diff options
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/fil.c | 8 | ||||
| -rw-r--r-- | sys/netinet/ip_auth.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_auth.h | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_fil.c | 33 | ||||
| -rw-r--r-- | sys/netinet/ip_fil.h | 5 | ||||
| -rw-r--r-- | sys/netinet/ip_fil_compat.h | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_frag.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_frag.h | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_ftp_pxy.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_log.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_nat.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_nat.h | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_proxy.c | 22 | ||||
| -rw-r--r-- | sys/netinet/ip_proxy.h | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_raudio_pxy.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_rcmd_pxy.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_state.c | 13 | ||||
| -rw-r--r-- | sys/netinet/ip_state.h | 5 | ||||
| -rw-r--r-- | sys/netinet/ipl.h | 4 |
19 files changed, 78 insertions, 40 deletions
diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index 1f47b6b0447..22d275bedf4 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fil.c,v 1.21 2000/02/16 22:34:17 kjell Exp $ */ +/* $OpenBSD: fil.c,v 1.22 2000/03/13 23:40:17 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $"; #endif #include <sys/errno.h> @@ -542,6 +542,8 @@ void *m; #ifdef IPFILTER_LOG if ((passt & FR_LOGMASK) == FR_LOG) { if (!IPLLOG(passt, ip, fin, m)) { + if (passt & FR_LOGORBLOCK) + passt |= FR_BLOCK|FR_QUICK; ATOMIC_INC(frstats[fin->fin_out].fr_skip); } ATOMIC_INC(frstats[fin->fin_out].fr_pkl); @@ -1189,7 +1191,7 @@ nodata: * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $IPFilter: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $ + * $IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c index c67dcbfda32..6f4d88bf086 100644 --- a/sys/netinet/ip_auth.c +++ b/sys/netinet/ip_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_auth.c,v 1.11 2000/02/16 22:34:17 kjell Exp $ */ +/* $OpenBSD: ip_auth.c,v 1.12 2000/03/13 23:40:17 kjell Exp $ */ /* * Copyright (C) 1998 by Darren Reed & Guido van Rooij. diff --git a/sys/netinet/ip_auth.h b/sys/netinet/ip_auth.h index 063158f844c..3a23b0fe9c3 100644 --- a/sys/netinet/ip_auth.h +++ b/sys/netinet/ip_auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_auth.h,v 1.6 2000/02/16 22:34:18 kjell Exp $ */ +/* $OpenBSD: ip_auth.h,v 1.7 2000/03/13 23:40:17 kjell Exp $ */ /* * Copyright (C) 1997-1998 by Darren Reed & Guido Van Rooij. diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c index dbbf7ccfaba..42370ca6fb7 100644 --- a/sys/netinet/ip_fil.c +++ b/sys/netinet/ip_fil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil.c,v 1.31 2000/02/18 07:47:02 kjell Exp $ */ +/* $OpenBSD: ip_fil.c,v 1.32 2000/03/13 23:40:17 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.17 2000/02/10 01:47:28 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.18 2000/02/22 11:40:06 darrenr Exp $"; #endif #ifndef SOLARIS @@ -227,8 +227,8 @@ int iplattach() { char *defpass; int s; -# ifdef __sgi - int error; +# if defined(__sgi) || (defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000)) + int error = 0; # endif SPL_NET(s); @@ -249,13 +249,27 @@ int iplattach() return -1; # ifdef NETBSD_PF +# if __NetBSD_Version__ >= 104200000 + error = pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT, + &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); + if (error) { + appr_unload(); + ip_natunload(); + fr_stateunload(); + return error; + } +# else pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT); +# endif # endif # ifdef __sgi error = ipfilter_sgi_attach(); if (error) { SPL_X(s); + appr_unload(); + ip_natunload(); + fr_stateunload(); return error; } # endif @@ -302,6 +316,9 @@ int iplattach() int ipldetach() { int s, i = FR_INQUE|FR_OUTQUE; +#if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000) + int error = 0; +#endif #ifdef _KERNEL # if (__FreeBSD_version >= 300000) @@ -327,13 +344,21 @@ int ipldetach() fr_running = 0; # ifdef NETBSD_PF +# if __NetBSD_Version__ >= 104200000 + error = pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT, + &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); + if (error) + return error; +# else pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT); +# endif # endif # ifdef __sgi ipfilter_sgi_detach(); # endif + appr_unload(); ipfr_unload(); ip_natunload(); fr_stateunload(); diff --git a/sys/netinet/ip_fil.h b/sys/netinet/ip_fil.h index 55067f8682a..0659077f953 100644 --- a/sys/netinet/ip_fil.h +++ b/sys/netinet/ip_fil.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil.h,v 1.16 2000/02/16 22:34:18 kjell Exp $ */ +/* $OpenBSD: ip_fil.h,v 1.17 2000/03/13 23:40:17 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -8,7 +8,7 @@ * to the original author and the contributors. * * @(#)ip_fil.h 1.35 6/5/96 - * $IPFilter: ip_fil.h,v 2.3.2.7 2000/01/27 08:49:41 darrenr Exp $ + * $IPFilter: ip_fil.h,v 2.3.2.8 2000/02/23 11:16:36 darrenr Exp $ */ #ifndef __IP_FIL_H__ @@ -295,6 +295,7 @@ typedef struct filterstats { u_long fr_bad; /* bad IP packets to the filter */ u_long fr_notip; /* packets passed through no on ip queue */ u_long fr_drop; /* packets dropped - no info for them! */ + u_long fr_copy; /* messages copied due to db_ref > 1 */ #endif } filterstats_t; diff --git a/sys/netinet/ip_fil_compat.h b/sys/netinet/ip_fil_compat.h index 43532222c01..0ad32f2315f 100644 --- a/sys/netinet/ip_fil_compat.h +++ b/sys/netinet/ip_fil_compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_fil_compat.h,v 1.13 2000/02/16 22:34:18 kjell Exp $ */ +/* $OpenBSD: ip_fil_compat.h,v 1.14 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. diff --git a/sys/netinet/ip_frag.c b/sys/netinet/ip_frag.c index 7ee09e1beb7..e2780d3e256 100644 --- a/sys/netinet/ip_frag.c +++ b/sys/netinet/ip_frag.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_frag.c,v 1.16 2000/02/16 22:34:18 kjell Exp $ */ +/* $OpenBSD: ip_frag.c,v 1.17 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. diff --git a/sys/netinet/ip_frag.h b/sys/netinet/ip_frag.h index a171169d445..a2efb5908eb 100644 --- a/sys/netinet/ip_frag.h +++ b/sys/netinet/ip_frag.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_frag.h,v 1.11 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_frag.h,v 1.12 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. diff --git a/sys/netinet/ip_ftp_pxy.c b/sys/netinet/ip_ftp_pxy.c index 4e2f1095f2b..8080ad9f28f 100644 --- a/sys/netinet/ip_ftp_pxy.c +++ b/sys/netinet/ip_ftp_pxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ftp_pxy.c,v 1.7 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_ftp_pxy.c,v 1.8 2000/03/13 23:40:18 kjell Exp $ */ /* * Simple FTP transparent proxy for in-kernel use. For use with the NAT diff --git a/sys/netinet/ip_log.c b/sys/netinet/ip_log.c index 092e4ac71f4..554032e937d 100644 --- a/sys/netinet/ip_log.c +++ b/sys/netinet/ip_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_log.c,v 1.7 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_log.c,v 1.8 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1997-1998 by Darren Reed. diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index db49eebd90e..49b19127dee 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_nat.c,v 1.27 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_nat.c,v 1.28 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. diff --git a/sys/netinet/ip_nat.h b/sys/netinet/ip_nat.h index 162938b9d22..09fb932be9b 100644 --- a/sys/netinet/ip_nat.h +++ b/sys/netinet/ip_nat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_nat.h,v 1.15 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_nat.h,v 1.16 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. diff --git a/sys/netinet/ip_proxy.c b/sys/netinet/ip_proxy.c index 070c223a33f..bb3f623bff5 100644 --- a/sys/netinet/ip_proxy.c +++ b/sys/netinet/ip_proxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_proxy.c,v 1.7 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_proxy.c,v 1.8 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1997-1998 by Darren Reed. @@ -8,7 +8,7 @@ * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ip_proxy.c,v 2.2.2.1 1999/09/19 12:18:19 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_proxy.c,v 2.2.2.3 2000/02/29 22:47:17 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) @@ -102,15 +102,15 @@ ap_session_t *ap_sess_tab[AP_SESS_SIZE]; ap_session_t *ap_sess_list = NULL; aproxy_t ap_proxies[] = { #ifdef IPF_FTP_PROXY - { "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL, + { "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL, NULL, ippr_ftp_in, ippr_ftp_out }, #endif #ifdef IPF_RCMD_PROXY - { "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, ippr_rcmd_new, - NULL, ippr_rcmd_out }, + { "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, NULL, + ippr_rcmd_new, NULL, ippr_rcmd_out }, #endif #ifdef IPF_RAUDIO_PROXY - { "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, + { "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, NULL, ippr_raudio_new, ippr_raudio_in, ippr_raudio_out }, #endif { "", '\0', 0, 0, NULL, NULL } @@ -387,3 +387,13 @@ int appr_init() } return err; } + + +void appr_unload() +{ + aproxy_t *ap; + + for (ap = ap_proxies; ap->apr_p; ap++) + if (ap->apr_fini) + (*ap->apr_fini)(); +} diff --git a/sys/netinet/ip_proxy.h b/sys/netinet/ip_proxy.h index ef5ac5a09cc..204ca733ac2 100644 --- a/sys/netinet/ip_proxy.h +++ b/sys/netinet/ip_proxy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_proxy.h,v 1.6 2000/02/16 22:34:19 kjell Exp $ */ +/* $OpenBSD: ip_proxy.h,v 1.7 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1997-1998 by Darren Reed. @@ -7,7 +7,7 @@ * provided that this notice is preserved and due credit is given * to the original author and the contributors. * - * $IPFilter: ip_proxy.h,v 2.1.2.1 1999/09/19 12:18:20 darrenr Exp $ + * $IPFilter: ip_proxy.h,v 2.1.2.2 2000/02/22 11:41:15 darrenr Exp $ */ #ifndef __IP_PROXY_H__ @@ -74,6 +74,7 @@ typedef struct aproxy { int apr_ref; /* +1 per rule referencing it */ int apr_flags; int (* apr_init) __P((void)); + void (* apr_fini) __P((void)); int (* apr_new) __P((fr_info_t *, ip_t *, ap_session_t *, struct nat *)); int (* apr_inpkt) __P((fr_info_t *, ip_t *, @@ -122,6 +123,7 @@ extern ap_session_t *ap_sess_list; extern aproxy_t ap_proxies[]; extern int appr_init __P((void)); +extern void appr_unload __P((void)); extern int appr_ok __P((ip_t *, tcphdr_t *, struct ipnat *)); extern void appr_free __P((aproxy_t *)); extern void aps_free __P((ap_session_t *)); diff --git a/sys/netinet/ip_raudio_pxy.c b/sys/netinet/ip_raudio_pxy.c index 89fe6da5cc3..f43e05b1370 100644 --- a/sys/netinet/ip_raudio_pxy.c +++ b/sys/netinet/ip_raudio_pxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_raudio_pxy.c,v 1.5 2000/02/16 22:34:20 kjell Exp $ */ +/* $OpenBSD: ip_raudio_pxy.c,v 1.6 2000/03/13 23:40:18 kjell Exp $ */ #if SOLARIS && defined(_KERNEL) extern kmutex_t ipf_rw; diff --git a/sys/netinet/ip_rcmd_pxy.c b/sys/netinet/ip_rcmd_pxy.c index 4213182acbd..0edfba96e3d 100644 --- a/sys/netinet/ip_rcmd_pxy.c +++ b/sys/netinet/ip_rcmd_pxy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_rcmd_pxy.c,v 1.3 2000/02/16 22:34:20 kjell Exp $ */ +/* $OpenBSD: ip_rcmd_pxy.c,v 1.4 2000/03/13 23:40:18 kjell Exp $ */ /* * Simple RCMD transparent proxy for in-kernel use. For use with the NAT diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c index bac0de93130..d9ca888d4e2 100644 --- a/sys/netinet/ip_state.c +++ b/sys/netinet/ip_state.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_state.c,v 1.19 2000/02/16 22:34:20 kjell Exp $ */ +/* $OpenBSD: ip_state.c,v 1.20 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. @@ -9,7 +9,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.21 2000/02/15 08:04:01 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.22 2000/02/23 15:23:24 darrenr Exp $"; #endif #include <sys/errno.h> @@ -380,7 +380,6 @@ u_int flags; pass = fr_flags; WRITE_ENTER(&ipf_state); - is->is_rout = pass & FR_OUTQUE ? 1 : 0; is->is_pass = pass; is->is_pkts = 1; is->is_bytes = ip->ip_len; @@ -565,7 +564,7 @@ tcphdr_t *tcp; if (rev == 0) { if (!out) { - if (is->is_ifpin == ifp) + if (is->is_ifpin == NULL || is->is_ifpin == ifp) ret = 1; } else { if (is->is_ifpout == NULL || is->is_ifpout == ifp) @@ -573,7 +572,7 @@ tcphdr_t *tcp; } } else { if (out) { - if (is->is_ifpin == ifp) + if (is->is_ifpin == NULL || is->is_ifpin == ifp) ret = 1; } else { if (is->is_ifpout == NULL || is->is_ifpout == ifp) @@ -639,7 +638,7 @@ tcphdr_t *tcp; } if (!rev) { - if (out && (out == is->is_rout)) { + if (out) { if (!is->is_ifpout) is->is_ifpout = ifp; } else { @@ -647,7 +646,7 @@ tcphdr_t *tcp; is->is_ifpin = ifp; } } else { - if (!out && (out != is->is_rout)) { + if (out) { if (!is->is_ifpin) is->is_ifpin = ifp; } else { diff --git a/sys/netinet/ip_state.h b/sys/netinet/ip_state.h index bc7a7b3a309..5cc276d4d41 100644 --- a/sys/netinet/ip_state.h +++ b/sys/netinet/ip_state.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_state.h,v 1.12 2000/02/16 22:34:20 kjell Exp $ */ +/* $OpenBSD: ip_state.h,v 1.13 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1995-1998 by Darren Reed. @@ -8,7 +8,7 @@ * to the original author and the contributors. * * @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed - * $IPFilter: ip_state.h,v 2.1.2.3 2000/02/15 08:04:03 darrenr Exp $ + * $IPFilter: ip_state.h,v 2.1.2.4 2000/02/23 15:23:27 darrenr Exp $ */ #ifndef __IP_STATE_H__ #define __IP_STATE_H__ @@ -58,7 +58,6 @@ typedef struct ipstate { struct in_addr is_src; struct in_addr is_dst; u_char is_p; /* Protocol */ - u_char is_rout; /* Is rule in/out ? */ u_32_t is_flags; u_32_t is_opt; /* packet options set */ u_32_t is_optmsk; /* " " mask */ diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h index 275cd924977..dbde9998e62 100644 --- a/sys/netinet/ipl.h +++ b/sys/netinet/ipl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipl.h,v 1.5 2000/02/16 22:34:20 kjell Exp $ */ +/* $OpenBSD: ipl.h,v 1.6 2000/03/13 23:40:18 kjell Exp $ */ /* * Copyright (C) 1993-1999 by Darren Reed. @@ -13,6 +13,6 @@ #ifndef __IPL_H__ #define __IPL_H__ -#define IPL_VERSION "IP Filter: v3.3.9" +#define IPL_VERSION "IP Filter: v3.3.11" #endif |