Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Upgraded IPFilter to 3.4.25
details: https://anonhg.NetBSD.org/src/rev/988f597ab805
branches: trunk
changeset: 523703:988f597ab805
user: martti <martti%NetBSD.org@localhost>
date: Thu Mar 14 12:32:36 2002 +0000
description:
Upgraded IPFilter to 3.4.25
diffstat:
dist/ipf/BNF | 4 +-
dist/ipf/HISTORY | 60 +++++++++++++++++++++-
dist/ipf/Makefile | 10 +-
dist/ipf/fils.c | 7 +-
dist/ipf/ipf.c | 9 +-
dist/ipf/ipft_ef.c | 7 +-
dist/ipf/ipft_hx.c | 7 +-
dist/ipf/ipft_pc.c | 7 +-
dist/ipf/ipft_sn.c | 7 +-
dist/ipf/ipft_td.c | 7 +-
dist/ipf/ipft_tx.c | 9 ++-
dist/ipf/iplang/iplang_y.y | 7 +-
dist/ipf/ipmon.c | 51 ++++++++++++------
dist/ipf/ipnat.c | 7 +-
dist/ipf/ipsend/44arp.c | 5 +-
dist/ipf/ipsend/arp.c | 7 +-
dist/ipf/ipsend/ip.c | 7 +-
dist/ipf/ipsend/ipresend.c | 8 ++-
dist/ipf/ipsend/ipsend.c | 7 +-
dist/ipf/ipsend/ipsopt.c | 8 ++-
dist/ipf/ipsend/iptest.c | 7 +-
dist/ipf/ipsend/iptests.c | 7 +-
dist/ipf/ipsend/lsock.c | 7 +-
dist/ipf/ipsend/resend.c | 7 +-
dist/ipf/ipsend/sirix.c | 5 +-
dist/ipf/ipsend/sock.c | 7 +-
dist/ipf/ipt.c | 81 ++++++++++++++++++++++++++--
dist/ipf/kmem.c | 66 +++++++++++++++++++++-
dist/ipf/man/ipf.4 | 4 +-
dist/ipf/man/ipfilter.5 | 2 +-
dist/ipf/man/ipl.4 | 4 +-
dist/ipf/man/ipmon.8 | 8 ++-
dist/ipf/misc.c | 7 +-
dist/ipf/natparse.c | 7 +-
dist/ipf/opt.c | 7 +-
dist/ipf/parse.c | 60 ++++++++++++++++-----
dist/ipf/printnat.c | 12 ++-
dist/ipf/printstate.c | 2 +-
dist/ipf/test/Makefile | 16 ++++-
sys/lkm/netinet/if_ipl/mln_ipl.c | 8 ++-
sys/netinet/fil.c | 109 ++++++++++++++++++++++----------------
sys/netinet/ip_auth.c | 14 +++-
sys/netinet/ip_compat.h | 84 ++++++++++++++++++-----------
sys/netinet/ip_fil.c | 97 ++++++++++++++++++++++++++--------
sys/netinet/ip_fil.h | 51 ++++++++++--------
sys/netinet/ip_frag.c | 10 ++-
sys/netinet/ip_ftp_pxy.c | 18 +++---
sys/netinet/ip_log.c | 71 ++++++++++++++-----------
sys/netinet/ip_nat.c | 53 +++++++-----------
sys/netinet/ip_proxy.c | 20 +++++-
sys/netinet/ip_state.c | 18 ++++-
sys/netinet/ip_state.h | 5 +-
sys/netinet/ipl.h | 6 +-
53 files changed, 780 insertions(+), 341 deletions(-)
diffs (truncated from 3102 to 300 lines):
diff -r f555797ef803 -r 988f597ab805 dist/ipf/BNF
--- a/dist/ipf/BNF Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/BNF Thu Mar 14 12:32:36 2002 +0000
@@ -12,7 +12,7 @@
ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group = [ "head" decnumber ] [ "group" decnumber ] .
-block = "block" [ reutrn-icmp[return-code] | "return-rst" ] .
+block = "block" [ return-icmp[return-code] | "return-rst" ] .
auth = "auth" | "preauth" .
log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
call = "call" [ "now" ] function-name .
@@ -24,7 +24,7 @@
srcdst = "all" | fromto .
fromto = "from" object "to" object .
-reutrn-icmp = "return-icmp" | "return-icmp-as-dest" .
+return-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object = addr [ port-comp | port-range ] .
addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
diff -r f555797ef803 -r 988f597ab805 dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/HISTORY Thu Mar 14 12:32:36 2002 +0000
@@ -22,7 +22,65 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
-3.4.22 16/01/2002 - Released
+3.4.25 13/03/2002 - Released
+
+retain rule # in state information
+
+log the direction of a packet so ipmon gets it right rather than incorrectly
+deriving it from the rule flags
+
+add #ifdef for IPFILTER_LOGSIZE (put options IPFILTER_LOGSIZE=16384 in BSD
+kernel config files to increase that buffer size)
+
+recognise return-* rules differently to block in ipftest
+
+fix bug in ipmon output for solaris
+
+add regression testing for skip rules, logging and using head/group
+
+fix output of ipmon: was displaying large unsigned ints rather than -1
+when no rules matched.
+
+make logging code compile into ipftest and add -l command line option to
+dump binary log file (read with ipmon -f) when it finishes.
+
+protect rule # and group # from interference when checking accounting rules
+
+add regression testing for log output (text) from ipmon.
+
+document -b command line option for ipmon
+
+fix double-quick in Solaris startup script
+
+3.4.24 01/03/2002 - Released
+
+fix how files are installed on SunOS5
+
+fix some minor problems in SunOS5 ipfboot script
+
+by default, compile all OpenBSD tools in 3.0 for IPv6
+
+fix NULL-pointer dereference in NAT code
+
+make a better attempt at replacing the appropriate binaries on BSD systems
+
+always print IPv6 icmp-types as a number
+
+impose some rules about what "skip" can be used with
+
+fix parsing problems with "keep state" and "keep state-age"
+
+Try to read as much data as is in the log device in ipmon
+
+remove some redundant checks when searching for rdr/nat rules
+
+fix bug in handling of ACCT with FTP proxy
+
+increase array size for interface names, using LIFNAMSIZ
+
+include H.323 proxy from QNX
+
+3.4.23 16/01/2002 - Released
Include patches to install IPFilter into OpenBSD 3.0, both for just kernel
compiles and complete system builds.
diff -r f555797ef803 -r 988f597ab805 dist/ipf/Makefile
--- a/dist/ipf/Makefile Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/Makefile Thu Mar 14 12:32:36 2002 +0000
@@ -3,7 +3,7 @@
#
# See the IPFILTER.LICENCE file for details on licencing.
#
-# Id: Makefile,v 2.11.2.10 2001/09/22 13:11:15 darrenr Exp
+# Id: Makefile,v 2.11.2.13 2002/03/06 09:43:15 darrenr Exp
#
BINDEST=/usr/local/bin
SBINDEST=/sbin
@@ -59,7 +59,7 @@
#
POLICY=-DIPF_DEFAULT_PASS=FR_PASS
#
-MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(INET6)' \
+MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(INET6) $(IPFLOG)' \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)" 'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' \
@@ -168,8 +168,8 @@
irix IRIX: include
make setup "TARGOS=IRIX" "CPUDIR=$(CPUDIR)"
- -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.std build TOP=../.. $(DEST) $(MFLAGS); else smake build TOP=../.. $(DEST) $(MFLAGS); fi;)
- -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.ipsend.std TOP=../.. $(DEST) $(MFLAGS); else smake -f Makefile.ipsend TOP=../.. $(DEST) $(MFLAGS); fi)
+ -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.std build TOP=../.. $(DEST) SGI=`../getrev` $(MFLAGS); else smake build SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); fi;)
+ -(cd IRIX/$(CPUDIR); if [ $(MAKE) = make ] ; then make -f Makefile.ipsend.std SGI=`../getrev` TOP=../.. $(DEST) $(MFLAGS); else smake -f Makefile.ipsend SGI=`../getrev` TOP=../.. $(DEST)
$(MFLAGS); fi)
linux: include
make setup "TARGOS=Linux" "CPUDIR=$(CPUDIR)"
@@ -258,7 +258,7 @@
(cd BSD/$(CPUDIR); make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..)
install-sunos4: solaris
- (cd SunOS4; $(MAKE) "CPU=$(CPU) TOP=.." install)
+ (cd SunOS4; $(MAKE) "CPU=$(CPU)" "TOP=.." install)
install-sunos5: solaris
(cd SunOS5; $(MAKE) "CPUDIR=`uname -p`-`uname -r`" "CPU=$(CPU) TOP=.." install)
diff -r f555797ef803 -r 988f597ab805 dist/ipf/fils.c
--- a/dist/ipf/fils.c Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/fils.c Thu Mar 14 12:32:36 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fils.c,v 1.13 2002/01/24 08:21:31 martti Exp $ */
+/* $NetBSD: fils.c,v 1.14 2002/03/14 12:32:36 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -14,6 +14,9 @@
# endif
# endif
#endif
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__svr4__)
@@ -93,7 +96,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.33 2002/01/13 04:58:10 darrenr Exp";
+static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.34 2002/02/22 15:32:45 darrenr Exp";
#endif
extern char *optarg;
diff -r f555797ef803 -r 988f597ab805 dist/ipf/ipf.c
--- a/dist/ipf/ipf.c Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/ipf.c Thu Mar 14 12:32:36 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.7 2002/01/24 08:21:32 martti Exp $ */
+/* $NetBSD: ipf.c,v 1.8 2002/03/14 12:32:36 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -14,6 +14,9 @@
# endif
# endif
#endif
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
@@ -49,7 +52,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.11 2002/01/09 11:46:01 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.13 2002/02/22 15:32:53 darrenr Exp";
#endif
#if SOLARIS
@@ -105,11 +108,9 @@
while ((c = getopt(argc, argv, OPTS)) != -1) {
switch (c)
{
-#ifdef USE_INET6
case '6' :
use_inet6 = 1;
break;
-#endif
case 'A' :
opts &= ~OPT_INACTIVE;
break;
diff -r f555797ef803 -r 988f597ab805 dist/ipf/ipft_ef.c
--- a/dist/ipf/ipft_ef.c Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/ipft_ef.c Thu Mar 14 12:32:36 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipft_ef.c,v 1.3 2002/01/24 08:21:33 martti Exp $ */
+/* $NetBSD: ipft_ef.c,v 1.4 2002/03/14 12:32:37 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -19,6 +19,9 @@
0.32 91 04 131.170.1.10 128.250.133.13
0.33 566 udp 128.250.37.155 128.250.133.3 901 901
*/
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
@@ -51,7 +54,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_ef.c,v 2.2.2.1 2001/06/26 10:43:18 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipft_ef.c,v 2.2.2.2 2002/02/22 15:32:53 darrenr Exp";
#endif
static int etherf_open __P((char *));
diff -r f555797ef803 -r 988f597ab805 dist/ipf/ipft_hx.c
--- a/dist/ipf/ipft_hx.c Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/ipft_hx.c Thu Mar 14 12:32:36 2002 +0000
@@ -1,10 +1,13 @@
-/* $NetBSD: ipft_hx.c,v 1.3 2002/01/24 08:21:33 martti Exp $ */
+/* $NetBSD: ipft_hx.c,v 1.4 2002/03/14 12:32:38 martti Exp $ */
/*
* Copyright (C) 1995-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <stdio.h>
#include <ctype.h>
#include <assert.h>
@@ -42,7 +45,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_hx.c,v 2.2.2.4 2001/12/08 15:44:50 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipft_hx.c,v 2.2.2.5 2002/02/22 15:32:54 darrenr Exp";
#endif
extern int opts;
diff -r f555797ef803 -r 988f597ab805 dist/ipf/ipft_pc.c
--- a/dist/ipf/ipft_pc.c Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/ipft_pc.c Thu Mar 14 12:32:36 2002 +0000
@@ -1,10 +1,13 @@
-/* $NetBSD: ipft_pc.c,v 1.3 2002/01/24 08:21:33 martti Exp $ */
+/* $NetBSD: ipft_pc.c,v 1.4 2002/03/14 12:32:38 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
@@ -33,7 +36,7 @@
#include "ipt.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)Id: ipft_pc.c,v 2.2.2.2 2001/06/26 10:43:18 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipft_pc.c,v 2.2.2.3 2002/02/22 15:32:54 darrenr Exp";
#endif
struct llc {
diff -r f555797ef803 -r 988f597ab805 dist/ipf/ipft_sn.c
--- a/dist/ipf/ipft_sn.c Thu Mar 14 12:30:07 2002 +0000
+++ b/dist/ipf/ipft_sn.c Thu Mar 14 12:32:36 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipft_sn.c,v 1.3 2002/01/24 08:21:33 martti Exp $ */
+/* $NetBSD: ipft_sn.c,v 1.4 2002/03/14 12:32:38 martti Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -9,6 +9,9 @@
/*
* Written to comply with the recent RFC 1761 from Sun.
*/
+#ifdef __sgi
+# include <sys/ptimers.h>
+#endif
#include <stdio.h>
#include <string.h>
Home |
Main Index |
Thread Index |
Old Index