[src/netbsd-1-4]: src Pull up revision 1.14 (requested by darrenr):

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-4]: src Pull up revision 1.14 (requested by darrenr):
From: he <he%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 05:41:31 +0000

details:   https://anonhg.NetBSD.org/src/rev/7b2a415629ce
branches:  netbsd-1-4
changeset: 469941:7b2a415629ce
user:      he <he%NetBSD.org@localhost>
date:      Mon Dec 20 21:07:06 1999 +0000

description:
Pull up revision 1.14 (requested by darrenr):
  Update IPF to version 3.3.5.

diffstat:

 sys/netinet/ip_state.h        |  61 ++++++++++++++++++++++++++++--------------
 usr.sbin/ipf/ipftest/Makefile |   8 ++--
 usr.sbin/ipf/ipmon/Makefile   |   5 +--
 usr.sbin/ipf/ipnat/Makefile   |   6 +--
 4 files changed, 48 insertions(+), 32 deletions(-)

diffs (173 lines):

diff -r c67e39b032d2 -r 7b2a415629ce sys/netinet/ip_state.h
--- a/sys/netinet/ip_state.h    Mon Dec 20 21:07:01 1999 +0000
+++ b/sys/netinet/ip_state.h    Mon Dec 20 21:07:06 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_state.h,v 1.13 1998/11/22 15:17:20 mrg Exp $        */
+/*     $NetBSD: ip_state.h,v 1.13.4.1 1999/12/20 21:07:06 he Exp $     */
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
@@ -8,7 +8,7 @@
  * to the original author and the contributors.
  *
  * @(#)ip_state.h      1.3 1/12/96 (C) 1995 Darren Reed
- * Id: ip_state.h,v 2.0.2.14.2.8 1998/11/22 01:50:32 darrenr Exp 
+ * Id: ip_state.h,v 2.1 1999/08/04 17:30:00 darrenr Exp
  */
 
 #ifndef _NETINET_IP_STATE_H_
@@ -34,13 +34,16 @@
        u_char  ics_type;
 } icmpstate_t;
 
+typedef        struct  tcpdata {
+       u_32_t  td_end;
+       u_32_t  td_maxend;
+       u_short td_maxwin;
+} tcpdata_t;
+
 typedef        struct tcpstate {
        u_short ts_sport;
        u_short ts_dport;
-       u_long  ts_seq;
-       u_long  ts_ack;
-       u_short ts_swin;
-       u_short ts_dwin;
+       tcpdata_t ts_data[2];
        u_char  ts_state[2];
 } tcpstate_t;
 
@@ -52,16 +55,18 @@
        U_QUAD_T        is_bytes;
        void    *is_ifpin;
        void    *is_ifpout;
+       frentry_t       *is_rule;
        struct  in_addr is_src;
        struct  in_addr is_dst;
-       u_char  is_p;
-       u_char  is_flags;
-       u_32_t  is_opt;
-       u_32_t  is_optmsk;
-       u_short is_sec;
-       u_short is_secmsk;
-       u_short is_auth;
-       u_short is_authmsk;
+       u_char  is_p;                   /* Protocol */
+       u_char  is_rout;                /* Is rule in/out ? */
+       u_32_t  is_flags;
+       u_32_t  is_opt;                 /* packet options set */
+       u_32_t  is_optmsk;              /*    "      "    mask */
+       u_short is_sec;                 /* security options set */
+       u_short is_secmsk;              /*    "        "    mask */
+       u_short is_auth;                /* authentication options set */
+       u_short is_authmsk;             /*    "              "    mask */
        union {
                icmpstate_t     is_ics;
                tcpstate_t      is_ts;
@@ -70,17 +75,29 @@
 } ipstate_t;
 
 #define        is_icmp is_ps.is_ics
+#define        is_type is_icmp.ics_type
+#define        is_code is_icmp.ics_code
 #define        is_tcp  is_ps.is_ts
 #define        is_udp  is_ps.is_us
-#define        is_seq  is_tcp.ts_seq
-#define        is_ack  is_tcp.ts_ack
-#define        is_dwin is_tcp.ts_dwin
-#define        is_swin is_tcp.ts_swin
+#define is_send        is_tcp.ts_data[0].td_end
+#define is_dend        is_tcp.ts_data[1].td_end
+#define is_maxswin     is_tcp.ts_data[0].td_maxwin
+#define is_maxdwin     is_tcp.ts_data[1].td_maxwin
+#define is_maxsend     is_tcp.ts_data[0].td_maxend
+#define is_maxdend     is_tcp.ts_data[1].td_maxend
 #define        is_sport        is_tcp.ts_sport
 #define        is_dport        is_tcp.ts_dport
 #define        is_state        is_tcp.ts_state
 
 #define        TH_OPENING      (TH_SYN|TH_ACK)
+/*
+ * is_flags:
+ * Bits 0 - 3 are use as a mask with the current packet's bits to check for
+ * whether it is short, tcp/udp, a fragment or the presence of IP options.
+ * Bits 4 - 7 are set from the initial packet and contain what the packet
+ * anded with bits 0-3 must match.
+ * Bits 8,9 are used to indicate wildcard source/destination port matching.
+ */
 
 
 typedef        struct  ipslog  {
@@ -121,6 +138,7 @@
        u_long  iss_active;
        u_long  iss_logged;
        u_long  iss_logfail;
+       u_long  iss_inuse;
        ipstate_t **iss_table;
 } ips_stat_t;
 
@@ -132,13 +150,14 @@
 extern u_long  fr_tcpclosed;
 extern u_long  fr_udptimeout;
 extern u_long  fr_icmptimeout;
+extern int     fr_stateinit __P((void));
 extern int     fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *));
-extern int     fr_addstate __P((ip_t *, fr_info_t *, u_int));
-extern int     fr_checkstate __P((ip_t *, fr_info_t *));
+extern ipstate_t       *fr_addstate __P((ip_t *, fr_info_t *, u_int));
+extern frentry_t       *fr_checkstate __P((ip_t *, fr_info_t *));
 extern void    fr_timeoutstate __P((void));
 extern void    fr_tcp_age __P((u_long *, u_char *, ip_t *, fr_info_t *, int));
 extern void    fr_stateunload __P((void));
-extern void    ipstate_log __P((struct ipstate *, u_short));
+extern void    ipstate_log __P((struct ipstate *, u_int));
 #if defined(__NetBSD__) || defined(__OpenBSD__)
 extern int     fr_state_ioctl __P((caddr_t, u_long, int));
 #else
diff -r c67e39b032d2 -r 7b2a415629ce usr.sbin/ipf/ipftest/Makefile
--- a/usr.sbin/ipf/ipftest/Makefile     Mon Dec 20 21:07:01 1999 +0000
+++ b/usr.sbin/ipf/ipftest/Makefile     Mon Dec 20 21:07:06 1999 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.13 1997/11/11 10:14:42 veego Exp $
+#      $NetBSD: Makefile,v 1.13.2.1 1999/12/20 21:07:07 he Exp $
 
 PROG=  ipftest
-SRCS=  ipt.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c opt.c ipft_tx.c misc.c ip_frag.c ip_state.c ip_nat.c ipft_hx.c ip_fil.c fil.c parse.c ip_proxy.c ip_auth.c
+SRCS=  ipt.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c opt.c ipft_tx.c misc.c ip_frag.c ip_state.c ip_nat.c ipft_hx.c ip_fil.c fil.c parse.c facpri.c ip_proxy.c ip_auth.c natparse.c
 MAN=   ipftest.1
-CPPFLAGS+=-I${.CURDIR} -I${.CURDIR}/../ipf
+CPPFLAGS+=-I${.CURDIR}/../../../dist/ipf
 
-.PATH: ${.CURDIR}/../ipf ${.CURDIR}/../../../sys/netinet
+.PATH: ${.CURDIR}/../../../sys/netinet
 .include <bsd.prog.mk>
diff -r c67e39b032d2 -r 7b2a415629ce usr.sbin/ipf/ipmon/Makefile
--- a/usr.sbin/ipf/ipmon/Makefile       Mon Dec 20 21:07:01 1999 +0000
+++ b/usr.sbin/ipf/ipmon/Makefile       Mon Dec 20 21:07:06 1999 +0000
@@ -1,8 +1,7 @@
-#      $NetBSD: Makefile,v 1.13 1997/10/25 06:58:11 lukem Exp $
+#      $NetBSD: Makefile,v 1.13.2.1 1999/12/20 21:07:07 he Exp $
 
 PROG=  ipmon
 MAN=   ipmon.8
-CPPFLAGS+=-DLOGFAC=LOG_LOCAL0 -I${.CURDIR}/../ipf
+CPPFLAGS+=-DLOGFAC=LOG_LOCAL0
 
-.PATH: ${.CURDIR}/../ipf
 .include <bsd.prog.mk>
diff -r c67e39b032d2 -r 7b2a415629ce usr.sbin/ipf/ipnat/Makefile
--- a/usr.sbin/ipf/ipnat/Makefile       Mon Dec 20 21:07:01 1999 +0000
+++ b/usr.sbin/ipf/ipnat/Makefile       Mon Dec 20 21:07:06 1999 +0000
@@ -1,10 +1,8 @@
-#      $NetBSD: Makefile,v 1.13 1998/01/24 19:15:32 veego Exp $
+#      $NetBSD: Makefile,v 1.13.2.1 1999/12/20 21:07:07 he Exp $
 
 PROG=  ipnat
-SRCS=  kmem.c ipnat.c
+SRCS=  kmem.c ipnat.c natparse.c
 MAN=   ipnat.8 ipnat.4 ipnat.5
 MLINKS=        ipnat.5 ipnat.conf.5
-CPPFLAGS+=-I${.CURDIR}/../ipf -I${.CURDIR}/../ipfstat
 
-.PATH: ${.CURDIR}/../ipf ${.CURDIR}/../ipfstat
 .include <bsd.prog.mk>

Prev by Date: [src/netbsd-1-4]: src Pull up revision 1.13 (requested by darrenr):
Next by Date: [src/netbsd-1-4]: src/sys/netinet Pull up revision 1.15 (requested by darrenr):
Previous by Thread: [src/netbsd-1-4]: src Pull up revision 1.13 (requested by darrenr):
Next by Thread: [src/netbsd-1-4]: src/sys/netinet Pull up revision 1.15 (requested by darrenr):
Indexes:

Home | Main Index | Thread Index | Old Index