Resolve conflicts.

2000-05-21 18:45:53 +00:00 · 2000-05-21 18:45:53 +00:00 · 4c4ad1d1a5
commit 4c4ad1d1a5
parent 8fcd61625e
7 changed files with 89 additions and 57 deletions
--- a/sys/netinet/fil.c
+++ b/sys/netinet/fil.c
@ -1,4 +1,4 @@
-/*	$NetBSD: fil.c,v 1.33 2000/05/11 19:46:05 veego Exp $	*/
+/*	$NetBSD: fil.c,v 1.34 2000/05/21 18:45:53 veego Exp $	*/

 /*
 * Copyright (C) 1993-2000 by Darren Reed.
@ -9,10 +9,11 @@
 */
 #if !defined(lint)
 #if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: fil.c,v 1.33 2000/05/11 19:46:05 veego Exp $";
+static const char rcsid[] = "$NetBSD: fil.c,v 1.34 2000/05/21 18:45:53 veego Exp $";
 #else
 static const char sccsid[] = "@(#)fil.c	1.36 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp";
+static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.7 2000/05/11 12:28:18 darrenr Exp";
 #endif
 #endif

@ -306,17 +307,33 @@ fr_info_t *fin;
 	}
 	case IPPROTO_TCP :
 		fi->fi_fl |= FI_TCPUDP;
-		if ((v == 4) && ((!IPMINLEN(ip, tcphdr) && !off) ||
-		     (off && off < sizeof(struct tcphdr))))
-			fi->fi_fl |= FI_SHORT;
+#ifdef	USE_INET6
+		if (v == 6) {
+			if (plen < sizeof(struct tcphdr))
+				fi->fi_fl |= FI_SHORT;
+		} else
+#endif
+		if (v == 4) {
+			if ((!IPMINLEN(ip, tcphdr) && !off) ||
+			     (off && off < sizeof(struct tcphdr)))
+				fi->fi_fl |= FI_SHORT;
+		}
 		if (!(fi->fi_fl & FI_SHORT) && !off)
 			fin->fin_tcpf = tcp->th_flags;
 		goto getports;
 	case IPPROTO_UDP :
 		fi->fi_fl |= FI_TCPUDP;
-		if ((v == 4) && ((!IPMINLEN(ip, udphdr) && !off) ||
-		    (off && off < sizeof(struct udphdr))))
-			fi->fi_fl |= FI_SHORT;
+#ifdef	USE_INET6
+		if (v == 6) {
+			if (plen < sizeof(struct udphdr))
+				fi->fi_fl |= FI_SHORT;
+		} else
+#endif
+		if (v == 4) {
+			if ((!IPMINLEN(ip, udphdr) && !off) ||
+			    (off && off < sizeof(struct udphdr)))
+				fi->fi_fl |= FI_SHORT;
+		}
 getports:
 		if (!off && (fin->fin_dlen > 3)) {
 			fin->fin_data[0] = ntohs(tcp->th_sport);
@ -818,6 +835,7 @@ int out;
 	if ((out) && (v == 4))
 		ip->ip_id = ntohs(ip->ip_id);

+	changed = 0;
 	fin->fin_v = v;
 	fin->fin_ifp = ifp;
 	fin->fin_out = out;
@ -1341,7 +1359,7 @@ nodata:
 * SUCH DAMAGE.
 *
 *	@(#)uipc_mbuf.c	8.2 (Berkeley) 1/4/94
- * Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp
+ * Id: fil.c,v 2.35.2.7 2000/05/11 12:28:18 darrenr Exp
 */
 /*
 * Copy data from an mbuf chain starting "off" bytes from the beginning,
--- a/sys/netinet/ip_fil.c
+++ b/sys/netinet/ip_fil.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_fil.c,v 1.50 2000/05/11 19:46:05 veego Exp $	*/
+/*	$NetBSD: ip_fil.c,v 1.51 2000/05/21 18:45:54 veego Exp $	*/

 /*
 * Copyright (C) 1993-2000 by Darren Reed.
@ -9,10 +9,11 @@
 */
 #if !defined(lint)
 #if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.50 2000/05/11 19:46:05 veego Exp $";
+static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.51 2000/05/21 18:45:54 veego Exp $";
 #else
 static const char sccsid[] = "@(#)ip_fil.c	2.41 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.4 2000/05/09 22:43:31 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.6 2000/05/13 07:46:49 darrenr Exp";
 #endif
 #endif

@ -1015,25 +1016,20 @@ struct ip *oip;
 # ifdef	USE_INET6
 	ip6 = (ip6_t *)ip;
 # endif
+	bzero((char *)ip, sizeof(*tcp2) + hlen)
 	tcp2 = (struct tcphdr *)((char *)ip + hlen);

 	tcp2->th_sport = tcp->th_dport;
 	tcp2->th_dport = tcp->th_sport;
-	tcp2->th_seq = 0;
 	tcp2->th_ack = ntohl(tcp->th_seq);
 	tcp2->th_ack += tlen;
 	tcp2->th_ack = htonl(tcp2->th_ack);
-	tcp2->th_x2 = 0;
 	tcp2->th_off = sizeof(*tcp2) >> 2;
 	tcp2->th_flags = TH_RST|TH_ACK;
-	tcp2->th_win = 0;
-	tcp2->th_sum = 0;
 # ifdef	USE_INET6
 	if (fin->fin_v == 6) {
-		ip6->ip6_flow = 0;
 		ip6->ip6_plen = htons(sizeof(struct tcphdr));
 		ip6->ip6_nxt = IPPROTO_TCP;
-		ip6->ip6_hlim = 0;
 		ip6->ip6_src = oip6->ip6_dst;
 		ip6->ip6_dst = oip6->ip6_src;
 		tcp2->th_sum = in6_cksum(m, IPPROTO_TCP,
@ -1071,6 +1067,7 @@ int len;
 		ip->ip_tos = oip->ip_tos;
 		ip->ip_len = len;
 		ip->ip_id = oip->ip_id;
+		ip->ip_off = 0;
 # if (BSD < 199306) || defined(__sgi)
 		ip->ip_ttl = tcp_ttl;
 # else
@ -1388,7 +1385,10 @@ frdest_t *fdp;
 	 */
 	if (ip->ip_len <= ifp->if_mtu) {
 # if	BSD >= 199306
-		int i = m->m_flags & M_EXT;
+		int i = 0;
+
+		if ((m->m_flags & M_EXT) && MCLISREFERENCED(m))
+			i = 1;
 # endif
 # ifndef __NetBSD__
 		ip->ip_id = htons(ip->ip_id);
--- a/sys/netinet/ip_ftp_pxy.c
+++ b/sys/netinet/ip_ftp_pxy.c
@ -1,10 +1,10 @@
-/*	$NetBSD: ip_ftp_pxy.c,v 1.15 2000/05/11 19:46:06 veego Exp $	*/
+/*	$NetBSD: ip_ftp_pxy.c,v 1.16 2000/05/21 18:45:54 veego Exp $	*/

 /*
 * Simple FTP transparent proxy for in-kernel use.  For use with the NAT
 * code.
 *
- * Id: ip_ftp_pxy.c,v 2.7.2.5 2000/05/09 11:41:46 darrenr Exp
+ * Id: ip_ftp_pxy.c,v 2.7.2.7 2000/05/13 14:28:14 darrenr Exp
 */
 #if SOLARIS && defined(_KERNEL)
 extern	kmutex_t	ipf_rw;
@ -311,21 +311,14 @@ ftpside_t *f;
 int dlen;
 {
 	tcphdr_t *tcp, tcph, *tcp2 = &tcph;
-	char *s;
 	struct in_addr swip, swip2;
 	u_short a5, a6, sp, dp;
 	u_int a1, a2, a3, a4;
-#if 0
-	char newbuf[IPF_FTPBUFSZ];
-	size_t nlen, olen;
-	mb_t *m;
-#if	SOLARIS
-	mb_t *m1;
-#endif
-#endif
 	fr_info_t fi;
 	int inc, off;
 	nat_t *ipn;
+	char *s;
+
 	/*
 	 * Check for PASV reply message.
 	 */
@ -631,7 +624,7 @@ int rv;
 	 * apart from causing packets to go through here ordered).
 	 */
 	if (ntohl(tcp->th_seq) != f->ftps_seq + (wptr - rptr)) {
-		return APR_ERR(-1);
+		return APR_ERR(0);
 	}

 	while (mlen > 0) {
--- a/sys/netinet/ip_nat.c
+++ b/sys/netinet/ip_nat.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_nat.c,v 1.32 2000/05/11 19:46:06 veego Exp $	*/
+/*	$NetBSD: ip_nat.c,v 1.33 2000/05/21 18:45:54 veego Exp $	*/

 /*
 * Copyright (C) 1995-2000 by Darren Reed.
@ -11,10 +11,10 @@
 */
 #if !defined(lint)
 #if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.32 2000/05/11 19:46:06 veego Exp $";
+static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.33 2000/05/21 18:45:54 veego Exp $";
 #else
 static const char sccsid[] = "@(#)ip_nat.c	1.11 6/5/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.4 2000/05/06 12:29:48 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.10 2000/05/19 15:54:44 darrenr Exp";
 #endif
 #endif

@ -234,7 +234,7 @@ ipnat_t *n;
 }


-void nat_delrdr(n)
+static void nat_delrdr(n)
 ipnat_t *n;
 {
 	if (n->in_rnext)
@ -434,11 +434,17 @@ int mode;
 	{
 #ifdef  IPFILTER_LOG
 	case SIOCIPFFB :
+	{
+		int tmp;
+
 		if (!(mode & FWRITE))
 			error = EPERM;
-		else
-			*(int *)data = ipflog_clear(IPL_LOGNAT);
+		else {
+			tmp = ipflog_clear(IPL_LOGNAT);
+			IWCOPY((char *)&tmp, (char *)data, sizeof(tmp));
+		}
 		break;
+	}
 #endif
 	case SIOCADNAT :
 		if (!(mode & FWRITE)) {
@ -1095,8 +1101,10 @@ int direction;

 	/* Give me a new nat */
 	KMALLOC(nat, nat_t *);
-	if (nat == NULL)
+	if (nat == NULL) {
+		nat_stats.ns_memfail++;
 		return NULL;
+	}

 	bzero((char *)nat, sizeof(*nat));
 	nat->nat_flags = flags;
@ -1168,7 +1176,7 @@ int direction;
 					port += MAPBLK_MINPORT;
 					port = htons(port);
 				}
-			} else if (!np->in_nip &&
+			} else if (!np->in_outip &&
 				   (np->in_outmsk == 0xffffffff)) {
 				/*
 				 * 0/32 - use the interface's IP address.
@ -1177,7 +1185,7 @@ int direction;
 				    fr_ifpaddr(4, fin->fin_ifp, &in) == -1)
 					goto badnat;
 				in.s_addr = ntohl(in.s_addr);
-			} else if (!np->in_nip && !np->in_outmsk) {
+			} else if (!np->in_outip && !np->in_outmsk) {
 				/*
 				 * 0/0 - use the original source address/port.
 				 */
@ -1398,6 +1406,7 @@ int direction;
 	np->in_use++;
 	return nat;
 badnat:
+	nat_stats.ns_badnat++;
 	if ((hm = nat->nat_hm) != NULL)
 		nat_hostmapdel(hm);
 	KFREE(nat);
@ -1694,7 +1703,7 @@ natlookup_t *np;
 }


-int nat_match(fin, np, ip)
+static int nat_match(fin, np, ip)
 fr_info_t *fin;
 ipnat_t *np;
 ip_t *ip;
@ -1890,8 +1899,8 @@ maskloop:
 				if (nat->nat_age < fr_defnaticmpage)
 					nat->nat_age = fr_defnaticmpage;
 #ifdef LARGE_NAT
-				else if (nat->nat_age > DEF_NAT_AGE)
-					nat->nat_age = DEF_NAT_AGE;
+				else if (nat->nat_age > fr_defnatage)
+					nat->nat_age = fr_defnatage;
 #endif
 				/*
 				 * Increase this because we may have
@ -1976,7 +1985,8 @@ fr_info_t *fin;

 	READ_ENTER(&ipf_nat);

-	if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND)))
+	if ((ip->ip_p == IPPROTO_ICMP) &&
+	    (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND)))
 		;
 	else if ((ip->ip_off & IP_OFFMASK) &&
 		 (nat = ipfr_nat_knownfrag(ip, fin)))
@ -2089,8 +2099,8 @@ maskloop:
 				if (nat->nat_age < fr_defnaticmpage)
 					nat->nat_age = fr_defnaticmpage;
 #ifdef LARGE_NAT
-				else if (nat->nat_age > DEF_NAT_AGE)
-					nat->nat_age = DEF_NAT_AGE;
+				else if (nat->nat_age > fr_defnatage)
+					nat->nat_age = fr_defnatage;
 #endif
 				/*
 				 * Increase this because we may have
--- a/sys/netinet/ip_nat.h
+++ b/sys/netinet/ip_nat.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_nat.h,v 1.18 2000/05/03 11:12:13 veego Exp $	*/
+/*	$NetBSD: ip_nat.h,v 1.19 2000/05/21 18:45:55 veego Exp $	*/

 /*
 * Copyright (C) 1995-2000 by Darren Reed.
@ -8,7 +8,7 @@
 * to the original author and the contributors.
 *
 * @(#)ip_nat.h	1.5 2/4/96
- * Id: ip_nat.h,v 2.17 2000/03/16 01:38:38 darrenr Exp
+ * Id: ip_nat.h,v 2.17.2.1 2000/05/15 06:50:14 darrenr Exp
 */

 #ifndef _NETINET_IP_NAT_H_
@ -194,6 +194,8 @@ typedef	struct	natstat	{
 	u_long	ns_inuse;
 	u_long	ns_logged;
 	u_long	ns_logfail;
+	u_long	ns_memfail;
+	u_long	ns_badnat;
 	nat_t	**ns_table[2];
 	ipnat_t	*ns_list;
 	void	*ns_apslist;
--- a/sys/netinet/ip_state.c
+++ b/sys/netinet/ip_state.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_state.c,v 1.24 2000/05/03 11:12:14 veego Exp $	*/
+/*	$NetBSD: ip_state.c,v 1.25 2000/05/21 18:45:55 veego Exp $	*/

 /*
 * Copyright (C) 1995-2000 by Darren Reed.
@ -9,10 +9,10 @@
 */
 #if !defined(lint)
 #if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_state.c,v 1.24 2000/05/03 11:12:14 veego Exp $";
+static const char rcsid[] = "$NetBSD: ip_state.c,v 1.25 2000/05/21 18:45:55 veego Exp $";
 #else
 static const char sccsid[] = "@(#)ip_state.c	1.8 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_state.c,v 2.30.2.5 2000/04/28 14:56:52 darrenr Exp";
+static const char rcsid[] = "@(#)Id: ip_state.c,v 2.30.2.8 2000/05/19 15:54:43 darrenr Exp";
 #endif
 #endif

@ -293,8 +293,12 @@ int mode;
 	case SIOCIPFFB :
 		if (!(mode & FWRITE))
 			error = EPERM;
-		else
-			*(int *)data = ipflog_clear(IPL_LOGSTATE);
+		else {
+			int tmp;
+
+			tmp = ipflog_clear(IPL_LOGSTATE);
+			IWCOPY((char *)&tmp, data, sizeof(tmp));
+		}
 		break;
 #endif
 	case SIOCGETFS :
@ -918,7 +922,12 @@ ipstate_t *is;
 icmphdr_t *icmp;
 {
 	if (v == 4) {
-		if ((icmpreplytype4[is->is_type] == icmp->icmp_type) &&
+		/*
+		 * If we matched its type on the way in, then when going out
+		 * it will still be the same type.
+		 */
+		if (((icmp->icmp_type == is->is_type) ||
+		     (icmpreplytype4[is->is_type] == icmp->icmp_type)) &&
 		    (icmp->icmp_id == is->is_icmp.ics_id) &&
 		    (icmp->icmp_seq == is->is_icmp.ics_seq)) {
 			return 1;
@ -937,7 +946,7 @@ icmphdr_t *icmp;
 	return 0;
 }

-frentry_t *fr_checkicmpmatchingstate(ip, fin)
+static frentry_t *fr_checkicmpmatchingstate(ip, fin)
 ip_t *ip;
 fr_info_t *fin;
 {
--- a/sys/netinet/ipl.h
+++ b/sys/netinet/ipl.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipl.h,v 1.5 2000/05/11 19:46:06 veego Exp $	*/
+/*	$NetBSD: ipl.h,v 1.6 2000/05/21 18:45:55 veego Exp $	*/

 /*
 * Copyright (C) 1993-2000 by Darren Reed.
@ -8,12 +8,12 @@
 * to the original author and the contributors.
 *
 * @(#)ipl.h	1.21 6/5/96
- * Id: ipl.h,v 2.15.2.3 2000/05/09 22:44:13 darrenr Exp
+ * Id: ipl.h,v 2.15.2.4 2000/05/19 16:05:38 darrenr Exp
 */

 #ifndef	__IPL_H__
 #define	__IPL_H__

-#define	IPL_VERSION	"IP Filter: v3.4.2"
+#define	IPL_VERSION	"IP Filter: v3.4.3"

 #endif