Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf Resolve conflicts and remove some files.
details: https://anonhg.NetBSD.org/src/rev/403eec3d8903
branches: trunk
changeset: 485697:403eec3d8903
user: veego <veego%NetBSD.org@localhost>
date: Wed May 03 11:40:15 2000 +0000
description:
Resolve conflicts and remove some files.
diffstat:
dist/ipf/FreeBSD-4.0/ipv6-patch | 61 --
dist/ipf/FreeBSD-4.0/kinstall | 50 --
dist/ipf/FreeBSD-4.0/unkinstall | 48 --
dist/ipf/HISTORY | 120 +++++-
dist/ipf/SunOS4/mkroutes | 35 -
dist/ipf/SunOS4/rc.ipf | 41 -
dist/ipf/SunOS4/reload | 21 -
dist/ipf/facpri.c | 2 +-
dist/ipf/facpri.h | 2 +-
dist/ipf/fils.c | 857 +++++++++++++++++++++++++++++++++------
dist/ipf/ip_lfil.c | 72 +-
dist/ipf/ip_sfil.c | 444 +++++++++++++-------
dist/ipf/ipf.c | 56 +-
dist/ipf/ipf.h | 2 +-
dist/ipf/ipft_ef.c | 2 +-
dist/ipf/ipft_hx.c | 2 +-
dist/ipf/ipft_pc.c | 2 +-
dist/ipf/ipft_sn.c | 2 +-
dist/ipf/ipft_td.c | 2 +-
dist/ipf/ipft_tx.c | 2 +-
dist/ipf/iplang/iplang_l.l | 38 +-
dist/ipf/iplang/iplang_y.y | 2 +-
dist/ipf/ipmon.c | 152 ++++--
dist/ipf/ipnat.c | 156 ++-----
dist/ipf/ipsend/ipsend.c | 2 +-
dist/ipf/ipsend/iptest.c | 2 +-
dist/ipf/ipt.c | 30 +-
dist/ipf/ipt.h | 2 +-
dist/ipf/kmem.c | 2 +-
dist/ipf/kmem.h | 2 +-
dist/ipf/man/ipf.8 | 2 +-
dist/ipf/man/ipfstat.8 | 98 ++++-
dist/ipf/man/ipmon.8 | 23 +-
dist/ipf/man/ipnat.5 | 66 ++-
dist/ipf/man/mkfilters.1 | 2 +-
dist/ipf/misc.c | 2 +-
dist/ipf/ml_ipl.c | 2 +-
dist/ipf/mln_ipl.c | 269 ------------
dist/ipf/natparse.c | 2 +-
dist/ipf/opt.c | 2 +-
dist/ipf/parse.c | 668 ++++++------------------------
dist/ipf/pcap.h | 2 +-
dist/ipf/relay.c | 2 +-
dist/ipf/samples/proxy.c | 2 +-
dist/ipf/samples/userauth.c | 2 +-
dist/ipf/snoop.h | 2 +-
46 files changed, 1736 insertions(+), 1621 deletions(-)
diffs (truncated from 5118 to 300 lines):
diff -r 3718d4919894 -r 403eec3d8903 dist/ipf/FreeBSD-4.0/ipv6-patch
--- a/dist/ipf/FreeBSD-4.0/ipv6-patch Wed May 03 11:39:54 2000 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-*** ip6_input.c.orig Sun Feb 13 14:32:01 2000
---- ip6_input.c Wed Apr 26 22:31:34 2000
-***************
-*** 121,126 ****
---- 121,127 ----
-
- extern struct domain inet6domain;
- extern struct ip6protosw inet6sw[];
-+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
-
- u_char ip6_protox[IPPROTO_MAX];
- static int ip6qmaxlen = IFQ_MAXLEN;
-***************
-*** 302,307 ****
---- 303,317 ----
- ip6stat.ip6s_badvers++;
- in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
- goto bad;
-+ }
-+
-+ if (fr_checkp) {
-+ struct mbuf *m1 = m;
-+
-+ if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif,
-+ 0, &m1) || !m1)
-+ return;
-+ ip6 = mtod(m = m1, struct ip6_hdr *);
- }
-
- ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
-*** ip6_output.c.orig Fri Mar 10 01:57:16 2000
---- ip6_output.c Wed Apr 26 22:34:34 2000
-***************
-*** 108,113 ****
---- 108,115 ----
- #include <netinet6/ip6_fw.h>
- #endif
-
-+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
-+
- static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
-
- struct ip6_exthdrs {
-***************
-*** 754,759 ****
---- 756,770 ----
- ip6->ip6_src.s6_addr16[1] = 0;
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
- ip6->ip6_dst.s6_addr16[1] = 0;
-+ }
-+
-+ if (fr_checkp) {
-+ struct mbuf *m1 = m;
-+
-+ if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) ||
-+ !m1)
-+ goto done;
-+ ip6 = mtod(m = m1, struct ip6_hdr *);
- }
-
- #ifdef IPV6FIREWALL
diff -r 3718d4919894 -r 403eec3d8903 dist/ipf/FreeBSD-4.0/kinstall
--- a/dist/ipf/FreeBSD-4.0/kinstall Wed May 03 11:39:54 2000 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-#!/bin/csh -f
-#
-set dir=`pwd`
-set karch=`uname -m`
-if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
-if ( -d /sys/$karch ) set archdir="/sys/$karch"
-set confdir="$archdir/conf"
-
-if ( $dir =~ */FreeBSD* ) cd ..
-echo -n "Installing "
-foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
- ip_proxy.[ch] ip_{ftp,rcmd,raudio}_pxy.c mlf_ipl.c ipl.h \
- ip_compat.h ip_auth.[ch] ip_log.c)
- echo -n "$i ";
- cp $i /sys/netinet
- chmod 644 /sys/netinet/$i
-end
-echo ""
-echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"
-ln -s /usr/include/osreldate.h /sys/sys/osreldate.h
-
-echo ""
-echo "Patching ip6_input.c and ip6_output.c"
-cat FreeBSD-4.0/ipv6-patch | (cd /sys/netinet6; patch)
-
-set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
-echo -n "Kernel configuration to update [$config] "
-set newconfig=$<
-if ( "$newconfig" != "" ) then
- set config="$confdir/$newconfig"
-else
- set newconfig=$config
-endif
-echo "Rewriting $newconfig..."
-if ( -f $confdir/$newconfig ) then
- mv $confdir/$newconfig $confdir/$newconfig.bak
-endif
-if ( -d $archdir/../compile/$newconfig ) then
- set bak=".bak"
- set dot=0
- while ( -d $archdir/../compile/${newconfig}.${bak} )
- set bak=".bak.$dot"
- set dot=`expr 1 + $dot`
- end
- mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak}
-endif
-awk '{print $0;if($2=="INET"){print"options IPFILTER\noptions IPFILTER_LOG"}}'\
- $confdir/$newconfig.bak > $confdir/$newconfig
-echo "You will now need to run config on $newconfig and build a new kernel."
-exit 0
diff -r 3718d4919894 -r 403eec3d8903 dist/ipf/FreeBSD-4.0/unkinstall
--- a/dist/ipf/FreeBSD-4.0/unkinstall Wed May 03 11:39:54 2000 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-#!/bin/csh -f
-#
-#
-set dir=`pwd`
-set karch=`uname -m`
-if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
-if ( -d /sys/$karch ) set archdir="/sys/$karch"
-set confdir="$archdir/conf"
-
-if ( $dir =~ */FreeBSD* ) cd ..
-echo -n "Uninstalling "
-foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
- ip_auth.[ch] ip_proxy.[ch] ip_{ftp,rcmd,raudio}_pxy.c ip_compat.h \
- ip_log.c mlf_ipl.c ipl.h)
- echo -n "$i ";
- /bin/rm -f /sys/netinet/$i
-end
-echo ""
-
-echo "Removing link from /usr/include/osreldate.h to /sys/sys/osreldate.h"
-rm /sys/sys/osreldate.h
-
-echo "Removing patch to ip6_input.c and ip6_output.c"
-cat FreeBSD-4.0/ipv6-patch | (cd /sys/netinet6; patch -R)
-
-set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
-echo -n "Kernel configuration to update [$config] "
-set newconfig=$<
-if ( "$newconfig" != "" ) then
- set config="$confdir/$newconfig"
-else
- set newconfig=$config
-endif
-if ( -f $confdir/$newconfig ) then
- mv $confdir/$newconfig $confdir/$newconfig.bak
-endif
-if ( -d $archdir/../compile/$newconfig ) then
- set bak=".bak"
- set dot=0
- while ( -d $archdir/../compile/${newconfig}.${bak} )
- set bak=".bak.$dot"
- set dot=`expr 1 + $dot`
- end
- mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak}
-endif
-egrep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig
-echo 'You will now need to run "config" and build a new kernel.'
-exit 0
diff -r 3718d4919894 -r 403eec3d8903 dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Wed May 03 11:39:54 2000 +0000
+++ b/dist/ipf/HISTORY Wed May 03 11:40:15 2000 +0000
@@ -20,6 +20,121 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.4.1 - 30/4/2000 - Released
+
+add ratoui() and fix parsing of group numbers to allow 0 - UINT_MAX
+
+don't include opt_inet6.h for FreeBSD if KLD_MODULE is defined
+
+Solaris must use copyin() for all types of ioctl() args
+
+fix up screen/tty when leaving "top mode" of ipfstat
+
+linked list for maptable not setup correctly in nat_hostmap()
+
+check for maptable rather than nat_table[1] to see if malloc for maptable
+succeeded in nat_init
+
+fix handling of map NAT rules with "from/to" host specs
+
+fix printout out of source address when using "from/to" with map rules
+
+convert ip_len back to network byte order, not plen, for solaris as ip_len
+may have been changed by NAT and plen won't reflect this
+
+3.4 - 27/4/2000 - Released
+
+source address spoofing can be turned on (fr_chksrc) without using
+filter rules
+
+group numbers are now 32bits in size, up from 16bits
+
+IPv6 filtering available
+
+add frank volf's state-top patches
+
+add load splitting and round-robin attribute to redirect rules
+
+FreeBSD-4.0 support (including KLD)
+
+add top-style operation mode for ipfstat (-t)
+
+add save/restore of IP Filter state/NAT information (ipfs)
+
+further ftp proxy security checks
+
+support for adding and removing proxies at runtime
+
+3.3.13 26/04/2000 - Released
+
+Fix parsing of "range" with "portmap"
+
+Relax checking of ftp replies, slightly.
+
+Fix NAT timeouts for ICMP packets
+
+SunOS4 patches for ICMP redirects from Jurgen Keil (jk%tools.de@localhost)
+
+3.3.12 16/03/2000 - Released
+
+tighten up ftp proxy behaviour. sigh. yuck. hate.
+
+fix bug in range check for NAT where the last IP# was not used.
+
+fix problem with icmp codes > 127 in filter rules caused bad things to
+happen and in particular, where #18 caused the rule to be printed
+erroneously.
+
+fix bug with the spl level not being reset when returning EIO from
+iplioctl due to ipfilter not being initialized yet.
+
+3.3.11 04/03/2000 - Released
+
+make "or-block" work with lines that start with "log"
+
+fix up parsing and printing of rules with syslog levels in them
+
+fix from Cy Schubert for calling of apr_fini only if non-null
+
+
+3.3.10 24/02/2000 - Released
+
+* fix back from guido for state tracking interfaces
+
+* update for NetBSD pfil interface changes
+
+* if attaching fails and we can abort, then cleanup when doing so.
+
+julian%computer.org@localhost:
+* solaris.c (fr_precheck): After calling freemsg on mt, set it point to *mp.
+* ipf.c (packetlogon): use flag to store the return value from get_flags.
+* ipmon.c (init_tabs): General cleanup so we do not have to cast
+ an int s->s_port to u_int port and try to check if the u_int port
+ is less than zero.
+
+3.3.9 15/02/2000 - Released
+
+fix scheduling of bad locking in fr_addstate() used when we attach onto
+a filter rule.
+
+fix up ip_statesync() with storing interface names in ipstate_t
+
+fix fr_running for LKM's - Eugene Polovnikov
+
+junk using pullupmsg() for solaris - it's next to useless for what we
+need to do here anyway - and implement what we require.
+
+don't call fr_delstate() in fr_checkstate(), when compiled for a user
+program, early but when we're finished with it (got fr & pass)
+
+ipnat(5) fix from Guido
+
+on solaris2, copy message and use that with filter if there is another
+copy if it being used (db_ref > 1). bad for performance, but better
+than causing a crash.
+
+patch for solaris8-fcs compile from Casper Dik
+
3.3.8 01/02/2000 - Released
fix state handling of SYN packets.
@@ -85,11 +200,6 @@
3.3.4 4/12/1999 - Released
Home |
Main Index |
Thread Index |
Old Index