Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Merge IPFilter 5.1.1 into HEAD
details: https://anonhg.NetBSD.org/src/rev/7229a28a825c
branches: trunk
changeset: 773277:7229a28a825c
user: darrenr <darrenr%NetBSD.org@localhost>
date: Mon Jan 30 16:12:02 2012 +0000
description:
Merge IPFilter 5.1.1 into HEAD
diffstat:
dist/ipf/BNF | 81 -
dist/ipf/BugReport | 12 -
dist/ipf/HISTORY | 978 +----
dist/ipf/IMPORTANT | 11 -
dist/ipf/IPF.KANJI | 465 -
dist/ipf/IPFILTER.LICENCE | 29 -
dist/ipf/Makefile | 418 -
dist/ipf/QNX_OCL.txt | 275 -
dist/ipf/README | 101 -
dist/ipf/STYLE.TXT | 57 -
dist/ipf/WhatsNew40.txt | 90 -
dist/ipf/Y2K | 3 -
dist/ipf/arc4random.c | 275 -
dist/ipf/bpf_filter.c | 595 --
dist/ipf/etc/protocols | 2 +-
dist/ipf/etc/services | 6 +-
dist/ipf/ip_fil.c | 610 +-
dist/ipf/ip_lookup.c | 1101 ++-
dist/ipf/ip_lookup.h | 75 +-
dist/ipf/ip_scan.c | 222 +-
dist/ipf/ipf.h | 159 +-
dist/ipf/iplang/Makefile | 32 -
dist/ipf/iplang/iplang.h | 4 +-
dist/ipf/iplang/iplang_l.l | 6 +-
dist/ipf/iplang/iplang_y.y | 14 +-
dist/ipf/ipsd/Makefile | 61 -
dist/ipf/ipsd/ipsd.c | 26 +-
dist/ipf/ipsd/ipsdr.c | 34 +-
dist/ipf/ipsd/linux.h | 4 +-
dist/ipf/ipsd/sbpf.c | 12 +-
dist/ipf/ipsd/sdlpi.c | 12 +-
dist/ipf/ipsd/slinux.c | 12 +-
dist/ipf/ipsd/snit.c | 12 +-
dist/ipf/ipsend/44arp.c | 9 +-
dist/ipf/ipsend/Makefile | 183 -
dist/ipf/ipsend/README | 8 -
dist/ipf/ipsend/arp.c | 13 +-
dist/ipf/ipsend/dlcommon.c | 218 +-
dist/ipf/ipsend/hpux.c | 114 -
dist/ipf/ipsend/ip.c | 50 +-
dist/ipf/ipsend/ipresend.c | 21 +-
dist/ipf/ipsend/ipsend.c | 22 +-
dist/ipf/ipsend/ipsopt.c | 20 +-
dist/ipf/ipsend/iptest.c | 10 +-
dist/ipf/ipsend/iptests.c | 79 +-
dist/ipf/ipsend/larp.c | 10 +-
dist/ipf/ipsend/linux.h | 4 +-
dist/ipf/ipsend/lsock.c | 22 +-
dist/ipf/ipsend/resend.c | 33 +-
dist/ipf/ipsend/sbpf.c | 14 +-
dist/ipf/ipsend/sdlpi.c | 13 +-
dist/ipf/ipsend/slinux.c | 12 +-
dist/ipf/ipsend/snit.c | 12 +-
dist/ipf/ipsend/sock.c | 29 +-
dist/ipf/ipsend/tcpip.h | 4 +-
dist/ipf/ipt.h | 11 +-
dist/ipf/kmem.h | 6 +-
dist/ipf/l4check/Makefile | 10 -
dist/ipf/l4check/l4check.c | 85 +-
dist/ipf/lib/Makefile | 310 -
dist/ipf/lib/addicmp.c | 6 +-
dist/ipf/lib/facpri.c | 24 +-
dist/ipf/lib/genmask.c | 70 +
dist/ipf/lib/getport.c | 25 +-
dist/ipf/lib/getportproto.c | 10 +-
dist/ipf/lib/getproto.c | 9 +-
dist/ipf/lib/hostname.c | 18 +-
dist/ipf/lib/icmpcode.c | 6 +-
dist/ipf/lib/inet_addr.c | 18 +-
dist/ipf/lib/ipf_dotuning.c | 12 +-
dist/ipf/lib/ipft_ef.c | 54 +-
dist/ipf/lib/ipft_hx.c | 44 +-
dist/ipf/lib/ipft_td.c | 44 +-
dist/ipf/lib/ipft_tx.c | 240 +-
dist/ipf/lib/kmem.c | 34 +-
dist/ipf/lib/load_http.c | 62 +-
dist/ipf/lib/printbuf.c | 15 +-
dist/ipf/lib/printnat.c | 345 +-
dist/ipf/lib/printsbuf.c | 19 +-
dist/ipf/lib/printstate.c | 170 +-
dist/ipf/lib/tcpoptnames.c | 22 +
dist/ipf/lib/v6ionames.c | 6 +-
dist/ipf/lib/var.c | 20 +-
dist/ipf/man/Makefile | 28 -
dist/ipf/man/ipf.5 | 2124 ++++++--
dist/ipf/man/ipmon.5 | 240 +-
dist/ipf/man/ipnat.1 | 47 +
dist/ipf/man/ipnat.5 | 910 ++-
dist/ipf/man/ippool.5 | 377 +-
dist/ipf/ml_ipl.c | 164 -
dist/ipf/mlf_rule.c | 168 -
dist/ipf/mlfk_ipl.c | 361 -
dist/ipf/mlfk_rule.c | 69 -
dist/ipf/mlh_rule.c | 114 -
dist/ipf/mlo_ipl.c | 256 -
dist/ipf/mlo_rule.c | 80 -
dist/ipf/mls_rule.c | 116 -
dist/ipf/mlso_rule.c | 129 -
dist/ipf/perl/Services | 164 +-
dist/ipf/perl/logfilter.pl | 36 +-
dist/ipf/radix.c | 1214 -----
dist/ipf/samples/Makefile | 24 -
dist/ipf/samples/proxy.c | 14 +-
dist/ipf/snoop.h | 6 +-
dist/ipf/test/expected/Makefile | 41 -
dist/ipf/todo | 10 +-
dist/ipf/tools/Makefile | 107 -
dist/ipf/tools/ipf.c | 133 +-
dist/ipf/tools/ipf_y.y | 1183 +++-
dist/ipf/tools/ipfcomp.c | 142 +-
dist/ipf/tools/ipfs.c | 48 +-
dist/ipf/tools/ipfstat.c | 852 ++-
dist/ipf/tools/ipmon.c | 1204 ++--
dist/ipf/tools/ipnat_y.y | 1490 ++++-
dist/ipf/tools/ippool.c | 426 +-
dist/ipf/tools/ippool_y.y | 525 +-
dist/ipf/tools/ipscan_y.y | 5 +-
dist/ipf/tools/lexer.c | 117 +-
dist/ipf/tools/lexer.h | 10 +-
sys/dist/ipf/netinet/fil.c | 7792 +++++++++++++++++++++-----------
sys/dist/ipf/netinet/ip_auth.c | 990 ++-
sys/dist/ipf/netinet/ip_auth.h | 48 +-
sys/dist/ipf/netinet/ip_compat.h | 726 +-
sys/dist/ipf/netinet/ip_fil.h | 1363 +++--
sys/dist/ipf/netinet/ip_fil_compat.c | 3642 +++++++++++++--
sys/dist/ipf/netinet/ip_fil_netbsd.c | 1182 ++--
sys/dist/ipf/netinet/ip_frag.c | 1145 +++-
sys/dist/ipf/netinet/ip_frag.h | 104 +-
sys/dist/ipf/netinet/ip_ftp_pxy.c | 1033 +++-
sys/dist/ipf/netinet/ip_h323_pxy.c | 164 +-
sys/dist/ipf/netinet/ip_htable.c | 1223 ++++-
sys/dist/ipf/netinet/ip_htable.h | 46 +-
sys/dist/ipf/netinet/ip_ipsec_pxy.c | 291 +-
sys/dist/ipf/netinet/ip_irc_pxy.c | 122 +-
sys/dist/ipf/netinet/ip_log.c | 546 +-
sys/dist/ipf/netinet/ip_lookup.c | 1103 ++-
sys/dist/ipf/netinet/ip_lookup.h | 75 +-
sys/dist/ipf/netinet/ip_nat.c | 7728 +++++++++++++++++++++++--------
sys/dist/ipf/netinet/ip_nat.h | 643 +-
sys/dist/ipf/netinet/ip_netbios_pxy.c | 32 +-
sys/dist/ipf/netinet/ip_pool.c | 1182 +++-
sys/dist/ipf/netinet/ip_pool.h | 88 +-
sys/dist/ipf/netinet/ip_pptp_pxy.c | 243 +-
sys/dist/ipf/netinet/ip_proxy.c | 930 ++-
sys/dist/ipf/netinet/ip_proxy.h | 168 +-
sys/dist/ipf/netinet/ip_raudio_pxy.c | 91 +-
sys/dist/ipf/netinet/ip_rcmd_pxy.c | 269 +-
sys/dist/ipf/netinet/ip_rpcb_pxy.c | 314 +-
sys/dist/ipf/netinet/ip_scan.c | 224 +-
sys/dist/ipf/netinet/ip_scan.h | 22 +-
sys/dist/ipf/netinet/ip_state.c | 3354 ++++++++-----
sys/dist/ipf/netinet/ip_state.h | 209 +-
sys/dist/ipf/netinet/ip_sync.c | 1006 +++-
sys/dist/ipf/netinet/ip_sync.h | 38 +-
sys/dist/ipf/netinet/ipl.h | 10 +-
155 files changed, 35913 insertions(+), 23556 deletions(-)
diffs (truncated from 85148 to 300 lines):
diff -r 215a1d5e335d -r 7229a28a825c dist/ipf/BNF
--- a/dist/ipf/BNF Mon Jan 30 16:02:57 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
- [ proto ] [ ip ] [ group ] [ tag ] [ pps ] .
-
-insert = "@" decnumber .
-action = block | "pass" | log | "count" | auth | call .
-in-out = "in" | "out" .
-options = [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] .
-tos = "tos" decnumber | "tos" hexnumber .
-ttl = "ttl" decnumber .
-proto = "proto" protocol .
-ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
-group = [ "head" decnumber ] [ "group" decnumber ] .
-pps = "pps" decnumber .
-
-onif = "on" interface-name [ "out-via" interface-name ] .
-block = "block" [ return-icmp[return-code] | "return-rst" ] .
-auth = "auth" | "preauth" .
-log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
-tag = "tag" tagid .
-call = "call" [ "now" ] function-name "/" decnumber.
-dup = "dup-to" interface-name[":"ipaddr] .
-froute = "fastroute" | "to" interface-name .
-replyto = "reply-to" interface-name [ ":" ipaddr ] .
-protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
-srcdst = "all" | fromto .
-fromto = "from" object "to" object .
-
-return-icmp = "return-icmp" | "return-icmp-as-dest" .
-loglevel = facility"."priority | priority .
-object = addr [ port-comp | port-range ] .
-addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
-port-comp = "port" compare port-num .
-port-range = "port" port-num range port-num .
-flags = "flags" flag { flag } [ "/" flag { flag } ] .
-with = "with" | "and" .
-icmp = "icmp-type" icmp-type [ "code" decnumber ] .
-return-code = "("icmp-code")" .
-keep = "keep" "state" [ "limit" number ] | "keep" "frags" .
-
-nummask = host-name [ "/" decnumber ] .
-host-name = ipaddr | hostname | "any" .
-ipaddr = host-num "." host-num "." host-num "." host-num .
-host-num = digit [ digit [ digit ] ] .
-port-num = service-name | decnumber .
-
-withopt = [ "not" | "no" ] opttype [ [ "," ] withopt ] .
-opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" |
- "mbcast" | "opt" ipopts .
-optname = ipopts [ "," optname ] .
-ipopts = optlist | "sec-class" [ secname ] .
-secname = seclvl [ "," secname ] .
-seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" |
- "reserv-4" | "secret" | "topsecret" .
-icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" |
- "timex" | "paramprob" | "timest" | "timestrep" | "inforeq" |
- "inforep" | "maskreq" | "maskrep" | "routerad" |
- "routersol" | decnumber .
-icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
- "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
- "net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
- "filter-prohib" | "host-preced" | "cutoff-preced" .
-optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" |
- "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" |
- "visa" | "imitd" | "eip" | "finn" .
-facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
- "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" |
- "audit" | "logalert" | "local0" | "local1" | "local2" |
- "local3" | "local4" | "local5" | "local6" | "local7" .
-priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
- "info" | "debug" .
-
-hexnumber = "0" "x" hexstring .
-hexstring = hexdigit [ hexstring ] .
-decnumber = digit [ decnumber ] .
-
-compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" |
- "le" | "ge" .
-range = "<>" | "><" .
-hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" .
-digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" .
-flag = "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" .
diff -r 215a1d5e335d -r 7229a28a825c dist/ipf/BugReport
--- a/dist/ipf/BugReport Mon Jan 30 16:02:57 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-Please submit this information at SourceForge using this URL:
-http://sourceforge.net/tracker/?func=add&group_id=169098&atid=849053
-
-Please also send an email to darrenr%reed.wattle.id.au@localhost.
-
-Some information that I generally find important:
---------------------------
-* IP Filter Version
-* Operating System and its Version
-* Configuration: (LKM or compiled-into-kernel)
-* Description of problem
-* How to repeat
diff -r 215a1d5e335d -r 7229a28a825c dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Mon Jan 30 16:02:57 2012 +0000
+++ b/dist/ipf/HISTORY Mon Jan 30 16:12:02 2012 +0000
@@ -10,981 +10,9 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
-4.1.34 - Release 11 MArch 2010
-
-2964907 uninitialised use compile error
-
-2959506 ipfstat does not display rules with compat
-
-2949139 FR_T_BUILTIN masked out incorrectly
-
-2937422 packets filtered with pools should not be cached'
-
-2935529 use of rules with tags leads to deadlock
-
-2917501 whitespace cleanup required
-
-2898915 Does not build on newer FreeBSD
-
-2898337 Does not build on newer FreeBSD
-
-2881514 in/out object functions not wired for compatibility
-
-2841771 ipf/ippool rule maintenace bugs: memory leak, ref-counter bug
-
-2839698 H.323 proxy does not clear fin_state/fin_nat
-
-4.1.33 - Release 16 August 2009
-
-2838417 tru64 compile is not error free
-
-2837931 wrong mode selected in ipf program for hash-entries
-
-2828188 soft lockups on Linux
-
-2826168 load_http can make ippool core dump
-
-2825150 IPL_LOGMAX used to index some arrays
-
-2825084 ipv6 fragments should not be allowed past 64k
-
-2824713 ipfstat top output alternates between entries and nothing
-
-2824712 ipfstat top output is shows negative ttl
-
-2820965 a single bad ipv6 extension header should not impact others
-
-2818197 ignored fragment bits defined as being reserved
-
-2817667 IPv6 fragment header verification needs attention
-
-2817098 fr_getrulen() finds the wrong rule
-
-2817096 fr_rulen is unused
-
-2814988 4.1.32 RC5 does not compile on Tru64 5.1B-5
-
-2825387 ipfilter 4-1-RELEASE won't build on RHEL 5.3 kernel 2.6.18..
-
-2792185 no proxy modules are built on linux
-
-2787359 ipmon prints loopback name incorrectly for linux
-
-4.1.32 - Release 20 June 2009
-
-2741019 Lingering states (Established/Listen - 5/0) in state table
-
-2790920 Solaris U7 breaks ipfilter compilation
-
-2790910 OOW issue on Solaris 10 v4.1.9
-
-2706155 Reference to .symbol file missing in ipf.ko on FreeBSD/AMD64
-
-2787870 4.1.32rc2 ipfstat -nio causes oops on Fedora 10
-
-2785189 Networking stops on x86_64 RHEL ES4 U6 (2.6.9-67.ELsmp)
-
-2706137 FreeBSD/AMD64 build is still broken in 4.1.32 RC5
-
-2702887 use of PBR/fastroute causes panic with ipv6
-
-2657365 IPFilter 4.1.32 RC4 fails to compile on FreeBSD7/AMD64
-
-2671913 regression test in7 fails to execute
-
-2650040 cannot compile updated kernel source for 4.10
-
-2598625 parsing empty config file results in an error
-
-2698656 test parsing empty config files
-
-2597956 not all pointers in a clone are reset
-
-2543934 nat_t gets assigned ifp too early
-
-2539808 Compiling with Solaris10 patch 138889-03 fails
-
-2535795 No need to always bump fr_ref
-
-2535778 Bad IPv6 packets droped by default
-
-4.1.32 RC1 - Release 1 January 2009
-
-2031730 4.1.31 Nat drops fragmented packets after the first
-
-2214661 ipf doesn't handle IPv6 fragments
-
-2473273 NAT removed before RST/ICMP sent
-
-2216500 fin_state serves no purpose
-
-2424604 adding random MD5 data causes panic
-
-2304435 Ineffecient lock usage in logging
-
-2216491 fin_nat serves little purpose
-
-1859718 IPF 4.1.28 repeated kernel panic Solaris 9 32bit
-
-2055619 duplicating a free'd packet will fail
-
-2042949 Excessive locking when creating nat_t
-
-2035610 nat_update does not need to get locks
-
-2214658 ipf mostly ignores locking in NetBSD
-
-1979427 Memory leak in user utilities - token never freed (rel br)
-
-* try to guess if SUNWspro wants -m64
-
-2063742 4.1.30 breaks builds on Solaris 8
-
-4.1.31 - Release 27 July 2008
-
-* compiling arc4random.c is challenging on solaris 10 or solaris without gcc
-
-* SunOS4 doesn't have a curproc, but it does have u.
-
-* The fix for 2020447 generated random port numbers but not within the
- range specified in the map rule. Add in a regression test to verify
- that the "random" part works.
-
-4.1.30 - Release 24 July 2008
-
-2022104 solaris's driver.conf cannot set timeout values
-
-2020447 IPFilter's NAT can undo name server random port selection
-
-1988795 NetBSD doesn't build with kernel malloc stats
-
-1988782 fr_movequeue can take a short cut
-
-1988669 first nat creation failure prevents further success
-
-1988668 hostmap searching does not work properly
-
-* on some 64bit architectures (such as alpha), the addrfamily_t is packed
- differently, throwing off the calculations for adf_len
-
-* one too many READ_ENTERs in ip_sync code.
-
-* clean up fr_fastroute a little by removing some #ifdefs and pushing the
- code around a bit to use the same variables (NetBSD)
-
-* more recent NetBSDs use VOP related macros differently
-
-4.1.29 - Release 14 April 2008
-
-* #ifdef warning fixes from Victor M Blood (FreeBSD) - #1821249
-
-* An error in NAT'ing a packet that is being fed through the fastroute
- code (i.e return-icmp/return-rst/to/dup-to) can lead to a memory leak
- with mbufs
-
-* NetBSD has removed rnh_walktree
-
-* Remove exit/enter of ipf_global lock as they are now no longer held by
- what calls fr_auth_ioctl()
-
-* add in checks to see that a symbol is defined before using it in a test
- case with C preprocessor #if statements
-
-* add setting TCP TIME_WAIT timer to list of tuneables
-
-* call of _pullup() high up in _icmp() means later checks for fin_dlen
- that are less than 8 are not required.
-
-* cleanup some errors in merging patches
-
-* merge changes from netbsd for updated poll apis
-
-* merge white space cleanup
-
-* preserve and restore the fin_flx bits from the packet before it is
Home |
Main Index |
Thread Index |
Old Index