2nd part of the ipf code; need more testing.

12 files changed, 70 insertions, 64 deletions

diff --git a/usr.sbin/ipftest/Makefile b/usr.sbin/ipftest/Makefile
index 786be621aca..a7c087a9a78 100644
--- a/usr.sbin/ipftest/Makefile
+++ b/usr.sbin/ipftest/Makefile
@@ -1,10 +1,10 @@
-#	$OpenBSD: Makefile,v 1.8 1999/12/16 07:38:45 kjell Exp $
+#	$OpenBSD: Makefile,v 1.9 2001/01/17 06:01:21 fgsch Exp $
 
 PROG=	ipftest 
 MAN=	ipftest.1	
 SRCS=	ipt.c fil.c ipft_hx.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c \
 	ipft_tx.c misc.c parse.c opt.c ip_frag.c ip_nat.c ip_state.c \
-	ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c ifaddr.c
+	ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c common.c ifaddr.c 
 
 .PATH: 	${.CURDIR}/../../sbin/ipf ${.CURDIR}/../../sbin/ipfstat \
 	${.CURDIR}/../../sys/netinet ${.CURDIR}/../../sbin/ipnat
@@ -12,5 +12,4 @@ SRCS=	ipt.c fil.c ipft_hx.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c \
 CFLAGS+=-I${.CURDIR}/../../sbin/ipf \
 	-I${.CURDIR}
 
-
 .include <bsd.prog.mk>
diff --git a/usr.sbin/ipftest/ipft_ef.c b/usr.sbin/ipftest/ipft_ef.c
index 15f6ae1c44c..4ac6cf70525 100644
--- a/usr.sbin/ipftest/ipft_ef.c
+++ b/usr.sbin/ipftest/ipft_ef.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipft_ef.c,v 1.14 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipft_ef.c,v 1.15 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -46,14 +46,14 @@ etherfind -n -t
 #include <netinet/ip_icmp.h>
 #include <net/if.h>
 #include <netdb.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_ef.c	1.6 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipft_ef.c,v 2.1 1999/08/04 17:30:02 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipft_ef.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
 #endif
 
 static	int	etherf_open __P((char *));
diff --git a/usr.sbin/ipftest/ipft_hx.c b/usr.sbin/ipftest/ipft_hx.c
index 46d00dafd3d..0a0299a7a4d 100644
--- a/usr.sbin/ipftest/ipft_hx.c
+++ b/usr.sbin/ipftest/ipft_hx.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipft_hx.c,v 1.12 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipft_hx.c,v 1.13 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1995-1998 by Darren Reed.
+ * Copyright (C) 1995-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -37,14 +37,14 @@
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_hx.c	1.1 3/9/96 (C) 1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipft_hx.c,v 2.1 1999/08/04 17:30:03 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipft_hx.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
 #endif
 
 extern	int	opts;
diff --git a/usr.sbin/ipftest/ipft_pc.c b/usr.sbin/ipftest/ipft_pc.c
index 425a89efaa7..e80d13fe0b8 100644
--- a/usr.sbin/ipftest/ipft_pc.c
+++ b/usr.sbin/ipftest/ipft_pc.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipft_pc.c,v 1.16 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipft_pc.c,v 1.17 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -28,14 +28,14 @@
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
 #include <net/if.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include "ipf.h"
 #include "pcap.h"
 #include "ipt.h"
 
 #if !defined(lint)
-static const char rcsid[] = "@(#)$IPFilter: ipft_pc.c,v 2.1 1999/08/04 17:30:03 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipft_pc.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
 #endif
 
 struct	llc	{
@@ -48,9 +48,9 @@ struct	llc	{
  * While many of these maybe the same, some do have different header formats
  * which make this useful.
  */
-#define	DLT_MAX	14
+#define	DLT_MAX	10
 
-static	struct	llc	llcs[DLT_MAX] = {
+static	struct	llc	llcs[DLT_MAX+1] = {
 	{ 0, 0, 0 },	/* DLT_NULL */
 	{ 14, 12, 2 },	/* DLT_E10MB */
 	{ 0, 0, 0 },	/* DLT_EN3MB */
@@ -61,10 +61,7 @@ static	struct	llc	llcs[DLT_MAX] = {
 	{ 0, 0, 0 },	/* DLT_ARCNET */
 	{ 0, 0, 0 },	/* DLT_SLIP */
 	{ 0, 0, 0 },	/* DLT_PPP */
-	{ 0, 0, 0 },	/* DLT_FDDI */
-	{ 0, 0, 0 },	/* DLT_ATMRFC1483 */
-	{ 0, 0, 0 },   	/* DLT_LOOP */
-	{ 0, 0, 0 }   	/* DLT_ENC */
+	{ 0, 0, 0 }	/* DLT_FDDI */
 };
 
 static	int	pcap_open __P((char *));
@@ -119,7 +116,7 @@ char	*fname;
 		swap_hdr(&ph);
 	}
 
-	if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type >= DLT_MAX) {
+	if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type > DLT_MAX) {
 		(void) close(fd);
 		return -2;
 	}
diff --git a/usr.sbin/ipftest/ipft_sn.c b/usr.sbin/ipftest/ipft_sn.c
index f9dd995ec09..fa7e7201239 100644
--- a/usr.sbin/ipftest/ipft_sn.c
+++ b/usr.sbin/ipftest/ipft_sn.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipft_sn.c,v 1.13 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipft_sn.c,v 1.14 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -32,14 +32,14 @@
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
 #include <net/if.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include "ipf.h"
 #include "snoop.h"
 #include "ipt.h"
 
 #if !defined(lint)
-static const char rcsid[] = "@(#)$IPFilter: ipft_sn.c,v 2.1 1999/08/04 17:30:04 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipft_sn.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
 #endif
 
 struct	llc	{
diff --git a/usr.sbin/ipftest/ipft_td.c b/usr.sbin/ipftest/ipft_td.c
index 1129f836f47..f79c4649da5 100644
--- a/usr.sbin/ipftest/ipft_td.c
+++ b/usr.sbin/ipftest/ipft_td.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipft_td.c,v 1.14 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipft_td.c,v 1.15 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -55,14 +55,14 @@ tcpdump -nqte
 #include <netinet/ip_icmp.h>
 #include <net/if.h>
 #include <netdb.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_td.c	1.8 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipft_td.c,v 2.1 1999/08/04 17:30:04 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipft_td.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $";
 #endif
 
 static	int	tcpd_open __P((char *));
diff --git a/usr.sbin/ipftest/ipft_tx.c b/usr.sbin/ipftest/ipft_tx.c
index 23397c5319a..d00d9c71d68 100644
--- a/usr.sbin/ipftest/ipft_tx.c
+++ b/usr.sbin/ipftest/ipft_tx.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipft_tx.c,v 1.16 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipft_tx.c,v 1.17 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1995-1998 by Darren Reed.
+ * Copyright (C) 1995-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -38,14 +38,14 @@
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_tx.c	1.7 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipft_tx.c,v 2.1 1999/08/04 17:30:05 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipft_tx.c,v 2.3 2000/03/13 22:10:24 darrenr Exp $";
 #endif
 
 extern	int	opts;
@@ -56,8 +56,8 @@ static	int	text_open __P((char *)), text_close __P((void));
 static	int	text_readip __P((char *, int, char **, int *));
 static	int	parseline __P((char *, ip_t *, char **, int *));
 
-static	char	tcp_flagset[] = "FSRPAU";
-static	u_char	tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,
+static	char	_tcp_flagset[] = "FSRPAU";
+static	u_char	_tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,
 				TH_ACK, TH_URG };
 
 struct	ipread	iptext = { text_open, text_close, text_readip };
@@ -303,13 +303,13 @@ int	*out;
 	ip->ip_dst.s_addr = tx_hostnum(*cpp, &r);
 	cpp++;
 	if (*cpp && ip->ip_p == IPPROTO_TCP) {
-		extern	char	tcp_flagset[];
-		extern	u_char	tcp_flags[];
+		extern	char	_tcp_flagset[];
+		extern	u_char	_tcp_flags[];
 		char	*s, *t;
 
 		for (s = *cpp; *s; s++)
-			if ((t  = index(tcp_flagset, *s)))
-				tcp->th_flags |= tcp_flags[t - tcp_flagset];
+			if ((t  = index(_tcp_flagset, *s)))
+				tcp->th_flags |= _tcp_flags[t - _tcp_flagset];
 		if (tcp->th_flags)
 			cpp++;
 		assert(tcp->th_flags != 0);
diff --git a/usr.sbin/ipftest/ipt.c b/usr.sbin/ipftest/ipt.c
index 4e6f6aa60f6..755f1552df9 100644
--- a/usr.sbin/ipftest/ipt.c
+++ b/usr.sbin/ipftest/ipt.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: ipt.c,v 1.17 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipt.c,v 1.18 2001/01/17 06:01:22 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -47,7 +47,7 @@
 #include <arpa/inet.h>
 #include <resolv.h>
 #include <ctype.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include <netinet/ip_fil.h>
 #include <netinet/ip_nat.h>
@@ -56,19 +56,22 @@
 #include "ipt.h"
 
 #if !defined(lint)
-static const char sccsid[] = "@(#)ipt.c	1.19 6/3/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipt.c,v 2.1.2.1 2000/01/24 14:49:11 darrenr Exp $";
+static const char sccsid[] = "@(#)ipt.c	1.19 6/3/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)$IPFilter: ipt.c,v 2.6 2000/03/13 22:10:25 darrenr Exp $";
 #endif
 
 extern	char	*optarg;
 extern	struct frentry	*ipfilter[2][2];
 extern	struct ipread	snoop, etherf, tcpd, pcap, iptext, iphex;
-extern	struct ifnet	*get_unit __P((char *));
+extern	struct ifnet	*get_unit __P((char *, int));
 extern	void	init_ifp __P((void));
 extern	ipnat_t	*natparse __P((char *, int));
 extern	int	fr_running;
 
 int	opts = 0;
+#ifdef	USE_INET6
+int	use_inet6 = 0;
+#endif
 int	main __P((int, char *[]));
 
 int main(argc,argv)
@@ -82,9 +85,14 @@ char *argv[];
 	ip_t	*ip;
 	int	fd, i, dir = 0, c;
 
-	while ((c = getopt(argc, argv, "bdEHi:I:NoPr:STvX")) != -1)
+	while ((c = getopt(argc, argv, "6bdEHi:I:NoPr:STvX")) != -1)
 		switch (c)
 		{
+#ifdef	USE_INET6
+		case '6' :
+			use_inet6 = 1;
+			break;
+#endif
 		case 'b' :
 			opts |= OPT_BRIEF;
 			break;
@@ -177,7 +185,8 @@ char *argv[];
 				if (!(fr = natparse(line, linenum)))
 					continue;
 				i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
-						      fr, FWRITE|FREAD);
+						      (caddr_t)&fr,
+						      FWRITE|FREAD);
 				if (opts & OPT_DEBUG)
 					fprintf(stderr,
 						"iplioctl(ADNAT,%p,1) = %d\n",
@@ -185,11 +194,12 @@ char *argv[];
 			} else {
 				if (!(fr = parse(line, linenum)))
 					continue;
-				i = IPL_EXTERN(ioctl)(0, SIOCADDFR, fr,
+				i = IPL_EXTERN(ioctl)(0, SIOCADAFR,
+						      (caddr_t)&fr,
 						      FWRITE|FREAD);
 				if (opts & OPT_DEBUG)
 					fprintf(stderr,
-						"iplioctl(ADDFR,%p,1) = %d\n",
+						"iplioctl(ADAFR,%p,1) = %d\n",
 						fr, i);
 			}
 		}
@@ -210,7 +220,7 @@ char *argv[];
 	ip = (ip_t *)buf;
 	while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
 				    &iface, &dir)) > 0) {
-		ifp = iface ? get_unit(iface) : NULL;
+		ifp = iface ? get_unit(iface, ip->ip_v) : NULL;
 		ip->ip_off = ntohs(ip->ip_off);
 		ip->ip_len = ntohs(ip->ip_len);
 		i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf);
diff --git a/usr.sbin/ipftest/ipt.h b/usr.sbin/ipftest/ipt.h
index 8b1fc4297f3..73d4bd0309d 100644
--- a/usr.sbin/ipftest/ipt.h
+++ b/usr.sbin/ipftest/ipt.h
@@ -1,12 +1,12 @@
-/*	$OpenBSD: ipt.h,v 1.10 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: ipt.h,v 1.11 2001/01/17 06:01:23 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
- * $IPFilter: ipt.h,v 2.1 1999/08/04 17:30:08 darrenr Exp $
+ * $IPFilter: ipt.h,v 2.2 2000/03/13 22:10:25 darrenr Exp $
  */
 
 #ifndef	__IPT_H__
diff --git a/usr.sbin/ipftest/misc.c b/usr.sbin/ipftest/misc.c
index cc2aa4ce5c5..f1b7f94a49a 100644
--- a/usr.sbin/ipftest/misc.c
+++ b/usr.sbin/ipftest/misc.c
@@ -1,7 +1,7 @@
-/*	$OpenBSD: misc.c,v 1.12 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: misc.c,v 1.13 2001/01/17 06:01:23 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -46,7 +46,7 @@
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
-#include <netinet/ip_fil_compat.h>
+#include <netinet/ip_compat.h>
 #include <netinet/tcpip.h>
 #include <netinet/ip_fil.h>
 #include "ipf.h"
@@ -54,7 +54,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)misc.c	1.3 2/4/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: misc.c,v 2.1 1999/08/04 17:30:11 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: misc.c,v 2.2 2000/03/13 22:10:25 darrenr Exp $";
 #endif
 
 extern	int	opts;
diff --git a/usr.sbin/ipftest/pcap.h b/usr.sbin/ipftest/pcap.h
index cd30a4f85f8..2496ac09e65 100644
--- a/usr.sbin/ipftest/pcap.h
+++ b/usr.sbin/ipftest/pcap.h
@@ -1,12 +1,12 @@
-/*	$OpenBSD: pcap.h,v 1.10 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: pcap.h,v 1.11 2001/01/17 06:01:23 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
- * $IPFilter: pcap.h,v 2.1 1999/08/04 17:30:17 darrenr Exp $
+ * $IPFilter: pcap.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $
  */
 /*
  * This header file is constructed to match the version described by
diff --git a/usr.sbin/ipftest/snoop.h b/usr.sbin/ipftest/snoop.h
index a7847ca8ff6..cbed990015c 100644
--- a/usr.sbin/ipftest/snoop.h
+++ b/usr.sbin/ipftest/snoop.h
@@ -1,7 +1,7 @@
-/*	$OpenBSD: snoop.h,v 1.9 2000/03/13 23:40:20 kjell Exp $	*/
+/*	$OpenBSD: snoop.h,v 1.10 2001/01/17 06:01:23 fgsch Exp $	*/
 
 /*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
  *
  * Redistribution and use in source and binary forms are permitted
  * provided that this notice is preserved and due credit is given
@@ -13,7 +13,7 @@
 
 /*
  * written to comply with the RFC (1761) from Sun.
- * $IPFilter: snoop.h,v 2.1 1999/08/04 17:30:19 darrenr Exp $
+ * $IPFilter: snoop.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $
  */
 struct	snoophdr	{
 	char	s_id[8];