fix conflicts

5 files changed, 41 insertions, 26 deletions

diff --git a/contrib/ipfilter/fil.c b/contrib/ipfilter/fil.c
index d6568cc..43a03e1 100644
--- a/contrib/ipfilter/fil.c
+++ b/contrib/ipfilter/fil.c
@@ -10,14 +10,6 @@ static const char sccsid[] = "@(#)fil.c	1.36 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)$FreeBSD$";
 #endif
 
-#if defined(_KERNEL) && defined(__FreeBSD_version) && \
-    (__FreeBSD_version >= 400019) 
-# define CSUM_DELAY_DATA
-#endif 
-#if defined(_KERNEL) && defined(__FreeBSD_version) && \ 
-    (__FreeBSD_version >= 400000) && !defined(KLD_MODULE)
-#include "opt_inet6.h"
-#endif
 #include <sys/errno.h>
 #include <sys/types.h>
 #include <sys/param.h>
@@ -29,6 +21,14 @@ static const char rcsid[] = "@(#)$FreeBSD$";
 #endif
 #if (defined(KERNEL) || defined(_KERNEL)) && defined(__FreeBSD_version) && \
     (__FreeBSD_version >= 220000)
+# if (__FreeBSD_version >= 400000)
+#  ifndef KLD_MODULE
+#   include "opt_inet6.h"
+#  endif
+#  if (__FreeBSD_version == 400019)
+#   define CSUM_DELAY_DATA
+#  endif
+# endif
 # include <sys/filio.h>
 # include <sys/fcntl.h>
 #else
@@ -119,10 +119,8 @@ extern	kmutex_t	ipf_rw;
 # if SOLARIS
 #  define	FR_NEWAUTH(m, fi, ip, qif)	fr_newauth((mb_t *)m, fi, \
 							   ip, qif)
-#  define	SEND_RESET(ip, qif, if, fin)	send_reset(fin, ip, qif)
 # else /* SOLARIS */
 #  define	FR_NEWAUTH(m, fi, ip, qif)	fr_newauth((mb_t *)m, fi, ip)
-#  define	SEND_RESET(ip, qif, if, fin)	send_reset(fin, ip)
 # endif /* SOLARIS || __sgi */
 #endif /* _KERNEL */
 
@@ -663,8 +661,11 @@ void *m;
 		 * Just log this packet...
 		 */
 		passt = fr->fr_flags;
-		if ((passt & FR_CALLNOW) && fr->fr_func)
-			passt = (*fr->fr_func)(passt, ip, fin);
+#if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL))
+		if (securelevel <= 0)
+#endif
+			if ((passt & FR_CALLNOW) && fr->fr_func)
+				passt = (*fr->fr_func)(passt, ip, fin);
 		fin->fin_fr = fr;
 #ifdef  IPFILTER_LOG
 		if ((passt & FR_LOGMASK) == FR_LOG) {
@@ -969,8 +970,11 @@ int out;
 			pass &= ~(FR_LOGFIRST|FR_LOG);
 	}
 
-	if (fr && fr->fr_func && !(pass & FR_CALLNOW))
-		pass = (*fr->fr_func)(pass, ip, fin);
+#if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL))
+	if (securelevel <= 0)
+#endif
+		if (fr && fr->fr_func && !(pass & FR_CALLNOW))
+			pass = (*fr->fr_func)(pass, ip, fin);
 
 	/*
 	 * Only count/translate packets which will be passed on, out the
@@ -979,10 +983,10 @@ int out;
 	if (out && (pass & FR_PASS)) {
 #ifdef	USE_INET6
 		if (v == 6)
-			list = ipacct6[0][fr_active];
+			list = ipacct6[1][fr_active];
 		else
 #endif
-			list = ipacct[0][fr_active];
+			list = ipacct[1][fr_active];
 		if ((fin->fin_fr = list) &&
 		    (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT)) {
 			ATOMIC_INCL(frstats[1].fr_acct);
@@ -1127,11 +1131,11 @@ logit:
 
 		if (((pass & FR_FASTROUTE) && !out) ||
 		    (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) {
-			if (ipfr_fastroute(qif, ip, m, mp, fin, fdp) == 0)
+			if (ipfr_fastroute(ip, m, mp, fin, fdp) == 0)
 				m = *mp = NULL;
 		}
 		if (mc)
-			ipfr_fastroute(qif, ip, mc, mp, fin, &fr->fr_dif);
+			ipfr_fastroute(ip, mc, mp, fin, &fr->fr_dif);
 	}
 # endif /* !SOLARIS */
 	return (pass & FR_PASS) ? 0 : error;
@@ -1363,7 +1367,7 @@ nodata:
  * SUCH DAMAGE.
  *
  *	@(#)uipc_mbuf.c	8.2 (Berkeley) 1/4/94
- * $Id: fil.c,v 2.35.2.8 2000/05/22 10:26:09 darrenr Exp $
+ * $Id: fil.c,v 2.35.2.18 2000/07/19 13:13:40 darrenr Exp $
  */
 /*
  * Copy data from an mbuf chain starting "off" bytes from the beginning,
@@ -1811,6 +1815,7 @@ void frsync()
 		ip_natsync(ifp);
 		ip_statesync(ifp);
 	}
+	ip_natsync((struct ifnet *)-1);
 # endif
 
 	WRITE_ENTER(&ipf_mutex);
diff --git a/contrib/ipfilter/ip_fil.h b/contrib/ipfilter/ip_fil.h
index ec8ad7f..487fe90 100644
--- a/contrib/ipfilter/ip_fil.h
+++ b/contrib/ipfilter/ip_fil.h
@@ -519,8 +519,8 @@ extern	int	iplioctl __P((dev_t, int, int *, int, cred_t *, int *));
 extern	int	iplopen __P((dev_t *, int, int, cred_t *));
 extern	int	iplclose __P((dev_t, int, int, cred_t *));
 extern	int	ipfsync __P((void));
-extern	int	ipfr_fastroute __P((qif_t *, ip_t *, mblk_t *, mblk_t **,
-				   fr_info_t *, frdest_t *));
+extern	int	ipfr_fastroute __P((ip_t *, mblk_t *, mblk_t **,
+				    fr_info_t *, frdest_t *));
 extern	void	copyin_mblk __P((mblk_t *, size_t, size_t, char *));
 extern	void	copyout_mblk __P((mblk_t *, size_t, size_t, char *));
 extern	int	fr_qin __P((queue_t *, mblk_t *));
diff --git a/contrib/ipfilter/ip_log.c b/contrib/ipfilter/ip_log.c
index 7d6f0b1..aaaefea 100644
--- a/contrib/ipfilter/ip_log.c
+++ b/contrib/ipfilter/ip_log.c
@@ -26,7 +26,11 @@
 #   endif
 #  endif
 # else
-#  include <osreldate.h>
+#  ifdef KLD_MODULE
+#   include <sys/osreldate.h>
+#  else
+#   include <osreldate.h>
+#  endif
 # endif
 #endif
 #ifdef  IPFILTER_LOG
diff --git a/contrib/ipfilter/ipmon.c b/contrib/ipfilter/ipmon.c
index bbf28f1..738ce0d 100644
--- a/contrib/ipfilter/ipmon.c
+++ b/contrib/ipfilter/ipmon.c
@@ -209,11 +209,11 @@ static void init_tabs()
 		if (s->s_proto == NULL)
 			continue;
 		else if (!strcmp(s->s_proto, "tcp")) {
-			port = s->s_port;
+			port = ntohs(s->s_port);
 			name = s->s_name;
 			tab = tcp_ports;
 		} else if (!strcmp(s->s_proto, "udp")) {
-			port = s->s_port;
+			port = ntohs(s->s_port);
 			name = s->s_name;
 			tab = udp_ports;
 		} else
@@ -401,6 +401,10 @@ int	blen;
 		strcpy(t, "NAT:RDR ");
 	else if (nl->nl_type == NL_EXPIRE)
 		strcpy(t, "NAT:EXPIRE ");
+	else if (nl->nl_type == NL_NEWBIMAP)
+		strcpy(t, "NAT:BIMAP ");
+	else if (nl->nl_type == NL_NEWBLOCK)
+		strcpy(t, "NAT:MAPBLOCK ");
 	else
 		sprintf(t, "Type: %d ", nl->nl_type);
 	t += strlen(t);
diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8
index bc81b5a..c0c751b 100644
--- a/contrib/ipfilter/man/ipfstat.8
+++ b/contrib/ipfilter/man/ipfstat.8
@@ -100,8 +100,10 @@ protocol number. If this option is not specified, state entries for any
 protocol are specified.
 .TP
 .B \-s
-Show packet/flow state information (statistics) and held state information (in
-the kernel) if any is present.
+Show packet/flow state information (statistics only).
+.TP
+.B \-sl
+Show held state information (in the kernel) if any is present (no statistics).
 .TP
 .BR \-S \0<addrport>
 This option is only valid in combination with \fB\-t\fP. Limit the state top