CVS commit: src/libexec/identd
Module Name:src Committed By: sborrill Date: Thu Dec 13 13:11:28 UTC 2018 Modified Files: src/libexec/identd: ipf.c Log Message: IPFilter 5 requires you to specify IPv4 or IPv6 To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/identd/ipf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/ipf.c diff -u src/libexec/identd/ipf.c:1.3 src/libexec/identd/ipf.c:1.4 --- src/libexec/identd/ipf.c:1.3 Sat Dec 10 05:43:11 2016 +++ src/libexec/identd/ipf.c Thu Dec 13 13:11:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipf.c,v 1.3 2016/12/10 05:43:11 christos Exp $ */ +/* $NetBSD: ipf.c,v 1.4 2018/12/13 13:11:28 sborrill Exp $ */ /* * ipf.c - NAT lookup code for IP Filter. @@ -8,7 +8,7 @@ */ #include -__RCSID("$NetBSD: ipf.c,v 1.3 2016/12/10 05:43:11 christos Exp $"); +__RCSID("$NetBSD: ipf.c,v 1.4 2018/12/13 13:11:28 sborrill Exp $"); #include #include @@ -57,6 +57,7 @@ ipf_natlookup(const struct sockaddr_stor nl.nl_realport = ntohs(csatosin([0])->sin_port); nl.nl_outport = ntohs(csatosin([1])->sin_port); nl.nl_flags = IPN_TCP | IPN_IN; + nl.nl_v = 4; /* IPv4 */ break; case AF_INET6: /* XXX IP Filter doesn't support IPv6 NAT yet. */
CVS commit: src/libexec/identd
Module Name:src Committed By: wiz Date: Mon Dec 12 10:07:48 UTC 2016 Modified Files: src/libexec/identd: identd.8 Log Message: Whitespace. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/libexec/identd/identd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/identd.8 diff -u src/libexec/identd/identd.8:1.21 src/libexec/identd/identd.8:1.22 --- src/libexec/identd/identd.8:1.21 Sat Dec 10 05:43:11 2016 +++ src/libexec/identd/identd.8 Mon Dec 12 10:07:48 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: identd.8,v 1.21 2016/12/10 05:43:11 christos Exp $ +.\" $NetBSD: identd.8,v 1.22 2016/12/12 10:07:48 wiz Exp $ .\" .\" This software is in the public domain. .\" Written by Peter Postma@@ -236,7 +236,7 @@ will need access to either (ipfilter), .Pa /dev/pf (pf), or -.Pa /dev/npf. +.Pa /dev/npf . Since it's not a good idea to run .Nm under root, you'll need to adjust group owner/permissions to the device(s)
CVS commit: src/libexec/identd
Module Name:src Committed By: christos Date: Sun Dec 11 15:43:48 UTC 2016 Modified Files: src/libexec/identd: Makefile Log Message: Add libprop for static linking To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/libexec/identd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/Makefile diff -u src/libexec/identd/Makefile:1.14 src/libexec/identd/Makefile:1.15 --- src/libexec/identd/Makefile:1.14 Sat Dec 10 00:43:11 2016 +++ src/libexec/identd/Makefile Sun Dec 11 10:43:48 2016 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.14 2016/12/10 05:43:11 christos Exp $ +# $NetBSD: Makefile,v 1.15 2016/12/11 15:43:48 christos Exp $ .include @@ -22,8 +22,8 @@ CPPFLAGS+=-DWITH_PF .if (${MKNPF} != "no") SRCS+= npf.c CPPFLAGS+=-DWITH_NPF -LDADD+=-lnpf -DPADD+=${LIBNPF} +LDADD+=-lnpf -lprop +DPADD+=${LIBNPF} ${LIBPROP} .endif .include
CVS commit: src/libexec/identd
Module Name:src Committed By: christos Date: Sat Dec 10 22:09:18 UTC 2016 Modified Files: src/libexec/identd: npf.c Log Message: Fix the direction; ipf/pf seem to be wrong... To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/libexec/identd/npf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/npf.c diff -u src/libexec/identd/npf.c:1.1 src/libexec/identd/npf.c:1.2 --- src/libexec/identd/npf.c:1.1 Sat Dec 10 00:43:11 2016 +++ src/libexec/identd/npf.c Sat Dec 10 17:09:18 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: npf.c,v 1.1 2016/12/10 05:43:11 christos Exp $ */ +/* $NetBSD: npf.c,v 1.2 2016/12/10 22:09:18 christos Exp $ */ /*- * Copyright (c) 2016 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__RCSID("$NetBSD: npf.c,v 1.1 2016/12/10 05:43:11 christos Exp $"); +__RCSID("$NetBSD: npf.c,v 1.2 2016/12/10 22:09:18 christos Exp $"); #include #include @@ -84,7 +84,7 @@ npf_natlookup(const struct sockaddr_stor maybe_syslog(LOG_ERR, "Cannot open /dev/npf: %m"); return 0; } - if (npf_nat_lookup(dev, af, addr, port, IPPROTO_TCP, PFIL_IN) == -1) { + if (npf_nat_lookup(dev, af, addr, port, IPPROTO_TCP, PFIL_OUT) == -1) { maybe_syslog(LOG_ERR, "NAT lookup failure: %m"); (void)close(dev); return 0;
CVS commit: src/libexec/identd
Module Name:src Committed By: christos Date: Sat Dec 10 22:08:13 UTC 2016 Modified Files: src/libexec/identd: identd.c Log Message: Fix varargs. To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/libexec/identd/identd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/identd.c diff -u src/libexec/identd/identd.c:1.35 src/libexec/identd/identd.c:1.36 --- src/libexec/identd/identd.c:1.35 Sat Dec 10 00:43:11 2016 +++ src/libexec/identd/identd.c Sat Dec 10 17:08:13 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: identd.c,v 1.35 2016/12/10 05:43:11 christos Exp $ */ +/* $NetBSD: identd.c,v 1.36 2016/12/10 22:08:13 christos Exp $ */ /* * identd.c - TCP/IP Ident protocol server. @@ -8,7 +8,7 @@ */ #include -__RCSID("$NetBSD: identd.c,v 1.35 2016/12/10 05:43:11 christos Exp $"); +__RCSID("$NetBSD: identd.c,v 1.36 2016/12/10 22:08:13 christos Exp $"); #include #include @@ -1050,12 +1050,17 @@ die(const char *message, ...) { va_list ap; - va_start(ap, message); - if (bflag) + if (bflag) { + va_start(ap, message); vwarnx(message, ap); - if (lflag) + va_end(ap); + } + + if (lflag) { + va_start(ap, message); vsyslog(LOG_ERR, message, ap); - va_end(ap); + va_end(ap); + } exit(EXIT_FAILURE); }
CVS commit: src/libexec/identd
Module Name:src Committed By: christos Date: Sat Dec 10 05:43:11 UTC 2016 Modified Files: src/libexec/identd: Makefile identd.8 identd.c identd.h ipf.c pf.c Added Files: src/libexec/identd: npf.c Log Message: add npf support. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/libexec/identd/Makefile cvs rdiff -u -r1.20 -r1.21 src/libexec/identd/identd.8 cvs rdiff -u -r1.34 -r1.35 src/libexec/identd/identd.c cvs rdiff -u -r1.10 -r1.11 src/libexec/identd/identd.h cvs rdiff -u -r1.2 -r1.3 src/libexec/identd/ipf.c src/libexec/identd/pf.c cvs rdiff -u -r0 -r1.1 src/libexec/identd/npf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/Makefile diff -u src/libexec/identd/Makefile:1.13 src/libexec/identd/Makefile:1.14 --- src/libexec/identd/Makefile:1.13 Sat Sep 15 13:45:35 2012 +++ src/libexec/identd/Makefile Sat Dec 10 00:43:11 2016 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.13 2012/09/15 17:45:35 plunky Exp $ +# $NetBSD: Makefile,v 1.14 2016/12/10 05:43:11 christos Exp $ .include @@ -18,4 +18,12 @@ SRCS+= pf.c CPPFLAGS+=-DWITH_PF .endif +# Build with npf support? +.if (${MKNPF} != "no") +SRCS+= npf.c +CPPFLAGS+=-DWITH_NPF +LDADD+=-lnpf +DPADD+=${LIBNPF} +.endif + .include Index: src/libexec/identd/identd.8 diff -u src/libexec/identd/identd.8:1.20 src/libexec/identd/identd.8:1.21 --- src/libexec/identd/identd.8:1.20 Mon Apr 4 14:43:55 2005 +++ src/libexec/identd/identd.8 Sat Dec 10 00:43:11 2016 @@ -1,9 +1,9 @@ -.\" $NetBSD: identd.8,v 1.20 2005/04/04 18:43:55 peter Exp $ +.\" $NetBSD: identd.8,v 1.21 2016/12/10 05:43:11 christos Exp $ .\" .\" This software is in the public domain. .\" Written by Peter Postma.\" -.Dd April 4, 2005 +.Dd December 9, 2016 .Dt IDENTD 8 .Os .Sh NAME @@ -124,9 +124,10 @@ The .Ar filter argument specifies which packet filter should be used to lookup the connections, currently -.Sq pf +.Sq ipfilter , +.Sq npf , and -.Sq ipfilter +.Sq pf are supported packet filters. Note that .Nm @@ -231,10 +232,11 @@ When forwarding is enabled with the flag then .Nm will need access to either -.Pa /etc/pf -(pf) or -.Pa /etc/ipnat -(ipfilter). +.Pa /dev/ipnat +(ipfilter), +.Pa /dev/pf +(pf), or +.Pa /dev/npf. Since it's not a good idea to run .Nm under root, you'll need to adjust group owner/permissions to the device(s) Index: src/libexec/identd/identd.c diff -u src/libexec/identd/identd.c:1.34 src/libexec/identd/identd.c:1.35 --- src/libexec/identd/identd.c:1.34 Wed Mar 14 22:02:21 2012 +++ src/libexec/identd/identd.c Sat Dec 10 00:43:11 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: identd.c,v 1.34 2012/03/15 02:02:21 joerg Exp $ */ +/* $NetBSD: identd.c,v 1.35 2016/12/10 05:43:11 christos Exp $ */ /* * identd.c - TCP/IP Ident protocol server. @@ -8,7 +8,7 @@ */ #include -__RCSID("$NetBSD: identd.c,v 1.34 2012/03/15 02:02:21 joerg Exp $"); +__RCSID("$NetBSD: identd.c,v 1.35 2016/12/10 05:43:11 christos Exp $"); #include #include @@ -65,16 +65,19 @@ __dead static void timeout_handler(int) __dead static void fatal(const char *); __dead static void die(const char *, ...) __printflike(1, 2); -static int bflag, eflag, fflag, iflag, Iflag; +static int bflag, dflag, eflag, fflag, iflag, Iflag; static int lflag, Lflag, nflag, Nflag, rflag; /* NAT lookup function pointer. */ -static int (*nat_lookup)(struct sockaddr_storage *, struct sockaddr *, int *); +typedef int (*nat_lookup_t)(const struct sockaddr_storage *, +struct sockaddr_storage *, in_port_t *); + +static nat_lookup_t nat_lookup; /* Packet filters. */ static const struct { const char *name; - int (*fn)(struct sockaddr_storage *, struct sockaddr *, int *); + nat_lookup_t fn; } filters[] = { #ifdef WITH_PF { "pf", pf_natlookup }, @@ -82,6 +85,9 @@ static const struct { #ifdef WITH_IPF { "ipfilter", ipf_natlookup }, #endif +#ifdef WITH_NPF + { "npf", npf_natlookup }, +#endif { NULL, NULL } }; @@ -109,7 +115,7 @@ main(int argc, char *argv[]) filter = proxy = NULL; address = charset = fmt = NULL; uid = gid = 0; - bflag = eflag = fflag = iflag = Iflag = 0; + bflag = dflag = eflag = fflag = iflag = Iflag = 0; lflag = Lflag = nflag = Nflag = rflag = 0; /* Started from a tty? then run as daemon. */ @@ -118,7 +124,7 @@ main(int argc, char *argv[]) /* Parse command line arguments. */ while ((ch = getopt(argc, argv, - "46a:bceF:f:g:IiL:lm:Nno:P:p:rt:u:")) != -1) { + "46a:bcdeF:f:g:IiL:lm:Nno:P:p:rt:u:")) != -1) { switch (ch) { case '4': IPv4or6 = AF_INET; @@ -135,6 +141,9 @@ main(int argc, char *argv[]) case 'c': charset = optarg; break; + case 'd': + dflag++; + break; case 'e': eflag = 1; break; @@ -255,7 +264,7 @@ main(int argc, char *argv[]) int fd, nfds, rv; struct pollfd *rfds; - if (daemon(0, 0) < 0) + if (!dflag && daemon(0, 0) <
CVS commit: src/libexec/identd
Module Name:src Committed By: christos Date: Wed Oct 14 15:53:50 UTC 2015 Modified Files: src/libexec/identd: identd.h Log Message: this is syslog-like To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/libexec/identd/identd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/identd.h diff -u src/libexec/identd/identd.h:1.9 src/libexec/identd/identd.h:1.10 --- src/libexec/identd/identd.h:1.9 Wed Mar 14 22:02:21 2012 +++ src/libexec/identd/identd.h Wed Oct 14 11:53:50 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: identd.h,v 1.9 2012/03/15 02:02:21 joerg Exp $ */ +/* $NetBSD: identd.h,v 1.10 2015/10/14 15:53:50 christos Exp $ */ /* * identd.h - TCP/IP Ident protocol server. @@ -14,7 +14,7 @@ #define satosin6(sa) ((struct sockaddr_in6 *)(sa)) #define in_hosteq(s,t) ((s).s_addr == (t).s_addr) -void maybe_syslog(int, const char *, ...) __printflike(2, 3); +void maybe_syslog(int, const char *, ...) __sysloglike(2, 3); #ifdef WITH_PF int pf_natlookup(struct sockaddr_storage *, struct sockaddr *, int *);
CVS commit: src/libexec/identd
Module Name:src Committed By: plunky Date: Sat Sep 15 17:45:35 UTC 2012 Modified Files: src/libexec/identd: Makefile Log Message: does not need -I${NETBSDSRCDIR}/sys/dist/ipf here, the files are installed in /usr/include/netinet To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/libexec/identd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/identd/Makefile diff -u src/libexec/identd/Makefile:1.12 src/libexec/identd/Makefile:1.13 --- src/libexec/identd/Makefile:1.12 Mon Mar 16 02:24:56 2009 +++ src/libexec/identd/Makefile Sat Sep 15 17:45:35 2012 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.12 2009/03/16 02:24:56 lukem Exp $ +# $NetBSD: Makefile,v 1.13 2012/09/15 17:45:35 plunky Exp $ .include bsd.own.mk @@ -9,7 +9,7 @@ MAN= identd.8 # Build with IP Filter support? .if (${MKIPFILTER} != no) SRCS+= ipf.c -CPPFLAGS+=-I${NETBSDSRCDIR}/sys/dist/ipf -DWITH_IPF +CPPFLAGS+=-DWITH_IPF .endif # Build with pf support?