d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import version 3.4.27

Browse Source
This commit is contained in:
Darren Reed 2002-04-27 16:52:49 +00:00
parent 43ba65e60d
commit 635ff71d68
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-sys/ipfilter/dist/; revision=95561
8 changed files with 123 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
sys/contrib/ipfilter/netinet/fil.c
View File

@ -97,7 +97,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.59 2002/03/25 11:07:37 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.60 2002/04/26 10:20:34 darrenr Exp $";
#endif
#ifndef _KERNEL
@ -1454,7 +1454,13 @@ tcphdr_t *tcp;
# endif /* defined(BSD) || defined(sun) */
# endif /* SOLARIS */
#else /* KERNEL */
sum2 = 0;
for (; slen > 1; slen -= 2)
sum += *sp++;
if (slen)
sum += ntohs(*(u_char *)sp << 8);
while (sum > 0xffff)
sum = (sum & 0xffff) + (sum >> 16);
sum2 = (u_short)(~sum & 0xffff);
#endif /* KERNEL */
tcp->th_sum = ts;
return sum2;
@ -1495,7 +1501,7 @@ tcphdr_t *tcp;
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
* $Id: fil.c,v 2.35.2.59 2002/03/25 11:07:37 darrenr Exp $
* $Id: fil.c,v 2.35.2.60 2002/04/26 10:20:34 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@ -2160,3 +2166,15 @@ int icmptoicmp6unreach[ICMP_MAX_UNREACH] = {
ICMP6_DST_UNREACH_ADMIN, /* 13: ICMP_UNREACH_ADMIN_PROHIBIT */
};
#endif
#ifndef _KERNEL
int mbuflen(buf)
mb_t *buf;
{
ip_t *ip;
ip = (ip_t *)buf;
return ip->ip_len;
}
#endif

7
sys/contrib/ipfilter/netinet/ip_compat.h
View File

@ -4,7 +4,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_compat.h 1.8 1/14/96
* $Id: ip_compat.h,v 2.26.2.43 2002/04/23 16:08:50 darrenr Exp $
* $Id: ip_compat.h,v 2.26.2.44 2002/04/25 16:32:15 darrenr Exp $
*/
#ifndef __IP_COMPAT_H__
@ -252,7 +252,7 @@ typedef u_int32_t u_32_t;
# define USE_INET6
# endif
# endif
# if !defined(_KERNEL) && !defined(IPFILTER_LKM)
# if !defined(_KERNEL) && !defined(IPFILTER_LKM) && !defined(USE_INET6)
# if (defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)) || \
(defined(OpenBSD) && (OpenBSD >= 200111)) || \
(defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000))
@ -572,7 +572,8 @@ extern void m_copyback __P((struct mbuf *, int, int, caddr_t));
# endif
# if (BSD >= 199306) || defined(__FreeBSD__)
# if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
defined(__FreeBSD__) || defined(__OpenBSD__) || defined(_BSDI_VERSION)
defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
defined(_BSDI_VERSION)
# include <vm/vm.h>
# endif
# if !defined(__FreeBSD__) || (defined (__FreeBSD_version) && \

67
sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
View File

@ -2,7 +2,7 @@
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
* $Id: ip_ftp_pxy.c,v 2.7.2.33 2002/02/15 14:48:38 darrenr Exp $
* $Id: ip_ftp_pxy.c,v 2.7.2.34 2002/04/26 10:22:45 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@ -184,7 +184,11 @@ int dlen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if SOLARIS
#if !defined(_KERNEL)
m = *((mb_t **)fin->fin_mp);
bcopy(newbuf, (char *)m + off, nlen);
#else
# if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
@ -210,7 +214,7 @@ int dlen;
m1->b_wptr += inc;
}
copyin_mblk(m, off, nlen, newbuf);
#else
# else
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
@ -220,9 +224,10 @@ int dlen;
if (!(m->m_flags & M_PKTHDR))
m->m_pkthdr.len += inc;
# endif
# endif
#endif
if (inc != 0) {
#if SOLARIS || defined(__sgi)
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
register u_32_t sum1, sum2;
sum1 = ip->ip_len;
@ -269,6 +274,7 @@ int dlen;
tcp2->th_win = htons(8192);
tcp2->th_sport = htons(sp);
tcp2->th_off = 5;
tcp2->th_flags = TH_SYN;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
fi.fin_data[1] = 0;
fi.fin_dlen = sizeof(*tcp2);
@ -452,7 +458,11 @@ int dlen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if SOLARIS
#if !defined(_KERNEL)
m = *((mb_t **)fin->fin_mp);
m_copyback(m, off, nlen, newbuf);
#else
# if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
@ -475,15 +485,16 @@ int dlen;
m1->b_wptr += inc;
}
/*copyin_mblk(m, off, nlen, newbuf);*/
#else /* SOLARIS */
# else /* SOLARIS */
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
/*m_copyback(m, off, nlen, newbuf);*/
#endif /* SOLARIS */
# endif /* SOLARIS */
#endif /* _KERNEL */
if (inc != 0) {
#if SOLARIS || defined(__sgi)
#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
register u_32_t sum1, sum2;
sum1 = ip->ip_len;
@ -520,6 +531,7 @@ int dlen;
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
tcp2->th_flags = TH_SYN;
fi.fin_data[1] = a5 << 8 | a6;
fi.fin_dlen = sizeof(*tcp2);
tcp2->th_dport = htons(fi.fin_data[1]);
@ -721,17 +733,22 @@ int rv;
tcp = (tcphdr_t *)fin->fin_dp;
off = fin->fin_hlen + (tcp->th_off << 2);
#if SOLARIS
#if SOLARIS && defined(_KERNEL)
m = fin->fin_qfm;
#else
m = *((mb_t **)fin->fin_mp);
#endif
#if SOLARIS
mlen = msgdsize(m) - off;
#ifndef _KERNEL
mlen = mbuflen(m);
#else
mlen = mbufchainlen(m) - off;
# if SOLARIS
mlen = msgdsize(m);
# else
mlen = mbufchainlen(m);
# endif
#endif
mlen -= off;
t = &ftp->ftp_side[1 - rv];
f = &ftp->ftp_side[rv];
@ -743,15 +760,18 @@ int rv;
return 0;
}
inc = 0;
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
i = 0;
sel = nat->nat_aps->aps_sel[1 - rv];
if (rv)
if (rv) {
if (nat->nat_aps->aps_ackmin[sel] > ntohl(tcp->th_seq))
i = nat->nat_aps->aps_ackoff[sel];
else
} else {
if (nat->nat_aps->aps_seqmin[sel] > ntohl(tcp->th_seq))
i = nat->nat_aps->aps_seqoff[sel];
}
/*
* XXX - Ideally, this packet should get dropped because we now know
* that it is out of order (and there is no real danger in doing so
@ -759,18 +779,26 @@ int rv;
*/
if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq))
f->ftps_seq = ntohl(tcp->th_seq);
else if (ntohl(tcp->th_seq) + i != f->ftps_seq) {
else {
inc = ntohl(tcp->th_seq) - f->ftps_seq;
if (inc > i) {
return APR_ERR(1);
}
}
inc = 0;
f->ftps_len = mlen;
while (mlen > 0) {
len = MIN(mlen, FTP_BUFSZ / 2);
#if SOLARIS
copyout_mblk(m, off, len, wptr);
#if !defined(_KERNEL)
bcopy((char *)m + off, wptr, len);
#else
# if SOLARIS
copyout_mblk(m, off, len, wptr);
# else
m_copydata(m, off, len, wptr);
# endif
#endif
mlen -= len;
off += len;
@ -800,8 +828,9 @@ int rv;
* Off to a bad start so lets just forget about using the
* ftp proxy for this connection.
*/
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1))
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) {
return APR_ERR(2);
}
while ((f->ftps_junk == 1) && (rptr < wptr)) {
while ((rptr < wptr) && (*rptr != '\r'))

5
sys/contrib/ipfilter/netinet/ip_log.c
View File

@ -3,13 +3,14 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: ip_log.c,v 2.5.2.18 2002/03/26 15:54:40 darrenr Exp $
* $Id: ip_log.c,v 2.5.2.19 2002/04/25 16:32:48 darrenr Exp $
*/
#include <sys/param.h>
#if defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM)
#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
defined(_KERNEL)
# include "opt_ipfilter_log.h"
#endif
#ifdef __FreeBSD__

9
sys/contrib/ipfilter/netinet/ip_nat.c
View File

@ -109,7 +109,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.66 2002/04/23 14:58:27 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.67 2002/04/27 15:23:39 darrenr Exp $";
#endif
nat_t **nat_table[2] = { NULL, NULL },
@ -1768,7 +1768,6 @@ int dir;
sumd2 = sumd;
}
#if 1
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
@ -1788,7 +1787,6 @@ int dir;
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
}
#endif
} else {
/*
@ -1837,7 +1835,6 @@ int dir;
sumd2 = sumd;
}
#if 1
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
@ -1856,9 +1853,7 @@ int dir;
*/
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
};
#endif
}
#endif
}

4
sys/contrib/ipfilter/netinet/ip_proxy.c
View File

@ -75,7 +75,7 @@
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.21 2002/03/06 09:44:14 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.22 2002/04/26 10:23:17 darrenr Exp $";
#endif
#if defined(_KERNEL) && (SOLARIS || defined(__sgi))
@ -91,8 +91,8 @@ static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int ));
#define AP_SESS_SIZE 53
#if defined(_KERNEL)
#include "netinet/ip_ftp_pxy.c"
#if defined(_KERNEL)
#include "netinet/ip_rcmd_pxy.c"
#include "netinet/ip_raudio_pxy.c"
#include "netinet/ip_netbios_pxy.c"

58
sys/contrib/ipfilter/netinet/ip_state.c
View File

@ -93,7 +93,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.66 2002/04/15 12:14:03 darrenr Exp $";
static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.70 2002/04/27 16:06:15 darrenr Exp $";
#endif
#ifndef MIN
@ -683,11 +683,18 @@ u_int flags;
hv += is->is_sport;
hv += is->is_dport;
}
if ((flags & FI_IGNOREPKT) == 0) {
is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
(off = (tcp->th_off << 2)) +
((tcp->th_flags & TH_SYN) ? 1 : 0) +
((tcp->th_flags & TH_FIN) ? 1 : 0);
is->is_maxsend = is->is_send;
if ((tcp->th_flags & TH_SYN) &&
((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
is->is_swscale = fr_tcpoptions(tcp);
}
is->is_maxdwin = 1;
is->is_maxswin = ntohs(tcp->th_win);
if (is->is_maxswin == 0)
@ -696,10 +703,6 @@ u_int flags;
if ((tcp->th_flags & TH_OPENING) == TH_SYN)
is->is_fsm = 1;
if ((tcp->th_flags & TH_SYN) &&
((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
is->is_swscale = fr_tcpoptions(tcp);
/*
* If we're creating state for a starting connection, start the
* timer on it as we'll never see an error if it fails to
@ -970,7 +973,7 @@ tcphdr_t *tcp;
}
}
MUTEX_EXIT(&is->is_lock);
if ((ret == 0) && (tcp->th_flags != TH_SYN))
if ((ret == 0) && ((tcp->th_flags & TH_OPENING) != TH_SYN))
fin->fin_misc |= FM_BADSTATE;
return ret;
}
@ -1224,6 +1227,10 @@ fr_info_t *fin;
*/
bzero((char *)&src, sizeof(src));
bzero((char *)&dst, sizeof(dst));
bzero((char *)&ofin, sizeof(ofin));
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_v = 4;
fr = NULL;
switch (oip->ip_p)
@ -1258,12 +1265,8 @@ fr_info_t *fin;
savelen = oip->ip_len;
oip->ip_len = len;
ofin.fin_v = 4;
fr_makefrip(ohlen, oip, &ofin);
oip->ip_len = savelen;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
@ -1312,12 +1315,8 @@ fr_info_t *fin;
*/
savelen = oip->ip_len;
oip->ip_len = len;
ofin.fin_v = 4;
fr_makefrip(ohlen, oip, &ofin);
oip->ip_len = savelen;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
/*
@ -1847,7 +1846,7 @@ int dir, fsm;
break;
case TCPS_SYN_SENT: /* 2 */
if (flags == TH_SYN) {
if ((flags & ~(TH_ECN|TH_CWR)) == TH_SYN) {
/*
* A retransmitted SYN packet. We do not reset the
* timeout here to fr_tcptimeout because a connection
@ -1893,6 +1892,12 @@ int dir, fsm;
*/
state[dir] = TCPS_ESTABLISHED;
newage = fr_tcpidletimeout;
} else if ((flags & ~(TH_ECN|TH_CWR)) == TH_OPENING) {
/*
* We see an SA from 'dir' which is already in
* SYN_RECEIVED state.
*/
newage = fr_tcptimeout;
} else if (flags & TH_FIN) {
/*
* We see an F from 'dir' which is in SYN_RECEIVED
@ -1987,6 +1992,8 @@ int dir, fsm;
* timeout
*/
newage = fr_tcplastack;
else
newage = *age;
}
/*
* We cannot detect when we go out of LAST_ACK state to CLOSED
@ -2094,6 +2101,15 @@ fr_info_t *fin;
if (fin->fin_plen < sizeof(*oip))
return NULL;
if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP) &&
(oip->ip6_nxt != IPPROTO_ICMPV6))
return NULL;
bzero((char *)&ofin, sizeof(ofin));
ofin.fin_out = !fin->fin_out;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_v = 6;
if (oip->ip6_nxt == IPPROTO_ICMPV6) {
oic = (struct icmp6_hdr *)(oip + 1);
/*
@ -2119,12 +2135,8 @@ fr_info_t *fin;
hv %= fr_statesize;
oip->ip6_plen = ntohs(oip->ip6_plen);
ofin.fin_v = 6;
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
oip->ip6_plen = htons(oip->ip6_plen);
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
@ -2149,10 +2161,8 @@ fr_info_t *fin;
RWLOCK_EXIT(&ipf_state);
return NULL;
};
}
if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP))
return NULL;
tcp = (tcphdr_t *)(oip + 1);
dport = tcp->th_dport;
sport = tcp->th_sport;
@ -2183,12 +2193,8 @@ fr_info_t *fin;
*/
savelen = oip->ip6_plen;
oip->ip6_plen = ip->ip6_plen - sizeof(*ip) - ICMPERR_ICMPHLEN;
ofin.fin_v = 6;
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
oip->ip6_plen = savelen;
ofin.fin_ifp = fin->fin_ifp;
ofin.fin_out = !fin->fin_out;
ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
/*

4
sys/contrib/ipfilter/netinet/ipl.h
View File

@ -4,12 +4,12 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipl.h 1.21 6/5/96
* $Id: ipl.h,v 2.15.2.32 2002/04/23 14:59:13 darrenr Exp $
* $Id: ipl.h,v 2.15.2.33 2002/04/27 14:53:48 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
#define IPL_VERSION "IP Filter: v3.4.26"
#define IPL_VERSION "IP Filter: v3.4.27"
#endif