diff options
author | darrenr <darrenr@FreeBSD.org> | 2000-07-19 13:56:18 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2000-07-19 13:56:18 +0000 |
commit | 464e3d57b81373743909c947d624bd49985749fb (patch) | |
tree | 8b26825ace37f58559189debbeee4ac9aa3c312a /contrib/ipfilter | |
parent | 243b2e7424c14d7d41860dd8fe2023d41dfa7e76 (diff) | |
download | FreeBSD-src-464e3d57b81373743909c947d624bd49985749fb.zip FreeBSD-src-464e3d57b81373743909c947d624bd49985749fb.tar.gz |
fix conflicts
Diffstat (limited to 'contrib/ipfilter')
-rw-r--r-- | contrib/ipfilter/fil.c | 43 | ||||
-rw-r--r-- | contrib/ipfilter/ip_fil.h | 4 | ||||
-rw-r--r-- | contrib/ipfilter/ip_log.c | 6 | ||||
-rw-r--r-- | contrib/ipfilter/ipmon.c | 8 | ||||
-rw-r--r-- | contrib/ipfilter/man/ipfstat.8 | 6 |
5 files changed, 41 insertions, 26 deletions
diff --git a/contrib/ipfilter/fil.c b/contrib/ipfilter/fil.c index d6568cc..43a03e1 100644 --- a/contrib/ipfilter/fil.c +++ b/contrib/ipfilter/fil.c @@ -10,14 +10,6 @@ static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; static const char rcsid[] = "@(#)$FreeBSD$"; #endif -#if defined(_KERNEL) && defined(__FreeBSD_version) && \ - (__FreeBSD_version >= 400019) -# define CSUM_DELAY_DATA -#endif -#if defined(_KERNEL) && defined(__FreeBSD_version) && \ - (__FreeBSD_version >= 400000) && !defined(KLD_MODULE) -#include "opt_inet6.h" -#endif #include <sys/errno.h> #include <sys/types.h> #include <sys/param.h> @@ -29,6 +21,14 @@ static const char rcsid[] = "@(#)$FreeBSD$"; #endif #if (defined(KERNEL) || defined(_KERNEL)) && defined(__FreeBSD_version) && \ (__FreeBSD_version >= 220000) +# if (__FreeBSD_version >= 400000) +# ifndef KLD_MODULE +# include "opt_inet6.h" +# endif +# if (__FreeBSD_version == 400019) +# define CSUM_DELAY_DATA +# endif +# endif # include <sys/filio.h> # include <sys/fcntl.h> #else @@ -119,10 +119,8 @@ extern kmutex_t ipf_rw; # if SOLARIS # define FR_NEWAUTH(m, fi, ip, qif) fr_newauth((mb_t *)m, fi, \ ip, qif) -# define SEND_RESET(ip, qif, if, fin) send_reset(fin, ip, qif) # else /* SOLARIS */ # define FR_NEWAUTH(m, fi, ip, qif) fr_newauth((mb_t *)m, fi, ip) -# define SEND_RESET(ip, qif, if, fin) send_reset(fin, ip) # endif /* SOLARIS || __sgi */ #endif /* _KERNEL */ @@ -663,8 +661,11 @@ void *m; * Just log this packet... */ passt = fr->fr_flags; - if ((passt & FR_CALLNOW) && fr->fr_func) - passt = (*fr->fr_func)(passt, ip, fin); +#if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL)) + if (securelevel <= 0) +#endif + if ((passt & FR_CALLNOW) && fr->fr_func) + passt = (*fr->fr_func)(passt, ip, fin); fin->fin_fr = fr; #ifdef IPFILTER_LOG if ((passt & FR_LOGMASK) == FR_LOG) { @@ -969,8 +970,11 @@ int out; pass &= ~(FR_LOGFIRST|FR_LOG); } - if (fr && fr->fr_func && !(pass & FR_CALLNOW)) - pass = (*fr->fr_func)(pass, ip, fin); +#if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL)) + if (securelevel <= 0) +#endif + if (fr && fr->fr_func && !(pass & FR_CALLNOW)) + pass = (*fr->fr_func)(pass, ip, fin); /* * Only count/translate packets which will be passed on, out the @@ -979,10 +983,10 @@ int out; if (out && (pass & FR_PASS)) { #ifdef USE_INET6 if (v == 6) - list = ipacct6[0][fr_active]; + list = ipacct6[1][fr_active]; else #endif - list = ipacct[0][fr_active]; + list = ipacct[1][fr_active]; if ((fin->fin_fr = list) && (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT)) { ATOMIC_INCL(frstats[1].fr_acct); @@ -1127,11 +1131,11 @@ logit: if (((pass & FR_FASTROUTE) && !out) || (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) { - if (ipfr_fastroute(qif, ip, m, mp, fin, fdp) == 0) + if (ipfr_fastroute(ip, m, mp, fin, fdp) == 0) m = *mp = NULL; } if (mc) - ipfr_fastroute(qif, ip, mc, mp, fin, &fr->fr_dif); + ipfr_fastroute(ip, mc, mp, fin, &fr->fr_dif); } # endif /* !SOLARIS */ return (pass & FR_PASS) ? 0 : error; @@ -1363,7 +1367,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.8 2000/05/22 10:26:09 darrenr Exp $ + * $Id: fil.c,v 2.35.2.18 2000/07/19 13:13:40 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, @@ -1811,6 +1815,7 @@ void frsync() ip_natsync(ifp); ip_statesync(ifp); } + ip_natsync((struct ifnet *)-1); # endif WRITE_ENTER(&ipf_mutex); diff --git a/contrib/ipfilter/ip_fil.h b/contrib/ipfilter/ip_fil.h index ec8ad7f..487fe90 100644 --- a/contrib/ipfilter/ip_fil.h +++ b/contrib/ipfilter/ip_fil.h @@ -519,8 +519,8 @@ extern int iplioctl __P((dev_t, int, int *, int, cred_t *, int *)); extern int iplopen __P((dev_t *, int, int, cred_t *)); extern int iplclose __P((dev_t, int, int, cred_t *)); extern int ipfsync __P((void)); -extern int ipfr_fastroute __P((qif_t *, ip_t *, mblk_t *, mblk_t **, - fr_info_t *, frdest_t *)); +extern int ipfr_fastroute __P((ip_t *, mblk_t *, mblk_t **, + fr_info_t *, frdest_t *)); extern void copyin_mblk __P((mblk_t *, size_t, size_t, char *)); extern void copyout_mblk __P((mblk_t *, size_t, size_t, char *)); extern int fr_qin __P((queue_t *, mblk_t *)); diff --git a/contrib/ipfilter/ip_log.c b/contrib/ipfilter/ip_log.c index 7d6f0b1..aaaefea 100644 --- a/contrib/ipfilter/ip_log.c +++ b/contrib/ipfilter/ip_log.c @@ -26,7 +26,11 @@ # endif # endif # else -# include <osreldate.h> +# ifdef KLD_MODULE +# include <sys/osreldate.h> +# else +# include <osreldate.h> +# endif # endif #endif #ifdef IPFILTER_LOG diff --git a/contrib/ipfilter/ipmon.c b/contrib/ipfilter/ipmon.c index bbf28f1..738ce0d 100644 --- a/contrib/ipfilter/ipmon.c +++ b/contrib/ipfilter/ipmon.c @@ -209,11 +209,11 @@ static void init_tabs() if (s->s_proto == NULL) continue; else if (!strcmp(s->s_proto, "tcp")) { - port = s->s_port; + port = ntohs(s->s_port); name = s->s_name; tab = tcp_ports; } else if (!strcmp(s->s_proto, "udp")) { - port = s->s_port; + port = ntohs(s->s_port); name = s->s_name; tab = udp_ports; } else @@ -401,6 +401,10 @@ int blen; strcpy(t, "NAT:RDR "); else if (nl->nl_type == NL_EXPIRE) strcpy(t, "NAT:EXPIRE "); + else if (nl->nl_type == NL_NEWBIMAP) + strcpy(t, "NAT:BIMAP "); + else if (nl->nl_type == NL_NEWBLOCK) + strcpy(t, "NAT:MAPBLOCK "); else sprintf(t, "Type: %d ", nl->nl_type); t += strlen(t); diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index bc81b5a..c0c751b 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -100,8 +100,10 @@ protocol number. If this option is not specified, state entries for any protocol are specified. .TP .B \-s -Show packet/flow state information (statistics) and held state information (in -the kernel) if any is present. +Show packet/flow state information (statistics only). +.TP +.B \-sl +Show held state information (in the kernel) if any is present (no statistics). .TP .BR \-S \0<addrport> This option is only valid in combination with \fB\-t\fP. Limit the state top |