ipf.c revision 7663b81667fda05833f609eceac713f0a83c2347
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include "ipf.h"
#include <fcntl.h>
#if SOLARIS2 >= 10
#include "ipl.h"
#else
#endif
#if !defined(lint)
#endif
#if SOLARIS
static void blockunknown __P((void));
#endif
#endif
extern char *optarg;
extern int optind;
int opts = 0;
int outputc = 0;
int use_inet6 = 0;
static int opendevice __P((char *, int));
static void closedevice __P((void));
static int showversion __P((void));
static int fd = -1;
static void usage()
{
#ifdef USE_INET6
"6"
#endif
"AdDEInoPrsUvVyzZ] %s %s %s %s\n",
"[-l block|pass|nomatch|state|nat]", "[-T optionlist]",
"[-F i|o|a|s|S|u]", "[-f filename]");
exit(1);
}
int argc;
char *argv[];
{
int c;
if (argc < 2)
usage();
switch (c)
{
case '?' :
usage();
break;
#ifdef USE_INET6
case '6' :
use_inet6 = 1;
break;
#endif
case 'A' :
opts &= ~OPT_INACTIVE;
break;
#ifdef USE_OPTIONC
case 'C' :
outputc = 1;
break;
#endif
case 'E' :
break;
case 'D' :
break;
case 'd' :
break;
case 'f' :
break;
case 'F' :
break;
case 'I' :
opts ^= OPT_INACTIVE;
break;
case 'l' :
break;
case 'n' :
opts ^= OPT_DONOTHING;
break;
case 'o' :
break;
case 'P' :
break;
case 'r' :
opts ^= OPT_REMOVE;
break;
case 's' :
swapactive();
break;
case 'T' :
break;
#if SOLARIS
case 'U' :
blockunknown();
break;
#endif
case 'v' :
opts += OPT_VERBOSE;
break;
case 'V' :
if (showversion())
exit(1);
break;
case 'y' :
frsync();
break;
case 'z' :
opts ^= OPT_ZERORULEST;
break;
case 'Z' :
zerostats();
break;
}
}
if (optind < 2)
usage();
if (fd != -1)
return(0);
/* NOTREACHED */
}
char *ipfdev;
int check;
{
if (opts & OPT_DONOTHING)
return -2;
return -2;
}
if (!ipfdev)
if (fd == -1)
perror("open device");
return fd;
}
static void closedevice()
{
fd = -1;
}
static int get_flags()
{
int i;
perror("SIOCGETFF");
return 0;
}
return i;
}
{
"IP FIlter: already initialized\n");
else
perror("SIOCFRENB");
}
return;
}
{
initparse();
if (outputc) {
printC(0);
printC(1);
}
}
int fd;
void *ptr;
{
if (outputc)
}
static void packetlogon(opt)
char *opt;
{
if (flag != 0) {
}
flag |= FF_LOGPASS;
if (opts & OPT_VERBOSE)
printf("set log flag: pass\n");
}
flag |= FF_LOGNOMATCH;
if (opts & OPT_VERBOSE)
printf("set log flag: nomatch\n");
}
flag |= FF_LOGBLOCK;
if (opts & OPT_VERBOSE)
printf("set log flag: block\n");
}
perror("ioctl(SIOCSETFF)");
}
if (opts & OPT_VERBOSE)
printf("set state log flag\n");
if (xfd >= 0) {
logopt = 0;
perror("ioctl(SIOCGETLG)");
else {
perror("ioctl(SIOCSETLG)");
}
}
}
if (opts & OPT_VERBOSE)
printf("set nat log flag\n");
if (xfd >= 0) {
logopt = 0;
perror("ioctl(SIOCGETLG)");
else {
perror("ioctl(SIOCSETLG)");
}
}
}
}
static void flushfilter(arg)
char *arg;
{
return;
if (*arg == 'S')
fl = 0;
else
fl = 1;
closedevice();
if (use_inet6) {
#ifdef USE_INET6
perror("SIOCIPFL6");
#endif
} else {
perror("SIOCIPFFL");
}
}
}
closedevice();
return;
}
#ifdef SIOCIPFFA
closedevice();
/*
* Flush auth rules and packets
*/
perror("open(IPL_AUTH)");
else {
perror("ioctl(SIOCIPFFA)");
}
closedevice();
return;
}
#endif
if (opts & OPT_INACTIVE)
fl |= FR_INACTIVE;
if (use_inet6) {
#ifdef USE_INET6
perror("SIOCIPFL6");
#endif
} else {
perror("SIOCIPFFL");
}
}
}
return;
}
static void swapactive()
{
int in = 2;
perror("ioctl(SIOCSWAPA)");
else
}
void frsync()
{
int frsyn = 0;
perror("SIOCFRSYN");
else
printf("filter sync'd\n");
}
void zerostats()
{
perror("ioctl(SIOCFRZST)");
exit(-1);
}
}
}
/*
* read the kernel stats for packets blocked and passed
*/
friostat_t *fp;
{
printf("bad packets:\t\tin %lu\tout %lu\n",
printf(" input packets:\t\tblocked %lu passed %lu nomatch %lu",
printf("output packets:\t\tblocked %lu passed %lu nomatch %lu",
printf(" input packets logged:\tblocked %lu passed %lu\n",
printf("output packets logged:\tblocked %lu passed %lu\n",
printf(" packets logged:\tinput %lu-%lu output %lu-%lu\n",
}
#if SOLARIS
static void blockunknown()
{
return;
flag ^= FF_BLOCKNONIP;
perror("ioctl(SIOCSETFF)");
perror("ioctl(SIOCGETFF)");
}
}
#endif
static int showversion()
{
char *s;
int vfd;
perror("open device");
return 1;
}
perror("ioctl(SIOCGETFS)");
return 1;
}
s = "";
if (flags & FF_LOGPASS) {
printf("pass");
s = ", ";
}
if (flags & FF_LOGBLOCK) {
printf("%sblock", s);
s = ", ";
}
if (flags & FF_LOGNOMATCH) {
printf("%snomatch", s);
s = ", ";
}
if (flags & FF_BLOCKNONIP) {
printf("%snonip", s);
s = ", ";
}
if (!*s)
printf("none set");
putchar('\n');
printf("Default: ");
s = "pass";
s = "block";
else
s = "nomatch -> block";
return 0;
}
char *tuneargs;
{
char *s, *t;
return;
if (!strcmp(s, "list")) {
while (1) {
perror("ioctl(SIOCIPFGETNEXT)");
break;
}
break;
printtunable(&tu);
}
*t++ = '\0';
perror("ioctl(SIOCIPFSET)");
return;
}
} else {
return;
}
} else {
perror("ioctl(SIOCIPFGET)");
return;
}
return;
printtunable(&tu);
}
}
}
static void printtunable(tup)
{
printf("%s\tmin %#lx\tmax %#lx\tcurrent ",
else {
}
}