From fd172ed3272b523c5499832d7098b6766bac7e4f Mon Sep 17 00:00:00 2001 From: darrenr Date: Thu, 18 Oct 2007 21:52:14 +0000 Subject: Pullup IPFilter 4.1.28 from the vendor branch into HEAD. MFC after: 7 days --- contrib/ipfilter/lib/ipft_tx.c | 37 ++++++++++++++++++++++++------------- contrib/ipfilter/lib/printnat.c | 13 +++++++++---- contrib/ipfilter/lib/printpacket.c | 4 ++-- contrib/ipfilter/lib/printstate.c | 4 ++-- 4 files changed, 37 insertions(+), 21 deletions(-) (limited to 'contrib/ipfilter/lib') diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index c613d6b..f4475e3 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -5,11 +5,11 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $"; #endif #include @@ -259,19 +259,30 @@ int *out; } ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); cpp++; - if (*cpp && ip->ip_p == IPPROTO_TCP) { - char *s, *t; - - tcp->th_flags = 0; - for (s = *cpp; *s; s++) - if ((t = strchr(myflagset, *s))) - tcp->th_flags |= myflags[t - myflagset]; - if (tcp->th_flags) - cpp++; - if (tcp->th_flags == 0) - abort(); + if (ip->ip_p == IPPROTO_TCP) { + if (*cpp != NULL) { + char *s, *t; + + tcp->th_flags = 0; + for (s = *cpp; *s; s++) + if ((t = strchr(myflagset, *s))) + tcp->th_flags |= myflags[t-myflagset]; + if (tcp->th_flags) + cpp++; + } + if (tcp->th_flags & TH_URG) tcp->th_urp = htons(1); + + if (*cpp && !strncasecmp(*cpp, "seq=", 4)) { + tcp->th_seq = htonl(atoi(*cpp + 4)); + cpp++; + } + + if (*cpp && !strncasecmp(*cpp, "ack=", 4)) { + tcp->th_ack = htonl(atoi(*cpp + 4)); + cpp++; + } } else if (*cpp && ip->ip_p == IPPROTO_ICMP) { extern char *tx_icmptypes[]; char **s, *t; diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index 06ed9a3..62942ce 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -13,7 +13,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.13 2006/12/09 10:37:47 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.14 2007/09/06 16:40:11 darrenr Exp $"; #endif /* @@ -136,6 +136,8 @@ int opts; if (opts & OPT_DEBUG) printf("\tpmax %u\n", np->in_pmax); } else { + int protoprinted = 0; + if (!(np->in_flags & IPN_FILTER)) { printf("%s/", inet_ntoa(np->in_in[0].in4)); bits = count4bits(np->in_inmsk); @@ -172,6 +174,7 @@ int opts; printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); printproto(pr, np->in_p, NULL); + protoprinted = 1; } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -187,6 +190,7 @@ int opts; printf(" portmap "); } printproto(pr, np->in_p, np); + protoprinted = 1; if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -198,9 +202,6 @@ int opts; printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) { - putchar(' '); - printproto(pr, np->in_p, np); } if (np->in_flags & IPN_FRAG) @@ -212,6 +213,10 @@ int opts; printf(" mssclamp %d", np->in_mssclamp); if (np->in_tag.ipt_tag[0] != '\0') printf(" tag %s", np->in_tag.ipt_tag); + if (!protoprinted && (np->in_flags & IPN_TCPUDP || np->in_p)) { + putchar(' '); + printproto(pr, np->in_p, np); + } printf("\n"); if (opts & OPT_DEBUG) { struct in_addr nip; diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index cff13eb..25a4d5a 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $ + * $Id: printpacket.c,v 1.12.4.5 2007/09/09 22:15:30 darrenr Exp $ */ #include "ipf.h" @@ -56,7 +56,7 @@ struct ip *ip; printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) - printf(" @%d", off << 3); + printf(" @%d", (off & IP_OFFMASK) << 3); printf(" %s", inet_ntoa(ip->ip_src)); if (!(off & IP_OFFMASK)) if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index 43621ef..a8777b2 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -35,8 +35,8 @@ u_long now; sp->is_send, sp->is_dend, sp->is_maxswin, sp->is_swinscale, sp->is_maxdwin, sp->is_dwinscale); - PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", - sp->is_smsk[0], sp->is_smsk[1], sp->is_isc, + PRINTF("\tcmsk %04x smsk %04x s0 %08x/%08x\n", + sp->is_smsk[0], sp->is_smsk[1], sp->is_s0[0], sp->is_s0[1]); PRINTF("\tFWD:ISN inc %x sumd %x\n", sp->is_isninc[0], sp->is_sumd[0]); -- cgit v1.1