diff options
author | guido <guido@FreeBSD.org> | 2005-12-30 11:34:54 +0000 |
---|---|---|
committer | guido <guido@FreeBSD.org> | 2005-12-30 11:34:54 +0000 |
commit | 9749beb9e35afd40d054e5592764d50ed069a890 (patch) | |
tree | 92e5e7f4a485051a94f584190e946730b901c425 /contrib/ipfilter/tools | |
parent | b8892e0b0c21a7cf39b7b7abaaa0f1a85028288f (diff) | |
download | FreeBSD-src-9749beb9e35afd40d054e5592764d50ed069a890.zip FreeBSD-src-9749beb9e35afd40d054e5592764d50ed069a890.tar.gz |
Import IP Filter 4.1.10
Diffstat (limited to 'contrib/ipfilter/tools')
-rw-r--r-- | contrib/ipfilter/tools/ipf.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipf_y.y | 36 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfcomp.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfs.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipfstat.c | 19 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipftest.c | 70 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipmon.c | 15 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipmon_y.y | 2 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipnat.c | 6 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipnat_y.y | 17 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ippool.c | 2 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ippool_y.y | 2 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipscan_y.y | 2 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipsyncm.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/ipsyncs.c | 4 | ||||
-rw-r--r-- | contrib/ipfilter/tools/lex_var.h | 2 | ||||
-rw-r--r-- | contrib/ipfilter/tools/lexer.c | 2 | ||||
-rw-r--r-- | contrib/ipfilter/tools/lexer.h | 2 |
18 files changed, 105 insertions, 92 deletions
diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index ea39780..2454124 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -21,7 +19,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index 0660d50..a65a2e2 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -1,11 +1,10 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include <sys/ioctl.h> #include <syslog.h> #ifdef IPFILTER_BPF -# include <pcap-bpf.h> +# include "pcap-bpf.h" +# define _NET_BPF_H_ # include <pcap.h> #endif #include "netinet/ip_pool.h" @@ -58,7 +57,7 @@ static struct wordtab icmpcodewords[17]; static struct wordtab icmptypewords[16]; static struct wordtab ipv4optwords[25]; static struct wordtab ipv4secwords[9]; -static struct wordtab ipv6optwords[8]; +static struct wordtab ipv6optwords[9]; static struct wordtab logwords[33]; %} @@ -135,6 +134,7 @@ static struct wordtab logwords[33]; %token IPF6_V6HDRS IPFY_IPV6OPT IPFY_IPV6OPT_DSTOPTS IPFY_IPV6OPT_HOPOPTS %token IPFY_IPV6OPT_IPV6 IPFY_IPV6OPT_NONE IPFY_IPV6OPT_ROUTING +%token IPFY_IPV6OPT_MOBILITY IPFY_IPV6OPT_ESP IPFY_IPV6OPT_FRAG %token IPFY_ICMPT_UNR IPFY_ICMPT_ECHO IPFY_ICMPT_ECHOR IPFY_ICMPT_SQUENCH %token IPFY_ICMPT_REDIR IPFY_ICMPT_TIMEX IPFY_ICMPT_PARAMP IPFY_ICMPT_TIMEST @@ -1025,7 +1025,7 @@ codelist: icmpcode { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) } | codelist lmore icmpcode - { DOREM(fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } + { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } ; age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ @@ -1085,6 +1085,7 @@ stateopt: | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) } | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) } + age; ; portnum: @@ -1101,15 +1102,14 @@ portnum: ; withlist: - withopt - | withlist withopt - | withlist ',' withopt + withopt { nowith = 0; } + | withlist withopt { nowith = 0; } + | withlist ',' withopt { nowith = 0; } ; withopt: opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) } - | notwith opttype - { DOALL(fr->fr_mflx |= $2;) } + | notwith opttype { DOALL(fr->fr_mflx |= $2;) } | ipopt ipopts { yyresetdict(); } | notwith ipopt ipopts { yyresetdict(); } | startv6hdrs ipv6hdrs { yyresetdict(); } @@ -1267,12 +1267,13 @@ setsecclass: ipv6hdr: IPFY_AH { $$ = getv6optbyvalue(IPPROTO_AH); } | IPFY_IPV6OPT_DSTOPTS { $$ = getv6optbyvalue(IPPROTO_DSTOPTS); } - | IPFY_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } + | IPFY_IPV6OPT_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } | IPFY_IPV6OPT_HOPOPTS { $$ = getv6optbyvalue(IPPROTO_HOPOPTS); } | IPFY_IPV6OPT_IPV6 { $$ = getv6optbyvalue(IPPROTO_IPV6); } | IPFY_IPV6OPT_NONE { $$ = getv6optbyvalue(IPPROTO_NONE); } | IPFY_IPV6OPT_ROUTING { $$ = getv6optbyvalue(IPPROTO_ROUTING); } - | IPFY_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_MOBILITY { $$ = getv6optbyvalue(IPPROTO_MOBILITY); } ; level: IPFY_LEVEL { setsyslog(); } @@ -1434,6 +1435,7 @@ static struct wordtab ipfwords[95] = { { "mask", IPFY_MASK }, { "match-tag", IPFY_MATCHTAG }, { "mbcast", IPFY_MBCAST }, + { "mcast", IPFY_MULTICAST }, { "multicast", IPFY_MULTICAST }, { "nat", IPFY_NAT }, { "ne", YY_CMP_NE }, @@ -1573,12 +1575,13 @@ static struct wordtab ipv4secwords[9] = { { NULL, 0 }, }; -static struct wordtab ipv6optwords[8] = { +static struct wordtab ipv6optwords[9] = { { "dstopts", IPFY_IPV6OPT_DSTOPTS }, - { "esp", IPFY_ESP }, - { "frag", IPFY_FRAG }, + { "esp", IPFY_IPV6OPT_ESP }, + { "frag", IPFY_IPV6OPT_FRAG }, { "hopopts", IPFY_IPV6OPT_HOPOPTS }, { "ipv6", IPFY_IPV6OPT_IPV6 }, + { "mobility", IPFY_IPV6OPT_MOBILITY }, { "none", IPFY_IPV6OPT_NONE }, { "routing", IPFY_IPV6OPT_ROUTING }, { NULL, 0 }, @@ -1825,8 +1828,7 @@ char *phrase; fr->fr_v = v; fr->fr_type = FR_T_BPFOPC; - if (!strncmp(phrase, "\"0x", 2)) { - phrase++; + if (!strncmp(phrase, "0x", 2)) { fb = malloc(sizeof(fakebpf_t)); for (i = 0, s = strtok(phrase, " \r\n\t"); s != NULL; diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index 262e909..f09bfd3 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c index 49e7e52..767dffb 100644 --- a/contrib/ipfilter/tools/ipfs.c +++ b/contrib/ipfilter/tools/ipfs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001, 2003 by Darren Reed. * @@ -41,7 +39,7 @@ #include <arpa/nameser.h> #include <resolv.h> #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #if !defined(lint) static const char rcsid[] = "@(#)Id: ipfs.c,v 1.12 2003/12/01 01:56:53 darrenr Exp"; diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index fbd6c35..fb0c433 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -70,7 +68,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.11 2005/03/30 14:09:57 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.13 2005/10/17 17:26:32 darrenr Exp $"; #endif #ifdef __hpux @@ -1008,10 +1006,11 @@ int topclosed; { char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE]; int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT; - int i, j, winy, tsentry, maxx, maxy, redraw = 0; + int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0; int len, srclen, dstlen, forward = 1, c = 0; ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; + const char *errstr = ""; ipstate_t ips; ipfobj_t ipfo; struct timeval selecttimeout; @@ -1051,8 +1050,9 @@ int topclosed; /* get state table */ bzero((char *)&ipsst, sizeof(ipsst)); if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { - perror("ioctl(SIOCGETFS)"); - exit(-1); + errstr = "ioctl(SIOCGETFS)"; + ret = -1; + goto out; } /* clear the history */ @@ -1416,12 +1416,15 @@ int topclosed; } } /* while */ +out: printw("\n"); curs_set(1); - nocbreak(); + /* nocbreak(); XXX - endwin() should make this redundant */ endwin(); free(tstable); + if (ret != 0) + perror(errstr); } #endif @@ -1612,7 +1615,9 @@ static char *getip(v, addr) int v; i6addr_t *addr; { +#ifdef USE_INET6 static char hostbuf[MAXHOSTNAMELEN+1]; +#endif if (v == 4) return inet_ntoa(addr->in4); diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index fbc91e5..913f756 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipftest.c,v 1.44.2.3 2005/02/01 02:41:24 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.7 2005/12/07 08:29:19 darrenr Exp $"; #endif extern char *optarg; @@ -22,13 +20,15 @@ extern struct ifnet *get_unit __P((char *, int)); extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; +extern hostmap_t **maptable; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; -ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw; +ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int opts = OPT_DONOTHING; int use_inet6 = 0; +int docksum = 0; int pfil_delayed_copy = 0; int main __P((int, char *[])); int loadrules __P((char *, int)); @@ -77,6 +77,7 @@ char *argv[]; { char *datain, *iface, *ifname, *logout; int fd, i, dir, c, loaded, dump, hlen; + struct in_addr sip; struct ifnet *ifp; struct ipread *r; mb_t mb, *m; @@ -90,21 +91,23 @@ char *argv[]; r = &iptext; iface = NULL; logout = NULL; - ifname = "anon0"; datain = NULL; + sip.s_addr = 0; + ifname = "anon0"; MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock"); RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex"); RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); initparse(); if (fr_initialise() == -1) abort(); fr_running = 1; - while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) + while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1) switch (c) { case '6' : @@ -121,6 +124,9 @@ char *argv[]; case 'd' : opts |= OPT_DEBUG; break; + case 'C' : + docksum = 1; + break; case 'D' : dump = 1; break; @@ -147,21 +153,6 @@ char *argv[]; case 'l' : logout = optarg; break; - case 'o' : - opts |= OPT_SAVEOUT; - break; - case 'r' : - if (ipf_parsefile(-1, ipf_addrule, iocfunctions, - optarg) == -1) - return -1; - loaded = 1; - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; case 'N' : if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, optarg) == -1) @@ -169,14 +160,32 @@ char *argv[]; loaded = 1; opts |= OPT_NAT; break; + case 'o' : + opts |= OPT_SAVEOUT; + break; case 'P' : if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) return -1; loaded = 1; break; + case 'r' : + if (ipf_parsefile(-1, ipf_addrule, iocfunctions, + optarg) == -1) + return -1; + loaded = 1; + break; + case 'S' : + sip.s_addr = inet_addr(optarg); + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; case 'T' : ipf_dotuning(-1, optarg, ipftestioctl); break; + case 'v' : + opts |= OPT_VERBOSE; + break; case 'x' : opts |= OPT_HEX; break; @@ -207,9 +216,11 @@ char *argv[]; if (!use_inet6) { ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - if (r->r_flags & R_DO_CKSUM) + if ((r->r_flags & R_DO_CKSUM) || docksum) fixv4sums(m, ip); hlen = IP_HL(ip) << 2; + if (sip.s_addr) + dir = !(sip.s_addr == ip->ip_src.s_addr); } #ifdef USE_INET6 else @@ -283,6 +294,9 @@ char *argv[]; } m = &mb; } + + if (i != 0) + fprintf(stderr, "readip failed: %d\n", i); (*r->r_close)(); if (logout != NULL) { @@ -617,6 +631,8 @@ void dumpnat() { ipnat_t *ipn; nat_t *nat; + hostmap_t *hm; + int i; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) @@ -627,6 +643,12 @@ void dumpnat() if (nat->nat_aps) printaps(nat->nat_aps, opts); } + + printf("\nHostmap table:\n"); + for (i = 0; i < ipf_hostmap_sz; i++) { + for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) + printhostmap(hm, i); + } } @@ -764,6 +786,10 @@ ip_t *ip; hdr = csump; csump += offsetof(udphdr_t, uh_sum); break; + case IPPROTO_ICMP : + hdr = csump; + csump += offsetof(icmphdr_t, icmp_cksum); + break; default : csump = NULL; hdr = NULL; diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index a91eee4..1ef3351 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -78,7 +76,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.8 2004/12/09 19:41:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $"; #endif @@ -420,6 +418,14 @@ static void init_tabs() p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); +#if defined(_AIX51) + if (protocols[0]) + free(protocols[0]); + if (protocols[252]) + free(protocols[252]); + protocols[0] = "ip"; + protocols[252] = NULL; +#endif } if (udp_ports != NULL) { @@ -1024,7 +1030,8 @@ int blen; (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); t += strlen(t); #endif -#ifdef __sgi +#if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \ + defined(__arm__) if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0')) #else if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0')) diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y index 8b30028..4eba00c 100644 --- a/contrib/ipfilter/tools/ipmon_y.y +++ b/contrib/ipfilter/tools/ipmon_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include <syslog.h> diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index fc17cea..d17d668 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -51,7 +49,7 @@ # include <nlist.h> #endif #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include "kmem.h" #ifdef __hpux @@ -67,7 +65,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipnat.c,v 1.24.2.1 2004/04/28 17:56:22 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index d3f18c6..ddd4311 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version @@ -160,8 +158,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -188,8 +184,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -306,6 +300,11 @@ rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } dip: hostname { nat->in_inip = $1.s_addr; nat->in_inmsk = 0xffffffff; } + | hostname '/' YY_NUMBER { if ($3 != 0 || $1.s_addr != 0) + yyerror("Only 0/0 supported"); + nat->in_inip = 0; + nat->in_inmsk = 0; + } | hostname ',' hostname { nat->in_flags |= IPN_SPLIT; nat->in_inip = $1.s_addr; nat->in_inmsk = $3.s_addr; } @@ -454,11 +453,11 @@ addr: IPNY_ANY { $$.a.s_addr = 0; $$.m.s_addr = 0; } $$.a.s_addr &= $$.m.s_addr; } | hostname '/' ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } | hostname IPNY_MASK ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } ; @@ -471,7 +470,7 @@ nummask: portstuff: compare portspec { $$.pc = $1; $$.p1 = $2; } - | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; } + | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } ; mapoptions: diff --git a/contrib/ipfilter/tools/ippool.c b/contrib/ipfilter/tools/ippool.c index 7122c94..31b5bfd 100644 --- a/contrib/ipfilter/tools/ippool.c +++ b/contrib/ipfilter/tools/ippool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/ippool_y.y b/contrib/ipfilter/tools/ippool_y.y index 357745d..a508268 100644 --- a/contrib/ipfilter/tools/ippool_y.y +++ b/contrib/ipfilter/tools/ippool_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include <sys/types.h> #include <sys/time.h> diff --git a/contrib/ipfilter/tools/ipscan_y.y b/contrib/ipfilter/tools/ipscan_y.y index 64cbb6d..c3446ff 100644 --- a/contrib/ipfilter/tools/ipscan_y.y +++ b/contrib/ipfilter/tools/ipscan_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include <sys/types.h> #include <sys/ioctl.h> diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index 20cc25e..8a87974 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/time.h> diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index a189a9b..29c63af 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp $"; #endif #include <sys/types.h> #include <sys/time.h> diff --git a/contrib/ipfilter/tools/lex_var.h b/contrib/ipfilter/tools/lex_var.h index 33fba25..0a0bd4b 100644 --- a/contrib/ipfilter/tools/lex_var.h +++ b/contrib/ipfilter/tools/lex_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - extern long string_start; extern long string_end; diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index f6fccfb..66de8fc 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/lexer.h b/contrib/ipfilter/tools/lexer.h index 4950aa8..a296cb0 100644 --- a/contrib/ipfilter/tools/lexer.h +++ b/contrib/ipfilter/tools/lexer.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - typedef struct wordtab { char *w_word; |