From Darren Reed:

This patch fixes "ipfstat" not displaying group rules and fixes problems
being able to remove individual rules using ipf/ipnat.

#547 rule parsing puts junk at the end of ipf rules
#546 ipfstat -io does not list rules in groups aside from 0

Due to unforeseen circumstances I'm not able to commit this myself.

external/bsd/ipf/dist/lib/gethost.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: gethost.c,v 1.2 2012/07/22 14:27:36 darrenr Exp $	*/
+/*	$NetBSD: gethost.c,v 1.3 2014/06/12 17:23:06 christos Exp $	*/
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -19,6 +19,7 @@ int gethost(family, name, hostp)
 	struct netent *n;
 	u_32_t addr;
 
+	memset(hostp, sizeof(*hostp));
 	if (!strcmp(name, "test.host.dots")) {
 		if (family == AF_INET) {
 			hostp->in4.s_addr = htonl(0xfedcba98);
@@ -59,7 +60,7 @@ int gethost(family, name, hostp)
 		struct addrinfo hints, *res;
 		struct sockaddr_in6 *sin6;
 
-		bzero((char *)&hints, sizeof(hints));
+		memset(&hints, sizeof(hints));
 		hints.ai_family = PF_INET6;
 
 		getaddrinfo(name, NULL, &hints, &res);

external/bsd/ipf/dist/tools/ipf_y.y

@@ -1,4 +1,4 @@
-/*	$NetBSD: ipf_y.y,v 1.1.1.2 2012/07/22 13:44:52 darrenr Exp $	*/
+/*	$NetBSD: ipf_y.y,v 1.2 2014/06/12 17:23:06 christos Exp $	*/
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -2601,7 +2601,13 @@ char *name;
 	int pos;
 
 	nlen = strlen(name) + 1;
-	f = realloc(*frp, (*frp)->fr_size + nlen);
+	/*
+	 * realloc is harder to use here because the end of the structure
+	 * needs to be zero'd, else it gets junk bytes.
+	 */
+	f = calloc(1, (*frp)->fr_size + nlen);
+	memcpy(f, *frp, (*frp)->fr_size);
+	free(*frp);
 	if (*frp == frc)
 		frc = f;
 	*frp = f;

external/bsd/ipf/dist/tools/ipfstat.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ipfstat.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $	*/
+/*	$NetBSD: ipfstat.c,v 1.4 2014/06/12 17:23:06 christos Exp $	*/
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -799,7 +799,6 @@ printlivelist(fiop, out, set, fp, group, comment)
 	struct	frentry	fb;
 	ipfruleiter_t rule;
 	frentry_t zero;
-	frgroup_t *g;
 	ipfobj_t obj;
 	void *buf;
 	size_t bufsiz;
@@ -833,7 +832,7 @@ printlivelist(fiop, out, set, fp, group, comment)
 	if ((buf = malloc(bufsiz = sizeof(*fp) + 10240)) == NULL)
 		return 0;
 
-	do {
+	while (rule.iri_rule != NULL) {
 		memset(buf, 0xff, bufsiz);
 		fp = buf;
 		rule.iri_rule = fp;
@@ -886,35 +885,11 @@ printlivelist(fiop, out, set, fp, group, comment)
 			if (fp->fr_data != NULL && fp->fr_dsize > 0)
 				binprint(fp->fr_data, fp->fr_dsize);
 		}
-		if (fp->fr_grhead != -1) {
-			for (g = grtop; g != NULL; g = g->fg_next) {
-				if (!strncmp(fp->fr_names + fp->fr_grhead,
-					     g->fg_name,
-					     FR_GROUPLEN))
-					break;
-			}
-			if (g == NULL) {
-				g = calloc(1, sizeof(*g));
-
-				if (g != NULL) {
-					strncpy(g->fg_name,
-						fp->fr_names + fp->fr_grhead,
-						FR_GROUPLEN);
-					if (grtop == NULL) {
-						grtop = g;
-						grtail = g;
-					} else {
-						grtail->fg_next = g;
-						grtail = g;
-					}
-				}
-			}
-		}
 		if (fp->fr_type == FR_T_CALLFUNC) {
 			rules += printlivelist(fiop, out, set, fp->fr_data,
 					       group, "# callfunc: ");
 		}
-	} while (fp->fr_next != NULL);
+	}
 
 	num = IPFGENITER_IPF;
 	(void) ioctl(ipf_fd,SIOCIPFDELTOK, &num);

external/bsd/ipf/dist/tools/ipnat_y.y

@@ -1,4 +1,4 @@
-/*	$NetBSD: ipnat_y.y,v 1.1.1.2 2012/07/22 13:44:57 darrenr Exp $	*/
+/*	$NetBSD: ipnat_y.y,v 1.2 2014/06/12 17:23:06 christos Exp $	*/
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -1762,7 +1762,9 @@ addname(np, name)
 	int pos;
 
 	nlen = strlen(name) + 1;
-	n = realloc(*np, (*np)->in_size + nlen);
+	n = calloc(1, (*np)->in_size + nlen);
+	memcpy(n, *np (*np)->in_size);
+	free(*np);
 	if (*np == nattop)
 		nattop = n;
 	*np = n;