diff options
| author | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2001-01-17 07:25:20 +0000 |
|---|---|---|
| committer | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2001-01-17 07:25:20 +0000 |
| commit | a7ac57bcb62ccc6c6f6495207a169edfc28f5760 (patch) | |
| tree | 16657fdd4844740c1751b7ab306323dbf06c3104 /sys/netinet | |
| parent | bbf35357a700525c39cf0db8a5416fb76faa1097 (diff) | |
IPF 3.4.16.
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_auth.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_compat.h | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_nat.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_state.c | 13 | ||||
| -rw-r--r-- | sys/netinet/ipl.h | 6 |
5 files changed, 32 insertions, 18 deletions
diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c index e196aca1417..67904a1cb82 100644 --- a/sys/netinet/ip_auth.c +++ b/sys/netinet/ip_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_auth.c,v 1.15 2001/01/17 04:47:11 fgsch Exp $ */ +/* $OpenBSD: ip_auth.c,v 1.16 2001/01/17 07:25:18 fgsch Exp $ */ /* * Copyright (C) 1998-2000 by Darren Reed & Guido van Rooij. @@ -8,7 +8,7 @@ * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.11.2.4 2000/08/05 14:48:50 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.11.2.5 2001/01/10 06:18:35 darrenr Exp $"; #endif #include <sys/errno.h> @@ -354,7 +354,7 @@ fr_authioctlloop: READ_ENTER(&ipf_auth); if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) { error = IWCOPYPTR((char *)&fr_auth[fr_authnext], data, - sizeof(fr_info_t)); + sizeof(frauth_t)); RWLOCK_EXIT(&ipf_auth); if (error) break; diff --git a/sys/netinet/ip_compat.h b/sys/netinet/ip_compat.h index 03547a9b376..0616ea3da24 100644 --- a/sys/netinet/ip_compat.h +++ b/sys/netinet/ip_compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_compat.h,v 1.1 2001/01/17 04:47:12 fgsch Exp $ */ +/* $OpenBSD: ip_compat.h,v 1.2 2001/01/17 07:25:18 fgsch Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -8,7 +8,7 @@ * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 - * $IPFilter: ip_compat.h,v 2.26.2.7 2000/11/12 11:53:45 darrenr Exp $ + * $IPFilter: ip_compat.h,v 2.26.2.9 2001/01/14 14:58:01 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ @@ -976,8 +976,6 @@ struct ether_addr { #define A_A & #endif -#define TCPF_ALL (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) - #ifndef ICMP_ROUTERADVERT # define ICMP_ROUTERADVERT 9 #endif @@ -1000,4 +998,17 @@ struct ether_addr { #define ICMP6ERR_MINPKTLEN (40 + 8) #define ICMP6ERR_IPICMPHLEN (40 + 8 + 40) +/* + * ECN is a new addition to TCP - RFC 2481 + */ +#ifndef TH_ECN +# define TH_ECN 0x40 +#endif +#ifndef TH_CWR +# define TH_CWR 0x80 +#endif +#define TH_ECNALL (TH_ECN|TH_CWR) + +#define TCPF_ALL (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|TH_ECN|TH_CWR) + #endif /* __IP_COMPAT_H__ */ diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index cc01ec039bb..c6d49f9d84f 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_nat.c,v 1.36 2001/01/17 04:47:14 fgsch Exp $ */ +/* $OpenBSD: ip_nat.c,v 1.37 2001/01/17 07:25:19 fgsch Exp $ */ /* * Copyright (C) 1995-2000 by Darren Reed. @@ -11,7 +11,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.37.2.31 2000/12/16 21:06:40 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.37.2.32 2001/01/10 06:19:11 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) @@ -2050,7 +2050,7 @@ int rw; if ((!ifp || ifp == nat->nat_ifp) && nat->nat_inip.s_addr == srcip && nat->nat_oip.s_addr == dst.s_addr && - (((p == 0) && (flags == (nat->nat_flags & IPN_TCPUDP))) + (((p == 0) && (flags == (nflags & IPN_TCPUDP))) || (p == nat->nat_p)) && (!flags || ((nat->nat_inport == sport || nflags & FI_W_SPORT) && (nat->nat_oport == dport || nflags & FI_W_DPORT)))) diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c index 28f99920c36..d1dc3d96731 100644 --- a/sys/netinet/ip_state.c +++ b/sys/netinet/ip_state.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_state.c,v 1.24 2001/01/17 04:47:16 fgsch Exp $ */ +/* $OpenBSD: ip_state.c,v 1.25 2001/01/17 07:25:19 fgsch Exp $ */ /* * Copyright (C) 1995-2000 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.30.2.27 2000/12/02 00:15:25 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.30.2.28 2001/01/08 14:04:46 darrenr Exp $"; #endif #include <sys/errno.h> @@ -1375,6 +1375,9 @@ void *ifp; } +/* + * Must always be called with fr_ipfstate held as a write lock. + */ static void fr_delstate(is) ipstate_t *is; { @@ -1393,7 +1396,7 @@ ipstate_t *is; fr = is->is_rule; if (fr != NULL) { - ATOMIC_DEC32(fr->fr_ref); + fr->fr_ref--; if (fr->fr_ref == 0) { KFREE(fr); } @@ -1449,12 +1452,12 @@ void fr_timeoutstate() fr_delstate(is); } else isp = &is->is_next; - RWLOCK_EXIT(&ipf_state); - SPL_X(s); if (fr_state_doflush) { (void) fr_state_flush(1); fr_state_doflush = 0; } + RWLOCK_EXIT(&ipf_state); + SPL_X(s); } diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h index e05da33c5a3..e3933e579e0 100644 --- a/sys/netinet/ipl.h +++ b/sys/netinet/ipl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipl.h,v 1.13 2001/01/17 04:47:17 fgsch Exp $ */ +/* $OpenBSD: ipl.h,v 1.14 2001/01/17 07:25:19 fgsch Exp $ */ /* * Copyright (C) 1993-2000 by Darren Reed. @@ -8,12 +8,12 @@ * to the original author and the contributors. * * @(#)ipl.h 1.21 6/5/96 - * $IPFilter: ipl.h,v 2.15.2.16 2000/12/17 12:28:50 darrenr Exp $ + * $IPFilter: ipl.h,v 2.15.2.17 2001/01/14 13:47:15 darrenr Exp $ */ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.4.15" +#define IPL_VERSION "IP Filter: v3.4.16" #endif |