2 * Copyright (C) 1993-1998 by Darren Reed.
4 * Redistribution and use in source and binary forms are permitted
5 * provided that this notice is preserved and due credit is given
6 * to the original author and the contributors.
9 # include <osreldate.h>
14 #include <sys/types.h>
15 #if !defined(__SVR4) && !defined(__svr4__) && !defined(__sgi)
19 #include <sys/byteorder.h>
23 #include <sys/param.h>
28 #include <sys/socket.h>
29 #include <sys/ioctl.h>
30 #include <netinet/in.h>
31 #include <netinet/in_systm.h>
33 #include <netinet/ip_var.h>
35 #include <netinet/ip.h>
36 #include <netinet/udp.h>
37 #include <netinet/tcp.h>
38 #include <netinet/ip_icmp.h>
40 #if __FreeBSD_version >= 300000
41 # include <net/if_var.h>
44 #include <arpa/nameser.h>
45 #include <arpa/inet.h>
48 #include "ip_compat.h"
49 #include <netinet/tcpip.h>
57 static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-1996 Darren Reed";
58 static const char rcsid[] = "@(#)$Id: ipt.c,v 2.1 1999/08/04 17:30:08 darrenr Exp $";
62 extern struct frentry *ipfilter[2][2];
63 extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
64 extern struct ifnet *get_unit __P((char *));
65 extern void init_ifp __P((void));
66 extern ipnat_t *natparse __P((char *, int));
69 int main __P((int, char *[]));
75 struct ipread *r = &iptext;
78 char *rules = NULL, *datain = NULL, *iface = NULL;
80 int fd, i, dir = 0, c;
82 while ((c = getopt(argc, argv, "bdEHi:I:NoPr:STvX")) != -1)
130 (void)fprintf(stderr,"no rule file present\n");
144 if (!strcmp(rules, "-"))
146 else if (!(fp = fopen(rules, "r"))) {
147 (void)fprintf(stderr, "couldn't open %s\n", rules);
150 if (!(opts & OPT_BRIEF))
151 (void)printf("opening rule file \"%s\"\n", rules);
152 while (fgets(line, sizeof(line)-1, fp)) {
155 * treat both CR and LF as EOL
157 if ((s = index(line, '\n')))
159 if ((s = index(line, '\r')))
162 * # is comment marker, everything after is a ignored
164 if ((s = index(line, '#')))
170 /* fake an `ioctl' call :) */
172 if ((opts & OPT_NAT) != 0) {
173 if (!(fr = natparse(line, linenum)))
175 i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT,
177 if (opts & OPT_DEBUG)
179 "iplioctl(ADNAT,%p,1) = %d\n",
182 if (!(fr = parse(line, linenum)))
184 i = IPL_EXTERN(ioctl)(0, SIOCADDFR, fr,
186 if (opts & OPT_DEBUG)
188 "iplioctl(ADDFR,%p,1) = %d\n",
195 if (opts & OPT_SAVEOUT)
199 fd = (*r->r_open)(datain);
201 fd = (*r->r_open)("-");
207 while ((i = (*r->r_readip)((char *)buf, sizeof(buf),
208 &iface, &dir)) > 0) {
209 ifp = iface ? get_unit(iface) : NULL;
210 ip->ip_off = ntohs(ip->ip_off);
211 ip->ip_len = ntohs(ip->ip_len);
212 i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf);
213 if ((opts & OPT_NAT) == 0)
217 (void)printf("auth");
220 (void)printf("block");
223 (void)printf("pass");
226 (void)printf("nomatch");
230 if (!(opts & OPT_BRIEF)) {
232 printpacket((ip_t *)buf);
233 printf("--------------");
234 } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
235 printpacket((ip_t *)buf);
237 if (dir && ifp && ip->ip_v)
239 (*ifp->if_output)(ifp, (void *)buf, NULL);
241 (*ifp->if_output)(ifp, (void *)buf, NULL, 0);
244 if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))
projects / FreeBSD / FreeBSD.git / blob