Module Name: src
Committed By: darrenr
Date: Wed Aug 19 08:35:33 UTC 2009
Modified Files:
src/dist/ipf: HISTORY Makefile ip_fil.c ip_lookup.c ip_lookup.h
src/dist/ipf/ipsend: iptests.c sock.c
src/dist/ipf/lib: load_http.c printnat.c
src/dist/ipf/perl: logfilter.pl
src/dist/ipf/samples: ipfilter-pb.gif
src/dist/ipf/tools: ipf_y.y ipfstat.c ipmon.c ippool_y.y lexer.c
Removed Files:
src/dist/ipf/BSD: ipfadm-rcd
src/dist/ipf/ipsend/.OLD: ip_compat.h
Log Message:
Update head to version 4.1.33 from vendor branch
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/dist/ipf/HISTORY
cvs rdiff -u -r1.12 -r1.13 src/dist/ipf/Makefile
cvs rdiff -u -r1.16 -r1.17 src/dist/ipf/ip_fil.c
cvs rdiff -u -r1.6 -r1.7 src/dist/ipf/ip_lookup.c
cvs rdiff -u -r1.3 -r1.4 src/dist/ipf/ip_lookup.h
cvs rdiff -u -r1.1.1.1 -r0 src/dist/ipf/BSD/ipfadm-rcd
cvs rdiff -u -r1.14 -r1.15 src/dist/ipf/ipsend/iptests.c
cvs rdiff -u -r1.16 -r1.17 src/dist/ipf/ipsend/sock.c
cvs rdiff -u -r1.1 -r0 src/dist/ipf/ipsend/.OLD/ip_compat.h
cvs rdiff -u -r1.3 -r1.4 src/dist/ipf/lib/load_http.c
cvs rdiff -u -r1.2 -r1.3 src/dist/ipf/lib/printnat.c
cvs rdiff -u -r1.1 -r1.2 src/dist/ipf/perl/logfilter.pl
cvs rdiff -u -r1.1 -r1.2 src/dist/ipf/samples/ipfilter-pb.gif
cvs rdiff -u -r1.22 -r1.23 src/dist/ipf/tools/ipf_y.y
cvs rdiff -u -r1.17 -r1.18 src/dist/ipf/tools/ipfstat.c
cvs rdiff -u -r1.15 -r1.16 src/dist/ipf/tools/ipmon.c
cvs rdiff -u -r1.3 -r1.4 src/dist/ipf/tools/ippool_y.y
cvs rdiff -u -r1.13 -r1.14 src/dist/ipf/tools/lexer.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/ipf/HISTORY
diff -u src/dist/ipf/HISTORY:1.25 src/dist/ipf/HISTORY:1.26
--- src/dist/ipf/HISTORY:1.25 Tue May 20 07:08:06 2008
+++ src/dist/ipf/HISTORY Wed Aug 19 08:35:30 2009
@@ -10,6 +10,146 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+4.1.33 - Release 16 August 2009
+
+2838417 tru64 compile is not error free
+
+2837931 wrong mode selected in ipf program for hash-entries
+
+2828188 soft lockups on Linux
+
+2826168 load_http can make ippool core dump
+
+2825150 IPL_LOGMAX used to index some arrays
+
+2825084 ipv6 fragments should not be allowed past 64k
+
+2824713 ipfstat top output alternates between entries and nothing
+
+2824712 ipfstat top output is shows negative ttl
+
+2820965 a single bad ipv6 extension header should not impact others
+
+2818197 ignored fragment bits defined as being reserved
+
+2817667 IPv6 fragment header verification needs attention
+
+2817098 fr_getrulen() finds the wrong rule
+
+2817096 fr_rulen is unused
+
+2814988 4.1.32 RC5 does not compile on Tru64 5.1B-5
+
+2825387 ipfilter 4-1-RELEASE won't build on RHEL 5.3 kernel 2.6.18..
+
+2792185 no proxy modules are built on linux
+
+2787359 ipmon prints loopback name incorrectly for linux
+
+4.1.32 - Release 20 June 2009
+
+2741019 Lingering states (Established/Listen - 5/0) in state table
+
+2790920 Solaris U7 breaks ipfilter compilation
+
+2790910 OOW issue on Solaris 10 v4.1.9
+
+2706155 Reference to .symbol file missing in ipf.ko on FreeBSD/AMD64
+
+2787870 4.1.32rc2 ipfstat -nio causes oops on Fedora 10
+
+2785189 Networking stops on x86_64 RHEL ES4 U6 (2.6.9-67.ELsmp)
+
+2706137 FreeBSD/AMD64 build is still broken in 4.1.32 RC5
+
+2702887 use of PBR/fastroute causes panic with ipv6
+
+2657365 IPFilter 4.1.32 RC4 fails to compile on FreeBSD7/AMD64
+
+2671913 regression test in7 fails to execute
+
+2650040 cannot compile updated kernel source for 4.10
+
+2598625 parsing empty config file results in an error
+
+2698656 test parsing empty config files
+
+2597956 not all pointers in a clone are reset
+
+2543934 nat_t gets assigned ifp too early
+
+2539808 Compiling with Solaris10 patch 138889-03 fails
+
+2535795 No need to always bump fr_ref
+
+2535778 Bad IPv6 packets droped by default
+
+4.1.32 RC1 - Release 1 January 2009
+
+2031730 4.1.31 Nat drops fragmented packets after the first
+
+2214661 ipf doesn't handle IPv6 fragments
+
+2473273 NAT removed before RST/ICMP sent
+
+2216500 fin_state serves no purpose
+
+2424604 adding random MD5 data causes panic
+
+2304435 Ineffecient lock usage in logging
+
+2216491 fin_nat serves little purpose
+
+1859718 IPF 4.1.28 repeated kernel panic Solaris 9 32bit
+
+2055619 duplicating a free'd packet will fail
+
+2042949 Excessive locking when creating nat_t
+
+2035610 nat_update does not need to get locks
+
+2214658 ipf mostly ignores locking in NetBSD
+
+1979427 Memory leak in user utilities - token never freed (rel br)
+
+* try to guess if SUNWspro wants -m64
+
+2063742 4.1.30 breaks builds on Solaris 8
+
+4.1.31 - Release 27 July 2008
+
+* compiling arc4random.c is challenging on solaris 10 or solaris without gcc
+
+* SunOS4 doesn't have a curproc, but it does have u.
+
+* The fix for 2020447 generated random port numbers but not within the
+ range specified in the map rule. Add in a regression test to verify
+ that the "random" part works.
+
+4.1.30 - Release 24 July 2008
+
+2022104 solaris's driver.conf cannot set timeout values
+
+2020447 IPFilter's NAT can undo name server random port selection
+
+1988795 NetBSD doesn't build with kernel malloc stats
+
+1988782 fr_movequeue can take a short cut
+
+1988669 first nat creation failure prevents further success
+
+1988668 hostmap searching does not work properly
+
+* on some 64bit architectures (such as alpha), the addrfamily_t is packed
+ differently, throwing off the calculations for adf_len
+
+* one too many READ_ENTERs in ip_sync code.
+
+* clean up fr_fastroute a little by removing some #ifdefs and pushing the
+ code around a bit to use the same variables (NetBSD)
+
+* more recent NetBSDs use VOP related macros differently
+
4.1.29 - Release 14 April 2008
* #ifdef warning fixes from Victor M Blood (FreeBSD) - #1821249
Index: src/dist/ipf/Makefile
diff -u src/dist/ipf/Makefile:1.12 src/dist/ipf/Makefile:1.13
--- src/dist/ipf/Makefile:1.12 Tue May 20 07:08:06 2008
+++ src/dist/ipf/Makefile Wed Aug 19 08:35:30 2009
@@ -5,7 +5,7 @@
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
-# Id: Makefile,v 2.76.2.27 2008/03/16 06:45:35 darrenr Exp
+# Id: Makefile,v 2.76.2.29 2009/07/18 19:05:35 darrenr Exp
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
@@ -64,8 +64,13 @@
# By default IPFilter looks for /usr/src/linux, but you may have to change
# it to /usr/src/linux-2.4 or similar.
#
-LINUXKERNEL=/usr/src/linux
+LINUXKERNEL=/usr/src/kernels/2.6.29.5-191.fc11.i586
LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i<NF&&i<3;i++){printf("%02d",$$(i+1));}}'`
+#
+#
+#
+#BUILDROOT=/usr/src/redhat/BUILD/ipfilter
+BUILDROOT=${HOME}/rpmbuild/BUILDROOT/ipfilter-4.1.32-1.i386
#
# All of the compile-time options are here, used for compiling the userland
@@ -240,7 +245,7 @@
exit 1; \
fi
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
- (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
+# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
openbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
@@ -360,7 +365,7 @@
# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..)
install-linux: linux
- (cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) install ; cd ..)
+ (cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) ROOTDIR=$(BUILDROOT) install ; cd ..)
install-bsd:
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
@@ -406,4 +411,3 @@
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h
-
Index: src/dist/ipf/ip_fil.c
diff -u src/dist/ipf/ip_fil.c:1.16 src/dist/ipf/ip_fil.c:1.17
--- src/dist/ipf/ip_fil.c:1.16 Thu Jul 24 09:37:57 2008
+++ src/dist/ipf/ip_fil.c Wed Aug 19 08:35:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil.c,v 1.16 2008/07/24 09:37:57 darrenr Exp $ */
+/* $NetBSD: ip_fil.c,v 1.17 2009/08/19 08:35:30 darrenr Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.133.2.18 2007/09/09 11:32:05 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.133.2.20 2008/07/27 08:27:04 darrenr Exp";
#endif
#ifndef SOLARIS
@@ -818,16 +818,59 @@
}
-u_32_t ipf_random()
+/*
+ * This function is not meant to be random, rather just produce a
+ * sequence of numbers that isn't linear to show "randomness".
+ */
+u_32_t
+ipf_random()
{
- static int seeded = 0;
+ static int last = 0xa5a5a5a5;
+ static int calls = 0;
+ int number;
+
+ calls++;
/*
- * Choose a non-random seed so that "randomness" can be "tested."
+ * These are deliberately chosen to ensure that there is some
+ * attempt to test whether the output covers the range in test n18.
*/
- if (seeded == 0) {
- srand(0);
- seeded = 1;
+ switch (calls)
+ {
+ case 1 :
+ number = 0;
+ break;
+ case 2 :
+ number = 4;
+ break;
+ case 3 :
+ number = 3999;
+ break;
+ case 4 :
+ number = 4000;
+ break;
+ case 5 :
+ number = 48999;
+ break;
+ case 6 :
+ number = 49000;
+ break;
+ default :
+ /*
+ * So why not use srand/rand/srandom/random? Because the
+ * actual values returned vary from platform to platform
+ * and what is needed is seomthing that is the same everywhere
+ * so that regression tests can work. Well, they could be
+ * built on each platform to suit but that's a whole lot of
+ * work for little gain given that we don't actually need
+ * random numbers here, just a spread to test the NAT code
+ * with.
+ */
+ number = last;
+ last *= calls;
+ last++;
+ number ^= last;
+ break;
}
- return rand();
+ return number;
}
Index: src/dist/ipf/ip_lookup.c
diff -u src/dist/ipf/ip_lookup.c:1.6 src/dist/ipf/ip_lookup.c:1.7
--- src/dist/ipf/ip_lookup.c:1.6 Tue May 20 07:08:06 2008
+++ src/dist/ipf/ip_lookup.c Wed Aug 19 08:35:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_lookup.c,v 1.6 2008/05/20 07:08:06 darrenr Exp $ */
+/* $NetBSD: ip_lookup.c,v 1.7 2009/08/19 08:35:30 darrenr Exp $ */
/*
* Copyright (C) 2002-2003 by Darren Reed.
@@ -60,7 +60,7 @@
/* END OF INCLUDES */
#if !defined(lint)
-static const char rcsid[] = "@(#)Id: ip_lookup.c,v 2.35.2.20 2007/10/26 12:15:12 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_lookup.c,v 2.35.2.21 2009/05/13 18:31:15 darrenr Exp";
#endif
#ifdef IPFILTER_LOOKUP
@@ -615,6 +615,9 @@
err = EINVAL;
break;
}
+
+ WRITE_ENTER(&ipf_tokens);
+ ipf_dereftoken(token);
RWLOCK_EXIT(&ipf_tokens);
SPL_X(s);
Index: src/dist/ipf/ip_lookup.h
diff -u src/dist/ipf/ip_lookup.h:1.3 src/dist/ipf/ip_lookup.h:1.4
--- src/dist/ipf/ip_lookup.h:1.3 Tue May 20 07:08:06 2008
+++ src/dist/ipf/ip_lookup.h Wed Aug 19 08:35:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_lookup.h,v 1.3 2008/05/20 07:08:06 darrenr Exp $ */
+/* $NetBSD: ip_lookup.h,v 1.4 2009/08/19 08:35:31 darrenr Exp $ */
#ifndef __IP_LOOKUP_H__
@@ -42,7 +42,7 @@
int iplf_type; /* IPLT_* */
int iplf_unit; /* IPL_LOG* */
u_int iplf_arg;
- size_t iplf_count;
+ u_int iplf_count;
char iplf_name[FR_GROUPLEN];
} iplookupflush_t;
Index: src/dist/ipf/ipsend/iptests.c
diff -u src/dist/ipf/ipsend/iptests.c:1.14 src/dist/ipf/ipsend/iptests.c:1.15
--- src/dist/ipf/ipsend/iptests.c:1.14 Tue May 20 07:08:06 2008
+++ src/dist/ipf/ipsend/iptests.c Wed Aug 19 08:35:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: iptests.c,v 1.14 2008/05/20 07:08:06 darrenr Exp $ */
+/* $NetBSD: iptests.c,v 1.15 2009/08/19 08:35:31 darrenr Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
@@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.9 2007/09/13 07:19:34 darrenr Exp";
+static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.11 2009/01/27 08:33:23 darrenr Exp";
#endif
#include <sys/param.h>
#include <sys/types.h>
@@ -53,8 +53,9 @@
#endif
#if defined(solaris)
# include <sys/stream.h>
+#else
+# include <sys/socketvar.h>
#endif
-#include <sys/socketvar.h>
#ifdef sun
#include <sys/systm.h>
#include <sys/session.h>
@@ -80,7 +81,9 @@
# if defined(__FreeBSD__)
# include "radix_ipf.h"
# endif
-# include <net/route.h>
+# if !defined(solaris)
+# include <net/route.h>
+# endif
#else
# define __KERNEL__ /* because there's a macro not wrapped by this */
# include <net/route.h> /* in this file :-/ */
@@ -88,12 +91,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
-#if !defined(linux)
-# include <netinet/ip_var.h>
-# if !defined(__hpux)
-# include <netinet/in_pcb.h>
-# endif
-#endif
#if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
# include <sys/sysmacros.h>
#endif
@@ -104,6 +101,12 @@
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
+#if !defined(linux)
+# include <netinet/ip_var.h>
+# if !defined(__hpux) && !defined(solaris)
+# include <netinet/in_pcb.h>
+# endif
+#endif
#include "ipsend.h"
#if !defined(linux) && !defined(__hpux)
# include <netinet/tcp_timer.h>
Index: src/dist/ipf/ipsend/sock.c
diff -u src/dist/ipf/ipsend/sock.c:1.16 src/dist/ipf/ipsend/sock.c:1.17
--- src/dist/ipf/ipsend/sock.c:1.16 Thu Jul 2 01:43:15 2009
+++ src/dist/ipf/ipsend/sock.c Wed Aug 19 08:35:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: sock.c,v 1.16 2009/07/02 01:43:15 snj Exp $ */
+/* $NetBSD: sock.c,v 1.17 2009/08/19 08:35:31 darrenr Exp $ */
/*
* sock.c (C) 1995-1998 Darren Reed
@@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.7 2007/09/13 07:19:34 darrenr Exp";
+static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.8 2008/07/24 09:30:34 darrenr Exp";
#endif
#include <sys/param.h>
#include <sys/types.h>
Index: src/dist/ipf/lib/load_http.c
diff -u src/dist/ipf/lib/load_http.c:1.3 src/dist/ipf/lib/load_http.c:1.4
--- src/dist/ipf/lib/load_http.c:1.3 Fri May 8 12:06:11 2009
+++ src/dist/ipf/lib/load_http.c Wed Aug 19 08:35:31 2009
@@ -1,33 +1,47 @@
-/* $NetBSD: load_http.c,v 1.3 2009/05/08 12:06:11 christos Exp $ */
+/* $NetBSD: load_http.c,v 1.4 2009/08/19 08:35:31 darrenr Exp $ */
/*
* Copyright (C) 2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * Id: load_http.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp
+ * Id: load_http.c,v 1.1.2.2 2009/07/23 20:01:12 darrenr Exp
*/
#include "ipf.h"
/*
+ * Because the URL can be included twice into the buffer, once as the
+ * full path for the "GET" and once as the "Host:", the buffer it is
+ * put in needs to be larger than 512*2 to make room for the supporting
+ * text. Why not just use snprintf and truncate? The warning about the
+ * URL being too long tells you something is wrong and does not fetch
+ * any data - just truncating the URL (with snprintf, etc) and sending
+ * that to the server is allowing an unknown and unintentioned action
+ * to happen.
+ */
+#define MAX_URL_LEN 512
+#define LOAD_BUFSIZE (MAX_URL_LEN * 2 + 128)
+
+/*
* Format expected is one addres per line, at the start of each line.
*/
alist_t *
load_http(char *url)
{
+ char *s, *t, *u, buffer[LOAD_BUFSIZE], *myurl;
int fd, len, left, port, endhdr, removed;
- size_t rem;
- char *s, *t, *u, buffer[2048], *myurl;
alist_t *a, *rtop, *rbot;
struct sockaddr_in sin;
struct hostent *host;
+ size_t rem;
/*
* More than this would just be absurd.
*/
- if (strlen(url) > 512) {
- fprintf(stderr, "load_http has a URL > 512 bytes?!\n");
+ if (strlen(url) > MAX_URL_LEN) {
+ fprintf(stderr, "load_http has a URL > %d bytes?!\n",
+ MAX_URL_LEN);
return NULL;
}
@@ -53,6 +67,15 @@
}
*t++ = '\0';
+ /*
+ * 10 is the length of 'Host: \r\n\r\n' below.
+ */
+ if (strlen(s) + strlen(buffer) + 10 > sizeof(buffer)) {
+ fprintf(stderr, "load_http has a malformed URL '%s'\n", url);
+ free(myurl);
+ return NULL;
+ }
+
u = strchr(s, '@');
if (u != NULL)
s = u + 1; /* AUTH */
Index: src/dist/ipf/lib/printnat.c
diff -u src/dist/ipf/lib/printnat.c:1.2 src/dist/ipf/lib/printnat.c:1.3
--- src/dist/ipf/lib/printnat.c:1.2 Thu Jul 24 09:37:58 2008
+++ src/dist/ipf/lib/printnat.c Wed Aug 19 08:35:32 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: printnat.c,v 1.2 2008/07/24 09:37:58 darrenr Exp $ */
+/* $NetBSD: printnat.c,v 1.3 2009/08/19 08:35:32 darrenr Exp $ */
/*
* Copyright (C) 2002-2005 by Darren Reed.
@@ -13,7 +13,7 @@
#if !defined(lint)
-static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.14 2007/09/06 16:40:11 darrenr Exp";
+static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.15 2008/07/24 09:30:35 darrenr Exp";
#endif
/*
Index: src/dist/ipf/perl/logfilter.pl
diff -u src/dist/ipf/perl/logfilter.pl:1.1 src/dist/ipf/perl/logfilter.pl:1.2
--- src/dist/ipf/perl/logfilter.pl:1.1 Sat Dec 11 22:24:11 1999
+++ src/dist/ipf/perl/logfilter.pl Wed Aug 19 08:35:32 2009
@@ -178,4 +178,4 @@
tcp 7070 realaudio.log
tcp 8080 http.log
tcp 12345 netbus.log
-udp 31337 backorifice.log
\ No newline at end of file
+udp 31337 backorifice.log
Index: src/dist/ipf/samples/ipfilter-pb.gif
Index: src/dist/ipf/tools/ipf_y.y
diff -u src/dist/ipf/tools/ipf_y.y:1.22 src/dist/ipf/tools/ipf_y.y:1.23
--- src/dist/ipf/tools/ipf_y.y:1.22 Tue May 20 07:08:07 2008
+++ src/dist/ipf/tools/ipf_y.y Wed Aug 19 08:35:32 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf_y.y,v 1.22 2008/05/20 07:08:07 darrenr Exp $ */
+/* $NetBSD: ipf_y.y,v 1.23 2009/08/19 08:35:32 darrenr Exp $ */
/*
* Copyright (C) 2001-2006 by Darren Reed.
@@ -887,7 +887,7 @@
$$.a.iplookuptype = IPLT_HASH;
$$.a.iplookupsubtype = 0;
$$.a.iplookupnum = $3; }
- | hash '/' YY_STR { pooled = 1;
+ | hash '/' YY_STR { hashed = 1;
$$.a.iplookuptype = IPLT_HASH;
$$.a.iplookupsubtype = 1;
strncpy($$.a.iplookupname, $3,
Index: src/dist/ipf/tools/ipfstat.c
diff -u src/dist/ipf/tools/ipfstat.c:1.17 src/dist/ipf/tools/ipfstat.c:1.18
--- src/dist/ipf/tools/ipfstat.c:1.17 Fri Mar 6 21:36:25 2009
+++ src/dist/ipf/tools/ipfstat.c Wed Aug 19 08:35:32 2009
@@ -1,9 +1,11 @@
-/* $NetBSD: ipfstat.c,v 1.17 2009/03/06 21:36:25 christos Exp $ */
+/* $NetBSD: ipfstat.c,v 1.18 2009/08/19 08:35:32 darrenr Exp $ */
/*
* Copyright (C) 2002-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Copyright 2008 Sun Microsystems, Inc.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
@@ -71,7 +73,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.25 2007/06/30 09:48:50 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.27 2009/07/21 09:13:13 darrenr Exp";
#endif
#ifdef __hpux
@@ -474,7 +476,7 @@
ipfo.ipfo_type = IPFOBJ_FRAGSTAT;
ipfo.ipfo_size = sizeof(ipfrstat_t);
ipfo.ipfo_ptr = (void *)*ifrstpp;
-
+
if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) {
perror("ioctl(SIOCGFRST)");
exit(-1);
@@ -834,8 +836,6 @@
rule.iri_rule = fp;
if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) {
perror("ioctl(SIOCIPFITER)");
- n = IPFGENITER_IPF;
- ioctl(ipf_fd, SIOCIPFDELTOK, &n);
return;
}
if (bcmp(fp, &zero, sizeof(zero)) == 0)
@@ -894,9 +894,6 @@
}
} while (fp->fr_next != NULL);
- n = IPFGENITER_IPF;
- ioctl(ipf_fd, SIOCIPFDELTOK, &n);
-
if (group == NULL) {
while ((g = grtop) != NULL) {
printf("# Group %s\n", g->fg_name);
@@ -1214,6 +1211,7 @@
int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0;
int len, srclen, dstlen, forward = 1, c = 0;
ips_stat_t ipsst, *ipsstp = &ipsst;
+ int token_type = IPFGENITER_STATE;
statetop_t *tstable = NULL, *tp;
const char *errstr = "";
ipstate_t ips;
@@ -1357,6 +1355,8 @@
}
}
+ (void) ioctl(state_fd, SIOCIPFDELTOK, &token_type);
+
/* sort the array */
if (tsentry != -1) {
@@ -1494,14 +1494,14 @@
printw("Src: %s, Dest: %s, Proto: %s, Sorted by: %s\n\n",
str1, str2, str3, str4);
- /*
+ /*
* For an IPv4 IP address we need at most 15 characters,
* 4 tuples of 3 digits, separated by 3 dots. Enforce this
* length, so the colums do not change positions based
* on the size of the IP address. This length makes the
- * output fit in a 80 column terminal.
+ * output fit in a 80 column terminal.
* We are lacking a good solution for IPv6 addresses (that
- * can be longer that 15 characters), so we do not enforce
+ * can be longer that 15 characters), so we do not enforce
* a maximum on the IP field size.
*/
if (srclen < 15)
@@ -2054,8 +2054,6 @@
ipstate_t *fetchstate(src, dst)
ipstate_t *src, *dst;
{
- int i;
-
if (live_kernel == 1) {
ipfgeniter_t state;
ipfobj_t obj;
@@ -2071,10 +2069,6 @@
if (ioctl(state_fd, SIOCGENITER, &obj) != 0)
return NULL;
- if (dst->is_next == NULL) {
- i = IPFGENITER_STATE;
- ioctl(state_fd, SIOCIPFDELTOK, &i);
- }
} else {
if (kmemcpy((char *)dst, (u_long)src, sizeof(*dst)))
return NULL;
Index: src/dist/ipf/tools/ipmon.c
diff -u src/dist/ipf/tools/ipmon.c:1.15 src/dist/ipf/tools/ipmon.c:1.16
--- src/dist/ipf/tools/ipmon.c:1.15 Mon Dec 29 04:08:56 2008
+++ src/dist/ipf/tools/ipmon.c Wed Aug 19 08:35:32 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipmon.c,v 1.15 2008/12/29 04:08:56 christos Exp $ */
+/* $NetBSD: ipmon.c,v 1.16 2009/08/19 08:35:32 darrenr Exp $ */
/*
* Copyright (C) 2001-2006 by Darren Reed.
@@ -78,7 +78,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.23 2008/02/03 19:48:11 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.24 2009/07/21 22:32:53 darrenr Exp";
#endif
@@ -1048,10 +1048,16 @@
(void) sprintf(t, "%s", ifname);
t += strlen(t);
# if defined(MENTAT) || defined(linux)
- if (ISALPHA(*(t - 1))) {
- sprintf(t, "%d", ipf->fl_unit);
- t += strlen(t);
- }
+# if defined(linux)
+ /*
+ * On Linux, the loopback interface is just "lo", not "lo0".
+ */
+ if (strcmp(ifname, "lo") != 0)
+# endif
+ if (ISALPHA(*(t - 1))) {
+ sprintf(t, "%d", ipf->fl_unit);
+ t += strlen(t);
+ }
# endif
}
#else
Index: src/dist/ipf/tools/ippool_y.y
diff -u src/dist/ipf/tools/ippool_y.y:1.3 src/dist/ipf/tools/ippool_y.y:1.4
--- src/dist/ipf/tools/ippool_y.y:1.3 Sat Apr 14 20:34:35 2007
+++ src/dist/ipf/tools/ippool_y.y Wed Aug 19 08:35:32 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ippool_y.y,v 1.3 2007/04/14 20:34:35 martin Exp $ */
+/* $NetBSD: ippool_y.y,v 1.4 2009/08/19 08:35:32 darrenr Exp $ */
/*
* Copyright (C) 2001-2006 by Darren Reed.
@@ -263,16 +263,16 @@
range: addrmask { $$ = calloc(1, sizeof(*$$));
$$->ipn_info = 0;
- $$->ipn_addr.adf_len = sizeof($$->ipn_addr);
+ $$->ipn_addr.adf_len = sizeof($$->ipn_addr) + 4;
$$->ipn_addr.adf_addr.in4.s_addr = $1[0].s_addr;
- $$->ipn_mask.adf_len = sizeof($$->ipn_mask);
+ $$->ipn_mask.adf_len = sizeof($$->ipn_mask) + 4;
$$->ipn_mask.adf_addr.in4.s_addr = $1[1].s_addr;
}
| '!' addrmask { $$ = calloc(1, sizeof(*$$));
$$->ipn_info = 1;
- $$->ipn_addr.adf_len = sizeof($$->ipn_addr);
+ $$->ipn_addr.adf_len = sizeof($$->ipn_addr) + 4;
$$->ipn_addr.adf_addr.in4.s_addr = $2[0].s_addr;
- $$->ipn_mask.adf_len = sizeof($$->ipn_mask);
+ $$->ipn_mask.adf_len = sizeof($$->ipn_mask) + 4;
$$->ipn_mask.adf_addr.in4.s_addr = $2[1].s_addr;
}
| YY_STR { $$ = add_poolhosts($1); }
@@ -499,8 +499,8 @@
if (p == NULL)
break;
- p->ipn_addr.adf_len = 8;
- p->ipn_mask.adf_len = 8;
+ p->ipn_addr.adf_len = offsetof(addrfamily_t, adf_addr) + 4;
+ p->ipn_mask.adf_len = offsetof(addrfamily_t, adf_addr) + 4;
p->ipn_info = a->al_not;
Index: src/dist/ipf/tools/lexer.c
diff -u src/dist/ipf/tools/lexer.c:1.13 src/dist/ipf/tools/lexer.c:1.14
--- src/dist/ipf/tools/lexer.c:1.13 Tue May 20 07:08:07 2008
+++ src/dist/ipf/tools/lexer.c Wed Aug 19 08:35:33 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: lexer.c,v 1.13 2008/05/20 07:08:07 darrenr Exp $ */
+/* $NetBSD: lexer.c,v 1.14 2009/08/19 08:35:33 darrenr Exp $ */
/*
* Copyright (C) 2002-2006 by Darren Reed.
@@ -246,7 +246,7 @@
}
yyswallow('\n');
rval = YY_COMMENT;
- goto nextchar;
+ goto done;
case '$' :
if (isbuilding == 1) {
