# PaCkAgE DaTaStReAm ipf 1 2756 # end of header 0707010e0024f1000081a40000000000000001000000013b671a72000001510000000000000001ffffffffffffffff0000000c00000003ipf/pkginfoARCH=sparc CLASSES=none save restore BASEDIR=/ TZ=EST PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin PKG=ipf NAME=IP Filter VERSION=3.4.20 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed HOTLINE= EMAIL=darrenr@pobox.com VSTOCK= PSTAMP= PKGINST=ipf PKGSAV=/var/sadm/pkg/ipf/save INSTDATE= 0707010e066732000081a40000000000000001000000013b671a72000013200000000000000001ffffffffffffffff0000000b00000003ipf/pkgmap: 1 2756 1 d none /etc ? root sys 1 d none /etc/init.d ? root sys 1 f none /etc/init.d/ipfboot 0755 root root 2372 32399 996612710 1 d none /etc/opt ? root sys 1 d none /etc/opt/ipf 0755 root sys 1 d none /etc/rc2.d ? root sys 1 l none /etc/rc2.d/S65ipfboot=/etc/init.d/ipfboot 1 d none /opt ? root sys 1 d none /opt/ipf 0755 root root 1 d none /opt/ipf/bin 0755 root root 1 f none /opt/ipf/bin/ipftest 0755 root root 168060 55930 996612717 1 f none /opt/ipf/bin/ipmon 0755 root root 25896 21853 996612718 1 f none /opt/ipf/bin/ipresend 0755 root root 55656 14591 996612719 1 f none /opt/ipf/bin/ipsend 0755 root root 101484 42444 996612718 1 f none /opt/ipf/bin/mkfilters 0755 root root 2695 7623 996612719 1 d none /opt/ipf/examples 0755 root root 1 f none /opt/ipf/examples/BASIC.NAT 0444 root root 1613 54071 996612714 1 f none /opt/ipf/examples/BASIC_1.FW 0444 root root 4013 58761 996612714 1 f none /opt/ipf/examples/BASIC_2.FW 0444 root root 2571 2536 996612714 1 f none /opt/ipf/examples/example.1 0444 root root 133 10672 996612714 1 f none /opt/ipf/examples/example.10 0444 root root 431 34452 996612714 1 f none /opt/ipf/examples/example.11 0444 root root 820 2796 996612714 1 f none /opt/ipf/examples/example.12 0444 root root 376 32937 996612714 1 f none /opt/ipf/examples/example.13 0444 root root 468 38245 996612714 1 f none /opt/ipf/examples/example.2 0444 root root 149 11661 996612714 1 f none /opt/ipf/examples/example.3 0444 root root 990 11774 996612714 1 f none /opt/ipf/examples/example.4 0444 root root 66 5469 996612714 1 f none /opt/ipf/examples/example.5 0444 root root 689 56999 996612714 1 f none /opt/ipf/examples/example.6 0444 root root 186 15947 996612714 1 f none /opt/ipf/examples/example.7 0444 root root 362 31718 996612714 1 f none /opt/ipf/examples/example.8 0444 root root 326 28049 996612714 1 f none /opt/ipf/examples/example.9 0444 root root 291 25598 996612714 1 f none /opt/ipf/examples/example.sr 0444 root root 2086 42738 996612714 1 f none /opt/ipf/examples/firewall 0444 root root 1535 60921 996612714 1 f none /opt/ipf/examples/ftp-proxy 0444 root root 1269 32755 996612714 1 f none /opt/ipf/examples/ftppxy 0444 root root 272 22906 996612714 1 f none /opt/ipf/examples/nat-setup 0444 root root 2851 28708 996612714 1 f none /opt/ipf/examples/nat.eg 0444 root root 596 46398 996612714 1 f none /opt/ipf/examples/server 0444 root root 472 39157 996612714 1 f none /opt/ipf/examples/tcpstate 0444 root root 453 39828 996612714 1 d none /opt/ipf/man 0755 root root 1 d none /opt/ipf/man/man1 0755 root root 1 f none /opt/ipf/man/man1/ipftest.1 0444 root root 4031 20789 996612710 1 f none /opt/ipf/man/man1/ipnat.1 0444 root root 1237 40856 996612711 1 f none /opt/ipf/man/man1/mkfilters.1 0444 root root 334 28216 996612711 1 d none /opt/ipf/man/man1m 0755 root root 1 d none /opt/ipf/man/man4 0755 root root 1 f none /opt/ipf/man/man4/ipf.4 0444 root root 10288 5570 996612710 1 f none /opt/ipf/man/man4/ipl.4 0444 root root 2923 49888 996612711 1 f none /opt/ipf/man/man4/ipnat.4 0444 root root 2856 39297 996612711 1 d none /opt/ipf/man/man5 0755 root root 1 f none /opt/ipf/man/man5/ipf.5 0444 root root 22291 38391 996612710 1 f none /opt/ipf/man/man5/ipnat.5 0444 root root 8352 56076 996612711 1 d none /opt/ipf/man/man8 0755 root root 1 f none /opt/ipf/man/man8/ipf.8 0444 root root 4251 45409 996612710 1 f none /opt/ipf/man/man8/ipfs.8 0444 root root 2569 24596 996612710 1 f none /opt/ipf/man/man8/ipfstat.8 0444 root root 6044 10366 996612710 1 f none /opt/ipf/man/man8/ipmon.8 0444 root root 5135 47126 996612711 1 d none /sbin ? root sys 1 f none /sbin/ipf 0755 root root 54648 22808 996612720 1 f none /sbin/ipfs 0755 root root 15608 52059 996612720 1 f none /sbin/ipfstat 0755 root root 61172 55207 996612721 1 f none /sbin/ipnat 0755 root root 39140 17395 996612720 1 d none /usr ? root sys 1 d none /usr/include ? root bin 1 d none /usr/include/netinet ? bin bin 1 f none /usr/include/netinet/ip_auth.h 0444 root root 1428 54842 996612715 1 f none /usr/include/netinet/ip_compat.h 0444 root root 25938 50673 996612714 1 f none /usr/include/netinet/ip_fil.h 0444 root root 21183 57262 996612714 1 f none /usr/include/netinet/ip_frag.h 0444 root root 1720 11033 996612714 1 f none /usr/include/netinet/ip_nat.h 0444 root root 8517 31323 996612714 1 f none /usr/include/netinet/ip_proxy.h 0444 root root 3962 533 996612714 1 f none /usr/include/netinet/ip_state.h 0444 root root 4997 27924 996612714 1 d none /usr/kernel ? root sys 1 d none /usr/kernel/drv ? root sys 1 f none /usr/kernel/drv/ipf 0755 root root 180264 12276 996612719 1 f none /usr/kernel/drv/ipf.conf 0444 root root 43 3485 996612711 1 d none /var ? root sys 1 d none /var/db 0700 root sys 1 d none /var/db/ipf 0700 root sys 1 i copyright 569 50187 985094417 1 i pkginfo 337 27860 996612722 1 i postinstall 1114 25273 993736435 1 i postremove 437 36290 944278624 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!0707010e0024f1000081a40000000000000001000000013b671a72000001510000000000000001ffffffffffffffff0000000800000003pkginfoARCH=sparc CLASSES=none save restore BASEDIR=/ TZ=EST PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin PKG=ipf NAME=IP Filter VERSION=3.4.20 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed HOTLINE= EMAIL=darrenr@pobox.com VSTOCK= PSTAMP= PKGINST=ipf PKGSAV=/var/sadm/pkg/ipf/save INSTDATE= 0707010e066732000081a40000000000000001000000013b671a72000013200000000000000001ffffffffffffffff0000000700000003pkgmap: 1 2756 1 d none /etc ? root sys 1 d none /etc/init.d ? root sys 1 f none /etc/init.d/ipfboot 0755 root root 2372 32399 996612710 1 d none /etc/opt ? root sys 1 d none /etc/opt/ipf 0755 root sys 1 d none /etc/rc2.d ? root sys 1 l none /etc/rc2.d/S65ipfboot=/etc/init.d/ipfboot 1 d none /opt ? root sys 1 d none /opt/ipf 0755 root root 1 d none /opt/ipf/bin 0755 root root 1 f none /opt/ipf/bin/ipftest 0755 root root 168060 55930 996612717 1 f none /opt/ipf/bin/ipmon 0755 root root 25896 21853 996612718 1 f none /opt/ipf/bin/ipresend 0755 root root 55656 14591 996612719 1 f none /opt/ipf/bin/ipsend 0755 root root 101484 42444 996612718 1 f none /opt/ipf/bin/mkfilters 0755 root root 2695 7623 996612719 1 d none /opt/ipf/examples 0755 root root 1 f none /opt/ipf/examples/BASIC.NAT 0444 root root 1613 54071 996612714 1 f none /opt/ipf/examples/BASIC_1.FW 0444 root root 4013 58761 996612714 1 f none /opt/ipf/examples/BASIC_2.FW 0444 root root 2571 2536 996612714 1 f none /opt/ipf/examples/example.1 0444 root root 133 10672 996612714 1 f none /opt/ipf/examples/example.10 0444 root root 431 34452 996612714 1 f none /opt/ipf/examples/example.11 0444 root root 820 2796 996612714 1 f none /opt/ipf/examples/example.12 0444 root root 376 32937 996612714 1 f none /opt/ipf/examples/example.13 0444 root root 468 38245 996612714 1 f none /opt/ipf/examples/example.2 0444 root root 149 11661 996612714 1 f none /opt/ipf/examples/example.3 0444 root root 990 11774 996612714 1 f none /opt/ipf/examples/example.4 0444 root root 66 5469 996612714 1 f none /opt/ipf/examples/example.5 0444 root root 689 56999 996612714 1 f none /opt/ipf/examples/example.6 0444 root root 186 15947 996612714 1 f none /opt/ipf/examples/example.7 0444 root root 362 31718 996612714 1 f none /opt/ipf/examples/example.8 0444 root root 326 28049 996612714 1 f none /opt/ipf/examples/example.9 0444 root root 291 25598 996612714 1 f none /opt/ipf/examples/example.sr 0444 root root 2086 42738 996612714 1 f none /opt/ipf/examples/firewall 0444 root root 1535 60921 996612714 1 f none /opt/ipf/examples/ftp-proxy 0444 root root 1269 32755 996612714 1 f none /opt/ipf/examples/ftppxy 0444 root root 272 22906 996612714 1 f none /opt/ipf/examples/nat-setup 0444 root root 2851 28708 996612714 1 f none /opt/ipf/examples/nat.eg 0444 root root 596 46398 996612714 1 f none /opt/ipf/examples/server 0444 root root 472 39157 996612714 1 f none /opt/ipf/examples/tcpstate 0444 root root 453 39828 996612714 1 d none /opt/ipf/man 0755 root root 1 d none /opt/ipf/man/man1 0755 root root 1 f none /opt/ipf/man/man1/ipftest.1 0444 root root 4031 20789 996612710 1 f none /opt/ipf/man/man1/ipnat.1 0444 root root 1237 40856 996612711 1 f none /opt/ipf/man/man1/mkfilters.1 0444 root root 334 28216 996612711 1 d none /opt/ipf/man/man1m 0755 root root 1 d none /opt/ipf/man/man4 0755 root root 1 f none /opt/ipf/man/man4/ipf.4 0444 root root 10288 5570 996612710 1 f none /opt/ipf/man/man4/ipl.4 0444 root root 2923 49888 996612711 1 f none /opt/ipf/man/man4/ipnat.4 0444 root root 2856 39297 996612711 1 d none /opt/ipf/man/man5 0755 root root 1 f none /opt/ipf/man/man5/ipf.5 0444 root root 22291 38391 996612710 1 f none /opt/ipf/man/man5/ipnat.5 0444 root root 8352 56076 996612711 1 d none /opt/ipf/man/man8 0755 root root 1 f none /opt/ipf/man/man8/ipf.8 0444 root root 4251 45409 996612710 1 f none /opt/ipf/man/man8/ipfs.8 0444 root root 2569 24596 996612710 1 f none /opt/ipf/man/man8/ipfstat.8 0444 root root 6044 10366 996612710 1 f none /opt/ipf/man/man8/ipmon.8 0444 root root 5135 47126 996612711 1 d none /sbin ? root sys 1 f none /sbin/ipf 0755 root root 54648 22808 996612720 1 f none /sbin/ipfs 0755 root root 15608 52059 996612720 1 f none /sbin/ipfstat 0755 root root 61172 55207 996612721 1 f none /sbin/ipnat 0755 root root 39140 17395 996612720 1 d none /usr ? root sys 1 d none /usr/include ? root bin 1 d none /usr/include/netinet ? bin bin 1 f none /usr/include/netinet/ip_auth.h 0444 root root 1428 54842 996612715 1 f none /usr/include/netinet/ip_compat.h 0444 root root 25938 50673 996612714 1 f none /usr/include/netinet/ip_fil.h 0444 root root 21183 57262 996612714 1 f none /usr/include/netinet/ip_frag.h 0444 root root 1720 11033 996612714 1 f none /usr/include/netinet/ip_nat.h 0444 root root 8517 31323 996612714 1 f none /usr/include/netinet/ip_proxy.h 0444 root root 3962 533 996612714 1 f none /usr/include/netinet/ip_state.h 0444 root root 4997 27924 996612714 1 d none /usr/kernel ? root sys 1 d none /usr/kernel/drv ? root sys 1 f none /usr/kernel/drv/ipf 0755 root root 180264 12276 996612719 1 f none /usr/kernel/drv/ipf.conf 0444 root root 43 3485 996612711 1 d none /var ? root sys 1 d none /var/db 0700 root sys 1 d none /var/db/ipf 0700 root sys 1 i copyright 569 50187 985094417 1 i pkginfo 337 27860 996612722 1 i postinstall 1114 25273 993736435 1 i postremove 437 36290 944278624 0707010e0cfd3b000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000000800000003install0707010e0cfd23000081a40000000000000001000000013ab75911000002390000000000000001ffffffffffffffff0000001200000003install/copyright Copyright (C) 1993-2001 by Darren Reed. The author accepts no responsibility for the use of this software and provides it on an ``as is'' basis without express or implied warranty. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and due credit is given to the original author and the contributors. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. I hate legaleese, don't you ? 0707010e0cfd0b000081a40000000000000001000000013b3b36f30000045a0000000000000001ffffffffffffffff0000001400000003install/postinstall#!/bin/sh DEVLINK=${PKG_INSTALL_ROOT}/etc/devlink.tab PATH=${PATH}:/sbin:/usr/sbin:/usr/ucb if [ x"`grep minor=ipf ${DEVLINK}`" = x ] ; then echo "type=ddi_pseudo;name=ipf;minor=ipf \M0" >> ${DEVLINK} fi if [ x"`grep 'minor=ipf ipl' ${DEVLINK}`" = x ] ; then echo "type=ddi_pseudo;name=ipf;minor=ipf ipl" >> ${DEVLINK} fi if [ x"`grep minor=ipnat ${DEVLINK}`" = x ] ; then echo "type=ddi_pseudo;name=ipf;minor=ipnat \M0" >> ${DEVLINK} fi if [ x"`grep minor=ipstate ${DEVLINK}`" = x ] ; then echo "type=ddi_pseudo;name=ipf;minor=ipstate \M0" >> ${DEVLINK} fi if [ x"`grep minor=ipauth ${DEVLINK}`" = x ] ; then echo "type=ddi_pseudo;name=ipf;minor=ipauth \M0" >> ${DEVLINK} fi if [ x${PKG_INSTALL_ROOT} = x -o x${PKG_INSTALL_ROOT} = x/ ] ; then add_drv -m '* 0600 root root' ipf else add_drv -m '* 0600 root root' -b ${PKG_INSTALL_ROOT:-/} ipf fi /usr/sbin/devlinks -r ${PKG_INSTALL_ROOT:-/} if [ -d /usr/ucb -a -f /usr/ucb/ucblinks ] ; then /usr/ucb/ucblinks -r ${PKG_INSTALL_ROOT:-/} fi if [ ! -f ${PKG_INSTALL_ROOT}/etc/opt/ipf/ipf.conf ] ; then touch ${PKG_INSTALL_ROOT}/etc/opt/ipf/ipf.conf fi exit 0 0707010e0cfcf3000081a400000000000000010000000138488c60000001b50000000000000001ffffffffffffffff0000001300000003install/postremove#!/bin/sh rem_drv -b ${BASEDIR:-/} ipf egrep -v 'name=ipf' ${BASEDIR}/etc/devlink.tab > ${BASEDIR}/etc/devlink.tab.new mv ${BASEDIR}/etc/devlink.tab ${BASEDIR}/etc/devlink.tab.bak cp -p ${BASEDIR}/etc/devlink.tab.bak ${BASEDIR}/etc/devlink.tab cp ${BASEDIR}/etc/devlink.tab.new ${BASEDIR}/etc/devlink.tab /usr/sbin/devlinks -r ${BASEDIR:-/} if [ -d /usr/ucb -a -f /usr/ucb/ucblinks ] ; then /usr/ucb/ucblinks -r ${BASEDIR:-/} fi exit 0 0707010e002569000041ed0000000000000001000000063b671a72000000000000000000000001ffffffffffffffff0000000500000003root0707010e002539000041ed0000000000000001000000033b671a72000000000000000000000001ffffffffffffffff0000000900000003root/etc0707010e002521000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001000000003root/etc/init.d0707010e002491000081ed0000000000000000000000013b671a66000009440000000000000001ffffffffffffffff0000001800000003root/etc/init.d/ipfboot#!/bin/sh id=`/usr/sbin/modinfo | awk '/ipf/ { print $1 } ' -` pid=`ps -e | awk '/ipmon/ { print $1 } ' -` PATH=${PATH}:/sbin:/opt/ipf/bin IPFILCONF=/etc/opt/ipf/ipf.conf IP6FILCONF=/etc/opt/ipf/ipf6.conf IPNATCONF=/etc/opt/ipf/ipnat.conf block_default_workaround() { ipf -F a echo "constructing minimal name resolution rules..." NAMESERVERS=`cat /etc/resolv.conf | nawk '/nameserver/ {printf "%s ", $2}'` for NS in $NAMESERVERS ; do IF_TO_NS=`/usr/sbin/route -n get $NS | \ nawk '$1 == "interface:" { print $NF ; exit }'` IP_TO_NS=`ifconfig $IF_TO_NS | \ nawk 'NR == "2" { print $2 ; exit }'` echo "pass out quick proto udp from $IP_TO_NS to $NS port = 53 keep state" | \ ipf -f - done } case "$1" in start) if [ x"$pid" != x ] ; then kill -TERM $pid fi if [ x$id != x ] ; then modunload -i $id fi modload /usr/kernel/drv/ipf if [ -r ${IPFILCONF} ]; then if `/sbin/ipf -V | \ nawk '$1 == "Default:" && $2 == "pass" { exit 1 }'` ; then block_default_workaround fi ipf -IFa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: load of ${IPFILCONF} into alternate set failed" else ipf -s fi fi ipf -y if [ -r ${IP6FILCONF} ]; then ipf -IFa -6f ${IP6FILCONF} if [ $? != 0 ]; then echo "$0: load of ${IPFILCONF} into alternate set failed" else ipf -IF a ipf -6f ${IP6FILCONF} fi fi if [ -r ${IPNATCONF} ]; then ipnat -CF -f ${IPNATCONF} if [ $? != 0 ]; then echo "$0: load of ${IPNATCONF} failed" fi fi ipmon -s & ;; stop) if [ x"$pid" != x ] ; then kill -TERM $pid fi if [ x$id != x ] ; then modunload -i $id fi ;; reload) if [ -r ${IPFILCONF} ]; then ipf -I -Fa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: reload of ${IPFILCONF} into alternate set failed" else ipf -s fi fi if [ -r ${IPNATCONF} ]; then ipnat -CF -f ${IPNATCONF} if [ $? != 0 ]; then echo "$0: reload of ${IPNATCONF} failed" fi fi ;; reipf) if [ -r ${IPFILCONF} ]; then ipf -I -Fa -f ${IPFILCONF} if [ $? != 0 ]; then echo "$0: reload of ${IPFILCONF} into alternate set failed" else ipf -s fi fi ;; *) echo "Usage: $0 (start|stop|reload)" >&2 exit 1 ;; esac exit 0 0707010e002479000041ed0000000000000001000000033b671a72000000000000000000000001ffffffffffffffff0000000900000003root/opt0707010e002581000041ed0000000000000001000000053b671a72000000000000000000000001ffffffffffffffff0000000d00000003root/opt/ipf0707010e002449000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001100000003root/opt/ipf/bin0707010e002431000081ed0000000000000000000000013b671a6d0002907c0000000000000001ffffffffffffffff0000001900000003root/opt/ipf/bin/ipftestELF,X44 (444vvwww +z(z(z(/usr/lib/ld.so.13."<v/6* 3z@)%p_xWFf#lQoY +IDse2|0L+j t1EKn\*BO5Ja> ,&!'c-y"$ $(,.=)Ug'q!]{wR%8XGb}d&;NumHV-~[ir`h:A^P4?S#T7Mk 9ZC ( tT()4)X),X Oh O O w w$z(z ׈l  @ 0(4 ;wB\ R,Xt Y( _yd|nl\ xy}||HxyX<@   xxPx\)h2 ;yCxLQ Y\D exmypt|~4 [( b, @!M    =  ww l dL ! -|(: D GH R fh'dd @* :` @d@`" @F!  "`dԐ@@? !` ! `"  d @Ԓ @/   '\!` ! `"  d @ԒȔ @   '\!` ! `" !`  a Vd 'dd@@\  d ` d  @* :` (d 'd'\?'\\ ,d\@ *`: ("\ '\d\@ @ 'TT?d`(`(ԒH@͖ !` W*  d @Ԓ @ͨ  !` ! `" d 'ddԐ@@͐  !` ! `" dԐ@@~  !` ! `" dԐ@@l  !` ! ` " dԐ @@Y  !` ! ` " dԐ(@@F !d 'ddL ?@ !` L"  (`(Ԓ0H@ 0dԐP@@ m!` ! `"  d @ԒX@   !` ! ` " d 'd d @Ԓ`@  !` ! `@" d 'dd` d @Ԓh@  !` ! ` " d 'd d @Ԓx@ d 'dd!H@? d 'dd(`(ԒH@̆ d`'d@  (`(ԒH@t dԐ@@̌  !` ! `" 6dԐ@@z -!` ! `" !`  a (`(ԒH@A i!`  `  (`(ԒH@. Vd`'d@  (`(Ԓ H@ DdԐP@@4 d`'d@  (`(Ԓ H@ )!`  `  !` ! `" !`  `  !` ! `" d`d@ԒX@  !` ! ` " d 'dd`d@Ԓ`@  !` ! `@" d 'dd`'d@Ԓh@ !`  `  (`(ԒHH@˔ !` ! ` " d 'dd`d@Ԓx@˜ d!H@? d 'dd 'dd`dԐp@@|  d 'd!` ! ` " !`*d`d@Ԓx@` d`'d@  (`(ԒH@- Ud!@ @M!` * d 'dd`!`  a (`(ԒHԖ!@ 0! ,d`zd@Ԓ@  d `d 'dd!@H@  d 'dd`'d@Ԓ@  d `d 'dd!@H@_  d 'd-d`(d@Ԓ@ !`  `  (`(ԒԔ@ʒ !` ! `  " d 'dd`-d@Ւ@ʚ $d`'d@  (`(ՒH@g d@  @ʋ! *`!`  * Ed 'dd`@d@Ւ(@j 7d`'d@  (`(Ւ0H@7 _d\  @ !` _* d(`(ՒPH@ C!`  * Fd 'dc"d`d@Ւh@$ d`'d@  (`(ՒpH@ #d@"`"#@Ւ@ $!` ! `2 ` `* D ` D@3D d Ԑb@1'D  @ Ԑb@$D  @ Ԑb @ D `D֐`@ D ` ֐c@֐c@D `  D ` !D@d(`(`(@ "  (@ ( ` *@`"D  @ ֐c@ D *`: CD D  D Ք#Ք#֐@ D *`: D Ԑ] D *`: D ԐND  @ ֐c@xD E `  D 2` ֐@jD F `  D 2` ֐@\D 2`  `  ֐c@P?'$D D `'Ԁ`D   @n'쀢  ֐@@3 D  א@*D  @ Ւ!Ւ#א@D 2`DDH@D x`D x@D  @ Ւ!Ւ#א @D 2`D,DX@D `D @D 2`   $D D2`   D <`D h`D @*`2  D l*`2 wא`(@D <`D h`D @*`2  D l*`2 D l7D @7DD`h<~D D2`  ` D 2`  ` א`0@wא`8@sD D2`  ` D 2`  ` א`0@_א`@@[D D2`  ` D 2`  ` א`0@Gא`H@CD  ` ID p*`2 BD r*`2'D r*`2'В 'А  : 'Ѐ bД * "Ж*אP@ @ א``@D p `* 2` א`p@D  ` D u `  D t ` א`@D u ` ?` D u א@Cc'c' *`: 4D u @ `#(`(`(@ "  *`:  (@ ( ` *@`"ܒ 'ؒ 'D t ` o(`(`(@ "  /(@ ( ` /*@`"D t ` ?` D t א@]Cc'c' *`: 4D t @ `#(`(`(@ "  *`:  (@9 ( ` *@`"ܒ 'ؒ 'D  @ א`@D h א`@D `Dא`@D `Dא`@(`(`(@ "  (@ ( ` *@`"㿀'D ''D'쀢  ' א@耢 א`@'?' '(`(`(@ "  (@ ( ` *@`"(`@㿈'DԐbP@D ` א`@wD `@ א`@mD  @ א`@bD`? =אa@WD c D`@o!'쀢 אa'Րc'D`@o'耢 אa' *`:  אa@'אa@ 㿐!a8!@N!a8* 㿈'D'H'D .@ D x@   D :@ DH@P ?0+D @ ' *`:  耢 耢 ?耢 H" H "@ ?* " 㿈'D'H'L'P'T'XD@ /@'耢 D@ :@'耢 R   :@ I*@`"L|? (`(ג\@y?DH@\@?D(`(ג\@b?HHL@ @ "DDD@"DPTX\@D @ `jD @ `bD @@ג@P VDH@\@?D(`(ג\@?DDD@"DDD@"D@ @P  D(`(ג\@?aL"DDD@"HHL@ @ "DPTX\@GD@ 4DH@\@<?D(`(ג\@?*DDD@"LH@? "DPTX\@tD(`(ג\@?㿀'D'H'LאaH@  QH *`:'  ` H@Oz D" 8אaH@ !a8'HH@'쀢 H@'耢  (`(גLH@F?D` "  D`@" 㿈'D'H'L'P'T?'D`D@  D@ *`:  iD@ג@* \D @ `TD @ `LDDD@"D@ *`:'  ` kD @ `cD@HT@. ?&DDD@"D@ג@  'D@ג@  'D(`(ג T@?DDD@"D@  (`(גHT@?D@PT@ ?D@גh@u D@גp@  'D@גx@[ D@ג@o  'wD@ג@A D@ג@U  ']D@ג@' D@ג@;  'CD@ג@  D@ג@!  ')D@ג@ D@ג@  'D(`(גT@?)쀢 쀢 DDD@"D@HT@ ?L"DDD@" 㿀'D'H'L7D *`:'  ` D ?#@ H2 (`(גLD@~ }c`)#@ג@ #D@@'쀢  H` 2 [(`(גLD@Q PDג(@'쀢  7Dג0@'쀢 耢 (`(ג8LD@) (* 2`` * 2`(`(ג`LD@(`(גLD @  H2 㿀'D'H'L//'D *`: 0D /@'䀢 *@`"D  @ /'D' *`: I *`: /耢@'  *`: 00) *`: @'  *`: (`(גL@ <c" @ @ * '䀢  *`: 0  @/ `   `  ?/ /H* `㿀'D'D''D '䀢   ' ?'*`'' ''䀢 *`'  '?'?'D ?㿀'D'H'''D?9Hג(@F'耢 %!@ @!a* Hג0@2'!a@!a@  '耢 !!3&D "D@'쀢 H@@'耢 !@ @!a* !! !aגH@!!㿈'D'H'L'PD @' *`: L  P  H" 㿈'D'H'L'PD @' *`: L P  H" 㿀'D'H'LH` L`אa@=.H'' @\א@-L@'耢?L'' @Eא@אc@㿐'D'HH` H`H *`2 #H * H + 2 אc  @#H * H *`2 Dאc@㿀'D'H'LD'H'䀢 L @/`"* :`' W ` #(`(`(@ " * : (@ ( `*@`" * :א@* :` L ?'H'D'H'L777L 'L* 5L" @L* 8L2 0L2 2L?2 :L?" <L 2`'̓*#  "LF2 6̀ iLH`2 JH `* H` * :`'HD ' Ȑ  H@ @2" " " " " " H` " H`" H `'Ȓ D `* L ` 1 M ` )`,8`,  @ `<8`,  @ `h8`h  @ @   ' 㿀'D'H'L'H0O j0O 0@ S0@   = |0A u0Q `0Q K <dDj'b D @u'䀢 U쀢 쀢 'D @[' '; D <'0.D ('& b(` 'D@' b(` ' D@' ''DD D @ '@@  `H D!@'@@  RH` a` H  A > a    &@'HH   @`(  H  `( @HD!@'@@  '@@'DD D @'@@  H D!@'@@   @` H  @w`('88 s`T R @k'88 @f eH 8 @W8 2` '<8$`(8't 8 *`: 8`8`2@38"` 8 `8?" 8" HD!@+'@@  @)8@& % a   (8  @  @ 㿐 P, * :`  M @3T$ , * :`  M @3G$ $ a` !@"  a$  a$ a"*` a ` *` a  "`  !b8!b8!8`0" 0 a*` $ *` a $ *` a " a a @"'D'H'L  b(`H Z*`2  H 2`  `   a @ !b8!b8!8`"  b$ " H 4 `'8@  @  'P//H  `,L `H $, $0 $4 $8,H $< $@ $D $$H< L ` K    H D'44 `      4 ,l4 4h*`2`4 4j*`2` G!b8!b8!8`"  b$vH D  `  -4j4hL c  * 2`* 2`H H*`2  2`* $  `  ` ` $ll$p$x 44tt* 2`  4t!b8!b8!8` " 'H D4j4hL c  * 2`* 2`!b8!b8!8`"  b $  @d!b8!b8!8`"  @ @L " @@m$PH @$((  (((`" ( '<`'<<$ $H H*`2H`6*2 $H 2`,MH ($X?$\H ,4`?c4bH .4d?c4fH 2`  ` $TT $TL oT@$TL o   a a @" 8" *` "@8*` H"@ 8" *`*@< `@  ?$ L ` H @H<H @ @ -`5H 2`  ` < h  < DH@ -x'H'L'P'H` , @ `?'܀  H h*`2 0* 2@'ܢ l܀` 'ܔ*@*` l 'P P P 7H H*`2P 2`* $ P ` P ` `` " 2 " P ` `P ` `` 7"@ "@ `*`2" %`V?b0Q@aЀL" *`2*`2 2 % "* 2@ `" *`2@ " * 2` `" !b8!b8!8@"  ܘ `?H@ 'x'D'P'T'D <  @ @ 'P'P 4 `'T 5D T'T7T 7耢 & a Dޕ*`2 h* 2@ ' b Dܕ*`2 j* 2@ 'D T l'77耢 (䀢 D ` D ؀@ 'D $` D $؀@ '&䀢 D ` D ؀@ 'D $` D $؀@ '쀢  j'耢 ND <  @   h ;D ,  @   d *T $Dޕ*`2 h* 2@  a Dܕ*`2 j* 2@  b  'LD <  @   h ;D ,  @   d *T $Dޕ*`2 j* 2@  b Dܕ*`2 h* 2@  a  '쀢  T D T `'P 2 `:  !PD (`X PD`,*`2 `* 2@PD`.*`2 d* 2@  c N a 耢  D2 hDT`" l D2 hDT`" lDD`l" p  b 耢  D2 jDT`" x D2 jDT`" xDD`x" |DD`T " T a a @"?'耢 䀢  D $` 'D `'䀢  D `' D $` '쀢  D * " P* 5 㿐'D'H'LD 4LH @ l @!btH `l  *L  LH`*`2 h* 2@LH`*`2 j* 2@  'D'HD< @  D @ @  H X*`2 / H D' `'\\ \ \  \  \  ̒ 'LH X*`2L@2  `*`8  H H*`2?'XX L2` ` *`X  А   @   @L ` L2` ` *`L@' `  `  `   `  gL  'HL 'HА 'HL 'H 'H *`2H@'H *`2H@'H " H @@'HL 7LZ2 d  'dL2` ` *``LܺL2 H'`H 4 ` `?/' aH *@@ M L ` D M ` ?'8'<'@'D'(','0'48(`  % M   !b8!b8!8@"  $ D *`: @$  ('PP  L `  L `  L2` ` *`L@'TT TL  'HL 'HА 'HL 'H 'H,2`H@'H,2`H@'H " H @@'HL 7LZ2 d  'dL2` ` *``LL2 H'`H 4 ` `?/' aH *@@ C L ` : M ` 5'(','0'4'8'<'@'D(8`T  ('P!b8!b8!8@"  $ H X*`2 @$ P  㿈'D'H'LH P'H `H D"` DH`"*` a ` !b8!b8!8`0" 0 " L @@N'H" P a * 'DD` D@H`"  !b8!b8!8`0" 0HD" HD@" DH"('D'H b(`H Z*`2  H 2`  `   H 6*`2'DĐ ''H  ` 'H ' ' ' 'H ' ' ' $'А ' 'H 2`'H  `    ? :  *`2̐@' *`2̐@' " ̐ @@' a̔ *@@ E L ` < M ` 6''''''''H   H 5 `  b$  b$   DH'   ` `  `  ',2`̐@'̓- 2`̐@' " ̐ @@' aȔ *@@ R L ` I M ` C''''''''H ) HD  H 5 `  b$  b $     T o ,2`̐@'̓- 2`̐@'̐)  a`,2`̐"@'̓- 2`̐"@'̐ 'g !b8!b8!8`"  >H X*`2 @$ !b8!b8!8@"  $  ('H" @ ' ` `@MH 2`  `  h   DH@㿐'D a ' D  M @)i$  ?$  $D  M @)X$ $ $ ?$ $㿈'DD T o   a a @"D`D@D`" D`D@"D `D`D` " D` D`"D P * a ` !b8!b8!8`0" 0D ('쀢 `"  `@D@ a a @"㿐 a !b8" 0 a" a` !@@` a"㿐 !@ .  ' $ `  L `  !b8!b8!8` "  !b8!b8!8`" E b$`  b$"㿀'D'H'L'PL D' /H`P" `'L X*`2L`6*2" ` 2*`" '  ` $ ` `䀢  D @"HP * D @"HP  *.D @"HP ` !*`   ` HP  *D @"  `  HP  *D @"  `  HP  *D @"  ` HP  *D @"$  ` HP  *D @"  `  HP  *D @"  ` HP  *D @"  `  HP  *D @"  ` HP  *D @"!  `  HP  *D @"  D @"W  ` D @"HP  *D @">  `  HP  *D @"D @"!  `   ` 䀢 D @"J$JJKLdM0MNNNtNt㿐#b!" #b"" #b ,@" #"P'D'H'L'P b,a H 2`  `  D /D `'D 7D *`2@'D /D 'D @'D 'D @'H'*`"' !@U'H`( 'H ,7H .7*`P@''耢``   @  #b#b#@" ' ,@'耢 #b#b#`"  kH`@" ( H`@H`@H`@`"  *P@ @" *`P "`" " *`P "` `   @ 0 `* &D` * :`'  * 'H`H*22`@ 2 $#b#b#`"  b, b, ,@"㿈'D'H'LD< @    b4`?VDHL!"'쀢 &cH `4  *" * ,H 4 *"*`,H 4  +`# + , "@?&cH `4  *" * 0H 4 *"*`0H 4  +`# + 0 "@ 㿈'D'H'L'PD< @    b4`?>H Z*`2'* 'H H*`2 ?  H H*`2  DHL""Y'쀢 P" P" 쀢 ? P'D'H'LD /D `'D 7D *`2@'D /D 'D @'D 'D @'H'*`"' !@'H`( 'H ,7H .7*`L '쀢 `   @^ H Z7 ' ` * 2`  H 2`  ` m * 2`  * '*`L @(`@"@`"  *L@ @"*`L "`" *`L "H H*`22  7*`2 $* 2@D  @ * :`  * &2 $#b#b#` "  'g 㿀'D'HH 2`   b4` DH Z*`2'* 'H H*`2 ?  H H*`2  %DH"'쀢  ' & `  耢 " " '㿀'D'HH 2`   b4` 6H Z*`2'* 'H H*`2 ?  H H*`2  DH!'耢  (''㿈'D!'耢 !!b * '쀢  D@" '?'㿈'DD ('쀢 `"  `@D `D`D@"D`D@D`" D@㿀!' *`!@''耢` @"?'!' .*`"Đ@''耢`@" '䀢   耢@" ~?'㿐 bH *  @n  8"@ b8` b8 H@ *` @? bH *  @K  8"` b8 ` b8 H@ *`  @?h "` bL *  @&$ b`` b` L@ *` @?G "d bP *  @$ bd` bd P@ *` @?& "h bT *  @$ bh` bh T@ *` @? 㿀'DD`H'    b\ \ * @@ "DD D`H '2`   P@@' bd * '``'D" D" D"㿀'DD`@'    bX X * @@ "DD <`@ '2`   L@@|' b` * '`` 'D" D" D"㿐'DD `D`D`" D`D`"㿐'DD `D` D`" D`D` "㿈'D@  @-'*` bh '쀢  @@D @ `" P' @'쀢 ? * h@ @" h *@@ " *` bh ` *` bh "`*` bh "D" @" "  " 㿐'DDDD`" D `D`D@D`" D`D@"D@w㿐'D'H'LL<!L L?# 'LDH*3 L 'LL?# L3  'LHN2H*28 ? @ L@ 2`? @  2`? @   8 H2㿐'D'H'LL@!L L?# 'LDH*3 L 'LL?# L3  'LHN2H*28 ? @ L8 ?# @ 2`? @  2`? @   8 H2㿐'D'HHD*28 ? @ H@ 2`? @  2`? @   8 D2'D'H'L  '  @H <  H =  PD 'H0A  D @'쀢  '쀢 H <  H = 5P 0 $ 0 h `  0 `  < @ $ < 0 `  D H $ D "D  00 `@D H0A 0A  = Z =   < 20> 0? x0Q a0Q 0O 0P 2b0R ; VVL `  'Q 'J` 'C  @l  @=$ ?$ |* :`  * :`|@$F$  '$$h `  0? $0h `  0? $0$ h `  H8 *"@*` $'0 `  @8 *"@*` $0 ` HD" $0 `  $H8$ 0 `  $?$ $H?H  0 ` D $(0 `  h ` <$(D$(h ` I84,:* 2`8*`2 *:* 2`8*`2"  @>$@'LL L?L8  @-'HH H$?$0 ` *`'HH H$?$ 'c'c'`" <L `  ' 2 '+h ` h `  bD` bX" b\"$  @#@'c'c'`" 0 $0$ 'c 8@" ('c 8`" ,'c D@" 4'c h@" 0'c H@" <'c L@" @'c P@" D'c T@" H'c @@" L'c @" 8'cD T'0D '쀢 0 @  0 D ' 'L `  ''䀢 @' 䀢 @' '쀢 D @'쀢  'X D @'쀢 D t @'쀢  bt" '8 bt`D@' '( bt`D@,' ' bt`D@' ' '`@x'D'ؐ D @'  f'耢  b@''耢 D @k'  'G b@'䀢 耢  H'䀢  (" ' '쀢  8` ܒ L' @@'ܒD @&'  'p'D'ؒܐ D @'Ѐ   ܔ" @'Ѐ  ` b@` b@`   b@   H  `H''   |@'`@    `@ @`    ` @`'Ԁ M L' 8` @@'"  @'؀  Dؔ" @ؒ" Ԕ L@ 8`ؐbT`8@@tb@@ """ @g'Ѐ  '@cܔ" @V'Ѐ  'аh'D'ؒܐ D @@'Ȁ  M ܔ" @2'Ȁ  ? 䀢 &"  @#'؀  -ؔ" @" @ 'Ȁ  ''ؐ |@` '  |@~$`T$`X`'$``'$``@'$`@$`̀ A @~'̀  '$`@ ̔ @~̒ " `0" 0"" " " " ̒ l  @"` |*`:   *`:̒|@ )"`Ԁ J L@~'Ԁ  '$` @" H b"ؒ"Ԕ L@~̀ `" @``@@~q" 8 8` 'fؒT 8@@~Z" @" 8Ѐ G` ( @~J'$`Ѐ  '@!Д @~6'ܔ" @~/'Ȁ  '* b@   Ѐ  H  '؀ @~ @q ؀ @}`@Ȱ㿈'DD  c  'c'c'`P" PD L`D`LD`T" TD`TD`L"D P`D`PD`X" XD`XD`P"D ` D`D`D`" D D`D`DD @'쀢 .`" ` "  ` 0 `  ``@`@}'c'c'`" DED`@W'c'c'`" D@}e㿐  b8`  b8 H@ *` @} b8 `  b8 H@ *`  @| "@@   H$@B'c" 㿈 "D' b``  b` L@ *` @| bd`  bd P@ *` @|@ &$@    @@|'c'c'`"  0 $ 0$ ' bX" b\"P'D'H'L'P'T7777''DR 2 @7P `  L D'7 7 |@|'Ԁ 'c'c'` "  Ԓ  |@|OP" P c  'c'c'`P" PT m D ('D ,77D ('䀤H ''DQ'؀  '  ؀ '" DD HD ,*`2 D h ` gD 6*`2  P ` rH 'D @8  @''D .*`2 @|7'D H8  @'D D@'P ` /D 6*`2 ( 7D*`2 6* 2  @| 7D 6*`2 D .*`2  @{@{@7$7MD D`D H L @1?1D D`D H` H 'D HD ,*`2 ؀  DDD`(" ('Β *`2 nD h ` hD 0 ` b'D 6*`2 @{ D  D 6*`2 D HDDD`(" (D 6*`2 17D 6*`2 @{Z@7D*`2 6* 2  @{L7D 6*`2 HD`.*2  @{>@{=@7$75D h ` /Β *`2 (D ,*`2 !D ,`2 ,7DD`,*`2 :* 2@DD`82 ,D HDDD`(" (D 0 ` DD (`H DD`D" (D HD (`D`H D`D DD`D" (* 2`  P ` 7'H ''LP H +`0((0@ #\@'Ѐ  D ,*`2 Dƕ*`2 ,* 2@D (` D (@Ѐ D `DDD`" H` " " $H`" ( D`H ' $'D("`DH` ? H 2`* 2`? 2`@* 2`@P `  2 62 82 4D 0 ` #D ('D <䀢@DD`@" (DD`<" (D 0 a DD#D <'D 0 a DDD ,*`2 7 D 8"@D ,@7䀢 * 2`*`2  H '" H`" $H` " (H`? H 2`* 2`? 2`@* 2`@P `  2 62 82 4?# 4  ?# @ 4` ?# 4  ?# @ 4` $@?# 4 ?c 4@ " `" P ` \* 2`*`2  * 2`*`2 HT  H` ? H 2` H`? H 2`? 2`@?# 4  ?# @ 4` ?# 4  ?# @ 4` $@?# 4 ?c 4@ " `" @`T" `L@" \D" @H ` * >" 0" ,L`@"  ` ````" T  P ` 2 P ` 2 DDD` " ԰'c'c'`$" $ D'؀` @x 㿀'DD l@"D* sD d*`:  D d  @D"`\D @@" H b@D"D  c LDD` 2  @ D`6*2 ?`? " 'DD`(2  (@  D`4*2  H@@xo'DD`$2  $@ D`8*2 ?`? " 'DD`(2  (@  D`4*2  H@@xK'6DD` 2  @ ?`? " 'DD`(2  (@   H@@x/'DD`$2  $@ ?`? " 'DD`(2  (@   H@@x' b8 * '`@D`L" TD" TD@" LD" b8 *  '`@D`P" XD" XD@" PD"'c'c'` " 'c'c'`" h'D'H'L''H D'D @ @  D *`: /  `'܀ ܀ ܀  ܀  ܀  H D`'2` ` *`'؀  D *`:ؒ   `  '  `  ' ` ]ؒ 'D *`:ؒ  ~2` ` *`@'L " ' 'H ` Ԙ@+`2`+``(3`@#\@R  ' 'H ` И@+`2`+``(3`@#\@2L  ' 'H ` И#\  @ ' 'H ` И#\  @w`'D'H'L'P''H 2`  `  H Z*`2  D< @  DHP'Ѐ  L "H D'ؒ ' `  '  `  '2` ` *`̐@' `( ` ? ` 2 ' '" `? `2 ' $'" ? ܓ2 '? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' ``]̒   ` O *`2 H *`2'Ԓ   *`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ''̒  Ȑ ` '`4*`2 * 2@@*`2 6* 2@*`2' 6*`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' '`62 ` Q *`2 J *`2'Ԓ  , *`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' '`*`2 8* 2@ *`2' 8*`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' '`82  ` Q *`2 J *`2'Ԓ   *`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' ' %? 2 '? 2 ' `` ؒ Hؒ H `  p@"а㿈'D'XX2`Z 6` @ -`2 ?`? " '2`   - 2  H@@s' b8 * @ MD  D\ >( 9$5`  `  > `@$4* 2`- 2  8* 2`-`2  P'c P`   |\ 6` @ ?`? " '2`    H@@sn'\  b8 * @ LD  D\ =  7 1( $$4* 2`- 2  8* 2`-`2  X@P\ 㿈'D'HH2`JD 4*`2,`2 D2 6D2 8D L`D`LD`T" TD`TD`L"D P`D`PD`X" XD`XD`P"DD` 2  @ , 2 ?`? " 'DD`(2  (@  ,`2  H@@r' b8 * '`@D`L" TD" TD@" LD"DD`$2  $@ , 2 ?`? " 'DD`(2  (@  ,`2  H@@r|' b8 *  '`@D`P" XD" XD@" PD"㿈'D'XZX2` '2`  - 2 ?`? " '2`   -`2  H@@r4' b8 *@ MD  D\ > 쀢 9( 4`   > `@$6* 2`- 2  4* 2`-`2  L'c P`   \ 2`   H@@q'2`    H@@q'\  b8 *@ MD  D\ >  8 2 쀢  ( $6* 2`- 2  4* 2`-`2  XTL\ x * 2*` *`2 '' '#\   '耢  $$  84 㿈'D'H'LL< @   H *`: L `H `*:  D 4 ` KH h `  DH `@ H < @ H 0 @       DH `P H L@ @ H 0 @ `   ` IH h `  uDH `P H L @ H 0 @     VDH `H H D @ H 0 @     7H T'D 2`  ` D 2`  `  D Z*`2  `  `    DH'D'H '77' ' '' bD`  bt` H @'Ā`  @  `   'H'H Z*`2 *H 2`  ` "D `  ' D `  'Ԑ `  H D'7 7D D ` DH '  '$H 2`  ` DH' 'D 'D 'D `* 3`*`*`3` #\*' M 'Ԑ c CԐ a  6*`2*`2 2 6Ԑ b  4*`2*`2 2 4 8*`2 2 8` "  ''c'c'`P" P?'̐ '̒ @'2`   L@@o%'В*` b`  c    Ȁ U 0 `   0Ԑ H 0 `@ HD 9  @ @  < / h ` * |* :`  D@  h ` DHԘ '  $ $ $  &܀ "ܒ?'̓* '܀  bX ܓ*@  @ ܀ ` f @ H 2`  `   DH B l@"D*; `0@ " 0`," ,Ԁ _D` ? D` 2 '`$? `$2 '? 2 '? 2 '? 2 '? 2 ' ?'" '? 2 ' `` D HD Hm `` D H_ D HD`$" H Z*`2 H 2`  ` | 8*`2 Ԑ `  `82H@2 0D ` ( ' <H } p@  p@" @  @"%D ` ' *`2  'D `  ؀  p@"䀢  `` H H   % d* 2` 쀢 * 2` d*`2 DH@ '܀  ' ''c'c'`" ܰ P'D'H77'' 'H''' bD`D< @    bt` H Z*`2 *H 2`  ` "D `  ' D `  ' `  H D' 77D D D ` DH 'Ā  '3H 2`  ` DH'Ā 'D ''HD ` *`0+`+`0@#\w'Ā C ' c 9 4*`2*`2   b 2 4 8*`2*`2   a 2 8` "  ''c'c'`P" P?'ؐ 'ؒ @'2`   P@@l2'ܒ*` bd }  Ԁ ! * :`   * :`D ` 0  0 P0 `@ HD A H @ D 7h ` 28* 2` 0 `@ :* 2`*`2 * 2`8*`2 DH 'Ā $ $$&̀ "̒?'ؓ* '̀  b\ ̓*@  @ ̀ FĀ  @H`" @ H 2`  `  DH 1 %d* 2` Ѐ * 2`d*`2 DH@ '̀?̰䀢  l@"D*; `0@ " 0`," ,D` " H` "  `` D H D HsH Z*`2 H 2`  ` | 6*`2  `  `62 H`2 2D ` (В 'Ē <H ޞ p@  p@" @  @"%D ` ' *`2  'D `  Ȁ  p@"耢  `` H8H'c'c'@"  㿐% b8`  "8@@j< b8" b8 `  "8`@j. b8"  b``  "`@@j  b`" bd`  "d@@j bd" bh`  "h@@j bh"㿐 "@@ ?$  H H$@'c'c'`" 㿀'D b@`_D  D`\ Q` ` L`@'耢 G HB (`=`\'`$ ?$`$`$*?# 4 ?# 4 ?# 4 ?# 4 $?# 5  `?# 5  $``$` `H bD  D  l  @$   ?$ 㿀'H -:`'  `    -:` 0  -:` x -:` X     * :` -:`'  ` @i7?Г-:`  / * * :` $-:`' ` -: ` ,-:`'  `   -:` .  q%  x-:`  * :` -:`'  `  M%: ``<*`  ;0?c 1*`#?c $*`*  *`* * H H" ְ֜֨$㿈 ?'D` ` D!'\\   cؒ  @g 'D'H'L'P''D'耢  b` LHPQ' '耢  b` LHP:' '耢  b` ' LPH  @.'|H0A 0A : D  C  < Z =  > bN G  G   F l= I +0@ 10O 0O 0K O0K  0J 0M    0S ? E KP `  ' `L @g<'L @g3'P `  '  HL@3'P `  ' ` "@HL@'P `  '(aH  @fL@"` @" "P P L!u'쀢  '~P `  'L'oP `  ' L @f'쀢  U'L @f'N L @f'쀢  b(" bt" b4" b" '- L '쀢  'P `  'P `  '@^ '㿐'D`@ *`   D ?$ `@ *`    D ?$ `@ *`   D ?$ `@ *`    D ?$ Dx'D'H'L'P''L d'䀢  $ H0K    DP ~  H0K    DP g   2`  `'D  # #5 d  2` *`P *ؒ@   `  2` *`P *Ȓ@    '܀  DP '   (aH  @e * :`   2@$  ?$  ' ? $   *`: ` 2@"@`?"  $  '  *`: ` 2@l"@`?"$  ' '耢   @$  '  `  `  @d H0K ` L N'䀢  $`$` `3H F H G     $ `   H =  H D A` '8`  `    ` ```" ` ` DP?^@$$@` @d1Q` 'J @d"`A  ` ````"  @d $`$`$@$H G  H F  $``'܀  ܒDP' '㿐'D'H'L'P `'D'H'L'PH'DD`*:`ے @cȐ  @c'Ā? ې`@c? *`: @c@c X'D'H bx'耢  '쀢``*:`ے @cqD@c"   ' bx`6 "x @c_$ bx`   bx "  p@c~  bx"@ "x@`  "x@@c<  b| "^ bx' b| b| |@" "x bx |@ *@c%$ bx` @c b|"  "|@*` bx " p@b  b| * x@ " "|@*` bx ?` b| b| |@" n "|@*` bx ?'D' *`:  *`:'  `  ' *`: . *`:'  ` "@b\2`D"   @b"D"@ D@bTD"@ @ * D@b"@?2 " 0` bx'耢  '쀢`*" 0`*:`ے @b:Ȑ '!@bC'Ā?ې`@ba@b; '㿐ې` 㿐'D'Hې` 㿐'D'Hې` 㿐㿐'D b` b  "@@b b 1Dےx@a   b" b("D @a "@ b  "@ے@a "@ b 㿈 b' b?"@a㽀'D'H'L'PD' b"@aM   @aF  耤D" ,  #@a1 ,* :` b b  ې@a(`@a@L L"P P"D *`: [H  ]@` >D $@ 6 ,@` %"L L"P  @* :` iP"  @* :` oP "L L", @ ']?㿈' /* :`  t* :`'  `  쀢 `']* :` / * :` 9 * :` ` * :` f* :` @9* :` F1* :`'  ` ?Ц  * : @`ɦ/쀢  * ,@ '   ,`'㿈'D b'  ` D `  @`D @` ?> 4' b'  ` D `  @`D @`e ?'D @" bD"D 㿈'D b''쀢`D D ` @"  '?㿈'D'H'LL 'L d7쀢   `  D `  @ $H H *`2*`2 H  * 2`   㿐'D'H'L'PD D  `  HD `  @ ; L@_  1  L@_4H `$ <$ 8D$$ @D (`D (LHP?@_[ P$ 4 b$ H b"x'D'H'L'L ` L @`DHLL"`L '耢 D `  < D ` ;H D'H L@Dq* 2`' *`2@&cH `4  *" * DH 4 *"*`DH 4  +`# + D "@?g''H 4 `  0`  0HDL' ,`  ,HDL'ؑ:` 7ޓ* :`?ޓ* :`.쀢 ? HD@'H L@D2`D*; `,@ " ,`0" 0  㿈'D'H b'  ` !  `D  H @^  `" 3 4' b'쀢 !  `D  H @^s  `"  ' 㿐'DDDD`" 㿈'DD . b''쀢`D `H" H'D 8` D @`D`8@]D@]p'D'H'L'P'D D'D 4 `'H *`:'H2` ` *`` 2*` "@'䀢  'L *  *`:'L쀢   `L + @ !L쀢`    L *  ` `?  2*:`'L *  *`: )L*`L +   *; @" '؀ L *  *`:'ؐ '"  'P 3L쀢`    $L쀢   ` "@L쀢   ` L +   R 2@ 'L "@  *  *`:'L쀢   `L + @ #L쀢`    L "@  *  ` `?  2*:`'L *  *`: L *  L *  *`:'ؒ"@ "  ' 'L *  *`:'L쀢   `L + @ !L쀢`    L *  ` `?  2*:`'L *  *`: )L*`L +  *; @" '؀ L *  *`:'ؐ '"  'P 3L쀢`    $L쀢   ` "@L쀢   `L +  R 2@ 'L "@  *  *`:'L쀢   `L + @ #L쀢`    L "@  *  ` `?  2*:`'L *  *`: L *  L *  *`:'ؒ"@ "  '耢   㿈' b'  `  '耢  4'㿈 b'  `  $` $ 4' b'쀢  $` $'x'D'HD 7 b`  b`  b' b@ܔ*"@*`"*#@' *`2 V* 2@ H 9@Z  '`   '  h *H 2`  `   @Z'耢 `L @Z" H@" "  " "  L'H" @耢  L@  @" c"'a|'a|'|@"?"  b b @" b@8 ܒ ' l'܀ '#b' b" b@ b @   b" b "@"ܒ '܀ ''a|'a|'|`"  㿈'D'H'L b` r b @ 'a|'a|'|`"  ] b` 'a|'a|'|`"  I'a|'a|'|` "  b b @" b'`" b`  b"*"@*`"*#@'" "  @"  H \@Y'` *D"  'D'H'L'P'Tx't'`L F K F  < v = @ D l C g,0M  0M  G 0L O0N 0O CD '`? '`; '`7 b'hh'l`lP  l 'hL = %P T  '`l  '` hl`"TP@"l@Y:P 4T 0 @Y'll $lP @Xl @" l" lT@"Tl"lh@" hl" c @" '` '`'a| @" $'a|D (['`H `  '` b @ :'` @ *` / "@*"@*`"*#b  D l)'`` v b b @" b`  b" e` YH `  '`PxD l'`` `Ft 'dd*"@*`"*#@'pd d pt`V*`2 V* 2@  '`d * 'p?" pt`" '`d *"  '``x'D'H'LD`h   "  ېb@Wېb@Wېb@Wېb@W D(`(ےh@WD lې@WD 0 `@ ~D 0 @ ېb@Wtېb@WpD h`D LD P D X` D *`:DXLD <D @ D `` D *`:D`6D 0 @ ېc@W6ېc@W2D h`D DD H D `` D *`:D`D LD P D X` D *`:DXD h`D 0 `@ LD D' @Wې@VD`H'䀢? ېc@VD H' @Vې @VD 8*`2  D 8*`2 ې(@VDD`:*`2 8* 2@ D :*`2 ې0@VD <' @Vې8@VD 0 ` D @' @Vې@@VD ,*`2  D ,*`2 ېH@VD 0 ` ېcX@VwD 0 ` ېch@Vk D 0 ` ېcp@V_D 0 a ېcx@VUD 0 @ ېc@VJېc@VFH ` DDDD :+ 2 D #\ېc`0D@V/DD`(" (D 0 `@ *D <' @VFې@VD`@'䀢? ېc@V D @' @V*ې@Uېc@UD 0 ` D D' @Vې@UD H' @Vې@U*D D' @Uې@UD`Hf'䀢? ېc@UD H' @Uې@U |D *`: ^D *`:  @U'ېc@UD d*`2 .쀢  D d*`2@@U' D d*`2   @U'耢  ې@@Uq D d*`2 ې@UgD |ېc @U`쀢  @(@U D *`: ܐ@ULD h`D 8*`2 ܐ@U=H `@  D :*`2 ܐ@U0iD 8*`2  D :*`2 Yܐ`0@UD 0 ` !ܐ`@@UH ` D 8*`2 D :*2 D .*2 D 6+ 2 ܐ`H@T0D 0 ` ېcX@TD 0 ` ېch@T D 0 ` ېcp@TD 8*`2 D :*2 ܐX@TD 0 @ ېc@Tېc@TH ` DDD (' @TD ,*`2 ܐ`` `@TDDܐ`0 @T㿐'DDD H`@ D 2 .ZD 0 ` 4DD`B8 2 .D HDD .*`2D`H8 ` @T4 .DDD`.2 .D .*`2 D 2 .DD .*`2 ?@T4 6"DD`H8  *" * " D" (DD`82 6*2` D 2 6DD 6*`2 ?@T4 .'D'H''c"D @T'' *D #@T' *D *`: D *`:'  ` D 'DD *`:   '`h  @S'L'PDܒ@S'XP*`X@ P  ܒ@SP 'P *`X"@ L 'LP*`X"@L  (`(ܒH@S X'TT@ے@S '`h " h;T@ے@S '`h " h,T@ے@S '`h " hT@ے@S '`h " hT(`(ܒH@SV }T 'TT'@ @Ss'`h* {T 'TT@ܒ@S^  T @* :` !GT@ܒ@S- !T 'TT@ܒ@S?  (`(ܒ@S <'`h'h`0 " 0&T @* :` !T ܒ@S  (`(ܒ@R '`h'h`0 " 0'`h 0 @ '`h h `  (`(ܒ@R '`h'h`0@" 0T 'T'`h h`TH#\''' '`'  TH#\''' '`'  T@ܒ@R T 'T'`h'h`0 " 0T @* :` !TTT@"'`h'h`0 " 0T@ܒ8@R T(`(ܒ@H@RR y'`h 0 @ '`h h `  (`(ܒh@R: aT`'T@  (`(ܒH@R( O'`h h`TH#\''' '`']  4'`h'h`d2 8TH#\''' '`'@  ^T'    /@Q'܀  *@`"'`h h`'`H5? '? '`H? '? T 'TT` '`h h`'`h 0 `@ T@ܒ@Q  (`(ܒH@Qr T 'TT` (`(ܒH@Q` T @* :`'  ` T@ -@QZ'  *@`"'T@'H  ['`h'h`82 8T 'TT@ܒ@Q%  T 'TT@'`" 'Hg  0'`h'h`:2 :'`h'h`82 :T` (`(ܒH@P T@ܒ @P  (`(ܒ(H@P T 'TT`'`h h`ܖ"Xܖ"h(`(ܒ8H@P '`h h`0T@ܒp@P 'T 'T'`h'h`0 " 0T`'`h h`ܖ"Xܖ"h(`(ܒ8H@P '`h 0 ` IT@ -@P'耢 !T 'TT`T@ܒ@Ph  T ` T '*@`"耢   *`: (`(ܒxH@P; bC'`h h`=T@ /@Pa'耢 T 'TT`T@ܒ@P9 T`'T@'耢  (`(ܒH@P + *`: /*@`"'`h h`'T@ ,@O'耢 '`h'h`0" 0*@`"T'@HC? T'@H4? T 'T'`h h ` 5T`T@ܒ@O T(`(ܒH@O T 'TT`T@@O'h2`8T 'T'`h2 8a'`h h ` ZT` T@ /@O (`(ܒHܖ# @Oa T@ܒ@Oy T(`(ܒ@H@OL sT 'TT` (`(ܒH@O: aT@'H  T'`h'h`,2 ,T 'T耢  *`: /*@`"'`h h ` $'`h 0 ` '`Hn? ! '  '`h 0 ` '`HL? ܐch'  T`'`h'h`0" 0cܒx"T@ܒx@N  '`h'h`0" 0fT@ܒ@N  '`h'h`0" 0TT@ܒ@N  '`h'h`0" 0BT@ܒ@N  '`h'h`0" 00T@ܒ@N  '`h'h`0" 0'`h'h`0" 0T@@N'쀢  '`h ` *  T@@N_'h*`cT@"T 'TT`T@ܒ@NL  T 'T'`h'h`0" 0T`T@ܒ@N4  T 'T'`h'h`0 " 0T`T(`(ܒH@M '`h 0 `  '`h'h'h`<@ @ " <'`h 0 `  '`h'h'h`DH @ " D'`h'h'h`LP @ " L'`h h ` '`h3T`T@ܒ@M  T 'T'`h'h`0 " 0T`' h'`h h`T(`(ܒH@M T@ݒ@M T 'TT` (`(ݒH@Mq 'T@ܒ@M +T 'TT` (`(ݒ@H@MU |T'T 'TT` (`(ݒH@M@ g (`(ݒhH@M4 [T@ /@M;c" #c*@`"#@@MJ'쀢  '`h ` *  #@@M''h*`'`h* 䀢 'HR  '`h'h`d2 dT'@ @MT 'TT` (`(ݒH@L ' hT@ݒ@L T(`(ݒH@L T 'TT` (`(ݒH@L T@ܒx@L  '`h'h`0" 0DT@ܒ@L  '`h'h`0" 02T@ܒ@L  '`h'h`0" 0 T@ܒ@L  '`h'h`0" 0T(`(ݒH@LV }cT@"T 'TT` (`(ݒ8H@L? fT@ݒX@LW '`h'h`0" 0'`h$2 8'`h?2 :'`h' hET@ :@L%'܀ T(`(ݒ`H@L /*@`"T@'HT  'HK  '`h'h`82 8'`h'h`:2 :' h㽀'D'H'L'Hܒ@K Hݒ@K'䀢 ("@@LS(`(ݒH@K @K(`' !@K q '/  @K'쀢 * h'耢 * :`  (`(ݒ@KwEL `@  耢 L L 1L ` D <@K? (`(ݒ@KLݐa@KD =@K? (`(ݒ@K6ݐa@K( @K9㿀'DD #': '耢 ; c *  䀢@  c * *' c *  c *    c *   ' 㿈'D' c *  c * D@J   c *     '?㿈'D' c *  c * D@J   c *     '?㿈'DD ' c *  耢@  c * *' c *  c *    c *   ' 㿐/J8  @J,@Jf@J㿐/I  ??㿐㿠w㿠wS@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed@(#)$Id: ipt.c,v 2.6.2.2 2001/06/26 10:43:19 darrenr Exp $6bdEHi:I:NoPr:STvXno rule file present -rcouldn't open %s opening rule file "%s" iplioctl(ADNAT,%p,1) = %d iplioctl(ADAFR,%p,1) = %d authblockpassnomatch--------------@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $parse [%s]  %d: not enough segments in line blockreturn-icmp-as-destreturn-icmp%d: unrecognised icmp code %s return-rstcountpassauthpreauthskip%d: integer must follow skip logbodyfirstor-blocklevel%d: unknown keyword (%s) %d: missing 'in'/'out' keyword inout%d: Can only use return-icmp with 'in' %d: Can only use return-rst with 'in' %d: missing source specification %d: or-block must be used with pass quickon%d: interface name missing %d: %s can only be used with TCP dup-totofastroutecan only use %s with 'in' tos%d: tos missing value ttl%d: ttl missing hopcount value %d: invalid ttl (%s) proto%d: protocol name missing tcp/udp%d: unknown protocol (%s) allfrom%d: unexpected keyword (%s) - from %d: missing host after from !%d: missing to fields %d: unexpected keyword (%s) - to %d: missing host after to %d: port operation on non tcp/udp %d: icmp comparisons on wrong protocol flags%d: no flags present withandicmp-type%d: icmp with wrong protocol (%d) keephead%d: head without group # %d: invalid group (%s) group%d: group without group # %d: unknown words at end: [%s ] %d: TCP protocol not specified %d: port comparisons for non-TCP/UDP %d: %s missing identifier after level%d: %s %s Unknown facilityUnknown priority%s %s%s(!):%sipoptnotoptfragnoshort%d: opt missing arguements %d: short cannot be used with TCP flags ,%d: unknown IP option name %s sec-class%d: missing security level after sec-class %d: no such security level: %s opt %s%s%ssec-class not optENDmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexroutersolrouteradechoredirsquenchunreachechorep%d: Invalid icmp-type (%s) specified code%d: Invalid icmp code (%s) specified preced-cutoffhost-precedfilter-prohibhost-tosnet-toshost-prohibnet-prohibisolatehost-unknet-unksrcfailneedfragport-unrproto-unrhost-unrnet-unr%d: Can only use keep with UDP/ICMP/TCP %d: Missing state/frag after keep statefrags%d: Unrecognised state keyword "%s" return-icmp-as-dest return-icmp(%s)(%d) return-rstskip %hu out in quick on %s%s fastroute tos %#x ttl %d proto tcp/udp proto %s proto %d from %s to %s with not ipopt short frag icmp-type %s icmp-type %d code %d flags 0x%x keep state keep frags head %d group %d%02x body first or-block level !!!%s.%s%s@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $%d: bad mask (%s) %d: bad host (%s) maskany%d: can't resolve hostname: %s port<>><%d: unknown range operator (%s) %d: missing 2nd port value =eq!=ne<lt>gt<=le>=ge%d: unknown comparator (%s) %d: unknown port "%s" tcp/udp%d: unknown service "%s". tcpudp%d: unknown tcp/udp service "%s". %d: %s %d/tcp is a different port to %d: %s %d/udp %d: unknown flag (%c) %d%s/%s/%d* port %d %s %d port %s %s\%03o@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed@(#)$Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $f. %#x & %#x != %#x %c:i0. %#08x & %#08x != %#08x 1a. %#08x & %#08x != %#08x 1b. %#08x & %#08x != %#08x 1c. %#08x & %#08x != %#08x 1d. %#08x & %#08x != %#08x 2a. %#08x & %#08x != %#08x 2b. %#08x & %#08x != %#08x 2c. %#08x & %#08x != %#08x 2d. %#08x & %#08x != %#08x 3. %#08x & %#08x != %#08x 4. %#08x & %#08x != %#08x i. %#x & %#x != %#x *pass %#x - ICMP unreachable sent - forged ICMP unreachable sent - TCP RST sent @(#)$Id: ipft_sn.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $-opened snoop file %s: id: %8.8s version: %d type: %d @(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed@(#)$Id: ipft_ef.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $-r%s %s %s %s %s %s%s %s %s %s %s %s %s :@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed@(#)$Id: ipft_td.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $-r%s > %s: %s%s %s > %s: %s%s %s: %s > %s: %s%s %s %s: %s > %s: %s :@(#)$Id: ipft_pc.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $-opened pcap file %s: id: %08x version: %d.%d type: %d snap %d @(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed@(#)$Id: opt.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $finneipimitdvisaaddextssrrsatidcipsoe-seclsrrsec-classsectrtsencodemturmtupzsurrnopreserv-1reserv-2unclassconfidreserv-3secrettopsecretreserv-4no such security level: %s options too long bo: %s %d %#x: %d ,unknown IP option name %s @(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed@(#)$Id: ipft_tx.c,v 2.3.2.4 2001/06/26 10:43:18 darrenr Exp $anycan't resolve hostname: %s tcp/udpunknown service "%s". tcpudpunknown tcp/udp service "%s". %s %d/tcp is a different port to %s %d/udp ENDmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexroutersolrouteradechoredirsquenchunreachechorep-rinput: %s  bad direction "%s" onicmptcp/udp with no source port tcp/udp with no destination port %s:%u: failed assertion `%s' ../../ipft_tx.ctcp->th_flags != 0opt@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed@(#)$Id: misc.c,v 2.2.2.1 2001/06/26 10:43:19 darrenr Exp $ip %d(%d) %d @%d %s,%d > %s@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed@(#)$Id: ip_state.c,v 2.30.2.38 2001/07/23 13:49:46 darrenr Exp $@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed@(#)$Id: ip_frag.c,v 2.10.2.14 2001/07/15 22:06:15 darrenr Exp $@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $@(#)inet_addr.c 8.1 (Berkeley) 6/17/93@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed@(#)$Id: ip_fil.c,v 2.42.2.34 2001/07/23 13:49:57 darrenr Exp $%s%dopen/tmp/%s%dl- TCP RST sent @(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed@(#)$Id: ipft_hx.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $-rinput: %s @(#)$Id: ip_proxy.c,v 2.9.2.6 2001/07/15 22:06:15 darrenr Exp $@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed@(#)$Id: natparse.c,v 1.17.2.11 2001/07/17 14:33:09 darrenr Exp $rdrmapmap-blockbimapunknown value for in_redir: %#x %s ! from ! to %s/%d /%s port %d- %d -> %s,%s port %d tcp/udp tcp udp round-robin frag %p %lu %#x %u %p %d %s/%d -> range %s- proxy port %s %hu %.*s/%d ports %d ip modulous %d portmap auto [%d:%d %d %d] %d:%d ifp %p space %lu nextip %s pnext %d flags %x use %u  %d: not enough segments in line %d: unknown mapping: "%s" from!Missing from after ! Cannot use '! from' with map to%d: unexpected keyword (%s) - to Cannot use '! to' with rdr %d: missing host after to port%d: missing fields - 1st port %d: missing fields (destination port) -%d: missing fields (->) ->%d: missing -> %d: missing fields (%s) destinationtargetrange%d: desination range not specified netmask%d: missing fields (dest netmask) ports%d: expected "ports" - got "%s" %d: No netmask supported in %s destination host for redirect%d: missing fields - 2nd port (%s) 255.255.255.255tcpudptcp/udptcpudpipround-robinfrag%d: extra junk at the end of rdr: %s %d: extra words at the end of bimap line: %s proxy%d: missing parameter for "proxy" %d: missing parameter for "port" %d: missing keyword "port" %d: too many parameters for "proxy" portmap%d: expected "portmap" - got "%s" %d: missing expression following portmap %d: expected protocol name - got "%s" %d: no port range found auto%d: no port range in "%s" r%s: open: %s %d: syntax error in "%s" %d:ioctl(SIOCADNAT)ioctl(SIOCRMNAT)@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $local7local6local5local4local3local2local1local0cron2uucpnewslprsyslogauthdaemonmailuserkerndebuginfonoticewarnerrcritalertemergz(zz00<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~0{0x(0u40r@0oL0lX0id0fp0c|0`0]0Z0W0T0Q0N0K0H0E0B = L X d Oh OT n t o o(o))4$ oow$YxYpYhY`YXYHY8Y0Y YYYXXXXZZZZxZhZ`ZXZHZ@Z0Z ZZYYYFSRPAUEC @_^h^x^^^^^^IP Filter: v3.4.20    D@R @=Zf @ x<L0\l (f8f0 f( f f fD@fRf e eeeee e@eeeeef=fZfffpfh f`@fPf@gFSRPAUEC @thhhhhhhhhhhphhh`hXhPhH /x8@x ix $h Xvvvvv v(v0v8vx@vpHvpxvhv`vXvPvHv@v8v0vvvvvvvvas: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment# )  t t1TT n9((pG)4)4$  Q)X)X0 [)) e,X,X#kOhOhqOOwOO'fww$w$w$ z(z(zz $0707010e002419000081ed0000000000000000000000013b671a6e000065280000000000000001ffffffffffffffff0000001700000003root/opt/ipf/bin/ipmonELF4a4 (444ZbZbZdZdZdx]]]/usr/lib/ld.so.1SfHP>b"G7$aV'dS\;`NL_5-QYDAJ^c4[93ICZR]W%OMeX#&,) +21?.:*0<!BF=(KU@T8/E6 4  p   R S  S  Zd Z]]^^^^\t [T hx&k+[P7\(?[DF\XM\Rj@!W mZd ]h ZZZ\p\[[R [[[h]H\hL \\d []$\+j@1[8=[D\|J\Q\Y\@`Zfhx!n\uk{[\[[k\L\4k [t^ZZ[ \Zb  S  [h !$D l )[0[7[A\GS  M[,Y\_\getopt_startreadhostname_environ_endendprotoentmemmovestrdupgetpidfork_iob__register_frame_info_GLOBAL_OFFSET_TABLE_sleep__ctypesignalatexitexitstrerroropenlogmallocsprintf_initendserventfputsgetserventtcpflstrftimeportnamesetvbuffclosegethostbyaddr_DYNAMICprintf__iobgetprotoentstrcatioctlsetsidstrrchrfdopen_exitenvironperrorerrnosetserventinet_ntoafreeoptindcloseopenoptarg__deregister_frame_infostrcmp_edata_PROCEDURE_LINKAGE_TABLE_fopenmemsetstrcpy_etext_lib_versionfflush_ctypemainsyslogstrlenlocaltimelseek_finisetprotoentfstatfprintflibsocket.so.1SUNW_0.7libnsl.so.1SISCD_2.3libc.so.1SUNW_0.7libsocket.so.1libnsl.so.1libelf.so.1libc.so.1g =(v zt =(ZRZ|)hx!j@kNh,kQZ.Z/ZGZRZ)Z-ZV[M[2[ W[,c[8A[D%[P#[\K[h7[tS[5[3[[L[=[_[B[6[^[[[`\9\X\e\($\4P\@F\LO\X&\d<\p0\|C\?\I\E\\1\d\;\'\D\a]+ @D# @RT# @R@, @ x"@ @R@R㿐/R @# @   $?@`  ``@Rk   "㿐㿐/Rʮ `` @RT 㿐㿈'D D@RKb4`"4@U@@RA'쀢 b0"@b8 "xb<` "<@@R'b<""<$@R"$b<`5"<@ $@R @R@R'쀢   ` ``@@R` *<@ "@@Qb@` "@@@Qb@""@@Q$b@` "@@ @QbD` "D@@QbD""D@Q$bD` "D@ @Q @Q@Q'耢 T `.` UH@Q  ''bD'` UP@Q  ''b@'܀ ? 䀢 @Q\ܔ *@ "@@Qa㿈'DD 'Db<` D*`<@ @ '쀢  cUXD@Q@c'㿈'D'H'L'PDLP@Q0'쀢  쀢  c`?H" 㿀'D'H'LH 9L'D  ' @Q-L  @P'쀢  ' @P' @PcU`!@P#U!p㿈'D'H'LL? 'L` UXL@PD  b, d  2'HUH@P  L*`bD 'HUP@P  L*`b@ '쀢 ` '㿀'D'H UxH@Pn'D  bD * '䀢  `(UD@PW `(U@PND !H `(@PN`(  UxH@P9 "LH*(@ @P<hD*`H '%8% %"%'%J+7++)?,4:`(Uh@P 9`(U`@P1`(T@O)`(T@O!`(U@O`(U@O`(U@O (@O (('D'H'LH''L''  ' ` " *@`"*b, `   D@O U@O'* `U@O} '` `6?'U@Ol ' '  @ "@ @  @ `W `  .*?' '?'` ` *@`"?' ' 'w ` ` ` "@'  *@`" *@`" *@`"?'U@N ' `"@' '  @ "@ @  @ `W `  .*?' ' *@`"*b, `   D@ND@N U@Np'D'H'LH'`x' 'b,2` '  @N'('b, ` U@N@N'ؐ" 'ؐ 'U@N@N{@' `U! @Nb@Nk@' *`2  U@NqU *`2  U@NcG *`2?  U @NS7 *`2?  U0@NC' *`2  U@@N5 *`2  UP@N'  *`2 U`@M@N@'  ' ܒ  *`2 Up@M@M@' ܒ  *`2 U@M@M@'ܒ  *`2 U@M@M@' *`2? U"@M@M@' *@`"*@`"b, `   Ux@M DUx@Mp'D'H'LH'`x' 'b,2` '  @Mc'ܐ('b, ` U@MU@M@'Ԑ" 'Ԑ 'U@MB@M-@'U @M@M @' (*`2  U@M&V (*`2? $ / `  1 `   2 `  U@MU@L+ (*`2?  U@L (*`2?  U@L  (*`2 U`@L@L@' /  C' / `   / ` ; .  ~ **`2 U@L|@L@' .  ` ,*`2 U@L]. / ` ( .  ?U(@LG@LP@' .  + **`2 U#0@L/@L8@' (*`2 U"@L@L"@' *@`"*@`"b, `   Ux@L DUx@L㿀'D'H'L'P''P `L' ` 耢 'P@K'P@K䀢 @K''L@TM 5 'D     HL@'HL HL3P" 'PL 'L耢 @K\0'D'H'LH'H ' '2` 'b,2` '`x'*  @Ks'('b, ` U@Ke@KP'Ԑ" 'Ԑ 'U@KR@K=ܐ@'U @K'@K0ܐ@' `U@@K@Kܐ@'ܐ ' UH@K@K ܐ@'ܐ?ܐ *`:  `   0*@`" `U#P@J@Jܐ@'  @   S*@`" 'W  `   `   p*@`" P*@`" '9  `   `   b*@`" B*@`" '  @   n*@`" '  L*@`" ' *`2?  *`2'̐ *@`"*Ѐ  U`@JS#+Ѐ %2` ` *`7 *`:' ' `7 ' ' *`:'* 2 '* 2`  * 2`  * 2`@'  @ *`2 )U@I@Iܐ@' *`2 * 2`#\Uh@I@Iܐ@'* 2` L -*@`"'aԔ *   `Ԗ *@ Ԙ +  *@`"Ԓ 'b, `  *`2 Uc@Iz@Iܐ@'*#]U(@Ie@Inܐ@'L* 2`U@IO* 2` } yЀ u* 2`@'&U(@I.@I7ܐ@'* 2` ` ` U@I `  `  `  `   ` " ' *`:' *`:'  {' Z `   ` L* 2`@'@Hܐ@' Ȓ *`2 UД@H@Hܐ@' Ȓ  *`2 2` ` *`#\U@H} C ` =* 2`@'@Hqܐ@' Ȓ NV@HV@H_ܐ@' Ȓ <2` ` *` `  `#\V @H5g@H<ܐ@' Ȓ V@H!@H*ܐ@' Ȓ 2` ` *`V8@H@Hܐ@' - V hV p V xV p2` ` *`Ԙ"@c * VP@GWU(@G@Gܐ@'* 2`V@G@Gܐ@' ) V hV p V xV p* 2`"@c * VP@Gw@Gܐ@'  @  V@G@Gnܐ@'  h  V@Gu@G]ܐ@'  `  V@Gd   ` V@GW@G?ܐ@'ܐ *@`"*@`"b, `  Ux@G, DUx@G2b, ` DH 4Eb, `   ` `  D3b, h   `   `   D㿐'DbVD@F @F㿈'D'D#!@F'耢 V@F'쀢 @FbVD@F@FUx@F@F@F㿈'D'H'D @F'쀢?#@@FbVD@F @FCB@F  Va@Fb@F|Va@@F@F耢 b, `   VP@F_H HVP@F`㿈'D'H'H' *`: 7 *`: N N I S  '!'"' *`: bVp@F" @E 'D  b,,@ " b,,8 @ @ "㼐'D'Hb'd' '?'X?'T?'P?'?'?'Va'Va'Va'H@ /@FH"@bH` bHH@" bHbHH@"DHV@E'$$?$ 9*`T b,,@"' ' 'b,,@" 'b,,@"'c'dddb,,@"b,,@" 'c'$ o `?@?'?'?'b, b 'b, `  'b, a  '\b,,@"Sb(@"K"H@  @EBb,,@"'d:b,,@" 'c'+b,,@ ""b,,@"b,,@"b,,@""H@_? ??''DD }D*`@?nD*`@Vx@D  D*`P"@[D*`@ @DD *P "@?D*`#@@DbV@@D @D(D*`Ph@ @D?D*`P#@@DbV@@Db @DD*`(@|< @ @ @  "  ' D 'Db, ` Bb4c *H@ @"b4` "4@U@@Cb'dd #@*`H #@@D'bV@D  @Cd   @D.'d Cd  b, ` 4@D'` @C "H#@@CbV@C @Ct@Cb, `  @C @C @C"(@ D@Cd 'LL '<'DD '@D*`@?D*`(@ &D*`P@@@C?b, `   V@CdVb(@C @CD*`P@  @C @  '@@  b, ` 'L@ <@ '<D*`PH@  "'@b8`b8"b0` d@C4b0'db0"@ ? ? Q  /Ib, `   V8@BVbH@C'L4b, `   VP@BdVP@B'LH D*`@dHb, ` d@BD 'D< b, `   @B @BKHHHHHEHFHHEHHHHFpFG|HHGHHHHHHHHHHHHHEpEHHHEHHHHHHHFLFGXHHGHHH@HHd㿐/AĐ  ??㿐㿠㿠b@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed@(#)$Id: ipmon.c,v 2.12.2.13 2001/07/19 12:24:59 darrenr Exp $/etc/opt/ipf/ipmon.pidipmonadmin_prohibittoshosttosnethost_prohibnet_prohibisolatedhost_unknownnet_unknownsrcfailneedfragportprotocolhostnetmaskreplymaskreqinforeplyinforeqtimestampreplytimestampparamprobtimxceedroutersolicitrouteradvertechoredirectsourcequenchunreachechoreplyatcpudp%u%.*s[%s]IPv6%dicmptype(%d)/%s/intransreassoptabsent%s%02x %d/%m/%Y %T.%-.6ld @%hd NAT:MAP NAT:RDR NAT:EXPIRE NAT:FLUSH NAT:BIMAP NAT:MAPBLOCK Type: %d %s,%s <- -> %s,%s [%s,%s] Pkts %ld Bytes %ld.%-.6ld STATE:NEW STATE:CLOSE STATE:EXPIRE STATE:FLUSH STATE:REMOVE %s,%s -> %s,%s PR %s%s -> %s PR icmp %d%dx %*.*s @%hu:%hu ipv6%s,%s PR %s len %hu %hu %lu %lu %hu%s PR %s len %hu %hu%s PR icmp len %hu %hu icmp %s for %s,%s - %s,%s PR %s len %hu %hu for %s - %s PR icmp len %hu %hu icmp %d/%d %s PR %s len %hu (%hu) frag %s%s%hu@%hu+-%s PR %s len %hu (%hu) K-S K-F IN OUT%s: [-NFhstvxX] [-f ] wunable to open/create pid file: %s %s: open: %s %d bytes flushed from log buffer SIOCIPFFB%d bytes flushed from log Unknown log option %c /dev/ipf/dev/ipnat/dev/ipstate?abDf:FhnN:o:O:pP:sS:tvxX%d: fstat: %s %s: fopen: %s %s: fork() failed: %s ioctl(FIONREAD): %mioctl(FIONREAD)read: %m readaborting logging ]^^]]^00<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~0{0x(0u40r@0oL0lX0id0fp0c|0` R S  4  oo oX  p ooZ^ARSF UP@ECSSThT`TPTHT8T0T TTSSSSSU0U(UUUTTTTTTTTTTpas: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment#) `1 4 49  `G p p  Q < [ X eBkRRqS S wS S BZdZd ZZ ]]]]^^^^^^^^ ^`0707010e0024c1000081ed0000000000000000000000013b671a6f0000d9680000000000000001ffffffffffffffff0000001a00000003root/opt/ipf/bin/ipresendELF44 (4444D/usr/lib/ld.so.1T~l&M9hj-oZ=@|KkS!L4{]v0UVDpO8b`ruCGQX"IBJgmx}Y_Ne#$15./<)H'2,+*FAt?3^wnc (>E:;sa\Wd7z[6iyfqPR%X<     ʠɨht p |#  4ǘ; HtM( ^%@ ih |X|xd L@3 pѰǤh @! X(  H # 9?Ѹ G U[Ȭid q0xȠ ,yp <X ud  Ǽ 4 HT| xP  x 4 ' - 3 Ap Pp _|h t4{ ˼  Ȉxd  ɜzHp Hp p ɐ   l 'D 9l C̐ J8(@ T$X [4 _ǀf@l}| zw8P T84 h q P` s h pH  Ȕ #ɴ* 188>{(P O ^ jѰ!rǰyv 1p h ȸ<d  (| 3 nj vp   T /4 ; SD\ci x  h ̤P  4h lx &\x & - :dA8H K0 [ɄbʰqѸ !xzp 0   t \ $. 4\  ʨ\h L l( h socketgetopt_startresolvereadprintdlunbindreqcallocaddrtostringatoiprintdlattachreqsend_etherprintdlphysaddrackrewinddldetachreqstrtokgetprotobynamesend_icmptoupper_environ_endmemmovestrdupprintdldisabmultireq_iob__register_frame_infosyserr__flsbufprintdltestind_GLOBAL_OFFSET_TABLE_sleep__ctypeprintdlxidconabortgethostbynamedlstylesignalstrcasecmpatexitexitdlpromisconreqalarmdlstatedlinforeqstringtoaddrtolowermallocstrgetmsgprintdlokacksprintfexpectingdldisabmultireqsigalrmprintdlpromisconreq_init.umuldlservicemodeprintdltestreqprintdltestresprintdlsubsunbindreqsscanfdlprimpcapsendipfclosegetservbynamestrncatprintdldetachreqether_hosttondlpromiscoffprintdlxidreqprintdlxidresgethostbyaddrdlmactypeprintdlunitdataind_DYNAMICprintdluderrorindinet_atoniptextip_resendchksumarpprintf__iobdlunitdatareqdlenabmultireqgetmsgprintdlpromiscoffreqerraddipoptionamesstrncasecmpioctlprintdlbindackbuildoptsprintdlsetphysaddrreqinet_addrreallocstrrchrdlphysaddracksendtoetherffdopen_exitdlsetphysaddrreqdlpromisclevelprintdlprimenvironperrorerrnodlinfoacksend_udpdlerrorackgetnetbynamedlunbindreqiphexstrchrdlbindreqsend_packetinet_ntoaprintdlxidinddlattachreqfreeclosedlokackprintdltestconprintdlerrorackopenoptarg__deregister_frame_infosecclassstrcmpfgetsprintdlinfoackprintdlinforeqprintdlsubsbindacktx_icmptypesputmsg_edata_PROCEDURE_LINKAGE_TABLE_initdeviceprintdlunitdatareqmemsetprintdlenabmultireqstrcpyprintdlbindreqsend_ip_etext_lib_versionfflush__eprintfprintdludqosreqmemcmpdefault_device_ctypedlphysaddrreqdlbindackstrioctlmaintcpdmemcpystrlensend_tcpprintpacket_finioptsfprintfdlerrnosnoopprintdlphysaddrreqprintdlsubsbindreqlibsocket.so.1SUNW_0.7libnsl.so.1SISCD_2.3libc.so.1SUNW_0.7libsocket.so.1libnsl.so.1libc.so.1  =(% zt1; =(E5oѰ/o Ѹ; B,C8DP5\ht%ǀnnjǘ#Ǥ1ǰǼJ7}(4X@,L+X)dp.|!Ȉ\Ȕ~ȠAȬ>ȸ]I2w S$0@<EHMTr`xlx^Ʉɐdɜ`ɨɴ:= @D# @jj#@j@#, @ "@\@j@j 㿐/i㜐 @# @   $?@`  ``@i   "㿐㿐/iʮؐ `` @i 㿐㿐'DcjD@i @ih'D'H'H''''ؐ%'DHk@i'Ѐ?gА -V*`H a 'Sa 'M! @@i'Ԁ  ck@i{ @ila '4b@ "*b'%b' c'`L'`\'`' ck@iCx耢 ؀ i' @ ? ck@i @i܀ b'k`@i'̒̐ @ik@i ka@i'̖@)!"<"<!"<"<"<"<"<"<"<!"<!"""<"<"<"("<"<"<"<"<"<"<"<"<"<"<!"<"<! "<"<"<"<"<!8"<"<"<"<!㿈'D'H'H: '耢 D*`2 ' 'D?'2`? @  '2`@'8*`2㿀'D'H'Lb` " A@h$@b''  HL@hc@  @hx@ V? kah@hn?(2 c"L D@''D'H'L'Tb`"@@hI$@b` kap@h;?b'    @h3c`c@ Ȕ @h@? kah@h ?b @h(2 А L @gc"L *`:'L2 T ` (L< @  L @ @ "L *`2  L@2@2 L  ` L <* T  Ȑ`H %L2 L2` ` *`L L2` b L@g"Ȕ D@@'S'xL2` ` *`'pp`H@ckHp@gick@gc?<L2` `*`/'|L '* :` I *`: |  * `"73 *`:   '?/$  `'lo" / *`: `|  l@g|l '|l '| &| `  | `  |  * `"| `  | * `"  @fLp 'L *`:p" 'LL` 2 Hp" x Ȁ LL` 2 x" 'tHp" 'tLL`? 2 LLx:`@ 2 tp 'tLv2 L2 LpL2` b Lp@fbp@ x@ tp" @f"t D@@'b @fvtp" x@'xL  @ * :` &"L` * :` | 'pL|2` `*D `  D `   *`2 kx@d(D ` .k`@d' '耢  `  kb * :k@c*`' 'cc@ "  @c #ؐ` *@`"h'D'H'L'TD  @'T  LT@' Lk@'؀ ?@cc 'ܐ @c'쀢  kb@c?    @c @~? kb@c?L c @  '̀ hb @ K *`:'В @c}'(2  @F?kb@c^ @cR *`2 2` ` *`ܒ m2`   @c7В '{c ''@?kb@c!L @ 㿐'Dbb +DkX@c  b"b"D @c"@"@k`@b"@b 㿐"@@b`'D'H'L'P'''ܐb @b    @b'䀢 */Ȑ   (@b#\#`kh@b'Ԁ #\#`#dk@b'Ԁ ? @bk*`  `  @b' ?q ` *  `   *, ' k@bq'@b7 2  ` '  ` ' 'Ē @ =Ē@ 8 @b 2`D $@ 6 ,@aF %"L L"P  @* :` iP"  @* :` oP "L L", @ ']?㿈' /* :`  t* :`  `  쀢 `']* :` / * :` 9 * :` ` * :` f* :` @9* :` F1* :`  ` ?Ц  * : @`ɦ/쀢  * ,@ '   ,`'㿐'DDD`  *D?# *22 @ 2 DD`  *D?# *22 @ 2 DD` *D?# *@ D? 2@ D2 @ " DD` *D ?# *@ D ? 2@ D 2 @ " DD` *D?# *@ D? 2@ D2 @ " DD` *D?# *@ D? 2@ D2 @ " p'Dcc Dlp@_ 'D @_'Ԁ??hԔ @_ ?](lԀ 'ؒ *`? @ *` ? @ 2` ؓ2 ` (lԀ @_?:c "ؐ !ܓ* 2` 쀢 @_? c"c"l`xD@_Xܓ* 2`ޓ* 2`l`@_K԰㿐#@@_c㿈'D#@D @_p ?c`bDD` *D?# *@ D? 2@ D2 @ " DD` *D ?# *@ D ? 2@ D 2 @ " DD@ *D?# *@ D? :@ D: @ "DD` *D?# *@ D? :@ D: @ " D 'D` 耢 '쀢 쀢 ?h'D'H'L'P f'̀ ̰mc` #@^$ ##@@^$c'#@@^̀ ?D#@*@*`@'"@' @'ؐ@^Z @'Г* :`  ѓ* :` H̀ 'D@^7Ȱx'D`D`D XDl@^0 'D @^)'܀??Aܔ @^= ?6'`H"؀ `H` `H` @^?`D"laD@] Hl @]ܰ㿐 D@@]㿀'D D@D @] ?1D 'D '耢 耢 ??'耢 '쀢 쀢 ?X'D'H'L'Pؐ ' r`X`  X@]i$  X X@@]g$`X' D@@] ?I H@*@*`̐@' "@' @'Đ@]*ȓ* :`  ɓ* :`  "@' @'H 'D@]㿐'D`l`l +Dl@\  `l"`h"D @\l"@ l@l@\h"@`l 㿐 h@@\ l@@\㿈'D'D *`: D *`: 'D`. ''D'H'L'P''l`h @\    @\'|| |*/Ȑ   (@\tla@\'xx 5`l@\y'xx '@ #\l@\i'xx `@ #\#`l@\W'xx ? v'tt 8  .@\Y'||*@`"Ē @/|@\7|? '| .*  .@\?'||*@`"Ē@|@[7|? '| .* Ē @Ē@@ -r filename snoop data file to resend -R filename libpcap data file to resend options: -d device Send out on this device -g gateway IP gateway to use if non-local dest. -m mtu fake MTU to use when sending out EHPRSTXd:g:m:r:mtu must be > 28 Unknown option "%c" Cant resolve %s Device: %s Gateway: %s mtu: %d %W% %G% (C)1995@(#)$Id: ip.c,v 2.1.4.3 2001/07/15 22:00:13 darrenr Exp $arpmalloc failedmtu (%d) < ip header size (%d) + 8 can't fragment data @(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed@(#)$Id: resend.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $tos %#x frag @%#x len %d id %d ttl %d p %d src %s,%d dst %s seq %lu:%lu flags %cFSRPAU---malloc failedarpsend_packet@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed@(#)$Id: ipft_ef.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $-r%s %s %s %s %s %s%s %s %s %s %s %s %s :@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed@(#)$Id: ipft_hx.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $-rinput: %s @(#)$Id: ipft_pc.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $-opened pcap file %s: id: %08x version: %d.%d type: %d snap %d @(#)$Id: ipft_sn.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp $-opened snoop file %s: id: %8.8s version: %d type: %d @(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed@(#)$Id: ipft_td.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp $-r%s > %s: %s%s %s > %s: %s%s %s: %s > %s: %s%s %s %s: %s > %s: %s :@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed@(#)$Id: ipft_tx.c,v 2.3.2.4 2001/06/26 10:43:18 darrenr Exp $anycan't resolve hostname: %s tcp/udpunknown service "%s". tcpudpunknown tcp/udp service "%s". %s %d/tcp is a different port to %s %d/udp ENDmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexroutersolrouteradechoredirsquenchunreachechorep-rinput: %s  bad direction "%s" onicmptcp/udp with no source port tcp/udp with no destination port %s:%u: failed assertion `%s' ../../ipft_tx.ctcp->th_flags != 0opt@(#)inet_addr.c 8.1 (Berkeley) 6/17/93@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed@(#)$Id: opt.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $finneipimitdvisaaddextssrrsatidcipsoe-seclsrrsec-classsectrtsencodemturmtupzsurrnopreserv-1reserv-2unclassconfidreserv-3secrettopsecretreserv-4no such security level: %s options too long bo: %s %d %#x: %d ,unknown IP option name %s dlinforeq: putmsgdlinfoackdlinfoack: response ctl.len too short: %ddlinfoack: DL_INFO_ACK was not M_PCPROTOdlinfoack: short response ctl.len: %ddlattachreq: putmsgdlenabmultireq: putmsgdldisabmultireq: putmsgdlpromiscon: putmsgdlpromiscoff: putmsgdlphysaddrreq: putmsgdlsetphysaddrreq: putmsgdldetachreq: putmsgdlbindreq: putmsgdlunitdatareq: putmsgdlunbindreq: putmsgdlokackdlokack: response ctl.len too short: %ddlokack: DL_OK_ACK was not M_PCPROTOdlokack: short response ctl.len: %ddlerrorackdlerrorack: response ctl.len too short: %ddlerrorack: DL_OK_ACK was not M_PCPROTOdlerrorack: short response ctl.len: %ddlbindackdlbindack: DL_OK_ACK was not M_PCPROTOdlbindack: short response ctl.len: %ddlphysaddrackdlphysaddrack: short response ctl.len: %dsigalrm: TIMEOUT%s: alarm%s: getmsg%s: MORECTL|MOREDATA%s: MORECTL%s: MOREDATAgetmsg: control portion length < sizeof (long): %dexpected %s got %sprintdlprim: unknown primitive type 0x%xDL_INFO_REQ DL_INFO_ACK: max_sdu %d min_sdu %d addr_length %d mac_type %s current_state %s sap_length %d service_mode %s qos_length %d qos_offset %d qos_range_length %d qos_range_offset %d provider_style %s addr_offset %d version %d brdcst_addr_length %d brdcst_addr_offset %d addr %s brdcst_addr %s DL_ATTACH_REQ: ppa %d DL_OK_ACK: correct_primitive %s DL_ERROR_ACK: error_primitive %s errno %s unix_errno %d DL_ENABMULTI_REQ: addr_length %d addr_offset %d DL_DISABMULTI_REQ: addr_length %d addr_offset %d DL_PROMISCON_REQ: level %s DL_PROMISCOFF_REQ: level %s DL_PHYS_ADDR_REQ: addr_type 0x%x DL_PHYS_ADDR_ACK: addr_length %d addr_offset %d DL_SET_PHYS_ADDR_REQ: addr_length %d addr_offset %d DL_DETACH_REQ DL_BIND_REQ: sap %d max_conind %d service_mode %s conn_mgmt %d xidtest_flg 0x%x DL_BIND_ACK: sap %d addr_length %d addr_offset %d max_conind %d xidtest_flg 0x%x DL_UNBIND_REQ DL_SUBS_BIND_REQ: subs_sap_offset %d sub_sap_len %d sap %s DL_SUBS_BIND_ACK: subs_sap_offset %d sub_sap_length %d DL_SUBS_UNBIND_REQ: subs_sap_offset %d sub_sap_length %d DL_UNITDATA_REQ: dest_addr_length %d dest_addr_offset %d dl_priority.min %d dl_priority.max %d DL_UNITDATA_IND: dest_addr_length %d dest_addr_offset %d src_addr_length %d src_addr_offset %d group_address 0x%x dest %s src %s DL_UDERROR_IND: dest_addr_length %d dest_addr_offset %d unix_errno %d errno %s DL_TEST_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d dest_addr %s DL_TEST_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d src_addr %s DL_TEST_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_TEST_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_UDQOS_REQ: qos_length %d qos_offset %d %x::%xstringtoaddr: invalid input string: %ssunknown primitive 0x%xunknown state 0x%xunknown dlpi errno 0x%xunknown promisc level 0x%xunknown provider service mode 0x%xunknown provider style 0x%xunknown media type 0x%x @(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed@(#)$Id: sdlpi.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $/dev/bad device name %s O_RDWR(1) DLPI error DLIOCRAW error putmsgI_FLUSHW@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed@(#)$Id: arp.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $unknown host: %s arp: socket(%s):SIOCGARPʤʠ00<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~0{0x(0u40r@0oL0lX0id0fp0c|0`0]0Z0W0T0Q0N0K0HN]i   sX o|io+,YCMOy%BQbZ"1#6UD!o15;|%z7)I23IY[d4 2aP=iKAR([-vE r LT: X8$VwSD.ZC^ _]5q0<W3x/4TW@9L/stN'+*;\F\?7S&"{OM)EG( Xk=nc$,8eHm!V.*Qh`~&'<l#fK:RAu-PFU>pJ@gB906?G jHJ !/ ///2 l   k| knpo8  kd nHlP %lP,52t <H D$ RY`X fo sm@x~d  lD 0  l,]D \( ^<| F@ lh 4 Pd l8l b0( )^4 4y<ltKpOVT `i|nlv ~$ mth mjp @!,  0( ym   k| &.n`4 DyIqP T \<$ f tpyH lpXP {h v o < D mlkkװp m0 b $ $, 4p9t Gtd Qp ^lel o4 |md,| < p `P P 4 ` l   p  mL]t  )p 8p Gn  UTh jtpxjP r4P qhH( n  p,$ a\ ` wP 6 p p Pl yd& 2y8lFn$NVT bp|i<  z pn<rl  p  p Xp n0P   XD hXnp" 4y?yGX Px$ ^i8 lET s  wl~@T P  m4 0h  p  V \ odn 0 ! 0h 8y@IZ@ Sh ilsm{p`H $  ߬ , nT\ y k P  -mLP 9 EiX Q!Yp_lfms }Rp  @ {P d 8  m yl lP ڴ T l  Ԡp "m ' .m4 4s ? Gx OX ^T nm s zp ~p p p  l\ pP H  m    h   m   %k ? JX X klh qp tl {`p   $ h$  h m| jLX P ( p z \x  GXx ky  mX &y ,, 40 D  Omp V ]o@ lD$ w ! ~px ؐp lt o bXP  X y ` 7  l\P qP m hH m n 0 l !p *O 3U <f I O4 Xm( ^4 cl k@ sr`  z|Pd 8D y D( h yylengset_ipv4hlsocketset_ipv4idgetoptyylineno_startresolveset_icmprtimeyycharset_ifv4addrset_tcpsportreadyyfndyyolspprintdlunbindreqcallocaddrtostringyyparseatoigetipv4addrprintdlattachreqgeteaddrsend_etherprintdlphysaddracksave_tokendldetachreqstrtokstrtolnew_datanew_headerprstackgetprotobynametcpyylvalsend_icmp_environ_endmemmoveyyunputset_icmpttimestrdupprintdldisabmultireqether_atonset_ipv4v_iobswallow__register_frame_infosyserrnumpr__flsbufprintdltestindset_sendif_GLOBAL_OFFSET_TABLE_yytcharsleepfree_anipheadernextset_tcpwin__ctypeset_ifmtuprintdlxidconicmpset_defaultroutergethostbynameset_tcpseqprep_packetyyredsset_tcpdportdlstyleyybacksignalstrcasecmpatexitexitdlpromisconreqalarmdlstateset_dataset_icmpcodeset_icmptypetokcifpnew_interfacedlinforeqstringtoaddrmallocstrgetmsgprintdlokacksprintfexpectingreset_sendsendingend_tcpdldisabmultireqsigalrmyysptrprintdlpromisconreqnext_state_initc_chksumend_icmpset_tcpofffputsgetportnumdlservicemodeprintdltestreqprintdltestresnew_tcpheaderprintdlsubsunbindreqyyerrflagudpset_ipv4offset_tcpsumyynerrstosecoptscheck_interfacesscanfdlprimcarpset_icmptypeinc_anipheadersyyoutputend_tcpoptsend_packetstoipoptssendipyylexwordsyyextraarp_getipv4yyoutgetservbynamestrncatyymatchset_sendviaiflistprintdldetachreqyyestateaniptailether_hosttonset_tcpflagsdlpromiscoffprintdlxidreqprintdlxidresgethostbyaddrset_icmpcodetokdlmactypeyy_yysprintdlunitdataindyy_yyv_DYNAMICprintdluderrorindoldipprotoipprotoend_dataset_icmppprobset_ipv4protochksumarpprintf__iobdlunitdatareqdlenabmultireqadd_ipoptgetmsgprintdlpromiscoffreqyyvstoperrend_ipv4set_redirnext_itemaddipoptyylookionamesyycrankioctlset_ifnameprintdlbindackend_udplineNumipbufferbuildoptsprintdlsetphysaddrreqinet_addrreallocarplistyysvecset_arpeaddryytmpset_icmpotimenew_ipv4optdlphysaddrackset_secclasssendtonew_icmpheadernew_udpheaderyyprevious_exityytopdlsetphysaddrreqdlpromisclevelset_ipv4sumprintdlprimset_ipv4srcenvironcanipperroryytexterrnodlinfoacksend_udpyylspdlerrorackset_udpsumdlunbindreqend_ipoptset_icmpmtuset_ipv4lenyyinstrchrset_ipv4tosdlbindreqsend_packetinet_ntoaprintdlxidinddlattachreqfreeoptindcloseset_tcpoptyyinputdlokackprintdltestconprintdlerrorackopenoptargyysarptailyyv__deregister_frame_infoiftailyystatestrcmpset_tcpackset_ifeaddrp_chksumyywrapprintdlinfoackprintdlinforeqprintdlsubsbindackyysbufputmsg_edata_PROCEDURE_LINKAGE_TABLE_initdeviceset_arpv4addrprintdlunitdatareqfopenipmemsetfree_aniplistyypsyypvset_icmpseqprintdlenabmultireqstrcpyset_ipv4dstyyerrordefroutersclassset_udplenprintdlbindreqpop_protosend_ip_etext_lib_versionfflushtokenyymorfgprintdludqosreqpush_protomemcmpyybgindefault_deviceset_icmpid_ctypeyydebugdlphysaddrreqiplangsecnamesset_datalendlbindackstrioctlstatenew_arpmainset_ipv4ttlset_tcpurp__filbufnew_packetmemcpystrlenyyvalgethostnameanipheadsend_tcpseclevelset_datafile_finiyylstatefstatoptsfprintfdlerrnoyytokspacket_doneoptionslaststateprintdlphysaddrreqprintdlsubsbindreqlibsocket.so.1SUNW_0.7libnsl.so.1SUNWprivate_1.1SISCD_2.3libl.so.1SUNW_1.1libc.so.1SUNW_0.7libsocket.so.1libnsl.so.1libl.so.1libc.so.1  =(  0 Nq zt   ='   =( k kLAXkfkgkk kLlUl l l,0l88lD-lP!l\lhlt=l9lLllrlClllell]lmHmmm(Sm4m@)mLmX1mdump6m|&mImmmFmGmOmmdmimnJn nn$n0n<nHnTn`T @D# @H @D@5j, @ "@'@9@:㿐/d @# @   $?@`  ``@   "㿐㿐/ʮ㠐 `` @ 㿐㿐'DaD@aD@ @㿀'D'HD * DD`2 D '  @H ,@'耢  a@t*@`"H@*@@*` ` _ ,@ X@' @' @3? a@ @| @'䀢 0 @3? a@o @` @s'䀢  @3m? a@S @D㿀'D'H'L7L `  L ` L 7* 2D @2i''HL@PH'D'H'H''''Đ%''' @@'' 'ܒ 2  !? !@  !P !B !C !D ܒ !N@!E!F !O !Gy!Hs!I m!J g!K a!L [!M U? /O? )I? #C? =? 7? 1?  +? %Z!`[jk'c0"'c0"TT0DXhxTTTTTTTTTT TTT0DXlTTT(<PdxTT4LdtTTTTTTTTTT0DXTlTTTTT TT$8TTL`tTTTTTTTTTTTTTTTTTTTTTTTTTT 8Ph0H`x 8PhTTT$TT@㿈@d'쀢 ` p*`m @n<  ngeސaސaޒ@"@JX@~ {@UN@ }@KD ;@C<!@;4!@3,!@+$!@#!@!@  ޒ!@P@mi{ D<d$㿐'Dސa`ahD%c@mF @m7㿐ސaސaޒ@"ސa` ޠ! @mS$ޠ!ސaޒ@ *` @m$ޒ!@*`ޔa ޒ@"?㿐ސaސaޒ@"ސaޔa *ޖ@ @"ސa` ޒ!@@m,ސa"ޠ!ސaޒ@ *` @m;$㿐%c@m9"@!㿈'D+c4 `  ޖ!c%D@lސaa ސa?"Uސaސaޒ@"ސa'`@%@l   `@50 '+c4 ` c%@lސa?"D! %c@ll"@ސaސaޒ@"D㿐'D'HސaH"D~ :*`o@ ސaޒ@"ސaD"zސaa !'Dސaa!!'D ސaa)!+'D\ސaa !'D ސaa!#'DHސaa!$'D>ސaa!%'D4ސaa!('D*ސaa !'D ސaa!'Dސaa !'D ސaa)!*'DD(((((((((((((((((((((((((((((((((((((H((((((((8`㿈"#@& cc@ " * :`#ޒ!@ޒ@ޔa@ " ޒ!@@k ސa` @ `"$ cc@"b b"@ '쀢 #o쀢 쀢?c"#@& cc@ " * :`#ޒ!@ޒ@ޔa@ " ޒ!@@kG ސa` @ `"$ cc@"b b"@ 'b"b`  cc@"c *@`"x ''c,`%c' 'c,"b%@''#4a @"c`  ߐc䀤䀢  '쀢  @ߒ䀢  `""#@& cc@ " * :`#ޒ!@ޒ@ޔa@ " ޒ!@@j ސa` @ `"% cc@"b b"@ ',&  ޒ!@$@i @i''ߐc䀤k*` b ^ `*@*`Ȑ R  `*@*`Ȑ Ȁ &bܒ ' *`:"b`  cc@"c *@`"=  `*@*`Ƞ $@`+c4@ ޒ!@$@ih @iYߐc䀤ߒ#"@:`*`ߒ ' *`b ^ `*@*`Ȑ R  `*@*`Ȑ Ȁ &bܒ ' *`:"b`  cc@"c *@`"  `*@*`Ƞ $@`+c4@ ޒ!@$@h @hb * :`*` b ^ `*@*`Ȑ R  `*@*`Ȑ Ȁ &bܒ ' *`:"b`  cc@"c *@`"W  `*@*`Ƞ $@`+c4@ ޒ!@$@h @hs7   ߒ䀢 &bܒ ' *`:"b`  cc@"c *@`"'c0@*@"@ {b@`"s"@`lb"cb@ * :` <@b@  @  'c4@'" @*; ""b`  cc@"c *@`"c @*:"&c "b%"@ `"%c@* b@`" b @*:"b`  cc@"c *@`"W%c *`:  c& " #%#"#@& cc@ " * :`#ޒ!@ޒ@ޔa@ " ޒ!@@g ސa` @ `"%@ cc@"b b" ` -* :`$c`'ޒ!@ޒ@ޔa@ " cޒ@@gv ސa` *@`"%c'㿐'D'HD  D`D@`'DH   㿐"#@& cc@ " * :`#ޒ!@ޒ@ޔa@ " ޒ!@@g  ސa` @ `"$ cc@"b b"@ 㿐'Dޒ!@ޒ@ޔa@ " ޒ!D@@f ސa`G*@`"㿐'DbD"b`  cc@"c *@`"p'D''ؐ 'ܐ' 'ԒD @f c@ p'D'H''H'ؖD `@' @܀ K`@ Ԁ `@@ ܀ K`p@ p'D'H 'H''ؐ 'ܐ''ԒD @f; `@ ?߂cp'D'H'L?ߐc? "?ߐc@ "?ߐc@L" ?ߐc@ " ?@  HL@e?ߐc"@?ߐc@L` " ?ߐc@? " ?ߐc"@?ߐc?ߖ#D  @e `@ x?߂cp'D'H'L?ߐc? "?ߐc@ "?ߐc@L" ?ߐc@ " ?@  HL@e?ߐc"@?ߐc@L` " ?ߐc@? " ?ߐc"@?ߐc?ߖ#D  @e `@ $p'D'H 'H''ؐ 'ܐ''ԒD @ew `@ p'D'H 'H''ؐ 'ܐ''ԒD @e[ a@ p'D'H 1'H''ؐ 'ܐ''ԒD @e? a@ ?߂cp'D'H'L?ߐc? "?ߐc@ "?ߐc@L" ?ߐc@ " ?@  HL@d?ߐc"@?ߐc@L` " ?ߐc@? " ?ߐc"@?ߐc?ߖ#D  @d a0@ |p'D ''ؐ 'ܐ''ԒD @d aP@ c`'D'H'L'P'T'X 'H'L'R7V7X''Ȑ '̐''ĒD @d ah@ ;?߂ch'D'H'L'P'T'X?ߐc? "?ߐc@ "?ߐc@L" ?ߐc@ " ?ߐc@P" ?ߐc@T" ?ߐc@  HL@dW?ߐcؒ"@?ߐcؒ@L`" ?ߐcؒ@? " ?ߐc"@?ߐc@\" ?ߐc@X" ?ߐcؔ?ߐD @d: a@p'D ''ؐ 'ܐ''ԒD @d! a@p'D'H''H'ؖD a@' @܀ a@wԀ a@o܀ b@fp'D'H''H'ؖD b8@}' @܀ bH@EԀ bx@=܀ b@4p'D'H''H'ؖD b@K' @Ԁ b@܀ c@ p'D'H''H'ؖD c8@"' 2@Ԁ b@܀ cH@㿐cx@㿈'D'H'L'P'T xP@cS @cS  `@T@c(`@@P"DHLP@c@'쀢  `@T@c`@@ @c*  `@T@b`@@ ` cT@ ` cT@ ` cT@vH `H`@k㿐'D'HHD@H@D@H@@` @O @bP㿐'DD`3}*`y D@xD@sD@nD@iD@ dD@_D@ZD@UD@PD@KD@FD@$AD@ <D@"7D@72D@?-D@%(D@B#D@sD@D@3D@8D@M D8@@\p4 $8L` Ht䜝㿐'D`h@a㷐'DDD 8@ D` @uDD D@ D`@@lDDx`@aDD`@D`@v` @aDD` @D` $@a|DDD!`(,0@arD`4@DD!88<@aeDDh`@D@a]@aX@aS㿐'DD`@aI㿐'DD`@@a<㿐'DD`@vD`@Da @a'㻐'DDD @ D`@DD8`@a@a 㻐'DDD @ D`@DDp`@`@`㿐'DD`@@`㿐'DD`@@`㿐'DD`@`㻐'DDD @ D`@DD`@`@`㻐'DDD @ D`@rDDH`@`@`㿐'Dc@`㿐'DDD`@`D *`2  @D *2 D#@`u㻐'DDD @ D`@2DDD#` @`^DD `@`V@`Q㿐'D`@@`I㻐'DDD @ D`@DDP`@`4@`/㻐'DDD @ D`@DD`@`@`㻐'DDD @ D`@DD`@`@_㻐'DDD @ D`@DD`@_DDP` @_@_㷐'DDD @ D`@DD @ D` @DDx`@_DD` @_D`@_@_@_㻐'DDD @ D`@`DD`@_DD`@bP @_@_~㻐'DDD @ D`@;DDD"h` @_g@_b㷐'DDD @ D`@DD @ D`@DDD"` @_BDD`@_:@_5@_0㻐'DDD @ D`@DDD#` @_@_㷐'DDD @ D`@DD @ D`@DDD#`` @^DD`@^@^@^㻐'DDD @ D`@DDD#` @^@^㷐'DDD @ D`@DD @ D`@zDDD#` @^DD`@^@^@^㻐'DDD @ D`@QDDD (` @^}@^x㷐'DDD @ D`@5DD @ D`@,DDD h` @^XDD`@^P@^K@^F㿐'DDD`@^:㿈'D'H'L'H D `L@^UL@^yL@'L 'H L'L*@㿀'D'H'D'@]'耢 %@^Q `D@䀢 `D@H*@`" ''㿈/c `*: * :`㿐'DD vD*`} ! u! q! m! i! e! a! ]! Y! U! Q! M! I! E! A! =! 9! 5! 1! -! )! %! !! ! ! ! !  `(D@]r 8(XH(8HXhxhx㿐'DD ^D*`~ ! ]! Y! U! Q! M! I! E! A! =! 9! 5! 1! -! )! %! !! ! ! ! !  `@D@\ hx(8HXhx㿐'DD zD*`l ! y! u! q! m! i! e! a! ]! Y! U! Q! M! I! E! A! =! 9! 5! 1! -! )! %! !! ! ! ! !  a0XD@\F!0xXhx(8H(㿐'DD      ! ! !  apD@[!㿐'DD      ! ! !  aD@[!㿐'DD%% ! !  b D@[" 㿐'DD *D*` ! )! %! !! ! ! ! !  bpD@[w"p$4DTd㿐'D'H'L'P'TaDHLPT@[a@Z @Z㿐'DD@[# @Zx'D'H'L'P'TH'L'P'T'D@[^'܀ ܰp'D'H'L h@[ @[8 "@D@[; ' *`:  *`:  ` ܒ ' *`:  ap@Z?@Zx@Z'*  @Z'Ѐ a@Zn @Z?@Z[? ? a@ZQ?@ZBВ(    ?  N? a@Z1?@Z"аx'D'H'L'H" L" `"D ܖ @Z? b@Z;?D @Z? b@Z+?L㿈'D'HD@Z"'耢?D@Z'쀢  a@D@Y? H@ @Y  H @Y @'D'HbD @Z  H @Y ?'Ȑ   $@Y'Ē 2Ē  D @YD  @Z'  @H@Z s`   @Z `"? cX@Y?i`0 @Y?H?)   @YX 7 7  D @Yt   @Y'D   @Y @Y@Y ' @YZah@Y&&c`cp@YL?Ȓ H @Y=bH @Y7bD @Y1 㿐/X`  ??㿐㿠㿠ʠ@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed@(#)$Id: ipsend.c,v 2.2.2.3 2001/07/15 22:00:14 darrenr Exp $Usage: %s [options] dest [flags] options: -d debug mode -i device Send out on this device -f fragflags can set IP_MF or IP_DF -g gateway IP gateway to use if non-local dest. -I code,type[,gw[,dst[,src]]] Set ICMP protocol -m mtu fake MTU to use when sending out -P protocol Set protocol by name -s src source address for IP packet -T Set TCP protocol -t port destination port -U Set UDP protocol -v verbose mode -w Set the TCP window size Usage: %s [-dv] -L options: -d debug mode -L filename Use IP language for sending packets -v verbose mode ICMP args missing: , ,Cant resolve %s I:L:P:TUdf:i:g:m:o:s:t:vw:Protocol already set: %d Incorrect usage of -L option. -rcan't open file %s Unknown protocol: %s mtu must be > 28 set protocol to TCP first Unknown option "%c" Options: %d malloc failed Device: %s Source: %s Dest: %s Gateway: %s Flags: %#x mtu: %d %W% %G% (C)1995@(#)$Id: ip.c,v 2.1.4.3 2001/07/15 22:00:13 darrenr Exp $arpmalloc failedmtu (%d) < ip header size (%d) + 8 can't fragment data @(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed@(#)$Id: ipsopt.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $ssrrsatidlsrrsec-leveltsrrnopeoltopsecretsecretrestrmmmmeftoconfidunclassno such security level: %s options too long ,unknown IP option name %s Invalid ethernet address: %s octal with %c! openfstatdata file %s too big to include. readunknown protocol %s protocol %d specified with TCP! udpunknown TCP flag %c protocol %d specified with UDP! no interface defined for sending! %02x No interface name given! Interface %s has an MTU of 0! couldn't find interface %s protocol %d specified with ICMP! host-tosnet-toshost-prohibnet-prohibisolatehost-unknet-unksrcfailneedfragport-unrproto-unrhost-unrnet-unrunknown ICMP code %s ENDmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexechoredirsquenchunreachechorepunknown ICMP type %s %d0cannot specify options after data body No mapping for state %d to IP option M-'(IBE/0123456789:;<=>@ABC K'Fqrstuwxy{|~z}vE$IJOMNgQR (UVWXYZ[\]^_H?j#=@AB-./0124567>3?$,whWTSJ@ASB$CVh?'9@A ?# 9Bfdb`@A~}|({B yx srOPQGHGHoqpm 9D9 # Hk+9\9n9nomli)*&tuv"pzUijklKL!"?.XYZ[R]^_`abcdefgPL*NTDF,)&8+ e<c;a:%! %  GgigigigigigirqBpgigigigigigi>1gigiw:>BaBBgiBBgiBBgi(wgiBBBBBBBBBBBkgijih?gigigigigigigigi*gigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigi')    B)B%giBBBBBBBBBd$giBBBB"J!BBBgigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigiYgigigigigigigigi~Y@gigigigigigigigigigigigigigiY&&&gigigiBgigigigigigigigigigigigigigigiBgigigigigigigigigigigigi?=aBBBBgigiaagigiaaagiagigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigigih:dTYkCS lnm~ih][ZfX      !!!!!!!!!!!!$$$%%%%%%%%%%&&'''''((())))**++-,,,,,,,,,,,,,,,,,,,,,,,..4422555//6666666666666666007777711338"##99999999999999999999::::::::;;<<<                    gi21/ {{{;{  6 6  0; ),8}}}}{{{{{;;;;;<=>?@PBCDNEFOGHIJKLM" !#*+-9:;};;;;;;;;;QRSTUVWX;;;;;;;}{}}Ykrsqtyz{|}~wZl};;;;;;;;;;$%&'(;;.;{;;;;{;{;;{;;{;;{;{;{{;};;;uvx[\]^_`abcdefghijmnop;}}}}}}{}};;;;;};;;;;;}; & ') 6LU (*+,-./01234!"#$ %8:NPW9;<=>?@ABCEOQRSTXY^`|57EMVZ\s_abcseghwjkmnprFGHIJK[Dt~]uvdfixyz{oq}l-unknown-IL_ICMP_TTIMEIL_ICMP_RTIMEIL_ICMP_OTIMEIL_ICMP_IDIL_ICMP_SEQIL_ICMP_MASKREPLYIL_ICMP_MASKREQIL_ICMP_IREQREPLYIL_ICMP_IREQIL_ICMP_TSTAMPREPLYIL_ICMP_TSTAMPIL_ICMP_PARAMPROB_OPTABSENTIL_ICMP_PARAMPROBIL_ICMP_TIMXCEED_REASSIL_ICMP_TIMXCEED_INTRANSIL_ICMP_TIMXCEEDIL_ICMP_ROUTERSOLICITIL_ICMP_ROUTERADVERTIL_ICMP_ECHOIL_ICMP_REDIRECT_TOSHOSTIL_ICMP_REDIRECT_TOSNETIL_ICMP_REDIRECT_HOSTIL_ICMP_REDIRECT_NETIL_ICMP_REDIRECTIL_ICMP_SOURCEQUENCHIL_ICMP_UNREACH_PRECEDENCE_CUTOFFIL_ICMP_UNREACH_HOST_PRECEDENCEIL_ICMP_UNREACH_FILTER_PROHIBIL_ICMP_UNREACH_TOSHOSTIL_ICMP_UNREACH_TOSNETIL_ICMP_UNREACH_HOST_PROHIBIL_ICMP_UNREACH_NET_PROHIBIL_ICMP_UNREACH_ISOLATEDIL_ICMP_UNREACH_HOST_UNKNOWNIL_ICMP_UNREACH_NET_UNKNOWNIL_ICMP_UNREACH_SRCFAILIL_ICMP_UNREACH_NEEDFRAGIL_ICMP_UNREACH_PORTIL_ICMP_UNREACH_PROTOCOLIL_ICMP_UNREACH_HOSTIL_ICMP_UNREACH_NETIL_ICMP_UNREACHIL_ICMP_ECHOREPLYIL_IPS_RESERV1IL_IPS_RESERV2IL_IPS_UNCLASSIL_IPS_CONFIDIL_IPS_RESERV3IL_IPS_SECRETIL_IPS_TOPSECRETIL_IPS_RESERV4IL_IPO_ENCODEIL_IPO_CIPSOIL_IPO_SECCLASSIL_IPO_FINNIL_IPO_EIPIL_IPO_IMITDIL_IPO_VISAIL_IPO_ADDEXTIL_IPO_SSRRIL_IPO_SATIDIL_IPO_ESECIL_IPO_LSRRIL_IPO_SECIL_IPO_TRIL_IPO_TSIL_IPO_EOLIL_IPO_MTURIL_IPO_MTUPIL_IPO_ZSUIL_IPO_RRIL_IPO_NOPIL_DFILEIL_DVALUEIL_DLENIL_DATAIL_OPTIL_V4ADDRIL_LENIL_OFFIL_SUMIL_DEFROUTERIL_ARPIL_VIAIL_SENDIL_ICMPCODEIL_ICMPTYPEIL_ICMPIL_UDPSUMIL_UDPLENIL_UDPIL_TCPO_TSIL_TCPO_WSCALEIL_TCPO_MSSIL_TCPO_EOLIL_TCPO_NOPIL_TCPOPTIL_TCPURPIL_TCPSUMIL_TCPWINIL_TCPOFFIL_TCPACKIL_TCPSEQIL_TCPFLIL_DPORTIL_SPORTIL_TCPIL_V4IDIL_V4OPTIL_V4LENIL_V4SUMIL_V4TOSIL_V4TTLIL_V4HLIL_V4VIL_V4OFFIL_V4DSTIL_V4SRCIL_V4PROTOIL_IPV4IL_EADDRIL_MTUIL_IFNAMEIL_INTERFACEIL_COMMENTIL_EOFIL_DOTIL_COLONIL_HEXDIGITIL_TOKENIL_NUMBERdigits : digits IL_NUMBERdigits : IL_NUMBERoptnumber : numberoptnumber : ';'number : digits ';'optoken : tokenoptoken : ';'token : IL_TOKEN ';'dataopts : IL_DFILE tokendataopts : IL_DVALUE tokendataopts : IL_DLEN tokendatabody : dataopts databodydatabody : dataoptsdataline : '{' databody '}' ';'data : IL_DATAsecclass : IL_IPS_RESERV1 ';'secclass : IL_IPS_RESERV2 ';'secclass : IL_IPS_UNCLASS ';'secclass : IL_IPS_CONFID ';'secclass : IL_IPS_RESERV3 ';'secclass : IL_IPS_SECRET ';'secclass : IL_IPS_TOPSECRET ';'secclass : IL_IPS_RESERV4 ';'ipv4opts : IL_IPO_FINN ';'ipv4opts : IL_IPO_EIP ';'ipv4opts : IL_IPO_IMITD ';'ipv4opts : IL_IPO_VISA ';'ipv4opts : IL_IPO_ADDEXT ';'ipv4opts : IL_IPO_SSRR tokenipv4opts : IL_IPO_SATID optnumberipv4opts : IL_IPO_CIPSO ';'ipv4opts : IL_IPO_ESEC ';'ipv4opts : IL_IPO_LSRR tokenipv4opts : IL_IPO_SECCLASS secclassipv4opts : IL_IPO_SEC ';'ipv4opts : IL_IPO_TR ';'ipv4opts : IL_IPO_TS ';'ipv4opts : IL_IPO_ENCODE ';'ipv4opts : IL_IPO_MTUR ';'ipv4opts : IL_IPO_MTUP ';'ipv4opts : IL_IPO_ZSU ';'ipv4opts : IL_IPO_RR optnumberipv4opts : IL_IPO_NOP ';'ipv4optlist : ipv4opts ipv4optlistipv4optlist : /* empty */ipv4opt : IL_V4OPTparaprobarg : '{' number '}' ';'paramprob : IL_ICMP_PARAMPROB_OPTABSENT paraprobargparamprob : IL_ICMP_PARAMPROB_OPTABSENTexceed : IL_ICMP_TIMXCEED_REASS lineexceed : IL_ICMP_TIMXCEED_INTRANS lineredirectopts : IL_ICMP_REDIRECT_TOSHOST tokenredirectopts : IL_ICMP_REDIRECT_TOSNET tokenredirectopts : IL_ICMP_REDIRECT_HOST tokenredirectopts : IL_ICMP_REDIRECT_NET tokenredirectopts : /* empty */redirect : IL_ICMP_REDIRECT '{' redirectopts '}' ';'redirect : IL_ICMP_REDIRECTunreachopts : IL_ICMP_UNREACH_PRECEDENCE_CUTOFF lineunreachopts : IL_ICMP_UNREACH_HOST_PRECEDENCE lineunreachopts : IL_ICMP_UNREACH_FILTER_PROHIB lineunreachopts : IL_ICMP_UNREACH_TOSHOST lineunreachopts : IL_ICMP_UNREACH_TOSNET lineunreachopts : IL_ICMP_UNREACH_HOST_PROHIB lineunreachopts : IL_ICMP_UNREACH_NET_PROHIB lineunreachopts : IL_ICMP_UNREACH_ISOLATED lineunreachopts : IL_ICMP_UNREACH_HOST_UNKNOWN lineunreachopts : IL_ICMP_UNREACH_NET_UNKNOWN lineunreachopts : IL_ICMP_UNREACH_SRCFAIL lineunreachopts : IL_ICMP_UNREACH_NEEDFRAG number ';'unreachopts : IL_ICMP_UNREACH_PORT lineunreachopts : IL_ICMP_UNREACH_PROTOCOL lineunreachopts : IL_ICMP_UNREACH_HOST lineunreachopts : IL_ICMP_UNREACH_NET lineunreach : IL_ICMP_UNREACH '{' unreachopts '}' ';'unreach : IL_ICMP_UNREACHicmpts : IL_ICMP_TTIME numbericmpts : IL_ICMP_RTIME numbericmpts : IL_ICMP_OTIME numbericmptsopts : icmptsopts icmpts ';'icmptsopts : /* empty */icmpecho : IL_ICMP_ID numbericmpecho : IL_ICMP_SEQ numbericmpechoopts : icmpechoopts icmpechoicmpechoopts : /* empty */icmptype : IL_TOKEN ';'icmptype : IL_ICMP_PARAMPROB '{' paramprob '}' ';'icmptype : IL_ICMP_PARAMPROB ';'icmptype : IL_ICMP_MASKREPLY '{' token '}' ';'icmptype : IL_ICMP_MASKREPLY ';'icmptype : IL_ICMP_MASKREQ ';'icmptype : IL_ICMP_IREQREPLY '{' data dataline '}' ';'icmptype : IL_ICMP_IREQREPLY ';'icmptype : IL_ICMP_IREQ ';'icmptype : IL_ICMP_TSTAMPREPLY '{' icmptsopts '}' ';'icmptype : IL_ICMP_TSTAMPREPLY ';'icmptype : IL_ICMP_TSTAMP ';'icmptype : IL_ICMP_TIMXCEED '{' exceed '}' ';'icmptype : IL_ICMP_TIMXCEED ';'icmptype : IL_ICMP_ECHO '{' icmpechoopts '}' ';'icmptype : IL_ICMP_ECHO ';'icmptype : IL_ICMP_ROUTERSOLICIT ';'icmptype : IL_ICMP_ROUTERADVERT ';'icmptype : redirecticmptype : IL_ICMP_SOURCEQUENCH ';'icmptype : unreachicmptype : IL_ICMP_ECHOREPLY '{' icmpechoopts '}' ';'icmptype : IL_ICMP_ECHOREPLY ';'icmpcode : IL_ICMPCODE tokenicmpheader : IL_ICMPTYPE icmptype icmpcodeicmpheader : IL_ICMPTYPE icmptypeicmpbody : icmpheader bodylineicmpbody : icmpheadericmpline : '{' icmpbody '}' ';'icmp : IL_ICMPudpbody : IL_UDPSUM tokenudpbody : IL_UDPLEN tokenudpbody : IL_DPORT tokenudpbody : IL_SPORT tokenudpheader : bodylineudpheader : udpbody udpheaderudpheader : udpbodyudpline : '{' udpheader '}' ';'udp : IL_UDPtcpopt : IL_TCPO_TS optokentcpopt : IL_TCPO_WSCALE optokentcpopt : IL_TCPO_MSS optokentcpopt : IL_TCPO_EOL ';'tcpopt : IL_TCPO_NOP ';'tcpopts : tcpopt tcpoptstcpopts : /* empty */tcpbody : IL_TCPOPT '{' tcpopts '}' ';'tcpbody : IL_TCPFL tokentcpbody : IL_TCPSUM tokentcpbody : IL_TCPWIN tokentcpbody : IL_TCPURP tokentcpbody : IL_TCPOFF tokentcpbody : IL_TCPACK tokentcpbody : IL_TCPSEQ tokentcpbody : IL_DPORT tokentcpbody : IL_SPORT tokentcpheader : bodylinetcpheader : tcpbody tcpheadertcpheader : tcpbodytcpline : '{' tcpheader '}' ';'tcp : IL_TCPipv4type : ipv4opt '{' ipv4optlist '}' ';'ipv4type : IL_V4LEN tokenipv4type : IL_V4SUM tokenipv4type : IL_V4TOS tokenipv4type : IL_V4TTL tokenipv4type : IL_V4ID tokenipv4type : IL_V4HL tokenipv4type : IL_V4V tokenipv4type : IL_V4OFF tokenipv4type : IL_V4DST tokenipv4type : IL_V4SRC tokenipv4type : IL_V4PROTO tokenipv4body : bodylineipv4body : ipv4type ipv4bodyipv4body : ipv4typeipv4 : IL_IPV4ipline : ipv4 '{' ipv4body '}' ';'bodyline : data datalinebodyline : icmp icmplinebodyline : udp udplinebodyline : tcp tcplinebodyline : iplinedefrouter : IL_DEFROUTER tokenarpopt : IL_EADDR tokenarpopt : IL_V4ADDR tokenarpbody : arpbody arpoptarpbody : arpoptarphdr : IL_ARParp : arphdr '{' arpbody '}' ';'sendopt : IL_VIA tokensendopt : IL_IFNAME tokensendbody : sendbody sendoptsendbody : sendoptsendhdr : IL_SENDsend : sendhdr ';'send : sendhdr '{' sendbody '}' ';'ifaceopt : IL_EADDR tokenifaceopt : IL_V4ADDR tokenifaceopt : IL_MTU numberifaceopt : IL_IFNAME tokenifaceopts : ifaceopt ifaceoptsifaceopts : ifaceoptifhdr : IL_INTERFACEiface : ifhdr '{' ifaceopts '}' ';'line : iplineline : defrouterline : sendline : arpline : ifacefile : IL_COMMENT filefile : IL_COMMENTfile : line filefile : line-no such reduction-State %d, token end-of-file -none- %s yacc stack overflowReceived token syntax errorError recovery pops state %d, uncovers state %d Error recovery discards token end-of-file token -none- token %s Reduce by (%d) "%s" .icmpidicmpseqttimertimeotimeoptabsentreassintranstos-host-redirtos-net-redirhost-redirnet-redircutoff-precedhost-precedfilter-prohibhost-tosnet-toshost-prohibnet-prohibisolatehost-unknet-unksrcfailneedfragport-unrproto-unrhost-unrnet-unrmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexroutersolrouteradechoredirsquenchunreachechorepcodetypeicmpreserv-1reserv-2unclassconfidreserv-3secrettopsecretreserv-4wscalemssfinneipimitdvisaaddextssrrsatidcipsoeseclsrrsecclasssectrtsencodemturmtupzsurreolnopfilevaluedataarpviasendudpwinurpflagsackseqdportsporttcpsumofflenoptdstsrctosttlidhlprotovipv4v4addreaddrmturouterifnamenameifaceinterfacebad switch yylook %d%s error at "%s", line %d text=[%s] id=%d next=%d unknown keyword=[%s] Input string too long, limit %d dlinforeq: putmsgdlinfoackdlinfoack: response ctl.len too short: %ddlinfoack: DL_INFO_ACK was not M_PCPROTOdlinfoack: short response ctl.len: %ddlattachreq: putmsgdlenabmultireq: putmsgdldisabmultireq: putmsgdlpromiscon: putmsgdlpromiscoff: putmsgdlphysaddrreq: putmsgdlsetphysaddrreq: putmsgdldetachreq: putmsgdlbindreq: putmsgdlunitdatareq: putmsgdlunbindreq: putmsgdlokackdlokack: response ctl.len too short: %ddlokack: DL_OK_ACK was not M_PCPROTOdlokack: short response ctl.len: %ddlerrorackdlerrorack: response ctl.len too short: %ddlerrorack: DL_OK_ACK was not M_PCPROTOdlerrorack: short response ctl.len: %ddlbindackdlbindack: DL_OK_ACK was not M_PCPROTOdlbindack: short response ctl.len: %ddlphysaddrackdlphysaddrack: short response ctl.len: %dsigalrm: TIMEOUT%s: alarm%s: getmsg%s: MORECTL|MOREDATA%s: MORECTL%s: MOREDATAgetmsg: control portion length < sizeof (long): %dexpected %s got %sprintdlprim: unknown primitive type 0x%xDL_INFO_REQ DL_INFO_ACK: max_sdu %d min_sdu %d addr_length %d mac_type %s current_state %s sap_length %d service_mode %s qos_length %d qos_offset %d qos_range_length %d qos_range_offset %d provider_style %s addr_offset %d version %d brdcst_addr_length %d brdcst_addr_offset %d addr %s brdcst_addr %s DL_ATTACH_REQ: ppa %d DL_OK_ACK: correct_primitive %s DL_ERROR_ACK: error_primitive %s errno %s unix_errno %d DL_ENABMULTI_REQ: addr_length %d addr_offset %d DL_DISABMULTI_REQ: addr_length %d addr_offset %d DL_PROMISCON_REQ: level %s DL_PROMISCOFF_REQ: level %s DL_PHYS_ADDR_REQ: addr_type 0x%x DL_PHYS_ADDR_ACK: addr_length %d addr_offset %d DL_SET_PHYS_ADDR_REQ: addr_length %d addr_offset %d DL_DETACH_REQ DL_BIND_REQ: sap %d max_conind %d service_mode %s conn_mgmt %d xidtest_flg 0x%x DL_BIND_ACK: sap %d addr_length %d addr_offset %d max_conind %d xidtest_flg 0x%x DL_UNBIND_REQ DL_SUBS_BIND_REQ: subs_sap_offset %d sub_sap_len %d sap %s DL_SUBS_BIND_ACK: subs_sap_offset %d sub_sap_length %d DL_SUBS_UNBIND_REQ: subs_sap_offset %d sub_sap_length %d DL_UNITDATA_REQ: dest_addr_length %d dest_addr_offset %d dl_priority.min %d dl_priority.max %d DL_UNITDATA_IND: dest_addr_length %d dest_addr_offset %d src_addr_length %d src_addr_offset %d group_address 0x%x dest %s src %s DL_UDERROR_IND: dest_addr_length %d dest_addr_offset %d unix_errno %d errno %s DL_TEST_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d dest_addr %s DL_TEST_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d src_addr %s DL_TEST_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_TEST_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_REQ: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_IND: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_RES: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_XID_CON: flag 0x%x dest_addr_length %d dest_addr_offset %d DL_UDQOS_REQ: qos_length %d qos_offset %d %x::%xstringtoaddr: invalid input string: %ssunknown primitive 0x%xunknown state 0x%xunknown dlpi errno 0x%xunknown promisc level 0x%xunknown provider service mode 0x%xunknown provider style 0x%xunknown media type 0x%x @(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed@(#)$Id: sdlpi.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $/dev/bad device name %s O_RDWR(1) DLPI error DLIOCRAW error putmsgI_FLUSHW@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed@(#)$Id: arp.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $unknown host: %s arp: socket(%s):SIOCGARPnp o<o800<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~0{0x(0u40r@0oL0lX0id0fp0c|0`0]0Z0W0T0Q0N " 1 = G l ! Q oso/ o// ookle0xpDh XP H@@5xM׈ k@p|pph<=> ? @ PBDCRDNEFOGHIJKLMQR=SZTfUVWXASURPF xhXH@8(  ;;;;x;p;h;X;H;8 ;0 ;  ; ; ::::::::::x:p:h:X:H:8:(::9 9!9"9#9$9%9&9'9x(9p)9`*9P+9H,98-9(.9 /909192838485868788898:8;8<8=8p>8`?8P@8@A80B8 C8D8E7F7G7H7I7J7K7L7M7pN7`O7PP7@Q7(R7S7T6U6V6W6X6Y6Z6[6p\6P]68^6_6`5a5b5c5d5`e5Hf50g5h4i4j4k4l4m4hn4Po40p4 q4r3s3t3u3v3w3hx3Xy3@z30{3|3}2~222222UUUUpUXUHU8U(UUTTTTThTHT(TSSSSSxSXS@SSRRRRRxR`RHR0RQQQQQQhQHQ(QPPPPPpPPP0POOOOOxO`O@O ONNNNN`N@NNMMMMM`M@M0MLLLLLL`L@L0LKKKKK`K8KJJJJJXJ8JIIIIhI0IHHHHhH8HGGGGxGXG8GFFFFFpF8FEEEEXE(DDDDhD8DCCChC0CBBBBXB(AAAAAHA A@@@@@`@@@ @????x?X?8?>>>>>p>P>0>=====p=P=0= =<<<<Z?Y@YPYBYCYDYNYEYFYOYGYHYIYJYKYLYxMYp&Yh'YXQYHRY@SY0TY(UY VYWYXX,X-X.XYXZXkXlXqXrXsXtXwXyXpzXh{X`|XX}XP~XH[X8\X(]X^X_X`WaWbWcWdWeWfWgWhWiWxjWhmWXnWHoW8pW0uW(vWxWWWVVV                    4<DLT\hTpn|D2(   "0000000000::AAAAAAAAAAAA:: 0123456789abcdefas: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment# )  1!! Q9/ / G//  Q//< [// e22kllqwbk|k| kk npnpo8o8    +\ 0707010e0666ea000081ed0000000000000000000000013b671a6f00000a870000000000000001ffffffffffffffff0000001b00000003root/opt/ipf/bin/mkfilters#!/usr/local/bin/perl # for best results, bring up all your interfaces before running this if ($^O =~ m/^irix/i) { &irix_mkfilters || regular_mkfilters || die $!; } else { ®ular_mkfilters || irix_mkfilters || die $!; } foreach $i (keys %ifaces) { $net{$i} = $inet{$i}."/".$netmask{$i} if (defined($inet{$i})); } # # print out route suggestions # print "#\n"; print "# The following routes should be configured, if not already:\n"; print "#\n"; foreach $i (keys %ifaces) { next if (($i =~ /lo/) || !defined($net{$i}) || defined($ppp{$i})); print "# route add $inet{$i} localhost 0\n"; } print "#\n"; # # print out some generic filters which people should use somewhere near the top # print "block in log quick from any to any with ipopts\n"; print "block in log quick proto tcp from any to any with short\n"; $grpi = 0; foreach $i (keys %ifaces) { if (!defined($inet{$i})) { next; } $grpi += 100; $grpo = $grpi + 50; if ($i !~ /lo/) { print "pass out on $i all head $grpo\n"; print "block out from 127.0.0.0/8 to any group $grpo\n"; print "block out from any to 127.0.0.0/8 group $grpo\n"; print "block out from any to $inet{$i}/32 group $grpo\n"; print "pass in on $i all head $grpi\n"; print "block in from 127.0.0.0/8 to any group $grpi\n"; print "block in from $inet{$i}/32 to any group $grpi\n"; foreach $j (keys %ifaces) { if ($i ne $j && $j !~ /^lo/ && defined($net{$j})) { print "block in from $net{$j} to any group $grpi\n"; } } } } sub irix_mkfilters { open(NETSTAT, "/usr/etc/netstat -i|") || return 0; while (defined($line = )) { if ($line =~ m/^Name/) { next; } elsif ($line =~ m/^(\S+)/) { open(I, "/usr/etc/ifconfig $1|") || return 0; &scan_ifconfig; close I; # being neat... - Allen } } close NETSTAT; # again, being neat... - Allen return 1; } sub regular_mkfilters { open(I, "ifconfig -a|") || return 0; &scan_ifconfig; close I; # being neat... - Allen return 1; } sub scan_ifconfig { while () { chop; if (/^[a-zA-Z]+\d+:/) { ($iface = $_) =~ s/^([a-zA-Z]+\d+).*/$1/; $ifaces{$iface} = $iface; next; } if (/inet/) { if (/\-\-\>/) { # PPP, (SLIP?) ($inet{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$1/; ($ppp{$iface} = $_) =~ s/.*inet ([^ ]+) \-\-\> ([^ ]+).*/$2/; } else { ($inet{$iface} = $_) =~ s/.*inet ([^ ]+).*/$1/; } } if (/netmask/) { ($mask = $_) =~ s/.*netmask ([^ ]+).*/$1/; $mask =~ s/^/0x/ if ($mask =~ /^[0-9a-f]*$/); $netmask{$iface} = $mask; } if (/broadcast/) { ($bcast{$iface} = $_) =~ s/.*broadcast ([^ ]+).*/$1/; } } } 0707010e0666d2000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001600000003root/opt/ipf/examples0707010e0666ba000081a40000000000000000000000013b671a6a0000064d0000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/BASIC.NAT#!/sbin/ipnat -f - # # THIS EXAMPLE IS WRITTEN FOR IP FILTER 3.3 # # ppp0 - (external) PPP connection to ISP, address a.b.c.d/32 # # ed0 - (internal) network interface, address w.x.y.z/32 # # If we have only 1 valid IP address from our ISP, then we do this: # # To make ftp work, using the internal ftp proxy, use: # map ppp0 w.x.y.z/24 -> a.b.c.d/32 proxy port ftp ftp/tcp # # For normal TCP/UDP and other IP protocols # map ppp0 w.x.y.z/24 -> a.b.c.d/32 portmap tcp/udp 40000:60000 map ppp0 w.x.y.z/24 -> a.b.c.d/32 # # if we get a different dialup IP address each time, then we would use: # #map ppp0 w.x.y.z/24 -> 0/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.z/24 -> 0/32 # # If we have a class C address space of valid IP#'s from our ISP, then we can # do this: # #map ppp0 w.x.y.z/24 -> a.b.c.d/24 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.z/24 -> a.b.c.d/24 # # or, if we only have a small number of PC's, this: # #map ppp0 w.x.y.v/32 -> a.b.c.E/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.v/32 -> a.b.c.E/32 #map ppp0 w.x.y.u/32 -> a.b.c.F/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.u/32 -> a.b.c.F/32 #map ppp0 w.x.y.t/32 -> a.b.c.G/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.t/32 -> a.b.c.G/32 #map ppp0 w.x.y.s/32 -> a.b.c.H/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.s/32 -> a.b.c.H/32 #map ppp0 w.x.y.r/32 -> a.b.c.I/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.r/32 -> a.b.c.I/32 #map ppp0 w.x.y.q/32 -> a.b.c.J/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.q/32 -> a.b.c.J/32 #map ppp0 w.x.y.p/32 -> a.b.c.K/32 portmap tcp/udp 40000:60000 #map ppp0 w.x.y.p/32 -> a.b.c.K/32 0707010e0666a2000081a40000000000000000000000013b671a6a00000fad0000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/BASIC_1.FW#!/sbin/ipf -f - # # SAMPLE: RESTRICTIVE FILTER RULES # # THIS EXAMPLE IS WRITTEN FOR IP FILTER 3.3 # # ppp0 - (external) PPP connection to ISP, address a.b.c.d/32 # # ed0 - (internal) network interface, address w.x.y.z/32 # # This file contains the basic rules needed to construct a firewall for the # above situation. # #------------------------------------------------------- # *Nasty* packets we don't want to allow near us at all! # short packets which are packets fragmented too short to be real. block in log quick all with short #------------------------------------------------------- # Group setup. # ============ # By default, block and log everything. This maybe too much logging # (especially for ed0) and needs to be further refined. # block in log on ppp0 all head 100 block in log proto tcp all flags S/SA head 101 group 100 block out log on ppp0 all head 150 block in log on ed0 from w.x.y.z/24 to any head 200 block in log proto tcp all flags S/SA head 201 group 200 block in log proto udp all head 202 group 200 block out log on ed0 all head 250 #------------------------------------------------------- # Localhost packets. # ================== # packets going in/out of network interfaces that aren't on the loopback # interface should *NOT* exist. block in log quick from 127.0.0.0/8 to any group 100 block in log quick from any to 127.0.0.0/8 group 100 block in log quick from 127.0.0.0/8 to any group 200 block in log quick from any to 127.0.0.0/8 group 200 # And of course, make sure the loopback allows packets to traverse it. pass in quick on lo0 all pass out quick on lo0 all #------------------------------------------------------- # Invalid Internet packets. # ========================= # # Deny reserved addresses. # block in log quick from 10.0.0.0/8 to any group 100 block in log quick from 192.168.0.0/16 to any group 100 block in log quick from 172.16.0.0/12 to any group 100 # # Prevent IP spoofing. # block in log quick from a.b.c.d/24 to any group 100 # #------------------------------------------------------- # Allow outgoing DNS requests (no named on firewall) # pass in quick proto udp from any to any port = 53 keep state group 202 # # If we were running named on the firewall and all internal hosts talked to # it, we'd use the following: # #pass in quick proto udp from any to w.x.y.z/32 port = 53 keep state group 202 #pass out quick on ppp0 proto udp from a.b.c.d/32 to any port = 53 keep state # # Allow outgoing FTP from any internal host to any external FTP server. # pass in quick proto tcp from any to any port = ftp keep state group 201 pass in quick proto tcp from any to any port = ftp-data keep state group 201 pass in quick proto tcp from any port = ftp-data to any port > 1023 keep state group 101 # # Allow NTP from any internal host to any external NTP server. # pass in quick proto udp from any to any port = ntp keep state group 202 # # Allow outgoing connections: SSH, TELNET, WWW # pass in quick proto tcp from any to any port = 22 keep state group 201 pass in quick proto tcp from any to any port = telnet keep state group 201 pass in quick proto tcp from any to any port = www keep state group 201 # #------------------------------------------------------- block in log proto tcp from any to a.b.c.d/32 flags S/SA head 110 group 100 # # Allow incoming to the external firewall interface: mail, WWW, DNS # pass in log quick proto tcp from any to any port = smtp keep state group 110 pass in log quick proto tcp from any to any port = www keep state group 110 pass in log quick proto tcp from any to any port = 53 keep state group 110 pass in log quick proto udp from any to any port = 53 keep state group 100 #------------------------------------------------------- # Log these: # ========== # * return RST packets for invalid SYN packets to help the other end close block return-rst in log proto tcp from any to any flags S/SA group 100 # * return ICMP error packets for invalid UDP packets block return-icmp(net-unr) in proto udp all group 100 0707010e06668a000081a40000000000000000000000013b671a6a00000a0b0000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/BASIC_2.FW#!/sbin/ipf -f - # # SAMPLE: PERMISSIVE FILTER RULES # # THIS EXAMPLE IS WRITTEN FOR IP FILTER 3.3 # # ppp0 - (external) PPP connection to ISP, address a.b.c.d/32 # # ed0 - (internal) network interface, address w.x.y.z/32 # # This file contains the basic rules needed to construct a firewall for the # above situation. # #------------------------------------------------------- # *Nasty* packets we don't want to allow near us at all! # short packets which are packets fragmented too short to be real. block in log quick all with short #------------------------------------------------------- # Group setup. # ============ # By default, block and log everything. This maybe too much logging # (especially for ed0) and needs to be further refined. # block in log on ppp0 all head 100 block out log on ppp0 all head 150 block in log on ed0 from w.x.y.z/24 to any head 200 block out log on ed0 all head 250 #------------------------------------------------------- # Invalid Internet packets. # ========================= # # Deny reserved addresses. # block in log quick from 10.0.0.0/8 to any group 100 block in log quick from 192.168.0.0/16 to any group 100 block in log quick from 172.16.0.0/12 to any group 100 # # Prevent IP spoofing. # block in log quick from a.b.c.d/24 to any group 100 # #------------------------------------------------------- # Localhost packets. # ================== # packets going in/out of network interfaces that aren't on the loopback # interface should *NOT* exist. block in log quick from 127.0.0.0/8 to any group 100 block in log quick from any to 127.0.0.0/8 group 100 block in log quick from 127.0.0.0/8 to any group 200 block in log quick from any to 127.0.0.0/8 group 200 # And of course, make sure the loopback allows packets to traverse it. pass in quick on lo0 all pass out quick on lo0 all #------------------------------------------------------- # Allow any communication between the inside network and the outside only. # # Allow all outgoing connections (SSH, TELNET, FTP, WWW, gopher, etc) # pass in log quick proto tcp all flags S/SA keep state group 200 # # Support all UDP `connections' initiated from inside. # # Allow ping out # pass in log quick proto icmp all keep state group 200 #------------------------------------------------------- # Log these: # ========== # * return RST packets for invalid SYN packets to help the other end close block return-rst in log proto tcp from any to any flags S/SA group 100 # * return ICMP error packets for invalid UDP packets block return-icmp(net-unr) in proto udp all group 100 0707010e066672000081a40000000000000000000000013b671a6a000000850000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.1# # block all incoming TCP packets on le0 from host 10.1.1.1 to any destination. # block in on le0 proto tcp from 10.1.1.1/32 to any 0707010e06665a000081a40000000000000000000000013b671a6a000001af0000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/example.10# # pass ack packets (ie established connection) # pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A pass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A # # block incoming connection requests to my internal network from the big bad # internet. # block in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA # to block the replies: block out on le0 proto tcp from 10.1.0.0 to any flags SA/SA 0707010e066642000081a40000000000000000000000013b671a6a000003340000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/example.11# # allow any TCP packets from the same subnet as foo is on through to host # 10.1.1.2 if they are destined for port 6667. # pass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667 # # allow in UDP packets which are NOT from port 53 and are destined for # localhost # pass in proto udp from 10.2.2.2 port != 53 to localhost # # block anything trying to get to X terminal ports, X:0 to X:9 # block in proto tcp from any to any port 5999 >< 6010 # # allow any connections to be made, except to BSD print/r-services # this will also protect syslog. # block in proto tcp/udp all pass in proto tcp/udp from any to any port 512 <> 515 # # allow any connections to be made, except to BSD print/r-services # this will also protect syslog. # pass in proto tcp/udp all block in proto tcp/udp from any to any port 511 >< 516 0707010e06662a000081a40000000000000000000000013b671a6a000001780000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/example.12# # get rid of all short IP fragments (too small for valid comparison) # block in proto tcp all with short # # drop and log any IP packets with options set in them. # block in log all with ipopts # # log packets with BOTH ssrr and lsrr set # log in all with opt lsrr,ssrr # # drop any source routing options # block in quick all with opt lsrr block in quick all with opt ssrr 0707010e066612000081a40000000000000000000000013b671a6a000001d40000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/example.13# # Log all short TCP packets to qe3, with 10.3.3.3 as the intended # destination for the packet. # block in on qe0 to qe3:10.3.3.3 proto tcp all with short # # Log all connection attempts for TCP # pass in on le0 dup-to le1:10.3.3.3 proto tcp all flags S/SA # # Route all UDP packets through transparently. # pass in on ppp0 fastroute proto udp all # # Route all ICMP packets to network 10 out through le1, to 10.3.3.1 # pass in on le0 to le1:10.3.3.1 proto icmp all 0707010e0665fa000081a40000000000000000000000013b671a6a000000950000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.2# # block all outgoing TCP packets on le0 from any host to port 23 of # host 10.1.1.2 # block out on le0 proto tcp from any to 10.1.1.3/32 port = 23 0707010e0665e2000081a40000000000000000000000013b671a6a000003de0000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.3# # block all inbound packets. # block in from any to any # # pass through packets to and from localhost. # pass in from 127.0.0.1/32 to 127.0.0.1/32 # # allow a variety of individual hosts to send any type of IP packet to any # other host. # pass in from 10.1.3.1/32 to any pass in from 10.1.3.2/32 to any pass in from 10.1.3.3/32 to any pass in from 10.1.3.4/32 to any pass in from 10.1.3.5/32 to any pass in from 10.1.0.13/32 to any pass in from 10.1.1.1/32 to any pass in from 10.1.2.1/32 to any # # # block all outbound packets. # block out from any to any # # allow any packets destined for localhost out. # pass out from any to 127.0.0.1/32 # # allow any host to send any IP packet out to a limited number of hosts. # pass out from any to 10.1.3.1/32 pass out from any to 10.1.3.2/32 pass out from any to 10.1.3.3/32 pass out from any to 10.1.3.4/32 pass out from any to 10.1.3.5/32 pass out from any to 10.1.0.13/32 pass out from any to 10.1.1.1/32 pass out from any to 10.1.2.1/32 0707010e0665ca000081a40000000000000000000000013b671a6a000000420000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.4# # block all ICMP packets. # block in proto icmp from any to any 0707010e0665b2000081a40000000000000000000000013b671a6a000002b10000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.5# # test ruleset # # allow packets coming from foo to bar through. # pass in from 10.1.1.2 to 10.2.1.1 # # allow any TCP packets from the same subnet as foo is on through to host # 10.1.1.2 if they are destined for port 6667. # pass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667 # # allow in UDP packets which are NOT from port 53 and are destined for # localhost # pass in proto udp from 10.2.2.2 port != 53 to localhost # # block all ICMP unreachables. # block in proto icmp from any to any icmp-type unreach # # allow packets through which have a non-standard IP header length (ie there # are IP options such as source-routing present). # pass in from any to any with ipopts 0707010e06659a000081a40000000000000000000000013b671a6a000000ba0000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.6# # block all TCP packets with only the SYN flag set (this is the first # packet sent to establish a connection) out of the SYN-ACK pair. # block in proto tcp from any to any flags S/SA 0707010e066582000081a40000000000000000000000013b671a6a0000016a0000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.7# block all ICMP packets. # block in proto icmp all # # allow in ICMP echos and echo-replies. # pass in on le1 proto icmp from any to any icmp-type echo pass in on le1 proto icmp from any to any icmp-type echorep # # block all ICMP destination unreachable packets which are port-unreachables # block in on le1 proto icmp from any to any icmp-type unreach code 3 0707010e06656a000081a40000000000000000000000013b671a6a000001460000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.8# # block all incoming TCP connections but send back a TCP-RST for ones to # the ident port # block in proto tcp from any to any flags S/SA block return-rst in quick proto tcp from any to any port = 113 flags S/SA # # block all inbound UDP packets and send back an ICMP error. # block return-icmp in proto udp from any to any 0707010e066552000081a40000000000000000000000013b671a6a000001230000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/example.9# # drop all packets without IP security options # block in all pass in all with opt sec # # only allow packets in and out on le0 which are top secret # block out on le1 all pass out on le1 all with opt sec-class topsecret block in on le1 all pass in on le1 all with opt sec-class topsecret 0707010e06653a000081a40000000000000000000000013b671a6a000008260000000000000001ffffffffffffffff0000002100000003root/opt/ipf/examples/example.sr# # log all inbound packet on le0 which has IP options present # log in on le0 from any to any with ipopts # # block any inbound packets on le0 which are fragmented and "too short" to # do any meaningful comparison on. This actually only applies to TCP # packets which can be missing the flags/ports (depending on which part # of the fragment you see). # block in log quick on le0 from any to any with short frag # # log all inbound TCP packets with the SYN flag (only) set # (NOTE: if it were an inbound TCP packet with the SYN flag set and it # had IP options present, this rule and the above would cause it # to be logged twice). # log in on le0 proto tcp from any to any flags S/SA # # block and log any inbound ICMP unreachables # block in log on le0 proto icmp from any to any icmp-type unreach # # block and log any inbound UDP packets on le0 which are going to port 2049 # (the NFS port). # block in log on le0 proto udp from any to any port = 2049 # # quickly allow any packets to/from a particular pair of hosts # pass in quick from any to 10.1.3.2/32 pass in quick from any to 10.1.0.13/32 pass in quick from 10.1.3.2/32 to any pass in quick from 10.1.0.13/32 to any # # block (and stop matching) any packet with IP options present. # block in quick on le0 from any to any with ipopts # # allow any packet through # pass in from any to any # # block any inbound UDP packets destined for these subnets. # block in on le0 proto udp from any to 10.1.3.0/24 block in on le0 proto udp from any to 10.1.1.0/24 block in on le0 proto udp from any to 10.1.2.0/24 # # block any inbound TCP packets with only the SYN flag set that are # destined for these subnets. # block in on le0 proto tcp from any to 10.1.3.0/24 flags S/SA block in on le0 proto tcp from any to 10.1.2.0/24 flags S/SA block in on le0 proto tcp from any to 10.1.1.0/24 flags S/SA # # block any inbound ICMP packets destined for these subnets. # block in on le0 proto icmp from any to 10.1.3.0/24 block in on le0 proto icmp from any to 10.1.1.0/24 block in on le0 proto icmp from any to 10.1.2.0/24 0707010e066522000081a40000000000000000000000013b671a6a000005ff0000000000000001ffffffffffffffff0000001f00000003root/opt/ipf/examples/firewallConfiguring IP Filter for firewall usage. ========================================= Step 1 - Block out "bad" IP packets. ------------------------------------ Run the perl script "mkfilters". This will generate a list of blocking rules which: a) blocks all packets which might belong to an IP Spoofing attack; b) blocks all packets with IP options; c) blocks all packets which have a length which is too short for any legal packet; Step 2 - Convert Network Security Policy to filter rules. --------------------------------------------------------- Draw up a list of which services you want to allow users to use on the Internet (e.g. WWW, ftp, etc). Draw up a separate list for what you want each host that is part of your firewall to be allowed to do, including communication with internal hosts. Step 3 - Create TCP "keep state" rules. --------------------------------------- For each service that uses TCP, create a rule as follows: pass in on proto tcp from to any port flags S/SA keep state where * "int-a" is the internal interface of the firewall. That is, it is the closest to your internal network in terms of network hops. * "int-net" is the internal network IP# subnet address range. This might be something like 10.1.0.0/16, or 128.33.1.0/24 * "ext-service" is the service to which you wish to connect or if it doesn't have a proper name, a number can be used. The translation of "ext-service" as a name to a number is controlled with the /etc/services file. 0707010e06650a000081a40000000000000000000000013b671a6a000004f50000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/ftp-proxyHow to setup FTP proxying using the built in proxy code. ======================================================== NOTE: Currently, the built-in FTP proxy is only available for use with NAT (i.e. only if you're already using "map" rules with ipnat). It does support null-NAT mappings, that is, using the proxy without changing the addresses. Lets assume your network diagram looks something like this: [host A] |a ---+-------------+---------- |b [host B] |c ---+-------------+---------- |d [host C] and IP Filter is running on host B. If you want to proxy FTP from A to C then you would do: map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp int-c = name of "interface c" ipaddr-a = ip# of interface a ipaddr-c-net = another ip# on the C-network (usually not the same as the interface). e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0 which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was 203.45.67.90, you would do: map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp where: ipaddr-a = 10.1.1.1 int-c = vx0 ipaddr-c-net = 203.45.67.91 The "map" rule for this proxy should precede any other NAT rules you are using. 0707010e0664f2000081a40000000000000000000000013b671a6a000001100000000000000001ffffffffffffffff0000001d00000003root/opt/ipf/examples/ftppxy#!/bin/sh # The proxy bit is as follows: # proxy [port ] / # the should match a tagname in the proxy table, as does the protocol. # this format isn't finalised yet echo "map ed0 0/0 -> 192.1.1.1/32 proxy port ftp ftp/tcp" | /sbin/ipnat -f - 0707010e0664da000081a40000000000000000000000013b671a6a00000b230000000000000001ffffffffffffffff0000002000000003root/opt/ipf/examples/nat-setupConfiguring NAT on your network. ================================ To start setting up NAT, we need to define which is your "internal" interface and which is your "external" interface. The "internal" interface is the network adapter connected to the network with private IP addresses which you need to change for communicating on the Internet. The "external" interface is configured with a valid internet address. For example, your internal interface might have an IP# of 10.1.1.1 and be connected to your ethernet, whilst your external interface might be a PPP connection with an IP number of 204.51.62.176. Thus your network might look like this: [pc] [pc] | | +-+---------+------+ | [firewall] | | Internet Writing the map-rule. --------------------- When you're connected to the Internet, you will either have a block of IP addresses assigned to you, maybe several different blocks, or you use a single IP address, i.e. with dialup PPP. If you have a block of addresses assigned, these can be used to create either a 1:1 mapping (if you have only a few internal IP addresses) or N:1 mappings, where groups of internal addresses map to a single IP address and unless you have enough Internet addresses for a 1:1 mapping, you will want to do "portmapping" for TCP and UDP port numbers. For an N:1 situation, you might have: map ppp0 10.1.0.0/16 -> 209.23.1.5/32 portmap tcp/udp 10000:40000 map ppp0 10.1.0.0/16 -> 209.23.1.5/32 portmap where if you had 16 addresses available, you could do: map ppp0 10.1.0.0/16 -> 209.23.1.0/28 portmap tcp/udp 10000:40000 map ppp0 10.1.0.0/16 -> 209.23.1.0/28 portmap Or if you wanted to allocate subnets to each IP#, you might do: map ppp0 10.1.1.0/24 -> 209.23.1.2/32 portmap tcp/udp 10000:40000 map ppp0 10.1.2.0/24 -> 209.23.1.3/32 portmap tcp/udp 10000:40000 map ppp0 10.1.3.0/24 -> 209.23.1.4/32 portmap tcp/udp 10000:40000 map ppp0 10.1.1.0/24 -> 209.23.1.2/32 portmap map ppp0 10.1.2.0/24 -> 209.23.1.3/32 portmap map ppp0 10.1.3.0/24 -> 209.23.1.4/32 portmap *** NOTE: NAT rules are used on a first-match basis only! Filtering with NAT. ------------------- IP Filter will always translate addresses in a packet _BEFORE_ it checks its access list for inbound packets and translates addresses _AFTER_ it has checked the access control lists for outbound packets. For example (using the above NAT rules), if you wanted to prevent all hosts in the 10.1.2.0/24 subnet from using NAT, you might use the following rule with ipf: block out on ppp0 from 10.1.2.0/24 to any block in on ppp0 from any to 10.1.2.0/24 and use these with ipnat: map ppp0 10.1.0.0/16 -> 209.23.1.0/28 portmap tcp/udp 10000:40000 map ppp0 10.1.0.0/16 -> 209.23.1.0/28 portmap 0707010e0664c2000081a40000000000000000000000013b671a6a000002540000000000000001ffffffffffffffff0000001d00000003root/opt/ipf/examples/nat.eg# map all tcp connections from 10.1.0.0/16 to 240.1.0.1, changing the source # port number to something between 10,000 and 20,000 inclusive. For all other # IP packets, allocate an IP # between 240.1.0.0 and 240.1.0.255, temporarily # for each new user. # map ed1 10.1.0.0/16 -> 240.1.0.1/32 portmap tcp 10000:20000 map ed1 10.1.0.0/16 -> 240.1.0.0/24 # # Redirection is triggered for input packets. # For example, to redirect FTP connections through this box, to the local ftp # port, forcing them to connect through a proxy, you would use: # rdr ed0 0.0.0.0/0 port ftp -> 127.0.0.1 port ftp # 0707010e0664aa000081a40000000000000000000000013b671a6a000001d80000000000000001ffffffffffffffff0000001d00000003root/opt/ipf/examples/server# # For a network server, which has two interfaces, 128.1.40.1 (le0) and # 128.1.2.1 (le1), we want to block all IP spoofing attacks. le1 is # connected to the majority of the network, whilst le0 is connected to a # leaf subnet. We're not concerned about filtering individual services # or # pass in quick on le0 from 128.1.40.0/24 to any block in log quick on le0 from any to any block in log quick on le1 from 128.1.1.0/24 to any pass in quick on le1 from any to any 0707010e066492000081a40000000000000000000000013b671a6a000001c50000000000000001ffffffffffffffff0000001f00000003root/opt/ipf/examples/tcpstate# # Only allow TCP packets in/out of le0 if there is an outgoing connection setup # somewhere, waiting for it. # pass out quick on le0 proto tcp from any to any flags S/SAFR keep state block out on le0 proto tcp all block in on le0 proto tcp all # # allow nameserver queries and replies to pass through, but no other UDP # pass out quick on le0 proto udp from any to any port = 53 keep state block out on le0 proto udp all block in on le0 proto udp all 0707010e06647a000041ed0000000000000001000000063b671a72000000000000000000000001ffffffffffffffff0000001100000003root/opt/ipf/man0707010e066462000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001600000003root/opt/ipf/man/man10707010e06644a000081a40000000000000000000000013b671a6600000fbf0000000000000001ffffffffffffffff0000002000000003root/opt/ipf/man/man1/ipftest.1.TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitary input. .SH SYNOPSIS .B ipftest [ .B \-vbdPSTEHX ] [ .B \-I interface ] .B \-r [ .B \-i ] .SH DESCRIPTION .PP \fBipftest\fP is provided for the purpose of being able to test a set of filter rules without having to put them in place, in operation and proceed to test their effectiveness. The hope is that this minimises disruptions in providing a secure IP environment. .PP \fBipftest\fP will parse any standard ruleset for use with \fBipf\fP and apply input, returning output as to the result. However, \fBipftest\fP will return one of three values for packets passed through the filter: pass, block or nomatch. This is intended to give the operator a better idea of what is happening with packets passing through their filter ruleset. .PP When used without either of \fB\-S\fP, \fB\-T\fP or \fB\-E\fP, \fBipftest\fP uses its own text input format to generate "fake" IP packets. The format used is as follows: .nf "in"|"out" "on" if ["tcp"|"udp"|"icmp"] srchost[,srcport] dsthost[,destport] [FSRPAU] .fi .PP This allows for a packet going "in" or "out" of an interface (if) to be generated, being one of the three main protocols (optionally), and if either TCP or UDP, a port parameter is also expected. If TCP is selected, it is possible to (optionally) supply TCP flags at the end. Some examples are: .nf # a UDP packet coming in on le0 in on le0 udp 10.1.1.1,2210 10.2.1.5,23 # an IP packet coming in on le0 from localhost - hmm :) in on le0 localhost 10.4.12.1 # a TCP packet going out of le0 with the SYN flag set. out on le0 tcp 10.4.12.1,2245 10.1.1.1,23 S .fi .SH OPTIONS .TP .B \-v Verbose mode. This provides more information about which parts of rule matching the input packet passes and fails. .TP .B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). .TP .B \-b Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. .TP .BR \-I \0 Set the interface name (used in rule matching) to be the name supplied. This is useful with the \fB\-P, \-S, \-T\fP and \fB\-E\fP options, where it is not otherwise possible to associate a packet with an interface. Normal "text packets" can override this setting. .TP .B \-P The input file specified by \fB\-i\fP is a binary file produced using libpcap (i.e., tcpdump version 3). Packets are read from this file as being input (for rule purposes). An interface maybe specified using \fB\-I\fP. .TP .B \-S The input file is to be in "snoop" format (see RFC 1761). Packets are read from this file and used as input from any interface. This is perhaps the most useful input type, currently. .TP .B \-T The input file is to be text output from tcpdump. The text formats which are currently supported are those which result from the following tcpdump option combinations: .PP .nf tcpdump -n tcpdump -nq tcpdump -nqt tcpdump -nqtt tcpdump -nqte .fi .LP .TP .B \-H The input file is to be hex digits, representing the binary makeup of the packet. No length correction is made, if an incorrect length is put in the IP header. .TP .B \-X The input file is composed of text descriptions of IP packets. .TP .B \-E The input file is to be text output from etherfind. The text formats which are currently supported are those which result from the following etherfind option combinations: .PP .nf etherfind -n etherfind -n -t .fi .LP .TP .BR \-i \0 Specify the filename from which to take input. Default is stdin. .TP .BR \-r \0 Specify the filename from which to read filter rules. .SH SEE ALSO ipf(5), ipf(8), snoop(1m), tcpdump(8), etherfind(8c) .SH BUGS Not all of the input formats are sufficiently capable of introducing a wide enough variety of packets for them to be all useful in testing. 0707010e066432000081a40000000000000000000000013b671a67000004d50000000000000001ffffffffffffffff0000001e00000003root/opt/ipf/man/man1/ipnat.1.TH IPNAT 1 .SH NAME ipnat \- user interface to the NAT .SH SYNOPSIS .B ipnat [ .B \-lnrsvCF ] .B \-f <\fIfilename\fP> .SH DESCRIPTION .PP \fBipnat\fP opens the filename given (treating "\-" as stdin) and parses the file for a set of rules which are to be added or removed from the IP NAT. .PP Each rule processed by \fBipnat\fP is added to the kernels internal lists if there are no parsing problems. Rules are added to the end of the internal lists, matching the order in which they appear when given to \fBipnat\fP. .SH OPTIONS .TP .B \-C delete all entries in the current NAT rule listing (NAT rules) .TP .B \-F delete all active entries in the current NAT translation table (currently active NAT mappings) .TP .B \-l Show the list of current NAT table entry mappings. .TP .B \-n This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-s Retrieve and display NAT statistics .TP .B \-r Remove matching NAT rules rather than add them to the internal lists .TP .B \-v Turn verbose mode on. Displays information relating to rule processing and active rules/table entries. .DT .SH FILES /dev/ipnat .SH SEE ALSO ipnat(5), ipf(8), ipfstat(8) 0707010e06641a000081a40000000000000000000000013b671a670000014e0000000000000001ffffffffffffffff0000002200000003root/opt/ipf/man/man1/mkfilters.1.TH MKFILTERS 1 .SH NAME mkfilters \- generate a minimal firewall ruleset for ipfilter .SH SYNOPSIS .B mkfilters .SH DESCRIPTION .PP \fBmkfilters\fP is a perl script that generates a minimal filter rule set for use with \fBipfilter\fP by parsing the output of \fBifconfig\fP. .DT .SH SEE ALSO ipf(8), ipf(5), ipfilter(5), ifconfig(8) 0707010e066402000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001600000003root/opt/ipf/man/man40707010e066792000081a40000000000000000000000013b671a66000028300000000000000001ffffffffffffffff0000001c00000003root/opt/ipf/man/man4/ipf.4.TH IPF 4 .SH NAME ipf \- packet filtering kernel interface .SH SYNOPSIS #include .br #include .SH IOCTLS .PP To add and delete rules to the filter list, three 'basic' ioctls are provided for use. The ioctl's are called as: .LP .nf ioctl(fd, SIOCADDFR, struct frentry **) ioctl(fd, SIOCDELFR, struct frentry **) ioctl(fd, SIOCIPFFL, int *) .fi .PP However, the full complement is as follows: .LP .nf ioctl(fd, SIOCADAFR, struct frentry **) (same as SIOCADDFR) ioctl(fd, SIOCRMAFR, struct frentry **) (same as SIOCDELFR) ioctl(fd, SIOCADIFR, struct frentry **) ioctl(fd, SIOCRMIFR, struct frentry **) ioctl(fd, SIOCINAFR, struct frentry **) ioctl(fd, SIOCINIFR, struct frentry **) ioctl(fd, SIOCSETFF, u_int *) ioctl(fd, SIOGGETFF, u_int *) ioctl(fd, SIOCGETFS, struct friostat **) ioctl(fd, SIOCIPFFL, int *) ioctl(fd, SIOCIPFFB, int *) ioctl(fd, SIOCSWAPA, u_int *) ioctl(fd, SIOCFRENB, u_int *) ioctl(fd, SIOCFRSYN, u_int *) ioctl(fd, SIOCFRZST, struct friostat **) ioctl(fd, SIOCZRLST, struct frentry **) ioctl(fd, SIOCAUTHW, struct fr_info **) ioctl(fd, SIOCAUTHR, struct fr_info **) ioctl(fd, SIOCATHST, struct fr_authstat **) .fi .PP The variations, SIOCADAFR vs. SIOCADIFR, allow operation on the two lists, active and inactive, respectively. All of these ioctl's are implemented as being routing ioctls and thus the same rules for the various routing ioctls and the file descriptor are employed, mainly being that the fd must be that of the device associated with the module (i.e., /dev/ipl). .LP .PP The three groups of ioctls above perform adding rules to the end of the list (SIOCAD*), deletion of rules from any place in the list (SIOCRM*) and insertion of a rule into the list (SIOCIN*). The rule place into which it is inserted is stored in the "fr_hits" field, below. .LP .nf typedef struct frentry { struct frentry *fr_next; u_short fr_group; /* group to which this rule belongs */ u_short fr_grhead; /* group # which this rule starts */ struct frentry *fr_grp; int fr_ref; /* reference count - for grouping */ void *fr_ifa; #if BSD >= 199306 void *fr_oifa; #endif /* * These are only incremented when a packet matches this rule and * it is the last match */ U_QUAD_T fr_hits; U_QUAD_T fr_bytes; /* * Fields after this may not change whilst in the kernel. */ struct fr_ip fr_ip; struct fr_ip fr_mip; /* mask structure */ u_char fr_tcpfm; /* tcp flags mask */ u_char fr_tcpf; /* tcp flags */ u_short fr_icmpm; /* data for ICMP packets (mask) */ u_short fr_icmp; u_char fr_scmp; /* data for port comparisons */ u_char fr_dcmp; u_short fr_dport; u_short fr_sport; u_short fr_stop; /* top port for <> and >< */ u_short fr_dtop; /* top port for <> and >< */ u_32_t fr_flags; /* per-rule flags && options (see below) */ u_short fr_skip; /* # of rules to skip */ u_short fr_loglevel; /* syslog log facility + priority */ int (*fr_func) __P((int, ip_t *, fr_info_t *)); char fr_icode; /* return ICMP code */ char fr_ifname[IFNAMSIZ]; #if BSD > 199306 char fr_oifname[IFNAMSIZ]; #endif struct frdest fr_tif; /* "to" interface */ struct frdest fr_dif; /* duplicate packet interfaces */ } frentry_t; .fi .PP When adding a new rule, all unused fields (in the filter rule) should be initialised to be zero. To insert a rule, at a particular position in the filter list, the number of the rule which it is to be inserted before must be put in the "fr_hits" field (the first rule is number 0). .LP .PP Flags which are recognised in fr_flags: .nf FR_BLOCK 0x000001 /* do not allow packet to pass */ FR_PASS 0x000002 /* allow packet to pass */ FR_OUTQUE 0x000004 /* outgoing packets */ FR_INQUE 0x000008 /* ingoing packets */ FR_LOG 0x000010 /* Log */ FR_LOGB 0x000011 /* Log-fail */ FR_LOGP 0x000012 /* Log-pass */ FR_LOGBODY 0x000020 /* log the body of packets too */ FR_LOGFIRST 0x000040 /* log only the first packet to match */ FR_RETRST 0x000080 /* return a TCP RST packet if blocked */ FR_RETICMP 0x000100 /* return an ICMP packet if blocked */ FR_FAKEICMP 0x00180 /* Return ICMP unreachable with fake source */ FR_NOMATCH 0x000200 /* no match occured */ FR_ACCOUNT 0x000400 /* count packet bytes */ FR_KEEPFRAG 0x000800 /* keep fragment information */ FR_KEEPSTATE 0x001000 /* keep `connection' state information */ FR_INACTIVE 0x002000 FR_QUICK 0x004000 /* match & stop processing list */ FR_FASTROUTE 0x008000 /* bypass normal routing */ FR_CALLNOW 0x010000 /* call another function (fr_func) if matches */ FR_DUP 0x020000 /* duplicate the packet */ FR_LOGORBLOCK 0x040000 /* block the packet if it can't be logged */ FR_NOTSRCIP 0x080000 /* not the src IP# */ FR_NOTDSTIP 0x100000 /* not the dst IP# */ FR_AUTH 0x200000 /* use authentication */ FR_PREAUTH 0x400000 /* require preauthentication */ .fi .PP Values for fr_scomp and fr_dcomp (source and destination port value comparisons) : .LP .nf FR_NONE 0 FR_EQUAL 1 FR_NEQUAL 2 FR_LESST 3 FR_GREATERT 4 FR_LESSTE 5 FR_GREATERTE 6 FR_OUTRANGE 7 FR_INRANGE 8 .fi .PP The third ioctl, SIOCIPFFL, flushes either the input filter list, the output filter list or both and it returns the number of filters removed from the list(s). The values which it will take and recognise are FR_INQUE and FR_OUTQUE (see above). This ioctl is also implemented for \fB/dev/ipstate\fP and will flush all state tables entries if passed 0 or just all those which are not established if passed 1. .IP "\fBGeneral Logging Flags\fP" 0 There are two flags which can be set to log packets independantly of the rules used. These allow for packets which are either passed or blocked to be logged. To set (and clear)/get these flags, two ioctls are provided: .IP SIOCSETFF 16 Takes an unsigned integer as the parameter. The flags are then set to those provided (clearing/setting all in one). .nf FF_LOGPASS 0x10000000 FF_LOGBLOCK 0x20000000 FF_LOGNOMATCH 0x40000000 FF_BLOCKNONIP 0x80000000 /* Solaris 2.x only */ .fi .IP SIOCGETFF 16 Takes a pointer to an unsigned integer as the parameter. A copy of the flags currently in used is copied to user space. .IP "\fBFilter statistics\fP" 0 Statistics on the various operations performed by this package on packets is kept inside the kernel. These statistics apply to packets traversing through the kernel. To retrieve this structure, use this ioctl: .nf ioctl(fd, SIOCGETFS, struct friostat *) struct friostat { struct filterstats f_st[2]; struct frentry *f_fin[2]; struct frentry *f_fout[2]; struct frentry *f_acctin[2]; struct frentry *f_acctout[2]; struct frentry *f_auth; u_long f_froute[2]; int f_active; /* 1 or 0 - active rule set */ int f_defpass; /* default pass - from fr_pass */ int f_running; /* 1 if running, else 0 */ int f_logging; /* 1 if enabled, else 0 */ char f_version[32]; /* version string */ }; struct filterstats { u_long fr_pass; /* packets allowed */ u_long fr_block; /* packets denied */ u_long fr_nom; /* packets which don't match any rule */ u_long fr_ppkl; /* packets allowed and logged */ u_long fr_bpkl; /* packets denied and logged */ u_long fr_npkl; /* packets unmatched and logged */ u_long fr_pkl; /* packets logged */ u_long fr_skip; /* packets to be logged but buffer full */ u_long fr_ret; /* packets for which a return is sent */ u_long fr_acct; /* packets for which counting was performed */ u_long fr_bnfr; /* bad attempts to allocate fragment state */ u_long fr_nfr; /* new fragment state kept */ u_long fr_cfr; /* add new fragment state but complete pkt */ u_long fr_bads; /* bad attempts to allocate packet state */ u_long fr_ads; /* new packet state kept */ u_long fr_chit; /* cached hit */ u_long fr_pull[2]; /* good and bad pullup attempts */ #if SOLARIS u_long fr_notdata; /* PROTO/PCPROTO that have no data */ u_long fr_nodata; /* mblks that have no data */ u_long fr_bad; /* bad IP packets to the filter */ u_long fr_notip; /* packets passed through no on ip queue */ u_long fr_drop; /* packets dropped - no info for them! */ #endif }; .fi If we wanted to retrieve all the statistics and reset the counters back to 0, then the ioctl() call would be made to SIOCFRZST rather than SIOCGETFS. In addition to the statistics above, each rule keeps a hit count, counting both number of packets and bytes. To reset these counters for a rule, load the various rule information into a frentry structure and call SIOCZRLST. .IP "Swapping Active lists" 0 IP Filter supports two lists of rules for filtering and accounting: an active list and an inactive list. This allows for large scale rule base changes to be put in place atomically with otherwise minimal interruption. Which of the two is active can be changed using the SIOCSWAPA ioctl. It is important to note that no passed argument is recognised and that the value returned is that of the list which is now inactive. .br .SH FILES /dev/ipauth .br /dev/ipl .br /dev/ipnat .br /dev/ipstate .SH SEE ALSO ipl(4), ipnat(4), ipf(5), ipf(8), ipfstat(8) 0707010e06677a000081a40000000000000000000000013b671a6700000b6b0000000000000001ffffffffffffffff0000001c00000003root/opt/ipf/man/man4/ipl.4.TH IPL 4 .SH NAME ipl \- IP packet log device .SH DESCRIPTION The \fBipl\fP pseudo device's purpose is to provide an easy way to gather packet headers of packets you wish to log. If a packet header is to be logged, the entire header is logged (including any IP options \- TCP/UDP options are not included when it calculates header size) or not at all. The packet contents are also logged after the header. If the log reader is busy or otherwise unable to read log records, upto IPLLOGSIZE (8192 is the default) bytes of data are stored. .PP Prepending every packet header logged is a structure containing information relevant to the packet following and why it was logged. The structure's format is as follows: .LP .nf /* * Log structure. Each packet header logged is prepended by one of these. * Following this in the log records read from the device will be an ipflog * structure which is then followed by any packet data. */ typedef struct iplog { u_long ipl_sec; u_long ipl_usec; u_int ipl_len; u_int ipl_count; size_t ipl_dsize; struct iplog *ipl_next; } iplog_t; typedef struct ipflog { #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) u_char fl_ifname[IFNAMSIZ]; #else u_int fl_unit; u_char fl_ifname[4]; #endif u_char fl_plen; /* extra data after hlen */ u_char fl_hlen; /* length of IP headers saved */ u_short fl_rule; /* assume never more than 64k rules, total */ u_32_t fl_flags; } ipflog_t; .fi .PP When reading from the \fBipl\fP device, it is necessary to call read(2) with a buffer big enough to hold at least 1 complete log record - reading of partial log records is not supported. .PP If the packet contents is more then 128 bytes when \fBlog body\fP is used, then only 128 bytes of the packet contents is logged. .PP Although it is only possible to read from the \fBipl\fP device, opening it for writing is required when using an ioctl which changes any kernel data. .PP The ioctls which are loaded with this device can be found under \fBipf(4)\fP. The ioctls which are for use with logging and don't affect the filter are: .LP .nf ioctl(fd, SIOCIPFFB, int *) ioctl(fd, FIONREAD, int *) .fi .PP The SIOCIPFFB ioctl flushes the log buffer and returns the number of bytes flushed. FIONREAD returns the number of bytes currently used for storing log data. If IPFILTER_LOG is not defined when compiling, SIOCIPFFB is not available and FIONREAD will return but not do anything. .PP There is currently no support for non-blocking IO with this device, meaning all read operations should be considered blocking in nature (if there is no data to read, it will sleep until some is made available). .SH SEE ALSO ipf(4) .SH BUGS Packet headers are dropped when the internal buffer (static size) fills. .SH FILES /dev/ipl 0707010e0cffdb000081a40000000000000000000000013b671a6700000b280000000000000001ffffffffffffffff0000001e00000003root/opt/ipf/man/man4/ipnat.4.TH IPNAT 4 .SH NAME ipnat \- Network Address Translation kernel interface .SH SYNOPSIS #include .br #include .br #include .br #include .SH IOCTLS .PP To add and delete rules to the NAT list, two 'basic' ioctls are provided for use. The ioctl's are called as: .LP .nf ioctl(fd, SIOCADNAT, struct ipnat **) ioctl(fd, SIOCRMNAT, struct ipnat **) ioctl(fd, SIOCGNATS, struct natstat **) ioctl(fd, SIOCGNATL, struct natlookup **) .fi .PP Unlike \fBipf(4)\fP, there is only a single list supported by the kernel NAT interface. An inactive list which can be swapped to is not currently supported. These ioctl's are implemented as being routing ioctls and thus the same rules for the various routing ioctls and the file descriptor are employed, mainly being that the fd must be that of the device associated with the module (i.e., /dev/ipl). .LP .PP The strcture used with the NAT interface is described below: .LP .nf typedef struct ipnat { struct ipnat *in_next; void *in_ifp; u_short in_flags; u_short in_pnext; u_short in_port[2]; struct in_addr in_in[2]; struct in_addr in_out[2]; struct in_addr in_nextip; int in_space; int in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */ char in_ifname[IFNAMSIZ]; } ipnat_t; #define in_pmin in_port[0] /* Also holds static redir port */ #define in_pmax in_port[1] #define in_nip in_nextip.s_addr #define in_inip in_in[0].s_addr #define in_inmsk in_in[1].s_addr #define in_outip in_out[0].s_addr #define in_outmsk in_out[1].s_addr .fi .PP Recognised values for in_redir: .LP .nf #define NAT_MAP 0 #define NAT_REDIRECT 1 .fi .PP .LP \fBNAT statistics\fP Statistics on the number of packets mapped, going in and out are kept, the number of times a new entry is added and deleted (through expiration) to the NAT table and the current usage level of the NAT table. .PP Pointers to the NAT table inside the kernel, as well as to the top of the internal NAT lists constructed with the \fBSIOCADNAT\fP ioctls. The table itself is a hash table of size NAT_SIZE (default size is 367). .PP To retrieve the statistics, the \fBSIOCGNATS\fP ioctl must be used, with the appropriate structure passed by reference, as follows: .nf ioctl(fd, SIOCGNATS, struct natstat *) typedef struct natstat { u_long ns_mapped[2]; u_long ns_added; u_long ns_expire; u_long ns_inuse; nat_t ***ns_table; ipnat_t *ns_list; } natstat_t; .fi .SH BUGS It would be nice if there were more flexibility when adding and deleting filter rules. .SH FILES /dev/ipnat .SH SEE ALSO ipf(4), ipnat(5), ipf(8), ipnat(8), ipfstat(8) 0707010e0cffc3000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001600000003root/opt/ipf/man/man50707010e0cffab000081a40000000000000000000000013b671a66000057130000000000000001ffffffffffffffff0000001c00000003root/opt/ipf/man/man5/ipf.5.TH IPF 5 .SH NAME ipf, ipf.conf \- IP packet filter rule syntax .SH DESCRIPTION .PP A rule file for \fBipf\fP may have any name or even be stdin. As \fBipfstat\fP produces parseable rules as output when displaying the internal kernel filter lists, it is quite plausible to use its output to feed back into \fBipf\fP. Thus, to remove all filters on input packets, the following could be done: .nf \fC# ipfstat \-i | ipf \-rf \-\fP .fi .SH GRAMMAR .PP The format used by \fBipf\fP for construction of filtering rules can be described using the following grammar in BNF: \fC .nf filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ] [ proto ] [ ip ] [ group ]. insert = "@" decnumber . action = block | "pass" | log | "count" | skip | auth | call . in-out = "in" | "out" . options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] . tos = "tos" decnumber | "tos" hexnumber . ttl = "ttl" decnumber . proto = "proto" protocol . ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] . group = [ "head" decnumber ] [ "group" decnumber ] . block = "block" [ return-icmp[return-code] | "return-rst" ] . auth = "auth" | "preauth" . log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . call = "call" [ "now" ] function-name . skip = "skip" decnumber . dup = "dup-to" interface-name[":"ipaddr] . froute = "fastroute" | "to" interface-name . protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . srcdst = "all" | fromto . fromto = "from" [ "!" ] object "to" [ "!" ] object . return-icmp = "return-icmp" | "return-icmp-as-dest" . object = addr [ port-comp | port-range ] . addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . port-comp = "port" compare port-num . port-range = "port" port-num range port-num . flags = "flags" flag { flag } [ "/" flag { flag } ] . with = "with" | "and" . icmp = "icmp-type" icmp-type [ "code" decnumber ] . return-code = "("icmp-code")" . keep = "keep" "state" | "keep" "frags" . loglevel = facility"."priority | priority . nummask = host-name [ "/" decnumber ] . host-name = ipaddr | hostname | "any" . ipaddr = host-num "." host-num "." host-num "." host-num . host-num = digit [ digit [ digit ] ] . port-num = service-name | decnumber . withopt = [ "not" | "no" ] opttype [ withopt ] . opttype = "ipopts" | "short" | "frag" | "opt" ipopts . optname = ipopts [ "," optname ] . ipopts = optlist | "sec-class" [ secname ] . secname = seclvl [ "," secname ] . seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" | "reserv-4" | "secret" | "topsecret" . icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" | "timex" | "paramprob" | "timest" | "timestrep" | "inforeq" | "inforep" | "maskreq" | "maskrep" | decnumber . icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" | "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | "net-prohib" | "host-prohib" | "net-tos" | "host-tos" | "filter-prohib" | "host-preced" | "cutoff-preced" . optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" | "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" | "visa" | "imitd" | "eip" | "finn" . facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" | "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" | "audit" | "logalert" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" . priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" | "info" | "debug" . hexnumber = "0" "x" hexstring . hexstring = hexdigit [ hexstring ] . decnumber = digit [ decnumber ] . compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" | "le" | "ge" . range = "<>" | "><" . hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" . digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" . flag = "F" | "S" | "R" | "P" | "A" | "U" . .fi .PP This syntax is somewhat simplified for readability, some combinations that match this grammar are disallowed by the software because they do not make sense (such as tcp \fBflags\fP for non-TCP packets). .SH FILTER RULES .PP The "briefest" valid rules are (currently) no-ops and are of the form: .nf block in all pass in all log out all count in all .fi .PP Filter rules are checked in order, with the last matching rule determining the fate of the packet (but see the \fBquick\fP option, below). .PP Filters are installed by default at the end of the kernel's filter lists, prepending the rule with \fB@n\fP will cause it to be inserted as the n'th entry in the current list. This is especially useful when modifying and testing active filter rulesets. See ipf(1) for more information. .SH ACTIONS .PP The action indicates what to do with the packet if it matches the rest of the filter rule. Each rule MUST have an action. The following actions are recognised: .TP .B block indicates that the packet should be flagged to be dropped. In response to blocking a packet, the filter may be instructed to send a reply packet, either an ICMP packet (\fBreturn-icmp\fP), an ICMP packet masquerading as being from the original packet's destination (\fBreturn-icmp-as-dest\fP), or a TCP "reset" (\fBreturn-rst\fP). An ICMP packet may be generated in response to any IP packet, and its type may optionally be specified, but a TCP reset may only be used with a rule which is being applied to TCP packets. When using \fBreturn-icmp\fP or \fBreturn-icmp-as-dest\fP, it is possible to specify the actual unreachable `type'. That is, whether it is a network unreachable, port unreachable or even administratively prohibitied. This is done by enclosing the ICMP code associated with it in parenthesis directly following \fBreturn-icmp\fP or \fBreturn-icmp-as-dest\fP as follows: .nf block return-icmp(11) ... .fi .PP Would return a Type-Of-Service (TOS) ICMP unreachable error. .TP .B pass will flag the packet to be let through the filter. .TP .B log causes the packet to be logged (as described in the LOGGING section below) and has no effect on whether the packet will be allowed through the filter. .TP .B count causes the packet to be included in the accounting statistics kept by the filter, and has no effect on whether the packet will be allowed through the filter. These statistics are viewable with ipfstat(8). .TP .B call this action is used to invoke the named function in the kernel, which must conform to a specific calling interface. Customised actions and semantics can thus be implemented to supplement those available. This feature is for use by knowledgeable hackers, and is not currently documented. .TP .B "skip " causes the filter to skip over the next \fIn\fP filter rules. If a rule is inserted or deleted inside the region being skipped over, then the value of \fIn\fP is adjusted appropriately. .TP .B auth this allows authentication to be performed by a user-space program running and waiting for packet information to validate. The packet is held for a period of time in an internal buffer whilst it waits for the program to return to the kernel the \fIreal\fP flags for whether it should be allowed through or not. Such a program might look at the source address and request some sort of authentication from the user (such as a password) before allowing the packet through or telling the kernel to drop it if from an unrecognised source. .TP .B preauth tells the filter that for packets of this class, it should look in the pre-authenticated list for further clarification. If no further matching rule is found, the packet will be dropped (the FR_PREAUTH is not the same as FR_PASS). If a further matching rule is found, the result from that is used in its instead. This might be used in a situation where a person \fIlogs in\fP to the firewall and it sets up some temporary rules defining the access for that person. .PP The next word must be either \fBin\fP or \fBout\fP. Each packet moving through the kernel is either inbound (just been received on an interface, and moving towards the kernel's protocol processing) or outbound (transmitted or forwarded by the stack, and on its way to an interface). There is a requirement that each filter rule explicitly state which side of the I/O it is to be used on. .SH OPTIONS .PP The list of options is brief, and all are indeed optional. Where options are used, they must be present in the order shown here. These are the currently supported options: .TP .B log indicates that, should this be the last matching rule, the packet header will be written to the \fBipl\fP log (as described in the LOGGING section below). .TP .B quick allows "short-cut" rules in order to speed up the filter or override later rules. If a packet matches a filter rule which is marked as \fBquick\fP, this rule will be the last rule checked, allowing a "short-circuit" path to avoid processing later rules for this packet. The current status of the packet (after any effects of the current rule) will determine whether it is passed or blocked. .IP If this option is missing, the rule is taken to be a "fall-through" rule, meaning that the result of the match (block/pass) is saved and that processing will continue to see if there are any more matches. .TP .B on allows an interface name to be incorporated into the matching procedure. Interface names are as printed by "netstat \-i". If this option is used, the rule will only match if the packet is going through that interface in the specified direction (in/out). If this option is absent, the rule is taken to be applied to a packet regardless of the interface it is present on (i.e. on all interfaces). Filter rulesets are common to all interfaces, rather than having a filter list for each interface. .IP This option is especially useful for simple IP-spoofing protection: packets should only be allowed to pass inbound on the interface from which the specified source address would be expected, others may be logged and/or dropped. .TP .B dup-to causes the packet to be copied, and the duplicate packet to be sent outbound on the specified interface, optionally with the destination IP address changed to that specified. This is useful for off-host logging, using a network sniffer. .TP .B to causes the packet to be moved to the outbound queue on the specified interface. This can be used to circumvent kernel routing decisions, and even to bypass the rest of the kernel processing of the packet (if applied to an inbound rule). It is thus possible to construct a firewall that behaves transparently, like a filtering hub or switch, rather than a router. The \fBfastroute\fP keyword is a synonym for this option. .SH MATCHING PARAMETERS .PP The keywords described in this section are used to describe attributes of the packet to be used when determining whether rules match or don't match. The following general-purpose attributes are provided for matching, and must be used in this order: .TP .B tos packets with different Type-Of-Service values can be filtered. Individual service levels or combinations can be filtered upon. The value for the TOS mask can either be represented as a hex number or a decimal integer value. .TP .B ttl packets may also be selected by their Time-To-Live value. The value given in the filter rule must exactly match that in the packet for a match to occur. This value can only be given as a decimal integer value. .TP .B proto allows a specific protocol to be matched against. All protocol names found in \fB/etc/protocols\fP are recognised and may be used. However, the protocol may also be given as a DECIMAL number, allowing for rules to match your own protocols, or new ones which would out-date any attempted listing. .IP The special protocol keyword \fBtcp/udp\fP may be used to match either a TCP or a UDP packet, and has been added as a convenience to save duplication of otherwise-identical rules. .\" XXX grammar should reflect this (/etc/protocols) .PP The \fBfrom\fP and \fBto\fP keywords are used to match against IP addresses (and optionally port numbers). Rules must specify BOTH source and destination parameters. .PP IP addresses may be specified in one of two ways: as a numerical address\fB/\fPmask, or as a hostname \fBmask\fP netmask. The hostname may either be a valid hostname, from either the hosts file or DNS (depending on your configuration and library) or of the dotted numeric form. There is no special designation for networks but network names are recognised. Note that having your filter rules depend on DNS results can introduce an avenue of attack, and is discouraged. .PP There is a special case for the hostname \fBany\fP which is taken to be 0.0.0.0/0 (see below for mask syntax) and matches all IP addresses. Only the presence of "any" has an implied mask, in all other situations, a hostname MUST be accompanied by a mask. It is possible to give "any" a hostmask, but in the context of this language, it is non-sensical. .PP The numerical format "x\fB/\fPy" indicates that a mask of y consecutive 1 bits set is generated, starting with the MSB, so a y value of 16 would give 0xffff0000. The symbolic "x \fBmask\fP y" indicates that the mask y is in dotted IP notation or a hexadecimal number of the form 0x12345678. Note that all the bits of the IP address indicated by the bitmask must match the address on the packet exactly; there isn't currently a way to invert the sense of the match, or to match ranges of IP addresses which do not express themselves easily as bitmasks (anthropomorphization; it's not just for breakfast anymore). .PP If a \fBport\fP match is included, for either or both of source and destination, then it is only applied to .\" XXX - "may only be" ? how does this apply to other protocols? will it not match, or will it be ignored? TCP and UDP packets. If there is no \fBproto\fP match parameter, packets from both protocols are compared. This is equivalent to "proto tcp/udp". When composing \fBport\fP comparisons, either the service name or an integer port number may be used. Port comparisons may be done in a number of forms, with a number of comparison operators, or port ranges may be specified. When the port appears as part of the \fBfrom\fP object, it matches the source port number, when it appears as part of the \fBto\fP object, it matches the destination port number. See the examples for more information. .PP The \fBall\fP keyword is essentially a synonym for "from any to any" with no other match parameters. .PP Following the source and destination matching parameters, the following additional parameters may be used: .TP .B with is used to match irregular attributes that some packets may have associated with them. To match the presence of IP options in general, use \fBwith ipopts\fP. To match packets that are too short to contain a complete header, use \fBwith short\fP. To match fragmented packets, use \fBwith frag\fP. For more specific filtering on IP options, individual options can be listed. .IP Before any parameter used after the \fBwith\fP keyword, the word \fBnot\fP or \fBno\fP may be inserted to cause the filter rule to only match if the option(s) is not present. .IP Multiple consecutive \fBwith\fP clauses are allowed. Alternatively, the keyword \fBand\fP may be used in place of \fBwith\fP, this is provided purely to make the rules more readable ("with ... and ..."). When multiple clauses are listed, all those must match to cause a match of the rule. .\" XXX describe the options more specifically in a separate section .TP .B flags is only effective for TCP filtering. Each of the letters possible represents one of the possible flags that can be set in the TCP header. The association is as follows: .LP .nf F - FIN S - SYN R - RST P - PUSH A - ACK U - URG .fi .IP The various flag symbols may be used in combination, so that "SA" would represent a SYN-ACK combination present in a packet. There is nothing preventing the specification of combinations, such as "SFR", that would not normally be generated by law-abiding TCP implementations. However, to guard against weird aberrations, it is necessary to state which flags you are filtering against. To allow this, it is possible to set a mask indicating which TCP flags you wish to compare (i.e., those you deem significant). This is done by appending "/" to the set of TCP flags you wish to match against, e.g.: .LP .nf ... flags S # becomes "flags S/AUPRFS" and will match # packets with ONLY the SYN flag set. ... flags SA # becomes "flags SA/AUPRFSC" and will match any # packet with only the SYN and ACK flags set. ... flags S/SA # will match any packet with just the SYN flag set # out of the SYN-ACK pair; the common "establish" # keyword action. "S/SA" will NOT match a packet # with BOTH SYN and ACK set, but WILL match "SFP". .fi .TP .B icmp-type is only effective when used with \fBproto icmp\fP and must NOT be used in conjuction with \fBflags\fP. There are a number of types, which can be referred to by an abbreviation recognised by this language, or the numbers with which they are associated can be used. The most important from a security point of view is the ICMP redirect. .SH KEEP HISTORY .PP The second last parameter which can be set for a filter rule is whether or not to record historical information for that packet, and what sort to keep. The following information can be kept: .TP .B state keeps information about the flow of a communication session. State can be kept for TCP, UDP, and ICMP packets. .TP .B frags keeps information on fragmented packets, to be applied to later fragments. .PP allowing packets which match these to flow straight through, rather than going through the access control list. .SH GROUPS The last pair of parameters control filter rule "grouping". By default, all filter rules are placed in group 0 if no other group is specified. To add a rule to a non-default group, the group must first be started by creating a group \fIhead\fP. If a packet matches a rule which is the \fIhead\fP of a group, the filter processing then switches to the group, using that rule as the default for the group. If \fBquick\fP is used with a \fBhead\fP rule, rule processing isn't stopped until it has returned from processing the group. .PP A rule may be both the head for a new group and a member of a non-default group (\fBhead\fP and \fBgroup\fP may be used together in a rule). .TP .B "head " indicates that a new group (number n) should be created. .TP .B "group " indicates that the rule should be put in group (number n) rather than group 0. .SH LOGGING .PP When a packet is logged, with either the \fBlog\fP action or option, the headers of the packet are written to the \fBipl\fP packet logging psuedo-device. Immediately following the \fBlog\fP keyword, the following qualifiers may be used (in order): .TP .B body indicates that the first 128 bytes of the packet contents will be logged after the headers. .TP .B first If log is being used in conjunction with a "keep" option, it is recommended that this option is also applied so that only the triggering packet is logged and not every packet which thereafter matches state information. .TP .B or-block indicates that, if for some reason the filter is unable to log the packet (such as the log reader being too slow) then the rule should be interpreted as if the action was \fBblock\fP for this packet. .TP .B "level " indicates what logging facility and priority, or just priority with the default facility being used, will be used to log information about this packet using ipmon's -s option. .PP See ipl(4) for the format of records written to this device. The ipmon(8) program can be used to read and format this log. .SH EXAMPLES .PP The \fBquick\fP option is good for rules such as: \fC .nf block in quick from any to any with ipopts .fi .PP which will match any packet with a non-standard header length (IP options present) and abort further processing of later rules, recording a match and also that the packet should be blocked. .PP The "fall-through" rule parsing allows for effects such as this: .LP .nf block in from any to any port < 6000 pass in from any to any port >= 6000 block in from any to any port > 6003 .fi .PP which sets up the range 6000-6003 as being permitted and all others being denied. Note that the effect of the first rule is overridden by subsequent rules. Another (easier) way to do the same is: .LP .nf block in from any to any port 6000 <> 6003 pass in from any to any port 5999 >< 6004 .fi .PP Note that both the "block" and "pass" are needed here to effect a result as a failed match on the "block" action does not imply a pass, only that the rule hasn't taken effect. To then allow ports < 1024, a rule such as: .LP .nf pass in quick from any to any port < 1024 .fi .PP would be needed before the first block. To create a new group for processing all inbound packets on le0/le1/lo0, with the default being to block all inbound packets, we would do something like: .LP .nf block in all block in quick on le0 all head 100 block in quick on le1 all head 200 block in quick on lo0 all head 300 .fi .PP and to then allow ICMP packets in on le0, only, we would do: .LP .nf pass in proto icmp all group 100 .fi .PP Note that because only inbound packets on le0 are used processed by group 100, there is no need to respecify the interface name. Likewise, we could further breakup processing of TCP, etc, as follows: .LP .nf block in proto tcp all head 110 group 100 pass in from any to any port = 23 group 110 .fi .PP and so on. The last line, if written without the groups would be: .LP .nf pass in on le0 proto tcp from any to any port = telnet .fi .PP Note, that if we wanted to say "port = telnet", "proto tcp" would need to be specified as the parser interprets each rule on its own and qualifies all service/port names with the protocol specified. .SH FILES /dev/ipauth .br /dev/ipl .br /dev/ipstate .br /etc/hosts .br /etc/services .SH SEE ALSO ipftest(1), iptest(1), mkfilters(1), ipf(4), ipnat(5), ipf(8), ipfstat(8) 0707010e0cff93000081a40000000000000000000000013b671a67000020a00000000000000001ffffffffffffffff0000001e00000003root/opt/ipf/man/man5/ipnat.5.TH IPNAT 5 .SH NAME ipnat, ipnat.conf \- IP NAT file format .SH DESCRIPTION The format for files accepted by ipnat is described by the following grammar: .LP .nf ipmap :: = mapblock | redir | map . map ::= mapit ifname ipmask "->" ipmask [ mapport ] . map ::= mapit ifname fromto "->" ipmask [ mapport ] . mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] . redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] [ ports ] options . dport ::= "port" portnum [ "-" portnum ] . ports ::= "ports" numports | "auto" . mapit ::= "map" | "bimap" . fromto ::= "from" object "to" object . ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask . mapport ::= "portmap" tcpudp portnumber ":" portnumber . options ::= [ tcpudp ] [ rr ] . object = addr [ port-comp | port-range ] . addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . port-comp = "port" compare port-num . port-range = "port" port-num range port-num . rr ::= "round-robin" . tcpudp ::= "tcp" | "udp" | "tcp/udp" . portnumber ::= number { numbers } | "auto" . ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers . numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' . .fi .PP For standard NAT functionality, a rule should start with \fBmap\fP and then proceeds to specify the interface for which outgoing packets will have their source address rewritten. .PP Packets which will be rewritten can only be selected by matching the original source address. A netmask must be specified with the IP address. .PP The address selected for replacing the original is chosen from an IP#/netmask pair. A netmask of all 1's indicating a hostname is valid. A netmask of 31 1's (255.255.255.254) is considered invalid as there is no space for allocating host IP#'s after consideration for broadcast and network addresses. .PP When remapping TCP and UDP packets, it is also possible to change the source port number. Either TCP or UDP or both can be selected by each rule, with a range of port numbers to remap into given as \fBport-number:port-number\fP. .SH COMMANDS There are four commands recognised by IP Filter's NAT code: .TP .B map that is used for mapping one address or network to another in an unregulated round robin fashion; .TP .B rdr that is used for redirecting packets to one IP address and port pair to another; .TP .B bimap for setting up bidirectional NAT between an external IP address and an internal IP address and .TP .B map-block which sets up static IP address based translation, based on a algorithm to squeeze the addresses to be translated into the destination range. .SH MATCHING .PP For basic NAT and redirection of packets, the address subject to change is used along with its protocol to check if a packet should be altered. The packet \fImatching\fP part of the rule is to the left of the "->" in each rule. .PP Matching of packets has now been extended to allow more complex compares. In place of the address which is to be translated, an IP address and port number comparison can be made using the same expressions available with \fBipf\fP. A simple NAT rule could be written as: .LP .nf map de0 10.1.0.0/16 -> 201.2.3.4/32 .fi .LP or as .LP .nf map de0 from 10.1.0.0/16 to any -> 201.2.3.4/32 .fi .LP Only IP address and port numbers can be compared against. This is available with all NAT rules. .SH TRANSLATION .PP To the right of the "->" is the address and port specificaton which will be written into the packet providing it has already successful matched the prior constraints. The case of redirections (\fBrdr\fP) is the simpliest: the new destination address is that specified in the rule. For \fBmap\fP rules, the destination address will be one for which the tuple combining the new source and destination is known to be unique. If the packet is either a TCP or UDP packet, the destination and source ports come into the equation too. If the tuple already exists, IP Filter will increment the port number first, within the available range specified with \fBportmap\fP and if there exists no unique tuple, the source address will be incremented within the specified netmask. If a unique tuple cannot be determined, then the packet will not be translated. The \fBmap-block\fP is more limited in how it searches for a new, free and unique tuple, in that it will used an algorithm to determine what the new source address should be, along with the range of available ports - the IP address is never changed and nor does the port number ever exceed its alloted range. .SH KERNEL PROXIES .PP IP Filter comes with a few, simple, proxies built into the code that is loaded into the kernel to allow secondary channels to be opened without forcing the packets through a user program. .SH TRNSPARENT PROXIES .PP True transparent proxying should be performed using the redirect (\fBrdr\fP) rules directing ports to localhost (127.0.0.1) with the proxy program doing a lookup through \fB/dev/ipnat\fP to determine the real source and address of the connection. .SH LOAD-BALANCING .PP Two options for use with \fBrdr\fP are available to support primitive, \fIround-robin\fP based load balancing. The first option allows for a \fBrdr\fP to specify a second destination, as follows: .LP .nf rdr le0 203.1.2.3/32 port 80 -> 203.1.2.3,203.1.2.4 port 80 tcp .fi .LP This would send alternate connections to either 203.1.2.3 or 203.1.2.4. In scenarios where the load is being spread amongst a larger set of servers, you can use: .LP .nf rdr le0 203.1.2.3/32 port 80 -> 203.1.2.3,203.1.2.4 port 80 tcp round-robin rdr le0 203.1.2.3/32 port 80 -> 203.1.2.5 port 80 tcp round-robin .fi .LP In this case, a connection will be redirected to 203.1.2.3, then 203.1.2.4 and then 203.1.2.5 before going back to 203.1.2.3. In accomplishing this, the rule is removed from the top of the list and added to the end, automatically, as required. This will not effect the display of rules using "ipnat -l", only the internal application order. .SH EXAMPLES .PP This section deals with the \fBmap\fP command and it's variations. .PP To change IP#'s used internally from network 10 into an ISP provided 8 bit subnet at 209.1.2.0 through the ppp0 interface, the following would be used: .LP .nf map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .fi .PP The obvious problem here is we're trying to squeeze over 16,000,000 IP addresses into a 254 address space. To increase the scope, remapping for TCP and/or UDP, port remapping can be used; .LP .nf map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 .fi .PP which falls only 527,566 `addresses' short of the space available in network 10. If we were to combine these rules, they would need to be specified as follows: .LP .nf map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .fi .PP so that all TCP/UDP packets were port mapped and only other protocols, such as ICMP, only have their IP# changed. In some instaces, it is more appropriate to use the keyword \fBauto\fP in place of an actual range of port numbers if you want to guarantee simultaneous access to all within the given range. However, in the above case, it would default to 1 port per IP address, since we need to squeeze 24 bits of address space into 8. A good example of how this is used might be: .LP .nf map ppp0 172.192.0.0/16 -> 209.1.2.0/24 portmap tcp/udp auto .fi .PP which would result in each IP address being given a small range of ports to use (252). The problem here is that the \fBmap\fP directive tells the NAT code to use the next address/port pair available for an outgoing connection, resulting in no easily discernable relation between external addresses/ports and internal ones. This is overcome by using \fBmap-block\fP as follows: .LP .nf map-block ppp0 172.192.0.0/16 -> 209.1.2.0/24 ports auto .fi .PP For example, this would result in 172.192.0.0/24 being mapped to 209.1.2.0/32 with each address, from 172.192.0.0 to 172.192.0.255 having 252 ports of its own. As opposed to the above use of \fBmap\fP, if for some reason the user of (say) 172.192.0.2 wanted 260 simultaneous connections going out, they would be limited to 252 with \fBmap-block\fP but would just \fImove on\fP to the next IP address with the \fBmap\fP command. /dev/ipnat .br /etc/services .br /etc/hosts .SH SEE ALSO ipnat(4), hosts(5), ipf(5), services(5), ipf(8), ipnat(8) 0707010e0cff7b000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001600000003root/opt/ipf/man/man80707010e0cff63000081a40000000000000000000000013b671a660000109b0000000000000001ffffffffffffffff0000001c00000003root/opt/ipf/man/man8/ipf.8.TH IPF 8 .SH NAME ipf \- alters packet filtering lists for IP packet input and output .SH SYNOPSIS .B ipf [ .B \-6AdDEInoPrsUvVyzZ ] [ .B \-l ] [ .B \-F ] .B \-f <\fIfilename\fP> [ .B \-f <\fIfilename\fP> [...]] .SH DESCRIPTION .PP \fBipf\fP opens the filenames listed (treating "\-" as stdin) and parses the file for a set of rules which are to be added or removed from the packet filter rule set. .PP Each rule processed by \fBipf\fP is added to the kernel's internal lists if there are no parsing problems. Rules are added to the end of the internal lists, matching the order in which they appear when given to \fBipf\fP. .SH OPTIONS .TP .B \-6 This option is required to parse IPv6 rules and to have them loaded. .TP .B \-A Set the list to make changes to the active list (default). .TP .B \-d Turn debug mode on. Causes a hexdump of filter rules to be generated as it processes each one. .TP .B \-D Disable the filter (if enabled). Not effective for loadable kernel versions. .TP .B \-E Enable the filter (if disabled). Not effective for loadable kernel versions. .TP .BR \-F \0 This option specifies which filter list to flush. The parameter should either be "i" (input), "o" (output) or "a" (remove all filter rules). Either a single letter or an entire word starting with the appropriate letter maybe used. This option maybe before, or after, any other with the order on the command line being that used to execute options. .TP .BR \-F \0 To flush entries from the state table, the \fB-F\fP option is used in conjuction with either "s" (removes state information about any non-fully established connections) or "S" (deletes the entire state table). Only one of the two options may be given. A fully established connection will show up in \fBipfstat -s\fP output as 4/4, with deviations either way indicating it is not fully established any more. .TP .BR \-f \0 This option specifies which files \fBipf\fP should use to get input from for modifying the packet filter rule lists. .TP .B \-I Set the list to make changes to the inactive list. .TP .B \-l \0 Use of the \fB-l\fP flag toggles default logging of packets. Valid arguments to this option are \fBpass\fP, \fBblock\fP and \fBnomatch\fP. When an option is set, any packet which exits filtering and matches the set category is logged. This is most useful for causing all packets which don't match any of the loaded rules to be logged. .TP .B \-n This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-o Force rules by default to be added/deleted to/from the output list, rather than the (default) input list. .TP .B \-P Add rules as temporary entries in the authentication rule table. .TP .B \-r Remove matching filter rules rather than add them to the internal lists .TP .B \-s Swap the active filter list in use to be the "other" one. .TP .B \-U (SOLARIS 2 ONLY) Block packets travelling along the data stream which aren't recognised as IP packets. They will be printed out on the console. .TP .B \-v Turn verbose mode on. Displays information relating to rule processing. .TP .B \-V Show version information. This will display the version information compiled into the ipf binary and retrieve it from the kernel code (if running/present). If it is present in the kernel, information about its current state will be displayed (whether logging is active, default filtering, etc). .TP .B \-y Manually resync the in-kernel interface list maintained by IP Filter with the current interface status list. .TP .B \-z For each rule in the input file, reset the statistics for it to zero and display the statistics prior to them being zero'd. .TP .B \-Z Zero global statistics held in the kernel for filtering only (this doesn't affect fragment or state statistics). .DT .SH FILES /dev/ipauth .br /dev/ipl .br /dev/ipstate .SH SEE ALSO ipftest(1), mkfilters(1), ipf(4), ipl(4), ipf(5), ipfstat(8), ipmon(8), ipnat(8) .SH DIAGNOSTICS .PP Needs to be run as root for the packet filtering lists to actually be affected inside the kernel. .SH BUGS .PP If you find any, please send email to me at darrenr@pobox.com 0707010e0cff4b000081a40000000000000000000000013b671a6600000a090000000000000001ffffffffffffffff0000001d00000003root/opt/ipf/man/man8/ipfs.8.TH IPFS 8 .SH NAME ipfs \- saves and restores information for NAT and state tables. .SH SYNOPSIS .B ipfs [-nv] -l .PP .B ipfs [-nv] -u .PP .B ipfs [-nv] [ .B \-d <\fIdirname\fP> ] -R .PP .B ipfs [-nv] [ .B \-d <\fIdirname\fP> ] -W .PP .B ipfs [-nNSv] [ .B \-f <\fIfilename\fP> ] -r .PP .B ipfs [-nNSv] [ .B \-f <\fIfilename\fP> ] -w .PP .B ipfs [-nNSv] .B \-f <\fIfilename\fP> .B \-i , .SH DESCRIPTION .PP \fBipfs\fP allows state information created for NAT entries and rules using \fIkeep state\fP to be locked (modification prevented) and then saved to disk, allowing for the system to experience a reboot, followed by the restoration of that information, resulting in connections not being interrupted. .SH OPTIONS .TP .B \-d Change the default directory used with .B \-R and .B \-W options for saving state information. .B \-n Don't actually take any action that would effect information stored in the kernel or on disk. .TP .B \-v Provides a verbose description of what's being done. .TP .B \-N Operate on NAT information. .TP .B \-S Operate on filtering state information. .TP .B \-u Unlock state tables in the kernel. .TP .B \-l Unlock state tables in the kernel. .TP .B \-r Read information in from the specified file and load it into the kernel. This requires the state tables to have already been locked and does not change the lock once comlete. .TP .B \-w Write information out to the specified file and from the kernel. This requires the state tables to have already been locked and does not change the lock once comlete. .TP .B \-R Restores all saved state information, if any, from two files, \fIipstate.ipf\fP and \fIipnat.ipf\fP, stored in the \fI/var/db/ipf\fP directory unless otherwise specified the .B \-d option is used. The state tables are locked at the beginning of this operation and unlocked once complete. .TP .B \-W Saves in-kernel state information, if any, out to two files, \fIipstate.ipf\fP and \fIipnat.ipf\fP, stored in the \fI/var/db/ipf\fP directory unless otherwise specified the .B \-d option is used. The state tables are locked at the beginning of this operation and unlocked once complete. .DT .SH FILES /var/db/ipf/ipstate.ipf .br /var/db/ipf/ipnat.ipf .br /dev/ipl .br /dev/ipstate .br /dev/ipnat .SH SEE ALSO ipf(8), ipl(4), ipmon(8), ipnat(8) .SH DIAGNOSTICS .PP Perhaps the -W and -R operations should set the locking but rather than undo it, restore it to what it was previously. Fragment table information is currently not saved. .SH BUGS .PP If you find any, please send email to me at darrenr@pobox.com 0707010e0cff33000081a40000000000000000000000013b671a660000179c0000000000000001ffffffffffffffff0000002000000003root/opt/ipf/man/man8/ipfstat.8.TH ipfstat 8 .SH NAME ipfstat \- reports on packet filter statistics and filter list .SH SYNOPSIS .B ipfstat [ .B \-6aAfghIinosv ] [ .B \-d ] .B ipfstat -t [ .B \-C ] [ .B \-D ] [ .B \-P ] [ .B \-S ] [ .B \-T ] [ .B \-d ] .SH DESCRIPTION .PP \fBipfstat\fP examines /dev/kmem using the symbols \fB_fr_flags\fP, \fB_frstats\fP, \fB_filterin\fP, and \fB_filterout\fP. To run and work, it needs to be able to read both /dev/kmem and the kernel itself. The kernel name defaults to \fB/vmunix\fP. .PP The default behaviour of \fBipfstat\fP is to retrieve and display the accumulated statistics which have been accumulated over time as the kernel has put packets through the filter. .SH OPTIONS .TP .B \-6 Display filter lists for IPv6, if available. .TP .B \-a Display the accounting filter list and show bytes counted against each rule. .TP .B \-A Display packet authentication statistics. .TP .B \-C This option is only valid in combination with \fB\-t\fP. Display "closed" states as well in the top. Normally, a TCP connection is not displayed when it reaches the CLOSE_WAIT protocol state. With this option enabled, all state entries are displayed. .TP .BR \-d \0 Use a device other than \fB/dev/ipl\fP for interfacing with the kernel. .TP .BR \-D \0 This option is only valid in combination with \fB\-t\fP. Limit the state top display to show only state entries whose destination IP address and port match the addport argument. The addrport specification is of the form ipaddress[,port]. The ipaddress and port should be either numerical or the string "any" (specifying any ip address resp. any port). If the \fB\-D\fP option is not specified, it defaults to "\fB\-D\fP any,any". .TP .B \-f Show fragment state information (statistics) and held state information (in the kernel) if any is present. .TP .B \-g Show groups currently configured (both active and inactive). .TP .B \-h Show per-rule the number of times each one scores a "hit". For use in combination with \fB\-i\fP. .TP .B \-i Display the filter list used for the input side of the kernel IP processing. .TP .B \-I Swap between retrieving "inactive"/"active" filter list details. For use in combination with \fB\-i\fP. .TP .B \-n Show the "rule number" for each rule as it is printed. .TP .B \-o Display the filter list used for the output side of the kernel IP processing. .TP .BR \-P \0 This option is only valid in combination with \fB\-t\fP. Limit the state top display to show only state entries that match a specific protocol. The argument can be a protocol name (as defined in \fB/etc/protocols\fP) or a protocol number. If this option is not specified, state entries for any protocol are specified. .TP .B \-s Show packet/flow state information (statistics only). .TP .B \-sl Show held state information (in the kernel) if any is present (no statistics). .TP .BR \-S \0 This option is only valid in combination with \fB\-t\fP. Limit the state top display to show only state entries whose source IP address and port match the addport argument. The addrport specification is of the form ipaddress[,port]. The ipaddress and port should be either numerical or the string "any" (specifying any ip address resp. any port). If the \fB\-S\fP option is not specified, it defaults to "\fB\-S\fP any,any". .TP .B \-t Show the state table in a way similar to they way \fBtop(1)\fP shows the process table. States can be sorted using a number of different ways. This options requires \fBncurses(3)\fP and needs to be compiled in. It may not be available on all operating systems. See below, for more information on the keys that can be used while ipfstat is in top mode. .TP .BR \-T \0 This option is only valid in combination with \fB\-t\fP. Specifies how often the state top display should be updated. The refresh time is the number of seconds between an update. Any postive integer can be used. The default (and minimal update time) is 1. .TP .B \-v Turn verbose mode on. Displays more debugging information. .SH SYNOPSIS The role of \fBipfstat\fP is to display current kernel statistics gathered as a result of applying the filters in place (if any) to packets going in and out of the kernel. This is the default operation when no command line parameters are present. .PP When supplied with either \fB\-i\fP or \fB\-o\fP, it will retrieve and display the appropriate list of filter rules currently installed and in use by the kernel. .SH STATE TOP Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In this mode the state table is displayed similar to the way \fBtop\fP displays the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP commandline options can be used to restrict the state entries that will be shown and to specify the frequency of display updates. .PP In state top mode, the following keys can be used to influence the displayed information: .TP \fBd\fP select information to display. .TP \fBl\fP redraw the screen. .TP \fBq\fP quit the program. .TP \fBs\fP switch between different sorting criterion. .TP \fBr\fP reverse the sorting criterion. .PP States can be sorted by protocol number, by number of IP packets, by number of bytes and by time-to-live of the state entry. The default is to sort by the number of bytes. States are sorted in descending order, but you can use the \fBr\fP key to sort them in ascending order. .SH STATE TOP LIMITATIONS It is currently not possible to interactively change the source, destination and protocol filters or the refreh frequency. This must be done from the command line. .PP The screen must have at least 80 columns. This is however not checked. .PP Only the first X-5 entries that match the sort and filter criteria are displayed (where X is the number of rows on the display. There is no way to see more entries. .PP No support for IPv6 .PP .SH FILES /dev/kmem .br /dev/ipl .br /dev/ipstate .br /vmunix .SH SEE ALSO ipf(8) .SH BUGS none known. 0707010e0cff1b000081a40000000000000000000000013b671a670000140f0000000000000001ffffffffffffffff0000001e00000003root/opt/ipf/man/man8/ipmon.8.TH ipmon 8 .SH NAME ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS .B ipmon [ .B \-aDFhnpstvxX ] [ .B "\-N " ] [ .B "\-o [NSI]" ] [ .B "\-O [NSI]" ] [ .B "\-P " ] [ .B "\-S " ] [ .B "\-f " ] [ .B ] .SH DESCRIPTION .LP \fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from the packet filter. The binary data read from the device is reprinted in human readable for, however, IP#'s are not mapped back to hostnames, nor are ports mapped back to service names. The output goes to standard output by default or a filename, if given on the command line. Should the \fB\-s\fP option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent via syslog have the day, month and year removed from the message, but the time (including microseconds), as recorded in the log, is still included. .LP Messages generated by ipmon consist of whitespace separated fields. Fields common to all messages are: .LP 1. The date of packet receipt. This is suppressed when the message is sent to syslog. .LP 2. The time of packet receipt. This is in the form HH:MM:SS.F, for hours, minutes seconds, and fractions of a second (which can be several digits long). .LP 3. The name of the interface the packet was processed on, e.g., \fBwe1\fP. .LP 4. The group and rule number of the rule, e.g., \fB@0:17\fP. These can be viewed with \fBipfstat -n\fP. .LP 5. The action: \fBp\fP for passed or \fBb\fP for blocked. .LP 6. The addresses. This is actually three fields: the source address and port (separted by a comma), the \fB->\fP symbol, and the destination address and port. E.g.: \fB209.53.17.22,80 -> 198.73.220.17,1722\fP. .LP 7. \fBPR\fP followed by the protocol name or number, e.g., \fBPR tcp\fP. .LP 8. \fBlen\fP followed by the header length and total length of the packet, e.g., \fBlen 20 40\fP. .LP If the packet is a TCP packet, there will be an additional field starting with a hyphen followed by letters corresponding to any flags that were set. See the ipf.conf manual page for a list of letters and their flags. .LP If the packet is an ICMP packet, there will be two fields at the end, the first always being `icmp', and the next being the ICMP message and submessage type, separated by a slash, e.g., \fBicmp 3/3\fP for a port unreachable message. .LP In order for \fBipmon\fP to properly work, the kernel option \fBIPFILTER_LOG\fP must be turned on in your kernel. Please see \fBoptions(4)\fP for more details. .SH OPTIONS .TP .B \-a Open all of the device logfiles for reading log entries from. All entries are displayed to the same output 'device' (stderr or syslog). .TP .B \-D Cause ipmon to turn itself into a daemon. Using subshells or backgrounding of ipmon is not required to turn it into an orphan so it can run indefinately. .TP .B "\-f " specify an alternative device/file from which to read the log information for normal IP Filter log records. .TP .B \-F Flush the current packet log buffer. The number of bytes flushed is displayed, even should the result be zero. .TP .B \-n IP addresses and port numbers will be mapped, where possible, back into hostnames and service names. .TP .B "\-N " Set the logfile to be opened for reading NAT log records from to . .TP .B \-o Specify which log files to actually read data from. N - NAT logfile, S - State logfile, I - normal IP Filter logfile. The \fB-a\fP option is equivalent to using \fB-o NSI\fP. .TP .B \-O Specify which log files you do not wish to read from. This is most sensibly used with the \fB-a\fP. Letters available as paramters to this are the same as for \fB-o\fP. .TP .B \-p Cause the port number in log messages to always be printed as a number and never attempt to look it up as from \fI/etc/services\fP, etc. .TP .B \-P Write the pid of the ipmon process to a file. By default this is \fI//etc/opt/ipf/ipmon.pid\fP (Solaris), \fI/var/run/ipmon.pid\fP (44BSD or later) or \fI/etc/ipmon.pid\fP for all others. .TP .B \-s Packet information read in will be sent through syslogd rather than saved to a file. The default facility when compiled and installed is \fBlocal0\fP. The following levels are used: .IP .B LOG_INFO \- packets logged using the "log" keyword as the action rather than pass or block. .IP .B LOG_NOTICE \- packets logged which are also passed .IP .B LOG_WARNING \- packets logged which are also blocked .IP .B LOG_ERR \- packets which have been logged and which can be considered "short". .TP .B "\-S " Set the logfile to be opened for reading state log records from to . .TP .B \-t read the input file/device in a manner akin to tail(1). .TP .B \-v show tcp window, ack and sequence fields. .TP .B \-x show the packet data in hex. .TP .B \-X show the log header record data in hex. .SH DIAGNOSTICS \fBipmon\fP expects data that it reads to be consistent with how it should be saved and will abort if it fails an assertion which detects an anomaly in the recorded data. .SH FILES /dev/ipl .br /dev/ipnat .br /dev/ipstate .br /etc/services .SH SEE ALSO ipl(4), ipf(8), ipfstat(8), ipnat(8) .SH BUGS 0707010e0cff03000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000000a00000003root/sbin0707010e0cfeeb000081ed0000000000000000000000013b671a700000d5780000000000000001ffffffffffffffff0000000e00000003root/sbin/ipfELF44 (444 X,,,/usr/lib/ld.so.1zJ~[Cx"U8Q{_k@B4h=;\i!`l+m%#<'bZp(rADtnSLsP)R:o]yg| }w?Fj*e>Oca5Nf/27.I3,-V9KWH0M1$6T^dXuEY&qvGh      ,ͬʹͼ, ǐt ( \"`@ , 5P<ȌCȘR[P`hY, s@!x$  8 Z<L 2# j(  h + hHT T &l 3 9ȼJPUdHZ cjʠp~Ȁ ,Vt  X h t, @  P(  tX #DH -Ȱ5+< <`B P!XǴ_Her\D|Ȥp| ǜo Ǩ  L 4 ʨ b  D# * 7>ʸD !K PXT ]eH f,my  DŽsH` (  Pportnumgetopt_startportsatoicountbitsprintlogstrtokstrtolgetprotobyname_environ_endmemmoveprint_toif_iobpri_toname__register_frame_info__flsbuf_GLOBAL_OFFSET_TABLE_extrasparseaddicmp__ctypegethostbynameprintbufzerostatsstrcasecmpatexitexitstrerrorgenmasksprintfpri_findname_initgetprotobynumber.umulfacsprisportnamefcloseprotogetservbynamestrncpyprintportcmp_DYNAMICloglevelhostnuminet_atonratoiprintfinitparse__iobaddipopttcp_flagsionamesfac_tonamefac_findnamestrncasecmpioctlbuildoptsinet_addrstrrchrfrsync_exitprinthostmaskenvironperrorerrnogetnetbynameicmpcodesstrchrinet_ntoaaddkeepcloseicmpcodeopenratouioptarg__deregister_frame_infosecclassstrcmpfgetsflagsetoptname_edata_PROCEDURE_LINKAGE_TABLE_fopenmemset_etext_lib_versionfflushflags_ctypemainto_interfaceoptprintstrlengethostnamehostmask_finigetservbyportoptsfprintfprintfrbinprinticmptypeslibsocket.so.1SUNW_0.7libnsl.so.1SUNWprivate_1.1SISCD_2.3libc.so.1SUNW_0.7libsocket.so.1libnsl.so.1libelf.so.1libc.so.1 =(0 Nqzt =(k-'PLj3H8T9`\lkx-DŽǐǜfǨhǴ_WNms:cwD n,}8.DtP$\!h7tVȀGȌ%Ș&ȤdȰZȼ?~4aF<)@ @D# @lk!@l@&,, @ "@b@l@l㿐/l @# @   $?@`  ``@lk   "㿐㿐/lʮ `` @lT 㿐㿐b(kPkpk"kbk@lC @l4㿈'D'HDHkp@l8'쀢? 9*`Fx bb? @ " @;} @6xb@"oHL@@Of#L@@_b@ "U#L@@/Nb@"ECbk"<b@"3@/@K+b@@""@  @k@b@@ " @I\b"@@k @k{  D0        ,    |            X |      $  Hl    㿐'Db ` ?7D b'Db ` "bD @k/b"?D @k$b"?kb@kb 㿐"@@kb?"㿈"@?b?@j? kb@j 㿐'D"@?"@ HD@j?cH` b(k@jkc@jh'D'H'"@^b @   bC' bD' b<' b='b ` kc @j@Hk0@j b'Hk8@j'쀢 #H@@jb(k@DH@j] @jN̒"@;   @jh'܀ *  #@j\'܀ ** :` b `@  b(k`@j! @'b@j8؀ b@ @ 0bK'$b @  ` bG bC' ` bF b<' ``" ؀  b `@ @؀ b ` `" b ` @zb@ @ -b ` &b@i?b(kh@ikcp@i k`@i@qCb `  b ` b@ix? b(kh@i_kc@igb ` b@iZ? b(kh@iAkc@iI ` `  ` `b(kDH@i# @i@iA㿀'H'L'P'H'L@i5  P@i/' ?*`:  *0PPP@" *?䀢   ?*`: \  *?@'`" ' * :` 㿈'D'쀢 b ` @kc@h# 'D p@h  'b `@ l`@hD m@h !D *`: n D *`: N 'b `@ l`0@htD b@h|  D d@hu  'b `@ l`H@hU"@?b >@hB'耢 l``@h6b ` @ ''l`x@h-㿈'D'D  D *`: Dl@h  Dl@h @D *`: S' ''l`?b0A@g?l`@gb ` @ l`D@gl`@gD i@g  D I@g  'D o@g  D O@g  'D a@g  D A@g  'b @ @''"@+?b0A@gx?l`@gnb ` @" ` l!l!   l!(l! l@gRl`@gM㿈 '"@?bE@g3?la0@g)laH@g(㿈'"@?b I@g?la`@glap@g`'\"@?b\0J@f? la@f?@f\@㿐'DDDl`h@fDDl`d@fDDl``@fDDDl"`@fDlH`(@fDDDl"X`|x@fDlH`(@fDDl`@fDDl`@fDDDDlb`  @f㿈"@*?Gr'b ` @kc@fq  '"@ ?b >@fZ l``@fPb ` @b?@fD lc @f:l`x@f;`'\lc8lH @f/"@ @f 'PP? kb@f \P0@@f  lc`@f P@f P@e'X`![lcx  @e* :` l#l#l@elcX@ela 'TX  lc@elc'TX  lcT@elc'TX  lcT@elc'TX  lcT@elc'TT *`: lc@ebb@ "  @e "` *@`"m`@e ` lc'T ` m`'Tm`'T* :` l! m Pm`0T@eZ* :mX@eS 'D'H' 'XD *`: D *`:  ` D 'DD *`:  aؒ  @e:a D<@ " Da  @ @ " a?" b `  b(mD@d'\Dm@e'h\*`h@ \  m@d\ '\ *`h"@ X 'X\*`h"@X  b(mH@d fh'dd @* :` @d@`" @dؐ "`dm(@@d a`"  d @m0 @d   '\a`"  d @mH @d   '\a`" a a Vd 'dd@@du\  d ` d  @* :` (d 'd'\?'\\ ,d\@ *`: ("\ '\d\@ @ 'TT?d`b(mXH@d aW*  d @mx @d1  a`" d 'ddm@@d  a`" dm@@d  a`" dm@@c  a` " dm@@c  a` " dm@@c !d 'ddL ?@ aL"  b(mH@cy 0dm@@c ma`"  d @m@c  a` " d 'd d @m@c  a`@" d 'dd` d @m@cf  a` " d 'd d @m@cP d 'ddpH@? d 'ddb(mH@b d`'d@  b(m H@b dm@@@c  a`" 6dmH@@c -a`" a a b(mPH@b ia `  b(mxH@b Vd`'d@  b(mH@b Ddm@@b d`'d@  b(mH@br )a `  a`" a `  a`" d`d@m@b  a` " d 'dd`d@m@bg  a`@" d 'dd`'d@m@bO a `  b(mH@b a` " d 'dd`d@m@b% dpH@? d 'dd 'dd`dm@@b  d 'da` " b}*d`d@m@a d`'d@  b(mH@a Ud}@ @aa* d 'dd`a a b(m Hm!x@ay 0!,d`zd@mH@a  d `d 'dd@H@  d 'dd`'d@mP@ax  d `d 'dd@H@_  d 'd-d`(d@mX@aN a `  b(mhmX@a a`  " d 'dd`-d@m@a# $d`'d@  b(mH@` d@  @a*`aؒ * Ed 'dd`@d@m@` 7d`'d@  b(mH@` _d\  @ a_* db(mH@` Caؒ * Fd 'db"d`d@m@` d`'d@  b(mH@`b "d@"`""@n@` $a`2 ` `* D ` D@3D d ma@T'D  @ ma@TD  @ ma@T D `Do`@TD ` oc@Tzoc @TtD `  D ` !D@dbb@ "  @Tl "` *@`"D  @ oc(@T< D *`: CD D  D n#n#o0@T D *`: D mH] D *`: D mPND  @ oc@@SD E `  D 2` oP@SD F `  D 2` o`@SD 2`  `  och@S?'$D D `'Ԁ`D   @S'쀢  ox@@S D  o@SD  @ n n#o@SD 2`DDH@D x`D x@D  @ n n#o@SoD 2`D,DX@D `D @D 2`   $D D2`   D <`D h`D @*`2  D l*`2 woc@S.D <`D h`D @*`2  D l*`2 D l7D @7DD`h<~D D2`  ` D 2`  ` oc@Roc@RD D2`  ` D 2`  ` oc@Roc@RD D2`  ` D 2`  ` oc@Roc@RD  ` ID p*`2 BD r*`2'D r*`2'В 'А  : 'Ѐ b Д * " Ж*o@ @Roc@R}D p `* 2` oc@RpD  ` D u `  D t ` p`@RXD u ` ?` D u p@RJCb'b' *`: 4D u @ `#bb@ "  *`:  @R5 "` *@`"ܒ 'ؒ 'D t ` obb@ "  /@R  "` /*@`"D t ` ?` D t p@QCb'b' *`: 4D t @ `#bb@ "  *`:  @Q "` *@`"ܒ 'ؒ 'D  @ p`@QD h p` @QD `Dp0`@QtD `Dp@`@Qibb@ "  @Qr "` *@`"㿀'D ''D'쀢  ' pP@Q4耢 p`X@Q,'?' 'bb@ "  @Q, "` *@`"b@Q㿈'Dma@PD ` p``@PD `@ p`h@PD  @ p`p@PD`? =p`@PD c D`@ 7'쀢 p`'nc'D`@ '耢 p`' *`:  p`@Pp`@P㿐b!@Pb* 㿈'D'H'D .@P D x@P  D :@P DH@ ?0+D @P' *`:  耢 耢 ?耢 H" H "@ ?* " 㿈'D'H'L'P'T'XD@ /@P7'耢 D@ :@P,'耢 R   :@P! I*@`"L|? b(p\@O?DH@\@?Db(p0\@O?HHL@ @ "DDD@"DPTX\@D @ `jD @ `bD @@pH@O VDH@\@?Db(p0\@O?DDD@"DDD@"D@ @ Db(p\@Of?aL"DDD@"HHL@ @ "DPTX\@GD@ 4DH@\@<?Db(p0\@O/?*DDD@"LH@? "DPTX\@tDb(p0\@O?㿀'D'H'LpaPH@O2  QH *`:  ` H@X D" 8paXH@O b'HH@O '쀢 H@O'耢  b(phLH@N?D` "  D`@" 㿈'D'H'L'P'T?'D`D@  D@ *`:  iD@p@N \D @ `TD @ `LDDD@"D@ *`:  ` kD @ `cD@HT@. ?&DDD@"D@p@NF  'D@p@N8  'Db(pT@N?DDD@"D@  b(pT@M?D@PT@ ?D@p@M D@p@N  'D@p@M D@p@M  'wD@p@M D@p@M  ']D@p@M D@p @M  'CD@p(@M D@p0@M  ')D@p8@Mv D@p@@M  'Db(pHT@MD?)쀢 쀢 DDD@"D@HT@ ?L"DDD@" 㿀'D'H'L7D *`:  ` D ?#@ H2 b(phLD@L }b`)"@p@M "D@@M0'쀢  H` 2 [b(pLD@L PDp@M'쀢  7Dp@M'쀢 耢 b(pLD@L (* 2`` * 2`b(pLD@Lb(pLD @Lz H2 㿀'D'H'L//'D *`: 0D /@Lz'䀢 *@`"D  @L/'D' *`: I *`: /耢@'  *`: 00) *`: @L8'  *`: b(pL@L  <b" @ @ * '䀢  *`: 0  @L(/ `   `  ?/ /H* `㿀'D'D''D '䀢   ' ?'*`'' ''䀢 *`'  '?'?'D ?㿀'D'H'''D?9Hp@K'耢 %@ @Kb* Hp@K'b@K|b@K  '耢 "3&D "D@K'쀢 H@@K'耢 @ @K\b* " bp0H@Ko"㿈'D'H'L'PD @KA' *`: L  P  H" 㿈'D'H'L'PD @K' *`: L P  H" 㿀'D'H'LH` L`paP@J.H'' @Jp8@JL@'耢?L'' @Jp@@JpcH@J㿐'D'HH` H`H *`2 "H * H + 2 pcX  @Jd"H * H *`2 Dpch@JO㿀'D'H'LD'H'䀢 L @/`"* :` W ` #bb@ " * : @J4 "`*@`" * :px@J* :` L ?'㿈'D`4' `D` @J   ' ` b(qD@I   `㿀'D'H'L'PL'HL @ 0 b(q @I HL @'LDH * 'DH `aD'DH * 'DD * 'DP =H@    0 " (P/?D *P@'   *D @I P@Iz7D @IH D@'DL `  D * 'DL 'Lb ` HHHb(qa8  L@IL" x'D'H'L'DqP@I6'䀢 c =@I' *@`"b' `4` @I    @ HL'܀  Hܐ 'HLܐ 'L @' ' ` b(qX@H  qP@H'H*@`"L 'LL㿀'H -:`  `    -:` 0  -:` x -:` X     * :` -:`  ` @H?Г-:`  / * * :` $-:` ` -: ` ,-:`  `   -:` .  q%  x-:`  * :` -:`  `  M%: ``<*`j0  ;0?c 1*`#?c $*`*  *`* * H H" 8DL㿈 ?㿀'DD #': '耢 ;` *  䀢@ ` * *'` * ` *   ` *   ' 㿈'D'` * ` * D@G4  ` *     '?㿈'D'ad * ad * D@G  ad *     '?㿈'DD 'ad *  耢@ ad * *'ad * ad *   ad *   ' 㿐/Fᴐ  ??㿐㿠㿠@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed@(#)$Id: ipf.c,v 2.10.2.10 2001/07/18 11:34:19 darrenr Exp $/dev/ipfusage: ipf [-%s] %s %s %s 6AdDEf:F:Il:noPrsUvVyzZ[-l block|pass|nomatch][-F i|o|a|s|S][-f filename]/dev/ipauthopen deviceSIOCGETFFIP FIlter: already initialized SIOCFRENBadd %x del %x -r%s: fopen(%s) failed: %s [%s] %d:ioctl(SIOCZRLST)hits %ld bytes %ld ioctl(delete rule)ioctl(add/insert rule)%s: %s: file error or line too long log flag is currently %#x set log flag: pass set log flag: nomatch set log flag: block ioctl(SIOCSETFF)log flag is now %#x sS/dev/ipstateioctl(SIOCIPFFL)remove flags %s (%d) removed %d filter rules remove flags %s%s (%d) IOioctl(SIOCSWAPA)Set %d now inactive SIOCFRSYNfilter sync'd ioctl(SIOCFRZST)dropped packets: in %lu out %lu non-ip packets: in %lu out %lu bad packets: in %lu out %lu input packets: blocked %lu passed %lu nomatch %lu counted %lu output packets: blocked %lu passed %lu nomatch %lu input packets logged: blocked %lu passed %lu output packets logged: blocked %lu passed %lu packets logged: input %lu-%lu output %lu-%lu ioctl(SIOCGETFF)ipf: %s (%d) IP Filter: v3.4.20ioctl(SIOCGETFS)Kernel: %-*.*s Running: %s yesnoLog Flags: %#x = pass, %sblock%snomatch%snonipnone setDefault: blocknomatch -> block%s all, Logging: %savailable unActive list: %d @(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $parse [%s]  %d: not enough segments in line blockreturn-icmp-as-destreturn-icmp%d: unrecognised icmp code %s return-rstcountpassauthpreauthskip%d: integer must follow skip logbodyfirstor-blocklevel%d: unknown keyword (%s) %d: missing 'in'/'out' keyword inout%d: Can only use return-icmp with 'in' %d: Can only use return-rst with 'in' %d: missing source specification %d: or-block must be used with pass quickon%d: interface name missing %d: %s can only be used with TCP dup-totofastroutecan only use %s with 'in' tos%d: tos missing value ttl%d: ttl missing hopcount value %d: invalid ttl (%s) proto%d: protocol name missing tcp/udp%d: unknown protocol (%s) allfrom%d: unexpected keyword (%s) - from %d: missing host after from !%d: missing to fields %d: unexpected keyword (%s) - to %d: missing host after to %d: port operation on non tcp/udp %d: icmp comparisons on wrong protocol flags%d: no flags present withandicmp-type%d: icmp with wrong protocol (%d) keephead%d: head without group # %d: invalid group (%s) group%d: group without group # %d: unknown words at end: [%s ] %d: TCP protocol not specified %d: port comparisons for non-TCP/UDP %d: %s missing identifier after level%d: %s %s Unknown facilityUnknown priority%s %s%s(!):%sipoptnotoptfragnoshort%d: opt missing arguements %d: short cannot be used with TCP flags ,%d: unknown IP option name %s sec-class%d: missing security level after sec-class %d: no such security level: %s opt %s%s%ssec-class not optENDmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexroutersolrouteradechoredirsquenchunreachechorep%d: Invalid icmp-type (%s) specified code%d: Invalid icmp code (%s) specified preced-cutoffhost-precedfilter-prohibhost-tosnet-toshost-prohibnet-prohibisolatehost-unknet-unksrcfailneedfragport-unrproto-unrhost-unrnet-unr%d: Can only use keep with UDP/ICMP/TCP %d: Missing state/frag after keep statefrags%d: Unrecognised state keyword "%s" return-icmp-as-dest return-icmp(%s)(%d) return-rstskip %hu out in quick on %s%s fastroute tos %#x ttl %d proto tcp/udp proto %s proto %d from %s to %s with not ipopt short frag icmp-type %s icmp-type %d code %d flags 0x%x keep state keep frags head %d group %d%02x body first or-block level !!!%s.%s%s@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $%d: bad mask (%s) %d: bad host (%s) maskany%d: can't resolve hostname: %s port<>><%d: unknown range operator (%s) %d: missing 2nd port value =eq!=ne<lt>gt<=le>=ge%d: unknown comparator (%s) %d: unknown port "%s" tcp/udp%d: unknown service "%s". tcpudp%d: unknown tcp/udp service "%s". %d: %s %d/tcp is a different port to %d: %s %d/udp %d: unknown flag (%c) %d%s/%s/%d* port %d %s %d port %s %s\%03o@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed@(#)$Id: opt.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $finneipimitdvisaaddextssrrsatidcipsoe-seclsrrsec-classsectrtsencodemturmtupzsurrnopreserv-1reserv-2unclassconfidreserv-3secrettopsecretreserv-4no such security level: %s options too long bo: %s %d %#x: %d ,unknown IP option name %s @(#)inet_addr.c 8.1 (Berkeley) 6/17/93@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $local7local6local5local4local3local2local1local0cron2uucpnewslprsyslogauthdaemonmailuserkerndebuginfonoticewarnerrcritalertemerg,ͼͰ00<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~*6   @h ooo( oo͸@xph`(xhXFSRPAUEC @P(8ĐĈ Ā x p hD@`RX P @80( @=Zf ĸ@ĨĘưƨƠƘƐ ƈ(ƀ0x8p@hHhx`XPH@80(Ƹas: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment#) hhp1 @9pG  Q0 [ ekqw.  ,,ͬͬʹʹͼͼ` 0707010e0cfed3000081ed0000000000000000000000013b671a7000003cf80000000000000001ffffffffffffffff0000000f00000003root/sbin/ipfsELF 49`4 (4444[4[4\4\4\\555/usr/lib/ld.so.1CS%#<F3C4OLQAGN=5"6-7D>:K9@?HR);P*'J $20+/81.,B!&MIE(Hx      0  0( 0@ 4\ 4|5666665l t dh 5$"6+8 0586@!= S4\ i(L r4y4~50  -  5  5055x6@5#Xt 5T546!5845` 5 8, ! + C6J4|d5k5<r ~4[ 0@  5, 5H $ 0( 64getopt_startchangestateifread_environ_endmemmove_iob__register_frame_info_GLOBAL_OFFSET_TABLE_writenatatexitexitmalloc_initreadallwritestate_DYNAMICusagestrncmpchdirprintf__iobioctlreadnatwriterealloc_exitenvironperrorerrnostrchrcloseopenoptargwriteallreadstate__deregister_frame_info_edata_PROCEDURE_LINKAGE_TABLE_memsetstrcpyclosedevice_etext_lib_versionmainstrlenchangenatiflseekopendevicesetlock_finioptsfprintflibc.so.1SISCD_2.3libsocket.so.1libnsl.so.1libelf.so.1libc.so.1zt4xB4t%6!638?4(4)484B4%4R4<5K5 >5:5$ 5005<F5HM5T65`=5l5x2545E5*5#5751 @D# @J L (@J@, @ "@@J@J㿐/IĐ @# @   $?@`  ``@I   "㿐㿐/Iʮ `` @I 㿐㿐bL@IbL@IbL@IbL@IbL@IbL0@IbLX@I @I'D'HD ,@I'00 0*@`"0@I'D@I'䀢 耢 H @I'쀢? La@I{ @I`'48!@Iu!R'8``D@Ik  8  0@Ie '8``D@IY  8  0@IS ' !4 @IK4  La@I7 @I8!@I>! La@I( @I   @I,'4@I, `'D'HD ,@I'Ā **@`"@H'D@H'В '䀢 耢 H @H'쀢? La@H @H'Ȓ" @H" @'̐`d`D@H  ̒ d @H ' !Ȕ @HȀ  La@H @H" @H"  La@H @H  @H'@H h'D'H?'?''?'ܐ?'''''DHL@H'쀢? 8*`F Ԁ Ѐ  ̀ `'pԀ Ѐ  ̀ `'Z`'Ȑ '̀  Ѐ Ԁ @ ' 'b@"؀ Ѐ  ܀?Ԁ 'ؐ 'w؀  Ѐ ܀?'ܐ 'b 'ܐ '\؀ Ѐ  ܀?Ԁ  'ؐ 'B̀  Ѐ Ԁ ' '-b@@"$؀ Ѐ  ܀?؀? 'ܐ '  'ܐ 'Ȁ "̀ ؀ ؀  S ؀ 耢 +耢  @'؀ ؀  La@' ؀ La@'䀢? @G耢  @'K܀ Gܐ ` #ܐ ` @'؀  @' ؀ @'!ܐ ` @'؀  @o' ؀ @C'LlL t㿈'D?'b ` ?#D La'DD @Fx'쀢?D @Fo'쀢?La@Fi㿐'DD@Fp㿐'D'Hb `@ H L"L"L@F\b ` 'HD0O@FR? Lb@F0 b `@ H L"L"L(@F0 'D'H?'@H Lb8'HH#!@E'@@?bLHH@ELbP@E \H'DD !@Fb `@ Lb`H@EDD0Q@E ``2Lb@E@@E .b `@ LbH@E@D!@E! Lb@E@@E H @@E 'D'H'@'8?'4H Lb8'HH !@E}'44?bLHH@EhLa@Ep H  !@EH4!@Ee'00? Lb@EY4@Eh 0 g0!bL0!@E54@EP !@EY'DD  bL@E! HD!@EI@'<< <D ,`, <'<<  DD`X " XD<`," ,D"@ D'@8 8D"D'84@D@'DD hb `@ Lb@DD X @  b `@ Lc@Db ` DD0P@D  Lc0@D 7D X @ (b `@ DL@`,@DD'<< <D, , <D`," ,<'<D'D X'D'H''А?'H LcX'HH @D]'Ȁ?bLHH@DHLch@DP 8  " @De'̒Ȕ" @DC'Ā? Lb@D7@DF Ā Ā" bLĖ" @D@D. 䀢 ;̒"'"'?'"  @D('܀ t '@C'Ā e bL@C@C " @C'̔" @Cܒ ' `('Ԁ  ` 'Ԁ  ` " Ԕa" "؀ 'Ѐ "'K@C'܀ kb `@ Lcx@Cܒ '  @  b `@ Lc@C{b ` D0P@Cq  Lc0@CO 7  @ (b `@ L@`@CP'Ԁ ܒ `" '' x'D'H''?'H LcX'HH#!@B'䀢?bLHH@BLch@B b `@ Lc@B''ܔD0R@B  Lc@B@B b `@ Lc@B܀ r쀢 @B'@B'쀢  bL@BV @B"D0Q@B ``=M`@B@B 9b `@ M@@B@Bx܀  M`(@Ba@Bp '쀢 耢 ]@BY 㿈'DD M`8'DD@B`  M`H@B/ \ '쀢? Q  @B) DLa~'耢? 8   .@B Lae'耢?    @A  @A  㿈'DD M`8'DD@A  M`H@A \ %'쀢? Q Q @A DLa '耢? 8   .@ALa'耢?     @A  @Ax  㿐/Aࠐ  ??㿐㿠P㿠@(#)$Id: ipfs.c,v 2.6.2.7 2001/06/26 10:43:18 darrenr Exp $usage: ipfs [-nv] -l usage: ipfs [-nv] -u usage: ipfs [-nv] [-d ] -R usage: ipfs [-nv] [-d ] -W usage: ipfs [-nNSv] [-f ] -r usage: ipfs [-nNSv] [-f ] -w usage: ipfs [-nNSv] -f -i , openlseekwrited:f:lNnSRruvWw/dev/ipstate/dev/ipnat/dev/ipfopen deviceTurn lock %s onoffSIOCSTLCKLock now %s ipstate.ipf%s state:openGetting state from addr %p state:SIOCSTGETGot state next %p state:writereadincomplete read: %d != %d malloc failed Loading new state table entry Loading new filter rule SIOCSTPUTReal rule addr %p ipnat.ipfnat:openLoading new NAT table entry Getting nat from addr %p nat:SIOCSTGSZNAT size %d from %p malloc for %d bytes failed nat:SIOCSTGETGot nat next %p nat:write/var/db/ipfchdir(IPF_SAVEDIR)56666600<0H0T0`0l0x00000000000000 0,080D0 0 0(x H oMo o   \ oo4|6as: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment#`) HH01xx9 G   Q $ [   e  #k0 0 q0(0(w0@0@4\4\ 4|4|T 5566 66666666h680707010e0cfebb000081ed0000000000000000000000013b671a710000eef40000000000000001ffffffffffffffff0000001200000003root/sbin/ipfstatELF<4\4 (444߾߾0 HHH/usr/lib/ld.so.1dN;H}#Z:VcqCE7n?<`o"r-s'$>)6j_Au*!wDxXPT+Wta~my |BJp,i@Sge8GRkl%=1490M5.F/[O\L2Qf3&Ybh]UzI^(v{K$< T p   H d<t ( "`'H@ 1 :|ATHO^ gltg, 8@!P   hL AL# y( ( $ h < T   '8/ <T BP K\bgPHlspz  x He$ l  P \, 8@  P(  'l39 CpH MU([ i !qx~D0L|| Hx}  |    q8  5<$C߾ J W^d( !kr H wg 6L tXH  p 4 ,(X` X( 8Pportnumgetopt_startportsreadatoicountbitsprintlogsetuidstrtokstrtolgetprotobyname_environ_endmemmoveprint_toif_iobpri_toname__register_frame_info__flsbuf_GLOBAL_OFFSET_TABLE_extrasparseaddicmp__ctypeopenkmemgethostbynameprintbufstrcasecmpatexitexitgenmaskmallocsprintfpri_findname_initkstrncpygetprotobynumber.umulfacsprissscanfgetuidportnameprotogetservbynamestrncpyprintportcmp_DYNAMICloglevelhostnuminet_atonratoiprintfinitparse__iobsetgidaddipopttcp_flagsionamesfac_tonamefac_findnamestrncasecmpioctlbuildoptsinet_addrstrrchr_exitprinthostmaskenvironperrornlistgetnetbynameicmpcodesstrchrinet_ntoaaddkeepfreeoptindcloseicmpcodeopenratouioptarg__deregister_frame_infosecclassstrcmpflagsetoptname_edata_PROCEDURE_LINKAGE_TABLE_memsetstrcpy_etext_lib_versionfflushflags_ctypegetgidmainto_interfaceshowqiflistoptprintstrlengethostnamelseekhostmask_finikmemcpygetservbyportoptsfprintfprintfrbinprinticmptypeslibsocket.so.1SUNW_0.7libnsl.so.1SUNWprivate_1.1SISCD_2.3libelf.so.1SUNW_0.7libc.so.1SUNW_0.7libsocket.so.1libnsl.so.1libelf.so.1libc.so.1 =(0 Nq#zt3= =(IR =(\q/ )8Txk|p(5:;(`4q@/LhXdpG|%U(Fncx\lRd =$y0g<9HjT&`"l[xK's0_B|!+C7e J,8> @D# @rno#p@rj@*9, @  "@@r_@r`㿐/r @# @   $?@`  ``@r:   "㿐㿐/rʮ8 `` @r# 㿐㿈'D'HD H'' @rp H㿐'DcXpPD@rcXpx@qcXp@qcXpD@q @q'D'H'Đ0','''pa'''?' '?'?''''`x'DHp @q'? M N `|'`|'`x"  @q @q@q @q@|??@qt@q @q@q @qDHp @qt'? 5*`H( c((@ "pa@'c((@ " '`|'`|@c((@"c((@ "c((@"c((@("c((@ "c((@ "c((@ "c((@$" |@@p'  '!`|pP@p  H |cXp!X@p?@pX@R @pPc((@ "F`|@d=HcXpx@p?@p`|p@p  H |cXp!@pt?@pbc((@@"H@Y @pr'  pa@pl?@p?0  !@pf   <@p`   @pZc( @ ,0@@pO? pa@pB?@pc( @ &pa @p/'||? pa@p)?@o|0@@p&? pb@p?@o|@pc( h 0S@p ? pb @o?@oc( `@ #( p"Pp8@@oc( @ 0N@o? pbX@o?@oc( @ @Uc( ` !0 @c( ` c( `  c((@ "0 @/c( h @g"c( @ @8c( @ 0 @0@=  @h ll PH|㿈'D'H'D?@o/?pbp@o"HHp`h@o&HHp`X@oHHp`\@oHHp`d@oHHp(``@oHHpP`l@nHHHp#x`@nHHp`( @nHHHp#`|x@nHHp`@nHHq`@nHHq0`@nHHq``@nHHq` @nHHq`0,@nHHq`@nHHq`<8@nHHq(`@nHHqP`$@nHqx`P@nHHq`@@nHHq`HL@n|HHq`@ntHHqaLP@nlHHq8`D@ndqb`@n_ qb@nU qb@nK qb@nA쀢 qb@n9㾐'D 'D d D @?qb@nU'Dc( ` DD`" c( a@ Dq`@nc( d@ Dq`@mc( @ qb@mD@'c( `@ D@D `D`D'D '㿀'D'D !X*`:'c( @  " 'c( d 1 'c( ` D *! ' 'c( `  D *! ' cXq@m\j'c( `   'D *  'c( `  'D *  'Cc( `@  #(cXq @m"c( `@ qc8@m<쀢 c( @ q#`q#p#*`cXqcH @l?a0'D'Hc( ` *HHHq#x` @mHHq@@lHHHq#`0@lHHHq#`$ @lY?bX@H`4@ JH 8`C?a@H`8 @ 5H? " 8?a@ M `? `, br@l?a@ M `? `< O??ᨘ?! L `?a@ ? #\r @lv?a?rH`@lh?a@ L ` /?a@ h*`2 ? j*2 ?ᨘ?!@?a@ t+`2 ? (0#\r`l x@l4@?a@ L ` ?a@ h*`2 ? j*2 r@l#?a@ L ` ?a@ h*`2 ? j*2 ?ᨖ l r @kr`@k?a@  ` r`@kq?a@  ` 2r`@k?a@  a!! ! r`@kr`@k r`@k8?a@  ` "r`@k?a@  ` r`@k?a@  `@ ra@k?a@  d ra@kr?a@  ` ra@kera@k_?a@  ` .ra @kR?a@  ` r`@kE?a@  `@ ra@k8?a@  @ ra(@k*?a@  @ ra8@k?a@  h ra@@k?a@  @ raP@k?a@ M r`@jrah@j?a@ T ??ᨖ T3 r!pT@j?a?r`\X@j?a@ b*`2 ? `*2 ?ᨖ f*2 ?! d+ 2 ra@j?a` @?r @j?a`$@?r$@j'D''''rb'''''D rb'DD@ju? cXr @jB0rb0@jc4 Ԕ @L !4 8 4 @; 8 rXr"@j=8'4P'D'HHHHr"` @j*HHr`@j"Hr`@jH`$@ '!Q*`@ B *  ,@?4  r@i  @?  ؗ* 2ޖ ژ ۚ P#\r@i*`"@ 'H`$@ X'!Q*`@ B *  ,@?4  Cr @i  @p?  .ؗ* 2ޖ ژ ۚ P#\r@ig*`"@ '㾈'D'HHHr0@@iMHHHHrcX`  @iAHHHr#` @i7H $'쀢   @?rc@i @[''DD?r#-D r#%8 D @?r#\  @h'X\@?r#h'DD !X*`:'Ԑ Ԑ" ''̀ i#,̖*s@ @hDԔ *̖ *@ !4 '쀢 ؐ  @  s`@h'#,̖*s @ @hDД *̖ *@ !4 '쀢 ؐ  @h  s`@hm'̒ '㿈'D'H'LD@hd  @h] '쀢 s`8@hAD@hU ,@hT'耢 4s@@hM L?"%  pL@h L` L@?  cXsHD@g?@g*s@@h H"H@  cXsp@g?@g@h'D'H' 'XD *`: D *`:)  ` D 'DD *`:  c  @gc D<@ " Dc  @ @ " c?" c( `  cXsD@gq'\Ds@g'h\*`h@ \  s@g\ '\ *`h"@ X 'X\*`h"@X  cXsH@g8 fh'dd @* :` @d@`" @gd "`ds@@@gQ c`"  d @sH @gJ   '\c`"  d @s` @g3   '\c`" c a Vd 'dd@@g\  d ` d  @* :` (d 'd'\?'\\ ,d\@ *`: ("\ '\d\@ @ 'TT?d`cXspH@f cW*  d @s @f  c`" d 'dds@@f  c`" ds@@f  c`" ds@@f~  c` " ds@@fk  c` " ds@@fX !d 'ddL ?@ cL"  cXsH@f 0ds@@f0 mc`"  d @s@f  c` " d 'd d @s@f   c`@" d 'dd` d @s@e  c` " d 'd d @s@e d 'ddH@? d 'ddcXsH@e d`'d@  cXs8H@en dsX@@e  c`" 6ds`@@e -c`" c a cXshH@e; ic `  cXsH@e( Vd`'d@  cXsH@e Dds@@eF d`'d@  cXsH@d )c `  c`" c `  c`" d`d@s@e  c` " d 'dd`d@s@d  c`@" d 'dd`'d@s@d c `  cXsH@d c` " d 'dd`d@s@d dH@? d 'dd 'dd`ds@@d  d 'dc` " c*d`d@s@dr d`'d@  cXsH@d' Ud@ @dec* d 'dd`c a cXs8Hs!@d 0#,d`zd@s`@d)  d `d 'dd@H@  d 'dd`'d@sh@d  d `d 'dd@H@_  d 'd-d`(d@sp@c c `  cXssp@c c`  " d 'dd`-d@s@c $d`'d@  cXsH@ca d@  @c*`c * Ed 'dd`@d@s@c| 7d`'d@  cXsH@c1 _d\  @ c_* dcXsH@c Cc * Fd 'db"d`d@t@c6 d`'d@  cXtH@b "d@"`""@t(@c $c`2 ` `*  cL" dcXtH@_ d 'dd`.d @* :` &cXt8H@_kd`dcXtX@_\d 'dcXt`@_Q c u `  c t ` c  `  cXthH@_0 ^c 2`  ` Qc  ` Jc  ` Cc ` c x`5c  ` $c`2 ` `* D ` D@3D d sa@WI'D  @ sa@W<D  @ sa@W/ D `Du `@W"D ` uc0@Wuc8@WD `  D ` !D@dcHcHH@ "  H@W #H` *@`"D  @ uc@@V D *`: CD D  D t# t#(uH@V D *`: D s`] D *`: D shND  @ ucX@VD E `  D 2` uh@VD F `  D 2` ux@VtD 2`  `  uc@Vh?'$D D `'Ԁ`D   @V'쀢  u@@VK D  u@VBD  @ t t# u@V1D 2`DDH@ D x`D x@ D  @ t t# u@V D 2`D,DX@ D `D @ D 2`   $D D2`   D <`D h`D @*`2  D l*`2 wuc@UD <`D h`D @*`2  D l*`2 D l7D @7DD`h<~D D2`  ` D 2`  ` uc@Uuc@UD D2`  ` D 2`  ` uc@Uwuc@UsD D2`  ` D 2`  ` uc@U_uc@U[D  ` ID p*`2 BD r*`2'D r*`2'В 'А  : 'Ѐ c8Д * #8Ж*u@ @U"uc@UD p `* 2` v`@UD  ` D u `  D t ` v`@TD u ` ?` D u v @TCb'b' *`: 4D u @ `#cHcHH@ "  *`:  H@T #H` *@`"ܒ 'ؒ 'D t ` ocHcHH@ "  /H@T #H` /*@`"D t ` ?` D t v @TuCb'b' *`: 4D t @ `#cHcHH@ "  *`:  H@To #H` *@`"ܒ 'ؒ 'D  @ v`(@T'D h v`8@TD `DvH`@TD `DvX`@TcHcHH@ "  H@T #H` *@`"㿀'D ''D'쀢  ' vh@S耢 v`p@S'?' 'cHcHH@ "  H@S #H` *@`"cH@S㿈'Dsa@SD ` v`x@SD `@ v`@SD  @ v`@SzD`? =v`@SoD c D`@V'쀢 v`'tc 'D`@'耢 v`' *`:  v`@S?v`@S8㿐'DD va('DD @Sc"? va8@S?c 㿐'H` Cc  ??4#@H @S)? vaH@R?##@@S vaX@R? $@ 㿐'H` Jc  ??;#@H @R? vaH@R?*`"#@ @R vaX@R|?  * :`   㿈'Da ' `D` @Rs  ' ` cXvD@R$   `㿀'D'H'L'PL'HL @ 0 cXv@R HL @'LDH * 'DH `aD'DH * 'DD * 'DP =H@    0 " (P/?D *P@'   *D @R P@Q7D @R H D@'DL `  D * 'DL 'Lc( ` HHHcXvc   L@QL" x'D'H'L'Dv8@Q'䀢 c =@Q' *@`"c' `4` @Q    @ HL'܀  Hܐ 'HLܐ 'L @' ' ` cXv@@Q  v8@QG'H*@`"L 'LL㿀'H -:`)  `    -:` 0  -:` x -:` X     * :` -:`)  ` @Q?Г-:`  / * * :` $-:`) ` -: ` ,-:`)  `   -:` .  q%  x-:`  * :` -:`)  `  M%: ``<*`h\  ;0?c 1*`#?c $*`*  *`* * H H" dpx㿈 ?㿀'DD #': '耢 ;a *  䀢@ a * *'a * a *   a *   ' 㿈'D'a * a * D@O  a *     '?㿈'D'bP * bP * D@O  bP *     '?㿈'DD 'bP *  耢@ bP * *'bP * bP *   bP *   ' 㿐` !@Od` * 㿈'D'H'D .@O$ D x@O  D :@O DH ?0+D @O' *`:  耢 耢 ?耢 H" H "@ ?* " 㿈'D'H'L'P'T'XD@ /@N'耢 D@ :@N'耢 R   :@N I*@`"L|? cXwX\@Ne?DH@\@?DcXwp\@NN?HHL@ @ "DDD@"DPTX\@D @ `jD @ `bD @@w@NT VDH@\@?DcXwp\@N?DDD@"DDD@"D@  DcXwX\@M?aL"DDD@"HHL@ @ "DPTX\@GD@ 4DH@\@<?DcXwp\@M?*DDD@"LH@? "DPTX\@tDcXwp\@M?㿀'D'H'LwaH@M  QH *`:)  ` Hi D" 8waH@M ` 'HH@M'쀢 H@M'耢  cXwLH@M2?D` "  D`@" 㿈'D'H'L'P'T?'D`D@  D@ *`:  iD@w@M. \D @ `TD @ `LDDD@"D@ *`:)  ` kD @ `cD@HT@. ?&DDD@"D@w@L  'D@w@L  'DcXwT@L?DDD@"D@  cXwT@Lw?D@PT@ ?D@w(@L D@w0@L  'D@w8@L D@w@@Ls  'wD@wH@Lx D@wP@LY  ']D@wX@L^ D@w`@L?  'CD@wh@LD D@wp@L%  ')D@wx@L* D@w@L   'DcXwT@K?)쀢 쀢 DDD@"D@HT@ ?L"DDD@" 㿀'D'H'L7D *`:)  ` D ?#@ H2 cXwLD@Kj }b`)"@w@K "D@@K'쀢  H` 2 [cXwLD@K= PDw@K'쀢  7Dw@K'쀢 耢 cXwLD@K (* 2`` * 2`cXw LD@JcXwHLD @J H2 㿀'D'H'L//'D *`: 0D /@K '䀢 *@`"D  @K/'D' *`: I *`: /耢@'  *`: 00) *`: @J'  *`: cXwXL@J <b" @ @ * '䀢  *`: 0  @J/ `   `  ?/ /H* `㿀'D'D''D '䀢   ' ?'*`'' ''䀢 *`'  '?'?'D ?㿀'D'H'''D?9Hw@J\'耢 %@ @J#`* Hw@JH'`@I`@J   '耢  3&D "D@J'쀢 H@@J'耢 @ @I`*   `wpH@J 㿈'D'H'L'PD @I' *`: L  P  H" 㿈'D'H'L'PD @I' *`: L P  H" 㿀'D'H'LH` L`wa@IG.H'' @Iwx@I7L@'耢?L'' @Hw@I wc@I㿐'D'HH` H`H *`2 "H * H + 2 wc  @H"H * H *`2 Dwc@H㿀'D'H'LD'H'䀢 L @/`"* :`) W ` #cHcHH@ " * : H@H #H`*@`" * :w@H* :` L ?'㿐/H༐  ??㿐㿠 㿠@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed@(#)$Id: fils.c,v 2.21.2.17 2001/07/19 12:24:09 darrenr Exp $ipacct(out)ipacct(in)ipfilter(out)ipfilter(in)IPv6Usage: %s [-aAfhIinosv] [-d ] [-M corefile] [-N symbol-list] %s -t [-S source address] [-D destination address] [-P protocol] [-T refreshtime] [-C] [-d ] /dev/ipf6aACfghIilnoqstvd:D:M:N:P:S:T:/dev/ipauth%ud%s : Invalid protocol: %s %s : state top facility not compiled in %d%s : Invalid refreshtime < 1 : %s openioctl(ipf:SIOCGETFS)/dev/ipstateioctl(state:SIOCGETFS)ioctl(SIOCGFRST)opts %#x name %s <>ioctl(SIOCATHST)ioctl(SIOCGETFF)dropped packets: in %lu out %lu non-data packets: in %lu out %lu no-data packets: in %lu out %lu non-ip packets: in %lu out %lu bad packets: in %lu out %lu copied messages: in %lu out %lu input packets: blocked %lu passed %lu nomatch %lu counted %lu short %lu output packets: blocked %lu passed %lu nomatch %lu input packets logged: blocked %lu passed %lu output packets logged: blocked %lu passed %lu packets logged: input %lu output %lu log failures: input %lu output %lu fragment state(in): kept %lu lost %lu fragment state(out): kept %lu lost %lu packet state(in): kept %lu lost %lu packet state(out): kept %lu lost %lu ICMP replies: %lu TCP RSTs sent: %lu Invalid source(in): %lu Result cache hits(in): %lu (out): %lu IN Pullups succeeded: %lu failed: %lu OUT Pullups succeeded: %lu failed: %lu Fastroute successes: %lu failures: %lu TCP cksum fails(in): %lu (out): %lu Packet log flags set: (%#x) packets passed through filter packets blocked by filter packets not matched by filter none kmemcpy%lu @%d No -i or -o given with -a showlist:opts %#x i %d fp %p set %d empty list for %s%s inactive IP states added: %lu TCP %lu UDP %lu ICMP %lu hits %lu misses %lu maximum %lu no memory %lu bkts in use %lu active %lu expired %lu closed %s -> %s ttl %ld pass %#x pr %d state %d/%d pkts %ld bytes %ld %hu -> %hu %x:%x %hu:%hu %hu -> %hu %hu %hu %d passblock return-icmp return-icmp-as-dest return-rstlog body firstcount out in log or-block quick keep frags keep state IPv%d pkt_flags & %x(%x) = %x, pkt_options & %x = %x pkt_security & %x = %x, pkt_auth & %x = %x interfaces: in %s[%p] out %s[%p] qif_head/dev/ksymsnlist error List of interfaces bound by IPFilter: Name: %-8s Header Length: %2d SAP: %s (%04x) IPv4IP fragment states: %lu new %lu expired %lu hits %lu no memory %lu already exist %lu inuse %s %d %d %d %#02x = %#x NAT: %s -> Authorisation hits: %ld misses %ld nospace %ld added %ld sendfail %ld sendok %ld queok %ld quefail %ld expire %ld age %ld !-XAuthenticationAccountingFilter%s groups (active): %hu %s groups (inactive): mallocanyInvalid port specfication in %s Invalid IP address: %s @(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $parse [%s]  %d: not enough segments in line blockreturn-icmp-as-destreturn-icmp%d: unrecognised icmp code %s return-rstcountpassauthpreauthskip%d: integer must follow skip logbodyfirstor-blocklevel%d: unknown keyword (%s) %d: missing 'in'/'out' keyword inout%d: Can only use return-icmp with 'in' %d: Can only use return-rst with 'in' %d: missing source specification %d: or-block must be used with pass quickon%d: interface name missing %d: %s can only be used with TCP dup-totofastroutecan only use %s with 'in' tos%d: tos missing value ttl%d: ttl missing hopcount value %d: invalid ttl (%s) proto%d: protocol name missing tcp/udp%d: unknown protocol (%s) allfrom%d: unexpected keyword (%s) - from %d: missing host after from !%d: missing to fields %d: unexpected keyword (%s) - to %d: missing host after to %d: port operation on non tcp/udp %d: icmp comparisons on wrong protocol flags%d: no flags present withandicmp-type%d: icmp with wrong protocol (%d) keephead%d: head without group # %d: invalid group (%s) group%d: group without group # %d: unknown words at end: [%s ] %d: TCP protocol not specified %d: port comparisons for non-TCP/UDP %d: %s missing identifier after level%d: %s %s Unknown facilityUnknown priority%s %s%s(!):%sipoptnotoptfragnoshort%d: opt missing arguements %d: short cannot be used with TCP flags ,%d: unknown IP option name %s sec-class%d: missing security level after sec-class %d: no such security level: %s opt %s%s%ssec-class not optENDmaskrepmaskreqinforepinforeqtimestreptimestparamprobtimexroutersolrouteradechoredirsquenchunreachechorep%d: Invalid icmp-type (%s) specified code%d: Invalid icmp code (%s) specified preced-cutoffhost-precedfilter-prohibhost-tosnet-toshost-prohibnet-prohibisolatehost-unknet-unksrcfailneedfragport-unrproto-unrhost-unrnet-unr%d: Can only use keep with UDP/ICMP/TCP %d: Missing state/frag after keep statefrags%d: Unrecognised state keyword "%s" return-icmp-as-dest return-icmp(%s)(%d) return-rstskip %hu out in quick on %s%s fastroute tos %#x ttl %d proto tcp/udp proto %s proto %d from %s to %s with not ipopt short frag icmp-type %s icmp-type %d code %d flags 0x%x keep state keep frags head %d group %d%02x body first or-block level !!!%s.%s%s@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed@(#)$Id: kmem.c,v 2.2.2.3 2001/07/15 22:06:16 darrenr Exp $/dev/kmemkmeminit:openkmemcpy:lseekkmemcpy:read@(#)opt.c 1.8 4/10/96 (C) 1993-2000 Darren Reed@(#)$Id: opt.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $finneipimitdvisaaddextssrrsatidcipsoe-seclsrrsec-classsectrtsencodemturmtupzsurrnopreserv-1reserv-2unclassconfidreserv-3secrettopsecretreserv-4no such security level: %s options too long bo: %s %d %#x: %d ,unknown IP option name %s @(#)inet_addr.c 8.1 (Berkeley) 6/17/93@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $local7local6local5local4local3local2local1local0cron2uucpnewslprsyslogauthdaemonmailuserkerndebuginfonoticewarnerrcritalertemerg@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $%d: bad mask (%s) %d: bad host (%s) maskany%d: can't resolve hostname: %s port<>><%d: unknown range operator (%s) %d: missing 2nd port value =eq!=ne<lt>gt<=le>=ge%d: unknown comparator (%s) %d: unknown port "%s" tcp/udp%d: unknown service "%s". tcpudp%d: unknown tcp/udp service "%s". %d: %s %d/tcp is a different port to %d: %s %d/udp %d: unknown flag (%c) %d%s/%s/%d* port %d %s %d port %s %s\%03oH00<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~0{0x(0u40r@0oL0lX0iet T p  o$o$o4 oo8(Ը԰ԠԘԐԈԀx@0 ոհՠՐՀpxp h ` X PD@HR@ 8 (  @=Zfڰڨ ڠ@ڐڀܘܐ܈܀x p(h0`8X@PHPxH@80( ܸܰܨܠFSRPAUEC @ߐ(8HXhxas: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment#)  19$$G  Q< [4 e<<kTTqppw 6 h HH0707010e0cfea3000081ed0000000000000000000000013b671a70000098e40000000000000001ffffffffffffffff0000001000000003root/sbin/ipnatELF4L4 (444 HHH/usr/lib/ld.so.1e}t@ZKqOV%&Q.Ru:dcwe7GrBknUxm('~{`a!<ljDP$I\X]=f#vC2zhoL1JsHy|5b6 +-390)>*;SWFA^4NE_,Y8?T/["Mgip L |0 |L |`  Hdltxn Lt h( 0"'t$@ 1|8?F0 Q`Xinp@!s   ` ' zdh d   adT  @|0 )TP '<8>TDJpQud Za g u}y| H,8 gH ] *  w, a8, p@dq 8`H  xt X!")/<xCMRWw ^e&p$ p ( x7h Z@  |` 8` ! X$ `l ,'3$9X Ab J|L P9!8 Y( 4 aHo4portnumgetopt_startportsreadatoicountbitssetuidstrtokstrtolgetnattypegetprotobyname_environ_end_iob__register_frame_info__flsbuf_GLOBAL_OFFSET_TABLE___ctypeopenkmemgethostbynameprintbufstrcasecmpatexitexitstrerrorgetsumdprintapsgenmaskmallocsprintf_initkstrncpygetprotobynumber.umulfputs.uremgetuidportnamefcloseprotogetservbynamestrncpyprintportcmp_DYNAMICusagehostnuminet_atonprintnatratoiprintfinitparse__iobsetgidtcp_flagsstrncasecmpioctlinet_addrstrrchr_exitprinthostmaskenvironperrorerrnogetnetbynamestrchrinet_ntoafreeopenratouioptargflushtable__deregister_frame_infostrcmpfgetsflagset_edata_PROCEDURE_LINKAGE_TABLE_fopenmemsetnat_setgroupmapnatparsefile_etext_lib_versionflags_ctypegetgidmain.udiv.divstrlengethostnamelseekdostatshostmask_fininatparsekmemcpygetservbyportfprintflibsocket.so.1SUNW_0.7libnsl.so.1SUNWprivate_1.1SISCD_2.3libc.so.1SUNW_0.7libsocket.so.1libnsl.so.1libelf.so.1libc.so.1w =(0 Nqzt =(e,X)pQc`/45Xe(,4@;LXsdRpB|$xa6OflU[:_A -`$y0!<>HT@`ulvx^%3GW"(kgD?&1] F,w8T @D# @^_ L@^@, @ X"@}@^@^㿐/^ሐ @# @   $?@`  ``@^]   "㿐㿐/^ʮĐ `` @^F 㿐㿐'Db_D@^; @^,㿐'DD D? a_@^' a_D@^!x'D'H?'' '''DH_@^ '䀢?S 3H*`F< @ '? ':c'4  '.!') ''#c'  '' '(''  @'H@m؀ @? @]@] @]@] @]a!@]a*  '_a @]'쀢?_a  @]'쀢?#@@]b_0_! @]d?@]U` @f܀ @Q h @~ tppppppppppppppppppppppppppppppppppppppp0Dpp\P'D'H D L@~   4@s   _@@]_a`@]_a@\_a@\܀ -H `@ (Ē Ŕ * ; * ;`_a@\* :* :_@\* :* :_@\  _@\ 1 D- ؔ D@ z_b@\_b(@\_bP@\Е* 2җ* 2ԙ* 3 _"h@\Z  _@\ P!pL0 ؔ!p@ A_b@\p_b0@\k//_b@\e_b8<@DH@\\_b@\X0    @?_b@\M_b@\D_b@\@0 А   @'_c@\5'DD D X D @ _#3       _c'_c '_c0' _c8'_c@''D'Hx'tx   T@[H tD0>@[?_cH@[H h +_c`x|@[_cx@[_c@[_c@[_c@[H `@  x (_@[H ` _c@[ %@  @ ``@[H a `` d@[q@H B@i@'!@[s'hh!@ ``@[bC``(@[P'dd  d |@   '<< @[E* 2```H@[*'<< @[6* 2``@['<< @[(* 2`p@[H `@ a* 2```@Z2`  *`2 ?`? " '2`  ؐ *`2   @Z'2`  *`2 ?`? " '2`  Ԑ *`2   @Z'm `@Z`` @Z``@Zbb@ "  @Z "` *@`" H^('d6H `@ i``@Zy*` @Z'*`@ `a@ZpQ' Cܒ*`А 'Ԁ 1ؐ Ԕ @ `a@ZL-'<< @ZJ`0@Z3'<< @Z?`8@Z(`a@@Z"'ܒ '@Z1h@Z.㿈'D'H'H 'H D0A@Z?`aX@Y`ap@YH@  'H D0A@Y?`a@Y`a@Y㿐'DD `bH'DD @Ya"? `bX@Y?a 㿐'H` Ca  ??4!@H @Y? `bh@Y?#!@@Y `bx@Yr? $@ 㿐'H` Ja  ??;!@H @YV? `bh@Y=?*`"!@ @YC `bx@Y&?  * :`   x'D'H'LD`h   "  `c@X`c@X`c@X`c @X Db`(h@XD l`P@XD 0 `@ ~D 0 @ `cX@X`c`@XD h`D LD P @D X` D *`:DX@ID <D @ @D `` D *`:D`@3D 0 @ `ch@Xt`cp@XpD h`D DD H @D `` D *`:D`@ D LD P @D X` D *`:DX@D h`D 0 `@ LD D' @XA`x@X*D`H@'䀢? `c@XD H' @X%`@XD 8*`2  D 8*`2 `@WDD`:*`2 8* 2@ D :*`2 `@WD <' @W`@WD 0 ` D @' @W`@WD ,*`2  D ,*`2 `@WD 0 ` `c@WD 0 ` `c@W D 0 ` `c@WD 0 a `c@WD 0 @ `c@W`c@WH ` DDDD :+ 2 D #\a``0D@WmDD`(" (D 0 `@ *D <' @Wla@WUD`@@'䀢? a` @WGD @' @WP`x@W9a`(@W5D 0 ` D D' @W:a0@W#D H' @W.`x@W*D D' @W a@W D`H@c'䀢? a` @VD H' @W`x@V |D *`: ^D *`:  @W'a`@@VD d*`2 .쀢  D d*`2@@V' D d*`2   @V'耢  aP@@V D d*`2 aX@VD |a`` @V쀢  @@V D *`: ah@VD h`D 8*`2 ap@V{H `@  D :*`2 a@VniD 8*`2  D :*`2 Ya`@VXD 0 ` !a`@VNH ` D 8*`2 D :*2 D .*2 D 6+ 2 a`@V50D 0 ` `c@V)D 0 ` `c@V D 0 ` `c@VD 8*`2 D :*2 a@VD 0 @ `c@U`c@UH ` DDD (' @UD ,*`2 a` `@UDDa`0 @U㿐'DDD H`@ D 2 .ZD 0 ` 4DD`B8 2 .D HDD .*`2D`H8 ` @U4 .DDD`.2 .D .*`2 D 2 .DD .*`2 ?@U4 6"DD`H8  *" * " D" (DD`82 6*2` D 2 6DD 6*`2 ?@U4 .'D'H''a "D @U' *D #@U' *D *`: D *`:a  ` D 'DD *`:   b  @U''L'PDa@UP'XP*`X@ P  a@U:P 'P *`X"@ L 'LP*`X"@L  baH@T X'TT@`@U b " h;T@`@U b " h,T@`@T b " hT@` @T b " hTba8H@T }T 'TT@ @Tb* {T 'TT@aX@T  T @* :` !GT@a`@Tt !T 'TT@aX@T  bah@T> <b`0 " 0&T @* :` !T aX@Tx  bah@T b`0 " 0b 0 @ b h `  ba@S b`0@" 0T 'Tb h`TH#\#c@  TH#\#c@  T@a`@S T 'Tb`0 " 0T @* :` !TTT@"b`0 " 0T@a@S TbaH@S{ yb 0 @ b h `  ba@Sc aT`'T@  baH@SQ Ob h`TH#\# c@Z  4b`d2 8TH#\# c@=  ^T'    /@SW'܀  *@`"b h`bH@ 2? @? bH@ ? @? T 'TT` b h`b 0 `@ T@a@R  baH@R T 'TT` ba8H@R T @* :`a  ` T@ -@R'  *@`"'T@H@   [b`82 8T 'TT@a`@Rl  T 'TT@'`" H@ d  0b`:2 :b`82 :T` bahH@R T@a@R-  baH@R T 'TT`b h`a"a"baH@Q b h`0T@a@R, 'T 'Tb`0 " 0T`b h`a"a"baH@Q b 0 ` IT@ -@Q'耢 !T 'TT`T@a`@Q  T ` T '*@`"耢   *`: baH@Qd bCb h`=T@ /@Q'耢 T 'TT`T@a@Q T`'T@'耢  baH@Q- + *`: /*@`"b h`'T@ ,@Qd'耢 b`0" 0*@`"T@H@@? T@H@1? T 'Tb h ` 5T`T@a8@Q( Tba@H@P T 'TT`T@@Q2`8T 'Tb2 8ab h ` ZT` T@ /@P bahHa#@P T@a@P TbaH@Pu sT 'TT` ba8H@Pc aT@H@  Tb`,2 ,T 'T耢  *`: /*@`"b h ` $b 0 ` bH@k? ! @  b 0 ` bH@I? ac@  T`b`0" 0a a"T@a@P.  b`0" 0fT@a@P  b`0" 0TT@a@P   b`0" 0BT@a@O  b`0" 00T@b@O  b`0" 0b`0" 0T@@O'쀢  b ` *  T@@O*`a T@"T 'TT`T@b@O  T 'Tb`0" 0T`T@b@O  T 'Tb`0 " 0T`Tbb H@O  b 0 `  b`<@ @ " <b 0 `  b`DH @ " Db`LP @ " Lb h ` b3T`T@b@O2  T 'Tb`0 " 0T`"b h`TbbHH@N T@bx@O T 'TT` bbH@N 'T@a@N +T 'TT` bbH@N~ |T'T 'TT` bbH@Ni g bbH@N] [T@ /@Na " #a *@`"! @@N'쀢  b ` *  ! @@N*`b* 䀢  H@O  b`d2 dT$@ @NgT 'TT` bbH@M "T@b@NH Tbb H@M T 'TT` bbHH@M T@a@N!  b`0" 0DT@a@N  b`0" 02T@a@M  b`0" 0 T@a@M  b`0" 0TbbxH@M }a T@"T 'TT` bbH@Mh fT@b@M b`0" 0b$2 8b?2 :b"ET@ :@M'܀ TbbH@M1 /*@`"T@H@Q  H@H  b`82 8b`:2 :"㽀'D'H'L'Ha`@M Hb@MS'䀢 #@@LbbH@L @Lbp' !@M6 q '/  @M'쀢 * h'耢 * :`  bb@LEL `@  耢 L L 1L ` D <@L? bb @Lubb(@LD =@L? bb @L_bb@@Lp @L㿀'H -:`a  `    -:` 0  -:` x -:` X     * :` -:`a  ` @L|?Г-:`  / * * :` $-:`a ` -: ` ,-:`a  `   -:` .  q%  x-:`  * :` -:`a  `  M%: ``<*`X  ;0?c 1*`#?c $*`*  *`* * H H" ___`,`l㿈 ?㿐cX!@KPcX* 㿈'D'H'D .@K D x@Kx  D :@Kq DH ?0+D @K|' *`:  耢 耢 ?耢 H" H "@ ?* " 㿈'D'H'L'P'T'XD@ /@K%'耢 D@ :@K'耢 R   :@K I*@`"L|? bb@\@J?DH@\@?DbbX\@J?HHL@ @ "DDD@"DPTX\@D @ `jD @ `bD @@bp@J VDH@\@?DbbX\@JD?DDD@"DDD@"D@  Dbb@\@J!?aL"DDD@"HHL@ @ "DPTX\@GD@ 4DH@\@<?DbbX\@I?*DDD@"LH@? "DPTX\@tDbbX\@I?㿀'D'H'LbcxH@J   QH *`:a  ` HR D" 8bcH@I cX'HH@I'쀢 H@I'耢  bbLH@Ir?D` "  D`@" 㿈'D'H'L'P'T?'D`D@  D@ *`:  iD@b@I \D @ `TD @ `LDDD@"D@ *`:a  ` kD @ `cD@HT@. ?&DDD@"D@b@I   'D@b@H  'DbbT@H?DDD@"D@  bbT@H?D@PT@ ?D@c@H D@c@H  'D@c @H D@c(@H  'wD@c0@H D@c8@H  ']D@c@@Hq D@cH@H  'CD@cP@HW D@cX@H  ')D@c`@H= D@ch@Hi  'DbcpT@G?)쀢 쀢 DDD@"D@HT@ ?L"DDD@" 㿀'D'H'L7D *`:a  ` D ?#@ H2 bcLD@G }a `)! @c@G ! D@@H '쀢  H` 2 [bcLD@G} PDc@G'쀢  7Dc@G'쀢 耢 bcLD@GU (* 2`` * 2`bcLD@G?bc0LD @G5 H2 㿀'D'H'L//'D *`: 0D /@Gh'䀢 *@`"D  @Gz/'D' *`: I *`: /耢@'  *`: 00) *`: (@G&'  *`: bc@L@F <8a(" @ @ * '䀢  *`: 0  @G/ `   `  ?/ /H* `㿀'D'D''D '䀢   ' ?'*`'' ''䀢 *`'  '?'?'D ?㿀'D'H'''D?9Hc@Fl'耢 %8@ @Fuc8* Hc@FX'c8@Fc8@F  '耢 #83&D "D@F0'쀢 H@@F)'耢 8@ @F2c8* #8 c8cXH@E#8㿈'D'H'L'PD @F,' *`: L  P  H" 㿈'D'H'L'PD @F' *`: L P  H" 㿀'D'H'LH` L`bcx@E~.H'' @Ec`@EnL@'耢?L'' @Ench@EWcap@EP㿐'D'HH` H`H *`2 !@H * H + 2 ca  @E+!@H * H *`2 Dca@E㿀'D'H'LD'H'䀢 L @/`"* :`a W ` #bb@ " * : @D "`*@`" * :c@D* :` L ?'㿐/DȐ  ??㿐㿠)㿠@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed@(#)$Id: ipnat.c,v 2.16.2.9 2001/07/18 15:06:33 darrenr Exp $%s: [-CFhlnrsv] [-f filename] hw(%#0x)%#0xCdFf:hlM:nrsv/dev/ipnat%s: open: %s proxy %s/%d use %d flags %x proto %d flags %#x bytes %lu pkts %lu data %p psiz %d state[%u,%u], sel[%d,%d] seq: off %hd/%hd min %lx/%lx ack: off %hd/%hd min %lx/%lx raudio Real Audio Proxy: Seen PNA: %d Version: %d EOS: %d Mode: %#x SBF: %#x Ports:pl %hu, pr %hu, sr %hu ftp FTP Proxy: passok: %d Client: rptr %p wptr %p seq %x len %d junk %d buf [] Server: ] ???MAPMAP-BLOCKRDRBIMAPunknownioctl(SIOCGNATS)mapped in %lu out %lu added %lu expired %lu no memory %lu bad nat %lu inuse %lu rules %lu wilds %u table %p list %p List of active MAP/Redirect filters: kmemcpy%d List of active sessions: %s %-15s %-5hu <- -> %-15s %-5hu [%s %hu] age %lu use %hu sumd %s/%s pr %u bkt %d/%d flags %x bytes %lu pkts %lu %lx List of active host mappings: kmemcpy (maptable)kmemcpy (hostmap)%s -> %s (use = %d hv = %u) ioctl(SIOCFLNAT)%d entries flushed from NAT table ioctl(SIOCCNATL)%d entries flushed from NAT list @(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed@(#)$Id: kmem.c,v 2.2.2.3 2001/07/15 22:06:16 darrenr Exp $/dev/kmemkmeminit:openkmemcpy:lseekkmemcpy:read@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed@(#)$Id: natparse.c,v 1.17.2.11 2001/07/17 14:33:09 darrenr Exp $rdrmapmap-blockbimapunknown value for in_redir: %#x %s ! from ! to %s/%d /%s port %d- %d -> %s,%s port %d tcp/udp tcp udp round-robin frag %p %lu %#x %u %p %d %s/%d -> range %s- proxy port %s %hu %.*s/%d ports %d ip modulous %d portmap auto [%d:%d %d %d] %d:%d ifp %p space %lu nextip %s pnext %d flags %x use %u  %d: not enough segments in line %d: unknown mapping: "%s" from!Missing from after ! Cannot use '! from' with map to%d: unexpected keyword (%s) - to Cannot use '! to' with rdr %d: missing host after to port%d: missing fields - 1st port %d: missing fields (destination port) -%d: missing fields (->) ->%d: missing -> %d: missing fields (%s) destinationtargetrange%d: desination range not specified netmask%d: missing fields (dest netmask) ports%d: expected "ports" - got "%s" %d: No netmask supported in %s destination host for redirect%d: missing fields - 2nd port (%s) 255.255.255.255tcpudptcp/udptcpudpipround-robinfrag%d: extra junk at the end of rdr: %s %d: extra words at the end of bimap line: %s proxy%d: missing parameter for "proxy" %d: missing parameter for "port" %d: missing keyword "port" %d: too many parameters for "proxy" portmap%d: expected "portmap" - got "%s" %d: missing expression following portmap %d: expected protocol name - got "%s" %d: no port range found auto%d: no port range in "%s" r%s: open: %s %d: syntax error in "%s" %d:ioctl(SIOCADNAT)ioctl(SIOCRMNAT)@(#)inet_addr.c 8.1 (Berkeley) 6/17/93@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $@(#)parse.c 1.44 6/5/96 (C) 1993-2000 Darren Reed@(#)$IPFilter: parse.c,v 2.8 1999/12/28 10:49:46 darrenr Exp $%d: bad mask (%s) %d: bad host (%s) maskany%d: can't resolve hostname: %s port<>><%d: unknown range operator (%s) %d: missing 2nd port value =eq!=ne<lt>gt<=le>=ge%d: unknown comparator (%s) %d: unknown port "%s" tcp/udp%d: unknown service "%s". tcpudp%d: unknown tcp/udp service "%s". %d: %s %d/tcp is a different port to %d: %s %d/udp %d: unknown flag (%c) %d%s/%s/%d* port %d %s %d port %s %s\%03oHxth00<0H0T0`0l0x00000000000000 0,080D0P0\0h0t0000000000000~0{0x(0u40r@0oL0lX0id0fp0c |0 |L  oooLL oopFSRPAUEC @x 0@P`as: WorkShop Compilers 5.0 Alpha 03/27/98 Build as: WorkShop Compilers 5.0 Alpha 03/27/98 Build @(#)SunOS 5.7 Generic October 1998as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 Alpha 03/27/98 Build ld: Software Generation Utilities - Solaris-ELF (4.0).symtab.strtab.shstrtab.interp.hash.dynsym.dynstr.SUNW_version.rela.got.rela.bss.rela.plt.text.init.fini.rodata.got.plt.dynamic.data.ctors.dtors.eh_frame.bss.comment#) 1 9pG  Q0 [LLL ehk|0|0q|L|Lw|`|`F  HHTddllttxx@x0707010e0cfe8b000041ed0000000000000001000000043b671a72000000000000000000000001ffffffffffffffff0000000900000003root/usr0707010e0cfe73000041ed0000000000000001000000033b671a72000000000000000000000001ffffffffffffffff0000001100000003root/usr/include0707010e0cfe5b000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001900000003root/usr/include/netinet0707010e0cfe43000081a40000000000000000000000013b671a6b000005940000000000000001ffffffffffffffff0000002300000003root/usr/include/netinet/ip_auth.h/* * Copyright (C) 1997-2001 by Darren Reed & Guido Van Rooij. * * See the IPFILTER.LICENCE file for details on licencing. * * $Id: ip_auth.h,v 2.3.2.4 2001/07/18 14:57:08 darrenr Exp $ * */ #ifndef __IP_AUTH_H__ #define __IP_AUTH_H__ #define FR_NUMAUTH 32 typedef struct frauth { int fra_age; int fra_index; u_32_t fra_pass; fr_info_t fra_info; #if SOLARIS queue_t *fra_q; #endif } frauth_t; typedef struct frauthent { struct frentry fae_fr; struct frauthent *fae_next; u_long fae_age; } frauthent_t; typedef struct fr_authstat { U_QUAD_T fas_hits; U_QUAD_T fas_miss; u_long fas_nospace; u_long fas_added; u_long fas_sendfail; u_long fas_sendok; u_long fas_queok; u_long fas_quefail; u_long fas_expire; frauthent_t *fas_faelist; } fr_authstat_t; extern frentry_t *ipauth; extern struct fr_authstat fr_authstats; extern int fr_defaultauthage; extern int fr_authsize; extern int fr_authused; extern int fr_auth_lock; extern u_32_t fr_checkauth __P((ip_t *, fr_info_t *)); extern void fr_authexpire __P((void)); extern void fr_authunload __P((void)); extern mb_t *fr_authpkts[]; extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *)); #if defined(__NetBSD__) || defined(__OpenBSD__) extern int fr_auth_ioctl __P((caddr_t, int, u_long, frentry_t *, frentry_t **)); #else extern int fr_auth_ioctl __P((caddr_t, int, int, frentry_t *, frentry_t **)); #endif #endif /* __IP_AUTH_H__ */ 0707010e0cfe2b000081a40000000000000000000000013b671a6a000065520000000000000001ffffffffffffffff0000002500000003root/usr/include/netinet/ip_compat.h/* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 * $Id: ip_compat.h,v 2.26.2.17 2001/07/23 04:22:48 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ #define __IP_COMPAT_H__ #ifndef __P # ifdef __STDC__ # define __P(x) x # else # define __P(x) () # endif #endif #ifndef __STDC__ # undef const # define const #endif #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif #if SOLARIS && !defined(SOLARIS2) # define SOLARIS2 4 /* Pick an old version */ #endif #if SOLARIS2 >= 8 # ifndef USE_INET6 # define USE_INET6 # endif #endif #if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__) # undef KERNEL # undef _KERNEL # undef __KERNEL__ # define KERNEL # define _KERNEL # define __KERNEL__ #endif #if defined(__SVR4) || defined(__svr4__) || defined(__sgi) #define index strchr # if !defined(KERNEL) # define bzero(a,b) memset(a,0,b) # define bcmp memcmp # define bcopy(a,b,c) memmove(b,a,c) # endif #endif #ifndef offsetof #define offsetof(t,m) (int)((&((t *)0L)->m)) #endif #if defined(__sgi) || defined(bsdi) struct ether_addr { u_char ether_addr_octet[6]; }; #endif #if defined(__sgi) && !defined(IPFILTER_LKM) # ifdef __STDC__ # define IPL_EXTERN(ep) ipfilter##ep # else # define IPL_EXTERN(ep) ipfilter/**/ep # endif #else # ifdef __STDC__ # define IPL_EXTERN(ep) ipl##ep # else # define IPL_EXTERN(ep) ipl/**/ep # endif #endif #ifdef linux # include #endif #if SOLARIS # define MTYPE(m) ((m)->b_datap->db_type) # include # include # include # include /* * because Solaris 2 defines these in two places :-/ */ # undef IPOPT_EOL # undef IPOPT_NOP # undef IPOPT_LSRR # undef IPOPT_RR # undef IPOPT_SSRR # ifndef KERNEL # define _KERNEL # undef RES_INIT # if SOLARIS2 >= 8 # include # endif # include # include # include # undef _KERNEL # else /* _KERNEL */ # if SOLARIS2 >= 8 # include # endif # include # include # include # endif /* _KERNEL */ # if SOLARIS2 >= 8 # include # include # define ipif_local_addr ipif_lcl_addr /* Only defined in private include file */ # ifndef V4_PART_OF_V6 # define V4_PART_OF_V6(v6) v6.s6_addr32[3] # endif # endif typedef struct qif { struct qif *qf_next; ill_t *qf_ill; kmutex_t qf_lock; void *qf_iptr; void *qf_optr; queue_t *qf_in; queue_t *qf_out; struct qinit *qf_wqinfo; struct qinit *qf_rqinfo; struct qinit qf_wqinit; struct qinit qf_rqinit; mblk_t *qf_m; /* These three fields are for passing data up from */ queue_t *qf_q; /* fr_qin and fr_qout to the packet processing. */ size_t qf_off; size_t qf_len; /* this field is used for in ipfr_fastroute */ char qf_name[8]; /* * in case the ILL has disappeared... */ size_t qf_hl; /* header length */ int qf_sap; } qif_t; #else /* SOLARIS */ # if !defined(__sgi) typedef int minor_t; # endif #endif /* SOLARIS */ #define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h))) #if defined(__FreeBSD__) && (__FreeBSD__ >= 5) && defined(_KERNEL) # include #endif #ifndef IP_OFFMASK #define IP_OFFMASK 0x1fff #endif #if BSD > 199306 # define USE_QUAD_T # define U_QUAD_T u_quad_t # define QUAD_T quad_t #else /* BSD > 199306 */ # define U_QUAD_T u_long # define QUAD_T long #endif /* BSD > 199306 */ /* * These operating systems already take care of the problem for us. */ #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \ defined(__sgi) typedef u_int32_t u_32_t; # if defined(_KERNEL) && !defined(IPFILTER_LKM) # if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 104110000) # include "opt_inet.h" # endif # if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000) && \ !defined(KLD_MODULE) # include "opt_inet6.h" # endif # ifdef INET6 # define USE_INET6 # endif # endif #else /* * Really, any arch where sizeof(long) != sizeof(int). */ # if defined(__alpha__) || defined(__alpha) || defined(_LP64) typedef unsigned int u_32_t; # else # if SOLARIS2 >= 6 typedef uint32_t u_32_t; # else typedef unsigned int u_32_t; # endif # endif #endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */ #ifdef USE_INET6 # if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) # include # ifdef _KERNEL # include # endif typedef struct ip6_hdr ip6_t; # endif union i6addr { u_32_t i6[4]; struct in_addr in4; struct in6_addr in6; }; #else union i6addr { u_32_t i6[4]; struct in_addr in4; }; #endif #define IP6CMP(a,b) bcmp((char *)&(a), (char *)&(b), sizeof(a)) #define IP6EQ(a,b) (bcmp((char *)&(a), (char *)&(b), sizeof(a)) == 0) #define IP6NEQ(a,b) (bcmp((char *)&(a), (char *)&(b), sizeof(a)) != 0) #ifndef MAX #define MAX(a,b) (((a) > (b)) ? (a) : (b)) #endif /* * Security Options for Intenet Protocol (IPSO) as defined in RFC 1108. * * Basic Option * * 00000001 - (Reserved 4) * 00111101 - Top Secret * 01011010 - Secret * 10010110 - Confidential * 01100110 - (Reserved 3) * 11001100 - (Reserved 2) * 10101011 - Unclassified * 11110001 - (Reserved 1) */ #define IPSO_CLASS_RES4 0x01 #define IPSO_CLASS_TOPS 0x3d #define IPSO_CLASS_SECR 0x5a #define IPSO_CLASS_CONF 0x96 #define IPSO_CLASS_RES3 0x66 #define IPSO_CLASS_RES2 0xcc #define IPSO_CLASS_UNCL 0xab #define IPSO_CLASS_RES1 0xf1 #define IPSO_AUTH_GENSER 0x80 #define IPSO_AUTH_ESI 0x40 #define IPSO_AUTH_SCI 0x20 #define IPSO_AUTH_NSA 0x10 #define IPSO_AUTH_DOE 0x08 #define IPSO_AUTH_UN 0x06 #define IPSO_AUTH_FTE 0x01 /* * IP option #defines */ /*#define IPOPT_RR 7 */ #define IPOPT_ZSU 10 /* ZSU */ #define IPOPT_MTUP 11 /* MTUP */ #define IPOPT_MTUR 12 /* MTUR */ #define IPOPT_ENCODE 15 /* ENCODE */ /*#define IPOPT_TS 68 */ #define IPOPT_TR 82 /* TR */ /*#define IPOPT_SECURITY 130 */ /*#define IPOPT_LSRR 131 */ #define IPOPT_E_SEC 133 /* E-SEC */ #define IPOPT_CIPSO 134 /* CIPSO */ /*#define IPOPT_SATID 136 */ #ifndef IPOPT_SID # define IPOPT_SID IPOPT_SATID #endif /*#define IPOPT_SSRR 137 */ #define IPOPT_ADDEXT 147 /* ADDEXT */ #define IPOPT_VISA 142 /* VISA */ #define IPOPT_IMITD 144 /* IMITD */ #define IPOPT_EIP 145 /* EIP */ #define IPOPT_FINN 205 /* FINN */ #if defined(__FreeBSD__) && (defined(KERNEL) || defined(_KERNEL)) # ifdef IPFILTER_LKM # ifndef __FreeBSD_cc_version # include # else # if __FreeBSD_cc_version < 430000 # include # else # include # endif # endif # define ACTUALLY_LKM_NOT_KERNEL # else # ifndef __FreeBSD_cc_version # include # else # if __FreeBSD_cc_version < 430000 # include # else # include # endif # endif # endif # if __FreeBSD__ < 3 # include # else # if __FreeBSD__ == 3 # if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL) # define ACTUALLY_LKM_NOT_KERNEL # endif # endif # endif #endif /* __FreeBSD__ && KERNEL */ /* * Build some macros and #defines to enable the same code to compile anywhere * Well, that's the idea, anyway :-) */ #if !SOLARIS || (SOLARIS2 < 6) || !defined(KERNEL) # define ATOMIC_INCL ATOMIC_INC # define ATOMIC_INC64 ATOMIC_INC # define ATOMIC_INC32 ATOMIC_INC # define ATOMIC_INC16 ATOMIC_INC # define ATOMIC_DECL ATOMIC_DEC # define ATOMIC_DEC64 ATOMIC_DEC # define ATOMIC_DEC32 ATOMIC_DEC # define ATOMIC_DEC16 ATOMIC_DEC #endif #ifdef __sgi # define hz HZ # include # define IPF_LOCK_PL plhi # include #undef kmutex_t typedef struct { lock_t *l; int pl; } kmutex_t; # undef MUTEX_INIT # undef MUTEX_DESTROY #endif #ifdef KERNEL # if SOLARIS # if SOLARIS2 >= 6 # include # if SOLARIS2 == 6 # define ATOMIC_INCL(x) atomic_add_long((uint32_t*)&(x), 1) # define ATOMIC_DECL(x) atomic_add_long((uint32_t*)&(x), -1) # else # define ATOMIC_INCL(x) atomic_add_long(&(x), 1) # define ATOMIC_DECL(x) atomic_add_long(&(x), -1) # endif # define ATOMIC_INC64(x) atomic_add_64((uint64_t*)&(x), 1) # define ATOMIC_INC32(x) atomic_add_32((uint32_t*)&(x), 1) # define ATOMIC_INC16(x) atomic_add_16((uint16_t*)&(x), 1) # define ATOMIC_DEC64(x) atomic_add_64((uint64_t*)&(x), -1) # define ATOMIC_DEC32(x) atomic_add_32((uint32_t*)&(x), -1) # define ATOMIC_DEC16(x) atomic_add_16((uint16_t*)&(x), -1) # else # define IRE_CACHE IRE_ROUTE # define ATOMIC_INC(x) { mutex_enter(&ipf_rw); (x)++; \ mutex_exit(&ipf_rw); } # define ATOMIC_DEC(x) { mutex_enter(&ipf_rw); (x)--; \ mutex_exit(&ipf_rw); } # endif # define MUTEX_ENTER(x) mutex_enter(x) # if 1 # define KRWLOCK_T krwlock_t # define READ_ENTER(x) rw_enter(x, RW_READER) # define WRITE_ENTER(x) rw_enter(x, RW_WRITER) # define RW_UPGRADE(x) { if (rw_tryupgrade(x) == 0) { \ rw_exit(x); \ rw_enter(x, RW_WRITER); } \ } # define MUTEX_DOWNGRADE(x) rw_downgrade(x) # define RWLOCK_INIT(x, y, z) rw_init((x), (y), RW_DRIVER, (z)) # define RWLOCK_EXIT(x) rw_exit(x) # define RW_DESTROY(x) rw_destroy(x) # else # define KRWLOCK_T kmutex_t # define READ_ENTER(x) mutex_enter(x) # define WRITE_ENTER(x) mutex_enter(x) # define MUTEX_DOWNGRADE(x) ; # define RWLOCK_INIT(x, y, z) mutex_init((x), (y), MUTEX_DRIVER, (z)) # define RWLOCK_EXIT(x) mutex_exit(x) # define RW_DESTROY(x) mutex_destroy(x) # endif # define MUTEX_INIT(x, y, z) mutex_init((x), (y), MUTEX_DRIVER, (z)) # define MUTEX_DESTROY(x) mutex_destroy(x) # define MUTEX_EXIT(x) mutex_exit(x) # define MTOD(m,t) (t)((m)->b_rptr) # define IRCOPY(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define IWCOPY(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) # define IRCOPYPTR ircopyptr # define IWCOPYPTR iwcopyptr # define FREE_MB_T(m) freemsg(m) # define SPL_NET(x) ; # define SPL_IMP(x) ; # undef SPL_X # define SPL_X(x) ; # ifdef sparc # define ntohs(x) (x) # define ntohl(x) (x) # define htons(x) (x) # define htonl(x) (x) # endif /* sparc */ # define KMALLOC(a,b) (a) = (b)kmem_alloc(sizeof(*(a)), KM_NOSLEEP) # define KMALLOCS(a,b,c) (a) = (b)kmem_alloc((c), KM_NOSLEEP) # define GET_MINOR(x) getminor(x) extern ill_t *get_unit __P((char *, int)); # define GETUNIT(n, v) get_unit(n, v) # define IFNAME(x) ((ill_t *)x)->ill_name # else /* SOLARIS */ # if defined(__sgi) # define ATOMIC_INC(x) { MUTEX_ENTER(&ipf_rw); \ (x)++; MUTEX_EXIT(&ipf_rw); } # define ATOMIC_DEC(x) { MUTEX_ENTER(&ipf_rw); \ (x)--; MUTEX_EXIT(&ipf_rw); } # define MUTEX_ENTER(x) (x)->pl = LOCK((x)->l, IPF_LOCK_PL); # define KRWLOCK_T kmutex_t # define READ_ENTER(x) MUTEX_ENTER(x) # define WRITE_ENTER(x) MUTEX_ENTER(x) # define RW_UPGRADE(x) ; # define MUTEX_DOWNGRADE(x) ; # define RWLOCK_EXIT(x) MUTEX_EXIT(x) # define MUTEX_EXIT(x) UNLOCK((x)->l, (x)->pl); # define MUTEX_INIT(x,y,z) (x)->l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP) # define MUTEX_DESTROY(x) LOCK_DEALLOC((x)->l) # else /* __sgi */ # define ATOMIC_INC(x) (x)++ # define ATOMIC_DEC(x) (x)-- # define MUTEX_ENTER(x) ; # define READ_ENTER(x) ; # define WRITE_ENTER(x) ; # define RW_UPGRADE(x) ; # define MUTEX_DOWNGRADE(x) ; # define RWLOCK_EXIT(x) ; # define MUTEX_EXIT(x) ; # define MUTEX_INIT(x,y,z) ; # define MUTEX_DESTROY(x) ; # endif /* __sgi */ # ifndef linux # define FREE_MB_T(m) m_freem(m) # define MTOD(m,t) mtod(m,t) # define IRCOPY(a,b,c) (bcopy((a), (b), (c)), 0) # define IWCOPY(a,b,c) (bcopy((a), (b), (c)), 0) # define IRCOPYPTR ircopyptr # define IWCOPYPTR iwcopyptr # endif /* !linux */ # endif /* SOLARIS */ # ifdef sun # if !SOLARIS # include # define GETUNIT(n, v) ifunit(n, IFNAMSIZ) # define IFNAME(x) ((struct ifnet *)x)->if_name # endif # else # ifndef linux # define GETUNIT(n, v) ifunit(n) # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ (defined(OpenBSD) && (OpenBSD >= 199603)) # define IFNAME(x) ((struct ifnet *)x)->if_xname # else # define USE_GETIFNAME 1 # define IFNAME(x) get_ifname((struct ifnet *)x) extern char *get_ifname __P((struct ifnet *)); # endif # endif # endif /* sun */ # if defined(sun) && !defined(linux) || defined(__sgi) # define UIOMOVE(a,b,c,d) uiomove((caddr_t)a,b,c,d) # define SLEEP(id, n) sleep((id), PZERO+1) # define WAKEUP(id) wakeup(id) # define KFREE(x) kmem_free((char *)(x), sizeof(*(x))) # define KFREES(x,s) kmem_free((char *)(x), (s)) # if !SOLARIS extern void m_copydata __P((struct mbuf *, int, int, caddr_t)); extern void m_copyback __P((struct mbuf *, int, int, caddr_t)); # endif # ifdef __sgi # include # include # define KMALLOC(a,b) (a) = (b)kmem_alloc(sizeof(*(a)), KM_NOSLEEP) # define KMALLOCS(a,b,c) (a) = (b)kmem_alloc((c), KM_NOSLEEP) # define GET_MINOR(x) getminor(x) # else # if !SOLARIS # define KMALLOC(a,b) (a) = (b)new_kmem_alloc(sizeof(*(a)), \ KMEM_NOSLEEP) # define KMALLOCS(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP) # endif /* SOLARIS */ # endif /* __sgi */ # endif /* sun && !linux */ # ifndef GET_MINOR # define GET_MINOR(x) minor(x) # endif # if (BSD >= 199306) || defined(__FreeBSD__) # include # if !defined(__FreeBSD__) || (defined (__FreeBSD__) && __FreeBSD__>=3) # include # include extern vm_map_t kmem_map; # else /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD__>=3) */ # include # endif /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD__>=3) */ # ifdef M_PFIL # define KMALLOC(a, b) MALLOC((a), b, sizeof(*(a)), M_PFIL, M_NOWAIT) # define KMALLOCS(a, b, c) MALLOC((a), b, (c), M_PFIL, M_NOWAIT) # define KFREE(x) FREE((x), M_PFIL) # define KFREES(x,s) FREE((x), M_PFIL) # else # define KMALLOC(a, b) MALLOC((a), b, sizeof(*(a)), M_TEMP, M_NOWAIT) # define KMALLOCS(a, b, c) MALLOC((a), b, (c), M_TEMP, M_NOWAIT) # define KFREE(x) FREE((x), M_TEMP) # define KFREES(x,s) FREE((x), M_TEMP) # endif /* M_PFIL */ # define UIOMOVE(a,b,c,d) uiomove(a,b,d) # define SLEEP(id, n) tsleep((id), PPAUSE|PCATCH, n, 0) # define WAKEUP(id) wakeup(id) # endif /* BSD */ # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199407)) || \ (defined(OpenBSD) && (OpenBSD >= 200006)) # define SPL_NET(x) x = splsoftnet() # define SPL_X(x) (void) splx(x) # else # if !SOLARIS && !defined(linux) # define SPL_IMP(x) x = splimp() # define SPL_NET(x) x = splnet() # define SPL_X(x) (void) splx(x) # endif # endif /* NetBSD && (NetBSD <= 1991011) && (NetBSD >= 199407) */ # define PANIC(x,y) if (x) panic y #else /* KERNEL */ # define SLEEP(x,y) ; # define WAKEUP(x) ; # define PANIC(x,y) ; # define ATOMIC_INC(x) (x)++ # define ATOMIC_DEC(x) (x)-- # define MUTEX_ENTER(x) ; # define READ_ENTER(x) ; # define MUTEX_INIT(x,y,z) ; # define MUTEX_DESTROY(x) ; # define WRITE_ENTER(x) ; # define RW_UPGRADE(x) ; # define MUTEX_DOWNGRADE(x) ; # define RWLOCK_EXIT(x) ; # define MUTEX_EXIT(x) ; # define SPL_NET(x) ; # define SPL_IMP(x) ; # undef SPL_X # define SPL_X(x) ; # define KMALLOC(a,b) (a) = (b)malloc(sizeof(*a)) # define KMALLOCS(a,b,c) (a) = (b)malloc(c) # define KFREE(x) free(x) # define KFREES(x,s) free(x) # define GETUNIT(x, v) get_unit(x,v) # define IRCOPY(a,b,c) (bcopy((a), (b), (c)), 0) # define IWCOPY(a,b,c) (bcopy((a), (b), (c)), 0) # define IRCOPYPTR ircopyptr # define IWCOPYPTR iwcopyptr #endif /* KERNEL */ #if SOLARIS typedef mblk_t mb_t; # if SOLARIS2 >= 7 # ifdef lint # define ALIGN32(ptr) (ptr ? 0L : 0L) # define ALIGN16(ptr) (ptr ? 0L : 0L) # else # define ALIGN32(ptr) (ptr) # define ALIGN16(ptr) (ptr) # endif # endif #else # ifdef linux # ifndef kernel typedef struct mb { struct mb *next; u_int len; u_char *data; } mb_t; # else typedef struct sk_buff mb_t; # endif # else typedef struct mbuf mb_t; # endif #endif /* SOLARIS */ /* * These #ifdef's are here mainly for linux, but who knows, they may * not be in other places or maybe one day linux will grow up and some * of these will turn up there too. */ #ifndef ICMP_MINLEN # define ICMP_MINLEN 8 #endif #ifndef ICMP_UNREACH # define ICMP_UNREACH ICMP_DEST_UNREACH #endif #ifndef ICMP_SOURCEQUENCH # define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH #endif #ifndef ICMP_TIMXCEED # define ICMP_TIMXCEED ICMP_TIME_EXCEEDED #endif #ifndef ICMP_PARAMPROB # define ICMP_PARAMPROB ICMP_PARAMETERPROB #endif #ifndef ICMP_TSTAMP # define ICMP_TSTAMP ICMP_TIMESTAMP #endif #ifndef ICMP_TSTAMPREPLY # define ICMP_TSTAMPREPLY ICMP_TIMESTAMPREPLY #endif #ifndef ICMP_IREQ # define ICMP_IREQ ICMP_INFO_REQUEST #endif #ifndef ICMP_IREQREPLY # define ICMP_IREQREPLY ICMP_INFO_REPLY #endif #ifndef ICMP_MASKREQ # define ICMP_MASKREQ ICMP_ADDRESS #endif #ifndef ICMP_MASKREPLY # define ICMP_MASKREPLY ICMP_ADDRESSREPLY #endif #ifndef ICMP_PARAMPROB_OPTABSENT # define ICMP_PARAMPROB_OPTABSENT 1 #endif #ifndef IPVERSION # define IPVERSION 4 #endif #ifndef IPOPT_MINOFF # define IPOPT_MINOFF 4 #endif #ifndef IPOPT_COPIED # define IPOPT_COPIED(x) ((x)&0x80) #endif #ifndef IPOPT_EOL # define IPOPT_EOL 0 #endif #ifndef IPOPT_NOP # define IPOPT_NOP 1 #endif #ifndef IP_MF # define IP_MF ((u_short)0x2000) #endif #ifndef ETHERTYPE_IP # define ETHERTYPE_IP ((u_short)0x0800) #endif #ifndef TH_FIN # define TH_FIN 0x01 #endif #ifndef TH_SYN # define TH_SYN 0x02 #endif #ifndef TH_RST # define TH_RST 0x04 #endif #ifndef TH_PUSH # define TH_PUSH 0x08 #endif #ifndef TH_ACK # define TH_ACK 0x10 #endif #ifndef TH_URG # define TH_URG 0x20 #endif #ifndef IPOPT_EOL # define IPOPT_EOL 0 #endif #ifndef IPOPT_NOP # define IPOPT_NOP 1 #endif #ifndef IPOPT_RR # define IPOPT_RR 7 #endif #ifndef IPOPT_TS # define IPOPT_TS 68 #endif #ifndef IPOPT_SECURITY # define IPOPT_SECURITY 130 #endif #ifndef IPOPT_LSRR # define IPOPT_LSRR 131 #endif #ifndef IPOPT_SATID # define IPOPT_SATID 136 #endif #ifndef IPOPT_SSRR # define IPOPT_SSRR 137 #endif #ifndef IPOPT_SECUR_UNCLASS # define IPOPT_SECUR_UNCLASS ((u_short)0x0000) #endif #ifndef IPOPT_SECUR_CONFID # define IPOPT_SECUR_CONFID ((u_short)0xf135) #endif #ifndef IPOPT_SECUR_EFTO # define IPOPT_SECUR_EFTO ((u_short)0x789a) #endif #ifndef IPOPT_SECUR_MMMM # define IPOPT_SECUR_MMMM ((u_short)0xbc4d) #endif #ifndef IPOPT_SECUR_RESTR # define IPOPT_SECUR_RESTR ((u_short)0xaf13) #endif #ifndef IPOPT_SECUR_SECRET # define IPOPT_SECUR_SECRET ((u_short)0xd788) #endif #ifndef IPOPT_SECUR_TOPSECRET # define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5) #endif #ifndef IPOPT_OLEN # define IPOPT_OLEN 1 #endif #ifdef linux #include /* * TCP States */ #define TCPS_CLOSED 0 /* closed */ #define TCPS_LISTEN 1 /* listening for connection */ #define TCPS_SYN_SENT 2 /* active, have sent syn */ #define TCPS_SYN_RECEIVED 3 /* have send and received syn */ /* states < TCPS_ESTABLISHED are those where connections not established */ #define TCPS_ESTABLISHED 4 /* established */ #define TCPS_CLOSE_WAIT 5 /* rcvd fin, waiting for close */ /* states > TCPS_CLOSE_WAIT are those where user has closed */ #define TCPS_FIN_WAIT_1 6 /* have closed, sent fin */ #define TCPS_CLOSING 7 /* closed xchd FIN; await FIN ACK */ #define TCPS_LAST_ACK 8 /* had fin and close; await FIN ACK */ /* states > TCPS_CLOSE_WAIT && < TCPS_FIN_WAIT_2 await ACK of FIN */ #define TCPS_FIN_WAIT_2 9 /* have closed, fin is acked */ #define TCPS_TIME_WAIT 10 /* in 2*msl quiet wait after close */ /* * file flags. */ #ifdef WRITE #define FWRITE WRITE #define FREAD READ #else #define FWRITE _IOC_WRITE #define FREAD _IOC_READ #endif /* * mbuf related problems. */ #define mtod(m,t) (t)((m)->data) #define m_len len #define m_next next #ifdef IP_DF #undef IP_DF #endif #define IP_DF 0x4000 typedef struct { __u16 th_sport; __u16 th_dport; __u32 th_seq; __u32 th_ack; # if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ defined(vax) __u8 th_res:4; __u8 th_off:4; #else __u8 th_off:4; __u8 th_res:4; #endif __u8 th_flags; __u16 th_win; __u16 th_sum; __u16 th_urp; } tcphdr_t; typedef struct { __u16 uh_sport; __u16 uh_dport; __u16 uh_ulen; __u16 uh_sum; } udphdr_t; typedef struct { # if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ defined(vax) __u8 ip_hl:4; __u8 ip_v:4; # else __u8 ip_v:4; __u8 ip_hl:4; # endif __u8 ip_tos; __u16 ip_len; __u16 ip_id; __u16 ip_off; __u8 ip_ttl; __u8 ip_p; __u16 ip_sum; struct in_addr ip_src; struct in_addr ip_dst; } ip_t; /* * Structure of an icmp header. */ typedef struct icmp { __u8 icmp_type; /* type of message, see below */ __u8 icmp_code; /* type sub code */ __u16 icmp_cksum; /* ones complement cksum of struct */ union { __u8 ih_pptr; /* ICMP_PARAMPROB */ struct in_addr ih_gwaddr; /* ICMP_REDIRECT */ struct ih_idseq { __u16 icd_id; __u16 icd_seq; } ih_idseq; int ih_void; } icmp_hun; # define icmp_pptr icmp_hun.ih_pptr # define icmp_gwaddr icmp_hun.ih_gwaddr # define icmp_id icmp_hun.ih_idseq.icd_id # define icmp_seq icmp_hun.ih_idseq.icd_seq # define icmp_void icmp_hun.ih_void union { struct id_ts { n_time its_otime; n_time its_rtime; n_time its_ttime; } id_ts; struct id_ip { ip_t idi_ip; /* options and then 64 bits of data */ } id_ip; u_long id_mask; char id_data[1]; } icmp_dun; # define icmp_otime icmp_dun.id_ts.its_otime # define icmp_rtime icmp_dun.id_ts.its_rtime # define icmp_ttime icmp_dun.id_ts.its_ttime # define icmp_ip icmp_dun.id_ip.idi_ip # define icmp_mask icmp_dun.id_mask # define icmp_data icmp_dun.id_data } icmphdr_t; # ifndef LINUX_IPOVLY # define LINUX_IPOVLY struct ipovly { caddr_t ih_next, ih_prev; /* for protocol sequence q's */ u_char ih_x1; /* (unused) */ u_char ih_pr; /* protocol */ short ih_len; /* protocol length */ struct in_addr ih_src; /* source internet address */ struct in_addr ih_dst; /* destination internet address */ }; # endif typedef struct { __u8 ether_dhost[6]; __u8 ether_shost[6]; __u16 ether_type; } ether_header_t; typedef struct uio { int uio_resid; int uio_rw; caddr_t uio_buf; } uio_t; # define UIO_READ 0 # define UIO_WRITE 1 # define UIOMOVE(a, b, c, d) uiomove(a,b,c,d) /* * For masking struct ifnet onto struct device */ # define if_name name # ifdef KERNEL # define GETUNIT(x, v) dev_get(x) # define FREE_MB_T(m) kfree_skb(m, FREE_WRITE) # define uniqtime do_gettimeofday # undef INT_MAX # undef UINT_MAX # undef LONG_MAX # undef ULONG_MAX # include # define SPL_X(x) # define SPL_NET(x) # define SPL_IMP(x) # define bcmp(a,b,c) memcmp(a,b,c) # define bcopy(a,b,c) memcpy(b,a,c) # define bzero(a,c) memset(a,0,c) # define UNITNAME(n) dev_get((n)) # define KMALLOC(a,b) (a) = (b)kmalloc(sizeof(*(a)), GFP_ATOMIC) # define KMALLOCS(a,b,c) (a) = (b)kmalloc((c), GFP_ATOMIC) # define KFREE(x) kfree_s((x), sizeof(*(x))) # define KFREES(x,s) kfree_s((x), (s)) #define IRCOPY(const void *a, void *b, size_t c) { \ int error; \ error = verify_area(VERIFY_READ, a ,c); \ if (!error) \ memcpy_fromfs(b, a, c); \ return error; \ } static inline int IWCOPY(const void *a, void *b, size_t c) { int error; error = verify_area(VERIFY_WRITE, b, c); if (!error) memcpy_tofs(b, a, c); return error; } static inline int IRCOPYPTR(const void *a, void *b, size_t c) { caddr_t ca; int error; error = verify_area(VERIFY_READ, a ,sizeof(ca)); if (!error) { memcpy_fromfs(ca, a, sizeof(ca)); error = verify_area(VERIFY_READ, ca , c); if (!error) memcpy_fromfs(b, ca, c); } return error; } static inline int IWCOPYPTR(const void *a, void *b, size_t c) { caddr_t ca; int error; error = verify_area(VERIFY_READ, b ,sizeof(ca)); if (!error) { memcpy_fromfs(ca, b, sizeof(ca)); error = verify_area(VERIFY_WRITE, ca, c); if (!error) memcpy_tofs(ca, a, c); } return error; } # else # define __KERNEL__ # undef INT_MAX # undef UINT_MAX # undef LONG_MAX # undef ULONG_MAX # define s8 __s8 # define u8 __u8 # define s16 __s16 # define u16 __u16 # define s32 __s32 # define u32 __u32 # include # undef __KERNEL__ # endif # define ifnet device #else typedef struct tcphdr tcphdr_t; typedef struct udphdr udphdr_t; typedef struct icmp icmphdr_t; typedef struct ip ip_t; typedef struct ether_header ether_header_t; #endif /* linux */ typedef struct tcpiphdr tcpiphdr_t; #if defined(hpux) || defined(linux) struct ether_addr { char ether_addr_octet[6]; }; #endif /* * XXX - This is one of those *awful* hacks which nobody likes */ #ifdef ultrix #define A_A #else #define A_A & #endif #ifndef ICMP_ROUTERADVERT # define ICMP_ROUTERADVERT 9 #endif #ifndef ICMP_ROUTERSOLICIT # define ICMP_ROUTERSOLICIT 10 #endif #undef ICMP_MAX_UNREACH #define ICMP_MAX_UNREACH 14 #undef ICMP_MAXTYPE #define ICMP_MAXTYPE 18 /* * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data, * another IP header and then 64 bits of data, totalling 56. Of course, * the last 64 bits is dependant on that being available. */ #define ICMPERR_ICMPHLEN 8 #define ICMPERR_IPICMPHLEN (20 + 8) #define ICMPERR_MINPKTLEN (20 + 8 + 20) #define ICMPERR_MAXPKTLEN (20 + 8 + 20 + 8) #define ICMP6ERR_MINPKTLEN (40 + 8) #define ICMP6ERR_IPICMPHLEN (40 + 8 + 40) /* * ECN is a new addition to TCP - RFC 2481 */ #ifndef TH_ECN # define TH_ECN 0x40 #endif #ifndef TH_CWR # define TH_CWR 0x80 #endif #define TH_ECNALL (TH_ECN|TH_CWR) #define TCPF_ALL (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|TH_ECN|TH_CWR) #endif /* __IP_COMPAT_H__ */ 0707010e0cfe13000081a40000000000000000000000013b671a6a000052bf0000000000000001ffffffffffffffff0000002200000003root/usr/include/netinet/ip_fil.h/* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 * $Id: ip_fil.h,v 2.29.2.10 2001/07/15 13:51:42 darrenr Exp $ */ #ifndef __IP_FIL_H__ #define __IP_FIL_H__ /* * Pathnames for various IP Filter control devices. Used by LKM * and userland, so defined here. */ #define IPNAT_NAME "/dev/ipnat" #define IPSTATE_NAME "/dev/ipstate" #define IPAUTH_NAME "/dev/ipauth" #ifndef SOLARIS # define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif #if defined(KERNEL) && !defined(_KERNEL) # define _KERNEL #endif #ifndef __P # ifdef __STDC__ # define __P(x) x # else # define __P(x) () # endif #endif #if defined(__STDC__) || defined(__GNUC__) # define SIOCADAFR _IOW('r', 60, struct frentry *) # define SIOCRMAFR _IOW('r', 61, struct frentry *) # define SIOCSETFF _IOW('r', 62, u_int) # define SIOCGETFF _IOR('r', 63, u_int) # define SIOCGETFS _IOWR('r', 64, struct friostat *) # define SIOCIPFFL _IOWR('r', 65, int) # define SIOCIPFFB _IOR('r', 66, int) # define SIOCADIFR _IOW('r', 67, struct frentry *) # define SIOCRMIFR _IOW('r', 68, struct frentry *) # define SIOCSWAPA _IOR('r', 69, u_int) # define SIOCINAFR _IOW('r', 70, struct frentry *) # define SIOCINIFR _IOW('r', 71, struct frentry *) # define SIOCFRENB _IOW('r', 72, u_int) # define SIOCFRSYN _IOW('r', 73, u_int) # define SIOCFRZST _IOWR('r', 74, struct friostat *) # define SIOCZRLST _IOWR('r', 75, struct frentry *) # define SIOCAUTHW _IOWR('r', 76, struct fr_info *) # define SIOCAUTHR _IOWR('r', 77, struct fr_info *) # define SIOCATHST _IOWR('r', 78, struct fr_authstat *) # define SIOCSTLCK _IOWR('r', 79, u_int) # define SIOCSTPUT _IOWR('r', 80, struct ipstate_save *) # define SIOCSTGET _IOWR('r', 81, struct ipstate_save *) # define SIOCSTGSZ _IOWR('r', 82, struct natget) # define SIOCGFRST _IOWR('r', 83, struct ipfrstat *) #else # define SIOCADAFR _IOW(r, 60, struct frentry *) # define SIOCRMAFR _IOW(r, 61, struct frentry *) # define SIOCSETFF _IOW(r, 62, u_int) # define SIOCGETFF _IOR(r, 63, u_int) # define SIOCGETFS _IOWR(r, 64, struct friostat *) # define SIOCIPFFL _IOWR(r, 65, int) # define SIOCIPFFB _IOR(r, 66, int) # define SIOCADIFR _IOW(r, 67, struct frentry *) # define SIOCRMIFR _IOW(r, 68, struct frentry *) # define SIOCSWAPA _IOR(r, 69, u_int) # define SIOCINAFR _IOW(r, 70, struct frentry *) # define SIOCINIFR _IOW(r, 71, struct frentry *) # define SIOCFRENB _IOW(r, 72, u_int) # define SIOCFRSYN _IOW(r, 73, u_int) # define SIOCFRZST _IOWR(r, 74, struct friostat *) # define SIOCZRLST _IOWR(r, 75, struct frentry *) # define SIOCAUTHW _IOWR(r, 76, struct fr_info *) # define SIOCAUTHR _IOWR(r, 77, struct fr_info *) # define SIOCATHST _IOWR(r, 78, struct fr_authstat *) # define SIOCSTLCK _IOWR(r, 79, u_int) # define SIOCSTPUT _IOWR(r, 80, struct ipstate_save *) # define SIOCSTGET _IOWR(r, 81, struct ipstate_save *) # define SIOCSTGSZ _IOWR(r, 82, struct natget) # define SIOCGFRST _IOWR(r, 83, struct ipfrstat *) #endif #define SIOCADDFR SIOCADAFR #define SIOCDELFR SIOCRMAFR #define SIOCINSFR SIOCINAFR typedef struct fr_ip { u_32_t fi_v:4; /* IP version */ u_32_t fi_fl:4; /* packet flags */ u_32_t fi_tos:8; /* IP packet TOS */ u_32_t fi_ttl:8; /* IP packet TTL */ u_32_t fi_p:8; /* IP packet protocol */ union i6addr fi_src; /* source address from packet */ union i6addr fi_dst; /* destination address from packet */ u_32_t fi_optmsk; /* bitmask composed from IP options */ u_short fi_secmsk; /* bitmask composed from IP security options */ u_short fi_auth; /* authentication code from IP sec. options */ } fr_ip_t; #define FI_OPTIONS (FF_OPTIONS >> 24) #define FI_TCPUDP (FF_TCPUDP >> 24) /* TCP/UCP implied comparison*/ #define FI_FRAG (FF_FRAG >> 24) #define FI_SHORT (FF_SHORT >> 24) #define FI_CMP (FI_OPTIONS|FI_TCPUDP|FI_SHORT) #define fi_saddr fi_src.in4.s_addr #define fi_daddr fi_dst.in4.s_addr /* * These are both used by the state and NAT code to indicate that one port or * the other should be treated as a wildcard. */ #define FI_W_SPORT 0x00000100 #define FI_W_DPORT 0x00000200 #define FI_WILDP (FI_W_SPORT|FI_W_DPORT) #define FI_W_SADDR 0x00000400 #define FI_W_DADDR 0x00000800 #define FI_WILDA (FI_W_SADDR|FI_W_DADDR) #define FI_NEWFR 0x00001000 typedef struct fr_info { void *fin_ifp; /* interface packet is `on' */ struct fr_ip fin_fi; /* IP Packet summary */ u_short fin_data[2]; /* TCP/UDP ports, ICMP code/type */ u_char fin_out; /* in or out ? 1 == out, 0 == in */ u_char fin_rev; /* state only: 1 = reverse */ u_short fin_hlen; /* length of IP header in bytes */ u_char fin_tcpf; /* TCP header flags (SYN, ACK, etc) */ /* From here on is packet specific */ u_char fin_icode; /* ICMP error to return */ u_short fin_rule; /* rule # last matched */ u_32_t fin_group; /* group number, -1 for none */ struct frentry *fin_fr; /* last matching rule */ char *fin_dp; /* start of data past IP header */ u_short fin_dlen; /* length of data portion of packet */ u_short fin_id; /* IP packet id field */ void *fin_mp; /* pointer to pointer to mbuf */ #if SOLARIS void *fin_qfm; /* pointer to mblk where pkt starts */ void *fin_qif; #endif u_short fin_plen; u_short fin_off; } fr_info_t; #define fin_v fin_fi.fi_v #define fin_saddr fin_fi.fi_saddr #define fin_daddr fin_fi.fi_daddr #define fin_fl fin_fi.fi_fl /* * Size for compares on fr_info structures */ #define FI_CSIZE offsetof(fr_info_t, fin_icode) /* * Size for copying cache fr_info structure */ #define FI_COPYSIZE offsetof(fr_info_t, fin_dp) typedef struct frdest { void *fd_ifp; struct in_addr fd_ip; char fd_ifname[IFNAMSIZ]; #if SOLARIS mb_t *fd_mp; /* cache resolver for to/dup-to */ #endif } frdest_t; typedef struct frpcmp { int frp_cmp; /* data for port comparisons */ u_short frp_port; /* top port for <> and >< */ u_short frp_top; /* top port for <> and >< */ } frpcmp_t; typedef struct frtuc { u_char ftu_tcpfm; /* tcp flags mask */ u_char ftu_tcpf; /* tcp flags */ frpcmp_t ftu_src; frpcmp_t ftu_dst; } frtuc_t; #define ftu_scmp ftu_src.frp_cmp #define ftu_dcmp ftu_dst.frp_cmp #define ftu_sport ftu_src.frp_port #define ftu_dport ftu_dst.frp_port #define ftu_stop ftu_src.frp_top #define ftu_dtop ftu_dst.frp_top typedef struct frentry { struct frentry *fr_next; struct frentry *fr_grp; int fr_ref; /* reference count - for grouping */ void *fr_ifa; #if BSD >= 199306 void *fr_oifa; #endif /* * These are only incremented when a packet matches this rule and * it is the last match */ U_QUAD_T fr_hits; U_QUAD_T fr_bytes; /* * Fields after this may not change whilst in the kernel. */ struct fr_ip fr_ip; struct fr_ip fr_mip; /* mask structure */ u_short fr_icmpm; /* data for ICMP packets (mask) */ u_short fr_icmp; frtuc_t fr_tuc; u_32_t fr_group; /* group to which this rule belongs */ u_32_t fr_grhead; /* group # which this rule starts */ u_32_t fr_flags; /* per-rule flags && options (see below) */ u_int fr_skip; /* # of rules to skip */ u_int fr_loglevel; /* syslog log facility + priority */ int (*fr_func) __P((int, ip_t *, fr_info_t *)); /* call this function */ int fr_sap; /* For solaris only */ u_char fr_icode; /* return ICMP code */ char fr_ifname[IFNAMSIZ]; #if BSD >= 199306 char fr_oifname[IFNAMSIZ]; #endif struct frdest fr_tif; /* "to" interface */ struct frdest fr_dif; /* duplicate packet interfaces */ u_int fr_cksum; /* checksum on filter rules for performance */ } frentry_t; #define fr_v fr_ip.fi_v #define fr_proto fr_ip.fi_p #define fr_ttl fr_ip.fi_ttl #define fr_tos fr_ip.fi_tos #define fr_tcpfm fr_tuc.ftu_tcpfm #define fr_tcpf fr_tuc.ftu_tcpf #define fr_scmp fr_tuc.ftu_scmp #define fr_dcmp fr_tuc.ftu_dcmp #define fr_dport fr_tuc.ftu_dport #define fr_sport fr_tuc.ftu_sport #define fr_stop fr_tuc.ftu_stop #define fr_dtop fr_tuc.ftu_dtop #define fr_dst fr_ip.fi_dst.in4 #define fr_src fr_ip.fi_src.in4 #define fr_dmsk fr_mip.fi_dst.in4 #define fr_smsk fr_mip.fi_src.in4 #ifndef offsetof #define offsetof(t,m) (int)((&((t *)0L)->m)) #endif #define FR_CMPSIZ (sizeof(struct frentry) - offsetof(frentry_t, fr_ip)) /* * fr_flags */ #define FR_BLOCK 0x00001 /* do not allow packet to pass */ #define FR_PASS 0x00002 /* allow packet to pass */ #define FR_OUTQUE 0x00004 /* outgoing packets */ #define FR_INQUE 0x00008 /* ingoing packets */ #define FR_LOG 0x00010 /* Log */ #define FR_LOGB 0x00011 /* Log-fail */ #define FR_LOGP 0x00012 /* Log-pass */ #define FR_LOGBODY 0x00020 /* Log the body */ #define FR_LOGFIRST 0x00040 /* Log the first byte if state held */ #define FR_RETRST 0x00080 /* Return TCP RST packet - reset connection */ #define FR_RETICMP 0x00100 /* Return ICMP unreachable packet */ #define FR_FAKEICMP 0x00180 /* Return ICMP unreachable with fake source */ #define FR_NOMATCH 0x00200 /* no match occured */ #define FR_ACCOUNT 0x00400 /* count packet bytes */ #define FR_KEEPFRAG 0x00800 /* keep fragment information */ #define FR_KEEPSTATE 0x01000 /* keep `connection' state information */ #define FR_INACTIVE 0x02000 #define FR_QUICK 0x04000 /* match & stop processing list */ #define FR_FASTROUTE 0x08000 /* bypass normal routing */ #define FR_CALLNOW 0x10000 /* call another function (fr_func) if matches */ #define FR_DUP 0x20000 /* duplicate packet */ #define FR_LOGORBLOCK 0x40000 /* block the packet if it can't be logged */ #define FR_NOTSRCIP 0x80000 /* not the src IP# */ #define FR_NOTDSTIP 0x100000 /* not the dst IP# */ #define FR_AUTH 0x200000 /* use authentication */ #define FR_PREAUTH 0x400000 /* require preauthentication */ #define FR_DONTCACHE 0x800000 /* don't cache the result */ #define FR_LOGMASK (FR_LOG|FR_LOGP|FR_LOGB) #define FR_RETMASK (FR_RETICMP|FR_RETRST|FR_FAKEICMP) /* * These correspond to #define's for FI_* and are stored in fr_flags */ #define FF_OPTIONS 0x01000000 #define FF_TCPUDP 0x02000000 #define FF_FRAG 0x04000000 #define FF_SHORT 0x08000000 /* * recognized flags for SIOCGETFF and SIOCSETFF, and get put in fr_flags */ #define FF_LOGPASS 0x10000000 #define FF_LOGBLOCK 0x20000000 #define FF_LOGNOMATCH 0x40000000 #define FF_LOGGING (FF_LOGPASS|FF_LOGBLOCK|FF_LOGNOMATCH) #define FF_BLOCKNONIP 0x80000000 /* Solaris2 Only */ #define FR_NONE 0 #define FR_EQUAL 1 #define FR_NEQUAL 2 #define FR_LESST 3 #define FR_GREATERT 4 #define FR_LESSTE 5 #define FR_GREATERTE 6 #define FR_OUTRANGE 7 #define FR_INRANGE 8 typedef struct filterstats { u_long fr_pass; /* packets allowed */ u_long fr_block; /* packets denied */ u_long fr_nom; /* packets which don't match any rule */ u_long fr_short; /* packets which are short */ u_long fr_ppkl; /* packets allowed and logged */ u_long fr_bpkl; /* packets denied and logged */ u_long fr_npkl; /* packets unmatched and logged */ u_long fr_pkl; /* packets logged */ u_long fr_skip; /* packets to be logged but buffer full */ u_long fr_ret; /* packets for which a return is sent */ u_long fr_acct; /* packets for which counting was performed */ u_long fr_bnfr; /* bad attempts to allocate fragment state */ u_long fr_nfr; /* new fragment state kept */ u_long fr_cfr; /* add new fragment state but complete pkt */ u_long fr_bads; /* bad attempts to allocate packet state */ u_long fr_ads; /* new packet state kept */ u_long fr_chit; /* cached hit */ u_long fr_tcpbad; /* TCP checksum check failures */ u_long fr_pull[2]; /* good and bad pullup attempts */ u_long fr_badsrc; /* source received doesn't match route */ u_long fr_badttl; /* TTL in packet doesn't reach minimum */ #if SOLARIS u_long fr_notdata; /* PROTO/PCPROTO that have no data */ u_long fr_nodata; /* mblks that have no data */ u_long fr_bad; /* bad IP packets to the filter */ u_long fr_notip; /* packets passed through no on ip queue */ u_long fr_drop; /* packets dropped - no info for them! */ u_long fr_copy; /* messages copied due to db_ref > 1 */ #endif u_long fr_ipv6[2]; /* IPv6 packets in/out */ } filterstats_t; /* * For SIOCGETFS */ typedef struct friostat { struct filterstats f_st[2]; struct frentry *f_fin[2]; struct frentry *f_fout[2]; struct frentry *f_acctin[2]; struct frentry *f_acctout[2]; struct frentry *f_fin6[2]; struct frentry *f_fout6[2]; struct frentry *f_acctin6[2]; struct frentry *f_acctout6[2]; struct frentry *f_auth; struct frgroup *f_groups[3][2]; u_long f_froute[2]; int f_defpass; /* default pass - from fr_pass */ char f_active; /* 1 or 0 - active rule set */ char f_running; /* 1 if running, else 0 */ char f_logging; /* 1 if enabled, else 0 */ char f_version[32]; /* version string */ int f_locks[4]; } friostat_t; typedef struct optlist { u_short ol_val; int ol_bit; } optlist_t; /* * Group list structure. */ typedef struct frgroup { u_32_t fg_num; struct frgroup *fg_next; struct frentry *fg_head; struct frentry **fg_start; } frgroup_t; /* * Log structure. Each packet header logged is prepended by one of these. * Following this in the log records read from the device will be an ipflog * structure which is then followed by any packet data. */ typedef struct iplog { u_32_t ipl_magic; u_int ipl_count; u_long ipl_sec; u_long ipl_usec; size_t ipl_dsize; struct iplog *ipl_next; } iplog_t; #define IPL_MAGIC 0x49504c4d /* 'IPLM' */ typedef struct ipflog { #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \ (defined(OpenBSD) && (OpenBSD >= 199603)) u_char fl_ifname[IFNAMSIZ]; #else u_int fl_unit; u_char fl_ifname[4]; #endif u_char fl_plen; /* extra data after hlen */ u_char fl_hlen; /* length of IP headers saved */ u_short fl_loglevel; /* syslog log level */ u_32_t fl_rule; u_32_t fl_group; u_32_t fl_flags; u_32_t fl_lflags; } ipflog_t; #ifndef ICMP_UNREACH_FILTER # define ICMP_UNREACH_FILTER 13 #endif #ifndef IPF_LOGGING # define IPF_LOGGING 0 #endif #ifndef IPF_DEFAULT_PASS # define IPF_DEFAULT_PASS FR_PASS #endif #define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h))) #define IPLLOGSIZE 8192 #define IPF_OPTCOPY 0x07ff00 /* bit mask of copied options */ /* * Device filenames for reading log information. Use ipf on Solaris2 because * ipl is already a name used by something else. */ #ifndef IPL_NAME # if SOLARIS # define IPL_NAME "/dev/ipf" # else # define IPL_NAME "/dev/ipl" # endif #endif #define IPL_NAT IPNAT_NAME #define IPL_STATE IPSTATE_NAME #define IPL_AUTH IPAUTH_NAME #define IPL_LOGIPF 0 /* Minor device #'s for accessing logs */ #define IPL_LOGNAT 1 #define IPL_LOGSTATE 2 #define IPL_LOGAUTH 3 #define IPL_LOGMAX 3 #if !defined(CDEV_MAJOR) && defined (__FreeBSD_version) && \ (__FreeBSD_version >= 220000) # define CDEV_MAJOR 79 #endif /* * Post NetBSD 1.2 has the PFIL interface for packet filters. This turns * on those hooks. We don't need any special mods in non-IP Filter code * with this! */ #if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \ (defined(NetBSD1_2) && NetBSD1_2 > 1) # if (NetBSD >= 199905) # define PFIL_HOOKS # endif # ifdef PFIL_HOOKS # define NETBSD_PF # endif #endif #ifndef _KERNEL extern int fr_check __P((ip_t *, int, void *, int, mb_t **)); extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **)); extern int send_reset __P((ip_t *, struct ifnet *)); extern int icmp_error __P((ip_t *, struct ifnet *)); extern int ipf_log __P((void)); extern struct ifnet *get_unit __P((char *, int)); # if defined(__NetBSD__) || defined(__OpenBSD__) || \ (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) extern int iplioctl __P((dev_t, u_long, caddr_t, int)); # else extern int iplioctl __P((dev_t, int, caddr_t, int)); # endif extern int iplopen __P((dev_t, int)); extern int iplclose __P((dev_t, int)); #else /* #ifndef _KERNEL */ # if defined(__NetBSD__) && defined(PFIL_HOOKS) extern void ipfilterattach __P((int)); # endif extern int iplattach __P((void)); extern int ipl_enable __P((void)); extern int ipl_disable __P((void)); extern void ipflog_init __P((void)); extern int ipflog_clear __P((minor_t)); extern int ipflog_read __P((minor_t, struct uio *)); extern int ipflog __P((u_int, ip_t *, fr_info_t *, mb_t *)); extern int ipllog __P((int, fr_info_t *, void **, size_t *, int *, int)); extern int send_icmp_err __P((ip_t *, int, fr_info_t *, int)); extern int send_reset __P((ip_t *, fr_info_t *)); # if SOLARIS extern int fr_check __P((ip_t *, int, void *, int, qif_t *, mb_t **)); extern int (*fr_checkp) __P((ip_t *, int, void *, int, qif_t *, mb_t **)); # if SOLARIS2 >= 7 extern int iplioctl __P((dev_t, int, intptr_t, int, cred_t *, int *)); # else extern int iplioctl __P((dev_t, int, int *, int, cred_t *, int *)); # endif extern int iplopen __P((dev_t *, int, int, cred_t *)); extern int iplclose __P((dev_t, int, int, cred_t *)); extern int ipfsync __P((void)); extern int ipfr_fastroute __P((ip_t *, mblk_t *, mblk_t **, fr_info_t *, frdest_t *)); extern void copyin_mblk __P((mblk_t *, size_t, size_t, char *)); extern void copyout_mblk __P((mblk_t *, size_t, size_t, char *)); extern int fr_qin __P((queue_t *, mblk_t *)); extern int fr_qout __P((queue_t *, mblk_t *)); extern int iplread __P((dev_t, struct uio *, cred_t *)); # else /* SOLARIS */ extern int fr_check __P((ip_t *, int, void *, int, mb_t **)); extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **)); extern int ipfr_fastroute __P((mb_t *, mb_t **, fr_info_t *, frdest_t *)); extern size_t mbufchainlen __P((mb_t *)); # ifdef __sgi # include extern int iplioctl __P((dev_t, int, caddr_t, int, cred_t *, int *)); extern int iplopen __P((dev_t *, int, int, cred_t *)); extern int iplclose __P((dev_t, int, int, cred_t *)); extern int iplread __P((dev_t, struct uio *, cred_t *)); extern int ipfsync __P((void)); extern int ipfilter_sgi_attach __P((void)); extern void ipfilter_sgi_detach __P((void)); extern void ipfilter_sgi_intfsync __P((void)); # else # ifdef IPFILTER_LKM extern int iplidentify __P((char *)); # endif # if (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 220000) || \ (NetBSD >= 199511) || defined(__OpenBSD__) # if defined(__NetBSD__) || (_BSDI_VERSION >= 199701) || \ defined(__OpenBSD__) || (__FreeBSD_version >= 300000) extern int iplioctl __P((dev_t, u_long, caddr_t, int, struct proc *)); # else extern int iplioctl __P((dev_t, int, caddr_t, int, struct proc *)); # endif extern int iplopen __P((dev_t, int, int, struct proc *)); extern int iplclose __P((dev_t, int, int, struct proc *)); # else # ifndef linux extern int iplopen __P((dev_t, int)); extern int iplclose __P((dev_t, int)); extern int iplioctl __P((dev_t, int, caddr_t, int)); # else extern int iplioctl(struct inode *, struct file *, u_int, u_long); extern int iplopen __P((struct inode *, struct file *)); extern void iplclose __P((struct inode *, struct file *)); # endif /* !linux */ # endif /* (_BSDI_VERSION >= 199510) */ # if BSD >= 199306 extern int iplread __P((dev_t, struct uio *, int)); # else # ifndef linux extern int iplread __P((dev_t, struct uio *)); # else extern int iplread(struct inode *, struct file *, char *, int); # endif /* !linux */ # endif /* BSD >= 199306 */ # endif /* __ sgi */ # endif /* SOLARIS */ #endif /* #ifndef _KERNEL */ extern char *memstr __P((char *, char *, int, int)); extern void fixskip __P((frentry_t **, frentry_t *, int)); extern int countbits __P((u_32_t)); extern int ipldetach __P((void)); extern u_short ipf_cksum __P((u_short *, int)); extern int ircopyptr __P((void *, void *, size_t)); extern int iwcopyptr __P((void *, void *, size_t)); extern int frflush __P((minor_t, int)); extern void frsync __P((void)); extern frgroup_t *fr_addgroup __P((u_32_t, frentry_t *, minor_t, int)); extern void fr_delgroup __P((u_32_t, u_32_t, minor_t, int)); extern frgroup_t *fr_findgroup __P((u_32_t, u_32_t, minor_t, int, frgroup_t ***)); extern int fr_copytolog __P((int, char *, int)); extern void fr_forgetifp __P((void *)); extern void fr_getstat __P((struct friostat *)); extern int fr_ifpaddr __P((int, void *, struct in_addr *)); extern int fr_lock __P((caddr_t, int *)); extern void fr_makefrip __P((int, ip_t *, fr_info_t *)); extern u_short fr_tcpsum __P((mb_t *, ip_t *, tcphdr_t *)); extern int fr_scanlist __P((u_32_t, ip_t *, fr_info_t *, void *)); extern int fr_tcpudpchk __P((frtuc_t *, fr_info_t *)); extern int fr_verifysrc __P((struct in_addr, void *)); extern int ipl_unreach; extern int fr_running; extern u_long ipl_frouteok[2]; extern int fr_pass; extern int fr_flags; extern int fr_active; extern int fr_chksrc; extern int fr_minttl; extern int fr_minttllog; extern fr_info_t frcache[2]; extern char ipfilter_version[]; extern iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1]; extern size_t iplused[IPL_LOGMAX + 1]; extern struct frentry *ipfilter[2][2], *ipacct[2][2]; #ifdef USE_INET6 extern struct frentry *ipfilter6[2][2], *ipacct6[2][2]; extern int icmptoicmp6types[ICMP_MAXTYPE+1]; extern int icmptoicmp6unreach[ICMP_MAX_UNREACH]; #endif extern struct frgroup *ipfgroups[3][2]; extern struct filterstats frstats[]; #endif /* __IP_FIL_H__ */ 0707010e0cfdfb000081a40000000000000000000000013b671a6a000006b80000000000000001ffffffffffffffff0000002300000003root/usr/include/netinet/ip_frag.h/* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_frag.h 1.5 3/24/96 * $Id: ip_frag.h,v 2.4.2.5 2001/06/26 10:43:13 darrenr Exp $ */ #ifndef __IP_FRAG_H__ #define __IP_FRAG_H__ #define IPFT_SIZE 257 typedef struct ipfr { struct ipfr *ipfr_next, *ipfr_prev; void *ipfr_data; struct in_addr ipfr_src; struct in_addr ipfr_dst; void *ipfr_ifp; u_32_t ipfr_optmsk; u_short ipfr_secmsk; u_short ipfr_auth; u_short ipfr_id; u_char ipfr_p; u_char ipfr_tos; u_short ipfr_off; u_char ipfr_ttl; u_char ipfr_seen0; frentry_t *ipfr_rule; } ipfr_t; typedef struct ipfrstat { u_long ifs_exists; /* add & already exists */ u_long ifs_nomem; u_long ifs_new; u_long ifs_hits; u_long ifs_expire; u_long ifs_inuse; struct ipfr **ifs_table; struct ipfr **ifs_nattab; } ipfrstat_t; #define IPFR_CMPSZ (offsetof(ipfr_t, ipfr_off) - \ offsetof(ipfr_t, ipfr_src)) extern int fr_ipfrttl; extern int fr_frag_lock; extern ipfrstat_t *ipfr_fragstats __P((void)); extern int ipfr_newfrag __P((ip_t *, fr_info_t *, u_int)); extern int ipfr_nat_newfrag __P((ip_t *, fr_info_t *, u_int, struct nat *)); extern nat_t *ipfr_nat_knownfrag __P((ip_t *, fr_info_t *)); extern frentry_t *ipfr_knownfrag __P((ip_t *, fr_info_t *)); extern void ipfr_forget __P((void *)); extern void ipfr_unload __P((void)); extern void ipfr_fragexpire __P((void)); #if (BSD >= 199306) || SOLARIS || defined(__sgi) # if defined(SOLARIS2) && (SOLARIS2 < 7) extern void ipfr_slowtimer __P((void)); # else extern void ipfr_slowtimer __P((void *)); # endif #else extern int ipfr_slowtimer __P((void)); #endif /* (BSD >= 199306) || SOLARIS */ #endif /* __IP_FIL_H__ */ 0707010e0cfde3000081a40000000000000000000000013b671a6a000021450000000000000001ffffffffffffffff0000002200000003root/usr/include/netinet/ip_nat.h/* * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_nat.h 1.5 2/4/96 * $Id: ip_nat.h,v 2.17.2.20 2001/06/26 10:43:15 darrenr Exp $ */ #ifndef __IP_NAT_H__ #define __IP_NAT_H__ #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif #if defined(__STDC__) || defined(__GNUC__) #define SIOCADNAT _IOW('r', 60, struct ipnat *) #define SIOCRMNAT _IOW('r', 61, struct ipnat *) #define SIOCGNATS _IOWR('r', 62, struct natstat *) #define SIOCGNATL _IOWR('r', 63, struct natlookup *) #else #define SIOCADNAT _IOW(r, 60, struct ipnat *) #define SIOCRMNAT _IOW(r, 61, struct ipnat *) #define SIOCGNATS _IOWR(r, 62, struct natstat *) #define SIOCGNATL _IOWR(r, 63, struct natlookup *) #endif #undef LARGE_NAT /* define this if you're setting up a system to NAT * LARGE numbers of networks/hosts - i.e. in the * hundreds or thousands. In such a case, you should * also change the RDR_SIZE and NAT_SIZE below to more * appropriate sizes. The figures below were used for * a setup with 1000-2000 networks to NAT. */ #ifndef NAT_SIZE # define NAT_SIZE 127 #endif #ifndef RDR_SIZE # define RDR_SIZE 127 #endif #ifndef HOSTMAP_SIZE # define HOSTMAP_SIZE 127 #endif #ifndef NAT_TABLE_SZ # define NAT_TABLE_SZ 127 #endif #ifdef LARGE_NAT #undef NAT_SIZE #undef RDR_SIZE #undef NAT_TABLE_SZ #undef HOSTMAP_SIZE 127 #define NAT_SIZE 2047 #define RDR_SIZE 2047 #define NAT_TABLE_SZ 16383 #define HOSTMAP_SIZE 8191 #endif #ifndef APR_LABELLEN #define APR_LABELLEN 16 #endif #define NAT_HW_CKSUM 0x80000000 #define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */ struct ap_session; typedef struct nat { u_long nat_age; int nat_flags; u_32_t nat_sumd[2]; u_32_t nat_ipsumd; void *nat_data; struct ap_session *nat_aps; /* proxy session */ struct frentry *nat_fr; /* filter rule ptr if appropriate */ struct in_addr nat_inip; struct in_addr nat_outip; struct in_addr nat_oip; /* other ip */ U_QUAD_T nat_pkts; U_QUAD_T nat_bytes; u_short nat_oport; /* other port */ u_short nat_inport; u_short nat_outport; u_short nat_use; u_char nat_tcpstate[2]; u_char nat_p; /* protocol for NAT */ struct ipnat *nat_ptr; /* pointer back to the rule */ struct hostmap *nat_hm; struct nat *nat_next; struct nat *nat_hnext[2]; struct nat **nat_phnext[2]; void *nat_ifp; int nat_dir; char nat_ifname[IFNAMSIZ]; #if SOLARIS || defined(__sgi) kmutex_t nat_lock; #endif } nat_t; typedef struct ipnat { struct ipnat *in_next; struct ipnat *in_rnext; struct ipnat **in_prnext; struct ipnat *in_mnext; struct ipnat **in_pmnext; void *in_ifp; void *in_apr; u_long in_space; u_int in_use; u_int in_hits; struct in_addr in_nextip; u_short in_pnext; u_short in_ippip; /* IP #'s per IP# */ u_32_t in_flags; /* From here to in_dport must be reflected */ u_short in_spare; u_short in_ppip; /* ports per IP */ u_short in_port[2]; /* correctly in IPN_CMPSIZ */ struct in_addr in_in[2]; struct in_addr in_out[2]; struct in_addr in_src[2]; struct frtuc in_tuc; int in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */ char in_ifname[IFNAMSIZ]; char in_plabel[APR_LABELLEN]; /* proxy label */ char in_p; /* protocol */ } ipnat_t; #define in_pmin in_port[0] /* Also holds static redir port */ #define in_pmax in_port[1] #define in_nip in_nextip.s_addr #define in_inip in_in[0].s_addr #define in_inmsk in_in[1].s_addr #define in_outip in_out[0].s_addr #define in_outmsk in_out[1].s_addr #define in_srcip in_src[0].s_addr #define in_srcmsk in_src[1].s_addr #define in_scmp in_tuc.ftu_scmp #define in_dcmp in_tuc.ftu_dcmp #define in_stop in_tuc.ftu_stop #define in_dtop in_tuc.ftu_dtop #define in_sport in_tuc.ftu_sport #define in_dport in_tuc.ftu_dport #define NAT_OUTBOUND 0 #define NAT_INBOUND 1 #define NAT_MAP 0x01 #define NAT_REDIRECT 0x02 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT) #define NAT_MAPBLK 0x04 /* 0x100 reserved for FI_W_SPORT */ /* 0x200 reserved for FI_W_DPORT */ /* 0x400 reserved for FI_W_SADDR */ /* 0x800 reserved for FI_W_DADDR */ /* 0x1000 reserved for FI_W_NEWFR */ #define MAPBLK_MINPORT 1024 /* don't use reserved ports for src port */ #define USABLE_PORTS (65536 - MAPBLK_MINPORT) #define IPN_CMPSIZ (sizeof(ipnat_t) - offsetof(ipnat_t, in_flags)) typedef struct natlookup { struct in_addr nl_inip; struct in_addr nl_outip; struct in_addr nl_realip; int nl_flags; u_short nl_inport; u_short nl_outport; u_short nl_realport; } natlookup_t; typedef struct nat_save { void *ipn_next; struct nat ipn_nat; struct ipnat ipn_ipnat; struct frentry ipn_fr; int ipn_dsize; char ipn_data[4]; } nat_save_t; #define ipn_rule ipn_nat.nat_fr typedef struct natget { void *ng_ptr; int ng_sz; } natget_t; typedef struct hostmap { struct hostmap *hm_next; struct hostmap **hm_pnext; struct ipnat *hm_ipnat; struct in_addr hm_realip; struct in_addr hm_mapip; int hm_ref; } hostmap_t; typedef struct natstat { u_long ns_mapped[2]; u_long ns_rules; u_long ns_added; u_long ns_expire; u_long ns_inuse; u_long ns_logged; u_long ns_logfail; u_long ns_memfail; u_long ns_badnat; nat_t **ns_table[2]; hostmap_t **ns_maptable; ipnat_t *ns_list; void *ns_apslist; u_int ns_nattab_sz; u_int ns_rultab_sz; u_int ns_rdrtab_sz; u_int ns_hostmap_sz; nat_t *ns_instances; u_int ns_wilds; } natstat_t; #define IPN_ANY 0x000 #define IPN_TCP 0x001 #define IPN_UDP 0x002 #define IPN_TCPUDP (IPN_TCP|IPN_UDP) #define IPN_DELETE 0x004 #define IPN_ICMPERR 0x008 #define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR) #define IPN_AUTOPORTMAP 0x010 #define IPN_IPRANGE 0x020 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_IPRANGE|IPN_SPLIT|\ IPN_ROUNDR|IPN_FILTER|IPN_NOTSRC|IPN_NOTDST|IPN_FRAG) #define IPN_FILTER 0x040 #define IPN_SPLIT 0x080 #define IPN_ROUNDR 0x100 #define IPN_NOTSRC 0x080000 #define IPN_NOTDST 0x100000 #define IPN_FRAG 0x200000 typedef struct natlog { struct in_addr nl_origip; struct in_addr nl_outip; struct in_addr nl_inip; u_short nl_origport; u_short nl_outport; u_short nl_inport; u_short nl_type; int nl_rule; U_QUAD_T nl_pkts; U_QUAD_T nl_bytes; u_char nl_p; } natlog_t; #define NL_NEWMAP NAT_MAP #define NL_NEWRDR NAT_REDIRECT #define NL_NEWBIMAP NAT_BIMAP #define NL_NEWBLOCK NAT_MAPBLK #define NL_FLUSH 0xfffe #define NL_EXPIRE 0xffff #define NAT_HASH_FN(k,l,m) (((k) + ((k) >> 12) + l) % (m)) #define LONG_SUM(in) (((in) & 0xffff) + ((in) >> 16)) #define CALC_SUMD(s1, s2, sd) { \ (s1) = ((s1) & 0xffff) + ((s1) >> 16); \ (s2) = ((s2) & 0xffff) + ((s2) >> 16); \ /* Do it twice */ \ (s1) = ((s1) & 0xffff) + ((s1) >> 16); \ (s2) = ((s2) & 0xffff) + ((s2) >> 16); \ /* Because ~1 == -2, We really need ~1 == -1 */ \ if ((s1) > (s2)) (s2)--; \ (sd) = (s2) - (s1); \ (sd) = ((sd) & 0xffff) + ((sd) >> 16); } extern u_int ipf_nattable_sz; extern u_int ipf_natrules_sz; extern u_int ipf_rdrrules_sz; extern int fr_nat_lock; extern void ip_natsync __P((void *)); extern u_long fr_defnatage; extern u_long fr_defnaticmpage; extern nat_t **nat_table[2]; extern nat_t *nat_instances; extern ipnat_t **nat_rules; extern ipnat_t **rdr_rules; extern natstat_t nat_stats; #if defined(__NetBSD__) || defined(__OpenBSD__) || (__FreeBSD_version >= 300003) extern int nat_ioctl __P((caddr_t, u_long, int)); #else extern int nat_ioctl __P((caddr_t, int, int)); #endif extern int nat_init __P((void)); extern nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_int, int)); extern nat_t *nat_outlookup __P((void *, u_int, u_int, struct in_addr, struct in_addr, u_32_t, int)); extern nat_t *nat_inlookup __P((void *, u_int, u_int, struct in_addr, struct in_addr, u_32_t, int)); extern nat_t *nat_maplookup __P((void *, u_int, struct in_addr, struct in_addr)); extern nat_t *nat_lookupredir __P((natlookup_t *)); extern nat_t *nat_icmplookup __P((ip_t *, fr_info_t *, int)); extern nat_t *nat_icmp __P((ip_t *, fr_info_t *, u_int *, int)); extern void nat_insert __P((nat_t *)); extern int ip_natout __P((ip_t *, fr_info_t *)); extern int ip_natin __P((ip_t *, fr_info_t *)); extern void ip_natunload __P((void)), ip_natexpire __P((void)); extern void nat_log __P((struct nat *, u_int)); extern void fix_incksum __P((fr_info_t *, u_short *, u_32_t)); extern void fix_outcksum __P((fr_info_t *, u_short *, u_32_t)); extern void fix_datacksum __P((u_short *, u_32_t)); #endif /* __IP_NAT_H__ */ 0707010e0cfdcb000081a40000000000000000000000013b671a6a00000f7a0000000000000001ffffffffffffffff0000002400000003root/usr/include/netinet/ip_proxy.h/* * Copyright (C) 1997-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * $Id: ip_proxy.h,v 2.8.2.7 2001/06/26 10:43:16 darrenr Exp $ */ #ifndef __IP_PROXY_H__ #define __IP_PROXY_H__ #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif #ifndef APR_LABELLEN #define APR_LABELLEN 16 #endif #define AP_SESS_SIZE 53 struct nat; struct ipnat; typedef struct ap_tcp { u_short apt_sport; /* source port */ u_short apt_dport; /* destination port */ short apt_sel[2]; /* {seq,ack}{off,min} set selector */ short apt_seqoff[2]; /* sequence # difference */ tcp_seq apt_seqmin[2]; /* don't change seq-off until after this */ short apt_ackoff[2]; /* sequence # difference */ tcp_seq apt_ackmin[2]; /* don't change seq-off until after this */ u_char apt_state[2]; /* connection state */ } ap_tcp_t; typedef struct ap_udp { u_short apu_sport; /* source port */ u_short apu_dport; /* destination port */ } ap_udp_t; typedef struct ap_session { struct aproxy *aps_apr; union { struct ap_tcp apu_tcp; struct ap_udp apu_udp; } aps_un; u_int aps_flags; U_QUAD_T aps_bytes; /* bytes sent */ U_QUAD_T aps_pkts; /* packets sent */ void *aps_nat; /* pointer back to nat struct */ void *aps_data; /* private data */ int aps_p; /* protocol */ int aps_psiz; /* size of private data */ struct ap_session *aps_hnext; struct ap_session *aps_next; } ap_session_t; #define aps_sport aps_un.apu_tcp.apt_sport #define aps_dport aps_un.apu_tcp.apt_dport #define aps_sel aps_un.apu_tcp.apt_sel #define aps_seqoff aps_un.apu_tcp.apt_seqoff #define aps_seqmin aps_un.apu_tcp.apt_seqmin #define aps_state aps_un.apu_tcp.apt_state #define aps_ackoff aps_un.apu_tcp.apt_ackoff #define aps_ackmin aps_un.apu_tcp.apt_ackmin typedef struct aproxy { struct aproxy *apr_next; char apr_label[APR_LABELLEN]; /* Proxy label # */ u_char apr_p; /* protocol */ int apr_ref; /* +1 per rule referencing it */ int apr_flags; int (* apr_init) __P((void)); void (* apr_fini) __P((void)); int (* apr_new) __P((fr_info_t *, ip_t *, ap_session_t *, struct nat *)); int (* apr_inpkt) __P((fr_info_t *, ip_t *, ap_session_t *, struct nat *)); int (* apr_outpkt) __P((fr_info_t *, ip_t *, ap_session_t *, struct nat *)); } aproxy_t; #define APR_DELETE 1 #define APR_ERR(x) (((x) & 0xffff) << 16) #define APR_EXIT(x) (((x) >> 16) & 0xffff) #define APR_INC(x) ((x) & 0xffff) #define FTP_BUFSZ 160 /* * For the ftp proxy. */ typedef struct ftpside { char *ftps_rptr; char *ftps_wptr; u_32_t ftps_seq; u_32_t ftps_len; int ftps_junk; char ftps_buf[FTP_BUFSZ]; } ftpside_t; typedef struct ftpinfo { int ftp_passok; int ftp_incok; ftpside_t ftp_side[2]; } ftpinfo_t; /* * Real audio proxy structure and #defines */ typedef struct { int rap_seenpna; int rap_seenver; int rap_version; int rap_eos; /* End Of Startup */ int rap_gotid; int rap_gotlen; int rap_mode; int rap_sdone; u_short rap_plport; u_short rap_prport; u_short rap_srport; char rap_svr[19]; u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have * been filled */ tcp_seq rap_sseq; } raudio_t; #define RA_ID_END 0 #define RA_ID_UDP 1 #define RA_ID_ROBUST 7 #define RAP_M_UDP 1 #define RAP_M_ROBUST 2 #define RAP_M_TCP 4 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) extern ap_session_t *ap_sess_tab[AP_SESS_SIZE]; extern ap_session_t *ap_sess_list; extern aproxy_t ap_proxies[]; extern int ippr_ftp_pasvonly; extern int appr_add __P((aproxy_t *)); extern int appr_del __P((aproxy_t *)); extern int appr_init __P((void)); extern void appr_unload __P((void)); extern int appr_ok __P((ip_t *, tcphdr_t *, struct ipnat *)); extern void appr_free __P((aproxy_t *)); extern void aps_free __P((ap_session_t *)); extern int appr_check __P((ip_t *, fr_info_t *, struct nat *)); extern aproxy_t *appr_match __P((u_int, char *)); #endif /* __IP_PROXY_H__ */ 0707010e0cfdb3000081a40000000000000000000000013b671a6a000013850000000000000001ffffffffffffffff0000002400000003root/usr/include/netinet/ip_state.h/* * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed * $Id: ip_state.h,v 2.13.2.4 2001/06/26 10:43:17 darrenr Exp $ */ #ifndef __IP_STATE_H__ #define __IP_STATE_H__ #if defined(__STDC__) || defined(__GNUC__) # define SIOCDELST _IOW('r', 61, struct ipstate *) #else # define SIOCDELST _IOW(r, 61, struct ipstate *) #endif #ifndef IPSTATE_SIZE # define IPSTATE_SIZE 5737 #endif #ifndef IPSTATE_MAX # define IPSTATE_MAX 4013 /* Maximum number of states held */ #endif #define PAIRS(s1,d1,s2,d2) ((((s1) == (s2)) && ((d1) == (d2))) ||\ (((s1) == (d2)) && ((d1) == (s2)))) #define IPPAIR(s1,d1,s2,d2) PAIRS((s1).s_addr, (d1).s_addr, \ (s2).s_addr, (d2).s_addr) typedef struct udpstate { u_short us_sport; u_short us_dport; } udpstate_t; typedef struct icmpstate { u_short ics_id; u_short ics_seq; u_char ics_type; } icmpstate_t; typedef struct tcpdata { u_32_t td_end; u_32_t td_maxend; u_short td_maxwin; } tcpdata_t; typedef struct tcpstate { u_short ts_sport; u_short ts_dport; tcpdata_t ts_data[2]; u_char ts_state[2]; } tcpstate_t; typedef struct ipstate { struct ipstate *is_next; struct ipstate **is_pnext; struct ipstate *is_hnext; struct ipstate **is_phnext; u_long is_age; u_int is_pass; U_QUAD_T is_pkts; U_QUAD_T is_bytes; void *is_ifp[2]; frentry_t *is_rule; union i6addr is_src; union i6addr is_dst; u_char is_p; /* Protocol */ u_char is_v; u_int is_hv; u_32_t is_flags; u_32_t is_opt; /* packet options set */ u_32_t is_optmsk; /* " " mask */ u_short is_sec; /* security options set */ u_short is_secmsk; /* " " mask */ u_short is_auth; /* authentication options set */ u_short is_authmsk; /* " " mask */ union { icmpstate_t is_ics; tcpstate_t is_ts; udpstate_t is_us; } is_ps; char is_ifname[2][IFNAMSIZ]; #if SOLARIS || defined(__sgi) kmutex_t is_lock; #endif } ipstate_t; #define is_saddr is_src.in4.s_addr #define is_daddr is_dst.in4.s_addr #define is_icmp is_ps.is_ics #define is_type is_icmp.ics_type #define is_code is_icmp.ics_code #define is_tcp is_ps.is_ts #define is_udp is_ps.is_us #define is_send is_tcp.ts_data[0].td_end #define is_dend is_tcp.ts_data[1].td_end #define is_maxswin is_tcp.ts_data[0].td_maxwin #define is_maxdwin is_tcp.ts_data[1].td_maxwin #define is_maxsend is_tcp.ts_data[0].td_maxend #define is_maxdend is_tcp.ts_data[1].td_maxend #define is_sport is_tcp.ts_sport #define is_dport is_tcp.ts_dport #define is_state is_tcp.ts_state #define is_ifpin is_ifp[0] #define is_ifpout is_ifp[1] #define TH_OPENING (TH_SYN|TH_ACK) /* * is_flags: * Bits 0 - 3 are use as a mask with the current packet's bits to check for * whether it is short, tcp/udp, a fragment or the presence of IP options. * Bits 4 - 7 are set from the initial packet and contain what the packet * anded with bits 0-3 must match. * Bits 8,9 are used to indicate wildcard source/destination port matching. */ typedef struct ipstate_save { void *ips_next; struct ipstate ips_is; struct frentry ips_fr; } ipstate_save_t; #define ips_rule ips_is.is_rule typedef struct ipslog { U_QUAD_T isl_pkts; U_QUAD_T isl_bytes; union i6addr isl_src; union i6addr isl_dst; u_short isl_type; union { u_short isl_filler[2]; u_short isl_ports[2]; u_short isl_icmp; } isl_ps; u_char isl_v; u_char isl_p; u_char isl_flags; u_char isl_state[2]; } ipslog_t; #define isl_sport isl_ps.isl_ports[0] #define isl_dport isl_ps.isl_ports[1] #define isl_itype isl_ps.isl_icmp #define ISL_NEW 0 #define ISL_EXPIRE 0xffff #define ISL_FLUSH 0xfffe #define ISL_REMOVE 0xfffd typedef struct ips_stat { u_long iss_hits; u_long iss_miss; u_long iss_max; u_long iss_tcp; u_long iss_udp; u_long iss_icmp; u_long iss_nomem; u_long iss_expire; u_long iss_fin; u_long iss_active; u_long iss_logged; u_long iss_logfail; u_long iss_inuse; ipstate_t **iss_table; ipstate_t *iss_list; } ips_stat_t; extern u_long fr_tcpidletimeout; extern u_long fr_tcpclosewait; extern u_long fr_tcplastack; extern u_long fr_tcptimeout; extern u_long fr_tcpclosed; extern u_long fr_tcphalfclosed; extern u_long fr_udptimeout; extern u_long fr_icmptimeout; extern int fr_state_lock; extern int fr_stateinit __P((void)); extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *)); extern ipstate_t *fr_addstate __P((ip_t *, fr_info_t *, u_int)); extern frentry_t *fr_checkstate __P((ip_t *, fr_info_t *)); extern void ip_statesync __P((void *)); extern void fr_timeoutstate __P((void)); extern void fr_tcp_age __P((u_long *, u_char *, fr_info_t *, int)); extern void fr_stateunload __P((void)); extern void ipstate_log __P((struct ipstate *, u_int)); #if defined(__NetBSD__) || defined(__OpenBSD__) extern int fr_state_ioctl __P((caddr_t, u_long, int)); #else extern int fr_state_ioctl __P((caddr_t, int, int)); #endif #endif /* __IP_STATE_H__ */ 0707010e0cfd9b000041ed0000000000000001000000033b671a72000000000000000000000001ffffffffffffffff0000001000000003root/usr/kernel0707010e0cfd83000041ed0000000000000001000000023b671a72000000000000000000000001ffffffffffffffff0000001400000003root/usr/kernel/drv0707010e0cfd6b000081ed0000000000000000000000013b671a6f0002c0280000000000000001ffffffffffffffff0000001800000003root/usr/kernel/drv/ipfELFp4( 㿈 '쀢  @?' '  @@@@`@`@`@`@`@`@`@`@`@`@`@`@`@`@ 㿐` @`  @`  @`  @`  @`  @`  @`  @`  @`  @`  @`  @`  @`  @@@??@?? @?? 'D` @` D!@'\\ \ ` @ 'D'H'L'P'T'X'D '䀢  (`` ` @䀢 LHP@'`@䀢 LHP@'`@䀢 LPH  @'`@H0@ 0@ : D  C  <  =  > v G  G   F  H M I i0S p0S 0J 0J  0A x0K a0O l? F?   J[B E iOP `  'L @'BP `  '` @L @'`@'`L @'쀢  'P `  '  HL@['P `  ' ` "@HL@E'P `  '%` @` @`L @'쀢  '` @" "`@` @P @`@P L!@'쀢  'P `  'LG'P `  'L @'쀢 @' L @'쀢  'nL @'쀢 `"`"`"`" 'NP `  '@' L @'쀢  '2P `  '@'$@ L @'`'LL L @'쀢  ' '`@㿀'D'HD@ 'H ('H !b' .`'耢   $@ 0䀢@` D@  ' p'D'H'L'P''L @'䀢  [$ $ ` @H0K    DP @  '4H0K    DP @  ' 2`  `'D   6 d  2` *`P *@   `  2` *`P *@   ' '܀  DP @'  ' ` @ * :`   2@$  ?$  '"  ? $   *`: 5` 2@'؀ ?'# 'Ԁ` 2` `     @'Ѐ ?'  $ " '"   *`: /` 2@'؀ ?' 'Ԁ` 2` `     @'Ѐ ?'"$  ' '耢   @$  '  `  `  @ H0K ` '`@L @'䀢 $`$``3H F H G     $ `   H =  H D C` ':`  `  '  ` ```" ` ` DP@?@@$$@`  @S` 'L  @`B  ` ````"  @ $`$`$@$H G  H F  @$``'܀  ܒDP@' '`@㿈'D'H'L'PD@ '`` L `  쀢   '㿈'D'H'L'PD '쀢   '㿐'D'LDc  @x'D'HH D' ` `? ` ` @ ' ' '   @'܀ ?v` "  *` `  " ` @ @ ?'@2 `2 ` ` `"  * `" ` " `"  *   @ @ "  *  2  'D`" D` " H  ` 7H@'@@ ```" H"H" H@ _@H@"H"@H`" H" H@@'H```" ` @```@H" H"H@ ,` @D'DD `'DD @D`(D@ 4D `/D @ )D @'`@```ܒ" 䀢 @ '`@DH€D'D`@䀢 @ 'H  `  DHD@DDDDD P#\   `L@DD   @D L`D LD LD L `  @D P`D PD PD P `  @```" `@H" H"H@ dD @'H  ` '耢 DH@HD @  @ 耢  HHD !'`@`@ H 쀢  DH€HH D  D@@H  H" H"H@ 㿐'D``` @@` @`"`@`@㿈'D'H`` H" H"H@ H  `  `DH€z` @```@H" H"H@ aH '@      6 1 , D H@"` @``Аb@@` @"@`@`@`DH€㿐``@ "````" `"㿐` @``@ ")``` @   `@"`"``  @@`"`@` p`'Ѐ  '쀢   ` ` '` @`'  `   ` ' `@  @'   @`@@ .`'܀ ܐ`P@ `$" $'܀  `@ @M@" $@ .`'܀ ܐ`(@ ` " '܀  `@ @@" " " " `" `" `L" ``  @* @"`"` @`@ *` '䀢 *    @ 'Ԁ  $@ @ " '`@ *`  '䀢 *    @ 'Ԁ  $@ @ " '`@` @`'؀ *  ؒ l @ 'Ԁ  $@ؒl @ " '`@P $ (@" P`P"(  (@" (`("`@`@ А  ,`@'#`` @㿀` @  ` )"  @  \' L$䀢  ` " @ @ e  @$` @`` ` ?$`@`@` @`@ *`    ?$ `@ *`     ?$ `@ @a`@@@`  @@ x` @`''䀢`2`'܀  ܀@'܀ '  @@" @`'䀢`A`@"`'܀  ܀@'܀  ' ' ܐ  ,`@`$"` " @`@@0'D'H'L'P'T'''P T' xD`   xH@H 'DLH@L'@L`'L"`L"`L"@L@@L"T %P' ' `     @'쀢 ?''D ''TT'T `T 'P ''P 2` D `'#\!#`?   @'耢  `  H`'쀢 '쀢 '耢 #@' P @'Ѐ T`P 5 `  А`T@ P"P 4 ` 7P *`@ " @P @`"DPH@ $`` @P" @Ѐ   a DP@DP@ ' H'؀ BH '`` `|47ހ Ԁ H `" Ԁ Ԑ" 'H" ` @@' }H@'HLH" ` '  ``@'܀ [H" H"H" `@`@ ,``&`|47ހ P 6*`2D@'D 'D @' '? 2 '2 H@` @` @``@"L" H" H"H@```" L"?x'D'H'L'PP'D L WD  ` ID 'D "@'H H'䀢  H  H" 'H( H" 'H '" 'L䀢 '@Lܐ" 'Lܐ 'D 'Dx'D'H'L'PP'D L WD  ` ID 'D "@'H H'䀢  H  H" 'H( H" 'H '" 'L䀢 '@Lܐ" 'Lܐ 'D 'Dx'H#\!#`?   @'耢   @H `?㿈 ` *   @$```@ *` @?('쀢 ` *?"  '`" ` " 4` " <` " D 㿐`@" $`@" 4`@" 8 㿈'D' @ T'D   ' L `  `   `  '쀢 ( L `  ``` "  ```" ?@@  ''D8'8D @'44  ]` @`'쀢 G L ` : M ` 2`,8`,  @ '`<8`,  @ `h8`h  @ ?@@ `@ '`@ 㿀'D'H'L'H0O 0O 0@ v0@   = !0A  0Q 0Q y _B :DS'D @'䀢 쀢 쀢 ` @'`@ D @' '[L `  '  @' D @F D <@';` ' D @'.D@'&`` 'D@'`` ' D@' ''DDD @'@@  ^HD!@'@@  QH``` H  @ =`    %@'HH  @`( H `( @H D!@'@@  '@@'DDD @'@@  HD!@'@@    @` H   @`('88 `T l  @'88   @ ~H  8 @8 2` '<8$`(8't 8 *`: )8`8`2@8"` 8 `8?" <*` @ 8`   @<*`` 8 "@8" H D!@'@@   @8 @ &`   (8    @ @ 㿐 P    @, * :`  M @$ , * :`  M @$ $`` @" `$ `$`"*`` ` *``  "`  ```0" 0`*` $ *`` $ *`` "``@"'D'H'L ``H Z*`2  H 2`  `  `@ ```" ` " H 4 `'8@ @ 'P//H  `,L `H $, $0 $4 $8,H $< $@ $D $$H< L ` G    H D'44 `      4 ,l4 4h*`2`4 4j*`2` Z` @`$nH D  `  D4j4hL c  * 2`* 2`H H*`2  2`* $  `  ` ` $ll$p$x 44tt* 2`  4t` @#H D4j4hL c  * 2`* 2`` @`$   @ ` @ @  @ @@$PH @$((  (   @( '<`'<` @<$ $H H*`2H`6*2 $H 2`,MH ($X?$\H ,4`?c4bH .4d?c4fH 2`  ` $TT $TL oT@$TL o  ``@" 8" *` "@8*` H"@8*`  H@  @ 8" *`*@< `@  ?$@ L ` ਐ @H @ਐ @ @`@<H @H` @ * 5H 2`  ` < h  < DH@x'H'L'P'H` , @ `?'܀  H h*`2 0* 2@'ܢ l܀` 'ܔ*@*` l 'P P P 7H H*`2P 2`* $ P ` P ` `  @` " 2 " P ` `P ` `` 7"@ "@ \*`2" %`R?b0M@aЀH" *`2*`2 2 % "* 2@ `" *`2@ " * 2` `" ` @  ܘ `?H@ '  @x'D'P'T'D <  @ @ 'P'P 4 `'T 5D T'T7T 7耢 & a Dޕ*`2 h* 2@ ' b Dܕ*`2 j* 2@ 'D T l'77耢 (䀢 D ` D ؀@ 'D $` D $؀@ '&䀢 D ` D ؀@ 'D $` D $؀@ '쀢  v'耢 ND <  @   h ;D ,  @   d *T $Dޕ*`2 h* 2@  a Dܕ*`2 j* 2@  b  'LD <  @   h ;D ,  @   d *T $Dޕ*`2 j* 2@  b Dܕ*`2 h* 2@  a  '쀢  T D T `'P 2 `:  !PD (`X PD`,*`2 `* 2@PD`.*`2 d* 2@  c N a 耢  D2 hDT`" l D2 hDT`" lDD`l" p  b 耢  D2 jDT`" x D2 jDT`" xDD`x" |DD`T " T``@"?'耢 䀢  D $` 'D `'䀢  D `' D $` '쀢 D * " *` D@ P@  @P* 5 㿐'D'H'LD 4LH @ l @`H `l  *L  LH`*`2 h* 2@LH`*`2 j* 2@  'D'HD< @  D @ @  H X*`2 / H D' `'\\ \ \  \  \  ̒ 'LH X*`2L@2  `*`8  H H*`2?'XX L2` ` *`X  H P'DLX D`  А  @  @L ` L2` ` *`L@' `  `  `   `  L  'HL 'HА 'HL 'H 'H *`2H@'H *`2H@'H H @@'HL 7LZ2 d  'dL2` ` *``L@L2 H'`H 4 ` `?/'` @`H *@@ Q L ` H M ` C'0'4'8'<' '$'(',0 ` n ) M   ``@"  $ D *`: @$  ('P`@P `@ L `  L `  L2` ` *`L@'TT TL  'HL 'HА 'HL 'H 'H,2`H@'H,2`H@'H H @@'HL 7LZ2 d  'dL2` ` *``L@L2 H'`H 4 ` `?/'` @`H *@@ G L ` > M ` 9' '$'(','0'4'8'< 0`T  ('P``@"  $ H X*`2 @$ `@P  `@ 㿈'D'H'LH P'H `H D"` DH`"*`` ` ```0" 0 L @@'H" P` * 'DD` D@H`"  ```0" 0HD" HD@" DH"('D'H``H Z*`2  H 2`  `   H 6*`2'DĐ ''H  ` 'H ' ' ' 'H ' ' ' $'А ' 'H 2`'H  `    Z U  *`2̐@' *`2̐@' ̐ @@'` @`̔ *@@ E L ` < M ` 6''''''''H d } H 5 ` `$ `$   `@DH'  ` `  `  ',2`̐@'̓- 2`̐@'` @ ̐ @@'`Ȕ *@@ R L ` I M ` C''''''''H ) HD@  H 5 ` `$ `$      T o ,2`̐@'̓- 2`̐@'̐`@'`@ ``,2`̐"@'̓- 2`̐"@'̐ '` @Z  ` @ @  @H X*`2 @$ ``@"  $   @ ('H" @ '`@H 2`  `  h   DH@㿐'D` @` ' D  M @$  ?$  $D  M @$ $ $ ?$ $`@㿈'DD T o  ``@"D`D@D`" D`D@"D `D`D` " D` D`"D P *` ` ```0" 0D ('쀢 `"  ` @D  @D @``@"㿐` @` `" 0`"`@`` `@ *` @`"㿐` @ @ 3  , $ `% L `  ``` "  ```" ?@%`` `"`@㿀'D'H'L'PL D' /H`P" `'L X*`2L`6*2" ` 2*`" '  ` $ ` `䀢  D@"HP * D@"HP  *.D@"HP ` !*`   ` HP  *D@"  `  HP  *D@"  `  HP  *D@"  ` HP  *D@"$  ` HP  *D@"  `  HP  *D@"  ` HP  *D@"  `  HP  *D@"  ` HP  *D@"!  `  HP  *D@"  D@"W  ` D@"HP  *D@">  `  HP  *D@"D@"!  `   ` 䀢 D@"H'D'HJ7D 'D 'D ,' 0' 4' 8'D <' @' D' H'D L/D M/D W/ `   ` D h7D j7 ` D /D / ` D l `777' 4''   @㿐`" `" `@"  P'D'H'L'P`a H 2`  `  D /D `'D 7D *`2@'D /D 'D @'D 'D @'H'*`"' !@'H`( 'H ,7H .7*`P@''耢``   @  ` @ u' , @'耢  ` @ `H`@" ( H @  @ *P@ @" *`P "`" " *`P "`   @ `* &D` * :`'  * 'H`H*22`@ 2 $` @` @㿈'D'H'LD< @   ``?9` @DHL '`@쀢 H 4 `*"@*``   @?H 4 `*"@*``   @ 㿈'D'H'L'PD< @   ``?GH Z*`2'* 'H H*`2 ?  H H*`2  (` @DHL '쀢 P" P" `@쀢 ? P'D'H'LD /D `'D 7D *`2@'D /D 'D @'D 'D @'H'*`"' !@'H`( 'H ,7H .7*`L '쀢 `   @ H Z7 ' ` * 2`  H 2`  ` i * 2`  * '*`L @(`@"@`"  *L@ @"*`L "`" *`L "H H*`22  7*`2 $* 2@D  @ * :`  * &2 $` @ 'k 㿀'D'HH 2`  `` MH Z*`2'* 'H H*`2 ?  H H*`2  .` @DH'쀢  ' & `  耢 " " '`@㿀'D'HH 2`  `` ?H Z*`2'* 'H H*`2 ?  H H*`2   ` @DH~'耢  (''`@㿈'D` @!'耢 "` * '쀢  D@" '?'`@㿈'DD ('쀢   ?@ ` @D `D`D@"D`D@D`" D ,@㿀` @!'  *`@''耢` @"?'`@` @` @!' /*`@''耢`@" '䀢   耢@" h?'`@`@㿀``` @!' :*`@''耢`% `&* & & ` @"` @`?@'?'`@` @` @!' I*`@''耢`4 `&* & & ` $` @`?@ '䀢   耢@" @"'?'`@`@㿐'D`` ` @@@@@a @` @"@`@㿐` *   @"@```@ *` @?` *   @"`` ``@ *`  @?k ` *   @$```@ *` @?I ` *   @$```@ *` @?' ` *   @$```@ *` @? 㿀'DD`H@'   ` * @@ "DD D`H '2`  @@'` * '``'D" D" D"㿀'DD`@@'   ` * @@ "DD <`@ '2`  @@'` * '`` 'D" D" D"㿐'DD `D`D`" D`D`"㿐'DD `D` D`" D`D` "㿈'D@  @'*`` '쀢  @@D @ `" Q'  @'쀢 ? *@ @" *@@ " *`` ` *`` "`*`` "D" @" "  " 㿐'DD  ?@D `D`D@D`" D`D@"D @㿐'D'H'LL<!L L?# 'LDH*3 L 'LL?# L3  'LHN2H*28 ? @ L@ 2`? @  2`? @   8 H2㿐'D'H'LL@!L L?# 'LDH*3 L 'LL?# L3  'LHN2H*28 ? @ L8 ?# @ 2`? @  2`? @   8 H2㿐'D'HHD*28 ? @ H@ 2`? @  2`? @   8 D2'D'H'L  '   @H <  H =  PD @'H0A D @'쀢  '쀢 +` @H <  H = 6P 0 $ 0 h `  0 `  < @ $ < 0 `  D H $ D   00 `@ H0O p0O $0> 0>  < L = e0? 0A 0R s0R 0P Y0Q t }B L `  '  @'DD D @|L `  's 'l` 'e  @l  @$ ?$ |* :`  * :`|@$  '=$$h `  0? $0h `  0? $0$ h `  H8 *"@*` $'0 `  @8 *"@*` $0 ` HD" $0 `  $H8$ 0 `  $?$ $H?H  0 ` D $(0 `  h ` <$(D$(h ` I84,:* 2`8*`2 *:* 2`8*`2"  @$@'LL L?L8  @'HH H$?$0 ` *`'HH H$?$ ```" ^L `  ' T 'Mh ` ih ` t```"`"$  @ @```" 0 $0$ `@`@" (``" ,`@" 4`@" 0`@" <`@" @`@" D`@" H`@" L`@" 8`D T@'`@(D @'쀢 ( @  ( D @' 'L `  ''䀢 @' 䀢 @ ' '`@쀢  D @'쀢  'lD @'쀢 `D @'쀢 `" 'M``D@' '=``D@E' '-``D@' '` '`@ D @'쀢  ' '`@` @x'D'D @'  h'耢 `''耢 ؐ D @'  'H`'䀢 耢  H'䀢  )" ' '쀢  8` ܒ L' @@'ܒؐ D @'  'p'D'ؒD @'Ѐ  ܔ" @'Ѐ  `````  `   H  `H''  |@'`@  `@ @`  ` @`'Ԁ P L' 8` @@'"   @'؀  G ؔ" @ؒ"Ԕ L@ 8`ؒT 8@@b@@ """ @'Ѐ  '" @ ܔ" @'Ѐ  'аh'D'ؒD @'Ȁ  Zܔ" @'Ȁ  M 䀢 '"   @'؀  : ؔ" @"@'Ȁ  ''ؐ | @` '   |@$`T$`X`'$``'$``@'$`@$`̀ C  @'̀  '$`@  ̔ @̒ " `0" 0"" " " " ̒ l  @"` |*`:   *`:̒|@"`Ԁ L L @'Ԁ  '$`@" H`"ؒ" Ԕ L@̀ `" @``@ @"`8 8` 'kؐbT`8@@" @" 8Ѐ J` +  @'$`Ѐ  'D! Д @' ܔ" @'Ȁ  ',`   Ѐ  H  '؀ " @@ ؀ " @`@Ȱ㿈'DD  c  ```P" PD L`D`LD`T" TD`TD`L"D P`D`PD`X" XD`XD`P"D ` D  ?@D D`D`DD @'쀢 /`" ` "  ` 0 `  ``@ @```" D t @D@D`@```" D |@㿐 `` `@ *` @` ` `@ *`  @ @  H$@?@7`" 㿈 '`` `@ *` @`` `@ *` @@ '$@    @ @```"  0 $ 0$ '`"`"P'D'H'L'P'T7777''L T'DR 2 @7P `  L D'7 7 | @'Ԁ ``` "  KԒ |@P" P c  ```P" PT m D ('D ,77D ('䀤H ''D'؀  '  ؀ Y'" DD HD ,*`2 D h ` gD 6*`2  P ` H 'D @8  @''D .*`2 @'D H8  @'D D@'P ` /D 6*`2 ( 7D*`2 6* 2  @7D 6*`2 D .*`2  @@@7$7MD D`D H L @@?S1D D`D H` BH 'D HD ,*`2 ؀  DDD`(" ('Β *`2 nD h ` hD 0 ` b'D 6*`2 @ D  D 6*`2 D HDDD`(" (D 6*`2 17D 6*`2 @@7D*`2 6* 2  @7D 6*`2 HD`.*2  @@@7$75D h ` /Β *`2 (D ,*`2 !D ,`2 ,7DD`,*`2 :* 2@DD`82 ,D HDDD`(" (D 0 ` DD (`H DD`D" (D HD (`D`H D`D DD`D" (* 2`  P ` 7'H ''LP H +`0((0@ #\@'Ѐ  D ,*`2 D•*`2 ,* 2@D (` D (@Ѐ D `DDD`" H` " " $H`" ( D`H ' $'D"`DH` ? H 2`* 2`? 2`@* 2`@P `  2 62 82 4D 0 ` #D ('D <䀢@DD`@" (DD`<" (D 0 a DRDD <'D 0 a DADD ,*`2 7 D 8"@D ,@7䀢 * 2`*`2 VH '" H`" $H` " (H`? H 2`* 2`? 2`@* 2`@P `  2 62 82 4?# 4  ?# @ 4` ?# 4  ?# @ 4` $@?# 4 ?c 4@ " P ` ?``9 `|47ހ 1T  ? 2` H` ? H 2`H`? H`2  ?# 4  ?c  @ " `" P ` \* 2`*`2  * 2`*`2 HT  H` ? H 2` H`? H 2`? 2`@?# 4  ?# @ 4` ?# 4  ?# @ 4` $@?# 4 ?c 4@ " `" Ԑ`dL@  @@T" `L@" \D" @H ` * >" 0" ,L`@"  `    @T  P ` 2 P ` 2 DDD` " D`h@԰```$" $ D'؀`\Ԓ |@ 㿀'DD t   @D@"D* sD d*`:  D d  @D"`\D@" H`D"D  c LDD` 2  @ D`6*2 ?`? " 'DD`(2  (@  D`4*2 @@'DD`$2  $@ D`8*2 ?`? " 'DD`(2  (@  D`4*2 @@'6DD` 2  @ ?`? " 'DD`(2  (@  @@'DD`$2  $@ ?`? " 'DD`(2  (@  @@'` * '`@D`L" TD" TD@" LD"` *  '`@D`P" XD" XD@" PD"``` " ```" h'D'H'L''H D'D @ @  D *`: /  `'܀ ܀ ܀  ܀  ܀  H D`'2` ` *`'؀  D *`:ؒ  H P'H H*`2 `   `  '  `  ' ` ]ؒ 'D *`:ؒ  ~2` ` *`@'L " ' 'H ` Ԙ@+`2`+``(3`@#\@R  ' 'H ` И@+`2`+``(3`@#\@2L  ' 'H ` И#\  @ ' 'H ` И#\  @`'D'H'L'P''H 2`  `  H Z*`2  D< @  DHP@'Ѐ  L "H D'ؒ ' `  '  `  '2` ` *`̐@' `( ` ? ` 2 ' '" `? `2 ' $'" ? ܓ2 '? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' ``]̒  @ ` O *`2 H *`2'Ԓ  @ *`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ''̒  @Ȑ ` '`4*`2 * 2@@*`2 6* 2@*`2' 6*`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' '`62 ` Q *`2 J *`2'Ԓ  @ *`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' '`*`2 8* 2@ *`2' 8*`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' '`82  ` Q *`2 J *`2'Ԓ  @ *`2'? 2 '? 2 '? 2 '? 2 '耢 ?'" '? 2 ' ' %? 2 '? 2 ' `` ؒ H@ؒ H@ ` @"а㿈'D'XX2`Z 6` @ -`2 ?`? " '2`   - 2 @@'` * @ MD  D\ >( 9$5`  `  > `@$4* 2`- 2  8* 2`-`2  P` P`   \ `@6` @ ?`? " '2`   @@'\ ` @` * @ LD  D\ =  7 1( $$4* 2`- 2  8* 2`-`2  X@P\ `@㿈'D'HH2`JD 4*`2,`2 D2 6D2 8D L`D`LD`T" TD`TD`L"D P`D`PD`X" XD`XD`P"DD` 2  @ , 2 ?`? " 'DD`(2  (@  ,`2 @@'` * '`@D`L" TD" TD@" LD"DD`$2  $@ , 2 ?`? " 'DD`(2  (@  ,`2 @@'` *  '`@D`P" XD" XD@" PD"㿈'D'XZX2` '2`  - 2 ?`? " '2`   -`2 @@'` *@ MD  D\ > 쀢 9( 4`   > `@$6* 2`- 2  4* 2`-`2  L` P`   \ `@2`  @@'2`   @@'\ ` @` *@ MD  D\ >  8 2 쀢  ( $6* 2`- 2  4* 2`-`2  XKL\ `@x * 2*` *`2 '' '#\   @'耢  $$  84 㿈'D'H'LL< @   H *`: L `H `*:  D 4 ` KH h `  DH `@ H < @ H 0 @       DH `P H L@ @ H 0 @ `   ` IH h `  uDH `P H L @ H 0 @     VDH `H H D @ H 0 @     7H T'D 2`  ` D 2`  `  D Z*`2  `  `    D@H'D'H '77' ' ''`` `` H @'Ā`  @  `   'H'H Z*`2 *H 2`  ` "D `  ' D `  'Ԑ `  H D'7 7D ` @D ` DH @'  '1H 2`  ` DH@' 'D 'D 'D `* 3`*`*`3` #\@' M 'Ԑ c CԐ a  6*`2*`2 2 6Ԑ b  4*`2*`2 2 4 8*`2 2 8` "  '```P" P`@` @?'̐ '̒ @'2`  @@'В*``  c    Ȁ U 0 `   0Ԑ H 0 `@ HD 9  @ @  < / h ` * |* :`  D@  h ` DHԘ @'  $ $ $  &܀ "ܒ?'̓* '܀ ` ܓ*@  @ ܀ ``@ z @ H 2`  `   DH @ t @@"D*; `0@ " 0`," , t @Ԁ _D` ? D` 2 '`$? `$2 '? 2 '? 2 '? 2 '? 2 ' ?'" '? 2 ' `` D H@D H@ `` D H@ D H@D`$" H Z*`2 H 2`  `  8*`2 Ԑ `  `82H@2 0D ` 2 ' t @ <H @@ @"@ @" t @%D ` ' *`2  'D `  ؀ @"䀢  `` H @H @  % d* 2` 쀢 * 2` d*`2 DH@'܀  ' '` @`@ܰ `@ P'D'H77'' 'H'''``D< @   `` H Z*`2 *H 2`  ` "D `  ' D `  ' `  H D' 77D D ` @D ` DH @'Ā  '@H 2`  ` DH@'Ā ',D ''HD ` *`0+`+`0@#\@'Ā C ' c 9 4*`2*`2   b 2 4 8*`2*`2   a 2 8` "  '```P" P`@` @?'ؐ 'ؒ @'2`  @@'ܒ*`` }  Ԁ ! * :`   * :`D ` 0  0 P0 `@ HD A H @ D 7h ` 28* 2` 0 `@ :* 2`*`2 * 2`8*`2 DH @'Ā $ $$&̀ "̒?'ؓ* '̀ ` ̓*@  @ ̀ F`@Ā & @H`" @ H 2`  `  DH @ )d* 2` Ѐ * 2`d*`2 DH@'̀? `@̰Ē t @䀢 @"D*; `0@ " 0`," ,Ē t @D` " H` "  `` D H@ D H@H Z*`2 H 2`  `  6*`2  `  `62 H`2 2D ` 2В 'Ē t @Ē <H @@ @"@ @"Ē t @%D ` ' *`2  'D `  Ȁ @"耢  `` H@H@` @`@  `@ 㿐` @@`@```@ *` @`"` ``@ *`  @`" ```@ *` @`"```@ *` @`"```@ *` @`"㿐` @ @ !?$  H H$@?@```" `@㿀'D` @``_D  D`\ Q` ` L`@'耢 G HB (`=`\'`$ @?$`$`$*?# 4 ?# 4 ?# 4 ?# 4 $?# 5  `?# 5  $``$` `H`  D  l  @$   ?$ `@P'D'HD 'D $'D ('D 0'D ,'D 47D 67D 87D >/J7Ґ?'D @`'`'쀢 D @@' ' '' $''   @㿐` @` " ` "  㿈'D'H'L'P!p @'쀢 ?(L" 8L!p" @!p@ '`"`"  '`"`"  " P'D'H'L'P'T'D D'T  D 6*`2` 2*` 'P`'dd @* 2`'Xd  d @* 2`'Td  X* 'XXT 'XLX @ d @7bd  d *`: )d 'dd *`: d?'dd *`:  d *`:  d 'db 7` mb* 2`2 7bb 7bH 'XX2` 'TX2` 'PX 'LX2 'XPd"@'@hL#\b*`2#``*`2#dXTP@h @'DD@" 'H *`:ܐ ?  $D P'' ` '܀ : ` "@ ܀ 0D @'Ȁ `@ `* `D " `@" "  ` `@@ `( @ ``(ܒ@ " (``  `* `ܔ " hD@܀ "H *`: H *`: ܢ@$@?# @ 4` H D@HH`ޔ 2 b*  ` 7^^* 2`# D 27\L 'H 'DL `> Ș\*`0+`^+`0@#\ @'Ԁ XH *`:'HD`62 D \@̒ @2 ^2  @ @ " 2 ^77 7('$`'  /H 'HL 'HL` " L @H" @'Ԁ  @"H"@H2 HH" ? p'D'H'L'P'T'P '' ''Ѐ  T ?А /ߐ ` @ ߐ ` Zߐ ` ` ߐ ` zߔ @ ߔ Zߖ * * В '* P"   @   @  P`  P` P "P " P "P "   @  P "P "   @ P` P "P "  P` P "P " mP`  @  P "P " VP`  @  P "P " ?P```  @  DHLT@' ````  @  DHLT@' @*:`"  耢 "԰'D'H'L'P'T'T & LP@ @  =D D'P`'<< *`: < *`: / < *`: 9< '<< @* 2`'<   < @* 2`'<  * ' 'L (@ < @7<  < *`: )< '<< *`: .< '<< *`: <?'<< *`:  < *`:  < '<’ 7 “* 2`2 7H '2` '2` ' '2 ''@7D 27L '8H '4DL `> 84*`0+`+`0@#\ @'DD iH *`:'4HD`62 HD \@̒ @2 2  @ @ " “*   7x 7x2 7z'`' /|H 'H 'H '`L 'PHH` " HL` " LH @H! @'DD  D@"HH!@H62 H" H" @㿀'D'H'L'P'T'P '' ' *`: // *`: 9(  *`: /  *`: 9  *`: /   *`: 9P` @  DHLT@'l`` @  DHLT@'S *`: 5  *`: 4P ">P `9 *`: 3P` P"PPP@"! *`: 2P  *` P" PP@"P"  @*:`"  耢 "㿐'D'HH D  *`; /=*`; 98  *`; /+*`; 9&  *`; /*`; 9  *`; - *`;      `@ `Z ``x `zr   `@ `Z ``\ `zV   `@ `Z ``@ `z:   `@ `Z `` `z  *`;   *`;   6*`;   *`;   ' "    *`;    `'D'H'L'P'TD D'D 6*`2` 2*` 'D P'@" ' T" *@*`" * `P@'T*@*`" * `P@'쀢  `  `" `" "  `'' 'L` T"@  *  *`:'T L`ؔ *  *`:' L`ؔ *  *`:' ` ` `"  ܐ@ ` 1?" 쀢 쀢 P P'@" ' ' '"  ` Ԓ" @"` ` Ԁ 5Ԓ" @"` `&Ԑ" '"T DHLP@@' DHLP@@'' ` Ѐ =Ѐ   *`: Ԓ ' *`: Ԑ`Ѐ  Ԑ *`:  Ԓ '" Ԓ '"Ѐ  ̐`''8̐`dЀ@,Ԑ" '̐`Ԁ@ Ԑ" P ̒ " ̐`''̒ @ܐ`̐@'̒ '"" `" "" ? 㿈'D'H'L'PL 8'쀢   DHP @㿈'D'H'L'PL 8'쀢   DHP @㿐'DD@   + ;`  *`;` / *`;` 9  (@ +` К   *`;` ,D# 0  + ;`  *`;` / *`;` 9  (@ +` К   D# +   + 3` 㿐` @` " ` "  㿈'D'H'L'PD D'L " @  @L"`8L 8`?L 8"@L@2 L`2  㿐'DD  *;  *`; / *`; 9*3  +` +  *`:?И   *3  'D'H'L'P'D D' ` ` L`8`" L 8@  L`8   H2` ` *`` 2*` 'D P'HH@ؐ" 'Ԓ  @Ԁ H@/'@7ޓ* 2`  wD 27P '@H '<DP `> @<܅*`0+`އ+`0@#\ @'LL SH *`:'<HD`62 PD \@ @2 22   @ @ " 77' 7H 'HP` " PP @H" @'LL L@"`'PH"@H>2 H"  㿐'D'H'L'PDHLP@㿐` @` " ` "  㿈'D'H'L'P D @L"`8L 8`?L`8 D@L 8'L D" @ "  `'D'H'L'PL 8'7' ` D D'H2` ` *`` 2*` 'Ԓ "@D P'@Ԑ" 'Ѐ  Ѐ""'Ж@` @'܀  ܒ ' "'`& `!?ܐ" Ѐ  @ * ܔ @ " ܒ ' "   ` ?ܐ" Ѐ  `  *` ܒ@ @  7ܒ ' " ړ* 2`  " c ` *` ܒ@ @  'ܒ ' "  `D `?ړ* 2` ` " `"  @ * ܔ @ 2 ړ* 2` `"  @ * ܔ @ 2 "Ȑ '" " o 㾠'D'H'L'P'L 8' ` D D'H2` ` *`` 2*` 'D L@'D P'@" '  uА  @  '@ ' @`% @'̀  M̐"@'" ''" @  ' @`@ @"@'  '" '' ''     * `<@ " <`&@ * "@?' '`<   `  "  1' *` ̒@ @  ̒ ' @ * ̔ @ 2 $H /H 'H 'H * HP` " HP`(" D \@ @  @ @ " '\`'X 7`2 H *`:'HD`62   ` C $*`2 < $7| "7~~2|2 |7H~7J/LP~*`2`!  @H @' @"~* 2 ! H@  ` & 7~~22 ~7H7J /LP @H" @'  @"H"@H* H2 H" H"  㿈'D`'  ` D `  @`D @ ?? 4'`'  ` D `  @`D @ ?'D@"`D"D 㿈'D`''쀢`D D ` @"  '?㿈'D'H'LL 'L d7쀢   `  D `  @ $H H *`2*`2 H  * 2`   㿐'D'H'L'PD D  `  HD `  @ < L @  1 L@H `$ <$ 8D$$ @D (`D (LHP?  L@ P$ 4`$ H`"p'D'H'LH P' ''L ` L @`DHLL"`L ' D `  < D ` QH D'``  `  *`2''耢  H`PD@* 2`' *`2؀@&`H `4  *" * DH 4 *"*`DH 4  +`# + D "@?j''H 4 `  0`  0HDL' ,`  ,HDL'Б:` 7֓* :`?֓* :`1䀢 ? HD@'耢  H`PD@2`D*; `,@ " ,`0" 0  㿈'D'H`'  ` !  `D  H @  `" 4 4'`'쀢 !  `D  H @  `"  ' 㿐'DDDD`" 㿈'DD 2`''쀢`D `H" H'D 8` D @`DD 8`@@D L@p'D'H'L'P'D D'D 4 `'H *`:'H2` ` *`` 2*` "@'䀢  'L *  *`:'L쀢   `L + @ !L쀢`    L *  ` `?  2*:`'L *  *`: )L*`L +   *; @" '؀ L *  *`:'ؐ '"  'P 3L쀢`    $L쀢   ` "@L쀢   ` L +   R 2@ 'L "@  *  *`:'L쀢   `L + @ #L쀢`    L "@  *  ` `?  2*:`'L *  *`: L *  L *  *`:'ؒ"@ "  ' 'L *  *`:'L쀢   `L + @ !L쀢`    L *  ` `?  2*:`'L *  *`: )L*`L +  *; @" '؀ L *  *`:'ؐ '"  'P 3L쀢`    $L쀢   ` "@L쀢   `L +  R 2@ 'L "@  *  *`:'L쀢   `L + @ #L쀢`    L "@  *  ` `?  2*:`'L *  *`: L *  L *  *`:'ؒ"@ "  '耢   㿈'`'  `  '耢  4'㿈`'  `  $` $ 4'`'쀢  $` $'x'D'HD 7`` `` ` @`'`@ܔ*"@*`"*@' *`2 V* 2@ H 9@  '`   '  h +H 2`  ` !  @'耢 `L @" H@" "  " "  L'H" @`@` @耢  L@ @"`"``@"?" ``@"`@8 ܒ ' l'܀ '`'`"`@`@  `"`"@"`@ܒ '܀ ' ```" `@ 㿀'D'H'LH T'`` ` @`@ ```" `@ u`` ```" `@ ]``` " ``@"`'`"`` `"`@*"@*`"*@'" " @" H \@DD` "@ " ` *HL" `|" h`@ 'D'H'L'P'Tx't'`L F K F  < % = @ D  C ,0M Y0M  G 0L 0N 0O D@'` '` '``'hh'l`lP  l 'hL = /P T  '`l  '`` @hl`"TP@"`@l @DP >T :  @'ll -Pl @` @l@" l" lT@"Tl"lh@" hl"`@"`@ '` '`U` @`@" $`@`D (@'`=H `  '`4` @`@ G`@ *` < @*"@*`"*`  D l@'``@` ` @``@"`` `"`@ `@`@  `@ `@`@` H `  '`xD l@'`` `` @t 'dd*"@*`"*@'pd d pt`V*`2 V* 2@ `@ z`d * 'p?" pt`" `d *" `@쀢 (t @ ` "p`h@'``  ```"  ```" (쀢 "p`h@'``  ```"  ```"  '``  '` '``㿀` @ !`*` '䀢 @`*`" `*"@*`"* ?"     `$ @`"`@``2` @` @`''쀢` ` @" @'`@`@㿈``` @  ;@$@`0`*` '쀢 '@`*`" `*"@*`"* ?" ``` " ``@" `l  $`$ @``` " `@" @    %@ @`@㿈 '쀢 3` *" ` *" ` * *  " ` *" *@*`"*`   \@?'H'D'H'L'PL'L 6*`2 L Z*`2 mL  `/ ` L H*`2  L H*`2@`S ` L H*`2  L H*`2@`= ` 8L D' `     L H*`2 $ L H*`2@`$L H*`2  L H*`2@` / `'В$  @D ` P@"`P@"  //L :*`2'L <'L @`L @`7?c7D'' ''PH @ P'Đ@'̐ 'H'Đ@''Ș L @x'D'H'L'P'T'X`@H H`D * /D*@*`"*` H 9@ `D * `D * D *@ `" `@ D*@*`"*` H 9@D*@*`"*`   9@`@'ܐ 'X ܒ*`P @'ܒ ' @'쀢  `@`D *    `@@ `D *D +   " `@'TM" " " "   @' 'X Cܒ*`T `ܒ*`L ܔ *P@ @ܒ*`T `ܒ*`L ܔ *P@  @ܒ*`P @'ܒ '`@`D *" `D * "`D *" `@`@ 㿀'D'H'D  H ` H ` `@`D *  `D * `@  `@ '`D * ' c 'H @X`D *" `D *D +  " " `@ H@'䀢 %`@D *@ " `D *" `D *D +   " @`@ '`D * `D *" `D *D *  " `D *" `@㿈'D`@`D * '쀢 `D *" `@`D *D *  " `D *" `D * '`D *" D*@*`"*`   9@`@%W% %G% (C) 1993-2000 Darren Reed@(#)$Id: ip_sfil.c,v 2.23.2.12 2001/07/18 14:57:09 darrenr Exp $ipf rw mutexipf log mutexipf auth log mutexipf filter load/unload mutexipf filter rwlockipf solaris mutexipf fragment rwlockipf IP state rwlockipf IP NAT rwlockipf IP NAT-Frag rwlockipf IP User-Auth rwlockipl condvaripf auth condvar@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed@(#)$Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $/dev/ipauth/dev/ipstate/dev/ipnat/dev/ipfIP Filter: v3.4.20ipfddi_pseudoipnatipstateipauth%s, attaching complete. IP Filter: failed to attach IP Filter: still attached (%d) %s detached !IP %s:%d %d %p %p %p %d %p/%d %p/%d %p %d %d %p ?%02x%02x%02x%02x %d:%02x%s %s!IP Filter: Bad packet: wptr %p < rptr %ppullupmsg failed!IP Filter: *mp %p mt %p %smblk changed, cannot revert ip_len, ip_off!IP Filter: dropped: fr_qin(%x,%x): type %x qif %x!IP Filter: info %x next %x ptr %x fsrv %x bsrv %x !IP Filter: info: putp %x srvp %x info %x !IP Filter: inp NULL: qif %x %s q %x info %x!IP Filter: dropped: fr_qout(%x,%x): type %x: qif %x!IP Filter: nfsrv: info %x next %x ptr %x !IP Filter: nbsrv: info %x next %x ptr %x !IP Filter: outp NULL: qif %x %s q %x info %xIP Filter: malloc(%d) for qif_t failedIP Filter: attach to [%s,%d] - %s IPv4IP Filter: not attached to any interfaces IP Filter: ILL Header Length Mismatch IP Filter: detaching [%s] - %s IP Filter: removing [%s] IP Filter: detaching [%s,%d] - %s @(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed@(#)$Id: ip_state.c,v 2.30.2.38 2001/07/23 13:49:46 darrenr Exp $ipf state entry@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed@(#)$Id: ip_frag.c,v 2.10.2.14 2001/07/15 22:06:15 darrenr Exp $@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $nat entry lock@(#)$Id: ip_proxy.c,v 2.9.2.6 2001/07/15 22:06:15 darrenr Exp $%s %u,%u,%u,%u,%u,%u PORTippr_ftp_out: allocb failedippr_ftp_out: cannot handle fragmented data blockUSER XAUT AUTH PASS ADAT ACCT PORT 227 Entering Passive Mod227 PNA@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $IP Filter: v3.4.20    D@R @=Zf @drv/ip   !"#$%&'()*+,-./0123456 /x8@x ixftprcmdraudio X  |#2"94 C(AIO <^0eTtpN@<|=,Zx@<T[ Ya8a@ ZX 8)XH4`x@^KPVgbn[{ x͈p4Dd'<1<L@BFXUoy@@X5 API8|8H (h7.>hLI, X<et( L@L @sHhd X@  H. 6@CLL xARD]f u p|O|lQP@| ,%I/@<8M$W0d t{R@hT`@ (0l<(JV(`m mw LP1l4thp 0 ,(9F۴QW\dLpLKl<9 d\ $T0Z X6ER[4e`rz1w,LD\Yx Ÿ  l    /0 ;s H U( _ gP n |8   T       9p T   (  # ( , : F  O ^4 f  r u }  Mt 0     H  I@   d    &X 3( = E, T ]D j q  (  Kt  W`` l h  V t|    a  ( 3@\ BU I R+l  _ m u }   54    o<  ܜ|    נ ! * 4@ ; DD LP ]n j p( z     qL @ P 4 X   T,H#*v,8BTT]l`w|PPQH |#Pl0 =IL@V<`Ujpx|LH$V\,,Yx8L!)lH9 < 0EsHPS\m}Dٜipfip_sfil.csend_ipfrzerostatsgcc2_compiled.sccsidfrrequestrcsidfil.cgcc2_compiled.sccsidfrsynclistfrflushlistrcsidsolaris.cipf_dev_infoipf_opsipf_probeipf_devfilessynctimeoutidipf_attachiplmodgcc2_compiled.hdrsizesfr_donotipqif_from_queueipf_identifymodlink1qif_headipf_cb_opsipf_getinfoipf_detachipf_ip_inpfr_precheckipdrvattcntipf_ire_walkipf_ip_qinip_state.cfr_ipsmoveips_listips_tablefr_delstategcc2_compiled.fr_state_removesccsidfr_matchsrcdstfr_matchicmpqueryreplyips_wildips_numfr_statetstatsips_statsicmpreplytype4rcsidfr_state_flushfr_checkicmpmatchingstateip_frag.cipfr_deletegcc2_compiled.sccsidipfr_inuseipfr_newipfr_headsipfr_statsrcsidipfr_nattabipfr_lookupip_nat.cnat_matchnat_tabmovenat_clearlistfr_natputentnat_addnatgcc2_compiled.sccsidnat_delrdrnat_flushtablefr_natgetentnat_hostmapdelnat_addrdrnat_deletercsidnat_delnatnat_hostmapfr_natgetszip_proxy.cappr_fixseqackgcc2_compiled.appr_new_sessionraudiofrnatfrrcsidrcmdfrip_auth.cfr_authnextgcc2_compiled.fr_authfr_authstartfae_listrcsidfr_authendip_log.cgcc2_compiled.iplcrcpanicfrflushippr_ftp_pasvappr_unloadfr_ipfrttlfr_statemaxippr_ftp_validrw_downgradememstrippr_ftp_processnat_lookupredirfr_qoutbzerofr_minttlfr_authunloadfr_tcpsumfr_verifysrcipfilter_versionfr_activefr_minttllogipf_nattable_szipf_rwcountbitsfr_udptimeoutipfs_mutexfr_tcpclosewaitipfr_fastrouteipl_unreachsoldetachipf_authmxrw_initfr_authpktsfr_authexpiremaptableaps_freeddi_remove_minor_nodenat_newipfr_forgetippr_ftp_atoicv_wait_sigfr_chksrcip_natunloadcv_signalipfr_knownfragire_to_illippr_ftp_pasvonlyunlinkbnat_insertcopyin_mblkcv_destroymutex_enterfr_checkstateiplattachippr_raudio_inappr_matchfr_authsizemsgdsizefr_stinsertfr_authstatsfr_checkauthfr_tcp_agebcopyap_proxylistfr_addgroupfr_state_ioctlmutex_destroyfr_findgroupfr_auth_lockfr_statesizecopybnat_icmpippr_rcmd_portmsgippr_raudio_outippr_rcmd_newfr_tcpstatemutex_exitfr_icmptimeoutfr_runningfr_authlist_infosolipdrvattachipl_frouteokipf_authrdr_masksipflog_clearsprintfmod_installfr_scanlistfr_qinipflogfr_nat_locknat_inlookupcopyoutipf_mutex_initiplwaitfr_stputentfr_auth_ioctl.umulnat_instancesippr_ftp_innodev.uremipfr_fragexpire_depends_onippr_ftp_newfr_tcpclosedappr_freeipf_natipauthfr_tcplastackfr_defaultauthagesynccopyout_mblknat_statsrw_exitiplioctlipfsyncnochpollrw_destroyddi_prop_remove_allfr_checkip_natoutcv_initipf_rdrrules_szddi_get_nameget_unitsend_icmp_erripf_solarisfr_flagsipfr_slowtimerfr_passipflog_initWRuiomovemod_driveropsiplhfr_delgroupnat_masksstrncpyddi_prop_opipllkmem_allocfr_defnaticmpageipltipf_cksumiplopenkmem_freeiplclosetimeoutstrncmpire_route_lookupap_sess_listappr_initputnextipf_hostmap_szipf_fragfr_defnatageipacctippr_ftp_serverappr_delfix_incksumuntimeoutnat_outlookupfrcachefr_getstatipldetachnat_initappr_checkfr_lockippr_ftp_portuniqtimeatomic_add_32ipfr_nat_knownfragip_natinill_g_headipfr_fragstatsfrsyncrw_enterfr_tcpudpchkipf_rcmd_atoifreemsgipluseddrv_usectohzddi_create_minor_nodeipstate_lognat_icmplookupipfgroupsipfr_unloadallocbip_natsyncip_cksumipflog_readipl_mutexfix_datacksumdohwcksumipllognat_listipf_statesecoptmod_infoiplreadippr_raudio_initip_natexpirelinkbsolattachap_sess_tabdatamsgddi_get_instanceip_statesyncfr_tcpidletimeoutnat_logippr_rcmd_outippr_raudio_newfr_authusednat_ioctlfix_outcksumappr_addfrstatsfr_ifpaddrstrcmpfr_qif_updatepullupmsgippr_ftp_insecureire_walksolipdrvdetachap_proxiesbcmpippr_rcmd_initfr_tcphalfclosedipfr_timer_idfr_udpacktimeoutipfauthwaitcopyinappr_okipf_natfragip_wputfr_icmpacktimeoutfixskipipinfodupmsgipfr_nat_newfragippr_ftp_outfr_frag_lockfr_addstateipfr_newfragrdr_rulesircopyptr.udivcopymsgipf_synctimeoutfr_tcptimeoutippr_ftp_clientmod_removestrlenipf_natrules_szfr_state_lockiwcopyptrfr_newauthfr_stateinit_fininat_rulesipoptsire_ctable_lookupcmn_errfr_timeoutstatefr_makefripippr_ftp_initipfilterfr_state_doflushatomic_add_longsend_resetnat_tablefr_stateunloadfr_stgetentmutex_initas: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release)as: WorkShop Compilers 5.0 98/12/21 GCC: (GNU) 2.95.2 19991024 (release).text.rodata.data.bss.symtab.strtab.comment.shstrtab.rela.text.rela.datal  p   p    p p X X @ @   ( (p     P  , L 0 \"#N G G N   N$ Gx G| N H H c e,   H X P e(  e8 P mH X 4  |  8 b    e< at ap q hP aT D V\ V` id q [t ih 0 l o   o l [p m( aP o o X l n n X mL m 4  hL m$ L x\L L x`L xLL L ~\L xXL L L L xTL L wL xPL L \L 0wL wL GhL $GdL $yL {L {L FL FL yL ~TL L yL L ,FL FL yL uL uL L L ,{ L tL {L tL L EL tL tL tL tL EL tlL thL EL tLL tHL EL ~PL WhL ~LL rL rL r|L yL GL yL `L 0GL rxL wL DL DL WlL L {L D4L {L wL r\L ~XL D0L ~HL }L }L L wL rXL L @L ,;L ;L mL qtL A0L 0qpL qTL 4L ;L TqPL q4L q0L lL lL :L T<L (plL phL <L (lL >,L @CPL pLL CLL lL hL pHL :L P>0L @p,L p(L 7L 7L }L hL iL }L hL L :L P7L B L <?HL BL <L AL 8AL 8\L 7L ?LL AlL 4AhL 4XL lxL mL mL mL ltL mL mL ,L A4L 0i L iL iL iL iL iL iL 0L jL }L jL }L k0L iL k,L kL @L ,k L 0L GD\xX@ymiltaX  axq omPPPlyz0<lN(l|x@֌qXe0$D{,@|(˨0,ʨ,LTɠX<~]@U4<P,P аР0ۤ¤`CL,@IDTJjxJ]J^JyJ`pJlJ@^ sXslttepdppPpwhpdp p(2 X l X X X d ` X \ h 8 $8 8 8 (8 <8 @8 P8 T8 8 8 08 h8 d8 8 P8 <8 8 8 8 L8 8 8 ,8 88 ٠8 8 դ8 8 ը8 8 8 08 8 8 |8 ٤8 ۠8 8 H8 8 ۜ8 ֈ8 8 ,8 t8 d8 L8 8 8 h8 8 8 p8 ք8 8 ] x] ] H] ] ] ] ] L] l] h] ] ] ,] ] ] t] ] h] l] ] ] (] ] e e e |e e We e |e e e De e He We Affff,f|fXG\Ll`PȄ٤(Xhs4 DMTLu  T  \ b p ,    X W 0 W T l b $ Z@ Z X l p ZD [ [ Z X    } ` ] ] _T ^ ] x x ` ] } _X wD w@ ^ _ ^, ^( _ ~ ~ t ~D,d~~}M M@{~$~ ~~s~~ x~~8~4~`~|~l~~H~~p~~~O~~~sX~p~~~Ƽ~X~t~~~~~~~|~~l O Ut Ux UH U U U$ X X O UL U ,  0    B B  <$ <(  > > H D L ( ~ H ~ $ ( |   @   H L | , x $ ( x < p l ( T ` \ q 8 z, z( 4   $ q y q   p X y ,iHam0$$t$]h$$$$;$T$q $$$x$h$~$eD$٬$?$$c$ $8$~x$|$$P$o$$o$$8$<$$$$<$հ$$$$X$t$ $$U$$$_<$O$x$$ $$$$ d$G$$$$$N$Vh$$$$x|$T$@$$$$$$$x$P$$$ d h  ]\ ]` P  y   H   L  x ] x _0 _4 y  xt xp  T L {$ {( H ] < 8 | |$ 0  H D ~ ~ X  4 ~l ~p \  q $ q l E8 D D T P l E< C C C C x`H`[4[<[H[[P[ @[[ [,[ [V [V[U[[[[4[[Vx[[  8 0    ,   < М   И    ʤ ʠ   ɜ ɘ p   l 8 4 ˠ $ ˤ ( ?  ȸ ȴ 8 4   ?    @x @|  , (   p       l   œ    PZ Z Z TZ ŔZ Z Z ŘZ 1t x ː ˔ D X \ @   \<|T! 4! 8! ! X! \! X! ! ! 0! 4! ! ]@ P0_l _H _D _p _ _ _$ _ ^ ^  N N N N  H@Xqt20Tל`.[_ik<ްL(_L^NHh ,   @ @   Ґ Ҕ    i ii`iir r r r r r Hr (r `r ,r \r Dr Wr Wr ssʔs 0sɸs ts s 8sDsX( P\ XL X< P PX   X$ XP <  < X8 P U U U@  UD Xd  B B X` Up~ U~ U~ P~ P~ P0~ D~ P,~ >~ ~ ~ >~ ~ ~ Ul~ ~ ~ $~ @~ (~ W~ W~ W~ X~ X~ X~ W~ W~ XGx  | l l h h  O4    [  [  0yIyP$y yhTy y,y yy[xyzz8UUHUU\UUUtUUU=U0UDUUQHUUXUU  p p = = l t O O D H  (       $    D   H   ެ3 3 ׼3 3 3 3 3  3 ި3  3 3 3 D3 p3 p3 3 t3 l3 H3 $3  3 3 ,3 ݐ3 p3 3 ؘ3 3 3 3 ؜3 t3 x3 03 |3 ݌3 T3 P3 /x@/m//#M`MpM `W  `  LVhd     W H  W L  , Ш O ( U Ь P P U O     C ; ;     U   t   C U  \ X  < 8 p $DmP1nlP,nLO4n4h<N0Lmt,l$xxϴ XLTDp0n,{Dx?$`Ȭ{<LHlpPD>P4Wx^<(  ( ( ( ( ( L( ߐ( ( ( 8( 4( ( ( ߔ( H( ( ( ( ( ( p( 8( Ө( Ӭ( ( l( P( <( L( pŜpyyy Hq yZXzHD+`#+h#+d#+L#+P#+@#+<#+8## + + #+\#+X#+4#+$## + +(#+T#+0#+H#+D#+,#:Y `< Y `@ ] ] ?t8X5%T%&<8Y0 àE;p7DFdb(9 (9 Y- Y- K- K- K- K- L,- L0- Y- Y- Y,- Y0- Y@- YD- YT- YX- Yh- Yl- Cpɬ ɨ Ʉ ɀ  X h T d ` \ X T P L H D 0       ø ͘ ͜ ͠ ͤ ô ͨ ͬ   \    ( , @h 4 8 < ð T X  ` d h ì è ä  Ѥ  @d Ѵ @L @H   Ѩ Ѭ Ѱ  l h d ` \ X Ѹ : : ; > Y Y ; > =(tN0 ,lgg@gh h eh eh h Ph Lh h h h 8h 4h nh nh nHh nLh h h ndh n`h :X : :\ : ; ; :@|Ȁ||uxIH<>l>@:G@p;,;E\DDDF<7FGpA B@TADA|dA8CXp?\h,(F80aHl7(Dx (Hx K1`ݔ˘_(_t_k4jؠ$t܀|_NX\\x4   8 < Tx P](  8T P],    T T T TX P T aL 8aH 8`    t P 8 P P`  8 Ty 8 P P 8 P 8Z, Z( \ PY Y  PY Y  8 8 8 8 8 8 8    T Ty  8 P 8 T T T 8 P 8 8` P< @ 8( , 8D 80 88 4  8  8, 0    X [\ [ |     e X | \X h^d  ^` fl h_ ] ] fp hf| p\ hj \ h\ \ \ h\ h   ` ` 8Z ` 8e xp \ f pj     f ``4 `8 e `t8 g xe `t  b 8 P   \\ ht< e  pb 8c u \ u c ` e X, e pz ( | Px Pz \H x0  \L xZ `,   d @d @d hv g x[ `v dl Xdp Xd hz P Pz Pzx zt \ he x\  h\ `f ` 7 7 H7 D7 7  7 @7 <7 qt7 qx7 a7  7  7 r7 T7 r7 T7 a7  7  7 ( -x5 5 -|5 5 5 }D5 5 x5 }@5 |5 Y@} <} } |}} ۼ@\A{A]xZ D H \  ` t  x  d `     _X _X HX DX _X ^X ^ X ]X _X ^X ]X ^X _B{OO,Ot Pp  0 4 ^ ^ zczt@z]zv zzdzz`Dz^hz8zzz`zzzzz|zzzz zzz@zezjzg zzz_yt0C]\\4_\dR_SZNpNmlkhdրT\*\*\d*\*eedtwXf   oootx0,_ 0Wl9PL8z_]8]l l m m m m ݤm ݠm \m Xm m m a a a a ta a a xa }kwk~8'~'\'}'},'|'p'wl'w'x<'x'{H'o'(''D'd'''D']p??o>o>>p>x>Yo])$))Z4:8 <     p l       D @   4    |    t 4 0 t   T €    X „ 0 x   l    p h d  p      |  T X     |  @ D   \  ` @          ذ ش p D t x | ـ ل ٴ ٸ    , 0 X \ ڄ ڈ  `  d  x  x   (4xh H H= = = = = = = Τ= = = Ψ= ά= = = = = = = = D= = = = = = = = = = = = = $= (= = = = = = = `= \= $=  = = = = T= P= L= H= = ΰ= δ= D= @= = <= 8= = = = t= p= = 4= = 0= ,= (= = = = = = |= x= l= = = @= T= P= = L= H= θ= = = D= @= = ,= (= > > > t> > > x> > > > > > 0 $ 8   L P X T 4 ( , $w (w |Y ԀY KH&hLh&0%3NLN|`e<4hG\43%@JX#l#84EPdY_ _ ܄ _h ܀ _d k k ߘW ߜW W W W W W W ׄ6s8606{_$kX pk k _ _ T P d ` D D D 0D 4D xD D PD TD D |D D ܰ ܬ ې ۔ p l d h D++8++ Ԕ Ԙ   x $     t   XH TH H H PH TH H H H LH H PH I I I I I I XI pI \I lI I \I XI I TI PI HI DI I  I `K K dK K K K $K K K K cV[chcv v n n n n n n    8 4 $ L  P x  | =1 H1 Hi i    1 1 h   d  { \ \ { nq q q q nq q hq lq q Yq q Yq  8q  <q   l l o o  F   o o   d o| 1P 1T F  1X  1`   l   t  X   p X M M   h  X 1d    X 5 5    4  8 < @  |  x D   X  d  ` X  `  o  5 5 1\    H  L   D  H  e e a@  < e  @ a<  4  t  p 5T 5X  0  H  L      P  `      d  h  5| 5h 5x d  5\   e e   l 5` 5d Vc8< H $   8 (       L _4 _0 ld l` k _P _T `, `0 k kh kd D D     g g  p l  h d nh nl   X  T ex e|  P  T :p,"j H4x 4       4   4t mp mt m m Jd m\ 4 mX KX Lt    8      E\ x E` Jh  m m P L $ m ( < m Lx | m  m @ N N G KT G   l     h n n `w dw Lw w Y,w w w w w Hw w w Y(w nw |w mw n@w n<w mw nw 9`8|d(EohE18E |@D4<4>X4=L4B4ZgtD{ 2D    x   2T t  o    2H  o  o o 2X   ZL\Np  3 3 N@ 3 L` ND GT K@ Nt 2 2 D X m GP H K< 3 T  m EH L\ m| mx 4\ 4` ED  l  $ JP p JL  l &x#|Dt]^4`jTl          (c c c c ,c c c c  p p p8 h 0 0 Hw<  @} } } ~ ~ ~ ~ (  p h h~ (x\ < hx  8x`  @x  Hw@ wD wH \ @X @ 8std sLd d d s`d sdd {xd spd sPd {|d xf tf f f f f f f (T T xT tT ,T 0T 4T T  Q Q Q Q { {xxuu<Xunhxdrxr$ (   x t h    d $ Đ DҜ LҘ L L L @Ĥ DĨ Dļ D Dτ L @X Hπ L8 H4 HÈ DÄ @ @ @  D D @ @À @Ì D( D DČ D H H H H H H H H H H, D H\ HɌ LɈ LŒ Dˆ @„ @| H, L0 LT @ D D  H( L$ LX @\ D` Dx H|j j ʀj lj Pj j Lj j xj hj |j Dj Hj  j j j    $ Ҩ Ҭ D 8 4 H 4 0 4 $   8  d h d  0 ,  ` H H hH H H H H H H lH pH tH H H xH |H H H H H H H     x`8q 4q q q q q  q q q q , H L   ( | ߬ ߨ x  @ < 0 ݸ ݼ p ` 4 l d     ޼   Ӝ Ә   L H ތl;tX\XZ`x^Zx[HHD@(<8p`xd|hFGdV<}4x pX|`r" (*3S= H 0707010e0cfd53000081a40000000000000000000000013b671a670000002b0000000000000001ffffffffffffffff0000001d00000003root/usr/kernel/drv/ipf.conf# # name="ipf" parent="pseudo" instance=0; 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!