contrib/ipfilter/ipt.c

   1 /*
   2  * Copyright (C) 1993-1998 by Darren Reed.
   3  *
   4  * Redistribution and use in source and binary forms are permitted
   5  * provided that this notice is preserved and due credit is given
   6  * to the original author and the contributors.
   7  */
   8 #ifdef  __FreeBSD__
   9 # include <osreldate.h>
  10 #endif
  11 #include <stdio.h>
  12 #include <assert.h>
  13 #include <string.h>
  14 #include <sys/types.h>
  15 #if !defined(__SVR4) && !defined(__svr4__) && !defined(__sgi)
  16 #include <strings.h>
  17 #else
  18 #if !defined(__sgi)
  19 #include <sys/byteorder.h>
  20 #endif
  21 #include <sys/file.h>
  22 #endif
  23 #include <sys/param.h>
  24 #include <sys/time.h>
  25 #include <stdlib.h>
  26 #include <unistd.h>
  27 #include <stddef.h>
  28 #include <sys/socket.h>
  29 #include <sys/ioctl.h>
  30 #include <netinet/in.h>
  31 #include <netinet/in_systm.h>
  32 #ifndef linux
  33 #include <netinet/ip_var.h>
  34 #endif
  35 #include <netinet/ip.h>
  36 #include <netinet/udp.h>
  37 #include <netinet/tcp.h>
  38 #include <netinet/ip_icmp.h>
  39 #include <net/if.h>
  40 #if __FreeBSD_version >= 300000
  41 # include <net/if_var.h>
  42 #endif
  43 #include <netdb.h>
  44 #include <arpa/nameser.h>
  45 #include <arpa/inet.h>
  46 #include <resolv.h>
  47 #include <ctype.h>
  48 #include "ip_compat.h"
  49 #include <netinet/tcpip.h>
  50 #include "ip_fil.h"
  51 #include "ip_nat.h"
  52 #include "ip_state.h"
  53 #include "ipf.h"
  54 #include "ipt.h"
  55
  56 #if !defined(lint)
  57 static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-1996 Darren Reed";
  58 static const char rcsid[] = "@(#)$Id: ipt.c,v 2.1.2.1 2000/01/24 14:49:11 darrenr Exp $";
  59 #endif
  60
  61 extern  char    *optarg;
  62 extern  struct frentry  *ipfilter[2][2];
  63 extern  struct ipread   snoop, etherf, tcpd, pcap, iptext, iphex;
  64 extern  struct ifnet    *get_unit __P((char *));
  65 extern  void    init_ifp __P((void));
  66 extern  ipnat_t *natparse __P((char *, int));
  67 extern  int     fr_running;
  68
  69 int     opts = 0;
  70 int     main __P((int, char *[]));
  71
  72 int main(argc,argv)
  73 int argc;
  74 char *argv[];
  75 {
  76         struct  ipread  *r = &iptext;
  77         u_long  buf[2048];
  78         struct  ifnet   *ifp;
  79         char    *rules = NULL, *datain = NULL, *iface = NULL;
  80         ip_t    *ip;
  81         int     fd, i, dir = 0, c;
  82
  83         while ((c = getopt(argc, argv, "bdEHi:I:NoPr:STvX")) != -1)
  84                 switch (c)
  85                 {
  86                 case 'b' :
  87                         opts |= OPT_BRIEF;
  88                         break;
  89                 case 'd' :
  90                         opts |= OPT_DEBUG;
  91                         break;
  92                 case 'i' :
  93                         datain = optarg;
  94                         break;
  95                 case 'I' :
  96                         iface = optarg;
  97                         break;
  98                 case 'o' :
  99                         opts |= OPT_SAVEOUT;
 100                         break;
 101                 case 'r' :
 102                         rules = optarg;
 103                         break;
 104                 case 'v' :
 105                         opts |= OPT_VERBOSE;
 106                         break;
 107                 case 'E' :
 108                         r = &etherf;
 109                         break;
 110                 case 'H' :
 111                         r = &iphex;
 112                         break;
 113                 case 'N' :
 114                         opts |= OPT_NAT;
 115                         break;
 116                 case 'P' :
 117                         r = &pcap;
 118                         break;
 119                 case 'S' :
 120                         r = &snoop;
 121                         break;
 122                 case 'T' :
 123                         r = &tcpd;
 124                         break;
 125                 case 'X' :
 126                         r = &iptext;
 127                         break;
 128                 }
 129
 130         if (!rules) {
 131                 (void)fprintf(stderr,"no rule file present\n");
 132                 exit(-1);
 133         }
 134
 135         nat_init();
 136         fr_stateinit();
 137         initparse();
 138         fr_running = 1;
 139
 140         if (rules) {
 141                 char    line[513], *s;
 142                 void    *fr;
 143                 FILE    *fp;
 144                 int     linenum = 0;
 145
 146                 if (!strcmp(rules, "-"))
 147                         fp = stdin;
 148                 else if (!(fp = fopen(rules, "r"))) {
 149                         (void)fprintf(stderr, "couldn't open %s\n", rules);
 150                         exit(-1);
 151                 }
 152                 if (!(opts & OPT_BRIEF))
 153                         (void)printf("opening rule file \"%s\"\n", rules);
 154                 while (fgets(line, sizeof(line)-1, fp)) {
 155                         linenum++;
 156                         /*
 157                          * treat both CR and LF as EOL
 158                          */
 159                         if ((s = index(line, '\n')))
 160                                 *s = '\0';
 161                         if ((s = index(line, '\r')))
 162                                 *s = '\0';
 163                         /*
 164                          * # is comment marker, everything after is a ignored
 165                          */
 166                         if ((s = index(line, '#')))
 167                                 *s = '\0';
 168
 169                         if (!*line)
 170                                 continue;
 171
 172                         /* fake an `ioctl' call :) */
 173
 174                         if ((opts & OPT_NAT) != 0) {
 175                                 if (!(fr = natparse(line, linenum)))
 176                                         continue;
 177                                 i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
 178                                                       fr, FWRITE|FREAD);
 179                                 if (opts & OPT_DEBUG)
 180                                         fprintf(stderr,
 181                                                 "iplioctl(ADNAT,%p,1) = %d\n",
 182                                                 fr, i);
 183                         } else {
 184                                 if (!(fr = parse(line, linenum)))
 185                                         continue;
 186                                 i = IPL_EXTERN(ioctl)(0, SIOCADDFR, fr,
 187                                                       FWRITE|FREAD);
 188                                 if (opts & OPT_DEBUG)
 189                                         fprintf(stderr,
 190                                                 "iplioctl(ADDFR,%p,1) = %d\n",
 191                                                 fr, i);
 192                         }
 193                 }
 194                 (void)fclose(fp);
 195         }
 196
 197         if (opts & OPT_SAVEOUT)
 198                 init_ifp();
 199
 200         if (datain)
 201                 fd = (*r->r_open)(datain);
 202         else
 203                 fd = (*r->r_open)("-");
 204
 205         if (fd < 0)
 206                 exit(-1);
 207
 208         ip = (ip_t *)buf;
 209         while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
 210                                     &iface, &dir)) > 0) {
 211                 ifp = iface ? get_unit(iface) : NULL;
 212                 ip->ip_off = ntohs(ip->ip_off);
 213                 ip->ip_len = ntohs(ip->ip_len);
 214                 i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf);
 215                 if ((opts & OPT_NAT) == 0)
 216                         switch (i)
 217                         {
 218                         case -2 :
 219                                 (void)printf("auth");
 220                                 break;
 221                         case -1 :
 222                                 (void)printf("block");
 223                                 break;
 224                         case 0 :
 225                                 (void)printf("pass");
 226                                 break;
 227                         case 1 :
 228                                 (void)printf("nomatch");
 229                                 break;
 230                         }
 231
 232                 if (!(opts & OPT_BRIEF)) {
 233                         putchar(' ');
 234                         printpacket((ip_t *)buf);
 235                         printf("--------------");
 236                 } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
 237                         printpacket((ip_t *)buf);
 238 #ifndef linux
 239                 if (dir && ifp && ip->ip_v)
 240 # ifdef __sgi
 241                         (*ifp->if_output)(ifp, (void *)buf, NULL);
 242 # else
 243                         (*ifp->if_output)(ifp, (void *)buf, NULL, 0);
 244 # endif
 245 #endif
 246                 if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))
 247                         putchar('\n');
 248                 dir = 0;
 249         }
 250         (*r->r_close)();
 251         return 0;
 252 }