Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf Resolve conflicts.
details: https://anonhg.NetBSD.org/src/rev/ceb03e2e8f2b
branches: trunk
changeset: 487734:ceb03e2e8f2b
user: veego <veego%NetBSD.org@localhost>
date: Mon Jun 12 10:43:24 2000 +0000
description:
Resolve conflicts.
diffstat:
dist/ipf/HISTORY | 22 +++++++++++++++
dist/ipf/man/ipfstat.8 | 8 +++--
dist/ipf/natparse.c | 69 +++++++++++++++++++++++++++++++++++++++----------
3 files changed, 82 insertions(+), 17 deletions(-)
diffs (205 lines):
diff -r d244c9aabb12 -r ceb03e2e8f2b dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Mon Jun 12 10:41:36 2000 +0000
+++ b/dist/ipf/HISTORY Mon Jun 12 10:43:24 2000 +0000
@@ -20,6 +20,28 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.4.6 11/06/2000 - Released
+
+add extra regression tests for new nat functionality
+
+place restrictions on using '!' in map/rdr rules
+
+fix up solaris compile problems
+
+3.4.5 10/06/2000 - Released
+
+mention -sl in ipfstat.8
+
+fix/support '!' in from/to rules (rdr) for NAT
+
+add from/to support to rdr NAT rules
+
+don't send ICMP errors in response to ICMP errors
+
+fix sunos5 compilation for "ipfstat-top" and cleanup ipfboot
+
+input accounting list used for both outbound and inbound packets
+
3.4.4 23/05/2000 - Released
don't add TCP state if it is an RST packet and (attempt) to send out
diff -r d244c9aabb12 -r ceb03e2e8f2b dist/ipf/man/ipfstat.8
--- a/dist/ipf/man/ipfstat.8 Mon Jun 12 10:41:36 2000 +0000
+++ b/dist/ipf/man/ipfstat.8 Mon Jun 12 10:43:24 2000 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipfstat.8,v 1.3 2000/05/03 11:40:19 veego Exp $
+.\" $NetBSD: ipfstat.8,v 1.4 2000/06/12 10:43:25 veego Exp $
.\"
.TH ipfstat 8
.SH NAME
@@ -101,8 +101,10 @@
protocol are specified.
.TP
.B \-s
-Show packet/flow state information (statistics) and held state information (in
-the kernel) if any is present.
+Show packet/flow state information (statistics only).
+.TP
+.B \-sl
+Show held state information (in the kernel) if any is present (no statistics).
.TP
.BR \-S \0<addrport>
This option is only valid in combination with \fB\-t\fP. Limit the state top
diff -r d244c9aabb12 -r ceb03e2e8f2b dist/ipf/natparse.c
--- a/dist/ipf/natparse.c Mon Jun 12 10:41:36 2000 +0000
+++ b/dist/ipf/natparse.c Mon Jun 12 10:43:24 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: natparse.c,v 1.2 2000/05/03 11:40:17 veego Exp $ */
+/* $NetBSD: natparse.c,v 1.3 2000/06/12 10:43:24 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@@ -56,7 +56,7 @@
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)Id: natparse.c,v 1.17.2.1 2000/04/28 18:08:00 darrenr Exp";
+static const char rcsid[] = "@(#)Id: natparse.c,v 1.17.2.4 2000/06/10 16:06:30 darrenr Exp";
#endif
@@ -105,6 +105,8 @@
printf(" %s ", np->in_ifname);
if (np->in_flags & IPN_FILTER) {
+ if (np->in_flags & IPN_NOTSRC)
+ printf("! ");
printf("from ");
if (np->in_redir == NAT_REDIRECT)
printhostmask(4, (u_32_t *)&np->in_srcip,
@@ -115,10 +117,12 @@
if (np->in_scmp)
printportcmp(np->in_p, &np->in_tuc.ftu_src);
+ if (np->in_flags & IPN_NOTDST)
+ printf(" !");
printf(" to ");
if (np->in_redir == NAT_REDIRECT)
- printhostmask(4, (u_32_t *)&np->in_inip,
- (u_32_t *)&np->in_inmsk);
+ printhostmask(4, (u_32_t *)&np->in_outip,
+ (u_32_t *)&np->in_outmsk);
else
printhostmask(4, (u_32_t *)&np->in_srcip,
(u_32_t *)&np->in_srcmsk);
@@ -134,12 +138,12 @@
printf("/%d ", bits);
else
printf("/%s ", inet_ntoa(np->in_out[1]));
+ if (np->in_pmin)
+ printf("port %d", ntohs(np->in_pmin));
+ if (np->in_pmax != np->in_pmin)
+ printf("- %d", ntohs(np->in_pmax));
}
- if (np->in_pmin)
- printf("port %d ", ntohs(np->in_pmin));
- if (np->in_pmax != np->in_pmin)
- printf("- %d ", ntohs(np->in_pmax));
- printf("-> %s", inet_ntoa(np->in_in[0]));
+ printf(" -> %s", inet_ntoa(np->in_in[0]));
if (np->in_flags & IPN_SPLIT)
printf(",%s", inet_ntoa(np->in_in[1]));
if (np->in_pnext)
@@ -314,7 +318,27 @@
ipn.in_ifname[sizeof(ipn.in_ifname) - 1] = '\0';
cpp++;
- if (!strcasecmp(*cpp, "from")) {
+ if (!strcasecmp(*cpp, "from") || (**cpp == '!')) {
+ if (!strcmp(*cpp, "!")) {
+ cpp++;
+ if (strcasecmp(*cpp, "from")) {
+ fprintf(stderr, "Missing from after !\n");
+ return NULL;
+ }
+ ipn.in_flags |= IPN_NOTSRC;
+ } else if (**cpp == '!') {
+ if (strcasecmp(*cpp + 1, "from")) {
+ fprintf(stderr, "Missing from after !\n");
+ return NULL;
+ }
+ ipn.in_flags |= IPN_NOTSRC;
+ }
+ if ((ipn.in_flags & IPN_NOTSRC) &&
+ (ipn.in_redir & (NAT_MAP|NAT_MAPBLK))) {
+ fprintf(stderr, "Cannot use '! from' with map\n");
+ return NULL;
+ }
+
ipn.in_flags |= IPN_FILTER;
cpp++;
if (ipn.in_redir == NAT_REDIRECT) {
@@ -333,23 +357,37 @@
}
}
+ if (!strcmp(*cpp, "!")) {
+ cpp++;
+ ipn.in_flags |= IPN_NOTDST;
+ } else if (**cpp == '!') {
+ (*cpp)++;
+ ipn.in_flags |= IPN_NOTDST;
+ }
+
if (strcasecmp(*cpp, "to")) {
fprintf(stderr, "%d: unexpected keyword (%s) - to\n",
linenum, *cpp);
return NULL;
}
+ if ((ipn.in_flags & IPN_NOTDST) &&
+ (ipn.in_redir & (NAT_REDIRECT))) {
+ fprintf(stderr, "Cannot use '! to' with rdr\n");
+ return NULL;
+ }
if (!*++cpp) {
fprintf(stderr, "%d: missing host after to\n", linenum);
return NULL;
}
if (ipn.in_redir == NAT_REDIRECT) {
- if (hostmask(&cpp, (u_32_t *)&ipn.in_inip,
- (u_32_t *)&ipn.in_inmsk,
+ if (hostmask(&cpp, (u_32_t *)&ipn.in_outip,
+ (u_32_t *)&ipn.in_outmsk,
&ipn.in_dport, &ipn.in_dcmp,
&ipn.in_dtop, linenum)) {
return NULL;
}
+ ipn.in_pmin = htons(ipn.in_dport);
} else {
if (hostmask(&cpp, (u_32_t *)&ipn.in_srcip,
(u_32_t *)&ipn.in_srcmsk,
@@ -675,8 +713,11 @@
return NULL;
}
cpp++;
- if (!*cpp)
+ if (!*cpp) {
+ fprintf(stderr, "%d: missing expression following portmap\n",
+ linenum);
return NULL;
+ }
if (!strcasecmp(*cpp, "tcp"))
ipn.in_flags |= IPN_TCP;
@@ -743,7 +784,7 @@
fp = stdin;
while (fgets(line, sizeof(line) - 1, fp)) {
- linenum++;
+ linenum++;
line[sizeof(line) - 1] = '\0';
if ((s = strchr(line, '\n')))
*s = '\0';
Home |
Main Index |
Thread Index |
Old Index