From 9749beb9e35afd40d054e5592764d50ed069a890 Mon Sep 17 00:00:00 2001 From: guido Date: Fri, 30 Dec 2005 11:34:54 +0000 Subject: Import IP Filter 4.1.10 --- contrib/ipfilter/BSD/Makefile | 55 ++- contrib/ipfilter/BSD/Makefile.ipsend | 2 +- contrib/ipfilter/BSD/kupgrade | 8 + contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 | 2 - contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 | 2 - contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 | 2 - contrib/ipfilter/HISTORY | 79 ++++ contrib/ipfilter/INST.FreeBSD-2.2 | 2 - contrib/ipfilter/Makefile | 26 +- contrib/ipfilter/NAT.FreeBSD | 2 +- contrib/ipfilter/bpf-ipf.h | 2 - contrib/ipfilter/bpf_filter.c | 6 +- contrib/ipfilter/ipf.h | 5 +- contrib/ipfilter/iplang/iplang.h | 2 - contrib/ipfilter/iplang/iplang_l.l | 4 +- contrib/ipfilter/iplang/iplang_y.y | 12 +- contrib/ipfilter/ipmon.h | 4 +- contrib/ipfilter/ipsd/Celler/ip_compat.h | 2 - contrib/ipfilter/ipsd/ipsd.c | 4 +- contrib/ipfilter/ipsd/ipsd.h | 2 - contrib/ipfilter/ipsd/ipsdr.c | 4 +- contrib/ipfilter/ipsd/linux.h | 2 - contrib/ipfilter/ipsd/sbpf.c | 2 - contrib/ipfilter/ipsd/sdlpi.c | 2 - contrib/ipfilter/ipsd/slinux.c | 2 - contrib/ipfilter/ipsd/snit.c | 2 - contrib/ipfilter/ipsend/44arp.c | 2 - contrib/ipfilter/ipsend/arp.c | 6 +- contrib/ipfilter/ipsend/dlcommon.c | 2 - contrib/ipfilter/ipsend/dltest.h | 2 - contrib/ipfilter/ipsend/hpux.c | 2 - contrib/ipfilter/ipsend/in_var.h | 2 - contrib/ipfilter/ipsend/ip.c | 4 +- contrib/ipfilter/ipsend/ip_var.h | 2 - contrib/ipfilter/ipsend/ipresend.1 | 2 - contrib/ipfilter/ipsend/ipresend.c | 4 +- contrib/ipfilter/ipsend/ipsend.1 | 2 - contrib/ipfilter/ipsend/ipsend.5 | 2 - contrib/ipfilter/ipsend/ipsend.c | 4 +- contrib/ipfilter/ipsend/ipsend.h | 2 - contrib/ipfilter/ipsend/ipsopt.c | 4 +- contrib/ipfilter/ipsend/iptest.1 | 2 - contrib/ipfilter/ipsend/iptest.c | 4 +- contrib/ipfilter/ipsend/iptests.c | 6 +- contrib/ipfilter/ipsend/larp.c | 4 +- contrib/ipfilter/ipsend/linux.h | 2 - contrib/ipfilter/ipsend/lsock.c | 4 +- contrib/ipfilter/ipsend/resend.c | 4 +- contrib/ipfilter/ipsend/sbpf.c | 4 +- contrib/ipfilter/ipsend/sdlpi.c | 4 +- contrib/ipfilter/ipsend/sirix.c | 2 - contrib/ipfilter/ipsend/slinux.c | 4 +- contrib/ipfilter/ipsend/snit.c | 4 +- contrib/ipfilter/ipsend/sock.c | 4 +- contrib/ipfilter/ipsend/sockraw.c | 2 - contrib/ipfilter/ipsend/tcpip.h | 4 +- contrib/ipfilter/ipt.h | 4 +- contrib/ipfilter/kmem.h | 4 +- contrib/ipfilter/l4check/http.ok | 2 +- contrib/ipfilter/l4check/l4check.c | 2 - contrib/ipfilter/lib/Makefile | 3 + contrib/ipfilter/lib/addicmp.c | 4 +- contrib/ipfilter/lib/addipopt.c | 4 +- contrib/ipfilter/lib/addkeep.c | 4 +- contrib/ipfilter/lib/bcopywrap.c | 2 - contrib/ipfilter/lib/binprint.c | 4 +- contrib/ipfilter/lib/buildopts.c | 4 +- contrib/ipfilter/lib/checkrev.c | 4 +- contrib/ipfilter/lib/count4bits.c | 4 +- contrib/ipfilter/lib/count6bits.c | 4 +- contrib/ipfilter/lib/debug.c | 4 +- contrib/ipfilter/lib/extras.c | 4 +- contrib/ipfilter/lib/facpri.c | 10 +- contrib/ipfilter/lib/facpri.h | 4 +- contrib/ipfilter/lib/fill6bits.c | 4 +- contrib/ipfilter/lib/flags.c | 4 +- contrib/ipfilter/lib/genmask.c | 4 +- contrib/ipfilter/lib/gethost.c | 2 - contrib/ipfilter/lib/getifname.c | 2 - contrib/ipfilter/lib/getline.c | 4 +- contrib/ipfilter/lib/getnattype.c | 4 +- contrib/ipfilter/lib/getport.c | 2 - contrib/ipfilter/lib/getportproto.c | 2 - contrib/ipfilter/lib/getproto.c | 10 +- contrib/ipfilter/lib/getsumd.c | 2 - contrib/ipfilter/lib/hexdump.c | 2 - contrib/ipfilter/lib/hostmask.c | 4 +- contrib/ipfilter/lib/hostname.c | 2 - contrib/ipfilter/lib/hostnum.c | 4 +- contrib/ipfilter/lib/icmpcode.c | 4 +- contrib/ipfilter/lib/inet_addr.c | 4 +- contrib/ipfilter/lib/initparse.c | 4 +- contrib/ipfilter/lib/ionames.c | 4 +- contrib/ipfilter/lib/ipf_dotuning.c | 10 +- contrib/ipfilter/lib/ipft_ef.c | 6 +- contrib/ipfilter/lib/ipft_hx.c | 10 +- contrib/ipfilter/lib/ipft_pc.c | 35 +- contrib/ipfilter/lib/ipft_sn.c | 6 +- contrib/ipfilter/lib/ipft_td.c | 6 +- contrib/ipfilter/lib/ipft_tx.c | 35 +- contrib/ipfilter/lib/ipoptsec.c | 4 +- contrib/ipfilter/lib/kmem.c | 9 +- contrib/ipfilter/lib/kmem.h | 4 +- contrib/ipfilter/lib/kmemcpywrap.c | 2 - contrib/ipfilter/lib/kvatoname.c | 2 - contrib/ipfilter/lib/load_hash.c | 8 +- contrib/ipfilter/lib/load_hashnode.c | 4 +- contrib/ipfilter/lib/load_pool.c | 11 +- contrib/ipfilter/lib/load_poolnode.c | 4 +- contrib/ipfilter/lib/loglevel.c | 4 +- contrib/ipfilter/lib/make_range.c | 4 +- contrib/ipfilter/lib/mutex_emul.c | 2 - contrib/ipfilter/lib/nametokva.c | 2 - contrib/ipfilter/lib/nat_setgroupmap.c | 4 +- contrib/ipfilter/lib/natparse.c | 4 +- contrib/ipfilter/lib/ntomask.c | 2 - contrib/ipfilter/lib/optname.c | 4 +- contrib/ipfilter/lib/optprint.c | 4 +- contrib/ipfilter/lib/optprintv6.c | 4 +- contrib/ipfilter/lib/optvalue.c | 4 +- contrib/ipfilter/lib/parse.c | 4 +- contrib/ipfilter/lib/portname.c | 4 +- contrib/ipfilter/lib/portnum.c | 4 +- contrib/ipfilter/lib/ports.c | 4 +- contrib/ipfilter/lib/print_toif.c | 4 +- contrib/ipfilter/lib/printactivenat.c | 4 +- contrib/ipfilter/lib/printaps.c | 4 +- contrib/ipfilter/lib/printbuf.c | 4 +- contrib/ipfilter/lib/printfr.c | 59 ++- contrib/ipfilter/lib/printfraginfo.c | 4 +- contrib/ipfilter/lib/printhash.c | 2 - contrib/ipfilter/lib/printhashnode.c | 2 - contrib/ipfilter/lib/printhostmap.c | 7 +- contrib/ipfilter/lib/printhostmask.c | 4 +- contrib/ipfilter/lib/printifname.c | 4 +- contrib/ipfilter/lib/printip.c | 4 +- contrib/ipfilter/lib/printlog.c | 13 +- contrib/ipfilter/lib/printmask.c | 4 +- contrib/ipfilter/lib/printnat.c | 48 +-- contrib/ipfilter/lib/printpacket.c | 7 +- contrib/ipfilter/lib/printpacket6.c | 2 - contrib/ipfilter/lib/printpool.c | 2 - contrib/ipfilter/lib/printpoolnode.c | 2 - contrib/ipfilter/lib/printportcmp.c | 4 +- contrib/ipfilter/lib/printproto.c | 51 +++ contrib/ipfilter/lib/printsbuf.c | 2 - contrib/ipfilter/lib/printstate.c | 6 +- contrib/ipfilter/lib/printtunable.c | 2 - contrib/ipfilter/lib/ratoi.c | 4 +- contrib/ipfilter/lib/ratoui.c | 4 +- contrib/ipfilter/lib/remove_hash.c | 4 +- contrib/ipfilter/lib/remove_hashnode.c | 4 +- contrib/ipfilter/lib/remove_pool.c | 4 +- contrib/ipfilter/lib/remove_poolnode.c | 4 +- contrib/ipfilter/lib/resetlexer.c | 2 - contrib/ipfilter/lib/rwlock_emul.c | 2 - contrib/ipfilter/lib/tcp_flags.c | 4 +- contrib/ipfilter/lib/tcpflags.c | 4 +- contrib/ipfilter/lib/tcpoptnames.c | 4 +- contrib/ipfilter/lib/to_interface.c | 4 +- contrib/ipfilter/lib/v6ionames.c | 5 +- contrib/ipfilter/lib/v6optvalue.c | 4 +- contrib/ipfilter/lib/var.c | 2 - contrib/ipfilter/lib/verbose.c | 4 +- contrib/ipfilter/man/ipf.4 | 2 - contrib/ipfilter/man/ipf.5 | 9 +- contrib/ipfilter/man/ipf.8 | 2 - contrib/ipfilter/man/ipfilter.4 | 2 - contrib/ipfilter/man/ipfilter.5 | 2 - contrib/ipfilter/man/ipfs.8 | 2 - contrib/ipfilter/man/ipfstat.8 | 2 - contrib/ipfilter/man/ipftest.1 | 20 +- contrib/ipfilter/man/ipl.4 | 2 - contrib/ipfilter/man/ipmon.5 | 2 - contrib/ipfilter/man/ipmon.8 | 12 +- contrib/ipfilter/man/ipnat.4 | 2 - contrib/ipfilter/man/ipnat.5 | 5 +- contrib/ipfilter/man/ipnat.8 | 8 +- contrib/ipfilter/man/ippool.5 | 2 - contrib/ipfilter/man/ippool.8 | 2 - contrib/ipfilter/man/ipscan.5 | 2 - contrib/ipfilter/man/ipscan.8 | 2 - contrib/ipfilter/man/mkfilters.1 | 2 - contrib/ipfilter/md5.c | 2 - contrib/ipfilter/md5.h | 2 - contrib/ipfilter/mlf_ipl.c | 2 - contrib/ipfilter/mlf_rule.c | 2 - contrib/ipfilter/mlfk_rule.c | 4 +- contrib/ipfilter/opts.h | 4 +- contrib/ipfilter/pcap-ipf.h | 2 - contrib/ipfilter/perl/ipf-mrtg.pl | 2 +- contrib/ipfilter/perl/logfilter.pl | 2 +- contrib/ipfilter/radix.c | 8 +- contrib/ipfilter/radix_ipf.h | 14 +- contrib/ipfilter/rules/example.1 | 1 - contrib/ipfilter/rules/example.10 | 1 - contrib/ipfilter/rules/example.11 | 1 - contrib/ipfilter/rules/example.12 | 1 - contrib/ipfilter/rules/example.13 | 1 - contrib/ipfilter/rules/example.2 | 1 - contrib/ipfilter/rules/example.3 | 1 - contrib/ipfilter/rules/example.4 | 1 - contrib/ipfilter/rules/example.5 | 1 - contrib/ipfilter/rules/example.6 | 1 - contrib/ipfilter/rules/example.7 | 1 - contrib/ipfilter/rules/example.8 | 1 - contrib/ipfilter/rules/example.9 | 1 - contrib/ipfilter/rules/example.sr | 1 - contrib/ipfilter/samples/ipfilter-pb.gif | Bin 796 -> 795 bytes contrib/ipfilter/samples/proxy.c | 6 +- contrib/ipfilter/samples/relay.c | 10 +- contrib/ipfilter/samples/userauth.c | 2 - contrib/ipfilter/snoop.h | 4 +- contrib/ipfilter/test/Makefile | 23 +- contrib/ipfilter/test/dotest | 20 +- contrib/ipfilter/test/expected/bpf1 | 8 +- contrib/ipfilter/test/expected/f13 | 78 +++- contrib/ipfilter/test/expected/f17 | 1 + contrib/ipfilter/test/expected/f18 | 5 + contrib/ipfilter/test/expected/f19 | 10 + contrib/ipfilter/test/expected/f7 | 84 ++++ contrib/ipfilter/test/expected/f9 | 54 +++ contrib/ipfilter/test/expected/i1 | 2 + contrib/ipfilter/test/expected/i11 | 4 +- contrib/ipfilter/test/expected/i12 | 21 +- contrib/ipfilter/test/expected/i14 | 2 + contrib/ipfilter/test/expected/i16 | 3 + contrib/ipfilter/test/expected/i17 | 10 + contrib/ipfilter/test/expected/i18 | 10 + contrib/ipfilter/test/expected/i19 | 22 + contrib/ipfilter/test/expected/i2 | 1 + contrib/ipfilter/test/expected/i20 | 4 + contrib/ipfilter/test/expected/i21 | 10 + contrib/ipfilter/test/expected/i4 | 1 + contrib/ipfilter/test/expected/i6 | 2 + contrib/ipfilter/test/expected/i7 | 5 + contrib/ipfilter/test/expected/i8 | 31 ++ contrib/ipfilter/test/expected/i9 | 5 + contrib/ipfilter/test/expected/in1 | 3 + contrib/ipfilter/test/expected/in2 | 6 +- contrib/ipfilter/test/expected/in5 | 1 + contrib/ipfilter/test/expected/in6 | 4 + contrib/ipfilter/test/expected/n1 | 204 ++++----- contrib/ipfilter/test/expected/n11 | 96 ++--- contrib/ipfilter/test/expected/n13 | 5 + contrib/ipfilter/test/expected/n14 | 5 + contrib/ipfilter/test/expected/n2 | 152 +++---- contrib/ipfilter/test/expected/n3 | 20 +- contrib/ipfilter/test/expected/n4 | 120 +++--- contrib/ipfilter/test/expected/n5 | 648 ++++++++++++++-------------- contrib/ipfilter/test/expected/n6 | 130 +++--- contrib/ipfilter/test/expected/n7 | 54 +-- contrib/ipfilter/test/expected/p1 | 2 + contrib/ipfilter/test/expected/p2 | 7 +- contrib/ipfilter/test/expected/p3 | 2 + contrib/ipfilter/test/input/f13 | 51 ++- contrib/ipfilter/test/input/f17 | 15 +- contrib/ipfilter/test/input/f18 | 4 + contrib/ipfilter/test/input/f19 | 4 + contrib/ipfilter/test/input/f7 | 6 + contrib/ipfilter/test/input/f9 | 3 + contrib/ipfilter/test/input/n13 | 4 + contrib/ipfilter/test/input/n14 | 4 + contrib/ipfilter/test/input/ni17 | 6 + contrib/ipfilter/test/itest | 9 +- contrib/ipfilter/test/natipftest | 4 +- contrib/ipfilter/test/regress/bpf1 | 4 +- contrib/ipfilter/test/regress/f13 | 2 + contrib/ipfilter/test/regress/f18 | 4 + contrib/ipfilter/test/regress/f19 | 2 + contrib/ipfilter/test/regress/f7 | 3 + contrib/ipfilter/test/regress/i1 | 2 + contrib/ipfilter/test/regress/i11 | 4 +- contrib/ipfilter/test/regress/i12 | 3 +- contrib/ipfilter/test/regress/i14 | 2 + contrib/ipfilter/test/regress/i16 | 3 + contrib/ipfilter/test/regress/i17 | 11 + contrib/ipfilter/test/regress/i18 | 2 + contrib/ipfilter/test/regress/i19 | 22 + contrib/ipfilter/test/regress/i2 | 1 + contrib/ipfilter/test/regress/i20 | 4 + contrib/ipfilter/test/regress/i21 | 6 + contrib/ipfilter/test/regress/i4 | 1 + contrib/ipfilter/test/regress/i6 | 2 + contrib/ipfilter/test/regress/i7 | 5 + contrib/ipfilter/test/regress/i8 | 29 ++ contrib/ipfilter/test/regress/i9 | 7 +- contrib/ipfilter/test/regress/in1 | 7 +- contrib/ipfilter/test/regress/in2 | 6 +- contrib/ipfilter/test/regress/in5 | 11 +- contrib/ipfilter/test/regress/in6 | 4 + contrib/ipfilter/test/regress/n13 | 1 + contrib/ipfilter/test/regress/n14 | 1 + contrib/ipfilter/test/regress/ni17.nat | 4 + contrib/ipfilter/test/regress/p2.ipf | 1 + contrib/ipfilter/test/test.format | 42 +- contrib/ipfilter/test/vfycksum.pl | 11 +- contrib/ipfilter/tools/ipf.c | 4 +- contrib/ipfilter/tools/ipf_y.y | 36 +- contrib/ipfilter/tools/ipfcomp.c | 4 +- contrib/ipfilter/tools/ipfs.c | 4 +- contrib/ipfilter/tools/ipfstat.c | 19 +- contrib/ipfilter/tools/ipftest.c | 70 ++- contrib/ipfilter/tools/ipmon.c | 15 +- contrib/ipfilter/tools/ipmon_y.y | 2 - contrib/ipfilter/tools/ipnat.c | 6 +- contrib/ipfilter/tools/ipnat_y.y | 17 +- contrib/ipfilter/tools/ippool.c | 2 - contrib/ipfilter/tools/ippool_y.y | 2 - contrib/ipfilter/tools/ipscan_y.y | 2 - contrib/ipfilter/tools/ipsyncm.c | 4 +- contrib/ipfilter/tools/ipsyncs.c | 4 +- contrib/ipfilter/tools/lex_var.h | 2 - contrib/ipfilter/tools/lexer.c | 2 - contrib/ipfilter/tools/lexer.h | 2 - 315 files changed, 2032 insertions(+), 1505 deletions(-) create mode 100644 contrib/ipfilter/lib/printproto.c create mode 100644 contrib/ipfilter/test/expected/f18 create mode 100644 contrib/ipfilter/test/expected/f19 create mode 100644 contrib/ipfilter/test/expected/i16 create mode 100644 contrib/ipfilter/test/expected/i17 create mode 100644 contrib/ipfilter/test/expected/i18 create mode 100644 contrib/ipfilter/test/expected/i19 create mode 100644 contrib/ipfilter/test/expected/i20 create mode 100644 contrib/ipfilter/test/expected/i21 create mode 100644 contrib/ipfilter/test/expected/n13 create mode 100644 contrib/ipfilter/test/expected/n14 create mode 100644 contrib/ipfilter/test/input/f18 create mode 100644 contrib/ipfilter/test/input/f19 create mode 100644 contrib/ipfilter/test/input/n13 create mode 100644 contrib/ipfilter/test/input/n14 create mode 100644 contrib/ipfilter/test/input/ni17 create mode 100644 contrib/ipfilter/test/regress/f18 create mode 100644 contrib/ipfilter/test/regress/f19 create mode 100644 contrib/ipfilter/test/regress/i16 create mode 100644 contrib/ipfilter/test/regress/i17 create mode 100644 contrib/ipfilter/test/regress/i18 create mode 100644 contrib/ipfilter/test/regress/i19 create mode 100644 contrib/ipfilter/test/regress/i20 create mode 100644 contrib/ipfilter/test/regress/i21 create mode 100644 contrib/ipfilter/test/regress/n13 create mode 100644 contrib/ipfilter/test/regress/n14 create mode 100644 contrib/ipfilter/test/regress/ni17.nat (limited to 'contrib/ipfilter') diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile index 72086a0..9a2158b 100644 --- a/contrib/ipfilter/BSD/Makefile +++ b/contrib/ipfilter/BSD/Makefile @@ -8,7 +8,8 @@ SBINDEST=/sbin MANDIR=/usr/share/man SEARCHDIRS!=echo $(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin | awk '{for(i=1;i&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -n > report + sort -n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += $$F[0]/100*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,$$t/$$lc*100;' >> report + +clean-coverage: + /bin/rm -f *.gcov *.da diff --git a/contrib/ipfilter/BSD/Makefile.ipsend b/contrib/ipfilter/BSD/Makefile.ipsend index 410ea67..a83de1c 100644 --- a/contrib/ipfilter/BSD/Makefile.ipsend +++ b/contrib/ipfilter/BSD/Makefile.ipsend @@ -1,5 +1,5 @@ # -# Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp +# $Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp $ # BINDEST=/usr/sbin diff --git a/contrib/ipfilter/BSD/kupgrade b/contrib/ipfilter/BSD/kupgrade index 91f32da..77a6ba1 100644 --- a/contrib/ipfilter/BSD/kupgrade +++ b/contrib/ipfilter/BSD/kupgrade @@ -31,6 +31,14 @@ else major=x fi +if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then + echo "Please do a build of ipfilter and then run the following" + echo "command to build extra files:" + echo + echo "make ip_rules.c" + exit 1 +fi + echo -n "Installing " for j in auth frag nat proxy scan state sync pool htable lookup rules; do for i in ip_$j.[ch]; do diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 index 8a827cf..c232b2c 100755 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sun Feb 13 14:32:01 2000 --- ip6_input.c Wed Apr 26 22:31:34 2000 *************** diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 index a6a4612..90dac19 100644 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sat Jul 15 07:14:34 2000 --- ip6_input.c Thu Oct 19 17:14:37 2000 *************** diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 index a6a4612..90dac19 100644 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sat Jul 15 07:14:34 2000 --- ip6_input.c Thu Oct 19 17:14:37 2000 *************** diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY index 9b93e83..32daed4 100644 --- a/contrib/ipfilter/HISTORY +++ b/contrib/ipfilter/HISTORY @@ -10,6 +10,85 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +4.1.10 - Released 6 December 2005 + +Expand regression testing to cover more features + +Add "coverage" build target for BSD + +Fix building 64bit sparc target for Solaris + +Add IPv6 mobility header to list of accepted keywords for V6 headers + +Resolve locking problems on Solaris when sending RST/icmp packets + +#ifdef's for IPFILTER_BPF need to check if words are defined before +using them in comparisons + +Add checking for SACK permitted option in TCP SYN packets + +Fix loading anonymous pools from inline rule configuration groups + +Add -C command line option to ipftest + +Include extra "const" from NetBSD + +Don't require SIOCKSTLCK for SIOCSTPUT + +Fix some use of "sticky" on NAT rules + +Fix statistical counting of deleting state for TCP connections + +Fix compile problems caused by changes to is_opt/is_optmsk in ip_sync.c + +Fix TCP out-of-window (OOW) problems: +- window scaling turned off if one chose for its scale factor +- Microsoft Windows TCP sends the "next packet" to the right of the window + when using SACK and filling in a hole + +4.1.9 - Released 13 August 2005 + +make ipfilter fix IPv4 header checksums for outgoing packets if BRIDGE_IPF +is defined when compiled. + +move the definition of SIOCPROXY from ip_nat.h to ip_proxy.h + +make the BSD/upgrade script more instructive about the requiements for +ip_rules.[ch] when it is run + +register for interface events on FreeBSD (>5.2.1) and NetBSD so that +"ipf -y" is not not requried to tell ipfilter about interface changes. + +for "quick" rules that do "keep state", move the state adding into the rule +evaluation so that we can detect it failing as rules are evaluated and +continue on to the next rather than wait until we're done and it's too late +to recover for more rule processing. + +mark ICMP packets advertising an MTU that's too small as being bad + +rework ipv6 header parsing to get better code reuse and fix logic errors +in dealing with ipv6 packets containing fragment headers. Also, where a +protocol handler was doing both v4 & v6, make a seperate function for each. + +build for both amd64 and i86pc (32bit) on Solaris10 and later, if possible + +include start of work to get IPFilter working on AIX 5.3 + +Use FI_ICMPERR flag rather than try to compute its equivalent all the time + +Rewrork IPv6 extension header parsing to get better code reuse + +Add missing timeout on Linux + +Fix for locking when reading from ipsync (Frank Volf) + +Fix insertion/appending of rules that use a collection number + +Somehow turning up the spl knob to splnet disappeared on platforms that still +use the spl interface. + +fix problems with "ipf -T" not listing multiple variables properly + 4.1.8 - Released 29 March 2005 include path from Phil Dibowitz for sorting ipfstat -t output by source or diff --git a/contrib/ipfilter/INST.FreeBSD-2.2 b/contrib/ipfilter/INST.FreeBSD-2.2 index 0e0ea06..78f7295 100644 --- a/contrib/ipfilter/INST.FreeBSD-2.2 +++ b/contrib/ipfilter/INST.FreeBSD-2.2 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" To build a kernel for use with the loadable kernel module, follow these steps: diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile index c54e1db..59fb797 100644 --- a/contrib/ipfilter/Makefile +++ b/contrib/ipfilter/Makefile @@ -5,7 +5,7 @@ # provided that this notice is preserved and due credit is given # to the original author and the contributors. # -# Id: Makefile,v 2.76.2.13 2004/11/08 18:42:40 darrenr Exp +# $Id: Makefile,v 2.76.2.18 2005/12/04 23:41:22 darrenr Exp $ # SHELL=/bin/sh BINDEST=/usr/local/bin @@ -192,6 +192,15 @@ freebsd5: include else \ echo "#define INET6" > opt_inet6.h; \ fi + if [ "x$(IPFBPF)" = "x" ] ; then \ + echo "#undef NBPF" > opt_bpf.h; \ + echo "#undef NBPFILTER" > opt_bpf.h; \ + echo "#undef DEV_BPF" > opt_bpf.h; \ + else \ + echo "#define NBPF" > opt_bpf.h; \ + echo "#define NBPFILTER" > opt_bpf.h; \ + echo "#define DEV_BPF" > opt_bpf.h; \ + fi if [ x$(ENABLE_PFIL) = x ] ; then \ echo "#undef PFIL_HOOKS" > opt_pfil.h; \ else \ @@ -237,6 +246,11 @@ osf tru64: null include (cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..) (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) +aix: null include + make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`" + (cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) + bsd: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..) @@ -277,6 +291,7 @@ clean: clean-include (cd HPUX; $(MAKE) BITS=32 TOP=.. clean) (cd Linux; $(MAKE) TOP=.. clean) (cd OSF; $(MAKE) TOP=.. clean) + (cd AIX; $(MAKE) TOP=.. clean) if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi [ -d test ] && (cd test; $(MAKE) clean) (cd ipsend; $(MAKE) clean) @@ -295,6 +310,9 @@ clean-hpux: clean-include clean-osf: clean-include (cd OSF; make clean) +clean-aix: clean-include + (cd AIX; make clean) + clean-linux: clean-include (cd Linux; make clean) @@ -347,6 +365,10 @@ install-sunos4: solaris install-sunos5: solaris null (cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install) +install-aix: + (cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) + install-hpux: hpux (cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install) @@ -355,7 +377,6 @@ install-irix: irix install-osf install-tru64: (cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) - (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) do-cvs: find . -type d -name CVS -print | xargs /bin/rm -rf @@ -378,3 +399,4 @@ mdb: -DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \ -I/home/dr146992/pfil -I/home/dr146992/ipf -f \ /usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h + diff --git a/contrib/ipfilter/NAT.FreeBSD b/contrib/ipfilter/NAT.FreeBSD index 996b009..8a7e952 100644 --- a/contrib/ipfilter/NAT.FreeBSD +++ b/contrib/ipfilter/NAT.FreeBSD @@ -4,7 +4,7 @@ After you have installed IpFilter. You will need to change three files: /etc/rc.local -/etc/sysconfig +/etc/rc.conf /etc/natrules You will have to: diff --git a/contrib/ipfilter/bpf-ipf.h b/contrib/ipfilter/bpf-ipf.h index c303152..544455e 100644 --- a/contrib/ipfilter/bpf-ipf.h +++ b/contrib/ipfilter/bpf-ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c index 9876ff3..c4ca42f 100644 --- a/contrib/ipfilter/bpf_filter.c +++ b/contrib/ipfilter/bpf_filter.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. @@ -42,7 +40,7 @@ #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL)) static const char rcsid[] = - "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2 2003/08/19 16:49:58 darrenr Exp $ (LBL)"; + "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.1 2005/06/18 02:41:30 darrenr Exp $ (LBL)"; #endif #include @@ -53,7 +51,7 @@ static const char rcsid[] = #include #include -#include "ip_compat.h" +#include "netinet/ip_compat.h" #include "bpf-ipf.h" diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h index 1398c05..3cf0ffb 100644 --- a/contrib/ipfilter/ipf.h +++ b/contrib/ipfilter/ipf.h @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 - * Id: ipf.h,v 2.71.2.6 2005/02/21 05:05:29 darrenr Exp + * $Id: ipf.h,v 2.71.2.7 2005/06/12 07:18:31 darrenr Exp $ */ #ifndef __IPF_H__ @@ -265,6 +263,7 @@ extern void printpacket6 __P((struct ip *)); extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, char *, int)); extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int)); +extern void printproto __P((struct protoent *, int, struct ipnat *)); extern void printportcmp __P((int, struct frpcmp *)); extern void optprint __P((u_short *, u_long, u_long)); #ifdef USE_INET6 diff --git a/contrib/ipfilter/iplang/iplang.h b/contrib/ipfilter/iplang/iplang.h index 675897b..f36a384 100644 --- a/contrib/ipfilter/iplang/iplang.h +++ b/contrib/ipfilter/iplang/iplang.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1997-1998 by Darren Reed. * diff --git a/contrib/ipfilter/iplang/iplang_l.l b/contrib/ipfilter/iplang/iplang_l.l index 0a97ec9..fae30a2 100644 --- a/contrib/ipfilter/iplang/iplang_l.l +++ b/contrib/ipfilter/iplang/iplang_l.l @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - %{ /* * Copyright (C) 1997-1998 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp + * $Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp $ */ #include #include diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y index fa960df..4d494fb 100644 --- a/contrib/ipfilter/iplang/iplang_y.y +++ b/contrib/ipfilter/iplang/iplang_y.y @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - %{ /* * Copyright (C) 1997-1998 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_y.y,v 2.9.2.2 2004/12/09 19:41:10 darrenr Exp + * $Id: iplang_y.y,v 2.9.2.3 2005/10/17 17:25:04 darrenr Exp $ */ #include @@ -1290,8 +1288,14 @@ void prep_packet() if (ifp->if_fd == -1) ifp->if_fd = initdevice(ifp->if_name, 5); gwip = sending.snd_gw; - if (!gwip.s_addr) + if (!gwip.s_addr) { + if (aniphead == NULL) { + fprintf(stderr, + "no destination address defined for sending\n"); + return; + } gwip = aniphead->ah_ip->ip_dst; + } (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); } diff --git a/contrib/ipfilter/ipmon.h b/contrib/ipfilter/ipmon.h index a240836..765a646 100644 --- a/contrib/ipfilter/ipmon.h +++ b/contrib/ipfilter/ipmon.h @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp + * $Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp $ */ diff --git a/contrib/ipfilter/ipsd/Celler/ip_compat.h b/contrib/ipfilter/ipsd/Celler/ip_compat.h index 8b43cb9..a911fd8 100644 --- a/contrib/ipfilter/ipsd/Celler/ip_compat.h +++ b/contrib/ipfilter/ipsd/Celler/ip_compat.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995 by Darren Reed. * diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c index 3d9ea4c..51d0a14 100644 --- a/contrib/ipfilter/ipsd/ipsd.c +++ b/contrib/ipfilter/ipsd/ipsd.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * @@ -34,7 +32,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/ipsd.h b/contrib/ipfilter/ipsd/ipsd.h index 48f5911..3726b84 100644 --- a/contrib/ipfilter/ipsd/ipsd.h +++ b/contrib/ipfilter/ipsd/ipsd.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c index 4689cba..af007e4 100644 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ b/contrib/ipfilter/ipsd/ipsdr.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * @@ -35,7 +33,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/linux.h b/contrib/ipfilter/ipsd/linux.h index 2fadfcf..d9606cb 100644 --- a/contrib/ipfilter/ipsd/linux.h +++ b/contrib/ipfilter/ipsd/linux.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1997-1998 by Darren Reed. * diff --git a/contrib/ipfilter/ipsd/sbpf.c b/contrib/ipfilter/ipsd/sbpf.c index 29a7200..97bb4ce 100644 --- a/contrib/ipfilter/ipsd/sbpf.c +++ b/contrib/ipfilter/ipsd/sbpf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/sdlpi.c b/contrib/ipfilter/ipsd/sdlpi.c index 289ad2f..baede7c 100644 --- a/contrib/ipfilter/ipsd/sdlpi.c +++ b/contrib/ipfilter/ipsd/sdlpi.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/slinux.c b/contrib/ipfilter/ipsd/slinux.c index 3b786b0..6372a60 100644 --- a/contrib/ipfilter/ipsd/slinux.c +++ b/contrib/ipfilter/ipsd/slinux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/snit.c b/contrib/ipfilter/ipsd/snit.c index 8f25026..e78c591 100644 --- a/contrib/ipfilter/ipsd/snit.c +++ b/contrib/ipfilter/ipsd/snit.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c index 4206355..ca571e0 100644 --- a/contrib/ipfilter/ipsend/44arp.c +++ b/contrib/ipfilter/ipsend/44arp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Based upon 4.4BSD's /usr/sbin/arp */ diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c index 0e8f556..609b8dd 100644 --- a/contrib/ipfilter/ipsend/arp.c +++ b/contrib/ipfilter/ipsend/arp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * arp.c (C) 1995-1998 Darren Reed * @@ -7,11 +5,11 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: arp.c,v 2.8 2003/12/01 02:01:15 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $"; #endif #include #include -#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) +#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51) #include #endif #include diff --git a/contrib/ipfilter/ipsend/dlcommon.c b/contrib/ipfilter/ipsend/dlcommon.c index 6e351f0..8994138 100644 --- a/contrib/ipfilter/ipsend/dlcommon.c +++ b/contrib/ipfilter/ipsend/dlcommon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Common (shared) DLPI test routines. * Mostly pretty boring boilerplate sorta stuff. diff --git a/contrib/ipfilter/ipsend/dltest.h b/contrib/ipfilter/ipsend/dltest.h index 9fafd91..4c32c30 100644 --- a/contrib/ipfilter/ipsend/dltest.h +++ b/contrib/ipfilter/ipsend/dltest.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Common DLPI Test Suite header file * diff --git a/contrib/ipfilter/ipsend/hpux.c b/contrib/ipfilter/ipsend/hpux.c index 69f962c..42078e3 100644 --- a/contrib/ipfilter/ipsend/hpux.c +++ b/contrib/ipfilter/ipsend/hpux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1997-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsend/in_var.h b/contrib/ipfilter/ipsend/in_var.h index f228bbb..2ebd731 100644 --- a/contrib/ipfilter/ipsend/in_var.h +++ b/contrib/ipfilter/ipsend/in_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* @(#)in_var.h 1.3 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c index 8302806..a5023cd 100644 --- a/contrib/ipfilter/ipsend/ip.c +++ b/contrib/ipfilter/ipsend/ip.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ip.c (C) 1995-1998 Darren Reed * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ip_var.h b/contrib/ipfilter/ipsend/ip_var.h index b08f4e7..92eb38a 100644 --- a/contrib/ipfilter/ipsend/ip_var.h +++ b/contrib/ipfilter/ipsend/ip_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* diff --git a/contrib/ipfilter/ipsend/ipresend.1 b/contrib/ipfilter/ipsend/ipresend.1 index cffc6f3..6014313 100644 --- a/contrib/ipfilter/ipsend/ipresend.1 +++ b/contrib/ipfilter/ipsend/ipresend.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPRESEND 1 .SH NAME ipresend \- resend IP packets out to network diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c index 1db54e1..7e52fe9 100644 --- a/contrib/ipfilter/ipsend/ipresend.c +++ b/contrib/ipfilter/ipsend/ipresend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipresend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.1 b/contrib/ipfilter/ipsend/ipsend.1 index 33320f3..f2f8066 100644 --- a/contrib/ipfilter/ipsend/ipsend.1 +++ b/contrib/ipfilter/ipsend/ipsend.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSEND 1 .SH NAME ipsend \- sends IP packets diff --git a/contrib/ipfilter/ipsend/ipsend.5 b/contrib/ipfilter/ipsend/ipsend.5 index aac757a..4c1e66a 100644 --- a/contrib/ipfilter/ipsend/ipsend.5 +++ b/contrib/ipfilter/ipsend/ipsend.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSEND 5 .SH NAME ipsend \- IP packet description language diff --git a/contrib/ipfilter/ipsend/ipsend.c b/contrib/ipfilter/ipsend/ipsend.c index 6c91d4d..a3cc1dc 100644 --- a/contrib/ipfilter/ipsend/ipsend.c +++ b/contrib/ipfilter/ipsend/ipsend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.c (C) 1995-1998 Darren Reed * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.h b/contrib/ipfilter/ipsend/ipsend.h index be98c1b..f5e51a7 100644 --- a/contrib/ipfilter/ipsend/ipsend.h +++ b/contrib/ipfilter/ipsend/ipsend.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.h (C) 1997-1998 Darren Reed * diff --git a/contrib/ipfilter/ipsend/ipsopt.c b/contrib/ipfilter/ipsend/ipsopt.c index 7f16705..9326bc6 100644 --- a/contrib/ipfilter/ipsend/ipsopt.c +++ b/contrib/ipfilter/ipsend/ipsopt.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-1998 by Darren Reed. * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptest.1 b/contrib/ipfilter/ipsend/iptest.1 index 0af5cc2..ca74094 100644 --- a/contrib/ipfilter/ipsend/iptest.1 +++ b/contrib/ipfilter/ipsend/iptest.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPTEST 1 .SH NAME iptest \- automatically generate a packets to test IP functionality diff --git a/contrib/ipfilter/ipsend/iptest.c b/contrib/ipfilter/ipsend/iptest.c index 45f8f3a..000d1cc 100644 --- a/contrib/ipfilter/ipsend/iptest.c +++ b/contrib/ipfilter/ipsend/iptest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptests.c b/contrib/ipfilter/ipsend/iptests.c index a6cb41a..434b010 100644 --- a/contrib/ipfilter/ipsend/iptests.c +++ b/contrib/ipfilter/ipsend/iptests.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-1998 by Darren Reed. * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.4 2005/06/12 07:18:39 darrenr Exp $"; #endif #include #include @@ -32,7 +30,7 @@ static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 dar # include #endif #if !defined(ultrix) && !defined(hpux) && !defined(linux) && \ - !defined(__sgi) && !defined(__osf__) + !defined(__sgi) && !defined(__osf__) && !defined(_AIX51) # include #endif #ifndef ultrix diff --git a/contrib/ipfilter/ipsend/larp.c b/contrib/ipfilter/ipsend/larp.c index a8e782e..3d0c89c 100644 --- a/contrib/ipfilter/ipsend/larp.c +++ b/contrib/ipfilter/ipsend/larp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * larp.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/linux.h b/contrib/ipfilter/ipsend/linux.h index d8296ba..ae2e05f 100644 --- a/contrib/ipfilter/ipsend/linux.h +++ b/contrib/ipfilter/ipsend/linux.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-1998 by Darren Reed. * diff --git a/contrib/ipfilter/ipsend/lsock.c b/contrib/ipfilter/ipsend/lsock.c index abe664e..825495e 100644 --- a/contrib/ipfilter/ipsend/lsock.c +++ b/contrib/ipfilter/ipsend/lsock.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * lsock.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c index 07220df..9c782ac 100644 --- a/contrib/ipfilter/ipsend/resend.c +++ b/contrib/ipfilter/ipsend/resend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * resend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sbpf.c b/contrib/ipfilter/ipsend/sbpf.c index 9147929..16a6e7f 100644 --- a/contrib/ipfilter/ipsend/sbpf.c +++ b/contrib/ipfilter/ipsend/sbpf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * @@ -46,7 +44,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp $"; #endif /* diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c index 215223a..38eeb8a 100644 --- a/contrib/ipfilter/ipsend/sdlpi.c +++ b/contrib/ipfilter/ipsend/sdlpi.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -48,7 +46,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sirix.c b/contrib/ipfilter/ipsend/sirix.c index 39a0992..0f634f7 100644 --- a/contrib/ipfilter/ipsend/sirix.c +++ b/contrib/ipfilter/ipsend/sirix.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. * (C)opyright 1997 Marc Boucher. diff --git a/contrib/ipfilter/ipsend/slinux.c b/contrib/ipfilter/ipsend/slinux.c index 3bc7f09..7c362b6 100644 --- a/contrib/ipfilter/ipsend/slinux.c +++ b/contrib/ipfilter/ipsend/slinux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -30,7 +28,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95"; -static const char rcsid[] = "@(#)Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/snit.c b/contrib/ipfilter/ipsend/snit.c index a4b19b9..bcd07d0 100644 --- a/contrib/ipfilter/ipsend/snit.c +++ b/contrib/ipfilter/ipsend/snit.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -41,7 +39,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sock.c b/contrib/ipfilter/ipsend/sock.c index ccc57f0..45e7a0d 100644 --- a/contrib/ipfilter/ipsend/sock.c +++ b/contrib/ipfilter/ipsend/sock.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * sock.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sockraw.c b/contrib/ipfilter/ipsend/sockraw.c index 822c146..0e3fe59 100644 --- a/contrib/ipfilter/ipsend/sockraw.c +++ b/contrib/ipfilter/ipsend/sockraw.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 2000 Darren Reed. * diff --git a/contrib/ipfilter/ipsend/tcpip.h b/contrib/ipfilter/ipsend/tcpip.h index 0d3e040..44a2de9 100644 --- a/contrib/ipfilter/ipsend/tcpip.h +++ b/contrib/ipfilter/ipsend/tcpip.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. @@ -29,7 +27,7 @@ * SUCH DAMAGE. * * @(#)tcpip.h 8.1 (Berkeley) 6/10/93 - * Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp + * $Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp $ */ #ifndef _NETINET_TCPIP_H_ diff --git a/contrib/ipfilter/ipt.h b/contrib/ipfilter/ipt.h index 6a14fe5..938e400 100644 --- a/contrib/ipfilter/ipt.h +++ b/contrib/ipfilter/ipt.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp + * $Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp $ */ #ifndef __IPT_H__ diff --git a/contrib/ipfilter/kmem.h b/contrib/ipfilter/kmem.h index 7cb6635..d2b1171 100644 --- a/contrib/ipfilter/kmem.h +++ b/contrib/ipfilter/kmem.h @@ -1,10 +1,8 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/l4check/http.ok b/contrib/ipfilter/l4check/http.ok index 0e7dd90..2b5d2c1 100644 --- a/contrib/ipfilter/l4check/http.ok +++ b/contrib/ipfilter/l4check/http.ok @@ -1 +1 @@ - + \ No newline at end of file diff --git a/contrib/ipfilter/l4check/l4check.c b/contrib/ipfilter/l4check/l4check.c index 68c41de..3fecb80 100644 --- a/contrib/ipfilter/l4check/l4check.c +++ b/contrib/ipfilter/l4check/l4check.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)Copyright March, 2000 - Darren Reed. */ diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile index d448ba0..a6e9cc4 100644 --- a/contrib/ipfilter/lib/Makefile +++ b/contrib/ipfilter/lib/Makefile @@ -68,6 +68,7 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/printip.o \ $(DEST)/printpool.o \ $(DEST)/printpoolnode.o \ + $(DEST)/printproto.o \ $(DEST)/printfr.o \ $(DEST)/printfraginfo.o \ $(DEST)/printhostmap.o \ @@ -246,6 +247,8 @@ $(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h $(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_pool.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@ +$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h + $(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@ $(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@ $(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP) diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index a8c1722..e18a787 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp + * $Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c index 23f4427..e39484f 100644 --- a/contrib/ipfilter/lib/addipopt.c +++ b/contrib/ipfilter/lib/addipopt.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp + * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/addkeep.c b/contrib/ipfilter/lib/addkeep.c index 3f20fb4..bbc7759 100644 --- a/contrib/ipfilter/lib/addkeep.c +++ b/contrib/ipfilter/lib/addkeep.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp + * $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/bcopywrap.c b/contrib/ipfilter/lib/bcopywrap.c index 939137b..1800373 100644 --- a/contrib/ipfilter/lib/bcopywrap.c +++ b/contrib/ipfilter/lib/bcopywrap.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int bcopywrap(from, to, size) diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c index afa4910..b07dfb0 100644 --- a/contrib/ipfilter/lib/binprint.c +++ b/contrib/ipfilter/lib/binprint.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp + * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c index a35649b..706e7b7 100644 --- a/contrib/ipfilter/lib/buildopts.c +++ b/contrib/ipfilter/lib/buildopts.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp + * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c index 28032ce..f95cc79 100644 --- a/contrib/ipfilter/lib/checkrev.c +++ b/contrib/ipfilter/lib/checkrev.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp + * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c index 0f2187f..e3857fa 100644 --- a/contrib/ipfilter/lib/count4bits.c +++ b/contrib/ipfilter/lib/count4bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp + * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c index bd4e9f8..e9a5159 100644 --- a/contrib/ipfilter/lib/count6bits.c +++ b/contrib/ipfilter/lib/count6bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp + * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c index 1510222..9f3f4cc 100644 --- a/contrib/ipfilter/lib/debug.c +++ b/contrib/ipfilter/lib/debug.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp + * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/lib/extras.c b/contrib/ipfilter/lib/extras.c index 0f7f39f..9087ca6 100644 --- a/contrib/ipfilter/lib/extras.c +++ b/contrib/ipfilter/lib/extras.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp + * $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index 1e35ea9..2fc0a78 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp + * $Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $ */ #include @@ -22,7 +20,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $"; #endif @@ -42,10 +40,10 @@ table_t facs[] = { #else { "cron", LOG_CRON1 }, #endif -#ifdef LOG_FTP +#ifdef LOG_FTP { "ftp", LOG_FTP }, #endif -#ifdef LOG_AUTHPRIV +#ifdef LOG_AUTHPRIV { "authpriv", LOG_AUTHPRIV }, #endif #ifdef LOG_AUDIT diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h index e8eef2b..d0d488a 100644 --- a/contrib/ipfilter/lib/facpri.h +++ b/contrib/ipfilter/lib/facpri.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp + * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $ */ #ifndef __FACPRI_H__ diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c index 8f23a6f..421a075 100644 --- a/contrib/ipfilter/lib/fill6bits.c +++ b/contrib/ipfilter/lib/fill6bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp + * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c index df6645d..49f28e6 100644 --- a/contrib/ipfilter/lib/flags.c +++ b/contrib/ipfilter/lib/flags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp + * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/genmask.c b/contrib/ipfilter/lib/genmask.c index 06f6404..238e5b6 100644 --- a/contrib/ipfilter/lib/genmask.c +++ b/contrib/ipfilter/lib/genmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp + * $Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/gethost.c b/contrib/ipfilter/lib/gethost.c index a03168a..afcd3b5 100644 --- a/contrib/ipfilter/lib/gethost.c +++ b/contrib/ipfilter/lib/gethost.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int gethost(name, hostp) diff --git a/contrib/ipfilter/lib/getifname.c b/contrib/ipfilter/lib/getifname.c index 94c9c9c..1480c1f 100644 --- a/contrib/ipfilter/lib/getifname.c +++ b/contrib/ipfilter/lib/getifname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/getline.c b/contrib/ipfilter/lib/getline.c index 61c00ba..7d06d43 100644 --- a/contrib/ipfilter/lib/getline.c +++ b/contrib/ipfilter/lib/getline.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c index c783d6f..312a862 100644 --- a/contrib/ipfilter/lib/getnattype.c +++ b/contrib/ipfilter/lib/getnattype.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -11,7 +9,7 @@ #include "kmem.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c index 7cf903d..03fcd17 100644 --- a/contrib/ipfilter/lib/getport.c +++ b/contrib/ipfilter/lib/getport.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int getport(fr, name, port) diff --git a/contrib/ipfilter/lib/getportproto.c b/contrib/ipfilter/lib/getportproto.c index 17efa43..d76e761 100644 --- a/contrib/ipfilter/lib/getportproto.c +++ b/contrib/ipfilter/lib/getportproto.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c index c75f137..58e82bd 100644 --- a/contrib/ipfilter/lib/getproto.c +++ b/contrib/ipfilter/lib/getproto.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int getproto(name) @@ -14,6 +12,14 @@ char *name; if (*s == '\0') return atoi(name); +#ifdef _AIX51 + /* + * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 + */ + if (!strcasecmp(name, "ip")) + return 0; +#endif + p = getprotobyname(name); if (p != NULL) return p->p_proto; diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c index 11ecc57..346c445 100644 --- a/contrib/ipfilter/lib/getsumd.c +++ b/contrib/ipfilter/lib/getsumd.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" char *getsumd(sum) diff --git a/contrib/ipfilter/lib/hexdump.c b/contrib/ipfilter/lib/hexdump.c index 4eb3b9ad..86e731e 100644 --- a/contrib/ipfilter/lib/hexdump.c +++ b/contrib/ipfilter/lib/hexdump.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostmask.c b/contrib/ipfilter/lib/hostmask.c index 67755f8..4ee41e16 100644 --- a/contrib/ipfilter/lib/hostmask.c +++ b/contrib/ipfilter/lib/hostmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp + * $Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostname.c b/contrib/ipfilter/lib/hostname.c index a0109da..a883fc6 100644 --- a/contrib/ipfilter/lib/hostname.c +++ b/contrib/ipfilter/lib/hostname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostnum.c b/contrib/ipfilter/lib/hostnum.c index c62e4a1..2ec0529 100644 --- a/contrib/ipfilter/lib/hostnum.c +++ b/contrib/ipfilter/lib/hostnum.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index 17e1ba4..fd1e647 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/inet_addr.c b/contrib/ipfilter/lib/inet_addr.c index 5ccf6a9..820b7b5 100644 --- a/contrib/ipfilter/lib/inet_addr.c +++ b/contrib/ipfilter/lib/inet_addr.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ++Copyright++ 1983, 1990, 1993 * - @@ -57,7 +55,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c index 676774c..d875925 100644 --- a/contrib/ipfilter/lib/initparse.c +++ b/contrib/ipfilter/lib/initparse.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp + * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c index 9e4602b..b1f655c 100644 --- a/contrib/ipfilter/lib/ionames.c +++ b/contrib/ipfilter/lib/ionames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp + * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ipf_dotuning.c b/contrib/ipfilter/lib/ipf_dotuning.c index c9416ff..daff025 100644 --- a/contrib/ipfilter/lib/ipf_dotuning.c +++ b/contrib/ipfilter/lib/ipf_dotuning.c @@ -1,7 +1,5 @@ -/* $NetBSD$ */ - #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include void ipf_dotuning(fd, tuneargs, iocfn) @@ -33,6 +31,7 @@ ioctlfunc_t iocfn; printtunable(&tu); } } else if ((t = strchr(s, '=')) != NULL) { + tu.ipft_cookie = NULL; *t++ = '\0'; strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); if (sscanf(t, "%lu", &tu.ipft_vlong) == 1) { @@ -45,13 +44,16 @@ ioctlfunc_t iocfn; return; } } else { + tu.ipft_cookie = NULL; strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); if ((*iocfn)(fd, SIOCIPFGET, &obj) == -1) { perror("ioctl(SIOCIPFGET)"); return; } - if (tu.ipft_cookie == NULL) + if (tu.ipft_cookie == NULL) { + fprintf(stderr, "Null cookie for %s\n", s); return; + } tu.ipft_name[sizeof(tu.ipft_name) - 1] = '\0'; printtunable(&tu); diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c index eebc417..237febc 100644 --- a/contrib/ipfilter/lib/ipft_ef.c +++ b/contrib/ipfilter/lib/ipft_ef.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -33,7 +31,7 @@ etherfind -n -t #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $"; #endif static int etherf_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c index 3cc8ec5..c649107 100644 --- a/contrib/ipfilter/lib/ipft_hx.c +++ b/contrib/ipfilter/lib/ipft_hx.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_hx.c,v 1.11.4.1 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $"; #endif #include @@ -83,7 +81,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { printf("input: %s", line); } @@ -108,7 +106,7 @@ int cnt, *dir; s = line; t = (char *)ip; ip = (ip_t *)readhex(s, (char *)ip); - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { if (opts & OPT_ASCII) { if (t < (char *)ip) putchar('\t'); @@ -124,6 +122,8 @@ int cnt, *dir; fflush(stdout); } } + if (feof(tfp)) + return 0; return -1; } diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c index 3678d78..de15235 100644 --- a/contrib/ipfilter/lib/ipft_pc.c +++ b/contrib/ipfilter/lib/ipft_pc.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp + * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" @@ -13,7 +11,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $"; #endif struct llc { @@ -162,10 +160,19 @@ static int pcap_close() static int pcap_read_rec(rec) struct pcap_pkthdr *rec; { - int n, p; + int n, p, i; + char *s; - if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; + s = (char *)rec; + n = sizeof(*rec); + + while (n > 0) { + i = read(pfd, (char *)rec, sizeof(*rec)); + if (i <= 0) + return -2; + s += i; + n -= i; + } if (swapped) { rec->ph_clen = SWAPLONG(rec->ph_clen); @@ -178,6 +185,8 @@ struct pcap_pkthdr *rec; if (!n || n < 0) return -3; + if (p < 0 || p > 65536) + return -4; return p; } @@ -224,7 +233,7 @@ int cnt, *dir; struct pcap_pkthdr rec; struct llc *l; char *s, ty[4]; - int i, n; + int i, j, n; l = llcp; @@ -238,8 +247,14 @@ int cnt, *dir; bufp = realloc(bufp, i); s = bufp; - if (read(pfd, s, i) != i) - return -2; + for (j = i, n = 0; j > 0; ) { + n = read(pfd, s, j); + if (n <= 0) + return -2; + j -= n; + s += n; + } + s = bufp; i -= l->lc_sz; s += l->lc_to; diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c index 1458821..1b3e364 100644 --- a/contrib/ipfilter/lib/ipft_sn.c +++ b/contrib/ipfilter/lib/ipft_sn.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp + * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $ */ /* @@ -16,7 +14,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $"; #endif struct llc { diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c index b278c72..1aa6166 100644 --- a/contrib/ipfilter/lib/ipft_td.c +++ b/contrib/ipfilter/lib/ipft_td.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -42,7 +40,7 @@ tcpdump -nqte #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; #endif static int tcpd_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index c77fbc4..0432c08 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -1,15 +1,13 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp + * $Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $"; #endif #include @@ -31,8 +29,8 @@ static int text_open __P((char *)), text_close __P((void)); static int text_readip __P((char *, int, char **, int *)); static int parseline __P((char *, ip_t *, char **, int *)); -static char _tcp_flagset[] = "FSRPAUEC"; -static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, +static char myflagset[] = "FSRPAUEC"; +static u_char myflags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG, TH_ECN, TH_CWR }; struct ipread iptext = { text_open, text_close, text_readip, R_DO_CKSUM }; @@ -161,7 +159,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) + if ((opts & OPT_DEBUG) != 0) printf("input: %s\n", line); *ifn = NULL; *dir = 0; @@ -172,6 +170,8 @@ int cnt, *dir; return sizeof(ip_t); #endif } + if (feof(tfp)) + return 0; return -1; } @@ -280,14 +280,12 @@ int *out; ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); cpp++; if (*cpp && ip->ip_p == IPPROTO_TCP) { - extern char _tcp_flagset[]; - extern u_char _tcp_flags[]; char *s, *t; tcp->th_flags = 0; for (s = *cpp; *s; s++) - if ((t = strchr(_tcp_flagset, *s))) - tcp->th_flags |= _tcp_flags[t - _tcp_flagset]; + if ((t = strchr(myflagset, *s))) + tcp->th_flags |= myflags[t - myflagset]; if (tcp->th_flags) cpp++; if (tcp->th_flags == 0) @@ -299,15 +297,22 @@ int *out; char **s, *t; int i; + t = strchr(*cpp, ','); + if (t != NULL) + *t = '\0'; + for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) - if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { + s++, i++) { + if (*s && !strcasecmp(*cpp, *s)) { ic->icmp_type = i; - if ((t = strchr(*cpp, ','))) - ic->icmp_code = atoi(t+1); + if (t != NULL) + ic->icmp_code = atoi(t + 1); cpp++; break; } + } + if (t != NULL) + *t = ','; } if (*cpp && !strcasecmp(*cpp, "opt")) { diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c index 95bde9c..558ae58 100644 --- a/contrib/ipfilter/lib/ipoptsec.c +++ b/contrib/ipfilter/lib/ipoptsec.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp + * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c index 3f044bb..1fd00ab 100644 --- a/contrib/ipfilter/lib/kmem.c +++ b/contrib/ipfilter/lib/kmem.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -18,7 +16,7 @@ #include #include #include -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51) #include #endif #include @@ -44,12 +42,13 @@ #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)Id: kmem.c,v 1.16.2.1 2004/06/20 10:25:58 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $"; #endif -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \ + !defined(linux) && !defined(_AIX51) /* * For all platforms where there is a libkvm and a kvm_t, we use that... */ diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h index 07a14f5..2cdd5fb 100644 --- a/contrib/ipfilter/lib/kmem.h +++ b/contrib/ipfilter/lib/kmem.h @@ -1,10 +1,8 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/lib/kmemcpywrap.c b/contrib/ipfilter/lib/kmemcpywrap.c index 274bcb1..35715dc 100644 --- a/contrib/ipfilter/lib/kmemcpywrap.c +++ b/contrib/ipfilter/lib/kmemcpywrap.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/kvatoname.c b/contrib/ipfilter/lib/kvatoname.c index 030c633..b3f4af9 100644 --- a/contrib/ipfilter/lib/kvatoname.c +++ b/contrib/ipfilter/lib/kvatoname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c index 4fc042b..638e9f5 100644 --- a/contrib/ipfilter/lib/load_hash.c +++ b/contrib/ipfilter/lib/load_hash.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hash.c,v 1.11.2.2 2005/02/01 02:44:05 darrenr Exp + * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $ */ #include @@ -72,8 +70,8 @@ ioctlfunc_t iocfunc; } } - strncpy(op.iplo_name, iph.iph_name, sizeof(op.iplo_name)); - strncpy(iphp->iph_name, iph.iph_name, sizeof(op.iplo_name)); + strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name)); + strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name)); if (opts & OPT_VERBOSE) { for (a = list; a != NULL; a = a->ipe_next) { diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c index 186ba05..cee0338 100644 --- a/contrib/ipfilter/lib/load_hashnode.c +++ b/contrib/ipfilter/lib/load_hashnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp + * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c index 5fab311..9cf22a2 100644 --- a/contrib/ipfilter/lib/load_pool.c +++ b/contrib/ipfilter/lib/load_pool.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_pool.c,v 1.14.2.2 2005/02/01 02:44:06 darrenr Exp + * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $ */ #include @@ -38,7 +36,7 @@ ioctlfunc_t iocfunc; op.iplo_struct = &pool; bzero((char *)&pool, sizeof(pool)); strncpy(pool.ipo_name, plp->ipo_name, sizeof(pool.ipo_name)); - if (*plp->ipo_name == '\0') + if (plp->ipo_name[0] == '\0') op.iplo_arg |= IPOOL_ANON; if ((opts & OPT_REMOVE) == 0) { @@ -49,6 +47,9 @@ ioctlfunc_t iocfunc; } } + if (op.iplo_arg & IPOOL_ANON) + strncpy(pool.ipo_name, op.iplo_name, sizeof(pool.ipo_name)); + if ((opts & OPT_VERBOSE) != 0) { pool.ipo_list = plp->ipo_list; printpool(&pool, bcopywrap, pool.ipo_name, opts); @@ -56,7 +57,7 @@ ioctlfunc_t iocfunc; } for (a = plp->ipo_list; a != NULL; a = a->ipn_next) - load_poolnode(plp->ipo_unit, plp->ipo_name, a, iocfunc); + load_poolnode(plp->ipo_unit, pool.ipo_name, a, iocfunc); if ((opts & OPT_REMOVE) != 0) { if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op)) diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c index e9d233f..e992a80 100644 --- a/contrib/ipfilter/lib/load_poolnode.c +++ b/contrib/ipfilter/lib/load_poolnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp + * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/loglevel.c b/contrib/ipfilter/lib/loglevel.c index 31b4f17..47dd8ba 100644 --- a/contrib/ipfilter/lib/loglevel.c +++ b/contrib/ipfilter/lib/loglevel.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp + * $Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/make_range.c b/contrib/ipfilter/lib/make_range.c index 9ec3ca3..e4335cd 100644 --- a/contrib/ipfilter/lib/make_range.c +++ b/contrib/ipfilter/lib/make_range.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp + * $Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/mutex_emul.c b/contrib/ipfilter/lib/mutex_emul.c index 43b7f76..9497ffe 100644 --- a/contrib/ipfilter/lib/mutex_emul.c +++ b/contrib/ipfilter/lib/mutex_emul.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #define EMM_MAGIC 0x9d7adba3 diff --git a/contrib/ipfilter/lib/nametokva.c b/contrib/ipfilter/lib/nametokva.c index 50f3077..9250d7c 100644 --- a/contrib/ipfilter/lib/nametokva.c +++ b/contrib/ipfilter/lib/nametokva.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c index ce64abb..00e0df1 100644 --- a/contrib/ipfilter/lib/nat_setgroupmap.c +++ b/contrib/ipfilter/lib/nat_setgroupmap.c @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) -static const char rcsid[] = "@(#)Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/lib/natparse.c b/contrib/ipfilter/lib/natparse.c index adbbeb9..9937380 100644 --- a/contrib/ipfilter/lib/natparse.c +++ b/contrib/ipfilter/lib/natparse.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp $"; #endif #include diff --git a/contrib/ipfilter/lib/ntomask.c b/contrib/ipfilter/lib/ntomask.c index 415a5e8..cd4e983 100644 --- a/contrib/ipfilter/lib/ntomask.c +++ b/contrib/ipfilter/lib/ntomask.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int ntomask(v, nbits, ap) diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c index 7fdcc57..1f604d1 100644 --- a/contrib/ipfilter/lib/optname.c +++ b/contrib/ipfilter/lib/optname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 261a75c..42c1618 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp + * $Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c index 75e0fd0..4e4eee2 100644 --- a/contrib/ipfilter/lib/optprintv6.c +++ b/contrib/ipfilter/lib/optprintv6.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp + * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c index dc9448d..21d37b4 100644 --- a/contrib/ipfilter/lib/optvalue.c +++ b/contrib/ipfilter/lib/optvalue.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/parse.c b/contrib/ipfilter/lib/parse.c index 4cf69ab..1a49d16 100644 --- a/contrib/ipfilter/lib/parse.c +++ b/contrib/ipfilter/lib/parse.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp + * $Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp $ */ #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c index 7c0fc87..7136d8c 100644 --- a/contrib/ipfilter/lib/portname.c +++ b/contrib/ipfilter/lib/portname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp + * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/portnum.c b/contrib/ipfilter/lib/portnum.c index 284bbc9..4079f46 100644 --- a/contrib/ipfilter/lib/portnum.c +++ b/contrib/ipfilter/lib/portnum.c @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * - * Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/ports.c b/contrib/ipfilter/lib/ports.c index 634dfeb..9a44e2c 100644 --- a/contrib/ipfilter/lib/ports.c +++ b/contrib/ipfilter/lib/ports.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c index 0e230cd..5d88ef9 100644 --- a/contrib/ipfilter/lib/print_toif.c +++ b/contrib/ipfilter/lib/print_toif.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp + * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c index 3c56b14..389818b 100644 --- a/contrib/ipfilter/lib/printactivenat.c +++ b/contrib/ipfilter/lib/printactivenat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c index 5c5c3dd..45b4b2f 100644 --- a/contrib/ipfilter/lib/printaps.c +++ b/contrib/ipfilter/lib/printaps.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -13,7 +11,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c index f2b7faa..613293a 100644 --- a/contrib/ipfilter/lib/printbuf.c +++ b/contrib/ipfilter/lib/printbuf.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index f0f5a0e..f893ebb 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfr.c,v 1.43.2.10 2005/03/16 15:38:13 darrenr Exp + * $Id: printfr.c,v 1.43.2.15 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -22,7 +20,7 @@ u_32_t *addr, *mask; switch (type) { case FRI_BROADCAST : - suffix = "/bcast"; + suffix = "bcast"; break; case FRI_DYNAMIC : @@ -32,15 +30,15 @@ u_32_t *addr, *mask; break; case FRI_NETWORK : - suffix = "/net"; + suffix = "net"; break; case FRI_NETMASKED : - suffix = "/netmasked"; + suffix = "netmasked"; break; case FRI_PEERADDR : - suffix = "/peer"; + suffix = "peer"; break; case FRI_LOOKUP : @@ -107,6 +105,9 @@ ioctlfunc_t iocfunc; if ((fp->fr_type & FR_T_BUILTIN) != 0) printf("# Builtin: "); + if (fp->fr_collect != 0) + printf("%u ", fp->fr_collect); + if (fp->fr_type == FR_T_CALLFUNC) { ; } else if (fp->fr_func != NULL) { @@ -189,12 +190,11 @@ ioctlfunc_t iocfunc; if (*fp->fr_ifnames[2]) { printifname("", fp->fr_ifnames[2], fp->fr_ifas[2]); - putchar(' '); - if (*fp->fr_ifnames[3]) { printifname(",", fp->fr_ifnames[3], fp->fr_ifas[3]); } + putchar(' '); } } @@ -208,10 +208,10 @@ ioctlfunc_t iocfunc; pr = -1; } else if (fp->fr_mip.fi_p) { pr = fp->fr_ip.fi_p; - if ((p = getprotobynumber(fp->fr_proto))) - printf("proto %s ", p->p_name); - else - printf("proto %d ", fp->fr_proto); + p = getprotobynumber(pr); + printf("proto "); + printproto(p, pr, NULL); + putchar(' '); } } @@ -370,6 +370,35 @@ ioctlfunc_t iocfunc; if (!(fp->fr_flx & FI_OOW)) printf("not "); printf("oow"); + comma = ","; + } + if (fp->fr_mflx & FI_MBCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MBCAST)) + printf("not "); + printf("mbcast"); + comma = ","; + } + if (fp->fr_mflx & FI_BROADCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_BROADCAST)) + printf("not "); + printf("bcast"); + comma = ","; + } + if (fp->fr_mflx & FI_MULTICAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MULTICAST)) + printf("not "); + printf("mcast"); + comma = ","; + } + if (fp->fr_mflx & FI_STATE) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_STATE)) + printf("not "); + printf("state"); + comma = ","; } } @@ -410,8 +439,8 @@ ioctlfunc_t iocfunc; if (fp->fr_flags & (FR_FRSTRICT)) { printf(" ("); if (fp->fr_flags & FR_FRSTRICT) - printf(" strict"); - printf(" )"); + printf("strict"); + printf(")"); } } diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c index b521c83..557b031 100644 --- a/contrib/ipfilter/lib/printfraginfo.c +++ b/contrib/ipfilter/lib/printfraginfo.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp + * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/printhash.c b/contrib/ipfilter/lib/printhash.c index 80157bb..5411190 100644 --- a/contrib/ipfilter/lib/printhash.c +++ b/contrib/ipfilter/lib/printhash.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printhashnode.c b/contrib/ipfilter/lib/printhashnode.c index 39255e7..05d4df7 100644 --- a/contrib/ipfilter/lib/printhashnode.c +++ b/contrib/ipfilter/lib/printhashnode.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c index bdb6702..bed0607 100644 --- a/contrib/ipfilter/lib/printhostmap.c +++ b/contrib/ipfilter/lib/printhostmap.c @@ -1,13 +1,14 @@ -/* $NetBSD$ */ - #include "ipf.h" void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { + struct in_addr in; + printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); - printf("%s ", inet_ntoa(hmp->hm_mapip)); + in.s_addr = htonl(hmp->hm_mapip.s_addr); + printf("%s ", inet_ntoa(in)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c index c34bc43..207e363 100644 --- a/contrib/ipfilter/lib/printhostmask.c +++ b/contrib/ipfilter/lib/printhostmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp + * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c index 53a7fd7..12d46ff 100644 --- a/contrib/ipfilter/lib/printifname.c +++ b/contrib/ipfilter/lib/printifname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c index 1a04f1d..828e0c1 100644 --- a/contrib/ipfilter/lib/printip.c +++ b/contrib/ipfilter/lib/printip.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp + * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index d14add4..1445971 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printlog.c,v 1.6 2002/01/28 06:50:47 darrenr Exp + * $Id: printlog.c,v 1.6.4.1 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -27,12 +25,9 @@ frentry_t *fp; printf(" or-block"); if (fp->fr_loglevel != 0xffff) { printf(" level "); - if (fp->fr_loglevel & LOG_FACMASK) { - s = fac_toname(fp->fr_loglevel); - if (s == NULL) - s = "!!!"; - } else - s = ""; + s = fac_toname(fp->fr_loglevel); + if (s == NULL) + s = "!!!"; u = pri_toname(fp->fr_loglevel); if (u == NULL) u = "!!!"; diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c index d3d9a6f..18bf46f 100644 --- a/contrib/ipfilter/lib/printmask.c +++ b/contrib/ipfilter/lib/printmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp + * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index 15a6886..8ca4125 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -13,11 +11,9 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.8 2005/01/12 03:39:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $"; #endif -static void printproto __P((ipnat_t *, struct protoent *)); - /* * Print out a NAT rule */ @@ -53,7 +49,7 @@ int opts; printf(" %s", np->in_ifnames[0]); if ((np->in_ifnames[1][0] != '\0') && (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) { - printf(",%s ", np->in_ifnames[1]); + printf(",%s", np->in_ifnames[1]); } putchar(' '); @@ -102,13 +98,16 @@ int opts; printf(" -> %s", inet_ntoa(np->in_in[0].in4)); if (np->in_flags & IPN_SPLIT) printf(",%s", inet_ntoa(np->in_in[1].in4)); + else if (np->in_inmsk == 0 && np->in_inip == 0) + printf("/0"); if (np->in_flags & IPN_TCPUDP) { if ((np->in_flags & IPN_FIXEDDPORT) != 0) printf(" port = %d", ntohs(np->in_pnext)); else printf(" port %d", ntohs(np->in_pnext)); } - printproto(np, pr); + putchar(' '); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_ROUNDR) printf(" round-robin"); if (np->in_flags & IPN_FRAG) @@ -164,10 +163,7 @@ int opts; } printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); - if (pr != NULL) - fputs(pr->p_name, stdout); - else - printf("%d", np->in_p); + printproto(pr, np->in_p, NULL); } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -178,11 +174,11 @@ int opts; printf("\n\tip modulous %d", np->in_pmax); } else if (np->in_pmin || np->in_pmax) { if (np->in_flags & IPN_ICMPQUERY) { - printf(" icmpidmap"); + printf(" icmpidmap "); } else { - printf(" portmap"); + printf(" portmap "); } - printproto(np, pr); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -194,8 +190,10 @@ int opts; printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) - printproto(np, pr); + } else if (np->in_flags & IPN_TCPUDP || np->in_p) { + putchar(' '); + printproto(pr, np->in_p, np); + } if (np->in_flags & IPN_FRAG) printf(" frag"); @@ -227,21 +225,3 @@ int opts; np->in_tqehead[0], np->in_tqehead[1], np->in_comment); } } - -static void printproto(np, pr) -ipnat_t *np; -struct protoent *pr; -{ - if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) - printf(" tcp/udp"); - else if (np->in_flags & IPN_TCP) - printf(" tcp"); - else if (np->in_flags & IPN_UDP) - printf(" udp"); - else if (np->in_flags & IPN_ICMPQUERY) - printf(" icmp"); - else if (pr != NULL) - printf(" %s", pr->p_name); - else - printf(" %d", np->in_p); -} diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index 58460be..dada8d0 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printpacket.c,v 1.12.4.1 2005/02/21 05:09:24 darrenr Exp + * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $ */ #include "ipf.h" @@ -52,7 +50,8 @@ struct ip *ip; } tcp = (struct tcphdr *)((char *)ip + (IP_HL(ip) << 2)); - printf("ip %d(%d) %d", ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); + printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), + IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) printf(" @%d", off << 3); printf(" %s", inet_ntoa(ip->ip_src)); diff --git a/contrib/ipfilter/lib/printpacket6.c b/contrib/ipfilter/lib/printpacket6.c index 2f9ea1d..f0147f1 100644 --- a/contrib/ipfilter/lib/printpacket6.c +++ b/contrib/ipfilter/lib/printpacket6.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" /* diff --git a/contrib/ipfilter/lib/printpool.c b/contrib/ipfilter/lib/printpool.c index 6291306..6af4460 100644 --- a/contrib/ipfilter/lib/printpool.c +++ b/contrib/ipfilter/lib/printpool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printpoolnode.c b/contrib/ipfilter/lib/printpoolnode.c index dd0ef97..e2f9536 100644 --- a/contrib/ipfilter/lib/printpoolnode.c +++ b/contrib/ipfilter/lib/printpoolnode.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c index 7ec0116..b1ecd36 100644 --- a/contrib/ipfilter/lib/printportcmp.c +++ b/contrib/ipfilter/lib/printportcmp.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp + * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printproto.c b/contrib/ipfilter/lib/printproto.c new file mode 100644 index 0000000..dd0ce39 --- /dev/null +++ b/contrib/ipfilter/lib/printproto.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 1993-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include "ipf.h" + + +#if !defined(lint) +static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.1 2005/06/12 07:21:53 darrenr Exp $"; +#endif + + +void printproto(pr, p, np) +struct protoent *pr; +int p; +ipnat_t *np; +{ + if (np != NULL) { + if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) + printf("tcp/udp"); + else if (np->in_flags & IPN_TCP) + printf("tcp"); + else if (np->in_flags & IPN_UDP) + printf("udp"); + else if (np->in_flags & IPN_ICMPQUERY) + printf("icmp"); +#ifdef _AIX51 + /* + * To make up for "ip = 252" and "hopopt = 0" in /etc/protocols + */ + else if (np->in_p == 0) + printf("ip"); +#endif + else if (pr != NULL) + printf("%s", pr->p_name); + else + printf("%d", np->in_p); + } else { +#ifdef _AIX51 + if (p == 0) + printf("ip"); + else +#endif + if (pr != NULL) + printf("%s", pr->p_name); + else + printf("%d", p); + } +} diff --git a/contrib/ipfilter/lib/printsbuf.c b/contrib/ipfilter/lib/printsbuf.c index 805c03b..b066b58 100644 --- a/contrib/ipfilter/lib/printsbuf.c +++ b/contrib/ipfilter/lib/printsbuf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #ifdef IPFILTER_SCAN #include diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index 9cfdc8a..102b0ea 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * @@ -144,8 +142,8 @@ u_long now; PRINTF("\tpkt_flags & %x(%x) = %x,\t", ips.is_flags & 0xf, ips.is_flags, ips.is_flags >> 4); - PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk, - ips.is_opt); + PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], + ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); diff --git a/contrib/ipfilter/lib/printtunable.c b/contrib/ipfilter/lib/printtunable.c index 46e9f80..5c26851 100644 --- a/contrib/ipfilter/lib/printtunable.c +++ b/contrib/ipfilter/lib/printtunable.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" void printtunable(tup) diff --git a/contrib/ipfilter/lib/ratoi.c b/contrib/ipfilter/lib/ratoi.c index 31ee122..fb8552d 100644 --- a/contrib/ipfilter/lib/ratoi.c +++ b/contrib/ipfilter/lib/ratoi.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ratoui.c b/contrib/ipfilter/lib/ratoui.c index e4d0cbf..191f87f 100644 --- a/contrib/ipfilter/lib/ratoui.c +++ b/contrib/ipfilter/lib/ratoui.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c index 256751f..d1830ac 100644 --- a/contrib/ipfilter/lib/remove_hash.c +++ b/contrib/ipfilter/lib/remove_hash.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c index 5e5b634..afa0dbc 100644 --- a/contrib/ipfilter/lib/remove_hashnode.c +++ b/contrib/ipfilter/lib/remove_hashnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c index 3f5e004..d14529a 100644 --- a/contrib/ipfilter/lib/remove_pool.c +++ b/contrib/ipfilter/lib/remove_pool.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c index aff4694..2c7f9d3 100644 --- a/contrib/ipfilter/lib/remove_poolnode.c +++ b/contrib/ipfilter/lib/remove_poolnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp + * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/resetlexer.c b/contrib/ipfilter/lib/resetlexer.c index 0801242..d16a05e 100644 --- a/contrib/ipfilter/lib/resetlexer.c +++ b/contrib/ipfilter/lib/resetlexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" long string_start = -1; diff --git a/contrib/ipfilter/lib/rwlock_emul.c b/contrib/ipfilter/lib/rwlock_emul.c index 64b807e..3bccd9a 100644 --- a/contrib/ipfilter/lib/rwlock_emul.c +++ b/contrib/ipfilter/lib/rwlock_emul.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #define EMM_MAGIC 0x97dd8b3a diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c index 314b9d2..9c33da9 100644 --- a/contrib/ipfilter/lib/tcp_flags.c +++ b/contrib/ipfilter/lib/tcp_flags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp + * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c index b7ea4b8..d4d6145 100644 --- a/contrib/ipfilter/lib/tcpflags.c +++ b/contrib/ipfilter/lib/tcpflags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp + * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c index b5e0cc7..39f3dbb 100644 --- a/contrib/ipfilter/lib/tcpoptnames.c +++ b/contrib/ipfilter/lib/tcpoptnames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp + * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/to_interface.c b/contrib/ipfilter/lib/to_interface.c index 50f9a70..8f2c16f 100644 --- a/contrib/ipfilter/lib/to_interface.c +++ b/contrib/ipfilter/lib/to_interface.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp + * $Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c index 087da5d..c89e27c 100644 --- a/contrib/ipfilter/lib/v6ionames.c +++ b/contrib/ipfilter/lib/v6ionames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6ionames.c,v 1.1.4.1 2005/01/02 13:08:49 darrenr Exp + * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $ */ #include "ipf.h" @@ -21,6 +19,7 @@ struct ipopt_names v6ionames[] ={ { IPPROTO_AH, 0x000020, 0, "ah" }, { IPPROTO_NONE, 0x000040, 0, "none" }, { IPPROTO_DSTOPTS, 0x000080, 0, "dstopts" }, + { IPPROTO_MOBILITY, 0x000100, 0, "mobility" }, { 0, 0, 0, (char *)NULL } }; diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c index 57dc2fb..fd8e2e2 100644 --- a/contrib/ipfilter/lib/v6optvalue.c +++ b/contrib/ipfilter/lib/v6optvalue.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp + * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/var.c b/contrib/ipfilter/lib/var.c index 79b2517..37d310b 100644 --- a/contrib/ipfilter/lib/var.c +++ b/contrib/ipfilter/lib/var.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c index d4f3012..e386038 100644 --- a/contrib/ipfilter/lib/verbose.c +++ b/contrib/ipfilter/lib/verbose.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp + * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/man/ipf.4 b/contrib/ipfilter/man/ipf.4 index 7a0b20a..e2e5b5b 100644 --- a/contrib/ipfilter/man/ipf.4 +++ b/contrib/ipfilter/man/ipf.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 4 .SH NAME ipf \- packet filtering kernel interface diff --git a/contrib/ipfilter/man/ipf.5 b/contrib/ipfilter/man/ipf.5 index ab7f935..3fd9e94 100644 --- a/contrib/ipfilter/man/ipf.5 +++ b/contrib/ipfilter/man/ipf.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 5 .SH NAME ipf, ipf.conf, ipf6.conf \- IP packet filter rule syntax @@ -58,8 +56,8 @@ port-range = "port" port-num range port-num . flags = "flags" flag { flag } [ "/" flag { flag } ] . with = "with" | "and" . icmp = "icmp-type" icmp-type [ "code" decnumber ] . -return-code = "("icmp-code")" . -keep = "keep" "state" | "keep" "frags" . +return-code = "(" icmp-code ")" . +keep = "keep" "state" [ "(" state-options ")" ] | "keep" "frags" . loglevel = facility"."priority | priority . nummask = host-name [ "/" decnumber ] . @@ -67,7 +65,10 @@ host-name = ipaddr | hostname | "any" . ipaddr = host-num "." host-num "." host-num "." host-num . host-num = digit [ digit [ digit ] ] . port-num = service-name | decnumber . +state-options = state-opts [ "," state-options ] . +state-opts = "age" decnumber [ "/" decnumber ] | "strict" | + "no-icmp-err" | "limit" decnumber | "newisn" | "sync" . withopt = [ "not" | "no" ] opttype [ withopt ] . opttype = "ipopts" | "short" | "frag" | "opt" optname . optname = ipopts [ "," optname ] . diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8 index c7d07c0..4311577 100644 --- a/contrib/ipfilter/man/ipf.8 +++ b/contrib/ipfilter/man/ipf.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 8 .SH NAME ipf \- alters packet filtering lists for IP packet input and output diff --git a/contrib/ipfilter/man/ipfilter.4 b/contrib/ipfilter/man/ipfilter.4 index cf8ca9f..b2d2f2a 100644 --- a/contrib/ipfilter/man/ipfilter.4 +++ b/contrib/ipfilter/man/ipfilter.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IP\ FILTER 4 .SH NAME ipfilter \- Introduction to IP packet filtering diff --git a/contrib/ipfilter/man/ipfilter.5 b/contrib/ipfilter/man/ipfilter.5 index 9fbb675..0bba0f4 100644 --- a/contrib/ipfilter/man/ipfilter.5 +++ b/contrib/ipfilter/man/ipfilter.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPFILTER 1 .SH NAME IP Filter diff --git a/contrib/ipfilter/man/ipfs.8 b/contrib/ipfilter/man/ipfs.8 index 52f6fcb..d5bf460 100644 --- a/contrib/ipfilter/man/ipfs.8 +++ b/contrib/ipfilter/man/ipfs.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPFS 8 .SH NAME ipfs \- saves and restores information for NAT and state tables. diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index 549b31a..a3ec72a 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH ipfstat 8 .SH NAME ipfstat \- reports on packet filter statistics and filter list diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index 4a17576..5153687 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-6bdDoRvx +.B \-6bCdDoRvx ] [ .B \-F input-format @@ -29,6 +27,9 @@ interface .B \-r ] [ +.B \-S + +] [ .B \-T ] @@ -58,6 +59,11 @@ Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. .TP +.B \-C +Force the checksums to be (re)calculated for all packets being input into +\fBipftest\fP. This may be necessary if pcap files from tcpdump are being +fed in where there are partial checksums present due to hardware offloading. +.TP .B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). @@ -169,6 +175,14 @@ Specify the filename from which to read filter rules in \fBipf\fP(5) format. .B \-R Don't attempt to convert IP addresses to hostnames. .TP +.BR \-S \0 +The IP address specifived with this option is used by ipftest to determine +whether a packet should be treated as "input" or "output". If the source +address in an IP packet matches then it is considered to be inbound. If it +does not match then it is considered to be outbound. This is primarily +for use with tcpdump (pcap) files where there is no in/out information +saved with each packet. +.TP .BR \-T \0 This option simulates the run-time changing of IPFilter kernel variables available with the \fB\-T\fP option of \fBipf\fP. diff --git a/contrib/ipfilter/man/ipl.4 b/contrib/ipfilter/man/ipl.4 index d45749b..d8106cc 100644 --- a/contrib/ipfilter/man/ipl.4 +++ b/contrib/ipfilter/man/ipl.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPL 4 .SH NAME ipl \- IP packet log device diff --git a/contrib/ipfilter/man/ipmon.5 b/contrib/ipfilter/man/ipmon.5 index bc48466..2e3eebd 100644 --- a/contrib/ipfilter/man/ipmon.5 +++ b/contrib/ipfilter/man/ipmon.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPMON 5 .SH NAME ipmon, ipmon.conf \- ipmon configuration file format diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 0c2861c..1ddc307 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipmon 8 .SH NAME ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS .B ipmon [ -.B \-abDFhnpstvxX +.B \-abBDFhnpstvxX ] [ .B "\-N " ] [ @@ -73,6 +71,9 @@ unreachable message. In order for \fBipmon\fP to properly work, the kernel option \fBIPFILTER_LOG\fP must be turned on in your kernel. Please see \fBoptions(4)\fP for more details. +.LP +\fBipmon\fP reopns its log file(s) and rereads its configuration file +when it receives a SIGHUP signal. .SH OPTIONS .TP .B \-a @@ -83,6 +84,11 @@ are displayed to the same output 'device' (stderr or syslog). For rules which log the body of a packet, generate hex output representing the packet contents after the headers. .TP +.B \-B +Enable logging of the raw, unformatted binary data to the specified +\fI\fP file. This can be read, later, using \fBipmon\fP +with the \fB-f\fP option. +.TP .B \-D Cause ipmon to turn itself into a daemon. Using subshells or backgrounding of ipmon is not required to turn it into an orphan so it can run indefinitely. diff --git a/contrib/ipfilter/man/ipnat.4 b/contrib/ipfilter/man/ipnat.4 index 6f696bd..54f55d3 100644 --- a/contrib/ipfilter/man/ipnat.4 +++ b/contrib/ipfilter/man/ipnat.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 4 .SH NAME ipnat \- Network Address Translation kernel interface diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5 index 7db3308..2d76a46 100644 --- a/contrib/ipfilter/man/ipnat.5 +++ b/contrib/ipfilter/man/ipnat.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 5 .SH NAME ipnat, ipnat.conf \- IP NAT file format @@ -12,9 +10,10 @@ ipmap :: = mapblock | redir | map . map ::= mapit ifname lhs "->" dstipmask [ mapicmp | mapport | mapproxy ] mapoptions . mapblock ::= "map-block" ifname lhs "->" ipmask [ ports ] mapoptions . -redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions . +redir ::= "rdr" ifname rlhs "->" ip [ "," ip ] rdrport rdroptions . lhs ::= ipmask | fromto . +rlhs ::= ipmask dport | fromto . dport ::= "port" portnum [ "-" portnum ] . ports ::= "ports" numports | "auto" . rdrport ::= "port" portnum . diff --git a/contrib/ipfilter/man/ipnat.8 b/contrib/ipfilter/man/ipnat.8 index 49a09be..683e8f1 100644 --- a/contrib/ipfilter/man/ipnat.8 +++ b/contrib/ipfilter/man/ipnat.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 8 .SH NAME ipnat \- user interface to the NAT subsystem @@ -35,7 +33,7 @@ enabled. .TP .B \-C delete all entries in the current NAT rule listing (NAT rules) - .TP +.TP .B \-d Enable printing of some extra debugging information. .TP @@ -54,10 +52,10 @@ This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-r -Remove matching NAT rules rather than add them to the internal lists +Remove matching NAT rules rather than add them to the internal lists. .TP .B \-s -Retrieve and display NAT statistics +Retrieve and display NAT statistics. .TP .B \-v Turn verbose mode on. Displays information relating to rule processing diff --git a/contrib/ipfilter/man/ippool.5 b/contrib/ipfilter/man/ippool.5 index c9eaaca..1c720b9 100644 --- a/contrib/ipfilter/man/ippool.5 +++ b/contrib/ipfilter/man/ippool.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPPOOL 5 .SH NAME ippool, ippool.conf \- IP Pool file format diff --git a/contrib/ipfilter/man/ippool.8 b/contrib/ipfilter/man/ippool.8 index 6ed1e88..e27cb92 100644 --- a/contrib/ipfilter/man/ippool.8 +++ b/contrib/ipfilter/man/ippool.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPPOOL 8 .SH NAME ippool \- user interface to the IPFilter pools diff --git a/contrib/ipfilter/man/ipscan.5 b/contrib/ipfilter/man/ipscan.5 index 4a00174..cc12ca3 100644 --- a/contrib/ipfilter/man/ipscan.5 +++ b/contrib/ipfilter/man/ipscan.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSCAN 5 .SH NAME ipscan, ipscan.conf \- ipscan file format diff --git a/contrib/ipfilter/man/ipscan.8 b/contrib/ipfilter/man/ipscan.8 index d3ce952..958c456 100644 --- a/contrib/ipfilter/man/ipscan.8 +++ b/contrib/ipfilter/man/ipscan.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSCAN 8 .SH NAME ipscan \- user interface to the IPFilter content scanning diff --git a/contrib/ipfilter/man/mkfilters.1 b/contrib/ipfilter/man/mkfilters.1 index 3bac7d1..b5fd9dc 100644 --- a/contrib/ipfilter/man/mkfilters.1 +++ b/contrib/ipfilter/man/mkfilters.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH MKFILTERS 1 .SH NAME mkfilters \- generate a minimal firewall ruleset for ipfilter diff --git a/contrib/ipfilter/md5.c b/contrib/ipfilter/md5.c index 78a0eb7..c46a957 100644 --- a/contrib/ipfilter/md5.c +++ b/contrib/ipfilter/md5.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* diff --git a/contrib/ipfilter/md5.h b/contrib/ipfilter/md5.h index 40e8dc6..48bbaf1 100644 --- a/contrib/ipfilter/md5.h +++ b/contrib/ipfilter/md5.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* *********************************************************************** ** md5.h -- header file for implementation of MD5 ** diff --git a/contrib/ipfilter/mlf_ipl.c b/contrib/ipfilter/mlf_ipl.c index c0cdce8..b39a14d 100644 --- a/contrib/ipfilter/mlf_ipl.c +++ b/contrib/ipfilter/mlf_ipl.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/mlf_rule.c b/contrib/ipfilter/mlf_rule.c index 731ef5e..c540ebd 100644 --- a/contrib/ipfilter/mlf_rule.c +++ b/contrib/ipfilter/mlf_rule.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/mlfk_rule.c b/contrib/ipfilter/mlfk_rule.c index a4f3ba7..c175076 100644 --- a/contrib/ipfilter/mlfk_rule.c +++ b/contrib/ipfilter/mlfk_rule.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2000 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp + * $Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp $ */ diff --git a/contrib/ipfilter/opts.h b/contrib/ipfilter/opts.h index 602c4e3..655f9f0 100644 --- a/contrib/ipfilter/opts.h +++ b/contrib/ipfilter/opts.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2000 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp + * $Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp $ */ #ifndef __OPTS_H__ diff --git a/contrib/ipfilter/pcap-ipf.h b/contrib/ipfilter/pcap-ipf.h index a6b974c..2ad5b01 100644 --- a/contrib/ipfilter/pcap-ipf.h +++ b/contrib/ipfilter/pcap-ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/perl/ipf-mrtg.pl b/contrib/ipfilter/perl/ipf-mrtg.pl index a96a7cd..cce30ab 100644 --- a/contrib/ipfilter/perl/ipf-mrtg.pl +++ b/contrib/ipfilter/perl/ipf-mrtg.pl @@ -19,4 +19,4 @@ print "$in_pkts\n", my $uptime = `/usr/bin/uptime`; $uptime =~ /^\s+(\d{1,2}:\d{2}..)\s+up\s+(\d+)\s+(......),/; print "$2 $3\n", - "$firewall\n"; + "$firewall\n"; \ No newline at end of file diff --git a/contrib/ipfilter/perl/logfilter.pl b/contrib/ipfilter/perl/logfilter.pl index a75eafd..6ebe401 100644 --- a/contrib/ipfilter/perl/logfilter.pl +++ b/contrib/ipfilter/perl/logfilter.pl @@ -178,4 +178,4 @@ tcp 6667 irc.log tcp 7070 realaudio.log tcp 8080 http.log tcp 12345 netbus.log -udp 31337 backorifice.log +udp 31337 backorifice.log \ No newline at end of file diff --git a/contrib/ipfilter/radix.c b/contrib/ipfilter/radix.c index 964c1095..69b50c0 100644 --- a/contrib/ipfilter/radix.c +++ b/contrib/ipfilter/radix.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -103,6 +101,12 @@ static int rn_lexobetter __P((void *, void *)); static struct radix_mask *rn_new_radix_mask __P((struct radix_node *, struct radix_mask *)); static int rn_freenode __P((struct radix_node *, void *)); +#if defined(AIX) && !defined(_KERNEL) +struct radix_node *rn_match __P((void *, struct radix_node_head *)); +struct radix_node *rn_addmask __P((int, int, void *)); +#define FreeS(x, y) KFREES(x, y) +#define Bcopy(x, y, z) bcopy(x, y, z) +#endif /* * The data structure for the keys is a radix tree with one way diff --git a/contrib/ipfilter/radix_ipf.h b/contrib/ipfilter/radix_ipf.h index 1dada60..357b9c4 100644 --- a/contrib/ipfilter/radix_ipf.h +++ b/contrib/ipfilter/radix_ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -28,7 +26,7 @@ * @(#)radix.h 8.2 (Berkeley) 10/31/94 */ -#ifndef _NET_RADIX_H_ +#if !defined(_NET_RADIX_H_) && !defined(_RADIX_H_) #define _NET_RADIX_H_ #ifndef _RADIX_H_ #define _RADIX_H_ @@ -42,7 +40,7 @@ # endif #endif -#ifdef __sgi +#if defined(__sgi) # define radix_mask ipf_radix_mask # define radix_node ipf_radix_node # define radix_node_head ipf_radix_node_head @@ -146,6 +144,12 @@ struct radix_node_head { }; +#if defined(AIX) +# undef Bcmp +# undef Bzero +# undef R_Malloc +# undef Free +#endif #define Bcmp(a, b, n) bcmp(((caddr_t)(a)), ((caddr_t)(b)), (unsigned)(n)) #if defined(linux) && defined(_KERNEL) # define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) @@ -157,7 +161,7 @@ struct radix_node_head { #define FreeS(p, z) KFREES(p, z) #define Free(p) KFREE(p) -#if (defined(__osf__) || (IRIX >= 60516)) && defined(_KERNEL) +#if (defined(__osf__) || defined(AIX) || (IRIX >= 60516)) && defined(_KERNEL) # define rn_init ipf_rn_init # define rn_fini ipf_rn_fini # define rn_inithead ipf_rn_inithead diff --git a/contrib/ipfilter/rules/example.1 b/contrib/ipfilter/rules/example.1 index 3da9f3c..ff93f49 100644 --- a/contrib/ipfilter/rules/example.1 +++ b/contrib/ipfilter/rules/example.1 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all incoming TCP packets on le0 from host 10.1.1.1 to any destination. # diff --git a/contrib/ipfilter/rules/example.10 b/contrib/ipfilter/rules/example.10 index f7a0b01..560d1e6 100644 --- a/contrib/ipfilter/rules/example.10 +++ b/contrib/ipfilter/rules/example.10 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # pass ack packets (ie established connection) # diff --git a/contrib/ipfilter/rules/example.11 b/contrib/ipfilter/rules/example.11 index 1cefa9a..c6b4e7f 100644 --- a/contrib/ipfilter/rules/example.11 +++ b/contrib/ipfilter/rules/example.11 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # allow any TCP packets from the same subnet as foo is on through to host # 10.1.1.2 if they are destined for port 6667. diff --git a/contrib/ipfilter/rules/example.12 b/contrib/ipfilter/rules/example.12 index 6dbaef5..c0ba1d3 100644 --- a/contrib/ipfilter/rules/example.12 +++ b/contrib/ipfilter/rules/example.12 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # get rid of all short IP fragments (too small for valid comparison) # diff --git a/contrib/ipfilter/rules/example.13 b/contrib/ipfilter/rules/example.13 index ca74114..854f07f 100644 --- a/contrib/ipfilter/rules/example.13 +++ b/contrib/ipfilter/rules/example.13 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # Log all short TCP packets to qe3, with 10.3.3.3 as the intended # destination for the packet. diff --git a/contrib/ipfilter/rules/example.2 b/contrib/ipfilter/rules/example.2 index 81e7d25..4f81725 100644 --- a/contrib/ipfilter/rules/example.2 +++ b/contrib/ipfilter/rules/example.2 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all outgoing TCP packets on le0 from any host to port 23 of # host 10.1.1.2 diff --git a/contrib/ipfilter/rules/example.3 b/contrib/ipfilter/rules/example.3 index c5b4344..cd31f73 100644 --- a/contrib/ipfilter/rules/example.3 +++ b/contrib/ipfilter/rules/example.3 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all inbound packets. # diff --git a/contrib/ipfilter/rules/example.4 b/contrib/ipfilter/rules/example.4 index f18dcdd..7918ec2 100644 --- a/contrib/ipfilter/rules/example.4 +++ b/contrib/ipfilter/rules/example.4 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all ICMP packets. # diff --git a/contrib/ipfilter/rules/example.5 b/contrib/ipfilter/rules/example.5 index 959dfb8..6d688b5 100644 --- a/contrib/ipfilter/rules/example.5 +++ b/contrib/ipfilter/rules/example.5 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # test ruleset # diff --git a/contrib/ipfilter/rules/example.6 b/contrib/ipfilter/rules/example.6 index e9ce23a..d40f0f3 100644 --- a/contrib/ipfilter/rules/example.6 +++ b/contrib/ipfilter/rules/example.6 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all TCP packets with only the SYN flag set (this is the first # packet sent to establish a connection) out of the SYN-ACK pair. diff --git a/contrib/ipfilter/rules/example.7 b/contrib/ipfilter/rules/example.7 index 0ddd7f7..062de98 100644 --- a/contrib/ipfilter/rules/example.7 +++ b/contrib/ipfilter/rules/example.7 @@ -1,4 +1,3 @@ -# $FreeBSD$ # block all ICMP packets. # block in proto icmp all diff --git a/contrib/ipfilter/rules/example.8 b/contrib/ipfilter/rules/example.8 index 2276b52..baa0258 100644 --- a/contrib/ipfilter/rules/example.8 +++ b/contrib/ipfilter/rules/example.8 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all incoming TCP connections but send back a TCP-RST for ones to # the ident port diff --git a/contrib/ipfilter/rules/example.9 b/contrib/ipfilter/rules/example.9 index 50bb46a..daff203 100644 --- a/contrib/ipfilter/rules/example.9 +++ b/contrib/ipfilter/rules/example.9 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # drop all packets without IP security options # diff --git a/contrib/ipfilter/rules/example.sr b/contrib/ipfilter/rules/example.sr index 46fb6f1..c4c1994 100644 --- a/contrib/ipfilter/rules/example.sr +++ b/contrib/ipfilter/rules/example.sr @@ -1,4 +1,3 @@ -# $FreeBSD$ # # log all inbound packet on le0 which has IP options present # diff --git a/contrib/ipfilter/samples/ipfilter-pb.gif b/contrib/ipfilter/samples/ipfilter-pb.gif index f729ab1..afaefa8 100644 Binary files a/contrib/ipfilter/samples/ipfilter-pb.gif and b/contrib/ipfilter/samples/ipfilter-pb.gif differ diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c index ccf2ac6..3a3d039 100644 --- a/contrib/ipfilter/samples/proxy.c +++ b/contrib/ipfilter/samples/proxy.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Sample transparent proxy program. * @@ -94,8 +92,8 @@ char *argv[]; natlook.nl_outip = sin.sin_addr; natlook.nl_inip = sloc.sin_addr; natlook.nl_flags = IPN_TCP; - natlook.nl_outport = ntohs(sin.sin_port); - natlook.nl_inport = ntohs(sloc.sin_port); + natlook.nl_outport = sin.sin_port; + natlook.nl_inport = sloc.sin_port; /* * Open the NAT device and lookup the mapping pair. diff --git a/contrib/ipfilter/samples/relay.c b/contrib/ipfilter/samples/relay.c index b91779a..6b96fc4 100644 --- a/contrib/ipfilter/samples/relay.c +++ b/contrib/ipfilter/samples/relay.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Sample program to be used as a transparent proxy. * @@ -18,10 +16,10 @@ #include #include #include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ip_nat.h" -#include "ipl.h" +#include "netinet/ip_compat.h" +#include "netinet/ip_fil.h" +#include "netinet/ip_nat.h" +#include "netinet/ipl.h" #define RELAY_BUFSZ 8192 diff --git a/contrib/ipfilter/samples/userauth.c b/contrib/ipfilter/samples/userauth.c index ef059ac..dbfeac6 100644 --- a/contrib/ipfilter/samples/userauth.c +++ b/contrib/ipfilter/samples/userauth.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include #include diff --git a/contrib/ipfilter/snoop.h b/contrib/ipfilter/snoop.h index 12dea37..8fa6f7e 100644 --- a/contrib/ipfilter/snoop.h +++ b/contrib/ipfilter/snoop.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -11,7 +9,7 @@ /* * written to comply with the RFC (1761) from Sun. - * Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp + * $Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp $ */ struct snoophdr { char s_id[8]; diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile index 7f17241..16535bf 100644 --- a/contrib/ipfilter/test/Makefile +++ b/contrib/ipfilter/test/Makefile @@ -11,7 +11,7 @@ all: results tests results: mkdir -p results -tests: ipf nat logtests ipv6 pools +tests: ipf nat logtests ipv6 pools bpf ipf: ftests ptests @@ -21,12 +21,13 @@ first: -mkdir -p results # Filtering tests -ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 +ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 # Rule parsing tests -ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 +ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 \ + i20 i21 -ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 +ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 nitests: ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 @@ -40,16 +41,16 @@ ipv6: ipv6.1 ipv6.2 ipv6.3 bpf: bpf1 bpf-f1 -f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14: +f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f19: @/bin/sh ./dotest `awk "/^$@ / { print; } " test.format` -f15 f16 f17: +f15 f16 f17 f18: @/bin/sh ./mtest `awk "/^$@ / { print; } " test.format` -i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 bpf1: +i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 bpf1: @/bin/sh ./itest `awk "/^$@ / { print; } " test.format` -n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12: +n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14: @/bin/sh ./nattest `awk "/^$@ / { print; } " test.format` ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16: @@ -77,9 +78,9 @@ bpf-f1: /bin/sh ./bpftest `awk "/^$@ / { print; } " test.format` clean: - /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 - /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 - /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 + /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 + /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 + /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 /bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 /bin/rm -f in1 in2 in3 in4 in5 in6 diff --git a/contrib/ipfilter/test/dotest b/contrib/ipfilter/test/dotest index 71c8cce..72853d4 100644 --- a/contrib/ipfilter/test/dotest +++ b/contrib/ipfilter/test/dotest @@ -1,5 +1,8 @@ #!/bin/sh +thistest=$1 format=$2 +output=$3 +tuning=$4 if [ -f /usr/ucb/touch ] ; then TOUCH=/usr/ucb/touch else @@ -11,18 +14,21 @@ else fi fi fi -echo "$1..."; -/bin/cp /dev/null results/$1 +if [ "$tuning" != "" ] ; then + tuning="-T $tuning" +fi +echo "${thistest}..."; +/bin/cp /dev/null results/${thistest} ( while read rule; do - echo "$rule" | ../ipftest -F $format -Rbr - -i input/$1 >> results/$1; + echo "$rule" | ../ipftest -F $format -Rbr - -i input/${thistest} $tuning>> results/${thistest}; if [ $? -ne 0 ] ; then exit 1; fi - echo "--------" >> results/$1 -done ) < regress/$1 -cmp expected/$1 results/$1 + echo "--------" >> results/${thistest} +done ) < regress/${thistest} +cmp expected/${thistest} results/${thistest} status=$? if [ $status = 0 ] ; then - $TOUCH $1 + $TOUCH ${thistest} fi exit $status diff --git a/contrib/ipfilter/test/expected/bpf1 b/contrib/ipfilter/test/expected/bpf1 index 9d0ad1b..76381a7 100644 --- a/contrib/ipfilter/test/expected/bpf1 +++ b/contrib/ipfilter/test/expected/bpf1 @@ -1,4 +1,4 @@ -pass in bpf { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass in bpf { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass in bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "0 0 0 0 0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x1 0x6 0 0 0" } +pass in bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "0 0 0 0 0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x1 0x6 0 0 0" } diff --git a/contrib/ipfilter/test/expected/f13 b/contrib/ipfilter/test/expected/f13 index b3c7e54..2a0195b 100644 --- a/contrib/ipfilter/test/expected/f13 +++ b/contrib/ipfilter/test/expected/f13 @@ -1,6 +1,12 @@ pass nomatch nomatch +pass +nomatch +nomatch +nomatch +nomatch +nomatch nomatch nomatch nomatch @@ -15,6 +21,12 @@ nomatch block nomatch nomatch +block +nomatch +nomatch +nomatch +nomatch +nomatch nomatch nomatch nomatch @@ -39,6 +51,12 @@ nomatch nomatch nomatch pass +pass +pass +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -53,8 +71,14 @@ nomatch nomatch nomatch block +block +block +nomatch +nomatch +nomatch +nomatch -------- -pass +block nomatch nomatch pass @@ -67,6 +91,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +pass +nomatch +pass +pass -------- block nomatch @@ -81,4 +111,50 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +block +nomatch +block +block +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +block +block +nomatch +pass +block +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +nomatch +nomatch +pass -------- diff --git a/contrib/ipfilter/test/expected/f17 b/contrib/ipfilter/test/expected/f17 index 4fe3acf..c586e5b 100644 --- a/contrib/ipfilter/test/expected/f17 +++ b/contrib/ipfilter/test/expected/f17 @@ -3,4 +3,5 @@ block return-rst pass pass pass +pass -------- diff --git a/contrib/ipfilter/test/expected/f18 b/contrib/ipfilter/test/expected/f18 new file mode 100644 index 0000000..801abd3 --- /dev/null +++ b/contrib/ipfilter/test/expected/f18 @@ -0,0 +1,5 @@ +pass +pass +pass +pass +-------- diff --git a/contrib/ipfilter/test/expected/f19 b/contrib/ipfilter/test/expected/f19 new file mode 100644 index 0000000..5ee2e9d --- /dev/null +++ b/contrib/ipfilter/test/expected/f19 @@ -0,0 +1,10 @@ +pass +pass +pass +nomatch +-------- +pass +nomatch +nomatch +nomatch +-------- diff --git a/contrib/ipfilter/test/expected/f7 b/contrib/ipfilter/test/expected/f7 index 6aa7951..7a4daed 100644 --- a/contrib/ipfilter/test/expected/f7 +++ b/contrib/ipfilter/test/expected/f7 @@ -7,6 +7,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- pass pass @@ -17,6 +23,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -27,6 +39,12 @@ block nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -37,6 +55,12 @@ pass nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -47,6 +71,28 @@ nomatch block block block +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +pass +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -54,7 +100,45 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass pass +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch pass pass -------- diff --git a/contrib/ipfilter/test/expected/f9 b/contrib/ipfilter/test/expected/f9 index 709744d..cc5be68 100644 --- a/contrib/ipfilter/test/expected/f9 +++ b/contrib/ipfilter/test/expected/f9 @@ -4,10 +4,16 @@ block block block block +block +block +block -------- nomatch nomatch nomatch +nomatch +nomatch +nomatch pass pass nomatch @@ -16,6 +22,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch block nomatch -------- @@ -23,6 +32,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch pass nomatch -------- @@ -32,6 +44,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -39,6 +54,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -46,6 +64,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -53,20 +74,29 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch +nomatch block nomatch nomatch nomatch nomatch +nomatch +nomatch -------- nomatch +nomatch pass nomatch nomatch nomatch nomatch +nomatch +nomatch -------- pass pass @@ -74,9 +104,15 @@ pass pass pass pass +pass +pass +pass -------- block block +block +nomatch +nomatch nomatch nomatch nomatch @@ -84,6 +120,9 @@ nomatch -------- pass pass +pass +nomatch +nomatch nomatch nomatch nomatch @@ -95,6 +134,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -102,6 +144,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -109,6 +154,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -116,10 +164,16 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch nomatch +nomatch +nomatch +nomatch block block nomatch diff --git a/contrib/ipfilter/test/expected/i1 b/contrib/ipfilter/test/expected/i1 index 93530f9..c012af8 100644 --- a/contrib/ipfilter/test/expected/i1 +++ b/contrib/ipfilter/test/expected/i1 @@ -6,10 +6,12 @@ count in from any to any pass in from !any to any block in from any to !any pass in on ed0(!) from 127.0.0.1/32 to 127.0.0.1/32 +pass in on ed0(!),vx0(!) from 127.0.0.1/32 to 127.0.0.1/32 block in log first on lo0(!) from any to any pass in log body quick from any to any block return-rst in quick on le0(!) proto tcp from any to any block return-icmp in on qe0(!) from any to any block return-icmp(host-unr) in on qe0(!) from any to any +block return-icmp-as-dest in on le0(!) from any to any block return-icmp-as-dest(port-unr) in on qe0(!) from any to any pass out on longNICname0(!) from 254.220.186.152/32 to 254.220.186.152/32 diff --git a/contrib/ipfilter/test/expected/i11 b/contrib/ipfilter/test/expected/i11 index 058d03a..26b8b78 100644 --- a/contrib/ipfilter/test/expected/i11 +++ b/contrib/ipfilter/test/expected/i11 @@ -1,8 +1,10 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state -block in log first on lo0(!) proto tcp/udp from any to any keep state +block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 20499 keep frags +pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags (strict) pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state +pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err) diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12 index 22a3488..e21724c 100644 --- a/contrib/ipfilter/test/expected/i12 +++ b/contrib/ipfilter/test/expected/i12 @@ -13,14 +13,14 @@ pass in from 2.2.2.0/24 to 5.5.5.5/32 port = 25 pass in from 3.3.3.3/32 to 5.5.5.5/32 port = 25 pass in from 2.2.2.0/24 to 6.6.6.6/32 port = 25 pass in from 3.3.3.3/32 to 6.6.6.6/32 port = 25 -pass in proto tcp from 2.2.2.0/24 to 5.5.5.5/32 port = 53 -pass in proto tcp from 3.3.3.3/32 to 5.5.5.5/32 port = 53 -pass in proto tcp from 2.2.2.0/24 to 6.6.6.6/32 port = 53 -pass in proto tcp from 3.3.3.3/32 to 6.6.6.6/32 port = 53 -pass in proto tcp from 2.2.2.0/24 to 5.5.5.5/32 port = 9 -pass in proto tcp from 3.3.3.3/32 to 5.5.5.5/32 port = 9 -pass in proto tcp from 2.2.2.0/24 to 6.6.6.6/32 port = 9 -pass in proto tcp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 +pass in proto tcp from 2.2.2.0/24 port = 53 to 5.5.5.5/32 +pass in proto tcp from 3.3.3.3/32 port = 53 to 5.5.5.5/32 +pass in proto tcp from 2.2.2.0/24 port = 9 to 5.5.5.5/32 +pass in proto tcp from 3.3.3.3/32 port = 9 to 5.5.5.5/32 +pass in proto tcp from 2.2.2.0/24 port = 53 to 6.6.6.6/32 +pass in proto tcp from 3.3.3.3/32 port = 53 to 6.6.6.6/32 +pass in proto tcp from 2.2.2.0/24 port = 9 to 6.6.6.6/32 +pass in proto tcp from 3.3.3.3/32 port = 9 to 6.6.6.6/32 pass in proto udp from 2.2.2.0/24 to 5.5.5.5/32 port = 53 pass in proto udp from 3.3.3.3/32 to 5.5.5.5/32 port = 53 pass in proto udp from 2.2.2.0/24 to 6.6.6.6/32 port = 53 @@ -32,3 +32,8 @@ pass in proto udp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 pass in from 10.10.10.10/32 to 11.11.11.11/32 pass in from pool/101(!) to hash/202(!) pass in from hash/303(!) to pool/404(!) +table role = ipf type = tree number = + { ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; }; +table role = ipf type = tree number = + { 1.1.0.0/16; }; +pass in from pool/0(!) to pool/0(!) diff --git a/contrib/ipfilter/test/expected/i14 b/contrib/ipfilter/test/expected/i14 index 5a10155..08ba19a 100644 --- a/contrib/ipfilter/test/expected/i14 +++ b/contrib/ipfilter/test/expected/i14 @@ -6,3 +6,5 @@ block in on vm0(!) proto tcp/udp from any to any head 101 pass in proto tcp/udp from 1.1.1.1/32 to 2.2.2.2/32 group 101 pass in proto tcp from 1.0.0.1/32 to 2.0.0.2/32 group 101 pass in proto udp from 2.0.0.2/32 to 3.0.0.3/32 group 101 +block in on vm0(!) proto tcp/udp from any to any head vm0-group +pass in proto tcp/udp from 1.1.1.1/32 to 2.2.2.2/32 group vm0-group diff --git a/contrib/ipfilter/test/expected/i16 b/contrib/ipfilter/test/expected/i16 new file mode 100644 index 0000000..c5b3cf3 --- /dev/null +++ b/contrib/ipfilter/test/expected/i16 @@ -0,0 +1,3 @@ +block out all +100 pass in all +10101 pass out proto tcp from any to any diff --git a/contrib/ipfilter/test/expected/i17 b/contrib/ipfilter/test/expected/i17 new file mode 100644 index 0000000..bcc4d2d --- /dev/null +++ b/contrib/ipfilter/test/expected/i17 @@ -0,0 +1,10 @@ +List of active MAP/Redirect filters: + +List of active sessions: + +Hostmap table: +List of active state sessions: +List of configured pools +List of configured hash tables +List of groups configured (set 0) +List of groups configured (set 1) diff --git a/contrib/ipfilter/test/expected/i18 b/contrib/ipfilter/test/expected/i18 new file mode 100644 index 0000000..1aaa04f --- /dev/null +++ b/contrib/ipfilter/test/expected/i18 @@ -0,0 +1,10 @@ +pass in tos 0x50 from any to any +pass in tos 0x80 from any to any +pass in tos 0x28 from any to any +block in ttl 0 from any to any +block in ttl 1 from any to any +block in ttl 2 from any to any +block in ttl 3 from any to any +block in ttl 4 from any to any +block in ttl 5 from any to any +block in ttl 6 from any to any diff --git a/contrib/ipfilter/test/expected/i19 b/contrib/ipfilter/test/expected/i19 new file mode 100644 index 0000000..4ca19b5 --- /dev/null +++ b/contrib/ipfilter/test/expected/i19 @@ -0,0 +1,22 @@ +block in log level user.debug quick proto icmp from any to any +block in log level mail.info quick proto icmp from any to any +block in log level daemon.notice quick proto icmp from any to any +block in log level auth.warn quick proto icmp from any to any +block in log level syslog.err quick proto icmp from any to any +block in log level lpr.crit quick proto icmp from any to any +block in log level news.alert quick proto icmp from any to any +block in log level uucp.emerg quick proto icmp from any to any +block in log level cron.debug quick proto icmp from any to any +block in log level ftp.info quick proto icmp from any to any +block in log level authpriv.notice quick proto icmp from any to any +block in log level !!!.warn quick proto icmp from any to any +block in log level local0.err quick proto icmp from any to any +block in log level local1.crit quick proto icmp from any to any +block in log level local2.alert quick proto icmp from any to any +block in log level local3.emerg quick proto icmp from any to any +block in log level local4.debug quick proto icmp from any to any +block in log level local5.info quick proto icmp from any to any +block in log level local6.notice quick proto icmp from any to any +block in log level local7.warn quick proto icmp from any to any +block in log level kern.err quick proto icmp from any to any +block in log level !!!.emerg quick proto icmp from any to any diff --git a/contrib/ipfilter/test/expected/i2 b/contrib/ipfilter/test/expected/i2 index 37ec9c4..5ff18f4 100644 --- a/contrib/ipfilter/test/expected/i2 +++ b/contrib/ipfilter/test/expected/i2 @@ -5,3 +5,4 @@ block in proto ipv6 from any to any block in proto udp from any to any block in proto 250 from any to any pass in proto tcp/udp from any to any +block in proto tcp/udp from any to any diff --git a/contrib/ipfilter/test/expected/i20 b/contrib/ipfilter/test/expected/i20 new file mode 100644 index 0000000..77eabdb --- /dev/null +++ b/contrib/ipfilter/test/expected/i20 @@ -0,0 +1,4 @@ +pass in on ppp0(!) from ppp0/peer to ppp0/32 +block in on hme0(!) from any to hme0/bcast +pass in on bge0(!) from bge0/net to bge0/32 +block in on eri0(!) from any to eri0/netmasked diff --git a/contrib/ipfilter/test/expected/i21 b/contrib/ipfilter/test/expected/i21 new file mode 100644 index 0000000..a5f55b3 --- /dev/null +++ b/contrib/ipfilter/test/expected/i21 @@ -0,0 +1,10 @@ +pass in from any port = 10101 to any +pass out from any to any port != 22 +block in from any port 20:21 to any +block out from any to any port 10 <> 100 +pass out from any to any port = 3 +pass out from any to any port = 5 +pass out from any to any port = 7 +pass out from any to any port = 9 +block in from any port = 20 to any +block in from any port = 25 to any diff --git a/contrib/ipfilter/test/expected/i4 b/contrib/ipfilter/test/expected/i4 index 89c0995..639dae8 100644 --- a/contrib/ipfilter/test/expected/i4 +++ b/contrib/ipfilter/test/expected/i4 @@ -5,4 +5,5 @@ pass in proto udp from 127.0.0.1/32 port > 32000 to 127.0.0.1/32 port < 29000 block in proto udp from any port != 123 to any port < 7 block in proto tcp from any port = 25 to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 +pass in proto tcp/udp from any port 2:2 to any port 10:20 pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state diff --git a/contrib/ipfilter/test/expected/i6 b/contrib/ipfilter/test/expected/i6 index 40fe185..e4b14c3 100644 --- a/contrib/ipfilter/test/expected/i6 +++ b/contrib/ipfilter/test/expected/i6 @@ -7,4 +7,6 @@ pass in on le0(!) dup-to qe0(!):127.0.0.1 to hme0(!):10.1.1.1 from 127.0.0.1/32 block in quick on qe0(!) to qe1(!) from any to any block in quick to qe1(!) from any to any pass out quick dup-to hme0(!) from any to any +pass out quick on hme0(!) reply-to hme1(!) from any to any +pass in on le0(!) dup-to qe0(!):127.0.0.1 reply-to hme1(!):10.10.10.10 all pass in quick fastroute all diff --git a/contrib/ipfilter/test/expected/i7 b/contrib/ipfilter/test/expected/i7 index c46364b..309cd28 100644 --- a/contrib/ipfilter/test/expected/i7 +++ b/contrib/ipfilter/test/expected/i7 @@ -2,3 +2,8 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 flags S/ block in on lo0(!) proto tcp from any to any flags A/FSRPAU pass in on lo0(!) proto tcp from any to any flags /SPA block in on lo0(!) proto tcp from any to any flags C/A +pass in on lo0(!) proto tcp from any to any flags S/SA +block in on lo0(!) proto tcp from any to any flags S/SA +pass in on lo0(!) proto tcp from any to any flags S/FSRPAU +block in on lo0(!) proto tcp from any to any flags /A +pass in on lo0(!) proto tcp from any to any flags S/SA diff --git a/contrib/ipfilter/test/expected/i8 b/contrib/ipfilter/test/expected/i8 index 77dc177..5533a7d 100644 --- a/contrib/ipfilter/test/expected/i8 +++ b/contrib/ipfilter/test/expected/i8 @@ -1,2 +1,33 @@ pass in proto icmp from 127.0.0.1/32 to 127.0.0.1/32 icmp-type timest block in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp from any to any icmp-type unreach code 15 +pass in proto icmp from any to any icmp-type unreach code 13 +pass in proto icmp from any to any icmp-type unreach code 8 +pass in proto icmp from any to any icmp-type unreach code 4 +pass in proto icmp from any to any icmp-type unreach code 9 +pass in proto icmp from any to any icmp-type unreach code 11 +pass in proto icmp from any to any icmp-type unreach code 14 +pass in proto icmp from any to any icmp-type unreach code 10 +pass in proto icmp from any to any icmp-type unreach code 12 +pass in proto icmp from any to any icmp-type unreach code 7 +pass in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp from any to any icmp-type unreach code 6 +pass in proto icmp from any to any icmp-type unreach code 0 +pass in proto icmp from any to any icmp-type unreach code 3 +pass in proto icmp from any to any icmp-type unreach code 2 +pass in proto icmp from any to any icmp-type unreach code 5 +pass in proto icmp from any to any icmp-type echo +pass in proto icmp from any to any icmp-type echorep +pass in proto icmp from any to any icmp-type inforeq +pass in proto icmp from any to any icmp-type inforep +pass in proto icmp from any to any icmp-type maskrep +pass in proto icmp from any to any icmp-type maskreq +pass in proto icmp from any to any icmp-type paramprob +pass in proto icmp from any to any icmp-type redir +pass in proto icmp from any to any icmp-type unreach +pass in proto icmp from any to any icmp-type routerad +pass in proto icmp from any to any icmp-type routersol +pass in proto icmp from any to any icmp-type squench +pass in proto icmp from any to any icmp-type timest +pass in proto icmp from any to any icmp-type timestrep +pass in proto icmp from any to any icmp-type timex diff --git a/contrib/ipfilter/test/expected/i9 b/contrib/ipfilter/test/expected/i9 index bae7c9b..bb4e54f 100644 --- a/contrib/ipfilter/test/expected/i9 +++ b/contrib/ipfilter/test/expected/i9 @@ -3,5 +3,10 @@ block in from any to any with ipopts pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt lsrr,ssrr pass in from 127.0.0.1/32 to 127.0.0.1/32 with not frag +pass in from 127.0.0.1/32 to 127.0.0.1/32 with frag,frag-body pass in proto tcp from any to any flags S/FSRPAU with not oow keep state pass in proto tcp from any to any flags S/FSRPAU with not bad,bad-src,bad-nat +block in quick from any to any with not nat +block in quick from any to any with not lowttl +pass in from any to any with mbcast,not bcast,mcast,not state +pass in from any to any with opt mtup,mtur,encode,ts,tr,sec,e-sec,cipso,satid,ssrr,addext,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump diff --git a/contrib/ipfilter/test/expected/in1 b/contrib/ipfilter/test/expected/in1 index ce5a610..8c47a92 100644 --- a/contrib/ipfilter/test/expected/in1 +++ b/contrib/ipfilter/test/expected/in1 @@ -3,6 +3,8 @@ map le0 0.0.0.1/32 -> 0.0.0.1/32 map le0 128.0.0.0/1 -> 0.0.0.0/0 map le0 10.0.0.0/8 -> 1.2.3.0/24 map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 0.0.0.5/0.0.0.255 -> 1.2.3.0/24 map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap udp 20000:29999 @@ -25,3 +27,4 @@ map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 frag age 30/30 map fxp0 from 192.168.0.0/18 to any port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp map thisisalonginte 0.0.0.0/0 -> 0.0.0.0/32 mssclamp 1452 tag freddyliveshere map bar0 0.0.0.0/0 -> 0.0.0.0/32 icmpidmap icmp 1000:2000 +map ppp0,adsl0 0.0.0.0/0 -> 0.0.0.0/32 diff --git a/contrib/ipfilter/test/expected/in2 b/contrib/ipfilter/test/expected/in2 index 61c0d18..1dc7b68 100644 --- a/contrib/ipfilter/test/expected/in2 +++ b/contrib/ipfilter/test/expected/in2 @@ -2,7 +2,10 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip +rdr le0 9.0.0.0/8 -> 1.1.1.1 ip +rdr le0 9.8.0.0/16 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 9.8.7.6/32 port 80 -> 0.0.0.0/0 port 80 tcp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp/udp rdr le0 9.8.7.6/32 -> 1.1.1.1 icmp @@ -11,7 +14,7 @@ rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag rdr le0 9.8.7.6/32 -> 1.1.1.1 icmp frag -rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp/udp frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag age 10/10 @@ -65,3 +68,4 @@ rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port 5555 tcp rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port = 5555 tcp rdr le0 0.0.0.0/0 -> 254.220.186.152 ip rdr le0 0.0.0.0/0 -> 254.220.186.152,254.220.186.152 ip +rdr adsl0,ppp0 0.0.0.0/0 port 25 -> 127.0.0.1 port 25 tcp diff --git a/contrib/ipfilter/test/expected/in5 b/contrib/ipfilter/test/expected/in5 index 7b3120a..f371b35 100644 --- a/contrib/ipfilter/test/expected/in5 +++ b/contrib/ipfilter/test/expected/in5 @@ -1,3 +1,4 @@ +map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1/32 portmap tcp 10000:20000 rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp rdr le0 from any to 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp diff --git a/contrib/ipfilter/test/expected/in6 b/contrib/ipfilter/test/expected/in6 index 08bbff0..338bd80 100644 --- a/contrib/ipfilter/test/expected/in6 +++ b/contrib/ipfilter/test/expected/in6 @@ -1,3 +1,7 @@ map foo0 from any port = 1 to any port != 0 -> 0.0.0.0/32 udp +map foo0 from any port = 1 to any port != 0 -> 0.0.0.0/32 udp +map foo0 from any port < 1 to any port > 0 -> 0.0.0.0/32 tcp map foo0 from any port < 1 to any port > 0 -> 0.0.0.0/32 tcp map foo0 from any port <= 1 to any port >= 0 -> 0.0.0.0/32 tcp/udp +map foo0 from any port <= 1 to any port >= 0 -> 0.0.0.0/32 tcp/udp +map foo0 from any port 1 >< 20 to any port 20 <> 40 -> 0.0.0.0/32 tcp/udp diff --git a/contrib/ipfilter/test/expected/n1 b/contrib/ipfilter/test/expected/n1 index 0f87034..537f9bb 100644 --- a/contrib/ipfilter/test/expected/n1 +++ b/contrib/ipfilter/test/expected/n1 @@ -1,105 +1,105 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.2.2.2 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.2.2.2 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- -ip 20(20) 255 10.3.4.5 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.5 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 48(20) 1 10.3.4.5 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 20(20) 34 10.3.4.5 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.5 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.1.1.2 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.5 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 48(20) 1 10.3.4.5 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 20(20) 34 10.3.4.5 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.5 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.1.1.2 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.5 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- -ip 20(20) 255 10.3.4.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.2 > 10.1.1.2 -ip 20(20) 255 10.3.4.3 > 10.1.1.1 -ip 40(20) 6 10.3.4.3,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.3,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.3.4.3 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.3.4.3 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.3.4.4 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.4 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.3.4.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.2 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.3 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.3,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.3,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.3.4.3 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.3 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.4 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.4 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n11 b/contrib/ipfilter/test/expected/n11 index 3732709..5257a64 100644 --- a/contrib/ipfilter/test/expected/n11 +++ b/contrib/ipfilter/test/expected/n11 @@ -1,51 +1,51 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 1.6.7.8 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 1.6.7.8 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 ------------------------------- -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.1.1.0 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.1.1.0 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 ------------------------------- -ip 20(20) 255 10.3.4.0 > 10.1.1.2 -ip 20(20) 255 10.3.4.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.1.1.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.5 -ip 20(20) 255 10.1.1.2 > 10.1.1.5 +ip #0 20(20) 255 10.3.4.0 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.5 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.5 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n13 b/contrib/ipfilter/test/expected/n13 new file mode 100644 index 0000000..bfe2018 --- /dev/null +++ b/contrib/ipfilter/test/expected/n13 @@ -0,0 +1,5 @@ +ip #0 20(20) 0 203.1.1.23 > 150.1.1.1 +ip #0 20(20) 0 203.1.1.23 > 150.1.1.2 +ip #0 20(20) 0 203.1.1.24 > 150.1.1.2 +ip #0 20(20) 0 203.1.1.25 > 150.1.1.1 +------------------------------- diff --git a/contrib/ipfilter/test/expected/n14 b/contrib/ipfilter/test/expected/n14 new file mode 100644 index 0000000..4669300 --- /dev/null +++ b/contrib/ipfilter/test/expected/n14 @@ -0,0 +1,5 @@ +ip #0 40(20) 6 10.2.2.5,2000 > 10.1.1.254,80 +ip #0 40(20) 6 10.2.2.6,2000 > 10.1.1.253,80 +ip #0 40(20) 6 10.2.2.7,2000 > 10.1.1.254,80 +ip #0 40(20) 6 10.2.2.5,2001 > 10.1.1.254,80 +------------------------------- diff --git a/contrib/ipfilter/test/expected/n2 b/contrib/ipfilter/test/expected/n2 index dc70138..827272e 100644 --- a/contrib/ipfilter/test/expected/n2 +++ b/contrib/ipfilter/test/expected/n2 @@ -1,80 +1,80 @@ -ip 40(20) 6 10.2.2.2,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.2.2.2,10001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.2.2.2,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.2.2.2,10001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10003 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10003 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.1.1.3,2000 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.1.1.3,2000 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n3 b/contrib/ipfilter/test/expected/n3 index 03c0717..0e019ae 100644 --- a/contrib/ipfilter/test/expected/n3 +++ b/contrib/ipfilter/test/expected/n3 @@ -1,12 +1,12 @@ -ip 40(20) 6 192.168.2.1,1488 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,1276 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,1032 > 203.1.1.1,80 -ip 28(20) 17 192.168.2.1,1032 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,65299 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1488 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1276 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1032 > 203.1.1.1,80 +ip #0 28(20) 17 192.168.2.1,1032 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,65299 > 203.1.1.1,80 ------------------------------- -ip 40(20) 6 192.168.1.1,1488 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.1,1276 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.0,1032 > 203.1.1.1,80 -ip 28(20) 17 192.168.1.0,1032 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.255,65299 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.1,1488 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.1,1276 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.0,1032 > 203.1.1.1,80 +ip #0 28(20) 17 192.168.1.0,1032 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.255,65299 > 203.1.1.1,80 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n4 b/contrib/ipfilter/test/expected/n4 index 8cdf78c..9349542 100644 --- a/contrib/ipfilter/test/expected/n4 +++ b/contrib/ipfilter/test/expected/n4 @@ -1,66 +1,66 @@ -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.2.2.1,10023 -ip 40(20) 6 10.1.0.0,23 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.0.0,23 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 -ip 28(20) 17 10.1.1.0,53 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 +ip #0 28(20) 17 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n5 b/contrib/ipfilter/test/expected/n5 index 521c737..0e578b6 100644 --- a/contrib/ipfilter/test/expected/n5 +++ b/contrib/ipfilter/test/expected/n5 @@ -1,330 +1,330 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.2.2.2 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.2.2.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.2.2.2,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.2.2.2 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.2.2.2,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.2.2.2,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.2.2.2 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.2.2.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.2.2.2,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.2.2.2 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.2.2.2,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.2.2.2,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.3.4.5 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.5 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.3.4.5 > 10.1.1.2 -ip 20(20) 0 10.3.4.5 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,2000 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,2001 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,2002 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 0 10.3.4.5 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.3.4.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.3.4.1 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.1 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.3.4.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.2 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.3,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.3,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.3,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.3.4.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.1 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.1 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.2 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.3,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.3,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.3,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.5,10001 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.5,10001 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10003 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.1,10009 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.1,10010 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.1,10011 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.3.4.1,10012 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10003 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.1,10009 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.1,10010 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.1,10011 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.3.4.1,10012 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,40000 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.5,40001 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 28(20) 17 10.3.4.5,40000 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.5,40001 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 28(20) 17 10.3.4.5,40000 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n6 b/contrib/ipfilter/test/expected/n6 index d28d4f1..2b2c37f 100644 --- a/contrib/ipfilter/test/expected/n6 +++ b/contrib/ipfilter/test/expected/n6 @@ -1,70 +1,70 @@ -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n7 b/contrib/ipfilter/test/expected/n7 index db8bb50..eb23534 100644 --- a/contrib/ipfilter/test/expected/n7 +++ b/contrib/ipfilter/test/expected/n7 @@ -1,30 +1,30 @@ -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 -ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 -ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 -ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 -ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 -ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 -ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 +ip #0 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 +ip #0 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 +ip #0 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 +ip #0 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 +ip #0 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 ------------------------------- -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 -ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 -ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 -ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 -ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 +ip #0 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 +ip #0 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 +ip #0 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 ------------------------------- -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 -ip 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 -ip 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 -ip 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 -ip 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 -ip 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 -ip 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 -ip 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 +ip #0 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 +ip #0 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 +ip #0 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 +ip #0 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 ------------------------------- diff --git a/contrib/ipfilter/test/expected/p1 b/contrib/ipfilter/test/expected/p1 index c3f7afa..9f02804 100644 --- a/contrib/ipfilter/test/expected/p1 +++ b/contrib/ipfilter/test/expected/p1 @@ -9,6 +9,8 @@ nomatch List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools table role = ipf type = tree number = 100 diff --git a/contrib/ipfilter/test/expected/p2 b/contrib/ipfilter/test/expected/p2 index bb15bdf..2f330c2 100644 --- a/contrib/ipfilter/test/expected/p2 +++ b/contrib/ipfilter/test/expected/p2 @@ -1,4 +1,4 @@ -nomatch +block nomatch pass nomatch @@ -9,10 +9,15 @@ pass List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools List of configured hash tables # 'anonymous' table +table role = ipf type = hash number = 2147483650 size = 3 + { 4.4.0.0/16; 127.0.0.1/32; }; +# 'anonymous' table table role = ipf type = hash number = 2147483649 size = 3 { 4.4.0.0/16; 127.0.0.1/32; }; List of groups configured (set 0) diff --git a/contrib/ipfilter/test/expected/p3 b/contrib/ipfilter/test/expected/p3 index 136543f..94fde9e 100644 --- a/contrib/ipfilter/test/expected/p3 +++ b/contrib/ipfilter/test/expected/p3 @@ -13,6 +13,8 @@ block List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools List of configured hash tables diff --git a/contrib/ipfilter/test/input/f13 b/contrib/ipfilter/test/input/f13 index 0ca607e..d7b0724 100644 --- a/contrib/ipfilter/test/input/f13 +++ b/contrib/ipfilter/test/input/f13 @@ -1,51 +1,94 @@ -# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0 SYN +# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN +[in] 4500 0028 0001 4000 3f06 36cc 0101 0101 0201 0101 -0401 0019 0000 0000 0000 0000 50 02 2000 86c5 0000 +0401 0019 0000 0000 0000 0000 50 02 2000 86bb 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF ACK +[in] 4500 0024 0002 2000 3f06 56cf 0101 0101 0201 0101 0401 0019 0000 0000 0000 0000 5010 2000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2 ACK +[in] 4500 002c 0002 0002 3f06 76c5 0101 0101 0201 0101 0000 0000 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 1213 -# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN +[in] 4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101 -0401 0019 0000 0000 0000 0000 5010 2000 0000 0000 +0400 0019 7000 0000 0000 0000 5002 2000 0000 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0 +[in] 4500 001c 0004 6000 3f06 16d5 0101 0101 0201 0101 0401 0019 0000 0000 # 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN +[in] 4500 001c 0005 6001 3f06 16d3 0101 0101 0201 0101 0000 0000 5010 2000 # 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0 +[in] 4500 0014 0006 6000 3f11 16d0 0101 0101 0201 0101 # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0 +[in] 4500 0018 0007 2000 3f11 56cb 0101 0101 0201 0101 0035 0035 # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0 +[in] 4500 001c 0008 2000 3f11 56c6 0101 0101 0201 0101 0035 0035 0004 0000 # 1.1.1.1,53 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 (short) +[in] 4500 0018 0008 2000 3f11 56ca 0101 0101 0201 0101 0035 0036 # 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 +[in] 4500 001c 0008 2000 3f11 56c6 0101 0101 0201 0101 0015 0036 0004 0000 # 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 TCP MF FO=0 +[in] 4500 001c 0008 2000 3f06 56d1 0101 0101 0201 0101 0015 0036 0000 0000 0000 0000 50 02 2000 0000 0000 +# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=3 +[in] +4500 001c 0008 0003 3f11 76c3 0101 0101 0201 0101 +0000 0000 0000 0000 + # 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=1 +[in] 4500 001c 0008 0001 3f11 76c5 0101 0101 0201 0101 0000 0000 0000 0000 +# 2.1.1.1,53 -> 1.1.1.1,53 TTL=63 UDP +[out] +4500 001c 0008 0000 3f11 76c6 0201 0101 0101 0101 +0035 0035 0004 0000 + +# 2.1.1.1,25 -> 1.1.1.1,1014 TTL=63 TCP DF SYN-ACK +[out] +4500 0028 0003 4000 3f06 36ca 0201 0101 0101 0101 +0019 0400 0000 0001 7000 0001 5012 2000 16b4 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK (OOW) +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 0040 0000 0000 0000 5010 2000 8678 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 7000 0004 0000 0002 5010 2000 16b2 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 7000 0001 0000 0002 5010 2000 16b5 0000 + diff --git a/contrib/ipfilter/test/input/f17 b/contrib/ipfilter/test/input/f17 index 18af566..a0d44d7 100644 --- a/contrib/ipfilter/test/input/f17 +++ b/contrib/ipfilter/test/input/f17 @@ -1,28 +1,39 @@ +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN [out,ppp0] 4500 003c 8262 0000 4006 f254 0101 0101 0202 0202 d33c 0019 bfd0 8989 0000 0000 a002 4000 cfcd 0000 0204 05b4 0103 0300 0101 080a 008e 17f7 0000 0000 +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 ACK [in,ppp0] 4500 003c 8262 0000 1106 2155 0202 0202 0101 0101 0019 d33c 4020 3436 bfdf cbc9 5010 4000 694a 0000 0204 0584 0103 0300 0101 080a 008e 17f7 0000 0000 +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN [out,ppp0] 4500 003c 8265 0000 4006 f251 0101 0101 0202 0202 d33c 0019 bfd0 8989 0000 0000 a002 4000 cfc2 0000 0204 05b4 0103 0300 0101 080a 008e 1802 0000 0000 +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 SYN-ACK [in,ppp0] 4500 002c 7442 4000 2906 d784 0202 0202 0101 0101 0019 d33c ed67 4d4e bfd0 898a 6012 2118 19c2 0000 0204 0584 +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 ACK [out,ppp0] -4500 002c 8262 0000 4006 f264 0101 0101 +4500 0028 8262 0000 4006 f268 0101 0101 0202 0202 d33c 0019 bfd0 898a ed67 4d4e -5010 4000 0ce0 0000 0000 +5010 4000 1268 0000 + +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 ACK+data +[in,ppp0] +4500 002a 7442 4000 2906 d786 0202 0202 +0101 0101 0019 d33c ed67 4d4e bfd0 8990 +5012 2118 2f43 0000 0203 diff --git a/contrib/ipfilter/test/input/f18 b/contrib/ipfilter/test/input/f18 new file mode 100644 index 0000000..9ecbb7f --- /dev/null +++ b/contrib/ipfilter/test/input/f18 @@ -0,0 +1,4 @@ +in on le1 1.1.1.1 3.3.3.3 +in on le1 1.1.1.1 5.5.5.5 +out on le1 2.2.2.2 4.4.4.4 +out on le1 2.2.2.2 6.6.6.6 diff --git a/contrib/ipfilter/test/input/f19 b/contrib/ipfilter/test/input/f19 new file mode 100644 index 0000000..6cab988 --- /dev/null +++ b/contrib/ipfilter/test/input/f19 @@ -0,0 +1,4 @@ +in tcp 127.0.0.1,1 127.0.0.1,21 S +in tcp 127.0.0.1,2 127.0.0.1,21 S +in tcp 127.0.0.1,3 127.0.0.1,21 S +in tcp 127.0.0.1,4 127.0.0.1,21 S diff --git a/contrib/ipfilter/test/input/f7 b/contrib/ipfilter/test/input/f7 index 2721af2..dbc9e33 100644 --- a/contrib/ipfilter/test/input/f7 +++ b/contrib/ipfilter/test/input/f7 @@ -7,3 +7,9 @@ in icmp 1.1.1.1 2.1.1.1 unreach,3 in icmp 1.1.1.1 2.1.1.1 echorep in icmp 1.1.1.1 2.1.1.1 echorep,1 in icmp 1.1.1.1 2.1.1.1 echorep,3 +in icmp 2.2.2.2 3.3.3.3 maskreq +out icmp 3.3.3.3 2.2.2.2 maskrep +in icmp 4.4.4.4 5.5.5.5 timest +out icmp 5.5.5.5 4.4.4.4 timestrep +in icmp 6.6.6.6 7.7.7.7 inforeq +out icmp 7.7.7.7 6.6.6.6 inforep diff --git a/contrib/ipfilter/test/input/f9 b/contrib/ipfilter/test/input/f9 index 33f3be3..e64e299 100644 --- a/contrib/ipfilter/test/input/f9 +++ b/contrib/ipfilter/test/input/f9 @@ -1,6 +1,9 @@ in 1.1.1.1 2.1.1.1 opt lsrr +in 1.1.1.1 2.1.1.1 opt lsrr=1.1.1.1 in 1.1.1.1 2.1.1.1 opt lsrr,ssrr in 1.1.1.1 2.1.1.1 opt ts +in 1.1.1.1 2.1.1.1 opt satid +in 1.1.1.1 2.1.1.1 opt satid=234 in 1.1.1.1 2.1.1.1 opt sec-class=topsecret in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret in 1.1.1.1 2.1.1.1 opt sec diff --git a/contrib/ipfilter/test/input/n13 b/contrib/ipfilter/test/input/n13 new file mode 100644 index 0000000..ac7bbbd --- /dev/null +++ b/contrib/ipfilter/test/input/n13 @@ -0,0 +1,4 @@ +out on le0 192.168.1.1 150.1.1.1 +out on le0 192.168.1.1 150.1.1.2 +out on le0 192.168.1.2 150.1.1.2 +out on le0 192.168.1.3 150.1.1.1 diff --git a/contrib/ipfilter/test/input/n14 b/contrib/ipfilter/test/input/n14 new file mode 100644 index 0000000..969eb1c --- /dev/null +++ b/contrib/ipfilter/test/input/n14 @@ -0,0 +1,4 @@ +in on gre0 tcp 10.2.2.5,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.6,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.7,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.5,2001 203.1.1.1,80 diff --git a/contrib/ipfilter/test/input/ni17 b/contrib/ipfilter/test/input/ni17 new file mode 100644 index 0000000..f9dec94 --- /dev/null +++ b/contrib/ipfilter/test/input/ni17 @@ -0,0 +1,6 @@ +in on le0 tcp 10.2.2.5,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.6,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.7,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.7,2001 203.1.1.1,80 +in on le0 tcp 10.2.2.8,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.9,2000 203.1.1.1,80 diff --git a/contrib/ipfilter/test/itest b/contrib/ipfilter/test/itest index 333afde..8fefc63 100644 --- a/contrib/ipfilter/test/itest +++ b/contrib/ipfilter/test/itest @@ -13,7 +13,14 @@ else fi echo "$1..."; /bin/cp /dev/null results/$1 -../ipf -Rnvf regress/$1 2>/dev/null > results/$1 +case $3 in +ipf) + ../ipf -Rnvf regress/$1 2>/dev/null > results/$1 + ;; +ipftest) + ../ipftest -D -r regress/$1 -i /dev/null > results/$1 + ;; +esac cmp expected/$1 results/$1 status=$? if [ $status = 0 ] ; then diff --git a/contrib/ipfilter/test/natipftest b/contrib/ipfilter/test/natipftest index f5cfdb8..abdc760 100755 --- a/contrib/ipfilter/test/natipftest +++ b/contrib/ipfilter/test/natipftest @@ -27,7 +27,7 @@ single) echo "$1..."; /bin/cp /dev/null results/$1 ( while read rule; do - echo "$rule" | ../ipftest -R $format -bx -r regress/$1.ipf -N - -i input/$1 >> \ + echo "$rule" | ../ipftest -R $format -b -r regress/$1.ipf -N - -i input/$1 >> \ results/$1; if [ $? -ne 0 ] ; then exit 1; @@ -43,7 +43,7 @@ single) multi) echo "$1..."; /bin/cp /dev/null results/$1 - ../ipftest -R $format -bx -r regress/$1.ipf -N regress/$1.nat \ + ../ipftest -R $format -b -r regress/$1.ipf -N regress/$1.nat \ -i input/$1 >> results/$1; if [ $? -ne 0 ] ; then exit 2; diff --git a/contrib/ipfilter/test/regress/bpf1 b/contrib/ipfilter/test/regress/bpf1 index 2c80283..5d83b77 100644 --- a/contrib/ipfilter/test/regress/bpf1 +++ b/contrib/ipfilter/test/regress/bpf1 @@ -1,4 +1,4 @@ pass in bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "src host 1.1.1.1" } pass in bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "dst host 1.1.1.1" } diff --git a/contrib/ipfilter/test/regress/f13 b/contrib/ipfilter/test/regress/f13 index f123e47..8106419 100644 --- a/contrib/ipfilter/test/regress/f13 +++ b/contrib/ipfilter/test/regress/f13 @@ -4,3 +4,5 @@ pass in proto udp from any to any port = 53 keep frags block in proto udp from any to any port = 53 keep frags pass in proto tcp from any to any port = 25 flags S/SA keep state keep frags block in proto tcp from any to any port = 25 flags S/SA keep state keep frags +pass in proto udp from any to any port = 53 keep frags(strict) +pass in proto tcp from any to any port = 25 keep state(strict) diff --git a/contrib/ipfilter/test/regress/f18 b/contrib/ipfilter/test/regress/f18 new file mode 100644 index 0000000..acba2b3 --- /dev/null +++ b/contrib/ipfilter/test/regress/f18 @@ -0,0 +1,4 @@ +pass in from 1.1.1.1 to any +pass out from 2.2.2.2 to any +count in from 1.1.1.1 to 3.3.3.3 +count out from 2.2.2.2 to 4.4.4.4 diff --git a/contrib/ipfilter/test/regress/f19 b/contrib/ipfilter/test/regress/f19 new file mode 100644 index 0000000..d7770b8 --- /dev/null +++ b/contrib/ipfilter/test/regress/f19 @@ -0,0 +1,2 @@ +pass in quick proto tcp all flags S keep state +pass in quick proto tcp all flags S keep state(limit 1) diff --git a/contrib/ipfilter/test/regress/f7 b/contrib/ipfilter/test/regress/f7 index 6848a68..be1b969 100644 --- a/contrib/ipfilter/test/regress/f7 +++ b/contrib/ipfilter/test/regress/f7 @@ -4,3 +4,6 @@ block in proto icmp from any to any icmp-type unreach code 3 pass in proto icmp from any to any icmp-type unreach code 3 block in proto icmp from any to any icmp-type echorep pass in proto icmp from any to any icmp-type echorep +pass in proto icmp all icmp-type maskreq keep state +pass in proto icmp all icmp-type timest keep state +pass in proto icmp all icmp-type inforeq keep state diff --git a/contrib/ipfilter/test/regress/i1 b/contrib/ipfilter/test/regress/i1 index df60d2b..c86c320 100644 --- a/contrib/ipfilter/test/regress/i1 +++ b/contrib/ipfilter/test/regress/i1 @@ -7,10 +7,12 @@ count in from any to any pass in from !any to any block in from any to !any pass in on ed0 from localhost to localhost +pass in on ed0,vx0 from localhost to localhost block in log first on lo0 from any to any pass in log body quick from any to any block return-rst in quick on le0 proto tcp from any to any block return-icmp in on qe0 from any to any block return-icmp(1) in on qe0 from any to any +block return-icmp-as-dest in on le0 from any to any block return-icmp-as-dest(port-unr) in on qe0 from any to any pass out on longNICname0 from test.host.dots to test\.host.dots diff --git a/contrib/ipfilter/test/regress/i11 b/contrib/ipfilter/test/regress/i11 index 2999a85..89b3589 100644 --- a/contrib/ipfilter/test/regress/i11 +++ b/contrib/ipfilter/test/regress/i11 @@ -1,8 +1,10 @@ pass in on ed0 proto tcp from localhost to localhost port = telnet keep state -block in log first on lo0 proto tcp/udp from any to any keep state +block in log first on lo0 proto tcp/udp from any to any port = echo keep state pass in proto udp from localhost to localhost port = 20499 keep frag +pass in proto udp from localhost to localhost port = 2049 keep frag(strict) pass in proto udp from localhost to localhost port = 53 keep state keep frags pass in on ed0 out-via vx0 proto udp from any to any keep state pass out on ppp0 in-via le0 proto tcp from any to any keep state +pass in on ed0,vx0 out-via vx0,ed0 proto udp from any to any keep state pass in proto tcp from any port gt 1024 to localhost port eq 1024 keep state pass in proto tcp all flags S keep state(strict,newisn,no-icmp-err,limit 101) diff --git a/contrib/ipfilter/test/regress/i12 b/contrib/ipfilter/test/regress/i12 index b8b2f3e..5342702 100644 --- a/contrib/ipfilter/test/regress/i12 +++ b/contrib/ipfilter/test/regress/i12 @@ -2,8 +2,9 @@ pass in from 1.1.1.1/32 to 2.2.2.2/32 pass in from (2.2.2.2/24,3.3.3.3/32) to 4.4.4.4/32 pass in from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) pass in from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (22,25) -pass in proto tcp from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (53,9) +pass in proto tcp from (2.2.2.2/24,3.3.3.3/32) port = (53,9) to (5.5.5.5/32,6.6.6.6/32) pass in proto udp from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (53,9) pass in from 10.10.10.10 to 11.11.11.11 pass in from pool/101 to hash/202 pass in from hash/303 to pool/404 +pass in from pool=(!1.1.1.1,2.2.2.2,!2.2.0.0/16) to pool = ( 1.1.0.0/16 ) diff --git a/contrib/ipfilter/test/regress/i14 b/contrib/ipfilter/test/regress/i14 index 3c9d7b8..2cd2613 100644 --- a/contrib/ipfilter/test/regress/i14 +++ b/contrib/ipfilter/test/regress/i14 @@ -6,3 +6,5 @@ block in on vm0 proto tcp/udp all head 101 pass in from 1.1.1.1 to 2.2.2.2 group 101 pass in proto tcp from 1.0.0.1 to 2.0.0.2 group 101 pass in proto udp from 2.0.0.2 to 3.0.0.3 group 101 +block in on vm0 proto tcp/udp all head vm0-group +pass in from 1.1.1.1 to 2.2.2.2 group vm0-group diff --git a/contrib/ipfilter/test/regress/i16 b/contrib/ipfilter/test/regress/i16 new file mode 100644 index 0000000..5c9144a --- /dev/null +++ b/contrib/ipfilter/test/regress/i16 @@ -0,0 +1,3 @@ +0 block out all +100 pass in all +10101 pass out proto tcp all diff --git a/contrib/ipfilter/test/regress/i17 b/contrib/ipfilter/test/regress/i17 new file mode 100644 index 0000000..a995ae5 --- /dev/null +++ b/contrib/ipfilter/test/regress/i17 @@ -0,0 +1,11 @@ +100 pass in all +200 pass in proto tcp all +110 pass in proto udp all +110 pass in from localhost to any +pass in all +pass in from localhost to any +@0 100 pass in from localhost to any +@1 pass in from any to localhost +@0 pass in from 1.1.1.1 to any +@1 110 pass in from 2.2.2.2 to any +@2 pass in from 3.3.3.3 to any diff --git a/contrib/ipfilter/test/regress/i18 b/contrib/ipfilter/test/regress/i18 new file mode 100644 index 0000000..c2845d1 --- /dev/null +++ b/contrib/ipfilter/test/regress/i18 @@ -0,0 +1,2 @@ +pass in tos (80,0x80,40) all +block in ttl (0,1,2,3,4,5,6) all diff --git a/contrib/ipfilter/test/regress/i19 b/contrib/ipfilter/test/regress/i19 new file mode 100644 index 0000000..a09fd56 --- /dev/null +++ b/contrib/ipfilter/test/regress/i19 @@ -0,0 +1,22 @@ +block in quick log level user.debug proto icmp all +block in quick log level mail.info proto icmp all +block in quick log level daemon.notice proto icmp all +block in quick log level auth.warn proto icmp all +block in quick log level syslog.err proto icmp all +block in quick log level lpr.crit proto icmp all +block in quick log level news.alert proto icmp all +block in quick log level uucp.emerg proto icmp all +block in quick log level cron.debug proto icmp all +block in quick log level ftp.info proto icmp all +block in quick log level authpriv.notice proto icmp all +block in quick log level logalert.warn proto icmp all +block in quick log level local0.err proto icmp all +block in quick log level local1.crit proto icmp all +block in quick log level local2.alert proto icmp all +block in quick log level local3.emerg proto icmp all +block in quick log level local4.debug proto icmp all +block in quick log level local5.info proto icmp all +block in quick log level local6.notice proto icmp all +block in quick log level local7.warn proto icmp all +block in quick log level kern.err proto icmp all +block in quick log level security.emerg proto icmp all diff --git a/contrib/ipfilter/test/regress/i2 b/contrib/ipfilter/test/regress/i2 index a3b9cd8..50f6107 100644 --- a/contrib/ipfilter/test/regress/i2 +++ b/contrib/ipfilter/test/regress/i2 @@ -5,3 +5,4 @@ block in proto ipv6 from any to any block in proto 17 from any to any block in proto 250 from any to any pass in proto tcp/udp from any to any +block in proto tcp-udp from any to any diff --git a/contrib/ipfilter/test/regress/i20 b/contrib/ipfilter/test/regress/i20 new file mode 100644 index 0000000..99039ee --- /dev/null +++ b/contrib/ipfilter/test/regress/i20 @@ -0,0 +1,4 @@ +pass in on ppp0 from ppp0/peer to ppp0/32 +block in on hme0 from any to hme0/broadcast +pass in on bge0 from bge0/network to bge0/32 +block in on eri0 from any to eri0/netmasked diff --git a/contrib/ipfilter/test/regress/i21 b/contrib/ipfilter/test/regress/i21 new file mode 100644 index 0000000..bf797f9 --- /dev/null +++ b/contrib/ipfilter/test/regress/i21 @@ -0,0 +1,6 @@ +pass in from port = 10101 +pass out from any to port != 22 +block in from port 20:21 +block out from any to port 10 <> 100 +pass out from any to port = (3,5,7,9) +block in from port = (20,25) diff --git a/contrib/ipfilter/test/regress/i4 b/contrib/ipfilter/test/regress/i4 index 7170dc2..8551f76 100644 --- a/contrib/ipfilter/test/regress/i4 +++ b/contrib/ipfilter/test/regress/i4 @@ -5,4 +5,5 @@ pass in proto 17 from localhost port > 32000 to localhost port < 29000 block in proto udp from any port != \ntp to any port < echo block in proto tcp from any port = smtp to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 +pass in proto tcp/udp from any port 2:2 to any port 10:20 pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S keep state diff --git a/contrib/ipfilter/test/regress/i6 b/contrib/ipfilter/test/regress/i6 index 1a53089..0b371bd 100644 --- a/contrib/ipfilter/test/regress/i6 +++ b/contrib/ipfilter/test/regress/i6 @@ -7,4 +7,6 @@ pass in on le0 to hme0:10.1.1.1 dup-to qe0:127.0.0.1 from localhost to localhost block in quick on qe0 to qe1 from any to any block in quick to qe1 from any to any pass out quick dup-to hme0 from any to any +pass out quick on hme0 reply-to hme1 from any to any +pass in on le0 dup-to qe0:127.0.0.1 reply-to hme1:10.10.10.10 all pass in quick fastroute all diff --git a/contrib/ipfilter/test/regress/i7 b/contrib/ipfilter/test/regress/i7 index 4f3328d..1a82940 100644 --- a/contrib/ipfilter/test/regress/i7 +++ b/contrib/ipfilter/test/regress/i7 @@ -2,3 +2,8 @@ pass in on ed0 proto tcp from localhost to localhost port = 23 flags S/SA block in on lo0 proto tcp from any to any flags A pass in on lo0 proto tcp from any to any flags /SAP block in on lo0 proto tcp from any to any flags 0x80/A +pass in on lo0 proto tcp from any to any flags S/18 +block in on lo0 proto tcp from any to any flags 2/18 +pass in on lo0 proto tcp from any to any flags 2 +block in on lo0 proto tcp from any to any flags /16 +pass in on lo0 proto tcp from any to any flags 2/SA diff --git a/contrib/ipfilter/test/regress/i8 b/contrib/ipfilter/test/regress/i8 index bde6ed5..cc984b2 100644 --- a/contrib/ipfilter/test/regress/i8 +++ b/contrib/ipfilter/test/regress/i8 @@ -1,2 +1,31 @@ pass in proto icmp from localhost to localhost icmp-type timest block in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp all icmp-type unreach code cutoff-preced +pass in proto icmp all icmp-type unreach code filter-prohib +pass in proto icmp all icmp-type unreach code isolate +pass in proto icmp all icmp-type unreach code needfrag +pass in proto icmp all icmp-type unreach code net-prohib +pass in proto icmp all icmp-type unreach code net-tos +pass in proto icmp all icmp-type unreach code host-preced +pass in proto icmp all icmp-type unreach code host-prohib +pass in proto icmp all icmp-type unreach code host-tos +pass in proto icmp all icmp-type unreach code host-unk +pass in proto icmp all icmp-type unreach code host-unr +pass in proto icmp all icmp-type unreach code (net-unk,net-unr) +pass in proto icmp all icmp-type unreach code port-unr +pass in proto icmp all icmp-type unreach code proto-unr +pass in proto icmp all icmp-type unreach code srcfail +pass in proto icmp all icmp-type (echo,echorep) +pass in proto icmp all icmp-type inforeq +pass in proto icmp all icmp-type inforep +pass in proto icmp all icmp-type maskrep +pass in proto icmp all icmp-type maskreq +pass in proto icmp all icmp-type paramprob +pass in proto icmp all icmp-type redir +pass in proto icmp all icmp-type unreach +pass in proto icmp all icmp-type routerad +pass in proto icmp all icmp-type routersol +pass in proto icmp all icmp-type squench +pass in proto icmp all icmp-type timest +pass in proto icmp all icmp-type timestrep +pass in proto icmp all icmp-type timex diff --git a/contrib/ipfilter/test/regress/i9 b/contrib/ipfilter/test/regress/i9 index 2b8fb10..a966bed 100644 --- a/contrib/ipfilter/test/regress/i9 +++ b/contrib/ipfilter/test/regress/i9 @@ -2,6 +2,11 @@ pass in from localhost to localhost with short,frags block in from any to any with ipopts pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr -pass in from localhost to localhost with not frag +pass in from localhost to localhost and not frag +pass in from localhost to localhost with frags,frag-body pass in proto tcp all flags S with not oow keep state pass in proto tcp all flags S with not bad,bad-src,bad-nat +block in quick all with not nat +block in quick all with not lowttl +pass in all with mbcast,not bcast,multicast,not state +pass in from any to any with opt mtur,mtup,encode,ts,tr,sec,cipso,satid,ssrr,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump,addext,e-sec diff --git a/contrib/ipfilter/test/regress/in1 b/contrib/ipfilter/test/regress/in1 index 145e3d0..163d834 100644 --- a/contrib/ipfilter/test/regress/in1 +++ b/contrib/ipfilter/test/regress/in1 @@ -3,14 +3,16 @@ map le0 1/32 -> 1/32 map le0 128.0.0.0/1 -> 0/0 map le0 10.0.0.0/8 -> 1.2.3.0/24 map le0 10.0.0.5/8 -> 1.2.3.4/24 +map le0 10.0.0.5/0xff000000 -> 1.2.3.4/24 +map le0 10.0.0.5/0xff -> 1.2.3.4/24 map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 map ppp0 192.168.0.0/16 -> 0/32 portmap udp 20000:29999 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp 30000:39999 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp auto map ppp0 192.168.0.0/16 -> 0/32 portmap udp auto -map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp auto -map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp +map ppp0 192.168.0.0/16 -> 0/32 portmap tcpudp auto +map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/6 map ppp0 192.168.0.0/16 -> 0/32 proxy port 1010 ftp/tcp map le0 0/0 -> 0/32 frag map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag @@ -25,3 +27,4 @@ map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 frag age 30 map fxp0 from 192.168.0.0/18 to 0/0 port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp map thisisalonginte 0/0 -> 0/32 mssclamp 1452 tag freddyliveshere map bar0 0/0 -> 0/32 icmpidmap icmp 1000:2000 +map ppp0,adsl0 0/0 -> 0/32 diff --git a/contrib/ipfilter/test/regress/in2 b/contrib/ipfilter/test/regress/in2 index 222a28c..4a86de7 100644 --- a/contrib/ipfilter/test/regress/in2 +++ b/contrib/ipfilter/test/regress/in2 @@ -2,7 +2,10 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip +rdr le0 9.8.7.6/0xff000000 -> 1.1.1.1 ip +rdr le0 9.8.7.6/0xffff0000 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 9.8.7.6/32 port 80 -> 0/0 port 80 tcp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp/udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 icmp @@ -11,7 +14,7 @@ rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 icmp frag -rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcpudp frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag age 10 @@ -65,3 +68,4 @@ rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port 5555 tcp rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port = 5555 tcp rdr le0 0/0 -> test.host.dots rdr le0 0/0 -> test.host.dots,test.host.dots +rdr adsl0,ppp0 0/0 port 25 -> 127.0.0.1 port 25 diff --git a/contrib/ipfilter/test/regress/in5 b/contrib/ipfilter/test/regress/in5 index d0a115c..c539b03 100644 --- a/contrib/ipfilter/test/regress/in5 +++ b/contrib/ipfilter/test/regress/in5 @@ -1,9 +1,10 @@ +map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1 portmap 10000:20000 tcp rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp -rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 ip -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 ip -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 udp +rdr le0 from any to 9.8.7.6/0xffffffff port = 0 -> 1.1.1.1 port 0 ip +rdr le0 from any to 9.8.7.6 port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 from any to 9.8.7.6/255.255.255.255 port = 8888 -> 1.1.1.1 port 888 ip +rdr le0 from any to 9.8.7.6 mask 0xffffffff port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 from any to 9.8.7.6 mask 255.255.255.255 port = 8888 -> 1.1.1.1 port 888 udp rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp/udp rdr le0 from any to 9.8.7.6/32 -> 1.1.1.1 port 888 icmp rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1,1.1.1.2 port 888 tcp diff --git a/contrib/ipfilter/test/regress/in6 b/contrib/ipfilter/test/regress/in6 index 6948799..932df9b 100644 --- a/contrib/ipfilter/test/regress/in6 +++ b/contrib/ipfilter/test/regress/in6 @@ -1,3 +1,7 @@ map foo0 from any port = 1 to any port != 0 -> 0/32 udp +map foo0 from any port eq 1 to any port ne 0 -> 0/32 udp map foo0 from any port < 1 to any port > 0 -> 0/32 tcp +map foo0 from any port lt 1 to any port gt 0 -> 0/32 tcp map foo0 from any port <= 1 to any port >= 0 -> 0/32 tcp/udp +map foo0 from any port le 1 to any port ge 0 -> 0/32 tcp/udp +map foo0 from any port 1 >< 20 to any port 20 <> 40 -> 0/32 tcp/udp diff --git a/contrib/ipfilter/test/regress/n13 b/contrib/ipfilter/test/regress/n13 new file mode 100644 index 0000000..8047930 --- /dev/null +++ b/contrib/ipfilter/test/regress/n13 @@ -0,0 +1 @@ +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 diff --git a/contrib/ipfilter/test/regress/n14 b/contrib/ipfilter/test/regress/n14 new file mode 100644 index 0000000..6f5d571 --- /dev/null +++ b/contrib/ipfilter/test/regress/n14 @@ -0,0 +1 @@ +rdr gre0 0/0 port 80 -> 10.1.1.254,10.1.1.253 port 80 tcp sticky diff --git a/contrib/ipfilter/test/regress/ni17.nat b/contrib/ipfilter/test/regress/ni17.nat new file mode 100644 index 0000000..3da6338 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni17.nat @@ -0,0 +1,4 @@ +rdr le0 0/0 port 80 -> 10.1.1.252 port 3128 tcp round-robin +rdr le0 0/0 port 80 -> 10.1.2.252 port 3128 tcp round-robin +rdr le0 0/0 port 80 -> 10.1.3.252 port 3128 tcp round-robin sticky +rdr le0 0/0 port 80 -> 10.1.1.253,10.1.2.253 port 3128 tcp round-robin sticky diff --git a/contrib/ipfilter/test/regress/p2.ipf b/contrib/ipfilter/test/regress/p2.ipf index 5b58647..4cfb388 100644 --- a/contrib/ipfilter/test/regress/p2.ipf +++ b/contrib/ipfilter/test/regress/p2.ipf @@ -1 +1,2 @@ pass out from hash=(127.0.0.1,4.4.0.0/16) to any +block in from hash=(127.0.0.1,4.4.0.0/16) to any diff --git a/contrib/ipfilter/test/test.format b/contrib/ipfilter/test/test.format index 090c8a9..f284542 100644 --- a/contrib/ipfilter/test/test.format +++ b/contrib/ipfilter/test/test.format @@ -1,6 +1,6 @@ #test input-format output-format bpf-f1 text text -bpf1 text text +bpf1 text ipf f1 text text f2 text text f3 text text @@ -18,21 +18,29 @@ f14 text text f15 text text f16 text text f17 hex hex -i1 text text -i2 text text -i3 text text -i4 text text -i5 text text -i6 text text -i7 text text -i8 text text -i9 text text -i10 text text -i11 text text -i12 text text -i13 text text -i14 text text -i15 text text +f18 text text +f19 text text fr_statemax=3 +i1 text ipf +i2 text ipf +i3 text ipf +i4 text ipf +i5 text ipf +i6 text ipf +i7 text ipf +i8 text ipf +i9 text ipf +i10 text ipf +i11 text ipf +i12 text ipf +i13 text ipf +i14 text ipf +i15 text ipf +i16 text ipf +i17 text ipftest +i18 text ipf +i19 text ipf +i20 text ipf +i21 text ipf in1 text text in2 text text in3 text text @@ -56,6 +64,8 @@ n9 hex hex fr_update_ipid=0 n10 hex hex fr_update_ipid=0 n11 text text n12 hex hex fr_update_ipid=0 +n13 text text +n14 text text ni1 hex hex fr_update_ipid=1 ni2 hex hex fr_update_ipid=1 ni3 hex hex fr_update_ipid=1 diff --git a/contrib/ipfilter/test/vfycksum.pl b/contrib/ipfilter/test/vfycksum.pl index 9cb47f6..d23c884 100755 --- a/contrib/ipfilter/test/vfycksum.pl +++ b/contrib/ipfilter/test/vfycksum.pl @@ -3,6 +3,14 @@ # validate the IPv4 header checksum. # $bytes[] is an array of 16bit values, with $cnt elements in the array. # +sub dump { + print "\n"; + for ($i = 0; $i < $#bytes; $i++) { + printf "%04x ", $bytes[$i]; + } + print "\n"; +} + sub dosum { local($seed) = $_[0]; local($start) = $_[1]; @@ -99,7 +107,8 @@ sub tcpcheck { } if ($z) { - print " TCP: missing data($x $y $z)"; + print " TCP: missing data($x $y $z) $hl"; +# &dump(); return; } diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index ea39780..2454124 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -21,7 +19,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index 0660d50..a65a2e2 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -1,11 +1,10 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include #include #ifdef IPFILTER_BPF -# include +# include "pcap-bpf.h" +# define _NET_BPF_H_ # include #endif #include "netinet/ip_pool.h" @@ -58,7 +57,7 @@ static struct wordtab icmpcodewords[17]; static struct wordtab icmptypewords[16]; static struct wordtab ipv4optwords[25]; static struct wordtab ipv4secwords[9]; -static struct wordtab ipv6optwords[8]; +static struct wordtab ipv6optwords[9]; static struct wordtab logwords[33]; %} @@ -135,6 +134,7 @@ static struct wordtab logwords[33]; %token IPF6_V6HDRS IPFY_IPV6OPT IPFY_IPV6OPT_DSTOPTS IPFY_IPV6OPT_HOPOPTS %token IPFY_IPV6OPT_IPV6 IPFY_IPV6OPT_NONE IPFY_IPV6OPT_ROUTING +%token IPFY_IPV6OPT_MOBILITY IPFY_IPV6OPT_ESP IPFY_IPV6OPT_FRAG %token IPFY_ICMPT_UNR IPFY_ICMPT_ECHO IPFY_ICMPT_ECHOR IPFY_ICMPT_SQUENCH %token IPFY_ICMPT_REDIR IPFY_ICMPT_TIMEX IPFY_ICMPT_PARAMP IPFY_ICMPT_TIMEST @@ -1025,7 +1025,7 @@ codelist: icmpcode { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) } | codelist lmore icmpcode - { DOREM(fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } + { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } ; age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ @@ -1085,6 +1085,7 @@ stateopt: | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) } | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) } + age; ; portnum: @@ -1101,15 +1102,14 @@ portnum: ; withlist: - withopt - | withlist withopt - | withlist ',' withopt + withopt { nowith = 0; } + | withlist withopt { nowith = 0; } + | withlist ',' withopt { nowith = 0; } ; withopt: opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) } - | notwith opttype - { DOALL(fr->fr_mflx |= $2;) } + | notwith opttype { DOALL(fr->fr_mflx |= $2;) } | ipopt ipopts { yyresetdict(); } | notwith ipopt ipopts { yyresetdict(); } | startv6hdrs ipv6hdrs { yyresetdict(); } @@ -1267,12 +1267,13 @@ setsecclass: ipv6hdr: IPFY_AH { $$ = getv6optbyvalue(IPPROTO_AH); } | IPFY_IPV6OPT_DSTOPTS { $$ = getv6optbyvalue(IPPROTO_DSTOPTS); } - | IPFY_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } + | IPFY_IPV6OPT_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } | IPFY_IPV6OPT_HOPOPTS { $$ = getv6optbyvalue(IPPROTO_HOPOPTS); } | IPFY_IPV6OPT_IPV6 { $$ = getv6optbyvalue(IPPROTO_IPV6); } | IPFY_IPV6OPT_NONE { $$ = getv6optbyvalue(IPPROTO_NONE); } | IPFY_IPV6OPT_ROUTING { $$ = getv6optbyvalue(IPPROTO_ROUTING); } - | IPFY_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_MOBILITY { $$ = getv6optbyvalue(IPPROTO_MOBILITY); } ; level: IPFY_LEVEL { setsyslog(); } @@ -1434,6 +1435,7 @@ static struct wordtab ipfwords[95] = { { "mask", IPFY_MASK }, { "match-tag", IPFY_MATCHTAG }, { "mbcast", IPFY_MBCAST }, + { "mcast", IPFY_MULTICAST }, { "multicast", IPFY_MULTICAST }, { "nat", IPFY_NAT }, { "ne", YY_CMP_NE }, @@ -1573,12 +1575,13 @@ static struct wordtab ipv4secwords[9] = { { NULL, 0 }, }; -static struct wordtab ipv6optwords[8] = { +static struct wordtab ipv6optwords[9] = { { "dstopts", IPFY_IPV6OPT_DSTOPTS }, - { "esp", IPFY_ESP }, - { "frag", IPFY_FRAG }, + { "esp", IPFY_IPV6OPT_ESP }, + { "frag", IPFY_IPV6OPT_FRAG }, { "hopopts", IPFY_IPV6OPT_HOPOPTS }, { "ipv6", IPFY_IPV6OPT_IPV6 }, + { "mobility", IPFY_IPV6OPT_MOBILITY }, { "none", IPFY_IPV6OPT_NONE }, { "routing", IPFY_IPV6OPT_ROUTING }, { NULL, 0 }, @@ -1825,8 +1828,7 @@ char *phrase; fr->fr_v = v; fr->fr_type = FR_T_BPFOPC; - if (!strncmp(phrase, "\"0x", 2)) { - phrase++; + if (!strncmp(phrase, "0x", 2)) { fb = malloc(sizeof(fakebpf_t)); for (i = 0, s = strtok(phrase, " \r\n\t"); s != NULL; diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index 262e909..f09bfd3 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c index 49e7e52..767dffb 100644 --- a/contrib/ipfilter/tools/ipfs.c +++ b/contrib/ipfilter/tools/ipfs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001, 2003 by Darren Reed. * @@ -41,7 +39,7 @@ #include #include #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #if !defined(lint) static const char rcsid[] = "@(#)Id: ipfs.c,v 1.12 2003/12/01 01:56:53 darrenr Exp"; diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index fbd6c35..fb0c433 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -70,7 +68,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.11 2005/03/30 14:09:57 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.13 2005/10/17 17:26:32 darrenr Exp $"; #endif #ifdef __hpux @@ -1008,10 +1006,11 @@ int topclosed; { char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE]; int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT; - int i, j, winy, tsentry, maxx, maxy, redraw = 0; + int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0; int len, srclen, dstlen, forward = 1, c = 0; ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; + const char *errstr = ""; ipstate_t ips; ipfobj_t ipfo; struct timeval selecttimeout; @@ -1051,8 +1050,9 @@ int topclosed; /* get state table */ bzero((char *)&ipsst, sizeof(ipsst)); if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { - perror("ioctl(SIOCGETFS)"); - exit(-1); + errstr = "ioctl(SIOCGETFS)"; + ret = -1; + goto out; } /* clear the history */ @@ -1416,12 +1416,15 @@ int topclosed; } } /* while */ +out: printw("\n"); curs_set(1); - nocbreak(); + /* nocbreak(); XXX - endwin() should make this redundant */ endwin(); free(tstable); + if (ret != 0) + perror(errstr); } #endif @@ -1612,7 +1615,9 @@ static char *getip(v, addr) int v; i6addr_t *addr; { +#ifdef USE_INET6 static char hostbuf[MAXHOSTNAMELEN+1]; +#endif if (v == 4) return inet_ntoa(addr->in4); diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index fbc91e5..913f756 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipftest.c,v 1.44.2.3 2005/02/01 02:41:24 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.7 2005/12/07 08:29:19 darrenr Exp $"; #endif extern char *optarg; @@ -22,13 +20,15 @@ extern struct ifnet *get_unit __P((char *, int)); extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; +extern hostmap_t **maptable; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; -ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw; +ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int opts = OPT_DONOTHING; int use_inet6 = 0; +int docksum = 0; int pfil_delayed_copy = 0; int main __P((int, char *[])); int loadrules __P((char *, int)); @@ -77,6 +77,7 @@ char *argv[]; { char *datain, *iface, *ifname, *logout; int fd, i, dir, c, loaded, dump, hlen; + struct in_addr sip; struct ifnet *ifp; struct ipread *r; mb_t mb, *m; @@ -90,21 +91,23 @@ char *argv[]; r = &iptext; iface = NULL; logout = NULL; - ifname = "anon0"; datain = NULL; + sip.s_addr = 0; + ifname = "anon0"; MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock"); RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex"); RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); initparse(); if (fr_initialise() == -1) abort(); fr_running = 1; - while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) + while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1) switch (c) { case '6' : @@ -121,6 +124,9 @@ char *argv[]; case 'd' : opts |= OPT_DEBUG; break; + case 'C' : + docksum = 1; + break; case 'D' : dump = 1; break; @@ -147,21 +153,6 @@ char *argv[]; case 'l' : logout = optarg; break; - case 'o' : - opts |= OPT_SAVEOUT; - break; - case 'r' : - if (ipf_parsefile(-1, ipf_addrule, iocfunctions, - optarg) == -1) - return -1; - loaded = 1; - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; case 'N' : if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, optarg) == -1) @@ -169,14 +160,32 @@ char *argv[]; loaded = 1; opts |= OPT_NAT; break; + case 'o' : + opts |= OPT_SAVEOUT; + break; case 'P' : if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) return -1; loaded = 1; break; + case 'r' : + if (ipf_parsefile(-1, ipf_addrule, iocfunctions, + optarg) == -1) + return -1; + loaded = 1; + break; + case 'S' : + sip.s_addr = inet_addr(optarg); + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; case 'T' : ipf_dotuning(-1, optarg, ipftestioctl); break; + case 'v' : + opts |= OPT_VERBOSE; + break; case 'x' : opts |= OPT_HEX; break; @@ -207,9 +216,11 @@ char *argv[]; if (!use_inet6) { ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - if (r->r_flags & R_DO_CKSUM) + if ((r->r_flags & R_DO_CKSUM) || docksum) fixv4sums(m, ip); hlen = IP_HL(ip) << 2; + if (sip.s_addr) + dir = !(sip.s_addr == ip->ip_src.s_addr); } #ifdef USE_INET6 else @@ -283,6 +294,9 @@ char *argv[]; } m = &mb; } + + if (i != 0) + fprintf(stderr, "readip failed: %d\n", i); (*r->r_close)(); if (logout != NULL) { @@ -617,6 +631,8 @@ void dumpnat() { ipnat_t *ipn; nat_t *nat; + hostmap_t *hm; + int i; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) @@ -627,6 +643,12 @@ void dumpnat() if (nat->nat_aps) printaps(nat->nat_aps, opts); } + + printf("\nHostmap table:\n"); + for (i = 0; i < ipf_hostmap_sz; i++) { + for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) + printhostmap(hm, i); + } } @@ -764,6 +786,10 @@ ip_t *ip; hdr = csump; csump += offsetof(udphdr_t, uh_sum); break; + case IPPROTO_ICMP : + hdr = csump; + csump += offsetof(icmphdr_t, icmp_cksum); + break; default : csump = NULL; hdr = NULL; diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index a91eee4..1ef3351 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -78,7 +76,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.8 2004/12/09 19:41:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $"; #endif @@ -420,6 +418,14 @@ static void init_tabs() p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); +#if defined(_AIX51) + if (protocols[0]) + free(protocols[0]); + if (protocols[252]) + free(protocols[252]); + protocols[0] = "ip"; + protocols[252] = NULL; +#endif } if (udp_ports != NULL) { @@ -1024,7 +1030,8 @@ int blen; (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); t += strlen(t); #endif -#ifdef __sgi +#if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \ + defined(__arm__) if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0')) #else if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0')) diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y index 8b30028..4eba00c 100644 --- a/contrib/ipfilter/tools/ipmon_y.y +++ b/contrib/ipfilter/tools/ipmon_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index fc17cea..d17d668 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -51,7 +49,7 @@ # include #endif #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include "kmem.h" #ifdef __hpux @@ -67,7 +65,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipnat.c,v 1.24.2.1 2004/04/28 17:56:22 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index d3f18c6..ddd4311 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version @@ -160,8 +158,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -188,8 +184,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -306,6 +300,11 @@ rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } dip: hostname { nat->in_inip = $1.s_addr; nat->in_inmsk = 0xffffffff; } + | hostname '/' YY_NUMBER { if ($3 != 0 || $1.s_addr != 0) + yyerror("Only 0/0 supported"); + nat->in_inip = 0; + nat->in_inmsk = 0; + } | hostname ',' hostname { nat->in_flags |= IPN_SPLIT; nat->in_inip = $1.s_addr; nat->in_inmsk = $3.s_addr; } @@ -454,11 +453,11 @@ addr: IPNY_ANY { $$.a.s_addr = 0; $$.m.s_addr = 0; } $$.a.s_addr &= $$.m.s_addr; } | hostname '/' ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } | hostname IPNY_MASK ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } ; @@ -471,7 +470,7 @@ nummask: portstuff: compare portspec { $$.pc = $1; $$.p1 = $2; } - | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; } + | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } ; mapoptions: diff --git a/contrib/ipfilter/tools/ippool.c b/contrib/ipfilter/tools/ippool.c index 7122c94..31b5bfd 100644 --- a/contrib/ipfilter/tools/ippool.c +++ b/contrib/ipfilter/tools/ippool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/ippool_y.y b/contrib/ipfilter/tools/ippool_y.y index 357745d..a508268 100644 --- a/contrib/ipfilter/tools/ippool_y.y +++ b/contrib/ipfilter/tools/ippool_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include #include diff --git a/contrib/ipfilter/tools/ipscan_y.y b/contrib/ipfilter/tools/ipscan_y.y index 64cbb6d..c3446ff 100644 --- a/contrib/ipfilter/tools/ipscan_y.y +++ b/contrib/ipfilter/tools/ipscan_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include #include diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index 20cc25e..8a87974 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index a189a9b..29c63af 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/lex_var.h b/contrib/ipfilter/tools/lex_var.h index 33fba25..0a0bd4b 100644 --- a/contrib/ipfilter/tools/lex_var.h +++ b/contrib/ipfilter/tools/lex_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - extern long string_start; extern long string_end; diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index f6fccfb..66de8fc 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/lexer.h b/contrib/ipfilter/tools/lexer.h index 4950aa8..a296cb0 100644 --- a/contrib/ipfilter/tools/lexer.h +++ b/contrib/ipfilter/tools/lexer.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - typedef struct wordtab { char *w_word; -- cgit v1.1