diff -cr ip_fil4.1.13/BugReport ip_fil4.1.14/BugReport *** ip_fil4.1.13/BugReport Fri Jul 4 13:42:39 1997 --- ip_fil4.1.14/BugReport Sat Jun 24 03:39:07 2006 *************** *** 1,3 **** --- 1,6 ---- + Please submit this information at ipfilter.sourceforge.net and via + email to darrenr@reed.wattle.id.au. + IP Filter bug report form. -------------------------- IP Filter Version: diff -cr ip_fil4.1.13/HISTORY ip_fil4.1.14/HISTORY *** ip_fil4.1.13/HISTORY Sun Apr 2 06:09:42 2006 --- ip_fil4.1.14/HISTORY Mon Oct 2 02:34:15 2006 *************** *** 10,15 **** --- 10,34 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 4.1.14 - Released 04 October 2006 + + rewrite checksum alteration for ICMP packets being NAT'd to use a sane + algorithm that can be understood...now it needs better comments + + fix 1 byte error in checksum validation perl script + + remove unused files in lib directory + + ipftest will say "bad-packet" if it has been freed rather than just "blocked" + + make it possible to load IP address pools from external files in ippool.conf + + update copyright messages in tools directory + + consolidate ioctl hanlding source code into fil.c + + make ipfstat, ippool, ipnat retrieve information via ioctls rather than /dev/kmem + 4.1.13 - Released 4 April 2006 fix bug where null pointers introduced by proxies could cause a crash *************** *** 39,44 **** --- 58,64 ---- behaviour of \ on the end of a line in ipf.conf does not match older behaviour remove duplicate statistics line output with "ipfstat -s" + 4.1.11 - Released 19 March 2006 Patch for NAT with ipfsync from N. Ersen (SESCI) - www.enderunix.org diff -cr ip_fil4.1.13/HPUX/ipf.psf.dist ip_fil4.1.14/HPUX/ipf.psf.dist *** ip_fil4.1.13/HPUX/ipf.psf.dist Sun Apr 2 06:09:44 2006 --- ip_fil4.1.14/HPUX/ipf.psf.dist Sat Sep 9 03:28:54 2006 *************** *** 4,12 **** # # Copyright: Copyright (c) 2000 Darren Reed # ! # Description: PSF for IP FIlter 4.1.13 # ! # $Id: ipf.psf.dist,v 1.1.2.14 2006/04/01 20:09:44 darrenr Exp $ # The vendor definition here applies to all subsequently defined products. --- 4,12 ---- # # Copyright: Copyright (c) 2000 Darren Reed # ! # Description: PSF for IP FIlter 4.2 # ! # $Id: ipf.psf.dist,v 1.1.2.16 2006/09/08 17:28:54 darrenr Exp $ # The vendor definition here applies to all subsequently defined products. *************** *** 24,32 **** # Bundle definition(s): bundle tag IPF ! title IP Filter 4.1.13 description Firewall/NAT ! revision A.04.01.13 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX --- 24,32 ---- # Bundle definition(s): bundle tag IPF ! title IP Filter 4.2 description Firewall/NAT ! revision A.04.01.14 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX *************** *** 37,52 **** is_reference false vendor_tag IPFilter hp_srdo swtype=O;user=B;bundle_type=O ! contents IPF-RUN,r=A.04.01.13,a=HP-UX_HPREV_32/64,v=IPFilter end # bundle IPF # Product definition(s): product tag IPF-RUN ! title IP Filter 4.1.13 description Firewall/NAT copyright < ../../SunOS5/copyright ! revision A.04.01.13 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX --- 37,52 ---- is_reference false vendor_tag IPFilter hp_srdo swtype=O;user=B;bundle_type=O ! contents IPF-RUN,r=A.04.01.14,a=HP-UX_HPREV_32/64,v=IPFilter end # bundle IPF # Product definition(s): product tag IPF-RUN ! title IP Filter 4.2 description Firewall/NAT copyright < ../../SunOS5/copyright ! revision A.04.01.14 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX *************** *** 68,76 **** # InternetSrvcs.IPF-ALL fileset tag IPF-ALL ! title IP Filter 4.1.13 : IPF-ALL description < ../IPF-ALL/description ! revision A.04.01.13 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX --- 68,76 ---- # InternetSrvcs.IPF-ALL fileset tag IPF-ALL ! title IP Filter 4.2 : IPF-ALL description < ../IPF-ALL/description ! revision A.04.01.14 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX diff -cr ip_fil4.1.13/INSTALL.FreeBSD ip_fil4.1.14/INSTALL.FreeBSD *** ip_fil4.1.13/INSTALL.FreeBSD Wed Jun 16 11:18:05 2004 --- ip_fil4.1.14/INSTALL.FreeBSD Mon May 15 07:35:44 2006 *************** *** 1,5 **** ! This file is for use with FreeBSD 4.x and 5.x only. To build a kernel for use with the loadable kernel module, follow these steps: --- 1,5 ---- ! Thi file is for use with FreeBSD 4.x and 5.x only. To build a kernel for use with the loadable kernel module, follow these steps: diff -cr ip_fil4.1.13/Linux/Makefile ip_fil4.1.14/Linux/Makefile *** ip_fil4.1.13/Linux/Makefile Sun Mar 26 14:54:28 2006 --- ip_fil4.1.14/Linux/Makefile Fri Jul 14 16:12:23 2006 *************** *** 81,87 **** IPTRAFCON=$(OBJ)/iptrafcon.o FILS=$(OBJ)/ipfstat.o # ! CCARGS=-I. -I$(CPUDIR) $(DEBUG) $(CFLAGS) -D_BSD_SOURCE=1 $(LOOKUP) $(IPFLOG) EXTRA=-DIPFILTER_LOG -DIPFILTER_LOOKUP include $(TOP)/lib/Makefile --- 81,87 ---- IPTRAFCON=$(OBJ)/iptrafcon.o FILS=$(OBJ)/ipfstat.o # ! CCARGS=-I. -I$(CPUDIR) $(DEBUG) $(CFLAGS) $(LOOKUP) $(IPFLOG) -DLINUX=$(LINUX) EXTRA=-DIPFILTER_LOG -DIPFILTER_LOOKUP include $(TOP)/lib/Makefile *************** *** 210,216 **** $(OBJ)/ippool.o: $(TOOL)/ippool.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@ ! $(OBJ)/ippool: $(IPPOOL) $(CC) $(CCARGS) $(IPPOOL) -o $@ $(LIBS) -lelf $(LEXLIB) $(OBJ)/ipnat_y.o: $(OBJ)/ipnat_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h \ --- 210,216 ---- $(OBJ)/ippool.o: $(TOOL)/ippool.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@ ! $(OBJ)/ippool: $(IPPOOL) $(OBJ)/libipf.a $(CC) $(CCARGS) $(IPPOOL) -o $@ $(LIBS) -lelf $(LEXLIB) $(OBJ)/ipnat_y.o: $(OBJ)/ipnat_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h \ diff -cr ip_fil4.1.13/Linux/ipfilter.spec.dist ip_fil4.1.14/Linux/ipfilter.spec.dist *** ip_fil4.1.13/Linux/ipfilter.spec.dist Sun Apr 2 06:09:44 2006 --- ip_fil4.1.14/Linux/ipfilter.spec.dist Sat Sep 9 03:28:31 2006 *************** *** 1,6 **** Summary: IP Filter Software Name: ipfilter ! Version: 4.1.13 Release: 1 Copyright: Copyright 2006 Darren Reed Group: System Environment/Base --- 1,6 ---- Summary: IP Filter Software Name: ipfilter ! Version: 4.1.14 Release: 1 Copyright: Copyright 2006 Darren Reed Group: System Environment/Base diff -cr ip_fil4.1.13/OSF/Makefile ip_fil4.1.14/OSF/Makefile *** ip_fil4.1.13/OSF/Makefile Sun Jan 9 01:29:56 2005 --- ip_fil4.1.14/OSF/Makefile Sun Jul 23 06:55:30 2006 *************** *** 359,365 **** ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c y.tab.? lex.yy.c ipfs ! ${RM} -f ipsyncm ipsyncs ip_rules.c ip_rules.h sysconfigtab ${MAKE} -f Makefile.ipsend ${MFLAGS} clean -(for i in *; do \ --- 359,366 ---- ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c y.tab.? lex.yy.c ipfs ! ${RM} -f ipsyncm ipsyncs ip_rules.c ip_rules.h ! -if [ -h sysconfigtab ] ; then /bin/rm -f sysconfigtab; fi ${MAKE} -f Makefile.ipsend ${MFLAGS} clean -(for i in *; do \ diff -cr ip_fil4.1.13/OpenBSD-3/3.2-sys-diffs ip_fil4.1.14/OpenBSD-3/3.2-sys-diffs *** ip_fil4.1.13/OpenBSD-3/3.2-sys-diffs Sat Feb 19 12:33:26 2005 --- ip_fil4.1.14/OpenBSD-3/3.2-sys-diffs Fri Jul 14 16:10:22 2006 *************** *** 297,303 **** --- sys/arch/mvmeppc/mvmeppc/conf.c Sat Nov 2 12:10:36 2002 *************** *** 114,119 **** ! --- 114.1.6 ---- #include "ksyms.h" --- 297,303 ---- --- sys/arch/mvmeppc/mvmeppc/conf.c Sat Nov 2 12:10:36 2002 *************** *** 114,119 **** ! --- 114,125 ---- #include "ksyms.h" *************** *** 367,373 **** --- sys/arch/sparc64/sparc64/conf.c Sat Nov 2 12:10:36 2002 *************** *** 114,119 **** ! --- 114.1.6 ---- #include "ucom.h" #include "uscanner.h" --- 367,373 ---- --- sys/arch/sparc64/sparc64/conf.c Sat Nov 2 12:10:36 2002 *************** *** 114,119 **** ! --- 114,125 ---- #include "ucom.h" #include "uscanner.h" *************** *** 577,583 **** struct ether_header *, struct mbuf *m); #endif *************** ! *** 1144.1.60 **** m_freem(m); return; } --- 577,583 ---- struct ether_header *, struct mbuf *m); #endif *************** ! *** 1144,1150 **** m_freem(m); return; } diff -cr ip_fil4.1.13/OpenBSD-3/README.3_0 ip_fil4.1.14/OpenBSD-3/README.3_0 *** ip_fil4.1.13/OpenBSD-3/README.3_0 Sat Aug 20 23:48:28 2005 --- ip_fil4.1.14/OpenBSD-3/README.3_0 Mon Oct 2 02:39:35 2006 *************** *** 29,41 **** 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4.1.9.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.0-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4.1.9 BSD/kupgrade 4. Build a new OpenBSD kernel --- 29,41 ---- 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4next.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.0-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4next BSD/kupgrade 4. Build a new OpenBSD kernel *************** *** 49,55 **** 5. Build and install IPFilter ! cd ip_fil4.1.9 make openbsd make install-bsd OpenBSD-3/makedevs-3.0 --- 49,55 ---- 5. Build and install IPFilter ! cd ip_fil4next make openbsd make install-bsd OpenBSD-3/makedevs-3.0 *************** *** 57,63 **** 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.0-rc-diffs 7. Reboot --- 57,63 ---- 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.0-rc-diffs 7. Reboot diff -cr ip_fil4.1.13/OpenBSD-3/README.3_1 ip_fil4.1.14/OpenBSD-3/README.3_1 *** ip_fil4.1.13/OpenBSD-3/README.3_1 Sat Aug 20 23:48:28 2005 --- ip_fil4.1.14/OpenBSD-3/README.3_1 Mon Oct 2 02:39:35 2006 *************** *** 29,41 **** 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4.1.9.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.1-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4.1.9 BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto --- 29,41 ---- 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4next.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.1-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4next BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto *************** *** 52,58 **** 5. Build and install IPFilter ! cd ip_fil4.1.9 make openbsd make install-bsd OpenBSD-3/makedevs-3.1 --- 52,58 ---- 5. Build and install IPFilter ! cd ip_fil4next make openbsd make install-bsd OpenBSD-3/makedevs-3.1 *************** *** 60,66 **** 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.1-rc-diffs 7. Reboot --- 60,66 ---- 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.1-rc-diffs 7. Reboot *************** *** 79,86 **** Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.1-rc-diffs ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.1-MAKEDEV-diffs ! cd ~/ip_fil4.1.9 ./OpenBSD-3/fixdist-3.0 --- 79,86 ---- Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.1-rc-diffs ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.1-MAKEDEV-diffs ! cd ~/ip_fil4next ./OpenBSD-3/fixdist-3.0 diff -cr ip_fil4.1.13/OpenBSD-3/README.3_2 ip_fil4.1.14/OpenBSD-3/README.3_2 *** ip_fil4.1.13/OpenBSD-3/README.3_2 Sat Aug 20 23:48:28 2005 --- ip_fil4.1.14/OpenBSD-3/README.3_2 Mon Oct 2 02:39:35 2006 *************** *** 29,41 **** 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4.1.9.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.2-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4.1.9 BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto --- 29,41 ---- 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4next.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.2-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4next BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto *************** *** 52,58 **** 5. Build and install IPFilter ! cd ip_fil4.1.9 make openbsd make install-bsd OpenBSD-3/makedevs-3.2 --- 52,58 ---- 5. Build and install IPFilter ! cd ip_fil4next make openbsd make install-bsd OpenBSD-3/makedevs-3.2 *************** *** 60,66 **** 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.2-rc-diffs 7. Reboot --- 60,66 ---- 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.2-rc-diffs 7. Reboot *************** *** 79,86 **** Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.2-rc-diffs ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.2-MAKEDEV-diffs ! cd ~/ip_fil4.1.9 ./OpenBSD-3/fixdist-3.2 --- 79,86 ---- Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.2-rc-diffs ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.2-MAKEDEV-diffs ! cd ~/ip_fil4next ./OpenBSD-3/fixdist-3.2 diff -cr ip_fil4.1.13/OpenBSD-3/README.3_3 ip_fil4.1.14/OpenBSD-3/README.3_3 *** ip_fil4.1.13/OpenBSD-3/README.3_3 Sat Aug 20 23:48:28 2005 --- ip_fil4.1.14/OpenBSD-3/README.3_3 Mon Oct 2 02:39:35 2006 *************** *** 29,41 **** 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4.1.9.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.3-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4.1.9 BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto --- 29,41 ---- 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4next.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.3-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4next BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto *************** *** 52,58 **** 5. Build and install IPFilter ! cd ip_fil4.1.9 make openbsd make install-bsd OpenBSD-3/makedevs-3.2 --- 52,58 ---- 5. Build and install IPFilter ! cd ip_fil4next make openbsd make install-bsd OpenBSD-3/makedevs-3.2 *************** *** 60,66 **** 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.3-rc-diffs 7. Reboot --- 60,66 ---- 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.3-rc-diffs 7. Reboot *************** *** 79,86 **** Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.3-rc-diffs ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.3-MAKEDEV-diffs ! cd ~/ip_fil4.1.9 ./OpenBSD-3/fixdist-3.2 --- 79,86 ---- Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.3-rc-diffs ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.3-MAKEDEV-diffs ! cd ~/ip_fil4next ./OpenBSD-3/fixdist-3.2 diff -cr ip_fil4.1.13/OpenBSD-3/README.3_4 ip_fil4.1.14/OpenBSD-3/README.3_4 *** ip_fil4.1.13/OpenBSD-3/README.3_4 Sat Aug 20 23:48:29 2005 --- ip_fil4.1.14/OpenBSD-3/README.3_4 Mon Oct 2 02:39:35 2006 *************** *** 29,41 **** 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4.1.9.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.4-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4.1.9 BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto --- 29,41 ---- 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4next.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.4-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4next BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto *************** *** 52,58 **** 5. Build and install IPFilter ! cd ip_fil4.1.9 make openbsd make install-bsd OpenBSD-3/makedevs-3.4 --- 52,58 ---- 5. Build and install IPFilter ! cd ip_fil4next make openbsd make install-bsd OpenBSD-3/makedevs-3.4 *************** *** 60,66 **** 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.4-rc-diffs 7. Reboot --- 60,66 ---- 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.4-rc-diffs 7. Reboot *************** *** 79,86 **** Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.4-rc-diffs ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.4-MAKEDEV-diffs ! cd ~/ip_fil4.1.9 ./OpenBSD-3/fixdist-3.4 --- 79,86 ---- Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.4-rc-diffs ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.4-MAKEDEV-diffs ! cd ~/ip_fil4next ./OpenBSD-3/fixdist-3.4 diff -cr ip_fil4.1.13/OpenBSD-3/README.3_5 ip_fil4.1.14/OpenBSD-3/README.3_5 *** ip_fil4.1.13/OpenBSD-3/README.3_5 Sat Aug 20 23:48:29 2005 --- ip_fil4.1.14/OpenBSD-3/README.3_5 Mon Oct 2 02:39:35 2006 *************** *** 29,41 **** 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4.1.9.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.5-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4.1.9 BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto --- 29,41 ---- 2. Unpack IPFilter and apply the patches to the kernel source cd ~ ! gunzip -c ip_fil4next.tar.gz | tar xpf - cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.5-sys-diffs 3. Add IPFilter to the source code tree: ! cd ~/ip_fil4next BSD/kupgrade If you want to build a new release with IPFilter, stop here and goto *************** *** 52,58 **** 5. Build and install IPFilter ! cd ip_fil4.1.9 make openbsd make install-bsd OpenBSD-3/makedevs-3.5 --- 52,58 ---- 5. Build and install IPFilter ! cd ip_fil4next make openbsd make install-bsd OpenBSD-3/makedevs-3.5 *************** *** 60,66 **** 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.5-rc-diffs 7. Reboot --- 60,66 ---- 6. Patch rc scripts in /etc cd /etc ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.5-rc-diffs 7. Reboot *************** *** 79,86 **** Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.5-rc-diffs ! patch < ~/ip_fil4.1.9/OpenBSD-3/3.5-MAKEDEV-diffs ! cd ~/ip_fil4.1.9 ./OpenBSD-3/fixdist-3.5 --- 79,86 ---- Building a Release ================== cd /usr/src ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.5-rc-diffs ! patch < ~/ip_fil4.1.14/OpenBSD-3/3.5-MAKEDEV-diffs ! cd ~/ip_fil4next ./OpenBSD-3/fixdist-3.5 diff -cr ip_fil4.1.13/SunOS5/pkginfo ip_fil4.1.14/SunOS5/pkginfo *** ip_fil4.1.13/SunOS5/pkginfo Sun Apr 2 06:09:45 2006 --- ip_fil4.1.14/SunOS5/pkginfo Sat Sep 9 03:28:31 2006 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=4.1.13 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=4.1.14 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil4.1.13/fil.c ip_fil4.1.14/fil.c *** ip_fil4.1.13/fil.c Wed Mar 29 21:19:54 2006 --- ip_fil4.1.14/fil.c Sat Sep 2 00:09:00 2006 *************** *** 137,143 **** #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.243.2.78 2006/03/29 11:19:54 darrenr Exp $"; #endif #ifndef _KERNEL --- 137,143 ---- #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.243.2.86 2006/09/01 14:09:00 darrenr Exp $"; #endif #ifndef _KERNEL *************** *** 230,240 **** static int fr_updateipid __P((fr_info_t *)); #ifdef IPFILTER_LOOKUP static int fr_grpmapinit __P((frentry_t *fr)); ! static INLINE void *fr_resolvelookup __P((u_int, u_int, lookupfunc_t *)); #endif static void frsynclist __P((frentry_t *, void *)); static ipftuneable_t *fr_findtunebyname __P((const char *)); static ipftuneable_t *fr_findtunebycookie __P((void *, void **)); /* --- 230,243 ---- static int fr_updateipid __P((fr_info_t *)); #ifdef IPFILTER_LOOKUP static int fr_grpmapinit __P((frentry_t *fr)); ! static INLINE void *fr_resolvelookup __P((u_int, u_int, i6addr_t *, lookupfunc_t *)); #endif static void frsynclist __P((frentry_t *, void *)); static ipftuneable_t *fr_findtunebyname __P((const char *)); static ipftuneable_t *fr_findtunebycookie __P((void *, void **)); + static int ipf_geniter __P((ipftoken_t *, ipfgeniter_t *)); + static int ipf_frruleiter __P((void *, int, void *)); + static void ipf_unlinktoken __P((ipftoken_t *)); /* *************** *** 697,703 **** int minicmpsz = sizeof(struct icmp6_hdr); struct icmp6_hdr *icmp6; ! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN + 8 - sizeof(ip6_t)) == -1) return; if (fin->fin_dlen > 1) { --- 700,706 ---- int minicmpsz = sizeof(struct icmp6_hdr); struct icmp6_hdr *icmp6; ! if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN - sizeof(ip6_t)) == -1) return; if (fin->fin_dlen > 1) { *************** *** 857,874 **** fr_info_t *fin; int plen; { - #if defined(_KERNEL) if (fin->fin_m != NULL) { if (fin->fin_dp != NULL) plen += (char *)fin->fin_dp - ((char *)fin->fin_ip + fin->fin_hlen); plen += fin->fin_hlen; if (M_LEN(fin->fin_m) < plen) { if (fr_pullup(fin->fin_m, fin, plen) == NULL) return -1; } } - #endif return 0; } --- 860,885 ---- fr_info_t *fin; int plen; { if (fin->fin_m != NULL) { if (fin->fin_dp != NULL) plen += (char *)fin->fin_dp - ((char *)fin->fin_ip + fin->fin_hlen); plen += fin->fin_hlen; if (M_LEN(fin->fin_m) < plen) { + #if defined(_KERNEL) if (fr_pullup(fin->fin_m, fin, plen) == NULL) return -1; + #else + /* + * Fake fr_pullup failing + */ + *fin->fin_mp = NULL; + fin->fin_m = NULL; + fin->fin_ip = NULL; + return -1; + #endif } } return 0; } *************** *** 1502,1519 **** fin->fin_rule = 0xffffffff; fin->fin_group[0] = -1; fin->fin_group[1] = '\0'; - fin->fin_dlen = fin->fin_plen - hlen; fin->fin_dp = (char *)ip + hlen; v = fin->fin_v; ! if (v == 4) frpr_ipv4hdr(fin); #ifdef USE_INET6 ! else if (v == 6) { if (frpr_ipv6hdr(fin) == -1) return -1; - } #endif if (fin->fin_ip == NULL) return -1; return 0; --- 1513,1536 ---- fin->fin_rule = 0xffffffff; fin->fin_group[0] = -1; fin->fin_group[1] = '\0'; fin->fin_dp = (char *)ip + hlen; v = fin->fin_v; ! if (v == 4) { ! fin->fin_plen = ip->ip_len; ! fin->fin_dlen = fin->fin_plen - hlen; ! frpr_ipv4hdr(fin); #ifdef USE_INET6 ! } else if (v == 6) { ! fin->fin_plen = ntohs(((ip6_t *)ip)->ip6_plen); ! fin->fin_dlen = fin->fin_plen; ! fin->fin_plen += hlen; ! if (frpr_ipv6hdr(fin) == -1) return -1; #endif + } if (fin->fin_ip == NULL) return -1; return 0; *************** *** 1675,1681 **** */ i = ((*lip & *lm) != *ld); FR_DEBUG(("0. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); if (i) return 1; --- 1692,1698 ---- */ i = ((*lip & *lm) != *ld); FR_DEBUG(("0. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); if (i) return 1; *************** *** 1686,1692 **** lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("1. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); if (i) return 1; --- 1703,1709 ---- lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("1. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); if (i) return 1; *************** *** 1709,1728 **** #endif i = ((*lip & *lm) != *ld); FR_DEBUG(("2a. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); if (fi->fi_v == 6) { lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("2b. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("2c. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("2d. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); } else { lip += 3; lm += 3; --- 1726,1745 ---- #endif i = ((*lip & *lm) != *ld); FR_DEBUG(("2a. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); if (fi->fi_v == 6) { lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("2b. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("2c. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("2d. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); } else { lip += 3; lm += 3; *************** *** 1751,1770 **** #endif i = ((*lip & *lm) != *ld); FR_DEBUG(("3a. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); if (fi->fi_v == 6) { lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("3b. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("3c. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("3d. %#08x & %#08x != %#08x\n", ! *lip, *lm, *ld)); } else { lip += 3; lm += 3; --- 1768,1787 ---- #endif i = ((*lip & *lm) != *ld); FR_DEBUG(("3a. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); if (fi->fi_v == 6) { lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("3b. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("3c. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); lip++, lm++, ld++; i |= ((*lip & *lm) != *ld); FR_DEBUG(("3d. %#08x & %#08x != %#08x\n", ! ntohl(*lip), ntohl(*lm), ntohl(*ld))); } else { lip += 3; lm += 3; *************** *** 2292,2300 **** int v = IP_V(ip); mb_t *mc = NULL; mb_t *m; - #ifdef USE_INET6 - ip6_t *ip6; - #endif /* * The first part of fr_check() deals with making sure that what goes * into the filtering engine makes some sense. Information about the --- 2309,2314 ---- *************** *** 2390,2402 **** * structures to handle comfortably, for now, so just drop * them. */ ! ip6 = (ip6_t *)ip; ! fin->fin_plen = ntohs(ip6->ip6_plen); ! if (fin->fin_plen == 0) { pass = FR_BLOCK|FR_NOMATCH; goto finished; } - fin->fin_plen += sizeof(ip6_t); } else #endif { --- 2404,2413 ---- * structures to handle comfortably, for now, so just drop * them. */ ! if (((ip6_t *)ip)->ip6_plen == 0) { pass = FR_BLOCK|FR_NOMATCH; goto finished; } } else #endif { *************** *** 2404,2410 **** ip->ip_len = ntohs(ip->ip_len); ip->ip_off = ntohs(ip->ip_off); #endif - fin->fin_plen = ip->ip_len; } if (fr_makefrip(hlen, ip, fin) == -1) { --- 2415,2420 ---- *************** *** 2434,2441 **** } #ifdef USE_INET6 else if (v == 6) { ! ip6 = (ip6_t *)ip; ! if (ip6->ip6_hlim < fr_minttl) { ATOMIC_INCL(frstats[0].fr_badttl); fin->fin_flx |= FI_LOWTTL; } --- 2444,2450 ---- } #ifdef USE_INET6 else if (v == 6) { ! if (((ip6_t *)ip)->ip6_hlim < fr_minttl) { ATOMIC_INCL(frstats[0].fr_badttl); fin->fin_flx |= FI_LOWTTL; } *************** *** 2522,2528 **** #endif if (fin->fin_state != NULL) { ! fr_statederef(fin, (ipstate_t **)&fin->fin_state); fin->fin_state = NULL; } --- 2531,2537 ---- #endif if (fin->fin_state != NULL) { ! fr_statederef((ipstate_t **)&fin->fin_state); fin->fin_state = NULL; } *************** *** 3066,3072 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.243.2.78 2006/03/29 11:19:54 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 3075,3081 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.243.2.86 2006/09/01 14:09:00 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, *************** *** 3657,3669 **** if (fr->fr_type == FR_T_IPF && fr->fr_satype == FRI_LOOKUP && fr->fr_srcptr == NULL) { fr->fr_srcptr = fr_resolvelookup(fr->fr_srctype, ! fr->fr_srcnum, &fr->fr_srcfunc); } if (fr->fr_type == FR_T_IPF && fr->fr_datype == FRI_LOOKUP && fr->fr_dstptr == NULL) { fr->fr_dstptr = fr_resolvelookup(fr->fr_dsttype, ! fr->fr_dstnum, &fr->fr_dstfunc); } #endif --- 3666,3680 ---- if (fr->fr_type == FR_T_IPF && fr->fr_satype == FRI_LOOKUP && fr->fr_srcptr == NULL) { fr->fr_srcptr = fr_resolvelookup(fr->fr_srctype, ! fr->fr_srcsubtype, ! &fr->fr_slookup, &fr->fr_srcfunc); } if (fr->fr_type == FR_T_IPF && fr->fr_datype == FRI_LOOKUP && fr->fr_dstptr == NULL) { fr->fr_dstptr = fr_resolvelookup(fr->fr_dsttype, ! fr->fr_dstsubtype, ! &fr->fr_dlookup, &fr->fr_dstfunc); } #endif *************** *** 3735,3751 **** size_t size; { caddr_t ca; ! int err; # if SOLARIS ! err = COPYIN(src, (caddr_t)&ca, sizeof(ca)); ! if (err != 0) ! return err; # else bcopy(src, (caddr_t)&ca, sizeof(ca)); # endif ! err = COPYIN(ca, dst, size); ! return err; } --- 3746,3764 ---- size_t size; { caddr_t ca; ! int error; # if SOLARIS ! error = COPYIN(src, (caddr_t)&ca, sizeof(ca)); ! if (error != 0) ! return error; # else bcopy(src, (caddr_t)&ca, sizeof(ca)); # endif ! error = COPYIN(ca, dst, size); ! if (error != 0) ! error = EFAULT; ! return error; } *************** *** 3765,3775 **** size_t size; { caddr_t ca; ! int err; bcopy(dst, (caddr_t)&ca, sizeof(ca)); ! err = COPYOUT(src, ca, size); ! return err; } #endif --- 3778,3790 ---- size_t size; { caddr_t ca; ! int error; bcopy(dst, (caddr_t)&ca, sizeof(ca)); ! error = COPYOUT(src, ca, size); ! if (error != 0) ! error = EFAULT; ! return error; } #endif *************** *** 3945,3951 **** /* Function: fr_resolvelookup */ /* Returns: void * - NULL = failure, else success. */ /* Parameters: type(I) - type of lookup these parameters are for. */ ! /* number(I) - table number to use when searching */ /* funcptr(IO) - pointer to pointer for storing IP address */ /* searching function. */ /* */ --- 3960,3967 ---- /* Function: fr_resolvelookup */ /* Returns: void * - NULL = failure, else success. */ /* Parameters: type(I) - type of lookup these parameters are for. */ ! /* subtype(I) - whether the info below contains number/name */ ! /* info(I) - pointer to name/number of the lookup data */ /* funcptr(IO) - pointer to pointer for storing IP address */ /* searching function. */ /* */ *************** *** 3954,3973 **** /* call to do the IP address search will be change, regardless of whether */ /* or not the "table" number exists. */ /* ------------------------------------------------------------------------ */ ! static void *fr_resolvelookup(type, number, funcptr) ! u_int type, number; lookupfunc_t *funcptr; { ! char name[FR_GROUPLEN]; iphtable_t *iph; ip_pool_t *ipo; void *ptr; #if defined(SNPRINTF) && defined(_KERNEL) ! SNPRINTF(name, sizeof(name), "%u", number); #else ! (void) sprintf(name, "%u", number); #endif READ_ENTER(&ip_poolrw); --- 3970,4004 ---- /* call to do the IP address search will be change, regardless of whether */ /* or not the "table" number exists. */ /* ------------------------------------------------------------------------ */ ! static void *fr_resolvelookup(type, subtype, info, funcptr) ! u_int type, subtype; ! i6addr_t *info; lookupfunc_t *funcptr; { ! char label[FR_GROUPLEN], *name; iphtable_t *iph; ip_pool_t *ipo; void *ptr; + if (subtype == 0) { #if defined(SNPRINTF) && defined(_KERNEL) ! SNPRINTF(label, sizeof(label), "%u", info->iplookupnum); #else ! (void) sprintf(label, "%u", info->iplookupnum); #endif + name = label; + } else if (subtype == 1) { + /* + * Because iplookupname is currently only a 12 character + * string and FR_GROUPLEN is 16, copy all of it into the + * label buffer and add on a NULL at the end. + */ + strncpy(label, info->iplookupname, sizeof(info->iplookupname)); + label[sizeof(info->iplookupname)] = '\0'; + name = label; + } else { + return NULL; + } READ_ENTER(&ip_poolrw); *************** *** 4158,4163 **** --- 4189,4196 ---- if (!ptr) return ENOMEM; error = COPYIN(uptr, ptr, fp->fr_dsize); + if (error != 0) + error = EFAULT; } else { ptr = uptr; error = 0; *************** *** 4216,4223 **** #ifdef IPFILTER_LOOKUP case FRI_LOOKUP : fp->fr_srcptr = fr_resolvelookup(fp->fr_srctype, ! fp->fr_srcnum, &fp->fr_srcfunc); break; #endif default : --- 4249,4259 ---- #ifdef IPFILTER_LOOKUP case FRI_LOOKUP : fp->fr_srcptr = fr_resolvelookup(fp->fr_srctype, ! fp->fr_srcsubtype, ! &fp->fr_slookup, &fp->fr_srcfunc); + if (fp->fr_srcptr == NULL) + return ESRCH; break; #endif default : *************** *** 4241,4248 **** #ifdef IPFILTER_LOOKUP case FRI_LOOKUP : fp->fr_dstptr = fr_resolvelookup(fp->fr_dsttype, ! fp->fr_dstnum, &fp->fr_dstfunc); break; #endif default : --- 4277,4287 ---- #ifdef IPFILTER_LOOKUP case FRI_LOOKUP : fp->fr_dstptr = fr_resolvelookup(fp->fr_dsttype, ! fp->fr_dstsubtype, ! &fp->fr_dlookup, &fp->fr_dstfunc); + if (fp->fr_dstptr == NULL) + return ESRCH; break; #endif default : *************** *** 4326,4331 **** --- 4365,4372 ---- if ((f->fr_dsize != 0) && (uptr != NULL)) error = COPYOUT(f->fr_data, uptr, f->fr_dsize); + if (error != 0) + error = EFAULT; if (error == 0) { f->fr_hits = 0; f->fr_bytes = 0; *************** *** 4422,4428 **** fr_fixskip(ftail, f, -1); *ftail = f->fr_next; f->fr_next = NULL; ! (void)fr_derefrule(&f); } } else { /* --- 4463,4469 ---- fr_fixskip(ftail, f, -1); *ftail = f->fr_next; f->fr_next = NULL; ! (void) fr_derefrule(&f); } } else { /* *************** *** 4636,4641 **** --- 4677,4683 ---- frentry_t *fr; fr = *frp; + *frp = NULL; MUTEX_ENTER(&fr->fr_lock); fr->fr_ref--; *************** *** 4661,4667 **** } else { MUTEX_EXIT(&fr->fr_lock); } - *frp = NULL; return -1; } --- 4703,4708 ---- *************** *** 5191,5245 **** /* data(I) - pointer to ioctl data */ /* cmd(I) - ioctl command */ /* mode(I) - mode value */ /* */ /* Based on the value of unit, call the appropriate ioctl handler or return */ /* EIO if ipfilter is not running. Also checks if write perms are req'd */ /* for the device in order to execute the ioctl. */ /* ------------------------------------------------------------------------ */ ! int fr_ioctlswitch(unit, data, cmd, mode) ! int unit, mode; ioctlcmd_t cmd; ! void *data; { int error = 0; switch (unit) { case IPL_LOGIPF : ! error = -1; break; case IPL_LOGNAT : if (fr_running > 0) ! error = fr_nat_ioctl(data, cmd, mode); else error = EIO; break; case IPL_LOGSTATE : if (fr_running > 0) ! error = fr_state_ioctl(data, cmd, mode); else error = EIO; break; case IPL_LOGAUTH : ! if (fr_running > 0) { ! if ((cmd == (ioctlcmd_t)SIOCADAFR) || ! (cmd == (ioctlcmd_t)SIOCRMAFR)) { ! if (!(mode & FWRITE)) { ! error = EPERM; ! } else { ! error = frrequest(unit, cmd, data, ! fr_active, 1); ! } ! } else { ! error = fr_auth_ioctl(data, cmd, mode); ! } ! } else error = EIO; break; case IPL_LOGSYNC : #ifdef IPFILTER_SYNC if (fr_running > 0) ! error = fr_sync_ioctl(data, cmd, mode); else #endif error = EIO; --- 5232,5278 ---- /* data(I) - pointer to ioctl data */ /* cmd(I) - ioctl command */ /* mode(I) - mode value */ + /* uid(I) - uid making the ioctl call */ + /* ctx(I) - pointer to context data */ /* */ /* Based on the value of unit, call the appropriate ioctl handler or return */ /* EIO if ipfilter is not running. Also checks if write perms are req'd */ /* for the device in order to execute the ioctl. */ /* ------------------------------------------------------------------------ */ ! int fr_ioctlswitch(unit, data, cmd, mode, uid, ctx) ! int unit, mode, uid; ioctlcmd_t cmd; ! void *data, *ctx; { int error = 0; switch (unit) { case IPL_LOGIPF : ! error = fr_ipf_ioctl(data, cmd, mode, uid, ctx); break; case IPL_LOGNAT : if (fr_running > 0) ! error = fr_nat_ioctl(data, cmd, mode, uid, ctx); else error = EIO; break; case IPL_LOGSTATE : if (fr_running > 0) ! error = fr_state_ioctl(data, cmd, mode, uid, ctx); else error = EIO; break; case IPL_LOGAUTH : ! if (fr_running > 0) ! error = fr_auth_ioctl(data, cmd, mode, uid, ctx); ! else error = EIO; break; case IPL_LOGSYNC : #ifdef IPFILTER_SYNC if (fr_running > 0) ! error = fr_sync_ioctl(data, cmd, mode, uid, ctx); else #endif error = EIO; *************** *** 5247,5253 **** case IPL_LOGSCAN : #ifdef IPFILTER_SCAN if (fr_running > 0) ! error = fr_scan_ioctl(data, cmd, mode); else #endif error = EIO; --- 5280,5286 ---- case IPL_LOGSCAN : #ifdef IPFILTER_SCAN if (fr_running > 0) ! error = fr_scan_ioctl(data, cmd, mode, uid, ctx); else #endif error = EIO; *************** *** 5255,5261 **** case IPL_LOGLOOKUP : #ifdef IPFILTER_LOOKUP if (fr_running > 0) ! error = ip_lookup_ioctl(data, cmd, mode); else #endif error = EIO; --- 5288,5294 ---- case IPL_LOGLOOKUP : #ifdef IPFILTER_LOOKUP if (fr_running > 0) ! error = ip_lookup_ioctl(data, cmd, mode, uid, ctx); else #endif error = EIO; *************** *** 5273,5281 **** * This array defines the expected size of objects coming into the kernel * for the various recognised object types. */ ! #define NUM_OBJ_TYPES 14 ! ! static int fr_objbytes[NUM_OBJ_TYPES][2] = { { 1, sizeof(struct frentry) }, /* frentry */ { 0, sizeof(struct friostat) }, { 0, sizeof(struct fr_info) }, --- 5306,5312 ---- * This array defines the expected size of objects coming into the kernel * for the various recognised object types. */ ! static int fr_objbytes[IPFOBJ_COUNT][2] = { { 1, sizeof(struct frentry) }, /* frentry */ { 0, sizeof(struct friostat) }, { 0, sizeof(struct fr_info) }, *************** *** 5289,5295 **** { 1, sizeof(struct ipstate) }, /* ipstate */ { 0, sizeof(struct ips_stat) }, { 0, sizeof(struct frauth) }, ! { 0, sizeof(struct ipftune) } }; --- 5320,5331 ---- { 1, sizeof(struct ipstate) }, /* ipstate */ { 0, sizeof(struct ips_stat) }, { 0, sizeof(struct frauth) }, ! { 0, sizeof(struct ipftune) }, ! { 0, sizeof(struct nat) }, /* nat_t */ ! { 0, sizeof(struct ipfruleiter) }, ! { 0, sizeof(struct ipfgeniter) }, ! { 0, sizeof(struct ipftable) }, ! { 0, sizeof(struct ipflookupiter) } }; *************** *** 5312,5318 **** ipfobj_t obj; int error = 0; ! if ((type < 0) || (type > NUM_OBJ_TYPES-1)) return EINVAL; BCOPYIN((caddr_t)data, (caddr_t)&obj, sizeof(obj)); --- 5348,5354 ---- ipfobj_t obj; int error = 0; ! if ((type < 0) || (type >= IPFOBJ_COUNT)) return EINVAL; BCOPYIN((caddr_t)data, (caddr_t)&obj, sizeof(obj)); *************** *** 5324,5331 **** if ((fr_objbytes[type][0] & 1) != 0) { if (obj.ipfo_size < fr_objbytes[type][1]) return EINVAL; ! } else if (obj.ipfo_size != fr_objbytes[type][1]) return EINVAL; #else if (obj.ipfo_rev != IPFILTER_VERSION) /* XXX compatibility hook here */ --- 5360,5368 ---- if ((fr_objbytes[type][0] & 1) != 0) { if (obj.ipfo_size < fr_objbytes[type][1]) return EINVAL; ! } else if (obj.ipfo_size != fr_objbytes[type][1]) { return EINVAL; + } #else if (obj.ipfo_rev != IPFILTER_VERSION) /* XXX compatibility hook here */ *************** *** 5346,5351 **** --- 5383,5390 ---- error = COPYIN((caddr_t)obj.ipfo_ptr, (caddr_t)ptr, obj.ipfo_size); } + if (error != 0) + error = EFAULT; return error; } *************** *** 5372,5378 **** ipfobj_t obj; int error; ! if ((type < 0) || (type > NUM_OBJ_TYPES-1)) return EINVAL; if (((fr_objbytes[type][0] & 1) == 0) || (sz < fr_objbytes[type][1])) return EINVAL; --- 5411,5417 ---- ipfobj_t obj; int error; ! if ((type < 0) || (type >= IPFOBJ_COUNT)) return EINVAL; if (((fr_objbytes[type][0] & 1) == 0) || (sz < fr_objbytes[type][1])) return EINVAL; *************** *** 5395,5400 **** --- 5434,5441 ---- #endif error = COPYIN((caddr_t)obj.ipfo_ptr, (caddr_t)ptr, sz); + if (error != 0) + error = EFAULT; return error; } *************** *** 5421,5427 **** ipfobj_t obj; int error; ! if ((type < 0) || (type > NUM_OBJ_TYPES-1) || ((fr_objbytes[type][0] & 1) == 0) || (sz < fr_objbytes[type][1])) return EINVAL; --- 5462,5468 ---- ipfobj_t obj; int error; ! if ((type < 0) || (type > IPFOBJ_COUNT) || ((fr_objbytes[type][0] & 1) == 0) || (sz < fr_objbytes[type][1])) return EINVAL; *************** *** 5444,5449 **** --- 5485,5492 ---- #endif error = COPYOUT((caddr_t)ptr, (caddr_t)obj.ipfo_ptr, sz); + if (error != 0) + error = EFAULT; return error; } *************** *** 5467,5473 **** ipfobj_t obj; int error; ! if ((type < 0) || (type > NUM_OBJ_TYPES-1)) return EINVAL; BCOPYIN((caddr_t)data, (caddr_t)&obj, sizeof(obj)); --- 5510,5516 ---- ipfobj_t obj; int error; ! if ((type < 0) || (type > IPFOBJ_COUNT)) return EINVAL; BCOPYIN((caddr_t)data, (caddr_t)&obj, sizeof(obj)); *************** *** 5495,5500 **** --- 5538,5545 ---- #endif error = COPYOUT((caddr_t)ptr, (caddr_t)obj.ipfo_ptr, obj.ipfo_size); + if (error != 0) + error = EFAULT; return error; } *************** *** 6275,6281 **** int error; fr_getstat(&fio); ! error = copyoutptr(&fio, data, sizeof(fio)); if (error) return EFAULT; --- 6320,6326 ---- int error; fr_getstat(&fio); ! error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); if (error) return EFAULT; *************** *** 6359,6361 **** --- 6404,7062 ---- nic = (void *)-1; return nic; } + + + ipftoken_t *ipftokenhead = NULL, **ipftokentail = &ipftokenhead; + + + /* ------------------------------------------------------------------------ */ + /* Function: ipf_expiretokens */ + /* Returns: None. */ + /* Parameters: None. */ + /* */ + /* This function is run every ipf tick to see if there are any tokens that */ + /* have been held for too long and need to be freed up. */ + /* ------------------------------------------------------------------------ */ + void ipf_expiretokens() + { + ipftoken_t *it; + void *data; + + WRITE_ENTER(&ipf_tokens); + while ((it = ipftokenhead) != NULL) { + if (it->ipt_die > fr_ticks) + break; + + data = it->ipt_data; + + ipf_freetoken(it); + } + RWLOCK_EXIT(&ipf_tokens); + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ipf_deltoken */ + /* Returns: int - 0 = success, else error */ + /* Parameters: type(I) - the token type to match */ + /* uid(I) - uid owning the token */ + /* ptr(I) - context pointer for the token */ + /* */ + /* This function looks for a a token in the current list that matches up */ + /* the fields (type, uid, ptr). If none is found, ESRCH is returned, else */ + /* call ipf_freetoken() to remove it from the list. */ + /* ------------------------------------------------------------------------ */ + int ipf_deltoken(type, uid, ptr) + int type, uid; + void *ptr; + { + ipftoken_t *it; + int error = ESRCH; + + WRITE_ENTER(&ipf_tokens); + for (it = ipftokenhead; it != NULL; it = it->ipt_next) + if (ptr == it->ipt_ctx && type == it->ipt_type && + uid == it->ipt_uid) { + ipf_freetoken(it); + error = 0; + break; + } + RWLOCK_EXIT(&ipf_tokens); + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ipf_findtoken */ + /* Returns: ipftoken_t * - NULL if no memory, else pointer to token */ + /* Parameters: type(I) - the token type to match */ + /* uid(I) - uid owning the token */ + /* ptr(I) - context pointer for the token */ + /* */ + /* This function looks for a live token in the list of current tokens that */ + /* matches the tuple (type, uid, ptr). If one cannot be found then one is */ + /* allocated. If one is found then it is moved to the top of the list of */ + /* currently active tokens. */ + /* ------------------------------------------------------------------------ */ + ipftoken_t *ipf_findtoken(type, uid, ptr) + int type, uid; + void *ptr; + { + ipftoken_t *it, *new; + + KMALLOC(new, ipftoken_t *); + + WRITE_ENTER(&ipf_tokens); + for (it = ipftokenhead; it != NULL; it = it->ipt_next) { + if (it->ipt_alive == 0) + continue; + if (ptr == it->ipt_ctx && type == it->ipt_type && + uid == it->ipt_uid) + break; + } + + if (it == NULL) { + it = new; + new = NULL; + if (it == NULL) + return NULL; + it->ipt_data = NULL; + it->ipt_ctx = ptr; + it->ipt_uid = uid; + it->ipt_type = type; + it->ipt_next = NULL; + it->ipt_alive = 1; + } else { + if (new != NULL) { + KFREE(new); + new = NULL; + } + + ipf_unlinktoken(it); + } + it->ipt_pnext = ipftokentail; + *ipftokentail = it; + ipftokentail = &it->ipt_next; + it->ipt_next = NULL; + + it->ipt_die = fr_ticks + 2; + + MUTEX_DOWNGRADE(&ipf_tokens); + + return it; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ipf_unlinktoken */ + /* Returns: None. */ + /* Parameters: token(I) - pointer to token structure */ + /* */ + /* This function unlinks a token structure from the linked list of tokens */ + /* that "own" it. The head pointer never needs to be explicitly adjusted */ + /* but the tail does due to the linked list implementation. */ + /* ------------------------------------------------------------------------ */ + static void ipf_unlinktoken(token) + ipftoken_t *token; + { + + if (ipftokentail == &token->ipt_next) + ipftokentail = token->ipt_pnext; + + *token->ipt_pnext = token->ipt_next; + if (token->ipt_next != NULL) + token->ipt_next->ipt_pnext = token->ipt_pnext; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ipf_freetoken */ + /* Returns: None. */ + /* Parameters: token(I) - pointer to token structure */ + /* */ + /* This function unlinks a token from the linked list and on the path to */ + /* free'ing the data, it calls the dereference function that is associated */ + /* with the type of data pointed to by the token as it is considered to */ + /* hold a reference to it. */ + /* ------------------------------------------------------------------------ */ + void ipf_freetoken(token) + ipftoken_t *token; + { + void *data; + + ipf_unlinktoken(token); + + data = token->ipt_data; + + if ((data != NULL) && (data != (void *)-1)) { + switch (token->ipt_type) + { + case IPFGENITER_IPF : + (void) fr_derefrule((frentry_t **)&data); + break; + case IPFGENITER_IPNAT : + WRITE_ENTER(&ipf_nat); + fr_ipnatderef((ipnat_t **)&data); + RWLOCK_EXIT(&ipf_nat); + break; + case IPFGENITER_NAT : + fr_natderef((nat_t **)&data); + break; + case IPFGENITER_STATE : + fr_statederef((ipstate_t **)&data); + break; + case IPFGENITER_FRAG : + #ifdef USE_MUTEXES + fr_fragderef((ipfr_t **)&data, &ipf_frag); + #else + fr_fragderef((ipfr_t **)&data); + #endif + break; + case IPFGENITER_NATFRAG : + #ifdef USE_MUTEXES + fr_fragderef((ipfr_t **)&data, &ipf_natfrag); + #else + fr_fragderef((ipfr_t **)&data); + #endif + break; + case IPFGENITER_HOSTMAP : + fr_hostmapdel((hostmap_t **)&data); + break; + default : + ip_lookup_iterderef(token->ipt_type, data); + break; + } + } + + KFREE(token); + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ipf_getnextrule */ + /* Returns: int - 0 = success, else error */ + /* Parameters: t(I) - pointer to destination information to resolve */ + /* ptr(I) - pointer to ipfobj_t to copyin from user space */ + /* */ + /* This function's first job is to bring in the ipfruleiter_t structure via */ + /* the ipfobj_t structure to determine what should be the next rule to */ + /* return. Once the ipfruleiter_t has been brought in, it then tries to */ + /* find the 'next rule'. This may include searching rule group lists or */ + /* just be as simple as looking at the 'next' field in the rule structure. */ + /* When we have found the rule to return, increase its reference count and */ + /* if we used an existing rule to get here, decrease its reference count. */ + /* ------------------------------------------------------------------------ */ + int ipf_getnextrule(ipftoken_t *t, void *ptr) + { + frentry_t *fr, *next, zero; + ipfruleiter_t it; + int error, count; + frgroup_t *fg; + char *dst; + + if (t == NULL || ptr == NULL) + return EFAULT; + error = fr_inobj(ptr, &it, IPFOBJ_IPFITER); + if (error != 0) + return error; + if ((it.iri_inout != 0) && (it.iri_inout != 1)) + return EINVAL; + if ((it.iri_active != 0) && (it.iri_active != 1)) + return EINVAL; + if (it.iri_nrules == 0) + return ENOSPC; + if (it.iri_rule == NULL) + return EFAULT; + + fr = t->ipt_data; + READ_ENTER(&ipf_mutex); + if (fr == NULL) { + if (*it.iri_group == '\0') { + if (it.iri_v == 4) + next = ipfilter[it.iri_inout][it.iri_active]; + else + next = ipfilter6[it.iri_inout][it.iri_active]; + } else { + fg = fr_findgroup(it.iri_group, IPL_LOGIPF, + it.iri_active, NULL); + if (fg != NULL) + next = fg->fg_start; + else + next = NULL; + } + } else { + next = fr->fr_next; + } + + dst = (char *)it.iri_rule; + /* + * The ipfruleiter may ask for more than 1 rule at a time to be + * copied out, so long as that many exist in the list to start with! + */ + for (count = it.iri_nrules; count > 0; count--) { + if (next != NULL) { + MUTEX_ENTER(&next->fr_lock); + next->fr_ref++; + MUTEX_EXIT(&next->fr_lock); + if (next->fr_next == NULL) { + ipf_freetoken(t); + fr = NULL; + } + } else { + bzero(&zero, sizeof(zero)); + next = &zero; + ipf_freetoken(t); + fr = NULL; + count = 1; + } + RWLOCK_EXIT(&ipf_mutex); + + if (fr != NULL) { + (void) fr_derefrule(&fr); + } + + t->ipt_data = next; + error = COPYOUT(next, dst, sizeof(*next)); + if (error != 0) + return EFAULT; + + if (next->fr_data != NULL) { + dst += sizeof(*next); + error = COPYOUT(next->fr_data, dst, next->fr_dsize); + if (error != 0) + error = EFAULT; + else + dst += next->fr_dsize; + } + + if ((count == 1) || (next->fr_next == NULL) || (error != 0)) + break; + + READ_ENTER(&ipf_mutex); + fr = next; + next = fr->fr_next; + } + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_frruleiter */ + /* Returns: int - 0 = success, else error */ + /* Parameters: data(I) - the token type to match */ + /* uid(I) - uid owning the token */ + /* ptr(I) - context pointer for the token */ + /* */ + /* This function serves as a stepping stone between fr_ipf_ioctl and */ + /* ipf_getnextrule. It's role is to find the right token in the kernel for */ + /* the process doing the ioctl and use that to ask for the next rule. */ + /* ------------------------------------------------------------------------ */ + static int ipf_frruleiter(data, uid, ctx) + void *data, *ctx; + int uid; + { + ipftoken_t *token; + int error; + + token = ipf_findtoken(IPFGENITER_IPF, uid, ctx); + if (token != NULL) + error = ipf_getnextrule(token, data); + else + error = EFAULT; + RWLOCK_EXIT(&ipf_tokens); + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_geniter */ + /* Returns: int - 0 = success, else error */ + /* Parameters: token(I) - pointer to ipftoken_t structure */ + /* itp(I) - */ + /* */ + /* ------------------------------------------------------------------------ */ + static int ipf_geniter(token, itp) + ipftoken_t *token; + ipfgeniter_t *itp; + { + int error; + + switch (itp->igi_type) + { + case IPFGENITER_FRAG : + #ifdef USE_MUTEXES + error = fr_nextfrag(token, itp, + &ipfr_list, &ipfr_tail, &ipf_frag); + #else + error = fr_nextfrag(token, itp, &ipfr_list, &ipfr_tail); + #endif + break; + default : + error = EINVAL; + break; + } + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_genericiter */ + /* Returns: int - 0 = success, else error */ + /* Parameters: data(I) - the token type to match */ + /* uid(I) - uid owning the token */ + /* ptr(I) - context pointer for the token */ + /* */ + /* ------------------------------------------------------------------------ */ + int ipf_genericiter(data, uid, ctx) + void *data, *ctx; + { + ipftoken_t *token; + ipfgeniter_t iter; + int error; + + error = fr_inobj(data, &iter, IPFOBJ_GENITER); + if (error != 0) + return error; + + token = ipf_findtoken(iter.igi_type, uid, ctx); + if (token != NULL) { + token->ipt_subtype = iter.igi_type; + error = ipf_geniter(token, &iter); + } else + error = EFAULT; + RWLOCK_EXIT(&ipf_tokens); + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_ipf_ioctl */ + /* Returns: int - 0 = success, else error */ + /* Parameters: data(I) - the token type to match */ + /* cmd(I) - the ioctl command number */ + /* mode(I) - mode flags for the ioctl */ + /* uid(I) - uid owning the token */ + /* ptr(I) - context pointer for the token */ + /* */ + /* This function handles all of the ioctl command that are actually isssued */ + /* to the /dev/ipl device. */ + /* ------------------------------------------------------------------------ */ + int fr_ipf_ioctl(data, cmd, mode, uid, ctx) + caddr_t data; + ioctlcmd_t cmd; + int mode, uid; + void *ctx; + { + friostat_t fio; + int error, tmp; + + switch (cmd) + { + case SIOCFRENB : + if (!(mode & FWRITE)) + error = EPERM; + else { + error = BCOPYIN((caddr_t)data, (caddr_t)&tmp, + sizeof(tmp)); + if (error != 0) { + error = EFAULT; + break; + } + + RWLOCK_EXIT(&ipf_global); + WRITE_ENTER(&ipf_global); + if (tmp) { + if (fr_running > 0) + error = 0; + else + error = ipfattach(); + if (error == 0) + fr_running = 1; + else + (void) ipfdetach(); + } else { + error = ipfdetach(); + if (error == 0) + fr_running = -1; + } + } + break; + + case SIOCIPFSET : + if (!(mode & FWRITE)) { + error = EPERM; + break; + } + /* FALLTHRU */ + case SIOCIPFGETNEXT : + case SIOCIPFGET : + error = fr_ipftune(cmd, (void *)data); + break; + + case SIOCSETFF : + if (!(mode & FWRITE)) + error = EPERM; + else { + error = BCOPYIN((caddr_t)data, (caddr_t)&fr_flags, + sizeof(fr_flags)); + if (error != 0) + error = EFAULT; + } + break; + + case SIOCGETFF : + error = BCOPYOUT((caddr_t)&fr_flags, (caddr_t)data, + sizeof(fr_flags)); + if (error != 0) + error = EFAULT; + break; + + case SIOCFUNCL : + error = fr_resolvefunc((void *)data); + break; + + case SIOCINAFR : + case SIOCRMAFR : + case SIOCADAFR : + case SIOCZRLST : + if (!(mode & FWRITE)) + error = EPERM; + else + error = frrequest(IPL_LOGIPF, cmd, (caddr_t)data, + fr_active, 1); + break; + + case SIOCINIFR : + case SIOCRMIFR : + case SIOCADIFR : + if (!(mode & FWRITE)) + error = EPERM; + else + error = frrequest(IPL_LOGIPF, cmd, (caddr_t)data, + 1 - fr_active, 1); + break; + + case SIOCSWAPA : + if (!(mode & FWRITE)) + error = EPERM; + else { + WRITE_ENTER(&ipf_mutex); + bzero((char *)frcache, sizeof(frcache[0]) * 2); + error = COPYOUT((caddr_t)&fr_active, (caddr_t)data, + sizeof(fr_active)); + if (error != 0) + error = EFAULT; + else + fr_active = 1 - fr_active; + RWLOCK_EXIT(&ipf_mutex); + } + break; + + case SIOCGETFS : + fr_getstat(&fio); + error = fr_outobj((void *)data, &fio, IPFOBJ_IPFSTAT); + break; + + case SIOCFRZST : + if (!(mode & FWRITE)) + error = EPERM; + else + error = fr_zerostats((caddr_t)data); + break; + + case SIOCIPFFL : + if (!(mode & FWRITE)) + error = EPERM; + else { + error = BCOPYIN((caddr_t)data, (caddr_t)&tmp, + sizeof(tmp)); + if (!error) { + tmp = frflush(IPL_LOGIPF, 4, tmp); + error = BCOPYOUT((caddr_t)&tmp, (caddr_t)data, + sizeof(tmp)); + if (error != 0) + error = EFAULT; + } else + error = EFAULT; + } + break; + + #ifdef USE_INET6 + case SIOCIPFL6 : + if (!(mode & FWRITE)) + error = EPERM; + else { + error = BCOPYIN((caddr_t)data, (caddr_t)&tmp, + sizeof(tmp)); + if (!error) { + tmp = frflush(IPL_LOGIPF, 6, tmp); + error = BCOPYOUT((caddr_t)&tmp, (caddr_t)data, + sizeof(tmp)); + if (error != 0) + error = EFAULT; + } else + error = EFAULT; + } + break; + #endif + + case SIOCSTLCK : + error = BCOPYIN((caddr_t)data, (caddr_t)&tmp, sizeof(tmp)); + if (error == 0) { + fr_state_lock = tmp; + fr_nat_lock = tmp; + fr_frag_lock = tmp; + fr_auth_lock = tmp; + } else + error = EFAULT; + break; + + #ifdef IPFILTER_LOG + case SIOCIPFFB : + if (!(mode & FWRITE)) + error = EPERM; + else { + tmp = ipflog_clear(IPL_LOGIPF); + error = BCOPYOUT((caddr_t)&tmp, (caddr_t)data, + sizeof(tmp)); + if (error) + error = EFAULT; + } + break; + #endif /* IPFILTER_LOG */ + + case SIOCFRSYN : + if (!(mode & FWRITE)) + error = EPERM; + else { + RWLOCK_EXIT(&ipf_global); + WRITE_ENTER(&ipf_global); + #ifdef MENTAT + error = ipfsync(); + #else + frsync(NULL); + error = 0; + #endif + + } + break; + + case SIOCGFRST : + error = fr_outobj((void *)data, fr_fragstats(), + IPFOBJ_FRAGSTAT); + break; + + #ifdef IPFILTER_LOG + case FIONREAD : + tmp = (int)iplused[IPL_LOGIPF]; + + error = BCOPYOUT((caddr_t)&tmp, (caddr_t)data, sizeof(tmp)); + break; + #endif + + case SIOCIPFITER : + error = ipf_frruleiter(data, uid, ctx); + break; + + case SIOCGENITER : + error = ipf_genericiter(data, uid, ctx); + break; + + case SIOCIPFDELTOK : + error = BCOPYIN((caddr_t)data, (caddr_t)&tmp, sizeof(tmp)); + if (error == 0) + error = ipf_deltoken(tmp, uid, ctx); + break; + + default : + error = EINVAL; + break; + } + + return error; + } diff -cr ip_fil4.1.13/hpux.c ip_fil4.1.14/hpux.c *** ip_fil4.1.13/hpux.c Sat Aug 20 23:48:17 2005 --- ip_fil4.1.14/hpux.c Fri Jul 14 16:12:05 2006 *************** *** 291,297 **** /* * Initialize mutex's */ ! if (iplattach() == -1) return -1; /* * Lock people out while we set things up. --- 291,297 ---- /* * Initialize mutex's */ ! if (ipfattach() == -1) return -1; /* * Lock people out while we set things up. *************** *** 374,382 **** "IP Filter: pfil_remove_hook(pfh_sync) failed"); while (fr_timer_id != NULL) sched_yield(); ! i = ipldetach(); #ifdef IPFDEBUG ! printf("IP Filter: ipldetach() = %d\n", i); #endif return i; } --- 374,382 ---- "IP Filter: pfil_remove_hook(pfh_sync) failed"); while (fr_timer_id != NULL) sched_yield(); ! i = ipfdetach(); #ifdef IPFDEBUG ! printf("IP Filter: ipfdetach() = %d\n", i); #endif return i; } diff -cr ip_fil4.1.13/ip_auth.c ip_fil4.1.14/ip_auth.c *** ip_fil4.1.13/ip_auth.c Wed Mar 29 21:19:55 2006 --- ip_fil4.1.14/ip_auth.c Fri Jul 14 16:12:05 2006 *************** *** 117,123 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.73.2.13 2006/03/29 11:19:55 darrenr Exp $"; #endif --- 117,123 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.73.2.15 2006/07/14 06:12:05 darrenr Exp $"; #endif *************** *** 142,148 **** frentry_t *ipauth = NULL, *fr_authlist = NULL; ! int fr_authinit() { KMALLOCS(fr_auth, frauth_t *, fr_authsize * sizeof(*fr_auth)); --- 142,160 ---- frentry_t *ipauth = NULL, *fr_authlist = NULL; ! void fr_authderef __P((frauthent_t **)); ! int fr_authgeniter __P((ipftoken_t *, ipfgeniter_t *)); ! int fr_authreply __P((char *)); ! int fr_authwait __P((char *)); ! ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_authinit */ ! /* Returns: int - 0 == success, else error */ ! /* Parameters: None */ ! /* */ ! /* Allocate memory and initialise data structures used in handling auth */ ! /* rules. */ ! /* ------------------------------------------------------------------------ */ int fr_authinit() { KMALLOCS(fr_auth, frauth_t *, fr_authsize * sizeof(*fr_auth)); *************** *** 172,182 **** } ! /* ! * Check if a packet has authorization. If the packet is found to match an ! * authorization result and that would result in a feedback loop (i.e. it ! * will end up returning FR_AUTH) then return FR_BLOCK instead. ! */ frentry_t *fr_checkauth(fin, passp) fr_info_t *fin; u_32_t *passp; --- 184,199 ---- } ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_checkauth */ ! /* Returns: frentry_t* - pointer to ipf rule if match found, else NULL */ ! /* Parameters: fin(I) - pointer to ipftoken structure */ ! /* passp(I) - pointer to ipfgeniter structure */ ! /* */ ! /* Check if a packet has authorization. If the packet is found to match an */ ! /* authorization result and that would result in a feedback loop (i.e. it */ ! /* will end up returning FR_AUTH) then return FR_BLOCK instead. */ ! /* ------------------------------------------------------------------------ */ frentry_t *fr_checkauth(fin, passp) fr_info_t *fin; u_32_t *passp; *************** *** 233,239 **** --- 250,261 ---- fr = fra->fra_info.fin_fr; fin->fin_fr = fr; RWLOCK_EXIT(&ipf_auth); + WRITE_ENTER(&ipf_auth); + /* + * fr_authlist is populated with the rules malloc'd + * above and only those. + */ if ((fr != NULL) && (fr != fra->fra_info.fin_fr)) { fr->fr_next = fr_authlist; fr_authlist = fr; *************** *** 275,285 **** } ! /* ! * Check if we have room in the auth array to hold details for another packet. ! * If we do, store it and wake up any user programs which are waiting to ! * hear about these events. ! */ int fr_newauth(m, fin) mb_t *m; fr_info_t *fin; --- 297,312 ---- } ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_newauth */ ! /* Returns: int - 0 == success, else error */ ! /* Parameters: m(I) - pointer to mb_t with packet in it */ ! /* fin(I) - pointer to packet information */ ! /* */ ! /* Check if we have room in the auth array to hold details for another */ ! /* packet. If we do, store it and wake up any user programs which are */ ! /* waiting to hear about these events. */ ! /* ------------------------------------------------------------------------ */ int fr_newauth(m, fin) mb_t *m; fr_info_t *fin; *************** *** 318,324 **** fra = fr_auth + i; fra->fra_index = i; ! fra->fra_pass = fin->fin_fr->fr_flags; fra->fra_age = fr_defaultauthage; bcopy((char *)fin, (char *)&fra->fra_info, sizeof(*fin)); #if !defined(sparc) && !defined(m68k) --- 345,354 ---- fra = fr_auth + i; fra->fra_index = i; ! if (fin->fin_fr != NULL) ! fra->fra_pass = fin->fin_fr->fr_flags; ! else ! fra->fra_pass = 0; fra->fra_age = fr_defaultauthage; bcopy((char *)fin, (char *)&fra->fra_info, sizeof(*fin)); #if !defined(sparc) && !defined(m68k) *************** *** 356,378 **** } ! int fr_auth_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; ! int mode; { ! frauth_t auth, *au = &auth, *fra; ! int i, error = 0, len; ! char *t; ! mb_t *m; ! #if defined(_KERNEL) && !defined(MENTAT) && !defined(linux) && \ ! (!defined(__FreeBSD_version) || (__FreeBSD_version < 501000)) ! struct ifqueue *ifq; SPL_INT(s); - #endif switch (cmd) { case SIOCSTLCK : if (!(mode & FWRITE)) { error = EPERM; --- 386,442 ---- } ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_auth_ioctl */ ! /* Returns: int - 0 == success, else error */ ! /* Parameters: data(IO) - pointer to ioctl data */ ! /* cmd(I) - ioctl command */ ! /* mode(I) - mode flags associated with open descriptor */ ! /* uid(I) - uid associatd with application making the call */ ! /* ctx(I) - pointer for context */ ! /* */ ! /* This function handles all of the ioctls recognised by the auth component */ ! /* in IPFilter - ie ioctls called on an open fd for /dev/ipauth */ ! /* ------------------------------------------------------------------------ */ ! int fr_auth_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; ! int mode, uid; ! void *ctx; { ! int error = 0, i; SPL_INT(s); switch (cmd) { + case SIOCGENITER : + { + ipftoken_t *token; + ipfgeniter_t iter; + + error = fr_inobj(data, &iter, IPFOBJ_GENITER); + if (error != 0) + break; + + token = ipf_findtoken(IPFGENITER_AUTH, uid, ctx); + if (token != NULL) + error = fr_authgeniter(token, &iter); + else + error = ESRCH; + RWLOCK_EXIT(&ipf_tokens); + + break; + } + + case SIOCADAFR : + case SIOCRMAFR : + if (!(mode & FWRITE)) + error = EPERM; + else + error = frrequest(IPL_LOGAUTH, cmd, data, + fr_active, 1); + break; + case SIOCSTLCK : if (!(mode & FWRITE)) { error = EPERM; *************** *** 396,593 **** break; case SIOCAUTHW: ! fr_authioctlloop: ! error = fr_inobj(data, au, IPFOBJ_FRAUTH); ! if (error != 0) ! break; ! READ_ENTER(&ipf_auth); ! if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) { ! error = fr_outobj(data, &fr_auth[fr_authnext], ! IPFOBJ_FRAUTH); ! if (error != 0) ! break; ! if (auth.fra_len != 0 && auth.fra_buf != NULL) { ! /* ! * Copy packet contents out to user space if ! * requested. Bail on an error. ! */ ! m = fr_authpkts[fr_authnext]; ! len = MSGDSIZE(m); ! if (len > auth.fra_len) ! len = auth.fra_len; ! auth.fra_len = len; ! for (t = auth.fra_buf; m && (len > 0); ) { ! i = MIN(M_LEN(m), len); ! error = copyoutptr(MTOD(m, char *), ! &t, i); ! len -= i; ! t += i; ! if (error != 0) ! break; ! m = m->m_next; ! } ! } ! RWLOCK_EXIT(&ipf_auth); ! if (error != 0) ! break; ! SPL_NET(s); ! WRITE_ENTER(&ipf_auth); ! fr_authnext++; ! if (fr_authnext == fr_authsize) ! fr_authnext = 0; ! RWLOCK_EXIT(&ipf_auth); ! SPL_X(s); ! return 0; ! } ! RWLOCK_EXIT(&ipf_auth); ! /* ! * We exit ipf_global here because a program that enters in ! * here will have a lock on it and goto sleep having this lock. ! * If someone were to do an 'ipf -D' the system would then ! * deadlock. The catch with releasing it here is that the ! * caller of this function expects it to be held when we ! * return so we have to reacquire it in here. ! */ ! RWLOCK_EXIT(&ipf_global); ! ! MUTEX_ENTER(&ipf_authmx); ! #ifdef _KERNEL ! # if SOLARIS ! error = 0; ! if (!cv_wait_sig(&ipfauthwait, &ipf_authmx.ipf_lk)) ! error = EINTR; ! # else /* SOLARIS */ ! # ifdef __hpux ! { ! lock_t *l; ! ! l = get_sleep_lock(&fr_authnext); ! error = sleep(&fr_authnext, PZERO+1); ! spinunlock(l); ! } ! # else ! # ifdef __osf__ ! error = mpsleep(&fr_authnext, PSUSP|PCATCH, "fr_authnext", 0, ! &ipf_authmx, MS_LOCK_SIMPLE); ! # else ! error = SLEEP(&fr_authnext, "fr_authnext"); ! # endif /* __osf__ */ ! # endif /* __hpux */ ! # endif /* SOLARIS */ ! #endif ! MUTEX_EXIT(&ipf_authmx); ! READ_ENTER(&ipf_global); ! if (error == 0) ! goto fr_authioctlloop; break; case SIOCAUTHR: ! error = fr_inobj(data, &auth, IPFOBJ_FRAUTH); ! if (error != 0) ! return error; ! SPL_NET(s); ! WRITE_ENTER(&ipf_auth); ! i = au->fra_index; ! fra = fr_auth + i; ! error = 0; ! if ((i < 0) || (i >= fr_authsize) || ! (fra->fra_info.fin_id != au->fra_info.fin_id)) { ! RWLOCK_EXIT(&ipf_auth); ! SPL_X(s); ! return ESRCH; ! } ! m = fr_authpkts[i]; ! fra->fra_index = -2; ! fra->fra_pass = au->fra_pass; ! fr_authpkts[i] = NULL; ! RWLOCK_EXIT(&ipf_auth); ! #ifdef _KERNEL ! if ((m != NULL) && (au->fra_info.fin_out != 0)) { ! # ifdef MENTAT ! error = ipf_inject(&fra->fra_info); ! if (error != 0) { ! FREE_MB_T(m); ! error = ENOBUFS; ! } ! # else /* MENTAT */ ! # if defined(linux) || defined(AIX) ! # else ! # if (_BSDI_VERSION >= 199802) || defined(__OpenBSD__) || \ ! (defined(__sgi) && (IRIX >= 60500) || defined(AIX) || \ ! (defined(__FreeBSD__) && (__FreeBSD_version >= 470102))) ! error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, ! NULL); ! # else ! error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); ! # endif ! # endif /* Linux */ ! # endif /* MENTAT */ ! if (error != 0) ! fr_authstats.fas_sendfail++; ! else ! fr_authstats.fas_sendok++; ! } else if (m) { ! # ifdef MENTAT ! error = ipf_inject(&fra->fra_info); ! if (error != 0) { ! FREE_MB_T(m); ! error = ENOBUFS; ! } ! # else /* MENTAT */ ! # if defined(linux) || defined(AIX) ! # else ! # if (__FreeBSD_version >= 501000) ! netisr_dispatch(NETISR_IP, m); ! # else ! # if (IRIX >= 60516) ! ifq = &((struct ifnet *)fra->fra_info.fin_ifp)->if_snd; ! # else ! ifq = &ipintrq; ! # endif ! if (IF_QFULL(ifq)) { ! IF_DROP(ifq); ! FREE_MB_T(m); ! error = ENOBUFS; ! } else { ! IF_ENQUEUE(ifq, m); ! # if IRIX < 60500 ! schednetisr(NETISR_IP); ! # endif ! } ! # endif ! # endif /* Linux */ ! # endif /* MENTAT */ ! if (error != 0) ! fr_authstats.fas_quefail++; ! else ! fr_authstats.fas_queok++; ! } else ! error = EINVAL; ! /* ! * If we experience an error which will result in the packet ! * not being processed, make sure we advance to the next one. ! */ ! if (error == ENOBUFS) { ! fr_authused--; ! fra->fra_index = -1; ! fra->fra_pass = 0; ! if (i == fr_authstart) { ! while (fra->fra_index == -1) { ! i++; ! if (i == fr_authsize) ! i = 0; ! fr_authstart = i; ! if (i == fr_authend) ! break; ! } ! if (fr_authstart == fr_authend) { ! fr_authnext = 0; ! fr_authstart = fr_authend = 0; ! } ! } ! } ! #endif /* _KERNEL */ ! SPL_X(s); break; default : --- 460,470 ---- break; case SIOCAUTHW: ! error = fr_authwait(data); break; case SIOCAUTHR: ! error = fr_authreply(data); break; default : *************** *** 598,606 **** } ! /* ! * Free all network buffer memory used to keep saved packets. ! */ void fr_authunload() { register int i; --- 475,487 ---- } ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_authunload */ ! /* Returns: None */ ! /* Parameters: None */ ! /* */ ! /* Free all network buffer memory used to keep saved packets. */ ! /* ------------------------------------------------------------------------ */ void fr_authunload() { register int i; *************** *** 654,670 **** } ! /* ! * Slowly expire held auth records. Timeouts are set ! * in expectation of this being called twice per second. ! */ void fr_authexpire() { ! register int i; ! register frauth_t *fra; ! register frauthent_t *fae, **faep; ! register frentry_t *fr, **frp; mb_t *m; SPL_INT(s); if (fr_auth_lock) --- 535,555 ---- } ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_authexpire */ ! /* Returns: None */ ! /* Parameters: None */ ! /* */ ! /* Slowly expire held auth records. Timeouts are set in expectation of */ ! /* this being called twice per second. */ ! /* ------------------------------------------------------------------------ */ void fr_authexpire() { ! frauthent_t *fae, **faep; ! frentry_t *fr, **frp; ! frauth_t *fra; mb_t *m; + int i; SPL_INT(s); if (fr_auth_lock) *************** *** 683,693 **** } } for (faep = &fae_list; ((fae = *faep) != NULL); ) { fae->fae_age--; if (fae->fae_age == 0) { ! *faep = fae->fae_next; ! KFREE(fae); fr_authstats.fas_expire++; } else faep = &fae->fae_next; --- 568,580 ---- } } + /* + * Expire pre-auth rules + */ for (faep = &fae_list; ((fae = *faep) != NULL); ) { fae->fae_age--; if (fae->fae_age == 0) { ! fr_authderef(&fae); fr_authstats.fas_expire++; } else faep = &fae->fae_next; *************** *** 708,713 **** --- 595,609 ---- SPL_X(s); } + + /* ------------------------------------------------------------------------ */ + /* Function: fr_preauthcmd */ + /* Returns: int - 0 == success, else error */ + /* Parameters: cmd(I) - ioctl command for rule */ + /* fr(I) - pointer to ipf rule */ + /* fptr(I) - pointer to caller's 'fr' */ + /* */ + /* ------------------------------------------------------------------------ */ int fr_preauthcmd(cmd, fr, frptr) ioctlcmd_t cmd; frentry_t *fr, **frptr; *************** *** 718,724 **** if ((cmd != SIOCADAFR) && (cmd != SIOCRMAFR)) return EIO; ! for (faep = &fae_list; ((fae = *faep) != NULL); ) { if (&fae->fae_fr == fr) break; --- 614,620 ---- if ((cmd != SIOCADAFR) && (cmd != SIOCRMAFR)) return EIO; ! for (faep = &fae_list; ((fae = *faep) != NULL); ) { if (&fae->fae_fr == fr) break; *************** *** 752,757 **** --- 648,654 ---- fae->fae_age = fr_defaultauthage; fae->fae_fr.fr_hits = 0; fae->fae_fr.fr_next = *frptr; + fae->fae_ref = 1; *frptr = &fae->fae_fr; fae->fae_next = *faep; *faep = fae; *************** *** 766,776 **** } ! /* ! * Flush held packets. ! * Must already be properly SPL'ed and Locked on &ipf_auth. ! * ! */ int fr_authflush() { register int i, num_flushed; --- 663,680 ---- } ! /* ------------------------------------------------------------------------ */ ! /* Function: fr_authflush */ ! /* Returns: int - number of auth entries flushed */ ! /* Parameters: None */ ! /* Locks: WRITE(ipf_auth) */ ! /* */ ! /* This function flushs the fr_authpkts array of any packet data with */ ! /* references still there. */ ! /* It is expected that the caller has already acquired the correct locks or */ ! /* set the priority level correctly for this to block out other code paths */ ! /* into these data structures. */ ! /* ------------------------------------------------------------------------ */ int fr_authflush() { register int i, num_flushed; *************** *** 802,808 **** --- 706,1041 ---- } + /* ------------------------------------------------------------------------ */ + /* Function: fr_auth_waiting */ + /* Returns: int - number of packets in the auth queue */ + /* Parameters: None */ + /* */ + /* Returns the numbers of packets queued up, waiting to be processed with */ + /* a pair of SIOCAUTHW and SIOCAUTHR calls. */ + /* ------------------------------------------------------------------------ */ int fr_auth_waiting() { return (fr_authnext != fr_authend) && fr_authpkts[fr_authnext]; } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_authgeniter */ + /* Returns: int - 0 == success, else error */ + /* Parameters: token(I) - pointer to ipftoken structure */ + /* itp(I) - pointer to ipfgeniter structure */ + /* */ + /* ------------------------------------------------------------------------ */ + int fr_authgeniter(token, itp) + ipftoken_t *token; + ipfgeniter_t *itp; + { + frauthent_t *fae, *next, zero; + int error; + + if (itp->igi_data == NULL) + return EFAULT; + + if (itp->igi_type != IPFGENITER_AUTH) + return EINVAL; + + fae = token->ipt_data; + READ_ENTER(&ipf_auth); + if (fae == NULL) { + next = fae_list; + } else { + next = fae->fae_next; + } + + if (next != NULL) { + /* + * If we find an auth entry to use, bump its reference count + * so that it can be used for is_next when we come back. + */ + ATOMIC_INC(next->fae_ref); + if (next->fae_next == NULL) + ipf_freetoken(token); + } else { + bzero(&zero, sizeof(zero)); + next = &zero; + } + RWLOCK_EXIT(&ipf_auth); + + /* + * If we had a prior pointer to an auth entry, release it. + */ + if (fae != NULL) { + WRITE_ENTER(&ipf_auth); + fr_authderef(&fae); + RWLOCK_EXIT(&ipf_auth); + } + token->ipt_data = next; + + /* + * This should arguably be via fr_outobj() so that the auth + * structure can (if required) be massaged going out. + */ + error = COPYOUT(next, itp->igi_data, sizeof(*next)); + if (error != 0) + error = EFAULT; + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_authderef */ + /* Returns: None */ + /* Parameters: faep(IO) - pointer to caller's frauthent_t pointer */ + /* Locks: WRITE(ipf_auth) */ + /* */ + /* This function unconditionally sets the pointer in the caller to NULL, */ + /* to make it clear that it should no longer use that pointer, and drops */ + /* the reference count on the structure by 1. If it reaches 0, free it up. */ + /* ------------------------------------------------------------------------ */ + void fr_authderef(faep) + frauthent_t **faep; + { + frauthent_t *fae; + + fae = *faep; + *faep = NULL; + + fae->fae_ref--; + if (fae->fae_ref == 0) { + KFREE(fae); + } + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_authwait */ + /* Returns: int - 0 == success, else error */ + /* Parameters: data(I) - pointer to data from ioctl call */ + /* */ + /* This function is called when an application is waiting for a packet to */ + /* match an "auth" rule by issuing an SIOCAUTHW ioctl. If there is already */ + /* a packet waiting on the queue then we will return that _one_ immediately.*/ + /* If there are no packets present in the queue (fr_authpkts) then we go to */ + /* sleep. */ + /* ------------------------------------------------------------------------ */ + int fr_authwait(data) + char *data; + { + frauth_t auth, *au = &auth; + int error, len, i; + mb_t *m; + char *t; + #if defined(_KERNEL) && !defined(MENTAT) && !defined(linux) && \ + (!defined(__FreeBSD_version) || (__FreeBSD_version < 501000)) + SPL_INT(s); + #endif + + fr_authioctlloop: + error = fr_inobj(data, au, IPFOBJ_FRAUTH); + if (error != 0) + return error; + + /* + * XXX Locks are held below over calls to copyout...a better + * solution needs to be found so this isn't necessary. The situation + * we are trying to guard against here is an error in the copyout + * steps should not cause the packet to "disappear" from the queue. + */ + READ_ENTER(&ipf_auth); + + /* + * If fr_authnext is not equal to fr_authend it will be because there + * is a packet waiting to be delt with in the fr_authpkts array. We + * copy as much of that out to user space as requested. + */ + if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) { + error = fr_outobj(data, &fr_auth[fr_authnext], IPFOBJ_FRAUTH); + if (error != 0) + return error; + + if (auth.fra_len != 0 && auth.fra_buf != NULL) { + /* + * Copy packet contents out to user space if + * requested. Bail on an error. + */ + m = fr_authpkts[fr_authnext]; + len = MSGDSIZE(m); + if (len > auth.fra_len) + len = auth.fra_len; + auth.fra_len = len; + + for (t = auth.fra_buf; m && (len > 0); ) { + i = MIN(M_LEN(m), len); + error = copyoutptr(MTOD(m, char *), &t, i); + len -= i; + t += i; + if (error != 0) + return error; + m = m->m_next; + } + } + RWLOCK_EXIT(&ipf_auth); + if (error != 0) + return error; + + SPL_NET(s); + WRITE_ENTER(&ipf_auth); + fr_authnext++; + if (fr_authnext == fr_authsize) + fr_authnext = 0; + RWLOCK_EXIT(&ipf_auth); + SPL_X(s); + + return 0; + } + RWLOCK_EXIT(&ipf_auth); + + /* + * We exit ipf_global here because a program that enters in + * here will have a lock on it and goto sleep having this lock. + * If someone were to do an 'ipf -D' the system would then + * deadlock. The catch with releasing it here is that the + * caller of this function expects it to be held when we + * return so we have to reacquire it in here. + */ + RWLOCK_EXIT(&ipf_global); + + MUTEX_ENTER(&ipf_authmx); + #ifdef _KERNEL + # if SOLARIS + error = 0; + if (!cv_wait_sig(&ipfauthwait, &ipf_authmx.ipf_lk)) + error = EINTR; + # else /* SOLARIS */ + # ifdef __hpux + { + lock_t *l; + + l = get_sleep_lock(&fr_authnext); + error = sleep(&fr_authnext, PZERO+1); + spinunlock(l); + } + # else + # ifdef __osf__ + error = mpsleep(&fr_authnext, PSUSP|PCATCH, "fr_authnext", 0, + &ipf_authmx, MS_LOCK_SIMPLE); + # else + error = SLEEP(&fr_authnext, "fr_authnext"); + # endif /* __osf__ */ + # endif /* __hpux */ + # endif /* SOLARIS */ + #endif + MUTEX_EXIT(&ipf_authmx); + READ_ENTER(&ipf_global); + if (error == 0) + goto fr_authioctlloop; + return 0; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_authreply */ + /* Returns: int - 0 == success, else error */ + /* Parameters: data(I) - pointer to data from ioctl call */ + /* */ + /* This function is called by an application when it wants to return a */ + /* decision on a packet using the SIOCAUTHR ioctl. This is after it has */ + /* received information using an SIOCAUTHW. The decision returned in the */ + /* form of flags, the same as those used in each rule. */ + /* ------------------------------------------------------------------------ */ + int fr_authreply(data) + char *data; + { + frauth_t auth, *au = &auth, *fra; + int error, i; + SPL_INT(s); + mb_t *m; + + error = fr_inobj(data, &auth, IPFOBJ_FRAUTH); + if (error != 0) + return error; + + SPL_NET(s); + WRITE_ENTER(&ipf_auth); + + i = au->fra_index; + fra = fr_auth + i; + error = 0; + + /* + * Check the validity of the information being returned with two simple + * checks. First, the auth index value should be within the size of + * the array and second the packet id being returned should also match. + */ + if ((i < 0) || (i >= fr_authsize) || + (fra->fra_info.fin_id != au->fra_info.fin_id)) { + RWLOCK_EXIT(&ipf_auth); + SPL_X(s); + return ESRCH; + } + + m = fr_authpkts[i]; + fra->fra_index = -2; + fra->fra_pass = au->fra_pass; + fr_authpkts[i] = NULL; + + RWLOCK_EXIT(&ipf_auth); + + /* + * Re-insert the packet back into the packet stream flowing through + * the kernel in a manner that will mean IPFilter sees the packet + * again. This is not the same as is done with fastroute, + * deliberately, as we want to resume the normal packet processing + * path for it. + */ + #ifdef _KERNEL + if ((m != NULL) && (au->fra_info.fin_out != 0)) { + error = ipf_inject(&fra->fra_info, m); + if (error != 0) { + error = ENOBUFS; + fr_authstats.fas_sendfail++; + } else { + fr_authstats.fas_sendok++; + } + } else if (m) { + error = ipf_inject(&fra->fra_info, m); + if (error != 0) { + error = ENOBUFS; + fr_authstats.fas_quefail++; + } else { + fr_authstats.fas_queok++; + } + } else { + error = EINVAL; + } + + /* + * If we experience an error which will result in the packet + * not being processed, make sure we advance to the next one. + */ + if (error == ENOBUFS) { + fr_authused--; + fra->fra_index = -1; + fra->fra_pass = 0; + if (i == fr_authstart) { + while (fra->fra_index == -1) { + i++; + if (i == fr_authsize) + i = 0; + fr_authstart = i; + if (i == fr_authend) + break; + } + if (fr_authstart == fr_authend) { + fr_authnext = 0; + fr_authstart = fr_authend = 0; + } + } + } + #endif /* _KERNEL */ + SPL_X(s); + + return 0; + } diff -cr ip_fil4.1.13/ip_auth.h ip_fil4.1.14/ip_auth.h *** ip_fil4.1.13/ip_auth.h Thu Mar 16 17:45:49 2006 --- ip_fil4.1.14/ip_auth.h Fri Jul 14 16:12:05 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_auth.h,v 2.16.2.2 2006/03/16 06:45:49 darrenr Exp $ * */ #ifndef __IP_AUTH_H__ --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_auth.h,v 2.16.2.3 2006/07/14 06:12:05 darrenr Exp $ * */ #ifndef __IP_AUTH_H__ *************** *** 27,33 **** --- 27,35 ---- typedef struct frauthent { struct frentry fae_fr; struct frauthent *fae_next; + struct frauthent **fae_pnext; u_long fae_age; + int fae_ref; } frauthent_t; typedef struct fr_authstat { *************** *** 60,66 **** extern mb_t **fr_authpkts; extern int fr_newauth __P((mb_t *, fr_info_t *)); extern int fr_preauthcmd __P((ioctlcmd_t, frentry_t *, frentry_t **)); ! extern int fr_auth_ioctl __P((caddr_t, ioctlcmd_t, int)); extern int fr_auth_waiting __P((void)); #endif /* __IP_AUTH_H__ */ --- 62,68 ---- extern mb_t **fr_authpkts; extern int fr_newauth __P((mb_t *, fr_info_t *)); extern int fr_preauthcmd __P((ioctlcmd_t, frentry_t *, frentry_t **)); ! extern int fr_auth_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern int fr_auth_waiting __P((void)); #endif /* __IP_AUTH_H__ */ diff -cr ip_fil4.1.13/ip_compat.h ip_fil4.1.14/ip_compat.h *** ip_fil4.1.13/ip_compat.h Sun Mar 26 15:50:29 2006 --- ip_fil4.1.14/ip_compat.h Sun Jul 23 06:55:29 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.142.2.36 2006/03/26 05:50:29 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.142.2.39 2006/07/22 20:55:29 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ *************** *** 238,245 **** # define MUTEX_EXIT(x) mutex_exit(&(x)->ipf_lk) # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) ! # define BCOPYIN(a,b,c) (void) copyin((caddr_t)(a), (caddr_t)(b), (c)) ! # define BCOPYOUT(a,b,c) (void) copyout((caddr_t)(a), (caddr_t)(b), (c)) # define UIOMOVE(a,b,c,d) uiomove((caddr_t)a,b,c,d) # define KFREE(x) kmem_free((char *)(x), sizeof(*(x))) # define KFREES(x,s) kmem_free((char *)(x), (s)) --- 238,245 ---- # define MUTEX_EXIT(x) mutex_exit(&(x)->ipf_lk) # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) ! # define BCOPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) ! # define BCOPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) # define UIOMOVE(a,b,c,d) uiomove((caddr_t)a,b,c,d) # define KFREE(x) kmem_free((char *)(x), sizeof(*(x))) # define KFREES(x,s) kmem_free((char *)(x), (s)) *************** *** 415,427 **** # define RW_DESTROY(x) # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) - # if HPUXREV >= 1111 - # define BCOPYIN(a,b,c) 0; bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) 0; bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # else - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # endif # define SPL_NET(x) ; # define SPL_IMP(x) ; # undef SPL_X --- 415,420 ---- *************** *** 574,581 **** # define MTOD(m,t) mtod(m,t) # define COPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) # define COPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) - # define BCOPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) - # define BCOPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) # define UIOMOVE(a,b,c,d) uiomove((caddr_t)a,b,c,d) # define SLEEP(id, n) sleep((id), PZERO+1) # define WAKEUP(id,x) wakeup(id+x) --- 567,572 ---- *************** *** 664,671 **** # define POLLWAKEUP(x) ; # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) # define KMALLOC(a, b) MALLOC((a), b, sizeof(*(a)), M_PFILT, M_NOWAIT) # define KMALLOCS(a, b, c) MALLOC((a), b, (c), M_PFILT, \ ((c) > 4096) ? M_WAITOK : M_NOWAIT) --- 655,660 ---- *************** *** 739,746 **** # define IPF_PANIC(x,y) if (x) { printf y; panic("ipf_panic"); } # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) typedef struct mbuf mb_t; # endif /* _KERNEL */ # if (NetBSD <= 1991011) && (NetBSD >= 199606) --- 728,733 ---- *************** *** 796,803 **** # endif # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) # if (__FreeBSD_version >= 500043) # define NETBSD_PF --- 783,788 ---- *************** *** 955,962 **** # endif # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) # define GETKTIME(x) microtime((struct timeval *)x) # define MSGDSIZE(x) mbufchainlen(x) # define M_LEN(x) (x)->m_len --- 940,945 ---- *************** *** 1058,1064 **** #if defined(linux) && !defined(OS_RECOGNISED) #include #include ! # if LINUX >= 20600 # define HDR_T_PRIVATE 1 # endif # undef USE_INET6 --- 1041,1047 ---- #if defined(linux) && !defined(OS_RECOGNISED) #include #include ! # if (LINUX >= 20600) && defined(_KERNEL) # define HDR_T_PRIVATE 1 # endif # undef USE_INET6 *************** *** 1071,1085 **** # ifdef _KERNEL # define IPF_PANIC(x,y) if (x) { printf y; panic("ipf_panic"); } - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) # define COPYIN(a,b,c) copy_from_user((caddr_t)(b), (caddr_t)(a), (c)) # define COPYOUT(a,b,c) copy_to_user((caddr_t)(b), (caddr_t)(a), (c)) # define FREE_MB_T(m) kfree_skb(m) # define GETKTIME(x) do_gettimeofday((struct timeval *)x) - # define SLEEP(x,s) 0, interruptible_sleep_on(x##_linux) # define POLLWAKEUP(x) ; ! # define WAKEUP(x,y) wake_up(x##_linux + y) # define UIOMOVE(a,b,c,d) uiomove(a,b,c,d) # define USE_MUTEXES # define KRWLOCK_T rwlock_t --- 1054,1070 ---- # ifdef _KERNEL # define IPF_PANIC(x,y) if (x) { printf y; panic("ipf_panic"); } # define COPYIN(a,b,c) copy_from_user((caddr_t)(b), (caddr_t)(a), (c)) # define COPYOUT(a,b,c) copy_to_user((caddr_t)(b), (caddr_t)(a), (c)) # define FREE_MB_T(m) kfree_skb(m) # define GETKTIME(x) do_gettimeofday((struct timeval *)x) # define POLLWAKEUP(x) ; ! # ifdef wait_event_interruptible ! # define SLEEP(x,s) wait_event_interruptible((*(x##_linux)), 0) ! # else ! # define SLEEP(x,s) 0, interruptible_sleep_on(x##_linux) ! # endif ! # define WAKEUP(x,y) wake_up(x##_linux + y) # define UIOMOVE(a,b,c,d) uiomove(a,b,c,d) # define USE_MUTEXES # define KRWLOCK_T rwlock_t *************** *** 1091,1097 **** # define MUTEX_NUKE(x) bzero(&(x)->ipf_lk, sizeof((x)->ipf_lk)) # define READ_ENTER(x) ipf_read_enter(x) # define WRITE_ENTER(x) ipf_write_enter(x) ! # define RWLOCK_INIT(x,y) rwlock_init(&(x)->ipf_lk) # define RW_DESTROY(x) do { } while (0) # define RWLOCK_EXIT(x) ipf_rw_exit(x) # define MUTEX_DOWNGRADE(x) ipf_rw_downgrade(x) --- 1076,1082 ---- # define MUTEX_NUKE(x) bzero(&(x)->ipf_lk, sizeof((x)->ipf_lk)) # define READ_ENTER(x) ipf_read_enter(x) # define WRITE_ENTER(x) ipf_write_enter(x) ! # define RWLOCK_INIT(x,y) ipf_rw_init(x, y) # define RW_DESTROY(x) do { } while (0) # define RWLOCK_EXIT(x) ipf_rw_exit(x) # define MUTEX_DOWNGRADE(x) ipf_rw_downgrade(x) *************** *** 1273,1280 **** # define POLLWAKEUP(x) ; # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c)) # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYIN(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) - # define BCOPYOUT(a,b,c) bcopy((caddr_t)(a), (caddr_t)(b), (c)) # define KMALLOC(a, b) MALLOC((a), b, sizeof(*(a)), M_TEMP, M_NOWAIT) # define KMALLOCS(a, b, c) MALLOC((a), b, (c), M_TEMP, \ ((c) > 4096) ? M_WAITOK : M_NOWAIT) --- 1258,1263 ---- *************** *** 1351,1357 **** u_int eMm_magic; int eMm_held; int eMm_heldat; ! #ifdef __hpux char eMm_fill[8]; #endif } eMmutex_t; --- 1334,1340 ---- u_int eMm_magic; int eMm_held; int eMm_heldat; ! #if defined(__hpux) || defined(__linux) char eMm_fill[8]; #endif } eMmutex_t; *************** *** 1410,1415 **** --- 1393,1399 ---- extern void ipf_read_enter __P((ipfrwlock_t *)); extern void ipf_write_enter __P((ipfrwlock_t *)); extern void ipf_rw_exit __P((ipfrwlock_t *)); + extern void ipf_rw_init __P((ipfrwlock_t *, char *)); extern void ipf_rw_downgrade __P((ipfrwlock_t *)); #endif *************** *** 1448,1455 **** # define GETIFP(x, v) get_unit(x,v) # define COPYIN(a,b,c) bcopywrap((a), (b), (c)) # define COPYOUT(a,b,c) bcopywrap((a), (b), (c)) - # define BCOPYIN(a,b,c) (bcopy((a), (b), (c)), 0) - # define BCOPYOUT(a,b,c) (bcopy((a), (b), (c)), 0) # define COPYDATA(m, o, l, b) bcopy(MTOD((mb_t *)m, char *) + (o), \ (b), (l)) # define COPYBACK(m, o, l, b) bcopy((b), \ --- 1432,1437 ---- *************** *** 1537,1545 **** #endif #if defined(_KERNEL) - # ifdef BSD - extern struct selinfo ipfselwait[]; - # endif # ifdef MENTAT # define COPYDATA mb_copydata # define COPYBACK mb_copyback --- 1519,1524 ---- *************** *** 1615,1622 **** # ifndef COPYIN # define COPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) # define COPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) - # define BCOPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) - # define BCOPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) # endif # ifndef KMALLOC --- 1594,1599 ---- *************** *** 1645,1650 **** --- 1622,1632 ---- # define ASSERT(x) #endif + #ifndef BCOPYIN + # define BCOPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) + # define BCOPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0) + #endif + /* * Because the ctype(3) posix definition, if used "safely" in code everywhere, * would mean all normal code that walks through strings needed casts. Yuck. diff -cr ip_fil4.1.13/ip_fil.c ip_fil4.1.14/ip_fil.c *** ip_fil4.1.13/ip_fil.c Sat Mar 25 22:15:30 2006 --- ip_fil4.1.14/ip_fil.c Sat Sep 9 04:01:33 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.11 2006/03/25 11:15:30 darrenr Exp $"; #endif #ifndef SOLARIS --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.13 2006/09/08 18:01:33 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 144,150 **** static struct ifnet **ifneta = NULL; static int nifs = 0; - static int frzerostats __P((caddr_t)); static void fr_setifpaddr __P((struct ifnet *, char *)); void init_ifp __P((void)); #if defined(__sgi) && (IRIX < 60500) --- 144,149 ---- *************** *** 167,203 **** #endif ! int iplattach() { fr_running = 1; return 0; } ! int ipldetach() { fr_running = -1; return 0; } - static int frzerostats(data) - caddr_t data; - { - friostat_t fio; - int error; - - fr_getstat(&fio); - error = copyoutptr(&fio, data, sizeof(fio)); - if (error) - return EFAULT; - - bzero((char *)frstats, sizeof(*frstats) * 2); - - return 0; - } - - /* * Filter ioctl interface. */ --- 166,185 ---- #endif ! int ipfattach() { fr_running = 1; return 0; } ! int ipfdetach() { fr_running = -1; return 0; } /* * Filter ioctl interface. */ *************** *** 207,416 **** caddr_t data; int mode; { ! int error = 0, unit = 0, tmp; ! friostat_t fio; unit = dev; SPL_NET(s); ! if (unit == IPL_LOGNAT) { ! if (fr_running > 0) ! error = fr_nat_ioctl(data, cmd, mode); ! else ! error = EIO; ! SPL_X(s); ! return error; ! } ! if (unit == IPL_LOGSTATE) { ! if (fr_running > 0) ! error = fr_state_ioctl(data, cmd, mode); ! else ! error = EIO; ! SPL_X(s); ! return error; ! } ! if (unit == IPL_LOGAUTH) { ! if (fr_running > 0) { ! if ((cmd == (ioctlcmd_t)SIOCADAFR) || ! (cmd == (ioctlcmd_t)SIOCRMAFR)) { ! if (!(mode & FWRITE)) { ! error = EPERM; ! } else { ! error = frrequest(unit, cmd, data, ! fr_active, 1); ! } ! } else { ! error = fr_auth_ioctl(data, mode, cmd); ! } ! } else ! error = EIO; ! SPL_X(s); ! return error; ! } ! if (unit == IPL_LOGSYNC) { ! #ifdef IPFILTER_SYNC ! if (fr_running > 0) ! error = fr_sync_ioctl(data, cmd, mode); ! else ! #endif ! error = EIO; ! SPL_X(s); ! return error; ! } ! if (unit == IPL_LOGSCAN) { ! #ifdef IPFILTER_SCAN ! if (fr_running > 0) ! error = fr_scan_ioctl(data, cmd, mode); ! else ! #endif ! error = EIO; ! SPL_X(s); ! return error; ! } ! if (unit == IPL_LOGLOOKUP) { ! if (fr_running > 0) ! error = ip_lookup_ioctl(data, cmd, mode); ! else ! error = EIO; SPL_X(s); return error; } - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - error = COPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error) - break; - if (tmp) - error = iplattach(); - else - error = ipldetach(); - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, (void *)data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - error = COPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - error = COPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frzerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 189,208 ---- caddr_t data; int mode; { ! int error = 0, unit = 0, uid; ! SPL_INT(s); + uid = getuid(); unit = dev; SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, uid, NULL); ! if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 996,998 **** --- 788,796 ---- } return 0; } + + + int ipfsync() + { + return 0; + } diff -cr ip_fil4.1.13/ip_fil.h ip_fil4.1.14/ip_fil.h *** ip_fil4.1.13/ip_fil.h Wed Mar 29 21:19:55 2006 --- ip_fil4.1.14/ip_fil.h Thu Aug 17 08:20:30 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_fil.h,v 2.170.2.29 2006/03/29 11:19:55 darrenr Exp $ */ #ifndef __IP_FIL_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_fil.h,v 2.170.2.33 2006/08/16 22:20:30 darrenr Exp $ */ #ifndef __IP_FIL_H__ *************** *** 43,54 **** # define SIOCZRLST _IOWR('r', 75, struct ipfobj) # define SIOCAUTHW _IOWR('r', 76, struct ipfobj) # define SIOCAUTHR _IOWR('r', 77, struct ipfobj) ! # define SIOCATHST _IOWR('r', 78, struct ipfobj) # define SIOCSTLCK _IOWR('r', 79, u_int) # define SIOCSTPUT _IOWR('r', 80, struct ipfobj) # define SIOCSTGET _IOWR('r', 81, struct ipfobj) # define SIOCSTGSZ _IOWR('r', 82, struct ipfobj) ! # define SIOCGFRST _IOWR('r', 83, struct ipfobj) # define SIOCSETLG _IOWR('r', 84, int) # define SIOCGETLG _IOWR('r', 85, int) # define SIOCFUNCL _IOWR('r', 86, struct ipfunc_resolve) --- 43,54 ---- # define SIOCZRLST _IOWR('r', 75, struct ipfobj) # define SIOCAUTHW _IOWR('r', 76, struct ipfobj) # define SIOCAUTHR _IOWR('r', 77, struct ipfobj) ! # define SIOCSTAT1 _IOWR('r', 78, struct ipfobj) # define SIOCSTLCK _IOWR('r', 79, u_int) # define SIOCSTPUT _IOWR('r', 80, struct ipfobj) # define SIOCSTGET _IOWR('r', 81, struct ipfobj) # define SIOCSTGSZ _IOWR('r', 82, struct ipfobj) ! # define SIOCSTAT2 _IOWR('r', 83, struct ipfobj) # define SIOCSETLG _IOWR('r', 84, int) # define SIOCGETLG _IOWR('r', 85, int) # define SIOCFUNCL _IOWR('r', 86, struct ipfunc_resolve) *************** *** 56,61 **** --- 56,66 ---- # define SIOCIPFGET _IOWR('r', 88, struct ipfobj) # define SIOCIPFSET _IOWR('r', 89, struct ipfobj) # define SIOCIPFL6 _IOWR('r', 90, int) + # define SIOCIPFITER _IOWR('r', 91, struct ipfobj) + # define SIOCGENITER _IOWR('r', 92, struct ipfobj) + # define SIOCGTABL _IOWR('r', 93, struct ipfobj) + # define SIOCIPFDELTOK _IOWR('r', 94, int) + # define SIOCLOOKUPITER _IOWR('r', 95, struct ipfobj) #else # define SIOCADAFR _IOW(r, 60, struct ipfobj) # define SIOCRMAFR _IOW(r, 61, struct ipfobj) *************** *** 75,86 **** # define SIOCZRLST _IOWR(r, 75, struct ipfobj) # define SIOCAUTHW _IOWR(r, 76, struct ipfobj) # define SIOCAUTHR _IOWR(r, 77, struct ipfobj) ! # define SIOCATHST _IOWR(r, 78, struct ipfobj) # define SIOCSTLCK _IOWR(r, 79, u_int) # define SIOCSTPUT _IOWR(r, 80, struct ipfobj) # define SIOCSTGET _IOWR(r, 81, struct ipfobj) # define SIOCSTGSZ _IOWR(r, 82, struct ipfobj) ! # define SIOCGFRST _IOWR(r, 83, struct ipfobj) # define SIOCSETLG _IOWR(r, 84, int) # define SIOCGETLG _IOWR(r, 85, int) # define SIOCFUNCL _IOWR(r, 86, struct ipfunc_resolve) --- 80,91 ---- # define SIOCZRLST _IOWR(r, 75, struct ipfobj) # define SIOCAUTHW _IOWR(r, 76, struct ipfobj) # define SIOCAUTHR _IOWR(r, 77, struct ipfobj) ! # define SIOCSTAT1 _IOWR(r, 78, struct ipfobj) # define SIOCSTLCK _IOWR(r, 79, u_int) # define SIOCSTPUT _IOWR(r, 80, struct ipfobj) # define SIOCSTGET _IOWR(r, 81, struct ipfobj) # define SIOCSTGSZ _IOWR(r, 82, struct ipfobj) ! # define SIOCSTAT2 _IOWR(r, 83, struct ipfobj) # define SIOCSETLG _IOWR(r, 84, int) # define SIOCGETLG _IOWR(r, 85, int) # define SIOCFUNCL _IOWR(r, 86, struct ipfunc_resolve) *************** *** 88,97 **** --- 93,109 ---- # define SIOCIPFGET _IOWR(r, 88, struct ipfobj) # define SIOCIPFSET _IOWR(r, 89, struct ipfobj) # define SIOCIPFL6 _IOWR(r, 90, int) + # define SIOCIPFITER _IOWR(r, 91, struct ipfobj) + # define SIOCGENITER _IOWR(r, 92, struct ipfobj) + # define SIOCGTABL _IOWR(r, 93, struct ipfobj) + # define SIOCIPFDELTOK _IOWR(r, 94, int) + # define SIOCLOOKUPITER _IOWR(r, 95, struct ipfobj) #endif #define SIOCADDFR SIOCADAFR #define SIOCDELFR SIOCRMAFR #define SIOCINSFR SIOCINAFR + #define SIOCATHST SIOCSTAT1 + #define SIOCGFRST SIOCSTAT2 struct ipscan; *************** *** 111,116 **** --- 123,133 ---- struct in6_addr in6; void *vptr[2]; lookupfunc_t lptr[2]; + struct { + u_short type; + u_short subtype; + char label[12]; + } i6un; } i6addr_t; #else typedef union i6addr { *************** *** 118,129 **** struct in_addr in4; void *vptr[2]; lookupfunc_t lptr[2]; } i6addr_t; #endif #define in4_addr in4.s_addr ! #define iplookupnum i6[0] ! #define iplookuptype i6[1] /* * NOTE: These DO overlap the above on 64bit systems and this IS recognised. */ --- 135,153 ---- struct in_addr in4; void *vptr[2]; lookupfunc_t lptr[2]; + struct { + u_short type; + u_short subtype; + char label[12]; + } i6un; } i6addr_t; #endif #define in4_addr in4.s_addr ! #define iplookupnum i6[1] ! #define iplookupname i6un.label ! #define iplookuptype i6un.type ! #define iplookupsubtype i6un.subtype /* * NOTE: These DO overlap the above on 64bit systems and this IS recognised. */ *************** *** 249,256 **** --- 273,284 ---- #define fi_daddr fi_dst.in4.s_addr #define fi_srcnum fi_src.iplookupnum #define fi_dstnum fi_dst.iplookupnum + #define fi_srcname fi_src.iplookupname + #define fi_dstname fi_dst.iplookupname #define fi_srctype fi_src.iplookuptype #define fi_dsttype fi_dst.iplookuptype + #define fi_srcsubtype fi_src.iplookupsubtype + #define fi_dstsubtype fi_dst.iplookupsubtype #define fi_srcptr fi_src.iplookupptr #define fi_dstptr fi_dst.iplookupptr #define fi_srcfunc fi_src.iplookupfunc *************** *** 440,448 **** int fri_difpidx; /* index into fr_ifps[] to use when */ } fripf_t; ! #define fri_dstnum fri_ip.fi_dstnum #define fri_srcnum fri_mip.fi_srcnum ! #define fri_dstptr fri_ip.fi_dstptr #define fri_srcptr fri_mip.fi_srcptr #define FRI_NORMAL 0 /* Normal address */ --- 468,480 ---- int fri_difpidx; /* index into fr_ifps[] to use when */ } fripf_t; ! #define fri_dlookup fri_mip.fi_dst ! #define fri_slookup fri_mip.fi_src ! #define fri_dstnum fri_mip.fi_dstnum #define fri_srcnum fri_mip.fi_srcnum ! #define fri_dstname fri_mip.fi_dstname ! #define fri_srcname fri_mip.fi_srcname ! #define fri_dstptr fri_mip.fi_dstptr #define fri_srcptr fri_mip.fi_srcptr #define FRI_NORMAL 0 /* Normal address */ *************** *** 554,561 **** --- 586,599 ---- #define fr_smask fr_mip.fi_src.in4.s_addr #define fr_dstnum fr_ip.fi_dstnum #define fr_srcnum fr_ip.fi_srcnum + #define fr_dlookup fr_ip.fi_dst + #define fr_slookup fr_ip.fi_src + #define fr_dstname fr_ip.fi_dstname + #define fr_srcname fr_ip.fi_srcname #define fr_dsttype fr_ip.fi_dsttype #define fr_srctype fr_ip.fi_srctype + #define fr_dstsubtype fr_ip.fi_dstsubtype + #define fr_srcsubtype fr_ip.fi_srcsubtype #define fr_dstptr fr_mip.fi_dstptr #define fr_srcptr fr_mip.fi_srcptr #define fr_dstfunc fr_mip.fi_dstfunc *************** *** 1053,1058 **** --- 1091,1102 ---- #define IPFOBJ_STATESTAT 11 /* struct ips_stat */ #define IPFOBJ_FRAUTH 12 /* struct frauth */ #define IPFOBJ_TUNEABLE 13 /* struct ipftune */ + #define IPFOBJ_NAT 14 /* struct nat */ + #define IPFOBJ_IPFITER 15 /* struct ipfruleiter */ + #define IPFOBJ_GENITER 16 /* struct ipfgeniter */ + #define IPFOBJ_GTABLE 17 /* struct ipftable */ + #define IPFOBJ_LOOKUPITER 18 /* struct ipflookupiter */ + #define IPFOBJ_COUNT 19 /* How many #defines are above this? */ typedef union ipftunevalptr { *************** *** 1104,1109 **** --- 1148,1204 ---- #define ipft_vshort ipft_un.ipftu_short #define ipft_vchar ipft_un.ipftu_char + /* + * + */ + typedef struct ipfruleiter { + int iri_inout; + char iri_group[FR_GROUPLEN]; + int iri_active; + int iri_nrules; + int iri_v; + frentry_t *iri_rule; + } ipfruleiter_t; + + typedef struct ipfgeniter { + int igi_type; + int igi_nitems; + void *igi_data; + } ipfgeniter_t; + + #define IPFGENITER_IPF 0 + #define IPFGENITER_NAT 1 + #define IPFGENITER_IPNAT 2 + #define IPFGENITER_FRAG 3 + #define IPFGENITER_AUTH 4 + #define IPFGENITER_STATE 5 + #define IPFGENITER_NATFRAG 6 + #define IPFGENITER_HOSTMAP 7 + #define IPFGENITER_LOOKUP 8 + + typedef struct ipftable { + int ita_type; + void *ita_table; + } ipftable_t; + + #define IPFTABLE_BUCKETS 1 + + + /* + * + */ + typedef struct ipftoken { + struct ipftoken *ipt_next; + struct ipftoken **ipt_pnext; + void *ipt_ctx; + void *ipt_data; + u_long ipt_die; + int ipt_type; + int ipt_uid; + int ipt_subtype; + int ipt_alive; + } ipftoken_t; + /* ** HPUX Port *************** *** 1162,1172 **** --- 1257,1271 ---- extern void m_freem __P((mb_t *)); extern int bcopywrap __P((void *, void *, size_t)); #else /* #ifndef _KERNEL */ + # ifdef BSD + extern struct selinfo ipfselwait[IPL_LOGSIZE]; + # endif # if defined(__NetBSD__) && defined(PFIL_HOOKS) extern void ipfilterattach __P((int)); # endif extern int ipl_enable __P((void)); extern int ipl_disable __P((void)); + extern int ipf_inject __P((fr_info_t *, mb_t *)); # ifdef MENTAT extern int fr_check __P((struct ip *, int, void *, int, void *, mblk_t **)); *************** *** 1189,1195 **** extern int iplwrite __P((dev_t, uio_t *)); extern int iplselect __P((dev_t, int)); # endif - extern int ipfsync __P((void)); extern int fr_qout __P((queue_t *, mblk_t *)); # else /* MENTAT */ extern int fr_check __P((struct ip *, int, void *, int, mb_t **)); --- 1288,1293 ---- *************** *** 1202,1208 **** extern int iplclose __P((dev_t, int, int, cred_t *)); extern int iplread __P((dev_t, uio_t *, cred_t *)); extern int iplwrite __P((dev_t, uio_t *, cred_t *)); - extern int ipfsync __P((void)); extern int ipfilter_sgi_attach __P((void)); extern void ipfilter_sgi_detach __P((void)); extern void ipfilter_sgi_intfsync __P((void)); --- 1300,1305 ---- *************** *** 1270,1290 **** extern ipfmutex_t ipf_timeoutlock, ipf_stinsert, ipf_natio, ipf_nat_new; extern ipfrwlock_t ipf_mutex, ipf_global, ip_poolrw, ipf_ipidfrag; extern ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; ! extern ipfrwlock_t ipf_frcache; extern char *memstr __P((const char *, char *, size_t, size_t)); extern int count4bits __P((u_32_t)); extern int frrequest __P((int, ioctlcmd_t, caddr_t, int, int)); extern char *getifname __P((struct ifnet *)); ! extern int iplattach __P((void)); ! extern int ipldetach __P((void)); extern u_short ipf_cksum __P((u_short *, int)); extern int copyinptr __P((void *, void *, size_t)); extern int copyoutptr __P((void *, void *, size_t)); extern int fr_fastroute __P((mb_t *, mb_t **, fr_info_t *, frdest_t *)); extern int fr_inobj __P((void *, void *, int)); extern int fr_inobjsz __P((void *, void *, int, int)); ! extern int fr_ioctlswitch __P((int, void *, ioctlcmd_t, int)); extern int fr_ipftune __P((ioctlcmd_t, void *)); extern int fr_outobj __P((void *, void *, int)); extern int fr_outobjsz __P((void *, void *, int, int)); --- 1367,1388 ---- extern ipfmutex_t ipf_timeoutlock, ipf_stinsert, ipf_natio, ipf_nat_new; extern ipfrwlock_t ipf_mutex, ipf_global, ip_poolrw, ipf_ipidfrag; extern ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; ! extern ipfrwlock_t ipf_frcache, ipf_tokens; extern char *memstr __P((const char *, char *, size_t, size_t)); extern int count4bits __P((u_32_t)); extern int frrequest __P((int, ioctlcmd_t, caddr_t, int, int)); extern char *getifname __P((struct ifnet *)); ! extern int ipfattach __P((void)); ! extern int ipfdetach __P((void)); extern u_short ipf_cksum __P((u_short *, int)); extern int copyinptr __P((void *, void *, size_t)); extern int copyoutptr __P((void *, void *, size_t)); extern int fr_fastroute __P((mb_t *, mb_t **, fr_info_t *, frdest_t *)); extern int fr_inobj __P((void *, void *, int)); extern int fr_inobjsz __P((void *, void *, int, int)); ! extern int fr_ioctlswitch __P((int, void *, ioctlcmd_t, int, int, void *)); ! extern int fr_ipf_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern int fr_ipftune __P((ioctlcmd_t, void *)); extern int fr_outobj __P((void *, void *, int)); extern int fr_outobjsz __P((void *, void *, int, int)); *************** *** 1362,1367 **** --- 1460,1472 ---- extern int fr_tcpudpchk __P((fr_info_t *, frtuc_t *)); extern int fr_verifysrc __P((fr_info_t *fin)); extern int fr_zerostats __P((char *)); + extern ipftoken_t *ipf_findtoken __P((int, int, void *)); + extern int ipf_getnextrule __P((ipftoken_t *, void *)); + extern void ipf_expiretokens __P((void)); + extern void ipf_freetoken __P((ipftoken_t *)); + extern int ipf_deltoken __P((int,int, void *)); + extern int ipfsync __P((void)); + extern int ipf_genericiter __P((void *, int, void *)); extern int fr_running; extern u_long fr_frouteok[2]; diff -cr ip_fil4.1.13/ip_fil_aix.c ip_fil4.1.14/ip_fil_aix.c *** ip_fil4.1.13/ip_fil_aix.c Sun Mar 26 00:03:00 2006 --- ip_fil4.1.14/ip_fil_aix.c Mon Sep 25 20:21:34 2006 *************** *** 6,12 **** #define __FULL_PROTO #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_aix.c,v 2.1.2.2 2006/03/25 13:03:00 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 6,12 ---- #define __FULL_PROTO #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_aix.c,v 2.1.2.5 2006/09/25 10:21:34 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 104,110 **** ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int ipf_locks_done = 0; --- 104,110 ---- ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_tokens; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int ipf_locks_done = 0; *************** *** 178,183 **** --- 178,184 ---- MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock mutex"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); ipf_locks_done = 1; if (fr_initialise() < 0) { *************** *** 202,208 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { int s; --- 203,209 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { int s; *************** *** 388,396 **** caddr_t data; int mode; { ! int s; ! int error = 0, unit = 0, tmp; ! friostat_t fio; unit = GET_MINOR(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) --- 389,396 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); unit = GET_MINOR(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) *************** *** 407,554 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - BCOPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = ipfattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - BCOPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - BCOPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 4, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 6, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #endif - case SIOCSTLCK : - BCOPYIN(data, &tmp, sizeof(tmp)); - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 407,418 ---- SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, curproc->p_uid, curproc); if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 1114,1119 **** --- 978,984 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1720,1722 **** --- 1585,1601 ---- { return NULL; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + + FREE_MB_T(m); + + fin->fin_m = NULL; + fin->fin_ip = NULL; + + return EINVAL; + } diff -cr ip_fil4.1.13/ip_fil_bsdos.c ip_fil4.1.14/ip_fil_bsdos.c *** ip_fil4.1.13/ip_fil_bsdos.c Sun Mar 26 00:03:00 2006 --- ip_fil4.1.14/ip_fil_bsdos.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_bsdos.c,v 2.45.2.19 2006/03/25 13:03:00 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_bsdos.c,v 2.45.2.22 2006/09/25 10:21:35 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 98,104 **** #endif /* IPFILTER_LKM */ ! int iplattach() { char *defpass; int s; --- 98,104 ---- #endif /* IPFILTER_LKM */ ! int ipfattach() { char *defpass; int s; *************** *** 152,158 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { int s; --- 152,158 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { int s; *************** *** 195,203 **** caddr_t data; int mode; { ! int s; ! int error = 0, unit = 0, tmp; ! friostat_t fio; if ((securelevel >= 2) && (mode & FWRITE)) return EPERM; --- 195,202 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); if ((securelevel >= 2) && (mode & FWRITE)) return EPERM; *************** *** 217,373 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - error = COPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error) - break; - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - error = COPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - error = COPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 216,232 ---- SPL_NET(s); ! #if (_BSDI_VERSION >= 199510) ! error = fr_ioctlswitch(unit, data, cmd, mode, p->p_cred->p_ruid, p); ! #else ! error = fr_ioctlswitch(unit, data, cmd, mode, ! curproc->p_cred->p_ruid, curproc); ! #endif if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 837,843 **** void iplinit() { ! if (iplattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } --- 696,702 ---- void iplinit() { ! if (ipfattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } *************** *** 961,966 **** --- 820,826 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1278,1280 **** --- 1138,1171 ---- } return len; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + ifq = &ipintrq; + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + error = 0; + } + } else { + #if (_BSDI_VERSION >= 199802) + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); + #else + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); + #endif + } + + return error; + } diff -cr ip_fil4.1.13/ip_fil_freebsd.c ip_fil4.1.14/ip_fil_freebsd.c *** ip_fil4.1.13/ip_fil_freebsd.c Sun Mar 26 00:03:01 2006 --- ip_fil4.1.14/ip_fil_freebsd.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_freebsd.c,v 2.53.2.32 2006/03/25 13:03:01 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_freebsd.c,v 2.53.2.35 2006/09/25 10:21:35 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 124,130 **** # ifdef USE_MUTEXES ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; # endif int ipf_locks_done = 0; --- 124,130 ---- # ifdef USE_MUTEXES ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache, ipf_tokens; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; # endif int ipf_locks_done = 0; *************** *** 191,197 **** #endif /* IPFILTER_LKM */ ! int iplattach() { #ifdef USE_SPL int s; --- 191,197 ---- #endif /* IPFILTER_LKM */ ! int ipfattach() { #ifdef USE_SPL int s; *************** *** 218,223 **** --- 218,224 ---- RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_frcache, "ipf cache rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); ipf_locks_done = 1; if (fr_initialise() < 0) { *************** *** 324,330 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { #ifdef USE_SPL int s; --- 325,331 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { #ifdef USE_SPL int s; *************** *** 421,426 **** --- 422,428 ---- RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); RW_DESTROY(&ipf_ipidfrag); + RW_DESTROY(&ipf_tokens); RW_DESTROY(&ipf_global); ipf_locks_done = 0; } *************** *** 439,446 **** --- 441,450 ---- , p) # if (__FreeBSD_version >= 500024) struct thread *p; + # define p_uid t_proc->p_cred->p_ruid # else struct proc *p; + # define p_uid p_cred->p_ruid # endif /* __FreeBSD_version >= 500024 */ # else ) *************** *** 454,464 **** caddr_t data; int mode; { ! #ifdef USE_SPL ! int s; ! #endif ! int error = 0, unit = 0, tmp; ! friostat_t fio; #if (BSD >= 199306) && defined(_KERNEL) if ((securelevel >= 3) && (mode & FWRITE)) --- 458,465 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); #if (BSD >= 199306) && defined(_KERNEL) if ((securelevel >= 3) && (mode & FWRITE)) *************** *** 481,629 **** SPL_NET(s); READ_ENTER(&ipf_global); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { RWLOCK_EXIT(&ipf_global); SPL_X(s); return error; } - error = 0; - - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - BCOPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - BCOPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - BCOPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 4, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 6, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #endif - case SIOCSTLCK : - BCOPYIN(data, &tmp, sizeof(tmp)); - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } RWLOCK_EXIT(&ipf_global); SPL_X(s); --- 482,493 ---- SPL_NET(s); READ_ENTER(&ipf_global); ! error = fr_ioctlswitch(unit, data, cmd, mode, p->p_uid, p); if (error != -1) { RWLOCK_EXIT(&ipf_global); SPL_X(s); return error; } RWLOCK_EXIT(&ipf_global); SPL_X(s); *************** *** 1145,1151 **** # endif iplinit() { ! if (iplattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } --- 1009,1015 ---- # endif iplinit() { ! if (ipfattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } *************** *** 1275,1280 **** --- 1139,1145 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1734,1736 **** --- 1599,1638 ---- fin->fin_flx |= FI_COALESCE; return ip; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + mb_t *m; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + ifq = &ipintrq; + + #if (__FreeBSD_version >= 501000) + netisr_dispatch(NETISR_IP, m); + #else + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + error = 0; + } + #endif + } else { + #if (__FreeBSD_version >= 470102) + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); + #else + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); + #endif + } + + return error; + } diff -cr ip_fil4.1.13/ip_fil_hpux.c ip_fil4.1.14/ip_fil_hpux.c *** ip_fil4.1.13/ip_fil_hpux.c Wed Mar 29 21:19:56 2006 --- ip_fil4.1.14/ip_fil_hpux.c Fri Jul 14 16:12:08 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_hpux.c,v 2.45.2.13 2006/03/29 11:19:56 darrenr Exp $"; #endif #include --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_hpux.c,v 2.45.2.14 2006/07/14 06:12:08 darrenr Exp $"; #endif #include *************** *** 58,83 **** static int fr_send_ip(fr_info_t *, mblk_t *); ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int *ip_ttl_ptr; int *ip_mtudisc; int *ip_forwarding; ! int ipldetach() { if (fr_control_forwarding & 2) ip_forwarding = 0; #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipldetach()\n"); #endif fr_deinitialise(); (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE); (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE); RW_DESTROY(&ipf_ipidfrag); RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); --- 58,84 ---- static int fr_send_ip(fr_info_t *, mblk_t *); ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache, ipf_tokens; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int *ip_ttl_ptr; int *ip_mtudisc; int *ip_forwarding; ! int ipfdetach() { if (fr_control_forwarding & 2) ip_forwarding = 0; #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipfdetach()\n"); #endif fr_deinitialise(); (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE); (void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE); + RW_DESTROY(&ipf_tokens); RW_DESTROY(&ipf_ipidfrag); RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); *************** *** 92,103 **** } ! int iplattach __P((void)) { int i; #ifdef IPFDEBUG ! cmn_err(CE_CONT, "iplattach()\n"); #endif bzero((char *)frcache, sizeof(frcache)); MUTEX_INIT(&ipf_rw, "ipf_rw"); --- 93,104 ---- } ! int ipfattach __P((void)) { int i; #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipfattach()\n"); #endif bzero((char *)frcache, sizeof(frcache)); MUTEX_INIT(&ipf_rw, "ipf_rw"); *************** *** 106,111 **** --- 107,113 ---- RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_frcache, "ipf cache rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); if (fr_initialise() < 0) return -1; *************** *** 132,138 **** } #ifdef IPFDEBUG ! cmn_err(CE_CONT, "iplattach() - success!\n"); #endif if (fr_control_forwarding & 1) *ip_forwarding = 1; --- 134,140 ---- } #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipfattach() - success!\n"); #endif if (fr_control_forwarding & 1) *ip_forwarding = 1; *************** *** 149,157 **** caddr_t data; int flags; { ! int error = 0, tmp; ! friostat_t fio; ! u_int enable; minor_t unit; #ifdef IPFDEBUG --- 151,157 ---- caddr_t data; int flags; { ! int error = 0; minor_t unit; #ifdef IPFDEBUG *************** *** 174,342 **** READ_ENTER(&ipf_global); ! error = fr_ioctlswitch(unit, data, cmd, flags); if (error != -1) { RWLOCK_EXIT(&ipf_global); return error; } - error = 0; - switch (cmd) - { - case SIOCFRENB : - if (!(flags & FWRITE)) - error = EPERM; - else { - error = BCOPYIN(data, &enable, sizeof(enable)); - if (enable) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(flags & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(flags & FWRITE)) - error = EPERM; - else { - WRITE_ENTER(&ipf_mutex); - error = BCOPYIN(data, &fr_flags, sizeof(fr_flags)); - RWLOCK_EXIT(&ipf_mutex); - } - break; - case SIOCGETFF : - error = BCOPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(flags & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, (caddr_t)data, - fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(flags & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, (caddr_t)data, - 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(flags & FWRITE)) - error = EPERM; - else { - WRITE_ENTER(&ipf_mutex); - bzero((char *)frcache, sizeof(frcache[0]) * 2); - error = BCOPYOUT(&fr_active, data, sizeof(fr_active)); - if (error != 0) - error = EFAULT; - else - fr_active = 1 - fr_active; - RWLOCK_EXIT(&ipf_mutex); - } - break; - case SIOCGETFS : - READ_ENTER(&ipf_mutex); - fr_getstat(&fio); - RWLOCK_EXIT(&ipf_mutex); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(flags & FWRITE)) - error = EPERM; - else - error = fr_zerostats((caddr_t)data); - break; - case SIOCIPFFL : - if (!(flags & FWRITE)) - error = EPERM; - else { - error = BCOPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = BCOPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(flags & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #endif - case SIOCSTLCK : - error = BCOPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(flags & FWRITE)) - error = EPERM; - else { - tmp = ipflog_clear(unit); - error = BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #endif /* IPFILTER_LOG */ - case SIOCFRSYN : - if (!(flags & FWRITE)) - error = EPERM; - else - error = ipfsync(); - break; - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case FIONREAD : - #ifdef IPFILTER_LOG - tmp = (int)iplused[IPL_LOGIPF]; - - error = BCOPYOUT(&tmp, data, sizeof(tmp)); - #endif - break; - default : - error = EINVAL; - break; - } RWLOCK_EXIT(&ipf_global); return error; } --- 174,185 ---- READ_ENTER(&ipf_global); ! error = fr_ioctlswitch(unit, data, cmd, flags, curproc->p_uid, curproc); if (error != -1) { RWLOCK_EXIT(&ipf_global); return error; } RWLOCK_EXIT(&ipf_global); return error; } diff -cr ip_fil4.1.13/ip_fil_irix.c ip_fil4.1.14/ip_fil_irix.c *** ip_fil4.1.13/ip_fil_irix.c Sun Mar 26 00:03:01 2006 --- ip_fil4.1.14/ip_fil_irix.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_irix.c,v 2.42.2.17 2006/03/25 13:03:01 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_irix.c,v 2.42.2.20 2006/09/25 10:21:35 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 166,175 **** cred_t *cp; int *rp; { ! int error = 0, unit = 0, tmp; ! friostat_t fio; ! u_int enable; ! int s; unit = GET_MINOR(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) --- 166,173 ---- cred_t *cp; int *rp; { ! int error = 0, unit = 0; ! SPL_INT(s); unit = GET_MINOR(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) *************** *** 186,343 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - error = COPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &enable, sizeof(enable)); - if (error) - break; - if (enable) { - if (fr_running > 0) - error = 0; - else - error = ipl_attach(); - if (error == 0) - fr_running = 1; - else - (void) ipl_detach(); - } else { - error = ipl_detach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - error = COPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - error = COPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 184,195 ---- SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, cp->cr_uid, curproc); if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 767,779 **** else ip_init(); } ! int iplattach(void) { int i; for (i = 0; i < 256; i++) ! if (cdevsw[i].d_open == iplopen){printf("iplattach:ipfilter @%d\n", i); break;} ! if (i==256)printf("iplattach:ipfilter not found\n"); return 0; } --- 619,631 ---- else ip_init(); } ! int ipfattach(void) { int i; for (i = 0; i < 256; i++) ! if (cdevsw[i].d_open == iplopen){printf("ipfattach:ipfilter @%d\n", i); break;} ! if (i==256)printf("ipfattach:ipfilter not found\n"); return 0; } *************** *** 889,894 **** --- 741,747 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1302,1304 **** --- 1155,1195 ---- return ip; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + #if (IRIX >= 60516) + ifq = &((struct ifnet *)fin->fin_ifp)->if_snd; + #else + ifq = &ipintrq; + #endif + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + #if IRIX < 60500 + schednetisr(NETISR_IP); + #endif + error = 0; + } + } else { + #if IRIX >= 60500 + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); + #else + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); + #endif + } + + return error; + } diff -cr ip_fil4.1.13/ip_fil_linux.c ip_fil4.1.14/ip_fil_linux.c *** ip_fil4.1.13/ip_fil_linux.c Wed Mar 29 21:21:11 2006 --- ip_fil4.1.14/ip_fil_linux.c Mon Sep 25 20:21:35 2006 *************** *** 17,28 **** extern int sysctl_ip_default_ttl; - static int frzerostats __P((caddr_t)); static int fr_send_ip __P((fr_info_t *, struct sk_buff *, struct sk_buff **)); ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; struct timer_list ipf_timer; --- 17,27 ---- extern int sysctl_ip_default_ttl; static int fr_send_ip __P((fr_info_t *, struct sk_buff *, struct sk_buff **)); ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache, ipf_tokens; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; struct timer_list ipf_timer; *************** *** 97,103 **** #endif ! int iplattach() { int err, i; --- 96,102 ---- #endif ! int ipfattach() { int err, i; *************** *** 115,120 **** --- 114,120 ---- RWLOCK_INIT(&ipf_mutex, "ipf global mutex rwlock"); RWLOCK_INIT(&ipf_frcache, "ipf cache mutex rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); for (i = 0; i < sizeof(ipf_hooks)/sizeof(ipf_hooks[0]); i++) { err = nf_register_hook(&ipf_hooks[i]); *************** *** 147,153 **** } ! int ipldetach() { int i; --- 147,153 ---- } ! int ipfdetach() { int i; *************** *** 175,180 **** --- 175,181 ---- RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); RW_DESTROY(&ipf_global); + RW_DESTROY(&ipf_tokens); RW_DESTROY(&ipf_ipidfrag); SPL_X(s); *************** *** 183,196 **** } - /* * Filter ioctl interface. */ int ipf_ioctl(struct inode *in, struct file *fp, u_int cmd, u_long arg) { ! int error = 0, unit = 0, tmp; ! friostat_t fio; caddr_t data; mode_t mode; --- 184,195 ---- } /* * Filter ioctl interface. */ int ipf_ioctl(struct inode *in, struct file *fp, u_int cmd, u_long arg) { ! int error = 0, unit = 0; caddr_t data; mode_t mode; *************** *** 210,364 **** mode = fp->f_mode; data = (caddr_t)arg; ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); if (error > 0) error = -error; return error; } - - error = 0; - - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - bcopy(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - bcopy(data, &tmp, sizeof(tmp)); - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - bcopy(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - bcopy(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frzerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - bcopy(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 4, tmp); - bcopy(&tmp, data, sizeof(tmp)); - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - bcopy(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 6, tmp); - bcopy(&tmp, data, sizeof(tmp)); - } - break; - #endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); if (error > 0) error = -error; return error; --- 209,223 ---- mode = fp->f_mode; data = (caddr_t)arg; ! error = fr_ioctlswitch(unit, data, cmd, mode, fp->f_uid, fp); if (error != -1) { SPL_X(s); if (error > 0) error = -error; return error; } SPL_X(s); + if (error > 0) error = -error; return error; *************** *** 748,753 **** --- 607,613 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 858,880 **** } - static int frzerostats(data) - caddr_t data; - { - friostat_t fio; - int error; - - fr_getstat(&fio); - error = copyoutptr(&fio, data, sizeof(fio)); - if (error) - return EFAULT; - - bzero((char *)frstats, sizeof(*frstats) * 2); - - return 0; - } - - static u_int ipf_linux_inout(hooknum, skbp, inifp, outifp, okfn) u_int hooknum; struct sk_buff **skbp; --- 718,723 ---- *************** *** 934,939 **** --- 777,785 ---- if (rwlk->ipf_magic != 0x97dd8b3a) { printk("ipf_read_enter:rwlk %p ipf_magic 0x%x\n", rwlk, rwlk->ipf_magic); + /* + * Force a panic. + */ rwlk->ipf_magic = 0; *((int *)rwlk->ipf_magic) = 1; } *************** *** 966,971 **** --- 812,820 ---- if (rwlk->ipf_magic != 0x97dd8b3a) { printk("ipf_rw_exit:rwlk %p ipf_magic 0x%x\n", rwlk, rwlk->ipf_magic); + /* + * Force a panic. + */ rwlk->ipf_magic = 0; *((int *)rwlk->ipf_magic) = 1; } *************** *** 995,1000 **** --- 844,859 ---- } + void ipf_rw_init(rwlck, name) + ipfrwlock_t *rwlck; + char *name; + { + memset(rwlck, 0, sizeof(*rwlck)); + rwlck->ipf_lname = name; + rwlock_init(&rwlck->ipf_lk); + } + + #if 0 void dumpskbuff(sk) struct sk_buff *sk; *************** *** 1121,1126 **** --- 980,986 ---- { READ_ENTER(&ipf_global); + ipf_expiretokens(); fr_fragexpire(); fr_timeoutstate(); fr_natexpire(); *************** *** 1133,1135 **** --- 993,1008 ---- done: RWLOCK_EXIT(&ipf_global); } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + FREE_MB_T(m); + + fin->fin_m = NULL; + fin->fin_ip = NULL; + + return EINVAL; + } diff -cr ip_fil4.1.13/ip_fil_netbsd.c ip_fil4.1.14/ip_fil_netbsd.c *** ip_fil4.1.13/ip_fil_netbsd.c Sun Mar 26 00:03:02 2006 --- ip_fil4.1.14/ip_fil_netbsd.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_netbsd.c,v 2.55.2.38 2006/03/25 13:03:02 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_netbsd.c,v 2.55.2.41 2006/09/25 10:21:35 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 276,289 **** int count; { # if 0 ! if (iplattach() != 0) printf("IP Filter failed to attach\n"); # endif } #endif ! int iplattach() { int s; #if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000) --- 276,289 ---- int count; { # if 0 ! if (ipfattach() != 0) printf("IP Filter failed to attach\n"); # endif } #endif ! int ipfattach() { int s; #if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000) *************** *** 413,419 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { int s; #if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000) --- 413,419 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { int s; #if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000) *************** *** 498,505 **** --- 498,507 ---- , p) # if (__NetBSD_Version__ >= 399001400) struct lwp *p; + # define p_uid l_proc->p_cred->p_ruid # else struct proc *p; + # define p_uid p_cred->p_ruid # endif #else ) *************** *** 509,517 **** caddr_t data; int mode; { ! int s; ! int error = 0, unit = 0, tmp; ! friostat_t fio; if ((securelevel >= 2) && (mode & FWRITE)) return EPERM; --- 511,518 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); if ((securelevel >= 2) && (mode & FWRITE)) return EPERM; *************** *** 531,678 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - BCOPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - BCOPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - BCOPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 4, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 6, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #endif - case SIOCSTLCK : - BCOPYIN(data, &tmp, sizeof(tmp)); - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 532,543 ---- SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, p->p_uid, p); if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 1278,1283 **** --- 1143,1149 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1951,1953 **** --- 1817,1846 ---- selrecord(p, &ipfselwait[xmin]); return revents; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + ifq = &ipintrq; + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + error = 0; + } + } else { + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); + } + + return error; + } diff -cr ip_fil4.1.13/ip_fil_openbsd.c ip_fil4.1.14/ip_fil_openbsd.c *** ip_fil4.1.13/ip_fil_openbsd.c Sun Mar 26 00:03:02 2006 --- ip_fil4.1.14/ip_fil_openbsd.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_openbsd.c,v 2.50.2.23 2006/03/25 13:03:02 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_openbsd.c,v 2.50.2.26 2006/09/25 10:21:35 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 100,106 **** #endif /* IPFILTER_LKM */ ! int iplattach() { int s; --- 100,106 ---- #endif /* IPFILTER_LKM */ ! int ipfattach() { int s; *************** *** 134,140 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { int s; --- 134,140 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { int s; *************** *** 166,174 **** caddr_t data; int mode; { ! int s; ! int error = 0, unit = 0, tmp; ! friostat_t fio; if ((securelevel >= 2) && (mode & FWRITE)) return EPERM; --- 166,173 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); if ((securelevel >= 2) && (mode & FWRITE)) return EPERM; *************** *** 188,335 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - BCOPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - BCOPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - BCOPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 4, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - BCOPYIN(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 6, tmp); - BCOPYOUT(&tmp, data, sizeof(tmp)); - } - break; - #endif - case SIOCSTLCK : - BCOPYIN(data, &tmp, sizeof(tmp)); - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 187,198 ---- SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, p->p_cred->p_ruid, p); if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 795,801 **** void iplinit() { ! if (iplattach() != 0) printf("IP Filter failed to attach\n"); else fr_running = 1; --- 658,664 ---- void iplinit() { ! if (ipfattach() != 0) printf("IP Filter failed to attach\n"); else fr_running = 1; *************** *** 900,905 **** --- 763,769 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1448,1450 **** --- 1312,1341 ---- fin->fin_flx |= FI_COALESCE; return ip; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + ifq = &ipintrq; + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + error = 0; + } + } else { + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); + } + + return error; + } diff -cr ip_fil4.1.13/ip_fil_osf.c ip_fil4.1.14/ip_fil_osf.c *** ip_fil4.1.13/ip_fil_osf.c Sun Mar 26 00:03:03 2006 --- ip_fil4.1.14/ip_fil_osf.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_osf.c,v 2.44.2.20 2006/03/25 13:03:03 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_osf.c,v 2.44.2.23 2006/09/25 10:21:35 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) *************** *** 81,86 **** --- 81,87 ---- ipfmutex_t ipf_nat_new, ipf_natio, ipf_stinsert; ipfrwlock_t ipf_mutex, ipf_global, ipf_frag, ipf_tru64, ipf_frcache; ipfrwlock_t ipf_state, ipf_nat, ipf_natfrag, ipf_auth, ipf_ipidfrag; + ipfrwlock_t ipf_tokens; int ipf_locks_done = 0; #if defined(IPFILTER_LKM) *************** *** 94,100 **** #endif /* IPFILTER_LKM */ ! int iplattach() { int s, i; --- 95,101 ---- #endif /* IPFILTER_LKM */ ! int ipfattach() { int s, i; *************** *** 108,113 **** --- 109,115 ---- MUTEX_INIT(&ipf_rw, 0); MUTEX_INIT(&ipf_timeoutlock, 0); RWLOCK_INIT(&ipf_ipidfrag, 1); + RWLOCK_INIT(&ipf_tokens, 1); ipf_locks_done = 1; i = fr_initialise(); *************** *** 136,142 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { int s; --- 138,144 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { int s; *************** *** 160,165 **** --- 162,168 ---- if (ipf_locks_done == 1) { MUTEX_DESTROY(&ipf_rw); MUTEX_DESTROY(&ipf_timeoutlock); + RW_DESTROY(&ipf_tokens); RW_DESTROY(&ipf_ipidfrag); ipf_locks_done = 0; } *************** *** 176,183 **** caddr_t data; int mode; { ! int error = 0, unit = 0, tmp, s; ! friostat_t fio; unit = minor(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) --- 179,186 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); unit = minor(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) *************** *** 197,349 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - bcopy(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - RWLOCK_EXIT(&ipf_tru64); - WRITE_ENTER(&ipf_tru64); - bcopy(data, &tmp, sizeof(tmp)); - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - bcopy(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - bcopy(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - bcopy(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 4, tmp); - bcopy(&tmp, data, sizeof(tmp)); - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - bcopy(data, &tmp, sizeof(tmp)); - tmp = frflush(unit, 6, tmp); - bcopy(&tmp, data, sizeof(tmp)); - } - break; - #endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 200,211 ---- SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, curproc->p_uid, curproc); if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 790,796 **** void iplinit() { ! if (iplattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } --- 652,658 ---- void iplinit() { ! if (ipfattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } *************** *** 936,941 **** --- 798,804 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1408,1410 **** --- 1271,1300 ---- fin->fin_flx |= FI_COALESCE; return ip; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + ifq = &ipintrq; + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + error = 0; + } + } else { + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); + } + + return error; + } diff -cr ip_fil4.1.13/ip_fil_solaris.c ip_fil4.1.14/ip_fil_solaris.c *** ip_fil4.1.13/ip_fil_solaris.c Wed Mar 29 21:19:56 2006 --- ip_fil4.1.14/ip_fil_solaris.c Mon Sep 25 20:21:35 2006 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_solaris.c,v 2.62.2.23 2006/03/29 11:19:56 darrenr Exp $"; #endif #include --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_solaris.c,v 2.62.2.26 2006/09/25 10:21:35 darrenr Exp $"; #endif #include *************** *** 61,67 **** ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; kcondvar_t iplwait, ipfauthwait; #if SOLARIS2 >= 7 --- 61,67 ---- ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ! ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ipf_frcache, ipf_tokens; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; kcondvar_t iplwait, ipfauthwait; #if SOLARIS2 >= 7 *************** *** 84,100 **** /* ------------------------------------------------------------------------ */ ! /* Function: ipldetach */ /* Returns: int - 0 == success, else error. */ /* Parameters: Nil */ /* */ /* This function is responsible for undoing anything that might have been */ ! /* done in a call to iplattach(). It must be able to clean up from a call */ ! /* to iplattach() that did not succeed. Why might that happen? Someone */ /* configures a table to be so large that we cannot allocate enough memory */ /* for it. */ /* ------------------------------------------------------------------------ */ ! int ipldetach() { ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); --- 84,100 ---- /* ------------------------------------------------------------------------ */ ! /* Function: ipfdetach */ /* Returns: int - 0 == success, else error. */ /* Parameters: Nil */ /* */ /* This function is responsible for undoing anything that might have been */ ! /* done in a call to ipfattach(). It must be able to clean up from a call */ ! /* to ipfattach() that did not succeed. Why might that happen? Someone */ /* configures a table to be so large that we cannot allocate enough memory */ /* for it. */ /* ------------------------------------------------------------------------ */ ! int ipfdetach() { ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); *************** *** 109,115 **** } #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipldetach()\n"); #endif fr_deinitialise(); --- 109,115 ---- } #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipfdetach()\n"); #endif fr_deinitialise(); *************** *** 120,125 **** --- 120,126 ---- if (ipf_locks_done == 1) { MUTEX_DESTROY(&ipf_timeoutlock); MUTEX_DESTROY(&ipf_rw); + RW_DESTROY(&ipf_tokens); RW_DESTROY(&ipf_ipidfrag); ipf_locks_done = 0; } *************** *** 127,138 **** } ! int iplattach __P((void)) { int i; #ifdef IPFDEBUG ! cmn_err(CE_CONT, "iplattach()\n"); #endif ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); --- 128,139 ---- } ! int ipfattach __P((void)) { int i; #ifdef IPFDEBUG ! cmn_err(CE_CONT, "ipfattach()\n"); #endif ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); *************** *** 141,146 **** --- 142,148 ---- MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock mutex"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); ipf_locks_done = 1; if (fr_initialise() < 0) *************** *** 213,222 **** cred_t *cp; int *rp; { ! int error = 0, tmp; ! friostat_t fio; minor_t unit; - u_int enable; #ifdef IPFDEBUG cmn_err(CE_CONT, "iplioctl(%x,%x,%x,%d,%x,%d)\n", --- 215,222 ---- cred_t *cp; int *rp; { ! int error = 0; minor_t unit; #ifdef IPFDEBUG cmn_err(CE_CONT, "iplioctl(%x,%x,%x,%d,%x,%d)\n", *************** *** 237,437 **** READ_ENTER(&ipf_global); ! error = fr_ioctlswitch(unit, (caddr_t)data, cmd, mode); if (error != -1) { RWLOCK_EXIT(&ipf_global); return error; } - error = 0; - switch (cmd) - { - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN((caddr_t)data, (caddr_t)&enable, - sizeof(enable)); - if (error != 0) { - error = EFAULT; - break; - } - - RWLOCK_EXIT(&ipf_global); - WRITE_ENTER(&ipf_global); - if (enable) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - /* FALLTHRU */ - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, (void *)data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN((caddr_t)data, (caddr_t)&fr_flags, - sizeof(fr_flags)); - if (error != 0) - error = EFAULT; - } - break; - case SIOCGETFF : - error = COPYOUT((caddr_t)&fr_flags, (caddr_t)data, - sizeof(fr_flags)); - if (error != 0) - error = EFAULT; - break; - case SIOCFUNCL : - error = fr_resolvefunc((void *)data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, (caddr_t)data, - fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, (caddr_t)data, - 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - WRITE_ENTER(&ipf_mutex); - bzero((char *)frcache, sizeof(frcache[0]) * 2); - error = COPYOUT((caddr_t)&fr_active, (caddr_t)data, - sizeof(fr_active)); - if (error != 0) - error = EFAULT; - else - fr_active = 1 - fr_active; - RWLOCK_EXIT(&ipf_mutex); - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj((void *)data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats((caddr_t)data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN((caddr_t)data, (caddr_t)&tmp, - sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = COPYOUT((caddr_t)&tmp, (caddr_t)data, - sizeof(tmp)); - if (error != 0) - error = EFAULT; - } else - error = EFAULT; - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN((caddr_t)data, (caddr_t)&tmp, - sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT((caddr_t)&tmp, (caddr_t)data, - sizeof(tmp)); - if (error != 0) - error = EFAULT; - } else - error = EFAULT; - } - break; - #endif - case SIOCSTLCK : - error = COPYIN((caddr_t)data, (caddr_t)&tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else { - tmp = ipflog_clear(unit); - error = COPYOUT((caddr_t)&tmp, (caddr_t)data, - sizeof(tmp)); - if (error) - error = EFAULT; - } - break; - #endif /* IPFILTER_LOG */ - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - RWLOCK_EXIT(&ipf_global); - WRITE_ENTER(&ipf_global); - error = ipfsync(); - } - break; - case SIOCGFRST : - error = fr_outobj((void *)data, fr_fragstats(), - IPFOBJ_FRAGSTAT); - break; - case FIONREAD : - #ifdef IPFILTER_LOG - tmp = (int)iplused[IPL_LOGIPF]; - - error = COPYOUT((caddr_t)&tmp, (caddr_t)data, sizeof(tmp)); - if (error != 0) - error = EFAULT; - #endif - break; - default : - cmn_err(CE_NOTE, "Unknown: cmd %#x data %p", cmd, (void *)data); - error = EINVAL; - break; - } RWLOCK_EXIT(&ipf_global); return error; } --- 237,249 ---- READ_ENTER(&ipf_global); ! error = fr_ioctlswitch(unit, (caddr_t)data, cmd, mode, ! cp->cr_uid, curproc); if (error != -1) { RWLOCK_EXIT(&ipf_global); return error; } RWLOCK_EXIT(&ipf_global); return error; } *************** *** 1191,1196 **** --- 1003,1009 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 1297,1303 **** } ! int ipf_inject(fr_info_t *fin) { qifpkt_t *qp; --- 1110,1116 ---- } ! int ipf_inject(fr_info_t *fin, mb_t *m) { qifpkt_t *qp; diff -cr ip_fil4.1.13/ip_fil_sunos4.c ip_fil4.1.14/ip_fil_sunos4.c *** ip_fil4.1.13/ip_fil_sunos4.c Sun Mar 26 00:03:03 2006 --- ip_fil4.1.14/ip_fil_sunos4.c Mon Sep 25 20:21:35 2006 *************** *** 54,60 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_sunos4.c,v 2.46.2.19 2006/03/25 13:03:03 darrenr Exp $"; #endif extern struct protosw inetsw[]; --- 54,60 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil_sunos4.c,v 2.46.2.22 2006/09/25 10:21:35 darrenr Exp $"; #endif extern struct protosw inetsw[]; *************** *** 75,81 **** #endif /* IPFILTER_LKM */ ! int iplattach() { int s; --- 75,81 ---- #endif /* IPFILTER_LKM */ ! int ipfattach() { int s; *************** *** 108,114 **** * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipldetach() { int s; --- 108,114 ---- * Disable the filter by removing the hooks from the IP input/output * stream. */ ! int ipfdetach() { int s; *************** *** 143,151 **** caddr_t data; int mode; { ! int s; ! int error = 0, unit = 0, tmp; ! friostat_t fio; unit = GET_MINOR(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) --- 143,150 ---- caddr_t data; int mode; { ! int error = 0, unit = 0; ! SPL_INT(s); unit = GET_MINOR(dev); if ((IPL_LOGMAX < unit) || (unit < 0)) *************** *** 162,318 **** SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { SPL_X(s); return error; } - error = 0; - switch (cmd) - { - case FIONREAD : - #ifdef IPFILTER_LOG - error = COPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data, - sizeof(iplused[IPL_LOGIPF])); - #endif - break; - case SIOCFRENB : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error) - break; - if (tmp) { - if (fr_running > 0) - error = 0; - else - error = iplattach(); - if (error == 0) - fr_running = 1; - else - (void) ipldetach(); - } else { - error = ipldetach(); - if (error == 0) - fr_running = -1; - } - } - break; - case SIOCIPFSET : - if (!(mode & FWRITE)) { - error = EPERM; - break; - } - case SIOCIPFGETNEXT : - case SIOCIPFGET : - error = fr_ipftune(cmd, data); - break; - case SIOCSETFF : - if (!(mode & FWRITE)) - error = EPERM; - else - error = COPYIN(data, &fr_flags, sizeof(fr_flags)); - break; - case SIOCGETFF : - error = COPYOUT(&fr_flags, data, sizeof(fr_flags)); - break; - case SIOCFUNCL : - error = fr_resolvefunc(data); - break; - case SIOCINAFR : - case SIOCRMAFR : - case SIOCADAFR : - case SIOCZRLST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, fr_active, 1); - break; - case SIOCINIFR : - case SIOCRMIFR : - case SIOCADIFR : - if (!(mode & FWRITE)) - error = EPERM; - else - error = frrequest(unit, cmd, data, 1 - fr_active, 1); - break; - case SIOCSWAPA : - if (!(mode & FWRITE)) - error = EPERM; - else { - bzero((char *)frcache, sizeof(frcache[0]) * 2); - *(u_int *)data = fr_active; - fr_active = 1 - fr_active; - } - break; - case SIOCGETFS : - fr_getstat(&fio); - error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); - break; - case SIOCFRZST : - if (!(mode & FWRITE)) - error = EPERM; - else - error = fr_zerostats(data); - break; - case SIOCIPFFL : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 4, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = COPYIN(data, &tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); - error = COPYOUT(&tmp, data, sizeof(tmp)); - } - } - break; - #endif - case SIOCSTLCK : - error = COPYIN(data, &tmp, sizeof(tmp)); - if (error == 0) { - fr_state_lock = tmp; - fr_nat_lock = tmp; - fr_frag_lock = tmp; - fr_auth_lock = tmp; - } else - error = EFAULT; - break; - #ifdef IPFILTER_LOG - case SIOCIPFFB : - if (!(mode & FWRITE)) - error = EPERM; - else - *(int *)data = ipflog_clear(unit); - break; - #endif /* IPFILTER_LOG */ - case SIOCGFRST : - error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT); - break; - case SIOCFRSYN : - if (!(mode & FWRITE)) - error = EPERM; - else { - frsync(NULL); - } - break; - default : - error = EINVAL; - break; - } SPL_X(s); return error; } --- 161,172 ---- SPL_NET(s); ! error = fr_ioctlswitch(unit, data, cmd, mode, curproc->p_uid, curproc); if (error != -1) { SPL_X(s); return error; } SPL_X(s); return error; } *************** *** 623,629 **** int iplinit() { ! if (iplattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } --- 477,483 ---- int iplinit() { ! if (ipfattach() != 0) printf("IP Filter failed to attach\n"); ip_init(); } *************** *** 718,723 **** --- 572,578 ---- case 0 : break; case 1 : + fr_natderef((nat_t **)&fin->fin_nat); ip->ip_sum = 0; break; case -1 : *************** *** 953,961 **** static u_short ipid = 0; u_short id; - MUTEX_ENTER(&ipf_rw); id = ipid++; - MUTEX_EXIT(&ipf_rw); return id; } --- 808,814 ---- *************** *** 1035,1037 **** --- 888,917 ---- fin->fin_flx |= FI_COALESCE; return ip; } + + + int ipf_inject(fin, m) + fr_info_t *fin; + mb_t *m; + { + int error; + + if (fin->fin_out == 0) { + struct ifqueue *ifq; + + ifq = &ipintrq; + + if (IF_QFULL(ifq)) { + IF_DROP(ifq); + FREE_MB_T(m); + error = ENOBUFS; + } else { + IF_ENQUEUE(ifq, m); + error = 0; + } + } else { + error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL); + } + + return error; + } diff -cr ip_fil4.1.13/ip_frag.c ip_fil4.1.14/ip_frag.c *** ip_fil4.1.13/ip_frag.c Sun Feb 26 19:26:54 2006 --- ip_fil4.1.14/ip_frag.c Sat Sep 2 00:09:33 2006 *************** *** 100,119 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.77.2.5 2006/02/26 08:26:54 darrenr Exp $"; #endif ! static ipfr_t *ipfr_list = NULL; ! static ipfr_t **ipfr_tail = &ipfr_list; ! static ipfr_t **ipfr_heads; ! static ipfr_t *ipfr_natlist = NULL; ! static ipfr_t **ipfr_nattail = &ipfr_natlist; ! static ipfr_t **ipfr_nattab; ! static ipfr_t *ipfr_ipidlist = NULL; ! static ipfr_t **ipfr_ipidtail = &ipfr_ipidlist; static ipfr_t **ipfr_ipidtab; static ipfrstat_t ipfr_stats; --- 100,120 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.77.2.8 2006/09/01 14:09:33 darrenr Exp $"; #endif ! ipfr_t *ipfr_list = NULL; ! ipfr_t **ipfr_tail = &ipfr_list; ! ipfr_t *ipfr_natlist = NULL; ! ipfr_t **ipfr_nattail = &ipfr_natlist; ! ipfr_t *ipfr_ipidlist = NULL; ! ipfr_t **ipfr_ipidtail = &ipfr_ipidlist; ! ! static ipfr_t **ipfr_heads; ! static ipfr_t **ipfr_nattab; static ipfr_t **ipfr_ipidtab; static ipfrstat_t ipfr_stats; *************** *** 129,134 **** --- 130,136 ---- static ipfr_t *ipfr_newfrag __P((fr_info_t *, u_32_t, ipfr_t **)); static ipfr_t *fr_fraglookup __P((fr_info_t *, ipfr_t **)); static void fr_fragdelete __P((ipfr_t *, ipfr_t ***)); + static void fr_fragfree __P((ipfr_t *)); /* ------------------------------------------------------------------------ */ *************** *** 305,310 **** --- 307,313 ---- fra->ipfr_seen0 = 1; fra->ipfr_off = off + (fin->fin_dlen >> 3); fra->ipfr_pass = pass; + fra->ipfr_ref = 1; ipfr_stats.ifs_new++; ipfr_inuse++; return fra; *************** *** 685,695 **** static void fr_fragdelete(fra, tail) ipfr_t *fra, ***tail; { - frentry_t *fr; - - fr = fra->ipfr_rule; - if (fr != NULL) - (void)fr_derefrule(&fr); if (fra->ipfr_next) fra->ipfr_next->ipfr_prev = fra->ipfr_prev; --- 688,693 ---- *************** *** 700,706 **** --- 698,719 ---- if (fra->ipfr_hnext) fra->ipfr_hnext->ipfr_hprev = fra->ipfr_hprev; *fra->ipfr_hprev = fra->ipfr_hnext; + + if (fra->ipfr_rule != NULL) { + (void) fr_derefrule(&fra->ipfr_rule); + } + + if (fra->ipfr_ref <= 0) + fr_fragfree(fra); + } + + + static void fr_fragfree(fra) + ipfr_t *fra; + { KFREE(fra); + ipfr_stats.ifs_expire++; + ipfr_inuse--; } *************** *** 718,725 **** nat_t *nat; WRITE_ENTER(&ipf_frag); ! while ((fra = ipfr_list) != NULL) fr_fragdelete(fra, &ipfr_tail); ipfr_tail = &ipfr_list; RWLOCK_EXIT(&ipf_frag); --- 731,740 ---- nat_t *nat; WRITE_ENTER(&ipf_frag); ! while ((fra = ipfr_list) != NULL) { ! fra->ipfr_ref--; fr_fragdelete(fra, &ipfr_tail); + } ipfr_tail = &ipfr_list; RWLOCK_EXIT(&ipf_frag); *************** *** 731,736 **** --- 746,752 ---- if (nat->nat_data == fra) nat->nat_data = NULL; } + fra->ipfr_ref--; fr_fragdelete(fra, &ipfr_nattail); } ipfr_nattail = &ipfr_natlist; *************** *** 764,772 **** for (fp = &ipfr_list; ((fra = *fp) != NULL); ) { if (fra->ipfr_ttl > fr_ticks) break; fr_fragdelete(fra, &ipfr_tail); - ipfr_stats.ifs_expire++; - ipfr_inuse--; } RWLOCK_EXIT(&ipf_frag); --- 780,787 ---- for (fp = &ipfr_list; ((fra = *fp) != NULL); ) { if (fra->ipfr_ttl > fr_ticks) break; + fra->ipfr_ref--; fr_fragdelete(fra, &ipfr_tail); } RWLOCK_EXIT(&ipf_frag); *************** *** 774,782 **** for (fp = &ipfr_ipidlist; ((fra = *fp) != NULL); ) { if (fra->ipfr_ttl > fr_ticks) break; fr_fragdelete(fra, &ipfr_ipidtail); - ipfr_stats.ifs_expire++; - ipfr_inuse--; } RWLOCK_EXIT(&ipf_ipidfrag); --- 789,796 ---- for (fp = &ipfr_ipidlist; ((fra = *fp) != NULL); ) { if (fra->ipfr_ttl > fr_ticks) break; + fra->ipfr_ref--; fr_fragdelete(fra, &ipfr_ipidtail); } RWLOCK_EXIT(&ipf_ipidfrag); *************** *** 786,808 **** * at the one to be free'd, NULL the reference from the NAT struct. * NOTE: We need to grab both mutex's early, and in this order so as * to prevent a deadlock if both try to expire at the same time. */ ! WRITE_ENTER(&ipf_nat); ! WRITE_ENTER(&ipf_natfrag); ! for (fp = &ipfr_natlist; ((fra = *fp) != NULL); ) { ! if (fra->ipfr_ttl > fr_ticks) ! break; ! nat = fra->ipfr_data; ! if (nat != NULL) { ! if (nat->nat_data == fra) ! nat->nat_data = NULL; } ! fr_fragdelete(fra, &ipfr_nattail); ! ipfr_stats.ifs_expire++; ! ipfr_inuse--; } - RWLOCK_EXIT(&ipf_natfrag); - RWLOCK_EXIT(&ipf_nat); SPL_X(s); } --- 800,826 ---- * at the one to be free'd, NULL the reference from the NAT struct. * NOTE: We need to grab both mutex's early, and in this order so as * to prevent a deadlock if both try to expire at the same time. + * The extra if() statement here is because it locks out all NAT + * operations - no need to do that if there are no entries in this + * list, right? */ ! if (ipfr_natlist != NULL) { ! WRITE_ENTER(&ipf_nat); ! WRITE_ENTER(&ipf_natfrag); ! for (fp = &ipfr_natlist; ((fra = *fp) != NULL); ) { ! if (fra->ipfr_ttl > fr_ticks) ! break; ! nat = fra->ipfr_data; ! if (nat != NULL) { ! if (nat->nat_data == fra) ! nat->nat_data = NULL; ! } ! fra->ipfr_ref--; ! fr_fragdelete(fra, &ipfr_nattail); } ! RWLOCK_EXIT(&ipf_natfrag); ! RWLOCK_EXIT(&ipf_nat); } SPL_X(s); } *************** *** 825,830 **** --- 843,849 ---- { READ_ENTER(&ipf_global); + ipf_expiretokens(); fr_fragexpire(); fr_timeoutstate(); fr_natexpire(); *************** *** 858,860 **** --- 877,982 ---- # endif } #endif /* !SOLARIS && !defined(__hpux) && !defined(__sgi) */ + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_nextfrag */ + /* Returns: int - 0 == success, else error */ + /* Parameters: token(I) - pointer to token information for this caller */ + /* itp(I) - pointer to generic iterator from caller */ + /* top(I) - top of the fragment list */ + /* tail(I) - tail of the fragment list */ + /* lock(I) - fragment cache lock */ + /* */ + /* This function is used to interate through the list of entries in the */ + /* fragment cache. It increases the reference count on the one currently */ + /* being returned so that the caller can come back and resume from it later.*/ + /* */ + /* This function is used for both the NAT fragment cache as well as the ipf */ + /* fragment cache - hence the reason for passing in top, tail and lock. */ + /* ------------------------------------------------------------------------ */ + int fr_nextfrag(token, itp, top, tail + #ifdef USE_MUTEXES + , lock + #endif + ) + ipftoken_t *token; + ipfgeniter_t *itp; + ipfr_t **top, ***tail; + #ifdef USE_MUTEXES + ipfrwlock_t *lock; + #endif + { + ipfr_t *frag, *next, zero; + int error = 0; + + frag = token->ipt_data; + if (frag == (ipfr_t *)-1) { + ipf_freetoken(token); + return ESRCH; + } + + READ_ENTER(lock); + if (frag == NULL) + next = *top; + else + next = frag->ipfr_next; + + if (next != NULL) { + ATOMIC_INC(next->ipfr_ref); + token->ipt_data = next; + } else { + bzero(&zero, sizeof(zero)); + next = &zero; + token->ipt_data = (void *)-1; + } + RWLOCK_EXIT(lock); + + if (frag != NULL) { + WRITE_ENTER(lock); + frag->ipfr_ref--; + if (frag->ipfr_ref <= 0) + fr_fragfree(frag); + RWLOCK_EXIT(lock); + } + + error = COPYOUT(next, itp->igi_data, sizeof(*next)); + if (error != 0) + error = EFAULT; + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_fragderef */ + /* Returns: Nil */ + /* Parameters: frp(IO) - pointer to fragment structure to deference */ + /* lock(I) - lock associated with the fragment */ + /* */ + /* This function dereferences a fragment structure (ipfr_t). The pointer */ + /* passed in will always be reset back to NULL, even if the structure is */ + /* not freed, to enforce the notion that the caller is no longer entitled */ + /* to use the pointer it is dropping the reference to. */ + /* ------------------------------------------------------------------------ */ + void fr_fragderef(frp + #ifdef USE_MUTEXES + , lock + #endif + ) + ipfr_t **frp; + #ifdef USE_MUTEXES + ipfrwlock_t *lock; + #endif + { + ipfr_t *fra; + + fra = *frp; + *frp = NULL; + + WRITE_ENTER(lock); + fra->ipfr_ref--; + if (fra->ipfr_ref <= 0) + fr_fragfree(fra); + RWLOCK_EXIT(lock); + } diff -cr ip_fil4.1.13/ip_frag.h ip_fil4.1.14/ip_frag.h *** ip_fil4.1.13/ip_frag.h Sat Jun 11 04:02:37 2005 --- ip_fil4.1.14/ip_frag.h Sun Jul 23 06:55:30 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_frag.h 1.5 3/24/96 ! * $Id: ip_frag.h,v 2.23.2.2 2005/06/10 18:02:37 darrenr Exp $ */ #ifndef __IP_FRAG_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_frag.h 1.5 3/24/96 ! * $Id: ip_frag.h,v 2.23.2.4 2006/07/22 20:55:30 darrenr Exp $ */ #ifndef __IP_FRAG_H__ *************** *** 30,35 **** --- 30,36 ---- u_char ipfr_ttl; u_char ipfr_seen0; frentry_t *ipfr_rule; + int ipfr_ref; } ipfr_t; *************** *** 49,54 **** --- 50,57 ---- #define IPFR_CMPSZ (offsetof(ipfr_t, ipfr_pass) - \ offsetof(ipfr_t, ipfr_ifp)) + extern ipfr_t *ipfr_list, **ipfr_tail; + extern ipfr_t *ipfr_natlist, **ipfr_nattail; extern int ipfr_size; extern int fr_ipfrttl; extern int fr_frag_lock; *************** *** 64,69 **** --- 67,81 ---- extern int fr_ipid_newfrag __P((fr_info_t *, u_32_t)); extern u_32_t fr_ipid_knownfrag __P((fr_info_t *)); + #ifdef USE_MUTEXES + extern void fr_fragderef __P((ipfr_t **, ipfrwlock_t *)); + extern int fr_nextfrag __P((ipftoken_t *, ipfgeniter_t *, ipfr_t **, \ + ipfr_t ***, ipfrwlock_t *)); + #else + extern void fr_fragderef __P((ipfr_t **)); + extern int fr_nextfrag __P((ipftoken_t *, ipfgeniter_t *, ipfr_t **, \ + ipfr_t ***)); + #endif extern void fr_forget __P((void *)); extern void fr_forgetnat __P((void *)); diff -cr ip_fil4.1.13/ip_ftp_pxy.c ip_fil4.1.14/ip_ftp_pxy.c *** ip_fil4.1.13/ip_ftp_pxy.c Sat Apr 1 20:14:53 2006 --- ip_fil4.1.14/ip_ftp_pxy.c Fri Jul 14 16:12:12 2006 *************** *** 6,12 **** * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.88.2.19 2006/04/01 10:14:53 darrenr Exp $ */ #define IPF_FTP_PROXY --- 6,12 ---- * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ftp_pxy.c,v 2.88.2.20 2006/07/14 06:12:12 darrenr Exp $ */ #define IPF_FTP_PROXY *************** *** 368,374 **** } (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_len = slen; ip->ip_src = swip; --- 368,374 ---- } (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_len = slen; ip->ip_src = swip; *************** *** 730,736 **** } (void) fr_addstate(&fi, NULL, sflags); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_len = slen; --- 730,736 ---- } (void) fr_addstate(&fi, NULL, sflags); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_len = slen; diff -cr ip_fil4.1.13/ip_h323_pxy.c ip_fil4.1.14/ip_h323_pxy.c *** ip_fil4.1.13/ip_h323_pxy.c Sat Aug 20 23:48:22 2005 --- ip_fil4.1.14/ip_h323_pxy.c Fri Jul 14 16:12:13 2006 *************** *** 135,141 **** * called with ipf_nat locked. */ if (fr_nat_ioctl((caddr_t)ipn, SIOCRMNAT, NAT_SYSSPACE| ! NAT_LOCKHELD|FWRITE) == -1) { /*EMPTY*/; /* log the error */ } --- 135,141 ---- * called with ipf_nat locked. */ if (fr_nat_ioctl((caddr_t)ipn, SIOCRMNAT, NAT_SYSSPACE| ! NAT_LOCKHELD|FWRITE, 0, NULL) == -1) { /*EMPTY*/; /* log the error */ } *************** *** 199,205 **** */ RWLOCK_EXIT(&ipf_nat); if (fr_nat_ioctl((caddr_t)ipn, SIOCADNAT, ! NAT_SYSSPACE|FWRITE) == -1) { READ_ENTER(&ipf_nat); return -1; } --- 199,205 ---- */ RWLOCK_EXIT(&ipf_nat); if (fr_nat_ioctl((caddr_t)ipn, SIOCADNAT, ! NAT_SYSSPACE|FWRITE, 0, NULL) == -1) { READ_ENTER(&ipf_nat); return -1; } diff -cr ip_fil4.1.13/ip_htable.c ip_fil4.1.14/ip_htable.c *** ip_fil4.1.13/ip_htable.c Mon Nov 14 02:38:37 2005 --- ip_fil4.1.14/ip_htable.c Sat Aug 26 16:28:56 2006 *************** *** 51,57 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_htable.c,v 2.34.2.4 2005/11/13 15:38:37 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP --- 51,57 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_htable.c,v 2.34.2.6 2006/08/26 06:28:56 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP *************** *** 120,126 **** } if ((op->iplo_arg & IPHASH_ANON) == 0) { ! if (fr_findhtable(op->iplo_unit, op->iplo_name) != NULL) { KFREE(iph); return EEXIST; } --- 120,126 ---- } if ((op->iplo_arg & IPHASH_ANON) == 0) { ! if (fr_findhtable(unit, op->iplo_name) != NULL) { KFREE(iph); return EEXIST; } *************** *** 155,161 **** --- 155,163 ---- bzero((char *)iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); iph->iph_masks = 0; + iph->iph_list = NULL; + iph->iph_ref = 1; iph->iph_next = ipf_htables[unit]; iph->iph_pnext = &ipf_htables[unit]; if (ipf_htables[unit] != NULL) *************** *** 175,181 **** { iphtable_t *iph; - iph = fr_findhtable(op->iplo_unit, op->iplo_name); if (iph == NULL) return ESRCH; --- 177,182 ---- *************** *** 198,220 **** iphtable_t *iph; { iphtent_t *ipe; - int i; ! for (i = 0; i < iph->iph_size; i++) ! while ((ipe = iph->iph_table[i]) != NULL) ! if (fr_delhtent(iph, ipe) != 0) ! return; ! *iph->iph_pnext = iph->iph_next; if (iph->iph_next != NULL) iph->iph_next->iph_pnext = iph->iph_pnext; ipf_nhtables[iph->iph_unit]--; ! if (iph->iph_ref == 0) { ! KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); ! KFREE(iph); } } --- 199,254 ---- iphtable_t *iph; { iphtent_t *ipe; ! while ((ipe = iph->iph_list) != NULL) ! if (fr_delhtent(iph, ipe) != 0) ! return; ! if (iph->iph_pnext != NULL) ! *iph->iph_pnext = iph->iph_next; if (iph->iph_next != NULL) iph->iph_next->iph_pnext = iph->iph_pnext; ipf_nhtables[iph->iph_unit]--; ! fr_derefhtable(iph); ! } ! ! ! /* ! * Delete an entry from a hash table. ! */ ! int fr_delhtent(iph, ipe) ! iphtable_t *iph; ! iphtent_t *ipe; ! { ! ! if (ipe->ipe_phnext != NULL) ! *ipe->ipe_phnext = ipe->ipe_hnext; ! if (ipe->ipe_hnext != NULL) ! ipe->ipe_hnext->ipe_phnext = ipe->ipe_phnext; ! ! if (ipe->ipe_pnext != NULL) ! *ipe->ipe_pnext = ipe->ipe_next; ! if (ipe->ipe_next != NULL) ! ipe->ipe_next->ipe_pnext = ipe->ipe_pnext; ! ! switch (iph->iph_type & ~IPHASH_ANON) ! { ! case IPHASH_GROUPMAP : ! if (ipe->ipe_group != NULL) ! fr_delgroup(ipe->ipe_group, IPL_LOGIPF, fr_active); ! break; ! ! default : ! ipe->ipe_ptr = NULL; ! ipe->ipe_value = 0; ! break; } + + fr_derefhtent(ipe); + + return 0; } *************** *** 222,229 **** iphtable_t *iph; { iph->iph_ref--; ! if (iph->iph_ref == 0) ! fr_delhtable(iph); } --- 256,277 ---- iphtable_t *iph; { iph->iph_ref--; ! if (iph->iph_ref == 0) { ! KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); ! KFREE(iph); ! } ! } ! ! ! void fr_derefhtent(ipe) ! iphtent_t *ipe; ! { ! ipe->ipe_ref--; ! if (ipe->ipe_ref == 0) { ! ipf_nhtnodes[ipe->ipe_unit]--; ! ! KFREE(ipe); ! } } *************** *** 285,297 **** hv = IPE_HASH_FN(ipe->ipe_addr.in4_addr, ipe->ipe_mask.in4_addr, iph->iph_size); ! ipe->ipe_ref = 0; ! ipe->ipe_next = iph->iph_table[hv]; ! ipe->ipe_pnext = iph->iph_table + hv; if (iph->iph_table[hv] != NULL) ! iph->iph_table[hv]->ipe_pnext = &ipe->ipe_next; iph->iph_table[hv] = ipe; if ((bits >= 0) && (bits != 32)) iph->iph_masks |= 1 << bits; --- 333,352 ---- hv = IPE_HASH_FN(ipe->ipe_addr.in4_addr, ipe->ipe_mask.in4_addr, iph->iph_size); ! ipe->ipe_ref = 1; ! ipe->ipe_hnext = iph->iph_table[hv]; ! ipe->ipe_phnext = iph->iph_table + hv; if (iph->iph_table[hv] != NULL) ! iph->iph_table[hv]->ipe_phnext = &ipe->ipe_hnext; iph->iph_table[hv] = ipe; + + ipe->ipe_next = iph->iph_list; + ipe->ipe_pnext = &iph->iph_list; + if (ipe->ipe_next != NULL) + ipe->ipe_next->ipe_pnext = &ipe->ipe_next; + iph->iph_list = ipe; + if ((bits >= 0) && (bits != 32)) iph->iph_masks |= 1 << bits; *************** *** 309,352 **** break; } ! ipf_nhtnodes[iph->iph_unit]++; ! ! return 0; ! } ! ! ! /* ! * Delete an entry from a hash table. ! */ ! int fr_delhtent(iph, ipe) ! iphtable_t *iph; ! iphtent_t *ipe; ! { ! ! if (ipe->ipe_ref != 0) ! return EBUSY; ! ! ! *ipe->ipe_pnext = ipe->ipe_next; ! if (ipe->ipe_next != NULL) ! ipe->ipe_next->ipe_pnext = ipe->ipe_pnext; ! ! switch (iph->iph_type & ~IPHASH_ANON) ! { ! case IPHASH_GROUPMAP : ! if (ipe->ipe_group != NULL) ! fr_delgroup(ipe->ipe_group, IPL_LOGIPF, fr_active); ! break; ! ! default : ! ipe->ipe_ptr = NULL; ! ipe->ipe_value = 0; ! break; ! } ! ! KFREE(ipe); ! ! ipf_nhtnodes[iph->iph_unit]--; return 0; } --- 364,371 ---- break; } ! ipe->ipe_unit = iph->iph_unit; ! ipf_nhtnodes[ipe->ipe_unit]++; return 0; } *************** *** 377,398 **** /* ------------------------------------------------------------------------ */ /* Function: fr_iphmfindip */ /* Returns: int - 0 == +ve match, -1 == error, 1 == -ve/no match */ ! /* Parameters: tptr(I) - pointer to the pool to search */ ! /* version(I) - IP protocol version (4 or 6) */ ! /* aptr(I) - pointer to address information */ /* */ /* Search the hash table for a given address and return a search result. */ /* ------------------------------------------------------------------------ */ ! int fr_iphmfindip(tptr, version, aptr) void *tptr, *aptr; ! int version; { struct in_addr *addr; iphtable_t *iph; iphtent_t *ipe; int rval; ! if (version != 4) return -1; if (tptr == NULL || aptr == NULL) --- 396,417 ---- /* ------------------------------------------------------------------------ */ /* Function: fr_iphmfindip */ /* Returns: int - 0 == +ve match, -1 == error, 1 == -ve/no match */ ! /* Parameters: tptr(I) - pointer to the pool to search */ ! /* ipversion(I) - IP protocol version (4 or 6) */ ! /* aptr(I) - pointer to address information */ /* */ /* Search the hash table for a given address and return a search result. */ /* ------------------------------------------------------------------------ */ ! int fr_iphmfindip(tptr, ipversion, aptr) void *tptr, *aptr; ! int ipversion; { struct in_addr *addr; iphtable_t *iph; iphtent_t *ipe; int rval; ! if (ipversion != 4) return -1; if (tptr == NULL || aptr == NULL) *************** *** 426,432 **** maskloop: ips = ntohl(addr->s_addr) & msk; hv = IPE_HASH_FN(ips, msk, iph->iph_size); ! for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_next) { if (ipe->ipe_mask.in4_addr != msk || ipe->ipe_addr.in4_addr != ips) { continue; --- 445,451 ---- maskloop: ips = ntohl(addr->s_addr) & msk; hv = IPE_HASH_FN(ips, msk, iph->iph_size); ! for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_hnext) { if (ipe->ipe_mask.in4_addr != msk || ipe->ipe_addr.in4_addr != ips) { continue; *************** *** 449,452 **** --- 468,600 ---- return ipe; } + + int fr_htable_getnext(token, ilp) + ipftoken_t *token; + ipflookupiter_t *ilp; + { + iphtent_t *node, zn, *nextnode; + iphtable_t *iph, zp, *nextiph; + int err; + + err = 0; + iph = NULL; + node = NULL; + nextiph = NULL; + nextnode = NULL; + + READ_ENTER(&ip_poolrw); + + switch (ilp->ili_otype) + { + case IPFLOOKUPITER_LIST : + iph = token->ipt_data; + if (iph == NULL) { + nextiph = ipf_htables[(int)ilp->ili_unit]; + } else { + nextiph = iph->iph_next; + } + + if (nextiph != NULL) { + ATOMIC_INC(nextiph->iph_ref); + if (nextiph->iph_next == NULL) + token->ipt_alive = 0; + } else { + bzero((char *)&zp, sizeof(zp)); + nextiph = &zp; + } + break; + + case IPFLOOKUPITER_NODE : + node = token->ipt_data; + if (node == NULL) { + iph = fr_findhtable(ilp->ili_unit, ilp->ili_name); + if (iph == NULL) + err = ESRCH; + else { + nextnode = iph->iph_list; + } + } else { + nextnode = node->ipe_next; + } + + if (nextnode != NULL) { + ATOMIC_INC(nextnode->ipe_ref); + if (nextnode->ipe_next == NULL) + token->ipt_alive = 0; + } else { + bzero((char *)&zn, sizeof(zn)); + nextnode = &zn; + } + break; + default : + err = EINVAL; + break; + } + + RWLOCK_EXIT(&ip_poolrw); + if (err != 0) + return err; + + switch (ilp->ili_otype) + { + case IPFLOOKUPITER_LIST : + if (iph != NULL) { + WRITE_ENTER(&ip_poolrw); + fr_derefhtable(iph); + RWLOCK_EXIT(&ip_poolrw); + } + token->ipt_data = nextiph; + err = COPYOUT(nextiph, ilp->ili_data, sizeof(*nextiph)); + if (err != 0) + err = EFAULT; + break; + + case IPFLOOKUPITER_NODE : + if (node != NULL) { + WRITE_ENTER(&ip_poolrw); + fr_derefhtent(node); + RWLOCK_EXIT(&ip_poolrw); + } + token->ipt_data = nextnode; + err = COPYOUT(nextnode, ilp->ili_data, sizeof(*nextnode)); + if (err != 0) + err = EFAULT; + break; + } + + return err; + } + + + void fr_htable_iterderef(otype, unit, data) + u_int otype; + int unit; + void *data; + { + + if (data == NULL) + return; + + if (unit < 0 || unit > IPL_LOGMAX) + return; + + switch (otype) + { + case IPFLOOKUPITER_LIST : + WRITE_ENTER(&ip_poolrw); + fr_derefhtable((iphtable_t *)data); + RWLOCK_EXIT(&ip_poolrw); + break; + + case IPFLOOKUPITER_NODE : + WRITE_ENTER(&ip_poolrw); + fr_derefhtent((iphtent_t *)data); + RWLOCK_EXIT(&ip_poolrw); + break; + default : + break; + } + } + #endif /* IPFILTER_LOOKUP */ diff -cr ip_fil4.1.13/ip_htable.h ip_fil4.1.14/ip_htable.h *** ip_fil4.1.13/ip_htable.h Sun Mar 7 16:00:29 2004 --- ip_fil4.1.14/ip_htable.h Fri Jul 14 16:12:13 2006 *************** *** 5,14 **** --- 5,16 ---- typedef struct iphtent_s { struct iphtent_s *ipe_next, **ipe_pnext; + struct iphtent_s *ipe_hnext, **ipe_phnext; void *ipe_ptr; i6addr_t ipe_addr; i6addr_t ipe_mask; int ipe_ref; + int ipe_unit; union { char ipeu_char[16]; u_long ipeu_long; *************** *** 26,31 **** --- 28,34 ---- ipfrwlock_t iph_rwlock; struct iphtable_s *iph_next, **iph_pnext; struct iphtent_s **iph_table; + struct iphtent_s *iph_list; size_t iph_size; /* size of hash table */ u_long iph_seed; /* hashing seed */ u_32_t iph_flags; *************** *** 61,69 **** --- 64,75 ---- extern int fr_addhtent __P((iphtable_t *, iphtent_t *)); extern int fr_delhtent __P((iphtable_t *, iphtent_t *)); extern void fr_derefhtable __P((iphtable_t *)); + extern void fr_derefhtent __P((iphtent_t *)); extern void fr_delhtable __P((iphtable_t *)); extern void *fr_iphmfindgroup __P((void *, void *)); extern int fr_iphmfindip __P((void *, int, void *)); extern int fr_gethtablestat __P((iplookupop_t *)); + extern int fr_htable_getnext __P((ipftoken_t *, ipflookupiter_t *)); + extern void fr_htable_iterderef __P((u_int, int, void *)); #endif /* __IP_HTABLE_H__ */ diff -cr ip_fil4.1.13/ip_ipsec_pxy.c ip_fil4.1.14/ip_ipsec_pxy.c *** ip_fil4.1.13/ip_ipsec_pxy.c Sat Aug 20 23:48:22 2005 --- ip_fil4.1.14/ip_ipsec_pxy.c Fri Jul 14 16:12:14 2006 *************** *** 6,12 **** * Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ipsec_pxy.c,v 2.20.2.7 2005/08/20 13:48:22 darrenr Exp $ * */ #define IPF_IPSEC_PROXY --- 6,12 ---- * Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_ipsec_pxy.c,v 2.20.2.8 2006/07/14 06:12:14 darrenr Exp $ * */ #define IPF_IPSEC_PROXY *************** *** 177,183 **** ipsec->ipsc_state = fr_addstate(&fi, &ipsec->ipsc_state, SI_WILDP); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_p = p & 0xff; return 0; --- 177,183 ---- ipsec->ipsc_state = fr_addstate(&fi, &ipsec->ipsc_state, SI_WILDP); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_p = p & 0xff; return 0; *************** *** 256,262 **** &ipsec->ipsc_state, SI_WILDP); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_p = p; } --- 256,262 ---- &ipsec->ipsc_state, SI_WILDP); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_p = p; } diff -cr ip_fil4.1.13/ip_irc_pxy.c ip_fil4.1.14/ip_irc_pxy.c *** ip_fil4.1.13/ip_irc_pxy.c Mon Dec 5 10:39:27 2005 --- ip_fil4.1.14/ip_irc_pxy.c Fri Jul 14 16:12:14 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_irc_pxy.c,v 2.39.2.5 2005/12/04 23:39:27 darrenr Exp $ */ #define IPF_IRC_PROXY --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_irc_pxy.c,v 2.39.2.6 2006/07/14 06:12:14 darrenr Exp $ */ #define IPF_IRC_PROXY *************** *** 415,421 **** (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_src = swip; } --- 415,421 ---- (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_src = swip; } diff -cr ip_fil4.1.13/ip_lookup.c ip_fil4.1.14/ip_lookup.c *** ip_fil4.1.13/ip_lookup.c Mon Nov 14 02:35:45 2005 --- ip_fil4.1.14/ip_lookup.c Fri Sep 1 23:36:17 2006 *************** *** 61,67 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.8 2005/11/13 15:35:45 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP --- 61,67 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.12 2006/09/01 13:36:17 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP *************** *** 129,138 **** /* involves just calling another function to handle the specifics of each */ /* command. */ /* ------------------------------------------------------------------------ */ ! int ip_lookup_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; ! int mode; { int err; SPL_INT(s); --- 129,139 ---- /* involves just calling another function to handle the specifics of each */ /* command. */ /* ------------------------------------------------------------------------ */ ! int ip_lookup_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; ! int mode, uid; ! void *ctx; { int err; SPL_INT(s); *************** *** 182,187 **** --- 183,192 ---- RWLOCK_EXIT(&ip_poolrw); break; + case SIOCLOOKUPITER : + err = ip_lookup_iterate(data, uid, ctx); + break; + default : err = EINVAL; break; *************** *** 210,217 **** ip_pool_t *p; int err; ! err = 0; ! BCOPYIN(data, &op, sizeof(op)); op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; switch (op.iplo_type) --- 215,227 ---- ip_pool_t *p; int err; ! err = BCOPYIN(data, &op, sizeof(op)); ! if (err != 0) ! return EFAULT; ! ! if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) ! return EINVAL; ! op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; switch (op.iplo_type) *************** *** 283,288 **** --- 293,301 ---- err = 0; BCOPYIN(data, &op, sizeof(op)); + if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) + return EINVAL; + op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; switch (op.iplo_type) *************** *** 341,348 **** iplookupop_t op; int err; ! err = 0; ! BCOPYIN(data, &op, sizeof(op)); op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; --- 354,365 ---- iplookupop_t op; int err; ! err = BCOPYIN(data, &op, sizeof(op)); ! if (err != 0) ! return EFAULT; ! ! if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) ! return EINVAL; op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; *************** *** 372,378 **** * case of success it will contain the new table's name. */ if ((err == 0) && ((op.iplo_arg & IPOOL_ANON) != 0)) { ! BCOPYOUT(&op, data, sizeof(op)); } return err; --- 389,397 ---- * case of success it will contain the new table's name. */ if ((err == 0) && ((op.iplo_arg & IPOOL_ANON) != 0)) { ! err = BCOPYOUT(&op, data, sizeof(op)); ! if (err != 0) ! err = EFAULT; } return err; *************** *** 393,399 **** iplookupop_t op; int err; ! BCOPYIN(data, &op, sizeof(op)); op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; if (op.iplo_arg & IPLT_ANON) --- 412,424 ---- iplookupop_t op; int err; ! err = BCOPYIN(data, &op, sizeof(op)); ! if (err != 0) ! return EFAULT; ! ! if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) ! return EINVAL; ! op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; if (op.iplo_arg & IPLT_ANON) *************** *** 434,441 **** iplookupop_t op; int err; ! err = 0; ! BCOPYIN(data, &op, sizeof(op)); switch (op.iplo_type) { --- 459,470 ---- iplookupop_t op; int err; ! err = BCOPYIN(data, &op, sizeof(op)); ! if (err != 0) ! return EFAULT; ! ! if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) ! return EINVAL; switch (op.iplo_type) { *************** *** 469,483 **** int err, unit, num, type; iplookupflush_t flush; ! err = 0; ! BCOPYIN(data, &flush, sizeof(flush)); ! ! flush.iplf_name[sizeof(flush.iplf_name) - 1] = '\0'; unit = flush.iplf_unit; if ((unit < 0 || unit > IPL_LOGMAX) && (unit != IPLT_ALL)) return EINVAL; type = flush.iplf_type; err = EINVAL; num = 0; --- 498,513 ---- int err, unit, num, type; iplookupflush_t flush; ! err = BCOPYIN(data, &flush, sizeof(flush)); ! if (err != 0) ! return EFAULT; unit = flush.iplf_unit; if ((unit < 0 || unit > IPL_LOGMAX) && (unit != IPLT_ALL)) return EINVAL; + flush.iplf_name[sizeof(flush.iplf_name) - 1] = '\0'; + type = flush.iplf_type; err = EINVAL; num = 0; *************** *** 494,505 **** if (err == 0) { flush.iplf_count = num; ! err = COPYOUT(&flush, data, sizeof(flush)); } return err; } void ip_lookup_deref(type, ptr) int type; void *ptr; --- 524,546 ---- if (err == 0) { flush.iplf_count = num; ! err = BCOPYOUT(&flush, data, sizeof(flush)); ! if (err != 0) ! err = EFAULT; } return err; } + /* ------------------------------------------------------------------------ */ + /* Function: ip_lookup_delref */ + /* Returns: void */ + /* Parameters: type(I) - table type to operate on */ + /* ptr(I) - pointer to object to remove reference for */ + /* */ + /* This function organises calling the correct deref function for a given */ + /* type of object being passed into it. */ + /* ------------------------------------------------------------------------ */ void ip_lookup_deref(type, ptr) int type; void *ptr; *************** *** 522,534 **** } #else /* IPFILTER_LOOKUP */ /*ARGSUSED*/ ! int ip_lookup_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; ! int mode; { return EIO; } --- 563,660 ---- } + /* ------------------------------------------------------------------------ */ + /* Function: ip_lookup_iterate */ + /* Returns: int - 0 = success, else error */ + /* Parameters: data(I) - pointer to data from ioctl call */ + /* */ + /* Decodes ioctl request to step through either hash tables or pools. */ + /* ------------------------------------------------------------------------ */ + int ip_lookup_iterate(data, uid, ctx) + void *data; + int uid; + void *ctx; + { + ipflookupiter_t iter; + ipftoken_t *token; + int err; + + err = fr_inobj(data, &iter, IPFOBJ_LOOKUPITER); + if (err != 0) + return err; + + if (iter.ili_unit < 0 || iter.ili_unit > IPL_LOGMAX) + return EINVAL; + + if (iter.ili_ival != IPFGENITER_LOOKUP) + return EINVAL; + + token = ipf_findtoken(iter.ili_key, uid, ctx); + if (token == NULL) { + RWLOCK_EXIT(&ipf_tokens); + return ESRCH; + } + + switch (iter.ili_type) + { + case IPLT_POOL : + err = ip_pool_getnext(token, &iter); + break; + case IPLT_HASH : + err = fr_htable_getnext(token, &iter); + break; + default : + err = EINVAL; + break; + } + RWLOCK_EXIT(&ipf_tokens); + + return err; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: iplookup_iterderef */ + /* Returns: int - 0 = success, else error */ + /* Parameters: data(I) - pointer to data from ioctl call */ + /* */ + /* Decodes ioctl request to remove a particular hash table or pool and */ + /* calls the relevant function to do the cleanup. */ + /* ------------------------------------------------------------------------ */ + void ip_lookup_iterderef(type, data) + u_32_t type; + void *data; + { + iplookupiterkey_t key; + + key.ilik_key = type; + + if (key.ilik_unstr.ilik_ival != IPFGENITER_LOOKUP) + return; + + switch (key.ilik_unstr.ilik_type) + { + case IPLT_HASH : + fr_htable_iterderef((u_int)key.ilik_unstr.ilik_otype, + (int)key.ilik_unstr.ilik_unit, data); + break; + case IPLT_POOL : + ip_pool_iterderef((u_int)key.ilik_unstr.ilik_otype, + (int)key.ilik_unstr.ilik_unit, data); + break; + } + } + + + #else /* IPFILTER_LOOKUP */ /*ARGSUSED*/ ! int ip_lookup_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; ! int mode, uid; ! void *ctx; { return EIO; } diff -cr ip_fil4.1.13/ip_lookup.h ip_fil4.1.14/ip_lookup.h *** ip_fil4.1.13/ip_lookup.h Sun Jun 12 17:18:21 2005 --- ip_fil4.1.14/ip_lookup.h Fri Jul 14 16:12:14 2006 *************** *** 55,63 **** #define IPLT_ANON 0x80000000 extern int ip_lookup_init __P((void)); ! extern int ip_lookup_ioctl __P((caddr_t, ioctlcmd_t, int)); extern void ip_lookup_unload __P((void)); extern void ip_lookup_deref __P((int, void *)); #endif /* __IP_LOOKUP_H__ */ --- 55,93 ---- #define IPLT_ANON 0x80000000 + + typedef union { + struct iplookupiterkey { + char ilik_ival; + u_char ilik_type; /* IPLT_* */ + u_char ilik_otype; + char ilik_unit; /* IPL_LOG* */ + } ilik_unstr; + u_32_t ilik_key; + } iplookupiterkey_t; + + typedef struct ipflookupiter { + int ili_nitems; + iplookupiterkey_t ili_lkey; + char ili_name[FR_GROUPLEN]; + void *ili_data; + } ipflookupiter_t; + + #define ili_key ili_lkey.ilik_key + #define ili_ival ili_lkey.ilik_unstr.ilik_ival + #define ili_unit ili_lkey.ilik_unstr.ilik_unit + #define ili_type ili_lkey.ilik_unstr.ilik_type + #define ili_otype ili_lkey.ilik_unstr.ilik_otype + + #define IPFLOOKUPITER_LIST 0 + #define IPFLOOKUPITER_NODE 1 + + extern int ip_lookup_init __P((void)); ! extern int ip_lookup_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern void ip_lookup_unload __P((void)); extern void ip_lookup_deref __P((int, void *)); + extern int ip_lookup_iterate __P((void *, int, void *)); + extern void ip_lookup_iterderef __P((u_32_t, void *)); #endif /* __IP_LOOKUP_H__ */ diff -cr ip_fil4.1.13/ip_nat.c ip_fil4.1.14/ip_nat.c *** ip_fil4.1.13/ip_nat.c Sat Apr 1 20:15:34 2006 --- ip_fil4.1.14/ip_nat.c Sun Oct 1 07:43:25 2006 *************** *** 107,113 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.195.2.56 2006/04/01 10:15:34 darrenr Exp $"; #endif --- 107,113 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.195.2.64 2006/09/30 21:43:25 darrenr Exp $"; #endif *************** *** 147,153 **** u_32_t rdr_masks = 0; ipnat_t **nat_rules = NULL; ipnat_t **rdr_rules = NULL; ! hostmap_t **maptable = NULL; ipftq_t nat_tqb[IPF_TCP_NSTATES]; ipftq_t nat_udptq; ipftq_t nat_icmptq; --- 147,154 ---- u_32_t rdr_masks = 0; ipnat_t **nat_rules = NULL; ipnat_t **rdr_rules = NULL; ! hostmap_t **ipf_hm_maptable = NULL; ! hostmap_t *ipf_hm_maplist = NULL; ipftq_t nat_tqb[IPF_TCP_NSTATES]; ipftq_t nat_udptq; ipftq_t nat_icmptq; *************** *** 185,191 **** static INLINE int nat_newrdr __P((fr_info_t *, nat_t *, natinfo_t *)); static hostmap_t *nat_hostmap __P((ipnat_t *, struct in_addr, struct in_addr, struct in_addr, u_32_t)); - static void nat_hostmapdel __P((struct hostmap *)); static int nat_icmpquerytype4 __P((int)); static int nat_siocaddnat __P((ipnat_t *, ipnat_t **, int)); static void nat_siocdelnat __P((ipnat_t *, ipnat_t **, int)); --- 186,191 ---- *************** *** 195,200 **** --- 195,202 ---- static nat_t *fr_natclone __P((fr_info_t *, nat_t *)); static void nat_mssclamp __P((tcphdr_t *, u_32_t, fr_info_t *, u_short *)); static int nat_wildok __P((nat_t *, int, int, int, int)); + static int nat_getnext __P((ipftoken_t *, ipfgeniter_t *)); + static int nat_iterator __P((ipftoken_t *, ipfgeniter_t *)); /* ------------------------------------------------------------------------ */ *************** *** 232,242 **** else return -4; ! KMALLOCS(maptable, hostmap_t **, sizeof(hostmap_t *) * ipf_hostmap_sz); ! if (maptable != NULL) ! bzero((char *)maptable, sizeof(hostmap_t *) * ipf_hostmap_sz); else return -5; KMALLOCS(nat_stats.ns_bucketlen[0], u_long *, ipf_nattable_sz * sizeof(u_long)); --- 234,247 ---- else return -4; ! KMALLOCS(ipf_hm_maptable, hostmap_t **, \ ! sizeof(hostmap_t *) * ipf_hostmap_sz); ! if (ipf_hm_maptable != NULL) ! bzero((char *)ipf_hm_maptable, ! sizeof(hostmap_t *) * ipf_hostmap_sz); else return -5; + ipf_hm_maplist = NULL; KMALLOCS(nat_stats.ns_bucketlen[0], u_long *, ipf_nattable_sz * sizeof(u_long)); *************** *** 436,442 **** hv += src.s_addr; hv += dst.s_addr; hv %= HOSTMAP_SIZE; ! for (hm = maptable[hv]; hm; hm = hm->hm_next) if ((hm->hm_srcip.s_addr == src.s_addr) && (hm->hm_dstip.s_addr == dst.s_addr) && ((np == NULL) || (np == hm->hm_ipnat)) && --- 441,447 ---- hv += src.s_addr; hv += dst.s_addr; hv %= HOSTMAP_SIZE; ! for (hm = ipf_hm_maptable[hv]; hm; hm = hm->hm_next) if ((hm->hm_srcip.s_addr == src.s_addr) && (hm->hm_dstip.s_addr == dst.s_addr) && ((np == NULL) || (np == hm->hm_ipnat)) && *************** *** 450,460 **** KMALLOC(hm, hostmap_t *); if (hm) { ! hm->hm_next = maptable[hv]; ! hm->hm_pnext = maptable + hv; ! if (maptable[hv] != NULL) ! maptable[hv]->hm_pnext = &hm->hm_next; ! maptable[hv] = hm; hm->hm_ipnat = np; hm->hm_srcip = src; hm->hm_dstip = dst; --- 455,470 ---- KMALLOC(hm, hostmap_t *); if (hm) { ! hm->hm_next = ipf_hm_maplist; ! hm->hm_pnext = &ipf_hm_maplist; ! if (ipf_hm_maplist != NULL) ! ipf_hm_maplist->hm_pnext = &hm->hm_next; ! ipf_hm_maplist = hm; ! hm->hm_hnext = ipf_hm_maptable[hv]; ! hm->hm_phnext = ipf_hm_maptable + hv; ! if (ipf_hm_maptable[hv] != NULL) ! ipf_hm_maptable[hv]->hm_phnext = &hm->hm_hnext; ! ipf_hm_maptable[hv] = hm; hm->hm_ipnat = np; hm->hm_srcip = src; hm->hm_dstip = dst; *************** *** 467,485 **** /* ------------------------------------------------------------------------ */ ! /* Function: nat_hostmapdel */ /* Returns: Nil */ ! /* Parameters: hm(I) - pointer to hostmap structure */ /* Write Locks: ipf_nat */ /* */ /* Decrement the references to this hostmap structure by one. If this */ /* reaches zero then remove it and free it. */ /* ------------------------------------------------------------------------ */ ! static void nat_hostmapdel(hm) ! struct hostmap *hm; { hm->hm_ref--; if (hm->hm_ref == 0) { if (hm->hm_next) hm->hm_next->hm_pnext = hm->hm_pnext; *hm->hm_pnext = hm->hm_next; --- 477,503 ---- /* ------------------------------------------------------------------------ */ ! /* Function: fr_hostmapdel */ /* Returns: Nil */ ! /* Parameters: hmp(I) - pointer to hostmap structure pointer */ /* Write Locks: ipf_nat */ /* */ /* Decrement the references to this hostmap structure by one. If this */ /* reaches zero then remove it and free it. */ /* ------------------------------------------------------------------------ */ ! void fr_hostmapdel(hmp) ! struct hostmap **hmp; { + struct hostmap *hm; + + hm = *hmp; + *hmp = NULL; + hm->hm_ref--; if (hm->hm_ref == 0) { + if (hm->hm_hnext) + hm->hm_hnext->hm_phnext = hm->hm_phnext; + *hm->hm_phnext = hm->hm_hnext; if (hm->hm_next) hm->hm_next->hm_pnext = hm->hm_pnext; *hm->hm_pnext = hm->hm_next; *************** *** 609,618 **** /* */ /* Processes an ioctl call made to operate on the IP Filter NAT device. */ /* ------------------------------------------------------------------------ */ ! int fr_nat_ioctl(data, cmd, mode) ioctlcmd_t cmd; caddr_t data; ! int mode; { ipnat_t *nat, *nt, *n = NULL, **np = NULL; int error = 0, ret, arg, getlock; --- 627,637 ---- /* */ /* Processes an ioctl call made to operate on the IP Filter NAT device. */ /* ------------------------------------------------------------------------ */ ! int fr_nat_ioctl(data, cmd, mode, uid, ctx) ioctlcmd_t cmd; caddr_t data; ! int mode, uid; ! void *ctx; { ipnat_t *nat, *nt, *n = NULL, **np = NULL; int error = 0, ret, arg, getlock; *************** *** 643,651 **** } else { error = fr_inobj(data, &natd, IPFOBJ_IPNAT); } - - } else if (cmd == (ioctlcmd_t)SIOCIPFFL) { /* SIOCFLNAT & SIOCCNATL */ - BCOPYIN(data, &arg, sizeof(arg)); } if (error != 0) --- 662,667 ---- *************** *** 674,679 **** --- 690,710 ---- switch (cmd) { + case SIOCGENITER : + { + ipfgeniter_t iter; + ipftoken_t *token; + + error = fr_inobj(data, &iter, IPFOBJ_GENITER); + if (error != 0) + break; + + token = ipf_findtoken(iter.igi_type, uid, ctx); + if (token != NULL) + error = nat_iterator(token, &iter); + RWLOCK_EXIT(&ipf_tokens); + break; + } #ifdef IPFILTER_LOG case SIOCIPFFB : { *************** *** 683,707 **** error = EPERM; else { tmp = ipflog_clear(IPL_LOGNAT); ! BCOPYOUT((char *)&tmp, (char *)data, sizeof(tmp)); } break; } case SIOCSETLG : if (!(mode & FWRITE)) error = EPERM; else { ! BCOPYIN((char *)data, (char *)&nat_logging, ! sizeof(nat_logging)); } break; case SIOCGETLG : ! BCOPYOUT((char *)&nat_logging, (char *)data, ! sizeof(nat_logging)); break; case FIONREAD : arg = iplused[IPL_LOGNAT]; ! BCOPYOUT(&arg, data, sizeof(arg)); break; #endif case SIOCADNAT : --- 714,750 ---- error = EPERM; else { tmp = ipflog_clear(IPL_LOGNAT); ! error = BCOPYOUT((char *)&tmp, (char *)data, ! sizeof(tmp)); ! if (error != 0) ! error = EFAULT; } break; } + case SIOCSETLG : if (!(mode & FWRITE)) error = EPERM; else { ! error = BCOPYIN((char *)data, (char *)&nat_logging, ! sizeof(nat_logging)); ! if (error != 0) ! error = EFAULT; } break; + case SIOCGETLG : ! error = BCOPYOUT((char *)&nat_logging, (char *)data, ! sizeof(nat_logging)); ! if (error != 0) ! error = EFAULT; break; + case FIONREAD : arg = iplused[IPL_LOGNAT]; ! error = BCOPYOUT(&arg, data, sizeof(arg)); ! if (error != 0) ! error = EFAULT; break; #endif case SIOCADNAT : *************** *** 722,727 **** --- 765,771 ---- if (error == 0) nt = NULL; break; + case SIOCRMNAT : if (!(mode & FWRITE)) { error = EPERM; *************** *** 739,749 **** MUTEX_EXIT(&ipf_natio); n = NULL; break; case SIOCGNATS : nat_stats.ns_table[0] = nat_table[0]; nat_stats.ns_table[1] = nat_table[1]; nat_stats.ns_list = nat_list; ! nat_stats.ns_maptable = maptable; nat_stats.ns_nattab_sz = ipf_nattable_sz; nat_stats.ns_nattab_max = ipf_nattable_max; nat_stats.ns_rultab_sz = ipf_natrules_sz; --- 783,795 ---- MUTEX_EXIT(&ipf_natio); n = NULL; break; + case SIOCGNATS : nat_stats.ns_table[0] = nat_table[0]; nat_stats.ns_table[1] = nat_table[1]; nat_stats.ns_list = nat_list; ! nat_stats.ns_maptable = ipf_hm_maptable; ! nat_stats.ns_maplist = ipf_hm_maplist; nat_stats.ns_nattab_sz = ipf_nattable_sz; nat_stats.ns_nattab_max = ipf_nattable_max; nat_stats.ns_rultab_sz = ipf_natrules_sz; *************** *** 753,758 **** --- 799,805 ---- nat_stats.ns_apslist = ap_sess_list; error = fr_outobj(data, &nat_stats, IPFOBJ_NATSTAT); break; + case SIOCGNATL : { natlookup_t nl; *************** *** 773,778 **** --- 820,826 ---- } break; } + case SIOCIPFFL : /* old SIOCFLNAT & SIOCCNATL */ if (!(mode & FWRITE)) { error = EPERM; *************** *** 781,803 **** if (getlock) { WRITE_ENTER(&ipf_nat); } ! error = 0; ! if (arg == 0) ! ret = nat_flushtable(); ! else if (arg == 1) ! ret = nat_clearlist(); ! else ! error = EINVAL; if (getlock) { RWLOCK_EXIT(&ipf_nat); } if (error == 0) { ! BCOPYOUT(&ret, data, sizeof(ret)); } break; case SIOCPROXY : ! error = appr_ioctl(data, cmd, mode); break; case SIOCSTLCK : if (!(mode & FWRITE)) { error = EPERM; --- 829,859 ---- if (getlock) { WRITE_ENTER(&ipf_nat); } ! ! error = BCOPYIN(data, &arg, sizeof(arg)); ! if (error != 0) ! error = EFAULT; ! else { ! if (arg == 0) ! ret = nat_flushtable(); ! else if (arg == 1) ! ret = nat_clearlist(); ! else ! error = EINVAL; ! } ! if (getlock) { RWLOCK_EXIT(&ipf_nat); } if (error == 0) { ! error = BCOPYOUT(&ret, data, sizeof(ret)); } break; + case SIOCPROXY : ! error = appr_ioctl(data, cmd, mode, ctx); break; + case SIOCSTLCK : if (!(mode & FWRITE)) { error = EPERM; *************** *** 805,810 **** --- 861,867 ---- fr_lock(data, &fr_nat_lock); } break; + case SIOCSTPUT : if ((mode & FWRITE) != 0) { error = fr_natputent(data, getlock); *************** *** 812,817 **** --- 869,875 ---- error = EACCES; } break; + case SIOCSTGSZ : if (fr_nat_lock) { if (getlock) { *************** *** 824,829 **** --- 882,888 ---- } else error = EACCES; break; + case SIOCSTGET : if (fr_nat_lock) { if (getlock) { *************** *** 836,847 **** } else error = EACCES; break; default : error = EINVAL; break; } done: ! if (nt) KFREE(nt); return error; } --- 895,915 ---- } else error = EACCES; break; + + case SIOCIPFDELTOK : + error = BCOPYIN((caddr_t)data, (caddr_t)&arg, sizeof(arg)); + if (error == 0) + error = ipf_deltoken(arg, uid, ctx); + else + error = EFAULT; + break; + default : error = EINVAL; break; } done: ! if (nt != NULL) KFREE(nt); return error; } *************** *** 969,974 **** --- 1037,1044 ---- n->in_flags &= ~IPN_NOTSRC; nat_addnat(n); } + MUTEX_INIT(&n->in_lock, "ipnat rule lock"); + n = NULL; nat_stats.ns_rules++; #if SOLARIS *************** *** 1093,1099 **** nat_t *nat, *n; natget_t ng; ! BCOPYIN(data, &ng, sizeof(ng)); nat = ng.ng_ptr; if (!nat) { --- 1163,1170 ---- nat_t *nat, *n; natget_t ng; ! if (BCOPYIN(data, &ng, sizeof(ng)) != 0) ! return EFAULT; nat = ng.ng_ptr; if (!nat) { *************** *** 1103,1109 **** * Empty list so the size returned is 0. Simple. */ if (nat == NULL) { ! BCOPYOUT(&ng, data, sizeof(ng)); return 0; } } else { --- 1174,1181 ---- * Empty list so the size returned is 0. Simple. */ if (nat == NULL) { ! if (BCOPYOUT(&ng, data, sizeof(ng)) != 0) ! return EFAULT; return 0; } } else { *************** *** 1130,1136 **** ng.ng_sz += aps->aps_psiz; } ! BCOPYOUT(&ng, data, sizeof(ng)); return 0; } --- 1202,1209 ---- ng.ng_sz += aps->aps_psiz; } ! if (BCOPYOUT(&ng, data, sizeof(ng)) != 0) ! return EFAULT; return 0; } *************** *** 1354,1361 **** */ bzero((char *)&fin, sizeof(fin)); fin.fin_p = nat->nat_p; - fin.fin_ifp = nat->nat_ifps[0]; if (nat->nat_dir == NAT_OUTBOUND) { fin.fin_data[0] = ntohs(nat->nat_oport); fin.fin_data[1] = ntohs(nat->nat_outport); if (getlock) { --- 1427,1434 ---- */ bzero((char *)&fin, sizeof(fin)); fin.fin_p = nat->nat_p; if (nat->nat_dir == NAT_OUTBOUND) { + fin.fin_ifp = nat->nat_ifps[0]; fin.fin_data[0] = ntohs(nat->nat_oport); fin.fin_data[1] = ntohs(nat->nat_outport); if (getlock) { *************** *** 1371,1376 **** --- 1444,1450 ---- goto junkput; } } else if (nat->nat_dir == NAT_INBOUND) { + fin.fin_ifp = nat->nat_ifps[0]; fin.fin_data[0] = ntohs(nat->nat_outport); fin.fin_data[1] = ntohs(nat->nat_oport); if (getlock) { *************** *** 1498,1504 **** junkput: if (fr != NULL) ! fr_derefrule(&fr); if ((ipnn != NULL) && (ipnn != &ipn)) { KFREES(ipnn, ipn.ipn_dsize); --- 1572,1578 ---- junkput: if (fr != NULL) ! (void) fr_derefrule(&fr); if ((ipnn != NULL) && (ipnn != &ipn)) { KFREES(ipnn, ipn.ipn_dsize); *************** *** 1580,1586 **** nat->nat_me = NULL; } ! fr_deletequeueentry(&nat->nat_tqe); nat->nat_ref--; if (nat->nat_ref > 0) { --- 1654,1661 ---- nat->nat_me = NULL; } ! if (nat->nat_tqe.tqe_ifq != NULL) ! fr_deletequeueentry(&nat->nat_tqe); nat->nat_ref--; if (nat->nat_ref > 0) { *************** *** 1597,1606 **** #endif if (nat->nat_fr != NULL) ! (void)fr_derefrule(&nat->nat_fr); if (nat->nat_hm != NULL) ! nat_hostmapdel(nat->nat_hm); /* * If there is an active reference from the nat entry to its parent --- 1672,1681 ---- #endif if (nat->nat_fr != NULL) ! (void) fr_derefrule(&nat->nat_fr); if (nat->nat_hm != NULL) ! fr_hostmapdel(&nat->nat_hm); /* * If there is an active reference from the nat entry to its parent *************** *** 1609,1626 **** */ ipn = nat->nat_ptr; if (ipn != NULL) { ! ipn->in_space++; ! ipn->in_use--; ! if (ipn->in_use == 0 && (ipn->in_flags & IPN_DELETE)) { ! if (ipn->in_apr) ! appr_free(ipn->in_apr); ! KFREE(ipn); ! nat_stats.ns_rules--; ! #if SOLARIS ! if (nat_stats.ns_rules == 0) ! pfil_delayed_copy = 1; ! #endif ! } } MUTEX_DESTROY(&nat->nat_lock); --- 1684,1690 ---- */ ipn = nat->nat_ptr; if (ipn != NULL) { ! fr_ipnatderef(&ipn); } MUTEX_DESTROY(&nat->nat_lock); *************** *** 1776,1783 **** if (hm != NULL) in.s_addr = hm->hm_mapip.s_addr; } else if ((l == 1) && (hm != NULL)) { ! nat_hostmapdel(hm); ! hm = NULL; } in.s_addr = ntohl(in.s_addr); --- 1840,1846 ---- if (hm != NULL) in.s_addr = hm->hm_mapip.s_addr; } else if ((l == 1) && (hm != NULL)) { ! fr_hostmapdel(&hm); } in.s_addr = ntohl(in.s_addr); *************** *** 2247,2252 **** --- 2310,2316 ---- bzero((char *)nat, sizeof(*nat)); nat->nat_flags = flags; + nat->nat_redir = np->in_redir; if ((flags & NAT_SLAVE) == 0) { MUTEX_ENTER(&ipf_nat_new); *************** *** 2359,2365 **** badnat: nat_stats.ns_badnat++; if ((hm = nat->nat_hm) != NULL) ! nat_hostmapdel(hm); KFREE(nat); nat = NULL; done: --- 2423,2429 ---- badnat: nat_stats.ns_badnat++; if ((hm = nat->nat_hm) != NULL) ! fr_hostmapdel(&hm); KFREE(nat); nat = NULL; done: *************** *** 2686,2692 **** int dir; { u_32_t sum1, sum2, sumd, sumd2; ! struct in_addr in; icmphdr_t *icmp; int flags, dlen; u_short *csump; --- 2750,2756 ---- int dir; { u_32_t sum1, sum2, sumd, sumd2; ! struct in_addr a1, a2; icmphdr_t *icmp; int flags, dlen; u_short *csump; *************** *** 2749,2840 **** * adjustment of the ICMP checksum of the ICMP error message. */ ! if (oip->ip_dst.s_addr == nat->nat_oip.s_addr) { ! sum1 = LONG_SUM(ntohl(oip->ip_src.s_addr)); ! in = nat->nat_inip; ! oip->ip_src = in; } else { ! sum1 = LONG_SUM(ntohl(oip->ip_dst.s_addr)); ! in = nat->nat_outip; ! oip->ip_dst = in; } ! sum2 = LONG_SUM(ntohl(in.s_addr)); ! CALC_SUMD(sum1, sum2, sumd); ! /* ! * Fix IP checksum of the offending IP packet to adjust for ! * the change in the IP address. ! * ! * Normally, you would expect that the ICMP checksum of the ! * ICMP error message needs to be adjusted as well for the ! * IP address change in oip. ! * However, this is a NOP, because the ICMP checksum is ! * calculated over the complete ICMP packet, which includes the ! * changed oip IP addresses and oip->ip_sum. However, these ! * two changes cancel each other out (if the delta for ! * the IP address is x, then the delta for ip_sum is minus x), ! * so no change in the icmp_cksum is necessary. ! * ! * Be careful that nat_dir refers to the direction of the ! * offending IP packet (oip), not to its ICMP response (icmp) ! */ ! fix_datacksum(&oip->ip_sum, sumd); ! /* Fix icmp cksum : IP Addr + Cksum */ ! sumd2 = (sumd >> 16); /* * Fix UDP pseudo header checksum to compensate for the * IP address change. */ - if ((oip->ip_p == IPPROTO_UDP) && (dlen >= 8) && (*csump != 0)) { - /* - * The UDP checksum is optional, only adjust it - * if it has been set. - */ - sum1 = ntohs(*csump); - fix_datacksum(csump, sumd); - sum2 = ntohs(*csump); - - /* - * Fix ICMP checksum to compensate the UDP - * checksum adjustment. - */ - sumd2 = sumd << 1; - CALC_SUMD(sum1, sum2, sumd); - sumd2 += sumd; - } - - /* - * Fix TCP pseudo header checksum to compensate for the - * IP address change. Before we can do the change, we - * must make sure that oip is sufficient large to hold - * the TCP checksum (normally it does not!). - * 18 = offsetof(tcphdr_t, th_sum) + 2 - */ - else if (oip->ip_p == IPPROTO_TCP && dlen >= 18) { - sum1 = ntohs(*csump); - fix_datacksum(csump, sumd); - sum2 = ntohs(*csump); - - /* - * Fix ICMP checksum to compensate the TCP - * checksum adjustment. - */ - sumd2 = sumd << 1; - CALC_SUMD(sum1, sum2, sumd); - sumd2 += sumd; - } else { - if (nat->nat_dir == NAT_OUTBOUND) - sumd2 = ~sumd2; - else - sumd2 = ~sumd2 + 1; - } - if (((flags & IPN_TCPUDP) != 0) && (dlen >= 4)) { - int mode = 0; - /* * Step 2 : * For offending TCP/UDP IP packets, translate the ports as --- 2813,2863 ---- * adjustment of the ICMP checksum of the ICMP error message. */ ! if (nat->nat_dir == NAT_OUTBOUND) { ! a1.s_addr = ntohl(nat->nat_inip.s_addr); ! a2.s_addr = ntohl(oip->ip_src.s_addr); ! oip->ip_src.s_addr = htonl(a1.s_addr); } else { ! a1.s_addr = ntohl(nat->nat_outip.s_addr); ! a2.s_addr = ntohl(oip->ip_dst.s_addr); ! oip->ip_dst.s_addr = htonl(a1.s_addr); } ! sumd = a2.s_addr - a1.s_addr; ! if (sumd != 0) { ! if (a1.s_addr > a2.s_addr) ! sumd--; ! sumd = ~sumd; ! /* ! * Fix IP checksum of the offending IP packet to adjust for ! * the change in the IP address. ! * ! * Normally, you would expect that the ICMP checksum of the ! * ICMP error message needs to be adjusted as well for the ! * IP address change in oip. ! * However, this is a NOP, because the ICMP checksum is ! * calculated over the complete ICMP packet, which includes the ! * changed oip IP addresses and oip->ip_sum. However, these ! * two changes cancel each other out (if the delta for ! * the IP address is x, then the delta for ip_sum is minus x), ! * so no change in the icmp_cksum is necessary. ! * ! * Be careful that nat_dir refers to the direction of the ! * offending IP packet (oip), not to its ICMP response (icmp) ! */ ! fix_datacksum(&oip->ip_sum, sumd); ! } ! sumd2 = sumd; ! sum1 = 0; ! sum2 = 0; /* * Fix UDP pseudo header checksum to compensate for the * IP address change. */ if (((flags & IPN_TCPUDP) != 0) && (dlen >= 4)) { /* * Step 2 : * For offending TCP/UDP IP packets, translate the ports as *************** *** 2855,2879 **** * include the TCP checksum. So we have to check if the * ip->ip_len actually holds the TCP checksum of the oip! */ ! if (nat->nat_oport == tcp->th_dport) { ! if (tcp->th_sport != nat->nat_inport) { ! mode = 1; ! sum1 = ntohs(nat->nat_inport); ! sum2 = ntohs(tcp->th_sport); ! } ! } else if (tcp->th_sport == nat->nat_oport) { ! mode = 2; sum1 = ntohs(nat->nat_outport); sum2 = ntohs(tcp->th_dport); - } ! if (mode == 1) { ! /* ! * Fix ICMP checksum to compensate port adjustment. ! */ ! tcp->th_sport = htons(sum1); /* * Fix udp checksum to compensate port adjustment. * NOTE : the offending IP packet flows the other --- 2878,2897 ---- * include the TCP checksum. So we have to check if the * ip->ip_len actually holds the TCP checksum of the oip! */ + if (nat->nat_dir == NAT_OUTBOUND) { + sum1 = ntohs(nat->nat_inport); + sum2 = ntohs(tcp->th_sport); ! tcp->th_sport = htons(sum1); ! } else { sum1 = ntohs(nat->nat_outport); sum2 = ntohs(tcp->th_dport); ! tcp->th_dport = htons(sum1); ! } + sumd += sum1 - sum2; + if (sumd != 0) { /* * Fix udp checksum to compensate port adjustment. * NOTE : the offending IP packet flows the other *************** *** 2883,2894 **** * it has been set. */ if (oip->ip_p == IPPROTO_UDP) { - sumd = sum1 - sum2; - if ((dlen >= 8) && (*csump != 0)) { fix_datacksum(csump, sumd); } else { ! sumd2 += sumd; } } --- 2901,2912 ---- * it has been set. */ if (oip->ip_p == IPPROTO_UDP) { if ((dlen >= 8) && (*csump != 0)) { fix_datacksum(csump, sumd); } else { ! sumd2 = sum1 - sum2; ! if (sum2 > sum1) ! sumd2--; } } *************** *** 2897,2960 **** * adjustment. NOTE : the offending IP packet flows * the other direction compared to the ICMP message. */ ! if (oip->ip_p == IPPROTO_TCP) { ! sumd = sum1 - sum2; ! if (dlen >= 18) { fix_datacksum(csump, sumd); } else { ! sumd = sum2 - sum1 + 1; ! sumd2 += sumd; } } - } else if (mode == 2) { - /* - * Fix ICMP checksum to compensate port adjustment. - */ - tcp->th_dport = htons(sum1); - - /* - * Fix UDP checksum to compensate port adjustment. - * NOTE : the offending IP packet flows the other - * direction compared to the ICMP message. - * - * The UDP checksum is optional, only adjust - * it if it has been set. - */ - if (oip->ip_p == IPPROTO_UDP) { - sumd = sum1 - sum2; ! if ((dlen >= 8) && (*csump != 0)) { ! fix_datacksum(csump, sumd); ! } else { ! sumd2 += sumd; ! } ! } ! ! /* ! * Fix TCP checksum (if present) to compensate port ! * adjustment. NOTE : the offending IP packet flows ! * the other direction compared to the ICMP message. ! */ ! if (oip->ip_p == IPPROTO_TCP) { ! sumd = sum1 - sum2; ! ! if (dlen >= 18) { ! fix_datacksum(csump, sumd); ! } else { ! if (nat->nat_dir == NAT_INBOUND) ! sumd = sum2 - sum1; ! else ! sumd = sum2 - sum1 + 1; ! sumd2 += sumd; ! } } } - if (sumd2 != 0) { - sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); - sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); - fix_incksum(fin, &icmp->icmp_cksum, sumd2); - } } else if (((flags & IPN_ICMPQUERY) != 0) && (dlen >= 8)) { icmphdr_t *orgicmp; --- 2915,2937 ---- * adjustment. NOTE : the offending IP packet flows * the other direction compared to the ICMP message. */ ! else if (oip->ip_p == IPPROTO_TCP) { if (dlen >= 18) { fix_datacksum(csump, sumd); } else { ! sumd2 = sum2 - sum1; ! if (sum1 > sum2) ! sumd2--; } } ! if (sumd2 != 0) { ! sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); ! sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); ! sumd2 = (sumd2 & 0xffff) + (sumd2 >> 16); ! fix_incksum(fin, &icmp->icmp_cksum, sumd2); } } } else if (((flags & IPN_ICMPQUERY) != 0) && (dlen >= 8)) { icmphdr_t *orgicmp; *************** *** 4284,4292 **** KFREES(rdr_rules, sizeof(ipnat_t *) * ipf_rdrrules_sz); rdr_rules = NULL; } ! if (maptable != NULL) { ! KFREES(maptable, sizeof(hostmap_t *) * ipf_hostmap_sz); ! maptable = NULL; } if (nat_stats.ns_bucketlen[0] != NULL) { KFREES(nat_stats.ns_bucketlen[0], --- 4261,4269 ---- KFREES(rdr_rules, sizeof(ipnat_t *) * ipf_rdrrules_sz); rdr_rules = NULL; } ! if (ipf_hm_maptable != NULL) { ! KFREES(ipf_hm_maptable, sizeof(hostmap_t *) * ipf_hostmap_sz); ! ipf_hm_maptable = NULL; } if (nat_stats.ns_bucketlen[0] != NULL) { KFREES(nat_stats.ns_bucketlen[0], *************** *** 4574,4579 **** --- 4551,4585 ---- /* ------------------------------------------------------------------------ */ + /* Function: fr_ipnatderef */ + /* Returns: Nil */ + /* Parameters: isp(I) - pointer to pointer to NAT rule */ + /* Write Locks: ipf_nat */ + /* */ + /* ------------------------------------------------------------------------ */ + void fr_ipnatderef(inp) + ipnat_t **inp; + { + ipnat_t *in; + + in = *inp; + *inp = NULL; + in->in_space++; + in->in_use--; + if (in->in_use == 0 && (in->in_flags & IPN_DELETE)) { + if (in->in_apr) + appr_free(in->in_apr); + KFREE(in); + nat_stats.ns_rules--; + #if SOLARIS + if (nat_stats.ns_rules == 0) + pfil_delayed_copy = 1; + #endif + } + } + + + /* ------------------------------------------------------------------------ */ /* Function: fr_natderef */ /* Returns: Nil */ /* Parameters: isp(I) - pointer to pointer to NAT table entry */ *************** *** 4854,4856 **** --- 4860,5091 ---- fr_queueappend(&nat->nat_tqe, nifq, nat); return; } + + + /* ------------------------------------------------------------------------ */ + /* Function: nat_getnext */ + /* Returns: int - 0 == ok, else error */ + /* Parameters: t(I) - pointer to ipftoken structure */ + /* itp(I) - pointer to ipfgeniter_t structure */ + /* */ + /* Fetch the next nat/ipnat structure pointer from the linked list and */ + /* copy it out to the storage space pointed to by itp_data. The next item */ + /* in the list to look at is put back in the ipftoken struture. */ + /* If we call ipf_freetoken, the accompanying pointer is set to NULL because*/ + /* ipf_freetoken will call a deref function for us and we dont want to call */ + /* that twice (second time would be in the second switch statement below. */ + /* ------------------------------------------------------------------------ */ + static int nat_getnext(t, itp) + ipftoken_t *t; + ipfgeniter_t *itp; + { + hostmap_t *hm, *nexthm = NULL, zerohm; + ipnat_t *ipn, *nextipnat = NULL, zeroipn; + nat_t *nat, *nextnat = NULL, zeronat; + int error = 0, count; + char *dst; + + READ_ENTER(&ipf_nat); + + switch (itp->igi_type) + { + case IPFGENITER_HOSTMAP : + hm = t->ipt_data; + if (hm == NULL) { + nexthm = ipf_hm_maplist; + } else { + nexthm = hm->hm_next; + } + break; + + case IPFGENITER_IPNAT : + ipn = t->ipt_data; + if (ipn == NULL) { + nextipnat = nat_list; + } else { + nextipnat = ipn->in_next; + } + break; + + case IPFGENITER_NAT : + nat = t->ipt_data; + if (nat == NULL) { + nextnat = nat_instances; + } else { + nextnat = nat->nat_next; + } + break; + default : + return EINVAL; + } + + dst = itp->igi_data; + for (count = itp->igi_nitems; count > 0; count--) { + switch (itp->igi_type) + { + case IPFGENITER_HOSTMAP : + if (nexthm != NULL) { + /*MUTEX_ENTER(&nexthm->hm_lock);*/ + nexthm->hm_ref++; + /*MUTEX_EXIT(&nextipnat->hm_lock);*/ + if (nexthm->hm_next == NULL) { + ipf_freetoken(t); + hm = NULL; + } + } else { + bzero(&zerohm, sizeof(zerohm)); + nexthm = &zerohm; + count = 1; + } + break; + + case IPFGENITER_IPNAT : + if (nextipnat != NULL) { + MUTEX_ENTER(&nextipnat->in_lock); + nextipnat->in_use++; + MUTEX_EXIT(&nextipnat->in_lock); + if (nextipnat->in_next == NULL) { + ipf_freetoken(t); + ipn = NULL; + + } + } else { + bzero(&zeroipn, sizeof(zeroipn)); + nextipnat = &zeroipn; + count = 1; + } + break; + + case IPFGENITER_NAT : + if (nextnat != NULL) { + MUTEX_ENTER(&nextnat->nat_lock); + nextnat->nat_ref++; + MUTEX_EXIT(&nextnat->nat_lock); + if (nextnat->nat_next == NULL) { + ipf_freetoken(t); + nat = NULL; + } + } else { + bzero(&zeronat, sizeof(zeronat)); + nextnat = &zeronat; + count = 1; + } + break; + default : + break; + } + RWLOCK_EXIT(&ipf_nat); + + switch (itp->igi_type) + { + case IPFGENITER_HOSTMAP : + if (hm != NULL) { + WRITE_ENTER(&ipf_nat); + fr_hostmapdel(&hm); + RWLOCK_EXIT(&ipf_nat); + } + t->ipt_data = nexthm; + error = COPYOUT(nexthm, dst, sizeof(*nexthm)); + if (error != 0) + error = EFAULT; + else + dst += sizeof(*nexthm); + break; + + case IPFGENITER_IPNAT : + if (ipn != NULL) + fr_ipnatderef(&ipn); + t->ipt_data = nextipnat; + error = COPYOUT(nextipnat, dst, sizeof(*nextipnat)); + if (error != 0) + error = EFAULT; + else + dst += sizeof(*nextipnat); + break; + + case IPFGENITER_NAT : + if (nat != NULL) + fr_natderef(&nat); + t->ipt_data = nextnat; + error = COPYOUT(nextnat, dst, sizeof(*nextnat)); + if (error != 0) + error = EFAULT; + else + dst += sizeof(*nextnat); + break; + } + + if ((count == 1) || (error != 0)) + break; + + READ_ENTER(&ipf_nat); + + switch (itp->igi_type) + { + case IPFGENITER_HOSTMAP : + hm = nexthm; + nexthm = hm->hm_next; + break; + + case IPFGENITER_IPNAT : + ipn = nextipnat; + nextipnat = ipn->in_next; + break; + + case IPFGENITER_NAT : + nat = nextnat; + nextnat = nat->nat_next; + break; + default : + break; + } + } + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: nat_iterator */ + /* Returns: int - 0 == ok, else error */ + /* Parameters: token(I) - pointer to ipftoken structure */ + /* itp(I) - pointer to ipfgeniter_t structure */ + /* */ + /* This function acts as a handler for the SIOCGENITER ioctls that use a */ + /* generic structure to iterate through a list. There are three different */ + /* linked lists of NAT related information to go through: NAT rules, active */ + /* NAT mappings and the NAT fragment cache. */ + /* ------------------------------------------------------------------------ */ + static int nat_iterator(token, itp) + ipftoken_t *token; + ipfgeniter_t *itp; + { + int error; + + if (itp->igi_data == NULL) + return EFAULT; + + token->ipt_subtype = itp->igi_type; + + switch (itp->igi_type) + { + case IPFGENITER_HOSTMAP : + case IPFGENITER_IPNAT : + case IPFGENITER_NAT : + error = nat_getnext(token, itp); + break; + case IPFGENITER_NATFRAG : + #ifdef USE_MUTEXES + error = fr_nextfrag(token, itp, &ipfr_natlist, + &ipfr_nattail, &ipf_natfrag); + #else + error = fr_nextfrag(token, itp, &ipfr_natlist, &ipfr_nattail); + #endif + break; + default : + error = EINVAL; + break; + } + + return error; + } diff -cr ip_fil4.1.13/ip_nat.h ip_fil4.1.14/ip_nat.h *** ip_fil4.1.13/ip_nat.h Sat Jun 18 12:41:32 2005 --- ip_fil4.1.14/ip_nat.h Sat Sep 2 00:08:17 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.90.2.11 2005/06/18 02:41:32 darrenr Exp $ */ #ifndef __IP_NAT_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.90.2.13 2006/09/01 14:08:17 darrenr Exp $ */ #ifndef __IP_NAT_H__ *************** *** 121,126 **** --- 121,127 ---- int nat_hv[2]; char nat_ifnames[2][LIFNAMSIZ]; int nat_rev; /* 0 = forward, 1 = reverse */ + int nat_redir; /* copy of in_redir */ } nat_t; #define nat_inip nat_inip6.in4 *************** *** 168,173 **** --- 169,175 ---- #define NAT_DEBUG 0x800000 typedef struct ipnat { + ipfmutex_t in_lock; struct ipnat *in_next; /* NAT rule list next */ struct ipnat *in_rnext; /* rdr rule hash next */ struct ipnat **in_prnext; /* prior rdr next ptr */ *************** *** 293,317 **** } natget_t; - #undef tr_flags - typedef struct nattrpnt { - struct in_addr tr_dstip; /* real destination IP# */ - struct in_addr tr_srcip; /* real source IP# */ - struct in_addr tr_locip; /* local source IP# */ - u_int tr_flags; - int tr_expire; - u_short tr_dstport; /* real destination port# */ - u_short tr_srcport; /* real source port# */ - u_short tr_locport; /* local source port# */ - struct nattrpnt *tr_hnext; - struct nattrpnt **tr_phnext; - struct nattrpnt *tr_next; - struct nattrpnt **tr_pnext; /* previous next */ - } nattrpnt_t; - - #define TN_CMPSIZ offsetof(nattrpnt_t, tr_hnext) - - /* * This structure gets used to help NAT sessions keep the same NAT rule (and * thus translation for IP address) when: --- 295,300 ---- *************** *** 319,324 **** --- 302,309 ---- * (b) different IP add */ typedef struct hostmap { + struct hostmap *hm_hnext; + struct hostmap **hm_phnext; struct hostmap *hm_next; struct hostmap **hm_pnext; struct ipnat *hm_ipnat; *************** *** 370,376 **** u_int ns_trpntab_sz; u_int ns_hostmap_sz; nat_t *ns_instances; ! nattrpnt_t *ns_trpntlist; u_long *ns_bucketlen[2]; } natstat_t; --- 355,361 ---- u_int ns_trpntab_sz; u_int ns_hostmap_sz; nat_t *ns_instances; ! hostmap_t *ns_maplist; u_long *ns_bucketlen[2]; } natstat_t; *************** *** 441,447 **** #if defined(__OpenBSD__) extern void nat_ifdetach __P((void *)); #endif ! extern int fr_nat_ioctl __P((caddr_t, ioctlcmd_t, int)); extern int fr_natinit __P((void)); extern nat_t *nat_new __P((fr_info_t *, ipnat_t *, nat_t **, u_int, int)); extern nat_t *nat_outlookup __P((fr_info_t *, u_int, u_int, struct in_addr, --- 426,432 ---- #if defined(__OpenBSD__) extern void nat_ifdetach __P((void *)); #endif ! extern int fr_nat_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern int fr_natinit __P((void)); extern nat_t *nat_new __P((fr_info_t *, ipnat_t *, nat_t **, u_int, int)); extern nat_t *nat_outlookup __P((fr_info_t *, u_int, u_int, struct in_addr, *************** *** 466,474 **** --- 451,461 ---- extern void nat_log __P((struct nat *, u_int)); extern void fix_incksum __P((fr_info_t *, u_short *, u_32_t)); extern void fix_outcksum __P((fr_info_t *, u_short *, u_32_t)); + extern void fr_ipnatderef __P((ipnat_t **)); extern void fr_natderef __P((nat_t **)); extern u_short *nat_proto __P((fr_info_t *, nat_t *, u_int)); extern void nat_update __P((fr_info_t *, nat_t *, ipnat_t *)); extern void fr_setnatqueue __P((nat_t *, int)); + extern void fr_hostmapdel __P((hostmap_t **)); #endif /* __IP_NAT_H__ */ diff -cr ip_fil4.1.13/ip_pool.c ip_fil4.1.14/ip_pool.c *** ip_fil4.1.13/ip_pool.c Mon Nov 14 02:38:37 2005 --- ip_fil4.1.14/ip_pool.c Fri Jul 14 16:12:16 2006 *************** *** 78,84 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.15 2005/11/13 15:38:37 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP --- 78,84 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.16 2006/07/14 06:12:16 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP *************** *** 475,480 **** --- 475,481 ---- return ENOMEM; } + x->ipn_ref = 1; x->ipn_next = ipo->ipo_list; x->ipn_pnext = &ipo->ipo_list; if (ipo->ipo_list != NULL) *************** *** 574,609 **** /* ipe(I) - address being deleted as a node */ /* Locks: WRITE(ip_poolrw) */ /* */ ! /* Add another node to the pool given by ipo. The three parameters passed */ ! /* in (addr, mask, info) shold all be stored in the node. */ /* ------------------------------------------------------------------------ */ int ip_pool_remove(ipo, ipe) ip_pool_t *ipo; ip_pool_node_t *ipe; { - ip_pool_node_t **ipp, *n; ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); ! for (ipp = &ipo->ipo_list; (n = *ipp) != NULL; ipp = &n->ipn_next) { ! if (ipe == n) { ! *n->ipn_pnext = n->ipn_next; ! if (n->ipn_next) ! n->ipn_next->ipn_pnext = n->ipn_pnext; ! break; ! } ! } ! ! if (n == NULL) ! return ENOENT; RADIX_NODE_HEAD_LOCK(ipo->ipo_head); ! ipo->ipo_head->rnh_deladdr(&n->ipn_addr, &n->ipn_mask, ipo->ipo_head); RADIX_NODE_HEAD_UNLOCK(ipo->ipo_head); - KFREE(n); ! ipoolstat.ipls_nodes--; return 0; } --- 575,600 ---- /* ipe(I) - address being deleted as a node */ /* Locks: WRITE(ip_poolrw) */ /* */ ! /* Remove a node from the pool given by ipo. */ /* ------------------------------------------------------------------------ */ int ip_pool_remove(ipo, ipe) ip_pool_t *ipo; ip_pool_node_t *ipe; { ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); ! if (ipe->ipn_pnext != NULL) ! *ipe->ipn_pnext = ipe->ipn_next; ! if (ipe->ipn_next != NULL) ! ipe->ipn_next->ipn_pnext = ipe->ipn_pnext; RADIX_NODE_HEAD_LOCK(ipo->ipo_head); ! ipo->ipo_head->rnh_deladdr(&ipe->ipn_addr, &ipe->ipn_mask, ipo->ipo_head); RADIX_NODE_HEAD_UNLOCK(ipo->ipo_head); ! ip_pool_node_deref(ipe); return 0; } *************** *** 618,624 **** /* Search for a pool using paramters passed in and if it's not otherwise */ /* busy, free it. */ /* */ ! /* NOTE: Because this function is called out of ipldetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ --- 609,615 ---- /* Search for a pool using paramters passed in and if it's not otherwise */ /* busy, free it. */ /* */ ! /* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ *************** *** 648,654 **** /* Free all pools associated with the device that matches the unit number */ /* passed in with operation. */ /* */ ! /* NOTE: Because this function is called out of ipldetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ --- 639,645 ---- /* Free all pools associated with the device that matches the unit number */ /* passed in with operation. */ /* */ ! /* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ *************** *** 690,696 **** /* all of the address information stored in it, including any tree data */ /* structures also allocated. */ /* */ ! /* NOTE: Because this function is called out of ipldetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ --- 681,687 ---- /* all of the address information stored in it, including any tree data */ /* structures also allocated. */ /* */ ! /* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ *************** *** 746,751 **** --- 737,909 ---- } + /* ------------------------------------------------------------------------ */ + /* Function: ip_pool_node_deref */ + /* Returns: void */ + /* Parameters: ipn(I) - pointer to pool structure */ + /* Locks: WRITE(ip_poolrw) */ + /* */ + /* Drop a reference to the pool node passed in and if we're the last, free */ + /* it all up and adjust the stats accordingly. */ + /* ------------------------------------------------------------------------ */ + void ip_pool_node_deref(ipn) + ip_pool_node_t *ipn; + { + + ipn->ipn_ref--; + + if (ipn->ipn_ref == 0) { + KFREE(ipn); + ipoolstat.ipls_nodes--; + } + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ip_pool_getnext */ + /* Returns: void */ + /* Parameters: token(I) - pointer to pool structure */ + /* Parameters: ilp(IO) - pointer to pool iterating structure */ + /* */ + /* ------------------------------------------------------------------------ */ + int ip_pool_getnext(token, ilp) + ipftoken_t *token; + ipflookupiter_t *ilp; + { + ip_pool_node_t *node, zn, *nextnode; + ip_pool_t *ipo, zp, *nextipo; + int err; + + err = 0; + node = NULL; + nextnode = NULL; + ipo = NULL; + nextipo = NULL; + + READ_ENTER(&ip_poolrw); + + switch (ilp->ili_otype) + { + case IPFLOOKUPITER_LIST : + ipo = token->ipt_data; + if (ipo == NULL) { + nextipo = ip_pool_list[(int)ilp->ili_unit]; + } else { + nextipo = ipo->ipo_next; + } + + if (nextipo != NULL) { + ATOMIC_INC(nextipo->ipo_ref); + if (nextipo->ipo_next == NULL) + token->ipt_alive = 0; + } else { + bzero((char *)&zp, sizeof(zp)); + nextipo = &zp; + } + break; + + case IPFLOOKUPITER_NODE : + node = token->ipt_data; + if (node == NULL) { + ipo = ip_pool_find(ilp->ili_unit, ilp->ili_name); + if (ipo == NULL) + err = ESRCH; + else { + nextnode = ipo->ipo_list; + ipo = NULL; + } + } else { + nextnode = node->ipn_next; + } + + if (nextnode != NULL) { + ATOMIC_INC(nextnode->ipn_ref); + if (nextnode->ipn_next == NULL) + token->ipt_alive = 0; + } else { + bzero((char *)&zn, sizeof(zn)); + nextnode = &zn; + } + break; + default : + err = EINVAL; + break; + } + + RWLOCK_EXIT(&ip_poolrw); + + if (err != 0) + return err; + + switch (ilp->ili_otype) + { + case IPFLOOKUPITER_LIST : + if (ipo != NULL) { + WRITE_ENTER(&ip_poolrw); + ip_pool_deref(ipo); + RWLOCK_EXIT(&ip_poolrw); + } + token->ipt_data = nextipo; + err = COPYOUT(nextipo, ilp->ili_data, sizeof(*nextipo)); + if (err != 0) + err = EFAULT; + break; + + case IPFLOOKUPITER_NODE : + if (node != NULL) { + WRITE_ENTER(&ip_poolrw); + ip_pool_node_deref(node); + RWLOCK_EXIT(&ip_poolrw); + } + token->ipt_data = nextnode; + err = COPYOUT(nextnode, ilp->ili_data, sizeof(*nextnode)); + if (err != 0) + err = EFAULT; + break; + } + + return err; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ip_pool_iterderef */ + /* Returns: void */ + /* Parameters: ipn(I) - pointer to pool structure */ + /* Locks: WRITE(ip_poolrw) */ + /* */ + /* ------------------------------------------------------------------------ */ + void ip_pool_iterderef(otype, unit, data) + u_int otype; + int unit; + void *data; + { + + if (data == NULL) + return; + + if (unit < 0 || unit > IPL_LOGMAX) + return; + + switch (otype) + { + case IPFLOOKUPITER_LIST : + WRITE_ENTER(&ip_poolrw); + ip_pool_deref((ip_pool_t *)data); + RWLOCK_EXIT(&ip_poolrw); + break; + + case IPFLOOKUPITER_NODE : + WRITE_ENTER(&ip_poolrw); + ip_pool_node_deref((ip_pool_node_t *)data); + RWLOCK_EXIT(&ip_poolrw); + break; + default : + break; + } + } + + # if defined(_KERNEL) && ((BSD >= 198911) && !defined(__osf__) && \ !defined(__hpux) && !defined(__sgi)) static int *************** *** 780,784 **** Free(rnh); } # endif - #endif /* IPFILTER_LOOKUP */ --- 938,941 ---- diff -cr ip_fil4.1.13/ip_pool.h ip_fil4.1.14/ip_pool.h *** ip_fil4.1.13/ip_pool.h Sun Jun 12 17:18:27 2005 --- ip_fil4.1.14/ip_pool.h Fri Jul 14 16:12:16 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_pool.h,v 2.26.2.3 2005/06/12 07:18:27 darrenr Exp $ */ #ifndef __IP_POOL_H__ --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_pool.h,v 2.26.2.4 2006/07/14 06:12:16 darrenr Exp $ */ #ifndef __IP_POOL_H__ *************** *** 35,42 **** addrfamily_t ipn_addr; addrfamily_t ipn_mask; int ipn_info; ! char ipn_name[FR_GROUPLEN]; ! u_long ipn_hits; struct ip_pool_node *ipn_next, **ipn_pnext; } ip_pool_node_t; --- 35,43 ---- addrfamily_t ipn_addr; addrfamily_t ipn_mask; int ipn_info; ! int ipn_ref; ! char ipn_name[FR_GROUPLEN]; ! u_long ipn_hits; struct ip_pool_node *ipn_next, **ipn_pnext; } ip_pool_node_t; *************** *** 76,85 **** --- 77,89 ---- extern int ip_pool_destroy __P((iplookupop_t *)); extern void ip_pool_free __P((ip_pool_t *)); extern void ip_pool_deref __P((ip_pool_t *)); + extern void ip_pool_node_deref __P((ip_pool_node_t *)); extern void *ip_pool_find __P((int, char *)); extern ip_pool_node_t *ip_pool_findeq __P((ip_pool_t *, addrfamily_t *, addrfamily_t *)); extern int ip_pool_flush __P((iplookupflush_t *)); extern int ip_pool_statistics __P((iplookupop_t *)); + extern int ip_pool_getnext __P((ipftoken_t *, ipflookupiter_t *)); + extern void ip_pool_iterderef __P((u_int, int, void *)); #endif /* __IP_POOL_H__ */ diff -cr ip_fil4.1.13/ip_pptp_pxy.c ip_fil4.1.14/ip_pptp_pxy.c *** ip_fil4.1.13/ip_pptp_pxy.c Fri Mar 17 21:40:05 2006 --- ip_fil4.1.14/ip_pptp_pxy.c Fri Jul 14 16:12:17 2006 *************** *** 4,10 **** * Simple PPTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_pptp_pxy.c,v 2.10.2.13 2006/03/17 10:40:05 darrenr Exp $ * */ #define IPF_PPTP_PROXY --- 4,10 ---- * Simple PPTP transparent proxy for in-kernel use. For use with the NAT * code. * ! * $Id: ip_pptp_pxy.c,v 2.10.2.14 2006/07/14 06:12:17 darrenr Exp $ * */ #define IPF_PPTP_PROXY *************** *** 220,226 **** pptp->pptp_state = fr_addstate(&fi, &pptp->pptp_state, 0); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_p = p; return; --- 220,226 ---- pptp->pptp_state = fr_addstate(&fi, &pptp->pptp_state, 0); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_p = p; return; diff -cr ip_fil4.1.13/ip_proxy.c ip_fil4.1.14/ip_proxy.c *** ip_fil4.1.13/ip_proxy.c Wed Mar 29 21:19:56 2006 --- ip_fil4.1.14/ip_proxy.c Fri Jul 14 16:12:17 2006 *************** *** 103,109 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.62.2.16 2006/03/29 11:19:56 darrenr Exp $"; #endif static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int )); --- 103,109 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.62.2.18 2006/07/14 06:12:17 darrenr Exp $"; #endif static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int )); *************** *** 191,197 **** return -1; } ! for (a = ap_proxylist; a->apr_p; a = a->apr_next) if ((a->apr_p == ap->apr_p) && !strncmp(a->apr_label, ap->apr_label, sizeof(ap->apr_label))) { --- 191,197 ---- return -1; } ! for (a = ap_proxylist; (a != NULL); a = a->apr_next) if ((a->apr_p == ap->apr_p) && !strncmp(a->apr_label, ap->apr_label, sizeof(ap->apr_label))) { *************** *** 288,297 **** } ! int appr_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; int mode; { ap_ctl_t ctl; caddr_t ptr; --- 288,298 ---- } ! int appr_ioctl(data, cmd, mode, ctx) caddr_t data; ioctlcmd_t cmd; int mode; + void *ctx; { ap_ctl_t ctl; caddr_t ptr; diff -cr ip_fil4.1.13/ip_proxy.h ip_fil4.1.14/ip_proxy.h *** ip_fil4.1.13/ip_proxy.h Sat Jun 18 12:41:33 2005 --- ip_fil4.1.14/ip_proxy.h Fri Jul 14 16:12:17 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_proxy.h,v 2.31.2.3 2005/06/18 02:41:33 darrenr Exp $ */ #ifndef __IP_PROXY_H__ --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_proxy.h,v 2.31.2.4 2006/07/14 06:12:17 darrenr Exp $ */ #ifndef __IP_PROXY_H__ *************** *** 453,458 **** extern int appr_check __P((fr_info_t *, struct nat *)); extern aproxy_t *appr_lookup __P((u_int, char *)); extern int appr_new __P((fr_info_t *, struct nat *)); ! extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int)); #endif /* __IP_PROXY_H__ */ --- 453,458 ---- extern int appr_check __P((fr_info_t *, struct nat *)); extern aproxy_t *appr_lookup __P((u_int, char *)); extern int appr_new __P((fr_info_t *, struct nat *)); ! extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int, void *)); #endif /* __IP_PROXY_H__ */ diff -cr ip_fil4.1.13/ip_raudio_pxy.c ip_fil4.1.14/ip_raudio_pxy.c *** ip_fil4.1.13/ip_raudio_pxy.c Fri Feb 4 21:22:55 2005 --- ip_fil4.1.14/ip_raudio_pxy.c Fri Jul 14 16:12:17 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_raudio_pxy.c,v 1.40.2.3 2005/02/04 10:22:55 darrenr Exp $ */ #define IPF_RAUDIO_PROXY --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_raudio_pxy.c,v 1.40.2.4 2006/07/14 06:12:17 darrenr Exp $ */ #define IPF_RAUDIO_PROXY *************** *** 304,310 **** (void) fr_addstate(&fi, NULL, (sp ? 0 : SI_W_SPORT)); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } } --- 304,310 ---- (void) fr_addstate(&fi, NULL, (sp ? 0 : SI_W_SPORT)); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } } *************** *** 324,330 **** (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } } --- 324,330 ---- (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } } diff -cr ip_fil4.1.13/ip_rcmd_pxy.c ip_fil4.1.14/ip_rcmd_pxy.c *** ip_fil4.1.13/ip_rcmd_pxy.c Sat Apr 1 20:14:54 2006 --- ip_fil4.1.14/ip_rcmd_pxy.c Fri Jul 14 16:12:18 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_rcmd_pxy.c,v 1.41.2.6 2006/04/01 10:14:54 darrenr Exp $ * * Simple RCMD transparent proxy for in-kernel use. For use with the NAT * code. --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_rcmd_pxy.c,v 1.41.2.7 2006/07/14 06:12:18 darrenr Exp $ * * Simple RCMD transparent proxy for in-kernel use. For use with the NAT * code. *************** *** 204,210 **** } (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } ip->ip_len = slen; ip->ip_src = swip; --- 204,210 ---- } (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_len = slen; ip->ip_src = swip; diff -cr ip_fil4.1.13/ip_rpcb_pxy.c ip_fil4.1.14/ip_rpcb_pxy.c *** ip_fil4.1.13/ip_rpcb_pxy.c Fri Feb 4 21:22:56 2005 --- ip_fil4.1.14/ip_rpcb_pxy.c Fri Jul 14 16:12:18 2006 *************** *** 37,43 **** * o The enclosed hack of STREAMS support is pretty sick and most likely * broken. * ! * $Id: ip_rpcb_pxy.c,v 2.25.2.3 2005/02/04 10:22:56 darrenr Exp $ */ #define IPF_RPCB_PROXY --- 37,43 ---- * o The enclosed hack of STREAMS support is pretty sick and most likely * broken. * ! * $Id: ip_rpcb_pxy.c,v 2.25.2.4 2006/07/14 06:12:18 darrenr Exp $ */ #define IPF_RPCB_PROXY *************** *** 1271,1277 **** return(-1); } if (fi.fin_state != NULL) ! fr_statederef(&fi, (ipstate_t **)&fi.fin_state); } return(0); --- 1271,1277 ---- return(-1); } if (fi.fin_state != NULL) ! fr_statederef((ipstate_t **)&fi.fin_state); } return(0); diff -cr ip_fil4.1.13/ip_scan.c ip_fil4.1.14/ip_scan.c *** ip_fil4.1.13/ip_scan.c Mon Mar 27 09:06:49 2006 --- ip_fil4.1.14/ip_scan.c Fri Jul 14 16:12:18 2006 *************** *** 58,64 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_scan.c,v 2.40.2.6 2006/03/26 23:06:49 darrenr Exp $"; #endif #ifdef IPFILTER_SCAN /* endif at bottom of file */ --- 58,64 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_scan.c,v 2.40.2.7 2006/07/14 06:12:18 darrenr Exp $"; #endif #ifdef IPFILTER_SCAN /* endif at bottom of file */ *************** *** 568,577 **** } ! int fr_scan_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; ! int mode; { ipscanstat_t ipscs; int err = 0; --- 568,578 ---- } ! int fr_scan_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; ! int mode, uid; ! void *ctx; { ipscanstat_t ipscs; int err = 0; diff -cr ip_fil4.1.13/ip_scan.h ip_fil4.1.14/ip_scan.h *** ip_fil4.1.13/ip_scan.h Sun Jun 12 17:18:29 2005 --- ip_fil4.1.14/ip_scan.h Fri Jul 14 16:12:19 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_scan.h,v 2.9.2.1 2005/06/12 07:18:29 darrenr Exp $ */ #ifndef __IP_SCAN_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_scan.h,v 2.9.2.2 2006/07/14 06:12:19 darrenr Exp $ */ #ifndef __IP_SCAN_H__ *************** *** 94,100 **** } ipscanstat_t; ! extern int fr_scan_ioctl __P((caddr_t, ioctlcmd_t, int)); extern int ipsc_init __P((void)); extern int ipsc_attachis __P((struct ipstate *)); extern int ipsc_attachfr __P((struct frentry *)); --- 94,100 ---- } ipscanstat_t; ! extern int fr_scan_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern int ipsc_init __P((void)); extern int ipsc_attachis __P((struct ipstate *)); extern int ipsc_attachfr __P((struct frentry *)); diff -cr ip_fil4.1.13/ip_state.c ip_fil4.1.14/ip_state.c *** ip_fil4.1.13/ip_state.c Sat Apr 1 20:16:28 2006 --- ip_fil4.1.14/ip_state.c Sat Sep 9 05:11:07 2006 *************** *** 107,113 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.186.2.41 2006/04/01 10:16:28 darrenr Exp $"; #endif static ipstate_t **ips_table = NULL; --- 107,113 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.186.2.48 2006/09/08 19:11:07 darrenr Exp $"; #endif static ipstate_t **ips_table = NULL; *************** *** 133,138 **** --- 133,140 ---- static void fr_fixinisn __P((fr_info_t *, ipstate_t *)); static void fr_fixoutisn __P((fr_info_t *, ipstate_t *)); static void fr_checknewisn __P((fr_info_t *, ipstate_t *)); + static int fr_stateiter __P((ipftoken_t *, ipfgeniter_t *)); + static int fr_stgettable __P((char *)); int fr_stputent __P((caddr_t)); int fr_stgetent __P((caddr_t)); *************** *** 414,423 **** /* */ /* Processes an ioctl call made to operate on the IP Filter state device. */ /* ------------------------------------------------------------------------ */ ! int fr_state_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; ! int mode; { int arg, ret, error = 0; --- 416,426 ---- /* */ /* Processes an ioctl call made to operate on the IP Filter state device. */ /* ------------------------------------------------------------------------ */ ! int fr_state_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; ! int mode, uid; ! void *ctx; { int arg, ret, error = 0; *************** *** 429,457 **** case SIOCDELST : error = fr_state_remove(data); break; /* * Flush the state table */ case SIOCIPFFL : ! BCOPYIN(data, (char *)&arg, sizeof(arg)); ! if (arg == 0 || arg == 1) { WRITE_ENTER(&ipf_state); ret = fr_state_flush(arg, 4); RWLOCK_EXIT(&ipf_state); ! BCOPYOUT((char *)&ret, data, sizeof(ret)); ! } else error = EINVAL; break; #ifdef USE_INET6 case SIOCIPFL6 : ! BCOPYIN(data, (char *)&arg, sizeof(arg)); ! if (arg == 0 || arg == 1) { WRITE_ENTER(&ipf_state); ret = fr_state_flush(arg, 6); RWLOCK_EXIT(&ipf_state); ! BCOPYOUT((char *)&ret, data, sizeof(ret)); ! } else error = EINVAL; break; #endif #ifdef IPFILTER_LOG --- 432,472 ---- case SIOCDELST : error = fr_state_remove(data); break; + /* * Flush the state table */ case SIOCIPFFL : ! error = BCOPYIN(data, (char *)&arg, sizeof(arg)); ! if (error != 0) { ! error = EFAULT; ! } else if (arg == 0 || arg == 1) { WRITE_ENTER(&ipf_state); ret = fr_state_flush(arg, 4); RWLOCK_EXIT(&ipf_state); ! error = BCOPYOUT((char *)&ret, data, sizeof(ret)); ! if (error != 0) ! error = EFAULT; ! } else { error = EINVAL; + } break; + #ifdef USE_INET6 case SIOCIPFL6 : ! error = BCOPYIN(data, (char *)&arg, sizeof(arg)); ! if (error != 0) { ! error = EFAULT; ! } else if (arg == 0 || arg == 1) { WRITE_ENTER(&ipf_state); ret = fr_state_flush(arg, 6); RWLOCK_EXIT(&ipf_state); ! error = BCOPYOUT((char *)&ret, data, sizeof(ret)); ! if (error != 0) ! error = EFAULT; ! } else { error = EINVAL; + } break; #endif #ifdef IPFILTER_LOG *************** *** 465,473 **** int tmp; tmp = ipflog_clear(IPL_LOGSTATE); ! BCOPYOUT((char *)&tmp, data, sizeof(tmp)); } break; /* * Turn logging of state information on/off. */ --- 480,491 ---- int tmp; tmp = ipflog_clear(IPL_LOGSTATE); ! error = BCOPYOUT((char *)&tmp, data, sizeof(tmp)); ! if (error != 0) ! error = EFAULT; } break; + /* * Turn logging of state information on/off. */ *************** *** 475,505 **** if (!(mode & FWRITE)) error = EPERM; else { ! BCOPYIN((char *)data, (char *)&ipstate_logging, ! sizeof(ipstate_logging)); } break; /* * Return the current state of logging. */ case SIOCGETLG : ! BCOPYOUT((char *)&ipstate_logging, (char *)data, ! sizeof(ipstate_logging)); break; /* * Return the number of bytes currently waiting to be read. */ case FIONREAD : arg = iplused[IPL_LOGSTATE]; /* returned in an int */ ! BCOPYOUT((char *)&arg, data, sizeof(arg)); break; #endif /* * Get the current state statistics. */ case SIOCGETFS : error = fr_outobj(data, fr_statetstats(), IPFOBJ_STATESTAT); break; /* * Lock/Unlock the state table. (Locking prevents any changes, which * means no packets match). --- 493,533 ---- if (!(mode & FWRITE)) error = EPERM; else { ! error = BCOPYIN((char *)data, (char *)&ipstate_logging, ! sizeof(ipstate_logging)); ! if (error != 0) ! error = EFAULT; } break; + /* * Return the current state of logging. */ case SIOCGETLG : ! error = BCOPYOUT((char *)&ipstate_logging, (char *)data, ! sizeof(ipstate_logging)); ! if (error != 0) ! error = EFAULT; break; + /* * Return the number of bytes currently waiting to be read. */ case FIONREAD : arg = iplused[IPL_LOGSTATE]; /* returned in an int */ ! error = BCOPYOUT((char *)&arg, data, sizeof(arg)); ! if (error != 0) ! error = EFAULT; break; #endif + /* * Get the current state statistics. */ case SIOCGETFS : error = fr_outobj(data, fr_statetstats(), IPFOBJ_STATESTAT); break; + /* * Lock/Unlock the state table. (Locking prevents any changes, which * means no packets match). *************** *** 511,516 **** --- 539,545 ---- fr_lock(data, &fr_state_lock); } break; + /* * Add an entry to the current state table. */ *************** *** 521,526 **** --- 550,556 ---- } error = fr_stputent(data); break; + /* * Get a state table entry. */ *************** *** 531,536 **** --- 561,607 ---- } error = fr_stgetent(data); break; + + /* + * Return a copy of the hash table bucket lengths + */ + case SIOCSTAT1 : + error = BCOPYOUT(ips_stats.iss_bucketlen, data, + fr_statesize * sizeof(u_long)); + if (error != 0) + error = EFAULT; + break; + + case SIOCGENITER : + { + ipftoken_t *token; + ipfgeniter_t iter; + + error = fr_inobj(data, &iter, IPFOBJ_GENITER); + if (error != 0) + break; + + token = ipf_findtoken(IPFGENITER_STATE, uid, ctx); + if (token != NULL) + error = fr_stateiter(token, &iter); + else + error = ESRCH; + RWLOCK_EXIT(&ipf_tokens); + break; + } + + case SIOCGTABL : + error = fr_stgettable(data); + break; + + case SIOCIPFDELTOK : + error = BCOPYIN(data, (char *)&arg, sizeof(arg)); + if (error != 0) + error = EFAULT; + else + error = ipf_deltoken(arg, uid, ctx); + break; + default : error = EINVAL; break; *************** *** 819,825 **** frentry_t *fr; tcphdr_t *tcp; grehdr_t *gre; - void *ifp; int out; if (fr_state_lock || --- 890,895 ---- *************** *** 1085,1105 **** is->is_tag = fr->fr_logtag; is->is_ifp[(out << 1) + 1] = fr->fr_ifas[1]; is->is_ifp[(1 - out) << 1] = fr->fr_ifas[2]; ! is->is_ifp[((1 - out) << 1) + 1] = fr->fr_ifas[3]; ! if (((ifp = fr->fr_ifas[1]) != NULL) && ! (ifp != (void *)-1)) { ! COPYIFNAME(ifp, is->is_ifname[(out << 1) + 1]); ! } ! if (((ifp = fr->fr_ifas[2]) != NULL) && ! (ifp != (void *)-1)) { ! COPYIFNAME(ifp, is->is_ifname[(1 - out) << 1]); ! } ! if (((ifp = fr->fr_ifas[3]) != NULL) && ! (ifp != (void *)-1)) { ! COPYIFNAME(ifp, is->is_ifname[((1 - out) << 1) + 1]); ! } } else { pass = fr_flags; is->is_tag = FR_NOLOGTAG; --- 1155,1170 ---- is->is_tag = fr->fr_logtag; is->is_ifp[(out << 1) + 1] = fr->fr_ifas[1]; + strncpy(is->is_ifname[(out << 1) + 1], fr->fr_ifnames[1], + sizeof(fr->fr_ifnames[1])); + is->is_ifp[(1 - out) << 1] = fr->fr_ifas[2]; ! strncpy(is->is_ifname[((1 - out) << 1)], fr->fr_ifnames[2], ! sizeof(fr->fr_ifnames[2])); ! is->is_ifp[((1 - out) << 1) + 1] = fr->fr_ifas[3]; ! strncpy(is->is_ifname[((1 - out) << 1) + 1], fr->fr_ifnames[3], ! sizeof(fr->fr_ifnames[3])); } else { pass = fr_flags; is->is_tag = FR_NOLOGTAG; *************** *** 1733,1741 **** * If the interface for this 'direction' is set, make sure it matches. * An interface name that is not set matches any, as does a name of *. */ ! if ((is->is_ifp[idx] == NULL && ! (*is->is_ifname[idx] == '\0' || *is->is_ifname[idx] == '*')) || ! is->is_ifp[idx] == ifp) ret = 1; if (ret == 0) --- 1798,1806 ---- * If the interface for this 'direction' is set, make sure it matches. * An interface name that is not set matches any, as does a name of *. */ ! if ((is->is_ifp[idx] == ifp) || (is->is_ifp[idx] == NULL && ! (*is->is_ifname[idx] == '\0' || *is->is_ifname[idx] == '-' || ! *is->is_ifname[idx] == '*'))) ret = 1; if (ret == 0) *************** *** 2035,2041 **** ofin.fin_ip = oip; ofin.fin_m = NULL; /* if dereferenced, panic XXX */ ofin.fin_mp = NULL; /* if dereferenced, panic XXX */ - ofin.fin_plen = fin->fin_dlen - ICMPERR_ICMPHLEN; (void) fr_makefrip(IP_HL(oip) << 2, oip, &ofin); ofin.fin_ifp = fin->fin_ifp; ofin.fin_out = !fin->fin_out; --- 2100,2105 ---- *************** *** 2818,2824 **** /* * Next, remove it from the timeout queue it is in. */ ! fr_deletequeueentry(&is->is_sti); if (is->is_me != NULL) { *is->is_me = NULL; --- 2882,2889 ---- /* * Next, remove it from the timeout queue it is in. */ ! if (is->is_sti.tqe_ifq != NULL) ! fr_deletequeueentry(&is->is_sti); if (is->is_me != NULL) { *is->is_me = NULL; *************** *** 2827,2833 **** /* * If it is still in use by something else, do not go any further, ! * but note that at this point it is now an orphan. */ is->is_ref--; if (is->is_ref > 0) --- 2892,2902 ---- /* * If it is still in use by something else, do not go any further, ! * but note that at this point it is now an orphan. How can this ! * be? fr_state_flush() calls fr_delete() directly because it wants ! * to empty the table out and if something has a hold on a state ! * entry (such as ipfstat), it'll do the deref path that'll bring ! * us back here to do the real delete & free. */ is->is_ref--; if (is->is_ref > 0) *************** *** 2860,2866 **** if (is->is_rule != NULL) { is->is_rule->fr_statecnt--; ! (void)fr_derefrule(&is->is_rule); } MUTEX_DESTROY(&is->is_lock); --- 2929,2935 ---- if (is->is_rule != NULL) { is->is_rule->fr_statecnt--; ! (void) fr_derefrule(&is->is_rule); } MUTEX_DESTROY(&is->is_lock); *************** *** 3572,3578 **** oip6->ip6_plen = fin->fin_dlen - ICMPERR_ICMPHLEN; ofin.fin_flx = FI_NOCKSUM; ofin.fin_ip = (ip_t *)oip6; - ofin.fin_plen = oip6->ip6_plen; (void) fr_makefrip(sizeof(*oip6), (ip_t *)oip6, &ofin); ofin.fin_flx &= ~(FI_BAD|FI_SHORT); oip6->ip6_plen = savelen; --- 3641,3646 ---- *************** *** 3765,3804 **** /* dir == 0 : a packet from source to dest */ /* dir == 1 : a packet from dest to source */ /* ------------------------------------------------------------------------ */ ! void fr_statederef(fin, isp) ! fr_info_t *fin; ipstate_t **isp; { ipstate_t *is = *isp; - #if 0 - int nstate, ostate, dir, eol; - - eol = 0; /* End-of-the-line flag. */ - dir = fin->fin_rev; - ostate = is->is_state[1 - dir]; - nstate = is->is_state[dir]; - /* - * Determine whether this packet is local or routed. State entries - * with us as the destination will have an interface list of - * int1,-,-,int1. Entries with us as the origin run as -,int1,int1,-. - */ - if ((fin->fin_p == IPPROTO_TCP) && (fin->fin_out == 0)) { - if ((strcmp(is->is_ifname[0], is->is_ifname[3]) == 0) && - (strcmp(is->is_ifname[1], is->is_ifname[2]) == 0)) { - if ((dir == 0) && - (strcmp(is->is_ifname[1], "-") == 0) && - (strcmp(is->is_ifname[0], "-") != 0)) { - eol = 1; - } else if ((dir == 1) && - (strcmp(is->is_ifname[0], "-") == 0) && - (strcmp(is->is_ifname[1], "-") != 0)) { - eol = 1; - } - } - } - #endif - fin = fin; /* LINT */ is = *isp; *isp = NULL; WRITE_ENTER(&ipf_state); --- 3833,3843 ---- /* dir == 0 : a packet from source to dest */ /* dir == 1 : a packet from dest to source */ /* ------------------------------------------------------------------------ */ ! void fr_statederef(isp) ipstate_t **isp; { ipstate_t *is = *isp; is = *isp; *isp = NULL; WRITE_ENTER(&ipf_state); *************** *** 3807,3821 **** is->is_ref++; /* To counter ref-- in fr_delstate() */ fr_delstate(is, ISL_EXPIRE); #ifndef _KERNEL - #if 0 - } else if (((fin->fin_out == 1) || (eol == 1)) && - ((ostate == IPF_TCPS_LAST_ACK) && - (nstate == IPF_TCPS_TIME_WAIT))) { - ; - #else } else if ((is->is_sti.tqe_state[0] > IPF_TCPS_ESTABLISHED) || (is->is_sti.tqe_state[1] > IPF_TCPS_ESTABLISHED)) { - #endif fr_delstate(is, ISL_ORPHAN); #endif } --- 3846,3853 ---- *************** *** 3890,3892 **** --- 3922,4041 ---- fr_queueappend(&is->is_sti, nifq, is); return; } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_stateiter */ + /* Returns: int - 0 == success, else error */ + /* Parameters: token(I) - pointer to ipftoken structure */ + /* itp(I) - pointer to ipfgeniter structure */ + /* */ + /* This function handles the SIOCGENITER ioctl for the state tables and */ + /* walks through the list of entries in the state table list (ips_list.) */ + /* ------------------------------------------------------------------------ */ + static int fr_stateiter(token, itp) + ipftoken_t *token; + ipfgeniter_t *itp; + { + ipstate_t *is, *next, zero; + int error, count; + char *dst; + + if (itp->igi_data == NULL) + return EFAULT; + + if (itp->igi_nitems == 0) + return ENOSPC; + + if (itp->igi_type != IPFGENITER_STATE) + return EINVAL; + + is = token->ipt_data; + if (is == (void *)-1) { + ipf_freetoken(token); + return ESRCH; + } + + error = 0; + dst = itp->igi_data; + + READ_ENTER(&ipf_state); + if (is == NULL) { + next = ips_list; + } else { + next = is->is_next; + } + + for (count = itp->igi_nitems; count > 0; count--) { + if (next != NULL) { + /* + * If we find a state entry to use, bump its + * reference count so that it can be used for + * is_next when we come back. + */ + MUTEX_ENTER(&next->is_lock); + next->is_ref++; + MUTEX_EXIT(&next->is_lock); + token->ipt_data = next; + } else { + bzero(&zero, sizeof(zero)); + next = &zero; + token->ipt_data = (void *)-1; + count = 1; + } + RWLOCK_EXIT(&ipf_state); + + /* + * If we had a prior pointer to a state entry, release it. + */ + if (is != NULL) { + fr_statederef(&is); + } + + /* + * This should arguably be via fr_outobj() so that the state + * structure can (if required) be massaged going out. + */ + error = COPYOUT(next, dst, sizeof(*next)); + if (error != 0) + error = EFAULT; + if ((count == 1) || (error != 0)) + break; + + dst += sizeof(*next); + READ_ENTER(&ipf_state); + is = next; + next = is->is_next; + } + + return error; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: fr_stgettable */ + /* Returns: int - 0 = success, else error */ + /* Parameters: data(I) - pointer to ioctl data */ + /* */ + /* This function handles ioctl requests for tables of state information. */ + /* At present the only table it deals with is the hash bucket statistics. */ + /* ------------------------------------------------------------------------ */ + static int fr_stgettable(data) + char *data; + { + ipftable_t table; + int error; + + error = fr_inobj(data, &table, IPFOBJ_GTABLE); + if (error != 0) + return error; + + if (table.ita_type != IPFTABLE_BUCKETS) + return EINVAL; + + error = COPYOUT(ips_stats.iss_bucketlen, table.ita_table, + fr_statesize * sizeof(u_long)); + if (error != 0) + error = EFAULT; + return error; + } diff -cr ip_fil4.1.13/ip_state.h ip_fil4.1.14/ip_state.h *** ip_fil4.1.13/ip_state.h Sat Aug 20 23:48:25 2005 --- ip_fil4.1.14/ip_state.h Fri Jul 14 16:12:19 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed ! * $Id: ip_state.h,v 2.68.2.5 2005/08/20 13:48:25 darrenr Exp $ */ #ifndef __IP_STATE_H__ #define __IP_STATE_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed ! * $Id: ip_state.h,v 2.68.2.6 2006/07/14 06:12:19 darrenr Exp $ */ #ifndef __IP_STATE_H__ #define __IP_STATE_H__ *************** *** 248,259 **** struct tcpdata *, tcphdr_t *, int)); extern void fr_stateunload __P((void)); extern void ipstate_log __P((struct ipstate *, u_int)); ! extern int fr_state_ioctl __P((caddr_t, ioctlcmd_t, int)); extern void fr_stinsert __P((struct ipstate *, int)); extern void fr_sttab_init __P((struct ipftq *)); extern void fr_sttab_destroy __P((struct ipftq *)); extern void fr_updatestate __P((fr_info_t *, ipstate_t *, ipftq_t *)); ! extern void fr_statederef __P((fr_info_t *, ipstate_t **)); extern void fr_setstatequeue __P((ipstate_t *, int)); #endif /* __IP_STATE_H__ */ --- 248,259 ---- struct tcpdata *, tcphdr_t *, int)); extern void fr_stateunload __P((void)); extern void ipstate_log __P((struct ipstate *, u_int)); ! extern int fr_state_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern void fr_stinsert __P((struct ipstate *, int)); extern void fr_sttab_init __P((struct ipftq *)); extern void fr_sttab_destroy __P((struct ipftq *)); extern void fr_updatestate __P((fr_info_t *, ipstate_t *, ipftq_t *)); ! extern void fr_statederef __P((ipstate_t **)); extern void fr_setstatequeue __P((ipstate_t *, int)); #endif /* __IP_STATE_H__ */ diff -cr ip_fil4.1.13/ip_sync.c ip_fil4.1.14/ip_sync.c *** ip_fil4.1.13/ip_sync.c Mon Mar 20 01:59:39 2006 --- ip_fil4.1.14/ip_sync.c Fri Jul 14 16:12:20 2006 *************** *** 96,102 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_sync.c,v 2.40.2.7 2006/03/19 14:59:39 darrenr Exp $"; #endif #define SYNC_STATETABSZ 256 --- 96,102 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_sync.c,v 2.40.2.8 2006/07/14 06:12:20 darrenr Exp $"; #endif #define SYNC_STATETABSZ 256 *************** *** 995,1004 **** /* This function currently does not handle any ioctls and so just returns */ /* EINVAL on all occasions. */ /* ------------------------------------------------------------------------ */ ! int fr_sync_ioctl(data, cmd, mode) caddr_t data; ioctlcmd_t cmd; ! int mode; { return EINVAL; } --- 995,1005 ---- /* This function currently does not handle any ioctls and so just returns */ /* EINVAL on all occasions. */ /* ------------------------------------------------------------------------ */ ! int fr_sync_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; ! int mode, uid; ! void *ctx; { return EINVAL; } diff -cr ip_fil4.1.13/ip_sync.h ip_fil4.1.14/ip_sync.h *** ip_fil4.1.13/ip_sync.h Mon Mar 20 01:59:39 2006 --- ip_fil4.1.14/ip_sync.h Fri Jul 14 16:12:20 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_sync.h,v 2.11.2.3 2006/03/19 14:59:39 darrenr Exp $ */ #ifndef __IP_SYNC_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_sync.h,v 2.11.2.4 2006/07/14 06:12:20 darrenr Exp $ */ #ifndef __IP_SYNC_H__ *************** *** 102,117 **** extern synclogent_t synclog[SYNCLOG_SZ]; ! extern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int)); ! extern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); ! extern void ipfsync_del __P((synclist_t *)); ! extern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); ! extern int ipfsync_init __P((void)); ! extern int ipfsync_nat __P((synchdr_t *sp, void *data)); ! extern int ipfsync_state __P((synchdr_t *sp, void *data)); ! extern int ipfsync_read __P((struct uio *uio)); ! extern int ipfsync_write __P((struct uio *uio)); ! extern int ipfsync_canread __P((void)); ! extern int ipfsync_canwrite __P((void)); #endif /* IP_SYNC */ --- 102,117 ---- extern synclogent_t synclog[SYNCLOG_SZ]; ! extern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); ! extern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); ! extern void ipfsync_del __P((synclist_t *)); ! extern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); ! extern int ipfsync_init __P((void)); ! extern int ipfsync_nat __P((synchdr_t *sp, void *data)); ! extern int ipfsync_state __P((synchdr_t *sp, void *data)); ! extern int ipfsync_read __P((struct uio *uio)); ! extern int ipfsync_write __P((struct uio *uio)); ! extern int ipfsync_canread __P((void)); ! extern int ipfsync_canwrite __P((void)); #endif /* IP_SYNC */ diff -cr ip_fil4.1.13/ipf.h ip_fil4.1.14/ipf.h *** ip_fil4.1.13/ipf.h Fri Dec 30 18:03:21 2005 --- ip_fil4.1.14/ipf.h Sat Sep 2 00:07:38 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 ! * $Id: ipf.h,v 2.71.2.8 2005/12/30 07:03:21 darrenr Exp $ */ #ifndef __IPF_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 ! * $Id: ipf.h,v 2.71.2.11 2006/09/01 14:07:38 darrenr Exp $ */ #ifndef __IPF_H__ *************** *** 181,194 **** extern int addicmp __P((char ***, struct frentry *, int)); extern int addipopt __P((char *, struct ipopt_names *, int, char *)); ! extern int addkeep __P((char ***, struct frentry *, int)); extern void binprint __P((void *, size_t)); extern void initparse __P((void)); extern u_32_t buildopts __P((char *, char *, int)); extern int checkrev __P((char *)); extern int count6bits __P((u_32_t *)); extern int count4bits __P((u_32_t)); - extern int extras __P((char ***, struct frentry *, int)); extern char *fac_toname __P((int)); extern int fac_findname __P((char *)); extern void fill6bits __P((int, u_int *)); --- 181,194 ---- extern int addicmp __P((char ***, struct frentry *, int)); extern int addipopt __P((char *, struct ipopt_names *, int, char *)); ! extern void alist_free __P((alist_t *)); ! extern alist_t *alist_new __P((int, char *)); extern void binprint __P((void *, size_t)); extern void initparse __P((void)); extern u_32_t buildopts __P((char *, char *, int)); extern int checkrev __P((char *)); extern int count6bits __P((u_32_t *)); extern int count4bits __P((u_32_t)); extern char *fac_toname __P((int)); extern int fac_findname __P((char *)); extern void fill6bits __P((int, u_int *)); *************** *** 196,214 **** extern int getport __P((struct frentry *, char *, u_short *)); extern int getportproto __P((char *, int)); extern int getproto __P((char *)); ! extern char *getline __P((char *, size_t, FILE *, int *)); ! extern int genmask __P((char *, u_32_t *)); ! extern char *getnattype __P((struct ipnat *)); extern char *getsumd __P((u_32_t)); extern u_32_t getoptbyname __P((char *)); extern u_32_t getoptbyvalue __P((int)); extern u_32_t getv6optbyname __P((char *)); extern u_32_t getv6optbyvalue __P((int)); - extern void hexdump __P((FILE *, void *, int, int)); - extern int hostmask __P((char ***, char *, char *, u_32_t *, u_32_t *, int)); - extern int hostnum __P((u_32_t *, char *, int, char *)); - extern int icmpcode __P((char *)); - extern int icmpidnum __P((char *, u_short *, int)); extern void initparse __P((void)); extern void ipf_dotuning __P((int, char *, ioctlfunc_t)); extern void ipf_addrule __P((int, ioctlfunc_t, void *)); --- 196,207 ---- extern int getport __P((struct frentry *, char *, u_short *)); extern int getportproto __P((char *, int)); extern int getproto __P((char *)); ! extern char *getnattype __P((struct nat *, int)); extern char *getsumd __P((u_32_t)); extern u_32_t getoptbyname __P((char *)); extern u_32_t getoptbyvalue __P((int)); extern u_32_t getv6optbyname __P((char *)); extern u_32_t getv6optbyvalue __P((int)); extern void initparse __P((void)); extern void ipf_dotuning __P((int, char *, ioctlfunc_t)); extern void ipf_addrule __P((int, ioctlfunc_t, void *)); *************** *** 223,245 **** extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t)); extern int kmemcpywrap __P((void *, void *, size_t)); extern char *kvatoname __P((ipfunc_t, ioctlfunc_t)); extern int load_hash __P((struct iphtable_s *, struct iphtent_s *, ioctlfunc_t)); extern int load_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t)); extern int load_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); ! extern int loglevel __P((char **, u_int *, int)); extern alist_t *make_range __P((int, struct in_addr, struct in_addr)); extern ipfunc_t nametokva __P((char *, ioctlfunc_t)); - extern ipnat_t *natparse __P((char *, int)); - extern void natparsefile __P((int, char *, int)); extern void nat_setgroupmap __P((struct ipnat *)); extern int ntomask __P((int, int, u_32_t *)); extern u_32_t optname __P((char ***, u_short *, int)); extern struct frentry *parse __P((char *, int)); extern char *portname __P((int, int)); - extern int portnum __P((char *, char *, u_short *, int)); - extern int ports __P((char ***, char *, u_short *, int *, u_short *, int)); extern int pri_findname __P((char *)); extern char *pri_toname __P((int)); extern void print_toif __P((char *, struct frdest *)); --- 216,236 ---- extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t)); extern int kmemcpywrap __P((void *, void *, size_t)); extern char *kvatoname __P((ipfunc_t, ioctlfunc_t)); + extern alist_t *load_file __P((char *)); extern int load_hash __P((struct iphtable_s *, struct iphtent_s *, ioctlfunc_t)); extern int load_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); + extern alist_t *load_http __P((char *)); extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t)); extern int load_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); ! extern alist_t *load_url __P((char *)); extern alist_t *make_range __P((int, struct in_addr, struct in_addr)); extern ipfunc_t nametokva __P((char *, ioctlfunc_t)); extern void nat_setgroupmap __P((struct ipnat *)); extern int ntomask __P((int, int, u_32_t *)); extern u_32_t optname __P((char ***, u_short *, int)); extern struct frentry *parse __P((char *, int)); extern char *portname __P((int, int)); extern int pri_findname __P((char *)); extern char *pri_toname __P((int)); extern void print_toif __P((char *, struct frdest *)); *************** *** 249,254 **** --- 240,247 ---- extern void printtunable __P((ipftune_t *)); extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t, char *, int)); + extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, int)); + extern void printhashdata __P((iphtable_t *, int)); extern struct iphtent_s *printhashnode __P((struct iphtable_s *, struct iphtent_s *, copyfunc_t, int)); *************** *** 261,266 **** --- 254,262 ---- extern void printpacket6 __P((struct ip *)); extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, char *, int)); + extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int, + char *, int)); + extern void printpooldata __P((ip_pool_t *, int)); extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int)); extern void printproto __P((struct protoent *, int, struct ipnat *)); extern void printportcmp __P((int, struct frpcmp *)); *************** *** 268,282 **** #ifdef USE_INET6 extern void optprintv6 __P((u_short *, u_long, u_long)); #endif - extern int ratoi __P((char *, int *, int, int)); - extern int ratoui __P((char *, u_int *, u_int, u_int)); extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t)); extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); extern int remove_pool __P((ip_pool_t *, ioctlfunc_t)); extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); extern u_char tcp_flags __P((char *, u_char *, int)); extern u_char tcpflags __P((char *)); - extern int to_interface __P((struct frdest *, char *, int)); extern void printc __P((struct frentry *)); extern void printC __P((int)); extern void emit __P((int, int, void *, struct frentry *)); --- 264,275 ---- *************** *** 288,294 **** extern struct ipstate *printstate __P((struct ipstate *, int, u_long)); extern void printsbuf __P((char *)); extern void printnat __P((struct ipnat *, int)); ! extern void printactivenat __P((struct nat *, int)); extern void printhostmap __P((struct hostmap *, u_int)); extern void printpacket __P((struct ip *)); --- 281,287 ---- extern struct ipstate *printstate __P((struct ipstate *, int, u_long)); extern void printsbuf __P((char *)); extern void printnat __P((struct ipnat *, int)); ! extern void printactivenat __P((struct nat *, int, int)); extern void printhostmap __P((struct hostmap *, u_int)); extern void printpacket __P((struct ip *)); diff -cr ip_fil4.1.13/ipl.h ip_fil4.1.14/ipl.h *** ip_fil4.1.13/ipl.h Sun Apr 2 06:09:42 2006 --- ip_fil4.1.14/ipl.h Sat Sep 9 03:28:31 2006 *************** *** 4,17 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.52.2.14 2006/04/01 20:09:42 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v4.1.13" ! #define IPFILTER_VERSION 4011300 #endif --- 4,17 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.52.2.15 2006/09/08 17:28:31 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v4.1.14" ! #define IPFILTER_VERSION 4011400 #endif diff -cr ip_fil4.1.13/lib/Makefile ip_fil4.1.14/lib/Makefile *** ip_fil4.1.13/lib/Makefile Sun Feb 26 04:43:15 2006 --- ip_fil4.1.14/lib/Makefile Sat Aug 26 08:43:21 2006 *************** *** 1,7 **** --- 1,16 ---- + # + # Copyright (C) 1993-2001 by Darren Reed. + # + # See the IPFILTER.LICENCE file for details on licencing. + # + # $Id: Makefile,v 1.41.2.12 2006/08/25 22:43:21 darrenr Exp $ + # INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/addipopt.o \ + $(DEST)/alist_free.o \ + $(DEST)/alist_new.o \ $(DEST)/bcopywrap.o \ $(DEST)/binprint.o \ $(DEST)/buildopts.o \ *************** *** 9,31 **** $(DEST)/count6bits.o \ $(DEST)/count4bits.o \ $(DEST)/debug.o \ - $(DEST)/extras.o \ $(DEST)/facpri.o \ $(DEST)/flags.o \ $(DEST)/fill6bits.o \ - $(DEST)/genmask.o \ $(DEST)/gethost.o \ $(DEST)/getifname.o \ - $(DEST)/getline.o \ $(DEST)/getnattype.o \ $(DEST)/getport.o \ $(DEST)/getportproto.o \ $(DEST)/getproto.o \ $(DEST)/getsumd.o \ - $(DEST)/hexdump.o \ - $(DEST)/hostmask.o \ $(DEST)/hostname.o \ - $(DEST)/hostnum.o \ $(DEST)/icmpcode.o \ $(DEST)/inet_addr.o \ $(DEST)/initparse.o \ --- 18,34 ---- *************** *** 41,51 **** $(DEST)/kmem.o \ $(DEST)/kmemcpywrap.o \ $(DEST)/kvatoname.o \ $(DEST)/load_hash.o \ $(DEST)/load_hashnode.o \ $(DEST)/load_pool.o \ $(DEST)/load_poolnode.o \ ! $(DEST)/loglevel.o \ $(DEST)/mutex_emul.o \ $(DEST)/nametokva.o \ $(DEST)/nat_setgroupmap.o \ --- 44,56 ---- $(DEST)/kmem.o \ $(DEST)/kmemcpywrap.o \ $(DEST)/kvatoname.o \ + $(DEST)/load_file.o \ $(DEST)/load_hash.o \ $(DEST)/load_hashnode.o \ + $(DEST)/load_http.o \ $(DEST)/load_pool.o \ $(DEST)/load_poolnode.o \ ! $(DEST)/load_url.o \ $(DEST)/mutex_emul.o \ $(DEST)/nametokva.o \ $(DEST)/nat_setgroupmap.o \ *************** *** 55,71 **** $(DEST)/optprintv6.o \ $(DEST)/optvalue.o \ $(DEST)/portname.o \ - $(DEST)/portnum.o \ - $(DEST)/ports.o \ $(DEST)/print_toif.o \ $(DEST)/printactivenat.o \ $(DEST)/printaps.o \ $(DEST)/printbuf.o \ $(DEST)/printhash.o \ $(DEST)/printhashnode.o \ $(DEST)/printip.o \ $(DEST)/printpool.o \ $(DEST)/printpoolnode.o \ $(DEST)/printproto.o \ $(DEST)/printfr.o \ $(DEST)/printfraginfo.o \ --- 60,78 ---- $(DEST)/optprintv6.o \ $(DEST)/optvalue.o \ $(DEST)/portname.o \ $(DEST)/print_toif.o \ $(DEST)/printactivenat.o \ $(DEST)/printaps.o \ $(DEST)/printbuf.o \ $(DEST)/printhash.o \ + $(DEST)/printhashdata.o \ $(DEST)/printhashnode.o \ + $(DEST)/printhash_live.o \ $(DEST)/printip.o \ $(DEST)/printpool.o \ + $(DEST)/printpooldata.o \ $(DEST)/printpoolnode.o \ + $(DEST)/printpool_live.o \ $(DEST)/printproto.o \ $(DEST)/printfr.o \ $(DEST)/printfraginfo.o \ *************** *** 81,88 **** $(DEST)/printsbuf.o \ $(DEST)/printstate.o \ $(DEST)/printtunable.o \ - $(DEST)/ratoi.o \ - $(DEST)/ratoui.o \ $(DEST)/remove_hash.o \ $(DEST)/remove_hashnode.o \ $(DEST)/remove_pool.o \ --- 88,93 ---- *************** *** 91,97 **** $(DEST)/rwlock_emul.o \ $(DEST)/tcpflags.o \ $(DEST)/tcp_flags.o \ - $(DEST)/to_interface.o \ $(DEST)/var.o \ $(DEST)/verbose.o \ $(DEST)/v6ionames.o \ --- 96,101 ---- *************** *** 106,111 **** --- 110,119 ---- $(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@ $(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@ + $(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@ + $(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@ $(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@ $(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP) *************** *** 120,135 **** $(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@ $(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@ - $(DEST)/extras.o: $(LIBSRC)/extras.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/extras.c -o $@ $(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@ $(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@ $(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@ - $(DEST)/genmask.o: $(LIBSRC)/genmask.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/genmask.c -o $@ $(DEST)/getline.o: $(LIBSRC)/getline.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/getline.c -o $@ $(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP) --- 128,139 ---- *************** *** 146,159 **** $(CC) $(CCARGS) -c $(LIBSRC)/getproto.c -o $@ $(DEST)/getsumd.o: $(LIBSRC)/getsumd.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/getsumd.c -o $@ - $(DEST)/hexdump.o: $(LIBSRC)/hexdump.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hexdump.c -o $@ - $(DEST)/hostmask.o: $(LIBSRC)/hostmask.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hostmask.c -o $@ $(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@ - $(DEST)/hostnum.o: $(LIBSRC)/hostnum.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hostnum.c -o $@ $(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@ $(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP) --- 150,157 ---- *************** *** 184,197 **** --- 182,201 ---- $(CC) $(CCARGS) -c $(LIBSRC)/kmemcpywrap.c -o $@ $(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@ + $(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@ $(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@ $(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/load_hashnode.c -o $@ + $(DEST)/load_http.o: $(LIBSRC)/load_http.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/load_http.c -o $@ $(DEST)/load_pool.o: $(LIBSRC)/load_pool.c $(INCDEP) $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(LIBSRC)/load_pool.c -o $@ $(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@ + $(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@ $(DEST)/make_range.o: $(LIBSRC)/make_range.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/make_range.c -o $@ $(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP) *************** *** 203,210 **** $(CC) $(CCARGS) -c $(LIBSRC)/nat_setgroupmap.c -o $@ $(DEST)/ntomask.o: $(LIBSRC)/ntomask.c $(TOP)/ip_compat.h $(CC) $(CCARGS) -c $(LIBSRC)/ntomask.c -o $@ - $(DEST)/loglevel.o: $(LIBSRC)/loglevel.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/loglevel.c -o $@ $(DEST)/optname.o: $(LIBSRC)/optname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/optname.c -o $@ $(DEST)/optprint.o: $(LIBSRC)/optprint.c $(INCDEP) --- 207,212 ---- *************** *** 233,248 **** --- 235,259 ---- $(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@ $(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@ + $(DEST)/printhashdata.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h + $(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@ $(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_htable.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@ + $(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h + $(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@ $(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@ $(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@ + $(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h + $(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@ $(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_pool.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@ + $(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \ + $(TOP)/ip_pool.h $(TOP)/ip_lookup.h + $(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@ $(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@ $(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h *************** *** 269,278 **** $(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@ $(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@ - $(DEST)/ratoi.o: $(LIBSRC)/ratoi.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ratoi.c -o $@ - $(DEST)/ratoui.o: $(LIBSRC)/ratoui.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ratoui.c -o $@ $(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \ $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@ --- 280,285 ---- *************** *** 289,296 **** $(CC) $(CCARGS) -c $(LIBSRC)/resetlexer.c -o $@ $(DEST)/rwlock_emul.o: $(LIBSRC)/rwlock_emul.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/rwlock_emul.c -o $@ - $(DEST)/to_interface.o: $(LIBSRC)/to_interface.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/to_interface.c -o $@ $(DEST)/tcpflags.o: $(LIBSRC)/tcpflags.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/tcpflags.c -o $@ $(DEST)/tcp_flags.o: $(LIBSRC)/tcp_flags.c $(INCDEP) --- 296,301 ---- diff -cr ip_fil4.1.13/lib/addicmp.c ip_fil4.1.14/lib/addicmp.c *** ip_fil4.1.13/lib/addicmp.c Sun Feb 26 04:41:57 2006 --- ip_fil4.1.14/lib/addicmp.c Sat Jun 17 03:20:55 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: addicmp.c,v 1.10.2.4 2006/02/25 17:41:57 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: addicmp.c,v 1.10.2.5 2006/06/16 17:20:55 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/addipopt.c ip_fil4.1.14/lib/addipopt.c *** ip_fil4.1.13/lib/addipopt.c Mon Jan 28 17:50:45 2002 --- ip_fil4.1.14/lib/addipopt.c Sat Jun 17 03:20:56 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: addipopt.c,v 1.7.4.1 2006/06/16 17:20:56 darrenr Exp $ */ #include "ipf.h" Only in ip_fil4.1.14/lib: alist_free.c Only in ip_fil4.1.14/lib: alist_new.c diff -cr ip_fil4.1.13/lib/bcopywrap.c ip_fil4.1.14/lib/bcopywrap.c *** ip_fil4.1.13/lib/bcopywrap.c Wed May 15 01:19:38 2002 --- ip_fil4.1.14/lib/bcopywrap.c Sat Jun 17 03:20:56 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: bcopywrap.c,v 1.1.4.1 2006/06/16 17:20:56 darrenr Exp $ + */ + #include "ipf.h" int bcopywrap(from, to, size) diff -cr ip_fil4.1.13/lib/binprint.c ip_fil4.1.14/lib/binprint.c *** ip_fil4.1.13/lib/binprint.c Wed May 15 01:18:56 2002 --- ip_fil4.1.14/lib/binprint.c Sat Jun 17 03:20:56 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: binprint.c,v 1.8.4.1 2006/06/16 17:20:56 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/buildopts.c ip_fil4.1.14/lib/buildopts.c *** ip_fil4.1.13/lib/buildopts.c Mon Jan 28 17:50:45 2002 --- ip_fil4.1.14/lib/buildopts.c Sat Jun 17 03:20:56 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: buildopts.c,v 1.6.4.1 2006/06/16 17:20:56 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/checkrev.c ip_fil4.1.14/lib/checkrev.c *** ip_fil4.1.13/lib/checkrev.c Wed Mar 10 01:44:39 2004 --- ip_fil4.1.14/lib/checkrev.c Sat Jun 17 03:20:56 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2000-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: checkrev.c,v 1.12.2.2 2006/06/16 17:20:56 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/count4bits.c ip_fil4.1.14/lib/count4bits.c *** ip_fil4.1.13/lib/count4bits.c Sat Jun 15 14:46:39 2002 --- ip_fil4.1.14/lib/count4bits.c Sat Jun 17 03:20:57 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: count4bits.c,v 1.1.4.1 2006/06/16 17:20:57 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/count6bits.c ip_fil4.1.14/lib/count6bits.c *** ip_fil4.1.13/lib/count6bits.c Sun Jun 10 03:09:23 2001 --- ip_fil4.1.14/lib/count6bits.c Sat Jun 17 03:20:57 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: count6bits.c,v 1.4.4.1 2006/06/16 17:20:57 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/debug.c ip_fil4.1.14/lib/debug.c *** ip_fil4.1.13/lib/debug.c Sun Jun 10 03:09:24 2001 --- ip_fil4.1.14/lib/debug.c Sat Jun 17 03:20:57 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $ */ #if defined(__STDC__) --- 1,9 ---- /* ! * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: debug.c,v 1.6.4.1 2006/06/16 17:20:57 darrenr Exp $ */ #if defined(__STDC__) Only in ip_fil4.1.13/lib: extras.c diff -cr ip_fil4.1.13/lib/facpri.c ip_fil4.1.14/lib/facpri.c *** ip_fil4.1.13/lib/facpri.c Sat Mar 18 09:28:41 2006 --- ip_fil4.1.14/lib/facpri.c Sat Jun 17 03:20:58 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $ */ #include *************** *** 20,26 **** #include "facpri.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $"; #endif --- 20,26 ---- #include "facpri.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $"; #endif diff -cr ip_fil4.1.13/lib/facpri.h ip_fil4.1.14/lib/facpri.h *** ip_fil4.1.13/lib/facpri.h Sun Jun 10 03:19:50 2001 --- ip_fil4.1.14/lib/facpri.h Sat Jun 17 03:20:58 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1999-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $ */ #ifndef __FACPRI_H__ --- 1,9 ---- /* ! * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: facpri.h,v 1.3.4.1 2006/06/16 17:20:58 darrenr Exp $ */ #ifndef __FACPRI_H__ diff -cr ip_fil4.1.13/lib/fill6bits.c ip_fil4.1.14/lib/fill6bits.c *** ip_fil4.1.13/lib/fill6bits.c Thu Mar 28 02:09:57 2002 --- ip_fil4.1.14/lib/fill6bits.c Sat Jun 17 03:20:58 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: fill6bits.c,v 1.5.4.1 2006/06/16 17:20:58 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/flags.c ip_fil4.1.14/lib/flags.c *** ip_fil4.1.13/lib/flags.c Sat Nov 2 18:16:36 2002 --- ip_fil4.1.14/lib/flags.c Sat Jun 17 03:20:58 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: flags.c,v 1.4.4.1 2006/06/16 17:20:58 darrenr Exp $ */ #include "ipf.h" Only in ip_fil4.1.13/lib: genmask.c diff -cr ip_fil4.1.13/lib/gethost.c ip_fil4.1.14/lib/gethost.c *** ip_fil4.1.13/lib/gethost.c Sun Oct 3 17:05:15 2004 --- ip_fil4.1.14/lib/gethost.c Sat Jun 17 03:20:59 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: gethost.c,v 1.3.2.2 2006/06/16 17:20:59 darrenr Exp $ + */ + #include "ipf.h" int gethost(name, hostp) diff -cr ip_fil4.1.13/lib/getifname.c ip_fil4.1.14/lib/getifname.c *** ip_fil4.1.13/lib/getifname.c Tue Mar 23 23:03:47 2004 --- ip_fil4.1.14/lib/getifname.c Fri Jul 14 16:12:24 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getifname.c,v 1.5.2.3 2006/07/14 06:12:24 darrenr Exp $ + */ + #include "ipf.h" #include "kmem.h" *************** *** 6,11 **** --- 14,20 ---- * Given a pointer to an interface in the kernel, return a pointer to a * string which is the interface name. */ + #if 0 char *getifname(ptr) struct ifnet *ptr; { *************** *** 72,74 **** --- 81,90 ---- # endif #endif } + #else + char *getifname(ptr) + struct ifnet *ptr; + { + return "X"; + } + #endif Only in ip_fil4.1.13/lib: getline.c diff -cr ip_fil4.1.13/lib/getnattype.c ip_fil4.1.14/lib/getnattype.c *** ip_fil4.1.13/lib/getnattype.c Sun Jan 18 04:26:07 2004 --- ip_fil4.1.14/lib/getnattype.c Fri Jul 14 16:12:24 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * --- 1,5 ---- /* ! * Copyright (C) 2002-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * *************** *** 9,34 **** #include "kmem.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $"; #endif /* * Get a nat filter type given its kernel address. */ ! char *getnattype(ipnat) ! ipnat_t *ipnat; { static char unknownbuf[20]; ! ipnat_t ipnatbuff; char *which; ! if (!ipnat) return "???"; ! if (kmemcpy((char *)&ipnatbuff, (long)ipnat, sizeof(ipnatbuff))) ! return "!!!"; ! switch (ipnatbuff.in_redir) { case NAT_MAP : which = "MAP"; --- 9,42 ---- #include "kmem.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3.2.2 2006/07/14 06:12:24 darrenr Exp $"; #endif /* * Get a nat filter type given its kernel address. */ ! char *getnattype(nat, alive) ! nat_t *nat; ! int alive; { static char unknownbuf[20]; ! ipnat_t *ipn, ipnat; char *which; + int type; ! if (!nat) return "???"; ! if (alive) { ! type = nat->nat_redir; ! } else { ! ipn = nat->nat_ptr; ! if (kmemcpy((char *)&ipnat, (long)ipn, sizeof(ipnat))) ! return "!!!"; ! type = ipnat.in_redir; ! } ! switch (type) { case NAT_MAP : which = "MAP"; *************** *** 43,50 **** which = "BIMAP"; break; default : ! sprintf(unknownbuf, "unknown(%04x)", ! ipnatbuff.in_redir & 0xffffffff); which = unknownbuf; break; } --- 51,57 ---- which = "BIMAP"; break; default : ! sprintf(unknownbuf, "unknown(%04x)", type & 0xffffffff); which = unknownbuf; break; } diff -cr ip_fil4.1.13/lib/getport.c ip_fil4.1.14/lib/getport.c *** ip_fil4.1.13/lib/getport.c Mon Dec 19 01:54:45 2005 --- ip_fil4.1.14/lib/getport.c Sat Jun 17 03:21:00 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getport.c,v 1.1.4.6 2006/06/16 17:21:00 darrenr Exp $ + */ + #include "ipf.h" int getport(fr, name, port) diff -cr ip_fil4.1.13/lib/getportproto.c ip_fil4.1.14/lib/getportproto.c *** ip_fil4.1.13/lib/getportproto.c Wed Jan 12 13:48:52 2005 --- ip_fil4.1.14/lib/getportproto.c Sat Jun 17 03:21:00 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getportproto.c,v 1.2.4.4 2006/06/16 17:21:00 darrenr Exp $ + */ + #include #include "ipf.h" diff -cr ip_fil4.1.13/lib/getproto.c ip_fil4.1.14/lib/getproto.c *** ip_fil4.1.13/lib/getproto.c Sun Jun 12 17:18:41 2005 --- ip_fil4.1.14/lib/getproto.c Sat Jun 17 03:21:00 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getproto.c,v 1.2.2.3 2006/06/16 17:21:00 darrenr Exp $ + */ + #include "ipf.h" int getproto(name) diff -cr ip_fil4.1.13/lib/getsumd.c ip_fil4.1.14/lib/getsumd.c *** ip_fil4.1.13/lib/getsumd.c Mon Jan 28 17:50:46 2002 --- ip_fil4.1.14/lib/getsumd.c Sat Jun 17 03:21:01 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: getsumd.c,v 1.2.4.1 2006/06/16 17:21:01 darrenr Exp $ + */ + #include "ipf.h" char *getsumd(sum) Only in ip_fil4.1.13/lib: hexdump.c Only in ip_fil4.1.13/lib: hostmask.c diff -cr ip_fil4.1.13/lib/hostname.c ip_fil4.1.14/lib/hostname.c *** ip_fil4.1.13/lib/hostname.c Sat Sep 6 02:02:38 2003 --- ip_fil4.1.14/lib/hostname.c Sat Jun 17 03:21:01 2006 *************** *** 1,3 **** --- 1,10 ---- + /* + * Copyright (C) 2002-2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: hostname.c,v 1.6.2.1 2006/06/16 17:21:01 darrenr Exp $ + */ #include "ipf.h" Only in ip_fil4.1.13/lib: hostnum.c diff -cr ip_fil4.1.13/lib/icmpcode.c ip_fil4.1.14/lib/icmpcode.c *** ip_fil4.1.13/lib/icmpcode.c Sun Feb 26 04:40:22 2006 --- ip_fil4.1.14/lib/icmpcode.c Sat Jun 17 03:21:02 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: icmpcode.c,v 1.7.2.4 2006/02/25 17:40:22 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: icmpcode.c,v 1.7.2.5 2006/06/16 17:21:02 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/initparse.c ip_fil4.1.14/lib/initparse.c *** ip_fil4.1.13/lib/initparse.c Mon Jan 28 17:50:46 2002 --- ip_fil4.1.14/lib/initparse.c Sat Jun 17 03:21:02 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: initparse.c,v 1.6.4.1 2006/06/16 17:21:02 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/ionames.c ip_fil4.1.14/lib/ionames.c *** ip_fil4.1.13/lib/ionames.c Mon Jan 28 17:50:46 2002 --- ip_fil4.1.14/lib/ionames.c Sat Jun 17 03:21:02 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ionames.c,v 1.7.4.1 2006/06/16 17:21:02 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/ipf_dotuning.c ip_fil4.1.14/lib/ipf_dotuning.c *** ip_fil4.1.13/lib/ipf_dotuning.c Sat Jun 11 20:00:48 2005 --- ip_fil4.1.14/lib/ipf_dotuning.c Sat Jun 17 03:21:02 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2003-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: ipf_dotuning.c,v 1.2.4.3 2006/06/16 17:21:02 darrenr Exp $ + */ + #include "ipf.h" #include "netinet/ipl.h" #include diff -cr ip_fil4.1.13/lib/ipft_ef.c ip_fil4.1.14/lib/ipft_ef.c *** ip_fil4.1.13/lib/ipft_ef.c Fri Jan 9 00:34:31 2004 --- ip_fil4.1.14/lib/ipft_ef.c Sat Jun 17 03:21:02 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $ */ /* --- 1,9 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $ */ /* *************** *** 31,37 **** #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $"; #endif static int etherf_open __P((char *)); --- 31,37 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $"; #endif static int etherf_open __P((char *)); *************** *** 96,108 **** switch (ip->ip_p) { case IPPROTO_TCP : case IPPROTO_UDP : ! s = strtok(NULL, " :"); ! ip->ip_len += atoi(s); ! if (ip->ip_p == IPPROTO_TCP) ! extra = sizeof(struct tcphdr); ! else if (ip->ip_p == IPPROTO_UDP) ! extra = sizeof(struct udphdr); break; #ifdef IGMP case IPPROTO_IGMP : --- 96,113 ---- switch (ip->ip_p) { case IPPROTO_TCP : + if (isdigit(*sprt)) + pkt.ti_sport = htons(atoi(sprt) & 65535); + if (isdigit(*dprt)) + pkt.ti_dport = htons(atoi(dprt) & 65535); + extra = sizeof(struct tcphdr); + break; case IPPROTO_UDP : ! if (isdigit(*sprt)) ! pkt.ti_sport = htons(atoi(sprt) & 65535); ! if (isdigit(*dprt)) ! pkt.ti_dport = htons(atoi(dprt) & 65535); ! extra = sizeof(struct udphdr); break; #ifdef IGMP case IPPROTO_IGMP : diff -cr ip_fil4.1.13/lib/ipft_hx.c ip_fil4.1.14/lib/ipft_hx.c *** ip_fil4.1.13/lib/ipft_hx.c Sun Dec 4 21:07:21 2005 --- ip_fil4.1.14/lib/ipft_hx.c Sat Jun 17 03:21:03 2006 *************** *** 1,11 **** /* ! * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $"; #endif #include --- 1,11 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.4 2006/06/16 17:21:03 darrenr Exp $"; #endif #include diff -cr ip_fil4.1.13/lib/ipft_pc.c ip_fil4.1.14/lib/ipft_pc.c *** ip_fil4.1.13/lib/ipft_pc.c Sun Dec 4 20:55:10 2005 --- ip_fil4.1.14/lib/ipft_pc.c Sat Jun 17 03:21:03 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" *************** *** 11,17 **** #include "ipt.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $"; #endif struct llc { --- 11,17 ---- #include "ipt.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $"; #endif struct llc { diff -cr ip_fil4.1.13/lib/ipft_sn.c ip_fil4.1.14/lib/ipft_sn.c *** ip_fil4.1.13/lib/ipft_sn.c Sun Feb 16 13:32:36 2003 --- ip_fil4.1.14/lib/ipft_sn.c Sat Jun 17 03:21:03 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $ */ /* --- 1,9 ---- /* ! * Copyright (C) 2000-2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $ */ /* *************** *** 14,20 **** #include "ipt.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $"; #endif struct llc { --- 14,20 ---- #include "ipt.h" #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $"; #endif struct llc { diff -cr ip_fil4.1.13/lib/ipft_td.c ip_fil4.1.14/lib/ipft_td.c *** ip_fil4.1.13/lib/ipft_td.c Fri Jan 9 00:34:31 2004 --- ip_fil4.1.14/lib/ipft_td.c Sat Jun 17 03:21:03 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ */ /* --- 1,9 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $ */ /* *************** *** 40,46 **** #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; #endif static int tcpd_open __P((char *)); --- 40,46 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $"; #endif static int tcpd_open __P((char *)); *************** *** 142,147 **** --- 142,149 ---- IP_HL_A(ip, sizeof(ip_t)); s = strtok(misc, " :"); + if (s == NULL) + return 0; ip->ip_p = getproto(s); switch (ip->ip_p) *************** *** 149,154 **** --- 151,158 ---- case IPPROTO_TCP : case IPPROTO_UDP : s = strtok(NULL, " :"); + if (s == NULL) + return 0; ip->ip_len += atoi(s); if (ip->ip_p == IPPROTO_TCP) extra = sizeof(struct tcphdr); diff -cr ip_fil4.1.13/lib/ipft_tx.c ip_fil4.1.14/lib/ipft_tx.c *** ip_fil4.1.13/lib/ipft_tx.c Mon Dec 19 01:53:39 2005 --- ip_fil4.1.14/lib/ipft_tx.c Sat Jun 17 03:21:04 2006 *************** *** 1,13 **** /* ! * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $"; #endif #include --- 1,13 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $"; #endif #include *************** *** 127,132 **** --- 127,133 ---- { register char *s; char line[513]; + ip_t *ip; *ifn = NULL; while (fgets(line, sizeof(line)-1, tfp)) { *************** *** 142,153 **** printf("input: %s\n", line); *ifn = NULL; *dir = 0; ! if (!parseline(line, (ip_t *)buf, ifn, dir)) ! #if 0 ! return sizeof(ip_t) + sizeof(tcphdr_t); ! #else ! return sizeof(ip_t); ! #endif } if (feof(tfp)) return 0; --- 143,152 ---- printf("input: %s\n", line); *ifn = NULL; *dir = 0; ! if (!parseline(line, (ip_t *)buf, ifn, dir)) { ! ip = (ip_t *)buf; ! return ntohs(ip->ip_len); ! } } if (feof(tfp)) return 0; diff -cr ip_fil4.1.13/lib/ipoptsec.c ip_fil4.1.14/lib/ipoptsec.c *** ip_fil4.1.13/lib/ipoptsec.c Mon Jan 28 17:50:46 2002 --- ip_fil4.1.14/lib/ipoptsec.c Sat Jun 17 03:21:04 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ipoptsec.c,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/kmem.c ip_fil4.1.14/lib/kmem.c *** ip_fil4.1.13/lib/kmem.c Sun Jun 12 17:18:41 2005 --- ip_fil4.1.14/lib/kmem.c Sat Jun 17 03:21:04 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 42,48 **** #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $"; #endif --- 42,48 ---- #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.3 2006/06/16 17:21:04 darrenr Exp $"; #endif diff -cr ip_fil4.1.13/lib/kmem.h ip_fil4.1.14/lib/kmem.h *** ip_fil4.1.13/lib/kmem.h Thu Aug 22 08:57:36 2002 --- ip_fil4.1.14/lib/kmem.h Sat Jun 17 03:21:04 2006 *************** *** 1,8 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. ! * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ --- 1,8 ---- /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. ! * $Id: kmem.h,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $ */ #ifndef __KMEM_H__ diff -cr ip_fil4.1.13/lib/kmemcpywrap.c ip_fil4.1.14/lib/kmemcpywrap.c *** ip_fil4.1.13/lib/kmemcpywrap.c Wed May 15 01:19:38 2002 --- ip_fil4.1.14/lib/kmemcpywrap.c Sat Jun 17 03:21:05 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: kmemcpywrap.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $ + */ + #include "ipf.h" #include "kmem.h" diff -cr ip_fil4.1.13/lib/kvatoname.c ip_fil4.1.14/lib/kvatoname.c *** ip_fil4.1.13/lib/kvatoname.c Tue May 21 23:25:46 2002 --- ip_fil4.1.14/lib/kvatoname.c Sat Jun 17 03:21:05 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: kvatoname.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $ + */ + #include "ipf.h" #include Only in ip_fil4.1.14/lib: load_file.c diff -cr ip_fil4.1.13/lib/load_hash.c ip_fil4.1.14/lib/load_hash.c *** ip_fil4.1.13/lib/load_hash.c Mon Nov 14 02:41:12 2005 --- ip_fil4.1.14/lib/load_hash.c Fri Jul 14 16:12:25 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_hash.c,v 1.11.2.5 2006/07/14 06:12:25 darrenr Exp $ */ #include *************** *** 60,65 **** --- 60,66 ---- iph.iph_size = size; iph.iph_seed = iphp->iph_seed; iph.iph_table = NULL; + iph.iph_list = NULL; iph.iph_ref = 0; if ((opts & OPT_REMOVE) == 0) { *************** *** 83,91 **** perror("calloc(size, sizeof(*iph.iph_table))"); return -1; } ! iph.iph_table[0] = list; printhash(&iph, bcopywrap, iph.iph_name, opts); free(iph.iph_table); for (a = list; a != NULL; a = a->ipe_next) { a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr); --- 84,93 ---- perror("calloc(size, sizeof(*iph.iph_table))"); return -1; } ! iph.iph_list = list; printhash(&iph, bcopywrap, iph.iph_name, opts); free(iph.iph_table); + iph.iph_list = NULL; for (a = list; a != NULL; a = a->ipe_next) { a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr); diff -cr ip_fil4.1.13/lib/load_hashnode.c ip_fil4.1.14/lib/load_hashnode.c *** ip_fil4.1.13/lib/load_hashnode.c Sun Mar 7 01:33:28 2004 --- ip_fil4.1.14/lib/load_hashnode.c Sat Jun 17 03:21:05 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2003-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_hashnode.c,v 1.2.4.2 2006/06/16 17:21:05 darrenr Exp $ */ #include Only in ip_fil4.1.14/lib: load_http.c diff -cr ip_fil4.1.13/lib/load_pool.c ip_fil4.1.14/lib/load_pool.c *** ip_fil4.1.13/lib/load_pool.c Mon Nov 14 02:41:13 2005 --- ip_fil4.1.14/lib/load_pool.c Sat Jun 17 03:21:06 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_pool.c,v 1.14.2.4 2006/06/16 17:21:06 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/load_poolnode.c ip_fil4.1.14/lib/load_poolnode.c *** ip_fil4.1.13/lib/load_poolnode.c Sun Mar 7 01:33:29 2004 --- ip_fil4.1.14/lib/load_poolnode.c Sat Jun 17 03:21:06 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2003-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: load_poolnode.c,v 1.3.2.3 2006/06/16 17:21:06 darrenr Exp $ */ #include *************** *** 52,58 **** if (err != 0) { if ((opts & OPT_DONOTHING) == 0) { ! perror("load_pool:SIOCLOOKUP*NODE"); return -1; } } --- 52,58 ---- if (err != 0) { if ((opts & OPT_DONOTHING) == 0) { ! perror("load_poolnode:SIOCLOOKUP*NODE"); return -1; } } Only in ip_fil4.1.14/lib: load_url.c Only in ip_fil4.1.13/lib: loglevel.c diff -cr ip_fil4.1.13/lib/mutex_emul.c ip_fil4.1.14/lib/mutex_emul.c *** ip_fil4.1.13/lib/mutex_emul.c Mon Apr 28 03:10:12 2003 --- ip_fil4.1.14/lib/mutex_emul.c Sat Jun 17 03:21:06 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: mutex_emul.c,v 1.2.4.1 2006/06/16 17:21:06 darrenr Exp $ + */ + #include "ipf.h" #define EMM_MAGIC 0x9d7adba3 diff -cr ip_fil4.1.13/lib/nametokva.c ip_fil4.1.14/lib/nametokva.c *** ip_fil4.1.13/lib/nametokva.c Tue May 21 23:25:46 2002 --- ip_fil4.1.14/lib/nametokva.c Sat Jun 17 03:21:07 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: nametokva.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $ + */ + #include "ipf.h" #include diff -cr ip_fil4.1.13/lib/nat_setgroupmap.c ip_fil4.1.14/lib/nat_setgroupmap.c *** ip_fil4.1.13/lib/nat_setgroupmap.c Sun Apr 13 16:40:14 2003 --- ip_fil4.1.14/lib/nat_setgroupmap.c Sat Jun 17 03:21:07 2006 *************** *** 1,10 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $"; #endif #include "ipf.h" --- 1,10 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $"; #endif #include "ipf.h" Only in ip_fil4.1.13/lib: natparse.c diff -cr ip_fil4.1.13/lib/ntomask.c ip_fil4.1.14/lib/ntomask.c *** ip_fil4.1.13/lib/ntomask.c Wed Nov 12 00:44:07 2003 --- ip_fil4.1.14/lib/ntomask.c Sat Jun 17 03:21:07 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: ntomask.c,v 1.6.2.1 2006/06/16 17:21:07 darrenr Exp $ + */ + #include "ipf.h" int ntomask(v, nbits, ap) diff -cr ip_fil4.1.13/lib/optname.c ip_fil4.1.14/lib/optname.c *** ip_fil4.1.13/lib/optname.c Sun Jun 10 03:09:24 2001 --- ip_fil4.1.14/lib/optname.c Sat Jun 17 03:21:07 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optname.c,v 1.3.4.1 2006/06/16 17:21:07 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/optprint.c ip_fil4.1.14/lib/optprint.c *** ip_fil4.1.13/lib/optprint.c Mon Dec 19 01:51:28 2005 --- ip_fil4.1.14/lib/optprint.c Sat Jun 17 03:21:08 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optprint.c,v 1.6.4.1 2005/12/18 14:51:28 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optprint.c,v 1.6.4.2 2006/06/16 17:21:08 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/optprintv6.c ip_fil4.1.14/lib/optprintv6.c *** ip_fil4.1.13/lib/optprintv6.c Wed Apr 30 10:39:39 2003 --- ip_fil4.1.14/lib/optprintv6.c Sat Jun 17 03:21:08 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optprintv6.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/optvalue.c ip_fil4.1.14/lib/optvalue.c *** ip_fil4.1.13/lib/optvalue.c Mon Jan 28 17:50:47 2002 --- ip_fil4.1.14/lib/optvalue.c Sat Jun 17 03:21:08 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: optvalue.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $ */ #include "ipf.h" Only in ip_fil4.1.13/lib: parse.c diff -cr ip_fil4.1.13/lib/portname.c ip_fil4.1.14/lib/portname.c *** ip_fil4.1.13/lib/portname.c Fri Aug 15 00:27:43 2003 --- ip_fil4.1.14/lib/portname.c Sat Jun 17 03:21:09 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: portname.c,v 1.7.2.1 2006/06/16 17:21:09 darrenr Exp $ */ #include "ipf.h" Only in ip_fil4.1.13/lib: portnum.c Only in ip_fil4.1.13/lib: ports.c diff -cr ip_fil4.1.13/lib/print_toif.c ip_fil4.1.14/lib/print_toif.c *** ip_fil4.1.13/lib/print_toif.c Mon Jan 28 17:50:47 2002 --- ip_fil4.1.14/lib/print_toif.c Sat Jun 17 03:21:09 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: print_toif.c,v 1.8.4.1 2006/06/16 17:21:09 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printactivenat.c ip_fil4.1.14/lib/printactivenat.c *** ip_fil4.1.13/lib/printactivenat.c Wed May 12 02:07:32 2004 --- ip_fil4.1.14/lib/printactivenat.c Fri Jul 14 16:12:25 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * --- 1,5 ---- /* ! * Copyright (C) 2002-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * *************** *** 10,25 **** #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $"; #endif ! void printactivenat(nat, opts) nat_t *nat; ! int opts; { ! printf("%s", getnattype(nat->nat_ptr)); if (nat->nat_flags & SI_CLONE) printf(" CLONE"); --- 10,25 ---- #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.6 2006/07/14 06:12:25 darrenr Exp $"; #endif ! void printactivenat(nat, opts, alive) nat_t *nat; ! int opts, alive; { ! printf("%s", getnattype(nat, alive)); if (nat->nat_flags & SI_CLONE) printf(" CLONE"); diff -cr ip_fil4.1.13/lib/printaps.c ip_fil4.1.14/lib/printaps.c *** ip_fil4.1.13/lib/printaps.c Fri Jan 9 00:34:32 2004 --- ip_fil4.1.14/lib/printaps.c Sat Jun 17 03:21:10 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * --- 1,5 ---- /* ! * Copyright (C) 2002-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * *************** *** 11,17 **** #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $"; #endif --- 11,17 ---- #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4.2.1 2006/06/16 17:21:10 darrenr Exp $"; #endif diff -cr ip_fil4.1.13/lib/printbuf.c ip_fil4.1.14/lib/printbuf.c *** ip_fil4.1.13/lib/printbuf.c Fri Dec 10 06:41:22 2004 --- ip_fil4.1.14/lib/printbuf.c Sat Jun 17 03:21:10 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2000-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printbuf.c,v 1.5.4.2 2006/06/16 17:21:10 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/printfr.c ip_fil4.1.14/lib/printfr.c *** ip_fil4.1.13/lib/printfr.c Wed Mar 29 21:19:59 2006 --- ip_fil4.1.14/lib/printfr.c Sat Jun 17 03:21:10 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printfr.c,v 1.43.2.16 2006/03/29 11:19:59 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printfr.c,v 1.43.2.17 2006/06/16 17:21:10 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printfraginfo.c ip_fil4.1.14/lib/printfraginfo.c *** ip_fil4.1.13/lib/printfraginfo.c Wed Mar 24 02:15:45 2004 --- ip_fil4.1.14/lib/printfraginfo.c Fri Jul 14 16:12:25 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" --- 1,9 ---- /* ! * Copyright (C) 2004-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printfraginfo.c,v 1.1.2.4 2006/07/14 06:12:25 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" *************** *** 17,27 **** fr.fr_flags = 0xffffffff; printf("%s%s -> ", prefix, hostname(4, &ifr->ipfr_src)); if (kmemcpy((char *)&fr, (u_long)ifr->ipfr_rule, sizeof(fr)) == -1) return; ! printf("%s id %d ttl %d pr %d seen0 %d ifp %p tos %#02x = %#x\n", hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_seen0, ! ifr->ipfr_ttl, ifr->ipfr_p, ifr->ipfr_ifp, ifr->ipfr_tos, ! fr.fr_flags); } --- 17,29 ---- fr.fr_flags = 0xffffffff; printf("%s%s -> ", prefix, hostname(4, &ifr->ipfr_src)); + /* if (kmemcpy((char *)&fr, (u_long)ifr->ipfr_rule, sizeof(fr)) == -1) return; ! */ ! printf("%s id %d ttl %d pr %d seen0 %d ref %d tos %#02x = %#x\n", hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_seen0, ! ifr->ipfr_ttl, ifr->ipfr_p, ifr->ipfr_ref, ifr->ipfr_tos, ! 0); } diff -cr ip_fil4.1.13/lib/printhash.c ip_fil4.1.14/lib/printhash.c *** ip_fil4.1.13/lib/printhash.c Tue Feb 1 13:44:06 2005 --- ip_fil4.1.14/lib/printhash.c Fri Jul 14 16:12:25 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 18,24 **** { iphtent_t *ipep, **table; iphtable_t iph; ! int i, printed; size_t sz; if ((*copyfunc)((char *)hp, (char *)&iph, sizeof(iph))) --- 18,24 ---- { iphtent_t *ipep, **table; iphtable_t iph; ! int printed; size_t sz; if ((*copyfunc)((char *)hp, (char *)&iph, sizeof(iph))) *************** *** 27,120 **** if ((name != NULL) && strncmp(name, iph.iph_name, FR_GROUPLEN)) return iph.iph_next; ! if ((opts & OPT_DEBUG) == 0) { ! if ((iph.iph_type & IPHASH_ANON) == IPHASH_ANON) ! PRINTF("# 'anonymous' table\n"); ! switch (iph.iph_type & ~IPHASH_ANON) ! { ! case IPHASH_LOOKUP : ! PRINTF("table"); ! break; ! case IPHASH_GROUPMAP : ! PRINTF("group-map"); ! if (iph.iph_flags & FR_INQUE) ! PRINTF(" in"); ! else if (iph.iph_flags & FR_OUTQUE) ! PRINTF(" out"); ! else ! PRINTF(" ???"); ! break; ! default : ! PRINTF("%#x", iph.iph_type); ! break; ! } ! PRINTF(" role = "); ! } else { ! PRINTF("Hash Table Number: %s", iph.iph_name); ! if ((iph.iph_type & IPHASH_ANON) == IPHASH_ANON) ! PRINTF("(anon)"); ! putchar(' '); ! PRINTF("Role: "); ! } ! ! switch (iph.iph_unit) ! { ! case IPL_LOGNAT : ! PRINTF("nat"); ! break; ! case IPL_LOGIPF : ! PRINTF("ipf"); ! break; ! case IPL_LOGAUTH : ! PRINTF("auth"); ! break; ! case IPL_LOGCOUNT : ! PRINTF("count"); ! break; ! default : ! PRINTF("#%d", iph.iph_unit); ! break; ! } ! ! if ((opts & OPT_DEBUG) == 0) { ! if ((iph.iph_type & ~IPHASH_ANON) == IPHASH_LOOKUP) ! PRINTF(" type = hash"); ! PRINTF(" number = %s size = %lu", ! iph.iph_name, (u_long)iph.iph_size); ! if (iph.iph_seed != 0) ! PRINTF(" seed = %lu", iph.iph_seed); ! putchar('\n'); ! } else { ! PRINTF(" Type: "); ! switch (iph.iph_type & ~IPHASH_ANON) ! { ! case IPHASH_LOOKUP : ! PRINTF("lookup"); ! break; ! case IPHASH_GROUPMAP : ! PRINTF("groupmap Group. %s", iph.iph_name); ! break; ! default : ! break; ! } ! ! putchar('\n'); ! PRINTF("\t\tSize: %lu\tSeed: %lu", ! (u_long)iph.iph_size, iph.iph_seed); ! PRINTF("\tRef. Count: %d\tMasks: %#x\n", iph.iph_ref, ! iph.iph_masks); ! } ! ! if ((opts & OPT_DEBUG) != 0) { ! struct in_addr m; ! ! for (i = 0; i < 32; i++) { ! if ((1 << i) & iph.iph_masks) { ! ntomask(4, i, &m.s_addr); ! PRINTF("\t\tMask: %s\n", inet_ntoa(m)); ! } ! } ! } if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); --- 27,33 ---- if ((name != NULL) && strncmp(name, iph.iph_name, FR_GROUPLEN)) return iph.iph_next; ! printhashdata(hp, opts); if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); *************** *** 124,134 **** if ((*copyfunc)((char *)iph.iph_table, (char *)table, sz)) return NULL; ! for (i = 0, printed = 0; i < iph.iph_size; i++) { ! for (ipep = table[i]; ipep != NULL; ) { ! ipep = printhashnode(&iph, ipep, copyfunc, opts); ! printed++; ! } } if (printed == 0) putchar(';'); --- 37,45 ---- if ((*copyfunc)((char *)iph.iph_table, (char *)table, sz)) return NULL; ! for (printed = 0, ipep = iph.iph_list; ipep != NULL; ) { ! ipep = printhashnode(&iph, ipep, copyfunc, opts); ! printed++; } if (printed == 0) putchar(';'); Only in ip_fil4.1.14/lib: printhash_live.c Only in ip_fil4.1.14/lib: printhashdata.c diff -cr ip_fil4.1.13/lib/printhashnode.c ip_fil4.1.14/lib/printhashnode.c *** ip_fil4.1.13/lib/printhashnode.c Sun Mar 7 01:33:30 2004 --- ip_fil4.1.14/lib/printhashnode.c Fri Jul 14 16:12:26 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 45,50 **** --- 45,51 ---- } putchar(';'); } + ipep = ipe.ipe_next; return ipep; } diff -cr ip_fil4.1.13/lib/printhostmap.c ip_fil4.1.14/lib/printhostmap.c *** ip_fil4.1.13/lib/printhostmap.c Mon Nov 14 02:42:30 2005 --- ip_fil4.1.14/lib/printhostmap.c Sun Oct 1 07:42:07 2006 *************** *** 1,14 **** #include "ipf.h" void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { - struct in_addr in; printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); ! in.s_addr = htonl(hmp->hm_mapip.s_addr); ! printf("%s ", inet_ntoa(in)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } --- 1,20 ---- + /* + * Copyright (C) 2002-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printhostmap.c,v 1.3.2.3 2006/09/30 21:42:07 darrenr Exp $ + */ + #include "ipf.h" void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); ! printf("%s ", inet_ntoa(hmp->hm_mapip)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } diff -cr ip_fil4.1.13/lib/printhostmask.c ip_fil4.1.14/lib/printhostmask.c *** ip_fil4.1.13/lib/printhostmask.c Fri Apr 12 01:01:19 2002 --- ip_fil4.1.14/lib/printhostmask.c Sat Jun 17 03:21:12 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printhostmask.c,v 1.8.4.1 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printifname.c ip_fil4.1.14/lib/printifname.c *** ip_fil4.1.13/lib/printifname.c Mon Jan 28 17:50:47 2002 --- ip_fil4.1.14/lib/printifname.c Sat Jun 17 03:21:12 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printifname.c,v 1.2.4.1 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printip.c ip_fil4.1.14/lib/printip.c *** ip_fil4.1.13/lib/printip.c Sat Jul 13 22:10:27 2002 --- ip_fil4.1.14/lib/printip.c Sat Jun 17 03:21:12 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printip.c,v 1.3.4.1 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printlog.c ip_fil4.1.14/lib/printlog.c *** ip_fil4.1.13/lib/printlog.c Mon Dec 19 01:49:06 2005 --- ip_fil4.1.14/lib/printlog.c Sat Jun 17 03:21:12 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printlog.c,v 1.6.4.2 2005/12/18 14:49:06 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printlog.c,v 1.6.4.3 2006/06/16 17:21:12 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printmask.c ip_fil4.1.14/lib/printmask.c *** ip_fil4.1.13/lib/printmask.c Sat Jun 15 14:48:33 2002 --- ip_fil4.1.14/lib/printmask.c Sat Jun 17 03:21:13 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printmask.c,v 1.5.4.1 2006/06/16 17:21:13 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printnat.c ip_fil4.1.14/lib/printnat.c *** ip_fil4.1.13/lib/printnat.c Tue Nov 15 04:45:06 2005 --- ip_fil4.1.14/lib/printnat.c Sat Jun 17 03:21:13 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * --- 1,5 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * *************** *** 11,17 **** #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $"; #endif /* --- 11,17 ---- #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.12 2006/06/16 17:21:13 darrenr Exp $"; #endif /* diff -cr ip_fil4.1.13/lib/printpacket.c ip_fil4.1.14/lib/printpacket.c *** ip_fil4.1.13/lib/printpacket.c Sun Dec 4 20:33:06 2005 --- ip_fil4.1.14/lib/printpacket.c Sun Oct 1 07:44:43 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $ */ #include "ipf.h" *************** *** 41,46 **** --- 41,47 ---- putchar(' '); } putchar('\n'); + putchar('\n'); return; } diff -cr ip_fil4.1.13/lib/printpacket6.c ip_fil4.1.14/lib/printpacket6.c *** ip_fil4.1.13/lib/printpacket6.c Sun Jul 14 01:59:49 2002 --- ip_fil4.1.14/lib/printpacket6.c Sat Jun 17 03:21:13 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printpacket6.c,v 1.3.4.1 2006/06/16 17:21:13 darrenr Exp $ + */ + #include "ipf.h" /* diff -cr ip_fil4.1.13/lib/printpool.c ip_fil4.1.14/lib/printpool.c *** ip_fil4.1.13/lib/printpool.c Tue Feb 1 13:44:07 2005 --- ip_fil4.1.14/lib/printpool.c Fri Jul 14 16:12:26 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 24,81 **** if ((name != NULL) && strncmp(name, ipp.ipo_name, FR_GROUPLEN)) return ipp.ipo_next; ! if ((opts & OPT_DEBUG) == 0) { ! if ((ipp.ipo_flags & IPOOL_ANON) != 0) ! PRINTF("# 'anonymous' tree %s\n", ipp.ipo_name); ! PRINTF("table role = "); ! } else { ! PRINTF("Name: %s", ipp.ipo_name); ! if ((ipp.ipo_flags & IPOOL_ANON) == IPOOL_ANON) ! PRINTF("(anon)"); ! putchar(' '); ! PRINTF("Role: "); ! } ! ! switch (ipp.ipo_unit) ! { ! case IPL_LOGIPF : ! printf("ipf"); ! break; ! case IPL_LOGNAT : ! printf("nat"); ! break; ! case IPL_LOGSTATE : ! printf("state"); ! break; ! case IPL_LOGAUTH : ! printf("auth"); ! break; ! case IPL_LOGSYNC : ! printf("sync"); ! break; ! case IPL_LOGSCAN : ! printf("scan"); ! break; ! case IPL_LOGLOOKUP : ! printf("lookup"); ! break; ! case IPL_LOGCOUNT : ! printf("count"); ! break; ! default : ! printf("unknown(%d)", ipp.ipo_unit); ! } ! if ((opts & OPT_DEBUG) == 0) { ! PRINTF(" type = tree number = %s\n", ipp.ipo_name); PRINTF("\t{"); - } else { - putchar(' '); - - PRINTF("\tReferences: %d\tHits: %lu\n", ipp.ipo_ref, - ipp.ipo_hits); - PRINTF("\tNodes Starting at %p\n", ipp.ipo_list); - } ipnpn = ipp.ipo_list; ipp.ipo_list = NULL; --- 24,33 ---- if ((name != NULL) && strncmp(name, ipp.ipo_name, FR_GROUPLEN)) return ipp.ipo_next; ! printpooldata(&ipp, opts); ! if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); ipnpn = ipp.ipo_list; ipp.ipo_list = NULL; Only in ip_fil4.1.14/lib: printpool_live.c Only in ip_fil4.1.14/lib: printpooldata.c diff -cr ip_fil4.1.13/lib/printpoolnode.c ip_fil4.1.14/lib/printpoolnode.c *** ip_fil4.1.13/lib/printpoolnode.c Sun Nov 9 10:01:27 2003 --- ip_fil4.1.14/lib/printpoolnode.c Fri Jul 14 16:12:27 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 21,31 **** printip((u_32_t *)&np->ipn_addr.adf_addr.in4); printmask((u_32_t *)&np->ipn_mask.adf_addr); } else { ! PRINTF("\t\t%s%s", np->ipn_info ? "! " : "", inet_ntoa(np->ipn_addr.adf_addr.in4)); printmask((u_32_t *)&np->ipn_mask.adf_addr); ! PRINTF("\n\t\tHits %lu\tName %s\n", ! np->ipn_hits, np->ipn_name); } return np->ipn_next; } --- 21,31 ---- printip((u_32_t *)&np->ipn_addr.adf_addr.in4); printmask((u_32_t *)&np->ipn_mask.adf_addr); } else { ! PRINTF("\tAddress: %s%s", np->ipn_info ? "! " : "", inet_ntoa(np->ipn_addr.adf_addr.in4)); printmask((u_32_t *)&np->ipn_mask.adf_addr); ! PRINTF("\t\tHits %lu\tName %s\tRef %d\n", ! np->ipn_hits, np->ipn_name, np->ipn_ref); } return np->ipn_next; } diff -cr ip_fil4.1.13/lib/printportcmp.c ip_fil4.1.14/lib/printportcmp.c *** ip_fil4.1.13/lib/printportcmp.c Sun Feb 16 13:31:05 2003 --- ip_fil4.1.14/lib/printportcmp.c Sat Jun 17 03:21:14 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printportcmp.c,v 1.7.4.1 2006/06/16 17:21:14 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/printproto.c ip_fil4.1.14/lib/printproto.c *** ip_fil4.1.13/lib/printproto.c Sun Jun 12 17:21:53 2005 --- ip_fil4.1.14/lib/printproto.c Sat Jun 17 03:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 8,14 **** #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.1 2005/06/12 07:21:53 darrenr Exp $"; #endif --- 8,14 ---- #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.2 2006/06/16 17:21:14 darrenr Exp $"; #endif diff -cr ip_fil4.1.13/lib/printsbuf.c ip_fil4.1.14/lib/printsbuf.c *** ip_fil4.1.13/lib/printsbuf.c Fri Dec 10 06:41:22 2004 --- ip_fil4.1.14/lib/printsbuf.c Sat Jun 17 03:21:14 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printsbuf.c,v 1.2.4.2 2006/06/16 17:21:14 darrenr Exp $ + */ + #ifdef IPFILTER_SCAN #include diff -cr ip_fil4.1.13/lib/printstate.c ip_fil4.1.14/lib/printstate.c *** ip_fil4.1.13/lib/printstate.c Sat Aug 20 23:48:30 2005 --- ip_fil4.1.14/lib/printstate.c Fri Jul 14 16:12:27 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 15,78 **** int opts; u_long now; { - ipstate_t ips; synclist_t ipsync; ! if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips))) ! return NULL; ! ! PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4)); PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n", ! hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p, ! ips.is_state[0], ips.is_state[1], ips.is_hv); ! PRINTF("\ttag %u ttl %lu", ips.is_tag, ips.is_die - now); ! if (ips.is_p == IPPROTO_TCP) { PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", ! ntohs(ips.is_sport), ntohs(ips.is_dport), ! ips.is_send, ips.is_dend, ! ips.is_maxswin, ips.is_swinscale, ! ips.is_maxdwin, ips.is_dwinscale); PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", ! ips.is_smsk[0], ips.is_smsk[1], ips.is_isc, ! ips.is_s0[0], ips.is_s0[1]); PRINTF("\tFWD:ISN inc %x sumd %x\n", ! ips.is_isninc[0], ips.is_sumd[0]); PRINTF("\tREV:ISN inc %x sumd %x\n", ! ips.is_isninc[1], ips.is_sumd[1]); #ifdef IPFILTER_SCAN PRINTF("\tsbuf[0] ["); ! printsbuf(ips.is_sbuf[0]); PRINTF("] sbuf[1] ["); ! printsbuf(ips.is_sbuf[1]); PRINTF("]\n"); #endif ! } else if (ips.is_p == IPPROTO_UDP) { ! PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport), ! ntohs(ips.is_dport)); ! } else if (ips.is_p == IPPROTO_GRE) { ! PRINTF(" call %hx/%hx\n", ntohs(ips.is_gre.gs_call[0]), ! ntohs(ips.is_gre.gs_call[1])); ! } else if (ips.is_p == IPPROTO_ICMP #ifdef USE_INET6 ! || ips.is_p == IPPROTO_ICMPV6 #endif ) ! PRINTF(" id %hu seq %hu type %d\n", ips.is_icmp.ici_id, ! ips.is_icmp.ici_seq, ips.is_icmp.ici_type); #ifdef USE_QUAD_T PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n", ! ips.is_pkts[0], ips.is_bytes[0], ! ips.is_pkts[1], ips.is_bytes[1], ! ips.is_pkts[2], ips.is_bytes[2], ! ips.is_pkts[3], ips.is_bytes[3]); #else PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", ! ips.is_pkts[0], ips.is_bytes[0], ! ips.is_pkts[1], ips.is_bytes[1], ! ips.is_pkts[2], ips.is_bytes[2], ! ips.is_pkts[3], ips.is_bytes[3]); #endif PRINTF("\t"); --- 15,74 ---- int opts; u_long now; { synclist_t ipsync; ! PRINTF("%s -> ", hostname(sp->is_v, &sp->is_src.in4)); PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n", ! hostname(sp->is_v, &sp->is_dst.in4), sp->is_pass, sp->is_p, ! sp->is_state[0], sp->is_state[1], sp->is_hv); ! PRINTF("\ttag %u ttl %lu", sp->is_tag, sp->is_die - now); ! if (sp->is_p == IPPROTO_TCP) { PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", ! ntohs(sp->is_sport), ntohs(sp->is_dport), ! sp->is_send, sp->is_dend, ! sp->is_maxswin, sp->is_swinscale, ! sp->is_maxdwin, sp->is_dwinscale); PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", ! sp->is_smsk[0], sp->is_smsk[1], sp->is_isc, ! sp->is_s0[0], sp->is_s0[1]); PRINTF("\tFWD:ISN inc %x sumd %x\n", ! sp->is_isninc[0], sp->is_sumd[0]); PRINTF("\tREV:ISN inc %x sumd %x\n", ! sp->is_isninc[1], sp->is_sumd[1]); #ifdef IPFILTER_SCAN PRINTF("\tsbuf[0] ["); ! printsbuf(sp->is_sbuf[0]); PRINTF("] sbuf[1] ["); ! printsbuf(sp->is_sbuf[1]); PRINTF("]\n"); #endif ! } else if (sp->is_p == IPPROTO_UDP) { ! PRINTF(" %hu -> %hu\n", ntohs(sp->is_sport), ! ntohs(sp->is_dport)); ! } else if (sp->is_p == IPPROTO_GRE) { ! PRINTF(" call %hx/%hx\n", ntohs(sp->is_gre.gs_call[0]), ! ntohs(sp->is_gre.gs_call[1])); ! } else if (sp->is_p == IPPROTO_ICMP #ifdef USE_INET6 ! || sp->is_p == IPPROTO_ICMPV6 #endif ) ! PRINTF(" id %hu seq %hu type %d\n", sp->is_icmp.ici_id, ! sp->is_icmp.ici_seq, sp->is_icmp.ici_type); #ifdef USE_QUAD_T PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n", ! sp->is_pkts[0], sp->is_bytes[0], ! sp->is_pkts[1], sp->is_bytes[1], ! sp->is_pkts[2], sp->is_bytes[2], ! sp->is_pkts[3], sp->is_bytes[3]); #else PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", ! sp->is_pkts[0], sp->is_bytes[0], ! sp->is_pkts[1], sp->is_bytes[1], ! sp->is_pkts[2], sp->is_bytes[2], ! sp->is_pkts[3], sp->is_bytes[3]); #endif PRINTF("\t"); *************** *** 81,91 **** * Print out bits set in the result code for the state being * kept as they would for a rule. */ ! if (FR_ISPASS(ips.is_pass)) { PRINTF("pass"); ! } else if (FR_ISBLOCK(ips.is_pass)) { PRINTF("block"); ! switch (ips.is_pass & FR_RETMASK) { case FR_RETICMP : PRINTF(" return-icmp"); --- 77,87 ---- * Print out bits set in the result code for the state being * kept as they would for a rule. */ ! if (FR_ISPASS(sp->is_pass)) { PRINTF("pass"); ! } else if (FR_ISBLOCK(sp->is_pass)) { PRINTF("block"); ! switch (sp->is_pass & FR_RETMASK) { case FR_RETICMP : PRINTF(" return-icmp"); *************** *** 99,175 **** default : break; } ! } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) { PRINTF("log"); ! if (ips.is_pass & FR_LOGBODY) PRINTF(" body"); ! if (ips.is_pass & FR_LOGFIRST) PRINTF(" first"); ! } else if (FR_ISACCOUNT(ips.is_pass)) { PRINTF("count"); ! } else if (FR_ISPREAUTH(ips.is_pass)) { PRINTF("preauth"); ! } else if (FR_ISAUTH(ips.is_pass)) PRINTF("auth"); ! if (ips.is_pass & FR_OUTQUE) PRINTF(" out"); else PRINTF(" in"); ! if ((ips.is_pass & FR_LOG) != 0) { PRINTF(" log"); ! if (ips.is_pass & FR_LOGBODY) PRINTF(" body"); ! if (ips.is_pass & FR_LOGFIRST) PRINTF(" first"); ! if (ips.is_pass & FR_LOGORBLOCK) PRINTF(" or-block"); } ! if (ips.is_pass & FR_QUICK) PRINTF(" quick"); ! if (ips.is_pass & FR_KEEPFRAG) PRINTF(" keep frags"); /* a given; no? */ ! if (ips.is_pass & FR_KEEPSTATE) { PRINTF(" keep state"); ! if (ips.is_pass & FR_STATESYNC) PRINTF(" ( sync )"); } ! PRINTF("\tIPv%d", ips.is_v); PRINTF("\n"); PRINTF("\tpkt_flags & %x(%x) = %x,\t", ! ips.is_flags & 0xf, ips.is_flags, ! ips.is_flags >> 4); ! PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], ! ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ! ips.is_secmsk, ips.is_sec, ips.is_authmsk, ! ips.is_auth); ! PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1], ! ips.is_flx[1][0], ips.is_flx[1][1]); ! PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]), ! ips.is_ifname[0]); if (opts & OPT_DEBUG) ! PRINTF("/%p", ips.is_ifp[0]); putchar(']'); ! PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]); if (opts & OPT_DEBUG) ! PRINTF("/%p", ips.is_ifp[1]); putchar(']'); ! PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]); if (opts & OPT_DEBUG) ! PRINTF("/%p", ips.is_ifp[2]); putchar(']'); ! PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]); if (opts & OPT_DEBUG) ! PRINTF("/%p", ips.is_ifp[3]); PRINTF("]\n"); ! if (ips.is_sync != NULL) { ! if (kmemcpy((char *)&ipsync, (u_long)ips.is_sync, sizeof(ipsync))) { PRINTF("\tSync status: status could not be retrieved\n"); return NULL; --- 95,171 ---- default : break; } ! } else if ((sp->is_pass & FR_LOGMASK) == FR_LOG) { PRINTF("log"); ! if (sp->is_pass & FR_LOGBODY) PRINTF(" body"); ! if (sp->is_pass & FR_LOGFIRST) PRINTF(" first"); ! } else if (FR_ISACCOUNT(sp->is_pass)) { PRINTF("count"); ! } else if (FR_ISPREAUTH(sp->is_pass)) { PRINTF("preauth"); ! } else if (FR_ISAUTH(sp->is_pass)) PRINTF("auth"); ! if (sp->is_pass & FR_OUTQUE) PRINTF(" out"); else PRINTF(" in"); ! if ((sp->is_pass & FR_LOG) != 0) { PRINTF(" log"); ! if (sp->is_pass & FR_LOGBODY) PRINTF(" body"); ! if (sp->is_pass & FR_LOGFIRST) PRINTF(" first"); ! if (sp->is_pass & FR_LOGORBLOCK) PRINTF(" or-block"); } ! if (sp->is_pass & FR_QUICK) PRINTF(" quick"); ! if (sp->is_pass & FR_KEEPFRAG) PRINTF(" keep frags"); /* a given; no? */ ! if (sp->is_pass & FR_KEEPSTATE) { PRINTF(" keep state"); ! if (sp->is_pass & FR_STATESYNC) PRINTF(" ( sync )"); } ! PRINTF("\tIPv%d", sp->is_v); PRINTF("\n"); PRINTF("\tpkt_flags & %x(%x) = %x,\t", ! sp->is_flags & 0xf, sp->is_flags, ! sp->is_flags >> 4); ! PRINTF("\tpkt_options & %x = %x, %x = %x \n", sp->is_optmsk[0], ! sp->is_opt[0], sp->is_optmsk[1], sp->is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ! sp->is_secmsk, sp->is_sec, sp->is_authmsk, ! sp->is_auth); ! PRINTF("\tis_flx %#x %#x %#x %#x\n", sp->is_flx[0][0], sp->is_flx[0][1], ! sp->is_flx[1][0], sp->is_flx[1][1]); ! PRINTF("\tinterfaces: in %s[%s", getifname(sp->is_ifp[0]), ! sp->is_ifname[0]); if (opts & OPT_DEBUG) ! PRINTF("/%p", sp->is_ifp[0]); putchar(']'); ! PRINTF(",%s[%s", getifname(sp->is_ifp[1]), sp->is_ifname[1]); if (opts & OPT_DEBUG) ! PRINTF("/%p", sp->is_ifp[1]); putchar(']'); ! PRINTF(" out %s[%s", getifname(sp->is_ifp[2]), sp->is_ifname[2]); if (opts & OPT_DEBUG) ! PRINTF("/%p", sp->is_ifp[2]); putchar(']'); ! PRINTF(",%s[%s", getifname(sp->is_ifp[3]), sp->is_ifname[3]); if (opts & OPT_DEBUG) ! PRINTF("/%p", sp->is_ifp[3]); PRINTF("]\n"); ! if (sp->is_sync != NULL) { ! if (kmemcpy((char *)&ipsync, (u_long)sp->is_sync, sizeof(ipsync))) { PRINTF("\tSync status: status could not be retrieved\n"); return NULL; *************** *** 183,187 **** PRINTF("\tSync status: not synchronized\n"); } ! return ips.is_next; } --- 179,183 ---- PRINTF("\tSync status: not synchronized\n"); } ! return sp->is_next; } diff -cr ip_fil4.1.13/lib/printtunable.c ip_fil4.1.14/lib/printtunable.c *** ip_fil4.1.13/lib/printtunable.c Thu Sep 18 10:57:36 2003 --- ip_fil4.1.14/lib/printtunable.c Sat Jun 17 03:21:15 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: printtunable.c,v 1.1.4.1 2006/06/16 17:21:15 darrenr Exp $ + */ + #include "ipf.h" void printtunable(tup) Only in ip_fil4.1.13/lib: ratoi.c Only in ip_fil4.1.13/lib: ratoui.c diff -cr ip_fil4.1.13/lib/remove_hash.c ip_fil4.1.14/lib/remove_hash.c *** ip_fil4.1.13/lib/remove_hash.c Sun Apr 13 16:40:14 2003 --- ip_fil4.1.14/lib/remove_hash.c Sat Jun 17 03:21:16 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_hash.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/remove_hashnode.c ip_fil4.1.14/lib/remove_hashnode.c *** ip_fil4.1.13/lib/remove_hashnode.c Sun Apr 13 16:40:14 2003 --- ip_fil4.1.14/lib/remove_hashnode.c Sat Jun 17 03:21:16 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_hashnode.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/remove_pool.c ip_fil4.1.14/lib/remove_pool.c *** ip_fil4.1.13/lib/remove_pool.c Sun Apr 13 16:40:14 2003 --- ip_fil4.1.14/lib/remove_pool.c Sat Jun 17 03:21:16 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_pool.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/remove_poolnode.c ip_fil4.1.14/lib/remove_poolnode.c *** ip_fil4.1.13/lib/remove_poolnode.c Sat Nov 22 21:14:36 2003 --- ip_fil4.1.14/lib/remove_poolnode.c Sat Jun 17 03:21:16 2006 *************** *** 1,9 **** /* ! * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $ */ #include --- 1,9 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: remove_poolnode.c,v 1.3.2.1 2006/06/16 17:21:16 darrenr Exp $ */ #include diff -cr ip_fil4.1.13/lib/resetlexer.c ip_fil4.1.14/lib/resetlexer.c *** ip_fil4.1.13/lib/resetlexer.c Fri Apr 12 00:56:39 2002 --- ip_fil4.1.14/lib/resetlexer.c Sat Jun 17 03:21:16 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: resetlexer.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $ + */ + #include "ipf.h" long string_start = -1; diff -cr ip_fil4.1.13/lib/rwlock_emul.c ip_fil4.1.14/lib/rwlock_emul.c *** ip_fil4.1.13/lib/rwlock_emul.c Sun Apr 27 16:33:44 2003 --- ip_fil4.1.14/lib/rwlock_emul.c Sat Jun 17 03:21:17 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2003 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: rwlock_emul.c,v 1.1.4.1 2006/06/16 17:21:17 darrenr Exp $ + */ + #include "ipf.h" #define EMM_MAGIC 0x97dd8b3a diff -cr ip_fil4.1.13/lib/tcp_flags.c ip_fil4.1.14/lib/tcp_flags.c *** ip_fil4.1.13/lib/tcp_flags.c Sun Feb 8 05:15:54 2004 --- ip_fil4.1.14/lib/tcp_flags.c Sat Jun 17 03:21:17 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: tcp_flags.c,v 1.8.2.1 2006/06/16 17:21:17 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/tcpflags.c ip_fil4.1.14/lib/tcpflags.c *** ip_fil4.1.13/lib/tcpflags.c Sat Nov 2 18:18:01 2002 --- ip_fil4.1.14/lib/tcpflags.c Sat Jun 17 03:21:17 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2001-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: tcpflags.c,v 1.3.4.1 2006/06/16 17:21:17 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/tcpoptnames.c ip_fil4.1.14/lib/tcpoptnames.c *** ip_fil4.1.13/lib/tcpoptnames.c Mon Jan 28 17:50:48 2002 --- ip_fil4.1.14/lib/tcpoptnames.c Sat Jun 17 03:21:17 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2000-2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: tcpoptnames.c,v 1.5.4.1 2006/06/16 17:21:17 darrenr Exp $ */ #include "ipf.h" Only in ip_fil4.1.13/lib: to_interface.c diff -cr ip_fil4.1.13/lib/v6ionames.c ip_fil4.1.14/lib/v6ionames.c *** ip_fil4.1.13/lib/v6ionames.c Tue Oct 18 04:31:09 2005 --- ip_fil4.1.14/lib/v6ionames.c Sat Jun 17 03:21:18 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2003-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: v6ionames.c,v 1.1.4.3 2006/06/16 17:21:18 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/v6optvalue.c ip_fil4.1.14/lib/v6optvalue.c *** ip_fil4.1.13/lib/v6optvalue.c Sat Apr 26 14:55:58 2003 --- ip_fil4.1.14/lib/v6optvalue.c Sat Jun 17 03:21:18 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $ */ #include "ipf.h" --- 1,9 ---- /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: v6optvalue.c,v 1.1.4.1 2006/06/16 17:21:18 darrenr Exp $ */ #include "ipf.h" diff -cr ip_fil4.1.13/lib/var.c ip_fil4.1.14/lib/var.c *** ip_fil4.1.13/lib/var.c Fri Dec 10 06:41:23 2004 --- ip_fil4.1.14/lib/var.c Sat Jun 17 03:21:18 2006 *************** *** 1,3 **** --- 1,11 ---- + /* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: var.c,v 1.4.2.3 2006/06/16 17:21:18 darrenr Exp $ + */ + #include #include "ipf.h" diff -cr ip_fil4.1.13/lib/verbose.c ip_fil4.1.14/lib/verbose.c *** ip_fil4.1.13/lib/verbose.c Sun Jun 10 03:09:25 2001 --- ip_fil4.1.14/lib/verbose.c Sat Jun 17 03:21:18 2006 *************** *** 1,9 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $ */ #if defined(__STDC__) --- 1,9 ---- /* ! * Copyright (C) 2000-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: verbose.c,v 1.6.4.1 2006/06/16 17:21:18 darrenr Exp $ */ #if defined(__STDC__) diff -cr ip_fil4.1.13/linux.c ip_fil4.1.14/linux.c *** ip_fil4.1.13/linux.c Wed Mar 22 03:14:31 2006 --- ip_fil4.1.14/linux.c Fri Jul 14 16:12:21 2006 *************** *** 251,257 **** } #endif ! i = iplattach(); #ifdef CONFIG_PROC_FS if (i == 0) { --- 251,257 ---- } #endif ! i = ipfattach(); #ifdef CONFIG_PROC_FS if (i == 0) { *************** *** 307,313 **** return EBUSY; if (fr_running >= 0) { ! result = ipldetach(); if (result != 0) { if (result > 0) result = -result; --- 307,313 ---- return EBUSY; if (fr_running >= 0) { ! result = ipfdetach(); if (result != 0) { if (result > 0) result = -result; diff -cr ip_fil4.1.13/man/ipf.8 ip_fil4.1.14/man/ipf.8 *** ip_fil4.1.13/man/ipf.8 Fri May 7 00:20:26 2004 --- ip_fil4.1.14/man/ipf.8 Tue Apr 4 07:03:26 2006 *************** *** 104,109 **** --- 104,110 ---- .TP .B \-s Swap the active filter list in use to be the "other" one. + .TP .B \-T This option allows run-time changing of IPFilter kernel variables. Some variables require IPFilter to be in a disabled state (\fB-D\fP) for changing, diff -cr ip_fil4.1.13/ml_ipl.c ip_fil4.1.14/ml_ipl.c *** ip_fil4.1.13/ml_ipl.c Mon Dec 1 13:05:15 2003 --- ip_fil4.1.14/ml_ipl.c Fri Jul 14 16:12:21 2006 *************** *** 29,35 **** #define IPL_NAME "/dev/ipl" #endif ! extern int iplattach(), iplopen(), iplclose(), iplioctl(), iplread(); extern int nulldev(), iplidentify(), errno; struct cdevsw ipldevsw = --- 29,35 ---- #define IPL_NAME "/dev/ipl" #endif ! extern int ipfattach(), iplopen(), iplclose(), iplioctl(), iplread(); extern int nulldev(), iplidentify(), errno; struct cdevsw ipldevsw = *************** *** 44,50 **** { 1, iplidentify, ! iplattach, iplopen, iplclose, iplread, --- 44,50 ---- { 1, iplidentify, ! ipfattach, iplopen, iplclose, iplread, *************** *** 138,144 **** int i; (void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE); ! return ipldetach(); } --- 138,144 ---- int i; (void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE); ! return ipfdetach(); } *************** *** 158,162 **** error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp); if (error == 0) VN_RELE(vp); ! return iplattach(0); } --- 158,162 ---- error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp); if (error == 0) VN_RELE(vp); ! return ipfattach(0); } diff -cr ip_fil4.1.13/mlf_ipl.c ip_fil4.1.14/mlf_ipl.c *** ip_fil4.1.13/mlf_ipl.c Fri Aug 27 03:35:09 2004 --- ip_fil4.1.14/mlf_ipl.c Fri Jul 14 16:12:21 2006 *************** *** 296,302 **** { int error = 0; ! error = ipldetach(); if (!error) error = if_ipl_remove(); return error; --- 296,302 ---- { int error = 0; ! error = ipfdetach(); if (!error) error = if_ipl_remove(); return error; *************** *** 312,318 **** int error = 0, fmode = S_IFCHR|0600, i; char *name; ! error = iplattach(); if (error) return error; (void) if_ipl_remove(); --- 312,318 ---- int error = 0, fmode = S_IFCHR|0600, i; char *name; ! error = ipfattach(); if (error) return error; (void) if_ipl_remove(); diff -cr ip_fil4.1.13/mlfk_ipl.c ip_fil4.1.14/mlfk_ipl.c *** ip_fil4.1.13/mlfk_ipl.c Sun Mar 26 23:50:47 2006 --- ip_fil4.1.14/mlfk_ipl.c Fri Jul 14 16:12:22 2006 *************** *** 30,37 **** #include #include - extern struct selinfo ipfselwait[IPL_LOGSIZE]; - #if __FreeBSD_version >= 502116 static struct cdev *ipf_devs[IPL_LOGSIZE]; #else --- 30,35 ---- *************** *** 173,179 **** char *defpass, *c, *str; int i, j, error; ! error = iplattach(); if (error) return error; --- 171,177 ---- char *defpass, *c, *str; int i, j, error; ! error = ipfattach(); if (error) return error; *************** *** 225,231 **** return EBUSY; if (fr_running >= 0) { ! error = ipldetach(); if (error != 0) return error; } else --- 223,229 ---- return EBUSY; if (fr_running >= 0) { ! error = ipfdetach(); if (error != 0) return error; } else diff -cr ip_fil4.1.13/mli_ipl.c ip_fil4.1.14/mli_ipl.c *** ip_fil4.1.13/mli_ipl.c Sat Aug 20 23:48:26 2005 --- ip_fil4.1.14/mli_ipl.c Fri Jul 14 16:12:22 2006 *************** *** 57,63 **** ipfmutex_t ipl_mutex, ipfi_mutex, ipf_rw, ipf_stinsert, ipf_authmx; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; ! ipfrwlock_t ipf_global, ipf_mutex, ipf_ipidfrag, ipf_frcache; int (*fr_checkp) __P((struct ip *, int, void *, int, mb_t **)); --- 57,63 ---- ipfmutex_t ipl_mutex, ipfi_mutex, ipf_rw, ipf_stinsert, ipf_authmx; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; ! ipfrwlock_t ipf_global, ipf_mutex, ipf_ipidfrag, ipf_frcache, ipf_tokens; int (*fr_checkp) __P((struct ip *, int, void *, int, mb_t **)); *************** *** 571,576 **** --- 571,577 ---- LOCK_DEALLOC(ipf_auth.l); LOCK_DEALLOC(ipf_natfrag.l); LOCK_DEALLOC(ipf_ipidfrag.l); + LOCK_DEALLOC(ipf_tokens.l); LOCK_DEALLOC(ipf_stinsert.l); LOCK_DEALLOC(ipf_nat_new.l); LOCK_DEALLOC(ipf_natio.l); *************** *** 589,594 **** --- 590,596 ---- MUTEX_DESTROY(&ipf_timeoutlock); RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); + RW_DESTROY(&ipf_tokens); RWLOCK_EXIT(&ipf_global); delay(hz); RW_DESTROY(&ipf_global); *************** *** 621,626 **** --- 623,629 ---- ipf_stinsert.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); ipf_natfrag.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); ipf_ipidfrag.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); + ipf_tokens.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); ipf_auth.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); ipf_rw.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); ipl_mutex.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP); *************** *** 628,634 **** if (!ipfi_mutex.l || !ipf_mutex.l || !ipf_timeoutlock.l || !ipf_frag.l || !ipf_state.l || !ipf_nat.l || !ipf_natfrag.l || !ipf_auth.l || !ipf_rw.l || !ipf_ipidfrag.l || !ipl_mutex.l || ! !ipf_stinsert.l || !ipf_authmx.l || !ipf_frcache.l) panic("IP Filter: LOCK_ALLOC failed"); #else MUTEX_INIT(&ipf_rw, "ipf rw mutex"); --- 631,637 ---- if (!ipfi_mutex.l || !ipf_mutex.l || !ipf_timeoutlock.l || !ipf_frag.l || !ipf_state.l || !ipf_nat.l || !ipf_natfrag.l || !ipf_auth.l || !ipf_rw.l || !ipf_ipidfrag.l || !ipl_mutex.l || ! !ipf_stinsert.l || !ipf_authmx.l || !ipf_frcache.l || !ipf_tokens.l) panic("IP Filter: LOCK_ALLOC failed"); #else MUTEX_INIT(&ipf_rw, "ipf rw mutex"); diff -cr ip_fil4.1.13/mln_ipl.c ip_fil4.1.14/mln_ipl.c *** ip_fil4.1.13/mln_ipl.c Sat Nov 13 13:48:50 2004 --- ip_fil4.1.14/mln_ipl.c Fri Jul 14 16:12:22 2006 *************** *** 230,236 **** if (fr_refcnt) error = EBUSY; else if (fr_running >= 0) ! error = ipldetach(); if (error == 0) { fr_running = -2; --- 230,236 ---- if (fr_refcnt) error = EBUSY; else if (fr_running >= 0) ! error = ipfdetach(); if (error == 0) { fr_running = -2; *************** *** 255,261 **** */ (void)ipl_remove(); ! error = iplattach(); for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) { NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc); --- 255,261 ---- */ (void)ipl_remove(); ! error = ipfattach(); for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) { NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc); diff -cr ip_fil4.1.13/mlo_ipl.c ip_fil4.1.14/mlo_ipl.c *** ip_fil4.1.13/mlo_ipl.c Mon Nov 1 05:45:31 2004 --- ip_fil4.1.14/mlo_ipl.c Fri Jul 14 16:12:22 2006 *************** *** 176,182 **** if (fr_refcnt) error = EBUSY; else if (fr_running >= 0) ! error = ipldetach(); if (error == 0) { fr_running = -2; --- 176,182 ---- if (fr_refcnt) error = EBUSY; else if (fr_running >= 0) ! error = ipfdetach(); if (error == 0) { fr_running = -2; *************** *** 201,207 **** */ (void)ipl_remove(); ! error = iplattach(); for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) { NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc); --- 201,207 ---- */ (void)ipl_remove(); ! error = ipfattach(); for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) { NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc); diff -cr ip_fil4.1.13/mls_ipl.c ip_fil4.1.14/mls_ipl.c *** ip_fil4.1.13/mls_ipl.c Fri Nov 5 06:24:54 2004 --- ip_fil4.1.14/mls_ipl.c Fri Jul 14 16:12:22 2006 *************** *** 40,49 **** #if !defined(lint) static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.7.2.2 2004/11/04 19:24:54 darrenr Exp $"; #endif ! extern int ipldetach __P((void)); #ifndef IPFILTER_LOG #define iplread nulldev #endif --- 40,49 ---- #if !defined(lint) static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.7.2.3 2006/07/14 06:12:22 darrenr Exp $"; #endif ! extern int ipfdetach __P((void)); #ifndef IPFILTER_LOG #define iplread nulldev #endif *************** *** 72,78 **** { 1, iplidentify, ! iplattach, iplopen, iplclose, iplread, --- 72,78 ---- { 1, iplidentify, ! ipfattach, iplopen, iplclose, iplread, *************** *** 177,183 **** if (fr_refcnt != 0) err = EBUSY; else if (fr_running >= 0) ! err = ipldetach(); if (err) return err; --- 177,183 ---- if (fr_refcnt != 0) err = EBUSY; else if (fr_running >= 0) ! err = ipfdetach(); if (err) return err; *************** *** 196,202 **** int error = 0, fmode = S_IFCHR|0600, i; char *name; ! error = iplattach(); if (error) return error; --- 196,202 ---- int error = 0, fmode = S_IFCHR|0600, i; char *name; ! error = ipfattach(); if (error) return error; diff -cr ip_fil4.1.13/solaris.c ip_fil4.1.14/solaris.c *** ip_fil4.1.13/solaris.c Mon Mar 20 02:02:30 2006 --- ip_fil4.1.14/solaris.c Fri Jul 14 16:12:23 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.73.2.10 2006/03/19 15:02:30 darrenr Exp $" #include #include --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.73.2.11 2006/07/14 06:12:23 darrenr Exp $" #include #include *************** *** 299,305 **** * Lock people out while we set things up. */ WRITE_ENTER(&ipf_global); ! if ((fr_running != 0) || (iplattach() == -1)) { RWLOCK_EXIT(&ipf_global); goto attach_failed; } --- 299,305 ---- * Lock people out while we set things up. */ WRITE_ENTER(&ipf_global); ! if ((fr_running != 0) || (ipfattach() == -1)) { RWLOCK_EXIT(&ipf_global); goto attach_failed; } *************** *** 405,411 **** } WRITE_ENTER(&ipf_global); ! if (!ipldetach()) { RWLOCK_EXIT(&ipf_global); RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); --- 405,411 ---- } WRITE_ENTER(&ipf_global); ! if (!ipfdetach()) { RWLOCK_EXIT(&ipf_global); RW_DESTROY(&ipf_mutex); RW_DESTROY(&ipf_frcache); diff -cr ip_fil4.1.13/test/Makefile ip_fil4.1.14/test/Makefile *** ip_fil4.1.13/test/Makefile Sun Mar 26 00:34:10 2006 --- ip_fil4.1.14/test/Makefile Sat Aug 26 08:43:21 2006 *************** *** 36,42 **** logtests: l1 ! pools: p1 p2 p3 ip1 ipv6: ipv6.1 ipv6.2 ipv6.3 --- 36,42 ---- logtests: l1 ! pools: p1 p2 p3 p5 ip1 ip2 ipv6: ipv6.1 ipv6.2 ipv6.3 *************** *** 54,63 **** n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14: @/bin/sh ./nattest `awk "/^$@ / { print; } " test.format` ! ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20: @/bin/sh ./natipftest single `awk "/^$@ / { print; } " test.format` ! ni6 ni21: @/bin/sh ./natipftest multi `awk "/^$@ / { print; } " test.format` in1 in2 in3 in4 in5 in6: --- 54,63 ---- n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14: @/bin/sh ./nattest `awk "/^$@ / { print; } " test.format` ! ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20: @/bin/sh ./natipftest single `awk "/^$@ / { print; } " test.format` ! ni1 ni6 ni21: @/bin/sh ./natipftest multi `awk "/^$@ / { print; } " test.format` in1 in2 in3 in4 in5 in6: *************** *** 69,78 **** ipv6.1 ipv6.2 ipv6.3: @/bin/sh ./dotest6 `awk "/^$@ / { print; } " test.format` ! p1 p2 p3: @/bin/sh ./ptest `awk "/^$@ / { print; } " test.format` ! ip1: @/bin/sh ./iptest `awk "/^$@ / { print; } " test.format` bpf-f1: --- 69,78 ---- ipv6.1 ipv6.2 ipv6.3: @/bin/sh ./dotest6 `awk "/^$@ / { print; } " test.format` ! p1 p2 p3 p5: @/bin/sh ./ptest `awk "/^$@ / { print; } " test.format` ! ip1 ip2: @/bin/sh ./iptest `awk "/^$@ / { print; } " test.format` bpf-f1: *************** *** 85,91 **** /bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20 ni21 /bin/rm -f in1 in2 in3 in4 in5 in6 ! /bin/rm -f p1 p2 p3 ip1 /bin/rm -f l1 /bin/rm -f ipv6.1 ipv6.2 ipv6.3 /bin/rm -f bpf1 bpf-f1 --- 85,91 ---- /bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20 ni21 /bin/rm -f in1 in2 in3 in4 in5 in6 ! /bin/rm -f p1 p2 p3 p5 ip1 ip2 /bin/rm -f l1 /bin/rm -f ipv6.1 ipv6.2 ipv6.3 /bin/rm -f bpf1 bpf-f1 diff -cr ip_fil4.1.13/test/expected/f12 ip_fil4.1.14/test/expected/f12 *** ip_fil4.1.13/test/expected/f12 Thu Aug 5 03:31:29 1999 --- ip_fil4.1.14/test/expected/f12 Mon May 15 18:39:38 2006 *************** *** 1,60 **** pass pass pass nomatch nomatch ! nomatch ! nomatch nomatch nomatch -------- pass pass pass ! pass ! nomatch nomatch nomatch nomatch nomatch -------- nomatch nomatch nomatch block - block - nomatch nomatch nomatch nomatch -------- nomatch nomatch block block - block - nomatch nomatch nomatch nomatch -------- nomatch nomatch nomatch nomatch nomatch ! nomatch ! pass nomatch pass -------- nomatch nomatch nomatch nomatch nomatch ! nomatch ! nomatch nomatch block -------- --- 1,60 ---- pass pass pass + bad-packet nomatch nomatch ! bad-packet nomatch nomatch -------- pass pass pass ! bad-packet nomatch nomatch + bad-packet nomatch nomatch -------- nomatch nomatch nomatch + bad-packet block nomatch + bad-packet nomatch nomatch -------- nomatch nomatch block + bad-packet block nomatch + bad-packet nomatch nomatch -------- nomatch nomatch nomatch + bad-packet nomatch nomatch ! bad-packet nomatch pass -------- nomatch nomatch nomatch + bad-packet nomatch nomatch ! bad-packet nomatch block -------- diff -cr ip_fil4.1.13/test/expected/f13 ip_fil4.1.14/test/expected/f13 *** ip_fil4.1.13/test/expected/f13 Sun Dec 4 20:31:37 2005 --- ip_fil4.1.14/test/expected/f13 Mon May 15 18:39:38 2006 *************** *** 1,13 **** pass ! nomatch nomatch pass nomatch nomatch nomatch ! nomatch ! nomatch ! nomatch nomatch nomatch nomatch --- 1,13 ---- pass ! bad-packet nomatch pass + bad-packet nomatch nomatch + bad-packet nomatch ! bad-packet nomatch nomatch nomatch *************** *** 19,33 **** nomatch -------- block ! nomatch nomatch block nomatch nomatch nomatch ! nomatch ! nomatch ! nomatch nomatch nomatch nomatch --- 19,33 ---- nomatch -------- block ! bad-packet nomatch block + bad-packet nomatch nomatch + bad-packet nomatch ! bad-packet nomatch nomatch nomatch *************** *** 39,53 **** nomatch -------- nomatch nomatch nomatch nomatch nomatch ! nomatch ! nomatch pass ! pass ! nomatch nomatch nomatch pass --- 39,53 ---- nomatch -------- nomatch + bad-packet nomatch nomatch + bad-packet nomatch nomatch ! bad-packet pass ! bad-packet nomatch nomatch pass *************** *** 59,73 **** nomatch -------- nomatch nomatch nomatch nomatch nomatch ! nomatch ! nomatch block ! block ! nomatch nomatch nomatch block --- 59,73 ---- nomatch -------- nomatch + bad-packet nomatch nomatch + bad-packet nomatch nomatch ! bad-packet block ! bad-packet nomatch nomatch block *************** *** 79,93 **** nomatch -------- block ! nomatch nomatch pass nomatch nomatch nomatch ! nomatch ! nomatch ! nomatch nomatch nomatch nomatch --- 79,93 ---- nomatch -------- block ! bad-packet nomatch pass + bad-packet nomatch nomatch + bad-packet nomatch ! bad-packet nomatch nomatch nomatch *************** *** 99,113 **** pass -------- block ! nomatch nomatch block nomatch nomatch nomatch ! nomatch ! nomatch ! nomatch nomatch nomatch nomatch --- 99,113 ---- pass -------- block ! bad-packet nomatch block + bad-packet nomatch nomatch + bad-packet nomatch ! bad-packet nomatch nomatch nomatch *************** *** 119,133 **** block -------- nomatch nomatch nomatch nomatch nomatch ! nomatch ! nomatch pass ! pass ! nomatch nomatch nomatch nomatch --- 119,133 ---- block -------- nomatch + bad-packet nomatch nomatch + bad-packet nomatch nomatch ! bad-packet pass ! bad-packet nomatch nomatch nomatch *************** *** 139,153 **** nomatch -------- block ! block nomatch pass ! block ! nomatch ! nomatch nomatch nomatch nomatch nomatch nomatch nomatch --- 139,153 ---- nomatch -------- block ! bad-packet nomatch pass ! bad-packet nomatch nomatch + bad-packet nomatch + bad-packet nomatch nomatch nomatch diff -cr ip_fil4.1.13/test/expected/i12 ip_fil4.1.14/test/expected/i12 *** ip_fil4.1.13/test/expected/i12 Mon Nov 14 06:42:53 2005 --- ip_fil4.1.14/test/expected/i12 Mon May 15 18:39:39 2006 *************** *** 32,39 **** pass in from 10.10.10.10/32 to 11.11.11.11/32 pass in from pool/101(!) to hash/202(!) pass in from hash/303(!) to pool/404(!) ! table role = ipf type = tree number = { ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; }; ! table role = ipf type = tree number = { 1.1.0.0/16; }; pass in from pool/0(!) to pool/0(!) --- 32,39 ---- pass in from 10.10.10.10/32 to 11.11.11.11/32 pass in from pool/101(!) to hash/202(!) pass in from hash/303(!) to pool/404(!) ! table role = ipf type = tree name = { ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; }; ! table role = ipf type = tree name = { 1.1.0.0/16; }; pass in from pool/0(!) to pool/0(!) Only in ip_fil4.1.14/test/expected: ip2 diff -cr ip_fil4.1.13/test/expected/n10 ip_fil4.1.14/test/expected/n10 *** ip_fil4.1.13/test/expected/n10 Sun Mar 7 01:13:01 2004 --- ip_fil4.1.14/test/expected/n10 Mon Oct 2 02:31:09 2006 *************** *** 1,6 **** --- 1,9 ---- 4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 655d 0000 0204 0064 + ------------------------------- 4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 61d9 0000 0204 03e8 + ------------------------------- 4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 600d 0000 0204 05b4 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/n12 ip_fil4.1.14/test/expected/n12 *** ip_fil4.1.13/test/expected/n12 Sun Oct 17 15:53:56 2004 --- ip_fil4.1.14/test/expected/n12 Mon Oct 2 02:31:09 2006 *************** *** 1,4 **** --- 1,7 ---- 4510 0040 2020 4000 4006 9478 c0a8 01bc c0a8 0303 2710 0017 4e33 298e 0000 0000 b002 4000 6ff8 0000 0204 05b4 0101 0402 0103 0300 0101 080a 0c72 549e 0000 0000 + 4500 003c 00b0 4000 fe06 7964 c0a8 0303 c0a8 7e53 0017 12c2 f674 e02c 4e33 298f a012 2798 7ace 0000 0101 080a 2c05 b797 0c72 549e 0103 0300 0204 05b4 + 4510 0034 493b 4000 4006 6b69 c0a8 01bc c0a8 0303 2710 0017 4e33 298f f674 e02d 8010 4000 f673 0000 0101 080a 0c72 549e 2c05 b797 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/n8 ip_fil4.1.14/test/expected/n8 *** ip_fil4.1.13/test/expected/n8 Tue May 18 01:46:28 2004 --- ip_fil4.1.14/test/expected/n8 Mon Oct 2 02:31:09 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 0054 8bc1 0000 ff01 13d5 0a0a 0a01 0404 0404 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 8bc1 0000 ff01 13d5 0a0a 0a01 0404 0404 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/n9 ip_fil4.1.14/test/expected/n9 *** ip_fil4.1.13/test/expected/n9 Tue May 18 01:46:28 2004 --- ip_fil4.1.14/test/expected/n9 Mon Oct 2 02:31:10 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 0054 8bc1 0000 ff01 17d9 0202 0202 0a0a 0a01 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 8bc1 0000 ff01 17d9 0202 0202 0a0a 0a01 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni1 ip_fil4.1.14/test/expected/ni1 *** ip_fil4.1.13/test/expected/ni1 Tue Jun 15 02:56:22 2004 --- ip_fil4.1.14/test/expected/ni1 Mon Oct 2 02:45:37 2006 *************** *** 1,4 **** --- 1,19 ---- 4500 0028 0000 4000 0111 65b2 0606 0606 0404 0404 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3 + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 afc9 829e 0014 6b10 + 4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 afc9 829e 0014 6b10 0402 0000 3be5 468d 000a cfc3 + + 4500 0028 0001 4000 0111 65b0 0606 0607 0404 0404 4e20 829e 0014 c4b0 0402 0000 3be5 468d 000a cfc3 + + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 0800 829e 0014 12da + + 4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 0800 829e 0014 12da 0402 0000 3be5 468d 000a cfc3 + + 4500 0028 0002 4000 0111 65ae 0606 0608 0404 0404 07d0 829e 0014 0b00 0402 0000 3be5 468d 000a cfc3 + + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 ff6a 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 5000 829e 0014 22e2 + + 4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 5000 829e 0014 cad9 0402 0000 3be5 468d 000a cfc3 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni10 ip_fil4.1.14/test/expected/ni10 *** ip_fil4.1.13/test/expected/ni10 Sun Jan 9 01:32:13 2005 --- ip_fil4.1.14/test/expected/ni10 Mon Oct 2 02:45:37 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 003c 4706 4000 ff06 20a2 0404 0404 0606 0606 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 afb9 0202 0202 0404 0404 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001 + 4500 0058 0001 0000 ff01 af98 0202 0202 0404 0404 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28ab 0404 0404 0202 0201 5000 0050 0000 0001 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni11 ip_fil4.1.14/test/expected/ni11 *** ip_fil4.1.13/test/expected/ni11 Sun Jan 9 01:32:14 2005 --- ip_fil4.1.14/test/expected/ni11 Mon Oct 2 02:45:37 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 a7b9 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 + 4500 0058 0001 0000 ff01 a798 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni12 ip_fil4.1.14/test/expected/ni12 *** ip_fil4.1.13/test/expected/ni12 Sat May 22 15:40:42 2004 --- ip_fil4.1.14/test/expected/ni12 Mon Oct 2 02:45:37 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9c40 0000 0001 0000 0000 a002 16d0 3ef4 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2d1d 0303 0303 0404 0404 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 + 4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni13 ip_fil4.1.14/test/expected/ni13 *** ip_fil4.1.13/test/expected/ni13 Wed Mar 2 04:27:34 2005 --- ip_fil4.1.14/test/expected/ni13 Mon Oct 2 02:45:37 2006 *************** *** 1,32 **** 4500 0030 5e11 4000 8006 3961 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 4500 00c4 5e12 4000 8006 38cc c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 00d0 5e13 4000 8006 38bf c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 4500 0040 5e14 4000 8006 394e c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff 4500 0039 5e15 0000 802f 792b c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff 4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 4500 003c 5e16 0000 802f 7927 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 4500 0036 5e17 0000 802f 792c c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 4500 0040 5e18 4000 8006 394a c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff 4500 0038 5e19 0000 802f 7928 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 4500 003e 5e1a 0000 802f 7921 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 4500 0030 5e1b 0000 802f 792e c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 4500 0048 5e1c 0000 802f 7915 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 4500 0030 5e1d 0000 802f 792c c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 ! 4500 002a 5e1e 0000 802f 7933 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 ! 4500 0032 5e1f 0000 802f 792a c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc 4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 ------------------------------- --- 1,63 ---- 4500 0030 5e11 4000 8006 3961 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 + 4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 + 4500 00c4 5e12 4000 8006 38cc c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 5e13 4000 8006 38bf c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 5e14 4000 8006 394e c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 5e15 0000 802f 792b c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff + 4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 + 4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 5e16 0000 802f 7927 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 5e17 0000 802f 792c c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 5e18 4000 8006 394a c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 5e19 0000 802f 7928 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 5e1a 0000 802f 7921 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 5e1b 0000 802f 792e c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 + 4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + 4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 5e1c 0000 802f 7915 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 5e1d 0000 802f 792c c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 + 4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 ! ! 4500 002a 5e1e 0000 802f 7931 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 ! ! 4500 0032 5e1f 0000 802f 7928 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc ! 4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni14 ip_fil4.1.14/test/expected/ni14 *** ip_fil4.1.13/test/expected/ni14 Wed Mar 2 04:27:34 2005 --- ip_fil4.1.14/test/expected/ni14 Mon Oct 2 02:45:37 2006 *************** *** 1,32 **** 4500 0030 5e11 4000 8006 ec0b c0a8 7101 7f00 0001 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 d44b 0000 0204 05b4 0101 0402 4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 4500 00c4 5e12 4000 8006 eb76 c0a8 7101 7f00 0001 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 954b 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 00d0 5e13 4000 8006 eb69 c0a8 7101 7f00 0001 05e7 06bb abf0 4b42 a564 6977 5018 fa54 5eb2 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 4500 0040 5e14 4000 8006 ebf8 c0a8 7101 7f00 0001 05e7 06bb abf0 4bea a564 6997 5018 fa34 9abb 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff 4500 0039 5e15 0000 802f 2bd6 c0a8 7101 7f00 0001 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff 4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 4500 003c 5e16 0000 802f 2bd2 c0a8 7101 7f00 0001 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 4500 0036 5e17 0000 802f 2bd7 c0a8 7101 7f00 0001 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 ! 4500 0032 0008 0000 ff2f a594 c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 4500 0040 5e18 4000 8006 ebf4 c0a8 7101 7f00 0001 05e7 06bb abf0 4c02 a564 6997 5018 fa34 9aa3 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff 4500 0038 5e19 0000 802f 2bd3 c0a8 7101 7f00 0001 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 ! 4500 003e 0009 0000 ff2f a587 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 4500 003e 5e1a 0000 802f 2bcc c0a8 7101 7f00 0001 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 ! 4500 0044 000a 0000 ff2f a580 c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 4500 0030 5e1b 0000 802f 2bd9 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 ! 4500 002a 000b 0000 ff2f a599 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 ! 4500 002c 000c 0000 ff2f a596 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 4500 0048 5e1c 0000 802f 2bc0 c0a8 7101 7f00 0001 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 ! 4500 0042 000d 0000 ff2f a57f c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 4500 0030 5e1d 0000 802f 2bd7 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 ! 4500 0030 000e 0000 ff2f a590 c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 4500 002a 5e1e 0000 802f 2bdc c0a8 7101 7f00 0001 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 4500 0032 5e1f 0000 802f 2bd3 c0a8 7101 7f00 0001 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc ! 4500 002a 000f 0000 ff2f a595 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 ------------------------------- --- 1,63 ---- 4500 0030 5e11 4000 8006 ec0b c0a8 7101 7f00 0001 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 d44b 0000 0204 05b4 0101 0402 + 4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 + 4500 00c4 5e12 4000 8006 eb76 c0a8 7101 7f00 0001 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 954b 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 5e13 4000 8006 eb69 c0a8 7101 7f00 0001 05e7 06bb abf0 4b42 a564 6977 5018 fa54 5eb2 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 5e14 4000 8006 ebf8 c0a8 7101 7f00 0001 05e7 06bb abf0 4bea a564 6997 5018 fa34 9abb 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 5e15 0000 802f 2bd6 c0a8 7101 7f00 0001 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff + 4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 + 4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 5e16 0000 802f 2bd2 c0a8 7101 7f00 0001 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 5e17 0000 802f 2bd7 c0a8 7101 7f00 0001 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 ! ! 4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 ! 4500 0040 5e18 4000 8006 ebf4 c0a8 7101 7f00 0001 05e7 06bb abf0 4c02 a564 6997 5018 fa34 9aa3 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 5e19 0000 802f 2bd3 c0a8 7101 7f00 0001 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 ! ! 4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 ! 4500 003e 5e1a 0000 802f 2bcc c0a8 7101 7f00 0001 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 ! ! 4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 ! 4500 0030 5e1b 0000 802f 2bd9 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 ! ! 4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 ! ! 4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 ! 4500 0048 5e1c 0000 802f 2bc0 c0a8 7101 7f00 0001 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 ! ! 4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 ! 4500 0030 5e1d 0000 802f 2bd7 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 ! ! 4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 ! 4500 002a 5e1e 0000 802f 2bdc c0a8 7101 7f00 0001 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 + 4500 0032 5e1f 0000 802f 2bd3 c0a8 7101 7f00 0001 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc ! ! 4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 ! ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni15 ip_fil4.1.14/test/expected/ni15 *** ip_fil4.1.13/test/expected/ni15 Wed Mar 2 04:27:34 2005 --- ip_fil4.1.14/test/expected/ni15 Mon Oct 2 02:45:37 2006 *************** *** 1,32 **** --- 1,63 ---- 4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 + 4500 002c 69a6 4000 4006 6dd0 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 + 4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 69a7 4000 4006 6d37 c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 69a8 4000 4006 6db2 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 69a9 0000 ff2f eeaf c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff + 4500 0028 69aa 4000 4006 6dd0 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 + 4500 0038 69ab 0000 ff2f ee95 c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 69ac 0000 ff2f ee9d c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 69ad 0000 ff2f ee91 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 0032 69ae 0000 ff2f ee98 c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 69af 0000 ff2f ee8b c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0044 69b0 0000 ff2f ee84 c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 + 4500 002a 69b1 0000 ff2f ee9d c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + 4500 002c 69b2 0000 ff2f ee9a c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0042 69b3 0000 ff2f ee83 c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 + 4500 0030 69b4 0000 ff2f ee94 c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 + 4500 002a 000d 0000 802f d742 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 + 4500 0032 000e 0000 802f d739 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc + 4500 002a 69b5 0000 ff2f ee99 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni16 ip_fil4.1.14/test/expected/ni16 *** ip_fil4.1.13/test/expected/ni16 Wed Mar 2 04:27:34 2005 --- ip_fil4.1.14/test/expected/ni16 Mon Oct 2 02:45:37 2006 *************** *** 1,32 **** 4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 4500 002c 69a6 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 68da abf0 4aa6 6012 8000 c8ee 0000 0204 05b4 4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 00c4 69a7 4000 4006 92dd c0a8 7103 0a02 0202 06bb 05e7 a564 68db abf0 4b42 5018 832c f475 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 0048 69a8 4000 4006 9358 c0a8 7103 0a02 0202 06bb 05e7 a564 6977 abf0 4bea 5018 832c 5ca0 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff 4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 4500 0020 69a9 0000 ff2f 1456 c0a8 7103 0a02 0202 2081 880b 0000 4000 ffff ffff 4500 0028 69aa 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 6997 abf0 4c02 5010 832c db67 0000 4500 0038 69ab 0000 ff2f 143c c0a8 7103 0a02 0202 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 4500 002f 69ac 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 4500 003a 69ad 0000 ff2f 1438 c0a8 7103 0a02 0202 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 4500 0032 69ae 0000 ff2f 143f c0a8 7103 0a02 0202 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff 4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 4500 003e 69af 0000 ff2f 1432 c0a8 7103 0a02 0202 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 4500 0044 69b0 0000 ff2f 142b c0a8 7103 0a02 0202 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 4500 002a 69b1 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 4500 002c 69b2 0000 ff2f 1441 c0a8 7103 0a02 0202 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 4500 0042 69b3 0000 ff2f 142a c0a8 7103 0a02 0202 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 4500 0030 69b4 0000 ff2f 143b c0a8 7103 0a02 0202 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 ! 4500 002a 000d 0000 802f d744 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 ! 4500 0032 000e 0000 802f d73b c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc 4500 002a 69b5 0000 ff2f 1440 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 ------------------------------- --- 1,63 ---- 4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 + 4500 002c 69a6 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 68da abf0 4aa6 6012 8000 c8ee 0000 0204 05b4 + 4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 69a7 4000 4006 92dd c0a8 7103 0a02 0202 06bb 05e7 a564 68db abf0 4b42 5018 832c f475 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 69a8 4000 4006 9358 c0a8 7103 0a02 0202 06bb 05e7 a564 6977 abf0 4bea 5018 832c 5ca0 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 69a9 0000 ff2f 1456 c0a8 7103 0a02 0202 2081 880b 0000 4000 ffff ffff + 4500 0028 69aa 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 6997 abf0 4c02 5010 832c db67 0000 + 4500 0038 69ab 0000 ff2f 143c c0a8 7103 0a02 0202 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 69ac 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 69ad 0000 ff2f 1438 c0a8 7103 0a02 0202 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 0032 69ae 0000 ff2f 143f c0a8 7103 0a02 0202 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 69af 0000 ff2f 1432 c0a8 7103 0a02 0202 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0044 69b0 0000 ff2f 142b c0a8 7103 0a02 0202 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 + 4500 002a 69b1 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + 4500 002c 69b2 0000 ff2f 1441 c0a8 7103 0a02 0202 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0042 69b3 0000 ff2f 142a c0a8 7103 0a02 0202 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 + 4500 0030 69b4 0000 ff2f 143b c0a8 7103 0a02 0202 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 ! ! 4500 002a 000d 0000 802f d742 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 ! ! 4500 0032 000e 0000 802f d739 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc ! 4500 002a 69b5 0000 ff2f 1440 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni19 ip_fil4.1.14/test/expected/ni19 *** ip_fil4.1.13/test/expected/ni19 Mon Dec 19 01:39:16 2005 --- ip_fil4.1.14/test/expected/ni19 Mon Oct 2 02:45:37 2006 *************** *** 1,25 **** --- 1,49 ---- 4500 0040 e3fc 4000 4006 40b5 0a01 0101 0a01 0104 03f1 0202 6523 90b2 0000 0000 b002 8000 a431 0000 0204 05b4 0103 0300 0402 0101 0101 080a 0000 0000 0000 0000 + 4500 0034 0000 4000 4006 fe13 0a01 0104 c0a8 7103 0202 03f1 915a a5c4 6523 90b3 8012 16d0 e89c 0000 0204 05b4 0101 0402 0103 0302 + 4500 0028 e3fd 4000 4006 40cc 0a01 0101 0a01 0104 03f1 0202 6523 90b3 915a a5c5 5010 832c e3b7 0000 + 4500 002d e3fe 4000 4006 40c6 0a01 0101 0a01 0104 03f1 0202 6523 90b3 915a a5c5 5018 832c 8242 0000 3130 3038 00 + 4500 0028 7ce5 4000 4006 813a 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90b8 5010 05b4 3a81 0000 + 4500 003c 1186 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a2 0000 0000 a002 16d0 b8c0 0000 0204 05b4 0402 080a 0039 d924 0000 0000 0103 0302 + 4500 0040 e3ff 4000 4006 40b2 0a01 0101 0a01 0104 03f0 03ff 66e5 b810 91d4 c8a3 b012 8000 452f 0000 0204 05b4 0103 0300 0101 080a 0000 0000 0039 d924 0402 0101 + 4500 0034 1188 4000 4006 ec8b 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8010 05b4 d99b 0000 0101 080a 0039 d925 0000 0000 + 4500 0030 e400 4000 4006 40c1 0a01 0101 0a01 0104 03f1 0202 6523 90b8 915a a5c5 5018 832c 3560 0000 6461 7272 656e 7200 + 4500 0028 7ce7 4000 4006 8138 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90c0 5010 05b4 3a79 0000 + 4500 0053 e401 4000 4006 409d 0a01 0101 0a01 0104 03f1 0202 6523 90c0 915a a5c5 5018 832c cce7 0000 6461 7272 656e 7200 7368 202d 6320 2265 6368 6f20 666f 6f20 3e26 313b 2065 6368 6f20 6261 7220 3e26 3222 00 + 4500 0028 7ce9 4000 4006 8136 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5010 05b4 3a4e 0000 + 4500 0029 7ceb 4000 4006 8133 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5018 05b4 3a45 0000 00 + 4500 0028 e403 4000 4006 40c6 0a01 0101 0a01 0104 03f1 0202 6523 90eb 915a a5c6 5010 832c e37e 0000 + 4500 002c 7ced 4000 4006 812e 0a01 0104 c0a8 7103 0202 03f1 915a a5c6 6523 90eb 5018 05b4 64c7 0000 666f 6f0a + 4500 0038 118a 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8018 05b4 00dd 0000 0101 080a 0039 dd6c 0000 0000 6261 720a + 4500 0028 7cef 4000 4006 8130 0a01 0104 c0a8 7103 0202 03f1 915a a5ca 6523 90eb 5011 05b4 3a48 0000 + 4500 0034 118c 4000 4006 ec87 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a7 66e5 b811 8011 05b4 d54e 0000 0101 080a 0039 dd6d 0000 0000 + 4500 0028 e404 4000 4006 1a1b c0a8 7103 0a01 0104 03f1 0202 6523 90eb 915a a5cb 5010 8328 bcd3 0000 + 4500 0034 e405 4000 4006 1a0e c0a8 7103 0a01 0104 03f0 03ff 66e5 b811 91d4 c8a8 8010 8328 57d7 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 e40a 4000 4006 1a15 c0a8 7103 0a01 0104 03f1 0202 6523 90eb 915a a5cb 5011 832c bcce 0000 + 4500 0034 e40b 4000 4006 1a08 c0a8 7103 0a01 0104 03f0 03ff 66e5 b811 91d4 c8a8 8011 832c 57d2 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 0004 4000 4006 fe1b 0a01 0104 c0a8 7103 0202 03f1 915a a5cb 6523 90ec 5010 05b4 3a47 0000 + 4500 0034 118e 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a8 66e5 b812 8010 05b4 d548 0000 0101 080a 0039 dd6e 0000 0004 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni2 ip_fil4.1.14/test/expected/ni2 *** ip_fil4.1.13/test/expected/ni2 Tue May 18 01:46:29 2004 --- ip_fil4.1.14/test/expected/ni2 Mon Oct 2 02:45:37 2006 *************** *** 1,10 **** 4510 002c 0000 4000 3e06 78df 0101 0101 c0a8 0133 9c40 0077 a664 2485 0000 0000 6002 4000 2ca8 0000 0204 05b4 4500 002c ce83 4000 7e06 606b c0a8 0133 0a01 0201 0077 05f6 fbdf 1a21 a664 2486 6012 2238 c0a8 0000 0204 05b4 4510 0028 0001 4000 3e06 78e2 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a22 5010 4470 29e3 0000 4500 005b cf83 4000 7e06 5f3c c0a8 0133 0a01 0201 0077 05f6 fbdf 1a22 a664 2486 5018 2238 ce2a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0a 4510 0028 0002 4000 3e06 78e1 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5010 4470 29b0 0000 4510 002e 0003 4000 3e06 78da 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5018 4470 1c98 0000 0000 0000 0d0a 4500 0048 e383 4000 7e06 4b4f c0a8 0133 0a01 0201 0077 05f6 fbdf 1a55 a664 248c 5018 2232 d80a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201 0077 05f6 fbdf 1a75 a664 248c 5010 2232 9f2d 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3331 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ! 4500 0038 0004 4000 4001 76e4 0101 0101 c0a8 0133 0304 444f 0000 05a0 4500 05dc e483 4000 7e06 4ebb c0a8 0133 0101 0101 0077 9c40 fbdf 1a75 ------------------------------- --- 1,19 ---- 4510 002c 0000 4000 3e06 78df 0101 0101 c0a8 0133 9c40 0077 a664 2485 0000 0000 6002 4000 2ca8 0000 0204 05b4 + 4500 002c ce83 4000 7e06 606b c0a8 0133 0a01 0201 0077 05f6 fbdf 1a21 a664 2486 6012 2238 c0a8 0000 0204 05b4 + 4510 0028 0001 4000 3e06 78e2 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a22 5010 4470 29e3 0000 + 4500 005b cf83 4000 7e06 5f3c c0a8 0133 0a01 0201 0077 05f6 fbdf 1a22 a664 2486 5018 2238 ce2a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0a + 4510 0028 0002 4000 3e06 78e1 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5010 4470 29b0 0000 + 4510 002e 0003 4000 3e06 78da 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5018 4470 1c98 0000 0000 0000 0d0a + 4500 0048 e383 4000 7e06 4b4f c0a8 0133 0a01 0201 0077 05f6 fbdf 1a55 a664 248c 5018 2232 d80a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201 0077 05f6 fbdf 1a75 a664 248c 5010 2232 9f2d 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3331 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ! ! 4500 0038 0004 4000 4001 76e4 0101 0101 c0a8 0133 0304 d51a 0000 05a0 4500 05dc e483 4000 7e06 fa94 0a01 0201 0a01 0201 05f6 05f6 fbdf 1a75 ! ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni20 ip_fil4.1.14/test/expected/ni20 *** ip_fil4.1.13/test/expected/ni20 Mon Dec 19 01:39:16 2005 --- ip_fil4.1.14/test/expected/ni20 Mon Oct 2 02:45:37 2006 *************** *** 1,25 **** --- 1,49 ---- 4500 0040 e3fc 4000 4006 f362 c0a8 7103 c0a8 7104 03f1 0202 6523 90b2 0000 0000 b002 8000 56df 0000 0204 05b4 0103 0300 0402 0101 0101 080a 0000 0000 0000 0000 + 4500 0034 0000 4000 4006 fe13 0a01 0104 c0a8 7103 0202 03f1 915a a5c4 6523 90b3 8012 16d0 e89c 0000 0204 05b4 0101 0402 0103 0302 + 4500 0028 e3fd 4000 4006 f379 c0a8 7103 c0a8 7104 03f1 0202 6523 90b3 915a a5c5 5010 832c 9665 0000 + 4500 002d e3fe 4000 4006 f373 c0a8 7103 c0a8 7104 03f1 0202 6523 90b3 915a a5c5 5018 832c 34f0 0000 3130 3038 00 + 4500 0028 7ce5 4000 4006 813a 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90b8 5010 05b4 3a81 0000 + 4500 003c 1186 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a2 0000 0000 a002 16d0 b8c0 0000 0204 05b4 0402 080a 0039 d924 0000 0000 0103 0302 + 4500 0040 e3ff 4000 4006 f35f c0a8 7103 c0a8 7104 03f0 03ff 66e5 b810 91d4 c8a3 b012 8000 f7dc 0000 0204 05b4 0103 0300 0101 080a 0000 0000 0039 d924 0402 0101 + 4500 0034 1188 4000 4006 ec8b 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8010 05b4 d99b 0000 0101 080a 0039 d925 0000 0000 + 4500 0030 e400 4000 4006 f36e c0a8 7103 c0a8 7104 03f1 0202 6523 90b8 915a a5c5 5018 832c e80d 0000 6461 7272 656e 7200 + 4500 0028 7ce7 4000 4006 8138 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90c0 5010 05b4 3a79 0000 + 4500 0053 e401 4000 4006 f34a c0a8 7103 c0a8 7104 03f1 0202 6523 90c0 915a a5c5 5018 832c 7f95 0000 6461 7272 656e 7200 7368 202d 6320 2265 6368 6f20 666f 6f20 3e26 313b 2065 6368 6f20 6261 7220 3e26 3222 00 + 4500 0028 7ce9 4000 4006 8136 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5010 05b4 3a4e 0000 + 4500 0029 7ceb 4000 4006 8133 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5018 05b4 3a45 0000 00 + 4500 0028 e403 4000 4006 f373 c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5c6 5010 832c 962c 0000 + 4500 002c 7ced 4000 4006 812e 0a01 0104 c0a8 7103 0202 03f1 915a a5c6 6523 90eb 5018 05b4 64c7 0000 666f 6f0a + 4500 0038 118a 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8018 05b4 00dd 0000 0101 080a 0039 dd6c 0000 0000 6261 720a + 4500 0028 7cef 4000 4006 8130 0a01 0104 c0a8 7103 0202 03f1 915a a5ca 6523 90eb 5011 05b4 3a48 0000 + 4500 0034 118c 4000 4006 ec87 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a7 66e5 b811 8011 05b4 d54e 0000 0101 080a 0039 dd6d 0000 0000 + 4500 0028 e404 4000 4006 f372 c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5cb 5010 8328 962b 0000 + 4500 0034 e405 4000 4006 f365 c0a8 7103 c0a8 7104 03f0 03ff 66e5 b811 91d4 c8a8 8010 8328 312f 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 e40a 4000 4006 f36c c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5cb 5011 832c 9626 0000 + 4500 0034 e40b 4000 4006 f35f c0a8 7103 c0a8 7104 03f0 03ff 66e5 b811 91d4 c8a8 8011 832c 312a 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 0004 4000 4006 d773 c0a8 7104 c0a8 7103 0202 03f1 915a a5cb 6523 90ec 5010 05b4 139f 0000 + 4500 0034 118e 4000 4006 c5dd c0a8 7104 c0a8 7103 03ff 03f0 91d4 c8a8 66e5 b812 8010 05b4 aea0 0000 0101 080a 0039 dd6e 0000 0004 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni3 ip_fil4.1.14/test/expected/ni3 *** ip_fil4.1.13/test/expected/ni3 Tue May 18 01:46:29 2004 --- ip_fil4.1.14/test/expected/ni3 Mon Oct 2 02:45:37 2006 *************** *** 1,4 **** --- 1,7 ---- 4500 003c 0000 4000 ff06 67a8 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 + 4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni4 ip_fil4.1.14/test/expected/ni4 *** ip_fil4.1.13/test/expected/ni4 Tue May 18 01:46:29 2004 --- ip_fil4.1.14/test/expected/ni4 Mon Oct 2 02:45:37 2006 *************** *** 1,4 **** --- 1,7 ---- 4500 003c 0000 4000 ff06 67a8 0606 0606 0404 0404 9c40 0050 0000 0001 0000 0000 a002 16d0 849a 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 + 4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni5 ip_fil4.1.14/test/expected/ni5 *** ip_fil4.1.13/test/expected/ni5 Sun Mar 13 06:56:39 2005 --- ip_fil4.1.14/test/expected/ni5 Mon Oct 2 02:45:37 2006 *************** *** 1,47 **** --- 1,93 ---- 4500 002c 0000 4000 ff06 02fc 0101 0101 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 f5a2 0000 0204 05b4 + 4500 002c ffdd 4000 ef06 5374 96cb e002 c0a8 0103 0015 8032 3786 76c4 bd6b c9c9 6012 269c 8369 0000 0204 0584 + 4500 0028 0001 4000 ff06 02ff 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000 + 4500 006f ffde 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 76c5 bd6b c9c9 5018 269c 967e 0000 3232 302d 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 7520 4e63 4654 5064 2053 6572 7665 7220 2866 7265 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a + 4500 0028 0002 4000 ff06 02fe 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000 + 4500 00c7 ffdf 4000 ef06 52d7 96cb e002 c0a8 0103 0015 8032 3786 770c bd6b c9c9 5018 269c 1087 0000 3232 302d 0d0a 3232 302d 4d61 696e 7461 696e 6564 2062 7920 5253 5353 2061 6e64 2052 5350 4153 2049 5420 5374 6166 6620 2870 7265 7669 6f75 736c 7920 6b6e 6f77 6e20 6173 2043 6f6f 6d62 7320 436f 6d70 7574 696e 6720 556e 6974 290d 0a32 3230 2d41 6e79 2070 726f 626c 656d 7320 636f 6e74 6163 7420 6674 706d 6173 7465 7240 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a + 4500 0028 0003 4000 ff06 02fd 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000 + 4500 0038 0004 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a + 4500 0028 ffe0 4000 ef06 5375 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5010 269c 9a00 0000 + 4500 006c ffe1 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5018 269c b00f 0000 3333 3120 4775 6573 7420 6c6f 6769 6e20 6f6b 2c20 7365 6e64 2079 6f75 7220 636f 6d70 6c65 7465 2065 2d6d 6169 6c20 6164 6472 6573 7320 6173 2070 6173 7377 6f72 642e 0d0a + 4500 0028 0005 4000 ff06 02fb 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5010 269c 5966 0000 + 4500 0036 0006 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5018 269c 373f 0000 5041 5353 2061 7661 6c6f 6e40 0d0a + 4500 005f ffe2 4000 ef06 533c 96cb e002 c0a8 0103 0015 8032 3786 77ef bd6b c9e7 5018 269c 895e 0000 3233 302d 596f 7520 6172 6520 7573 6572 2023 3420 6f66 2035 3020 7369 6d75 6c74 616e 656f 7573 2075 7365 7273 2061 6c6c 6f77 6564 2e0d 0a + 4500 0028 0007 4000 ff06 02f9 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7826 5010 269c 5921 0000 + 4500 0099 ffe3 4000 ef06 5301 96cb e002 c0a8 0103 0015 8032 3786 7826 bd6b c9e7 5018 269c d399 0000 3233 302d 0d0a 3233 302d 0d0a 3233 302d 4869 2e20 2057 6527 7265 2063 6c65 616e 696e 6720 7570 2e20 2041 6e79 2066 6565 6462 6163 6b20 6d6f 7374 2077 656c 636f 6d65 2e20 3130 2041 7567 2030 300d 0a32 3330 2d0d 0a32 3330 204c 6f67 6765 6420 696e 2061 6e6f 6e79 6d6f 7573 6c79 2e0d 0a + 4500 0028 0008 4000 ff06 02f8 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5010 269c 58b0 0000 + 4500 0030 0009 4000 ff06 02ef 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5018 269c 86ae 0000 5459 5045 2049 0d0a + 4500 0038 ffe4 4000 ef06 5361 96cb e002 c0a8 0103 0015 8032 3786 7897 bd6b c9ef 5018 269c 5fae 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a + 4500 0028 000a 4000 ff06 02f6 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5010 269c 5898 0000 + 4500 003d 000b 4000 ff06 02e0 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5018 269c 4b67 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 310d 0a + 4500 0046 ffe5 4000 ef06 5352 96cb e002 c0a8 0103 0015 8032 3786 78a7 bd6b ca0c 5018 269c dbc3 0000 3230 3020 504f 5254 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a + 4500 0030 000c 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b ca04 3786 78c5 5018 269c 866b 0000 5459 5045 2041 0d0a + 4500 0038 ffe6 4000 ef06 535f 96cb e002 c0a8 0103 0015 8032 3786 78c5 bd6b ca14 5018 269c 5f5b 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a + 4500 002e 000d 4000 ff06 02ed 0101 0101 96cb e002 8032 0015 bd6b ca0c 3786 78d5 5018 269c a994 0000 4e4c 5354 0d0a + 4500 002c ffe7 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 11d4 0000 0000 6002 2238 d190 0000 0204 0584 + 4500 002c 000e 4000 ff06 02ee 0101 0101 96cb e002 8033 0014 bd78 5c12 d9f8 11d5 6012 02f8 96de 0000 0204 0584 + 4500 0028 ffe8 4000 ef06 536d 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5010 269c cb1d 0000 + 4500 005d ffe9 4000 ef06 5337 96cb e002 c0a8 0103 0015 8032 3786 78d5 bd6b ca1a 5018 269c eed0 0000 3135 3020 4f70 656e 696e 6720 4153 4349 4920 6d6f 6465 2064 6174 6120 636f 6e6e 6563 7469 6f6e 2066 6f72 202f 6269 6e2f 6c73 2e0d 0a + 4500 0028 000f 4000 ff06 02f1 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 11d5 5010 6348 4e1b 0000 + 4500 0063 ffea 4000 ef06 5330 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5018 269c a315 0000 636f 6f6d 6273 7061 7065 7273 0d0a 6465 7074 730d 0a66 6f75 6e64 2d66 696c 6573 0d0a 696e 636f 6d69 6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075 620d 0a + 4500 0028 0010 4000 ff06 02f0 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 1210 5010 6348 4de0 0000 + 4500 0028 ffeb 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 1210 bd78 5c13 5011 269c cae1 0000 + 4500 0028 10da 4000 ff06 327c c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000 + 4500 0028 10db 4000 ff06 327b c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000 + 4500 0028 ffec 4000 ef06 5369 96cb e002 c0a8 0103 0014 8033 d9f8 1211 bd78 5c14 5010 269c cae0 0000 + 4500 0028 0011 4000 ff06 02ef 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 790a 5010 269c 5812 0000 + 4500 0040 ffed 4000 ef06 5350 96cb e002 c0a8 0103 0015 8032 3786 790a bd6b ca1a 5018 269c 7c9e 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a + 4500 0030 0012 4000 ff06 02e6 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 7922 5018 269c 85f8 0000 5459 5045 2049 0d0a + 4500 0038 ffee 4000 ef06 5357 96cb e002 c0a8 0103 0015 8032 3786 7922 bd6b ca22 5018 269c 5ef0 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a + 4500 0028 0013 4000 ff06 02ed 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5010 269c 57e2 0000 + 4500 002e 0014 4000 ff06 02e6 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5018 269c b020 0000 5155 4954 0d0a + 4500 0036 ffef 4000 ef06 5358 96cb e002 c0a8 0103 0015 8032 3786 7932 bd6b ca28 5018 269c a93c 0000 3232 3120 476f 6f64 6279 652e 0d0a + 4500 0028 0015 4000 ff06 02eb 0101 0101 96cb e002 8032 0015 bd6b ca20 3786 7940 5011 269c 57cd 0000 + 4500 0028 fff0 4000 ef06 5365 96cb e002 c0a8 0103 0015 8032 3786 7940 bd6b ca28 5011 269c 981b 0000 + 4500 0028 10e1 4000 ff06 3275 c0a8 0103 96cb e002 8032 0015 bd6b ca25 3786 7941 5010 269c 981e 0000 + 4500 0028 fff1 4000 ef06 5364 96cb e002 c0a8 0103 0015 8032 3786 7941 bd6b ca29 5010 269c 981a 0000 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni6 ip_fil4.1.14/test/expected/ni6 *** ip_fil4.1.13/test/expected/ni6 Tue May 18 01:46:30 2004 --- ip_fil4.1.14/test/expected/ni6 Mon Oct 2 02:45:37 2006 *************** *** 1,9 **** --- 1,17 ---- 4500 0054 cd8a 4000 ff11 1fbb c0a8 0601 c0a8 0701 8075 006f 0040 d26e 3e1d d249 0000 0000 0000 0002 0001 86a0 0000 0002 0000 0003 0000 0000 0000 0000 0000 0000 0000 0000 0001 86a3 0000 0003 0000 0011 0000 0000 + 4500 0054 0000 4000 ff11 ec44 c0a8 0702 c0a8 0701 8075 006f 0040 d16d 3e1d d249 0000 0000 0000 0002 0001 86a0 0000 0002 0000 0003 0000 0000 0000 0000 0000 0000 0000 0000 0001 86a3 0000 0003 0000 0011 0000 0000 + 4500 0038 cd83 4000 ff11 1fde c0a8 0701 c0a8 0601 006f 8075 0024 d805 3e1d d249 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0801 + 4500 0038 0001 4000 ff11 ee5f c0a8 0602 c0a8 0601 006f 8075 0024 d904 3e1d d249 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0801 + 4500 0044 d5a6 4000 ff11 17af c0a8 0601 c0a8 0701 80df 0801 0030 03f1 3e10 1fb1 0000 0000 0000 0002 0001 86a3 0000 0002 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0044 0002 4000 ff11 ec52 c0a8 0702 c0a8 0701 80df 0801 0030 02f0 3e10 1fb1 0000 0000 0000 0002 0001 86a3 0000 0002 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0034 0000 4000 fe11 ee65 c0a8 0701 c0a8 0601 0801 80df 0020 8ab8 3e10 1fb1 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0034 0003 4000 fe11 ef61 c0a8 0602 c0a8 0601 0801 80df 0020 0000 3e10 1fb1 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni7 ip_fil4.1.14/test/expected/ni7 *** ip_fil4.1.13/test/expected/ni7 Tue Jun 15 02:56:22 2004 --- ip_fil4.1.14/test/expected/ni7 Mon Oct 2 02:45:37 2006 *************** *** 1,3 **** --- 1,5 ---- 4500 0028 4706 4000 0111 1eac 0404 0404 0606 0606 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3 + 4500 0038 0000 0000 ff01 afb9 0202 0202 0404 0404 0b00 f91c 0000 0000 4500 0028 4706 4000 0111 26b4 0404 0404 0202 0202 afc9 829e 0014 c966 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni8 ip_fil4.1.14/test/expected/ni8 *** ip_fil4.1.13/test/expected/ni8 Sat May 22 15:40:42 2004 --- ip_fil4.1.14/test/expected/ni8 Mon Oct 2 02:45:37 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 a7b9 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 + 4500 0058 0001 0000 ff01 a798 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0002 0000 ff01 abb3 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/ni9 ip_fil4.1.14/test/expected/ni9 *** ip_fil4.1.13/test/expected/ni9 Sat May 22 15:40:43 2004 --- ip_fil4.1.14/test/expected/ni9 Mon Oct 2 02:45:37 2006 *************** *** 1,5 **** --- 1,9 ---- 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9c40 0000 0001 0000 0000 a002 16d0 3ef4 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 adb7 0303 0303 0404 0404 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 + 4500 0058 0001 0000 ff01 ad96 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0002 0000 ff01 abb3 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff -cr ip_fil4.1.13/test/expected/p2 ip_fil4.1.14/test/expected/p2 *** ip_fil4.1.13/test/expected/p2 Mon Nov 14 06:42:56 2005 --- ip_fil4.1.14/test/expected/p2 Fri Jul 14 16:12:28 2006 *************** *** 16,25 **** List of configured hash tables # 'anonymous' table table role = ipf type = hash number = 2147483650 size = 3 ! { 4.4.0.0/16; 127.0.0.1/32; }; # 'anonymous' table table role = ipf type = hash number = 2147483649 size = 3 ! { 4.4.0.0/16; 127.0.0.1/32; }; List of groups configured (set 0) List of groups configured (set 1) ------------------------------- --- 16,25 ---- List of configured hash tables # 'anonymous' table table role = ipf type = hash number = 2147483650 size = 3 ! { 127.0.0.1/32; 4.4.0.0/16; }; # 'anonymous' table table role = ipf type = hash number = 2147483649 size = 3 ! { 127.0.0.1/32; 4.4.0.0/16; }; List of groups configured (set 0) List of groups configured (set 1) ------------------------------- Only in ip_fil4.1.14/test/expected: p5 diff -cr ip_fil4.1.13/test/input/f13 ip_fil4.1.14/test/input/f13 *** ip_fil4.1.13/test/input/f13 Sun Dec 4 20:31:04 2005 --- ip_fil4.1.14/test/input/f13 Mon Oct 2 01:49:59 2006 *************** *** 1,3 **** --- 1,4 ---- + # This checksum is deliberately incorrect. # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN [in] 4500 0028 0001 4000 3f06 36cc 0101 0101 0201 0101 *************** *** 16,22 **** # 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN [in] 4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101 ! 0400 0019 7000 0000 0000 0000 5002 2000 0000 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0 [in] --- 17,23 ---- # 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN [in] 4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101 ! 0400 0019 7000 0000 0000 0000 5002 2000 16c6 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0 [in] Only in ip_fil4.1.14/test/input: ip2.data diff -cr ip_fil4.1.13/test/input/ni1 ip_fil4.1.14/test/input/ni1 *** ip_fil4.1.13/test/input/ni1 Tue Jun 15 02:56:21 2004 --- ip_fil4.1.14/test/input/ni1 Sun Oct 1 09:29:04 2006 *************** *** 18,20 **** --- 18,56 ---- afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3 + [out,df0] + 4500 0028 4706 4000 0111 26b4 0202 0202 + 0404 0404 0800 829e 0014 12da 0402 0000 + 3be5 468d 000a cfc3 + + [in,df0] + 4500 0038 809a 0000 ff01 2918 0303 0303 + 0606 0607 0b00 5f7c 0000 0000 + 4500 0028 0000 4000 0111 65b1 0606 0607 0404 0404 + 4e20 829e 0014 c4b0 + + [in,df0] + 4500 0044 809a 0000 ff01 290c 0303 0303 + 0606 0607 0b00 093a 0000 0000 + 4500 0028 0000 4000 0111 65b1 0606 0607 0404 0404 + 4e20 829e 0014 c4b0 + 0402 0000 3be5 468d 000a cfc3 + + [out,df0] + 4500 0028 4706 4000 0111 26b4 0202 0202 + 0404 0404 5000 829e 0014 cad9 0402 0000 + 3be5 468d 000a cfc3 + + [in,df0] + 4500 0038 809a 0000 ff01 2917 0303 0303 + 0606 0608 0b00 0775 0000 0000 + 4500 0028 0000 4000 0111 65b0 0606 0608 0404 0404 + 07d0 829e 0014 6308 + + [in,df0] + 4500 0044 809a 0000 ff01 290b 0303 0303 + 0606 0608 0b00 093b 0000 0000 + 4500 0028 0000 4000 0111 65b0 0606 0608 0404 0404 + 07d0 829e 0014 0b00 + 0402 0000 3be5 468d 000a cfc3 + diff -cr ip_fil4.1.13/test/input/ni13 ip_fil4.1.14/test/input/ni13 *** ip_fil4.1.13/test/input/ni13 Wed Mar 2 04:27:34 2005 --- ip_fil4.1.14/test/input/ni13 Sun Oct 1 09:29:04 2006 *************** *** 216,228 **** # 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1) [in,pcn1] ! 4500 002a 5e1e 0000 802f 7933 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 0000 0000 # 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6) [in,pcn1] ! 4500 0032 5e1f 0000 802f 792a c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc --- 216,228 ---- # 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1) [in,pcn1] ! 4500 002a 5e1e 0000 802f 7931 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 0000 0000 # 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6) [in,pcn1] ! 4500 0032 5e1f 0000 802f 7928 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc diff -cr ip_fil4.1.13/test/input/ni14 ip_fil4.1.14/test/input/ni14 *** ip_fil4.1.13/test/input/ni14 Wed Mar 2 04:27:35 2005 --- ip_fil4.1.14/test/input/ni14 Sun Oct 1 09:29:04 2006 *************** *** 127,133 **** # 23:18:36.564803 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:3 ppp: IPCP 18: Conf-Req(1), IP-Addr=192.168.0.1, IP-Comp VJ-Comp [out,pcn1] ! 4500 0032 69ae 0000 ff2f ee98 7f00 0001 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 --- 127,133 ---- # 23:18:36.564803 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:3 ppp: IPCP 18: Conf-Req(1), IP-Addr=192.168.0.1, IP-Comp VJ-Comp [out,pcn1] ! 4500 0032 69ae 0000 ff2f a143 7f00 0001 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 *************** *** 148,154 **** # 23:18:36.573856 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:4 A:3 ppp: LCP 26: Code-Rej(2) [out,pcn1] ! 4500 003e 69af 0000 ff2f ee8b 7f00 0001 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 --- 148,154 ---- # 23:18:36.573856 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:4 A:3 ppp: LCP 26: Code-Rej(2) [out,pcn1] ! 4500 003e 69af 0000 ff2f a136 7f00 0001 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 *************** *** 162,168 **** # 23:18:36.585562 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:5 A:4 ppp: LCP 32: Code-Rej(3) [out,pcn1] ! 4500 0044 69b0 0000 ff2f ee84 7f00 0001 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 --- 162,168 ---- # 23:18:36.585562 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:5 A:4 ppp: LCP 32: Code-Rej(3) [out,pcn1] ! 4500 0044 69b0 0000 ff2f a12f 7f00 0001 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 *************** *** 176,188 **** # 23:18:36.589445 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:6 A:5 ppp: CCP 6: Conf-Req(1) [out,pcn1] ! 4500 002a 69b1 0000 ff2f ee9d 7f00 0001 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 # 23:18:36.589540 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:7 ppp: CCP 12: Conf-Rej(4), MPPC [out,pcn1] ! 4500 002c 69b2 0000 ff2f ee9a 7f00 0001 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 --- 176,188 ---- # 23:18:36.589445 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:6 A:5 ppp: CCP 6: Conf-Req(1) [out,pcn1] ! 4500 002a 69b1 0000 ff2f a148 7f00 0001 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 # 23:18:36.589540 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:7 ppp: CCP 12: Conf-Rej(4), MPPC [out,pcn1] ! 4500 002c 69b2 0000 ff2f a145 7f00 0001 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 *************** *** 196,202 **** # 23:18:36.590489 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:8 A:6 ppp: IPCP 30: Conf-Rej(5), Pri-DNS=0.0.0.0, Pri-NBNS=0.0.0.0, Sec-DNS=0.0.0.0, Sec-NBNS=0.0.0.0 [out,pcn1] ! 4500 0042 69b3 0000 ff2f ee83 7f00 0001 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 --- 196,202 ---- # 23:18:36.590489 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:8 A:6 ppp: IPCP 30: Conf-Rej(5), Pri-DNS=0.0.0.0, Pri-NBNS=0.0.0.0, Sec-DNS=0.0.0.0, Sec-NBNS=0.0.0.0 [out,pcn1] ! 4500 0042 69b3 0000 ff2f a12e 7f00 0001 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 *************** *** 210,216 **** # 23:18:36.593819 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:9 A:7 ppp: IPCP 12: Conf-Req(2), IP-Addr=192.168.0.1 [out,pcn1] ! 4500 0030 69b4 0000 ff2f ee94 7f00 0001 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 --- 210,216 ---- # 23:18:36.593819 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:9 A:7 ppp: IPCP 12: Conf-Req(2), IP-Addr=192.168.0.1 [out,pcn1] ! 4500 0030 69b4 0000 ff2f a13f 7f00 0001 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 *************** *** 229,235 **** # 23:18:36.595937 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:10 A:9 ppp: CCP 6: Term-Ack(6) [out,pcn1] ! 4500 002a 69b5 0000 ff2f ee99 7f00 0001 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 --- 229,235 ---- # 23:18:36.595937 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:10 A:9 ppp: CCP 6: Term-Ack(6) [out,pcn1] ! 4500 002a 69b5 0000 ff2f a144 7f00 0001 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 diff -cr ip_fil4.1.13/test/input/ni16 ip_fil4.1.14/test/input/ni16 *** ip_fil4.1.13/test/input/ni16 Wed Mar 2 04:27:35 2005 --- ip_fil4.1.14/test/input/ni16 Sun Oct 1 09:29:36 2006 *************** *** 216,228 **** # 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1) [out,pcn1] ! 4500 002a 5e1e 0000 802f 9ed9 0a02 0202 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 0000 0000 # 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6) [out,pcn1] ! 4500 0032 5e1f 0000 802f 9ed0 0a02 0202 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc --- 216,228 ---- # 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1) [out,pcn1] ! 4500 002a 5e1e 0000 802f 9ed7 0a02 0202 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 0000 0000 # 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6) [out,pcn1] ! 4500 0032 5e1f 0000 802f 9ece 0a02 0202 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc diff -cr ip_fil4.1.13/test/input/ni3 ip_fil4.1.14/test/input/ni3 *** ip_fil4.1.13/test/input/ni3 Tue May 18 01:46:32 2004 --- ip_fil4.1.14/test/input/ni3 Sun Oct 1 09:27:04 2006 *************** *** 3,9 **** # going out) [out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 ! [in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ac 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 # ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) [in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 --- 3,9 ---- # going out) [out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 ! [in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ab 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 # ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) [in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 diff -cr ip_fil4.1.13/test/input/ni4 ip_fil4.1.14/test/input/ni4 *** ip_fil4.1.13/test/input/ni4 Tue May 18 01:46:32 2004 --- ip_fil4.1.14/test/input/ni4 Sun Oct 1 09:27:04 2006 *************** *** 3,9 **** # going out) [out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 ! [in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6c 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 # ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) [in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 --- 3,9 ---- # going out) [out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 ! [in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6b 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 # ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) [in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 Only in ip_fil4.1.14/test/input: p5 Only in ip_fil4.1.14/test/regress: ip2 diff -cr ip_fil4.1.13/test/regress/ni1.nat ip_fil4.1.14/test/regress/ni1.nat *** ip_fil4.1.13/test/regress/ni1.nat Thu Mar 7 02:09:46 2002 --- ip_fil4.1.14/test/regress/ni1.nat Sun Oct 1 09:30:23 2006 *************** *** 1 **** ! map df0 2.2.2.2/32 -> 6.6.6.6/32 --- 1,3 ---- ! map df0 from 2.2.2.2/32 port 20000 >< 25000 to any -> 6.6.6.8/32 portmap udp 2000:2500 ! map df0 from 2.2.2.2/32 port 2000 >< 2500 to any -> 6.6.6.7/32 portmap udp 20000:25000 ! map df0 from 2.2.2.2/32 to any -> 6.6.6.6/32 Only in ip_fil4.1.14/test/regress: p5.ipf Only in ip_fil4.1.14/test/regress: p5.pool diff -cr ip_fil4.1.13/test/test.format ip_fil4.1.14/test/test.format *** ip_fil4.1.13/test/test.format Sun Mar 26 00:34:10 2006 --- ip_fil4.1.14/test/test.format Sat Aug 26 08:43:21 2006 *************** *** 49,54 **** --- 49,55 ---- in5 text text in6 text text ip1 text text + ip2 text text ipv6.1 hex hex ipv6.2 hex hex ipv6.3 hex hex *************** *** 89,91 **** --- 90,94 ---- p1 text text p2 text text p3 text text + p4 text text + p5 text text diff -cr ip_fil4.1.13/test/vfycksum.pl ip_fil4.1.14/test/vfycksum.pl *** ip_fil4.1.13/test/vfycksum.pl Mon Nov 14 04:13:38 2005 --- ip_fil4.1.14/test/vfycksum.pl Sun Oct 1 09:30:54 2006 *************** *** 21,29 **** for ($idx = $start, $lsum = $seed; $idx < $max; $idx++) { $lsum += $bytes[$idx]; } ! while ($lsum > 65535) { ! $lsum = ($lsum & 0xffff) + ($lsum >> 16); ! } $lsum = ~$lsum & 0xffff; return $lsum; } --- 21,27 ---- for ($idx = $start, $lsum = $seed; $idx < $max; $idx++) { $lsum += $bytes[$idx]; } ! $lsum = ($lsum & 0xffff) + ($lsum >> 16); $lsum = ~$lsum & 0xffff; return $lsum; } *************** *** 40,48 **** if ($hs != 0) { $bytes[$base + 5] = 0; ! $hs2 = &dosum($base, 0, $base + $hl); $bytes[$base + 5] = $osum; ! printf " IP: (%x) %x != %x", $hs, $osum, $hs2; } else { print " IP($base): ok "; } --- 38,46 ---- if ($hs != 0) { $bytes[$base + 5] = 0; ! $hs2 = &dosum(0, $base, $base + $hl); $bytes[$base + 5] = $osum; ! printf " IP: ($hl,%x) %x != %x", $hs, $osum, $hs2; } else { print " IP($base): ok "; } *************** *** 104,109 **** --- 102,111 ---- $x = ($cnt - $base) * 2; $y = $hl + $thl; $z = 3; + } elsif ($len < $thl) { + $x = ($cnt - $base) * 2; + $y = $len; + $z = 4; } if ($z) { *************** *** 199,217 **** } local($osum) = $bytes[$base + $hl + 1]; ! $bytes[$hl + 1] = 0; ! for ($i = $base + $hl, $hs2 = 0; $i < $cnt; $i++) { ! $hs2 += $bytes[$i]; ! } ! $hs = $hs2 + $osum; ! while ($hs2 > 65535) { ! $hs2 = ($hs2 & 0xffff) + ($hs2 >> 16); ! } ! while ($hs > 65535) { ! $hs = ($hs & 0xffff) + ($hs >> 16); ! } ! $hs2 = ~$hs2 & 0xffff; ! $hs = ~$hs & 0xffff; if ($osum != $hs2) { printf " ICMP: (%x) %x != %x", $hs, $osum, $hs2; --- 201,209 ---- } local($osum) = $bytes[$base + $hl + 1]; ! $bytes[$base + $hl + 1] = 0; ! $hs2 = &dosum(0, $base + $hl, $cnt); ! $bytes[$base + $hl + 1] = $osum; if ($osum != $hs2) { printf " ICMP: (%x) %x != %x", $hs, $osum, $hs2; *************** *** 266,271 **** --- 258,267 ---- $b=$_; s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F]) (.*)/$1 $2$3 $4/g; } + if (/.* [0-9a-fA-F][0-9a-fA-F] [0-9a-fA-F][0-9a-fA-F]/) { + $b=$_; + s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F])/$1 $2$3/g; + } while (/^[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F].*/) { $x = $_; $x =~ s/([0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]).*/$1/; diff -cr ip_fil4.1.13/tools/Makefile ip_fil4.1.14/tools/Makefile *** ip_fil4.1.13/tools/Makefile Sat Apr 17 09:40:35 2004 --- ip_fil4.1.14/tools/Makefile Sat Aug 26 21:21:13 2006 *************** *** 1,4 **** ! DEST=. all: $(DEST)/ipf_y.c $(DEST)/ipf_y.h $(DEST)/ipf_l.c \ --- 1,8 ---- ! # ! # Copyright (C) 1993-2001 by Darren Reed. ! # ! # See the IPFILTER.LICENCE file for details on licencing. ! # DEST=. all: $(DEST)/ipf_y.c $(DEST)/ipf_y.h $(DEST)/ipf_l.c \ diff -cr ip_fil4.1.13/tools/ipf.c ip_fil4.1.14/tools/ipf.c *** ip_fil4.1.13/tools/ipf.c Fri Mar 17 22:48:08 2006 --- ip_fil4.1.14/tools/ipf.c Sat Aug 26 21:21:13 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 19,25 **** #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.4 2006/03/17 11:48:08 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) --- 19,25 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.6 2006/08/26 11:21:13 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) *************** *** 451,465 **** void zerostats() { friostat_t fio; ! friostat_t *fiop = &fio; if (opendevice(ipfname, 1) != -2) { ! if (ioctl(fd, SIOCFRZST, &fiop) == -1) { perror("ioctl(SIOCFRZST)"); exit(-1); } ! showstats(fiop); } } --- 451,471 ---- void zerostats() { + ipfobj_t obj; friostat_t fio; ! ! obj.ipfo_rev = IPFILTER_VERSION; ! obj.ipfo_type = IPFOBJ_IPFSTAT; ! obj.ipfo_size = sizeof(fio); ! obj.ipfo_ptr = &fio; ! obj.ipfo_offset = 0; if (opendevice(ipfname, 1) != -2) { ! if (ioctl(fd, SIOCFRZST, &obj) == -1) { perror("ioctl(SIOCFRZST)"); exit(-1); } ! showstats(&fio); } } diff -cr ip_fil4.1.13/tools/ipf_y.y ip_fil4.1.14/tools/ipf_y.y *** ip_fil4.1.13/tools/ipf_y.y Wed Mar 29 21:20:01 2006 --- ip_fil4.1.14/tools/ipf_y.y Wed Aug 30 02:58:05 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2001-2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include "ipf.h" #include *************** *** 835,854 **** ; addr: pool '/' YY_NUMBER { pooled = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_POOL; $$.a.iplookupnum = $3; } | pool '=' '(' poollist ')' { pooled = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_POOL; $$.a.iplookupnum = makepool($4); } | hash '/' YY_NUMBER { hashed = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_HASH; $$.a.iplookupnum = $3; } | hash '=' '(' addrlist ')' { hashed = 1; - yyexpectaddr = 0; $$.a.iplookuptype = IPLT_HASH; $$.a.iplookupnum = makehash($4); } | ipaddr { bcopy(&$1, &$$, sizeof($$)); yyexpectaddr = 0; } --- 840,871 ---- ; addr: pool '/' YY_NUMBER { pooled = 1; $$.a.iplookuptype = IPLT_POOL; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = $3; } + | pool '/' YY_STR { pooled = 1; + $$.a.iplookuptype = IPLT_POOL; + $$.a.iplookupsubtype = 1; + strncpy($$.a.iplookupname, $3, + sizeof($$.a.iplookupname)); + } | pool '=' '(' poollist ')' { pooled = 1; $$.a.iplookuptype = IPLT_POOL; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = makepool($4); } | hash '/' YY_NUMBER { hashed = 1; $$.a.iplookuptype = IPLT_HASH; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = $3; } + | hash '/' YY_STR { pooled = 1; + $$.a.iplookuptype = IPLT_HASH; + $$.a.iplookupsubtype = 1; + strncpy($$.a.iplookupname, $3, + sizeof($$.a.iplookupname)); + } | hash '=' '(' addrlist ')' { hashed = 1; $$.a.iplookuptype = IPLT_HASH; + $$.a.iplookupsubtype = 0; $$.a.iplookupnum = makehash($4); } | ipaddr { bcopy(&$1, &$$, sizeof($$)); yyexpectaddr = 0; } *************** *** 1373,1380 **** YY_STR { $$ = $1; } ; ! interfacename: YY_STR { $$ = $1; } ! | YY_STR ':' YY_NUMBER { $$ = $1; fprintf(stderr, "%d: Logical interface %s:%d unsupported, " "use the physical interface %s instead.\n", --- 1390,1397 ---- YY_STR { $$ = $1; } ; ! interfacename: name { $$ = $1; } ! | name ':' YY_NUMBER { $$ = $1; fprintf(stderr, "%d: Logical interface %s:%d unsupported, " "use the physical interface %s instead.\n", *************** *** 1383,1388 **** --- 1400,1406 ---- ; name: YY_STR { $$ = $1; } + | '-' { $$ = strdup("-"); } ; ipv4_16: diff -cr ip_fil4.1.13/tools/ipfcomp.c ip_fil4.1.14/tools/ipfcomp.c *** ip_fil4.1.13/tools/ipfcomp.c Sat Mar 18 09:31:57 2006 --- ip_fil4.1.14/tools/ipfcomp.c Sat Aug 26 21:21:14 2006 *************** *** 1,11 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.3 2006/03/17 22:31:57 darrenr Exp $"; #endif #include "ipf.h" --- 1,11 ---- /* ! * Copyright (C) 2001-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.4 2006/08/26 11:21:14 darrenr Exp $"; #endif #include "ipf.h" diff -cr ip_fil4.1.13/tools/ipfs.c ip_fil4.1.14/tools/ipfs.c *** ip_fil4.1.13/tools/ipfs.c Sat Mar 18 00:18:11 2006 --- ip_fil4.1.14/tools/ipfs.c Sat Aug 26 21:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1999-2001, 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ diff -cr ip_fil4.1.13/tools/ipfstat.c ip_fil4.1.14/tools/ipfstat.c *** ip_fil4.1.13/tools/ipfstat.c Wed Mar 22 03:09:58 2006 --- ip_fil4.1.14/tools/ipfstat.c Sat Aug 26 21:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001, 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 51,56 **** --- 51,57 ---- #ifdef STATETOP # include # include + # include # if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \ defined(__sgi) # ifdef ERR *************** *** 68,74 **** #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.14 2006/03/21 16:09:58 darrenr Exp $"; #endif #ifdef __hpux --- 69,75 ---- #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.17 2006/08/26 11:21:14 darrenr Exp $"; #endif #ifdef __hpux *************** *** 94,99 **** --- 95,102 ---- int live_kernel = 1; int state_fd = -1; int ipf_fd = -1; + int auth_fd = -1; + int nat_fd = -1; #ifdef STATETOP #define STSTRSIZE 80 *************** *** 128,146 **** int main __P((int, char *[])); static void showstats __P((friostat_t *, u_32_t)); ! static void showfrstates __P((ipfrstat_t *)); static void showlist __P((friostat_t *)); static void showipstates __P((ips_stat_t *)); static void showauthstates __P((fr_authstat_t *)); static void showgroups __P((friostat_t *)); static void usage __P((char *)); ! static void printlist __P((frentry_t *, char *)); static void parse_ipportstr __P((const char *, i6addr_t *, int *)); static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **, ipfrstat_t **, fr_authstat_t **, u_32_t *)); static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **, ipfrstat_t **, fr_authstat_t **, u_32_t *)); #ifdef STATETOP static void topipstates __P((i6addr_t, i6addr_t, int, int, int, int, int, int)); --- 131,152 ---- int main __P((int, char *[])); + static int fetchfrag __P((int, int, ipfr_t *)); static void showstats __P((friostat_t *, u_32_t)); ! static void showfrstates __P((ipfrstat_t *, u_long)); static void showlist __P((friostat_t *)); static void showipstates __P((ips_stat_t *)); static void showauthstates __P((fr_authstat_t *)); static void showgroups __P((friostat_t *)); static void usage __P((char *)); ! static void printlivelist __P((int, int, frentry_t *, char *, char *)); ! static void printdeadlist __P((int, int, frentry_t *, char *, char *)); static void parse_ipportstr __P((const char *, i6addr_t *, int *)); static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **, ipfrstat_t **, fr_authstat_t **, u_32_t *)); static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **, ipfrstat_t **, fr_authstat_t **, u_32_t *)); + static ipstate_t *fetchstate __P((ipstate_t *, ipstate_t *)); #ifdef STATETOP static void topipstates __P((i6addr_t, i6addr_t, int, int, int, int, int, int)); *************** *** 190,196 **** ips_stat_t *ipsstp = &ipsst; ipfrstat_t ifrst; ipfrstat_t *ifrstp = &ifrst; ! char *device = IPL_NAME, *memf = NULL; char *options, *kern = NULL; int c, myoptind; --- 196,202 ---- ips_stat_t *ipsstp = &ipsst; ipfrstat_t ifrst; ipfrstat_t *ifrstp = &ifrst; ! char *memf = NULL; char *options, *kern = NULL; int c, myoptind; *************** *** 243,250 **** perror("open(IPSTATE_NAME)"); exit(-1); } ! if ((ipf_fd = open(device, O_RDONLY)) == -1) { ! fprintf(stderr, "open(%s)", device); perror(""); exit(-1); } --- 249,264 ---- perror("open(IPSTATE_NAME)"); exit(-1); } ! if ((auth_fd = open(IPAUTH_NAME, O_RDONLY)) == -1) { ! perror("open(IPAUTH_NAME)"); ! exit(-1); ! } ! if ((nat_fd = open(IPNAT_NAME, O_RDONLY)) == -1) { ! perror("open(IPAUTH_NAME)"); ! exit(-1); ! } ! if ((ipf_fd = open(IPL_NAME, O_RDONLY)) == -1) { ! fprintf(stderr, "open(%s)", IPL_NAME); perror(""); exit(-1); } *************** *** 255,264 **** (void)setuid(getuid()); } ! if (live_kernel == 1) ! (void) checkrev(device); ! if (openkmem(kern, memf) == -1) ! exit(-1); (void)setgid(getgid()); (void)setuid(getuid()); --- 269,280 ---- (void)setuid(getuid()); } ! if (live_kernel == 1) { ! (void) checkrev(IPL_NAME); ! } else { ! if (openkmem(kern, memf) == -1) ! exit(-1); ! } (void)setgid(getgid()); (void)setuid(getuid()); *************** *** 367,373 **** bzero((char *)&ipsst, sizeof(ipsst)); bzero((char *)&ifrst, sizeof(ifrst)); ! ipfstate_live(device, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); } else ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); --- 383,389 ---- bzero((char *)&ipsst, sizeof(ipsst)); bzero((char *)&ifrst, sizeof(ifrst)); ! ipfstate_live(IPL_NAME, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); } else ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf); *************** *** 381,387 **** showlist(fiop); } } else if (opts & OPT_FRSTATES) ! showfrstates(ifrstp); #ifdef STATETOP else if (opts & OPT_STATETOP) topipstates(saddr, daddr, sport, dport, protocol, --- 397,403 ---- showlist(fiop); } } else if (opts & OPT_FRSTATES) ! showfrstates(ifrstp, fiop->f_ticks); #ifdef STATETOP else if (opts & OPT_STATETOP) topipstates(saddr, daddr, sport, dport, protocol, *************** *** 420,428 **** if ((opts & OPT_AUTHSTATS) == 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; ipfo.ipfo_size = sizeof(friostat_t); ipfo.ipfo_ptr = (void *)*fiopp; - ipfo.ipfo_type = IPFOBJ_IPFSTAT; if (ioctl(ipf_fd, SIOCGETFS, &ipfo) == -1) { perror("ioctl(ipf:SIOCGETFS)"); --- 436,444 ---- if ((opts & OPT_AUTHSTATS) == 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_IPFSTAT; ipfo.ipfo_size = sizeof(friostat_t); ipfo.ipfo_ptr = (void *)*fiopp; if (ioctl(ipf_fd, SIOCGETFS, &ipfo) == -1) { perror("ioctl(ipf:SIOCGETFS)"); *************** *** 437,445 **** bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; ipfo.ipfo_size = sizeof(ips_stat_t); ipfo.ipfo_ptr = (void *)*ipsstpp; - ipfo.ipfo_type = IPFOBJ_STATESTAT; if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { perror("ioctl(state:SIOCGETFS)"); --- 453,461 ---- bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_STATESTAT; ipfo.ipfo_size = sizeof(ips_stat_t); ipfo.ipfo_ptr = (void *)*ipsstpp; if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { perror("ioctl(state:SIOCGETFS)"); *************** *** 454,462 **** if ((opts & OPT_FRSTATES) != 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; ipfo.ipfo_size = sizeof(ipfrstat_t); ipfo.ipfo_ptr = (void *)*ifrstpp; - ipfo.ipfo_type = IPFOBJ_FRAGSTAT; if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) { perror("ioctl(SIOCGFRST)"); --- 470,478 ---- if ((opts & OPT_FRSTATES) != 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_FRAGSTAT; ipfo.ipfo_size = sizeof(ipfrstat_t); ipfo.ipfo_ptr = (void *)*ifrstpp; if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) { perror("ioctl(SIOCGFRST)"); *************** *** 468,490 **** PRINTF("opts %#x name %s\n", opts, device); if ((opts & OPT_AUTHSTATS) != 0) { - if (ipf_fd >= 0) { - close(ipf_fd); - ipf_fd = -1; - } - device = IPAUTH_NAME; - if ((ipf_fd = open(device, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; ipfo.ipfo_size = sizeof(fr_authstat_t); ipfo.ipfo_ptr = (void *)*frauthstpp; - ipfo.ipfo_type = IPFOBJ_AUTHSTAT; ! if (ioctl(ipf_fd, SIOCATHST, &ipfo) == -1) { perror("ioctl(SIOCATHST)"); exit(-1); } --- 484,496 ---- PRINTF("opts %#x name %s\n", opts, device); if ((opts & OPT_AUTHSTATS) != 0) { bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_AUTHSTAT; ipfo.ipfo_size = sizeof(fr_authstat_t); ipfo.ipfo_ptr = (void *)*frauthstpp; ! if (ioctl(auth_fd, SIOCATHST, &ipfo) == -1) { perror("ioctl(SIOCATHST)"); exit(-1); } *************** *** 769,789 **** /* * Print out a list of rules from the kernel, starting at the one passed. */ ! static void printlist(fp, comment) frentry_t *fp; ! char *comment; { ! struct frentry fb, *fg; ! char *data; ! u_32_t type; int n; ! for (n = 1; fp; n++) { ! if (kmemcpy((char *)&fb, (u_long)fp, sizeof(fb)) == -1) { ! perror("kmemcpy"); return; } ! fp = &fb; if (opts & (OPT_HITS|OPT_VERBOSE)) #ifdef USE_QUAD_T PRINTF("%qu ", (unsigned long long) fp->fr_hits); --- 775,831 ---- /* * Print out a list of rules from the kernel, starting at the one passed. */ ! static void printlivelist(out, set, fp, group, comment) ! int out, set; frentry_t *fp; ! char *group, *comment; { ! frgroup_t *grtop, *grtail, *g; ! struct frentry fb; int n; + ipfruleiter_t rule; + ipfobj_t obj; ! if (use_inet6 == 1) ! fb.fr_v = 6; ! else ! fb.fr_v = 4; ! fb.fr_next = fp; ! n = 0; ! ! grtop = NULL; ! grtail = NULL; ! rule.iri_inout = out; ! rule.iri_active = set; ! rule.iri_rule = &fb; ! rule.iri_nrules = 1; ! rule.iri_v = use_inet6 ? 6 : 4; ! if (group != NULL) ! strncpy(rule.iri_group, group, FR_GROUPLEN); ! else ! rule.iri_group[0] = '\0'; ! ! bzero((char *)&obj, sizeof(obj)); ! obj.ipfo_rev = IPFILTER_VERSION; ! obj.ipfo_type = IPFOBJ_IPFITER; ! obj.ipfo_size = sizeof(rule); ! obj.ipfo_ptr = &rule; ! ! do { ! u_long array[1000]; ! ! memset(array, 0xff, sizeof(array)); ! fp = (frentry_t *)array; ! rule.iri_rule = fp; ! if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) { ! perror("ioctl(SIOCIPFITER)"); return; } ! if (fp->fr_data != NULL) ! fp->fr_data = (char *)fp + sizeof(*fp); ! ! n++; ! if (opts & (OPT_HITS|OPT_VERBOSE)) #ifdef USE_QUAD_T PRINTF("%qu ", (unsigned long long) fp->fr_hits); *************** *** 798,835 **** #endif if (opts & OPT_SHOWLINENO) PRINTF("@%d ", n); data = NULL; ! type = fp->fr_type & ~FR_T_BUILTIN; if (type == FR_T_IPF || type == FR_T_BPFOPC) { ! if (fp->fr_dsize) { ! data = malloc(fp->fr_dsize); ! if (kmemcpy(data, (u_long)fp->fr_data, ! fp->fr_dsize) == -1) { perror("kmemcpy"); return; } ! fp->fr_data = data; } } printfr(fp, ioctl); if (opts & OPT_DEBUG) { binprint(fp, sizeof(*fp)); ! if (fp->fr_data != NULL && fp->fr_dsize > 0) ! binprint(fp->fr_data, fp->fr_dsize); } if (data != NULL) free(data); ! if (fp->fr_grp != NULL) { ! if (!kmemcpy((char *)&fg, (u_long)fp->fr_grp, ! sizeof(fg))) ! printlist(fg, comment); } if (type == FR_T_CALLFUNC) { ! printlist(fp->fr_data, "# callfunc: "); } ! fp = fp->fr_next; } } --- 840,970 ---- #endif if (opts & OPT_SHOWLINENO) PRINTF("@%d ", n); + + printfr(fp, ioctl); + if (opts & OPT_DEBUG) { + binprint(fp, sizeof(*fp)); + if (fp->fr_data != NULL && fp->fr_dsize > 0) + binprint(fp->fr_data, fp->fr_dsize); + } + if (fp->fr_grhead[0] != '\0') { + g = calloc(1, sizeof(*g)); + + if (g != NULL) { + strncpy(g->fg_name, fp->fr_grhead, + FR_GROUPLEN); + if (grtop == NULL) { + grtop = g; + grtail = g; + } else { + grtail->fg_next = g; + grtail = g; + } + } + } + if (fp->fr_type == FR_T_CALLFUNC) { + printlivelist(out, set, fp->fr_data, group, + "# callfunc: "); + } + } while (fp->fr_next != NULL); + + while ((g = grtop) != NULL) { + printlivelist(out, set, NULL, g->fg_name, comment); + grtop = g->fg_next; + free(g); + } + } + + + static void printdeadlist(out, set, fp, group, comment) + int out, set; + frentry_t *fp; + char *group, *comment; + { + frgroup_t *grtop, *grtail, *g; + struct frentry fb; + char *data; + u_32_t type; + int n; + + fb.fr_next = fp; + n = 0; + grtop = NULL; + grtail = NULL; + + do { + fp = fb.fr_next; + if (kmemcpy((char *)&fb, (u_long)fb.fr_next, + sizeof(fb)) == -1) { + perror("kmemcpy"); + return; + } + data = NULL; ! type = fb.fr_type & ~FR_T_BUILTIN; if (type == FR_T_IPF || type == FR_T_BPFOPC) { ! if (fb.fr_dsize) { ! data = malloc(fb.fr_dsize); ! if (kmemcpy(data, (u_long)fb.fr_data, ! fb.fr_dsize) == -1) { perror("kmemcpy"); return; } ! fb.fr_data = data; } } + n++; + + if (opts & (OPT_HITS|OPT_VERBOSE)) + #ifdef USE_QUAD_T + PRINTF("%qu ", (unsigned long long) fb.fr_hits); + #else + PRINTF("%lu ", fb.fr_hits); + #endif + if (opts & (OPT_ACCNT|OPT_VERBOSE)) + #ifdef USE_QUAD_T + PRINTF("%qu ", (unsigned long long) fb.fr_bytes); + #else + PRINTF("%lu ", fb.fr_bytes); + #endif + if (opts & OPT_SHOWLINENO) + PRINTF("@%d ", n); + printfr(fp, ioctl); if (opts & OPT_DEBUG) { binprint(fp, sizeof(*fp)); ! if (fb.fr_data != NULL && fb.fr_dsize > 0) ! binprint(fb.fr_data, fb.fr_dsize); } if (data != NULL) free(data); ! if (fb.fr_grhead[0] != '\0') { ! g = calloc(1, sizeof(*g)); ! ! if (g != NULL) { ! strncpy(g->fg_name, fb.fr_grhead, ! FR_GROUPLEN); ! if (grtop == NULL) { ! grtop = g; ! grtail = g; ! } else { ! grtail->fg_next = g; ! grtail = g; ! } ! } } if (type == FR_T_CALLFUNC) { ! printdeadlist(out, set, fb.fr_data, group, ! "# callfunc: "); } ! } while (fb.fr_next != NULL); ! ! while ((g = grtop) != NULL) { ! printdeadlist(out, set, NULL, g->fg_name, comment); ! grtop = g->fg_next; ! free(g); } } *************** *** 895,901 **** (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]); return; } ! printlist(fp, NULL); } --- 1030,1039 ---- (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]); return; } ! if (live_kernel == 1) ! printlivelist(i, set, fp, NULL, NULL); ! else ! printdeadlist(i, set, fp, NULL, NULL); } *************** *** 906,924 **** ips_stat_t *ipsp; { u_long minlen, maxlen, totallen, *buckets; int i, sz; - sz = sizeof(*buckets) * ipsp->iss_statesize; - buckets = (u_long *)malloc(sz); - if (kmemcpy((char *)buckets, (u_long)ipsp->iss_bucketlen, sz)) { - free(buckets); - return; - } - /* * If a list of states hasn't been asked for, only print out stats */ if (!(opts & OPT_SHOWLIST)) { PRINTF("IP states added:\n\t%lu TCP\n\t%lu UDP\n\t%lu ICMP\n", ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp); PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits, --- 1044,1082 ---- ips_stat_t *ipsp; { u_long minlen, maxlen, totallen, *buckets; + ipftable_t table; + ipfobj_t obj; int i, sz; /* * If a list of states hasn't been asked for, only print out stats */ if (!(opts & OPT_SHOWLIST)) { + + sz = sizeof(*buckets) * ipsp->iss_statesize; + buckets = (u_long *)malloc(sz); + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GTABLE; + obj.ipfo_size = sizeof(table); + obj.ipfo_ptr = &table; + + table.ita_type = IPFTABLE_BUCKETS; + table.ita_table = buckets; + + if (live_kernel == 1) { + if (ioctl(state_fd, SIOCGTABL, &obj) != 0) { + free(buckets); + return; + } + } else { + if (kmemcpy((char *)buckets, + (u_long)ipsp->iss_bucketlen, sz)) { + free(buckets); + return; + } + } + PRINTF("IP states added:\n\t%lu TCP\n\t%lu UDP\n\t%lu ICMP\n", ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp); PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits, *************** *** 980,990 **** * Print out all the state information currently held in the kernel. */ while (ipsp->iss_list != NULL) { ! ipsp->iss_list = printstate(ipsp->iss_list, opts, ! ipsp->iss_ticks); ! } ! free(buckets); } --- 1138,1152 ---- * Print out all the state information currently held in the kernel. */ while (ipsp->iss_list != NULL) { ! ipstate_t ips; ! ipsp->iss_list = fetchstate(ipsp->iss_list, &ips); ! ! if (ipsp->iss_list != NULL) { ! ipsp->iss_list = ips.is_next; ! printstate(&ips, opts, ipsp->iss_ticks); ! } ! } } *************** *** 1038,1046 **** /* init ipfobj_t stuff */ bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; ipfo.ipfo_size = sizeof(*ipsstp); ipfo.ipfo_ptr = (void *)ipsstp; - ipfo.ipfo_type = IPFOBJ_STATESTAT; /* repeat until user aborts */ while ( 1 ) { --- 1200,1208 ---- /* init ipfobj_t stuff */ bzero((caddr_t)&ipfo, sizeof(ipfo)); ipfo.ipfo_rev = IPFILTER_VERSION; + ipfo.ipfo_type = IPFOBJ_STATESTAT; ipfo.ipfo_size = sizeof(*ipsstp); ipfo.ipfo_ptr = (void *)ipsstp; /* repeat until user aborts */ while ( 1 ) { *************** *** 1062,1069 **** /* read the state table and store in tstable */ for (; ipsstp->iss_list; ipsstp->iss_list = ips.is_next) { ! if (kmemcpy((char *)&ips, (u_long)ipsstp->iss_list, ! sizeof(ips))) break; if (ips.is_v != ver) --- 1224,1231 ---- /* read the state table and store in tstable */ for (; ipsstp->iss_list; ipsstp->iss_list = ips.is_next) { ! ipsstp->iss_list = fetchstate(ipsstp->iss_list, &ips); ! if (ipsstp->iss_list == NULL) break; if (ips.is_v != ver) *************** *** 1430,1437 **** /* * Show fragment cache information that's held in the kernel. */ ! static void showfrstates(ifsp) ipfrstat_t *ifsp; { struct ipfr *ipfrtab[IPFT_SIZE], ifr; int i; --- 1592,1600 ---- /* * Show fragment cache information that's held in the kernel. */ ! static void showfrstates(ifsp, ticks) ipfrstat_t *ifsp; + u_long ticks; { struct ipfr *ipfrtab[IPFT_SIZE], ifr; int i; *************** *** 1446,1479 **** PRINTF("\t%lu no memory\n\t%lu already exist\n", ifsp->ifs_nomem, ifsp->ifs_exists); PRINTF("\t%lu inuse\n", ifsp->ifs_inuse); ! if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table, sizeof(ipfrtab))) ! return; /* * Print out the contents (if any) of the fragment cache table. */ ! PRINTF("\n"); ! for (i = 0; i < IPFT_SIZE; i++) ! while (ipfrtab[i] != NULL) { ! if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], ! sizeof(ifr)) == -1) break; printfraginfo("", &ifr); ! ipfrtab[i] = ifr.ipfr_next; ! } /* * Print out the contents (if any) of the NAT fragment cache table. */ ! if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,sizeof(ipfrtab))) ! return; ! for (i = 0; i < IPFT_SIZE; i++) ! while (ipfrtab[i] != NULL) { ! if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], ! sizeof(ifr)) == -1) break; printfraginfo("NAT: ", &ifr); ! ipfrtab[i] = ifr.ipfr_next; ! } } --- 1609,1673 ---- PRINTF("\t%lu no memory\n\t%lu already exist\n", ifsp->ifs_nomem, ifsp->ifs_exists); PRINTF("\t%lu inuse\n", ifsp->ifs_inuse); ! PRINTF("\n"); ! ! if (live_kernel == 0) { ! if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table, ! sizeof(ipfrtab))) ! return; ! } /* * Print out the contents (if any) of the fragment cache table. */ ! if (live_kernel == 1) { ! do { ! if (fetchfrag(ipf_fd, IPFGENITER_FRAG, &ifr) != 0) ! break; ! if (ifr.ipfr_ifp == NULL) break; + ifr.ipfr_ttl -= ticks; printfraginfo("", &ifr); ! } while (1); ! } else { ! for (i = 0; i < IPFT_SIZE; i++) ! while (ipfrtab[i] != NULL) { ! if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], ! sizeof(ifr)) == -1) ! break; ! printfraginfo("", &ifr); ! ipfrtab[i] = ifr.ipfr_next; ! } ! } /* * Print out the contents (if any) of the NAT fragment cache table. */ ! ! if (live_kernel == 0) { ! if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab, ! sizeof(ipfrtab))) ! return; ! } ! ! if (live_kernel == 1) { ! do { ! if (fetchfrag(nat_fd, IPFGENITER_NATFRAG, &ifr) != 0) ! break; ! if (ifr.ipfr_ifp == NULL) break; + ifr.ipfr_ttl -= ticks; printfraginfo("NAT: ", &ifr); ! } while (1); ! } else { ! for (i = 0; i < IPFT_SIZE; i++) ! while (ipfrtab[i] != NULL) { ! if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i], ! sizeof(ifr)) == -1) ! break; ! printfraginfo("NAT: ", &ifr); ! ipfrtab[i] = ifr.ipfr_next; ! } ! } } *************** *** 1484,1489 **** --- 1678,1694 ---- fr_authstat_t *asp; { frauthent_t *frap, fra; + ipfgeniter_t auth; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(auth); + obj.ipfo_ptr = &auth; + + auth.igi_type = IPFGENITER_AUTH; + auth.igi_nitems = 1; + auth.igi_data = &fra; #ifdef USE_QUAD_T printf("Authorisation hits: %qu\tmisses %qu\n", *************** *** 1501,1509 **** frap = asp->fas_faelist; while (frap) { ! if (kmemcpy((char *)&fra, (u_long)frap, sizeof(fra)) == -1) ! break; ! printf("age %ld\t", fra.fae_age); printfr(&fra.fae_fr, ioctl); frap = fra.fae_next; --- 1706,1719 ---- frap = asp->fas_faelist; while (frap) { ! if (live_kernel == 1) { ! if (ioctl(auth_fd, SIOCGENITER, &obj)) ! break; ! } else { ! if (kmemcpy((char *)&fra, (u_long)frap, ! sizeof(fra)) == -1) ! break; ! } printf("age %ld\t", fra.fae_age); printfr(&fra.fae_fr, ioctl); frap = fra.fae_next; *************** *** 1793,1795 **** --- 2003,2059 ---- } #endif + + + ipstate_t *fetchstate(src, dst) + ipstate_t *src, *dst; + { + int i; + + if (live_kernel == 1) { + ipfgeniter_t state; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(state); + obj.ipfo_ptr = &state; + + state.igi_type = IPFGENITER_STATE; + state.igi_nitems = 1; + state.igi_data = dst; + + if (ioctl(state_fd, SIOCGENITER, &obj) != 0) + return NULL; + if (dst->is_next == NULL) { + i = IPFGENITER_STATE; + ioctl(state_fd, SIOCIPFDELTOK, &i); + } + } else { + if (kmemcpy((char *)dst, (u_long)src, sizeof(*dst))) + return NULL; + } + return dst; + } + + + static int fetchfrag(fd, type, frp) + int fd, type; + ipfr_t *frp; + { + ipfgeniter_t frag; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(frag); + obj.ipfo_ptr = &frag; + + frag.igi_type = type; + frag.igi_nitems = 1; + frag.igi_data = frp; + + if (ioctl(fd, SIOCGENITER, &obj)) + return EFAULT; + return 0; + } diff -cr ip_fil4.1.13/tools/ipftest.c ip_fil4.1.14/tools/ipftest.c *** ip_fil4.1.13/tools/ipftest.c Wed Mar 29 21:21:13 2006 --- ip_fil4.1.14/tools/ipftest.c Sat Aug 26 21:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 10,16 **** #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.9 2006/03/29 11:21:13 darrenr Exp $"; #endif extern char *optarg; --- 10,16 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.12 2006/08/26 11:21:14 darrenr Exp $"; #endif extern char *optarg; *************** *** 20,31 **** extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; ! extern hostmap_t **maptable; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ! ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int opts = OPT_DONOTHING; int use_inet6 = 0; int docksum = 0; --- 20,32 ---- extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; ! extern hostmap_t **ipf_hm_maptable; ! extern hostmap_t *ipf_hm_maplist; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ! ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth, ipf_tokens; int opts = OPT_DONOTHING; int use_inet6 = 0; int docksum = 0; *************** *** 101,106 **** --- 102,108 ---- RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); + RWLOCK_INIT(&ipf_tokens, "ipf token rwlock"); initparse(); if (fr_initialise() == -1) *************** *** 249,255 **** (void)printf("pass"); break; case 1 : ! (void)printf("nomatch"); break; case 3 : (void)printf("block return-rst"); --- 251,260 ---- (void)printf("pass"); break; case 1 : ! if (m == NULL) ! (void)printf("bad-packet"); ! else ! (void)printf("nomatch"); break; case 3 : (void)printf("block return-rst"); *************** *** 629,654 **** */ void dumpnat() { - ipnat_t *ipn; - nat_t *nat; hostmap_t *hm; ! int i; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); printf("\nList of active sessions:\n"); for (nat = nat_instances; nat; nat = nat->nat_next) { ! printactivenat(nat, opts); if (nat->nat_aps) printaps(nat->nat_aps, opts); } printf("\nHostmap table:\n"); ! for (i = 0; i < ipf_hostmap_sz; i++) { ! for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) ! printhostmap(hm, i); ! } } --- 634,656 ---- */ void dumpnat() { hostmap_t *hm; ! ipnat_t *ipn; ! nat_t *nat; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); printf("\nList of active sessions:\n"); for (nat = nat_instances; nat; nat = nat->nat_next) { ! printactivenat(nat, opts, 0); if (nat->nat_aps) printaps(nat->nat_aps, opts); } printf("\nHostmap table:\n"); ! for (hm = ipf_hm_maplist; hm != NULL; hm = hm->hm_next) ! printhostmap(hm, 0); } diff -cr ip_fil4.1.13/tools/ipmon.c ip_fil4.1.14/tools/ipmon.c *** ip_fil4.1.13/tools/ipmon.c Sat Mar 18 17:59:39 2006 --- ip_fil4.1.14/tools/ipmon.c Sat Aug 26 21:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001, 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 76,82 **** #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.15 2006/03/18 06:59:39 darrenr Exp $"; #endif --- 76,82 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.16 2006/08/26 11:21:14 darrenr Exp $"; #endif diff -cr ip_fil4.1.13/tools/ipmon_y.y ip_fil4.1.14/tools/ipmon_y.y *** ip_fil4.1.13/tools/ipmon_y.y Mon Jul 12 02:38:54 2004 --- ip_fil4.1.14/tools/ipmon_y.y Sat Aug 26 21:21:14 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2001-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include "ipf.h" #include diff -cr ip_fil4.1.13/tools/ipnat.c ip_fil4.1.14/tools/ipnat.c *** ip_fil4.1.13/tools/ipnat.c Wed May 11 07:19:30 2005 --- ip_fil4.1.14/tools/ipnat.c Sat Aug 26 21:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * --- 1,5 ---- /* ! * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * *************** *** 65,71 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; #endif --- 65,71 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.4 2006/08/26 11:21:14 darrenr Exp $"; #endif *************** *** 77,87 **** extern char *optarg; ! void dostats __P((natstat_t *, int)), flushtable __P((int, int)); void usage __P((char *)); int main __P((int, char*[])); void showhostmap __P((natstat_t *nsp)); void natstat_dead __P((natstat_t *, char *)); int opts; --- 77,92 ---- extern char *optarg; ! void dostats __P((int, natstat_t *, int, int)); ! void flushtable __P((int, int)); void usage __P((char *)); int main __P((int, char*[])); void showhostmap __P((natstat_t *nsp)); void natstat_dead __P((natstat_t *, char *)); + void dostats_live __P((int, natstat_t *, int)); + void showhostmap_dead __P((natstat_t *)); + void showhostmap_live __P((int, natstat_t *)); + void dostats_dead __P((natstat_t *, int)); int opts; *************** *** 166,171 **** --- 171,185 ---- (void) setuid(getuid()); } + if (!(opts & OPT_DONOTHING)) { + if (((fd = open(IPNAT_NAME, mode)) == -1) && + ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) { + (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME, + STRERROR(errno)); + exit(1); + } + } + bzero((char *)&ns, sizeof(ns)); if ((opts & OPT_DONOTHING) == 0) { *************** *** 175,196 **** } } - if (!(opts & OPT_DONOTHING) && (kernel == NULL) && (core == NULL)) { - if (openkmem(kernel, core) == -1) - exit(1); - - if (((fd = open(IPNAT_NAME, mode)) == -1) && - ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) { - (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME, - STRERROR(errno)); - exit(1); - } - bzero((char *)&obj, sizeof(obj)); obj.ipfo_rev = IPFILTER_VERSION; - obj.ipfo_size = sizeof(*nsp); obj.ipfo_type = IPFOBJ_NATSTAT; obj.ipfo_ptr = (void *)nsp; if (ioctl(fd, SIOCGNATS, &obj) == -1) { perror("ioctl(SIOCGNATS)"); --- 189,199 ---- } } if (!(opts & OPT_DONOTHING) && (kernel == NULL) && (core == NULL)) { bzero((char *)&obj, sizeof(obj)); obj.ipfo_rev = IPFILTER_VERSION; obj.ipfo_type = IPFOBJ_NATSTAT; + obj.ipfo_size = sizeof(*nsp); obj.ipfo_ptr = (void *)nsp; if (ioctl(fd, SIOCGNATS, &obj) == -1) { perror("ioctl(SIOCGNATS)"); *************** *** 204,210 **** natstat_dead(nsp, kernel); if (opts & (OPT_LIST|OPT_STAT)) ! dostats(nsp, opts); exit(0); } --- 207,213 ---- natstat_dead(nsp, kernel); if (opts & (OPT_LIST|OPT_STAT)) ! dostats(fd, nsp, opts, 0); exit(0); } *************** *** 214,220 **** ipnat_parsefile(fd, ipnat_addrule, ioctl, file); } if (opts & (OPT_LIST|OPT_STAT)) ! dostats(nsp, opts); return 0; } --- 217,223 ---- ipnat_parsefile(fd, ipnat_addrule, ioctl, file); } if (opts & (OPT_LIST|OPT_STAT)) ! dostats(fd, nsp, opts, 1); return 0; } *************** *** 275,289 **** /* * Display NAT statistics. */ ! void dostats(nsp, opts) natstat_t *nsp; int opts; { nat_t *np, nat; ipnat_t ipn; /* * Show statistics ? */ --- 278,351 ---- /* + * Issue an ioctl to flush either the NAT rules table or the active mapping + * table or both. + */ + void flushtable(fd, opts) + int fd, opts; + { + int n = 0; + + if (opts & OPT_FLUSH) { + n = 0; + if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) + perror("ioctl(SIOCFLNAT)"); + else + printf("%d entries flushed from NAT table\n", n); + } + + if (opts & OPT_CLEAR) { + n = 1; + if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) + perror("ioctl(SIOCCNATL)"); + else + printf("%d entries flushed from NAT list\n", n); + } + } + + + /* * Display NAT statistics. */ ! void dostats_dead(nsp, opts) natstat_t *nsp; int opts; { nat_t *np, nat; ipnat_t ipn; + printf("List of active MAP/Redirect filters:\n"); + while (nsp->ns_list) { + if (kmemcpy((char *)&ipn, (long)nsp->ns_list, + sizeof(ipn))) { + perror("kmemcpy"); + break; + } + if (opts & OPT_HITS) + printf("%lu ", ipn.in_hits); + printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); + nsp->ns_list = ipn.in_next; + } + + printf("\nList of active sessions:\n"); + + for (np = nsp->ns_instances; np; np = nat.nat_next) { + if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) + break; + printactivenat(&nat, opts, 0); + if (nat.nat_aps) + printaps(nat.nat_aps, opts); + } + + if (opts & OPT_VERBOSE) + showhostmap_dead(nsp); + } + + + void dostats(fd, nsp, opts, alive) + natstat_t *nsp; + int fd, opts, alive; + { /* * Show statistics ? */ *************** *** 302,344 **** nsp->ns_table, nsp->ns_list); } /* * Show list of NAT rules and NAT sessions ? */ ! if (opts & OPT_LIST) { ! printf("List of active MAP/Redirect filters:\n"); ! while (nsp->ns_list) { ! if (kmemcpy((char *)&ipn, (long)nsp->ns_list, ! sizeof(ipn))) { ! perror("kmemcpy"); ! break; ! } ! if (opts & OPT_HITS) ! printf("%lu ", ipn.in_hits); ! printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); ! nsp->ns_list = ipn.in_next; ! } ! printf("\nList of active sessions:\n"); ! for (np = nsp->ns_instances; np; np = nat.nat_next) { ! if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) ! break; ! printactivenat(&nat, opts); ! if (nat.nat_aps) ! printaps(nat.nat_aps, opts); ! } ! if (opts & OPT_VERBOSE) ! showhostmap(nsp); } } /* * Display the active host mapping table. */ ! void showhostmap(nsp) natstat_t *nsp; { hostmap_t hm, *hmp, **maptable; --- 364,437 ---- nsp->ns_table, nsp->ns_list); } + if (opts & OPT_LIST) { + if (alive) + dostats_live(fd, nsp, opts); + else + dostats_dead(nsp, opts); + } + } + + + /* + * Display NAT statistics. + */ + void dostats_live(fd, nsp, opts) + natstat_t *nsp; + int fd, opts; + { + ipfgeniter_t iter; + ipfobj_t obj; + ipnat_t ipn; + nat_t nat; + + bzero((char *)&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_GENITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.igi_type = IPFGENITER_IPNAT; + iter.igi_nitems = 1; + iter.igi_data = &ipn; + /* * Show list of NAT rules and NAT sessions ? */ ! printf("List of active MAP/Redirect filters:\n"); ! while (nsp->ns_list) { ! if (ioctl(fd, SIOCGENITER, &obj) == -1) ! break; ! if (opts & OPT_HITS) ! printf("%lu ", ipn.in_hits); ! printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); ! nsp->ns_list = ipn.in_next; ! } ! printf("\nList of active sessions:\n"); ! iter.igi_type = IPFGENITER_NAT; ! iter.igi_nitems = 1; ! iter.igi_data = &nat; ! while (nsp->ns_instances != NULL) { ! if (ioctl(fd, SIOCGENITER, &obj) == -1) ! break; ! printactivenat(&nat, opts, 1); ! if (nat.nat_aps) ! printaps(nat.nat_aps, opts); ! nsp->ns_instances = nat.nat_next; } + + if (opts & OPT_VERBOSE) + showhostmap_live(fd, nsp); } /* * Display the active host mapping table. */ ! void showhostmap_dead(nsp) natstat_t *nsp; { hostmap_t hm, *hmp, **maptable; *************** *** 372,398 **** /* ! * Issue an ioctl to flush either the NAT rules table or the active mapping ! * table or both. */ ! void flushtable(fd, opts) ! int fd, opts; { ! int n = 0; ! if (opts & OPT_FLUSH) { ! n = 0; ! if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) ! perror("ioctl(SIOCFLNAT)"); ! else ! printf("%d entries flushed from NAT table\n", n); ! } ! if (opts & OPT_CLEAR) { ! n = 1; ! if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1) ! perror("ioctl(SIOCCNATL)"); ! else ! printf("%d entries flushed from NAT list\n", n); } } --- 465,496 ---- /* ! * Display the active host mapping table. */ ! void showhostmap_live(fd, nsp) ! int fd; ! natstat_t *nsp; { ! ipfgeniter_t iter; ! hostmap_t hm; ! ipfobj_t obj; ! bzero((char *)&obj, sizeof(obj)); ! obj.ipfo_rev = IPFILTER_VERSION; ! obj.ipfo_type = IPFOBJ_GENITER; ! obj.ipfo_size = sizeof(iter); ! obj.ipfo_ptr = &iter; ! ! iter.igi_type = IPFGENITER_HOSTMAP; ! iter.igi_nitems = 1; ! iter.igi_data = &hm; ! printf("\nList of active host mappings:\n"); ! ! while (nsp->ns_maplist != NULL) { ! if (ioctl(fd, SIOCGENITER, &obj) == -1) ! break; ! printhostmap(&hm, 0); ! nsp->ns_maplist = hm.hm_next; } } diff -cr ip_fil4.1.13/tools/ipnat_y.y ip_fil4.1.14/tools/ipnat_y.y *** ip_fil4.1.13/tools/ipnat_y.y Sat Mar 18 00:59:09 2006 --- ip_fil4.1.14/tools/ipnat_y.y Sat Aug 26 21:21:14 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2001-2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version diff -cr ip_fil4.1.13/tools/ippool.c ip_fil4.1.14/tools/ippool.c *** ip_fil4.1.13/tools/ippool.c Tue Feb 1 14:35:07 2005 --- ip_fil4.1.14/tools/ippool.c Sat Aug 26 21:21:14 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ *************** *** 27,34 **** --- 27,40 ---- #include #include #include + #ifdef linux + # include + #else + # include + #endif #include "ipf.h" + #include "ipl.h" #include "netinet/ip_lookup.h" #include "netinet/ip_pool.h" #include "netinet/ip_htable.h" *************** *** 41,57 **** extern char *optarg; extern int lineNum; - void showpools __P((ip_pool_stat_t *)); void usage __P((char *)); int main __P((int, char **)); int poolcommand __P((int, int, char *[])); int poolnodecommand __P((int, int, char *[])); int loadpoolfile __P((int, char *[], char *)); int poollist __P((int, char *[])); int poolflush __P((int, char *[])); int poolstats __P((int, char *[])); int gettype __P((char *, u_int *)); int getrole __P((char *)); int opts = 0; int fd = -1; --- 47,67 ---- extern char *optarg; extern int lineNum; void usage __P((char *)); int main __P((int, char **)); int poolcommand __P((int, int, char *[])); int poolnodecommand __P((int, int, char *[])); int loadpoolfile __P((int, char *[], char *)); int poollist __P((int, char *[])); + void poollist_dead __P((int, char *, int, char *, char *)); + void poollist_live __P((int, char *, int, int)); int poolflush __P((int, char *[])); int poolstats __P((int, char *[])); int gettype __P((char *, u_int *)); int getrole __P((char *)); + int setnodeaddr __P((ip_pool_node_t *node, char *arg)); + void showpools_live __P((int, int, ip_pool_stat_t *, char *)); + void showhashs_live __P((int, int, iphtstat_t *, char *)); int opts = 0; int fd = -1; *************** *** 113,119 **** exit(1); } ! return err; } --- 123,131 ---- exit(1); } ! if (err != 0) ! exit(1); ! return 0; } *************** *** 121,130 **** int remove, argc; char *argv[]; { - char *poolname = NULL, *s; int err, c, ipset, role; ip_pool_node_t node; - struct in_addr mask; ipset = 0; role = IPL_LOGIPF; --- 133,141 ---- int remove, argc; char *argv[]; { int err, c, ipset, role; + char *poolname = NULL; ip_pool_node_t node; ipset = 0; role = IPL_LOGIPF; *************** *** 138,159 **** ippool_yydebug++; break; case 'i' : ! s = strchr(optarg, '/'); ! if (s == NULL) ! mask.s_addr = 0xffffffff; ! else if (strchr(s, '.') == NULL) { ! if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0) ! return -1; ! } else { ! mask.s_addr = inet_addr(s + 1); ! } ! if (s != NULL) ! *s = '\0'; ! ipset = 1; ! node.ipn_addr.adf_len = sizeof(node.ipn_addr); ! node.ipn_addr.adf_addr.in4.s_addr = inet_addr(optarg); ! node.ipn_mask.adf_len = sizeof(node.ipn_mask); ! node.ipn_mask.adf_addr.in4.s_addr = mask.s_addr; break; case 'm' : poolname = optarg; --- 149,156 ---- ippool_yydebug++; break; case 'i' : ! if (setnodeaddr(&node, optarg) == 0) ! ipset = 1; break; case 'm' : poolname = optarg; *************** *** 174,184 **** break; } if (opts & OPT_DEBUG) fprintf(stderr, "poolnodecommand: opts = %#x\n", opts); ! if (ipset == 0) return -1; if (poolname == NULL) { fprintf(stderr, "poolname not given with add/remove node\n"); return -1; --- 171,189 ---- break; } + if (argv[optind] != NULL && ipset == 0) { + if (setnodeaddr(&node, argv[optind]) == 0) + ipset = 1; + } + if (opts & OPT_DEBUG) fprintf(stderr, "poolnodecommand: opts = %#x\n", opts); ! if (ipset == 0) { ! fprintf(stderr, "no IP address given with -i\n"); return -1; + } + if (poolname == NULL) { fprintf(stderr, "poolname not given with add/remove node\n"); return -1; *************** *** 336,486 **** } - int poollist(argc, argv) - int argc; - char *argv[]; - { - char *kernel, *core, *poolname; - int c, role, type, live_kernel; - ip_pool_stat_t *plstp, plstat; - iphtstat_t *htstp, htstat; - iphtable_t *hptr; - iplookupop_t op; - ip_pool_t *ptr; - - core = NULL; - kernel = NULL; - live_kernel = 1; - type = IPLT_ALL; - poolname = NULL; - role = IPL_LOGALL; - - while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1) - switch (c) - { - case 'd' : - opts |= OPT_DEBUG; - break; - case 'm' : - poolname = optarg; - break; - case 'M' : - live_kernel = 0; - core = optarg; - break; - case 'N' : - live_kernel = 0; - kernel = optarg; - break; - case 'o' : - role = getrole(optarg); - if (role == IPL_LOGNONE) { - fprintf(stderr, "unknown role '%s'\n", optarg); - return -1; - } - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 't' : - type = gettype(optarg, NULL); - if (type == IPLT_NONE) { - fprintf(stderr, "unknown type '%s'\n", optarg); - return -1; - } - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - } - - if (opts & OPT_DEBUG) - fprintf(stderr, "poollist: opts = %#x\n", opts); - - if (!(opts & OPT_DONOTHING) && (fd == -1)) { - fd = open(IPLOOKUP_NAME, O_RDWR); - if (fd == -1) { - perror("open(IPLOOKUP_NAME)"); - exit(1); - } - } - - bzero((char *)&op, sizeof(op)); - if (poolname != NULL) { - strncpy(op.iplo_name, poolname, sizeof(op.iplo_name)); - op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; - } - op.iplo_unit = role; - - if (openkmem(kernel, core) == -1) - exit(-1); - - if (type == IPLT_ALL || type == IPLT_POOL) { - plstp = &plstat; - op.iplo_type = IPLT_POOL; - op.iplo_size = sizeof(plstat); - op.iplo_struct = &plstat; - c = ioctl(fd, SIOCLOOKUPSTAT, &op); - if (c == -1) { - perror("ioctl(SIOCLOOKUPSTAT)"); - return -1; - } - - if (role != IPL_LOGALL) { - ptr = plstp->ipls_list[role]; - while (ptr != NULL) { - ptr = printpool(ptr, kmemcpywrap, poolname, - opts); - } - } else { - for (role = 0; role <= IPL_LOGMAX; role++) { - ptr = plstp->ipls_list[role]; - while (ptr != NULL) { - ptr = printpool(ptr, kmemcpywrap, - poolname, opts); - } - } - role = IPL_LOGALL; - } - } - if (type == IPLT_ALL || type == IPLT_HASH) { - htstp = &htstat; - op.iplo_type = IPLT_HASH; - op.iplo_size = sizeof(htstat); - op.iplo_struct = &htstat; - c = ioctl(fd, SIOCLOOKUPSTAT, &op); - if (c == -1) { - perror("ioctl(SIOCLOOKUPSTAT)"); - return -1; - } - - if (role != IPL_LOGALL) { - hptr = htstp->iphs_tables; - while (hptr != NULL) { - hptr = printhash(hptr, kmemcpywrap, - poolname, opts); - } - } else { - for (role = 0; role <= IPL_LOGMAX; role++) { - hptr = htstp->iphs_tables; - while (hptr != NULL) { - hptr = printhash(hptr, kmemcpywrap, - poolname, opts); - } - - op.iplo_unit = role; - c = ioctl(fd, SIOCLOOKUPSTAT, &op); - if (c == -1) { - perror("ioctl(SIOCLOOKUPSTAT)"); - return -1; - } - } - } - } - return 0; - } - - int poolstats(argc, argv) int argc; char *argv[]; --- 341,346 ---- *************** *** 681,687 **** { int type; ! if (!strcasecmp(optarg, "tree")) { type = IPLT_POOL; } else if (!strcasecmp(optarg, "hash")) { type = IPLT_HASH; --- 541,547 ---- { int type; ! if (!strcasecmp(optarg, "tree") || !strcasecmp(optarg, "pool")) { type = IPLT_POOL; } else if (!strcasecmp(optarg, "hash")) { type = IPLT_HASH; *************** *** 696,698 **** --- 556,876 ---- } return type; } + + + int poollist(argc, argv) + int argc; + char *argv[]; + { + char *kernel, *core, *poolname; + int c, role, type, live_kernel; + iplookupop_t op; + + core = NULL; + kernel = NULL; + live_kernel = 1; + type = IPLT_ALL; + poolname = NULL; + role = IPL_LOGALL; + + while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1) + switch (c) + { + case 'd' : + opts |= OPT_DEBUG; + break; + case 'm' : + poolname = optarg; + break; + case 'M' : + live_kernel = 0; + core = optarg; + break; + case 'N' : + live_kernel = 0; + kernel = optarg; + break; + case 'o' : + role = getrole(optarg); + if (role == IPL_LOGNONE) { + fprintf(stderr, "unknown role '%s'\n", optarg); + return -1; + } + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; + case 't' : + type = gettype(optarg, NULL); + if (type == IPLT_NONE) { + fprintf(stderr, "unknown type '%s'\n", optarg); + return -1; + } + break; + case 'v' : + opts |= OPT_VERBOSE; + break; + } + + if (opts & OPT_DEBUG) + fprintf(stderr, "poollist: opts = %#x\n", opts); + + if (!(opts & OPT_DONOTHING) && (fd == -1)) { + fd = open(IPLOOKUP_NAME, O_RDWR); + if (fd == -1) { + perror("open(IPLOOKUP_NAME)"); + exit(1); + } + } + + bzero((char *)&op, sizeof(op)); + if (poolname != NULL) { + strncpy(op.iplo_name, poolname, sizeof(op.iplo_name)); + op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; + } + op.iplo_unit = role; + + if (live_kernel) + poollist_live(role, poolname, type, fd); + else + poollist_dead(role, poolname, type, kernel, core); + return 0; + } + + + void poollist_dead(role, poolname, type, kernel, core) + int role, type; + char *poolname, *kernel, *core; + { + iphtable_t *hptr; + ip_pool_t *ptr; + + if (openkmem(kernel, core) == -1) + exit(-1); + + if (type == IPLT_ALL || type == IPLT_POOL) { + ip_pool_t *pools[IPL_LOGSIZE]; + struct nlist names[2] = { { "ip_pool_list" } , { "" } }; + + if (nlist(kernel, names) != 1) + return; + + bzero(&pools, sizeof(pools)); + if (kmemcpy((char *)&pools, names[0].n_value, sizeof(pools))) + return; + + if (role != IPL_LOGALL) { + ptr = pools[role]; + while (ptr != NULL) { + ptr = printpool(ptr, kmemcpywrap, poolname, + opts); + } + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + ptr = pools[role]; + while (ptr != NULL) { + ptr = printpool(ptr, kmemcpywrap, + poolname, opts); + } + } + role = IPL_LOGALL; + } + } + if (type == IPLT_ALL || type == IPLT_HASH) { + iphtable_t *tables[IPL_LOGSIZE]; + struct nlist names[2] = { { "ipf_htables" } , { "" } }; + + if (nlist(kernel, names) != 1) + return; + + bzero(&tables, sizeof(tables)); + if (kmemcpy((char *)&tables, names[0].n_value, sizeof(tables))) + return; + + if (role != IPL_LOGALL) { + hptr = tables[role]; + while (hptr != NULL) { + hptr = printhash(hptr, kmemcpywrap, + poolname, opts); + } + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + hptr = tables[role]; + while (hptr != NULL) { + hptr = printhash(hptr, kmemcpywrap, + poolname, opts); + } + } + } + } + } + + + void poollist_live(role, poolname, type, fd) + int role, type, fd; + char *poolname; + { + ip_pool_stat_t plstat; + iphtstat_t htstat; + iplookupop_t op; + int c; + + if (type == IPLT_ALL || type == IPLT_POOL) { + op.iplo_type = IPLT_POOL; + op.iplo_size = sizeof(plstat); + op.iplo_struct = &plstat; + op.iplo_name[0] = '\0'; + op.iplo_arg = 0; + + if (role != IPL_LOGALL) { + op.iplo_unit = role; + + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + + showpools_live(fd, role, &plstat, poolname); + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + op.iplo_unit = role; + + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + + showpools_live(fd, role, &plstat, poolname); + } + + role = IPL_LOGALL; + } + } + + if (type == IPLT_ALL || type == IPLT_HASH) { + op.iplo_type = IPLT_HASH; + op.iplo_size = sizeof(htstat); + op.iplo_struct = &htstat; + op.iplo_name[0] = '\0'; + op.iplo_arg = 0; + + if (role != IPL_LOGALL) { + op.iplo_unit = role; + + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + showhashs_live(fd, role, &htstat, poolname); + } else { + for (role = 0; role <= IPL_LOGMAX; role++) { + + op.iplo_unit = role; + c = ioctl(fd, SIOCLOOKUPSTAT, &op); + if (c == -1) { + perror("ioctl(SIOCLOOKUPSTAT)"); + return; + } + + showhashs_live(fd, role, &htstat, poolname); + } + } + } + } + + + void showpools_live(fd, role, plstp, poolname) + int fd, role; + ip_pool_stat_t *plstp; + char *poolname; + { + ipflookupiter_t iter; + ip_pool_t pool; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_LOOKUPITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.ili_type = IPLT_POOL; + iter.ili_otype = IPFLOOKUPITER_LIST; + iter.ili_ival = IPFGENITER_LOOKUP; + iter.ili_nitems = 1; + iter.ili_data = &pool; + iter.ili_unit = role; + *iter.ili_name = '\0'; + + while (plstp->ipls_list[role] != NULL) { + if (ioctl(fd, SIOCLOOKUPITER, &obj)) { + perror("ioctl(SIOCLOOKUPITER)"); + break; + } + printpool_live(&pool, fd, poolname, opts); + + plstp->ipls_list[role] = pool.ipo_next; + } + } + + + void showhashs_live(fd, role, htstp, poolname) + int fd, role; + iphtstat_t *htstp; + char *poolname; + { + ipflookupiter_t iter; + iphtable_t table; + ipfobj_t obj; + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_LOOKUPITER; + obj.ipfo_size = sizeof(iter); + obj.ipfo_ptr = &iter; + + iter.ili_type = IPLT_HASH; + iter.ili_otype = IPFLOOKUPITER_LIST; + iter.ili_ival = IPFGENITER_LOOKUP; + iter.ili_nitems = 1; + iter.ili_data = &table; + iter.ili_unit = role; + *iter.ili_name = '\0'; + + while (htstp->iphs_tables != NULL) { + if (ioctl(fd, SIOCLOOKUPITER, &obj)) { + perror("ioctl(SIOCLOOKUPITER)"); + break; + } + + printhash_live(&table, fd, poolname, opts); + + htstp->iphs_tables = table.iph_next; + } + } + + + int setnodeaddr(ip_pool_node_t *node, char *arg) + { + struct in_addr mask; + char *s; + + s = strchr(arg, '/'); + if (s == NULL) + mask.s_addr = 0xffffffff; + else if (strchr(s, '.') == NULL) { + if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0) + return -1; + } else { + mask.s_addr = inet_addr(s + 1); + } + if (s != NULL) + *s = '\0'; + node->ipn_addr.adf_len = sizeof(node->ipn_addr); + node->ipn_addr.adf_addr.in4.s_addr = inet_addr(arg); + node->ipn_mask.adf_len = sizeof(node->ipn_mask); + node->ipn_mask.adf_addr.in4.s_addr = mask.s_addr; + + return 0; + } diff -cr ip_fil4.1.13/tools/ippool_y.y ip_fil4.1.14/tools/ippool_y.y *** ip_fil4.1.13/tools/ippool_y.y Tue Feb 1 13:39:32 2005 --- ip_fil4.1.14/tools/ippool_y.y Sun Aug 27 01:02:11 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2001-2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include #include *************** *** 32,37 **** --- 37,43 ---- #include "kmem.h" #define YYDEBUG 1 + #define YYSTACKSIZE 0x00ffffff extern int yyparse __P((void)); extern int yydebug; *************** *** 43,48 **** --- 49,57 ---- static ioctlfunc_t poolioctl = NULL; static char poolname[FR_GROUPLEN]; + static iphtent_t *add_htablehosts __P((char *)); + static ip_pool_node_t *add_poolhosts __P((char *)); + %} %union { *************** *** 246,251 **** --- 255,261 ---- FR_GROUPLEN); free($3); } + | YY_STR { $$ = add_htablehosts($1); } ; range: addrmask { $$ = calloc(1, sizeof(*$$)); *************** *** 262,267 **** --- 272,278 ---- $$->ipn_mask.adf_len = sizeof($$->ipn_mask); $$->ipn_mask.adf_addr.in4.s_addr = $2[1].s_addr; } + | YY_STR { $$ = add_poolhosts($1); } hashlist: next { $$ = NULL; } *************** *** 278,283 **** --- 289,295 ---- (char *)&($$->ipe_mask), sizeof($$->ipe_mask)); } + | YY_STR { $$ = add_htablehosts($1); } ; addrmask: *************** *** 291,299 **** ipaddr: ipv4 { $$ = $1; } | YY_NUMBER { $$.s_addr = htonl($1); } - | YY_STR { if (gethost($1, &($$.s_addr)) == -1) - yyerror("Unknown hostname"); - } ; mask: YY_NUMBER { ntomask(4, $1, (u_32_t *)&$$.s_addr); } --- 303,308 ---- *************** *** 411,413 **** --- 420,519 ---- yyparse(); return 1; } + + + static iphtent_t * + add_htablehosts(url) + char *url; + { + iphtent_t *htop, *hbot, *h; + alist_t *a, *hlist; + + if (!strncmp(url, "file://", 7) || !strncmp(url, "http://", 7)) { + hlist = load_url(url); + } else { + use_inet6 = 0; + + hlist = calloc(1, sizeof(*hlist)); + if (hlist == NULL) + return NULL; + + if (gethost(url, &hlist->al_addr) == -1) + yyerror("Unknown hostname"); + } + + hbot = NULL; + htop = NULL; + + for (a = hlist; a != NULL; a = a->al_next) { + h = calloc(1, sizeof(*h)); + if (h == NULL) + break; + + bcopy((char *)&a->al_addr, (char *)&h->ipe_addr, + sizeof(h->ipe_addr)); + bcopy((char *)&a->al_mask, (char *)&h->ipe_mask, + sizeof(h->ipe_mask)); + + if (hbot != NULL) + hbot->ipe_next = h; + else + htop = h; + hbot = h; + } + + alist_free(hlist); + + return htop; + } + + + static ip_pool_node_t * + add_poolhosts(url) + char *url; + { + ip_pool_node_t *ptop, *pbot, *p; + alist_t *a, *hlist; + + if (!strncmp(url, "file://", 7) || !strncmp(url, "http://", 7)) { + hlist = load_url(url); + } else { + use_inet6 = 0; + + hlist = calloc(1, sizeof(*hlist)); + if (hlist == NULL) + return NULL; + + if (gethost(url, &hlist->al_addr) == -1) + yyerror("Unknown hostname"); + } + + pbot = NULL; + ptop = NULL; + + for (a = hlist; a != NULL; a = a->al_next) { + p = calloc(1, sizeof(*p)); + if (p == NULL) + break; + + p->ipn_addr.adf_len = 8; + p->ipn_mask.adf_len = 8; + + p->ipn_info = a->al_not; + + bcopy((char *)&a->al_addr, (char *)&p->ipn_addr.adf_addr, + sizeof(p->ipn_addr.adf_addr)); + bcopy((char *)&a->al_mask, (char *)&p->ipn_mask.adf_addr, + sizeof(p->ipn_mask.adf_addr)); + + if (pbot != NULL) + pbot->ipn_next = p; + else + ptop = p; + pbot = p; + } + + alist_free(hlist); + + return ptop; + } diff -cr ip_fil4.1.13/tools/ipscan_y.y ip_fil4.1.14/tools/ipscan_y.y *** ip_fil4.1.13/tools/ipscan_y.y Fri Dec 10 06:41:27 2004 --- ip_fil4.1.14/tools/ipscan_y.y Sat Aug 26 21:21:14 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2001-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ %{ #include #include diff -cr ip_fil4.1.13/tools/ipsyncm.c ip_fil4.1.14/tools/ipsyncm.c *** ip_fil4.1.13/tools/ipsyncm.c Mon Mar 27 12:09:46 2006 --- ip_fil4.1.14/tools/ipsyncm.c Sat Aug 26 21:21:14 2006 *************** *** 1,11 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.4 2006/03/27 02:09:46 darrenr Exp $"; #endif #include #include --- 1,11 ---- /* ! * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.5 2006/08/26 11:21:14 darrenr Exp $"; #endif #include #include diff -cr ip_fil4.1.13/tools/ipsyncs.c ip_fil4.1.14/tools/ipsyncs.c *** ip_fil4.1.13/tools/ipsyncs.c Mon Mar 27 12:09:47 2006 --- ip_fil4.1.14/tools/ipsyncs.c Sat Aug 26 21:21:15 2006 *************** *** 1,11 **** /* ! * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.3 2006/03/27 02:09:47 darrenr Exp $"; #endif #include #include --- 1,11 ---- /* ! * Copyright (C) 2001-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.4 2006/08/26 11:21:15 darrenr Exp $"; #endif #include #include diff -cr ip_fil4.1.13/tools/lex_var.h ip_fil4.1.14/tools/lex_var.h *** ip_fil4.1.13/tools/lex_var.h Fri Apr 12 00:56:34 2002 --- ip_fil4.1.14/tools/lex_var.h Sat Aug 26 21:21:15 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ extern long string_start; extern long string_end; diff -cr ip_fil4.1.13/tools/lexer.c ip_fil4.1.14/tools/lexer.c *** ip_fil4.1.13/tools/lexer.c Wed Mar 22 03:15:42 2006 --- ip_fil4.1.14/tools/lexer.c Sat Aug 26 21:21:15 2006 *************** *** 1,5 **** /* ! * Copyright (C) 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ --- 1,5 ---- /* ! * Copyright (C) 2002-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ diff -cr ip_fil4.1.13/tools/lexer.h ip_fil4.1.14/tools/lexer.h *** ip_fil4.1.13/tools/lexer.h Sat Apr 17 09:58:26 2004 --- ip_fil4.1.14/tools/lexer.h Sat Aug 26 21:21:15 2006 *************** *** 1,3 **** --- 1,8 ---- + /* + * Copyright (C) 2002-2004 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ typedef struct wordtab { char *w_word; diff -cr ip_fil4.1.13/tru64.c ip_fil4.1.14/tru64.c *** ip_fil4.1.13/tru64.c Sat Aug 20 23:48:26 2005 --- ip_fil4.1.14/tru64.c Fri Jul 14 16:12:23 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: tru64.c,v 2.11.2.5 2005/08/20 13:48:26 darrenr Exp $"; #endif #include #include --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: tru64.c,v 2.11.2.6 2006/07/14 06:12:23 darrenr Exp $"; #endif #include #include *************** *** 638,649 **** RWLOCK_INIT(&ipf_frcache, 1); ipftru64_inited = 1; ! status = iplattach(); #ifdef IPFDEBUG ! printf("iplattach() = %d\n", status); #endif if (status != ESUCCESS) { ! (void) ipldetach(); return status; } --- 638,649 ---- RWLOCK_INIT(&ipf_frcache, 1); ipftru64_inited = 1; ! status = ipfattach(); #ifdef IPFDEBUG ! printf("ipfattach() = %d\n", status); #endif if (status != ESUCCESS) { ! (void) ipfdetach(); return status; } *************** *** 788,796 **** } if ((status == ESUCCESS) && (ipfilter_registered > 0)) { ! status = ipldetach(); #ifdef IPFDEBUG ! printf("ipldetach() = %d\n", status); #endif ipfilter_registered = 0; } --- 788,796 ---- } if ((status == ESUCCESS) && (ipfilter_registered > 0)) { ! status = ipfdetach(); #ifdef IPFDEBUG ! printf("ipfdetach() = %d\n", status); #endif ipfilter_registered = 0; }