diff options
| author | Kjell Wooding <kjell@cvs.openbsd.org> | 2000-05-01 06:16:49 +0000 |
|---|---|---|
| committer | Kjell Wooding <kjell@cvs.openbsd.org> | 2000-05-01 06:16:49 +0000 |
| commit | d24b51e112374ff553c9ae36e55808bb30581893 (patch) | |
| tree | b17d9cba02ca495d6e5dd40df3034c4f52466066 | |
| parent | c848fe89af4c851a8ccac4ec3a589c581c90fd7f (diff) | |
Update to ipfilter 3.3.13. This should be the last of the 3.3.x releases.
This patch fixes mostly ICMP timeout problems, as the ftp proxy
changes were imported previously.
| -rw-r--r-- | sbin/ipf/HISTORY | 12 | ||||
| -rw-r--r-- | sbin/ipnat/natparse.c | 26 | ||||
| -rw-r--r-- | sys/netinet/fil.c | 8 | ||||
| -rw-r--r-- | sys/netinet/ip_auth.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_fil.c | 11 | ||||
| -rw-r--r-- | sys/netinet/ip_fil_compat.h | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_nat.c | 10 | ||||
| -rw-r--r-- | sys/netinet/ip_state.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ipl.h | 4 |
9 files changed, 50 insertions, 39 deletions
diff --git a/sbin/ipf/HISTORY b/sbin/ipf/HISTORY index bd61b940507..9b5a7433c31 100644 --- a/sbin/ipf/HISTORY +++ b/sbin/ipf/HISTORY @@ -1,4 +1,4 @@ -# $OpenBSD: HISTORY,v 1.6 2000/04/05 05:35:28 kjell Exp $ +# $OpenBSD: HISTORY,v 1.7 2000/05/01 06:16:48 kjell Exp $ # # NOTE: Quite a few patches and suggestions come from other sources, to whom # I'm greatly indebted, even if no names are mentioned. @@ -21,6 +21,16 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +3.3.13 26/04/2000 - Released + +Fix parsing of "range" with "portmap" + +Relax checking of ftp replies, slightly. + +Fix NAT timeouts for ICMP packets + +SunOS4 patches for ICMP redirects from Jurgen Keil (jk@tools.de) + 3.3.12 16/03/2000 - Released tighten up ftp proxy behaviour. sigh. yuck. hate. diff --git a/sbin/ipnat/natparse.c b/sbin/ipnat/natparse.c index 1f9d2bfb78d..ff15cfe14e4 100644 --- a/sbin/ipnat/natparse.c +++ b/sbin/ipnat/natparse.c @@ -1,4 +1,4 @@ -/* $OpenBSD: natparse.c,v 1.4 2000/03/13 23:40:19 kjell Exp $ */ +/* $OpenBSD: natparse.c,v 1.5 2000/05/01 06:16:48 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -55,7 +55,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: natparse.c,v 1.2.2.1 1999/11/20 22:50:30 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: natparse.c,v 1.2.2.2 2000/03/25 00:37:37 darrenr Exp $"; #endif @@ -538,21 +538,21 @@ int linenum; return NULL; ipn.in_outmsk = n_hostmask(snetm); if (!(s = strtok(NULL, " \t"))) { - ipn.in_flags = IPN_TCP; /* XXX- TCP only by default */ + ipn.in_flags |= IPN_TCP; /* XXX- TCP only by default */ proto = "tcp"; } else { if (!strcasecmp(s, "tcp")) - ipn.in_flags = IPN_TCP; + ipn.in_flags |= IPN_TCP; else if (!strcasecmp(s, "udp")) - ipn.in_flags = IPN_UDP; + ipn.in_flags |= IPN_UDP; else if (!strcasecmp(s, "tcp/udp")) - ipn.in_flags = IPN_TCPUDP; + ipn.in_flags |= IPN_TCPUDP; else if (!strcasecmp(s, "tcpudp")) - ipn.in_flags = IPN_TCPUDP; + ipn.in_flags |= IPN_TCPUDP; else if (!strcasecmp(s, "ip")) - ipn.in_flags = IPN_ANY; + ipn.in_flags |= IPN_ANY; else { - ipn.in_flags = IPN_ANY; + ipn.in_flags |= IPN_ANY; if ((pr = getprotobyname(s))) ipn.in_p = pr->p_proto; else @@ -651,13 +651,13 @@ int linenum; if (!(s = strtok(NULL, " \t"))) return NULL; if (!strcasecmp(s, "tcp")) - ipn.in_flags = IPN_TCP; + ipn.in_flags |= IPN_TCP; else if (!strcasecmp(s, "udp")) - ipn.in_flags = IPN_UDP; + ipn.in_flags |= IPN_UDP; else if (!strcasecmp(s, "tcpudp")) - ipn.in_flags = IPN_TCPUDP; + ipn.in_flags |= IPN_TCPUDP; else if (!strcasecmp(s, "tcp/udp")) - ipn.in_flags = IPN_TCPUDP; + ipn.in_flags |= IPN_TCPUDP; else { fprintf(stderr, "%d: expected protocol name - got \"%s\"\n", diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index 22d275bedf4..94f201af5dc 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fil.c,v 1.22 2000/03/13 23:40:17 kjell Exp $ */ +/* $OpenBSD: fil.c,v 1.23 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.18 2000/04/25 16:21:09 darrenr Exp $"; #endif #include <sys/errno.h> @@ -21,7 +21,7 @@ static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 defined(_KERNEL) # include "opt_ipfilter_log.h" #endif -#if defined(KERNEL) && defined(__FreeBSD_version) && \ +#if (defined(KERNEL) || defined(_KERNEL)) && defined(__FreeBSD_version) && \ (__FreeBSD_version >= 220000) # include <sys/filio.h> # include <sys/fcntl.h> @@ -1191,7 +1191,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $ + * $IPFilter: fil.c,v 2.3.2.18 2000/04/25 16:21:09 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c index 6f4d88bf086..43e73374df0 100644 --- a/sys/netinet/ip_auth.c +++ b/sys/netinet/ip_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_auth.c,v 1.12 2000/03/13 23:40:17 kjell Exp $ */ +/* $OpenBSD: ip_auth.c,v 1.13 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1998 by Darren Reed & Guido van Rooij. @@ -8,7 +8,7 @@ * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.2 2000/01/16 10:12:14 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.3 2000/04/25 16:21:12 darrenr Exp $"; #endif #include <sys/errno.h> @@ -21,7 +21,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.2 2000/01/16 10:12 # include <stdlib.h> # include <string.h> #endif -#if defined(KERNEL) && (__FreeBSD_version >= 220000) +#if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000) # include <sys/filio.h> # include <sys/fcntl.h> #else diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c index ce1a3435d81..c13b9416216 100644 --- a/sys/netinet/ip_fil.c +++ b/sys/netinet/ip_fil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil.c,v 1.33 2000/04/05 05:35:27 kjell Exp $ */ +/* $OpenBSD: ip_fil.c,v 1.34 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.19 2000/03/07 14:41:39 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.20 2000/04/18 16:31:27 darrenr Exp $"; #endif #ifndef SOLARIS @@ -765,12 +765,9 @@ caddr_t data; } if (!f) { - if (req != SIOCINAFR && req != SIOCINIFR) - while ((f = *ftail)) - ftail = &f->fr_next; - else { + if (req == SIOCINAFR || req == SIOCINIFR) { + ftail = fprev; if (fp->fr_hits) { - ftail = fprev; while (--fp->fr_hits && (f = *ftail)) ftail = &f->fr_next; } diff --git a/sys/netinet/ip_fil_compat.h b/sys/netinet/ip_fil_compat.h index a23220edb29..e823666e1a6 100644 --- a/sys/netinet/ip_fil_compat.h +++ b/sys/netinet/ip_fil_compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil_compat.h,v 1.15 2000/04/05 05:35:27 kjell Exp $ */ +/* $OpenBSD: ip_fil_compat.h,v 1.16 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -8,7 +8,7 @@ * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 - * $IPFilter: ip_compat.h,v 2.1.2.5 2000/02/15 08:02:43 darrenr Exp $ + * $IPFilter: ip_compat.h,v 2.1.2.6 2000/04/25 16:21:11 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ @@ -210,7 +210,7 @@ typedef unsigned long u_32_t; #define IPOPT_FINN 205 /* FINN */ -#if defined(__FreeBSD__) && defined(KERNEL) +#if defined(__FreeBSD__) && (defined(KERNEL) || defined(_KERNEL)) # if __FreeBSD__ < 3 # include <machine/spl.h> # endif diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index d0237d43c49..b27953a2f7f 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_nat.c,v 1.29 2000/04/05 05:35:27 kjell Exp $ */ +/* $OpenBSD: ip_nat.c,v 1.30 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. @@ -11,7 +11,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.2.2.13 2000/03/08 14:17:26 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.2.2.15 2000/04/25 16:21:13 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) @@ -32,7 +32,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.2.2.13 2000/03/08 14:17 # include <string.h> # include <stdlib.h> #endif -#if defined(KERNEL) && (__FreeBSD_version >= 220000) +#if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000) # include <sys/filio.h> # include <sys/fcntl.h> #else @@ -1458,6 +1458,8 @@ maskloop: if (udp->uh_sum) csump = &udp->uh_sum; + } else if (ip->ip_p == IPPROTO_ICMP) { + nat->nat_age = fr_defnaticmpage; } if (csump) { if (nat->nat_dir == NAT_OUTBOUND) @@ -1638,6 +1640,8 @@ maskloop: if (udp->uh_sum) csump = &udp->uh_sum; + } else if (ip->ip_p == IPPROTO_ICMP) { + nat->nat_age = fr_defnaticmpage; } if (csump) { if (nat->nat_dir == NAT_OUTBOUND) diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c index d9ca888d4e2..849ec516837 100644 --- a/sys/netinet/ip_state.c +++ b/sys/netinet/ip_state.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_state.c,v 1.20 2000/03/13 23:40:18 kjell Exp $ */ +/* $OpenBSD: ip_state.c,v 1.21 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.22 2000/02/23 15:23:24 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.23 2000/04/25 16:21:16 darrenr Exp $"; #endif #include <sys/errno.h> @@ -30,7 +30,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.22 2000/02/23 15: # include <linux/module.h> # endif #endif -#if defined(KERNEL) && (__FreeBSD_version >= 220000) +#if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000) # include <sys/filio.h> # include <sys/fcntl.h> # if (__FreeBSD_version >= 300000) && !defined(IPFILTER_LKM) diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h index 51ff1be4026..4cd719e11d5 100644 --- a/sys/netinet/ipl.h +++ b/sys/netinet/ipl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipl.h,v 1.8 2000/04/12 21:46:42 kjell Exp $ */ +/* $OpenBSD: ipl.h,v 1.9 2000/05/01 06:16:47 kjell Exp $ */ /* * Copyright (C) 1993-1999 by Darren Reed. @@ -13,6 +13,6 @@ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.3.12a" +#define IPL_VERSION "IP Filter: v3.3.13" #endif |