From 71e82d94e82560b20789833f60056506de34de8b Mon Sep 17 00:00:00 2001 From: darrenr Date: Thu, 18 Oct 2007 21:42:51 +0000 Subject: Import IPFilter 4.1.28 --- contrib/ipfilter/lib/Makefile | 8 +------- contrib/ipfilter/lib/alist_new.c | 8 +++++--- contrib/ipfilter/lib/ipft_tx.c | 37 +++++++++++++++++++++++------------ contrib/ipfilter/lib/printnat.c | 13 ++++++++---- contrib/ipfilter/lib/printpacket.c | 4 ++-- contrib/ipfilter/lib/printpool_live.c | 13 ++++++++---- contrib/ipfilter/lib/printstate.c | 4 ++-- 7 files changed, 52 insertions(+), 35 deletions(-) (limited to 'contrib/ipfilter/lib') diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile index b0d5052..a838063 100644 --- a/contrib/ipfilter/lib/Makefile +++ b/contrib/ipfilter/lib/Makefile @@ -3,7 +3,7 @@ # # See the IPFILTER.LICENCE file for details on licencing. # -# $Id: Makefile,v 1.41.2.13 2007/05/10 06:02:19 darrenr Exp $ +# $Id: Makefile,v 1.41.2.14 2007/09/21 08:30:43 darrenr Exp $ # INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h @@ -135,8 +135,6 @@ $(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@ $(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@ -$(DEST)/getline.o: $(LIBSRC)/getline.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getline.c -o $@ $(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@ $(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP) @@ -218,10 +216,6 @@ $(DEST)/optvalue.o: $(LIBSRC)/optvalue.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@ $(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@ -$(DEST)/portnum.o: $(LIBSRC)/portnum.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/portnum.c -o $@ -$(DEST)/ports.o: $(LIBSRC)/ports.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ports.c -o $@ $(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@ $(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP) diff --git a/contrib/ipfilter/lib/alist_new.c b/contrib/ipfilter/lib/alist_new.c index 72da866..50a4275 100644 --- a/contrib/ipfilter/lib/alist_new.c +++ b/contrib/ipfilter/lib/alist_new.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: alist_new.c,v 1.1.2.2 2006/08/25 22:43:21 darrenr Exp $ + * $Id: alist_new.c,v 1.1.2.3 2007/06/06 08:05:33 darrenr Exp $ */ #include "ipf.h" @@ -53,12 +53,14 @@ alist_new(int v, char *host) } if (gethost(host, &al->al_addr) == -1) { - *slash = '/'; + if (slash != NULL) + *slash = '/'; fprintf(stderr, "Cannot parse hostname\n"); free(al); return NULL; } al->al_mask = htonl(mask); - *slash = '/'; + if (slash != NULL) + *slash = '/'; return al; } diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index 302f177..5dc65b4 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -3,11 +3,11 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $"; #endif #include @@ -257,19 +257,30 @@ int *out; } ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); cpp++; - if (*cpp && ip->ip_p == IPPROTO_TCP) { - char *s, *t; - - tcp->th_flags = 0; - for (s = *cpp; *s; s++) - if ((t = strchr(myflagset, *s))) - tcp->th_flags |= myflags[t - myflagset]; - if (tcp->th_flags) - cpp++; - if (tcp->th_flags == 0) - abort(); + if (ip->ip_p == IPPROTO_TCP) { + if (*cpp != NULL) { + char *s, *t; + + tcp->th_flags = 0; + for (s = *cpp; *s; s++) + if ((t = strchr(myflagset, *s))) + tcp->th_flags |= myflags[t-myflagset]; + if (tcp->th_flags) + cpp++; + } + if (tcp->th_flags & TH_URG) tcp->th_urp = htons(1); + + if (*cpp && !strncasecmp(*cpp, "seq=", 4)) { + tcp->th_seq = htonl(atoi(*cpp + 4)); + cpp++; + } + + if (*cpp && !strncasecmp(*cpp, "ack=", 4)) { + tcp->th_ack = htonl(atoi(*cpp + 4)); + cpp++; + } } else if (*cpp && ip->ip_p == IPPROTO_ICMP) { extern char *tx_icmptypes[]; char **s, *t; diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index da375d9..37666a2 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -11,7 +11,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.13 2006/12/09 10:37:47 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.14 2007/09/06 16:40:11 darrenr Exp $"; #endif /* @@ -134,6 +134,8 @@ int opts; if (opts & OPT_DEBUG) printf("\tpmax %u\n", np->in_pmax); } else { + int protoprinted = 0; + if (!(np->in_flags & IPN_FILTER)) { printf("%s/", inet_ntoa(np->in_in[0].in4)); bits = count4bits(np->in_inmsk); @@ -170,6 +172,7 @@ int opts; printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); printproto(pr, np->in_p, NULL); + protoprinted = 1; } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -185,6 +188,7 @@ int opts; printf(" portmap "); } printproto(pr, np->in_p, np); + protoprinted = 1; if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -196,9 +200,6 @@ int opts; printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) { - putchar(' '); - printproto(pr, np->in_p, np); } if (np->in_flags & IPN_FRAG) @@ -210,6 +211,10 @@ int opts; printf(" mssclamp %d", np->in_mssclamp); if (np->in_tag.ipt_tag[0] != '\0') printf(" tag %s", np->in_tag.ipt_tag); + if (!protoprinted && (np->in_flags & IPN_TCPUDP || np->in_p)) { + putchar(' '); + printproto(pr, np->in_p, np); + } printf("\n"); if (opts & OPT_DEBUG) { struct in_addr nip; diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index 142028a..6ee3679 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $ + * $Id: printpacket.c,v 1.12.4.5 2007/09/09 22:15:30 darrenr Exp $ */ #include "ipf.h" @@ -54,7 +54,7 @@ struct ip *ip; printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) - printf(" @%d", off << 3); + printf(" @%d", (off & IP_OFFMASK) << 3); printf(" %s", inet_ntoa(ip->ip_src)); if (!(off & IP_OFFMASK)) if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) diff --git a/contrib/ipfilter/lib/printpool_live.c b/contrib/ipfilter/lib/printpool_live.c index 0588cfb..e228a39 100644 --- a/contrib/ipfilter/lib/printpool_live.c +++ b/contrib/ipfilter/lib/printpool_live.c @@ -52,11 +52,12 @@ int opts; while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) { if (entry.ipn_next == NULL) last = 1; - entry.ipn_next = top; - top = malloc(sizeof(*top)); - if (top == NULL) + node = malloc(sizeof(*top)); + if (node == NULL) break; - bcopy(&entry, top, sizeof(entry)); + bcopy(&entry, node, sizeof(entry)); + node->ipn_next = top; + top = node; } while (top != NULL) { @@ -74,5 +75,9 @@ int opts; if ((opts & OPT_DEBUG) == 0) PRINTF(" };\n"); + + if (ioctl(fd, SIOCIPFDELTOK, &iter.ili_key) != 0) + perror("SIOCIPFDELTOK"); + return pool->ipo_next; } diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index c1c1442..fcf42d6 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -33,8 +33,8 @@ u_long now; sp->is_send, sp->is_dend, sp->is_maxswin, sp->is_swinscale, sp->is_maxdwin, sp->is_dwinscale); - PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", - sp->is_smsk[0], sp->is_smsk[1], sp->is_isc, + PRINTF("\tcmsk %04x smsk %04x s0 %08x/%08x\n", + sp->is_smsk[0], sp->is_smsk[1], sp->is_s0[0], sp->is_s0[1]); PRINTF("\tFWD:ISN inc %x sumd %x\n", sp->is_isninc[0], sp->is_sumd[0]); -- cgit v1.1