Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet update ipfilter code to 3.3.6
details: https://anonhg.NetBSD.org/src/rev/2ae8b484d2c6
branches: trunk
changeset: 479942:2ae8b484d2c6
user: darrenr <darrenr%NetBSD.org@localhost>
date: Tue Dec 28 07:14:53 1999 +0000
description:
update ipfilter code to 3.3.6
diffstat:
sys/netinet/ip_fil.h | 12 ++++++---
sys/netinet/ip_nat.c | 12 ++++++++-
sys/netinet/ip_raudio_pxy.c | 4 +-
sys/netinet/ip_state.c | 54 ++++++++++++++++++++++++++++----------------
sys/netinet/ipl.h | 4 +-
5 files changed, 56 insertions(+), 30 deletions(-)
diffs (241 lines):
diff -r 4e9b33a8f47b -r 2ae8b484d2c6 sys/netinet/ip_fil.h
--- a/sys/netinet/ip_fil.h Tue Dec 28 03:15:16 1999 +0000
+++ b/sys/netinet/ip_fil.h Tue Dec 28 07:14:53 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil.h,v 1.32 1999/12/12 11:11:16 veego Exp $ */
+/* $NetBSD: ip_fil.h,v 1.33 1999/12/28 07:14:53 darrenr Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
@@ -314,11 +314,15 @@
struct frentry *f_auth;
struct frgroup *f_groups[3][2];
u_long f_froute[2];
- int f_active; /* 1 or 0 - active rule set */
int f_defpass; /* default pass - from fr_pass */
- int f_running; /* 1 if running, else 0 */
- int f_logging; /* 1 if enabled, else 0 */
+ char f_active; /* 1 or 0 - active rule set */
+ char f_running; /* 1 if running, else 0 */
+ char f_logging; /* 1 if enabled, else 0 */
+#if !SOLARIS && defined(sun)
+ char f_version[25]; /* version string */
+#else
char f_version[32]; /* version string */
+#endif
} friostat_t;
typedef struct optlist {
diff -r 4e9b33a8f47b -r 2ae8b484d2c6 sys/netinet/ip_nat.c
--- a/sys/netinet/ip_nat.c Tue Dec 28 03:15:16 1999 +0000
+++ b/sys/netinet/ip_nat.c Tue Dec 28 07:14:53 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.c,v 1.26 1999/12/12 11:11:17 veego Exp $ */
+/* $NetBSD: ip_nat.c,v 1.27 1999/12/28 07:14:53 darrenr Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
@@ -11,7 +11,7 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.26 1999/12/12 11:11:17 veego Exp $";
+static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.27 1999/12/28 07:14:53 darrenr Exp $";
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.2.2.10 1999/12/07 12:53:42 darrenr Exp";
@@ -328,6 +328,14 @@
switch (cmd)
{
+#ifdef IPFILTER_LOG
+ case SIOCIPFFB :
+ if (!(mode & FWRITE))
+ error = EPERM;
+ else
+ *(int *)data = ipflog_clear(IPL_LOGNAT);
+ break;
+#endif
case SIOCADNAT :
if (!(mode & FWRITE)) {
error = EPERM;
diff -r 4e9b33a8f47b -r 2ae8b484d2c6 sys/netinet/ip_raudio_pxy.c
--- a/sys/netinet/ip_raudio_pxy.c Tue Dec 28 03:15:16 1999 +0000
+++ b/sys/netinet/ip_raudio_pxy.c Tue Dec 28 07:14:53 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_raudio_pxy.c,v 1.1.1.1 1999/12/12 10:57:57 veego Exp $ */
+/* $NetBSD: ip_raudio_pxy.c,v 1.2 1999/12/28 07:14:53 darrenr Exp $ */
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@@ -235,7 +235,7 @@
} else
return 0;
- for (a3 = a1, a4 = a2; a4 > 0; a4--, a3++) {
+ for (a3 = a1, a4 = a2; (a4 > 0) && (a3 < 19) && (a3 >= 0); a4--,a3++) {
rap->rap_sbf |= (1 << a3);
rap->rap_svr[a3] = *s++;
}
diff -r 4e9b33a8f47b -r 2ae8b484d2c6 sys/netinet/ip_state.c
--- a/sys/netinet/ip_state.c Tue Dec 28 03:15:16 1999 +0000
+++ b/sys/netinet/ip_state.c Tue Dec 28 07:14:53 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_state.c,v 1.18 1999/12/12 11:11:18 veego Exp $ */
+/* $NetBSD: ip_state.c,v 1.19 1999/12/28 07:14:53 darrenr Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
@@ -9,7 +9,7 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_state.c,v 1.18 1999/12/12 11:11:18 veego Exp $";
+static const char rcsid[] = "$NetBSD: ip_state.c,v 1.19 1999/12/28 07:14:53 darrenr Exp $";
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 2.3.2.14 1999/11/30 13:46:05 darrenr Exp";
@@ -229,6 +229,14 @@
} else
error = EINVAL;
break;
+#ifdef IPFILTER_LOG
+ case SIOCIPFFB :
+ if (!(mode & FWRITE))
+ error = EPERM;
+ else
+ *(int *)data = ipflog_clear(IPL_LOGSTATE);
+ break;
+#endif
case SIOCGIPST :
IWCOPY((caddr_t)fr_statetstats(), data, sizeof(ips_stat_t));
break;
@@ -658,12 +666,12 @@
struct icmp *ic;
u_short savelen;
fr_info_t ofin;
- u_int hv, dest;
tcphdr_t *tcp;
icmphdr_t *icmp;
frentry_t *fr;
ip_t *oip;
int type;
+ u_int hv;
/*
* Does it at least have the return (basic) IP header ?
@@ -697,8 +705,10 @@
* XXX theoretically ICMP_ECHOREP and the other reply's are
* ICMP query's as well, but adding them here seems strange XXX
*/
- if ((icmp->icmp_type != ICMP_ECHO) && (icmp->icmp_type != ICMP_TSTAMP) &&
- (icmp->icmp_type != ICMP_IREQ) && (icmp->icmp_type != ICMP_MASKREQ))
+ if ((icmp->icmp_type != ICMP_ECHO) &&
+ (icmp->icmp_type != ICMP_TSTAMP) &&
+ (icmp->icmp_type != ICMP_IREQ) &&
+ (icmp->icmp_type != ICMP_MASKREQ))
return NULL;
/*
@@ -708,8 +718,10 @@
hv = (pr = oip->ip_p);
hv += (src.s_addr = oip->ip_src.s_addr);
hv += (dst.s_addr = oip->ip_dst.s_addr);
- hv += icmp->icmp_id;
- hv += icmp->icmp_seq;
+ if (icmp->icmp_type == ICMP_ECHO) {
+ hv += icmp->icmp_id;
+ hv += icmp->icmp_seq;
+ }
hv %= fr_statesize;
oip->ip_len = ntohs(oip->ip_len);
@@ -718,30 +730,30 @@
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
-
+
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next)
if ((is->is_p == pr) &&
- (icmp->icmp_id == is->is_icmp.ics_id) &&
- (icmp->icmp_seq == is->is_icmp.ics_seq) &&
fr_matchsrcdst(is, src, dst, &ofin, NULL)) {
-
/*
* in the state table ICMP query's are stored
* with the type of the corresponding ICMP
* response. Correct here
*/
if (((is->is_type == ICMP_ECHOREPLY) &&
+ (icmp->icmp_id == is->is_icmp.ics_id) &&
+ (icmp->icmp_seq == is->is_icmp.ics_seq) &&
(icmp->icmp_type == ICMP_ECHO)) ||
- (is->is_type - 1 == ic->icmp_type )) {
+ (is->is_type - 1 == ic->icmp_type)) {
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
- return is->is_rule;
+ fr = is->is_rule;
+ RWLOCK_EXIT(&ipf_state);
+ return fr;
}
}
RWLOCK_EXIT(&ipf_state);
-
return NULL;
};
@@ -792,7 +804,6 @@
* we must swap src and dst here because the icmp
* comes the other way around
*/
- dest = (is->is_dst.s_addr != src.s_addr);
is->is_pkts++;
is->is_bytes += ip->ip_len;
/*
@@ -840,17 +851,20 @@
switch (ip->ip_p)
{
case IPPROTO_ICMP :
- hv += ic->icmp_id;
- hv += ic->icmp_seq;
+ if ((ic->icmp_type == ICMP_ECHO) ||
+ (ic->icmp_type == ICMP_ECHOREPLY)) {
+ hv += ic->icmp_id;
+ hv += ic->icmp_seq;
+ }
hv %= fr_statesize;
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_next)
if ((is->is_p == pr) &&
- (ic->icmp_id == is->is_icmp.ics_id) &&
- (ic->icmp_seq == is->is_icmp.ics_seq) &&
fr_matchsrcdst(is, src, dst, fin, NULL)) {
if ((is->is_type == ICMP_ECHOREPLY) &&
- (ic->icmp_type == ICMP_ECHO))
+ (ic->icmp_type == ICMP_ECHO) &&
+ (ic->icmp_id == is->is_icmp.ics_id) &&
+ (ic->icmp_seq == is->is_icmp.ics_seq))
;
else if (is->is_type != ic->icmp_type)
continue;
diff -r 4e9b33a8f47b -r 2ae8b484d2c6 sys/netinet/ipl.h
--- a/sys/netinet/ipl.h Tue Dec 28 03:15:16 1999 +0000
+++ b/sys/netinet/ipl.h Tue Dec 28 07:14:53 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipl.h,v 1.1.1.1 1999/12/12 10:57:57 veego Exp $ */
+/* $NetBSD: ipl.h,v 1.2 1999/12/28 07:14:53 darrenr Exp $ */
/*
* Copyright (C) 1993-1999 by Darren Reed.
@@ -13,6 +13,6 @@
#ifndef __IPL_H__
#define __IPL_H__
-#define IPL_VERSION "IP Filter: v3.3.5"
+#define IPL_VERSION "IP Filter: v3.3.6"
#endif
Home |
Main Index |
Thread Index |
Old Index