-# $OpenBSD: HISTORY,v 1.4 2000/02/16 22:34:21 kjell Exp $
+# $OpenBSD: HISTORY,v 1.5 2000/03/13 23:40:19 kjell Exp $
#
# NOTE: Quite a few patches and suggestions come from other sources, to whom
# I'm greatly indebted, even if no names are mentioned.
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+3.3.11 04/03/2000 - Released
+
+make "or-block" work with lines that start with "log"
+
+fix up parsing and printing of rules with syslog levels in them
+
+fix from Cy Schubert for calling of apr_fini only if non-null
+
+3.3.10 24/02/2000 - Released
+
+* fix back from guido for state tracking interfaces
+
+* update for NetBSD pfil interface changes
+
+* if attaching fails and we can abort, then cleanup when doing so.
+
+Julian Yip (julian@computer.org):
+* solaris.c (fr_precheck): After calling freemsg on mt, set it point to *mp.
+* ipf.c (packetlogon): use flag to store the return value from get_flags.
+* ipmon.c (init_tabs): Generate cleanup so we do not have to cast
+ an int s->s_port to u_int port and try to check if the u_int port
+ is less than zero.
+
3.3.9 15/02/2000 - Released
fix scheduling of bad locking in fr_addstate() used when we attach onto
-/* $OpenBSD: facpri.c,v 1.3 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: facpri.c,v 1.4 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: facpri.h,v 1.3 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: facpri.h,v 1.4 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1999 by Darren Reed.
-/* $OpenBSD: ifaddr.c,v 1.3 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: ifaddr.c,v 1.4 2000/03/13 23:40:19 kjell Exp $ */
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-/* $OpenBSD: ifaddr.h,v 1.3 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: ifaddr.h,v 1.4 2000/03/13 23:40:19 kjell Exp $ */
#ifndef __IFADDR_H__
#define __IFADDR_H__
-/* $OpenBSD: ipf.c,v 1.22 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: ipf.c,v 1.23 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipf.c,v 2.2 1999/08/06 15:26:08 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipf.c,v 2.2.2.1 2000/02/16 14:40:39 darrenr Exp $";
#endif
#if SOLARIS
{
int flag, err;
- err = get_flags();
- if (err != 0) {
+ flag = get_flags();
+ if (flag != 0) {
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE)
printf("log flag is currently %#x\n", flag);
}
-/* $OpenBSD: ipf.h,v 1.13 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: ipf.h,v 1.14 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: opt.c,v 1.13 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: opt.c,v 1.14 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: parse.c,v 1.32 2000/02/16 22:34:21 kjell Exp $ */
+/* $OpenBSD: parse.c,v 1.33 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
#if !defined(lint)
static const char sccsid[] = "@(#)parse.c 1.44 6/5/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.1.2.8 2000/01/27 08:49:42 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.1.2.11 2000/03/04 05:19:25 darrenr Exp $";
#endif
extern struct ipopt_names ionames[], secclass[];
int countbits __P((u_32_t));
char *portname __P((int, int));
int ratoi __P((char *, int *, int, int));
+int loglevel __P((char **, u_short *, int));
+void printlog __P((frentry_t *));
#if defined(__OpenBSD__)
extern int if_addr __P((char *, struct in_addr *));
#endif
+
char *proto = NULL;
char flagset[] = "FSRPAU";
u_char flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG };
}
if (!strcasecmp(*(cpp+1), "first")) {
fil.fr_flags |= FR_LOGFIRST;
+ cpp++;
+ }
+ if (*cpp && !strcasecmp(*(cpp+1), "or-block")) {
+ fil.fr_flags |= FR_LOGORBLOCK;
+ cpp++;
}
if (!strcasecmp(*(cpp+1), "level")) {
- int fac, pri;
- char *s;
-
- fac = 0;
- pri = 0;
- if (!*++cpp) {
- fprintf(stderr, "%d: %s\n", linenum,
- "missing identifier after level");
+ cpp++;
+ if (loglevel(cpp, &fil.fr_loglevel, linenum) == -1)
return NULL;
- }
- s = index(*cpp, '.');
- if (s) {
- *s++ = '\0';
- fac = fac_findname(*cpp);
- if (fac == -1) {
- fprintf(stderr, "%d: %s %s\n", linenum,
- "Unknown facility", *cpp);
- return NULL;
- }
- pri = pri_findname(s);
- if (pri == -1) {
- fprintf(stderr, "%d: %s %s\n", linenum,
- "Unknown priority", s);
- return NULL;
- }
- } else {
- pri = pri_findname(*cpp);
- if (pri == -1) {
- fprintf(stderr, "%d: %s %s\n", linenum,
- "Unknown priority", *cpp);
- return NULL;
- }
- }
- fil.fr_loglevel = fac|pri;
cpp++;
}
} else {
fil.fr_loglevel = fac|pri;
cpp++;
}
+ if (*cpp && !strcasecmp(*cpp, "level")) {
+ if (loglevel(cpp, &fil.fr_loglevel, linenum) == -1)
+ return NULL;
+ cpp++;
+ cpp++;
+ }
}
if (*cpp && !strcasecmp("quick", *cpp)) {
}
+int loglevel(cpp, facpri, linenum)
+char **cpp;
+u_short *facpri;
+int linenum;
+{
+ int fac, pri;
+ char *s;
+
+ fac = 0;
+ pri = 0;
+ if (!*++cpp) {
+ fprintf(stderr, "%d: %s\n", linenum,
+ "missing identifier after level");
+ return -1;
+ }
+
+ s = index(*cpp, '.');
+ if (s) {
+ *s++ = '\0';
+ fac = fac_findname(*cpp);
+ if (fac == -1) {
+ fprintf(stderr, "%d: %s %s\n", linenum,
+ "Unknown facility", *cpp);
+ return -1;
+ }
+ pri = pri_findname(s);
+ if (pri == -1) {
+ fprintf(stderr, "%d: %s %s\n", linenum,
+ "Unknown priority", s);
+ return -1;
+ }
+ } else {
+ pri = pri_findname(*cpp);
+ if (pri == -1) {
+ fprintf(stderr, "%d: %s %s\n", linenum,
+ "Unknown priority", *cpp);
+ return -1;
+ }
+ }
+ *facpri = fac|pri;
+ return 0;
+}
+
+
int to_interface(fdp, to, linenum)
frdest_t *fdp;
char *to;
}
(*cp)++;
+ if (!**cp) {
+ fprintf(stderr, "%d: Missing state/frag after keep\n",
+ linenum);
+ return -1;
+ }
+
if (**cp && strcasecmp(**cp, "state") && strcasecmp(**cp, "frags")) {
fprintf(stderr, "%d: Unrecognised state keyword \"%s\"\n",
linenum, **cp);
"<>", "><"};
struct protoent *p;
int ones = 0, pr;
- char *s, *u;
+ char *s;
u_char *t;
u_short sec[2];
} else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
printf(" return-rst");
} else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) {
- printf("log");
- if (fp->fr_flags & FR_LOGBODY)
- printf(" body");
- if (fp->fr_flags & FR_LOGFIRST)
- printf(" first");
+ printlog(fp);
} else if (fp->fr_flags & FR_ACCOUNT)
printf("count");
else if (fp->fr_flags & FR_AUTH)
if (((fp->fr_flags & FR_LOGB) == FR_LOGB) ||
((fp->fr_flags & FR_LOGP) == FR_LOGP)) {
- printf("log ");
- if (fp->fr_flags & FR_LOGBODY)
- printf("body ");
- if (fp->fr_flags & FR_LOGFIRST)
- printf("first ");
- if (fp->fr_flags & FR_LOGORBLOCK)
- printf("or-block ");
- if (fp->fr_loglevel != 0xffff) {
- if (fp->fr_loglevel & LOG_FACMASK) {
- s = fac_toname(fp->fr_loglevel);
- if (s == NULL)
- s = "!!!";
- } else
- s = "";
- u = pri_toname(fp->fr_loglevel);
- if (u == NULL)
- u = "!!!";
- if (*s)
- printf("level %s.%s ", s, u);
- else
- printf("level %s ", u);
- }
-
+ printlog(fp);
+ putchar(' ');
}
if (fp->fr_flags & FR_QUICK)
printf("quick ");
}
+void printlog(fp)
+frentry_t *fp;
+{
+ char *s, *u;
+
+ printf("log");
+ if (fp->fr_flags & FR_LOGBODY)
+ printf(" body");
+ if (fp->fr_flags & FR_LOGFIRST)
+ printf(" first");
+ if (fp->fr_flags & FR_LOGORBLOCK)
+ printf(" or-block");
+ if (fp->fr_loglevel != 0xffff) {
+ printf(" level ");
+ if (fp->fr_loglevel & LOG_FACMASK) {
+ s = fac_toname(fp->fr_loglevel);
+ if (s == NULL)
+ s = "!!!";
+ } else
+ s = "";
+ u = pri_toname(fp->fr_loglevel);
+ if (u == NULL)
+ u = "!!!";
+ if (*s)
+ printf("%s.%s", s, u);
+ else
+ printf("%s", u);
+ }
+}
+
+
int ratoi(ps, pi, min, max)
char *ps;
int *pi, min, max;
-/* $OpenBSD: fils.c,v 1.19 2000/02/16 22:34:22 kjell Exp $ */
+/* $OpenBSD: fils.c,v 1.20 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: fils.c,v 2.2.2.5 2000/01/27 08:49:40 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: fils.c,v 2.2.2.6 2000/02/23 11:16:35 darrenr Exp $";
#endif
#define F_IN 0
fp->f_st[0].fr_notip, fp->f_st[1].fr_notip);
printf(" bad packets:\t\tin %lu\tout %lu\n",
fp->f_st[0].fr_bad, fp->f_st[1].fr_bad);
+ printf("copied messages:\tin %lu\tout %lu\n",
+ fp->f_st[0].fr_copy, fp->f_st[1].fr_copy);
#endif
printf(" input packets:\t\tblocked %lu passed %lu nomatch %lu",
fp->f_st[0].fr_block, fp->f_st[0].fr_pass,
-/* $OpenBSD: kmem.c,v 1.14 2000/02/16 22:34:22 kjell Exp $ */
+/* $OpenBSD: kmem.c,v 1.15 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: kmem.h,v 1.11 2000/02/16 22:34:22 kjell Exp $ */
+/* $OpenBSD: kmem.h,v 1.12 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipnat.c,v 1.35 2000/02/16 22:34:22 kjell Exp $ */
+/* $OpenBSD: ipnat.c,v 1.36 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: natparse.c,v 1.3 2000/02/16 22:34:22 kjell Exp $ */
+/* $OpenBSD: natparse.c,v 1.4 2000/03/13 23:40:19 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: fil.c,v 1.21 2000/02/16 22:34:17 kjell Exp $ */
+/* $OpenBSD: fil.c,v 1.22 2000/03/13 23:40:17 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $";
#endif
#include <sys/errno.h>
#ifdef IPFILTER_LOG
if ((passt & FR_LOGMASK) == FR_LOG) {
if (!IPLLOG(passt, ip, fin, m)) {
+ if (passt & FR_LOGORBLOCK)
+ passt |= FR_BLOCK|FR_QUICK;
ATOMIC_INC(frstats[fin->fin_out].fr_skip);
}
ATOMIC_INC(frstats[fin->fin_out].fr_pkl);
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * $IPFilter: fil.c,v 2.3.2.16 2000/01/27 08:49:37 darrenr Exp $
+ * $IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
-/* $OpenBSD: ip_auth.c,v 1.11 2000/02/16 22:34:17 kjell Exp $ */
+/* $OpenBSD: ip_auth.c,v 1.12 2000/03/13 23:40:17 kjell Exp $ */
/*
* Copyright (C) 1998 by Darren Reed & Guido van Rooij.
-/* $OpenBSD: ip_auth.h,v 1.6 2000/02/16 22:34:18 kjell Exp $ */
+/* $OpenBSD: ip_auth.h,v 1.7 2000/03/13 23:40:17 kjell Exp $ */
/*
* Copyright (C) 1997-1998 by Darren Reed & Guido Van Rooij.
-/* $OpenBSD: ip_fil.c,v 1.31 2000/02/18 07:47:02 kjell Exp $ */
+/* $OpenBSD: ip_fil.c,v 1.32 2000/03/13 23:40:17 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.17 2000/02/10 01:47:28 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.18 2000/02/22 11:40:06 darrenr Exp $";
#endif
#ifndef SOLARIS
{
char *defpass;
int s;
-# ifdef __sgi
- int error;
+# if defined(__sgi) || (defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000))
+ int error = 0;
# endif
SPL_NET(s);
return -1;
# ifdef NETBSD_PF
+# if __NetBSD_Version__ >= 104200000
+ error = pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
+ &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
+ if (error) {
+ appr_unload();
+ ip_natunload();
+ fr_stateunload();
+ return error;
+ }
+# else
pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
+# endif
# endif
# ifdef __sgi
error = ipfilter_sgi_attach();
if (error) {
SPL_X(s);
+ appr_unload();
+ ip_natunload();
+ fr_stateunload();
return error;
}
# endif
int ipldetach()
{
int s, i = FR_INQUE|FR_OUTQUE;
+#if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000)
+ int error = 0;
+#endif
#ifdef _KERNEL
# if (__FreeBSD_version >= 300000)
fr_running = 0;
# ifdef NETBSD_PF
+# if __NetBSD_Version__ >= 104200000
+ error = pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
+ &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
+ if (error)
+ return error;
+# else
pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
+# endif
# endif
# ifdef __sgi
ipfilter_sgi_detach();
# endif
+ appr_unload();
ipfr_unload();
ip_natunload();
fr_stateunload();
-/* $OpenBSD: ip_fil.h,v 1.16 2000/02/16 22:34:18 kjell Exp $ */
+/* $OpenBSD: ip_fil.h,v 1.17 2000/03/13 23:40:17 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
* to the original author and the contributors.
*
* @(#)ip_fil.h 1.35 6/5/96
- * $IPFilter: ip_fil.h,v 2.3.2.7 2000/01/27 08:49:41 darrenr Exp $
+ * $IPFilter: ip_fil.h,v 2.3.2.8 2000/02/23 11:16:36 darrenr Exp $
*/
#ifndef __IP_FIL_H__
u_long fr_bad; /* bad IP packets to the filter */
u_long fr_notip; /* packets passed through no on ip queue */
u_long fr_drop; /* packets dropped - no info for them! */
+ u_long fr_copy; /* messages copied due to db_ref > 1 */
#endif
} filterstats_t;
-/* $OpenBSD: ip_fil_compat.h,v 1.13 2000/02/16 22:34:18 kjell Exp $ */
+/* $OpenBSD: ip_fil_compat.h,v 1.14 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ip_frag.c,v 1.16 2000/02/16 22:34:18 kjell Exp $ */
+/* $OpenBSD: ip_frag.c,v 1.17 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ip_frag.h,v 1.11 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_frag.h,v 1.12 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ip_ftp_pxy.c,v 1.7 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_ftp_pxy.c,v 1.8 2000/03/13 23:40:18 kjell Exp $ */
/*
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
-/* $OpenBSD: ip_log.c,v 1.7 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_log.c,v 1.8 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1997-1998 by Darren Reed.
-/* $OpenBSD: ip_nat.c,v 1.27 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_nat.c,v 1.28 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
-/* $OpenBSD: ip_nat.h,v 1.15 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_nat.h,v 1.16 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
-/* $OpenBSD: ip_proxy.c,v 1.7 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_proxy.c,v 1.8 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1997-1998 by Darren Reed.
* to the original author and the contributors.
*/
#if !defined(lint)
-static const char rcsid[] = "@(#)$IPFilter: ip_proxy.c,v 2.2.2.1 1999/09/19 12:18:19 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_proxy.c,v 2.2.2.3 2000/02/29 22:47:17 darrenr Exp $";
#endif
#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
ap_session_t *ap_sess_list = NULL;
aproxy_t ap_proxies[] = {
#ifdef IPF_FTP_PROXY
- { "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL,
+ { "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL, NULL,
ippr_ftp_in, ippr_ftp_out },
#endif
#ifdef IPF_RCMD_PROXY
- { "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, ippr_rcmd_new,
- NULL, ippr_rcmd_out },
+ { "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, NULL,
+ ippr_rcmd_new, NULL, ippr_rcmd_out },
#endif
#ifdef IPF_RAUDIO_PROXY
- { "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init,
+ { "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, NULL,
ippr_raudio_new, ippr_raudio_in, ippr_raudio_out },
#endif
{ "", '\0', 0, 0, NULL, NULL }
}
return err;
}
+
+
+void appr_unload()
+{
+ aproxy_t *ap;
+
+ for (ap = ap_proxies; ap->apr_p; ap++)
+ if (ap->apr_fini)
+ (*ap->apr_fini)();
+}
-/* $OpenBSD: ip_proxy.h,v 1.6 2000/02/16 22:34:19 kjell Exp $ */
+/* $OpenBSD: ip_proxy.h,v 1.7 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1997-1998 by Darren Reed.
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
- * $IPFilter: ip_proxy.h,v 2.1.2.1 1999/09/19 12:18:20 darrenr Exp $
+ * $IPFilter: ip_proxy.h,v 2.1.2.2 2000/02/22 11:41:15 darrenr Exp $
*/
#ifndef __IP_PROXY_H__
int apr_ref; /* +1 per rule referencing it */
int apr_flags;
int (* apr_init) __P((void));
+ void (* apr_fini) __P((void));
int (* apr_new) __P((fr_info_t *, ip_t *,
ap_session_t *, struct nat *));
int (* apr_inpkt) __P((fr_info_t *, ip_t *,
extern aproxy_t ap_proxies[];
extern int appr_init __P((void));
+extern void appr_unload __P((void));
extern int appr_ok __P((ip_t *, tcphdr_t *, struct ipnat *));
extern void appr_free __P((aproxy_t *));
extern void aps_free __P((ap_session_t *));
-/* $OpenBSD: ip_raudio_pxy.c,v 1.5 2000/02/16 22:34:20 kjell Exp $ */
+/* $OpenBSD: ip_raudio_pxy.c,v 1.6 2000/03/13 23:40:18 kjell Exp $ */
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
-/* $OpenBSD: ip_rcmd_pxy.c,v 1.3 2000/02/16 22:34:20 kjell Exp $ */
+/* $OpenBSD: ip_rcmd_pxy.c,v 1.4 2000/03/13 23:40:18 kjell Exp $ */
/*
* Simple RCMD transparent proxy for in-kernel use. For use with the NAT
-/* $OpenBSD: ip_state.c,v 1.19 2000/02/16 22:34:20 kjell Exp $ */
+/* $OpenBSD: ip_state.c,v 1.20 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.21 2000/02/15 08:04:01 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.22 2000/02/23 15:23:24 darrenr Exp $";
#endif
#include <sys/errno.h>
pass = fr_flags;
WRITE_ENTER(&ipf_state);
- is->is_rout = pass & FR_OUTQUE ? 1 : 0;
is->is_pass = pass;
is->is_pkts = 1;
is->is_bytes = ip->ip_len;
if (rev == 0) {
if (!out) {
- if (is->is_ifpin == ifp)
+ if (is->is_ifpin == NULL || is->is_ifpin == ifp)
ret = 1;
} else {
if (is->is_ifpout == NULL || is->is_ifpout == ifp)
}
} else {
if (out) {
- if (is->is_ifpin == ifp)
+ if (is->is_ifpin == NULL || is->is_ifpin == ifp)
ret = 1;
} else {
if (is->is_ifpout == NULL || is->is_ifpout == ifp)
}
if (!rev) {
- if (out && (out == is->is_rout)) {
+ if (out) {
if (!is->is_ifpout)
is->is_ifpout = ifp;
} else {
is->is_ifpin = ifp;
}
} else {
- if (!out && (out != is->is_rout)) {
+ if (out) {
if (!is->is_ifpin)
is->is_ifpin = ifp;
} else {
-/* $OpenBSD: ip_state.h,v 1.12 2000/02/16 22:34:20 kjell Exp $ */
+/* $OpenBSD: ip_state.h,v 1.13 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
* to the original author and the contributors.
*
* @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed
- * $IPFilter: ip_state.h,v 2.1.2.3 2000/02/15 08:04:03 darrenr Exp $
+ * $IPFilter: ip_state.h,v 2.1.2.4 2000/02/23 15:23:27 darrenr Exp $
*/
#ifndef __IP_STATE_H__
#define __IP_STATE_H__
struct in_addr is_src;
struct in_addr is_dst;
u_char is_p; /* Protocol */
- u_char is_rout; /* Is rule in/out ? */
u_32_t is_flags;
u_32_t is_opt; /* packet options set */
u_32_t is_optmsk; /* " " mask */
-/* $OpenBSD: ipl.h,v 1.5 2000/02/16 22:34:20 kjell Exp $ */
+/* $OpenBSD: ipl.h,v 1.6 2000/03/13 23:40:18 kjell Exp $ */
/*
* Copyright (C) 1993-1999 by Darren Reed.
#ifndef __IPL_H__
#define __IPL_H__
-#define IPL_VERSION "IP Filter: v3.3.9"
+#define IPL_VERSION "IP Filter: v3.3.11"
#endif
-/* $OpenBSD: ipft_ef.c,v 1.13 2000/02/16 22:34:23 kjell Exp $ */
+/* $OpenBSD: ipft_ef.c,v 1.14 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipft_hx.c,v 1.11 2000/02/16 22:34:23 kjell Exp $ */
+/* $OpenBSD: ipft_hx.c,v 1.12 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
-/* $OpenBSD: ipft_pc.c,v 1.15 2000/02/16 22:34:23 kjell Exp $ */
+/* $OpenBSD: ipft_pc.c,v 1.16 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipft_sn.c,v 1.12 2000/02/16 22:34:23 kjell Exp $ */
+/* $OpenBSD: ipft_sn.c,v 1.13 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipft_td.c,v 1.13 2000/02/16 22:34:23 kjell Exp $ */
+/* $OpenBSD: ipft_td.c,v 1.14 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipft_tx.c,v 1.15 2000/02/16 22:34:24 kjell Exp $ */
+/* $OpenBSD: ipft_tx.c,v 1.16 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1995-1998 by Darren Reed.
-/* $OpenBSD: ipt.c,v 1.16 2000/02/16 22:34:24 kjell Exp $ */
+/* $OpenBSD: ipt.c,v 1.17 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipt.h,v 1.9 2000/02/16 22:34:24 kjell Exp $ */
+/* $OpenBSD: ipt.h,v 1.10 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: misc.c,v 1.11 2000/02/16 22:34:24 kjell Exp $ */
+/* $OpenBSD: misc.c,v 1.12 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: pcap.h,v 1.9 2000/02/16 22:34:25 kjell Exp $ */
+/* $OpenBSD: pcap.h,v 1.10 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: snoop.h,v 1.8 2000/02/16 22:34:25 kjell Exp $ */
+/* $OpenBSD: snoop.h,v 1.9 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
-/* $OpenBSD: ipmon.c,v 1.22 2000/02/16 22:34:23 kjell Exp $ */
+/* $OpenBSD: ipmon.c,v 1.23 2000/03/13 23:40:20 kjell Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-1998 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ipmon.c,v 2.3.2.4 2000/01/24 12:45:25 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ipmon.c,v 2.3.2.5 2000/02/16 14:40:39 darrenr Exp $";
#endif
#ifndef SOLARIS
struct protoent *p;
struct servent *s;
char *name, **tab;
- u_int port;
+ int port;
if (protocols != NULL) {
free(protocols);
if (s->s_proto == NULL)
continue;
else if (!strcmp(s->s_proto, "tcp")) {
- port = (u_int)s->s_port;
+ port = s->s_port;
name = s->s_name;
tab = tcp_ports;
} else if (!strcmp(s->s_proto, "udp")) {
- port = (u_int)s->s_port;
+ port = s->s_port;
name = s->s_name;
tab = udp_ports;
} else
projects / openbsd / commitdiff