Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Upgraded IPFilter to 3.4.27
details: https://anonhg.NetBSD.org/src/rev/4c622b2acf8f
branches: trunk
changeset: 526352:4c622b2acf8f
user: martti <martti%NetBSD.org@localhost>
date: Thu May 02 17:11:37 2002 +0000
description:
Upgraded IPFilter to 3.4.27
diffstat:
dist/ipf/HISTORY | 53 ++++++++
dist/ipf/fils.c | 22 +-
dist/ipf/ipf.c | 10 +-
dist/ipf/ipfs.c | 7 +-
dist/ipf/ipmon.c | 8 +-
dist/ipf/ipsend/ipsend.c | 9 +-
dist/ipf/ipt.c | 14 +-
dist/ipf/kmem.c | 34 ++---
dist/ipf/man/ipmon.8 | 5 +-
dist/ipf/man/ipnat.5 | 11 +-
dist/ipf/misc.c | 33 ++++-
dist/ipf/natparse.c | 51 ++++---
dist/ipf/printnat.c | 32 +++-
dist/ipf/printstate.c | 15 +-
dist/ipf/test/Makefile | 27 +++-
dist/ipf/test/input/ipf6-1 | 26 ----
dist/ipf/test/regress/ipf6-1 | 3 -
sys/netinet/fil.c | 34 +++-
sys/netinet/ip_auth.c | 13 +-
sys/netinet/ip_compat.h | 87 ++++++-------
sys/netinet/ip_fil.c | 12 +-
sys/netinet/ip_fil.h | 29 ++-
sys/netinet/ip_frag.c | 9 +-
sys/netinet/ip_ftp_pxy.c | 79 ++++++++---
sys/netinet/ip_h323_pxy.c | 44 ++++--
sys/netinet/ip_log.c | 10 +-
sys/netinet/ip_nat.c | 124 +++++++++++++++----
sys/netinet/ip_nat.h | 6 +-
sys/netinet/ip_proxy.c | 8 +-
sys/netinet/ip_state.c | 275 +++++++++++++++++++++++++++++-------------
sys/netinet/ip_state.h | 31 ++--
sys/netinet/ipl.h | 6 +-
32 files changed, 724 insertions(+), 403 deletions(-)
diffs (truncated from 2708 to 300 lines):
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/HISTORY Thu May 02 17:11:37 2002 +0000
@@ -22,6 +22,59 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.4.26 25/04/2002 - Released
+
+fix parsing and printing of NAT rules with regression tests.
+
+add code to adjust TCP checksums inside ICMP errors where present and as
+required for NAT.
+
+fix documentation problems in instal documents
+
+fix locking problem with auth code on Solaris
+
+fix use of version macros for FreeBSD and make the use of __FreeBSD_version
+override previous hacks except when not present
+
+fix the macros defined for SIOCAUTHR and SIOCAUTHW
+
+fix the H.323 proxy so it no longer panics (multiple issues: re-entry into
+nat_ioctl with lock held on Solaris, trying to copy data from kernel space
+with copyin, unaligned access to get 32bit & 16bit numbers)
+
+use the ip_ttl ndd parameter on Solaris to fill in ip_ttl for packets
+generated by IPFilter
+
+fix comparing state information to delete state table entries
+
+flag packets as being "bad state" if they're outside the window and prevent
+them from being able to cause new state to be created - except for SYN packets
+
+be stricter about what packets match a TCP state table entry if its creation
+was triggered by a SYN packet.
+
+add patches to handle TCP window scaling
+
+don't update TCP state table entries if the packet is not considered to be
+part of the connection
+
+ipfs wasn't allowing -i command line option in getopt
+
+IRIX: fix kvm interface, fix compile warnings, compile the kernel with -O2
+ regardless of user compile, fix the getkflags script to prune down the
+ output more so it is acceptable
+
+change building in Makefiles to create links to the application in $(TOP)
+at the end of "build" rather than when each is created.
+
+update BSD/kupgrade for FreeBSD
+
+l4check wasn't properly closing things when a connection fails
+
+man page updates for ipmon(8) and ipnat(5)
+
+more regression tests added.
+
3.4.25 13/03/2002 - Released
retain rule # in state information
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/fils.c
--- a/dist/ipf/fils.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/fils.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fils.c,v 1.15 2002/04/09 02:32:51 thorpej Exp $ */
+/* $NetBSD: fils.c,v 1.16 2002/05/02 17:11:37 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -95,10 +95,8 @@
#endif
#if !defined(lint)
-static const char sccsid[] __attribute__((__unused__)) =
- "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: fils.c,v 2.21.2.34 2002/02/22 15:32:45 darrenr Exp";
+static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.35 2002/04/03 14:18:36 darrenr Exp";
#endif
extern char *optarg;
@@ -1204,15 +1202,15 @@
if (c == ERR)
continue;
- if (tolower(c) == 'l') {
+ if (isalpha(c) && isupper(c))
+ c = tolower(c);
+ if (c == 'l') {
redraw = 1;
- } else if (tolower(c) == 'q') {
- nocbreak();
- endwin();
- exit(0);
- } else if (tolower(c) == 'r') {
+ } else if (c == 'q') {
+ break; /* exits while() loop */
+ } else if (c == 'r') {
reverse = !reverse;
- } else if (tolower(c) == 's') {
+ } else if (c == 's') {
sorting++;
if (sorting > STSORT_MAX)
sorting = 0;
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/ipf.c
--- a/dist/ipf/ipf.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/ipf.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.9 2002/04/09 02:32:51 thorpej Exp $ */
+/* $NetBSD: ipf.c,v 1.10 2002/05/02 17:11:37 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -51,10 +51,8 @@
#include "ipl.h"
#if !defined(lint)
-static const char sccsid[] __attribute__((__unused__)) =
- "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: ipf.c,v 2.10.2.13 2002/02/22 15:32:53 darrenr Exp";
+static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.14 2002/04/10 04:56:36 darrenr Exp";
#endif
#if SOLARIS
@@ -229,7 +227,7 @@
if (ioctl(fd, SIOCFRENB, &enable) == -1) {
if (errno == EBUSY)
fprintf(stderr,
- "IP FIlter: already initialized\n");
+ "IP Filter: already initialized\n");
else
perror("SIOCFRENB");
}
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/ipfs.c
--- a/dist/ipf/ipfs.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/ipfs.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipfs.c,v 1.6 2002/04/09 02:32:52 thorpej Exp $ */
+/* $NetBSD: ipfs.c,v 1.7 2002/05/02 17:11:38 martti Exp $ */
/*
* Copyright (C) 1999-2001 by Darren Reed.
@@ -47,8 +47,7 @@
#include "ipf.h"
#if !defined(lint)
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: ipfs.c,v 2.6.2.8 2001/09/14 18:52:21 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipfs.c,v 2.6.2.9 2002/04/17 17:42:59 darrenr Exp";
#endif
#ifndef IPF_SAVEDIR
@@ -211,7 +210,7 @@
int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0;
char *dirname = NULL, *filename = NULL, *ifs = NULL;
- while ((c = getopt(argc, argv, "d:f:lNnSRruvWw")) != -1)
+ while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
switch (c)
{
case 'd' :
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/ipmon.c
--- a/dist/ipf/ipmon.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/ipmon.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipmon.c,v 1.10 2002/04/17 12:06:23 kleink Exp $ */
+/* $NetBSD: ipmon.c,v 1.11 2002/05/02 17:11:38 martti Exp $ */
/*
* Copyright (C) 1993-2002 by Darren Reed.
@@ -69,10 +69,8 @@
#include "netinet/ip_state.h"
#if !defined(lint)
-static const char sccsid[] __attribute__((__unused__)) =
- "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: ipmon.c,v 2.12.2.32 2002/03/13 03:30:18 darrenr Exp";
+static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: ipmon.c,v 2.12.2.34 2002/03/22 10:27:16 darrenr Exp";
#endif
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/ipsend/ipsend.c
--- a/dist/ipf/ipsend/ipsend.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/ipsend/ipsend.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsend.c,v 1.6 2002/04/09 02:32:54 thorpej Exp $ */
+/* $NetBSD: ipsend.c,v 1.7 2002/05/02 17:11:39 martti Exp $ */
/*
* ipsend.c (C) 1995-1998 Darren Reed
@@ -33,13 +33,10 @@
#include <netinet/ip_var.h>
#endif
#include "ipsend.h"
-#include "ipf.h"
#if !defined(lint)
-static const char sccsid[] __attribute__((__unused__)) =
- "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: ipsend.c,v 2.2.2.4 2002/02/22 15:32:57 darrenr Exp";
+static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
+static const char rcsid[] = "@(#)Id: ipsend.c,v 2.2.2.5 2002/04/23 14:58:57 darrenr Exp";
#endif
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/ipt.c
--- a/dist/ipf/ipt.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/ipt.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipt.c,v 1.6 2002/04/09 02:32:53 thorpej Exp $ */
+/* $NetBSD: ipt.c,v 1.7 2002/05/02 17:11:38 martti Exp $ */
/*
* Copyright (C) 1993-2002 by Darren Reed.
@@ -15,6 +15,7 @@
# endif
#endif
#ifdef __sgi
+# define _KMEMUSER
# include <sys/ptimers.h>
#endif
#include <stdio.h>
@@ -64,10 +65,8 @@
#include "ipt.h"
#if !defined(lint)
-static const char sccsid[] __attribute__((__unused__)) =
- "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: ipt.c,v 2.6.2.19 2002/03/11 03:30:51 darrenr Exp";
+static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: ipt.c,v 2.6.2.21 2002/03/26 15:54:40 darrenr Exp";
#endif
extern char *optarg;
@@ -117,10 +116,13 @@
while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:STvxX")) != -1)
switch (c)
{
+ case '6' :
#ifdef USE_INET6
- case '6' :
use_inet6 = 1;
break;
+#else
+ fprintf(stderr, "IPv6 not supported\n");
+ exit(1);
#endif
case 'b' :
opts |= OPT_BRIEF;
diff -r 3ea61de1f532 -r 4c622b2acf8f dist/ipf/kmem.c
--- a/dist/ipf/kmem.c Thu May 02 17:03:57 2002 +0000
+++ b/dist/ipf/kmem.c Thu May 02 17:11:37 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kmem.c,v 1.6 2002/04/09 02:32:53 thorpej Exp $ */
+/* $NetBSD: kmem.c,v 1.7 2002/05/02 17:11:38 martti Exp $ */
/*
* Copyright (C) 1993-2002 by Darren Reed.
@@ -47,21 +47,14 @@
#endif
#if !defined(lint)
-static const char sccsid[] __attribute__((__unused__)) =
- "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
-static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: kmem.c,v 2.2.2.12 2002/03/06 09:44:16 darrenr Exp";
+static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
+static const char rcsid[] = "@(#)Id: kmem.c,v 2.2.2.14 2002/04/17 17:44:44 darrenr Exp";
#endif
-#ifndef __sgi
-
-static kvm_t *kvm_f = NULL;
+#ifdef __sgi
+typedef int kvm_t;
-#else
-
-typedef int kvm_t;
-
-static kvm_t kvm_f = -1;
+static int kvm_fd = -1;
static char *kvm_errstr;
kvm_t kvm_open(kernel, core, swap, mode, errstr)
@@ -69,12 +62,12 @@
int mode;
char *errstr;
{
- kvm_t fd;
Home |
Main Index |
Thread Index |
Old Index