Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Import IPFilter 5.1.1
details: https://anonhg.NetBSD.org/src/rev/215a1d5e335d
branches: trunk
changeset: 773276:215a1d5e335d
user: darrenr <darrenr%NetBSD.org@localhost>
date: Mon Jan 30 16:02:57 2012 +0000
description:
Import IPFilter 5.1.1
diffstat:
dist/ipf/bpf-ipf.h | 4 +-
dist/ipf/ip_dns_pxy.c | 401 ++
dist/ipf/ip_dstlist.c | 1314 +++++++++
dist/ipf/ip_dstlist.h | 71 +
dist/ipf/ip_fil_compat.c | 3633 +++++++++++++++++++++---
dist/ipf/ip_htable.c | 1221 +++++++-
dist/ipf/ip_htable.h | 46 +-
dist/ipf/ip_irc_pxy.c | 120 +-
dist/ipf/ip_nat6.c | 4773 +++++++++++++++++++++++++++++++++
dist/ipf/ip_pool.c | 1178 +++++--
dist/ipf/ip_pool.h | 88 +-
dist/ipf/ip_pptp_pxy.c | 241 +-
dist/ipf/ip_rpcb_pxy.c | 313 +-
dist/ipf/ip_scan.h | 22 +-
dist/ipf/ip_sync.c | 994 ++++-
dist/ipf/ip_sync.h | 38 +-
dist/ipf/ip_tftp_pxy.c | 302 ++
dist/ipf/ipf_rb.h | 366 ++
dist/ipf/iplang/iplang.tst | 2 +-
dist/ipf/ipmon.h | 84 +-
dist/ipf/lib/addipopt.c | 24 +-
dist/ipf/lib/alist_free.c | 8 +-
dist/ipf/lib/alist_new.c | 81 +-
dist/ipf/lib/allocmbt.c | 24 +
dist/ipf/lib/assigndefined.c | 29 +
dist/ipf/lib/bcopywrap.c | 10 +-
dist/ipf/lib/binprint.c | 10 +-
dist/ipf/lib/buildopts.c | 16 +-
dist/ipf/lib/checkrev.c | 24 +-
dist/ipf/lib/connecttcp.c | 50 +
dist/ipf/lib/count4bits.c | 8 +-
dist/ipf/lib/count6bits.c | 8 +-
dist/ipf/lib/debug.c | 39 +-
dist/ipf/lib/dupmbt.c | 26 +
dist/ipf/lib/facpri.h | 6 +-
dist/ipf/lib/familyname.c | 14 +
dist/ipf/lib/fill6bits.c | 10 +-
dist/ipf/lib/findword.c | 27 +
dist/ipf/lib/flags.c | 6 +-
dist/ipf/lib/freembt.c | 18 +
dist/ipf/lib/ftov.c | 18 +
dist/ipf/lib/gethost.c | 63 +-
dist/ipf/lib/geticmptype.c | 31 +
dist/ipf/lib/getifname.c | 12 +-
dist/ipf/lib/getnattype.c | 45 +-
dist/ipf/lib/getsumd.c | 8 +-
dist/ipf/lib/icmptypename.c | 30 +
dist/ipf/lib/icmptypes.c | 109 +
dist/ipf/lib/initparse.c | 6 +-
dist/ipf/lib/interror.c | 569 +++
dist/ipf/lib/ionames.c | 51 +-
dist/ipf/lib/ipf_perror.c | 14 +
dist/ipf/lib/ipferror.c | 26 +
dist/ipf/lib/ipft_pc.c | 163 +-
dist/ipf/lib/ipft_sn.c | 31 +-
dist/ipf/lib/ipoptsec.c | 17 +-
dist/ipf/lib/kmem.h | 6 +-
dist/ipf/lib/kmemcpywrap.c | 10 +-
dist/ipf/lib/kvatoname.c | 12 +-
dist/ipf/lib/load_dstlist.c | 71 +
dist/ipf/lib/load_dstlistnode.c | 65 +
dist/ipf/lib/load_file.c | 40 +-
dist/ipf/lib/load_hash.c | 30 +-
dist/ipf/lib/load_hashnode.c | 30 +-
dist/ipf/lib/load_pool.c | 28 +-
dist/ipf/lib/load_poolnode.c | 35 +-
dist/ipf/lib/load_url.c | 6 +-
dist/ipf/lib/mb_hexdump.c | 34 +
dist/ipf/lib/msgdsize.c | 22 +
dist/ipf/lib/mutex_emul.c | 60 +-
dist/ipf/lib/nametokva.c | 12 +-
dist/ipf/lib/nat_setgroupmap.c | 22 +-
dist/ipf/lib/ntomask.c | 23 +-
dist/ipf/lib/optname.c | 12 +-
dist/ipf/lib/optprint.c | 10 +-
dist/ipf/lib/optprintv6.c | 10 +-
dist/ipf/lib/optvalue.c | 10 +-
dist/ipf/lib/parsefields.c | 50 +
dist/ipf/lib/parseipfexpr.c | 281 +
dist/ipf/lib/parsewhoisline.c | 126 +
dist/ipf/lib/poolio.c | 49 +
dist/ipf/lib/portname.c | 17 +-
dist/ipf/lib/prependmbt.c | 19 +
dist/ipf/lib/print_toif.c | 49 +-
dist/ipf/lib/printactiveaddr.c | 39 +
dist/ipf/lib/printactivenat.c | 132 +-
dist/ipf/lib/printaddr.c | 77 +
dist/ipf/lib/printaps.c | 64 +-
dist/ipf/lib/printdstl_live.c | 93 +
dist/ipf/lib/printdstlist.c | 67 +
dist/ipf/lib/printdstlistdata.c | 49 +
dist/ipf/lib/printdstlistnode.c | 79 +
dist/ipf/lib/printdstlistpolicy.c | 33 +
dist/ipf/lib/printfieldhdr.c | 57 +
dist/ipf/lib/printfr.c | 436 +-
dist/ipf/lib/printfraginfo.c | 34 +-
dist/ipf/lib/printhash.c | 24 +-
dist/ipf/lib/printhash_live.c | 42 +-
dist/ipf/lib/printhashdata.c | 54 +-
dist/ipf/lib/printhashnode.c | 58 +-
dist/ipf/lib/printhost.c | 37 +
dist/ipf/lib/printhostmap.c | 29 +-
dist/ipf/lib/printhostmask.c | 35 +-
dist/ipf/lib/printifname.c | 18 +-
dist/ipf/lib/printip.c | 37 +-
dist/ipf/lib/printipfexpr.c | 160 +
dist/ipf/lib/printlog.c | 23 +-
dist/ipf/lib/printlookup.c | 47 +
dist/ipf/lib/printmask.c | 28 +-
dist/ipf/lib/printnataddr.c | 50 +
dist/ipf/lib/printnatfield.c | 222 +
dist/ipf/lib/printnatside.c | 59 +
dist/ipf/lib/printpacket.c | 69 +-
dist/ipf/lib/printpacket6.c | 33 +-
dist/ipf/lib/printpool.c | 23 +-
dist/ipf/lib/printpool_live.c | 47 +-
dist/ipf/lib/printpooldata.c | 54 +-
dist/ipf/lib/printpoolfield.c | 170 +
dist/ipf/lib/printpoolnode.c | 60 +-
dist/ipf/lib/printportcmp.c | 19 +-
dist/ipf/lib/printproto.c | 39 +-
dist/ipf/lib/printstatefields.c | 360 ++
dist/ipf/lib/printtcpflags.c | 32 +
dist/ipf/lib/printtqtable.c | 19 +-
dist/ipf/lib/printtunable.c | 23 +-
dist/ipf/lib/printunit.c | 49 +
dist/ipf/lib/remove_hash.c | 21 +-
dist/ipf/lib/remove_hashnode.c | 25 +-
dist/ipf/lib/remove_pool.c | 21 +-
dist/ipf/lib/remove_poolnode.c | 25 +-
dist/ipf/lib/resetlexer.c | 6 +-
dist/ipf/lib/rwlock_emul.c | 44 +-
dist/ipf/lib/save_execute.c | 82 +
dist/ipf/lib/save_file.c | 132 +
dist/ipf/lib/save_nothing.c | 56 +
dist/ipf/lib/save_syslog.c | 139 +
dist/ipf/lib/save_v1trap.c | 466 +++
dist/ipf/lib/save_v2trap.c | 466 +++
dist/ipf/lib/tcp_flags.c | 12 +-
dist/ipf/lib/tcpflags.c | 8 +-
dist/ipf/lib/v6optvalue.c | 10 +-
dist/ipf/lib/verbose.c | 34 +-
dist/ipf/lib/vtof.c | 18 +
dist/ipf/man/ipfilter.4.mandoc | 22 +-
dist/ipf/man/ippool.8 | 13 +-
dist/ipf/md5.c | 13 +-
dist/ipf/mln_rule.c | 16 +-
dist/ipf/opts.h | 7 +-
dist/ipf/pcap-ipf.h | 4 +-
dist/ipf/perl/Ipfanaly.pl | 62 +-
dist/ipf/perl/Isbgraph | 14 +-
dist/ipf/perl/ipfmeta.pl | 4 +-
dist/ipf/radix_ipf.c | 1324 +++++++++
dist/ipf/radix_ipf.h | 299 +-
dist/ipf/rules/BASIC_1.FW | 4 +-
dist/ipf/rules/BASIC_2.FW | 2 +-
dist/ipf/rules/firewall | 2 +-
dist/ipf/rules/ipmon.conf | 29 +-
dist/ipf/rules/server | 2 +-
dist/ipf/samples/relay.c | 8 +-
dist/ipf/sys/tree.h | 750 +++++
dist/ipf/test/bpftest | 44 +-
dist/ipf/test/expected/f18 | 22 +
dist/ipf/test/expected/f21 | 5 +
dist/ipf/test/expected/f22 | 5 +
dist/ipf/test/expected/f25 | 35 +
dist/ipf/test/expected/f26 | 84 +
dist/ipf/test/expected/f27 | 90 +
dist/ipf/test/expected/f28 | 32 +
dist/ipf/test/expected/f29 | 64 +
dist/ipf/test/expected/f30 | 68 +
dist/ipf/test/expected/i14 | 12 +-
dist/ipf/test/expected/i17 | 19 +
dist/ipf/test/expected/i19.dist | 44 +-
dist/ipf/test/expected/i20 | 8 +-
dist/ipf/test/expected/i22 | 5 +
dist/ipf/test/expected/in100 | 3 +
dist/ipf/test/expected/in101 | 4 +
dist/ipf/test/expected/in102 | 5 +
dist/ipf/test/expected/in5 | 46 +-
dist/ipf/test/expected/in6 | 16 +-
dist/ipf/test/expected/ip1 | 92 +-
dist/ipf/test/expected/ip2 | 2 +-
dist/ipf/test/expected/ip3 | 14 +
dist/ipf/test/expected/ipv6.4 | 51 +
dist/ipf/test/expected/ipv6.6 | 2 +
dist/ipf/test/expected/n10 | 63 +
dist/ipf/test/expected/n100 | 33 +
dist/ipf/test/expected/n101 | 29 +
dist/ipf/test/expected/n102 | 29 +
dist/ipf/test/expected/n103 | 33 +
dist/ipf/test/expected/n104 | 50 +
dist/ipf/test/expected/n105 | 25 +
dist/ipf/test/expected/n106 | 25 +
dist/ipf/test/expected/n11 | 169 +-
dist/ipf/test/expected/n11_6 | 124 +
dist/ipf/test/expected/n12 | 21 +
dist/ipf/test/expected/n12_6 | 28 +
dist/ipf/test/expected/n13 | 35 +-
dist/ipf/test/expected/n13_6 | 32 +
dist/ipf/test/expected/n14 | 33 +-
dist/ipf/test/expected/n14_6 | 30 +
dist/ipf/test/expected/n15 | 47 +
dist/ipf/test/expected/n15_6 | 47 +
dist/ipf/test/expected/n16 | 10 +-
dist/ipf/test/expected/n17 | 10 +-
dist/ipf/test/expected/n18 | 120 +-
dist/ipf/test/expected/n1_6 | 197 +
dist/ipf/test/expected/n200 | 25 +
dist/ipf/test/expected/n201 | 28 +
dist/ipf/test/expected/n202 | 23 +
dist/ipf/test/expected/n2_6 | 191 +
dist/ipf/test/expected/n4_6 | 190 +
dist/ipf/test/expected/n5_6 | 533 +++
dist/ipf/test/expected/n6_6 | 173 +
dist/ipf/test/expected/n7_6 | 98 +
dist/ipf/test/expected/n8 | 21 +
dist/ipf/test/expected/n8_6 | 30 +
dist/ipf/test/expected/n9 | 20 +
dist/ipf/test/expected/n9_6 | 29 +
dist/ipf/test/expected/ni10 | 3 +-
dist/ipf/test/expected/ni11 | 3 +-
dist/ipf/test/expected/ni12 | 7 +-
dist/ipf/test/expected/ni17 | 7 +
dist/ipf/test/expected/ni18 | 5 +
dist/ipf/test/expected/ni19 | 18 +-
dist/ipf/test/expected/ni20 | 40 +-
dist/ipf/test/expected/ni21 | 8 +-
dist/ipf/test/expected/ni23 | 34 +-
dist/ipf/test/expected/ni6 | 74 +-
dist/ipf/test/expected/p1 | 13 +-
dist/ipf/test/expected/p10 | 40 +
dist/ipf/test/expected/p11 | 40 +
dist/ipf/test/expected/p12 | 40 +
dist/ipf/test/expected/p13 | 30 +
dist/ipf/test/expected/p2 | 18 +-
dist/ipf/test/expected/p3 | 18 +-
dist/ipf/test/expected/p4 | 38 +
dist/ipf/test/expected/p5 | 11 +-
dist/ipf/test/expected/p6 | 24 +
dist/ipf/test/expected/p7 | 40 +
dist/ipf/test/expected/p9 | 40 +
dist/ipf/test/input/f21 | 31 +
dist/ipf/test/input/f22 | 31 +
dist/ipf/test/input/f25 | 41 +
dist/ipf/test/input/f26 | 13 +
dist/ipf/test/input/f27 | 84 +
dist/ipf/test/input/f28 | 7 +
dist/ipf/test/input/f29 | 11 +
dist/ipf/test/input/f30 | 16 +
dist/ipf/test/input/ipv6.4 | 522 +++
dist/ipf/test/input/ipv6.6 | 7 +
dist/ipf/test/input/n10 | 4 +-
dist/ipf/test/input/n100 | 8 +
dist/ipf/test/input/n101 | 8 +
dist/ipf/test/input/n102 | 8 +
dist/ipf/test/input/n103 | 8 +
dist/ipf/test/input/n104 | 48 +
dist/ipf/test/input/n105 | 8 +
dist/ipf/test/input/n106 | 8 +
dist/ipf/test/input/n10_6 | 6 +
dist/ipf/test/input/n11_6 | 16 +
dist/ipf/test/input/n12 | 12 +-
dist/ipf/test/input/n12_6 | 18 +
dist/ipf/test/input/n13_6 | 4 +
dist/ipf/test/input/n14_6 | 4 +
dist/ipf/test/input/n15 | 2 +
dist/ipf/test/input/n15_6 | 2 +
dist/ipf/test/input/n16 | 26 +-
dist/ipf/test/input/n17 | 28 +-
dist/ipf/test/input/n17_6 | 24 +
dist/ipf/test/input/n1_6 | 34 +
dist/ipf/test/input/n200 | 6 +
dist/ipf/test/input/n201 | 24 +
dist/ipf/test/input/n202 | 7 +
dist/ipf/test/input/n2_6 | 19 +
dist/ipf/test/input/n4_6 | 10 +
dist/ipf/test/input/n5_6 | 54 +
dist/ipf/test/input/n6_6 | 13 +
dist/ipf/test/input/n7_6 | 9 +
dist/ipf/test/input/n8 | 12 +-
dist/ipf/test/input/n8_6 | 34 +
dist/ipf/test/input/n9 | 12 +-
dist/ipf/test/input/n9_6 | 34 +
dist/ipf/test/input/ni10 | 10 +-
dist/ipf/test/input/ni11 | 4 +-
dist/ipf/test/input/ni12 | 14 +-
dist/ipf/test/input/ni13 | 130 +-
dist/ipf/test/input/ni14 | 126 +-
dist/ipf/test/input/ni15 | 2 +-
dist/ipf/test/input/ni16 | 2 +-
dist/ipf/test/input/ni18 | 4 +
dist/ipf/test/input/ni19 | 14 +-
dist/ipf/test/input/ni20 | 48 +-
dist/ipf/test/input/ni7 | 10 +-
dist/ipf/test/input/ni8 | 11 +-
dist/ipf/test/input/ni9 | 7 +-
dist/ipf/test/input/p10 | 10 +
dist/ipf/test/input/p11 | 10 +
dist/ipf/test/input/p12 | 10 +
dist/ipf/test/input/p13 | 8 +
dist/ipf/test/input/p4 | 12 +
dist/ipf/test/input/p6 | 2 +
dist/ipf/test/input/p7 | 10 +
dist/ipf/test/input/p9 | 10 +
dist/ipf/test/ipflib.sh | 59 +
dist/ipf/test/iptest | 30 +-
dist/ipf/test/ptest | 47 +-
dist/ipf/test/regress/f21 | 2 +
dist/ipf/test/regress/f22 | 2 +
dist/ipf/test/regress/f25 | 1 +
dist/ipf/test/regress/f26 | 6 +
dist/ipf/test/regress/f27 | 6 +
dist/ipf/test/regress/f28.ipf | 2 +
dist/ipf/test/regress/f28.pool | 2 +
dist/ipf/test/regress/f29.ipf | 2 +
dist/ipf/test/regress/f29.pool | 2 +
dist/ipf/test/regress/f30 | 4 +
dist/ipf/test/regress/i14 | 2 +
dist/ipf/test/regress/i17 | 4 +-
dist/ipf/test/regress/i18 | 6 +-
dist/ipf/test/regress/i21 | 6 +-
dist/ipf/test/regress/i22 | 5 +
dist/ipf/test/regress/in100 | 3 +
dist/ipf/test/regress/in101 | 4 +
dist/ipf/test/regress/in102 | 5 +
dist/ipf/test/regress/ip3 | 14 +
dist/ipf/test/regress/ipv6.4 | 3 +
dist/ipf/test/regress/ipv6.5 | 4 +-
dist/ipf/test/regress/n100 | 1 +
dist/ipf/test/regress/n101 | 1 +
dist/ipf/test/regress/n102 | 1 +
dist/ipf/test/regress/n103 | 1 +
dist/ipf/test/regress/n104 | 1 +
dist/ipf/test/regress/n105 | 1 +
dist/ipf/test/regress/n106 | 1 +
dist/ipf/test/regress/n10_6 | 3 +
dist/ipf/test/regress/n11_6 | 3 +
dist/ipf/test/regress/n12_6 | 1 +
dist/ipf/test/regress/n13_6 | 1 +
dist/ipf/test/regress/n14_6 | 1 +
dist/ipf/test/regress/n15 | 2 +
dist/ipf/test/regress/n15_6 | 2 +
dist/ipf/test/regress/n16_6 | 1 +
dist/ipf/test/regress/n17_6 | 1 +
dist/ipf/test/regress/n18 | 6 +-
dist/ipf/test/regress/n1_6 | 3 +
dist/ipf/test/regress/n200 | 1 +
dist/ipf/test/regress/n201 | 1 +
dist/ipf/test/regress/n202 | 1 +
dist/ipf/test/regress/n2_6 | 4 +
dist/ipf/test/regress/n4_6 | 6 +
dist/ipf/test/regress/n5_6 | 6 +
dist/ipf/test/regress/n6_6 | 5 +
dist/ipf/test/regress/n7_6 | 3 +
dist/ipf/test/regress/n8_6 | 1 +
dist/ipf/test/regress/n9_6 | 1 +
dist/ipf/test/regress/ni13.nat | 2 +-
dist/ipf/test/regress/ni14.nat | 2 +-
dist/ipf/test/regress/ni18.nat | 4 +
dist/ipf/test/regress/p1.pool | 2 +-
dist/ipf/test/regress/p10.nat | 1 +
dist/ipf/test/regress/p10.pool | 2 +
dist/ipf/test/regress/p11.nat | 1 +
dist/ipf/test/regress/p11.pool | 2 +
dist/ipf/test/regress/p12.nat | 1 +
dist/ipf/test/regress/p12.pool | 2 +
dist/ipf/test/regress/p13.ipf | 1 +
dist/ipf/test/regress/p13.pool | 2 +
dist/ipf/test/regress/p3.ipf | 4 +-
dist/ipf/test/regress/p4.nat | 1 +
dist/ipf/test/regress/p4.pool | 2 +
dist/ipf/test/regress/p6.ipf | 1 +
dist/ipf/test/regress/p6.pool | 1 +
dist/ipf/test/regress/p6.whois | 241 +
dist/ipf/test/regress/p7.nat | 1 +
dist/ipf/test/regress/p7.pool | 2 +
dist/ipf/test/regress/p9.nat | 1 +
dist/ipf/test/regress/p9.pool | 2 +
dist/ipf/test/test.format | 105 +-
dist/ipf/test/vfycksum.pl | 277 +-
dist/ipf/tools/BNF.ipf | 2 +-
dist/ipf/tools/ipfsyncd.c | 673 ++++
dist/ipf/tools/ipftest.c | 424 +-
dist/ipf/tools/ipmon_y.y | 718 +++-
dist/ipf/tools/ipnat.c | 447 ++-
dist/ipf/tools/ipsyncm.c | 10 +-
dist/ipf/tools/ipsyncs.c | 11 +-
dist/ipf/tools/lex_var.h | 4 +-
regress/sys/kern/ipf/expected/f21 | 5 +
regress/sys/kern/ipf/expected/f22 | 5 +
regress/sys/kern/ipf/expected/f25 | 35 +
regress/sys/kern/ipf/expected/f26 | 84 +
regress/sys/kern/ipf/expected/f27 | 90 +
regress/sys/kern/ipf/expected/f28 | 32 +
regress/sys/kern/ipf/expected/f29 | 64 +
regress/sys/kern/ipf/expected/f30 | 68 +
regress/sys/kern/ipf/expected/i22 | 5 +
regress/sys/kern/ipf/expected/in100 | 3 +
regress/sys/kern/ipf/expected/in101 | 4 +
regress/sys/kern/ipf/expected/in102 | 5 +
regress/sys/kern/ipf/expected/ip3 | 14 +
regress/sys/kern/ipf/expected/ipv6.4 | 51 +
regress/sys/kern/ipf/expected/n100 | 33 +
regress/sys/kern/ipf/expected/n101 | 29 +
regress/sys/kern/ipf/expected/n102 | 29 +
regress/sys/kern/ipf/expected/n103 | 33 +
regress/sys/kern/ipf/expected/n104 | 50 +
regress/sys/kern/ipf/expected/n105 | 25 +
regress/sys/kern/ipf/expected/n106 | 25 +
regress/sys/kern/ipf/expected/n11_6 | 124 +
regress/sys/kern/ipf/expected/n12_6 | 28 +
regress/sys/kern/ipf/expected/n13_6 | 32 +
regress/sys/kern/ipf/expected/n14_6 | 30 +
regress/sys/kern/ipf/expected/n15 | 47 +
regress/sys/kern/ipf/expected/n15_6 | 47 +
regress/sys/kern/ipf/expected/n18 | 120 +-
regress/sys/kern/ipf/expected/n1_6 | 197 +
regress/sys/kern/ipf/expected/n200 | 25 +
regress/sys/kern/ipf/expected/n201 | 28 +
regress/sys/kern/ipf/expected/n202 | 23 +
regress/sys/kern/ipf/expected/n2_6 | 191 +
regress/sys/kern/ipf/expected/n4_6 | 190 +
regress/sys/kern/ipf/expected/n5_6 | 533 +++
regress/sys/kern/ipf/expected/n6_6 | 173 +
regress/sys/kern/ipf/expected/n7_6 | 98 +
regress/sys/kern/ipf/expected/n8_6 | 30 +
regress/sys/kern/ipf/expected/n9_6 | 29 +
regress/sys/kern/ipf/expected/ni17 | 7 +
regress/sys/kern/ipf/expected/ni18 | 5 +
regress/sys/kern/ipf/expected/p10 | 40 +
regress/sys/kern/ipf/expected/p11 | 40 +
regress/sys/kern/ipf/expected/p12 | 40 +
regress/sys/kern/ipf/expected/p13 | 30 +
regress/sys/kern/ipf/expected/p4 | 38 +
regress/sys/kern/ipf/expected/p6 | 24 +
regress/sys/kern/ipf/expected/p7 | 40 +
regress/sys/kern/ipf/expected/p9 | 40 +
regress/sys/kern/ipf/input/f21 | 31 +
regress/sys/kern/ipf/input/f22 | 31 +
regress/sys/kern/ipf/input/f25 | 41 +
regress/sys/kern/ipf/input/f26 | 13 +
regress/sys/kern/ipf/input/f27 | 84 +
regress/sys/kern/ipf/input/f28 | 7 +
regress/sys/kern/ipf/input/f29 | 11 +
regress/sys/kern/ipf/input/f30 | 16 +
regress/sys/kern/ipf/input/ipv6.4 | 522 +++
regress/sys/kern/ipf/input/n100 | 8 +
regress/sys/kern/ipf/input/n101 | 8 +
regress/sys/kern/ipf/input/n102 | 8 +
regress/sys/kern/ipf/input/n103 | 8 +
regress/sys/kern/ipf/input/n104 | 48 +
regress/sys/kern/ipf/input/n105 | 8 +
regress/sys/kern/ipf/input/n106 | 8 +
regress/sys/kern/ipf/input/n10_6 | 6 +
regress/sys/kern/ipf/input/n11_6 | 16 +
regress/sys/kern/ipf/input/n12_6 | 18 +
regress/sys/kern/ipf/input/n13_6 | 4 +
regress/sys/kern/ipf/input/n14_6 | 4 +
regress/sys/kern/ipf/input/n15 | 2 +
regress/sys/kern/ipf/input/n15_6 | 2 +
regress/sys/kern/ipf/input/n17_6 | 24 +
regress/sys/kern/ipf/input/n1_6 | 34 +
regress/sys/kern/ipf/input/n200 | 6 +
regress/sys/kern/ipf/input/n201 | 24 +
regress/sys/kern/ipf/input/n202 | 7 +
regress/sys/kern/ipf/input/n2_6 | 19 +
regress/sys/kern/ipf/input/n4_6 | 10 +
regress/sys/kern/ipf/input/n5_6 | 54 +
regress/sys/kern/ipf/input/n6_6 | 13 +
regress/sys/kern/ipf/input/n7_6 | 9 +
regress/sys/kern/ipf/input/n8_6 | 34 +
regress/sys/kern/ipf/input/n9_6 | 34 +
regress/sys/kern/ipf/input/ni18 | 4 +
regress/sys/kern/ipf/input/p10 | 10 +
regress/sys/kern/ipf/input/p11 | 10 +
regress/sys/kern/ipf/input/p12 | 10 +
regress/sys/kern/ipf/input/p13 | 8 +
regress/sys/kern/ipf/input/p4 | 12 +
regress/sys/kern/ipf/input/p6 | 2 +
regress/sys/kern/ipf/input/p7 | 10 +
regress/sys/kern/ipf/input/p9 | 10 +
regress/sys/kern/ipf/ipflib.sh | 59 +
regress/sys/kern/ipf/regress/f21 | 2 +
regress/sys/kern/ipf/regress/f22 | 2 +
regress/sys/kern/ipf/regress/f25 | 1 +
regress/sys/kern/ipf/regress/f26 | 6 +
regress/sys/kern/ipf/regress/f27 | 6 +
regress/sys/kern/ipf/regress/f28.ipf | 2 +
regress/sys/kern/ipf/regress/f28.pool | 2 +
regress/sys/kern/ipf/regress/f29.ipf | 2 +
regress/sys/kern/ipf/regress/f29.pool | 2 +
regress/sys/kern/ipf/regress/f30 | 4 +
regress/sys/kern/ipf/regress/i22 | 5 +
regress/sys/kern/ipf/regress/in100 | 3 +
regress/sys/kern/ipf/regress/in101 | 4 +
regress/sys/kern/ipf/regress/in102 | 5 +
regress/sys/kern/ipf/regress/ip3 | 14 +
regress/sys/kern/ipf/regress/ipv6.4 | 3 +
regress/sys/kern/ipf/regress/n100 | 1 +
regress/sys/kern/ipf/regress/n101 | 1 +
regress/sys/kern/ipf/regress/n102 | 1 +
regress/sys/kern/ipf/regress/n103 | 1 +
regress/sys/kern/ipf/regress/n104 | 1 +
regress/sys/kern/ipf/regress/n105 | 1 +
regress/sys/kern/ipf/regress/n106 | 1 +
regress/sys/kern/ipf/regress/n10_6 | 3 +
regress/sys/kern/ipf/regress/n11_6 | 3 +
regress/sys/kern/ipf/regress/n12_6 | 1 +
regress/sys/kern/ipf/regress/n13_6 | 1 +
regress/sys/kern/ipf/regress/n14_6 | 1 +
regress/sys/kern/ipf/regress/n15 | 2 +
regress/sys/kern/ipf/regress/n15_6 | 2 +
regress/sys/kern/ipf/regress/n16_6 | 1 +
regress/sys/kern/ipf/regress/n17_6 | 1 +
regress/sys/kern/ipf/regress/n18 | 6 +-
regress/sys/kern/ipf/regress/n1_6 | 3 +
regress/sys/kern/ipf/regress/n200 | 1 +
regress/sys/kern/ipf/regress/n201 | 1 +
regress/sys/kern/ipf/regress/n202 | 1 +
regress/sys/kern/ipf/regress/n2_6 | 4 +
regress/sys/kern/ipf/regress/n4_6 | 6 +
regress/sys/kern/ipf/regress/n5_6 | 6 +
regress/sys/kern/ipf/regress/n6_6 | 5 +
regress/sys/kern/ipf/regress/n7_6 | 3 +
regress/sys/kern/ipf/regress/n8_6 | 1 +
regress/sys/kern/ipf/regress/n9_6 | 1 +
regress/sys/kern/ipf/regress/ni18.nat | 4 +
regress/sys/kern/ipf/regress/p10.nat | 1 +
regress/sys/kern/ipf/regress/p10.pool | 2 +
regress/sys/kern/ipf/regress/p11.nat | 1 +
regress/sys/kern/ipf/regress/p11.pool | 2 +
regress/sys/kern/ipf/regress/p12.nat | 1 +
regress/sys/kern/ipf/regress/p12.pool | 2 +
regress/sys/kern/ipf/regress/p13.ipf | 1 +
regress/sys/kern/ipf/regress/p13.pool | 2 +
regress/sys/kern/ipf/regress/p4.nat | 1 +
regress/sys/kern/ipf/regress/p4.pool | 2 +
regress/sys/kern/ipf/regress/p6.ipf | 1 +
regress/sys/kern/ipf/regress/p6.pool | 1 +
regress/sys/kern/ipf/regress/p6.whois | 241 +
regress/sys/kern/ipf/regress/p7.nat | 1 +
regress/sys/kern/ipf/regress/p7.pool | 2 +
regress/sys/kern/ipf/regress/p9.nat | 1 +
regress/sys/kern/ipf/regress/p9.pool | 2 +
sys/dist/ipf/netinet/ip_dns_pxy.c | 401 ++
sys/dist/ipf/netinet/ip_dstlist.c | 1314 +++++++++
sys/dist/ipf/netinet/ip_dstlist.h | 71 +
sys/dist/ipf/netinet/ip_nat6.c | 4773 +++++++++++++++++++++++++++++++++
sys/dist/ipf/netinet/ip_tftp_pxy.c | 302 ++
sys/dist/ipf/netinet/ipf_rb.h | 366 ++
sys/dist/ipf/netinet/radix_ipf.c | 1324 +++++++++
sys/dist/ipf/netinet/radix_ipf.h | 98 +
553 files changed, 42738 insertions(+), 4579 deletions(-)
diffs (truncated from 57770 to 300 lines):
diff -r 774e637c6ffa -r 215a1d5e335d dist/ipf/bpf-ipf.h
--- a/dist/ipf/bpf-ipf.h Mon Jan 30 15:47:01 2012 +0000
+++ b/dist/ipf/bpf-ipf.h Mon Jan 30 16:02:57 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bpf-ipf.h,v 1.1.1.2 2008/05/20 06:43:46 darrenr Exp $ */
+/* $NetBSD: bpf-ipf.h,v 1.1.1.3 2012/01/30 16:03:21 darrenr Exp $ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -39,7 +39,7 @@
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
- * @(#) Header: /devel/CVS/IP-Filter/bpf-ipf.h,v 2.1.4.1 2007/10/26 12:15:08 darrenr Exp (LBL)
+ * @(#) Header: /devel/CVS/IP-Filter/bpf-ipf.h,v 2.2 2007/10/25 17:03:18 darrenr Exp (LBL)
*/
#ifndef BPF_MAJOR_VERSION
diff -r 774e637c6ffa -r 215a1d5e335d dist/ipf/ip_dns_pxy.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/ip_dns_pxy.c Mon Jan 30 16:02:57 2012 +0000
@@ -0,0 +1,401 @@
+/* $NetBSD$ */
+
+/*
+ * Copyright (C) 2010 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: ip_dns_pxy.c,v 2.2.2.6 2012/01/29 05:30:35 darrenr Exp
+ */
+
+#define IPF_DNS_PROXY
+
+/*
+ * map ... proxy port dns/udp 53 { block .cnn.com; }
+ */
+typedef struct ipf_dns_filter {
+ struct ipf_dns_filter *idns_next;
+ char *idns_name;
+ int idns_namelen;
+ int idns_pass;
+} ipf_dns_filter_t;
+
+
+typedef struct ipf_dns_softc_s {
+ ipf_dns_filter_t *ipf_p_dns_list;
+ ipfrwlock_t ipf_p_dns_rwlock;
+ u_long ipf_p_dns_compress;
+ u_long ipf_p_dns_toolong;
+ u_long ipf_p_dns_nospace;
+} ipf_dns_softc_t;
+
+int ipf_p_dns_allow_query __P((ipf_dns_softc_t *, dnsinfo_t *));
+int ipf_p_dns_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
+int ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
+int ipf_p_dns_get_name __P((ipf_dns_softc_t *, char *, int, char *, int));
+int ipf_p_dns_inout __P((void *, fr_info_t *, ap_session_t *, nat_t *));
+int ipf_p_dns_match __P((fr_info_t *, ap_session_t *, nat_t *));
+int ipf_p_dns_match_names __P((ipf_dns_filter_t *, char *, int));
+int ipf_p_dns_new __P((void *, fr_info_t *, ap_session_t *, nat_t *));
+void *ipf_p_dns_soft_create __P((ipf_main_softc_t *));
+void ipf_p_dns_soft_destroy __P((ipf_main_softc_t *, void *));
+
+typedef struct {
+ u_char dns_id[2];
+ u_short dns_ctlword;
+ u_short dns_qdcount;
+ u_short dns_ancount;
+ u_short dns_nscount;
+ u_short dns_arcount;
+} ipf_dns_hdr_t;
+
+#define DNS_QR(x) ((ntohs(x) & 0x8000) >> 15)
+#define DNS_OPCODE(x) ((ntohs(x) & 0x7800) >> 11)
+#define DNS_AA(x) ((ntohs(x) & 0x0400) >> 10)
+#define DNS_TC(x) ((ntohs(x) & 0x0200) >> 9)
+#define DNS_RD(x) ((ntohs(x) & 0x0100) >> 8)
+#define DNS_RA(x) ((ntohs(x) & 0x0080) >> 7)
+#define DNS_Z(x) ((ntohs(x) & 0x0070) >> 4)
+#define DNS_RCODE(x) ((ntohs(x) & 0x000f) >> 0)
+
+
+void *
+ipf_p_dns_soft_create(softc)
+ ipf_main_softc_t *softc;
+{
+ ipf_dns_softc_t *softd;
+
+ KMALLOC(softd, ipf_dns_softc_t *);
+ if (softd == NULL)
+ return NULL;
+
+ bzero((char *)softd, sizeof(*softd));
+ RWLOCK_INIT(&softd->ipf_p_dns_rwlock, "ipf dns rwlock");
+
+ return softd;
+}
+
+
+void
+ipf_p_dns_soft_destroy(softc, arg)
+ ipf_main_softc_t *softc;
+ void *arg;
+{
+ ipf_dns_softc_t *softd = arg;
+ ipf_dns_filter_t *idns;
+
+ while ((idns = softd->ipf_p_dns_list) != NULL) {
+ KFREES(idns->idns_name, idns->idns_namelen);
+ idns->idns_name = NULL;
+ idns->idns_namelen = 0;
+ softd->ipf_p_dns_list = idns->idns_next;
+ KFREE(idns);
+ }
+ RW_DESTROY(&softd->ipf_p_dns_rwlock);
+
+ KFREE(softd);
+}
+
+
+int
+ipf_p_dns_ctl(softc, arg, ctl)
+ ipf_main_softc_t *softc;
+ void *arg;
+ ap_ctl_t *ctl;
+{
+ ipf_dns_softc_t *softd = arg;
+ ipf_dns_filter_t *tmp, *idns, **idnsp;
+ int error = 0;
+
+ /*
+ * To make locking easier.
+ */
+ KMALLOC(tmp, ipf_dns_filter_t *);
+
+ WRITE_ENTER(&softd->ipf_p_dns_rwlock);
+ for (idnsp = &softd->ipf_p_dns_list; (idns = *idnsp) != NULL;
+ idnsp = &idns->idns_next) {
+ if (idns->idns_namelen != ctl->apc_dsize)
+ continue;
+ if (!strncmp(ctl->apc_data, idns->idns_name,
+ idns->idns_namelen))
+ break;
+ }
+
+ switch (ctl->apc_cmd)
+ {
+ case APC_CMD_DEL :
+ if (idns == NULL) {
+ IPFERROR(80006);
+ error = ESRCH;
+ break;
+ }
+ *idnsp = idns->idns_next;
+ idns->idns_next = NULL;
+ KFREES(idns->idns_name, idns->idns_namelen);
+ idns->idns_name = NULL;
+ idns->idns_namelen = 0;
+ KFREE(idns);
+ break;
+ case APC_CMD_ADD :
+ if (idns != NULL) {
+ IPFERROR(80007);
+ error = EEXIST;
+ break;
+ }
+ if (tmp == NULL) {
+ IPFERROR(80008);
+ error = ENOMEM;
+ break;
+ }
+ idns = tmp;
+ tmp = NULL;
+ idns->idns_namelen = ctl->apc_dsize;
+ idns->idns_name = ctl->apc_data;
+ idns->idns_pass = ctl->apc_arg;
+ idns->idns_next = NULL;
+ *idnsp = idns;
+ ctl->apc_data = NULL;
+ ctl->apc_dsize = 0;
+ break;
+ default :
+ IPFERROR(80009);
+ error = EINVAL;
+ break;
+ }
+ RWLOCK_EXIT(&softd->ipf_p_dns_rwlock);
+
+ if (tmp != NULL) {
+ KFREE(tmp);
+ tmp = NULL;
+ }
+
+ return error;
+}
+
+
+/* ARGSUSED */
+int
+ipf_p_dns_new(arg, fin, aps, nat)
+ void *arg;
+ fr_info_t *fin;
+ ap_session_t *aps;
+ nat_t *nat;
+{
+ dnsinfo_t *di;
+ int dlen;
+
+ dlen = fin->fin_dlen - sizeof(udphdr_t);
+ if (dlen < sizeof(ipf_dns_hdr_t)) {
+ /*
+ * No real DNS packet is smaller than that.
+ */
+ return -1;
+ }
+
+ aps->aps_psiz = sizeof(dnsinfo_t);
+ KMALLOCS(di, dnsinfo_t *, sizeof(dnsinfo_t));
+ if (di == NULL) {
+ printf("ipf_dns_new:KMALLOCS(%d) failed\n", sizeof(*di));
+ return -1;
+ }
+
+ MUTEX_INIT(&di->dnsi_lock, "dns lock");
+
+ aps->aps_data = di;
+
+ dlen = fin->fin_dlen - sizeof(udphdr_t);
+ COPYDATA(fin->fin_m, fin->fin_hlen + sizeof(udphdr_t),
+ MIN(dlen, sizeof(di->dnsi_buffer)), di->dnsi_buffer);
+ di->dnsi_id = (di->dnsi_buffer[0] << 8) | di->dnsi_buffer[1];
+ return 0;
+}
+
+
+/* ARGSUSED */
+int
+ipf_p_dns_del(softc, aps)
+ ipf_main_softc_t *softc;
+ ap_session_t *aps;
+{
+#ifdef USE_MUTEXES
+ dnsinfo_t *di = aps->aps_data;
+
+ MUTEX_DESTROY(&di->dnsi_lock);
+#endif
+ KFREES(aps->aps_data, aps->aps_psiz);
+ aps->aps_data = NULL;
+ aps->aps_psiz = 0;
+ return 0;
+}
+
+
+/*
+ * Tries to match the base string (in our ACL) with the query from a packet.
+ */
+int
+ipf_p_dns_match_names(idns, query, qlen)
+ ipf_dns_filter_t *idns;
+ char *query;
+ int qlen;
+{
+ int blen;
+ char *base;
+
+ blen = idns->idns_namelen;
+ base = idns->idns_name;
+
+ if (blen > qlen)
+ return 1;
+
+ if (blen == qlen)
+ return strncasecmp(base, query, qlen);
+
+ /*
+ * If the base string string is shorter than the query, allow the
+ * tail of the base to match the same length tail of the query *if*:
+ * - the base string starts with a '*' (*cnn.com)
+ * - the base string represents a domain (.cnn.com)
+ * as otherwise it would not be possible to block just "cnn.com"
+ * without also impacting "foocnn.com", etc.
+ */
+ if (*base == '*') {
+ base++;
+ blen--;
+ } else if (*base != '.')
+ return 1;
+
+ return strncasecmp(base, query + qlen - blen, blen);
+}
+
+
+int
+ipf_p_dns_get_name(softd, start, len, buffer, buflen)
+ ipf_dns_softc_t *softd;
+ char *start;
+ int len;
+ char *buffer;
+ int buflen;
Home |
Main Index |
Thread Index |
Old Index