diff -cr ip_fil4.1.16/BSD/Makefile ip_fil4.1.17/BSD/Makefile *** ip_fil4.1.16/BSD/Makefile Sun Apr 2 06:09:43 2006 --- ip_fil4.1.17/BSD/Makefile Tue Dec 26 14:53:05 2006 *************** *** 514,519 **** --- 514,522 ---- $(INSTALL) -cs -g wheel -m 755 -o root $$p $$def; \ fi \ done + if [ -d /etc/rc.d ] ; then \ + $(INSTALL) -c -g wheel -m 755 -o root ../ipfadm-rcd $(SBINDEST)/ipfadm; \ + fi (cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP)) coverage: Only in ip_fil4.1.17/BSD: ipfadm-rcd diff -cr ip_fil4.1.16/HISTORY ip_fil4.1.17/HISTORY *** ip_fil4.1.16/HISTORY Tue Dec 19 04:07:40 2006 --- ip_fil4.1.17/HISTORY Thu Jan 18 11:21:37 2007 *************** *** 10,15 **** --- 10,24 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 4.1.17 - Released 20 January 2007 + + make flushing pools that are still in use mark them for deletion and + have attempting to recreate them clear the delete flag + + walking through the NAT tables with ioctls caused lock recursion + + fix tracking TCP window scaling in the state code + 4.1.16 - Released 20 December 2006 allow rdr rules to only differ on the new port number diff -cr ip_fil4.1.16/HPUX/ipf.psf.dist ip_fil4.1.17/HPUX/ipf.psf.dist *** ip_fil4.1.16/HPUX/ipf.psf.dist Tue Dec 19 04:07:40 2006 --- ip_fil4.1.17/HPUX/ipf.psf.dist Thu Jan 18 11:21:37 2007 *************** *** 6,12 **** # # Description: PSF for IP FIlter 4.2 # ! # $Id: ipf.psf.dist,v 1.1.2.18 2006/12/18 17:07:40 darrenr Exp $ # The vendor definition here applies to all subsequently defined products. --- 6,12 ---- # # Description: PSF for IP FIlter 4.2 # ! # $Id: ipf.psf.dist,v 1.1.2.19 2007/01/18 00:21:37 darrenr Exp $ # The vendor definition here applies to all subsequently defined products. *************** *** 26,32 **** tag IPF title IP Filter 4.2 description Firewall/NAT ! revision A.04.01.16 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX --- 26,32 ---- tag IPF title IP Filter 4.2 description Firewall/NAT ! revision A.04.01.17 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX *************** *** 37,43 **** is_reference false vendor_tag IPFilter hp_srdo swtype=O;user=B;bundle_type=O ! contents IPF-RUN,r=A.04.01.16,a=HP-UX_HPREV_32/64,v=IPFilter end # bundle IPF # Product definition(s): --- 37,43 ---- is_reference false vendor_tag IPFilter hp_srdo swtype=O;user=B;bundle_type=O ! contents IPF-RUN,r=A.04.01.17,a=HP-UX_HPREV_32/64,v=IPFilter end # bundle IPF # Product definition(s): *************** *** 46,52 **** title IP Filter 4.2 description Firewall/NAT copyright < ../../SunOS5/copyright ! revision A.04.01.16 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX --- 46,52 ---- title IP Filter 4.2 description Firewall/NAT copyright < ../../SunOS5/copyright ! revision A.04.01.17 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX *************** *** 70,76 **** tag IPF-ALL title IP Filter 4.2 : IPF-ALL description < ../IPF-ALL/description ! revision A.04.01.16 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX --- 70,76 ---- tag IPF-ALL title IP Filter 4.2 : IPF-ALL description < ../IPF-ALL/description ! revision A.04.01.17 architecture HP-UX_HPREV_32/64 machine_type 9000/[678]??:* os_name HP-UX diff -cr ip_fil4.1.16/Linux/ipfilter.spec.dist ip_fil4.1.17/Linux/ipfilter.spec.dist *** ip_fil4.1.16/Linux/ipfilter.spec.dist Tue Dec 19 04:07:40 2006 --- ip_fil4.1.17/Linux/ipfilter.spec.dist Thu Jan 18 11:21:37 2007 *************** *** 1,6 **** Summary: IP Filter Software Name: ipfilter ! Version: 4.1.16 Release: 1 Copyright: Copyright 2006 Darren Reed Group: System Environment/Base --- 1,6 ---- Summary: IP Filter Software Name: ipfilter ! Version: 4.1.17 Release: 1 Copyright: Copyright 2006 Darren Reed Group: System Environment/Base diff -cr ip_fil4.1.16/SunOS5/pkginfo ip_fil4.1.17/SunOS5/pkginfo *** ip_fil4.1.16/SunOS5/pkginfo Tue Dec 19 04:07:40 2006 --- ip_fil4.1.17/SunOS5/pkginfo Thu Jan 18 11:21:37 2007 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=4.1.16 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=ARCH_updated_by_sed_when_package_is_built ! VERSION=4.1.17 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil4.1.16/SunOS5/prototype_amd64 ip_fil4.1.17/SunOS5/prototype_amd64 *** ip_fil4.1.16/SunOS5/prototype_amd64 Sat Aug 20 23:42:02 2005 --- ip_fil4.1.17/SunOS5/prototype_amd64 Tue Jan 16 21:45:37 2007 *************** *** 1,6 **** i pkginfo i copyright=../copyright ! default 0755 root root d none /usr ? ? ? d none /usr/kernel ? ? ? d none /usr/kernel/drv ? ? ? --- 1,6 ---- i pkginfo i copyright=../copyright ! !default 0755 root root d none /usr ? ? ? d none /usr/kernel ? ? ? d none /usr/kernel/drv ? ? ? diff -cr ip_fil4.1.16/fil.c ip_fil4.1.17/fil.c *** ip_fil4.1.16/fil.c Mon Dec 18 16:00:05 2006 --- ip_fil4.1.17/fil.c Wed Jan 17 22:34:54 2007 *************** *** 144,150 **** #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.243.2.93 2006/12/18 05:00:05 darrenr Exp $"; #endif #ifndef _KERNEL --- 144,150 ---- #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.243.2.95 2007/01/17 11:34:54 darrenr Exp $"; #endif #ifndef _KERNEL *************** *** 324,330 **** { "fr_srcgrpmap", fr_srcgrpmap, fr_grpmapinit }, { "fr_dstgrpmap", fr_dstgrpmap, fr_grpmapinit }, #endif ! { "", NULL } }; --- 324,330 ---- { "fr_srcgrpmap", fr_srcgrpmap, fr_grpmapinit }, { "fr_dstgrpmap", fr_dstgrpmap, fr_grpmapinit }, #endif ! { "", NULL, NULL } }; *************** *** 3110,3116 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.243.2.93 2006/12/18 05:00:05 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 3110,3116 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.243.2.95 2007/01/17 11:34:54 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, *************** *** 4205,4220 **** fprev = &fg->fg_start; } - ftail = fprev; - for (f = *ftail; (f = *ftail) != NULL; ftail = &f->fr_next) { - if (fp->fr_collect <= f->fr_collect) { - ftail = fprev; - f = NULL; - break; - } - fprev = ftail; - } - /* * Copy in extra data for the rule. */ --- 4205,4210 ---- *************** *** 4357,4362 **** --- 4347,4366 ---- fp->fr_cksum += *p; WRITE_ENTER(&ipf_mutex); + + /* + * Now that the filter rule lists are locked, we can walk the + * chain of them without fear. + */ + ftail = fprev; + for (f = *ftail; (f = *ftail) != NULL; ftail = &f->fr_next) { + if (fp->fr_collect <= f->fr_collect) { + ftail = fprev; + f = NULL; + break; + } + fprev = ftail; + } bzero((char *)frcache, sizeof(frcache)); for (; (f = *ftail) != NULL; ftail = &f->fr_next) { *************** *** 6728,6733 **** --- 6732,6738 ---- next->fr_ref++; MUTEX_EXIT(&next->fr_lock); if (next->fr_next == NULL) { + t->ipt_data = next; ipf_freetoken(t); fr = NULL; } *************** *** 6737,6742 **** --- 6742,6748 ---- ipf_freetoken(t); fr = NULL; count = 1; + t->ipt_data = next; } RWLOCK_EXIT(&ipf_mutex); *************** *** 6744,6750 **** (void) fr_derefrule(&fr); } - t->ipt_data = next; error = COPYOUT(next, dst, sizeof(*next)); if (error != 0) return EFAULT; --- 6750,6755 ---- diff -cr ip_fil4.1.16/ip_compat.h ip_fil4.1.17/ip_compat.h *** ip_fil4.1.16/ip_compat.h Sat Oct 28 16:56:02 2006 --- ip_fil4.1.17/ip_compat.h Wed Jan 17 22:34:54 2007 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.142.2.40 2006/10/28 06:56:02 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.142.2.41 2007/01/17 11:34:54 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ *************** *** 1729,1735 **** # define IP_HL(x) (x)->ip_hl #endif #ifndef IP_HL_A ! # define IP_HL_A(x,y) (x)->ip_hl = (y) #endif #ifndef TCP_X2 # define TCP_X2(x) (x)->th_x2 --- 1729,1735 ---- # define IP_HL(x) (x)->ip_hl #endif #ifndef IP_HL_A ! # define IP_HL_A(x,y) (x)->ip_hl = ((y) & 0xf) #endif #ifndef TCP_X2 # define TCP_X2(x) (x)->th_x2 diff -cr ip_fil4.1.16/ip_frag.h ip_fil4.1.17/ip_frag.h *** ip_fil4.1.16/ip_frag.h Sun Jul 23 06:55:30 2006 --- ip_fil4.1.17/ip_frag.h Sat Dec 23 22:11:47 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_frag.h 1.5 3/24/96 ! * $Id: ip_frag.h,v 2.23.2.4 2006/07/22 20:55:30 darrenr Exp $ */ #ifndef __IP_FRAG_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_frag.h 1.5 3/24/96 ! * $Id: ip_frag.h,v 2.23.2.5 2006/12/23 11:11:47 darrenr Exp $ */ #ifndef __IP_FRAG_H__ *************** *** 16,21 **** --- 16,31 ---- struct ipfr *ipfr_hnext, **ipfr_hprev; struct ipfr *ipfr_next, **ipfr_prev; void *ipfr_data; + frentry_t *ipfr_rule; + u_long ipfr_ttl; + int ipfr_ref; + u_short ipfr_off; + u_short ipfr_seen0; + /* + * All of the fields, from ipfr_ifp to ipfr_pass, are compared + * using bcmp to see if an identical entry is present. It is + * therefore important for this set to remain together. + */ void *ipfr_ifp; struct in_addr ipfr_src; struct in_addr ipfr_dst; *************** *** 26,36 **** u_char ipfr_p; u_char ipfr_tos; u_32_t ipfr_pass; - u_short ipfr_off; - u_char ipfr_ttl; - u_char ipfr_seen0; - frentry_t *ipfr_rule; - int ipfr_ref; } ipfr_t; --- 36,41 ---- diff -cr ip_fil4.1.16/ip_htable.c ip_fil4.1.17/ip_htable.c *** ip_fil4.1.16/ip_htable.c Sat Aug 26 16:28:56 2006 --- ip_fil4.1.17/ip_htable.c Wed Jan 17 14:16:53 2007 *************** *** 51,57 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_htable.c,v 2.34.2.6 2006/08/26 06:28:56 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP --- 51,57 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_htable.c,v 2.34.2.8 2007/01/17 03:16:53 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP *************** *** 101,130 **** char name[FR_GROUPLEN]; int err, i, unit; ! KMALLOC(iph, iphtable_t *); ! if (iph == NULL) { ! ipht_nomem[op->iplo_unit]++; ! return ENOMEM; ! } ! err = COPYIN(op->iplo_struct, iph, sizeof(*iph)); ! if (err != 0) { ! KFREE(iph); ! return EFAULT; } - unit = op->iplo_unit; if (iph->iph_unit != unit) { ! KFREE(iph); return EINVAL; } ! if ((op->iplo_arg & IPHASH_ANON) == 0) { ! if (fr_findhtable(unit, op->iplo_name) != NULL) { ! KFREE(iph); ! return EEXIST; ! } ! } else { i = IPHASH_ANON; do { i++; --- 101,136 ---- char name[FR_GROUPLEN]; int err, i, unit; ! unit = op->iplo_unit; ! if ((op->iplo_arg & IPHASH_ANON) == 0) ! iph = fr_existshtable(unit, op->iplo_name); ! else ! iph = NULL; ! if (iph == NULL) { ! KMALLOC(iph, iphtable_t *); ! if (iph == NULL) { ! ipht_nomem[op->iplo_unit]++; ! return ENOMEM; ! } ! err = COPYIN(op->iplo_struct, iph, sizeof(*iph)); ! if (err != 0) { ! KFREE(iph); ! return EFAULT; ! } ! } else { ! if ((iph->iph_flags & IPHASH_DELETE) == 0) ! return EEXIST; } if (iph->iph_unit != unit) { ! if ((iph->iph_flags & IPHASH_DELETE) == 0) { ! KFREE(iph); ! } return EINVAL; } ! if ((op->iplo_arg & IPHASH_ANON) != 0) { i = IPHASH_ANON; do { i++; *************** *** 145,170 **** iph->iph_type |= IPHASH_ANON; } ! KMALLOCS(iph->iph_table, iphtent_t **, ! iph->iph_size * sizeof(*iph->iph_table)); ! if (iph->iph_table == NULL) { ! KFREE(iph); ! ipht_nomem[unit]++; ! return ENOMEM; ! } ! bzero((char *)iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); ! iph->iph_masks = 0; ! iph->iph_list = NULL; ! ! iph->iph_ref = 1; ! iph->iph_next = ipf_htables[unit]; ! iph->iph_pnext = &ipf_htables[unit]; ! if (ipf_htables[unit] != NULL) ! ipf_htables[unit]->iph_pnext = &iph->iph_next; ! ipf_htables[unit] = iph; ! ipf_nhtables[unit]++; return 0; } --- 151,183 ---- iph->iph_type |= IPHASH_ANON; } ! if ((iph->iph_flags & IPHASH_DELETE) == 0) { ! KMALLOCS(iph->iph_table, iphtent_t **, ! iph->iph_size * sizeof(*iph->iph_table)); ! if (iph->iph_table == NULL) { ! if ((iph->iph_flags & IPHASH_DELETE) == 0) { ! KFREE(iph); ! } ! ipht_nomem[unit]++; ! return ENOMEM; ! } ! bzero((char *)iph->iph_table, ! iph->iph_size * sizeof(*iph->iph_table)); ! iph->iph_masks = 0; ! iph->iph_list = NULL; ! iph->iph_ref = 1; ! iph->iph_next = ipf_htables[unit]; ! iph->iph_pnext = &ipf_htables[unit]; ! if (ipf_htables[unit] != NULL) ! ipf_htables[unit]->iph_pnext = &iph->iph_next; ! ipf_htables[unit] = iph; ! ! ipf_nhtables[unit]++; ! } ! ! iph->iph_flags &= ~IPHASH_DELETE; return 0; } *************** *** 172,192 **** /* */ ! int fr_removehtable(op) ! iplookupop_t *op; { iphtable_t *iph; ! iph = fr_findhtable(op->iplo_unit, op->iplo_name); if (iph == NULL) return ESRCH; ! if (iph->iph_unit != op->iplo_unit) { return EINVAL; } if (iph->iph_ref != 0) { ! return EBUSY; } fr_delhtable(iph); --- 185,208 ---- /* */ ! int fr_removehtable(unit, name) ! int unit; ! char *name; { iphtable_t *iph; ! iph = fr_findhtable(unit, name); if (iph == NULL) return ESRCH; ! if (iph->iph_unit != unit) { return EINVAL; } if (iph->iph_ref != 0) { ! (void) fr_clearhtable(iph); ! iph->iph_flags |= IPHASH_DELETE; ! return 0; } fr_delhtable(iph); *************** *** 195,208 **** } ! void fr_delhtable(iph) iphtable_t *iph; { iphtent_t *ipe; while ((ipe = iph->iph_list) != NULL) if (fr_delhtent(iph, ipe) != 0) ! return; if (iph->iph_pnext != NULL) *iph->iph_pnext = iph->iph_next; --- 211,234 ---- } ! int fr_clearhtable(iph) iphtable_t *iph; { iphtent_t *ipe; while ((ipe = iph->iph_list) != NULL) if (fr_delhtent(iph, ipe) != 0) ! return 1; ! return 0; ! } ! ! ! int fr_delhtable(iph) ! iphtable_t *iph; ! { ! ! if (fr_clearhtable(iph) != 0) ! return 1; if (iph->iph_pnext != NULL) *iph->iph_pnext = iph->iph_next; *************** *** 211,217 **** ipf_nhtables[iph->iph_unit]--; ! fr_derefhtable(iph); } --- 237,243 ---- ipf_nhtables[iph->iph_unit]--; ! return fr_derefhtable(iph); } *************** *** 246,281 **** break; } ! fr_derefhtent(ipe); ! ! return 0; } ! void fr_derefhtable(iph) iphtable_t *iph; { iph->iph_ref--; if (iph->iph_ref == 0) { KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); KFREE(iph); } } ! void fr_derefhtent(ipe) iphtent_t *ipe; { ipe->ipe_ref--; if (ipe->ipe_ref == 0) { ipf_nhtnodes[ipe->ipe_unit]--; KFREE(ipe); } } ! iphtable_t *fr_findhtable(unit, name) int unit; char *name; { --- 272,316 ---- break; } ! return fr_derefhtent(ipe); } ! int fr_derefhtable(iph) iphtable_t *iph; { + int refs; + iph->iph_ref--; + refs = iph->iph_ref; + if (iph->iph_ref == 0) { KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); KFREE(iph); } + + return refs; } ! int fr_derefhtent(ipe) iphtent_t *ipe; { + ipe->ipe_ref--; if (ipe->ipe_ref == 0) { ipf_nhtnodes[ipe->ipe_unit]--; KFREE(ipe); + + return 0; } + + return ipe->ipe_ref; } ! iphtable_t *fr_existshtable(unit, name) int unit; char *name; { *************** *** 288,293 **** --- 323,342 ---- } + iphtable_t *fr_findhtable(unit, name) + int unit; + char *name; + { + iphtable_t *iph; + + iph = fr_existshtable(unit, name); + if ((iph->iph_flags & IPHASH_DELETE) == 0) + return iph; + + return NULL; + } + + size_t fr_flushhtable(op) iplookupflush_t *op; { *************** *** 300,307 **** for (i = 0; i <= IPL_LOGMAX; i++) { if (op->iplf_unit == i || op->iplf_unit == IPL_LOGALL) { while ((iph = ipf_htables[i]) != NULL) { ! fr_delhtable(iph); ! freed++; } } } --- 349,359 ---- for (i = 0; i <= IPL_LOGMAX; i++) { if (op->iplf_unit == i || op->iplf_unit == IPL_LOGALL) { while ((iph = ipf_htables[i]) != NULL) { ! if (fr_delhtable(iph) == 0) { ! freed++; ! } else { ! iph->iph_flags |= IPHASH_DELETE; ! } } } } diff -cr ip_fil4.1.16/ip_htable.h ip_fil4.1.17/ip_htable.h *** ip_fil4.1.16/ip_htable.h Fri Jul 14 16:12:13 2006 --- ip_fil4.1.17/ip_htable.h Wed Jan 17 14:16:53 2007 *************** *** 42,47 **** --- 42,48 ---- /* iph_type */ #define IPHASH_LOOKUP 0 #define IPHASH_GROUPMAP 1 + #define IPHASH_DELETE 2 #define IPHASH_ANON 0x80000000 *************** *** 56,71 **** extern iphtable_t *ipf_htables[IPL_LOGSIZE]; extern void fr_htable_unload __P((void)); extern int fr_newhtable __P((iplookupop_t *)); extern iphtable_t *fr_findhtable __P((int, char *)); ! extern int fr_removehtable __P((iplookupop_t *)); extern size_t fr_flushhtable __P((iplookupflush_t *)); extern int fr_addhtent __P((iphtable_t *, iphtent_t *)); extern int fr_delhtent __P((iphtable_t *, iphtent_t *)); ! extern void fr_derefhtable __P((iphtable_t *)); ! extern void fr_derefhtent __P((iphtent_t *)); ! extern void fr_delhtable __P((iphtable_t *)); extern void *fr_iphmfindgroup __P((void *, void *)); extern int fr_iphmfindip __P((void *, int, void *)); extern int fr_gethtablestat __P((iplookupop_t *)); --- 57,74 ---- extern iphtable_t *ipf_htables[IPL_LOGSIZE]; + extern iphtable_t *fr_existshtable __P((int, char *)); + extern int fr_clearhtable __P((iphtable_t *)); extern void fr_htable_unload __P((void)); extern int fr_newhtable __P((iplookupop_t *)); extern iphtable_t *fr_findhtable __P((int, char *)); ! extern int fr_removehtable __P((int, char *)); extern size_t fr_flushhtable __P((iplookupflush_t *)); extern int fr_addhtent __P((iphtable_t *, iphtent_t *)); extern int fr_delhtent __P((iphtable_t *, iphtent_t *)); ! extern int fr_derefhtable __P((iphtable_t *)); ! extern int fr_derefhtent __P((iphtent_t *)); ! extern int fr_delhtable __P((iphtable_t *)); extern void *fr_iphmfindgroup __P((void *, void *)); extern int fr_iphmfindip __P((void *, int, void *)); extern int fr_gethtablestat __P((iplookupop_t *)); diff -cr ip_fil4.1.16/ip_log.c ip_fil4.1.17/ip_log.c *** ip_fil4.1.16/ip_log.c Mon Dec 18 15:57:29 2006 --- ip_fil4.1.17/ip_log.c Tue Dec 26 02:09:42 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_log.c,v 2.75.2.13 2006/12/18 04:57:29 darrenr Exp $ */ #include #if defined(KERNEL) || defined(_KERNEL) --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_log.c,v 2.75.2.14 2006/12/25 15:09:42 darrenr Exp $ */ #include #if defined(KERNEL) || defined(_KERNEL) *************** *** 151,157 **** # if defined(linux) && defined(_KERNEL) wait_queue_head_t iplh_linux[IPL_LOGSIZE]; # endif ! # if SOLARIS extern kcondvar_t iplwait; extern struct pollhead iplpollhead[IPL_LOGSIZE]; # endif --- 151,157 ---- # if defined(linux) && defined(_KERNEL) wait_queue_head_t iplh_linux[IPL_LOGSIZE]; # endif ! # if SOLARIS && defined(_KERNEL) extern kcondvar_t iplwait; extern struct pollhead iplpollhead[IPL_LOGSIZE]; # endif diff -cr ip_fil4.1.16/ip_lookup.c ip_fil4.1.17/ip_lookup.c *** ip_fil4.1.16/ip_lookup.c Fri Sep 1 23:36:17 2006 --- ip_fil4.1.17/ip_lookup.c Mon Jan 15 01:06:12 2007 *************** *** 61,67 **** /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.12 2006/09/01 13:36:17 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP --- 61,67 ---- /* END OF INCLUDES */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.13 2007/01/14 14:06:12 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP *************** *** 388,394 **** * For anonymous pools, copy back the operation struct because in the * case of success it will contain the new table's name. */ ! if ((err == 0) && ((op.iplo_arg & IPOOL_ANON) != 0)) { err = BCOPYOUT(&op, data, sizeof(op)); if (err != 0) err = EFAULT; --- 388,394 ---- * For anonymous pools, copy back the operation struct because in the * case of success it will contain the new table's name. */ ! if ((err == 0) && ((op.iplo_arg & LOOKUP_ANON) != 0)) { err = BCOPYOUT(&op, data, sizeof(op)); if (err != 0) err = EFAULT; *************** *** 421,429 **** op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; - if (op.iplo_arg & IPLT_ANON) - op.iplo_arg &= IPLT_ANON; - /* * create a new pool - fail if one already exists with * the same # --- 421,426 ---- *************** *** 431,441 **** switch (op.iplo_type) { case IPLT_POOL : ! err = ip_pool_destroy(&op); break; case IPLT_HASH : ! err = fr_removehtable(&op); break; default : --- 428,438 ---- switch (op.iplo_type) { case IPLT_POOL : ! err = ip_pool_destroy(op.iplo_unit, op.iplo_name); break; case IPLT_HASH : ! err = fr_removehtable(op.iplo_unit, op.iplo_name); break; default : diff -cr ip_fil4.1.16/ip_lookup.h ip_fil4.1.17/ip_lookup.h *** ip_fil4.1.16/ip_lookup.h Fri Jul 14 16:12:14 2006 --- ip_fil4.1.17/ip_lookup.h Mon Jan 15 01:06:12 2007 *************** *** 33,38 **** --- 33,41 ---- void *iplo_struct; } iplookupop_t; + #define LOOKUP_ANON 0x80000000 + + typedef struct iplookupflush { int iplf_type; /* IPLT_* */ int iplf_unit; /* IPL_LOG* */ diff -cr ip_fil4.1.16/ip_nat.c ip_fil4.1.17/ip_nat.c *** ip_fil4.1.16/ip_nat.c Tue Dec 19 04:04:33 2006 --- ip_fil4.1.17/ip_nat.c Tue Jan 16 13:25:19 2007 *************** *** 111,117 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.195.2.69 2006/12/18 17:04:33 darrenr Exp $"; #endif --- 111,117 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.195.2.71 2007/01/16 02:25:19 darrenr Exp $"; #endif *************** *** 1367,1378 **** aps = NULL; nat = NULL; ipnn = NULL; /* * New entry, copy in the rest of the NAT entry if it's size is more * than just the nat_t structure. */ - fr = NULL; if (ipn.ipn_dsize > sizeof(ipn)) { if (ipn.ipn_dsize > 81920) { error = ENOMEM; --- 1367,1378 ---- aps = NULL; nat = NULL; ipnn = NULL; + fr = NULL; /* * New entry, copy in the rest of the NAT entry if it's size is more * than just the nat_t structure. */ if (ipn.ipn_dsize > sizeof(ipn)) { if (ipn.ipn_dsize > 81920) { error = ENOMEM; *************** *** 4900,4907 **** --- 4900,4910 ---- ipnat_t *ipn, *nextipnat = NULL, zeroipn; nat_t *nat, *nextnat = NULL, zeronat; int error = 0, count; + ipftoken_t *freet; char *dst; + freet = NULL; + READ_ENTER(&ipf_nat); switch (itp->igi_type) *************** *** 4933,4938 **** --- 4936,4942 ---- } break; default : + RWLOCK_EXIT(&ipf_nat); return EINVAL; } *************** *** 4942,4954 **** { case IPFGENITER_HOSTMAP : if (nexthm != NULL) { - /*MUTEX_ENTER(&nexthm->hm_lock);*/ - nexthm->hm_ref++; - /*MUTEX_EXIT(&nextipnat->hm_lock);*/ if (nexthm->hm_next == NULL) { ! ipf_freetoken(t); hm = NULL; } } else { bzero(&zerohm, sizeof(zerohm)); nexthm = &zerohm; --- 4946,4961 ---- { case IPFGENITER_HOSTMAP : if (nexthm != NULL) { if (nexthm->hm_next == NULL) { ! freet = t; ! count = 1; hm = NULL; } + if (count == 1) { + /*MUTEX_ENTER(&nexthm->hm_lock);*/ + nexthm->hm_ref++; + /*MUTEX_EXIT(&nextipnat->hm_lock);*/ + } } else { bzero(&zerohm, sizeof(zerohm)); nexthm = &zerohm; *************** *** 4958,4970 **** case IPFGENITER_IPNAT : if (nextipnat != NULL) { - MUTEX_ENTER(&nextipnat->in_lock); - nextipnat->in_use++; - MUTEX_EXIT(&nextipnat->in_lock); if (nextipnat->in_next == NULL) { ! ipf_freetoken(t); ipn = NULL; ! } } else { bzero(&zeroipn, sizeof(zeroipn)); --- 4965,4979 ---- case IPFGENITER_IPNAT : if (nextipnat != NULL) { if (nextipnat->in_next == NULL) { ! freet = t; ! count = 1; ipn = NULL; ! } ! if (count == 1) { ! MUTEX_ENTER(&nextipnat->in_lock); ! nextipnat->in_use++; ! MUTEX_EXIT(&nextipnat->in_lock); } } else { bzero(&zeroipn, sizeof(zeroipn)); *************** *** 4975,4987 **** case IPFGENITER_NAT : if (nextnat != NULL) { - MUTEX_ENTER(&nextnat->nat_lock); - nextnat->nat_ref++; - MUTEX_EXIT(&nextnat->nat_lock); if (nextnat->nat_next == NULL) { ! ipf_freetoken(t); nat = NULL; } } else { bzero(&zeronat, sizeof(zeronat)); nextnat = &zeronat; --- 4984,4999 ---- case IPFGENITER_NAT : if (nextnat != NULL) { if (nextnat->nat_next == NULL) { ! count = 1; ! freet = t; nat = NULL; } + if (count == 1) { + MUTEX_ENTER(&nextnat->nat_lock); + nextnat->nat_ref++; + MUTEX_EXIT(&nextnat->nat_lock); + } } else { bzero(&zeronat, sizeof(zeronat)); nextnat = &zeronat; *************** *** 4993,4998 **** --- 5005,5015 ---- } RWLOCK_EXIT(&ipf_nat); + if (freet != NULL) { + ipf_freetoken(freet); + freet = NULL; + } + switch (itp->igi_type) { case IPFGENITER_HOSTMAP : diff -cr ip_fil4.1.16/ip_nat.h ip_fil4.1.17/ip_nat.h *** ip_fil4.1.16/ip_nat.h Wed Dec 13 03:12:58 2006 --- ip_fil4.1.17/ip_nat.h Tue Dec 19 12:59:45 2006 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.90.2.15 2006/12/12 16:12:58 darrenr Exp $ */ #ifndef __IP_NAT_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.90.2.16 2006/12/19 01:59:45 darrenr Exp $ */ #ifndef __IP_NAT_H__ *************** *** 150,156 **** #define NAT_ICMPQUERY 0x0008 /* IPN_ICMPQUERY */ #define NAT_SEARCH 0x0010 #define NAT_SLAVE 0x0020 /* Slave connection for a proxy */ ! #define NAT_NOTRULEPORT 0x0040 #define NAT_TCPUDP (NAT_TCP|NAT_UDP) #define NAT_TCPUDPICMP (NAT_TCP|NAT_UDP|NAT_ICMPERR) --- 150,156 ---- #define NAT_ICMPQUERY 0x0008 /* IPN_ICMPQUERY */ #define NAT_SEARCH 0x0010 #define NAT_SLAVE 0x0020 /* Slave connection for a proxy */ ! #define NAT_NOTRULEPORT 0x0040 /* Don't use the port # in the NAT rule */ #define NAT_TCPUDP (NAT_TCP|NAT_UDP) #define NAT_TCPUDPICMP (NAT_TCP|NAT_UDP|NAT_ICMPERR) diff -cr ip_fil4.1.16/ip_pool.c ip_fil4.1.17/ip_pool.c *** ip_fil4.1.16/ip_pool.c Fri Jul 14 16:12:16 2006 --- ip_fil4.1.17/ip_pool.c Wed Jan 17 14:16:53 2007 *************** *** 78,84 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.16 2006/07/14 06:12:16 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP --- 78,84 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.18 2007/01/17 03:16:53 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP *************** *** 90,95 **** --- 90,98 ---- # define RADIX_NODE_HEAD_UNLOCK(x) ; # endif + static void ip_pool_clearnodes __P((ip_pool_t *)); + static void *ip_pool_exists __P((int, char *)); + ip_pool_stat_t ipoolstat; ipfrwlock_t ip_poolrw; *************** *** 137,143 **** strcpy(op.iplo_name, "0"); if (ip_pool_create(&op) == 0) ! ipo = ip_pool_find(0, "0"); a.adf_addr.in4.s_addr = 0x0a010203; b.adf_addr.in4.s_addr = 0xffffffff; --- 140,146 ---- strcpy(op.iplo_name, "0"); if (ip_pool_create(&op) == 0) ! ipo = ip_pool_exists(0, "0"); a.adf_addr.in4.s_addr = 0x0a010203; b.adf_addr.in4.s_addr = 0xffffffff; *************** *** 262,279 **** void ip_pool_fini() { ip_pool_t *p, *q; - iplookupop_t op; int i; ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); for (i = 0; i <= IPL_LOGMAX; i++) { for (q = ip_pool_list[i]; (p = q) != NULL; ) { - op.iplo_unit = i; - (void)strncpy(op.iplo_name, p->ipo_name, - sizeof(op.iplo_name)); q = p->ipo_next; ! (void) ip_pool_destroy(&op); } } --- 265,278 ---- void ip_pool_fini() { ip_pool_t *p, *q; int i; ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); for (i = 0; i <= IPL_LOGMAX; i++) { for (q = ip_pool_list[i]; (p = q) != NULL; ) { q = p->ipo_next; ! (void) ip_pool_destroy(i, p->ipo_name); } } *************** *** 307,314 **** stats.ipls_list[i] = ip_pool_list[i]; } else if (unit >= 0 && unit < IPL_LOGSIZE) { if (op->iplo_name[0] != '\0') ! stats.ipls_list[unit] = ip_pool_find(unit, ! op->iplo_name); else stats.ipls_list[unit] = ip_pool_list[unit]; } else --- 306,313 ---- stats.ipls_list[i] = ip_pool_list[i]; } else if (unit >= 0 && unit < IPL_LOGSIZE) { if (op->iplo_name[0] != '\0') ! stats.ipls_list[unit] = ip_pool_exists(unit, ! op->iplo_name); else stats.ipls_list[unit] = ip_pool_list[unit]; } else *************** *** 319,334 **** } - /* ------------------------------------------------------------------------ */ ! /* Function: ip_pool_find */ /* Returns: int - 0 = success, else error */ /* Parameters: ipo(I) - pointer to the pool getting the new node. */ /* */ /* Find a matching pool inside the collection of pools for a particular */ /* device, indicated by the unit number. */ /* ------------------------------------------------------------------------ */ ! void *ip_pool_find(unit, name) int unit; char *name; { --- 318,332 ---- } /* ------------------------------------------------------------------------ */ ! /* Function: ip_pool_exists */ /* Returns: int - 0 = success, else error */ /* Parameters: ipo(I) - pointer to the pool getting the new node. */ /* */ /* Find a matching pool inside the collection of pools for a particular */ /* device, indicated by the unit number. */ /* ------------------------------------------------------------------------ */ ! static void *ip_pool_exists(unit, name) int unit; char *name; { *************** *** 342,347 **** --- 340,368 ---- /* ------------------------------------------------------------------------ */ + /* Function: ip_pool_find */ + /* Returns: int - 0 = success, else error */ + /* Parameters: ipo(I) - pointer to the pool getting the new node. */ + /* */ + /* Find a matching pool inside the collection of pools for a particular */ + /* device, indicated by the unit number. If it is marked for deletion then */ + /* pretend it does not exist. */ + /* ------------------------------------------------------------------------ */ + void *ip_pool_find(unit, name) + int unit; + char *name; + { + ip_pool_t *p; + + p = ip_pool_exists(unit, name); + if ((p != NULL) && (p->ipo_flags & IPOOL_DELETE)) + return NULL; + + return p; + } + + + /* ------------------------------------------------------------------------ */ /* Function: ip_pool_findeq */ /* Returns: int - 0 = success, else error */ /* Parameters: ipo(I) - pointer to the pool getting the new node. */ *************** *** 499,504 **** --- 520,529 ---- /* when being inserted - assume this has already been done. If the pool is */ /* marked as being anonymous, give it a new, unique, identifier. Call any */ /* other functions required to initialise the structure. */ + /* */ + /* If the structure is flagged for deletion then reset the flag and return, */ + /* as this likely means we've tried to free a pool that is in use (flush) */ + /* and now want to repopulate it with "new" data. */ /* ------------------------------------------------------------------------ */ int ip_pool_create(op) iplookupop_t *op; *************** *** 509,531 **** ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); ! KMALLOC(h, ip_pool_t *); ! if (h == NULL) ! return ENOMEM; ! bzero(h, sizeof(*h)); ! if (rn_inithead((void **)&h->ipo_head, ! offsetof(addrfamily_t, adf_addr) << 3) == 0) { ! KFREE(h); ! return ENOMEM; } ! unit = op->iplo_unit; ! ! if ((op->iplo_arg & IPOOL_ANON) != 0) { ip_pool_t *p; ! poolnum = IPOOL_ANON; #if defined(SNPRINTF) && defined(_KERNEL) SNPRINTF(name, sizeof(name), "%x", poolnum); --- 534,570 ---- ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); ! unit = op->iplo_unit; ! if ((op->iplo_arg & LOOKUP_ANON) == 0) ! h = ip_pool_exists(unit, op->iplo_name); ! else ! h = NULL; ! ! if (h != NULL) { ! if ((h->ipo_flags & IPOOL_DELETE) != 0) { ! h->ipo_flags &= ~IPOOL_DELETE; ! return 0; ! } ! return EEXIST; ! } else { ! KMALLOC(h, ip_pool_t *); ! if (h == NULL) ! return ENOMEM; ! bzero(h, sizeof(*h)); ! ! if (rn_inithead((void **)&h->ipo_head, ! offsetof(addrfamily_t, adf_addr) << 3) == 0) { ! KFREE(h); ! return ENOMEM; ! } } ! if ((op->iplo_arg & LOOKUP_ANON) != 0) { ip_pool_t *p; ! h->ipo_flags |= IPOOL_ANON; ! poolnum = LOOKUP_ANON; #if defined(SNPRINTF) && defined(_KERNEL) SNPRINTF(name, sizeof(name), "%x", poolnum); *************** *** 550,568 **** (void)strncpy(h->ipo_name, name, sizeof(h->ipo_name)); (void)strncpy(op->iplo_name, name, sizeof(op->iplo_name)); } else { ! (void) strncpy(h->ipo_name, op->iplo_name, sizeof(h->ipo_name)); } ! h->ipo_ref = 1; ! h->ipo_list = NULL; ! h->ipo_unit = unit; ! h->ipo_next = ip_pool_list[unit]; ! if (ip_pool_list[unit] != NULL) ! ip_pool_list[unit]->ipo_pnext = &h->ipo_next; ! h->ipo_pnext = &ip_pool_list[unit]; ! ip_pool_list[unit] = h; ! ipoolstat.ipls_pools++; return 0; } --- 589,609 ---- (void)strncpy(h->ipo_name, name, sizeof(h->ipo_name)); (void)strncpy(op->iplo_name, name, sizeof(op->iplo_name)); } else { ! (void)strncpy(h->ipo_name, op->iplo_name, sizeof(h->ipo_name)); } ! if ((h->ipo_flags & IPOOL_DELETE) == 0) { ! h->ipo_ref = 1; ! h->ipo_list = NULL; ! h->ipo_unit = unit; ! h->ipo_next = ip_pool_list[unit]; ! if (ip_pool_list[unit] != NULL) ! ip_pool_list[unit]->ipo_pnext = &h->ipo_next; ! h->ipo_pnext = &ip_pool_list[unit]; ! ip_pool_list[unit] = h; ! ipoolstat.ipls_pools++; ! } return 0; } *************** *** 607,629 **** /* Locks: WRITE(ip_poolrw) or WRITE(ipf_global) */ /* */ /* Search for a pool using paramters passed in and if it's not otherwise */ ! /* busy, free it. */ /* */ /* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ ! int ip_pool_destroy(op) ! iplookupop_t *op; { ip_pool_t *ipo; ! ipo = ip_pool_find(op->iplo_unit, op->iplo_name); if (ipo == NULL) return ESRCH; ! if (ipo->ipo_ref != 1) ! return EBUSY; ip_pool_free(ipo); return 0; --- 648,675 ---- /* Locks: WRITE(ip_poolrw) or WRITE(ipf_global) */ /* */ /* Search for a pool using paramters passed in and if it's not otherwise */ ! /* busy, free it. If it is busy, clear all of its nodes, mark it for being */ ! /* deleted and return an error saying it is busy. */ /* */ /* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ ! int ip_pool_destroy(unit, name) ! int unit; ! char *name; { ip_pool_t *ipo; ! ipo = ip_pool_exists(unit, name); if (ipo == NULL) return ESRCH; ! if (ipo->ipo_ref != 1) { ! ip_pool_clearnodes(ipo); ! ipo->ipo_flags |= IPOOL_DELETE; ! return 0; ! } ip_pool_free(ipo); return 0; *************** *** 660,666 **** (void)strncpy(op.iplo_name, p->ipo_name, sizeof(op.iplo_name)); q = p->ipo_next; ! err = ip_pool_destroy(&op); if (err == 0) num++; else --- 706,712 ---- (void)strncpy(op.iplo_name, p->ipo_name, sizeof(op.iplo_name)); q = p->ipo_next; ! err = ip_pool_destroy(op.iplo_unit, op.iplo_name); if (err == 0) num++; else *************** *** 688,693 **** --- 734,763 ---- void ip_pool_free(ipo) ip_pool_t *ipo; { + + ip_pool_clearnodes(ipo); + + if (ipo->ipo_next != NULL) + ipo->ipo_next->ipo_pnext = ipo->ipo_pnext; + *ipo->ipo_pnext = ipo->ipo_next; + rn_freehead(ipo->ipo_head); + KFREE(ipo); + + ipoolstat.ipls_pools--; + } + + + /* ------------------------------------------------------------------------ */ + /* Function: ip_pool_clearnodes */ + /* Returns: void */ + /* Parameters: ipo(I) - pointer to pool structure */ + /* Locks: WRITE(ip_poolrw) or WRITE(ipf_global) */ + /* */ + /* Deletes all nodes stored in a pool structure. */ + /* ------------------------------------------------------------------------ */ + static void ip_pool_clearnodes(ipo) + ip_pool_t *ipo; + { ip_pool_node_t *n; RADIX_NODE_HEAD_LOCK(ipo->ipo_head); *************** *** 706,718 **** RADIX_NODE_HEAD_UNLOCK(ipo->ipo_head); ipo->ipo_list = NULL; - if (ipo->ipo_next != NULL) - ipo->ipo_next->ipo_pnext = ipo->ipo_pnext; - *ipo->ipo_pnext = ipo->ipo_next; - rn_freehead(ipo->ipo_head); - KFREE(ipo); - - ipoolstat.ipls_pools--; } --- 776,781 ---- *************** *** 732,739 **** --- 795,806 ---- ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); ipo->ipo_ref--; + if (ipo->ipo_ref == 0) ip_pool_free(ipo); + + else if ((ipo->ipo_ref == 1) && (ipo->ipo_flags & IPOOL_DELETE)) + ip_pool_destroy(ipo->ipo_unit, ipo->ipo_name); } *************** *** 805,811 **** case IPFLOOKUPITER_NODE : node = token->ipt_data; if (node == NULL) { ! ipo = ip_pool_find(ilp->ili_unit, ilp->ili_name); if (ipo == NULL) err = ESRCH; else { --- 872,878 ---- case IPFLOOKUPITER_NODE : node = token->ipt_data; if (node == NULL) { ! ipo = ip_pool_exists(ilp->ili_unit, ilp->ili_name); if (ipo == NULL) err = ESRCH; else { diff -cr ip_fil4.1.16/ip_pool.h ip_fil4.1.17/ip_pool.h *** ip_fil4.1.16/ip_pool.h Fri Jul 14 16:12:16 2006 --- ip_fil4.1.17/ip_pool.h Mon Jan 15 01:06:12 2007 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_pool.h,v 2.26.2.4 2006/07/14 06:12:16 darrenr Exp $ */ #ifndef __IP_POOL_H__ --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: ip_pool.h,v 2.26.2.5 2007/01/14 14:06:12 darrenr Exp $ */ #ifndef __IP_POOL_H__ *************** *** 54,60 **** char ipo_name[FR_GROUPLEN]; } ip_pool_t; ! #define IPOOL_ANON 0x80000000 typedef struct ip_pool_stat { --- 54,61 ---- char ipo_name[FR_GROUPLEN]; } ip_pool_t; ! #define IPOOL_DELETE 0x01 ! #define IPOOL_ANON 0x02 typedef struct ip_pool_stat { *************** *** 74,80 **** extern int ip_pool_create __P((iplookupop_t *)); extern int ip_pool_insert __P((ip_pool_t *, i6addr_t *, i6addr_t *, int)); extern int ip_pool_remove __P((ip_pool_t *, ip_pool_node_t *)); ! extern int ip_pool_destroy __P((iplookupop_t *)); extern void ip_pool_free __P((ip_pool_t *)); extern void ip_pool_deref __P((ip_pool_t *)); extern void ip_pool_node_deref __P((ip_pool_node_t *)); --- 75,81 ---- extern int ip_pool_create __P((iplookupop_t *)); extern int ip_pool_insert __P((ip_pool_t *, i6addr_t *, i6addr_t *, int)); extern int ip_pool_remove __P((ip_pool_t *, ip_pool_node_t *)); ! extern int ip_pool_destroy __P((int, char *)); extern void ip_pool_free __P((ip_pool_t *)); extern void ip_pool_deref __P((ip_pool_t *)); extern void ip_pool_node_deref __P((ip_pool_node_t *)); diff -cr ip_fil4.1.16/ip_rpcb_pxy.c ip_fil4.1.17/ip_rpcb_pxy.c *** ip_fil4.1.16/ip_rpcb_pxy.c Mon Dec 18 16:00:57 2006 --- ip_fil4.1.17/ip_rpcb_pxy.c Wed Jan 17 22:34:54 2007 *************** *** 37,43 **** * o The enclosed hack of STREAMS support is pretty sick and most likely * broken. * ! * $Id: ip_rpcb_pxy.c,v 2.25.2.5 2006/12/18 05:00:57 darrenr Exp $ */ #define IPF_RPCB_PROXY --- 37,43 ---- * o The enclosed hack of STREAMS support is pretty sick and most likely * broken. * ! * $Id: ip_rpcb_pxy.c,v 2.25.2.6 2007/01/17 11:34:54 darrenr Exp $ */ #define IPF_RPCB_PROXY *************** *** 307,312 **** --- 307,314 ---- COPYDATA(m, off, dlen, (caddr_t)&rm->rm_msgbuf); rm->rm_buflen = dlen; + rx = NULL; /* XXX gcc */ + /* Send off to decode reply. */ rv = ippr_rpcb_decoderep(fin, nat, rs, rm, &rx); *************** *** 1193,1200 **** * no use for this lock, so simply unlock it if necessary. */ is = fr_stlookup(&fi, &tcp, NULL); ! if (is != NULL) RWLOCK_EXIT(&ipf_state); RWLOCK_EXIT(&ipf_nat); --- 1195,1203 ---- * no use for this lock, so simply unlock it if necessary. */ is = fr_stlookup(&fi, &tcp, NULL); ! if (is != NULL) { RWLOCK_EXIT(&ipf_state); + } RWLOCK_EXIT(&ipf_nat); diff -cr ip_fil4.1.16/ip_scan.c ip_fil4.1.17/ip_scan.c *** ip_fil4.1.16/ip_scan.c Fri Jul 14 16:12:18 2006 --- ip_fil4.1.17/ip_scan.c Tue Jan 16 13:25:20 2007 *************** *** 58,64 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_scan.c,v 2.40.2.7 2006/07/14 06:12:18 darrenr Exp $"; #endif #ifdef IPFILTER_SCAN /* endif at bottom of file */ --- 58,64 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_scan.c,v 2.40.2.8 2007/01/16 02:25:20 darrenr Exp $"; #endif #ifdef IPFILTER_SCAN /* endif at bottom of file */ *************** *** 115,122 **** return ENOMEM; err = copyinptr(data, isc, sizeof(*isc)); ! if (err) return err; WRITE_ENTER(&ipsc_rwlock); --- 115,124 ---- return ENOMEM; err = copyinptr(data, isc, sizeof(*isc)); ! if (err) { ! KFREE(isc); return err; + } WRITE_ENTER(&ipsc_rwlock); diff -cr ip_fil4.1.16/ip_state.c ip_fil4.1.17/ip_state.c *** ip_fil4.1.16/ip_state.c Tue Dec 19 02:53:40 2006 --- ip_fil4.1.17/ip_state.c Sat Dec 23 15:47:26 2006 *************** *** 111,117 **** #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.186.2.50 2006/12/18 15:53:40 darrenr Exp $"; #endif static ipstate_t **ips_table = NULL; --- 111,117 ---- #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.186.2.51 2006/12/23 04:47:26 darrenr Exp $"; #endif static ipstate_t **ips_table = NULL; *************** *** 1425,1445 **** if (flags == (TH_SYN|TH_ACK)) { is->is_s0[source] = ntohl(tcp->th_ack); is->is_s0[!source] = ntohl(tcp->th_seq) + 1; ! if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2)) && ! (tdata->td_winflags & TCP_WSCALE_SEEN)) { if (fr_tcpoptions(fin, tcp, fdata) == -1) fin->fin_flx |= FI_BAD; - if (!(fdata->td_winflags & TCP_WSCALE_SEEN)) { - fdata->td_winscale = 0; - tdata->td_winscale = 0; - } } if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN)) fr_checknewisn(fin, is); } else if (flags == TH_SYN) { is->is_s0[source] = ntohl(tcp->th_seq) + 1; if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) { ! if (fr_tcpoptions(fin, tcp, tdata) == -1) fin->fin_flx |= FI_BAD; } --- 1425,1440 ---- if (flags == (TH_SYN|TH_ACK)) { is->is_s0[source] = ntohl(tcp->th_ack); is->is_s0[!source] = ntohl(tcp->th_seq) + 1; ! if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) { if (fr_tcpoptions(fin, tcp, fdata) == -1) fin->fin_flx |= FI_BAD; } if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN)) fr_checknewisn(fin, is); } else if (flags == TH_SYN) { is->is_s0[source] = ntohl(tcp->th_seq) + 1; if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) { ! if (fr_tcpoptions(fin, tcp, fdata) == -1) fin->fin_flx |= FI_BAD; } *************** *** 1546,1562 **** * the receiver also does window scaling) */ if (!(tcpflags & TH_SYN) && (fdata->td_winflags & TCP_WSCALE_FIRST)) { ! if (tdata->td_winflags & TCP_WSCALE_SEEN) { ! fdata->td_winflags &= ~TCP_WSCALE_FIRST; ! fdata->td_maxwin = win; ! } else { ! fdata->td_winscale = 0; ! fdata->td_winflags &= ~(TCP_WSCALE_FIRST| ! TCP_WSCALE_SEEN); ! tdata->td_winscale = 0; ! tdata->td_winflags &= ~(TCP_WSCALE_FIRST| ! TCP_WSCALE_SEEN); ! } } end = seq + dsize; --- 1541,1548 ---- * the receiver also does window scaling) */ if (!(tcpflags & TH_SYN) && (fdata->td_winflags & TCP_WSCALE_FIRST)) { ! fdata->td_winflags &= ~TCP_WSCALE_FIRST; ! fdata->td_maxwin = win; } end = seq + dsize; *************** *** 1599,1605 **** (SEQ_GE(seq, fdata->td_end - maxwin)) && /* XXX what about big packets */ #define MAXACKWINDOW 66000 ! (-ackskew <= (MAXACKWINDOW << fdata->td_winscale)) && ( ackskew <= (MAXACKWINDOW << fdata->td_winscale))) { inseq = 1; /* --- 1585,1591 ---- (SEQ_GE(seq, fdata->td_end - maxwin)) && /* XXX what about big packets */ #define MAXACKWINDOW 66000 ! (-ackskew <= (MAXACKWINDOW)) && ( ackskew <= (MAXACKWINDOW << fdata->td_winscale))) { inseq = 1; /* *************** *** 1645,1650 **** --- 1631,1638 ---- } } + /* TRACE(inseq, fdata, tdata, seq, end, ack, ackskew, win, maxwin) */ + if (inseq) { /* if ackskew < 0 then this should be due to fragmented * packets. There is no way to know the length of the diff -cr ip_fil4.1.16/ipf.h ip_fil4.1.17/ipf.h *** ip_fil4.1.16/ipf.h Sun Dec 17 04:16:00 2006 --- ip_fil4.1.17/ipf.h Mon Jan 15 01:06:12 2007 *************** *** 4,10 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 ! * $Id: ipf.h,v 2.71.2.12 2006/12/16 17:16:00 darrenr Exp $ */ #ifndef __IPF_H__ --- 4,10 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 ! * $Id: ipf.h,v 2.71.2.13 2007/01/14 14:06:12 darrenr Exp $ */ #ifndef __IPF_H__ *************** *** 283,289 **** extern void printnat __P((struct ipnat *, int)); extern void printactivenat __P((struct nat *, int, int, u_long)); extern void printhostmap __P((struct hostmap *, u_int)); - extern void printpacket __P((struct ip *)); extern void set_variable __P((char *, char *)); extern char *get_variable __P((char *, char **, int)); --- 283,288 ---- diff -cr ip_fil4.1.16/ipl.h ip_fil4.1.17/ipl.h *** ip_fil4.1.16/ipl.h Tue Dec 19 04:07:40 2006 --- ip_fil4.1.17/ipl.h Thu Jan 18 11:21:37 2007 *************** *** 4,17 **** * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.52.2.17 2006/12/18 17:07:40 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v4.1.16" ! #define IPFILTER_VERSION 4011600 #endif --- 4,17 ---- * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipl.h 1.21 6/5/96 ! * $Id: ipl.h,v 2.52.2.18 2007/01/18 00:21:37 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v4.1.17" ! #define IPFILTER_VERSION 4011700 #endif diff -cr ip_fil4.1.16/ipsend/sock.c ip_fil4.1.17/ipsend/sock.c *** ip_fil4.1.16/ipsend/sock.c Wed Mar 22 03:10:56 2006 --- ip_fil4.1.17/ipsend/sock.c Tue Jan 16 13:25:21 2007 *************** *** 6,12 **** */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.4 2006/03/21 16:10:56 darrenr Exp $"; #endif #include #include --- 6,12 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.5 2007/01/16 02:25:21 darrenr Exp $"; #endif #include #include *************** *** 293,303 **** --- 293,306 ---- return NULL; fd = (struct filedesc *)malloc(sizeof(*fd)); + if (fd == NULL) + return NULL; #if defined( __FreeBSD_version) && __FreeBSD_version >= 500013 if (KMCPY(fd, p->ki_fd, sizeof(*fd)) == -1) { fprintf(stderr, "read(%#lx,%#lx) failed\n", (u_long)p, (u_long)p->ki_fd); + free(fd); return NULL; } #else *************** *** 305,310 **** --- 308,314 ---- { fprintf(stderr, "read(%#lx,%#lx) failed\n", (u_long)p, (u_long)p->kp_proc.p_fd); + free(fd); return NULL; } #endif diff -cr ip_fil4.1.16/lib/hostname.c ip_fil4.1.17/lib/hostname.c *** ip_fil4.1.16/lib/hostname.c Sat Jun 17 03:21:01 2006 --- ip_fil4.1.17/lib/hostname.c Tue Jan 16 13:25:22 2007 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: hostname.c,v 1.6.2.1 2006/06/16 17:21:01 darrenr Exp $ */ #include "ipf.h" --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: hostname.c,v 1.6.2.2 2007/01/16 02:25:22 darrenr Exp $ */ #include "ipf.h" *************** *** 17,22 **** --- 17,24 ---- struct in_addr ipa; struct netent *np; + memset(&ipa, 0, sizeof(ipa)); /* XXX gcc */ + if (v == 4) { ipa.s_addr = *(u_32_t *)ip; if (ipa.s_addr == htonl(0xfedcba98)) diff -cr ip_fil4.1.16/lib/printfraginfo.c ip_fil4.1.17/lib/printfraginfo.c *** ip_fil4.1.16/lib/printfraginfo.c Fri Jul 14 16:12:25 2006 --- ip_fil4.1.17/lib/printfraginfo.c Tue Dec 26 02:10:37 2006 *************** *** 3,9 **** * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printfraginfo.c,v 1.1.2.4 2006/07/14 06:12:25 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" --- 3,9 ---- * * See the IPFILTER.LICENCE file for details on licencing. * ! * $Id: printfraginfo.c,v 1.1.2.5 2006/12/25 15:10:37 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" *************** *** 22,29 **** sizeof(fr)) == -1) return; */ ! printf("%s id %d ttl %d pr %d seen0 %d ref %d tos %#02x = %#x\n", ! hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_seen0, ! ifr->ipfr_ttl, ifr->ipfr_p, ifr->ipfr_ref, ifr->ipfr_tos, ! 0); } --- 22,28 ---- sizeof(fr)) == -1) return; */ ! printf("%s id %d ttl %ld pr %d seen0 %d ref %d tos %#02x\n", ! hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_ttl, ! ifr->ipfr_p, ifr->ipfr_seen0, ifr->ipfr_ref, ifr->ipfr_tos); } diff -cr ip_fil4.1.16/lib/printhash.c ip_fil4.1.17/lib/printhash.c *** ip_fil4.1.16/lib/printhash.c Fri Jul 14 16:12:25 2006 --- ip_fil4.1.17/lib/printhash.c Wed Jan 17 14:23:02 2007 *************** *** 29,34 **** --- 29,37 ---- printhashdata(hp, opts); + if ((hp->iph_flags & IPHASH_DELETE) != 0) + PRINTF("# "); + if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); diff -cr ip_fil4.1.16/lib/printhash_live.c ip_fil4.1.17/lib/printhash_live.c *** ip_fil4.1.16/lib/printhash_live.c Fri Jul 14 16:12:26 2006 --- ip_fil4.1.17/lib/printhash_live.c Wed Jan 17 14:23:02 2007 *************** *** 28,33 **** --- 28,36 ---- printhashdata(hp, opts); + if ((hp->iph_flags & IPHASH_DELETE) != 0) + PRINTF("# "); + if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); diff -cr ip_fil4.1.16/lib/printhashdata.c ip_fil4.1.17/lib/printhashdata.c *** ip_fil4.1.16/lib/printhashdata.c Fri Jul 14 16:12:26 2006 --- ip_fil4.1.17/lib/printhashdata.c Wed Jan 17 14:23:02 2007 *************** *** 18,23 **** --- 18,25 ---- if ((opts & OPT_DEBUG) == 0) { if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON) PRINTF("# 'anonymous' table\n"); + if ((hp->iph_flags & IPHASH_DELETE) == IPHASH_DELETE) + PRINTF("# "); switch (hp->iph_type & ~IPHASH_ANON) { case IPHASH_LOOKUP : diff -cr ip_fil4.1.16/lib/printpool.c ip_fil4.1.17/lib/printpool.c *** ip_fil4.1.16/lib/printpool.c Fri Jul 14 16:12:26 2006 --- ip_fil4.1.17/lib/printpool.c Mon Jan 15 01:06:14 2007 *************** *** 26,31 **** --- 26,33 ---- printpooldata(&ipp, opts); + if ((ipp.ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); diff -cr ip_fil4.1.16/lib/printpool_live.c ip_fil4.1.17/lib/printpool_live.c *** ip_fil4.1.16/lib/printpool_live.c Fri Jul 14 16:12:27 2006 --- ip_fil4.1.17/lib/printpool_live.c Mon Jan 15 01:06:14 2007 *************** *** 28,33 **** --- 28,35 ---- printpooldata(pool, opts); + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); if ((opts & OPT_DEBUG) == 0) PRINTF("\t{"); *************** *** 60,65 **** --- 62,69 ---- while (top != NULL) { node = top; (void) printpoolnode(node, opts); + if ((opts & OPT_DEBUG) == 0) + putchar(';'); top = node->ipn_next; free(node); printed++; diff -cr ip_fil4.1.16/lib/printpooldata.c ip_fil4.1.17/lib/printpooldata.c *** ip_fil4.1.16/lib/printpooldata.c Fri Jul 14 16:12:27 2006 --- ip_fil4.1.17/lib/printpooldata.c Mon Jan 15 01:06:14 2007 *************** *** 17,24 **** --- 17,28 ---- if ((opts & OPT_DEBUG) == 0) { if ((pool->ipo_flags & IPOOL_ANON) != 0) PRINTF("# 'anonymous' tree %s\n", pool->ipo_name); + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); PRINTF("table role = "); } else { + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); PRINTF("%s: %s", isdigit(*pool->ipo_name) ? "Number" : "Name", pool->ipo_name); *************** *** 67,72 **** --- 71,78 ---- PRINTF("\tReferences: %d\tHits: %lu\n", pool->ipo_ref, pool->ipo_hits); + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); PRINTF("\tNodes Starting at %p\n", pool->ipo_list); } } diff -cr ip_fil4.1.16/tools/ipf_y.y ip_fil4.1.17/tools/ipf_y.y *** ip_fil4.1.16/tools/ipf_y.y Mon Dec 11 03:18:58 2006 --- ip_fil4.1.17/tools/ipf_y.y Tue Jan 16 13:25:23 2007 *************** *** 2050,2055 **** --- 2050,2058 ---- frentry_t *fr; ipfobj_t obj; + if (ptr == NULL) + return; + fr = ptr; add = 0; del = 0; *************** *** 2079,2088 **** fr->fr_flags |= FR_OUTQUE; if (fr->fr_hits) fr->fr_hits--; ! if (fr && (opts & OPT_VERBOSE)) printfr(fr, ioctlfunc); ! if (opts & OPT_DEBUG) { binprint(fr, sizeof(*fr)); if (fr->fr_data != NULL) binprint(fr->fr_data, fr->fr_dsize); --- 2082,2091 ---- fr->fr_flags |= FR_OUTQUE; if (fr->fr_hits) fr->fr_hits--; ! if ((opts & OPT_VERBOSE) != 0) printfr(fr, ioctlfunc); ! if ((opts & OPT_DEBUG) != 0) { binprint(fr, sizeof(*fr)); if (fr->fr_data != NULL) binprint(fr->fr_data, fr->fr_dsize); diff -cr ip_fil4.1.16/tools/ipfcomp.c ip_fil4.1.17/tools/ipfcomp.c *** ip_fil4.1.16/tools/ipfcomp.c Sat Aug 26 21:21:14 2006 --- ip_fil4.1.17/tools/ipfcomp.c Tue Jan 16 13:25:23 2007 *************** *** 5,11 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.4 2006/08/26 11:21:14 darrenr Exp $"; #endif #include "ipf.h" --- 5,11 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.5 2007/01/16 02:25:23 darrenr Exp $"; #endif #include "ipf.h" *************** *** 491,497 **** /* * Output the array of pointers to rules for this group. */ ! if (num == -2 && dir == 0 && header[0] == 0 && incount != 0) { fprintf(fp, "\nfrentry_t *ipf_rules_in_%s[%d] = {", group, incount); for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) { --- 491,498 ---- /* * Output the array of pointers to rules for this group. */ ! if (g != NULL && num == -2 && dir == 0 && header[0] == 0 && ! incount != 0) { fprintf(fp, "\nfrentry_t *ipf_rules_in_%s[%d] = {", group, incount); for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) { *************** *** 510,516 **** fprintf(fp, "\n};\n"); } ! if (num == -2 && dir == 1 && header[1] == 0 && outcount != 0) { fprintf(fp, "\nfrentry_t *ipf_rules_out_%s[%d] = {", group, outcount); for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) { --- 511,518 ---- fprintf(fp, "\n};\n"); } ! if (g != NULL && num == -2 && dir == 1 && header[0] == 0 && ! outcount != 0) { fprintf(fp, "\nfrentry_t *ipf_rules_out_%s[%d] = {", group, outcount); for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) { *************** *** 539,545 **** /* * If the function header has not been printed then print it now. */ ! if (header[dir] == 0) { int pdst = 0, psrc = 0; openfunc = 1; --- 541,547 ---- /* * If the function header has not been printed then print it now. */ ! if (g != NULL && header[dir] == 0) { int pdst = 0, psrc = 0; openfunc = 1;