diff -cr ip_fil3.4.19/HISTORY ip_fil3.4.20/HISTORY *** ip_fil3.4.19/HISTORY Fri Jun 29 00:35:00 2001 --- ip_fil3.4.20/HISTORY Tue Jul 24 00:00:06 2001 *************** *** 22,27 **** --- 22,57 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.4.20 24/07/2001 - Released + + adjust NAT hashing to give a better spread across the table + + show icmp code/type names in output, where known + + fix bug in altering cached interface names in state when resync'ing + + fix bug in real audio proxy that caused crashs + + fix compiling using sunos4 cc + + patch from casper to address weird exit problem for ipstat in top mode + + patch from Greg Woods to produce names for icmp types/unreach codes, + where they are known + + fix bug where ipfr_fastroute() would use a mblk and it would also get + freed later. + + don't match fragments which would cause 64k length to be exceeded + + ftp proxy fix for port numbers being setup for pasv ftp with state/nat + + change hashing for NAT to include both IP#'s and ports. + + Solaris fixes for IPv6 + + fix compiling iplang bits, under Solaris, for ipsend + 3.4.19 29/06/2001 - Released fix to support suspend/resume on solaris8 as well as ipv6 diff -cr ip_fil3.4.19/IPFILTER.LICENCE ip_fil3.4.20/IPFILTER.LICENCE *** ip_fil3.4.19/IPFILTER.LICENCE Thu Jun 28 23:53:09 2001 --- ip_fil3.4.20/IPFILTER.LICENCE Wed Jul 18 21:33:31 2001 *************** *** 4,14 **** provides it on an ``as is'' basis without express or implied warranty. Redistribution and use, with or without modification, in source and binary ! forms, are permitted provided that this notice is preserved in its entirity and due credit is given to the original author and the contributors. ! The contents of this package may not be placed under the GPL or any ! other licence which requires requires you to give up your rights. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE --- 4,16 ---- provides it on an ``as is'' basis without express or implied warranty. Redistribution and use, with or without modification, in source and binary ! forms, are permitted provided that this notice is preserved in its entirety and due credit is given to the original author and the contributors. ! The licence and distribution terms for any publically available version or ! derivative of this code cannot be changed. i.e. this code cannot simply be ! copied, in part or in whole, and put under another distribution licence ! [including the GNU Public Licence.] THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE diff -cr ip_fil3.4.19/SunOS5/Makefile.ipsend ip_fil3.4.20/SunOS5/Makefile.ipsend *** ip_fil3.4.19/SunOS5/Makefile.ipsend Sat May 19 00:26:04 2001 --- ip_fil3.4.20/SunOS5/Makefile.ipsend Thu Jul 19 00:57:33 2001 *************** *** 18,31 **** $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ $(OBJ)/y.tab.o: $(TOP)/iplang/iplang_y.y ! if [ "x$$OBJ" != "x" ] ; then \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \ else \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \ fi $(OBJ)/lex.yy.o: $(TOP)/iplang/iplang_l.l ! if [ "x$$OBJ" != "x" ] ; then \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ='); \ else \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \ --- 18,31 ---- $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ $(OBJ)/y.tab.o: $(TOP)/iplang/iplang_y.y ! @if [ "x$$OBJ" != "x" -a "x$$OBJ" != "x." ] ; then \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \ else \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \ fi $(OBJ)/lex.yy.o: $(TOP)/iplang/iplang_l.l ! @if [ "x$$OBJ" != "x" -a "x$$OBJ" != "x." ] ; then \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ='); \ else \ (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)' 'OBJ=') ; \ diff -cr ip_fil3.4.19/SunOS5/pkginfo ip_fil3.4.20/SunOS5/pkginfo *** ip_fil3.4.19/SunOS5/pkginfo Fri Jun 29 00:35:01 2001 --- ip_fil3.4.20/SunOS5/pkginfo Mon Jul 23 23:52:11 2001 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.19 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.20 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil3.4.19/facpri.c ip_fil3.4.20/facpri.c *** ip_fil3.4.19/facpri.c Tue Jun 26 20:43:11 2001 --- ip_fil3.4.20/facpri.c Mon Jul 16 08:06:12 2001 *************** *** 16,23 **** #include #include "facpri.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.3 2001/06/26 10:43:11 darrenr Exp $"; #endif typedef struct table { --- 16,27 ---- #include #include "facpri.h" + #ifndef __STDC__ + # define const + #endif + #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: facpri.c,v 1.3.2.4 2001/07/15 22:06:12 darrenr Exp $"; #endif typedef struct table { diff -cr ip_fil3.4.19/fil.c ip_fil3.4.20/fil.c *** ip_fil3.4.19/fil.c Tue Jun 26 20:43:11 2001 --- ip_fil3.4.20/fil.c Wed Jul 18 23:30:32 2001 *************** *** 3,13 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; - static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.35 2001/06/26 10:43:11 darrenr Exp $"; - #endif - #include #include #include --- 3,8 ---- *************** *** 98,103 **** --- 93,103 ---- #endif #include "netinet/ipl.h" + #if !defined(lint) + static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; + static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $"; + #endif + #ifndef _KERNEL # include "ipf.h" # include "ipt.h" *************** *** 218,224 **** if (v == 4) { fin->fin_id = ip->ip_id; fi->fi_tos = ip->ip_tos; ! off = (ip->ip_off & IP_OFFMASK) << 3; tcp = (tcphdr_t *)((char *)ip + hlen); (*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4)); fi->fi_src.i6[1] = 0; --- 218,224 ---- if (v == 4) { fin->fin_id = ip->ip_id; fi->fi_tos = ip->ip_tos; ! off = (ip->ip_off & IP_OFFMASK); tcp = (tcphdr_t *)((char *)ip + hlen); (*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4)); fi->fi_src.i6[1] = 0; *************** *** 231,237 **** fi->fi_daddr = ip->ip_dst.s_addr; p = ip->ip_p; fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0; ! if (ip->ip_off & 0x3fff) fi->fi_fl |= FI_FRAG; plen = ip->ip_len; fin->fin_dlen = plen - hlen; --- 231,237 ---- fi->fi_daddr = ip->ip_dst.s_addr; p = ip->ip_p; fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0; ! if (ip->ip_off & (IP_MF|IP_OFFMASK)) fi->fi_fl |= FI_FRAG; plen = ip->ip_len; fin->fin_dlen = plen - hlen; *************** *** 261,266 **** --- 261,267 ---- fin->fin_off = off; fin->fin_plen = plen; fin->fin_dp = (void *)tcp; + off <<= 3; switch (p) { *************** *** 524,530 **** * satisfy the "short" class too). */ if (err && (fin->fin_fi.fi_p == IPPROTO_TCP)) { ! if (fin->fin_fi.fi_fl & FI_SHORT) return !(ft->ftu_tcpf | ft->ftu_tcpfm); /* * Match the flags ? If not, abort this match. --- 525,531 ---- * satisfy the "short" class too). */ if (err && (fin->fin_fi.fi_p == IPPROTO_TCP)) { ! if (fin->fin_fl & FI_SHORT) return !(ft->ftu_tcpf | ft->ftu_tcpfm); /* * Match the flags ? If not, abort this match. *************** *** 559,568 **** fin->fin_fr = NULL; fin->fin_rule = 0; fin->fin_group = 0; ! if (fin->fin_v == 4) ! off = ip->ip_off & IP_OFFMASK; ! else ! off = 0; pass |= (fi->fi_fl << 24); if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off) --- 560,566 ---- fin->fin_fr = NULL; fin->fin_rule = 0; fin->fin_group = 0; ! off = fin->fin_off; pass |= (fi->fi_fl << 24); if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off) *************** *** 939,945 **** } #endif pass = fr_pass; ! if (fin->fin_fi.fi_fl & FI_SHORT) { ATOMIC_INCL(frstats[out].fr_short); } --- 937,943 ---- } #endif pass = fr_pass; ! if (fin->fin_fl & FI_SHORT) { ATOMIC_INCL(frstats[out].fr_short); } *************** *** 968,975 **** } } ! if (apass || (!(fr = ipfr_knownfrag(ip, fin)) && ! !(fr = fr_checkstate(ip, fin)))) { /* * If a packet is found in the auth table, then skip checking * the access lists for permission but we do need to consider --- 966,983 ---- } } ! if (!apass) { ! if ((fin->fin_fl & FI_FRAG) == FI_FRAG) ! fr = ipfr_knownfrag(ip, fin); ! if (!fr && !(fin->fin_fl & FI_SHORT)) ! fr = fr_checkstate(ip, fin); ! if (fr != NULL) ! pass = fr->fr_flags; ! if (fr && (pass & FR_LOGFIRST)) ! pass &= ~(FR_LOGFIRST|FR_LOG); ! } ! ! if (apass || !fr) { /* * If a packet is found in the auth table, then skip checking * the access lists for permission but we do need to consider *************** *** 1038,1044 **** fin->fin_fr = fr; if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) { ! if (fin->fin_fi.fi_fl & FI_FRAG) { if (ipfr_newfrag(ip, fin, pass) == -1) { ATOMIC_INCL(frstats[out].fr_bnfr); } else { --- 1046,1052 ---- fin->fin_fr = fr; if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) { ! if (fin->fin_fl & FI_FRAG) { if (ipfr_newfrag(ip, fin, pass) == -1) { ATOMIC_INCL(frstats[out].fr_bnfr); } else { *************** *** 1157,1163 **** send_icmp_err(ip, ICMP_UNREACH, fin, dst); ATOMIC_INCL(frstats[0].fr_ret); } else if (((pass & FR_RETMASK) == FR_RETRST) && ! !(fin->fin_fi.fi_fl & FI_SHORT)) { if (send_reset(ip, fin) == 0) { ATOMIC_INCL(frstats[1].fr_ret); } --- 1165,1171 ---- send_icmp_err(ip, ICMP_UNREACH, fin, dst); ATOMIC_INCL(frstats[0].fr_ret); } else if (((pass & FR_RETMASK) == FR_RETRST) && ! !(fin->fin_fl & FI_SHORT)) { if (send_reset(ip, fin) == 0) { ATOMIC_INCL(frstats[1].fr_ret); } *************** *** 1170,1176 **** verbose("- forged ICMP unreachable sent\n"); ATOMIC_INCL(frstats[0].fr_ret); } else if (((pass & FR_RETMASK) == FR_RETRST) && ! !(fin->fin_fi.fi_fl & FI_SHORT)) { verbose("- TCP RST sent\n"); ATOMIC_INCL(frstats[1].fr_ret); } --- 1178,1184 ---- verbose("- forged ICMP unreachable sent\n"); ATOMIC_INCL(frstats[0].fr_ret); } else if (((pass & FR_RETMASK) == FR_RETRST) && ! !(fin->fin_fl & FI_SHORT)) { verbose("- TCP RST sent\n"); ATOMIC_INCL(frstats[1].fr_ret); } *************** *** 1199,1210 **** frdest_t *fdp = &fr->fr_tif; if (((pass & FR_FASTROUTE) && !out) || ! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) { ! if (ipfr_fastroute(m, fin, fdp) == 0) ! m = *mp = NULL; ! } ! if (mc) ! ipfr_fastroute(mc, fin, &fr->fr_dif); } if (!(pass & FR_PASS) && m) { --- 1207,1217 ---- frdest_t *fdp = &fr->fr_tif; if (((pass & FR_FASTROUTE) && !out) || ! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) ! (void) ipfr_fastroute(m, mp, fin, fdp); ! ! if (mc != NULL) ! (void) ipfr_fastroute(mc, &mc, fin, &fr->fr_dif); } if (!(pass & FR_PASS) && m) { *************** *** 1221,1232 **** frdest_t *fdp = &fr->fr_tif; if (((pass & FR_FASTROUTE) && !out) || ! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) { ! if (ipfr_fastroute(ip, m, mp, fin, fdp) == 0) ! m = *mp = NULL; ! } ! if (mc) ! ipfr_fastroute(ip, mc, mp, fin, &fr->fr_dif); } # endif /* !SOLARIS */ return (pass & FR_PASS) ? 0 : error; --- 1228,1238 ---- frdest_t *fdp = &fr->fr_tif; if (((pass & FR_FASTROUTE) && !out) || ! (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) ! (void) ipfr_fastroute(ip, m, mp, fin, fdp); ! ! if (mc != NULL) ! (void) ipfr_fastroute(ip, mc, &mc, fin, &fr->fr_dif); } # endif /* !SOLARIS */ return (pass & FR_PASS) ? 0 : error; *************** *** 1458,1464 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.35 2001/06/26 10:43:11 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 1464,1470 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff -cr ip_fil3.4.19/fils.c ip_fil3.4.20/fils.c *** ip_fil3.4.19/fils.c Thu Jun 28 23:52:59 2001 --- ip_fil3.4.20/fils.c Thu Jul 19 22:24:09 2001 *************** *** 74,80 **** #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.13 2001/06/28 13:52:59 darrenr Exp $"; #endif extern char *optarg; --- 74,80 ---- #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.17 2001/07/19 12:24:09 darrenr Exp $"; #endif extern char *optarg; *************** *** 96,101 **** --- 96,102 ---- #ifdef STATETOP #define STSTRSIZE 80 #define STGROWSIZE 16 + #define HOSTNMLEN 40 #define STSORT_PR 0 #define STSORT_PKTS 1 *************** *** 719,725 **** PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); ! PRINTF("interfaces: in %s[%p] ", get_ifname(ips.is_ifpin), ips.is_ifpin); PRINTF("out %s[%p]\n", get_ifname(ips.is_ifpout), ips.is_ifpout); --- 720,726 ---- PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); ! PRINTF("\tinterfaces: in %s[%p] ", get_ifname(ips.is_ifpin), ips.is_ifpin); PRINTF("out %s[%p]\n", get_ifname(ips.is_ifpout), ips.is_ifpout); *************** *** 784,789 **** --- 785,791 ---- ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; struct timeval selecttimeout; + char hostnm[HOSTNMLEN]; struct protoent *proto; fd_set readfd; int c = 0; *************** *** 799,805 **** initscr(); cbreak(); noecho(); ! nodelay(stdscr, 1); /* repeat until user aborts */ while ( 1 ) { --- 801,810 ---- initscr(); cbreak(); noecho(); ! ! /* init hostname */ ! gethostname(hostnm, sizeof(hostnm) - 1); ! hostnm[sizeof(hostnm) - 1] = '\0'; /* repeat until user aborts */ while ( 1 ) { *************** *** 904,910 **** attron(A_BOLD); winx = 0; move(winx,0); ! sprintf(str1, "%s - state top", IPL_VERSION); for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++) printw(" "); printw("%s", str1); --- 909,915 ---- attron(A_BOLD); winx = 0; move(winx,0); ! sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION); for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++) printw(" "); printw("%s", str1); *************** *** 1045,1066 **** select(1, &readfd, NULL, NULL, &selecttimeout); /* if key pressed, read all waiting keys */ ! if (FD_ISSET(0, &readfd)) ! while ((c = wgetch(stdscr)) != ERR) { ! if (tolower(c) == 'l') { ! redraw = 1; ! } else if (tolower(c) == 'q') { ! nocbreak(); ! endwin(); ! exit(0); ! } else if (tolower(c) == 'r') { ! reverse = !reverse; ! } else if (tolower(c) == 's') { ! sorting++; ! if (sorting > STSORT_MAX) ! sorting = 0; ! } } } /* while */ close(sfd); --- 1050,1074 ---- select(1, &readfd, NULL, NULL, &selecttimeout); /* if key pressed, read all waiting keys */ ! if (FD_ISSET(0, &readfd)) { ! c = wgetch(stdscr); ! if (c == ERR) ! continue; ! ! if (tolower(c) == 'l') { ! redraw = 1; ! } else if (tolower(c) == 'q') { ! nocbreak(); ! endwin(); ! exit(0); ! } else if (tolower(c) == 'r') { ! reverse = !reverse; ! } else if (tolower(c) == 's') { ! sorting++; ! if (sorting > STSORT_MAX) ! sorting = 0; } + } } /* while */ close(sfd); diff -cr ip_fil3.4.19/inet_addr.c ip_fil3.4.20/inet_addr.c *** ip_fil3.4.19/inet_addr.c Thu Aug 5 03:29:54 1999 --- ip_fil3.4.20/inet_addr.c Mon Jul 16 08:06:14 2001 *************** *** 52,61 **** * - * --Copyright-- */ #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; ! static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1 1999/08/04 17:29:54 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include --- 52,71 ---- * - * --Copyright-- */ + #ifdef __STDC__ + # ifndef __P + # define __P(x) x + # endif + #else + # undef __P + # define __P(x) () + # undef const + # define const + #endif #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; ! static const char rcsid[] = "@(#)$Id: inet_addr.c,v 2.1.4.1 2001/07/15 22:06:14 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include *************** *** 63,75 **** #include #include - #ifndef __P - # ifdef __STDC__ - # define __P(x) x - # else - # define __P(x) () - # endif - #endif int inet_aton __P((const char *, struct in_addr *)); /* --- 73,78 ---- diff -cr ip_fil3.4.19/ip_auth.c ip_fil3.4.20/ip_auth.c *** ip_fil3.4.19/ip_auth.c Tue Jun 26 20:43:12 2001 --- ip_fil3.4.20/ip_auth.c Thu Jul 19 00:57:08 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.10 2001/06/26 10:43:12 darrenr Exp $"; - #endif - #include #include #include --- 3,8 ---- *************** *** 105,110 **** --- 101,109 ---- # endif #endif + #if !defined(lint) + static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $"; + #endif #if (SOLARIS || defined(__sgi)) && defined(_KERNEL) *************** *** 303,310 **** } ! int fr_auth_ioctl(data, cmd, fr, frptr) caddr_t data; #if defined(__NetBSD__) || defined(__OpenBSD__) || (FreeBSD_version >= 300003) u_long cmd; #else --- 302,310 ---- } ! int fr_auth_ioctl(data, mode, cmd, fr, frptr) caddr_t data; + int mode; #if defined(__NetBSD__) || defined(__OpenBSD__) || (FreeBSD_version >= 300003) u_long cmd; #else *************** *** 384,389 **** --- 384,393 ---- sizeof(fr_authstats)); break; case SIOCAUTHW: + if (!(mode & FWRITE)) { + error = EPERM; + break; + } fr_authioctlloop: READ_ENTER(&ipf_auth); if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) { *************** *** 418,423 **** --- 422,431 ---- goto fr_authioctlloop; break; case SIOCAUTHR: + if (!(mode & FWRITE)) { + error = EPERM; + break; + } error = IRCOPYPTR(data, (caddr_t)&auth, sizeof(auth)); if (error) return error; diff -cr ip_fil3.4.19/ip_auth.h ip_fil3.4.20/ip_auth.h *** ip_fil3.4.19/ip_auth.h Tue Jun 26 20:43:13 2001 --- ip_fil3.4.20/ip_auth.h Thu Jul 19 00:57:08 2001 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_auth.h,v 2.3.2.3 2001/06/26 10:43:13 darrenr Exp $ * */ #ifndef __IP_AUTH_H__ --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_auth.h,v 2.3.2.4 2001/07/18 14:57:08 darrenr Exp $ * */ #ifndef __IP_AUTH_H__ *************** *** 53,60 **** extern mb_t *fr_authpkts[]; extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *)); #if defined(__NetBSD__) || defined(__OpenBSD__) ! extern int fr_auth_ioctl __P((caddr_t, u_long, frentry_t *, frentry_t **)); #else ! extern int fr_auth_ioctl __P((caddr_t, int, frentry_t *, frentry_t **)); #endif #endif /* __IP_AUTH_H__ */ --- 53,60 ---- extern mb_t *fr_authpkts[]; extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *)); #if defined(__NetBSD__) || defined(__OpenBSD__) ! extern int fr_auth_ioctl __P((caddr_t, int, u_long, frentry_t *, frentry_t **)); #else ! extern int fr_auth_ioctl __P((caddr_t, int, int, frentry_t *, frentry_t **)); #endif #endif /* __IP_AUTH_H__ */ diff -cr ip_fil3.4.19/ip_compat.h ip_fil3.4.20/ip_compat.h *** ip_fil3.4.19/ip_compat.h Tue Jun 26 20:43:13 2001 --- ip_fil3.4.20/ip_compat.h Mon Jul 23 14:22:48 2001 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.26.2.15 2001/06/26 10:43:13 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.26.2.17 2001/07/23 04:22:48 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ *************** *** 25,30 **** --- 25,33 ---- #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif + #if SOLARIS && !defined(SOLARIS2) + # define SOLARIS2 4 /* Pick an old version */ + #endif #if SOLARIS2 >= 8 # ifndef USE_INET6 # define USE_INET6 *************** *** 468,474 **** (defined(OpenBSD) && (OpenBSD >= 199603)) # define IFNAME(x) ((struct ifnet *)x)->if_xname # else ! # define IFNAME(x) ((struct ifnet *)x)->if_name # endif # endif # endif /* sun */ --- 471,479 ---- (defined(OpenBSD) && (OpenBSD >= 199603)) # define IFNAME(x) ((struct ifnet *)x)->if_xname # else ! # define USE_GETIFNAME 1 ! # define IFNAME(x) get_ifname((struct ifnet *)x) ! extern char *get_ifname __P((struct ifnet *)); # endif # endif # endif /* sun */ *************** *** 593,599 **** # endif #endif /* SOLARIS */ - #if defined(linux) || defined(__sgi) /* * These #ifdef's are here mainly for linux, but who knows, they may * not be in other places or maybe one day linux will grow up and some --- 598,603 ---- *************** *** 632,637 **** --- 636,644 ---- #ifndef ICMP_MASKREPLY # define ICMP_MASKREPLY ICMP_ADDRESSREPLY #endif + #ifndef ICMP_PARAMPROB_OPTABSENT + # define ICMP_PARAMPROB_OPTABSENT 1 + #endif #ifndef IPVERSION # define IPVERSION 4 #endif *************** *** 719,725 **** #ifndef IPOPT_OLEN # define IPOPT_OLEN 1 #endif - #endif /* linux || __sgi */ #ifdef linux #include --- 726,731 ---- diff -cr ip_fil3.4.19/ip_fil.c ip_fil3.4.20/ip_fil.c *** ip_fil3.4.19/ip_fil.c Tue Jun 26 20:41:21 2001 --- ip_fil3.4.20/ip_fil.c Mon Jul 23 23:49:57 2001 *************** *** 3,13 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.30 2001/06/26 10:41:21 darrenr Exp $"; - #endif - #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif --- 3,8 ---- *************** *** 116,121 **** --- 111,121 ---- extern int ip_optcopy __P((struct ip *, struct ip *)); #endif + #if !defined(lint) + static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.34 2001/07/23 13:49:57 darrenr Exp $"; + #endif + extern struct protosw inetsw[]; *************** *** 518,524 **** if (!fr_running) error = EIO; else ! error = fr_auth_ioctl(data, cmd, NULL, NULL); SPL_X(s); return error; } --- 518,524 ---- if (!fr_running) error = EIO; else ! error = fr_auth_ioctl(data, mode, cmd, NULL, NULL); SPL_X(s); return error; } *************** *** 848,855 **** return EBUSY; if (fg && fg->fg_head) fg->fg_head->fr_ref--; - if (unit == IPL_LOGAUTH) - return fr_auth_ioctl(data, req, f, ftail); if (f->fr_grhead) fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, unit, set); --- 848,853 ---- *************** *** 863,870 **** if (f) error = EEXIST; else { - if (unit == IPL_LOGAUTH) - return fr_auth_ioctl(data, req, fp, ftail); KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) --- 861,866 ---- *************** *** 1096,1102 **** # ifdef IPSEC m->m_pkthdr.rcvif = NULL; # endif ! return ipfr_fastroute(m, fin, NULL); } --- 1092,1098 ---- # ifdef IPSEC m->m_pkthdr.rcvif = NULL; # endif ! return ipfr_fastroute(m, fin->fin_mp, fin, NULL); } *************** *** 1107,1113 **** int dst; { int err, hlen = 0, xtra = 0, iclen, ohlen = 0, avail, code; ! u_short shlen, slen, soff; struct in_addr dst4; struct icmp *icmp; struct mbuf *m; --- 1103,1109 ---- int dst; { int err, hlen = 0, xtra = 0, iclen, ohlen = 0, avail, code; ! u_short shlen, slen = 0, soff = 0; struct in_addr dst4; struct icmp *icmp; struct mbuf *m; *************** *** 1313,1320 **** } ! int ipfr_fastroute(m0, fin, fdp) ! struct mbuf *m0; fr_info_t *fin; frdest_t *fdp; { --- 1309,1316 ---- } ! int ipfr_fastroute(m0, mpp, fin, fdp) ! struct mbuf *m0, **mpp; fr_info_t *fin; frdest_t *fdp; { *************** *** 1367,1373 **** * currently "to " and "to :ip#" are not supported * for IPv6 */ ! return ip6_output(m0, NULL, NULL, 0, NULL, NULL); } #endif /* --- 1363,1371 ---- * currently "to " and "to :ip#" are not supported * for IPv6 */ ! error = ip6_output(m0, NULL, NULL, 0, NULL, NULL); ! *mpp = NULL; ! return error; } #endif /* *************** *** 1392,1398 **** */ if ((fr != NULL) && (fin->fin_rev != 0)) { if ((ifp != NULL) && (fdp == &fr->fr_tif)) ! return -1; dst->sin_addr = ip->ip_dst; } else if (fdp) { if (fdp->fd_ip.s_addr) { --- 1390,1396 ---- */ if ((fr != NULL) && (fin->fin_rev != 0)) { if ((ifp != NULL) && (fdp == &fr->fr_tif)) ! return 0; dst->sin_addr = ip->ip_dst; } else if (fdp) { if (fdp->fd_ip.s_addr) { *************** *** 1492,1497 **** --- 1490,1496 ---- # endif goto done; } + /* * Too large for interface; fragment if possible. * Must be able to put at least 8 bytes per fragment. *************** *** 1597,1603 **** if (ro->ro_rt) { RTFREE(ro->ro_rt); } ! return 0; bad: if (error == EMSGSIZE) { sifp = fin->fin_ifp; --- 1596,1603 ---- if (ro->ro_rt) { RTFREE(ro->ro_rt); } ! *mpp = NULL; ! return error; bad: if (error == EMSGSIZE) { sifp = fin->fin_ifp; *************** *** 1639,1644 **** --- 1639,1656 ---- return (ifp == iproute.ro_rt->rt_ifp); } + + # ifdef USE_GETIFNAME + char * + get_ifname(ifp) + struct ifnet *ifp; + { + static char workbuf[64]; + + sprintf(workbuf, "%s%d", ifp->if_name, ifp->if_unit); + return workbuf; + } + # endif #else /* #ifdef _KERNEL */ *************** *** 1792,1819 **** close(fd); } # endif - } - - - int ipfr_fastroute(ip, fin, fdp) - ip_t *ip; - fr_info_t *fin; - frdest_t *fdp; - { - struct ifnet *ifp = fdp->fd_ifp; - - if (!ifp) - return 0; /* no routing table out here */ - - ip->ip_len = htons((u_short)ip->ip_len); - ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); - ip->ip_sum = 0; - #ifdef __sgi - (*ifp->if_output)(ifp, (void *)ip, NULL); - #else - (*ifp->if_output)(ifp, (void *)ip, NULL, 0); - #endif - return 0; } --- 1804,1809 ---- diff -cr ip_fil3.4.19/ip_fil.h ip_fil3.4.20/ip_fil.h *** ip_fil3.4.19/ip_fil.h Tue Jun 26 20:41:32 2001 --- ip_fil3.4.20/ip_fil.h Sun Jul 15 23:51:42 2001 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_fil.h,v 2.29.2.8 2001/06/26 10:41:32 darrenr Exp $ */ #ifndef __IP_FIL_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_fil.h,v 2.29.2.10 2001/07/15 13:51:42 darrenr Exp $ */ #ifndef __IP_FIL_H__ *************** *** 153,158 **** --- 153,159 ---- #define fin_v fin_fi.fi_v #define fin_saddr fin_fi.fi_saddr #define fin_daddr fin_fi.fi_daddr + #define fin_fl fin_fi.fi_fl /* * Size for compares on fr_info structures *************** *** 168,173 **** --- 169,177 ---- void *fd_ifp; struct in_addr fd_ip; char fd_ifname[IFNAMSIZ]; + #if SOLARIS + mb_t *fd_mp; /* cache resolver for to/dup-to */ + #endif } frdest_t; typedef struct frpcmp { *************** *** 486,492 **** extern int send_reset __P((ip_t *, struct ifnet *)); extern int icmp_error __P((ip_t *, struct ifnet *)); extern int ipf_log __P((void)); - extern int ipfr_fastroute __P((ip_t *, fr_info_t *, frdest_t *)); extern struct ifnet *get_unit __P((char *, int)); # if defined(__NetBSD__) || defined(__OpenBSD__) || \ (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) --- 490,495 ---- *************** *** 532,538 **** # else /* SOLARIS */ extern int fr_check __P((ip_t *, int, void *, int, mb_t **)); extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **)); ! extern int ipfr_fastroute __P((mb_t *, fr_info_t *, frdest_t *)); extern size_t mbufchainlen __P((mb_t *)); # ifdef __sgi # include --- 535,541 ---- # else /* SOLARIS */ extern int fr_check __P((ip_t *, int, void *, int, mb_t **)); extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **)); ! extern int ipfr_fastroute __P((mb_t *, mb_t **, fr_info_t *, frdest_t *)); extern size_t mbufchainlen __P((mb_t *)); # ifdef __sgi # include diff -cr ip_fil3.4.19/ip_frag.c ip_fil3.4.20/ip_frag.c *** ip_fil3.4.19/ip_frag.c Tue Jun 26 20:43:13 2001 --- ip_fil3.4.20/ip_frag.c Mon Jul 16 08:06:15 2001 *************** *** 3,13 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.10.2.12 2001/06/26 10:43:13 darrenr Exp $"; - #endif - #if defined(KERNEL) && !defined(_KERNEL) # define _KERNEL #endif --- 3,8 ---- *************** *** 92,97 **** --- 87,97 ---- extern struct timeout ipfr_slowtimer_ch; #endif + #if !defined(lint) + static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.10.2.14 2001/07/15 22:06:15 darrenr Exp $"; + #endif + static ipfr_t *ipfr_heads[IPFT_SIZE]; static ipfr_t *ipfr_nattab[IPFT_SIZE]; *************** *** 149,155 **** if (ipfr_inuse >= IPFT_SIZE) return NULL; ! if (!(fin->fin_fi.fi_fl & FI_FRAG)) return NULL; frag.ipfr_p = ip->ip_p; --- 149,155 ---- if (ipfr_inuse >= IPFT_SIZE) return NULL; ! if (!(fin->fin_fl & FI_FRAG)) return NULL; frag.ipfr_p = ip->ip_p; *************** *** 247,255 **** --- 247,262 ---- nat_t *nat; { ipfr_t *ipf; + int off; if ((ip->ip_v != 4) || (fr_frag_lock)) return -1; + + off = fin->fin_off; + off <<= 3; + if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0)) + return NULL; + WRITE_ENTER(&ipf_natfrag); ipf = ipfr_new(ip, fin, pass, ipfr_nattab); if (ipf != NULL) { *************** *** 271,281 **** ipfr_t *table[]; { ipfr_t *f, frag; ! u_int idx; ! ! if (!(fin->fin_fi.fi_fl & FI_FRAG)) ! return NULL; ! /* * For fragments, we record protocol, packet id, TOS and both IP#'s * (these should all be the same for all fragments of a packet). --- 278,285 ---- ipfr_t *table[]; { ipfr_t *f, frag; ! u_int idx; ! /* * For fragments, we record protocol, packet id, TOS and both IP#'s * (these should all be the same for all fragments of a packet). *************** *** 307,321 **** IPFR_CMPSZ)) { u_short atoff, off; /* * XXX - We really need to be guarding against the * retransmission of (src,dst,id,offset-range) here * because a fragmented packet is never resent with * the same IP ID#. */ - off = ip->ip_off & IP_OFFMASK; if (f->ipfr_seen0) { ! if (!off || (fin->fin_fi.fi_fl & FI_SHORT)) continue; } else if (!off) f->ipfr_seen0 = 1; --- 311,326 ---- IPFR_CMPSZ)) { u_short atoff, off; + off = fin->fin_off; + /* * XXX - We really need to be guarding against the * retransmission of (src,dst,id,offset-range) here * because a fragmented packet is never resent with * the same IP ID#. */ if (f->ipfr_seen0) { ! if (!off || (fin->fin_fl & FI_SHORT)) continue; } else if (!off) f->ipfr_seen0 = 1; *************** *** 357,367 **** ip_t *ip; fr_info_t *fin; { ! nat_t *nat; ! ipfr_t *ipf; ! if ((ip->ip_v != 4) || (fr_frag_lock)) return NULL; READ_ENTER(&ipf_natfrag); ipf = ipfr_lookup(ip, fin, ipfr_nattab); if (ipf != NULL) { --- 362,379 ---- ip_t *ip; fr_info_t *fin; { ! ipfr_t *ipf; ! nat_t *nat; ! int off; ! if ((fin->fin_v != 4) || (fr_frag_lock)) ! return NULL; ! ! off = fin->fin_off; ! off <<= 3; ! if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0)) return NULL; + READ_ENTER(&ipf_natfrag); ipf = ipfr_lookup(ip, fin, ipfr_nattab); if (ipf != NULL) { *************** *** 387,401 **** ip_t *ip; fr_info_t *fin; { ! frentry_t *fr = NULL; ! ipfr_t *fra; ! if ((ip->ip_v != 4) || (fr_frag_lock)) return NULL; READ_ENTER(&ipf_frag); fra = ipfr_lookup(ip, fin, ipfr_heads); if (fra != NULL) fr = fra->ipfr_rule; RWLOCK_EXIT(&ipf_frag); return fr; } --- 399,422 ---- ip_t *ip; fr_info_t *fin; { ! frentry_t *fr; ! ipfr_t *fra; ! int off; ! if ((fin->fin_v != 4) || (fr_frag_lock)) return NULL; + + off = fin->fin_off; + off <<= 3; + if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0)) + return NULL; + READ_ENTER(&ipf_frag); fra = ipfr_lookup(ip, fin, ipfr_heads); if (fra != NULL) fr = fra->ipfr_rule; + else + fr = NULL; RWLOCK_EXIT(&ipf_frag); return fr; } diff -cr ip_fil3.4.19/ip_ftp_pxy.c ip_fil3.4.20/ip_ftp_pxy.c *** ip_fil3.4.19/ip_ftp_pxy.c Thu Jun 14 17:37:17 2001 --- ip_fil3.4.20/ip_ftp_pxy.c Sun Jul 15 23:50:54 2001 *************** *** 2,8 **** * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.25 2001/06/14 07:37:17 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; --- 2,8 ---- * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.26 2001/07/15 13:50:54 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; *************** *** 515,527 **** tcp2->th_win = htons(8192); tcp2->th_sport = 0; /* XXX - fake it for nat_new */ tcp2->th_off = 5; ! fi.fin_data[1] = a5 << 8 | a6; fi.fin_dlen = sizeof(*tcp2); ! tcp2->th_dport = htons(fi.fin_data[1]); ! fi.fin_data[0] = 0; fi.fin_dp = (char *)tcp2; fi.fin_fr = &natfr; ! fi.fin_out = 0; swip = ip->ip_src; swip2 = ip->ip_dst; fi.fin_fi.fi_daddr = ip->ip_src.s_addr; --- 515,527 ---- tcp2->th_win = htons(8192); tcp2->th_sport = 0; /* XXX - fake it for nat_new */ tcp2->th_off = 5; ! fi.fin_data[0] = a5 << 8 | a6; fi.fin_dlen = sizeof(*tcp2); ! tcp2->th_dport = htons(fi.fin_data[0]); ! fi.fin_data[1] = 0; fi.fin_dp = (char *)tcp2; fi.fin_fr = &natfr; ! fi.fin_out = 1; swip = ip->ip_src; swip2 = ip->ip_dst; fi.fin_fi.fi_daddr = ip->ip_src.s_addr; diff -cr ip_fil3.4.19/ip_lfil.c ip_fil3.4.20/ip_lfil.c *** ip_fil3.4.19/ip_lfil.c Tue Jun 26 20:43:13 2001 --- ip_fil3.4.20/ip_lfil.c Thu Jul 19 00:57:09 2001 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.1 2001/06/26 10:43:13 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.2 2001/07/18 14:57:09 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) *************** *** 335,341 **** break; } case SIOCATHST : ! error = fr_auth_ioctl(data, cmd, NULL, NULL); break; case SIOCFRSYN : if (!(mode & FWRITE)) --- 335,341 ---- break; } case SIOCATHST : ! error = fr_auth_ioctl(data, mode, cmd, NULL, NULL); break; case SIOCFRSYN : if (!(mode & FWRITE)) *************** *** 482,488 **** if (fg && fg->fg_head) fg->fg_head->fr_ref--; if (unit == IPL_LOGAUTH) ! return fr_auth_ioctl(data, req, f, ftail); if (f->fr_grhead) fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, unit, set); --- 482,488 ---- if (fg && fg->fg_head) fg->fg_head->fr_ref--; if (unit == IPL_LOGAUTH) ! return fr_auth_ioctl(data, mode, req, f, ftail); if (f->fr_grhead) fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, unit, set); *************** *** 495,501 **** error = EEXIST; else { if (unit == IPL_LOGAUTH) ! return fr_auth_ioctl(data, req, f, ftail); KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) --- 495,501 ---- error = EEXIST; else { if (unit == IPL_LOGAUTH) ! return fr_auth_ioctl(data, mode, req, f, ftail); KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) diff -cr ip_fil3.4.19/ip_nat.c ip_fil3.4.20/ip_nat.c *** ip_fil3.4.19/ip_nat.c Tue Jun 26 20:43:14 2001 --- ip_fil3.4.20/ip_nat.c Sat Jul 21 17:17:22 2001 *************** *** 5,15 **** * * Added redirect stuff and a LOT of bug fixes. (mcn@EnGarde.com) */ - #if !defined(lint) - static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.41 2001/06/26 10:43:14 darrenr Exp $"; - #endif - #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) #define _KERNEL #endif --- 5,10 ---- *************** *** 110,115 **** --- 105,115 ---- #undef SOCKADDR_IN #define SOCKADDR_IN struct sockaddr_in + #if !defined(lint) + static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.44 2001/07/21 07:17:22 darrenr Exp $"; + #endif + nat_t **nat_table[2] = { NULL, NULL }, *nat_instances = NULL; ipnat_t *nat_list = NULL; *************** *** 1468,1475 **** void nat_insert(nat) nat_t *nat; { nat_t **natp; - u_int hv; MUTEX_INIT(&nat->nat_lock, "nat entry lock", NULL); --- 1468,1475 ---- void nat_insert(nat) nat_t *nat; { + u_int hv1, hv2; nat_t **natp; MUTEX_INIT(&nat->nat_lock, "nat entry lock", NULL); *************** *** 1482,1499 **** nat->nat_next = nat_instances; nat_instances = nat; ! hv = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, ! ipf_nattable_sz); ! natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; nat->nat_phnext[0] = natp; nat->nat_hnext[0] = *natp; *natp = nat; ! hv = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, ! ipf_nattable_sz); ! natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; nat->nat_phnext[1] = natp; --- 1482,1511 ---- nat->nat_next = nat_instances; nat_instances = nat; ! if (!(nat->nat_flags & (FI_W_SPORT|FI_W_DPORT))) { ! hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport, ! 0xffffffff); ! hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport, ! ipf_nattable_sz); ! hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport, ! 0xffffffff); ! hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport, ! ipf_nattable_sz); ! } else { ! hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0, 0xffffffff); ! hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1, ipf_nattable_sz); ! hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0, 0xffffffff); ! hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2, ipf_nattable_sz); ! } ! ! natp = &nat_table[0][hv1]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; nat->nat_phnext[0] = natp; nat->nat_hnext[0] = *natp; *natp = nat; ! natp = &nat_table[1][hv2]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; nat->nat_phnext[1] = natp; *************** *** 1609,1615 **** ip_t *oip; int flags = 0; ! if ((fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK)) return NULL; /* * nat_icmplookup() will return NULL for `defective' packets. --- 1621,1627 ---- ip_t *oip; int flags = 0; ! if ((fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) return NULL; /* * nat_icmplookup() will return NULL for `defective' packets. *************** *** 1923,1929 **** sport = ports & 0xffff; flags &= IPN_TCPUDP; ! hv = NAT_HASH_FN(dst, dport, ipf_nattable_sz); nat = nat_table[1][hv]; for (; nat; nat = nat->nat_hnext[1]) { nflags = nat->nat_flags; --- 1935,1942 ---- sport = ports & 0xffff; flags &= IPN_TCPUDP; ! hv = NAT_HASH_FN(dst, dport, 0xffffffff); ! hv = NAT_HASH_FN(src.s_addr, hv + sport, ipf_nattable_sz); nat = nat_table[1][hv]; for (; nat; nat = nat->nat_hnext[1]) { nflags = nat->nat_flags; *************** *** 1941,1947 **** if (!rw) { RWLOCK_EXIT(&ipf_nat); } ! hv = NAT_HASH_FN(dst, 0, ipf_nattable_sz); if (!rw) { WRITE_ENTER(&ipf_nat); } --- 1954,1961 ---- if (!rw) { RWLOCK_EXIT(&ipf_nat); } ! hv = NAT_HASH_FN(dst, 0, 0xffffffff); ! hv = NAT_HASH_FN(src.s_addr, hv, ipf_nattable_sz); if (!rw) { WRITE_ENTER(&ipf_nat); } *************** *** 2005,2011 **** /* * Add into the NAT table in the new position */ ! hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, ipf_nattable_sz); natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; --- 2019,2026 ---- /* * Add into the NAT table in the new position */ ! hv = NAT_HASH_FN(nat->nat_inip.s_addr, sport, 0xffffffff); ! hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz); natp = &nat_table[0][hv]; if (*natp) (*natp)->nat_phnext[0] = &nat->nat_hnext[0]; *************** *** 2013,2019 **** nat->nat_hnext[0] = *natp; *natp = nat; ! hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, ipf_nattable_sz); natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; --- 2028,2035 ---- nat->nat_hnext[0] = *natp; *natp = nat; ! hv = NAT_HASH_FN(nat->nat_outip.s_addr, sport, 0xffffffff); ! hv = NAT_HASH_FN(nat->nat_oip.s_addr, hv + dport, ipf_nattable_sz); natp = &nat_table[1][hv]; if (*natp) (*natp)->nat_phnext[1] = &nat->nat_hnext[1]; *************** *** 2047,2053 **** flags &= IPN_TCPUDP; srcip = src.s_addr; ! hv = NAT_HASH_FN(srcip, sport, ipf_nattable_sz); nat = nat_table[0][hv]; for (; nat; nat = nat->nat_hnext[0]) { nflags = nat->nat_flags; --- 2063,2070 ---- flags &= IPN_TCPUDP; srcip = src.s_addr; ! hv = NAT_HASH_FN(srcip, sport, 0xffffffff); ! hv = NAT_HASH_FN(dst.s_addr, hv + dport, ipf_nattable_sz); nat = nat_table[0][hv]; for (; nat; nat = nat->nat_hnext[0]) { nflags = nat->nat_flags; *************** *** 2067,2072 **** --- 2084,2090 ---- RWLOCK_EXIT(&ipf_nat); } hv = NAT_HASH_FN(srcip, 0, ipf_nattable_sz); + hv = NAT_HASH_FN(dst.s_addr, hv, ipf_nattable_sz); if (!rw) { WRITE_ENTER(&ipf_nat); } *************** *** 2151,2158 **** } ft = &np->in_tuc; ! if (!(fin->fin_fi.fi_fl & FI_TCPUDP) || ! (fin->fin_fi.fi_fl & FI_SHORT) || (ip->ip_off & IP_OFFMASK)) { if (ft->ftu_scmp || ft->ftu_dcmp) return 0; return 1; --- 2169,2176 ---- } ft = &np->in_tuc; ! if (!(fin->fin_fl & FI_TCPUDP) || ! (fin->fin_fl & FI_SHORT) || (fin->fin_off != 0)) { if (ft->ftu_scmp || ft->ftu_dcmp) return 0; return 1; *************** *** 2190,2196 **** else ifp = fin->fin_ifp; ! if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) { if (ip->ip_p == IPPROTO_TCP) nflags = IPN_TCP; else if (ip->ip_p == IPPROTO_UDP) --- 2208,2214 ---- else ifp = fin->fin_ifp; ! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) { if (ip->ip_p == IPPROTO_TCP) nflags = IPN_TCP; else if (ip->ip_p == IPPROTO_UDP) *************** *** 2209,2215 **** if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_OUTBOUND))) icmpset = 1; ! else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) && (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p, --- 2227,2233 ---- if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_OUTBOUND))) icmpset = 1; ! else if ((fin->fin_fl & FI_FRAG) && (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; else if ((nat = nat_outlookup(ifp, nflags, (u_int)ip->ip_p, *************** *** 2287,2293 **** */ if (nat) { np = nat->nat_ptr; ! if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && np) ipfr_nat_newfrag(ip, fin, 0, nat); MUTEX_ENTER(&nat->nat_lock); nat->nat_age = fr_defnatage; --- 2305,2311 ---- */ if (nat) { np = nat->nat_ptr; ! if (natadd && (fin->fin_fl & FI_FRAG) && np) ipfr_nat_newfrag(ip, fin, 0, nat); MUTEX_ENTER(&nat->nat_lock); nat->nat_age = fr_defnatage; *************** *** 2321,2328 **** #endif ip->ip_src = nat->nat_outip; ! if (!(ip->ip_off & IP_OFFMASK) && ! !(fin->fin_fi.fi_fl & FI_SHORT)) { if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) { tcp->th_sport = nat->nat_outport; --- 2339,2345 ---- #endif ip->ip_src = nat->nat_outip; ! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) { if ((nat->nat_outport != 0) && (nflags & IPN_TCPUDP)) { tcp->th_sport = nat->nat_outport; *************** *** 2405,2411 **** if ((nat_list == NULL) || (ip->ip_v != 4) || (fr_nat_lock)) return 0; ! if (!(ip->ip_off & IP_OFFMASK) && !(fin->fin_fi.fi_fl & FI_SHORT)) { if (ip->ip_p == IPPROTO_TCP) nflags = IPN_TCP; else if (ip->ip_p == IPPROTO_UDP) --- 2422,2428 ---- if ((nat_list == NULL) || (ip->ip_v != 4) || (fr_nat_lock)) return 0; ! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) { if (ip->ip_p == IPPROTO_TCP) nflags = IPN_TCP; else if (ip->ip_p == IPPROTO_UDP) *************** *** 2426,2432 **** if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND))) icmpset = 1; ! else if ((ip->ip_off & (IP_OFFMASK|IP_MF)) && (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p, --- 2443,2449 ---- if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND))) icmpset = 1; ! else if ((fin->fin_fl & FI_FRAG) && (nat = ipfr_nat_knownfrag(ip, fin))) natadd = 0; else if ((nat = nat_inlookup(fin->fin_ifp, nflags, (u_int)ip->ip_p, *************** *** 2493,2499 **** if (nat) { np = nat->nat_ptr; fin->fin_fr = nat->nat_fr; ! if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && np) ipfr_nat_newfrag(ip, fin, 0, nat); if ((np->in_apr != NULL) && (np->in_dport == 0 || (tcp != NULL && sport == np->in_dport))) { --- 2510,2516 ---- if (nat) { np = nat->nat_ptr; fin->fin_fr = nat->nat_fr; ! if (natadd && (fin->fin_fl & FI_FRAG) && np) ipfr_nat_newfrag(ip, fin, 0, nat); if ((np->in_apr != NULL) && (np->in_dport == 0 || (tcp != NULL && sport == np->in_dport))) { *************** *** 2524,2531 **** else fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd); #endif ! if (!(ip->ip_off & IP_OFFMASK) && ! !(fin->fin_fi.fi_fl & FI_SHORT)) { if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) { tcp->th_dport = nat->nat_inport; --- 2541,2547 ---- else fix_outcksum(fin, &ip->ip_sum, nat->nat_ipsumd); #endif ! if ((fin->fin_off == 0) && !(fin->fin_fl & FI_SHORT)) { if ((nat->nat_inport != 0) && (nflags & IPN_TCPUDP)) { tcp->th_dport = nat->nat_inport; diff -cr ip_fil3.4.19/ip_proxy.c ip_fil3.4.20/ip_proxy.c *** ip_fil3.4.19/ip_proxy.c Tue Jun 26 20:43:16 2001 --- ip_fil3.4.20/ip_proxy.c Mon Jul 16 08:06:15 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.5 2001/06/26 10:43:16 darrenr Exp $"; - #endif - #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) # define _KERNEL #endif --- 3,8 ---- *************** *** 74,79 **** --- 70,79 ---- #include "netinet/ip_state.h" #if (__FreeBSD_version >= 300000) # include + #endif + + #if !defined(lint) + static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.6 2001/07/15 22:06:15 darrenr Exp $"; #endif diff -cr ip_fil3.4.19/ip_raudio_pxy.c ip_fil3.4.20/ip_raudio_pxy.c *** ip_fil3.4.19/ip_raudio_pxy.c Sat May 19 00:23:39 2001 --- ip_fil3.4.20/ip_raudio_pxy.c Mon Jul 23 14:17:56 2001 *************** *** 1,5 **** /* ! * $Id: ip_raudio_pxy.c,v 1.7.2.5 2001/05/18 14:23:39 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; --- 1,5 ---- /* ! * $Id: ip_raudio_pxy.c,v 1.7.2.6 2001/07/23 04:17:56 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; *************** *** 172,179 **** unsigned char membuf[IPF_MAXPORTLEN + 1], *s; tcphdr_t *tcp, tcph, *tcp2 = &tcph; raudio_t *rap = aps->aps_data; struct in_addr swa, swb; - int off, dlen, slen; int a1, a2, a3, a4; u_short sp, dp; fr_info_t fi; --- 172,179 ---- unsigned char membuf[IPF_MAXPORTLEN + 1], *s; tcphdr_t *tcp, tcph, *tcp2 = &tcph; raudio_t *rap = aps->aps_data; + int off, dlen, slen, clen; struct in_addr swa, swb; int a1, a2, a3, a4; u_short sp, dp; fr_info_t fi; *************** *** 204,216 **** if (dlen <= 0) return 0; bzero(membuf, sizeof(membuf)); ! copyout_mblk(m, off, MIN(sizeof(membuf), dlen), (char *)membuf); #else dlen = mbufchainlen(m) - off; if (dlen <= 0) return 0; bzero(membuf, sizeof(membuf)); ! m_copydata(m, off, MIN(sizeof(membuf), dlen), (char *)membuf); #endif seq = ntohl(tcp->th_seq); --- 204,218 ---- if (dlen <= 0) return 0; bzero(membuf, sizeof(membuf)); ! clen = MIN(sizeof(membuf), dlen); ! copyout_mblk(m, off, clen, (char *)membuf); #else dlen = mbufchainlen(m) - off; if (dlen <= 0) return 0; bzero(membuf, sizeof(membuf)); ! clen = MIN(sizeof(membuf), dlen); ! m_copydata(m, off, clen, (char *)membuf); #endif seq = ntohl(tcp->th_seq); *************** *** 219,225 **** * We only care for the first 19 bytes coming back from the server. */ if (rap->rap_sseq == 0) { ! s = (u_char *)memstr("PNA", (char *)membuf, 3, dlen); if (s == NULL) return 0; a1 = s - membuf; --- 221,227 ---- * We only care for the first 19 bytes coming back from the server. */ if (rap->rap_sseq == 0) { ! s = (u_char *)memstr("PNA", (char *)membuf, 3, clen); if (s == NULL) return 0; a1 = s - membuf; diff -cr ip_fil3.4.19/ip_sfil.c ip_fil3.4.20/ip_sfil.c *** ip_fil3.4.19/ip_sfil.c Tue Jun 26 20:43:16 2001 --- ip_fil3.4.20/ip_sfil.c Thu Jul 19 00:57:09 2001 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.10 2001/06/26 10:43:16 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.12 2001/07/18 14:57:09 darrenr Exp $"; #endif #include *************** *** 195,201 **** return error; } if (unit == IPL_LOGAUTH) { ! error = fr_auth_ioctl((caddr_t)data, cmd, NULL, NULL); RWLOCK_EXIT(&ipf_solaris); return error; } --- 195,201 ---- return error; } if (unit == IPL_LOGAUTH) { ! error = fr_auth_ioctl((caddr_t)data, mode, cmd, NULL, NULL); RWLOCK_EXIT(&ipf_solaris); return error; } *************** *** 456,461 **** --- 456,462 ---- } fdp = &fp->fr_dif; + fdp->fd_mp = NULL; fp->fr_flags &= ~FR_DUP; if (*fdp->fd_ifname) { ill = get_unit(fdp->fd_ifname, (int)fp->fr_v); *************** *** 489,494 **** --- 490,496 ---- } fdp = &fp->fr_tif; + fdp->fd_mp = NULL; if (*fdp->fd_ifname) { ill = get_unit(fdp->fd_ifname, (int)fp->fr_v); if (!ill) *************** *** 575,584 **** } if (fg && fg->fg_head) fg->fg_head->fr_ref--; - if (unit == IPL_LOGAUTH) { - error = fr_auth_ioctl(data, req, fp, ftail); - goto out; - } if (f->fr_grhead) fr_delgroup(f->fr_grhead, fp->fr_flags, unit, set); --- 577,582 ---- *************** *** 592,601 **** if (f) { error = EEXIST; } else { - if (unit == IPL_LOGAUTH) { - error = fr_auth_ioctl(data, req, fp, ftail); - goto out; - } KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) --- 590,595 ---- diff -cr ip_fil3.4.19/ip_state.c ip_fil3.4.20/ip_state.c *** ip_fil3.4.19/ip_state.c Tue Jun 26 20:43:16 2001 --- ip_fil3.4.20/ip_state.c Mon Jul 23 23:49:46 2001 *************** *** 3,13 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.35 2001/06/26 10:43:16 darrenr Exp $"; - #endif - #include #include #include --- 3,8 ---- *************** *** 95,100 **** --- 90,100 ---- # endif #endif + #if !defined(lint) + static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.38 2001/07/23 13:49:46 darrenr Exp $"; + #endif + #ifndef MIN # define MIN(a,b) (((a)<(b))?(a):(b)) #endif *************** *** 503,510 **** u_int pass; int out; ! if (fr_state_lock || (fin->fin_off & IP_OFFMASK) || ! (fin->fin_fi.fi_fl & FI_SHORT)) return NULL; if (ips_num == fr_statemax) { ips_stats.iss_max++; --- 503,509 ---- u_int pass; int out; ! if (fr_state_lock || (fin->fin_off != 0) || (fin->fin_fl & FI_SHORT)) return NULL; if (ips_num == fr_statemax) { ips_stats.iss_max++; *************** *** 664,670 **** is->is_secmsk = 0xffff; is->is_auth = fin->fin_fi.fi_auth; is->is_authmsk = 0xffff; ! is->is_flags = fin->fin_fi.fi_fl & FI_CMP; is->is_flags |= FI_CMP << 4; is->is_flags |= flags & (FI_WILDP|FI_WILDA); if (flags & (FI_WILDP|FI_WILDA)) --- 663,669 ---- is->is_secmsk = 0xffff; is->is_auth = fin->fin_fi.fi_auth; is->is_authmsk = 0xffff; ! is->is_flags = fin->fin_fl & FI_CMP; is->is_flags |= FI_CMP << 4; is->is_flags |= flags & (FI_WILDP|FI_WILDA); if (flags & (FI_WILDP|FI_WILDA)) *************** *** 689,695 **** #endif RWLOCK_EXIT(&ipf_state); fin->fin_rev = IP6NEQ(is->is_dst, fin->fin_fi.fi_dst); ! if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG)) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return is; } --- 688,694 ---- #endif RWLOCK_EXIT(&ipf_state); fin->fin_rev = IP6NEQ(is->is_dst, fin->fin_fi.fi_dst); ! if ((fin->fin_fl & FI_FRAG) && (pass & FR_KEEPFRAG)) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return is; } *************** *** 880,889 **** if (tcp == NULL) flags = is->is_flags & (FI_CMP|(FI_CMP<<4)); ! if (((fin->fin_fi.fi_fl & (flags >> 4)) != (flags & FI_CMP)) || ! ((fin->fin_fi.fi_optmsk & is->is_optmsk) != is->is_opt) || ! ((fin->fin_fi.fi_secmsk & is->is_secmsk) != is->is_sec) || ! ((fin->fin_fi.fi_auth & is->is_authmsk) != is->is_auth)) return 0; if ((flags & (FI_W_SPORT|FI_W_DPORT))) { --- 879,888 ---- if (tcp == NULL) flags = is->is_flags & (FI_CMP|(FI_CMP<<4)); ! if (((fin->fin_fl & (flags >> 4)) != (flags & FI_CMP)) || ! (fin->fin_fi.fi_optmsk != is->is_opt) || ! (fin->fin_fi.fi_secmsk != is->is_sec) || ! (fin->fin_fi.fi_auth != is->is_auth)) return 0; if ((flags & (FI_W_SPORT|FI_W_DPORT))) { *************** *** 933,948 **** if (ret >= 0) { is->is_ifp[ret] = ifp; #ifdef _KERNEL ! strncpy(is->is_ifname[out], IFNAME(fin->fin_ifp), ! sizeof(is->is_ifname[1])); #endif } - #ifdef _KERNEL - if (ret >= 0) { - strncpy(is->is_ifname[out], IFNAME(fin->fin_ifp), - sizeof(is->is_ifname[1])); - } - #endif fin->fin_rev = rev; return 1; } --- 932,941 ---- if (ret >= 0) { is->is_ifp[ret] = ifp; #ifdef _KERNEL ! strncpy(is->is_ifname[ret], IFNAME(fin->fin_ifp), ! sizeof(is->is_ifname[ret])); #endif } fin->fin_rev = rev; return 1; } *************** *** 1219,1226 **** frentry_t *fr; tcphdr_t *tcp; ! if (fr_state_lock || (fin->fin_off & IP_OFFMASK) || ! (fin->fin_fi.fi_fl & FI_SHORT)) return NULL; is = NULL; --- 1212,1218 ---- frentry_t *fr; tcphdr_t *tcp; ! if (fr_state_lock || (fin->fin_off != 0) || (fin->fin_fl & FI_SHORT)) return NULL; is = NULL; *************** *** 1363,1369 **** fr_delstate(is); #endif RWLOCK_EXIT(&ipf_state); ! if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG)) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return fr; } --- 1355,1361 ---- fr_delstate(is); #endif RWLOCK_EXIT(&ipf_state); ! if ((fin->fin_fl & FI_FRAG) && (pass & FR_KEEPFRAG)) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return fr; } diff -cr ip_fil3.4.19/ipf.c ip_fil3.4.20/ipf.c *** ip_fil3.4.19/ipf.c Thu Jun 28 23:53:31 2001 --- ip_fil3.4.20/ipf.c Wed Jul 18 21:34:19 2001 *************** *** 47,53 **** #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.9 2001/06/28 13:53:31 darrenr Exp $"; #endif #if SOLARIS --- 47,53 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.10 2001/07/18 11:34:19 darrenr Exp $"; #endif #if SOLARIS *************** *** 159,164 **** --- 159,165 ---- case 'V' : if (showversion()) exit(1); + break; case 'y' : frsync(); break; diff -cr ip_fil3.4.19/ipl.h ip_fil3.4.20/ipl.h *** ip_fil3.4.19/ipl.h Fri Jun 29 00:35:00 2001 --- ip_fil3.4.20/ipl.h Mon Jul 23 23:52:10 2001 *************** *** 4,15 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.22 2001/06/28 14:35:00 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.19" #endif --- 4,15 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.23 2001/07/23 13:52:10 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.20" #endif diff -cr ip_fil3.4.19/ipmon.c ip_fil3.4.20/ipmon.c *** ip_fil3.4.19/ipmon.c Tue Jun 26 20:43:18 2001 --- ip_fil3.4.20/ipmon.c Thu Jul 19 22:24:59 2001 *************** *** 3,13 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.11 2001/06/26 10:43:18 darrenr Exp $"; - #endif - #ifndef SOLARIS #define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun) #endif --- 3,8 ---- *************** *** 35,41 **** # include # include #endif ! #include #include #include #include --- 30,38 ---- # include # include #endif ! #if !defined(__SVR4) && !defined(__GNUC__) ! # include ! #endif #include #include #include *************** *** 68,73 **** --- 65,75 ---- #include "netinet/ip_nat.h" #include "netinet/ip_state.h" + #if !defined(lint) + static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.13 2001/07/19 12:24:59 darrenr Exp $"; + #endif + #if defined(sun) && !defined(SOLARIS2) #define STRERROR(x) sys_errlist[x] *************** *** 119,124 **** --- 121,127 ---- static void dumphex __P((FILE *, u_char *, int)); static int read_log __P((int, int *, char *, int)); static void write_pid __P((char *)); + static char *icmpname __P((u_int, u_int)); char *hostname __P((int, int, u_32_t *)); char *portname __P((int, char *, u_int)); *************** *** 131,137 **** static char **protocols = NULL; static char **udp_ports = NULL; static char **tcp_ports = NULL; ! #define OPT_SYSLOG 0x001 #define OPT_RESOLVE 0x002 --- 134,140 ---- static char **protocols = NULL; static char **udp_ports = NULL; static char **tcp_ports = NULL; ! static char *argv0 = "ipmon"; #define OPT_SYSLOG 0x001 #define OPT_RESOLVE 0x002 *************** *** 153,159 **** #endif ! void handlehup(sig) int sig; { FILE *fp; --- 156,204 ---- #endif ! #define ICMPUNREACHNAMES 14 ! static char *icmpunreachnames[ICMPUNREACHNAMES] = { ! "net", ! "host", ! "protocol", ! "port", ! "needfrag", ! "srcfail", ! "net_unknown", ! "host_unknown", ! "isolated", ! "net_prohib", ! "host_prohib", ! "tosnet", ! "toshost", ! "admin_prohibit" ! }; ! ! #define ICMPTYPES 19 ! static char *icmptypes[ICMPTYPES] = { ! "echoreply", ! NULL, ! NULL, ! "unreach", ! "sourcequench", ! "redirect", ! NULL, ! NULL, ! "echo", ! "routeradvert", ! "routersolicit", ! "timxceed", ! "paramprob", ! "timestamp", ! "timestampreply", ! "inforeq", ! "inforeply", ! "maskreq", ! "maskreply" ! }; ! ! ! static void handlehup(sig) int sig; { FILE *fp; *************** *** 263,268 **** --- 308,315 ---- int res, v; u_32_t *ip; { + # define MAX_INETA 16 + static char hname[MAXHOSTNAMELEN + MAX_INETA + 3]; #ifdef USE_INET6 static char hostbuf[MAXHOSTNAMELEN+1]; #endif *************** *** 276,283 **** hp = gethostbyaddr((char *)ip, sizeof(ip), AF_INET); if (!hp) return inet_ntoa(ipa); ! return hp->h_name; ! } #ifdef USE_INET6 (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1); --- 323,330 ---- hp = gethostbyaddr((char *)ip, sizeof(ip), AF_INET); if (!hp) return inet_ntoa(ipa); ! sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name, inet_ntoa(ipa)); ! return hname; } #ifdef USE_INET6 (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1); *************** *** 313,318 **** --- 360,426 ---- } + #define TYPECODE(x,y) (((x) << 8) | (y)) + + static char *icmpname(type, code) + u_int type; + u_int code; + { + static char name[80]; + char codeval[8], *s; + u_int typecode; + + sprintf(codeval, "%d", code); + + s = NULL; + if (type < ICMPTYPES) + s = icmptypes[type]; + if (s == NULL) + sprintf(name, "icmptype(%d)/", type); + else + sprintf(name, "%s/", s); + + if (type == ICMP_UNREACH) { + if (code >= ICMPUNREACHNAMES) + sprintf(name + strlen(name), "%d", code); + else + strcat(name, icmpunreachnames[code]); + } else { + typecode = (type << 8) | code; + + switch (typecode) + { + case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_NET) : + strcat(name, "net"); + break; + case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_HOST) : + strcat(name, "host"); + break; + case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_TOSNET) : + strcat(name, "tosnet"); + break; + case TYPECODE(ICMP_REDIRECT, ICMP_REDIRECT_TOSHOST) : + strcat(name, "toshost"); + break; + case TYPECODE(ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS) : + strcat(name, "intrans"); + break; + case TYPECODE(ICMP_TIMXCEED, ICMP_TIMXCEED_REASS) : + strcat(name, "reass"); + break; + case TYPECODE(ICMP_PARAMPROB, ICMP_PARAMPROB_OPTABSENT) : + strcat(name, "optabsent"); + break; + default: + strcat(name, codeval); + break; + } + } + + return name; + } + + static void dumphex(log, buf, len) FILE *log; u_char *buf; *************** *** 737,745 **** ic = (struct icmp *)((char *)ip + hl); (void) sprintf(t, "%s -> ", hostname(res, v, s)); t += strlen(t); ! (void) sprintf(t, "%s PR icmp len %hu %hu icmp %d/%d", hostname(res, v, d), hl, plen, ! ic->icmp_type, ic->icmp_code); if (ic->icmp_type == ICMP_UNREACH || ic->icmp_type == ICMP_SOURCEQUENCH || ic->icmp_type == ICMP_PARAMPROB || --- 845,853 ---- ic = (struct icmp *)((char *)ip + hl); (void) sprintf(t, "%s -> ", hostname(res, v, s)); t += strlen(t); ! (void) sprintf(t, "%s PR icmp len %hu %hu icmp %s", hostname(res, v, d), hl, plen, ! icmpname((u_int) ic->icmp_type, (u_int) ic->icmp_code)); if (ic->icmp_type == ICMP_UNREACH || ic->icmp_type == ICMP_SOURCEQUENCH || ic->icmp_type == ICMP_PARAMPROB || *************** *** 877,883 **** if ((fd = open(file, O_RDWR)) == -1) { (void) fprintf(stderr, "%s: open: %s\n", file,STRERROR(errno)); ! exit(-1); } if (ioctl(fd, SIOCIPFFB, &flushed) == 0) { --- 985,991 ---- if ((fd = open(file, O_RDWR)) == -1) { (void) fprintf(stderr, "%s: open: %s\n", file,STRERROR(errno)); ! exit(1); } if (ioctl(fd, SIOCIPFFB, &flushed) == 0) { *************** *** 940,946 **** int fd[3], doread, n, i; int tr, nr, regular[3], c; int fdt[3], devices = 0, make_daemon = 0; ! char buf[512], *iplfile[3], *s; extern int optind; extern char *optarg; --- 1048,1054 ---- int fd[3], doread, n, i; int tr, nr, regular[3], c; int fdt[3], devices = 0, make_daemon = 0; ! char buf[512], *iplfile[3]; extern int optind; extern char *optarg; *************** *** 950,955 **** --- 1058,1069 ---- iplfile[1] = IPNAT_NAME; iplfile[2] = IPSTATE_NAME; + argv0 = strrchr(argv[0], '/'); + if (argv0 == NULL) + argv0 = argv[0]; + else + argv0++; + while ((c = getopt(argc, argv, "?abDf:FhnN:o:O:pP:sS:tvxX")) != -1) switch (c) { *************** *** 1000,1012 **** pidfile = optarg; break; case 's' : ! s = strrchr(argv[0], '/'); ! if (s == NULL) ! s = argv[0]; ! else ! s++; ! openlog(s, LOG_NDELAY|LOG_PID, LOGFAC); ! s = NULL; opts |= OPT_SYSLOG; log = NULL; break; --- 1114,1120 ---- pidfile = optarg; break; case 's' : ! openlog(argv0, LOG_NDELAY|LOG_PID, LOGFAC); opts |= OPT_SYSLOG; log = NULL; break; *************** *** 1030,1036 **** default : case 'h' : case '?' : ! usage(argv[0]); } init_tabs(); --- 1138,1144 ---- default : case 'h' : case '?' : ! usage(argv0); } init_tabs(); *************** *** 1051,1063 **** (void) fprintf(stderr, "%s: open: %s\n", iplfile[i], STRERROR(errno)); ! exit(-1); } - if (fstat(fd[i], &sb) == -1) { (void) fprintf(stderr, "%d: fstat: %s\n",fd[i], STRERROR(errno)); ! exit(-1); } if (!(regular[i] = !S_ISCHR(sb.st_mode))) devices++; --- 1159,1172 ---- (void) fprintf(stderr, "%s: open: %s\n", iplfile[i], STRERROR(errno)); ! exit(1); ! /* NOTREACHED */ } if (fstat(fd[i], &sb) == -1) { (void) fprintf(stderr, "%d: fstat: %s\n",fd[i], STRERROR(errno)); ! exit(1); ! /* NOTREACHED */ } if (!(regular[i] = !S_ISCHR(sb.st_mode))) devices++; *************** *** 1068,1092 **** logfile = argv[optind]; log = logfile ? fopen(logfile, "a") : stdout; if (log == NULL) { - (void) fprintf(stderr, "%s: fopen: %s\n", argv[optind], STRERROR(errno)); ! exit(-1); } setvbuf(log, NULL, _IONBF, 0); } else log = NULL; if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) { ! if (fork() > 0) exit(0); ! write_pid(pidfile); close(0); close(1); ! close(2); ! setsid(); ! } else ! write_pid(pidfile); signal(SIGHUP, handlehup); --- 1177,1212 ---- logfile = argv[optind]; log = logfile ? fopen(logfile, "a") : stdout; if (log == NULL) { (void) fprintf(stderr, "%s: fopen: %s\n", argv[optind], STRERROR(errno)); ! exit(1); ! /* NOTREACHED */ } setvbuf(log, NULL, _IONBF, 0); } else log = NULL; if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) { ! #if BSD ! daemon(0, !(opts & OPT_SYSLOG)); ! #else ! int pid; ! if ((pid = fork()) > 0) exit(0); ! if (pid < 0) { ! (void) fprintf(stderr, "%s: fork() failed: %s\n", argv0, ! STRERROR(errno)); ! exit(1); ! /* NOTREACHED */ ! } ! setsid(); ! if ((opts & OPT_SYSLOG)) ! close(2); ! #endif /* !BSD */ close(0); close(1); ! } ! write_pid(pidfile); signal(SIGHUP, handlehup); *************** *** 1099,1106 **** continue; if (!regular[i]) { if (ioctl(fd[i], FIONREAD, &tr) == -1) { ! perror("ioctl(FIONREAD)"); ! exit(-1); } } else { tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size); --- 1219,1230 ---- continue; if (!regular[i]) { if (ioctl(fd[i], FIONREAD, &tr) == -1) { ! if (opts & OPT_SYSLOG) ! syslog(LOG_CRIT, "ioctl(FIONREAD): %m"); ! else ! perror("ioctl(FIONREAD)"); ! exit(1); ! /* NOTREACHED */ } } else { tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size); *************** *** 1125,1138 **** { case -1 : if (opts & OPT_SYSLOG) ! syslog(LOG_ERR, "read: %m\n"); else perror("read"); doread = 0; break; case 1 : if (opts & OPT_SYSLOG) ! syslog(LOG_ERR, "aborting logging\n"); else fprintf(log, "aborting logging\n"); doread = 0; --- 1249,1262 ---- { case -1 : if (opts & OPT_SYSLOG) ! syslog(LOG_CRIT, "read: %m\n"); else perror("read"); doread = 0; break; case 1 : if (opts & OPT_SYSLOG) ! syslog(LOG_CRIT, "aborting logging\n"); else fprintf(log, "aborting logging\n"); doread = 0; diff -cr ip_fil3.4.19/ipnat.c ip_fil3.4.20/ipnat.c *** ip_fil3.4.19/ipnat.c Tue Jun 26 20:43:19 2001 --- ip_fil3.4.20/ipnat.c Thu Jul 19 01:06:33 2001 *************** *** 55,61 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.8 2001/06/26 10:43:19 darrenr Exp $"; #endif --- 55,61 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.9 2001/07/18 15:06:33 darrenr Exp $"; #endif *************** *** 303,310 **** hostmap_t hm, *hmp, **maptable; natstat_t ns, *nsp = &ns; nat_t **nt[2], *np, nat; ipnat_t ipn; - u_int hv; bzero((char *)&ns, sizeof(ns)); --- 303,310 ---- hostmap_t hm, *hmp, **maptable; natstat_t ns, *nsp = &ns; nat_t **nt[2], *np, nat; + u_int hv, hv1, hv2; ipnat_t ipn; bzero((char *)&ns, sizeof(ns)); *************** *** 363,377 **** printf("\n\tage %lu use %hu sumd %s/", nat.nat_age, nat.nat_use, getsumd(nat.nat_sumd[0])); printf("%s pr %u bkt %d/%d flags %x ", getsumd(nat.nat_sumd[1]), nat.nat_p, ! (int)NAT_HASH_FN(nat.nat_inip.s_addr, ! nat.nat_inport, ! NAT_TABLE_SZ), ! (int)NAT_HASH_FN(nat.nat_outip.s_addr, ! nat.nat_outport, ! NAT_TABLE_SZ), ! nat.nat_flags); #ifdef USE_QUAD_T printf("bytes %qu pkts %qu", (unsigned long long)nat.nat_bytes, --- 363,383 ---- printf("\n\tage %lu use %hu sumd %s/", nat.nat_age, nat.nat_use, getsumd(nat.nat_sumd[0])); + hv1 = NAT_HASH_FN(nat.nat_inip.s_addr, + nat.nat_inport, + 0xffffffff), + hv1 = NAT_HASH_FN(nat.nat_oip.s_addr, + hv1 + nat.nat_oport, + NAT_TABLE_SZ), + hv2 = NAT_HASH_FN(nat.nat_outip.s_addr, + nat.nat_outport, + 0xffffffff), + hv2 = NAT_HASH_FN(nat.nat_oip.s_addr, + hv2 + nat.nat_oport, + NAT_TABLE_SZ), printf("%s pr %u bkt %d/%d flags %x ", getsumd(nat.nat_sumd[1]), nat.nat_p, ! hv1, hv2, nat.nat_flags); #ifdef USE_QUAD_T printf("bytes %qu pkts %qu", (unsigned long long)nat.nat_bytes, diff -cr ip_fil3.4.19/ipsend/arp.c ip_fil3.4.20/ipsend/arp.c *** ip_fil3.4.19/ipsend/arp.c Tue Jun 26 20:43:21 2001 --- ip_fil3.4.20/ipsend/arp.c Mon Jul 16 08:00:13 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $"; - #endif #include #include #include --- 3,8 ---- *************** *** 27,32 **** --- 23,33 ---- #include #include "ipsend.h" #include "iplang/iplang.h" + + #if !defined(lint) + static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: arp.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $"; + #endif /* diff -cr ip_fil3.4.19/ipsend/ip.c ip_fil3.4.20/ipsend/ip.c *** ip_fil3.4.19/ipsend/ip.c Tue Jun 26 20:43:21 2001 --- ip_fil3.4.20/ipsend/ip.c Mon Jul 16 08:00:13 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "%W% %G% (C)1995"; - static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.2 2001/06/26 10:43:21 darrenr Exp $"; - #endif #include #include #include --- 3,8 ---- *************** *** 31,36 **** --- 27,36 ---- #endif #include "ipsend.h" + #if !defined(lint) + static const char sccsid[] = "%W% %G% (C)1995"; + static const char rcsid[] = "@(#)$Id: ip.c,v 2.1.4.3 2001/07/15 22:00:13 darrenr Exp $"; + #endif static char *ipbuf = NULL, *ethbuf = NULL; diff -cr ip_fil3.4.19/ipsend/ipresend.c ip_fil3.4.20/ipsend/ipresend.c *** ip_fil3.4.19/ipsend/ipresend.c Tue Jun 26 20:43:21 2001 --- ip_fil3.4.20/ipsend/ipresend.c Mon Jul 16 08:00:13 2001 *************** *** 8,17 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.1 2001/06/26 10:43:21 darrenr Exp $"; - #endif #include #include #include --- 8,13 ---- *************** *** 31,36 **** --- 27,37 ---- #include #endif #include "ipsend.h" + + #if !defined(lint) + static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.1.4.2 2001/07/15 22:00:13 darrenr Exp $"; + #endif extern char *optarg; diff -cr ip_fil3.4.19/ipsend/ipsend.c ip_fil3.4.20/ipsend/ipsend.c *** ip_fil3.4.19/ipsend/ipsend.c Tue Jun 26 20:43:21 2001 --- ip_fil3.4.20/ipsend/ipsend.c Mon Jul 16 08:00:14 2001 *************** *** 8,17 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.2.2.2 2001/06/26 10:43:21 darrenr Exp $"; - #endif #include #include #include --- 8,13 ---- *************** *** 33,38 **** --- 29,39 ---- #endif #include "ipsend.h" #include "ipf.h" + + #if !defined(lint) + static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.2.2.3 2001/07/15 22:00:14 darrenr Exp $"; + #endif extern char *optarg; diff -cr ip_fil3.4.19/ipsend/ipsend.h ip_fil3.4.20/ipsend/ipsend.h *** ip_fil3.4.19/ipsend/ipsend.h Tue Jun 26 20:43:22 2001 --- ip_fil3.4.20/ipsend/ipsend.h Mon Jul 16 08:00:14 2001 *************** *** 63,65 **** --- 63,71 ---- #ifndef OPT_RAW #define OPT_RAW 0x80000 #endif + + #ifndef __STDC__ + # ifndef const + # define const + # endif + #endif diff -cr ip_fil3.4.19/ipsend/ipsopt.c ip_fil3.4.20/ipsend/ipsopt.c *** ip_fil3.4.19/ipsend/ipsopt.c Tue Jun 26 20:43:22 2001 --- ip_fil3.4.20/ipsend/ipsopt.c Mon Jul 16 08:00:14 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $"; - #endif #include #include #include --- 3,8 ---- *************** *** 23,35 **** #include #include "ipsend.h" ! ! #ifndef __P ! # ifdef __STDC__ ! # define __P(x) x ! # else ! # define __P(x) () ! # endif #endif --- 19,27 ---- #include #include "ipsend.h" ! #if !defined(lint) ! static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $"; #endif diff -cr ip_fil3.4.19/ipsend/iptest.c ip_fil3.4.20/ipsend/iptest.c *** ip_fil3.4.19/ipsend/iptest.c Tue Jun 26 20:43:22 2001 --- ip_fil3.4.20/ipsend/iptest.c Mon Jul 16 08:00:14 2001 *************** *** 8,17 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.1 2001/06/26 10:43:22 darrenr Exp $"; - #endif #include #include #include --- 8,13 ---- *************** *** 35,40 **** --- 31,41 ---- #include #endif #include "ipsend.h" + + #if !defined(lint) + static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: iptest.c,v 2.2.2.2 2001/07/15 22:00:14 darrenr Exp $"; + #endif extern char *optarg; diff -cr ip_fil3.4.19/ipsend/iptests.c ip_fil3.4.20/ipsend/iptests.c *** ip_fil3.4.19/ipsend/iptests.c Tue Jun 26 20:43:22 2001 --- ip_fil3.4.20/ipsend/iptests.c Mon Jul 16 08:00:14 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.1 2001/06/26 10:43:22 darrenr Exp $"; - #endif #include #include #include --- 3,8 ---- *************** *** 77,82 **** --- 73,83 ---- # include #endif #include "ipsend.h" + + #if !defined(lint) + static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $"; + #endif #define PAUSE() tv.tv_sec = 0; tv.tv_usec = 10000; \ diff -cr ip_fil3.4.19/ipsend/resend.c ip_fil3.4.20/ipsend/resend.c *** ip_fil3.4.19/ipsend/resend.c Tue Jun 26 20:43:22 2001 --- ip_fil3.4.20/ipsend/resend.c Mon Jul 16 08:00:14 2001 *************** *** 8,17 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $"; - #endif #include #include #include --- 8,13 ---- *************** *** 36,41 **** --- 32,43 ---- # endif #endif #include "ipsend.h" + + #if !defined(lint) + static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: resend.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $"; + #endif + extern int opts; diff -cr ip_fil3.4.19/ipsend/sock.c ip_fil3.4.20/ipsend/sock.c *** ip_fil3.4.19/ipsend/sock.c Tue Jun 26 20:43:22 2001 --- ip_fil3.4.20/ipsend/sock.c Mon Jul 16 08:00:14 2001 *************** *** 3,12 **** * * See the IPFILTER.LICENCE file for details on licencing. */ - #if !defined(lint) - static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; - static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.2 2001/06/26 10:43:22 darrenr Exp $"; - #endif #include #include #include --- 3,8 ---- *************** *** 63,68 **** --- 59,70 ---- #include #include #include "ipsend.h" + + #if !defined(lint) + static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; + static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.3 2001/07/15 22:00:14 darrenr Exp $"; + #endif + int nproc; struct proc *proc; diff -cr ip_fil3.4.19/kmem.c ip_fil3.4.20/kmem.c *** ip_fil3.4.19/kmem.c Tue Jun 26 20:43:19 2001 --- ip_fil3.4.20/kmem.c Mon Jul 16 08:06:16 2001 *************** *** 16,24 **** #include #include "kmem.h" #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.2 2001/06/26 10:43:19 darrenr Exp $"; #endif static int kmemfd = -1; --- 16,28 ---- #include #include "kmem.h" + #ifndef __STDC__ + # define const + #endif + #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.3 2001/07/15 22:06:16 darrenr Exp $"; #endif static int kmemfd = -1; diff -cr ip_fil3.4.19/natparse.c ip_fil3.4.20/natparse.c *** ip_fil3.4.19/natparse.c Tue Jun 26 20:43:20 2001 --- ip_fil3.4.20/natparse.c Wed Jul 18 00:33:09 2001 *************** *** 52,58 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.10 2001/06/26 10:43:20 darrenr Exp $"; #endif --- 52,58 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.11 2001/07/17 14:33:09 darrenr Exp $"; #endif *************** *** 556,562 **** } else ipn.in_pmin = 0; } else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) { ! if (strrchr(*cpp, '/') != NULL) { fprintf(stderr, "%d: No netmask supported in %s\n", linenum, "destination host for redirect"); return NULL; --- 556,562 ---- } else ipn.in_pmin = 0; } else if ((ipn.in_redir & NAT_BIMAP) == NAT_REDIRECT) { ! if (!*cpp || strrchr(*cpp, '/') != NULL) { fprintf(stderr, "%d: No netmask supported in %s\n", linenum, "destination host for redirect"); return NULL; diff -cr ip_fil3.4.19/solaris.c ip_fil3.4.20/solaris.c *** ip_fil3.4.19/solaris.c Wed Jun 27 02:27:16 2001 --- ip_fil3.4.20/solaris.c Thu Jul 19 00:58:28 2001 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.18 2001/06/26 16:27:16 darrenr Exp $" #include #include --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.20 2001/07/18 14:58:28 darrenr Exp $" #include #include *************** *** 798,809 **** #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { ! ip6->ip6_plen = htons(plen); } else { # endif __ipoff = (u_short)ip->ip_off; ! ip->ip_len = htons(plen); ip->ip_off = ntohs(__ipoff); # if SOLARIS2 >= 8 } --- 798,809 ---- #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { ! ip6->ip6_plen = plen - sizeof(*ip6); } else { # endif __ipoff = (u_short)ip->ip_off; ! ip->ip_len = plen; ip->ip_off = ntohs(__ipoff); # if SOLARIS2 >= 8 } *************** *** 828,834 **** #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { ! ip6->ip6_plen = htons(plen); } else { # endif __ipoff = (u_short)ip->ip_off; --- 828,834 ---- #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { ! ip6->ip6_plen = htons(plen - sizeof(*ip6)); } else { # endif __ipoff = (u_short)ip->ip_off; *************** *** 916,922 **** #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { ! ip6->ip6_plen = htons(plen); } else { # endif __ipoff = (u_short)ip->ip_off; --- 916,922 ---- #ifndef sparc # if SOLARIS2 >= 8 if (sap == IP6_DL_SAP) { ! ip6->ip6_plen = htons(plen - sizeof(*ip6)); } else { # endif __ipoff = (u_short)ip->ip_off; *************** *** 1447,1453 **** (hdrsizes[il->ill_type][0] == il->ill_type)) qif->qf_hl = hdrsizes[il->ill_type][1]; ! if (qif->qf_hl == 0) cmn_err(CE_WARN, "Unknown layer 2 header size for %s type %d", il->ill_name, il->ill_type); --- 1447,1453 ---- (hdrsizes[il->ill_type][0] == il->ill_type)) qif->qf_hl = hdrsizes[il->ill_type][1]; ! if (qif->qf_hl == 0 && il->ill_type != IFT_OTHER) cmn_err(CE_WARN, "Unknown layer 2 header size for %s type %d", il->ill_name, il->ill_type); *************** *** 1800,1806 **** * data, not the original, if and only if it is already pointing at * the current mblk data. */ ! if (ip == (ip_t *)qf->qf_m->b_rptr && qf->qf_m != mb) ip = (ip_t *)mb->b_rptr; /* --- 1800,1806 ---- * data, not the original, if and only if it is already pointing at * the current mblk data. */ ! if ((ip == (ip_t *)qf->qf_m->b_rptr) && (qf->qf_m != mb)) ip = (ip_t *)mb->b_rptr; /* *************** *** 1882,1887 **** --- 1882,1888 ---- if (ifp == NULL) goto bad_fastroute; fr = fin->fin_fr; + /* * In case we're here due to "to " being used with * "keep state", check that we're going in the correct *************** *** 1889,1895 **** */ if ((fr != NULL) && (fdp->fd_ifp != NULL) && (fin->fin_rev != 0) && (fdp == &fr->fr_tif)) ! return -1; fin->fin_ifp = ifp; if (fin->fin_out == 0) { --- 1890,1896 ---- */ if ((fr != NULL) && (fdp->fd_ifp != NULL) && (fin->fin_rev != 0) && (fdp == &fr->fr_tif)) ! return 1; fin->fin_ifp = ifp; if (fin->fin_out == 0) { *************** *** 1972,1977 **** --- 1973,1979 ---- READ_ENTER(&ipf_solaris); READ_ENTER(&ipfs_mutex); ipl_frouteok[0]++; + *mpp = NULL; return 0; } } *************** *** 1980,1985 **** --- 1982,1988 ---- mb->b_next = NULL; freemsg(mb); ipl_frouteok[1]++; + *mpp = NULL; return -1; }