Pullup IPFilter 4.1.28 from the vendor branch into HEAD.

MFC after: 7 days
author: darrenr <darrenr@FreeBSD.org> 2007-10-18 21:52:14 +0000
committer: darrenr <darrenr@FreeBSD.org> 2007-10-18 21:52:14 +0000
commit: fd172ed3272b523c5499832d7098b6766bac7e4f (patch)
tree: 7eb0ed562f560c2289c5b113e742797727d126db /contrib/ipfilter/tools
parent: 6f755e940898e80d77f95031600e671c36e0a7a6 (diff)
download: FreeBSD-src-fd172ed3272b523c5499832d7098b6766bac7e4f.zip
FreeBSD-src-fd172ed3272b523c5499832d7098b6766bac7e4f.tar.gz
6 files changed, 161 insertions, 25 deletions
diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y
index e8789e0..2ce4291 100644
--- a/contrib/ipfilter/tools/ipf_y.y
+++ b/contrib/ipfilter/tools/ipf_y.y
@@ -772,8 +772,20 @@ fromport:
 
 srcportlist:
 	portnum		{ DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $1;) }
+	| portnum ':' portnum	
+			{ DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $1; \
+				fr->fr_stop = $3;) }
+	| portnum YY_RANGE_IN portnum	
+			{ DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $1; \
+				fr->fr_stop = $3;) }
 	| srcportlist lmore portnum
 			{ DOREM(fr->fr_scmp = FR_EQUAL; fr->fr_sport = $3;) }
+	| srcportlist lmore portnum ':' portnum
+			{ DOREM(fr->fr_scmp = FR_INCRANGE; fr->fr_sport = $3; \
+				fr->fr_stop = $5;) }
+	| srcportlist lmore portnum YY_RANGE_IN portnum
+			{ DOREM(fr->fr_scmp = FR_INRANGE; fr->fr_sport = $3; \
+				fr->fr_stop = $5;) }
 	;
 
 dstobject:
@@ -838,8 +850,20 @@ toport:
 
 dstportlist:
 	portnum		{ DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $1;) }
+	| portnum ':' portnum	
+			{ DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $1; \
+				fr->fr_dtop = $3;) }
+	| portnum YY_RANGE_IN portnum	
+			{ DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $1; \
+				fr->fr_dtop = $3;) }
 	| dstportlist lmore portnum
 			{ DOREM(fr->fr_dcmp = FR_EQUAL; fr->fr_dport = $3;) }
+	| dstportlist lmore portnum ':' portnum
+			{ DOREM(fr->fr_dcmp = FR_INCRANGE; fr->fr_dport = $3; \
+				fr->fr_dtop = $5;) }
+	| dstportlist lmore portnum YY_RANGE_IN portnum
+			{ DOREM(fr->fr_dcmp = FR_INRANGE; fr->fr_dport = $3; \
+				fr->fr_dtop = $5;) }
 	;
 
 addr:	pool '/' YY_NUMBER		{ pooled = 1;
diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c
index 481282a..3c5bfdd 100644
--- a/contrib/ipfilter/tools/ipfstat.c
+++ b/contrib/ipfilter/tools/ipfstat.c
@@ -71,7 +71,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)fils.c	1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.23 2007/05/31 13:13:02 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.25 2007/06/30 09:48:50 darrenr Exp $";
 #endif
 
 #ifdef __hpux
@@ -1120,7 +1120,7 @@ ips_stat_t *ipsp;
 		PRINTF("\t%u%% hash efficiency\n", ipsp->iss_active ?
 			(u_int)(ipsp->iss_inuse * 100 / ipsp->iss_active) : 0);
 
-		minlen = ipsp->iss_max;
+		minlen = ipsp->iss_inuse;
 		totallen = 0;
 		maxlen = 0;
 
@@ -1128,7 +1128,7 @@ ips_stat_t *ipsp;
 			if (buckets[i] > maxlen)
 				maxlen = buckets[i];
 			if (buckets[i] < minlen)
-					minlen = buckets[i];
+				minlen = buckets[i];
 			totallen += buckets[i];
 		}
 
diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c
index f651f86..ceaed82 100644
--- a/contrib/ipfilter/tools/ipmon.c
+++ b/contrib/ipfilter/tools/ipmon.c
@@ -78,7 +78,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipmon.c	1.21 6/5/96 (C)1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.18 2007/05/27 11:12:12 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.20 2007/09/20 12:51:56 darrenr Exp $";
 #endif
 
 
@@ -752,6 +752,8 @@ int	blen;
 		strcpy(t, "NAT:MAPBLOCK ");
 	else if (nl->nl_type == NL_CLONE)
 		strcpy(t, "NAT:CLONE ");
+	else if (nl->nl_type == NL_DESTROY)
+		strcpy(t, "NAT:DESTROY ");
 	else
 		sprintf(t, "Type: %d ", nl->nl_type);
 	t += strlen(t);
@@ -764,8 +766,9 @@ int	blen;
 	(void) sprintf(t, "%s,%s ", HOSTNAME_V4(res, nl->nl_outip),
 		portname(res, proto, (u_int)nl->nl_outport));
 	t += strlen(t);
-	(void) sprintf(t, "[%s,%s]", HOSTNAME_V4(res, nl->nl_origip),
-		portname(res, proto, (u_int)nl->nl_origport));
+	(void) sprintf(t, "[%s,%s PR %s]", HOSTNAME_V4(res, nl->nl_origip),
+		portname(res, proto, (u_int)nl->nl_origport),
+		getproto(nl->nl_p));
 	t += strlen(t);
 	if (nl->nl_type == NL_EXPIRE) {
 #ifdef	USE_QUAD_T
@@ -1002,7 +1005,10 @@ int	blen;
 	ipflog_t *ipf;
 	iplog_t	*ipl;
 #ifdef	USE_INET6
+	struct ip6_ext *ehp;
+	u_short ehl;
 	ip6_t *ip6;
+	int go;
 #endif
 
 	ipl = (iplog_t *)buf;
@@ -1111,6 +1117,29 @@ int	blen;
 		s = (u_32_t *)&ip6->ip6_src;
 		d = (u_32_t *)&ip6->ip6_dst;
 		plen = hl + ntohs(ip6->ip6_plen);
+		go = 1;
+		ehp = (struct ip6_ext *)((char *)ip6 + hl);
+		while (go == 1) {
+			switch (p)
+			{
+			case IPPROTO_HOPOPTS :
+			case IPPROTO_MOBILITY :
+			case IPPROTO_DSTOPTS :
+			case IPPROTO_ROUTING :
+			case IPPROTO_AH :
+				p = ehp->ip6e_nxt;
+				ehl = 8 + (ehp->ip6e_len << 3);
+				hl += ehl;
+				ehp = (struct ip6_ext *)((char *)ehp + ehl);
+				break;
+			case IPPROTO_FRAGMENT :
+				hl += sizeof(struct ip6_frag);
+				/* FALLTHROUGH */
+			default :
+				go = 0;
+				break;
+			}
+		}
 #else
 		sprintf(t, "ipv6");
 		goto printipflog;
diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c
index c9954ab..28e29ec 100644
--- a/contrib/ipfilter/tools/ipnat.c
+++ b/contrib/ipfilter/tools/ipnat.c
@@ -67,7 +67,7 @@ extern	char	*sys_errlist[];
 
 #if !defined(lint)
 static const char sccsid[] ="@(#)ipnat.c	1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.6 2007/05/11 11:16:55 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.11 2007/09/25 08:27:34 darrenr Exp $";
 #endif
 
 
@@ -80,6 +80,7 @@ char	thishost[MAXHOSTNAMELEN];
 extern	char	*optarg;
 
 void	dostats __P((int, natstat_t *, int, int));
+void	dotable __P((natstat_t *, int, int));
 void	flushtable __P((int, int));
 void	usage __P((char *));
 int	main __P((int, char*[]));
@@ -359,9 +360,10 @@ int fd, opts, alive;
 			nsp->ns_added, nsp->ns_expire);
 		printf("no memory\t%lu\tbad nat\t%lu\n",
 			nsp->ns_memfail, nsp->ns_badnat);
-		printf("inuse\t%lu\nrules\t%lu\n",
-			nsp->ns_inuse, nsp->ns_rules);
+		printf("inuse\t%lu\norphans\t%u\nrules\t%lu\n",
+			nsp->ns_inuse, nsp->ns_orphans, nsp->ns_rules);
 		printf("wilds\t%u\n", nsp->ns_wilds);
+		dotable(nsp, fd, alive);
 		if (opts & OPT_VERBOSE)
 			printf("table %p list %p\n",
 				nsp->ns_table, nsp->ns_list);
@@ -378,6 +380,63 @@ int fd, opts, alive;
 }
 
 
+void dotable(nsp, fd, alive)
+natstat_t *nsp;
+int fd, alive;
+{
+	int sz, i, used, totallen, maxlen, minlen;
+	ipftable_t table;
+	u_long *buckets;
+	ipfobj_t obj;
+
+	sz = sizeof(*buckets) * nsp->ns_nattab_sz;
+	buckets = (u_long *)malloc(sz);
+
+	obj.ipfo_rev = IPFILTER_VERSION;
+	obj.ipfo_type = IPFOBJ_GTABLE;
+	obj.ipfo_size = sizeof(table);
+	obj.ipfo_ptr = &table;
+
+	table.ita_type = IPFTABLE_BUCKETS_NATIN;
+	table.ita_table = buckets;
+
+	if (alive) {
+		if (ioctl(fd, SIOCGTABL, &obj) != 0) {
+			free(buckets);
+			return;
+		}
+	} else {
+		if (kmemcpy((char *)buckets, (u_long)nsp->ns_nattab_sz, sz)) {
+			free(buckets);
+			return;
+		}
+	}
+
+	totallen = 0;
+	maxlen = 0;
+	minlen = nsp->ns_inuse;
+	used = 0;
+
+	for (i = 0; i < nsp->ns_nattab_sz; i++) {
+		if (buckets[i] > maxlen)
+			maxlen = buckets[i];
+		if (buckets[i] < minlen)
+			minlen = buckets[i];
+		if (buckets[i] != 0)
+			used++;
+		totallen += buckets[i];
+	}
+
+	printf("hash efficiency\t%2.2f%%\n",
+	       totallen ? ((float)used / totallen) * 100.0 : 0.0);
+	printf("bucket usage\t%2.2f%%\n",
+		((float)used / nsp->ns_nattab_sz) * 100.0);
+	printf("minimal length\t%d\n", minlen);
+	printf("maximal length\t%d\n", maxlen);
+	printf("average length\t%.3f\n", used ? (float)totallen / used : 0.0);
+}
+
+
 /*
  * Display NAT statistics.
  */
diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y
index 1857219..cce717d 100644
--- a/contrib/ipfilter/tools/ipnat_y.y
+++ b/contrib/ipfilter/tools/ipnat_y.y
@@ -611,6 +611,7 @@ compare:
 range:
 	YY_RANGE_OUT			{ $$ = FR_OUTRANGE; }
 	| YY_RANGE_IN			{ $$ = FR_INRANGE; }
+	| ':'				{ $$ = FR_INCRANGE; }
 	;
 
 ipv4:	YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER '.' YY_NUMBER
diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c
index 2969f86..989643c 100644
--- a/contrib/ipfilter/tools/lexer.c
+++ b/contrib/ipfilter/tools/lexer.c
@@ -38,6 +38,7 @@ extern int	yydebug;
 
 char		*yystr = NULL;
 int		yytext[YYBUFSIZ+1];
+char		yychars[YYBUFSIZ+1];
 int		yylineNum = 1;
 int		yypos = 0;
 int		yylast = -1;
@@ -51,13 +52,15 @@ wordtab_t	*yysavewords[30];
 
 
 static	wordtab_t	*yyfindkey __P((char *));
-static	int		yygetc __P((void));
+static	int		yygetc __P((int));
 static	void		yyunputc __P((int));
 static	int		yyswallow __P((int));
 static	char		*yytexttostr __P((int, int));
 static	void		yystrtotext __P((char *));
+static	char		*yytexttochar __P((void));
 
-static int yygetc()
+static int yygetc(docont)
+int docont;
 {
 	int c;
 
@@ -76,6 +79,13 @@ static int yygetc()
 		yypos++;
 	} else {
 		c = fgetc(yyin);
+		if (docont && (c == '\\')) {
+			c = fgetc(yyin);
+			if (c == '\n') {
+				yylineNum++;
+				c = fgetc(yyin);
+			}
+		}
 	}
 	if (c == '\n')
 		yylineNum++;
@@ -101,7 +111,7 @@ int last;
 {
 	int c;
 
-	while (((c = yygetc()) > '\0') && (c != last))
+	while (((c = yygetc(0)) > '\0') && (c != last))
 		;
 
 	if (c != EOF)
@@ -112,6 +122,17 @@ int last;
 }
 
 
+static char *yytexttochar()
+{
+	int i;
+
+	for (i = 0; i < yypos; i++)
+		yychars[i] = (char)(yytext[i] & 0xff);
+	yychars[i] = '\0';
+	return yychars;
+}
+
+
 static void yystrtotext(str)
 char *str;
 {
@@ -167,7 +188,9 @@ int yylex()
 	}
 
 nextchar:
-	c = yygetc();
+	c = yygetc(0);
+	if (yydebug > 1)
+		printf("yygetc = (%x) %c [%*.*s]\n", c, c, yypos, yypos, yytexttochar());
 
 	switch (c)
 	{
@@ -230,20 +253,20 @@ nextchar:
 			yyunputc(c);
 			goto done;
 		}
-		n = yygetc();
+		n = yygetc(0);
 		if (n == '{') {
 			if (yyswallow('}') == -1) {
 				rval = -2;
 				goto done;
 			}
-			(void) yygetc();
+			(void) yygetc(0);
 		} else {
 			if (!ISALPHA(n)) {
 				yyunputc(n);
 				break;
 			}
 			do {
-				n = yygetc();
+				n = yygetc(1);
 			} while (ISALPHA(n) || ISDIGIT(n) || n == '_');
 			yyunputc(n);
 		}
@@ -275,7 +298,7 @@ nextchar:
 			goto done;
 		}
 		do {
-			n = yygetc();
+			n = yygetc(1);
 			if (n == EOF || n == TOOLONG) {
 				rval = -2;
 				goto done;
@@ -325,7 +348,7 @@ nextchar:
 			break;
 		if (isbuilding == 1)
 			break;
-		n = yygetc();
+		n = yygetc(0);
 		if (n == '>') {
 			isbuilding = 1;
 			goto done;
@@ -339,7 +362,7 @@ nextchar:
 			yyunputc(c);
 			goto done;
 		}
-		n = yygetc();
+		n = yygetc(0);
 		if (n == '=') {
 			rval = YY_CMP_NE;
 			goto done;
@@ -355,7 +378,7 @@ nextchar:
 			yyunputc(c);
 			goto done;
 		}
-		n = yygetc();
+		n = yygetc(0);
 		if (n == '=') {
 			rval = YY_CMP_LE;
 			goto done;
@@ -375,7 +398,7 @@ nextchar:
 			yyunputc(c);
 			goto done;
 		}
-		n = yygetc();
+		n = yygetc(0);
 		if (n == '=') {
 			rval = YY_CMP_GE;
 			goto done;
@@ -412,7 +435,7 @@ nextchar:
 		 */
 		do {
 			*s++ = c;
-			c = yygetc();
+			c = yygetc(1);
 		} while ((ishex(c) || c == ':' || c == '.') &&
 			 (s - ipv6buf < 46));
 		yyunputc(c);
@@ -438,10 +461,10 @@ nextchar:
 	}
 
 	if (isbuilding == 0 && c == '0') {
-		n = yygetc();
+		n = yygetc(0);
 		if (n == 'x') {
 			do {
-				n = yygetc();
+				n = yygetc(1);
 			} while (ishex(n));
 			yyunputc(n);
 			rval = YY_HEX;
@@ -455,7 +478,7 @@ nextchar:
 	 */
 	if (isbuilding == 0 && ISDIGIT(c)) {
 		do {
-			n = yygetc();
+			n = yygetc(1);
 		} while (ISDIGIT(n));
 		yyunputc(n);
 		rval = YY_NUMBER;
author	darrenr <darrenr@FreeBSD.org>	2007-10-18 21:52:14 +0000
committer	darrenr <darrenr@FreeBSD.org>	2007-10-18 21:52:14 +0000
commit	fd172ed3272b523c5499832d7098b6766bac7e4f (patch)
tree	7eb0ed562f560c2289c5b113e742797727d126db /contrib/ipfilter/tools
parent	6f755e940898e80d77f95031600e671c36e0a7a6 (diff)
download	FreeBSD-src-fd172ed3272b523c5499832d7098b6766bac7e4f.zip FreeBSD-src-fd172ed3272b523c5499832d7098b6766bac7e4f.tar.gz