Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src Pull up ipf 3.4.9 (requested by veego). approved by rel...
details: https://anonhg.NetBSD.org/src/rev/c0d31cbf5ad4
branches: netbsd-1-5
changeset: 489325:c0d31cbf5ad4
user: veego <veego%NetBSD.org@localhost>
date: Thu Aug 31 14:49:46 2000 +0000
description:
Pull up ipf 3.4.9 (requested by veego). approved by releng-1-5.
basesrc/dist/ipf/HISTORY 1.8 -> 1.9
basesrc/dist/ipf/fils.c 1.9 -> 1.10
basesrc/dist/ipf/ip_sfil.c 1.5 -> 1.6
basesrc/dist/ipf/ipf.c 1.4 -> 1.5
basesrc/dist/ipf/ipmon.c 1.4 -> 1.5
basesrc/dist/ipf/ipnat.c 1.5 -> 1.6
basesrc/dist/ipf/natparse.c 1.3 -> 1.4
basesrc/dist/ipf/parse.c 1.4 -> 1.5
basesrc/dist/ipf/iplang/iplang_y.y 1.2 -> 1.3
basesrc/dist/ipf/ipsend/ipsend.1 1.2 -> 1.3
basesrc/dist/ipf/ipsend/ipsend.5 1.1 -> 1.2
syssrc/sys/netinet/fil.c 1.36 -> 1.37
syssrc/sys/netinet/ip_auth.c 1.17 -> 1.18
syssrc/sys/netinet/ip_fil.c 1.57 -> 1.58
syssrc/sys/netinet/ip_ftp_pxy.c 1.16 -> 1.17
syssrc/sys/netinet/ip_log.c 1.10 -> 1.11
syssrc/sys/netinet/ip_nat.c 1.34 -> 1.35
syssrc/sys/netinet/ip_nat.h 1.20 -> 1.21
syssrc/sys/netinet/ip_rcmd_pxy.c 1.4 -> 1.5
syssrc/sys/netinet/ip_state.c 1.26 -> 1.27
syssrc/sys/netinet/ip_state.h 1.16 -> 1.17
syssrc/sys/netinet/ipl.h 1.8 -> 1.9
Changes:
>3.4.9 08/08/2000 - Released
>
>implement new aging mechanism in fr_tcp_age()
>
>fix icmp state checking bug
>
>revamp buildsunos script and build both sparcv7/sparcv9 for Solaris
>if on an Ultra with a 64bit system & compiler (Caseper Dik)
>
>open ipfilter device read only if we know we can
>
>print out better information for ICMP packets in ipmon
>
>move checking for source spoofed packets to a point where we can generate
>logs of them
>
>return EFAULT from ircopyptr/iwcopyptr
>
>don't do ioctl(SIOCGETFS) for auth stats
>
>fix up freeing mbufs for post-4.3BSD
>
>fix returning of inc from ftp proxy
>
>fix bugs with ipfs -R/-W (Caseper Dik)
>
>3.4.8 19/07/2000 - Released
>
>create fake opt_inet6.h for FreeBSD-4 compile as LKM
>
>add #ifdef's for KLD_MODULE sanity
>
>NAT fastroute'd packets which come out of return-*
>
>fix upper/lower case crap in ftp proxy and get seq# checking fixed up.
>
>3.4.7 08/07/2000 - Released
>
>make "ipf -y" lookup NAT if's which are unknown
>
>prepend line numbers to ioctl error messages in ipf/ipnat
>
>don't apply patches to FreeBSD twice
>
>allow for ip_len to be on an unaligned boundary early on in fr_precheck
>
>fix printing of icmp code when it is 0
>
>correct printing of port numbers in map rules with from/to
>
>don't allow fr_func to be called at securelevel > 0 or rules to be added
>if securelevel > 0 if they have a non-zero fr_func.
diffstat:
dist/ipf/HISTORY | 53 +++++++
dist/ipf/fils.c | 7 +-
dist/ipf/ip_sfil.c | 29 ++-
dist/ipf/ipf.c | 46 ++++-
dist/ipf/iplang/iplang_y.y | 7 +-
dist/ipf/ipmon.c | 74 +++++++--
dist/ipf/ipnat.c | 11 +-
dist/ipf/ipsend/ipsend.1 | 4 +-
dist/ipf/ipsend/ipsend.5 | 4 +-
dist/ipf/natparse.c | 43 +++--
dist/ipf/parse.c | 29 ++-
sys/netinet/fil.c | 78 ++++++---
sys/netinet/ip_auth.c | 8 +-
sys/netinet/ip_fil.c | 35 +++-
sys/netinet/ip_ftp_pxy.c | 104 +++++++------
sys/netinet/ip_log.c | 10 +-
sys/netinet/ip_nat.c | 128 +++++++++++++----
sys/netinet/ip_nat.h | 12 +-
sys/netinet/ip_rcmd_pxy.c | 19 +-
sys/netinet/ip_state.c | 328 +++++++++++++++++++++++++++++++++++++-------
sys/netinet/ip_state.h | 8 +-
sys/netinet/ipl.h | 6 +-
22 files changed, 767 insertions(+), 276 deletions(-)
diffs (truncated from 2310 to 300 lines):
diff -r 8a50e83a893e -r c0d31cbf5ad4 dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Thu Aug 31 14:19:50 2000 +0000
+++ b/dist/ipf/HISTORY Thu Aug 31 14:49:46 2000 +0000
@@ -20,6 +20,59 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.4.9 08/08/2000 - Released
+
+implement new aging mechanism in fr_tcp_age()
+
+fix icmp state checking bug
+
+revamp buildsunos script and build both sparcv7/sparcv9 for Solaris
+if on an Ultra with a 64bit system & compiler (Caseper Dik)
+
+open ipfilter device read only if we know we can
+
+print out better information for ICMP packets in ipmon
+
+move checking for source spoofed packets to a point where we can generate
+logs of them
+
+return EFAULT from ircopyptr/iwcopyptr
+
+don't do ioctl(SIOCGETFS) for auth stats
+
+fix up freeing mbufs for post-4.3BSD
+
+fix returning of inc from ftp proxy
+
+fix bugs with ipfs -R/-W (Caseper Dik)
+
+3.4.8 19/07/2000 - Released
+
+create fake opt_inet6.h for FreeBSD-4 compile as LKM
+
+add #ifdef's for KLD_MODULE sanity
+
+NAT fastroute'd packets which come out of return-*
+
+fix upper/lower case crap in ftp proxy and get seq# checking fixed up.
+
+3.4.7 08/07/2000 - Released
+
+make "ipf -y" lookup NAT if's which are unknown
+
+prepend line numbers to ioctl error messages in ipf/ipnat
+
+don't apply patches to FreeBSD twice
+
+allow for ip_len to be on an unaligned boundary early on in fr_precheck
+
+fix printing of icmp code when it is 0
+
+correct printing of port numbers in map rules with from/to
+
+don't allow fr_func to be called at securelevel > 0 or rules to be added
+if securelevel > 0 if they have a non-zero fr_func.
+
3.4.6 11/06/2000 - Released
add extra regression tests for new nat functionality
diff -r 8a50e83a893e -r c0d31cbf5ad4 dist/ipf/fils.c
--- a/dist/ipf/fils.c Thu Aug 31 14:19:50 2000 +0000
+++ b/dist/ipf/fils.c Thu Aug 31 14:49:46 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fils.c,v 1.9 2000/05/23 06:16:44 veego Exp $ */
+/* $NetBSD: fils.c,v 1.9.4.1 2000/08/31 14:49:46 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@@ -67,7 +67,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.4 2000/05/22 12:47:38 darrenr Exp";
+static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.5 2000/07/20 14:13:30 darrenr Exp";
#endif
extern char *optarg;
@@ -211,6 +211,7 @@
opts |= OPT_ACCNT|OPT_SHOWLIST;
break;
case 'A' :
+ device = IPAUTH_NAME;
opts |= OPT_AUTHSTATS;
break;
case 'C' :
@@ -299,7 +300,7 @@
bzero((char *)&ipsst, sizeof(ipsst));
bzero((char *)&ifrst, sizeof(ifrst));
- if (ioctl(fd, SIOCGETFS, &fiop) == -1) {
+ if (!(opts & OPT_AUTHSTATS) && ioctl(fd, SIOCGETFS, &fiop) == -1) {
perror("ioctl(ipf:SIOCGETFS)");
exit(-1);
}
diff -r 8a50e83a893e -r c0d31cbf5ad4 dist/ipf/ip_sfil.c
--- a/dist/ipf/ip_sfil.c Thu Aug 31 14:19:50 2000 +0000
+++ b/dist/ipf/ip_sfil.c Thu Aug 31 14:49:46 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_sfil.c,v 1.5 2000/05/23 06:16:44 veego Exp $ */
+/* $NetBSD: ip_sfil.c,v 1.5.4.1 2000/08/31 14:49:46 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@@ -11,7 +11,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_sfil.c,v 2.23.2.2 2000/05/22 10:26:14 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_sfil.c,v 2.23.2.6 2000/08/07 12:36:19 darrenr Exp";
#endif
#include <sys/types.h>
@@ -52,6 +52,7 @@
#include "ip_nat.h"
#include "ip_frag.h"
#include "ip_auth.h"
+#include "ip_proxy.h"
#include <inet/ip_ire.h>
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
@@ -66,6 +67,7 @@
static int frzerostats __P((caddr_t));
static int frrequest __P((minor_t, int, caddr_t, int));
+static int send_ip __P((fr_info_t *fin, mblk_t *m));
kmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_hostmap;
KRWLOCK_T ipf_mutex, ipfs_mutex, ipf_solaris;
KRWLOCK_T ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth;
@@ -150,7 +152,7 @@
fr_getstat(&fio);
error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
if (error)
- return EFAULT;
+ return error;
bzero((char *)frstats, sizeof(*frstats) * 2);
@@ -229,6 +231,8 @@
case SIOCGETFF :
error = IWCOPY((caddr_t)&fr_flags, (caddr_t)data,
sizeof(fr_flags));
+ if (error)
+ error = EFAULT;
break;
case SIOCINAFR :
case SIOCRMAFR :
@@ -256,6 +260,8 @@
bzero((char *)frcache, sizeof(frcache[0]) * 2);
error = IWCOPY((caddr_t)&fr_active, (caddr_t)data,
sizeof(fr_active));
+ if (error)
+ error = EFAULT;
fr_active = 1 - fr_active;
RWLOCK_EXIT(&ipf_mutex);
}
@@ -288,6 +294,8 @@
tmp = frflush(unit, tmp);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
+ if (error)
+ error = EFAULT;
}
}
break;
@@ -309,6 +317,8 @@
tmp = ipflog_clear(unit);
error = IWCOPY((caddr_t)&tmp, (caddr_t)data,
sizeof(tmp));
+ if (error)
+ error = EFAULT;
}
break;
#endif /* IPFILTER_LOG */
@@ -321,8 +331,6 @@
case SIOCGFRST :
error = IWCOPYPTR((caddr_t)ipfr_fragstats(), (caddr_t)data,
sizeof(ipfrstat_t));
- if (error)
- error = EFAULT;
break;
case FIONREAD :
{
@@ -330,6 +338,8 @@
int copy = (int)iplused[IPL_LOGIPF];
error = IWCOPY((caddr_t)©, (caddr_t)data, sizeof(copy));
+ if (error)
+ error = EFAULT;
#endif
break;
}
@@ -517,7 +527,7 @@
* interface pointer in the comparison (fr_next, fr_ifa).
*/
for (fp->fr_cksum = 0, p = (u_int *)&fp->fr_ip, pp = &fp->fr_cksum;
- p != pp; p++)
+ p < pp; p++)
fp->fr_cksum += *p;
for (; (f = *ftail); ftail = &f->fr_next)
@@ -535,10 +545,8 @@
}
MUTEX_DOWNGRADE(&ipf_mutex);
error = IWCOPYPTR((caddr_t)f, data, sizeof(*f));
- if (error) {
- error = EFAULT;
+ if (error)
goto out;
- }
f->fr_hits = 0;
f->fr_bytes = 0;
goto out;
@@ -743,7 +751,7 @@
}
-int send_ip(fin, m)
+int static send_ip(fin, m)
fr_info_t *fin;
mblk_t *m;
{
@@ -751,6 +759,7 @@
RWLOCK_EXIT(&ipf_solaris);
#ifdef USE_INET6
if (fin->fin_v == 6) {
+ extern void ip_wput_v6 __P((queue_t *, mblk_t *));
ip6_t *ip6;
ip6 = (ip6_t *)m->b_rptr;
diff -r 8a50e83a893e -r c0d31cbf5ad4 dist/ipf/ipf.c
--- a/dist/ipf/ipf.c Thu Aug 31 14:19:50 2000 +0000
+++ b/dist/ipf/ipf.c Thu Aug 31 14:49:46 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.4 2000/05/03 11:40:16 veego Exp $ */
+/* $NetBSD: ipf.c,v 1.4.4.1 2000/08/31 14:49:46 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@@ -45,7 +45,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipf.c,v 2.10 2000/03/13 22:10:23 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.3 2000/08/07 14:54:05 darrenr Exp";
#endif
#if SOLARIS
@@ -297,9 +297,10 @@
if ((opts & OPT_ZERORULEST) &&
!(opts & OPT_DONOTHING)) {
- if (ioctl(fd, add, &fr) == -1)
+ if (ioctl(fd, add, &fr) == -1) {
+ fprintf(stderr, "%d:", linenum);
perror("ioctl(SIOCZRLST)");
- else {
+ } else {
#ifdef USE_QUAD_T
printf("hits %qd bytes %qd ",
(long long)fr->fr_hits,
@@ -312,11 +313,15 @@
}
} else if ((opts & OPT_REMOVE) &&
!(opts & OPT_DONOTHING)) {
- if (ioctl(fd, del, &fr) == -1)
+ if (ioctl(fd, del, &fr) == -1) {
+ fprintf(stderr, "%d:", linenum);
perror("ioctl(delete rule)");
+ }
} else if (!(opts & OPT_DONOTHING)) {
- if (ioctl(fd, add, &fr) == -1)
+ if (ioctl(fd, add, &fr) == -1) {
+ fprintf(stderr, "%d:", linenum);
perror("ioctl(add/insert rule)");
+ }
}
}
}
@@ -341,7 +346,7 @@
int s, len;
do {
- for (p = str, s = size;; p += len, s -= len) {
+ for (p = str, s = size;; p += (len - 1), s -= (len - 1)) {
/*
* if an error occured, EOF was encounterd, or there
* was no room to put NUL, return NULL.
@@ -349,12 +354,21 @@
if (fgets(p, s, file) == NULL)
return (NULL);
len = strlen(p);
+ if (p[len - 1] != '\n') {
+ p[len] = '\0';
+ break;
+ }
p[len - 1] = '\0';
Home |
Main Index |
Thread Index |
Old Index