fix conflicts from rcsids

contrib/ipfilter/fil.c

@@ -274,6 +274,16 @@ fr_info_t *fin;
 		int minicmpsz = sizeof(struct icmp);
 		icmphdr_t *icmp;
 
+		if (fin->fin_dlen > 1)
+			fin->fin_data[0] = *(u_short *)tcp;
+
+		if ((!(plen >= hlen + minicmpsz) && !off) ||
+		    (off && off < sizeof(struct icmp))) {
+			fi->fi_fl |= FI_SHORT;
+			if (fin->fin_dlen < 2)
+				break;
+		}
+
 		icmp = (icmphdr_t *)tcp;
 
 		if (!off && (icmp->icmp_type == ICMP_ECHOREPLY ||
@@ -291,11 +301,6 @@ fr_info_t *fin;
 		    icmp->icmp_type == ICMP_MASKREPLY))
 			minicmpsz = 12;
 
-		if ((!(plen >= hlen + minicmpsz) && !off) ||
-		    (off && off < sizeof(struct icmp)))
-			fi->fi_fl |= FI_SHORT;
-		if (fin->fin_dlen > 1)
-			fin->fin_data[0] = *(u_short *)tcp;
 		break;
 	}
 	case IPPROTO_TCP :
@@ -740,6 +745,7 @@ int out;
 
 #ifdef	_KERNEL
 	mb_t *mc = NULL;
+	int p, len;
 # if !defined(__SVR4) && !defined(__svr4__)
 #  ifdef __sgi
 	char hbuf[(0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8];
@@ -764,13 +770,26 @@ int out;
 	}
 #  endif /* CSUM_DELAY_DATA */
 
+# ifdef	USE_INET6
+	if (v == 6) {
+		len = ntohs(((ip6_t*)ip)->ip6_plen);
+		p = ((ip6_t *)ip)->ip6_nxt;
+	} else
+# endif
+	{
+		p = ip->ip_p;
+		len = ip->ip_len;
+	}
 
-	if ((ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP ||
-	     ip->ip_p == IPPROTO_ICMP)) {
+	if ((p == IPPROTO_TCP || p == IPPROTO_UDP || p == IPPROTO_ICMP
+# ifdef USE_INET6
+	    || (v == 6 && p == IPPROTO_ICMPV6)
+# endif
+	   )) {
 		int plen = 0;
 
-		if ((ip->ip_off & IP_OFFMASK) == 0)
-			switch(ip->ip_p)
+		if ((v == 6) || (ip->ip_off & IP_OFFMASK) == 0)
+			switch(p)
 			{
 			case IPPROTO_TCP:
 				plen = sizeof(tcphdr_t);
@@ -780,10 +799,13 @@ int out;
 				break;
 			/* 96 - enough for complete ICMP error IP header */
 			case IPPROTO_ICMP:
+# ifdef USE_INET6
+	    		case IPPROTO_ICMPV6 :
+# endif
 				plen = ICMPERR_MAXPKTLEN - sizeof(ip_t);
 				break;
 			}
-		up = MIN(hlen + plen, ip->ip_len);
+		up = MIN(hlen + plen, len);
 
 		if (up > m->m_len) {
 #  ifdef __sgi
@@ -830,8 +852,8 @@ int out;
 		ip->ip_id = ntohs(ip->ip_id);
 
 	changed = 0;
-	fin->fin_v = v;
 	fin->fin_ifp = ifp;
+	fin->fin_v = v;
 	fin->fin_out = out;
 	fin->fin_mp = mp;
 	fr_makefrip(hlen, ip, fin);
@@ -1376,7 +1398,7 @@ tcphdr_t *tcp;
  * SUCH DAMAGE.
  *
  *	@(#)uipc_mbuf.c	8.2 (Berkeley) 1/4/94
- * $Id: fil.c,v 2.35.2.20 2000/08/13 04:15:43 darrenr Exp $
+ * $Id: fil.c,v 2.35.2.26 2000/10/24 11:58:17 darrenr Exp $
  */
 /*
  * Copy data from an mbuf chain starting "off" bytes from the beginning,
@@ -1855,7 +1877,7 @@ size_t c;
 	int err;
 
 #if SOLARIS
-	if (copyin(a, &ca, sizeof(ca)))
+	if (copyin(a, (char *)&ca, sizeof(ca)))
 		return EFAULT;
 #else
 	bcopy(a, &ca, sizeof(ca));
@@ -1875,7 +1897,7 @@ size_t c;
 	int err;
 
 #if SOLARIS
-	if (copyin(b, &ca, sizeof(ca)))
+	if (copyin(b, (char *)&ca, sizeof(ca)))
 		return EFAULT;
 #else
 	bcopy(b, &ca, sizeof(ca));
@@ -1969,6 +1991,15 @@ friostat_t *fiop;
 	fiop->f_acctin6[1] = ipacct6[0][1];
 	fiop->f_acctout6[0] = ipacct6[1][0];
 	fiop->f_acctout6[1] = ipacct6[1][1];
+#else
+	fiop->f_fin6[0] = NULL;
+	fiop->f_fin6[1] = NULL;
+	fiop->f_fout6[0] = NULL;
+	fiop->f_fout6[1] = NULL;
+	fiop->f_acctin6[0] = NULL;
+	fiop->f_acctin6[1] = NULL;
+	fiop->f_acctout6[0] = NULL;
+	fiop->f_acctout6[1] = NULL;
 #endif
 	fiop->f_active = fr_active;
 	fiop->f_froute[0] = ipl_frouteok[0];

contrib/ipfilter/ipmon.c

@@ -692,7 +692,7 @@ int	blen;
 		p = (u_short)ip->ip_p;
 		s = (u_32_t *)&ip->ip_src;
 		d = (u_32_t *)&ip->ip_dst;
-		plen = ntohs(ip->ip_len);
+		plen = ip->ip_len;
 	} else {
 		goto printipflog;
 	}

contrib/ipfilter/man/ipf.4

@@ -12,33 +12,33 @@ To add and delete rules to the filter list, three 'basic' ioctls are provided
 for use.  The ioctl's are called as:
 .LP
 .nf
-	ioctl(fd, SIOCADDFR, struct frentry *)
-	ioctl(fd, SIOCDELFR, struct frentry *)
+	ioctl(fd, SIOCADDFR, struct frentry **)
+	ioctl(fd, SIOCDELFR, struct frentry **)
 	ioctl(fd, SIOCIPFFL, int *)
 .fi
 .PP
 However, the full complement is as follows:
 .LP
 .nf
-	ioctl(fd, SIOCADAFR, struct frentry *) (same as SUICADDFR)
-	ioctl(fd, SIOCRMAFR, struct frentry *) (same as SUICDELFR)
-	ioctl(fd, SIOCADIFR, struct frentry *)
-	ioctl(fd, SIOCRMIFR, struct frentry *)
-	ioctl(fd, SIOCINAFR, struct frentry *)
-	ioctl(fd, SIOCINIFR, struct frentry *)
+	ioctl(fd, SIOCADAFR, struct frentry **) (same as SIOCADDFR)
+	ioctl(fd, SIOCRMAFR, struct frentry **) (same as SIOCDELFR)
+	ioctl(fd, SIOCADIFR, struct frentry **)
+	ioctl(fd, SIOCRMIFR, struct frentry **)
+	ioctl(fd, SIOCINAFR, struct frentry **)
+	ioctl(fd, SIOCINIFR, struct frentry **)
 	ioctl(fd, SIOCSETFF, u_int *)
 	ioctl(fd, SIOGGETFF, u_int *)
-	ioctl(fd, SIOCGETFS, struct friostat *)
+	ioctl(fd, SIOCGETFS, struct friostat **)
 	ioctl(fd, SIOCIPFFL, int *)
 	ioctl(fd, SIOCIPFFB, int *)
 	ioctl(fd, SIOCSWAPA, u_int *)
 	ioctl(fd, SIOCFRENB, u_int *)
 	ioctl(fd, SIOCFRSYN, u_int *)
-	ioctl(fd, SIOCFRZST, struct friostat *)
-	ioctl(fd, SIOCZRLST, struct frentry *)
-	ioctl(fd, SIOCAUTHW, struct fr_info *)
-	ioctl(fd, SIOCAUTHR, struct fr_info *)
-	ioctl(fd, SIOCATHST, struct fr_authstat *)
+	ioctl(fd, SIOCFRZST, struct friostat **)
+	ioctl(fd, SIOCZRLST, struct frentry **)
+	ioctl(fd, SIOCAUTHW, struct fr_info **)
+	ioctl(fd, SIOCAUTHR, struct fr_info **)
+	ioctl(fd, SIOCATHST, struct fr_authstat **)
 .fi
 .PP
 The variations, SIOCADAFR vs. SIOCADIFR, allow operation on the two lists,
@@ -108,7 +108,7 @@ filter list, the number of the rule which it is to be inserted before must
 be put in the "fr_hits" field (the first rule is number 0).
 .LP
 .PP
-Flags which are recognised in fr_pass:
+Flags which are recognised in fr_flags:
 .nf
 
      FR_BLOCK        0x000001   /* do not allow packet to pass */

contrib/ipfilter/man/ipf.5

@@ -32,7 +32,7 @@ proto	= "proto" protocol .
 ip	= srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
 group	= [ "head" decnumber ] [ "group" decnumber ] .
 
-block	= "block" [ icmp[return-code] | "return-rst" ] .
+block	= "block" [ return-icmp[return-code] | "return-rst" ] .
 auth    = "auth" | "preauth" .
 log	= "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
 call	= "call" [ "now" ] function-name .
@@ -43,7 +43,7 @@ protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
 srcdst	= "all" | fromto .
 fromto	= "from" [ "!" ] object "to" [ "!" ] object .
 
-icmp	= "return-icmp" | "return-icmp-as-dest" .
+return-icmp = "return-icmp" | "return-icmp-as-dest" .
 object	= addr [ port-comp | port-range ] .
 addr	= "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
 port-comp = "port" compare port-num .

contrib/ipfilter/man/ipmon.8

@@ -150,7 +150,7 @@ show the packet data in hex.
 show the log header record data in hex.
 .SH DIAGNOSTICS
 \fBipmon\fP expects data that it reads to be consistent with how it should be
-saved and will abort if it fails an assertion which detects an anomoly in the
+saved and will abort if it fails an assertion which detects an anomaly in the
 recorded data.
 .SH FILES
 /dev/ipl

contrib/ipfilter/man/ipnat.4

@@ -16,8 +16,10 @@ To add and delete rules to the NAT list, two 'basic' ioctls are provided
 for use.  The ioctl's are called as:
 .LP
 .nf
-	ioctl(fd, SIOCADNAT, struct ipnat *)
-	ioctl(fd, SIOCRMNAT, struct ipnat *)
+	ioctl(fd, SIOCADNAT, struct ipnat **)
+	ioctl(fd, SIOCRMNAT, struct ipnat **)
+	ioctl(fd, SIOCGNATS, struct natstat **)
+	ioctl(fd, SIOCGNATL, struct natlookup **)
 .fi
 .PP
 Unlike \fBipf(4)\fP, there is only a single list supported by the kernel NAT