Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Resolve conflicts.
details: https://anonhg.NetBSD.org/src/rev/430d0952b68a
branches: trunk
changeset: 507585:430d0952b68a
user: mike <mike%NetBSD.org@localhost>
date: Mon Mar 26 06:11:46 2001 +0000
description:
Resolve conflicts.
diffstat:
dist/ipf/BNF | 4 +-
dist/ipf/HISTORY | 90 +++-
dist/ipf/Makefile | 18 +-
dist/ipf/fils.c | 23 +-
dist/ipf/ip_sfil.c | 36 +-
dist/ipf/ipf.c | 15 +-
dist/ipf/ipfs.c | 46 +-
dist/ipf/ipft_tx.c | 8 +-
dist/ipf/iplang/Makefile | 3 +
dist/ipf/ipmon.c | 18 +-
dist/ipf/ipnat.c | 15 +-
dist/ipf/ipsend/44arp.c | 2 +-
dist/ipf/ipsend/ip.c | 2 +-
dist/ipf/ipsend/ipsend.c | 10 +-
dist/ipf/ipsend/resend.c | 2 +-
dist/ipf/ipsend/sock.c | 2 +-
dist/ipf/man/ipf.4 | 32 +-
dist/ipf/man/ipf.5 | 6 +-
dist/ipf/man/ipfstat.8 | 18 +-
dist/ipf/man/ipmon.8 | 4 +-
dist/ipf/man/ipnat.4 | 2 +-
dist/ipf/parse.c | 6 +-
dist/ipf/perl/plog | 990 +++++++++++++++++++++++++------------------
dist/ipf/samples/userauth.c | 4 +-
dist/ipf/test/expected/i7 | 2 +-
sys/netinet/fil.c | 170 +++++-
sys/netinet/ip_auth.c | 8 +-
sys/netinet/ip_auth.h | 6 +-
sys/netinet/ip_compat.h | 62 +-
sys/netinet/ip_fil.c | 40 +-
sys/netinet/ip_fil.h | 7 +-
sys/netinet/ip_frag.c | 12 +-
sys/netinet/ip_frag.h | 7 +-
sys/netinet/ip_ftp_pxy.c | 56 +-
sys/netinet/ip_log.c | 6 +-
sys/netinet/ip_nat.c | 548 ++++++++++++++++++++----
sys/netinet/ip_nat.h | 24 +-
sys/netinet/ip_proxy.h | 5 +-
sys/netinet/ip_raudio_pxy.c | 7 +-
sys/netinet/ip_rcmd_pxy.c | 7 +-
sys/netinet/ip_state.c | 171 ++++---
sys/netinet/ip_state.h | 5 +-
sys/netinet/ipl.h | 6 +-
43 files changed, 1691 insertions(+), 814 deletions(-)
diffs (truncated from 4739 to 300 lines):
diff -r 9fe014ef8f31 -r 430d0952b68a dist/ipf/BNF
--- a/dist/ipf/BNF Mon Mar 26 03:52:19 2001 +0000
+++ b/dist/ipf/BNF Mon Mar 26 06:11:46 2001 +0000
@@ -11,7 +11,7 @@
ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group = [ "head" decnumber ] [ "group" decnumber ] .
-block = "block" [ icmp [return-code] | "return-rst" ] .
+block = "block" [ reutrn-icmp[return-code] | "return-rst" ] .
auth = "auth" | "preauth" .
log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
call = "call" [ "now" ] function-name .
@@ -22,7 +22,7 @@
srcdst = "all" | fromto .
fromto = "from" object "to" object .
-icmp = "return-icmp" | "return-icmp-as-dest" .
+reutrn-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
diff -r 9fe014ef8f31 -r 430d0952b68a dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Mon Mar 26 03:52:19 2001 +0000
+++ b/dist/ipf/HISTORY Mon Mar 26 06:11:46 2001 +0000
@@ -6,9 +6,11 @@
# in providing a very available location for the IP Filter home page and
# distribution center.
#
-# Thanks to Tel.Net Media for allowing me to maintain and further develop
-# IP Filter as part of my job and supplying Sun equipment for testing the
-# move to 64bits and Gigabit Ethernet.
+# Thanks to Hewlett Packard for making it possible to port IP Filter to
+# HP-UX 11.00.
+#
+# Thanks to Tel.Net Media for supplying me with equipment to ensure that
+# IP Filter continues to work on Solaris/sparc64.
#
# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means
# to further support development of IP Filter under BSDI.
@@ -20,6 +22,88 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.4.16 15/01/2001 - Released
+
+fix race condition in flushing of state entries that are timing out
+
+Add TCP ECN patches
+
+log all NAT entries created, not just those via rules
+
+3.4.15 17/12/2000 - Released
+
+add minimum ttl filtering (to be replaced later by return-icmp-as-dest
+for all ICMP packets matching state entries).
+
+fix NAT'ing of fragments
+
+fix sanity checks for ICMPV6
+
+fix up compiling on IRIX 6.2 with IDF/IDL installed
+
+3.4.14 02/11/2000 - Released
+
+cause flushing NAT table to generate log records the same as state flush
+does.
+
+fix ftp proxy port/pasv
+
+fix problem where nat_{in,out}lookup() would release a write lock when it
+didn't need to.
+
+add check for ipf6.conf in Solaris ipfboot
+
+3.4.13 28/10/2000 - Released
+
+fix introduced bug with ICMP packets being rejected when valid
+
+fix bug with proxy's that don't set fin_dlen correctly when calling
+fr_addstate()
+
+3.4.12 26/10/2000 - Released
+
+fix installing into FreeBSD-4.1
+
+fix FTP proxy bug where it'd hang and make NAT slightly more efficient
+
+fix general compiling errors/warnings on various platforms
+
+don't access ICMP data fields that aren't there
+
+3.4.11 09/10/2000 - Released
+
+return NULL for IPv6 access control lists if it is disabled rather than
+random garbage.
+
+fix for getting protocol & packet length for IPv6 packets for pullup.
+
+update plog script from version 0.8 to version 0.10
+
+patch from Frank Volf adding fix_datacksum() to NAT code, enhancing the
+capabilities for "fixing" checksums.
+
+3.4.10 03/09/2000 - Released
+
+merge patch from Frank Volf for ICMP nat handling of TCP/UDP data `errors'
+
+getline() adjusts linenum now
+
+add tcphalfclosed timeout
+
+fill in icmp_nextmtu field if it is defined on the platform
+
+RST generation fix from guido
+
+force 32bit compile for gcc on solaris if it can't generate 64bit code
+
+encase logging when fr_chksrc == 2 in #ifdef IPFILTER_LOG
+
+fix up line wrap problems in plog script
+
+fix ICMP packet handling to not drop valid ICMP errors
+
+freebsd 5.0 compat changes
+
3.4.9 08/08/2000 - Released
implement new aging mechanism in fr_tcp_age()
diff -r 9fe014ef8f31 -r 430d0952b68a dist/ipf/Makefile
--- a/dist/ipf/Makefile Mon Mar 26 03:52:19 2001 +0000
+++ b/dist/ipf/Makefile Mon Mar 26 06:11:46 2001 +0000
@@ -5,7 +5,7 @@
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
-# Id: Makefile,v 2.11.2.3 2000/08/05 14:50:00 darrenr Exp
+# Id: Makefile,v 2.11.2.6 2000/12/17 12:43:15 darrenr Exp
#
BINDEST=/usr/local/bin
SBINDEST=/sbin
@@ -16,7 +16,7 @@
#CC=cc -Dconst=
DEBUG=-g
TOP=../..
-CFLAGS=-I$$(TOP) -g
+CFLAGS=-I$$(TOP)
CPU=`uname -m`
CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
#
@@ -107,7 +107,7 @@
fi
sunos solaris: include
- ./buildsunos $(MFLAGS)
+ CC="$(CC)" ./buildsunos
freebsd22: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
@@ -169,8 +169,8 @@
irix IRIX: include
make setup "TARGOS=IRIX" "CPUDIR=$(CPUDIR)"
- (cd IRIX/$(CPUDIR); smake build TOP=../.. $(DEST) $(MFLAGS); cd ..)
- (cd IRIX/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(DEST) $(MFLAGS); cd ..)
+ -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.std build TOP=../.. $(DEST) $(MFLAGS); else smake build TOP=../.. $(DEST) $(MFLAGS); fi;)
+ -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.ipsend.std TOP=../.. $(DEST) $(MFLAGS); else smake -f Makefile.ipsend TOP=../.. $(DEST) $(MFLAGS); fi)
linux: include
make setup "TARGOS=Linux" "CPUDIR=$(CPUDIR)"
@@ -184,6 +184,14 @@
-if [ ! -d $(TARGOS)/$(CPUDIR) ] ; then mkdir $(TARGOS)/$(CPUDIR); fi
-rm -f $(TARGOS)/$(CPUDIR)/Makefile $(TARGOS)/$(CPUDIR)/Makefile.ipsend
-ln -s ../Makefile $(TARGOS)/$(CPUDIR)/Makefile
+ -if [ ! -f $(TARGOS)/$(CPUDIR)/Makefile.std -a \
+ -f $(TARGOS)/Makefile.std ] ; then \
+ ln -s ../Makefile.std $(TARGOS)/$(CPUDIR)/Makefile.std; \
+ fi
+ -if [ ! -f $(TARGOS)/$(CPUDIR)/Makefile.ipsend.std -a \
+ -f $(TARGOS)/Makefile.ipsend.std ] ; then \
+ ln -s ../Makefile.ipsend.std $(TARGOS)/$(CPUDIR)/Makefile.ipsend.std; \
+ fi
-ln -s ../Makefile.ipsend $(TARGOS)/$(CPUDIR)/Makefile.ipsend
clean: clean-include
diff -r 9fe014ef8f31 -r 430d0952b68a dist/ipf/fils.c
--- a/dist/ipf/fils.c Mon Mar 26 03:52:19 2001 +0000
+++ b/dist/ipf/fils.c Mon Mar 26 06:11:46 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fils.c,v 1.11 2001/03/13 16:30:39 christos Exp $ */
+/* $NetBSD: fils.c,v 1.12 2001/03/26 06:11:46 mike Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@@ -71,7 +71,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.5 2000/07/20 14:13:30 darrenr Exp";
+static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.7 2000/12/02 00:13:56 darrenr Exp";
#endif
extern char *optarg;
@@ -898,7 +898,7 @@
printw("%-21s %-21s", str1, str2);
/* print state */
- sprintf(str1, "%d/%d", tp->st_state[0],
+ sprintf(str1, "%X/%X", tp->st_state[0],
tp->st_state[1]);
printw(" %3s", str1);
@@ -1000,6 +1000,23 @@
fr.fr_flags);
ipfrtab[i] = ifr.ipfr_next;
}
+ if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,sizeof(ipfrtab)))
+ return;
+ for (i = 0; i < IPFT_SIZE; i++)
+ while (ipfrtab[i]) {
+ if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
+ sizeof(ifr)) == -1)
+ break;
+ PRINTF("NAT: %s -> ", hostname(4, &ifr.ipfr_src));
+ if (kmemcpy((char *)&fr, (u_long)ifr.ipfr_rule,
+ sizeof(fr)) == -1)
+ break;
+ PRINTF("%s %d %d %d %#02x = %#x\n",
+ hostname(4, &ifr.ipfr_dst), ifr.ipfr_id,
+ ifr.ipfr_ttl, ifr.ipfr_p, ifr.ipfr_tos,
+ fr.fr_flags);
+ ipfrtab[i] = ifr.ipfr_next;
+ }
}
diff -r 9fe014ef8f31 -r 430d0952b68a dist/ipf/ip_sfil.c
--- a/dist/ipf/ip_sfil.c Mon Mar 26 03:52:19 2001 +0000
+++ b/dist/ipf/ip_sfil.c Mon Mar 26 06:11:46 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_sfil.c,v 1.6 2000/08/09 21:03:02 veego Exp $ */
+/* $NetBSD: ip_sfil.c,v 1.7 2001/03/26 06:11:46 mike Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@@ -11,7 +11,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_sfil.c,v 2.23.2.6 2000/08/07 12:36:19 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_sfil.c,v 2.23.2.9 2000/11/12 11:55:17 darrenr Exp";
#endif
#include <sys/types.h>
@@ -68,7 +68,7 @@
static int frrequest __P((minor_t, int, caddr_t, int));
static int send_ip __P((fr_info_t *fin, mblk_t *m));
-kmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_hostmap;
+kmutex_t ipl_mutex, ipf_authmx, ipf_rw;
KRWLOCK_T ipf_mutex, ipfs_mutex, ipf_solaris;
KRWLOCK_T ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth;
kcondvar_t iplwait, ipfauthwait;
@@ -92,7 +92,6 @@
ip_natunload();
cv_destroy(&iplwait);
cv_destroy(&ipfauthwait);
- mutex_destroy(&ipf_hostmap);
mutex_destroy(&ipf_authmx);
mutex_destroy(&ipl_mutex);
mutex_destroy(&ipf_rw);
@@ -119,7 +118,6 @@
mutex_init(&ipf_rw, "ipf rw mutex", MUTEX_DRIVER, NULL);
mutex_init(&ipl_mutex, "ipf log mutex", MUTEX_DRIVER, NULL);
mutex_init(&ipf_authmx, "ipf auth log mutex", MUTEX_DRIVER, NULL);
- mutex_init(&ipf_hostmap, "ipf hostmap mutex", MUTEX_DRIVER, NULL);
RWLOCK_INIT(&ipf_solaris, "ipf filter load/unload mutex", NULL);
RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock", NULL);
RWLOCK_INIT(&ipfs_mutex, "ipf solaris mutex", NULL);
@@ -443,7 +441,7 @@
}
group = fp->fr_group;
- if (group != NULL) {
+ if (group != 0) {
fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL);
if (fg == NULL) {
error = ESRCH;
@@ -615,7 +613,7 @@
fixskip(fprev, f, 1);
f->fr_grp = NULL;
group = f->fr_grhead;
- if (group != NULL)
+ if (group != 0)
fg = fr_addgroup(group, f, unit, set);
} else
error = ENOMEM;
@@ -690,7 +688,7 @@
fr_info_t *fin;
{
tcphdr_t *tcp, *tcp2;
Home |
Main Index |
Thread Index |
Old Index