Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf Import IPFilter 4.1.34 into NetBSD
details: https://anonhg.NetBSD.org/src/rev/c7c9ca706f6f
branches: trunk
changeset: 754048:c7c9ca706f6f
user: darrenr <darrenr%NetBSD.org@localhost>
date: Sat Apr 17 20:44:16 2010 +0000
description:
Import IPFilter 4.1.34 into NetBSD
4.1.34 - Release 11 March 2010
2964907 uninitialised use compile error
2959506 ipfstat does not display rules with compat
2949139 FR_T_BUILTIN masked out incorrectly
2937422 packets filtered with pools should not be cached
2935529 use of rules with tags leads to deadlock
2917501 whitespace cleanup required
2881514 in/out object functions not wired for compatibility
2841771 ipf/ippool rule maintenace bugs: memory leak, ref-counter bug
2839698 H.323 proxy does not clear fin_state/fin_nat
diffstat:
dist/ipf/arc4random.c | 4 +-
dist/ipf/ip_fil_compat.c | 2235 +++++++++++++++++++++++++++++++++++++++++++
dist/ipf/ip_sync.c | 6 +-
dist/ipf/lib/alist_new.c | 16 +-
dist/ipf/lib/bcopywrap.c | 8 +-
dist/ipf/lib/gethost.c | 12 +-
dist/ipf/lib/getifname.c | 12 +-
dist/ipf/lib/getsumd.c | 12 +-
dist/ipf/lib/kmemcpywrap.c | 12 +-
dist/ipf/lib/kvatoname.c | 12 +-
dist/ipf/lib/load_file.c | 10 +-
dist/ipf/lib/load_url.c | 12 +-
dist/ipf/lib/mutex_emul.c | 12 +-
dist/ipf/lib/nametokva.c | 12 +-
dist/ipf/lib/ntomask.c | 12 +-
dist/ipf/lib/printfr.c | 5 +-
dist/ipf/lib/printhostmap.c | 12 +-
dist/ipf/lib/printpacket6.c | 12 +-
dist/ipf/lib/printtunable.c | 12 +-
dist/ipf/lib/resetlexer.c | 12 +-
dist/ipf/lib/rwlock_emul.c | 12 +-
dist/ipf/tools/ipmon_y.y | 8 +-
dist/ipf/tools/ipnat.c | 7 +-
dist/ipf/tools/ipsyncm.c | 40 +-
dist/ipf/tools/ipsyncs.c | 45 +-
25 files changed, 2392 insertions(+), 160 deletions(-)
diffs (truncated from 3117 to 300 lines):
diff -r 3248bd74370a -r c7c9ca706f6f dist/ipf/arc4random.c
--- a/dist/ipf/arc4random.c Sat Apr 17 20:29:20 2010 +0000
+++ b/dist/ipf/arc4random.c Sat Apr 17 20:44:16 2010 +0000
@@ -70,7 +70,7 @@
c = *a;
*a = *b;
*b = c;
-}
+}
/*
* Stir our S-box.
@@ -160,7 +160,7 @@
struct timeval tv;
GETKTIME(&tv);
- if (reseed ||
+ if (reseed ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
diff -r 3248bd74370a -r c7c9ca706f6f dist/ipf/ip_fil_compat.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/ip_fil_compat.c Sat Apr 17 20:44:16 2010 +0000
@@ -0,0 +1,2235 @@
+/* $NetBSD$ */
+
+/*
+ * Copyright (C) 2010 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+# undef KERNEL
+# undef _KERNEL
+# define KERNEL 1
+# define _KERNEL 1
+#endif
+#if defined(__osf__)
+# define _PROTO_NET_H_
+#endif
+#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/file.h>
+#if __FreeBSD_version >= 220000 && defined(_KERNEL)
+# include <sys/fcntl.h>
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
+#if !defined(_KERNEL)
+# include <string.h>
+# define _KERNEL
+# ifdef __OpenBSD__
+struct file;
+# endif
+# include <sys/uio.h>
+# undef _KERNEL
+#endif
+#include <sys/socket.h>
+#if (defined(__osf__) || defined(AIX) || defined(__hpux) || defined(__sgi)) && defined(_KERNEL)
+# include "radix_ipf_local.h"
+# define _RADIX_H_
+#endif
+#include <net/if.h>
+#if defined(__FreeBSD__)
+# include <sys/cdefs.h>
+# include <sys/proc.h>
+#endif
+#if defined(_KERNEL)
+# include <sys/systm.h>
+# if !defined(__SVR4) && !defined(__svr4__)
+# include <sys/mbuf.h>
+# endif
+#endif
+#include <netinet/in.h>
+
+#include "netinet/ip_compat.h"
+#include "netinet/ip_fil.h"
+#include "netinet/ip_pool.h"
+#include "netinet/ip_htable.h"
+#include "netinet/ip_lookup.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_state.h"
+#include "netinet/ip_proxy.h"
+#include "netinet/ip_auth.h"
+/* END OF INCLUDES */
+
+/*
+ * NetBSD has moved to 64bit time_t for all architectures.
+ * For some, such as sparc64, there is no change because long is already
+ * 64bit, but for others (i386), there is...
+ */
+#ifdef IPFILTER_COMPAT
+
+# ifdef __NetBSD__
+typedef struct timeval_l {
+ long tv_sec;
+ long tv_usec;
+} timeval_l_t;
+# endif
+
+/* ------------------------------------------------------------------------ */
+
+/*
+ * 4.1.34 changed the size of the time structure used for pps (current)
+ * 4.1.16 moved the location of fr_flineno
+ * 4.1.0 base version
+ */
+typedef struct frentry_4_1_16 {
+ ipfmutex_t fr_lock;
+ struct frentry *fr_next;
+ struct frentry **fr_grp;
+ struct ipscan *fr_isc;
+ void *fr_ifas[4];
+ void *fr_ptr;
+ char *fr_comment;
+ int fr_ref;
+ int fr_statecnt;
+ int fr_flineno;
+ U_QUAD_T fr_hits;
+ U_QUAD_T fr_bytes;
+ union {
+#ifdef __NetBSD__
+ timeval_l_t frp_lastpkt;
+#else
+ struct timeval frp_lastpkt;
+#endif
+ } fr_lpu;
+ int fr_curpps;
+ union {
+ void *fru_data;
+ caddr_t fru_caddr;
+ fripf_t *fru_ipf;
+ frentfunc_t fru_func;
+ } fr_dun;
+ ipfunc_t fr_func;
+ int fr_dsize;
+ int fr_pps;
+ int fr_statemax;
+ u_32_t fr_type;
+ u_32_t fr_flags;
+ u_32_t fr_logtag;
+ u_32_t fr_collect;
+ u_int fr_arg;
+ u_int fr_loglevel;
+ u_int fr_age[2];
+ u_char fr_v;
+ u_char fr_icode;
+ char fr_group[FR_GROUPLEN];
+ char fr_grhead[FR_GROUPLEN];
+ ipftag_t fr_nattag;
+ char fr_ifnames[4][LIFNAMSIZ];
+ char fr_isctag[16];
+ frdest_t fr_tifs[2];
+ frdest_t fr_dif;
+ u_int fr_cksum;
+} frentry_4_1_16_t;
+
+typedef struct frentry_4_1_0 {
+ ipfmutex_t fr_lock;
+ struct frentry *fr_next;
+ struct frentry **fr_grp;
+ struct ipscan *fr_isc;
+ void *fr_ifas[4];
+ void *fr_ptr;
+ char *fr_comment;
+ int fr_ref;
+ int fr_statecnt;
+ U_QUAD_T fr_hits;
+ U_QUAD_T fr_bytes;
+ union {
+#ifdef __NetBSD__
+ timeval_l_t frp_lastpkt;
+#else
+ struct timeval frp_lastpkt;
+#endif
+ } fr_lpu;
+ int fr_curpps;
+
+ union {
+ void *fru_data;
+ caddr_t fru_caddr;
+ fripf_t *fru_ipf;
+ frentfunc_t fru_func;
+ } fr_dun;
+ /*
+ * Fields after this may not change whilst in the kernel.
+ */
+ ipfunc_t fr_func;
+ int fr_dsize;
+ int fr_pps;
+ int fr_statemax;
+ int fr_flineno;
+ u_32_t fr_type;
+ u_32_t fr_flags;
+ u_32_t fr_logtag;
+ u_32_t fr_collect;
+ u_int fr_arg;
+ u_int fr_loglevel;
+ u_int fr_age[2];
+ u_char fr_v;
+ u_char fr_icode;
+ char fr_group[FR_GROUPLEN];
+ char fr_grhead[FR_GROUPLEN];
+ ipftag_t fr_nattag;
+ char fr_ifnames[4][LIFNAMSIZ];
+ char fr_isctag[16];
+ frdest_t fr_tifs[2];
+ frdest_t fr_dif;
+ u_int fr_cksum;
+} frentry_4_1_0_t;
+
+/* ------------------------------------------------------------------------ */
+
+/*
+ * 4.1.32 removed both fin_state and fin_nat, added fin_pktnum (current)
+ * 4.1.24 added fin_cksum
+ * 4.1.23 added fin_exthdr
+ * 4.1.11 added fin_ifname
+ * 4.1.4 added fin_hbuf
+ */
+typedef struct fr_info_4_1_24 {
+ void *fin_ifp;
+ fr_ip_t fin_fi;
+ union {
+ u_short fid_16[2];
+ u_32_t fid_32;
+ } fin_dat;
+ int fin_out;
+ int fin_rev;
+ u_short fin_hlen;
+ u_char fin_tcpf;
+ u_char fin_icode;
+ u_32_t fin_rule;
+ char fin_group[FR_GROUPLEN];
+ struct frentry *fin_fr;
+ void *fin_dp;
+ int fin_dlen;
+ int fin_plen;
+ int fin_ipoff;
+ u_short fin_id;
+ u_short fin_off;
+ int fin_depth;
+ int fin_error;
+ int fin_cksum;
+ void *fin_state;
+ void *fin_nat;
+ void *fin_nattag;
+ void *fin_exthdr;
+ ip_t *fin_ip;
+ mb_t **fin_mp;
+ mb_t *fin_m;
+#ifdef MENTAT
+ mb_t *fin_qfm;
+ void *fin_qpi;
+ char fin_ifname[LIFNAMSIZ];
+#endif
+#ifdef __sgi
+ void *fin_hbuf;
+#endif
+} fr_info_4_1_24_t;
+
+typedef struct fr_info_4_1_23 {
+ void *fin_ifp;
+ fr_ip_t fin_fi;
+ union {
+ u_short fid_16[2];
+ u_32_t fid_32;
+ } fin_dat;
+ int fin_out;
+ int fin_rev;
+ u_short fin_hlen;
+ u_char fin_tcpf;
+ u_char fin_icode;
+ u_32_t fin_rule;
+ char fin_group[FR_GROUPLEN];
+ struct frentry *fin_fr;
+ void *fin_dp;
+ int fin_dlen;
+ int fin_plen;
+ int fin_ipoff;
+ u_short fin_id;
+ u_short fin_off;
+ int fin_depth;
+ int fin_error;
+ void *fin_state;
+ void *fin_nat;
+ void *fin_nattag;
+ void *fin_exthdr;
+ ip_t *fin_ip;
+ mb_t **fin_mp;
+ mb_t *fin_m;
+#ifdef MENTAT
+ mb_t *fin_qfm;
+ void *fin_qpi;
+ char fin_ifname[LIFNAMSIZ];
+#endif
Home |
Main Index |
Thread Index |
Old Index