Import IPFilter 3.3.9. Primarily, bugfixes since 3.3.8. See sbin/ipf/HISTORY

for details.
author: kjell <kjell@openbsd.org> 2000-02-16 22:34:17 +0000
committer: kjell <kjell@openbsd.org> 2000-02-16 22:34:17 +0000
commit: ef519b1788656b957e900900e2e1d951f7907513 (patch)
tree: 00ed7be82bfce8acd001ba5baa2d91c99308c4c8 /sys
parent: ./usr/sbin/smrsh -> ./usr/libexec/smrsh (diff)
download: wireguard-openbsd-ef519b1788656b957e900900e2e1d951f7907513.tar.xz
wireguard-openbsd-ef519b1788656b957e900900e2e1d951f7907513.zip
19 files changed, 68 insertions, 40 deletions
diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c
index a51f2b0c4bc..1f47b6b0447 100644
--- a/sys/netinet/fil.c
+++ b/sys/netinet/fil.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fil.c,v 1.20 2000/02/01 19:29:57 kjell Exp $	*/
+/*	$OpenBSD: fil.c,v 1.21 2000/02/16 22:34:17 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c
index bca4a7a5da6..c67dcbfda32 100644
--- a/sys/netinet/ip_auth.c
+++ b/sys/netinet/ip_auth.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_auth.c,v 1.10 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_auth.c,v 1.11 2000/02/16 22:34:17 kjell Exp $	*/
 
 /*
  * Copyright (C) 1998 by Darren Reed & Guido van Rooij.
diff --git a/sys/netinet/ip_auth.h b/sys/netinet/ip_auth.h
index 2e6492ea84a..063158f844c 100644
--- a/sys/netinet/ip_auth.h
+++ b/sys/netinet/ip_auth.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_auth.h,v 1.5 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_auth.h,v 1.6 2000/02/16 22:34:18 kjell Exp $	*/
 
 /*
  * Copyright (C) 1997-1998 by Darren Reed & Guido Van Rooij.
diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c
index 681c9475688..5da34fba722 100644
--- a/sys/netinet/ip_fil.c
+++ b/sys/netinet/ip_fil.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_fil.c,v 1.29 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_fil.c,v 1.30 2000/02/16 22:34:18 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -9,7 +9,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_fil.c	2.41 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.16 2000/01/16 10:12:42 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_fil.c,v 2.4.2.17 2000/02/10 01:47:28 darrenr Exp $";
 #endif
 
 #ifndef	SOLARIS
@@ -164,11 +164,7 @@ static int	write_output __P((struct ifnet *, struct mbuf *,
 				  struct sockaddr *, struct rtentry *));
 # endif
 #endif
-#if defined(IPFILTER_LKM)
-int	fr_running = 1;
-#else
 int	fr_running = 0;
-#endif
 
 #if (__FreeBSD_version >= 300000) && defined(_KERNEL)
 struct callout_handle ipfr_slowtimer_ch;
@@ -267,6 +263,7 @@ int iplattach()
 	bzero((char *)frcache, sizeof(frcache));
 	fr_savep = fr_checkp;
 	fr_checkp = fr_check;
+	fr_running = 1;
 
 	SPL_X(s);
 	if (fr_pass & FR_PASS)
@@ -291,7 +288,6 @@ int iplattach()
 	timeout(ipfr_slowtimer, NULL, hz/2);
 # endif
 #endif
-	fr_running = 1;
 	return 0;
 }
 
diff --git a/sys/netinet/ip_fil.h b/sys/netinet/ip_fil.h
index 45f16bd5c04..55067f8682a 100644
--- a/sys/netinet/ip_fil.h
+++ b/sys/netinet/ip_fil.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_fil.h,v 1.15 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_fil.h,v 1.16 2000/02/16 22:34:18 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
diff --git a/sys/netinet/ip_fil_compat.h b/sys/netinet/ip_fil_compat.h
index 49a53893719..43532222c01 100644
--- a/sys/netinet/ip_fil_compat.h
+++ b/sys/netinet/ip_fil_compat.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_fil_compat.h,v 1.12 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_fil_compat.h,v 1.13 2000/02/16 22:34:18 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
@@ -8,7 +8,7 @@
  * to the original author and the contributors.
  *
  * @(#)ip_compat.h	1.8 1/14/96
- * $IPFilter: ip_compat.h,v 2.1.2.3 1999/11/18 13:55:26 darrenr Exp $
+ * $IPFilter: ip_compat.h,v 2.1.2.5 2000/02/15 08:02:43 darrenr Exp $
  */
 
 #ifndef	__IP_COMPAT_H__
@@ -92,19 +92,25 @@ struct  ether_addr {
 # ifndef	KERNEL
 #  define	_KERNEL
 #  undef	RES_INIT
+#  if SOLARIS2 >= 8
+#   include <netinet/ip6.h>
+#  endif
 #  include <inet/common.h>
 #  include <inet/ip.h>
 #  include <inet/ip_ire.h>
 #  undef	_KERNEL
 # else /* _KERNEL */
+#  if SOLARIS2 >= 8
+#   include <netinet/ip6.h>
+#  endif
 #  include <inet/common.h>
 #  include <inet/ip.h>
 #  include <inet/ip_ire.h>
 # endif /* _KERNEL */
 # if SOLARIS2 >= 8
-#  include <netinet/ip6.h>
-#  include <inet/ip6.h>
-#  define	ipif_local_addr	ipif_lcl_addr
+#  define	ipif_local_addr		ipif_lcl_addr
+/* Only defined in private include file */
+#  define	V4_PART_OF_V6(v6)	v6.s6_addr32[3]
 # endif
 #else
 # if !defined(__sgi)
@@ -287,6 +293,7 @@ typedef	struct	qif	{
 } qif_t;
 extern	ill_t	*get_unit __P((char *));
 #  define	GETUNIT(n)	get_unit((n))
+#  define	IFNAME(x)	((ill_t *)x)->ill_name
 # else /* SOLARIS */
 #  if defined(__sgi)
 #   define  hz HZ
@@ -333,10 +340,17 @@ typedef struct {
 #  if !SOLARIS
 #   include	<sys/kmem_alloc.h>
 #   define	GETUNIT(n)	ifunit((n), IFNAMSIZ)
+#   define	IFNAME(x)	((struct ifnet *)x)->if_name
 #  endif
 # else
 #  ifndef	linux
 #   define	GETUNIT(n)	ifunit((n))
+#   if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
+	(defined(OpenBSD) && (OpenBSD >= 199603))
+#    define	IFNAME(x)	((struct ifnet *)x)->if_xname
+#   else
+#    define	IFNAME(x)	((struct ifnet *)x)->if_name
+#   endif
 #  endif
 # endif /* sun */
 
diff --git a/sys/netinet/ip_frag.c b/sys/netinet/ip_frag.c
index 8c376473ec7..7ee09e1beb7 100644
--- a/sys/netinet/ip_frag.c
+++ b/sys/netinet/ip_frag.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_frag.c,v 1.15 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_frag.c,v 1.16 2000/02/16 22:34:18 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
diff --git a/sys/netinet/ip_frag.h b/sys/netinet/ip_frag.h
index 730abffbd67..a171169d445 100644
--- a/sys/netinet/ip_frag.h
+++ b/sys/netinet/ip_frag.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_frag.h,v 1.10 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_frag.h,v 1.11 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1998 by Darren Reed.
diff --git a/sys/netinet/ip_ftp_pxy.c b/sys/netinet/ip_ftp_pxy.c
index bdb1e5e381e..4e2f1095f2b 100644
--- a/sys/netinet/ip_ftp_pxy.c
+++ b/sys/netinet/ip_ftp_pxy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ftp_pxy.c,v 1.6 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_ftp_pxy.c,v 1.7 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Simple FTP transparent proxy for in-kernel use.  For use with the NAT
diff --git a/sys/netinet/ip_log.c b/sys/netinet/ip_log.c
index d458053c0a0..092e4ac71f4 100644
--- a/sys/netinet/ip_log.c
+++ b/sys/netinet/ip_log.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_log.c,v 1.6 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_log.c,v 1.7 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Copyright (C) 1997-1998 by Darren Reed.
diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c
index 34f9d120ff8..db49eebd90e 100644
--- a/sys/netinet/ip_nat.c
+++ b/sys/netinet/ip_nat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_nat.c,v 1.26 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_nat.c,v 1.27 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
diff --git a/sys/netinet/ip_nat.h b/sys/netinet/ip_nat.h
index 1e87fba23fe..162938b9d22 100644
--- a/sys/netinet/ip_nat.h
+++ b/sys/netinet/ip_nat.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_nat.h,v 1.14 2000/02/01 19:29:58 kjell Exp $	*/
+/*	$OpenBSD: ip_nat.h,v 1.15 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
diff --git a/sys/netinet/ip_proxy.c b/sys/netinet/ip_proxy.c
index 49adee8d3e5..070c223a33f 100644
--- a/sys/netinet/ip_proxy.c
+++ b/sys/netinet/ip_proxy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_proxy.c,v 1.6 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ip_proxy.c,v 1.7 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Copyright (C) 1997-1998 by Darren Reed.
diff --git a/sys/netinet/ip_proxy.h b/sys/netinet/ip_proxy.h
index 330d84a1cb3..ef5ac5a09cc 100644
--- a/sys/netinet/ip_proxy.h
+++ b/sys/netinet/ip_proxy.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_proxy.h,v 1.5 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ip_proxy.h,v 1.6 2000/02/16 22:34:19 kjell Exp $	*/
 
 /*
  * Copyright (C) 1997-1998 by Darren Reed.
diff --git a/sys/netinet/ip_raudio_pxy.c b/sys/netinet/ip_raudio_pxy.c
index 0c84298e392..89fe6da5cc3 100644
--- a/sys/netinet/ip_raudio_pxy.c
+++ b/sys/netinet/ip_raudio_pxy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_raudio_pxy.c,v 1.4 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ip_raudio_pxy.c,v 1.5 2000/02/16 22:34:20 kjell Exp $	*/
 
 #if SOLARIS && defined(_KERNEL)
 extern	kmutex_t	ipf_rw;
diff --git a/sys/netinet/ip_rcmd_pxy.c b/sys/netinet/ip_rcmd_pxy.c
index 7f9cd27b53b..4213182acbd 100644
--- a/sys/netinet/ip_rcmd_pxy.c
+++ b/sys/netinet/ip_rcmd_pxy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_rcmd_pxy.c,v 1.2 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ip_rcmd_pxy.c,v 1.3 2000/02/16 22:34:20 kjell Exp $	*/
 
 /*
  * Simple RCMD transparent proxy for in-kernel use.  For use with the NAT
diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c
index d307114c092..bac0de93130 100644
--- a/sys/netinet/ip_state.c
+++ b/sys/netinet/ip_state.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_state.c,v 1.18 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ip_state.c,v 1.19 2000/02/16 22:34:20 kjell Exp $	*/
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
@@ -9,7 +9,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_state.c	1.8 6/5/96 (C) 1993-1995 Darren Reed";
-static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.18 2000/01/27 08:51:30 darrenr Exp $";
+static const char rcsid[] = "@(#)$IPFilter: ip_state.c,v 2.3.2.21 2000/02/15 08:04:01 darrenr Exp $";
 #endif
 
 #include <sys/errno.h>
@@ -372,14 +372,12 @@ u_int flags;
 	}
 	bcopy((char *)&ips, (char *)is, sizeof(*is));
 	hv %= fr_statesize;
-	RW_UPGRADE(&ipf_mutex);
 	is->is_rule = fin->fin_fr;
 	if (is->is_rule != NULL) {
-		is->is_rule->fr_ref++;
+		ATOMIC_INC(is->is_rule->fr_ref);
 		pass = is->is_rule->fr_flags;
 	} else
 		pass = fr_flags;
-	MUTEX_DOWNGRADE(&ipf_mutex);
 	WRITE_ENTER(&ipf_state);
 
 	is->is_rout = pass & FR_OUTQUE ? 1 : 0;
@@ -400,6 +398,10 @@ u_int flags;
 	is->is_flags = fin->fin_fi.fi_fl & FI_CMP;
 	is->is_flags |= FI_CMP << 4;
 	is->is_flags |= flags & (FI_W_DPORT|FI_W_SPORT);
+#ifdef  _KERNEL
+	strncpy(is->is_ifname[fin->fin_out], IFNAME(fin->fin_ifp), IFNAMSIZ);
+#endif
+	is->is_ifname[1 - fin->fin_out][0] = '\0';
 	/*
 	 * add into table.
 	 */
@@ -653,6 +655,12 @@ tcphdr_t *tcp;
 				is->is_ifpout = ifp;
 		}
 	}
+#ifdef  _KERNEL
+	if (ret >= 0) {
+		strncpy(is->is_ifname[out], IFNAME(fin->fin_ifp),
+			sizeof(is->is_ifname[1]));
+	}
+#endif
 	return 1;
 }
 
@@ -902,7 +910,6 @@ retry_tcp:
 						isp = &ips_table[hvm];
 						if (ips_table[hvm] == NULL)
 							ips_stats.iss_inuse--;
-						fr_delstate(is);
 						ips_num--;
 					}
 #endif
@@ -965,6 +972,10 @@ retry_udp:
 	fr = is->is_rule;
 	fin->fin_fr = fr;
 	pass = is->is_pass;
+#ifndef	_KERNEL
+	if (tcp->th_flags & TCP_CLOSE)
+		fr_delstate(is);
+#endif
 	RWLOCK_EXIT(&ipf_state);
 	if (fin->fin_fi.fi_fl & FI_FRAG)
 		ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
@@ -1194,10 +1205,16 @@ void *ifp;
 	WRITE_ENTER(&ipf_state);
 	for (i = fr_statesize - 1; i >= 0; i--)
 		for (is = ips_table[i]; is != NULL; is = is->is_next) {
-			if (is->is_ifpin == ifp)
-				is->is_ifpin = NULL;
-			if (is->is_ifpout == ifp)
-				is->is_ifpout = NULL;
+			if (is->is_ifpin == ifp) {
+				is->is_ifpin = GETUNIT(is->is_ifname[0]);
+				if (!is->is_ifpin)
+					is->is_ifpin = (void *)-1;
+			}
+			if (is->is_ifpout == ifp) {
+				is->is_ifpout = GETUNIT(is->is_ifname[1]);
+				if (!is->is_ifpout)
+					is->is_ifpout = (void *)-1;
+			}
 		}
 	RWLOCK_EXIT(&ipf_state);
 }
diff --git a/sys/netinet/ip_state.h b/sys/netinet/ip_state.h
index 7033b9344ab..bc7a7b3a309 100644
--- a/sys/netinet/ip_state.h
+++ b/sys/netinet/ip_state.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_state.h,v 1.11 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ip_state.h,v 1.12 2000/02/16 22:34:20 kjell Exp $	*/
 
 /*
  * Copyright (C) 1995-1998 by Darren Reed.
@@ -8,7 +8,7 @@
  * to the original author and the contributors.
  *
  * @(#)ip_state.h	1.3 1/12/96 (C) 1995 Darren Reed
- * $IPFilter: ip_state.h,v 2.1.2.2 2000/01/24 13:13:52 darrenr Exp $
+ * $IPFilter: ip_state.h,v 2.1.2.3 2000/02/15 08:04:03 darrenr Exp $
  */
 #ifndef	__IP_STATE_H__
 #define	__IP_STATE_H__
@@ -71,6 +71,7 @@ typedef struct ipstate {
 		tcpstate_t	is_ts;
 		udpstate_t	is_us;
 	} is_ps;
+	char	is_ifname[2][IFNAMSIZ];
 } ipstate_t;
 
 #define	is_icmp	is_ps.is_ics
diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h
index 8c19f3df9b4..275cd924977 100644
--- a/sys/netinet/ipl.h
+++ b/sys/netinet/ipl.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipl.h,v 1.4 2000/02/01 19:29:59 kjell Exp $	*/
+/*	$OpenBSD: ipl.h,v 1.5 2000/02/16 22:34:20 kjell Exp $	*/
 
 /*
  * Copyright (C) 1993-1999 by Darren Reed.
@@ -13,6 +13,6 @@
 #ifndef	__IPL_H__
 #define	__IPL_H__
 
-#define	IPL_VERSION	"IP Filter: v3.3.8"
+#define	IPL_VERSION	"IP Filter: v3.3.9"
 
 #endif
author	kjell <kjell@openbsd.org>	2000-02-16 22:34:17 +0000
committer	kjell <kjell@openbsd.org>	2000-02-16 22:34:17 +0000
commit	ef519b1788656b957e900900e2e1d951f7907513 (patch)
tree	00ed7be82bfce8acd001ba5baa2d91c99308c4c8 /sys
parent	./usr/sbin/smrsh -> ./usr/libexec/smrsh (diff)
download	wireguard-openbsd-ef519b1788656b957e900900e2e1d951f7907513.tar.xz wireguard-openbsd-ef519b1788656b957e900900e2e1d951f7907513.zip