Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/dist/ipf Pull up revisions 1.6-1.7 (requested by martti):
details: https://anonhg.NetBSD.org/src/rev/2672c15ef0d9
branches: netbsd-1-5
changeset: 492681:2672c15ef0d9
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:55:41 2002 +0000
description:
Pull up revisions 1.6-1.7 (requested by martti):
Updated IPFilter to 3.4.23
diffstat:
dist/ipf/ipf.c | 61 ++++---
dist/ipf/ipmon.c | 417 ++++++++++++++++++++++++++++++++++++++++++++++++------
2 files changed, 408 insertions(+), 70 deletions(-)
diffs (truncated from 817 to 300 lines):
diff -r 3f616cf755d7 -r 2672c15ef0d9 dist/ipf/ipf.c
--- a/dist/ipf/ipf.c Sat Feb 09 16:55:38 2002 +0000
+++ b/dist/ipf/ipf.c Sat Feb 09 16:55:41 2002 +0000
@@ -1,14 +1,18 @@
-/* $NetBSD: ipf.c,v 1.4.4.1 2000/08/31 14:49:46 veego Exp $ */
+/* $NetBSD: ipf.c,v 1.4.4.2 2002/02/09 16:55:41 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2001 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
-# include <osreldate.h>
+# ifndef __FreeBSD_cc_version
+# include <osreldate.h>
+# else
+# if __FreeBSD_cc_version < 430000
+# include <osreldate.h>
+# endif
+# endif
#endif
#include <stdio.h>
#include <unistd.h>
@@ -45,7 +49,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.3 2000/08/07 14:54:05 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.11 2002/01/09 11:46:01 darrenr Exp";
#endif
#if SOLARIS
@@ -62,9 +66,7 @@
int main __P((int, char *[]));
int opts = 0;
-#ifdef USE_INET6
int use_inet6 = 0;
-#endif
static int fd = -1;
@@ -73,16 +75,22 @@
static void packetlogon __P((char *)), swapactive __P((void));
static int opendevice __P((char *));
static void closedevice __P((void));
-static char *getline __P((char *, size_t, FILE *));
+static char *getline __P((char *, size_t, FILE *, int *));
static char *ipfname = IPL_NAME;
static void usage __P((void));
-static void showversion __P((void));
+static int showversion __P((void));
static int get_flags __P((void));
+#if SOLARIS
+# define OPTS "6AdDEf:F:Il:noPrsUvVyzZ"
+#else
+# define OPTS "6AdDEf:F:Il:noPrsvVyzZ"
+#endif
+
static void usage()
{
- fprintf(stderr, "usage: ipf [-6AdDEInoPrsUvVyzZ] %s %s %s\n",
+ fprintf(stderr, "usage: ipf [-%s] %s %s %s\n", OPTS,
"[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]");
exit(1);
}
@@ -94,11 +102,9 @@
{
int c;
- while ((c = getopt(argc, argv, "6AdDEf:F:Il:noPrsUvVyzZ")) != -1) {
+ while ((c = getopt(argc, argv, OPTS)) != -1) {
switch (c)
{
- case '?' :
- usage();
#ifdef USE_INET6
case '6' :
use_inet6 = 1;
@@ -148,10 +154,11 @@
break;
#endif
case 'v' :
- opts |= OPT_VERBOSE;
+ opts += OPT_VERBOSE;
break;
case 'V' :
- showversion();
+ if (showversion())
+ exit(1);
break;
case 'y' :
frsync();
@@ -162,6 +169,9 @@
case 'Z' :
zerostats();
break;
+ default :
+ usage();
+ break;
}
}
@@ -254,8 +264,7 @@
exit(1);
}
- while (getline(line, sizeof(line), fp)) {
- linenum++;
+ while (getline(line, sizeof(line), fp, &linenum)) {
/*
* treat CR as EOL. LF is converted to NUL by getline().
*/
@@ -337,10 +346,11 @@
* Similar to fgets(3) but can handle '\\' and NL is converted to NUL.
* Returns NULL if error occured, EOF encounterd or input line is too long.
*/
-static char *getline(str, size, file)
+static char *getline(str, size, file, linenum)
register char *str;
size_t size;
FILE *file;
+int *linenum;
{
char *p;
int s, len;
@@ -358,6 +368,7 @@
p[len] = '\0';
break;
}
+ (*linenum)++;
p[len - 1] = '\0';
if (len < 2 || p[len - 2] != '\\')
break;
@@ -554,7 +565,7 @@
#endif
-static void showversion()
+static int showversion()
{
struct friostat fio;
struct friostat *fiop=&fio;
@@ -566,13 +577,13 @@
if ((vfd = open(ipfname, O_RDONLY)) == -1) {
perror("open device");
- return;
+ return 1;
}
if (ioctl(vfd, SIOCGETFS, &fiop)) {
- perror("ioctl(SIOCGETFS");
+ perror("ioctl(SIOCGETFS)");
close(vfd);
- return;
+ return 1;
}
close(vfd);
flags = get_flags();
@@ -611,4 +622,6 @@
s = "nomatch -> block";
printf("%s all, Logging: %savailable\n", s, fio.f_logging ? "" : "un");
printf("Active list: %d\n", fio.f_active);
+
+ return 0;
}
diff -r 3f616cf755d7 -r 2672c15ef0d9 dist/ipf/ipmon.c
--- a/dist/ipf/ipmon.c Sat Feb 09 16:55:38 2002 +0000
+++ b/dist/ipf/ipmon.c Sat Feb 09 16:55:41 2002 +0000
@@ -1,17 +1,10 @@
-/* $NetBSD: ipmon.c,v 1.4.4.1 2000/08/31 14:49:46 veego Exp $ */
+/* $NetBSD: ipmon.c,v 1.4.4.2 2002/02/09 16:55:41 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2002 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
-#if !defined(lint)
-static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipmon.c,v 2.12.2.4 2000/08/07 12:32:22 darrenr Exp";
-#endif
-
#ifndef SOLARIS
#define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun)
#endif
@@ -39,7 +32,9 @@
# include <sys/filio.h>
# include <sys/byteorder.h>
#endif
-#include <strings.h>
+#if !defined(__SVR4) && !defined(__GNUC__)
+# include <strings.h>
+#endif
#include <signal.h>
#include <stdlib.h>
#include <stddef.h>
@@ -68,10 +63,14 @@
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
-#include "netinet/ip_proxy.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"
+#if !defined(lint)
+static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: ipmon.c,v 2.12.2.22 2002/01/15 14:36:51 darrenr Exp";
+#endif
+
#if defined(sun) && !defined(SOLARIS2)
#define STRERROR(x) sys_errlist[x]
@@ -86,6 +85,23 @@
char flag;
};
+
+typedef struct icmp_subtype {
+ int ist_val;
+ char *ist_name;
+} icmp_subtype_t;
+
+typedef struct icmp_type {
+ int it_val;
+ struct icmp_subtype *it_subtable;
+ size_t it_stsize;
+ char *it_name;
+} icmp_type_t;
+
+
+#define IST_SZ(x) (sizeof(x)/sizeof(icmp_subtype_t))
+
+
struct flags tcpfl[] = {
{ TH_ACK, 'A' },
{ TH_RST, 'R' },
@@ -93,6 +109,8 @@
{ TH_FIN, 'F' },
{ TH_URG, 'U' },
{ TH_PUSH,'P' },
+ { TH_ECN, 'E' },
+ { TH_CWR, 'C' },
{ 0, '\0' }
};
@@ -121,6 +139,10 @@
static void dumphex __P((FILE *, u_char *, int));
static int read_log __P((int, int *, char *, int));
static void write_pid __P((char *));
+static char *icmpname __P((u_int, u_int));
+static char *icmpname6 __P((u_int, u_int));
+static icmp_type_t *find_icmptype __P((int, icmp_type_t *, size_t));
+static icmp_subtype_t *find_icmpsubtype __P((int, icmp_subtype_t *, size_t));
char *hostname __P((int, int, u_32_t *));
char *portname __P((int, char *, u_int));
@@ -134,7 +156,6 @@
static char **udp_ports = NULL;
static char **tcp_ports = NULL;
-
#define OPT_SYSLOG 0x001
#define OPT_RESOLVE 0x002
#define OPT_HEXBODY 0x004
@@ -146,6 +167,7 @@
#define OPT_FILTER 0x200
#define OPT_PORTNUM 0x400
#define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER)
+#define OPT_LOGBODY 0x800
#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
@@ -154,7 +176,200 @@
#endif
-void handlehup(sig)
+static icmp_subtype_t icmpunreachnames[] = {
+ { ICMP_UNREACH_NET, "net" },
+ { ICMP_UNREACH_HOST, "host" },
+ { ICMP_UNREACH_PROTOCOL, "protocol" },
+ { ICMP_UNREACH_PORT, "port" },
+ { ICMP_UNREACH_NEEDFRAG, "needfrag" },
+ { ICMP_UNREACH_SRCFAIL, "srcfail" },
+ { ICMP_UNREACH_NET_UNKNOWN, "net_unknown" },
+ { ICMP_UNREACH_HOST_UNKNOWN, "host_unknown" },
+ { ICMP_UNREACH_NET, "isolated" },
Home |
Main Index |
Thread Index |
Old Index