]> git.pld-linux.org Git - packages/fwtk.git/blame - fwtk2.1-ipv6-19990423-PLD.patch
projects / packages / fwtk.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- tabs in preamble
[packages/fwtk.git] / fwtk2.1-ipv6-19990423-PLD.patch
CommitLineData
1e601ece
AM		 1diff -urN fwtk.orig/Makefile.config fwtk/Makefile.config
2--- fwtk.orig/Makefile.config Wed Mar 5 05:17:46 1997
3+++ fwtk/Makefile.config Sat Jul 10 23:16:57 1999
4@@ -24,7 +24,7 @@
5
6 # Defines for your operating system
7 #
8-DEFINES=
9+DEFINES=-DINET6
10 #DEFINES=-DSYSV -DSOLARIS
11
12 # Options for your compiler (eg, "-g" for debugging, "-O" for
13@@ -53,7 +53,7 @@
14
15 # Names of any auxiliary libraries your system may require (e.g., -lsocket)
16 # If you want to link against a resolver library, specify it here.
17-AUXLIB=
18+AUXLIB= -L/usr/local/v6/lib -linet6
19 #AUXLIB= -lsocket
20 #AUXLIB= -lresolv
21 # For Solaris:
22diff -urN fwtk.orig/Makefile.config.linux fwtk/Makefile.config.linux
23--- fwtk.orig/Makefile.config.linux Sat Jul 10 23:15:57 1999
24+++ fwtk/Makefile.config.linux Sat Jul 10 23:16:57 1999
25@@ -24,7 +24,7 @@
26
27 # Defines for your operating system
28 #
29-DEFINES=-DLINUX
30+DEFINES=-DLINUX -DINET6
31 #DEFINES=-DSYSV -DSOLARIS
32
33 # Options for your compiler (eg, "-g" for debugging, "-O" for
34@@ -109,4 +109,4 @@
35 #XINCLUDE=/usr/local/X11R5/include
36
37 # Objects to include in libfwall for SYSV
38-SYSVOBJ= signal.o
39+#SYSVOBJ= signal.o
40diff -urN fwtk.orig/ftp-gw/ftp-gw.c fwtk/ftp-gw/ftp-gw.c
41--- fwtk.orig/ftp-gw/ftp-gw.c Sat Jul 10 23:15:57 1999
42+++ fwtk/ftp-gw/ftp-gw.c Sat Jul 10 23:16:58 1999
43@@ -31,6 +31,9 @@
44 #include <sys/sockio.h>
45 #endif /* SYSV */
46 #include <netinet/in.h>
47+#ifdef INET6
48+#include <netdb.h>
49+#endif
50
51 #ifndef SYSV
52 extern char *rindex();
53@@ -66,7 +69,11 @@
54 static int pasvport = -1;
55 static int outgoing = -1; /* fd for outgoing PORT data */
56 static int incoming = -1; /* fd for outgoing PORT data */
57+#ifdef INET6
58+static struct sockaddr_in6 clntport;
59+#else
60 static struct sockaddr_in clntport;
61+#endif
62 static char **saveresp = (char **)0;
63 static int saveresps = 0;
64 static char riaddr[512];
65@@ -117,7 +124,9 @@
66 int (*op)();
67 } FtpOp;
68 static FtpOp ops[] = {
69+#ifndef INET6
70 "port", OP_CONN, cmd_port,
71+#endif
72 "user", OP_AOK|OP_WCON, cmd_user,
73 "retr", OP_CONN|OP_XTND, 0,
74 "stor", OP_CONN|OP_XTND, 0,
75@@ -146,7 +155,9 @@
76 "response", OP_AOK, cmd_response,
77 "resp", OP_AOK, cmd_response,
78 "rein", OP_CONN, 0,
79+#ifndef INET6
80 "pasv", OP_CONN, cmd_pasv,
81+#endif
82 "type", OP_CONN, 0,
83 "stru", OP_CONN, 0,
84 "mode", OP_CONN, 0,
85@@ -156,6 +167,12 @@
86 "stat", OP_CONN, /* overload */ cmd_abor,
87 "dele", OP_CONN|OP_XTND, 0,
88 "size", OP_CONN, 0,
89+#ifdef INET6
90+ "lprt", OP_CONN, cmd_port,
91+ "lpsv", OP_CONN, cmd_pasv,
92+ "eprt", OP_CONN, cmd_port,
93+ "epsv", OP_CONN, cmd_pasv,
94+#endif
95 0, 0, 0
96 };
97
98@@ -1048,8 +1065,14 @@
99 char *av[];
100 char *cbuf;
101 {
102+#ifdef INET6
103+ struct sockaddr_in6 r;
104+ struct sockaddr_in6 n;
105+ char *cmd;
106+#else
107 struct sockaddr_in r;
108 struct sockaddr_in n;
109+#endif
110 int x;
111 int s;
112 unsigned char *k;
113@@ -1062,6 +1085,149 @@
114 if(ac < 2)
115 return(sayn(0,narg,sizeof(narg)-1));
116
117+#ifdef INET6
118+ /* save port address for callback later */
119+ if(strcasecmp(av[0],"LPRT") == 0) {
120+ if(lprttoaddr(av[1],&clntport))
121+ return(sayn(0,nadr,sizeof(nadr)-1));
122+ } else {
123+ if(eprttoaddr(av[1],&clntport))
124+ return(sayn(0,nadr,sizeof(nadr)-1));
125+ }
126+
127+
128+ /* paranoid: check that we are really PORTing to the client */
129+ x = sizeof(r);
130+ if(getpeername(0,(struct sockaddr *)&r,&x) < 0)
131+ return(sayn(0,nprn,sizeof(nprn)-1));
132+ if(bcmp((char *)&clntport.sin6_addr,
133+ (char *)&r.sin6_addr,sizeof(r.sin6_addr))) {
134+ char xaf[INET6_ADDRSTRLEN], str[INET6_ADDRSTRLEN];
135+
136+ inet_ntop(AF_INET6,&clntport.sin6_addr, xaf, sizeof xaf);
137+ sprintf(buf,"521 %s %s mismatch %s",av[0],
138+ inet_ntop(AF_INET6,&r.sin6_addr, str,sizeof str),xaf);
139+ syslog(LLEV,"521 %s %s mismatch %s",av[0],
140+ inet_ntop(AF_INET6,&r.sin6_addr, str,sizeof str),xaf);
141+ return(say(0,buf));
142+ }
143+
144+
145+ x = sizeof(r);
146+ if(getpeername(rfd,(struct sockaddr *)&r,&x) < 0)
147+ return(sayn(0,nprn,sizeof(nprn)-1));
148+ cmd = (r.sin6_family == AF_INET6) ? av[0] : "PORT";
149+
150+
151+ /* ok, now build and bind a socket */
152+ if(pasvport != -1)
153+ close(pasvport);
154+ pasvport = -1;
155+ if(boundport != -1)
156+ close(boundport);
157+ if((boundport = socket(r.sin6_family,SOCK_STREAM,0)) < 0) {
158+ sprintf(buf,"521 %s socket: %s",cmd,strerror(errno));
159+ return(say(0,buf));
160+ }
161+
162+ if(r.sin6_family == AF_INET6) {
163+ /* learn enough about the socket to send the LPRT */
164+ bzero((char *)&r, sizeof(r));
165+ r.sin6_family = AF_INET6;
166+ x = sizeof(n);
167+ if (getsockname(rfd,(struct sockaddr *)&n,&x) < 0) {
168+ sprintf(buf,"521 %s getsockname: %s",av[0],
169+ strerror(errno));
170+ return(say(0,buf));
171+ }
172+ bcopy((char *)&n.sin6_addr,(char *)&r.sin6_addr,
173+ sizeof(n.sin6_addr));
174+ r.sin6_port = 0;
175+
176+ if(bind(boundport,(struct sockaddr *)&r,sizeof(r))) {
177+ sprintf(buf,"521 %s bind: %s",av[0],strerror(errno));
178+ return(say(0,buf));
179+ }
180+ if(listen(boundport,1) < 0) {
181+ sprintf(buf,"521 %s listen: %s",av[0],strerror(errno));
182+ return(say(0,buf));
183+ }
184+
185+ x = sizeof(n);
186+ if(getsockname(boundport,(struct sockaddr *)&n,&x) < 0) {
187+ sprintf(buf,"521 %s getsockname: %s",av[0],
188+ strerror(errno));
189+ return(say(0,buf));
190+ }
191+ r.sin6_port = n.sin6_port;
192+
193+
194+ /* encode and send over our port to the remote server */
195+ if(strcasecmp(av[0],"LPRT") == 0) {
196+ k = (unsigned char *)&(r.sin6_addr);
197+ l = (unsigned char *)&(r.sin6_port);
198+#define UC(c) (((int)c) & 0xff)
199+ sprintf(buf,
200+ "LPRT %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d\r\n",
201+ 6, 16,
202+ UC(k[0]), UC(k[1]), UC(k[2]), UC(k[3]),
203+ UC(k[4]), UC(k[5]), UC(k[6]), UC(k[7]),
204+ UC(k[8]), UC(k[9]), UC(k[10]), UC(k[11]),
205+ UC(k[12]), UC(k[13]), UC(k[14]), UC(k[15]),
206+ 2, UC(l[0]), UC(l[1]));
207+ } else {
208+ char str[INET6_ADDRSTRLEN];
209+ int af = 2;
210+
211+ sprintf(buf,"EPRT |%d|%s|%d|\r\n", af,
212+ inet_ntop(AF_INET6, &r.sin6_addr, str,
213+ sizeof str),
214+ ntohs(r.sin6_port));
215+ }
216+ } else {
217+ struct sockaddr_in r4;
218+ struct sockaddr_in n4;
219+
220+ /* learn enough about the socket to send the PORT */
221+ bzero((char *)&r4, sizeof(r4));
222+ r4.sin_family = AF_INET;
223+ x = sizeof(n4);
224+ if (getsockname(rfd,(struct sockaddr *)&n4,&x) < 0) {
225+ sprintf(buf,"521 PORT getsockname: %s",
226+ strerror(errno));
227+ return(say(0,buf));
228+ }
229+ bcopy((char *)&n4.sin_addr,(char *)&r4.sin_addr,
230+ sizeof(n4.sin_addr));
231+ r4.sin_port = 0;
232+
233+ if(bind(boundport,(struct sockaddr *)&r4,sizeof(r4))) {
234+ sprintf(buf,"521 PORT bind: %s",strerror(errno));
235+ return(say(0,buf));
236+ }
237+ if(listen(boundport,1) < 0) {
238+ sprintf(buf,"521 PORT listen: %s",strerror(errno));
239+ return(say(0,buf));
240+ }
241+
242+ x = sizeof(n4);
243+ if(getsockname(boundport,(struct sockaddr *)&n4,&x) < 0) {
244+ sprintf(buf,"521 PORT getsockname: %s",
245+ strerror(errno));
246+ return(say(0,buf));
247+ }
248+ r4.sin_port = n4.sin_port;
249+
250+
251+ /* encode and send over our port to the remote server */
252+ k = (unsigned char *)&(r4.sin_addr);
253+ l = (unsigned char *)&(r4.sin_port);
254+#define UC(c) (((int)c) & 0xff)
255+ sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",
256+ UC(k[0]),UC(k[1]),UC(k[2]),
257+ UC(k[3]),UC(l[0]),UC(l[1]));
258+ }
259+#else /* INET6 */
260 /* save port address for callback later */
261 if(porttoaddr(av[1],&clntport))
262 return(sayn(0,nadr,sizeof(nadr)-1));
263@@ -1126,6 +1292,7 @@
264 #define UC(c) (((int)c) & 0xff)
265 sprintf(buf,"PORT %d,%d,%d,%d,%d,%d\r\n",UC(k[0]),UC(k[1]),UC(k[2]),
266 UC(k[3]),UC(l[0]),UC(l[1]));
267+#endif /* INET6 */
268 s = strlen(buf);
269 if (net_send(rfd, buf, s, 0) != s)
270 return 1;
271@@ -1139,8 +1306,14 @@
272 char *av[];
273 char *cbuf;
274 {
275+#ifdef INET6
276+ struct sockaddr_in6 r;
277+ struct sockaddr_in6 n;
278+ char *cmd;
279+#else
280 struct sockaddr_in r;
281 struct sockaddr_in n;
282+#endif
283 int x;
284 unsigned char *k;
285 unsigned char *l;
286@@ -1153,6 +1326,125 @@
287 boundport = -1;
288 if(pasvport != -1)
289 close(pasvport);
290+#ifdef INET6
291+ if((pasvport = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
292+ sprintf(buf,"521 %s socket: %s",av[0],strerror(errno));
293+ return(say(0,buf));
294+ }
295+
296+ /* learn enough about the socket to send the LPSV reply */
297+ bzero((char *)&r, sizeof(r));
298+ r.sin6_family = AF_INET6;
299+ x = sizeof(n);
300+ if (getsockname(0,(struct sockaddr *)&n,&x) < 0) {
301+ sprintf(buf,"521 %s getsockname: %s",av[0],strerror(errno));
302+ return(say(0,buf));
303+ }
304+ bcopy((char *)&n.sin6_addr,(char *)&r.sin6_addr,sizeof(n.sin6_addr));
305+ r.sin6_port = 0;
306+ if(bind(pasvport,(struct sockaddr *)&r,sizeof(r))) {
307+ sprintf(buf,"521 %s bind: %s",av[0],strerror(errno));
308+ return(say(0,buf));
309+ }
310+ if(listen(pasvport,1) < 0) {
311+ sprintf(buf,"521 %s listen: %s",av[0],strerror(errno));
312+ return(say(0,buf));
313+ }
314+
315+ x = sizeof(n);
316+ if(getsockname(pasvport,(struct sockaddr *)&n,&x) < 0) {
317+ sprintf(buf,"521 %s getsockname: %s",av[0],strerror(errno));
318+ return(say(0,buf));
319+ }
320+ r.sin6_port = n.sin6_port;
321+
322+
323+ /* encode and send over our port to the remote server */
324+ if (strcasecmp(av[0], "LPSV") == 0) {
325+ k = (unsigned char *)&(r.sin6_addr);
326+ l = (unsigned char *)&(r.sin6_port);
327+#define UC(c) (((int)c) & 0xff)
328+ sprintf(buf,
329+ "228 Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)\r\n",
330+ 6, 16,
331+ UC(k[0]), UC(k[1]), UC(k[2]), UC(k[3]),
332+ UC(k[4]), UC(k[5]), UC(k[6]), UC(k[7]),
333+ UC(k[8]), UC(k[9]), UC(k[10]), UC(k[11]),
334+ UC(k[12]), UC(k[13]), UC(k[14]), UC(k[15]),
335+ 2, UC(l[0]), UC(l[1]));
336+ cmd = "LPRT";
337+ } else {
338+ sprintf(buf,"229 Entering Extended Passive Mode (|||%d|)\r\n",
339+ ntohs(r.sin6_port));
340+ cmd = "EPRT";
341+ }
342+
343+ /* ok, now build and bind a socket */
344+ if(boundport != -1)
345+ close(boundport);
346+ if((boundport = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
347+ sprintf(buf,"521 %s socket: %s",cmd,strerror(errno));
348+ goto bad;
349+ }
350+
351+ /* learn enough about the socket to send the LPRT */
352+ bzero((char *)&r, sizeof(r));
353+ r.sin6_family = AF_INET6;
354+ bzero((char *)&r.sin6_addr,sizeof(r.sin6_addr));
355+ x = sizeof(n);
356+ if (getsockname(rfd,(struct sockaddr *)&n,&x) < 0) {
357+ sprintf(buf,"521 %s getsockname: %s",cmd,strerror(errno));
358+ goto bad;
359+ }
360+ bcopy((char *)&n.sin6_addr,(char *)&r.sin6_addr,sizeof(n.sin6_addr));
361+ r.sin6_port = 0;
362+ if(bind(boundport,(struct sockaddr *)&r, sizeof(r))) {
363+ sprintf(buf, "521 %s bind: %s",cmd,strerror(errno));
364+ goto bad;
365+ }
366+ if(listen(boundport, 1) < 0) {
367+ sprintf(buf,"521 %s listen: %s",cmd,strerror(errno));
368+ goto bad;
369+ }
370+
371+ x = sizeof(n);
372+ if(getsockname(boundport,(struct sockaddr *)&n,&x) < 0) {
373+ sprintf(buf,"521 %s getsockname: %s",cmd,strerror(errno));
374+ goto bad;
375+ }
376+ r.sin6_port = n.sin6_port;
377+
378+ /* encode and send over our port to the remote server */
379+ if(strcasecmp(av[0],"LPSV") == 0) {
380+ k = (unsigned char *)&(r.sin6_addr);
381+ l = (unsigned char *)&(r.sin6_port);
382+#define UC(c) (((int)c) & 0xff)
383+ sprintf(bbuf,
384+ "LPRT %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d\r\n",
385+ 6, 16,
386+ UC(k[0]), UC(k[1]), UC(k[2]), UC(k[3]),
387+ UC(k[4]), UC(k[5]), UC(k[6]), UC(k[7]),
388+ UC(k[8]), UC(k[9]), UC(k[10]), UC(k[11]),
389+ UC(k[12]), UC(k[13]), UC(k[14]), UC(k[15]),
390+ 2, UC(l[0]), UC(l[1]));
391+ } else {
392+ char str[INET6_ADDRSTRLEN];
393+ int af = 2;
394+
395+ sprintf(bbuf,"EPRT |%d|%s|%d|\r\n", af,
396+ inet_ntop(AF_INET6, &r.sin6_addr, str, sizeof str),
397+ ntohs(r.sin6_port));
398+ }
399+/* send the LPSV reponse and the onward LPRT cmd. */
400+ syslog(LLEV, "cmd_lpsv(): %s", buf);
401+ syslog(LLEV, "cmd_lpsv(): %s", bbuf);
402+ say(0, buf);
403+ x = strlen(bbuf);
404+ if (x != net_send(rfd, bbuf, x, 0)) {
405+ sprintf(buf, "521 %s send: %s",cmd,strerror(errno));
406+ goto bad;
407+ }
408+#else /* INET6 */
409 if((pasvport = socket(AF_INET,SOCK_STREAM,0)) < 0) {
410 sprintf(buf,"521 PASV socket: %s",strerror(errno));
411 return(say(0,buf));
412@@ -1240,6 +1532,7 @@
413 sprintf(buf, "521 PORT send: %s", strerror(errno));
414 goto bad;
415 }
416+#endif /* INET6 */
417 return(0);
418
419 bad:
420@@ -1350,6 +1643,23 @@
421 if (pasvport != -1)
422 return 0; /* incoming handled by PASVcallback */
423
424+#ifdef INET6
425+ if (clntport.sin6_port == 0)
426+ goto bomb;
427+
428+ if((incoming = socket(AF_INET6,SOCK_STREAM,0)) < 0)
429+ goto bomb;
430+
431+ if(connect(incoming,(struct sockaddr *)&clntport,sizeof(clntport)) < 0)
432+ goto bomb;
433+
434+ /* invalidate the port */
435+ clntport.sin6_port = 0;
436+ return(0);
437+
438+bomb:
439+ clntport.sin6_port = 0;
440+#else
441 if (clntport.sin_port == 0)
442 goto bomb;
443
444@@ -1365,6 +1675,7 @@
445
446 bomb:
447 clntport.sin_port = 0;
448+#endif
449 close(boundport);
450 boundport = -1;
451 if(outgoing != -1)
452@@ -1385,7 +1696,11 @@
453 goto bomb;
454 return(0);
455 bomb:
456+#ifdef INET6
457+ clntport.sin6_port = 0;
458+#else
459 clntport.sin_port = 0;
460+#endif
461 if (boundport != -1)
462 close(boundport);
463 boundport = -1;
464@@ -1863,6 +2178,80 @@
465 return(0);
466 }
467
468+#ifdef INET6
469+lprttoaddr(s,a)
470+char *s;
471+struct sockaddr_in6 *a;
472+{
473+ unsigned char *c;
474+ char *x;
475+ static char d[] = ",";
476+ int l, i;
477+
478+ bzero((char *)a,sizeof(struct sockaddr_in6));
479+
480+ if((x = strtok(s,d)) == (char *)0) /* AF */
481+ return(1);
482+
483+ /* strip out host bits */
484+ if((x = strtok((char *)0,d)) == (char *)0) /* HAL */
485+ return(1);
486+ l = atoi(x);
487+ c = (unsigned char *)(&(a->sin6_addr));
488+ for (i = 0; i < l; ++i) {
489+ if((x = strtok((char *)0,d)) == (char *)0)
490+ return(1);
491+ c[i] = atoi(x);
492+ }
493+
494+ /* now strip out port bits */
495+ if((x = strtok((char *)0,d)) == (char *)0) /* PAL */
496+ return(1);
497+ l = atoi(x);
498+ c = (unsigned char *)(&(a->sin6_port));
499+ for (i = 0; i < l; ++i) {
500+ if((x = strtok((char *)0,d)) == (char *)0)
501+ return(1);
502+ c[i] = atoi(x);
503+ }
504+ a->sin6_family = AF_INET6;
505+ return(0);
506+}
507+
508+eprttoaddr(s,a)
509+char *s;
510+struct sockaddr_in6 *a;
511+{
512+ char *x, *hostp, *portp;
513+ static char d[] = "|";
514+ struct addrinfo hints, *res;
515+
516+ memset((char *)a,0,sizeof(struct sockaddr_in6));
517+
518+ *d = *s;
519+ if((x = strtok(s + 1,d)) == (char *)0) /* AF */
520+ return(1);
521+ if(atoi(x) != 2)
522+ return(1);
523+
524+ if((x = strtok((char *)0,d)) == (char *)0)
525+ return(1);
526+ hostp = x;
527+ if((x = strtok((char *)0,d)) == (char *)0)
528+ return(1);
529+ portp = x;
530+ memset(&hints, 0, sizeof(hints));
531+ hints.ai_family = AF_UNSPEC;
532+ if(getaddrinfo(hostp,portp,&hints,&res))
533+ return(1);
534+ if (res->ai_next)
535+ return(1);
536+ memcpy(a,res->ai_addr,res->ai_addrlen);
537+
538+ return(0);
539+}
540+#endif
541+
542 static int
543 net_send(s, buf, len, flags)
544 int s;
545@@ -1887,10 +2276,27 @@
546 #ifdef BINDDEBUG
547 debugbind()
548 {
549+#ifdef INET6
550+ struct sockaddr_in6 mya;
551+#else
552 struct sockaddr_in mya;
553+#endif
554 int x;
555 int nread;
556
557+#ifdef INET6
558+ if((x = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
559+ perror("socket");
560+ exit(1);
561+ }
562+ mya.sin6_family = AF_INET6;
563+ bzero(&mya.sin6_addr,sizeof(mya.sin6_addr));
564+#ifndef BINDDEBUGPORT
565+ mya.sin6_port = htons(FTPPORT);
566+#else
567+ mya.sin6_port = htons(BINDDEBUGPORT);
568+#endif
569+#else
570 if((x = socket(AF_INET,SOCK_STREAM,0)) < 0) {
571 perror("socket");
572 exit(1);
573@@ -1901,6 +2307,7 @@
574 mya.sin_port = htons(FTPPORT);
575 #else
576 mya.sin_port = htons(BINDDEBUGPORT);
577+#endif
578 #endif
579 if(bind(x,(struct sockaddr *)&mya,sizeof(mya))) {
580 perror("bind");
581diff -urN fwtk.orig/http-gw/ftp.c fwtk/http-gw/ftp.c
582--- fwtk.orig/http-gw/ftp.c Sat Jan 18 21:17:37 1997
583+++ fwtk/http-gw/ftp.c Sat Jul 10 23:16:57 1999
584@@ -268,7 +268,11 @@
585 { int port, cnt;
586 char *p, *q;
587 int ftp_control, ftp_listen, ftp_data;
588+#ifdef INET6
589+ struct sockaddr_in6 serv_addr;
590+#else
591 struct sockaddr_in serv_addr;
592+#endif
593 int length = sizeof( serv_addr);
594 char ftp_command[MAX_URL_LEN+40];
595 char gt[2];
596diff -urN fwtk.orig/http-gw/hmain.c fwtk/http-gw/hmain.c
597--- fwtk.orig/http-gw/hmain.c Sat Feb 7 00:32:16 1998
598+++ fwtk/http-gw/hmain.c Sat Jul 10 23:16:57 1999
599@@ -170,7 +170,14 @@
600 {
601 Cfg *cf;
602 int x;
603+#ifdef INET6
604+ static struct sockaddr_in6 serv_addr;
605+#ifndef linux
606+ int h_error;
607+#endif
608+#else
609 static struct sockaddr_in serv_addr;
610+#endif
611 int length = sizeof(serv_addr);
612
613 if( ac == 2 && !strcmp(av[1], "-version")){
614@@ -256,7 +263,16 @@
615 if(gethostname(ourname,sizeof(ourname)))
616 strcpy(ourname,"unknown");
617 #ifndef NO_GETHOSTBYNAME
618+#ifdef INET6
619+#ifdef linux
620+ ourhe = gethostbyname2(ourname, AF_INET6);
621+#else
622+ ourhe = getipnodebyname(ourname, AF_INET6, AI_DEFAULT | AI_ALL,
623+ &h_error);
624+#endif
625+#else
626 ourhe = gethostbyname ( ourname);
627+#endif
628 if( NULL != ourhe){
629 strcpy(ourname, ourhe->h_name);
630 }
631@@ -267,7 +283,11 @@
632 syslog(LLEV,"cannot get our port");
633 exit(1);
634 }
635+#ifdef INET6
636+ ourport = ntohs(serv_addr.sin6_port);
637+#else
638 ourport = ntohs(serv_addr.sin_port);
639+#endif
640
641 if(peername(0,rladdr,riaddr,sizeof(riaddr))) {
642 syslog(LLEV,"cannot get peer name");
643diff -urN fwtk.orig/http-gw/http-gw.c fwtk/http-gw/http-gw.c
644--- fwtk.orig/http-gw/http-gw.c Sat Jul 10 23:15:57 1999
645+++ fwtk/http-gw/http-gw.c Sat Jul 10 23:16:57 1999
646@@ -820,12 +820,20 @@
647 { int x;
648 int reuse = 1;
649 struct linger linger;
650+#ifdef INET6
651+ struct sockaddr_in6 mya;
652+#else
653 struct sockaddr_in mya;
654+#endif
655
656 (void) signal(SIGALRM, net_timeout);
657 (void) alarm(timeout.tv_sec);
658
659+#ifdef INET6
660+ if((x = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
661+#else
662 if((x = socket(AF_INET,SOCK_STREAM,0)) < 0) {
663+#endif
664 syslog(LLEV,"Socket failed:%m");
665 goto broke;
666 }
667@@ -835,9 +843,15 @@
668 goto broke;
669 }
670
671+#ifdef INET6
672+ mya.sin6_family = AF_INET6;
673+ bzero(&mya.sin6_addr,sizeof(mya.sin6_addr));
674+ mya.sin6_port = htons(port);
675+#else
676 mya.sin_family = AF_INET;
677 bzero(&mya.sin_addr,sizeof(mya.sin_addr));
678 mya.sin_port = htons(port);
679+#endif
680 if(bind(x,(struct sockaddr *)&mya,sizeof(mya))) {
681 syslog(LLEV,"Bind failed: %m");
682 goto broke;
683@@ -862,11 +876,19 @@
684 int port_num(sockfd, rfd, haddr)
685 int sockfd, rfd;
686 unsigned char *haddr;
687+#ifdef INET6
688+{ struct sockaddr_in6 serv_addr;
689+ struct sockaddr_in6 data_addr;
690+ int length = sizeof(struct sockaddr_in6);
691+#else
692 { struct sockaddr_in serv_addr;
693 struct sockaddr_in data_addr;
694 int length = sizeof(struct sockaddr_in );
695+#endif
696 int port, err;
697+#ifndef INET6
698 unsigned char *addr;
699+#endif
700 struct ifreq freq;
701 char ifname[17];
702
703@@ -875,18 +897,27 @@
704 return 0;
705 }
706
707+#ifdef INET6
708+ length = sizeof(struct sockaddr_in6 );
709+#else
710 length = sizeof(struct sockaddr_in );
711+#endif
712 if( (err = getsockname(rfd, (struct sockaddr *)&data_addr, &length))!= 0){
713 return 0;
714 }
715
716
717+#ifdef INET6
718+ port = ntohs(data_addr.sin6_port);
719+ memcpy(haddr, &serv_addr.sin6_addr, sizeof(struct in6_addr));
720+#else
721 port = ntohs(data_addr.sin_port);
722 addr = (unsigned char *)&serv_addr.sin_addr;
723 haddr[0] = addr[0];
724 haddr[1] = addr[1];
725 haddr[2] = addr[2];
726 haddr[3] = addr[3];
727+#endif
728 return port;
729 }
730
731@@ -958,8 +989,10 @@
732 { int port;
733 char *p, *q;
734 int ftp_control, ftp_listen, ftp_data;
735+#ifndef INET6
736 struct sockaddr_in serv_addr;
737 int length = sizeof( serv_addr);
738+#endif
739
740 ftp_control = ftp_listen = ftp_data = -1;
741
742@@ -1116,8 +1149,10 @@
743 char *buf, *host;
744 { int port, n, cnt;
745 char *p;
746+#ifndef INET6
747 struct sockaddr_in serv_addr;
748 int length = sizeof( serv_addr);
749+#endif
750 int saved = sockfd;
751 int flag = 0;
752
753@@ -2658,12 +2693,20 @@
754 struct reproxy_rec *rt;
755 { int plug_fd, plugdata;
756 int port, rem_fd;
757+#ifdef INET6
758+ struct sockaddr_in6 serv_addr;
759+#else
760 struct sockaddr serv_addr;
761+#endif
762 int length;
763 int cnt;
764 char *p, protocol[16];
765 struct timeval *tp = NULL;
766+#ifdef INET6
767+ unsigned char haddr[sizeof(struct in6_addr)];
768+#else
769 unsigned char haddr[4];
770+#endif
771 struct reproxy_rec *t = reproxy_list;
772
773 strcpy(tmp_auth_buf, buf);
774@@ -2745,7 +2788,11 @@
775 (void) signal(SIGALRM, net_timeout);
776 (void) alarm(timeout.tv_sec);
777
778+#ifdef INET6
779+ length = sizeof(struct sockaddr_in6);
780+#else
781 length = sizeof(struct sockaddr );
782+#endif
783 plugdata = accept(plug_fd, (struct sockaddr *)&serv_addr, &length);
784 if( plugdata < 0){
785 goto broken;
786diff -urN fwtk.orig/http-gw/http-gw.h fwtk/http-gw/http-gw.h
787--- fwtk.orig/http-gw/http-gw.h Fri Feb 6 01:06:23 1998
788+++ fwtk/http-gw/http-gw.h Sat Jul 10 23:16:57 1999
789@@ -132,7 +132,11 @@
790 = -1
791 #endif
792 ;
793+#ifdef INET6
794+EXTERN struct sockaddr_in6 clntport;
795+#else
796 EXTERN struct sockaddr_in clntport;
797+#endif
798 EXTERN char riaddr[512];
799 EXTERN char rladdr[512];
800
801diff -urN fwtk.orig/lib/conn.c fwtk/lib/conn.c
802--- fwtk.orig/lib/conn.c Sat Jan 18 20:39:40 1997
803+++ fwtk/lib/conn.c Sat Jul 10 23:13:04 1999
804@@ -30,12 +30,35 @@
805 int priv;
806 char *rbuf;
807 {
808+#ifdef INET6
809+ struct addrinfo hints, *res;
810+ int fd;
811+#else
812 struct sockaddr_in addr;
813 struct hostent *hp = 0;
814 int fd;
815 char *p;
816 char **ap;
817+#endif
818+
819+#ifdef INET6
820+ memset(&hints, 0, sizeof(hints)) ;
821+ hints.ai_family = AF_UNSPEC ;
822+ hints.ai_socktype = SOCK_STREAM ;
823+ hints.ai_protocol = 0 ;
824+ if(getaddrinfo(srv, NULL, &hints, &res) != 0) {
825+ return -2 ;
826+ }
827+
828+ ((struct sockaddr_in *) res->ai_addr)->sin_port = htons(portnum);
829
830+ if(priv) {
831+ int lport = IPPORT_RESERVED - 1;
832+ fd = rresvport_af(&lport, res->ai_family);
833+ } else
834+ fd = socket(res->ai_family, res->ai_socktype,
835+ res->ai_protocol);
836+#else
837 p = srv;
838 while(*p != '\0' && (*p == '.' || isdigit(*p)))
839 p++;
840@@ -81,19 +104,69 @@
841 fd = rresvport(&lport);
842 } else
843 fd = socket(AF_INET,SOCK_STREAM,0);
844-
845+#endif
846+
847 if(fd < 0) {
848 if(rbuf != (char *)0)
849 sprintf(rbuf,"socket: %s",strerror(errno));
850 return(-2);
851 }
852
853+#ifdef INET6
854+ if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
855+#else
856 if(connect(fd,(struct sockaddr *)&addr,sizeof(addr)) < 0) {
857 if (hp && *++ap)
858 goto newaddr;
859+#endif
860 if(rbuf != (char *)0)
861 sprintf(rbuf,"connect: %s",strerror(errno));
862 return(-3);
863 }
864 return(fd);
865 }
866+
867+int
868+rresvport_af(port, family)
869+ int *port, family;
870+{
871+ int i, s, len, err;
872+ struct sockaddr_storage ss;
873+ u_short *sport;
874+
875+ switch (family) {
876+ case AF_INET:
877+ len = sizeof(struct sockaddr_in);
878+ sport = &((struct sockaddr_in *)&ss)->sin_port;
879+ break;
880+ case AF_INET6:
881+ len = sizeof(struct sockaddr_in6);
882+ sport = &((struct sockaddr_in6 *)&ss)->sin6_port;
883+ break;
884+ default:
885+ errno = EAFNOSUPPORT;
886+ return -1;
887+ }
888+ memset(&ss, 0, sizeof(ss));
889+ ss.__ss_family = family;
890+
891+ for (i = 1023; i > 512; i--) {
892+ s = socket(family, SOCK_STREAM, 0);
893+ if (s == -1)
894+ return -1;
895+ *sport = htons(i);
896+ err = bind(s, (struct sockaddr *)&ss, len);
897+ if (err != -1) {
898+ *port = i;
899+ return s;
900+ }
901+ if (errno != EADDRINUSE)
902+ return -1;
903+ close(s);
904+ }
905+
906+ errno = EAGAIN;
907+ return -1;
908+}
909+
910+
911diff -urN fwtk.orig/lib/daemon.c fwtk/lib/daemon.c
912--- fwtk.orig/lib/daemon.c Fri Feb 6 01:01:34 1998
913+++ fwtk/lib/daemon.c Sat Jul 10 23:16:57 1999
914@@ -90,7 +90,11 @@
915
916 int do_daemon( port)
917 int port;
918+#ifdef INET6
919+{ struct sockaddr_in6 sa;
920+#else
921 { struct sockaddr_in sa;
922+#endif
923 int sock,sockl;
924 pid_t pid;
925 int boundok = 1;
926@@ -112,10 +116,17 @@
927 if (devnull > 2)
928 (void) close(devnull);
929 }
930+#ifdef INET6
931+ sa.sin6_family = AF_INET6;
932+ bzero( (char *)&sa.sin6_addr, sizeof(sa.sin6_addr));
933+ sa.sin6_port = htons(port);
934+ sock = socket(AF_INET6, SOCK_STREAM, 0);
935+#else
936 sa.sin_family = AF_INET;
937 bzero( (char *)&sa.sin_addr, sizeof(sa.sin_addr));
938 sa.sin_port = htons(port);
939 sock = socket(AF_INET, SOCK_STREAM, 0);
940+#endif
941 if( sock < 0){
942 syslog(LLEV,"Failed to create socket, %m");
943 exit(1);
944diff -urN fwtk.orig/lib/hnam.c fwtk/lib/hnam.c
945--- fwtk.orig/lib/hnam.c Tue Dec 10 19:08:48 1996
946+++ fwtk/lib/hnam.c Sat Jul 10 23:16:57 1999
947@@ -14,6 +14,9 @@
948 #include <sys/types.h>
949 #include <sys/socket.h>
950 #include <netinet/in.h>
951+#ifdef INET6
952+#include <arpa/inet.h>
953+#endif
954 #include <netdb.h>
955 #include <syslog.h>
956 #include <ctype.h>
957@@ -29,6 +32,15 @@
958 char *name;
959 {
960 struct hostent *hp;
961+#ifdef INET6
962+ static char str[512];
963+ struct sockaddr_in6 sin6;
964+ struct in6_addr addr;
965+ int family = AF_INET6;
966+#ifndef linux
967+ int h_error;
968+#endif
969+#endif
970 struct sockaddr_in sin;
971 char *p;
972
973@@ -39,6 +51,42 @@
974 if(*p == '\0')
975 return(name);
976
977+#ifdef INET6
978+ if (inet_pton(AF_INET6, name, &addr))
979+ return(name);
980+#ifdef linux
981+ if((hp = gethostbyname2(name, AF_INET6)) == (struct hostent *)0) {
982+ family = AF_INET;
983+ hp = gethostbyname2(name, AF_INET);
984+ if(hp == (struct hostent *)0)
985+#else
986+ hp = getipnodebyname(name, AF_INET6, AI_DEFAULT | AI_ALL, &h_error);
987+ if(hp == (struct hostent *)0) {
988+ family = AF_INET;
989+ hp = getipnodebyname(name, AF_INET, AI_DEFAULT, &h_error);
990+ if(hp == (struct hostent *)0)
991+#endif
992+ return(name);
993+ }
994+
995+ if(family == AF_INET) {
996+ if (hp->h_length > sizeof(sin.sin_addr.s_addr)) {
997+ syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.128s", hp->h_length, name);
998+ name = "invalid";
999+ return (name);
1000+ }
1001+ bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
1002+ return(inet_ntoa(sin.sin_addr));
1003+ } else {
1004+ if (hp->h_length > sizeof(sin6.sin6_addr.s6_addr)) {
1005+ syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.128s", hp->h_length, name);
1006+ name = "invalid";
1007+ return (name);
1008+ }
1009+ bcopy(hp->h_addr,&sin6.sin6_addr,hp->h_length);
1010+ return(inet_ntop(AF_INET6, &sin6.sin6_addr, str, sizeof str));
1011+ }
1012+#else
1013 if((hp = gethostbyname(name)) == (struct hostent *)0)
1014 return(name);
1015
1016@@ -49,4 +97,5 @@
1017 }
1018 bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
1019 return(inet_ntoa(sin.sin_addr));
1020+#endif
1021 }
1022diff -urN fwtk.orig/lib/nama.c fwtk/lib/nama.c
1023--- fwtk.orig/lib/nama.c Wed Apr 2 18:09:53 1997
1024+++ fwtk/lib/nama.c Sat Jul 10 23:16:57 1999
1025@@ -20,8 +20,12 @@
1026 #include <syslog.h>
1027 #include <ctype.h>
1028
1029+#ifdef INET6
1030+#include <arpa/inet.h>
1031+#else
1032 extern char *inet_ntoa();
1033 extern long inet_addr();
1034+#endif
1035
1036
1037 #include "firewall.h"
1038@@ -237,7 +241,7 @@
1039 i = 0;
1040 while(*p && *p != ':' && i < 4){
1041 p1 = p;
1042- while(*p != '\0' && *p != '.' && *p != ':')p++;
1043+ while(*p != '\0' && *p != '.' && *p != '/')p++;
1044 if( *p != '\0'){
1045 char saved= *p;
1046 *p = '\0';
1047@@ -299,17 +303,80 @@
1048 }
1049
1050
1051+#ifdef INET6
1052+int in6addrmatch(pat, num)
1053+char *pat, *num;
1054+{
1055+ struct in6_addr pataddr, numaddr;
1056+ u_int32_t mask = 0x0;
1057+ char *p;
1058+ int masklen, i = 0;
1059+
1060+ if ( (p = strchr(pat, '/')) != NULL ) {
1061+ char saved= *p;
1062+ *p = '\0';
1063+ if ( !inet_pton(AF_INET6, pat, pataddr.s6_addr) )
1064+ return 0;
1065+ *p = saved;
1066+ masklen = atoi(++p);
1067+ }else{
1068+ if ( !inet_pton(AF_INET6, pat, pataddr.s6_addr) )
1069+ return 0;
1070+ masklen = 128;
1071+ }
1072+
1073+ if ( !inet_pton(AF_INET6, num, numaddr.s6_addr) )
1074+ return 0;
1075+
1076+ while ( masklen > 0 ) {
1077+#ifdef TESTNAMATCH
1078+ fprintf(stderr,"numaddr.s6_addr32[%d] = %08x\n",
1079+ i, htonl(numaddr.s6_addr32[i]));
1080+ fprintf(stderr,"pataddr.s6_addr32[%d] = %08x\n",
1081+ i, htonl(pataddr.s6_addr32[i]));
1082+#endif
1083+ if ( masklen < 32 ) {
1084+ while ( masklen-- > 0 )
1085+ mask |= 0x80000000L >> masklen;
1086+#ifdef TESTNAMATCH
1087+ fprintf(stderr,"mask = %08x\n", mask);
1088+#endif
1089+ if ( (htonl(numaddr.s6_addr32[i]) & mask)
1090+ != (htonl(pataddr.s6_addr32[i]) & mask) )
1091+ return 0;
1092+ break;
1093+ }
1094+ if( numaddr.s6_addr32[i] != pataddr.s6_addr32[i] )
1095+ return 0;
1096+ ++i;
1097+ masklen -= 32;
1098+ }
1099+ return 1;
1100+}
1101+#endif
1102+
1103+
1104 hostmatch(pattern,name)
1105 char *pattern;
1106 char *name;
1107 {
1108 struct hostent *hp;
1109+#ifdef INET6
1110+ static char str[512];
1111+ struct sockaddr_in6 sin6;
1112+#endif
1113 struct sockaddr_in sin;
1114 char pat[512];
1115 char nam[512];
1116 char *p;
1117 int x;
1118 int y;
1119+#ifdef INET6
1120+ struct in6_addr *hp_addr6;
1121+#ifndef linux
1122+ int h_error;
1123+#endif
1124+#endif
1125 struct in_addr *hp_addr;
1126 int eq;
1127
1128@@ -333,6 +400,63 @@
1129 nam[y] = tolower(nam[y]);
1130
1131
1132+#ifdef INET6
1133+ /* IPv6 rule doesn't allow `*' */
1134+ for (p = pat; *p == '*' ; ++p)
1135+ ;
1136+ if (*p == '\0')
1137+ return(1);
1138+
1139+
1140+ /* is the pattern numeric IPv6 ? ,pjc: num/masklen? */
1141+ p = pat;
1142+ while(*p != '\0' &&
1143+ (*p == ':' || isxdigit(*p) || *p == '/'))
1144+ p++;
1145+
1146+
1147+ if(*p == '\0') {
1148+ /* match against a numeric IPv6 pattern */
1149+ /* pjc: or num/plefixlen */
1150+
1151+ p = nam;
1152+ while(*p != '\0' && (*p == ':' || isxdigit(*p)))
1153+ p++;
1154+
1155+ /* all numeric match is easy ! */
1156+ if(*p == '\0')
1157+ return(in6addrmatch(pat,nam));
1158+
1159+ /* get address and covert to numbers to match on */
1160+#ifdef linux
1161+ hp = gethostbyname2(nam, AF_INET6);
1162+#else
1163+ hp = getipnodebyname(nam, AF_INET6, AI_DEFAULT, &h_error);
1164+#endif
1165+
1166+ /* unknown host can never match numeric spec */
1167+ if(hp == (struct hostent *)0)
1168+ return(0);
1169+
1170+ /* match names */
1171+ eq = 0;
1172+ while((hp_addr6 = (struct in6_addr *)*hp->h_addr_list++) != (struct in6_addr *)0) {
1173+ if (hp->h_length > sizeof(sin6.sin6_addr.s6_addr)) {
1174+ syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.512s", hp->h_length, nam);
1175+ return(0);
1176+ }
1177+ bcopy(hp_addr6,&sin6.sin6_addr,hp->h_length);
1178+ eq = in6addrmatch(pat, inet_ntop(AF_INET6,
1179+ &sin6.sin6_addr,
1180+ str, sizeof str));
1181+ if (eq)
1182+ return eq;
1183+ }
1184+ return 0;
1185+ }
1186+#endif
1187+
1188+
1189 /* is the pattern numeric ? ,pjc: num:mask? */
1190 p = pat;
1191 while(*p != '\0' &&
1192@@ -342,12 +466,20 @@
1193
1194 /* match against a text name */
1195 if(*p != '\0') {
1196+#ifdef INET6
1197+ struct in6_addr f;
1198+#else
1199 long f;
1200+#endif
1201 char *p = nam;
1202 char *rev;
1203
1204 eq = 0;
1205+#ifdef INET6
1206+ while(*p != '\0' && (*p == ':' || *p == '.' || isxdigit(*p)))
1207+#else
1208 while(*p != '\0' && (*p == '.' || isdigit(*p)))
1209+#endif
1210 p++;
1211
1212 /* if the name is also a text name, just match */
1213@@ -355,12 +487,25 @@
1214 return(namatch(pat,nam));
1215
1216 /* fooey, it's not, we need to reverse lookup */
1217+#ifdef INET6
1218+ if (!inet_pton(AF_INET6, nam, &f)) {
1219+#else
1220 if((f = inet_addr(nam)) == (long) -1) {
1221+#endif
1222 syslog(LLEV,"fwtkcfgerr: inet_addr, malformed address: %.100s",nam);
1223 return(0);
1224 }
1225
1226+#ifdef INET6
1227+#ifdef linux
1228+ hp = gethostbyaddr((char *)&f, sizeof(f), AF_INET6);
1229+#else
1230+ hp = getipnodebyaddr((char *)&f, sizeof(f), AF_INET6,
1231+ &h_error);
1232+#endif
1233+#else
1234 hp = gethostbyaddr((char *)&f,sizeof(f),AF_INET);
1235+#endif
1236 if(hp == (struct hostent *)0)
1237 return(namatch(pat,"unknown"));
1238
1239@@ -375,7 +520,16 @@
1240 nam[y] = tolower(nam[y]);
1241
1242 /* cross-check reverse lookup to try to detect DNS spoofs */
1243+#ifdef INET6
1244+#ifdef linux
1245+ hp = gethostbyname2(nam, AF_INET6);
1246+#else
1247+ hp = getipnodebyname(nam, AF_INET6, AI_DEFAULT | AI_ALL,
1248+ &h_error);
1249+#endif
1250+#else
1251 hp = gethostbyname(nam);
1252+#endif
1253 if(hp == (struct hostent *)0)
1254 return(namatch(pat,"unknown"));
1255
1256@@ -383,11 +537,22 @@
1257 syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.512s", hp->h_length, nam);
1258 return(0);
1259 }
1260+#ifdef INET6
1261+ while((hp_addr6 = (struct in6_addr *)*hp->h_addr_list++) != (struct in6_addr *)0) {
1262+#else
1263 while((hp_addr = (struct in_addr *)*hp->h_addr_list++) != (struct in_addr *)0) {
1264+#endif
1265
1266+#ifdef INET6
1267+ if (hp_addr6 && !rev)
1268+ rev = inet_ntop(AF_INET6, hp_addr6,
1269+ str, sizeof str);
1270+ if(bcmp(hp_addr6,&f,hp->h_length) == 0) {
1271+#else
1272 if (hp_addr && !rev)
1273 rev = inet_ntoa(*hp_addr);
1274 if(bcmp(hp_addr,&f,hp->h_length) == 0) {
1275+#endif
1276 eq = 1;
1277 break;
1278 }
1279@@ -408,6 +573,11 @@
1280 /* match against a numeric pattern */
1281 /* pjc: or num:mask */
1282
1283+#ifdef notyet
1284+ if ( nam is V4MAPPED_ADDRESS )
1285+ convert nam to native IPv4 address
1286+#endif
1287+
1288 p = nam;
1289 while(*p != '\0' && (*p == '.' || isdigit(*p)))
1290 p++;
1291@@ -417,7 +587,15 @@
1292 return(maskmatch(pat,nam));
1293
1294 /* get address and covert to numbers to match on */
1295+#ifdef INET6
1296+#ifdef linux
1297+ hp = gethostbyname2(nam, AF_INET);
1298+#else
1299+ hp = getipnodebyname(nam, AF_INET, AI_DEFAULT, &h_error);
1300+#endif
1301+#else
1302 hp = gethostbyname(nam);
1303+#endif
1304
1305 /* unknown host can never match numeric spec */
1306 if(hp == (struct hostent *)0)
1307diff -urN fwtk.orig/lib/pname.c fwtk/lib/pname.c
1308--- fwtk.orig/lib/pname.c Sat Jan 18 20:20:57 1997
1309+++ fwtk/lib/pname.c Sat Jul 10 23:16:57 1999
1310@@ -38,8 +38,16 @@
1311 char *sname;
1312 int z;
1313 {
1314+#ifdef INET6
1315+ struct sockaddr_in6 a;
1316+ struct in6_addr *p_addr;
1317+#ifndef linux
1318+ int h_error;
1319+#endif
1320+#else
1321 struct sockaddr_in a;
1322 struct in_addr *p_addr;
1323+#endif
1324 struct hostent *p;
1325 int y;
1326 int eq = 0;
1327@@ -50,8 +58,12 @@
1328 syslog(LLEV,"getpeername failed: %m");
1329 return(1);
1330 }
1331+#ifdef INET6
1332+ inet_ntop(AF_INET6, &a.sin6_addr, sname, z);
1333+#else
1334 strncpy(sname,inet_ntoa(a.sin_addr),z);
1335 sname[z - 1] = '\0';
1336+#endif
1337
1338 #ifdef IP_OPTIONS
1339 {
1340@@ -80,7 +92,16 @@
1341 }
1342 }
1343 #endif
1344+#ifdef INET6
1345+#ifdef linux
1346+ p = gethostbyaddr((char *)&a.sin6_addr,sizeof(a.sin6_addr),AF_INET6);
1347+#else
1348+ p = getipnodebyaddr((char *)&a.sin6_addr,sizeof(a.sin6_addr), AF_INET6,
1349+ &h_error);
1350+#endif
1351+#else
1352 p = gethostbyaddr((char *)&a.sin_addr,sizeof(a.sin_addr),AF_INET);
1353+#endif
1354 if (p == (struct hostent *)0) {
1355 syslog(LLEV,"%.512s host address lookup failed",sname);
1356 } else {
1357@@ -89,13 +110,50 @@
1358 strncpy(lname,p->h_name,z);
1359 lname[z - 1] = '\0';
1360
1361+#ifdef INET6
1362+#ifdef linux
1363+ p = gethostbyname2(lname, AF_INET6);
1364+#else
1365+ p = getipnodebyname(lname, AF_INET6, AI_DEFAULT | AI_ALL,
1366+ &h_error);
1367+#endif
1368+#else
1369 p = gethostbyname(lname);
1370+#endif
1371 if(p == (struct hostent *)0) {
1372 syslog(LLEV,"%.512s/%.20s host name lookup failed",lname,sname);
1373 goto badguy;
1374 }
1375
1376 tp = p->h_addr_list;
1377+#ifdef INET6
1378+ while((p_addr = (struct in6_addr *)*p->h_addr_list++) != (struct in6_addr *)0) {
1379+ if(p->h_length > sizeof(a.sin6_addr.s6_addr)) {
1380+ syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.512s",p->h_length, lname);
1381+ goto badguy;
1382+ }
1383+ if(bcmp(p_addr,(char *)&a.sin6_addr,p->h_length) == 0) {
1384+ eq = 1;
1385+ break;
1386+ }
1387+ }
1388+ if(!eq) {
1389+ static char str[512];
1390+
1391+ p->h_addr_list = tp;
1392+ if(p->h_length > sizeof(a.sin6_addr.s6_addr)) {
1393+ syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.512s",p->h_length, lname);
1394+ goto badguy;
1395+ }
1396+#ifdef SYSV
1397+ bcopy(p->h_addr_list,&a.sin6_addr,p->h_length);
1398+#else
1399+ bcopy(p->h_addr,&a.sin6_addr,p->h_length);
1400+#endif
1401+ syslog(LLEV,"securityalert: possible spoof %.512s/%.20s != %.512s name lookup mismatch",lname,sname,inet_ntop(AF_INET6, a.sin6_addr,str,sizeof str));
1402+ goto badguy;
1403+ }
1404+#else
1405 while((p_addr = (struct in_addr *)*p->h_addr_list++) != (struct in_addr *)0) {
1406 if(p->h_length > sizeof(a.sin_addr.s_addr)) {
1407 syslog(LLEV,"securityalert: invalid host address length (%d) hostname %.512s",p->h_length, lname);
1408@@ -120,6 +178,7 @@
1409 syslog(LLEV,"securityalert: possible spoof %.512s/%.20s != %.512s name lookup mismatch",lname,sname,inet_ntoa(a.sin_addr));
1410 goto badguy;
1411 }
1412+#endif
1413
1414
1415 for(x = lname; *x != '\0'; x++)
1416diff -urN fwtk.orig/plug-gw/plug-gw.c fwtk/plug-gw/plug-gw.c
1417--- fwtk.orig/plug-gw/plug-gw.c Sun Mar 1 15:39:52 1998
1418+++ fwtk/plug-gw/plug-gw.c Sat Jul 10 23:16:57 1999
1419@@ -142,6 +142,7 @@
1420 }
1421 }
1422
1423+ syslog(LLEV,"REJECT");
1424 if(portid == -1 || av[1] == NULL)
1425 syslog(LLEV,"deny host=%.512s/%.20s",rhost,raddr);
1426 else
1427@@ -203,6 +204,7 @@
1428
1429 struct timeval timo;
1430
1431+ syslog(LLEV,"p=%d,c=%s,ac=%d",p,c,ac);
1432 if(c->flags & PERM_DENY) {
1433 if (p == -1)
1434 syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr);
1435@@ -444,10 +446,23 @@
1436 #ifdef BINDDEBUG
1437 debugbind()
1438 {
1439+#ifdef INET6
1440+ struct sockaddr_in6 mya;
1441+#else
1442 struct sockaddr_in mya;
1443+#endif
1444 int x;
1445 int nread;
1446
1447+#ifdef INET6
1448+ if((x = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
1449+ perror("socket");
1450+ exit(1);
1451+ }
1452+ mya.sin6_family = AF_INET6;
1453+ bzero(&mya.sin6_addr,sizeof(mya.sin6_addr));
1454+ mya.sin6_port = htons(BINDDEBUGPORT);
1455+#else
1456 if((x = socket(AF_INET,SOCK_STREAM,0)) < 0) {
1457 perror("socket");
1458 exit(1);
1459@@ -455,6 +470,7 @@
1460 mya.sin_family = AF_INET;
1461 bzero(&mya.sin_addr,sizeof(mya.sin_addr));
1462 mya.sin_port = htons(BINDDEBUGPORT);
1463+#endif
1464 if(bind(x,(struct sockaddr *)&mya,sizeof(mya))) {
1465 perror("bind");
1466 exit(1);
1467diff -urN fwtk.orig/rlogin-gw/rlogin-gw.c fwtk/rlogin-gw/rlogin-gw.c
1468--- fwtk.orig/rlogin-gw/rlogin-gw.c Fri Feb 6 01:08:38 1998
1469+++ fwtk/rlogin-gw/rlogin-gw.c Sat Jul 10 23:16:57 1999
1470@@ -1373,10 +1373,27 @@
1471 #ifdef BINDDEBUG
1472 debugbind()
1473 {
1474+#ifdef INET6
1475+ struct sockaddr_in6 mya;
1476+#else
1477 struct sockaddr_in mya;
1478+#endif
1479 int x;
1480 int nread;
1481
1482+#ifdef INET6
1483+ if((x = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
1484+ perror("socket");
1485+ exit(1);
1486+ }
1487+ mya.sin6_family = AF_INET6;
1488+ bzero(&mya.sin6_addr,sizeof(mya.sin6_addr));
1489+#ifndef BINDDEBUGPORT
1490+ mya.sin6_port = htons(RLOGINPORT);
1491+#else
1492+ mya.sin6_port = htons(BINDDEBUGPORT);
1493+#endif
1494+#else
1495 if((x = socket(AF_INET,SOCK_STREAM,0)) < 0) {
1496 perror("socket");
1497 exit(1);
1498@@ -1387,6 +1404,7 @@
1499 mya.sin_port = htons(RLOGINPORT);
1500 #else
1501 mya.sin_port = htons(BINDDEBUGPORT);
1502+#endif
1503 #endif
1504 if(bind(x,(struct sockaddr *)&mya,sizeof(mya))) {
1505 perror("bind");
1506diff -urN fwtk.orig/smap/smap.c fwtk/smap/smap.c
1507--- fwtk.orig/smap/smap.c Sat Jul 10 23:15:57 1999
1508+++ fwtk/smap/smap.c Sat Jul 10 23:16:57 1999
1509@@ -122,13 +122,24 @@
1510
1511 if (ac > 1 && !strcmp(av[1], "-daemon")) {
1512 int sock, sockl;
1513+#ifdef INET6
1514+ struct sockaddr_in6 sa;
1515+#else
1516 struct sockaddr_in sa;
1517+#endif
1518 int pid;
1519
1520+#ifdef INET6
1521+ sa.sin6_family = AF_INET6;
1522+ bzero((char *)&sa.sin6_addr, sizeof(sa.sin6_addr));
1523+ sa.sin6_port = htons(25);
1524+ sock = socket(AF_INET6, SOCK_STREAM, 0);
1525+#else
1526 sa.sin_family = AF_INET;
1527 bzero((char *)&sa.sin_addr, sizeof(sa.sin_addr));
1528 sa.sin_port = htons(25);
1529 sock = socket(AF_INET, SOCK_STREAM, 0);
1530+#endif
1531 if (sock < 0) {
1532 syslog(LLEV, "fwtksyserr: Failed to create socket: %m");
1533 exit(1);
1534diff -urN fwtk.orig/tn-gw/tn-gw.c fwtk/tn-gw/tn-gw.c
1535--- fwtk.orig/tn-gw/tn-gw.c Fri Feb 6 01:11:36 1998
1536+++ fwtk/tn-gw/tn-gw.c Sat Jul 10 23:16:57 1999
1537@@ -877,6 +877,7 @@
1538 static char buf[1024];
1539 char *namp;
1540
1541+
1542 if(ac < 2)
1543 return(sayn(0,narg,sizeof(narg)-1));
1544
1545@@ -1762,10 +1763,27 @@
1546 #ifdef BINDDEBUG
1547 debugbind()
1548 {
1549+#ifdef INET6
1550+ struct sockaddr_in6 mya;
1551+#else
1552 struct sockaddr_in mya;
1553+#endif
1554 int x;
1555 int nread;
1556
1557+#ifdef INET6
1558+ if((x = socket(AF_INET6,SOCK_STREAM,0)) < 0) {
1559+ perror("socket");
1560+ exit(1);
1561+ }
1562+ mya.sin6_family = AF_INET6;
1563+ bzero(&mya.sin6_addr,sizeof(mya.sin6_addr));
1564+#ifndef BINDDEBUGPORT
1565+ mya.sin6_port = htons(TNPORT);
1566+#else
1567+ mya.sin6_port = htons(BINDDEBUGPORT);
1568+#endif
1569+#else
1570 if((x = socket(AF_INET,SOCK_STREAM,0)) < 0) {
1571 perror("socket");
1572 exit(1);
1573@@ -1776,6 +1794,7 @@
1574 mya.sin_port = htons(TNPORT);
1575 #else
1576 mya.sin_port = htons(BINDDEBUGPORT);
1577+#endif
1578 #endif
1579 if(bind(x,(struct sockaddr *)&mya,sizeof(mya))) {
1580 perror("bind");
TIS FireWall ToolKit
This page took 0.373281 seconds and 4 git commands to generate.