From 7ee09247502caaf9063c5d6ba733231a70de09ef Mon Sep 17 00:00:00 2001 From: guido Date: Fri, 30 Dec 2005 11:52:26 +0000 Subject: [PATCH] Resolve conflicts (and believe me...you don't want to know). --- contrib/ipfilter/Makefile | 24 ++++++++- contrib/ipfilter/bpf_filter.c | 2 +- contrib/ipfilter/ipf.h | 3 +- contrib/ipfilter/iplang/iplang_l.l | 2 +- contrib/ipfilter/iplang/iplang_y.y | 8 ++- contrib/ipfilter/ipmon.h | 2 +- contrib/ipfilter/ipsd/ipsd.c | 2 +- contrib/ipfilter/ipsd/ipsdr.c | 2 +- contrib/ipfilter/ipsend/arp.c | 4 +- contrib/ipfilter/ipsend/ip.c | 2 +- contrib/ipfilter/ipsend/ipresend.c | 2 +- contrib/ipfilter/ipsend/ipsend.c | 2 +- contrib/ipfilter/ipsend/ipsopt.c | 2 +- contrib/ipfilter/ipsend/iptest.c | 2 +- contrib/ipfilter/ipsend/iptests.c | 4 +- contrib/ipfilter/ipsend/larp.c | 2 +- contrib/ipfilter/ipsend/lsock.c | 2 +- contrib/ipfilter/ipsend/resend.c | 2 +- contrib/ipfilter/ipsend/sbpf.c | 2 +- contrib/ipfilter/ipsend/sdlpi.c | 2 +- contrib/ipfilter/ipsend/slinux.c | 2 +- contrib/ipfilter/ipsend/snit.c | 2 +- contrib/ipfilter/ipsend/sock.c | 2 +- contrib/ipfilter/ipsend/tcpip.h | 2 +- contrib/ipfilter/ipt.h | 2 +- contrib/ipfilter/kmem.h | 2 +- contrib/ipfilter/lib/addicmp.c | 2 +- contrib/ipfilter/lib/addipopt.c | 2 +- contrib/ipfilter/lib/addkeep.c | 2 +- contrib/ipfilter/lib/binprint.c | 2 +- contrib/ipfilter/lib/buildopts.c | 2 +- contrib/ipfilter/lib/checkrev.c | 2 +- contrib/ipfilter/lib/count4bits.c | 2 +- contrib/ipfilter/lib/count6bits.c | 2 +- contrib/ipfilter/lib/debug.c | 2 +- contrib/ipfilter/lib/extras.c | 2 +- contrib/ipfilter/lib/facpri.c | 8 +-- contrib/ipfilter/lib/facpri.h | 2 +- contrib/ipfilter/lib/fill6bits.c | 2 +- contrib/ipfilter/lib/flags.c | 2 +- contrib/ipfilter/lib/genmask.c | 2 +- contrib/ipfilter/lib/getline.c | 2 +- contrib/ipfilter/lib/getnattype.c | 2 +- contrib/ipfilter/lib/getproto.c | 8 +++ contrib/ipfilter/lib/hostmask.c | 2 +- contrib/ipfilter/lib/hostnum.c | 2 +- contrib/ipfilter/lib/icmpcode.c | 2 +- contrib/ipfilter/lib/inet_addr.c | 2 +- contrib/ipfilter/lib/initparse.c | 2 +- contrib/ipfilter/lib/ionames.c | 2 +- contrib/ipfilter/lib/ipft_ef.c | 4 +- contrib/ipfilter/lib/ipft_hx.c | 8 +-- contrib/ipfilter/lib/ipft_pc.c | 33 ++++++++++--- contrib/ipfilter/lib/ipft_sn.c | 4 +- contrib/ipfilter/lib/ipft_td.c | 4 +- contrib/ipfilter/lib/ipft_tx.c | 23 ++++++--- contrib/ipfilter/lib/ipoptsec.c | 2 +- contrib/ipfilter/lib/kmem.c | 7 +-- contrib/ipfilter/lib/kmem.h | 2 +- contrib/ipfilter/lib/load_hash.c | 6 +-- contrib/ipfilter/lib/load_hashnode.c | 2 +- contrib/ipfilter/lib/load_pool.c | 9 ++-- contrib/ipfilter/lib/load_poolnode.c | 2 +- contrib/ipfilter/lib/loglevel.c | 2 +- contrib/ipfilter/lib/make_range.c | 2 +- contrib/ipfilter/lib/nat_setgroupmap.c | 2 +- contrib/ipfilter/lib/natparse.c | 2 +- contrib/ipfilter/lib/optname.c | 2 +- contrib/ipfilter/lib/optprint.c | 2 +- contrib/ipfilter/lib/optprintv6.c | 2 +- contrib/ipfilter/lib/optvalue.c | 2 +- contrib/ipfilter/lib/parse.c | 2 +- contrib/ipfilter/lib/portname.c | 2 +- contrib/ipfilter/lib/portnum.c | 2 +- contrib/ipfilter/lib/ports.c | 2 +- contrib/ipfilter/lib/print_toif.c | 2 +- contrib/ipfilter/lib/printactivenat.c | 2 +- contrib/ipfilter/lib/printaps.c | 2 +- contrib/ipfilter/lib/printbuf.c | 2 +- contrib/ipfilter/lib/printfr.c | 57 ++++++++++++++++----- contrib/ipfilter/lib/printfraginfo.c | 2 +- contrib/ipfilter/lib/printhostmap.c | 5 +- contrib/ipfilter/lib/printhostmask.c | 2 +- contrib/ipfilter/lib/printifname.c | 2 +- contrib/ipfilter/lib/printip.c | 2 +- contrib/ipfilter/lib/printlog.c | 11 ++--- contrib/ipfilter/lib/printmask.c | 2 +- contrib/ipfilter/lib/printnat.c | 46 ++++++----------- contrib/ipfilter/lib/printpacket.c | 5 +- contrib/ipfilter/lib/printportcmp.c | 2 +- contrib/ipfilter/lib/printstate.c | 4 +- contrib/ipfilter/lib/ratoi.c | 2 +- contrib/ipfilter/lib/ratoui.c | 2 +- contrib/ipfilter/lib/remove_hash.c | 2 +- contrib/ipfilter/lib/remove_hashnode.c | 2 +- contrib/ipfilter/lib/remove_pool.c | 2 +- contrib/ipfilter/lib/remove_poolnode.c | 2 +- contrib/ipfilter/lib/tcp_flags.c | 2 +- contrib/ipfilter/lib/tcpflags.c | 2 +- contrib/ipfilter/lib/tcpoptnames.c | 2 +- contrib/ipfilter/lib/to_interface.c | 2 +- contrib/ipfilter/lib/v6ionames.c | 3 +- contrib/ipfilter/lib/v6optvalue.c | 2 +- contrib/ipfilter/lib/verbose.c | 2 +- contrib/ipfilter/man/ipf.5 | 7 ++- contrib/ipfilter/man/ipftest.1 | 18 ++++++- contrib/ipfilter/man/ipmon.8 | 10 +++- contrib/ipfilter/man/ipnat.5 | 3 +- contrib/ipfilter/man/ipnat.8 | 6 +-- contrib/ipfilter/mlfk_rule.c | 2 +- contrib/ipfilter/opts.h | 2 +- contrib/ipfilter/radix.c | 6 +++ contrib/ipfilter/radix_ipf.h | 12 +++-- contrib/ipfilter/samples/proxy.c | 4 +- contrib/ipfilter/samples/relay.c | 6 +-- contrib/ipfilter/snoop.h | 2 +- contrib/ipfilter/tools/ipf.c | 2 +- contrib/ipfilter/tools/ipf_y.y | 31 ++++++------ contrib/ipfilter/tools/ipfcomp.c | 2 +- contrib/ipfilter/tools/ipfstat.c | 17 +++++-- contrib/ipfilter/tools/ipftest.c | 68 ++++++++++++++++++-------- contrib/ipfilter/tools/ipmon.c | 13 ++++- contrib/ipfilter/tools/ipnat.c | 2 +- contrib/ipfilter/tools/ipnat_y.y | 15 +++--- contrib/ipfilter/tools/ipsyncm.c | 2 +- contrib/ipfilter/tools/ipsyncs.c | 2 +- 126 files changed, 427 insertions(+), 255 deletions(-) diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile index 7b1d7d302e4c..7cbd4478665f 100644 --- a/contrib/ipfilter/Makefile +++ b/contrib/ipfilter/Makefile @@ -193,6 +193,15 @@ freebsd5: include else \ echo "#define INET6" > opt_inet6.h; \ fi + if [ "x$(IPFBPF)" = "x" ] ; then \ + echo "#undef NBPF" > opt_bpf.h; \ + echo "#undef NBPFILTER" > opt_bpf.h; \ + echo "#undef DEV_BPF" > opt_bpf.h; \ + else \ + echo "#define NBPF" > opt_bpf.h; \ + echo "#define NBPFILTER" > opt_bpf.h; \ + echo "#define DEV_BPF" > opt_bpf.h; \ + fi if [ x$(ENABLE_PFIL) = x ] ; then \ echo "#undef PFIL_HOOKS" > opt_pfil.h; \ else \ @@ -238,6 +247,11 @@ osf tru64: null include (cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..) (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) +aix: null include + make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`" + (cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) + bsd: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..) @@ -278,6 +292,7 @@ clean: clean-include (cd HPUX; $(MAKE) BITS=32 TOP=.. clean) (cd Linux; $(MAKE) TOP=.. clean) (cd OSF; $(MAKE) TOP=.. clean) + (cd AIX; $(MAKE) TOP=.. clean) if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi [ -d test ] && (cd test; $(MAKE) clean) (cd ipsend; $(MAKE) clean) @@ -296,6 +311,9 @@ clean-hpux: clean-include clean-osf: clean-include (cd OSF; make clean) +clean-aix: clean-include + (cd AIX; make clean) + clean-linux: clean-include (cd Linux; make clean) @@ -348,6 +366,10 @@ install-sunos4: solaris install-sunos5: solaris null (cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install) +install-aix: + (cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) + install-hpux: hpux (cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install) @@ -356,7 +378,6 @@ install-irix: irix install-osf install-tru64: (cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) - (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) do-cvs: find . -type d -name CVS -print | xargs /bin/rm -rf @@ -379,3 +400,4 @@ mdb: -DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \ -I/home/dr146992/pfil -I/home/dr146992/ipf -f \ /usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h + diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c index f5cc58821c80..730e6f83d3df 100644 --- a/contrib/ipfilter/bpf_filter.c +++ b/contrib/ipfilter/bpf_filter.c @@ -42,7 +42,7 @@ #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL)) static const char rcsid[] = - "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2 2003/08/19 16:49:58 darrenr Exp $ (LBL)"; + "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.1 2005/06/18 02:41:30 darrenr Exp $ (LBL)"; #endif #include diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h index 60a2013ac3af..a492eaad7395 100644 --- a/contrib/ipfilter/ipf.h +++ b/contrib/ipfilter/ipf.h @@ -6,7 +6,7 @@ * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 - * Id: ipf.h,v 2.71.2.6 2005/02/21 05:05:29 darrenr Exp + * $Id: ipf.h,v 2.71.2.7 2005/06/12 07:18:31 darrenr Exp $ */ #ifndef __IPF_H__ @@ -265,6 +265,7 @@ extern void printpacket6 __P((struct ip *)); extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, char *, int)); extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int)); +extern void printproto __P((struct protoent *, int, struct ipnat *)); extern void printportcmp __P((int, struct frpcmp *)); extern void optprint __P((u_short *, u_long, u_long)); #ifdef USE_INET6 diff --git a/contrib/ipfilter/iplang/iplang_l.l b/contrib/ipfilter/iplang/iplang_l.l index 71e478b05a0c..f356d0fb4465 100644 --- a/contrib/ipfilter/iplang/iplang_l.l +++ b/contrib/ipfilter/iplang/iplang_l.l @@ -6,7 +6,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp + * $Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp $ */ #include #include diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y index 22ea40bd19be..65266513fb29 100644 --- a/contrib/ipfilter/iplang/iplang_y.y +++ b/contrib/ipfilter/iplang/iplang_y.y @@ -1291,8 +1291,14 @@ void prep_packet() if (ifp->if_fd == -1) ifp->if_fd = initdevice(ifp->if_name, 5); gwip = sending.snd_gw; - if (!gwip.s_addr) + if (!gwip.s_addr) { + if (aniphead == NULL) { + fprintf(stderr, + "no destination address defined for sending\n"); + return; + } gwip = aniphead->ah_ip->ip_dst; + } (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); } diff --git a/contrib/ipfilter/ipmon.h b/contrib/ipfilter/ipmon.h index 6d14e52251c8..e297e10d6330 100644 --- a/contrib/ipfilter/ipmon.h +++ b/contrib/ipfilter/ipmon.h @@ -6,7 +6,7 @@ * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp + * $Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp $ */ diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c index 970b47ef26d2..ad3dfe20db99 100644 --- a/contrib/ipfilter/ipsd/ipsd.c +++ b/contrib/ipfilter/ipsd/ipsd.c @@ -34,7 +34,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c index df8b9a88afa5..5a907061c631 100644 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ b/contrib/ipfilter/ipsd/ipsdr.c @@ -35,7 +35,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c index f90fc3cea1fd..d519a548922e 100644 --- a/contrib/ipfilter/ipsend/arp.c +++ b/contrib/ipfilter/ipsend/arp.c @@ -7,11 +7,11 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: arp.c,v 2.8 2003/12/01 02:01:15 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $"; #endif #include #include -#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) +#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51) #include #endif #include diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c index cc9f6b9a5e1f..8d469efafa99 100644 --- a/contrib/ipfilter/ipsend/ip.c +++ b/contrib/ipfilter/ipsend/ip.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c index 3a11d83242e8..050aecf2093c 100644 --- a/contrib/ipfilter/ipsend/ipresend.c +++ b/contrib/ipfilter/ipsend/ipresend.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.c b/contrib/ipfilter/ipsend/ipsend.c index 06be7115d951..9994db8f67eb 100644 --- a/contrib/ipfilter/ipsend/ipsend.c +++ b/contrib/ipfilter/ipsend/ipsend.c @@ -6,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsopt.c b/contrib/ipfilter/ipsend/ipsopt.c index a85f1629713a..10f132e6da9a 100644 --- a/contrib/ipfilter/ipsend/ipsopt.c +++ b/contrib/ipfilter/ipsend/ipsopt.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptest.c b/contrib/ipfilter/ipsend/iptest.c index 0e81ec5b6f86..cc2ceb8ae2a1 100644 --- a/contrib/ipfilter/ipsend/iptest.c +++ b/contrib/ipfilter/ipsend/iptest.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptests.c b/contrib/ipfilter/ipsend/iptests.c index 51715d87e87c..90cbd62ddeee 100644 --- a/contrib/ipfilter/ipsend/iptests.c +++ b/contrib/ipfilter/ipsend/iptests.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.4 2005/06/12 07:18:39 darrenr Exp $"; #endif #include #include @@ -32,7 +32,7 @@ static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 dar # include #endif #if !defined(ultrix) && !defined(hpux) && !defined(linux) && \ - !defined(__sgi) && !defined(__osf__) + !defined(__sgi) && !defined(__osf__) && !defined(_AIX51) # include #endif #ifndef ultrix diff --git a/contrib/ipfilter/ipsend/larp.c b/contrib/ipfilter/ipsend/larp.c index 1e0b1697f93f..ccb70cc29368 100644 --- a/contrib/ipfilter/ipsend/larp.c +++ b/contrib/ipfilter/ipsend/larp.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/lsock.c b/contrib/ipfilter/ipsend/lsock.c index 8c6616db986d..27cc37e1d08b 100644 --- a/contrib/ipfilter/ipsend/lsock.c +++ b/contrib/ipfilter/ipsend/lsock.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c index fb2d8bd50ac3..9290693855fe 100644 --- a/contrib/ipfilter/ipsend/resend.c +++ b/contrib/ipfilter/ipsend/resend.c @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sbpf.c b/contrib/ipfilter/ipsend/sbpf.c index c25a4232a467..78b75b3157d9 100644 --- a/contrib/ipfilter/ipsend/sbpf.c +++ b/contrib/ipfilter/ipsend/sbpf.c @@ -45,7 +45,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp $"; #endif /* diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c index 3ff9d4b3c82c..5b5835940797 100644 --- a/contrib/ipfilter/ipsend/sdlpi.c +++ b/contrib/ipfilter/ipsend/sdlpi.c @@ -48,7 +48,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/slinux.c b/contrib/ipfilter/ipsend/slinux.c index 1021acf6d3c0..7e37b3087f97 100644 --- a/contrib/ipfilter/ipsend/slinux.c +++ b/contrib/ipfilter/ipsend/slinux.c @@ -30,7 +30,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95"; -static const char rcsid[] = "@(#)Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/snit.c b/contrib/ipfilter/ipsend/snit.c index b57609b0240c..0ef7e5444841 100644 --- a/contrib/ipfilter/ipsend/snit.c +++ b/contrib/ipfilter/ipsend/snit.c @@ -41,7 +41,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sock.c b/contrib/ipfilter/ipsend/sock.c index 5020a4aaf234..8c7bfcc5fd50 100644 --- a/contrib/ipfilter/ipsend/sock.c +++ b/contrib/ipfilter/ipsend/sock.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/tcpip.h b/contrib/ipfilter/ipsend/tcpip.h index c6094343fc2e..34178931a978 100644 --- a/contrib/ipfilter/ipsend/tcpip.h +++ b/contrib/ipfilter/ipsend/tcpip.h @@ -29,7 +29,7 @@ * SUCH DAMAGE. * * @(#)tcpip.h 8.1 (Berkeley) 6/10/93 - * Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp + * $Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp $ */ #ifndef _NETINET_TCPIP_H_ diff --git a/contrib/ipfilter/ipt.h b/contrib/ipfilter/ipt.h index 57d8b46e5048..958c46518691 100644 --- a/contrib/ipfilter/ipt.h +++ b/contrib/ipfilter/ipt.h @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp + * $Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp $ */ #ifndef __IPT_H__ diff --git a/contrib/ipfilter/kmem.h b/contrib/ipfilter/kmem.h index 38b97b453735..c0864b4fd911 100644 --- a/contrib/ipfilter/kmem.h +++ b/contrib/ipfilter/kmem.h @@ -4,7 +4,7 @@ * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index eb6e8a7afa59..884da7ba84d2 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp + * $Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c index e775184777f0..6dc7f48bb2ca 100644 --- a/contrib/ipfilter/lib/addipopt.c +++ b/contrib/ipfilter/lib/addipopt.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp + * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/addkeep.c b/contrib/ipfilter/lib/addkeep.c index 5765c52731ad..2ec8dde62d54 100644 --- a/contrib/ipfilter/lib/addkeep.c +++ b/contrib/ipfilter/lib/addkeep.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp + * $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c index 6d992182dbc5..b475aa130889 100644 --- a/contrib/ipfilter/lib/binprint.c +++ b/contrib/ipfilter/lib/binprint.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp + * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c index 92686f60b86a..7a8df09cc874 100644 --- a/contrib/ipfilter/lib/buildopts.c +++ b/contrib/ipfilter/lib/buildopts.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp + * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c index 882aeb7d58ad..97ed689d77e1 100644 --- a/contrib/ipfilter/lib/checkrev.c +++ b/contrib/ipfilter/lib/checkrev.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp + * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c index 56b4c86aea0e..b2aaa3b1df51 100644 --- a/contrib/ipfilter/lib/count4bits.c +++ b/contrib/ipfilter/lib/count4bits.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp + * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c index fe1bf4b33b4c..6011e964a846 100644 --- a/contrib/ipfilter/lib/count6bits.c +++ b/contrib/ipfilter/lib/count6bits.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp + * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c index 58974c1ea7dd..d5f6ab2dd281 100644 --- a/contrib/ipfilter/lib/debug.c +++ b/contrib/ipfilter/lib/debug.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp + * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/lib/extras.c b/contrib/ipfilter/lib/extras.c index 5d3c8dcaf3f5..926ec43d2462 100644 --- a/contrib/ipfilter/lib/extras.c +++ b/contrib/ipfilter/lib/extras.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp + * $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index 4637916a8be0..a1f9f6bec571 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp + * $Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $ */ #include @@ -22,7 +22,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $"; #endif @@ -42,10 +42,10 @@ table_t facs[] = { #else { "cron", LOG_CRON1 }, #endif -#ifdef LOG_FTP +#ifdef LOG_FTP { "ftp", LOG_FTP }, #endif -#ifdef LOG_AUTHPRIV +#ifdef LOG_AUTHPRIV { "authpriv", LOG_AUTHPRIV }, #endif #ifdef LOG_AUDIT diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h index c902086f4797..212cd15b18d7 100644 --- a/contrib/ipfilter/lib/facpri.h +++ b/contrib/ipfilter/lib/facpri.h @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp + * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $ */ #ifndef __FACPRI_H__ diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c index 12e657989e4a..ec34d4e859fd 100644 --- a/contrib/ipfilter/lib/fill6bits.c +++ b/contrib/ipfilter/lib/fill6bits.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp + * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c index 543d61b18622..1b9dc729f996 100644 --- a/contrib/ipfilter/lib/flags.c +++ b/contrib/ipfilter/lib/flags.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp + * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/genmask.c b/contrib/ipfilter/lib/genmask.c index 178c466ff290..2155f374b976 100644 --- a/contrib/ipfilter/lib/genmask.c +++ b/contrib/ipfilter/lib/genmask.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp + * $Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/getline.c b/contrib/ipfilter/lib/getline.c index 137068fa0296..2d3f9bdc0c90 100644 --- a/contrib/ipfilter/lib/getline.c +++ b/contrib/ipfilter/lib/getline.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c index 90d7ba400405..beb0a8a852d0 100644 --- a/contrib/ipfilter/lib/getnattype.c +++ b/contrib/ipfilter/lib/getnattype.c @@ -11,7 +11,7 @@ #include "kmem.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c index 2581e283765b..ec87490f6a31 100644 --- a/contrib/ipfilter/lib/getproto.c +++ b/contrib/ipfilter/lib/getproto.c @@ -14,6 +14,14 @@ char *name; if (*s == '\0') return atoi(name); +#ifdef _AIX51 + /* + * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 + */ + if (!strcasecmp(name, "ip")) + return 0; +#endif + p = getprotobyname(name); if (p != NULL) return p->p_proto; diff --git a/contrib/ipfilter/lib/hostmask.c b/contrib/ipfilter/lib/hostmask.c index b6ea5ad8ec83..ba33d483871c 100644 --- a/contrib/ipfilter/lib/hostmask.c +++ b/contrib/ipfilter/lib/hostmask.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp + * $Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostnum.c b/contrib/ipfilter/lib/hostnum.c index f517860b2fd3..78f93828b2c3 100644 --- a/contrib/ipfilter/lib/hostnum.c +++ b/contrib/ipfilter/lib/hostnum.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index c458d284487d..ac4501d01ba2 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/inet_addr.c b/contrib/ipfilter/lib/inet_addr.c index 287e5ff319e6..c7ae44375a5e 100644 --- a/contrib/ipfilter/lib/inet_addr.c +++ b/contrib/ipfilter/lib/inet_addr.c @@ -57,7 +57,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c index 1f565d259126..5f52f95c69af 100644 --- a/contrib/ipfilter/lib/initparse.c +++ b/contrib/ipfilter/lib/initparse.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp + * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c index 0f7060b2b958..5d7d2ac38e5c 100644 --- a/contrib/ipfilter/lib/ionames.c +++ b/contrib/ipfilter/lib/ionames.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp + * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c index b9a7054d3d73..9e2093f8a01e 100644 --- a/contrib/ipfilter/lib/ipft_ef.c +++ b/contrib/ipfilter/lib/ipft_ef.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -33,7 +33,7 @@ etherfind -n -t #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $"; #endif static int etherf_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c index 4e0f98ea2ca5..efc0a413341c 100644 --- a/contrib/ipfilter/lib/ipft_hx.c +++ b/contrib/ipfilter/lib/ipft_hx.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_hx.c,v 1.11.4.1 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $"; #endif #include @@ -83,7 +83,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { printf("input: %s", line); } @@ -108,7 +108,7 @@ int cnt, *dir; s = line; t = (char *)ip; ip = (ip_t *)readhex(s, (char *)ip); - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { if (opts & OPT_ASCII) { if (t < (char *)ip) putchar('\t'); @@ -124,6 +124,8 @@ int cnt, *dir; fflush(stdout); } } + if (feof(tfp)) + return 0; return -1; } diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c index 9b7da653e5ed..e3e2bd34dc0c 100644 --- a/contrib/ipfilter/lib/ipft_pc.c +++ b/contrib/ipfilter/lib/ipft_pc.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp + * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" @@ -13,7 +13,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $"; #endif struct llc { @@ -162,10 +162,19 @@ static int pcap_close() static int pcap_read_rec(rec) struct pcap_pkthdr *rec; { - int n, p; + int n, p, i; + char *s; - if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; + s = (char *)rec; + n = sizeof(*rec); + + while (n > 0) { + i = read(pfd, (char *)rec, sizeof(*rec)); + if (i <= 0) + return -2; + s += i; + n -= i; + } if (swapped) { rec->ph_clen = SWAPLONG(rec->ph_clen); @@ -178,6 +187,8 @@ struct pcap_pkthdr *rec; if (!n || n < 0) return -3; + if (p < 0 || p > 65536) + return -4; return p; } @@ -224,7 +235,7 @@ int cnt, *dir; struct pcap_pkthdr rec; struct llc *l; char *s, ty[4]; - int i, n; + int i, j, n; l = llcp; @@ -238,8 +249,14 @@ int cnt, *dir; bufp = realloc(bufp, i); s = bufp; - if (read(pfd, s, i) != i) - return -2; + for (j = i, n = 0; j > 0; ) { + n = read(pfd, s, j); + if (n <= 0) + return -2; + j -= n; + s += n; + } + s = bufp; i -= l->lc_sz; s += l->lc_to; diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c index 61ce875f5736..5841ed5fe9bd 100644 --- a/contrib/ipfilter/lib/ipft_sn.c +++ b/contrib/ipfilter/lib/ipft_sn.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp + * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $ */ /* @@ -16,7 +16,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $"; #endif struct llc { diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c index e6367ff741dd..758eb5128a8f 100644 --- a/contrib/ipfilter/lib/ipft_td.c +++ b/contrib/ipfilter/lib/ipft_td.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -42,7 +42,7 @@ tcpdump -nqte #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; #endif static int tcpd_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index 2f9cff93caa2..17bc6de67a4e 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -5,11 +5,11 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp + * $Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $"; #endif #include @@ -161,7 +161,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) + if ((opts & OPT_DEBUG) != 0) printf("input: %s\n", line); *ifn = NULL; *dir = 0; @@ -172,6 +172,8 @@ int cnt, *dir; return sizeof(ip_t); #endif } + if (feof(tfp)) + return 0; return -1; } @@ -297,15 +299,22 @@ int *out; char **s, *t; int i; + t = strchr(*cpp, ','); + if (t != NULL) + *t = '\0'; + for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) - if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { + s++, i++) { + if (*s && !strcasecmp(*cpp, *s)) { ic->icmp_type = i; - if ((t = strchr(*cpp, ','))) - ic->icmp_code = atoi(t+1); + if (t != NULL) + ic->icmp_code = atoi(t + 1); cpp++; break; } + } + if (t != NULL) + *t = ','; } if (*cpp && !strcasecmp(*cpp, "opt")) { diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c index 24a58ac4e5ba..5990170759ea 100644 --- a/contrib/ipfilter/lib/ipoptsec.c +++ b/contrib/ipfilter/lib/ipoptsec.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp + * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c index 789219eeacd8..04a64d1aa1a4 100644 --- a/contrib/ipfilter/lib/kmem.c +++ b/contrib/ipfilter/lib/kmem.c @@ -18,7 +18,7 @@ #include #include #include -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51) #include #endif #include @@ -44,12 +44,13 @@ #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)Id: kmem.c,v 1.16.2.1 2004/06/20 10:25:58 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $"; #endif -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \ + !defined(linux) && !defined(_AIX51) /* * For all platforms where there is a libkvm and a kvm_t, we use that... */ diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h index dc29a5290233..c1dd7f9aa013 100644 --- a/contrib/ipfilter/lib/kmem.h +++ b/contrib/ipfilter/lib/kmem.h @@ -4,7 +4,7 @@ * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c index 4a13624db2bc..ff093c922767 100644 --- a/contrib/ipfilter/lib/load_hash.c +++ b/contrib/ipfilter/lib/load_hash.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hash.c,v 1.11.2.2 2005/02/01 02:44:05 darrenr Exp + * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $ */ #include @@ -72,8 +72,8 @@ ioctlfunc_t iocfunc; } } - strncpy(op.iplo_name, iph.iph_name, sizeof(op.iplo_name)); - strncpy(iphp->iph_name, iph.iph_name, sizeof(op.iplo_name)); + strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name)); + strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name)); if (opts & OPT_VERBOSE) { for (a = list; a != NULL; a = a->ipe_next) { diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c index cf422805ea43..083bea8ff974 100644 --- a/contrib/ipfilter/lib/load_hashnode.c +++ b/contrib/ipfilter/lib/load_hashnode.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp + * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c index 65ea05d64528..574cd2c62195 100644 --- a/contrib/ipfilter/lib/load_pool.c +++ b/contrib/ipfilter/lib/load_pool.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_pool.c,v 1.14.2.2 2005/02/01 02:44:06 darrenr Exp + * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $ */ #include @@ -38,7 +38,7 @@ ioctlfunc_t iocfunc; op.iplo_struct = &pool; bzero((char *)&pool, sizeof(pool)); strncpy(pool.ipo_name, plp->ipo_name, sizeof(pool.ipo_name)); - if (*plp->ipo_name == '\0') + if (plp->ipo_name[0] == '\0') op.iplo_arg |= IPOOL_ANON; if ((opts & OPT_REMOVE) == 0) { @@ -49,6 +49,9 @@ ioctlfunc_t iocfunc; } } + if (op.iplo_arg & IPOOL_ANON) + strncpy(pool.ipo_name, op.iplo_name, sizeof(pool.ipo_name)); + if ((opts & OPT_VERBOSE) != 0) { pool.ipo_list = plp->ipo_list; printpool(&pool, bcopywrap, pool.ipo_name, opts); @@ -56,7 +59,7 @@ ioctlfunc_t iocfunc; } for (a = plp->ipo_list; a != NULL; a = a->ipn_next) - load_poolnode(plp->ipo_unit, plp->ipo_name, a, iocfunc); + load_poolnode(plp->ipo_unit, pool.ipo_name, a, iocfunc); if ((opts & OPT_REMOVE) != 0) { if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op)) diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c index eb1748122e87..e8a6fe6bbe64 100644 --- a/contrib/ipfilter/lib/load_poolnode.c +++ b/contrib/ipfilter/lib/load_poolnode.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp + * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/loglevel.c b/contrib/ipfilter/lib/loglevel.c index 4dc875f73517..af5dda822dfc 100644 --- a/contrib/ipfilter/lib/loglevel.c +++ b/contrib/ipfilter/lib/loglevel.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp + * $Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/make_range.c b/contrib/ipfilter/lib/make_range.c index ae576dfde310..716cc5a74cac 100644 --- a/contrib/ipfilter/lib/make_range.c +++ b/contrib/ipfilter/lib/make_range.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp + * $Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c index 5c732b1b1439..d4e637ee4b10 100644 --- a/contrib/ipfilter/lib/nat_setgroupmap.c +++ b/contrib/ipfilter/lib/nat_setgroupmap.c @@ -6,7 +6,7 @@ * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) -static const char rcsid[] = "@(#)Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/lib/natparse.c b/contrib/ipfilter/lib/natparse.c index de5b3887df4b..512eb35e45b3 100644 --- a/contrib/ipfilter/lib/natparse.c +++ b/contrib/ipfilter/lib/natparse.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp $"; #endif #include diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c index d56c4d57c303..813a0dfbdf2d 100644 --- a/contrib/ipfilter/lib/optname.c +++ b/contrib/ipfilter/lib/optname.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 890eb537c6cc..7b5c3c60511b 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp + * $Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c index 8f3330582459..086496d5691f 100644 --- a/contrib/ipfilter/lib/optprintv6.c +++ b/contrib/ipfilter/lib/optprintv6.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp + * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c index b30e030f3af6..3609448e6312 100644 --- a/contrib/ipfilter/lib/optvalue.c +++ b/contrib/ipfilter/lib/optvalue.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/parse.c b/contrib/ipfilter/lib/parse.c index 30fc117f3fad..8bb121cb2fc1 100644 --- a/contrib/ipfilter/lib/parse.c +++ b/contrib/ipfilter/lib/parse.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp + * $Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp $ */ #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c index 0709fc5766ec..4bf1c09a5bde 100644 --- a/contrib/ipfilter/lib/portname.c +++ b/contrib/ipfilter/lib/portname.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp + * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/portnum.c b/contrib/ipfilter/lib/portnum.c index c290c93fb412..f80f86d42c93 100644 --- a/contrib/ipfilter/lib/portnum.c +++ b/contrib/ipfilter/lib/portnum.c @@ -6,7 +6,7 @@ * See the IPFILTER.LICENCE file for details on licencing. * * - * Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/ports.c b/contrib/ipfilter/lib/ports.c index deee05ea96a3..22308053d1d7 100644 --- a/contrib/ipfilter/lib/ports.c +++ b/contrib/ipfilter/lib/ports.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c index be6eaec7a565..443100466437 100644 --- a/contrib/ipfilter/lib/print_toif.c +++ b/contrib/ipfilter/lib/print_toif.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp + * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c index 78b0ed91d215..2155378970c2 100644 --- a/contrib/ipfilter/lib/printactivenat.c +++ b/contrib/ipfilter/lib/printactivenat.c @@ -12,7 +12,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c index df69a7b0e25d..235a5fdd42bf 100644 --- a/contrib/ipfilter/lib/printaps.c +++ b/contrib/ipfilter/lib/printaps.c @@ -13,7 +13,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c index fa24fbe1620a..1f0763efffc0 100644 --- a/contrib/ipfilter/lib/printbuf.c +++ b/contrib/ipfilter/lib/printbuf.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index a7ab1d217303..fb267950340d 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfr.c,v 1.43.2.10 2005/03/16 15:38:13 darrenr Exp + * $Id: printfr.c,v 1.43.2.15 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -22,7 +22,7 @@ u_32_t *addr, *mask; switch (type) { case FRI_BROADCAST : - suffix = "/bcast"; + suffix = "bcast"; break; case FRI_DYNAMIC : @@ -32,15 +32,15 @@ u_32_t *addr, *mask; break; case FRI_NETWORK : - suffix = "/net"; + suffix = "net"; break; case FRI_NETMASKED : - suffix = "/netmasked"; + suffix = "netmasked"; break; case FRI_PEERADDR : - suffix = "/peer"; + suffix = "peer"; break; case FRI_LOOKUP : @@ -107,6 +107,9 @@ ioctlfunc_t iocfunc; if ((fp->fr_type & FR_T_BUILTIN) != 0) printf("# Builtin: "); + if (fp->fr_collect != 0) + printf("%u ", fp->fr_collect); + if (fp->fr_type == FR_T_CALLFUNC) { ; } else if (fp->fr_func != NULL) { @@ -189,12 +192,11 @@ ioctlfunc_t iocfunc; if (*fp->fr_ifnames[2]) { printifname("", fp->fr_ifnames[2], fp->fr_ifas[2]); - putchar(' '); - if (*fp->fr_ifnames[3]) { printifname(",", fp->fr_ifnames[3], fp->fr_ifas[3]); } + putchar(' '); } } @@ -208,10 +210,10 @@ ioctlfunc_t iocfunc; pr = -1; } else if (fp->fr_mip.fi_p) { pr = fp->fr_ip.fi_p; - if ((p = getprotobynumber(fp->fr_proto))) - printf("proto %s ", p->p_name); - else - printf("proto %d ", fp->fr_proto); + p = getprotobynumber(pr); + printf("proto "); + printproto(p, pr, NULL); + putchar(' '); } } @@ -370,6 +372,35 @@ ioctlfunc_t iocfunc; if (!(fp->fr_flx & FI_OOW)) printf("not "); printf("oow"); + comma = ","; + } + if (fp->fr_mflx & FI_MBCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MBCAST)) + printf("not "); + printf("mbcast"); + comma = ","; + } + if (fp->fr_mflx & FI_BROADCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_BROADCAST)) + printf("not "); + printf("bcast"); + comma = ","; + } + if (fp->fr_mflx & FI_MULTICAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MULTICAST)) + printf("not "); + printf("mcast"); + comma = ","; + } + if (fp->fr_mflx & FI_STATE) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_STATE)) + printf("not "); + printf("state"); + comma = ","; } } @@ -410,8 +441,8 @@ ioctlfunc_t iocfunc; if (fp->fr_flags & (FR_FRSTRICT)) { printf(" ("); if (fp->fr_flags & FR_FRSTRICT) - printf(" strict"); - printf(" )"); + printf("strict"); + printf(")"); } } diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c index 461d49748d49..05c03992452a 100644 --- a/contrib/ipfilter/lib/printfraginfo.c +++ b/contrib/ipfilter/lib/printfraginfo.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp + * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c index d4ffd443d47b..cb5f8e7498a5 100644 --- a/contrib/ipfilter/lib/printhostmap.c +++ b/contrib/ipfilter/lib/printhostmap.c @@ -6,8 +6,11 @@ void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { + struct in_addr in; + printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); - printf("%s ", inet_ntoa(hmp->hm_mapip)); + in.s_addr = htonl(hmp->hm_mapip.s_addr); + printf("%s ", inet_ntoa(in)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c index 05121c3c7975..19f87a6c242d 100644 --- a/contrib/ipfilter/lib/printhostmask.c +++ b/contrib/ipfilter/lib/printhostmask.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp + * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c index 8726e625d5bd..bc74a3468524 100644 --- a/contrib/ipfilter/lib/printifname.c +++ b/contrib/ipfilter/lib/printifname.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c index 01b06bd004bc..8841f0a94f32 100644 --- a/contrib/ipfilter/lib/printip.c +++ b/contrib/ipfilter/lib/printip.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp + * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index c255cf1a65f5..31399204c7fb 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printlog.c,v 1.6 2002/01/28 06:50:47 darrenr Exp + * $Id: printlog.c,v 1.6.4.1 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -27,12 +27,9 @@ frentry_t *fp; printf(" or-block"); if (fp->fr_loglevel != 0xffff) { printf(" level "); - if (fp->fr_loglevel & LOG_FACMASK) { - s = fac_toname(fp->fr_loglevel); - if (s == NULL) - s = "!!!"; - } else - s = ""; + s = fac_toname(fp->fr_loglevel); + if (s == NULL) + s = "!!!"; u = pri_toname(fp->fr_loglevel); if (u == NULL) u = "!!!"; diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c index a477c66c79f0..195b9a98ace2 100644 --- a/contrib/ipfilter/lib/printmask.c +++ b/contrib/ipfilter/lib/printmask.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp + * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index 09056b110709..67b5a279b703 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -13,11 +13,9 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.8 2005/01/12 03:39:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $"; #endif -static void printproto __P((ipnat_t *, struct protoent *)); - /* * Print out a NAT rule */ @@ -53,7 +51,7 @@ int opts; printf(" %s", np->in_ifnames[0]); if ((np->in_ifnames[1][0] != '\0') && (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) { - printf(",%s ", np->in_ifnames[1]); + printf(",%s", np->in_ifnames[1]); } putchar(' '); @@ -102,13 +100,16 @@ int opts; printf(" -> %s", inet_ntoa(np->in_in[0].in4)); if (np->in_flags & IPN_SPLIT) printf(",%s", inet_ntoa(np->in_in[1].in4)); + else if (np->in_inmsk == 0 && np->in_inip == 0) + printf("/0"); if (np->in_flags & IPN_TCPUDP) { if ((np->in_flags & IPN_FIXEDDPORT) != 0) printf(" port = %d", ntohs(np->in_pnext)); else printf(" port %d", ntohs(np->in_pnext)); } - printproto(np, pr); + putchar(' '); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_ROUNDR) printf(" round-robin"); if (np->in_flags & IPN_FRAG) @@ -164,10 +165,7 @@ int opts; } printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); - if (pr != NULL) - fputs(pr->p_name, stdout); - else - printf("%d", np->in_p); + printproto(pr, np->in_p, NULL); } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -178,11 +176,11 @@ int opts; printf("\n\tip modulous %d", np->in_pmax); } else if (np->in_pmin || np->in_pmax) { if (np->in_flags & IPN_ICMPQUERY) { - printf(" icmpidmap"); + printf(" icmpidmap "); } else { - printf(" portmap"); + printf(" portmap "); } - printproto(np, pr); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -194,8 +192,10 @@ int opts; printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) - printproto(np, pr); + } else if (np->in_flags & IPN_TCPUDP || np->in_p) { + putchar(' '); + printproto(pr, np->in_p, np); + } if (np->in_flags & IPN_FRAG) printf(" frag"); @@ -227,21 +227,3 @@ int opts; np->in_tqehead[0], np->in_tqehead[1], np->in_comment); } } - -static void printproto(np, pr) -ipnat_t *np; -struct protoent *pr; -{ - if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) - printf(" tcp/udp"); - else if (np->in_flags & IPN_TCP) - printf(" tcp"); - else if (np->in_flags & IPN_UDP) - printf(" udp"); - else if (np->in_flags & IPN_ICMPQUERY) - printf(" icmp"); - else if (pr != NULL) - printf(" %s", pr->p_name); - else - printf(" %d", np->in_p); -} diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index 4791b08e84c0..7090e383ae19 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printpacket.c,v 1.12.4.1 2005/02/21 05:09:24 darrenr Exp + * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $ */ #include "ipf.h" @@ -52,7 +52,8 @@ struct ip *ip; } tcp = (struct tcphdr *)((char *)ip + (IP_HL(ip) << 2)); - printf("ip %d(%d) %d", ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); + printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), + IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) printf(" @%d", off << 3); printf(" %s", inet_ntoa(ip->ip_src)); diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c index 14854be5254a..3f00db7731fb 100644 --- a/contrib/ipfilter/lib/printportcmp.c +++ b/contrib/ipfilter/lib/printportcmp.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp + * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index 26920523ac7f..c8e238da10cc 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -144,8 +144,8 @@ u_long now; PRINTF("\tpkt_flags & %x(%x) = %x,\t", ips.is_flags & 0xf, ips.is_flags, ips.is_flags >> 4); - PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk, - ips.is_opt); + PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], + ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); diff --git a/contrib/ipfilter/lib/ratoi.c b/contrib/ipfilter/lib/ratoi.c index f6f70811cf2c..078f566bdd42 100644 --- a/contrib/ipfilter/lib/ratoi.c +++ b/contrib/ipfilter/lib/ratoi.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ratoui.c b/contrib/ipfilter/lib/ratoui.c index 0a54cebbabbf..4cf6a5a9cfc8 100644 --- a/contrib/ipfilter/lib/ratoui.c +++ b/contrib/ipfilter/lib/ratoui.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c index fc52a0a71370..a60bdd3c9f44 100644 --- a/contrib/ipfilter/lib/remove_hash.c +++ b/contrib/ipfilter/lib/remove_hash.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c index 271c853c116b..0b2098c0a818 100644 --- a/contrib/ipfilter/lib/remove_hashnode.c +++ b/contrib/ipfilter/lib/remove_hashnode.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c index 2663cb828a26..8fbad2e5cae2 100644 --- a/contrib/ipfilter/lib/remove_pool.c +++ b/contrib/ipfilter/lib/remove_pool.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c index 5a1d6394c642..51649ba73c38 100644 --- a/contrib/ipfilter/lib/remove_poolnode.c +++ b/contrib/ipfilter/lib/remove_poolnode.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp + * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c index 7a57124b8acb..d6b5034ac262 100644 --- a/contrib/ipfilter/lib/tcp_flags.c +++ b/contrib/ipfilter/lib/tcp_flags.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp + * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c index 2e65bdb3d395..e5763d7ff1f9 100644 --- a/contrib/ipfilter/lib/tcpflags.c +++ b/contrib/ipfilter/lib/tcpflags.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp + * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c index 7f2dfb628292..a215c5508b74 100644 --- a/contrib/ipfilter/lib/tcpoptnames.c +++ b/contrib/ipfilter/lib/tcpoptnames.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp + * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/to_interface.c b/contrib/ipfilter/lib/to_interface.c index fb97cee4b99c..34fad266081b 100644 --- a/contrib/ipfilter/lib/to_interface.c +++ b/contrib/ipfilter/lib/to_interface.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp + * $Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c index a2ce683e8fa5..224a81504fe2 100644 --- a/contrib/ipfilter/lib/v6ionames.c +++ b/contrib/ipfilter/lib/v6ionames.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6ionames.c,v 1.1.4.1 2005/01/02 13:08:49 darrenr Exp + * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $ */ #include "ipf.h" @@ -21,6 +21,7 @@ struct ipopt_names v6ionames[] ={ { IPPROTO_AH, 0x000020, 0, "ah" }, { IPPROTO_NONE, 0x000040, 0, "none" }, { IPPROTO_DSTOPTS, 0x000080, 0, "dstopts" }, + { IPPROTO_MOBILITY, 0x000100, 0, "mobility" }, { 0, 0, 0, (char *)NULL } }; diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c index b81ed7a74f6b..a2e013973e5b 100644 --- a/contrib/ipfilter/lib/v6optvalue.c +++ b/contrib/ipfilter/lib/v6optvalue.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp + * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c index cc81516f491c..bd01bcdf1381 100644 --- a/contrib/ipfilter/lib/verbose.c +++ b/contrib/ipfilter/lib/verbose.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp + * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/man/ipf.5 b/contrib/ipfilter/man/ipf.5 index d6b6ac1f8a0c..8bdaedcba229 100644 --- a/contrib/ipfilter/man/ipf.5 +++ b/contrib/ipfilter/man/ipf.5 @@ -57,8 +57,8 @@ port-range = "port" port-num range port-num . flags = "flags" flag { flag } [ "/" flag { flag } ] . with = "with" | "and" . icmp = "icmp-type" icmp-type [ "code" decnumber ] . -return-code = "("icmp-code")" . -keep = "keep" "state" | "keep" "frags" . +return-code = "(" icmp-code ")" . +keep = "keep" "state" [ "(" state-options ")" ] | "keep" "frags" . loglevel = facility"."priority | priority . nummask = host-name [ "/" decnumber ] . @@ -66,7 +66,10 @@ host-name = ipaddr | hostname | "any" . ipaddr = host-num "." host-num "." host-num "." host-num . host-num = digit [ digit [ digit ] ] . port-num = service-name | decnumber . +state-options = state-opts [ "," state-options ] . +state-opts = "age" decnumber [ "/" decnumber ] | "strict" | + "no-icmp-err" | "limit" decnumber | "newisn" | "sync" . withopt = [ "not" | "no" ] opttype [ withopt ] . opttype = "ipopts" | "short" | "frag" | "opt" optname . optname = ipopts [ "," optname ] . diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index df8320af63a8..402195f318e1 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -5,7 +5,7 @@ ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-6bdDoRvx +.B \-6bCdDoRvx ] [ .B \-F input-format @@ -28,6 +28,9 @@ interface .B \-r ] [ +.B \-S + +] [ .B \-T ] @@ -57,6 +60,11 @@ Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. .TP +.B \-C +Force the checksums to be (re)calculated for all packets being input into +\fBipftest\fP. This may be necessary if pcap files from tcpdump are being +fed in where there are partial checksums present due to hardware offloading. +.TP .B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). @@ -168,6 +176,14 @@ Specify the filename from which to read filter rules in \fBipf\fP(5) format. .B \-R Don't attempt to convert IP addresses to hostnames. .TP +.BR \-S \0 +The IP address specifived with this option is used by ipftest to determine +whether a packet should be treated as "input" or "output". If the source +address in an IP packet matches then it is considered to be inbound. If it +does not match then it is considered to be outbound. This is primarily +for use with tcpdump (pcap) files where there is no in/out information +saved with each packet. +.TP .BR \-T \0 This option simulates the run-time changing of IPFilter kernel variables available with the \fB\-T\fP option of \fBipf\fP. diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 48b2a4122941..44ef53a3271c 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -5,7 +5,7 @@ ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS .B ipmon [ -.B \-abDFhnpstvxX +.B \-abBDFhnpstvxX ] [ .B "\-N " ] [ @@ -72,6 +72,9 @@ unreachable message. In order for \fBipmon\fP to properly work, the kernel option \fBIPFILTER_LOG\fP must be turned on in your kernel. Please see \fBoptions(4)\fP for more details. +.LP +\fBipmon\fP reopns its log file(s) and rereads its configuration file +when it receives a SIGHUP signal. .SH OPTIONS .TP .B \-a @@ -82,6 +85,11 @@ are displayed to the same output 'device' (stderr or syslog). For rules which log the body of a packet, generate hex output representing the packet contents after the headers. .TP +.B \-B +Enable logging of the raw, unformatted binary data to the specified +\fI\fP file. This can be read, later, using \fBipmon\fP +with the \fB-f\fP option. +.TP .B \-D Cause ipmon to turn itself into a daemon. Using subshells or backgrounding of ipmon is not required to turn it into an orphan so it can run indefinitely. diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5 index 210f09abca07..6d3f9bcff457 100644 --- a/contrib/ipfilter/man/ipnat.5 +++ b/contrib/ipfilter/man/ipnat.5 @@ -12,9 +12,10 @@ ipmap :: = mapblock | redir | map . map ::= mapit ifname lhs "->" dstipmask [ mapicmp | mapport | mapproxy ] mapoptions . mapblock ::= "map-block" ifname lhs "->" ipmask [ ports ] mapoptions . -redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions . +redir ::= "rdr" ifname rlhs "->" ip [ "," ip ] rdrport rdroptions . lhs ::= ipmask | fromto . +rlhs ::= ipmask dport | fromto . dport ::= "port" portnum [ "-" portnum ] . ports ::= "ports" numports | "auto" . rdrport ::= "port" portnum . diff --git a/contrib/ipfilter/man/ipnat.8 b/contrib/ipfilter/man/ipnat.8 index 87f2da5723db..192c1e74ccd9 100644 --- a/contrib/ipfilter/man/ipnat.8 +++ b/contrib/ipfilter/man/ipnat.8 @@ -35,7 +35,7 @@ enabled. .TP .B \-C delete all entries in the current NAT rule listing (NAT rules) - .TP +.TP .B \-d Enable printing of some extra debugging information. .TP @@ -54,10 +54,10 @@ This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-r -Remove matching NAT rules rather than add them to the internal lists +Remove matching NAT rules rather than add them to the internal lists. .TP .B \-s -Retrieve and display NAT statistics +Retrieve and display NAT statistics. .TP .B \-v Turn verbose mode on. Displays information relating to rule processing diff --git a/contrib/ipfilter/mlfk_rule.c b/contrib/ipfilter/mlfk_rule.c index b5aa0baa9745..5f7aed89a7dd 100644 --- a/contrib/ipfilter/mlfk_rule.c +++ b/contrib/ipfilter/mlfk_rule.c @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp + * $Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp $ */ diff --git a/contrib/ipfilter/opts.h b/contrib/ipfilter/opts.h index 6a9494a9edcc..fa53c8f5fe90 100644 --- a/contrib/ipfilter/opts.h +++ b/contrib/ipfilter/opts.h @@ -5,7 +5,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp + * $Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp $ */ #ifndef __OPTS_H__ diff --git a/contrib/ipfilter/radix.c b/contrib/ipfilter/radix.c index 8bef078dc050..c2d3eaf1ea76 100644 --- a/contrib/ipfilter/radix.c +++ b/contrib/ipfilter/radix.c @@ -103,6 +103,12 @@ static int rn_lexobetter __P((void *, void *)); static struct radix_mask *rn_new_radix_mask __P((struct radix_node *, struct radix_mask *)); static int rn_freenode __P((struct radix_node *, void *)); +#if defined(AIX) && !defined(_KERNEL) +struct radix_node *rn_match __P((void *, struct radix_node_head *)); +struct radix_node *rn_addmask __P((int, int, void *)); +#define FreeS(x, y) KFREES(x, y) +#define Bcopy(x, y, z) bcopy(x, y, z) +#endif /* * The data structure for the keys is a radix tree with one way diff --git a/contrib/ipfilter/radix_ipf.h b/contrib/ipfilter/radix_ipf.h index cc046fedb986..294407b612b0 100644 --- a/contrib/ipfilter/radix_ipf.h +++ b/contrib/ipfilter/radix_ipf.h @@ -28,7 +28,7 @@ * @(#)radix.h 8.2 (Berkeley) 10/31/94 */ -#ifndef _NET_RADIX_H_ +#if !defined(_NET_RADIX_H_) && !defined(_RADIX_H_) #define _NET_RADIX_H_ #ifndef _RADIX_H_ #define _RADIX_H_ @@ -42,7 +42,7 @@ # endif #endif -#ifdef __sgi +#if defined(__sgi) # define radix_mask ipf_radix_mask # define radix_node ipf_radix_node # define radix_node_head ipf_radix_node_head @@ -146,6 +146,12 @@ struct radix_node_head { }; +#if defined(AIX) +# undef Bcmp +# undef Bzero +# undef R_Malloc +# undef Free +#endif #define Bcmp(a, b, n) bcmp(((caddr_t)(a)), ((caddr_t)(b)), (unsigned)(n)) #if defined(linux) && defined(_KERNEL) # define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) @@ -157,7 +163,7 @@ struct radix_node_head { #define FreeS(p, z) KFREES(p, z) #define Free(p) KFREE(p) -#if (defined(__osf__) || (IRIX >= 60516)) && defined(_KERNEL) +#if (defined(__osf__) || defined(AIX) || (IRIX >= 60516)) && defined(_KERNEL) # define rn_init ipf_rn_init # define rn_fini ipf_rn_fini # define rn_inithead ipf_rn_inithead diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c index c1854b512804..fcf000f75915 100644 --- a/contrib/ipfilter/samples/proxy.c +++ b/contrib/ipfilter/samples/proxy.c @@ -94,8 +94,8 @@ char *argv[]; natlook.nl_outip = sin.sin_addr; natlook.nl_inip = sloc.sin_addr; natlook.nl_flags = IPN_TCP; - natlook.nl_outport = ntohs(sin.sin_port); - natlook.nl_inport = ntohs(sloc.sin_port); + natlook.nl_outport = sin.sin_port; + natlook.nl_inport = sloc.sin_port; /* * Open the NAT device and lookup the mapping pair. diff --git a/contrib/ipfilter/samples/relay.c b/contrib/ipfilter/samples/relay.c index f775cbdc410e..ac5c60243b8f 100644 --- a/contrib/ipfilter/samples/relay.c +++ b/contrib/ipfilter/samples/relay.c @@ -18,9 +18,9 @@ #include #include #include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ip_nat.h" +#include "netinet/ip_compat.h" +#include "netinet/ip_fil.h" +#include "netinet/ip_nat.h" #include "netinet/ipl.h" #define RELAY_BUFSZ 8192 diff --git a/contrib/ipfilter/snoop.h b/contrib/ipfilter/snoop.h index 97fa767eac38..3cb54b99cc3f 100644 --- a/contrib/ipfilter/snoop.h +++ b/contrib/ipfilter/snoop.h @@ -11,7 +11,7 @@ /* * written to comply with the RFC (1761) from Sun. - * Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp + * $Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp $ */ struct snoophdr { char s_id[8]; diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index e9af9443754b..c59bbed4909c 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -21,7 +21,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index 47113c79f017..302b9cc0f876 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -59,7 +59,7 @@ static struct wordtab icmpcodewords[17]; static struct wordtab icmptypewords[16]; static struct wordtab ipv4optwords[25]; static struct wordtab ipv4secwords[9]; -static struct wordtab ipv6optwords[8]; +static struct wordtab ipv6optwords[9]; static struct wordtab logwords[33]; %} @@ -136,6 +136,7 @@ static struct wordtab logwords[33]; %token IPF6_V6HDRS IPFY_IPV6OPT IPFY_IPV6OPT_DSTOPTS IPFY_IPV6OPT_HOPOPTS %token IPFY_IPV6OPT_IPV6 IPFY_IPV6OPT_NONE IPFY_IPV6OPT_ROUTING +%token IPFY_IPV6OPT_MOBILITY IPFY_IPV6OPT_ESP IPFY_IPV6OPT_FRAG %token IPFY_ICMPT_UNR IPFY_ICMPT_ECHO IPFY_ICMPT_ECHOR IPFY_ICMPT_SQUENCH %token IPFY_ICMPT_REDIR IPFY_ICMPT_TIMEX IPFY_ICMPT_PARAMP IPFY_ICMPT_TIMEST @@ -1026,7 +1027,7 @@ codelist: icmpcode { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) } | codelist lmore icmpcode - { DOREM(fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } + { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } ; age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ @@ -1086,6 +1087,7 @@ stateopt: | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) } | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) } + age; ; portnum: @@ -1102,15 +1104,14 @@ portnum: ; withlist: - withopt - | withlist withopt - | withlist ',' withopt + withopt { nowith = 0; } + | withlist withopt { nowith = 0; } + | withlist ',' withopt { nowith = 0; } ; withopt: opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) } - | notwith opttype - { DOALL(fr->fr_mflx |= $2;) } + | notwith opttype { DOALL(fr->fr_mflx |= $2;) } | ipopt ipopts { yyresetdict(); } | notwith ipopt ipopts { yyresetdict(); } | startv6hdrs ipv6hdrs { yyresetdict(); } @@ -1268,12 +1269,13 @@ setsecclass: ipv6hdr: IPFY_AH { $$ = getv6optbyvalue(IPPROTO_AH); } | IPFY_IPV6OPT_DSTOPTS { $$ = getv6optbyvalue(IPPROTO_DSTOPTS); } - | IPFY_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } + | IPFY_IPV6OPT_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } | IPFY_IPV6OPT_HOPOPTS { $$ = getv6optbyvalue(IPPROTO_HOPOPTS); } | IPFY_IPV6OPT_IPV6 { $$ = getv6optbyvalue(IPPROTO_IPV6); } | IPFY_IPV6OPT_NONE { $$ = getv6optbyvalue(IPPROTO_NONE); } | IPFY_IPV6OPT_ROUTING { $$ = getv6optbyvalue(IPPROTO_ROUTING); } - | IPFY_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_MOBILITY { $$ = getv6optbyvalue(IPPROTO_MOBILITY); } ; level: IPFY_LEVEL { setsyslog(); } @@ -1435,6 +1437,7 @@ static struct wordtab ipfwords[95] = { { "mask", IPFY_MASK }, { "match-tag", IPFY_MATCHTAG }, { "mbcast", IPFY_MBCAST }, + { "mcast", IPFY_MULTICAST }, { "multicast", IPFY_MULTICAST }, { "nat", IPFY_NAT }, { "ne", YY_CMP_NE }, @@ -1574,12 +1577,13 @@ static struct wordtab ipv4secwords[9] = { { NULL, 0 }, }; -static struct wordtab ipv6optwords[8] = { +static struct wordtab ipv6optwords[9] = { { "dstopts", IPFY_IPV6OPT_DSTOPTS }, - { "esp", IPFY_ESP }, - { "frag", IPFY_FRAG }, + { "esp", IPFY_IPV6OPT_ESP }, + { "frag", IPFY_IPV6OPT_FRAG }, { "hopopts", IPFY_IPV6OPT_HOPOPTS }, { "ipv6", IPFY_IPV6OPT_IPV6 }, + { "mobility", IPFY_IPV6OPT_MOBILITY }, { "none", IPFY_IPV6OPT_NONE }, { "routing", IPFY_IPV6OPT_ROUTING }, { NULL, 0 }, @@ -1826,8 +1830,7 @@ char *phrase; fr->fr_v = v; fr->fr_type = FR_T_BPFOPC; - if (!strncmp(phrase, "\"0x", 2)) { - phrase++; + if (!strncmp(phrase, "0x", 2)) { fb = malloc(sizeof(fakebpf_t)); for (i = 0, s = strtok(phrase, " \r\n\t"); s != NULL; diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index de60f6901315..a16e87bab445 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index 0ce970cb22a2..8cf03edc8cd3 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -70,7 +70,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.11 2005/03/30 14:09:57 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.13 2005/10/17 17:26:32 darrenr Exp $"; #endif #ifdef __hpux @@ -1008,10 +1008,11 @@ int topclosed; { char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE]; int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT; - int i, j, winy, tsentry, maxx, maxy, redraw = 0; + int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0; int len, srclen, dstlen, forward = 1, c = 0; ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; + const char *errstr = ""; ipstate_t ips; ipfobj_t ipfo; struct timeval selecttimeout; @@ -1051,8 +1052,9 @@ int topclosed; /* get state table */ bzero((char *)&ipsst, sizeof(ipsst)); if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { - perror("ioctl(SIOCGETFS)"); - exit(-1); + errstr = "ioctl(SIOCGETFS)"; + ret = -1; + goto out; } /* clear the history */ @@ -1416,12 +1418,15 @@ int topclosed; } } /* while */ +out: printw("\n"); curs_set(1); - nocbreak(); + /* nocbreak(); XXX - endwin() should make this redundant */ endwin(); free(tstable); + if (ret != 0) + perror(errstr); } #endif @@ -1612,7 +1617,9 @@ static char *getip(v, addr) int v; i6addr_t *addr; { +#ifdef USE_INET6 static char hostbuf[MAXHOSTNAMELEN+1]; +#endif if (v == 4) return inet_ntoa(addr->in4); diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index 6dbf21fc336c..bbc8bbf5bbf8 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -12,7 +12,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipftest.c,v 1.44.2.3 2005/02/01 02:41:24 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.7 2005/12/07 08:29:19 darrenr Exp $"; #endif extern char *optarg; @@ -22,13 +22,15 @@ extern struct ifnet *get_unit __P((char *, int)); extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; +extern hostmap_t **maptable; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; -ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw; +ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int opts = OPT_DONOTHING; int use_inet6 = 0; +int docksum = 0; int pfil_delayed_copy = 0; int main __P((int, char *[])); int loadrules __P((char *, int)); @@ -77,6 +79,7 @@ char *argv[]; { char *datain, *iface, *ifname, *logout; int fd, i, dir, c, loaded, dump, hlen; + struct in_addr sip; struct ifnet *ifp; struct ipread *r; mb_t mb, *m; @@ -90,21 +93,23 @@ char *argv[]; r = &iptext; iface = NULL; logout = NULL; - ifname = "anon0"; datain = NULL; + sip.s_addr = 0; + ifname = "anon0"; MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock"); RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex"); RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); initparse(); if (fr_initialise() == -1) abort(); fr_running = 1; - while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) + while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1) switch (c) { case '6' : @@ -121,6 +126,9 @@ char *argv[]; case 'd' : opts |= OPT_DEBUG; break; + case 'C' : + docksum = 1; + break; case 'D' : dump = 1; break; @@ -147,21 +155,6 @@ char *argv[]; case 'l' : logout = optarg; break; - case 'o' : - opts |= OPT_SAVEOUT; - break; - case 'r' : - if (ipf_parsefile(-1, ipf_addrule, iocfunctions, - optarg) == -1) - return -1; - loaded = 1; - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; case 'N' : if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, optarg) == -1) @@ -169,14 +162,32 @@ char *argv[]; loaded = 1; opts |= OPT_NAT; break; + case 'o' : + opts |= OPT_SAVEOUT; + break; case 'P' : if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) return -1; loaded = 1; break; + case 'r' : + if (ipf_parsefile(-1, ipf_addrule, iocfunctions, + optarg) == -1) + return -1; + loaded = 1; + break; + case 'S' : + sip.s_addr = inet_addr(optarg); + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; case 'T' : ipf_dotuning(-1, optarg, ipftestioctl); break; + case 'v' : + opts |= OPT_VERBOSE; + break; case 'x' : opts |= OPT_HEX; break; @@ -207,9 +218,11 @@ char *argv[]; if (!use_inet6) { ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - if (r->r_flags & R_DO_CKSUM) + if ((r->r_flags & R_DO_CKSUM) || docksum) fixv4sums(m, ip); hlen = IP_HL(ip) << 2; + if (sip.s_addr) + dir = !(sip.s_addr == ip->ip_src.s_addr); } #ifdef USE_INET6 else @@ -283,6 +296,9 @@ char *argv[]; } m = &mb; } + + if (i != 0) + fprintf(stderr, "readip failed: %d\n", i); (*r->r_close)(); if (logout != NULL) { @@ -617,6 +633,8 @@ void dumpnat() { ipnat_t *ipn; nat_t *nat; + hostmap_t *hm; + int i; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) @@ -627,6 +645,12 @@ void dumpnat() if (nat->nat_aps) printaps(nat->nat_aps, opts); } + + printf("\nHostmap table:\n"); + for (i = 0; i < ipf_hostmap_sz; i++) { + for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) + printhostmap(hm, i); + } } @@ -764,6 +788,10 @@ ip_t *ip; hdr = csump; csump += offsetof(udphdr_t, uh_sum); break; + case IPPROTO_ICMP : + hdr = csump; + csump += offsetof(icmphdr_t, icmp_cksum); + break; default : csump = NULL; hdr = NULL; diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index 06ade23a83ee..ec76acaa7b3c 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -78,7 +78,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.8 2004/12/09 19:41:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $"; #endif @@ -420,6 +420,14 @@ static void init_tabs() p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); +#if defined(_AIX51) + if (protocols[0]) + free(protocols[0]); + if (protocols[252]) + free(protocols[252]); + protocols[0] = "ip"; + protocols[252] = NULL; +#endif } if (udp_ports != NULL) { @@ -1024,7 +1032,8 @@ int blen; (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); t += strlen(t); #endif -#if (defined(__sgi) || defined(__powerpc__) || defined(__arm__)) +#if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \ + defined(__arm__) if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0')) #else if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0')) diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index 7b002812e669..5ebea45b2aa1 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -67,7 +67,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipnat.c,v 1.24.2.1 2004/04/28 17:56:22 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index 5f7ec8cf42f1..53cbbaf72980 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -160,8 +160,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -188,8 +186,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -306,6 +302,11 @@ rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } dip: hostname { nat->in_inip = $1.s_addr; nat->in_inmsk = 0xffffffff; } + | hostname '/' YY_NUMBER { if ($3 != 0 || $1.s_addr != 0) + yyerror("Only 0/0 supported"); + nat->in_inip = 0; + nat->in_inmsk = 0; + } | hostname ',' hostname { nat->in_flags |= IPN_SPLIT; nat->in_inip = $1.s_addr; nat->in_inmsk = $3.s_addr; } @@ -454,11 +455,11 @@ addr: IPNY_ANY { $$.a.s_addr = 0; $$.m.s_addr = 0; } $$.a.s_addr &= $$.m.s_addr; } | hostname '/' ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } | hostname IPNY_MASK ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } ; @@ -471,7 +472,7 @@ nummask: portstuff: compare portspec { $$.pc = $1; $$.p1 = $2; } - | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; } + | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } ; mapoptions: diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index da9065ecd1d8..3e0c1e22ec24 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index cd79e1ac3b48..72da15b98023 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp $"; #endif #include #include