Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src Pull up upgrade to IPfilter 3.4.29 (requested by martti...
details: https://anonhg.NetBSD.org/src/rev/e9e7c70f55a2
branches: netbsd-1-6
changeset: 529191:e9e7c70f55a2
user: lukem <lukem%NetBSD.org@localhost>
date: Thu Oct 24 09:33:25 2002 +0000
description:
Pull up upgrade to IPfilter 3.4.29 (requested by martti in ticket #905).
Affected files & revisions:
dist/ipf/HISTORY 1.14
dist/ipf/fils.c 1.17-1.21
dist/ipf/ipf.c 1.11-1.13
dist/ipf/ipfs.c 1.8-1.10
dist/ipf/ipft_ef.c 1.6-1.7
dist/ipf/ipft_td.c 1.6-1.7
dist/ipf/ipft_tx.c 1.7-1.8
dist/ipf/ipmon.c 1.12-1.17
dist/ipf/ipnat.c 1.11-1.12
dist/ipf/ipsend/ip_var.h 1.2
dist/ipf/ipsend/ipsend.c 1.8
dist/ipf/ipsend/iptests.c 1.5
dist/ipf/ipt.c 1.8-1.10
dist/ipf/kmem.c 1.8-1.10
dist/ipf/man/ipf.4 1.10
dist/ipf/man/ipf.5 1.8
dist/ipf/man/ipftest.1 1.3
dist/ipf/man/ipmon.8 1.10
dist/ipf/man/ipnat.5 1.9-1.10
dist/ipf/man/ipnat.8 1.4
dist/ipf/misc.c 1.7
dist/ipf/natparse.c 1.10
dist/ipf/parse.c 1.13
dist/ipf/printnat.c 1.8-1.10
dist/ipf/relay.c 1.5-1.6
dist/ipf/rules/example.9 1.2
etc/rc.d/ipnat 1.8
regress/sys/kern/ipf/Makefile 1.3-1.4
regress/sys/kern/ipf/dotest6 1.2
regress/sys/kern/ipf/expected/f13 1.1.1.2
regress/sys/kern/ipf/expected/i12 1.1.1.1
regress/sys/kern/ipf/expected/ni3 1.1.1.1
regress/sys/kern/ipf/expected/ni5 1.2
regress/sys/kern/ipf/input/f13 1.1.1.2
regress/sys/kern/ipf/input/ipv6.1 1.1.1.1
regress/sys/kern/ipf/input/ni3 1.1.1.1
regress/sys/kern/ipf/regress/i12 1.1.1.1
regress/sys/kern/ipf/regress/ipv6.1 1.1.1.1
regress/sys/kern/ipf/regress/ni3.ipf 1.1.1.1
regress/sys/kern/ipf/regress/ni3.nat 1.1.1.1
sys/arch/alpha/conf/ALPHA 1.169,1.171
sys/arch/amiga/conf/GENERIC 1.185-1.186
sys/arch/arc/conf/GENERIC 1.71-1.72
sys/arch/atari/conf/GENERIC.in 1.24-1.25
sys/arch/cats/conf/GENERIC 1.31-1.32
sys/arch/cobalt/conf/GENERIC 1.34-1.35
sys/arch/hp300/conf/GENERIC 1.83-1.84
sys/arch/i386/conf/CARDBUS 1.66-1.67
sys/arch/i386/conf/GENERIC 1.510,1.512
sys/arch/i386/conf/GENERIC_LAPTOP 1.58-1.59
sys/arch/i386/conf/GENERIC_PS2TINY 1.19-1.20
sys/arch/i386/conf/GENERIC_TINY 1.47-1.48
sys/arch/luna68k/conf/GENERIC 1.33-1.33
sys/arch/mac68k/conf/GENERIC 1.130-1.131
sys/arch/mac68k/conf/GENERICSBC 1.21-1.22
sys/arch/mac68k/conf/SMALLRAM 1.4-1.5
sys/arch/macppc/conf/GENERIC 1.142-1.143
sys/arch/mipsco/conf/GENERIC 1.21-1.22
sys/arch/mmeye/conf/GENERIC 1.44-1.45
sys/arch/news68k/conf/GENERIC 1.36-1.37
sys/arch/news68k/conf/GENERIC_TINY 1.18-1.19
sys/arch/newsmips/conf/GENERIC 1.50-1.51
sys/arch/ofppc/conf/GENERIC 1.56-1.57
sys/arch/pmax/conf/GENERIC 1.103-1.104
sys/arch/prep/conf/GENERIC 1.55-1.56
sys/arch/sbmips/conf/GENERIC 1.11-1.12
sys/arch/sgimips/conf/GENERIC 1.7-1.8
sys/arch/sparc/conf/GENERIC 1.138-1.139
sys/arch/sparc64/conf/GENERIC32 1.46-1.47
sys/arch/vax/conf/GENERIC 1.102-1.103
sys/arch/x68k/conf/ALL 1.55-1.56
sys/arch/x68k/conf/GENERIC 1.80-1.81
sys/lkm/netinet/if_ipl/mln_ipl.c 1.29
sys/netinet/fil.c 1.57-1.58
sys/netinet/ip_auth.c 1.29-1.30
sys/netinet/ip_compat.h 1.30-1.31
sys/netinet/ip_fil.c 1.81-1.86
sys/netinet/ip_fil.h 1.46-1.49
sys/netinet/ip_frag.c 1.33-1.34
sys/netinet/ip_frag.h 1.18
sys/netinet/ip_ftp_pxy.c 1.25-1.26
sys/netinet/ip_h323_pxy.c 1.5-1.6
sys/netinet/ip_log.c 1.22-1.23
sys/netinet/ip_nat.c 1.51-1.53
sys/netinet/ip_nat.h 1.27
sys/netinet/ip_netbios_pxy.c 1.4
sys/netinet/ip_proxy.c 1.35-1.36
sys/netinet/ip_proxy.h 1.18
sys/netinet/ip_state.c 1.41-1.42
sys/netinet/ip_state.h 1.23
sys/netinet/ipl.h 1.14
diffstat:
dist/ipf/HISTORY | 62 +++++++++++
dist/ipf/fils.c | 37 +++++-
dist/ipf/ipf.c | 17 +-
dist/ipf/ipfs.c | 18 ++-
dist/ipf/ipft_ef.c | 14 +-
dist/ipf/ipft_td.c | 8 +-
dist/ipf/ipft_tx.c | 8 +-
dist/ipf/ipmon.c | 41 ++++--
dist/ipf/ipnat.c | 6 +-
dist/ipf/ipsend/ip_var.h | 4 +-
dist/ipf/ipsend/ipsend.c | 8 +-
dist/ipf/ipsend/iptests.c | 38 ++++++-
dist/ipf/ipt.c | 58 +++++++--
dist/ipf/kmem.c | 29 +++-
dist/ipf/man/ipf.4 | 8 +-
dist/ipf/man/ipf.5 | 4 +-
dist/ipf/man/ipftest.1 | 15 ++-
dist/ipf/man/ipmon.8 | 9 +-
dist/ipf/man/ipnat.5 | 25 +++-
dist/ipf/man/ipnat.8 | 22 +++-
dist/ipf/misc.c | 8 +-
dist/ipf/natparse.c | 8 +-
dist/ipf/parse.c | 8 +-
dist/ipf/printnat.c | 22 ++-
dist/ipf/relay.c | 54 ++++++++-
dist/ipf/rules/example.9 | 4 +-
etc/rc.d/ipnat | 6 +-
regress/sys/kern/ipf/Makefile | 12 +-
regress/sys/kern/ipf/dotest6 | 38 ++++++
regress/sys/kern/ipf/expected/f13 | 12 ++
regress/sys/kern/ipf/expected/i12 | 4 +
regress/sys/kern/ipf/expected/ni3 | 4 +
regress/sys/kern/ipf/expected/ni5 | 6 +-
regress/sys/kern/ipf/input/f13 | 14 +-
regress/sys/kern/ipf/input/ipv6.1 | 22 +++
regress/sys/kern/ipf/input/ni3 | 10 +
regress/sys/kern/ipf/regress/i12 | 4 +
regress/sys/kern/ipf/regress/ipv6.1 | 3 +
regress/sys/kern/ipf/regress/ni3.ipf | 4 +
regress/sys/kern/ipf/regress/ni3.nat | 1 +
sys/arch/alpha/conf/ALPHA | 5 +-
sys/arch/amiga/conf/GENERIC | 5 +-
sys/arch/arc/conf/GENERIC | 5 +-
sys/arch/atari/conf/GENERIC.in | 4 +-
sys/arch/cats/conf/GENERIC | 3 +-
sys/arch/cobalt/conf/GENERIC | 5 +-
sys/arch/hp300/conf/GENERIC | 5 +-
sys/arch/i386/conf/CARDBUS | 5 +-
sys/arch/i386/conf/GENERIC | 5 +-
sys/arch/i386/conf/GENERIC_LAPTOP | 5 +-
sys/arch/i386/conf/GENERIC_PS2TINY | 3 +-
sys/arch/i386/conf/GENERIC_TINY | 3 +-
sys/arch/luna68k/conf/GENERIC | 5 +-
sys/arch/mac68k/conf/GENERIC | 5 +-
sys/arch/mac68k/conf/GENERICSBC | 5 +-
sys/arch/mac68k/conf/SMALLRAM | 5 +-
sys/arch/macppc/conf/GENERIC | 5 +-
sys/arch/mipsco/conf/GENERIC | 3 +-
sys/arch/mmeye/conf/GENERIC | 5 +-
sys/arch/news68k/conf/GENERIC | 5 +-
sys/arch/news68k/conf/GENERIC_TINY | 5 +-
sys/arch/newsmips/conf/GENERIC | 5 +-
sys/arch/ofppc/conf/GENERIC | 5 +-
sys/arch/pmax/conf/GENERIC | 5 +-
sys/arch/prep/conf/GENERIC | 5 +-
sys/arch/sbmips/conf/GENERIC | 5 +-
sys/arch/sgimips/conf/GENERIC | 5 +-
sys/arch/sparc/conf/GENERIC | 5 +-
sys/arch/sparc64/conf/GENERIC32 | 5 +-
sys/arch/vax/conf/GENERIC | 5 +-
sys/arch/x68k/conf/ALL | 5 +-
sys/arch/x68k/conf/GENERIC | 5 +-
sys/lkm/netinet/if_ipl/mln_ipl.c | 28 ++++-
sys/netinet/fil.c | 25 ++-
sys/netinet/ip_auth.c | 11 +-
sys/netinet/ip_compat.h | 13 +-
sys/netinet/ip_fil.c | 74 ++++++++++--
sys/netinet/ip_fil.h | 10 +-
sys/netinet/ip_frag.c | 25 +--
sys/netinet/ip_frag.h | 8 +-
sys/netinet/ip_ftp_pxy.c | 196 ++++++++++++++++++++++++++++------
sys/netinet/ip_h323_pxy.c | 10 +-
sys/netinet/ip_log.c | 14 +-
sys/netinet/ip_nat.c | 39 +++---
sys/netinet/ip_nat.h | 5 +-
sys/netinet/ip_proxy.c | 103 +++++++++++++++---
sys/netinet/ip_proxy.h | 6 +-
sys/netinet/ip_state.c | 34 +++--
sys/netinet/ip_state.h | 7 +-
sys/netinet/ipl.h | 6 +-
90 files changed, 1064 insertions(+), 376 deletions(-)
diffs (truncated from 4058 to 300 lines):
diff -r ff3c4ce75feb -r e9e7c70f55a2 dist/ipf/HISTORY
--- a/dist/ipf/HISTORY Thu Oct 24 00:50:31 2002 +0000
+++ b/dist/ipf/HISTORY Thu Oct 24 09:33:25 2002 +0000
@@ -22,6 +22,68 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.4.29 28/8/2002 - Released
+
+Make substantial changes to the FTP proxy to improve reliability, security
+and functionality.
+
+don't send ICMP errors/TCP RST's in response to blocked proxy packets
+
+fix potential memory leaks when unloading ipfilter from kernel
+
+fix bug in SIOCGNATL handler that did not preserve the expected
+byte order from earlier versions in the port number
+
+set do not fragment flag in generated packets according to system flags,
+where available.
+
+preserve filter rule number and group number in state structure
+
+fix bug in ipmon printing of p/P/b/B
+
+make some changes to the kmem.c code for IRIX compatibility
+
+add code to specifically handle ip.tun* interfaces on Solaris
+
+3.4.28 6/6/2002 - Released
+
+Fix for H.323 proxy to work on little endian boxes
+
+IRIX: Update installation documentation
+ add route lock patch
+
+allow use of groups > 65535
+
+create a new packet info summary for packets going through ipfr_fastroute()
+so that where details are different (RST/ICMP errors), the packet now gets
+correctly NAT'd, etc.
+
+fix the FTP proxy so that checks for TCP sequence numbers outside the
+normal offset due to data changes use absolute numbers
+
+make it possible to remove rules in ipftest
+
+Update installing onto OpenBSD and split into two directories:
+OpenBSD-2 and OpenBSD-3
+
+fix error in printout out the protocol in NAT rules
+
+always unlock ipfilter if locking fails half way through in ipfs
+
+fix problems with TCP window scaling
+
+update of man pages for ipnat(4) and ipftest(1)
+
+3.4.27 28/04/2002 - Released
+
+fix calculation of 2's complmenent 16 bit checksum for user space
+
+add mbuflen() to usespace compiles.
+
+add more #ifdef complexity for platform portability
+
+add OpenBSD 3.1 diffs
+
3.4.26 25/04/2002 - Released
fix parsing and printing of NAT rules with regression tests.
diff -r ff3c4ce75feb -r e9e7c70f55a2 dist/ipf/fils.c
--- a/dist/ipf/fils.c Thu Oct 24 00:50:31 2002 +0000
+++ b/dist/ipf/fils.c Thu Oct 24 09:33:25 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: fils.c,v 1.16 2002/05/02 17:11:37 martti Exp $ */
+/* $NetBSD: fils.c,v 1.16.2.1 2002/10/24 09:33:25 lukem Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -34,8 +34,13 @@
(!defined(__FreeBSD_version) || (__FreeBSD_version < 430000))
# undef STATETOP
# endif
-# if defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105000000)
-# undef STATETOP
+# if defined(__NetBSD_Version__)
+# if (__NetBSD_Version__ < 105000000)
+# undef STATETOP
+# else
+# include <poll.h>
+# define USE_POLL
+# endif
# endif
# if defined(sun)
# if defined(__svr4__) || defined(__SVR4)
@@ -95,8 +100,10 @@
#endif
#if !defined(lint)
-static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: fils.c,v 2.21.2.35 2002/04/03 14:18:36 darrenr Exp";
+static const char sccsid[] __attribute__((__unused__)) =
+ "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] __attribute__((__unused__)) =
+ "@(#)Id: fils.c,v 2.21.2.36 2002/06/27 14:29:16 darrenr Exp";
#endif
extern char *optarg;
@@ -199,7 +206,7 @@
ipfrstat_t *ifrstp = &ifrst;
char *device = IPL_NAME, *memf = NULL;
char *kern = NULL;
- int c, fd, myoptind;
+ int c, myoptind;
struct protoent *proto;
int protocol = -1; /* -1 = wild card for any protocol */
@@ -356,8 +363,8 @@
bzero((char *)&ipsst, sizeof(ipsst));
bzero((char *)&ifrst, sizeof(ifrst));
- fd = ipfstate_live(device, &fiop, &ipsstp, &ifrstp,
- &frauthstp, &frf);
+ ipfstate_live(device, &fiop, &ipsstp, &ifrstp,
+ &frauthstp, &frf);
} else
ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf);
@@ -917,10 +924,14 @@
ipstate_t *istab[IPSTATE_SIZE], ips;
ips_stat_t ipsst, *ipsstp = &ipsst;
statetop_t *tstable = NULL, *tp;
- struct timeval selecttimeout;
char hostnm[HOSTNMLEN];
struct protoent *proto;
+#ifdef USE_POLL
+ struct pollfd set[1];
+#else
+ struct timeval selecttimeout;
fd_set readfd;
+#endif
int c = 0;
time_t t;
@@ -1190,6 +1201,13 @@
}
/* wait for key press or a 1 second time out period */
+#ifdef USE_POLL
+ set[0].fd = 0;
+ set[0].events = POLLIN;
+ poll(set, 1, refreshtime * 1000);
+
+ if (set[0].revents & POLLIN) {
+#else
selecttimeout.tv_sec = refreshtime;
selecttimeout.tv_usec = 0;
FD_ZERO(&readfd);
@@ -1198,6 +1216,7 @@
/* if key pressed, read all waiting keys */
if (FD_ISSET(0, &readfd)) {
+#endif
c = wgetch(stdscr);
if (c == ERR)
continue;
diff -r ff3c4ce75feb -r e9e7c70f55a2 dist/ipf/ipf.c
--- a/dist/ipf/ipf.c Thu Oct 24 00:50:31 2002 +0000
+++ b/dist/ipf/ipf.c Thu Oct 24 09:33:25 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.10 2002/05/02 17:11:37 martti Exp $ */
+/* $NetBSD: ipf.c,v 1.10.2.1 2002/10/24 09:33:27 lukem Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -51,8 +51,10 @@
#include "ipl.h"
#if !defined(lint)
-static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipf.c,v 2.10.2.14 2002/04/10 04:56:36 darrenr Exp";
+static const char sccsid[] __attribute__((__unused__)) =
+ "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] __attribute__((__unused__)) =
+ "@(#)Id: ipf.c,v 2.10.2.17 2002/06/27 14:29:17 darrenr Exp";
#endif
#if SOLARIS
@@ -195,8 +197,11 @@
if (!(opts & OPT_DONOTHING) && fd == -1)
if ((fd = open(ipfdev, O_RDWR)) == -1)
- if ((fd = open(ipfdev, O_RDONLY)) == -1)
+ if ((fd = open(ipfdev, O_RDONLY)) == -1) {
perror("open device");
+ if (errno == ENODEV)
+ fprintf(stderr, "IPFilter enabled?\n");
+ }
return fd;
}
@@ -388,7 +393,7 @@
static void packetlogon(opt)
char *opt;
{
- int flag, err;
+ int flag;
flag = get_flags();
if (flag != 0) {
@@ -414,7 +419,7 @@
printf("set log flag: block\n");
}
- if (opendevice(ipfname) != -2 && (err = ioctl(fd, SIOCSETFF, &flag)))
+ if (opendevice(ipfname) != -2 && (ioctl(fd, SIOCSETFF, &flag) != 0))
perror("ioctl(SIOCSETFF)");
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
diff -r ff3c4ce75feb -r e9e7c70f55a2 dist/ipf/ipfs.c
--- a/dist/ipf/ipfs.c Thu Oct 24 00:50:31 2002 +0000
+++ b/dist/ipf/ipfs.c Thu Oct 24 09:33:25 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipfs.c,v 1.7 2002/05/02 17:11:38 martti Exp $ */
+/* $NetBSD: ipfs.c,v 1.7.2.1 2002/10/24 09:33:28 lukem Exp $ */
/*
* Copyright (C) 1999-2001 by Darren Reed.
@@ -47,7 +47,8 @@
#include "ipf.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)Id: ipfs.c,v 2.6.2.9 2002/04/17 17:42:59 darrenr Exp";
+static const char rcsid[] __attribute__((__unused__)) =
+ "@(#)Id: ipfs.c,v 2.6.2.11 2002/06/04 14:44:05 darrenr Exp";
#endif
#ifndef IPF_SAVEDIR
@@ -735,16 +736,16 @@
devfd = opendevice(IPL_STATE);
if (devfd == -1)
- return 1;
+ goto bad;
if (writestate(devfd, NULL))
- return 1;
+ goto bad;
close(devfd);
devfd = opendevice(IPL_NAT);
if (devfd == -1)
- return 1;
+ goto bad;
if (writenat(devfd, NULL))
- return 1;
+ goto bad;
close(devfd);
if (setlock(fd, 0)) {
@@ -753,6 +754,11 @@
}
return 0;
+
+bad:
+ setlock(fd, 0);
+ close(fd);
+ return 1;
}
diff -r ff3c4ce75feb -r e9e7c70f55a2 dist/ipf/ipft_ef.c
--- a/dist/ipf/ipft_ef.c Thu Oct 24 00:50:31 2002 +0000
+++ b/dist/ipf/ipft_ef.c Thu Oct 24 09:33:25 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipft_ef.c,v 1.5 2002/04/09 02:32:52 thorpej Exp $ */
+/* $NetBSD: ipft_ef.c,v 1.5.2.1 2002/10/24 09:33:34 lukem Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -56,7 +56,7 @@
static const char sccsid[] __attribute__((__unused__)) =
"@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
static const char rcsid[] __attribute__((__unused__)) =
- "@(#)Id: ipft_ef.c,v 2.2.2.2 2002/02/22 15:32:53 darrenr Exp";
+ "@(#)Id: ipft_ef.c,v 2.2.2.3 2002/06/27 14:29:17 darrenr Exp";
#endif
static int etherf_open __P((char *));
@@ -101,7 +101,7 @@
struct protoent *p = NULL;
char src[16], dst[16], sprt[16], dprt[16];
char lbuf[128], len[8], prot[8], time[8], *s;
- int slen, extra = 0, i, n;
+ int slen, extra = 0, i;
if (!fgets(lbuf, sizeof(lbuf) - 1, efp))
return 0;
Home |
Main Index |
Thread Index |
Old Index