Import ipf 3.3.18. Fixes more problems with the in-kernel FTP proxy,

some nat state bugs, and ups the default state table size.
See sbin/ipf/HISTORY for details.

5 files changed, 58 insertions, 25 deletions

diff --git a/sbin/ipf/HISTORY b/sbin/ipf/HISTORY
index be00c1875f4..5c81d705dab 100644
--- a/sbin/ipf/HISTORY
+++ b/sbin/ipf/HISTORY
@@ -1,4 +1,4 @@
-#	$OpenBSD: HISTORY,v 1.8 2000/05/24 21:59:11 kjell Exp $
+#	$OpenBSD: HISTORY,v 1.9 2000/08/10 05:50:27 kjell Exp $
 #
 # NOTE: Quite a few patches and suggestions come from other sources, to whom
 #       I'm greatly indebted, even if no names are mentioned.
@@ -21,6 +21,30 @@
 # and especially those who have found the time to port IP Filter to new
 # platforms.
 #
+3.3.18	08/08/2000 - Released
+
+fix up command checking in the ftp proxy
+
+fix getting the version from the kernel for solaris
+
+fix icmp state checking bug
+
+print out better information for ICMP packets in ipmon
+
+open ipfilter device read only if we know we can
+
+3.3.17	08/07/2000 - Released
+
+increase default state table sizes
+
+don't apply patches to FreeBSD twice
+
+fix parsing of icmp code when using words
+
+fix printing of icmp code when it is 0
+
+add compatibility #ifdef for FreeBSD's CSUM_DELAY_DATA
+
 3.3.16	23/05/2000 - Released
 
 don't add TCP state if it is an RST packet and (attempt) to send out
diff --git a/sbin/ipf/parse.c b/sbin/ipf/parse.c
index 8b3e04f1027..9b6b38f10c5 100644
--- a/sbin/ipf/parse.c
+++ b/sbin/ipf/parse.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.c,v 1.34 2000/04/05 05:35:28 kjell Exp $	*/
+/*	$OpenBSD: parse.c,v 1.35 2000/08/10 05:50:27 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -43,7 +43,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)parse.c	1.44 6/5/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.1.2.12 2000/03/08 11:43:55 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.1.2.14 2000/06/21 14:50:52 darrenr Exp $";
 #endif
 
 extern	struct	ipopt_names	ionames[], secclass[];
@@ -1268,14 +1268,20 @@ int     linenum;
 				linenum, **cp);
 			return -1;
 		}
-		fp->fr_icmp |= (u_short)i;
-		fp->fr_icmpm = (u_short)0xffff;
-		(*cp)++;
-		return 0;
+	} else {
+		i = icmpcode(**cp);
+		if (i == -1) {
+			fprintf(stderr, 
+				"%d: Invalid icmp code (%s) specified\n",
+				linenum, **cp);
+			return -1;
+		}
 	}
-	fprintf(stderr, "%d: Invalid icmp code (%s) specified\n",
-		linenum, **cp);
-	return -1;
+	i &= 0xff;
+	fp->fr_icmp |= (u_short)i;
+	fp->fr_icmpm = (u_short)0xffff;
+	(*cp)++;
+	return 0;
 }
 
 
@@ -1295,9 +1301,8 @@ char *str;
 	char	*s;
 	int	i, len;
 
-	if (!(s = strrchr(str, ')')))
-		return -1;
-	*s = '\0';
+	if ((s = strrchr(str, ')')))
+		*s = '\0';
 	if (isdigit(*str)) {
 		if (!ratoi(str, &i, 0, 255))
 			return -1;
@@ -1565,7 +1570,7 @@ struct	frentry	*fp;
 			printf(" icmp-type %s", icmptypes[type]);
 		else
 			printf(" icmp-type %d", type);
-		if (code)
+		if (ntohs(fp->fr_icmpm) & 0xff)
 			printf(" code %d", code);
 	}
 	if (fp->fr_proto == IPPROTO_TCP && (fp->fr_tcpf || fp->fr_tcpfm)) {
diff --git a/sbin/ipfstat/fils.c b/sbin/ipfstat/fils.c
index 548c021a2aa..e92236fb230 100644
--- a/sbin/ipfstat/fils.c
+++ b/sbin/ipfstat/fils.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fils.c,v 1.20 2000/03/13 23:40:19 kjell Exp $	*/
+/*	$OpenBSD: fils.c,v 1.21 2000/08/10 05:50:27 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -53,7 +53,7 @@
 
 #if !defined(lint)
 static const char sccsid[] = "@(#)fils.c	1.21 4/20/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: fils.c,v 2.2.2.6 2000/02/23 11:16:35 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: fils.c,v 2.2.2.7 2000/05/24 20:34:56 darrenr Exp $";
 #endif
 
 #define	F_IN	0
@@ -314,15 +314,15 @@ frentry_t *fp;
 			fp->fr_flags |= FR_OUTQUE;
 		if (opts & (OPT_HITS|OPT_VERBOSE))
 #ifdef	USE_QUAD_T
-			printf("%qd ", fp->fr_hits);
+			printf("%qu ", fp->fr_hits);
 #else
-			printf("%ld ", fp->fr_hits);
+			printf("%lu ", fp->fr_hits);
 #endif
 		if (opts & (OPT_ACCNT|OPT_VERBOSE))
 #ifdef	USE_QUAD_T
-			printf("%qd ", fp->fr_bytes);
+			printf("%qu ", fp->fr_bytes);
 #else
-			printf("%ld ", fp->fr_bytes);
+			printf("%lu ", fp->fr_bytes);
 #endif
 		if (opts & OPT_SHOWLINENO)
 			printf("@%d ", n);
diff --git a/sbin/ipnat/ipnat.c b/sbin/ipnat/ipnat.c
index e9e9a17f8b7..3cfc24a5892 100644
--- a/sbin/ipnat/ipnat.c
+++ b/sbin/ipnat/ipnat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipnat.c,v 1.37 2000/07/26 20:33:01 mickey Exp $	*/
+/*	$OpenBSD: ipnat.c,v 1.38 2000/08/10 05:50:27 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -58,7 +58,7 @@ extern	char	*sys_errlist[];
 
 #if !defined(lint)
 static const char sccsid[] ="@(#)ipnat.c	1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipnat.c,v 2.1.2.2 1999/12/04 02:09:30 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipnat.c,v 2.1.2.3 2000/07/27 13:07:07 darrenr Exp $";
 #endif
 
 
diff --git a/sbin/ipnat/natparse.c b/sbin/ipnat/natparse.c
index ff15cfe14e4..62c40794f15 100644
--- a/sbin/ipnat/natparse.c
+++ b/sbin/ipnat/natparse.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: natparse.c,v 1.5 2000/05/01 06:16:48 kjell Exp $	*/
+/*	$OpenBSD: natparse.c,v 1.6 2000/08/10 05:50:27 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -55,7 +55,7 @@ extern	char	*sys_errlist[];
 
 #if !defined(lint)
 static const char sccsid[] ="@(#)ipnat.c	1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: natparse.c,v 1.2.2.2 2000/03/25 00:37:37 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: natparse.c,v 1.2.2.3 2000/06/25 07:13:28 darrenr Exp $";
 #endif
 
 
@@ -746,7 +746,11 @@ char	*msk;
 	if (strchr(msk, '.'))
 		return inet_addr(msk);
 	if (strchr(msk, 'x'))
-		return (u_32_t)strtol(msk, NULL, 0);
+#if defined(sun) && !defined(__SVR4) && !defined(__svr4__)
+		return (u_32_t)htonl(strtol(msk, NULL, 0));
+#else
+		return (u_32_t)htonl(strtoul(msk, NULL, 0));
+#endif
 	/*
 	 * set x most significant bits
 	 */