diff options
| author | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2001-01-17 07:27:00 +0000 |
|---|---|---|
| committer | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2001-01-17 07:27:00 +0000 |
| commit | 14afa526ef204e18153633fd6486655996aa2d7a (patch) | |
| tree | 78ab72271766a9947e6828577ccba6c8a926e2fa | |
| parent | a7ac57bcb62ccc6c6f6495207a169edfc28f5760 (diff) | |
IPF 3.4.16 userland.
| -rw-r--r-- | sbin/ipf/HISTORY | 10 | ||||
| -rw-r--r-- | usr.sbin/ipfs/ipfs.c | 9 | ||||
| -rw-r--r-- | usr.sbin/ipftest/ipft_tx.c | 8 | ||||
| -rw-r--r-- | usr.sbin/ipmon/ipmon.c | 14 |
4 files changed, 31 insertions, 10 deletions
diff --git a/sbin/ipf/HISTORY b/sbin/ipf/HISTORY index 0bcb7fb4110..3d1c6478fbc 100644 --- a/sbin/ipf/HISTORY +++ b/sbin/ipf/HISTORY @@ -1,4 +1,4 @@ -# $OpenBSD: HISTORY,v 1.10 2001/01/17 05:00:57 fgsch Exp $ +# $OpenBSD: HISTORY,v 1.11 2001/01/17 07:26:57 fgsch Exp $ # # NOTE: Quite a few patches and suggestions come from other sources, to whom # I'm greatly indebted, even if no names are mentioned. @@ -23,6 +23,14 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +3.4.16 15/01/2001 - Released + +fix race condition in flushing of state entries that are timing out + +Add TCP ECN patches + +log all NAT entries created, not just those via rules + 3.4.15 17/12/2000 - Released add minimum ttl filtering (to be replaced later by return-icmp-as-dest diff --git a/usr.sbin/ipfs/ipfs.c b/usr.sbin/ipfs/ipfs.c index ce8a788e56c..5db99abd94e 100644 --- a/usr.sbin/ipfs/ipfs.c +++ b/usr.sbin/ipfs/ipfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipfs.c,v 1.1 2001/01/17 06:31:07 fgsch Exp $ */ +/* $OpenBSD: ipfs.c,v 1.2 2001/01/17 07:26:58 fgsch Exp $ */ /* * Copyright (C) 1999 by Darren Reed. @@ -43,7 +43,7 @@ #include "ipf.h" #if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ipfs.c,v 2.6.2.2 2000/11/27 10:29:32 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ipfs.c,v 2.6.2.3 2001/01/10 06:20:12 darrenr Exp $"; #endif #ifndef IPF_SAVEDIR @@ -453,6 +453,11 @@ char *file; return 1; } is = (ipstate_save_t *)malloc(sizeof(*is)); + if(!is) { + fprintf(stderr, "malloc failed\n"); + return 1; + } + bcopy((char *)&ips, (char *)is, sizeof(ips)); /* diff --git a/usr.sbin/ipftest/ipft_tx.c b/usr.sbin/ipftest/ipft_tx.c index d00d9c71d68..8184186e5cb 100644 --- a/usr.sbin/ipftest/ipft_tx.c +++ b/usr.sbin/ipftest/ipft_tx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipft_tx.c,v 1.17 2001/01/17 06:01:22 fgsch Exp $ */ +/* $OpenBSD: ipft_tx.c,v 1.18 2001/01/17 07:26:58 fgsch Exp $ */ /* * Copyright (C) 1995-2000 by Darren Reed. @@ -45,7 +45,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipft_tx.c,v 2.3 2000/03/13 22:10:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ipft_tx.c,v 2.3.2.1 2001/01/10 06:19:53 darrenr Exp $"; #endif extern int opts; @@ -56,9 +56,9 @@ static int text_open __P((char *)), text_close __P((void)); static int text_readip __P((char *, int, char **, int *)); static int parseline __P((char *, ip_t *, char **, int *)); -static char _tcp_flagset[] = "FSRPAU"; +static char _tcp_flagset[] = "FSRPAUEC"; static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, - TH_ACK, TH_URG }; + TH_ACK, TH_URG, TH_ECN, TH_CWR }; struct ipread iptext = { text_open, text_close, text_readip }; static FILE *tfp = NULL; diff --git a/usr.sbin/ipmon/ipmon.c b/usr.sbin/ipmon/ipmon.c index d96d409ab05..c65c7fb56df 100644 --- a/usr.sbin/ipmon/ipmon.c +++ b/usr.sbin/ipmon/ipmon.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipmon.c,v 1.25 2001/01/17 05:01:02 fgsch Exp $ */ +/* $OpenBSD: ipmon.c,v 1.26 2001/01/17 07:26:59 fgsch Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipmon.c,v 2.12.2.6 2000/10/31 22:17:41 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ipmon.c,v 2.12.2.8 2001/01/10 06:18:08 darrenr Exp $"; #endif #ifndef SOLARIS @@ -93,6 +93,8 @@ struct flags tcpfl[] = { { TH_FIN, 'F' }, { TH_URG, 'U' }, { TH_PUSH,'P' }, + { TH_ECN, 'E' }, + { TH_CWR, 'C' }, { 0, '\0' } }; @@ -146,6 +148,7 @@ static char **tcp_ports = NULL; #define OPT_FILTER 0x200 #define OPT_PORTNUM 0x400 #define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER) +#define OPT_LOGBODY 0x800 #define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b)) @@ -838,6 +841,8 @@ printipflog: dumphex(log, (u_char *)buf, sizeof(iplog_t) + sizeof(*ipf)); if (opts & OPT_HEXBODY) dumphex(log, (u_char *)ip, ipf->fl_plen + ipf->fl_hlen); + else if ((opts & OPT_LOGBODY) && (ipf->fl_flags & FR_LOGBODY)) + dumphex(log, (u_char *)ip + ipf->fl_hlen, ipf->fl_plen); } @@ -949,7 +954,7 @@ char *argv[]; iplfile[1] = IPNAT_NAME; iplfile[2] = IPSTATE_NAME; - while ((c = getopt(argc, argv, "?aDf:FhnN:o:O:pP:sS:tvxX")) != -1) + while ((c = getopt(argc, argv, "?abDf:FhnN:o:O:pP:sS:tvxX")) != -1) switch (c) { case 'a' : @@ -958,6 +963,9 @@ char *argv[]; fdt[1] = IPL_LOGNAT; fdt[2] = IPL_LOGSTATE; break; + case 'b' : + opts |= OPT_LOGBODY; + break; case 'D' : make_daemon = 1; break; |