tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Patches for IPFilter
This patch fixes "ipfstat" not displaying group rules and fixes problems
being able to remove individual rules using ipf/ipnat.
#547 rule parsing puts junk at the end of ipf rules
#546 ipfstat -io does not list rules in groups aside from 0
Due to unforeseen circumstances I'm not able to commit this myself.
Cheers,
Darren
diff -r -u ipf/dist/lib/gethost.c.orig ipf/dist/lib/gethost.c
--- usr/external/bsd/ipf/dist/lib/gethost.c.orig 2012-07-23
00:27:36.000000000 +1000
+++ usr/external/bsd/ipf/dist/lib/gethost.c 2014-06-09 01:53:41.000000000
+1000
@@ -19,6 +19,7 @@
struct netent *n;
u_32_t addr;
+ bzero(hostp, sizeof(*hostp));
if (!strcmp(name, "test.host.dots")) {
if (family == AF_INET) {
hostp->in4.s_addr = htonl(0xfedcba98);
diff -r -u ipf/dist/tools/ipf_y.y.orig.orig ipf/dist/tools/ipf_y.y
--- usr/external/bsd/ipf/dist/tools/ipf_y.y.orig 2012-07-22
23:44:52.000000000 +1000
+++ usr/external/bsd/ipf/dist/tools/ipf_y.y 2014-06-09 00:25:29.000000000
+1000
@@ -2601,7 +2601,13 @@
int pos;
nlen = strlen(name) + 1;
- f = realloc(*frp, (*frp)->fr_size + nlen);
+ /*
+ * realloc is harder to use here because the end of the structure
+ * needs to be zero'd, else it gets junk bytes.
+ */
+ f = calloc(1, (*frp)->fr_size + nlen);
+ bcopy(*frp, f, (*frp)->fr_size);
+ free(*frp);
if (*frp == frc)
frc = f;
*frp = f;
Only in ipf/dist/tools: ipf_y.y.orig
diff -r -u ipf/dist/tools/ipfstat.c.orig ipf/dist/tools/ipfstat.c
--- usr/external/bsd/ipf/dist/tools/ipfstat.c.orig 2012-07-23
00:27:51.000000000 +1000
+++ usr/external/bsd/ipf/dist/tools/ipfstat.c 2014-06-08 04:55:17.000000000
+1000
@@ -799,7 +799,6 @@
struct frentry fb;
ipfruleiter_t rule;
frentry_t zero;
- frgroup_t *g;
ipfobj_t obj;
void *buf;
size_t bufsiz;
@@ -833,7 +832,7 @@
if ((buf = malloc(bufsiz = sizeof(*fp) + 10240)) == NULL)
return 0;
- do {
+ while (rule.iri_rule != NULL) {
memset(buf, 0xff, bufsiz);
fp = buf;
rule.iri_rule = fp;
@@ -886,35 +885,11 @@
if (fp->fr_data != NULL && fp->fr_dsize > 0)
binprint(fp->fr_data, fp->fr_dsize);
}
- if (fp->fr_grhead != -1) {
- for (g = grtop; g != NULL; g = g->fg_next) {
- if (!strncmp(fp->fr_names + fp->fr_grhead,
- g->fg_name,
- FR_GROUPLEN))
- break;
- }
- if (g == NULL) {
- g = calloc(1, sizeof(*g));
-
- if (g != NULL) {
- strncpy(g->fg_name,
- fp->fr_names + fp->fr_grhead,
- FR_GROUPLEN);
- if (grtop == NULL) {
- grtop = g;
- grtail = g;
- } else {
- grtail->fg_next = g;
- grtail = g;
- }
- }
- }
- }
if (fp->fr_type == FR_T_CALLFUNC) {
rules += printlivelist(fiop, out, set, fp->fr_data,
group, "# callfunc: ");
}
- } while (fp->fr_next != NULL);
+ }
num = IPFGENITER_IPF;
(void) ioctl(ipf_fd,SIOCIPFDELTOK, &num);
diff -r -u ipf/dist/tools/ipnat_y.y.orig ipf/dist/tools/ipnat_y.y
--- usr/external/bsd/ipf/dist/tools/ipnat_y.y.orig 2012-07-22
23:44:57.000000000 +1000
+++ usr/external/bsd/ipf/dist/tools/ipnat_y.y 2014-06-10 01:49:12.000000000
+1000
@@ -1762,7 +1762,9 @@
int pos;
nlen = strlen(name) + 1;
- n = realloc(*np, (*np)->in_size + nlen);
+ n = calloc(1, (*np)->in_size + nlen);
+ bcopy(*np, n, (*np)->in_size);
+ free(*np);
if (*np == nattop)
nattop = n;
*np = n;
Home |
Main Index |
Thread Index |
Old Index