Import IPFilter 4.1.28

7 files changed, 52 insertions, 35 deletions

diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile
index b0d5052..a838063 100644
--- a/contrib/ipfilter/lib/Makefile
+++ b/contrib/ipfilter/lib/Makefile
@@ -3,7 +3,7 @@
 # 
 # See the IPFILTER.LICENCE file for details on licencing.  
 #   
-# $Id: Makefile,v 1.41.2.13 2007/05/10 06:02:19 darrenr Exp $ 
+# $Id: Makefile,v 1.41.2.14 2007/09/21 08:30:43 darrenr Exp $ 
 #     
 INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h
 
@@ -135,8 +135,6 @@ $(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP)
 	$(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@
 $(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP)
 	$(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@
-$(DEST)/getline.o: $(LIBSRC)/getline.c $(INCDEP)
-	$(CC) $(CCARGS) -c $(LIBSRC)/getline.c -o $@
 $(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP)
 	$(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@
 $(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP)
@@ -218,10 +216,6 @@ $(DEST)/optvalue.o: $(LIBSRC)/optvalue.c $(INCDEP)
 	$(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@
 $(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP)
 	$(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@
-$(DEST)/portnum.o: $(LIBSRC)/portnum.c $(INCDEP)
-	$(CC) $(CCARGS) -c $(LIBSRC)/portnum.c -o $@
-$(DEST)/ports.o: $(LIBSRC)/ports.c $(INCDEP)
-	$(CC) $(CCARGS) -c $(LIBSRC)/ports.c -o $@
 $(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP)
 	$(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@
 $(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP)
diff --git a/contrib/ipfilter/lib/alist_new.c b/contrib/ipfilter/lib/alist_new.c
index 72da866..50a4275 100644
--- a/contrib/ipfilter/lib/alist_new.c
+++ b/contrib/ipfilter/lib/alist_new.c
@@ -3,7 +3,7 @@
  *
  * See the IPFILTER.LICENCE file for details on licencing.
  *
- * $Id: alist_new.c,v 1.1.2.2 2006/08/25 22:43:21 darrenr Exp $
+ * $Id: alist_new.c,v 1.1.2.3 2007/06/06 08:05:33 darrenr Exp $
  */
 
 #include "ipf.h"
@@ -53,12 +53,14 @@ alist_new(int v, char *host)
 	}
 
 	if (gethost(host, &al->al_addr) == -1) {
-		*slash = '/';
+		if (slash != NULL)
+			*slash = '/';
 		fprintf(stderr, "Cannot parse hostname\n");
 		free(al);
 		return NULL;
 	}
 	al->al_mask = htonl(mask);
-	*slash = '/';
+	if (slash != NULL)
+		*slash = '/';
 	return al;
 }
diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c
index 302f177..5dc65b4 100644
--- a/contrib/ipfilter/lib/ipft_tx.c
+++ b/contrib/ipfilter/lib/ipft_tx.c
@@ -3,11 +3,11 @@
  *
  * See the IPFILTER.LICENCE file for details on licencing.
  *
- * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $
+ * $Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipft_tx.c	1.7 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $";
 #endif
 
 #include <ctype.h>
@@ -257,19 +257,30 @@ int	*out;
 	}
 	ip->ip_dst.s_addr = tx_hostnum(*cpp, &r);
 	cpp++;
-	if (*cpp && ip->ip_p == IPPROTO_TCP) {
-		char	*s, *t;
-
-		tcp->th_flags = 0;
-		for (s = *cpp; *s; s++)
-			if ((t  = strchr(myflagset, *s)))
-				tcp->th_flags |= myflags[t - myflagset];
-		if (tcp->th_flags)
-			cpp++;
-		if (tcp->th_flags == 0)
-			abort();
+	if (ip->ip_p == IPPROTO_TCP) {
+		if (*cpp != NULL) {
+			char	*s, *t;
+
+			tcp->th_flags = 0;
+			for (s = *cpp; *s; s++)
+				if ((t  = strchr(myflagset, *s)))
+					tcp->th_flags |= myflags[t-myflagset];
+			if (tcp->th_flags)
+				cpp++;
+		}
+
 		if (tcp->th_flags & TH_URG)
 			tcp->th_urp = htons(1);
+
+		if (*cpp && !strncasecmp(*cpp, "seq=", 4)) {
+			tcp->th_seq = htonl(atoi(*cpp + 4));
+			cpp++;
+		}
+
+		if (*cpp && !strncasecmp(*cpp, "ack=", 4)) {
+			tcp->th_ack = htonl(atoi(*cpp + 4));
+			cpp++;
+		}
 	} else if (*cpp && ip->ip_p == IPPROTO_ICMP) {
 		extern	char	*tx_icmptypes[];
 		char	**s, *t;
diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c
index da375d9..37666a2 100644
--- a/contrib/ipfilter/lib/printnat.c
+++ b/contrib/ipfilter/lib/printnat.c
@@ -11,7 +11,7 @@
 
 
 #if !defined(lint)
-static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.13 2006/12/09 10:37:47 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.14 2007/09/06 16:40:11 darrenr Exp $";
 #endif
 
 /*
@@ -134,6 +134,8 @@ int opts;
 		if (opts & OPT_DEBUG)
 			printf("\tpmax %u\n", np->in_pmax);
 	} else {
+		int protoprinted = 0;
+
 		if (!(np->in_flags & IPN_FILTER)) {
 			printf("%s/", inet_ntoa(np->in_in[0].in4));
 			bits = count4bits(np->in_inmsk);
@@ -170,6 +172,7 @@ int opts;
 			printf(" %.*s/", (int)sizeof(np->in_plabel),
 				np->in_plabel);
 			printproto(pr, np->in_p, NULL);
+			protoprinted = 1;
 		} else if (np->in_redir == NAT_MAPBLK) {
 			if ((np->in_pmin == 0) &&
 			    (np->in_flags & IPN_AUTOPORTMAP))
@@ -185,6 +188,7 @@ int opts;
 				printf(" portmap ");
 			}
 			printproto(pr, np->in_p, np);
+			protoprinted = 1;
 			if (np->in_flags & IPN_AUTOPORTMAP) {
 				printf(" auto");
 				if (opts & OPT_DEBUG)
@@ -196,9 +200,6 @@ int opts;
 				printf(" %d:%d", ntohs(np->in_pmin),
 				       ntohs(np->in_pmax));
 			}
-		} else if (np->in_flags & IPN_TCPUDP || np->in_p) {
-			putchar(' ');
-			printproto(pr, np->in_p, np);
 		}
 
 		if (np->in_flags & IPN_FRAG)
@@ -210,6 +211,10 @@ int opts;
 			printf(" mssclamp %d", np->in_mssclamp);
 		if (np->in_tag.ipt_tag[0] != '\0')
 			printf(" tag %s", np->in_tag.ipt_tag);
+		if (!protoprinted && (np->in_flags & IPN_TCPUDP || np->in_p)) {
+			putchar(' ');
+			printproto(pr, np->in_p, np);
+		}
 		printf("\n");
 		if (opts & OPT_DEBUG) {
 			struct in_addr nip;
diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c
index 142028a..6ee3679 100644
--- a/contrib/ipfilter/lib/printpacket.c
+++ b/contrib/ipfilter/lib/printpacket.c
@@ -3,7 +3,7 @@
  *
  * See the IPFILTER.LICENCE file for details on licencing.
  *
- * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $
+ * $Id: printpacket.c,v 1.12.4.5 2007/09/09 22:15:30 darrenr Exp $
  */
 
 #include "ipf.h"
@@ -54,7 +54,7 @@ struct ip *ip;
 	printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len),
 	       IP_HL(ip) << 2, ip->ip_p);
 	if (off & IP_OFFMASK)
-		printf(" @%d", off << 3);
+		printf(" @%d", (off & IP_OFFMASK) << 3);
 	printf(" %s", inet_ntoa(ip->ip_src));
 	if (!(off & IP_OFFMASK))
 		if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP)
diff --git a/contrib/ipfilter/lib/printpool_live.c b/contrib/ipfilter/lib/printpool_live.c
index 0588cfb..e228a39 100644
--- a/contrib/ipfilter/lib/printpool_live.c
+++ b/contrib/ipfilter/lib/printpool_live.c
@@ -52,11 +52,12 @@ int opts;
 	while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) {
 		if (entry.ipn_next == NULL)
 			last = 1;
-		entry.ipn_next = top;
-		top = malloc(sizeof(*top));
-		if (top == NULL)
+		node = malloc(sizeof(*top));
+		if (node == NULL)
 			break;
-		bcopy(&entry, top, sizeof(entry));
+		bcopy(&entry, node, sizeof(entry));
+		node->ipn_next = top;
+		top = node;
 	}
 
 	while (top != NULL) {
@@ -74,5 +75,9 @@ int opts;
 
 	if ((opts & OPT_DEBUG) == 0)
 		PRINTF(" };\n");
+
+	if (ioctl(fd, SIOCIPFDELTOK, &iter.ili_key) != 0)
+		perror("SIOCIPFDELTOK");
+
 	return pool->ipo_next;
 }
diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c
index c1c1442..fcf42d6 100644
--- a/contrib/ipfilter/lib/printstate.c
+++ b/contrib/ipfilter/lib/printstate.c
@@ -33,8 +33,8 @@ u_long now;
 			sp->is_send, sp->is_dend,
 			sp->is_maxswin, sp->is_swinscale,
 			sp->is_maxdwin, sp->is_dwinscale);
-		PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n",
-			sp->is_smsk[0], sp->is_smsk[1], sp->is_isc,
+		PRINTF("\tcmsk %04x smsk %04x s0 %08x/%08x\n",
+			sp->is_smsk[0], sp->is_smsk[1],
 			sp->is_s0[0], sp->is_s0[1]);
 		PRINTF("\tFWD:ISN inc %x sumd %x\n",
 			sp->is_isninc[0], sp->is_sumd[0]);