From owner-p4-projects@FreeBSD.ORG Thu Oct 18 23:14:16 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9060216A46C; Thu, 18 Oct 2007 23:14:16 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1BC4D16A419 for ; Thu, 18 Oct 2007 23:14:16 +0000 (UTC) (envelope-from peter@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id C636013C45A for ; Thu, 18 Oct 2007 23:14:15 +0000 (UTC) (envelope-from peter@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l9INEFjs023396 for ; Thu, 18 Oct 2007 23:14:15 GMT (envelope-from peter@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l9INEDge023393 for perforce@freebsd.org; Thu, 18 Oct 2007 23:14:13 GMT (envelope-from peter@freebsd.org) Date: Thu, 18 Oct 2007 23:14:13 GMT Message-Id: <200710182314.l9INEDge023393@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to peter@freebsd.org using -f From: Peter Wemm To: Perforce Change Reviews Cc: Subject: PERFORCE change 127731 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2007 23:14:16 -0000 http://perforce.freebsd.org/chv.cgi?CH=127731 Change 127731 by peter@peter_daintree on 2007/10/18 23:13:27 IFC @127729 Affected files ... .. //depot/projects/hammer/Makefile#43 integrate .. //depot/projects/hammer/contrib/ipfilter/BSD/Makefile#8 integrate .. //depot/projects/hammer/contrib/ipfilter/BSD/kupgrade#6 integrate .. //depot/projects/hammer/contrib/ipfilter/HISTORY#9 integrate .. //depot/projects/hammer/contrib/ipfilter/Makefile#9 integrate .. //depot/projects/hammer/contrib/ipfilter/ip_fil.c#4 integrate .. //depot/projects/hammer/contrib/ipfilter/iplang/Makefile#3 integrate .. //depot/projects/hammer/contrib/ipfilter/ipsend/iptests.c#7 integrate .. //depot/projects/hammer/contrib/ipfilter/ipsend/sock.c#7 integrate .. //depot/projects/hammer/contrib/ipfilter/l4check/Makefile#2 integrate .. //depot/projects/hammer/contrib/ipfilter/l4check/l4check.c#3 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/Makefile#5 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/alist_new.c#2 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/ipft_tx.c#5 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/printnat.c#4 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/printpacket.c#4 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/printpool_live.c#2 integrate .. //depot/projects/hammer/contrib/ipfilter/lib/printstate.c#4 integrate .. //depot/projects/hammer/contrib/ipfilter/man/ippool.5#2 integrate .. //depot/projects/hammer/contrib/ipfilter/md5.h#2 integrate .. //depot/projects/hammer/contrib/ipfilter/radix.c#4 integrate .. //depot/projects/hammer/contrib/ipfilter/radix_ipf.h#4 integrate .. //depot/projects/hammer/contrib/ipfilter/test/Makefile#8 integrate .. //depot/projects/hammer/contrib/ipfilter/test/dotest#4 integrate .. //depot/projects/hammer/contrib/ipfilter/test/expected/Makefile#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/expected/f11#2 integrate .. //depot/projects/hammer/contrib/ipfilter/test/expected/f24#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/expected/i19.dist#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/expected/i21#2 integrate .. //depot/projects/hammer/contrib/ipfilter/test/expected/in1#5 integrate .. //depot/projects/hammer/contrib/ipfilter/test/expected/in6#3 integrate .. //depot/projects/hammer/contrib/ipfilter/test/expected/ipv6.6#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/expected/n16#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/input/f11#3 integrate .. //depot/projects/hammer/contrib/ipfilter/test/input/f24#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/input/ipv6.6#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/input/l1#3 integrate .. //depot/projects/hammer/contrib/ipfilter/test/input/n16#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/nattest#3 integrate .. //depot/projects/hammer/contrib/ipfilter/test/regress/f24#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/regress/i21#2 integrate .. //depot/projects/hammer/contrib/ipfilter/test/regress/i3#3 integrate .. //depot/projects/hammer/contrib/ipfilter/test/regress/in1#5 integrate .. //depot/projects/hammer/contrib/ipfilter/test/regress/in6#3 integrate .. //depot/projects/hammer/contrib/ipfilter/test/regress/ipv6.6#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/regress/n16#1 branch .. //depot/projects/hammer/contrib/ipfilter/test/test.format#5 integrate .. //depot/projects/hammer/contrib/ipfilter/tools/ipf_y.y#6 integrate .. //depot/projects/hammer/contrib/ipfilter/tools/ipfstat.c#6 integrate .. //depot/projects/hammer/contrib/ipfilter/tools/ipmon.c#7 integrate .. //depot/projects/hammer/contrib/ipfilter/tools/ipnat.c#4 integrate .. //depot/projects/hammer/contrib/ipfilter/tools/ipnat_y.y#5 integrate .. //depot/projects/hammer/contrib/ipfilter/tools/lexer.c#4 integrate .. //depot/projects/hammer/crypto/heimdal/appl/su/Makefile.am#3 integrate .. //depot/projects/hammer/crypto/heimdal/appl/su/su.c#6 integrate .. //depot/projects/hammer/crypto/openssl/ssl/d1_both.c#2 integrate .. //depot/projects/hammer/crypto/openssl/ssl/dtls1.h#2 integrate .. //depot/projects/hammer/crypto/openssl/ssl/ssl.h#7 integrate .. //depot/projects/hammer/crypto/openssl/ssl/ssl_err.c#5 integrate .. //depot/projects/hammer/etc/Makefile#58 integrate .. //depot/projects/hammer/etc/cached.conf#2 delete .. //depot/projects/hammer/etc/nscd.conf#1 branch .. //depot/projects/hammer/etc/rc.d/ppp#7 integrate .. //depot/projects/hammer/kerberos5/usr.bin/ksu/Makefile#9 integrate .. //depot/projects/hammer/lib/libc/arm/Symbol.map#4 integrate .. //depot/projects/hammer/lib/libc/gen/sysctl.3#13 integrate .. //depot/projects/hammer/lib/libc/ia64/Symbol.map#4 integrate .. //depot/projects/hammer/lib/libc/net/nscache.c#2 integrate .. //depot/projects/hammer/lib/libc/powerpc/Symbol.map#4 integrate .. //depot/projects/hammer/lib/libthr/thread/thr_once.c#5 integrate .. //depot/projects/hammer/lib/libthr/thread/thr_pspinlock.c#4 integrate .. //depot/projects/hammer/libexec/rtld-elf/sparc64/reloc.c#13 integrate .. //depot/projects/hammer/release/doc/en_US.ISO8859-1/relnotes/article.sgml#21 integrate .. //depot/projects/hammer/share/mk/bsd.cpu.mk#33 integrate .. //depot/projects/hammer/share/mk/bsd.symver.mk#4 integrate .. //depot/projects/hammer/share/mk/version_gen.awk#4 integrate .. //depot/projects/hammer/share/termcap/termcap.src#15 integrate .. //depot/projects/hammer/sys/arm/arm/cpufunc.c#14 integrate .. //depot/projects/hammer/sys/arm/arm/cpufunc_asm_arm11.S#1 branch .. //depot/projects/hammer/sys/arm/arm/cpufunc_asm_armv5.S#1 branch .. //depot/projects/hammer/sys/arm/arm/cpufunc_asm_armv5_ec.S#1 branch .. //depot/projects/hammer/sys/arm/arm/identcpu.c#10 integrate .. //depot/projects/hammer/sys/arm/arm/pmap.c#42 integrate .. //depot/projects/hammer/sys/arm/at91/at91_mcireg.h#2 integrate .. //depot/projects/hammer/sys/arm/include/armreg.h#6 integrate .. //depot/projects/hammer/sys/arm/include/cpuconf.h#7 integrate .. //depot/projects/hammer/sys/arm/include/cpufunc.h#12 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/fil.c#17 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_auth.c#11 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_compat.h#14 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_fil.h#12 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c#6 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_frag.c#10 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_htable.c#5 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_log.c#12 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_lookup.c#4 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_lookup.h#4 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_nat.c#10 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_nat.h#9 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_pool.c#4 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_pool.h#4 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_proxy.c#9 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c#4 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_scan.c#5 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_state.c#11 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_state.h#8 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ip_sync.c#6 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/ipl.h#9 integrate .. //depot/projects/hammer/sys/contrib/ipfilter/netinet/mlfk_ipl.c#11 integrate .. //depot/projects/hammer/sys/ddb/db_ps.c#21 integrate .. //depot/projects/hammer/sys/dev/usb/uchcom.c#1 branch .. //depot/projects/hammer/sys/dev/usb/usbdevs#87 integrate .. //depot/projects/hammer/sys/fs/cd9660/cd9660_vfsops.c#3 integrate .. //depot/projects/hammer/sys/fs/coda/coda_vfsops.c#3 integrate .. //depot/projects/hammer/sys/fs/fdescfs/fdesc_vfsops.c#17 integrate .. //depot/projects/hammer/sys/fs/hpfs/hpfs_vfsops.c#24 integrate .. //depot/projects/hammer/sys/fs/msdosfs/msdosfs_vfsops.c#46 integrate .. //depot/projects/hammer/sys/fs/msdosfs/msdosfs_vnops.c#32 integrate .. //depot/projects/hammer/sys/fs/ntfs/ntfs_vfsops.c#32 integrate .. //depot/projects/hammer/sys/fs/nullfs/null_vfsops.c#25 integrate .. //depot/projects/hammer/sys/fs/nwfs/nwfs_vfsops.c#19 integrate .. //depot/projects/hammer/sys/fs/portalfs/portal_vfsops.c#17 integrate .. //depot/projects/hammer/sys/fs/pseudofs/pseudofs.c#15 integrate .. //depot/projects/hammer/sys/fs/smbfs/smbfs_vfsops.c#25 integrate .. //depot/projects/hammer/sys/fs/udf/udf_vfsops.c#30 integrate .. //depot/projects/hammer/sys/fs/unionfs/union_vfsops.c#22 integrate .. //depot/projects/hammer/sys/gnu/fs/ext2fs/ext2_vfsops.c#13 integrate .. //depot/projects/hammer/sys/gnu/fs/reiserfs/reiserfs_vfsops.c#8 integrate .. //depot/projects/hammer/sys/gnu/fs/xfs/FreeBSD/xfs_vfs.c#3 integrate .. //depot/projects/hammer/sys/kern/sched_ule.c#84 integrate .. //depot/projects/hammer/sys/kern/subr_param.c#16 integrate .. //depot/projects/hammer/sys/modules/Makefile#115 integrate .. //depot/projects/hammer/sys/modules/uchcom/Makefile#1 branch .. //depot/projects/hammer/sys/net/ethernet.h#9 integrate .. //depot/projects/hammer/sys/net/if_bridge.c#36 integrate .. //depot/projects/hammer/sys/net/if_ethersubr.c#67 integrate .. //depot/projects/hammer/sys/net/if_vlan.c#42 integrate .. //depot/projects/hammer/sys/netinet/sctp_constants.h#15 integrate .. //depot/projects/hammer/sys/netinet/sctp_indata.c#16 integrate .. //depot/projects/hammer/sys/netinet/sctp_input.c#16 integrate .. //depot/projects/hammer/sys/netinet/sctp_output.c#17 integrate .. //depot/projects/hammer/sys/netinet/sctp_pcb.c#17 integrate .. //depot/projects/hammer/sys/netinet/sctp_structs.h#13 integrate .. //depot/projects/hammer/sys/netinet/sctp_timer.c#15 integrate .. //depot/projects/hammer/sys/netinet/sctp_usrreq.c#17 integrate .. //depot/projects/hammer/sys/netinet/sctp_var.h#11 integrate .. //depot/projects/hammer/sys/netinet/sctputil.c#19 integrate .. //depot/projects/hammer/sys/nfs4client/nfs4_vfsops.c#21 integrate .. //depot/projects/hammer/sys/nfsclient/nfs_vfsops.c#49 integrate .. //depot/projects/hammer/sys/nfsserver/nfs_serv.c#36 integrate .. //depot/projects/hammer/sys/sparc64/sparc64/elf_machdep.c#19 integrate .. //depot/projects/hammer/sys/sys/sysctl.h#35 integrate .. //depot/projects/hammer/sys/ufs/ffs/ffs_vfsops.c#67 integrate .. //depot/projects/hammer/sys/vm/vm_mmap.c#47 integrate .. //depot/projects/hammer/sys/vm/vm_object.c#69 integrate .. //depot/projects/hammer/sys/vm/vm_param.h#8 integrate .. //depot/projects/hammer/usr.bin/fmt/fmt.c#4 integrate .. //depot/projects/hammer/usr.bin/locate/locate/locate.rc#4 integrate .. //depot/projects/hammer/usr.bin/locate/locate/updatedb.sh#5 integrate .. //depot/projects/hammer/usr.bin/makewhatis/makewhatis.c#4 integrate .. //depot/projects/hammer/usr.bin/netstat/sctp.c#5 integrate .. //depot/projects/hammer/usr.bin/nfsstat/nfsstat.1#4 integrate .. //depot/projects/hammer/usr.bin/nfsstat/nfsstat.c#3 integrate .. //depot/projects/hammer/usr.bin/su/su.c#20 integrate .. //depot/projects/hammer/usr.bin/tail/read.c#4 integrate .. //depot/projects/hammer/usr.sbin/pkg_install/lib/lib.h#14 integrate Differences ... ==== //depot/projects/hammer/Makefile#43 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $FreeBSD: src/Makefile,v 1.341 2007/05/16 08:46:35 des Exp $ +# $FreeBSD: src/Makefile,v 1.342 2007/10/18 08:41:52 delphij Exp $ # # The user-driven targets are: # @@ -147,14 +147,14 @@ .if ${.CURDIR} == ${.OBJDIR} || ${.CURDIR}/obj == ${.OBJDIR} .if exists(${BW_CANONICALOBJDIR}/) -rm -rf ${BW_CANONICALOBJDIR}/* - chflags -R 0 ${BW_CANONICALOBJDIR} + -chflags -R 0 ${BW_CANONICALOBJDIR} rm -rf ${BW_CANONICALOBJDIR}/* .endif # To be safe in this case, fall back to a 'make cleandir' ${_+_}@cd ${.CURDIR}; ${_MAKE} cleandir .else -rm -rf ${.OBJDIR}/* - chflags -R 0 ${.OBJDIR} + -chflags -R 0 ${.OBJDIR} rm -rf ${.OBJDIR}/* .endif ==== //depot/projects/hammer/contrib/ipfilter/BSD/Makefile#8 (text+ko) ==== @@ -485,13 +485,21 @@ cp if_ipl.o /lkm; \ fi -if [ -d /modules -a -f ipf.ko ] ; then \ - cp ipf.ko /modules; \ + if [ -f /modules/ipl.ko ] ; then \ + cp ipf.ko /modules/ipl.ko; \ + else \ + cp ipf.ko /modules; \ + fi \ fi -if [ -d /modules -a -f ipfrule.ko ] ; then \ cp ipfrule.ko /modules; \ fi -if [ -d /boot/kernel -a -f ipf.ko ] ; then \ - cp ipf.ko /boot/kernel; \ + if [ -f /boot/kernel/ipl.ko ] ; then \ + cp ipf.ko /boot/kernel/ipl.ko; \ + else \ + cp ipf.ko /boot/kernel; \ + fi \ fi -if [ -d /boot/kernel -a -f ipfrule.ko ] ; then \ cp ipfrule.ko /boot/kernel; \ ==== //depot/projects/hammer/contrib/ipfilter/BSD/kupgrade#6 (text+ko) ==== @@ -32,11 +32,15 @@ fi if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then - echo "Please do a build of ipfilter and then run the following" - echo "command to build extra files:" - echo - echo "make ip_rules.c" - exit 1 + echo "Trying to build ip_rules.c and ip_rules.h" + make ip_rules.c + if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then + echo "Please do a build of ipfilter and then run the following" + echo "command to build extra files:" + echo + echo "make ip_rules.c" + exit 1 + fi fi echo -n "Installing " ==== //depot/projects/hammer/contrib/ipfilter/HISTORY#9 (text+ko) ==== @@ -10,12 +10,110 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +4.1.28 - Release 16 October 2007 + +backout changes (B1) & (B2) as they've caused NAT entries to persist for +too long and possibly other side effects. + +Still need to compile in our own radix.c for Solaris as the one in S10U4 +has a different alignment of structure members (causes panic) + +keep state doesn't work with multicast/broadcast packets (makes UPnP easier) + +ippool -l may only lists every 2nd pool's contents + +4.1.27 - Released 29 September 2007 + +SunOS5/replace script does not deal with i386 systems that have the +i86/amd64 directory pair. + +make BSD/kupgrade try to build ip_rules.[ch] before complaining + +Need to look for ipl.ko LKM on FreeBSD, not just ipf.ko + +Cleanup SunOS5 Makefile pieces, removing CPU, sunos5x86; buildsunos needs +to drive 32bit cc builds differently for sparc/i386 now. + +Update instructions for rebuilding FreeBSD kernels + +Make the target "freebsd" work for building ipfilter + +destroying NAT entries for blocked packets can lead to NAT table entry leak, +provide a counter of orphan'd NAT entries to track this problem. + +4.1.26 - Released 24 September 2007 + +Fix build problem for Solaris prior to S10U4 + +4.1.25 - Released 20 September 2007 + +stepping through structures with ioctls can lead to the wrong things +being free'd and panics + +if a NAT entry (such as an rdr) is created but the packet ends up being +blocked, tear down the NAT entry. + +fix fragment cache preventing keep state from functioning + +fix handling of \ to indicate a continued line in .conf files + +include port ranges in the allowed input for ipf when using "port = ()" + +only advance TCP state for packets on the leading edge of the window. (B1) + +using ipnat -l can lead to memory corruption in high stress situations + +track TCP sequence numbers with NAT so that it can do timeout advances +correctly inline with state + +ICMP checksums for some redirect'd packets are not adjusted correctly. + +IPv6 address components need to be explicitly cast to a 32bit pointer +boundary so that compilers don't try to access them as two 64bit +pieces (no guarantee is made that an Ipv6 address is on a 64bit +aligned address) + +filling up the ipauth packet queue can lead to no more packets being +processed. + +locking used to deref a nat entry causes a significant performance hit + +m_pulldown isn't properly handled, leading to possible panics with ICMPv6 +packets + +IPv6 fragment handling doesn't allow for "keep frag" to work + +build on Solaris10 Update4 with pfhooks in the kernel + +logging of Ipv6 packets with extension headers fix - Miroslaw Luc + +4.1.24 - Released 8 July 2007 + +patch from Stuart Remphrey to address recursive mutex lock with TCP state + +add hash table bucket stats display to ipnat -s + +give ASSERT some teeth for user compiles + +initialising ipf_global, ipf_frcache, ipf_mutex should all be done very +early on + +do some caddr_t cleanup, where possible + +fr_ref no longer tracks the number of children rules in a group for head rules + +make sure all BCOPY* have a value assigned to something + +fix possible use of icmp pointer after pullup makes it invalid + +resolve compile problems related to FreeBSD tree + 4.1.23 - Released 31 May 2007 NAT was not always correctly fixing ICMP headers for errors some TCP state steps when closing do not update timeouts, leading to -them being removed prematurely. +them being removed prematurely. (B2) fix compilation problems for netbsd 4.99 ==== //depot/projects/hammer/contrib/ipfilter/Makefile#9 (text+ko) ==== @@ -5,8 +5,8 @@ # provided that this notice is preserved and due credit is given # to the original author and the contributors. # -# $FreeBSD: src/contrib/ipfilter/Makefile,v 1.7 2007/06/04 02:54:31 darrenr Exp $ -# Id: Makefile,v 2.76.2.19 2006/03/17 10:38:38 darrenr Exp $ +# $FreeBSD: src/contrib/ipfilter/Makefile,v 1.8 2007/10/18 21:52:11 darrenr Exp $ +# Id: Makefile,v 2.76.2.24 2007/09/26 10:04:03 darrenr Exp $ # SHELL=/bin/sh BINDEST=/usr/local/bin @@ -132,10 +132,7 @@ @echo "openbsd - compile for OpenBSD" @echo "freebsd20 - compile for FreeBSD 2.0, 2.1 or earlier" @echo "freebsd22 - compile for FreeBSD-2.2 or greater" - @echo "freebsd3 - compile for FreeBSD-3.x" - @echo "freebsd4 - compile for FreeBSD-4.x" - @echo "freebsd5 - compile for FreeBSD-5.x" - @echo "freebsd6 - compile for FreeBSD-6.x" + @echo "freebsd - compile for all other versions of FreeBSD" @echo "bsd - compile for generic 4.4BSD systems" @echo "bsdi - compile for BSD/OS" @echo "irix - compile for SGI IRIX" @@ -152,6 +149,7 @@ else echo test directory not present, sorry; fi include: + -mkdir -p net netinet if [ ! -f netinet/done ] ; then \ (cd netinet; ln -s ../*.h .; ln -s ../ip_*_pxy.c .;); \ (cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); \ @@ -167,6 +165,9 @@ MAKE="$(MAKE)" MAKEFLAGS="$(MAKEFLAGS)" BPFILTER=$(BPFILTER) \ CC="$(CC)" DEBUG="$(DEBUG)" ./buildsunos +freebsd: + make freebsd`uname -r|cut -c1` + freebsd22: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" -rm -f BSD/$(CPUDIR)/ioconf.h @@ -351,13 +352,9 @@ (cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..) sunos5 solaris2: null - (cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Dsparc -D__sparc__"; cd ..) + (cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)"; cd ..) (cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) -sunos5x86 solaris2x86: null - (cd SunOS5/$(CPUDIR); make build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" "CPU=-Di86pc -Di386 -D__i386__"; cd ..) - (cd SunOS5/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..) - linux: include (cd Linux; make build LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL); cd ..) (cd Linux; make ipflkm LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) LINUXKERNEL=$(LINUXKERNEL) WORKDIR=`pwd`; cd ..) @@ -374,7 +371,7 @@ (cd SunOS4; $(MAKE) CPU=$(CPU) TOP=.. install) install-sunos5: solaris null - (cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install) + (cd SunOS5; $(MAKE) TOP=.. install) install-aix: (cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) ==== //depot/projects/hammer/contrib/ipfilter/ip_fil.c#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/ipfilter/ip_fil.c,v 1.5 2007/06/04 02:54:31 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/ip_fil.c,v 1.6 2007/10/18 21:52:11 darrenr Exp $ */ /* * Copyright (C) 1993-2001 by Darren Reed. @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.16 2007/05/28 11:56:22 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.18 2007/09/09 11:32:05 darrenr Exp $"; #endif #ifndef SOLARIS @@ -81,7 +81,7 @@ #include # endif #endif -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(SOLARIS2) # include "radix_ipf.h" #endif #ifndef __osf__ @@ -390,7 +390,7 @@ *addr++ = '\0'; for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { - COPYIFNAME(ifp, ifname); + COPYIFNAME(v, ifp, ifname); if (!strcmp(name, ifname)) { if (addr != NULL) fr_setifpaddr(ifp, addr); @@ -429,6 +429,9 @@ } ifp = ifneta[nifs - 1]; +#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) + TAILQ_INIT(&ifp->if_addrlist); +#endif #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) ==== //depot/projects/hammer/contrib/ipfilter/iplang/Makefile#3 (text+ko) ==== @@ -3,20 +3,21 @@ # #CC=gcc -Wuninitialized -Wstrict-prototypes -Werror -O CFLAGS=-I.. +CCARGS=$(DEBUG) -I. -I.. $(CFLAGS) -I$(DESTDIR) -I$(DESTDIR)/.. -I../ipsend all: $(DESTDIR)/iplang_y.o $(DESTDIR)/iplang_l.o $(DESTDIR)/iplang_y.o: $(DESTDIR)/iplang_y.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_y.c -o $@ + $(CC) $(CCARGS) $(LINUX) -c $(DESTDIR)/iplang_y.c -o $@ $(DESTDIR)/iplang_l.o: $(DESTDIR)/iplang_l.c - $(CC) $(DEBUG) -I. -I.. -I$(DESTDIR) -I../ipsend $(CFLAGS) $(LINUX) -c $(DESTDIR)/iplang_l.c -o $@ + $(CC) $(CCARGS) $(LINUX) -c $(DESTDIR)/iplang_l.c -o $@ iplang_y.o: iplang_y.c - $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@ + $(CC) $(CCARGS) $< -o $@ iplang_l.o: iplang_l.c - $(CC) $(DEBUG) -I. -I.. -I../ipsend $(CFLAGS) $(LINUX) -c $< -o $@ + $(CC) $(CCARGS) $< -o $@ $(DESTDIR)/iplang_l.c: iplang_l.l $(DESTDIR)/iplang_y.h lex iplang_l.l ==== //depot/projects/hammer/contrib/ipfilter/ipsend/iptests.c#7 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/ipfilter/ipsend/iptests.c,v 1.13 2007/06/04 02:54:31 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/ipsend/iptests.c,v 1.14 2007/10/18 21:52:12 darrenr Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -8,7 +8,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.8 2007/02/17 12:41:51 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.9 2007/09/13 07:19:34 darrenr Exp $"; #endif #include #include @@ -22,6 +22,9 @@ #endif #include #if !defined(__osf__) +# ifdef __NetBSD__ +# include +# endif # define _KERNEL # define KERNEL # if !defined(solaris) && !defined(linux) && !defined(__sgi) && !defined(hpux) @@ -1097,7 +1100,8 @@ struct tcpcb *tcbp, tcb; struct tcpiphdr ti; struct sockaddr_in sin; - int fd, slen; + int fd; + socklen_t slen; bzero((char *)&sin, sizeof(sin)); ==== //depot/projects/hammer/contrib/ipfilter/ipsend/sock.c#7 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/ipfilter/ipsend/sock.c,v 1.18 2007/06/04 02:54:31 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/ipsend/sock.c,v 1.19 2007/10/18 21:52:12 darrenr Exp $ */ /* * sock.c (C) 1995-1998 Darren Reed * @@ -7,7 +7,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.6 2007/02/17 12:41:51 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.7 2007/09/13 07:19:34 darrenr Exp $"; #endif #include #include @@ -30,6 +30,9 @@ # include #endif #if !defined(__osf__) +# ifdef __NetBSD__ +# include +# endif # define _KERNEL # define KERNEL # ifdef ultrix @@ -385,7 +388,8 @@ { struct sockaddr_in rsin, lsin; struct tcpcb *t, tcb; - int fd, nfd, len; + int fd, nfd; + socklen_t len; printf("Dest. Port: %d\n", ti->ti_dport); ==== //depot/projects/hammer/contrib/ipfilter/l4check/Makefile#2 (text+ko) ==== @@ -4,7 +4,7 @@ all: l4check l4check: l4check.c - $(CC) -g -I.. $(CFLAGS) $(LIBS) l4check.c -o $@ + $(CC) -g -I.. -Wall $(CFLAGS) $(LIBS) l4check.c -o $@ clean: /bin/rm -f l4check ==== //depot/projects/hammer/contrib/ipfilter/l4check/l4check.c#3 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/ipfilter/l4check/l4check.c,v 1.2 2005/04/25 18:20:12 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/l4check/l4check.c,v 1.3 2007/10/18 21:52:12 darrenr Exp $ */ /* * (C)Copyright March, 2000 - Darren Reed. @@ -27,6 +27,7 @@ #include "ip_compat.h" #include "ip_fil.h" #include "ip_nat.h" +#include "ipl.h" #include "ipf.h" @@ -98,13 +99,21 @@ void addnat(l4) l4cfg_t *l4; { + ipnat_t *ipn = &l4->l4_nat; - printf("Add NAT rule for %s/%#x,%u -> ", inet_ntoa(ipn->in_out[0]), + printf("Add NAT rule for %s/%#x,%u -> ", inet_ntoa(ipn->in_out[0].in4), ipn->in_outmsk, ntohs(ipn->in_pmin)); - printf("%s,%u\n", inet_ntoa(ipn->in_in[0]), ntohs(ipn->in_pnext)); + printf("%s,%u\n", inet_ntoa(ipn->in_in[0].in4), ntohs(ipn->in_pnext)); if (!(opts & OPT_DONOTHING)) { - if (ioctl(natfd, SIOCADNAT, &ipn) == -1) + ipfobj_t obj; + + bzero(&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(*ipn); + obj.ipfo_ptr = ipn; + + if (ioctl(natfd, SIOCADNAT, &obj) == -1) perror("ioctl(SIOCADNAT)"); } } @@ -116,9 +125,16 @@ ipnat_t *ipn = &l4->l4_nat; printf("Remove NAT rule for %s/%#x,%u -> ", - inet_ntoa(ipn->in_out[0]), ipn->in_outmsk, ipn->in_pmin); - printf("%s,%u\n", inet_ntoa(ipn->in_in[0]), ipn->in_pnext); + inet_ntoa(ipn->in_out[0].in4), ipn->in_outmsk, ipn->in_pmin); + printf("%s,%u\n", inet_ntoa(ipn->in_in[0].in4), ipn->in_pnext); if (!(opts & OPT_DONOTHING)) { + ipfobj_t obj; + + bzero(&obj, sizeof(obj)); + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(*ipn); + obj.ipfo_ptr = ipn; + if (ioctl(natfd, SIOCRMNAT, &ipn) == -1) perror("ioctl(SIOCRMNAT)"); } @@ -178,7 +194,6 @@ void writefd(l4) l4cfg_t *l4; { - char buf[80], *ptr; int n, i, fd; fd = l4->l4_fd; @@ -410,7 +425,6 @@ struct servent *sp; struct hostent *hp; char *host, *port; - struct in_addr ip; host = str; port = strchr(host, ','); @@ -555,7 +569,8 @@ break; } - strncpy(ipn->in_ifname, s, sizeof(ipn->in_ifname)); + strncpy(ipn->in_ifnames[0], s, LIFNAMSIZ); + strncpy(ipn->in_ifnames[1], s, LIFNAMSIZ); if (!gethostport(t, num, &ipn->in_outip, &ipn->in_pmin)) { errtxt = line; @@ -567,11 +582,11 @@ if (opts & OPT_VERBOSE) fprintf(stderr, "Interface %s %s/%#x port %u\n", - ipn->in_ifname, - inet_ntoa(ipn->in_out[0]), + ipn->in_ifnames[0], + inet_ntoa(ipn->in_out[0].in4), ipn->in_outmsk, ipn->in_pmin); } else if (!strcasecmp(t, "remote")) { - if (!*ipn->in_ifname) { + if (!*ipn->in_ifnames[0]) { fprintf(stderr, "%d: ifname not set prior to remote\n", num); @@ -606,7 +621,7 @@ break; } bcopy((char *)&template, (char *)l4, sizeof(*l4)); - l4->l4_sin.sin_addr = ipn->in_in[0]; + l4->l4_sin.sin_addr = ipn->in_in[0].in4; l4->l4_sin.sin_port = ipn->in_pnext; l4->l4_next = l4list; l4list = l4; @@ -793,7 +808,7 @@ } if (!(opts & OPT_DONOTHING)) { - natfd = open(IPL_NAT, O_RDWR); + natfd = open(IPNAT_NAME, O_RDWR); if (natfd == -1) { perror("open(IPL_NAT)"); exit(1); @@ -804,4 +819,6 @@ fprintf(stderr, "Starting...\n"); while (runconfig() == 0) ; + + exit(1); } ==== //depot/projects/hammer/contrib/ipfilter/lib/Makefile#5 (text+ko) ==== @@ -3,7 +3,7 @@ # # See the IPFILTER.LICENCE file for details on licencing. # -# $Id: Makefile,v 1.41.2.13 2007/05/10 06:02:19 darrenr Exp $ +# $Id: Makefile,v 1.41.2.14 2007/09/21 08:30:43 darrenr Exp $ # INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h @@ -135,8 +135,6 @@ $(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@ $(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@ -$(DEST)/getline.o: $(LIBSRC)/getline.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/getline.c -o $@ $(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/gethost.c -o $@ $(DEST)/getifname.o: $(LIBSRC)/getifname.c $(INCDEP) @@ -218,10 +216,6 @@ $(CC) $(CCARGS) -c $(LIBSRC)/optvalue.c -o $@ $(DEST)/portname.o: $(LIBSRC)/portname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/portname.c -o $@ -$(DEST)/portnum.o: $(LIBSRC)/portnum.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/portnum.c -o $@ -$(DEST)/ports.o: $(LIBSRC)/ports.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ports.c -o $@ $(DEST)/print_toif.o: $(LIBSRC)/print_toif.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/print_toif.c -o $@ $(DEST)/printactivenat.o: $(LIBSRC)/printactivenat.c $(INCDEP) ==== //depot/projects/hammer/contrib/ipfilter/lib/alist_new.c#2 (text+ko) ==== @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: alist_new.c,v 1.1.2.2 2006/08/25 22:43:21 darrenr Exp $ + * $Id: alist_new.c,v 1.1.2.3 2007/06/06 08:05:33 darrenr Exp $ */ #include "ipf.h" @@ -53,12 +53,14 @@ } if (gethost(host, &al->al_addr) == -1) { - *slash = '/'; + if (slash != NULL) + *slash = '/'; fprintf(stderr, "Cannot parse hostname\n"); free(al); return NULL; } al->al_mask = htonl(mask); - *slash = '/'; + if (slash != NULL) + *slash = '/'; return al; } ==== //depot/projects/hammer/contrib/ipfilter/lib/ipft_tx.c#5 (text+ko) ==== @@ -1,15 +1,15 @@ -/* $FreeBSD: src/contrib/ipfilter/lib/ipft_tx.c,v 1.6 2007/06/04 02:54:32 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/lib/ipft_tx.c,v 1.7 2007/10/18 21:52:12 darrenr Exp $ */ /* * Copyright (C) 2000-2006 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.10 2007/09/03 21:54:44 darrenr Exp $"; #endif #include @@ -259,19 +259,30 @@ } ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); cpp++; - if (*cpp && ip->ip_p == IPPROTO_TCP) { - char *s, *t; + if (ip->ip_p == IPPROTO_TCP) { + if (*cpp != NULL) { + char *s, *t; + + tcp->th_flags = 0; + for (s = *cpp; *s; s++) + if ((t = strchr(myflagset, *s))) + tcp->th_flags |= myflags[t-myflagset]; + if (tcp->th_flags) + cpp++; + } - tcp->th_flags = 0; - for (s = *cpp; *s; s++) - if ((t = strchr(myflagset, *s))) - tcp->th_flags |= myflags[t - myflagset]; - if (tcp->th_flags) - cpp++; - if (tcp->th_flags == 0) - abort(); if (tcp->th_flags & TH_URG) tcp->th_urp = htons(1); + + if (*cpp && !strncasecmp(*cpp, "seq=", 4)) { + tcp->th_seq = htonl(atoi(*cpp + 4)); + cpp++; + } + + if (*cpp && !strncasecmp(*cpp, "ack=", 4)) { + tcp->th_ack = htonl(atoi(*cpp + 4)); + cpp++; + } } else if (*cpp && ip->ip_p == IPPROTO_ICMP) { extern char *tx_icmptypes[]; char **s, *t; ==== //depot/projects/hammer/contrib/ipfilter/lib/printnat.c#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/ipfilter/lib/printnat.c,v 1.4 2007/06/04 02:54:32 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/lib/printnat.c,v 1.5 2007/10/18 21:52:12 darrenr Exp $ */ /* * Copyright (C) 2002-2005 by Darren Reed. @@ -13,7 +13,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.13 2006/12/09 10:37:47 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.14 2007/09/06 16:40:11 darrenr Exp $"; #endif /* @@ -136,6 +136,8 @@ if (opts & OPT_DEBUG) printf("\tpmax %u\n", np->in_pmax); } else { + int protoprinted = 0; + if (!(np->in_flags & IPN_FILTER)) { printf("%s/", inet_ntoa(np->in_in[0].in4)); bits = count4bits(np->in_inmsk); @@ -172,6 +174,7 @@ printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); printproto(pr, np->in_p, NULL); + protoprinted = 1; } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -187,6 +190,7 @@ printf(" portmap "); } printproto(pr, np->in_p, np); + protoprinted = 1; if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -198,9 +202,6 @@ printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) { - putchar(' '); - printproto(pr, np->in_p, np); } if (np->in_flags & IPN_FRAG) @@ -212,6 +213,10 @@ printf(" mssclamp %d", np->in_mssclamp); if (np->in_tag.ipt_tag[0] != '\0') printf(" tag %s", np->in_tag.ipt_tag); + if (!protoprinted && (np->in_flags & IPN_TCPUDP || np->in_p)) { + putchar(' '); + printproto(pr, np->in_p, np); + } printf("\n"); if (opts & OPT_DEBUG) { struct in_addr nip; ==== //depot/projects/hammer/contrib/ipfilter/lib/printpacket.c#4 (text+ko) ==== @@ -1,11 +1,11 @@ -/* $FreeBSD: src/contrib/ipfilter/lib/printpacket.c,v 1.4 2007/06/04 02:54:32 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/lib/printpacket.c,v 1.5 2007/10/18 21:52:12 darrenr Exp $ */ /* * Copyright (C) 2000-2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $ + * $Id: printpacket.c,v 1.12.4.5 2007/09/09 22:15:30 darrenr Exp $ */ #include "ipf.h" @@ -56,7 +56,7 @@ printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) - printf(" @%d", off << 3); + printf(" @%d", (off & IP_OFFMASK) << 3); printf(" %s", inet_ntoa(ip->ip_src)); if (!(off & IP_OFFMASK)) if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) ==== //depot/projects/hammer/contrib/ipfilter/lib/printpool_live.c#2 (text+ko) ==== @@ -52,11 +52,12 @@ while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) { if (entry.ipn_next == NULL) last = 1; - entry.ipn_next = top; - top = malloc(sizeof(*top)); - if (top == NULL) + node = malloc(sizeof(*top)); + if (node == NULL) break; - bcopy(&entry, top, sizeof(entry)); + bcopy(&entry, node, sizeof(entry)); + node->ipn_next = top; + top = node; } while (top != NULL) { @@ -74,5 +75,9 @@ if ((opts & OPT_DEBUG) == 0) PRINTF(" };\n"); + + if (ioctl(fd, SIOCIPFDELTOK, &iter.ili_key) != 0) + perror("SIOCIPFDELTOK"); + return pool->ipo_next; } ==== //depot/projects/hammer/contrib/ipfilter/lib/printstate.c#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/contrib/ipfilter/lib/printstate.c,v 1.5 2007/06/04 02:54:32 darrenr Exp $ */ +/* $FreeBSD: src/contrib/ipfilter/lib/printstate.c,v 1.6 2007/10/18 21:52:12 darrenr Exp $ */ /* * Copyright (C) 2002-2005 by Darren Reed. @@ -35,8 +35,8 @@ sp->is_send, sp->is_dend, sp->is_maxswin, sp->is_swinscale, sp->is_maxdwin, sp->is_dwinscale); - PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", - sp->is_smsk[0], sp->is_smsk[1], sp->is_isc, + PRINTF("\tcmsk %04x smsk %04x s0 %08x/%08x\n", + sp->is_smsk[0], sp->is_smsk[1], sp->is_s0[0], sp->is_s0[1]); PRINTF("\tFWD:ISN inc %x sumd %x\n", sp->is_isninc[0], sp->is_sumd[0]); ==== //depot/projects/hammer/contrib/ipfilter/man/ippool.5#2 (text+ko) ==== @@ -1,4 +1,4 @@ -.\" $FreeBSD: src/contrib/ipfilter/man/ippool.5,v 1.2 2005/04/25 18:20:14 darrenr Exp $ +.\" $FreeBSD: src/contrib/ipfilter/man/ippool.5,v 1.3 2007/10/18 21:52:12 darrenr Exp $ .\" .TH IPPOOL 5 .SH NAME @@ -94,7 +94,7 @@ configuration entries. >>> TRUNCATED FOR MAIL (1000 lines) <<<