Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src Pull up revision 1.13 (requested by martti in ticket #106):
details: https://anonhg.NetBSD.org/src/rev/06e9a69ce18b
branches: netbsd-3
changeset: 575108:06e9a69ce18b
user: tron <tron%NetBSD.org@localhost>
date: Mon Apr 04 18:25:38 2005 +0000
description:
Pull up revision 1.13 (requested by martti in ticket #106):
Upgraded IPFilter to 4.1.8
diffstat:
dist/ipf/tools/ipnat_y.y | 16 +-
sys/dist/ipf/netinet/fil.c | 280 ++++++++++++++++++++++++++--------
sys/dist/ipf/netinet/ip_fil_netbsd.c | 49 +++--
3 files changed, 248 insertions(+), 97 deletions(-)
diffs (truncated from 721 to 300 lines):
diff -r d38727b33175 -r 06e9a69ce18b dist/ipf/tools/ipnat_y.y
--- a/dist/ipf/tools/ipnat_y.y Mon Apr 04 18:25:24 2005 +0000
+++ b/dist/ipf/tools/ipnat_y.y Mon Apr 04 18:25:38 2005 +0000
@@ -1,3 +1,5 @@
+/* $NetBSD: ipnat_y.y,v 1.12.2.1 2005/04/04 18:25:38 tron Exp $ */
+
%{
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
@@ -63,6 +65,7 @@
struct in_addr ipa;
frentry_t fr;
frtuc_t *frt;
+ u_short port;
struct {
u_short p1;
u_short p2;
@@ -87,7 +90,8 @@
%token IPNY_ROUNDROBIN IPNY_FRAG IPNY_AGE IPNY_ICMPIDMAP IPNY_PROXY
%token IPNY_TCP IPNY_UDP IPNY_TCPUDP IPNY_STICKY IPNY_MSSCLAMP IPNY_TAG
%token IPNY_TLATE
-%type <num> hexnumber compare range proto portspec
+%type <port> portspec
+%type <num> hexnumber compare range proto
%type <ipa> hostname ipv4
%type <ipp> addr nummask rhaddr
%type <pc> portstuff
@@ -308,14 +312,14 @@
;
portspec:
- YY_NUMBER { $$ = $1;
- if ($$ < 0 || $$ > 65535)
+ YY_NUMBER { if ($1 > 65535) /* Unsigned */
yyerror("invalid port number");
+ else
+ $$ = $1;
}
- | YY_STR { int p = getport(NULL, $1);
- if (p < 0)
+ | YY_STR { if (getport(NULL, $1, &($$)) == -1)
yyerror("invalid port number");
- $$ = ntohs(p);
+ $$ = ntohs($$);
}
;
diff -r d38727b33175 -r 06e9a69ce18b sys/dist/ipf/netinet/fil.c
--- a/sys/dist/ipf/netinet/fil.c Mon Apr 04 18:25:24 2005 +0000
+++ b/sys/dist/ipf/netinet/fil.c Mon Apr 04 18:25:38 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.11 2005/03/07 13:59:30 hannken Exp $ */
+/* $NetBSD: fil.c,v 1.11.2.1 2005/04/04 18:25:38 tron Exp $ */
/*
* Copyright (C) 1993-2003 by Darren Reed.
@@ -135,10 +135,10 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.11 2005/03/07 13:59:30 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.11.2.1 2005/04/04 18:25:38 tron Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: fil.c,v 2.243.2.50 2005/02/17 05:32:24 darrenr Exp";
+static const char rcsid[] = "@(#)Id: fil.c,v 2.243.2.57 2005/03/28 10:47:50 darrenr Exp";
#endif
#endif
@@ -365,6 +365,8 @@
if (off == 0) {
if (fin->fin_plen < fin->fin_hlen + min)
fi->fi_flx |= FI_SHORT;
+ } else if (off < min) {
+ fi->fi_flx |= FI_SHORT;
}
}
@@ -488,6 +490,21 @@
break;
}
hdrcount++;
+
+ /*
+ * It is important to note that at this point, for the
+ * extension headers (go != 0), the entire header may not have
+ * been pulled up when the code gets to this point. This is
+ * only done for "go != 0" because the other header handlers
+ * will all pullup their complete header and the other
+ * indicator of an incomplete header is that this eas just an
+ * extension header.
+ */
+ if ((go != 0) && (p != IPPROTO_NONE) &&
+ (frpr_pullup(fin, 0) == -1)) {
+ p = IPPROTO_NONE;
+ go = 0;
+ }
}
fi->fi_p = p;
}
@@ -606,6 +623,12 @@
fin->fin_flx |= (FI_FRAG|FI_V6EXTHDR);
+ /* 8 is default length of extension hdr */
+ if ((fin->fin_dlen - 8) < 0) {
+ fin->fin_flx |= FI_SHORT;
+ return IPPROTO_NONE;
+ }
+
/*
* Only one frgament header is allowed per IPv6 packet but it need
* not be the first nor last (not possible in some cases.)
@@ -621,7 +644,7 @@
fin->fin_optmsk |= ip6exthdr[i].ol_bit;
- if (frpr_pullup(fin, 8) == -1)
+ if (frpr_pullup(fin, sizeof(*frag)) == -1)
return IPPROTO_NONE;
hdr = fin->fin_dp;
@@ -1079,13 +1102,13 @@
fi = &fin->fin_fi;
fi->fi_flx |= FI_TCPUDP;
- if (fin->fin_off != 0)
- return;
-
- if (frpr_pullup(fin, sizeof(*udp)) == -1)
- return;
-
- if (fin->fin_dlen > 3) {
+
+ if (!fin->fin_off && (fin->fin_dlen > 3)) {
+ if (frpr_pullup(fin, sizeof(*udp)) == -1) {
+ fi->fi_flx |= FI_SHORT;
+ return;
+ }
+
udp = fin->fin_dp;
fin->fin_sport = ntohs(udp->uh_sport);
@@ -1170,6 +1193,8 @@
static INLINE void frpr_gre(fin)
fr_info_t *fin;
{
+ grehdr_t *gre;
+
if (frpr_pullup(fin, sizeof(grehdr_t)) == -1)
return;
@@ -1179,6 +1204,9 @@
else if (fin->fin_v == 6)
frpr_short6(fin, sizeof(grehdr_t));
#endif
+ gre = fin->fin_dp;
+ if (GRE_REV(gre->gr_flags) == 1)
+ fin->fin_data[0] = gre->gr_call;
}
@@ -2903,7 +2931,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * Id: fil.c,v 2.243.2.50 2005/02/17 05:32:24 darrenr Exp
+ * Id: fil.c,v 2.243.2.57 2005/03/28 10:47:50 darrenr Exp
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@@ -3873,10 +3901,10 @@
{
frentry_t frd, *fp, *f, **fprev, **ftail;
int error = 0, in, v;
+ void *ptr, *uptr;
u_int *p, *pp;
frgroup_t *fg;
char *group;
- void *ptr;
fg = NULL;
fp = &frd;
@@ -3900,6 +3928,7 @@
return EINVAL;
v = fp->fr_v;
+ uptr = fp->fr_data;
/*
* Only filter rules for IPv4 or IPv6 are accepted.
@@ -3981,7 +4010,7 @@
}
for (f = *fprev; (f = *fprev) != NULL; fprev = &f->fr_next)
- if (fp->fr_collect < f->fr_collect)
+ if (fp->fr_collect <= f->fr_collect)
break;
ftail = fprev;
@@ -3993,9 +4022,9 @@
KMALLOCS(ptr, void *, fp->fr_dsize);
if (!ptr)
return ENOMEM;
- error = COPYIN(fp->fr_data, ptr, fp->fr_dsize);
+ error = COPYIN(uptr, ptr, fp->fr_dsize);
} else {
- ptr = fp->fr_data;
+ ptr = uptr;
error = 0;
}
if (error != 0) {
@@ -4125,8 +4154,8 @@
for (; (f = *ftail) != NULL; ftail = &f->fr_next)
if ((fp->fr_cksum == f->fr_cksum) &&
(f->fr_dsize == fp->fr_dsize) &&
- !bcmp((char *)&f->fr_dsize,
- (char *)&fp->fr_dsize, FR_CMPSIZ) &&
+ !bcmp((char *)&f->fr_func,
+ (char *)&fp->fr_func, FR_CMPSIZ) &&
(!ptr || !f->fr_data ||
!bcmp((char *)ptr, (char *)f->fr_data, f->fr_dsize)))
break;
@@ -4138,10 +4167,27 @@
if (f == NULL)
error = ESRCH;
else {
- error = fr_outobj(data, f, IPFOBJ_FRENTRY);
+ /*
+ * Copy and reduce lock because of impending copyout.
+ * Well we should, but if we do then the atomicity of
+ * this call and the correctness of fr_hits and
+ * fr_bytes cannot be guaranteed. As it is, this code
+ * only resets them to 0 if they are successfully
+ * copied out into user space.
+ */
+ bcopy((char *)f, (char *)fp, sizeof(*f));
+ /* MUTEX_DOWNGRADE(&ipf_mutex); */
+
+ /*
+ * When we copy this rule back out, set the data
+ * pointer to be what it was in user space.
+ */
+ fp->fr_data = uptr;
+ error = fr_outobj(data, fp, IPFOBJ_FRENTRY);
+
if (error == 0) {
- if (f->fr_dsize != 0 && f->fr_data != NULL)
- error = COPYOUT(f->fr_data, ptr,
+ if ((f->fr_dsize != 0) && (uptr != NULL))
+ error = COPYOUT(f->fr_data, uptr,
f->fr_dsize);
if (error == 0) {
f->fr_hits = 0;
@@ -4150,7 +4196,7 @@
}
}
- if (ptr != NULL && makecopy != 0) {
+ if ((ptr != NULL) && (makecopy != 0)) {
KFREES(ptr, fp->fr_dsize);
}
RWLOCK_EXIT(&ipf_mutex);
@@ -4323,8 +4369,8 @@
/* */
/* Copy in a ipfunc_resolve_t structure and then fill in the missing field. */
/* This will either be the function name (if the pointer is set) or the */
-/* function pointer if the name is set. When found, fill in the details so */
-/* it can be copied back to user space. */
+/* function pointer if the name is set. When found, fill in the other one */
+/* so that the entire, complete, structure can be copied back to user space.*/
/* ------------------------------------------------------------------------ */
int fr_resolvefunc(data)
void *data;
@@ -4541,6 +4587,16 @@
}
#endif /* IPFILTER_LOOKUP */
+/*
+ * Queue functions
+ * ===============
+ * These functions manage objects on queues for efficient timeouts. There are
+ * a number of system defined queues as well as user defined timeouts. It is
+ * expected that a lock is held in the domain in which the queue belongs
+ * (i.e. either state or NAT) when calling any of these functions that prevents
+ * fr_freetimeoutqueue() from being called at the same time as any other.
+ */
+
/* ------------------------------------------------------------------------ */
/* Function: fr_addtimeoutqueue */
@@ -4554,26 +4610,35 @@
/* being requested. If it finds one, increments the reference counter and */
/* returns a pointer to it. If none are found, it allocates a new one and */
/* inserts it at the top of the list. */
+/* */
+/* Locking. */
+/* It is assumed that the caller of this function has an appropriate lock */
+/* held (exclusively) in the domain that encompases 'parent'. */
/* ------------------------------------------------------------------------ */
Home |
Main Index |
Thread Index |
Old Index