Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src Pull up revision 1.12 (requested by darrenr):
details: https://anonhg.NetBSD.org/src/rev/3252c6c7fc66
branches: netbsd-1-4
changeset: 469939:3252c6c7fc66
user: he <he%NetBSD.org@localhost>
date: Mon Dec 20 21:06:55 1999 +0000
description:
Pull up revision 1.12 (requested by darrenr):
Update IPF to version 3.3.5.
diffstat:
sys/netinet/ip_auth.c | 67 +++++++++++----
sys/netinet/ip_ftp_pxy.c | 175 +++++++++++++++++++++++++----------------
usr.sbin/ipf/ipfstat/Makefile | 6 +-
usr.sbin/ipf/ipsend/Makefile | 16 +++-
usr.sbin/ipf/iptest/Makefile | 6 +-
5 files changed, 170 insertions(+), 100 deletions(-)
diffs (truncated from 621 to 300 lines):
diff -r 6f691c18cecc -r 3252c6c7fc66 sys/netinet/ip_auth.c
--- a/sys/netinet/ip_auth.c Mon Dec 20 21:06:47 1999 +0000
+++ b/sys/netinet/ip_auth.c Mon Dec 20 21:06:55 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_auth.c,v 1.11 1999/02/02 19:57:31 cjs Exp $ */
+/* $NetBSD: ip_auth.c,v 1.11.2.1 1999/12/20 21:06:55 he Exp $ */
/*
* Copyright (C) 1998 by Darren Reed & Guido van Rooij.
@@ -9,9 +9,9 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_auth.c,v 1.11 1999/02/02 19:57:31 cjs Exp $";
+static const char rcsid[] = "$NetBSD: ip_auth.c,v 1.11.2.1 1999/12/20 21:06:55 he Exp $";
#else
-static const char rcsid[] = "@(#)Id: ip_auth.c,v 2.0.2.21.2.7 1998/11/22 01:50:19 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ip_auth.c,v 2.1.2.1 1999/09/28 11:44:04 darrenr Exp ";
#endif
#endif
@@ -46,34 +46,39 @@
#else
# include <sys/filio.h>
# include <sys/byteorder.h>
-# include <sys/dditypes.h>
+# ifdef _KERNEL
+# include <sys/dditypes.h>
+# endif
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
+#if _BSDI_VERSION >= 199802
+# include <sys/queue.h>
+#endif
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(bsdi)
# include <machine/cpu.h>
#endif
#include <net/if.h>
#ifdef sun
-#include <net/af.h>
+# include <net/af.h>
#endif
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef KERNEL
-#define KERNEL
-#define NOT_KERNEL
+# define KERNEL
+# define NOT_KERNEL
#endif
#ifndef linux
# include <netinet/ip_var.h>
#endif
#ifdef NOT_KERNEL
-#undef KERNEL
+# undef KERNEL
#endif
#ifdef __sgi
# ifdef IFF_DRVRLOCK /* IRIX6 */
-#include <sys/hashing.h>
+# include <sys/hashing.h>
# endif
#endif
#include <netinet/tcp.h>
@@ -81,6 +86,9 @@
extern struct ifqueue ipintrq; /* ip packet input queue */
#else
# ifndef linux
+# if __FreeBSD_version >= 300000
+# include <net/if_var.h>
+# endif
# include <netinet/in_var.h>
# include <netinet/tcp_fsm.h>
# endif
@@ -97,6 +105,14 @@
# include <machine/cpufunc.h>
# endif
#endif
+#if (__FreeBSD_version >= 300000)
+# include <sys/malloc.h>
+# if (defined(_KERNEL) || defined(KERNEL)) && !defined(IPFILTER_LKM)
+# include <sys/libkern.h>
+# include <sys/systm.h>
+# endif
+#endif
+
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
@@ -126,7 +142,7 @@
* authorization result and that would result in a feedback loop (i.e. it
* will end up returning FR_AUTH) then return FR_BLOCK instead.
*/
-int fr_checkauth(ip, fin)
+u_32_t fr_checkauth(ip, fin)
ip_t *ip;
fr_info_t *fin;
{
@@ -200,15 +216,16 @@
int i;
WRITE_ENTER(&ipf_auth);
- if ((fr_authstart > fr_authend) && (fr_authstart - fr_authend == -1)) {
+ if (fr_authstart > fr_authend) {
fr_authstats.fas_nospace++;
RWLOCK_EXIT(&ipf_auth);
return 0;
- }
- if (fr_authend - fr_authstart == FR_NUMAUTH - 1) {
- fr_authstats.fas_nospace++;
- RWLOCK_EXIT(&ipf_auth);
- return 0;
+ } else {
+ if ((fr_authstart == 0) && (fr_authend == FR_NUMAUTH - 1)) {
+ fr_authstats.fas_nospace++;
+ RWLOCK_EXIT(&ipf_auth);
+ return 0;
+ }
}
fr_authstats.fas_added++;
@@ -305,24 +322,27 @@
KFREE(fae);
}
} else {
- KMALLOC(fae, frauthent_t *, sizeof(*fae));
+ KMALLOC(fae, frauthent_t *);
if (fae != NULL) {
IRCOPY((char *)data, (char *)&fae->fae_fr,
sizeof(fae->fae_fr));
WRITE_ENTER(&ipf_auth);
- if (!fae->fae_age)
- fae->fae_age = fr_defaultauthage;
+ fae->fae_age = fr_defaultauthage;
fae->fae_fr.fr_hits = 0;
fae->fae_fr.fr_next = *frptr;
*frptr = &fae->fae_fr;
fae->fae_next = *faep;
*faep = fae;
+ ipauth = &fae_list->fae_fr;
RWLOCK_EXIT(&ipf_auth);
} else
error = ENOMEM;
}
break;
case SIOCATHST:
+ READ_ENTER(&ipf_auth);
+ fr_authstats.fas_faelist = fae_list;
+ RWLOCK_EXIT(&ipf_auth);
IWCOPY((char *)&fr_authstats, data, sizeof(fr_authstats));
break;
case SIOCAUTHW:
@@ -382,7 +402,12 @@
# if SOLARIS
error = fr_qout(fr_auth[i].fra_q, m);
# else /* SOLARIS */
+# if _BSDI_VERSION >= 199802
+ error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL,
+ NULL);
+# else
error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL);
+# endif
# endif /* SOLARIS */
if (error)
fr_authstats.fas_sendfail++;
@@ -472,6 +497,7 @@
*faep = fae->fae_next;
KFREE(fae);
}
+ ipauth = NULL;
RWLOCK_EXIT(&ipf_auth);
}
@@ -503,13 +529,14 @@
}
for (faep = &fae_list; (fae = *faep); ) {
- if (!--fra->fra_age) {
+ if (!--fae->fae_age) {
*faep = fae->fae_next;
KFREE(fae);
fr_authstats.fas_expire++;
} else
faep = &fae->fae_next;
}
+ ipauth = &fae_list->fae_fr;
RWLOCK_EXIT(&ipf_auth);
SPL_X(s);
}
diff -r 6f691c18cecc -r 3252c6c7fc66 sys/netinet/ip_ftp_pxy.c
--- a/sys/netinet/ip_ftp_pxy.c Mon Dec 20 21:06:47 1999 +0000
+++ b/sys/netinet/ip_ftp_pxy.c Mon Dec 20 21:06:55 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_ftp_pxy.c,v 1.11 1998/11/22 23:30:36 mrg Exp $ */
+/* $NetBSD: ip_ftp_pxy.c,v 1.11.4.1 1999/12/20 21:06:55 he Exp $ */
/*
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
@@ -18,27 +18,25 @@
#define IPF_MAX227LEN 51
-int ippr_ftp_init __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_ftp_init __P((void));
int ippr_ftp_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
-int ippr_ftp_portmsg __P((fr_info_t *, ip_t *, nat_t *nat));
-int ippr_ftp_pasvmsg __P((fr_info_t *, ip_t *, tcphdr_t *, nat_t *));
+int ippr_ftp_portmsg __P((fr_info_t *, ip_t *, nat_t *));
+int ippr_ftp_pasvmsg __P((fr_info_t *, ip_t *, nat_t *));
+
u_short ipf_ftp_atoi __P((char **));
+static frentry_t natfr;
+
/*
- * FTP application proxy initialization.
+ * Initialize local structures.
*/
-int ippr_ftp_init(fin, ip, aps, nat)
-fr_info_t *fin;
-ip_t *ip;
-ap_session_t *aps;
-nat_t *nat;
+int ippr_ftp_init()
{
- tcphdr_t *tcp = (tcphdr_t *)fin->fin_dp;
-
- aps->aps_sport = tcp->th_sport;
- aps->aps_dport = tcp->th_dport;
+ bzero((char *)&natfr, sizeof(natfr));
+ natfr.fr_ref = 1;
+ natfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
return 0;
}
@@ -78,11 +76,12 @@
nat_t *nat;
{
char portbuf[IPF_MAXPORTLEN + 1], newbuf[IPF_MAXPORTLEN + 1], *s;
- int off, olen, dlen, nlen = 0, inc = 0;
+ tcphdr_t *tcp, tcph, *tcp2 = &tcph;
+ size_t nlen = 0, dlen, olen;
+ u_short a5, a6, sp, dp;
u_int a1, a2, a3, a4;
- tcphdr_t *tcp, tcph, *tcp2 = &tcph;
struct in_addr swip;
- u_short a5, a6, sp, dp;
+ int off, inc = 0;
fr_info_t fi;
nat_t *ipn;
mb_t *m;
@@ -91,23 +90,26 @@
#endif
tcp = (tcphdr_t *)fin->fin_dp;
+ bzero(portbuf, sizeof(portbuf));
off = (ip->ip_hl << 2) + (tcp->th_off << 2);
- m = *(mb_t **)fin->fin_mp;
#if SOLARIS
m = fin->fin_qfm;
dlen = msgdsize(m) - off;
- bzero(portbuf, sizeof(portbuf));
- copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
+ if (dlen > 0)
+ copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#else
+ m = *(mb_t **)fin->fin_mp;
+
dlen = mbufchainlen(m) - off;
- bzero(portbuf, sizeof(portbuf));
- m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
+ if (dlen > 0)
+ m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#endif
+ if (dlen == 0)
+ return 0;
portbuf[sizeof(portbuf) - 1] = '\0';
*newbuf = '\0';
-
if (!strncmp(portbuf, "PORT ", 5)) {
if (dlen < IPF_MINPORTLEN)
return 0;
@@ -140,14 +142,18 @@
a5 = ipf_ftp_atoi(&s);
if (!s)
return 0;
+ if (*s == ')')
+ s++;
/*
* check for CR-LF at the end.
*/
- if (((*s == '\r') && (*(s + 1) == '\n')) ||
Home |
Main Index |
Thread Index |
Old Index