Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf Import IPFilter 3.4.25
details: https://anonhg.NetBSD.org/src/rev/f555797ef803
branches: trunk
changeset: 523702:f555797ef803
user: martti <martti%NetBSD.org@localhost>
date: Thu Mar 14 12:30:07 2002 +0000
description:
Import IPFilter 3.4.25
diffstat:
dist/ipf/IRIX/Makefile.std | 32 ++++++++++++++++++++------
dist/ipf/IRIX/getkflags | 6 ++--
dist/ipf/IRIX/getrev | 6 +++++
dist/ipf/OpenBSD/fixdist-3.0 | 21 +++++++++--------
dist/ipf/common.c | 5 +++-
dist/ipf/printstate.c | 5 +++-
dist/ipf/test/expected/f15 | 9 +++++++
dist/ipf/test/expected/f16 | 9 +++++++
dist/ipf/test/expected/l1 | 49 +++++++++++++++++++++++++++++++++++++++++
dist/ipf/test/expected/l1.b | 47 +++++++++++++++++++++++++++++++++++++++
dist/ipf/test/input/f15 | 8 ++++++
dist/ipf/test/input/f16 | 8 ++++++
dist/ipf/test/input/l1 | 52 ++++++++++++++++++++++++++++++++++++++++++++
dist/ipf/test/logtest | 48 ++++++++++++++++++++++++++++++++++++++++
dist/ipf/test/mtest | 36 ++++++++++++++++++++++++++++++
dist/ipf/test/regress/f15 | 8 ++++++
dist/ipf/test/regress/f16 | 10 ++++++++
dist/ipf/test/regress/l1 | 6 +++++
18 files changed, 342 insertions(+), 23 deletions(-)
diffs (truncated from 580 to 300 lines):
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/IRIX/Makefile.std
--- a/dist/ipf/IRIX/Makefile.std Thu Mar 14 12:19:55 2002 +0000
+++ b/dist/ipf/IRIX/Makefile.std Thu Mar 14 12:30:07 2002 +0000
@@ -12,6 +12,7 @@
# Automatically determine compiler switches and defines for kernel compilation
# based on our current CPU:
#
+SGIREV=-DIRIX=$(SGI)
DCPU=`uname -m`
KFLAGS=`$(TOP)/IRIX/getkflags`
#
@@ -41,7 +42,7 @@
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)"
#
-CCARGS=-D_STANDALONE $(DEBUG) $(CFLAGS)
+CCARGS=$(SGIREV) -D_STANDALONE $(DEBUG) $(CFLAGS) $(IPFLOG)
#
########## ########## ########## ########## ########## ########## ##########
#
@@ -52,19 +53,21 @@
#
MODOBJS=ip_fil.o fil_k.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
ip_auth.o ip_log.o
-DFLAGS=$(IPFLKM) $(IPFLOG) $(KFLAGS) $(MLFLAGS) -jalr #-D_MP_NETLOCKS -DMP
+DFLAGS=$(IPFLKM) $(KFLAGS) $(MLFLAGS) -jalr $(SGIREV) \
+ #-D_MP_NETLOCKS -DMP
IPF=ipf.o parse.o common.o opt.o inet_addr.o facpri.o
IPT=ipt.o parse.o common.o fil.o ipft_sn.o ipft_ef.o ipft_td.o ipft_pc.o \
opt.o ipft_tx.o misc.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_proxy_u.o \
- ip_auth_u.o ipft_hx.o ip_fil_u.o inet_addr.o natparse.o facpri.o
-IPNAT=ipnat.o kmem.o natparse.o common.o inet_addr.o
-FILS=fils.o parse.o common.o kmem.o opt.o inet_addr.o facpri.o
+ ip_auth_u.o ipft_hx.o ip_fil_u.o ip_log_u.o inet_addr.o natparse.o \
+ facpri.o printnat.o printstate.o
+IPNAT=ipnat.o kmem.o natparse.o common.o inet_addr.o printnat.o
+FILS=fils.o parse.o common.o kmem.o opt.o inet_addr.o facpri.o printstate.o
build all: ipf ipfstat ipftest ipmon ipnat $(LKM)
ipfstat: $(FILS)
$(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) $(FILS) \
- -o $@ $(LIBS) $(STATETOP_LIB)
+ -o $@ $(LIBS) $(STATETOP_LIB) -lelf
ipf: $(IPF)
$(CC) $(CCARGS) $(IPF) -o $@ $(LIBS)
@@ -77,7 +80,7 @@
ln -s `pwd`/ipftest $(TOP)
ipnat: $(IPNAT)
- $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS)
+ $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS) -lelf
tests:
(cd test; make )
@@ -152,6 +155,9 @@
ip_fil_u.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(TOP)/$(IPFILC) -o $@
+ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_log.c -o $@
+
$(LKM): $(MODOBJS)
ld $(MLFLAGS) -r -d $(MODOBJS) -o $(LKM)
@@ -196,18 +202,28 @@
ipmon: $(TOP)/ipmon.c
$(CC) $(CCARGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS)
+ ${RM} -f $(TOP)/ipmon
+ ln -s `pwd`/ipmon $(TOP)
natparse.o: $(TOP)/natparse.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_proxy.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/natparse.c -o $@
+printnat.o: $(TOP)/printnat.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_proxy.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOP)/printnat.c -o $@
+
+printstate.o: $(TOP)/printstate.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_state.h
+ $(CC) $(CCARGS) -c $(TOP)/printstate.c -o $@
+
clean:
${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon ipnat $(LKM)
${MAKE} -f Makefile.ipsend ${MFLAGS} clean
-(for i in *; do \
if [ -d $${i} -a -f $${i}/Makefile ] ; then \
cd $${i}; (make clean); cd ..; \
- ${RM} $${i}/Makefile $${i}/Makefile.ipsend; \
+ ${RM} $${i}/Makefile* $${i}/Makefile.ipsend*; \
rmdir $${i}; \
fi \
done)
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/IRIX/getkflags
--- a/dist/ipf/IRIX/getkflags Thu Mar 14 12:19:55 2002 +0000
+++ b/dist/ipf/IRIX/getkflags Thu Mar 14 12:30:07 2002 +0000
@@ -4,9 +4,9 @@
-e 's/\!empty//' \
-e 's/"//g' \
-e 's/\$(\([_A-Z]*\)) == /\1 == /' \
--e 's/== IP/== /' -e 's/#[^ie].*//' \
+-e 's/== *IP/== /g' -e 's/)=/) =/g' -e 's/#[^ie].*//' \
+-e 's/\$(CPUBOARD)/CPUBOARD/g' \
-e 's/^#$//' /var/sysgen/Makefile.kernio | \
-egrep -v '^$|^ROOT|^include' | \
/usr/lib/cpp -DCPUBOARD=${CPUNUM} | \
-egrep -v '^$|^#.*'
+egrep -v '^$|^#.*|^$|^ROOT=|^include'
exit 0
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/IRIX/getrev
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/IRIX/getrev Thu Mar 14 12:30:07 2002 +0000
@@ -0,0 +1,6 @@
+#!/bin/sh
+osrev=`uname -r`
+major=`expr $osrev : '\([0-9]\)\..*'`
+minor=`expr $osrev : '.*\.\([0-9]\)'`
+printf '%d%02d' $major $minor
+exit 0
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/OpenBSD/fixdist-3.0
--- a/dist/ipf/OpenBSD/fixdist-3.0 Thu Mar 14 12:19:55 2002 +0000
+++ b/dist/ipf/OpenBSD/fixdist-3.0 Thu Mar 14 12:30:07 2002 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: fixdist-3.0,v 1.1.1.1 2002/01/24 08:18:32 martti Exp $
+.\" $NetBSD: fixdist-3.0,v 1.1.1.2 2002/03/14 12:30:13 martti Exp $
.\"
#!/bin/sh
#
@@ -59,7 +59,7 @@
PROG= ipf
MAN= ${MFILES}
SRCS= ${SFILES}
-CFLAGS+=-I\${.CURDIR}/../../sys/netinet
+CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
@@ -80,7 +80,7 @@
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../../sbin/ipf
-CFLAGS+=-I\${.CURDIR}/../../sbin/ipf -DSTATETOP \\
+CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf -DSTATETOP \\
-I\${.CURDIR}/../../sys/netinet
DPADD= \${LIBCURSES}
LDADD= -lcurses -lkvm
@@ -104,7 +104,7 @@
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../ipfstat \${.CURDIR}/../ipf
-CFLAGS+=-I\${.CURDIR}/../../sbin/ipfstat -I\${.CURDIR}/../ipf \\
+CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipfstat -I\${.CURDIR}/../ipf \\
-I\${.CURDIR}/../../sys/netinet
LDADD= -lkvm
@@ -163,8 +163,8 @@
.PATH: \${.CURDIR}/../../sbin/ipf \${.CURDIR}/../../sbin/ipfstat \\
\${.CURDIR}/../../sys/netinet \${.CURDIR}/../../sbin/ipnat
-CFLAGS+=-I\${.CURDIR}/../../sbin/ipf -I\${.CURDIR}/../../sys/netinet \\
- -I\${.CURDIR}/../../sys -I\${.CURDIR}
+CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\
+ -I\${.CURDIR}/../../sys/netinet -I\${.CURDIR}/../../sys -I\${.CURDIR}
.include <bsd.prog.mk>
__EOF__
@@ -186,7 +186,8 @@
MAN= ${MFILES}
SRCS= ${SFILES}
-CFLAGS+=-I\${.CURDIR}/../../sbin/ipf -I\${.CURDIR}/../../sys/netinet
+CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\
+ -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
@@ -207,7 +208,7 @@
PROG= ipmon
MAN= ${MFILES}
SRCS= ${SFILES}
-CFLAGS+=-I\${.CURDIR}/../../sys/netinet
+CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
@@ -276,7 +277,7 @@
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
-CFLAGS+= -DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
+CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sbin/ipf \\
-I\${.CURDIR}/../../../sys/netinet -I\${.CURDIR}/..
.PATH: \${.CURDIR}/../common \${.CURDIR}/../../ipftest \\
@@ -302,7 +303,7 @@
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
-CFLAGS+= -DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
+CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sys/netinet \\
-I\${.CURDIR}/../../../sbin/ipf -I\${.CURDIR}/..
.PATH: \${.CURDIR}/../common
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/common.c
--- a/dist/ipf/common.c Thu Mar 14 12:19:55 2002 +0000
+++ b/dist/ipf/common.c Thu Mar 14 12:30:07 2002 +0000
@@ -1,10 +1,13 @@
-/* $NetBSD: common.c,v 1.1.1.4 2002/01/24 08:18:29 martti Exp $ */
+/* $NetBSD: common.c,v 1.1.1.5 2002/03/14 12:30:07 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#include <strings.h>
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/printstate.c
--- a/dist/ipf/printstate.c Thu Mar 14 12:19:55 2002 +0000
+++ b/dist/ipf/printstate.c Thu Mar 14 12:30:07 2002 +0000
@@ -1,10 +1,13 @@
-/* $NetBSD: printstate.c,v 1.1.1.1 2002/01/24 08:18:30 martti Exp $ */
+/* $NetBSD: printstate.c,v 1.1.1.2 2002/03/14 12:30:10 martti Exp $ */
/*
* Copyright (C) 2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/test/expected/f15
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/test/expected/f15 Thu Mar 14 12:30:07 2002 +0000
@@ -0,0 +1,9 @@
+block return-rst
+pass
+block return-icmp
+pass
+block
+nomatch
+pass
+pass
+--------
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/test/expected/f16
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/test/expected/f16 Thu Mar 14 12:30:07 2002 +0000
@@ -0,0 +1,9 @@
+block
+block
+pass
+block
+pass
+pass
+block
+block
+--------
diff -r 0f876a5a350d -r f555797ef803 dist/ipf/test/expected/l1
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/test/expected/l1 Thu Mar 14 12:30:07 2002 +0000
@@ -0,0 +1,49 @@
+log in all
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
+01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
+--------
+pass in on anon0 all head 100
+--------
+pass in log quick from 3.3.3.3 to any group 100
+--------
+pass in log body quick from 2.2.2.2 to any
+01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
+01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+--------
+pass in log quick proto tcp from 1.1.1.1 to any flags S keep state
+01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
+01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
+01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
+01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
+--------
Home |
Main Index |
Thread Index |
Old Index