Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/sys/dist/ipf/netinet Pull up revision 1.3 (requested by m...
details: https://anonhg.NetBSD.org/src/rev/c4eaa008ab8c
branches: netbsd-3
changeset: 575104:c4eaa008ab8c
user: tron <tron%NetBSD.org@localhost>
date: Mon Apr 04 18:25:05 2005 +0000
description:
Pull up revision 1.3 (requested by martti in ticket #106):
Upgraded IPFilter to 4.1.8
diffstat:
sys/dist/ipf/netinet/ip_fil.h | 71 ++--
sys/dist/ipf/netinet/ip_ipsec_pxy.c | 38 +-
sys/dist/ipf/netinet/ip_pptp_pxy.c | 512 +++++++++++++++++++++++++++---------
sys/dist/ipf/netinet/ip_state.h | 6 +-
sys/dist/ipf/netinet/ip_sync.c | 6 +-
5 files changed, 456 insertions(+), 177 deletions(-)
diffs (truncated from 894 to 300 lines):
diff -r d196d526c6d9 -r c4eaa008ab8c sys/dist/ipf/netinet/ip_fil.h
--- a/sys/dist/ipf/netinet/ip_fil.h Mon Apr 04 18:24:57 2005 +0000
+++ b/sys/dist/ipf/netinet/ip_fil.h Mon Apr 04 18:25:05 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil.h,v 1.2 2005/02/08 07:01:55 martti Exp $ */
+/* $NetBSD: ip_fil.h,v 1.2.4.1 2005/04/04 18:25:05 tron Exp $ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.
@@ -6,7 +6,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
- * Id: ip_fil.h,v 2.170.2.15 2005/01/08 14:26:18 darrenr Exp
+ * Id: ip_fil.h,v 2.170.2.18 2005/03/28 10:47:52 darrenr Exp
*/
#ifndef _NETINET_IP_FIL_H_
@@ -120,6 +120,7 @@
lookupfunc_t lptr[2];
} i6addr_t;
#endif
+
#define in4_addr in4.s_addr
#define iplookupnum i6[0]
#define iplookuptype i6[1]
@@ -579,7 +580,7 @@
#define offsetof(t,m) (int)((&((t *)0L)->m))
#endif
#define FR_CMPSIZ (sizeof(struct frentry) - \
- offsetof(struct frentry, fr_dsize))
+ offsetof(struct frentry, fr_func))
/*
* fr_type
@@ -911,26 +912,23 @@
tcpdata_t ts_data[2];
} tcpinfo_t;
-typedef struct greinfo {
- u_short gs_flags;
- u_short gs_ptype;
- u_short gs_call;
-} greinfo_t;
+
+struct grebits {
+ u_32_t grb_C:1;
+ u_32_t grb_R:1;
+ u_32_t grb_K:1;
+ u_32_t grb_S:1;
+ u_32_t grb_s:1;
+ u_32_t grb_recur:1;
+ u_32_t grb_A:1;
+ u_32_t grb_flags:3;
+ u_32_t grb_ver:3;
+ u_short grb_ptype;
+};
typedef struct grehdr {
union {
- struct grebits {
- u_32_t grub_C:1;
- u_32_t grub_R:1;
- u_32_t grub_K:1;
- u_32_t grub_S:1;
- u_32_t grub_s:1;
- u_32_t grub_recur:1;
- u_32_t grub_A:1;
- u_32_t grub_flags:3;
- u_32_t grub_ver:3;
- u_short grub_ptype;
- } gru_bits;
+ struct grebits gru_bits;
u_short gru_flags;
} gr_un;
u_short gr_len;
@@ -939,15 +937,24 @@
#define gr_flags gr_un.gru_flags
#define gr_bits gr_un.gru_bits
-#define gr_ptype gr_bits.grub_ptype
-#define gr_C gr_bits.grub_C
-#define gr_R gr_bits.grub_R
-#define gr_K gr_bits.grub_K
-#define gr_S gr_bits.grub_S
-#define gr_s gr_bits.grub_s
-#define gr_recur gr_bits.grub_recur
-#define gr_A gr_bits.grub_A
-#define gr_ver gr_bits.grub_ver
+#define gr_ptype gr_bits.grb_ptype
+#define gr_C gr_bits.grb_C
+#define gr_R gr_bits.grb_R
+#define gr_K gr_bits.grb_K
+#define gr_S gr_bits.grb_S
+#define gr_s gr_bits.grb_s
+#define gr_recur gr_bits.grb_recur
+#define gr_A gr_bits.grb_A
+#define gr_ver gr_bits.grb_ver
+
+
+typedef struct greinfo {
+ u_short gs_call[2];
+ u_short gs_flags;
+ u_short gs_ptype;
+} greinfo_t;
+
+#define GRE_REV(x) ((ntohs(x) >> 13) & 7)
/*
@@ -982,6 +989,8 @@
} ipftq_t;
#define IFQF_USER 0x01 /* User defined aging */
+#define IFQF_DELETE 0x02 /* Marked for deletion */
+#define IFQF_PROXY 0x04 /* Timeout queue in use by a proxy */
#define IPF_HZ_MULT 1
#define IPF_HZ_DIVIDE 2 /* How many times a second ipfilter */
@@ -1255,7 +1264,9 @@
extern int ppsratecheck __P((struct timeval *, int *, int));
#endif
extern ipftq_t *fr_addtimeoutqueue __P((ipftq_t **, u_int));
-extern void fr_deletetimeoutqueue __P((ipftq_t *));
+extern void fr_deletequeueentry __P((ipftqent_t *));
+extern int fr_deletetimeoutqueue __P((ipftq_t *));
+extern void fr_freetimeoutqueue __P((ipftq_t *));
extern void fr_movequeue __P((ipftqent_t *, ipftq_t *, ipftq_t *));
extern void fr_queueappend __P((ipftqent_t *, ipftq_t *, void *));
extern void fr_queueback __P((ipftqent_t *));
diff -r d196d526c6d9 -r c4eaa008ab8c sys/dist/ipf/netinet/ip_ipsec_pxy.c
--- a/sys/dist/ipf/netinet/ip_ipsec_pxy.c Mon Apr 04 18:24:57 2005 +0000
+++ b/sys/dist/ipf/netinet/ip_ipsec_pxy.c Mon Apr 04 18:25:05 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_ipsec_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $ */
+/* $NetBSD: ip_ipsec_pxy.c,v 1.2.2.1 2005/04/04 18:25:05 tron Exp $ */
/*
* Copyright (C) 2001-2003 by Darren Reed
@@ -8,11 +8,11 @@
* Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT
* code.
*
- * Id: ip_ipsec_pxy.c,v 2.20.2.4 2005/02/04 10:22:55 darrenr Exp
+ * Id: ip_ipsec_pxy.c,v 2.20.2.6 2005/03/28 10:47:53 darrenr Exp
*
*/
-__KERNEL_RCSID(1, "$NetBSD: ip_ipsec_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $");
+__KERNEL_RCSID(1, "$NetBSD: ip_ipsec_pxy.c,v 1.2.2.1 2005/04/04 18:25:05 tron Exp $");
#define IPF_IPSEC_PROXY
@@ -30,6 +30,7 @@
static char ipsec_buffer[1500];
int ipsec_proxy_init = 0;
+int ipsec_proxy_ttl = 60;
/*
* IPSec application proxy initialization.
@@ -42,28 +43,37 @@
MUTEX_INIT(&ipsecfr.fr_lock, "IPsec proxy rule lock");
ipsec_proxy_init = 1;
- ipsecnattqe = fr_addtimeoutqueue(&nat_utqe, 60);
+ ipsecnattqe = fr_addtimeoutqueue(&nat_utqe, ipsec_proxy_ttl);
if (ipsecnattqe == NULL)
return -1;
- ipsecstatetqe = fr_addtimeoutqueue(&ips_utqe, 60);
+ ipsecstatetqe = fr_addtimeoutqueue(&ips_utqe, ipsec_proxy_ttl);
if (ipsecstatetqe == NULL) {
- fr_deletetimeoutqueue(ipsecnattqe);
+ if (fr_deletetimeoutqueue(ipsecnattqe) == 0)
+ fr_freetimeoutqueue(ipsecnattqe);
ipsecnattqe = NULL;
return -1;
}
- ipsecfr.fr_age[0] = 60;
- ipsecfr.fr_age[1] = 60;
+
+ ipsecnattqe->ifq_flags |= IFQF_PROXY;
+ ipsecstatetqe->ifq_flags |= IFQF_PROXY;
+
+ ipsecfr.fr_age[0] = ipsec_proxy_ttl;
+ ipsecfr.fr_age[1] = ipsec_proxy_ttl;
return 0;
}
void ippr_ipsec_fini()
{
- if (ipsecnattqe != NULL)
- fr_deletetimeoutqueue(ipsecnattqe);
+ if (ipsecnattqe != NULL) {
+ if (fr_deletetimeoutqueue(ipsecnattqe) == 0)
+ fr_freetimeoutqueue(ipsecnattqe);
+ }
ipsecnattqe = NULL;
- if (ipsecstatetqe != NULL)
- fr_deletetimeoutqueue(ipsecstatetqe);
+ if (ipsecstatetqe != NULL) {
+ if (fr_deletetimeoutqueue(ipsecstatetqe) == 0)
+ fr_freetimeoutqueue(ipsecstatetqe);
+ }
ipsecstatetqe = NULL;
if (ipsec_proxy_init == 1) {
@@ -146,7 +156,7 @@
fi.fin_data[1] = 0;
p = ip->ip_p;
ip->ip_p = IPPROTO_ESP;
- fi.fin_flx &= ~FI_TCPUDP;
+ fi.fin_flx &= ~(FI_TCPUDP|FI_STATE|FI_FRAG);
fi.fin_flx |= FI_IGNORE;
ptr = ipsec_buffer;
@@ -214,7 +224,7 @@
fi.fin_data[0] = 0;
fi.fin_data[1] = 0;
ip->ip_p = IPPROTO_ESP;
- fi.fin_flx &= ~FI_TCPUDP;
+ fi.fin_flx &= ~(FI_TCPUDP|FI_STATE|FI_FRAG);
fi.fin_flx |= FI_IGNORE;
}
diff -r d196d526c6d9 -r c4eaa008ab8c sys/dist/ipf/netinet/ip_pptp_pxy.c
--- a/sys/dist/ipf/netinet/ip_pptp_pxy.c Mon Apr 04 18:24:57 2005 +0000
+++ b/sys/dist/ipf/netinet/ip_pptp_pxy.c Mon Apr 04 18:25:05 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_pptp_pxy.c,v 1.2 2005/02/08 07:01:55 martti Exp $ */
+/* $NetBSD: ip_pptp_pxy.c,v 1.2.4.1 2005/04/04 18:25:05 tron Exp $ */
/*
* Copyright (C) 2002-2003 by Darren Reed
@@ -6,18 +6,33 @@
* Simple PPTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
- * Id: ip_pptp_pxy.c,v 2.10.2.6 2004/11/25 15:37:37 darrenr Exp
+ * Id: ip_pptp_pxy.c,v 2.10.2.9 2005/03/16 18:17:34 darrenr Exp
*
*/
#define IPF_PPTP_PROXY
-typedef struct pptp_pxy {
- ipnat_t pptp_rule;
- nat_t *pptp_nat;
- ipstate_t *pptp_state;
- int pptp_seencookie;
- u_32_t pptp_cookie;
-} pptp_pxy_t;
+typedef struct pptp_hdr {
+ u_short pptph_len;
+ u_short pptph_type;
+ u_32_t pptph_cookie;
+} pptp_hdr_t;
+
+#define PPTP_MSGTYPE_CTL 1
+#define PPTP_MTCTL_STARTREQ 1
+#define PPTP_MTCTL_STARTREP 2
+#define PPTP_MTCTL_STOPREQ 3
+#define PPTP_MTCTL_STOPREP 4
+#define PPTP_MTCTL_ECHOREQ 5
+#define PPTP_MTCTL_ECHOREP 6
+#define PPTP_MTCTL_OUTREQ 7
+#define PPTP_MTCTL_OUTREP 8
+#define PPTP_MTCTL_INREQ 9
+#define PPTP_MTCTL_INREP 10
+#define PPTP_MTCTL_INCONNECT 11
+#define PPTP_MTCTL_CLEAR 12
+#define PPTP_MTCTL_DISCONNECT 13
+#define PPTP_MTCTL_WANERROR 14
+#define PPTP_MTCTL_LINKINFO 15
int ippr_pptp_init __P((void));
@@ -25,11 +40,16 @@
int ippr_pptp_new __P((fr_info_t *, ap_session_t *, nat_t *));
void ippr_pptp_del __P((ap_session_t *));
int ippr_pptp_inout __P((fr_info_t *, ap_session_t *, nat_t *));
-int ippr_pptp_match __P((fr_info_t *, ap_session_t *, nat_t *));
+void ippr_pptp_donatstate __P((fr_info_t *, nat_t *, pptp_pxy_t *));
+int ippr_pptp_message __P((fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *));
+int ippr_pptp_nextmessage __P((fr_info_t *, nat_t *, pptp_pxy_t *, int));
+int ippr_pptp_mctl __P((fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *));
static frentry_t pptpfr;
int pptp_proxy_init = 0;
+int ippr_pptp_debug = 0;
+int ippr_pptp_gretimeout = IPF_TTLVAL(120); /* 2 minutes */
/*
@@ -39,6 +59,8 @@
{
bzero((char *)&pptpfr, sizeof(pptpfr));
pptpfr.fr_ref = 1;
+ pptpfr.fr_age[0] = ippr_pptp_gretimeout;
Home |
Main Index |
Thread Index |
Old Index