diff -cr ip_fil3.4.19/HISTORY ip_fil3.4.20/HISTORY
*** ip_fil3.4.19/HISTORY Fri Jun 29 00:35:00 2001
--- ip_fil3.4.20/HISTORY Tue Jul 24 00:00:06 2001
***************
*** 22,27 ****
--- 22,57 ----
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+ 3.4.20 24/07/2001 - Released
+
+ adjust NAT hashing to give a better spread across the table
+
+ show icmp code/type names in output, where known
+
+ fix bug in altering cached interface names in state when resync'ing
+
+ fix bug in real audio proxy that caused crashs
+
+ fix compiling using sunos4 cc
+
+ patch from casper to address weird exit problem for ipstat in top mode
+
+ patch from Greg Woods to produce names for icmp types/unreach codes,
+ where they are known
+
+ fix bug where ipfr_fastroute() would use a mblk and it would also get
+ freed later.
+
+ don't match fragments which would cause 64k length to be exceeded
+
+ ftp proxy fix for port numbers being setup for pasv ftp with state/nat
+
+ change hashing for NAT to include both IP#'s and ports.
+
+ Solaris fixes for IPv6
+
+ fix compiling iplang bits, under Solaris, for ipsend
+
3.4.19 29/06/2001 - Released
fix to support suspend/resume on solaris8 as well as ipv6
diff -cr ip_fil3.4.19/IPFILTER.LICENCE ip_fil3.4.20/IPFILTER.LICENCE
*** ip_fil3.4.19/IPFILTER.LICENCE Thu Jun 28 23:53:09 2001
--- ip_fil3.4.20/IPFILTER.LICENCE Wed Jul 18 21:33:31 2001
***************
*** 4,14 ****
provides it on an ``as is'' basis without express or implied warranty.
Redistribution and use, with or without modification, in source and binary
! forms, are permitted provided that this notice is preserved in its entirity
and due credit is given to the original author and the contributors.
! The contents of this package may not be placed under the GPL or any
! other licence which requires requires you to give up your rights.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--- 4,16 ----
provides it on an ``as is'' basis without express or implied warranty.
Redistribution and use, with or without modification, in source and binary
! forms, are permitted provided that this notice is preserved in its entirety
and due credit is given to the original author and the contributors.
! The licence and distribution terms for any publically available version or
! derivative of this code cannot be changed. i.e. this code cannot simply be
! copied, in part or in whole, and put under another distribution licence
! [including the GNU Public Licence.]
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
diff -cr ip_fil3.4.19/SunOS5/Makefile.ipsend ip_fil3.4.20/SunOS5/Makefile.ipsend
*** ip_fil3.4.19/SunOS5/Makefile.ipsend Sat May 19 00:26:04 2001
--- ip_fil3.4.20/SunOS5/Makefile.ipsend Thu Jul 19 00:57:33 2001
***************
*** 18,31 ****
$(CC) $(DEBUG) $(CFLAGS) -c $< -o $@
$(OBJ)/y.tab.o: $(TOP)/iplang/iplang_y.y
! if [ "x$$OBJ" != "x" ] ; then \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \
else \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \
fi
$(OBJ)/lex.yy.o: $(TOP)/iplang/iplang_l.l
! if [ "x$$OBJ" != "x" ] ; then \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ='); \
else \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \
--- 18,31 ----
$(CC) $(DEBUG) $(CFLAGS) -c $< -o $@
$(OBJ)/y.tab.o: $(TOP)/iplang/iplang_y.y
! @if [ "x$$OBJ" != "x" -a "x$$OBJ" != "x." ] ; then \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \
else \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \
fi
$(OBJ)/lex.yy.o: $(TOP)/iplang/iplang_l.l
! @if [ "x$$OBJ" != "x" -a "x$$OBJ" != "x." ] ; then \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ='); \
else \
(cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \
diff -cr ip_fil3.4.19/SunOS5/pkginfo ip_fil3.4.20/SunOS5/pkginfo
*** ip_fil3.4.19/SunOS5/pkginfo Fri Jun 29 00:35:01 2001
--- ip_fil3.4.20/SunOS5/pkginfo Mon Jul 23 23:52:11 2001
***************
*** 5,11 ****
PKG=ipf
NAME=IP Filter
ARCH=ARCH_updated_by_sed_when_package_is_built
! VERSION=3.4.19
CATEGORY=system
DESC=This package contains tools for building a firewall
VENDOR=Darren Reed
--- 5,11 ----
PKG=ipf
NAME=IP Filter
ARCH=ARCH_updated_by_sed_when_package_is_built
! VERSION=3.4.20
CATEGORY=system
DESC=This package contains tools for building a firewall
VENDOR=Darren Reed
diff -cr ip_fil3.4.19/facpri.c ip_fil3.4.20/facpri.c
*** ip_fil3.4.19/facpri.c Tue Jun 26 20:43:11 2001
--- ip_fil3.4.20/facpri.c Mon Jul 16 08:06:12 2001
***************
*** 16,23 ****
#include <syslog.h>
#include "facpri.h"
#if !defined(lint)
! static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.3 2001/06/26 10:43:11 darrenr Exp $";
#endif
typedef struct table {
--- 16,27 ----
#include <syslog.h>
#include "facpri.h"
+ #ifndef __STDC__
+ # define const
+ #endif
+
#if !defined(lint)
! static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $";
#endif
typedef struct table {
diff -cr ip_fil3.4.19/fil.c ip_fil3.4.20/fil.c
*** ip_fil3.4.19/fil.c Tue Jun 26 20:43:11 2001
--- ip_fil3.4.20/fil.c Wed Jul 18 23:30:32 2001
***************
*** 3,13 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
- static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.35 2001/06/26 10:43:11 darrenr Exp $";
- #endif
-
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
--- 3,8 ----
***************
*** 98,103 ****
--- 93,103 ----
#endif
#include "netinet/ipl.h"
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $";
+ #endif
+
#ifndef _KERNEL
# include "ipf.h"
# include "ipt.h"
***************
*** 218,224 ****
if (v == 4) {
fin->fin_id = ip->ip_id;
fi->fi_tos = ip->ip_tos;
! off = (ip->ip_off & IP_OFFMASK) << 3;
tcp = (tcphdr_t *)((char *)ip + hlen);
(*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
fi->fi_src.i6[1] = 0;
--- 218,224 ----
if (v == 4) {
fin->fin_id = ip->ip_id;
fi->fi_tos = ip->ip_tos;
! off = (ip->ip_off & IP_OFFMASK);
tcp = (tcphdr_t *)((char *)ip + hlen);
(*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
fi->fi_src.i6[1] = 0;
***************
*** 231,237 ****
fi->fi_daddr = ip->ip_dst.s_addr;
p = ip->ip_p;
fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0;
! if (ip->ip_off & 0x3fff)
fi->fi_fl |= FI_FRAG;
plen = ip->ip_len;
fin->fin_dlen = plen - hlen;
--- 231,237 ----
fi->fi_daddr = ip->ip_dst.s_addr;
p = ip->ip_p;
fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0;
! if (ip->ip_off & (IP_MF|IP_OFFMASK))
fi->fi_fl |= FI_FRAG;
plen = ip->ip_len;
fin->fin_dlen = plen - hlen;
***************
*** 261,266 ****
--- 261,267 ----
fin->fin_off = off;
fin->fin_plen = plen;
fin->fin_dp = (void *)tcp;
+ off <<= 3;
switch (p)
{
***************
*** 524,530 ****
* satisfy the "short" class too).
*/
if (err && (fin->fin_fi.fi_p == IPPROTO_TCP)) {
! if (fin->fin_fi.fi_fl & FI_SHORT)
return !(ft->ftu_tcpf | ft->ftu_tcpfm);
/*
* Match the flags ? If not, abort this match.
--- 525,531 ----
* satisfy the "short" class too).
*/
if (err && (fin->fin_fi.fi_p == IPPROTO_TCP)) {
! if (fin->fin_fl & FI_SHORT)
return !(ft->ftu_tcpf | ft->ftu_tcpfm);
/*
* Match the flags ? If not, abort this match.
***************
*** 559,568 ****
fin->fin_fr = NULL;
fin->fin_rule = 0;
fin->fin_group = 0;
! if (fin->fin_v == 4)
! off = ip->ip_off & IP_OFFMASK;
! else
! off = 0;
pass |= (fi->fi_fl << 24);
if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off)
--- 560,566 ----
fin->fin_fr = NULL;
fin->fin_rule = 0;
fin->fin_group = 0;
! off = fin->fin_off;
pass |= (fi->fi_fl << 24);
if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off)
***************
*** 939,945 ****
}
#endif
pass = fr_pass;
! if (fin->fin_fi.fi_fl & FI_SHORT) {
ATOMIC_INCL(frstats[out].fr_short);
}
--- 937,943 ----
}
#endif
pass = fr_pass;
! if (fin->fin_fl & FI_SHORT) {
ATOMIC_INCL(frstats[out].fr_short);
}
***************
*** 968,975 ****
}
}
! if (apass || (!(fr = ipfr_knownfrag(ip, fin)) &&
! !(fr = fr_checkstate(ip, fin)))) {
/*
* If a packet is found in the auth table, then skip checking
* the access lists for permission but we do need to consider
--- 966,983 ----
}
}
! if (!apass) {
! if ((fin->fin_fl & FI_FRAG) == FI_FRAG)
! fr = ipfr_knownfrag(ip, fin);
! if (!fr && !(fin->fin_fl & FI_SHORT))
! fr = fr_checkstate(ip, fin);
! if (fr != NULL)
! pass = fr->fr_flags;
! if (fr && (pass & FR_LOGFIRST))
! pass &= ~(FR_LOGFIRST|FR_LOG);
! }
!
! if (apass || !fr) {
/*
* If a packet is found in the auth table, then skip checking
* the access lists for permission but we do need to consider
***************
*** 1038,1044 ****
fin->fin_fr = fr;
if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
! if (fin->fin_fi.fi_fl & FI_FRAG) {
if (ipfr_newfrag(ip, fin, pass) == -1) {
ATOMIC_INCL(frstats[out].fr_bnfr);
} else {
--- 1046,1052 ----
fin->fin_fr = fr;
if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
! if (fin->fin_fl & FI_FRAG) {
if (ipfr_newfrag(ip, fin, pass) == -1) {
ATOMIC_INCL(frstats[out].fr_bnfr);
} else {
***************
*** 1157,1163 ****
send_icmp_err(ip, ICMP_UNREACH, fin, dst);
ATOMIC_INCL(frstats[0].fr_ret);
} else if (((pass & FR_RETMASK) == FR_RETRST) &&
! !(fin->fin_fi.fi_fl & FI_SHORT)) {
if (send_reset(ip, fin) == 0) {
ATOMIC_INCL(frstats[1].fr_ret);
}
--- 1165,1171 ----
send_icmp_err(ip, ICMP_UNREACH, fin, dst);
ATOMIC_INCL(frstats[0].fr_ret);
} else if (((pass & FR_RETMASK) == FR_RETRST) &&
! !(fin->fin_fl & FI_SHORT)) {
if (send_reset(ip, fin) == 0) {
ATOMIC_INCL(frstats[1].fr_ret);
}
***************
*** 1170,1176 ****
verbose("- forged ICMP unreachable sent\n");
ATOMIC_INCL(frstats[0].fr_ret);
} else if (((pass & FR_RETMASK) == FR_RETRST) &&
! !(fin->fin_fi.fi_fl & FI_SHORT)) {
verbose("- TCP RST sent\n");
ATOMIC_INCL(frstats[1].fr_ret);
}
--- 1178,1184 ----
verbose("- forged ICMP unreachable sent\n");
ATOMIC_INCL(frstats[0].fr_ret);
} else if (((pass & FR_RETMASK) == FR_RETRST) &&
! !(fin->fin_fl & FI_SHORT)) {
verbose("- TCP RST sent\n");
ATOMIC_INCL(frstats[1].fr_ret);
}
***************
*** 1199,1210 ****
frdest_t *fdp = &fr->fr_tif;
if (((pass & FR_FASTROUTE) && !out) ||
! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) {
! if (ipfr_fastroute(m, fin, fdp) == 0)
! m = *mp = NULL;
! }
! if (mc)
! ipfr_fastroute(mc, fin, &fr->fr_dif);
}
if (!(pass & FR_PASS) && m) {
--- 1207,1217 ----
frdest_t *fdp = &fr->fr_tif;
if (((pass & FR_FASTROUTE) && !out) ||
! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1))
! (void) ipfr_fastroute(m, mp, fin, fdp);
!
! if (mc != NULL)
! (void) ipfr_fastroute(mc, &mc, fin, &fr->fr_dif);
}
if (!(pass & FR_PASS) && m) {
***************
*** 1221,1232 ****
frdest_t *fdp = &fr->fr_tif;
if (((pass & FR_FASTROUTE) && !out) ||
! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) {
! if (ipfr_fastroute(ip, m, mp, fin, fdp) == 0)
! m = *mp = NULL;
! }
! if (mc)
! ipfr_fastroute(ip, mc, mp, fin, &fr->fr_dif);
}
# endif /* !SOLARIS */
return (pass & FR_PASS) ? 0 : error;
--- 1228,1238 ----
frdest_t *fdp = &fr->fr_tif;
if (((pass & FR_FASTROUTE) && !out) ||
! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1))
! (void) ipfr_fastroute(ip, m, mp, fin, fdp);
!
! if (mc != NULL)
! (void) ipfr_fastroute(ip, mc, &mc, fin, &fr->fr_dif);
}
# endif /* !SOLARIS */
return (pass & FR_PASS) ? 0 : error;
***************
*** 1458,1464 ****
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
! * $Id: fil.c,v 2.35.2.35 2001/06/26 10:43:11 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
--- 1464,1470 ----
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
! * $Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
diff -cr ip_fil3.4.19/fils.c ip_fil3.4.20/fils.c
*** ip_fil3.4.19/fils.c Thu Jun 28 23:52:59 2001
--- ip_fil3.4.20/fils.c Thu Jul 19 22:24:09 2001
***************
*** 74,80 ****
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.13 2001/06/28 13:52:59 darrenr Exp $";
#endif
extern char *optarg;
--- 74,80 ----
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.17 2001/07/19 12:24:09 darrenr Exp $";
#endif
extern char *optarg;
***************
*** 96,101 ****
--- 96,102 ----
#ifdef STATETOP
#define STSTRSIZE 80
#define STGROWSIZE 16
+ #define HOSTNMLEN 40
#define STSORT_PR 0
#define STSORT_PKTS 1
***************
*** 719,725 ****
PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
ips.is_secmsk, ips.is_sec, ips.is_authmsk,
ips.is_auth);
! PRINTF("interfaces: in %s[%p] ",
get_ifname(ips.is_ifpin), ips.is_ifpin);
PRINTF("out %s[%p]\n",
get_ifname(ips.is_ifpout), ips.is_ifpout);
--- 720,726 ----
PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
ips.is_secmsk, ips.is_sec, ips.is_authmsk,
ips.is_auth);
! PRINTF("\tinterfaces: in %s[%p] ",
get_ifname(ips.is_ifpin), ips.is_ifpin);
PRINTF("out %s[%p]\n",
get_ifname(ips.is_ifpout), ips.is_ifpout);
***************
*** 784,789 ****
--- 785,791 ----
ips_stat_t ipsst, *ipsstp = &ipsst;
statetop_t *tstable = NULL, *tp;
struct timeval selecttimeout;
+ char hostnm[HOSTNMLEN];
struct protoent *proto;
fd_set readfd;
int c = 0;
***************
*** 799,805 ****
initscr();
cbreak();
noecho();
! nodelay(stdscr, 1);
/* repeat until user aborts */
while ( 1 ) {
--- 801,810 ----
initscr();
cbreak();
noecho();
!
! /* init hostname */
! gethostname(hostnm, sizeof(hostnm) - 1);
! hostnm[sizeof(hostnm) - 1] = '\0';
/* repeat until user aborts */
while ( 1 ) {
***************
*** 904,910 ****
attron(A_BOLD);
winx = 0;
move(winx,0);
! sprintf(str1, "%s - state top", IPL_VERSION);
for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
printw(" ");
printw("%s", str1);
--- 909,915 ----
attron(A_BOLD);
winx = 0;
move(winx,0);
! sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION);
for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
printw(" ");
printw("%s", str1);
***************
*** 1045,1066 ****
select(1, &readfd, NULL, NULL, &selecttimeout);
/* if key pressed, read all waiting keys */
! if (FD_ISSET(0, &readfd))
! while ((c = wgetch(stdscr)) != ERR) {
! if (tolower(c) == 'l') {
! redraw = 1;
! } else if (tolower(c) == 'q') {
! nocbreak();
! endwin();
! exit(0);
! } else if (tolower(c) == 'r') {
! reverse = !reverse;
! } else if (tolower(c) == 's') {
! sorting++;
! if (sorting > STSORT_MAX)
! sorting = 0;
! }
}
} /* while */
close(sfd);
--- 1050,1074 ----
select(1, &readfd, NULL, NULL, &selecttimeout);
/* if key pressed, read all waiting keys */
! if (FD_ISSET(0, &readfd)) {
! c = wgetch(stdscr);
! if (c == ERR)
! continue;
!
! if (tolower(c) == 'l') {
! redraw = 1;
! } else if (tolower(c) == 'q') {
! nocbreak();
! endwin();
! exit(0);
! } else if (tolower(c) == 'r') {
! reverse = !reverse;
! } else if (tolower(c) == 's') {
! sorting++;
! if (sorting > STSORT_MAX)
! sorting = 0;
}
+ }
} /* while */
close(sfd);
diff -cr ip_fil3.4.19/inet_addr.c ip_fil3.4.20/inet_addr.c
*** ip_fil3.4.19/inet_addr.c Thu Aug 5 03:29:54 1999
--- ip_fil3.4.20/inet_addr.c Mon Jul 16 08:06:14 2001
***************
*** 52,61 ****
* -
* --Copyright--
*/
#if !defined(lint)
static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
! static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1 1999/08/04 17:29:54 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
--- 52,71 ----
* -
* --Copyright--
*/
+ #ifdef __STDC__
+ # ifndef __P
+ # define __P(x) x
+ # endif
+ #else
+ # undef __P
+ # define __P(x) ()
+ # undef const
+ # define const
+ #endif
#if !defined(lint)
static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
! static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
***************
*** 63,75 ****
#include <arpa/inet.h>
#include <ctype.h>
- #ifndef __P
- # ifdef __STDC__
- # define __P(x) x
- # else
- # define __P(x) ()
- # endif
- #endif
int inet_aton __P((const char *, struct in_addr *));
/*
--- 73,78 ----
diff -cr ip_fil3.4.19/ip_auth.c ip_fil3.4.20/ip_auth.c
*** ip_fil3.4.19/ip_auth.c Tue Jun 26 20:43:12 2001
--- ip_fil3.4.20/ip_auth.c Thu Jul 19 00:57:08 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.10 2001/06/26 10:43:12 darrenr Exp $";
- #endif
-
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
--- 3,8 ----
***************
*** 105,110 ****
--- 101,109 ----
# endif
#endif
+ #if !defined(lint)
+ static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $";
+ #endif
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
***************
*** 303,310 ****
}
! int fr_auth_ioctl(data, cmd, fr, frptr)
caddr_t data;
#if defined(__NetBSD__) || defined(__OpenBSD__) || (FreeBSD_version >= 300003)
u_long cmd;
#else
--- 302,310 ----
}
! int fr_auth_ioctl(data, mode, cmd, fr, frptr)
caddr_t data;
+ int mode;
#if defined(__NetBSD__) || defined(__OpenBSD__) || (FreeBSD_version >= 300003)
u_long cmd;
#else
***************
*** 384,389 ****
--- 384,393 ----
sizeof(fr_authstats));
break;
case SIOCAUTHW:
+ if (!(mode & FWRITE)) {
+ error = EPERM;
+ break;
+ }
fr_authioctlloop:
READ_ENTER(&ipf_auth);
if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) {
***************
*** 418,423 ****
--- 422,431 ----
goto fr_authioctlloop;
break;
case SIOCAUTHR:
+ if (!(mode & FWRITE)) {
+ error = EPERM;
+ break;
+ }
error = IRCOPYPTR(data, (caddr_t)&auth, sizeof(auth));
if (error)
return error;
diff -cr ip_fil3.4.19/ip_auth.h ip_fil3.4.20/ip_auth.h
*** ip_fil3.4.19/ip_auth.h Tue Jun 26 20:43:13 2001
--- ip_fil3.4.20/ip_auth.h Thu Jul 19 00:57:08 2001
***************
*** 3,9 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*
! * $Id: ip_auth.h,v 2.3.2.3 2001/06/26 10:43:13 darrenr Exp $
*
*/
#ifndef __IP_AUTH_H__
--- 3,9 ----
*
* See the IPFILTER.LICENCE file for details on licencing.
*
! * $Id: ip_auth.h,v 2.3.2.4 2001/07/18 14:57:08 darrenr Exp $
*
*/
#ifndef __IP_AUTH_H__
***************
*** 53,60 ****
extern mb_t *fr_authpkts[];
extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *));
#if defined(__NetBSD__) || defined(__OpenBSD__)
! extern int fr_auth_ioctl __P((caddr_t, u_long, frentry_t *, frentry_t **));
#else
! extern int fr_auth_ioctl __P((caddr_t, int, frentry_t *, frentry_t **));
#endif
#endif /* __IP_AUTH_H__ */
--- 53,60 ----
extern mb_t *fr_authpkts[];
extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *));
#if defined(__NetBSD__) || defined(__OpenBSD__)
! extern int fr_auth_ioctl __P((caddr_t, int, u_long, frentry_t *, frentry_t **));
#else
! extern int fr_auth_ioctl __P((caddr_t, int, int, frentry_t *, frentry_t **));
#endif
#endif /* __IP_AUTH_H__ */
diff -cr ip_fil3.4.19/ip_compat.h ip_fil3.4.20/ip_compat.h
*** ip_fil3.4.19/ip_compat.h Tue Jun 26 20:43:13 2001
--- ip_fil3.4.20/ip_compat.h Mon Jul 23 14:22:48 2001
***************
*** 4,10 ****
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_compat.h 1.8 1/14/96
! * $Id: ip_compat.h,v 2.26.2.15 2001/06/26 10:43:13 darrenr Exp $
*/
#ifndef __IP_COMPAT_H__
--- 4,10 ----
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_compat.h 1.8 1/14/96
! * $Id: ip_compat.h,v 2.26.2.17 2001/07/23 04:22:48 darrenr Exp $
*/
#ifndef __IP_COMPAT_H__
***************
*** 25,30 ****
--- 25,33 ----
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
+ #if SOLARIS && !defined(SOLARIS2)
+ # define SOLARIS2 4 /* Pick an old version */
+ #endif
#if SOLARIS2 >= 8
# ifndef USE_INET6
# define USE_INET6
***************
*** 468,474 ****
(defined(OpenBSD) && (OpenBSD >= 199603))
# define IFNAME(x) ((struct ifnet *)x)->if_xname
# else
! # define IFNAME(x) ((struct ifnet *)x)->if_name
# endif
# endif
# endif /* sun */
--- 471,479 ----
(defined(OpenBSD) && (OpenBSD >= 199603))
# define IFNAME(x) ((struct ifnet *)x)->if_xname
# else
! # define USE_GETIFNAME 1
! # define IFNAME(x) get_ifname((struct ifnet *)x)
! extern char *get_ifname __P((struct ifnet *));
# endif
# endif
# endif /* sun */
***************
*** 593,599 ****
# endif
#endif /* SOLARIS */
- #if defined(linux) || defined(__sgi)
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
--- 598,603 ----
***************
*** 632,637 ****
--- 636,644 ----
#ifndef ICMP_MASKREPLY
# define ICMP_MASKREPLY ICMP_ADDRESSREPLY
#endif
+ #ifndef ICMP_PARAMPROB_OPTABSENT
+ # define ICMP_PARAMPROB_OPTABSENT 1
+ #endif
#ifndef IPVERSION
# define IPVERSION 4
#endif
***************
*** 719,725 ****
#ifndef IPOPT_OLEN
# define IPOPT_OLEN 1
#endif
- #endif /* linux || __sgi */
#ifdef linux
#include <linux/in_systm.h>
--- 726,731 ----
diff -cr ip_fil3.4.19/ip_fil.c ip_fil3.4.20/ip_fil.c
*** ip_fil3.4.19/ip_fil.c Tue Jun 26 20:41:21 2001
--- ip_fil3.4.20/ip_fil.c Mon Jul 23 23:49:57 2001
***************
*** 3,13 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.30 2001/06/26 10:41:21 darrenr Exp $";
- #endif
-
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
--- 3,8 ----
***************
*** 116,121 ****
--- 111,121 ----
extern int ip_optcopy __P((struct ip *, struct ip *));
#endif
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.34 2001/07/23 13:49:57 darrenr Exp $";
+ #endif
+
extern struct protosw inetsw[];
***************
*** 518,524 ****
if (!fr_running)
error = EIO;
else
! error = fr_auth_ioctl(data, cmd, NULL, NULL);
SPL_X(s);
return error;
}
--- 518,524 ----
if (!fr_running)
error = EIO;
else
! error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
SPL_X(s);
return error;
}
***************
*** 848,855 ****
return EBUSY;
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
- if (unit == IPL_LOGAUTH)
- return fr_auth_ioctl(data, req, f, ftail);
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
--- 848,853 ----
***************
*** 863,870 ****
if (f)
error = EEXIST;
else {
- if (unit == IPL_LOGAUTH)
- return fr_auth_ioctl(data, req, fp, ftail);
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
--- 861,866 ----
***************
*** 1096,1102 ****
# ifdef IPSEC
m->m_pkthdr.rcvif = NULL;
# endif
! return ipfr_fastroute(m, fin, NULL);
}
--- 1092,1098 ----
# ifdef IPSEC
m->m_pkthdr.rcvif = NULL;
# endif
! return ipfr_fastroute(m, fin->fin_mp, fin, NULL);
}
***************
*** 1107,1113 ****
int dst;
{
int err, hlen = 0, xtra = 0, iclen, ohlen = 0, avail, code;
! u_short shlen, slen, soff;
struct in_addr dst4;
struct icmp *icmp;
struct mbuf *m;
--- 1103,1109 ----
int dst;
{
int err, hlen = 0, xtra = 0, iclen, ohlen = 0, avail, code;
! u_short shlen, slen = 0, soff = 0;
struct in_addr dst4;
struct icmp *icmp;
struct mbuf *m;
***************
*** 1313,1320 ****
}
! int ipfr_fastroute(m0, fin, fdp)
! struct mbuf *m0;
fr_info_t *fin;
frdest_t *fdp;
{
--- 1309,1316 ----
}
! int ipfr_fastroute(m0, mpp, fin, fdp)
! struct mbuf *m0, **mpp;
fr_info_t *fin;
frdest_t *fdp;
{
***************
*** 1367,1373 ****
* currently "to <if>" and "to <if>:ip#" are not supported
* for IPv6
*/
! return ip6_output(m0, NULL, NULL, 0, NULL, NULL);
}
#endif
/*
--- 1363,1371 ----
* currently "to <if>" and "to <if>:ip#" are not supported
* for IPv6
*/
! error = ip6_output(m0, NULL, NULL, 0, NULL, NULL);
! *mpp = NULL;
! return error;
}
#endif
/*
***************
*** 1392,1398 ****
*/
if ((fr != NULL) && (fin->fin_rev != 0)) {
if ((ifp != NULL) && (fdp == &fr->fr_tif))
! return -1;
dst->sin_addr = ip->ip_dst;
} else if (fdp) {
if (fdp->fd_ip.s_addr) {
--- 1390,1396 ----
*/
if ((fr != NULL) && (fin->fin_rev != 0)) {
if ((ifp != NULL) && (fdp == &fr->fr_tif))
! return 0;
dst->sin_addr = ip->ip_dst;
} else if (fdp) {
if (fdp->fd_ip.s_addr) {
***************
*** 1492,1497 ****
--- 1490,1496 ----
# endif
goto done;
}
+
/*
* Too large for interface; fragment if possible.
* Must be able to put at least 8 bytes per fragment.
***************
*** 1597,1603 ****
if (ro->ro_rt) {
RTFREE(ro->ro_rt);
}
! return 0;
bad:
if (error == EMSGSIZE) {
sifp = fin->fin_ifp;
--- 1596,1603 ----
if (ro->ro_rt) {
RTFREE(ro->ro_rt);
}
! *mpp = NULL;
! return error;
bad:
if (error == EMSGSIZE) {
sifp = fin->fin_ifp;
***************
*** 1639,1644 ****
--- 1639,1656 ----
return (ifp == iproute.ro_rt->rt_ifp);
}
+
+ # ifdef USE_GETIFNAME
+ char *
+ get_ifname(ifp)
+ struct ifnet *ifp;
+ {
+ static char workbuf[64];
+
+ sprintf(workbuf, "%s%d", ifp->if_name, ifp->if_unit);
+ return workbuf;
+ }
+ # endif
#else /* #ifdef _KERNEL */
***************
*** 1792,1819 ****
close(fd);
}
# endif
- }
-
-
- int ipfr_fastroute(ip, fin, fdp)
- ip_t *ip;
- fr_info_t *fin;
- frdest_t *fdp;
- {
- struct ifnet *ifp = fdp->fd_ifp;
-
- if (!ifp)
- return 0; /* no routing table out here */
-
- ip->ip_len = htons((u_short)ip->ip_len);
- ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
- ip->ip_sum = 0;
- #ifdef __sgi
- (*ifp->if_output)(ifp, (void *)ip, NULL);
- #else
- (*ifp->if_output)(ifp, (void *)ip, NULL, 0);
- #endif
- return 0;
}
--- 1804,1809 ----
diff -cr ip_fil3.4.19/ip_fil.h ip_fil3.4.20/ip_fil.h
*** ip_fil3.4.19/ip_fil.h Tue Jun 26 20:41:32 2001
--- ip_fil3.4.20/ip_fil.h Sun Jul 15 23:51:42 2001
***************
*** 4,10 ****
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
! * $Id: ip_fil.h,v 2.29.2.8 2001/06/26 10:41:32 darrenr Exp $
*/
#ifndef __IP_FIL_H__
--- 4,10 ----
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
! * $Id: ip_fil.h,v 2.29.2.10 2001/07/15 13:51:42 darrenr Exp $
*/
#ifndef __IP_FIL_H__
***************
*** 153,158 ****
--- 153,159 ----
#define fin_v fin_fi.fi_v
#define fin_saddr fin_fi.fi_saddr
#define fin_daddr fin_fi.fi_daddr
+ #define fin_fl fin_fi.fi_fl
/*
* Size for compares on fr_info structures
***************
*** 168,173 ****
--- 169,177 ----
void *fd_ifp;
struct in_addr fd_ip;
char fd_ifname[IFNAMSIZ];
+ #if SOLARIS
+ mb_t *fd_mp; /* cache resolver for to/dup-to */
+ #endif
} frdest_t;
typedef struct frpcmp {
***************
*** 486,492 ****
extern int send_reset __P((ip_t *, struct ifnet *));
extern int icmp_error __P((ip_t *, struct ifnet *));
extern int ipf_log __P((void));
- extern int ipfr_fastroute __P((ip_t *, fr_info_t *, frdest_t *));
extern struct ifnet *get_unit __P((char *, int));
# if defined(__NetBSD__) || defined(__OpenBSD__) || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
--- 490,495 ----
***************
*** 532,538 ****
# else /* SOLARIS */
extern int fr_check __P((ip_t *, int, void *, int, mb_t **));
extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **));
! extern int ipfr_fastroute __P((mb_t *, fr_info_t *, frdest_t *));
extern size_t mbufchainlen __P((mb_t *));
# ifdef __sgi
# include <sys/cred.h>
--- 535,541 ----
# else /* SOLARIS */
extern int fr_check __P((ip_t *, int, void *, int, mb_t **));
extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **));
! extern int ipfr_fastroute __P((mb_t *, mb_t **, fr_info_t *, frdest_t *));
extern size_t mbufchainlen __P((mb_t *));
# ifdef __sgi
# include <sys/cred.h>
diff -cr ip_fil3.4.19/ip_frag.c ip_fil3.4.20/ip_frag.c
*** ip_fil3.4.19/ip_frag.c Tue Jun 26 20:43:13 2001
--- ip_fil3.4.20/ip_frag.c Mon Jul 16 08:06:15 2001
***************
*** 3,13 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.10.2.12 2001/06/26 10:43:13 darrenr Exp $";
- #endif
-
#if defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
--- 3,8 ----
***************
*** 92,97 ****
--- 87,97 ----
extern struct timeout ipfr_slowtimer_ch;
#endif
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.10.2.14 2001/07/15 22:06:15 darrenr Exp $";
+ #endif
+
static ipfr_t *ipfr_heads[IPFT_SIZE];
static ipfr_t *ipfr_nattab[IPFT_SIZE];
***************
*** 149,155 ****
if (ipfr_inuse >= IPFT_SIZE)
return NULL;
! if (!(fin->fin_fi.fi_fl & FI_FRAG))
return NULL;
frag.ipfr_p = ip->ip_p;
--- 149,155 ----
if (ipfr_inuse >= IPFT_SIZE)
return NULL;
! if (!(fin->fin_fl & FI_FRAG))
return NULL;
frag.ipfr_p = ip->ip_p;
***************
*** 247,255 ****
--- 247,262 ----
nat_t *nat;
{
ipfr_t *ipf;
+ int off;
if ((ip->ip_v != 4) || (fr_frag_lock))
return -1;
+
+ off = fin->fin_off;
+ off <<= 3;
+ if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0))
+ return NULL;
+
WRITE_ENTER(&ipf_natfrag);
ipf = ipfr_new(ip, fin, pass, ipfr_nattab);
if (ipf != NULL) {
***************
*** 271,281 ****
ipfr_t *table[];
{
ipfr_t *f, frag;
! u_int idx;
!
! if (!(fin->fin_fi.fi_fl & FI_FRAG))
! return NULL;
!
/*
* For fragments, we record protocol, packet id, TOS and both IP#'s
* (these should all be the same for all fragments of a packet).
--- 278,285 ----
ipfr_t *table[];
{
ipfr_t *f, frag;
! u_int idx;
!
/*
* For fragments, we record protocol, packet id, TOS and both IP#'s
* (these should all be the same for all fragments of a packet).
***************
*** 307,321 ****
IPFR_CMPSZ)) {
u_short atoff, off;
/*
* XXX - We really need to be guarding against the
* retransmission of (src,dst,id,offset-range) here
* because a fragmented packet is never resent with
* the same IP ID#.
*/
- off = ip->ip_off & IP_OFFMASK;
if (f->ipfr_seen0) {
! if (!off || (fin->fin_fi.fi_fl & FI_SHORT))
continue;
} else if (!off)
f->ipfr_seen0 = 1;
--- 311,326 ----
IPFR_CMPSZ)) {
u_short atoff, off;
+ off = fin->fin_off;
+
/*
* XXX - We really need to be guarding against the
* retransmission of (src,dst,id,offset-range) here
* because a fragmented packet is never resent with
* the same IP ID#.
*/
if (f->ipfr_seen0) {
! if (!off || (fin->fin_fl & FI_SHORT))
continue;
} else if (!off)
f->ipfr_seen0 = 1;
***************
*** 357,367 ****
ip_t *ip;
fr_info_t *fin;
{
! nat_t *nat;
! ipfr_t *ipf;
! if ((ip->ip_v != 4) || (fr_frag_lock))
return NULL;
READ_ENTER(&ipf_natfrag);
ipf = ipfr_lookup(ip, fin, ipfr_nattab);
if (ipf != NULL) {
--- 362,379 ----
ip_t *ip;
fr_info_t *fin;
{
! ipfr_t *ipf;
! nat_t *nat;
! int off;
! if ((fin->fin_v != 4) || (fr_frag_lock))
! return NULL;
!
! off = fin->fin_off;
! off <<= 3;
! if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0))
return NULL;
+
READ_ENTER(&ipf_natfrag);
ipf = ipfr_lookup(ip, fin, ipfr_nattab);
if (ipf != NULL) {
***************
*** 387,401 ****
ip_t *ip;
fr_info_t *fin;
{
! frentry_t *fr = NULL;
! ipfr_t *fra;
! if ((ip->ip_v != 4) || (fr_frag_lock))
return NULL;
READ_ENTER(&ipf_frag);
fra = ipfr_lookup(ip, fin, ipfr_heads);
if (fra != NULL)
fr = fra->ipfr_rule;
RWLOCK_EXIT(&ipf_frag);
return fr;
}
--- 399,422 ----
ip_t *ip;
fr_info_t *fin;
{
! frentry_t *fr;
! ipfr_t *fra;
! int off;
! if ((fin->fin_v != 4) || (fr_frag_lock))
return NULL;
+
+ off = fin->fin_off;
+ off <<= 3;
+ if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0))
+ return NULL;
+
READ_ENTER(&ipf_frag);
fra = ipfr_lookup(ip, fin, ipfr_heads);
if (fra != NULL)
fr = fra->ipfr_rule;
+ else
+ fr = NULL;
RWLOCK_EXIT(&ipf_frag);
return fr;
}
diff -cr ip_fil3.4.19/ip_ftp_pxy.c ip_fil3.4.20/ip_ftp_pxy.c
*** ip_fil3.4.19/ip_ftp_pxy.c Thu Jun 14 17:37:17 2001
--- ip_fil3.4.20/ip_ftp_pxy.c Sun Jul 15 23:50:54 2001
***************
*** 2,8 ****
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
! * $Id: ip_ftp_pxy.c,v 2.7.2.25 2001/06/14 07:37:17 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
--- 2,8 ----
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
! * $Id: ip_ftp_pxy.c,v 2.7.2.26 2001/07/15 13:50:54 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
***************
*** 515,527 ****
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
! fi.fin_data[1] = a5 << 8 | a6;
fi.fin_dlen = sizeof(*tcp2);
! tcp2->th_dport = htons(fi.fin_data[1]);
! fi.fin_data[0] = 0;
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &natfr;
! fi.fin_out = 0;
swip = ip->ip_src;
swip2 = ip->ip_dst;
fi.fin_fi.fi_daddr = ip->ip_src.s_addr;
--- 515,527 ----
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
! fi.fin_data[0] = a5 << 8 | a6;
fi.fin_dlen = sizeof(*tcp2);
! tcp2->th_dport = htons(fi.fin_data[0]);
! fi.fin_data[1] = 0;
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &natfr;
! fi.fin_out = 1;
swip = ip->ip_src;
swip2 = ip->ip_dst;
fi.fin_fi.fi_daddr = ip->ip_src.s_addr;
diff -cr ip_fil3.4.19/ip_lfil.c ip_fil3.4.20/ip_lfil.c
*** ip_fil3.4.19/ip_lfil.c Tue Jun 26 20:43:13 2001
--- ip_fil3.4.20/ip_lfil.c Thu Jul 19 00:57:09 2001
***************
*** 4,10 ****
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
! static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.1 2001/06/26 10:43:13 darrenr Exp $";
#endif
#if defined(KERNEL) && !defined(_KERNEL)
--- 4,10 ----
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
! static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.2 2001/07/18 14:57:09 darrenr Exp $";
#endif
#if defined(KERNEL) && !defined(_KERNEL)
***************
*** 335,341 ****
break;
}
case SIOCATHST :
! error = fr_auth_ioctl(data, cmd, NULL, NULL);
break;
case SIOCFRSYN :
if (!(mode & FWRITE))
--- 335,341 ----
break;
}
case SIOCATHST :
! error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
break;
case SIOCFRSYN :
if (!(mode & FWRITE))
***************
*** 482,488 ****
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH)
! return fr_auth_ioctl(data, req, f, ftail);
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
--- 482,488 ----
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH)
! return fr_auth_ioctl(data, mode, req, f, ftail);
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
***************
*** 495,501 ****
error = EEXIST;
else {
if (unit == IPL_LOGAUTH)
! return fr_auth_ioctl(data, req, f, ftail);
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
--- 495,501 ----
error = EEXIST;
else {
if (unit == IPL_LOGAUTH)
! return fr_auth_ioctl(data, mode, req, f, ftail);
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
diff -cr ip_fil3.4.19/ip_nat.c ip_fil3.4.20/ip_nat.c
*** ip_fil3.4.19/ip_nat.c Tue Jun 26 20:43:14 2001
--- ip_fil3.4.20/ip_nat.c Sat Jul 21 17:17:22 2001
***************
*** 5,15 ****
*
* Added redirect stuff and a LOT of bug fixes. (mcn@EnGarde.com)
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.41 2001/06/26 10:43:14 darrenr Exp $";
- #endif
-
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
#define _KERNEL
#endif
--- 5,10 ----
***************
*** 110,115 ****
--- 105,115 ----
#undef SOCKADDR_IN
#define SOCKADDR_IN struct sockaddr_in
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $";
+ #endif
+
nat_t **nat_table[2] = { NULL, NULL },
*nat_instances = NULL;
ipnat_t *nat_list = NULL;
***************
*** 1468,1475 ****
void nat_insert(nat)
nat_t *nat;
{
nat_t **natp;
- u_int hv;
MUTEX_INIT(&nat->nat_lock, "nat entry lock", NULL);
--- 1468,1475 ----
void nat_insert(nat)
nat_t *nat;
{
+ u_int hv1, hv2;
nat_t **natp;
MUTEX_INIT(&nat->nat_lock, "nat entry lock", NULL);
***************
*** 1482,1499 ****
nat->nat_next = nat_instances;
nat_instances = nat;
! hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
! ipf_nattable_sz);
! natp = &nat_table[0][hv];
if (*natp)
(*natp)->nat_phnext[0] = &nat->nat_hnext[0];
nat->nat_phnext[0] = natp;
nat->nat_hnext[0] = *natp;
*natp = nat;
! hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
! ipf_nattable_sz);
! natp = &nat_table[1][hv];
if (*natp)
(*natp)->nat_phnext[1] = &nat->nat_hnext[1];
nat->nat_phnext[1] = natp;
--- 1482,1511 ----
nat->nat_next = nat_instances;
nat_instances = nat;
! if (!(nat->nat_flags & (FI_W_SPORT|FI_W_DPORT))) {
! hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
! 0xffffffff);
! hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport,
! ipf_nattable_sz);
! hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
! 0xffffffff);
! hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport,
! ipf_nattable_sz);
! } else {
! hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0, 0xffffffff);
! hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1, ipf_nattable_sz);
! hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0, 0xffffffff);
! hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2, ipf_nattable_sz);
! }
!
! natp = &nat_table[0][hv1];
if (*natp)
(*natp)->nat_phnext[0] = &nat->nat_hnext[0];
nat->nat_phnext[0] = natp;
nat->nat_hnext[0] = *natp;
*natp = nat;
! natp = &nat_table[1][hv2];
if (*natp)
(*natp)->nat_phnext[1] = &nat->nat_hnext[1];
nat->nat_phnext[1] = natp;
***************
*** 1609,1615 ****
ip_t *oip;
int flags = 0;
! if ((fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK))
return NULL;
/*
* nat_icmplookup() will return NULL for `defective' packets.
--- 1621,1627 ----
ip_t *oip;
int flags = 0;
! if ((fin->fin_fl & FI_SHORT) || (fin->fin_off != 0))
return NULL;
/*
* nat_icmplookup() will return NULL for `defective' packets.
***************
*** 1923,1929 ****
sport = ports & 0xffff;
flags &= IPN_TCPUDP;
! hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz);
nat = nat_table[1][hv];
for (; nat; nat = nat->nat_hnext[1]) {
nflags = nat->nat_flags;
--- 1935,1942 ----
sport = ports & 0xffff;
flags &= IPN_TCPUDP;
! hv = NAT_HASH_FN(dst, dport, 0xffffffff);
! hv = NAT_HASH_FN(src.s_addr, hv + sport, ipf_nattable_sz);
nat = nat_table[1][hv];
for (; nat; nat = nat->nat_hnext[1]) {
nflags = nat->nat_flags;
***************
*** 1941,1947 ****
if (!rw) {
RWLOCK_EXIT(&ipf_nat);
}
! hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz);
if (!rw) {
WRITE_ENTER(&ipf_nat);
}
--- 1954,1961 ----
if (!rw) {
RWLOCK_EXIT(&ipf_nat);
}
! hv = NAT_HASH_FN(dst, 0, 0xffffffff);
! hv = NAT_HASH_FN(src.s_addr, hv, ipf_nattable_sz);
if (!rw) {
WRITE_ENTER(&ipf_nat);
}
***************
*** 2005,2011 ****
/*
* Add into the NAT table in the new position
*/
! hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, ipf_nattable_sz);
natp = &nat_table[0][hv];
if (*natp)
(*natp)->nat_phnext[0] = &nat->nat_hnext[0];
--- 2019,2026 ----
/*
* Add into the NAT table in the new position
*/
! hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, 0xffffffff);
! hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
natp = &nat_table[0][hv];
if (*natp)
(*natp)->nat_phnext[0] = &nat->nat_hnext[0];
***************
*** 2013,2019 ****
nat->nat_hnext[0] = *natp;
*natp = nat;
! hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, ipf_nattable_sz);
natp = &nat_table[1][hv];
if (*natp)
(*natp)->nat_phnext[1] = &nat->nat_hnext[1];
--- 2028,2035 ----
nat->nat_hnext[0] = *natp;
*natp = nat;
! hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, 0xffffffff);
! hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz);
natp = &nat_table[1][hv];
if (*natp)
(*natp)->nat_phnext[1] = &nat->nat_hnext[1];
***************
*** 2047,2053 ****
flags &= IPN_TCPUDP;
srcip = src.s_addr;
! hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz);
nat = nat_table[0][hv];
for (; nat; nat = nat->nat_hnext[0]) {
nflags = nat->nat_flags;
--- 2063,2070 ----
flags &= IPN_TCPUDP;
srcip = src.s_addr;
! hv = NAT_HASH_FN(srcip, sport, 0xffffffff);
! hv = NAT_HASH_FN(dst.s_addr, hv + dport, ipf_nattable_sz);
nat = nat_table[0][hv];
for (; nat; nat = nat->nat_hnext[0]) {
nflags = nat->nat_flags;
***************
*** 2067,2072 ****
--- 2084,2090 ----
RWLOCK_EXIT(&ipf_nat);
}
hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz);
+ hv = NAT_HASH_FN(dst.s_addr, hv, ipf_nattable_sz);
if (!rw) {
WRITE_ENTER(&ipf_nat);
}
***************
*** 2151,2158 ****
}
ft = &np->in_tuc;
! if (!(fin->fin_fi.fi_fl & FI_TCPUDP) ||
! (fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK)) {
if (ft->ftu_scmp || ft->ftu_dcmp)
return 0;
return 1;
--- 2169,2176 ----
}
ft = &np->in_tuc;
! if (!(fin->fin_fl & FI_TCPUDP) ||
! (fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) {
if (ft->ftu_scmp || ft->ftu_dcmp)
return 0;
return 1;
***************
*** 2190,2196 ****
else
ifp = fin->fin_ifp;
! if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {
if (ip->ip_p == IPPROTO_TCP)
nflags = IPN_TCP;
else if (ip->ip_p == IPPROTO_UDP)
--- 2208,2214 ----
else
ifp = fin->fin_ifp;
! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
if (ip->ip_p == IPPROTO_TCP)
nflags = IPN_TCP;
else if (ip->ip_p == IPPROTO_UDP)
***************
*** 2209,2215 ****
if ((ip->ip_p == IPPROTO_ICMP) &&
(nat = nat_icmp(ip, fin, &nflags, NAT_OUTBOUND)))
icmpset = 1;
! else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) &&
(nat = ipfr_nat_knownfrag(ip, fin)))
natadd = 0;
else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p,
--- 2227,2233 ----
if ((ip->ip_p == IPPROTO_ICMP) &&
(nat = nat_icmp(ip, fin, &nflags, NAT_OUTBOUND)))
icmpset = 1;
! else if ((fin->fin_fl & FI_FRAG) &&
(nat = ipfr_nat_knownfrag(ip, fin)))
natadd = 0;
else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p,
***************
*** 2287,2293 ****
*/
if (nat) {
np = nat->nat_ptr;
! if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && np)
ipfr_nat_newfrag(ip, fin, 0, nat);
MUTEX_ENTER(&nat->nat_lock);
nat->nat_age = fr_defnatage;
--- 2305,2311 ----
*/
if (nat) {
np = nat->nat_ptr;
! if (natadd && (fin->fin_fl & FI_FRAG) && np)
ipfr_nat_newfrag(ip, fin, 0, nat);
MUTEX_ENTER(&nat->nat_lock);
nat->nat_age = fr_defnatage;
***************
*** 2321,2328 ****
#endif
ip->ip_src = nat->nat_outip;
! if (!(ip->ip_off & IP_OFFMASK) &&
! !(fin->fin_fi.fi_fl & FI_SHORT)) {
if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) {
tcp->th_sport = nat->nat_outport;
--- 2339,2345 ----
#endif
ip->ip_src = nat->nat_outip;
! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) {
tcp->th_sport = nat->nat_outport;
***************
*** 2405,2411 ****
if ((nat_list == NULL) || (ip->ip_v != 4) || (fr_nat_lock))
return 0;
! if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) {
if (ip->ip_p == IPPROTO_TCP)
nflags = IPN_TCP;
else if (ip->ip_p == IPPROTO_UDP)
--- 2422,2428 ----
if ((nat_list == NULL) || (ip->ip_v != 4) || (fr_nat_lock))
return 0;
! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
if (ip->ip_p == IPPROTO_TCP)
nflags = IPN_TCP;
else if (ip->ip_p == IPPROTO_UDP)
***************
*** 2426,2432 ****
if ((ip->ip_p == IPPROTO_ICMP) &&
(nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND)))
icmpset = 1;
! else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) &&
(nat = ipfr_nat_knownfrag(ip, fin)))
natadd = 0;
else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p,
--- 2443,2449 ----
if ((ip->ip_p == IPPROTO_ICMP) &&
(nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND)))
icmpset = 1;
! else if ((fin->fin_fl & FI_FRAG) &&
(nat = ipfr_nat_knownfrag(ip, fin)))
natadd = 0;
else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p,
***************
*** 2493,2499 ****
if (nat) {
np = nat->nat_ptr;
fin->fin_fr = nat->nat_fr;
! if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && np)
ipfr_nat_newfrag(ip, fin, 0, nat);
if ((np->in_apr != NULL) && (np->in_dport == 0 ||
(tcp != NULL && sport == np->in_dport))) {
--- 2510,2516 ----
if (nat) {
np = nat->nat_ptr;
fin->fin_fr = nat->nat_fr;
! if (natadd && (fin->fin_fl & FI_FRAG) && np)
ipfr_nat_newfrag(ip, fin, 0, nat);
if ((np->in_apr != NULL) && (np->in_dport == 0 ||
(tcp != NULL && sport == np->in_dport))) {
***************
*** 2524,2531 ****
else
fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
#endif
! if (!(ip->ip_off & IP_OFFMASK) &&
! !(fin->fin_fi.fi_fl & FI_SHORT)) {
if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) {
tcp->th_dport = nat->nat_inport;
--- 2541,2547 ----
else
fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd);
#endif
! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) {
if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) {
tcp->th_dport = nat->nat_inport;
diff -cr ip_fil3.4.19/ip_proxy.c ip_fil3.4.20/ip_proxy.c
*** ip_fil3.4.19/ip_proxy.c Tue Jun 26 20:43:16 2001
--- ip_fil3.4.20/ip_proxy.c Mon Jul 16 08:06:15 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.5 2001/06/26 10:43:16 darrenr Exp $";
- #endif
-
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
--- 3,8 ----
***************
*** 74,79 ****
--- 70,79 ----
#include "netinet/ip_state.h"
#if (__FreeBSD_version >= 300000)
# include <sys/malloc.h>
+ #endif
+
+ #if !defined(lint)
+ static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.6 2001/07/15 22:06:15 darrenr Exp $";
#endif
diff -cr ip_fil3.4.19/ip_raudio_pxy.c ip_fil3.4.20/ip_raudio_pxy.c
*** ip_fil3.4.19/ip_raudio_pxy.c Sat May 19 00:23:39 2001
--- ip_fil3.4.20/ip_raudio_pxy.c Mon Jul 23 14:17:56 2001
***************
*** 1,5 ****
/*
! * $Id: ip_raudio_pxy.c,v 1.7.2.5 2001/05/18 14:23:39 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
--- 1,5 ----
/*
! * $Id: ip_raudio_pxy.c,v 1.7.2.6 2001/07/23 04:17:56 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
***************
*** 172,179 ****
unsigned char membuf[IPF_MAXPORTLEN + 1], *s;
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
raudio_t *rap = aps->aps_data;
struct in_addr swa, swb;
- int off, dlen, slen;
int a1, a2, a3, a4;
u_short sp, dp;
fr_info_t fi;
--- 172,179 ----
unsigned char membuf[IPF_MAXPORTLEN + 1], *s;
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
raudio_t *rap = aps->aps_data;
+ int off, dlen, slen, clen;
struct in_addr swa, swb;
int a1, a2, a3, a4;
u_short sp, dp;
fr_info_t fi;
***************
*** 204,216 ****
if (dlen <= 0)
return 0;
bzero(membuf, sizeof(membuf));
! copyout_mblk(m, off, MIN(sizeof(membuf), dlen), (char *)membuf);
#else
dlen = mbufchainlen(m) - off;
if (dlen <= 0)
return 0;
bzero(membuf, sizeof(membuf));
! m_copydata(m, off, MIN(sizeof(membuf), dlen), (char *)membuf);
#endif
seq = ntohl(tcp->th_seq);
--- 204,218 ----
if (dlen <= 0)
return 0;
bzero(membuf, sizeof(membuf));
! clen = MIN(sizeof(membuf), dlen);
! copyout_mblk(m, off, clen, (char *)membuf);
#else
dlen = mbufchainlen(m) - off;
if (dlen <= 0)
return 0;
bzero(membuf, sizeof(membuf));
! clen = MIN(sizeof(membuf), dlen);
! m_copydata(m, off, clen, (char *)membuf);
#endif
seq = ntohl(tcp->th_seq);
***************
*** 219,225 ****
* We only care for the first 19 bytes coming back from the server.
*/
if (rap->rap_sseq == 0) {
! s = (u_char *)memstr("PNA", (char *)membuf, 3, dlen);
if (s == NULL)
return 0;
a1 = s - membuf;
--- 221,227 ----
* We only care for the first 19 bytes coming back from the server.
*/
if (rap->rap_sseq == 0) {
! s = (u_char *)memstr("PNA", (char *)membuf, 3, clen);
if (s == NULL)
return 0;
a1 = s - membuf;
diff -cr ip_fil3.4.19/ip_sfil.c ip_fil3.4.20/ip_sfil.c
*** ip_fil3.4.19/ip_sfil.c Tue Jun 26 20:43:16 2001
--- ip_fil3.4.20/ip_sfil.c Thu Jul 19 00:57:09 2001
***************
*** 7,13 ****
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.10 2001/06/26 10:43:16 darrenr Exp $";
#endif
#include <sys/types.h>
--- 7,13 ----
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.12 2001/07/18 14:57:09 darrenr Exp $";
#endif
#include <sys/types.h>
***************
*** 195,201 ****
return error;
}
if (unit == IPL_LOGAUTH) {
! error = fr_auth_ioctl((caddr_t)data, cmd, NULL, NULL);
RWLOCK_EXIT(&ipf_solaris);
return error;
}
--- 195,201 ----
return error;
}
if (unit == IPL_LOGAUTH) {
! error = fr_auth_ioctl((caddr_t)data, mode, cmd, NULL, NULL);
RWLOCK_EXIT(&ipf_solaris);
return error;
}
***************
*** 456,461 ****
--- 456,462 ----
}
fdp = &fp->fr_dif;
+ fdp->fd_mp = NULL;
fp->fr_flags &= ~FR_DUP;
if (*fdp->fd_ifname) {
ill = get_unit(fdp->fd_ifname, (int)fp->fr_v);
***************
*** 489,494 ****
--- 490,496 ----
}
fdp = &fp->fr_tif;
+ fdp->fd_mp = NULL;
if (*fdp->fd_ifname) {
ill = get_unit(fdp->fd_ifname, (int)fp->fr_v);
if (!ill)
***************
*** 575,584 ****
}
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
- if (unit == IPL_LOGAUTH) {
- error = fr_auth_ioctl(data, req, fp, ftail);
- goto out;
- }
if (f->fr_grhead)
fr_delgroup(f->fr_grhead, fp->fr_flags,
unit, set);
--- 577,582 ----
***************
*** 592,601 ****
if (f) {
error = EEXIST;
} else {
- if (unit == IPL_LOGAUTH) {
- error = fr_auth_ioctl(data, req, fp, ftail);
- goto out;
- }
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
--- 590,595 ----
diff -cr ip_fil3.4.19/ip_state.c ip_fil3.4.20/ip_state.c
*** ip_fil3.4.19/ip_state.c Tue Jun 26 20:43:16 2001
--- ip_fil3.4.20/ip_state.c Mon Jul 23 23:49:46 2001
***************
*** 3,13 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.35 2001/06/26 10:43:16 darrenr Exp $";
- #endif
-
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
--- 3,8 ----
***************
*** 95,100 ****
--- 90,100 ----
# endif
#endif
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.38 2001/07/23 13:49:46 darrenr Exp $";
+ #endif
+
#ifndef MIN
# define MIN(a,b) (((a)<(b))?(a):(b))
#endif
***************
*** 503,510 ****
u_int pass;
int out;
! if (fr_state_lock || (fin->fin_off & IP_OFFMASK) ||
! (fin->fin_fi.fi_fl & FI_SHORT))
return NULL;
if (ips_num == fr_statemax) {
ips_stats.iss_max++;
--- 503,509 ----
u_int pass;
int out;
! if (fr_state_lock || (fin->fin_off != 0) || (fin->fin_fl & FI_SHORT))
return NULL;
if (ips_num == fr_statemax) {
ips_stats.iss_max++;
***************
*** 664,670 ****
is->is_secmsk = 0xffff;
is->is_auth = fin->fin_fi.fi_auth;
is->is_authmsk = 0xffff;
! is->is_flags = fin->fin_fi.fi_fl & FI_CMP;
is->is_flags |= FI_CMP << 4;
is->is_flags |= flags & (FI_WILDP|FI_WILDA);
if (flags & (FI_WILDP|FI_WILDA))
--- 663,669 ----
is->is_secmsk = 0xffff;
is->is_auth = fin->fin_fi.fi_auth;
is->is_authmsk = 0xffff;
! is->is_flags = fin->fin_fl & FI_CMP;
is->is_flags |= FI_CMP << 4;
is->is_flags |= flags & (FI_WILDP|FI_WILDA);
if (flags & (FI_WILDP|FI_WILDA))
***************
*** 689,695 ****
#endif
RWLOCK_EXIT(&ipf_state);
fin->fin_rev = IP6NEQ(is->is_dst, fin->fin_fi.fi_dst);
! if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG))
ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
return is;
}
--- 688,694 ----
#endif
RWLOCK_EXIT(&ipf_state);
fin->fin_rev = IP6NEQ(is->is_dst, fin->fin_fi.fi_dst);
! if ((fin->fin_fl & FI_FRAG) && (pass & FR_KEEPFRAG))
ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
return is;
}
***************
*** 880,889 ****
if (tcp == NULL)
flags = is->is_flags & (FI_CMP|(FI_CMP<<4));
! if (((fin->fin_fi.fi_fl & (flags >> 4)) != (flags & FI_CMP)) ||
! ((fin->fin_fi.fi_optmsk & is->is_optmsk) != is->is_opt) ||
! ((fin->fin_fi.fi_secmsk & is->is_secmsk) != is->is_sec) ||
! ((fin->fin_fi.fi_auth & is->is_authmsk) != is->is_auth))
return 0;
if ((flags & (FI_W_SPORT|FI_W_DPORT))) {
--- 879,888 ----
if (tcp == NULL)
flags = is->is_flags & (FI_CMP|(FI_CMP<<4));
! if (((fin->fin_fl & (flags >> 4)) != (flags & FI_CMP)) ||
! (fin->fin_fi.fi_optmsk != is->is_opt) ||
! (fin->fin_fi.fi_secmsk != is->is_sec) ||
! (fin->fin_fi.fi_auth != is->is_auth))
return 0;
if ((flags & (FI_W_SPORT|FI_W_DPORT))) {
***************
*** 933,948 ****
if (ret >= 0) {
is->is_ifp[ret] = ifp;
#ifdef _KERNEL
! strncpy(is->is_ifname[out], IFNAME(fin->fin_ifp),
! sizeof(is->is_ifname[1]));
#endif
}
- #ifdef _KERNEL
- if (ret >= 0) {
- strncpy(is->is_ifname[out], IFNAME(fin->fin_ifp),
- sizeof(is->is_ifname[1]));
- }
- #endif
fin->fin_rev = rev;
return 1;
}
--- 932,941 ----
if (ret >= 0) {
is->is_ifp[ret] = ifp;
#ifdef _KERNEL
! strncpy(is->is_ifname[ret], IFNAME(fin->fin_ifp),
! sizeof(is->is_ifname[ret]));
#endif
}
fin->fin_rev = rev;
return 1;
}
***************
*** 1219,1226 ****
frentry_t *fr;
tcphdr_t *tcp;
! if (fr_state_lock || (fin->fin_off & IP_OFFMASK) ||
! (fin->fin_fi.fi_fl & FI_SHORT))
return NULL;
is = NULL;
--- 1212,1218 ----
frentry_t *fr;
tcphdr_t *tcp;
! if (fr_state_lock || (fin->fin_off != 0) || (fin->fin_fl & FI_SHORT))
return NULL;
is = NULL;
***************
*** 1363,1369 ****
fr_delstate(is);
#endif
RWLOCK_EXIT(&ipf_state);
! if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG))
ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
return fr;
}
--- 1355,1361 ----
fr_delstate(is);
#endif
RWLOCK_EXIT(&ipf_state);
! if ((fin->fin_fl & FI_FRAG) && (pass & FR_KEEPFRAG))
ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
return fr;
}
diff -cr ip_fil3.4.19/ipf.c ip_fil3.4.20/ipf.c
*** ip_fil3.4.19/ipf.c Thu Jun 28 23:53:31 2001
--- ip_fil3.4.20/ipf.c Wed Jul 18 21:34:19 2001
***************
*** 47,53 ****
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.9 2001/06/28 13:53:31 darrenr Exp $";
#endif
#if SOLARIS
--- 47,53 ----
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.10 2001/07/18 11:34:19 darrenr Exp $";
#endif
#if SOLARIS
***************
*** 159,164 ****
--- 159,165 ----
case 'V' :
if (showversion())
exit(1);
+ break;
case 'y' :
frsync();
break;
diff -cr ip_fil3.4.19/ipl.h ip_fil3.4.20/ipl.h
*** ip_fil3.4.19/ipl.h Fri Jun 29 00:35:00 2001
--- ip_fil3.4.20/ipl.h Mon Jul 23 23:52:10 2001
***************
*** 4,15 ****
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipl.h 1.21 6/5/96
! * $Id: ipl.h,v 2.15.2.22 2001/06/28 14:35:00 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
! #define IPL_VERSION "IP Filter: v3.4.19"
#endif
--- 4,15 ----
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipl.h 1.21 6/5/96
! * $Id: ipl.h,v 2.15.2.23 2001/07/23 13:52:10 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
! #define IPL_VERSION "IP Filter: v3.4.20"
#endif
diff -cr ip_fil3.4.19/ipmon.c ip_fil3.4.20/ipmon.c
*** ip_fil3.4.19/ipmon.c Tue Jun 26 20:43:18 2001
--- ip_fil3.4.20/ipmon.c Thu Jul 19 22:24:59 2001
***************
*** 3,13 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.11 2001/06/26 10:43:18 darrenr Exp $";
- #endif
-
#ifndef SOLARIS
#define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun)
#endif
--- 3,8 ----
***************
*** 35,41 ****
# include <sys/filio.h>
# include <sys/byteorder.h>
#endif
! #include <strings.h>
#include <signal.h>
#include <stdlib.h>
#include <stddef.h>
--- 30,38 ----
# include <sys/filio.h>
# include <sys/byteorder.h>
#endif
! #if !defined(__SVR4) && !defined(__GNUC__)
! # include <strings.h>
! #endif
#include <signal.h>
#include <stdlib.h>
#include <stddef.h>
***************
*** 68,73 ****
--- 65,75 ----
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.13 2001/07/19 12:24:59 darrenr Exp $";
+ #endif
+
#if defined(sun) && !defined(SOLARIS2)
#define STRERROR(x) sys_errlist[x]
***************
*** 119,124 ****
--- 121,127 ----
static void dumphex __P((FILE *, u_char *, int));
static int read_log __P((int, int *, char *, int));
static void write_pid __P((char *));
+ static char *icmpname __P((u_int, u_int));
char *hostname __P((int, int, u_32_t *));
char *portname __P((int, char *, u_int));
***************
*** 131,137 ****
static char **protocols = NULL;
static char **udp_ports = NULL;
static char **tcp_ports = NULL;
!
#define OPT_SYSLOG 0x001
#define OPT_RESOLVE 0x002
--- 134,140 ----
static char **protocols = NULL;
static char **udp_ports = NULL;
static char **tcp_ports = NULL;
! static char *argv0 = "ipmon";
#define OPT_SYSLOG 0x001
#define OPT_RESOLVE 0x002
***************
*** 153,159 ****
#endif
! void handlehup(sig)
int sig;
{
FILE *fp;
--- 156,204 ----
#endif
! #define ICMPUNREACHNAMES 14
! static char *icmpunreachnames[ICMPUNREACHNAMES] = {
! "net",
! "host",
! "protocol",
! "port",
! "needfrag",
! "srcfail",
! "net_unknown",
! "host_unknown",
! "isolated",
! "net_prohib",
! "host_prohib",
! "tosnet",
! "toshost",
! "admin_prohibit"
! };
!
! #define ICMPTYPES 19
! static char *icmptypes[ICMPTYPES] = {
! "echoreply",
! NULL,
! NULL,
! "unreach",
! "sourcequench",
! "redirect",
! NULL,
! NULL,
! "echo",
! "routeradvert",
! "routersolicit",
! "timxceed",
! "paramprob",
! "timestamp",
! "timestampreply",
! "inforeq",
! "inforeply",
! "maskreq",
! "maskreply"
! };
!
!
! static void handlehup(sig)
int sig;
{
FILE *fp;
***************
*** 263,268 ****
--- 308,315 ----
int res, v;
u_32_t *ip;
{
+ # define MAX_INETA 16
+ static char hname[MAXHOSTNAMELEN + MAX_INETA + 3];
#ifdef USE_INET6
static char hostbuf[MAXHOSTNAMELEN+1];
#endif
***************
*** 276,283 ****
hp = gethostbyaddr((char *)ip, sizeof(ip), AF_INET);
if (!hp)
return inet_ntoa(ipa);
! return hp->h_name;
!
}
#ifdef USE_INET6
(void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1);
--- 323,330 ----
hp = gethostbyaddr((char *)ip, sizeof(ip), AF_INET);
if (!hp)
return inet_ntoa(ipa);
! sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name, inet_ntoa(ipa));
! return hname;
}
#ifdef USE_INET6
(void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1);
***************
*** 313,318 ****
--- 360,426 ----
}
+ #define TYPECODE(x,y) (((x) << 8) | (y))
+
+ static char *icmpname(type, code)
+ u_int type;
+ u_int code;
+ {
+ static char name[80];
+ char codeval[8], *s;
+ u_int typecode;
+
+ sprintf(codeval, "%d", code);
+
+ s = NULL;
+ if (type < ICMPTYPES)
+ s = icmptypes[type];
+ if (s == NULL)
+ sprintf(name, "icmptype(%d)/", type);
+ else
+ sprintf(name, "%s/", s);
+
+ if (type == ICMP_UNREACH) {
+ if (code >= ICMPUNREACHNAMES)
+ sprintf(name + strlen(name), "%d", code);
+ else
+ strcat(name, icmpunreachnames[code]);
+ } else {
+ typecode = (type << 8) | code;
+
+ switch (typecode)
+ {
+ case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_NET) :
+ strcat(name, "net");
+ break;
+ case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_HOST) :
+ strcat(name, "host");
+ break;
+ case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_TOSNET) :
+ strcat(name, "tosnet");
+ break;
+ case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_TOSHOST) :
+ strcat(name, "toshost");
+ break;
+ case TYPECODE(ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS) :
+ strcat(name, "intrans");
+ break;
+ case TYPECODE(ICMP_TIMXCEED, ICMP_TIMXCEED_REASS) :
+ strcat(name, "reass");
+ break;
+ case TYPECODE(ICMP_PARAMPROB, ICMP_PARAMPROB_OPTABSENT) :
+ strcat(name, "optabsent");
+ break;
+ default:
+ strcat(name, codeval);
+ break;
+ }
+ }
+
+ return name;
+ }
+
+
static void dumphex(log, buf, len)
FILE *log;
u_char *buf;
***************
*** 737,745 ****
ic = (struct icmp *)((char *)ip + hl);
(void) sprintf(t, "%s -> ", hostname(res, v, s));
t += strlen(t);
! (void) sprintf(t, "%s PR icmp len %hu %hu icmp %d/%d",
hostname(res, v, d), hl, plen,
! ic->icmp_type, ic->icmp_code);
if (ic->icmp_type == ICMP_UNREACH ||
ic->icmp_type == ICMP_SOURCEQUENCH ||
ic->icmp_type == ICMP_PARAMPROB ||
--- 845,853 ----
ic = (struct icmp *)((char *)ip + hl);
(void) sprintf(t, "%s -> ", hostname(res, v, s));
t += strlen(t);
! (void) sprintf(t, "%s PR icmp len %hu %hu icmp %s",
hostname(res, v, d), hl, plen,
! icmpname((u_int) ic->icmp_type, (u_int) ic->icmp_code));
if (ic->icmp_type == ICMP_UNREACH ||
ic->icmp_type == ICMP_SOURCEQUENCH ||
ic->icmp_type == ICMP_PARAMPROB ||
***************
*** 877,883 ****
if ((fd = open(file, O_RDWR)) == -1) {
(void) fprintf(stderr, "%s: open: %s\n", file,STRERROR(errno));
! exit(-1);
}
if (ioctl(fd, SIOCIPFFB, &flushed) == 0) {
--- 985,991 ----
if ((fd = open(file, O_RDWR)) == -1) {
(void) fprintf(stderr, "%s: open: %s\n", file,STRERROR(errno));
! exit(1);
}
if (ioctl(fd, SIOCIPFFB, &flushed) == 0) {
***************
*** 940,946 ****
int fd[3], doread, n, i;
int tr, nr, regular[3], c;
int fdt[3], devices = 0, make_daemon = 0;
! char buf[512], *iplfile[3], *s;
extern int optind;
extern char *optarg;
--- 1048,1054 ----
int fd[3], doread, n, i;
int tr, nr, regular[3], c;
int fdt[3], devices = 0, make_daemon = 0;
! char buf[512], *iplfile[3];
extern int optind;
extern char *optarg;
***************
*** 950,955 ****
--- 1058,1069 ----
iplfile[1] = IPNAT_NAME;
iplfile[2] = IPSTATE_NAME;
+ argv0 = strrchr(argv[0], '/');
+ if (argv0 == NULL)
+ argv0 = argv[0];
+ else
+ argv0++;
+
while ((c = getopt(argc, argv, "?abDf:FhnN:o:O:pP:sS:tvxX")) != -1)
switch (c)
{
***************
*** 1000,1012 ****
pidfile = optarg;
break;
case 's' :
! s = strrchr(argv[0], '/');
! if (s == NULL)
! s = argv[0];
! else
! s++;
! openlog(s, LOG_NDELAY|LOG_PID, LOGFAC);
! s = NULL;
opts |= OPT_SYSLOG;
log = NULL;
break;
--- 1114,1120 ----
pidfile = optarg;
break;
case 's' :
! openlog(argv0, LOG_NDELAY|LOG_PID, LOGFAC);
opts |= OPT_SYSLOG;
log = NULL;
break;
***************
*** 1030,1036 ****
default :
case 'h' :
case '?' :
! usage(argv[0]);
}
init_tabs();
--- 1138,1144 ----
default :
case 'h' :
case '?' :
! usage(argv0);
}
init_tabs();
***************
*** 1051,1063 ****
(void) fprintf(stderr,
"%s: open: %s\n", iplfile[i],
STRERROR(errno));
! exit(-1);
}
-
if (fstat(fd[i], &sb) == -1) {
(void) fprintf(stderr, "%d: fstat: %s\n",fd[i],
STRERROR(errno));
! exit(-1);
}
if (!(regular[i] = !S_ISCHR(sb.st_mode)))
devices++;
--- 1159,1172 ----
(void) fprintf(stderr,
"%s: open: %s\n", iplfile[i],
STRERROR(errno));
! exit(1);
! /* NOTREACHED */
}
if (fstat(fd[i], &sb) == -1) {
(void) fprintf(stderr, "%d: fstat: %s\n",fd[i],
STRERROR(errno));
! exit(1);
! /* NOTREACHED */
}
if (!(regular[i] = !S_ISCHR(sb.st_mode)))
devices++;
***************
*** 1068,1092 ****
logfile = argv[optind];
log = logfile ? fopen(logfile, "a") : stdout;
if (log == NULL) {
-
(void) fprintf(stderr, "%s: fopen: %s\n", argv[optind],
STRERROR(errno));
! exit(-1);
}
setvbuf(log, NULL, _IONBF, 0);
} else
log = NULL;
if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) {
! if (fork() > 0)
exit(0);
! write_pid(pidfile);
close(0);
close(1);
! close(2);
! setsid();
! } else
! write_pid(pidfile);
signal(SIGHUP, handlehup);
--- 1177,1212 ----
logfile = argv[optind];
log = logfile ? fopen(logfile, "a") : stdout;
if (log == NULL) {
(void) fprintf(stderr, "%s: fopen: %s\n", argv[optind],
STRERROR(errno));
! exit(1);
! /* NOTREACHED */
}
setvbuf(log, NULL, _IONBF, 0);
} else
log = NULL;
if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) {
! #if BSD
! daemon(0, !(opts & OPT_SYSLOG));
! #else
! int pid;
! if ((pid = fork()) > 0)
exit(0);
! if (pid < 0) {
! (void) fprintf(stderr, "%s: fork() failed: %s\n", argv0,
! STRERROR(errno));
! exit(1);
! /* NOTREACHED */
! }
! setsid();
! if ((opts & OPT_SYSLOG))
! close(2);
! #endif /* !BSD */
close(0);
close(1);
! }
! write_pid(pidfile);
signal(SIGHUP, handlehup);
***************
*** 1099,1106 ****
continue;
if (!regular[i]) {
if (ioctl(fd[i], FIONREAD, &tr) == -1) {
! perror("ioctl(FIONREAD)");
! exit(-1);
}
} else {
tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size);
--- 1219,1230 ----
continue;
if (!regular[i]) {
if (ioctl(fd[i], FIONREAD, &tr) == -1) {
! if (opts & OPT_SYSLOG)
! syslog(LOG_CRIT, "ioctl(FIONREAD): %m");
! else
! perror("ioctl(FIONREAD)");
! exit(1);
! /* NOTREACHED */
}
} else {
tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size);
***************
*** 1125,1138 ****
{
case -1 :
if (opts & OPT_SYSLOG)
! syslog(LOG_ERR, "read: %m\n");
else
perror("read");
doread = 0;
break;
case 1 :
if (opts & OPT_SYSLOG)
! syslog(LOG_ERR, "aborting logging\n");
else
fprintf(log, "aborting logging\n");
doread = 0;
--- 1249,1262 ----
{
case -1 :
if (opts & OPT_SYSLOG)
! syslog(LOG_CRIT, "read: %m\n");
else
perror("read");
doread = 0;
break;
case 1 :
if (opts & OPT_SYSLOG)
! syslog(LOG_CRIT, "aborting logging\n");
else
fprintf(log, "aborting logging\n");
doread = 0;
diff -cr ip_fil3.4.19/ipnat.c ip_fil3.4.20/ipnat.c
*** ip_fil3.4.19/ipnat.c Tue Jun 26 20:43:19 2001
--- ip_fil3.4.20/ipnat.c Thu Jul 19 01:06:33 2001
***************
*** 55,61 ****
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.8 2001/06/26 10:43:19 darrenr Exp $";
#endif
--- 55,61 ----
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.9 2001/07/18 15:06:33 darrenr Exp $";
#endif
***************
*** 303,310 ****
hostmap_t hm, *hmp, **maptable;
natstat_t ns, *nsp = &ns;
nat_t **nt[2], *np, nat;
ipnat_t ipn;
- u_int hv;
bzero((char *)&ns, sizeof(ns));
--- 303,310 ----
hostmap_t hm, *hmp, **maptable;
natstat_t ns, *nsp = &ns;
nat_t **nt[2], *np, nat;
+ u_int hv, hv1, hv2;
ipnat_t ipn;
bzero((char *)&ns, sizeof(ns));
***************
*** 363,377 ****
printf("\n\tage %lu use %hu sumd %s/",
nat.nat_age, nat.nat_use,
getsumd(nat.nat_sumd[0]));
printf("%s pr %u bkt %d/%d flags %x ",
getsumd(nat.nat_sumd[1]), nat.nat_p,
! (int)NAT_HASH_FN(nat.nat_inip.s_addr,
! nat.nat_inport,
! NAT_TABLE_SZ),
! (int)NAT_HASH_FN(nat.nat_outip.s_addr,
! nat.nat_outport,
! NAT_TABLE_SZ),
! nat.nat_flags);
#ifdef USE_QUAD_T
printf("bytes %qu pkts %qu",
(unsigned long long)nat.nat_bytes,
--- 363,383 ----
printf("\n\tage %lu use %hu sumd %s/",
nat.nat_age, nat.nat_use,
getsumd(nat.nat_sumd[0]));
+ hv1 = NAT_HASH_FN(nat.nat_inip.s_addr,
+ nat.nat_inport,
+ 0xffffffff),
+ hv1 = NAT_HASH_FN(nat.nat_oip.s_addr,
+ hv1 + nat.nat_oport,
+ NAT_TABLE_SZ),
+ hv2 = NAT_HASH_FN(nat.nat_outip.s_addr,
+ nat.nat_outport,
+ 0xffffffff),
+ hv2 = NAT_HASH_FN(nat.nat_oip.s_addr,
+ hv2 + nat.nat_oport,
+ NAT_TABLE_SZ),
printf("%s pr %u bkt %d/%d flags %x ",
getsumd(nat.nat_sumd[1]), nat.nat_p,
! hv1, hv2, nat.nat_flags);
#ifdef USE_QUAD_T
printf("bytes %qu pkts %qu",
(unsigned long long)nat.nat_bytes,
diff -cr ip_fil3.4.19/ipsend/arp.c ip_fil3.4.20/ipsend/arp.c
*** ip_fil3.4.19/ipsend/arp.c Tue Jun 26 20:43:21 2001
--- ip_fil3.4.20/ipsend/arp.c Mon Jul 16 08:00:13 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $";
- #endif
#include <stdio.h>
#include <errno.h>
#include <sys/types.h>
--- 3,8 ----
***************
*** 27,32 ****
--- 23,33 ----
#include <netinet/tcp.h>
#include "ipsend.h"
#include "iplang/iplang.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $";
+ #endif
/*
diff -cr ip_fil3.4.19/ipsend/ip.c ip_fil3.4.20/ipsend/ip.c
*** ip_fil3.4.19/ipsend/ip.c Tue Jun 26 20:43:21 2001
--- ip_fil3.4.20/ipsend/ip.c Mon Jul 16 08:00:13 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "%W% %G% (C)1995";
- static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.2 2001/06/26 10:43:21 darrenr Exp $";
- #endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
--- 3,8 ----
***************
*** 31,36 ****
--- 27,36 ----
#endif
#include "ipsend.h"
+ #if !defined(lint)
+ static const char sccsid[] = "%W% %G% (C)1995";
+ static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.3 2001/07/15 22:00:13 darrenr Exp $";
+ #endif
static char *ipbuf = NULL, *ethbuf = NULL;
diff -cr ip_fil3.4.19/ipsend/ipresend.c ip_fil3.4.20/ipsend/ipresend.c
*** ip_fil3.4.19/ipsend/ipresend.c Tue Jun 26 20:43:21 2001
--- ip_fil3.4.20/ipsend/ipresend.c Mon Jul 16 08:00:13 2001
***************
*** 8,17 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $";
- #endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
--- 8,13 ----
***************
*** 31,36 ****
--- 27,37 ----
#include <netinet/ip_var.h>
#endif
#include "ipsend.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $";
+ #endif
extern char *optarg;
diff -cr ip_fil3.4.19/ipsend/ipsend.c ip_fil3.4.20/ipsend/ipsend.c
*** ip_fil3.4.19/ipsend/ipsend.c Tue Jun 26 20:43:21 2001
--- ip_fil3.4.20/ipsend/ipsend.c Mon Jul 16 08:00:14 2001
***************
*** 8,17 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.2.2.2 2001/06/26 10:43:21 darrenr Exp $";
- #endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
--- 8,13 ----
***************
*** 33,38 ****
--- 29,39 ----
#endif
#include "ipsend.h"
#include "ipf.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.2.2.3 2001/07/15 22:00:14 darrenr Exp $";
+ #endif
extern char *optarg;
diff -cr ip_fil3.4.19/ipsend/ipsend.h ip_fil3.4.20/ipsend/ipsend.h
*** ip_fil3.4.19/ipsend/ipsend.h Tue Jun 26 20:43:22 2001
--- ip_fil3.4.20/ipsend/ipsend.h Mon Jul 16 08:00:14 2001
***************
*** 63,65 ****
--- 63,71 ----
#ifndef OPT_RAW
#define OPT_RAW 0x80000
#endif
+
+ #ifndef __STDC__
+ # ifndef const
+ # define const
+ # endif
+ #endif
diff -cr ip_fil3.4.19/ipsend/ipsopt.c ip_fil3.4.20/ipsend/ipsopt.c
*** ip_fil3.4.19/ipsend/ipsopt.c Tue Jun 26 20:43:22 2001
--- ip_fil3.4.20/ipsend/ipsopt.c Mon Jul 16 08:00:14 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
- #endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
--- 3,8 ----
***************
*** 23,35 ****
#include <arpa/inet.h>
#include "ipsend.h"
!
! #ifndef __P
! # ifdef __STDC__
! # define __P(x) x
! # else
! # define __P(x) ()
! # endif
#endif
--- 19,27 ----
#include <arpa/inet.h>
#include "ipsend.h"
! #if !defined(lint)
! static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
! static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $";
#endif
diff -cr ip_fil3.4.19/ipsend/iptest.c ip_fil3.4.20/ipsend/iptest.c
*** ip_fil3.4.19/ipsend/iptest.c Tue Jun 26 20:43:22 2001
--- ip_fil3.4.20/ipsend/iptest.c Mon Jul 16 08:00:14 2001
***************
*** 8,17 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.1 2001/06/26 10:43:22 darrenr Exp $";
- #endif
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
--- 8,13 ----
***************
*** 35,40 ****
--- 31,41 ----
#include <linux/sockios.h>
#endif
#include "ipsend.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.2 2001/07/15 22:00:14 darrenr Exp $";
+ #endif
extern char *optarg;
diff -cr ip_fil3.4.19/ipsend/iptests.c ip_fil3.4.20/ipsend/iptests.c
*** ip_fil3.4.19/ipsend/iptests.c Tue Jun 26 20:43:22 2001
--- ip_fil3.4.20/ipsend/iptests.c Mon Jul 16 08:00:14 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $";
- #endif
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
--- 3,8 ----
***************
*** 77,82 ****
--- 73,83 ----
# include <sys/sysmacros.h>
#endif
#include "ipsend.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $";
+ #endif
#define PAUSE() tv.tv_sec = 0; tv.tv_usec = 10000; \
diff -cr ip_fil3.4.19/ipsend/resend.c ip_fil3.4.20/ipsend/resend.c
*** ip_fil3.4.19/ipsend/resend.c Tue Jun 26 20:43:22 2001
--- ip_fil3.4.20/ipsend/resend.c Mon Jul 16 08:00:14 2001
***************
*** 8,17 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $";
- #endif
#include <stdio.h>
#include <netdb.h>
#include <string.h>
--- 8,13 ----
***************
*** 36,41 ****
--- 32,43 ----
# endif
#endif
#include "ipsend.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $";
+ #endif
+
extern int opts;
diff -cr ip_fil3.4.19/ipsend/sock.c ip_fil3.4.20/ipsend/sock.c
*** ip_fil3.4.19/ipsend/sock.c Tue Jun 26 20:43:22 2001
--- ip_fil3.4.20/ipsend/sock.c Mon Jul 16 08:00:14 2001
***************
*** 3,12 ****
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
- #if !defined(lint)
- static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
- static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $";
- #endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
--- 3,8 ----
***************
*** 63,68 ****
--- 59,70 ----
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include "ipsend.h"
+
+ #if !defined(lint)
+ static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
+ static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $";
+ #endif
+
int nproc;
struct proc *proc;
diff -cr ip_fil3.4.19/kmem.c ip_fil3.4.20/kmem.c
*** ip_fil3.4.19/kmem.c Tue Jun 26 20:43:19 2001
--- ip_fil3.4.20/kmem.c Mon Jul 16 08:06:16 2001
***************
*** 16,24 ****
#include <sys/file.h>
#include "kmem.h"
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
! static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.2 2001/06/26 10:43:19 darrenr Exp $";
#endif
static int kmemfd = -1;
--- 16,28 ----
#include <sys/file.h>
#include "kmem.h"
+ #ifndef __STDC__
+ # define const
+ #endif
+
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
! static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.3 2001/07/15 22:06:16 darrenr Exp $";
#endif
static int kmemfd = -1;
diff -cr ip_fil3.4.19/natparse.c ip_fil3.4.20/natparse.c
*** ip_fil3.4.19/natparse.c Tue Jun 26 20:43:20 2001
--- ip_fil3.4.20/natparse.c Wed Jul 18 00:33:09 2001
***************
*** 52,58 ****
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.10 2001/06/26 10:43:20 darrenr Exp $";
#endif
--- 52,58 ----
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.11 2001/07/17 14:33:09 darrenr Exp $";
#endif
***************
*** 556,562 ****
} else
ipn.in_pmin = 0;
} else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) {
! if (strrchr(*cpp, '/') != NULL) {
fprintf(stderr, "%d: No netmask supported in %s\n",
linenum, "destination host for redirect");
return NULL;
--- 556,562 ----
} else
ipn.in_pmin = 0;
} else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) {
! if (!*cpp || strrchr(*cpp, '/') != NULL) {
fprintf(stderr, "%d: No netmask supported in %s\n",
linenum, "destination host for redirect");
return NULL;
diff -cr ip_fil3.4.19/solaris.c ip_fil3.4.20/solaris.c
*** ip_fil3.4.19/solaris.c Wed Jun 27 02:27:16 2001
--- ip_fil3.4.20/solaris.c Thu Jul 19 00:58:28 2001
***************
*** 4,10 ****
* See the IPFILTER.LICENCE file for details on licencing.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.18 2001/06/26 16:27:16 darrenr Exp $"
#include <sys/systm.h>
#include <sys/types.h>
--- 4,10 ----
* See the IPFILTER.LICENCE file for details on licencing.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.20 2001/07/18 14:58:28 darrenr Exp $"
#include <sys/systm.h>
#include <sys/types.h>
***************
*** 798,809 ****
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
! ip6->ip6_plen = htons(plen);
} else {
# endif
__ipoff = (u_short)ip->ip_off;
! ip->ip_len = htons(plen);
ip->ip_off = ntohs(__ipoff);
# if SOLARIS2 >= 8
}
--- 798,809 ----
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
! ip6->ip6_plen = plen - sizeof(*ip6);
} else {
# endif
__ipoff = (u_short)ip->ip_off;
! ip->ip_len = plen;
ip->ip_off = ntohs(__ipoff);
# if SOLARIS2 >= 8
}
***************
*** 828,834 ****
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
! ip6->ip6_plen = htons(plen);
} else {
# endif
__ipoff = (u_short)ip->ip_off;
--- 828,834 ----
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
! ip6->ip6_plen = htons(plen - sizeof(*ip6));
} else {
# endif
__ipoff = (u_short)ip->ip_off;
***************
*** 916,922 ****
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
! ip6->ip6_plen = htons(plen);
} else {
# endif
__ipoff = (u_short)ip->ip_off;
--- 916,922 ----
#ifndef sparc
# if SOLARIS2 >= 8
if (sap == IP6_DL_SAP) {
! ip6->ip6_plen = htons(plen - sizeof(*ip6));
} else {
# endif
__ipoff = (u_short)ip->ip_off;
***************
*** 1447,1453 ****
(hdrsizes[il->ill_type][0] == il->ill_type))
qif->qf_hl = hdrsizes[il->ill_type][1];
! if (qif->qf_hl == 0)
cmn_err(CE_WARN,
"Unknown layer 2 header size for %s type %d",
il->ill_name, il->ill_type);
--- 1447,1453 ----
(hdrsizes[il->ill_type][0] == il->ill_type))
qif->qf_hl = hdrsizes[il->ill_type][1];
! if (qif->qf_hl == 0 && il->ill_type != IFT_OTHER)
cmn_err(CE_WARN,
"Unknown layer 2 header size for %s type %d",
il->ill_name, il->ill_type);
***************
*** 1800,1806 ****
* data, not the original, if and only if it is already pointing at
* the current mblk data.
*/
! if (ip == (ip_t *)qf->qf_m->b_rptr && qf->qf_m != mb)
ip = (ip_t *)mb->b_rptr;
/*
--- 1800,1806 ----
* data, not the original, if and only if it is already pointing at
* the current mblk data.
*/
! if ((ip == (ip_t *)qf->qf_m->b_rptr) && (qf->qf_m != mb))
ip = (ip_t *)mb->b_rptr;
/*
***************
*** 1882,1887 ****
--- 1882,1888 ----
if (ifp == NULL)
goto bad_fastroute;
fr = fin->fin_fr;
+
/*
* In case we're here due to "to <if>" being used with
* "keep state", check that we're going in the correct
***************
*** 1889,1895 ****
*/
if ((fr != NULL) && (fdp->fd_ifp != NULL) &&
(fin->fin_rev != 0) && (fdp == &fr->fr_tif))
! return -1;
fin->fin_ifp = ifp;
if (fin->fin_out == 0) {
--- 1890,1896 ----
*/
if ((fr != NULL) && (fdp->fd_ifp != NULL) &&
(fin->fin_rev != 0) && (fdp == &fr->fr_tif))
! return 1;
fin->fin_ifp = ifp;
if (fin->fin_out == 0) {
***************
*** 1972,1977 ****
--- 1973,1979 ----
READ_ENTER(&ipf_solaris);
READ_ENTER(&ipfs_mutex);
ipl_frouteok[0]++;
+ *mpp = NULL;
return 0;
}
}
***************
*** 1980,1985 ****
--- 1982,1988 ----
mb->b_next = NULL;
freemsg(mb);
ipl_frouteok[1]++;
+ *mpp = NULL;
return -1;
}