diff -cr ip_fil3.4.13/HISTORY ip_fil3.4.14/HISTORY *** ip_fil3.4.13/HISTORY Sat Oct 28 09:54:28 2000 --- ip_fil3.4.14/HISTORY Thu Nov 2 09:14:06 2000 *************** *** 22,27 **** --- 22,39 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.4.14 02/11/2000 - Released + + cause flushing NAT table to generate log records the same as state flush + does. + + fix ftp proxy port/pasv + + fix problem where nat_{in,out}lookup() would release a write lock when it + didn't need to. + + add check for ipf6.conf in Solaris ipfboot + 3.4.13 28/10/2000 - Released fix introduced bug with ICMP packets being rejected when valid diff -cr ip_fil3.4.13/SunOS5/ipfboot ip_fil3.4.14/SunOS5/ipfboot *** ip_fil3.4.13/SunOS5/ipfboot Wed Aug 23 20:56:29 2000 --- ip_fil3.4.14/SunOS5/ipfboot Thu Nov 2 01:31:48 2000 *************** *** 3,8 **** --- 3,9 ---- pid=`ps -e | awk '/ipmon/ { print $1 } ' -` PATH=${PATH}:/sbin:/opt/ipf/bin IPFILCONF=/etc/opt/ipf/ipf.conf + IP6FILCONF=/etc/opt/ipf/ipf6.conf IPNATCONF=/etc/opt/ipf/ipnat.conf block_default_workaround() { *************** *** 38,43 **** --- 39,53 ---- echo "$0: load of ${IPFILCONF} into alternate set failed" else ipf -s + fi + fi + if [ -r ${IP6FILCONF} ]; then + ipf -IFa -6f ${IP6FILCONF} + if [ $? != 0 ]; then + echo "$0: load of ${IPFILCONF} into alternate set failed" + else + ipf -IF a + ipf -6f ${IP6FILCONF} fi fi if [ -r ${IPNATCONF} ]; then diff -cr ip_fil3.4.13/SunOS5/pkginfo ip_fil3.4.14/SunOS5/pkginfo *** ip_fil3.4.13/SunOS5/pkginfo Sat Oct 28 09:54:42 2000 --- ip_fil3.4.14/SunOS5/pkginfo Thu Nov 2 09:02:30 2000 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.13 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.14 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil3.4.13/ip_ftp_pxy.c ip_fil3.4.14/ip_ftp_pxy.c *** ip_fil3.4.13/ip_ftp_pxy.c Sat Oct 28 01:02:10 2000 --- ip_fil3.4.14/ip_ftp_pxy.c Thu Nov 2 01:37:55 2000 *************** *** 2,8 **** * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.18 2000/10/27 14:02:10 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; --- 2,8 ---- * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.19 2000/11/01 14:37:55 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; *************** *** 238,244 **** */ dp = htons(fin->fin_data[1] - 1); ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, ! ip->ip_dst, (dp << 16) | sp); if (ipn == NULL) { int slen; --- 238,244 ---- */ dp = htons(fin->fin_data[1] - 1); ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, ! ip->ip_dst, (dp << 16) | sp, 0); if (ipn == NULL) { int slen; *************** *** 254,260 **** --- 254,262 ---- fi.fin_data[1] = 0; fi.fin_dlen = sizeof(*tcp2); fi.fin_dp = (char *)tcp2; + fi.fin_fr = &natfr; swip = ip->ip_src; + fi.fin_fi.fi_saddr = nat->nat_inip.s_addr; ip->ip_src = nat->nat_inip; ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT, NAT_OUTBOUND); *************** *** 456,462 **** sp = 0; dp = htons(fin->fin_data[1] - 1); ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, ! ip->ip_dst, (dp << 16) | sp); if (ipn == NULL) { int slen; --- 458,464 ---- sp = 0; dp = htons(fin->fin_data[1] - 1); ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, ! ip->ip_dst, (dp << 16) | sp, 0); if (ipn == NULL) { int slen; *************** *** 467,479 **** tcp2->th_win = htons(8192); tcp2->th_sport = 0; /* XXX - fake it for nat_new */ tcp2->th_off = 5; ! fi.fin_data[0] = a5 << 8 | a6; fi.fin_dlen = sizeof(*tcp2); ! tcp2->th_dport = htons(fi.fin_data[0]); ! fi.fin_data[1] = 0; fi.fin_dp = (char *)tcp2; swip = ip->ip_src; swip2 = ip->ip_dst; ip->ip_dst = ip->ip_src; ip->ip_src = nat->nat_inip; ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_SPORT, --- 469,484 ---- tcp2->th_win = htons(8192); tcp2->th_sport = 0; /* XXX - fake it for nat_new */ tcp2->th_off = 5; ! fi.fin_data[1] = a5 << 8 | a6; fi.fin_dlen = sizeof(*tcp2); ! tcp2->th_dport = htons(fi.fin_data[1]); ! fi.fin_data[0] = 0; fi.fin_dp = (char *)tcp2; + fi.fin_fr = &natfr; swip = ip->ip_src; swip2 = ip->ip_dst; + fi.fin_fi.fi_daddr = ip->ip_src.s_addr; + fi.fin_fi.fi_saddr = nat->nat_inip.s_addr; ip->ip_dst = ip->ip_src; ip->ip_src = nat->nat_inip; ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_SPORT, diff -cr ip_fil3.4.13/ip_nat.c ip_fil3.4.14/ip_nat.c *** ip_fil3.4.13/ip_nat.c Sat Oct 28 01:06:48 2000 --- ip_fil3.4.14/ip_nat.c Thu Nov 2 09:32:07 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.26 2000/10/27 14:06:48 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.28 2000/11/01 22:31:37 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 143,149 **** static int fr_natgetent __P((caddr_t)); static int fr_natgetsz __P((caddr_t)); static int fr_natputent __P((caddr_t)); ! static void nat_tabmove __P((nat_t *)); static int nat_match __P((fr_info_t *, ipnat_t *, ip_t *)); static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr, struct in_addr)); --- 143,149 ---- static int fr_natgetent __P((caddr_t)); static int fr_natgetsz __P((caddr_t)); static int fr_natputent __P((caddr_t)); ! static void nat_tabmove __P((nat_t *, u_32_t)); static int nat_match __P((fr_info_t *, ipnat_t *, ip_t *)); static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr, struct in_addr)); *************** *** 698,706 **** break; case FIONREAD : #ifdef IPFILTER_LOG MUTEX_DOWNGRADE(&ipf_nat); ! error = IWCOPY((caddr_t)&iplused[IPL_LOGNAT], (caddr_t)data, ! sizeof(iplused[IPL_LOGNAT])); if (error) error = EFAULT; #endif --- 698,706 ---- break; case FIONREAD : #ifdef IPFILTER_LOG + arg = (int)iplused[IPL_LOGNAT]; MUTEX_DOWNGRADE(&ipf_nat); ! error = IWCOPY((caddr_t)&arg, (caddr_t)data, sizeof(arg)); if (error) error = EFAULT; #endif *************** *** 1068,1073 **** --- 1068,1076 ---- for (natp = &nat_instances; (nat = *natp); ) { *natp = nat->nat_next; + #ifdef IPFILTER_LOG + nat_log(nat, NL_FLUSH); + #endif nat_delete(nat); j++; } *************** *** 1295,1301 **** inb.s_addr = htonl(in.s_addr); natl = nat_inlookup(fin->fin_ifp, flags & ~FI_WILDP, (u_int)ip->ip_p, ip->ip_dst, inb, ! (port << 16) | dport); /* * Has the search wrapped around and come back to the --- 1298,1304 ---- inb.s_addr = htonl(in.s_addr); natl = nat_inlookup(fin->fin_ifp, flags & ~FI_WILDP, (u_int)ip->ip_p, ip->ip_dst, inb, ! (port << 16) | dport, 1); /* * Has the search wrapped around and come back to the *************** *** 1565,1582 **** if (dir == NAT_INBOUND) return nat_inlookup(fin->fin_ifp, flags, (u_int)oip->ip_p, oip->ip_dst, oip->ip_src, ! (tcp->th_sport << 16) | tcp->th_dport); else return nat_outlookup(fin->fin_ifp, flags, (u_int)oip->ip_p, oip->ip_dst, oip->ip_src, ! (tcp->th_sport << 16) | tcp->th_dport); } if (dir == NAT_INBOUND) return nat_inlookup(fin->fin_ifp, 0, (u_int)oip->ip_p, ! oip->ip_dst, oip->ip_src, 0); else return nat_outlookup(fin->fin_ifp, 0, (u_int)oip->ip_p, ! oip->ip_dst, oip->ip_src, 0); } --- 1568,1585 ---- if (dir == NAT_INBOUND) return nat_inlookup(fin->fin_ifp, flags, (u_int)oip->ip_p, oip->ip_dst, oip->ip_src, ! (tcp->th_sport << 16) | tcp->th_dport, 0); else return nat_outlookup(fin->fin_ifp, flags, (u_int)oip->ip_p, oip->ip_dst, oip->ip_src, ! (tcp->th_sport << 16) | tcp->th_dport, 0); } if (dir == NAT_INBOUND) return nat_inlookup(fin->fin_ifp, 0, (u_int)oip->ip_p, ! oip->ip_dst, oip->ip_src, 0, 0); else return nat_outlookup(fin->fin_ifp, 0, (u_int)oip->ip_p, ! oip->ip_dst, oip->ip_src, 0, 0); } *************** *** 1885,1895 **** * we're looking for a table entry, based on the destination address. * NOTE: THE PACKET BEING CHECKED (IF FOUND) HAS A MAPPING ALREADY. */ ! nat_t *nat_inlookup(ifp, flags, p, src, mapdst, ports) void *ifp; register u_int flags, p; struct in_addr src , mapdst; u_32_t ports; { register u_short sport, dport; register nat_t *nat; --- 1888,1899 ---- * we're looking for a table entry, based on the destination address. * NOTE: THE PACKET BEING CHECKED (IF FOUND) HAS A MAPPING ALREADY. */ ! nat_t *nat_inlookup(ifp, flags, p, src, mapdst, ports, rw) void *ifp; register u_int flags, p; struct in_addr src , mapdst; u_32_t ports; + int rw; { register u_short sport, dport; register nat_t *nat; *************** *** 1917,1925 **** } if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; ! RWLOCK_EXIT(&ipf_nat); hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz); ! WRITE_ENTER(&ipf_nat); nat = nat_table[1][hv]; for (; nat; nat = nat->nat_hnext[1]) { nflags = nat->nat_flags; --- 1921,1933 ---- } if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; ! if (!rw) { ! RWLOCK_EXIT(&ipf_nat); ! } hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz); ! if (!rw) { ! WRITE_ENTER(&ipf_nat); ! } nat = nat_table[1][hv]; for (; nat; nat = nat->nat_hnext[1]) { nflags = nat->nat_flags; *************** *** 1934,1954 **** continue; if (((nat->nat_oport == sport) || (nflags & FI_W_DPORT)) && ((nat->nat_outport == dport) || (nflags & FI_W_SPORT))) { ! nat_tabmove(nat); break; } } ! MUTEX_DOWNGRADE(&ipf_nat); return nat; } ! static void nat_tabmove(nat) nat_t *nat; { nat_t **natp; u_int hv; /* * Remove the NAT entry from the old location */ --- 1942,1979 ---- continue; if (((nat->nat_oport == sport) || (nflags & FI_W_DPORT)) && ((nat->nat_outport == dport) || (nflags & FI_W_SPORT))) { ! nat_tabmove(nat, ports); break; } } ! if (!rw) { ! MUTEX_DOWNGRADE(&ipf_nat); ! } return nat; } ! /* ! * This function is only called for TCP/UDP NAT table entries where the ! * original was placed in the table without hashing on the ports and we now ! * want to include hashing on port numbers. ! */ ! static void nat_tabmove(nat, ports) nat_t *nat; + u_32_t ports; { + register u_short sport, dport; nat_t **natp; u_int hv; + dport = ports >> 16; + sport = ports & 0xffff; + + if (nat->nat_oport == dport) { + nat->nat_inport = sport; + nat->nat_outport = sport; + } + /* * Remove the NAT entry from the old location */ *************** *** 1963,1970 **** /* * Add into the NAT table in the new position */ ! hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, ! ipf_nattable_sz); natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; --- 1988,1994 ---- /* * Add into the NAT table in the new position */ ! hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, ipf_nattable_sz); natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; *************** *** 1972,1979 **** nat->nat_hnext[0] = *natp; *natp = nat; ! hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, ! ipf_nattable_sz); natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; --- 1996,2002 ---- nat->nat_hnext[0] = *natp; *natp = nat; ! hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, ipf_nattable_sz); natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; *************** *** 1989,1999 **** * we're looking for a table entry, based on the source address. * NOTE: THE PACKET BEING CHECKED (IF FOUND) HAS A MAPPING ALREADY. */ ! nat_t *nat_outlookup(ifp, flags, p, src, dst, ports) void *ifp; register u_int flags, p; struct in_addr src , dst; u_32_t ports; { register u_short sport, dport; register nat_t *nat; --- 2012,2023 ---- * we're looking for a table entry, based on the source address. * NOTE: THE PACKET BEING CHECKED (IF FOUND) HAS A MAPPING ALREADY. */ ! nat_t *nat_outlookup(ifp, flags, p, src, dst, ports, rw) void *ifp; register u_int flags, p; struct in_addr src , dst; u_32_t ports; + int rw; { register u_short sport, dport; register nat_t *nat; *************** *** 2022,2031 **** } if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; ! RWLOCK_EXIT(&ipf_nat); hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz); WRITE_ENTER(&ipf_nat); ! nat = nat_table[0][hv]; for (; nat; nat = nat->nat_hnext[0]) { nflags = nat->nat_flags; if (ifp && ifp != nat->nat_ifp) --- 2046,2059 ---- } if (!nat_stats.ns_wilds || !(flags & IPN_TCPUDP)) return NULL; ! if (!rw) { ! RWLOCK_EXIT(&ipf_nat); ! } hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz); WRITE_ENTER(&ipf_nat); ! if (!rw) { ! nat = nat_table[0][hv]; ! } for (; nat; nat = nat->nat_hnext[0]) { nflags = nat->nat_flags; if (ifp && ifp != nat->nat_ifp) *************** *** 2037,2049 **** if ((nat->nat_inip.s_addr != srcip) || (nat->nat_oip.s_addr != dst.s_addr)) continue; ! if (((nat->nat_inport == sport) || (nflags & FI_W_DPORT)) && ! ((nat->nat_oport == dport) || (nflags & FI_W_SPORT))) { ! nat_tabmove(nat); break; } } ! MUTEX_DOWNGRADE(&ipf_nat); return nat; } --- 2065,2079 ---- if ((nat->nat_inip.s_addr != srcip) || (nat->nat_oip.s_addr != dst.s_addr)) continue; ! if (((nat->nat_inport == sport) || (nflags & FI_W_SPORT)) && ! ((nat->nat_oport == dport) || (nflags & FI_W_DPORT))) { ! nat_tabmove(nat, ports); break; } } ! if (!rw) { ! MUTEX_DOWNGRADE(&ipf_nat); ! } return nat; } *************** *** 2063,2069 **** * ip address. Else, we use the fake. */ if ((nat = nat_outlookup(NULL, np->nl_flags, 0, np->nl_inip, ! np->nl_outip, ports))) { np->nl_realip = nat->nat_outip; np->nl_realport = nat->nat_outport; } --- 2093,2099 ---- * ip address. Else, we use the fake. */ if ((nat = nat_outlookup(NULL, np->nl_flags, 0, np->nl_inip, ! np->nl_outip, ports, 0))) { np->nl_realip = nat->nat_outip; np->nl_realport = nat->nat_outport; } *************** *** 2166,2173 **** else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) && (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; ! else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p, ip->ip_src, ! ip->ip_dst, (dport << 16) | sport))) { nflags = nat->nat_flags; if ((nflags & (FI_W_SPORT|FI_W_DPORT)) != 0) { if ((nflags & FI_W_SPORT) && --- 2196,2204 ---- else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) && (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; ! else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p, ! ip->ip_src, ip->ip_dst, ! (dport << 16) | sport, 0))) { nflags = nat->nat_flags; if ((nflags & (FI_W_SPORT|FI_W_DPORT)) != 0) { if ((nflags & FI_W_SPORT) && *************** *** 2239,2244 **** --- 2270,2278 ---- MUTEX_DOWNGRADE(&ipf_nat); } + /* + * NOTE: ipf_nat must now only be held as a read lock + */ if (nat) { np = nat->nat_ptr; if (natadd && fin->fin_fi.fi_fl & FI_FRAG) *************** *** 2383,2389 **** (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p, ! ip->ip_src, in, (dport << 16) | sport))) { nflags = nat->nat_flags; if ((nflags & (FI_W_SPORT|FI_W_DPORT)) != 0) { if ((nat->nat_oport != sport) && (nflags & FI_W_DPORT)) --- 2417,2424 ---- (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p, ! ip->ip_src, in, (dport << 16) | sport, ! 0))) { nflags = nat->nat_flags; if ((nflags & (FI_W_SPORT|FI_W_DPORT)) != 0) { if ((nat->nat_oport != sport) && (nflags & FI_W_DPORT)) *************** *** 2441,2446 **** --- 2476,2485 ---- } MUTEX_DOWNGRADE(&ipf_nat); } + + /* + * NOTE: ipf_nat must now only be held as a read lock + */ if (nat) { np = nat->nat_ptr; fin->fin_fr = nat->nat_fr; diff -cr ip_fil3.4.13/ip_nat.h ip_fil3.4.14/ip_nat.h *** ip_fil3.4.13/ip_nat.h Sat Oct 28 01:06:51 2000 --- ip_fil3.4.14/ip_nat.h Thu Nov 2 09:10:10 2000 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.17.2.10 2000/10/27 14:06:51 darrenr Exp $ */ #ifndef __IP_NAT_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.17.2.13 2000/11/01 22:10:10 darrenr Exp $ */ #ifndef __IP_NAT_H__ *************** *** 247,252 **** --- 247,253 ---- #define NL_NEWRDR NAT_REDIRECT #define NL_NEWBIMAP NAT_BIMAP #define NL_NEWBLOCK NAT_MAPBLK + #define NL_FLUSH 0xfffe #define NL_EXPIRE 0xffff #define NAT_HASH_FN(k,l,m) (((k) + ((k) >> 12) + l) % (m)) *************** *** 285,293 **** extern int nat_init __P((void)); extern nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_int, int)); extern nat_t *nat_outlookup __P((void *, u_int, u_int, struct in_addr, ! struct in_addr, u_32_t)); extern nat_t *nat_inlookup __P((void *, u_int, u_int, struct in_addr, ! struct in_addr, u_32_t)); extern nat_t *nat_maplookup __P((void *, u_int, struct in_addr, struct in_addr)); extern nat_t *nat_lookupredir __P((natlookup_t *)); --- 286,294 ---- extern int nat_init __P((void)); extern nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_int, int)); extern nat_t *nat_outlookup __P((void *, u_int, u_int, struct in_addr, ! struct in_addr, u_32_t, int)); extern nat_t *nat_inlookup __P((void *, u_int, u_int, struct in_addr, ! struct in_addr, u_32_t, int)); extern nat_t *nat_maplookup __P((void *, u_int, struct in_addr, struct in_addr)); extern nat_t *nat_lookupredir __P((natlookup_t *)); diff -cr ip_fil3.4.13/ip_rcmd_pxy.c ip_fil3.4.14/ip_rcmd_pxy.c *** ip_fil3.4.13/ip_rcmd_pxy.c Sat Oct 28 09:54:04 2000 --- ip_fil3.4.14/ip_rcmd_pxy.c Thu Nov 2 01:34:20 2000 *************** *** 1,5 **** /* ! * $Id: ip_rcmd_pxy.c,v 1.4.2.3 2000/10/27 22:54:04 darrenr Exp $ */ /* * Simple RCMD transparent proxy for in-kernel use. For use with the NAT --- 1,5 ---- /* ! * $Id: ip_rcmd_pxy.c,v 1.4.2.4 2000/11/01 14:34:20 darrenr Exp $ */ /* * Simple RCMD transparent proxy for in-kernel use. For use with the NAT *************** *** 131,137 **** sp = htons(sp); dp = htons(fin->fin_data[1]); ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, ! ip->ip_dst, (dp << 16) | sp); if (ipn == NULL) { int slen; --- 131,137 ---- sp = htons(sp); dp = htons(fin->fin_data[1]); ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, ! ip->ip_dst, (dp << 16) | sp, 0); if (ipn == NULL) { int slen; diff -cr ip_fil3.4.13/ip_state.c ip_fil3.4.14/ip_state.c *** ip_fil3.4.13/ip_state.c Sat Oct 28 01:06:08 2000 --- ip_fil3.4.14/ip_state.c Thu Nov 2 09:33:24 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.23 2000/10/27 14:06:08 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.25 2000/11/01 22:33:09 darrenr Exp $"; #endif #include *************** *** 307,314 **** break; case FIONREAD : #ifdef IPFILTER_LOG ! error = IWCOPY((caddr_t)&iplused[IPL_LOGSTATE], (caddr_t)data, ! sizeof(iplused[IPL_LOGSTATE])); #endif break; case SIOCSTLCK : --- 307,314 ---- break; case FIONREAD : #ifdef IPFILTER_LOG ! arg = (int)iplused[IPL_LOGSTATE]; ! error = IWCOPY((caddr_t)&arg, (caddr_t)data, sizeof(arg)); #endif break; case SIOCSTLCK : diff -cr ip_fil3.4.13/ipl.h ip_fil3.4.14/ipl.h *** ip_fil3.4.13/ipl.h Sat Oct 28 09:54:41 2000 --- ip_fil3.4.14/ipl.h Thu Nov 2 09:02:29 2000 *************** *** 6,17 **** * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.14 2000/10/27 22:54:41 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.13" #endif --- 6,17 ---- * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.15 2000/11/01 22:02:29 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.14" #endif diff -cr ip_fil3.4.13/ipmon.c ip_fil3.4.14/ipmon.c *** ip_fil3.4.13/ipmon.c Fri Oct 20 02:41:41 2000 --- ip_fil3.4.14/ipmon.c Wed Nov 1 09:17:41 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.5 2000/10/19 15:41:41 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.6 2000/10/31 22:17:41 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 401,406 **** --- 401,408 ---- strcpy(t, "NAT:RDR "); else if (nl->nl_type == NL_EXPIRE) strcpy(t, "NAT:EXPIRE "); + else if (nl->nl_type == NL_FLUSH) + strcpy(t, "NAT:FLUSH "); else if (nl->nl_type == NL_NEWBIMAP) strcpy(t, "NAT:BIMAP "); else if (nl->nl_type == NL_NEWBLOCK)