This commit was generated by cvs2svn to compensate for changes in r95419,

which included commits to RCS files with non-trunk default branches.
author: darrenr <darrenr@FreeBSD.org> 2002-04-25 03:34:26 +0000
committer: darrenr <darrenr@FreeBSD.org> 2002-04-25 03:34:26 +0000
commit: e783fd269eb5c7968420f90776437412625caf50 (patch)
tree: 916878647b77c97c00dbc302c03bceb1680aa52a /contrib
parent: aa253ab58590afa73cf198c524f0255f45700d8b (diff)
parent: 49c8a23224d88e6d6d3be39c5024f4a7ba105108 (diff)
download: FreeBSD-src-e783fd269eb5c7968420f90776437412625caf50.zip
FreeBSD-src-e783fd269eb5c7968420f90776437412625caf50.tar.gz
24 files changed, 350 insertions, 171 deletions
diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile
index 8d2b28d..afa9e52 100644
--- a/contrib/ipfilter/BSD/Makefile
+++ b/contrib/ipfilter/BSD/Makefile
@@ -7,6 +7,8 @@
 #
 BINDEST=/usr/sbin
 SBINDEST=/sbin
+SEARCHDIRS=$(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin \
+	/usr/local/bin /usr/local/sbin
 MANDIR=/usr/share/man
 CC=cc -Wall -Wstrict-prototypes -Wuninitialized -O
 CFLAGS=-g -I$(TOP)
@@ -49,6 +51,14 @@ IPNAT=ipnat.o kmem.o natparse.o common.o printnat.o
 FILS=fils.o parse.o kmem.o opt.o facpri.o common.o printstate.o
 
 build all: ipf ipfs ipfstat ipftest ipmon ipnat $(LKM)
+	/bin/rm -f $(TOP)/ipf
+	ln -s `pwd`/ipf $(TOP)
+	/bin/rm -f $(TOP)/ipftest
+	ln -s `pwd`/ipftest $(TOP)
+	/bin/rm -f $(TOP)/ipmon
+	ln -s `pwd`/ipmon $(TOP)
+	/bin/rm -f $(TOP)/ipnat
+	ln -s `pwd`/ipnat $(TOP)
 
 ipfstat: $(FILS)
 	$(CC) -static $(DEBUG) $(CFLAGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
@@ -56,13 +66,9 @@ ipfstat: $(FILS)
 
 ipf: $(IPF)
 	$(CC) -static $(DEBUG) $(CFLAGS) $(IPF) -o $@ $(LIBS)
-	/bin/rm -f $(TOP)/ipf
-	ln -s `pwd`/ipf $(TOP)
 
 ipftest: $(IPT)
 	$(CC) $(DEBUG) $(CFLAGS) $(IPT) -o $@ $(LIBS)
-	/bin/rm -f $(TOP)/ipftest
-	ln -s `pwd`/ipftest $(TOP)
 
 ipnat: $(IPNAT)
 	$(CC) -static $(DEBUG) $(CFLAGS) $(IPNAT) -o $@ $(LIBS) -lkvm
@@ -220,8 +226,6 @@ facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h
 
 ipmon: $(TOP)/ipmon.c
 	$(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS)
-	/bin/rm -f $(TOP)/ipmon
-	ln -s `pwd`/ipmon $(TOP)
 
 clean:
 	${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipnat \
@@ -250,8 +254,8 @@ install:
 	    ipfstat:$(SBINDEST) ipftest:$(SBINDEST) ipmon:$(BINDEST); do \
 		def="`expr $$i : '[^:]*:\(.*\)'`"; \
 		p="`expr $$i : '\([^:]*\):.*'`"; \
-		for d in $(BINDEST) $(SBINDEST); do \
-			if [ -f $$d/$$i ] ; then \
+		for d in $(SEARCHDIRS); do \
+			if [ -f $$d/$$p ] ; then \
 				echo "$(INSTALL) -cs -g wheel -m 755 -o root $$p $$d"; \
 				$(INSTALL) -cs -g wheel -m 755 -o root $$p $$d; \
 				dd=$$d; \
diff --git a/contrib/ipfilter/BSD/kupgrade b/contrib/ipfilter/BSD/kupgrade
index 092f3ab..4d8573d 100644
--- a/contrib/ipfilter/BSD/kupgrade
+++ b/contrib/ipfilter/BSD/kupgrade
@@ -8,6 +8,15 @@ set -e
 argv0=`basename $0`
 dir=`pwd`
 karch=`uname -m`
+os=`uname -s`
+if [ $os = FreeBSD ] ; then
+	rev=`uname -r`
+	rev=`expr $rev : '\([0-9]*\)\..*'`
+	if [ $rev = 2 ] ; then
+		echo "Copying /usr/include/osreldate.h to /sys/sys"
+		cp /usr/include/osreldate.h /sys/sys
+	fi
+fi
 archdir="/sys/arch/$karch"
 ipfdir=/sys/netinet
 if [ -d /sys/contrib/ipfilter ] ; then
diff --git a/contrib/ipfilter/FreeBSD-4.0/kinstall b/contrib/ipfilter/FreeBSD-4.0/kinstall
index 9e34e33..2598c6c 100755
--- a/contrib/ipfilter/FreeBSD-4.0/kinstall
+++ b/contrib/ipfilter/FreeBSD-4.0/kinstall
@@ -28,11 +28,13 @@ echo ""
 echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"
 ln -s /usr/include/osreldate.h /sys/sys/osreldate.h
 
-patchfile=FreeBSd-4.0/ipv6-patch-$krev
+set patchfile=FreeBSd-4.0/ipv6-patch-$krev
 if ( -f $patchfile ) then
 	echo ""
 	echo "Patching ip6_input.c and ip6_output.c"
 	cat $patchfile | (cd /sys/netinet6; patch)
+else
+	echo "IPv6 patching not required for your OS version"
 endif
 
 set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY
index 80632b4..ec317dc 100644
--- a/contrib/ipfilter/HISTORY
+++ b/contrib/ipfilter/HISTORY
@@ -22,6 +22,59 @@
 # and especially those who have found the time to port IP Filter to new
 # platforms.
 #
+3.4.26	25/04/2002 - Released
+
+fix parsing and printing of NAT rules with regression tests.
+
+add code to adjust TCP checksums inside ICMP errors where present and as
+required for NAT.
+
+fix documentation problems in instal documents
+
+fix locking problem with auth code on Solaris
+
+fix use of version macros for FreeBSD and make the use of __FreeBSD_version
+override previous hacks except when not present
+
+fix the macros defined for SIOCAUTHR and SIOCAUTHW
+
+fix the H.323 proxy so it no longer panics (multiple issues: re-entry into
+nat_ioctl with lock held on Solaris, trying to copy data from kernel space
+with copyin, unaligned access to get 32bit & 16bit numbers)
+
+use the ip_ttl ndd parameter on Solaris to fill in ip_ttl for packets
+generated by IPFilter
+
+fix comparing state information to delete state table entries
+
+flag packets as being "bad state" if they're outside the window and prevent
+them from being able to cause new state to be created - except for SYN packets
+
+be stricter about what packets match a TCP state table entry if its creation
+was triggered by a SYN packet.
+
+add patches to handle TCP window scaling
+
+don't update TCP state table entries if the packet is not considered to be
+part of the connection
+
+ipfs wasn't allowing -i command line option in getopt
+
+IRIX: fix kvm interface, fix compile warnings, compile the kernel with -O2
+      regardless of user compile, fix the getkflags script to prune down the
+      output more so it is acceptable
+
+change building in Makefiles to create links to the application in $(TOP)
+at the end of "build" rather than when each is created.
+
+update BSD/kupgrade for FreeBSD
+
+l4check wasn't properly closing things when a connection fails
+
+man page updates for ipmon(8) and ipnat(5)
+
+more regression tests added.
+
 3.4.25	13/03/2002 - Released
 
 retain rule # in state information
diff --git a/contrib/ipfilter/fils.c b/contrib/ipfilter/fils.c
index b3bfae2..dcf74e5 100644
--- a/contrib/ipfilter/fils.c
+++ b/contrib/ipfilter/fils.c
@@ -94,7 +94,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)fils.c	1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.34 2002/02/22 15:32:45 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: fils.c,v 2.21.2.35 2002/04/03 14:18:36 darrenr Exp $";
 #endif
 
 extern	char	*optarg;
@@ -1200,15 +1200,15 @@ int topclosed;
 			if (c == ERR)
 				continue;
 
-			if (tolower(c) == 'l') {
+			if (isalpha(c) && isupper(c))
+				c = tolower(c);
+			if (c == 'l') {
 				redraw = 1;
-			} else if (tolower(c) == 'q') {
-				nocbreak();
-				endwin();
-				exit(0);
-			} else if (tolower(c) == 'r') {
+			} else if (c == 'q') {
+				break;	/* exits while() loop */
+			} else if (c == 'r') {
 				reverse = !reverse;
-			} else if (tolower(c) == 's') {
+			} else if (c == 's') {
 				sorting++;
 				if (sorting > STSORT_MAX)
 					sorting = 0;
diff --git a/contrib/ipfilter/ip_sfil.c b/contrib/ipfilter/ip_sfil.c
index e134f65..a00d8fd 100644
--- a/contrib/ipfilter/ip_sfil.c
+++ b/contrib/ipfilter/ip_sfil.c
@@ -7,7 +7,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "%W% %G% (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.15 2001/12/26 22:28:51 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.23.2.16 2002/04/05 08:43:25 darrenr Exp $";
 #endif
 
 #include <sys/types.h>
@@ -61,6 +61,7 @@ int	fr_running = 0;
 int	ipl_unreach = ICMP_UNREACH_HOST;
 u_long	ipl_frouteok[2] = {0, 0};
 static	int	frzerostats __P((caddr_t));
+static	u_long	*ip_ttl_ptr;
 
 static	int	frrequest __P((minor_t, int, caddr_t, int));
 static	int	send_ip __P((fr_info_t *fin, mblk_t *m));
@@ -107,6 +108,8 @@ int ipldetach()
 
 int iplattach __P((void))
 {
+	int i;
+
 #ifdef	IPFDEBUG
 	cmn_err(CE_CONT, "iplattach()\n");
 #endif
@@ -133,6 +136,19 @@ int iplattach __P((void))
 		return -1;
 	if (appr_init() == -1)
 		return -1;
+
+	ip_ttl_ptr = NULL;
+	/*
+	 * XXX - There is no terminator for this array, so it is not possible
+	 * to tell if what we are looking for is missing and go off the end
+	 * of the array.
+	 */
+	for (i = 0; ; i++) {
+		if (!strcmp(ip_param_arr[i].ip_param_name, "ip_def_ttl")) {
+			ip_ttl_ptr = &ip_param_arr[i].ip_param_value;
+			break;
+		}
+	}
 	return 0;
 }
 
@@ -774,7 +790,7 @@ mblk_t *m;
 
 		ip = (ip_t *)m->b_rptr;
 		ip->ip_v = IPVERSION;
-		ip->ip_ttl = 60;
+		ip->ip_ttl = (u_char)(*ip_ttl_ptr);
 		ip_wput(((qif_t *)fin->fin_qif)->qf_ill->ill_wq, m);
 	}
 	READ_ENTER(&ipf_solaris);
@@ -894,7 +910,7 @@ int dst;
 		ip->ip_p = IPPROTO_ICMP;
 		ip->ip_id = oip->ip_id;
 		ip->ip_sum = 0;
-		ip->ip_ttl = 60;
+		ip->ip_ttl = (u_char)(*ip_ttl_ptr);
 		ip->ip_tos = oip->ip_tos;
 		ip->ip_len = (u_short)htons(sz);
 		if (dst == 0) {
diff --git a/contrib/ipfilter/ipf.c b/contrib/ipfilter/ipf.c
index b983781..fc35b31 100644
--- a/contrib/ipfilter/ipf.c
+++ b/contrib/ipfilter/ipf.c
@@ -50,7 +50,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipf.c	1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.13 2002/02/22 15:32:53 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipf.c,v 2.10.2.14 2002/04/10 04:56:36 darrenr Exp $";
 #endif
 
 #if	SOLARIS
@@ -225,7 +225,7 @@ u_int	enable;
 		if (ioctl(fd, SIOCFRENB, &enable) == -1) {
 			if (errno == EBUSY)
 				fprintf(stderr,
-					"IP FIlter: already initialized\n");
+					"IP Filter: already initialized\n");
 			else
 				perror("SIOCFRENB");
 		}
diff --git a/contrib/ipfilter/ipfs.c b/contrib/ipfilter/ipfs.c
index b111bfd..a2ccf89 100644
--- a/contrib/ipfilter/ipfs.c
+++ b/contrib/ipfilter/ipfs.c
@@ -45,7 +45,7 @@
 #include "ipf.h"
 
 #if !defined(lint)
-static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.8 2001/09/14 18:52:21 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.9 2002/04/17 17:42:59 darrenr Exp $";
 #endif
 
 #ifndef	IPF_SAVEDIR
@@ -208,7 +208,7 @@ char *argv[];
 	int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0;
 	char *dirname = NULL, *filename = NULL, *ifs = NULL;
 
-	while ((c = getopt(argc, argv, "d:f:lNnSRruvWw")) != -1)
+	while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
 		switch (c)
 		{
 		case 'd' :
diff --git a/contrib/ipfilter/ipt.c b/contrib/ipfilter/ipt.c
index 189e35f..0c3b50c 100644
--- a/contrib/ipfilter/ipt.c
+++ b/contrib/ipfilter/ipt.c
@@ -13,6 +13,7 @@
 # endif
 #endif
 #ifdef __sgi
+# define _KMEMUSER
 # include <sys/ptimers.h>
 #endif
 #include <stdio.h>
@@ -63,7 +64,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)ipt.c	1.19 6/3/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.19 2002/03/11 03:30:51 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipt.c,v 2.6.2.21 2002/03/26 15:54:40 darrenr Exp $";
 #endif
 
 extern	char	*optarg;
@@ -113,10 +114,13 @@ char *argv[];
 	while ((c = getopt(argc, argv, "6bdDEHi:I:l:NoPr:STvxX")) != -1)
 		switch (c)
 		{
-#ifdef	USE_INET6
 		case '6' :
+#ifdef	USE_INET6
 			use_inet6 = 1;
 			break;
+#else
+			fprintf(stderr, "IPv6 not supported\n");
+			exit(1);
 #endif
 		case 'b' :
 			opts |= OPT_BRIEF;
diff --git a/contrib/ipfilter/kmem.c b/contrib/ipfilter/kmem.c
index eec8b3c..254bbf9 100644
--- a/contrib/ipfilter/kmem.c
+++ b/contrib/ipfilter/kmem.c
@@ -46,18 +46,13 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)kmem.c	1.4 1/12/96 (C) 1992 Darren Reed";
-static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.12 2002/03/06 09:44:16 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: kmem.c,v 2.2.2.14 2002/04/17 17:44:44 darrenr Exp $";
 #endif
 
-#ifndef	__sgi
+#ifdef	__sgi
+typedef	int 	kvm_t;
 
-static	kvm_t	*kvm_f = NULL;
-
-#else
-
-typedef	int	kvm_t;
-
-static	kvm_t	kvm_f = -1;
+static	int	kvm_fd = -1;
 static	char	*kvm_errstr;
 
 kvm_t kvm_open(kernel, core, swap, mode, errstr)
@@ -65,12 +60,12 @@ char *kernel, *core, *swap;
 int mode;
 char *errstr;
 {
-	kvm_t fd;
-
 	kvm_errstr = errstr;
 
-	fd = open(core, mode);
-	return fd;
+	if (core == NULL)
+		core = "/dev/kmem";
+	kvm_fd = open(core, mode);
+	return (kvm_fd >= 0) ? (kvm_t)&kvm_fd : NULL;
 }
 
 int kvm_read(kvm, pos, buffer, size)
@@ -82,21 +77,22 @@ size_t size;
 	int r, left;
 	char *bufp;
 
-	if (lseek(kvm, pos, 0) == -1) {
+	if (lseek(*kvm, pos, 0) == -1) {
 		fprintf(stderr, "%s", kvm_errstr);
 		perror("lseek");
 		return -1;
 	}
 
 	for (bufp = buffer, left = size; left > 0; bufp += r, left -= r) {
-		r = read(kvm, bufp, 1);
+		r = read(*kvm, bufp, 1);
 		if (r <= 0)
 			return -1;
 	}
-	return 0;
+	return size;
 }
 #endif
 
+static	kvm_t	*kvm_f = NULL;
 
 int	openkmem(kern, core)
 char	*kern, *core;
diff --git a/contrib/ipfilter/l4check/l4check.c b/contrib/ipfilter/l4check/l4check.c
index 6945b1c..23ac79a 100644
--- a/contrib/ipfilter/l4check/l4check.c
+++ b/contrib/ipfilter/l4check/l4check.c
@@ -141,7 +141,8 @@ void closel4(l4, dead)
 l4cfg_t *l4;
 int dead;
 {
-	close(l4->l4_fd);
+	if (l4->l4_fd != -1)
+		close(l4->l4_fd);
 	l4->l4_fd = -1;
 	l4->l4_rw = -1;
 	if (dead && l4->l4_alive) {
@@ -307,7 +308,7 @@ int runconfig()
 					if (opts & OPT_VERBOSE)
 						fprintf(stderr, "failed\n");
 					perror("connect");
-					close(fd);
+					closel4(l4, 1);
 					fd = -1;
 				} else {
 					if (opts & OPT_VERBOSE)
diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5
index 7fb2e90..16c1752 100644
--- a/contrib/ipfilter/man/ipnat.5
+++ b/contrib/ipfilter/man/ipnat.5
@@ -7,8 +7,8 @@ The format for files accepted by ipnat is described by the following grammar:
 .nf
 ipmap :: = mapblock | redir | map .
 
-map ::= mapit ifname ipmask "->" ipmask [ mapport ] .
-map ::= mapit ifname fromto "->" ipmask [ mapport ] .
+map ::= mapit ifname ipmask "->" dstipmask [ mapport ] .
+map ::= mapit ifname fromto "->" dstipmask [ mapport ] .
 mapblock ::= "map-block" ifname ipmask "->" ipmask [ ports ] .
 redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport options .
 
@@ -18,6 +18,7 @@ rdrport ::= "port" portnum .
 mapit ::= "map" | "bimap" .
 fromto ::= "from" object "to" object .
 ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask .
+dstipmask ::= ipmask | "range" ip "-" ip .
 mapport ::= "portmap" tcpudp portnumber ":" portnumber .
 options ::= [ tcpudp ] [ rr ] .
 
@@ -34,6 +35,10 @@ ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .
 numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .
 .fi
 .PP
+In addition to this, # is used to mark the start of a comment and may
+appear at the end of a line with a NAT rule (as described above) or on its
+own lines.  Blank lines are ignored.
+.PP
 For standard NAT functionality, a rule should start with \fBmap\fP and then
 proceeds to specify the interface for which outgoing packets will have their
 source address rewritten.
diff --git a/contrib/ipfilter/mlf_ipl.c b/contrib/ipfilter/mlf_ipl.c
index 00f7d22..84d2a95 100644
--- a/contrib/ipfilter/mlf_ipl.c
+++ b/contrib/ipfilter/mlf_ipl.c
@@ -12,23 +12,11 @@
 #include <sys/param.h>
 
 #if defined(__FreeBSD__)
+# ifndef __FreeBSD_version
+#  include <sys/osreldate.h>
+# endif
 # ifdef	IPFILTER_LKM
-#  ifndef __FreeBSD_cc_version
-#   include <osreldate.h>
-#  else
-#   if __FreeBSD_cc_version < 430000
-#    include <osreldate.h>
-#   endif
-#  endif
 #  define	ACTUALLY_LKM_NOT_KERNEL
-# else
-#  ifndef __FreeBSD_cc_version
-#   include <sys/osreldate.h>
-#  else
-#   if __FreeBSD_cc_version < 430000
-#    include <sys/osreldate.h>
-#   endif
-#  endif
 # endif
 #endif
 #include <sys/systm.h>
diff --git a/contrib/ipfilter/mls_ipl.c b/contrib/ipfilter/mls_ipl.c
index bc8f3ed..5a70ab9 100644
--- a/contrib/ipfilter/mls_ipl.c
+++ b/contrib/ipfilter/mls_ipl.c
@@ -40,7 +40,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)mls_ipl.c	2.6 10/15/95 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2.2.1 2001/06/26 10:43:20 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: mls_ipl.c,v 2.2.2.2 2002/04/10 05:05:54 darrenr Exp $";
 #endif
 
 extern	int	ipldetach __P((void));
@@ -49,6 +49,7 @@ extern	int	ipldetach __P((void));
 #endif
 extern	int	nulldev __P((void));
 extern	int	errno;
+extern	int	iplidentify __P((char *));
 
 extern int nodev __P((void));
 
diff --git a/contrib/ipfilter/natparse.c b/contrib/ipfilter/natparse.c
index e484316..e1c3a49 100644
--- a/contrib/ipfilter/natparse.c
+++ b/contrib/ipfilter/natparse.c
@@ -56,7 +56,7 @@ extern	char	*sys_errlist[];
 
 #if !defined(lint)
 static const char sccsid[] ="@(#)ipnat.c	1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.23 2002/02/22 15:32:55 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: natparse.c,v 1.17.2.24 2002/04/24 17:30:51 darrenr Exp $";
 #endif
 
 
@@ -394,15 +394,24 @@ int linenum;
 	cpp++;
 
 	if (ipn.in_redir & NAT_MAPBLK) {
-		if (*cpp && strcasecmp(*cpp, "ports")) {
-			fprintf(stderr,
-				"%d: expected \"ports\" - got \"%s\"\n",
-				linenum, *cpp);
-			return NULL;
-		}
-		cpp++;
 		if (*cpp) {
-			ipn.in_pmin = atoi(*cpp);
+			if (strcasecmp(*cpp, "ports")) {
+				fprintf(stderr,
+					"%d: expected \"ports\" - got \"%s\"\n",
+					linenum, *cpp);
+				return NULL;
+			}
+			cpp++;
+			if (*cpp == NULL) {
+				fprintf(stderr,
+					"%d: missing argument to \"ports\"\n",
+					linenum);
+				return NULL;
+			}
+			if (!strcasecmp(*cpp, "auto"))
+				ipn.in_flags |= IPN_AUTOPORTMAP;
+			else
+				ipn.in_pmin = atoi(*cpp);
 			cpp++;
 		} else
 			ipn.in_pmin = 0;
@@ -483,6 +492,10 @@ int linenum;
 						ipn.in_p = atoi(proto);
 				}
 			}
+			if ((ipn.in_flags & IPN_TCPUDP) == 0) {
+				port1a = "0";
+				port2a = "0";
+			}
 
 			if (*cpp && !strcasecmp(*cpp, "round-robin")) {
 				cpp++;
@@ -548,7 +561,7 @@ int linenum;
 	if ((ipn.in_redir & NAT_MAPBLK) != 0)
 		nat_setgroupmap(&ipn);
 
-	if (*cpp && !strcasecmp(*cpp, "frag")) {
+	if (*cpp && !*(cpp+1) && !strcasecmp(*cpp, "frag")) {
 		cpp++;
 		ipn.in_flags |= IPN_FRAG;
 	}
@@ -618,12 +631,6 @@ int linenum;
 		(void) strncpy(ipn.in_plabel, *cpp, sizeof(ipn.in_plabel));
 		cpp++;
 
-		if (*cpp) {
-			fprintf(stderr,
-				"%d: too many parameters for \"proxy\"\n",
-				linenum);
-			return NULL;
-		}
 	} else if (!strcasecmp(*cpp, "portmap")) {
 		if (ipn.in_redir == NAT_BIMAP) {
 			fprintf(stderr, "%d: cannot use portmap with bimap\n",
@@ -683,6 +690,11 @@ int linenum;
 		}
 	}
 
+	if (*cpp && !strcasecmp(*cpp, "frag")) {
+		cpp++;
+		ipn.in_flags |= IPN_FRAG;
+	}
+
 	if (*cpp && !strcasecmp(*cpp, "age")) {
 		cpp++;
 		if (!*cpp) {
@@ -690,6 +702,7 @@ int linenum;
 				linenum);
 			return NULL;
 		}
+		ipn.in_age[0] = atoi(*cpp);
 		s = index(*cpp, '/');
 		if (s != NULL)
 			ipn.in_age[1] = atoi(s + 1);
diff --git a/contrib/ipfilter/printnat.c b/contrib/ipfilter/printnat.c
index 647c92e..dd59272 100644
--- a/contrib/ipfilter/printnat.c
+++ b/contrib/ipfilter/printnat.c
@@ -58,7 +58,7 @@ extern	char	*sys_errlist[];
 #endif
 
 #if !defined(lint)
-static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.6 2002/02/22 15:32:56 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.7 2002/04/24 17:35:37 darrenr Exp $";
 #endif
 
 
@@ -298,6 +298,9 @@ int opts;
 	struct	servent	*sv;
 	int	bits;
 
+	if (np->in_p != 0)
+		pr = getprotobynumber(np->in_p);
+
 	switch (np->in_redir)
 	{
 	case NAT_REDIRECT :
@@ -372,12 +375,18 @@ int opts;
 			printf(" udp");
 		else if (np->in_p == 0)
 			printf(" ip");
-		else if (np->in_p != 0)
-			printf(" %d", np->in_p);
+		else if (np->in_p != 0) {
+			if (pr != NULL)
+				printf(" %s", pr->p_name);
+			else
+				printf(" %d", np->in_p);
+		}
 		if (np->in_flags & IPN_ROUNDR)
 			printf(" round-robin");
 		if (np->in_flags & IPN_FRAG)
 			printf(" frag");
+		if (np->in_age[0])
+			printf(" age %d/%d", np->in_age[0], np->in_age[1]);
 		printf("\n");
 		if (opts & OPT_DEBUG)
 			printf("\tspc %lu flg %#x max %u use %d\n",
@@ -389,7 +398,7 @@ int opts;
 			printf("%s/", inet_ntoa(np->in_in[0]));
 			bits = countbits(np->in_in[1].s_addr);
 			if (bits != -1)
-				printf("%d ", bits);
+				printf("%d", bits);
 			else
 				printf("%s", inet_ntoa(np->in_in[1]));
 		}
@@ -401,12 +410,11 @@ int opts;
 			printf("%s/", inet_ntoa(np->in_out[0]));
 			bits = countbits(np->in_out[1].s_addr);
 			if (bits != -1)
-				printf("%d ", bits);
+				printf("%d", bits);
 			else
 				printf("%s", inet_ntoa(np->in_out[1]));
 		}
 		if (*np->in_plabel) {
-			pr = getprotobynumber(np->in_p);
 			printf(" proxy port");
 			if (np->in_dport != 0) {
 				if (pr != NULL)
@@ -426,8 +434,12 @@ int opts;
 			else
 				printf("%d", np->in_p);
 		} else if (np->in_redir == NAT_MAPBLK) {
-			printf(" ports %d", np->in_pmin);
-			if (opts & OPT_VERBOSE)
+			if ((np->in_pmin == 0) &&
+			    (np->in_flags & IPN_AUTOPORTMAP))
+				printf(" ports auto");
+			else
+				printf(" ports %d", np->in_pmin);
+			if (opts & OPT_DEBUG)
 				printf("\n\tip modulous %d", np->in_pmax);
 		} else if (np->in_pmin || np->in_pmax) {
 			printf(" portmap");
@@ -451,6 +463,8 @@ int opts;
 		}
 		if (np->in_flags & IPN_FRAG)
 			printf(" frag");
+		if (np->in_age[0])
+			printf(" age %d/%d", np->in_age[0], np->in_age[1]);
 		printf("\n");
 		if (opts & OPT_DEBUG) {
 			printf("\tspace %lu nextip %s pnext %d", np->in_space,
diff --git a/contrib/ipfilter/printstate.c b/contrib/ipfilter/printstate.c
index 16bda9b..d462a22 100644
--- a/contrib/ipfilter/printstate.c
+++ b/contrib/ipfilter/printstate.c
@@ -15,6 +15,9 @@
 #include <netinet/in_systm.h>
 #include <net/if.h>
 #include <stdio.h>
+#if __FreeBSD_version >= 300000
+# include <net/if_var.h>
+#endif
 #include "kmem.h"
 #include "netinet/ip_compat.h"
 #include "ipf.h"
@@ -47,15 +50,17 @@ int opts;
 	if (ips.is_p == IPPROTO_TCP)
 #if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)
-		PRINTF("\t%hu -> %hu %x:%x %hu:%hu",
+		PRINTF("\t%hu -> %hu %x:%x %u<<%d:%u<<%d",
 			ntohs(ips.is_sport), ntohs(ips.is_dport),
 			ips.is_send, ips.is_dend,
-			ips.is_maxswin, ips.is_maxdwin);
+			ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
+			ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
 #else
-		PRINTF("\t%hu -> %hu %x:%x %hu:%hu",
+		PRINTF("\t%hu -> %hu %x:%x %u<<%d:%u<<%d",
 			ntohs(ips.is_sport), ntohs(ips.is_dport),
 			ips.is_send, ips.is_dend,
-			ips.is_maxswin, ips.is_maxdwin);
+			ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
+			ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
 #endif
 	else if (ips.is_p == IPPROTO_UDP)
 		PRINTF(" %hu -> %hu", ntohs(ips.is_sport),
diff --git a/contrib/ipfilter/solaris.c b/contrib/ipfilter/solaris.c
index 4ff13df..aa139d3 100644
--- a/contrib/ipfilter/solaris.c
+++ b/contrib/ipfilter/solaris.c
@@ -4,7 +4,7 @@
  * See the IPFILTER.LICENCE file for details on licencing.
  */
 /* #pragma ident   "@(#)solaris.c	1.12 6/5/96 (C) 1995 Darren Reed"*/
-#pragma ident "@(#)$Id: solaris.c,v 2.15.2.29 2002/01/15 14:36:54 darrenr Exp $"
+#pragma ident "@(#)$Id: solaris.c,v 2.15.2.30 2002/04/23 14:57:51 darrenr Exp $"
 
 #include <sys/systm.h>
 #include <sys/types.h>
@@ -1112,7 +1112,7 @@ again:
 		freemsg(mb);
 	}
 	RWLOCK_EXIT(&ipf_solaris);
-	return 0;
+	return 1;
 }
 
 
@@ -1263,7 +1263,7 @@ again:
 		freemsg(mb);
 	}
 	RWLOCK_EXIT(&ipf_solaris);
-	return 0;
+	return 1;
 }
 
 
diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile
index 2d93c7f..334abc2 100644
--- a/contrib/ipfilter/test/Makefile
+++ b/contrib/ipfilter/test/Makefile
@@ -9,23 +9,27 @@ BINDEST=/usr/local/bin
 SBINDEST=/sbin
 MANDIR=/usr/share/man
 
-tests: first 0 ftests ptests ntests nitests logtests
+tests: first 0 ftests ptests ntests nitests logtests ipv6 intests
 
 first:
 	-mkdir -p results
 
 # Filtering tests
-ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16
+ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17
 
 # Rule parsing tests
 ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
 
 ntests: n1 n2 n3 n4 n5 n6 n7
 
-nitests: ni1 ni2
+nitests: ni1 ni2 ni3 ni4
+
+intests: in1 in2 in3 in4
 
 logtests: l1
 
+ipv6: ipv6.1 ipv6.2
+
 0:
 	@(cd ..; make ipftest; )
 
@@ -38,22 +42,33 @@ f12 f13:
 f15 f16:
 	@/bin/sh ./mtest $@
 
+f17:
+	@/bin/sh ./mhtest $@
+
 i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
 	@/bin/sh ./itest $@
 
 n1 n2 n3 n4 n5 n6 n7:
 	@/bin/sh ./nattest $@
 
-ni1 ni2:
+ni1 ni2 ni3 ni4:
 	@/bin/sh ./natipftest $@
 
+in1 in2 in3 in4:
+	@/bin/sh ./intest $@
+
 l1:
 	@/bin/sh ./logtest $@
 
+ipv6.1 ipv6.2:
+	@/bin/sh ./dotest6 $@
+
 clean:
-	/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 f15 f16
+	/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f13 f12 f14 f15 f16 f17
 	/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
 	/bin/rm -f n1 n2 n3 n4 n5 n6 n7
-	/bin/rm -f ni1 ni2
+	/bin/rm -f ni1 ni2 ni3 ni4
+	/bin/rm -f in1 in2 in3 in4
 	/bin/rm -f l1
+	/bin/rm -f ipv6.1 ipv6.2
 	/bin/rm -f results/*
diff --git a/contrib/ipfilter/test/expected/f11 b/contrib/ipfilter/test/expected/f11
index ac37783..b977e41 100644
--- a/contrib/ipfilter/test/expected/f11
+++ b/contrib/ipfilter/test/expected/f11
@@ -1,6 +1,11 @@
 pass
+nomatch
+nomatch
+pass
 pass
+nomatch
 pass
+nomatch
 pass
 nomatch
 nomatch
@@ -11,8 +16,13 @@ nomatch
 nomatch
 --------
 block
+nomatch
+nomatch
+block
 block
+nomatch
 block
+nomatch
 block
 nomatch
 nomatch
@@ -28,6 +38,11 @@ nomatch
 nomatch
 nomatch
 nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
 pass
 pass
 nomatch
@@ -40,6 +55,11 @@ nomatch
 nomatch
 nomatch
 nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
 block
 block
 nomatch
@@ -52,6 +72,11 @@ nomatch
 nomatch
 nomatch
 nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
 pass
 pass
 pass
@@ -64,9 +89,31 @@ nomatch
 nomatch
 nomatch
 nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
 block
 block
 block
 nomatch
 nomatch
 --------
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+pass
+nomatch
+pass
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+nomatch
+--------
diff --git a/contrib/ipfilter/test/expected/l1 b/contrib/ipfilter/test/expected/l1
index c158752..dbd6b01 100644
--- a/contrib/ipfilter/test/expected/l1
+++ b/contrib/ipfilter/test/expected/l1
@@ -1,49 +1,49 @@
 log in all
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
-01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
+01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
 --------
 pass in on anon0 all head 100
 --------
 pass in log quick from 3.3.3.3 to any group 100
 --------
 pass in log body quick from 2.2.2.2 to any
-01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
-01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
+01/01/1970 00:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
 --------
 pass in log quick proto tcp from 1.1.1.1 to any flags S keep state
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
-01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
+01/01/1970 00:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
 --------
 pass in log first quick proto tcp from 1.1.1.1 to any flags S keep state
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
 --------
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
-01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
-01/01/1970 10:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
-01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
-01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
-01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
-01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
-01/01/1970 10:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
+01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
+01/01/1970 00:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
+01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
+01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
+01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
 --------
diff --git a/contrib/ipfilter/test/expected/l1.b b/contrib/ipfilter/test/expected/l1.b
index eef3660..e5c1077 100644
--- a/contrib/ipfilter/test/expected/l1.b
+++ b/contrib/ipfilter/test/expected/l1.b
@@ -1,47 +1,47 @@
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
-01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F IN
+01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
 --------
 --------
 --------
-01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
-01/01/1970 10:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS IN
+01/01/1970 00:00:00.000000 2x anon0 @0:1 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
 01 02 03 04 05 06 07 08 09 0a 0b 0d                    ............
-01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
 --------
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
-01/01/1970 10:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
+01/01/1970 00:00:00.000000 e1 @0:1 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
 --------
-01/01/1970 10:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:1 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
 --------
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
-01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
-01/01/1970 10:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
-01/01/1970 10:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
-01/01/1970 10:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
-01/01/1970 10:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
-01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S IN
+01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -S K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A K-S IN
+01/01/1970 00:00:00.000000 anon0 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -AS K-S IN
+01/01/1970 00:00:00.000000 e1 @0:4 p 2.2.2.2,25 -> 1.1.1.1,1025 PR tcp len 20 40 -A K-S OUT
+01/01/1970 00:00:00.000000 anon0 @0:4 p 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -F K-S IN
+01/01/1970 00:00:00.000000 2x anon0 @-1:-1 L 1.1.1.1,1025 -> 2.2.2.2,25 PR tcp len 20 40 -A IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
+01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 40 IN
 01 02 03 04 05 06 07 08 09 0a 0b 0d                    ............
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
-01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
+01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2,1 -> 4.4.4.4,53 PR udp len 20 56 IN
 01 02 03 04 05 06 07 08 09 0a 0b 0d 0e 0f 40 61        ..............@a
 42 63 44 65 46 67 48 69 4a 6b 4c 6d                    BcDeFgHiJkLm
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
-01/01/1970 10:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
-01/01/1970 10:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
-01/01/1970 10:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @0:3 p 2.2.2.2 -> 4.4.4.4 PR ip len 20 (20) IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @100:1 p 3.3.3.3,1023 -> 1.1.1.1,2049 PR udp len 20 28 IN
+01/01/1970 00:00:00.000000 anon0 @-1:-1 L 1.1.1.1,2049 -> 3.3.3.3,1023 PR udp len 20 28 IN
 --------
diff --git a/contrib/ipfilter/test/input/f11 b/contrib/ipfilter/test/input/f11
index 4eda58e..25c670d 100644
--- a/contrib/ipfilter/test/input/f11
+++ b/contrib/ipfilter/test/input/f11
@@ -1,6 +1,11 @@
 in on e0 tcp 1.1.1.1,1 2.1.2.2,23 S
+in on e0 tcp 1.1.1.1,1 2.1.2.2,24 SA
+in on e1 tcp 2.1.2.2,23 1.1.1.1,2 SA
+in on e1 tcp 2.1.2.2,23 1.1.1.1,1 SA
 in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
+in on e0 tcp 1.1.1.1,1 2.1.2.2,25 A
 in on e1 tcp 2.1.2.2,23 1.1.1.1,1 A
+in on e1 tcp 2.1.2.2,25 1.1.1.1,1 A
 in on e0 tcp 1.1.1.1,1 2.1.2.2,23 F
 in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
 in on e0 tcp 1.1.1.1,2 2.1.2.2,23 A
diff --git a/contrib/ipfilter/test/regress/f11 b/contrib/ipfilter/test/regress/f11
index 0bf0a2a..a71e528 100644
--- a/contrib/ipfilter/test/regress/f11
+++ b/contrib/ipfilter/test/regress/f11
@@ -4,3 +4,4 @@ pass in proto udp from any to any port = 53 keep frags
 block in proto udp from any to any port = 53 keep frags
 pass in proto udp from any to any port = 53 keep state
 block in proto udp from any to any port = 53 keep state
+pass in on e0 proto tcp from any to any port = 25 keep state
author	darrenr <darrenr@FreeBSD.org>	2002-04-25 03:34:26 +0000
committer	darrenr <darrenr@FreeBSD.org>	2002-04-25 03:34:26 +0000
commit	e783fd269eb5c7968420f90776437412625caf50 (patch)
tree	916878647b77c97c00dbc302c03bceb1680aa52a /contrib
parent	aa253ab58590afa73cf198c524f0255f45700d8b (diff)
parent	49c8a23224d88e6d6d3be39c5024f4a7ba105108 (diff)
download	FreeBSD-src-e783fd269eb5c7968420f90776437412625caf50.zip FreeBSD-src-e783fd269eb5c7968420f90776437412625caf50.tar.gz