Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import version 3.2alpha7

This commit is contained in:
darrenr 1997-05-25 11:45:50 +00:00
parent 8b35fc95ad
commit 2cae843bdc
25 changed files with 736 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
usr.sbin/ipf/ipf/ipf.5
View File

@ -277,7 +277,10 @@ packets from both protocols are compared. This is equivalent to "proto
tcp/udp". When composing \fBport\fP comparisons, either the service
name or an integer port number may be used. Port comparisons may be
done in a number of forms, with a number of comparison operators, or
port ranges may be specified. See the examples for more information.
port ranges may be specified. When the port appears as part of the
\fBfrom\fP object, it matches the source port number, when it appears
as part of the \fBto\fP object, it matches the destination port number.
See the examples for more information.
.PP
The \fBall\fP keyword is essentially a synonym for "from any to any"
with no other match parameters.
@ -430,4 +433,4 @@ would be needed before the first block.
.br
/etc/hosts
.SH SEE ALSO
ipf(1), ipftest(1)
ipf(1), ipftest(1), mkfilters(1)

2
usr.sbin/ipf/ipf/ipf.8
View File

@ -99,7 +99,7 @@ Zero global statistics held in the kernel for filtering only (this doesn't
affect fragment or state statistics).
.DT
.SH SEE ALSO
ipfstat(1), ipftest(1), ipf(5)
ipfstat(1), ipftest(1), ipf(5), mkfilters(1)
.SH DIAGNOSTICS
.PP
Needs to be run as root for the packet filtering lists to actually

16
usr.sbin/ipf/ipf/ipf.h
View File

@ -1,16 +1,19 @@
/* $NetBSD: ipf.h,v 1.1.1.2 1997/03/27 15:13:59 darrenr Exp $ */
/* $NetBSD: ipf.h,v 1.1.1.3 1997/05/25 11:45:51 darrenr Exp $ */
/*
* (C)opyright 1993-1996 by Darren Reed.
* (C)opyright 1993-1997 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
* @(#)ipf.h 1.12 6/5/96
* $Id: ipf.h,v 1.1.1.2 1997/03/27 15:13:59 darrenr Exp $
* $Id: ipf.h,v 1.1.1.3 1997/05/25 11:45:51 darrenr Exp $
*/
#ifndef __IPF_H__
#define __IPF_H__
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
@ -48,12 +51,6 @@ extern void binprint __P((struct frentry *)), initparse __P((void));
extern u_short portnum __P((char *));
#if defined(__SVR4) || defined(__svr4__)
#define index strchr
#define bzero(a,b) memset(a, 0, b)
#define bcopy(a,b,c) memmove(b,a,c)
#endif
struct ipopt_names {
int on_value;
int on_bit;
@ -81,3 +78,4 @@ extern char *sys_errlist[];
#define MIN(a,b) ((a) > (b) ? (b) : (a))
#endif
#endif /* __IPF_H__ */

4
usr.sbin/ipf/ipf/opt.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: opt.c,v 1.1.1.2 1997/03/27 15:13:58 darrenr Exp $ */
/* $NetBSD: opt.c,v 1.1.1.3 1997/05/25 11:45:50 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -24,7 +24,7 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)opt.c 1.8 4/10/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: opt.c,v 1.1.1.2 1997/03/27 15:13:58 darrenr Exp $";
static char rcsid[] = "$Id: opt.c,v 1.1.1.3 1997/05/25 11:45:50 darrenr Exp $";
#endif
extern int opts;

4
usr.sbin/ipf/ipfstat/kmem.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kmem.c,v 1.1.1.2 1997/03/29 02:49:40 darrenr Exp $ */
/* $NetBSD: kmem.c,v 1.1.1.3 1997/05/25 11:45:55 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -22,7 +22,7 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
static char rcsid[] = "$Id: kmem.c,v 1.1.1.2 1997/03/29 02:49:40 darrenr Exp $";
static char rcsid[] = "$Id: kmem.c,v 1.1.1.3 1997/05/25 11:45:55 darrenr Exp $";
#endif
static int kmemfd = -1;

10
usr.sbin/ipf/ipfstat/kmem.h
View File

@ -1,14 +1,17 @@
/* $NetBSD: kmem.h,v 1.1.1.2 1997/03/29 02:49:41 darrenr Exp $ */
/* $NetBSD: kmem.h,v 1.1.1.3 1997/05/25 11:45:56 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
* (C)opyright 1993-1997 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: kmem.h,v 1.1.1.2 1997/03/29 02:49:41 darrenr Exp $
* $Id: kmem.h,v 1.1.1.3 1997/05/25 11:45:56 darrenr Exp $
*/
#ifndef __KMEM_H__
#define __KMEM_H__
#ifndef __P
# ifdef __STDC__
# define __P(x) x
@ -21,3 +24,4 @@ extern int kmemcpy __P((char *, long, int));
#define KMEM "/dev/kmem"
#endif /* __KMEM_H__ */

223
usr.sbin/ipf/ipftest/ip_frag.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_frag.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp $ */
/* $NetBSD: ip_frag.c,v 1.1.1.2 1997/05/25 11:46:04 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -9,7 +9,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_frag.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp $";
static char rcsid[] = "$Id: ip_frag.c,v 1.1.1.2 1997/05/25 11:46:04 darrenr Exp $";
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -19,12 +19,18 @@ static char rcsid[] = "$Id: ip_frag.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if defined(KERNEL) && (__FreeBSD_version >= 220000)
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
#include <sys/ioctl.h>
#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -49,32 +55,36 @@ static char rcsid[] = "$Id: ip_frag.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_compat.h>
#include <netinet/ip_fil.h>
#include <netinet/ip_frag.h>
#include <netinet/ip_nat.h>
#include <netinet/ip_state.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
ipfr_t *ipfr_heads[IPFT_SIZE];
ipfr_t *ipfr_nattab[IPFT_SIZE];
ipfrstat_t ipfr_stats;
u_long ipfr_inuse = 0,
fr_ipfrttl = 120; /* 60 seconds */
#ifdef _KERNEL
extern int ipfr_timer_id;
#endif
#if SOLARIS
# ifdef _KERNEL
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_frag;
# else
#define bcmp(a,b,c) memcmp(a,b,c)
#define bcopy(a,b,c) memmove(b,a,c)
# endif
extern kmutex_t ipf_natfrag;
extern kmutex_t ipf_nat;
#endif
static ipfr_t *ipfr_new __P((ip_t *, fr_info_t *, int, ipfr_t **));
static ipfr_t *ipfr_lookup __P((ip_t *, fr_info_t *, ipfr_t **));
ipfrstat_t *ipfr_fragstats()
{
ipfr_stats.ifs_table = ipfr_heads;
ipfr_stats.ifs_nattab = ipfr_nattab;
ipfr_stats.ifs_inuse = ipfr_inuse;
return &ipfr_stats;
}
@ -84,10 +94,11 @@ ipfrstat_t *ipfr_fragstats()
* add a new entry to the fragment cache, registering it as having come
* through this box, with the result of the filter operation.
*/
int ipfr_newfrag(ip, fin, pass)
static ipfr_t *ipfr_new(ip, fin, pass, table)
ip_t *ip;
fr_info_t *fin;
int pass;
ipfr_t *table[];
{
ipfr_t **fp, *fr, frag;
u_int idx;
@ -107,33 +118,77 @@ int pass;
/*
* first, make sure it isn't already there...
*/
MUTEX_ENTER(&ipf_frag);
for (fp = &ipfr_heads[idx]; (fr = *fp); fp = &fr->ipfr_next)
for (fp = &table[idx]; (fr = *fp); fp = &fr->ipfr_next)
if (!bcmp((char *)&frag.ipfr_src, (char *)&fr->ipfr_src,
IPFR_CMPSZ)) {
ipfr_stats.ifs_exists++;
MUTEX_EXIT(&ipf_frag);
return -1;
return NULL;
}
/*
* allocate some memory, if possible, if not, just record that we
* failed to do so.
*/
KMALLOC(fr, ipfr_t *, sizeof(*fr));
if (fr == NULL) {
ipfr_stats.ifs_nomem++;
MUTEX_EXIT(&ipf_frag);
return -1;
return NULL;
}
if ((fr->ipfr_next = ipfr_heads[idx]))
ipfr_heads[idx]->ipfr_prev = fr;
/*
* Instert the fragment into the fragment table, copy the struct used
* in the search using bcopy rather than reassign each field.
* Set the ttl to the default and mask out logging from "pass"
*/
if ((fr->ipfr_next = table[idx]))
table[idx]->ipfr_prev = fr;
fr->ipfr_prev = NULL;
ipfr_heads[idx] = fr;
fr->ipfr_data = NULL;
table[idx] = fr;
bcopy((char *)&frag.ipfr_src, (char *)&fr->ipfr_src, IPFR_CMPSZ);
fr->ipfr_ttl = fr_ipfrttl;
fr->ipfr_pass = pass & ~(FR_LOGFIRST|FR_LOG);
/*
* Compute the offset of the expected start of the next packet.
*/
fr->ipfr_off = (ip->ip_off & 0x1fff) + (fin->fin_dlen >> 3);
ipfr_stats.ifs_new++;
ipfr_inuse++;
return fr;
}
int ipfr_newfrag(ip, fin, pass)
ip_t *ip;
fr_info_t *fin;
int pass;
{
ipfr_t *ipf;
MUTEX_ENTER(&ipf_frag);
ipf = ipfr_new(ip, fin, pass, ipfr_heads);
MUTEX_EXIT(&ipf_frag);
return 0;
return ipf ? 0 : -1;
}
int ipfr_nat_newfrag(ip, fin, pass, nat)
ip_t *ip;
fr_info_t *fin;
int pass;
nat_t *nat;
{
ipfr_t *ipf;
MUTEX_ENTER(&ipf_natfrag);
if ((ipf = ipfr_new(ip, fin, pass, ipfr_nattab))) {
ipf->ipfr_data = nat;
nat->nat_frag = ipf;
}
MUTEX_EXIT(&ipf_natfrag);
return ipf ? 0 : -1;
}
@ -141,9 +196,10 @@ int pass;
* check the fragment cache to see if there is already a record of this packet
* with its filter result known.
*/
int ipfr_knownfrag(ip, fin)
static ipfr_t *ipfr_lookup(ip, fin, table)
ip_t *ip;
fr_info_t *fin;
ipfr_t *table[];
{
ipfr_t *f, frag;
u_int idx;
@ -152,6 +208,8 @@ fr_info_t *fin;
/*
* For fragments, we record protocol, packet id, TOS and both IP#'s
* (these should all be the same for all fragments of a packet).
*
* build up a hash value to index the table with.
*/
frag.ipfr_p = ip->ip_p;
idx = ip->ip_p;
@ -165,25 +223,26 @@ fr_info_t *fin;
idx *= 127;
idx %= IPFT_SIZE;
MUTEX_ENTER(&ipf_frag);
for (f = ipfr_heads[idx]; f; f = f->ipfr_next)
/*
* check the table, careful to only compare the right amount of data
*/
for (f = table[idx]; f; f = f->ipfr_next)
if (!bcmp((char *)&frag.ipfr_src, (char *)&f->ipfr_src,
IPFR_CMPSZ)) {
u_short atoff, off;
if (f != ipfr_heads[idx]) {
if (f != table[idx]) {
/*
* move fragment info. to the top of the list
* to speed up searches.
*/
if ((f->ipfr_prev->ipfr_next = f->ipfr_next))
f->ipfr_next->ipfr_prev = f->ipfr_prev;
f->ipfr_next = ipfr_heads[idx];
ipfr_heads[idx]->ipfr_prev = f;
f->ipfr_next = table[idx];
table[idx]->ipfr_prev = f;
f->ipfr_prev = NULL;
ipfr_heads[idx] = f;
table[idx] = f;
}
ret = f->ipfr_pass;
off = ip->ip_off;
atoff = (off & 0x1fff) - (fin->fin_dlen >> 3);
/*
@ -197,11 +256,45 @@ fr_info_t *fin;
f->ipfr_off = off;
}
ipfr_stats.ifs_hits++;
MUTEX_EXIT(&ipf_frag);
return ret;
return f;
}
return NULL;
}
/*
* functional interface for normal lookups of the fragment cache
*/
nat_t *ipfr_nat_knownfrag(ip, fin)
ip_t *ip;
fr_info_t *fin;
{
nat_t *nat;
ipfr_t *ipf;
MUTEX_ENTER(&ipf_natfrag);
ipf = ipfr_lookup(ip, fin, ipfr_heads);
nat = ipf ? ipf->ipfr_data : NULL;
MUTEX_EXIT(&ipf_natfrag);
return nat;
}
/*
* functional interface for NAT lookups of the NAT fragment cache
*/
int ipfr_knownfrag(ip, fin)
ip_t *ip;
fr_info_t *fin;
{
int ret;
ipfr_t *ipf;
MUTEX_ENTER(&ipf_frag);
ipf = ipfr_lookup(ip, fin, ipfr_heads);
ret = ipf ? ipf->ipfr_pass : 0;
MUTEX_EXIT(&ipf_frag);
return 0;
return ret;
}
@ -211,20 +304,35 @@ fr_info_t *fin;
void ipfr_unload()
{
ipfr_t **fp, *fr;
nat_t *nat;
int idx;
#if !SOLARIS && defined(_KERNEL)
int s;
#endif
MUTEX_ENTER(&ipf_frag);
SPLNET(s);
MUTEX_ENTER(&ipf_frag);
for (idx = IPFT_SIZE - 1; idx >= 0; idx--)
for (fp = &ipfr_heads[idx]; (fr = *fp); ) {
*fp = fr->ipfr_next;
KFREE(fr);
}
SPLX(s);
MUTEX_EXIT(&ipf_frag);
MUTEX_ENTER(&ipf_nat);
MUTEX_ENTER(&ipf_natfrag);
for (idx = IPFT_SIZE - 1; idx >= 0; idx--)
for (fp = &ipfr_nattab[idx]; (fr = *fp); ) {
*fp = fr->ipfr_next;
if ((nat = (nat_t *)fr->ipfr_data)) {
if (nat->nat_frag == fr)
nat->nat_frag = NULL;
}
KFREE(fr);
}
MUTEX_EXIT(&ipf_natfrag);
MUTEX_EXIT(&ipf_nat);
SPLX(s);
}
@ -240,11 +348,17 @@ int ipfr_slowtimer()
# endif
{
ipfr_t **fp, *fr;
nat_t *nat;
int s, idx;
MUTEX_ENTER(&ipf_frag);
SPLNET(s);
/*
* Go through the entire table, looking for entries to expire,
* decreasing the ttl by one for each entry. If it reaches 0,
* remove it from the chain and free it.
*/
for (idx = IPFT_SIZE - 1; idx >= 0; idx--)
for (fp = &ipfr_heads[idx]; (fr = *fp); ) {
--fr->ipfr_ttl;
@ -262,12 +376,45 @@ int ipfr_slowtimer()
} else
fp = &fr->ipfr_next;
}
MUTEX_EXIT(&ipf_frag);
/*
* Same again for the NAT table, except that if the structure also
* still points to a NAT structure, and the NAT structure points back
* at the one to be free'd, NULL the reference from the NAT struct.
* NOTE: We need to grab both mutex's early, and in this order so as
* to prevent a deadlock if both try to expire at the same time.
*/
MUTEX_ENTER(&ipf_nat);
MUTEX_ENTER(&ipf_natfrag);
for (idx = IPFT_SIZE - 1; idx >= 0; idx--)
for (fp = &ipfr_nattab[idx]; (fr = *fp); ) {
--fr->ipfr_ttl;
if (fr->ipfr_ttl == 0) {
if (fr->ipfr_prev)
fr->ipfr_prev->ipfr_next =
fr->ipfr_next;
if (fr->ipfr_next)
fr->ipfr_next->ipfr_prev =
fr->ipfr_prev;
*fp = fr->ipfr_next;
ipfr_stats.ifs_expire++;
ipfr_inuse--;
if ((nat = (nat_t *)fr->ipfr_data)) {
if (nat->nat_frag == fr)
nat->nat_frag = NULL;
}
KFREE(fr);
} else
fp = &fr->ipfr_next;
}
MUTEX_EXIT(&ipf_natfrag);
MUTEX_EXIT(&ipf_nat);
SPLX(s);
# if SOLARIS
MUTEX_EXIT(&ipf_frag);
fr_timeoutstate();
ip_natexpire();
ipfr_timer_id = timeout(ipfr_slowtimer, NULL, HZ/2);
ipfr_timer_id = timeout(ipfr_slowtimer, NULL, drv_usectohz(500000));
# else
fr_timeoutstate();
ip_natexpire();

118
usr.sbin/ipf/ipftest/ip_state.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_state.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp $ */
/* $NetBSD: ip_state.c,v 1.1.1.2 1997/05/25 11:46:05 darrenr Exp $ */
/*
* (C)opyright 1995 by Darren Reed.
@ -9,7 +9,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_state.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp $";
static char rcsid[] = "$Id: ip_state.c,v 1.1.1.2 1997/05/25 11:46:05 darrenr Exp $";
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -19,17 +19,24 @@ static char rcsid[] = "$Id: ip_state.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#if defined(KERNEL) && (__FreeBSD_version >= 220000)
# include <sys/filio.h>
# include <sys/fcntl.h>
#else
# include <sys/ioctl.h>
#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
# include <sys/mbuf.h>
#else
# include <sys/filio.h>
# include <sys/byteorder.h>
# include <sys/dditypes.h>
# include <sys/stream.h>
@ -50,9 +57,10 @@ static char rcsid[] = "$Id: ip_state.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_compat.h>
#include <netinet/ip_fil.h>
#include <netinet/ip_state.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
@ -62,11 +70,8 @@ static char rcsid[] = "$Id: ip_state.c,v 1.1.1.1 1997/03/29 02:49:52 darrenr Exp
ipstate_t *ips_table[IPSTATE_SIZE];
int ips_num = 0;
ips_stat_t ips_stats;
#if SOLARIS
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_state;
# if !defined(_KERNEL)
#define bcopy(a,b,c) memmove(b,a,c)
# endif
#endif
@ -89,10 +94,27 @@ ips_stat_t *fr_statetstats()
}
#define PAIRS(s1,d1,s2,d2) ((((s1) == (s2)) && ((d1) == (d2))) ||\
(((s1) == (d2)) && ((d1) == (s2))))
#define IPPAIR(s1,d1,s2,d2) PAIRS((s1).s_addr, (d1).s_addr, \
(s2).s_addr, (d2).s_addr)
int fr_state_ioctl(data, cmd, mode)
caddr_t data;
int cmd;
int mode;
{
switch (cmd)
{
case SIOCGIPST :
IWCOPY((caddr_t)fr_statetstats(), data, sizeof(ips_stat_t));
break;
case FIONREAD :
#ifdef IPFILTER_LOG
*(int *)data = iplused[IPL_LOGSTATE];
#endif
break;
default :
return -1;
}
return 0;
}
/*
* Create a new ipstate structure and hang it off the hash table.
@ -203,7 +225,12 @@ u_int pass;
if (pass & FR_LOGFIRST)
is->is_pass &= ~(FR_LOGFIRST|FR_LOG);
ips_num++;
#ifdef IPFILTER_LOG
ipstate_log(is, ISL_NEW);
#endif
MUTEX_EXIT(&ipf_state);
if (fin->fin_fi.fi_fl & FI_FRAG)
ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
return 0;
}
@ -275,6 +302,8 @@ u_short sport;
is->is_dwin = ntohs(tcp->th_win);
}
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
/*
* Nearing end of connection, start timeout.
*/
@ -336,8 +365,9 @@ fr_info_t *fin;
is->is_pkts++;
is->is_bytes += ip->ip_len;
ips_stats.iss_hits++;
pass = is->is_pass;
MUTEX_EXIT(&ipf_state);
return is->is_pass;
return pass;
}
MUTEX_EXIT(&ipf_state);
break;
@ -354,19 +384,18 @@ fr_info_t *fin;
PAIRS(sport, dport, is->is_sport, is->is_dport) &&
IPPAIR(src, dst, is->is_src, is->is_dst))
if (fr_tcpstate(is, fin, ip, tcp, sport)) {
pass = is->is_pass;
#ifdef _KERNEL
MUTEX_EXIT(&ipf_state);
return pass;
#else
int pass = is->is_pass;
if (tcp->th_flags & TCP_CLOSE) {
*isp = is->is_next;
isp = &ips_table[hv];
KFREE(is);
}
return pass;
#endif
return pass;
}
}
MUTEX_EXIT(&ipf_state);
@ -447,6 +476,9 @@ void fr_timeoutstate()
ips_stats.iss_fin++;
else
ips_stats.iss_expire++;
#ifdef IPFILTER_LOG
ipstate_log(is, ISL_EXPIRE);
#endif
KFREE(is);
ips_num--;
} else
@ -542,3 +574,51 @@ int dir;
break;
}
}
#ifdef IPFILTER_LOG
void ipstate_log(is, type)
struct ipstate *is;
u_short type;
{
struct ipslog ipsl;
if (iplused[IPL_LOGSTATE] + sizeof(ipsl) > IPLLOGSIZE) {
ips_stats.iss_logfail++;
return;
}
if (iplh[IPL_LOGSTATE] == iplbuf[IPL_LOGSTATE] + IPLLOGSIZE)
iplh[IPL_LOGSTATE] = iplbuf[IPL_LOGSTATE];
# ifdef sun
uniqtime(&ipsl);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&ipsl);
# endif
ipsl.isl_pkts = is->is_pkts;
ipsl.isl_bytes = is->is_bytes;
ipsl.isl_src = is->is_src;
ipsl.isl_dst = is->is_dst;
ipsl.isl_p = is->is_p;
ipsl.isl_flags = is->is_flags;
ipsl.isl_type = type;
if (ipsl.isl_p == IPPROTO_TCP || ipsl.isl_p == IPPROTO_UDP) {
ipsl.isl_sport = is->is_sport;
ipsl.isl_dport = is->is_dport;
} else if (ipsl.isl_p == IPPROTO_ICMP)
ipsl.isl_itype = is->is_icmp.ics_type;
else {
ipsl.isl_ps.isl_filler[0] = 0;
ipsl.isl_ps.isl_filler[1] = 0;
}
if (!fr_copytolog(IPL_LOGSTATE, (char *)&ipsl, sizeof(ipsl))) {
iplused[IPL_LOGSTATE] += sizeof(ipsl);
ips_stats.iss_logged++;
} else
ips_stats.iss_logfail++;
wakeup(iplbuf[IPL_LOGSTATE]);
}
#endif

6
usr.sbin/ipf/ipftest/ipft_ef.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipft_ef.c,v 1.1.1.2 1997/03/29 02:49:48 darrenr Exp $ */
/* $NetBSD: ipft_ef.c,v 1.1.1.3 1997/05/25 11:46:00 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -33,6 +33,7 @@ etherfind -n -t
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
@ -44,12 +45,13 @@ etherfind -n -t
#include <netinet/tcpip.h>
#include <net/if.h>
#include <netdb.h>
#include <netinet/ip_compat.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static char rcsid[] = "$Id: ipft_ef.c,v 1.1.1.2 1997/03/29 02:49:48 darrenr Exp $";
static char rcsid[] = "$Id: ipft_ef.c,v 1.1.1.3 1997/05/25 11:46:00 darrenr Exp $";
#endif
static int etherf_open __P((char *));

6
usr.sbin/ipf/ipftest/ipft_hx.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipft_hx.c,v 1.1.1.2 1997/03/29 02:49:52 darrenr Exp $ */
/* $NetBSD: ipft_hx.c,v 1.1.1.3 1997/05/25 11:46:07 darrenr Exp $ */
/*
* (C)opyright 1995 by Darren Reed.
@ -18,6 +18,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
@ -35,12 +36,13 @@
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include <netinet/ip_compat.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
static char rcsid[] = "$Id: ipft_hx.c,v 1.1.1.2 1997/03/29 02:49:52 darrenr Exp $";
static char rcsid[] = "$Id: ipft_hx.c,v 1.1.1.3 1997/05/25 11:46:07 darrenr Exp $";
#endif
extern int opts;

5
usr.sbin/ipf/ipftest/ipft_pc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipft_pc.c,v 1.1.1.2 1997/03/29 02:49:50 darrenr Exp $ */
/* $NetBSD: ipft_pc.c,v 1.1.1.3 1997/05/25 11:46:02 darrenr Exp $ */
/*
* (C)opyright 1993-1996 by Darren Reed.
@ -27,12 +27,13 @@
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include <netinet/ip_compat.h>
#include "ipf.h"
#include "ipt.h"
#include "pcap.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char rcsid[] = "$Id: ipft_pc.c,v 1.1.1.2 1997/03/29 02:49:50 darrenr Exp $";
static char rcsid[] = "$Id: ipft_pc.c,v 1.1.1.3 1997/05/25 11:46:02 darrenr Exp $";
#endif
struct llc {

6
usr.sbin/ipf/ipftest/ipft_sn.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipft_sn.c,v 1.1.1.2 1997/03/29 02:49:47 darrenr Exp $ */
/* $NetBSD: ipft_sn.c,v 1.1.1.3 1997/05/25 11:46:00 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -23,6 +23,7 @@
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip_var.h>
@ -30,12 +31,13 @@
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include <netinet/ip_compat.h>
#include "ipf.h"
#include "ipt.h"
#include "snoop.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char rcsid[] = "$Id: ipft_sn.c,v 1.1.1.2 1997/03/29 02:49:47 darrenr Exp $";
static char rcsid[] = "$Id: ipft_sn.c,v 1.1.1.3 1997/05/25 11:46:00 darrenr Exp $";
#endif
struct llc {

6
usr.sbin/ipf/ipftest/ipft_td.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipft_td.c,v 1.1.1.2 1997/03/29 02:49:49 darrenr Exp $ */
/* $NetBSD: ipft_td.c,v 1.1.1.3 1997/05/25 11:46:01 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -37,6 +37,7 @@ tcpdump -nqte
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
@ -53,12 +54,13 @@ tcpdump -nqte
#include <netinet/tcpip.h>
#include <net/if.h>
#include <netdb.h>
#include <netinet/ip_compat.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
static char rcsid[] = "$Id: ipft_td.c,v 1.1.1.2 1997/03/29 02:49:49 darrenr Exp $";
static char rcsid[] = "$Id: ipft_td.c,v 1.1.1.3 1997/05/25 11:46:01 darrenr Exp $";
#endif
static int tcpd_open __P((char *));

5
usr.sbin/ipf/ipftest/ipft_tx.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipft_tx.c,v 1.1.1.2 1997/03/29 02:49:51 darrenr Exp $ */
/* $NetBSD: ipft_tx.c,v 1.1.1.3 1997/05/25 11:46:03 darrenr Exp $ */
/*
* (C)opyright 1995 by Darren Reed.
@ -18,6 +18,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
@ -42,7 +43,7 @@
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
static char rcsid[] = "$Id: ipft_tx.c,v 1.1.1.2 1997/03/29 02:49:51 darrenr Exp $";
static char rcsid[] = "$Id: ipft_tx.c,v 1.1.1.3 1997/05/25 11:46:03 darrenr Exp $";
#endif
extern int opts;

11
usr.sbin/ipf/ipftest/ipt.h
View File

@ -1,14 +1,17 @@
/* $NetBSD: ipt.h,v 1.1.1.2 1997/03/29 02:49:53 darrenr Exp $ */
/* $NetBSD: ipt.h,v 1.1.1.3 1997/05/25 11:46:08 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
* (C)opyright 1993-1997 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
* $Id: ipt.h,v 1.1.1.2 1997/03/29 02:49:53 darrenr Exp $
* $Id: ipt.h,v 1.1.1.3 1997/05/25 11:46:08 darrenr Exp $
*/
#ifndef __IPT_H__
#define __IPT_H__
#include <fcntl.h>
#ifdef __STDC__
#include <stdarg.h>
@ -25,3 +28,5 @@ struct ipread {
extern void debug __P((char *, ...));
extern void verbose __P((char *, ...));
#endif /* __IPT_H__ */

6
usr.sbin/ipf/ipftest/misc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: misc.c,v 1.1.1.2 1997/03/29 02:49:51 darrenr Exp $ */
/* $NetBSD: misc.c,v 1.1.1.3 1997/05/25 11:46:04 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
@ -17,6 +17,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
@ -35,13 +36,14 @@
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include <netinet/ip_compat.h>
#include <netinet/ip_fil.h>
#include "ipf.h"
#include "ipt.h"
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed";
static char rcsid[] = "$Id: misc.c,v 1.1.1.2 1997/03/29 02:49:51 darrenr Exp $";
static char rcsid[] = "$Id: misc.c,v 1.1.1.3 1997/05/25 11:46:04 darrenr Exp $";
#endif
extern int opts;

11
usr.sbin/ipf/ipftest/snoop.h
View File

@ -1,16 +1,19 @@
/* $NetBSD: snoop.h,v 1.1.1.2 1997/03/29 02:49:55 darrenr Exp $ */
/* $NetBSD: snoop.h,v 1.1.1.3 1997/05/25 11:46:09 darrenr Exp $ */
/*
* (C)opyright 1993,1994,1995 by Darren Reed.
* (C)opyright 1993-1997 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
#ifndef __SNOOP_H__
#define __SNOOP_H__
/*
* written to comply with the RFC (1761) from Sun.
* $Id: snoop.h,v 1.1.1.2 1997/03/29 02:49:55 darrenr Exp $
* $Id: snoop.h,v 1.1.1.3 1997/05/25 11:46:09 darrenr Exp $
*/
struct snoophdr {
char s_id[8];
@ -42,3 +45,5 @@ struct snooppkt {
int sp_sec;
int sp_usec;
};
#endif /* __SNOOP_H__ */

1
usr.sbin/ipf/ipftest/test/.cvsignore
View File

@ -11,6 +11,7 @@ results
10
11
12
14
i1
i2
i3

4
usr.sbin/ipf/ipftest/test/Makefile
View File

@ -17,7 +17,7 @@ first:
-mkdir -p results
# Filtering tests
ftests: 1 2 3 4 5 6 7 8 9 10 11 12
ftests: 1 2 3 4 5 6 7 8 9 10 11 12 14
# Rule parsing tests
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
@ -25,7 +25,7 @@ ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
0:
@(cd ..; make ipftest; )
1 2 3 4 5 6 7 8 9 10 11:
1 2 3 4 5 6 7 8 9 10 11 14:
@./dotest $@
12:

40
usr.sbin/ipf/ipftest/test/expected/14 Normal file
View File

@ -0,0 +1,40 @@
nomatch
block
nomatch
nomatch
nomatch
nomatch
pass
nomatch
nomatch
nomatch
nomatch
block
block
nomatch
nomatch
nomatch
pass
pass
nomatch
nomatch
nomatch
block
block
block
nomatch
nomatch
pass
pass
pass
nomatch
block
block
block
block
block
pass
pass
pass
pass
pass

2
usr.sbin/ipf/ipftest/test/expected/i1
View File

@ -3,6 +3,8 @@ block out from any to any
log in from any to any
log body in from any to any
count in from any to any
pass in from !any to any
block in from any to !any
pass in on ed0(!) from 127.0.0.1/32 to 127.0.0.1/32
block in log first on lo0(!) from any to any
pass in log body quick from any to any

5
usr.sbin/ipf/ipftest/test/input/14 Normal file
View File

@ -0,0 +1,5 @@
in 127.0.0.1 127.0.0.1
in 1.1.1.1 1.2.1.1
in 1.1.1.2 1.2.1.1
in 1.1.2.2 1.2.1.1
in 1.2.2.2 1.2.1.1

8
usr.sbin/ipf/ipftest/test/regress/14 Normal file
View File

@ -0,0 +1,8 @@
block in from !1.1.1.1 to any
pass in from 1.1.1.1 to !any
block in from 1.1.1.1/24 to !any
pass in from !1.1.1.1/24 to any
block in from !1.1.1.1/16 to any
pass in from 1.1.1.1/16 to !any
block in from 1.1.1.1/0 to !any
pass in from !1.1.1.1/0 to any

2
usr.sbin/ipf/ipftest/test/regress/i1
View File

@ -3,6 +3,8 @@ block out all
log in all
log body in all
count in from any to any
pass in from !any to any
block in from any to !any
pass in on ed0 from localhost to localhost
block in log first on lo0 from any to any
pass in log body quick from any to any

479
usr.sbin/ipf/ipsend/ip_compat.h
View File

@ -1,148 +1,302 @@
/*
* (C)opyright 1995 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)ip_compat.h 1.2 12/7/95
*/
/* $NetBSD: ip_compat.h,v 1.1.1.2 1997/05/25 11:46:47 darrenr Exp $ */
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
* of these will turn up there too.
* (C)opyright 1993-1997 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
* @(#)ip_compat.h 1.8 1/14/96
* $Id: ip_compat.h,v 1.1.1.2 1997/05/25 11:46:47 darrenr Exp $
*/
#ifndef ICMP_UNREACH
# define ICMP_UNREACH ICMP_DEST_UNREACH
#ifndef __IP_COMPAT_H__
#define __IP_COMPAT_H__
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#ifndef ICMP_SOURCEQUENCH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#ifndef ICMP_TIMXCEED
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
#if defined(_KERNEL) && !defined(KERNEL)
#define KERNEL
#endif
#ifndef ICMP_PARAMPROB
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
#if defined(KERNEL) && !defined(_KERNEL)
#define _KERNEL
#endif
#ifndef IPVERSION
# define IPVERSION 4
#if defined(__SVR4) || defined(__svr4__)
#define index strchr
# ifndef _KERNEL
# define bzero(a,b) memset(a,0,b)
# define bcmp memcmp
# define bcopy(a,b,c) memmove(b,a,c)
# endif
#endif
#ifndef IPOPT_MINOFF
# define IPOPT_MINOFF 4
#if SOLARIS
# define MTYPE(m) ((m)->b_datap->db_type)
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
/*
* because Solaris 2 defines these in two places :-/
*/
# undef IPOPT_EOL
# undef IPOPT_NOP
# undef IPOPT_LSRR
# undef IPOPT_RR
# undef IPOPT_SSRR
# ifndef _KERNEL
# define _KERNEL
# undef RES_INIT
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# undef _KERNEL
# else
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# endif
#endif
#ifndef IPOPT_COPIED
# define IPOPT_COPIED(x) ((x)&0x80)
#define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
#ifndef IP_OFFMASK
#define IP_OFFMASK 0x1fff
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#if BSD > 199306
# define USE_QUAD_T
# define U_QUAD_T u_quad_t
# define QUAD_T quad_t
#else
# define U_QUAD_T u_long
# define QUAD_T long
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#ifndef MAX
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
#endif
#ifndef IP_MF
# define IP_MF ((u_short)0x2000)
/*
* Security Options for Intenet Protocol (IPSO) as defined in RFC 1108.
*
* Basic Option
*
* 00000001 - (Reserved 4)
* 00111101 - Top Secret
* 01011010 - Secret
* 10010110 - Confidential
* 01100110 - (Reserved 3)
* 11001100 - (Reserved 2)
* 10101011 - Unclassified
* 11110001 - (Reserved 1)
*/
#define IPSO_CLASS_RES4 0x01
#define IPSO_CLASS_TOPS 0x3d
#define IPSO_CLASS_SECR 0x5a
#define IPSO_CLASS_CONF 0x96
#define IPSO_CLASS_RES3 0x66
#define IPSO_CLASS_RES2 0xcc
#define IPSO_CLASS_UNCL 0xab
#define IPSO_CLASS_RES1 0xf1
#define IPSO_AUTH_GENSER 0x80
#define IPSO_AUTH_ESI 0x40
#define IPSO_AUTH_SCI 0x20
#define IPSO_AUTH_NSA 0x10
#define IPSO_AUTH_DOE 0x08
#define IPSO_AUTH_UN 0x06
#define IPSO_AUTH_FTE 0x01
/*
* IP option #defines
*/
/*#define IPOPT_RR 7 */
#define IPOPT_ZSU 10 /* ZSU */
#define IPOPT_MTUP 11 /* MTUP */
#define IPOPT_MTUR 12 /* MTUR */
#define IPOPT_ENCODE 15 /* ENCODE */
/*#define IPOPT_TS 68 */
#define IPOPT_TR 82 /* TR */
/*#define IPOPT_SECURITY 130 */
/*#define IPOPT_LSRR 131 */
#define IPOPT_E_SEC 133 /* E-SEC */
#define IPOPT_CIPSO 134 /* CIPSO */
/*#define IPOPT_SATID 136 */
#ifndef IPOPT_SID
# define IPOPT_SID IPOPT_SATID
#endif
#ifndef ETHERTYPE_IP
# define ETHERTYPE_IP ((u_short)0x0800)
#endif
#ifndef TH_FIN
# define TH_FIN 0x01
#endif
#ifndef TH_SYN
# define TH_SYN 0x02
#endif
#ifndef TH_RST
# define TH_RST 0x04
#endif
#ifndef TH_PUSH
# define TH_PUSH 0x08
#endif
#ifndef TH_ACK
# define TH_ACK 0x10
#endif
#ifndef TH_URG
# define TH_URG 0x20
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IPOPT_RR
# define IPOPT_RR 7
#endif
#ifndef IPOPT_TS
# define IPOPT_TS 68
#endif
#ifndef IPOPT_SECURITY
# define IPOPT_SECURITY 130
#endif
#ifndef IPOPT_LSRR
# define IPOPT_LSRR 131
#endif
#ifndef IPOPT_SATID
# define IPOPT_SATID 136
#endif
#ifndef IPOPT_SSRR
# define IPOPT_SSRR 137
#endif
#ifndef IPOPT_SECUR_UNCLASS
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
#endif
#ifndef IPOPT_SECUR_CONFID
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
#endif
#ifndef IPOPT_SECUR_EFTO
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
#endif
#ifndef IPOPT_SECUR_MMMM
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
#endif
#ifndef IPOPT_SECUR_RESTR
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
#endif
#ifndef IPOPT_SECUR_SECRET
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
#endif
#ifndef IPOPT_SECUR_TOPSECRET
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
/*#define IPOPT_SSRR 137 */
#define IPOPT_ADDEXT 147 /* ADDEXT */
#define IPOPT_VISA 142 /* VISA */
#define IPOPT_IMITD 144 /* IMITD */
#define IPOPT_EIP 145 /* EIP */
#define IPOPT_FINN 205 /* FINN */
#ifdef __FreeBSD__
# include <machine/spl.h>
# if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL)
# define ACTUALLY_LKM_NOT_KERNEL
# endif
#endif
/*
* Build some macros and #defines to enable the same code to compile anywhere
* Well, that's the idea, anyway :-)
*/
#if defined(_KERNEL) || defined(KERNEL)
# if SOLARIS
# define MUTEX_ENTER(x) mutex_enter(x)
# define MUTEX_EXIT(x) mutex_exit(x)
# define MTOD(m,t) (t)((m)->b_rptr)
# define IRCOPY(a,b,c) copyin((a), (b), (c))
# define IWCOPY(a,b,c) copyout((a), (b), (c))
# else
# define MUTEX_ENTER(x) ;
# define MUTEX_EXIT(x) ;
# ifndef linux
# define MTOD(m,t) mtod(m,t)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
# endif
# endif /* SOLARIS */
# ifdef sun
# if defined(__svr4__) || defined(__SVR4)
extern ill_t *get_unit __P((char *));
# define GETUNIT(n) get_unit((n))
# else
# include <sys/kmem_alloc.h>
# define GETUNIT(n) ifunit((n), IFNAMSIZ)
# endif
# else
# define GETUNIT(n) ifunit((n))
# endif /* sun */
# if defined(sun) && !defined(linux)
# define UIOMOVE(a,b,c,d) uiomove(a,b,c,d)
# define SLEEP(id, n) sleep((id), PZERO+1)
# define KFREE(x) kmem_free((char *)(x), sizeof(*(x)))
# define KFREES(x,s) kmem_free((char *)(x), (s))
# if SOLARIS
typedef struct qif {
struct qif *qf_next;
ill_t *qf_ill;
kmutex_t qf_lock;
void *qf_iptr;
void *qf_optr;
queue_t *qf_in;
queue_t *qf_out;
void *qf_wqinfo;
void *qf_rqinfo;
int (*qf_inp) __P((queue_t *, mblk_t *));
int (*qf_outp) __P((queue_t *, mblk_t *));
mblk_t *qf_m;
int qf_len;
char qf_name[8];
/*
* in case the ILL has disappeared...
*/
int qf_hl; /* header length */
} qif_t;
# define SPLNET(x) ;
# undef SPLX
# define SPLX(x) ;
# ifdef sparc
# define ntohs(x) (x)
# define ntohl(x) (x)
# define htons(x) (x)
# define htonl(x) (x)
# endif
# define KMALLOC(a,b,c) (a) = (b)kmem_alloc((c), KM_NOSLEEP)
# define GET_MINOR(x) getminor(x)
# else
# define KMALLOC(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
# endif /* __svr4__ */
# endif /* sun && !linux */
# ifndef GET_MINOR
# define GET_MINOR(x) minor(x)
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
# include <vm/vm.h>
# if !defined(__FreeBSD__) || (defined (__FreeBSD__) && __FreeBSD__>=3)
# include <vm/vm_extern.h>
# include <sys/proc.h>
extern vm_map_t kmem_map;
# else
# include <vm/vm_kern.h>
# endif /* __FreeBSD__ */
/*
# define KMALLOC(a,b,c) (a) = (b)kmem_alloc(kmem_map, (c))
# define KFREE(x) kmem_free(kmem_map, (vm_offset_t)(x), \
sizeof(*(x)))
# define KFREES(x,s) kmem_free(kmem_map, (vm_offset_t)(x), (s))
*/
# ifdef M_PFIL
# define KMALLOC(a, b, c) MALLOC((a), b, (c), M_PFIL, M_NOWAIT)
# define KFREE(x) FREE((x), M_PFIL)
# define KFREES(x,s) FREE((x), M_PFIL)
# else
# define KMALLOC(a, b, c) MALLOC((a), b, (c), M_TEMP, M_NOWAIT)
# define KFREE(x) FREE((x), M_TEMP)
# define KFREES(x,s) FREE((x), M_TEMP)
# endif
# define UIOMOVE(a,b,c,d) uiomove(a,b,d)
# define SLEEP(id, n) tsleep((id), PPAUSE|PCATCH, n, 0)
# endif /* BSD */
# if defined(NetBSD1_0) && (NetBSD1_0 > 1)
# define SPLNET(x) x = splsoftnet()
# else
# if !SOLARIS
# define SPLNET(x) x = splnet()
# define SPLX(x) (void) splx(x)
# endif
# endif
# define PANIC(x,y) if (x) panic y
#else
# define PANIC(x,y) ;
# define MUTEX_ENTER(x) ;
# define MUTEX_EXIT(x) ;
# define SPLNET(x) ;
# undef SPLX
# define SPLX(x) ;
# define KMALLOC(a,b,c) (a) = (b)malloc(c)
# define KFREE(x) free(x)
# define KFREES(x,s) free(x)
# define GETUNIT(x) get_unit(x)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
#endif /* KERNEL */
#ifdef linux
# if LINUX < 0200
# define icmp icmphdr
# define icmp_type type
# define icmp_code code
# endif
# define ICMP_UNREACH ICMP_DEST_UNREACH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
/*
* From /usr/include/netinet/ip_var.h
* !%@#!$@# linux...
*/
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
# define TH_FIN 0x01
# define TH_SYN 0x02
# define TH_RST 0x04
# define TH_PUSH 0x08
# define TH_ACK 0x10
# define TH_URG 0x20
typedef struct {
__u16 th_sport;
__u16 th_dport;
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 th_res:4;
__u8 th_off:4;
#else
__u8 th_off:4;
__u8 th_res:4;
#endif
__u8 th_x;
__u8 th_flags;
__u16 th_win;
__u16 th_sum;
@ -152,8 +306,8 @@ typedef struct {
typedef struct {
__u16 uh_sport;
__u16 uh_dport;
__s16 uh_ulen;
__u16 uh_sum;
__u16 uh_ulen;
__u16 uh_sun;
} udphdr_t;
typedef struct {
@ -176,13 +330,10 @@ typedef struct {
struct in_addr ip_dst;
} ip_t;
typedef struct {
__u8 ether_dhost[6];
__u8 ether_shost[6];
__u16 ether_type;
} ether_header_t;
typedef struct icmp {
/*
* Structure of an icmp header.
*/
struct icmp {
u_char icmp_type; /* type of message, see below */
u_char icmp_code; /* type sub code */
u_short icmp_cksum; /* ones complement cksum of struct */
@ -195,11 +346,11 @@ typedef struct icmp {
} ih_idseq;
int ih_void;
} icmp_hun;
#define icmp_pptr icmp_hun.ih_pptr
#define icmp_gwaddr icmp_hun.ih_gwaddr
#define icmp_id icmp_hun.ih_idseq.icd_id
#define icmp_seq icmp_hun.ih_idseq.icd_seq
#define icmp_void icmp_hun.ih_void
# define icmp_pptr icmp_hun.ih_pptr
# define icmp_gwaddr icmp_hun.ih_gwaddr
# define icmp_id icmp_hun.ih_idseq.icd_id
# define icmp_seq icmp_hun.ih_idseq.icd_seq
# define icmp_void icmp_hun.ih_void
union {
struct id_ts {
n_time its_otime;
@ -213,30 +364,52 @@ typedef struct icmp {
u_long id_mask;
char id_data[1];
} icmp_dun;
#define icmp_otime icmp_dun.id_ts.its_otime
#define icmp_rtime icmp_dun.id_ts.its_rtime
#define icmp_ttime icmp_dun.id_ts.its_ttime
#define icmp_ip icmp_dun.id_ip.idi_ip
#define icmp_mask icmp_dun.id_mask
#define icmp_data icmp_dun.id_data
} icmphdr_t;
# define icmp_otime icmp_dun.id_ts.its_otime
# define icmp_rtime icmp_dun.id_ts.its_rtime
# define icmp_ttime icmp_dun.id_ts.its_ttime
# define icmp_ip icmp_dun.id_ip.idi_ip
# define icmp_mask icmp_dun.id_mask
# define icmp_data icmp_dun.id_data
};
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
# define SPLX(x) (void)
# define SPLNET(x) (void)
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define UNITNAME(n) dev_get((n))
# define ifnet device
# define KMALLOC(a,b,c) (a) = (b)kmalloc((c), GFP_ATOMIC)
# define KFREE(x) kfree_s((x), sizeof(*(x)))
# define KFREES(x,s) kfree_s((x), (s))
# define IRCOPY(a,b,c) { \
error = verify_area(VERIFY_READ, \
(b) ,sizeof((b))); \
if (!error) \
memcpy_fromfs((b), (a), (c)); \
}
# define IWCOPY(a,b,c) { \
error = verify_area(VERIFY_WRITE, \
(b) ,sizeof((b))); \
if (!error) \
memcpy_tofs((b), (a), (c)); \
}
#else
typedef struct udphdr udphdr_t;
typedef struct tcphdr tcphdr_t;
typedef struct udphdr udphdr_t;
typedef struct icmp icmphdr_t;
typedef struct ip ip_t;
typedef struct ether_header ether_header_t;
#endif /* linux */
#endif
#if defined(__SVR4) || defined(__svr4__)
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bzero(a,b) memset(a,0,b)
#endif
#endif /* __IP_COMPAT_H__ */