import ip-filter 3.2.1

1997-11-14 08:03:01 +00:00 · 1997-11-14 08:03:01 +00:00 · 61cbfaca09
commit 61cbfaca09
parent 77f5bb0a92
20 changed files with 56 additions and 76 deletions
--- a/sys/netinet/ip_auth.h
+++ b/sys/netinet/ip_auth.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ip_auth.h,v 1.1.1.3 1997/10/30 05:31:16 mrg Exp $	*/
+/*	$NetBSD: ip_auth.h,v 1.1.1.4 1997/11/14 08:05:35 mrg Exp $	*/

 /*
 * Copyright (C) 1997 by Darren Reed & Guido Van Rooij.
--- a/usr.sbin/ipf/ipf/ipf.h
+++ b/usr.sbin/ipf/ipf/ipf.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipf.h,v 1.1.1.7 1997/10/30 05:27:27 mrg Exp $	*/
+/*	$NetBSD: ipf.h,v 1.1.1.8 1997/11/14 08:03:02 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
--- a/usr.sbin/ipf/ipf/opt.c
+++ b/usr.sbin/ipf/ipf/opt.c
@ -1,4 +1,4 @@
-/*	$NetBSD: opt.c,v 1.1.1.7 1997/10/30 05:27:24 mrg Exp $	*/
+/*	$NetBSD: opt.c,v 1.1.1.8 1997/11/14 08:03:01 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
@ -20,20 +20,16 @@
 #include <netinet/ip_var.h>
 #endif
 #include <netinet/tcp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <net/if.h>
 #include <arpa/inet.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
+#include <netinet/ip_fil.h>
 #include "ipf.h"
-#ifdef	linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
 static const char sccsid[] = "@(#)opt.c	1.8 4/10/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: opt.c,v 2.0.2.9 1997/09/28 07:12:08 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: opt.c,v 2.0.2.9.2.1 1997/11/12 10:58:44 darrenr Exp ";
 #endif

 extern	int	opts;
--- a/usr.sbin/ipf/ipfstat/kmem.c
+++ b/usr.sbin/ipf/ipfstat/kmem.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kmem.c,v 1.1.1.7 1997/10/30 05:27:38 mrg Exp $	*/
+/*	$NetBSD: kmem.c,v 1.1.1.8 1997/11/14 08:03:08 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
--- a/usr.sbin/ipf/ipfstat/kmem.h
+++ b/usr.sbin/ipf/ipfstat/kmem.h
@ -1,4 +1,4 @@
-/*	$NetBSD: kmem.h,v 1.1.1.7 1997/10/30 05:27:41 mrg Exp $	*/
+/*	$NetBSD: kmem.h,v 1.1.1.8 1997/11/14 08:03:10 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
--- a/usr.sbin/ipf/ipftest/ipft_ef.c
+++ b/usr.sbin/ipf/ipftest/ipft_ef.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipft_ef.c,v 1.1.1.7 1997/10/30 05:27:56 mrg Exp $	*/
+/*	$NetBSD: ipft_ef.c,v 1.1.1.8 1997/11/14 08:03:19 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
@ -44,21 +44,16 @@ etherfind -n -t
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 #include <netinet/ip_icmp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <net/if.h>
 #include <netdb.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
-#ifdef linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_ef.c	1.6 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_ef.c,v 2.0.2.7 1997/09/28 07:11:50 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ipft_ef.c,v 2.0.2.7.2.1 1997/11/12 10:56:06 darrenr Exp ";
 #endif

 static	int	etherf_open __P((char *));
--- a/usr.sbin/ipf/ipftest/ipft_hx.c
+++ b/usr.sbin/ipf/ipftest/ipft_hx.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipft_hx.c,v 1.1.1.7 1997/10/30 05:28:09 mrg Exp $	*/
+/*	$NetBSD: ipft_hx.c,v 1.1.1.8 1997/11/14 08:03:26 mrg Exp $	*/

 /*
 * Copyright (C) 1995-1997 by Darren Reed.
@ -33,23 +33,18 @@
 #include <netinet/udp.h>
 #include <netinet/tcp.h>
 #include <netinet/ip_icmp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <net/if.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
-#ifdef	linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_hx.c	1.1 3/9/96 (C) 1996 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_hx.c,v 2.0.2.8 1997/10/19 15:39:23 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ipft_hx.c,v 2.0.2.8.2.1 1997/11/12 10:56:07 darrenr Exp ";
 #endif

 extern	int	opts;
@ -97,10 +92,10 @@ char	*buf, **ifn;
 int	cnt, *dir;
 {
 	register char *s, *t, *u;
-	struct	ip *ip;
 	char	line[513];
+	ip_t	*ip;

- 	ip = (struct ip *)buf;
+ 	ip = (ip_t *)buf;
 	while (fgets(line, sizeof(line)-1, tfp)) {
 		if ((s = index(line, '\n'))) {
 			if (s == line)
@ -143,7 +138,7 @@ int	cnt, *dir;
 			}
 		} else
 			s = line;
-		ip = (struct ip *)readhex(s, (char *)ip);
+		ip = (ip_t *)readhex(s, (char *)ip);
 	}
 	return -1;
 }
--- a/usr.sbin/ipf/ipftest/ipft_pc.c
+++ b/usr.sbin/ipf/ipftest/ipft_pc.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipft_pc.c,v 1.1.1.7 1997/10/30 05:28:01 mrg Exp $	*/
+/*	$NetBSD: ipft_pc.c,v 1.1.1.8 1997/11/14 08:03:22 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
@ -27,20 +27,15 @@
 #endif
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <net/if.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
 #include "pcap.h"
-#ifdef	linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
-static const char rcsid[] = "@(#)Id: ipft_pc.c,v 2.0.2.6 1997/09/28 07:11:52 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ipft_pc.c,v 2.0.2.6.2.1 1997/11/12 10:56:08 darrenr Exp ";
 #endif

 struct	llc	{
--- a/usr.sbin/ipf/ipftest/ipft_sn.c
+++ b/usr.sbin/ipf/ipftest/ipft_sn.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipft_sn.c,v 1.1.1.7 1997/10/30 05:27:54 mrg Exp $	*/
+/*	$NetBSD: ipft_sn.c,v 1.1.1.8 1997/11/14 08:03:17 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
@ -31,20 +31,15 @@
 #endif
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <net/if.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
 #include "snoop.h"
-#ifdef	linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
-static const char rcsid[] = "@(#)Id: ipft_sn.c,v 2.0.2.6 1997/09/28 07:11:53 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ipft_sn.c,v 2.0.2.6.2.1 1997/11/12 10:56:09 darrenr Exp ";
 #endif

 struct	llc	{
--- a/usr.sbin/ipf/ipftest/ipft_td.c
+++ b/usr.sbin/ipf/ipftest/ipft_td.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipft_td.c,v 1.1.1.7 1997/10/30 05:27:59 mrg Exp $	*/
+/*	$NetBSD: ipft_td.c,v 1.1.1.8 1997/11/14 08:03:20 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
@ -53,21 +53,16 @@ tcpdump -nqte
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 #include <netinet/ip_icmp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <net/if.h>
 #include <netdb.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
-#ifdef	linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_td.c	1.8 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_td.c,v 2.0.2.6 1997/09/28 07:11:54 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ipft_td.c,v 2.0.2.6.2.1 1997/11/12 10:56:10 darrenr Exp ";
 #endif

 static	int	tcpd_open __P((char *));
--- a/usr.sbin/ipf/ipftest/ipft_tx.c
+++ b/usr.sbin/ipf/ipftest/ipft_tx.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipft_tx.c,v 1.1.1.7 1997/10/30 05:28:04 mrg Exp $	*/
+/*	$NetBSD: ipft_tx.c,v 1.1.1.8 1997/11/14 08:03:23 mrg Exp $	*/

 /*
 * Copyright (C) 1995-1997 by Darren Reed.
@ -33,24 +33,19 @@
 #include <netinet/udp.h>
 #include <netinet/tcp.h>
 #include <netinet/ip_icmp.h>
-#ifndef	linux
-#include <netinet/tcpip.h>
-#endif
 #include <arpa/inet.h>
 #include <net/if.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include "ipf.h"
 #include "ipt.h"
-#ifdef	linux
-#include "tcpip.h"
-#endif

 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_tx.c	1.7 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)Id: ipft_tx.c,v 2.0.2.11 1997/10/19 15:39:24 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: ipft_tx.c,v 2.0.2.11.2.1 1997/11/12 10:56:11 darrenr Exp ";
 #endif

 extern	int	opts;
--- a/usr.sbin/ipf/ipftest/ipt.h
+++ b/usr.sbin/ipf/ipftest/ipt.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ipt.h,v 1.1.1.7 1997/10/30 05:28:12 mrg Exp $	*/
+/*	$NetBSD: ipt.h,v 1.1.1.8 1997/11/14 08:03:28 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
--- a/usr.sbin/ipf/ipftest/misc.c
+++ b/usr.sbin/ipf/ipftest/misc.c
@ -1,4 +1,4 @@
-/*	$NetBSD: misc.c,v 1.1.1.7 1997/10/30 05:28:07 mrg Exp $	*/
+/*	$NetBSD: misc.c,v 1.1.1.8 1997/11/14 08:03:25 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
@ -26,31 +26,33 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netinet/in_systm.h>
+#ifndef	linux
 #include <netinet/ip_var.h>
+#endif
 #include <netinet/ip.h>
 #include <netinet/udp.h>
 #include <netinet/tcp.h>
 #include <netinet/ip_icmp.h>
-#include <netinet/tcpip.h>
 #include <net/if.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
 #include <netinet/ip_compat.h>
+#include <netinet/tcpip.h>
 #include <netinet/ip_fil.h>
 #include "ipf.h"
 #include "ipt.h"

 #if !defined(lint)
 static const char sccsid[] = "@(#)misc.c	1.3 2/4/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)Id: misc.c,v 2.0.2.8 1997/10/19 15:39:28 darrenr Exp ";
+static const char rcsid[] = "@(#)Id: misc.c,v 2.0.2.8.2.1 1997/11/12 10:58:26 darrenr Exp ";
 #endif

 extern	int	opts;


 void	printpacket(ip)
-struct	ip	*ip;
+ip_t	*ip;
 {
 	struct	tcphdr	*tcp;

--- a/usr.sbin/ipf/ipftest/pcap.h
+++ b/usr.sbin/ipf/ipftest/pcap.h
@ -1,4 +1,4 @@
-/*	$NetBSD: pcap.h,v 1.1.1.4 1997/10/30 05:28:18 mrg Exp $	*/
+/*	$NetBSD: pcap.h,v 1.1.1.5 1997/11/14 08:03:31 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
--- a/usr.sbin/ipf/ipftest/snoop.h
+++ b/usr.sbin/ipf/ipftest/snoop.h
@ -1,4 +1,4 @@
-/*	$NetBSD: snoop.h,v 1.1.1.7 1997/10/30 05:28:16 mrg Exp $	*/
+/*	$NetBSD: snoop.h,v 1.1.1.8 1997/11/14 08:03:29 mrg Exp $	*/

 /*
 * Copyright (C) 1993-1997 by Darren Reed.
--- a/usr.sbin/ipf/ipresend/ipresend.c
+++ b/usr.sbin/ipf/ipresend/ipresend.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ipresend.c,v 1.1.1.4 1997/10/30 05:29:39 mrg Exp $	*/
+/*	$NetBSD: ipresend.c,v 1.1.1.5 1997/11/14 08:04:23 mrg Exp $	*/

 /*
 * ipresend.c (C) 1995-1997 Darren Reed
--- a/usr.sbin/ipf/ipsend/iplang.h
+++ b/usr.sbin/ipf/ipsend/iplang.h
@ -1,4 +1,4 @@
-/*	$NetBSD: iplang.h,v 1.1.1.2 1997/10/30 05:30:27 mrg Exp $	*/
+/*	$NetBSD: iplang.h,v 1.1.1.3 1997/11/14 08:04:47 mrg Exp $	*/

 /*
 * Copyright (C) 1997 by Darren Reed.
--- a/usr.sbin/ipf/ipsend/tcpip.h
+++ b/usr.sbin/ipf/ipsend/tcpip.h
@ -1,4 +1,4 @@
-/*	$NetBSD: tcpip.h,v 1.1.1.2 1997/10/30 05:30:07 mrg Exp $	*/
+/*	$NetBSD: tcpip.h,v 1.1.1.3 1997/11/14 08:04:39 mrg Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1993
@ -33,12 +33,24 @@
 * SUCH DAMAGE.
 *
 *	@(#)tcpip.h	8.1 (Berkeley) 6/10/93
- * Id: tcpip.h,v 2.0.2.3 1997/09/17 10:55:58 darrenr Exp 
+ * Id: tcpip.h,v 2.0.2.3.2.1 1997/11/12 11:01:12 darrenr Exp 
 */

 #ifndef _NETINET_TCPIP_H_
 #define _NETINET_TCPIP_H_

+# if defined(linux) && !defined(LINUX_IPOVLY)
+#  define LINUX_IPOVLY
+struct ipovly {
+	caddr_t	ih_next, ih_prev;	/* for protocol sequence q's */
+	u_char	ih_x1;			/* (unused) */
+	u_char	ih_pr;			/* protocol */
+	short	ih_len;			/* protocol length */
+	struct	in_addr ih_src;		/* source internet address */
+	struct	in_addr ih_dst;		/* destination internet address */
+};
+# endif
+
 /*
 * Tcp+ip header, after ip options removed.
 */
--- a/usr.sbin/ipf/rules/BASIC_1.FW
+++ b/usr.sbin/ipf/rules/BASIC_1.FW
@ -48,7 +48,7 @@ pass out quick on lo0 all
 #
 block in log quick from 10.0.0.0/8 to any group 100
 block in log quick from 192.168.0.0/16 to any group 100
-block in log quick from 172.0.0.0/16 to any group 100
+block in log quick from 172.16.0.0/16 to any group 100
 #
 # Prevent IP spoofing.
 #
--- a/usr.sbin/ipf/rules/BASIC_2.FW
+++ b/usr.sbin/ipf/rules/BASIC_2.FW
@ -33,7 +33,7 @@ block out log on ed0 all head 250
 #
 block in log quick from 10.0.0.0/8 to any group 100
 block in log quick from 192.168.0.0/16 to any group 100
-block in log quick from 172.0.0.0/16 to any group 100
+block in log quick from 172.16.0.0/16 to any group 100
 #
 # Prevent IP spoofing.
 #