2 * Copyright (C) 1993-1998 by Darren Reed.
4 * Redistribution and use in source and binary forms are permitted
5 * provided that this notice is preserved and due credit is given
6 * to the original author and the contributors.
9 # include <osreldate.h>
14 #include <sys/types.h>
15 #if !defined(__SVR4) && !defined(__svr4__) && !defined(__sgi)
19 #include <sys/byteorder.h>
23 #include <sys/param.h>
28 #include <sys/socket.h>
29 #include <sys/ioctl.h>
30 #include <netinet/in.h>
31 #include <netinet/in_systm.h>
33 #include <netinet/ip_var.h>
35 #include <netinet/ip.h>
36 #include <netinet/udp.h>
37 #include <netinet/tcp.h>
38 #include <netinet/ip_icmp.h>
40 #if __FreeBSD_version >= 300000
41 # include <net/if_var.h>
44 #include <arpa/nameser.h>
45 #include <arpa/inet.h>
48 #include "ip_compat.h"
49 #include <netinet/tcpip.h>
57 static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-1996 Darren Reed";
58 static const char rcsid[] = "@(#)$Id: ipt.c,v 2.1.2.1 2000/01/24 14:49:11 darrenr Exp $";
62 extern struct frentry *ipfilter[2][2];
63 extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
64 extern struct ifnet *get_unit __P((char *));
65 extern void init_ifp __P((void));
66 extern ipnat_t *natparse __P((char *, int));
67 extern int fr_running;
70 int main __P((int, char *[]));
76 struct ipread *r = &iptext;
79 char *rules = NULL, *datain = NULL, *iface = NULL;
81 int fd, i, dir = 0, c;
83 while ((c = getopt(argc, argv, "bdEHi:I:NoPr:STvX")) != -1)
131 (void)fprintf(stderr,"no rule file present\n");
146 if (!strcmp(rules, "-"))
148 else if (!(fp = fopen(rules, "r"))) {
149 (void)fprintf(stderr, "couldn't open %s\n", rules);
152 if (!(opts & OPT_BRIEF))
153 (void)printf("opening rule file \"%s\"\n", rules);
154 while (fgets(line, sizeof(line)-1, fp)) {
157 * treat both CR and LF as EOL
159 if ((s = index(line, '\n')))
161 if ((s = index(line, '\r')))
164 * # is comment marker, everything after is a ignored
166 if ((s = index(line, '#')))
172 /* fake an `ioctl' call :) */
174 if ((opts & OPT_NAT) != 0) {
175 if (!(fr = natparse(line, linenum)))
177 i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
179 if (opts & OPT_DEBUG)
181 "iplioctl(ADNAT,%p,1) = %d\n",
184 if (!(fr = parse(line, linenum)))
186 i = IPL_EXTERN(ioctl)(0, SIOCADDFR, fr,
188 if (opts & OPT_DEBUG)
190 "iplioctl(ADDFR,%p,1) = %d\n",
197 if (opts & OPT_SAVEOUT)
201 fd = (*r->r_open)(datain);
203 fd = (*r->r_open)("-");
209 while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
210 &iface, &dir)) > 0) {
211 ifp = iface ? get_unit(iface) : NULL;
212 ip->ip_off = ntohs(ip->ip_off);
213 ip->ip_len = ntohs(ip->ip_len);
214 i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf);
215 if ((opts & OPT_NAT) == 0)
219 (void)printf("auth");
222 (void)printf("block");
225 (void)printf("pass");
228 (void)printf("nomatch");
232 if (!(opts & OPT_BRIEF)) {
234 printpacket((ip_t *)buf);
235 printf("--------------");
236 } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
237 printpacket((ip_t *)buf);
239 if (dir && ifp && ip->ip_v)
241 (*ifp->if_output)(ifp, (void *)buf, NULL);
243 (*ifp->if_output)(ifp, (void *)buf, NULL, 0);
246 if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))