From 4c4ad1d1a5f75a9f3385bba0543bacd59060273e Mon Sep 17 00:00:00 2001 From: veego Date: Sun, 21 May 2000 18:45:53 +0000 Subject: [PATCH] Resolve conflicts. --- sys/netinet/fil.c | 36 +++++++++++++++++++++++++++--------- sys/netinet/ip_fil.c | 18 +++++++++--------- sys/netinet/ip_ftp_pxy.c | 17 +++++------------ sys/netinet/ip_nat.c | 40 +++++++++++++++++++++++++--------------- sys/netinet/ip_nat.h | 6 ++++-- sys/netinet/ip_state.c | 23 ++++++++++++++++------- sys/netinet/ipl.h | 6 +++--- 7 files changed, 89 insertions(+), 57 deletions(-) diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index f58c040b85db..a8dc48e524d6 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -1,4 +1,4 @@ -/* $NetBSD: fil.c,v 1.33 2000/05/11 19:46:05 veego Exp $ */ +/* $NetBSD: fil.c,v 1.34 2000/05/21 18:45:53 veego Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -9,10 +9,11 @@ */ #if !defined(lint) #if defined(__NetBSD__) -static const char rcsid[] = "$NetBSD: fil.c,v 1.33 2000/05/11 19:46:05 veego Exp $"; +static const char rcsid[] = "$NetBSD: fil.c,v 1.34 2000/05/21 18:45:53 veego Exp $"; #else static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp"; +static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.7 2000/05/11 12:28:18 darrenr Exp"; #endif #endif @@ -306,17 +307,33 @@ fr_info_t *fin; } case IPPROTO_TCP : fi->fi_fl |= FI_TCPUDP; - if ((v == 4) && ((!IPMINLEN(ip, tcphdr) && !off) || - (off && off < sizeof(struct tcphdr)))) - fi->fi_fl |= FI_SHORT; +#ifdef USE_INET6 + if (v == 6) { + if (plen < sizeof(struct tcphdr)) + fi->fi_fl |= FI_SHORT; + } else +#endif + if (v == 4) { + if ((!IPMINLEN(ip, tcphdr) && !off) || + (off && off < sizeof(struct tcphdr))) + fi->fi_fl |= FI_SHORT; + } if (!(fi->fi_fl & FI_SHORT) && !off) fin->fin_tcpf = tcp->th_flags; goto getports; case IPPROTO_UDP : fi->fi_fl |= FI_TCPUDP; - if ((v == 4) && ((!IPMINLEN(ip, udphdr) && !off) || - (off && off < sizeof(struct udphdr)))) - fi->fi_fl |= FI_SHORT; +#ifdef USE_INET6 + if (v == 6) { + if (plen < sizeof(struct udphdr)) + fi->fi_fl |= FI_SHORT; + } else +#endif + if (v == 4) { + if ((!IPMINLEN(ip, udphdr) && !off) || + (off && off < sizeof(struct udphdr))) + fi->fi_fl |= FI_SHORT; + } getports: if (!off && (fin->fin_dlen > 3)) { fin->fin_data[0] = ntohs(tcp->th_sport); @@ -818,6 +835,7 @@ int out; if ((out) && (v == 4)) ip->ip_id = ntohs(ip->ip_id); + changed = 0; fin->fin_v = v; fin->fin_ifp = ifp; fin->fin_out = out; @@ -1341,7 +1359,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp + * Id: fil.c,v 2.35.2.7 2000/05/11 12:28:18 darrenr Exp */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c index ddb6cfee8e5d..3f75c8422ff9 100644 --- a/sys/netinet/ip_fil.c +++ b/sys/netinet/ip_fil.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_fil.c,v 1.50 2000/05/11 19:46:05 veego Exp $ */ +/* $NetBSD: ip_fil.c,v 1.51 2000/05/21 18:45:54 veego Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -9,10 +9,11 @@ */ #if !defined(lint) #if defined(__NetBSD__) -static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.50 2000/05/11 19:46:05 veego Exp $"; +static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.51 2000/05/21 18:45:54 veego Exp $"; #else static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.4 2000/05/09 22:43:31 darrenr Exp"; +static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.6 2000/05/13 07:46:49 darrenr Exp"; #endif #endif @@ -1015,25 +1016,20 @@ struct ip *oip; # ifdef USE_INET6 ip6 = (ip6_t *)ip; # endif + bzero((char *)ip, sizeof(*tcp2) + hlen) tcp2 = (struct tcphdr *)((char *)ip + hlen); tcp2->th_sport = tcp->th_dport; tcp2->th_dport = tcp->th_sport; - tcp2->th_seq = 0; tcp2->th_ack = ntohl(tcp->th_seq); tcp2->th_ack += tlen; tcp2->th_ack = htonl(tcp2->th_ack); - tcp2->th_x2 = 0; tcp2->th_off = sizeof(*tcp2) >> 2; tcp2->th_flags = TH_RST|TH_ACK; - tcp2->th_win = 0; - tcp2->th_sum = 0; # ifdef USE_INET6 if (fin->fin_v == 6) { - ip6->ip6_flow = 0; ip6->ip6_plen = htons(sizeof(struct tcphdr)); ip6->ip6_nxt = IPPROTO_TCP; - ip6->ip6_hlim = 0; ip6->ip6_src = oip6->ip6_dst; ip6->ip6_dst = oip6->ip6_src; tcp2->th_sum = in6_cksum(m, IPPROTO_TCP, @@ -1071,6 +1067,7 @@ int len; ip->ip_tos = oip->ip_tos; ip->ip_len = len; ip->ip_id = oip->ip_id; + ip->ip_off = 0; # if (BSD < 199306) || defined(__sgi) ip->ip_ttl = tcp_ttl; # else @@ -1388,7 +1385,10 @@ frdest_t *fdp; */ if (ip->ip_len <= ifp->if_mtu) { # if BSD >= 199306 - int i = m->m_flags & M_EXT; + int i = 0; + + if ((m->m_flags & M_EXT) && MCLISREFERENCED(m)) + i = 1; # endif # ifndef __NetBSD__ ip->ip_id = htons(ip->ip_id); diff --git a/sys/netinet/ip_ftp_pxy.c b/sys/netinet/ip_ftp_pxy.c index 321d947c65d0..fad967566b7d 100644 --- a/sys/netinet/ip_ftp_pxy.c +++ b/sys/netinet/ip_ftp_pxy.c @@ -1,10 +1,10 @@ -/* $NetBSD: ip_ftp_pxy.c,v 1.15 2000/05/11 19:46:06 veego Exp $ */ +/* $NetBSD: ip_ftp_pxy.c,v 1.16 2000/05/21 18:45:54 veego Exp $ */ /* * Simple FTP transparent proxy for in-kernel use. For use with the NAT * code. * - * Id: ip_ftp_pxy.c,v 2.7.2.5 2000/05/09 11:41:46 darrenr Exp + * Id: ip_ftp_pxy.c,v 2.7.2.7 2000/05/13 14:28:14 darrenr Exp */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; @@ -311,21 +311,14 @@ ftpside_t *f; int dlen; { tcphdr_t *tcp, tcph, *tcp2 = &tcph; - char *s; struct in_addr swip, swip2; u_short a5, a6, sp, dp; u_int a1, a2, a3, a4; -#if 0 - char newbuf[IPF_FTPBUFSZ]; - size_t nlen, olen; - mb_t *m; -#if SOLARIS - mb_t *m1; -#endif -#endif fr_info_t fi; int inc, off; nat_t *ipn; + char *s; + /* * Check for PASV reply message. */ @@ -631,7 +624,7 @@ int rv; * apart from causing packets to go through here ordered). */ if (ntohl(tcp->th_seq) != f->ftps_seq + (wptr - rptr)) { - return APR_ERR(-1); + return APR_ERR(0); } while (mlen > 0) { diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index 0ed9a2f58d29..40f974b45379 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_nat.c,v 1.32 2000/05/11 19:46:06 veego Exp $ */ +/* $NetBSD: ip_nat.c,v 1.33 2000/05/21 18:45:54 veego Exp $ */ /* * Copyright (C) 1995-2000 by Darren Reed. @@ -11,10 +11,10 @@ */ #if !defined(lint) #if defined(__NetBSD__) -static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.32 2000/05/11 19:46:06 veego Exp $"; +static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.33 2000/05/21 18:45:54 veego Exp $"; #else static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.4 2000/05/06 12:29:48 darrenr Exp"; +static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.10 2000/05/19 15:54:44 darrenr Exp"; #endif #endif @@ -234,7 +234,7 @@ ipnat_t *n; } -void nat_delrdr(n) +static void nat_delrdr(n) ipnat_t *n; { if (n->in_rnext) @@ -434,11 +434,17 @@ int mode; { #ifdef IPFILTER_LOG case SIOCIPFFB : + { + int tmp; + if (!(mode & FWRITE)) error = EPERM; - else - *(int *)data = ipflog_clear(IPL_LOGNAT); + else { + tmp = ipflog_clear(IPL_LOGNAT); + IWCOPY((char *)&tmp, (char *)data, sizeof(tmp)); + } break; + } #endif case SIOCADNAT : if (!(mode & FWRITE)) { @@ -1095,8 +1101,10 @@ int direction; /* Give me a new nat */ KMALLOC(nat, nat_t *); - if (nat == NULL) + if (nat == NULL) { + nat_stats.ns_memfail++; return NULL; + } bzero((char *)nat, sizeof(*nat)); nat->nat_flags = flags; @@ -1168,7 +1176,7 @@ int direction; port += MAPBLK_MINPORT; port = htons(port); } - } else if (!np->in_nip && + } else if (!np->in_outip && (np->in_outmsk == 0xffffffff)) { /* * 0/32 - use the interface's IP address. @@ -1177,7 +1185,7 @@ int direction; fr_ifpaddr(4, fin->fin_ifp, &in) == -1) goto badnat; in.s_addr = ntohl(in.s_addr); - } else if (!np->in_nip && !np->in_outmsk) { + } else if (!np->in_outip && !np->in_outmsk) { /* * 0/0 - use the original source address/port. */ @@ -1398,6 +1406,7 @@ int direction; np->in_use++; return nat; badnat: + nat_stats.ns_badnat++; if ((hm = nat->nat_hm) != NULL) nat_hostmapdel(hm); KFREE(nat); @@ -1694,7 +1703,7 @@ natlookup_t *np; } -int nat_match(fin, np, ip) +static int nat_match(fin, np, ip) fr_info_t *fin; ipnat_t *np; ip_t *ip; @@ -1890,8 +1899,8 @@ maskloop: if (nat->nat_age < fr_defnaticmpage) nat->nat_age = fr_defnaticmpage; #ifdef LARGE_NAT - else if (nat->nat_age > DEF_NAT_AGE) - nat->nat_age = DEF_NAT_AGE; + else if (nat->nat_age > fr_defnatage) + nat->nat_age = fr_defnatage; #endif /* * Increase this because we may have @@ -1976,7 +1985,8 @@ fr_info_t *fin; READ_ENTER(&ipf_nat); - if ((ip->ip_p == IPPROTO_ICMP) && (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND))) + if ((ip->ip_p == IPPROTO_ICMP) && + (nat = nat_icmp(ip, fin, &nflags, NAT_INBOUND))) ; else if ((ip->ip_off & IP_OFFMASK) && (nat = ipfr_nat_knownfrag(ip, fin))) @@ -2089,8 +2099,8 @@ maskloop: if (nat->nat_age < fr_defnaticmpage) nat->nat_age = fr_defnaticmpage; #ifdef LARGE_NAT - else if (nat->nat_age > DEF_NAT_AGE) - nat->nat_age = DEF_NAT_AGE; + else if (nat->nat_age > fr_defnatage) + nat->nat_age = fr_defnatage; #endif /* * Increase this because we may have diff --git a/sys/netinet/ip_nat.h b/sys/netinet/ip_nat.h index 583dfef2f8c9..d222c684fd9b 100644 --- a/sys/netinet/ip_nat.h +++ b/sys/netinet/ip_nat.h @@ -1,4 +1,4 @@ -/* $NetBSD: ip_nat.h,v 1.18 2000/05/03 11:12:13 veego Exp $ */ +/* $NetBSD: ip_nat.h,v 1.19 2000/05/21 18:45:55 veego Exp $ */ /* * Copyright (C) 1995-2000 by Darren Reed. @@ -8,7 +8,7 @@ * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 - * Id: ip_nat.h,v 2.17 2000/03/16 01:38:38 darrenr Exp + * Id: ip_nat.h,v 2.17.2.1 2000/05/15 06:50:14 darrenr Exp */ #ifndef _NETINET_IP_NAT_H_ @@ -194,6 +194,8 @@ typedef struct natstat { u_long ns_inuse; u_long ns_logged; u_long ns_logfail; + u_long ns_memfail; + u_long ns_badnat; nat_t **ns_table[2]; ipnat_t *ns_list; void *ns_apslist; diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c index edf13e2b68a6..6e7b5a6217fd 100644 --- a/sys/netinet/ip_state.c +++ b/sys/netinet/ip_state.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_state.c,v 1.24 2000/05/03 11:12:14 veego Exp $ */ +/* $NetBSD: ip_state.c,v 1.25 2000/05/21 18:45:55 veego Exp $ */ /* * Copyright (C) 1995-2000 by Darren Reed. @@ -9,10 +9,10 @@ */ #if !defined(lint) #if defined(__NetBSD__) -static const char rcsid[] = "$NetBSD: ip_state.c,v 1.24 2000/05/03 11:12:14 veego Exp $"; +static const char rcsid[] = "$NetBSD: ip_state.c,v 1.25 2000/05/21 18:45:55 veego Exp $"; #else static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ip_state.c,v 2.30.2.5 2000/04/28 14:56:52 darrenr Exp"; +static const char rcsid[] = "@(#)Id: ip_state.c,v 2.30.2.8 2000/05/19 15:54:43 darrenr Exp"; #endif #endif @@ -293,8 +293,12 @@ int mode; case SIOCIPFFB : if (!(mode & FWRITE)) error = EPERM; - else - *(int *)data = ipflog_clear(IPL_LOGSTATE); + else { + int tmp; + + tmp = ipflog_clear(IPL_LOGSTATE); + IWCOPY((char *)&tmp, data, sizeof(tmp)); + } break; #endif case SIOCGETFS : @@ -918,7 +922,12 @@ ipstate_t *is; icmphdr_t *icmp; { if (v == 4) { - if ((icmpreplytype4[is->is_type] == icmp->icmp_type) && + /* + * If we matched its type on the way in, then when going out + * it will still be the same type. + */ + if (((icmp->icmp_type == is->is_type) || + (icmpreplytype4[is->is_type] == icmp->icmp_type)) && (icmp->icmp_id == is->is_icmp.ics_id) && (icmp->icmp_seq == is->is_icmp.ics_seq)) { return 1; @@ -937,7 +946,7 @@ icmphdr_t *icmp; return 0; } -frentry_t *fr_checkicmpmatchingstate(ip, fin) +static frentry_t *fr_checkicmpmatchingstate(ip, fin) ip_t *ip; fr_info_t *fin; { diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h index 305f52a8a506..de98c060b279 100644 --- a/sys/netinet/ipl.h +++ b/sys/netinet/ipl.h @@ -1,4 +1,4 @@ -/* $NetBSD: ipl.h,v 1.5 2000/05/11 19:46:06 veego Exp $ */ +/* $NetBSD: ipl.h,v 1.6 2000/05/21 18:45:55 veego Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -8,12 +8,12 @@ * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 - * Id: ipl.h,v 2.15.2.3 2000/05/09 22:44:13 darrenr Exp + * Id: ipl.h,v 2.15.2.4 2000/05/19 16:05:38 darrenr Exp */ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.4.2" +#define IPL_VERSION "IP Filter: v3.4.3" #endif