summaryrefslogtreecommitdiff
path: root/sbin/ipf/ipf.c
diff options
context:
space:
mode:
authorKjell Wooding <kjell@cvs.openbsd.org>1999-12-15 05:20:28 +0000
committerKjell Wooding <kjell@cvs.openbsd.org>1999-12-15 05:20:28 +0000
commit0d8d81d8f58d6f5eae36373c100a2562a3d9c879 (patch)
treeb3707c6aa857b4476407ab2400656c7c43045937 /sbin/ipf/ipf.c
parentb31112257bf9b07ac5f126920d34834e580e789f (diff)
Import of Darren Reed's IPFilter 3.3.4, including OpenBSD patches.
Many, many enhancements and improvements, including new in-kernel proxies, enhancements to logging, and many bugfixes. Note: Man pages have not yet been re-converted to mdoc.
Diffstat (limited to 'sbin/ipf/ipf.c')
-rw-r--r--sbin/ipf/ipf.c132
1 files changed, 100 insertions, 32 deletions
diff --git a/sbin/ipf/ipf.c b/sbin/ipf/ipf.c
index eaaf94e6094..bf2517b13af 100644
--- a/sbin/ipf/ipf.c
+++ b/sbin/ipf/ipf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipf.c,v 1.19 1999/07/06 19:06:42 kjell Exp $ */
+/* $OpenBSD: ipf.c,v 1.20 1999/12/15 05:20:24 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
*
@@ -35,20 +35,18 @@
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
-#if defined(__OpenBSD__)
-# include <netinet/ip_fil_compat.h>
-#else
-# include <netinet/ip_compat.h>
-#endif
+#include <netinet/ip_fil_compat.h>
#include <netinet/ip_fil.h>
+#include <netinet/ip_nat.h>
+#include <netinet/ip_state.h>
#include "ipf.h"
+#include <netinet/ipl.h>
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipf.c,v 1.19 1999/07/06 19:06:42 kjell Exp $";
+static const char rcsid[] = "@(#)$Id: ipf.c,v 1.20 1999/12/15 05:20:24 kjell Exp $";
#endif
-static void frsync __P((void));
#if SOLARIS
static void blockunknown __P((void));
#endif
@@ -60,6 +58,7 @@ extern char *optarg;
extern int optind;
extern int optreset;
+void frsync __P((void));
void zerostats __P((void));
int main __P((int, char *[]));
@@ -74,24 +73,28 @@ static int opendevice __P((char *));
static void closedevice __P((void));
static char *getline __P((char *, size_t, FILE *));
static char *ipfname = IPL_NAME;
+static void usage __P((void));
+static void showversion __P((void));
+static int get_flags __P((void));
#if SOLARIS
-#define OPTS "AdDEf:F:Il:noPrsUvyzZ"
+#define OPTS "AdDEf:F:Il:noPrsUvVyzZ"
#else
-#define OPTS "AdDEf:F:Il:noPrsvyzZ"
+#define OPTS "AdDEf:F:Il:noPrsvVyzZ"
#endif
-void usage()
+static void usage()
{
#if SOLARIS
- fprintf(stderr, "usage: ipf [-AdDEInorsUvyzZ] [-l block|pass|nomatch] "
+ fprintf(stderr, "usage: ipf [-AdDEInoPrsUvVyzZ] %s %s %s\n",
#else
- fprintf(stderr, "usage: ipf [-AdDEInorsvyzZ] [-l block|pass|nomatch] "
+ fprintf(stderr, "usage: ipf [-AdDEInoPrsvVyzZ] %s %s %s\n",
#endif
- "[-F i|o|a|s|S] [-f filename]\n");
+ "[-l block|pass|nomatch]", "[-F i|o|a|s|S]", "[-f filename]");
exit(1);
}
+
int main(argc,argv)
int argc;
char *argv[];
@@ -154,6 +157,9 @@ char *argv[];
case 'v' :
opts |= OPT_VERBOSE;
break;
+ case 'V' :
+ showversion();
+ break;
case 'y' :
frsync();
break;
@@ -198,6 +204,18 @@ static void closedevice()
}
+static int get_flags()
+{
+ int i;
+
+ if ((opendevice(ipfname) != -2) && (ioctl(fd, SIOCGETFF, &i) == -1)) {
+ perror("SIOCFRENB");
+ return 0;
+ }
+ return i;
+}
+
+
static void set_state(enable)
u_int enable;
{
@@ -213,13 +231,17 @@ char *name, *file;
FILE *fp;
char line[513], *s;
struct frentry *fr;
- u_int add = SIOCADAFR, del = SIOCRMAFR;
+ u_int add, del;
+ int linenum = 0;
(void) opendevice(ipfname);
if (opts & OPT_INACTIVE) {
add = SIOCADIFR;
del = SIOCRMIFR;
+ } else {
+ add = SIOCADAFR;
+ del = SIOCRMAFR;
}
if (opts & OPT_DEBUG)
printf("add %x del %x\n", add, del);
@@ -235,6 +257,7 @@ char *name, *file;
}
while (getline(line, sizeof(line), fp)) {
+ linenum++;
/*
* treat CR as EOL. LF is converted to NUL by getline().
*/
@@ -252,7 +275,7 @@ char *name, *file;
if (opts & OPT_VERBOSE)
(void)fprintf(stderr, "[%s]\n", line);
- fr = parse(line);
+ fr = parse(line, linenum);
(void)fflush(stdout);
if (fr) {
@@ -339,13 +362,12 @@ FILE *file;
static void packetlogon(opt)
char *opt;
{
- int err, flag = 0;
-
- if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
- if ((err = ioctl(fd, SIOCGETFF, &flag)))
- perror("ioctl(SIOCGETFF)");
+ int flag, err;
- printf("log flag is currently %#x\n", flag);
+ err = get_flags();
+ if (err != 0) {
+ if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
+ printf("log flag is currently %#x\n", flag);
}
flag &= ~(FF_LOGPASS|FF_LOGNOMATCH|FF_LOGBLOCK);
@@ -370,9 +392,7 @@ char *opt;
perror("ioctl(SIOCSETFF)");
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
- if ((err = ioctl(fd, SIOCGETFF, &flag)))
- perror("ioctl(SIOCGETFF)");
-
+ flag = get_flags();
printf("log flag is now %#x\n", flag);
}
}
@@ -434,7 +454,7 @@ static void swapactive()
}
-static void frsync()
+void frsync()
{
int frsyn = 0;
@@ -495,17 +515,14 @@ friostat_t *fp;
#if SOLARIS
static void blockunknown()
{
- int flag;
+ u_32_t flag;
if (opendevice(ipfname) == -1)
return;
- if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
- if (ioctl(fd, SIOCGETFF, &flag))
- perror("ioctl(SIOCGETFF)");
-
+ flag = get_flags();
+ if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
printf("log flag is currently %#x\n", flag);
- }
flag ^= FF_BLOCKNONIP;
@@ -520,3 +537,54 @@ static void blockunknown()
}
}
#endif
+
+
+static void showversion()
+{
+ struct friostat fio;
+ u_32_t flags;
+ char *s;
+
+ printf("ipf: %s (%d)\n", IPL_VERSION, sizeof(frentry_t));
+
+ if (opendevice(ipfname) != -2 && ioctl(fd, SIOCGETFS, &fio)) {
+ perror("ioctl(SIOCGETFS");
+ return;
+ }
+ flags = get_flags();
+
+ printf("Kernel: %-*.*s\n", (int)sizeof(fio.f_version),
+ (int)sizeof(fio.f_version), fio.f_version);
+ printf("Running: %s\n", fio.f_running ? "yes" : "no");
+ printf("Log Flags: %#x = ", flags);
+ s = "";
+ if (flags & FF_LOGPASS) {
+ printf("pass");
+ s = ", ";
+ }
+ if (flags & FF_LOGBLOCK) {
+ printf("%sblock", s);
+ s = ", ";
+ }
+ if (flags & FF_LOGNOMATCH) {
+ printf("%snomatch", s);
+ s = ", ";
+ }
+ if (flags & FF_BLOCKNONIP) {
+ printf("%snonip", s);
+ s = ", ";
+ }
+ if (!*s)
+ printf("none set");
+ putchar('\n');
+
+ printf("Default: ");
+ if (fio.f_defpass & FR_PASS)
+ s = "pass";
+ else if (fio.f_defpass & FR_BLOCK)
+ s = "block";
+ else
+ s = "nomatch -> block";
+ printf("%s all, Logging: %savailable\n", s, fio.f_logging ? "" : "un");
+ printf("Active list: %d\n", fio.f_active);
+}