diff -cr ../TIS.orig/fwtk/Makefile.config.linux fwtk/Makefile.config.linux *** ../TIS.orig/fwtk/Makefile.config.linux Sat Sep 7 05:58:21 1996 --- fwtk/Makefile.config.linux Sun Feb 2 05:48:01 1997 *************** *** 13,19 **** # Your C compiler (eg, "cc" or "gcc") ! CC= cc # program to use for installation -- this may or may not preserve --- 13,19 ---- # Your C compiler (eg, "cc" or "gcc") ! CC= gcc # program to use for installation -- this may or may not preserve *************** *** 24,37 **** # Defines for your operating system # ! DEFINES=-DLINUX #DEFINES=-DSYSV -DSOLARIS # Options for your compiler (eg, "-g" for debugging, "-O" for # optimizing, or "-g -O" for both under GCC) #COPT= -g -traditional $(DEFINES) ! COPT= -g $(DEFINES) ! #COPT= -O $(DEFINES) # Version of "make" you want to use #MAKE= gnumake --- 24,37 ---- # Defines for your operating system # ! DEFINES=-DLINUX -DUSE_IP_FILTER #DEFINES=-DSYSV -DSOLARIS # Options for your compiler (eg, "-g" for debugging, "-O" for # optimizing, or "-g -O" for both under GCC) #COPT= -g -traditional $(DEFINES) ! #COPT= -g $(DEFINES) ! COPT= -O $(DEFINES) # Version of "make" you want to use #MAKE= gnumake *************** *** 44,50 **** # Destination directory for installation of binaries ! DEST= /usr/local/etc # Destination directory for installation of man pages --- 44,50 ---- # Destination directory for installation of binaries ! DEST= /usr/local/sbin # Destination directory for installation of man pages *************** *** 72,78 **** # or -Bstatic for static binaries under SunOS 4.1.x) #LDFL= -Bstatic #LDFL= ! LDFL= -g # Location of the fwtk sources [For #include by any external tools needing it] --- 72,79 ---- # or -Bstatic for static binaries under SunOS 4.1.x) #LDFL= -Bstatic #LDFL= ! #LDFL= -g ! LDFL= -O # Location of the fwtk sources [For #include by any external tools needing it] *************** *** 81,87 **** # Location of X libraries for X-gw ! XLIBDIR=/usr/X11/lib #XLIBDIR=/usr/local/X11R5/lib # X Libraries --- 82,88 ---- # Location of X libraries for X-gw ! XLIBDIR=/usr/X11R6/lib #XLIBDIR=/usr/local/X11R5/lib # X Libraries *************** *** 96,102 **** #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 # Location of X include files ! XINCLUDE=/usr/X11/include #XINCLUDE=/usr/local/X11R5/include # Objects to include in libfwall for SYSV --- 97,103 ---- #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 # Location of X include files ! XINCLUDE=/usr/X11R6/include #XINCLUDE=/usr/local/X11R5/include # Objects to include in libfwall for SYSV diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris *** ../TIS.orig/fwtk/Makefile.config.solaris Sat Sep 7 06:14:13 1996 --- fwtk/Makefile.config.solaris Sun Feb 2 06:09:19 1997 *************** *** 11,30 **** # # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.1 1999/08/04 17:40:48 darrenr Exp $" # Your C compiler (eg, "cc" or "gcc") ! CC= cc # program to use for installation -- this may or may not preserve # old versions (or whatever). assumes that it takes parameters: # copy source dest ! CP= cp # Defines for your operating system # ! DEFINES=-DSYSV -DSOLARIS #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ --- 11,34 ---- # # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.1 1999/08/04 17:40:48 darrenr Exp $" + # + # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c) + # + IPFPATH=/src/unpacked/firewall/ip_fil3.1.5 # Your C compiler (eg, "cc" or "gcc") ! CC= gcc # program to use for installation -- this may or may not preserve # old versions (or whatever). assumes that it takes parameters: # copy source dest ! CP= /usr/ucb/install -c -s # Defines for your operating system # ! DEFINES=-DSYSV -DSOLARIS -DUSE_IP_FILTER -I$(IPFPATH) #DEFINES=-DSYSV -DSOLARIS -Dgethostbyname=res_gethostbyname \ -Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \ *************** *** 45,52 **** # Your ranlib utility (use "touch" if you don't have ranlib) ! RANLIB= ranlib ! #RANLIB= touch # Destination directory for installation of binaries --- 49,56 ---- # Your ranlib utility (use "touch" if you don't have ranlib) ! # RANLIB= ranlib ! RANLIB= touch # Destination directory for installation of binaries diff -cr ../TIS.orig/fwtk/firewall.h fwtk/firewall.h *** ../TIS.orig/fwtk/firewall.h Sun Sep 8 05:55:26 1996 --- fwtk/firewall.h Sun Feb 2 05:23:33 1997 *************** *** 47,53 **** system. */ #ifndef PERMFILE ! #define PERMFILE "/usr/local/etc/netperm-table" #endif /* --- 47,53 ---- system. */ #ifndef PERMFILE ! #define PERMFILE "/etc/fwtk/netperm-table" #endif /* *************** *** 67,73 **** /* Choose a system logging facility for the firewall toolkit. */ #ifndef LFAC ! #define LFAC LOG_DAEMON #endif --- 67,73 ---- /* Choose a system logging facility for the firewall toolkit. */ #ifndef LFAC ! #define LFAC LOG_LOCAL5 #endif *************** *** 215,220 **** #define PERM_ALLOW 01 #define PERM_DENY 02 ! #define _INCL_FWALL_H #endif --- 215,222 ---- #define PERM_ALLOW 01 #define PERM_DENY 02 ! #ifdef USE_IP_FILTER ! extern char *getdsthost(int, int*); ! #endif #define _INCL_FWALL_H #endif diff -cr ../TIS.orig/fwtk/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c *** ../TIS.orig/fwtk/ftp-gw/ftp-gw.c Fri Sep 6 18:55:05 1996 --- fwtk/ftp-gw/ftp-gw.c Sat Feb 1 06:49:13 1997 *************** *** 50,55 **** --- 50,59 ---- #ifndef FTPPORT #define FTPPORT 21 #endif + #ifdef USE_IP_FILTER + static int do_transparent=0; + static int connectdest(); + #endif static Cfg *confp; static char **validests = (char **)0; *************** *** 170,175 **** --- 174,182 ---- char xuf[1024]; char huf[128]; char *passuser = (char *)0; /* passed user as av */ + #ifdef USE_IP_FILTER + char *psychic, *hotline; + #endif #ifndef LOG_DAEMON openlog("ftp-gw",LOG_PID); *************** *** 313,320 **** } } else timeout = 60*60; - /* display a welcome file or message */ if(passuser == (char *)0) { if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { --- 320,330 ---- } } else timeout = 60*60; + #ifdef USE_IP_FILTER + psychic=getdsthost(0,NULL); + if(psychic) { do_transparent++; } + #endif /* display a welcome file or message */ if(passuser == (char *)0) { if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { *************** *** 322,327 **** --- 332,345 ---- syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); exit(1); } + #ifdef USE_IP_FILTER + if(do_transparent) { + if(sayfile2(0,cf->argv[0],220)) { + syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); + exit(1); + } + } else + #endif /* USE_IP_FILTER */ if(sayfile(0,cf->argv[0],220)) { syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]); exit(1); *************** *** 332,338 **** if(authallflg) if(say(0,"220-Proxy first requires authentication")) exit(1); ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); if(say(0,xuf)) exit(1); } --- 350,361 ---- if(authallflg) if(say(0,"220-Proxy first requires authentication")) exit(1); ! #ifdef USE_IP_FILTER ! if(do_transparent) ! sprintf(xuf,"220-%s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); ! else ! #endif ! sprintf(xuf,"220 %s FTP proxy (Version %s) ready.",huf,FWTK_VERSION_MINOR); if(say(0,xuf)) exit(1); } *************** *** 352,358 **** if(cmd_user(2,fakav,"user internal")) exit(1); } ! /* main loop */ while(1) { FD_ZERO(&rdy); --- 375,386 ---- if(cmd_user(2,fakav,"user internal")) exit(1); } ! #ifdef USE_IP_FILTER ! if(do_transparent) { ! connectdest(psychic,21); ! } ! #endif ! /* main loop */ while(1) { FD_ZERO(&rdy); *************** *** 676,681 **** --- 704,719 ---- return(sayn(0,noad,sizeof(noad)-1)); } + #ifdef USE_IP_FILTER + if(do_transparent) { + if((rfd==(-1)) && (x=connectdest(dest,port))) return x; + sprintf(buf,"USER %s",user); + if(say(rfd,buf)) return(1); + x=getresp(rfd,buf,sizeof(buf),1); + if(sendsaved(0,x)) return(1); + return(say(0,buf)); + } + #endif if(*dest == '\0') dest = "localhost"; *************** *** 717,723 **** char ebuf[512]; strcpy(ebuf,buf); ! sprintf(buf,"521 %s: %s",dest,ebuf); rfd = -1; return(say(0,buf)); } --- 755,766 ---- char ebuf[512]; strcpy(ebuf,buf); ! #ifdef USE_IP_FILTER ! if(do_transparent) { ! sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf); ! } else ! #endif ! sprintf(buf,"521 %s: %s",dest,ebuf); rfd = -1; return(say(0,buf)); } *************** *** 1874,1876 **** --- 1917,2036 ---- dup(nread); } #endif + + #ifdef USE_IP_FILTER + static int connectdest(dest, port) + char *dest; + short port; + { + char buf[1024], mbuf[512]; + int msg_int, x; + + if(*dest == '\0') + dest = "localhost"; + + if(validests != (char **)0) { + char **xp; + int x; + + for(xp = validests; *xp != (char *)0; xp++) { + if(**xp == '!' && hostmatch(*xp + 1,dest)) { + return(baddest(0,dest)); + } else { + if(hostmatch(*xp,dest)) + break; + } + } + if(*xp == (char *)0) + return(baddest(0,dest)); + } + + /* Extended permissions processing goes in here for destination */ + if(extendperm) { + msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0); + if(msg_int == 1) { + sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest); + syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser); + say(0,mbuf); + return(1); + } else { + if(msg_int == -1) { + sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest); + say(0,mbuf); + return(1); + } + } + } + + syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest); + + if((rfd = conn_server(dest,port,0,buf)) < 0) { + char ebuf[512]; + + strcpy(ebuf,buf); + sprintf(buf,"521 %s: %s",dest,ebuf); + rfd = -1; + return(say(0,buf)); + } + if(!do_transparent) { + sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest); + saveline(buf); + } + + /* we are now connected and need to try the autologin thing */ + x = getresp(rfd,buf,sizeof(buf),1); + if(x / 100 != COMPLETE) { + sendsaved(0,-1); + return(say(0,buf)); + } + saveline(buf); + + sendsaved(0,-1); + return 0; + } + + + /* ok, so i'm in a hurry. english paper due RSN. */ + sayfile2(fd,fn,code) + int fd; + char *fn; + int code; + { + FILE *f; + char buf[BUFSIZ]; + char yuf[BUFSIZ]; + char *c; + int x; + int saidsomething = 0; + + if((f = fopen(fn,"r")) == (FILE *)0) + return(1); + while(fgets(buf,sizeof(buf),f) != (char *)0) { + if((c = index(buf,'\n')) != (char *)0) + *c = '\0'; + x = fgetc(f); + if(feof(f)) + sprintf(yuf,"%3.3d-%s",code,buf); + else { + sprintf(yuf,"%3.3d-%s",code,buf); + ungetc(x,f); + } + if(say(fd,yuf)) { + fclose(f); + return(1); + } + saidsomething++; + } + fclose(f); + if (!saidsomething) { + syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code); + sprintf(yuf, "%3.3d The file to display is empty",code); + if(say(fd,yuf)) { + fclose(f); + return(1); + } + } + return(0); + } + + #endif /* USE_IP_FILTER */ diff -cr ../TIS.orig/fwtk/http-gw/http-gw.c fwtk/http-gw/http-gw.c *** ../TIS.orig/fwtk/http-gw/http-gw.c Mon Sep 9 20:40:53 1996 --- fwtk/http-gw/http-gw.c Sun Feb 2 06:41:18 1997 *************** *** 27,32 **** --- 27,35 ---- static char http_buffer[8192]; static char reason[8192]; static int checkBrowserType = 1; + #ifdef USE_IP_FILTER + static int do_transparent=0; + #endif static void do_logging() { char *proto = "GOPHER"; *************** *** 422,427 **** --- 425,441 ---- /*(NOT A SPECIAL FORM)*/ if((rem_type & TYPE_LOCAL)== 0){ + #ifdef USE_IP_FILTER + char *psychic=getdsthost(sockfd,&def_port); + if(psychic) { + if(strlen(psychic)<=MAXHOSTNAMELEN) { + do_transparent++; + strncpy(def_httpd,psychic,strlen(psychic)); + strncpy(def_server,psychic,strlen(psychic)); + } + } + + #endif /* USE_IP_FILTER */ /* See if it can be forwarded */ if( can_forward(buf)){ *************** *** 1513,1518 **** --- 1527,1537 ---- parse_vec[0], parse_vec[1], ourname, ourport); + } + #ifdef USE_IP_FILTER + else if(do_transparent) { + sprintf(new_reply,"%s\t%s\t%s\t%s",parse_vec[0],parse_vec[1],parse_vec[2],parse_vec[3]); + #endif /* USE_IP_FILTER */ }else{ sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u", parse_vec[0], parse_vec[2], diff -cr ../TIS.orig/fwtk/lib/hnam.c fwtk/lib/hnam.c *** ../TIS.orig/fwtk/lib/hnam.c Sat Nov 5 00:30:19 1994 --- fwtk/lib/hnam.c Sat Feb 1 08:17:46 1997 *************** *** 20,25 **** --- 20,37 ---- extern char *inet_ntoa(); + #if defined(USE_IP_FILTER) + #include + #ifndef LINUX + #include "ip_nat.h" + #endif + #if defined(SOLARIS) + #include + #include + #include + #include + #endif + #endif /* IP_FILTER */ #include "firewall.h" *************** *** 45,47 **** --- 57,158 ---- bcopy(hp->h_addr,&sin.sin_addr,hp->h_length); return(inet_ntoa(sin.sin_addr)); } + + + + #ifdef USE_IP_FILTER + char *getdsthost(fd, ptr) + int fd; + int *ptr; + { + struct sockaddr_in sin; + struct hostent *hp; + int sl=sizeof(struct sockaddr_in), err=0, local_h=0, i=0; + static char buf[255], hostbuf[255]; + #if defined(__FreeBSD__) || defined(SOLARIS) + struct sockaddr_in rsin; + struct natlookup natlookup; + int natfd; + #endif + + #ifdef linux + /* This should also work for UDP. Unfortunately, it doesn't. + Maybe when the Linux UDP proxy code gets a little cleaner. + */ + if(!(err=getsockname(0,&sin,&sl))) { + if(ptr) *ptr=ntohs(sin.sin_port); + sprintf(buf,"%s",inet_ntoa(sin.sin_addr)); + gethostname(hostbuf,254); + hp=gethostbyname(hostbuf); + while(hp->h_addr_list[i]) { + bzero(&sin,&sl); + memcpy(&sin.sin_addr,hp->h_addr_list[i++],sizeof(hp->h_addr_list[i++])); + if(!strcmp(buf,inet_ntoa(sin.sin_addr))) local_h++; + } + if(local_h) { /* syslog(LLEV,"DEBUG: hnam.c: non-transparent."); */ return(NULL); } + else { return(buf); } + } + #endif + + #if defined(__FreeBSD__) + /* The basis for this block of code is Darren Reed's + patches to the TIS ftwk's ftp-gw. + */ + bzero((char*)&sin,sizeof(sin)); + bzero((char*)&rsin,sizeof(rsin)); + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { + return NULL; + } + sl=sizeof(rsin); + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { + return NULL; + } + natlookup.nl_inport=sin.sin_port; + natlookup.nl_outport=rsin.sin_port; + natlookup.nl_inip=sin.sin_addr; + natlookup.nl_outip=rsin.sin_addr; + if((natfd=open("/dev/ipl",O_RDONLY))<0) { + return(NULL); + } + if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { + return(NULL); + } + close(natfd); + if(ptr) *ptr=ntohs(natlookup.nl_inport); + sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); + #endif + + #if defined(SOLARIS) /* for Solaris */ + /* The basis for this block of code is Darren Reed's + * patches to the TIS ftwk's ftp-gw. + * modified for Solaris from Michael Kutzner, Michael.Kutzner@paderlinx.de + */ + memset((char*)&sin, 0, sizeof(sin)); + memset((char*)&rsin, 0, sizeof(rsin)); + + if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) { + return NULL; + } + sl=sizeof(rsin); + if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) { + return NULL; + } + natlookup.nl_inport=sin.sin_port; + natlookup.nl_outport=rsin.sin_port; + natlookup.nl_inip=sin.sin_addr; + natlookup.nl_outip=rsin.sin_addr; + if( (natfd=open("/dev/ipl",O_RDONLY)) < 0) { + return(NULL); + } + if(ioctl(natfd, SIOCGNATL, &natlookup) == -1) { + return(NULL); + } + close(natfd); + if(ptr) *ptr=ntohs(natlookup.nl_inport); + sprintf(buf,"%s",inet_ntoa(natlookup.nl_inip)); + #endif + + /* No transparent proxy support */ + return(NULL); + } + #endif /* USE_IP_FILTER */ diff -cr ../TIS.orig/fwtk/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c *** ../TIS.orig/fwtk/plug-gw/plug-gw.c Thu Sep 5 21:36:33 1996 --- fwtk/plug-gw/plug-gw.c Sun Feb 2 04:50:40 1997 *************** *** 38,44 **** static int timeout = PROXY_TIMEOUT; static char **validdests = (char **)0; static Cfg *confp; ! main(ac,av) int ac; char *av[]; --- 38,46 ---- static int timeout = PROXY_TIMEOUT; static char **validdests = (char **)0; static Cfg *confp; ! #ifdef USE_IP_FILTER ! static int do_transparent=0; ! #endif main(ac,av) int ac; char *av[]; *************** *** 189,201 **** static char buf[1024 * 4]; void (*op)(); char *dhost = NULL; char hostport[1024 * 4]; char *ptr; int state = 0; int ssl_plug = 0; ! struct timeval timo; if(c->flags & PERM_DENY) { if (p == -1) syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); --- 191,215 ---- static char buf[1024 * 4]; void (*op)(); char *dhost = NULL; + char *transhost = NULL; char hostport[1024 * 4]; char *ptr; int state = 0; int ssl_plug = 0; ! #ifdef USE_IP_FILTER ! int pport; ! #endif struct timeval timo; + #ifdef USE_IP_FILTER + /* Transparent plug-gw is probably a bad idea, but hey .. */ + transhost=getdsthost(0,&pport); + if(transhost) { + do_transparent++; + portid=pport; + } + #endif + if(c->flags & PERM_DENY) { if (p == -1) syslog(LLEV,"deny host=%s/%s port=any",rhost,raddr); *************** *** 223,229 **** privport = 1; continue; } ! if (!strcmp(av[x], "-port")) { if (++x >= ac) { syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); --- 237,248 ---- privport = 1; continue; } ! #ifdef USE_IP_FILTER ! if (!strcmp(av[x],"-all-destinations")) { ! dhost = transhost; ! continue; ! } ! #endif if (!strcmp(av[x], "-port")) { if (++x >= ac) { syslog(LLEV,"fwtkcfgerr: -port takes an argument, line %d",c->ln); diff -cr ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c *** ../TIS.orig/fwtk/rlogin-gw/rlogin-gw.c Fri Sep 6 18:56:33 1996 --- fwtk/rlogin-gw/rlogin-gw.c Sun Feb 2 06:26:04 1997 *************** *** 40,46 **** extern char *maphostname(); ! static int cmd_quit(); static int cmd_help(); static int cmd_connect(); --- 40,48 ---- extern char *maphostname(); ! #ifdef USE_IP_FILTER ! static int do_transparent=0; ! #endif static int cmd_quit(); static int cmd_help(); static int cmd_connect(); *************** *** 120,125 **** --- 122,130 ---- static char *tokav[56]; int tokac; struct timeval timo; + #ifdef USE_IP_FILTER + char *psychic; + #endif #ifndef LOG_NDELAY openlog("rlogin-gw",LOG_PID); *************** *** 186,192 **** } ! if((cf = cfg_get("directory",confp)) != (Cfg *)0) { if(cf->argc != 1) { syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); --- 191,204 ---- } ! #ifdef USE_IP_FILTER ! psychic=getdsthost(0,NULL); ! if(psychic) { ! do_transparent++; ! strncpy(dest,psychic,511); ! dest[511]='\0'; ! } ! #endif /* USE_IP_FILTER */ if((cf = cfg_get("directory",confp)) != (Cfg *)0) { if(cf->argc != 1) { syslog(LLEV,"fwtkcfgerr: chroot must have one parameter, line %d",cf->ln); *************** *** 260,269 **** } /* if present a host name, chop and save username and hostname */ - dest[0] = '\0'; if((p = index(rusername,'@')) != (char *)0) { char *namp; *p++ = '\0'; if(*p == '\0') p = "localhost"; --- 272,281 ---- } /* if present a host name, chop and save username and hostname */ if((p = index(rusername,'@')) != (char *)0) { char *namp; + dest[0] = '\0'; *p++ = '\0'; if(*p == '\0') p = "localhost"; *************** *** 532,539 **** --- 544,557 ---- sprintf(ebuf,"Trying %s@%s...",rusername,namp); else sprintf(ebuf,"Trying %s...",namp); + #ifdef USE_IP_FILTER + if(!do_transparent) { + #endif if(say(0,ebuf)) return(1); + #ifdef USE_IP_FILTER + } + #endif } else syslog(LLEV,"permit host=%s/%s connect to %s",rhost,raddr,av[1]); if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) { diff -cr ../TIS.orig/fwtk/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c *** ../TIS.orig/fwtk/tn-gw/tn-gw.c Fri Sep 6 18:55:48 1996 --- fwtk/tn-gw/tn-gw.c Sun Feb 2 06:06:33 1997 *************** *** 97,102 **** --- 97,106 ---- static int timeout = PROXY_TIMEOUT; static char timed_out_msg[] = "\r\nConnection closed due to inactivity"; + #ifdef USE_IP_FILTER + static int do_transparent=0; + #endif + typedef struct { char *name; char *hmsg; *************** *** 140,145 **** --- 144,153 ---- char tokbuf[BSIZ]; char *tokav[56]; int tokac; + #ifdef USE_IP_FILTER + int port; + char *psychic; + #endif #ifndef LOG_DAEMON openlog("tn-gw",LOG_PID); *************** *** 307,313 **** exit(1); } } ! while (argc > 1) { argc--; argv++; --- 315,349 ---- exit(1); } } ! #ifdef USE_IP_FILTER ! psychic=getdsthost(0,&port); ! if(psychic) { ! if((strlen(psychic) + 10) < 510) { ! do_transparent++; ! if(port) ! sprintf(dest,"%s:%d",psychic,port); ! else ! sprintf(dest,"%s",psychic); ! ! ! if(!welcomedone) ! if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) { ! if(cf->argc != 1) { ! syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln); ! exit(1); ! } ! if(sayfile(0,cf->argv[0])) { ! syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]); ! exit(1); ! } ! welcomedone = 1; ! } ! ! ! } ! } ! ! #endif /* USE_IP_FILTER */ while (argc > 1) { argc--; argv++; *************** *** 870,877 **** syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); sprintf(ebuf,"Trying %s port %d...",namp,port); ! if(say(0,ebuf)) ! return(1); } else syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); --- 906,920 ---- syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,namp); sprintf(ebuf,"Trying %s port %d...",namp,port); ! #ifdef USE_IP_FILTER ! if(!do_transparent) { ! sprintf(ebuf,"Trying %s port %d...",namp,port); ! #endif ! if(say(0,ebuf)) ! return(1); ! #ifdef USE_IP_FILTER ! } ! #endif } else syslog(LLEV,"permit host=%s/%s destination=%s",rladdr,riaddr,av[1]); *************** *** 903,910 **** syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); strncpy(dest,av[1], 511); ! sprintf(buf, "Connected to %s.", dest); say(0, buf); return(2); } --- 946,959 ---- syslog(LLEV,"connected host=%s/%s destination=%s",rladdr,riaddr,av[1]); strncpy(dest,av[1], 511); ! #ifdef USE_IP_FILTER ! if(!do_transparent) { ! sprintf(buf, "Connected to %s.", dest); ! say(0, buf); ! } ! #else say(0, buf); + #endif return(2); } diff -cr ../TIS.orig/fwtk/x-gw/socket.c fwtk/x-gw/socket.c *** ../TIS.orig/fwtk/x-gw/socket.c Sat Sep 7 05:16:35 1996 --- fwtk/x-gw/socket.c Sun Feb 2 05:26:44 1997 *************** *** 212,218 **** case AF_UNIX: un_name = (struct sockaddr_un *)addr; len = sizeof(un_name->sun_family) + sizeof(un_name->sun_path) ! #ifdef SCM_RIGHTS /* 4.3BSD Reno and later */ + sizeof(un_name->sun_len) + 1 #endif ; --- 212,218 ---- case AF_UNIX: un_name = (struct sockaddr_un *)addr; len = sizeof(un_name->sun_family) + sizeof(un_name->sun_path) ! #if defined(SCM_RIGHTS) && !defined(LINUX)/* 4.3BSD Reno and later */ + sizeof(un_name->sun_len) + 1 #endif ; Only in fwtk/x-gw: socket.c.bak