src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	1999-02-05 05:58:55 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	1999-02-05 05:58:55 +0000
commit	e689014cc2747748c76a2b3f492470f1362031e2 (patch)
tree	30f2062ed5c01f4b6d08d952c92e6e0c432b485f /sbin
parent	20a077f722546853c96c85750162a4b9c096033b (diff)

ipf 3.2.10; work by kjell

Diffstat (limited to 'sbin')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

100

9 files changed, 122 insertions, 46 deletions

diff --git a/sbin/ipf/ipf.5 b/sbin/ipf/ipf.5
index 5f469e4927a..4c3c47f65eb 100644
--- a/sbin/ipf/ipf.5
+++ b/sbin/ipf/ipf.5

@@ -1,4 +1,4 @@

-.\" $OpenBSD: ipf.5,v 1.11 1998/09/15 09:55:44 pattonme Exp $

+.\" $OpenBSD: ipf.5,v 1.12 1999/02/05 05:58:41 deraadt Exp $

.TH IPF 5

.SH NAME

ipf \- IP packet filter rule syntax

@@ -447,9 +447,9 @@ all inbound packets, we would do something like:

.LP

.nf

block in all

- block in on le0 quick all head 100

- block in on le1 quick all head 200

- block in on lo0 quick all head 300

+ block in quick on le0 all head 100

+ block in quick on le1 all head 200

+ block in quick on lo0 all head 300

.fi

.PP

diff --git a/sbin/ipf/ipf.c b/sbin/ipf/ipf.c
index ab2a50cc113..93b39cbb35f 100644
--- a/sbin/ipf/ipf.c
+++ b/sbin/ipf/ipf.c

@@ -1,6 +1,6 @@

-/* $OpenBSD: ipf.c,v 1.12 1998/09/15 09:55:44 pattonme Exp $ */

+/* $OpenBSD: ipf.c,v 1.13 1999/02/05 05:58:42 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

@@ -45,7 +45,7 @@

#if !defined(lint)

-static const char rcsid[] = "@(#)$Id: ipf.c,v 1.12 1998/09/15 09:55:44 pattonme Exp $";

+static const char rcsid[] = "@(#)$Id: ipf.c,v 1.13 1999/02/05 05:58:42 deraadt Exp $";

#endif

static void frsync __P((void));

diff --git a/sbin/ipf/ipf.h b/sbin/ipf/ipf.h
index afd65120faf..f4806ddaa9f 100644
--- a/sbin/ipf/ipf.h
+++ b/sbin/ipf/ipf.h

@@ -1,13 +1,13 @@

-/* $OpenBSD: ipf.h,v 1.8 1998/01/26 04:13:36 dgregor Exp $ */

+/* $OpenBSD: ipf.h,v 1.9 1999/02/05 05:58:42 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

* to the original author and the contributors.

* @(#)ipf.h 1.12 6/5/96

- * $Id: ipf.h,v 1.8 1998/01/26 04:13:36 dgregor Exp $

+ * $Id: ipf.h,v 1.9 1999/02/05 05:58:42 deraadt Exp $

#ifndef __IPF_H__

@@ -70,6 +70,8 @@ extern u_32_t optname __P((char ***, u_short *));

extern void printpacket __P((ip_t *));

#if SOLARIS

extern int inet_aton __P((const char *, struct in_addr *));

+extern int gethostname __P((char *, int ));

+extern void sync __P((void));

#endif

#ifdef sun

diff --git a/sbin/ipf/opt.c b/sbin/ipf/opt.c
index 4e470381ef0..c659bdedda9 100644
--- a/sbin/ipf/opt.c
+++ b/sbin/ipf/opt.c

@@ -1,6 +1,6 @@

-/* $OpenBSD: opt.c,v 1.9 1998/09/15 09:55:44 pattonme Exp $ */

+/* $OpenBSD: opt.c,v 1.10 1999/02/05 05:58:42 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

@@ -32,7 +32,7 @@

#if !defined(lint)

-static const char rcsid[] = "@(#)$Id: opt.c,v 1.9 1998/09/15 09:55:44 pattonme Exp $";

+static const char rcsid[] = "@(#)$Id: opt.c,v 1.10 1999/02/05 05:58:42 deraadt Exp $";

#endif

extern int opts;

diff --git a/sbin/ipf/parse.c b/sbin/ipf/parse.c
index 585ce01362a..d819996d5f6 100644
--- a/sbin/ipf/parse.c
+++ b/sbin/ipf/parse.c

@@ -1,6 +1,6 @@

-/* $OpenBSD: parse.c,v 1.22 1998/11/24 03:05:34 deraadt Exp $ */

+/* $OpenBSD: parse.c,v 1.23 1999/02/05 05:58:42 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

@@ -40,7 +40,7 @@

#if !defined(lint)

-static const char rcsid[] = "@(#)$Id: parse.c,v 1.22 1998/11/24 03:05:34 deraadt Exp $";

+static const char rcsid[] = "@(#)$Id: parse.c,v 1.23 1999/02/05 05:58:42 deraadt Exp $";

#endif

extern struct ipopt_names ionames[], secclass[];

diff --git a/sbin/ipfstat/fils.c b/sbin/ipfstat/fils.c
index cda5939e3a1..a6c4a03eacb 100644
--- a/sbin/ipfstat/fils.c
+++ b/sbin/ipfstat/fils.c

@@ -1,6 +1,6 @@

-/* $OpenBSD: fils.c,v 1.13 1998/09/15 09:58:34 pattonme Exp $ */

+/* $OpenBSD: fils.c,v 1.14 1999/02/05 05:58:43 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

@@ -51,7 +51,7 @@

#if !defined(lint)

-static const char rcsid[] = "@(#)$Id: fils.c,v 1.13 1998/09/15 09:58:34 pattonme Exp $";

+static const char rcsid[] = "@(#)$Id: fils.c,v 1.14 1999/02/05 05:58:43 deraadt Exp $";

#endif

#ifdef _PATH_UNIX

# define VMUNIX _PATH_UNIX

@@ -224,6 +224,10 @@ struct friostat *fp;

#if SOLARIS

PRINTF("dropped packets:\tin %lu\tout %lu\n",

fp->f_st[0].fr_drop, fp->f_st[1].fr_drop);

+ PRINTF("non-data packets:\tin %lu\tout %lu\n",

+ fp->f_st[0].fr_notdata, fp->f_st[1].fr_notdata);

+ PRINTF("no-data packets:\tin %lu\tout %lu\n",

+ fp->f_st[0].fr_nodata, fp->f_st[1].fr_nodata);

PRINTF("non-ip packets:\t\tin %lu\tout %lu\n",

fp->f_st[0].fr_notip, fp->f_st[1].fr_notip);

PRINTF(" bad packets:\t\tin %lu\tout %lu\n",

@@ -394,22 +398,21 @@ ips_stat_t *ipsp;

ips.is_pkts, ips.is_bytes);

#endif

if (ips.is_p == IPPROTO_TCP)

- PRINTF("\t%hu -> %hu %lu:%lu %hu:%hu\n",

+ PRINTF("\t%hu -> %hu %lu:%lu %hu:%hu",

ntohs(ips.is_sport),

ntohs(ips.is_dport),

ips.is_seq, ips.is_ack,

ips.is_swin, ips.is_dwin);

else if (ips.is_p == IPPROTO_UDP)

- PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport),

+ PRINTF(" %hu -> %hu", ntohs(ips.is_sport),

ntohs(ips.is_dport));

else if (ips.is_p == IPPROTO_ICMP)

- PRINTF(" %hu %hu %d\n", ips.is_icmp.ics_id,

+ PRINTF(" %hu %hu %d", ips.is_icmp.ics_id,

ips.is_icmp.ics_seq,

ips.is_icmp.ics_type);

- /* phil@ultimate.com ... */

- PRINTF("\t");

- /* from "printfr()" */

+ PRINTF("\n\t");

if (ips.is_pass & FR_PASS) {

PRINTF("pass");

} else if (ips.is_pass & FR_BLOCK) {

@@ -449,7 +452,6 @@ ips_stat_t *ipsp;

if (ips.is_pass & FR_KEEPSTATE)

PRINTF(" keep state");

PRINTF("\n");

- /* ... phil@ultimate.com */

PRINTF("\tpkt_flags & %x = %x,\t", ips.is_flags & 0xf,

ips.is_flags >> 4);

diff --git a/sbin/ipfstat/kmem.c b/sbin/ipfstat/kmem.c
index 6792855133e..1a9120253c5 100644
--- a/sbin/ipfstat/kmem.c
+++ b/sbin/ipfstat/kmem.c

@@ -1,6 +1,6 @@

-/* $OpenBSD: kmem.c,v 1.9 1998/01/26 04:13:43 dgregor Exp $ */

+/* $OpenBSD: kmem.c,v 1.10 1999/02/05 05:58:43 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

@@ -21,7 +21,7 @@

#if !defined(lint)

-static const char rcsid[] = "@(#)$Id: kmem.c,v 1.9 1998/01/26 04:13:43 dgregor Exp $";

+static const char rcsid[] = "@(#)$Id: kmem.c,v 1.10 1999/02/05 05:58:43 deraadt Exp $";

#endif

static int kmemfd = -1;

diff --git a/sbin/ipfstat/kmem.h b/sbin/ipfstat/kmem.h
index b0733126362..5a19954df85 100644
--- a/sbin/ipfstat/kmem.h
+++ b/sbin/ipfstat/kmem.h

@@ -1,11 +1,11 @@

-/* $OpenBSD: kmem.h,v 1.6 1998/09/15 09:58:34 pattonme Exp $ */

+/* $OpenBSD: kmem.h,v 1.7 1999/02/05 05:58:44 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

* to the original author and the contributors.

- * $Id: kmem.h,v 1.6 1998/09/15 09:58:34 pattonme Exp $

+ * $Id: kmem.h,v 1.7 1999/02/05 05:58:44 deraadt Exp $

#ifndef __KMEM_H__

diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c
index b9affc0e4cb..29bdf05a653 100644
--- a/sbin/ipnat/ipnat.c
+++ b/sbin/ipnat/ipnat.c

@@ -1,6 +1,6 @@

-/* $OpenBSD: ipnat.c,v 1.25 1998/10/11 05:36:32 deraadt Exp $ */

+/* $OpenBSD: ipnat.c,v 1.26 1999/02/05 05:58:48 deraadt Exp $ */

* Redistribution and use in source and binary forms are permitted

* provided that this notice is preserved and due credit is given

@@ -67,7 +67,7 @@ extern char *sys_errlist[];

#if !defined(lint)

-static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.25 1998/10/11 05:36:32 deraadt Exp $";

+static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.26 1999/02/05 05:58:48 deraadt Exp $";

#endif

@@ -83,6 +83,7 @@ u_32_t hostmask __P((char *));

u_short portnum __P((char *, char *));

void dostats __P((int, int)), flushtable __P((int, int));

void printnat __P((ipnat_t *, int, void *));

+void printaps __P((ap_session_t *, int ));

void parsefile __P((int, char *, int));

void usage __P((char *));

int countbits __P((u_32_t));

@@ -195,8 +196,9 @@ ipnat_t *np;

int verbose;

void *ptr;

{

- int bits;

struct protoent *pr;

+ struct servent *sv;

+ int bits;

switch (np->in_redir)

{

@@ -253,12 +255,22 @@ void *ptr;

else

printf("%s", inet_ntoa(np->in_out[1]));

if (*np->in_plabel) {

+ pr = getprotobynumber(np->in_p);

printf(" proxy port");

- if (np->in_dport)

- printf(" %hu", ntohs(np->in_dport));

+ if (np->in_dport != 0) {

+ if (pr != NULL)

+ sv = getservbyport(np->in_dport,

+ pr->p_name);

+ else

+ sv = getservbyport(np->in_dport, NULL);

+ if (sv != NULL)

+ printf(" %s", sv->s_name);

+ else

+ printf(" %hu", ntohs(np->in_dport));

+ }

printf(" %.*s/", (int)sizeof(np->in_plabel),

np->in_plabel);

- if ((pr = getprotobynumber(np->in_p)))

+ if (pr != NULL)

fputs(pr->p_name, stdout);

else

printf("%d", np->in_p);

@@ -274,10 +286,51 @@ void *ptr;

ntohs(np->in_pmax));

}

printf("\n");

- if (verbose)

- printf("\t%p %u %s %d %x\n", np->in_ifp,

- np->in_space, inet_ntoa(np->in_nextip),

- np->in_pnext, np->in_flags);

+ if (verbose) {

+ printf("\tifp %p space %u nextip %s pnext %d",

+ np->in_ifp, np->in_space,

+ inet_ntoa(np->in_nextip), np->in_pnext);

+ printf(" flags %x use %u\n",

+ np->in_flags, np->in_use);

+ }

+void printaps(aps, opts)

+ap_session_t *aps;

+int opts;

+ ap_session_t ap;

+ aproxy_t apr;

+ ap_tcp_t apt;

+ ap_udp_t apu;

+ if (kmemcpy((char *)&ap, (long)aps, sizeof(ap)))

+ return;

+ if (kmemcpy((char *)&apr, (long)ap.aps_apr, sizeof(apr)))

+ return;

+ printf("\tproxy %s/%d use %d flags %x\n", apr.apr_label,

+ apr.apr_p, apr.apr_ref, apr.apr_flags);

+ printf("\t\t%d %s -> ", ap.aps_p, inet_ntoa(ap.aps_src));

+ printf("%s [%#x ", inet_ntoa(ap.aps_dst), ap.aps_flags);

+#ifdef USE_QUAD_T

+ printf("%qu %qu", ap.aps_bytes, ap.aps_pkts);

+#else

+ printf("%lu %lu", ap.aps_bytes, ap.aps_pkts);

+#endif

+ printf(" %x[%d]]\n", ap.aps_data, ap.aps_psiz);

+ if ((ap.aps_p == IPPROTO_TCP) && (opts & OPT_VERBOSE)) {

+ printf("\t\t%hu -> %hu state[%d,%d], sel[%d,%d]\n",

+ ap.aps_sport, ap.aps_dport,

+ ap.aps_state[0], ap.aps_state[1],

+ ap.aps_sel[0], ap.aps_sel[1]);

+ printf("\t\tseq: off %hd/%hd min %x/%x\n",

+ ap.aps_seqoff[0], ap.aps_seqoff[1],

+ ap.aps_seqmin[0], ap.aps_seqmin[1]);

+ printf("\t\tack: off %hd/%hd min %x/%x\n",

+ ap.aps_ackoff[0], ap.aps_ackoff[1],

+ ap.aps_ackmin[0], ap.aps_ackmin[1]);

}

@@ -374,12 +427,26 @@ int fd, opts;

ntohs(nat.nat_outport));

printf(" [%s %hu]", inet_ntoa(nat.nat_oip),

ntohs(nat.nat_oport));

- printf(" %ld %hu %x", nat.nat_age,

- nat.nat_use, nat.nat_sumd);

+ if (opts & OPT_VERBOSE) {

+ printf("\n\tage %lu use %hu sumd %x",

+ nat.nat_age, nat.nat_use,

+ nat.nat_sumd);

+ printf(" bkt %d flags %x ",

+ i, nat.nat_flags);

+#ifdef USE_QUAD_T

+ printf("bytes %qu pkts %qu",

+ nat.nat_bytes, nat.nat_pkts);

+#else

+ printf("bytes %lu pkts %lu",

+ nat.nat_bytes, nat.nat_pkts);

+#endif

#if SOLARIS

- printf(" %lx", nat.nat_ipsumd);

+ printf(" %lx", nat.nat_ipsumd);

#endif

+ }

putchar('\n');

+ if (nat.nat_aps)

+ printaps(nat.nat_aps, opts);

}

free(nt[0]);

}

@@ -677,6 +744,11 @@ char *line;

if (*dnetm == '/')

*dnetm++ = '\0';

} else {

+ if (strrchr(dhost, '/') != NULL) {

+ fprintf(stderr, "No netmask supported in %s\n",

+ "destination host for redirect");

+ return NULL;

+ }

/* If it's a in_redir, expect target port */

if (!(s = strtok(NULL, " \t"))) {

fprintf(stderr, "missing fields (destination port)\n");