P((ap_session_t *)); -int ippr_h323_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); -int ippr_h323_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); - -int ippr_h245_init __P((void)); -int ippr_h245_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); -int ippr_h245_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); -int ippr_h245_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); - -static frentry_t h323_fr; -#if (SOLARIS || defined(__sgi)) && defined(_KERNEL) -extern KRWLOCK_T ipf_nat; -#endif - -static int find_port __P((int, u_char *, int datlen, int *, u_short *)); - - -static int find_port(ipaddr, data, datlen, off, port) -int ipaddr; -unsigned char *data; -int datlen, *off; -unsigned short *port; -{ - u_32_t addr, netaddr; - u_char *dp; - int offset; - - if (datlen < 6) - return -1; - - *port = 0; - offset = *off; - dp = (u_char *)data; - netaddr = ntohl(ipaddr); - - for (offset = 0; offset <= datlen - 6; offset++, dp++) { - addr = (dp[0] << 24) | (dp[1] << 16) | (dp[2] << 8) | dp[3]; - if (netaddr == addr) - { - *port = (*(dp + 4) << 8) | *(dp + 5); - break; - } - } - *off = offset; - return (offset > datlen - 6) ? -1 : 0; -} - -/* - * Initialize local structures. - */ -int ippr_h323_init() -{ - bzero((char *)&h323_fr, sizeof(h323_fr)); - h323_fr.fr_ref = 1; - h323_fr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; - - return 0; -} - - -int ippr_h323_new(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - aps->aps_data = NULL; - aps->aps_psiz = 0; - - return 0; -} - - -void ippr_h323_del(aps) -ap_session_t *aps; -{ - int i; - ipnat_t *ipn; - - if (aps->aps_data) { - for (i = 0, ipn = aps->aps_data; - i < (aps->aps_psiz / sizeof(ipnat_t)); - i++, ipn = (ipnat_t *)((char *)ipn + sizeof(*ipn))) - { - /* - * Check the comment in ippr_h323_in() function, - * just above nat_ioctl() call. - * We are lucky here because this function is not - * called with ipf_nat locked. - */ - if (nat_ioctl((caddr_t)ipn, SIOCRMNAT, NAT_SYSSPACE| - NAT_LOCKHELD|FWRITE) == -1) { - /* log the error */ - } - } - KFREES(aps->aps_data, aps->aps_psiz); - /* avoid double free */ - aps->aps_data = NULL; - aps->aps_psiz = 0; - } - return; -} - - -int ippr_h323_out(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - return 0; -} - - -int ippr_h323_in(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - int ipaddr, off, datlen; - unsigned short port; - unsigned char *data; - tcphdr_t *tcp; - - tcp = (tcphdr_t *)fin->fin_dp; - ipaddr = ip->ip_src.s_addr; - - data = (unsigned char *)tcp + (tcp->th_off << 2); - datlen = fin->fin_dlen - (tcp->th_off << 2); - if (find_port(ipaddr, data, datlen, &off, &port) == 0) { - ipnat_t *ipn; - char *newarray; - - /* setup a nat rule to set a h245 proxy on tcp-port "port" - * it's like: - * map / -> / proxy port /tcp - */ - KMALLOCS(newarray, char *, aps->aps_psiz + sizeof(*ipn)); - if (newarray == NULL) { - return -1; - } - ipn = (ipnat_t *)&newarray[aps->aps_psiz]; - bcopy(nat->nat_ptr, ipn, sizeof(ipnat_t)); - strncpy(ipn->in_plabel, "h245", APR_LABELLEN); - - ipn->in_inip = nat->nat_inip.s_addr; - ipn->in_inmsk = 0xffffffff; - ipn->in_dport = htons(port); - /* - * we got a problem here. we need to call nat_ioctl() to add - * the h245 proxy rule, but since we already hold (READ locked) - * the nat table rwlock (ipf_nat), if we go into nat_ioctl(), - * it will try to WRITE lock it. This will causing dead lock - * on RTP. - * - * The quick & dirty solution here is release the read lock, - * call nat_ioctl() and re-lock it. - * A (maybe better) solution is do a UPGRADE(), and instead - * of calling nat_ioctl(), we add the nat rule ourself. - */ - RWLOCK_EXIT(&ipf_nat); - if (nat_ioctl((caddr_t)ipn, SIOCADNAT, - NAT_SYSSPACE|FWRITE) == -1) { - READ_ENTER(&ipf_nat); - return -1; - } - READ_ENTER(&ipf_nat); - if (aps->aps_data != NULL && aps->aps_psiz > 0) { - bcopy(aps->aps_data, newarray, aps->aps_psiz); - KFREES(aps->aps_data, aps->aps_psiz); - } - aps->aps_data = newarray; - aps->aps_psiz += sizeof(*ipn); - } - return 0; -} - - -int ippr_h245_init() -{ - return 0; -} - - -int ippr_h245_new(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - aps->aps_data = NULL; - aps->aps_psiz = 0; - return 0; -} - - -int ippr_h245_out(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - int ipaddr, off, datlen; - u_short port; - unsigned char *data; - tcphdr_t *tcp; - - tcp = (tcphdr_t *)fin->fin_dp; - ipaddr = nat->nat_inip.s_addr; - data = (unsigned char *)tcp + (tcp->th_off << 2); - datlen = ip->ip_len - fin->fin_hlen - (tcp->th_off << 2); - if (find_port(ipaddr, data, datlen, &off, &port) == 0) { - fr_info_t fi; - nat_t *ipn; - -/* port = htons(port); */ - ipn = nat_outlookup(fin->fin_ifp, IPN_UDP, IPPROTO_UDP, - ip->ip_src, ip->ip_dst, 1); - if (ipn == NULL) { - struct ip newip; - struct udphdr udp; - - bcopy(ip, &newip, sizeof(newip)); - newip.ip_len = fin->fin_hlen + sizeof(udp); - newip.ip_p = IPPROTO_UDP; - newip.ip_src = nat->nat_inip; - - bzero(&udp, sizeof(udp)); - udp.uh_sport = port; - - bcopy(fin, &fi, sizeof(fi)); - fi.fin_fi.fi_p = IPPROTO_UDP; - fi.fin_data[0] = port; - fi.fin_data[1] = 0; - fi.fin_dp = (char *)&udp; - - ipn = nat_new(&fi, &newip, nat->nat_ptr, NULL, - IPN_UDP|FI_W_DPORT, NAT_OUTBOUND); - if (ipn != NULL) { - ipn->nat_ptr->in_hits++; -#ifdef IPFILTER_LOG - nat_log(ipn, (u_int)(nat->nat_ptr->in_redir)); -#endif - bcopy((u_char*)&ip->ip_src.s_addr, - data + off, 4); - bcopy((u_char*)&ipn->nat_outport, - data + off + 4, 2); - } - } - } - return 0; -} - - -int ippr_h245_in(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - return 0; -} diff --git a/contrib/ipfilter/ip_ipsec_pxy.c b/contrib/ipfilter/ip_ipsec_pxy.c deleted file mode 100644 index 40ce131961..0000000000 --- a/contrib/ipfilter/ip_ipsec_pxy.c +++ /dev/null @@ -1,292 +0,0 @@ -/* - * Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT - * code. - * - * $Id: ip_ipsec_pxy.c,v 1.1.2.10 2002/01/13 04:58:29 darrenr Exp $ - * - */ -#define IPF_IPSEC_PROXY - - -int ippr_ipsec_init __P((void)); -int ippr_ipsec_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); -void ippr_ipsec_del __P((ap_session_t *)); -int ippr_ipsec_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); -int ippr_ipsec_match __P((fr_info_t *, ap_session_t *, nat_t *)); - -static frentry_t ipsecfr; - - -static char ipsec_buffer[1500]; - -/* - * RCMD application proxy initialization. - */ -int ippr_ipsec_init() -{ - bzero((char *)&ipsecfr, sizeof(ipsecfr)); - ipsecfr.fr_ref = 1; - ipsecfr.fr_flags = FR_OUTQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; - return 0; -} - - -/* - * Setup for a new IPSEC proxy. - */ -int ippr_ipsec_new(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - ipsec_pxy_t *ipsec; - fr_info_t fi; - ipnat_t *ipn; - char *ptr; - int p, off, dlen; - mb_t *m; - - bzero(ipsec_buffer, sizeof(ipsec_buffer)); - off = fin->fin_hlen + sizeof(udphdr_t); -#ifdef _KERNEL -# if SOLARIS - m = fin->fin_qfm; - - dlen = msgdsize(m) - off; - if (dlen < 16) - return -1; - copyout_mblk(m, off, MIN(sizeof(ipsec_buffer), dlen), ipsec_buffer); -# else - m = *(mb_t **)fin->fin_mp; - dlen = mbufchainlen(m) - off; - if (dlen < 16) - return -1; - m_copydata(m, off, MIN(sizeof(ipsec_buffer), dlen), ipsec_buffer); -# endif -#else - m = *(mb_t **)fin->fin_mp; - dlen = ip->ip_len - off; - ptr = (char *)m; - ptr += off; - bcopy(ptr, ipsec_buffer, MIN(sizeof(ipsec_buffer), dlen)); -#endif - - /* - * Because _new() gets called from nat_new(), ipf_nat is held with a - * write lock so pass rw=1 to nat_outlookup(). - */ - if (nat_outlookup(fin, 0, IPPROTO_ESP, nat->nat_inip, - ip->ip_dst, 1) != NULL) - return -1; - - aps->aps_psiz = sizeof(*ipsec); - KMALLOCS(aps->aps_data, ipsec_pxy_t *, sizeof(*ipsec)); - if (aps->aps_data == NULL) - return -1; - - ipsec = aps->aps_data; - bzero((char *)ipsec, sizeof(*ipsec)); - - /* - * Create NAT rule against which the tunnel/transport mapping is - * created. This is required because the current NAT rule does not - * describe ESP but UDP instead. - */ - ipn = &ipsec->ipsc_rule; - ipn->in_ifp = fin->fin_ifp; - ipn->in_apr = NULL; - ipn->in_use = 1; - ipn->in_hits = 1; - ipn->in_nip = ntohl(nat->nat_outip.s_addr); - ipn->in_ippip = 1; - ipn->in_inip = nat->nat_inip.s_addr; - ipn->in_inmsk = 0xffffffff; - ipn->in_outip = nat->nat_outip.s_addr; - ipn->in_outmsk = 0xffffffff; - ipn->in_srcip = fin->fin_saddr; - ipn->in_srcmsk = 0xffffffff; - ipn->in_redir = NAT_MAP; - bcopy(nat->nat_ptr->in_ifname, ipn->in_ifname, sizeof(ipn->in_ifname)); - ipn->in_p = IPPROTO_ESP; - - bcopy((char *)fin, (char *)&fi, sizeof(fi)); - fi.fin_fi.fi_p = IPPROTO_ESP; - fi.fin_fr = &ipsecfr; - fi.fin_data[0] = 0; - fi.fin_data[1] = 0; - p = ip->ip_p; - ip->ip_p = IPPROTO_ESP; - fi.fin_fl &= ~FI_TCPUDP; - - ptr = ipsec_buffer; - bcopy(ptr, ipsec->ipsc_icookie, sizeof(ipsec_cookie_t)); - ptr += sizeof(ipsec_cookie_t); - bcopy(ptr, ipsec->ipsc_rcookie, sizeof(ipsec_cookie_t)); - /* - * The responder cookie should only be non-zero if the initiator - * cookie is non-zero. Therefore, it is safe to assume(!) that the - * cookies are both set after copying if the responder is non-zero. - */ - if ((ipsec->ipsc_rcookie[0]|ipsec->ipsc_rcookie[1]) != 0) - ipsec->ipsc_rckset = 1; - else - nat->nat_age = 60; /* 30 seconds */ - - ipsec->ipsc_nat = nat_new(&fi, ip, ipn, &ipsec->ipsc_nat, FI_IGNOREPKT, - NAT_OUTBOUND); - if (ipsec->ipsc_nat != NULL) { - fi.fin_data[0] = 0; - fi.fin_data[1] = 0; - ipsec->ipsc_state = fr_addstate(ip, &fi, &ipsec->ipsc_state, - FI_IGNOREPKT|FI_NORULE); - } - ip->ip_p = p; - return 0; -} - - -/* - * For outgoing IKE packets. refresh timeouts for NAT & stat entries, if - * we can. If they have disappeared, recreate them. - */ -int ippr_ipsec_out(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - ipsec_pxy_t *ipsec; - fr_info_t fi; - int p; - - bcopy((char *)fin, (char *)&fi, sizeof(fi)); - fi.fin_fi.fi_p = IPPROTO_ESP; - fi.fin_fr = &ipsecfr; - fi.fin_data[0] = 0; - fi.fin_data[1] = 0; - p = ip->ip_p; - ip->ip_p = IPPROTO_ESP; - fi.fin_fl &= ~FI_TCPUDP; - - ipsec = aps->aps_data; - if (ipsec != NULL) { - /* - * Update NAT timeout/create NAT if missing. - */ - if (ipsec->ipsc_rckset == 0) - nat->nat_age = 60; /* 30 seconds */ - if (ipsec->ipsc_nat != NULL) - ipsec->ipsc_nat->nat_age = nat->nat_age; - else - ipsec->ipsc_nat = nat_new(&fi, ip, &ipsec->ipsc_rule, - &ipsec->ipsc_nat, - FI_IGNOREPKT, NAT_OUTBOUND); - - /* - * Update state timeout/create state if missing. - */ - READ_ENTER(&ipf_state); - if (ipsec->ipsc_state != NULL) { - ipsec->ipsc_state->is_age = nat->nat_age; - RWLOCK_EXIT(&ipf_state); - } else { - RWLOCK_EXIT(&ipf_state); - fi.fin_data[0] = 0; - fi.fin_data[1] = 0; - ipsec->ipsc_state = fr_addstate(ip, &fi, - &ipsec->ipsc_state, - FI_IGNOREPKT|FI_NORULE); - } - } - ip->ip_p = p; - return 0; -} - - -/* - * This extends the NAT matching to be based on the cookies associated with - * a session and found at the front of IKE packets. The cookies are always - * in the same order (not reversed depending on packet flow direction as with - * UDP/TCP port numbers). - */ -int ippr_ipsec_match(fin, aps, nat) -fr_info_t *fin; -ap_session_t *aps; -nat_t *nat; -{ - ipsec_pxy_t *ipsec; - u_32_t cookies[4]; - mb_t *m; - int off; - - if ((fin->fin_dlen < sizeof(cookies)) || (fin->fin_fl & FI_FRAG)) - return -1; - - ipsec = aps->aps_data; - off = fin->fin_hlen + sizeof(udphdr_t); -#ifdef _KERNEL -# if SOLARIS - m = fin->fin_qfm; - - copyout_mblk(m, off, sizeof(cookies), (char *)cookies); -# else - m = *(mb_t **)fin->fin_mp; - m_copydata(m, off, sizeof(cookies), (char *)cookies); -# endif -#else - m = *(mb_t **)fin->fin_mp; - bcopy((char *)m + off, cookies, sizeof(cookies)); -#endif - - if ((cookies[0] != ipsec->ipsc_icookie[0]) || - (cookies[1] != ipsec->ipsc_icookie[1])) - return -1; - - if (ipsec->ipsc_rckset == 0) { - if ((cookies[2]|cookies[3]) == 0) { - nat->nat_age = 60; /* 30 seconds */ - return 0; - } - ipsec->ipsc_rckset = 1; - ipsec->ipsc_rcookie[0] = cookies[2]; - ipsec->ipsc_rcookie[1] = cookies[3]; - return 0; - } - - if ((cookies[2] != ipsec->ipsc_rcookie[0]) || - (cookies[3] != ipsec->ipsc_rcookie[1])) - return -1; - return 0; -} - - -/* - * clean up after ourselves. - */ -void ippr_ipsec_del(aps) -ap_session_t *aps; -{ - ipsec_pxy_t *ipsec; - - ipsec = aps->aps_data; - - if (ipsec != NULL) { - /* - * Don't delete it from here, just schedule it to be - * deleted ASAP. - */ - if (ipsec->ipsc_nat != NULL) { - ipsec->ipsc_nat->nat_age = 1; - ipsec->ipsc_nat->nat_ptr = NULL; - } - - READ_ENTER(&ipf_state); - if (ipsec->ipsc_state != NULL) - ipsec->ipsc_state->is_age = 1; - RWLOCK_EXIT(&ipf_state); - - ipsec->ipsc_state = NULL; - ipsec->ipsc_nat = NULL; - } -} diff --git a/contrib/ipfilter/ip_lfil.c b/contrib/ipfilter/ip_lfil.c deleted file mode 100644 index a1fad99a47..0000000000 --- a/contrib/ipfilter/ip_lfil.c +++ /dev/null @@ -1,975 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.5 2002/10/03 13:47:19 darrenr Exp $"; -#endif - -#if defined(KERNEL) && !defined(_KERNEL) -# define _KERNEL -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef _KERNEL -# include -# include -# include -# include -#else -# include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef _KERNEL -# include -#endif -#include "netinet/ip_compat.h" -#include -#include "netinet/ip_fil.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_proxy.h" -#include "netinet/ip_frag.h" -#include "netinet/ip_state.h" -#include "netinet/ip_auth.h" -#ifdef _KERNEL -#include -#endif -#ifndef MIN -#define MIN(a,b) (((a)<(b))?(a):(b)) -#endif - - -#ifndef _KERNEL -# include "ipt.h" -static struct ifnet **ifneta = NULL; -static int nifs = 0; -#endif - -int fr_running = 0; -int ipl_unreach = ICMP_UNREACH_FILTER; -u_long ipl_frouteok[2] = {0, 0}; - -static int frzerostats __P((caddr_t)); -static void frsync __P((void)); -#if defined(__NetBSD__) || defined(__OpenBSD__) -static int frrequest __P((int, u_long, caddr_t, int)); -#else -static int frrequest __P((int, u_long, caddr_t, int)); -#endif -#ifdef _KERNEL -static int (*fr_savep) __P((ip_t *, int, void *, int, mb_t **)); -#else -int ipllog __P((void)); -void init_ifp __P((void)); -static int no_output __P((mb_t *, struct ifnet *)); -static int write_output __P((mb_t *, struct ifnet *)); -#endif - -#ifdef _KERNEL - -int fr_precheck(struct iphdr *ip, struct device *dev, int out, struct device **ifp) -{ - int hlen = ip->ihl << 2; - - return fr_check((ip_t *)ip, hlen, dev, out, (mb_t **)ifp); -} - - -int iplattach() -{ - char *defpass; - int s; - - if (fr_running || (fr_checkp == fr_precheck)) { - printk("IP Filter: already initialized\n"); - return EBUSY; - } - - fr_running = 1; - bzero((char *)frcache, sizeof(frcache)); - bzero((char *)nat_table, sizeof(nat_table)); - fr_savep = fr_checkp; - fr_checkp = fr_precheck; - -# ifdef IPFILTER_LOG - ipflog_init(); -# endif - if (fr_pass & FR_PASS) - defpass = "pass"; - else if (fr_pass & FR_BLOCK) - defpass = "block"; - else - defpass = "no-match -> block"; - - printk("IP Filter: initialized. Default = %s all, Logging = %s\n", - defpass, -# ifdef IPFILTER_LOG - "enabled"); -# else - "disabled"); -# endif - return 0; -} - - -/* - * Disable the filter by removing the hooks from the IP input/output - * stream. - */ -int ipldetach() -{ - int s, i = FR_INQUE|FR_OUTQUE; - - if (!fr_running) - { - printk("IP Filter: not initialized\n"); - return 0; - } - - fr_checkp = fr_savep; - i = frflush(IPL_LOGIPF, i); - fr_running = 0; - - ipfr_unload(); - ip_natunload(); - fr_stateunload(); - fr_authunload(); - - printk("IP Filter: unloaded\n"); - - return 0; -} -#endif /* _KERNEL */ - - -static int frzerostats(data) -caddr_t data; -{ - struct friostat fio; - int error; - - bcopy((char *)frstats, (char *)fio.f_st, - sizeof(struct filterstats) * 2); - fio.f_fin[0] = ipfilter[0][0]; - fio.f_fin[1] = ipfilter[0][1]; - fio.f_fout[0] = ipfilter[1][0]; - fio.f_fout[1] = ipfilter[1][1]; - fio.f_acctin[0] = ipacct[0][0]; - fio.f_acctin[1] = ipacct[0][1]; - fio.f_acctout[0] = ipacct[1][0]; - fio.f_acctout[1] = ipacct[1][1]; - fio.f_active = fr_active; - fio.f_froute[0] = ipl_frouteok[0]; - fio.f_froute[1] = ipl_frouteok[1]; - error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); - if (!error) - bzero((char *)frstats, sizeof(*frstats) * 2); - return error; -} - - -/* - * Filter ioctl interface. - */ -#if defined(_KERNEL) -int iplioctl(struct inode *inode, struct file *file, u_int cmd, u_long arg) -{ - int s; - caddr_t data = (caddr_t)arg; - - int mode = file->f_mode; -#else -int iplioctl(dev_t dev, int cmd, caddr_t data, int mode) -{ -#endif - int error = 0, unit = 0, tmp; - -#ifdef _KERNEL - unit = GET_MINOR(inode->i_rdev); - if ((IPL_LOGMAX < unit) || (unit < 0)) - return ENXIO; -#endif - - if (unit == IPL_LOGNAT) { - error = nat_ioctl(data, cmd, mode); - return error; - } - if (unit == IPL_LOGSTATE) { - error = fr_state_ioctl(data, cmd, mode); - return error; - } - - switch (cmd) { - case FIONREAD : -#ifdef IPFILTER_LOG - error = IWCOPY((caddr_t)&iplused[IPL_LOGIPF], data, - sizeof(iplused[IPL_LOGIPF])); -#endif - break; -#if !defined(IPFILTER_LKM) && defined(_KERNEL) - case SIOCFRENB : - { - u_int enable; - - if (!(mode & FWRITE)) - error = EPERM; - else { - error = IRCOPY(data, (caddr_t)&enable, sizeof(enable)); - if (error) - break; - if (enable) - error = iplattach(); - else - error = ipldetach(); - } - break; - } -#endif - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - error = IRCOPY(data, (caddr_t)&fr_flags, - sizeof(fr_flags)); - break; - case SIOCGETFF : - error = IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - { - struct friostat fio; - - bcopy((char *)frstats, (char *)fio.f_st, - sizeof(struct filterstats) * 2); - fio.f_fin[0] = ipfilter[0][0]; - fio.f_fin[1] = ipfilter[0][1]; - fio.f_fout[0] = ipfilter[1][0]; - fio.f_fout[1] = ipfilter[1][1]; - fio.f_acctin[0] = ipacct[0][0]; - fio.f_acctin[1] = ipacct[0][1]; - fio.f_acctout[0] = ipacct[1][0]; - fio.f_acctout[1] = ipacct[1][1]; - fio.f_auth = ipauth; - fio.f_active = fr_active; - fio.f_froute[0] = ipl_frouteok[0]; - fio.f_froute[1] = ipl_frouteok[1]; - error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); - break; - } - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frzerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, tmp); - error = IWCOPY((caddr_t)&tmp, data, - sizeof(tmp)); - } - } - break; -#ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; -#endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data, - sizeof(ipfrstat_t)); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { -#if defined(_KERNEL) && defined(__sgi) - ipfsync(); -#endif - frsync(); - } - break; - default : - error = EINVAL; - break; - } - return error; -} - - -static void frsync() -{ -#ifdef _KERNEL - struct device *dev; - - for (dev = dev_base; dev; dev = dev->next) - ip_natsync(dev); -#endif -} - - -static int frrequest(unit, req, data, set) -int unit; -u_long req; -int set; -caddr_t data; -{ - register frentry_t *fp, *f, **fprev; - register frentry_t **ftail; - frentry_t frd; - frdest_t *fdp; - frgroup_t *fg = NULL; - int error = 0, in; - u_int group; - - fp = &frd; - error = IRCOPYPTR(data, (caddr_t)fp, sizeof(*fp)); - if (error) - return error; - - /* - * Check that the group number does exist and that if a head group - * has been specified, doesn't exist. - */ - if (fp->fr_grhead && - fr_findgroup((u_int)fp->fr_grhead, fp->fr_flags, unit, set, NULL)) - return EEXIST; - if (fp->fr_group && - !fr_findgroup((u_int)fp->fr_group, fp->fr_flags, unit, set, NULL)) - return ESRCH; - - in = (fp->fr_flags & FR_INQUE) ? 0 : 1; - - if (unit == IPL_LOGAUTH) - ftail = fprev = &ipauth; - else if (fp->fr_flags & FR_ACCOUNT) - ftail = fprev = &ipacct[in][set]; - else if (fp->fr_flags & (FR_OUTQUE|FR_INQUE)) - ftail = fprev = &ipfilter[in][set]; - else - return ESRCH; - - if ((group = fp->fr_group)) { - if (!(fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL))) - return ESRCH; - ftail = fprev = fg->fg_start; - } - - bzero((char *)frcache, sizeof(frcache[0]) * 2); - - if (*fp->fr_ifname) { - fp->fr_ifa = GETUNIT(fp->fr_ifname, fp->fr_ip.fi_v); - if (!fp->fr_ifa) - fp->fr_ifa = (void *)-1; - } - - fdp = &fp->fr_dif; - fp->fr_flags &= ~FR_DUP; - if (*fdp->fd_ifname) { - fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_ip.fi_v); - if (!fdp->fd_ifp) - fdp->fd_ifp = (struct ifnet *)-1; - else - fp->fr_flags |= FR_DUP; - } - - fdp = &fp->fr_tif; - if (*fdp->fd_ifname) { - fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_ip.fi_v); - if (!fdp->fd_ifp) - fdp->fd_ifp = (struct ifnet *)-1; - } - - /* - * Look for a matching filter rule, but don't include the next or - * interface pointer in the comparison (fr_next, fr_ifa). - */ - for (; (f = *ftail); ftail = &f->fr_next) - if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip, - FR_CMPSIZ) == 0) - break; - - /* - * If zero'ing statistics, copy current to caller and zero. - */ - if (req == SIOCZRLST) { - if (!f) - return ESRCH; - error = IWCOPYPTR((caddr_t)f, data, sizeof(*f)); - if (error) - return error; - f->fr_hits = 0; - f->fr_bytes = 0; - return 0; - } - - if (!f) { - if (req == SIOCINAFR || req == SIOCINIFR) { - ftail = fprev; - if (fp->fr_hits) { - while (--fp->fr_hits && (f = *ftail)) { - ftail = &f->fr_next; - } - } - } - f = NULL; - } - - if (req == SIOCRMAFR || req == SIOCRMIFR) { - if (!f) - error = ESRCH; - else { - if (f->fr_ref > 1) - return EBUSY; - if (fg && fg->fg_head) - fg->fg_head->fr_ref--; - if (unit == IPL_LOGAUTH) - return fr_auth_ioctl(data, mode, req, f, ftail); - if (f->fr_grhead) - fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, - unit, set); - fixskip(fprev, f, -1); - *ftail = f->fr_next; - KFREE(f); - } - } else { - if (f) - error = EEXIST; - else { - if (unit == IPL_LOGAUTH) - return fr_auth_ioctl(data, mode, req, f, ftail); - KMALLOC(f, frentry_t *); - if (f != NULL) { - if (fg && fg->fg_head) - fg->fg_head->fr_ref++; - bcopy((char *)fp, (char *)f, sizeof(*f)); - f->fr_ref = 1; - f->fr_hits = 0; - f->fr_next = *ftail; - *ftail = f; - if (req == SIOCINIFR || req == SIOCINAFR) - fixskip(fprev, f, 1); - f->fr_grp = NULL; - if ((group = f->fr_grhead)) - fg = fr_addgroup(group, f, unit, set); - } else - error = ENOMEM; - } - } - return (error); -} - - -#ifdef _KERNEL -/* - * routines below for saving IP headers to buffer - */ -int iplopen(struct inode *inode, struct file *file) -{ - u_int min = GET_MINOR(inode->i_rdev); - - if (IPL_LOGMAX < min) - min = ENXIO; - else { - MOD_INC_USE_COUNT; - min = 0; - } - return min; -} - - -void iplclose(struct inode *inode, struct file *file) -{ - u_int min = GET_MINOR(inode->i_rdev); - - if (IPL_LOGMAX >= min) { - MOD_DEC_USE_COUNT; - } -} - -/* - * iplread/ipllog - * both of these must operate with at least splnet() lest they be - * called during packet processing and cause an inconsistancy to appear in - * the filter lists. - */ -int iplread(struct inode *inode, struct file *file, char *buf, int nbytes) -{ - struct uio uiob, *uio = &uiob; - - uio->uio_buf = buf; - uio->uio_resid = nbytes; -# ifdef IPFILTER_LOG - return ipflog_read(GET_MINOR(inode->i_rdev), uio); -# else - return ENXIO; -# endif -} - - -/* - * send_reset - this could conceivably be a call to tcp_respond(), but that - * requires a large amount of setting up and isn't any more efficient. - */ -int send_reset(ti, ifp) -struct tcpiphdr *ti; -struct ifnet *ifp; -{ - tcphdr_t *tcp; - int tlen = 0; - ip_t *ip; - mb_t *m; - - if (ti->ti_flags & TH_RST) - return -1; /* feedback loop */ - - m = alloc_skb(sizeof(tcpiphdr_t), GFP_ATOMIC); - if (m == NULL) - return -1; - - if (ti->ti_flags & TH_SYN) - tlen = 1; - - m->dev = ifp; - m->csum = 0; - ip = mtod(m, ip_t *); - m->h.iph = ip; - m->ip_hdr = NULL; - m->m_len = sizeof(tcpiphdr_t); - tcp = (tcphdr_t *)((char *)ip + sizeof(ip_t)); - bzero((char *)ip, sizeof(tcpiphdr_t)); - - ip->ip_v = IPVERSION; - ip->ip_hl = sizeof(ip_t) >> 2; - ip->ip_tos = ((ip_t *)ti)->ip_tos; - ip->ip_p = ((ip_t *)ti)->ip_p; - ip->ip_id = ((ip_t *)ti)->ip_id; - ip->ip_len = htons(sizeof(tcpiphdr_t)); - ip->ip_ttl = 127; - ip->ip_src.s_addr = ti->ti_dst.s_addr; - ip->ip_dst.s_addr = ti->ti_src.s_addr; - tcp->th_dport = ti->ti_sport; - tcp->th_sport = ti->ti_dport; - tcp->th_ack = htonl(ntohl(ti->ti_seq) + tlen); - tcp->th_off = sizeof(tcphdr_t) >> 2; - tcp->th_flags = TH_RST|TH_ACK; - - ip->ip_sum = 0; - ip->ip_sum = ipf_cksum((u_short *)ip, sizeof(ip_t)); - tcp->th_sum = fr_tcpsum(m, ip, tcp); - return ip_forward(m, NULL, IPFWD_NOTTLDEC, ip->ip_dst.s_addr); -} - - -size_t mbufchainlen(m0) -register mb_t *m0; -{ - register size_t len = 0; - - for (; m0; m0 = m0->m_next) - len += m0->m_len; - return len; -} - - -void ipfr_fastroute(m0, fin, fdp) -mb_t *m0; -fr_info_t *fin; -frdest_t *fdp; -{ -#if notyet - register ip_t *ip, *mhip; - register mb_t *m = m0; - register struct route *ro; - struct ifnet *ifp = fdp->fd_ifp; - int len, off, error = 0; - int hlen = fin->fin_hlen; - struct route iproute; - struct sockaddr_in *dst; - - ip = mtod(m0, ip_t *); - /* - * Route packet. - */ - ro = &iproute; - bzero((caddr_t)ro, sizeof (*ro)); - dst = (struct sockaddr_in *)&ro->ro_dst; - dst->sin_family = AF_INET; - dst->sin_addr = fdp->fd_ip.s_addr ? fdp->fd_ip : ip->ip_dst; - /* - * XXX -allocate route here - */ - if (!ifp) { - if (!(fin->fin_fr->fr_flags & FR_FASTROUTE)) { - error = -2; - goto bad; - } - if (ro->ro_rt == 0 || (ifp = ro->ro_rt->rt_ifp) == 0) { - if (in_localaddr(ip->ip_dst)) - error = EHOSTUNREACH; - else - error = ENETUNREACH; - goto bad; - } - if (ro->ro_rt->rt_flags & RTF_GATEWAY) - dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway; - } - ro->ro_rt->rt_use++; - - /* - * For input packets which are being "fastrouted", they won't - * go back through output filtering and miss their chance to get - * NAT'd. - */ - (void) ip_natout(ip, hlen, fin); - if (fin->fin_out) - ip->ip_sum = 0; - /* - * If small enough for interface, can just send directly. - */ - if (ip->ip_len <= ifp->if_mtu) { -# ifndef sparc - ip->ip_id = htons(ip->ip_id); - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); -# endif - if (!ip->ip_sum) - ip->ip_sum = in_cksum(m, hlen); - error = (*ifp->hard_start_xmit)(m, ifp, m); - goto done; - } - /* - * Too large for interface; fragment if possible. - * Must be able to put at least 8 bytes per fragment. - */ - if (ip->ip_off & IP_DF) { - error = EMSGSIZE; - goto bad; - } - len = (ifp->if_mtu - hlen) &~ 7; - if (len < 8) { - error = EMSGSIZE; - goto bad; - } - - { - int mhlen, firstlen = len; - mb_t **mnext = &m->m_act; - - /* - * Loop through length of segment after first fragment, - * make new header and copy data of each part and link onto chain. - */ - m0 = m; - mhlen = sizeof (struct ip); - for (off = hlen + len; off < ip->ip_len; off += len) { - MGET(m, M_DONTWAIT, MT_HEADER); - if (m == 0) { - error = ENOBUFS; - goto bad; - } - m->m_data += max_linkhdr; - mhip = mtod(m, struct ip *); - bcopy((char *)ip, (char *)mhip, sizeof(*ip)); - if (hlen > sizeof (struct ip)) { - mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip); - mhip->ip_hl = mhlen >> 2; - } - m->m_len = mhlen; - mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF); - if (ip->ip_off & IP_MF) - mhip->ip_off |= IP_MF; - if (off + len >= ip->ip_len) - len = ip->ip_len - off; - else - mhip->ip_off |= IP_MF; - mhip->ip_len = htons((u_short)(len + mhlen)); - m->m_next = m_copy(m0, off, len); - if (m->m_next == 0) { - error = ENOBUFS; /* ??? */ - goto sendorfree; - } -# ifndef sparc - mhip->ip_off = htons((u_short)mhip->ip_off); -# endif - mhip->ip_sum = 0; - mhip->ip_sum = in_cksum(m, mhlen); - *mnext = m; - mnext = &m->m_act; - } - /* - * Update first fragment by trimming what's been copied out - * and updating header, then send each fragment (in order). - */ - m_adj(m0, hlen + firstlen - ip->ip_len); - ip->ip_len = htons((u_short)(hlen + firstlen)); - ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); - ip->ip_sum = 0; - ip->ip_sum = in_cksum(m0, hlen); -sendorfree: - for (m = m0; m; m = m0) { - m0 = m->m_act; - m->m_act = 0; - if (error == 0) - error = (*ifp->if_output)(ifp, m, - (struct sockaddr *)dst); - else - m_freem(m); - } - } -done: - if (!error) - ipl_frouteok[0]++; - else - ipl_frouteok[1]++; - - if (ro->ro_rt) { - RTFREE(ro->ro_rt); - } - return; -bad: - m_freem(m); - goto done; -# endif -} - - -/* - * Fake BSD uiomove() call. - */ -int uiomove(caddr_t src, size_t ssize, int rw, struct uio *uio) -{ - int error; - size_t mv = MIN(ssize, uio->uio_resid); - - if (rw == UIO_READ) { - error = IWCOPY(src, (caddr_t)uio->uio_buf, mv); - } else if (rw == UIO_WRITE) { - error = IRCOPY((caddr_t)uio->uio_buf, src, mv); - } else - error = EINVAL; - if (!error) { - uio->uio_resid -= mv; - uio->uio_buf += mv; - } - return error; -} - -# ifdef IPFILTER_LKM -# ifndef IPL_MAJOR -# define IPL_MAJOR 95 -# endif - -# ifndef IPL_NAME -# define IPL_NAME "/dev/ipl" -# endif - -static struct file_operations ipl_fops = { - NULL, /* lseek */ - iplread, /* read */ - NULL, /* write */ - NULL, /* readdir */ - NULL, /* select */ - iplioctl, /* ioctl */ - NULL, /* mmap */ - iplopen, /* open */ - iplclose, /* release */ - NULL, /* fsync */ - NULL, /* fasync */ - NULL, /* check_media_change */ - NULL, /* revalidate */ -}; - - -int init_module(void) -{ - int error = 0, major; - - if (register_chrdev(IPL_MAJOR, "ipf", &ipl_fops)) { - printk("ipf: unable to get major number: %d\n", IPL_MAJOR); - return -EIO; - } - - error = iplattach(); - if (!error) - register_symtab(0); - return -error; -} - -void cleanup_module(void) -{ - unregister_chrdev(IPL_MAJOR, "ipf"); - (void) ipldetach(); -} -# endif /* IPFILTER_LKM */ -#else /* #ifdef _KERNEL */ - - -static int no_output __P((mb_t *m, struct ifnet *ifp)) -{ - return 0; -} - - -static int write_output __P((mb_t *m, struct ifnet *ifp)) -{ - FILE *fp; - char fname[32]; - ip_t *ip; - - ip = mtod(m, ip_t *); - sprintf(fname, "/tmp/%s", ifp->name); - if ((fp = fopen(fname, "a"))) { - fwrite((char *)ip, ntohs(ip->ip_len), 1, fp); - fclose(fp); - } - return 0; -} - - -struct ifnet *get_unit(name, v) -char *name; -int v; -{ - struct ifnet *ifp, **ifa; - char ifname[32], *s; - - for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) { - (void) sprintf(ifname, "%s", ifp->name); - if (!strcmp(name, ifname)) - return ifp; - } - - if (!ifneta) { - ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2); - ifneta[1] = NULL; - ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp)); - nifs = 1; - } else { - nifs++; - ifneta = (struct ifnet **)realloc(ifneta, - (nifs + 1) * sizeof(*ifa)); - ifneta[nifs] = NULL; - ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp)); - } - ifp = ifneta[nifs - 1]; - - for (s = name; *s && !isdigit(*s); s++) - ; - if (*s && isdigit(*s)) { - ifp->name = (char *)malloc(s - name + 1); - strncpy(ifp->name, name, s - name); - ifp->name[s - name] = '\0'; - } else { - ifp->name = strdup(name); - } - ifp->hard_start_xmit = no_output; - return ifp; -} - - - -void init_ifp() -{ - FILE *fp; - struct ifnet *ifp, **ifa; - char fname[32]; - - for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) { - ifp->hard_start_xmit = write_output; - sprintf(fname, "/tmp/%s", ifp->name); - if ((fp = fopen(fname, "w"))) - fclose(fp); - } -} - - -void ipfr_fastroute(ip, fin, fdp) -ip_t *ip; -fr_info_t *fin; -frdest_t *fdp; -{ - struct ifnet *ifp = fdp->fd_ifp; - - if (!ifp) - return; /* no routing table out here */ - - ip->ip_len = htons((u_short)ip->ip_len); - ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); - ip->ip_sum = 0; - (*ifp->hard_start_xmit)((mb_t *)ip, ifp); -} - - -int ipllog __P((void)) -{ - verbose("l"); - return 0; -} - - -int send_reset(ip, ifp) -ip_t *ip; -struct ifnet *ifp; -{ - verbose("- TCP RST sent\n"); - return 0; -} - - -int icmp_error(ip, ifp) -ip_t *ip; -struct ifnet *ifp; -{ - verbose("- TCP RST sent\n"); - return 0; -} -#endif /* _KERNEL */ diff --git a/contrib/ipfilter/ip_netbios_pxy.c b/contrib/ipfilter/ip_netbios_pxy.c deleted file mode 100644 index ee9b0c4f11..0000000000 --- a/contrib/ipfilter/ip_netbios_pxy.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Simple netbios-dgm transparent proxy for in-kernel use. - * For use with the NAT code. - * $Id: ip_netbios_pxy.c,v 1.1.2.3 2002/01/09 09:28:37 darrenr Exp $ - */ - -/*- - * Copyright (c) 2002 Paul J. Ledbetter III - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id: ip_netbios_pxy.c,v 1.1.2.3 2002/01/09 09:28:37 darrenr Exp $ - */ - -#define IPF_NETBIOS_PROXY - -int ippr_netbios_init __P((void)); -int ippr_netbios_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); - -static frentry_t netbiosfr; - -/* - * Initialize local structures. - */ -int ippr_netbios_init() -{ - bzero((char *)&netbiosfr, sizeof(netbiosfr)); - netbiosfr.fr_ref = 1; - netbiosfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; - return 0; -} - -int ippr_netbios_out(fin, ip, aps, nat) -fr_info_t *fin; -ip_t *ip; -ap_session_t *aps; -nat_t *nat; -{ - char dgmbuf[6]; - - int off, dlen; - udphdr_t *udp; - mb_t *m; - - m = *(mb_t **)fin->fin_mp; - off = fin->fin_hlen + sizeof(udphdr_t); -#if SOLARIS - dlen = msgdsize(m); -#else - dlen = mbufchainlen(m); -#endif - dlen -= off; - - /* - * no net bios datagram could possibly be shorter than this - */ - if (dlen < 11) - return 0; - - udp = (udphdr_t *)fin->fin_dp; - - /* - * move past the - * ip header; - * udp header; - * 4 bytes into the net bios dgm header. - * According to rfc1002, this should be the exact location of - * the source address/port - */ - off += 4; - - /* Copy NATed source Address/port*/ - dgmbuf[0] = (char)((ip->ip_src.s_addr ) &0xFF); - dgmbuf[1] = (char)((ip->ip_src.s_addr >> 8) &0xFF); - dgmbuf[2] = (char)((ip->ip_src.s_addr >> 16)&0xFF); - dgmbuf[3] = (char)((ip->ip_src.s_addr >> 24)&0xFF); - - dgmbuf[4] = (char)((udp->uh_sport )&0xFF); - dgmbuf[5] = (char)((udp->uh_sport >> 8)&0xFF); - - /* replace data in packet */ -#if SOLARIS - copyin_mblk(m, off, sizeof(dgmbuf), dgmbuf); -#else - m_copyback(m, off, sizeof(dgmbuf), dgmbuf); -#endif - - return 0; -} diff --git a/contrib/ipfilter/ip_sfil.c b/contrib/ipfilter/ip_sfil.c deleted file mode 100644 index 9e995d9b85..0000000000 --- a/contrib/ipfilter/ip_sfil.c +++ /dev/null @@ -1,991 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * I hate legaleese, don't you ? - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.27 2003/06/12 16:03:14 darrenr Exp $"; -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#ifdef USE_INET6 -# include -#endif -#include "ip_fil.h" -#include "ip_state.h" -#include "ip_nat.h" -#include "ip_frag.h" -#include "ip_auth.h" -#include "ip_proxy.h" -#include -#ifndef MIN -#define MIN(a,b) (((a)<(b))?(a):(b)) -#endif - - -extern fr_flags, fr_active; - -int fr_running = 0; -int ipl_unreach = ICMP_UNREACH_HOST; -u_long ipl_frouteok[2] = {0, 0}; -static int frzerostats __P((caddr_t)); -#if SOLARIS2 >= 7 -static u_int *ip_ttl_ptr; -static u_int *ip_mtudisc; -#else -static u_long *ip_ttl_ptr; -static u_long *ip_mtudisc; -#endif - -static int frrequest __P((minor_t, int, caddr_t, int)); -static int send_ip __P((fr_info_t *fin, mblk_t *m)); -kmutex_t ipl_mutex, ipf_authmx, ipf_rw; -KRWLOCK_T ipf_mutex, ipfs_mutex, ipf_solaris; -KRWLOCK_T ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; -kcondvar_t iplwait, ipfauthwait; - - -int ipldetach() -{ - int i; - -#ifdef IPFDEBUG - cmn_err(CE_CONT, "ipldetach()\n"); -#endif -#ifdef IPFILTER_LOG - for (i = IPL_LOGMAX; i >= 0; i--) - ipflog_clear(i); -#endif - i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE); - i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE); - ipfr_unload(); - fr_stateunload(); - ip_natunload(); - cv_destroy(&iplwait); - cv_destroy(&ipfauthwait); - mutex_destroy(&ipf_authmx); - mutex_destroy(&ipl_mutex); - mutex_destroy(&ipf_rw); - RW_DESTROY(&ipf_mutex); - RW_DESTROY(&ipf_frag); - RW_DESTROY(&ipf_state); - RW_DESTROY(&ipf_natfrag); - RW_DESTROY(&ipf_nat); - RW_DESTROY(&ipf_auth); - RW_DESTROY(&ipfs_mutex); - /* NOTE: This lock is acquired in ipf_detach */ - RWLOCK_EXIT(&ipf_solaris); - RW_DESTROY(&ipf_solaris); - return 0; -} - - -int iplattach __P((void)) -{ - int i; - -#ifdef IPFDEBUG - cmn_err(CE_CONT, "iplattach()\n"); -#endif - bzero((char *)frcache, sizeof(frcache)); - mutex_init(&ipf_rw, "ipf rw mutex", MUTEX_DRIVER, NULL); - mutex_init(&ipl_mutex, "ipf log mutex", MUTEX_DRIVER, NULL); - mutex_init(&ipf_authmx, "ipf auth log mutex", MUTEX_DRIVER, NULL); - RWLOCK_INIT(&ipf_solaris, "ipf filter load/unload mutex", NULL); - RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock", NULL); - RWLOCK_INIT(&ipfs_mutex, "ipf solaris mutex", NULL); - RWLOCK_INIT(&ipf_frag, "ipf fragment rwlock", NULL); - RWLOCK_INIT(&ipf_state, "ipf IP state rwlock", NULL); - RWLOCK_INIT(&ipf_nat, "ipf IP NAT rwlock", NULL); - RWLOCK_INIT(&ipf_natfrag, "ipf IP NAT-Frag rwlock", NULL); - RWLOCK_INIT(&ipf_auth, "ipf IP User-Auth rwlock", NULL); - cv_init(&iplwait, "ipl condvar", CV_DRIVER, NULL); - cv_init(&ipfauthwait, "ipf auth condvar", CV_DRIVER, NULL); -#ifdef IPFILTER_LOG - ipflog_init(); -#endif - if (nat_init() == -1) - return -1; - if (fr_stateinit() == -1) - return -1; - if (appr_init() == -1) - return -1; - - ip_ttl_ptr = NULL; - ip_mtudisc = NULL; - /* - * XXX - There is no terminator for this array, so it is not possible - * to tell if what we are looking for is missing and go off the end - * of the array. - */ - for (i = 0; ; i++) { - if (strcmp(ip_param_arr[i].ip_param_name, "ip_def_ttl") == 0) { - ip_ttl_ptr = &ip_param_arr[i].ip_param_value; - } else if (strcmp(ip_param_arr[i].ip_param_name, - "ip_path_mtu_discovery") == 0) { - ip_mtudisc = &ip_param_arr[i].ip_param_value; - } - - if (ip_mtudisc != NULL && ip_ttl_ptr != NULL) - break; - } - return 0; -} - - -static int frzerostats(data) -caddr_t data; -{ - friostat_t fio; - int error; - - fr_getstat(&fio); - error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); - if (error) - return error; - - bzero((char *)frstats, sizeof(*frstats) * 2); - - return 0; -} - - -/* - * Filter ioctl interface. - */ -int iplioctl(dev, cmd, data, mode, cp, rp) -dev_t dev; -int cmd; -#if SOLARIS2 >= 7 -intptr_t data; -#else -int *data; -#endif -int mode; -cred_t *cp; -int *rp; -{ - int error = 0, tmp; - minor_t unit; - -#ifdef IPFDEBUG - cmn_err(CE_CONT, "iplioctl(%x,%x,%x,%d,%x,%d)\n", - dev, cmd, data, mode, cp, rp); -#endif - unit = getminor(dev); - if (IPL_LOGMAX < unit) - return ENXIO; - - if (fr_running == 0 && (cmd != SIOCFRENB || unit != IPL_LOGIPF)) - return ENODEV; - - if (fr_running <= 0) - return 0; - - READ_ENTER(&ipf_solaris); - if (unit == IPL_LOGNAT) { - error = nat_ioctl((caddr_t)data, cmd, mode); - RWLOCK_EXIT(&ipf_solaris); - return error; - } - if (unit == IPL_LOGSTATE) { - error = fr_state_ioctl((caddr_t)data, cmd, mode); - RWLOCK_EXIT(&ipf_solaris); - return error; - } - if (unit == IPL_LOGAUTH) { - if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) { - if (!(mode & FWRITE)) { - error = EPERM; - } else { - error = frrequest(unit, cmd, (caddr_t)data, - fr_active); - } - } else { - error = fr_auth_ioctl((caddr_t)data, mode, cmd); - } - RWLOCK_EXIT(&ipf_solaris); - return error; - } - - switch (cmd) { - case SIOCFRENB : - { - u_int enable; - - if (!(mode & FWRITE)) - error = EPERM; - else - error = IRCOPY((caddr_t)data, (caddr_t)&enable, - sizeof(enable)); - break; - } - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else { - WRITE_ENTER(&ipf_mutex); - error = IRCOPY((caddr_t)data, (caddr_t)&fr_flags, - sizeof(fr_flags)); - RWLOCK_EXIT(&ipf_mutex); - } - break; - case SIOCGETFF : - error = IWCOPY((caddr_t)&fr_flags, (caddr_t)data, - sizeof(fr_flags)); - if (error) - error = EFAULT; - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, (caddr_t)data, fr_active); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, (caddr_t)data, - 1 - fr_active); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - WRITE_ENTER(&ipf_mutex); - bzero((char *)frcache, sizeof(frcache[0]) * 2); - error = IWCOPY((caddr_t)&fr_active, (caddr_t)data, - sizeof(fr_active)); - if (error) - error = EFAULT; - fr_active = 1 - fr_active; - RWLOCK_EXIT(&ipf_mutex); - } - break; - case SIOCGETFS : - { - friostat_t fio; - - READ_ENTER(&ipf_mutex); - fr_getstat(&fio); - RWLOCK_EXIT(&ipf_mutex); - error = IWCOPYPTR((caddr_t)&fio, (caddr_t)data, sizeof(fio)); - if (error) - error = EFAULT; - break; - } - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frzerostats((caddr_t)data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = IRCOPY((caddr_t)data, (caddr_t)&tmp, - sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = IWCOPY((caddr_t)&tmp, (caddr_t)data, - sizeof(tmp)); - if (error) - error = EFAULT; - } - } - break; -#ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = IRCOPY((caddr_t)data, (caddr_t)&tmp, - sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = IWCOPY((caddr_t)&tmp, (caddr_t)data, - sizeof(tmp)); - if (error) - error = EFAULT; - } - } - break; -#endif - case SIOCSTLCK : - error = IRCOPY((caddr_t)data, (caddr_t)&tmp, sizeof(tmp)); - if (!error) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; -#ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else { - tmp = ipflog_clear(unit); - error = IWCOPY((caddr_t)&tmp, (caddr_t)data, - sizeof(tmp)); - if (error) - error = EFAULT; - } - break; -#endif /* IPFILTER_LOG */ - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else - error = ipfsync(); - break; - case SIOCGFRST : - error = IWCOPYPTR((caddr_t)ipfr_fragstats(), (caddr_t)data, - sizeof(ipfrstat_t)); - break; - case FIONREAD : - { -#ifdef IPFILTER_LOG - int copy = (int)iplused[IPL_LOGIPF]; - - error = IWCOPY((caddr_t)©, (caddr_t)data, sizeof(copy)); - if (error) - error = EFAULT; -#endif - break; - } - default : - error = EINVAL; - break; - } - RWLOCK_EXIT(&ipf_solaris); - return error; -} - - -ill_t *get_unit(name, v) -char *name; -int v; -{ - size_t len = strlen(name) + 1; /* includes \0 */ - ill_t *il; -#if SOLARIS2 >= 10 - ill_walk_context_t ctx; -#endif - int sap; - - if (v == 4) - sap = 0x0800; - else if (v == 6) - sap = 0x86dd; - else - return NULL; -#if SOLARIS2 >= 10 - for (il = ILL_START_WALK_ALL(&ctx); il; il = ill_next(&ctx, il)) -#else - for (il = ill_g_head; il; il = il->ill_next) -#endif - if ((len == il->ill_name_length) && (il->ill_sap == sap) && - !strncmp(il->ill_name, name, len)) - return il; - return NULL; -} - - -static int frrequest(unit, req, data, set) -minor_t unit; -int req, set; -caddr_t data; -{ - register frentry_t *fp, *f, **fprev; - register frentry_t **ftail; - frgroup_t *fg = NULL; - int error = 0, in, i; - u_int *p, *pp; - frdest_t *fdp; - frentry_t fr; - u_32_t group; - ipif_t *ipif; - ill_t *ill; - ire_t *ire; - - fp = &fr; - error = IRCOPYPTR(data, (caddr_t)fp, sizeof(*fp)); - if (error) - return EFAULT; - fp->fr_ref = 0; -#if SOLARIS2 >= 8 - if (fp->fr_v == 4) - fp->fr_sap = IP_DL_SAP; - else if (fp->fr_v == 6) - fp->fr_sap = IP6_DL_SAP; - else - return EINVAL; -#else - fp->fr_sap = 0; -#endif - - WRITE_ENTER(&ipf_mutex); - /* - * Check that the group number does exist and that if a head group - * has been specified, doesn't exist. - */ - if ((req != SIOCZRLST) && ((req == SIOCINAFR) || (req == SIOCINIFR) || - (req == SIOCADAFR) || (req == SIOCADIFR)) && fp->fr_grhead && - fr_findgroup(fp->fr_grhead, fp->fr_flags, unit, set, NULL)) { - error = EEXIST; - goto out; - } - if ((req != SIOCZRLST) && fp->fr_group && - !fr_findgroup(fp->fr_group, fp->fr_flags, unit, set, NULL)) { - error = ESRCH; - goto out; - } - - in = (fp->fr_flags & FR_INQUE) ? 0 : 1; - - if (unit == IPL_LOGAUTH) - ftail = fprev = &ipauth; - else if ((fp->fr_flags & FR_ACCOUNT) && (fp->fr_v == 4)) - ftail = fprev = &ipacct[in][set]; - else if ((fp->fr_flags & (FR_OUTQUE|FR_INQUE)) && (fp->fr_v == 4)) - ftail = fprev = &ipfilter[in][set]; -#ifdef USE_INET6 - else if ((fp->fr_flags & FR_ACCOUNT) && (fp->fr_v == 6)) - ftail = fprev = &ipacct6[in][set]; - else if ((fp->fr_flags & (FR_OUTQUE|FR_INQUE)) && (fp->fr_v == 6)) - ftail = fprev = &ipfilter6[in][set]; -#endif - else { - error = ESRCH; - goto out; - } - - group = fp->fr_group; - if (group != 0) { - fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL); - if (fg == NULL) { - error = ESRCH; - goto out; - } - ftail = fprev = fg->fg_start; - } - - bzero((char *)frcache, sizeof(frcache[0]) * 2); - - for (i = 0; i < 4; i++) { - if ((fp->fr_ifnames[i][1] == '\0') && - ((fp->fr_ifnames[i][0] == '-') || - (fp->fr_ifnames[i][0] == '*'))) { - fp->fr_ifas[i] = NULL; - } else if (*fp->fr_ifnames[i]) { - fp->fr_ifas[i] = GETUNIT(fp->fr_ifnames[i], fp->fr_v); - if (!fp->fr_ifas[i]) - fp->fr_ifas[i] = (void *)-1; - } - } - - fdp = &fp->fr_dif; - fdp->fd_mp = NULL; - fp->fr_flags &= ~FR_DUP; - if (*fdp->fd_ifname) { - ill = get_unit(fdp->fd_ifname, (int)fp->fr_v); - if (!ill) - ire = (ire_t *)-1; - else if ((ipif = ill->ill_ipif) && (fp->fr_v == 4)) { -#if SOLARIS2 > 5 - ire = ire_ctable_lookup(ipif->ipif_local_addr, 0, - IRE_LOCAL, NULL, NULL, - MATCH_IRE_TYPE); -#else - ire = ire_lookup_myaddr(ipif->ipif_local_addr); -#endif - if (!ire) - ire = (ire_t *)-1; - else - fp->fr_flags |= FR_DUP; - } -#ifdef USE_INET6 - else if ((ipif = ill->ill_ipif) && (fp->fr_v == 6)) { - ire = ire_ctable_lookup_v6(&ipif->ipif_v6lcl_addr, 0, - IRE_LOCAL, NULL, NULL, - MATCH_IRE_TYPE); - if (!ire) - ire = (ire_t *)-1; - else - fp->fr_flags |= FR_DUP; - } -#endif - fdp->fd_ifp = (struct ifnet *)ire; - } - - fdp = &fp->fr_tif; - fdp->fd_mp = NULL; - if (*fdp->fd_ifname) { - ill = get_unit(fdp->fd_ifname, (int)fp->fr_v); - if (!ill) - ire = (ire_t *)-1; - else if ((ipif = ill->ill_ipif) && (fp->fr_v == 4)) { -#if SOLARIS2 > 5 - ire = ire_ctable_lookup(ipif->ipif_local_addr, 0, - IRE_LOCAL, NULL, NULL, - MATCH_IRE_TYPE); -#else - ire = ire_lookup_myaddr(ipif->ipif_local_addr); -#endif - if (!ire) - ire = (ire_t *)-1; - } -#ifdef USE_INET6 - else if ((ipif = ill->ill_ipif) && (fp->fr_v == 6)) { - ire = ire_ctable_lookup_v6(&ipif->ipif_v6lcl_addr, 0, - IRE_LOCAL, NULL, NULL, - MATCH_IRE_TYPE); - if (!ire) - ire = (ire_t *)-1; - } -#endif - fdp->fd_ifp = (struct ifnet *)ire; - } - - /* - * Look for a matching filter rule, but don't include the next or - * interface pointer in the comparison (fr_next, fr_ifa). - */ - for (fp->fr_cksum = 0, p = (u_int *)&fp->fr_ip, pp = &fp->fr_cksum; - p < pp; p++) - fp->fr_cksum += *p; - - for (; (f = *ftail); ftail = &f->fr_next) - if ((fp->fr_cksum == f->fr_cksum) && - !bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip, FR_CMPSIZ)) - break; - - /* - * If zero'ing statistics, copy current to caller and zero. - */ - if (req == SIOCZRLST) { - if (!f) { - error = ESRCH; - goto out; - } - MUTEX_DOWNGRADE(&ipf_mutex); - error = IWCOPYPTR((caddr_t)f, data, sizeof(*f)); - if (error) - goto out; - f->fr_hits = 0; - f->fr_bytes = 0; - goto out; - } - - if (!f) { - if (req != SIOCINAFR && req != SIOCINIFR) - while ((f = *ftail)) - ftail = &f->fr_next; - else { - ftail = fprev; - if (fp->fr_hits) { - while (--fp->fr_hits && (f = *ftail)) - ftail = &f->fr_next; - } - f = NULL; - } - } - - if (req == SIOCRMAFR || req == SIOCRMIFR) { - if (!f) - error = ESRCH; - else { - /* - * Only return EBUSY if there is a group list, else - * it's probably just state information referencing - * the rule. - */ - if ((f->fr_ref > 1) && f->fr_grp) { - error = EBUSY; - goto out; - } - if (fg && fg->fg_head) - fg->fg_head->fr_ref--; - if (unit == IPL_LOGAUTH) { - return fr_preauthcmd(req, f, ftail); - } - if (f->fr_grhead) - fr_delgroup(f->fr_grhead, fp->fr_flags, - unit, set); - fixskip(fprev, f, -1); - *ftail = f->fr_next; - f->fr_next = NULL; - f->fr_ref--; - if (f->fr_ref == 0) - KFREE(f); - } - } else { - if (f) { - error = EEXIST; - } else { - if (unit == IPL_LOGAUTH) { - return fr_preauthcmd(req, fp, ftail); - } - KMALLOC(f, frentry_t *); - if (f != NULL) { - if (fg && fg->fg_head) - fg->fg_head->fr_ref++; - bcopy((char *)fp, (char *)f, sizeof(*f)); - f->fr_ref = 1; - f->fr_hits = 0; - f->fr_next = *ftail; - *ftail = f; - if (req == SIOCINIFR || req == SIOCINAFR) - fixskip(fprev, f, 1); - f->fr_grp = NULL; - group = f->fr_grhead; - if (group != 0) - fg = fr_addgroup(group, f, unit, set); - } else - error = ENOMEM; - } - } -out: - RWLOCK_EXIT(&ipf_mutex); - return (error); -} - - -/* - * routines below for saving IP headers to buffer - */ -int iplopen(devp, flags, otype, cred) -dev_t *devp; -int flags, otype; -cred_t *cred; -{ - minor_t min = getminor(*devp); - -#ifdef IPFDEBUG - cmn_err(CE_CONT, "iplopen(%x,%x,%x,%x)\n", devp, flags, otype, cred); -#endif - if ((fr_running <= 0) || !(otype & OTYP_CHR)) - return ENXIO; - min = (IPL_LOGMAX < min) ? ENXIO : 0; - return min; -} - - -int iplclose(dev, flags, otype, cred) -dev_t dev; -int flags, otype; -cred_t *cred; -{ - minor_t min = getminor(dev); - -#ifdef IPFDEBUG - cmn_err(CE_CONT, "iplclose(%x,%x,%x,%x)\n", dev, flags, otype, cred); -#endif - min = (IPL_LOGMAX < min) ? ENXIO : 0; - return min; -} - -#ifdef IPFILTER_LOG -/* - * iplread/ipllog - * both of these must operate with at least splnet() lest they be - * called during packet processing and cause an inconsistancy to appear in - * the filter lists. - */ -int iplread(dev, uio, cp) -dev_t dev; -register struct uio *uio; -cred_t *cp; -{ -#ifdef IPFDEBUG - cmn_err(CE_CONT, "iplread(%x,%x,%x)\n", dev, uio, cp); -#endif - return ipflog_read(getminor(dev), uio); -} -#endif /* IPFILTER_LOG */ - - -/* - * send_reset - this could conceivably be a call to tcp_respond(), but that - * requires a large amount of setting up and isn't any more efficient. - */ -int send_reset(oip, fin) -ip_t *oip; -fr_info_t *fin; -{ - tcphdr_t *tcp, *tcp2; - int tlen, hlen; - mblk_t *m; -#ifdef USE_INET6 - ip6_t *ip6, *oip6 = (ip6_t *)oip; -#endif - ip_t *ip; - - tcp = (struct tcphdr *)fin->fin_dp; - if (tcp->th_flags & TH_RST) - return -1; - tlen = (tcp->th_flags & (TH_SYN|TH_FIN)) ? 1 : 0; -#ifdef USE_INET6 - if (fin->fin_v == 6) - hlen = sizeof(ip6_t); - else -#endif - hlen = sizeof(ip_t); - hlen += sizeof(*tcp2); - if ((m = (mblk_t *)allocb(hlen + 16, BPRI_HI)) == NULL) - return -1; - - m->b_rptr += 16; - MTYPE(m) = M_DATA; - m->b_wptr = m->b_rptr + hlen; - bzero((char *)m->b_rptr, hlen); - tcp2 = (struct tcphdr *)(m->b_rptr + hlen - sizeof(*tcp2)); - tcp2->th_dport = tcp->th_sport; - tcp2->th_sport = tcp->th_dport; - if (tcp->th_flags & TH_ACK) { - tcp2->th_seq = tcp->th_ack; - tcp2->th_flags = TH_RST; - } else { - tcp2->th_ack = ntohl(tcp->th_seq); - tcp2->th_ack += tlen; - tcp2->th_ack = htonl(tcp2->th_ack); - tcp2->th_flags = TH_RST|TH_ACK; - } - tcp2->th_off = sizeof(struct tcphdr) >> 2; - - /* - * This is to get around a bug in the Solaris 2.4/2.5 TCP checksum - * computation that is done by their put routine. - */ - tcp2->th_sum = htons(0x14); -#ifdef USE_INET6 - if (fin->fin_v == 6) { - ip6 = (ip6_t *)m->b_rptr; - ip6->ip6_src = oip6->ip6_dst; - ip6->ip6_dst = oip6->ip6_src; - ip6->ip6_plen = htons(sizeof(*tcp)); - ip6->ip6_nxt = IPPROTO_TCP; - } else -#endif - { - ip = (ip_t *)m->b_rptr; - ip->ip_src.s_addr = oip->ip_dst.s_addr; - ip->ip_dst.s_addr = oip->ip_src.s_addr; - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_p = IPPROTO_TCP; - ip->ip_len = htons(sizeof(*ip) + sizeof(*tcp)); - ip->ip_tos = oip->ip_tos; - } - return send_ip(fin, m); -} - - -int static send_ip(fin, m) -fr_info_t *fin; -mblk_t *m; -{ - RWLOCK_EXIT(&ipfs_mutex); - RWLOCK_EXIT(&ipf_solaris); -#ifdef USE_INET6 - if (fin->fin_v == 6) { - extern void ip_wput_v6 __P((queue_t *, mblk_t *)); - ip6_t *ip6; - - ip6 = (ip6_t *)m->b_rptr; - ip6->ip6_flow = 0; - ip6->ip6_vfc = 0x60; - ip6->ip6_hlim = 127; - ip_wput_v6(((qif_t *)fin->fin_qif)->qf_ill->ill_wq, m); - } else -#endif - { - ip_t *ip; - - ip = (ip_t *)m->b_rptr; - ip->ip_v = IPVERSION; - ip->ip_ttl = (u_char)(*ip_ttl_ptr); - ip->ip_off = htons(*ip_mtudisc ? IP_DF : 0); - ip_wput(((qif_t *)fin->fin_qif)->qf_ill->ill_wq, m); - } - READ_ENTER(&ipf_solaris); - READ_ENTER(&ipfs_mutex); - return 0; -} - - -int send_icmp_err(oip, type, fin, dst) -ip_t *oip; -int type; -fr_info_t *fin; -int dst; -{ - struct in_addr dst4; - struct icmp *icmp; - mblk_t *m, *mb; - int hlen, code; - qif_t *qif; - u_short sz; - ill_t *il; -#ifdef USE_INET6 - ip6_t *ip6, *oip6; -#endif - ip_t *ip; - - if ((type < 0) || (type > ICMP_MAXTYPE)) - return -1; - - code = fin->fin_icode; -#ifdef USE_INET6 - if ((code < 0) || (code > sizeof(icmptoicmp6unreach)/sizeof(int))) - return -1; -#endif - - qif = fin->fin_qif; - m = fin->fin_qfm; - -#ifdef USE_INET6 - if (oip->ip_v == 6) { - oip6 = (ip6_t *)oip; - sz = sizeof(ip6_t); - sz += MIN(m->b_wptr - m->b_rptr, 512); - hlen = sizeof(ip6_t); - type = icmptoicmp6types[type]; - if (type == ICMP6_DST_UNREACH) - code = icmptoicmp6unreach[code]; - } else -#endif - { - if ((oip->ip_p == IPPROTO_ICMP) && - !(fin->fin_fi.fi_fl & FI_SHORT)) - switch (ntohs(fin->fin_data[0]) >> 8) - { - case ICMP_ECHO : - case ICMP_TSTAMP : - case ICMP_IREQ : - case ICMP_MASKREQ : - break; - default : - return 0; - } - - sz = sizeof(ip_t) * 2; - sz += 8; /* 64 bits of data */ - hlen = sz; - } - - sz += offsetof(struct icmp, icmp_ip); - if ((mb = (mblk_t *)allocb((size_t)sz + 16, BPRI_HI)) == NULL) - return -1; - MTYPE(mb) = M_DATA; - mb->b_rptr += 16; - mb->b_wptr = mb->b_rptr + sz; - bzero((char *)mb->b_rptr, (size_t)sz); - icmp = (struct icmp *)(mb->b_rptr + sizeof(*ip)); - icmp->icmp_type = type; - icmp->icmp_code = code; - icmp->icmp_cksum = 0; -#ifdef icmp_nextmtu - if (type == ICMP_UNREACH && (il = qif->qf_ill) && - fin->fin_icode == ICMP_UNREACH_NEEDFRAG) - icmp->icmp_nextmtu = htons(il->ill_max_frag); -#endif - -#ifdef USE_INET6 - if (oip->ip_v == 6) { - struct in6_addr dst6; - int csz; - - if (dst == 0) { - if (fr_ifpaddr(6, ((qif_t *)fin->fin_qif)->qf_ill, - (struct in_addr *)&dst6) == -1) - return -1; - } else - dst6 = oip6->ip6_dst; - - csz = sz; - sz -= sizeof(ip6_t); - ip6 = (ip6_t *)mb->b_rptr; - ip6->ip6_flow = 0; - ip6->ip6_vfc = 0x60; - ip6->ip6_hlim = 127; - ip6->ip6_plen = htons(sz); - ip6->ip6_nxt = IPPROTO_ICMPV6; - ip6->ip6_src = dst6; - ip6->ip6_dst = oip6->ip6_src; - sz -= offsetof(struct icmp, icmp_ip); - bcopy((char *)m->b_rptr, (char *)&icmp->icmp_ip, sz); - icmp->icmp_cksum = csz - sizeof(ip6_t); - } else -#endif - { - ip = (ip_t *)mb->b_rptr; - ip->ip_v = IPVERSION; - ip->ip_hl = (sizeof(*ip) >> 2); - ip->ip_p = IPPROTO_ICMP; - ip->ip_id = oip->ip_id; - ip->ip_sum = 0; - ip->ip_ttl = (u_char)(*ip_ttl_ptr); - ip->ip_tos = oip->ip_tos; - ip->ip_len = (u_short)htons(sz); - if (dst == 0) { - if (fr_ifpaddr(4, ((qif_t *)fin->fin_qif)->qf_ill, - &dst4) == -1) - return -1; - } else - dst4 = oip->ip_dst; - ip->ip_src = dst4; - ip->ip_dst = oip->ip_src; - bcopy((char *)oip, (char *)&icmp->icmp_ip, sizeof(*oip)); - bcopy((char *)oip + (oip->ip_hl << 2), - (char *)&icmp->icmp_ip + sizeof(*oip), 8); - icmp->icmp_cksum = ipf_cksum((u_short *)icmp, - sizeof(*icmp) + 8); - } - - /* - * Need to exit out of these so we don't recursively call rw_enter - * from fr_qout. - */ - return send_ip(fin, mb); -} diff --git a/contrib/ipfilter/ipf.c b/contrib/ipfilter/ipf.c deleted file mode 100644 index cf85280468..0000000000 --- a/contrib/ipfilter/ipf.c +++ /dev/null @@ -1,764 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#ifdef __FreeBSD__ -# ifndef __FreeBSD_cc_version -# include -# else -# if __FreeBSD_cc_version < 430000 -# include -# endif -# endif -#endif -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__GNUC__) -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 300000 -# include -#endif -#include -#include -#include -#include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ip_nat.h" -#include "ip_state.h" -#include "ipf.h" -#include "ipl.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.23 2003/06/27 14:39:13 darrenr Exp $"; -#endif - -#if SOLARIS -static void blockunknown __P((void)); -#endif -#if !defined(__SVR4) && defined(__GNUC__) -extern char *index __P((const char *, int)); -#endif - -extern char *optarg; -extern int optind; - -void frsync __P((void)); -void zerostats __P((void)); -int main __P((int, char *[])); - -int opts = 0; -int use_inet6 = 0; - -static int fd = -1; - -static void procfile __P((char *, char *)), flushfilter __P((char *)); -static int set_state __P((u_int)); -static void showstats __P((friostat_t *)); -static void packetlogon __P((char *)), swapactive __P((void)); -static int opendevice __P((char *)); -static void closedevice __P((void)); -static char *getline __P((char *, size_t, FILE *, int *)); -static char *ipfname = IPL_NAME; -static void usage __P((char *)); -static int showversion __P((void)); -static int get_flags __P((int *)); - - -#if SOLARIS -# define OPTS "6AdDEf:F:Il:noPrsUvVyzZ" -#else -# define OPTS "6AdDEf:F:Il:noPrsvVyzZ" -#endif - -static void usage(name) -char *name; -{ - fprintf(stderr, "usage: %s [-%s] %s %s %s\n", name, OPTS, - "[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]"); - exit(1); -} - - -int main(argc,argv) -int argc; -char *argv[]; -{ - int c; - - if (argc < 2) - usage(argv[0]); - - while ((c = getopt(argc, argv, OPTS)) != -1) { - switch (c) - { - case '6' : - use_inet6 = 1; - break; - case 'A' : - opts &= ~OPT_INACTIVE; - break; - case 'E' : - if (set_state((u_int)1)) - exit(1); - break; - case 'D' : - if (set_state((u_int)0)) - exit(1); - break; - case 'd' : - opts |= OPT_DEBUG; - break; - case 'f' : - procfile(argv[0], optarg); - break; - case 'F' : - flushfilter(optarg); - break; - case 'I' : - opts |= OPT_INACTIVE; - break; - case 'l' : - packetlogon(optarg); - break; - case 'n' : - opts |= OPT_DONOTHING; - break; - case 'o' : - break; - case 'P' : - ipfname = IPL_AUTH; - break; - case 'r' : - opts |= OPT_REMOVE; - break; - case 's' : - swapactive(); - break; -#if SOLARIS - case 'U' : - blockunknown(); - break; -#endif - case 'v' : - opts += OPT_VERBOSE; - break; - case 'V' : - if (showversion()) - exit(1); - break; - case 'y' : - frsync(); - break; - case 'z' : - opts |= OPT_ZERORULEST; - break; - case 'Z' : - zerostats(); - break; - case '?' : - default : - usage(argv[0]); - break; - } - } - - if (optind < 2) - usage(argv[0]); - - if (fd != -1) - (void) close(fd); - - exit(0); - /* NOTREACHED */ -} - - -static int opendevice(ipfdev) -char *ipfdev; -{ - if (opts & OPT_DONOTHING) - return 0; - - if (!ipfdev) - ipfdev = ipfname; - - /* - * shouldn't we really be testing for fd < 0 here and below? - */ - - if (fd != -1) - return 0; - - if ((fd = open(ipfdev, O_RDWR)) == -1) { - if ((fd = open(ipfdev, O_RDONLY)) == -1) { - perror("open device"); - if (errno == ENODEV) - fprintf(stderr, "IPFilter enabled?\n"); - return -1; - } - } - - return 0; -} - - -static void closedevice() -{ - if (fd != -1) - close(fd); - fd = -1; -} - - -/* - * Return codes: - * 0 Success - * !0 Failure (and an error message has already been printed) - */ -static int get_flags(i) -int *i; -{ - - if (opts & OPT_DONOTHING) - return 0; - - if (opendevice(ipfname) < 0) - return -1; - - if (ioctl(fd, SIOCGETFF, i) == -1) { - perror("SIOCGETFF"); - return -1; - } - return 0; -} - - -static int set_state(enable) -u_int enable; -{ - if (opts & OPT_DONOTHING) - return 0; - - if (opendevice(ipfname)) - return -1; - - if (ioctl(fd, SIOCFRENB, &enable) == -1) { - if (errno == EBUSY) - /* Not really an error */ - fprintf(stderr, - "IP Filter: already initialized\n"); - else { - perror("SIOCFRENB"); - return -1; - } - } - return 0; -} - -static void procfile(name, file) -char *name, *file; -{ - FILE *fp; - char line[513], *s; - struct frentry *fr; - u_int add, del; - int linenum = 0; - int parsestatus; - - if (opendevice(ipfname) == -1) - exit(1); - - if (opts & OPT_INACTIVE) { - add = SIOCADIFR; - del = SIOCRMIFR; - } else { - add = SIOCADAFR; - del = SIOCRMAFR; - } - if (opts & OPT_DEBUG) - printf("add %x del %x\n", add, del); - - initparse(); - - if (!strcmp(file, "-")) - fp = stdin; - else if (!(fp = fopen(file, "r"))) { - fprintf(stderr, "%s: fopen(%s) failed: %s\n", name, file, - STRERROR(errno)); - exit(1); - } - - while (getline(line, sizeof(line), fp, &linenum)) { - /* - * treat CR as EOL. LF is converted to NUL by getline(). - */ - if ((s = index(line, '\r'))) - *s = '\0'; - /* - * # is comment marker, everything after is a ignored - */ - if ((s = index(line, '#'))) - *s = '\0'; - - if (!*line) - continue; - - if (opts & OPT_VERBOSE) - (void)fprintf(stderr, "[%s]\n", line); - - parsestatus = 1; - fr = parse(line, linenum, &parsestatus); - (void)fflush(stdout); - - if (parsestatus != 0) { - fprintf(stderr, "%s: %s: %s error (%d), quitting\n", - name, file, - ((parsestatus < 0)? "parse": "internal"), - parsestatus); - exit(1); - } - - if (fr) { - if (opts & OPT_ZERORULEST) - add = SIOCZRLST; - else if (opts & OPT_INACTIVE) - add = (u_int)fr->fr_hits ? SIOCINIFR : - SIOCADIFR; - else - add = (u_int)fr->fr_hits ? SIOCINAFR : - SIOCADAFR; - if (fr->fr_hits) - fr->fr_hits--; - if (fr && (opts & OPT_VERBOSE)) - printfr(fr); - if (fr && (opts & OPT_OUTQUE)) - fr->fr_flags |= FR_OUTQUE; - - if (opts & OPT_DEBUG) - binprint(fr); - - if ((opts & OPT_ZERORULEST) && - !(opts & OPT_DONOTHING)) { - if (ioctl(fd, add, &fr) == -1) { - fprintf(stderr, "%d:", linenum); - perror("ioctl(SIOCZRLST)"); - exit(1); - } else { -#ifdef USE_QUAD_T - printf("hits %qd bytes %qd ", - (long long)fr->fr_hits, - (long long)fr->fr_bytes); -#else - printf("hits %ld bytes %ld ", - fr->fr_hits, fr->fr_bytes); -#endif - printfr(fr); - } - } else if ((opts & OPT_REMOVE) && - !(opts & OPT_DONOTHING)) { - if (ioctl(fd, del, &fr) == -1) { - fprintf(stderr, "%d:", linenum); - perror("ioctl(delete rule)"); - exit(1); - } - } else if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, add, &fr) == -1) { - fprintf(stderr, "%d:", linenum); - perror("ioctl(add/insert rule)"); - exit(1); - } - } - } - } - if (ferror(fp) || !feof(fp)) { - fprintf(stderr, "%s: %s: file error or line too long\n", - name, file); - exit(1); - } - (void)fclose(fp); -} - -/* - * Similar to fgets(3) but can handle '\\' and NL is converted to NUL. - * Returns NULL if error occurred, EOF encounterd or input line is too long. - */ -static char *getline(str, size, file, linenum) -register char *str; -size_t size; -FILE *file; -int *linenum; -{ - char *p; - int s, len; - - do { - for (p = str, s = size;; p += (len - 1), s -= (len - 1)) { - /* - * if an error occurred, EOF was encounterd, or there - * was no room to put NUL, return NULL. - */ - if (fgets(p, s, file) == NULL) - return (NULL); - len = strlen(p); - if (p[len - 1] != '\n') { - p[len] = '\0'; - break; - } - (*linenum)++; - p[len - 1] = '\0'; - if (len < 2 || p[len - 2] != '\\') - break; - else - /* - * Convert '\\' to a space so words don't - * run together - */ - p[len - 2] = ' '; - } - } while (*str == '\0'); - return (str); -} - - -static void packetlogon(opt) -char *opt; -{ - int flag; - - if (get_flags(&flag)) - exit(1); - - if (flag != 0) { - if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) - printf("log flag is currently %#x\n", flag); - } - - flag &= ~(FF_LOGPASS|FF_LOGNOMATCH|FF_LOGBLOCK); - - if (index(opt, 'p')) { - flag |= FF_LOGPASS; - if (opts & OPT_VERBOSE) - printf("set log flag: pass\n"); - } - if (index(opt, 'm') && (*opt == 'n' || *opt == 'N')) { - flag |= FF_LOGNOMATCH; - if (opts & OPT_VERBOSE) - printf("set log flag: nomatch\n"); - } - if (index(opt, 'b') || index(opt, 'd')) { - flag |= FF_LOGBLOCK; - if (opts & OPT_VERBOSE) - printf("set log flag: block\n"); - } - - if (opendevice(ipfname) == -1) { - exit(1); - } - - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCSETFF, &flag) != 0) { - perror("ioctl(SIOCSETFF)"); - exit(1); - } - } - - if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) { - /* - * Even though the ioctls above succeeded, it - * is possible that a calling script/program - * relies on the following verbose mode string. - * Thus, we still take an error exit if get_flags - * fails here. - */ - if (get_flags(&flag)) - exit(1); - printf("log flag is now %#x\n", flag); - } -} - - -static void flushfilter(arg) -char *arg; -{ - int fl = 0, rem; - - if (!arg || !*arg) { - fprintf(stderr, "-F: no filter specified\n"); - exit(1); - } - - if (!strcmp(arg, "s") || !strcmp(arg, "S")) { - if (*arg == 'S') - fl = 0; - else - fl = 1; - rem = fl; - - closedevice(); - - if (opendevice(IPL_STATE) == -1) { - exit(1); - } - - if (!(opts & OPT_DONOTHING)) { - if (use_inet6) { - if (ioctl(fd, SIOCIPFL6, &fl) == -1) { - perror("ioctl(SIOCIPFL6)"); - exit(1); - } - } else { - if (ioctl(fd, SIOCIPFFL, &fl) == -1) { - perror("ioctl(SIOCIPFFL)"); - exit(1); - } - } - } - if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) { - printf("remove flags %s (%d)\n", arg, rem); - printf("removed %d filter rules\n", fl); - } - closedevice(); - return; - } - if (strchr(arg, 'i') || strchr(arg, 'I')) - fl = FR_INQUE; - if (strchr(arg, 'o') || strchr(arg, 'O')) - fl = FR_OUTQUE; - if (strchr(arg, 'a') || strchr(arg, 'A')) - fl = FR_OUTQUE|FR_INQUE; - fl |= (opts & FR_INACTIVE); - rem = fl; - - if (opendevice(ipfname) == -1) { - exit(1); - } - - if (!(opts & OPT_DONOTHING)) { - if (use_inet6) { - if (ioctl(fd, SIOCIPFL6, &fl) == -1) { - perror("ioctl(SIOCIPFL6)"); - exit(1); - } - } else { - if (ioctl(fd, SIOCIPFFL, &fl) == -1) { - perror("ioctl(SIOCIPFFL)"); - exit(1); - } - } - } - if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) { - printf("remove flags %s%s (%d)\n", (rem & FR_INQUE) ? "I" : "", - (rem & FR_OUTQUE) ? "O" : "", rem); - printf("removed %d filter rules\n", fl); - } - return; -} - - -static void swapactive() -{ - int in = 2; - - if (opendevice(ipfname) == -1) { - exit(1); - } - - - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCSWAPA, &in) == -1) { - perror("ioctl(SIOCSWAPA)"); - exit(1); - } - } - printf("Set %d now inactive\n", in); -} - - -void frsync() -{ - int frsyn = 0; - - if (opendevice(ipfname) == -1) - exit(1); - - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCFRSYN, &frsyn) == -1) { - perror("SIOCFRSYN"); - exit(1); - } - } - printf("filter sync'd\n"); -} - - -void zerostats() -{ - friostat_t fio; - friostat_t *fiop = &fio; - - if (opendevice(ipfname) == -1) - exit(1); - - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCFRZST, &fiop) == -1) { - perror("ioctl(SIOCFRZST)"); - exit(-1); - } - showstats(fiop); - } - -} - - -/* - * Read the kernel stats for packets blocked and passed - */ -static void showstats(fp) -friostat_t *fp; -{ -#if SOLARIS - printf("dropped packets:\tin %lu\tout %lu\n", - fp->f_st[0].fr_drop, fp->f_st[1].fr_drop); - printf("non-ip packets:\t\tin %lu\tout %lu\n", - fp->f_st[0].fr_notip, fp->f_st[1].fr_notip); - printf(" bad packets:\t\tin %lu\tout %lu\n", - fp->f_st[0].fr_bad, fp->f_st[1].fr_bad); -#endif - printf(" input packets:\t\tblocked %lu passed %lu nomatch %lu", - fp->f_st[0].fr_block, fp->f_st[0].fr_pass, - fp->f_st[0].fr_nom); - printf(" counted %lu\n", fp->f_st[0].fr_acct); - printf("output packets:\t\tblocked %lu passed %lu nomatch %lu", - fp->f_st[1].fr_block, fp->f_st[1].fr_pass, - fp->f_st[1].fr_nom); - printf(" counted %lu\n", fp->f_st[0].fr_acct); - printf(" input packets logged:\tblocked %lu passed %lu\n", - fp->f_st[0].fr_bpkl, fp->f_st[0].fr_ppkl); - printf("output packets logged:\tblocked %lu passed %lu\n", - fp->f_st[1].fr_bpkl, fp->f_st[1].fr_ppkl); - printf(" packets logged:\tinput %lu-%lu output %lu-%lu\n", - fp->f_st[0].fr_pkl, fp->f_st[0].fr_skip, - fp->f_st[1].fr_pkl, fp->f_st[1].fr_skip); -} - - -#if SOLARIS -static void blockunknown() -{ - int flag; - - if (opendevice(ipfname) == -1) - exit(1); - - if (get_flags(&flag)) - exit(1); - - if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) - printf("log flag is currently %#x\n", flag); - - flag ^= FF_BLOCKNONIP; - - if (opendevice(ipfname) == -1) - exit(1); - - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCSETFF, &flag)) - perror("ioctl(SIOCSETFF)"); - } - - if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) { - if (ioctl(fd, SIOCGETFF, &flag)) - perror("ioctl(SIOCGETFF)"); - - printf("log flag is now %#x\n", flag); - } -} -#endif - - -/* - * nonzero return value means caller should exit with error - */ -static int showversion() -{ - struct friostat fio; - struct friostat *fiop=&fio; - int flags, vfd; - char *s; - - printf("ipf: %s (%d)\n", IPL_VERSION, (int)sizeof(frentry_t)); - - if ((vfd = open(ipfname, O_RDONLY)) == -1) { - perror("open device"); - return 1; - } - - if (ioctl(vfd, SIOCGETFS, &fiop)) { - perror("ioctl(SIOCGETFS)"); - close(vfd); - return 1; - } - close(vfd); - - printf("Kernel: %-*.*s\n", (int)sizeof(fio.f_version), - (int)sizeof(fio.f_version), fio.f_version); - printf("Running: %s\n", fio.f_running ? "yes" : "no"); - - if (get_flags(&flags)) { - return 1; - } - printf("Log Flags: %#x = ", flags); - s = ""; - if (flags & FF_LOGPASS) { - printf("pass"); - s = ", "; - } - if (flags & FF_LOGBLOCK) { - printf("%sblock", s); - s = ", "; - } - if (flags & FF_LOGNOMATCH) { - printf("%snomatch", s); - s = ", "; - } - if (flags & FF_BLOCKNONIP) { - printf("%snonip", s); - s = ", "; - } - if (!*s) - printf("none set"); - putchar('\n'); - - printf("Default: "); - if (fio.f_defpass & FR_PASS) - s = "pass"; - else if (fio.f_defpass & FR_BLOCK) - s = "block"; - else - s = "nomatch -> block"; - printf("%s all, Logging: %savailable\n", s, fio.f_logging ? "" : "un"); - printf("Active list: %d\n", fio.f_active); - - return 0; -} diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h deleted file mode 100644 index 9260d03f0a..0000000000 --- a/contrib/ipfilter/ipf.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * @(#)ipf.h 1.12 6/5/96 - * $Id: ipf.h,v 2.9.2.7 2003/05/15 17:45:33 darrenr Exp $ - */ - -#ifndef __IPF_H__ -#define __IPF_H__ - -#ifndef SOLARIS -#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) -#endif -#define OPT_REMOVE 0x000001 -#define OPT_DEBUG 0x000002 -#define OPT_OUTQUE FR_OUTQUE /* 0x00004 */ -#define OPT_INQUE FR_INQUE /* 0x00008 */ -#define OPT_LOG FR_LOG /* 0x00010 */ -#define OPT_SHOWLIST 0x000020 -#define OPT_VERBOSE 0x000040 -#define OPT_DONOTHING 0x000080 -#define OPT_HITS 0x000100 -#define OPT_BRIEF 0x000200 -#define OPT_ACCNT FR_ACCOUNT /* 0x0400 */ -#define OPT_FRSTATES FR_KEEPFRAG /* 0x0800 */ -#define OPT_IPSTATES FR_KEEPSTATE /* 0x1000 */ -#define OPT_INACTIVE FR_INACTIVE /* 0x2000 */ -#define OPT_SHOWLINENO 0x004000 -#define OPT_PRINTFR 0x008000 -#define OPT_ZERORULEST 0x010000 -#define OPT_SAVEOUT 0x020000 -#define OPT_AUTHSTATS 0x040000 -#define OPT_RAW 0x080000 -#define OPT_NAT 0x100000 -#define OPT_GROUPS 0x200000 -#define OPT_STATETOP 0x400000 -#define OPT_FLUSH 0x800000 -#define OPT_CLEAR 0x1000000 -#define OPT_HEX 0x2000000 -#define OPT_NODO 0x80000000 - -#define OPT_STAT OPT_FRSTATES -#define OPT_LIST OPT_SHOWLIST - - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -struct ipstate; -struct frpcmp; -struct ipnat; -struct nat; - -#ifdef ultrix -extern char *strdup __P((char *)); -#endif - -extern struct frentry *parse __P((char *, int, int *)); - -extern void printfr __P((struct frentry *)); -extern void binprint __P((struct frentry *)), initparse __P((void)); -extern int portnum __P((char *, u_short *, int)); - - -struct ipopt_names { - int on_value; - int on_bit; - int on_siz; - char *on_name; -}; - - -extern char *proto; -extern char flagset[]; -extern u_char flags[]; - -extern u_char tcp_flags __P((char *, u_char *, int)); -extern int countbits __P((u_32_t)); -extern int ratoi __P((char *, int *, int, int)); -extern int ratoui __P((char *, u_int *, u_int, u_int)); -extern int hostmask __P((char ***, u_32_t *, u_32_t *, u_short *, int *, - u_short *, int)); -extern int ports __P((char ***, u_short *, int *, u_short *, int)); -extern char *portname __P((int, int)); -extern u_32_t buildopts __P((char *, char *, int)); -extern int genmask __P((char *, u_32_t *)); -extern int hostnum __P((u_32_t *, char *, int)); -extern u_32_t optname __P((char ***, u_short *, int)); -extern void printpacket __P((ip_t *)); -extern void printpacket6 __P((ip_t *)); -extern void printportcmp __P((int, struct frpcmp *)); -extern void printhostmask __P((int, u_32_t *, u_32_t *)); -extern void printbuf __P((char *, int, int)); -extern char *hostname __P((int, void *)); -extern struct ipstate *printstate __P((struct ipstate *, int)); -extern void printnat __P((struct ipnat *, int)); -extern void printactivenat __P((struct nat *, int)); - -#if SOLARIS -extern int inet_aton __P((const char *, struct in_addr *)); -extern int gethostname __P((char *, int )); -extern void sync __P((void)); -#endif - -#if defined(sun) && !SOLARIS -# define STRERROR(x) sys_errlist[x] -extern char *sys_errlist[]; -#else -# define STRERROR(x) strerror(x) -#endif - -#ifndef MIN -#define MIN(a,b) ((a) > (b) ? (b) : (a)) -#endif - -#endif /* __IPF_H__ */ diff --git a/contrib/ipfilter/ipfs.c b/contrib/ipfilter/ipfs.c deleted file mode 100644 index ffbd71bd64..0000000000 --- a/contrib/ipfilter/ipfs.c +++ /dev/null @@ -1,859 +0,0 @@ -/* - * Copyright (C) 1999-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#ifdef __FreeBSD__ -# ifndef __FreeBSD_cc_version -# include -# else -# if __FreeBSD_cc_version < 430000 -# include -# endif -# endif -#endif -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__GNUC__) -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 300000 -# include -#endif -#include -#include -#include -#include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ip_nat.h" -#include "ip_state.h" -#include "ipf.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.15 2003/05/31 02:12:21 darrenr Exp $"; -#endif - -#ifndef IPF_SAVEDIR -# define IPF_SAVEDIR "/var/db/ipf" -#endif -#ifndef IPF_NATFILE -# define IPF_NATFILE "ipnat.ipf" -#endif -#ifndef IPF_STATEFILE -# define IPF_STATEFILE "ipstate.ipf" -#endif - -#if !defined(__SVR4) && defined(__GNUC__) -extern char *index __P((const char *, int)); -#endif - -extern char *optarg; -extern int optind; - -int main __P((int, char *[])); -void usage __P((void)); -int changestateif __P((char *, char *)); -int changenatif __P((char *, char *)); -int readstate __P((int, char *)); -int readnat __P((int, char *)); -int writestate __P((int, char *)); -int opendevice __P((char *)); -void closedevice __P((int)); -int setlock __P((int, int)); -int writeall __P((char *)); -int readall __P((char *)); -int writenat __P((int, char *)); -char *concat __P((char *, char *)); - -int opts = 0; -char *progname; - - -void usage() -{ - fprintf(stderr, "\ -usage: %s [-nv] -l\n\ -usage: %s [-nv] -u\n\ -usage: %s [-nv] [-d ] -R\n\ -usage: %s [-nv] [-d ] -W\n\ -usage: %s [-nv] -N [-f | -d ] -r\n\ -usage: %s [-nv] -S [-f | -d ] -r\n\ -usage: %s [-nv] -N [-f | -d ] -w\n\ -usage: %s [-nv] -S [-f | -d ] -w\n\ -usage: %s [-nv] -N [-f | -d ] -i ,\n\ -usage: %s [-nv] -S [-f | -d ] -i ,\n\ -", progname, progname, progname, progname, progname, progname, - progname, progname, progname, progname); - exit(1); -} - - -/* - * Change interface names in state information saved out to disk. - */ -int changestateif(ifs, fname) -char *ifs, *fname; -{ - int fd, olen, nlen, rw; - ipstate_save_t ips; - off_t pos; - char *s; - - s = strchr(ifs, ','); - if (!s) - usage(); - *s++ = '\0'; - nlen = strlen(s); - olen = strlen(ifs); - if (nlen >= sizeof(ips.ips_is.is_ifname) || - olen >= sizeof(ips.ips_is.is_ifname)) - usage(); - - fd = open(fname, O_RDWR); - if (fd == -1) { - perror("open"); - exit(1); - } - - for (pos = 0; read(fd, &ips, sizeof(ips)) == sizeof(ips); ) { - rw = 0; - if (!strncmp(ips.ips_is.is_ifname[0], ifs, olen + 1)) { - strcpy(ips.ips_is.is_ifname[0], s); - rw = 1; - } - if (!strncmp(ips.ips_is.is_ifname[1], ifs, olen + 1)) { - strcpy(ips.ips_is.is_ifname[1], s); - rw = 1; - } - if (rw == 1) { - if (lseek(fd, pos, SEEK_SET) != pos) { - perror("lseek"); - exit(1); - } - if (write(fd, &ips, sizeof(ips)) != sizeof(ips)) { - perror("write"); - exit(1); - } - } - pos = lseek(fd, 0, SEEK_CUR); - } - close(fd); - - return 0; -} - - -/* - * Change interface names in NAT information saved out to disk. - */ -int changenatif(ifs, fname) -char *ifs, *fname; -{ - int fd, olen, nlen, rw; - nat_save_t ipn; - nat_t *nat; - off_t pos; - char *s; - - s = strchr(ifs, ','); - if (!s) - usage(); - *s++ = '\0'; - nlen = strlen(s); - olen = strlen(ifs); - nat = &ipn.ipn_nat; - if (nlen >= sizeof(nat->nat_ifname) || olen >= sizeof(nat->nat_ifname)) - usage(); - - fd = open(fname, O_RDWR); - if (fd == -1) { - perror("open"); - exit(1); - } - - for (pos = 0; read(fd, &ipn, sizeof(ipn)) == sizeof(ipn); ) { - rw = 0; - if (!strncmp(nat->nat_ifname, ifs, olen + 1)) { - strcpy(nat->nat_ifname, s); - rw = 1; - } - if (rw == 1) { - if (lseek(fd, pos, SEEK_SET) != pos) { - perror("lseek"); - exit(1); - } - if (write(fd, &ipn, sizeof(ipn)) != sizeof(ipn)) { - perror("write"); - exit(1); - } - } - pos = lseek(fd, 0, SEEK_CUR); - } - close(fd); - - return 0; -} - - -int main(argc,argv) -int argc; -char *argv[]; -{ - int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0; - char *dirname = NULL, *filename = NULL, *ifs = NULL; - - progname = argv[0]; - - while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1) - switch (c) - { - case 'd' : - if ((set == 0) && !dirname && !filename) - dirname = optarg; - else - usage(); - break; - case 'f' : - if ((set == 1) && !dirname && !filename && !(rw & 2)) - filename = optarg; - else - usage(); - break; - case 'i' : - ifs = optarg; - set = 1; - break; - case 'l' : - if (filename || dirname || set) - usage(); - lock = 1; - set = 1; - break; - case 'n' : - opts |= OPT_DONOTHING; - break; - case 'N' : - if ((ns >= 0) || dirname || (rw != -1) || set) - usage(); - ns = 0; - set = 1; - break; - case 'r' : - if (dirname || (rw != -1) || (ns == -1)) - usage(); - rw = 0; - set = 1; - break; - case 'R' : - if (filename || (ns != -1)) - usage(); - rw = 2; - set = 1; - break; - case 'S' : - if ((ns >= 0) || dirname || (rw != -1) || set) - usage(); - ns = 1; - set = 1; - break; - case 'u' : - if (filename || dirname || set) - usage(); - lock = 0; - set = 1; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case 'w' : - if (dirname || (rw != -1) || (ns == -1)) - usage(); - rw = 1; - set = 1; - break; - case 'W' : - if (filename || (ns != -1)) - usage(); - rw = 3; - set = 1; - break; - case '?' : - default : - usage(); - } - - if (optind < 2) - usage(); - - if (filename == NULL) { - if (ns == 0) { - if (dirname == NULL) - dirname = IPF_SAVEDIR; - if (dirname[strlen(dirname) - 1] != '/') - dirname = concat(dirname, "/"); - filename = concat(dirname, IPF_NATFILE); - } else if (ns == 1) { - if (dirname == NULL) - dirname = IPF_SAVEDIR; - if (dirname[strlen(dirname) - 1] != '/') - dirname = concat(dirname, "/"); - filename = concat(dirname, IPF_STATEFILE); - } - } - - if (ifs) { - if (!filename || ns < 0) - usage(); - if (ns == 0) - return changenatif(ifs, filename); - else - return changestateif(ifs, filename); - } - - if ((ns >= 0) || (lock >= 0)) { - if (lock >= 0) - devfd = opendevice(NULL); - else if (ns >= 0) { - if (ns == 1) - devfd = opendevice(IPL_STATE); - else if (ns == 0) - devfd = opendevice(IPL_NAT); - } - if (devfd == -1) - exit(1); - } - - if (lock >= 0) - err = setlock(devfd, lock); - else if (rw >= 0) { - if (rw & 1) { /* WRITE */ - if (rw & 2) - err = writeall(dirname); - else { - if (ns == 0) - err = writenat(devfd, filename); - else if (ns == 1) - err = writestate(devfd, filename); - } - } else { - if (rw & 2) - err = readall(dirname); - else { - if (ns == 0) - err = readnat(devfd, filename); - else if (ns == 1) - err = readstate(devfd, filename); - } - } - } - return err; -} - - -char *concat(base, append) -char *base, *append; -{ - char *str; - - str = malloc(strlen(base) + strlen(append) + 1); - if (str != NULL) { - strcpy(str, base); - strcat(str, append); - } - return str; -} - - -int opendevice(ipfdev) -char *ipfdev; -{ - int fd = -1; - - if (opts & OPT_DONOTHING) - return -2; - - if (!ipfdev) - ipfdev = IPL_NAME; - - if ((fd = open(ipfdev, O_RDWR)) == -1) - if ((fd = open(ipfdev, O_RDONLY)) == -1) - perror("open device"); - return fd; -} - - -void closedevice(fd) -int fd; -{ - close(fd); -} - - -int setlock(fd, lock) -int fd, lock; -{ - if (opts & OPT_VERBOSE) - printf("Turn lock %s\n", lock ? "on" : "off"); - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCSTLCK, &lock) == -1) { - perror("SIOCSTLCK"); - return 1; - } - if (opts & OPT_VERBOSE) - printf("Lock now %s\n", lock ? "on" : "off"); - } - return 0; -} - - -int writestate(fd, file) -int fd; -char *file; -{ - ipstate_save_t ips, *ipsp; - int wfd = -1; - - if (!file) - file = IPF_STATEFILE; - - wfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600); - if (wfd == -1) { - fprintf(stderr, "%s ", file); - perror("state:open"); - return 1; - } - - ipsp = &ips; - bzero((char *)ipsp, sizeof(ips)); - - do { - if (opts & OPT_VERBOSE) - printf("Getting state from addr %p\n", ips.ips_next); - if (ioctl(fd, SIOCSTGET, &ipsp)) { - if (errno == ENOENT) - break; - perror("state:SIOCSTGET"); - close(wfd); - return 1; - } - if (opts & OPT_VERBOSE) - printf("Got state next %p\n", ips.ips_next); - if (write(wfd, ipsp, sizeof(ips)) != sizeof(ips)) { - perror("state:write"); - close(wfd); - return 1; - } - } while (ips.ips_next != NULL); - close(wfd); - - return 0; -} - - -int readstate(fd, file) -int fd; -char *file; -{ - ipstate_save_t ips, *is, *ipshead = NULL, *is1, *ipstail = NULL; - int sfd = -1, i; - - if (!file) - file = IPF_STATEFILE; - - sfd = open(file, O_RDONLY, 0600); - if (sfd == -1) { - fprintf(stderr, "%s ", file); - perror("open"); - return 1; - } - - bzero((char *)&ips, sizeof(ips)); - - /* - * 1. Read all state information in. - */ - do { - i = read(sfd, &ips, sizeof(ips)); - if (i == -1) { - perror("read"); - close(sfd); - return 1; - } - if (i == 0) - break; - if (i != sizeof(ips)) { - fprintf(stderr, "incomplete read: %d != %d\n", i, - (int)sizeof(ips)); - close(sfd); - return 1; - } - is = (ipstate_save_t *)malloc(sizeof(*is)); - if(!is) { - fprintf(stderr, "malloc failed\n"); - return 1; - } - - bcopy((char *)&ips, (char *)is, sizeof(ips)); - - /* - * Check to see if this is the first state entry that will - * reference a particular rule and if so, flag it as such - * else just adjust the rule pointer to become a pointer to - * the other. We do this so we have a means later for tracking - * who is referencing us when we get back the real pointer - * in is_rule after doing the ioctl. - */ - for (is1 = ipshead; is1 != NULL; is1 = is1->ips_next) - if (is1->ips_rule == is->ips_rule) - break; - if (is1 == NULL) - is->ips_is.is_flags |= FI_NEWFR; - else - is->ips_rule = (void *)&is1->ips_rule; - - /* - * Use a tail-queue type list (add things to the end).. - */ - is->ips_next = NULL; - if (!ipshead) - ipshead = is; - if (ipstail) - ipstail->ips_next = is; - ipstail = is; - } while (1); - - close(sfd); - - for (is = ipshead; is; is = is->ips_next) { - if (opts & OPT_VERBOSE) - printf("Loading new state table entry\n"); - if (is->ips_is.is_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Loading new filter rule\n"); - } - if (!(opts & OPT_DONOTHING)) - if (ioctl(fd, SIOCSTPUT, &is)) { - perror("SIOCSTPUT"); - return 1; - } - - if (is->ips_is.is_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Real rule addr %p\n", is->ips_rule); - for (is1 = is->ips_next; is1; is1 = is1->ips_next) - if (is1->ips_rule == (frentry_t *)&is->ips_rule) - is1->ips_rule = is->ips_rule; - } - } - - return 0; -} - - -int readnat(fd, file) -int fd; -char *file; -{ - nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL; - int nfd = -1, i; - nat_t *nat; - char *s; - int n; - - if (!file) - file = IPF_NATFILE; - - nfd = open(file, O_RDONLY); - if (nfd == -1) { - fprintf(stderr, "%s ", file); - perror("nat:open"); - return 1; - } - - bzero((char *)&ipn, sizeof(ipn)); - - /* - * 1. Read all state information in. - */ - do { - i = read(nfd, &ipn, sizeof(ipn)); - if (i == -1) { - perror("read"); - close(nfd); - return 1; - } - if (i == 0) - break; - if (i != sizeof(ipn)) { - fprintf(stderr, "incomplete read: %d != %d\n", i, - (int)sizeof(ipn)); - close(nfd); - return 1; - } - - if (ipn.ipn_dsize > 0) { - n = ipn.ipn_dsize; - - if (n > sizeof(ipn.ipn_data)) - n -= sizeof(ipn.ipn_data); - else - n = 0; - in = malloc(sizeof(*in) + n); - if (!in) - break; - - if (n > 0) { - s = in->ipn_data + sizeof(in->ipn_data); - i = read(nfd, s, n); - if (i == 0) - break; - if (i != n) { - fprintf(stderr, - "incomplete read: %d != %d\n", - i, n); - close(nfd); - return 1; - } - } - } else - in = (nat_save_t *)malloc(sizeof(*in)); - bcopy((char *)&ipn, (char *)in, sizeof(ipn)); - - /* - * Check to see if this is the first NAT entry that will - * reference a particular rule and if so, flag it as such - * else just adjust the rule pointer to become a pointer to - * the other. We do this so we have a means later for tracking - * who is referencing us when we get back the real pointer - * in is_rule after doing the ioctl. - */ - nat = &in->ipn_nat; - if (nat->nat_fr != NULL) { - for (in1 = ipnhead; in1 != NULL; in1 = in1->ipn_next) - if (in1->ipn_rule == nat->nat_fr) - break; - if (in1 == NULL) - nat->nat_flags |= FI_NEWFR; - else - nat->nat_fr = &in1->ipn_fr; - } - - /* - * Use a tail-queue type list (add things to the end).. - */ - in->ipn_next = NULL; - if (!ipnhead) - ipnhead = in; - if (ipntail) - ipntail->ipn_next = in; - ipntail = in; - } while (1); - - close(nfd); - nfd = -1; - - for (in = ipnhead; in; in = in->ipn_next) { - if (opts & OPT_VERBOSE) - printf("Loading new NAT table entry\n"); - nat = &in->ipn_nat; - if (nat->nat_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Loading new filter rule\n"); - } - if (!(opts & OPT_DONOTHING)) - if (ioctl(fd, SIOCSTPUT, &in)) { - perror("SIOCSTPUT"); - return 1; - } - - if (nat->nat_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Real rule addr %p\n", nat->nat_fr); - for (in1 = in->ipn_next; in1; in1 = in1->ipn_next) - if (in1->ipn_rule == &in->ipn_fr) - in1->ipn_rule = nat->nat_fr; - } - } - - return 0; -} - - -int writenat(fd, file) -int fd; -char *file; -{ - nat_save_t *ipnp = NULL, *next = NULL; - int nfd = -1; - natget_t ng; - - if (!file) - file = IPF_NATFILE; - - nfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600); - if (nfd == -1) { - fprintf(stderr, "%s ", file); - perror("nat:open"); - return 1; - } - - - do { - if (opts & OPT_VERBOSE) - printf("Getting nat from addr %p\n", ipnp); - ng.ng_ptr = next; - ng.ng_sz = 0; - if (ioctl(fd, SIOCSTGSZ, &ng)) { - perror("nat:SIOCSTGSZ"); - close(nfd); - return 1; - } - - if (opts & OPT_VERBOSE) - printf("NAT size %d from %p\n", ng.ng_sz, ng.ng_ptr); - - if (ng.ng_sz == 0) - break; - - if (!ipnp) - ipnp = malloc(ng.ng_sz); - else - ipnp = realloc((char *)ipnp, ng.ng_sz); - if (!ipnp) { - fprintf(stderr, - "malloc for %d bytes failed\n", ng.ng_sz); - break; - } - - bzero((char *)ipnp, ng.ng_sz); - ipnp->ipn_next = next; - if (ioctl(fd, SIOCSTGET, &ipnp)) { - if (errno == ENOENT) - break; - perror("nat:SIOCSTGET"); - close(nfd); - return 1; - } - - if (opts & OPT_VERBOSE) - printf("Got nat next %p\n", ipnp->ipn_next); - if (write(nfd, ipnp, ng.ng_sz) != ng.ng_sz) { - perror("nat:write"); - close(nfd); - return 1; - } - next = ipnp->ipn_next; - } while (ipnp && next); - close(nfd); - - return 0; -} - - -int writeall(dirname) -char *dirname; -{ - int fd, devfd; - - if (!dirname) - dirname = IPF_SAVEDIR; - - if (chdir(dirname)) { - fprintf(stderr, "IPF_SAVEDIR=%s: ", dirname); - perror("chdir(IPF_SAVEDIR)"); - return 1; - } - - fd = opendevice(NULL); - if (fd == -1) - return 1; - if (setlock(fd, 1)) { - close(fd); - return 1; - } - - devfd = opendevice(IPL_STATE); - if (devfd == -1) - goto bad; - if (writestate(devfd, NULL)) - goto bad; - close(devfd); - - devfd = opendevice(IPL_NAT); - if (devfd == -1) - goto bad; - if (writenat(devfd, NULL)) - goto bad; - close(devfd); - - if (setlock(fd, 0)) { - close(fd); - return 1; - } - - return 0; - -bad: - setlock(fd, 0); - close(fd); - return 1; -} - - -int readall(dirname) -char *dirname; -{ - int fd, devfd; - - if (!dirname) - dirname = IPF_SAVEDIR; - - if (chdir(dirname)) { - perror("chdir(IPF_SAVEDIR)"); - return 1; - } - - fd = opendevice(NULL); - if (fd == -1) - return 1; - if (setlock(fd, 1)) { - close(fd); - return 1; - } - - devfd = opendevice(IPL_STATE); - if (devfd == -1) - return 1; - if (readstate(devfd, NULL)) - return 1; - close(devfd); - - devfd = opendevice(IPL_NAT); - if (devfd == -1) - return 1; - if (readnat(devfd, NULL)) - return 1; - close(devfd); - - if (setlock(fd, 0)) { - close(fd); - return 1; - } - - return 0; -} diff --git a/contrib/ipfilter/ipft_ef.c b/contrib/ipfilter/ipft_ef.c deleted file mode 100644 index f1294783ba..0000000000 --- a/contrib/ipfilter/ipft_ef.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -/* - icmp type - lnth proto source destination src port dst port - -etherfind -n - - 60 tcp 128.250.20.20 128.250.133.13 2419 telnet - -etherfind -n -t - - 0.32 91 04 131.170.1.10 128.250.133.13 - 0.33 566 udp 128.250.37.155 128.250.133.3 901 901 -*/ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#if !defined(__SVR4) && !defined(__GNUC__) -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 2.2.2.5 2003/05/19 12:02:35 darrenr Exp $"; -#endif - -static int etherf_open __P((char *)); -static int etherf_close __P((void)); -static int etherf_readip __P((char *, int, char **, int *)); - -struct ipread etherf = { etherf_open, etherf_close, etherf_readip }; - -static FILE *efp = NULL; -static int efd = -1; - - -static int etherf_open(fname) -char *fname; -{ - if (efd != -1) - return efd; - - if (!strcmp(fname, "-")) { - efd = 0; - efp = stdin; - } else { - efd = open(fname, O_RDONLY); - efp = fdopen(efd, "r"); - } - return efd; -} - - -static int etherf_close() -{ - return close(efd); -} - - -static int etherf_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - struct tcpiphdr pkt; - ip_t *ip = (ip_t *)&pkt; - struct protoent *p = NULL; - char src[16], dst[16], sprt[16], dprt[16]; - char lbuf[128], len[8], prot[8], time[8], *s; - int slen, extra = 0, i; - - if (!fgets(lbuf, sizeof(lbuf) - 1, efp)) - return 0; - - if ((s = strchr(lbuf, '\n'))) - *s = '\0'; - lbuf[sizeof(lbuf)-1] = '\0'; - - bzero(&pkt, sizeof(pkt)); - - if (sscanf(lbuf, "%7s %7s %15s %15s %15s %15s", len, prot, src, dst, - sprt, dprt) != 6) - if (sscanf(lbuf, "%7s %7s %7s %15s %15s %15s %15s", time, - len, prot, src, dst, sprt, dprt) != 7) - return -1; - - ip->ip_p = atoi(prot); - if (ip->ip_p == 0) { - if (!(p = getprotobyname(prot))) - return -1; - ip->ip_p = p->p_proto; - } - - switch (ip->ip_p) { - case IPPROTO_TCP : - case IPPROTO_UDP : - s = strtok(NULL, " :"); - ip->ip_len += atoi(s); - if (p->p_proto == IPPROTO_TCP) - extra = sizeof(struct tcphdr); - else if (p->p_proto == IPPROTO_UDP) - extra = sizeof(struct udphdr); - break; -#ifdef IGMP - case IPPROTO_IGMP : - extra = sizeof(struct igmp); - break; -#endif - case IPPROTO_ICMP : - extra = sizeof(struct icmp); - break; - default : - break; - } - - (void) inet_aton(src, &ip->ip_src); - (void) inet_aton(dst, &ip->ip_dst); - ip->ip_len = atoi(len); - ip->ip_hl = (unsigned)sizeof(ip_t); - - slen = ip->ip_hl + extra; - i = MIN(cnt, slen); - bcopy((char *)&pkt, buf, i); - return i; -} diff --git a/contrib/ipfilter/ipft_hx.c b/contrib/ipfilter/ipft_hx.c deleted file mode 100644 index b26bd93e02..0000000000 --- a/contrib/ipfilter/ipft_hx.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright (C) 1995-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -#include -#else -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 2.2.2.6 2002/12/06 11:40:25 darrenr Exp $"; -#endif - -extern int opts; - -static int hex_open __P((char *)); -static int hex_close __P((void)); -static int hex_readip __P((char *, int, char **, int *)); -static char *readhex __P((char *, char *)); - -struct ipread iphex = { hex_open, hex_close, hex_readip }; -static FILE *tfp = NULL; -static int tfd = -1; - -static int hex_open(fname) -char *fname; -{ - if (tfp && tfd != -1) { - rewind(tfp); - return tfd; - } - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - if (tfd != -1) - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int hex_close() -{ - int cfd = tfd; - - tfd = -1; - return close(cfd); -} - - -static int hex_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - register char *s, *t, *u; - char line[513]; - ip_t *ip; - - /* - * interpret start of line as possibly "[ifname]" or - * "[in/out,ifname]". - */ - if (ifn) - *ifn = NULL; - if (dir) - *dir = 0; - ip = (ip_t *)buf; - while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = index(line, '\n'))) { - if (s == line) - return (char *)ip - buf; - *s = '\0'; - } - if ((s = index(line, '#'))) - *s = '\0'; - if (!*line) - continue; - if (!(opts & OPT_BRIEF)) { - printf("input: %s\n", line); - fflush(stdout); - } - - if ((*line == '[') && (s = index(line, ']'))) { - t = line + 1; - if (s - t > 0) { - *s++ = '\0'; - if ((u = index(t, ',')) && (u < s)) { - u++; - if (ifn) - *ifn = strdup(u); - if (dir) { - if (*t == 'i') - *dir = 0; - else if (*t == 'o') - *dir = 1; - } - } else if (ifn) - *ifn = t; - } - } else - s = line; - ip = (ip_t *)readhex(s, (char *)ip); - } - return -1; -} - - -static char *readhex(src, dst) -register char *src, *dst; -{ - int state = 0; - char c; - - while ((c = *src++)) { - if (isspace(c)) { - if (state) { - dst++; - state = 0; - } - continue; - } else if ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || - (c >= 'A' && c <= 'F')) { - c = isdigit(c) ? (c - '0') : (toupper(c) - 55); - if (state == 0) { - *dst = (c << 4); - state++; - } else { - *dst++ |= c; - state = 0; - } - } else - break; - } - return dst; -} diff --git a/contrib/ipfilter/ipft_pc.c b/contrib/ipfilter/ipft_pc.c deleted file mode 100644 index b6060de229..0000000000 --- a/contrib/ipfilter/ipft_pc.c +++ /dev/null @@ -1,275 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#if !defined(__SVR4) && !defined(__GNUC__) -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include "ip_compat.h" -#include -#include "ipf.h" -#include "pcap.h" -#include "bpf.h" -#include "ipt.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 2.2.2.5 2002/12/06 11:40:25 darrenr Exp $"; -#endif - -struct llc { - int lc_type; - int lc_sz; /* LLC header length */ - int lc_to; /* LLC Type offset */ - int lc_tl; /* LLC Type length */ -}; - -/* - * While many of these maybe the same, some do have different header formats - * which make this useful. - */ - -static struct llc llcs[] = { - { DLT_NULL, 0, 0, 0 }, - { DLT_EN10MB, 14, 12, 2 }, - { DLT_EN3MB, 0, 0, 0 }, - { DLT_AX25, 0, 0, 0 }, - { DLT_PRONET, 0, 0, 0 }, - { DLT_CHAOS, 0, 0, 0 }, - { DLT_IEEE802, 0, 0, 0 }, - { DLT_ARCNET, 0, 0, 0 }, - { DLT_SLIP, 0, 0, 0 }, - { DLT_PPP, 0, 0, 0 }, - { DLT_FDDI, 0, 0, 0 }, -#ifdef DLT_ATMRFC1483 - { DLT_ATMRFC1483, 0, 0, 0 }, -#endif - { DLT_RAW, 0, 0, 0 }, -#ifdef DLT_ENC - { DLT_ENC, 0, 0, 0 }, -#endif -#ifdef DLT_SLIP_BSDOS - { DLT_SLIP_BSDOS, 0, 0, 0 }, -#endif -#ifdef DLT_PPP_BSDOS - { DLT_PPP_BSDOS, 0, 0, 0 }, -#endif -#ifdef DLT_HIPPI - { DLT_HIPPI, 0, 0, 0 }, -#endif -#ifdef DLT_HDLC - { DLT_HDLC, 0, 0, 0 }, -#endif -#ifdef DLT_PPP_SERIAL - { DLT_PPP_SERIAL, 4, 4, 0 }, -#endif -#ifdef DLT_PPP_ETHER - { DLT_PPP_ETHER, 8, 8, 0 }, -#endif -#ifdef DLT_ECONET - { DLT_ECONET, 0, 0, 0 }, -#endif - { -1, -1, -1, -1 } -}; - -static int pcap_open __P((char *)); -static int pcap_close __P((void)); -static int pcap_readip __P((char *, int, char **, int *)); -static void swap_hdr __P((pcaphdr_t *)); -static int pcap_read_rec __P((struct pcap_pkthdr *)); - -static int pfd = -1, s_type = -1, swapped = 0; -static struct llc *llcp = NULL; - -struct ipread pcap = { pcap_open, pcap_close, pcap_readip }; - -#define SWAPLONG(y) \ - ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) -#define SWAPSHORT(y) \ - ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) ) - -static void swap_hdr(p) -pcaphdr_t *p; -{ - p->pc_v_maj = SWAPSHORT(p->pc_v_maj); - p->pc_v_min = SWAPSHORT(p->pc_v_min); - p->pc_zone = SWAPLONG(p->pc_zone); - p->pc_sigfigs = SWAPLONG(p->pc_sigfigs); - p->pc_slen = SWAPLONG(p->pc_slen); - p->pc_type = SWAPLONG(p->pc_type); -} - -static int pcap_open(fname) -char *fname; -{ - pcaphdr_t ph; - int fd, i; - - if (pfd != -1) - return pfd; - - if (!strcmp(fname, "-")) - fd = 0; - else if ((fd = open(fname, O_RDONLY)) == -1) - return -1; - - if (read(fd, (char *)&ph, sizeof(ph)) != sizeof(ph)) - return -2; - - if (ph.pc_id != TCPDUMP_MAGIC) { - if (SWAPLONG(ph.pc_id) != TCPDUMP_MAGIC) { - (void) close(fd); - return -2; - } - swapped = 1; - swap_hdr(&ph); - } - - if (ph.pc_v_maj != PCAP_VERSION_MAJ) { - (void) close(fd); - return -2; - } - - for (i = 0; llcs[i].lc_type != -1; i++) - if (llcs[i].lc_type == ph.pc_type) { - llcp = llcs + i; - break; - } - - if (llcp == NULL) { - (void) close(fd); - return -2; - } - - pfd = fd; - s_type = ph.pc_type; - printf("opened pcap file %s:\n", fname); - printf("\tid: %08x version: %d.%d type: %d snap %d\n", - ph.pc_id, ph.pc_v_maj, ph.pc_v_min, ph.pc_type, ph.pc_slen); - - return fd; -} - - -static int pcap_close() -{ - return close(pfd); -} - - -/* - * read in the header (and validate) which should be the first record - * in a pcap file. - */ -static int pcap_read_rec(rec) -struct pcap_pkthdr *rec; -{ - int n, p; - - if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; - - if (swapped) { - rec->ph_clen = SWAPLONG(rec->ph_clen); - rec->ph_len = SWAPLONG(rec->ph_len); - rec->ph_ts.tv_sec = SWAPLONG(rec->ph_ts.tv_sec); - rec->ph_ts.tv_usec = SWAPLONG(rec->ph_ts.tv_usec); - } - p = rec->ph_clen; - n = MIN(p, rec->ph_len); - if (!n || n < 0) - return -3; - - return p; -} - - -#ifdef notyet -/* - * read an entire pcap packet record. only the data part is copied into - * the available buffer, with the number of bytes copied returned. - */ -static int pcap_read(buf, cnt) -char *buf; -int cnt; -{ - struct pcap_pkthdr rec; - static char *bufp = NULL; - int i, n; - - if ((i = pcap_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - - if (read(pfd, bufp, i) != i) - return -2; - - n = MIN(i, cnt); - bcopy(bufp, buf, n); - return n; -} -#endif - - -/* - * return only an IP packet read into buf - */ -static int pcap_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - static char *bufp = NULL; - struct pcap_pkthdr rec; - struct llc *l; - char *s, ty[4]; - int i, n; - - l = llcp; - - /* do { */ - if ((i = pcap_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - s = bufp; - - if (read(pfd, s, i) != i) - return -2; - - i -= l->lc_sz; - s += l->lc_to; - bcopy(s, ty, l->lc_tl); - s += l->lc_tl; - /* } while (ty[0] != 0x8 && ty[1] != 0); */ - n = MIN(i, cnt); - bcopy(s, buf, n); - return n; -} diff --git a/contrib/ipfilter/ipft_sn.c b/contrib/ipfilter/ipft_sn.c deleted file mode 100644 index 859bf5ed9d..0000000000 --- a/contrib/ipfilter/ipft_sn.c +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -/* - * Written to comply with the recent RFC 1761 from Sun. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#if !defined(__SVR4) && !defined(__GNUC__) -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include "ip_compat.h" -#include -#include "ipf.h" -#include "snoop.h" -#include "ipt.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 2.2.2.4 2002/12/06 11:40:26 darrenr Exp $"; -#endif - -struct llc { - int lc_sz; /* LLC header length */ - int lc_to; /* LLC Type offset */ - int lc_tl; /* LLC Type length */ -}; - -/* - * While many of these maybe the same, some do have different header formats - * which make this useful. - */ -static struct llc llcs[SDL_MAX+1] = { - { 0, 0, 0 }, /* SDL_8023 */ - { 0, 0, 0 }, /* SDL_8024 */ - { 0, 0, 0 }, /* SDL_8025 */ - { 0, 0, 0 }, /* SDL_8026 */ - { 14, 12, 2 }, /* SDL_ETHER */ - { 0, 0, 0 }, /* SDL_HDLC */ - { 0, 0, 0 }, /* SDL_CHSYNC */ - { 0, 0, 0 }, /* SDL_IBMCC */ - { 0, 0, 0 }, /* SDL_FDDI */ - { 0, 0, 0 }, /* SDL_OTHER */ -}; - -static int snoop_open __P((char *)); -static int snoop_close __P((void)); -static int snoop_readip __P((char *, int, char **, int *)); - -static int sfd = -1, s_type = -1; -static int snoop_read_rec __P((struct snooppkt *)); - -struct ipread snoop = { snoop_open, snoop_close, snoop_readip }; - - -static int snoop_open(fname) -char *fname; -{ - struct snoophdr sh; - int fd; - int s_v; - - if (sfd != -1) - return sfd; - - if (!strcmp(fname, "-")) - fd = 0; - else if ((fd = open(fname, O_RDONLY)) == -1) - return -1; - - if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh)) - return -2; - - s_v = (int)ntohl(sh.s_v); - s_type = (int)ntohl(sh.s_type); - - if (s_v != SNOOP_VERSION || - s_type < 0 || s_type > SDL_MAX) { - (void) close(fd); - return -2; - } - - sfd = fd; - printf("opened snoop file %s:\n", fname); - printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, s_v, s_type); - - return fd; -} - - -static int snoop_close() -{ - return close(sfd); -} - - -/* - * read in the header (and validate) which should be the first record - * in a snoop file. - */ -static int snoop_read_rec(rec) -struct snooppkt *rec; -{ - int n, plen, ilen; - - if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; - - ilen = (int)ntohl(rec->sp_ilen); - plen = (int)ntohl(rec->sp_plen); - if (ilen > plen || plen < sizeof(*rec)) - return -2; - - plen -= sizeof(*rec); - n = MIN(plen, ilen); - if (!n || n < 0) - return -3; - - return plen; -} - - -#ifdef notyet -/* - * read an entire snoop packet record. only the data part is copied into - * the available buffer, with the number of bytes copied returned. - */ -static int snoop_read(buf, cnt) -char *buf; -int cnt; -{ - struct snooppkt rec; - static char *bufp = NULL; - int i, n; - - if ((i = snoop_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - - if (read(sfd, bufp, i) != i) - return -2; - - n = MIN(i, cnt); - bcopy(bufp, buf, n); - return n; -} -#endif - - -/* - * return only an IP packet read into buf - */ -static int snoop_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - static char *bufp = NULL; - struct snooppkt rec; - struct llc *l; - char ty[4], *s; - int i, n; - - do { - if ((i = snoop_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - s = bufp; - - if (read(sfd, s, i) != i) - return -2; - - l = &llcs[s_type]; - i -= l->lc_to; - s += l->lc_to; - /* - * XXX - bogus assumption here on the part of the time field - * that it won't be greater than 4 bytes and the 1st two will - * have the values 8 and 0 for IP. Should be a table of - * these too somewhere. Really only works for SDL_ETHER. - */ - bcopy(s, ty, l->lc_tl); - } while (ty[0] != 0x8 && ty[1] != 0); - - i -= l->lc_tl; - s += l->lc_tl; - n = MIN(i, cnt); - bcopy(s, buf, n); - - return n; -} diff --git a/contrib/ipfilter/ipft_td.c b/contrib/ipfilter/ipft_td.c deleted file mode 100644 index 3575196493..0000000000 --- a/contrib/ipfilter/ipft_td.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright (C) 1993-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ - -/* -tcpdump -n - -00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap) - -tcpdump -nq - -00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap) - -tcpdump -nqt - -128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -tcpdump -nqtt - -123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -tcpdump -nqte - -8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -*/ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#if !defined(__SVR4) && !defined(__GNUC__) -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_td.c,v 2.2.2.6 2003/05/31 02:13:04 darrenr Exp $"; -#endif - -static int tcpd_open __P((char *)); -static int tcpd_close __P((void)); -static int tcpd_readip __P((char *, int, char **, int *)); -static int count_dots __P((char *)); - -struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip }; - -static FILE *tfp = NULL; -static int tfd = -1; - - -static int tcpd_open(fname) -char *fname; -{ - if (tfd != -1) - return tfd; - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int tcpd_close() -{ - (void) fclose(tfp); - return close(tfd); -} - - -static int count_dots(str) -char *str; -{ - int i = 0; - - while (*str) - if (*str++ == '.') - i++; - return i; -} - - -static int tcpd_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - struct tcpiphdr pkt; - ip_t *ip = (ip_t *)&pkt; - struct protoent *p; - char src[32], dst[32], misc[256], time[32], link1[32], link2[32]; - char lbuf[160], *s; - int n, slen, extra = 0; - - if (!fgets(lbuf, sizeof(lbuf) - 1, tfp)) - return 0; - - if ((s = strchr(lbuf, '\n'))) - *s = '\0'; - lbuf[sizeof(lbuf)-1] = '\0'; - - bzero(&pkt, sizeof(pkt)); - - if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3) - if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s", - time, src, dst, misc)) != 4) - if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s", - link1, link2, src, dst, misc)) != 5) { - n = sscanf(lbuf, - "%31s %31s %31s: %31s > %31s: %255s", - time, link1, link2, src, dst, misc); - if (n != 6) - return -1; - } - - if (count_dots(dst) == 4) { - s = strrchr(src, '.'); - *s++ = '\0'; - (void) inet_aton(src, &ip->ip_src); - pkt.ti_sport = htons(atoi(s)); - *--s = '.'; - s = strrchr(dst, '.'); - - *s++ = '\0'; - (void) inet_aton(src, &ip->ip_dst); - pkt.ti_dport = htons(atoi(s)); - *--s = '.'; - - } else { - (void) inet_aton(src, &ip->ip_src); - (void) inet_aton(src, &ip->ip_dst); - } - ip->ip_len = ip->ip_hl = (unsigned)sizeof(ip_t); - - s = strtok(misc, " :"); - if ((p = getprotobyname(s))) { - ip->ip_p = p->p_proto; - - switch (p->p_proto) { - case IPPROTO_TCP : - case IPPROTO_UDP : - s = strtok(NULL, " :"); - ip->ip_len += atoi(s); - if (p->p_proto == IPPROTO_TCP) - extra = sizeof(struct tcphdr); - else if (p->p_proto == IPPROTO_UDP) - extra = sizeof(struct udphdr); - break; -#ifdef IGMP - case IPPROTO_IGMP : - extra = sizeof(struct igmp); - break; -#endif - case IPPROTO_ICMP : - extra = sizeof(struct icmp); - break; - default : - break; - } - } - slen = ip->ip_hl + extra + ip->ip_len; - return slen; -} diff --git a/contrib/ipfilter/ipft_tx.c b/contrib/ipfilter/ipft_tx.c deleted file mode 100644 index 7ea87e334c..0000000000 --- a/contrib/ipfilter/ipft_tx.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright (C) 1995-2001 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -#include -#else -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.3.2.8 2002/12/06 11:40:26 darrenr Exp $"; -#endif - -extern int opts; - -static char *tx_proto = ""; - -static int text_open __P((char *)), text_close __P((void)); -static int text_readip __P((char *, int, char **, int *)); -static int parseline __P((char *, ip_t *, char **, int *)); - -static char _tcp_flagset[] = "FSRPAUEC"; -static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, - TH_ACK, TH_URG, TH_ECN, TH_CWR }; - -struct ipread iptext = { text_open, text_close, text_readip }; -static FILE *tfp = NULL; -static int tfd = -1; - -static u_32_t tx_hostnum __P((char *, int *)); -static u_short tx_portnum __P((char *)); - - -/* - * returns an ip address as a long var as a result of either a DNS lookup or - * straight inet_addr() call - */ -static u_32_t tx_hostnum(host, resolved) -char *host; -int *resolved; -{ - struct hostent *hp; - struct netent *np; - - *resolved = 0; - if (!strcasecmp("any",host)) - return 0L; - if (isdigit(*host)) - return inet_addr(host); - - if (!(hp = gethostbyname(host))) { - if (!(np = getnetbyname(host))) { - *resolved = -1; - fprintf(stderr, "can't resolve hostname: %s\n", host); - return 0; - } - return htonl(np->n_net); - } - return *(u_32_t *)hp->h_addr; -} - - -/* - * find the port number given by the name, either from getservbyname() or - * straight atoi() - */ -static u_short tx_portnum(name) -char *name; -{ - struct servent *sp, *sp2; - u_short p1 = 0; - - if (isdigit(*name)) - return (u_short)atoi(name); - if (!tx_proto) - tx_proto = "tcp/udp"; - if (strcasecmp(tx_proto, "tcp/udp")) { - sp = getservbyname(name, tx_proto); - if (sp) - return ntohs(sp->s_port); - (void) fprintf(stderr, "unknown service \"%s\".\n", name); - return 0; - } - sp = getservbyname(name, "tcp"); - if (sp) - p1 = sp->s_port; - sp2 = getservbyname(name, "udp"); - if (!sp || !sp2) { - (void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n", - name); - return 0; - } - if (p1 != sp2->s_port) { - (void) fprintf(stderr, "%s %d/tcp is a different port to ", - name, p1); - (void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port); - return 0; - } - return ntohs(p1); -} - - -char *tx_icmptypes[] = { - "echorep", (char *)NULL, (char *)NULL, "unreach", "squench", - "redir", (char *)NULL, (char *)NULL, "echo", "routerad", - "routersol", "timex", "paramprob", "timest", "timestrep", - "inforeq", "inforep", "maskreq", "maskrep", "END" -}; - -static int text_open(fname) -char *fname; -{ - if (tfp && tfd != -1) { - rewind(tfp); - return tfd; - } - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - if (tfd != -1) - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int text_close() -{ - int cfd = tfd; - - tfd = -1; - return close(cfd); -} - - -static int text_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - register char *s; - char line[513]; - - *ifn = NULL; - while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = index(line, '\n'))) - *s = '\0'; - if ((s = index(line, '\r'))) - *s = '\0'; - if ((s = index(line, '#'))) - *s = '\0'; - if (!*line) - continue; - if (!(opts & OPT_BRIEF)) - printf("input: %s\n", line); - *ifn = NULL; - *dir = 0; - if (!parseline(line, (ip_t *)buf, ifn, dir)) -#if 0 - return sizeof(ip_t) + sizeof(tcphdr_t); -#else - return sizeof(ip_t); -#endif - } - return -1; -} - -static int parseline(line, ip, ifn, out) -char *line; -ip_t *ip; -char **ifn; -int *out; -{ - tcphdr_t th, *tcp = &th; - struct icmp icmp, *ic = &icmp; - char *cps[20], **cpp, c, ipopts[68]; - int i, r; - - if (*ifn) - free(*ifn); - bzero((char *)ip, MAX(sizeof(*tcp), sizeof(*ic)) + sizeof(*ip)); - bzero((char *)tcp, sizeof(*tcp)); - bzero((char *)ic, sizeof(*ic)); - bzero(ipopts, sizeof(ipopts)); - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_v = IPVERSION; - for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && (i < 19); ) - cps[++i] = strtok(NULL, " \b\t\r\n"); - - cpp = cps; - if (!*cpp) - return 1; - - c = **cpp; - if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) { - fprintf(stderr, "bad direction \"%s\"\n", *cpp); - return 1; - } - *out = (tolower(c) == 'o') ? 1 : 0; - cpp++; - if (!*cpp) - return 1; - - if (!strcasecmp(*cpp, "on")) { - cpp++; - if (!*cpp) - return 1; - *ifn = strdup(*cpp++); - if (!*cpp) - return 1; - } - - c = **cpp; - ip->ip_len = sizeof(ip_t); - if (!strcasecmp(*cpp, "tcp") || !strcasecmp(*cpp, "udp") || - !strcasecmp(*cpp, "icmp")) { - if (c == 't') { - ip->ip_p = IPPROTO_TCP; - ip->ip_len += sizeof(struct tcphdr); - tx_proto = "tcp"; - } else if (c == 'u') { - ip->ip_p = IPPROTO_UDP; - ip->ip_len += sizeof(struct udphdr); - tx_proto = "udp"; - } else { - ip->ip_p = IPPROTO_ICMP; - ip->ip_len += ICMPERR_IPICMPHLEN; - tx_proto = "icmp"; - } - cpp++; - } else if (isdigit(**cpp) && !index(*cpp, '.')) { - ip->ip_p = atoi(*cpp); - cpp++; - } else - ip->ip_p = IPPROTO_IP; - - if (!*cpp) - return 1; - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { - char *last; - - last = index(*cpp, ','); - if (!last) { - fprintf(stderr, "tcp/udp with no source port\n"); - return 1; - } - *last++ = '\0'; - tcp->th_sport = htons(tx_portnum(last)); - } - ip->ip_src.s_addr = tx_hostnum(*cpp, &r); - cpp++; - if (!*cpp) - return 1; - - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { - char *last; - - last = index(*cpp, ','); - if (!last) { - fprintf(stderr, "tcp/udp with no destination port\n"); - return 1; - } - *last++ = '\0'; - tcp->th_dport = htons(tx_portnum(last)); - } - ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); - cpp++; - if (*cpp && ip->ip_p == IPPROTO_TCP) { - extern char _tcp_flagset[]; - extern u_char _tcp_flags[]; - char *s, *t; - - for (s = *cpp; *s; s++) - if ((t = index(_tcp_flagset, *s))) - tcp->th_flags |= _tcp_flags[t - _tcp_flagset]; - if (tcp->th_flags) - cpp++; - assert(tcp->th_flags != 0); - tcp->th_win = htons(4096); - tcp->th_off = sizeof(*tcp) >> 2; - } else if (*cpp && ip->ip_p == IPPROTO_ICMP) { - extern char *tx_icmptypes[]; - char **s, *t; - int i; - - for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) - if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { - ic->icmp_type = i; - if ((t = index(*cpp, ','))) - ic->icmp_code = atoi(t+1); - cpp++; - break; - } - } - - if (*cpp && !strcasecmp(*cpp, "opt")) { - u_long olen; - - cpp++; - olen = buildopts(*cpp, ipopts, (ip->ip_hl - 5) << 2); - if (olen) { - bcopy(ipopts, (char *)(ip + 1), olen); - ip->ip_hl += olen >> 2; - } - } - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - bcopy((char *)tcp, ((char *)ip) + (ip->ip_hl << 2), - sizeof(*tcp)); - else if (ip->ip_p == IPPROTO_ICMP) - bcopy((char *)ic, ((char *)ip) + (ip->ip_hl << 2), - sizeof(*ic)); - ip->ip_len = htons(ip->ip_len); - return 0; -} diff --git a/contrib/ipfilter/iplang/BNF b/contrib/ipfilter/iplang/BNF deleted file mode 100644 index b5fb8d09ae..0000000000 --- a/contrib/ipfilter/iplang/BNF +++ /dev/null @@ -1,69 +0,0 @@ -line ::= iface | arp | send | defrouter | ipv4line . - -iface ::= ifhdr "{" ifaceopts "}" ";" . -ifhdr ::= "interface" | "iface" . -ifaceopts ::= "ifname" name | "mtu" mtu | "v4addr" ipaddr | - "eaddr" eaddr . - -send ::= "send" ";" | "send" "{" sendbodyopts "}" ";" . -sendbodyopts ::= sendbody [ sendbodyopts ] . -sendbody ::= "ifname" name | "via" ipaddr . - -defrouter ::= "router" ipaddr . - -arp ::= "arp" "{" arpbodyopts "}" ";" . -arpbodyopts ::= arpbody [ arpbodyopts ] . -arpbody ::= "v4addr" ipaddr | "eaddr" eaddr . - -bodyline ::= ipv4line | tcpline | udpline | icmpline | dataline . - -ipv4line ::= "ipv4" "{" ipv4bodyopts "}" ";" . -ipv4bodyopts ::= ipv4body [ ipv4bodyopts ] | bodyline . -ipv4body ::= "proto" protocol | "src" ipaddr | "dst" ipaddr | - "off" number | "v" number | "hl" number| "id" number | - "ttl" number | "tos" number | "sum" number | "len" number | - "opt" "{" ipv4optlist "}" ";" . -ipv4optlist ::= ipv4option [ ipv4optlist ] . -ipv4optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | - "tr" | "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | - "ssrr" | "addext" | "visa" | "imitd" | "eip" | "finn" | - "secclass" ipv4secclass. -ipv4secclass := "unclass" | "confid" | "reserv-1" | "reserv-2" | - "reserv-3" | "reserv-4" | "secret" | "topsecret" . - -tcpline ::= "tcp" "{" tcpbodyopts "}" ";" . -tcpbodyopts ::= tcpbody [ tcpbodyopts ] | bodyline . -tcpbody ::= "sport" port | "dport" port | "seq" number | "ack" number | - "off" number | "urp" number | "win" number | "sum" number | - "flags" tcpflags | data . - -udpline ::= "udp" "{" udpbodyopts "}" ";" . -udpbodyopts ::= udpbody [ udpbodyopts ] | bodyline . -udpbody ::= "sport" port | "dport" port | "len" number | "sum" number | - data . - -icmpline ::= "icmp" "{" icmpbodyopts "}" ";" . -icmpbodyopts ::= icmpbody [ icmpbodyopts ] | bodyline . -icmpbody ::= "type" icmptype [ "code" icmpcode ] . -icmptype ::= "echorep" | "echorep" "{" echoopts "}" ";" | "unreach" | - "unreach" "{" unreachtype "}" ";" | "squench" | "redir" | - "redir" "{" redirtype "}" ";" | "echo" "{" echoopts "}" ";" | - "echo" | "routerad" | "routersol" | "timex" | - "timex" "{" timextype "}" ";" | "paramprob" | - "paramprob" "{" parapptype "}" ";" | "timest" | "timestrep" | - "inforeq" | "inforep" | "maskreq" | "maskrep" . - -echoopts ::= echoopts [ icmpechoopts ] . -unreachtype ::= "net-unr" | "host-unr" | "proto-unr" | "port-unr" | - "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | - "net-prohib" | "host-prohib" | "net-tos" | "host-tos" | - "filter-prohib" | "host-preced" | "cutoff-preced" . -redirtype ::= "net-redir" | "host-redir" | "tos-net-redir" | - "tos-host-redir" . -timextype ::= "intrans" | "reass" . -paramptype ::= "optabsent" . - -data ::= "data" "{" databodyopts "}" ";" . -databodyopts ::= "len" number | "value" string | "file" filename . - -icmpechoopts ::= "icmpseq" number | "icmpid" number . diff --git a/contrib/ipfilter/iplang/Makefile b/contrib/ipfilter/iplang/Makefile deleted file mode 100644 index f97bf19013..0000000000 --- a/contrib/ipfilter/iplang/Makefile +++ /dev/null @@ -1,36 +0,0 @@ -# -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original author and the contributors. -# -#CC=gcc -Wuninitialized -Wstrict-prototypes -Werror -O -CFLAGS=-I.. - -all: $(DESTDIR)/y.tab.o $(DESTDIR)/lex.yy.o - -$(DESTDIR)/y.tab.o: $(DESTDIR)/y.tab.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/y.tab.c -o $@ - -$(DESTDIR)/$(OBJ)/y.tab.o: $(DESTDIR)/y.tab.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/y.tab.c -o $@ - -$(DESTDIR)/lex.yy.o: $(DESTDIR)/lex.yy.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/lex.yy.c -o $@ - -y.tab.o: y.tab.c - $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c y.tab.c -o $@ - -lex.yy.o: lex.yy.c - $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c lex.yy.c -o $@ - -$(DESTDIR)/lex.yy.c: iplang_l.l $(DESTDIR)/y.tab.h - lex iplang_l.l - mv lex.yy.c $(DESTDIR) - -$(DESTDIR)/y.tab.c $(DESTDIR)/y.tab.h: iplang_y.y - yacc -d iplang_y.y - mv y.tab.c $(DESTDIR) - mv y.tab.h $(DESTDIR) - -clean: - /bin/rm -f *.o lex.yy.c y.tab.c y.tab.h diff --git a/contrib/ipfilter/iplang/iplang.h b/contrib/ipfilter/iplang/iplang.h deleted file mode 100644 index f36a3843c0..0000000000 --- a/contrib/ipfilter/iplang/iplang.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -typedef struct iface { - int if_MTU; - char *if_name; - struct in_addr if_addr; - struct ether_addr if_eaddr; - struct iface *if_next; - int if_fd; -} iface_t; - - -typedef struct send { - struct iface *snd_if; - struct in_addr snd_gw; -} send_t; - - -typedef struct arp { - struct in_addr arp_addr; - struct ether_addr arp_eaddr; - struct arp *arp_next; -} arp_t; - - -typedef struct aniphdr { - union { - ip_t *ahu_ip; - char *ahu_data; - tcphdr_t *ahu_tcp; - udphdr_t *ahu_udp; - icmphdr_t *ahu_icmp; - } ah_un; - int ah_optlen; - int ah_lastopt; - int ah_p; - size_t ah_len; - struct aniphdr *ah_next; - struct aniphdr *ah_prev; -} aniphdr_t; - -#define ah_ip ah_un.ahu_ip -#define ah_data ah_un.ahu_data -#define ah_tcp ah_un.ahu_tcp -#define ah_udp ah_un.ahu_udp -#define ah_icmp ah_un.ahu_icmp - -extern int get_arpipv4 __P((char *, char *)); - diff --git a/contrib/ipfilter/iplang/iplang.tst b/contrib/ipfilter/iplang/iplang.tst deleted file mode 100644 index a0a2ad3315..0000000000 --- a/contrib/ipfilter/iplang/iplang.tst +++ /dev/null @@ -1,11 +0,0 @@ -# -interface { ifname le0; mtu 1500; } ; - -ipv4 { - src 1.1.1.1; dst 2.2.2.2; - tcp { - seq 12345; ack 0; sport 9999; dport 23; flags S; - data { value "abcdef"; } ; - } ; -} ; -send { via 10.1.1.1; } ; diff --git a/contrib/ipfilter/iplang/iplang_l.l b/contrib/ipfilter/iplang/iplang_l.l deleted file mode 100644 index cc317818c1..0000000000 --- a/contrib/ipfilter/iplang/iplang_l.l +++ /dev/null @@ -1,323 +0,0 @@ -%{ -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * - * $Id: iplang_l.l,v 2.2.2.1 2003/07/28 01:15:59 darrenr Exp $ - */ -#include -#include -#include -#if defined(__SVR4) || defined(__sysv__) -#include -#endif -#include -#include -#include -#include "y.tab.h" -#include "ip_compat.h" -#include "ipf.h" - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -extern int opts; - -int lineNum = 0, ipproto = 0, oldipproto = 0, next = -1, laststate = 0; -int *prstack = NULL, numpr = 0, state = 0, token = 0; - -void yyerror __P((char *)); -void push_proto __P((void)); -void pop_proto __P((void)); -int next_state __P((int, int)); -int next_item __P((int)); -int save_token __P((void)); -void swallow __P((void)); -int yylex __P((void)); - -struct wordtab { - char *word; - int state; - int next; -}; - -struct wordtab words[] = { - { "interface", IL_INTERFACE, -1 }, - { "iface", IL_INTERFACE, -1 }, - { "name", IL_IFNAME, IL_TOKEN }, - { "ifname", IL_IFNAME, IL_TOKEN }, - { "router", IL_DEFROUTER, IL_TOKEN }, - { "mtu", IL_MTU, IL_NUMBER }, - { "eaddr", IL_EADDR, IL_TOKEN }, - { "v4addr", IL_V4ADDR, IL_TOKEN }, - { "ipv4", IL_IPV4, -1 }, - { "v", IL_V4V, IL_TOKEN }, - { "proto", IL_V4PROTO, IL_TOKEN }, - { "hl", IL_V4HL, IL_TOKEN }, - { "id", IL_V4ID, IL_TOKEN }, - { "ttl", IL_V4TTL, IL_TOKEN }, - { "tos", IL_V4TOS, IL_TOKEN }, - { "src", IL_V4SRC, IL_TOKEN }, - { "dst", IL_V4DST, IL_TOKEN }, - { "opt", IL_OPT, -1 }, - { "len", IL_LEN, IL_TOKEN }, - { "off", IL_OFF, IL_TOKEN }, - { "sum", IL_SUM, IL_TOKEN }, - { "tcp", IL_TCP, -1 }, - { "sport", IL_SPORT, IL_TOKEN }, - { "dport", IL_DPORT, IL_TOKEN }, - { "seq", IL_TCPSEQ, IL_TOKEN }, - { "ack", IL_TCPACK, IL_TOKEN }, - { "flags", IL_TCPFL, IL_TOKEN }, - { "urp", IL_TCPURP, IL_TOKEN }, - { "win", IL_TCPWIN, IL_TOKEN }, - { "udp", IL_UDP, -1 }, - { "send", IL_SEND, -1 }, - { "via", IL_VIA, IL_TOKEN }, - { "arp", IL_ARP, -1 }, - { "data", IL_DATA, -1 }, - { "value", IL_DVALUE, IL_TOKEN }, - { "file", IL_DFILE, IL_TOKEN }, - { "nop", IL_IPO_NOP, -1 }, - { "eol", IL_IPO_EOL, -1 }, - { "rr", IL_IPO_RR, -1 }, - { "zsu", IL_IPO_ZSU, -1 }, - { "mtup", IL_IPO_MTUP, -1 }, - { "mtur", IL_IPO_MTUR, -1 }, - { "encode", IL_IPO_ENCODE, -1 }, - { "ts", IL_IPO_TS, -1 }, - { "tr", IL_IPO_TR, -1 }, - { "sec", IL_IPO_SEC, -1 }, - { "secclass", IL_IPO_SECCLASS, IL_TOKEN }, - { "lsrr", IL_IPO_LSRR, -1 }, - { "esec", IL_IPO_ESEC, -1 }, - { "cipso", IL_IPO_CIPSO, -1 }, - { "satid", IL_IPO_SATID, -1 }, - { "ssrr", IL_IPO_SSRR, -1 }, - { "addext", IL_IPO_ADDEXT, -1 }, - { "visa", IL_IPO_VISA, -1 }, - { "imitd", IL_IPO_IMITD, -1 }, - { "eip", IL_IPO_EIP, -1 }, - { "finn", IL_IPO_FINN, -1 }, - { "mss", IL_TCPO_MSS, IL_TOKEN }, - { "wscale", IL_TCPO_WSCALE, IL_TOKEN }, - { "reserv-4", IL_IPS_RESERV4, -1 }, - { "topsecret", IL_IPS_TOPSECRET, -1 }, - { "secret", IL_IPS_SECRET, -1 }, - { "reserv-3", IL_IPS_RESERV3, -1 }, - { "confid", IL_IPS_CONFID, -1 }, - { "unclass", IL_IPS_UNCLASS, -1 }, - { "reserv-2", IL_IPS_RESERV2, -1 }, - { "reserv-1", IL_IPS_RESERV1, -1 }, - { "icmp", IL_ICMP, -1 }, - { "type", IL_ICMPTYPE, -1 }, - { "code", IL_ICMPCODE, -1 }, - { "echorep", IL_ICMP_ECHOREPLY, -1 }, - { "unreach", IL_ICMP_UNREACH, -1 }, - { "squench", IL_ICMP_SOURCEQUENCH, -1 }, - { "redir", IL_ICMP_REDIRECT, -1 }, - { "echo", IL_ICMP_ECHO, -1 }, - { "routerad", IL_ICMP_ROUTERADVERT, -1 }, - { "routersol", IL_ICMP_ROUTERSOLICIT, -1 }, - { "timex", IL_ICMP_TIMXCEED, -1 }, - { "paramprob", IL_ICMP_PARAMPROB, -1 }, - { "timest", IL_ICMP_TSTAMP, -1 }, - { "timestrep", IL_ICMP_TSTAMPREPLY, -1 }, - { "inforeq", IL_ICMP_IREQ, -1 }, - { "inforep", IL_ICMP_IREQREPLY, -1 }, - { "maskreq", IL_ICMP_MASKREQ, -1 }, - { "maskrep", IL_ICMP_MASKREPLY, -1 }, - { "net-unr", IL_ICMP_UNREACH_NET, -1 }, - { "host-unr", IL_ICMP_UNREACH_HOST, -1 }, - { "proto-unr", IL_ICMP_UNREACH_PROTOCOL, -1 }, - { "port-unr", IL_ICMP_UNREACH_PORT, -1 }, - { "needfrag", IL_ICMP_UNREACH_NEEDFRAG, -1 }, - { "srcfail", IL_ICMP_UNREACH_SRCFAIL, -1 }, - { "net-unk", IL_ICMP_UNREACH_NET_UNKNOWN, -1 }, - { "host-unk", IL_ICMP_UNREACH_HOST_UNKNOWN, -1 }, - { "isolate", IL_ICMP_UNREACH_ISOLATED, -1 }, - { "net-prohib", IL_ICMP_UNREACH_NET_PROHIB, -1 }, - { "host-prohib", IL_ICMP_UNREACH_HOST_PROHIB, -1 }, - { "net-tos", IL_ICMP_UNREACH_TOSNET, -1 }, - { "host-tos", IL_ICMP_UNREACH_TOSHOST, -1 }, - { "filter-prohib", IL_ICMP_UNREACH_FILTER_PROHIB, -1 }, - { "host-preced", IL_ICMP_UNREACH_HOST_PRECEDENCE, -1 }, - { "cutoff-preced", IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1 }, - { "net-redir", IL_ICMP_REDIRECT_NET, -1 }, - { "host-redir", IL_ICMP_REDIRECT_HOST, -1 }, - { "tos-net-redir", IL_ICMP_REDIRECT_TOSNET, -1 }, - { "tos-host-redir", IL_ICMP_REDIRECT_TOSHOST, -1 }, - { "intrans", IL_ICMP_TIMXCEED_INTRANS, -1 }, - { "reass", IL_ICMP_TIMXCEED_REASS, -1 }, - { "optabsent", IL_ICMP_PARAMPROB_OPTABSENT, -1 }, - { "otime", IL_ICMP_OTIME, -1 }, - { "rtime", IL_ICMP_RTIME, -1 }, - { "ttime", IL_ICMP_TTIME, -1 }, - { "icmpseq", IL_ICMP_SEQ, -1 }, - { "icmpid", IL_ICMP_SEQ, -1 }, - { ".", IL_DOT, -1 }, - { NULL, 0, 0 } -}; -%} -white [ \t\r]+ -%% -{white} ; -\n { lineNum++; swallow(); } -\{ { push_proto(); return next_item('{'); } -\} { pop_proto(); return next_item('}'); } -; { return next_item(';'); } -[0-9]+ { return next_item(IL_NUMBER); } -[0-9a-fA-F] { return next_item(IL_HEXDIGIT); } -: { return next_item(IL_COLON); } -#[^\n]* { return next_item(IL_COMMENT); } -[^ \{\}\n\t;:{}]* { return next_item(IL_TOKEN); } -\"[^\"]*\" { return next_item(IL_TOKEN); } -%% -void yyerror(msg) -char *msg; -{ - fprintf(stderr, "%s error at \"%s\", line %d\n", msg, yytext, - lineNum + 1); - exit(1); -} - - -void push_proto() -{ - numpr++; - if (!prstack) - prstack = (int *)malloc(sizeof(int)); - else - prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); - prstack[numpr - 1] = oldipproto; -} - - -void pop_proto() -{ - numpr--; - ipproto = prstack[numpr]; - if (!numpr) { - free(prstack); - prstack = NULL; - return; - } - prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); -} - - -int save_token() -{ - - yylval.str = strdup(yytext); - return IL_TOKEN; -} - - -int next_item(nstate) -int nstate; -{ - struct wordtab *wt; - - if (opts & OPT_DEBUG) - printf("text=[%s] id=%d next=%d\n", yytext, nstate, next); - if (next == IL_TOKEN) { - next = -1; - return save_token(); - } - token++; - - for (wt = words; wt->word; wt++) - if (!strcasecmp(wt->word, yytext)) - return next_state(wt->state, wt->next); - if (opts & OPT_DEBUG) - printf("unknown keyword=[%s]\n", yytext); - next = -1; - if (nstate == IL_NUMBER) - yylval.num = atoi(yytext); - token++; - return nstate; -} - - -int next_state(nstate, fornext) -int nstate, fornext; -{ - next = fornext; - - switch (nstate) - { - case IL_IPV4 : - case IL_TCP : - case IL_UDP : - case IL_ICMP : - case IL_DATA : - case IL_INTERFACE : - case IL_ARP : - oldipproto = ipproto; - ipproto = nstate; - break; - case IL_SUM : - if (ipproto == IL_IPV4) - nstate = IL_V4SUM; - else if (ipproto == IL_TCP) - nstate = IL_TCPSUM; - else if (ipproto == IL_UDP) - nstate = IL_UDPSUM; - break; - case IL_OPT : - if (ipproto == IL_IPV4) - nstate = IL_V4OPT; - else if (ipproto == IL_TCP) - nstate = IL_TCPOPT; - break; - case IL_IPO_NOP : - if (ipproto == IL_TCP) - nstate = IL_TCPO_NOP; - break; - case IL_IPO_EOL : - if (ipproto == IL_TCP) - nstate = IL_TCPO_EOL; - break; - case IL_IPO_TS : - if (ipproto == IL_TCP) - nstate = IL_TCPO_TS; - break; - case IL_OFF : - if (ipproto == IL_IPV4) - nstate = IL_V4OFF; - else if (ipproto == IL_TCP) - nstate = IL_TCPOFF; - break; - case IL_LEN : - if (ipproto == IL_IPV4) - nstate = IL_V4LEN; - else if (ipproto == IL_UDP) - nstate = IL_UDPLEN; - break; - } - return nstate; -} - - -void swallow() -{ - int c; - - c = input(); - - if (c == '#') { - while ((c != '\n') && (c != EOF)) - c = input(); - } - if (c != EOF) - unput(c); -} diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y deleted file mode 100644 index f536f35815..0000000000 --- a/contrib/ipfilter/iplang/iplang_y.y +++ /dev/null @@ -1,1870 +0,0 @@ -%{ -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * - * $Id: iplang_y.y,v 2.2.2.3 2002/12/06 11:41:14 darrenr Exp $ - */ - -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -#include -#else -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#ifndef linux -#include -#endif -#include -#include -#include -#include -#include -#include "ipsend.h" -#include "ip_compat.h" -#include "ipf.h" -#include "iplang.h" - -#if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \ - __FreeBSD_version < 400020 ) && SOLARIS2 < 10 -extern struct ether_addr *ether_aton __P((char *)); -#endif - -extern int opts; -extern struct ipopt_names ionames[]; -extern int state, state, lineNum, token; -extern int yylineno; -extern char yytext[]; -extern FILE *yyin; -int yylex __P((void)); -#define YYDEBUG 1 -#if !defined(ultrix) && !defined(hpux) -int yydebug = 1; -#else -extern int yydebug; -#endif - -iface_t *iflist = NULL, **iftail = &iflist; -iface_t *cifp = NULL; -arp_t *arplist = NULL, **arptail = &arplist, *carp = NULL; -struct in_addr defrouter; -send_t sending; -char *sclass = NULL; -u_short c_chksum __P((u_short *, u_int, u_long)); -u_long p_chksum __P((u_short *, u_int)); - -u_long ipbuffer[67584/sizeof(u_long)]; /* 66K */ -aniphdr_t *aniphead = NULL, *canip = NULL, **aniptail = &aniphead; -ip_t *ip = NULL; -udphdr_t *udp = NULL; -tcphdr_t *tcp = NULL; -icmphdr_t *icmp = NULL; - -struct statetoopt { - int sto_st; - int sto_op; -}; - -struct in_addr getipv4addr __P((char *arg)); -u_short getportnum __P((char *, char *)); -struct ether_addr *geteaddr __P((char *, struct ether_addr *)); -void *new_header __P((int)); -void free_aniplist __P((void)); -void inc_anipheaders __P((int)); -void new_data __P((void)); -void set_datalen __P((char **)); -void set_datafile __P((char **)); -void set_data __P((char **)); -void new_packet __P((void)); -void set_ipv4proto __P((char **)); -void set_ipv4src __P((char **)); -void set_ipv4dst __P((char **)); -void set_ipv4off __P((char **)); -void set_ipv4v __P((char **)); -void set_ipv4hl __P((char **)); -void set_ipv4ttl __P((char **)); -void set_ipv4tos __P((char **)); -void set_ipv4id __P((char **)); -void set_ipv4sum __P((char **)); -void set_ipv4len __P((char **)); -void new_tcpheader __P((void)); -void set_tcpsport __P((char **)); -void set_tcpdport __P((char **)); -void set_tcpseq __P((char **)); -void set_tcpack __P((char **)); -void set_tcpoff __P((char **)); -void set_tcpurp __P((char **)); -void set_tcpwin __P((char **)); -void set_tcpsum __P((char **)); -void set_tcpflags __P((char **)); -void set_tcpopt __P((int, char **)); -void end_tcpopt __P((void)); -void new_udpheader __P((void)); -void set_udplen __P((char **)); -void set_udpsum __P((char **)); -void prep_packet __P((void)); -void packet_done __P((void)); -void new_interface __P((void)); -void check_interface __P((void)); -void set_ifname __P((char **)); -void set_ifmtu __P((int)); -void set_ifv4addr __P((char **)); -void set_ifeaddr __P((char **)); -void new_arp __P((void)); -void set_arpeaddr __P((char **)); -void set_arpv4addr __P((char **)); -void reset_send __P((void)); -void set_sendif __P((char **)); -void set_sendvia __P((char **)); -void set_defaultrouter __P((char **)); -void new_icmpheader __P((void)); -void set_icmpcode __P((int)); -void set_icmptype __P((int)); -void set_icmpcodetok __P((char **)); -void set_icmptypetok __P((char **)); -void set_icmpid __P((int)); -void set_icmpseq __P((int)); -void set_icmpotime __P((int)); -void set_icmprtime __P((int)); -void set_icmpttime __P((int)); -void set_icmpmtu __P((int)); -void set_redir __P((int, char **)); -void new_ipv4opt __P((void)); -void set_icmppprob __P((int)); -void add_ipopt __P((int, void *)); -void end_ipopt __P((void)); -void set_secclass __P((char **)); -void free_anipheader __P((void)); -void end_ipv4 __P((void)); -void end_icmp __P((void)); -void end_udp __P((void)); -void end_tcp __P((void)); -void end_data __P((void)); -void yyerror __P((char *)); -void iplang __P((FILE *)); -int arp_getipv4 __P((char *, char *)); -int yyparse __P((void)); -%} -%union { - char *str; - int num; -} -%token IL_NUMBER -%type number digits optnumber -%token IL_TOKEN -%type token optoken -%token IL_HEXDIGIT IL_COLON IL_DOT IL_EOF IL_COMMENT -%token IL_INTERFACE IL_IFNAME IL_MTU IL_EADDR -%token IL_IPV4 IL_V4PROTO IL_V4SRC IL_V4DST IL_V4OFF IL_V4V IL_V4HL IL_V4TTL -%token IL_V4TOS IL_V4SUM IL_V4LEN IL_V4OPT IL_V4ID -%token IL_TCP IL_SPORT IL_DPORT IL_TCPFL IL_TCPSEQ IL_TCPACK IL_TCPOFF -%token IL_TCPWIN IL_TCPSUM IL_TCPURP IL_TCPOPT IL_TCPO_NOP IL_TCPO_EOL -%token IL_TCPO_MSS IL_TCPO_WSCALE IL_TCPO_TS -%token IL_UDP IL_UDPLEN IL_UDPSUM -%token IL_ICMP IL_ICMPTYPE IL_ICMPCODE -%token IL_SEND IL_VIA -%token IL_ARP -%token IL_DEFROUTER -%token IL_SUM IL_OFF IL_LEN IL_V4ADDR IL_OPT -%token IL_DATA IL_DLEN IL_DVALUE IL_DFILE -%token IL_IPO_NOP IL_IPO_RR IL_IPO_ZSU IL_IPO_MTUP IL_IPO_MTUR IL_IPO_EOL -%token IL_IPO_TS IL_IPO_TR IL_IPO_SEC IL_IPO_LSRR IL_IPO_ESEC -%token IL_IPO_SATID IL_IPO_SSRR IL_IPO_ADDEXT IL_IPO_VISA IL_IPO_IMITD -%token IL_IPO_EIP IL_IPO_FINN IL_IPO_SECCLASS IL_IPO_CIPSO IL_IPO_ENCODE -%token IL_IPS_RESERV4 IL_IPS_TOPSECRET IL_IPS_SECRET IL_IPS_RESERV3 -%token IL_IPS_CONFID IL_IPS_UNCLASS IL_IPS_RESERV2 IL_IPS_RESERV1 -%token IL_ICMP_ECHOREPLY IL_ICMP_UNREACH IL_ICMP_UNREACH_NET -%token IL_ICMP_UNREACH_HOST IL_ICMP_UNREACH_PROTOCOL IL_ICMP_UNREACH_PORT -%token IL_ICMP_UNREACH_NEEDFRAG IL_ICMP_UNREACH_SRCFAIL -%token IL_ICMP_UNREACH_NET_UNKNOWN IL_ICMP_UNREACH_HOST_UNKNOWN -%token IL_ICMP_UNREACH_ISOLATED IL_ICMP_UNREACH_NET_PROHIB -%token IL_ICMP_UNREACH_HOST_PROHIB IL_ICMP_UNREACH_TOSNET -%token IL_ICMP_UNREACH_TOSHOST IL_ICMP_UNREACH_FILTER_PROHIB -%token IL_ICMP_UNREACH_HOST_PRECEDENCE IL_ICMP_UNREACH_PRECEDENCE_CUTOFF -%token IL_ICMP_SOURCEQUENCH IL_ICMP_REDIRECT IL_ICMP_REDIRECT_NET -%token IL_ICMP_REDIRECT_HOST IL_ICMP_REDIRECT_TOSNET -%token IL_ICMP_REDIRECT_TOSHOST IL_ICMP_ECHO IL_ICMP_ROUTERADVERT -%token IL_ICMP_ROUTERSOLICIT IL_ICMP_TIMXCEED IL_ICMP_TIMXCEED_INTRANS -%token IL_ICMP_TIMXCEED_REASS IL_ICMP_PARAMPROB IL_ICMP_PARAMPROB_OPTABSENT -%token IL_ICMP_TSTAMP IL_ICMP_TSTAMPREPLY IL_ICMP_IREQ IL_ICMP_IREQREPLY -%token IL_ICMP_MASKREQ IL_ICMP_MASKREPLY IL_ICMP_SEQ IL_ICMP_ID -%token IL_ICMP_OTIME IL_ICMP_RTIME IL_ICMP_TTIME - -%% -file: line - | line file - | IL_COMMENT - | IL_COMMENT file - ; - -line: iface - | arp - | send - | defrouter - | ipline - ; - -iface: ifhdr '{' ifaceopts '}' ';' { check_interface(); } - ; - -ifhdr: IL_INTERFACE { new_interface(); } - ; - -ifaceopts: - ifaceopt - | ifaceopt ifaceopts - ; - -ifaceopt: - IL_IFNAME token { set_ifname(&$2); } - | IL_MTU number { set_ifmtu($2); } - | IL_V4ADDR token { set_ifv4addr(&$2); } - | IL_EADDR token { set_ifeaddr(&$2); } - ; - -send: sendhdr '{' sendbody '}' ';' { packet_done(); } - | sendhdr ';' { packet_done(); } - ; - -sendhdr: - IL_SEND { reset_send(); } - ; - -sendbody: - sendopt - | sendbody sendopt - ; - -sendopt: - IL_IFNAME token { set_sendif(&$2); } - | IL_VIA token { set_sendvia(&$2); } - ; - -arp: arphdr '{' arpbody '}' ';' - ; - -arphdr: IL_ARP { new_arp(); } - ; - -arpbody: - arpopt - | arpbody arpopt - ; - -arpopt: IL_V4ADDR token { set_arpv4addr(&$2); } - | IL_EADDR token { set_arpeaddr(&$2); } - ; - -defrouter: - IL_DEFROUTER token { set_defaultrouter(&$2); } - ; - -bodyline: - ipline - | tcp tcpline - | udp udpline - | icmp icmpline - | data dataline - ; - -ipline: ipv4 '{' ipv4body '}' ';' { end_ipv4(); } - ; - -ipv4: IL_IPV4 { new_packet(); } - -ipv4body: - ipv4type - | ipv4type ipv4body - | bodyline - ; - -ipv4type: - IL_V4PROTO token { set_ipv4proto(&$2); } - | IL_V4SRC token { set_ipv4src(&$2); } - | IL_V4DST token { set_ipv4dst(&$2); } - | IL_V4OFF token { set_ipv4off(&$2); } - | IL_V4V token { set_ipv4v(&$2); } - | IL_V4HL token { set_ipv4hl(&$2); } - | IL_V4ID token { set_ipv4id(&$2); } - | IL_V4TTL token { set_ipv4ttl(&$2); } - | IL_V4TOS token { set_ipv4tos(&$2); } - | IL_V4SUM token { set_ipv4sum(&$2); } - | IL_V4LEN token { set_ipv4len(&$2); } - | ipv4opt '{' ipv4optlist '}' ';' { end_ipopt(); } - ; - -tcp: IL_TCP { new_tcpheader(); } - ; - -tcpline: - '{' tcpheader '}' ';' { end_tcp(); } - ; - -tcpheader: - tcpbody - | tcpbody tcpheader - | bodyline - ; - -tcpbody: - IL_SPORT token { set_tcpsport(&$2); } - | IL_DPORT token { set_tcpdport(&$2); } - | IL_TCPSEQ token { set_tcpseq(&$2); } - | IL_TCPACK token { set_tcpack(&$2); } - | IL_TCPOFF token { set_tcpoff(&$2); } - | IL_TCPURP token { set_tcpurp(&$2); } - | IL_TCPWIN token { set_tcpwin(&$2); } - | IL_TCPSUM token { set_tcpsum(&$2); } - | IL_TCPFL token { set_tcpflags(&$2); } - | IL_TCPOPT '{' tcpopts '}' ';' { end_tcpopt(); } - ; - -tcpopts: - | tcpopt tcpopts - ; - -tcpopt: IL_TCPO_NOP ';' { set_tcpopt(IL_TCPO_NOP, NULL); } - | IL_TCPO_EOL ';' { set_tcpopt(IL_TCPO_EOL, NULL); } - | IL_TCPO_MSS optoken { set_tcpopt(IL_TCPO_MSS,&$2);} - | IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_WSCALE,&$2);} - | IL_TCPO_TS optoken { set_tcpopt(IL_TCPO_TS, &$2);} - ; - -udp: IL_UDP { new_udpheader(); } - ; - -udpline: - '{' udpheader '}' ';' { end_udp(); } - ; - - -udpheader: - udpbody - | udpbody udpheader - | bodyline - ; - -udpbody: - IL_SPORT token { set_tcpsport(&$2); } - | IL_DPORT token { set_tcpdport(&$2); } - | IL_UDPLEN token { set_udplen(&$2); } - | IL_UDPSUM token { set_udpsum(&$2); } - ; - -icmp: IL_ICMP { new_icmpheader(); } - ; - -icmpline: - '{' icmpbody '}' ';' { end_icmp(); } - ; - -icmpbody: - icmpheader - | icmpheader bodyline - ; - -icmpheader: - IL_ICMPTYPE icmptype - | IL_ICMPTYPE icmptype icmpcode - ; - -icmpcode: - IL_ICMPCODE token { set_icmpcodetok(&$2); } - ; - -icmptype: - IL_ICMP_ECHOREPLY ';' { set_icmptype(ICMP_ECHOREPLY); } - | IL_ICMP_ECHOREPLY '{' icmpechoopts '}' ';' - | unreach - | IL_ICMP_SOURCEQUENCH ';' { set_icmptype(ICMP_SOURCEQUENCH); } - | redirect - | IL_ICMP_ROUTERADVERT ';' { set_icmptype(ICMP_ROUTERADVERT); } - | IL_ICMP_ROUTERSOLICIT ';' { set_icmptype(ICMP_ROUTERSOLICIT); } - | IL_ICMP_ECHO ';' { set_icmptype(ICMP_ECHO); } - | IL_ICMP_ECHO '{' icmpechoopts '}' ';' - | IL_ICMP_TIMXCEED ';' { set_icmptype(ICMP_TIMXCEED); } - | IL_ICMP_TIMXCEED '{' exceed '}' ';' - | IL_ICMP_TSTAMP ';' { set_icmptype(ICMP_TSTAMP); } - | IL_ICMP_TSTAMPREPLY ';' { set_icmptype(ICMP_TSTAMPREPLY); } - | IL_ICMP_TSTAMPREPLY '{' icmptsopts '}' ';' - | IL_ICMP_IREQ ';' { set_icmptype(ICMP_IREQ); } - | IL_ICMP_IREQREPLY ';' { set_icmptype(ICMP_IREQREPLY); } - | IL_ICMP_IREQREPLY '{' data dataline '}' ';' - | IL_ICMP_MASKREQ ';' { set_icmptype(ICMP_MASKREQ); } - | IL_ICMP_MASKREPLY ';' { set_icmptype(ICMP_MASKREPLY); } - | IL_ICMP_MASKREPLY '{' token '}' ';' - | IL_ICMP_PARAMPROB ';' { set_icmptype(ICMP_PARAMPROB); } - | IL_ICMP_PARAMPROB '{' paramprob '}' ';' - | IL_TOKEN ';' { set_icmptypetok(&$1); } - ; - -icmpechoopts: - | icmpechoopts icmpecho - ; - -icmpecho: - IL_ICMP_SEQ number { set_icmpseq($2); } - | IL_ICMP_ID number { set_icmpid($2); } - ; - -icmptsopts: - | icmptsopts icmpts ';' - ; - -icmpts: IL_ICMP_OTIME number { set_icmpotime($2); } - | IL_ICMP_RTIME number { set_icmprtime($2); } - | IL_ICMP_TTIME number { set_icmpttime($2); } - ; - -unreach: - IL_ICMP_UNREACH - | IL_ICMP_UNREACH '{' unreachopts '}' ';' - ; - -unreachopts: - IL_ICMP_UNREACH_NET line - | IL_ICMP_UNREACH_HOST line - | IL_ICMP_UNREACH_PROTOCOL line - | IL_ICMP_UNREACH_PORT line - | IL_ICMP_UNREACH_NEEDFRAG number ';' { set_icmpmtu($2); } - | IL_ICMP_UNREACH_SRCFAIL line - | IL_ICMP_UNREACH_NET_UNKNOWN line - | IL_ICMP_UNREACH_HOST_UNKNOWN line - | IL_ICMP_UNREACH_ISOLATED line - | IL_ICMP_UNREACH_NET_PROHIB line - | IL_ICMP_UNREACH_HOST_PROHIB line - | IL_ICMP_UNREACH_TOSNET line - | IL_ICMP_UNREACH_TOSHOST line - | IL_ICMP_UNREACH_FILTER_PROHIB line - | IL_ICMP_UNREACH_HOST_PRECEDENCE line - | IL_ICMP_UNREACH_PRECEDENCE_CUTOFF line - ; - -redirect: - IL_ICMP_REDIRECT - | IL_ICMP_REDIRECT '{' redirectopts '}' ';' - ; - -redirectopts: - | IL_ICMP_REDIRECT_NET token { set_redir(0, &$2); } - | IL_ICMP_REDIRECT_HOST token { set_redir(1, &$2); } - | IL_ICMP_REDIRECT_TOSNET token { set_redir(2, &$2); } - | IL_ICMP_REDIRECT_TOSHOST token { set_redir(3, &$2); } - ; - -exceed: - IL_ICMP_TIMXCEED_INTRANS line - | IL_ICMP_TIMXCEED_REASS line - ; - -paramprob: - IL_ICMP_PARAMPROB_OPTABSENT - | IL_ICMP_PARAMPROB_OPTABSENT paraprobarg - -paraprobarg: - '{' number '}' ';' { set_icmppprob($2); } - ; - -ipv4opt: IL_V4OPT { new_ipv4opt(); } - ; - -ipv4optlist: - | ipv4opts ipv4optlist - ; - -ipv4opts: - IL_IPO_NOP ';' { add_ipopt(IL_IPO_NOP, NULL); } - | IL_IPO_RR optnumber { add_ipopt(IL_IPO_RR, &$2); } - | IL_IPO_ZSU ';' { add_ipopt(IL_IPO_ZSU, NULL); } - | IL_IPO_MTUP ';' { add_ipopt(IL_IPO_MTUP, NULL); } - | IL_IPO_MTUR ';' { add_ipopt(IL_IPO_MTUR, NULL); } - | IL_IPO_ENCODE ';' { add_ipopt(IL_IPO_ENCODE, NULL); } - | IL_IPO_TS ';' { add_ipopt(IL_IPO_TS, NULL); } - | IL_IPO_TR ';' { add_ipopt(IL_IPO_TR, NULL); } - | IL_IPO_SEC ';' { add_ipopt(IL_IPO_SEC, NULL); } - | IL_IPO_SECCLASS secclass { add_ipopt(IL_IPO_SECCLASS, sclass); } - | IL_IPO_LSRR token { add_ipopt(IL_IPO_LSRR,&$2); } - | IL_IPO_ESEC ';' { add_ipopt(IL_IPO_ESEC, NULL); } - | IL_IPO_CIPSO ';' { add_ipopt(IL_IPO_CIPSO, NULL); } - | IL_IPO_SATID optnumber { add_ipopt(IL_IPO_SATID,&$2);} - | IL_IPO_SSRR token { add_ipopt(IL_IPO_SSRR,&$2); } - | IL_IPO_ADDEXT ';' { add_ipopt(IL_IPO_ADDEXT, NULL); } - | IL_IPO_VISA ';' { add_ipopt(IL_IPO_VISA, NULL); } - | IL_IPO_IMITD ';' { add_ipopt(IL_IPO_IMITD, NULL); } - | IL_IPO_EIP ';' { add_ipopt(IL_IPO_EIP, NULL); } - | IL_IPO_FINN ';' { add_ipopt(IL_IPO_FINN, NULL); } - ; - -secclass: - IL_IPS_RESERV4 ';' { set_secclass(&$1); } - | IL_IPS_TOPSECRET ';' { set_secclass(&$1); } - | IL_IPS_SECRET ';' { set_secclass(&$1); } - | IL_IPS_RESERV3 ';' { set_secclass(&$1); } - | IL_IPS_CONFID ';' { set_secclass(&$1); } - | IL_IPS_UNCLASS ';' { set_secclass(&$1); } - | IL_IPS_RESERV2 ';' { set_secclass(&$1); } - | IL_IPS_RESERV1 ';' { set_secclass(&$1); } - ; - -data: IL_DATA { new_data(); } - ; - -dataline: - '{' databody '}' ';' { end_data(); } - ; - -databody: dataopts - | dataopts databody - ; - -dataopts: - IL_DLEN token { set_datalen(&$2); } - | IL_DVALUE token { set_data(&$2); } - | IL_DFILE token { set_datafile(&$2); } - ; - -token: IL_TOKEN ';' - ; - -optoken: ';' { $$ = ""; } - | token - ; - -number: digits ';' - ; - -optnumber: ';' { $$ = 0; } - | number - ; - -digits: IL_NUMBER - | digits IL_NUMBER - ; -%% - -struct statetoopt toipopts[] = { - { IL_IPO_NOP, IPOPT_NOP }, - { IL_IPO_RR, IPOPT_RR }, - { IL_IPO_ZSU, IPOPT_ZSU }, - { IL_IPO_MTUP, IPOPT_MTUP }, - { IL_IPO_MTUR, IPOPT_MTUR }, - { IL_IPO_ENCODE, IPOPT_ENCODE }, - { IL_IPO_TS, IPOPT_TS }, - { IL_IPO_TR, IPOPT_TR }, - { IL_IPO_SEC, IPOPT_SECURITY }, - { IL_IPO_SECCLASS, IPOPT_SECURITY }, - { IL_IPO_LSRR, IPOPT_LSRR }, - { IL_IPO_ESEC, IPOPT_E_SEC }, - { IL_IPO_CIPSO, IPOPT_CIPSO }, - { IL_IPO_SATID, IPOPT_SATID }, - { IL_IPO_SSRR, IPOPT_SSRR }, - { IL_IPO_ADDEXT, IPOPT_ADDEXT }, - { IL_IPO_VISA, IPOPT_VISA }, - { IL_IPO_IMITD, IPOPT_IMITD }, - { IL_IPO_EIP, IPOPT_EIP }, - { IL_IPO_FINN, IPOPT_FINN }, - { 0, 0 } -}; - -struct statetoopt tosecopts[] = { - { IL_IPS_RESERV4, IPSO_CLASS_RES4 }, - { IL_IPS_TOPSECRET, IPSO_CLASS_TOPS }, - { IL_IPS_SECRET, IPSO_CLASS_SECR }, - { IL_IPS_RESERV3, IPSO_CLASS_RES3 }, - { IL_IPS_CONFID, IPSO_CLASS_CONF }, - { IL_IPS_UNCLASS, IPSO_CLASS_UNCL }, - { IL_IPS_RESERV2, IPSO_CLASS_RES2 }, - { IL_IPS_RESERV1, IPSO_CLASS_RES1 }, - { 0, 0 } -}; - -#ifdef bsdi -struct ether_addr * -ether_aton(s) - char *s; -{ - static struct ether_addr n; - u_int i[6]; - - if (sscanf(s, " %x:%x:%x:%x:%x:%x ", &i[0], &i[1], - &i[2], &i[3], &i[4], &i[5]) == 6) { - n.ether_addr_octet[0] = (u_char)i[0]; - n.ether_addr_octet[1] = (u_char)i[1]; - n.ether_addr_octet[2] = (u_char)i[2]; - n.ether_addr_octet[3] = (u_char)i[3]; - n.ether_addr_octet[4] = (u_char)i[4]; - n.ether_addr_octet[5] = (u_char)i[5]; - return &n; - } - return NULL; -} -#endif - - -struct in_addr getipv4addr(arg) -char *arg; -{ - struct hostent *hp; - struct in_addr in; - - in.s_addr = 0xffffffff; - - if ((hp = gethostbyname(arg))) - bcopy(hp->h_addr, &in.s_addr, sizeof(struct in_addr)); - else - in.s_addr = inet_addr(arg); - return in; -} - - -u_short getportnum(pr, name) -char *pr, *name; -{ - struct servent *sp; - - if (!(sp = getservbyname(name, pr))) - return htons(atoi(name)); - return sp->s_port; -} - - -struct ether_addr *geteaddr(arg, buf) -char *arg; -struct ether_addr *buf; -{ - struct ether_addr *e; - -#if !defined(hpux) && !defined(linux) - e = ether_aton(arg); - if (!e) - fprintf(stderr, "Invalid ethernet address: %s\n", arg); - else -# ifdef __FreeBSD__ - bcopy(e->octet, buf->octet, sizeof(e->octet)); -# else - bcopy(e->ether_addr_octet, buf->ether_addr_octet, - sizeof(e->ether_addr_octet)); -# endif - return e; -#else - return NULL; -#endif -} - - -void *new_header(type) -int type; -{ - aniphdr_t *aip, *oip = canip; - int sz = 0; - - aip = (aniphdr_t *)calloc(1, sizeof(*aip)); - *aniptail = aip; - aniptail = &aip->ah_next; - aip->ah_p = type; - aip->ah_prev = oip; - canip = aip; - - if (type == IPPROTO_UDP) - sz = sizeof(udphdr_t); - else if (type == IPPROTO_TCP) - sz = sizeof(tcphdr_t); - else if (type == IPPROTO_ICMP) - sz = sizeof(icmphdr_t); - else if (type == IPPROTO_IP) - sz = sizeof(ip_t); - - if (oip) - canip->ah_data = oip->ah_data + oip->ah_len; - else - canip->ah_data = (char *)ipbuffer; - - /* - * Increase the size fields in all wrapping headers. - */ - for (aip = aniphead; aip; aip = aip->ah_next) { - aip->ah_len += sz; - if (aip->ah_p == IPPROTO_IP) - aip->ah_ip->ip_len += sz; - else if (aip->ah_p == IPPROTO_UDP) - aip->ah_udp->uh_ulen += sz; - } - return (void *)canip->ah_data; -} - - -void free_aniplist() -{ - aniphdr_t *aip, **aipp = &aniphead; - - while ((aip = *aipp)) { - *aipp = aip->ah_next; - free(aip); - } - aniptail = &aniphead; -} - - -void inc_anipheaders(inc) -int inc; -{ - aniphdr_t *aip; - - for (aip = aniphead; aip; aip = aip->ah_next) { - aip->ah_len += inc; - if (aip->ah_p == IPPROTO_IP) - aip->ah_ip->ip_len += inc; - else if (aip->ah_p == IPPROTO_UDP) - aip->ah_udp->uh_ulen += inc; - } -} - - -void new_data() -{ - (void) new_header(-1); - canip->ah_len = 0; -} - - -void set_datalen(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len); - free(*arg); - *arg = NULL; -} - - -void set_data(arg) -char **arg; -{ - u_char *s = (u_char *)*arg, *t = (u_char *)canip->ah_data, c; - int len = 0, todo = 0, quote = 0, val = 0; - - while ((c = *s++)) { - if (todo) { - if (isdigit(c)) { - todo--; - if (c > '7') { - fprintf(stderr, "octal with %c!\n", c); - break; - } - val <<= 3; - val |= (c - '0'); - } - if (!isdigit(c) || !todo) { - *t++ = (u_char)(val & 0xff); - todo = 0; - } - if (todo) - continue; - } - if (quote) { - if (isdigit(c)) { - todo = 2; - if (c > '7') { - fprintf(stderr, "octal with %c!\n", c); - break; - } - val = (c - '0'); - } else { - switch (c) - { - case '\"' : - *t++ = '\"'; - break; - case '\\' : - *t++ = '\\'; - break; - case 'n' : - *t++ = '\n'; - break; - case 'r' : - *t++ = '\r'; - break; - case 't' : - *t++ = '\t'; - break; - } - } - quote = 0; - continue; - } - - if (c == '\\') - quote = 1; - else - *t++ = c; - } - if (todo) - *t++ = (u_char)(val & 0xff); - if (quote) - *t++ = '\\'; - len = t - (u_char *)canip->ah_data; - inc_anipheaders(len - canip->ah_len); - canip->ah_len = len; -} - - -void set_datafile(arg) -char **arg; -{ - struct stat sb; - char *file = *arg; - int fd, len; - - if ((fd = open(file, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - - if (fstat(fd, &sb) == -1) { - perror("fstat"); - exit(-1); - } - - if ((sb.st_size + aniphead->ah_len ) > 65535) { - fprintf(stderr, "data file %s too big to include.\n", file); - close(fd); - return; - } - if ((len = read(fd, canip->ah_data, sb.st_size)) == -1) { - perror("read"); - close(fd); - return; - } - inc_anipheaders(len); - canip->ah_len += len; - close(fd); -} - - -void new_packet() -{ - static u_short id = 0; - - if (!aniphead) - bzero((char *)ipbuffer, sizeof(ipbuffer)); - - ip = (ip_t *)new_header(IPPROTO_IP); - ip->ip_v = IPVERSION; - ip->ip_hl = sizeof(ip_t) >> 2; - ip->ip_len = sizeof(ip_t); - ip->ip_ttl = 63; - ip->ip_id = htons(id++); -} - - -void set_ipv4proto(arg) -char **arg; -{ - struct protoent *pr; - - if ((pr = getprotobyname(*arg))) - ip->ip_p = pr->p_proto; - else - if (!(ip->ip_p = atoi(*arg))) - fprintf(stderr, "unknown protocol %s\n", *arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4src(arg) -char **arg; -{ - ip->ip_src = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4dst(arg) -char **arg; -{ - ip->ip_dst = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4off(arg) -char **arg; -{ - ip->ip_off = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_ipv4v(arg) -char **arg; -{ - ip->ip_v = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4hl(arg) -char **arg; -{ - int newhl, inc; - - newhl = strtol(*arg, NULL, 0); - inc = (newhl - ip->ip_hl) << 2; - ip->ip_len += inc; - ip->ip_hl = newhl; - canip->ah_len += inc; - free(*arg); - *arg = NULL; -} - - -void set_ipv4ttl(arg) -char **arg; -{ - ip->ip_ttl = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4tos(arg) -char **arg; -{ - ip->ip_tos = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4id(arg) -char **arg; -{ - ip->ip_id = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_ipv4sum(arg) -char **arg; -{ - ip->ip_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4len(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len - ip->ip_len); - ip->ip_len = len; - free(*arg); - *arg = NULL; -} - - -void new_tcpheader() -{ - - if ((ip->ip_p) && (ip->ip_p != IPPROTO_TCP)) { - fprintf(stderr, "protocol %d specified with TCP!\n", ip->ip_p); - return; - } - ip->ip_p = IPPROTO_TCP; - - tcp = (tcphdr_t *)new_header(IPPROTO_TCP); - tcp->th_win = htons(4096); - tcp->th_off = sizeof(*tcp) >> 2; -} - - -void set_tcpsport(arg) -char **arg; -{ - u_short *port; - char *pr; - - if (ip->ip_p == IPPROTO_UDP) { - port = &udp->uh_sport; - pr = "udp"; - } else { - port = &tcp->th_sport; - pr = "udp"; - } - - *port = getportnum(pr, *arg); - free(*arg); - *arg = NULL; -} - - -void set_tcpdport(arg) -char **arg; -{ - u_short *port; - char *pr; - - if (ip->ip_p == IPPROTO_UDP) { - port = &udp->uh_dport; - pr = "udp"; - } else { - port = &tcp->th_dport; - pr = "udp"; - } - - *port = getportnum(pr, *arg); - free(*arg); - *arg = NULL; -} - - -void set_tcpseq(arg) -char **arg; -{ - tcp->th_seq = htonl(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpack(arg) -char **arg; -{ - tcp->th_ack = htonl(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpoff(arg) -char **arg; -{ - int off; - - off = strtol(*arg, NULL, 0); - inc_anipheaders((off - tcp->th_off) << 2); - tcp->th_off = off; - free(*arg); - *arg = NULL; -} - - -void set_tcpurp(arg) -char **arg; -{ - tcp->th_urp = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpwin(arg) -char **arg; -{ - tcp->th_win = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpsum(arg) -char **arg; -{ - tcp->th_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_tcpflags(arg) -char **arg; -{ - static char flags[] = "ASURPF"; - static int flagv[] = { TH_ACK, TH_SYN, TH_URG, TH_RST, TH_PUSH, - TH_FIN } ; - char *s, *t; - - for (s = *arg; *s; s++) - if (!(t = strchr(flags, *s))) { - if (s - *arg) { - fprintf(stderr, "unknown TCP flag %c\n", *s); - break; - } - tcp->th_flags = strtol(*arg, NULL, 0); - break; - } else - tcp->th_flags |= flagv[t - flags]; - free(*arg); - *arg = NULL; -} - - -void set_tcpopt(state, arg) -int state; -char **arg; -{ - u_char *s; - int val, len, val2, pad, optval; - - if (arg && *arg) - val = atoi(*arg); - else - val = 0; - - s = (u_char *)tcp + sizeof(*tcp) + canip->ah_optlen; - switch (state) - { - case IL_TCPO_EOL : - optval = 0; - len = 1; - break; - case IL_TCPO_NOP : - optval = 1; - len = 1; - break; - case IL_TCPO_MSS : - optval = 2; - len = 4; - break; - case IL_TCPO_WSCALE : - optval = 3; - len = 3; - break; - case IL_TCPO_TS : - optval = 8; - len = 10; - break; - default : - optval = 0; - len = 0; - break; - } - - if (len > 1) { - /* - * prepend padding - if required. - */ - if (len & 3) - for (pad = 4 - (len & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - /* - * build tcp option - */ - *s++ = (u_char)optval; - *s++ = (u_char)len; - if (len > 2) { - if (len == 3) { /* 1 byte - char */ - *s++ = (u_char)val; - } else if (len == 4) { /* 2 bytes - short */ - *s++ = (u_char)((val >> 8) & 0xff); - *s++ = (u_char)(val & 0xff); - } else if (len >= 6) { /* 4 bytes - long */ - val2 = htonl(val); - bcopy((char *)&val2, s, 4); - } - s += (len - 2); - } - } else - *s++ = (u_char)optval; - - canip->ah_lastopt = optval; - canip->ah_optlen += len; - - if (arg && *arg) { - free(*arg); - *arg = NULL; - } -} - - -void end_tcpopt() -{ - int pad; - char *s = (char *)tcp; - - s += sizeof(*tcp) + canip->ah_optlen; - /* - * pad out so that we have a multiple of 4 bytes in size fo the - * options. make sure last byte is EOL. - */ - if (canip->ah_optlen & 3) { - if (canip->ah_lastopt != 1) { - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - canip->ah_optlen++; - } else { - s -= 1; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - } - *s++ = 0; - } - tcp->th_off = (sizeof(*tcp) + canip->ah_optlen) >> 2; - inc_anipheaders(canip->ah_optlen); -} - - -void new_udpheader() -{ - if ((ip->ip_p) && (ip->ip_p != IPPROTO_UDP)) { - fprintf(stderr, "protocol %d specified with UDP!\n", ip->ip_p); - return; - } - ip->ip_p = IPPROTO_UDP; - - udp = (udphdr_t *)new_header(IPPROTO_UDP); - udp->uh_ulen = sizeof(*udp); -} - - -void set_udplen(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len - udp->uh_ulen); - udp->uh_ulen = len; - free(*arg); - *arg = NULL; -} - - -void set_udpsum(arg) -char **arg; -{ - udp->uh_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void prep_packet() -{ - iface_t *ifp; - struct in_addr gwip; - - ifp = sending.snd_if; - if (!ifp) { - fprintf(stderr, "no interface defined for sending!\n"); - return; - } - if (ifp->if_fd == -1) - ifp->if_fd = initdevice(ifp->if_name, 0, 5); - gwip = sending.snd_gw; - if (!gwip.s_addr) - gwip = aniphead->ah_ip->ip_dst; - (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); -} - - -void packet_done() -{ - char outline[80]; - int i, j, k; - u_char *s = (u_char *)ipbuffer, *t = (u_char *)outline; - - if (opts & OPT_VERBOSE) { - ip->ip_len = htons(ip->ip_len); - for (i = ntohs(ip->ip_len), j = 0; i; i--, j++, s++) { - if (j && !(j & 0xf)) { - *t++ = '\n'; - *t = '\0'; - fputs(outline, stdout); - fflush(stdout); - t = (u_char *)outline; - *t = '\0'; - } - sprintf((char *)t, "%02x", *s & 0xff); - t += 2; - if (!((j + 1) & 0xf)) { - s -= 15; - sprintf((char *)t, " "); - t += 8; - for (k = 16; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - s--; - } - - if ((j + 1) & 0xf) - *t++ = ' ';; - } - - if (j & 0xf) { - for (k = 16 - (j & 0xf); k; k--) { - *t++ = ' '; - *t++ = ' '; - *t++ = ' '; - } - sprintf((char *)t, " "); - t += 7; - s -= j & 0xf; - for (k = j & 0xf; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - *t++ = '\n'; - *t = '\0'; - } - fputs(outline, stdout); - fflush(stdout); - ip->ip_len = ntohs(ip->ip_len); - } - - prep_packet(); - free_aniplist(); -} - - -void new_interface() -{ - cifp = (iface_t *)calloc(1, sizeof(iface_t)); - *iftail = cifp; - iftail = &cifp->if_next; - cifp->if_fd = -1; -} - - -void check_interface() -{ - if (!cifp->if_name || !*cifp->if_name) - fprintf(stderr, "No interface name given!\n"); - if (!cifp->if_MTU || !*cifp->if_name) - fprintf(stderr, "Interface %s has an MTU of 0!\n", - cifp->if_name); -} - - -void set_ifname(arg) -char **arg; -{ - cifp->if_name = *arg; - *arg = NULL; -} - - -void set_ifmtu(arg) -int arg; -{ - cifp->if_MTU = arg; -} - - -void set_ifv4addr(arg) -char **arg; -{ - cifp->if_addr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ifeaddr(arg) -char **arg; -{ - (void) geteaddr(*arg, &cifp->if_eaddr); - free(*arg); - *arg = NULL; -} - - -void new_arp() -{ - carp = (arp_t *)calloc(1, sizeof(arp_t)); - *arptail = carp; - arptail = &carp->arp_next; -} - - -void set_arpeaddr(arg) -char **arg; -{ - (void) geteaddr(*arg, &carp->arp_eaddr); - free(*arg); - *arg = NULL; -} - - -void set_arpv4addr(arg) -char **arg; -{ - carp->arp_addr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -int arp_getipv4(ip, addr) -char *ip; -char *addr; -{ - arp_t *a; - - for (a = arplist; a; a = a->arp_next) - if (!bcmp(ip, (char *)&a->arp_addr, 4)) { - bcopy((char *)&a->arp_eaddr, addr, 6); - return 0; - } - return -1; -} - - -void reset_send() -{ - sending.snd_if = iflist; - sending.snd_gw = defrouter; -} - - -void set_sendif(arg) -char **arg; -{ - iface_t *ifp; - - for (ifp = iflist; ifp; ifp = ifp->if_next) - if (ifp->if_name && !strcmp(ifp->if_name, *arg)) - break; - sending.snd_if = ifp; - if (!ifp) - fprintf(stderr, "couldn't find interface %s\n", *arg); - free(*arg); - *arg = NULL; -} - - -void set_sendvia(arg) -char **arg; -{ - sending.snd_gw = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_defaultrouter(arg) -char **arg; -{ - defrouter = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void new_icmpheader() -{ - if ((ip->ip_p) && (ip->ip_p != IPPROTO_ICMP)) { - fprintf(stderr, "protocol %d specified with ICMP!\n", - ip->ip_p); - return; - } - ip->ip_p = IPPROTO_ICMP; - icmp = (icmphdr_t *)new_header(IPPROTO_ICMP); -} - - -void set_icmpcode(code) -int code; -{ - icmp->icmp_code = code; -} - - -void set_icmptype(type) -int type; -{ - icmp->icmp_type = type; -} - - -static char *icmpcodes[] = { - "net-unr", "host-unr", "proto-unr", "port-unr", "needfrag", "srcfail", - "net-unk", "host-unk", "isolate", "net-prohib", "host-prohib", - "net-tos", "host-tos", NULL }; - -void set_icmpcodetok(code) -char **code; -{ - char *s; - int i; - - for (i = 0; (s = icmpcodes[i]); i++) - if (!strcmp(s, *code)) { - icmp->icmp_code = i; - break; - } - if (!s) - fprintf(stderr, "unknown ICMP code %s\n", *code); - free(*code); - *code = NULL; -} - - -static char *icmptypes[] = { - "echorep", (char *)NULL, (char *)NULL, "unreach", "squench", - "redir", (char *)NULL, (char *)NULL, "echo", (char *)NULL, - (char *)NULL, "timex", "paramprob", "timest", "timestrep", - "inforeq", "inforep", "maskreq", "maskrep", "END" -}; - -void set_icmptypetok(type) -char **type; -{ - char *s; - int i, done = 0; - - for (i = 0; !(s = icmptypes[i]) || strcmp(s, "END"); i++) - if (s && !strcmp(s, *type)) { - icmp->icmp_type = i; - done = 1; - break; - } - if (!done) - fprintf(stderr, "unknown ICMP type %s\n", *type); - free(*type); - *type = NULL; -} - - -void set_icmpid(arg) -int arg; -{ - icmp->icmp_id = htons(arg); -} - - -void set_icmpseq(arg) -int arg; -{ - icmp->icmp_seq = htons(arg); -} - - -void set_icmpotime(arg) -int arg; -{ - icmp->icmp_otime = htonl(arg); -} - - -void set_icmprtime(arg) -int arg; -{ - icmp->icmp_rtime = htonl(arg); -} - - -void set_icmpttime(arg) -int arg; -{ - icmp->icmp_ttime = htonl(arg); -} - - -void set_icmpmtu(arg) -int arg; -{ -#if BSD >= 199306 - icmp->icmp_nextmtu = htons(arg); -#endif -} - - -void set_redir(redir, arg) -int redir; -char **arg; -{ - icmp->icmp_code = redir; - icmp->icmp_gwaddr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_icmppprob(num) -int num; -{ - icmp->icmp_pptr = num; -} - - -void new_ipv4opt() -{ - new_header(-2); -} - - -void add_ipopt(state, ptr) -int state; -void *ptr; -{ - struct ipopt_names *io; - struct statetoopt *sto; - char numbuf[16], *arg, **param = ptr; - int inc, hlen; - - if (state == IL_IPO_RR || state == IL_IPO_SATID) { - if (param) - sprintf(numbuf, "%d", *(int *)param); - else - strcpy(numbuf, "0"); - arg = numbuf; - } else - arg = param ? *param : NULL; - - if (canip->ah_next) { - fprintf(stderr, "cannot specify options after data body\n"); - return; - } - for (sto = toipopts; sto->sto_st; sto++) - if (sto->sto_st == state) - break; - if (!sto || !sto->sto_st) { - fprintf(stderr, "No mapping for state %d to IP option\n", - state); - return; - } - - hlen = sizeof(ip_t) + canip->ah_optlen; - for (io = ionames; io->on_name; io++) - if (io->on_value == sto->sto_op) - break; - canip->ah_lastopt = io->on_value; - - if (io->on_name) { - inc = addipopt((char *)ip + hlen, io, hlen - sizeof(ip_t),arg); - if (inc > 0) { - while (inc & 3) { - ((char *)ip)[sizeof(*ip) + inc] = IPOPT_NOP; - canip->ah_lastopt = IPOPT_NOP; - inc++; - } - hlen += inc; - } - } - - canip->ah_optlen = hlen - sizeof(ip_t); - - if (state != IL_IPO_RR && state != IL_IPO_SATID) - if (param && *param) { - free(*param); - *param = NULL; - } - sclass = NULL; -} - - -void end_ipopt() -{ - int pad; - char *s, *buf = (char *)ip; - - /* - * pad out so that we have a multiple of 4 bytes in size fo the - * options. make sure last byte is EOL. - */ - if (canip->ah_lastopt == IPOPT_NOP) { - buf[sizeof(*ip) + canip->ah_optlen - 1] = IPOPT_EOL; - } else if (canip->ah_lastopt != IPOPT_EOL) { - s = buf + sizeof(*ip) + canip->ah_optlen; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = IPOPT_NOP; - *s = IPOPT_EOL; - canip->ah_optlen++; - } - canip->ah_optlen++; - } else { - s = buf + sizeof(*ip) + canip->ah_optlen - 1; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = IPOPT_NOP; - *s = IPOPT_EOL; - canip->ah_optlen++; - } - } - ip->ip_hl = (sizeof(*ip) + canip->ah_optlen) >> 2; - inc_anipheaders(canip->ah_optlen); - free_anipheader(); -} - - -void set_secclass(arg) -char **arg; -{ - sclass = *arg; - *arg = NULL; -} - - -void free_anipheader() -{ - aniphdr_t *aip; - - aip = canip; - if ((canip = aip->ah_prev)) { - canip->ah_next = NULL; - aniptail = &canip->ah_next; - } - - if (canip) - free(aip); -} - - -void end_ipv4() -{ - aniphdr_t *aip; - - ip->ip_sum = 0; - ip->ip_len = htons(ip->ip_len); - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - ip->ip_len = ntohs(ip->ip_len); - free_anipheader(); - for (aip = aniphead, ip = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_IP) - ip = aip->ah_ip; -} - - -void end_icmp() -{ - aniphdr_t *aip; - - icmp->icmp_cksum = 0; - icmp->icmp_cksum = chksum((u_short *)icmp, canip->ah_len); - free_anipheader(); - for (aip = aniphead, icmp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_ICMP) - icmp = aip->ah_icmp; -} - - -void end_udp() -{ - u_long sum; - aniphdr_t *aip; - ip_t iptmp; - - bzero((char *)&iptmp, sizeof(iptmp)); - iptmp.ip_p = ip->ip_p; - iptmp.ip_src = ip->ip_src; - iptmp.ip_dst = ip->ip_dst; - iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2)); - sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp)); - udp->uh_ulen = htons(udp->uh_ulen); - udp->uh_sum = c_chksum((u_short *)udp, (u_int)ntohs(iptmp.ip_len), sum); - free_anipheader(); - for (aip = aniphead, udp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_UDP) - udp = aip->ah_udp; -} - - -void end_tcp() -{ - u_long sum; - aniphdr_t *aip; - ip_t iptmp; - - bzero((char *)&iptmp, sizeof(iptmp)); - iptmp.ip_p = ip->ip_p; - iptmp.ip_src = ip->ip_src; - iptmp.ip_dst = ip->ip_dst; - iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2)); - sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp)); - tcp->th_sum = 0; - tcp->th_sum = c_chksum((u_short *)tcp, (u_int)ntohs(iptmp.ip_len), sum); - free_anipheader(); - for (aip = aniphead, tcp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_TCP) - tcp = aip->ah_tcp; -} - - -void end_data() -{ - free_anipheader(); -} - - -void iplang(fp) -FILE *fp; -{ - yyin = fp; - - yydebug = (opts & OPT_DEBUG) ? 1 : 0; - - while (!feof(fp)) - yyparse(); -} - - -u_short c_chksum(buf, len, init) -u_short *buf; -u_int len; -u_long init; -{ - u_long sum = init; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - sum = (sum>>16) + (sum & 0xffff); - sum += (sum >>16); - return (~sum); -} - - -u_long p_chksum(buf,len) -u_short *buf; -u_int len; -{ - u_long sum = 0; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - return sum; -} diff --git a/contrib/ipfilter/ipmon.c b/contrib/ipfilter/ipmon.c deleted file mode 100644 index aa5cf67fa9..0000000000 --- a/contrib/ipfilter/ipmon.c +++ /dev/null @@ -1,1495 +0,0 @@ -/* $FreeBSD: src/contrib/ipfilter/ipmon.c,v 1.5.2.7 2003/03/01 03:55:51 darrenr Exp $ */ -/* $FreeBSD: src/contrib/ipfilter/ipmon.c,v 1.5.2.8 2004/07/04 09:24:39 darrenr Exp $ */ -/* - * Copyright (C) 1993-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#ifndef SOLARIS -#define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun) -#endif - -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -# if (__FreeBSD_version >= 300000) -# include -# else -# include -# endif -#else -# include -# include -#endif -#if !defined(__SVR4) && !defined(__GNUC__) -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef linux -# include -# include -#endif - -#include -#include - -#include -#include - -#include "netinet/ip_compat.h" -#include -#include "netinet/ip_fil.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_state.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.37 2002/12/06 11:40:26 darrenr Exp $"; -#endif - - -#if defined(sun) && !defined(SOLARIS2) -#define STRERROR(x) sys_errlist[x] -extern char *sys_errlist[]; -#else -#define STRERROR(x) strerror(x) -#endif - - -struct flags { - int value; - char flag; -}; - - -typedef struct icmp_subtype { - int ist_val; - char *ist_name; -} icmp_subtype_t; - -typedef struct icmp_type { - int it_val; - struct icmp_subtype *it_subtable; - size_t it_stsize; - char *it_name; -} icmp_type_t; - - -#define IST_SZ(x) (sizeof(x)/sizeof(icmp_subtype_t)) - - -struct flags tcpfl[] = { - { TH_ACK, 'A' }, - { TH_RST, 'R' }, - { TH_SYN, 'S' }, - { TH_FIN, 'F' }, - { TH_URG, 'U' }, - { TH_PUSH,'P' }, - { TH_ECN, 'E' }, - { TH_CWR, 'C' }, - { 0, '\0' } -}; - -#if SOLARIS -static char *pidfile = "/etc/opt/ipf/ipmon.pid"; -#else -# if BSD >= 199306 -static char *pidfile = "/var/run/ipmon.pid"; -# else -static char *pidfile = "/etc/ipmon.pid"; -# endif -#endif - -static char line[2048]; -static int opts = 0; -static FILE *newlog = NULL; -static char *logfile = NULL; -static int donehup = 0; -static void usage __P((char *)); -static void handlehup __P((int)); -static void flushlogs __P((char *, FILE *)); -static void print_log __P((int, FILE *, char *, int)); -static void print_ipflog __P((FILE *, char *, int)); -static void print_natlog __P((FILE *, char *, int)); -static void print_statelog __P((FILE *, char *, int)); -static void dumphex __P((FILE *, u_char *, int)); -static int read_log __P((int, int *, char *, int)); -static void write_pid __P((char *)); -static char *icmpname __P((u_int, u_int)); -static char *icmpname6 __P((u_int, u_int)); -static icmp_type_t *find_icmptype __P((int, icmp_type_t *, size_t)); -static icmp_subtype_t *find_icmpsubtype __P((int, icmp_subtype_t *, size_t)); - -char *hostname __P((int, int, u_32_t *)); -char *portname __P((int, char *, u_int)); -int main __P((int, char *[])); - -static void logopts __P((int, char *)); -static void init_tabs __P((void)); -static char *getproto __P((u_int)); - -static char **protocols = NULL; -static char **udp_ports = NULL; -static char **tcp_ports = NULL; - -#define OPT_SYSLOG 0x001 -#define OPT_RESOLVE 0x002 -#define OPT_HEXBODY 0x004 -#define OPT_VERBOSE 0x008 -#define OPT_HEXHDR 0x010 -#define OPT_TAIL 0x020 -#define OPT_NAT 0x080 -#define OPT_STATE 0x100 -#define OPT_FILTER 0x200 -#define OPT_PORTNUM 0x400 -#define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER) -#define OPT_LOGBODY 0x800 - -#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b)) - -#ifndef LOGFAC -#define LOGFAC LOG_LOCAL0 -#endif - - -static icmp_subtype_t icmpunreachnames[] = { - { ICMP_UNREACH_NET, "net" }, - { ICMP_UNREACH_HOST, "host" }, - { ICMP_UNREACH_PROTOCOL, "protocol" }, - { ICMP_UNREACH_PORT, "port" }, - { ICMP_UNREACH_NEEDFRAG, "needfrag" }, - { ICMP_UNREACH_SRCFAIL, "srcfail" }, - { ICMP_UNREACH_NET_UNKNOWN, "net_unknown" }, - { ICMP_UNREACH_HOST_UNKNOWN, "host_unknown" }, - { ICMP_UNREACH_NET, "isolated" }, - { ICMP_UNREACH_NET_PROHIB, "net_prohib" }, - { ICMP_UNREACH_NET_PROHIB, "host_prohib" }, - { ICMP_UNREACH_TOSNET, "tosnet" }, - { ICMP_UNREACH_TOSHOST, "toshost" }, - { ICMP_UNREACH_ADMIN_PROHIBIT, "admin_prohibit" }, - { -2, NULL } -}; - -static icmp_subtype_t redirectnames[] = { - { ICMP_REDIRECT_NET, "net" }, - { ICMP_REDIRECT_HOST, "host" }, - { ICMP_REDIRECT_TOSNET, "tosnet" }, - { ICMP_REDIRECT_TOSHOST, "toshost" }, - { -2, NULL } -}; - -static icmp_subtype_t timxceednames[] = { - { ICMP_TIMXCEED_INTRANS, "transit" }, - { ICMP_TIMXCEED_REASS, "reassem" }, - { -2, NULL } -}; - -static icmp_subtype_t paramnames[] = { - { ICMP_PARAMPROB_ERRATPTR, "errata_pointer" }, - { ICMP_PARAMPROB_OPTABSENT, "optmissing" }, - { ICMP_PARAMPROB_LENGTH, "length" }, - { -2, NULL } -}; - -static icmp_type_t icmptypes[] = { - { ICMP_ECHOREPLY, NULL, 0, "echoreply" }, - { -1, NULL, 0, NULL }, - { -1, NULL, 0, NULL }, - { ICMP_UNREACH, icmpunreachnames, - IST_SZ(icmpunreachnames),"unreach" }, - { ICMP_SOURCEQUENCH, NULL, 0, "sourcequench" }, - { ICMP_REDIRECT, redirectnames, - IST_SZ(redirectnames), "redirect" }, - { -1, NULL, 0, NULL }, - { -1, NULL, 0, NULL }, - { ICMP_ECHO, NULL, 0, "echo" }, - { ICMP_ROUTERADVERT, NULL, 0, "routeradvert" }, - { ICMP_ROUTERSOLICIT, NULL, 0, "routersolicit" }, - { ICMP_TIMXCEED, timxceednames, - IST_SZ(timxceednames), "timxceed" }, - { ICMP_PARAMPROB, paramnames, - IST_SZ(paramnames), "paramprob" }, - { ICMP_TSTAMP, NULL, 0, "timestamp" }, - { ICMP_TSTAMPREPLY, NULL, 0, "timestampreply" }, - { ICMP_IREQ, NULL, 0, "inforeq" }, - { ICMP_IREQREPLY, NULL, 0, "inforeply" }, - { ICMP_MASKREQ, NULL, 0, "maskreq" }, - { ICMP_MASKREPLY, NULL, 0, "maskreply" }, - { -2, NULL, 0, NULL } -}; - -static icmp_subtype_t icmpredirect6[] = { - { ICMP6_DST_UNREACH_NOROUTE, "noroute" }, - { ICMP6_DST_UNREACH_ADMIN, "admin" }, - { ICMP6_DST_UNREACH_NOTNEIGHBOR, "neighbour" }, - { ICMP6_DST_UNREACH_ADDR, "address" }, - { ICMP6_DST_UNREACH_NOPORT, "noport" }, - { -2, NULL } -}; - -static icmp_subtype_t icmptimexceed6[] = { - { ICMP6_TIME_EXCEED_TRANSIT, "intransit" }, - { ICMP6_TIME_EXCEED_REASSEMBLY, "reassem" }, - { -2, NULL } -}; - -static icmp_subtype_t icmpparamprob6[] = { - { ICMP6_PARAMPROB_HEADER, "header" }, - { ICMP6_PARAMPROB_NEXTHEADER, "nextheader" }, - { ICMP6_PARAMPROB_OPTION, "option" }, - { -2, NULL } -}; - -static icmp_subtype_t icmpquerysubject6[] = { - { ICMP6_NI_SUBJ_IPV6, "ipv6" }, - { ICMP6_NI_SUBJ_FQDN, "fqdn" }, - { ICMP6_NI_SUBJ_IPV4, "ipv4" }, - { -2, NULL }, -}; - -static icmp_subtype_t icmpnodeinfo6[] = { - { ICMP6_NI_SUCCESS, "success" }, - { ICMP6_NI_REFUSED, "refused" }, - { ICMP6_NI_UNKNOWN, "unknown" }, - { -2, NULL } -}; - -static icmp_subtype_t icmprenumber6[] = { - { ICMP6_ROUTER_RENUMBERING_COMMAND, "command" }, - { ICMP6_ROUTER_RENUMBERING_RESULT, "result" }, - { ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET, "seqnum_reset" }, - { -2, NULL } -}; - -static icmp_type_t icmptypes6[] = { - { 0, NULL, 0, NULL }, - { ICMP6_DST_UNREACH, icmpredirect6, - IST_SZ(icmpredirect6), "unreach" }, - { ICMP6_PACKET_TOO_BIG, NULL, 0, "toobig" }, - { ICMP6_TIME_EXCEEDED, icmptimexceed6, - IST_SZ(icmptimexceed6), "timxceed" }, - { ICMP6_PARAM_PROB, icmpparamprob6, - IST_SZ(icmpparamprob6), "paramprob" }, - { ICMP6_ECHO_REQUEST, NULL, 0, "echo" }, - { ICMP6_ECHO_REPLY, NULL, 0, "echoreply" }, - { ICMP6_MEMBERSHIP_QUERY, icmpquerysubject6, - IST_SZ(icmpquerysubject6), "groupmemberquery" }, - { ICMP6_MEMBERSHIP_REPORT,NULL, 0, "groupmemberreport" }, - { ICMP6_MEMBERSHIP_REDUCTION,NULL, 0, "groupmemberterm" }, - { ND_ROUTER_SOLICIT, NULL, 0, "routersolicit" }, - { ND_ROUTER_ADVERT, NULL, 0, "routeradvert" }, - { ND_NEIGHBOR_SOLICIT, NULL, 0, "neighborsolicit" }, - { ND_NEIGHBOR_ADVERT, NULL, 0, "neighboradvert" }, - { ND_REDIRECT, NULL, 0, "redirect" }, - { ICMP6_ROUTER_RENUMBERING, icmprenumber6, - IST_SZ(icmprenumber6), "routerrenumber" }, - { ICMP6_WRUREQUEST, NULL, 0, "whoareyourequest" }, - { ICMP6_WRUREPLY, NULL, 0, "whoareyoureply" }, - { ICMP6_FQDN_QUERY, NULL, 0, "fqdnquery" }, - { ICMP6_FQDN_REPLY, NULL, 0, "fqdnreply" }, - { ICMP6_NI_QUERY, icmpnodeinfo6, - IST_SZ(icmpnodeinfo6), "nodeinforequest" }, - { ICMP6_NI_REPLY, NULL, 0, "nodeinforeply" }, - { MLD6_MTRACE_RESP, NULL, 0, "mtraceresponse" }, - { MLD6_MTRACE, NULL, 0, "mtracerequest" }, - { -2, NULL, 0, NULL } -}; - -static icmp_subtype_t *find_icmpsubtype(type, table, tablesz) -int type; -icmp_subtype_t *table; -size_t tablesz; -{ - icmp_subtype_t *ist; - int i; - - if (tablesz < 2) - return NULL; - - if ((type < 0) || (type > table[tablesz - 2].ist_val)) - return NULL; - - i = type; - if (table[type].ist_val == type) - return table + type; - - for (i = 0, ist = table; ist->ist_val != -2; i++, ist++) - if (ist->ist_val == type) - return ist; - return NULL; -} - - -static icmp_type_t *find_icmptype(type, table, tablesz) -int type; -icmp_type_t *table; -size_t tablesz; -{ - icmp_type_t *it; - int i; - - if (tablesz < 2) - return NULL; - - if ((type < 0) || (type > table[tablesz - 2].it_val)) - return NULL; - - i = type; - if (table[type].it_val == type) - return table + type; - - for (i = 0, it = table; it->it_val != -2; i++, it++) - if (it->it_val == type) - return it; - return NULL; -} - - -static void handlehup(sig) -int sig; -{ - FILE *fp; - - signal(SIGHUP, handlehup); - if (logfile && (fp = fopen(logfile, "a"))) - newlog = fp; - init_tabs(); - donehup = 1; -} - - -static void init_tabs() -{ - struct protoent *p; - struct servent *s; - char *name, **tab; - int port; - - if (protocols != NULL) { - free(protocols); - protocols = NULL; - } - protocols = (char **)malloc(256 * sizeof(*protocols)); - if (protocols != NULL) { - bzero((char *)protocols, 256 * sizeof(*protocols)); - - setprotoent(1); - while ((p = getprotoent()) != NULL) - if (p->p_proto >= 0 && p->p_proto <= 255 && - p->p_name != NULL && protocols[p->p_proto] == NULL) - protocols[p->p_proto] = strdup(p->p_name); - endprotoent(); - } - - if (udp_ports != NULL) { - free(udp_ports); - udp_ports = NULL; - } - udp_ports = (char **)malloc(65536 * sizeof(*udp_ports)); - if (udp_ports != NULL) - bzero((char *)udp_ports, 65536 * sizeof(*udp_ports)); - - if (tcp_ports != NULL) { - free(tcp_ports); - tcp_ports = NULL; - } - tcp_ports = (char **)malloc(65536 * sizeof(*tcp_ports)); - if (tcp_ports != NULL) - bzero((char *)tcp_ports, 65536 * sizeof(*tcp_ports)); - - setservent(1); - while ((s = getservent()) != NULL) { - if (s->s_proto == NULL) - continue; - else if (!strcmp(s->s_proto, "tcp")) { - port = ntohs(s->s_port); - name = s->s_name; - tab = tcp_ports; - } else if (!strcmp(s->s_proto, "udp")) { - port = ntohs(s->s_port); - name = s->s_name; - tab = udp_ports; - } else - continue; - if ((port < 0 || port > 65535) || (name == NULL)) - continue; - tab[port] = strdup(name); - } - endservent(); -} - - -static char *getproto(p) -u_int p; -{ - static char pnum[4]; - char *s; - - p &= 0xff; - s = protocols ? protocols[p] : NULL; - if (s == NULL) { - sprintf(pnum, "%u", p); - s = pnum; - } - return s; -} - - -static int read_log(fd, lenp, buf, bufsize) -int fd, bufsize, *lenp; -char *buf; -{ - int nr; - - nr = read(fd, buf, bufsize); - if (!nr) - return 2; - if ((nr < 0) && (errno != EINTR)) - return -1; - *lenp = nr; - return 0; -} - - -char *hostname(res, v, ip) -int res, v; -u_32_t *ip; -{ -# define MAX_INETA 16 - static char hname[MAXHOSTNAMELEN + MAX_INETA + 3]; -#ifdef USE_INET6 - static char hostbuf[MAXHOSTNAMELEN+1]; -#endif - struct hostent *hp; - struct in_addr ipa; - - if (v == 4) { - ipa.s_addr = *ip; - if (!res) - return inet_ntoa(ipa); - hp = gethostbyaddr((char *)ip, sizeof(*ip), AF_INET); - if (!hp) - return inet_ntoa(ipa); - sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name, - inet_ntoa(ipa)); - return hname; - } -#ifdef USE_INET6 - (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1); - hostbuf[MAXHOSTNAMELEN] = '\0'; - return hostbuf; -#else - return "IPv6"; -#endif -} - - -char *portname(res, proto, port) -int res; -char *proto; -u_int port; -{ - static char pname[8]; - char *s; - - port = ntohs(port); - port &= 0xffff; - (void) sprintf(pname, "%u", port); - if (!res || (opts & OPT_PORTNUM)) - return pname; - s = NULL; - if (!strcmp(proto, "tcp")) - s = tcp_ports[port]; - else if (!strcmp(proto, "udp")) - s = udp_ports[port]; - if (s == NULL) - s = pname; - return s; -} - - -static char *icmpname(type, code) -u_int type; -u_int code; -{ - static char name[80]; - icmp_subtype_t *ist; - icmp_type_t *it; - char *s; - - s = NULL; - it = find_icmptype(type, icmptypes, sizeof(icmptypes) / sizeof(*it)); - if (it != NULL) - s = it->it_name; - - if (s == NULL) - sprintf(name, "icmptype(%d)/", type); - else - sprintf(name, "%s/", s); - - ist = NULL; - if (it != NULL && it->it_subtable != NULL) - ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize); - - if (ist != NULL && ist->ist_name != NULL) - strcat(name, ist->ist_name); - else - sprintf(name + strlen(name), "%d", code); - - return name; -} - -static char *icmpname6(type, code) -u_int type; -u_int code; -{ - static char name[80]; - icmp_subtype_t *ist; - icmp_type_t *it; - char *s; - - s = NULL; - it = find_icmptype(type, icmptypes6, sizeof(icmptypes6) / sizeof(*it)); - if (it != NULL) - s = it->it_name; - - if (s == NULL) - sprintf(name, "icmpv6type(%d)/", type); - else - sprintf(name, "%s/", s); - - ist = NULL; - if (it != NULL && it->it_subtable != NULL) - ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize); - - if (ist != NULL && ist->ist_name != NULL) - strcat(name, ist->ist_name); - else - sprintf(name + strlen(name), "%d", code); - - return name; -} - - -static void dumphex(log, buf, len) -FILE *log; -u_char *buf; -int len; -{ - char line[80]; - int i, j, k; - u_char *s = buf, *t = (u_char *)line; - - if (len == 0 || buf == 0) - return; - *line = '\0'; - - for (i = len, j = 0; i; i--, j++, s++) { - if (j && !(j & 0xf)) { - *t++ = '\n'; - *t = '\0'; - if (!(opts & OPT_SYSLOG)) - fputs(line, log); - else - syslog(LOG_INFO, "%s", line); - t = (u_char *)line; - *t = '\0'; - } - sprintf((char *)t, "%02x", *s & 0xff); - t += 2; - if (!((j + 1) & 0xf)) { - s -= 15; - sprintf((char *)t, " "); - t += 8; - for (k = 16; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - s--; - } - - if ((j + 1) & 0xf) - *t++ = ' ';; - } - - if (j & 0xf) { - for (k = 16 - (j & 0xf); k; k--) { - *t++ = ' '; - *t++ = ' '; - *t++ = ' '; - } - sprintf((char *)t, " "); - t += 7; - s -= j & 0xf; - for (k = j & 0xf; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - *t++ = '\n'; - *t = '\0'; - } - if (!(opts & OPT_SYSLOG)) { - fputs(line, log); - fflush(log); - } else - syslog(LOG_INFO, "%s", line); -} - -static void print_natlog(log, buf, blen) -FILE *log; -char *buf; -int blen; -{ - struct natlog *nl; - iplog_t *ipl = (iplog_t *)buf; - char *t = line; - struct tm *tm; - int res, i, len; - char *proto; - - nl = (struct natlog *)((char *)ipl + IPLOG_SIZE); - res = (opts & OPT_RESOLVE) ? 1 : 0; - tm = localtime((time_t *)&ipl->ipl_sec); - len = sizeof(line); - if (!(opts & OPT_SYSLOG)) { - (void) strftime(t, len, "%d/%m/%Y ", tm); - i = strlen(t); - len -= i; - t += i; - } - (void) strftime(t, len, "%T", tm); - t += strlen(t); - (void) sprintf(t, ".%-.6ld @%hd ", ipl->ipl_usec, nl->nl_rule + 1); - t += strlen(t); - - if (nl->nl_type == NL_NEWMAP) - strcpy(t, "NAT:MAP "); - else if (nl->nl_type == NL_NEWRDR) - strcpy(t, "NAT:RDR "); - else if (nl->nl_type == NL_EXPIRE) - strcpy(t, "NAT:EXPIRE "); - else if (nl->nl_type == NL_FLUSH) - strcpy(t, "NAT:FLUSH "); - else if (nl->nl_type == NL_NEWBIMAP) - strcpy(t, "NAT:BIMAP "); - else if (nl->nl_type == NL_NEWBLOCK) - strcpy(t, "NAT:MAPBLOCK "); - else - sprintf(t, "Type: %d ", nl->nl_type); - t += strlen(t); - - proto = getproto(nl->nl_p); - - (void) sprintf(t, "%s,%s <- -> ", HOSTNAME_V4(res, nl->nl_inip), - portname(res, proto, (u_int)nl->nl_inport)); - t += strlen(t); - (void) sprintf(t, "%s,%s ", HOSTNAME_V4(res, nl->nl_outip), - portname(res, proto, (u_int)nl->nl_outport)); - t += strlen(t); - (void) sprintf(t, "[%s,%s]", HOSTNAME_V4(res, nl->nl_origip), - portname(res, proto, (u_int)nl->nl_origport)); - t += strlen(t); - if (nl->nl_type == NL_EXPIRE) { -#ifdef USE_QUAD_T - (void) sprintf(t, " Pkts %qd Bytes %qd", - (long long)nl->nl_pkts, - (long long)nl->nl_bytes); -#else - (void) sprintf(t, " Pkts %ld Bytes %ld", - nl->nl_pkts, nl->nl_bytes); -#endif - t += strlen(t); - } - - *t++ = '\n'; - *t++ = '\0'; - if (opts & OPT_SYSLOG) - syslog(LOG_INFO, "%s", line); - else - (void) fprintf(log, "%s", line); -} - - -static void print_statelog(log, buf, blen) -FILE *log; -char *buf; -int blen; -{ - struct ipslog *sl; - iplog_t *ipl = (iplog_t *)buf; - char *t = line, *proto; - struct tm *tm; - int res, i, len; - - sl = (struct ipslog *)((char *)ipl + IPLOG_SIZE); - res = (opts & OPT_RESOLVE) ? 1 : 0; - tm = localtime((time_t *)&ipl->ipl_sec); - len = sizeof(line); - if (!(opts & OPT_SYSLOG)) { - (void) strftime(t, len, "%d/%m/%Y ", tm); - i = strlen(t); - len -= i; - t += i; - } - (void) strftime(t, len, "%T", tm); - t += strlen(t); - (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec); - t += strlen(t); - - if (sl->isl_type == ISL_NEW) - strcpy(t, "STATE:NEW "); - else if (sl->isl_type == ISL_EXPIRE) { - if ((sl->isl_p == IPPROTO_TCP) && - (sl->isl_state[0] > TCPS_ESTABLISHED || - sl->isl_state[1] > TCPS_ESTABLISHED)) - strcpy(t, "STATE:CLOSE "); - else - strcpy(t, "STATE:EXPIRE "); - } else if (sl->isl_type == ISL_FLUSH) - strcpy(t, "STATE:FLUSH "); - else if (sl->isl_type == ISL_REMOVE) - strcpy(t, "STATE:REMOVE "); - else - sprintf(t, "Type: %d ", sl->isl_type); - t += strlen(t); - - proto = getproto(sl->isl_p); - - if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) { - (void) sprintf(t, "%s,%s -> ", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_src), - portname(res, proto, (u_int)sl->isl_sport)); - t += strlen(t); - (void) sprintf(t, "%s,%s PR %s", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst), - portname(res, proto, (u_int)sl->isl_dport), proto); - } else if (sl->isl_p == IPPROTO_ICMP) { - (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v, - (u_32_t *)&sl->isl_src)); - t += strlen(t); - (void) sprintf(t, "%s PR icmp %d", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst), - sl->isl_itype); - } else if (sl->isl_p == IPPROTO_ICMPV6) { - (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v, - (u_32_t *)&sl->isl_src)); - t += strlen(t); - (void) sprintf(t, "%s PR icmpv6 %d", - hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst), - sl->isl_itype); - } - t += strlen(t); - if (sl->isl_type != ISL_NEW) { -#ifdef USE_QUAD_T - (void) sprintf(t, " Pkts %qd Bytes %qd", - (long long)sl->isl_pkts, - (long long)sl->isl_bytes); -#else - (void) sprintf(t, " Pkts %ld Bytes %ld", - sl->isl_pkts, sl->isl_bytes); -#endif - t += strlen(t); - } - - *t++ = '\n'; - *t++ = '\0'; - if (opts & OPT_SYSLOG) - syslog(LOG_INFO, "%s", line); - else - (void) fprintf(log, "%s", line); -} - - -static void print_log(logtype, log, buf, blen) -FILE *log; -char *buf; -int logtype, blen; -{ - iplog_t *ipl; - char *bp = NULL, *bpo = NULL; - int psize; - - while (blen > 0) { - ipl = (iplog_t *)buf; - if ((u_long)ipl & (sizeof(long)-1)) { - if (bp) - bpo = bp; - bp = (char *)malloc(blen); - bcopy((char *)ipl, bp, blen); - if (bpo) { - free(bpo); - bpo = NULL; - } - buf = bp; - continue; - } - if (ipl->ipl_magic != IPL_MAGIC) { - /* invalid data or out of sync */ - break; - } - psize = ipl->ipl_dsize; - switch (logtype) - { - case IPL_LOGIPF : - print_ipflog(log, buf, psize); - break; - case IPL_LOGNAT : - print_natlog(log, buf, psize); - break; - case IPL_LOGSTATE : - print_statelog(log, buf, psize); - break; - } - - blen -= psize; - buf += psize; - } - if (bp) - free(bp); - return; -} - - -static void print_ipflog(log, buf, blen) -FILE *log; -char *buf; -int blen; -{ - tcphdr_t *tp; - struct icmp *ic; - struct icmp *icmp; - struct tm *tm; - char *t, *proto; - int i, v, lvl, res, len, off, plen, ipoff; - ip_t *ipc, *ip; - u_short hl, p; - ipflog_t *ipf; - iplog_t *ipl; - u_32_t *s, *d; -#ifdef USE_INET6 - ip6_t *ip6; -#endif - - ipl = (iplog_t *)buf; - ipf = (ipflog_t *)((char *)buf + IPLOG_SIZE); - ip = (ip_t *)((char *)ipf + sizeof(*ipf)); - v = ip->ip_v; - res = (opts & OPT_RESOLVE) ? 1 : 0; - t = line; - *t = '\0'; - tm = localtime((time_t *)&ipl->ipl_sec); -#ifdef linux - if (v == 4) - ip->ip_len = ntohs(ip->ip_len); -#endif - - len = sizeof(line); - if (!(opts & OPT_SYSLOG)) { - (void) strftime(t, len, "%d/%m/%Y ", tm); - i = strlen(t); - len -= i; - t += i; - } - (void) strftime(t, len, "%T", tm); - t += strlen(t); - (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec); - t += strlen(t); - if (ipl->ipl_count > 1) { - (void) sprintf(t, "%dx ", ipl->ipl_count); - t += strlen(t); - } -#if (SOLARIS || \ - (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \ - (defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux) || \ - defined(__DragonFly__) - { - char ifname[sizeof(ipf->fl_ifname) + 1]; - - strncpy(ifname, (char *)ipf->fl_ifname, sizeof(ipf->fl_ifname)); - ifname[sizeof(ipf->fl_ifname)] = '\0'; - (void) sprintf(t, "%s", ifname); - t += strlen(t); -# if SOLARIS - if (isalpha(*(t - 1))) { - sprintf(t, "%d", ipf->fl_unit); - t += strlen(t); - } -# endif - } -#else - for (len = 0; len < 3; len++) - if (ipf->fl_ifname[len] == '\0') - break; - if (ipf->fl_ifname[len]) - len++; - (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); - t += strlen(t); -#endif - if (ipf->fl_group == 0xffffffff) - strcat(t, " @-1:"); - else - (void) sprintf(t, " @%u:", ipf->fl_group); - t += strlen(t); - if (ipf->fl_rule == 0xffffffff) - strcat(t, "-1 "); - else - (void) sprintf(t, "%u ", ipf->fl_rule + 1); - t += strlen(t); - - if (ipf->fl_flags & FF_SHORT) { - *t++ = 'S'; - lvl = LOG_ERR; - } else if (ipf->fl_flags & FR_PASS) { - if (ipf->fl_flags & FR_LOG) - *t++ = 'p'; - else - *t++ = 'P'; - lvl = LOG_NOTICE; - } else if (ipf->fl_flags & FR_BLOCK) { - if (ipf->fl_flags & FR_LOG) - *t++ = 'b'; - else - *t++ = 'B'; - lvl = LOG_WARNING; - } else if (ipf->fl_flags & FF_LOGNOMATCH) { - *t++ = 'n'; - lvl = LOG_NOTICE; - } else { - *t++ = 'L'; - lvl = LOG_INFO; - } - if (ipf->fl_loglevel != 0xffff) - lvl = ipf->fl_loglevel; - *t++ = ' '; - *t = '\0'; - - if (v == 6) { -#ifdef USE_INET6 - off = 0; - ipoff = 0; - hl = sizeof(ip6_t); - ip6 = (ip6_t *)ip; - p = (u_short)ip6->ip6_nxt; - s = (u_32_t *)&ip6->ip6_src; - d = (u_32_t *)&ip6->ip6_dst; - plen = hl + ntohs(ip6->ip6_plen); -#else - sprintf(t, "ipv6"); - goto printipflog; -#endif - } else if (v == 4) { - hl = (ip->ip_hl << 2); - ipoff = ip->ip_off; - off = ipoff & IP_OFFMASK; - p = (u_short)ip->ip_p; - s = (u_32_t *)&ip->ip_src; - d = (u_32_t *)&ip->ip_dst; - plen = ip->ip_len; - } else { - goto printipflog; - } - proto = getproto(p); - - if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) { - tp = (tcphdr_t *)((char *)ip + hl); - if (!(ipf->fl_flags & FF_SHORT)) { - (void) sprintf(t, "%s,%s -> ", hostname(res, v, s), - portname(res, proto, (u_int)tp->th_sport)); - t += strlen(t); - (void) sprintf(t, "%s,%s PR %s len %hu %hu", - hostname(res, v, d), - portname(res, proto, (u_int)tp->th_dport), - proto, hl, plen); - t += strlen(t); - - if (p == IPPROTO_TCP) { - *t++ = ' '; - *t++ = '-'; - for (i = 0; tcpfl[i].value; i++) - if (tp->th_flags & tcpfl[i].value) - *t++ = tcpfl[i].flag; - if (opts & OPT_VERBOSE) { - (void) sprintf(t, " %lu %lu %hu", - (u_long)(ntohl(tp->th_seq)), - (u_long)(ntohl(tp->th_ack)), - ntohs(tp->th_win)); - t += strlen(t); - } - } - *t = '\0'; - } else { - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR %s len %hu %hu", - hostname(res, v, d), proto, hl, plen); - } - } else if ((p == IPPROTO_ICMPV6) && !off && (v == 6)) { - ic = (struct icmp *)((char *)ip + hl); - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR icmpv6 len %hu %hu icmpv6 %s", - hostname(res, v, d), hl, plen, - icmpname6(ic->icmp_type, ic->icmp_code)); - } else if ((p == IPPROTO_ICMP) && !off && (v == 4)) { - ic = (struct icmp *)((char *)ip + hl); - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR icmp len %hu %hu icmp %s", - hostname(res, v, d), hl, plen, - icmpname(ic->icmp_type, ic->icmp_code)); - if (ic->icmp_type == ICMP_UNREACH || - ic->icmp_type == ICMP_SOURCEQUENCH || - ic->icmp_type == ICMP_PARAMPROB || - ic->icmp_type == ICMP_REDIRECT || - ic->icmp_type == ICMP_TIMXCEED) { - ipc = &ic->icmp_ip; - i = ntohs(ipc->ip_len); - ipoff = ntohs(ipc->ip_off); - proto = getproto(ipc->ip_p); - - if (!(ipoff & IP_OFFMASK) && - ((ipc->ip_p == IPPROTO_TCP) || - (ipc->ip_p == IPPROTO_UDP))) { - tp = (tcphdr_t *)((char *)ipc + hl); - t += strlen(t); - (void) sprintf(t, " for %s,%s -", - HOSTNAME_V4(res, ipc->ip_src), - portname(res, proto, - (u_int)tp->th_sport)); - t += strlen(t); - (void) sprintf(t, " %s,%s PR %s len %hu %hu", - HOSTNAME_V4(res, ipc->ip_dst), - portname(res, proto, - (u_int)tp->th_dport), - proto, ipc->ip_hl << 2, i); - } else if (!(ipoff & IP_OFFMASK) && - (ipc->ip_p == IPPROTO_ICMP)) { - icmp = (icmphdr_t *)((char *)ipc + hl); - - t += strlen(t); - (void) sprintf(t, " for %s -", - HOSTNAME_V4(res, ipc->ip_src)); - t += strlen(t); - (void) sprintf(t, - " %s PR icmp len %hu %hu icmp %d/%d", - HOSTNAME_V4(res, ipc->ip_dst), - ipc->ip_hl << 2, i, - icmp->icmp_type, icmp->icmp_code); - - } else { - t += strlen(t); - (void) sprintf(t, " for %s -", - HOSTNAME_V4(res, ipc->ip_src)); - t += strlen(t); - (void) sprintf(t, " %s PR %s len %hu (%hu)", - HOSTNAME_V4(res, ipc->ip_dst), proto, - ipc->ip_hl << 2, i); - t += strlen(t); - if (ipoff & IP_OFFMASK) { - (void) sprintf(t, " (frag %d:%hu@%hu%s%s)", - ntohs(ipc->ip_id), - i - (ipc->ip_hl<<2), - (ipoff & IP_OFFMASK) << 3, - ipoff & IP_MF ? "+" : "", - ipoff & IP_DF ? "-" : ""); - } - } - } - } else { - (void) sprintf(t, "%s -> ", hostname(res, v, s)); - t += strlen(t); - (void) sprintf(t, "%s PR %s len %hu (%hu)", - hostname(res, v, d), proto, hl, plen); - t += strlen(t); - if (off & IP_OFFMASK) - (void) sprintf(t, " (frag %d:%hu@%hu%s%s)", - ntohs(ip->ip_id), - plen - hl, (off & IP_OFFMASK) << 3, - ipoff & IP_MF ? "+" : "", - ipoff & IP_DF ? "-" : ""); - } - t += strlen(t); - - if (ipf->fl_flags & FR_KEEPSTATE) { - (void) strcpy(t, " K-S"); - t += strlen(t); - } - - if (ipf->fl_flags & FR_KEEPFRAG) { - (void) strcpy(t, " K-F"); - t += strlen(t); - } - - if (ipf->fl_dir == 0) - strcpy(t, " IN"); - else if (ipf->fl_dir == 1) - strcpy(t, " OUT"); - t += strlen(t); -printipflog: - *t++ = '\n'; - *t++ = '\0'; - if (opts & OPT_SYSLOG) - syslog(lvl, "%s", line); - else - (void) fprintf(log, "%s", line); - if (opts & OPT_HEXHDR) - dumphex(log, (u_char *)buf, sizeof(iplog_t) + sizeof(*ipf)); - if (opts & OPT_HEXBODY) - dumphex(log, (u_char *)ip, ipf->fl_plen + ipf->fl_hlen); - else if ((opts & OPT_LOGBODY) && (ipf->fl_flags & FR_LOGBODY)) - dumphex(log, (u_char *)ip + ipf->fl_hlen, ipf->fl_plen); -} - - -static void usage(prog) -char *prog; -{ - fprintf(stderr, "%s: [-NFhstvxX] [-f ]\n", prog); - exit(1); -} - - -static void write_pid(file) -char *file; -{ - FILE *fp = NULL; - int fd; - - if ((fd = open(file, O_CREAT|O_TRUNC|O_WRONLY, 0644)) >= 0) - fp = fdopen(fd, "w"); - if (!fp) { - close(fd); - fprintf(stderr, "unable to open/create pid file: %s\n", file); - return; - } - fprintf(fp, "%d", getpid()); - fclose(fp); - close(fd); -} - - -static void flushlogs(file, log) -char *file; -FILE *log; -{ - int fd, flushed = 0; - - if ((fd = open(file, O_RDWR)) == -1) { - (void) fprintf(stderr, "%s: open: %s\n", - file, STRERROR(errno)); - exit(1); - } - - if (ioctl(fd, SIOCIPFFB, &flushed) == 0) { - printf("%d bytes flushed from log buffer\n", - flushed); - fflush(stdout); - } else - perror("SIOCIPFFB"); - (void) close(fd); - - if (flushed) { - if (opts & OPT_SYSLOG) - syslog(LOG_INFO, "%d bytes flushed from log\n", - flushed); - else if (log != stdout) - fprintf(log, "%d bytes flushed from log\n", flushed); - } -} - - -static void logopts(turnon, options) -int turnon; -char *options; -{ - int flags = 0; - char *s; - - for (s = options; *s; s++) - { - switch (*s) - { - case 'N' : - flags |= OPT_NAT; - break; - case 'S' : - flags |= OPT_STATE; - break; - case 'I' : - flags |= OPT_FILTER; - break; - default : - fprintf(stderr, "Unknown log option %c\n", *s); - exit(1); - } - } - - if (turnon) - opts |= flags; - else - opts &= ~(flags); -} - - -int main(argc, argv) -int argc; -char *argv[]; -{ - int fdt[3], devices = 0, make_daemon = 0; - char buf[IPLLOGSIZE], *iplfile[3], *s; - int fd[3], doread, n, i; - extern char *optarg; - extern int optind; - int regular[3], c; - FILE *log = stdout; - struct stat sb; - size_t nr, tr; - - fd[0] = fd[1] = fd[2] = -1; - fdt[0] = fdt[1] = fdt[2] = -1; - iplfile[0] = IPL_NAME; - iplfile[1] = IPNAT_NAME; - iplfile[2] = IPSTATE_NAME; - - while ((c = getopt(argc, argv, "?abDf:FhnN:o:O:pP:sS:tvxX")) != -1) - switch (c) - { - case 'a' : - opts |= OPT_LOGALL; - fdt[0] = IPL_LOGIPF; - fdt[1] = IPL_LOGNAT; - fdt[2] = IPL_LOGSTATE; - break; - case 'b' : - opts |= OPT_LOGBODY; - break; - case 'D' : - make_daemon = 1; - break; - case 'f' : case 'I' : - opts |= OPT_FILTER; - fdt[0] = IPL_LOGIPF; - iplfile[0] = optarg; - break; - case 'F' : - flushlogs(iplfile[0], log); - flushlogs(iplfile[1], log); - flushlogs(iplfile[2], log); - break; - case 'n' : - opts |= OPT_RESOLVE; - break; - case 'N' : - opts |= OPT_NAT; - fdt[1] = IPL_LOGNAT; - iplfile[1] = optarg; - break; - case 'o' : case 'O' : - logopts(c == 'o', optarg); - fdt[0] = fdt[1] = fdt[2] = -1; - if (opts & OPT_FILTER) - fdt[0] = IPL_LOGIPF; - if (opts & OPT_NAT) - fdt[1] = IPL_LOGNAT; - if (opts & OPT_STATE) - fdt[2] = IPL_LOGSTATE; - break; - case 'p' : - opts |= OPT_PORTNUM; - break; - case 'P' : - pidfile = optarg; - break; - case 's' : - s = strrchr(argv[0], '/'); - if (s == NULL) - s = argv[0]; - else - s++; - openlog(s, LOG_NDELAY|LOG_PID, LOGFAC); - opts |= OPT_SYSLOG; - log = NULL; - break; - case 'S' : - opts |= OPT_STATE; - fdt[2] = IPL_LOGSTATE; - iplfile[2] = optarg; - break; - case 't' : - opts |= OPT_TAIL; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case 'x' : - opts |= OPT_HEXBODY; - break; - case 'X' : - opts |= OPT_HEXHDR; - break; - default : - case 'h' : - case '?' : - usage(argv[0]); - } - - init_tabs(); - - /* - * Default action is to only open the filter log file. - */ - if ((fdt[0] == -1) && (fdt[1] == -1) && (fdt[2] == -1)) - fdt[0] = IPL_LOGIPF; - - for (i = 0; i < 3; i++) { - if (fdt[i] == -1) - continue; - if (!strcmp(iplfile[i], "-")) - fd[i] = 0; - else { - if ((fd[i] = open(iplfile[i], O_RDONLY)) == -1) { - (void) fprintf(stderr, - "%s: open: %s\n", iplfile[i], - STRERROR(errno)); - exit(1); - /* NOTREACHED */ - } - if (fstat(fd[i], &sb) == -1) { - (void) fprintf(stderr, "%d: fstat: %s\n", - fd[i], STRERROR(errno)); - exit(1); - /* NOTREACHED */ - } - if (!(regular[i] = !S_ISCHR(sb.st_mode))) - devices++; - } - } - - if (!(opts & OPT_SYSLOG)) { - logfile = argv[optind]; - log = logfile ? fopen(logfile, "a") : stdout; - if (log == NULL) { - (void) fprintf(stderr, "%s: fopen: %s\n", - argv[optind], STRERROR(errno)); - exit(1); - /* NOTREACHED */ - } - setvbuf(log, NULL, _IONBF, 0); - } else - log = NULL; - - if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) { -#if BSD - daemon(0, !(opts & OPT_SYSLOG)); -#else - int pid; - if ((pid = fork()) > 0) - exit(0); - if (pid < 0) { - (void) fprintf(stderr, "%s: fork() failed: %s\n", - argv[0], STRERROR(errno)); - exit(1); - /* NOTREACHED */ - } - setsid(); - if ((opts & OPT_SYSLOG)) - close(2); -#endif /* !BSD */ - close(0); - close(1); - } - write_pid(pidfile); - - signal(SIGHUP, handlehup); - - for (doread = 1; doread; ) { - nr = 0; - - for (i = 0; i < 3; i++) { - tr = 0; - if (fdt[i] == -1) - continue; - if (!regular[i]) { - if (ioctl(fd[i], FIONREAD, &tr) == -1) { - if (opts & OPT_SYSLOG) - syslog(LOG_CRIT, - "ioctl(FIONREAD): %m"); - else - perror("ioctl(FIONREAD)"); - exit(1); - /* NOTREACHED */ - } - } else { - tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size); - if (!tr && !(opts & OPT_TAIL)) - doread = 0; - } - if (!tr) - continue; - nr += tr; - - tr = read_log(fd[i], &n, buf, sizeof(buf)); - if (donehup) { - donehup = 0; - if (newlog) { - fclose(log); - log = newlog; - newlog = NULL; - } - } - - switch (tr) - { - case -1 : - if (opts & OPT_SYSLOG) - syslog(LOG_CRIT, "read: %m\n"); - else - perror("read"); - doread = 0; - break; - case 1 : - if (opts & OPT_SYSLOG) - syslog(LOG_CRIT, "aborting logging\n"); - else - fprintf(log, "aborting logging\n"); - doread = 0; - break; - case 2 : - break; - case 0 : - if (n > 0) { - print_log(fdt[i], log, buf, n); - if (!(opts & OPT_SYSLOG)) - fflush(log); - } - break; - } - } - if (!nr && ((opts & OPT_TAIL) || devices)) - sleep(1); - } - exit(0); - /* NOTREACHED */ -} diff --git a/contrib/ipfilter/ipnat.c b/contrib/ipfilter/ipnat.c deleted file mode 100644 index 69e7959260..0000000000 --- a/contrib/ipfilter/ipnat.c +++ /dev/null @@ -1,433 +0,0 @@ -/* - * Copyright (C) 1993-2002 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com) - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#if !defined(__SVR4) && !defined(__svr4__) -#include -#else -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#if defined(sun) && (defined(__svr4__) || defined(__SVR4)) -# include -# include -#endif -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 300000 -# include -#endif -#include -#include -#include -#include -#include -#include -#include "netinet/ip_compat.h" -#include "netinet/ip_fil.h" -#include "netinet/ip_nat.h" -#include "netinet/ip_state.h" -#include "netinet/ip_proxy.h" -#include "ipf.h" -#include "kmem.h" - -#if defined(sun) && !SOLARIS2 -# define STRERROR(x) sys_errlist[x] -extern char *sys_errlist[]; -#else -# define STRERROR(x) strerror(x) -#endif - -#if !defined(lint) -static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.25 2003/06/05 14:00:28 darrenr Exp $"; -#endif - - -#if SOLARIS -#define bzero(a,b) memset(a,0,b) -#endif -int use_inet6 = 0; -char thishost[MAXHOSTNAMELEN]; - -extern char *optarg; -extern int optind; -#if 0 -extern ipnat_t *natparse __P((char *, int)); -#endif -extern void natparsefile __P((int, char *, int)); -extern void printnat __P((ipnat_t *, int)); -extern void printactivenat __P((nat_t *, int)); -extern void printhostmap __P((hostmap_t *, u_int)); -extern char *getsumd __P((u_32_t)); - -static int dostats __P((natstat_t *, int)); -static int flushtable __P((int, int)); -void usage __P((char *)); -int countbits __P((u_32_t)); -char *getnattype __P((ipnat_t *)); -int main __P((int, char*[])); -void printaps __P((ap_session_t *, int)); -static int showhostmap __P((natstat_t *nsp)); -static int natstat_dead __P((natstat_t *, char *)); - - -void usage(name) -char *name; -{ - fprintf(stderr, "Usage: %s [-CFhlnrsv] [-f filename]\n", name); - exit(1); -} - - -int main(argc, argv) -int argc; -char *argv[]; -{ - natstat_t ns, *nsp = &ns; - char *file, *core, *kernel; - int fd, opts, c, mode; - - fd = -1; - opts = 0; - file = NULL; - core = NULL; - kernel = NULL; - mode = O_RDWR; - - while ((c = getopt(argc, argv, "CdFf:hlM:N:nrsv")) != -1) - switch (c) - { - case 'C' : - opts |= OPT_CLEAR; - break; - case 'd' : - opts |= OPT_DEBUG; - break; - case 'f' : - file = optarg; - break; - case 'F' : - opts |= OPT_FLUSH; - break; - case 'h' : - opts |=OPT_HITS; - break; - case 'l' : - opts |= OPT_LIST; - mode = O_RDONLY; - break; - case 'M' : - core = optarg; - break; - case 'N' : - kernel = optarg; - break; - case 'n' : - opts |= OPT_NODO; - mode = O_RDONLY; - break; - case 'r' : - opts |= OPT_REMOVE; - break; - case 's' : - opts |= OPT_STAT; - mode = O_RDONLY; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case '?' : - default : - usage(argv[0]); - } - - if (optind < 2) - usage(argv[0]); - - if ((kernel != NULL) || (core != NULL)) { - (void) setgid(getgid()); - (void) setuid(getuid()); - } - - bzero((char *)&ns, sizeof(ns)); - - gethostname(thishost, sizeof(thishost)); - thishost[sizeof(thishost) - 1] = '\0'; - - if (!(opts & OPT_NODO) && (kernel == NULL) && (core == NULL)) { - if (openkmem(kernel, core) == -1) - exit(1); - - if (((fd = open(IPL_NAT, mode)) == -1) && - ((fd = open(IPL_NAT, O_RDONLY)) == -1)) { - (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT, - STRERROR(errno)); - if (errno == ENODEV) - fprintf(stderr, "IPFilter enabled?\n"); - exit(1); - } - if (ioctl(fd, SIOCGNATS, &nsp) == -1) { - perror("ioctl(SIOCGNATS)"); - exit(1); - } - (void) setgid(getgid()); - (void) setuid(getuid()); - } else if ((kernel != NULL) || (core != NULL)) { - if (openkmem(kernel, core) == -1) - exit(1); - - if (natstat_dead(nsp, kernel)) - exit(1); - if (opts & (OPT_LIST|OPT_STAT)) { - if (dostats(nsp, opts)) - exit(1); - } - exit(0); - } - - if (opts & (OPT_FLUSH|OPT_CLEAR)) - if (flushtable(fd, opts)) - exit(1); - if (file) { - /* NB natparsefile exits with nonzero in case of error */ - natparsefile(fd, file, opts); - } - if (opts & (OPT_LIST|OPT_STAT)) - if (dostats(nsp, opts)) - exit(1); - - /* TBD why not exit(0)? */ - return 0; -} - - -/* - * Read NAT statistic information in using a symbol table and memory file - * rather than doing ioctl's. - */ -static int natstat_dead(nsp, kernel) -natstat_t *nsp; -char *kernel; -{ - struct nlist nat_nlist[10] = { - { "nat_table" }, /* 0 */ - { "nat_list" }, - { "maptable" }, - { "ipf_nattable_sz" }, - { "ipf_natrules_sz" }, - { "ipf_rdrrules_sz" }, /* 5 */ - { "ipf_hostmap_sz" }, - { "nat_instances" }, - { "ap_sess_list" }, - { NULL } - }; - void *tables[2]; - - if (nlist(kernel, nat_nlist) == -1) { - fprintf(stderr, "nlist error\n"); - return -1; - } - - /* - * Normally the ioctl copies all of these values into the structure - * for us, before returning it to userland, so here we must copy each - * one in individually. - */ - kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables)); - nsp->ns_table[0] = tables[0]; - nsp->ns_table[1] = tables[1]; - - kmemcpy((char *)&nsp->ns_list, nat_nlist[1].n_value, - sizeof(nsp->ns_list)); - kmemcpy((char *)&nsp->ns_maptable, nat_nlist[2].n_value, - sizeof(nsp->ns_maptable)); - kmemcpy((char *)&nsp->ns_nattab_sz, nat_nlist[3].n_value, - sizeof(nsp->ns_nattab_sz)); - kmemcpy((char *)&nsp->ns_rultab_sz, nat_nlist[4].n_value, - sizeof(nsp->ns_rultab_sz)); - kmemcpy((char *)&nsp->ns_rdrtab_sz, nat_nlist[5].n_value, - sizeof(nsp->ns_rdrtab_sz)); - kmemcpy((char *)&nsp->ns_hostmap_sz, nat_nlist[6].n_value, - sizeof(nsp->ns_hostmap_sz)); - kmemcpy((char *)&nsp->ns_instances, nat_nlist[7].n_value, - sizeof(nsp->ns_instances)); - kmemcpy((char *)&nsp->ns_apslist, nat_nlist[8].n_value, - sizeof(nsp->ns_apslist)); - - return 0; -} - - -/* - * Display NAT statistics. - */ -static int dostats(nsp, opts) -natstat_t *nsp; -int opts; -{ - nat_t **nt[2], *np, nat; - ipnat_t ipn; - int rc = 0; - - /* - * Show statistics ? - */ - if (opts & OPT_STAT) { - printf("mapped\tin\t%lu\tout\t%lu\n", - nsp->ns_mapped[0], nsp->ns_mapped[1]); - printf("added\t%lu\texpired\t%lu\n", - nsp->ns_added, nsp->ns_expire); - printf("no memory\t%lu\tbad nat\t%lu\n", - nsp->ns_memfail, nsp->ns_badnat); - printf("inuse\t%lu\nrules\t%lu\n", - nsp->ns_inuse, nsp->ns_rules); - printf("wilds\t%u\n", nsp->ns_wilds); - if (opts & OPT_VERBOSE) - printf("table %p list %p\n", - nsp->ns_table, nsp->ns_list); - } - - /* - * Show list of NAT rules and NAT sessions ? - */ - if (opts & OPT_LIST) { - printf("List of active MAP/Redirect filters:\n"); - while (nsp->ns_list) { - if (kmemcpy((char *)&ipn, (long)nsp->ns_list, - sizeof(ipn))) { - perror("kmemcpy"); - rc = -1; - break; - } - if (opts & OPT_HITS) - printf("%d ", ipn.in_hits); - printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); - nsp->ns_list = ipn.in_next; - } - - nt[0] = (nat_t **)malloc(sizeof(*nt) * NAT_SIZE); - if (kmemcpy((char *)nt[0], (long)nsp->ns_table[0], - sizeof(**nt) * NAT_SIZE)) { - perror("kmemcpy"); - rc = -1; - } - if (rc) { - free(nt[0]); - return rc; - } - - printf("\nList of active sessions:\n"); - - for (np = nsp->ns_instances; np; np = nat.nat_next) { - if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) { - /* TBD Is this an error? If so, return -1 */ - break; - } - printactivenat(&nat, opts); - } - - if (opts & OPT_VERBOSE) { - if (showhostmap(nsp)) { - free(nt[0]); - return -1; - } - } - - free(nt[0]); - } - return 0; -} - - -/* - * Display the active host mapping table. - */ -static int showhostmap(nsp) -natstat_t *nsp; -{ - hostmap_t hm, *hmp, **maptable; - u_int hv; - - printf("\nList of active host mappings:\n"); - - maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) * - nsp->ns_hostmap_sz); - if (kmemcpy((char *)maptable, (u_long)nsp->ns_maptable, - sizeof(hostmap_t *) * nsp->ns_hostmap_sz)) { - perror("kmemcpy (maptable)"); - free(maptable); - return -1; - } - - for (hv = 0; hv < nsp->ns_hostmap_sz; hv++) { - hmp = maptable[hv]; - - while (hmp) { - if (kmemcpy((char *)&hm, (u_long)hmp, sizeof(hm))) { - perror("kmemcpy (hostmap)"); - free(maptable); - return -1; - } - - printhostmap(&hm, hv); - hmp = hm.hm_next; - } - } - free(maptable); - return 0; -} - - -/* - * Issue an ioctl to flush either the NAT rules table or the active mapping - * table or both. - */ -static int flushtable(fd, opts) -int fd, opts; -{ - int n = 0; - int rc = 0; - - if (opts & OPT_FLUSH) { - n = 0; - if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) { - perror("ioctl(SIOCFLNAT)"); - rc = -1; - } else { - printf("%d entries flushed from NAT table\n", n); - } - } - - if (opts & OPT_CLEAR) { - n = 1; - if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) { - perror("ioctl(SIOCCNATL)"); - rc = -1; - } else { - printf("%d entries flushed from NAT list\n", n); - } - } - - return rc; -} diff --git a/contrib/ipfilter/ipsd/Celler/ip_compat.h b/contrib/ipfilter/ipsd/Celler/ip_compat.h deleted file mode 100644 index a911fd83c3..0000000000 --- a/contrib/ipfilter/ipsd/Celler/ip_compat.h +++ /dev/null @@ -1,201 +0,0 @@ -/* - * (C)opyright 1995 by Darren Reed. - * - * This code may be freely distributed as long as it retains this notice - * and is not changed in any way. The author accepts no responsibility - * for the use of this software. I hate legaleese, don't you ? - * - * @(#)ip_compat.h 1.1 9/14/95 - */ - -/* - * These #ifdef's are here mainly for linux, but who knows, they may - * not be in other places or maybe one day linux will grow up and some - * of these will turn up there too. - */ -#ifndef ICMP_UNREACH -# define ICMP_UNREACH ICMP_DEST_UNREACH -#endif -#ifndef ICMP_SOURCEQUENCH -# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH -#endif -#ifndef ICMP_TIMXCEED -# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED -#endif -#ifndef ICMP_PARAMPROB -# define ICMP_PARAMPROB ICMP_PARAMETERPROB -#endif -#ifndef IPVERSION -# define IPVERSION 4 -#endif -#ifndef IPOPT_MINOFF -# define IPOPT_MINOFF 4 -#endif -#ifndef IPOPT_COPIED -# define IPOPT_COPIED(x) ((x)&0x80) -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IP_MF -# define IP_MF ((u_short)0x2000) -#endif -#ifndef ETHERTYPE_IP -# define ETHERTYPE_IP ((u_short)0x0800) -#endif -#ifndef TH_FIN -# define TH_FIN 0x01 -#endif -#ifndef TH_SYN -# define TH_SYN 0x02 -#endif -#ifndef TH_RST -# define TH_RST 0x04 -#endif -#ifndef TH_PUSH -# define TH_PUSH 0x08 -#endif -#ifndef TH_ACK -# define TH_ACK 0x10 -#endif -#ifndef TH_URG -# define TH_URG 0x20 -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IPOPT_RR -# define IPOPT_RR 7 -#endif -#ifndef IPOPT_TS -# define IPOPT_TS 68 -#endif -#ifndef IPOPT_SECURITY -# define IPOPT_SECURITY 130 -#endif -#ifndef IPOPT_LSRR -# define IPOPT_LSRR 131 -#endif -#ifndef IPOPT_SATID -# define IPOPT_SATID 136 -#endif -#ifndef IPOPT_SSRR -# define IPOPT_SSRR 137 -#endif -#ifndef IPOPT_SECUR_UNCLASS -# define IPOPT_SECUR_UNCLASS ((u_short)0x0000) -#endif -#ifndef IPOPT_SECUR_CONFID -# define IPOPT_SECUR_CONFID ((u_short)0xf135) -#endif -#ifndef IPOPT_SECUR_EFTO -# define IPOPT_SECUR_EFTO ((u_short)0x789a) -#endif -#ifndef IPOPT_SECUR_MMMM -# define IPOPT_SECUR_MMMM ((u_short)0xbc4d) -#endif -#ifndef IPOPT_SECUR_RESTR -# define IPOPT_SECUR_RESTR ((u_short)0xaf13) -#endif -#ifndef IPOPT_SECUR_SECRET -# define IPOPT_SECUR_SECRET ((u_short)0xd788) -#endif -#ifndef IPOPT_SECUR_TOPSECRET -# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5) -#endif - -#ifdef linux -# define icmp icmphdr -# define icmp_type type -# define icmp_code code - -/* - * From /usr/include/netinet/ip_var.h - * !%@#!$@# linux... - */ -struct ipovly { - caddr_t ih_next, ih_prev; /* for protocol sequence q's */ - u_char ih_x1; /* (unused) */ - u_char ih_pr; /* protocol */ - short ih_len; /* protocol length */ - struct in_addr ih_src; /* source internet address */ - struct in_addr ih_dst; /* destination internet address */ -}; - -typedef struct { - __u16 th_sport; - __u16 th_dport; - __u32 th_seq; - __u32 th_ack; -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 th_res:4; - __u8 th_off:4; -#else - __u8 th_off:4; - __u8 th_res:4; -#endif - __u8 th_flags; - __u16 th_win; - __u16 th_sum; - __u16 th_urp; -} tcphdr_t; - -typedef struct { - __u16 uh_sport; - __u16 uh_dport; - __s16 uh_ulen; - __u16 uh_sum; -} udphdr_t; - -typedef struct { -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 ip_hl:4; - __u8 ip_v:4; -# else - __u8 ip_hl:4; - __u8 ip_v:4; -# endif - __u8 ip_tos; - __u16 ip_len; - __u16 ip_id; - __u16 ip_off; - __u8 ip_ttl; - __u8 ip_p; - __u16 ip_sum; - struct in_addr ip_src; - struct in_addr ip_dst; -} ip_t; - -typedef struct { - __u8 ether_dhost[6]; - __u8 ether_shost[6]; - __u16 ether_type; -} ether_header_t; - -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) - -# define ifnet device - -#else - -typedef struct udphdr udphdr_t; -typedef struct tcphdr tcphdr_t; -typedef struct ip ip_t; -typedef struct ether_header ether_header_t; - -#endif - -#ifdef solaris -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) -# define bzero(a,b) memset(a,0,b) -#endif diff --git a/contrib/ipfilter/ipsd/Makefile b/contrib/ipfilter/ipsd/Makefile deleted file mode 100644 index b9ad044619..0000000000 --- a/contrib/ipfilter/ipsd/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -# -# Copyright (C) 1993-1998 by Darren Reed. -# -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original author and the contributors. -# -OBJS=ipsd.o -BINDEST=/usr/local/bin -SBINDEST=/sbin -MANDIR=/usr/share/man -BPF=sbpf.o -NIT=snit.o -SUNOS4= -BSD= -LINUX=slinux.o -SUNOS5=dlcommon.o sdlpi.o - -CC=gcc -CFLAGS=-g -I.. -I../ipsend - -all: - @echo "Use one of these targets:" - @echo " sunos4-nit (standard SunOS 4.1.x)" - @echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)" - @echo " bsd-bpf (4.4BSD variant with BPF in the kernel)" - @echo " linux (Linux kernels)" - @echo " sunos5 (Solaris 2.x)" - -.c.o: - $(CC) $(CFLAGS) -c $< -o $@ - -ipsdr: ipsdr.o - $(CC) ipsdr.o -o $@ $(LIBS) - -bpf sunos4-bpf : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS)" - -nit sunos4 sunos4-nit : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS)" - -sunos5 : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl" - -bsd-bpf : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS)" - -linux : - make ipsd "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -I /usr/src/linux" - -ipsd: $(OBJS) $(UNIXOBJS) - $(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) - -../ipft_sn.o ../ipft_pc.o: - (cd ..; make $(@:../%=%)) - -clean: - rm -rf *.o core a.out ipsd ipsdr diff --git a/contrib/ipfilter/ipsd/README b/contrib/ipfilter/ipsd/README deleted file mode 100644 index eb6b7986cd..0000000000 --- a/contrib/ipfilter/ipsd/README +++ /dev/null @@ -1,32 +0,0 @@ - -IP Scan Detetor. ----------------- - -This program is designed to be a passive listener for TCP packets sent to -the host. It does not exercise the promiscous mode of interfaces. For -routing Unix boxes (and firewalls which route/proxy) this is sufficient to -detect all packets going to/through them. - -Upon compiling, a predefined set of "sensitive" ports are configured into -the program. Any TCP packets which are seen sent to these ports are counted -and the IP# of the sending host recorded, along with the time of the first -packet to that port for that IP#. - -After a given number of "hits", it will write the current table of packets -out to disk. This number defaults to 10,000. - -To analyze the information written to disk, a sample program called "ipsdr" -is used (should but doesn't implement a tree algorithm for storing data) -which reads all log files it recognises and totals up the number of ports -each host hit. By default, all ports have the same weighting (1). Another -group of passes is then made over this table using a netmask of 0xfffffffe, -grouping all results which fall under the same resulting IP#. This netmask -is then shrunk back to 0, with a output for each level given. This is aimed -at detecting port scans done from different hosts on the same subnet (although -I've not seen this done, if one was trying to do it obscurely...) - -Lastly, being passive means that no action is taken to stop port scans being -done or discourage them. - -Darren -darrenr@pobox.com diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c deleted file mode 100644 index 261ad89985..0000000000 --- a/contrib/ipfilter/ipsd/ipsd.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * The author of this software makes no garuntee about the - * performance of this package or its suitability to fulfill any purpose. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#include -#endif -#include "ip_compat.h" -#ifdef linux -#include -#include "tcpip.h" -#endif -#include "ipsd.h" - -#ifndef lint -static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $"; -#endif - -extern char *optarg; -extern int optind; - -#ifdef linux -char default_device[] = "eth0"; -#else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -char default_device[] = "lan0"; -# endif -# endif -#endif - -#define NPORTS 21 - -u_short defports[NPORTS] = { - 7, 9, 20, 21, 23, 25, 53, 69, 79, 111, - 123, 161, 162, 512, 513, 514, 515, 520, 540, 6000, 0 - }; - -ipsd_t *iphits[NPORTS]; -int writes = 0; - - -int ipcmp(sh1, sh2) -sdhit_t *sh1, *sh2; -{ - return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr; -} - - -/* - * Check to see if we've already received a packet from this host for this - * port. - */ -int findhit(ihp, src, dport) -ipsd_t *ihp; -struct in_addr src; -u_short dport; -{ - int i, j, k; - sdhit_t *sh; - - sh = NULL; - - if (ihp->sd_sz == 4) { - for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++) - if (src.s_addr == sh->sh_ip.s_addr) - return 1; - } else { - for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) { - k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr; - if (!k) - return 1; - else if (k < 0) - i -= j; - else - i += j; - } - } - return 0; -} - - -/* - * Search for port number amongst the sorted array of targets we're - * interested in. - */ -int detect(ip, tcp) -ip_t *ip; -tcphdr_t *tcp; -{ - ipsd_t *ihp; - sdhit_t *sh; - int i, j, k; - - for (i = 10, j = 4; j >= 0; j--) { - k = tcp->th_dport - defports[i]; - if (!k) { - ihp = iphits[i]; - if (findhit(ihp, ip->ip_src, tcp->th_dport)) - return 0; - sh = ihp->sd_hit + ihp->sd_cnt; - sh->sh_date = time(NULL); - sh->sh_ip.s_addr = ip->ip_src.s_addr; - if (++ihp->sd_cnt == ihp->sd_sz) - { - ihp->sd_sz += 8; - sh = realloc(sh, ihp->sd_sz * sizeof(*sh)); - ihp->sd_hit = sh; - } - qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp); - return 0; - } - if (k < 0) - i -= j; - else - i += j; - } - return -1; -} - - -/* - * Allocate initial storage for hosts - */ -setuphits() -{ - int i; - - for (i = 0; i < NPORTS; i++) { - if (iphits[i]) { - if (iphits[i]->sd_hit) - free(iphits[i]->sd_hit); - free(iphits[i]); - } - iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t)); - iphits[i]->sd_port = defports[i]; - iphits[i]->sd_cnt = 0; - iphits[i]->sd_sz = 4; - iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4); - } -} - - -/* - * cleanup exits - */ -waiter() -{ - wait(0); -} - - -/* - * Write statistics out to a file - */ -writestats(nwrites) -int nwrites; -{ - ipsd_t **ipsd, *ips; - char fname[32]; - int i, fd; - - (void) sprintf(fname, "/var/log/ipsd/ipsd-hits.%d", nwrites); - fd = open(fname, O_RDWR|O_CREAT|O_TRUNC|O_EXCL, 0644); - for (i = 0, ipsd = iphits; i < NPORTS; i++, ipsd++) { - ips = *ipsd; - if (ips->sd_cnt) { - write(fd, ips, sizeof(ipsd_t)); - write(fd, ips->sd_hit, sizeof(sdhit_t) * ips->sd_sz); - } - } - (void) close(fd); - exit(0); -} - - -void writenow() -{ - signal(SIGCHLD, waiter); - switch (fork()) - { - case 0 : - writestats(writes); - exit(0); - case -1 : - perror("vfork"); - break; - default : - writes++; - setuphits(); - break; - } -} - - -void usage(prog) -char *prog; -{ - fprintf(stderr, "Usage: %s [-d device]\n", prog); - exit(1); -} - - -void detecthits(fd, writecount) -int fd, writecount; -{ - struct in_addr ip; - int hits = 0; - - while (1) { - hits += readloop(fd, ip); - if (hits > writecount) { - writenow(); - hits = 0; - } - } -} - - -main(argc, argv) -int argc; -char *argv[]; -{ - char *name = argv[0], *dev = NULL; - int fd, writeafter = 10000, angelic = 0, c; - - while ((c = getopt(argc, argv, "ad:n:")) != -1) - switch (c) - { - case 'a' : - angelic = 1; - break; - case 'd' : - dev = optarg; - break; - case 'n' : - writeafter = atoi(optarg); - break; - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - bzero(iphits, sizeof(iphits)); - setuphits(); - - if (!dev) - dev = default_device; - printf("Device: %s\n", dev); - fd = initdevice(dev, 60); - - if (!angelic) { - switch (fork()) - { - case 0 : - (void) close(0); - (void) close(1); - (void) close(2); - (void) setpgrp(0, getpgrp()); - (void) setsid(); - break; - case -1: - perror("fork"); - exit(-1); - default: - exit(0); - } - } - signal(SIGUSR1, writenow); - detecthits(fd, writeafter); -} diff --git a/contrib/ipfilter/ipsd/ipsd.h b/contrib/ipfilter/ipsd/ipsd.h deleted file mode 100644 index a8f58c33f7..0000000000 --- a/contrib/ipfilter/ipsd/ipsd.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * The author of this software makes no garuntee about the - * performance of this package or its suitability to fulfill any purpose. - * - * @(#)ipsd.h 1.3 12/3/95 - */ - -typedef struct { - time_t sh_date; - struct in_addr sh_ip; -} sdhit_t; - -typedef struct { - u_int sd_sz; - u_int sd_cnt; - u_short sd_port; - sdhit_t *sd_hit; -} ipsd_t; - -typedef struct { - struct in_addr ss_ip; - int ss_hits; - u_long ss_ports; -} ipss_t; - diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c deleted file mode 100644 index 6a6b6eeaf5..0000000000 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ /dev/null @@ -1,315 +0,0 @@ -/* - * (C)opyright 1995-1998 Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * The author of this software makes no garuntee about the - * performance of this package or its suitability to fulfill any purpose. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#include -#endif -#include "ip_compat.h" -#ifdef linux -#include -#include "tcpip.h" -#endif -#include "ipsd.h" - -#ifndef lint -static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $"; -#endif - -extern char *optarg; -extern int optind; - -#define NPORTS 21 - -u_short defports[NPORTS] = { - 7, 9, 20, 21, 23, 25, 53, 69, 79, 111, - 123, 161, 162, 512, 513, 513, 515, 520, 540, 6000, 0 - }; -u_short pweights[NPORTS] = { - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 - }; - -ipsd_t *iphits[NPORTS]; -int pkts; - - -int ipcmp(sh1, sh2) -sdhit_t *sh1, *sh2; -{ - return sh1->sh_ip.s_addr - sh2->sh_ip.s_addr; -} - - -int ssipcmp(sh1, sh2) -ipss_t *sh1, *sh2; -{ - return sh1->ss_ip.s_addr - sh2->ss_ip.s_addr; -} - - -int countpbits(num) -u_long num; -{ - int i, j; - - for (i = 1, j = 0; i; i <<= 1) - if (num & i) - j++; - return j; -} - - -/* - * Check to see if we've already received a packet from this host for this - * port. - */ -int findhit(ihp, src, dport) -ipsd_t *ihp; -struct in_addr src; -u_short dport; -{ - int i, j, k; - sdhit_t *sh; - - sh = NULL; - - if (ihp->sd_sz == 4) { - for (i = 0, sh = ihp->sd_hit; i < ihp->sd_cnt; i++, sh++) - if (src.s_addr == sh->sh_ip.s_addr) - return 1; - } else { - for (i = ihp->sd_cnt / 2, j = (i / 2) - 1; j >= 0; j--) { - k = ihp->sd_hit[i].sh_ip.s_addr - src.s_addr; - if (!k) - return 1; - else if (k < 0) - i -= j; - else - i += j; - } - } - return 0; -} - - -/* - * Search for port number amongst the sorted array of targets we're - * interested in. - */ -int detect(srcip, dport, date) -struct in_addr srcip; -u_short dport; -time_t date; -{ - ipsd_t *ihp; - sdhit_t *sh; - int i, j, k; - - for (i = 10, j = 4; j >= 0; j--) { - k = dport - defports[i]; - if (!k) { - ihp = iphits[i]; - if (findhit(ihp, srcip, dport)) - return 0; - sh = ihp->sd_hit + ihp->sd_cnt; - sh->sh_date = date; - sh->sh_ip = srcip; - if (++ihp->sd_cnt == ihp->sd_sz) - { - ihp->sd_sz += 8; - sh = realloc(sh, ihp->sd_sz * sizeof(*sh)); - ihp->sd_hit = sh; - } - qsort(sh, ihp->sd_cnt, sizeof(*sh), ipcmp); - return 0; - } - if (k < 0) - i -= j; - else - i += j; - } - return -1; -} - - -/* - * Allocate initial storage for hosts - */ -setuphits() -{ - int i; - - for (i = 0; i < NPORTS; i++) { - if (iphits[i]) { - if (iphits[i]->sd_hit) - free(iphits[i]->sd_hit); - free(iphits[i]); - } - iphits[i] = (ipsd_t *)malloc(sizeof(ipsd_t)); - iphits[i]->sd_port = defports[i]; - iphits[i]->sd_cnt = 0; - iphits[i]->sd_sz = 4; - iphits[i]->sd_hit = (sdhit_t *)malloc(sizeof(sdhit_t) * 4); - } -} - - -/* - * Write statistics out to a file - */ -addfile(file) -char *file; -{ - ipsd_t ipsd, *ips = &ipsd; - sdhit_t hit, *hp; - char fname[32]; - int i, fd, sz; - - if ((fd = open(file, O_RDONLY)) == -1) { - perror("open"); - return; - } - - printf("opened %s\n", file); - do { - if (read(fd, ips, sizeof(*ips)) != sizeof(*ips)) - break; - sz = ips->sd_sz * sizeof(*hp); - hp = (sdhit_t *)malloc(sz); - if (read(fd, hp, sz) != sz) - break; - for (i = 0; i < ips->sd_cnt; i++) - detect(hp[i].sh_ip, ips->sd_port, hp[i].sh_date); - } while (1); - (void) close(fd); -} - - -readfiles(dir) -char *dir; -{ - struct direct **d; - int i, j; - - d = NULL; - i = scandir(dir, &d, NULL, NULL); - - for (j = 0; j < i; j++) { - if (strncmp(d[j]->d_name, "ipsd-hits.", 10)) - continue; - addfile(d[j]->d_name); - } -} - - -void printreport(ss, num) -ipss_t *ss; -int num; -{ - struct in_addr ip; - ipss_t *sp; - int i, j, mask; - u_long ports; - - printf("Hosts detected: %d\n", num); - if (!num) - return; - for (i = 0; i < num; i++) - printf("%s %d %d\n", inet_ntoa(ss[i].ss_ip), ss[i].ss_hits, - countpbits(ss[i].ss_ports)); - - printf("--------------------------\n"); - for (mask = 0xfffffffe, j = 32; j; j--, mask <<= 1) { - ip.s_addr = ss[0].ss_ip.s_addr & mask; - ports = ss[0].ss_ports; - for (i = 1; i < num; i++) { - sp = ss + i; - if (ip.s_addr != (sp->ss_ip.s_addr & mask)) { - printf("Netmask: 0x%08x\n", mask); - printf("%s %d\n", inet_ntoa(ip), - countpbits(ports)); - ip.s_addr = sp->ss_ip.s_addr & mask; - ports = 0; - } - ports |= sp->ss_ports; - } - if (ports) { - printf("Netmask: 0x%08x\n", mask); - printf("%s %d\n", inet_ntoa(ip), countpbits(ports)); - } - } -} - - -collectips() -{ - ipsd_t *ips; - ipss_t *ss; - int i, num, nip, in, j, k; - - for (i = 0; i < NPORTS; i++) - nip += iphits[i]->sd_cnt; - - ss = (ipss_t *)malloc(sizeof(ipss_t) * nip); - - for (in = 0, i = 0, num = 0; i < NPORTS; i++) { - ips = iphits[i]; - for (j = 0; j < ips->sd_cnt; j++) { - for (k = 0; k < num; k++) - if (!bcmp(&ss[k].ss_ip, &ips->sd_hit[j].sh_ip, - sizeof(struct in_addr))) { - ss[k].ss_hits += pweights[i]; - ss[k].ss_ports |= (1 << i); - break; - } - if (k == num) { - ss[num].ss_ip = ips->sd_hit[j].sh_ip; - ss[num].ss_hits = pweights[i]; - ss[k].ss_ports |= (1 << i); - num++; - } - } - } - - qsort(ss, num, sizeof(*ss), ssipcmp); - - printreport(ss, num); -} - - -main(argc, argv) -int argc; -char *argv[]; -{ - char c, *name = argv[0], *dir = NULL; - int fd; - - setuphits(); - dir = dir ? dir : "."; - readfiles(dir); - collectips(); -} diff --git a/contrib/ipfilter/ipsd/linux.h b/contrib/ipfilter/ipsd/linux.h deleted file mode 100644 index d9606cbba1..0000000000 --- a/contrib/ipfilter/ipsd/linux.h +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * @(#)linux.h 1.1 8/19/95 - */ - -#include -#ifdef MODULE -#include -#include -#endif /* MODULE */ - -#include "ip_compat.h" diff --git a/contrib/ipfilter/ipsd/sbpf.c b/contrib/ipfilter/ipsd/sbpf.c deleted file mode 100644 index 465ed6c324..0000000000 --- a/contrib/ipfilter/ipsd/sbpf.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * (C)opyright 1995-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if BSD < 199103 -#include -#endif -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" - -#ifndef lint -static char sbpf[] = "@(#)sbpf.c 1.2 12/3/95 (C)1995 Darren Reed"; -#endif - -/* -(000) ldh [12] -(001) jeq #0x800 jt 2 jf 5 -(002) ldb [23] -(003) jeq #0x6 jt 4 jf 5 -(004) ret #68 -(005) ret #0 -*/ -struct bpf_insn filter[] = { -/* 0. */ { BPF_LD|BPF_H|BPF_ABS, 0, 0, 12 }, -/* 1. */ { BPF_JMP|BPF_JEQ, 0, 3, 0x0800 }, -/* 2. */ { BPF_LD|BPF_B|BPF_ABS, 0, 0, 23 }, -/* 3. */ { BPF_JMP|BPF_JEQ, 0, 1, 0x06 }, -/* 4. */ { BPF_RET, 0, 0, 68 }, -/* 5. */ { BPF_RET, 0, 0, 0 } -}; -/* - * the code herein is dervied from libpcap. - */ -static u_char *buf = NULL; -static u_int bufsize = 32768, timeout = 1; - - -int ack_recv(ep) -char *ep; -{ - struct tcpiphdr tip; - tcphdr_t *tcp; - ip_t *ip; - - ip = (ip_t *)&tip; - tcp = (tcphdr_t *)(ip + 1); - bcopy(ep + 14, (char *)ip, sizeof(*ip)); - bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); - if (ip->ip_p != IPPROTO_TCP && ip->ip_p != IPPROTO_UDP) - return -1; - if (ip->ip_p & 0x1fff != 0) - return 0; - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -int readloop(fd, port, dst) -int fd, port; -struct in_addr dst; -{ - register u_char *bp, *cp, *bufend; - register struct bpf_hdr *bh; - register int cc; - time_t in = time(NULL); - int done = 0; - - while ((cc = read(fd, buf, bufsize)) >= 0) { - if (!cc && (time(NULL) - in) > timeout) - return done; - bp = buf; - bufend = buf + cc; - /* - * loop through each snapshot in the chunk - */ - while (bp < bufend) { - bh = (struct bpf_hdr *)bp; - cp = bp + bh->bh_hdrlen; - done += ack_recv(cp); - bp += BPF_WORDALIGN(bh->bh_caplen + bh->bh_hdrlen); - } - return done; - } - perror("read"); - exit(-1); -} - -int initdevice(device, tout) -char *device; -int tout; -{ - struct bpf_program prog; - struct bpf_version bv; - struct timeval to; - struct ifreq ifr; - char bpfname[16]; - int fd, i; - - for (i = 0; i < 16; i++) - { - (void) sprintf(bpfname, "/dev/bpf%d", i); - if ((fd = open(bpfname, O_RDWR)) >= 0) - break; - } - if (i == 16) - { - fprintf(stderr, "no bpf devices available as /dev/bpfxx\n"); - return -1; - } - - if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) - { - perror("BIOCVERSION"); - return -1; - } - if (bv.bv_major != BPF_MAJOR_VERSION || - bv.bv_minor < BPF_MINOR_VERSION) - { - fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n", - bv.bv_major, bv.bv_minor); - fprintf(stderr, "current version: %d.%d\n", - BPF_MAJOR_VERSION, BPF_MINOR_VERSION); - return -1; - } - - (void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); - if (ioctl(fd, BIOCSETIF, &ifr) == -1) - { - fprintf(stderr, "%s(%d):", ifr.ifr_name, fd); - perror("BIOCSETIF"); - exit(1); - } - /* - * set the timeout - */ - timeout = tout; - to.tv_sec = 1; - to.tv_usec = 0; - if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1) - { - perror("BIOCSRTIMEOUT"); - exit(-1); - } - /* - * get kernel buffer size - */ - if (ioctl(fd, BIOCSBLEN, &bufsize) == -1) - perror("BIOCSBLEN"); - if (ioctl(fd, BIOCGBLEN, &bufsize) == -1) - { - perror("BIOCGBLEN"); - exit(-1); - } - printf("BPF buffer size: %d\n", bufsize); - buf = (u_char*)malloc(bufsize); - - prog.bf_len = sizeof(filter) / sizeof(struct bpf_insn); - prog.bf_insns = filter; - if (ioctl(fd, BIOCSETF, (caddr_t)&prog) == -1) - { - perror("BIOCSETF"); - exit(-1); - } - (void) ioctl(fd, BIOCFLUSH, 0); - return fd; -} diff --git a/contrib/ipfilter/ipsd/sdlpi.c b/contrib/ipfilter/ipsd/sdlpi.c deleted file mode 100644 index c08fe69779..0000000000 --- a/contrib/ipfilter/ipsd/sdlpi.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * (C)opyright 1992-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "ip_compat.h" - -#ifndef lint -static char snitid[] = "%W% %G% (C)1995 Darren Reed"; -#endif - -#define BUFSPACE 32768 - -static int solfd; - -/* - * Be careful to only include those defined in the flags option for the - * interface are included in the header size. - */ -static int timeout; - - -void nullbell() -{ - return 0; -} - - -int ack_recv(ep) -char *ep; -{ - struct tcpiphdr tip; - tcphdr_t *tcp; - ip_t *ip; - - ip = (ip_t *)&tip; - tcp = (tcphdr_t *)(ip + 1); - bcopy(ep, (char *)ip, sizeof(*ip)); - bcopy(ep + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); - - if (ip->ip_off & 0x1fff != 0) - return 0; - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -int readloop(fd, port, dst) -int fd, port; -struct in_addr dst; -{ - static u_char buf[BUFSPACE]; - register u_char *bp, *cp, *bufend; - register struct sb_hdr *hp; - register int cc; - struct strbuf dbuf; - ether_header_t eh; - time_t now = time(NULL); - int flags = 0, i, done = 0; - - fd = solfd; - dbuf.len = 0; - dbuf.buf = buf; - dbuf.maxlen = sizeof(buf); - /* - * no control data buffer... - */ - while (1) { - (void) signal(SIGALRM, nullbell); - alarm(1); - i = getmsg(fd, NULL, &dbuf, &flags); - alarm(0); - (void) signal(SIGALRM, nullbell); - - cc = dbuf.len; - if ((time(NULL) - now) > timeout) - return done; - if (i == -1) - if (errno == EINTR) - continue; - else - break; - bp = buf; - bufend = buf + cc; - /* - * loop through each snapshot in the chunk - */ - while (bp < bufend) { - /* - * get past bufmod header - */ - hp = (struct sb_hdr *)bp; - cp = (u_char *)((char *)bp + sizeof(*hp)); - bcopy(cp, (char *)&eh, sizeof(eh)); - /* - * next snapshot - */ - bp += hp->sbh_totlen; - cc -= hp->sbh_totlen; - - if (eh.ether_type != ETHERTYPE_IP) - continue; - - cp += sizeof(eh); - done += ack_recv(cp); - } - alarm(1); - } - perror("getmsg"); - exit(-1); -} - -int initdevice(device, tout) -char *device; -int tout; -{ - struct strioctl si; - struct timeval to; - struct ifreq ifr; - struct packetfilt pfil; - u_long if_flags; - u_short *fwp = pfil.Pf_Filter; - char devname[16], *s, buf[256]; - int i, offset, fd, snaplen= 58, chunksize = BUFSPACE; - - (void) sprintf(devname, "/dev/%s", device); - - s = devname + 5; - while (*s && !isdigit(*s)) - s++; - if (!*s) - { - fprintf(stderr, "bad device name %s\n", devname); - exit(-1); - } - i = atoi(s); - *s = '\0'; - /* - * For reading - */ - if ((fd = open(devname, O_RDWR)) < 0) - { - fprintf(stderr, "O_RDWR(0) "); - perror(devname); - exit(-1); - } - if (dlattachreq(fd, i) == -1 || dlokack(fd, buf) == -1) - { - fprintf(stderr, "DLPI error\n"); - exit(-1); - } - dlbindreq(fd, ETHERTYPE_IP, 0, DL_CLDLS, 0, 0); - dlbindack(fd, buf); - /* - * read full headers - */ - if (strioctl(fd, DLIOCRAW, -1, 0, NULL) == -1) - { - fprintf(stderr, "DLIOCRAW error\n"); - exit(-1); - } - /* - * Create some filter rules for our TCP watcher. We only want ethernet - * pacets which are IP protocol and only the TCP packets from IP. - */ - offset = 6; - *fwp++ = ENF_PUSHWORD + offset; - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(ETHERTYPE_IP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_COR; - *fwp++ = htons(IPPROTO_TCP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(IPPROTO_UDP); - pfil.Pf_FilterLen = (fwp - &pfil.Pf_Filter[0]); - /* - * put filter in place. - */ - - if (ioctl(fd, I_PUSH, "pfmod") == -1) - { - perror("ioctl: I_PUSH pf"); - exit(1); - } - if (strioctl(fd, PFIOCSETF, -1, sizeof(pfil), (char *)&pfil) == -1) - { - perror("ioctl: PFIOCSETF"); - exit(1); - } - - /* - * arrange to get messages from the NIT STREAM and use NIT_BUF option - */ - if (ioctl(fd, I_PUSH, "bufmod") == -1) - { - perror("ioctl: I_PUSH bufmod"); - exit(1); - } - i = 128; - strioctl(fd, SBIOCSSNAP, -1, sizeof(i), (char *)&i); - /* - * set the timeout - */ - to.tv_sec = 1; - to.tv_usec = 0; - if (strioctl(fd, SBIOCSTIME, -1, sizeof(to), (char *)&to) == -1) - { - perror("strioctl(SBIOCSTIME)"); - exit(-1); - } - /* - * flush read queue - */ - if (ioctl(fd, I_FLUSH, FLUSHR) == -1) - { - perror("I_FLUSHR"); - exit(-1); - } - timeout = tout; - solfd = fd; - return fd; -} diff --git a/contrib/ipfilter/ipsd/slinux.c b/contrib/ipfilter/ipsd/slinux.c deleted file mode 100644 index af6cf5b0d8..0000000000 --- a/contrib/ipfilter/ipsd/slinux.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * (C)opyright 1992-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * The author of this software makes no garuntee about the - * performance of this package or its suitability to fulfill any purpose. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ip_compat.h" -#include "tcpip.h" - -#ifndef lint -static const char sccsid[] = "@(#)slinux.c 1.1 12/3/95 (C) 1995 Darren Reed"; -#endif - -#define BUFSPACE 32768 - -/* - * Be careful to only include those defined in the flags option for the - * interface are included in the header size. - */ - -static int timeout; -static char *eth_dev = NULL; - - -int ack_recv(bp) -char *bp; -{ - struct tcpip tip; - tcphdr_t *tcp; - ip_t *ip; - - ip = (struct ip *)&tip; - tcp = (tcphdr_t *)(ip + 1); - - bcopy(bp, (char *)&tip, sizeof(tip)); - bcopy(bp + (ip.ip_hl << 2), (char *)tcp, sizeof(*tcp)); - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -void readloop(fd, port, dst) -int fd, port; -struct in_addr dst; -{ - static u_char buf[BUFSPACE]; - struct sockaddr dest; - register u_char *bp = buf; - register int cc; - int dlen, done = 0; - time_t now = time(NULL); - - do { - fflush(stdout); - dlen = sizeof(dest); - bzero((char *)&dest, dlen); - cc = recvfrom(fd, buf, BUFSPACE, 0, &dest, &dlen); - if (!cc) - if ((time(NULL) - now) > timeout) - return done; - else - continue; - - if (bp[12] != 0x8 || bp[13] != 0) - continue; /* not ip */ - - /* - * get rid of non-tcp or fragmented packets here. - */ - if (cc >= sizeof(struct tcpiphdr)) - { - if (((bp[14+9] != IPPROTO_TCP) && - (bp[14+9] != IPPROTO_UDP)) || - (bp[14+6] & 0x1f) || (bp[14+6] & 0xff)) - continue; - done += ack_recv(bp + 14); - } - } while (cc >= 0); - perror("read"); - exit(-1); -} - -int initdevice(dev, tout) -char *dev; -int tout; -{ - int fd; - - eth_dev = strdup(dev); - if ((fd = socket(AF_INET, SOCK_PACKET, htons(ETHERTYPE_IP))) == -1) - { - perror("socket(SOCK_PACKET)"); - exit(-1); - } - - return fd; -} diff --git a/contrib/ipfilter/ipsd/snit.c b/contrib/ipfilter/ipsd/snit.c deleted file mode 100644 index eb7e65e6cc..0000000000 --- a/contrib/ipfilter/ipsd/snit.c +++ /dev/null @@ -1,229 +0,0 @@ -/* - * (C)opyright 1992-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - * - * The author of this software makes no garuntee about the - * performance of this package or its suitability to fulfill any purpose. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef lint -static char snitid[] = "@(#)snit.c 1.2 12/3/95 (C)1995 Darren Reed"; -#endif - -#define BUFSPACE 32768 - -/* - * Be careful to only include those defined in the flags option for the - * interface are included in the header size. - */ -#define BUFHDR_SIZE (sizeof(struct nit_bufhdr)) -#define NIT_HDRSIZE (BUFHDR_SIZE) - -static int timeout; - - -int ack_recv(ep) -char *ep; -{ - struct tcpiphdr tip; - struct tcphdr *tcp; - struct ip *ip; - - ip = (struct ip *)&tip; - tcp = (struct tcphdr *)(ip + 1); - bcopy(ep + 14, (char *)ip, sizeof(*ip)); - bcopy(ep + 14 + (ip->ip_hl << 2), (char *)tcp, sizeof(*tcp)); - if (ip->ip_off & 0x1fff != 0) - return 0; - if (0 == detect(ip, tcp)) - return 1; - return 0; -} - - -int readloop(fd, dst) -int fd; -struct in_addr dst; -{ - static u_char buf[BUFSPACE]; - register u_char *bp, *cp, *bufend; - register struct nit_bufhdr *hp; - register int cc; - time_t now = time(NULL); - int done = 0; - - while ((cc = read(fd, buf, BUFSPACE-1)) >= 0) { - if (!cc) - if ((time(NULL) - now) > timeout) - return done; - else - continue; - bp = buf; - bufend = buf + cc; - /* - * loop through each snapshot in the chunk - */ - while (bp < bufend) { - cp = (u_char *)((char *)bp + NIT_HDRSIZE); - /* - * get past NIT buffer - */ - hp = (struct nit_bufhdr *)bp; - /* - * next snapshot - */ - bp += hp->nhb_totlen; - done += ack_recv(cp); - } - return done; - } - perror("read"); - exit(-1); -} - -int initdevice(device, tout) -char *device; -int tout; -{ - struct strioctl si; - struct timeval to; - struct ifreq ifr; - struct packetfilt pfil; - u_long if_flags; - u_short *fwp = pfil.Pf_Filter; - int ret, offset, fd, snaplen= 76, chunksize = BUFSPACE; - - if ((fd = open("/dev/nit", O_RDWR)) < 0) - { - perror("/dev/nit"); - exit(-1); - } - - /* - * Create some filter rules for our TCP watcher. We only want ethernet - * pacets which are IP protocol and only the TCP packets from IP. - */ - offset = 6; - *fwp++ = ENF_PUSHWORD + offset; - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(ETHERTYPE_IP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_COR; - *fwp++ = htons(IPPROTO_TCP); - *fwp++ = ENF_PUSHWORD + sizeof(struct ether_header)/sizeof(short)+4; - *fwp++ = ENF_PUSHLIT | ENF_AND; - *fwp++ = htons(0x00ff); - *fwp++ = ENF_PUSHLIT | ENF_CAND; - *fwp++ = htons(IPPROTO_UDP); - pfil.Pf_FilterLen = fwp - &pfil.Pf_Filter[0]; - /* - * put filter in place. - */ - if (ioctl(fd, I_PUSH, "pf") == -1) - { - perror("ioctl: I_PUSH pf"); - exit(1); - } - if (ioctl(fd, NIOCSETF, &pfil) == -1) - { - perror("ioctl: NIOCSETF"); - exit(1); - } - /* - * arrange to get messages from the NIT STREAM and use NIT_BUF option - */ - ioctl(fd, I_SRDOPT, (char*)RMSGD); - ioctl(fd, I_PUSH, "nbuf"); - /* - * set the timeout - */ - timeout = tout; - si.ic_timout = 1; - to.tv_sec = 1; - to.tv_usec = 0; - si.ic_cmd = NIOCSTIME; - si.ic_len = sizeof(to); - si.ic_dp = (char*)&to; - if (ioctl(fd, I_STR, (char*)&si) == -1) - { - perror("ioctl: NIT timeout"); - exit(-1); - } - /* - * set the chunksize - */ - si.ic_cmd = NIOCSCHUNK; - si.ic_len = sizeof(chunksize); - si.ic_dp = (char*)&chunksize; - if (ioctl(fd, I_STR, (char*)&si) == -1) - perror("ioctl: NIT chunksize"); - if (ioctl(fd, NIOCGCHUNK, (char*)&chunksize) == -1) - { - perror("ioctl: NIT chunksize"); - exit(-1); - } - printf("NIT buffer size: %d\n", chunksize); - - /* - * request the interface - */ - strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); - ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' '; - si.ic_cmd = NIOCBIND; - si.ic_len = sizeof(ifr); - si.ic_dp = (char*)𝔦 - if (ioctl(fd, I_STR, (char*)&si) == -1) - { - perror(ifr.ifr_name); - exit(1); - } - - /* - * set the snapshot length - */ - si.ic_cmd = NIOCSSNAP; - si.ic_len = sizeof(snaplen); - si.ic_dp = (char*)&snaplen; - if (ioctl(fd, I_STR, (char*)&si) == -1) - { - perror("ioctl: NIT snaplen"); - exit(1); - } - (void) ioctl(fd, I_FLUSH, (char*)FLUSHR); - return fd; -} diff --git a/contrib/ipfilter/ipsend/.OLD/ip_compat.h b/contrib/ipfilter/ipsend/.OLD/ip_compat.h deleted file mode 100644 index c38fa59ed3..0000000000 --- a/contrib/ipfilter/ipsend/.OLD/ip_compat.h +++ /dev/null @@ -1,242 +0,0 @@ -/* - * (C)opyright 1995 by Darren Reed. - * - * This code may be freely distributed as long as it retains this notice - * and is not changed in any way. The author accepts no responsibility - * for the use of this software. I hate legaleese, don't you ? - * - * @(#)ip_compat.h 1.2 12/7/95 - */ - -/* - * These #ifdef's are here mainly for linux, but who knows, they may - * not be in other places or maybe one day linux will grow up and some - * of these will turn up there too. - */ -#ifndef ICMP_UNREACH -# define ICMP_UNREACH ICMP_DEST_UNREACH -#endif -#ifndef ICMP_SOURCEQUENCH -# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH -#endif -#ifndef ICMP_TIMXCEED -# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED -#endif -#ifndef ICMP_PARAMPROB -# define ICMP_PARAMPROB ICMP_PARAMETERPROB -#endif -#ifndef IPVERSION -# define IPVERSION 4 -#endif -#ifndef IPOPT_MINOFF -# define IPOPT_MINOFF 4 -#endif -#ifndef IPOPT_COPIED -# define IPOPT_COPIED(x) ((x)&0x80) -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IP_MF -# define IP_MF ((u_short)0x2000) -#endif -#ifndef ETHERTYPE_IP -# define ETHERTYPE_IP ((u_short)0x0800) -#endif -#ifndef TH_FIN -# define TH_FIN 0x01 -#endif -#ifndef TH_SYN -# define TH_SYN 0x02 -#endif -#ifndef TH_RST -# define TH_RST 0x04 -#endif -#ifndef TH_PUSH -# define TH_PUSH 0x08 -#endif -#ifndef TH_ACK -# define TH_ACK 0x10 -#endif -#ifndef TH_URG -# define TH_URG 0x20 -#endif -#ifndef IPOPT_EOL -# define IPOPT_EOL 0 -#endif -#ifndef IPOPT_NOP -# define IPOPT_NOP 1 -#endif -#ifndef IPOPT_RR -# define IPOPT_RR 7 -#endif -#ifndef IPOPT_TS -# define IPOPT_TS 68 -#endif -#ifndef IPOPT_SECURITY -# define IPOPT_SECURITY 130 -#endif -#ifndef IPOPT_LSRR -# define IPOPT_LSRR 131 -#endif -#ifndef IPOPT_SATID -# define IPOPT_SATID 136 -#endif -#ifndef IPOPT_SSRR -# define IPOPT_SSRR 137 -#endif -#ifndef IPOPT_SECUR_UNCLASS -# define IPOPT_SECUR_UNCLASS ((u_short)0x0000) -#endif -#ifndef IPOPT_SECUR_CONFID -# define IPOPT_SECUR_CONFID ((u_short)0xf135) -#endif -#ifndef IPOPT_SECUR_EFTO -# define IPOPT_SECUR_EFTO ((u_short)0x789a) -#endif -#ifndef IPOPT_SECUR_MMMM -# define IPOPT_SECUR_MMMM ((u_short)0xbc4d) -#endif -#ifndef IPOPT_SECUR_RESTR -# define IPOPT_SECUR_RESTR ((u_short)0xaf13) -#endif -#ifndef IPOPT_SECUR_SECRET -# define IPOPT_SECUR_SECRET ((u_short)0xd788) -#endif -#ifndef IPOPT_SECUR_TOPSECRET -# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5) -#endif - -#ifdef linux -# if LINUX < 0200 -# define icmp icmphdr -# define icmp_type type -# define icmp_code code -# endif - -/* - * From /usr/include/netinet/ip_var.h - * !%@#!$@# linux... - */ -struct ipovly { - caddr_t ih_next, ih_prev; /* for protocol sequence q's */ - u_char ih_x1; /* (unused) */ - u_char ih_pr; /* protocol */ - short ih_len; /* protocol length */ - struct in_addr ih_src; /* source internet address */ - struct in_addr ih_dst; /* destination internet address */ -}; - -typedef struct { - __u16 th_sport; - __u16 th_dport; - __u32 th_seq; - __u32 th_ack; -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 th_res:4; - __u8 th_off:4; -#else - __u8 th_off:4; - __u8 th_res:4; -#endif - __u8 th_flags; - __u16 th_win; - __u16 th_sum; - __u16 th_urp; -} tcphdr_t; - -typedef struct { - __u16 uh_sport; - __u16 uh_dport; - __s16 uh_ulen; - __u16 uh_sum; -} udphdr_t; - -typedef struct { -# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) - __u8 ip_hl:4; - __u8 ip_v:4; -# else - __u8 ip_hl:4; - __u8 ip_v:4; -# endif - __u8 ip_tos; - __u16 ip_len; - __u16 ip_id; - __u16 ip_off; - __u8 ip_ttl; - __u8 ip_p; - __u16 ip_sum; - struct in_addr ip_src; - struct in_addr ip_dst; -} ip_t; - -typedef struct { - __u8 ether_dhost[6]; - __u8 ether_shost[6]; - __u16 ether_type; -} ether_header_t; - -typedef struct icmp { - u_char icmp_type; /* type of message, see below */ - u_char icmp_code; /* type sub code */ - u_short icmp_cksum; /* ones complement cksum of struct */ - union { - u_char ih_pptr; /* ICMP_PARAMPROB */ - struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ - struct ih_idseq { - n_short icd_id; - n_short icd_seq; - } ih_idseq; - int ih_void; - } icmp_hun; -#define icmp_pptr icmp_hun.ih_pptr -#define icmp_gwaddr icmp_hun.ih_gwaddr -#define icmp_id icmp_hun.ih_idseq.icd_id -#define icmp_seq icmp_hun.ih_idseq.icd_seq -#define icmp_void icmp_hun.ih_void - union { - struct id_ts { - n_time its_otime; - n_time its_rtime; - n_time its_ttime; - } id_ts; - struct id_ip { - ip_t idi_ip; - /* options and then 64 bits of data */ - } id_ip; - u_long id_mask; - char id_data[1]; - } icmp_dun; -#define icmp_otime icmp_dun.id_ts.its_otime -#define icmp_rtime icmp_dun.id_ts.its_rtime -#define icmp_ttime icmp_dun.id_ts.its_ttime -#define icmp_ip icmp_dun.id_ip.idi_ip -#define icmp_mask icmp_dun.id_mask -#define icmp_data icmp_dun.id_data -} icmphdr_t; - -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) - -# define ifnet device - -#else - -typedef struct udphdr udphdr_t; -typedef struct tcphdr tcphdr_t; -typedef struct ip ip_t; -typedef struct ether_header ether_header_t; - -#endif - -#if defined(__SVR4) || defined(__svr4__) -# define bcopy(a,b,c) memmove(b,a,c) -# define bcmp(a,b,c) memcmp(a,b,c) -# define bzero(a,b) memset(a,0,b) -#endif diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c deleted file mode 100644 index de9f4d9ce7..0000000000 --- a/contrib/ipfilter/ipsend/44arp.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Based upon 4.4BSD's /usr/sbin/arp - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if __FreeBSD_version >= 300000 -# include -#endif -#include "ipsend.h" -#include "iplang/iplang.h" - - -/* - * lookup host and return - * its IP address in address - * (4 bytes) - */ -int resolve(host, address) -char *host, *address; -{ - struct hostent *hp; - u_long add; - - add = inet_addr(host); - if (add == -1) - { - if (!(hp = gethostbyname(host))) - { - fprintf(stderr, "unknown host: %s\n", host); - return -1; - } - bcopy((char *)hp->h_addr, (char *)address, 4); - return 0; - } - bcopy((char*)&add, address, 4); - return 0; -} - - -int arp(addr, eaddr) -char *addr, *eaddr; -{ - int mib[6]; - size_t needed; - char *lim, *buf, *next; - struct rt_msghdr *rtm; - struct sockaddr_inarp *sin; - struct sockaddr_dl *sdl; - -#ifdef IPSEND - if (arp_getipv4(addr, ether) == 0) - return 0; -#endif - - mib[0] = CTL_NET; - mib[1] = PF_ROUTE; - mib[2] = 0; - mib[3] = AF_INET; - mib[4] = NET_RT_FLAGS; - mib[5] = RTF_LLINFO; - if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) - { - perror("route-sysctl-estimate"); - exit(-1); - } - if ((buf = malloc(needed)) == NULL) - { - perror("malloc"); - exit(-1); - } - if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) - { - perror("actual retrieval of routing table"); - exit(-1); - } - lim = buf + needed; - for (next = buf; next < lim; next += rtm->rtm_msglen) - { - rtm = (struct rt_msghdr *)next; - sin = (struct sockaddr_inarp *)(rtm + 1); - sdl = (struct sockaddr_dl *)(sin + 1); - if (addr && !bcmp(addr, (char *)&sin->sin_addr, - sizeof(struct in_addr))) - { - bcopy(LLADDR(sdl), eaddr, sdl->sdl_alen); - return 0; - } - } - return -1; -} diff --git a/contrib/ipfilter/ipsend/Crashable b/contrib/ipfilter/ipsend/Crashable deleted file mode 100644 index c7ffcde38c..0000000000 --- a/contrib/ipfilter/ipsend/Crashable +++ /dev/null @@ -1,21 +0,0 @@ -Test 1: - Solaris 2.4 - upto and including 101945-34, > 34 ? - Solaris 2.5 - 11/95 - Linux 1.2.13, < 1.3.45(?) - 3com/sonix bridge - Instant Internet - KA9Q NOS - Netblazer 40i, Version 3.2 OS - Irix 6.x - HP-UX 9.0 - HP-UX 10.1 - LivingstonsComOS - MacOS 7.x, 8.x - -Test 6: - SunOS 4.1.x - ULtrix 4.3 - -Test 7: - SunOS 4.1.x - Linux <= 1.3.84 diff --git a/contrib/ipfilter/ipsend/Makefile b/contrib/ipfilter/ipsend/Makefile deleted file mode 100644 index bb8000f538..0000000000 --- a/contrib/ipfilter/ipsend/Makefile +++ /dev/null @@ -1,177 +0,0 @@ -# -# Copyright (C) 1993-1998 by Darren Reed. -# -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original author and the contributors. -# -IPFT=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o opt.o -OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o -ROBJS=ipresend.o ip.o resend.o $(IPFT) -TOBJS=iptest.o iptests.o ip.o -BPF=sbpf.o -NIT=snit.o -SUNOS4=sock.o arp.o inet_addr.o -BSD=sock.o 44arp.o -LINUX=lsock.o slinux.o larp.o -LINUXK= -TOP=.. -SUNOS5=dlcommon.o sdlpi.o arp.o inet_addr.o -ULTRIX=ultrix.o sock.o arp.o inet_addr.o -HPUX=hpux.o sock.o arp.o inet_addr.o - -#CC=gcc -DEBUG=-g -CFLAGS=$(DEBUG) -I. -Iipf -# -MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ - "IPFLKM=$(IPFLKM)" \ - "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ - "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ - "CPUDIR=$(CPUDIR)" -# -all: - @echo "Use one of these targets:" - @echo " sunos4-nit (standard SunOS 4.1.x)" - @echo " sunos4-bpf (SunOS4.1.x with BPF in the kernel)" - @echo " bsd-bpf (4.4BSD variant with BPF in the kernel)" - @echo " linux10 (Linux 1.0 kernels)" - @echo " linux12 (Linux 1.2 kernels)" - @echo " linux20 (Linux 2.0 kernels)" - @echo " sunos5 (Solaris 2.x)" - -ipf: - -if [ ! -d iplang ] ; then ln -s ../iplang iplang; fi - -if [ ! -d netinet ] ; then ln -s ../netinet netinet; fi - -if [ ! -d ipf ] ; then ln -s .. ipf; fi - -y.tab.o: iplang/iplang_y.y - -if [ -h iplang ] ; then \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=../ipsend' ) \ - else \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=..' ) \ - fi - -lex.yy.o: iplang/iplang_l.l - -if [ -h iplang ] ; then \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=../ipsend' ) \ - else \ - (cd iplang; ${MAKE} $(MFLAGS) 'DESTDIR=..' ) \ - fi - -.c.o: - $(CC) $(CFLAGS) $(LINUXK) -c $< -o $@ - -install: - -$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST) - -bpf sunos4-bpf : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(BPF) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - -nit sunos4 sunos4-nit : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(NIT) $(SUNOS4)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - -dlpi sunos5 : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris -DIPSEND" "LIBS=-lsocket -lnsl" \ - "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(SUNOS5)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -Dsolaris" "LIBS=-lsocket -lnsl" - -bsd-bpf : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET -DIPSEND" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(BPF) $(BSD)" "CC=$(CC)" \ - "CFLAGS=$(CFLAGS) -DDOSOCKET" - -linuxrev : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET -DIPSEND" $(LINUXK) - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET" $(LINUXK) - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(LINUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) $(INC) -DDOSOCKET" $(LINUXK) - -linux10: - make linuxrev 'LINUXK="LINUXK=-DLINUX=0100"' \ - "INC=-I/usr/src/linux/include" "LLIB=-lfl" - -linux12: - make linuxrev 'LINUXK="LINUXK=-DLINUX=0102"' "INC=-I/usr/src/linux" \ - "LLIB=-lfl" - -linux20: - make linuxrev 'LINUXK="LINUXK=-DLINUX=0200"' \ - "INC=-I/usr/src/linux/include" "LLIB=-lfl" "ELIB=-lelf" - -ultrix : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -DIPSEND" "LIBS=" "LLIB=-ll" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(ULTRIX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - -hpux9 : - make ipsend "OBJS=$(OBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS) -DIPSEND" "LIBS=" - make ipresend "ROBJS=$(ROBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - make iptest "TOBJS=$(TOBJS)" "UNIXOBJS=$(HPUX)" "CC=$(CC)" \ - CFLAGS="$(CFLAGS)" "LIBS=" - -ipsend: ipf $(OBJS) $(UNIXOBJS) - $(CC) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) $(LLIB) $(ELIB) - -ipresend: $(ROBJS) $(UNIXOBJS) - $(CC) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) $(ELIB) - -iptest: $(TOBJS) $(UNIXOBJS) - $(CC) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) $(ELIB) - -ipft_ef.o: ipf/ipft_ef.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_ef.c -o $@ - -ipft_hx.o: ipf/ipft_hx.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_hx.c -o $@ - -ipft_pc.o: ipf/ipft_pc.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_pc.c -o $@ - -ipft_sn.o: ipf/ipft_sn.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_sn.c -o $@ - -ipft_td.o: ipf/ipft_td.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_td.c -o $@ - -ipft_tx.o: ipf/ipft_tx.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/ipft_tx.c -o $@ - -opt.o: ipf/opt.c ipf/ipt.h ipf/ipf.h ipf/ip_compat.h - $(CC) $(CFLAGS) $(LINUXK) -c ipf/opt.c -o $@ - -inet_addr.o: ipf/inet_addr.c - $(CC) $(CFLAGS) $(LINUXK) -c ipf/inet_addr.c -o $@ - -clean: - rm -rf *.o *core a.out ipsend ipresend iptest - if [ -d iplang ]; then (cd iplang; $(MAKE) $(MFLAGS) clean); fi - if [ -d $(TOP)/iplang ]; then (cd $(TOP)/iplang; $(MAKE) $(MFLAGS) clean); fi - -do-cvs: - find . -type d -name CVS -print | xargs /bin/rm -rf - find . -type f -name .cvsignore -print | xargs /bin/rm -f diff --git a/contrib/ipfilter/ipsend/README b/contrib/ipfilter/ipsend/README deleted file mode 100644 index 198556d834..0000000000 --- a/contrib/ipfilter/ipsend/README +++ /dev/null @@ -1,8 +0,0 @@ - -This distribution contains *ONLY* the code required to build the 'ipsend' -directory of programs (including man pages) found in the IP Filter package: -http://coombs.anu.edu.au/~avalon/ip-filter.html - -Patches, bugs, etc, please send to: - -darrenr@pobox.com diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c deleted file mode 100644 index 8e5f7f4b8d..0000000000 --- a/contrib/ipfilter/ipsend/arp.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * arp.c (C) 1995-1998 Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#if !defined(ultrix) && !defined(hpux) -#include -#endif -#include -#include -#include -#include -#include -#ifndef ultrix -#include -#endif -#include -#include -#include -#include "ipsend.h" -#include "iplang/iplang.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $"; -#endif - - -/* - * lookup host and return - * its IP address in address - * (4 bytes) - */ -int resolve(host, address) -char *host, *address; -{ - struct hostent *hp; - u_long add; - - add = inet_addr(host); - if (add == -1) - { - if (!(hp = gethostbyname(host))) - { - fprintf(stderr, "unknown host: %s\n", host); - return -1; - } - bcopy((char *)hp->h_addr, (char *)address, 4); - return 0; - } - bcopy((char*)&add, address, 4); - return 0; -} - -/* - * ARP for the MAC address corresponding - * to the IP address. This taken from - * some BSD program, I cant remember which. - */ -int arp(ip, ether) -char *ip; -char *ether; -{ - static int sfd = -1; - static char ethersave[6], ipsave[4]; - struct arpreq ar; - struct sockaddr_in *sin, san; - struct hostent *hp; - int fd; - -#ifdef IPSEND - if (arp_getipv4(ip, ether) == 0) - return 0; -#endif - if (!bcmp(ipsave, ip, 4)) { - bcopy(ethersave, ether, 6); - return 0; - } - fd = -1; - bzero((char *)&ar, sizeof(ar)); - sin = (struct sockaddr_in *)&ar.arp_pa; - sin->sin_family = AF_INET; - bcopy(ip, (char *)&sin->sin_addr.s_addr, 4); -#ifndef hpux - if ((hp = gethostbyaddr(ip, 4, AF_INET))) - if (!(ether_hostton(hp->h_name, ether))) - goto savearp; -#endif - - if (sfd == -1) - if ((sfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) - { - perror("arp: socket"); - return -1; - } -tryagain: - if (ioctl(sfd, SIOCGARP, (caddr_t)&ar) == -1) - { - if (fd == -1) - { - bzero((char *)&san, sizeof(san)); - san.sin_family = AF_INET; - san.sin_port = htons(1); - bcopy(ip, &san.sin_addr.s_addr, 4); - fd = socket(AF_INET, SOCK_DGRAM, 0); - (void) sendto(fd, ip, 4, 0, - (struct sockaddr *)&san, sizeof(san)); - sleep(1); - (void) close(fd); - goto tryagain; - } - fprintf(stderr, "(%s):", inet_ntoa(sin->sin_addr)); - if (errno != ENXIO) - perror("SIOCGARP"); - return -1; - } - - bcopy(ar.arp_ha.sa_data, ether, 6); -savearp: - bcopy(ether, ethersave, 6); - bcopy(ip, ipsave, 4); - return 0; -} diff --git a/contrib/ipfilter/ipsend/dlcommon.c b/contrib/ipfilter/ipsend/dlcommon.c deleted file mode 100644 index 59b283d2b8..0000000000 --- a/contrib/ipfilter/ipsend/dlcommon.c +++ /dev/null @@ -1,1359 +0,0 @@ -/* - * Common (shared) DLPI test routines. - * Mostly pretty boring boilerplate sorta stuff. - * These can be split into individual library routines later - * but it's just convenient to keep them in a single file - * while they're being developed. - * - * Not supported: - * Connection Oriented stuff - * QOS stuff - */ - -/* -typedef unsigned long ulong; -*/ - - -#include -#include -#include -#include -#include -#include -#include -#include "dltest.h" - -#define CASERET(s) case s: return ("s") - -char *dlprim(); -char *dlstate(); -char *dlerrno(); -char *dlpromisclevel(); -char *dlservicemode(); -char *dlstyle(); -char *dlmactype(); - - -dlinforeq(fd) -int fd; -{ - dl_info_req_t info_req; - struct strbuf ctl; - int flags; - - info_req.dl_primitive = DL_INFO_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (info_req); - ctl.buf = (char *) &info_req; - - flags = RS_HIPRI; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlinforeq: putmsg"); -} - -dlinfoack(fd, bufp) -int fd; -char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlinfoack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_INFO_ACK, dlp); - - if (ctl.len < sizeof (dl_info_ack_t)) - err("dlinfoack: response ctl.len too short: %d", ctl.len); - - if (flags != RS_HIPRI) - err("dlinfoack: DL_INFO_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_info_ack_t)) - err("dlinfoack: short response ctl.len: %d", ctl.len); -} - -dlattachreq(fd, ppa) -int fd; -u_long ppa; -{ - dl_attach_req_t attach_req; - struct strbuf ctl; - int flags; - - attach_req.dl_primitive = DL_ATTACH_REQ; - attach_req.dl_ppa = ppa; - - ctl.maxlen = 0; - ctl.len = sizeof (attach_req); - ctl.buf = (char *) &attach_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlattachreq: putmsg"); -} - -dlenabmultireq(fd, addr, length) -int fd; -char *addr; -int length; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - dlp = (union DL_primitives*) buf; - - dlp->enabmulti_req.dl_primitive = DL_ENABMULTI_REQ; - dlp->enabmulti_req.dl_addr_length = length; - dlp->enabmulti_req.dl_addr_offset = sizeof (dl_enabmulti_req_t); - - (void) memcpy((char*)OFFADDR(buf, sizeof (dl_enabmulti_req_t)), addr, length); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_enabmulti_req_t) + length; - ctl.buf = (char*) buf; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlenabmultireq: putmsg"); -} - -dldisabmultireq(fd, addr, length) -int fd; -char *addr; -int length; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - dlp = (union DL_primitives*) buf; - - dlp->disabmulti_req.dl_primitive = DL_ENABMULTI_REQ; - dlp->disabmulti_req.dl_addr_length = length; - dlp->disabmulti_req.dl_addr_offset = sizeof (dl_disabmulti_req_t); - - (void) memcpy((char*)OFFADDR(buf, sizeof (dl_disabmulti_req_t)), addr, length); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_disabmulti_req_t) + length; - ctl.buf = (char*) buf; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dldisabmultireq: putmsg"); -} - -dlpromisconreq(fd, level) -int fd; -u_long level; -{ - dl_promiscon_req_t promiscon_req; - struct strbuf ctl; - int flags; - - promiscon_req.dl_primitive = DL_PROMISCON_REQ; - promiscon_req.dl_level = level; - - ctl.maxlen = 0; - ctl.len = sizeof (promiscon_req); - ctl.buf = (char *) &promiscon_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlpromiscon: putmsg"); - -} - -dlpromiscoff(fd, level) -int fd; -u_long level; -{ - dl_promiscoff_req_t promiscoff_req; - struct strbuf ctl; - int flags; - - promiscoff_req.dl_primitive = DL_PROMISCOFF_REQ; - promiscoff_req.dl_level = level; - - ctl.maxlen = 0; - ctl.len = sizeof (promiscoff_req); - ctl.buf = (char *) &promiscoff_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlpromiscoff: putmsg"); -} - -dlphysaddrreq(fd, addrtype) -int fd; -u_long addrtype; -{ - dl_phys_addr_req_t phys_addr_req; - struct strbuf ctl; - int flags; - - phys_addr_req.dl_primitive = DL_PHYS_ADDR_REQ; - phys_addr_req.dl_addr_type = addrtype; - - ctl.maxlen = 0; - ctl.len = sizeof (phys_addr_req); - ctl.buf = (char *) &phys_addr_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlphysaddrreq: putmsg"); -} - -dlsetphysaddrreq(fd, addr, length) -int fd; -char *addr; -int length; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - dlp = (union DL_primitives*) buf; - - dlp->set_physaddr_req.dl_primitive = DL_ENABMULTI_REQ; - dlp->set_physaddr_req.dl_addr_length = length; - dlp->set_physaddr_req.dl_addr_offset = sizeof (dl_set_phys_addr_req_t); - - (void) memcpy((char*)OFFADDR(buf, sizeof (dl_set_phys_addr_req_t)), addr, length); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_set_phys_addr_req_t) + length; - ctl.buf = (char*) buf; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlsetphysaddrreq: putmsg"); -} - -dldetachreq(fd) -int fd; -{ - dl_detach_req_t detach_req; - struct strbuf ctl; - int flags; - - detach_req.dl_primitive = DL_DETACH_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (detach_req); - ctl.buf = (char *) &detach_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dldetachreq: putmsg"); -} - -dlbindreq(fd, sap, max_conind, service_mode, conn_mgmt, xidtest) -int fd; -u_long sap; -u_long max_conind; -u_long service_mode; -u_long conn_mgmt; -u_long xidtest; -{ - dl_bind_req_t bind_req; - struct strbuf ctl; - int flags; - - bind_req.dl_primitive = DL_BIND_REQ; - bind_req.dl_sap = sap; - bind_req.dl_max_conind = max_conind; - bind_req.dl_service_mode = service_mode; - bind_req.dl_conn_mgmt = conn_mgmt; - bind_req.dl_xidtest_flg = xidtest; - - ctl.maxlen = 0; - ctl.len = sizeof (bind_req); - ctl.buf = (char *) &bind_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlbindreq: putmsg"); -} - -dlunitdatareq(fd, addrp, addrlen, minpri, maxpri, datap, datalen) -int fd; -u_char *addrp; -int addrlen; -u_long minpri, maxpri; -u_char *datap; -int datalen; -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf data, ctl; - - dlp = (union DL_primitives*) buf; - - dlp->unitdata_req.dl_primitive = DL_UNITDATA_REQ; - dlp->unitdata_req.dl_dest_addr_length = addrlen; - dlp->unitdata_req.dl_dest_addr_offset = sizeof (dl_unitdata_req_t); - dlp->unitdata_req.dl_priority.dl_min = minpri; - dlp->unitdata_req.dl_priority.dl_max = maxpri; - - (void) memcpy(OFFADDR(dlp, sizeof (dl_unitdata_req_t)), addrp, addrlen); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_unitdata_req_t) + addrlen; - ctl.buf = (char *) buf; - - data.maxlen = 0; - data.len = datalen; - data.buf = (char *) datap; - - if (putmsg(fd, &ctl, &data, 0) < 0) - syserr("dlunitdatareq: putmsg"); -} - -dlunbindreq(fd) -int fd; -{ - dl_unbind_req_t unbind_req; - struct strbuf ctl; - int flags; - - unbind_req.dl_primitive = DL_UNBIND_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (unbind_req); - ctl.buf = (char *) &unbind_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - syserr("dlunbindreq: putmsg"); -} - -dlokack(fd, bufp) -int fd; -char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlokack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_OK_ACK, dlp); - - if (ctl.len < sizeof (dl_ok_ack_t)) - err("dlokack: response ctl.len too short: %d", ctl.len); - - if (flags != RS_HIPRI) - err("dlokack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_ok_ack_t)) - err("dlokack: short response ctl.len: %d", ctl.len); -} - -dlerrorack(fd, bufp) -int fd; -char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlerrorack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_ERROR_ACK, dlp); - - if (ctl.len < sizeof (dl_error_ack_t)) - err("dlerrorack: response ctl.len too short: %d", ctl.len); - - if (flags != RS_HIPRI) - err("dlerrorack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_error_ack_t)) - err("dlerrorack: short response ctl.len: %d", ctl.len); -} - -dlbindack(fd, bufp) -int fd; -char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlbindack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_BIND_ACK, dlp); - - if (flags != RS_HIPRI) - err("dlbindack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_bind_ack_t)) - err("dlbindack: short response ctl.len: %d", ctl.len); -} - -dlphysaddrack(fd, bufp) -int fd; -char *bufp; -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlphysaddrack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_PHYS_ADDR_ACK, dlp); - - if (flags != RS_HIPRI) - err("dlbindack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_phys_addr_ack_t)) - err("dlphysaddrack: short response ctl.len: %d", ctl.len); -} - -void -sigalrm() -{ - (void) err("sigalrm: TIMEOUT"); -} - -strgetmsg(fd, ctlp, datap, flagsp, caller) -int fd; -struct strbuf *ctlp, *datap; -int *flagsp; -char *caller; -{ - int rc; - static char errmsg[80]; - - /* - * Start timer. - */ - (void) signal(SIGALRM, sigalrm); - if (alarm(MAXWAIT) < 0) { - (void) sprintf(errmsg, "%s: alarm", caller); - syserr(errmsg); - } - - /* - * Set flags argument and issue getmsg(). - */ - *flagsp = 0; - if ((rc = getmsg(fd, ctlp, datap, flagsp)) < 0) { - (void) sprintf(errmsg, "%s: getmsg", caller); - syserr(errmsg); - } - - /* - * Stop timer. - */ - if (alarm(0) < 0) { - (void) sprintf(errmsg, "%s: alarm", caller); - syserr(errmsg); - } - - /* - * Check for MOREDATA and/or MORECTL. - */ - if ((rc & (MORECTL | MOREDATA)) == (MORECTL | MOREDATA)) - err("%s: MORECTL|MOREDATA", caller); - if (rc & MORECTL) - err("%s: MORECTL", caller); - if (rc & MOREDATA) - err("%s: MOREDATA", caller); - - /* - * Check for at least sizeof (long) control data portion. - */ - if (ctlp->len < sizeof (long)) - err("getmsg: control portion length < sizeof (long): %d", ctlp->len); -} - -expecting(prim, dlp) -int prim; -union DL_primitives *dlp; -{ - if (dlp->dl_primitive != (u_long)prim) { - printdlprim(dlp); - err("expected %s got %s", dlprim(prim), - dlprim(dlp->dl_primitive)); - exit(1); - } -} - -/* - * Print any DLPI msg in human readable format. - */ -printdlprim(dlp) -union DL_primitives *dlp; -{ - switch (dlp->dl_primitive) { - case DL_INFO_REQ: - printdlinforeq(dlp); - break; - - case DL_INFO_ACK: - printdlinfoack(dlp); - break; - - case DL_ATTACH_REQ: - printdlattachreq(dlp); - break; - - case DL_OK_ACK: - printdlokack(dlp); - break; - - case DL_ERROR_ACK: - printdlerrorack(dlp); - break; - - case DL_DETACH_REQ: - printdldetachreq(dlp); - break; - - case DL_BIND_REQ: - printdlbindreq(dlp); - break; - - case DL_BIND_ACK: - printdlbindack(dlp); - break; - - case DL_UNBIND_REQ: - printdlunbindreq(dlp); - break; - - case DL_SUBS_BIND_REQ: - printdlsubsbindreq(dlp); - break; - - case DL_SUBS_BIND_ACK: - printdlsubsbindack(dlp); - break; - - case DL_SUBS_UNBIND_REQ: - printdlsubsunbindreq(dlp); - break; - - case DL_ENABMULTI_REQ: - printdlenabmultireq(dlp); - break; - - case DL_DISABMULTI_REQ: - printdldisabmultireq(dlp); - break; - - case DL_PROMISCON_REQ: - printdlpromisconreq(dlp); - break; - - case DL_PROMISCOFF_REQ: - printdlpromiscoffreq(dlp); - break; - - case DL_UNITDATA_REQ: - printdlunitdatareq(dlp); - break; - - case DL_UNITDATA_IND: - printdlunitdataind(dlp); - break; - - case DL_UDERROR_IND: - printdluderrorind(dlp); - break; - - case DL_UDQOS_REQ: - printdludqosreq(dlp); - break; - - case DL_PHYS_ADDR_REQ: - printdlphysaddrreq(dlp); - break; - - case DL_PHYS_ADDR_ACK: - printdlphysaddrack(dlp); - break; - - case DL_SET_PHYS_ADDR_REQ: - printdlsetphysaddrreq(dlp); - break; - - default: - err("printdlprim: unknown primitive type 0x%x", - dlp->dl_primitive); - break; - } -} - -/* ARGSUSED */ -printdlinforeq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_INFO_REQ\n"); -} - -printdlinfoack(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - u_char brdcst[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->info_ack.dl_addr_offset), - dlp->info_ack.dl_addr_length, addr); - addrtostring(OFFADDR(dlp, dlp->info_ack.dl_brdcst_addr_offset), - dlp->info_ack.dl_brdcst_addr_length, brdcst); - - (void) printf("DL_INFO_ACK: max_sdu %d min_sdu %d\n", - dlp->info_ack.dl_max_sdu, - dlp->info_ack.dl_min_sdu); - (void) printf("addr_length %d mac_type %s current_state %s\n", - dlp->info_ack.dl_addr_length, - dlmactype(dlp->info_ack.dl_mac_type), - dlstate(dlp->info_ack.dl_current_state)); - (void) printf("sap_length %d service_mode %s qos_length %d\n", - dlp->info_ack.dl_sap_length, - dlservicemode(dlp->info_ack.dl_service_mode), - dlp->info_ack.dl_qos_length); - (void) printf("qos_offset %d qos_range_length %d qos_range_offset %d\n", - dlp->info_ack.dl_qos_offset, - dlp->info_ack.dl_qos_range_length, - dlp->info_ack.dl_qos_range_offset); - (void) printf("provider_style %s addr_offset %d version %d\n", - dlstyle(dlp->info_ack.dl_provider_style), - dlp->info_ack.dl_addr_offset, - dlp->info_ack.dl_version); - (void) printf("brdcst_addr_length %d brdcst_addr_offset %d\n", - dlp->info_ack.dl_brdcst_addr_length, - dlp->info_ack.dl_brdcst_addr_offset); - (void) printf("addr %s\n", addr); - (void) printf("brdcst_addr %s\n", brdcst); -} - -printdlattachreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_ATTACH_REQ: ppa %d\n", - dlp->attach_req.dl_ppa); -} - -printdlokack(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_OK_ACK: correct_primitive %s\n", - dlprim(dlp->ok_ack.dl_correct_primitive)); -} - -printdlerrorack(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_ERROR_ACK: error_primitive %s errno %s unix_errno %d\n", - dlprim(dlp->error_ack.dl_error_primitive), - dlerrno(dlp->error_ack.dl_errno), - dlp->error_ack.dl_unix_errno); -} - -printdlenabmultireq(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->enabmulti_req.dl_addr_offset), - dlp->enabmulti_req.dl_addr_length, addr); - - (void) printf("DL_ENABMULTI_REQ: addr_length %d addr_offset %d\n", - dlp->enabmulti_req.dl_addr_length, - dlp->enabmulti_req.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -printdldisabmultireq(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->disabmulti_req.dl_addr_offset), - dlp->disabmulti_req.dl_addr_length, addr); - - (void) printf("DL_DISABMULTI_REQ: addr_length %d addr_offset %d\n", - dlp->disabmulti_req.dl_addr_length, - dlp->disabmulti_req.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -printdlpromisconreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_PROMISCON_REQ: level %s\n", - dlpromisclevel(dlp->promiscon_req.dl_level)); -} - -printdlpromiscoffreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_PROMISCOFF_REQ: level %s\n", - dlpromisclevel(dlp->promiscoff_req.dl_level)); -} - -printdlphysaddrreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_PHYS_ADDR_REQ: addr_type 0x%x\n", - dlp->physaddr_req.dl_addr_type); -} - -printdlphysaddrack(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->physaddr_ack.dl_addr_offset), - dlp->physaddr_ack.dl_addr_length, addr); - - (void) printf("DL_PHYS_ADDR_ACK: addr_length %d addr_offset %d\n", - dlp->physaddr_ack.dl_addr_length, - dlp->physaddr_ack.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -printdlsetphysaddrreq(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->set_physaddr_req.dl_addr_offset), - dlp->set_physaddr_req.dl_addr_length, addr); - - (void) printf("DL_SET_PHYS_ADDR_REQ: addr_length %d addr_offset %d\n", - dlp->set_physaddr_req.dl_addr_length, - dlp->set_physaddr_req.dl_addr_offset); - (void) printf("addr %s\n", addr); -} - -/* ARGSUSED */ -printdldetachreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_DETACH_REQ\n"); -} - -printdlbindreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_BIND_REQ: sap %d max_conind %d\n", - dlp->bind_req.dl_sap, - dlp->bind_req.dl_max_conind); - (void) printf("service_mode %s conn_mgmt %d xidtest_flg 0x%x\n", - dlservicemode(dlp->bind_req.dl_service_mode), - dlp->bind_req.dl_conn_mgmt, - dlp->bind_req.dl_xidtest_flg); -} - -printdlbindack(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->bind_ack.dl_addr_offset), - dlp->bind_ack.dl_addr_length, addr); - - (void) printf("DL_BIND_ACK: sap %d addr_length %d addr_offset %d\n", - dlp->bind_ack.dl_sap, - dlp->bind_ack.dl_addr_length, - dlp->bind_ack.dl_addr_offset); - (void) printf("max_conind %d xidtest_flg 0x%x\n", - dlp->bind_ack.dl_max_conind, - dlp->bind_ack.dl_xidtest_flg); - (void) printf("addr %s\n", addr); -} - -/* ARGSUSED */ -printdlunbindreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_UNBIND_REQ\n"); -} - -printdlsubsbindreq(dlp) -union DL_primitives *dlp; -{ - u_char sap[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->subs_bind_req.dl_subs_sap_offset), - dlp->subs_bind_req.dl_subs_sap_length, sap); - - (void) printf("DL_SUBS_BIND_REQ: subs_sap_offset %d sub_sap_len %d\n", - dlp->subs_bind_req.dl_subs_sap_offset, - dlp->subs_bind_req.dl_subs_sap_length); - (void) printf("sap %s\n", sap); -} - -printdlsubsbindack(dlp) -union DL_primitives *dlp; -{ - u_char sap[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->subs_bind_ack.dl_subs_sap_offset), - dlp->subs_bind_ack.dl_subs_sap_length, sap); - - (void) printf("DL_SUBS_BIND_ACK: subs_sap_offset %d sub_sap_length %d\n", - dlp->subs_bind_ack.dl_subs_sap_offset, - dlp->subs_bind_ack.dl_subs_sap_length); - (void) printf("sap %s\n", sap); -} - -printdlsubsunbindreq(dlp) -union DL_primitives *dlp; -{ - u_char sap[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->subs_unbind_req.dl_subs_sap_offset), - dlp->subs_unbind_req.dl_subs_sap_length, sap); - - (void) printf("DL_SUBS_UNBIND_REQ: subs_sap_offset %d sub_sap_length %d\n", - dlp->subs_unbind_req.dl_subs_sap_offset, - dlp->subs_unbind_req.dl_subs_sap_length); - (void) printf("sap %s\n", sap); -} - -printdlunitdatareq(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->unitdata_req.dl_dest_addr_offset), - dlp->unitdata_req.dl_dest_addr_length, addr); - - (void) printf("DL_UNITDATA_REQ: dest_addr_length %d dest_addr_offset %d\n", - dlp->unitdata_req.dl_dest_addr_length, - dlp->unitdata_req.dl_dest_addr_offset); - (void) printf("dl_priority.min %d dl_priority.max %d\n", - dlp->unitdata_req.dl_priority.dl_min, - dlp->unitdata_req.dl_priority.dl_max); - (void) printf("addr %s\n", addr); -} - -printdlunitdataind(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->unitdata_ind.dl_dest_addr_offset), - dlp->unitdata_ind.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->unitdata_ind.dl_src_addr_offset), - dlp->unitdata_ind.dl_src_addr_length, src); - - (void) printf("DL_UNITDATA_IND: dest_addr_length %d dest_addr_offset %d\n", - dlp->unitdata_ind.dl_dest_addr_length, - dlp->unitdata_ind.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->unitdata_ind.dl_src_addr_length, - dlp->unitdata_ind.dl_src_addr_offset); - (void) printf("group_address 0x%x\n", - dlp->unitdata_ind.dl_group_address); - (void) printf("dest %s\n", dest); - (void) printf("src %s\n", src); -} - -printdluderrorind(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->uderror_ind.dl_dest_addr_offset), - dlp->uderror_ind.dl_dest_addr_length, addr); - - (void) printf("DL_UDERROR_IND: dest_addr_length %d dest_addr_offset %d\n", - dlp->uderror_ind.dl_dest_addr_length, - dlp->uderror_ind.dl_dest_addr_offset); - (void) printf("unix_errno %d errno %s\n", - dlp->uderror_ind.dl_unix_errno, - dlerrno(dlp->uderror_ind.dl_errno)); - (void) printf("addr %s\n", addr); -} - -printdltestreq(dlp) -union DL_primitives *dlp; -{ - u_char addr[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_req.dl_dest_addr_offset), - dlp->test_req.dl_dest_addr_length, addr); - - (void) printf("DL_TEST_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_req.dl_flag, - dlp->test_req.dl_dest_addr_length, - dlp->test_req.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", addr); -} - -printdltestind(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_ind.dl_dest_addr_offset), - dlp->test_ind.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->test_ind.dl_src_addr_offset), - dlp->test_ind.dl_src_addr_length, src); - - (void) printf("DL_TEST_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_ind.dl_flag, - dlp->test_ind.dl_dest_addr_length, - dlp->test_ind.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->test_ind.dl_src_addr_length, - dlp->test_ind.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdltestres(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_res.dl_dest_addr_offset), - dlp->test_res.dl_dest_addr_length, dest); - - (void) printf("DL_TEST_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_res.dl_flag, - dlp->test_res.dl_dest_addr_length, - dlp->test_res.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", dest); -} - -printdltestcon(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->test_con.dl_dest_addr_offset), - dlp->test_con.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->test_con.dl_src_addr_offset), - dlp->test_con.dl_src_addr_length, src); - - (void) printf("DL_TEST_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->test_con.dl_flag, - dlp->test_con.dl_dest_addr_length, - dlp->test_con.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->test_con.dl_src_addr_length, - dlp->test_con.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdlxidreq(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_req.dl_dest_addr_offset), - dlp->xid_req.dl_dest_addr_length, dest); - - (void) printf("DL_XID_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_req.dl_flag, - dlp->xid_req.dl_dest_addr_length, - dlp->xid_req.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", dest); -} - -printdlxidind(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_ind.dl_dest_addr_offset), - dlp->xid_ind.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->xid_ind.dl_src_addr_offset), - dlp->xid_ind.dl_src_addr_length, src); - - (void) printf("DL_XID_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_ind.dl_flag, - dlp->xid_ind.dl_dest_addr_length, - dlp->xid_ind.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->xid_ind.dl_src_addr_length, - dlp->xid_ind.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdlxidres(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_res.dl_dest_addr_offset), - dlp->xid_res.dl_dest_addr_length, dest); - - (void) printf("DL_XID_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_res.dl_flag, - dlp->xid_res.dl_dest_addr_length, - dlp->xid_res.dl_dest_addr_offset); - (void) printf("dest_addr %s\n", dest); -} - -printdlxidcon(dlp) -union DL_primitives *dlp; -{ - u_char dest[MAXDLADDR]; - u_char src[MAXDLADDR]; - - addrtostring(OFFADDR(dlp, dlp->xid_con.dl_dest_addr_offset), - dlp->xid_con.dl_dest_addr_length, dest); - addrtostring(OFFADDR(dlp, dlp->xid_con.dl_src_addr_offset), - dlp->xid_con.dl_src_addr_length, src); - - (void) printf("DL_XID_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d\n", - dlp->xid_con.dl_flag, - dlp->xid_con.dl_dest_addr_length, - dlp->xid_con.dl_dest_addr_offset); - (void) printf("src_addr_length %d src_addr_offset %d\n", - dlp->xid_con.dl_src_addr_length, - dlp->xid_con.dl_src_addr_offset); - (void) printf("dest_addr %s\n", dest); - (void) printf("src_addr %s\n", src); -} - -printdludqosreq(dlp) -union DL_primitives *dlp; -{ - (void) printf("DL_UDQOS_REQ: qos_length %d qos_offset %d\n", - dlp->udqos_req.dl_qos_length, - dlp->udqos_req.dl_qos_offset); -} - -/* - * Return string. - */ -addrtostring(addr, length, s) -u_char *addr; -u_long length; -u_char *s; -{ - int i; - - for (i = 0; i < length; i++) { - (void) sprintf((char*) s, "%x:", addr[i] & 0xff); - s = s + strlen((char*)s); - } - if (length) - *(--s) = '\0'; -} - -/* - * Return length - */ -stringtoaddr(sp, addr) -char *sp; -char *addr; -{ - int n = 0; - char *p; - int val; - - p = sp; - while (p = strtok(p, ":")) { - if (sscanf(p, "%x", &val) != 1) - err("stringtoaddr: invalid input string: %s", sp); - if (val > 0xff) - err("stringtoaddr: invalid input string: %s", sp); - *addr++ = val; - n++; - p = NULL; - } - - return (n); -} - - -static char -hexnibble(c) -char c; -{ - static char hextab[] = { - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - 'a', 'b', 'c', 'd', 'e', 'f' - }; - - return (hextab[c & 0x0f]); -} - -char* -dlprim(prim) -u_long prim; -{ - static char primbuf[80]; - - switch ((int)prim) { - CASERET(DL_INFO_REQ); - CASERET(DL_INFO_ACK); - CASERET(DL_ATTACH_REQ); - CASERET(DL_DETACH_REQ); - CASERET(DL_BIND_REQ); - CASERET(DL_BIND_ACK); - CASERET(DL_UNBIND_REQ); - CASERET(DL_OK_ACK); - CASERET(DL_ERROR_ACK); - CASERET(DL_SUBS_BIND_REQ); - CASERET(DL_SUBS_BIND_ACK); - CASERET(DL_UNITDATA_REQ); - CASERET(DL_UNITDATA_IND); - CASERET(DL_UDERROR_IND); - CASERET(DL_UDQOS_REQ); - CASERET(DL_CONNECT_REQ); - CASERET(DL_CONNECT_IND); - CASERET(DL_CONNECT_RES); - CASERET(DL_CONNECT_CON); - CASERET(DL_TOKEN_REQ); - CASERET(DL_TOKEN_ACK); - CASERET(DL_DISCONNECT_REQ); - CASERET(DL_DISCONNECT_IND); - CASERET(DL_RESET_REQ); - CASERET(DL_RESET_IND); - CASERET(DL_RESET_RES); - CASERET(DL_RESET_CON); - default: - (void) sprintf(primbuf, "unknown primitive 0x%x", prim); - return (primbuf); - } -} - - -char* -dlstate(state) -u_long state; -{ - static char statebuf[80]; - - switch (state) { - CASERET(DL_UNATTACHED); - CASERET(DL_ATTACH_PENDING); - CASERET(DL_DETACH_PENDING); - CASERET(DL_UNBOUND); - CASERET(DL_BIND_PENDING); - CASERET(DL_UNBIND_PENDING); - CASERET(DL_IDLE); - CASERET(DL_UDQOS_PENDING); - CASERET(DL_OUTCON_PENDING); - CASERET(DL_INCON_PENDING); - CASERET(DL_CONN_RES_PENDING); - CASERET(DL_DATAXFER); - CASERET(DL_USER_RESET_PENDING); - CASERET(DL_PROV_RESET_PENDING); - CASERET(DL_RESET_RES_PENDING); - CASERET(DL_DISCON8_PENDING); - CASERET(DL_DISCON9_PENDING); - CASERET(DL_DISCON11_PENDING); - CASERET(DL_DISCON12_PENDING); - CASERET(DL_DISCON13_PENDING); - CASERET(DL_SUBS_BIND_PND); - default: - (void) sprintf(statebuf, "unknown state 0x%x", state); - return (statebuf); - } -} - -char* -dlerrno(errno) -u_long errno; -{ - static char errnobuf[80]; - - switch (errno) { - CASERET(DL_ACCESS); - CASERET(DL_BADADDR); - CASERET(DL_BADCORR); - CASERET(DL_BADDATA); - CASERET(DL_BADPPA); - CASERET(DL_BADPRIM); - CASERET(DL_BADQOSPARAM); - CASERET(DL_BADQOSTYPE); - CASERET(DL_BADSAP); - CASERET(DL_BADTOKEN); - CASERET(DL_BOUND); - CASERET(DL_INITFAILED); - CASERET(DL_NOADDR); - CASERET(DL_NOTINIT); - CASERET(DL_OUTSTATE); - CASERET(DL_SYSERR); - CASERET(DL_UNSUPPORTED); - CASERET(DL_UNDELIVERABLE); - CASERET(DL_NOTSUPPORTED); - CASERET(DL_TOOMANY); - CASERET(DL_NOTENAB); - CASERET(DL_BUSY); - CASERET(DL_NOAUTO); - CASERET(DL_NOXIDAUTO); - CASERET(DL_NOTESTAUTO); - CASERET(DL_XIDAUTO); - CASERET(DL_TESTAUTO); - CASERET(DL_PENDING); - - default: - (void) sprintf(errnobuf, "unknown dlpi errno 0x%x", errno); - return (errnobuf); - } -} - -char* -dlpromisclevel(level) -u_long level; -{ - static char levelbuf[80]; - - switch (level) { - CASERET(DL_PROMISC_PHYS); - CASERET(DL_PROMISC_SAP); - CASERET(DL_PROMISC_MULTI); - default: - (void) sprintf(levelbuf, "unknown promisc level 0x%x", level); - return (levelbuf); - } -} - -char* -dlservicemode(servicemode) -u_long servicemode; -{ - static char servicemodebuf[80]; - - switch (servicemode) { - CASERET(DL_CODLS); - CASERET(DL_CLDLS); - CASERET(DL_CODLS|DL_CLDLS); - default: - (void) sprintf(servicemodebuf, - "unknown provider service mode 0x%x", servicemode); - return (servicemodebuf); - } -} - -char* -dlstyle(style) -long style; -{ - static char stylebuf[80]; - - switch (style) { - CASERET(DL_STYLE1); - CASERET(DL_STYLE2); - default: - (void) sprintf(stylebuf, "unknown provider style 0x%x", style); - return (stylebuf); - } -} - -char* -dlmactype(media) -u_long media; -{ - static char mediabuf[80]; - - switch (media) { - CASERET(DL_CSMACD); - CASERET(DL_TPB); - CASERET(DL_TPR); - CASERET(DL_METRO); - CASERET(DL_ETHER); - CASERET(DL_HDLC); - CASERET(DL_CHAR); - CASERET(DL_CTCA); - default: - (void) sprintf(mediabuf, "unknown media type 0x%x", media); - return (mediabuf); - } -} - -/*VARARGS1*/ -err(fmt, a1, a2, a3, a4) -char *fmt; -char *a1, *a2, *a3, *a4; -{ - (void) fprintf(stderr, fmt, a1, a2, a3, a4); - (void) fprintf(stderr, "\n"); - (void) exit(1); -} - -syserr(s) -char *s; -{ - (void) perror(s); - exit(1); -} - -strioctl(fd, cmd, timout, len, dp) -int fd; -int cmd; -int timout; -int len; -char *dp; -{ - struct strioctl sioc; - int rc; - - sioc.ic_cmd = cmd; - sioc.ic_timout = timout; - sioc.ic_len = len; - sioc.ic_dp = dp; - rc = ioctl(fd, I_STR, &sioc); - - if (rc < 0) - return (rc); - else - return (sioc.ic_len); -} diff --git a/contrib/ipfilter/ipsend/dltest.h b/contrib/ipfilter/ipsend/dltest.h deleted file mode 100644 index 4c32c30eb1..0000000000 --- a/contrib/ipfilter/ipsend/dltest.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Common DLPI Test Suite header file - * - */ - -/* - * Maximum control/data buffer size (in long's !!) for getmsg(). - */ -#define MAXDLBUF 8192 - -/* - * Maximum number of seconds we'll wait for any - * particular DLPI acknowledgment from the provider - * after issuing a request. - */ -#define MAXWAIT 15 - -/* - * Maximum address buffer length. - */ -#define MAXDLADDR 1024 - - -/* - * Handy macro. - */ -#define OFFADDR(s, n) (u_char*)((char*)(s) + (int)(n)) - -/* - * externs go here - */ -extern void sigalrm(); diff --git a/contrib/ipfilter/ipsend/hpux.c b/contrib/ipfilter/ipsend/hpux.c deleted file mode 100644 index 463fdbfdaf..0000000000 --- a/contrib/ipfilter/ipsend/hpux.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * (C)opyright 1997-1998 Darren Reed. (from tcplog) - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -int initdevice(device, sport, tout) -char *device; -int sport, tout; -{ - int fd; - - if ((fd = socket(AF_DLI, SOCK_RAW, 0)) == -1) - perror("socket"); - return fd; -} - - -/* - * output an IP packet onto a fd opened for /dev/bpf - */ -int sendip(fd, pkt, len) -int fd, len; -char *pkt; -{ - if (send(fd, pkt, len, 0) == -1) - { - perror("send"); - return -1; - } - - return len; -} - - -char *strdup(str) -char *str; -{ - char *s; - - if ((s = (char *)malloc(strlen(str) + 1))) - return strcpy(s, str); - return NULL; -} -/* - * (C)opyright 1997 Darren Reed. (from tcplog) - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -int initdevice(device, sport, tout) -char *device; -int sport, tout; -{ - int fd; - - if ((fd = socket(AF_DLI, SOCK_RAW, 0)) == -1) - perror("socket"); - return fd; -} - - -/* - * output an IP packet onto a fd opened for /dev/bpf - */ -int sendip(fd, pkt, len) -int fd, len; -char *pkt; -{ - if (send(fd, pkt, len, 0) == -1) - { - perror("send"); - return -1; - } - - return len; -} - - -char *strdup(str) -char *str; -{ - char *s; - - if ((s = (char *)malloc(strlen(str) + 1))) - return strcpy(s, str); - return NULL; -} diff --git a/contrib/ipfilter/ipsend/in_var.h b/contrib/ipfilter/ipsend/in_var.h deleted file mode 100644 index 63980ef304..0000000000 --- a/contrib/ipfilter/ipsend/in_var.h +++ /dev/null @@ -1,177 +0,0 @@ -/* @(#)in_var.h 1.3 88/08/19 SMI; from UCB 7.1 6/5/86 */ - -/* - * Copyright (c) 1985, 1986 Regents of the University of California. - * All rights reserved. The Berkeley software License Agreement - * specifies the terms and conditions for redistribution. - */ - -/* - * Interface address, Internet version. One of these structures - * is allocated for each interface with an Internet address. - * The ifaddr structure contains the protocol-independent part - * of the structure and is assumed to be first. - */ - -#ifndef _netinet_in_var_h -#define _netinet_in_var_h - -struct in_ifaddr { - struct ifaddr ia_ifa; /* protocol-independent info */ -#define ia_addr ia_ifa.ifa_addr -#define ia_broadaddr ia_ifa.ifa_broadaddr -#define ia_dstaddr ia_ifa.ifa_dstaddr -#define ia_ifp ia_ifa.ifa_ifp - u_long ia_net; /* network number of interface */ - u_long ia_netmask; /* mask of net part */ - u_long ia_subnet; /* subnet number, including net */ - u_long ia_subnetmask; /* mask of net + subnet */ - struct in_addr ia_netbroadcast; /* broadcast addr for (logical) net */ - int ia_flags; - struct in_ifaddr *ia_next; /* next in list of internet addresses */ - struct in_multi *ia_multiaddrs;/* list of multicast addresses */ -}; -/* - * Given a pointer to an in_ifaddr (ifaddr), - * return a pointer to the addr as a sockadd_in. - */ -#define IA_SIN(ia) ((struct sockaddr_in *)(&((struct in_ifaddr *)ia)->ia_addr)) -/* - * ia_flags - */ -#define IFA_ROUTE 0x01 /* routing entry installed */ - -#ifdef KERNEL -struct in_ifaddr *in_ifaddr; -struct in_ifaddr *in_iaonnetof(); -struct ifqueue ipintrq; /* ip packet input queue */ -#endif - -#ifdef KERNEL -/* - * Macro for finding the interface (ifnet structure) corresponding to one - * of our IP addresses. - */ -#define INADDR_TO_IFP(addr, ifp) \ - /* struct in_addr addr; */ \ - /* struct ifnet *ifp; */ \ -{ \ - register struct in_ifaddr *ia; \ - \ - for (ia = in_ifaddr; \ - ia != NULL && IA_SIN(ia)->sin_addr.s_addr != (addr).s_addr; \ - ia = ia->ia_next); \ - (ifp) = (ia == NULL) ? NULL : ia->ia_ifp; \ -} - -/* - * Macro for finding the internet address structure (in_ifaddr) corresponding - * to a given interface (ifnet structure). - */ -#define IFP_TO_IA(ifp, ia) \ - /* struct ifnet *ifp; */ \ - /* struct in_ifaddr *ia; */ \ -{ \ - for ((ia) = in_ifaddr; \ - (ia) != NULL && (ia)->ia_ifp != (ifp); \ - (ia) = (ia)->ia_next); \ -} -#endif KERNEL - -/* - * Per-interface router version information is kept in this list. - * This information should be part of the ifnet structure but we don't wish - * to change that - as it might break a number of things - */ - -struct router_info { - struct ifnet *ifp; - int type; /* type of router which is querier on this interface */ - int time; /* # of slow timeouts since last old query */ - struct router_info *next; -}; - -/* - * Internet multicast address structure. There is one of these for each IP - * multicast group to which this host belongs on a given network interface. - * They are kept in a linked list, rooted in the interface's in_ifaddr - * structure. - */ - -struct in_multi { - struct in_addr inm_addr; /* IP multicast address */ - struct ifnet *inm_ifp; /* back pointer to ifnet */ - struct in_ifaddr *inm_ia; /* back pointer to in_ifaddr */ - u_int inm_refcount;/* no. membership claims by sockets */ - u_int inm_timer; /* IGMP membership report timer */ - struct in_multi *inm_next; /* ptr to next multicast address */ - u_int inm_state; /* state of the membership */ - struct router_info *inm_rti; /* router info*/ -}; - -#ifdef KERNEL -/* - * Structure used by macros below to remember position when stepping through - * all of the in_multi records. - */ -struct in_multistep { - struct in_ifaddr *i_ia; - struct in_multi *i_inm; -}; - -/* - * Macro for looking up the in_multi record for a given IP multicast address - * on a given interface. If no matching record is found, "inm" returns NULL. - */ -#define IN_LOOKUP_MULTI(addr, ifp, inm) \ - /* struct in_addr addr; */ \ - /* struct ifnet *ifp; */ \ - /* struct in_multi *inm; */ \ -{ \ - register struct in_ifaddr *ia; \ - \ - IFP_TO_IA((ifp), ia); \ - if (ia == NULL) \ - (inm) = NULL; \ - else \ - for ((inm) = ia->ia_multiaddrs; \ - (inm) != NULL && (inm)->inm_addr.s_addr != (addr).s_addr; \ - (inm) = inm->inm_next); \ -} - -/* - * Macro to step through all of the in_multi records, one at a time. - * The current position is remembered in "step", which the caller must - * provide. IN_FIRST_MULTI(), below, must be called to initialize "step" - * and get the first record. Both macros return a NULL "inm" when there - * are no remaining records. - */ -#define IN_NEXT_MULTI(step, inm) \ - /* struct in_multistep step; */ \ - /* struct in_multi *inm; */ \ -{ \ - if (((inm) = (step).i_inm) != NULL) { \ - (step).i_inm = (inm)->inm_next; \ - } \ - else while ((step).i_ia != NULL) { \ - (inm) = (step).i_ia->ia_multiaddrs; \ - (step).i_ia = (step).i_ia->ia_next; \ - if ((inm) != NULL) { \ - (step).i_inm = (inm)->inm_next; \ - break; \ - } \ - } \ -} - -#define IN_FIRST_MULTI(step, inm) \ - /* struct in_multistep step; */ \ - /* struct in_multi *inm; */ \ -{ \ - (step).i_ia = in_ifaddr; \ - (step).i_inm = NULL; \ - IN_NEXT_MULTI((step), (inm)); \ -} - -struct in_multi *in_addmulti(); -#endif KERNEL -#endif /*!_netinet_in_var_h*/ diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c deleted file mode 100644 index 8d30bf5031..0000000000 --- a/contrib/ipfilter/ipsend/ip.c +++ /dev/null @@ -1,356 +0,0 @@ -/* - * ip.c (C) 1995-1998 Darren Reed - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -# include -# include -# if __FreeBSD_version >= 300000 -# include -# endif -#endif -#include "ipsend.h" - -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.5 2002/12/06 11:40:35 darrenr Exp $"; -#endif - -static char *ipbuf = NULL, *ethbuf = NULL; - - -u_short chksum(buf,len) -u_short *buf; -int len; -{ - u_long sum = 0; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - sum = (sum>>16) + (sum & 0xffff); - sum += (sum >>16); - return (~sum); -} - - -int send_ether(nfd, buf, len, gwip) -int nfd, len; -char *buf; -struct in_addr gwip; -{ - static struct in_addr last_gw; - static char last_arp[6] = { 0, 0, 0, 0, 0, 0}; - ether_header_t *eh; - char *s; - int err; - - if (!ethbuf) - ethbuf = (char *)calloc(1, 65536+1024); - s = ethbuf; - eh = (ether_header_t *)s; - - bcopy((char *)buf, s + sizeof(*eh), len); - if (gwip.s_addr == last_gw.s_addr) - bcopy(last_arp, (char *)A_A eh->ether_dhost, 6); - else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1) - { - perror("arp"); - return -2; - } - eh->ether_type = htons(ETHERTYPE_IP); - last_gw.s_addr = gwip.s_addr; - err = sendip(nfd, s, sizeof(*eh) + len); - return err; -} - - -/* - */ -int send_ip(nfd, mtu, ip, gwip, frag) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -int frag; -{ - static struct in_addr last_gw; - static char last_arp[6] = { 0, 0, 0, 0, 0, 0}; - static u_short id = 0; - ether_header_t *eh; - ip_t ipsv; - int err, iplen; - - if (!ipbuf) - { - ipbuf = (char *)malloc(65536); - if(!ipbuf) - { - perror("malloc failed"); - return -2; - } - } - - eh = (ether_header_t *)ipbuf; - - bzero((char *)A_A eh->ether_shost, sizeof(eh->ether_shost)); - if (last_gw.s_addr && (gwip.s_addr == last_gw.s_addr)) - bcopy(last_arp, (char *)A_A eh->ether_dhost, 6); - else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1) - { - perror("arp"); - return -2; - } - bcopy((char *)A_A eh->ether_dhost, last_arp, sizeof(last_arp)); - eh->ether_type = htons(ETHERTYPE_IP); - - bcopy((char *)ip, (char *)&ipsv, sizeof(*ip)); - last_gw.s_addr = gwip.s_addr; - iplen = ip->ip_len; - ip->ip_len = htons(iplen); - if (!(frag & 2)) { - if (!ip->ip_v) - ip->ip_v = IPVERSION; - if (!ip->ip_id) - ip->ip_id = htons(id++); - if (!ip->ip_ttl) - ip->ip_ttl = 60; - } - - if (!frag || (sizeof(*eh) + iplen < mtu)) - { - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - - bcopy((char *)ip, ipbuf + sizeof(*eh), iplen); - err = sendip(nfd, ipbuf, sizeof(*eh) + iplen); - } - else - { - /* - * Actually, this is bogus because we're putting all IP - * options in every packet, which isn't always what should be - * done. Will do for now. - */ - ether_header_t eth; - char optcpy[48], ol; - char *s; - int i, sent = 0, ts, hlen, olen; - - hlen = ip->ip_hl << 2; - if (mtu < (hlen + 8)) { - fprintf(stderr, "mtu (%d) < ip header size (%d) + 8\n", - mtu, hlen); - fprintf(stderr, "can't fragment data\n"); - return -2; - } - ol = (ip->ip_hl << 2) - sizeof(*ip); - for (i = 0, s = (char*)(ip + 1); ol > 0; ) - if (*s == IPOPT_EOL) { - optcpy[i++] = *s; - break; - } else if (*s == IPOPT_NOP) { - s++; - ol--; - } else - { - olen = (int)(*(u_char *)(s + 1)); - ol -= olen; - if (IPOPT_COPIED(*s)) - { - bcopy(s, optcpy + i, olen); - i += olen; - s += olen; - } - } - if (i) - { - /* - * pad out - */ - while ((i & 3) && (i & 3) != 3) - optcpy[i++] = IPOPT_NOP; - if ((i & 3) == 3) - optcpy[i++] = IPOPT_EOL; - } - - bcopy((char *)eh, (char *)ð, sizeof(eth)); - s = (char *)ip + hlen; - iplen = ntohs(ip->ip_len) - hlen; - ip->ip_off |= htons(IP_MF); - - while (1) - { - if ((sent + (mtu - hlen)) >= iplen) - { - ip->ip_off ^= htons(IP_MF); - ts = iplen - sent; - } - else - ts = (mtu - hlen); - ip->ip_off &= htons(0xe000); - ip->ip_off |= htons(sent >> 3); - ts += hlen; - ip->ip_len = htons(ts); - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, hlen); - bcopy((char *)ip, ipbuf + sizeof(*eh), hlen); - bcopy(s + sent, ipbuf + sizeof(*eh) + hlen, ts - hlen); - err = sendip(nfd, ipbuf, sizeof(*eh) + ts); - - bcopy((char *)ð, ipbuf, sizeof(eth)); - sent += (ts - hlen); - if (!(ntohs(ip->ip_off) & IP_MF)) - break; - else if (!(ip->ip_off & htons(0x1fff))) - { - hlen = i + sizeof(*ip); - ip->ip_hl = (sizeof(*ip) + i) >> 2; - bcopy(optcpy, (char *)(ip + 1), i); - } - } - } - - bcopy((char *)&ipsv, (char *)ip, sizeof(*ip)); - return err; -} - - -/* - * send a tcp packet. - */ -int send_tcp(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - static tcp_seq iss = 2; - struct tcpiphdr *ti; - tcphdr_t *t; - int thlen, i, iplen, hlen; - u_32_t lbuf[20]; - - iplen = ip->ip_len; - hlen = ip->ip_hl << 2; - t = (tcphdr_t *)((char *)ip + hlen); - ti = (struct tcpiphdr *)lbuf; - thlen = t->th_off << 2; - if (!thlen) - thlen = sizeof(tcphdr_t); - bzero((char *)ti, sizeof(*ti)); - ip->ip_p = IPPROTO_TCP; - ti->ti_pr = ip->ip_p; - ti->ti_src = ip->ip_src; - ti->ti_dst = ip->ip_dst; - bcopy((char *)ip + hlen, (char *)&ti->ti_sport, thlen); - - if (!ti->ti_win) - ti->ti_win = htons(4096); - iss += 63; - - i = sizeof(struct tcpiphdr) / sizeof(long); - - if ((ti->ti_flags == TH_SYN) && !ntohs(ip->ip_off) && - (lbuf[i] != htonl(0x020405b4))) { - lbuf[i] = htonl(0x020405b4); - bcopy((char *)ip + hlen + thlen, (char *)ip + hlen + thlen + 4, - iplen - thlen - hlen); - thlen += 4; - } - ti->ti_off = thlen >> 2; - ti->ti_len = htons(thlen); - ip->ip_len = hlen + thlen; - ti->ti_sum = 0; - ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t)); - - bcopy((char *)&ti->ti_sport, (char *)ip + hlen, thlen); - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -/* - * send a udp packet. - */ -int send_udp(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - struct tcpiphdr *ti; - int thlen; - u_long lbuf[20]; - - ti = (struct tcpiphdr *)lbuf; - bzero((char *)ti, sizeof(*ti)); - thlen = sizeof(udphdr_t); - ti->ti_pr = ip->ip_p; - ti->ti_src = ip->ip_src; - ti->ti_dst = ip->ip_dst; - bcopy((char *)ip + (ip->ip_hl << 2), - (char *)&ti->ti_sport, sizeof(udphdr_t)); - - ti->ti_len = htons(thlen); - ip->ip_len = (ip->ip_hl << 2) + thlen; - ti->ti_sum = 0; - ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t)); - - bcopy((char *)&ti->ti_sport, - (char *)ip + (ip->ip_hl << 2), sizeof(udphdr_t)); - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -/* - * send an icmp packet. - */ -int send_icmp(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - struct icmp *ic; - - ic = (struct icmp *)((char *)ip + (ip->ip_hl << 2)); - - ic->icmp_cksum = 0; - ic->icmp_cksum = chksum((u_short *)ic, sizeof(struct icmp)); - - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -int send_packet(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - switch (ip->ip_p) - { - case IPPROTO_TCP : - return send_tcp(nfd, mtu, ip, gwip); - case IPPROTO_UDP : - return send_udp(nfd, mtu, ip, gwip); - case IPPROTO_ICMP : - return send_icmp(nfd, mtu, ip, gwip); - default : - return send_ip(nfd, mtu, ip, gwip, 1); - } -} diff --git a/contrib/ipfilter/ipsend/ip_var.h b/contrib/ipfilter/ipsend/ip_var.h deleted file mode 100644 index ace9800793..0000000000 --- a/contrib/ipfilter/ipsend/ip_var.h +++ /dev/null @@ -1,123 +0,0 @@ -/* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */ - -/* - * Copyright (c) 1982, 1986 Regents of the University of California. - * All rights reserved. The Berkeley software License Agreement - * specifies the terms and conditions for redistribution. - */ - -/* - * Overlay for ip header used by other protocols (tcp, udp). - */ - -#ifndef _netinet_ip_var_h -#define _netinet_ip_var_h - -struct ipovly { - caddr_t ih_next, ih_prev; /* for protocol sequence q's */ - u_char ih_x1; /* (unused) */ - u_char ih_pr; /* protocol */ - short ih_len; /* protocol length */ - struct in_addr ih_src; /* source internet address */ - struct in_addr ih_dst; /* destination internet address */ -}; - -/* - * Ip reassembly queue structure. Each fragment - * being reassembled is attached to one of these structures. - * They are timed out after ipq_ttl drops to 0, and may also - * be reclaimed if memory becomes tight. - */ -struct ipq { - struct ipq *next,*prev; /* to other reass headers */ - u_char ipq_ttl; /* time for reass q to live */ - u_char ipq_p; /* protocol of this fragment */ - u_short ipq_id; /* sequence id for reassembly */ - struct ipasfrag *ipq_next,*ipq_prev; - /* to ip headers of fragments */ - struct in_addr ipq_src,ipq_dst; -}; - -/* - * Ip header, when holding a fragment. - * - * Note: ipf_next must be at same offset as ipq_next above - */ -struct ipasfrag { -#if defined(vax) || defined(i386) || defined(__i386__) - u_char ip_hl:4, - ip_v:4; -#endif -#if defined(mc68000) || defined(sparc) - u_char ip_v:4, - ip_hl:4; -#endif - u_char ipf_mff; /* copied from (ip_off&IP_MF) */ - short ip_len; - u_short ip_id; - short ip_off; - u_char ip_ttl; - u_char ip_p; - u_short ip_sum; - struct ipasfrag *ipf_next; /* next fragment */ - struct ipasfrag *ipf_prev; /* previous fragment */ -}; - -/* - * Structure stored in mbuf in inpcb.ip_options - * and passed to ip_output when ip options are in use. - * The actual length of the options (including ipopt_dst) - * is in m_len. - */ -#define MAX_IPOPTLEN 40 - -struct ipoption { - struct in_addr ipopt_dst; /* first-hop dst if source routed */ - char ipopt_list[MAX_IPOPTLEN]; /* options proper */ -}; - -/* - * Structure stored in an mbuf attached to inpcb.ip_moptions and - * passed to ip_output when IP multicast options are in use. - */ -struct ip_moptions { - struct ifnet *imo_multicast_ifp; /* ifp for outgoing multicasts */ - u_char imo_multicast_ttl; /* TTL for outgoing multicasts */ - u_char imo_multicast_loop; /* 1 => hear sends if a member */ - u_short imo_num_memberships;/* no. memberships this socket */ - struct in_multi *imo_membership[IP_MAX_MEMBERSHIPS]; -#ifdef RSVP_ISI - long imo_multicast_vif; /* vif for outgoing multicasts */ -#endif /* RSVP_ISI */ -}; - -struct ipstat { - long ips_total; /* total packets received */ - long ips_badsum; /* checksum bad */ - long ips_tooshort; /* packet too short */ - long ips_toosmall; /* not enough data */ - long ips_badhlen; /* ip header length < data size */ - long ips_badlen; /* ip length < ip header length */ - long ips_fragments; /* fragments received */ - long ips_fragdropped; /* frags dropped (dups, out of space) */ - long ips_fragtimeout; /* fragments timed out */ - long ips_forward; /* packets forwarded */ - long ips_cantforward; /* packets rcvd for unreachable dest */ - long ips_redirectsent; /* packets forwarded on same net */ -}; - -#ifdef KERNEL -/* flags passed to ip_output as last parameter */ -#define IP_FORWARDING 0x1 /* most of ip header exists */ -#define IP_MULTICASTOPTS 0x2 /* multicast opts present */ -#define IP_ROUTETOIF SO_DONTROUTE /* bypass routing tables */ -#define IP_ALLOWBROADCAST SO_BROADCAST /* can send broadcast packets */ - -struct ipstat ipstat; -struct ipq ipq; /* ip reass. queue */ -u_short ip_id; /* ip packet ctr, for ids */ - -struct mbuf *ip_srcroute(); -#endif - -#endif /*!_netinet_ip_var_h*/ diff --git a/contrib/ipfilter/ipsend/ipresend.1 b/contrib/ipfilter/ipsend/ipresend.1 deleted file mode 100644 index 6014313587..0000000000 --- a/contrib/ipfilter/ipsend/ipresend.1 +++ /dev/null @@ -1,106 +0,0 @@ -.TH IPRESEND 1 -.SH NAME -ipresend \- resend IP packets out to network -.SH SYNOPSIS -.B ipresend -[ -.B \-EHPRSTX -] [ -.B \-d - -] [ -.B \-g -<\fIgateway\fP> -] [ -.B \-m -<\fIMTU\fP> -] [ -.B \-r -<\fIfilename\fP> -] -.SH DESCRIPTION -.PP -\fBipresend\fP was designed to allow packets to be resent, once captured, -back out onto the network for use in testing. \fIipresend\fP supports a -number of different file formats as input, including saved snoop/tcpdump -binary data. -.SH OPTIONS -.TP -.BR \-d \0 -Set the interface name to be the name supplied. This is useful with the -\fB\-P, \-S, \-T\fP and \fB\-E\fP options, where it is not otherwise possible -to associate a packet with an interface. Normal "text packets" can override -this setting. -.TP -.BR \-g \0 -Specify the hostname of the gateway through which to route packets. This -is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.TP -.BR \-m \0 -Specify the MTU to be used when sending out packets. This option allows you -to set a fake MTU, allowing the simulation of network interfaces with small -MTU's without setting them so. -.TP -.BR \-r \0 -Specify the filename from which to take input. Default is stdin. -.TP -.B \-E -The input file is to be text output from etherfind. The text formats which -are currently supported are those which result from the following etherfind -option combinations: -.PP -.nf - etherfind -n - etherfind -n -t -.fi -.LP -.TP -.B \-H -The input file is to be hex digits, representing the binary makeup of the -packet. No length correction is made, if an incorrect length is put in -the IP header. -.TP -.B \-P -The input file specified by \fB\-i\fP is a binary file produced using libpcap -(i.e., tcpdump version 3). Packets are read from this file as being input -(for rule purposes). -.TP -.B \-R -When sending packets out, send them out "raw" (the way they came in). The -only real significance here is that it will expect the link layer (i.e. -ethernet) headers to be prepended to the IP packet being output. -.TP -.B \-S -The input file is to be in "snoop" format (see RFC 1761). Packets are read -from this file and used as input from any interface. This is perhaps the -most useful input type, currently. -.TP -.B \-T -The input file is to be text output from tcpdump. The text formats which -are currently supported are those which result from the following tcpdump -option combinations: -.PP -.nf - tcpdump -n - tcpdump -nq - tcpdump -nqt - tcpdump -nqtt - tcpdump -nqte -.fi -.LP -.TP -.B \-X -The input file is composed of text descriptions of IP packets. -.DT -.SH SEE ALSO -snoop(1m), tcpdump(8), etherfind(8c), ipftest(1), ipresend(1), iptest(1), bpf(4), dlpi(7p) -.SH DIAGNOSTICS -.PP -Needs to be run as root. -.SH BUGS -.PP -Not all of the input formats are sufficiently capable of introducing a -wide enough variety of packets for them to be all useful in testing. -If you find any, please send email to me at darrenr@pobox.com - diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c deleted file mode 100644 index 9252b4b00b..0000000000 --- a/contrib/ipfilter/ipsend/ipresend.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * ipresend.c (C) 1995-1998 Darren Reed - * - * This was written to test what size TCP fragments would get through - * various TCP/IP packet filters, as used in IP firewalls. In certain - * conditions, enough of the TCP header is missing for unpredictable - * results unless the filter is aware that this can happen. - * - * See the IPFILTER.LICENCE file for details on licencing. - */ -#if defined(__sgi) && (IRIX > 602) -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef linux -#include -#endif -#include "ipsend.h" - -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.4 2002/12/06 11:40:35 darrenr Exp $"; -#endif - - -extern char *optarg; -extern int optind; -#ifndef NO_IPF -extern struct ipread snoop, pcap, etherf, iphex, tcpd, iptext; -#endif - -int opts = 0; -#ifndef DEFAULT_DEVICE -# ifdef linux -char default_device[] = "eth0"; -# else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -# ifdef __bsdi__ -char default_device[] = "ef0"; -# else -# ifdef __sgi -char default_device[] = "ec0"; -# else -char default_device[] = "lan0"; -# endif -# endif -# endif -# endif -# endif -#else -char default_device[] = DEFAULT_DEVICE; -#endif - - -static void usage __P((char *)); -int main __P((int, char **)); - - -static void usage(prog) -char *prog; -{ - fprintf(stderr, "Usage: %s [options] <-r filename|-R filename>\n\ -\t\t-r filename\tsnoop data file to resend\n\ -\t\t-R filename\tlibpcap data file to resend\n\ -\toptions:\n\ -\t\t-d device\tSend out on this device\n\ -\t\t-g gateway\tIP gateway to use if non-local dest.\n\ -\t\t-m mtu\t\tfake MTU to use when sending out\n\ -", prog); - exit(1); -} - - -int main(argc, argv) -int argc; -char **argv; -{ - struct in_addr gwip; - struct ipread *ipr = NULL; - char *name = argv[0], *gateway = NULL, *dev = NULL; - char *resend = NULL; - int mtu = 1500, c; - - while ((c = getopt(argc, argv, "EHPRSTXd:g:m:r:")) != -1) - switch (c) - { - case 'd' : - dev = optarg; - break; - case 'g' : - gateway = optarg; - break; - case 'm' : - mtu = atoi(optarg); - if (mtu < 28) - { - fprintf(stderr, "mtu must be > 28\n"); - exit(1); - } - case 'r' : - resend = optarg; - break; - case 'R' : - opts |= OPT_RAW; - break; -#ifndef NO_IPF - case 'E' : - ipr = ðerf; - break; - case 'H' : - ipr = &iphex; - break; - case 'P' : - ipr = &pcap; - break; - case 'S' : - ipr = &snoop; - break; - case 'T' : - ipr = &tcpd; - break; - case 'X' : - ipr = &iptext; - break; -#endif - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - if (!ipr || !resend) - usage(name); - - gwip.s_addr = 0; - if (gateway && resolve(gateway, (char *)&gwip) == -1) - { - fprintf(stderr,"Cant resolve %s\n", gateway); - exit(2); - } - - if (!dev) - dev = default_device; - - printf("Device: %s\n", dev); - printf("Gateway: %s\n", inet_ntoa(gwip)); - printf("mtu: %d\n", mtu); - - return ip_resend(dev, mtu, ipr, gwip, resend); -} diff --git a/contrib/ipfilter/ipsend/ipsend.1 b/contrib/ipfilter/ipsend/ipsend.1 deleted file mode 100644 index f2f806658d..0000000000 --- a/contrib/ipfilter/ipsend/ipsend.1 +++ /dev/null @@ -1,109 +0,0 @@ -.TH IPSEND 1 -.SH NAME -ipsend \- sends IP packets -.SH SYNOPSIS -.B ipsend -[ -.B \-dITUv -] [ -.B \-i - -] [ -.B \-f -<\fIoffset\fP> -] [ -.B \-g -<\fIgateway\fP> -] [ -.B \-m -<\fIMTU\fP> -] [ -.B \-o -<\fIoption\fP> -] [ -.B \-P - -] [ -.B \-s -<\fIsource\fP> -] [ -.B \-t -<\fIdest. port\fP> -] [ -.B \-w -<\fIwindow\fP> -] [TCP-flags] -.SH DESCRIPTION -.PP -\fBipsend\fP can be compiled in two ways. The first is used to send one-off -packets to a destination host, using command line options to specify various -attributes present in the headers. The \fIdestination\fP must be given as -the last command line option, except for when TCP flags are specified as -a combination of A, S, F, U, P and R, last. -.PP -The other way it may be compiled, with DOSOCKET defined, is to allow an -attempt at making a TCP connection using a with ipsend resending the SYN -packet as per the command line options. -.SH OPTIONS -.TP -.BR \-d -enable debugging mode. -.TP -.BR \-f \0 -The \fI-f\fP allows the IP offset field in the IP header to be set to an -arbitrary value, which can be specified in decimal or hexadecimal. -.TP -.BR \-g \0 -Specify the hostname of the gateway through which to route packets. This -is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.TP -.BR \-i \0 -Set the interface name to be the name supplied. -.TP -.TP -.BR \-m \0 -Specify the MTU to be used when sending out packets. This option allows you -to set a fake MTU, allowing the simulation of network interfaces with small -MTU's without setting them so. -.TP -.BR \-o \0