Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Resolve conflicts.
details: https://anonhg.NetBSD.org/src/rev/dfbca93936f8
branches: trunk
changeset: 485692:dfbca93936f8
user: veego <veego%NetBSD.org@localhost>
date: Wed May 03 11:12:03 2000 +0000
description:
Resolve conflicts.
diffstat:
sys/lkm/netinet/if_ipl/Makefile | 4 +-
sys/lkm/netinet/if_ipl/mln_ipl.c | 4 +-
sys/netinet/fil.c | 675 +++++++++++++++++++++------
sys/netinet/ip_auth.c | 64 +-
sys/netinet/ip_auth.h | 7 +-
sys/netinet/ip_compat.h | 227 +++++++-
sys/netinet/ip_fil.c | 609 +++++++++++++++++-------
sys/netinet/ip_fil.h | 220 +++++---
sys/netinet/ip_frag.c | 111 ++-
sys/netinet/ip_frag.h | 8 +-
sys/netinet/ip_ftp_pxy.c | 190 +++++++-
sys/netinet/ip_log.c | 197 ++++---
sys/netinet/ip_nat.c | 940 +++++++++++++++++++++++++++++---------
sys/netinet/ip_nat.h | 112 +++-
sys/netinet/ip_proxy.c | 99 +++-
sys/netinet/ip_proxy.h | 23 +-
sys/netinet/ip_raudio_pxy.c | 18 +-
sys/netinet/ip_rcmd_pxy.c | 5 +-
sys/netinet/ip_state.c | 949 ++++++++++++++++++++++++++++----------
sys/netinet/ip_state.h | 71 ++-
sys/netinet/ipl.h | 7 +-
21 files changed, 3334 insertions(+), 1206 deletions(-)
diffs (truncated from 7823 to 300 lines):
diff -r 5b8eda111edf -r dfbca93936f8 sys/lkm/netinet/if_ipl/Makefile
--- a/sys/lkm/netinet/if_ipl/Makefile Wed May 03 11:07:58 2000 +0000
+++ b/sys/lkm/netinet/if_ipl/Makefile Wed May 03 11:12:03 2000 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.11 1999/12/12 11:18:46 veego Exp $
+# $NetBSD: Makefile,v 1.12 2000/05/03 11:12:03 veego Exp $
.include "../Makefile.inc"
.PATH: $S/netinet
-CPPFLAGS+= -DIPFILTER_LOG -I$S/netinet
+CPPFLAGS+= -DIPFILTER_LOG -I$S/netinet -DUSE_INET6
KMOD= if_ipl
SRCS= ip_fil.c fil.c mln_ipl.c ip_nat.c ip_frag.c ip_state.c ip_proxy.c \
ip_auth.c ip_log.c
diff -r 5b8eda111edf -r dfbca93936f8 sys/lkm/netinet/if_ipl/mln_ipl.c
--- a/sys/lkm/netinet/if_ipl/mln_ipl.c Wed May 03 11:07:58 2000 +0000
+++ b/sys/lkm/netinet/if_ipl/mln_ipl.c Wed May 03 11:12:03 2000 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: mln_ipl.c,v 1.22 1999/12/12 11:18:46 veego Exp $ */
+/* $NetBSD: mln_ipl.c,v 1.23 2000/05/03 11:12:04 veego Exp $ */
/*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
diff -r 5b8eda111edf -r dfbca93936f8 sys/netinet/fil.c
--- a/sys/netinet/fil.c Wed May 03 11:07:58 2000 +0000
+++ b/sys/netinet/fil.c Wed May 03 11:12:03 2000 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: fil.c,v 1.30 2000/03/30 13:24:51 augustss Exp $ */
+/* $NetBSD: fil.c,v 1.31 2000/05/03 11:12:05 veego Exp $ */
/*
- * Copyright (C) 1993-1998 by Darren Reed.
+ * Copyright (C) 1993-2000 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
@@ -9,19 +9,27 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: fil.c,v 1.30 2000/03/30 13:24:51 augustss Exp $";
+static const char rcsid[] = "$NetBSD: fil.c,v 1.31 2000/05/03 11:12:05 veego Exp $";
#else
-static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)Id: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp";
+static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.4 2000/04/28 15:38:32 darrenr Exp";
#endif
#endif
+#if defined(_KERNEL) && defined(__FreeBSD_version) && \
+ (__FreeBSD_version >= 400000) && !defined(KLD_MODULE)
+#include "opt_inet6.h"
+#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
-#if defined(KERNEL) && defined(__FreeBSD_version) && \
+#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
+ defined(_KERNEL) && !defined(_LKM)
+# include "opt_ipfilter_log.h"
+#endif
+#if (defined(KERNEL) || defined(_KERNEL)) && defined(__FreeBSD_version) && \
(__FreeBSD_version >= 220000)
# include <sys/filio.h>
# include <sys/fcntl.h>
@@ -70,6 +78,12 @@
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include "netinet/ip_compat.h"
+#ifdef USE_INET6
+# include <netinet/icmp6.h>
+# if !SOLARIS && defined(_KERNEL)
+# include <netinet6/in6_var.h>
+# endif
+#endif
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
#include "netinet/ip_proxy.h"
@@ -93,18 +107,12 @@
# include "ipt.h"
extern int opts;
-# define FR_IFVERBOSE(ex,second,verb_pr) if (ex) { verbose verb_pr; \
- second; }
-# define FR_IFDEBUG(ex,second,verb_pr) if (ex) { debug verb_pr; \
- second; }
# define FR_VERBOSE(verb_pr) verbose verb_pr
# define FR_DEBUG(verb_pr) debug verb_pr
# define SEND_RESET(ip, qif, if, m, fin) send_reset(ip, if)
# define IPLLOG(a, c, d, e) ipllog()
# define FR_NEWAUTH(m, fi, ip, qif) fr_newauth((mb_t *)m, fi, ip)
#else /* #ifndef _KERNEL */
-# define FR_IFVERBOSE(ex,second,verb_pr) ;
-# define FR_IFDEBUG(ex,second,verb_pr) ;
# define FR_VERBOSE(verb_pr)
# define FR_DEBUG(verb_pr)
# define IPLLOG(a, c, d, e) ipflog(a, c, d, e)
@@ -116,27 +124,24 @@
# define FR_NEWAUTH(m, fi, ip, qif) fr_newauth((mb_t *)m, fi, \
ip, qif)
# define SEND_RESET(ip, qif, if, fin) send_reset(fin, ip, qif)
-# define ICMP_ERROR(b, ip, t, c, if, dst) \
- icmp_error(ip, t, c, if, dst)
# else /* SOLARIS */
# define FR_NEWAUTH(m, fi, ip, qif) fr_newauth((mb_t *)m, fi, ip)
-# ifdef linux
-# define SEND_RESET(ip, qif, if, fin) send_reset(ip, ifp)
-# define ICMP_ERROR(b, ip, t, c, if, dst) icmp_send(b,t,c,0,if)
-# else
-# define SEND_RESET(ip, qif, if, fin) send_reset(fin, ip)
-# define ICMP_ERROR(b, ip, t, c, if, dst) \
- send_icmp_err(ip, t, c, if, dst)
-# endif /* linux */
+# define SEND_RESET(ip, qif, if, fin) send_reset(fin, ip)
# endif /* SOLARIS || __sgi */
#endif /* _KERNEL */
struct filterstats frstats[2] = {{0,0,0,0,0},{0,0,0,0,0}};
struct frentry *ipfilter[2][2] = { { NULL, NULL }, { NULL, NULL } },
+#ifdef USE_INET6
+ *ipfilter6[2][2] = { { NULL, NULL }, { NULL, NULL } },
+ *ipacct6[2][2] = { { NULL, NULL }, { NULL, NULL } },
+#endif
*ipacct[2][2] = { { NULL, NULL }, { NULL, NULL } };
struct frgroup *ipfgroups[3][2];
-int fr_flags = IPF_LOGGING, fr_active = 0;
+int fr_flags = IPF_LOGGING;
+int fr_active = 0;
+int fr_chksrc = 0;
#if defined(IPFILTER_DEFAULT_BLOCK)
int fr_pass = FR_NOMATCH|FR_BLOCK;
#else
@@ -146,7 +151,6 @@
fr_info_t frcache[2];
-static int fr_tcpudpchk __P((frentry_t *, fr_info_t *));
static int frflushlist __P((int, minor_t, int *, frentry_t **));
#ifdef _KERNEL
static void frsynclist __P((frentry_t *));
@@ -203,12 +207,12 @@
ip_t *ip;
fr_info_t *fin;
{
- struct optlist *op;
- tcphdr_t *tcp;
+ u_short optmsk = 0, secmsk = 0, auth = 0;
+ int i, mv, ol, off, p, plen, v;
fr_ip_t *fi = &fin->fin_fi;
- u_short optmsk = 0, secmsk = 0, auth = 0;
- int i, mv, ol, off;
+ struct optlist *op;
u_char *s, opt;
+ tcphdr_t *tcp;
fin->fin_rev = 0;
fin->fin_fr = NULL;
@@ -217,25 +221,59 @@
fin->fin_data[1] = 0;
fin->fin_rule = -1;
fin->fin_group = -1;
- fin->fin_id = ip->ip_id;
#ifdef _KERNEL
fin->fin_icode = ipl_unreach;
#endif
- fi->fi_v = ip->ip_v;
- fi->fi_tos = ip->ip_tos;
+ v = fin->fin_v;
+ fi->fi_v = v;
fin->fin_hlen = hlen;
- fin->fin_dlen = ip->ip_len - hlen;
- tcp = (tcphdr_t *)((char *)ip + hlen);
+ if (v == 4) {
+ fin->fin_id = ip->ip_id;
+ fi->fi_tos = ip->ip_tos;
+ off = (ip->ip_off & IP_OFFMASK) << 3;
+ tcp = (tcphdr_t *)((char *)ip + hlen);
+ (*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
+ fi->fi_src.i6[1] = 0;
+ fi->fi_src.i6[2] = 0;
+ fi->fi_src.i6[3] = 0;
+ fi->fi_dst.i6[1] = 0;
+ fi->fi_dst.i6[2] = 0;
+ fi->fi_dst.i6[3] = 0;
+ fi->fi_saddr = ip->ip_src.s_addr;
+ fi->fi_daddr = ip->ip_dst.s_addr;
+ p = ip->ip_p;
+ fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0;
+ if (ip->ip_off & 0x3fff)
+ fi->fi_fl |= FI_FRAG;
+ plen = ip->ip_len;
+ fin->fin_dlen = plen - hlen;
+ }
+#ifdef USE_INET6
+ else if (v == 6) {
+ ip6_t *ip6 = (ip6_t *)ip;
+
+ off = 0;
+ p = ip6->ip6_nxt;
+ fi->fi_p = p;
+ fi->fi_ttl = ip6->ip6_hlim;
+ tcp = (tcphdr_t *)(ip6 + 1);
+ fi->fi_src.in6 = ip6->ip6_src;
+ fi->fi_dst.in6 = ip6->ip6_dst;
+ fin->fin_id = (u_short)(ip6->ip6_flow & 0xffff);
+ fi->fi_tos = 0;
+ fi->fi_fl = 0;
+ plen = ntohs(ip6->ip6_plen);
+ fin->fin_dlen = plen;
+ }
+#endif
+ else
+ return;
+
+ fin->fin_off = off;
+ fin->fin_plen = plen;
fin->fin_dp = (void *)tcp;
- (*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
- fi->fi_src.s_addr = ip->ip_src.s_addr;
- fi->fi_dst.s_addr = ip->ip_dst.s_addr;
- fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0;
- off = (ip->ip_off & IP_OFFMASK) << 3;
- if (ip->ip_off & 0x3fff)
- fi->fi_fl |= FI_FRAG;
- switch (ip->ip_p)
+ switch (p)
{
case IPPROTO_ICMP :
{
@@ -247,13 +285,19 @@
if (!off && (icmp->icmp_type == ICMP_ECHOREPLY ||
icmp->icmp_type == ICMP_ECHO))
minicmpsz = ICMP_MINLEN;
- if (!off && (icmp->icmp_type == ICMP_TSTAMP ||
- icmp->icmp_type == ICMP_TSTAMPREPLY))
- minicmpsz = 20; /* type(1) + code(1) + cksum(2) + id(2) + seq(2) + 3*timestamp(3*4) */
- if (!off && (icmp->icmp_type == ICMP_MASKREQ ||
- icmp->icmp_type == ICMP_MASKREPLY))
- minicmpsz = 12; /* type(1) + code(1) + cksum(2) + id(2) + seq(2) + mask(4) */
- if ((!(ip->ip_len >= hlen + minicmpsz) && !off) ||
+
+ /* type(1) + code(1) + cksum(2) + id(2) seq(2) +
+ * 3*timestamp(3*4) */
+ else if (!off && (icmp->icmp_type == ICMP_TSTAMP ||
+ icmp->icmp_type == ICMP_TSTAMPREPLY))
+ minicmpsz = 20;
+
+ /* type(1) + code(1) + cksum(2) + id(2) seq(2) + mask(4) */
+ else if (!off && (icmp->icmp_type == ICMP_MASKREQ ||
+ icmp->icmp_type == ICMP_MASKREPLY))
+ minicmpsz = 12;
+
+ if ((!(plen >= hlen + minicmpsz) && !off) ||
(off && off < sizeof(struct icmp)))
fi->fi_fl |= FI_SHORT;
if (fin->fin_dlen > 1)
@@ -262,16 +306,16 @@
}
case IPPROTO_TCP :
fi->fi_fl |= FI_TCPUDP;
- if ((!IPMINLEN(ip, tcphdr) && !off) ||
- (off && off < sizeof(struct tcphdr)))
+ if ((v == 4) && ((!IPMINLEN(ip, tcphdr) && !off) ||
+ (off && off < sizeof(struct tcphdr))))
fi->fi_fl |= FI_SHORT;
if (!(fi->fi_fl & FI_SHORT) && !off)
fin->fin_tcpf = tcp->th_flags;
goto getports;
case IPPROTO_UDP :
fi->fi_fl |= FI_TCPUDP;
- if ((!IPMINLEN(ip, udphdr) && !off) ||
- (off && off < sizeof(struct udphdr)))
+ if ((v == 4) && ((!IPMINLEN(ip, udphdr) && !off) ||
+ (off && off < sizeof(struct udphdr))))
fi->fi_fl |= FI_SHORT;
getports:
if (!off && (fin->fin_dlen > 3)) {
@@ -283,6 +327,14 @@
break;
}
+#ifdef USE_INET6
+ if (v == 6) {
+ fi->fi_optmsk = 0;
+ fi->fi_secmsk = 0;
+ fi->fi_auth = 0;
+ return;
+ }
+#endif
Home |
Main Index |
Thread Index |
Old Index