Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import IPFilter 3.4.25

Browse Source
This commit is contained in:
martti 2002-03-14 12:30:07 +00:00
parent 8307c93fb8
commit a79df224af
18 changed files with 342 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
dist/ipf/IRIX/Makefile.std vendored
View File

@ -12,6 +12,7 @@
# Automatically determine compiler switches and defines for kernel compilation
# based on our current CPU:
#
SGIREV=-DIRIX=$(SGI)
DCPU=`uname -m`
KFLAGS=`$(TOP)/IRIX/getkflags`
#
@ -41,7 +42,7 @@ MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)"
#
CCARGS=-D_STANDALONE $(DEBUG) $(CFLAGS)
CCARGS=$(SGIREV) -D_STANDALONE $(DEBUG) $(CFLAGS) $(IPFLOG)
#
########## ########## ########## ########## ########## ########## ##########
#
@ -52,19 +53,21 @@ INSTALL=/sbin/install
#
MODOBJS=ip_fil.o fil_k.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
ip_auth.o ip_log.o
DFLAGS=$(IPFLKM) $(IPFLOG) $(KFLAGS) $(MLFLAGS) -jalr #-D_MP_NETLOCKS -DMP
DFLAGS=$(IPFLKM) $(KFLAGS) $(MLFLAGS) -jalr $(SGIREV) \
#-D_MP_NETLOCKS -DMP
IPF=ipf.o parse.o common.o opt.o inet_addr.o facpri.o
IPT=ipt.o parse.o common.o fil.o ipft_sn.o ipft_ef.o ipft_td.o ipft_pc.o \
opt.o ipft_tx.o misc.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_proxy_u.o \
ip_auth_u.o ipft_hx.o ip_fil_u.o inet_addr.o natparse.o facpri.o
IPNAT=ipnat.o kmem.o natparse.o common.o inet_addr.o
FILS=fils.o parse.o common.o kmem.o opt.o inet_addr.o facpri.o
ip_auth_u.o ipft_hx.o ip_fil_u.o ip_log_u.o inet_addr.o natparse.o \
facpri.o printnat.o printstate.o
IPNAT=ipnat.o kmem.o natparse.o common.o inet_addr.o printnat.o
FILS=fils.o parse.o common.o kmem.o opt.o inet_addr.o facpri.o printstate.o
build all: ipf ipfstat ipftest ipmon ipnat $(LKM)
ipfstat: $(FILS)
$(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) $(FILS) \
-o $@ $(LIBS) $(STATETOP_LIB)
-o $@ $(LIBS) $(STATETOP_LIB) -lelf
ipf: $(IPF)
$(CC) $(CCARGS) $(IPF) -o $@ $(LIBS)
@ -77,7 +80,7 @@ ipftest: $(IPT)
ln -s `pwd`/ipftest $(TOP)
ipnat: $(IPNAT)
$(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS)
$(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS) -lelf
tests:
(cd test; make )
@ -152,6 +155,9 @@ ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
ip_fil_u.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(TOP)/$(IPFILC) -o $@
ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(TOP)/ip_log.c -o $@
$(LKM): $(MODOBJS)
ld $(MLFLAGS) -r -d $(MODOBJS) -o $(LKM)
@ -196,18 +202,28 @@ facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h
ipmon: $(TOP)/ipmon.c
$(CC) $(CCARGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS)
${RM} -f $(TOP)/ipmon
ln -s `pwd`/ipmon $(TOP)
natparse.o: $(TOP)/natparse.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_proxy.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/natparse.c -o $@
printnat.o: $(TOP)/printnat.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_proxy.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/printnat.c -o $@
printstate.o: $(TOP)/printstate.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(TOP)/printstate.c -o $@
clean:
${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon ipnat $(LKM)
${MAKE} -f Makefile.ipsend ${MFLAGS} clean
-(for i in *; do \
if [ -d $${i} -a -f $${i}/Makefile ] ; then \
cd $${i}; (make clean); cd ..; \
${RM} $${i}/Makefile $${i}/Makefile.ipsend; \
${RM} $${i}/Makefile* $${i}/Makefile.ipsend*; \
rmdir $${i}; \
fi \
done)

6
dist/ipf/IRIX/getkflags vendored
View File

@ -4,9 +4,9 @@ sed \
-e 's/\!empty//' \
-e 's/"//g' \
-e 's/\$(\([_A-Z]*\)) == /\1 == /' \
-e 's/== IP/== /' -e 's/#[^ie].*//' \
-e 's/== *IP/== /g' -e 's/)=/) =/g' -e 's/#[^ie].*//' \
-e 's/\$(CPUBOARD)/CPUBOARD/g' \
-e 's/^#$//' /var/sysgen/Makefile.kernio | \
egrep -v '^$|^ROOT|^include' | \
/usr/lib/cpp -DCPUBOARD=${CPUNUM} | \
egrep -v '^$|^#.*'
egrep -v '^$|^#.*|^$|^ROOT=|^include'
exit 0

6
dist/ipf/IRIX/getrev vendored Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
osrev=`uname -r`
major=`expr $osrev : '\([0-9]\)\..*'`
minor=`expr $osrev : '.*\.\([0-9]\)'`
printf '%d%02d' $major $minor
exit 0

21
dist/ipf/OpenBSD/fixdist-3.0 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: fixdist-3.0,v 1.1.1.1 2002/01/24 08:18:32 martti Exp $
.\" $NetBSD: fixdist-3.0,v 1.1.1.2 2002/03/14 12:30:13 martti Exp $
.\"
#!/bin/sh
#
@ -59,7 +59,7 @@ cat > ${OFILE} << __EOF__
PROG= ipf
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-I\${.CURDIR}/../../sys/netinet
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
@ -80,7 +80,7 @@ PROG= ipfstat
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../../sbin/ipf
CFLAGS+=-I\${.CURDIR}/../../sbin/ipf -DSTATETOP \\
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf -DSTATETOP \\
-I\${.CURDIR}/../../sys/netinet
DPADD= \${LIBCURSES}
LDADD= -lcurses -lkvm
@ -104,7 +104,7 @@ PROG= ipnat
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../ipfstat \${.CURDIR}/../ipf
CFLAGS+=-I\${.CURDIR}/../../sbin/ipfstat -I\${.CURDIR}/../ipf \\
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipfstat -I\${.CURDIR}/../ipf \\
-I\${.CURDIR}/../../sys/netinet
LDADD= -lkvm
@ -163,8 +163,8 @@ SRCS= ${SFILES}
.PATH: \${.CURDIR}/../../sbin/ipf \${.CURDIR}/../../sbin/ipfstat \\
\${.CURDIR}/../../sys/netinet \${.CURDIR}/../../sbin/ipnat
CFLAGS+=-I\${.CURDIR}/../../sbin/ipf -I\${.CURDIR}/../../sys/netinet \\
-I\${.CURDIR}/../../sys -I\${.CURDIR}
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\
-I\${.CURDIR}/../../sys/netinet -I\${.CURDIR}/../../sys -I\${.CURDIR}
.include <bsd.prog.mk>
__EOF__
@ -186,7 +186,8 @@ PROG= ipfs
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-I\${.CURDIR}/../../sbin/ipf -I\${.CURDIR}/../../sys/netinet
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\
-I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
@ -207,7 +208,7 @@ cat > ${OFILE} << __EOF__
PROG= ipmon
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-I\${.CURDIR}/../../sys/netinet
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
@ -276,7 +277,7 @@ PROG= ipresend
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+= -DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sbin/ipf \\
-I\${.CURDIR}/../../../sys/netinet -I\${.CURDIR}/..
.PATH: \${.CURDIR}/../common \${.CURDIR}/../../ipftest \\
@ -302,7 +303,7 @@ PROG= iptest
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+= -DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sys/netinet \\
-I\${.CURDIR}/../../../sbin/ipf -I\${.CURDIR}/..
.PATH: \${.CURDIR}/../common

5
dist/ipf/common.c vendored
View File

@ -1,10 +1,13 @@
/* $NetBSD: common.c,v 1.1.1.4 2002/01/24 08:18:29 martti Exp $ */
/* $NetBSD: common.c,v 1.1.1.5 2002/03/14 12:30:07 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>

5
dist/ipf/printstate.c vendored
View File

@ -1,10 +1,13 @@
/* $NetBSD: printstate.c,v 1.1.1.1 2002/01/24 08:18:30 martti Exp $ */
/* $NetBSD: printstate.c,v 1.1.1.2 2002/03/14 12:30:10 martti Exp $ */
/*
* Copyright (C) 2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
# include <sys/ptimers.h>
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>

9
dist/ipf/test/expected/f15 vendored Normal file
View File

@ -0,0 +1,9 @@
block return-rst
pass
block return-icmp
pass
block
nomatch
pass
pass
--------

9
dist/ipf/test/expected/f16 vendored Normal file
View File

@ -0,0 +1,9 @@
block
block
pass
block
pass
pass
block
block
--------

49
dist/ipf/test/expected/l1 vendored Normal file
View File

@ -0,0 +1,49 @@
log in all
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
--------
pass in on anon0 all head 100
--------
pass in log quick from 3.3.3.3 to any group 100
--------
pass in log body quick from 2.2.2.2 to any
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
--------
pass in log quick proto tcp from 1.1.1.1 to any flags S keep state
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
--------
pass in log first quick proto tcp from 1.1.1.1 to any flags S keep state
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
--------
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
01/01/1970 10:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
01/01/1970 10:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
01/01/1970 10:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
--------

47
dist/ipf/test/expected/l1.b vendored Normal file
View File

@ -0,0 +1,47 @@
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
--------
--------
--------
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01 02 03 04 05 06 07 08 09 0a 0b 0d ............
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
--------
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
--------
01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
--------
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
01/01/1970 10:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
01/01/1970 10:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
01 02 03 04 05 06 07 08 09 0a 0b 0d ............
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
01 02 03 04 05 06 07 08 09 0a 0b 0d 0e 0f 40 61 ..............@a
42 63 44 65 46 67 48 69 4a 6b 4c 6d BcDeFgHiJkLm
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
01/01/1970 10:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
--------

8
dist/ipf/test/input/f15 vendored Normal file
View File

@ -0,0 +1,8 @@
in on hme0 tcp 10.1.2.3,1200 195.134.65.10,100 S
in on hme0 tcp 10.1.2.3,1200 195.134.65.10,22 S
in on hme0 udp 10.1.2.3,1200 195.134.65.10,100
in on hme0 udp 10.1.2.3,53 195.134.65.10,53
in on hme0 10.1.2.3 195.134.65.10
in on hme1 195.134.65.10 10.1.2.3
in on hme1 udp 195.134.65.10,53 10.1.2.3,53
in on hme1 tcp 195.134.65.10,22 10.1.2.3,1200 SA

8
dist/ipf/test/input/f16 vendored Normal file
View File

@ -0,0 +1,8 @@
in 2.2.2.2 5.5.5.5
in 2.2.2.2 1.1.1.1
in udp 4.4.4.4,110 1.1.1.1,53
in udp 4.4.4.9,101 1.1.1.3,35
in udp 4.4.4.8,111 1.1.1.2,53
in tcp 4.4.4.7,220 1.1.1.1,23
in tcp 4.4.4.6,202 1.1.1.3,22
in tcp 4.4.4.5,222 1.1.1.2,52

52
dist/ipf/test/input/l1 vendored Normal file
View File

@ -0,0 +1,52 @@
# 1.1.1.1,1025 -> 2.2.2.2,25 TTL=63 TCP DF SYN
45 00 0028 0000 4000 3f 06 0000 01010101 02020202
0401 0019 00000000 00000000 50 02 2000 0000 0000
#in on e0 tcp 1.1.1.1,1025 2.1.2.2,25 A
45 00 0028 0000 4000 3f 06 0000 01010101 02020202
0401 0019 00000000 00000000 50 10 2000 0000 0000
#in on e1 tcp 2.1.2.2,25 1.1.1.1,1025 AS
45 00 0028 0000 4000 3f 06 0000 02020202 01010101
0019 0401 00000000 00000000 50 12 2000 0000 0000
#in on e1 tcp 2.1.2.2,25 1.1.1.1,1025 A
[out,e1] 45 00 0028 0000 4000 3f 06 0000 02020202 01010101
0019 0401 00000000 00000000 50 10 2000 0000 0000
#in on e0 tcp 1.1.1.1,1025 2.1.2.2,25 F
45 00 0028 0000 4000 3f 06 0000 01010101 02020202
0401 0019 00000000 00000000 50 01 2000 0000 0000
#in on e0 tcp 1.1.1.1,1025 2.1.2.2,25 A
45 00 0028 0000 4000 3f 06 0000 01010101 02020202
0401 0019 00000000 00000000 50 10 2000 0000 0000
#in on e0 tcp 1.1.1.1,1025 2.1.2.2,25 A
45 00 0028 0000 4000 3f 06 0000 01010101 02020202
0401 0019 00000000 00000000 50 10 2000 0000 0000
#in on e1 udp 1.1.1.1,1 4.4.4.4,53
45 00 0028 0000 4000 3f 11 0000 01010101 04040404
0001 0035 0000 0000 0102 0304 0506 0708 090a 0b0d
#in on e1 udp 2.2.2.2,2 4.4.4.4,53
45 00 0028 0000 4000 3f 11 0000 02020202 04040404
0001 0035 0000 0000 0102 0304 0506 0708 090a 0b0d
#in on e1 udp 2.2.2.2,2 4.4.4.4,53
45 00 0038 0000 4000 3f 11 0000 02020202 04040404
0001 0035 0000 0000 0102 0304 0506 0708 090a 0b0d
0e0f 4061 4263 4465 4667 4869 4a6b 4c6d
#in on e0 ip 4.4.4.4,53 1.1.1.1,1
45 00 0014 0000 4000 3f 00 0000 02020202 04040404
#in on e0 udp 3.3.3.3,1023 1.1.1.1,2049
45 00 001c 0000 4000 3f 11 0000 03030303 01010101
03ff 0801 0000 0000
#in on e0 udp 1.1.1.1,2049 3.3.3.3,1023
45 00 001c 0000 4000 3f 11 0000 01010101 03030303
0801 03ff 0000 0000

48
dist/ipf/test/logtest vendored Normal file
View File

@ -0,0 +1,48 @@
#!/bin/sh
if [ -f /usr/ucb/touch ] ; then
TOUCH=/usr/ucb/touch
else
if [ -f /usr/bin/touch ] ; then
TOUCH=/usr/bin/touch
else
if [ -f /bin/touch ] ; then
TOUCH=/bin/touch
fi
fi
fi
echo "$1...";
/bin/cp /dev/null results/$1
/bin/cp /dev/null results/$1.b
( while read rule; do
echo $rule >> results/$1
echo $rule | ../ipftest -br - -Hi input/$1 -l logout > /dev/null
if [ $? -ne 0 ] ; then
/bin/rm -f logout
exit 1
fi
../ipmon -P /dev/null -f logout >> results/$1
echo "--------" >> results/$1
../ipmon -P /dev/null -bf logout >> results/$1.b
echo "--------" >> results/$1.b
done ) < regress/$1
../ipftest -br regress/$1 -Hi input/$1 -l logout > /dev/null
../ipmon -P /dev/null -f logout >> results/$1
echo "--------" >> results/$1
../ipmon -P /dev/null -bf logout >> results/$1.b
echo "--------" >> results/$1.b
cmp expected/$1 results/$1
status=$?
if [ $status -ne 0 ] ; then
exit $status
fi
cmp expected/$1.b results/$1.b
status=$?
if [ $status -ne 0 ] ; then
exit $status
fi
/bin/rm -f logout
$TOUCH $1
exit 0

36
dist/ipf/test/mtest vendored Normal file
View File

@ -0,0 +1,36 @@
#!/bin/sh
# multiple rules at the same time
if [ -f /usr/ucb/touch ] ; then
TOUCH=/usr/ucb/touch
else
if [ -f /usr/bin/touch ] ; then
TOUCH=/usr/bin/touch
else
if [ -f /bin/touch ] ; then
TOUCH=/bin/touch
fi
fi
fi
echo "$1...";
/bin/cp /dev/null results/$1
../ipftest -br regress/$1 -i input/$1 > results/$1
if [ $? -ne 0 ] ; then
exit 1
fi
echo "--------" >> results/$1
cmp expected/$1 results/$1
status=$?
if [ $status -ne 0 ] ; then
exit $status
fi
cmp expected/$1 results/$1
status=$?
if [ $status -ne 0 ] ; then
exit $status
fi
$TOUCH $1
exit 0

8
dist/ipf/test/regress/f15 vendored Normal file
View File

@ -0,0 +1,8 @@
block in log quick on hme0 from any to 195.134.65.0/25 head 10
block return-rst in log quick proto tcp all flags S head 100 group 10
pass in quick proto tcp from any to any port = 22 keep state group 100
pass in quick proto tcp from any to any port = 23 keep state group 100
pass in quick proto tcp from any to any port = 21 keep state group 100
block return-icmp in quick proto udp all keep state head 110 group 10
pass in quick proto udp from any to any port = 53 keep state group 110
block in log quick on hme0 from any to any

10
dist/ipf/test/regress/f16 vendored Normal file
View File

@ -0,0 +1,10 @@
pass in all
skip 2 in proto tcp all
block in quick proto tcp all
skip 4 in proto udp all
block in quick proto udp all
pass in quick proto tcp from any to 1.1.1.1
pass in quick proto tcp from any to 1.1.1.2 port = 22
block in quick proto udp from any to any port = 53
pass in quick proto udp from any to any port = 53
block in all

6
dist/ipf/test/regress/l1 vendored Normal file
View File

@ -0,0 +1,6 @@
log in all
pass in on anon0 all head 100
pass in log quick from 3.3.3.3 to any group 100
pass in log body quick from 2.2.2.2 to any
pass in log quick proto tcp from 1.1.1.1 to any flags S keep state
pass in log first quick proto tcp from 1.1.1.1 to any flags S keep state