Update to ipfilter 3.3.13. This should be the last of the 3.3.x releases.

This patch fixes mostly ICMP timeout problems, as the ftp proxy changes were imported previously.
author: kjell <kjell@openbsd.org> 2000-05-01 06:16:47 +0000
committer: kjell <kjell@openbsd.org> 2000-05-01 06:16:47 +0000
commit: 246e13dd8e7265bcc22665887c3675968acc870c (patch)
tree: 9e857869ad493359543718e4b88fc2d31b1d6571
parent: Document device lookup semantics. (diff)
download: wireguard-openbsd-246e13dd8e7265bcc22665887c3675968acc870c.tar.xz
wireguard-openbsd-246e13dd8e7265bcc22665887c3675968acc870c.zip
9 files changed, 50 insertions, 39 deletions
diff --git a/sbin/ipf/HISTORY b/sbin/ipf/HISTORY
index bd61b940507..9b5a7433c31 100644
--- a/sbin/ipf/HISTORY
+++ b/sbin/ipf/HISTORY
@@ -1,4 +1,4 @@
-#	$OpenBSD: HISTORY,v 1.6 2000/04/05 05:35:28 kjell Exp $
+#	$OpenBSD: HISTORY,v 1.7 2000/05/01 06:16:48 kjell Exp $
 #
 # NOTE: Quite a few patches and suggestions come from other sources, to whom
 #       I'm greatly indebted, even if no names are mentioned.
@@ -21,6 +21,16 @@
 # and especially those who have found the time to port IP Filter to new
 # platforms.
 #
+3.3.13	26/04/2000 - Released
+
+Fix parsing of "range" with "portmap"
+
+Relax checking of ftp replies, slightly.
+
+Fix NAT timeouts for ICMP packets
+
+SunOS4 patches for ICMP redirects from Jurgen Keil (jk@tools.de)
+
 3.3.12	16/03/2000 - Released
 
 tighten up ftp proxy behaviour.  sigh.  yuck.  hate.
diff --git a/sbin/ipnat/natparse.c b/sbin/ipnat/natparse.c
index 1f9d2bfb78d..ff15cfe14e4 100644
--- a/sbin/ipnat/natparse.c
+++ b/sbin/ipnat/natparse.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: natparse.c,v 1.4 2000/03/13 23:40:19 kjell Exp $	*/
+/*	$OpenBSD: natparse.c,v 1.5 2000/05/01 06:16:48 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -55,7 +55,7 @@ extern	char	*sys_errlist[];
 
 #if !defined(lint)
 static const char sccsid[] ="@(#)ipnat.c	1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: natparse.c,v 1.2.2.1 1999/11/20 22:50:30 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: natparse.c,v 1.2.2.2 2000/03/25 00:37:37 darrenr Exp $";
 #endif
 
 
@@ -538,21 +538,21 @@ int linenum;
 			return NULL;
 		ipn.in_outmsk = n_hostmask(snetm);
 		if (!(s = strtok(NULL, " \t"))) {
-			ipn.in_flags = IPN_TCP; /* XXX- TCP only by default */
+			ipn.in_flags |= IPN_TCP; /* XXX- TCP only by default */
 			proto = "tcp";
 		} else {
 			if (!strcasecmp(s, "tcp"))
-				ipn.in_flags = IPN_TCP;
+				ipn.in_flags |= IPN_TCP;
 			else if (!strcasecmp(s, "udp"))
-				ipn.in_flags = IPN_UDP;
+				ipn.in_flags |= IPN_UDP;
 			else if (!strcasecmp(s, "tcp/udp"))
-				ipn.in_flags = IPN_TCPUDP;
+				ipn.in_flags |= IPN_TCPUDP;
 			else if (!strcasecmp(s, "tcpudp"))
-				ipn.in_flags = IPN_TCPUDP;
+				ipn.in_flags |= IPN_TCPUDP;
 			else if (!strcasecmp(s, "ip"))
-				ipn.in_flags = IPN_ANY;
+				ipn.in_flags |= IPN_ANY;
 			else {
-				ipn.in_flags = IPN_ANY;
+				ipn.in_flags |= IPN_ANY;
 				if ((pr = getprotobyname(s)))
 					ipn.in_p = pr->p_proto;
 				else
@@ -651,13 +651,13 @@ int linenum;
 	if (!(s = strtok(NULL, " \t")))
 		return NULL;
 	if (!strcasecmp(s, "tcp"))
-		ipn.in_flags = IPN_TCP;
+		ipn.in_flags |= IPN_TCP;
 	else if (!strcasecmp(s, "udp"))
-		ipn.in_flags = IPN_UDP;
+		ipn.in_flags |= IPN_UDP;
 	else if (!strcasecmp(s, "tcpudp"))
-		ipn.in_flags = IPN_TCPUDP;
+		ipn.in_flags |= IPN_TCPUDP;
 	else if (!strcasecmp(s, "tcp/udp"))
-		ipn.in_flags = IPN_TCPUDP;
+		ipn.in_flags |= IPN_TCPUDP;
 	else {
 		fprintf(stderr,
 			"%d: expected protocol name - got \"%s\"\n",
diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c
index 22d275bedf4..94f201af5dc 100644
--- a/sys/netinet/fil.c
+++ b/sys/netinet/fil.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fil.c,v 1.22 2000/03/13 23:40:17 kjell Exp $	*/
+/*	$OpenBSD: fil.c,v 1.23 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -9,7 +9,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)fil.c	1.36 6/5/96 (C) 1993-1996 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.18 2000/04/25 16:21:09 darrenr Exp $";
 #endif
 
 #include <sys/errno.h>
@@ -21,7 +21,7 @@ static const char rcsid[] = "@(#)$IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16
     defined(_KERNEL)
 # include "opt_ipfilter_log.h"
 #endif
-#if defined(KERNEL) && defined(__FreeBSD_version) && \
+#if (defined(KERNEL) || defined(_KERNEL)) && defined(__FreeBSD_version) && \
     (__FreeBSD_version >= 220000)
 # include <sys/filio.h>
 # include <sys/fcntl.h>
@@ -1191,7 +1191,7 @@ nodata:
  * SUCH DAMAGE.
  *
  *	@(#)uipc_mbuf.c	8.2 (Berkeley) 1/4/94
- * $IPFilter: fil.c,v 2.3.2.17 2000/03/03 14:51:16 darrenr Exp $
+ * $IPFilter: fil.c,v 2.3.2.18 2000/04/25 16:21:09 darrenr Exp $
  */
 /*
  * Copy data from an mbuf chain starting "off" bytes from the beginning,
diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c
index 6f4d88bf086..43e73374df0 100644
--- a/sys/netinet/ip_auth.c
+++ b/sys/netinet/ip_auth.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_auth.c,v 1.12 2000/03/13 23:40:17 kjell Exp $	*/
+/*	$OpenBSD: ip_auth.c,v 1.13 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1998 by Darren Reed & Guido van Rooij.
@@ -8,7 +8,7 @@
  * to the original author and the contributors.
  */
 #if !defined(lint)
-static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.2 2000/01/16 10:12:14 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.3 2000/04/25 16:21:12 darrenr Exp $";
 #endif
 
 #include <sys/errno.h>
@@ -21,7 +21,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.2 2000/01/16 10:12
 # include <stdlib.h>
 # include <string.h>
 #endif
-#if defined(KERNEL) && (__FreeBSD_version >= 220000)
+#if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000)
 # include <sys/filio.h>
 # include <sys/fcntl.h>
 #else
diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c
index ce1a3435d81..c13b9416216 100644
--- a/sys/netinet/ip_fil.c
+++ b/sys/netinet/ip_fil.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_fil.c,v 1.33 2000/04/05 05:35:27 kjell Exp $	*/
+/*	$OpenBSD: ip_fil.c,v 1.34 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -9,7 +9,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_fil.c	2.41 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.19 2000/03/07 14:41:39 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.20 2000/04/18 16:31:27 darrenr Exp $";
 #endif
 
 #ifndef	SOLARIS
@@ -765,12 +765,9 @@ caddr_t data;
 	}
 
 	if (!f) {
-		if (req != SIOCINAFR && req != SIOCINIFR)
-			while ((f = *ftail))
-				ftail = &f->fr_next;
-		else {
+		if (req == SIOCINAFR || req == SIOCINIFR) {
+			ftail = fprev;
 			if (fp->fr_hits) {
-				ftail = fprev;
 				while (--fp->fr_hits && (f = *ftail))
 					ftail = &f->fr_next;
 			}
diff --git a/sys/netinet/ip_fil_compat.h b/sys/netinet/ip_fil_compat.h
index a23220edb29..e823666e1a6 100644
--- a/sys/netinet/ip_fil_compat.h
+++ b/sys/netinet/ip_fil_compat.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_fil_compat.h,v 1.15 2000/04/05 05:35:27 kjell Exp $	*/
+/*	$OpenBSD: ip_fil_compat.h,v 1.16 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -8,7 +8,7 @@
  * to the original author and the contributors.
  *
  * @(#)ip_compat.h	1.8 1/14/96
- * $IPFilter: ip_compat.h,v 2.1.2.5 2000/02/15 08:02:43 darrenr Exp $
+ * $IPFilter: ip_compat.h,v 2.1.2.6 2000/04/25 16:21:11 darrenr Exp $
  */
 
 #ifndef	__IP_COMPAT_H__
@@ -210,7 +210,7 @@ typedef unsigned long   u_32_t;
 #define	IPOPT_FINN	205	/* FINN */
 
 
-#if defined(__FreeBSD__) && defined(KERNEL)
+#if defined(__FreeBSD__) && (defined(KERNEL) || defined(_KERNEL))
 # if __FreeBSD__ < 3
 #  include <machine/spl.h>
 # endif
diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c
index d0237d43c49..b27953a2f7f 100644
--- a/sys/netinet/ip_nat.c
+++ b/sys/netinet/ip_nat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_nat.c,v 1.29 2000/04/05 05:35:27 kjell Exp $	*/
+/*	$OpenBSD: ip_nat.c,v 1.30 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
@@ -11,7 +11,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_nat.c	1.11 6/5/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.2.2.13 2000/03/08 14:17:26 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.2.2.15 2000/04/25 16:21:13 darrenr Exp $";
 #endif
 
 #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
@@ -32,7 +32,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_nat.c,v 2.2.2.13 2000/03/08 14:17
 # include <string.h>
 # include <stdlib.h>
 #endif
-#if defined(KERNEL) && (__FreeBSD_version >= 220000)
+#if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000)
 # include <sys/filio.h>
 # include <sys/fcntl.h>
 #else
@@ -1458,6 +1458,8 @@ maskloop:
 
 				if (udp->uh_sum)
 					csump = &udp->uh_sum;
+			} else if (ip->ip_p == IPPROTO_ICMP) {
+				nat->nat_age = fr_defnaticmpage;
 			}
 			if (csump) {
 				if (nat->nat_dir == NAT_OUTBOUND)
@@ -1638,6 +1640,8 @@ maskloop:
 
 				if (udp->uh_sum)
 					csump = &udp->uh_sum;
+			} else if (ip->ip_p == IPPROTO_ICMP) {
+				nat->nat_age = fr_defnaticmpage;
 			}
 			if (csump) {
 				if (nat->nat_dir == NAT_OUTBOUND)
diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c
index d9ca888d4e2..849ec516837 100644
--- a/sys/netinet/ip_state.c
+++ b/sys/netinet/ip_state.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_state.c,v 1.20 2000/03/13 23:40:18 kjell Exp $	*/
+/*	$OpenBSD: ip_state.c,v 1.21 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
@@ -9,7 +9,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_state.c	1.8 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.22 2000/02/23 15:23:24 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.23 2000/04/25 16:21:16 darrenr Exp $";
 #endif
 
 #include <sys/errno.h>
@@ -30,7 +30,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.22 2000/02/23 15:
 #  include <linux/module.h>
 # endif
 #endif
-#if defined(KERNEL) && (__FreeBSD_version >= 220000)
+#if (defined(KERNEL) || defined(_KERNEL)) && (__FreeBSD_version >= 220000)
 # include <sys/filio.h>
 # include <sys/fcntl.h>
 # if (__FreeBSD_version >= 300000) && !defined(IPFILTER_LKM)
diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h
index 51ff1be4026..4cd719e11d5 100644
--- a/sys/netinet/ipl.h
+++ b/sys/netinet/ipl.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipl.h,v 1.8 2000/04/12 21:46:42 kjell Exp $	*/
+/*	$OpenBSD: ipl.h,v 1.9 2000/05/01 06:16:47 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1999 by Darren Reed.
@@ -13,6 +13,6 @@
 #ifndef	__IPL_H__
 #define	__IPL_H__
 
-#define	IPL_VERSION	"IP Filter: v3.3.12a"
+#define	IPL_VERSION	"IP Filter: v3.3.13"
 
 #endif
author	kjell <kjell@openbsd.org>	2000-05-01 06:16:47 +0000
committer	kjell <kjell@openbsd.org>	2000-05-01 06:16:47 +0000
commit	246e13dd8e7265bcc22665887c3675968acc870c (patch)
tree	9e857869ad493359543718e4b88fc2d31b1d6571
parent	Document device lookup semantics. (diff)
download	wireguard-openbsd-246e13dd8e7265bcc22665887c3675968acc870c.tar.xz wireguard-openbsd-246e13dd8e7265bcc22665887c3675968acc870c.zip