diff options
| author | dm <dm@cvs.openbsd.org> | 1996-07-18 05:08:40 +0000 |
|---|---|---|
| committer | dm <dm@cvs.openbsd.org> | 1996-07-18 05:08:40 +0000 |
| commit | d863770dbf1c7b1d87285f2c65bde3fe93cd1b9d (patch) | |
| tree | afd06cb0f25ed0255313ed8a15dfe0f99cdb7215 /sbin | |
| parent | 1688332c300a04e1f04f1afcec7ff0a2a0a29e06 (diff) | |
ipfilter 3.1.0
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipfstat/fils.c | 20 | ||||
| -rw-r--r-- | sbin/ipfstat/ipfstat.8 | 9 | ||||
| -rw-r--r-- | sbin/ipfstat/kmem.c | 3 | ||||
| -rw-r--r-- | sbin/ipfstat/kmem.h | 3 | ||||
| -rw-r--r-- | sbin/ipnat/ipnat.1 | 2 | ||||
| -rw-r--r-- | sbin/ipnat/ipnat.4 | 2 | ||||
| -rw-r--r-- | sbin/ipnat/ipnat.5 | 2 | ||||
| -rw-r--r-- | sbin/ipnat/ipnat.c | 121 |
8 files changed, 116 insertions, 46 deletions
diff --git a/sbin/ipfstat/fils.c b/sbin/ipfstat/fils.c index 2592f0816dd..f0896402065 100644 --- a/sbin/ipfstat/fils.c +++ b/sbin/ipfstat/fils.c @@ -1,5 +1,3 @@ -/* $OpenBSD: fils.c,v 1.5 1996/07/10 03:53:49 ccappuc Exp $ */ - /* * (C)opyright 1993-1996 by Darren Reed. * @@ -29,6 +27,8 @@ #include <netinet/ip.h> #include <net/if.h> #include "ip_fil.h" +#include "ip_fil_compat.h" +#include "ip_nat.h" #include "ip_frag.h" #include "ip_state.h" #include <netdb.h> @@ -41,12 +41,13 @@ #endif #ifndef lint -static char sccsid[] = "@(#)fils.c 1.20 3/24/96 (C) 1993-1996 Darren Reed"; +static char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-1996 Darren Reed"; +static char rcsid[] = "$Id: fils.c,v 1.6 1996/07/18 05:08:09 dm Exp $"; #endif #ifdef _PATH_UNIX #define VMUNIX _PATH_UNIX #else -#define VMUNIX "/bsd" +#define VMUNIX "/vmunix" #endif extern char *optarg; @@ -64,6 +65,14 @@ int opts = 0; static void showstats(), showfrstates(); static void showlist(), showipstates(); +void Usage(name) +char *name; +{ + fprintf(stderr, "Usage: %s [-afhIiosv] [-d <device>]\n", name); + exit(1); +} + + int main(argc,argv) int argc; char *argv[]; @@ -114,6 +123,9 @@ char *argv[]; case 'v' : opts |= OPT_VERBOSE; break; + default : + Usage(); + break; } } diff --git a/sbin/ipfstat/ipfstat.8 b/sbin/ipfstat/ipfstat.8 index ade7b07902c..1b378541580 100644 --- a/sbin/ipfstat/ipfstat.8 +++ b/sbin/ipfstat/ipfstat.8 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipfstat.8,v 1.5 1996/07/10 03:58:41 ccappuc Exp $ -.\" .LP .TH ipfstat 8 .SH NAME @@ -9,11 +7,10 @@ ipfstat [-hIiovd:] .SH DESCRIPTION .LP .PP -\fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP, +\fBipfstat examines /dev/kmem using the symbols \fB_fr_flags\fP, \fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP. To run and work, it needs to be able to read both /dev/kmem and the -kernel itself. The kernel name defaults to \fB_PATH_UNIX\fP and then -to \fB/bsd\fP if \fB_PATH_UNIX\fP isn't defined. +kernel itself. The kernel name defaults to \fB/vmunix\fP. .PP The default behaviour of \fBipfstat\fP is to retrieve and display the accumulated statistics which have been @@ -52,7 +49,7 @@ the appropriate list of filter rules currently installed and in use by the kernel. .SH FILES /dev/kmem -/bsd +/vmunix .SH SEE ALSO ipf(1), ipfstat(1) .SH BUGS diff --git a/sbin/ipfstat/kmem.c b/sbin/ipfstat/kmem.c index 077715dbdb1..28196181bd6 100644 --- a/sbin/ipfstat/kmem.c +++ b/sbin/ipfstat/kmem.c @@ -1,5 +1,3 @@ -/* $OpenBSD: kmem.c,v 1.3 1996/06/23 14:30:58 deraadt Exp $ */ - /* * (C)opyright 1993,1994,1995 by Darren Reed. * @@ -23,6 +21,7 @@ #ifndef lint static char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; +static char rcsid[] = "$Id: kmem.c,v 1.4 1996/07/18 05:08:10 dm Exp $"; #endif static int kmemfd = -1; diff --git a/sbin/ipfstat/kmem.h b/sbin/ipfstat/kmem.h index 413f6df30d3..fad02f30aa6 100644 --- a/sbin/ipfstat/kmem.h +++ b/sbin/ipfstat/kmem.h @@ -1,11 +1,10 @@ -/* $OpenBSD: kmem.h,v 1.2 1996/06/23 14:30:58 deraadt Exp $ */ - /* * (C)opyright 1993,1994,1995 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. + * $Id: kmem.h,v 1.3 1996/07/18 05:08:10 dm Exp $ */ extern int openkmem(); diff --git a/sbin/ipnat/ipnat.1 b/sbin/ipnat/ipnat.1 index 9320d1fbf2b..b0ddc59a474 100644 --- a/sbin/ipnat/ipnat.1 +++ b/sbin/ipnat/ipnat.1 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipnat.1,v 1.2 1996/06/23 14:31:00 deraadt Exp $ -.\" .TH IPFNAT 1 .SH NAME ipnat - user interface to the NAT diff --git a/sbin/ipnat/ipnat.4 b/sbin/ipnat/ipnat.4 index 224249f405b..4962cf3df28 100644 --- a/sbin/ipnat/ipnat.4 +++ b/sbin/ipnat/ipnat.4 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipnat.4,v 1.2 1996/06/23 14:31:00 deraadt Exp $ -.\" .TH IPNAT 4 .SH NAME ipnat - Network Address Translation kernel interface diff --git a/sbin/ipnat/ipnat.5 b/sbin/ipnat/ipnat.5 index bc59e55c154..51fdbee0def 100644 --- a/sbin/ipnat/ipnat.5 +++ b/sbin/ipnat/ipnat.5 @@ -1,5 +1,3 @@ -.\" $OpenBSD: ipnat.5,v 1.2 1996/06/23 14:31:01 deraadt Exp $ -.\" .LP .TH IPNAT 5 .SH NAME diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c index c762ea84bfb..0a483b094d9 100644 --- a/sbin/ipnat/ipnat.c +++ b/sbin/ipnat/ipnat.c @@ -1,5 +1,3 @@ -/* $OpenBSD: ipnat.c,v 1.2 1996/06/23 14:31:01 deraadt Exp $ */ - /* * (C)opyright 1993,1994,1995 by Darren Reed. * @@ -42,7 +40,7 @@ #include <netinet/ip.h> #include <netinet/tcp.h> #include <net/if.h> -#include "ip_fil.h" +#include "ip_fil_compat.h" #include <netdb.h> #include <arpa/nameser.h> #include <arpa/inet.h> @@ -52,7 +50,8 @@ #ifndef lint -static char sccsid[] ="@(#)ipnat.c 1.8 4/10/96 (C) 1993 Darren Reed"; +static char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; +static char rcsid[] = "$Id: ipnat.c,v 1.3 1996/07/18 05:08:39 dm Exp $"; #endif #if SOLARIS @@ -64,6 +63,15 @@ extern int kmemcpy(); void dostats(), printnat(), parsefile(); + +void usage(name) +char *name; +{ + fprintf(stderr, "%s: [-lnrsv] [-f filename]\n", name); + exit(1); +} + + int main(argc, argv) int argc; char *argv[]; @@ -93,11 +101,11 @@ char *argv[]; opts |= 16; break; default : - fprintf(stderr, "unknown option \"%c\"\n", c); - break; + usage(argv[0]); } - if ((fd = open(IPL_NAME, O_RDONLY)) == -1) { + if (((fd = open(IPL_NAME, O_RDWR)) == -1) && + ((fd = open(IPL_NAME, O_RDONLY)) == -1)) { perror("open"); exit(-1); } @@ -105,32 +113,93 @@ char *argv[]; if (file) parsefile(fd, file, opts); if (opts & 12) - dostats(fd); + dostats(fd, opts); return 0; } -void printnat(np) +/* + * count consecutive 1's in bit mask. If the mask generated by counting + * consecutive 1's is different to that passed, return -1, else return # + * of bits. + */ +int countbits(ip) +u_long ip; +{ + u_long ipn; + int cnt = 0, i, j; + + ip = ipn = ntohl(ip); + for (i = 32; i; i--, ipn *= 2) + if (ipn & 0x80000000) + cnt++; + else + break; + ipn = 0; + for (i = 32, j = cnt; i; i--, j--) { + ipn *= 2; + if (j > 0) + ipn++; + } + if (ipn == ip) + return cnt; + return -1; +} + + +void printnat(np, verbose) ipnat_t *np; +int verbose; { + int bits; + if (np->in_redir == NAT_REDIRECT) { printf("rdr %s %s", np->in_ifname, inet_ntoa(np->in_out[0])); - printf("/%s (%d) -> ", inet_ntoa(np->in_out[1]), - ntohs(np->in_pmin)); - printf("%s (%d)\n", inet_ntoa(np->in_in[0]), + bits = countbits(np->in_out[1].s_addr); + if (bits != -1) + printf("/%d ", bits); + else + printf("/%s ", inet_ntoa(np->in_out[1])); + if (np->in_pmin) + printf("port %d ", ntohs(np->in_pmin)); + printf("-> %s", inet_ntoa(np->in_in[0]), ntohs(np->in_pnext)); - printf("\t%x %u %x %u\n", (u_int)np->in_ifp, np->in_space, - np->in_flags, np->in_pnext); + if (np->in_pmax) + printf(" port %d", ntohs(np->in_pmax)); + printf("\n"); + if (verbose) + printf("\t%x %u %x %u", (u_int)np->in_ifp, + np->in_space, np->in_flags, np->in_pnext); } else { np->in_nextip.s_addr = htonl(np->in_nextip.s_addr); printf("map %s %s/", np->in_ifname, inet_ntoa(np->in_in[0])); - printf("%s -> ", inet_ntoa(np->in_in[1])); - printf("%s/", inet_ntoa(np->in_out[0])); - printf("%s\n", inet_ntoa(np->in_out[1])); - printf("\t%x %u %s %x %u %d:%d\n", (u_int)np->in_ifp, - np->in_space, inet_ntoa(np->in_nextip), np->in_flags, - np->in_pnext, ntohs(np->in_port[0]), - ntohs(np->in_port[1])); + bits = countbits(np->in_in[1].s_addr); + if (bits != -1) + printf("%d ", bits); + else + printf("%s", inet_ntoa(np->in_in[1])); + printf(" -> %s/", inet_ntoa(np->in_out[0])); + bits = countbits(ntohl(np->in_out[1].s_addr)); + if (bits != -1) + printf("%d ", bits); + else + printf("%s", inet_ntoa(np->in_out[1])); + if (np->in_port[0] || np->in_port[1]) { + printf(" portmap"); + if (np->in_flags & IPN_TCP) + printf(" tcp"); + else if (np->in_flags & IPN_UDP) + printf(" udp"); + else if (np->in_flags & IPN_TCPUDP) + printf(" tcpudp"); + printf(" %d:%d", ntohs(np->in_port[0]), + ntohs(np->in_port[1])); + } + printf("\n"); + if (verbose) + printf("\t%x %u %s %d %x\n", (u_int)np->in_ifp, + np->in_space, inet_ntoa(np->in_nextip), + np->in_pnext, np->in_flags); } } @@ -153,8 +222,9 @@ int fd, opts; printf("added\t%lu\texpired\t%lu\n", ns.ns_added, ns.ns_expire); printf("inuse\t%lu\n", ns.ns_inuse); - printf("table %#x list %#x\n", - (u_int)ns.ns_table, (u_int)ns.ns_list); + if (opts & 16) + printf("table %#x list %#x\n", + (u_int)ns.ns_table, (u_int)ns.ns_list); } if (opts & 8) { while (ns.ns_list) { @@ -162,7 +232,7 @@ int fd, opts; perror("kmemcpy"); break; } - printnat(&ipn); + printnat(&ipn, opts & 16); ns.ns_list = ipn.in_next; } @@ -417,7 +487,6 @@ char *line; fprintf(stderr, "missing fields (destination port)\n"); return NULL; } - tport = s; } @@ -516,7 +585,7 @@ int opts; linenum, line); } else if (!(opts & 2)) { if ((opts &16) && np) - printnat(np); + printnat(np, opts & 16); if (opts & 1) { if (ioctl(fd, SIOCADNAT, np) == -1) perror("ioctl(SIOCADNAT)"); |