Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/dist/ipf Pull up revision 1.5 (requested by martti):
details: https://anonhg.NetBSD.org/src/rev/1dba54ffd14e
branches: netbsd-1-5
changeset: 492683:1dba54ffd14e
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:55:47 2002 +0000
description:
Pull up revision 1.5 (requested by martti):
Updated IPFilter to 3.4.23
diffstat:
dist/ipf/ipf2netbsd | 4 +-
dist/ipf/natparse.c | 506 ++++++++++++++++++++++-----------------------------
2 files changed, 223 insertions(+), 287 deletions(-)
diffs (truncated from 741 to 300 lines):
diff -r c363291b032e -r 1dba54ffd14e dist/ipf/ipf2netbsd
--- a/dist/ipf/ipf2netbsd Sat Feb 09 16:55:44 2002 +0000
+++ b/dist/ipf/ipf2netbsd Sat Feb 09 16:55:47 2002 +0000
@@ -1,6 +1,6 @@
#! /bin/sh
#
-# $NetBSD: ipf2netbsd,v 1.4 2000/05/21 18:37:27 veego Exp $
+# $NetBSD: ipf2netbsd,v 1.4.4.1 2002/02/09 16:55:47 he Exp $
#
# Copyright (c) 1999 The NetBSD Foundation, Inc.
# All rights reserved.
@@ -68,7 +68,7 @@
mkdir -p $dbase $dsys $dlkm
cd $r
pax -rvw . $dbase
-pax -rvw fil.c ip_auth.c ip_auth.h ip_compat.h ip_fil.c ip_fil.h ip_frag.c ip_frag.h ip_ftp_pxy.c ip_log.c ip_nat.c ip_nat.h ip_proxy.c ip_proxy.h ip_raudio_pxy.c ip_rcmd_pxy.c ip_state.c ip_state.h
ipl.h $dsys
+pax -rvw fil.c ip_auth.c ip_auth.h ip_compat.h ip_fil.c ip_fil.h ip_frag.c ip_frag.h ip_ftp_pxy.c ip_ipsec_pxy.c ip_log.c ip_nat.c ip_nat.h ip_netbios_pxy.c ip_proxy.c ip_proxy.h ip_raudio_pxy.c
ip_rcmd_pxy.c ip_state.c ip_state.h ipl.h $dsys
pax -rvw mln_ipl.c $dlkm
cd $dbase/man
# The ipnat(1) manpage belongs into section 8
diff -r c363291b032e -r 1dba54ffd14e dist/ipf/natparse.c
--- a/dist/ipf/natparse.c Sat Feb 09 16:55:44 2002 +0000
+++ b/dist/ipf/natparse.c Sat Feb 09 16:55:47 2002 +0000
@@ -1,11 +1,9 @@
-/* $NetBSD: natparse.c,v 1.3.2.1 2000/08/31 14:49:46 veego Exp $ */
+/* $NetBSD: natparse.c,v 1.3.2.2 2002/02/09 16:55:47 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2002 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <string.h>
@@ -43,8 +41,9 @@
#include <ctype.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
-#include "netinet/ip_nat.h"
#include "ipf.h"
#if defined(sun) && !SOLARIS2
@@ -56,7 +55,7 @@
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)Id: natparse.c,v 1.17.2.6 2000/07/08 02:14:40 darrenr Exp";
+static const char rcsid[] = "@(#)Id: natparse.c,v 1.17.2.22 2002/01/15 14:36:53 darrenr Exp";
#endif
@@ -64,187 +63,15 @@
#define bzero(a,b) memset(a,0,b)
#endif
+extern void printnat __P((ipnat_t *, int));
extern int countbits __P((u_32_t));
extern char *proto;
ipnat_t *natparse __P((char *, int));
-void printnat __P((ipnat_t *, int, void *));
void natparsefile __P((int, char *, int));
void nat_setgroupmap __P((struct ipnat *));
-void printnat(np, opts, ptr)
-ipnat_t *np;
-int opts;
-void *ptr;
-{
- struct protoent *pr;
- struct servent *sv;
- int bits;
-
- switch (np->in_redir)
- {
- case NAT_REDIRECT :
- printf("rdr");
- break;
- case NAT_MAP :
- printf("map");
- break;
- case NAT_MAPBLK :
- printf("map-block");
- break;
- case NAT_BIMAP :
- printf("bimap");
- break;
- default :
- fprintf(stderr, "unknown value for in_redir: %#x\n",
- np->in_redir);
- break;
- }
-
- printf(" %s ", np->in_ifname);
-
- if (np->in_flags & IPN_FILTER) {
- if (np->in_flags & IPN_NOTSRC)
- printf("! ");
- printf("from ");
- if (np->in_redir == NAT_REDIRECT) {
- printhostmask(4, (u_32_t *)&np->in_srcip,
- (u_32_t *)&np->in_srcmsk);
- if (np->in_scmp)
- printportcmp(np->in_p, &np->in_tuc.ftu_src);
- } else {
- printhostmask(4, (u_32_t *)&np->in_inip,
- (u_32_t *)&np->in_inmsk);
- if (np->in_dcmp)
- printportcmp(np->in_p, &np->in_tuc.ftu_dst);
- }
-
- if (np->in_flags & IPN_NOTDST)
- printf(" !");
- printf(" to ");
- if (np->in_redir == NAT_REDIRECT) {
- printhostmask(4, (u_32_t *)&np->in_outip,
- (u_32_t *)&np->in_outmsk);
- if (np->in_dcmp)
- printportcmp(np->in_p, &np->in_tuc.ftu_dst);
- } else {
- printhostmask(4, (u_32_t *)&np->in_srcip,
- (u_32_t *)&np->in_srcmsk);
- if (np->in_scmp)
- printportcmp(np->in_p, &np->in_tuc.ftu_src);
- }
- }
-
- if (np->in_redir == NAT_REDIRECT) {
- if (!(np->in_flags & IPN_FILTER)) {
- printf("%s", inet_ntoa(np->in_out[0]));
- bits = countbits(np->in_out[1].s_addr);
- if (bits != -1)
- printf("/%d ", bits);
- else
- printf("/%s ", inet_ntoa(np->in_out[1]));
- if (np->in_pmin)
- printf("port %d", ntohs(np->in_pmin));
- if (np->in_pmax != np->in_pmin)
- printf("- %d", ntohs(np->in_pmax));
- }
- printf(" -> %s", inet_ntoa(np->in_in[0]));
- if (np->in_flags & IPN_SPLIT)
- printf(",%s", inet_ntoa(np->in_in[1]));
- if (np->in_pnext)
- printf(" port %d", ntohs(np->in_pnext));
- if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
- printf(" tcp/udp");
- else if ((np->in_flags & IPN_TCP) == IPN_TCP)
- printf(" tcp");
- else if ((np->in_flags & IPN_UDP) == IPN_UDP)
- printf(" udp");
- if (np->in_flags & IPN_ROUNDR)
- printf(" round-robin");
- printf("\n");
- if (opts & OPT_DEBUG)
- printf("\t%p %lu %#x %u %p %d\n", np->in_ifp,
- np->in_space, np->in_flags, np->in_pmax, np,
- np->in_use);
- } else {
- np->in_nextip.s_addr = htonl(np->in_nextip.s_addr);
- if (!(np->in_flags & IPN_FILTER)) {
- printf("%s/", inet_ntoa(np->in_in[0]));
- bits = countbits(np->in_in[1].s_addr);
- if (bits != -1)
- printf("%d ", bits);
- else
- printf("%s", inet_ntoa(np->in_in[1]));
- }
- printf(" -> ");
- if (np->in_flags & IPN_IPRANGE) {
- printf("range %s-", inet_ntoa(np->in_out[0]));
- printf("%s", inet_ntoa(np->in_out[1]));
- } else {
- printf("%s/", inet_ntoa(np->in_out[0]));
- bits = countbits(np->in_out[1].s_addr);
- if (bits != -1)
- printf("%d ", bits);
- else
- printf("%s", inet_ntoa(np->in_out[1]));
- }
- if (*np->in_plabel) {
- pr = getprotobynumber(np->in_p);
- printf(" proxy port");
- if (np->in_dport != 0) {
- if (pr != NULL)
- sv = getservbyport(np->in_dport,
- pr->p_name);
- else
- sv = getservbyport(np->in_dport, NULL);
- if (sv != NULL)
- printf(" %s", sv->s_name);
- else
- printf(" %hu", ntohs(np->in_dport));
- }
- printf(" %.*s/", (int)sizeof(np->in_plabel),
- np->in_plabel);
- if (pr != NULL)
- fputs(pr->p_name, stdout);
- else
- printf("%d", np->in_p);
- } else if (np->in_redir == NAT_MAPBLK) {
- printf(" ports %d", np->in_pmin);
- if (opts & OPT_VERBOSE)
- printf("\n\tip modulous %d", np->in_pmax);
- } else if (np->in_pmin || np->in_pmax) {
- printf(" portmap");
- if (np->in_flags & IPN_AUTOPORTMAP) {
- printf(" auto");
- if (opts & OPT_DEBUG)
- printf(" [%d:%d %d %d]",
- ntohs(np->in_pmin),
- ntohs(np->in_pmax),
- np->in_ippip, np->in_ppip);
- } else {
- if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
- printf(" tcp/udp");
- else if (np->in_flags & IPN_TCP)
- printf(" tcp");
- else if (np->in_flags & IPN_UDP)
- printf(" udp");
- printf(" %d:%d", ntohs(np->in_pmin),
- ntohs(np->in_pmax));
- }
- }
- printf("\n");
- if (opts & OPT_DEBUG) {
- printf("\tifp %p space %lu nextip %s pnext %d",
- np->in_ifp, np->in_space,
- inet_ntoa(np->in_nextip), np->in_pnext);
- printf(" flags %x use %u\n",
- np->in_flags, np->in_use);
- }
- }
-}
-
-
void nat_setgroupmap(n)
ipnat_t *n;
{
@@ -268,7 +95,9 @@
}
-
+/*
+ * Parse a line of input from the ipnat configuration file
+ */
ipnat_t *natparse(line, linenum)
char *line;
int linenum;
@@ -278,8 +107,13 @@
char *dnetm = NULL, *dport = NULL;
char *s, *t, *cps[31], **cpp;
int i, cnt;
+ char *port1a = NULL, *port1b = NULL, *port2a = NULL;
+ proto = NULL;
+ /*
+ * Search for end of line and comment marker, advance of leading spaces
+ */
if ((s = strchr(line, '\n')))
*s = '\0';
if ((s = strchr(line, '#')))
@@ -292,6 +126,9 @@
bzero((char *)&ipn, sizeof(ipn));
cnt = 0;
+ /*
+ * split line upto into segments.
+ */
for (i = 0, *cps = strtok(line, " \b\t\r\n"); cps[i] && i < 30; cnt++)
cps[++i] = strtok(NULL, " \b\t\r\n");
@@ -304,6 +141,9 @@
cpp = cps;
+ /*
+ * Check first word is a recognised keyword and then is the interface
+ */
if (!strcasecmp(*cpp, "map"))
ipn.in_redir = NAT_MAP;
else if (!strcasecmp(*cpp, "map-block"))
@@ -324,6 +164,10 @@
ipn.in_ifname[sizeof(ipn.in_ifname) - 1] = '\0';
cpp++;
+ /*
+ * If the first word after the interface is "from" or is a ! then
+ * the expanded syntax is being used so parse it differently.
+ */
Home |
Main Index |
Thread Index |
Old Index