17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed.
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing.
57c478bd9Sstevel@tonic-gate *
6ab25eeb5Syz * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $
77c478bd9Sstevel@tonic-gate */
87c478bd9Sstevel@tonic-gate
97c478bd9Sstevel@tonic-gate /*
107c478bd9Sstevel@tonic-gate tcpdump -n
117c478bd9Sstevel@tonic-gate
127c478bd9Sstevel@tonic-gate 00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap)
137c478bd9Sstevel@tonic-gate
147c478bd9Sstevel@tonic-gate tcpdump -nq
157c478bd9Sstevel@tonic-gate
167c478bd9Sstevel@tonic-gate 00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap)
177c478bd9Sstevel@tonic-gate
187c478bd9Sstevel@tonic-gate tcpdump -nqt
197c478bd9Sstevel@tonic-gate
207c478bd9Sstevel@tonic-gate 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
217c478bd9Sstevel@tonic-gate
227c478bd9Sstevel@tonic-gate tcpdump -nqtt
237c478bd9Sstevel@tonic-gate
247c478bd9Sstevel@tonic-gate 123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate tcpdump -nqte
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate 8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gate */
317c478bd9Sstevel@tonic-gate
327c478bd9Sstevel@tonic-gate #include "ipf.h"
337c478bd9Sstevel@tonic-gate #include "ipt.h"
347c478bd9Sstevel@tonic-gate
35ab25eeb5Syz #ifndef linux
367c478bd9Sstevel@tonic-gate #include <netinet/ip_var.h>
37ab25eeb5Syz #endif
387c478bd9Sstevel@tonic-gate #include <netinet/tcpip.h>
397c478bd9Sstevel@tonic-gate
407c478bd9Sstevel@tonic-gate
417c478bd9Sstevel@tonic-gate #if !defined(lint)
427c478bd9Sstevel@tonic-gate static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
43ab25eeb5Syz static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $";
447c478bd9Sstevel@tonic-gate #endif
457c478bd9Sstevel@tonic-gate
467c478bd9Sstevel@tonic-gate static int tcpd_open __P((char *));
477c478bd9Sstevel@tonic-gate static int tcpd_close __P((void));
487c478bd9Sstevel@tonic-gate static int tcpd_readip __P((char *, int, char **, int *));
497c478bd9Sstevel@tonic-gate static int count_dots __P((char *));
507c478bd9Sstevel@tonic-gate
517c478bd9Sstevel@tonic-gate struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip, 0 };
527c478bd9Sstevel@tonic-gate
537c478bd9Sstevel@tonic-gate static FILE *tfp = NULL;
547c478bd9Sstevel@tonic-gate static int tfd = -1;
557c478bd9Sstevel@tonic-gate
567c478bd9Sstevel@tonic-gate
tcpd_open(fname)577c478bd9Sstevel@tonic-gate static int tcpd_open(fname)
587c478bd9Sstevel@tonic-gate char *fname;
597c478bd9Sstevel@tonic-gate {
607c478bd9Sstevel@tonic-gate if (tfd != -1)
617c478bd9Sstevel@tonic-gate return tfd;
627c478bd9Sstevel@tonic-gate
637c478bd9Sstevel@tonic-gate if (!strcmp(fname, "-")) {
647c478bd9Sstevel@tonic-gate tfd = 0;
657c478bd9Sstevel@tonic-gate tfp = stdin;
667c478bd9Sstevel@tonic-gate } else {
677c478bd9Sstevel@tonic-gate tfd = open(fname, O_RDONLY);
687c478bd9Sstevel@tonic-gate tfp = fdopen(tfd, "r");
697c478bd9Sstevel@tonic-gate }
707c478bd9Sstevel@tonic-gate return tfd;
717c478bd9Sstevel@tonic-gate }
727c478bd9Sstevel@tonic-gate
737c478bd9Sstevel@tonic-gate
tcpd_close()747c478bd9Sstevel@tonic-gate static int tcpd_close()
757c478bd9Sstevel@tonic-gate {
767c478bd9Sstevel@tonic-gate (void) fclose(tfp);
777c478bd9Sstevel@tonic-gate return close(tfd);
787c478bd9Sstevel@tonic-gate }
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate
count_dots(str)817c478bd9Sstevel@tonic-gate static int count_dots(str)
827c478bd9Sstevel@tonic-gate char *str;
837c478bd9Sstevel@tonic-gate {
847c478bd9Sstevel@tonic-gate int i = 0;
857c478bd9Sstevel@tonic-gate
867c478bd9Sstevel@tonic-gate while (*str)
877c478bd9Sstevel@tonic-gate if (*str++ == '.')
887c478bd9Sstevel@tonic-gate i++;
897c478bd9Sstevel@tonic-gate return i;
907c478bd9Sstevel@tonic-gate }
917c478bd9Sstevel@tonic-gate
927c478bd9Sstevel@tonic-gate
tcpd_readip(buf,cnt,ifn,dir)937c478bd9Sstevel@tonic-gate static int tcpd_readip(buf, cnt, ifn, dir)
947c478bd9Sstevel@tonic-gate char *buf, **ifn;
957c478bd9Sstevel@tonic-gate int cnt, *dir;
967c478bd9Sstevel@tonic-gate {
977c478bd9Sstevel@tonic-gate struct tcpiphdr pkt;
987c478bd9Sstevel@tonic-gate ip_t *ip = (ip_t *)&pkt;
997c478bd9Sstevel@tonic-gate char src[32], dst[32], misc[256], time[32], link1[32], link2[32];
1007c478bd9Sstevel@tonic-gate char lbuf[160], *s;
1017c478bd9Sstevel@tonic-gate int n, slen, extra = 0;
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate if (!fgets(lbuf, sizeof(lbuf) - 1, tfp))
1047c478bd9Sstevel@tonic-gate return 0;
1057c478bd9Sstevel@tonic-gate
1067c478bd9Sstevel@tonic-gate if ((s = strchr(lbuf, '\n')))
1077c478bd9Sstevel@tonic-gate *s = '\0';
1087c478bd9Sstevel@tonic-gate lbuf[sizeof(lbuf)-1] = '\0';
1097c478bd9Sstevel@tonic-gate
1107c478bd9Sstevel@tonic-gate bzero(&pkt, sizeof(pkt));
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate if ((n = sscanf(lbuf, "%31s > %31s: %255s", src, dst, misc)) != 3)
1137c478bd9Sstevel@tonic-gate if ((n = sscanf(lbuf, "%31s %31s > %31s: %255s",
1147c478bd9Sstevel@tonic-gate time, src, dst, misc)) != 4)
1157c478bd9Sstevel@tonic-gate if ((n = sscanf(lbuf, "%31s %31s: %31s > %31s: %255s",
1167c478bd9Sstevel@tonic-gate link1, link2, src, dst, misc)) != 5) {
1177c478bd9Sstevel@tonic-gate n = sscanf(lbuf,
1187c478bd9Sstevel@tonic-gate "%31s %31s %31s: %31s > %31s: %255s",
1197c478bd9Sstevel@tonic-gate time, link1, link2, src, dst, misc);
1207c478bd9Sstevel@tonic-gate if (n != 6)
1217c478bd9Sstevel@tonic-gate return -1;
1227c478bd9Sstevel@tonic-gate }
1237c478bd9Sstevel@tonic-gate
1247c478bd9Sstevel@tonic-gate if (count_dots(dst) == 4) {
1257c478bd9Sstevel@tonic-gate s = strrchr(src, '.');
1267c478bd9Sstevel@tonic-gate *s++ = '\0';
1277c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_src);
1287c478bd9Sstevel@tonic-gate pkt.ti_sport = htons(atoi(s));
1297c478bd9Sstevel@tonic-gate *--s = '.';
1307c478bd9Sstevel@tonic-gate s = strrchr(dst, '.');
13155fea89dSDan Cross
1327c478bd9Sstevel@tonic-gate *s++ = '\0';
1337c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_dst);
1347c478bd9Sstevel@tonic-gate pkt.ti_dport = htons(atoi(s));
1357c478bd9Sstevel@tonic-gate *--s = '.';
13655fea89dSDan Cross
1377c478bd9Sstevel@tonic-gate } else {
1387c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_src);
1397c478bd9Sstevel@tonic-gate (void) inet_aton(src, &ip->ip_dst);
1407c478bd9Sstevel@tonic-gate }
1417c478bd9Sstevel@tonic-gate ip->ip_len = sizeof(ip_t);
1427c478bd9Sstevel@tonic-gate IP_HL_A(ip, sizeof(ip_t));
1437c478bd9Sstevel@tonic-gate
1447c478bd9Sstevel@tonic-gate s = strtok(misc, " :");
1457c478bd9Sstevel@tonic-gate ip->ip_p = getproto(s);
1467c478bd9Sstevel@tonic-gate
1477c478bd9Sstevel@tonic-gate switch (ip->ip_p)
1487c478bd9Sstevel@tonic-gate {
1497c478bd9Sstevel@tonic-gate case IPPROTO_TCP :
1507c478bd9Sstevel@tonic-gate case IPPROTO_UDP :
1517c478bd9Sstevel@tonic-gate s = strtok(NULL, " :");
1527c478bd9Sstevel@tonic-gate ip->ip_len += atoi(s);
1537c478bd9Sstevel@tonic-gate if (ip->ip_p == IPPROTO_TCP)
1547c478bd9Sstevel@tonic-gate extra = sizeof(struct tcphdr);
1557c478bd9Sstevel@tonic-gate else if (ip->ip_p == IPPROTO_UDP)
1567c478bd9Sstevel@tonic-gate extra = sizeof(struct udphdr);
1577c478bd9Sstevel@tonic-gate break;
1587c478bd9Sstevel@tonic-gate #ifdef IGMP
1597c478bd9Sstevel@tonic-gate case IPPROTO_IGMP :
1607c478bd9Sstevel@tonic-gate extra = sizeof(struct igmp);
1617c478bd9Sstevel@tonic-gate break;
1627c478bd9Sstevel@tonic-gate #endif
1637c478bd9Sstevel@tonic-gate case IPPROTO_ICMP :
1647c478bd9Sstevel@tonic-gate extra = sizeof(struct icmp);
1657c478bd9Sstevel@tonic-gate break;
1667c478bd9Sstevel@tonic-gate default :
1677c478bd9Sstevel@tonic-gate break;
1687c478bd9Sstevel@tonic-gate }
1697c478bd9Sstevel@tonic-gate
1707c478bd9Sstevel@tonic-gate slen = IP_HL(ip) + extra + ip->ip_len;
1717c478bd9Sstevel@tonic-gate return slen;
1727c478bd9Sstevel@tonic-gate }
173