diff -cr ip_fil3.4/HISTORY ip_fil3.4.1/HISTORY *** ip_fil3.4/HISTORY Fri Apr 28 21:24:50 2000 --- ip_fil3.4.1/HISTORY Sun Apr 30 15:20:58 2000 *************** *** 20,25 **** --- 20,47 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.4.1 - 30/4/2000 - Released + + add ratoui() and fix parsing of group numbers to allow 0 - UINT_MAX + + don't include opt_inet6.h for FreeBSD if KLD_MODULE is defined + + Solaris must use copyin() for all types of ioctl() args + + fix up screen/tty when leaving "top mode" of ipfstat + + linked list for maptable not setup correctly in nat_hostmap() + + check for maptable rather than nat_table[1] to see if malloc for maptable + succeeded in nat_init + + fix handling of map NAT rules with "from/to" host specs + + fix printout out of source address when using "from/to" with map rules + + convert ip_len back to network byte order, not plen, for solaris as ip_len + may have been changed by NAT and plen won't reflect this + 3.4 - 27/4/2000 - Released source address spoofing can be turned on (fr_chksrc) without using diff -cr ip_fil3.4/SunOS5/pkginfo ip_fil3.4.1/SunOS5/pkginfo *** ip_fil3.4/SunOS5/pkginfo Fri Apr 28 21:25:00 2000 --- ip_fil3.4.1/SunOS5/pkginfo Sun Apr 30 15:13:55 2000 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.1 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil3.4/buildsunos ip_fil3.4.1/buildsunos *** ip_fil3.4/buildsunos Fri Apr 28 21:14:12 2000 --- ip_fil3.4.1/buildsunos Fri Apr 28 21:13:51 2000 *************** *** 3,9 **** echo "Do NOT run this script directly, do 'make solaris'!" exit 1 fi ! # $Id: buildsunos,v 2.5 2000/03/14 14:40:24 darrenr Exp $ : rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'` if [ -d /usr/ccs/bin ] ; then --- 3,9 ---- echo "Do NOT run this script directly, do 'make solaris'!" exit 1 fi ! # $Id: buildsunos,v 2.5.2.1 2000/04/28 11:13:51 darrenr Exp $ : rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'` if [ -d /usr/ccs/bin ] ; then *************** *** 46,52 **** cpu=`uname -m` cpudir=${cpu}-`uname -r` fi - # CC=gcc if [ $cpu = i386 ] ; then make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC" exit $? --- 46,51 ---- diff -cr ip_fil3.4/common.c ip_fil3.4.1/common.c *** ip_fil3.4/common.c Fri Apr 7 22:31:14 2000 --- ip_fil3.4.1/common.c Sat Apr 29 01:31:02 2000 *************** *** 510,515 **** --- 510,530 ---- } + int ratoui(ps, pi, min, max) + char *ps; + u_int *pi, min, max; + { + u_int i; + char *pe; + + i = (u_int)strtol(ps, &pe, 0); + if (*pe != '\0' || i < min || i > max) + return 0; + *pi = i; + return 1; + } + + void printhostmask(v, addr, mask) int v; u_32_t *addr, *mask; diff -cr ip_fil3.4/fil.c ip_fil3.4.1/fil.c *** ip_fil3.4/fil.c Fri Apr 28 20:47:36 2000 --- ip_fil3.4.1/fil.c Sat Apr 29 01:38:32 2000 *************** *** 7,17 **** */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.2 2000/04/28 10:47:36 darrenr Exp $"; #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ ! (__FreeBSD_version >= 400000) #include "opt_inet6.h" #endif #include --- 7,17 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.4 2000/04/28 15:38:32 darrenr Exp $"; #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ ! (__FreeBSD_version >= 400000) && !defined(KLD_MODULE) #include "opt_inet6.h" #endif #include *************** *** 1325,1331 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.2 2000/04/28 10:47:36 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 1325,1331 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.4 2000/04/28 15:38:32 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, *************** *** 1802,1808 **** --- 1802,1812 ---- caddr_t ca; int err; + #if SOLARIS + copyin(a, &ca, sizeof(ca)); + #else bcopy(a, &ca, sizeof(ca)); + #endif err = copyin(ca, b, c); return err; } *************** *** 1815,1821 **** --- 1819,1829 ---- caddr_t ca; int err; + #if SOLARIS + copyin(b, &ca, sizeof(ca)); + #else bcopy(b, &ca, sizeof(ca)); + #endif err = copyout(a, ca, c); return err; } diff -cr ip_fil3.4/fils.c ip_fil3.4.1/fils.c *** ip_fil3.4/fils.c Sun Mar 26 01:47:16 2000 --- ip_fil3.4.1/fils.c Sat Apr 29 03:03:11 2000 *************** *** 65,71 **** #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21 2000/03/25 14:47:16 darrenr Exp $"; #endif extern char *optarg; --- 65,71 ---- #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.1 2000/04/28 17:03:11 darrenr Exp $"; #endif extern char *optarg; *************** *** 931,953 **** /* if key pressed, read all waiting keys */ if (FD_ISSET(0, &readfd)) ! while ((c = wgetch(stdscr)) != ERR) ! if (tolower(c) == 'l') redraw = 1; ! else if (tolower(c) == 'q') exit(0); ! else if (tolower(c) == 'r') reverse = !reverse; ! else if (tolower(c) == 's') { sorting++; if (sorting > STSORT_MAX) sorting = 0; } } /* while */ close(sfd); printw("\n"); endwin(); } #endif --- 931,957 ---- /* if key pressed, read all waiting keys */ if (FD_ISSET(0, &readfd)) ! while ((c = wgetch(stdscr)) != ERR) { ! if (tolower(c) == 'l') { redraw = 1; ! } else if (tolower(c) == 'q') { ! nocbreak(); ! endwin(); exit(0); ! } else if (tolower(c) == 'r') { reverse = !reverse; ! } else if (tolower(c) == 's') { sorting++; if (sorting > STSORT_MAX) sorting = 0; } + } } /* while */ close(sfd); printw("\n"); + nocbreak(); endwin(); } #endif diff -cr ip_fil3.4/ip_compat.h ip_fil3.4.1/ip_compat.h *** ip_fil3.4/ip_compat.h Fri Apr 28 20:47:25 2000 --- ip_fil3.4.1/ip_compat.h Sat Apr 29 00:56:49 2000 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.26.2.2 2000/04/28 10:47:25 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.26.2.3 2000/04/28 14:56:49 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ *************** *** 150,156 **** # if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 104110000) # include "opt_inet.h" # endif ! # if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000) # include "opt_inet6.h" # endif # ifdef INET6 --- 150,157 ---- # if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 104110000) # include "opt_inet.h" # endif ! # if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000) && \ ! !defined(KLD_MODULE) # include "opt_inet6.h" # endif # ifdef INET6 diff -cr ip_fil3.4/ip_fil.c ip_fil3.4.1/ip_fil.c *** ip_fil3.4/ip_fil.c Fri Apr 28 20:47:14 2000 --- ip_fil3.4.1/ip_fil.c Sat Apr 29 00:56:50 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.1 2000/04/28 10:47:14 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.2 2000/04/28 14:56:50 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 18,24 **** # define _KERNEL #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ ! (__FreeBSD_version >= 400000) #include "opt_inet6.h" #endif #include --- 18,24 ---- # define _KERNEL #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ ! (__FreeBSD_version >= 400000) && !defined(KLD_MODULE) #include "opt_inet6.h" #endif #include diff -cr ip_fil3.4/ip_frag.c ip_fil3.4.1/ip_frag.c *** ip_fil3.4/ip_frag.c Tue Mar 14 09:10:21 2000 --- ip_fil3.4.1/ip_frag.c Sat Apr 29 00:56:51 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.10 2000/03/13 22:10:21 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.10.2.1 2000/04/28 14:56:51 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) *************** *** 24,30 **** # include # include #endif ! #if defined(KERNEL) && (__FreeBSD_version >= 220000) # include # include #else --- 24,30 ---- # include # include #endif ! #if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000) # include # include #else diff -cr ip_fil3.4/ip_ftp_pxy.c ip_fil3.4.1/ip_ftp_pxy.c *** ip_fil3.4/ip_ftp_pxy.c Sun Mar 26 01:46:37 2000 --- ip_fil3.4.1/ip_ftp_pxy.c Sun Apr 30 15:13:05 2000 *************** *** 2,8 **** * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7 2000/03/25 14:46:37 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; --- 2,8 ---- * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.1 2000/04/30 05:13:05 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; *************** *** 51,59 **** size_t len; { register char *s, c; ! register size_t i; ! if (len < 5) return 0; s = buf; c = *s++; --- 51,60 ---- size_t len; { register char *s, c; ! register size_t i = len; ! nextmsg: ! if (i < 5) return 0; s = buf; c = *s++; *************** *** 98,108 **** return 0; for (; i && (c = *s); i--, s++) { ! if ((c == '\r') && (i != 2)) return 0; ! if ((c == '\n') && (i != 1)) ! return 0; ! else if ((i == 2) && (c != '\r')) return 0; else if ((i == 1) && (c != '\n')) return 0; --- 99,114 ---- return 0; for (; i && (c = *s); i--, s++) { ! if (c == '\r') { ! if (i >= 2) ! continue; return 0; ! } ! if (c == '\n') { ! if (i > 1) ! goto nextmsg; ! } ! if ((i == 2) && (c != '\r')) return 0; else if ((i == 1) && (c != '\n')) return 0; *************** *** 207,217 **** ftp = nat->nat_aps->aps_data; ftp->ftp_eol[1][1] = ftp->ftp_eol[1][0]; ftp->ftp_eol[1][0] = ippr_ftp_complete(portbuf, dlen); - if (ftp->ftp_eol[1][0] == 0) - return 0; ftp->ftp_seq[1][1] = ftp->ftp_seq[1][0]; ! ftp->ftp_seq[1][0] = tcp->th_seq + dlen; switch (ftp->ftp_passok) { --- 213,221 ---- ftp = nat->nat_aps->aps_data; ftp->ftp_eol[1][1] = ftp->ftp_eol[1][0]; ftp->ftp_eol[1][0] = ippr_ftp_complete(portbuf, dlen); ftp->ftp_seq[1][1] = ftp->ftp_seq[1][0]; ! ftp->ftp_seq[1][0] = ntohl(tcp->th_seq) + dlen; switch (ftp->ftp_passok) { *************** *** 225,232 **** break; } if ((ftp->ftp_passok != 4) || (ftp->ftp_eol[1][1] == 0) || ! (tcp->th_ack != ftp->ftp_seq[0][0])) return 0; /* --- 229,239 ---- break; } + if (ftp->ftp_eol[1][0] == 0) + return 0; + if ((ftp->ftp_passok != 4) || (ftp->ftp_eol[1][1] == 0) || ! (ntohl(tcp->th_ack) != ftp->ftp_seq[0][0])) return 0; /* *************** *** 448,454 **** ftp->ftp_eol[0][0] = ippr_ftp_complete(portbuf, dlen); ftp->ftp_seq[0][1] = ftp->ftp_seq[0][0]; ! ftp->ftp_seq[0][0] = tcp->th_seq + dlen; switch (ftp->ftp_passok) { --- 455,461 ---- ftp->ftp_eol[0][0] = ippr_ftp_complete(portbuf, dlen); ftp->ftp_seq[0][1] = ftp->ftp_seq[0][0]; ! ftp->ftp_seq[0][0] = ntohl(tcp->th_seq) + dlen; switch (ftp->ftp_passok) { *************** *** 469,475 **** if (ftp->ftp_eol[0][0] == 0) return 0; if ((ftp->ftp_passok != 4) || (ftp->ftp_eol[0][1] == 0) || ! (tcp->th_ack != ftp->ftp_seq[1][0])) return 0; /* --- 476,482 ---- if (ftp->ftp_eol[0][0] == 0) return 0; if ((ftp->ftp_passok != 4) || (ftp->ftp_eol[0][1] == 0) || ! (ntohl(tcp->th_ack) != ftp->ftp_seq[1][0])) return 0; /* diff -cr ip_fil3.4/ip_nat.c ip_fil3.4.1/ip_nat.c *** ip_fil3.4/ip_nat.c Wed Apr 26 02:18:06 2000 --- ip_fil3.4.1/ip_nat.c Sun Apr 30 15:10:56 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.1 2000/04/25 16:18:06 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.2 2000/04/30 05:10:56 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 176,182 **** return -1; KMALLOCS(maptable, hostmap_t **, sizeof(hostmap_t *) * ipf_hostmap_sz); ! if (nat_table[1] != NULL) bzero((char *)maptable, sizeof(hostmap_t *) * ipf_hostmap_sz); else return -1; --- 176,182 ---- return -1; KMALLOCS(maptable, hostmap_t **, sizeof(hostmap_t *) * ipf_hostmap_sz); ! if (maptable != NULL) bzero((char *)maptable, sizeof(hostmap_t *) * ipf_hostmap_sz); else return -1; *************** *** 272,277 **** --- 272,279 ---- if (hm) { hm->hm_next = maptable[hv]; hm->hm_pnext = maptable + hv; + if (maptable[hv]) + maptable[hv]->hm_pnext = &hm->hm_next; maptable[hv] = hm; hm->hm_ipnat = np; hm->hm_realip = real; *************** *** 1805,1817 **** hv = NAT_HASH_FN(iph, 0, ipf_natrules_sz); for (np = nat_rules[hv]; np; np = np->in_mnext) { ! if ((np->in_ifp == ifp) && np->in_space && ! (!(np->in_flags & IPN_RF) || ! (np->in_flags & nflags)) && ! (((np->in_flags & IPN_FILTER) && ! nat_match(fin, np, ip)) || ! (((ipa & np->in_inmsk) == np->in_inip) && ! (np->in_redir & (NAT_MAP|NAT_MAPBLK))))) { if (*np->in_plabel && !appr_ok(ip, tcp, np)) continue; /* --- 1807,1824 ---- hv = NAT_HASH_FN(iph, 0, ipf_natrules_sz); for (np = nat_rules[hv]; np; np = np->in_mnext) { ! if ((np->in_ifp && (np->in_ifp != ifp)) || ! !np->in_space) ! continue; ! if ((np->in_flags & IPN_RF) && ! !(np->in_flags & nflags)) ! continue; ! if (np->in_flags & IPN_FILTER) { ! if (!nat_match(fin, np, ip)) ! continue; ! } else if ((ipa & np->in_inmsk) != np->in_inip) ! continue; ! if (np->in_redir & (NAT_MAP|NAT_MAPBLK)) { if (*np->in_plabel && !appr_ok(ip, tcp, np)) continue; /* diff -cr ip_fil3.4/ip_state.c ip_fil3.4.1/ip_state.c *** ip_fil3.4/ip_state.c Fri Apr 28 20:46:25 2000 --- ip_fil3.4.1/ip_state.c Sat Apr 29 00:56:52 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.4 2000/04/28 10:46:25 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.5 2000/04/28 14:56:52 darrenr Exp $"; #endif #include *************** *** 19,25 **** # include "opt_ipfilter_log.h" #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ ! (__FreeBSD_version >= 400000) #include "opt_inet6.h" #endif #if !defined(_KERNEL) && !defined(KERNEL) && !defined(__KERNEL__) --- 19,25 ---- # include "opt_ipfilter_log.h" #endif #if defined(_KERNEL) && defined(__FreeBSD_version) && \ ! (__FreeBSD_version >= 400000) && !defined(KLD_MODULE) #include "opt_inet6.h" #endif #if !defined(_KERNEL) && !defined(KERNEL) && !defined(__KERNEL__) diff -cr ip_fil3.4/ipf.h ip_fil3.4.1/ipf.h *** ip_fil3.4/ipf.h Tue Mar 14 09:10:23 2000 --- ip_fil3.4.1/ipf.h Sat Apr 29 01:27:40 2000 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ipf.h 1.12 6/5/96 ! * $Id: ipf.h,v 2.9 2000/03/13 22:10:23 darrenr Exp $ */ #ifndef __IPF_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ipf.h 1.12 6/5/96 ! * $Id: ipf.h,v 2.9.2.1 2000/04/28 15:27:40 darrenr Exp $ */ #ifndef __IPF_H__ *************** *** 82,87 **** --- 82,88 ---- extern u_char tcp_flags __P((char *, u_char *, int)); extern int countbits __P((u_32_t)); extern int ratoi __P((char *, int *, int, int)); + extern int ratoui __P((char *, u_int *, u_int, u_int)); extern int hostmask __P((char ***, u_32_t *, u_32_t *, u_short *, int *, u_short *, int)); extern int ports __P((char ***, u_short *, int *, u_short *, int)); diff -cr ip_fil3.4/ipl.h ip_fil3.4.1/ipl.h *** ip_fil3.4/ipl.h Fri Apr 28 21:24:53 2000 --- ip_fil3.4.1/ipl.h Sun Apr 30 15:13:54 2000 *************** *** 6,17 **** * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.1 2000/04/28 11:10:08 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4" #endif --- 6,17 ---- * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.2 2000/04/30 05:13:54 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.1" #endif diff -cr ip_fil3.4/natparse.c ip_fil3.4.1/natparse.c *** ip_fil3.4/natparse.c Sat Mar 25 11:38:05 2000 --- ip_fil3.4.1/natparse.c Sat Apr 29 04:08:00 2000 *************** *** 54,60 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17 2000/03/25 00:38:05 darrenr Exp $"; #endif --- 54,60 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.1 2000/04/28 18:08:00 darrenr Exp $"; #endif *************** *** 125,136 **** } if (np->in_redir == NAT_REDIRECT) { ! printf("%s", inet_ntoa(np->in_out[0])); ! bits = countbits(np->in_out[1].s_addr); ! if (bits != -1) ! printf("/%d ", bits); ! else ! printf("/%s ", inet_ntoa(np->in_out[1])); if (np->in_pmin) printf("port %d ", ntohs(np->in_pmin)); if (np->in_pmax != np->in_pmin) --- 125,138 ---- } if (np->in_redir == NAT_REDIRECT) { ! if (!(np->in_flags & IPN_FILTER)) { ! printf("%s", inet_ntoa(np->in_out[0])); ! bits = countbits(np->in_out[1].s_addr); ! if (bits != -1) ! printf("/%d ", bits); ! else ! printf("/%s ", inet_ntoa(np->in_out[1])); ! } if (np->in_pmin) printf("port %d ", ntohs(np->in_pmin)); if (np->in_pmax != np->in_pmin) *************** *** 155,166 **** np->in_use); } else { np->in_nextip.s_addr = htonl(np->in_nextip.s_addr); ! printf("%s/", inet_ntoa(np->in_in[0])); ! bits = countbits(np->in_in[1].s_addr); ! if (bits != -1) ! printf("%d ", bits); ! else ! printf("%s", inet_ntoa(np->in_in[1])); printf(" -> "); if (np->in_flags & IPN_IPRANGE) { printf("range %s-", inet_ntoa(np->in_out[0])); --- 157,170 ---- np->in_use); } else { np->in_nextip.s_addr = htonl(np->in_nextip.s_addr); ! if (!(np->in_flags & IPN_FILTER)) { ! printf("%s/", inet_ntoa(np->in_in[0])); ! bits = countbits(np->in_in[1].s_addr); ! if (bits != -1) ! printf("%d ", bits); ! else ! printf("%s", inet_ntoa(np->in_in[1])); ! } printf(" -> "); if (np->in_flags & IPN_IPRANGE) { printf("range %s-", inet_ntoa(np->in_out[0])); diff -cr ip_fil3.4/parse.c ip_fil3.4.1/parse.c *** ip_fil3.4/parse.c Wed Mar 15 01:44:23 2000 --- ip_fil3.4.1/parse.c Sat Apr 29 04:08:38 2000 *************** *** 77,82 **** --- 77,83 ---- struct protoent *p = NULL; char *cps[31], **cpp, *endptr; int i, cnt = 1, j, ch; + u_int k; while (*line && isspace(*line)) line++; *************** *** 156,163 **** fil.fr_flags |= FR_PREAUTH; } else if (!strcasecmp("skip", *cpp)) { cpp++; ! if (ratoi(*cpp, &i, 0, UINT_MAX)) ! fil.fr_skip = i; else { fprintf(stderr, "%d: integer must follow skip\n", linenum); --- 157,164 ---- fil.fr_flags |= FR_PREAUTH; } else if (!strcasecmp("skip", *cpp)) { cpp++; ! if (ratoui(*cpp, &k, 0, UINT_MAX)) ! fil.fr_skip = k; else { fprintf(stderr, "%d: integer must follow skip\n", linenum); *************** *** 501,508 **** fprintf(stderr, "%d: head without group #\n", linenum); return NULL; } ! if (ratoi(*cpp, &i, 0, UINT_MAX)) ! fil.fr_grhead = (u_32_t)i; else { fprintf(stderr, "%d: invalid group (%s)\n", linenum, *cpp); --- 502,509 ---- fprintf(stderr, "%d: head without group #\n", linenum); return NULL; } ! if (ratoui(*cpp, &k, 0, UINT_MAX)) ! fil.fr_grhead = (u_32_t)k; else { fprintf(stderr, "%d: invalid group (%s)\n", linenum, *cpp); *************** *** 520,527 **** linenum); return NULL; } ! if (ratoi(*cpp, &i, 0, UINT_MAX)) ! fil.fr_group = i; else { fprintf(stderr, "%d: invalid group (%s)\n", linenum, *cpp); --- 521,528 ---- linenum); return NULL; } ! if (ratoui(*cpp, &k, 0, UINT_MAX)) ! fil.fr_group = k; else { fprintf(stderr, "%d: invalid group (%s)\n", linenum, *cpp); diff -cr ip_fil3.4/solaris.c ip_fil3.4.1/solaris.c *** ip_fil3.4/solaris.c Fri Mar 17 14:11:30 2000 --- ip_fil3.4.1/solaris.c Sun Apr 30 15:03:43 2000 *************** *** 6,12 **** * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15 2000/03/17 03:11:30 darrenr Exp $" #include #include --- 6,12 ---- * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.1 2000/04/30 05:03:43 darrenr Exp $" #include #include *************** *** 807,814 **** } else { # endif __ipoff = (u_short)ip->ip_off; ! ! ip->ip_len = htons(plen); ip->ip_off = htons(__ipoff); # if SOLARIS2 >= 8 } --- 807,816 ---- } else { # endif __ipoff = (u_short)ip->ip_off; ! /* ! * plen is useless because of NAT. ! */ ! ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(__ipoff); # if SOLARIS2 >= 8 }