| From: | Hiten Pandya <hmp@xxxxxxxxxxxxxxxxxxxxxxx> |
| Date: | Tue, 27 Jul 2004 17:22:38 -0700 (PDT) |
hmp 2004/07/27 17:22:38 PDT
DragonFly src repository
Modified files:
contrib/ipfilter HISTORY Makefile common.c fils.c
ip_sfil.c ipf.c ipf.h ipfs.c ipft_ef.c
ipft_td.c ipmon.c ipnat.c ipt.c kmem.c
mln_ipl.c natparse.c parse.c printnat.c
printstate.c
contrib/ipfilter/BSD kupgrade
contrib/ipfilter/iplang iplang_l.l
contrib/ipfilter/ipsend ipsend.1 ipsend.c ipsopt.c
contrib/ipfilter/man ipf.5 ipf.8 ipfstat.8 ipl.4 ipmon.8
ipnat.5
contrib/ipfilter/test Makefile dotest dotest6 hextest intest
itest logtest mhtest mtest natipftest
nattest
contrib/ipfilter/test/expected in1 ni1 ni2 ni3 ni4 ni5
contrib/ipfilter/test/input f13 f17 ni1 ni2 ni3 ni4 ni5
contrib/ipfilter/test/regress in1
sbin/ipf Makefile
sbin/ipfstat Makefile
sbin/ipnat Makefile
sys/contrib/ipfilter/netinet fil.c ip_compat.h ip_fil.c
ip_fil.h ip_frag.c ip_frag.h
ip_ftp_pxy.c ip_log.c ip_nat.c
ip_nat.h ip_raudio_pxy.c
ip_rcmd_pxy.c ip_state.c
ip_state.h ipl.h
sys/net/ipfilter Makefile
usr.sbin/ipftest Makefile
usr.sbin/ipresend Makefile
usr.sbin/ipsend Makefile
usr.sbin/iptest Makefile
Removed files:
contrib/ipfilter fil.c ip_auth.c ip_auth.h ip_compat.h
ip_fil.c ip_fil.h ip_frag.c ip_frag.h
ip_ftp_pxy.c ip_log.c ip_nat.c ip_nat.h
ip_proxy.c ip_proxy.h ip_raudio_pxy.c
ip_rcmd_pxy.c ip_state.c ip_state.h ipl.h
mlfk_ipl.c
Log:
Major cleanup of the base IPFilter:
o Vendor's ChangeLog available in src/contrib/ipfilter/HISTORY.
o Update kernel and userland to version 3.4.35, major changes:
* only allow non-fragmented packets to influence whether or
not a logged packet is the same as the one logged before.
* block packets that fail to create stable entries.
* correct the ICMP packet checksum fixing up when processing
ICMP errors for NAT.
* implement a maximum for the number of entries in the NAT
table (NAT_TABLE_MAX and ipf_nattable_max).
* frsynclist() wasn't paying attention to all places where
interface names are, like it should.
* fix comparison of ICMP packets with established TCP state
where only 8 bytes of header are returned in the ICMP
error.
o Following files were removed from under src/contrib/ipfilter,
because they were redundant:
fil.c ip_auth.c ip_auth.h ip_compat.h ip_fil.c ip_fil.h
ip_frag.c ip_frag.h ip_ftp_pxy.c ip_log.c ip_nat.c
ip_nat.h ip_proxy.c ip_proxy.h ip_raudio_pxy.c ip_rcmd_pxy.c
ip_state.c ip_state.h ipl.h mlfk_ipl.c
o Cast interface numbers to u_int instead of u_char, so that
big numbered units don't get truncated. More information on
this problem can be found at FreeBSD GNATS, PR kern/64584.
o Compile INET6 support into ipfilter unless NOINET6 is defined
as Make variable.
o Update $FreeBSD$ CVS ID tags.
o Adjust minor style(9) changes, like prototypes, etc.
Tested by David Rhodus, Chris Beuchler and Chris Pressey.
Reviewed-by: Darren Reed <darrenr@xxxxxxxxxxx> (earlier version)
Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Revision Changes Path
1.2 +81 -0 src/contrib/ipfilter/HISTORY
1.2 +29 -3 src/contrib/ipfilter/Makefile
1.2 +14 -14 src/contrib/ipfilter/common.c
1.2 +41 -40 src/contrib/ipfilter/fils.c
1.2 +4 -5 src/contrib/ipfilter/ip_sfil.c
1.2 +189 -67 src/contrib/ipfilter/ipf.c
1.2 +2 -2 src/contrib/ipfilter/ipf.h
1.2 +45 -28 src/contrib/ipfilter/ipfs.c
1.2 +3 -3 src/contrib/ipfilter/ipft_ef.c
1.2 +6 -5 src/contrib/ipfilter/ipft_td.c
1.3 +11 -9 src/contrib/ipfilter/ipmon.c
1.2 +72 -29 src/contrib/ipfilter/ipnat.c
1.3 +30 -4 src/contrib/ipfilter/ipt.c
1.3 +7 -5 src/contrib/ipfilter/kmem.c
1.2 +2 -0 src/contrib/ipfilter/mln_ipl.c
1.2 +128 -22 src/contrib/ipfilter/natparse.c
1.2 +88 -11 src/contrib/ipfilter/parse.c
1.2 +8 -3 src/contrib/ipfilter/printnat.c
1.2 +8 -4 src/contrib/ipfilter/printstate.c
1.2 +3 -0 src/contrib/ipfilter/BSD/kupgrade
1.2 +3 -2 src/contrib/ipfilter/iplang/iplang_l.l
1.2 +1 -1 src/contrib/ipfilter/ipsend/ipsend.1
1.3 +68 -17 src/contrib/ipfilter/ipsend/ipsend.c
1.2 +5 -2 src/contrib/ipfilter/ipsend/ipsopt.c
1.3 +8 -8 src/contrib/ipfilter/man/ipf.5
1.3 +2 -2 src/contrib/ipfilter/man/ipf.8
1.3 +3 -3 src/contrib/ipfilter/man/ipfstat.8
1.2 +1 -1 src/contrib/ipfilter/man/ipl.4
1.3 +5 -3 src/contrib/ipfilter/man/ipmon.8
1.2 +13 -13 src/contrib/ipfilter/man/ipnat.5
1.2 +3 -2 src/contrib/ipfilter/test/Makefile
1.2 +1 -1 src/contrib/ipfilter/test/dotest
1.2 +2 -2 src/contrib/ipfilter/test/dotest6
1.2 +1 -1 src/contrib/ipfilter/test/hextest
1.2 +1 -1 src/contrib/ipfilter/test/intest
1.2 +1 -1 src/contrib/ipfilter/test/itest
1.2 +6 -6 src/contrib/ipfilter/test/logtest
1.2 +1 -1 src/contrib/ipfilter/test/mhtest
1.2 +1 -1 src/contrib/ipfilter/test/mtest
1.2 +1 -1 src/contrib/ipfilter/test/natipftest
1.2 +1 -1 src/contrib/ipfilter/test/nattest
1.2 +1 -0 src/contrib/ipfilter/test/expected/in1
1.2 +3 -2 src/contrib/ipfilter/test/expected/ni1
1.2 +9 -9 src/contrib/ipfilter/test/expected/ni2
1.2 +3 -3 src/contrib/ipfilter/test/expected/ni3
1.2 +3 -3 src/contrib/ipfilter/test/expected/ni4
1.2 +19 -19 src/contrib/ipfilter/test/expected/ni5
1.2 +13 -13 src/contrib/ipfilter/test/input/f13
1.2 +16 -16 src/contrib/ipfilter/test/input/f17
1.2 +15 -2 src/contrib/ipfilter/test/input/ni1
1.2 +11 -11 src/contrib/ipfilter/test/input/ni2
1.2 +2 -2 src/contrib/ipfilter/test/input/ni3
1.2 +2 -2 src/contrib/ipfilter/test/input/ni4
1.2 +21 -21 src/contrib/ipfilter/test/input/ni5
1.2 +1 -0 src/contrib/ipfilter/test/regress/in1
1.5 +1 -1 src/sbin/ipf/Makefile
1.5 +3 -3 src/sbin/ipfstat/Makefile
1.5 +2 -2 src/sbin/ipnat/Makefile
1.9 +250 -43 src/sys/contrib/ipfilter/netinet/fil.c
1.11 +10 -7 src/sys/contrib/ipfilter/netinet/ip_compat.h
1.14 +68 -33 src/sys/contrib/ipfilter/netinet/ip_fil.c
1.7 +4 -4 src/sys/contrib/ipfilter/netinet/ip_fil.h
1.6 +24 -5 src/sys/contrib/ipfilter/netinet/ip_frag.c
1.4 +2 -1 src/sys/contrib/ipfilter/netinet/ip_frag.h
1.5 +23 -17 src/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
1.7 +6 -6 src/sys/contrib/ipfilter/netinet/ip_log.c
1.7 +178 -210 src/sys/contrib/ipfilter/netinet/ip_nat.c
1.5 +29 -16 src/sys/contrib/ipfilter/netinet/ip_nat.h
1.4 +2 -8 src/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c
1.5 +1 -4 src/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c
1.7 +85 -53 src/sys/contrib/ipfilter/netinet/ip_state.c
1.4 +3 -2 src/sys/contrib/ipfilter/netinet/ip_state.h
1.3 +3 -3 src/sys/contrib/ipfilter/netinet/ipl.h
1.3 +4 -1 src/sys/net/ipfilter/Makefile
1.8 +5 -12 src/usr.sbin/ipftest/Makefile
1.5 +4 -3 src/usr.sbin/ipresend/Makefile
1.8 +4 -3 src/usr.sbin/ipsend/Makefile
1.5 +4 -3 src/usr.sbin/iptest/Makefile
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/HISTORY.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/Makefile.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/common.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/fils.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ip_sfil.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipf.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipf.h.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipfs.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipft_ef.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipft_td.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipmon.c.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipnat.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipt.c.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/kmem.c.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/mln_ipl.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/natparse.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/parse.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/printnat.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/printstate.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/BSD/kupgrade.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/iplang/iplang_l.l.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipsend/ipsend.1.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipsend/ipsend.c.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/ipsend/ipsopt.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/man/ipf.5.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/man/ipf.8.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/man/ipfstat.8.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/man/ipl.4.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/man/ipmon.8.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/man/ipnat.5.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/Makefile.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/dotest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/dotest6.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/hextest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/intest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/itest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/logtest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/mhtest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/mtest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/natipftest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/nattest.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/expected/in1.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/expected/ni1.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/expected/ni2.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/expected/ni3.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/expected/ni4.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/expected/ni5.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/f13.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/f17.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/ni1.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/ni2.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/ni3.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/ni4.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/input/ni5.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/contrib/ipfilter/test/regress/in1.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/sbin/ipf/Makefile.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/sbin/ipfstat/Makefile.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/sbin/ipnat/Makefile.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/fil.c.diff?r1=1.8&r2=1.9&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_compat.h.diff?r1=1.10&r2=1.11&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_fil.c.diff?r1=1.13&r2=1.14&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_fil.h.diff?r1=1.6&r2=1.7&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_frag.c.diff?r1=1.5&r2=1.6&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_frag.h.diff?r1=1.3&r2=1.4&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_log.c.diff?r1=1.6&r2=1.7&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_nat.c.diff?r1=1.6&r2=1.7&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_nat.h.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c.diff?r1=1.3&r2=1.4&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_state.c.diff?r1=1.6&r2=1.7&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ip_state.h.diff?r1=1.3&r2=1.4&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/contrib/ipfilter/netinet/ipl.h.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/sys/net/ipfilter/Makefile.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/usr.sbin/ipftest/Makefile.diff?r1=1.7&r2=1.8&f=u
http://www.dragonflybsd.org/cvsweb/src/usr.sbin/ipresend/Makefile.diff?r1=1.4&r2=1.5&f=u
http://www.dragonflybsd.org/cvsweb/src/usr.sbin/ipsend/Makefile.diff?r1=1.7&r2=1.8&f=u
http://www.dragonflybsd.org/cvsweb/src/usr.sbin/iptest/Makefile.diff?r1=1.4&r2=1.5&f=u