From owner-p4-projects Tue Mar 19 3:57:14 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5BDFC37B400; Tue, 19 Mar 2002 03:56:05 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8579037B405 for ; Tue, 19 Mar 2002 03:56:03 -0800 (PST) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2JBu1k56849 for perforce@freebsd.org; Tue, 19 Mar 2002 03:56:01 -0800 (PST) (envelope-from peter@freebsd.org) Date: Tue, 19 Mar 2002 03:56:01 -0800 (PST) Message-Id: <200203191156.g2JBu1k56849@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to peter@freebsd.org using -f From: Peter Wemm Subject: PERFORCE change 7952 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=7952 Change 7952 by peter@peter_overcee on 2002/03/19 03:55:31 IFC @7951 Affected files ... ... //depot/projects/ia64/sys/alpha/alpha/pmap.c#5 integrate ... //depot/projects/ia64/sys/boot/efi/Makefile.inc#3 integrate ... //depot/projects/ia64/sys/boot/efi/include/efiapi.h#5 integrate ... //depot/projects/ia64/sys/boot/efi/loader/conf.c#3 integrate ... //depot/projects/ia64/sys/boot/ia64/libski/Makefile#3 integrate ... //depot/projects/ia64/sys/boot/ia64/skiload/Makefile#3 integrate ... //depot/projects/ia64/sys/conf/Makefile.ia64#8 integrate ... //depot/projects/ia64/sys/conf/files#10 integrate ... //depot/projects/ia64/sys/conf/kern.post.mk#7 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/fil.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_auth.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_auth.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_compat.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_fil.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_fil.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_frag.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_frag.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c#1 branch ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_log.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_nat.c#4 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_nat.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_netbios_pxy.c#1 branch ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_proxy.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_proxy.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_state.c#3 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_state.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/ipl.h#2 integrate ... //depot/projects/ia64/sys/contrib/ipfilter/netinet/mlfk_ipl.c#2 integrate ... //depot/projects/ia64/sys/dev/acpica/Osd/OsdHardware.c#4 integrate ... //depot/projects/ia64/sys/dev/acpica/Osd/OsdMemory.c#7 integrate ... //depot/projects/ia64/sys/dev/kbd/atkbdc.c#3 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs#7 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs.h#6 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs_data.h#6 integrate ... //depot/projects/ia64/sys/i386/i386/pmap.c#6 integrate ... //depot/projects/ia64/sys/ia64/acpica/madt.c#6 integrate ... //depot/projects/ia64/sys/ia64/conf/GENERIC#5 integrate ... //depot/projects/ia64/sys/ia64/ia64/autoconf.c#3 integrate ... //depot/projects/ia64/sys/ia64/ia64/clock.c#4 integrate ... //depot/projects/ia64/sys/ia64/ia64/db_disasm.c#3 integrate ... //depot/projects/ia64/sys/ia64/ia64/db_interface.c#7 integrate ... //depot/projects/ia64/sys/ia64/ia64/db_trace.c#4 integrate ... //depot/projects/ia64/sys/ia64/ia64/elf_machdep.c#3 integrate ... //depot/projects/ia64/sys/ia64/ia64/ia64-gdbstub.c#3 integrate ... //depot/projects/ia64/sys/ia64/ia64/machdep.c#17 integrate ... //depot/projects/ia64/sys/ia64/ia64/mp_machdep.c#10 integrate ... //depot/projects/ia64/sys/ia64/ia64/nexus.c#3 integrate ... //depot/projects/ia64/sys/ia64/ia64/pmap.c#9 integrate ... //depot/projects/ia64/sys/ia64/ia64/sal.c#4 integrate ... //depot/projects/ia64/sys/ia64/ia64/sapic.c#5 integrate ... //depot/projects/ia64/sys/ia64/include/cpu.h#3 integrate ... //depot/projects/ia64/sys/ia64/include/vmparam.h#3 integrate ... //depot/projects/ia64/sys/ia64/isa/isa_dma.c#3 integrate ... //depot/projects/ia64/sys/kern/kern_acl.c#5 integrate ... //depot/projects/ia64/sys/kern/kern_descrip.c#8 integrate ... //depot/projects/ia64/sys/kern/kern_malloc.c#3 integrate ... //depot/projects/ia64/sys/kern/kern_synch.c#4 integrate ... //depot/projects/ia64/sys/kern/subr_sbuf.c#5 integrate ... //depot/projects/ia64/sys/kern/sys_pipe.c#6 integrate ... //depot/projects/ia64/sys/kern/sysv_sem.c#4 integrate ... //depot/projects/ia64/sys/kern/uipc_socket.c#5 integrate ... //depot/projects/ia64/sys/kern/uipc_usrreq.c#6 integrate ... //depot/projects/ia64/sys/kern/vfs_lookup.c#3 integrate ... //depot/projects/ia64/sys/netinet/in_pcb.h#4 integrate ... //depot/projects/ia64/sys/netinet/tcp_syncache.c#6 integrate ... //depot/projects/ia64/sys/powerpc/powerpc/pmap.c#5 integrate ... //depot/projects/ia64/sys/sparc64/include/pv.h#3 integrate ... //depot/projects/ia64/sys/sparc64/sparc64/pmap.c#4 integrate ... //depot/projects/ia64/sys/sparc64/sparc64/pv.c#3 integrate ... //depot/projects/ia64/sys/sys/malloc.h#3 integrate ... //depot/projects/ia64/sys/sys/proc.h#6 integrate ... //depot/projects/ia64/sys/sys/socketvar.h#5 integrate ... //depot/projects/ia64/sys/sys/vnode.h#5 integrate ... //depot/projects/ia64/sys/vm/device_pager.c#2 integrate ... //depot/projects/ia64/sys/vm/swap_pager.c#4 integrate ... //depot/projects/ia64/sys/vm/uma.h#1 branch ... //depot/projects/ia64/sys/vm/uma_core.c#1 branch ... //depot/projects/ia64/sys/vm/uma_int.h#1 branch ... //depot/projects/ia64/sys/vm/vm_glue.c#7 integrate ... //depot/projects/ia64/sys/vm/vm_init.c#3 integrate ... //depot/projects/ia64/sys/vm/vm_map.c#6 integrate ... //depot/projects/ia64/sys/vm/vm_map.h#6 integrate ... //depot/projects/ia64/sys/vm/vm_object.c#5 integrate ... //depot/projects/ia64/sys/vm/vm_page.c#5 integrate ... //depot/projects/ia64/sys/vm/vm_pageout.c#6 integrate ... //depot/projects/ia64/sys/vm/vm_zone.h#2 integrate ... //depot/projects/ia64/usr.bin/vmstat/vmstat.c#3 integrate Differences ... ==== //depot/projects/ia64/sys/alpha/alpha/pmap.c#5 (text+ko) ==== @@ -43,7 +43,7 @@ * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91 * from: i386 Id: pmap.c,v 1.193 1998/04/19 15:22:48 bde Exp * with some ideas from NetBSD's alpha pmap - * $FreeBSD: src/sys/alpha/alpha/pmap.c,v 1.85 2002/02/28 07:40:55 silby Exp $ + * $FreeBSD: src/sys/alpha/alpha/pmap.c,v 1.86 2002/03/19 09:11:46 jeff Exp $ */ /* @@ -322,11 +322,9 @@ * Data for the pv entry allocation mechanism */ static vm_zone_t pvzone; -static struct vm_zone pvzone_store; static struct vm_object pvzone_obj; static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0; static int pmap_pagedaemon_waken = 0; -static struct pv_entry *pvinit; static PMAP_INLINE void free_pv_entry __P((pv_entry_t pv)); static pv_entry_t get_pv_entry __P((void)); @@ -349,6 +347,7 @@ static vm_page_t _pmap_allocpte __P((pmap_t pmap, unsigned ptepindex)); static vm_page_t pmap_page_lookup __P((vm_object_t object, vm_pindex_t pindex)); static int pmap_unuse_pt __P((pmap_t, vm_offset_t, vm_page_t)); +static void *pmap_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait); #ifdef SMP static void pmap_invalidate_page_action __P((void *arg)); static void pmap_invalidate_all_action __P((void *arg)); @@ -575,6 +574,13 @@ return 0; } +static void * +pmap_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) +{ + *flags = UMA_SLAB_PRIV; + return (void *)kmem_alloc(kernel_map, bytes); +} + /* * Initialize the pmap module. * Called by vm_init, to initialize any structures that the pmap @@ -609,11 +615,16 @@ initial_pvs = vm_page_array_size; if (initial_pvs < MINPV) initial_pvs = MINPV; +#if 0 pvzone = &pvzone_store; pvinit = (struct pv_entry *) kmem_alloc(kernel_map, initial_pvs * sizeof (struct pv_entry)); zbootinit(pvzone, "PV ENTRY", sizeof (struct pv_entry), pvinit, vm_page_array_size); +#endif + pvzone = zinit("PV ENTRY", sizeof (struct pv_entry), 0, 0, 0); + uma_zone_set_allocf(pvzone, pmap_allocf); + uma_prealloc(pvzone, initial_pvs); /* * object for kernel page table pages */ @@ -638,7 +649,10 @@ TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc); pv_entry_max = shpgperproc * maxproc + vm_page_array_size; pv_entry_high_water = 9 * (pv_entry_max / 10); +#if 0 zinitna(pvzone, &pvzone_obj, NULL, 0, pv_entry_max, ZONE_INTERRUPT, 1); +#endif + uma_zone_set_obj(pvzone, &pvzone_obj, pv_entry_max); } ==== //depot/projects/ia64/sys/boot/efi/Makefile.inc#3 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/boot/efi/Makefile.inc,v 1.2 2001/06/16 05:59:45 obrien Exp $ +# $FreeBSD: src/sys/boot/efi/Makefile.inc,v 1.3 2002/03/19 10:51:57 peter Exp $ # Options used when building app-specific efi components ==== //depot/projects/ia64/sys/boot/efi/include/efiapi.h#5 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/boot/efi/include/efiapi.h,v 1.2 2001/11/19 06:58:14 peter Exp $ */ +/* $FreeBSD: src/sys/boot/efi/include/efiapi.h,v 1.3 2002/03/19 10:50:09 peter Exp $ */ #ifndef _EFI_API_H #define _EFI_API_H ==== //depot/projects/ia64/sys/boot/efi/loader/conf.c#3 (text+ko) ==== @@ -33,7 +33,7 @@ #ifndef lint static const char rcsid[] = - "$FreeBSD: src/sys/boot/efi/loader/conf.c,v 1.5 2001/09/22 19:12:30 dfr Exp $"; + "$FreeBSD: src/sys/boot/efi/loader/conf.c,v 1.6 2002/03/19 10:50:41 peter Exp $"; #endif /* not lint */ #include ==== //depot/projects/ia64/sys/boot/ia64/libski/Makefile#3 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/boot/ia64/libski/Makefile,v 1.2 2001/09/15 09:53:55 dfr Exp $ +# $FreeBSD: src/sys/boot/ia64/libski/Makefile,v 1.3 2002/03/19 10:51:57 peter Exp $ LIB= ski NOPIC= true ==== //depot/projects/ia64/sys/boot/ia64/skiload/Makefile#3 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/boot/ia64/skiload/Makefile,v 1.2 2001/09/26 00:13:08 peter Exp $ +# $FreeBSD: src/sys/boot/ia64/skiload/Makefile,v 1.3 2002/03/19 10:51:57 peter Exp $ .PATH: ${.CURDIR}/../common ==== //depot/projects/ia64/sys/conf/Makefile.ia64#8 (text+ko) ==== @@ -1,7 +1,7 @@ # Makefile.ia64 -- with config changes. # Copyright 1990 W. Jolitz # from: src/sys/conf/Makefile.alpha,v 1.76 -# $FreeBSD: src/sys/conf/Makefile.ia64,v 1.46 2002/02/20 23:35:51 peter Exp $ +# $FreeBSD: src/sys/conf/Makefile.ia64,v 1.47 2002/03/19 10:52:44 peter Exp $ # # Makefile for FreeBSD # ==== //depot/projects/ia64/sys/conf/files#10 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/files,v 1.612 2002/03/18 18:23:42 joe Exp $ +# $FreeBSD: src/sys/conf/files,v 1.613 2002/03/19 09:11:46 jeff Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -1339,5 +1339,5 @@ vm/vm_pager.c standard vm/vm_swap.c standard vm/vm_unix.c standard -vm/vm_zone.c standard +vm/uma_core.c standard vm/vnode_pager.c standard ==== //depot/projects/ia64/sys/conf/kern.post.mk#7 (text+ko) ==== @@ -8,7 +8,7 @@ # should be defined in the kern.pre.mk so that port makefiles can # override or augment them. # -# $FreeBSD: src/sys/conf/kern.post.mk,v 1.13 2002/03/19 06:30:24 bde Exp $ +# $FreeBSD: src/sys/conf/kern.post.mk,v 1.14 2002/03/19 08:20:44 bde Exp $ # .PHONY: all modules ==== //depot/projects/ia64/sys/contrib/ipfilter/netinet/fil.c#3 (text+ko) ==== @@ -3,6 +3,9 @@ * * See the IPFILTER.LICENCE file for details on licencing. */ +#ifdef __sgi +# include +#endif #include #include #include @@ -34,7 +37,6 @@ # include # include #endif -#include #if !defined(__SVR4) && !defined(__svr4__) # ifndef linux # include @@ -77,10 +79,10 @@ #endif #include #include "netinet/ip_fil.h" -#include "netinet/ip_proxy.h" #include "netinet/ip_nat.h" #include "netinet/ip_frag.h" #include "netinet/ip_state.h" +#include "netinet/ip_proxy.h" #include "netinet/ip_auth.h" # if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) # include @@ -97,8 +99,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; -/* static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $"; */ -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.27 2002/01/14 09:07:15 alfred Exp $"; +static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.28 2002/03/19 11:44:16 darrenr Exp $"; #endif #ifndef _KERNEL @@ -108,7 +109,7 @@ # define FR_VERBOSE(verb_pr) verbose verb_pr # define FR_DEBUG(verb_pr) debug verb_pr -# define IPLLOG(a, c, d, e) ipllog() +# define IPLLOG(a, c, d, e) ipflog(a, c, d, e) #else /* #ifndef _KERNEL */ # define FR_VERBOSE(verb_pr) # define FR_DEBUG(verb_pr) @@ -263,7 +264,7 @@ fin->fin_off = off; fin->fin_plen = plen; - fin->fin_dp = (void *)tcp; + fin->fin_dp = (char *)tcp; off <<= 3; switch (p) @@ -283,7 +284,7 @@ { case ICMP6_ECHO_REPLY : case ICMP6_ECHO_REQUEST : - minicmpsz = ICMP6ERR_MINPKTLEN; + minicmpsz = ICMP6_MINLEN; break; case ICMP6_DST_UNREACH : case ICMP6_PACKET_TOO_BIG : @@ -383,6 +384,19 @@ fin->fin_data[1] = ntohs(tcp->th_dport); } break; + case IPPROTO_ESP : +#ifdef USE_INET6 + if (v == 6) { + if (plen < 8) + fi->fi_fl |= FI_SHORT; + } else +#endif + if (v == 4) { + if (((ip->ip_len < hlen + 8) && !off) || + (off && off < 8)) + fi->fi_fl |= FI_SHORT; + } + break; default : break; } @@ -548,8 +562,8 @@ * Could be per interface, but this gets real nasty when you don't have * kernel sauce. */ -int fr_scanlist(pass, ip, fin, m) -u_32_t pass; +int fr_scanlist(passin, ip, fin, m) +u_32_t passin; ip_t *ip; register fr_info_t *fin; void *m; @@ -557,20 +571,21 @@ register struct frentry *fr; register fr_ip_t *fi = &fin->fin_fi; int rulen, portcmp = 0, off, skip = 0, logged = 0; - u_32_t passt; + u_32_t pass, passt, passl; + frentry_t *frl; + frl = NULL; + pass = passin; fr = fin->fin_fr; fin->fin_fr = NULL; - fin->fin_rule = 0; - fin->fin_group = 0; off = fin->fin_off; - pass |= (fi->fi_fl << 24); if ((fi->fi_fl & FI_TCPUDP) && (fin->fin_dlen > 3) && !off) portcmp = 1; for (rulen = 0; fr; fr = fr->fr_next, rulen++) { if (skip) { + FR_VERBOSE(("%d (%#x)\n", skip, fr->fr_flags)); skip--; continue; } @@ -581,25 +596,28 @@ * check that we are working for the right interface */ #ifdef _KERNEL -# if BSD >= 199306 +# if (BSD >= 199306) if (fin->fin_out != 0) { if ((fr->fr_oifa && - fr->fr_oifa != ((mb_t *)m)->m_pkthdr.rcvif) || - (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)) + (fr->fr_oifa != ((mb_t *)m)->m_pkthdr.rcvif))) continue; - } else + } # endif - if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp) - continue; #else if (opts & (OPT_VERBOSE|OPT_DEBUG)) printf("\n"); - FR_VERBOSE(("%c", (pass & FR_PASS) ? 'p' : - (pass & FR_AUTH) ? 'a' : 'b')); +#endif + + FR_VERBOSE(("%c", fr->fr_skip ? 's' : + (pass & FR_PASS) ? 'p' : + (pass & FR_AUTH) ? 'a' : + (pass & FR_ACCOUNT) ? 'A' : + (pass & FR_NOMATCH) ? 'n' : 'b')); + if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp) continue; + FR_VERBOSE((":i")); -#endif { register u_32_t *ld, *lm, *lip; register int i; @@ -621,22 +639,19 @@ /* * Unrolled loops (4 each, for 32 bits). */ - i |= ((*lip & *lm) != *ld) << 19; FR_DEBUG(("1a. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); + i |= ((*lip++ & *lm++) != *ld++) << 5; if (fi->fi_v == 6) { - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 19; FR_DEBUG(("1b. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 19; + i |= ((*lip++ & *lm++) != *ld++) << 5; FR_DEBUG(("1c. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 19; + i |= ((*lip++ & *lm++) != *ld++) << 5; FR_DEBUG(("1d. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); + i |= ((*lip++ & *lm++) != *ld++) << 5; } else { lip += 3; lm += 3; @@ -645,23 +660,19 @@ i ^= (fr->fr_flags & FR_NOTSRCIP); if (i) continue; - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 20; FR_DEBUG(("2a. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); + i |= ((*lip++ & *lm++) != *ld++) << 6; if (fi->fi_v == 6) { - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 20; FR_DEBUG(("2b. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 20; + i |= ((*lip++ & *lm++) != *ld++) << 6; FR_DEBUG(("2c. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld) << 20; + i |= ((*lip++ & *lm++) != *ld++) << 6; FR_DEBUG(("2d. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); + i |= ((*lip++ & *lm++) != *ld++) << 6; } else { lip += 3; lm += 3; @@ -670,14 +681,12 @@ i ^= (fr->fr_flags & FR_NOTDSTIP); if (i) continue; - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld); FR_DEBUG(("3. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); - lip++, lm++, ld++; - i |= ((*lip & *lm) != *ld); + i |= ((*lip++ & *lm++) != *ld++); FR_DEBUG(("4. %#08x & %#08x != %#08x\n", *lip, *lm, *ld)); + i |= ((*lip & *lm) != *ld); if (i) continue; } @@ -704,17 +713,30 @@ } } FR_VERBOSE(("*")); - /* - * Just log this packet... - */ + + if (fr->fr_flags & FR_NOMATCH) { + passt = passl; + passl = passin; + fin->fin_fr = frl; + frl = NULL; + if (fr->fr_flags & FR_QUICK) + break; + continue; + } + + passl = passt; passt = fr->fr_flags; + frl = fin->fin_fr; + fin->fin_fr = fr; #if (BSD >= 199306) && (defined(_KERNEL) || defined(KERNEL)) if (securelevel <= 0) #endif if ((passt & FR_CALLNOW) && fr->fr_func) passt = (*fr->fr_func)(passt, ip, fin); - fin->fin_fr = fr; #ifdef IPFILTER_LOG + /* + * Just log this packet... + */ if ((passt & FR_LOGMASK) == FR_LOG) { if (!IPLLOG(passt, ip, fin, m)) { if (passt & FR_LOGORBLOCK) @@ -725,32 +747,33 @@ logged = 1; } #endif /* IPFILTER_LOG */ - if (!(skip = fr->fr_skip) && (passt & FR_LOGMASK) != FR_LOG) - pass = passt; - FR_DEBUG(("pass %#x\n", pass)); ATOMIC_INCL(fr->fr_hits); - if (pass & FR_ACCOUNT) + if (passt & FR_ACCOUNT) fr->fr_bytes += (U_QUAD_T)ip->ip_len; else fin->fin_icode = fr->fr_icode; fin->fin_rule = rulen; fin->fin_group = fr->fr_group; - if (fr->fr_grp) { + if (fr->fr_grp != NULL) { fin->fin_fr = fr->fr_grp; - pass = fr_scanlist(pass, ip, fin, m); + passt = fr_scanlist(passt, ip, fin, m); if (fin->fin_fr == NULL) { fin->fin_rule = rulen; fin->fin_group = fr->fr_group; fin->fin_fr = fr; } - if (pass & FR_DONTCACHE) + if (passt & FR_DONTCACHE) logged = 1; } - if (pass & FR_QUICK) + if (!(skip = fr->fr_skip) && (passt & FR_LOGMASK) != FR_LOG) + pass = passt; + FR_DEBUG(("pass %#x\n", pass)); + if (passt & FR_QUICK) break; } if (logged) pass |= FR_DONTCACHE; + pass |= (fi->fi_fl << 24); return pass; } @@ -806,7 +829,7 @@ /* * disable delayed checksums. */ - if (out && (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)) { + if ((out != 0) && (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)) { in_delayed_cksum(m); m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } @@ -847,6 +870,9 @@ case IPPROTO_ICMP: plen = ICMPERR_MAXPKTLEN - sizeof(ip_t); break; + case IPPROTO_ESP: + plen = 8; + break; # ifdef USE_INET6 case IPPROTO_ICMPV6 : /* @@ -918,20 +944,26 @@ ATOMIC_INCL(frstats[0].fr_ipv6[out]); if (((ip6_t *)ip)->ip6_hlim < fr_minttl) { ATOMIC_INCL(frstats[0].fr_badttl); - if (fr_minttllog) - logit = -2; + if (fr_minttllog & 1) + logit = -3; + if (fr_minttllog & 2) + drop = 1; } } else # endif if (!out) { if (fr_chksrc && !fr_verifysrc(ip->ip_src, ifp)) { ATOMIC_INCL(frstats[0].fr_badsrc); - if (fr_chksrc == 2) + if (fr_chksrc & 1) + drop = 1; + if (fr_chksrc & 2) logit = -2; } else if (ip->ip_ttl < fr_minttl) { ATOMIC_INCL(frstats[0].fr_badttl); - if (fr_minttllog) + if (fr_minttllog & 1) logit = -3; + if (fr_minttllog & 2) + drop = 1; } } if (drop) { @@ -1022,6 +1054,7 @@ FI_COPYSIZE); if (pass & FR_NOMATCH) { ATOMIC_INCL(frstats[out].fr_nom); + fin->fin_fr = NULL; } } } else @@ -1035,11 +1068,7 @@ */ if ((pass & FR_AUTH)) { if (fr_newauth((mb_t *)m, fin, ip) != 0) { -#ifdef _KERNEL m = *mp = NULL; -#else - ; -#endif error = 0; } else error = ENOSPC; @@ -1069,7 +1098,7 @@ } } if (pass & FR_KEEPSTATE) { - if (fr_addstate(ip, fin, 0) == NULL) { + if (fr_addstate(ip, fin, NULL, 0) == NULL) { ATOMIC_INCL(frstats[out].fr_bads); } else { ATOMIC_INCL(frstats[out].fr_ads); @@ -1098,11 +1127,19 @@ else #endif list = ipacct[1][fr_active]; - if ((fin->fin_fr = list) && - (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT)) { - ATOMIC_INCL(frstats[1].fr_acct); + if (list != NULL) { + u_32_t sg, sr; + + fin->fin_fr = list; + sg = fin->fin_group; + sr = fin->fin_rule; + if (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT) { + ATOMIC_INCL(frstats[1].fr_acct); + } + fin->fin_group = sg; + fin->fin_rule = sr; + fin->fin_fr = fr; } - fin->fin_fr = fr; changed = ip_natout(ip, fin); } else fin->fin_fr = fr; @@ -1151,10 +1188,10 @@ # if SOLARIS mc = dupmsg(m); # else -# ifndef linux +# if defined(__OpenBSD__) && (OpenBSD >= 199905) + mc = m_copym2(m, 0, M_COPYALL, M_DONTWAIT); +# else mc = m_copy(m, 0, M_COPYALL); -# else - ; # endif # endif #endif @@ -1171,7 +1208,6 @@ * some operating systems. */ if (!out) { -#ifdef _KERNEL if (pass & FR_RETICMP) { int dst; @@ -1187,19 +1223,6 @@ ATOMIC_INCL(frstats[1].fr_ret); } } -#else - if ((pass & FR_RETMASK) == FR_RETICMP) { - verbose("- ICMP unreachable sent\n"); - ATOMIC_INCL(frstats[0].fr_ret); - } else if ((pass & FR_RETMASK) == FR_FAKEICMP) { - verbose("- forged ICMP unreachable sent\n"); - ATOMIC_INCL(frstats[0].fr_ret); - } else if (((pass & FR_RETMASK) == FR_RETRST) && - !(fin->fin_fl & FI_SHORT)) { - verbose("- TCP RST sent\n"); - ATOMIC_INCL(frstats[1].fr_ret); - } -#endif } else { if (pass & FR_RETRST) error = ECONNRESET; @@ -1224,8 +1247,10 @@ frdest_t *fdp = &fr->fr_tif; if (((pass & FR_FASTROUTE) && !out) || - (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) + (fdp->fd_ifp && fdp->fd_ifp != (struct ifnet *)-1)) { (void) ipfr_fastroute(m, mp, fin, fdp); + m = *mp; + } if (mc != NULL) (void) ipfr_fastroute(mc, &mc, fin, &fr->fr_dif); @@ -1260,6 +1285,12 @@ return 0; if (pass & FR_AUTH) return -2; + if ((pass & FR_RETMASK) == FR_RETRST) + return -3; + if ((pass & FR_RETMASK) == FR_RETICMP) + return -4; + if ((pass & FR_RETMASK) == FR_FAKEICMP) + return -5; return -1; #endif /* _KERNEL */ } @@ -1481,7 +1512,7 @@ * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.39 2001/07/18 13:30:32 darrenr Exp $ + * $Id: fil.c,v 2.35.2.58 2002/03/13 02:23:13 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, ==== //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_auth.c#3 (text+ko) ==== @@ -3,6 +3,9 @@ * * See the IPFILTER.LICENCE file for details on licencing. */ +#ifdef __sgi +# include +#endif #include #include #include @@ -19,7 +22,6 @@ #else # include #endif -#include #ifndef linux # include #endif @@ -103,7 +105,7 @@ #if !defined(lint) /* static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $"; */ -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.26 2002/02/28 09:56:31 mike Exp $"; +static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.27 2002/03/19 11:44:16 darrenr Exp $"; #endif @@ -311,7 +313,7 @@ int fr_auth_ioctl(data, mode, cmd, fr, frptr) caddr_t data; int mode; -#if defined(__NetBSD__) || defined(__OpenBSD__) || (FreeBSD_version >= 300003) +#if defined(__NetBSD__) || defined(__OpenBSD__) || (__FreeBSD_version >= 300003) u_long cmd; #else int cmd; @@ -382,9 +384,7 @@ error = EINVAL; break; case SIOCATHST: - READ_ENTER(&ipf_auth); fr_authstats.fas_faelist = fae_list; - RWLOCK_EXIT(&ipf_auth); error = IWCOPYPTR((char *)&fr_authstats, data, sizeof(fr_authstats)); break; @@ -458,7 +458,7 @@ bzero((char *)&ro, sizeof(ro)); # if ((_BSDI_VERSION >= 199802) && (_BSDI_VERSION < 200005)) || \ - defined(__OpenBSD__) + defined(__OpenBSD__) || (defined(IRIX) && (IRIX >= 605)) error = ip_output(m, NULL, &ro, IP_FORWARDING, NULL, NULL); # else @@ -526,7 +526,6 @@ } -#ifdef _KERNEL /* * Free all network buffer memory used to keep saved packets. */ @@ -587,7 +586,7 @@ register frauthent_t *fae, **faep; register frentry_t *fr, **frp; mb_t *m; -#if !SOLARIS +#if !SOLARIS && defined(_KERNEL) int s; #endif @@ -626,4 +625,3 @@ RWLOCK_EXIT(&ipf_auth); SPL_X(s); } -#endif ==== //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_auth.h#2 (text+ko) ==== @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.h,v 1.11 2001/07/28 11:58:25 darrenr Exp $ + * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.h,v 1.12 2002/03/19 11:44:16 darrenr Exp $ * */ #ifndef __IP_AUTH_H__ @@ -52,7 +52,8 @@ extern void fr_authunload __P((void)); extern mb_t *fr_authpkts[]; extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *)); -#if defined(__NetBSD__) || defined(__OpenBSD__) +#if defined(__NetBSD__) || defined(__OpenBSD__) || \ + (__FreeBSD_version >= 300003) extern int fr_auth_ioctl __P((caddr_t, int, u_long, frentry_t *, frentry_t **)); #else extern int fr_auth_ioctl __P((caddr_t, int, int, frentry_t *, frentry_t **)); ==== //depot/projects/ia64/sys/contrib/ipfilter/netinet/ip_compat.h#2 (text+ko) ==== @@ -5,7 +5,7 @@ * * @(#)ip_compat.h 1.8 1/14/96 * $Id: ip_compat.h,v 2.26.2.9 2001/01/14 14:58:01 darrenr Exp $ - * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_compat.h,v 1.14 2001/07/28 11:58:25 darrenr Exp $ + * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_compat.h,v 1.15 2002/03/19 11:44:16 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ @@ -26,13 +26,20 @@ #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif -#if SOLARIS && !defined(SOLARIS2) -# define SOLARIS2 4 /* Pick an old version */ +#if SOLARIS +# if !defined(SOLARIS2) +# define SOLARIS2 3 /* Pick an old version */ +# endif +# if SOLARIS2 >= 8 +# ifndef USE_INET6 +# define USE_INET6 +# endif +# else +# undef USE_INET6 +# endif #endif -#if SOLARIS2 >= 8 -# ifndef USE_INET6 -# define USE_INET6 -# endif +#if defined(sun) && !(defined(__svr4__) || defined(__SVR4)) +# undef USE_INET6 #endif #if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__) @@ -63,6 +70,18 @@ }; #endif +#ifndef LIFNAMSIZ +# ifdef IF_NAMESIZE +# define LIFNAMSIZ IF_NAMESIZE +# else +# ifdef IFNAMSIZ +# define LIFNAMSIZ IFNAMSIZ +# else +# define LIFNAMSIZ 16 +# endif +# endif +#endif + #if defined(__sgi) && !defined(IPFILTER_LKM) # ifdef __STDC__ # define IPL_EXTERN(ep) ipfilter##ep @@ -77,12 +96,37 @@ # endif #endif +#ifdef __sgi +# include +#endif + #ifdef linux # include #endif + + +/* + * This is a workaround for troubles on FreeBSD and OpenBSD. + */ +#ifndef _KERNEL +# define ADD_KERNEL +# define _KERNEL +# define KERNEL +#endif +#ifdef __OpenBSD__ +struct file; +#endif +#include +#ifdef ADD_KERNEL +# undef _KERNEL +# undef KERNEL +#endif + #if SOLARIS # define MTYPE(m) ((m)->b_datap->db_type) -# include +# if SOLARIS2 >= 4 +# include +# endif # include # include # include @@ -138,12 +182,14 @@ queue_t *qf_q; /* fr_qin and fr_qout to the packet processing. */ size_t qf_off; size_t qf_len; /* this field is used for in ipfr_fastroute */ - char qf_name[8]; + char qf_name[LIFNAMSIZ]; /* * in case the ILL has disappeared... */ size_t qf_hl; /* header length */ int qf_sap; + size_t qf_incnt; + size_t qf_outcnt; } qif_t; #else /* SOLARIS */ # if !defined(__sgi) @@ -211,6 +257,7 @@ # endif typedef struct ip6_hdr ip6_t; # endif +# include union i6addr { u_32_t i6[4]; struct in_addr in4; @@ -226,6 +273,14 @@ #define IP6CMP(a,b) bcmp((char *)&(a), (char *)&(b), sizeof(a)) #define IP6EQ(a,b) (bcmp((char *)&(a), (char *)&(b), sizeof(a)) == 0) #define IP6NEQ(a,b) (bcmp((char *)&(a), (char *)&(b), sizeof(a)) != 0) +#define IP6_ISZERO(a) ((((union i6addr *)(a))->i6[0] | \ + ((union i6addr *)(a))->i6[1] | \ + ((union i6addr *)(a))->i6[2] | \ + ((union i6addr *)(a))->i6[3]) == 0) +#define IP6_NOTZERO(a) ((((union i6addr *)(a))->i6[0] | \ + ((union i6addr *)(a))->i6[1] | \ + ((union i6addr *)(a))->i6[2] | \ + ((union i6addr *)(a))->i6[3]) != 0) #ifndef MAX #define MAX(a,b) (((a) > (b)) ? (a) : (b)) @@ -326,6 +381,21 @@ * Build some macros and #defines to enable the same code to compile anywhere * Well, that's the idea, anyway :-) */ +#if SOLARIS +typedef mblk_t mb_t; +# if SOLARIS2 >= 7 +# ifdef lint +# define ALIGN32(ptr) (ptr ? 0L : 0L) >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message