Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Updated IPFilter to version 5.1.2 in -current
Just in case anyone is trying to use the new ipfilter in an IPv4-only
environment, there are a few areas where the build will break. :) This
was initially noticed (by me) while building the ALCHEMY kernel for
evbmips.
The attached diffs have been fed back upstream (to Darren), and they do
fix the build. I have not actually used the resulting kernel, so I do
not know if it actually is functional. :)
Darren is also working on getting the remaining ~35 atf tests cleaned up
so they can be re-enabled on our automated test-beds.
Thanks, Darren, for all the work on IPFilter
-------------------------------------------------------------------------
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer | | pgoyette at netbsd.org |
-------------------------------------------------------------------------
Index: ip_ftp_pxy.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_ftp_pxy.c,v
retrieving revision 1.3
diff -u -p -r1.3 ip_ftp_pxy.c
--- ip_ftp_pxy.c 22 Jul 2012 14:27:51 -0000 1.3
+++ ip_ftp_pxy.c 25 Jul 2012 02:40:57 -0000
@@ -834,7 +834,7 @@ ipf_p_ftp_pasvreply(ipf_ftp_softc_t *sof
ipnat_t *ipn;
fr_info_t fi;
ftpside_t *f;
- nat_t *nat2;
+ nat_t *nat2 = NULL;
mb_t *m;
softc = fin->fin_main_soft;
@@ -1669,8 +1669,10 @@ ipf_p_ftp_eprt(ipf_ftp_softc_t *softf, f
if (f->ftps_rptr[5] == f->ftps_rptr[7]) {
if (f->ftps_rptr[6] == '1' && nat->nat_v[0] == 4)
return ipf_p_ftp_eprt4(softf, fin, ip, nat, ftp, dlen);
+#ifdef USE_INET6
if (f->ftps_rptr[6] == '2' && nat->nat_v[0] == 6)
return ipf_p_ftp_eprt6(softf, fin, ip, nat, ftp, dlen);
+#endif
}
return 0;
}
@@ -1902,7 +1904,7 @@ ipf_p_ftp_epsv(ipf_ftp_softc_t *softf, f
newbuf, s);
}
-
+#ifdef USE_INET6
int
ipf_p_ftp_eprt6(ipf_ftp_softc_t *softf, fr_info_t *fin, ip_t *ip,
nat_t *nat, ftpinfo_t *ftp, int dlen)
@@ -2107,3 +2109,4 @@ ipf_p_ftp_eprt6(ipf_ftp_softc_t *softf,
f->ftps_cmd = FTPXY_C_EPRT;
return ipf_p_ftp_addport(softf, fin, ip, nat, ftp, dlen, port, inc);
}
+#endif /* USE_INET6 */
Index: ip_nat.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_nat.c,v
retrieving revision 1.5
diff -u -p -r1.5 ip_nat.c
--- ip_nat.c 22 Jul 2012 16:40:40 -0000 1.5
+++ ip_nat.c 25 Jul 2012 02:40:57 -0000
@@ -2531,9 +2531,11 @@ ipf_nat_delrule(ipf_main_softc_t *softc,
case 4 :
ipf_nat_delrdr(softn, np);
break;
+#ifdef USE_INET6
case 6 :
ipf_nat6_delrdr(softn, np);
break;
+#endif
}
}
if (np->in_redir & (NAT_MAPBLK|NAT_MAP)) {
@@ -2542,9 +2544,11 @@ ipf_nat_delrule(ipf_main_softc_t *softc,
case 4 :
ipf_nat_delmap(softn, np);
break;
+#ifdef USE_INET6
case 6 :
ipf_nat6_delmap(softn, np);
break;
+#endif
}
}
}
@@ -7969,18 +7973,6 @@ ipf_nat_rehash(ipf_main_softc_t *softc,
}
softn->ipf_nat_stats.ns_side[1].ns_bucketlen = bucketlens[1];
- if (softn->ipf_nat_stats.ns_side6[0].ns_bucketlen != NULL) {
- KFREES(softn->ipf_nat_stats.ns_side6[0].ns_bucketlen,
- softn->ipf_nat_table_sz * sizeof(u_int));
- }
- softn->ipf_nat_stats.ns_side6[0].ns_bucketlen = bucketlens[0];
-
- if (softn->ipf_nat_stats.ns_side6[1].ns_bucketlen != NULL) {
- KFREES(softn->ipf_nat_stats.ns_side6[1].ns_bucketlen,
- softn->ipf_nat_table_sz * sizeof(u_int));
- }
- softn->ipf_nat_stats.ns_side6[1].ns_bucketlen = bucketlens[1];
-
softn->ipf_nat_maxbucket = maxbucket;
softn->ipf_nat_table_sz = newsize;
/*
@@ -7990,8 +7982,6 @@ ipf_nat_rehash(ipf_main_softc_t *softc,
*/
softn->ipf_nat_stats.ns_side[0].ns_inuse = 0;
softn->ipf_nat_stats.ns_side[1].ns_inuse = 0;
- softn->ipf_nat_stats.ns_side6[0].ns_inuse = 0;
- softn->ipf_nat_stats.ns_side6[1].ns_inuse = 0;
for (nat = softn->ipf_nat_instances; nat != NULL; nat = nat->nat_next) {
nat->nat_hnext[0] = NULL;
Index: ip_rcmd_pxy.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_rcmd_pxy.c,v
retrieving revision 1.3
diff -u -p -r1.3 ip_rcmd_pxy.c
--- ip_rcmd_pxy.c 22 Jul 2012 14:27:51 -0000 1.3
+++ ip_rcmd_pxy.c 25 Jul 2012 02:40:57 -0000
@@ -145,9 +145,11 @@ ipf_p_rcmd_portmsg(fr_info_t *fin, ap_se
fr_info_t fi;
u_short sp;
nat_t *nat2;
+#ifdef USE_INET6
ip6_t *ip6;
+#endif
int tcpsz;
- int slen;
+ int slen = 0;
ip_t *ip;
mb_t *m;
@@ -156,7 +158,9 @@ ipf_p_rcmd_portmsg(fr_info_t *fin, ap_se
m = fin->fin_m;
ip = fin->fin_ip;
tcpsz = TCP_OFF(tcp) << 2;
+#ifdef USE_INET6
ip6 = (ip6_t *)fin->fin_ip;
+#endif
softc = fin->fin_main_soft;
softn = softc->ipf_nat_soft;
off = (char *)tcp - (char *)ip + tcpsz + fin->fin_ipoff;
Index: ip_tftp_pxy.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_tftp_pxy.c,v
retrieving revision 1.4
diff -u -p -r1.4 ip_tftp_pxy.c
--- ip_tftp_pxy.c 22 Jul 2012 16:43:59 -0000 1.4
+++ ip_tftp_pxy.c 25 Jul 2012 02:40:57 -0000
@@ -279,8 +279,8 @@ ipf_p_tftp_backchannel(fr_info_t *fin, a
tftpinfo_t *ti;
udphdr_t udp;
fr_info_t fi;
- u_short slen;
- nat_t *nat2;
+ u_short slen = 0;
+ nat_t *nat2 = NULL;
int nflags;
ip_t *ip;
int dir;
@@ -347,8 +347,10 @@ ipf_p_tftp_backchannel(fr_info_t *fin, a
MUTEX_ENTER(&softn->ipf_nat_new);
if (nat->nat_v[0] == 4)
nat2 = ipf_nat_add(&fi, ti->ti_rule, NULL, nflags, dir);
+#ifdef USE_INET6
else
nat2 = ipf_nat6_add(&fi, ti->ti_rule, NULL, nflags, dir);
+#endif
MUTEX_EXIT(&softn->ipf_nat_new);
if (nat2 != NULL) {
(void) ipf_nat_proto(&fi, nat2, IPN_UDP);
Home |
Main Index |
Thread Index |
Old Index