diff -cr ip_fil3.4.8/HISTORY ip_fil3.4.9/HISTORY *** ip_fil3.4.8/HISTORY Wed Jul 19 23:40:03 2000 --- ip_fil3.4.9/HISTORY Tue Aug 8 01:10:10 2000 *************** *** 20,25 **** --- 20,51 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.4.9 08/08/2000 - Released + + implement new aging mechanism in fr_tcp_age() + + fix icmp state checking bug + + revamp buildsunos script and build both sparcv7/sparcv9 for Solaris + if on an Ultra with a 64bit system & compiler (Caseper Dik) + + open ipfilter device read only if we know we can + + print out better information for ICMP packets in ipmon + + move checking for source spoofed packets to a point where we can generate + logs of them + + return EFAULT from ircopyptr/iwcopyptr + + don't do ioctl(SIOCGETFS) for auth stats + + fix up freeing mbufs for post-4.3BSD + + fix returning of inc from ftp proxy + + fix bugs with ipfs -R/-W (Caseper Dik) + 3.4.8 19/07/2000 - Released create fake opt_inet6.h for FreeBSD-4 compile as LKM diff -cr ip_fil3.4.8/Makefile ip_fil3.4.9/Makefile *** ip_fil3.4.8/Makefile Tue Jul 18 23:58:10 2000 --- ip_fil3.4.9/Makefile Sun Aug 6 00:50:00 2000 *************** *** 5,11 **** # provided that this notice is preserved and due credit is given # to the original author and the contributors. # ! # $Id: Makefile,v 2.11.2.2 2000/07/18 13:58:10 darrenr Exp $ # BINDEST=/usr/local/bin SBINDEST=/sbin --- 5,11 ---- # provided that this notice is preserved and due credit is given # to the original author and the contributors. # ! # $Id: Makefile,v 2.11.2.3 2000/08/05 14:50:00 darrenr Exp $ # BINDEST=/usr/local/bin SBINDEST=/sbin *************** *** 15,20 **** --- 15,21 ---- #CC=gcc #CC=cc -Dconst= DEBUG=-g + TOP=../.. CFLAGS=-I$$(TOP) -g CPU=`uname -m` CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` *************** *** 63,69 **** "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ "CPUDIR=$(CPUDIR)" 'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' \ ! 'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' DEST="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)" # --- 64,71 ---- "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ "CPUDIR=$(CPUDIR)" 'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' \ ! 'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \ ! "BITS=$(BITS)" "OBJ=$(OBJ)" DEST="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)" # *************** *** 105,111 **** fi sunos solaris: include ! ./buildsunos freebsd22: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" --- 107,113 ---- fi sunos solaris: include ! ./buildsunos $(MFLAGS) freebsd22: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" *************** *** 132,138 **** echo "#define INET6" > opt_inet6.h; \ fi make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" ! (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "DLKM=-DKLD_MODULE"; cd ..) (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS1); cd ..) freebsd3 freebsd30: include --- 134,140 ---- echo "#define INET6" > opt_inet6.h; \ fi make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" ! (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko" "DLKM=-DKLD_MODULE -I/sys"; cd ..) (cd BSD/$(CPUDIR); make -f Makefile.ipsend TOP=../.. $(MFLAGS1); cd ..) freebsd3 freebsd30: include *************** *** 186,192 **** clean: clean-include ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \ ! vnode_if.h $(LKM) *~ opt_inet6.h (cd SunOS4; make clean) (cd SunOS5; make clean) (cd BSD; make clean) --- 188,195 ---- clean: clean-include ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \ ! vnode_if.h $(LKM) *~ ! ${RM} -rf sparcv7 sparcv9 (cd SunOS4; make clean) (cd SunOS5; make clean) (cd BSD; make clean) diff -cr ip_fil3.4.8/SunOS5/Makefile ip_fil3.4.9/SunOS5/Makefile *** ip_fil3.4.8/SunOS5/Makefile Mon Jun 5 23:11:08 2000 --- ip_fil3.4.9/SunOS5/Makefile Sun Aug 6 00:45:41 2000 *************** *** 6,12 **** # to the original author and the contributors. # BINDEST=/usr/local/bin ! SBINDEST=/sbin MANDIR=/usr/share/man CC=cc CFLAGS=-I$(TOP) --- 6,12 ---- # to the original author and the contributors. # BINDEST=/usr/local/bin ! SBINDEST=/sbin/$(OBJ) MANDIR=/usr/share/man CC=cc CFLAGS=-I$(TOP) *************** *** 15,24 **** # PKGDIR=$(ROOT)/opt/ipf PKGMAN=$(PKGDIR)/man ! PKGBIN=$(PKGDIR)/bin # TOP=.. - TMP=/tmp #CPU:sh=uname -p #REV:sh=uname -r CPUDIR=`uname -p`-`uname -r` --- 15,23 ---- # PKGDIR=$(ROOT)/opt/ipf PKGMAN=$(PKGDIR)/man ! PKGBIN=$(PKGDIR)/bin/$(OBJ) # TOP=.. #CPU:sh=uname -p #REV:sh=uname -r CPUDIR=`uname -p`-`uname -r` *************** *** 27,32 **** --- 26,37 ---- DEBUG=-g LIBS=-lsocket -lnsl -lelf DEF=-D_KERNEL -DSUNDDI + OBJ=. + PKG=ipf + PROTO=prototype + BITTYPE=`if [ "$(BITS)" = 64 ];then echo ' (64-bit)'; fi` + OBJDIR=$(CPUDIR)/$(OBJ) + TMP=/tmp/ipfpkgs ATON=-DNEED_INET_ATON ROOT=$(CPUDIR)/root ROOTINC=$(ROOT)/usr/include *************** *** 34,40 **** MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ 'CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ ! "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "CPUDIR=$(CPUDIR)" # ########## ########## ########## ########## ########## ########## ########## # --- 39,46 ---- MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ 'CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ ! "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "CPUDIR=$(CPUDIR)" \ ! "BITS=$(BITS)" "OBJ=$(OBJ)" # ########## ########## ########## ########## ########## ########## ########## # *************** *** 45,200 **** # DFLAGS=$(IPFLKM) $(IPFLOG) $(DEF) -DIPFILTER_LOG $(SOLARIS2) #-DIPFDEBUG ! MODOBJS=ip_sfil.o fil_k.o solaris.o ip_state.o ip_frag.o ip_nat.o ip_proxy.o \ ! ip_auth.o ip_log.o ! IPF=ipf.o parse.o common.o opt.o inet_addr.o facpri.o ! IPT=ipt.o parse.o common.o fil.o ipft_sn.o ipft_ef.o ipft_td.o ipft_pc.o \ ! opt.o ipft_tx.o misc.o ip_state_u.o ip_frag_u.o ip_nat_u.o inet_addr.o \ ! ip_fil_u.o ipft_hx.o ip_proxy_u.o ip_auth_u.o natparse.o facpri.o ! IPNAT=ipnat.o kmem.o natparse.o inet_addr.o common.o ! FILS=fils.o parse.o kmem.o opt.o inet_addr.o facpri.o common.o ! sunos5 solaris2 build: ipf.exe ipfstat ipftest ipmon ipnat ipf ipfs pkg: ipf.pkg ! ipfstat: $(FILS) $(CC) $(DEBUG) $(CFLAGS) $(FILS) -o $@ $(LIBS) $(STATETOP_LIB) ! ipf.exe: $(IPF) $(CC) $(DEBUG) $(CFLAGS) $(IPF) -o $@ $(LIBS) ! /bin/rm -f $(TOP)/ipf ! ln -s `pwd`/ipf.exe $(TOP)/ipf ! ipftest: $(IPT) $(CC) $(DEBUG) $(CFLAGS) $(IPT) -o $@ $(LIBS) ! /bin/rm -f $(TOP)/ipftest ! ln -s `pwd`/ipftest $(TOP)/ipftest ! ipnat: $(IPNAT) $(CC) $(CFLAGS) $(IPNAT) -o $@ $(LIBS) ! ipfs: ipfs.o ! $(CC) $(DEBUG) $(CFLAGS) ipfs.o -o $@ $(LIBS) tests: (cd test; make ) ! fils.o: $(TOP)/fils.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \ -c $(TOP)/fils.c -o $@ ! ipfs.o: $(TOP)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \ $(TOP)/ip_nat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipfs.c -o $@ ! fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/fil.c -o $@ ! fil_k.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) -I$(TOP) $(POLICY) $(DFLAGS) -c $(TOP)/fil.c -o $@ ! ipf.o: $(TOP)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipf.c -o $@ ! ipt.o: $(TOP)/ipt.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipt.c -o $@ ! misc.o: $(TOP)/misc.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/misc.c -o $@ ! inet_addr.o: $(TOP)/inet_addr.c $(CC) $(ATON) $(DEBUG) $(CFLAGS) -c $(TOP)/inet_addr.c -o $@ ! opt.o: $(TOP)/opt.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/opt.c -o $@ ! ipnat.o: $(TOP)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipnat.c -o $@ ! natparse.o: $(TOP)/natparse.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h \ $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/natparse.c -o $@ ! ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \ $(TOP)/snoop.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@ ! ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_ef.c -o $@ ! ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_td.c -o $@ ! ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@ ! ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_tx.c -o $@ ! ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_hx.c -o $@ ! ipf: $(MODOBJS) ld -r $(MODOBJS) -o $@ ! ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@ ! ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_state.c -o $@ ! ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_raudio_pxy.c $(TOP)/ip_nat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@ ! ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@ ! ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@ ! ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_nat.c -o $@ ! ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_frag.c -o $@ ! ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_state.c -o $@ ! ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_auth.c -o $@ ! ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_nat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_proxy.c -o $@ ! ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_fil.c -o $@ ! ip_sfil.o: $(TOP)/ip_sfil.c $(TOP)/ip_fil.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_sfil.c -o $@ ! ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_log.c -o $@ ! solaris.o: $(TOP)/solaris.c $(TOP)/ipl.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/solaris.c -o $@ ! kmem.o: $(TOP)/kmem.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/kmem.c -o $@ ! parse.o: $(TOP)/parse.c $(TOP)/ip_fil.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/parse.c -o $@ ! common.o: $(TOP)/common.c $(TOP)/ip_fil.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/common.c -o $@ ! facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/facpri.c -o $@ ! ipmon: $(TOP)/ipmon.c $(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS) clean: --- 51,226 ---- # DFLAGS=$(IPFLKM) $(IPFLOG) $(DEF) -DIPFILTER_LOG $(SOLARIS2) #-DIPFDEBUG ! MODOBJS=$(OBJ)/ip_sfil.o $(OBJ)/fil_k.o $(OBJ)/solaris.o $(OBJ)/ip_state.o \ ! $(OBJ)/ip_frag.o $(OBJ)/ip_nat.o $(OBJ)/ip_proxy.o $(OBJ)/ip_auth.o \ ! $(OBJ)/ip_log.o ! IPF=$(OBJ)/ipf.o $(OBJ)/parse.o $(OBJ)/common.o $(OBJ)/opt.o \ ! $(OBJ)/inet_addr.o $(OBJ)/facpri.o ! IPT=$(OBJ)/ipt.o $(OBJ)/parse.o $(OBJ)/common.o $(OBJ)/fil.o $(OBJ)/ipft_sn.o \ ! $(OBJ)/ipft_ef.o $(OBJ)/ipft_td.o $(OBJ)/ipft_pc.o $(OBJ)/opt.o \ ! $(OBJ)/ipft_tx.o $(OBJ)/misc.o $(OBJ)/ip_state_u.o $(OBJ)/ip_frag_u.o \ ! $(OBJ)/ip_nat_u.o $(OBJ)/inet_addr.o $(OBJ)/ip_fil_u.o \ ! $(OBJ)/ipft_hx.o $(OBJ)/ip_proxy_u.o $(OBJ)/ip_auth_u.o \ ! $(OBJ)/natparse.o $(OBJ)/facpri.o ! IPNAT=$(OBJ)/ipnat.o $(OBJ)/kmem.o $(OBJ)/natparse.o $(OBJ)/inet_addr.o \ ! $(OBJ)/common.o ! FILS=$(OBJ)/fils.o $(OBJ)/parse.o $(OBJ)/kmem.o $(OBJ)/opt.o \ ! $(OBJ)/inet_addr.o $(OBJ)/facpri.o $(OBJ)/common.o ! $(OBJ): ! @if [ ! -d $(OBJ) ]; then mkdir $(OBJ); fi ! ! ! sunos5 solaris2 build: $(OBJ) $(OBJ)/ipf.exe $(OBJ)/ipfstat $(OBJ)/ipftest \ ! $(OBJ)/ipmon $(OBJ)/ipnat $(OBJ)/ipf $(OBJ)/ipfs pkg: ipf.pkg ! $(OBJ)/ipfstat: $(FILS) $(CC) $(DEBUG) $(CFLAGS) $(FILS) -o $@ $(LIBS) $(STATETOP_LIB) ! $(OBJ)/ipf.exe: $(IPF) $(CC) $(DEBUG) $(CFLAGS) $(IPF) -o $@ $(LIBS) ! /bin/rm -f $(TOP)/ipf $(TOP)/$(OBJ)/ipf ! if [ -f /usr/lib/isaexec -a "$(OBJ)" != . ] ; then \ ! mkdir -p $(TOP)/$(OBJ); \ ! cp /usr/lib/isaexec $(TOP)/ipf; \ ! fi ! ln -s `pwd`/$(OBJ)/ipf.exe $(TOP)/$(OBJ)/ipf ! # Magic dependency on ipf.exe creates the $(TOP)/sparcv{7,9} directories. ! $(OBJ)/ipftest: $(IPT) $(OBJ)/ipf.exe $(CC) $(DEBUG) $(CFLAGS) $(IPT) -o $@ $(LIBS) ! /bin/rm -f $(TOP)/ipftest $(TOP)/$(OBJ)/ipftest ! if [ -f /usr/lib/isaexec -a "$(OBJ)" != . ] ; then \ ! ln $(TOP)/ipf $(TOP)/ipftest; \ ! fi ! ln -s `pwd`/$(OBJ)/ipftest $(TOP)/$(OBJ)/ipftest ! $(OBJ)/ipnat: $(IPNAT) $(CC) $(CFLAGS) $(IPNAT) -o $@ $(LIBS) ! $(OBJ)/ipfs: $(OBJ)/ipfs.o ! $(CC) $(DEBUG) $(CFLAGS) $(OBJ)/ipfs.o -o $@ $(LIBS) tests: (cd test; make ) ! $(OBJ)/fils.o: $(TOP)/fils.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \ -c $(TOP)/fils.c -o $@ ! $(OBJ)/ipfs.o: $(TOP)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \ $(TOP)/ip_nat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipfs.c -o $@ ! $(OBJ)/fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/fil.c -o $@ ! $(OBJ)/fil_k.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) -I$(TOP) $(POLICY) $(DFLAGS) -c $(TOP)/fil.c -o $@ ! $(OBJ)/ipf.o: $(TOP)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipf.c -o $@ ! $(OBJ)/ipt.o: $(TOP)/ipt.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipt.c -o $@ ! $(OBJ)/misc.o: $(TOP)/misc.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/misc.c -o $@ ! $(OBJ)/inet_addr.o: $(TOP)/inet_addr.c $(CC) $(ATON) $(DEBUG) $(CFLAGS) -c $(TOP)/inet_addr.c -o $@ ! $(OBJ)/opt.o: $(TOP)/opt.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/opt.c -o $@ ! $(OBJ)/ipnat.o: $(TOP)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipnat.c -o $@ ! $(OBJ)/natparse.o: $(TOP)/natparse.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h \ $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/natparse.c -o $@ ! $(OBJ)/ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \ $(TOP)/snoop.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@ ! $(OBJ)/ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_ef.c -o $@ ! $(OBJ)/ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_td.c -o $@ ! $(OBJ)/ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@ ! $(OBJ)/ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_tx.c -o $@ ! $(OBJ)/ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_hx.c -o $@ ! $(OBJ)/ipf: $(MODOBJS) ld -r $(MODOBJS) -o $@ ! $(OBJ)/ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@ ! $(OBJ)/ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_state.c -o $@ ! $(OBJ)/ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_raudio_pxy.c $(TOP)/ip_nat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@ ! $(OBJ)/ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@ ! $(OBJ)/ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@ ! $(OBJ)/ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_nat.c -o $@ ! $(OBJ)/ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_frag.c -o $@ ! $(OBJ)/ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_state.c -o $@ ! $(OBJ)/ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_auth.c -o $@ ! $(OBJ)/ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_nat.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_proxy.c -o $@ ! $(OBJ)/ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ip_fil.c -o $@ ! $(OBJ)/ip_sfil.o: $(TOP)/ip_sfil.c $(TOP)/ip_fil.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_sfil.c -o $@ ! $(OBJ)/ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/ip_log.c -o $@ ! $(OBJ)/solaris.o: $(TOP)/solaris.c $(TOP)/ipl.h $(CC) -I$(TOP) $(DFLAGS) -c $(TOP)/solaris.c -o $@ ! $(OBJ)/kmem.o: $(TOP)/kmem.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/kmem.c -o $@ ! $(OBJ)/parse.o: $(TOP)/parse.c $(TOP)/ip_fil.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/parse.c -o $@ ! $(OBJ)/common.o: $(TOP)/common.c $(TOP)/ip_fil.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/common.c -o $@ ! $(OBJ)/facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/facpri.c -o $@ ! $(OBJ)/ipmon: $(TOP)/ipmon.c $(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS) clean: *************** *** 204,210 **** ${RM} -f prototype pkginfo postinstall postremove copyright; \ ${RM} -f y.tab.? lex.yy.c; \ fi ! /bin/rm -rf */root ipf.pkg make -f Makefile.ipsend clean -(for i in *; do \ if [ -d $${i} -a -h $${i}/Makefile ] ; then \ --- 230,236 ---- ${RM} -f prototype pkginfo postinstall postremove copyright; \ ${RM} -f y.tab.? lex.yy.c; \ fi ! /bin/rm -rf */root ipf.pkg* sparcv7 sparcv9 make -f Makefile.ipsend clean -(for i in *; do \ if [ -d $${i} -a -h $${i}/Makefile ] ; then \ *************** *** 214,236 **** fi \ done) ! ipf.pkg: ! mkdir -p $(PKGBIN) $(ROOT)/$(SBINDEST) $(ROOT)/usr/kernel/drv $(ROOT)/etc/init.d ! mkdir -p $(ROOTINC)/netinet $(PKGDIR)/examples mkdir -p $(PKGMAN)/man1 $(PKGMAN)/man4 $(PKGMAN)/man5 $(PKGMAN)/man8 - -$(INSTALL) -c -s $(CPUDIR)/ipftest $(PKGBIN)/ipftest - -$(INSTALL) -c -s $(CPUDIR)/ipmon $(PKGBIN)/ipmon - -$(INSTALL) -c -s $(CPUDIR)/ipsend $(PKGBIN)/ipsend - -$(INSTALL) -c -s $(CPUDIR)/ipresend $(PKGBIN)/ipresend - -$(INSTALL) -c $(TOP)/mkfilters $(PKGBIN)/mkfilters - -$(INSTALL) -c $(CPUDIR)/ipf $(ROOT)/usr/kernel/drv/ipf - -$(INSTALL) -c ipf.conf $(ROOT)/usr/kernel/drv - -$(INSTALL) -c -s $(CPUDIR)/ipfs $(ROOT)/$(SBINDEST)/ipfs - -$(INSTALL) -c -s $(CPUDIR)/ipnat $(ROOT)/$(SBINDEST)/ipnat - -$(INSTALL) -c -s $(CPUDIR)/ipf.exe $(ROOT)/$(SBINDEST)/ipf - -$(INSTALL) -c -s $(CPUDIR)/ipfstat $(ROOT)/$(SBINDEST)/ipfstat -$(INSTALL) -c ipfboot $(ROOT)/etc/init.d -cp $(TOP)/man/*.[0-9] . -$(INSTALL) ipf.8 $(PKGMAN)/man8 -$(INSTALL) ipfs.8 $(PKGMAN)/man8 -$(INSTALL) ipnat.1 $(PKGMAN)/man1 --- 240,268 ---- fi \ done) ! ipf.pkg: ipf.pkg.common ! if [ -d $(CPUDIR)/sparcv7 ]; then \ ! $(MAKE) PROTO=prototype32 PKG=ipf OBJ=sparcv7 BITS=32 \ ! ipf.pkg.bin; \ ! $(MAKE) PROTO=prototype64 PKG=ipfx OBJ=sparcv9 BITS=64 \ ! ipf.pkg.bin; \ ! else \ ! $(MAKE) OBJ=. BITS= ipf.pkg.bin;\ ! fi ! touch $(CPUDIR)/ipf.pkg ! pkgtrans -s $(TMP) $(CPUDIR)/ipf.pkg `ls $(TMP)` ! /bin/rm -f ipf.pkg ! ln -s $(CPUDIR)/ipf.pkg ipf.pkg ! rm -rf $(TMP)/ipf* ! ! ! ipf.pkg.common: ! mkdir -p $(ROOTINC)/netinet $(PKGDIR)/examples $(ROOT)/usr/kernel/drv ! mkdir -p $(ROOT)/etc/init.d $(TMP) mkdir -p $(PKGMAN)/man1 $(PKGMAN)/man4 $(PKGMAN)/man5 $(PKGMAN)/man8 -$(INSTALL) -c ipfboot $(ROOT)/etc/init.d -cp $(TOP)/man/*.[0-9] . + -$(INSTALL) -c ipf.conf $(ROOT)/usr/kernel/drv -$(INSTALL) ipf.8 $(PKGMAN)/man8 -$(INSTALL) ipfs.8 $(PKGMAN)/man8 -$(INSTALL) ipnat.1 $(PKGMAN)/man1 *************** *** 255,273 **** -$(INSTALL) ip_frag.h $(ROOTINC)/netinet -$(INSTALL) ip_proxy.h $(ROOTINC)/netinet -$(INSTALL) ip_auth.h $(ROOTINC)/netinet ! -(cd $(CPUDIR); optisa sparcv9 >/dev/null 2>&1; if [ $$? -eq 0 ] ; then ln -s ../prototype64 prototype; else ln -s ../prototype .; fi) ! -(cd $(CPUDIR); ln -s ../copyright ../postinstall ../postremove .) ! -(cd $(CPUDIR); cat ../pkginfo | sed -e "s/ARCH=.*/ARCH=`uname -p` (${BITS}-bit)/" > pkginfo) ! (cd $(CPUDIR); pkgmk -o -d $(TMP)) ! touch $(CPUDIR)/ipf.pkg ! pkgtrans -s ${TMP} $(CPUDIR)/ipf.pkg ipf ! /bin/rm -f ipf.pkg ! ln -s $(CPUDIR)/ipf.pkg ipf.pkg ! rm -rf $(TMP)/ipf package install: ipf.pkg @if [ `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` != root ] ; then \ echo "Can only install if root"; \ exit 1; \ fi ! -pkgadd -d ipf.pkg --- 287,325 ---- -$(INSTALL) ip_frag.h $(ROOTINC)/netinet -$(INSTALL) ip_proxy.h $(ROOTINC)/netinet -$(INSTALL) ip_auth.h $(ROOTINC)/netinet ! touch $@ ! ! # ! # For 64 bit Solaris, we build 32 and 64 bit packages, but the 64 bit package ! # is smaller and only contains the 64 bit specific and not the common stuff. ! # ! ipf.pkg.bin: ! mkdir -p $(PKGBIN) $(ROOT)/$(SBINDEST) $(ROOT)/usr/kernel/drv/$(OBJ) ! -$(INSTALL) -c -s $(OBJDIR)/ipftest $(PKGBIN)/ipftest ! -$(INSTALL) -c -s $(OBJDIR)/ipmon $(PKGBIN)/ipmon ! -$(INSTALL) -c -s $(OBJDIR)/ipsend $(PKGBIN)/ipsend ! -$(INSTALL) -c -s $(OBJDIR)/ipresend $(PKGBIN)/ipresend ! -$(INSTALL) -c $(TOP)/mkfilters $(PKGBIN)/mkfilters ! -$(INSTALL) -c $(OBJDIR)/ipf $(ROOT)/usr/kernel/drv/$(OBJ)/ipf ! -$(INSTALL) -c -s $(OBJDIR)/ipnat $(ROOT)/$(SBINDEST)/ipnat ! -$(INSTALL) -c -s $(OBJDIR)/ipf.exe $(ROOT)/$(SBINDEST)/ipf ! -$(INSTALL) -c -s $(OBJDIR)/ipfs $(ROOT)/$(SBINDEST)/ipfs ! -$(INSTALL) -c -s $(OBJDIR)/ipfstat $(ROOT)/$(SBINDEST)/ipfstat ! #-(cd $(CPUDIR); rm -f copyright post* prototype pkginfo) ! -(cd $(CPUDIR); rm -f prototype) ! #-(cd $(CPUDIR); ln -s ../copyright ../postinstall ../postremove .) ! -(cd $(CPUDIR); ln -s ../$(PROTO) prototype) ! -sed -e 's/ipf/$(PKG)/' -e "s/NAME=.*/&$(BITTYPE)/" \ ! < pkginfo > $(CPUDIR)/pkginfo ! -if [ "$(BITS)" = 64 ]; then echo 'SUNW_ISA=sparcv9' >> $(CPUDIR)/pkginfo; fi ! (cd $(CPUDIR); pkgmk -a `uname -p` -o -d $(TMP)) ! package install: ipf.pkg @if [ `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` != root ] ; then \ echo "Can only install if root"; \ exit 1; \ fi ! # Must add ipfx before ipf or driver attach fails. ! -[ -d $(CPUDIR)/sparcv9 ] && pkgadd -d ipf.pkg ipfx ! -pkgadd -d ipf.pkg ipf diff -cr ip_fil3.4.8/SunOS5/Makefile.ipsend ip_fil3.4.9/SunOS5/Makefile.ipsend *** ip_fil3.4.8/SunOS5/Makefile.ipsend Thu Aug 5 03:30:47 1999 --- ip_fil3.4.9/SunOS5/Makefile.ipsend Sun Aug 6 00:45:43 2000 *************** *** 1,59 **** ! OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o ! IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o ! ROBJS=ipresend.o ip.o resend.o $(IPFTO) inet_addr.o opt.o ! TOBJS=iptest.o iptests.o ip.o ! UNIXOBJS=dlcommon.o sdlpi.o arp.o LIBS=-lsocket -lnsl CC=gcc CFLAGS=-g -I$$(TOP) -Dsolaris ! all build dlpi sunos5 : ipsend ipresend iptest .c.o: $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ ! y.tab.o: $(TOP)/iplang/iplang_y.y ! (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)') ! lex.yy.o: $(TOP)/iplang/iplang_l.l ! (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)' 'CFLAGS=$(CFLAGS)') ! ipsend: $(OBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll ! ipresend: $(ROBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) ! iptest: $(TOBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) clean: rm -rf *.o core a.out ipsend ipresend iptest ! ipsend.o: $(TOP)/ipsend/ipsend.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsend.c -o $@ ! ipsopt.o: $(TOP)/ipsend/ipsopt.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsopt.c -o $@ ! ipresend.o: $(TOP)/ipsend/ipresend.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipresend.c -o $@ ! ip.o: $(TOP)/ipsend/ip.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ip.c -o $@ ! resend.o: $(TOP)/ipsend/resend.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/resend.c -o $@ ! ipft_sn.o: $(TOP)/ipft_sn.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@ ! ipft_pc.o: $(TOP)/ipft_pc.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@ ! iptest.o: $(TOP)/ipsend/iptest.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptest.c -o $@ ! iptests.o: $(TOP)/ipsend/iptests.c $(CC) $(DEBUG) $(CFLAGS) -Dsolaris -c $(TOP)/ipsend/iptests.c -o $@ ! sock.o: $(TOP)/ipsend/sock.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sock.c -o $@ ! arp.o: $(TOP)/ipsend/arp.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/arp.c -o $@ ! dlcommon.o: $(TOP)/ipsend/dlcommon.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/dlcommon.c -o $@ ! sdlpi.o: $(TOP)/ipsend/sdlpi.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sdlpi.c -o $@ --- 1,63 ---- ! OBJ=. ! BITS=32 ! OBJS=$(OBJ)/ipsend.o $(OBJ)/ip.o $(OBJ)/ipsopt.o $(OBJ)/y.tab.o $(OBJ)/lex.yy.o ! IPFTO=$(OBJ)/ipft_ef.o $(OBJ)/ipft_hx.o $(OBJ)/ipft_pc.o $(OBJ)/ipft_sn.o \ ! $(OBJ)/ipft_td.o $(OBJ)/ipft_tx.o ! ROBJS=$(OBJ)/ipresend.o $(OBJ)/ip.o $(OBJ)/resend.o $(IPFTO) \ ! $(OBJ)/inet_addr.o $(OBJ)/opt.o ! TOBJS=$(OBJ)/iptest.o $(OBJ)/iptests.o $(OBJ)/ip.o ! UNIXOBJS=$(OBJ)/dlcommon.o $(OBJ)/sdlpi.o $(OBJ)/arp.o LIBS=-lsocket -lnsl CC=gcc CFLAGS=-g -I$$(TOP) -Dsolaris ! all build dlpi sunos5 : $(OBJ)/ipsend $(OBJ)/ipresend $(OBJ)/iptest .c.o: $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ ! $(OBJ)/y.tab.o: $(TOP)/iplang/iplang_y.y ! (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ=$(OBJ)') ! $(OBJ)/lex.yy.o: $(TOP)/iplang/iplang_l.l ! (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPUDIR)/$@ 'DESTDIR=../SunOS5/$(CPUDIR)/$(OBJ)' 'CFLAGS=$(CFLAGS)' 'OBJ=$(OBJ)') ! $(OBJ)/ipsend: $(OBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll ! $(OBJ)/ipresend: $(ROBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) ! $(OBJ)/iptest: $(TOBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) clean: rm -rf *.o core a.out ipsend ipresend iptest ! $(OBJ)/ipsend.o: $(TOP)/ipsend/ipsend.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsend.c -o $@ ! $(OBJ)/ipsopt.o: $(TOP)/ipsend/ipsopt.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsopt.c -o $@ ! $(OBJ)/ipresend.o: $(TOP)/ipsend/ipresend.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipresend.c -o $@ ! $(OBJ)/ip.o: $(TOP)/ipsend/ip.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ip.c -o $@ ! $(OBJ)/resend.o: $(TOP)/ipsend/resend.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/resend.c -o $@ ! $(OBJ)/ipft_sn.o: $(TOP)/ipft_sn.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@ ! $(OBJ)/ipft_pc.o: $(TOP)/ipft_pc.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@ ! $(OBJ)/iptest.o: $(TOP)/ipsend/iptest.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptest.c -o $@ ! $(OBJ)/iptests.o: $(TOP)/ipsend/iptests.c $(CC) $(DEBUG) $(CFLAGS) -Dsolaris -c $(TOP)/ipsend/iptests.c -o $@ ! $(OBJ)/sock.o: $(TOP)/ipsend/sock.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sock.c -o $@ ! $(OBJ)/arp.o: $(TOP)/ipsend/arp.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/arp.c -o $@ ! $(OBJ)/dlcommon.o: $(TOP)/ipsend/dlcommon.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/dlcommon.c -o $@ ! $(OBJ)/sdlpi.o: $(TOP)/ipsend/sdlpi.c $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sdlpi.c -o $@ diff -cr ip_fil3.4.8/SunOS5/pkginfo ip_fil3.4.9/SunOS5/pkginfo *** ip_fil3.4.8/SunOS5/pkginfo Wed Jul 19 23:40:04 2000 --- ip_fil3.4.9/SunOS5/pkginfo Tue Aug 8 01:10:11 2000 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.8 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=3.4.9 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil3.4.8/SunOS5/prototype ip_fil3.4.9/SunOS5/prototype *** ip_fil3.4.8/SunOS5/prototype Sat Feb 26 20:26:53 2000 --- ip_fil3.4.9/SunOS5/prototype Sun Aug 6 00:45:09 2000 *************** *** 1,8 **** i pkginfo ! i copyright !default 0755 root root ! i postinstall ! i postremove d none /opt ? root sys d none /opt/ipf d none /opt/ipf/man --- 1,8 ---- i pkginfo ! i copyright=../copyright !default 0755 root root ! i postinstall=../postinstall ! i postremove=../postremove d none /opt ? root sys d none /opt/ipf d none /opt/ipf/man Only in ip_fil3.4.9/SunOS5: prototype32 diff -cr ip_fil3.4.8/SunOS5/prototype64 ip_fil3.4.9/SunOS5/prototype64 *** ip_fil3.4.8/SunOS5/prototype64 Sun Aug 1 23:18:16 1999 --- ip_fil3.4.9/SunOS5/prototype64 Sun Aug 6 00:45:09 2000 *************** *** 1,82 **** i pkginfo ! i copyright !default 0755 root root - i postinstall - i postremove - d none /opt ? root sys - d none /opt/ipf - d none /opt/ipf/man - d none /opt/ipf/man/man1 - d none /opt/ipf/man/man1m - d none /opt/ipf/man/man4 - d none /opt/ipf/man/man5 - d none /opt/ipf/man/man8 - d none /opt/ipf/bin - f none /opt/ipf/bin/ipftest=root/opt/ipf/bin/ipftest - f none /opt/ipf/bin/ipmon=root/opt/ipf/bin/ipmon - f none /opt/ipf/bin/ipsend=root/opt/ipf/bin/ipsend - f none /opt/ipf/bin/ipresend=root/opt/ipf/bin/ipresend - f none /opt/ipf/bin/mkfilters=root/opt/ipf/bin/mkfilters - d none /opt/ipf/examples d none /usr ? root sys - d none /usr/include ? root bin - d none /usr/include/netinet ? bin bin d none /usr/kernel ? root sys d none /usr/kernel/drv ? root sys ! f none /usr/kernel/drv/ipf=root/usr/kernel/drv/ipf ! l none /usr/kernel/drv/sparcv9/ipf=/usr/kernel/drv/ipf ! d none /sbin ? root sys ! f none /sbin/ipfstat=root/sbin/ipfstat ! f none /sbin/ipf=root/sbin/ipf ! f none /sbin/ipnat=root/sbin/ipnat ! d none /etc ? root sys ! d none /etc/init.d ? root sys ! f none /etc/init.d/ipfboot=root/etc/init.d/ipfboot ! d none /etc/rc2.d ? root sys ! l none /etc/rc2.d/S65ipfboot=/etc/init.d/ipfboot ! d none /etc/opt ? root sys ! d none /etc/opt/ipf 755 root sys ! !default 0444 root root ! f none /opt/ipf/man/man8/ipfstat.8=root/opt/ipf/man/man8/ipfstat.8 ! f none /opt/ipf/man/man8/ipmon.8=root/opt/ipf/man/man8/ipmon.8 ! f none /opt/ipf/man/man8/ipf.8=root/opt/ipf/man/man8/ipf.8 ! f none /opt/ipf/man/man1/ipnat.1=root/opt/ipf/man/man1/ipnat.1 ! f none /opt/ipf/man/man1/ipftest.1=root/opt/ipf/man/man1/ipftest.1 ! f none /opt/ipf/man/man1/mkfilters.1=root/opt/ipf/man/man1/mkfilters.1 ! f none /opt/ipf/man/man4/ipf.4=root/opt/ipf/man/man4/ipf.4 ! f none /opt/ipf/man/man4/ipl.4=root/opt/ipf/man/man4/ipl.4 ! f none /opt/ipf/man/man4/ipnat.4=root/opt/ipf/man/man4/ipnat.4 ! f none /opt/ipf/man/man5/ipf.5=root/opt/ipf/man/man5/ipf.5 ! f none /opt/ipf/man/man5/ipnat.5=root/opt/ipf/man/man5/ipnat.5 ! f none /usr/kernel/drv/ipf.conf=root/usr/kernel/drv/ipf.conf ! f none /usr/include/netinet/ip_fil.h=root/usr/include/netinet/ip_fil.h ! f none /usr/include/netinet/ip_auth.h=root/usr/include/netinet/ip_auth.h ! f none /usr/include/netinet/ip_compat.h=root/usr/include/netinet/ip_compat.h ! f none /usr/include/netinet/ip_frag.h=root/usr/include/netinet/ip_frag.h ! f none /usr/include/netinet/ip_nat.h=root/usr/include/netinet/ip_nat.h ! f none /usr/include/netinet/ip_proxy.h=root/usr/include/netinet/ip_proxy.h ! f none /usr/include/netinet/ip_state.h=root/usr/include/netinet/ip_state.h ! f none /opt/ipf/examples/example.1=root/opt/ipf/examples/example.1 ! f none /opt/ipf/examples/example.2=root/opt/ipf/examples/example.2 ! f none /opt/ipf/examples/example.3=root/opt/ipf/examples/example.3 ! f none /opt/ipf/examples/example.4=root/opt/ipf/examples/example.4 ! f none /opt/ipf/examples/example.5=root/opt/ipf/examples/example.5 ! f none /opt/ipf/examples/example.6=root/opt/ipf/examples/example.6 ! f none /opt/ipf/examples/example.7=root/opt/ipf/examples/example.7 ! f none /opt/ipf/examples/example.8=root/opt/ipf/examples/example.8 ! f none /opt/ipf/examples/example.9=root/opt/ipf/examples/example.9 ! f none /opt/ipf/examples/example.10=root/opt/ipf/examples/example.10 ! f none /opt/ipf/examples/example.11=root/opt/ipf/examples/example.11 ! f none /opt/ipf/examples/example.12=root/opt/ipf/examples/example.12 ! f none /opt/ipf/examples/example.13=root/opt/ipf/examples/example.13 ! f none /opt/ipf/examples/example.sr=root/opt/ipf/examples/example.sr ! f none /opt/ipf/examples/nat.eg=root/opt/ipf/examples/nat.eg ! f none /opt/ipf/examples/server=root/opt/ipf/examples/server ! f none /opt/ipf/examples/tcpstate=root/opt/ipf/examples/tcpstate ! f none /opt/ipf/examples/BASIC.NAT=root/opt/ipf/examples/BASIC.NAT ! f none /opt/ipf/examples/BASIC_1.FW=root/opt/ipf/examples/BASIC_1.FW ! f none /opt/ipf/examples/BASIC_2.FW=root/opt/ipf/examples/BASIC_2.FW ! f none /opt/ipf/examples/firewall=root/opt/ipf/examples/firewall ! f none /opt/ipf/examples/ftp-proxy=root/opt/ipf/examples/ftp-proxy ! f none /opt/ipf/examples/ftppxy=root/opt/ipf/examples/ftppxy ! f none /opt/ipf/examples/nat-setup=root/opt/ipf/examples/nat-setup --- 1,16 ---- i pkginfo ! #i preinstall=../preinstall ! i copyright=../copyright !default 0755 root root d none /usr ? root sys d none /usr/kernel ? root sys d none /usr/kernel/drv ? root sys ! d none /usr/kernel/drv/sparcv9 ? root sys ! f none /usr/kernel/drv/sparcv9/ipf=root/usr/kernel/drv/sparcv9/ipf ! d none /usr/sbin ? root sys ! d none /usr/sbin/sparcv9 ? ? ? ! f none /usr/sbin/sparcv9/ipfstat=root/sbin/sparcv9/ipfstat ! f none /usr/sbin/sparcv9/ipf=root/sbin/sparcv9/ipf ! f none /usr/sbin/sparcv9/ipfs=root/sbin/sparcv9/ipfs ! f none /usr/sbin/sparcv9/ipnat=root/sbin/sparcv9/ipnat ! f none /usr/sbin/sparcv9/ipmon=root/opt/ipf/bin/sparcv9/ipmon diff -cr ip_fil3.4.8/buildsunos ip_fil3.4.9/buildsunos *** ip_fil3.4.8/buildsunos Fri Apr 28 21:13:51 2000 --- ip_fil3.4.9/buildsunos Tue Aug 8 23:15:34 2000 *************** *** 3,15 **** echo "Do NOT run this script directly, do 'make solaris'!" exit 1 fi ! # $Id: buildsunos,v 2.5.2.1 2000/04/28 11:13:51 darrenr Exp $ : rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'` if [ -d /usr/ccs/bin ] ; then PATH=/usr/ccs/bin:${PATH} fi if [ $rev = 5 ] ; then cpu=`uname -p` cpudir=${cpu}-`uname -r` solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'` --- 3,23 ---- echo "Do NOT run this script directly, do 'make solaris'!" exit 1 fi ! # $Id: buildsunos,v 2.5.2.4 2000/08/08 11:40:22 darrenr Exp $ : rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'` if [ -d /usr/ccs/bin ] ; then PATH=/usr/ccs/bin:${PATH} + export PATH fi + if [ $rev = 5 ] ; then + # + # /usr/ucb/cc will not work + # + PATH=`echo $PATH | sed -e s:/usr/ucb::g -e s/::/:/g` + export PATH + cpu=`uname -p` cpudir=${cpu}-`uname -r` solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'` *************** *** 20,58 **** /bin/rm -f SunOS5/${cpudir}/Makefile.ipsend ln -s `pwd`/SunOS5/Makefile SunOS5/${cpudir}/Makefile ln -s `pwd`/SunOS5/Makefile.ipsend SunOS5/${cpudir}/Makefile.ipsend ! ARCHINC= ! XARCH= ! /bin/optisa sparcv9 >/dev/null 2>&1 ! if [ $? -eq 0 ] ; then ! if [ ! -d /opt/SUNWspro/bin ] ; then ! echo "You must have SUNWspro to build a 64bit ipf" exit 1 fi fi ! if [ -d /opt/SUNWspro/bin ] ; then ! CC="/opt/SUNWspro/bin/cc ${CFL}" ! XARCH="-Xa -xF -xildoff" ! export CC ! /bin/optisa sparcv9 >/dev/null 2>&1 ! if [ $? -eq 0 ] ; then ! ARCHINC="-I/usr/include/v9" ! XARCH="${XARCH} -xarch=v9 -xchip=ultra -dalign" ! XARCH="${XARCH} -xcode=abs32" fi else ! CC=gcc fi else cpu=`uname -m` cpudir=${cpu}-`uname -r` fi if [ $cpu = i386 ] ; then ! make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC" exit $? fi if [ x$solrev = x ] ; then make ${1+"$@"} sunos$rev "ARCH=`uname -m`" exit $? fi ! make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC" ! exit $? --- 28,139 ---- /bin/rm -f SunOS5/${cpudir}/Makefile.ipsend ln -s `pwd`/SunOS5/Makefile SunOS5/${cpudir}/Makefile ln -s `pwd`/SunOS5/Makefile.ipsend SunOS5/${cpudir}/Makefile.ipsend ! ! # ! # Default C compiler is "cc", override on make commandline ! # ! : ${CC:=cc} ! v=`echo '__GNUC__' | 2>&1 ${CC} -E - | 2>&1 sed -ne '/^[0-9]* *$/p'` ! if [ x$v != x ] ; then ! CC=gcc ! fi ! ! case "$CC" in ! *gcc*) # gcc ! XARCH32="" ! XARCH64="-m64 -mcmodel=medlow" ! ;; ! *) # Sun C ! XARCH32="-Xa -xF -xildoff" ! XARCH64="$XARCH32 -xarch=v9 -xchip=ultra -dalign -xcode=abs32" ! ;; ! esac ! ! export CC ! ! ISABITS=32 ! ! OBJ32=sparcv7 ! ARCHINC32= ! OBJ64=sparcv9 ! ARCHINC64="-I/usr/include/v9" ! ! if [ $solrev -ge 7 ] && /bin/optisa sparcv8plus > /dev/null ! then ! # We run Solaris 7+ on 64 bit capable hardware. ! BUILDBOTH=true ! else ! BUILDBOTH=false ! OBJ32=. ! fi ! ! if $BUILDBOTH ! then ! echo Testing compiler $CC for 64 bit object file generation. ! t=conftest$$.c ! trap 'rm -f $t 32.out 64.out; exit 1' 0 1 2 3 15 ! cat > $t <<-EOF ! #include ! int main(void) ! { ! printf("%ld\n", (long) sizeof(long)); ! } ! EOF ! ! # Is it perhaps a 64 bit only compiler? ! if $CC $XARCH32 $t -o 32.out >/dev/null 2>&1 && ! [ "`./32.out`" = 4 ] ! then :; else ! echo $CC $XARCH32 cannot create 32 bit executables. 1>&2 exit 1 fi + if $CC $XARCH64 $t -o 64.out >/dev/null 2>&1 && + [ "`./64.out`" = 8 ] + then + echo "found 32/64 bit compiler" 1>&2 + CC64=true + else + CC64=false + fi + rm -f $t 32.out 64.out + trap 0 1 2 3 15 fi ! ! # If we're running 64 bit, we *must* build 64 bit. ! if ([ "`isainfo -b`" = 64 ]) 2>/dev/null ; then ! if $CC64 ; then :; else ! echo "No 64 bit capable compiler was found" 1>&2 ! exit 1 fi + ISABITS="32 64" + elif $BUILDBOTH && $CC64 + then + ISABITS="32 64" else ! OBJ32=. fi else cpu=`uname -m` cpudir=${cpu}-`uname -r` fi + + # Default $MAKE to make + : ${MAKE:=make} + if [ $cpu = i386 ] ; then ! $MAKE $MAKEFLAGS ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH32" XARCH="$XARCH32" ARCHINC="$ARCHINC32" BITS=32 OBJ=. exit $? fi if [ x$solrev = x ] ; then make ${1+"$@"} sunos$rev "ARCH=`uname -m`" exit $? fi ! for b in $ISABITS ! do ! echo build $b bit binaries. ! for v in OBJ ARCHINC XARCH ! do ! eval $v=\"\$$v$b\" ! done ! $MAKE $MAKEFLAGS ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC" BITS=$b OBJ=$OBJ || exit $? ! done diff -cr ip_fil3.4.8/fil.c ip_fil3.4.9/fil.c *** ip_fil3.4.8/fil.c Wed Jul 19 23:13:40 2000 --- ip_fil3.4.9/fil.c Thu Jul 27 23:08:18 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.18 2000/07/19 13:13:40 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.19 2000/07/27 13:08:18 darrenr Exp $"; #endif #include *************** *** 820,837 **** fin->fin_qfm = m; fin->fin_qif = qif; # endif - # ifdef USE_INET6 - if (v == 6) { - ATOMIC_INCL(frstats[0].fr_ipv6[out]); - } else - # endif - if (!out && fr_chksrc && !fr_verifysrc(ip->ip_src, ifp)) { - ATOMIC_INCL(frstats[0].fr_badsrc); - # if !SOLARIS - m_freem(m); - # endif - return error; - } #endif /* _KERNEL */ /* --- 820,825 ---- *************** *** 847,854 **** fin->fin_out = out; fin->fin_mp = mp; fr_makefrip(hlen, ip, fin); - pass = fr_pass; if (fin->fin_fi.fi_fl & FI_SHORT) { ATOMIC_INCL(frstats[out].fr_short); } --- 835,861 ---- fin->fin_out = out; fin->fin_mp = mp; fr_makefrip(hlen, ip, fin); + #ifdef _KERNEL + # ifdef USE_INET6 + if (v == 6) { + ATOMIC_INCL(frstats[0].fr_ipv6[out]); + } else + # endif + if (!out && fr_chksrc && !fr_verifysrc(ip->ip_src, ifp)) { + ATOMIC_INCL(frstats[0].fr_badsrc); + if (fr_chksrc == 2) { + fin->fin_group = -2; + pass = FR_INQUE|FR_NOMATCH|FR_LOGB; + (void) IPLLOG(pass, ip, fin, m); + } + # if !SOLARIS + m_freem(m); + # endif + return error; + } + #endif + pass = fr_pass; if (fin->fin_fi.fi_fl & FI_SHORT) { ATOMIC_INCL(frstats[out].fr_short); } *************** *** 1367,1373 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.18 2000/07/19 13:13:40 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 1374,1380 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.35.2.19 2000/07/27 13:08:18 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, *************** *** 1846,1856 **** int err; #if SOLARIS ! copyin(a, &ca, sizeof(ca)); #else bcopy(a, &ca, sizeof(ca)); #endif err = copyin(ca, b, c); return err; } --- 1853,1866 ---- int err; #if SOLARIS ! if (copyin(a, &ca, sizeof(ca))) ! return EFAULT; #else bcopy(a, &ca, sizeof(ca)); #endif err = copyin(ca, b, c); + if (err) + err = EFAULT; return err; } *************** *** 1863,1873 **** int err; #if SOLARIS ! copyin(b, &ca, sizeof(ca)); #else bcopy(b, &ca, sizeof(ca)); #endif err = copyout(a, ca, c); return err; } --- 1873,1886 ---- int err; #if SOLARIS ! if (copyin(b, &ca, sizeof(ca))) ! return EFAULT; #else bcopy(b, &ca, sizeof(ca)); #endif err = copyout(a, ca, c); + if (err) + err = EFAULT; return err; } diff -cr ip_fil3.4.8/fils.c ip_fil3.4.9/fils.c *** ip_fil3.4.8/fils.c Mon May 22 22:47:38 2000 --- ip_fil3.4.9/fils.c Fri Jul 21 00:13:30 2000 *************** *** 65,71 **** #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.4 2000/05/22 12:47:38 darrenr Exp $"; #endif extern char *optarg; --- 65,71 ---- #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.5 2000/07/20 14:13:30 darrenr Exp $"; #endif extern char *optarg; *************** *** 209,214 **** --- 209,215 ---- opts |= OPT_ACCNT|OPT_SHOWLIST; break; case 'A' : + device = IPAUTH_NAME; opts |= OPT_AUTHSTATS; break; case 'C' : *************** *** 297,303 **** bzero((char *)&ipsst, sizeof(ipsst)); bzero((char *)&ifrst, sizeof(ifrst)); ! if (ioctl(fd, SIOCGETFS, &fiop) == -1) { perror("ioctl(ipf:SIOCGETFS)"); exit(-1); } --- 298,304 ---- bzero((char *)&ipsst, sizeof(ipsst)); bzero((char *)&ifrst, sizeof(ifrst)); ! if (!(opts & OPT_AUTHSTATS) && ioctl(fd, SIOCGETFS, &fiop) == -1) { perror("ioctl(ipf:SIOCGETFS)"); exit(-1); } diff -cr ip_fil3.4.8/ip_auth.c ip_fil3.4.9/ip_auth.c *** ip_fil3.4.8/ip_auth.c Sat Jun 17 16:24:31 2000 --- ip_fil3.4.9/ip_auth.c Sun Aug 6 00:48:50 2000 *************** *** 6,12 **** * to the original author and the contributors. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.3 2000/06/17 06:24:31 darrenr Exp $"; #endif #include --- 6,12 ---- * to the original author and the contributors. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.4 2000/08/05 14:48:50 darrenr Exp $"; #endif #include *************** *** 46,52 **** # include # include #endif ! #if (_BSDI_VERSION >= 199802) || (__FreeBSD_Version >= 400000) # include #endif #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(bsdi) --- 46,52 ---- # include # include #endif ! #if (_BSDI_VERSION >= 199802) || (__FreeBSD_version >= 400000) # include #endif #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(bsdi) diff -cr ip_fil3.4.8/ip_fil.c ip_fil3.4.9/ip_fil.c *** ip_fil3.4.8/ip_fil.c Tue Jul 18 23:57:55 2000 --- ip_fil3.4.9/ip_fil.c Sun Aug 6 00:49:08 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.14 2000/07/18 13:57:55 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.15 2000/08/05 14:49:08 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 1139,1146 **** return ENOBUFS; MCLGET(m, M_DONTWAIT); ! if (!m) return ENOBUFS; avail = (m->m_flags & M_EXT) ? MCLBYTES : MHLEN; xtra = MIN(ntohs(oip6->ip6_plen) + sizeof(ip6_t), avail - hlen - sizeof(*icmp) - max_linkhdr); --- 1139,1148 ---- return ENOBUFS; MCLGET(m, M_DONTWAIT); ! if ((m->m_flags & M_EXT) == 0) { ! m_freem(m); return ENOBUFS; + } avail = (m->m_flags & M_EXT) ? MCLBYTES : MHLEN; xtra = MIN(ntohs(oip6->ip6_plen) + sizeof(ip6_t), avail - hlen - sizeof(*icmp) - max_linkhdr); diff -cr ip_fil3.4.8/ip_ftp_pxy.c ip_fil3.4.9/ip_ftp_pxy.c *** ip_fil3.4.8/ip_ftp_pxy.c Wed Jul 19 23:06:13 2000 --- ip_fil3.4.9/ip_ftp_pxy.c Mon Aug 7 22:35:27 2000 *************** *** 2,8 **** * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.12 2000/07/19 13:06:13 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; --- 2,8 ---- * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.7.2.13 2000/08/07 12:35:27 darrenr Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; *************** *** 263,269 **** ip->ip_len = slen; ip->ip_src = swip; } ! return inc; } --- 263,269 ---- ip->ip_len = slen; ip->ip_src = swip; } ! return APR_INC(inc); } *************** *** 703,709 **** t->ftps_seq = ntohl(tcp->th_ack); f->ftps_rptr = rptr; f->ftps_wptr = wptr; ! return inc; } --- 703,709 ---- t->ftps_seq = ntohl(tcp->th_ack); f->ftps_rptr = rptr; f->ftps_wptr = wptr; ! return APR_INC(inc); } diff -cr ip_fil3.4.8/ip_nat.c ip_fil3.4.9/ip_nat.c *** ip_fil3.4.8/ip_nat.c Tue Jul 18 23:57:40 2000 --- ip_fil3.4.9/ip_nat.c Wed Aug 9 02:11:12 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.16 2000/07/18 13:57:40 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.20 2000/08/08 16:01:01 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 126,132 **** u_long fr_defnatage = DEF_NAT_AGE, fr_defnaticmpage = 6; /* 3 seconds */ ! static natstat_t nat_stats; int fr_nat_lock = 0; #if (SOLARIS || defined(__sgi)) && defined(_KERNEL) extern kmutex_t ipf_rw, ipf_hostmap; --- 126,132 ---- u_long fr_defnatage = DEF_NAT_AGE, fr_defnaticmpage = 6; /* 3 seconds */ ! natstat_t nat_stats; int fr_nat_lock = 0; #if (SOLARIS || defined(__sgi)) && defined(_KERNEL) extern kmutex_t ipf_rw, ipf_hostmap; *************** *** 403,410 **** KMALLOC(nt, ipnat_t *); if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) error = IRCOPYPTR(data, (char *)&natd, sizeof(natd)); ! else if (cmd == SIOCIPFFL) /* SIOCFLNAT & SIOCCNATL */ error = IRCOPY(data, (char *)&arg, sizeof(arg)); if (error) goto done; --- 403,413 ---- KMALLOC(nt, ipnat_t *); if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) error = IRCOPYPTR(data, (char *)&natd, sizeof(natd)); ! else if (cmd == SIOCIPFFL) { /* SIOCFLNAT & SIOCCNATL */ error = IRCOPY(data, (char *)&arg, sizeof(arg)); + if (error) + error = EFAULT; + } if (error) goto done; *************** *** 498,504 **** * mapping range. In all cases, the range is inclusive of * the start and ending IP addresses. * If to a CIDR address, lose 2: broadcast + network address ! * (so subtract 1) * If to a range, add one. * If to a single IP address, set to 1. */ --- 501,507 ---- * mapping range. In all cases, the range is inclusive of * the start and ending IP addresses. * If to a CIDR address, lose 2: broadcast + network address ! * (so subtract 1) * If to a range, add one. * If to a single IP address, set to 1. */ *************** *** 641,647 **** sizeof(fr_nat_lock)); if (!error) fr_nat_lock = arg; ! } break; case SIOCSTPUT : if (fr_nat_lock) --- 644,651 ---- sizeof(fr_nat_lock)); if (!error) fr_nat_lock = arg; ! } else ! error = EFAULT; break; case SIOCSTPUT : if (fr_nat_lock) *************** *** 666,671 **** --- 670,677 ---- MUTEX_DOWNGRADE(&ipf_nat); error = IWCOPY((caddr_t)&iplused[IPL_LOGNAT], (caddr_t)data, sizeof(iplused[IPL_LOGNAT])); + if (error) + error = EFAULT; #endif break; default : *************** *** 732,738 **** static int fr_natgetent(data) caddr_t data; { ! nat_save_t ipn, *ipnp, *ipnn; register nat_t *n, *nat; ap_session_t *aps; int error; --- 738,744 ---- static int fr_natgetent(data) caddr_t data; { ! nat_save_t ipn, *ipnp, *ipnn = NULL; register nat_t *n, *nat; ap_session_t *aps; int error; *************** *** 785,817 **** ipn.ipn_dsize += aps->aps_psiz; KMALLOCS(ipnn, nat_save_t *, sizeof(*ipnn) + ipn.ipn_dsize); if (ipnn == NULL) ! return NULL; bcopy((char *)&ipn, (char *)ipnn, sizeof(ipn)); ! bcopy((char *)aps, ipn.ipn_data, sizeof(*aps)); if (aps->aps_data) { ! bcopy(aps->aps_data, ipn.ipn_data + sizeof(*aps), aps->aps_psiz); ! ipn.ipn_dsize += aps->aps_psiz; } error = IWCOPY((caddr_t)ipnn, ipnp, sizeof(ipn) + ipn.ipn_dsize); if (error) ! return EFAULT; KFREES(ipnn, sizeof(*ipnn) + ipn.ipn_dsize); } else { error = IWCOPY((caddr_t)&ipn, ipnp, sizeof(ipn)); if (error) ! return EFAULT; } ! return 0; } static int fr_natputent(data) caddr_t data; { ! nat_save_t ipn, *ipnp, *ipnn; register nat_t *n, *nat; ap_session_t *aps; frentry_t *fr; --- 791,823 ---- ipn.ipn_dsize += aps->aps_psiz; KMALLOCS(ipnn, nat_save_t *, sizeof(*ipnn) + ipn.ipn_dsize); if (ipnn == NULL) ! return ENOMEM; bcopy((char *)&ipn, (char *)ipnn, sizeof(ipn)); ! bcopy((char *)aps, ipnn->ipn_data, sizeof(*aps)); if (aps->aps_data) { ! bcopy(aps->aps_data, ipnn->ipn_data + sizeof(*aps), aps->aps_psiz); ! ipnn->ipn_dsize += aps->aps_psiz; } error = IWCOPY((caddr_t)ipnn, ipnp, sizeof(ipn) + ipn.ipn_dsize); if (error) ! error = EFAULT; KFREES(ipnn, sizeof(*ipnn) + ipn.ipn_dsize); } else { error = IWCOPY((caddr_t)&ipn, ipnp, sizeof(ipn)); if (error) ! error = EFAULT; } ! return error; } static int fr_natputent(data) caddr_t data; { ! nat_save_t ipn, *ipnp, *ipnn = NULL; register nat_t *n, *nat; ap_session_t *aps; frentry_t *fr; *************** *** 825,830 **** --- 831,837 ---- error = IRCOPY((caddr_t)ipnp, (caddr_t)&ipn, sizeof(ipn)); if (error) return EFAULT; + nat = NULL; if (ipn.ipn_dsize) { KMALLOCS(ipnn, nat_save_t *, sizeof(ipn) + ipn.ipn_dsize); if (ipnn == NULL) *************** *** 832,845 **** bcopy((char *)&ipn, (char *)ipnn, sizeof(ipn)); error = IRCOPY((caddr_t)ipnp, (caddr_t)ipn.ipn_data, ipn.ipn_dsize); ! if (error) ! return EFAULT; } else ipnn = NULL; KMALLOC(nat, nat_t *); ! if (nat == NULL) ! return ENOMEM; bcopy((char *)&ipn.ipn_nat, (char *)nat, sizeof(*nat)); /* --- 839,856 ---- bcopy((char *)&ipn, (char *)ipnn, sizeof(ipn)); error = IRCOPY((caddr_t)ipnp, (caddr_t)ipn.ipn_data, ipn.ipn_dsize); ! if (error) { ! error = EFAULT; ! goto junkput; ! } } else ipnn = NULL; KMALLOC(nat, nat_t *); ! if (nat == NULL) { ! error = EFAULT; ! goto junkput; ! } bcopy((char *)&ipn.ipn_nat, (char *)nat, sizeof(*nat)); /* *************** *** 1458,1464 **** icmphdr_t *icmp; tcphdr_t *tcp = NULL; ip_t *oip; ! int flags = 0, type; icmp = (icmphdr_t *)fin->fin_dp; /* --- 1469,1475 ---- icmphdr_t *icmp; tcphdr_t *tcp = NULL; ip_t *oip; ! int flags = 0, type, minlen; icmp = (icmphdr_t *)fin->fin_dp; /* *************** *** 1478,1490 **** return NULL; oip = (ip_t *)((char *)fin->fin_dp + 8); ! if (ip->ip_len < ICMPERR_MAXPKTLEN + ((oip->ip_hl - 5) << 2)) return NULL; if (oip->ip_p == IPPROTO_TCP) flags = IPN_TCP; else if (oip->ip_p == IPPROTO_UDP) flags = IPN_UDP; if (flags & IPN_TCPUDP) { tcp = (tcphdr_t *)((char *)oip + (oip->ip_hl << 2)); if (dir == NAT_INBOUND) return nat_inlookup(fin->fin_ifp, flags, --- 1489,1531 ---- return NULL; oip = (ip_t *)((char *)fin->fin_dp + 8); ! minlen = (oip->ip_hl << 2); ! if (ip->ip_len < ICMPERR_MINPKTLEN + minlen) ! return NULL; ! /* ! * Is the buffer big enough for all of it ? It's the size of the IP ! * header claimed in the encapsulated part which is of concern. It ! * may be too big to be in this buffer but not so big that it's ! * outside the ICMP packet, leading to TCP deref's causing problems. ! * This is possible because we don't know how big oip_hl is when we ! * do the pullup early in fr_check() and thus can't gaurantee it is ! * all here now. ! */ ! #ifdef _KERNEL ! { ! mb_t *m; ! ! # if SOLARIS ! m = fin->fin_qfm; ! if ((char *)oip + fin->fin_dlen - ICMPERR_ICMPHLEN > (char *)m->b_wptr) ! return NULL; ! # else ! m = *(mb_t **)fin->fin_mp; ! if ((char *)oip + fin->fin_dlen - ICMPERR_ICMPHLEN > ! (char *)ip + m->m_len) return NULL; + # endif + } + #endif + if (oip->ip_p == IPPROTO_TCP) flags = IPN_TCP; else if (oip->ip_p == IPPROTO_UDP) flags = IPN_UDP; if (flags & IPN_TCPUDP) { + minlen += 8; /* + 64bits of data to get ports */ + if (ip->ip_len < ICMPERR_MINPKTLEN + minlen) + return NULL; tcp = (tcphdr_t *)((char *)oip + (oip->ip_hl << 2)); if (dir == NAT_INBOUND) return nat_inlookup(fin->fin_ifp, flags, *************** *** 1576,1582 **** if ((flags & IPN_TCPUDP) != 0) { tcphdr_t *tcp; ! /* XXX - what if this is bogus hl and we go off the end ? */ tcp = (tcphdr_t *)((((char *)oip) + (oip->ip_hl << 2))); if (nat->nat_dir == NAT_OUTBOUND) { --- 1617,1626 ---- if ((flags & IPN_TCPUDP) != 0) { tcphdr_t *tcp; ! /* ! * XXX - what if this is bogus hl and we go off the end ? ! * In this case, nat_icmpinlookup() will have returned NULL. ! */ tcp = (tcphdr_t *)((((char *)oip) + (oip->ip_hl << 2))); if (nat->nat_dir == NAT_OUTBOUND) { diff -cr ip_fil3.4.8/ip_sfil.c ip_fil3.4.9/ip_sfil.c *** ip_fil3.4.8/ip_sfil.c Sat Jul 8 12:20:14 2000 --- ip_fil3.4.9/ip_sfil.c Mon Aug 7 22:36:19 2000 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.3 2000/07/08 02:20:14 darrenr Exp $"; #endif #include --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.6 2000/08/07 12:36:19 darrenr Exp $"; #endif #include *************** *** 50,55 **** --- 50,56 ---- #include "ip_nat.h" #include "ip_frag.h" #include "ip_auth.h" + #include "ip_proxy.h" #include #ifndef MIN #define MIN(a,b) (((a)<(b))?(a):(b)) *************** *** 64,69 **** --- 65,71 ---- static int frzerostats __P((caddr_t)); static int frrequest __P((minor_t, int, caddr_t, int)); + static int send_ip __P((fr_info_t *fin, mblk_t *m)); kmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_hostmap; KRWLOCK_T ipf_mutex, ipfs_mutex, ipf_solaris; KRWLOCK_T ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; *************** *** 148,154 **** fr_getstat(&fio); error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); if (error) ! return EFAULT; bzero((char *)frstats, sizeof(*frstats) * 2); --- 150,156 ---- fr_getstat(&fio); error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); if (error) ! return error; bzero((char *)frstats, sizeof(*frstats) * 2); *************** *** 227,232 **** --- 229,236 ---- case SIOCGETFF : error = IWCOPY((caddr_t)&fr_flags, (caddr_t)data, sizeof(fr_flags)); + if (error) + error = EFAULT; break; case SIOCINAFR : case SIOCRMAFR : *************** *** 254,259 **** --- 258,265 ---- bzero((char *)frcache, sizeof(frcache[0]) * 2); error = IWCOPY((caddr_t)&fr_active, (caddr_t)data, sizeof(fr_active)); + if (error) + error = EFAULT; fr_active = 1 - fr_active; RWLOCK_EXIT(&ipf_mutex); } *************** *** 286,291 **** --- 292,299 ---- tmp = frflush(unit, tmp); error = IWCOPY((caddr_t)&tmp, (caddr_t)data, sizeof(tmp)); + if (error) + error = EFAULT; } } break; *************** *** 307,312 **** --- 315,322 ---- tmp = ipflog_clear(unit); error = IWCOPY((caddr_t)&tmp, (caddr_t)data, sizeof(tmp)); + if (error) + error = EFAULT; } break; #endif /* IPFILTER_LOG */ *************** *** 319,326 **** case SIOCGFRST : error = IWCOPYPTR((caddr_t)ipfr_fragstats(), (caddr_t)data, sizeof(ipfrstat_t)); - if (error) - error = EFAULT; break; case FIONREAD : { --- 329,334 ---- *************** *** 328,333 **** --- 336,343 ---- int copy = (int)iplused[IPL_LOGIPF]; error = IWCOPY((caddr_t)©, (caddr_t)data, sizeof(copy)); + if (error) + error = EFAULT; #endif break; } *************** *** 533,542 **** } MUTEX_DOWNGRADE(&ipf_mutex); error = IWCOPYPTR((caddr_t)f, data, sizeof(*f)); ! if (error) { ! error = EFAULT; goto out; - } f->fr_hits = 0; f->fr_bytes = 0; goto out; --- 543,550 ---- } MUTEX_DOWNGRADE(&ipf_mutex); error = IWCOPYPTR((caddr_t)f, data, sizeof(*f)); ! if (error) goto out; f->fr_hits = 0; f->fr_bytes = 0; goto out; *************** *** 741,747 **** } ! int send_ip(fin, m) fr_info_t *fin; mblk_t *m; { --- 749,755 ---- } ! int static send_ip(fin, m) fr_info_t *fin; mblk_t *m; { *************** *** 749,754 **** --- 757,763 ---- RWLOCK_EXIT(&ipf_solaris); #ifdef USE_INET6 if (fin->fin_v == 6) { + extern void ip_wput_v6 __P((queue_t *, mblk_t *)); ip6_t *ip6; ip6 = (ip6_t *)m->b_rptr; diff -cr ip_fil3.4.8/ip_state.c ip_fil3.4.9/ip_state.c *** ip_fil3.4.8/ip_state.c Mon Jun 19 12:38:37 2000 --- ip_fil3.4.9/ip_state.c Wed Aug 9 02:11:12 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.12 2000/06/19 02:38:37 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.17 2000/08/08 16:01:03 darrenr Exp $"; #endif #include *************** *** 180,186 **** * flush state tables. two actions currently defined: * which == 0 : flush all state table entries * which == 1 : flush TCP connections which have started to close but are ! * stuck for some reason. */ static int fr_state_flush(which) int which; --- 180,186 ---- * flush state tables. two actions currently defined: * which == 0 : flush all state table entries * which == 1 : flush TCP connections which have started to close but are ! * stuck for some reason. */ static int fr_state_flush(which) int which; *************** *** 371,378 **** sizeof(ips.ips_fr)); error = IWCOPY((caddr_t)&ips, ipsp, sizeof(ips)); if (error) ! return EFAULT; ! return 0; } --- 371,378 ---- sizeof(ips.ips_fr)); error = IWCOPY((caddr_t)&ips, ipsp, sizeof(ips)); if (error) ! error = EFAULT; ! return error; } *************** *** 477,482 **** --- 477,483 ---- is->is_phnext = ips_table + hv; is->is_hnext = ips_table[hv]; ips_table[hv] = is; + ips_num++; } *************** *** 557,563 **** case ND_NEIGHBOR_SOLICIT : is->is_icmp.ics_type = ic->icmp_type + 1; break; - break; #endif case ICMP_ECHO : case ICMP_TSTAMP : --- 558,563 ---- *************** *** 669,679 **** if (pass & FR_LOGFIRST) is->is_pass &= ~(FR_LOGFIRST|FR_LOG); fr_stinsert(is); - ips_num++; if (is->is_p == IPPROTO_TCP) { MUTEX_ENTER(&is->is_lock); fr_tcp_age(&is->is_age, is->is_state, fin, ! tcp->th_sport == is->is_sport); MUTEX_EXIT(&is->is_lock); } #ifdef IPFILTER_LOG --- 669,678 ---- if (pass & FR_LOGFIRST) is->is_pass &= ~(FR_LOGFIRST|FR_LOG); fr_stinsert(is); if (is->is_p == IPPROTO_TCP) { MUTEX_ENTER(&is->is_lock); fr_tcp_age(&is->is_age, is->is_state, fin, ! 0); /* 0 = packet from the source */ MUTEX_EXIT(&is->is_lock); } #ifdef IPFILTER_LOG *************** *** 785,791 **** * Nearing end of connection, start timeout. */ MUTEX_ENTER(&is->is_lock); ! fr_tcp_age(&is->is_age, is->is_state, fin, source); MUTEX_EXIT(&is->is_lock); ret = 1; } --- 784,791 ---- * Nearing end of connection, start timeout. */ MUTEX_ENTER(&is->is_lock); ! /* source ? 0 : 1 -> !source */ ! fr_tcp_age(&is->is_age, is->is_state, fin, !source); MUTEX_EXIT(&is->is_lock); ret = 1; } *************** *** 970,981 **** union i6addr dst, src; struct icmp *ic; u_short savelen; fr_info_t ofin; tcphdr_t *tcp; - icmphdr_t *icmp; frentry_t *fr; ip_t *oip; - int type; u_int hv; /* --- 970,981 ---- union i6addr dst, src; struct icmp *ic; u_short savelen; + icmphdr_t *icmp; fr_info_t ofin; + int type, len; tcphdr_t *tcp; frentry_t *fr; ip_t *oip; u_int hv; /* *************** *** 1000,1005 **** --- 1000,1045 ---- if (fin->fin_plen < ICMPERR_MAXPKTLEN + ((oip->ip_hl - 5) << 2)) return NULL; + /* + * Sanity checks. + */ + len = fin->fin_dlen - ICMPERR_ICMPHLEN; + if ((len <= 0) || ((oip->ip_hl << 2) > len)) + return NULL; + + /* + * Is the buffer big enough for all of it ? It's the size of the IP + * header claimed in the encapsulated part which is of concern. It + * may be too big to be in this buffer but not so big that it's + * outside the ICMP packet, leading to TCP deref's causing problems. + * This is possible because we don't know how big oip_hl is when we + * do the pullup early in fr_check() and thus can't gaurantee it is + * all here now. + */ + #ifdef _KERNEL + { + mb_t *m; + + # if SOLARIS + m = fin->fin_qfm; + if ((char *)oip + len > (char *)m->b_wptr) + return NULL; + # else + m = *(mb_t **)fin->fin_mp; + if ((char *)oip + len > (char *)ip + m->m_len) + return NULL; + # endif + } + #endif + + /* + * in the IPv4 case we must zero the i6addr union otherwise + * the IP6EQ and IP6NEQ macros produce the wrong results because + * of the 'junk' in the unused part of the union + */ + bzero(&src, sizeof(src)); + bzero(&dst, sizeof(dst)); + if (oip->ip_p == IPPROTO_ICMP) { icmp = (icmphdr_t *)((char *)oip + (oip->ip_hl << 2)); *************** *** 1028,1036 **** hv += icmp->icmp_seq; hv %= fr_statesize; ! oip->ip_len = ntohs(oip->ip_len); fr_makefrip(oip->ip_hl << 2, oip, &ofin); ! oip->ip_len = htons(oip->ip_len); ofin.fin_ifp = fin->fin_ifp; ofin.fin_out = !fin->fin_out; ofin.fin_mp = NULL; /* if dereferenced, panic XXX */ --- 1068,1078 ---- hv += icmp->icmp_seq; hv %= fr_statesize; ! savelen = oip->ip_len; ! oip->ip_len = len; ! ofin.fin_v = 4; fr_makefrip(oip->ip_hl << 2, oip, &ofin); ! oip->ip_len = savelen; ofin.fin_ifp = fin->fin_ifp; ofin.fin_out = !fin->fin_out; ofin.fin_mp = NULL; /* if dereferenced, panic XXX */ *************** *** 1077,1083 **** * order. Any change we make must be undone afterwards. */ savelen = oip->ip_len; ! oip->ip_len = ip->ip_len - (ip->ip_hl << 2) - ICMPERR_ICMPHLEN; fr_makefrip(oip->ip_hl << 2, oip, &ofin); oip->ip_len = savelen; ofin.fin_ifp = fin->fin_ifp; --- 1119,1126 ---- * order. Any change we make must be undone afterwards. */ savelen = oip->ip_len; ! oip->ip_len = len; ! ofin.fin_v = 4; fr_makefrip(oip->ip_hl << 2, oip, &ofin); oip->ip_len = savelen; ofin.fin_ifp = fin->fin_ifp; *************** *** 1198,1204 **** --- 1241,1255 ---- case IPPROTO_TCP : { register u_short dport = tcp->th_dport, sport = tcp->th_sport; + register int i; + i = tcp->th_flags; + /* + * Just plain ignore RST flag set with either FIN or SYN. + */ + if ((i & TH_RST) && + ((i & (TH_FIN|TH_SYN|TH_RST)) != TH_RST)) + break; tryagain = 0; retry_tcp: hvm = hv % fr_statesize; *************** *** 1384,1389 **** --- 1435,1461 ---- /* * Original idea freom Pradeep Krishnan for use primarily with NAT code. * (pkrishna@netcom.com) + * + * Rewritten by Arjan de Vet , 2000-07-29: + * + * - (try to) base state transitions on real evidence only, + * i.e. packets that are sent and have been received by ipfilter; + * diagram 18.12 of TCP/IP volume 1 by W. Richard Stevens was used. + * + * - deal with half-closed connections correctly; + * + * - store the state of the source in state[0] such that ipfstat + * displays the state as source/dest instead of dest/source; the calls + * to fr_tcp_age have been changed accordingly. + * + * Parameters: + * + * state[0] = state of source (host that initiated connection) + * state[1] = state of dest (host that accepted the connection) + * + * dir == 0 : a packet from source to dest + * dir == 1 : a packet from dest to source + * */ void fr_tcp_age(age, state, fin, dir) u_long *age; *************** *** 1410,1476 **** return; } ! *age = fr_tcptimeout; /* 1 min */ switch(state[dir]) { ! case TCPS_CLOSED: if ((flags & (TH_FIN|TH_SYN|TH_RST|TH_ACK)) == TH_ACK) { state[dir] = TCPS_ESTABLISHED; *age = fr_tcpidletimeout; } ! case TCPS_FIN_WAIT_2: ! if ((flags & TH_OPENING) == TH_OPENING) state[dir] = TCPS_SYN_RECEIVED; ! else if (flags & TH_SYN) ! state[dir] = TCPS_SYN_SENT; break; ! case TCPS_SYN_RECEIVED: ! case TCPS_SYN_SENT: ! if ((flags & (TH_FIN|TH_ACK)) == TH_ACK) { state[dir] = TCPS_ESTABLISHED; *age = fr_tcpidletimeout; ! } else if ((flags & (TH_FIN|TH_ACK)) == (TH_FIN|TH_ACK)) { ! state[dir] = TCPS_CLOSE_WAIT; ! if (!(flags & TH_PUSH) && !dlen && ! ostate > TCPS_ESTABLISHED) ! *age = fr_tcplastack; ! else ! *age = fr_tcpclosewait; } break; ! case TCPS_ESTABLISHED: if (flags & TH_FIN) { ! state[dir] = TCPS_CLOSE_WAIT; ! if (!(flags & TH_PUSH) && !dlen && ! ostate > TCPS_ESTABLISHED) ! *age = fr_tcplastack; ! else ! *age = fr_tcpclosewait; ! } else { ! if (ostate < TCPS_CLOSE_WAIT) *age = fr_tcpidletimeout; } break; ! case TCPS_CLOSE_WAIT: ! if ((flags & TH_FIN) && !(flags & TH_PUSH) && !dlen && ! ostate > TCPS_ESTABLISHED) { *age = fr_tcplastack; state[dir] = TCPS_LAST_ACK; } else ! *age = fr_tcpclosewait; break; ! case TCPS_LAST_ACK: if (flags & TH_ACK) { ! state[dir] = TCPS_FIN_WAIT_2; ! if (!(flags & TH_PUSH) && !dlen && ! ostate > TCPS_ESTABLISHED) *age = fr_tcplastack; - else { - *age = fr_tcpclosewait; - state[dir] = TCPS_CLOSE_WAIT; - } } break; } } --- 1482,1673 ---- return; } ! *age = fr_tcptimeout; /* default 4 mins */ switch(state[dir]) { ! case TCPS_CLOSED: /* 0 */ ! if ((flags & TH_OPENING) == TH_OPENING) { ! /* ! * 'dir' received an S and sends SA in response, ! * CLOSED -> SYN_RECEIVED ! */ ! state[dir] = TCPS_SYN_RECEIVED; ! *age = fr_tcptimeout; ! } else if ((flags & (TH_SYN|TH_ACK)) == TH_SYN) { ! /* 'dir' sent S, CLOSED -> SYN_SENT */ ! state[dir] = TCPS_SYN_SENT; ! *age = fr_tcptimeout; ! } ! /* ! * The next piece of code makes it possible to get ! * already established connections into the state table ! * after a restart or reload of the filter rules; this ! * does not work when a strict 'flags S keep state' is ! * used for tcp connections of course ! */ if ((flags & (TH_FIN|TH_SYN|TH_RST|TH_ACK)) == TH_ACK) { + /* we saw an A, guess 'dir' is in ESTABLISHED mode */ state[dir] = TCPS_ESTABLISHED; *age = fr_tcpidletimeout; } ! /* ! * TODO: besides regular ACK packets we can have other ! * packets as well; it is yet to be determined how we ! * should initialize the states in those cases ! */ ! break; ! ! case TCPS_LISTEN: /* 1 */ ! /* NOT USED */ ! break; ! ! case TCPS_SYN_SENT: /* 2 */ ! if ((flags & (TH_SYN|TH_FIN|TH_ACK)) == TH_ACK) { ! /* ! * We see an A from 'dir' which is in SYN_SENT ! * state: 'dir' sent an A in response to an SA ! * which it received, SYN_SENT -> ESTABLISHED ! */ ! state[dir] = TCPS_ESTABLISHED; ! *age = fr_tcpidletimeout; ! } else if (flags & TH_FIN) { ! /* ! * We see an F from 'dir' which is in SYN_SENT ! * state and wants to close its side of the ! * connection; SYN_SENT -> FIN_WAIT_1 ! */ ! state[dir] = TCPS_FIN_WAIT_1; ! *age = fr_tcpidletimeout; /* or fr_tcptimeout? */ ! } else if ((flags & TH_OPENING) == TH_OPENING) { ! /* ! * We see an SA from 'dir' which is already in ! * SYN_SENT state, this means we have a ! * simultaneous open; SYN_SENT -> SYN_RECEIVED ! */ state[dir] = TCPS_SYN_RECEIVED; ! *age = fr_tcptimeout; ! } break; ! ! case TCPS_SYN_RECEIVED: /* 3 */ ! if ((flags & (TH_SYN|TH_FIN|TH_ACK)) == TH_ACK) { ! /* ! * We see an A from 'dir' which was in SYN_RECEIVED ! * state so it must now be in established state, ! * SYN_RECEIVED -> ESTABLISHED ! */ state[dir] = TCPS_ESTABLISHED; *age = fr_tcpidletimeout; ! } else if (flags & TH_FIN) { ! /* ! * We see an F from 'dir' which is in SYN_RECEIVED ! * state and wants to close its side of the connection; ! * SYN_RECEIVED -> FIN_WAIT_1 ! */ ! state[dir] = TCPS_FIN_WAIT_1; ! *age = fr_tcpidletimeout; /* or fr_tcptimeout? */ } break; ! ! case TCPS_ESTABLISHED: /* 4 */ if (flags & TH_FIN) { ! /* ! * 'dir' closed its side of the connection; this ! * gives us a half-closed connection; ! * ESTABLISHED -> FIN_WAIT_1 ! */ ! state[dir] = TCPS_FIN_WAIT_1; ! *age = fr_tcpidletimeout; ! } else if (flags & TH_ACK) { ! /* an ACK, should we exclude other flags here? */ ! if (ostate == TCPS_FIN_WAIT_1) { ! /* ! * We know the other side did an active close, ! * so we are ACKing the recvd FIN packet (does ! * the window matching code guarantee this?) ! * and go into CLOSE_WAIT state; this gives us ! * a half-closed connection ! */ ! state[dir] = TCPS_CLOSE_WAIT; ! *age = fr_tcpidletimeout; ! } else if (ostate < TCPS_CLOSE_WAIT) ! /* ! * Still a fully established connection, ! * reset timeout ! */ *age = fr_tcpidletimeout; } break; ! ! case TCPS_CLOSE_WAIT: /* 5 */ ! if (flags & TH_FIN) { ! /* ! * Application closed and 'dir' sent a FIN, we're now ! * going into LAST_ACK state ! */ *age = fr_tcplastack; state[dir] = TCPS_LAST_ACK; + } else { + /* + * We remain in CLOSE_WAIT because the other side has + * closed already and we did not close our side yet; + * reset timeout + */ + *age = fr_tcpidletimeout; + } + break; + + case TCPS_FIN_WAIT_1: /* 6 */ + if ((flags & TH_ACK) && ostate > TCPS_CLOSE_WAIT) { + /* + * If the other side is not active anymore it has sent + * us a FIN packet that we are ack'ing now with an ACK; + * this means both sides have now closed the connection + * and we go into TIME_WAIT + */ + /* + * XXX: how do we know we really are ACKing the FIN + * packet here? does the window code guarantee that? + */ + state[dir] = TCPS_TIME_WAIT; + *age = fr_tcptimeout; } else ! /* ! * We closed our side of the connection already but the ! * other side is still active (ESTABLISHED/CLOSE_WAIT); ! * continue with this half-closed connection ! */ ! *age = fr_tcpidletimeout; ! break; ! ! case TCPS_CLOSING: /* 7 */ ! /* NOT USED */ break; ! ! case TCPS_LAST_ACK: /* 8 */ if (flags & TH_ACK) { ! if ((flags & TH_PUSH) || dlen) ! /* ! * There is still data to be delivered, reset ! * timeout ! */ *age = fr_tcplastack; } + /* + * We cannot detect when we go out of LAST_ACK state to CLOSED + * because that is based on the reception of ACK packets; + * ipfilter can only detect that a packet has been sent by a + * host + */ + break; + + case TCPS_FIN_WAIT_2: /* 9 */ + /* NOT USED */ + break; + + case TCPS_TIME_WAIT: /* 10 */ + /* we're in 2MSL timeout now */ break; } } *************** *** 1579,1584 **** --- 1776,1782 ---- hv %= fr_statesize; oip->ip6_plen = ntohs(oip->ip6_plen); + ofin.fin_v = 6; fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin); oip->ip6_plen = htons(oip->ip6_plen); ofin.fin_ifp = fin->fin_ifp; diff -cr ip_fil3.4.8/ipf.c ip_fil3.4.9/ipf.c *** ip_fil3.4.8/ipf.c Sat Jul 8 12:19:46 2000 --- ip_fil3.4.9/ipf.c Tue Aug 8 00:54:05 2000 *************** *** 43,49 **** #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.1 2000/07/08 02:19:46 darrenr Exp $"; #endif #if SOLARIS --- 43,49 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.3 2000/08/07 14:54:05 darrenr Exp $"; #endif #if SOLARIS *************** *** 558,570 **** struct friostat *fiop=&fio; u_32_t flags; char *s; printf("ipf: %s (%d)\n", IPL_VERSION, (int)sizeof(frentry_t)); ! if (opendevice(ipfname) != -2 && ioctl(fd, SIOCGETFS, &fiop)) { perror("ioctl(SIOCGETFS"); return; } flags = get_flags(); printf("Kernel: %-*.*s\n", (int)sizeof(fio.f_version), --- 558,578 ---- struct friostat *fiop=&fio; u_32_t flags; char *s; + int vfd; printf("ipf: %s (%d)\n", IPL_VERSION, (int)sizeof(frentry_t)); ! if ((vfd = open(ipfname, O_RDONLY)) == -1) { ! perror("open device"); ! return; ! } ! ! if (ioctl(vfd, SIOCGETFS, &fiop)) { perror("ioctl(SIOCGETFS"); + close(vfd); return; } + close(vfd); flags = get_flags(); printf("Kernel: %-*.*s\n", (int)sizeof(fio.f_version), diff -cr ip_fil3.4.8/ipl.h ip_fil3.4.9/ipl.h *** ip_fil3.4.8/ipl.h Wed Jul 19 23:40:04 2000 --- ip_fil3.4.9/ipl.h Tue Aug 8 01:10:09 2000 *************** *** 6,17 **** * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.9 2000/07/19 13:40:04 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.8" #endif --- 6,17 ---- * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.15.2.10 2000/08/07 15:10:09 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.4.9" #endif diff -cr ip_fil3.4.8/iplang/iplang_y.y ip_fil3.4.9/iplang/iplang_y.y *** ip_fil3.4.8/iplang/iplang_y.y Sat Dec 4 14:37:04 1999 --- ip_fil3.4.9/iplang/iplang_y.y Sun Aug 6 00:43:39 2000 *************** *** 6,12 **** * provided that this notice is preserved and due credit is given * to the original author and the contributors. * ! * $Id: iplang_y.y,v 2.2 1999/12/04 03:37:04 darrenr Exp $ */ #include --- 6,12 ---- * provided that this notice is preserved and due credit is given * to the original author and the contributors. * ! * $Id: iplang_y.y,v 2.2.2.1 2000/08/05 14:43:39 darrenr Exp $ */ #include *************** *** 48,54 **** #include "ipf.h" #include "iplang.h" ! #ifndef __NetBSD__ extern struct ether_addr *ether_aton __P((char *)); #endif --- 48,55 ---- #include "ipf.h" #include "iplang.h" ! #if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \ ! __FreeBSD_version < 400020) extern struct ether_addr *ether_aton __P((char *)); #endif diff -cr ip_fil3.4.8/ipmon.c ip_fil3.4.9/ipmon.c *** ip_fil3.4.8/ipmon.c Sun Jul 16 00:50:06 2000 --- ip_fil3.4.9/ipmon.c Mon Aug 7 22:32:22 2000 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.2 2000/07/15 14:50:06 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.12.2.4 2000/08/07 12:32:22 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 336,342 **** t += 2; if (!((j + 1) & 0xf)) { s -= 15; ! sprintf((char *)t, " "); t += 8; for (k = 16; k; k--, s++) *t++ = (isprint(*s) ? *s : '.'); --- 336,342 ---- t += 2; if (!((j + 1) & 0xf)) { s -= 15; ! sprintf((char *)t, " "); t += 8; for (k = 16; k; k--, s++) *t++ = (isprint(*s) ? *s : '.'); *************** *** 581,586 **** --- 581,587 ---- { tcphdr_t *tp; struct icmp *ic; + struct icmp *icmp; struct tm *tm; char *t, *proto; int i, v, lvl, res, len, off, plen, ipoff; *************** *** 742,760 **** ic->icmp_type == ICMP_REDIRECT || ic->icmp_type == ICMP_TIMXCEED) { ipc = &ic->icmp_ip; ! tp = (tcphdr_t *)((char *)ipc + hl); ! proto = getproto(ipc->ip_p); ! t += strlen(t); ! (void) sprintf(t, " for %s,%s -", ! HOSTNAME_V4(res, ipc->ip_src), ! portname(res, proto, (u_int)tp->th_sport)); ! t += strlen(t); ! (void) sprintf(t, " %s,%s PR %s len %hu %hu", ! HOSTNAME_V4(res, ipc->ip_dst), ! portname(res, proto, (u_int)tp->th_dport), ! proto, ipc->ip_hl << 2, ipc->ip_len); } } else { (void) sprintf(t, "%s -> ", hostname(res, v, s)); --- 743,798 ---- ic->icmp_type == ICMP_REDIRECT || ic->icmp_type == ICMP_TIMXCEED) { ipc = &ic->icmp_ip; ! i = ntohs(ipc->ip_len); ! ipoff = ntohs(ipc->ip_off); proto = getproto(ipc->ip_p); ! if (!(ipoff & IP_OFFMASK) && ! ((ipc->ip_p == IPPROTO_TCP) || ! (ipc->ip_p == IPPROTO_UDP))) { ! tp = (tcphdr_t *)((char *)ipc + hl); ! t += strlen(t); ! (void) sprintf(t, " for %s,%s -", ! HOSTNAME_V4(res, ipc->ip_src), ! portname(res, proto, ! (u_int)tp->th_sport)); ! t += strlen(t); ! (void) sprintf(t, " %s,%s PR %s len %hu %hu", ! HOSTNAME_V4(res, ipc->ip_dst), ! portname(res, proto, ! (u_int)tp->th_dport), ! proto, ipc->ip_hl << 2, i); ! } else if (!(ipoff & IP_OFFMASK) && ! (ipc->ip_p == IPPROTO_ICMP)) { ! icmp = (icmphdr_t *)((char *)ipc + hl); ! ! t += strlen(t); ! (void) sprintf(t, " for %s -", ! HOSTNAME_V4(res, ipc->ip_src)); ! t += strlen(t); ! (void) sprintf(t, ! " %s PR icmp len %hu %hu icmp %d/%d", ! HOSTNAME_V4(res, ipc->ip_dst), ! ipc->ip_hl << 2, i, ! icmp->icmp_type, icmp->icmp_code); ! ! } else { ! t += strlen(t); ! (void) sprintf(t, " for %s -", ! HOSTNAME_V4(res, ipc->ip_src)); ! t += strlen(t); ! (void) sprintf(t, " %s PR %s len %hu (%hu)", ! HOSTNAME_V4(res, ipc->ip_dst), proto, ! ipc->ip_hl << 2, i); ! t += strlen(t); ! if (ipoff & IP_OFFMASK) { ! (void) sprintf(t, " frag %s%s%hu@%hu", ! ipoff & IP_MF ? "+" : "", ! ipoff & IP_DF ? "-" : "", ! i - (ipc->ip_hl<<2), ! (ipoff & IP_OFFMASK) << 3); ! } ! } } } else { (void) sprintf(t, "%s -> ", hostname(res, v, s)); diff -cr ip_fil3.4.8/ipnat.c ip_fil3.4.9/ipnat.c *** ip_fil3.4.8/ipnat.c Mon May 15 16:54:18 2000 --- ip_fil3.4.9/ipnat.c Thu Jul 27 23:07:13 2000 *************** *** 57,63 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.2 2000/05/15 06:54:18 darrenr Exp $"; #endif --- 57,63 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.3 2000/07/27 13:07:13 darrenr Exp $"; #endif *************** *** 111,117 **** char *argv[]; { char *file = NULL; ! int fd = -1, opts = 0, c; while ((c = getopt(argc, argv, "CdFf:hlnrsv")) != -1) switch (c) --- 111,117 ---- char *argv[]; { char *file = NULL; ! int fd = -1, opts = 0, c, mode = O_RDWR; while ((c = getopt(argc, argv, "CdFf:hlnrsv")) != -1) switch (c) *************** *** 133,147 **** --- 133,150 ---- break; case 'l' : opts |= OPT_LIST; + mode = O_RDONLY; break; case 'n' : opts |= OPT_NODO; + mode = O_RDONLY; break; case 'r' : opts |= OPT_REMOVE; break; case 's' : opts |= OPT_STAT; + mode = O_RDONLY; break; case 'v' : opts |= OPT_VERBOSE; *************** *** 153,159 **** gethostname(thishost, sizeof(thishost)); thishost[sizeof(thishost) - 1] = '\0'; ! if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, O_RDWR)) == -1) && ((fd = open(IPL_NAT, O_RDONLY)) == -1)) { (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT, STRERROR(errno)); --- 156,162 ---- gethostname(thishost, sizeof(thishost)); thishost[sizeof(thishost) - 1] = '\0'; ! if (!(opts & OPT_NODO) && ((fd = open(IPL_NAT, mode)) == -1) && ((fd = open(IPL_NAT, O_RDONLY)) == -1)) { (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT, STRERROR(errno)); diff -cr ip_fil3.4.8/ipsend/ipsend.1 ip_fil3.4.9/ipsend/ipsend.1 *** ip_fil3.4.8/ipsend/ipsend.1 Sun Aug 1 20:57:25 1999 --- ip_fil3.4.9/ipsend/ipsend.1 Thu Jul 27 23:04:05 2000 *************** *** 96,102 **** .B \-U Set the protocol to UDP. .TP ! .BR \-d enable verbose mode. .DT .SH SEE ALSO --- 96,102 ---- .B \-U Set the protocol to UDP. .TP ! .BR \-v enable verbose mode. .DT .SH SEE ALSO diff -cr ip_fil3.4.8/ipsend/ipsend.5 ip_fil3.4.9/ipsend/ipsend.5 *** ip_fil3.4.8/ipsend/ipsend.5 Sun Aug 1 20:57:25 1999 --- ip_fil3.4.9/ipsend/ipsend.5 Fri Jul 21 00:15:34 2000 *************** *** 323,329 **** .SH "ICMP TYPES" .TP .B echorep ! Eecho Reply. .TP .B "unreach [ unreachable-code ]" Generic Unreachable error. This is used to indicate that an error has --- 323,329 ---- .SH "ICMP TYPES" .TP .B echorep ! Echo Reply. .TP .B "unreach [ unreachable-code ]" Generic Unreachable error. This is used to indicate that an error has diff -cr ip_fil3.4.8/mlfk_ipl.c ip_fil3.4.9/mlfk_ipl.c *** ip_fil3.4.8/mlfk_ipl.c Wed Apr 26 22:17:24 2000 --- ip_fil3.4.9/mlfk_ipl.c Sun Aug 6 00:46:36 2000 *************** *** 23,29 **** * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ! * $Id: mlfk_ipl.c,v 2.1.2.1 2000/04/26 12:17:24 darrenr Exp $ */ --- 23,29 ---- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ! * $Id: mlfk_ipl.c,v 2.1.2.2 2000/08/05 14:46:36 darrenr Exp $ */ *************** *** 82,87 **** --- 82,88 ---- &fr_authused, 0, ""); SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW, &fr_defaultauthage, 0, ""); + SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, ""); #define CDEV_MAJOR 79 static struct cdevsw ipl_cdevsw = { diff -cr ip_fil3.4.8/solaris.c ip_fil3.4.9/solaris.c *** ip_fil3.4.8/solaris.c Tue Jul 18 23:56:33 2000 --- ip_fil3.4.9/solaris.c Sun Aug 6 00:50:30 2000 *************** *** 6,12 **** * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.6 2000/07/18 13:56:33 darrenr Exp $" #include #include --- 6,12 ---- * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.15.2.7 2000/08/05 14:50:30 darrenr Exp $" #include #include *************** *** 51,56 **** --- 51,57 ---- #include "ipl.h" #include "ip_fil.h" #include "ip_nat.h" + #include "ip_state.h" char _depends_on[] = "drv/ip"; *************** *** 683,689 **** s = m->b_rptr; } *mp = m2; ! MTYPE(m2) = MTYPE(mt); freemsg(mt); mt = m2; --- 684,690 ---- s = m->b_rptr; } *mp = m2; ! MTYPE(m2) = M_DATA; freemsg(mt); mt = m2;