From: Sascha Wildner Date: Sat, 25 Nov 2017 21:01:12 +0000 (+0100) Subject: Remove faith(4) and faithd(8) from the tree. X-Git-Tag: v5.3.0~778 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/06937ef9d452a6b99c1a2f00934d239534c8545d Remove faith(4) and faithd(8) from the tree. FreeBSD did that 3 years ago (r274331). Quoting from their commit msg: -----8<----- It looks like industry have chosen different (and more traditional) stateless/stateful NAT64 as translation mechanism. Last non-trivial commits to both faith(4) and faithd(8) happened more than 12 years ago, so I assume it is time to drop RFC3142 in FreeBSD. ----->8----- Some more info here: https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040224.html Discussed-with: sephe --- diff --git a/Makefile_upgrade.inc b/Makefile_upgrade.inc index 6be443d5ef..bf078ef219 100644 --- a/Makefile_upgrade.inc +++ b/Makefile_upgrade.inc @@ -3353,6 +3353,11 @@ TO_REMOVE+=/usr/include/cpu/coredump.h TO_REMOVE+=/usr/include/machine/coredump.h TO_REMOVE+=/usr/share/man/man9/lockcount.9.gz TO_REMOVE+=/usr/share/man/man9/lockcountnb.9.gz +TO_REMOVE+=/boot/kernel/if_faith.ko +TO_REMOVE+=/usr/sbin/faithd +TO_REMOVE+=/usr/share/man/man4/faith.4.gz +TO_REMOVE+=/usr/share/man/man4/if_faith.4.gz +TO_REMOVE+=/usr/share/man/man8/faithd.8.gz .if !defined(WANT_INSTALLER) TO_REMOVE+=/usr/sbin/dfuibe_installer diff --git a/UPDATING b/UPDATING index 17b4c1947b..00456d7f36 100644 --- a/UPDATING +++ b/UPDATING @@ -26,15 +26,17 @@ BOOTSTRAPPING LIMITED FROM PRE 4.4 Upgrading to 5.1 and later versions now require at least 4.4 in preparations for upcoming base compilers updates. +IF_PPP, PPPD, IF_FAITH, AND FAITHD REMOVED +------------------------------------------ -IF_PPP AND PPPD REMOVED ------------------------ - -It has been replaced by "user ppp", i.e. ppp(8) and tun(4). It had +if_ppp has been replaced by "user ppp", i.e. ppp(8) and tun(4). It had already been removed from our default kernel configuration before 5.0, so only people with custom configurations based on earlier X86_64_GENERIC will have to remove it manually. +The faith(4) interface has been completely removed after it had also +been removed from our default kernel configuration. + +-----------------------------------------------------------------------+ + UPGRADING DRAGONFLY FROM 4.8 TO LATER VERSIONS + +-----------------------------------------------------------------------+ diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index df2ae2eb86..be165fbe70 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -273,9 +273,6 @@ stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. # If you like, you can set "AUTO" for this. stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 -ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH - # IPv6-to-IPv4 TCP translator. You also need - # faithd(8) setup. ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall # functionality ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall diff --git a/etc/network.subr b/etc/network.subr index ba2d5f8c7a..c03a79d0de 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -520,7 +520,7 @@ network6_interface_setup() if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] then case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) + lo0|gif[0-9]*|stf[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) ;; *) rtsol_interfaces="${rtsol_interfaces} ${i}" @@ -628,35 +628,6 @@ network6_static_routes_setup() esac } -# Setup faith -network6_faith_setup() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - sysctl net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - ;; - esac -} - # Install the "default interface" to kernel, which will be used # as the default route when there's no router. network6_default_interface_setup() @@ -666,7 +637,7 @@ network6_default_interface_setup() '') for i in ${ipv6_network_interfaces}; do case $i in - lo0|faith[0-9]*) + lo0) continue ;; esac diff --git a/etc/rc.d/network_ipv6 b/etc/rc.d/network_ipv6 index b4e776503f..42a25180c5 100644 --- a/etc/rc.d/network_ipv6 +++ b/etc/rc.d/network_ipv6 @@ -107,9 +107,6 @@ network_ipv6_start() # Setup static routes network6_static_routes_setup - - # Setup faith - network6_faith_setup } load_rc_config $name diff --git a/etc/rc.d/rtadvd b/etc/rc.d/rtadvd index eb29ade12a..d330b89daa 100644 --- a/etc/rc.d/rtadvd +++ b/etc/rc.d/rtadvd @@ -2,7 +2,6 @@ # # $NetBSD: rtadvd,v 1.5 2002/03/22 04:34:00 thorpej Exp $ # $FreeBSD: src/etc/rc.d/rtadvd,v 1.5 2003/01/24 00:37:52 mtm Exp $ -# $DragonFly: src/etc/rc.d/rtadvd,v 1.4 2005/11/19 21:47:32 swildner Exp $ # # PROVIDE: rtadvd @@ -45,7 +44,7 @@ rtadvd_precmd() '') for i in `ifconfig -l` ; do case $i in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) + lo0|gif[0-9]*|stf[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) continue ;; *) diff --git a/lib/libc/net/getaddrinfo.c b/lib/libc/net/getaddrinfo.c index f64c360eab..8f6be31efb 100644 --- a/lib/libc/net/getaddrinfo.c +++ b/lib/libc/net/getaddrinfo.c @@ -31,8 +31,6 @@ */ /* - * "#ifdef FAITH" part is local hack for supporting IPv4-v6 translator. - * * Issues to be discussed: * - Return values. There are nonstandard return values defined and used * in the source code. This is because RFC2553 is silent about which error @@ -49,9 +47,6 @@ * (1) what should we do against numeric hostname (2) what should we do * against NULL hostname (3) what is AI_ADDRCONFIG itself. AF not ready? * non-loopback address configured? global address configured? - * - * OS specific notes for freebsd4: - * - FreeBSD supported $GAI. The code does not. */ #include "namespace.h" @@ -96,10 +91,6 @@ #include "nscache.h" #endif -#if defined(__KAME__) && defined(INET6) -# define FAITH -#endif - #define SUCCESS 0 #define ANY 0 #define YES 1 @@ -1247,47 +1238,6 @@ get_ai(const struct addrinfo *pai, const struct afd *afd, const char *addr) { char *p; struct addrinfo *ai; -#ifdef FAITH - struct in6_addr faith_prefix; - char *fp_str; - int translate = 0; -#endif - -#ifdef FAITH - /* - * Transfrom an IPv4 addr into a special IPv6 addr format for - * IPv6->IPv4 translation gateway. (only TCP is supported now) - * - * +-----------------------------------+------------+ - * | faith prefix part (12 bytes) | embedded | - * | | IPv4 addr part (4 bytes) - * +-----------------------------------+------------+ - * - * faith prefix part is specified as ascii IPv6 addr format - * in environmental variable GAI. - * For FAITH to work correctly, routing to faith prefix must be - * setup toward a machine where a FAITH daemon operates. - * Also, the machine must enable some mechanizm - * (e.g. faith interface hack) to divert those packet with - * faith prefixed destination addr to user-land FAITH daemon. - */ - fp_str = getenv("GAI"); - if (fp_str && inet_pton(AF_INET6, fp_str, &faith_prefix) == 1 && - afd->a_af == AF_INET && pai->ai_socktype == SOCK_STREAM) { - u_int32_t v4a; - u_int8_t v4a_top; - - memcpy(&v4a, addr, sizeof v4a); - v4a_top = v4a >> IN_CLASSA_NSHIFT; - if (!IN_MULTICAST(v4a) && !IN_EXPERIMENTAL(v4a) && - v4a_top != 0 && v4a != IN_LOOPBACKNET) { - afd = &afdl[N_INET6]; - memcpy(&faith_prefix.s6_addr[12], addr, - sizeof(struct in_addr)); - translate = 1; - } - } -#endif ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + (afd->a_socklen)); @@ -1301,11 +1251,6 @@ get_ai(const struct addrinfo *pai, const struct afd *afd, const char *addr) ai->ai_addrlen = afd->a_socklen; ai->ai_addr->sa_family = ai->ai_family = afd->a_af; p = (char *)(void *)(ai->ai_addr); -#ifdef FAITH - if (translate == 1) - memcpy(p + afd->a_off, &faith_prefix, (size_t)afd->a_addrlen); - else -#endif memcpy(p + afd->a_off, addr, (size_t)afd->a_addrlen); return ai; } diff --git a/lib/libc/net/getnameinfo.c b/lib/libc/net/getnameinfo.c index fb79944c9d..76a7b1f6ad 100644 --- a/lib/libc/net/getnameinfo.c +++ b/lib/libc/net/getnameinfo.c @@ -398,7 +398,6 @@ getnameinfo_link(const struct sockaddr *sa, socklen_t salen __unused, switch (sdl->sdl_type) { /* * The following have zero-length addresses. - * IFT_FAITH (net/faith/if_faith.c) * IFT_GIF (net/gif/if_gif.c) * IFT_LOOP (net/if_loop.c, net/disc/if_disc.c) * IFT_PPP (net/sppp/if_spppsubr.c) diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 79b698a8b9..59ab577641 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -92,7 +92,6 @@ MAN= aac.4 \ em.4 \ et.4 \ exca.4 \ - faith.4 \ fast_ipsec.4 \ fd.4 \ fdc.4 \ @@ -438,7 +437,6 @@ MLINKS+=em.4 emx.4 \ em.4 if_em.4 \ em.4 if_emx.4 MLINKS+=et.4 if_et.4 -MLINKS+=faith.4 if_faith.4 MLINKS+=fd.4 stderr.4 \ fd.4 stdin.4 \ fd.4 stdout.4 diff --git a/share/man/man4/faith.4 b/share/man/man4/faith.4 deleted file mode 100644 index 7c1ef186ed..0000000000 --- a/share/man/man4/faith.4 +++ /dev/null @@ -1,137 +0,0 @@ -.\" $KAME: faith.4,v 1.9 2001/04/27 17:26:35 itojun Exp $ -.\" -.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the project nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/share/man/man4/faith.4,v 1.6.2.4 2002/08/28 04:44:23 brooks Exp $ -.\" $DragonFly: src/share/man/man4/faith.4,v 1.4 2007/11/23 23:03:57 swildner Exp $ -.\" -.Dd April 10, 1999 -.Dt FAITH 4 -.Os -.Sh NAME -.Nm faith -.Nd IPv6-to-IPv4 TCP relay capturing interface -.Sh SYNOPSIS -.Cd "pseudo-device faith" Op Ar count -.Sh DESCRIPTION -The -.Nm -interface captures IPv6 TCP traffic, -for implementing userland IPv6-to-IPv4 TCP relay -like -.Xr faithd 8 . -.Pp -Each -.Nm -interface is created at runtime using interface cloning. -This is -most easily done with the -.Xr ifconfig 8 -.Cm create -command or using the -.Va cloned_interfaces -variable in -.Xr rc.conf 5 . -.Pp -Special action will be taken when IPv6 TCP traffic is seen on a router, -and routing table suggests to route it to -.Nm -interface. -In this case, the packet will be accepted by the router, -regardless of list of IPv6 interface addresses assigned to the router. -The packet will be captured by an IPv6 TCP socket, if it has -.Dv IN6P_FAITH -flag turned on and it has matching address/port pairs. -In result, -.Nm -will let you capture IPv6 TCP traffic to some specific destination addresses. -Userland programs, such as -.Xr faithd 8 -can use this behavior to relay IPv6 TCP traffic to IPv4 TCP traffic. -The program can accept some specific IPv6 TCP traffic, perform -.Xr getsockname 2 -to get the IPv6 destination address specified by the client, -and perform application-specific address mapping to relay IPv6 TCP to IPv4 TCP. -.Pp -The -.Dv IN6P_FAITH -flag on IPv6 TCP socket can be set by using -.Xr setsockopt 2 , -with level equals to -.Dv IPPROTO_IPV6 -and optname equals to -.Dv IPV6_FAITH . -.Pp -To handle error reports by ICMPv6, some of ICMPv6 packets routed to -.Nm -interface will be delivered to IPv6 TCP, as well. -.Pp -To understand how -.Nm -can be used, take a look at source code of -.Xr faithd 8 . -.Pp -As -.Nm -interface implements potentially dangerous operation, -great care must be taken when configuring -.Nm -interface. -To avoid possible misuse, -.Xr sysctl 8 -variable -.Va net.inet6.ip6.keepfaith -must be set to -.Li 1 -prior to the use of the interface. -When -.Va net.inet6.ip6.keepfaith -is -.Li 0 , -no packet will be captured by -.Nm -interface. -.Pp -.Nm -interface is intended to be used on routers, not on hosts. -.\" -.Sh SEE ALSO -.Xr inet 4 , -.Xr inet6 4 , -.Xr faithd 8 -.Rs -.%A Jun-ichiro itojun Hagino -.%A Kazu Yamamoto -.%T "An IPv6-to-IPv4 transport relay translator" -.%R internet draft -.%N draft-ietf-ngtrans-tcpudp-relay-04.txt -.%O work in progress material -.Re -.Sh HISTORY -The FAITH IPv6-to-IPv4 TCP relay translator was first appeared in -WIDE hydrangea IPv6 stack. diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4 index 2c64a7f017..e2e9a9731e 100644 --- a/share/man/man4/inet6.4 +++ b/share/man/man4/inet6.4 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 22, 2015 +.Dd November 25, 2017 .Dt INET6 4 .Os .Sh NAME @@ -314,17 +314,6 @@ The node must be a host (not a router) for the option to be meaningful. Defaults to off. -.It Dv IPV6CTL_KEEPFAITH -.Pq ip6.keepfaith -Boolean: enable/disable -.Dq FAITH -TCP relay IPv6-to-IPv4 translator code in the kernel. -Refer -.Xr faith 4 -and -.Xr faithd 8 -for detail. -Defaults to off. .It Dv IPV6CTL_LOG_INTERVAL .Pq ip6.log_interval Integer: default interval between diff --git a/share/man/man4/ip6.4 b/share/man/man4/ip6.4 index 850cb5c389..f02639279e 100644 --- a/share/man/man4/ip6.4 +++ b/share/man/man4/ip6.4 @@ -28,7 +28,8 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.Dd December 22, 2014 +.\" +.Dd November 25, 2017 .Dt IP6 4 .Os .Sh NAME @@ -379,10 +380,6 @@ With .Dx , the socket option cannot be set to 0 (which will result in returning .Er EOPNOTSUPP ) . -.It Dv IPV6_FAITH Fa "int *" -Get or set the status of whether -.Xr faith 4 -connections can be made to this socket. .It Dv IPV6_USE_MIN_MTU Fa "int *" Get or set whether the minimal IPv6 maximum transmission unit (MTU) size will be used to avoid fragmentation from occurring for subsequent diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index dd5f6de946..0a33f6bd8a 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD: src/share/man/man5/rc.conf.5,v 1.197 2003/07/28 13:56:00 mbr Exp $ .\" -.Dd September 29, 2017 +.Dd November 25, 2017 .Dt RC.CONF 5 .Os .Sh NAME @@ -1691,14 +1691,6 @@ This can be set to .Pq Vt str IPv6 Site Level Aggregator for .Xr stf 4 . -.It Va ipv6_faith_prefix -.Pq Vt str -If not set to -.Dq Li NO , -this is the faith prefix to enable a FAITH IPv6-to-IPv4 TCP translator. -You also need -.Xr faithd 8 -setup. .It Va keybell .Pq Vt str The keyboard bell sound. diff --git a/sys/boot/dloader/loader-bootp.conf b/sys/boot/dloader/loader-bootp.conf index a22d94223c..2cc7bd4c3f 100644 --- a/sys/boot/dloader/loader-bootp.conf +++ b/sys/boot/dloader/loader-bootp.conf @@ -142,7 +142,6 @@ linux_load="NO" # Linux emulation if_disc_load="NO" # Discard device if_ef_load="NO" # pseudo-device providing support for multiple ethernet frame types -if_faith_load="NO" # IPv6-to-IPv4 TCP relay capturing interface if_gif_load="NO" # generic tunnel interface if_gre_load="NO" # encapsulating network device if_sl_load="NO" # SLIP diff --git a/sys/boot/dloader/loader.conf b/sys/boot/dloader/loader.conf index 08ce18daec..ee7cba2d9b 100644 --- a/sys/boot/dloader/loader.conf +++ b/sys/boot/dloader/loader.conf @@ -150,7 +150,6 @@ linux_load="NO" # Linux emulation if_disc_load="NO" # Discard device if_ef_load="NO" # pseudo-device providing support for multiple ethernet frame types -if_faith_load="NO" # IPv6-to-IPv4 TCP relay capturing interface if_gif_load="NO" # generic tunnel interface if_gre_load="NO" # encapsulating network device if_sl_load="NO" # SLIP diff --git a/sys/conf/files b/sys/conf/files index ce2a35fdf1..ff534e8f3b 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1525,7 +1525,6 @@ net/if_clone.c standard net/if_poll.c optional ifpoll_enable net/disc/if_disc.c optional disc net/if_ethersubr.c optional ether -net/faith/if_faith.c optional faith net/gif/if_gif.c optional gif net/gre/if_gre.c optional gre inet net/lagg/ieee8023ad_lacp.c optional lagg diff --git a/sys/config/LINT64 b/sys/config/LINT64 index 93f26604de..12a023ea0f 100644 --- a/sys/config/LINT64 +++ b/sys/config/LINT64 @@ -319,8 +319,6 @@ device mn # Munich32x/Falc54 Nx64kbit/sec cards. # IPv6 over IPv6 tunneling. # The `gre' device implements two types of IP4 over IP4 tunneling: # GRE and MOBILE, as specified in the RFC1701 and RFC2004. -# The `faith' pseudo-device captures packets sent to it and diverts them -# to the IPv4/IPv6 translation daemon. # The `stf' device implements 6to4 encapsulation. # The `ef' pseudo-device provides support for multiple ethernet frame types # specified via ETHER_* options. See ef(4) for details. @@ -339,7 +337,6 @@ pseudo-device gre #IP over IP tunneling # for IPv6 pseudo-device gif #IPv6 and IPv4 tunneling -pseudo-device faith 1 #for IPv6 and IPv4 translation pseudo-device stf #6to4 IPv6 over IPv4 encapsulation # diff --git a/sys/net/Makefile b/sys/net/Makefile index 8862bbf01b..dcca136e38 100644 --- a/sys/net/Makefile +++ b/sys/net/Makefile @@ -1,4 +1,4 @@ -SUBDIR=accf_data accf_http disc faith gif gre sl stf tap tun \ +SUBDIR=accf_data accf_http disc gif gre sl stf tap tun \ vlan zlib bridge lagg libalias dummynet ipfw \ dummynet3 ipfw3 ipfw3_basic ipfw3_nat ipfw3_layer2 ipfw3_layer4 \ ip6fw ip_mroute sppp pf diff --git a/sys/net/faith/Makefile b/sys/net/faith/Makefile deleted file mode 100644 index 800e2323ab..0000000000 --- a/sys/net/faith/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# $FreeBSD: src/sys/modules/if_faith/Makefile,v 1.1.2.1 2001/12/15 01:07:54 brooks Exp $ -# $DragonFly: src/sys/net/faith/Makefile,v 1.4 2006/10/25 20:56:02 dillon Exp $ - -.PATH: ${.CURDIR}/../../net - -KMOD= if_faith -SRCS= if_faith.c opt_inet.h opt_inet6.h bus_if.h device_if.h -KCFLAGS+= -DNFAITH=0 - -.if !defined(BUILDING_WITH_KERNEL) -opt_inet.h: - echo "#define INET 1" > ${.TARGET} - -opt_inet6.h: - echo "#define INET6 1" > ${.TARGET} -.endif - -.include diff --git a/sys/net/faith/if_faith.c b/sys/net/faith/if_faith.c deleted file mode 100644 index 6a9656078e..0000000000 --- a/sys/net/faith/if_faith.c +++ /dev/null @@ -1,361 +0,0 @@ -/* $KAME: if_faith.c,v 1.23 2001/12/17 13:55:29 sumikawa Exp $ */ - -/* - * Copyright (c) 1982, 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/sys/net/if_faith.c,v 1.3.2.6 2002/04/28 05:40:25 suz Exp $ - */ -/* - * derived from - * @(#)if_loop.c 8.1 (Berkeley) 6/10/93 - * Id: if_loop.c,v 1.22 1996/06/19 16:24:10 wollman Exp - */ - -/* - * Loopback interface driver for protocol testing and timing. - */ -#ifndef NFAITH -#include "use_faith.h" -#endif -#include "opt_inet.h" -#include "opt_inet6.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifdef INET -#include -#include -#include -#include -#endif - -#ifdef INET6 -#ifndef INET -#include -#endif -#include -#include -#include -#endif - -#include - -#define FAITHNAME "faith" - -struct faith_softc { - struct ifnet sc_if; /* must be first */ - LIST_ENTRY(faith_softc) sc_list; -}; - -static int faithioctl (struct ifnet *, u_long, caddr_t, struct ucred *); -int faithoutput (struct ifnet *, struct mbuf *, struct sockaddr *, - struct rtentry *); -static void faithrtrequest (int, struct rtentry *); -#ifdef INET6 -static int faithprefix (struct in6_addr *); -#endif - -static int faithmodevent (module_t, int, void *); - -static MALLOC_DEFINE(M_FAITH, FAITHNAME, "Firewall Assisted Tunnel Interface"); -LIST_HEAD(, faith_softc) faith_softc_list; - -int faith_clone_create (struct if_clone *, int, caddr_t); -int faith_clone_destroy (struct ifnet *); - -struct if_clone faith_cloner = IF_CLONE_INITIALIZER(FAITHNAME, - faith_clone_create, faith_clone_destroy, NFAITH, IF_MAXUNIT); - -#define FAITHMTU 1500 - -static int -faithmodevent(module_t mod, int type, void *data) -{ - - switch (type) { - case MOD_LOAD: - LIST_INIT(&faith_softc_list); - if_clone_attach(&faith_cloner); - -#ifdef INET6 - faithprefix_p = faithprefix; -#endif - - break; - case MOD_UNLOAD: -#ifdef INET6 - faithprefix_p = NULL; -#endif - - if_clone_detach(&faith_cloner); - - while (!LIST_EMPTY(&faith_softc_list)) - faith_clone_destroy( - &LIST_FIRST(&faith_softc_list)->sc_if); - - break; - } - return 0; -} - -static moduledata_t faith_mod = { - "if_faith", - faithmodevent, - 0 -}; - -DECLARE_MODULE(if_faith, faith_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); -MODULE_VERSION(if_faith, 1); - -int -faith_clone_create(struct if_clone *ifc, int unit, caddr_t param __unused) -{ - struct faith_softc *sc; - - sc = kmalloc(sizeof(struct faith_softc), M_FAITH, M_WAITOK | M_ZERO); - - sc->sc_if.if_softc = sc; - if_initname(&(sc->sc_if), FAITHNAME, unit); - - sc->sc_if.if_mtu = FAITHMTU; - /* Change to BROADCAST experimentaly to announce its prefix. */ - sc->sc_if.if_flags = /* IFF_LOOPBACK */ IFF_BROADCAST | IFF_MULTICAST; - sc->sc_if.if_ioctl = faithioctl; - sc->sc_if.if_output = faithoutput; - sc->sc_if.if_type = IFT_FAITH; - sc->sc_if.if_hdrlen = 0; - sc->sc_if.if_addrlen = 0; - ifq_set_maxlen(&sc->sc_if.if_snd, ifqmaxlen); - if_attach(&sc->sc_if, NULL); - bpfattach(&sc->sc_if, DLT_NULL, sizeof(u_int)); - LIST_INSERT_HEAD(&faith_softc_list, sc, sc_list); - return (0); -} - -int -faith_clone_destroy(struct ifnet *ifp) -{ - struct faith_softc *sc = (struct faith_softc *) ifp; - - LIST_REMOVE(sc, sc_list); - bpfdetach(ifp); - if_detach(ifp); - - kfree(sc, M_FAITH); - - return 0; -} - -int -faithoutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, - struct rtentry *rt) -{ - int isr; - - if ((m->m_flags & M_PKTHDR) == 0) - panic("faithoutput no HDR"); - - /* BPF write needs to be handled specially */ - if (dst->sa_family == AF_UNSPEC) { - dst->sa_family = *(mtod(m, int *)); - m->m_len -= sizeof(int); - m->m_pkthdr.len -= sizeof(int); - m->m_data += sizeof(int); - } - - if (ifp->if_bpf != NULL) { - bpf_gettoken(); - if (ifp->if_bpf != NULL) { - /* - * We need to prepend the address family as - * a four byte field. - */ - uint32_t af = dst->sa_family; - - bpf_ptap(ifp->if_bpf, m, &af, sizeof(af)); - } - bpf_reltoken(); - } - - if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) { - m_freem(m); - return (rt->rt_flags & RTF_BLACKHOLE ? 0 : - rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); - } - IFNET_STAT_INC(ifp, opackets, 1); - IFNET_STAT_INC(ifp, obytes, m->m_pkthdr.len); - switch (dst->sa_family) { -#ifdef INET - case AF_INET: - isr = NETISR_IP; - break; -#endif -#ifdef INET6 - case AF_INET6: - isr = NETISR_IPV6; - break; -#endif - default: - m_freem(m); - return EAFNOSUPPORT; - } - - /* XXX do we need more sanity checks? */ - - m->m_pkthdr.rcvif = ifp; - m->m_flags &= ~M_HASH; - IFNET_STAT_INC(ifp, ipackets, 1); - IFNET_STAT_INC(ifp, ibytes, m->m_pkthdr.len); - netisr_queue(isr, m); - return (0); -} - -/* ARGSUSED */ -static void -faithrtrequest(int cmd, struct rtentry *rt) -{ - if (rt) { - rt->rt_rmx.rmx_mtu = rt->rt_ifp->if_mtu; /* for ISO */ - /* - * For optimal performance, the send and receive buffers - * should be at least twice the MTU plus a little more for - * overhead. - */ - rt->rt_rmx.rmx_recvpipe = - rt->rt_rmx.rmx_sendpipe = 3 * FAITHMTU; - } -} - -/* - * Process an ioctl request. - */ -/* ARGSUSED */ -static int -faithioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) -{ - struct ifaddr *ifa; - struct ifreq *ifr = (struct ifreq *)data; - int error = 0; - - switch (cmd) { - - case SIOCSIFADDR: - ifp->if_flags |= IFF_UP | IFF_RUNNING; - ifa = (struct ifaddr *)data; - ifa->ifa_rtrequest = faithrtrequest; - /* - * Everything else is done at a higher level. - */ - break; - - case SIOCADDMULTI: - case SIOCDELMULTI: - if (ifr == NULL) { - error = EAFNOSUPPORT; /* XXX */ - break; - } - switch (ifr->ifr_addr.sa_family) { -#ifdef INET - case AF_INET: - break; -#endif -#ifdef INET6 - case AF_INET6: - break; -#endif - - default: - error = EAFNOSUPPORT; - break; - } - break; - -#ifdef SIOCSIFMTU - case SIOCSIFMTU: - ifp->if_mtu = ifr->ifr_mtu; - break; -#endif - - case SIOCSIFFLAGS: - break; - - default: - error = EINVAL; - } - return (error); -} - -#ifdef INET6 -/* - * XXX could be slow - * XXX could be layer violation to call sys/net from sys/netinet6 - */ -static int -faithprefix(struct in6_addr *in6) -{ - struct rtentry *rt; - struct sockaddr_in6 sin6; - int ret; - - if (ip6_keepfaith == 0) - return 0; - - bzero(&sin6, sizeof sin6); - sin6.sin6_family = AF_INET6; - sin6.sin6_len = sizeof(struct sockaddr_in6); - sin6.sin6_addr = *in6; - rt = rtpurelookup((struct sockaddr *)&sin6); - if (rt != NULL && rt->rt_ifp && rt->rt_ifp->if_type == IFT_FAITH && - (rt->rt_ifp->if_flags & IFF_UP)) - ret = 1; - else - ret = 0; - if (rt != NULL) - RTFREE(rt); - return ret; -} -#endif diff --git a/sys/net/faith/if_faith.h b/sys/net/faith/if_faith.h deleted file mode 100644 index f8f1f79b8e..0000000000 --- a/sys/net/faith/if_faith.h +++ /dev/null @@ -1,44 +0,0 @@ -/* $FreeBSD: src/sys/net/if_faith.h,v 1.1.2.2 2001/07/05 14:46:25 ume Exp $ */ -/* $DragonFly: src/sys/net/faith/if_faith.h,v 1.3 2003/08/26 20:49:47 rob Exp $ */ -/* $KAME: if_faith.h,v 1.1 2000/07/26 05:49:21 itojun Exp $ */ - -/* - * Copyright (C) 2000 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _NET_IF_FAITH_H_ -#define _NET_IF_FAITH_H_ - -#ifdef _KERNEL -#ifdef INET6 -struct in6_addr; -int faithprefix (struct in6_addr *); -#endif -#endif - -#endif /* _NET_IF_FAITH_H_ */ diff --git a/sys/net/if_types.h b/sys/net/if_types.h index ebaa01bdd5..c7fdd7d853 100644 --- a/sys/net/if_types.h +++ b/sys/net/if_types.h @@ -28,7 +28,6 @@ * * @(#)if_types.h 8.3 (Berkeley) 4/28/95 * $FreeBSD: src/sys/net/if_types.h,v 1.8.2.4 2002/12/23 23:02:21 kbyanc Exp $ - * $DragonFly: src/sys/net/if_types.h,v 1.6 2007/08/16 20:03:57 dillon Exp $ * $NetBSD: if_types.h,v 1.16 2000/04/19 06:30:53 itojun Exp $ */ @@ -244,7 +243,6 @@ /* not based on IANA assignments */ #define IFT_GIF 0xf0 #define IFT_PVC 0xf1 -#define IFT_FAITH 0xf2 #define IFT_STF 0xf3 #define IFT_ENC 0xf4 #define IFT_PFLOG 0xf5 /* Packet filter logging */ diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 68108429c2..dc5479c190 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -348,7 +348,6 @@ struct sockaddr_in { #define IP_RECVIF 20 /* bool; receive reception if w/dgram */ /* for IPSEC */ #define IP_IPSEC_POLICY 21 /* int; set/get security policy */ -#define IP_FAITH 22 /* bool; accept FAITH'ed connections */ #define IP_FW_TBL_CREATE 40 /* create ipfw table */ #define IP_FW_TBL_DESTROY 41 /* destroy ipfw table */ @@ -496,7 +495,6 @@ struct ip_mreq { #define IPCTL_STATS 12 /* ipstat structure */ #define IPCTL_ACCEPTSOURCEROUTE 13 /* may accept source routed packets */ #define IPCTL_FASTFORWARDING 14 /* use fast IP forwarding code */ -#define IPCTL_KEEPFAITH 15 /* FAITH IPv4->IPv6 translater ctl */ #define IPCTL_GIF_TTL 16 /* default TTL for gif encap packet */ #define IPCTL_MAXID 17 diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 7f1ab7cb16..17a5543e6d 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1554,8 +1554,7 @@ in_pcblookup_pkthash(struct inpcbinfo *pcbinfo, struct in_addr faddr, * Check local group first */ if (pcbinfo->localgrphashbase != NULL && - m != NULL && (m->m_flags & M_HASH) && - !(ifp && ifp->if_type == IFT_FAITH)) { + m != NULL && (m->m_flags & M_HASH)) { inp = inp_localgroup_lookup(pcbinfo, laddr, lport, m->m_pkthdr.hash); if (inp != NULL) { @@ -1597,9 +1596,6 @@ in_pcblookup_pkthash(struct inpcbinfo *pcbinfo, struct in_addr faddr, continue; } if (inp->inp_lport == lport) { - if (ifp && ifp->if_type == IFT_FAITH && - !(inp->inp_flags & INP_FAITH)) - continue; if (inp->inp_laddr.s_addr == laddr.s_addr) { if (cred != NULL && jailed(cred)) { jinp = inp; diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 4a7c9abc48..83d522eeff 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -333,7 +333,6 @@ struct inpcbinfo { /* XXX documentation, prefixes */ #define INP_ANONPORT 0x40 /* port chosen for user */ #define INP_RECVIF 0x80 /* receive incoming interface */ #define INP_MTUDISC 0x100 /* user can do MTU discovery */ -#define INP_FAITH 0x200 /* accept FAITH'ed connections */ #define INP_WILDCARD 0x400 /* wildcard match */ #define INP_FLAG_PROTO2 0x800 /* protocol specific */ #define INP_CONNECTED 0x1000 /* exact match */ @@ -375,7 +374,6 @@ struct inpcbinfo { /* XXX documentation, prefixes */ #define IN6P_ANONPORT INP_ANONPORT #define IN6P_RECVIF INP_RECVIF #define IN6P_MTUDISC INP_MTUDISC -#define IN6P_FAITH INP_FAITH #define IN6P_CONTROLOPTS INP_CONTROLOPTS /* * socket AF version is {newer than,or include} diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 539b87e2a9..9d7920d5c7 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -647,19 +647,6 @@ icmp_input(struct mbuf **mp, int *offp, int proto) } icp = (struct icmp *)((caddr_t)ip + hlen); - if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { - /* - * Deliver very specific ICMP type only. - */ - switch (icp->icmp_type) { - case ICMP_UNREACH: - case ICMP_TIMXCEED: - break; - default: - goto freeit; - } - } - #ifdef ICMPPRINTFS if (icmpprintfs) kprintf("icmp_input, type %d code %d\n", icp->icmp_type, diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index f1d1b281ff..adc17c6cb0 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -155,11 +155,6 @@ SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, CTLFLAG_RW, &ip_acceptsourceroute, 0, "Enable accepting source routed IP packets"); -static int ip_keepfaith = 0; -SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, - &ip_keepfaith, 0, - "Enable packet capture for FAITH IPv4->IPv6 translator daemon"); - static int maxnipq; SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, &maxnipq, 0, @@ -827,18 +822,6 @@ pass: if (ip->ip_dst.s_addr == INADDR_ANY) goto ours; - /* - * FAITH(Firewall Aided Internet Translator) - */ - if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { - if (ip_keepfaith) { - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) - goto ours; - } - m_freem(m); - return; - } - /* * Not for us; forward if possible and desirable. */ diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index d90bb3ed8b..c97538d52e 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1426,7 +1426,6 @@ ip_ctloutput(netmsg_t msg) case IP_RECVDSTADDR: case IP_RECVIF: case IP_RECVTTL: - case IP_FAITH: error = soopt_to_kbuf(sopt, &optval, sizeof optval, sizeof optval); if (error) @@ -1470,10 +1469,6 @@ ip_ctloutput(netmsg_t msg) case IP_RECVTTL: OPTSET(INP_RECVTTL); break; - - case IP_FAITH: - OPTSET(INP_FAITH); - break; } break; #undef OPTSET @@ -1565,7 +1560,6 @@ ip_ctloutput(netmsg_t msg) case IP_RECVTTL: case IP_RECVIF: case IP_PORTRANGE: - case IP_FAITH: switch (sopt->sopt_name) { case IP_TOS: @@ -1609,10 +1603,6 @@ ip_ctloutput(netmsg_t msg) else optval = 0; break; - - case IP_FAITH: - optval = OPTBIT(INP_FAITH); - break; } soopt_from_kbuf(sopt, &optval, sizeof optval); break; diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 66688564ac..4b2eb0b0aa 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -452,22 +452,6 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) goto freeit; } - if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) { - /* - * Deliver very specific ICMP6 type only. - * This is important to deilver TOOBIG. Otherwise PMTUD - * will not work. - */ - switch (icmp6->icmp6_type) { - case ICMP6_DST_UNREACH: - case ICMP6_PACKET_TOO_BIG: - case ICMP6_TIME_EXCEEDED: - break; - default: - goto freeit; - } - } - icmp6stat.icp6s_inhist[icmp6->icmp6_type]++; icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_msg); if (icmp6->icmp6_type < ICMP6_INFOMSG_MASK) diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index f1a5858a6b..08c1f163f9 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -141,8 +141,6 @@ static int in6_control_internal(u_long, caddr_t, struct ifnet *, struct in6_multihead in6_multihead; /* XXX BSS initialization */ -int (*faithprefix_p)(struct in6_addr *); - /* * Subroutine for in6_ifaddloop() and in6_ifremloop(). * This routine does actual work. @@ -2433,15 +2431,8 @@ in6if_do_dad(struct ifnet *ifp) switch (ifp->if_type) { #ifdef IFT_DUMMY case IFT_DUMMY: -#endif - case IFT_FAITH: - /* - * These interfaces do not have the IFF_LOOPBACK flag, - * but loop packets back. We do not have to do DAD on such - * interfaces. We should even omit it, because loop-backed - * NS would confuse the DAD procedure. - */ return (0); +#endif default: /* * Our DAD routine requires the interface up and running. diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 6079d649ae..546d67f68c 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -429,7 +429,6 @@ struct route_in6 { #if 1 /* IPSEC */ #define IPV6_IPSEC_POLICY 28 /* struct; get/set security policy */ #endif -#define IPV6_FAITH 29 /* bool; accept FAITH'ed connections */ #if 1 /* IPV6FIREWALL */ #define IPV6_FW_ADD 30 /* add a firewall rule to chain */ @@ -557,7 +556,6 @@ struct ip6_mtuinfo { #define IPV6CTL_SOURCECHECK 10 /* verify source route and intf */ #define IPV6CTL_SOURCECHECK_LOGINT 11 /* minimume logging interval */ #define IPV6CTL_ACCEPT_RTADV 12 -#define IPV6CTL_KEEPFAITH 13 #define IPV6CTL_LOG_INTERVAL 14 #define IPV6CTL_HDRNESTLIMIT 15 #define IPV6CTL_DAD_COUNT 16 @@ -621,8 +619,6 @@ void addrsel_policy_init (void); #define satosin6(sa) ((struct sockaddr_in6 *)(sa)) #define sin6tosa(sin6) ((struct sockaddr *)(sin6)) #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) - -extern int (*faithprefix_p)(struct in6_addr *); #endif /* _KERNEL */ #include /* for __BEGIN_DECLS and __END_DECLS */ diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 3c2bac54cc..4a3d317edf 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -835,12 +835,6 @@ in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, struct inpcb *inp; struct inpcb *jinp = NULL; u_short fport = fport_arg, lport = lport_arg; - int faith; - - if (faithprefix_p != NULL) - faith = (*faithprefix_p)(laddr); - else - faith = 0; /* * First look for an exact match. @@ -916,8 +910,6 @@ in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, } if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && inp->inp_lport == lport) { - if (faith && (inp->inp_flags & INP_FAITH) == 0) - continue; if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr)) { if (cred != NULL && jailed(cred)) { diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 4365e9f9d4..f9bf11013e 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -436,7 +436,6 @@ int ip6_rr_prune = 5; /* router renumbering prefix * walk list every 5 sec. */ u_int32_t ip6_id = 0UL; -int ip6_keepfaith = 0; time_t ip6_log_time = (time_t)0L; /* icmp6 */ @@ -536,9 +535,6 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, "Maximum packets in reassembly queue"); SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, "Acts as a host not a router"); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, - keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, - "Enable packet capture for FAITH IPv4->IPv6 translator daemon"); SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, hdrnestlimit, CTLFLAG_RW, diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 3a814d6563..95a3fd0fb6 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -540,19 +540,6 @@ ip6_input(netmsg_t msg) } } - /* - * FAITH (Firewall Aided Internet Translator) - */ - if (ip6_keepfaith) { - if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp - && ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) { - /* XXX do we need more sanity checks? */ - ours = 1; - deliverifp = ip6_forward_rt.ro_rt->rt_ifp; /* faith */ - goto hbhcheck; - } - } - /* * Now there is no reason to process the packet if it's not our own * and we're not a router. @@ -567,8 +554,7 @@ hbhcheck: /* * record address information into m_aux, if we don't have one yet. * note that we are unable to record it, if the address is not listed - * as our interface address (e.g. multicast addresses, addresses - * within FAITH prefixes and such). + * as our interface address (e.g. multicast addresses and such). */ if (deliverifp && !ip6_getdstifaddr(m)) { struct in6_ifaddr *ia6; diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 6c487daf94..83e725e73f 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1439,7 +1439,6 @@ ip6_ctloutput(struct socket *so, struct sockopt *sopt) case IPV6_HOPLIMIT: /* FALLTHROUGH */ case IPV6_UNICAST_HOPS: - case IPV6_FAITH: case IPV6_V6ONLY: if (optlen != sizeof(int)) { @@ -1574,10 +1573,6 @@ do { \ OPTSET(IN6P_AUTOFLOWLABEL); break; - case IPV6_FAITH: - OPTSET(IN6P_FAITH); - break; - case IPV6_V6ONLY: /* * make setsockopt(IPV6_V6ONLY) @@ -1837,7 +1832,6 @@ do { \ case IPV6_RECVPATHMTU: case IPV6_RECVTCLASS: case IPV6_AUTOFLOWLABEL: - case IPV6_FAITH: case IPV6_V6ONLY: case IPV6_PORTRANGE: switch (optname) { @@ -1883,10 +1877,6 @@ do { \ optval = in6p->in6p_hops; break; - case IPV6_FAITH: - optval = OPTBIT(IN6P_FAITH); - break; - case IPV6_V6ONLY: optval = 1; break; diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 8825cc5d06..5136b69abd 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,5 +1,4 @@ /* $FreeBSD: src/sys/netinet6/ip6_var.h,v 1.2.2.4 2003/01/23 21:06:47 sam Exp $ */ -/* $DragonFly: src/sys/netinet6/ip6_var.h,v 1.13 2008/09/04 09:08:22 hasso Exp $ */ /* $KAME: ip6_var.h,v 1.62 2001/05/03 14:51:48 itojun Exp $ */ /* @@ -310,7 +309,6 @@ extern int ip6_maxfrags; /* Maximum fragments in reassembly queue */ extern int ip6_sourcecheck; /* Verify source interface */ extern int ip6_sourcecheck_interval; /* Interval between log messages */ extern int ip6_accept_rtadv; /* Acts as a host not a router */ -extern int ip6_keepfaith; /* Firewall Aided Internet Translator */ extern int ip6_log_interval; extern time_t ip6_log_time; extern int ip6_hdrnestlimit; /* upper limit of # of extension headers */ diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index fdfee292c0..c890589abb 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -141,12 +141,6 @@ rip6_input(struct mbuf **mp, int *offp, int proto) rip6stat.rip6s_ipackets++; - if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) { - /* XXX send icmp6 host/port unreach? */ - m_freem(m); - return IPPROTO_DONE; - } - init_sin6(&rip6src, m); /* general init */ LIST_FOREACH(in6p, &ripcbinfo.pcblisthead, inp_list) { diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 2d495c7174..229b8d534c 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -159,12 +159,6 @@ udp6_input(struct mbuf **mp, int *offp, int proto) ip6 = mtod(m, struct ip6_hdr *); - if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) { - /* XXX send icmp6 host/port unreach? */ - m_freem(m); - return IPPROTO_DONE; - } - udp_stat.udps_ipackets++; plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6); diff --git a/sys/sys/param.h b/sys/sys/param.h index cdaa429b1e..6c5320f618 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -164,9 +164,10 @@ * 500100 - 5.1 development * 500101 - kernel ppp removal * 500102 - inclusions removed from some public headers + * 500103 - faith removal */ #undef __DragonFly_version -#define __DragonFly_version 500102 /* propagated to newvers */ +#define __DragonFly_version 500103 /* propagated to newvers */ #include diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile index 46e136d6bc..3c8e8d7263 100644 --- a/usr.sbin/Makefile +++ b/usr.sbin/Makefile @@ -34,7 +34,6 @@ SUBDIR= 802_11 \ edquota \ efisetup \ efivar \ - faithd \ fdcontrol \ fdformat \ fdwrite \ diff --git a/usr.sbin/faithd/Makefile b/usr.sbin/faithd/Makefile deleted file mode 100644 index a5a120e48b..0000000000 --- a/usr.sbin/faithd/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (c) 1996 WIDE Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modifications, are permitted provided that the above copyright notice -# and this paragraph are duplicated in all such forms and that any -# documentation, advertising materials, and other materials related to -# such distribution and use acknowledge that the software was developed -# by the WIDE Project, Japan. The name of the Project may not be used to -# endorse or promote products derived from this software without -# specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' -# AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT -# LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE. -# $FreeBSD: src/usr.sbin/faithd/Makefile,v 1.1.2.4 2001/07/03 11:02:04 ume Exp $ -# $DragonFly: src/usr.sbin/faithd/Makefile,v 1.3 2008/10/29 18:18:04 swildner Exp $ - -PROG= faithd -SRCS= faithd.c tcp.c ftp.c rsh.c prefix.c -MAN= faithd.8 -#CFLAGS+= -DFAITH4 -WARNS?= 2 -NO_STRICT_ALIASING= - -.include diff --git a/usr.sbin/faithd/README b/usr.sbin/faithd/README deleted file mode 100644 index 1f14885f84..0000000000 --- a/usr.sbin/faithd/README +++ /dev/null @@ -1,150 +0,0 @@ -Configuring FAITH IPv6-to-IPv4 TCP relay - -Kazu Yamamoto and Jun-ichiro itojun Hagino -$KAME: README,v 1.8 2001/09/05 03:04:20 itojun Exp $ -$FreeBSD: src/usr.sbin/faithd/README,v 1.2.2.3 2002/04/28 05:40:28 suz Exp $ -$DragonFly: src/usr.sbin/faithd/README,v 1.2 2003/06/17 04:29:53 dillon Exp $ - -Introduction -============ - -FAITH is a IPv6-to-IPv4 TCP relay. It performs tcp relay just as some of -firewall-oriented gateway does, but between IPv6 and IPv4 with address -translation. -TCP connections has to be made from IPv6 node to IPv4 node. FAITH will -not relay connections for the opposite direction. -To perform relays, FAITH daemon needs to be executed on a router between -your local IPv6 site and outside IPv4 network. The daemon needs to be -invoked per each TCP services (TCP port number). - - IPv4 node "dest" = 123.4.5.6 - | - [[[[ outside IPv4 ocean ]]]] - | - node that runs FAITH-daemon (usually a router) - | - ==+=====+===+==== IPv6, or IPv4/v6 network in your site ^ - | | | connection - clients IPv6 node "src" | - -You will have to allocate an IPv6 address prefix to map IPv4 addresses into. -The following description uses 3ffe:0501:ffff:0000:: as example. -Please use a prefix which belongs to your site. -FAITH will make it possible to make a IPv6 TCP connection From IPv6 node -"src", toward IPv4 node "dest", by specifying FAITH-mapped address -3ffe:0501:ffff:0000::123.4.5.6 -(which is, 3ffe:0501:ffff:0000:0000:0000:7b04:0506). -The address mapping can be performed by hand:-), by special nameserver on -the network, or by special resolver on the source node. - - -Setup -===== - -The following example assumes: -- You have assigned 3ffe:0501:ffff:0000:: as FAITH adderss prefix. -- You are willing to provide IPv6-to IPv4 TCP relay for telnet. - -<> - -(1) If you have IPv6 TCP server for the "telnet" service, i.e. telnetd via - inet6d, disable that daemon. Comment out the line from "inet6d.conf" - and send the HUP signal to "inet6d". - -(2) Execute sysctl as root to enable FAITH support in the kernel. - - # sysctl -w net.inet6.ip6.keepfaith=1 - -(3) Route packets toward FAITH prefix into "faith0" interface. - - # ifconfig faith0 up - # route add -inet6 3ffe:0501:ffff:0000:: -prefixlen 64 ::1 - # route change -inet6 3ffe:0501:ffff:0000:: -prefixlen 64 -ifp faith0 - -(4) Execute "faithd" by root as follows: - - # faithd telnet /usr/libexec/telnetd telnetd - - 1st argument is a service name you are willing to provide TCP relay. - (it can be specified either by number "23" or by string "telnet") - 2nd argument is a path name for local IPv6 TCP server. If there is a - connection toward the router itself, this program will be invoked. - 3rd and the following arguments are arguments for the local IPv6 TCP - server. (3rd argument is typically the program name without its path.) - - More examples: - - # faithd login /usr/libexec/rlogin rlogind - # faithd shell /usr/libexec/rshd rshd - # faithd ftpd /usr/libexec/ftpd ftpd -l - # faithd sshd - -If inetd(8) on your platform have special support for faithd, it is possible -to setup faithd services via inetd(8). Consult manpage for details. - - -<> - -(4) Make sure that packets whose destinations match the prefix can -reach from the IPv6 host to the translating router. - -<> - -There are two ways to translate IPv4 address to IPv6 address: - (a) Faked by DNS - (b) Faked by /etc/hosts. - -(5.a) Install "newbie" and set up FAITH mode. See kit/ports/newbie. - -(5.b) Add an entry into /etc/hosts so that you can resolve hostname into -faked IPv6 addrss. For example, add the following line for www.netbsd.org: - - 3ffe:0501:ffff:0000::140.160.140.252 www.netbsd.org - -<> - -(6) To see if "faithd" works, watch "/var/log/daemon". Note: please -setup "/etc/syslog.conf" so that LOG_DAEMON messages are to be stored -in "/var/log/daemon". - - - daemon.* /var/log/daemon - - -Access control -============== - -Since faithd implements TCP relaying service, it is critical to implement -proper access control to cope with malicious use. Bad guy may try to -use your relay router to circumvent access controls, or may try to -abuse your network (like sending SPAMs from IPv4 address that belong to you). -Install IPv6 packet filter directives that would reject traffic from -unwanted source. If you are using inetd-based setup, you may be able to -use access control mechanisms in inetd. - - -Advanced configuration -====================== - -If you would like to restrict IPv4 destination for translation, you may -want to do the following: - - # route add -inet6 3ffe:0501:ffff:0000::123.0.0.0 -prefixlen 104 ::1 - # route change -inet6 3ffe:0501:ffff:0000::123.0.0.0 -prefixlen 104 \ - -ifp faith0 - -By this way, you can restrict IPv4 destination to 123.0.0.0/8. -You may also want to reject packets toward 3ffe:0501:ffff:0000::/64 which -is not in 3ffe:0501:ffff:0000::123.0.0.0/104. This will be left as excerside -for the reader. - -By doing this, you will be able to provide your IPv4 web server to outside -IPv6 customers, without risks of unwanted open relays. - - [[[[ IPv6 network outside ]]]] | - | | connection - node that runs FAITH-daemon (usually a router) v - | - ========+======== IPv4/v6 network in your site - | (123.0.0.0/8) - IPv4 web server diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8 deleted file mode 100644 index 7b05d636ae..0000000000 --- a/usr.sbin/faithd/faithd.8 +++ /dev/null @@ -1,428 +0,0 @@ -.\" $KAME: faithd.8,v 1.33 2001/09/05 03:04:20 itojun Exp $ -.\" -.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the project nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/usr.sbin/faithd/faithd.8,v 1.2.2.12 2003/03/12 22:08:14 trhodes Exp $ -.\" -.Dd May 17, 1998 -.Dt FAITHD 8 -.Os -.Sh NAME -.Nm faithd -.Nd FAITH IPv6/v4 translator daemon -.Sh SYNOPSIS -.Nm -.Op Fl dp -.Op Fl f Ar configfile -.Ar service -.Op Ar serverpath Op Ar serverargs -.Sh DESCRIPTION -The -.Nm -utility provides IPv6-to-IPv4 TCP relay. It -must be used on an IPv4/v6 dual stack router. -.Pp -When -.Nm -receives -.Tn TCPv6 -traffic, -.Nm -will relay the -.Tn TCPv6 -traffic to -.Tn TCPv4 . -Destination for relayed -.Tn TCPv4 -connection will be determined by the last 4 octets of the original -.Tn IPv6 -destination. -For example, if -.Li 2001:db8:4819:ffff:: -is reserved for -.Nm , -and the -.Tn TCPv6 -destination address is -.Li 2001:db8:4819:ffff::a01:101 , -the traffic will be relayed to IPv4 destination -.Li 10.1.1.1 . -.Pp -To use -.Nm -translation service, -an IPv6 address prefix must be reserved for mapping IPv4 addresses into. -Kernel must be properly configured to route all the TCP connection -toward the reserved IPv6 address prefix into the -.Xr faith 4 -pseudo interface, by using -.Xr route 8 -command. -Also, -.Xr sysctl 8 -should be used to configure -.Va net.inet6.ip6.keepfaith -to -.Dv 1 . -.Pp -The router must be configured to capture all the TCP traffic -toward reserved -.Tn IPv6 -address prefix, by using -.Xr route 8 -and -.Xr sysctl 8 -commands. -.Pp -The -.Nm -utility needs a special name-to-address translation logic, so that -hostnames gets resolved into special -.Tn IPv6 -address prefix. -For small-scale installation, use -.Xr hosts 5 . -For large-scale installation, it is useful to have -a DNS server with special address translation support. -An implementation called -.Nm totd -is available -at -.Pa http://www.vermicelli.pasta.cs.uit.no/software/totd.html -Make sure you do not propagate translated DNS records to normal DNS cloud, -it is highly harmful. -.Ss Daemon mode -When -.Nm -is invoked as a standalone program, -.Nm -will daemonize itself. -The -.Nm -utility will listen to -.Tn TCPv6 -port -.Ar service . -If -.Tn TCPv6 -traffic to port -.Ar service -is found, it relays the connection. -.Pp -Since -.Nm -listens to TCP port -.Ar service , -it is not possible to run local TCP daemons for port -.Ar service -on the router, using -.Xr inetd 8 -or other standard mechanisms. -By specifying -.Ar serverpath -to -.Nm , -you can run local daemons on the router. -The -.Nm -utility will invoke local daemon at -.Ar serverpath -if the destination address is local interface address, -and will perform translation to IPv4 TCP in other cases. -You can also specify -.Ar serverargs -for the arguments for the local daemon. -.Pp -The following options are available: -.Bl -tag -width indent -.It Fl d -Debugging information will be generated using -.Xr syslog 3 . -.It Fl f Ar configfile -Specify a configuration file for access control. -See below. -.It Fl p -Use privileged TCP port number as source port, -for IPv4 TCP connection toward final destination. -For relaying -.Xr ftp 1 -and -.Xr rlogin 1 , -this flag is not necessary as special program code is supplied. -.El -.Pp -The -.Nm -utility will relay both normal and out-of-band TCP data. -It is capable of emulating TCP half close as well. -The -.Nm -utility includes special support for protocols used by -.Xr ftp 1 -and -.Xr rlogin 1 . -When translating FTP protocol, -.Nm -translates network level addresses in -.Li PORT/LPRT/EPRT -and -.Li PASV/LPSV/EPSV -commands. -For RLOGIN protocol, -.Nm -will relay back connection from -.Xr rlogind 8 -on the server to -.Xr rlogin 1 -on client. -.Pp -Inactive sessions will be disconnected in 30 minutes, -to avoid stale sessions from chewing up resources. -This may be inappropriate for some of the services -(should this be configurable?). -.Ss inetd mode -When -.Nm -is invoked via -.Xr inetd 8 , -.Nm -will handle connection passed from standard input. -If the connection endpoint is in the reserved IPv6 address prefix, -.Nm -will relay the connection. -Otherwise, -.Nm -will invoke service-specific daemon like -.Xr telnetd 8 , -by using the command argument passed from -.Xr inetd 8 . -.Pp -The -.Nm -utility determines operation mode by the local TCP port number, -and enables special protocol handling whenever necessary/possible. -For example, if -.Nm -is invoked via -.Xr inetd 8 -on FTP port, it will operate as a FTP relay. -.Pp -The operation mode requires special support for -.Nm -in -.Xr inetd 8 . -.Ss Access control -To prevent malicious accesses, -.Nm -implements a simple address-based access control. -With -.Pa /etc/faithd.conf -(or -.Ar configfile -specified by -.Fl f ) , -.Nm -will avoid relaying unwanted traffic. -The -.Pa faithd.conf -contains directives with the following format: -.Bl -bullet -.It -.Ar src Ns / Ns Ar slen Cm deny Ar dst Ns / Ns Ar dlen -.Pp -If the source address of a query matches -.Ar src Ns / Ns Ar slen , -and the translated destination address matches -.Ar dst Ns / Ns Ar dlen , -deny the connection. -.It -.Ar src Ns / Ns Ar slen Cm permit Ar dst Ns / Ns Ar dlen -.Pp -If the source address of a query matches -.Ar src Ns / Ns Ar slen , -and the translated destination address matches -.Ar dst Ns / Ns Ar dlen , -permit the connection. -.El -.Pp -The directives are evaluated in sequence, -and the first matching entry will be effective. -If there is no match -(if we reach the end of the ruleset) -the traffic will be denied. -.Pp -With inetd mode, -traffic may be filtered by using access control functionality in -.Xr inetd 8 . -.Sh EXIT STATUS -The -.Nm -utility exits with -.Dv EXIT_SUCCESS -.Pq 0 -on success, and -.Dv EXIT_FAILURE -.Pq 1 -on error. -.Sh EXAMPLES -Before invoking -.Nm , -.Xr faith 4 -interface has to be configured properly. -.Bd -literal -# sysctl net.inet6.ip6.accept_rtadv=0 -# sysctl net.inet6.ip6.forwarding=1 -# sysctl net.inet6.ip6.keepfaith=1 -# ifconfig faith0 up -# route add -inet6 2001:db8:4819:ffff:: -prefixlen 96 ::1 -# route change -inet6 2001:db8:4819:ffff:: -prefixlen 96 -ifp faith0 -.Ed -.Ss Daemon mode samples -To translate -.Li telnet -service, and provide no local telnet service, invoke -.Nm -as follows: -.Bd -literal -# faithd telnet -.Ed -.Pp -If you would like to provide local telnet service via -.Xr telnetd 8 -on -.Pa /usr/libexec/telnetd , -use the following command line: -.Bd -literal -# faithd telnet /usr/libexec/telnetd telnetd -.Ed -.Pp -If you would like to pass extra arguments to the local daemon: -.Bd -literal -# faithd ftp /usr/libexec/ftpd ftpd -l -.Ed -.Pp -Here are some other examples. -You may need -.Fl p -to translate rsh/rlogin services. -.Bd -literal -# faithd ssh -# faithd login /usr/libexec/rlogin rlogind -# faithd shell /usr/libexec/rshd rshd -.Ed -.Pp -However, you should be careful when translating rlogin or rsh -connections. -See -.Sx SECURITY CONSIDERATIONS -for more details. -.Ss inetd mode samples -Add the following lines into -.Xr inetd.conf 5 . -Syntax may vary depending upon your operating system. -.Bd -literal -telnet stream tcp6/faith nowait root /usr/sbin/faithd telnetd -ftp stream tcp6/faith nowait root /usr/sbin/faithd ftpd -l -ssh stream tcp6/faith nowait root /usr/sbin/faithd /usr/sbin/sshd -i -.Ed -.Pp -.Xr inetd 8 -will open listening sockets with enabling kernel TCP relay support. -Whenever connection comes in, -.Nm -will be invoked by -.Xr inetd 8 . -If it the connection endpoint is in the reserved IPv6 address prefix. -The -.Nm -utility will relay the connection. -Otherwise, -.Nm -will invoke service-specific daemon like -.Xr telnetd 8 . -.Ss Access control samples -The following illustrates a simple -.Pa faithd.conf -setting. -.Bd -literal -# permit anyone from 2001:db8:ffff::/48 to use the translator, -# to connect to the following IPv4 destinations: -# - any location except 10.0.0.0/8 and 127.0.0.0/8. -# Permit no other connections. -# -2001:db8:ffff::/48 deny 10.0.0.0/8 -2001:db8:ffff::/48 deny 127.0.0.0/8 -2001:db8:ffff::/48 permit 0.0.0.0/0 -.Ed -.Sh SEE ALSO -.Xr faith 4 , -.Xr route 8 , -.Xr sysctl 8 -.Rs -.%A Jun-ichiro itojun Hagino -.%A Kazu Yamamoto -.%T "An IPv6-to-IPv4 transport relay translator" -.%B RFC 3142 -.%O ftp://ftp.isi.edu/in-notes/rfc3142.txt -.%D June 2001 -.Re -.\" -.Sh HISTORY -The -.Nm -utility first appeared in WIDE Hydrangea IPv6 protocol stack kit. -.\" -.Pp -IPv6 and IPsec support based on the KAME Project -.Pa ( http://www.kame.net/ ) -stack was initially integrated into -.Fx 4.0 -.Sh SECURITY CONSIDERATIONS -It is very insecure to use -.Xr rhosts 5 -and other IP-address based authentication, for connections relayed by -.Nm -(and any other TCP relaying services). -.Pp -Administrators are advised to limit accesses to -.Nm -using -.Pa faithd.conf , -or by using IPv6 packet filters. -It is to protect -.Nm -service from malicious parties and avoid theft of service/bandwidth. -IPv6 destination address can be limited by -carefully configuring routing entries that points to -.Xr faith 4 , -using -.Xr route 8 . -IPv6 source address needs to be filtered by using packet filters. -Documents listed in -.Sx SEE ALSO -have more discussions on this topic. diff --git a/usr.sbin/faithd/faithd.c b/usr.sbin/faithd/faithd.c deleted file mode 100644 index 4f1d6c372f..0000000000 --- a/usr.sbin/faithd/faithd.c +++ /dev/null @@ -1,965 +0,0 @@ -/* $KAME: faithd.c,v 1.46 2002/01/24 16:40:42 sumikawa Exp $ */ - -/* - * Copyright (C) 1997 and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/usr.sbin/faithd/faithd.c,v 1.2.2.7 2002/04/28 08:01:39 ume Exp $ - */ - -/* - * User level translator from IPv6 to IPv4. - * - * Usage: faithd [ ...] - * e.g. faithd telnet /usr/libexec/telnetd telnetd - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef __DragonFly__ -#include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#ifdef IFT_FAITH -# define USE_ROUTE -# include -# include -# include -#endif - -#include -#include -#include -#include - -#ifdef FAITH4 -#include -#include -#ifndef FAITH_NS -#define FAITH_NS "FAITH_NS" -#endif -#endif - -#include "faithd.h" -#include "prefix.h" - -char *serverpath = NULL; -char *serverarg[MAXARGV + 1]; -static char *faithdname = NULL; -char logname[BUFSIZ]; -char procname[BUFSIZ]; -struct myaddrs { - struct myaddrs *next; - struct sockaddr *addr; -}; -struct myaddrs *myaddrs = NULL; -static const char *service; -#ifdef USE_ROUTE -static int sockfd = 0; -#endif -int dflag = 0; -static int pflag = 0; -static int inetd = 0; -static char *configfile = NULL; - -static int inetd_main(int, char **); -static int daemon_main(int, char **); -static void play_service(int); -static void play_child(int, struct sockaddr *); -static int faith_prefix(struct sockaddr *); -static int map6to4(struct sockaddr_in6 *, struct sockaddr_in *); -#ifdef FAITH4 -static int map4to6(struct sockaddr_in *, struct sockaddr_in6 *); -#endif -static void sig_child(int); -static void sig_terminate(int); -static void start_daemon(void); -static void exit_stderr(const char *, ...) - __attribute__((__format__(__printf__, 1, 2))); -static void grab_myaddrs(void); -static void free_myaddrs(void); -static void update_myaddrs(void); -static void usage(void); - -int -main(int argc, char **argv) -{ - - /* - * Initializing stuff - */ - - faithdname = strrchr(argv[0], '/'); - if (faithdname) - faithdname++; - else - faithdname = argv[0]; - - if (strcmp(faithdname, "faithd") != 0) { - inetd = 1; - return inetd_main(argc, argv); - } else - return daemon_main(argc, argv); -} - -static int -inetd_main(int argc, char **argv) -{ - char path[MAXPATHLEN]; - struct sockaddr_storage me; - struct sockaddr_storage from; - int melen, fromlen; - int i; - int error; - const int on = 1; - char sbuf[NI_MAXSERV], snum[NI_MAXSERV]; - - if (config_load(configfile) < 0 && configfile) { - exit_failure("could not load config file"); - /*NOTREACHED*/ - } - - if (strrchr(argv[0], '/') == NULL) - snprintf(path, sizeof(path), "%s/%s", DEFAULT_DIR, argv[0]); - else - snprintf(path, sizeof(path), "%s", argv[0]); - -#ifdef USE_ROUTE - grab_myaddrs(); - - sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); - if (sockfd < 0) { - exit_failure("socket(PF_ROUTE): %s", strerror(errno)); - /*NOTREACHED*/ - } -#endif - - melen = sizeof(me); - if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) { - exit_failure("getsockname: %s", strerror(errno)); - /*NOTREACHED*/ - } - fromlen = sizeof(from); - if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) { - exit_failure("getpeername: %s", strerror(errno)); - /*NOTREACHED*/ - } - if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, - sbuf, sizeof(sbuf), NI_NUMERICHOST) == 0) - service = sbuf; - else - service = DEFAULT_PORT_NAME; - if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, - snum, sizeof(snum), NI_NUMERICHOST) != 0) - snprintf(snum, sizeof(snum), "?"); - - snprintf(logname, sizeof(logname), "faithd %s", snum); - snprintf(procname, sizeof(procname), "accepting port %s", snum); - openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); - - if (argc >= MAXARGV) { - exit_failure("too many arguments"); - /*NOTREACHED*/ - } - serverarg[0] = serverpath = path; - for (i = 1; i < argc; i++) - serverarg[i] = argv[i]; - serverarg[i] = NULL; - - error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on, - sizeof(on)); - if (error < 0) { - exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno)); - /*NOTREACHED*/ - } - - play_child(STDIN_FILENO, (struct sockaddr *)&from); - exit_failure("should not reach here"); - return 0; /*dummy!*/ -} - -static int -daemon_main(int argc, char **argv) -{ - struct addrinfo hints, *res; - int s_wld, error, i, serverargc, on = 1; - int family = AF_INET6; - int c; -#ifdef FAITH_NS - char *ns; -#endif /* FAITH_NS */ - - while ((c = getopt(argc, argv, "df:p46")) != -1) { - switch (c) { - case 'd': - dflag++; - break; - case 'f': - configfile = optarg; - break; - case 'p': - pflag++; - break; -#ifdef FAITH4 - case '4': - family = AF_INET; - break; - case '6': - family = AF_INET6; - break; -#endif - default: - usage(); - /*NOTREACHED*/ - } - } - argc -= optind; - argv += optind; - - if (config_load(configfile) < 0 && configfile) { - exit_failure("could not load config file"); - /*NOTREACHED*/ - } - -#ifdef FAITH_NS - if ((ns = getenv(FAITH_NS)) != NULL) { - struct sockaddr_storage ss; - struct addrinfo hints, *res; - char serv[NI_MAXSERV]; - - memset(&ss, 0, sizeof(ss)); - memset(&hints, 0, sizeof(hints)); - snprintf(serv, sizeof(serv), "%u", NAMESERVER_PORT); - hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(ns, serv, &hints, &res) == 0) { - res_init(); - memcpy(&_res_ext.nsaddr, res->ai_addr, res->ai_addrlen); - _res.nscount = 1; - } - } -#endif /* FAITH_NS */ - -#ifdef USE_ROUTE - grab_myaddrs(); -#endif - - switch (argc) { - case 0: - usage(); - /*NOTREACHED*/ - default: - serverargc = argc - NUMARG; - if (serverargc >= MAXARGV) - exit_stderr("too many arguments"); - - serverpath = malloc(strlen(argv[NUMPRG]) + 1); - strcpy(serverpath, argv[NUMPRG]); - for (i = 0; i < serverargc; i++) { - serverarg[i] = malloc(strlen(argv[i + NUMARG]) + 1); - strcpy(serverarg[i], argv[i + NUMARG]); - } - serverarg[i] = NULL; - /* fall throuth */ - case 1: /* no local service */ - service = argv[NUMPRT]; - break; - } - - /* - * Opening wild card socket for this service. - */ - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_PASSIVE; - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = 0; - error = getaddrinfo(NULL, service, &hints, &res); - if (error) - exit_failure("getaddrinfo: %s", gai_strerror(error)); - - s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (s_wld == -1) - exit_failure("socket: %s", strerror(errno)); - -#ifdef IPV6_FAITH - if (res->ai_family == AF_INET6) { - error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on)); - if (error == -1) - exit_failure("setsockopt(IPV6_FAITH): %s", - strerror(errno)); - } -#endif -#ifdef FAITH4 -#ifdef IP_FAITH - if (res->ai_family == AF_INET) { - error = setsockopt(s_wld, IPPROTO_IP, IP_FAITH, &on, sizeof(on)); - if (error == -1) - exit_failure("setsockopt(IP_FAITH): %s", - strerror(errno)); - } -#endif -#endif /* FAITH4 */ - - error = setsockopt(s_wld, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); - if (error == -1) - exit_failure("setsockopt(SO_REUSEADDR): %s", strerror(errno)); - - error = setsockopt(s_wld, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); - if (error == -1) - exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno)); - - error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen); - if (error == -1) - exit_failure("bind: %s", strerror(errno)); - - error = listen(s_wld, 5); - if (error == -1) - exit_failure("listen: %s", strerror(errno)); - -#ifdef USE_ROUTE - sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); - if (sockfd < 0) { - exit_failure("socket(PF_ROUTE): %s", strerror(errno)); - /*NOTREACHED*/ - } -#endif - - /* - * Everything is OK. - */ - - start_daemon(); - - snprintf(logname, sizeof(logname), "faithd %s", service); - snprintf(procname, sizeof(procname), "accepting port %s", service); - openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); - syslog(LOG_INFO, "Staring faith daemon for %s port", service); - - play_service(s_wld); - /* NOTREACHED */ - exit(1); /*pacify gcc*/ -} - -static void -play_service(int s_wld) -{ - struct sockaddr_storage srcaddr; - int len; - int s_src; - pid_t child_pid; - fd_set rfds; - int error; - int maxfd; - - /* - * Wait, accept, fork, faith.... - */ -again: - setproctitle("%s", procname); - - FD_ZERO(&rfds); - FD_SET(s_wld, &rfds); - maxfd = s_wld; -#ifdef USE_ROUTE - if (sockfd) { - FD_SET(sockfd, &rfds); - maxfd = (maxfd < sockfd) ? sockfd : maxfd; - } -#endif - - error = select(maxfd + 1, &rfds, NULL, NULL, NULL); - if (error < 0) { - if (errno == EINTR) - goto again; - exit_failure("select: %s", strerror(errno)); - /*NOTREACHED*/ - } - -#ifdef USE_ROUTE - if (FD_ISSET(sockfd, &rfds)) { - update_myaddrs(); - } -#endif - if (FD_ISSET(s_wld, &rfds)) { - len = sizeof(srcaddr); - s_src = accept(s_wld, (struct sockaddr *)&srcaddr, - &len); - if (s_src < 0) { - if (errno == ECONNABORTED) - goto again; - exit_failure("socket: %s", strerror(errno)); - /*NOTREACHED*/ - } - - child_pid = fork(); - - if (child_pid == 0) { - /* child process */ - close(s_wld); - closelog(); - openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); - play_child(s_src, (struct sockaddr *)&srcaddr); - exit_failure("should never reach here"); - /*NOTREACHED*/ - } else { - /* parent process */ - close(s_src); - if (child_pid == -1) - syslog(LOG_ERR, "can't fork"); - } - } - goto again; -} - -static void -play_child(int s_src, struct sockaddr *srcaddr) -{ - struct sockaddr_storage dstaddr6; - struct sockaddr_storage dstaddr4; - char src[NI_MAXHOST]; - char dst6[NI_MAXHOST]; - char dst4[NI_MAXHOST]; - int len = sizeof(dstaddr6); - int s_dst, error, hport, nresvport, on = 1; - struct timeval tv; - struct sockaddr *sa4; - const struct config *conf; - - tv.tv_sec = 1; - tv.tv_usec = 0; - - getnameinfo(srcaddr, srcaddr->sa_len, - src, sizeof(src), NULL, 0, NI_NUMERICHOST); - syslog(LOG_INFO, "accepted a client from %s", src); - - error = getsockname(s_src, (struct sockaddr *)&dstaddr6, &len); - if (error == -1) { - exit_failure("getsockname: %s", strerror(errno)); - /*NOTREACHED*/ - } - - getnameinfo((struct sockaddr *)&dstaddr6, len, - dst6, sizeof(dst6), NULL, 0, NI_NUMERICHOST); - syslog(LOG_INFO, "the client is connecting to %s", dst6); - - if (!faith_prefix((struct sockaddr *)&dstaddr6)) { - if (serverpath) { - /* - * Local service - */ - syslog(LOG_INFO, "executing local %s", serverpath); - if (!inetd) { - dup2(s_src, 0); - close(s_src); - dup2(0, 1); - dup2(0, 2); - } - execv(serverpath, serverarg); - syslog(LOG_ERR, "execv %s: %s", serverpath, - strerror(errno)); - _exit(EXIT_FAILURE); - } else { - close(s_src); - exit_success("no local service for %s", service); - } - } - - /* - * Act as a translator - */ - - switch (((struct sockaddr *)&dstaddr6)->sa_family) { - case AF_INET6: - if (!map6to4((struct sockaddr_in6 *)&dstaddr6, - (struct sockaddr_in *)&dstaddr4)) { - close(s_src); - exit_failure("map6to4 failed"); - /*NOTREACHED*/ - } - syslog(LOG_INFO, "translating from v6 to v4"); - break; -#ifdef FAITH4 - case AF_INET: - if (!map4to6((struct sockaddr_in *)&dstaddr6, - (struct sockaddr_in6 *)&dstaddr4)) { - close(s_src); - exit_failure("map4to6 failed"); - /*NOTREACHED*/ - } - syslog(LOG_INFO, "translating from v4 to v6"); - break; -#endif - default: - close(s_src); - exit_failure("family not supported"); - /*NOTREACHED*/ - } - - sa4 = (struct sockaddr *)&dstaddr4; - getnameinfo(sa4, sa4->sa_len, - dst4, sizeof(dst4), NULL, 0, NI_NUMERICHOST); - - conf = config_match(srcaddr, sa4); - if (!conf || !conf->permit) { - close(s_src); - if (conf) { - exit_failure("translation to %s not permitted for %s", - dst4, prefix_string(&conf->match)); - /*NOTREACHED*/ - } else { - exit_failure("translation to %s not permitted", dst4); - /*NOTREACHED*/ - } - } - - syslog(LOG_INFO, "the translator is connecting to %s", dst4); - - setproctitle("port %s, %s -> %s", service, src, dst4); - - if (sa4->sa_family == AF_INET6) - hport = ntohs(((struct sockaddr_in6 *)&dstaddr4)->sin6_port); - else /* AF_INET */ - hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port); - - switch (hport) { - case RLOGIN_PORT: - case RSH_PORT: - s_dst = rresvport_af(&nresvport, sa4->sa_family); - break; - default: - if (pflag) - s_dst = rresvport_af(&nresvport, sa4->sa_family); - else - s_dst = socket(sa4->sa_family, SOCK_STREAM, 0); - break; - } - if (s_dst < 0) { - exit_failure("socket: %s", strerror(errno)); - /*NOTREACHED*/ - } - - if (conf->src.a.ss_family) { - if (bind(s_dst, (const struct sockaddr *)&conf->src.a, - conf->src.a.ss_len) < 0) { - exit_failure("bind: %s", strerror(errno)); - /*NOTREACHED*/ - } - } - - error = setsockopt(s_dst, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); - if (error < 0) { - exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno)); - /*NOTREACHED*/ - } - - error = setsockopt(s_src, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); - if (error < 0) { - exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno)); - /*NOTREACHED*/ - } - error = setsockopt(s_dst, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); - if (error < 0) { - exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno)); - /*NOTREACHED*/ - } - - error = connect(s_dst, sa4, sa4->sa_len); - if (error < 0) { - exit_failure("connect: %s", strerror(errno)); - /*NOTREACHED*/ - } - - switch (hport) { - case FTP_PORT: - ftp_relay(s_src, s_dst); - break; - case RSH_PORT: - syslog(LOG_WARNING, - "WARNING: it is insecure to relay rsh port"); - rsh_relay(s_src, s_dst); - break; - case RLOGIN_PORT: - syslog(LOG_WARNING, - "WARNING: it is insecure to relay rlogin port"); - /*FALLTHROUGH*/ - default: - tcp_relay(s_src, s_dst, service); - break; - } - - /* NOTREACHED */ -} - -/* 0: non faith, 1: faith */ -static int -faith_prefix(struct sockaddr *dst) -{ -#ifndef USE_ROUTE - int mib[4], size; - struct in6_addr faith_prefix; - struct sockaddr_in6 *dst6 = (struct sockaddr_in *)dst; - - if (dst->sa_family != AF_INET6) - return 0; - - mib[0] = CTL_NET; - mib[1] = PF_INET6; - mib[2] = IPPROTO_IPV6; - mib[3] = IPV6CTL_FAITH_PREFIX; - size = sizeof(struct in6_addr); - if (sysctl(mib, 4, &faith_prefix, &size, NULL, 0) < 0) { - exit_failure("sysctl: %s", strerror(errno)); - /*NOTREACHED*/ - } - - if (memcmp(dst, &faith_prefix, - sizeof(struct in6_addr) - sizeof(struct in_addr) == 0) { - return 1; - } - return 0; -#else - struct myaddrs *p; - struct sockaddr_in6 *sin6; - struct sockaddr_in *sin4; - struct sockaddr_in6 *dst6; - struct sockaddr_in *dst4; - struct sockaddr_in dstmap; - - dst6 = (struct sockaddr_in6 *)dst; - if (dst->sa_family == AF_INET6 - && IN6_IS_ADDR_V4MAPPED(&dst6->sin6_addr)) { - /* ugly... */ - memset(&dstmap, 0, sizeof(dstmap)); - dstmap.sin_family = AF_INET; - dstmap.sin_len = sizeof(dstmap); - memcpy(&dstmap.sin_addr, &dst6->sin6_addr.s6_addr[12], - sizeof(dstmap.sin_addr)); - dst = (struct sockaddr *)&dstmap; - } - - dst6 = (struct sockaddr_in6 *)dst; - dst4 = (struct sockaddr_in *)dst; - - for (p = myaddrs; p; p = p->next) { - sin6 = (struct sockaddr_in6 *)p->addr; - sin4 = (struct sockaddr_in *)p->addr; - - if (p->addr->sa_len != dst->sa_len - || p->addr->sa_family != dst->sa_family) - continue; - - switch (dst->sa_family) { - case AF_INET6: - if (sin6->sin6_scope_id == dst6->sin6_scope_id - && IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &dst6->sin6_addr)) - return 0; - break; - case AF_INET: - if (sin4->sin_addr.s_addr == dst4->sin_addr.s_addr) - return 0; - break; - } - } - return 1; -#endif -} - -/* 0: non faith, 1: faith */ -static int -map6to4(struct sockaddr_in6 *dst6, struct sockaddr_in *dst4) -{ - memset(dst4, 0, sizeof(*dst4)); - dst4->sin_len = sizeof(*dst4); - dst4->sin_family = AF_INET; - dst4->sin_port = dst6->sin6_port; - memcpy(&dst4->sin_addr, &dst6->sin6_addr.s6_addr[12], - sizeof(dst4->sin_addr)); - - if (dst4->sin_addr.s_addr == INADDR_ANY - || dst4->sin_addr.s_addr == INADDR_BROADCAST - || IN_MULTICAST(ntohl(dst4->sin_addr.s_addr))) - return 0; - - return 1; -} - -#ifdef FAITH4 -/* 0: non faith, 1: faith */ -static int -map4to6(struct sockaddr_in *dst4, struct sockaddr_in6 *dst6) -{ - char host[NI_MAXHOST]; - char serv[NI_MAXSERV]; - struct addrinfo hints, *res; - int ai_errno; - - if (getnameinfo((struct sockaddr *)dst4, dst4->sin_len, host, sizeof(host), - serv, sizeof(serv), NI_NAMEREQD|NI_NUMERICSERV) != 0) - return 0; - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = 0; - hints.ai_family = AF_INET6; - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = 0; - - if ((ai_errno = getaddrinfo(host, serv, &hints, &res)) != 0) { - syslog(LOG_INFO, "%s %s: %s", host, serv, - gai_strerror(ai_errno)); - return 0; - } - - memcpy(dst6, res->ai_addr, res->ai_addrlen); - - freeaddrinfo(res); - - return 1; -} -#endif /* FAITH4 */ - -static void -sig_child(int sig) -{ - int status; - pid_t pid; - - pid = wait3(&status, WNOHANG, NULL); - if (pid && WEXITSTATUS(status)) - syslog(LOG_WARNING, "child %d exit status 0x%x", pid, status); -} - -void -sig_terminate(int sig) -{ - syslog(LOG_INFO, "Terminating faith daemon"); - exit(EXIT_SUCCESS); -} - -static void -start_daemon(void) -{ -#ifdef SA_NOCLDWAIT - struct sigaction sa; -#endif - - if (daemon(0, 0) == -1) - exit_stderr("daemon: %s", strerror(errno)); - -#ifdef SA_NOCLDWAIT - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = sig_child; - sa.sa_flags = SA_NOCLDWAIT; - sigemptyset(&sa.sa_mask); - sigaction(SIGCHLD, &sa, NULL); -#else - if (signal(SIGCHLD, sig_child) == SIG_ERR) { - exit_failure("signal CHLD: %s", strerror(errno)); - /*NOTREACHED*/ - } -#endif - - if (signal(SIGTERM, sig_terminate) == SIG_ERR) { - exit_failure("signal TERM: %s", strerror(errno)); - /*NOTREACHED*/ - } -} - -static void -exit_stderr(const char *fmt, ...) -{ - va_list ap; - char buf[BUFSIZ]; - - va_start(ap, fmt); - vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - fprintf(stderr, "%s\n", buf); - exit(EXIT_FAILURE); -} - -void -exit_failure(const char *fmt, ...) -{ - va_list ap; - char buf[BUFSIZ]; - - va_start(ap, fmt); - vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - syslog(LOG_ERR, "%s", buf); - exit(EXIT_FAILURE); -} - -void -exit_success(const char *fmt, ...) -{ - va_list ap; - char buf[BUFSIZ]; - - va_start(ap, fmt); - vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - syslog(LOG_INFO, "%s", buf); - exit(EXIT_SUCCESS); -} - -#ifdef USE_ROUTE -static void -grab_myaddrs(void) -{ - struct ifaddrs *ifap, *ifa; - struct myaddrs *p; - struct sockaddr_in6 *sin6; - - if (getifaddrs(&ifap) != 0) { - exit_failure("getifaddrs"); - /*NOTREACHED*/ - } - - for (ifa = ifap; ifa; ifa = ifa->ifa_next) { - switch (ifa->ifa_addr->sa_family) { - case AF_INET: - case AF_INET6: - break; - default: - continue; - } - - p = (struct myaddrs *)malloc(sizeof(struct myaddrs) + - ifa->ifa_addr->sa_len); - if (!p) { - exit_failure("not enough core"); - /*NOTREACHED*/ - } - memcpy(p + 1, ifa->ifa_addr, ifa->ifa_addr->sa_len); - p->next = myaddrs; - p->addr = (struct sockaddr *)(p + 1); -#ifdef __KAME__ - if (ifa->ifa_addr->sa_family == AF_INET6) { - sin6 = (struct sockaddr_in6 *)p->addr; - if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) - || IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { - sin6->sin6_scope_id = - ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); - sin6->sin6_addr.s6_addr[2] = 0; - sin6->sin6_addr.s6_addr[3] = 0; - } - } -#endif - myaddrs = p; - if (dflag) { - char hbuf[NI_MAXHOST]; - getnameinfo(p->addr, p->addr->sa_len, - hbuf, sizeof(hbuf), NULL, 0, - NI_NUMERICHOST); - syslog(LOG_INFO, "my interface: %s %s", hbuf, - ifa->ifa_name); - } - } - - freeifaddrs(ifap); -} - -static void -free_myaddrs(void) -{ - struct myaddrs *p, *q; - - p = myaddrs; - while (p) { - q = p->next; - free(p); - p = q; - } - myaddrs = NULL; -} - -static void -update_myaddrs(void) -{ - char msg[BUFSIZ]; - int len; - struct rt_msghdr *rtm; - - len = read(sockfd, msg, sizeof(msg)); - if (len < 0) { - syslog(LOG_ERR, "read(PF_ROUTE) failed"); - return; - } - rtm = (struct rt_msghdr *)msg; - if (len < 4 || len < rtm->rtm_msglen) { - syslog(LOG_ERR, "read(PF_ROUTE) short read"); - return; - } - if (rtm->rtm_version != RTM_VERSION) { - syslog(LOG_ERR, "routing socket version mismatch"); - close(sockfd); - sockfd = 0; - return; - } - switch (rtm->rtm_type) { - case RTM_NEWADDR: - case RTM_DELADDR: - case RTM_IFINFO: - break; - default: - return; - } - /* XXX more filters here? */ - - syslog(LOG_INFO, "update interface address list"); - free_myaddrs(); - grab_myaddrs(); -} -#endif /*USE_ROUTE*/ - -static void -usage(void) -{ - fprintf(stderr, "usage: %s [-dp] [-f conf] service [serverpath [serverargs]]\n", - faithdname); - exit(0); -} diff --git a/usr.sbin/faithd/faithd.h b/usr.sbin/faithd/faithd.h deleted file mode 100644 index b157b87e93..0000000000 --- a/usr.sbin/faithd/faithd.h +++ /dev/null @@ -1,70 +0,0 @@ -/* $KAME: faithd.h,v 1.8 2001/09/05 03:04:21 itojun Exp $ */ - -/* - * Copyright (C) 1997 and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/usr.sbin/faithd/faithd.h,v 1.1.2.3 2002/04/28 05:40:29 suz Exp $ - */ - -extern char logname[]; -extern int dflag; - -extern void tcp_relay(int, int, const char *); -extern void ftp_relay(int, int); -extern void rsh_relay(int, int); -extern void rsh_dual_relay(int, int); -extern void exit_success(const char *, ...) - __attribute__((__format__(__printf__, 1, 2))); -extern void exit_failure(const char *, ...) - __attribute__((__format__(__printf__, 1, 2))); - -#define DEFAULT_PORT_NAME "telnet" -#define DEFAULT_DIR "/usr/libexec" -#define DEFAULT_NAME "telnetd" -#define DEFAULT_PATH (DEFAULT_DIR "/" DEFAULT_NAME) - -#define FTP_PORT 21 -#define RLOGIN_PORT 513 -#define RSH_PORT 514 - -#define RETURN_SUCCESS 0 -#define RETURN_FAILURE 1 - -#define YES 1 -#define NO 0 - -#define MSS 2048 -#define MAXARGV 20 - -#define NUMPRT 0 -#define NUMPRG 1 -#define NUMARG 2 - -#define UC(b) (((int)b)&0xff) - -#define FAITH_TIMEOUT (30 * 60) /*second*/ diff --git a/usr.sbin/faithd/ftp.c b/usr.sbin/faithd/ftp.c deleted file mode 100644 index 5979835205..0000000000 --- a/usr.sbin/faithd/ftp.c +++ /dev/null @@ -1,1142 +0,0 @@ -/* $KAME: ftp.c,v 1.11 2001/07/02 14:36:49 itojun Exp $ */ - -/* - * Copyright (C) 1997 and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/usr.sbin/faithd/ftp.c,v 1.2.2.5 2002/04/28 05:40:29 suz Exp $ - * $DragonFly: src/usr.sbin/faithd/ftp.c,v 1.4 2003/11/16 14:10:45 eirikn Exp $ - */ - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "faithd.h" - -static char rbuf[MSS]; -static char sbuf[MSS]; -static int passivemode = 0; -static int wport4 = -1; /* listen() to active */ -static int wport6 = -1; /* listen() to passive */ -static int port4 = -1; /* active: inbound passive: outbound */ -static int port6 = -1; /* active: outbound passive: inbound */ -static struct sockaddr_storage data4; /* server data address */ -static struct sockaddr_storage data6; /* client data address */ -static int epsvall = 0; - -#ifdef FAITH4 -enum state { NONE, LPRT, EPRT, PORT, LPSV, EPSV, PASV }; -#else -enum state { NONE, LPRT, EPRT, LPSV, EPSV }; -#endif - -static int ftp_activeconn(void); -static int ftp_passiveconn(void); -static int ftp_copy(int, int); -static int ftp_copyresult(int, int, enum state); -static int ftp_copycommand(int, int, enum state *); - -void -ftp_relay(int ctl6, int ctl4) -{ - fd_set readfds; - int error; - enum state state = NONE; - struct timeval tv; - - syslog(LOG_INFO, "starting ftp control connection"); - - for (;;) { - FD_ZERO(&readfds); - FD_SET(ctl4, &readfds); - FD_SET(ctl6, &readfds); - if (0 <= port4) - FD_SET(port4, &readfds); - if (0 <= port6) - FD_SET(port6, &readfds); -#if 0 - if (0 <= wport4) - FD_SET(wport4, &readfds); - if (0 <= wport6) - FD_SET(wport6, &readfds); -#endif - tv.tv_sec = FAITH_TIMEOUT; - tv.tv_usec = 0; - - error = select(256, &readfds, NULL, NULL, &tv); - if (error == -1) - exit_failure("select: %s", strerror(errno)); - else if (error == 0) - exit_failure("connection timeout"); - - /* - * The order of the following checks does (slightly) matter. - * It is important to visit all checks (do not use "continue"), - * otherwise some of the pipe may become full and we cannot - * relay correctly. - */ - if (FD_ISSET(ctl6, &readfds)) { - /* - * copy control connection from the client. - * command translation is necessary. - */ - error = ftp_copycommand(ctl6, ctl4, &state); - - switch (error) { - case -1: - goto bad; - case 0: - close(ctl4); - close(ctl6); - exit_success("terminating ftp control connection"); - /*NOTREACHED*/ - default: - break; - } - } - if (FD_ISSET(ctl4, &readfds)) { - /* - * copy control connection from the server - * translation of result code is necessary. - */ - error = ftp_copyresult(ctl4, ctl6, state); - - switch (error) { - case -1: - goto bad; - case 0: - close(ctl4); - close(ctl6); - exit_success("terminating ftp control connection"); - /*NOTREACHED*/ - default: - break; - } - } - if (0 <= port4 && 0 <= port6 && FD_ISSET(port4, &readfds)) { - /* - * copy data connection. - * no special treatment necessary. - */ - if (FD_ISSET(port4, &readfds)) - error = ftp_copy(port4, port6); - switch (error) { - case -1: - goto bad; - case 0: - close(port4); - close(port6); - port4 = port6 = -1; - syslog(LOG_INFO, "terminating data connection"); - break; - default: - break; - } - } - if (0 <= port4 && 0 <= port6 && FD_ISSET(port6, &readfds)) { - /* - * copy data connection. - * no special treatment necessary. - */ - if (FD_ISSET(port6, &readfds)) - error = ftp_copy(port6, port4); - switch (error) { - case -1: - goto bad; - case 0: - close(port4); - close(port6); - port4 = port6 = -1; - syslog(LOG_INFO, "terminating data connection"); - break; - default: - break; - } - } -#if 0 - if (wport4 && FD_ISSET(wport4, &readfds)) { - /* - * establish active data connection from the server. - */ - ftp_activeconn(); - } - if (wport6 && FD_ISSET(wport6, &readfds)) { - /* - * establish passive data connection from the client. - */ - ftp_passiveconn(); - } -#endif - } - - bad: - exit_failure("%s", strerror(errno)); -} - -static int -ftp_activeconn(void) -{ - int n; - int error; - fd_set set; - struct timeval timeout; - struct sockaddr *sa; - - /* get active connection from server */ - FD_ZERO(&set); - FD_SET(wport4, &set); - timeout.tv_sec = 120; - timeout.tv_usec = -1; - n = sizeof(data4); - if (select(wport4 + 1, &set, NULL, NULL, &timeout) == 0 - || (port4 = accept(wport4, (struct sockaddr *)&data4, &n)) < 0) { - close(wport4); - wport4 = -1; - syslog(LOG_INFO, "active mode data connection failed"); - return -1; - } - - /* ask active connection to client */ - sa = (struct sockaddr *)&data6; - port6 = socket(sa->sa_family, SOCK_STREAM, 0); - if (port6 == -1) { - close(port4); - close(wport4); - port4 = wport4 = -1; - syslog(LOG_INFO, "active mode data connection failed"); - return -1; - } - error = connect(port6, sa, sa->sa_len); - if (error < 0) { - close(port6); - close(port4); - close(wport4); - port6 = port4 = wport4 = -1; - syslog(LOG_INFO, "active mode data connection failed"); - return -1; - } - - syslog(LOG_INFO, "active mode data connection established"); - return 0; -} - -static int -ftp_passiveconn(void) -{ - int n; - int error; - fd_set set; - struct timeval timeout; - struct sockaddr *sa; - - /* get passive connection from client */ - FD_ZERO(&set); - FD_SET(wport6, &set); - timeout.tv_sec = 120; - timeout.tv_usec = 0; - n = sizeof(data6); - if (select(wport6 + 1, &set, NULL, NULL, &timeout) == 0 - || (port6 = accept(wport6, (struct sockaddr *)&data6, &n)) < 0) { - close(wport6); - wport6 = -1; - syslog(LOG_INFO, "passive mode data connection failed"); - return -1; - } - - /* ask passive connection to server */ - sa = (struct sockaddr *)&data4; - port4 = socket(sa->sa_family, SOCK_STREAM, 0); - if (port4 == -1) { - close(wport6); - close(port6); - wport6 = port6 = -1; - syslog(LOG_INFO, "passive mode data connection failed"); - return -1; - } - error = connect(port4, sa, sa->sa_len); - if (error < 0) { - close(wport6); - close(port4); - close(port6); - wport6 = port4 = port6 = -1; - syslog(LOG_INFO, "passive mode data connection failed"); - return -1; - } - - syslog(LOG_INFO, "passive mode data connection established"); - return 0; -} - -static int -ftp_copy(int src, int dst) -{ - int error, atmark; - int n; - - /* OOB data handling */ - error = ioctl(src, SIOCATMARK, &atmark); - if (error != -1 && atmark == 1) { - n = read(src, rbuf, 1); - if (n == -1) - goto bad; - send(dst, rbuf, n, MSG_OOB); -#if 0 - n = read(src, rbuf, sizeof(rbuf)); - if (n == -1) - goto bad; - write(dst, rbuf, n); - return n; -#endif - } - - n = read(src, rbuf, sizeof(rbuf)); - switch (n) { - case -1: - case 0: - return n; - default: - write(dst, rbuf, n); - return n; - } - - bad: - exit_failure("%s", strerror(errno)); - /*NOTREACHED*/ - return 0; /* to make gcc happy */ -} - -static int -ftp_copyresult(int src, int dst, enum state state) -{ - int error, atmark; - int n; - char *param; - int code; - - /* OOB data handling */ - error = ioctl(src, SIOCATMARK, &atmark); - if (error != -1 && atmark == 1) { - n = read(src, rbuf, 1); - if (n == -1) - goto bad; - send(dst, rbuf, n, MSG_OOB); -#if 0 - n = read(src, rbuf, sizeof(rbuf)); - if (n == -1) - goto bad; - write(dst, rbuf, n); - return n; -#endif - } - - n = read(src, rbuf, sizeof(rbuf)); - if (n <= 0) - return n; - rbuf[n] = '\0'; - - /* - * parse argument - */ - { - char *p; - int i; - - p = rbuf; - for (i = 0; i < 3; i++) { - if (!isdigit(*p)) { - /* invalid reply */ - write(dst, rbuf, n); - return n; - } - p++; - } - if (!isspace(*p)) { - /* invalid reply */ - write(dst, rbuf, n); - return n; - } - code = atoi(rbuf); - param = p; - /* param points to first non-command token, if any */ - while (*param && isspace(*param)) - param++; - if (!*param) - param = NULL; - } - - switch (state) { - case NONE: - if (!passivemode && rbuf[0] == '1') { - if (ftp_activeconn() < 0) { - n = snprintf(rbuf, sizeof(rbuf), - "425 Cannot open data connetion\r\n"); - } - } - write(dst, rbuf, n); - return n; - case LPRT: - case EPRT: - /* expecting "200 PORT command successful." */ - if (code == 200) { - char *p; - - p = strstr(rbuf, "PORT"); - if (p) { - p[0] = (state == LPRT) ? 'L' : 'E'; - p[1] = 'P'; - } - } else { - close(wport4); - wport4 = -1; - } - write(dst, rbuf, n); - return n; -#ifdef FAITH4 - case PORT: - /* expecting "200 EPRT command successful." */ - if (code == 200) { - char *p; - - p = strstr(rbuf, "EPRT"); - if (p) { - p[0] = 'P'; - p[1] = 'O'; - } - } else { - close(wport4); - wport4 = -1; - } - write(dst, rbuf, n); - return n; -#endif - case LPSV: - case EPSV: - /* - * expecting "227 Entering Passive Mode (x,x,x,x,x,x,x)" - * (in some cases result comes without paren) - */ - if (code != 227) { -passivefail0: - close(wport6); - wport6 = -1; - write(dst, rbuf, n); - return n; - } - - { - unsigned int ho[4], po[2]; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - u_short port; - char *p; - - /* - * PASV result -> LPSV/EPSV result - */ - p = param; - while (*p && *p != '(' && !isdigit(*p)) /*)*/ - p++; - if (!*p) - goto passivefail0; /*XXX*/ - if (*p == '(') /*)*/ - p++; - n = sscanf(p, "%u,%u,%u,%u,%u,%u", - &ho[0], &ho[1], &ho[2], &ho[3], &po[0], &po[1]); - if (n != 6) - goto passivefail0; /*XXX*/ - - /* keep PORT parameter */ - memset(&data4, 0, sizeof(data4)); - sin = (struct sockaddr_in *)&data4; - sin->sin_len = sizeof(*sin); - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = 0; - for (n = 0; n < 4; n++) { - sin->sin_addr.s_addr |= - htonl((ho[n] & 0xff) << ((3 - n) * 8)); - } - sin->sin_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff)); - - /* get ready for passive data connection */ - memset(&data6, 0, sizeof(data6)); - sin6 = (struct sockaddr_in6 *)&data6; - sin6->sin6_len = sizeof(*sin6); - sin6->sin6_family = AF_INET6; - wport6 = socket(sin6->sin6_family, SOCK_STREAM, 0); - if (wport6 == -1) { -passivefail: - n = snprintf(sbuf, sizeof(sbuf), - "500 could not translate from PASV\r\n"); - write(src, sbuf, n); - return n; - } -#ifdef IPV6_FAITH - { - int on = 1; - error = setsockopt(wport6, IPPROTO_IPV6, IPV6_FAITH, - &on, sizeof(on)); - if (error == -1) - exit_failure("setsockopt(IPV6_FAITH): %s", strerror(errno)); - } -#endif - error = bind(wport6, (struct sockaddr *)sin6, sin6->sin6_len); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail; - } - error = listen(wport6, 1); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail; - } - - /* transmit LPSV or EPSV */ - /* - * addr from dst, port from wport6 - */ - n = sizeof(data6); - error = getsockname(wport6, (struct sockaddr *)&data6, &n); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail; - } - sin6 = (struct sockaddr_in6 *)&data6; - port = sin6->sin6_port; - - n = sizeof(data6); - error = getsockname(dst, (struct sockaddr *)&data6, &n); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail; - } - sin6 = (struct sockaddr_in6 *)&data6; - sin6->sin6_port = port; - - if (state == LPSV) { - char *a, *p; - - a = (char *)&sin6->sin6_addr; - p = (char *)&sin6->sin6_port; - n = snprintf(sbuf, sizeof(sbuf), -"228 Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)\r\n", - 6, 16, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), - UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]), - UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]), - UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]), - 2, UC(p[0]), UC(p[1])); - write(dst, sbuf, n); - passivemode = 1; - return n; - } else { - n = snprintf(sbuf, sizeof(sbuf), -"229 Entering Extended Passive Mode (|||%d|)\r\n", - ntohs(sin6->sin6_port)); - write(dst, sbuf, n); - passivemode = 1; - return n; - } - } -#ifdef FAITH4 - case PASV: - /* expecting "229 Entering Extended Passive Mode (|||x|)" */ - if (code != 229) { -passivefail1: - close(wport6); - wport6 = -1; - write(dst, rbuf, n); - return n; - } - - { - u_short port; - char *p; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - - /* - * EPSV result -> PORT result - */ - p = param; - while (*p && *p != '(') /*)*/ - p++; - if (!*p) - goto passivefail1; /*XXX*/ - p++; - n = sscanf(p, "|||%hu|", &port); - if (n != 1) - goto passivefail1; /*XXX*/ - - /* keep EPRT parameter */ - n = sizeof(data4); - error = getpeername(src, (struct sockaddr *)&data4, &n); - if (error == -1) - goto passivefail1; /*XXX*/ - sin6 = (struct sockaddr_in6 *)&data4; - sin6->sin6_port = htons(port); - - /* get ready for passive data connection */ - memset(&data6, 0, sizeof(data6)); - sin = (struct sockaddr_in *)&data6; - sin->sin_len = sizeof(*sin); - sin->sin_family = AF_INET; - wport6 = socket(sin->sin_family, SOCK_STREAM, 0); - if (wport6 == -1) { -passivefail2: - n = snprintf(sbuf, sizeof(sbuf), - "500 could not translate from EPSV\r\n"); - write(src, sbuf, n); - return n; - } -#ifdef IP_FAITH - { - int on = 1; - error = setsockopt(wport6, IPPROTO_IP, IP_FAITH, - &on, sizeof(on)); - if (error == -1) - exit_error("setsockopt(IP_FAITH): %s", strerror(errno)); - } -#endif - error = bind(wport6, (struct sockaddr *)sin, sin->sin_len); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail2; - } - error = listen(wport6, 1); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail2; - } - - /* transmit PORT */ - /* - * addr from dst, port from wport6 - */ - n = sizeof(data6); - error = getsockname(wport6, (struct sockaddr *)&data6, &n); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail2; - } - sin = (struct sockaddr_in *)&data6; - port = sin->sin_port; - - n = sizeof(data6); - error = getsockname(dst, (struct sockaddr *)&data6, &n); - if (error == -1) { - close(wport6); - wport6 = -1; - goto passivefail2; - } - sin = (struct sockaddr_in *)&data6; - sin->sin_port = port; - - { - char *a, *p; - - a = (char *)&sin->sin_addr; - p = (char *)&sin->sin_port; - n = snprintf(sbuf, sizeof(sbuf), -"227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n", - UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), - UC(p[0]), UC(p[1])); - write(dst, sbuf, n); - passivemode = 1; - return n; - } - } -#endif /* FAITH4 */ - } - - bad: - exit_failure("%s", strerror(errno)); - /*NOTREACHED*/ - return 0; /* to make gcc happy */ -} - -static int -ftp_copycommand(int src, int dst, enum state *state) -{ - int error, atmark; - int n; - unsigned int af, hal, ho[16], pal, po[2]; - char *a, *p; - char cmd[5], *param; - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; - enum state nstate; - char ch; - - /* OOB data handling */ - error = ioctl(src, SIOCATMARK, &atmark); - if (error != -1 && atmark == 1) { - n = read(src, rbuf, 1); - if (n == -1) - goto bad; - send(dst, rbuf, n, MSG_OOB); -#if 0 - n = read(src, rbuf, sizeof(rbuf)); - if (n == -1) - goto bad; - write(dst, rbuf, n); - return n; -#endif - } - - n = read(src, rbuf, sizeof(rbuf)); - if (n <= 0) - return n; - rbuf[n] = '\0'; - - if (n < 4) { - write(dst, rbuf, n); - return n; - } - - /* - * parse argument - */ - { - char *p, *q; - int i; - - p = rbuf; - q = cmd; - for (i = 0; i < 4; i++) { - if (!isalpha(*p)) { - /* invalid command */ - write(dst, rbuf, n); - return n; - } - *q++ = islower(*p) ? toupper(*p) : *p; - p++; - } - if (!isspace(*p)) { - /* invalid command */ - write(dst, rbuf, n); - return n; - } - *q = '\0'; - param = p; - /* param points to first non-command token, if any */ - while (*param && isspace(*param)) - param++; - if (!*param) - param = NULL; - } - - *state = NONE; - - if (strcmp(cmd, "LPRT") == 0 && param) { - /* - * LPRT -> PORT - */ - nstate = LPRT; - - close(wport4); - close(wport6); - close(port4); - close(port6); - wport4 = wport6 = port4 = port6 = -1; - - if (epsvall) { - n = snprintf(sbuf, sizeof(sbuf), "501 %s disallowed in EPSV ALL\r\n", - cmd); - write(src, sbuf, n); - return n; - } - - n = sscanf(param, -"%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u", - &af, &hal, &ho[0], &ho[1], &ho[2], &ho[3], - &ho[4], &ho[5], &ho[6], &ho[7], - &ho[8], &ho[9], &ho[10], &ho[11], - &ho[12], &ho[13], &ho[14], &ho[15], - &pal, &po[0], &po[1]); - if (n != 21 || af != 6 || hal != 16|| pal != 2) { - n = snprintf(sbuf, sizeof(sbuf), - "501 illegal parameter to LPRT\r\n"); - write(src, sbuf, n); - return n; - } - - /* keep LPRT parameter */ - memset(&data6, 0, sizeof(data6)); - sin6 = (struct sockaddr_in6 *)&data6; - sin6->sin6_len = sizeof(*sin6); - sin6->sin6_family = AF_INET6; - for (n = 0; n < 16; n++) - sin6->sin6_addr.s6_addr[n] = ho[n]; - sin6->sin6_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff)); - -sendport: - /* get ready for active data connection */ - n = sizeof(data4); - error = getsockname(dst, (struct sockaddr *)&data4, &n); - if (error == -1) { -lprtfail: - n = snprintf(sbuf, sizeof(sbuf), - "500 could not translate to PORT\r\n"); - write(src, sbuf, n); - return n; - } - if (((struct sockaddr *)&data4)->sa_family != AF_INET) - goto lprtfail; - sin = (struct sockaddr_in *)&data4; - sin->sin_port = 0; - wport4 = socket(sin->sin_family, SOCK_STREAM, 0); - if (wport4 == -1) - goto lprtfail; - error = bind(wport4, (struct sockaddr *)sin, sin->sin_len); - if (error == -1) { - close(wport4); - wport4 = -1; - goto lprtfail; - } - error = listen(wport4, 1); - if (error == -1) { - close(wport4); - wport4 = -1; - goto lprtfail; - } - - /* transmit PORT */ - n = sizeof(data4); - error = getsockname(wport4, (struct sockaddr *)&data4, &n); - if (error == -1) { - close(wport4); - wport4 = -1; - goto lprtfail; - } - if (((struct sockaddr *)&data4)->sa_family != AF_INET) { - close(wport4); - wport4 = -1; - goto lprtfail; - } - sin = (struct sockaddr_in *)&data4; - a = (char *)&sin->sin_addr; - p = (char *)&sin->sin_port; - n = snprintf(sbuf, sizeof(sbuf), "PORT %d,%d,%d,%d,%d,%d\r\n", - UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), - UC(p[0]), UC(p[1])); - write(dst, sbuf, n); - *state = nstate; - passivemode = 0; - return n; - } else if (strcmp(cmd, "EPRT") == 0 && param) { - /* - * EPRT -> PORT - */ - char *afp, *hostp, *portp; - struct addrinfo hints, *res; - - nstate = EPRT; - - close(wport4); - close(wport6); - close(port4); - close(port6); - wport4 = wport6 = port4 = port6 = -1; - - if (epsvall) { - n = snprintf(sbuf, sizeof(sbuf), "501 %s disallowed in EPSV ALL\r\n", - cmd); - write(src, sbuf, n); - return n; - } - - p = param; - ch = *p++; /* boundary character */ - afp = p; - while (*p && *p != ch) - p++; - if (!*p) { -eprtparamfail: - n = snprintf(sbuf, sizeof(sbuf), - "501 illegal parameter to EPRT\r\n"); - write(src, sbuf, n); - return n; - } - *p++ = '\0'; - hostp = p; - while (*p && *p != ch) - p++; - if (!*p) - goto eprtparamfail; - *p++ = '\0'; - portp = p; - while (*p && *p != ch) - p++; - if (!*p) - goto eprtparamfail; - *p++ = '\0'; - - n = sscanf(afp, "%d", &af); - if (n != 1 || af != 2) { - n = snprintf(sbuf, sizeof(sbuf), - "501 unsupported address family to EPRT\r\n"); - write(src, sbuf, n); - return n; - } - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(hostp, portp, &hints, &res); - if (error) { - n = snprintf(sbuf, sizeof(sbuf), - "501 EPRT: %s\r\n", gai_strerror(error)); - write(src, sbuf, n); - return n; - } - if (res->ai_next) { - n = snprintf(sbuf, sizeof(sbuf), - "501 EPRT: %s resolved to multiple addresses\r\n", hostp); - write(src, sbuf, n); - return n; - } - - memcpy(&data6, res->ai_addr, res->ai_addrlen); - - goto sendport; - } else if (strcmp(cmd, "LPSV") == 0 && !param) { - /* - * LPSV -> PASV - */ - nstate = LPSV; - - close(wport4); - close(wport6); - close(port4); - close(port6); - wport4 = wport6 = port4 = port6 = -1; - - if (epsvall) { - n = snprintf(sbuf, sizeof(sbuf), "501 %s disallowed in EPSV ALL\r\n", - cmd); - write(src, sbuf, n); - return n; - } - - /* transmit PASV */ - n = snprintf(sbuf, sizeof(sbuf), "PASV\r\n"); - write(dst, sbuf, n); - *state = LPSV; - passivemode = 0; /* to be set to 1 later */ - return n; - } else if (strcmp(cmd, "EPSV") == 0 && !param) { - /* - * EPSV -> PASV - */ - close(wport4); - close(wport6); - close(port4); - close(port6); - wport4 = wport6 = port4 = port6 = -1; - - n = snprintf(sbuf, sizeof(sbuf), "PASV\r\n"); - write(dst, sbuf, n); - *state = EPSV; - passivemode = 0; /* to be set to 1 later */ - return n; - } else if (strcmp(cmd, "EPSV") == 0 && param - && strncasecmp(param, "ALL", 3) == 0 && isspace(param[3])) { - /* - * EPSV ALL - */ - epsvall = 1; - n = snprintf(sbuf, sizeof(sbuf), "200 EPSV ALL command successful.\r\n"); - write(src, sbuf, n); - return n; -#ifdef FAITH4 - } else if (strcmp(cmd, "PORT") == 0 && param) { - /* - * PORT -> EPRT - */ - char host[NI_MAXHOST], serv[NI_MAXSERV]; - - nstate = PORT; - - close(wport4); - close(wport6); - close(port4); - close(port6); - wport4 = wport6 = port4 = port6 = -1; - - p = param; - n = sscanf(p, "%u,%u,%u,%u,%u,%u", - &ho[0], &ho[1], &ho[2], &ho[3], &po[0], &po[1]); - if (n != 6) { - n = snprintf(sbuf, sizeof(sbuf), - "501 illegal parameter to PORT\r\n"); - write(src, sbuf, n); - return n; - } - - memset(&data6, 0, sizeof(data6)); - sin = (struct sockaddr_in *)&data6; - sin->sin_len = sizeof(*sin); - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = htonl( - ((ho[0] & 0xff) << 24) | ((ho[1] & 0xff) << 16) | - ((ho[2] & 0xff) << 8) | (ho[3] & 0xff)); - sin->sin_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff)); - - /* get ready for active data connection */ - n = sizeof(data4); - error = getsockname(dst, (struct sockaddr *)&data4, &n); - if (error == -1) { -portfail: - n = snprintf(sbuf, sizeof(sbuf), - "500 could not translate to EPRT\r\n"); - write(src, sbuf, n); - return n; - } - if (((struct sockaddr *)&data4)->sa_family != AF_INET6) - goto portfail; - - ((struct sockaddr_in6 *)&data4)->sin6_port = 0; - sa = (struct sockaddr *)&data4; - wport4 = socket(sa->sa_family, SOCK_STREAM, 0); - if (wport4 == -1) - goto portfail; - error = bind(wport4, sa, sa->sa_len); - if (error == -1) { - close(wport4); - wport4 = -1; - goto portfail; - } - error = listen(wport4, 1); - if (error == -1) { - close(wport4); - wport4 = -1; - goto portfail; - } - - /* transmit EPRT */ - n = sizeof(data4); - error = getsockname(wport4, (struct sockaddr *)&data4, &n); - if (error == -1) { - close(wport4); - wport4 = -1; - goto portfail; - } - af = 2; - sa = (struct sockaddr *)&data4; - if (getnameinfo(sa, sa->sa_len, host, sizeof(host), - serv, sizeof(serv), NI_NUMERICHOST | NI_NUMERICSERV)) { - close(wport4); - wport4 = -1; - goto portfail; - } - n = snprintf(sbuf, sizeof(sbuf), "EPRT |%d|%s|%s|\r\n", af, host, serv); - write(dst, sbuf, n); - *state = nstate; - passivemode = 0; - return n; - } else if (strcmp(cmd, "PASV") == 0 && !param) { - /* - * PASV -> EPSV - */ - - nstate = PASV; - - close(wport4); - close(wport6); - close(port4); - close(port6); - wport4 = wport6 = port4 = port6 = -1; - - /* transmit EPSV */ - n = snprintf(sbuf, sizeof(sbuf), "EPSV\r\n"); - write(dst, sbuf, n); - *state = PASV; - passivemode = 0; /* to be set to 1 later */ - return n; -#else /* FAITH4 */ - } else if (strcmp(cmd, "PORT") == 0 || strcmp(cmd, "PASV") == 0) { - /* - * reject PORT/PASV - */ - n = snprintf(sbuf, sizeof(sbuf), "502 %s not implemented.\r\n", cmd); - write(src, sbuf, n); - return n; -#endif /* FAITH4 */ - } else if (passivemode - && (strcmp(cmd, "STOR") == 0 - || strcmp(cmd, "STOU") == 0 - || strcmp(cmd, "RETR") == 0 - || strcmp(cmd, "LIST") == 0 - || strcmp(cmd, "NLST") == 0 - || strcmp(cmd, "APPE") == 0)) { - /* - * commands with data transfer. need to care about passive - * mode data connection. - */ - - if (ftp_passiveconn() < 0) { - n = snprintf(sbuf, sizeof(sbuf), "425 Cannot open data connetion\r\n"); - write(src, sbuf, n); - } else { - /* simply relay the command */ - write(dst, rbuf, n); - } - - *state = NONE; - return n; - } else { - /* simply relay it */ - *state = NONE; - write(dst, rbuf, n); - return n; - } - - bad: - exit_failure("%s", strerror(errno)); - /*NOTREACHED*/ - return 0; /* to make gcc happy */ -} diff --git a/usr.sbin/faithd/prefix.c b/usr.sbin/faithd/prefix.c deleted file mode 100644 index 06b21dbc33..0000000000 --- a/usr.sbin/faithd/prefix.c +++ /dev/null @@ -1,346 +0,0 @@ -/* $KAME: prefix.c,v 1.9 2001/07/02 14:36:49 itojun Exp $ */ -/* $FreeBSD: src/usr.sbin/faithd/prefix.c,v 1.1.2.2 2002/04/28 05:40:29 suz Exp $ */ - -/* - * Copyright (C) 2000 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef offsetof -#define offsetof(type, member) ((size_t)(u_long)(&((type *)0)->member)) -#endif - -#include "faithd.h" -#include "prefix.h" - -static int prefix_set(const char *, struct prefix *, int); -static struct config *config_load1(const char *); -#if 0 -static void config_show1(const struct config *); -static void config_show(void); -#endif - -struct config *config_list = NULL; -#ifdef NI_WITHSCOPEID -const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; -#else -const int niflags = NI_NUMERICHOST; -#endif - -static int -prefix_set(const char *s, struct prefix *prefix, int slash) -{ - char *p, *q, *r; - struct addrinfo hints, *res = NULL; - int max; - - p = strdup(s); - q = strchr(p, '/'); - if (q) { - if (!slash) - goto fail; - *q++ = '\0'; - } - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(p, "0", &hints, &res)) - goto fail; - if (res->ai_next || res->ai_addrlen > sizeof(prefix->a)) - goto fail; - memcpy(&prefix->a, res->ai_addr, res->ai_addrlen); - - switch (prefix->a.ss_family) { - case AF_INET: - max = 32; - break; - case AF_INET6: - max = 128; - break; - default: - max = -1; - break; - } - - if (q) { - r = NULL; - prefix->l = (int)strtoul(q, &r, 10); - if (!*q || *r) - goto fail; - if (prefix->l < 0 || prefix->l > max) - goto fail; - } else - prefix->l = max; - - if (p) - free(p); - if (res) - freeaddrinfo(res); - return 0; - -fail: - if (p) - free(p); - if (res) - freeaddrinfo(res); - return -1; -} - -const char * -prefix_string(const struct prefix *prefix) -{ - static char buf[NI_MAXHOST + 20]; - char hbuf[NI_MAXHOST]; - - if (getnameinfo((const struct sockaddr *)&prefix->a, prefix->a.ss_len, - hbuf, sizeof(hbuf), NULL, 0, niflags)) - return NULL; - snprintf(buf, sizeof(buf), "%s/%d", hbuf, prefix->l); - return buf; -} - -int -prefix_match(const struct prefix *prefix, const struct sockaddr *sa) -{ - struct sockaddr_storage a, b; - char *pa, *pb; - int off, l; - - if (prefix->a.ss_family != sa->sa_family || - prefix->a.ss_len != sa->sa_len) - return 0; - - if (prefix->a.ss_len > sizeof(a) || sa->sa_len > sizeof(b)) - return 0; - - switch (prefix->a.ss_family) { - case AF_INET: - off = offsetof(struct sockaddr_in, sin_addr); - break; - case AF_INET6: - off = offsetof(struct sockaddr_in6, sin6_addr); - break; - default: - if (memcmp(&prefix->a, sa, prefix->a.ss_len) != 0) - return 0; - else - return 1; - } - - memcpy(&a, &prefix->a, prefix->a.ss_len); - memcpy(&b, sa, sa->sa_len); - l = prefix->l / 8 + (prefix->l % 8 ? 1 : 0); - - /* overrun check */ - if (off + l > a.ss_len) - return 0; - - pa = ((char *)&a) + off; - pb = ((char *)&b) + off; - if (prefix->l % 8) { - pa[prefix->l / 8] &= 0xff00 >> (prefix->l % 8); - pb[prefix->l / 8] &= 0xff00 >> (prefix->l % 8); - } - if (memcmp(pa, pb, l) != 0) - return 0; - else - return 1; -} - -/* - * prefix/prefixlen permit/deny prefix/prefixlen [srcaddr] - * 3ffe::/16 permit 10.0.0.0/8 10.1.1.1 - */ -static struct config * -config_load1(const char *line) -{ - struct config *conf; - char buf[BUFSIZ]; - char *p; - char *token[4]; - int i; - - if (strlen(line) + 1 > sizeof(buf)) - return NULL; - strlcpy(buf, line, sizeof(buf)); - - p = strchr(buf, '\n'); - if (!p) - return NULL; - *p = '\0'; - p = strchr(buf, '#'); - if (p) - *p = '\0'; - if (strlen(buf) == 0) - return NULL; - - p = buf; - memset(token, 0, sizeof(token)); - for (i = 0; i < sizeof(token) / sizeof(token[0]); i++) { - token[i] = strtok(p, "\t "); - p = NULL; - if (token[i] == NULL) - break; - } - /* extra tokens? */ - if (strtok(p, "\t ") != NULL) - return NULL; - /* insufficient tokens */ - switch (i) { - case 3: - case 4: - break; - default: - return NULL; - } - - conf = (struct config *)malloc(sizeof(*conf)); - if (conf == NULL) - return NULL; - memset(conf, 0, sizeof(*conf)); - - if (strcasecmp(token[1], "permit") == 0) - conf->permit = 1; - else if (strcasecmp(token[1], "deny") == 0) - conf->permit = 0; - else { - /* invalid keyword is considered as "deny" */ - conf->permit = 0; - } - - if (prefix_set(token[0], &conf->match, 1) < 0) - goto fail; - if (prefix_set(token[2], &conf->dest, 1) < 0) - goto fail; - if (token[3]) { - if (prefix_set(token[3], &conf->src, 0) < 0) - goto fail; - } - - return conf; - -fail: - free(conf); - return NULL; -} - -int -config_load(const char *configfile) -{ - FILE *fp; - char buf[BUFSIZ]; - struct config *conf, *p; - struct config sentinel; - - config_list = NULL; - - if (!configfile) - configfile = _PATH_PREFIX_CONF; - fp = fopen(configfile, "r"); - if (fp == NULL) - return -1; - - p = &sentinel; - while (fgets(buf, sizeof(buf), fp) != NULL) { - conf = config_load1(buf); - if (conf) { - p->next = conf; - p = p->next; - } - } - config_list = sentinel.next; - - fclose(fp); - return 0; -} - -#if 0 -static void -config_show1(const struct config *conf) -{ - const char *p; - - p = prefix_string(&conf->match); - printf("%s", p ? p : "?"); - - if (conf->permit) - printf(" permit"); - else - printf(" deny"); - - p = prefix_string(&conf->dest); - printf(" %s", p ? p : "?"); - - printf("\n"); -} - -static void -config_show(void) -{ - struct config *conf; - - for (conf = config_list; conf; conf = conf->next) - config_show1(conf); -} -#endif - -const struct config * -config_match(struct sockaddr *sa1, struct sockaddr *sa2) -{ - static struct config conf; - const struct config *p; - - if (sa1->sa_len > sizeof(conf.match.a) || - sa2->sa_len > sizeof(conf.dest.a)) - return NULL; - - memset(&conf, 0, sizeof(conf)); - if (!config_list) { - conf.permit = 1; - memcpy(&conf.match.a, sa1, sa1->sa_len); - memcpy(&conf.dest.a, sa2, sa2->sa_len); - return &conf; - } - - for (p = config_list; p; p = p->next) - if (prefix_match(&p->match, sa1) && prefix_match(&p->dest, sa2)) - return p; - - return NULL; -} diff --git a/usr.sbin/faithd/prefix.h b/usr.sbin/faithd/prefix.h deleted file mode 100644 index dd1e0c7ec3..0000000000 --- a/usr.sbin/faithd/prefix.h +++ /dev/null @@ -1,53 +0,0 @@ -/* $KAME: prefix.h,v 1.4 2001/09/05 03:04:21 itojun Exp $ */ -/* $FreeBSD: src/usr.sbin/faithd/prefix.h,v 1.1.2.2 2002/04/28 05:40:29 suz Exp $ */ -/* $DragonFly: src/usr.sbin/faithd/prefix.h,v 1.3 2003/11/03 19:31:37 eirikn Exp $ */ - -/* - * Copyright (C) 2000 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -struct prefix { - struct sockaddr_storage a; - int l; -}; - -struct config { - struct config *next; - - int permit; - struct prefix match; - struct prefix dest; - struct prefix src; /* src to use for outgoing connection */ -}; - -#define _PATH_PREFIX_CONF "/etc/faithd.conf" - -extern const char *prefix_string(const struct prefix *); -extern int prefix_match(const struct prefix *, const struct sockaddr *); -extern int config_load(const char *); -extern const struct config *config_match(struct sockaddr *, struct sockaddr *); diff --git a/usr.sbin/faithd/rsh.c b/usr.sbin/faithd/rsh.c deleted file mode 100644 index 14087883b9..0000000000 --- a/usr.sbin/faithd/rsh.c +++ /dev/null @@ -1,213 +0,0 @@ -/* $KAME: rsh.c,v 1.7 2001/09/05 01:10:30 itojun Exp $ */ - -/* - * Copyright (C) 1997 and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/usr.sbin/faithd/rsh.c,v 1.2.2.4 2002/04/28 05:40:29 suz Exp $ - * $DragonFly: src/usr.sbin/faithd/rsh.c,v 1.3 2007/05/18 17:05:12 dillon Exp $ - */ - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "faithd.h" - -char rshbuf[MSS]; - -int s_ctl, s_ctl6, s_rcv, s_snd; -int half; - -void -rsh_relay(int s_src, int s_dst) -{ - ssize_t n; - fd_set readfds; - int error; - struct timeval tv; - - FD_ZERO(&readfds); - FD_SET(s_src, &readfds); - tv.tv_sec = FAITH_TIMEOUT; - tv.tv_usec = 0; - error = select(256, &readfds, NULL, NULL, &tv); - if (error == -1) - exit_failure("select %d: %s", s_src, strerror(errno)); - else if (error == 0) - exit_failure("connection timeout"); - - n = read(s_src, rshbuf, sizeof(rshbuf)); - if (rshbuf[0] != 0) { - rsh_dual_relay(s_src, s_dst); - /* NOTREACHED */ - } - write(s_dst, rshbuf, n); - tcp_relay(s_src, s_dst, "rsh"); - /* NOTREACHED */ -} - -static void -relay(int src, int dst) -{ - int error; - ssize_t n; - int atmark; - - error = ioctl(s_rcv, SIOCATMARK, &atmark); - if (error != -1 && atmark == 1) { - n = read(s_rcv, rshbuf, 1); - if (n == 1) - send(s_snd, rshbuf, 1, MSG_OOB); - return; - } - - n = read(s_rcv, rshbuf, sizeof(rshbuf)); - - switch (n) { - case -1: - exit_failure("%s", strerror(errno)); - case 0: - if (s_rcv == src) { - /* half close */ - shutdown(dst, SHUT_WR); - half = YES; - break; - } - close(src); - close(dst); - close(s_ctl); - close(s_ctl6); - exit_success("terminating rsh/contorol connections"); - break; - default: - write(s_snd, rshbuf, n); - } -} - -void -rsh_dual_relay(int s_src, int s_dst) -{ - fd_set readfds; - int len, s_wld, error; - struct sockaddr_storage ctladdr6; - struct sockaddr_storage ctladdr; - int port6 = 0, lport, lport6; - char *p; - struct timeval tv; - struct sockaddr *sa; - - half = NO; - s_rcv = s_src; - s_snd = s_dst; - syslog(LOG_INFO, "starting rsh connection"); - - for (p = rshbuf; *p; p++) - port6 = port6 * 10 + *p - '0'; - - len = sizeof(ctladdr6); - getpeername(s_src, (struct sockaddr *)&ctladdr6, &len); - if (((struct sockaddr *)&ctladdr6)->sa_family == AF_INET6) - ((struct sockaddr_in6 *)&ctladdr6)->sin6_port = htons(port6); - else - ((struct sockaddr_in *)&ctladdr6)->sin_port = htons(port6); - - s_wld = rresvport(&lport); - if (s_wld == -1) goto bad; - error = listen(s_wld, 1); - if (error == -1) goto bad; - snprintf(rshbuf, sizeof(rshbuf), "%d", lport); - write(s_dst, rshbuf, strlen(rshbuf)+1); - - len = sizeof(ctladdr); - s_ctl = accept(s_wld, (struct sockaddr *)&ctladdr, &len); - if (s_ctl == -1) goto bad; - close(s_wld); - - sa = (struct sockaddr *)&ctladdr6; - s_ctl6 = rresvport_af(&lport6, sa->sa_family); - if (s_ctl6 == -1) goto bad; - error = connect(s_ctl6, sa, sa->sa_len); - if (error == -1) goto bad; - - syslog(LOG_INFO, "starting rsh control connection"); - - for (;;) { - FD_ZERO(&readfds); - if (half == NO) - FD_SET(s_src, &readfds); - FD_SET(s_dst, &readfds); - FD_SET(s_ctl, &readfds); - FD_SET(s_ctl6, &readfds); - tv.tv_sec = FAITH_TIMEOUT; - tv.tv_usec = 0; - - error = select(256, &readfds, NULL, NULL, &tv); - if (error == -1) - exit_failure("select 4 sockets: %s", strerror(errno)); - else if (error == 0) - exit_failure("connection timeout"); - - if (half == NO && FD_ISSET(s_src, &readfds)) { - s_rcv = s_src; - s_snd = s_dst; - relay(s_src, s_dst); - } - if (FD_ISSET(s_dst, &readfds)) { - s_rcv = s_dst; - s_snd = s_src; - relay(s_src, s_dst); - } - if (FD_ISSET(s_ctl, &readfds)) { - s_rcv = s_ctl; - s_snd = s_ctl6; - relay(s_src, s_dst); - } - if (FD_ISSET(s_ctl6, &readfds)) { - s_rcv = s_ctl6; - s_snd = s_ctl; - relay(s_src, s_dst); - } - } - /* NOTREACHED */ - - bad: - exit_failure("%s", strerror(errno)); -} diff --git a/usr.sbin/faithd/tcp.c b/usr.sbin/faithd/tcp.c deleted file mode 100644 index 309371229d..0000000000 --- a/usr.sbin/faithd/tcp.c +++ /dev/null @@ -1,305 +0,0 @@ -/* $KAME: tcp.c,v 1.8 2001/11/21 07:40:22 itojun Exp $ */ - -/* - * Copyright (C) 1997 and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD: src/usr.sbin/faithd/tcp.c,v 1.1.2.3 2002/04/28 05:40:29 suz Exp $ - * $DragonFly: src/usr.sbin/faithd/tcp.c,v 1.5 2007/05/18 17:05:12 dillon Exp $ - */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "faithd.h" - -static char tcpbuf[16*1024]; - /* bigger than MSS and may be lesser than window size */ -static int tblen, tboff, oob_exists; -static fd_set readfds, writefds, exceptfds; -static char atmark_buf[2]; -static pid_t cpid = (pid_t)0; -static pid_t ppid = (pid_t)0; -volatile time_t child_lastactive = (time_t)0; -static time_t parent_lastactive = (time_t)0; - -static void sig_ctimeout(int); -static void sig_child(int); -static void notify_inactive(void); -static void notify_active(void); -static void send_data(int, int, const char *, int); -static void relay(int, int, const char *, int); - -/* - * Inactivity timer: - * - child side (ppid != 0) will send SIGUSR1 to parent every (FAITH_TIMEOUT/4) - * second if traffic is active. if traffic is inactive, don't send SIGUSR1. - * - parent side (ppid == 0) will check the last SIGUSR1 it have seen. - */ -static void -sig_ctimeout(int sig) -{ - /* parent side: record notification from the child */ - if (dflag) - syslog(LOG_DEBUG, "activity timer from child"); - child_lastactive = time(NULL); -} - -/* parent will terminate if child dies. */ -static void -sig_child(int sig) -{ - int status; - pid_t pid; - - pid = wait3(&status, WNOHANG, NULL); - if (pid && WEXITSTATUS(status)) - syslog(LOG_WARNING, "child %d exit status 0x%x", pid, status); - exit_success("terminate connection due to child termination"); -} - -static void -notify_inactive(void) -{ - time_t t; - - /* only on parent side... */ - if (ppid) - return; - - /* parent side should check for timeout. */ - t = time(NULL); - if (dflag) { - syslog(LOG_DEBUG, "parent side %sactive, child side %sactive", - (FAITH_TIMEOUT < t - parent_lastactive) ? "in" : "", - (FAITH_TIMEOUT < t - child_lastactive) ? "in" : ""); - } - - if (FAITH_TIMEOUT < t - child_lastactive - && FAITH_TIMEOUT < t - parent_lastactive) { - /* both side timeouted */ - signal(SIGCHLD, SIG_DFL); - kill(cpid, SIGTERM); - wait(NULL); - exit_failure("connection timeout"); - /* NOTREACHED */ - } -} - -static void -notify_active(void) -{ - if (ppid) { - /* child side: notify parent of active traffic */ - time_t t; - t = time(NULL); - if (FAITH_TIMEOUT / 4 < t - child_lastactive) { - if (kill(ppid, SIGUSR1) < 0) { - exit_failure("terminate connection due to parent termination"); - /* NOTREACHED */ - } - child_lastactive = t; - } - } else { - /* parent side */ - parent_lastactive = time(NULL); - } -} - -static void -send_data(int s_rcv, int s_snd, const char *service, int direction) -{ - int cc; - - if (oob_exists) { - cc = send(s_snd, atmark_buf, 1, MSG_OOB); - if (cc == -1) - goto retry_or_err; - oob_exists = 0; - FD_SET(s_rcv, &exceptfds); - } - - for (; tboff < tblen; tboff += cc) { - cc = write(s_snd, tcpbuf + tboff, tblen - tboff); - if (cc < 0) - goto retry_or_err; - } -#ifdef DEBUG - if (tblen) { - if (tblen >= sizeof(tcpbuf)) - tblen = sizeof(tcpbuf) - 1; - tcpbuf[tblen] = '\0'; - syslog(LOG_DEBUG, "from %s (%dbytes): %s", - direction == 1 ? "client" : "server", tblen, tcpbuf); - } -#endif /* DEBUG */ - tblen = 0; tboff = 0; - FD_CLR(s_snd, &writefds); - FD_SET(s_rcv, &readfds); - return; - retry_or_err: - if (errno != EAGAIN) - exit_failure("writing relay data failed: %s", strerror(errno)); - FD_SET(s_snd, &writefds); -} - -static void -relay(int s_rcv, int s_snd, const char *service, int direction) -{ - int atmark, error, maxfd; - struct timeval tv; - fd_set oreadfds, owritefds, oexceptfds; - - FD_ZERO(&readfds); - FD_ZERO(&writefds); - FD_ZERO(&exceptfds); - fcntl(s_snd, F_SETFD, O_NONBLOCK); - oreadfds = readfds; owritefds = writefds; oexceptfds = exceptfds; - FD_SET(s_rcv, &readfds); - FD_SET(s_rcv, &exceptfds); - oob_exists = 0; - maxfd = (s_rcv > s_snd) ? s_rcv : s_snd; - - for (;;) { - tv.tv_sec = FAITH_TIMEOUT / 4; - tv.tv_usec = 0; - oreadfds = readfds; - owritefds = writefds; - oexceptfds = exceptfds; - error = select(maxfd + 1, &readfds, &writefds, &exceptfds, &tv); - if (error == -1) { - if (errno == EINTR) - continue; - exit_failure("select: %s", strerror(errno)); - } else if (error == 0) { - readfds = oreadfds; - writefds = owritefds; - exceptfds = oexceptfds; - notify_inactive(); - continue; - } - - /* activity notification */ - notify_active(); - - if (FD_ISSET(s_rcv, &exceptfds)) { - error = ioctl(s_rcv, SIOCATMARK, &atmark); - if (error != -1 && atmark == 1) { - int cc; - oob_read_retry: - cc = read(s_rcv, atmark_buf, 1); - if (cc == 1) { - FD_CLR(s_rcv, &exceptfds); - FD_SET(s_snd, &writefds); - oob_exists = 1; - } else if (cc == -1) { - if (errno == EINTR) - goto oob_read_retry; - exit_failure("reading oob data failed" - ": %s", - strerror(errno)); - } - } - } - if (FD_ISSET(s_rcv, &readfds)) { - relaydata_read_retry: - tblen = read(s_rcv, tcpbuf, sizeof(tcpbuf)); - tboff = 0; - - switch (tblen) { - case -1: - if (errno == EINTR) - goto relaydata_read_retry; - exit_failure("reading relay data failed: %s", - strerror(errno)); - /* NOTREACHED */ - case 0: - /* to close opposite-direction relay process */ - shutdown(s_snd, SHUT_RD); - - close(s_rcv); - close(s_snd); - exit_success("terminating %s relay", service); - /* NOTREACHED */ - default: - FD_CLR(s_rcv, &readfds); - FD_SET(s_snd, &writefds); - break; - } - } - if (FD_ISSET(s_snd, &writefds)) - send_data(s_rcv, s_snd, service, direction); - } -} - -void -tcp_relay(int s_src, int s_dst, const char *service) -{ - syslog(LOG_INFO, "starting %s relay", service); - - child_lastactive = parent_lastactive = time(NULL); - - cpid = fork(); - switch (cpid) { - case -1: - exit_failure("tcp_relay: can't fork grand child: %s", - strerror(errno)); - /* NOTREACHED */ - case 0: - /* child process: relay going traffic */ - ppid = getppid(); - /* this is child so reopen log */ - closelog(); - openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); - relay(s_src, s_dst, service, 1); - /* NOTREACHED */ - default: - /* parent process: relay coming traffic */ - ppid = (pid_t)0; - signal(SIGUSR1, sig_ctimeout); - signal(SIGCHLD, sig_child); - relay(s_dst, s_src, service, 0); - /* NOTREACHED */ - } -} diff --git a/usr.sbin/faithd/test/faithd.rb b/usr.sbin/faithd/test/faithd.rb deleted file mode 100644 index ac8c4e63f4..0000000000 --- a/usr.sbin/faithd/test/faithd.rb +++ /dev/null @@ -1,313 +0,0 @@ -# faithd, ruby version. requires v6-enabled ruby. -# -# highly experimental (not working right at all) and very limited -# functionality. -# -# $Id: faithd.rb,v 1.1.1.1 1999/08/08 23:29:31 itojun Exp $ -# $FreeBSD: src/usr.sbin/faithd/test/faithd.rb,v 1.1 2000/01/27 09:28:38 shin Exp $ -# $DragonFly: src/usr.sbin/faithd/test/faithd.rb,v 1.2 2003/06/17 04:29:53 dillon Exp $ - -require "socket" -require "thread" - -# XXX should be derived from system headers -IPPROTO_IPV6 = 41 -IPV6_FAITH = 29 -DEBUG = true -DEBUG_LOOPBACK = true - -# TODO: OOB data handling -def tcpcopy(s1, s2, m) - STDERR.print "tcpcopy #{s1} #{s2}\n" if DEBUG - buf = "" - while TRUE - begin - buf = s1.sysread(100) - s2.syswrite(buf) - rescue EOFError - break - rescue IOError - break - end - end - STDERR.print "tcpcopy #{s1} #{s2} finished\n" if DEBUG - s1.shutdown(0) - s2.shutdown(1) -end - -def relay_ftp_passiveconn(s6, s4, dport6, dport4) - Thread.start do - d6 = TCPserver.open("::", dport6).accept - d4 = TCPsocket.open(s4.getpeer[3], dport4) - t = [] - t[0] = Thread.start do - tcpcopy(d6, d4) - end - t[1] = Thread.start do - tcpcopy(d4, d6) - end - for i in t - i.join - end - d4.close - d6.close - end -end - -def ftp_parse_2428(line) - if (line[0] != line[line.length - 1]) - return nil - end - t = line.split(line[0 .. 0]) # as string - if (t.size != 4 || t[1] !~ /^[12]$/ || t[3] !~ /^\d+$/) - return nil - end - return t[1 .. 3] -end - -def relay_ftp_command(s6, s4, state) - STDERR.print "relay_ftp_command start\n" if DEBUG - while TRUE - begin - STDERR.print "s6.gets\n" if DEBUG - line = s6.gets - STDERR.print "line is #{line}\n" if DEBUG - if line == nil - return nil - end - - # translate then copy - STDERR.print "line is #{line}\n" if DEBUG - if (line =~ /^EPSV\r\n/i) - STDERR.print "EPSV -> PASV\n" if DEBUG - line = "PASV\n" - state = "EPSV" - elsif (line =~ /^EPRT\s+(.+)\r\n/i) - t = ftp_parse_2428($1) - if t == nil - s6.puts "501 illegal parameter to EPRT\r\n" - next - end - - # some tricks should be here - s6.puts "501 illegal parameter to EPRT\r\n" - next - end - STDERR.print "fail: send #{line} as is\n" if DEBUG - s4.puts(line) - break - rescue EOFError - return nil - rescue IOError - return nil - end - end - STDERR.print "relay_ftp_command finish\n" if DEBUG - return state -end - -def relay_ftp_status(s4, s6, state) - STDERR.print "relay_ftp_status start\n" if DEBUG - while TRUE - begin - line = s4.gets - if line == nil - return nil - end - - # translate then copy - s6.puts(line) - - next if line =~ /^\d\d\d-/ - next if line !~ /^\d/ - - # special post-processing - case line - when /^221 / # result to QUIT - s4.shutdown(0) - s6.shutdown(1) - end - - break if (line =~ /^\d\d\d /) - rescue EOFError - return nil - rescue IOError - return nil - end - end - STDERR.print "relay_ftp_status finish\n" if DEBUG - return state -end - -def relay_ftp(sock, name) - STDERR.print "relay_ftp(#{sock}, #{name})\n" if DEBUG - while TRUE - STDERR.print "relay_ftp(#{sock}, #{name}) accepting\n" if DEBUG - s = sock.accept - STDERR.print "relay_ftp(#{sock}, #{name}) accepted #{s}\n" if DEBUG - Thread.start do - threads = [] - STDERR.print "accepted #{s} -> #{Thread.current}\n" if DEBUG - s6 = s - dest6 = s.addr[3] - if !DEBUG_LOOPBACK - t = s.getsockname.unpack("x8 x12 C4") - dest4 = "#{t[0]}.#{t[1]}.#{t[2]}.#{t[3]}" - port4 = s.addr[1] - else - dest4 = "127.0.0.1" - port4 = "ftp" - end - if DEBUG - STDERR.print "IPv6 dest: #{dest6} IPv4 dest: #{dest4}\n" if DEBUG - end - STDERR.print "connect to #{dest4} #{port4}\n" if DEBUG - s4 = TCPsocket.open(dest4, port4) - STDERR.print "connected to #{dest4} #{port4}, #{s4.addr[1]}\n" if DEBUG - state = 0 - while TRUE - # translate status line - state = relay_ftp_status(s4, s6, state) - break if state == nil - # translate command line - state = relay_ftp_command(s6, s4, state) - break if state == nil - end - STDERR.print "relay_ftp(#{sock}, #{name}) closing s4\n" if DEBUG - s4.close - STDERR.print "relay_ftp(#{sock}, #{name}) closing s6\n" if DEBUG - s6.close - STDERR.print "relay_ftp(#{sock}, #{name}) done\n" if DEBUG - end - end - STDERR.print "relay_ftp(#{sock}, #{name}) finished\n" if DEBUG -end - -def relay_tcp(sock, name) - STDERR.print "relay_tcp(#{sock}, #{name})\n" if DEBUG - while TRUE - STDERR.print "relay_tcp(#{sock}, #{name}) accepting\n" if DEBUG - s = sock.accept - STDERR.print "relay_tcp(#{sock}, #{name}) accepted #{s}\n" if DEBUG - Thread.start do - threads = [] - STDERR.print "accepted #{s} -> #{Thread.current}\n" if DEBUG - s6 = s - dest6 = s.addr[3] - if !DEBUG_LOOPBACK - t = s.getsockname.unpack("x8 x12 C4") - dest4 = "#{t[0]}.#{t[1]}.#{t[2]}.#{t[3]}" - port4 = s.addr[1] - else - dest4 = "127.0.0.1" - port4 = "telnet" - end - if DEBUG - STDERR.print "IPv6 dest: #{dest6} IPv4 dest: #{dest4}\n" if DEBUG - end - STDERR.print "connect to #{dest4} #{port4}\n" if DEBUG - s4 = TCPsocket.open(dest4, port4) - STDERR.print "connected to #{dest4} #{port4}, #{s4.addr[1]}\n" if DEBUG - [0, 1].each do |i| - threads[i] = Thread.start do - if (i == 0) - tcpcopy(s6, s4) - else - tcpcopy(s4, s6) - end - end - end - STDERR.print "relay_tcp(#{sock}, #{name}) wait\n" if DEBUG - for i in threads - STDERR.print "relay_tcp(#{sock}, #{name}) wait #{i}\n" if DEBUG - i.join - STDERR.print "relay_tcp(#{sock}, #{name}) wait #{i} done\n" if DEBUG - end - STDERR.print "relay_tcp(#{sock}, #{name}) closing s4\n" if DEBUG - s4.close - STDERR.print "relay_tcp(#{sock}, #{name}) closing s6\n" if DEBUG - s6.close - STDERR.print "relay_tcp(#{sock}, #{name}) done\n" if DEBUG - end - end - STDERR.print "relay_tcp(#{sock}, #{name}) finished\n" if DEBUG -end - -def usage() - STDERR.print "usage: #{$0} [-f] port...\n" -end - -#------------------------------------------------------------ - -$mode = "tcp" - -while ARGV[0] =~ /^-/ do - case ARGV[0] - when /^-f/ - $mode = "ftp" - else - usage() - exit 0 - end - ARGV.shift -end - -if ARGV.length == 0 - usage() - exit 1 -end - -ftpport = Socket.getservbyname("ftp") - -res = [] -for port in ARGV - t = Socket.getaddrinfo(nil, port, Socket::PF_INET6, Socket::SOCK_STREAM, - nil, Socket::AI_PASSIVE) - if (t.size <= 0) - STDERR.print "FATAL: getaddrinfo failed (port=#{port})\n" - exit 1 - end - res += t -end - -sockpool = [] -names = [] -listenthreads = [] - -res.each do |i| - s = TCPserver.new(i[3], i[1]) - n = Socket.getnameinfo(s.getsockname, Socket::NI_NUMERICHOST|Socket::NI_NUMERICSERV).join(" port ") - if i[6] == IPPROTO_IPV6 - s.setsockopt(i[6], IPV6_FAITH, 1) - end - s.setsockopt(Socket::SOL_SOCKET, Socket::SO_REUSEADDR, 1) - sockpool.push s - names.push n -end - -if DEBUG - (0 .. sockpool.size - 1).each do |i| - STDERR.print "listen[#{i}]: #{sockpool[i]} #{names[i]}\n" if DEBUG - end -end - -(0 .. sockpool.size - 1).each do |i| - listenthreads[i] = Thread.start do - if DEBUG - STDERR.print "listen[#{i}]: thread #{Thread.current}\n" if DEBUG - end - STDERR.print "listen[#{i}]: thread #{Thread.current}\n" if DEBUG - case $mode - when "tcp" - relay_tcp(sockpool[i], names[i]) - when "ftp" - relay_ftp(sockpool[i], names[i]) - end - end -end - -for i in listenthreads - i.join -end - -exit 0 diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index 4cf97cc6db..69f65d88a3 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -58,7 +58,7 @@ * or name a tcpmux service * or specify a unix domain socket * socket type stream/dgram/raw/rdm/seqpacket - * protocol tcp[4][6][/faith,ttcp], udp[4][6], unix + * protocol tcp[4][6][/ttcp], udp[4][6], unix * wait/nowait single-threaded/multi-threaded * user user to run daemon as * server program full path name @@ -1230,14 +1230,6 @@ setsockopt(fd, SOL_SOCKET, opt, (char *)&on, sizeof (on)) if (setsockopt(sep->se_fd, IPPROTO_TCP, TCP_NOPUSH, (char *)&on, sizeof (on)) < 0) syslog(LOG_ERR, "setsockopt (TCP_NOPUSH): %m"); -#ifdef IPV6_FAITH - if (sep->se_type == FAITH_TYPE) { - if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_FAITH, &on, - sizeof(on)) < 0) { - syslog(LOG_ERR, "setsockopt (IPV6_FAITH): %m"); - } - } -#endif #ifdef IPSEC ipsecsetup(sep); #endif @@ -1654,15 +1646,8 @@ more: if (arg != NULL) { if (strcmp(arg, "ttcp") == 0) sep->se_type = TTCP_TYPE; - else if (strcmp(arg, "faith") == 0) - sep->se_type = FAITH_TYPE; } } else { - if (sep->se_type == NORM_TYPE && - strncmp(arg, "faith/", 6) == 0) { - arg += 6; - sep->se_type = FAITH_TYPE; - } sep->se_proto = newstr(arg); } if (strncmp(sep->se_proto, "rpc/", 4) == 0) { diff --git a/usr.sbin/inetd/inetd.h b/usr.sbin/inetd/inetd.h index e98952374b..cb6138cae6 100644 --- a/usr.sbin/inetd/inetd.h +++ b/usr.sbin/inetd/inetd.h @@ -27,7 +27,6 @@ * SUCH DAMAGE. * * $FreeBSD: src/usr.sbin/inetd/inetd.h,v 1.4.2.4 2002/08/21 10:00:24 ume Exp $ - * $DragonFly: src/usr.sbin/inetd/inetd.h,v 1.3 2003/11/03 19:31:37 eirikn Exp $ */ #include @@ -46,7 +45,6 @@ #define MUX_TYPE 1 #define MUXPLUS_TYPE 2 #define TTCP_TYPE 3 -#define FAITH_TYPE 4 #define ISMUX(sep) (((sep)->se_type == MUX_TYPE) || \ ((sep)->se_type == MUXPLUS_TYPE)) #define ISMUXPLUS(sep) ((sep)->se_type == MUXPLUS_TYPE)