Upgraded IPFilter to 4.1.6
This commit is contained in:
parent
76b5d9e30f
commit
460bbcc960
|
@ -10,6 +10,35 @@
|
|||
# and especially those who have found the time to port IP Filter to new
|
||||
# platforms.
|
||||
#
|
||||
4.1.6 - Released 19 February 2005
|
||||
|
||||
add a new timeout number to NAT (fr_defnatipage) that is used for all
|
||||
non-TCP/UDP/ICMP protocols - default 60 seconds.
|
||||
|
||||
buffer leak with bad nat - David Gueluy
|
||||
|
||||
fix memory leak with state entries created by proxies
|
||||
|
||||
eliminate copying too much data into a scan buffer
|
||||
|
||||
allow a trailing protocol name for map rules as well as rdr ones
|
||||
|
||||
fix bug in parsing of <= and > for NAT rules (two were crossed over)
|
||||
|
||||
FreeBSD's iplwrite hasn't kept pace with iplread's prototype
|
||||
|
||||
expand documention on the karma of using "auto" in ipnat map rules
|
||||
|
||||
add matching on IP protocol to ipnat map rules
|
||||
|
||||
allow ippool definitions to contain no addresses to start with
|
||||
|
||||
Linux NAT needs to modify the IP header checksum as it gets called after it
|
||||
has been computed by IP.
|
||||
|
||||
UDP was missing a pullup for packet header information before examining
|
||||
the header
|
||||
|
||||
4.1.5 - Released 9 January 2005
|
||||
|
||||
all rules were being converted into "dup-to" rules in the kernel
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ipf.h,v 1.8 2005/02/08 07:01:52 martti Exp $ */
|
||||
/* $NetBSD: ipf.h,v 1.9 2005/02/19 21:30:24 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001, 2003 by Darren Reed.
|
||||
|
@ -6,7 +6,7 @@
|
|||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* @(#)ipf.h 1.12 6/5/96
|
||||
* Id: ipf.h,v 2.71.2.4 2004/11/02 11:15:35 darrenr Exp
|
||||
* Id: ipf.h,v 2.71.2.5 2005/02/01 02:44:34 darrenr Exp
|
||||
*/
|
||||
|
||||
#ifndef __IPF_H__
|
||||
|
@ -250,8 +250,8 @@ extern void printaps __P((ap_session_t *, int));
|
|||
extern void printbuf __P((char *, int, int));
|
||||
extern void printfr __P((struct frentry *, ioctlfunc_t));
|
||||
extern void printtunable __P((ipftune_t *));
|
||||
extern struct iphtable_s *printhash __P((struct iphtable_s *,
|
||||
copyfunc_t, int));
|
||||
extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t,
|
||||
char *, int));
|
||||
extern struct iphtent_s *printhashnode __P((struct iphtable_s *,
|
||||
struct iphtent_s *,
|
||||
copyfunc_t, int));
|
||||
|
@ -262,7 +262,8 @@ extern void printlookup __P((i6addr_t *addr, i6addr_t *mask));
|
|||
extern void printmask __P((u_32_t *));
|
||||
extern void printpacket __P((struct ip *));
|
||||
extern void printpacket6 __P((struct ip *));
|
||||
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, int));
|
||||
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
|
||||
char *, int));
|
||||
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int));
|
||||
extern void printportcmp __P((int, struct frpcmp *));
|
||||
extern void optprint __P((u_short *, u_long, u_long));
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: getportproto.c,v 1.4 2004/11/13 19:16:10 he Exp $ */
|
||||
/* $NetBSD: getportproto.c,v 1.5 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
#include <ctype.h>
|
||||
#include "ipf.h"
|
||||
|
@ -10,12 +10,23 @@ int proto;
|
|||
struct servent *s;
|
||||
struct protoent *p;
|
||||
|
||||
if (ISDIGIT(*name) && atoi(name) > 0)
|
||||
return htons(atoi(name) & 65535);
|
||||
if (ISDIGIT(*name)) {
|
||||
int number;
|
||||
char *s;
|
||||
|
||||
for (s = name; *s != '\0'; s++)
|
||||
if (!ISDIGIT(*s))
|
||||
return -1;
|
||||
|
||||
number = atoi(name);
|
||||
if (number < 0 || number > 65535)
|
||||
return -1;
|
||||
return htons(number);
|
||||
}
|
||||
|
||||
p = getprotobynumber(proto);
|
||||
s = getservbyname(name, p ? p->p_name : NULL);
|
||||
if (s != NULL)
|
||||
return s->s_port;
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: ipnat.5,v 1.16 2004/07/23 05:39:04 martti Exp $
|
||||
.\" $NetBSD: ipnat.5,v 1.17 2005/02/19 21:30:25 martti Exp $
|
||||
.\"
|
||||
.TH IPNAT 5
|
||||
.SH NAME
|
||||
|
@ -264,7 +264,13 @@ map ppp0 172.192.0.0/16 -> 209.1.2.0/24 portmap tcp/udp auto
|
|||
.fi
|
||||
.PP
|
||||
which would result in each IP address being given a small range of ports to
|
||||
use (252). The problem here is that the \fBmap\fP directive tells the NAT
|
||||
use (252). In all cases, the new port number that is used is deterministic.
|
||||
That is, port X will always map to port Y.
|
||||
WARNING: It is not advisable to use the \fBauto\fP feature if you are map'ing
|
||||
to a /32 (i.e. 0/32) because the NAT code will try to map multiple hosts to
|
||||
the same port number, outgoing and ultimately this will only succeed for one
|
||||
of them.
|
||||
The problem here is that the \fBmap\fP directive tells the NAT
|
||||
code to use the next address/port pair available for an outgoing connection,
|
||||
resulting in no easily discernible relation between external addresses/ports
|
||||
and internal ones. This is overcome by using \fBmap-block\fP as follows:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: proxy.c,v 1.4 2004/07/23 05:39:04 martti Exp $ */
|
||||
/* $NetBSD: proxy.c,v 1.5 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Sample transparent proxy program.
|
||||
|
@ -141,6 +141,7 @@ char *extif;
|
|||
struct sockaddr_in usin;
|
||||
u_32_t sum1, sum2, sumd;
|
||||
int onoff, ofd, slen;
|
||||
ipfobj_t obj;
|
||||
ipnat_t *ipn;
|
||||
nat_t *nat;
|
||||
|
||||
|
@ -200,9 +201,15 @@ printf("local port# to use: %d\n", ntohs(usin.sin_port));
|
|||
|
||||
nat->nat_flags = IPN_TCPUDP;
|
||||
|
||||
bzero((char *)&obj, sizeof(obj));
|
||||
obj.ipfo_rev = IPFILTER_VERSION;
|
||||
obj.ipfo_size = sizeof(*nsp);
|
||||
obj.ipfo_ptr = nsp;
|
||||
obj.ipfo_type = IPFOBJ_NATSAVE;
|
||||
|
||||
onoff = 1;
|
||||
if (ioctl(fd, SIOCSTLCK, &onoff) == 0) {
|
||||
if (ioctl(fd, SIOCSTPUT, &nsp) != 0)
|
||||
if (ioctl(fd, SIOCSTPUT, &obj) != 0)
|
||||
perror("SIOCSTPUT");
|
||||
onoff = 0;
|
||||
if (ioctl(fd, SIOCSTLCK, &onoff) != 0)
|
||||
|
|
|
@ -1090,7 +1090,10 @@ portnum:
|
|||
$$ = ntohs($$);
|
||||
free($1);
|
||||
}
|
||||
| YY_NUMBER { $$ = $1; }
|
||||
| YY_NUMBER { $$ = $1;
|
||||
if ($$ < 0 || $$ > 65535)
|
||||
yyerror("invalid port number");
|
||||
}
|
||||
;
|
||||
|
||||
withlist:
|
||||
|
|
|
@ -211,7 +211,7 @@ mapblock:
|
|||
}
|
||||
;
|
||||
|
||||
redir: rdrit ifnames addr dport IPNY_TLATE dip nport rdrproto rdroptions
|
||||
redir: rdrit ifnames addr dport IPNY_TLATE dip nport setproto rdroptions
|
||||
{ nat->in_v = 4;
|
||||
nat->in_outip = $3.a.s_addr;
|
||||
nat->in_outmsk = $3.m.s_addr;
|
||||
|
@ -226,7 +226,7 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport rdrproto rdroptions
|
|||
nat->in_pnext != 0))
|
||||
setnatproto(IPPROTO_TCP);
|
||||
}
|
||||
| rdrit ifnames rdrfrom IPNY_TLATE dip nport rdrproto rdroptions
|
||||
| rdrit ifnames rdrfrom IPNY_TLATE dip nport setproto rdroptions
|
||||
{ nat->in_v = 4;
|
||||
if ((nat->in_p == 0) &&
|
||||
((nat->in_flags & IPN_TCPUDP) == 0) &&
|
||||
|
@ -239,7 +239,7 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport rdrproto rdroptions
|
|||
nat->in_ifnames[0],
|
||||
sizeof(nat->in_ifnames[0]));
|
||||
}
|
||||
| rdrit ifnames addr IPNY_TLATE dip rdrproto rdroptions
|
||||
| rdrit ifnames addr IPNY_TLATE dip setproto rdroptions
|
||||
{ nat->in_v = 4;
|
||||
nat->in_outip = $3.a.s_addr;
|
||||
nat->in_outmsk = $3.m.s_addr;
|
||||
|
@ -250,7 +250,7 @@ redir: rdrit ifnames addr dport IPNY_TLATE dip nport rdrproto rdroptions
|
|||
}
|
||||
;
|
||||
|
||||
proxy: | IPNY_PROXY IPNY_PORT YY_NUMBER YY_STR '/' proto
|
||||
proxy: | IPNY_PROXY IPNY_PORT portspec YY_STR '/' proto
|
||||
{ strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel));
|
||||
if (nat->in_dcmp == 0) {
|
||||
nat->in_dport = htons($3);
|
||||
|
@ -261,24 +261,35 @@ proxy: | IPNY_PROXY IPNY_PORT YY_NUMBER YY_STR '/' proto
|
|||
free($4);
|
||||
}
|
||||
| IPNY_PROXY IPNY_PORT YY_STR YY_STR '/' proto
|
||||
{ strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel));
|
||||
nat->in_dport = getportproto($3, $6);
|
||||
{ int pnum;
|
||||
strncpy(nat->in_plabel, $4, sizeof(nat->in_plabel));
|
||||
pnum = getportproto($3, $6);
|
||||
if (pnum == -1)
|
||||
yyerror("invalid port number");
|
||||
nat->in_dport = pnum;
|
||||
setnatproto($6);
|
||||
free($3);
|
||||
free($4);
|
||||
}
|
||||
;
|
||||
|
||||
rdrproto:
|
||||
| IPNY_TCP { setnatproto(IPPROTO_TCP); }
|
||||
| IPNY_UDP { setnatproto(IPPROTO_UDP); }
|
||||
| IPNY_TCPUDP { nat->in_flags |= IPN_TCPUDP;
|
||||
nat->in_p = 0; }
|
||||
| IPNY_TCP '/' IPNY_UDP { nat->in_flags |= IPN_TCPUDP;
|
||||
nat->in_p = 0; }
|
||||
| YY_NUMBER { setnatproto($1); }
|
||||
| YY_STR { setnatproto(getproto($1));
|
||||
free($1);
|
||||
setproto:
|
||||
| proto { if (nat->in_p != 0 ||
|
||||
nat->in_flags & IPN_TCPUDP)
|
||||
yyerror("protocol set twice");
|
||||
setnatproto($1);
|
||||
}
|
||||
| IPNY_TCPUDP { if (nat->in_p != 0 ||
|
||||
nat->in_flags & IPN_TCPUDP)
|
||||
yyerror("protocol set twice");
|
||||
nat->in_flags |= IPN_TCPUDP;
|
||||
nat->in_p = 0;
|
||||
}
|
||||
| IPNY_TCP '/' IPNY_UDP { if (nat->in_p != 0 ||
|
||||
nat->in_flags & IPN_TCPUDP)
|
||||
yyerror("protocol set twice");
|
||||
nat->in_flags |= IPN_TCPUDP;
|
||||
nat->in_p = 0;
|
||||
}
|
||||
;
|
||||
|
||||
|
@ -297,8 +308,16 @@ dip:
|
|||
;
|
||||
|
||||
portspec:
|
||||
YY_NUMBER { $$ = $1; }
|
||||
| YY_STR { $$ = getport(NULL, $1); }
|
||||
YY_NUMBER { $$ = $1;
|
||||
if ($$ < 0 || $$ > 65535)
|
||||
yyerror("invalid port number");
|
||||
}
|
||||
| YY_STR { $$ = getport(NULL, $1);
|
||||
if (ntohl((long)$$) < 0 ||
|
||||
ntohl((long)$$) > 65535)
|
||||
yyerror("invalid port number");
|
||||
$$ = ntohs($$);
|
||||
}
|
||||
;
|
||||
|
||||
dport: | IPNY_PORT portspec { nat->in_pmin = htons($2);
|
||||
|
@ -375,11 +394,15 @@ mapport:
|
|||
nat->in_pmin = htons(1024);
|
||||
nat->in_pmax = htons(65535);
|
||||
}
|
||||
| IPNY_ICMPIDMAP YY_STR portspec ':' portspec
|
||||
| IPNY_ICMPIDMAP YY_STR YY_NUMBER ':' YY_NUMBER
|
||||
{ if (strcmp($2, "icmp") != 0) {
|
||||
yyerror("icmpidmap not followed by icmp");
|
||||
}
|
||||
free($2);
|
||||
if ($3 < 0 || $3 > 65535)
|
||||
yyerror("invalid ICMP Id number");
|
||||
if ($5 < 0 || $5 > 65535)
|
||||
yyerror("invalid ICMP Id number");
|
||||
nat->in_flags = IPN_ICMPQUERY;
|
||||
nat->in_pmin = htons($3);
|
||||
nat->in_pmax = htons($5);
|
||||
|
@ -449,7 +472,7 @@ portstuff:
|
|||
;
|
||||
|
||||
mapoptions:
|
||||
rr frag age mssclamp nattag
|
||||
rr frag age mssclamp nattag setproto
|
||||
;
|
||||
|
||||
rdroptions:
|
||||
|
@ -536,8 +559,8 @@ compare:
|
|||
| YY_CMP_EQ { $$ = FR_EQUAL; }
|
||||
| YY_CMP_NE { $$ = FR_NEQUAL; }
|
||||
| YY_CMP_LT { $$ = FR_LESST; }
|
||||
| YY_CMP_GT { $$ = FR_LESSTE; }
|
||||
| YY_CMP_LE { $$ = FR_GREATERT; }
|
||||
| YY_CMP_LE { $$ = FR_LESSTE; }
|
||||
| YY_CMP_GT { $$ = FR_GREATERT; }
|
||||
| YY_CMP_GE { $$ = FR_GREATERTE; }
|
||||
|
||||
range:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ippool.c,v 1.3 2004/03/28 14:34:45 he Exp $ */
|
||||
/* $NetBSD: ippool.c,v 1.4 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2003 by Darren Reed.
|
||||
|
@ -431,14 +431,15 @@ char *argv[];
|
|||
if (role != IPL_LOGALL) {
|
||||
ptr = plstp->ipls_list[role];
|
||||
while (ptr != NULL) {
|
||||
ptr = printpool(ptr, kmemcpywrap, opts);
|
||||
ptr = printpool(ptr, kmemcpywrap, poolname,
|
||||
opts);
|
||||
}
|
||||
} else {
|
||||
for (role = 0; role <= IPL_LOGMAX; role++) {
|
||||
ptr = plstp->ipls_list[role];
|
||||
while (ptr != NULL) {
|
||||
ptr = printpool(ptr, kmemcpywrap,
|
||||
opts);
|
||||
poolname, opts);
|
||||
}
|
||||
}
|
||||
role = IPL_LOGALL;
|
||||
|
@ -458,14 +459,15 @@ char *argv[];
|
|||
if (role != IPL_LOGALL) {
|
||||
hptr = htstp->iphs_tables;
|
||||
while (hptr != NULL) {
|
||||
hptr = printhash(hptr, kmemcpywrap, opts);
|
||||
hptr = printhash(hptr, kmemcpywrap,
|
||||
poolname, opts);
|
||||
}
|
||||
} else {
|
||||
for (role = 0; role <= IPL_LOGMAX; role++) {
|
||||
hptr = htstp->iphs_tables;
|
||||
while (hptr != NULL) {
|
||||
hptr = printhash(hptr, kmemcpywrap,
|
||||
opts);
|
||||
poolname, opts);
|
||||
}
|
||||
|
||||
op.iplo_unit = role;
|
||||
|
|
|
@ -61,6 +61,8 @@ static int yygetc()
|
|||
|
||||
if (yypos < yylast) {
|
||||
c = yytext[yypos++];
|
||||
if (c == '\n')
|
||||
yylineNum++;
|
||||
return c;
|
||||
}
|
||||
|
||||
|
@ -72,9 +74,9 @@ static int yygetc()
|
|||
yypos++;
|
||||
} else {
|
||||
c = fgetc(yyin);
|
||||
if (c == '\n')
|
||||
yylineNum++;
|
||||
}
|
||||
if (c == '\n')
|
||||
yylineNum++;
|
||||
yytext[yypos++] = c;
|
||||
yylast = yypos;
|
||||
yytext[yypos] = '\0';
|
||||
|
@ -86,6 +88,8 @@ static int yygetc()
|
|||
static void yyunputc(c)
|
||||
int c;
|
||||
{
|
||||
if (c == '\n')
|
||||
yylineNum--;
|
||||
yytext[--yypos] = c;
|
||||
}
|
||||
|
||||
|
@ -202,6 +206,9 @@ nextchar:
|
|||
|
||||
if (lnext == 1) {
|
||||
lnext = 0;
|
||||
if ((isbuilding == 0) && !ISALNUM(c)) {
|
||||
return c;
|
||||
}
|
||||
goto nextchar;
|
||||
}
|
||||
|
||||
|
@ -214,7 +221,7 @@ nextchar:
|
|||
}
|
||||
yyswallow('\n');
|
||||
rval = YY_COMMENT;
|
||||
goto done;
|
||||
goto nextchar;
|
||||
|
||||
case '$' :
|
||||
if (isbuilding == 1) {
|
||||
|
@ -280,6 +287,13 @@ nextchar:
|
|||
break;
|
||||
|
||||
case EOF :
|
||||
yylineNum = 1;
|
||||
yypos = 0;
|
||||
yylast = -1;
|
||||
yyexpectaddr = 0;
|
||||
yybreakondot = 0;
|
||||
yyvarnext = 0;
|
||||
yytokentype = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -477,7 +491,8 @@ done:
|
|||
yytokentype = rval;
|
||||
|
||||
if (yydebug)
|
||||
printf("lexed(%s) => %d\n", yystr, rval);
|
||||
printf("lexed(%s) [%d,%d,%d] => %d\n", yystr, string_start,
|
||||
string_end, pos, rval);
|
||||
|
||||
switch (rval)
|
||||
{
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile,v 1.8 2005/02/08 07:01:56 martti Exp $
|
||||
# $NetBSD: Makefile,v 1.9 2005/02/19 21:30:25 martti Exp $
|
||||
#
|
||||
# (C)opyright 1993-1996 by Darren Reed.
|
||||
#
|
||||
|
@ -30,7 +30,7 @@ ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12
|
|||
|
||||
nitests: ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12
|
||||
|
||||
intests: in1 in2 in3 in4 in5
|
||||
intests: in1 in2 in3 in4 in5 in6
|
||||
|
||||
logtests: l1
|
||||
|
||||
|
@ -64,7 +64,7 @@ ni6:
|
|||
@${HOST_SH} ${.CURDIR}/natipftest ${.CURDIR} multi \
|
||||
`${AWK} "/^$@ / { print; } " ${.CURDIR}/test.format`
|
||||
|
||||
in1 in2 in3 in4 in5:
|
||||
in1 in2 in3 in4 in5 in6:
|
||||
@${HOST_SH} ${.CURDIR}/intest ${.CURDIR} \
|
||||
`${AWK} "/^$@ / { print; } " ${.CURDIR}/test.format`
|
||||
|
||||
|
@ -93,7 +93,7 @@ clean:
|
|||
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15
|
||||
/bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12
|
||||
/bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12
|
||||
/bin/rm -f in1 in2 in3 in4 in5
|
||||
/bin/rm -f in1 in2 in3 in4 in5 in6
|
||||
/bin/rm -f p1 p2 p3 ip1
|
||||
/bin/rm -f l1
|
||||
/bin/rm -f ipv6.1 ipv6.2 ipv6.3
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: fil.c,v 1.8 2005/02/08 07:01:55 martti Exp $ */
|
||||
/* $NetBSD: fil.c,v 1.9 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2003 by Darren Reed.
|
||||
|
@ -135,10 +135,10 @@ struct file;
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.8 2005/02/08 07:01:55 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.9 2005/02/19 21:30:25 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: fil.c,v 2.243.2.46 2005/01/09 01:20:03 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: fil.c,v 2.243.2.50 2005/02/17 05:32:24 darrenr Exp";
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -1079,9 +1079,15 @@ fr_info_t *fin;
|
|||
|
||||
fi = &fin->fin_fi;
|
||||
fi->fi_flx |= FI_TCPUDP;
|
||||
udp = fin->fin_dp;
|
||||
|
||||
if (frpr_pullup(fin, sizeof(*udp)) == -1) {
|
||||
fi->fi_flx |= FI_SHORT;
|
||||
return;
|
||||
}
|
||||
|
||||
if (!fin->fin_off && (fin->fin_dlen > 3)) {
|
||||
udp = fin->fin_dp;
|
||||
|
||||
fin->fin_sport = ntohs(udp->uh_sport);
|
||||
fin->fin_dport = ntohs(udp->uh_dport);
|
||||
}
|
||||
|
@ -2417,12 +2423,6 @@ filtered:
|
|||
#endif
|
||||
m = fin->fin_m;
|
||||
|
||||
if (FR_ISPASS(pass)) {
|
||||
ATOMIC_INCL(frstats[out].fr_pass);
|
||||
} else if (FR_ISBLOCK(pass)) {
|
||||
ATOMIC_INCL(frstats[out].fr_block);
|
||||
}
|
||||
|
||||
if (fr != NULL) {
|
||||
frdest_t *fdp;
|
||||
|
||||
|
@ -2454,21 +2454,23 @@ filtered:
|
|||
*/
|
||||
RWLOCK_EXIT(&ipf_mutex);
|
||||
|
||||
finished:
|
||||
if (!FR_ISPASS(pass)) {
|
||||
ATOMIC_INCL(frstats[out].fr_block);
|
||||
if (*mp != NULL) {
|
||||
FREE_MB_T(*mp);
|
||||
m = *mp = NULL;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
ATOMIC_INCL(frstats[out].fr_pass);
|
||||
#if defined(_KERNEL) && defined(__sgi)
|
||||
else {
|
||||
if ((fin->fin_hbuf != NULL) &&
|
||||
(mtod(fin->fin_m, struct ip *) != fin->fin_ip)) {
|
||||
COPYBACK(m, 0, fin->fin_plen, fin->fin_hbuf);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
finished:
|
||||
}
|
||||
|
||||
RWLOCK_EXIT(&ipf_global);
|
||||
#ifdef _KERNEL
|
||||
# if OpenBSD >= 200311
|
||||
|
@ -2892,7 +2894,7 @@ nodata:
|
|||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
|
||||
* Id: fil.c,v 2.243.2.46 2005/01/09 01:20:03 darrenr Exp
|
||||
* Id: fil.c,v 2.243.2.50 2005/02/17 05:32:24 darrenr Exp
|
||||
*/
|
||||
/*
|
||||
* Copy data from an mbuf chain starting "off" bytes from the beginning,
|
||||
|
@ -4666,6 +4668,8 @@ ipftqent_t *tqe;
|
|||
ipftq_t *ifq;
|
||||
|
||||
ifq = tqe->tqe_ifq;
|
||||
if (ifq == NULL)
|
||||
return;
|
||||
tqe->tqe_die = fr_ticks + ifq->ifq_ttl;
|
||||
|
||||
if (tqe->tqe_next == NULL) /* at the end already ? */
|
||||
|
@ -5520,6 +5524,8 @@ ipftuneable_t ipf_tuneables[] = {
|
|||
sizeof(nat_logging), 0 },
|
||||
{ { &fr_defnatage }, "fr_defnatage", 1, 0x7fffffff,
|
||||
sizeof(fr_defnatage), IPFT_WRDISABLED },
|
||||
{ { &fr_defnatipage }, "fr_defnatipage", 1, 0x7fffffff,
|
||||
sizeof(fr_defnatipage), IPFT_WRDISABLED },
|
||||
{ { &fr_defnaticmpage }, "fr_defnaticmpage", 1, 0x7fffffff,
|
||||
sizeof(fr_defnaticmpage), IPFT_WRDISABLED },
|
||||
/* frag */
|
||||
|
@ -5911,11 +5917,11 @@ void fr_deinitialise()
|
|||
{
|
||||
fr_fragunload();
|
||||
fr_authunload();
|
||||
fr_natunload();
|
||||
fr_stateunload();
|
||||
#ifdef IPFILTER_SCAN
|
||||
fr_scanunload();
|
||||
#endif
|
||||
fr_natunload();
|
||||
appr_unload();
|
||||
|
||||
#ifdef IPFILTER_COMPILED
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_fil_netbsd.c,v 1.8 2005/02/17 04:14:31 christos Exp $ */
|
||||
/* $NetBSD: ip_fil_netbsd.c,v 1.9 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2003 by Darren Reed.
|
||||
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_fil_netbsd.c,v 2.55.2.24 2005/01/08 16:55:54 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: ip_fil_netbsd.c,v 2.55.2.25 2005/02/01 03:14:31 darrenr Exp";
|
||||
#endif
|
||||
|
||||
#if defined(KERNEL) || defined(_KERNEL)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* $NetBSD: ip_ftp_pxy.c,v 1.5 2005/02/08 07:01:55 martti Exp $ */
|
||||
/* $NetBSD: ip_ftp_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.5 2005/02/08 07:01:55 martti Exp $");
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $");
|
||||
|
||||
/*
|
||||
* Copyright (C) 1997-2003 by Darren Reed
|
||||
|
@ -11,7 +11,7 @@ __KERNEL_RCSID(1, "$NetBSD: ip_ftp_pxy.c,v 1.5 2005/02/08 07:01:55 martti Exp $"
|
|||
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
|
||||
* code.
|
||||
*
|
||||
* Id: ip_ftp_pxy.c,v 2.88.2.9 2005/01/08 17:24:13 darrenr Exp
|
||||
* Id: ip_ftp_pxy.c,v 2.88.2.10 2005/02/04 10:22:54 darrenr Exp
|
||||
*/
|
||||
|
||||
#define IPF_FTP_PROXY
|
||||
|
@ -325,6 +325,8 @@ int dlen;
|
|||
* mapping.
|
||||
*/
|
||||
bcopy((char *)fin, (char *)&fi, sizeof(fi));
|
||||
fi.fin_state = NULL;
|
||||
fi.fin_nat = NULL;
|
||||
fi.fin_flx |= FI_IGNORE;
|
||||
fi.fin_data[0] = sp;
|
||||
fi.fin_data[1] = fin->fin_data[1] - 1;
|
||||
|
@ -376,6 +378,8 @@ int dlen;
|
|||
ip->ip_dst = nat->nat_inip;
|
||||
}
|
||||
(void) fr_addstate(&fi, &nat2->nat_state, SI_W_DPORT);
|
||||
if (fi.fin_state != NULL)
|
||||
fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
|
||||
}
|
||||
ip->ip_len = slen;
|
||||
ip->ip_src = swip;
|
||||
|
@ -670,6 +674,8 @@ u_int data_ip;
|
|||
* other way.
|
||||
*/
|
||||
bcopy((char *)fin, (char *)&fi, sizeof(fi));
|
||||
fi.fin_state = NULL;
|
||||
fi.fin_nat = NULL;
|
||||
fi.fin_flx |= FI_IGNORE;
|
||||
fi.fin_data[0] = 0;
|
||||
fi.fin_data[1] = port;
|
||||
|
@ -729,6 +735,8 @@ u_int data_ip;
|
|||
ip->ip_dst = nat->nat_inip;
|
||||
}
|
||||
(void) fr_addstate(&fi, &nat2->nat_state, sflags);
|
||||
if (fi.fin_state != NULL)
|
||||
fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
|
||||
}
|
||||
|
||||
ip->ip_len = slen;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_ipsec_pxy.c,v 1.1.1.2 2005/02/19 21:27:14 martti Exp $ */
|
||||
/* $NetBSD: ip_ipsec_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2001-2003 by Darren Reed
|
||||
|
@ -11,6 +11,9 @@
|
|||
* Id: ip_ipsec_pxy.c,v 2.20.2.4 2005/02/04 10:22:55 darrenr Exp
|
||||
*
|
||||
*/
|
||||
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_ipsec_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $");
|
||||
|
||||
#define IPF_IPSEC_PROXY
|
||||
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
/* $NetBSD: ip_irc_pxy.c,v 1.3 2005/02/08 07:01:55 martti Exp $ */
|
||||
/* $NetBSD: ip_irc_pxy.c,v 1.4 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2000-2003 Darren Reed
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* Id: ip_irc_pxy.c,v 2.39.2.3 2004/12/09 19:40:59 darrenr Exp
|
||||
* Id: ip_irc_pxy.c,v 2.39.2.4 2005/02/04 10:22:55 darrenr Exp
|
||||
*/
|
||||
|
||||
#define IPF_IRC_PROXY
|
||||
|
@ -399,6 +399,8 @@ nat_t *nat;
|
|||
tcp2->th_win = htons(8192);
|
||||
tcp2->th_sport = sp;
|
||||
tcp2->th_dport = 0; /* XXX - don't specify remote port */
|
||||
fi.fin_state = NULL;
|
||||
fi.fin_nat = NULL;
|
||||
fi.fin_data[0] = ntohs(sp);
|
||||
fi.fin_data[1] = 0;
|
||||
fi.fin_dp = (char *)tcp2;
|
||||
|
@ -414,6 +416,8 @@ nat_t *nat;
|
|||
nat_update(&fi, nat2, nat2->nat_ptr);
|
||||
|
||||
(void) fr_addstate(&fi, NULL, SI_W_DPORT);
|
||||
if (fi.fin_state != NULL)
|
||||
fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
|
||||
}
|
||||
ip->ip_src = swip;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_nat.c,v 1.4 2005/02/08 07:01:55 martti Exp $ */
|
||||
/* $NetBSD: ip_nat.c,v 1.5 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995-2003 by Darren Reed.
|
||||
|
@ -107,7 +107,7 @@ extern struct ifnet vpnif;
|
|||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.195.2.27 2005/01/02 13:20:31 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.195.2.30 2005/02/04 09:44:37 darrenr Exp";
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -160,6 +160,7 @@ int nat_logging = 0;
|
|||
#endif
|
||||
|
||||
u_long fr_defnatage = DEF_NAT_AGE,
|
||||
fr_defnatipage = 120, /* 60 seconds */
|
||||
fr_defnaticmpage = 6; /* 3 seconds */
|
||||
natstat_t nat_stats;
|
||||
int fr_nat_lock = 0;
|
||||
|
@ -275,7 +276,7 @@ int fr_natinit()
|
|||
nat_icmptq.ifq_tail = &nat_icmptq.ifq_head;
|
||||
MUTEX_INIT(&nat_icmptq.ifq_lock, "nat icmp ipftq tab");
|
||||
nat_icmptq.ifq_next = &nat_iptq;
|
||||
nat_iptq.ifq_ttl = fr_defnaticmpage;
|
||||
nat_iptq.ifq_ttl = fr_defnatipage;
|
||||
nat_iptq.ifq_head = NULL;
|
||||
nat_iptq.ifq_tail = &nat_iptq.ifq_head;
|
||||
MUTEX_INIT(&nat_iptq.ifq_lock, "nat ip ipftq tab");
|
||||
|
@ -3572,6 +3573,8 @@ maskloop:
|
|||
continue;
|
||||
if (np->in_v != fin->fin_v)
|
||||
continue;
|
||||
if (np->in_p && (np->in_p != fin->fin_p))
|
||||
continue;
|
||||
if ((np->in_flags & IPN_RF) && !(np->in_flags & nflags))
|
||||
continue;
|
||||
if (np->in_flags & IPN_FILTER) {
|
||||
|
@ -3688,7 +3691,7 @@ u_32_t nflags;
|
|||
CALC_SUMD(s1, s2, sumd);
|
||||
fix_outcksum(fin, &fin->fin_ip->ip_sum, sumd);
|
||||
}
|
||||
#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi)
|
||||
#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) || defined(linux)
|
||||
else {
|
||||
if (nat->nat_dir == NAT_OUTBOUND)
|
||||
fix_outcksum(fin, &fin->fin_ip->ip_sum,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_nat.h,v 1.3 2005/02/08 07:01:55 martti Exp $ */
|
||||
/* $NetBSD: ip_nat.h,v 1.4 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995-2001, 2003 by Darren Reed.
|
||||
|
@ -6,7 +6,7 @@
|
|||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* @(#)ip_nat.h 1.5 2/4/96
|
||||
* Id: ip_nat.h,v 2.90.2.5 2004/12/20 23:12:05 darrenr Exp
|
||||
* Id: ip_nat.h,v 2.90.2.6 2005/02/04 09:56:15 darrenr Exp
|
||||
*/
|
||||
|
||||
#ifndef __IP_NAT_H__
|
||||
|
@ -429,6 +429,7 @@ extern int fr_nat_lock;
|
|||
extern void fr_natsync __P((void *));
|
||||
extern u_long fr_defnatage;
|
||||
extern u_long fr_defnaticmpage;
|
||||
extern u_long fr_defnatipage;
|
||||
/* nat_table[0] -> hashed list sorted by inside (ip, port) */
|
||||
/* nat_table[1] -> hashed list sorted by outside (ip, port) */
|
||||
extern nat_t **nat_table[2];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_pool.c,v 1.2 2005/02/08 07:01:55 martti Exp $ */
|
||||
/* $NetBSD: ip_pool.c,v 1.3 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001, 2003 by Darren Reed.
|
||||
|
@ -79,7 +79,7 @@ static int rn_freenode __P((struct radix_node *, void *));
|
|||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_pool.c,v 2.55.2.11 2004/10/17 15:49:14 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: ip_pool.c,v 2.55.2.12 2005/02/01 04:04:46 darrenr Exp";
|
||||
#endif
|
||||
|
||||
#ifdef IPFILTER_LOOKUP
|
||||
|
@ -307,7 +307,11 @@ iplookupop_t *op;
|
|||
for (i = 0; i < IPL_LOGSIZE; i++)
|
||||
stats.ipls_list[i] = ip_pool_list[i];
|
||||
} else if (unit >= 0 && unit < IPL_LOGSIZE) {
|
||||
stats.ipls_list[unit] = ip_pool_list[unit];
|
||||
if (op->iplo_name[0] != '\0')
|
||||
stats.ipls_list[unit] = ip_pool_find(unit,
|
||||
op->iplo_name);
|
||||
else
|
||||
stats.ipls_list[unit] = ip_pool_list[unit];
|
||||
} else
|
||||
err = EINVAL;
|
||||
if (err == 0)
|
||||
|
@ -332,7 +336,7 @@ char *name;
|
|||
ip_pool_t *p;
|
||||
|
||||
for (p = ip_pool_list[unit]; p != NULL; p = p->ipo_next)
|
||||
if (strcmp(p->ipo_name, name) == 0)
|
||||
if (strncmp(p->ipo_name, name, sizeof(p->ipo_name)) == 0)
|
||||
break;
|
||||
return p;
|
||||
}
|
||||
|
@ -532,7 +536,8 @@ iplookupop_t *op;
|
|||
#endif
|
||||
|
||||
for (p = ip_pool_list[unit]; p != NULL; ) {
|
||||
if (strcmp(name, p->ipo_name) == 0) {
|
||||
if (strncmp(name, p->ipo_name,
|
||||
sizeof(p->ipo_name)) == 0) {
|
||||
poolnum++;
|
||||
#if defined(SNPRINTF) && defined(_KERNEL)
|
||||
SNPRINTF(name, sizeof(name), "%x", poolnum);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_proxy.c,v 1.4 2005/02/09 23:42:30 christos Exp $ */
|
||||
/* $NetBSD: ip_proxy.c,v 1.5 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1997-2003 by Darren Reed.
|
||||
|
@ -89,11 +89,11 @@ struct file;
|
|||
|
||||
#include "netinet/ip_ftp_pxy.c"
|
||||
#include "netinet/ip_rcmd_pxy.c"
|
||||
# include "netinet/ip_pptp_pxy.c"
|
||||
#if defined(_KERNEL)
|
||||
# include "netinet/ip_irc_pxy.c"
|
||||
# include "netinet/ip_raudio_pxy.c"
|
||||
# include "netinet/ip_h323_pxy.c"
|
||||
# include "netinet/ip_pptp_pxy.c"
|
||||
# ifdef IPFILTER_PRO
|
||||
# include "netinet/ip_msnrpc_pxy.c"
|
||||
# endif
|
||||
|
@ -105,7 +105,7 @@ struct file;
|
|||
/* END OF INCLUDES */
|
||||
|
||||
#if !defined(lint)
|
||||
static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.62.2.9 2004/10/17 15:21:28 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.62.2.10 2005/02/17 04:40:03 darrenr Exp";
|
||||
#endif
|
||||
|
||||
static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int ));
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
/* $NetBSD: ip_raudio_pxy.c,v 1.1.1.2 2005/02/19 21:27:19 martti Exp $ */
|
||||
/* $NetBSD: ip_raudio_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_raudio_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $");
|
||||
|
||||
/*
|
||||
* Copyright (C) 1998-2003 by Darren Reed
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
/* $NetBSD: ip_rcmd_pxy.c,v 1.5 2005/02/08 07:01:56 martti Exp $ */
|
||||
/* $NetBSD: ip_rcmd_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_rcmd_pxy.c,v 1.5 2005/02/08 07:01:56 martti Exp $");
|
||||
__KERNEL_RCSID(1, "$NetBSD: ip_rcmd_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $");
|
||||
|
||||
/*
|
||||
* Copyright (C) 1998-2003 by Darren Reed
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* Id: ip_rcmd_pxy.c,v 1.41.2.3 2004/12/09 19:41:00 darrenr Exp
|
||||
* Id: ip_rcmd_pxy.c,v 1.41.2.4 2005/02/04 10:22:55 darrenr Exp
|
||||
*
|
||||
* Simple RCMD transparent proxy for in-kernel use. For use with the NAT
|
||||
* code.
|
||||
|
@ -206,6 +206,8 @@ nat_t *nat;
|
|||
ip->ip_dst = nat->nat_inip;
|
||||
}
|
||||
(void) fr_addstate(&fi, &nat2->nat_state, SI_W_DPORT);
|
||||
if (fi.fin_state != NULL)
|
||||
fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
|
||||
}
|
||||
ip->ip_len = slen;
|
||||
ip->ip_src = swip;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_rpcb_pxy.c,v 1.5 2005/02/08 07:01:56 martti Exp $ */
|
||||
/* $NetBSD: ip_rpcb_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2002-2003 by Ryan Beasley <ryanb@goddamnbastard.org>
|
||||
|
@ -39,7 +39,7 @@
|
|||
* o The enclosed hack of STREAMS support is pretty sick and most likely
|
||||
* broken.
|
||||
*
|
||||
* Id: ip_rpcb_pxy.c,v 2.25.2.2 2004/12/09 19:41:00 darrenr Exp
|
||||
* Id: ip_rpcb_pxy.c,v 2.25.2.3 2005/02/04 10:22:56 darrenr Exp
|
||||
*/
|
||||
|
||||
#define IPF_RPCB_PROXY
|
||||
|
@ -1272,6 +1272,8 @@ ippr_rpcb_getnat(fin, nat, proto, port)
|
|||
*/
|
||||
return(-1);
|
||||
}
|
||||
if (fi.fin_state != NULL)
|
||||
fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
|
||||
}
|
||||
|
||||
return(0);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_scan.c,v 1.3 2005/02/08 07:01:56 martti Exp $ */
|
||||
/* $NetBSD: ip_scan.c,v 1.4 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995-2001 by Darren Reed.
|
||||
|
@ -60,7 +60,7 @@ struct file;
|
|||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_scan.c,v 2.40.2.1 2004/12/09 19:41:01 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: ip_scan.c,v 2.40.2.2 2005/01/18 10:13:16 darrenr Exp";
|
||||
#endif
|
||||
|
||||
#ifdef IPFILTER_SCAN /* endif at bottom of file */
|
||||
|
@ -525,15 +525,16 @@ ipstate_t *is;
|
|||
*/
|
||||
s0 = is->is_s0[rv];
|
||||
off = seq - s0;
|
||||
if ((seq > s0 + 15) || (off < 0))
|
||||
if ((off > 15) || (off < 0))
|
||||
return 1;
|
||||
thoff = TCP_OFF(tcp) << 2;
|
||||
dlen = fin->fin_dlen - thoff;
|
||||
if (dlen <= 0)
|
||||
return 1;
|
||||
seq += dlen;
|
||||
if (seq > s0 + 15)
|
||||
dlen -= (seq - (s0 + 15));
|
||||
if (dlen > 16)
|
||||
dlen = 16;
|
||||
if (off + dlen > 16)
|
||||
dlen = 16 - off;
|
||||
|
||||
j = 0xffff >> (16 - dlen);
|
||||
i = (0xffff & j) << off;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_state.c,v 1.4 2005/02/08 07:01:56 martti Exp $ */
|
||||
/* $NetBSD: ip_state.c,v 1.5 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995-2003 by Darren Reed.
|
||||
|
@ -110,10 +110,10 @@ struct file;
|
|||
#if !defined(lint)
|
||||
#if defined(__NetBSD__)
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.4 2005/02/08 07:01:56 martti Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.5 2005/02/19 21:30:25 martti Exp $");
|
||||
#else
|
||||
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)Id: ip_state.c,v 2.186.2.23 2004/12/20 23:36:48 darrenr Exp";
|
||||
static const char rcsid[] = "@(#)Id: ip_state.c,v 2.186.2.25 2005/02/17 05:56:26 darrenr Exp";
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -2678,24 +2678,27 @@ int why;
|
|||
* Since we want to delete this, remove it from the state table,
|
||||
* where it can be found & used, first.
|
||||
*/
|
||||
*is->is_pnext = is->is_next;
|
||||
if (is->is_pnext != NULL) {
|
||||
*is->is_pnext = is->is_next;
|
||||
|
||||
if (is->is_next != NULL)
|
||||
is->is_next->is_pnext = is->is_pnext;
|
||||
if (is->is_next != NULL)
|
||||
is->is_next->is_pnext = is->is_pnext;
|
||||
|
||||
is->is_pnext = NULL;
|
||||
is->is_next = NULL;
|
||||
}
|
||||
|
||||
is->is_pnext = NULL;
|
||||
is->is_next = NULL;
|
||||
if (is->is_phnext != NULL) {
|
||||
*is->is_phnext = is->is_hnext;
|
||||
if (is->is_hnext != NULL)
|
||||
is->is_hnext->is_phnext = is->is_phnext;
|
||||
if (ips_table[is->is_hv] == NULL)
|
||||
ips_stats.iss_inuse--;
|
||||
ips_stats.iss_bucketlen[is->is_hv]--;
|
||||
|
||||
*is->is_phnext = is->is_hnext;
|
||||
if (is->is_hnext != NULL)
|
||||
is->is_hnext->is_phnext = is->is_phnext;
|
||||
if (ips_table[is->is_hv] == NULL)
|
||||
ips_stats.iss_inuse--;
|
||||
ips_stats.iss_bucketlen[is->is_hv]--;
|
||||
|
||||
is->is_phnext = NULL;
|
||||
is->is_hnext = NULL;
|
||||
is->is_phnext = NULL;
|
||||
is->is_hnext = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Because ips_stats.iss_wild is a count of entries in the state
|
||||
|
@ -2706,26 +2709,28 @@ int why;
|
|||
if (!(is->is_flags & SI_CLONED)) {
|
||||
ATOMIC_DECL(ips_stats.iss_wild);
|
||||
}
|
||||
is->is_flags &= ~(SI_WILDP|SI_WILDA);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Next, remove it from the timeout queue it is in.
|
||||
*/
|
||||
tqe = &is->is_sti;
|
||||
ifq = tqe->tqe_ifq;
|
||||
if (tqe->tqe_pnext != NULL) {
|
||||
*tqe->tqe_pnext = tqe->tqe_next;
|
||||
if (tqe->tqe_next != NULL)
|
||||
tqe->tqe_next->tqe_pnext = tqe->tqe_pnext;
|
||||
else /* we must be the tail anyway */
|
||||
ifq->ifq_tail = tqe->tqe_pnext;
|
||||
tqe->tqe_pnext = NULL;
|
||||
tqe->tqe_ifq = NULL;
|
||||
}
|
||||
if (ifq != NULL) {
|
||||
if (tqe->tqe_pnext != NULL) {
|
||||
*tqe->tqe_pnext = tqe->tqe_next;
|
||||
if (tqe->tqe_next != NULL)
|
||||
tqe->tqe_next->tqe_pnext = tqe->tqe_pnext;
|
||||
else /* we must be the tail anyway */
|
||||
ifq->ifq_tail = tqe->tqe_pnext;
|
||||
tqe->tqe_pnext = NULL;
|
||||
tqe->tqe_ifq = NULL;
|
||||
}
|
||||
|
||||
if ((ifq->ifq_flags & IFQF_USER) != 0)
|
||||
fr_deletetimeoutqueue(ifq);
|
||||
if ((ifq->ifq_flags & IFQF_USER) != 0)
|
||||
fr_deletetimeoutqueue(ifq);
|
||||
}
|
||||
|
||||
/*
|
||||
* If it is still in use by something else, do not go any further,
|
||||
|
@ -3671,31 +3676,25 @@ ipstate_t **isp;
|
|||
fin = fin; /* LINT */
|
||||
is = *isp;
|
||||
*isp = NULL;
|
||||
MUTEX_ENTER(&is->is_lock);
|
||||
WRITE_ENTER(&ipf_state);
|
||||
is->is_ref--;
|
||||
if (is->is_ref == 0) {
|
||||
is->is_ref++; /* To counter ref-- in fr_delstate() */
|
||||
MUTEX_EXIT(&is->is_lock);
|
||||
WRITE_ENTER(&ipf_state);
|
||||
fr_delstate(is, ISL_EXPIRE);
|
||||
RWLOCK_EXIT(&ipf_state);
|
||||
#ifndef _KERNEL
|
||||
#if 0
|
||||
} else if (((fin->fin_out == 1) || (eol == 1)) &&
|
||||
((ostate == IPF_TCPS_LAST_ACK) &&
|
||||
(nstate == IPF_TCPS_TIME_WAIT))) {
|
||||
;
|
||||
#else
|
||||
} else if ((is->is_sti.tqe_state[0] > IPF_TCPS_ESTABLISHED) ||
|
||||
(is->is_sti.tqe_state[1] > IPF_TCPS_ESTABLISHED)) {
|
||||
#endif
|
||||
MUTEX_EXIT(&is->is_lock);
|
||||
WRITE_ENTER(&ipf_state);
|
||||
fr_delstate(is, ISL_ORPHAN);
|
||||
RWLOCK_EXIT(&ipf_state);
|
||||
#endif
|
||||
} else {
|
||||
MUTEX_EXIT(&is->is_lock);
|
||||
}
|
||||
RWLOCK_EXIT(&ipf_state);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ipl.h,v 1.2 2005/02/08 07:01:56 martti Exp $ */
|
||||
/* $NetBSD: ipl.h,v 1.3 2005/02/19 21:30:25 martti Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1993-2001, 2003 by Darren Reed.
|
||||
|
@ -6,14 +6,14 @@
|
|||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
* @(#)ipl.h 1.21 6/5/96
|
||||
* Id: ipl.h,v 2.52.2.6 2005/01/08 17:27:10 darrenr Exp
|
||||
* Id: ipl.h,v 2.52.2.7 2005/02/19 01:33:24 darrenr Exp
|
||||
*/
|
||||
|
||||
#ifndef __IPL_H__
|
||||
#define __IPL_H__
|
||||
|
||||
#define IPL_VERSION "IP Filter: v4.1.5"
|
||||
#define IPL_VERSION "IP Filter: v4.1.6"
|
||||
|
||||
#define IPFILTER_VERSION 4010500
|
||||
#define IPFILTER_VERSION 4010600
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue