Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/dist/ipf Pull up revisions 1.3-1.4 (requested by martti):
details: https://anonhg.NetBSD.org/src/rev/cde28da6b132
branches: netbsd-1-5
changeset: 492672:cde28da6b132
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:55:03 2002 +0000
description:
Pull up revisions 1.3-1.4 (requested by martti):
Updated IPFilter to 3.4.23
diffstat:
dist/ipf/BNF | 15 +++--
dist/ipf/ipft_tx.c | 24 ++++---
dist/ipf/ipsend/ipsend.c | 21 ++++--
dist/ipf/kmem.c | 135 ++++++++++++++++++++++++++++++++++++---------
dist/ipf/relay.c | 11 ++-
dist/ipf/test/expected/i7 | 4 +-
6 files changed, 151 insertions(+), 59 deletions(-)
diffs (truncated from 422 to 300 lines):
diff -r 30f72e814331 -r cde28da6b132 dist/ipf/BNF
--- a/dist/ipf/BNF Wed Feb 06 22:59:56 2002 +0000
+++ b/dist/ipf/BNF Sat Feb 09 16:55:03 2002 +0000
@@ -2,27 +2,29 @@
[ proto ] [ ip ] [ group ].
insert = "@" decnumber .
-action = block | "pass" | log | "count" | skip | auth | call .
+action = block | "no-match" | "pass" | log | "count" | skip | auth | call .
in-out = "in" | "out" .
-options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] .
+options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ]
+ [ via ] ] .
tos = "tos" decnumber | "tos" hexnumber .
ttl = "ttl" decnumber .
proto = "proto" protocol .
ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group = [ "head" decnumber ] [ "group" decnumber ] .
-block = "block" [ icmp [return-code] | "return-rst" ] .
+block = "block" [ reutrn-icmp[return-code] | "return-rst" ] .
auth = "auth" | "preauth" .
log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
call = "call" [ "now" ] function-name .
skip = "skip" decnumber .
dup = "dup-to" interface-name[":"ipaddr] .
-froute = "fastroute" | "to" interface-name .
+via = "in-via" interface-name | "out-via" interface-name .
+froute = "fastroute" | "to" interface-name [ ":" ipaddr ] .
protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
srcdst = "all" | fromto .
fromto = "from" object "to" object .
-icmp = "return-icmp" | "return-icmp-as-dest" .
+reutrn-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
@@ -32,7 +34,8 @@
with = "with" | "and" .
icmp = "icmp-type" icmp-type [ "code" decnumber ] .
return-code = "("icmp-code")" .
-keep = "keep" "state" | "keep" "frags" .
+keep = "keep" "state" | "keep" "frags" | "keep" "state-age" state-age .
+state-age = decnmber [ "/" decnumber ] .
nummask = host-name [ "/" decnumber ] .
host-name = ipaddr | hostname | "any" .
diff -r 30f72e814331 -r cde28da6b132 dist/ipf/ipft_tx.c
--- a/dist/ipf/ipft_tx.c Wed Feb 06 22:59:56 2002 +0000
+++ b/dist/ipf/ipft_tx.c Sat Feb 09 16:55:03 2002 +0000
@@ -1,11 +1,9 @@
-/* $NetBSD: ipft_tx.c,v 1.2 2000/05/03 11:40:16 veego Exp $ */
+/* $NetBSD: ipft_tx.c,v 1.2.4.1 2002/02/09 16:55:04 he Exp $ */
/*
- * Copyright (C) 1995-2000 by Darren Reed.
+ * Copyright (C) 1995-2001 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
#include <stdio.h>
#include <ctype.h>
@@ -45,7 +43,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_tx.c,v 2.3 2000/03/13 22:10:24 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipft_tx.c,v 2.3.2.4 2001/06/26 10:43:18 darrenr Exp";
#endif
extern int opts;
@@ -56,9 +54,9 @@
static int text_readip __P((char *, int, char **, int *));
static int parseline __P((char *, ip_t *, char **, int *));
-static char _tcp_flagset[] = "FSRPAU";
+static char _tcp_flagset[] = "FSRPAUEC";
static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,
- TH_ACK, TH_URG };
+ TH_ACK, TH_URG, TH_ECN, TH_CWR };
struct ipread iptext = { text_open, text_close, text_readip };
static FILE *tfp = NULL;
@@ -225,12 +223,12 @@
bzero(ipopts, sizeof(ipopts));
ip->ip_hl = sizeof(*ip) >> 2;
ip->ip_v = IPVERSION;
- for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; )
+ for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && (i < 19); )
cps[++i] = strtok(NULL, " \b\t\r\n");
- if (i < 2)
- return 1;
cpp = cps;
+ if (!*cpp)
+ return 1;
c = **cpp;
if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) {
@@ -239,12 +237,16 @@
}
*out = (tolower(c) == 'o') ? 1 : 0;
cpp++;
+ if (!*cpp)
+ return 1;
if (!strcasecmp(*cpp, "on")) {
cpp++;
if (!*cpp)
return 1;
*ifn = strdup(*cpp++);
+ if (!*cpp)
+ return 1;
}
c = **cpp;
diff -r 30f72e814331 -r cde28da6b132 dist/ipf/ipsend/ipsend.c
--- a/dist/ipf/ipsend/ipsend.c Wed Feb 06 22:59:56 2002 +0000
+++ b/dist/ipf/ipsend/ipsend.c Sat Feb 09 16:55:03 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsend.c,v 1.2 2000/05/03 11:40:19 veego Exp $ */
+/* $NetBSD: ipsend.c,v 1.2.4.1 2002/02/09 16:55:04 he Exp $ */
/*
* ipsend.c (C) 1995-1998 Darren Reed
@@ -8,14 +8,8 @@
* conditions, enough of the TCP header is missing for unpredictable
* results unless the filter is aware that this can happen.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
-#if !defined(lint)
-static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipsend.c,v 2.2 1999/12/04 03:37:05 darrenr Exp";
-#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@@ -38,6 +32,11 @@
#include "ipsend.h"
#include "ipf.h"
+#if !defined(lint)
+static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed";
+static const char rcsid[] = "@(#)Id: ipsend.c,v 2.2.2.3 2001/07/15 22:00:14 darrenr Exp";
+#endif
+
extern char *optarg;
extern int optind;
@@ -349,6 +348,12 @@
printf("Options: %d\n", olen);
ti = (struct tcpiphdr *)malloc(olen + ip->ip_len);
+ if(!ti)
+ {
+ fprintf(stderr,"malloc failed\n");
+ exit(2);
+ }
+
bcopy((char *)ip, (char *)ti, sizeof(*ip));
ip = (ip_t *)ti;
ip->ip_hl = (olen >> 2);
diff -r 30f72e814331 -r cde28da6b132 dist/ipf/kmem.c
--- a/dist/ipf/kmem.c Wed Feb 06 22:59:56 2002 +0000
+++ b/dist/ipf/kmem.c Sat Feb 09 16:55:03 2002 +0000
@@ -1,11 +1,9 @@
-/* $NetBSD: kmem.c,v 1.2 2000/05/03 11:40:16 veego Exp $ */
+/* $NetBSD: kmem.c,v 1.2.4.1 2002/02/09 16:55:04 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2002 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* kmemcpy() - copies n bytes from kernel memory into user buffer.
@@ -13,28 +11,49 @@
*/
#include <stdio.h>
+#include <sys/param.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
+#include <string.h>
#include <fcntl.h>
#include <sys/file.h>
+#include <kvm.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <net/if.h>
+#if __FreeBSD_version >= 300000
+# include <net/if_var.h>
+#endif
+
#include "kmem.h"
+#ifndef __STDC__
+# define const
+#endif
+
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
-static const char rcsid[] = "@(#)Id: kmem.c,v 2.2 2000/03/13 22:10:25 darrenr Exp";
+static const char rcsid[] = "@(#)Id: kmem.c,v 2.2.2.8 2002/01/15 14:36:53 darrenr Exp";
#endif
-static int kmemfd = -1;
+static kvm_t *kvm_f = NULL;
-int openkmem()
+int openkmem(kern, core)
+char *kern, *core;
{
- if ((kmemfd = open(KMEM,O_RDONLY)) == -1)
+ kvm_f = kvm_open(kern, core, NULL, O_RDONLY, NULL);
+ if (kvm_f == NULL)
{
- perror("kmeminit:open");
+ perror("openkmem:open");
return -1;
}
- return kmemfd;
+ return 0;
}
int kmemcpy(buf, pos, n)
@@ -46,23 +65,22 @@
if (!n)
return 0;
- if (kmemfd == -1)
- if (openkmem() == -1)
+
+ if (kvm_f == NULL)
+ if (openkmem(NULL, NULL) == -1)
return -1;
- if (lseek(kmemfd, pos, 0) == -1)
- {
- perror("kmemcpy:lseek");
- return -1;
- }
- while ((r = read(kmemfd, buf, n)) < n)
+
+ while ((r = kvm_read(kvm_f, pos, buf, n)) < n)
if (r <= 0)
{
+ fprintf(stderr, "pos=0x%x ", (u_int)pos);
perror("kmemcpy:read");
return -1;
}
else
{
buf += r;
+ pos += r;
n -= r;
}
return 0;
@@ -77,18 +95,17 @@
if (!n)
return 0;
- if (kmemfd == -1)
- if (openkmem() == -1)
+
+ if (kvm_f == NULL)
+ if (openkmem(NULL, NULL) == -1)
return -1;
- if (lseek(kmemfd, pos, 0) == -1)
+
+ while (n > 0)
{
- perror("kmemcpy:lseek");
- return -1;
- }
- while (n > 0) {
- r = read(kmemfd, buf, 1);
+ r = kvm_read(kvm_f, pos, buf, 1);
if (r <= 0)
{
+ fprintf(stderr, "pos=0x%x ", (u_int)pos);
perror("kmemcpy:read");
return -1;
Home |
Main Index |
Thread Index |
Old Index