Module Name: src
Committed By: darrenr
Date: Sat Apr 17 21:00:09 UTC 2010
Modified Files:
src/dist/ipf: HISTORY Makefile ip_fil.c ip_lookup.c
src/dist/ipf/iplang: iplang_y.y
src/dist/ipf/ipsend: dlcommon.c hpux.c ipsend.5 iptests.c sbpf.c
sdlpi.c sirix.c snit.c sock.c
src/dist/ipf/lib: facpri.c getport.c getportproto.c getproto.c
hostname.c ipf_dotuning.c ipft_td.c printsbuf.c printstate.c
v6ionames.c var.c
src/dist/ipf/man: ipf.4 ipf.5 ipfilter.4 ipfstat.8 ipnat.5
src/dist/ipf/tools: ipf_y.y ipnat_y.y ippool_y.y ipscan_y.y
Log Message:
Commit IPFilter 4.1.34 to HEAD
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/dist/ipf/HISTORY
cvs rdiff -u -r1.13 -r1.14 src/dist/ipf/Makefile
cvs rdiff -u -r1.17 -r1.18 src/dist/ipf/ip_fil.c
cvs rdiff -u -r1.7 -r1.8 src/dist/ipf/ip_lookup.c
cvs rdiff -u -r1.10 -r1.11 src/dist/ipf/iplang/iplang_y.y
cvs rdiff -u -r1.2 -r1.3 src/dist/ipf/ipsend/dlcommon.c
cvs rdiff -u -r1.3 -r1.4 src/dist/ipf/ipsend/hpux.c \
src/dist/ipf/ipsend/snit.c
cvs rdiff -u -r1.4 -r1.5 src/dist/ipf/ipsend/ipsend.5 \
src/dist/ipf/ipsend/sirix.c
cvs rdiff -u -r1.15 -r1.16 src/dist/ipf/ipsend/iptests.c
cvs rdiff -u -r1.7 -r1.8 src/dist/ipf/ipsend/sbpf.c
cvs rdiff -u -r1.6 -r1.7 src/dist/ipf/ipsend/sdlpi.c
cvs rdiff -u -r1.17 -r1.18 src/dist/ipf/ipsend/sock.c
cvs rdiff -u -r1.4 -r1.5 src/dist/ipf/lib/facpri.c \
src/dist/ipf/lib/ipf_dotuning.c
cvs rdiff -u -r1.6 -r1.7 src/dist/ipf/lib/getport.c \
src/dist/ipf/lib/getportproto.c src/dist/ipf/lib/v6ionames.c
cvs rdiff -u -r1.5 -r1.6 src/dist/ipf/lib/getproto.c \
src/dist/ipf/lib/printstate.c src/dist/ipf/lib/var.c
cvs rdiff -u -r1.3 -r1.4 src/dist/ipf/lib/hostname.c \
src/dist/ipf/lib/ipft_td.c src/dist/ipf/lib/printsbuf.c
cvs rdiff -u -r1.11 -r1.12 src/dist/ipf/man/ipf.4 src/dist/ipf/man/ipf.5
cvs rdiff -u -r1.2 -r1.3 src/dist/ipf/man/ipfilter.4
cvs rdiff -u -r1.13 -r1.14 src/dist/ipf/man/ipfstat.8
cvs rdiff -u -r1.19 -r1.20 src/dist/ipf/man/ipnat.5
cvs rdiff -u -r1.23 -r1.24 src/dist/ipf/tools/ipf_y.y
cvs rdiff -u -r1.17 -r1.18 src/dist/ipf/tools/ipnat_y.y
cvs rdiff -u -r1.4 -r1.5 src/dist/ipf/tools/ippool_y.y
cvs rdiff -u -r1.3 -r1.4 src/dist/ipf/tools/ipscan_y.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/ipf/HISTORY
diff -u src/dist/ipf/HISTORY:1.26 src/dist/ipf/HISTORY:1.27
--- src/dist/ipf/HISTORY:1.26 Wed Aug 19 08:35:30 2009
+++ src/dist/ipf/HISTORY Sat Apr 17 21:00:08 2010
@@ -10,6 +10,30 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+4.1.34 - Release 11 MArch 2010
+
+2964907 uninitialised use compile error
+
+2959506 ipfstat does not display rules with compat
+
+2949139 FR_T_BUILTIN masked out incorrectly
+
+2937422 packets filtered with pools should not be cached'
+
+2935529 use of rules with tags leads to deadlock
+
+2917501 whitespace cleanup required
+
+2898915 Does not build on newer FreeBSD
+
+2898337 Does not build on newer FreeBSD
+
+2881514 in/out object functions not wired for compatibility
+
+2841771 ipf/ippool rule maintenace bugs: memory leak, ref-counter bug
+
+2839698 H.323 proxy does not clear fin_state/fin_nat
+
4.1.33 - Release 16 August 2009
2838417 tru64 compile is not error free
Index: src/dist/ipf/Makefile
diff -u src/dist/ipf/Makefile:1.13 src/dist/ipf/Makefile:1.14
--- src/dist/ipf/Makefile:1.13 Wed Aug 19 08:35:30 2009
+++ src/dist/ipf/Makefile Sat Apr 17 21:00:08 2010
@@ -5,7 +5,7 @@
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
-# Id: Makefile,v 2.76.2.29 2009/07/18 19:05:35 darrenr Exp
+# Id: Makefile,v 2.76.2.31 2010/01/31 16:22:53 darrenr Exp
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
@@ -35,6 +35,10 @@
#
#COMPIPF=-DIPFILTER_COMPILED
#
+# To enable IPFilter compatibility with older CLI utilities
+#
+COMPATIPF=-DIPFILTER_COMPAT
+#
# To enable synchronisation between IPFilter hosts
#
#SYNC=-DIPFILTER_SYNC
@@ -114,6 +118,7 @@
'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
"BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
+ "COMPATIPF=$(COMPATIPF)" \
'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
@@ -216,7 +221,7 @@
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
- (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
+# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd4 : include
if [ x$(INET6) = x ] ; then \
Index: src/dist/ipf/ip_fil.c
diff -u src/dist/ipf/ip_fil.c:1.17 src/dist/ipf/ip_fil.c:1.18
--- src/dist/ipf/ip_fil.c:1.17 Wed Aug 19 08:35:30 2009
+++ src/dist/ipf/ip_fil.c Sat Apr 17 21:00:08 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil.c,v 1.17 2009/08/19 08:35:30 darrenr Exp $ */
+/* $NetBSD: ip_fil.c,v 1.18 2010/04/17 21:00:08 darrenr Exp $ */
/*
* Copyright (C) 1993-2001 by Darren Reed.
@@ -7,7 +7,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.133.2.20 2008/07/27 08:27:04 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.133.2.21 2009/12/27 06:55:08 darrenr Exp";
#endif
#ifndef SOLARIS
@@ -818,12 +818,12 @@
}
-/*
+/*
* This function is not meant to be random, rather just produce a
* sequence of numbers that isn't linear to show "randomness".
*/
u_32_t
-ipf_random()
+ipf_random()
{
static int last = 0xa5a5a5a5;
static int calls = 0;
Index: src/dist/ipf/ip_lookup.c
diff -u src/dist/ipf/ip_lookup.c:1.7 src/dist/ipf/ip_lookup.c:1.8
--- src/dist/ipf/ip_lookup.c:1.7 Wed Aug 19 08:35:30 2009
+++ src/dist/ipf/ip_lookup.c Sat Apr 17 21:00:08 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_lookup.c,v 1.7 2009/08/19 08:35:30 darrenr Exp $ */
+/* $NetBSD: ip_lookup.c,v 1.8 2010/04/17 21:00:08 darrenr Exp $ */
/*
* Copyright (C) 2002-2003 by Darren Reed.
@@ -60,7 +60,7 @@
/* END OF INCLUDES */
#if !defined(lint)
-static const char rcsid[] = "@(#)Id: ip_lookup.c,v 2.35.2.21 2009/05/13 18:31:15 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_lookup.c,v 2.35.2.22 2010/01/31 16:22:55 darrenr Exp";
#endif
#ifdef IPFILTER_LOOKUP
@@ -585,7 +585,7 @@
int err;
SPL_INT(s);
- err = fr_inobj(data, &iter, IPFOBJ_LOOKUPITER);
+ err = fr_inobj(data, NULL, &iter, IPFOBJ_LOOKUPITER);
if (err != 0)
return err;
Index: src/dist/ipf/iplang/iplang_y.y
diff -u src/dist/ipf/iplang/iplang_y.y:1.10 src/dist/ipf/iplang/iplang_y.y:1.11
--- src/dist/ipf/iplang/iplang_y.y:1.10 Sat Apr 14 20:34:19 2007
+++ src/dist/ipf/iplang/iplang_y.y Sat Apr 17 21:00:08 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: iplang_y.y,v 1.10 2007/04/14 20:34:19 martin Exp $ */
+/* $NetBSD: iplang_y.y,v 1.11 2010/04/17 21:00:08 darrenr Exp $ */
%{
/*
@@ -6,7 +6,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * Id: iplang_y.y,v 2.9.2.5 2007/02/17 12:41:48 darrenr Exp
+ * Id: iplang_y.y,v 2.9.2.6 2009/12/27 06:53:15 darrenr Exp
*/
#include <stdio.h>
@@ -604,7 +604,7 @@
#ifdef bsdi
struct ether_addr *
ether_aton(s)
- char *s;
+ char *s;
{
static struct ether_addr n;
u_int i[6];
@@ -1839,7 +1839,7 @@
{
u_long sum = init;
int nwords = len >> 1;
-
+
for(; nwords > 0; nwords--)
sum += *buf++;
sum = (sum>>16) + (sum & 0xffff);
@@ -1854,7 +1854,7 @@
{
u_long sum = 0;
int nwords = len >> 1;
-
+
for(; nwords > 0; nwords--)
sum += *buf++;
return sum;
Index: src/dist/ipf/ipsend/dlcommon.c
diff -u src/dist/ipf/ipsend/dlcommon.c:1.2 src/dist/ipf/ipsend/dlcommon.c:1.3
--- src/dist/ipf/ipsend/dlcommon.c:1.2 Sun Mar 28 09:00:55 2004
+++ src/dist/ipf/ipsend/dlcommon.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: dlcommon.c,v 1.2 2004/03/28 09:00:55 martti Exp $ */
+/* $NetBSD: dlcommon.c,v 1.3 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Common (shared) DLPI test routines.
@@ -1140,7 +1140,7 @@
n++;
p = NULL;
}
-
+
return (n);
}
Index: src/dist/ipf/ipsend/hpux.c
diff -u src/dist/ipf/ipsend/hpux.c:1.3 src/dist/ipf/ipsend/hpux.c:1.4
--- src/dist/ipf/ipsend/hpux.c:1.3 Sun Mar 28 09:00:55 2004
+++ src/dist/ipf/ipsend/hpux.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: hpux.c,v 1.3 2004/03/28 09:00:55 martti Exp $ */
+/* $NetBSD: hpux.c,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
/*
* (C)opyright 1997-1998 Darren Reed. (from tcplog)
@@ -36,7 +36,7 @@
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
-{
+{
if (send(fd, pkt, len, 0) == -1)
{
perror("send");
@@ -92,7 +92,7 @@
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
-{
+{
if (send(fd, pkt, len, 0) == -1)
{
perror("send");
Index: src/dist/ipf/ipsend/snit.c
diff -u src/dist/ipf/ipsend/snit.c:1.3 src/dist/ipf/ipsend/snit.c:1.4
--- src/dist/ipf/ipsend/snit.c:1.3 Sun Mar 28 09:00:56 2004
+++ src/dist/ipf/ipsend/snit.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: snit.c,v 1.3 2004/03/28 09:00:56 martti Exp $ */
+/* $NetBSD: snit.c,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
@@ -41,7 +41,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp";
+static const char rcsid[] = "@(#)Id: snit.c,v 2.3.4.1 2009/12/27 06:53:15 darrenr Exp";
#endif
#define CHUNKSIZE 8192
@@ -117,7 +117,7 @@
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
-{
+{
struct sockaddr sk, *sa = &sk;
struct strbuf cbuf, *cp = &cbuf, dbuf, *dp = &dbuf;
Index: src/dist/ipf/ipsend/ipsend.5
diff -u src/dist/ipf/ipsend/ipsend.5:1.4 src/dist/ipf/ipsend/ipsend.5:1.5
--- src/dist/ipf/ipsend/ipsend.5:1.4 Sat Mar 15 19:26:42 2003
+++ src/dist/ipf/ipsend/ipsend.5 Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipsend.5,v 1.4 2003/03/15 19:26:42 wiz Exp $
+.\" $NetBSD: ipsend.5,v 1.5 2010/04/17 21:00:09 darrenr Exp $
.\"
.TH IPSEND 5
.SH NAME
@@ -124,7 +124,7 @@
sets the fragment offset field of the IP packet. Default is 0.
.TP
.B ttl <number>
-sets the time to live (TTL) field of the IP header. Default is 60.
+sets the time to live (TTL) field of the IP header. Default is 60.
.TP
.B proto <protocol>
sets the protocol field of the IP header. The protocol can either be a
Index: src/dist/ipf/ipsend/sirix.c
diff -u src/dist/ipf/ipsend/sirix.c:1.4 src/dist/ipf/ipsend/sirix.c:1.5
--- src/dist/ipf/ipsend/sirix.c:1.4 Sun Mar 28 09:00:56 2004
+++ src/dist/ipf/ipsend/sirix.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: sirix.c,v 1.4 2004/03/28 09:00:56 martti Exp $ */
+/* $NetBSD: sirix.c,v 1.5 2010/04/17 21:00:09 darrenr Exp $ */
/*
* (C)opyright 1992-1998 Darren Reed.
@@ -60,7 +60,7 @@
* output an IP packet
*/
int sendip(int fd, char *pkt, int len)
-{
+{
struct sockaddr_raw sr;
int srlen = sizeof(sr);
struct ifreq ifr;
Index: src/dist/ipf/ipsend/iptests.c
diff -u src/dist/ipf/ipsend/iptests.c:1.15 src/dist/ipf/ipsend/iptests.c:1.16
--- src/dist/ipf/ipsend/iptests.c:1.15 Wed Aug 19 08:35:31 2009
+++ src/dist/ipf/ipsend/iptests.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: iptests.c,v 1.15 2009/08/19 08:35:31 darrenr Exp $ */
+/* $NetBSD: iptests.c,v 1.16 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
@@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.11 2009/01/27 08:33:23 darrenr Exp";
+static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.12 2009/12/27 06:53:15 darrenr Exp";
#endif
#include <sys/param.h>
#include <sys/types.h>
@@ -23,7 +23,7 @@
#endif
#include <sys/time.h>
#if !defined(__osf__)
-# ifdef __NetBSD__
+# ifdef __NetBSD__
# include <machine/lock.h>
# include <sys/mutex.h>
# endif
Index: src/dist/ipf/ipsend/sbpf.c
diff -u src/dist/ipf/ipsend/sbpf.c:1.7 src/dist/ipf/ipsend/sbpf.c:1.8
--- src/dist/ipf/ipsend/sbpf.c:1.7 Tue Apr 4 16:17:18 2006
+++ src/dist/ipf/ipsend/sbpf.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: sbpf.c,v 1.7 2006/04/04 16:17:18 martti Exp $ */
+/* $NetBSD: sbpf.c,v 1.8 2010/04/17 21:00:09 darrenr Exp $ */
/*
* (C)opyright 1995-1998 Darren Reed. (from tcplog)
@@ -49,7 +49,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5.4.1 2006/03/21 16:32:58 darrenr Exp";
+static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5.4.2 2009/12/27 06:53:15 darrenr Exp";
#endif
/*
@@ -146,7 +146,7 @@
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
-{
+{
if (write(fd, pkt, len) == -1)
{
perror("send");
Index: src/dist/ipf/ipsend/sdlpi.c
diff -u src/dist/ipf/ipsend/sdlpi.c:1.6 src/dist/ipf/ipsend/sdlpi.c:1.7
--- src/dist/ipf/ipsend/sdlpi.c:1.6 Sat Apr 14 20:34:22 2007
+++ src/dist/ipf/ipsend/sdlpi.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: sdlpi.c,v 1.6 2007/04/14 20:34:22 martin Exp $ */
+/* $NetBSD: sdlpi.c,v 1.7 2010/04/17 21:00:09 darrenr Exp $ */
/*
* (C)opyright 1992-1998 Darren Reed. (from tcplog)
@@ -49,7 +49,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp";
+static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.3 2009/12/27 06:53:15 darrenr Exp";
#endif
#define CHUNKSIZE 8192
@@ -138,7 +138,7 @@
int sendip(fd, pkt, len)
int fd, len;
char *pkt;
-{
+{
struct strbuf dbuf, *dp = &dbuf, *cp = NULL;
int pri = 0;
#ifdef DL_HP_RAWDLS
Index: src/dist/ipf/ipsend/sock.c
diff -u src/dist/ipf/ipsend/sock.c:1.17 src/dist/ipf/ipsend/sock.c:1.18
--- src/dist/ipf/ipsend/sock.c:1.17 Wed Aug 19 08:35:31 2009
+++ src/dist/ipf/ipsend/sock.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: sock.c,v 1.17 2009/08/19 08:35:31 darrenr Exp $ */
+/* $NetBSD: sock.c,v 1.18 2010/04/17 21:00:09 darrenr Exp $ */
/*
* sock.c (C) 1995-1998 Darren Reed
@@ -8,7 +8,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.8 2008/07/24 09:30:34 darrenr Exp";
+static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.9 2009/12/27 06:53:15 darrenr Exp";
#endif
#include <sys/param.h>
#include <sys/types.h>
@@ -32,7 +32,7 @@
# include <sys/dir.h>
#endif
#if !defined(__osf__)
-# ifdef __NetBSD__
+# ifdef __NetBSD__
# include <machine/lock.h>
# include <sys/mutex.h>
# endif
Index: src/dist/ipf/lib/facpri.c
diff -u src/dist/ipf/lib/facpri.c:1.4 src/dist/ipf/lib/facpri.c:1.5
--- src/dist/ipf/lib/facpri.c:1.4 Sat Apr 14 20:34:23 2007
+++ src/dist/ipf/lib/facpri.c Sat Apr 17 21:00:09 2010
@@ -1,11 +1,11 @@
-/* $NetBSD: facpri.c,v 1.4 2007/04/14 20:34:23 martin Exp $ */
+/* $NetBSD: facpri.c,v 1.5 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp
+ * Id: facpri.c,v 1.6.2.6 2009/12/27 06:58:06 darrenr Exp
*/
#include <stdio.h>
@@ -22,7 +22,7 @@
#include "facpri.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp";
+static const char rcsid[] = "@(#)Id: facpri.c,v 1.6.2.6 2009/12/27 06:58:06 darrenr Exp";
#endif
@@ -96,7 +96,7 @@
/*
* map a facility name to its number
*/
-int
+int
fac_findname(name)
char *name;
{
Index: src/dist/ipf/lib/ipf_dotuning.c
diff -u src/dist/ipf/lib/ipf_dotuning.c:1.4 src/dist/ipf/lib/ipf_dotuning.c:1.5
--- src/dist/ipf/lib/ipf_dotuning.c:1.4 Sat Apr 14 20:34:27 2007
+++ src/dist/ipf/lib/ipf_dotuning.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: ipf_dotuning.c,v 1.4 2007/04/14 20:34:27 martin Exp $ */
+/* $NetBSD: ipf_dotuning.c,v 1.5 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2003-2005 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: ipf_dotuning.c,v 1.2.4.3 2006/06/16 17:21:02 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: ipf_dotuning.c,v 1.2.4.4 2009/12/27 06:58:06 darrenr Exp
+ */
#include "ipf.h"
#include "netinet/ipl.h"
Index: src/dist/ipf/lib/getport.c
diff -u src/dist/ipf/lib/getport.c:1.6 src/dist/ipf/lib/getport.c:1.7
--- src/dist/ipf/lib/getport.c:1.6 Sat Apr 14 20:34:24 2007
+++ src/dist/ipf/lib/getport.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: getport.c,v 1.6 2007/04/14 20:34:24 martin Exp $ */
+/* $NetBSD: getport.c,v 1.7 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2005 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: getport.c,v 1.1.4.6 2006/06/16 17:21:00 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: getport.c,v 1.1.4.7 2009/12/27 06:58:06 darrenr Exp
+ */
#include "ipf.h"
Index: src/dist/ipf/lib/getportproto.c
diff -u src/dist/ipf/lib/getportproto.c:1.6 src/dist/ipf/lib/getportproto.c:1.7
--- src/dist/ipf/lib/getportproto.c:1.6 Sat Apr 14 20:34:24 2007
+++ src/dist/ipf/lib/getportproto.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: getportproto.c,v 1.6 2007/04/14 20:34:24 martin Exp $ */
+/* $NetBSD: getportproto.c,v 1.7 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2005 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: getportproto.c,v 1.2.4.4 2006/06/16 17:21:00 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: getportproto.c,v 1.2.4.5 2009/12/27 06:58:06 darrenr Exp
+ */
#include <ctype.h>
#include "ipf.h"
Index: src/dist/ipf/lib/v6ionames.c
diff -u src/dist/ipf/lib/v6ionames.c:1.6 src/dist/ipf/lib/v6ionames.c:1.7
--- src/dist/ipf/lib/v6ionames.c:1.6 Sat Apr 14 20:34:33 2007
+++ src/dist/ipf/lib/v6ionames.c Sat Apr 17 21:00:09 2010
@@ -1,11 +1,11 @@
-/* $NetBSD: v6ionames.c,v 1.6 2007/04/14 20:34:33 martin Exp $ */
+/* $NetBSD: v6ionames.c,v 1.7 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2003-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * Id: v6ionames.c,v 1.1.4.3 2006/06/16 17:21:18 darrenr Exp
+ * Id: v6ionames.c,v 1.1.4.4 2009/12/27 06:58:07 darrenr Exp
*/
#include "ipf.h"
@@ -16,10 +16,10 @@
{ IPPROTO_HOPOPTS, 0x000001, 0, "hopopts" },
{ IPPROTO_IPV6, 0x000002, 0, "ipv6" },
{ IPPROTO_ROUTING, 0x000004, 0, "routing" },
- { IPPROTO_FRAGMENT, 0x000008, 0, "frag" },
+ { IPPROTO_FRAGMENT, 0x000008, 0, "frag" },
{ IPPROTO_ESP, 0x000010, 0, "esp" },
{ IPPROTO_AH, 0x000020, 0, "ah" },
- { IPPROTO_NONE, 0x000040, 0, "none" },
+ { IPPROTO_NONE, 0x000040, 0, "none" },
{ IPPROTO_DSTOPTS, 0x000080, 0, "dstopts" },
{ IPPROTO_MOBILITY, 0x000100, 0, "mobility" },
{ 0, 0, 0, (char *)NULL }
Index: src/dist/ipf/lib/getproto.c
diff -u src/dist/ipf/lib/getproto.c:1.5 src/dist/ipf/lib/getproto.c:1.6
--- src/dist/ipf/lib/getproto.c:1.5 Tue May 20 07:08:07 2008
+++ src/dist/ipf/lib/getproto.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: getproto.c,v 1.5 2008/05/20 07:08:07 darrenr Exp $ */
+/* $NetBSD: getproto.c,v 1.6 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2005 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: getproto.c,v 1.2.2.4 2007/10/27 16:03:38 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: getproto.c,v 1.2.2.5 2009/12/27 06:58:06 darrenr Exp
+ */
#include "ipf.h"
Index: src/dist/ipf/lib/printstate.c
diff -u src/dist/ipf/lib/printstate.c:1.5 src/dist/ipf/lib/printstate.c:1.6
--- src/dist/ipf/lib/printstate.c:1.5 Tue May 20 07:08:07 2008
+++ src/dist/ipf/lib/printstate.c Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: printstate.c,v 1.5 2008/05/20 07:08:07 darrenr Exp $ */
+/* $NetBSD: printstate.c,v 1.6 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2005 by Darren Reed.
@@ -138,7 +138,7 @@
/* a given; no? */
if (sp->is_pass & FR_KEEPSTATE) {
PRINTF(" keep state");
- if (sp->is_pass & FR_STATESYNC)
+ if (sp->is_pass & FR_STATESYNC)
PRINTF(" ( sync )");
}
PRINTF("\tIPv%d", sp->is_v);
@@ -175,7 +175,6 @@
if (sp->is_sync != NULL) {
if (kmemcpy((char *)&ipsync, (u_long)sp->is_sync, sizeof(ipsync))) {
-
PRINTF("\tSync status: status could not be retrieved\n");
return NULL;
}
@@ -183,7 +182,6 @@
PRINTF("\tSync status: idx %d num %d v %d pr %d rev %d\n",
ipsync.sl_idx, ipsync.sl_num, ipsync.sl_v,
ipsync.sl_p, ipsync.sl_rev);
-
} else {
PRINTF("\tSync status: not synchronized\n");
}
Index: src/dist/ipf/lib/var.c
diff -u src/dist/ipf/lib/var.c:1.5 src/dist/ipf/lib/var.c:1.6
--- src/dist/ipf/lib/var.c:1.5 Sat Apr 14 20:34:33 2007
+++ src/dist/ipf/lib/var.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: var.c,v 1.5 2007/04/14 20:34:33 martin Exp $ */
+/* $NetBSD: var.c,v 1.6 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2004 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: var.c,v 1.4.2.3 2006/06/16 17:21:18 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: var.c,v 1.4.2.4 2009/12/27 06:58:07 darrenr Exp
+ */
#include <ctype.h>
Index: src/dist/ipf/lib/hostname.c
diff -u src/dist/ipf/lib/hostname.c:1.3 src/dist/ipf/lib/hostname.c:1.4
--- src/dist/ipf/lib/hostname.c:1.3 Sat Apr 14 20:34:26 2007
+++ src/dist/ipf/lib/hostname.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: hostname.c,v 1.3 2007/04/14 20:34:26 martin Exp $ */
+/* $NetBSD: hostname.c,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2003 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: hostname.c,v 1.6.2.2 2007/01/16 02:25:22 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: hostname.c,v 1.6.2.3 2009/12/27 06:58:06 darrenr Exp
+ */
#include "ipf.h"
Index: src/dist/ipf/lib/ipft_td.c
diff -u src/dist/ipf/lib/ipft_td.c:1.3 src/dist/ipf/lib/ipft_td.c:1.4
--- src/dist/ipf/lib/ipft_td.c:1.3 Sat Apr 14 20:34:27 2007
+++ src/dist/ipf/lib/ipft_td.c Sat Apr 17 21:00:09 2010
@@ -1,11 +1,11 @@
-/* $NetBSD: ipft_td.c,v 1.3 2007/04/14 20:34:27 martin Exp $ */
+/* $NetBSD: ipft_td.c,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp
+ * Id: ipft_td.c,v 1.15.2.3 2009/12/27 06:58:06 darrenr Exp
*/
/*
@@ -42,7 +42,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15.2.3 2009/12/27 06:58:06 darrenr Exp";
#endif
static int tcpd_open __P((char *));
@@ -130,12 +130,12 @@
pkt.ti_sport = htons(atoi(s));
*--s = '.';
s = strrchr(dst, '.');
-
+
*s++ = '\0';
(void) inet_aton(src, &ip->ip_dst);
pkt.ti_dport = htons(atoi(s));
*--s = '.';
-
+
} else {
(void) inet_aton(src, &ip->ip_src);
(void) inet_aton(src, &ip->ip_dst);
Index: src/dist/ipf/lib/printsbuf.c
diff -u src/dist/ipf/lib/printsbuf.c:1.3 src/dist/ipf/lib/printsbuf.c:1.4
--- src/dist/ipf/lib/printsbuf.c:1.3 Sat Apr 14 20:34:31 2007
+++ src/dist/ipf/lib/printsbuf.c Sat Apr 17 21:00:09 2010
@@ -1,12 +1,12 @@
-/* $NetBSD: printsbuf.c,v 1.3 2007/04/14 20:34:31 martin Exp $ */
+/* $NetBSD: printsbuf.c,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2002-2004 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- * Id: printsbuf.c,v 1.2.4.2 2006/06/16 17:21:14 darrenr Exp
- */
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: printsbuf.c,v 1.2.4.3 2009/12/27 06:58:07 darrenr Exp
+ */
#ifdef IPFILTER_SCAN
Index: src/dist/ipf/man/ipf.4
diff -u src/dist/ipf/man/ipf.4:1.11 src/dist/ipf/man/ipf.4:1.12
--- src/dist/ipf/man/ipf.4:1.11 Sun Mar 28 09:00:56 2004
+++ src/dist/ipf/man/ipf.4 Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipf.4,v 1.11 2004/03/28 09:00:56 martti Exp $
+.\" $NetBSD: ipf.4,v 1.12 2010/04/17 21:00:09 darrenr Exp $
.\"
.TH IPF 4
.SH NAME
@@ -84,10 +84,10 @@
u_short fr_icmp;
u_char fr_scmp; /* data for port comparisons */
- u_char fr_dcmp;
+ u_char fr_dcmp;
u_short fr_dport;
u_short fr_sport;
- u_short fr_stop; /* top port for <> and >< */
+ u_short fr_stop; /* top port for <> and >< */
u_short fr_dtop; /* top port for <> and >< */
u_32_t fr_flags; /* per-rule flags && options (see below) */
u_short fr_skip; /* # of rules to skip */
@@ -97,7 +97,7 @@
char fr_ifname[IFNAMSIZ];
#if BSD > 199306
char fr_oifname[IFNAMSIZ];
-#endif
+#endif
struct frdest fr_tif; /* "to" interface */
struct frdest fr_dif; /* duplicate packet interfaces */
} frentry_t;
@@ -138,7 +138,7 @@
FR_NOTDSTIP 0x100000 /* not the dst IP# */
FR_AUTH 0x200000 /* use authentication */
FR_PREAUTH 0x400000 /* require preauthentication */
-
+
.fi
.PP
Values for fr_scomp and fr_dcomp (source and destination port value
Index: src/dist/ipf/man/ipf.5
diff -u src/dist/ipf/man/ipf.5:1.11 src/dist/ipf/man/ipf.5:1.12
--- src/dist/ipf/man/ipf.5:1.11 Tue Apr 4 16:17:18 2006
+++ src/dist/ipf/man/ipf.5 Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipf.5,v 1.11 2006/04/04 16:17:18 martti Exp $
+.\" $NetBSD: ipf.5,v 1.12 2010/04/17 21:00:09 darrenr Exp $
.\"
.TH IPF 5
.SH NAME
@@ -93,7 +93,7 @@
"audit" | "logalert" | "local0" | "local1" | "local2" |
"local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
- "info" | "debug" .
+ "info" | "debug" .
hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .
@@ -157,7 +157,7 @@
Would return a Type-Of-Service (TOS) ICMP unreachable error.
.TP
.B pass
-will flag the packet to be let through the filter.
+will flag the packet to be let through the filter.
.TP
.B log
causes the packet to be logged (as described in the LOGGING section
@@ -265,7 +265,7 @@
or switch, rather than a router. The \fBfastroute\fP keyword is a
synonym for this option.
.SH MATCHING PARAMETERS
-.PP
+.PP
The keywords described in this section are used to describe attributes
of the packet to be used when determining whether rules match or don't
match. The following general-purpose attributes are provided for
@@ -297,7 +297,7 @@
The \fBfrom\fP and \fBto\fP keywords are used to match against IP
addresses (and optionally port numbers). Rules must specify BOTH
source and destination parameters.
-.PP
+.PP
IP addresses may be specified in one of two ways: as a numerical
address\fB/\fPmask, or as a hostname \fBmask\fP netmask. The hostname
may either be a valid hostname, from either the hosts file or DNS
@@ -450,7 +450,7 @@
.TP
.B body
indicates that the first 128 bytes of the packet contents will be
-logged after the headers.
+logged after the headers.
.TP
.B first
If log is being used in conjunction with a "keep" option, it is recommended
@@ -464,7 +464,7 @@
.TP
.B "level <loglevel>"
indicates what logging facility and priority, or just priority with
-the default facility being used, will be used to log information about
+the default facility being used, will be used to log information about
this packet using ipmon's -s option.
.PP
See ipl(4) for the format of records written
Index: src/dist/ipf/man/ipfilter.4
diff -u src/dist/ipf/man/ipfilter.4:1.2 src/dist/ipf/man/ipfilter.4:1.3
--- src/dist/ipf/man/ipfilter.4:1.2 Thu Oct 15 00:16:28 2009
+++ src/dist/ipf/man/ipfilter.4 Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipfilter.4,v 1.2 2009/10/15 00:16:28 joerg Exp $
+.\" $NetBSD: ipfilter.4,v 1.3 2010/04/17 21:00:09 darrenr Exp $
.\"
.TH IP\ FILTER 4
.SH NAME
@@ -28,7 +28,7 @@
.IP
keep packet state information for TCP, UDP and ICMP packet flows
.IP
-keep fragment state information for any IP packet, applying the same rule
+keep fragment state information for any IP packet, applying the same rule
to all fragments.
.IP
act as a Network Address Translator (NAT)
@@ -53,7 +53,7 @@
.IP
"short" (fragmented) IP packets with incomplete headers can be filtered
.IP
-any of the 19 IP options or 8 registered IP security classes TOS (Type of
+any of the 19 IP options or 8 registered IP security classes TOS (Type of
Service) field in packets
.PP
To keep track of the performance of the IP packet filter, a logging device
@@ -73,7 +73,7 @@
.PP
IP Filter keeps its own set of statistics on:
.IP
-packets blocked
+packets blocked
.IP
packets (and bytes!) used for accounting
.IP
@@ -87,7 +87,7 @@
.SH Tools
The current implementation provides a small set of tools, which can easily
-be used and integrated with regular unix shells and tools. A brief description
+be used and integrated with regular unix shells and tools. A brief description
of the tools provided:
.PP
ipf(8)
@@ -100,7 +100,7 @@
is a utility to temporarily lock the IP Filter kernel tables (state tables
and NAT mappings) and write them to disk. After that the system can be
rebooted, and ipfs can be used to read these tables from disk and restore
-them into the kernel. This way the system can be rebooted without the
+them into the kernel. This way the system can be rebooted without the
connections being terminated.
.PP
ipfstat(8)
@@ -117,7 +117,7 @@
reads buffered data from the logging device (default is /dev/ipl)
for output to either:
.IP
-screen (standard output)
+screen (standard output)
.IP
file
.IP
@@ -147,13 +147,13 @@
Documentation on ioctl's and the format of data saved
to the logging character device is provided in ipl(4)
-so that you may develop your own applications to work with or in place of any
+so that you may develop your own applications to work with or in place of any
of the above.
Similar, the interface to the NAT code is documented in ipnat(4).
.SH PACKET PROCESSING FLOW
-The following diagram illustrates the flow of TCP/IP packets through the
+The following diagram illustrates the flow of TCP/IP packets through the
various stages introduced by IP Filter.
.PP
.nf
Index: src/dist/ipf/man/ipfstat.8
diff -u src/dist/ipf/man/ipfstat.8:1.13 src/dist/ipf/man/ipfstat.8:1.14
--- src/dist/ipf/man/ipfstat.8:1.13 Tue May 15 22:52:22 2007
+++ src/dist/ipf/man/ipfstat.8 Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipfstat.8,v 1.13 2007/05/15 22:52:22 martin Exp $
+.\" $NetBSD: ipfstat.8,v 1.14 2010/04/17 21:00:09 darrenr Exp $
.\"
.TH ipfstat 8
.SH NAME
@@ -44,7 +44,7 @@
.TP
.B \-A
Display packet authentication statistics.
-.TP
+.TP
.B \-C
This option is only valid in combination with \fB\-t\fP.
Display "closed" states as well in the top. Normally, a TCP connection is
@@ -146,8 +146,8 @@
.SH STATE TOP
Using the \fB\-t\fP option \fBipfstat\fP will enter the state top mode. In
this mode the state table is displayed similar to the way \fBtop\fP displays
-the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP
-command line options can be used to restrict the state entries that will be
+the process table. The \fB\-C\fP, \fB\-D\fP, \fB\-P\fP, \fB\-S\fP and \fB\-T\fP
+command line options can be used to restrict the state entries that will be
shown and to specify the frequency of display updates.
.PP
In state top mode, the following keys can be used to influence the displayed
@@ -159,7 +159,7 @@
.TP
\fBl\fP redraw the screen.
.TP
-\fBq\fP quit the program.
+\fBq\fP quit the program.
.TP
\fBs\fP switch between different sorting criterion.
.TP
Index: src/dist/ipf/man/ipnat.5
diff -u src/dist/ipf/man/ipnat.5:1.19 src/dist/ipf/man/ipnat.5:1.20
--- src/dist/ipf/man/ipnat.5:1.19 Tue Apr 4 16:17:18 2006
+++ src/dist/ipf/man/ipnat.5 Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: ipnat.5,v 1.19 2006/04/04 16:17:18 martti Exp $
+.\" $NetBSD: ipnat.5,v 1.20 2010/04/17 21:00:09 darrenr Exp $
.\"
.TH IPNAT 5
.SH NAME
@@ -133,14 +133,14 @@
care that ICMP errors that are the response of a NAT-ed IP packet are
handled properly.
.PP
-For 4 types of ICMP queries (echo request, timestamp request, information
+For 4 types of ICMP queries (echo request, timestamp request, information
request and address mask request) IP Filter supports an additional mapping
called "ICMP id mapping". All these 4 types of ICMP queries use a unique
identifier called the ICMP id. This id is set by the process sending the
ICMP query and it is usually equal to the process id. The receiver of the
ICMP query will use the same id in its response, thus enabling the
sender to recognize that the incoming ICMP reply is intended for him and is
-an answer to a query that he made. The "ICMP id mapping" feature modifies
+an answer to a query that he made. The "ICMP id mapping" feature modifies
these ICMP id in a way identical to \fBportmap\fP for TCP or UDP.
.PP
The reason that you might want this, is that using this feature you don't
@@ -153,7 +153,7 @@
Since the ICMP id is usually the process id, it is wise to restrict the
largest permittable process id (PID) on your operating system to e.g. 63999 and
use the range 64000:65535 for ICMP id mapping. Changing the maximal PID is
-system dependent. For most BSD derived systems can be done by changing
+system dependent. For most BSD derived systems can be done by changing
PID_MAX in /usr/include/sys/proc.h and then rebuild the system.
.SH KERNEL PROXIES
.PP
Index: src/dist/ipf/tools/ipf_y.y
diff -u src/dist/ipf/tools/ipf_y.y:1.23 src/dist/ipf/tools/ipf_y.y:1.24
--- src/dist/ipf/tools/ipf_y.y:1.23 Wed Aug 19 08:35:32 2009
+++ src/dist/ipf/tools/ipf_y.y Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf_y.y,v 1.23 2009/08/19 08:35:32 darrenr Exp $ */
+/* $NetBSD: ipf_y.y,v 1.24 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2001-2006 by Darren Reed.
@@ -348,7 +348,7 @@
| YY_HEX { DOREM(fr->fr_tos = $1; fr->fr_mtos = 0xff;) }
| toslist lmore YY_NUMBER
{ DOREM(fr->fr_tos = $3; fr->fr_mtos = 0xff;) }
- | toslist lmore YY_HEX
+ | toslist lmore YY_HEX
{ DOREM(fr->fr_tos = $3; fr->fr_mtos = 0xff;) }
;
@@ -683,7 +683,7 @@
| IPFY_AND { nowith = 0; setipftype(); }
;
-flags: | startflags flagset
+flags: | startflags flagset
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = FR_TCPFMAX;) }
| startflags flagset '/' flagset
{ DOALL(fr->fr_tcpf = $2; fr->fr_tcpfm = $4;) }
@@ -775,10 +775,10 @@
srcportlist:
portnum { DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $1;) }
- | portnum ':' portnum
+ | portnum ':' portnum
{ DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $1; \
fr->fr_stop = $3;) }
- | portnum YY_RANGE_IN portnum
+ | portnum YY_RANGE_IN portnum
{ DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $1; \
fr->fr_stop = $3;) }
| srcportlist lmore portnum
@@ -853,10 +853,10 @@
dstportlist:
portnum { DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $1;) }
- | portnum ':' portnum
+ | portnum ':' portnum
{ DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $1; \
fr->fr_dtop = $3;) }
- | portnum YY_RANGE_IN portnum
+ | portnum YY_RANGE_IN portnum
{ DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $1; \
fr->fr_dtop = $3;) }
| dstportlist lmore portnum
@@ -922,6 +922,10 @@
bcopy(&$1, &$$.a, sizeof($$.a)); }
maskspace { yysetdict(maskwords); }
ipv6mask { bcopy(&$5, &$$.m, sizeof($$.m));
+ $$.a.i6[0] &= $$.m.i6[0];
+ $$.a.i6[1] &= $$.m.i6[1];
+ $$.a.i6[2] &= $$.m.i6[2];
+ $$.a.i6[3] &= $$.m.i6[3];
yyresetdict();
yyexpectaddr = 0; }
;
@@ -1935,7 +1939,14 @@
#ifdef IPFILTER_BPF
bzero((char *)&bpf, sizeof(bpf));
+# ifdef DLT_IPv4
+ if (v == 4)
+ p = pcap_open_dead(DLT_IPv4, 1);
+ else if (v == 6)
+ p = pcap_open_dead(DLT_IPv6, 1);
+# else
p = pcap_open_dead(DLT_RAW, 1);
+# endif
if (!p) {
fprintf(stderr, "pcap_open_dead failed\n");
return;
@@ -2004,7 +2015,7 @@
top = calloc(1, sizeof(*top));
if (top == NULL)
return 0;
-
+
for (n = top, a = list; (n != NULL) && (a != NULL); a = a->al_next) {
n->ipn_addr.adf_addr.in4.s_addr = a->al_1;
n->ipn_mask.adf_addr.in4.s_addr = a->al_2;
@@ -2041,7 +2052,7 @@
top = calloc(1, sizeof(*top));
if (top == NULL)
return 0;
-
+
for (n = top, a = list; (n != NULL) && (a != NULL); a = a->al_next) {
n->ipe_addr.in4_addr = a->al_1;
n->ipe_mask.in4_addr = a->al_2;
Index: src/dist/ipf/tools/ipnat_y.y
diff -u src/dist/ipf/tools/ipnat_y.y:1.17 src/dist/ipf/tools/ipnat_y.y:1.18
--- src/dist/ipf/tools/ipnat_y.y:1.17 Thu Jul 24 09:37:58 2008
+++ src/dist/ipf/tools/ipnat_y.y Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: ipnat_y.y,v 1.17 2008/07/24 09:37:58 darrenr Exp $ */
+/* $NetBSD: ipnat_y.y,v 1.18 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2001-2006 by Darren Reed.
@@ -86,7 +86,7 @@
%token <num> YY_NUMBER YY_HEX
%token <str> YY_STR
-%token YY_COMMENT
+%token YY_COMMENT
%token YY_CMP_EQ YY_CMP_NE YY_CMP_LE YY_CMP_GE YY_CMP_LT YY_CMP_GT
%token YY_RANGE_OUT YY_RANGE_IN
%token <ip6> YY_IPV6
Index: src/dist/ipf/tools/ippool_y.y
diff -u src/dist/ipf/tools/ippool_y.y:1.4 src/dist/ipf/tools/ippool_y.y:1.5
--- src/dist/ipf/tools/ippool_y.y:1.4 Wed Aug 19 08:35:32 2009
+++ src/dist/ipf/tools/ippool_y.y Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: ippool_y.y,v 1.4 2009/08/19 08:35:32 darrenr Exp $ */
+/* $NetBSD: ippool_y.y,v 1.5 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2001-2006 by Darren Reed.
@@ -69,7 +69,7 @@
%token <num> YY_NUMBER YY_HEX
%token <str> YY_STR
-%token YY_COMMENT
+%token YY_COMMENT
%token YY_CMP_EQ YY_CMP_NE YY_CMP_LE YY_CMP_GE YY_CMP_LT YY_CMP_GT
%token YY_RANGE_OUT YY_RANGE_IN
%token <ip6> YY_IPV6
Index: src/dist/ipf/tools/ipscan_y.y
diff -u src/dist/ipf/tools/ipscan_y.y:1.3 src/dist/ipf/tools/ipscan_y.y:1.4
--- src/dist/ipf/tools/ipscan_y.y:1.3 Sat Apr 14 20:34:35 2007
+++ src/dist/ipf/tools/ipscan_y.y Sat Apr 17 21:00:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: ipscan_y.y,v 1.3 2007/04/14 20:34:35 martin Exp $ */
+/* $NetBSD: ipscan_y.y,v 1.4 2010/04/17 21:00:09 darrenr Exp $ */
/*
* Copyright (C) 2001-2004 by Darren Reed.
@@ -60,7 +60,7 @@
%token <num> YY_NUMBER YY_HEX
%token <str> YY_STR
-%token YY_COMMENT
+%token YY_COMMENT
%token YY_CMP_EQ YY_CMP_NE YY_CMP_LE YY_CMP_GE YY_CMP_LT YY_CMP_GT
%token YY_RANGE_OUT YY_RANGE_IN
%token <ip6> YY_IPV6
