[src/trunk]: src Commit IPFilter 4.1.34 to HEAD

[darrenr <darrenr%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/306ba8bb2653
branches:  trunk
changeset: 754049:306ba8bb2653
user:      darrenr <darrenr%NetBSD.org@localhost>
date:      Sat Apr 17 21:00:08 2010 +0000

description:
Commit IPFilter 4.1.34 to HEAD

diffstat:

 dist/ipf/HISTORY                     |   24 ++
 dist/ipf/Makefile                    |    9 +-
 dist/ipf/ip_fil.c                    |    8 +-
 dist/ipf/ip_lookup.c                 |    6 +-
 dist/ipf/iplang/iplang_y.y           |   10 +-
 dist/ipf/ipsend/dlcommon.c           |    4 +-
 dist/ipf/ipsend/hpux.c               |    6 +-
 dist/ipf/ipsend/ipsend.5             |    4 +-
 dist/ipf/ipsend/iptests.c            |    6 +-
 dist/ipf/ipsend/sbpf.c               |    6 +-
 dist/ipf/ipsend/sdlpi.c              |    6 +-
 dist/ipf/ipsend/sirix.c              |    4 +-
 dist/ipf/ipsend/snit.c               |    6 +-
 dist/ipf/ipsend/sock.c               |    6 +-
 dist/ipf/lib/facpri.c                |    8 +-
 dist/ipf/lib/getport.c               |   12 +-
 dist/ipf/lib/getportproto.c          |   12 +-
 dist/ipf/lib/getproto.c              |   12 +-
 dist/ipf/lib/hostname.c              |   12 +-
 dist/ipf/lib/ipf_dotuning.c          |   12 +-
 dist/ipf/lib/ipft_td.c               |   10 +-
 dist/ipf/lib/printsbuf.c             |   12 +-
 dist/ipf/lib/printstate.c            |    6 +-
 dist/ipf/lib/v6ionames.c             |    8 +-
 dist/ipf/lib/var.c                   |   12 +-
 dist/ipf/man/ipf.4                   |   10 +-
 dist/ipf/man/ipf.5                   |   14 +-
 dist/ipf/man/ipfilter.4              |   18 +-
 dist/ipf/man/ipfstat.8               |   10 +-
 dist/ipf/man/ipnat.5                 |    8 +-
 dist/ipf/tools/ipf_y.y               |   29 +-
 dist/ipf/tools/ipnat_y.y             |    4 +-
 dist/ipf/tools/ippool_y.y            |    4 +-
 dist/ipf/tools/ipscan_y.y            |    4 +-
 sys/dist/ipf/netinet/fil.c           |  404 +++++++++++++++++++++-------------
 sys/dist/ipf/netinet/ip_auth.c       |   26 +-
 sys/dist/ipf/netinet/ip_compat.h     |   19 +-
 sys/dist/ipf/netinet/ip_fil.h        |   20 +-
 sys/dist/ipf/netinet/ip_fil_netbsd.c |   14 +-
 sys/dist/ipf/netinet/ip_lookup.c     |    8 +-
 sys/dist/ipf/netinet/ip_nat.c        |   65 +++--
 sys/dist/ipf/netinet/ip_state.c      |   51 ++-
 sys/dist/ipf/netinet/ip_sync.c       |    8 +-
 sys/dist/ipf/netinet/ipl.h           |    8 +-
 44 files changed, 562 insertions(+), 383 deletions(-)

diffs (truncated from 2616 to 300 lines):

diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/HISTORY
--- a/dist/ipf/HISTORY  Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/HISTORY  Sat Apr 17 21:00:08 2010 +0000
@@ -10,6 +10,30 @@
 # and especially those who have found the time to port IP Filter to new
 # platforms.
 #
+4.1.34 - Release 11 MArch 2010
+
+2964907 uninitialised use compile error
+
+2959506 ipfstat does not display rules with compat
+
+2949139 FR_T_BUILTIN masked out incorrectly
+
+2937422 packets filtered with pools should not be cached'
+
+2935529 use of rules with tags leads to deadlock
+
+2917501 whitespace cleanup required
+
+2898915 Does not build on newer FreeBSD
+
+2898337 Does not build on newer FreeBSD
+
+2881514 in/out  object functions not wired for compatibility
+
+2841771 ipf/ippool rule maintenace bugs: memory leak, ref-counter bug
+
+2839698 H.323 proxy does not clear fin_state/fin_nat
+
 4.1.33 - Release 16 August 2009
 
 2838417 tru64 compile is not error free
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/Makefile
--- a/dist/ipf/Makefile Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/Makefile Sat Apr 17 21:00:08 2010 +0000
@@ -5,7 +5,7 @@
 # provided that this notice is preserved and due credit is given
 # to the original author and the contributors.
 #
-# Id: Makefile,v 2.76.2.29 2009/07/18 19:05:35 darrenr Exp
+# Id: Makefile,v 2.76.2.31 2010/01/31 16:22:53 darrenr Exp
 #
 SHELL=/bin/sh
 BINDEST=/usr/local/bin
@@ -35,6 +35,10 @@
 #
 #COMPIPF=-DIPFILTER_COMPILED
 #
+# To enable IPFilter compatibility with older CLI utilities
+#
+COMPATIPF=-DIPFILTER_COMPAT
+#
 # To enable synchronisation between IPFilter hosts
 #
 #SYNC=-DIPFILTER_SYNC
@@ -114,6 +118,7 @@
         'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
         'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
        "BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
+       "COMPATIPF=$(COMPATIPF)" \
        'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
 MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
 MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
@@ -216,7 +221,7 @@
 
        make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
        (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
-       (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
+#      (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
 
 freebsd4 : include
        if [ x$(INET6) = x ] ; then \
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ip_fil.c
--- a/dist/ipf/ip_fil.c Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ip_fil.c Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_fil.c,v 1.17 2009/08/19 08:35:30 darrenr Exp $      */
+/*     $NetBSD: ip_fil.c,v 1.18 2010/04/17 21:00:08 darrenr Exp $      */
 
 /*
  * Copyright (C) 1993-2001 by Darren Reed.
@@ -7,7 +7,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_fil.c     2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.133.2.20 2008/07/27 08:27:04 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.133.2.21 2009/12/27 06:55:08 darrenr Exp";
 #endif
 
 #ifndef        SOLARIS
@@ -818,12 +818,12 @@
 }
 
 
-/*    
+/*
  * This function is not meant to be random, rather just produce a
  * sequence of numbers that isn't linear to show "randomness".
  */
 u_32_t
-ipf_random() 
+ipf_random()
 {
        static int last = 0xa5a5a5a5;
        static int calls = 0;
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ip_lookup.c
--- a/dist/ipf/ip_lookup.c      Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ip_lookup.c      Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_lookup.c,v 1.7 2009/08/19 08:35:30 darrenr Exp $    */
+/*     $NetBSD: ip_lookup.c,v 1.8 2010/04/17 21:00:08 darrenr Exp $    */
 
 /*
  * Copyright (C) 2002-2003 by Darren Reed.
@@ -60,7 +60,7 @@
 /* END OF INCLUDES */
 
 #if !defined(lint)
-static const char rcsid[] = "@(#)Id: ip_lookup.c,v 2.35.2.21 2009/05/13 18:31:15 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_lookup.c,v 2.35.2.22 2010/01/31 16:22:55 darrenr Exp";
 #endif
 
 #ifdef IPFILTER_LOOKUP
@@ -585,7 +585,7 @@
        int err;
        SPL_INT(s);
 
-       err = fr_inobj(data, &iter, IPFOBJ_LOOKUPITER);
+       err = fr_inobj(data, NULL, &iter, IPFOBJ_LOOKUPITER);
        if (err != 0)
                return err;
 
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/iplang/iplang_y.y
--- a/dist/ipf/iplang/iplang_y.y        Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/iplang/iplang_y.y        Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: iplang_y.y,v 1.10 2007/04/14 20:34:19 martin Exp $     */
+/*     $NetBSD: iplang_y.y,v 1.11 2010/04/17 21:00:08 darrenr Exp $    */
 
 %{
 /*
@@ -6,7 +6,7 @@
  *
  * See the IPFILTER.LICENCE file for details on licencing.
  *
- * Id: iplang_y.y,v 2.9.2.5 2007/02/17 12:41:48 darrenr Exp
+ * Id: iplang_y.y,v 2.9.2.6 2009/12/27 06:53:15 darrenr Exp
  */
 
 #include <stdio.h>
@@ -604,7 +604,7 @@
 #ifdef bsdi
 struct ether_addr *
 ether_aton(s)
-       char *s;   
+       char *s;
 {
        static struct ether_addr n;
        u_int i[6];
@@ -1839,7 +1839,7 @@
 {
        u_long  sum = init;
        int     nwords = len >> 1;
- 
+
        for(; nwords > 0; nwords--)
                sum += *buf++;
        sum = (sum>>16) + (sum & 0xffff);
@@ -1854,7 +1854,7 @@
 {
        u_long  sum = 0;
        int     nwords = len >> 1;
- 
+
        for(; nwords > 0; nwords--)
                sum += *buf++;
        return sum;
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ipsend/dlcommon.c
--- a/dist/ipf/ipsend/dlcommon.c        Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ipsend/dlcommon.c        Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dlcommon.c,v 1.2 2004/03/28 09:00:55 martti Exp $      */
+/*     $NetBSD: dlcommon.c,v 1.3 2010/04/17 21:00:09 darrenr Exp $     */
 
 /*
  * Common (shared) DLPI test routines.
@@ -1140,7 +1140,7 @@
                n++;
                p = NULL;
        }
-       
+
        return (n);
 }
 
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ipsend/hpux.c
--- a/dist/ipf/ipsend/hpux.c    Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ipsend/hpux.c    Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hpux.c,v 1.3 2004/03/28 09:00:55 martti Exp $  */
+/*     $NetBSD: hpux.c,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
 
 /*
  * (C)opyright 1997-1998 Darren Reed. (from tcplog)
@@ -36,7 +36,7 @@
 int    sendip(fd, pkt, len)
 int    fd, len;
 char   *pkt;
-{                      
+{
        if (send(fd, pkt, len, 0) == -1)
            {
                perror("send");
@@ -92,7 +92,7 @@
 int    sendip(fd, pkt, len)
 int    fd, len;
 char   *pkt;
-{                      
+{
        if (send(fd, pkt, len, 0) == -1)
            {
                perror("send");
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ipsend/ipsend.5
--- a/dist/ipf/ipsend/ipsend.5  Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ipsend/ipsend.5  Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: ipsend.5,v 1.4 2003/03/15 19:26:42 wiz Exp $
+.\"    $NetBSD: ipsend.5,v 1.5 2010/04/17 21:00:09 darrenr Exp $
 .\"
 .TH IPSEND 5
 .SH NAME
@@ -124,7 +124,7 @@
 sets the fragment offset field of the IP packet.  Default is 0.
 .TP
 .B ttl <number>
-sets the time to live (TTL) field of the IP header.  Default is 60. 
+sets the time to live (TTL) field of the IP header.  Default is 60.
 .TP
 .B proto <protocol>
 sets the protocol field of the IP header.  The protocol can either be a
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ipsend/iptests.c
--- a/dist/ipf/ipsend/iptests.c Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ipsend/iptests.c Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: iptests.c,v 1.15 2009/08/19 08:35:31 darrenr Exp $     */
+/*     $NetBSD: iptests.c,v 1.16 2010/04/17 21:00:09 darrenr Exp $     */
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -8,7 +8,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.11 2009/01/27 08:33:23 darrenr Exp";
+static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.12 2009/12/27 06:53:15 darrenr Exp";
 #endif
 #include <sys/param.h>
 #include <sys/types.h>
@@ -23,7 +23,7 @@
 #endif
 #include <sys/time.h>
 #if !defined(__osf__)
-# ifdef __NetBSD__ 
+# ifdef __NetBSD__
 #  include <machine/lock.h>
 #  include <sys/mutex.h>
 # endif
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ipsend/sbpf.c
--- a/dist/ipf/ipsend/sbpf.c    Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ipsend/sbpf.c    Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sbpf.c,v 1.7 2006/04/04 16:17:18 martti Exp $  */
+/*     $NetBSD: sbpf.c,v 1.8 2010/04/17 21:00:09 darrenr Exp $ */
 
 /*
  * (C)opyright 1995-1998 Darren Reed. (from tcplog)
@@ -49,7 +49,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)sbpf.c       1.3 8/25/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5.4.1 2006/03/21 16:32:58 darrenr Exp";
+static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5.4.2 2009/12/27 06:53:15 darrenr Exp";
 #endif
 
 /*
@@ -146,7 +146,7 @@
 int    sendip(fd, pkt, len)
 int    fd, len;
 char   *pkt;
-{                      
+{
        if (write(fd, pkt, len) == -1)
            {
                perror("send");
diff -r c7c9ca706f6f -r 306ba8bb2653 dist/ipf/ipsend/sdlpi.c
--- a/dist/ipf/ipsend/sdlpi.c   Sat Apr 17 20:44:16 2010 +0000
+++ b/dist/ipf/ipsend/sdlpi.c   Sat Apr 17 21:00:08 2010 +0000
@@ -1,4 +1,4 @@