Index: HISTORY =================================================================== RCS file: /devel/CVS/IP-Filter/HISTORY,v retrieving revision 2.0.2.47.2.5 retrieving revision 2.0.2.47.2.6 diff -c -r2.0.2.47.2.5 -r2.0.2.47.2.6 *** 2.0.2.47.2.5 1997/11/28 07:28:13 --- 2.0.2.47.2.6 1997/12/10 09:56:32 *************** *** 5,10 **** --- 5,21 ---- # Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the # loan of a machine to work on a Solaris 2.x port of this software. # + 3.2.3 10/11/97 - Released + + fix some iplang bugs + + fix tcp checksum data overrun, sgi #define changes, + avoid infinite loop when nat'ing to single IP# - Marc Boucher + + fixup DEVFS usage for FreeBSD + + fix sunos5 "make clean" cleaning up too much + 3.2.2 28/11/97 - Released change packet matching to return actual error, if bad packet, to facilitate Index: IMPORTANT =================================================================== RCS file: /devel/CVS/IP-Filter/IMPORTANT,v retrieving revision 2.0.2.1 retrieving revision 2.0.2.1.2.1 diff -c -r2.0.2.1 -r2.0.2.1.2.1 *** 2.0.2.1 1997/01/12 08:45:59 --- 2.0.2.1.2.1 1997/12/10 09:10:08 *************** *** 36,41 **** --- 36,46 ---- subsequently been fixed. + 3) + + If you have BOTH GNU make and the normal make shipped with your system, + DO NOT use the GNU make to build this package. + Darren darrenr@cyber.com.au **************************************** Index: fil.c =================================================================== RCS file: /devel/CVS/IP-Filter/fil.c,v retrieving revision 2.0.2.41.2.8 retrieving revision 2.0.2.41.2.9 diff -c -r2.0.2.41.2.8 -r2.0.2.41.2.9 *** 2.0.2.41.2.8 1997/11/24 10:02:00 --- 2.0.2.41.2.9 1997/12/02 13:56:06 *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.8 1997/11/24 10:02:00 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 darrenr Exp $"; #endif #include *************** *** 938,943 **** --- 938,944 ---- */ bytes.c[0] = 0; bytes.c[1] = IPPROTO_TCP; + len -= (ip->ip_hl << 2); sum = bytes.s; sum += htons((u_short)len); sp = (u_short *)&ip->ip_src; *************** *** 1072,1078 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.0.2.41.2.8 1997/11/24 10:02:00 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 1073,1079 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, Index: ip_compat.h =================================================================== RCS file: /devel/CVS/IP-Filter/ip_compat.h,v retrieving revision 2.0.2.31.2.7 retrieving revision 2.0.2.31.2.8 diff -c -r2.0.2.31.2.7 -r2.0.2.31.2.8 *** 2.0.2.31.2.7 1997/11/27 09:33:09 --- 2.0.2.31.2.8 1997/12/02 13:42:52 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.0.2.31.2.7 1997/11/27 09:33:09 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.0.2.31.2.8 1997/12/02 13:42:52 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ *************** *** 50,69 **** }; #endif ! #ifdef __sgi ! # ifdef IPFILTER_LKM ! # define IPL_PRFX ipl ! # define IPL_EXTERN(ep) ipl/**/ep # else - # define IPL_PRFX ipfilter # define IPL_EXTERN(ep) ipfilter/**/ep # endif #else # ifdef __STDC__ - # define IPL_PRFX ipl # define IPL_EXTERN(ep) ipl##ep # else - # define IPL_PRFX ipl # define IPL_EXTERN(ep) ipl/**/ep # endif #endif --- 50,65 ---- }; #endif ! #if defined(__sgi) && !defined(IPFILTER_LKM) ! # ifdef __STDC__ ! # define IPL_EXTERN(ep) ipfilter##ep # else # define IPL_EXTERN(ep) ipfilter/**/ep # endif #else # ifdef __STDC__ # define IPL_EXTERN(ep) ipl##ep # else # define IPL_EXTERN(ep) ipl/**/ep # endif #endif Index: ip_fil.h =================================================================== RCS file: /devel/CVS/IP-Filter/ip_fil.h,v retrieving revision 2.0.2.39.2.9 retrieving revision 2.0.2.39.2.10 diff -c -r2.0.2.39.2.9 -r2.0.2.39.2.10 *** 2.0.2.39.2.9 1997/11/24 10:02:03 --- 2.0.2.39.2.10 1997/12/03 10:02:30 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_fil.h,v 2.0.2.39.2.9 1997/11/24 10:02:03 darrenr Exp $ */ #ifndef __IP_FIL_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_fil.h 1.35 6/5/96 ! * $Id: ip_fil.h,v 2.0.2.39.2.10 1997/12/03 10:02:30 darrenr Exp $ */ #ifndef __IP_FIL_H__ *************** *** 94,103 **** u_short fi_auth; } fr_ip_t; ! #define FI_OPTIONS 0x01 ! #define FI_TCPUDP 0x02 /* TCP/UCP implied comparison involved */ ! #define FI_FRAG 0x04 ! #define FI_SHORT 0x08 typedef struct fr_info { struct fr_ip fin_fi; --- 94,103 ---- u_short fi_auth; } fr_ip_t; ! #define FI_OPTIONS (FF_OPTIONS >> 24) ! #define FI_TCPUDP (FF_TCPUDP >> 24) /* TCP/UCP implied comparison*/ ! #define FI_FRAG (FF_FRAG >> 24) ! #define FI_SHORT (FF_SHORT >> 24) typedef struct fr_info { struct fr_ip fin_fi; Index: ip_lfil.c =================================================================== RCS file: /devel/CVS/IP-Filter/ip_lfil.c,v retrieving revision 2.0.2.1.2.4 retrieving revision 2.0.2.1.2.5 diff -c -r2.0.2.1.2.4 -r2.0.2.1.2.5 *** 2.0.2.1.2.4 1997/11/24 10:02:05 --- 2.0.2.1.2.5 1997/12/02 13:55:57 *************** *** 6,12 **** * to the original author and the contributors. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.0.2.1.2.4 1997/11/24 10:02:05 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) --- 6,12 ---- * to the original author and the contributors. */ #if !defined(lint) ! static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.0.2.1.2.5 1997/12/02 13:55:57 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) *************** *** 587,593 **** struct tcpiphdr *ti; struct ifnet *ifp; { - tcpiphdr_t *tp; tcphdr_t *tcp; int tlen = 0; ip_t *ip; --- 587,592 ---- *************** *** 605,628 **** m->dev = ifp; m->csum = 0; ! tp = ip = mtod(m, ip_t *); m->h.iph = ip; m->ip_hdr = NULL; m->m_len = sizeof(tcpiphdr_t); tcp = (tcphdr_t *)((char *)ip + sizeof(ip_t)); bzero((char *)ip, sizeof(tcpiphdr_t)); - tp->ti_src.s_addr = ti->ti_dst.s_addr; - tp->ti_dst.s_addr = ti->ti_src.s_addr; - tcp->th_dport = ti->ti_sport; - tcp->th_sport = ti->ti_dport; - tcp->th_ack = htonl(ntohl(ti->ti_seq) + tlen); - tcp->th_off = sizeof(tcphdr_t) >> 2; - tcp->th_flags = TH_RST|TH_ACK; - tp->ti_pr = ((ip_t *)ti)->ip_p; - tp->ti_len = htons(sizeof(tcphdr_t)); - tcp->th_sum = fr_tcpsum(m, ip, tcp, sizeof(tcpiphdr_t)); - ip->ip_v = IPVERSION; ip->ip_hl = sizeof(ip_t) >> 2; ip->ip_tos = ((ip_t *)ti)->ip_tos; --- 604,616 ---- m->dev = ifp; m->csum = 0; ! ip = mtod(m, ip_t *); m->h.iph = ip; m->ip_hdr = NULL; m->m_len = sizeof(tcpiphdr_t); tcp = (tcphdr_t *)((char *)ip + sizeof(ip_t)); bzero((char *)ip, sizeof(tcpiphdr_t)); ip->ip_v = IPVERSION; ip->ip_hl = sizeof(ip_t) >> 2; ip->ip_tos = ((ip_t *)ti)->ip_tos; *************** *** 630,637 **** --- 618,634 ---- ip->ip_id = ((ip_t *)ti)->ip_id; ip->ip_len = htons(sizeof(tcpiphdr_t)); ip->ip_ttl = 127; + ip->ip_src.s_addr = ti->ti_dst.s_addr; + ip->ip_dst.s_addr = ti->ti_src.s_addr; + tcp->th_dport = ti->ti_sport; + tcp->th_sport = ti->ti_dport; + tcp->th_ack = htonl(ntohl(ti->ti_seq) + tlen); + tcp->th_off = sizeof(tcphdr_t) >> 2; + tcp->th_flags = TH_RST|TH_ACK; + ip->ip_sum = 0; ip->ip_sum = ipf_cksum((u_short *)ip, sizeof(ip_t)); + tcp->th_sum = fr_tcpsum(m, ip, tcp, sizeof(tcpiphdr_t)); return ip_forward(m, NULL, IPFWD_NOTTLDEC, ip->ip_dst.s_addr); } Index: ip_nat.c =================================================================== RCS file: /devel/CVS/IP-Filter/ip_nat.c,v retrieving revision 2.0.2.44.2.6 retrieving revision 2.0.2.44.2.7 diff -c -r2.0.2.44.2.6 -r2.0.2.44.2.7 *** 2.0.2.44.2.6 1997/11/24 11:35:13 --- 2.0.2.44.2.7 1997/12/02 13:54:27 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.6 1997/11/24 11:35:13 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.7 1997/12/02 13:54:27 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 521,527 **** u_short flags; int direction; { ! register u_long sum1, sum2, sumd; u_short port = 0, sport = 0, dport = 0, nport = 0; struct in_addr in; tcphdr_t *tcp = NULL; --- 521,527 ---- u_short flags; int direction; { ! register u_long sum1, sum2, sumd, l; u_short port = 0, sport = 0, dport = 0, nport = 0; struct in_addr in; tcphdr_t *tcp = NULL; *************** *** 551,563 **** * If it's an outbound packet which doesn't match any existing * record, then create a new port */ do { port = 0; in.s_addr = np->in_nip; if (!in.s_addr && (np->in_outmsk == 0xffffffff)) { ! if (nat_ifpaddr(nat, fin->fin_ifp, &in) == -1) return NULL; } else if (!in.s_addr && !np->in_outmsk) { in.s_addr = ntohl(ip->ip_src.s_addr); if (nflags & IPN_TCPUDP) port = sport; --- 551,572 ---- * If it's an outbound packet which doesn't match any existing * record, then create a new port */ + l = 0; do { + l++; port = 0; in.s_addr = np->in_nip; if (!in.s_addr && (np->in_outmsk == 0xffffffff)) { ! if ((l > 1) || ! nat_ifpaddr(nat, fin->fin_ifp, &in) == -1) { ! KFREE(nat); return NULL; + } } else if (!in.s_addr && !np->in_outmsk) { + if (l > 1) { + KFREE(nat); + return NULL; + } in.s_addr = ntohl(ip->ip_src.s_addr); if (nflags & IPN_TCPUDP) port = sport; Index: ip_sfil.c =================================================================== RCS file: /devel/CVS/IP-Filter/ip_sfil.c,v retrieving revision 2.0.2.25.2.4 retrieving revision 2.0.2.25.2.5 diff -c -r2.0.2.25.2.4 -r2.0.2.25.2.5 *** 2.0.2.25.2.4 1997/11/24 10:02:07 --- 2.0.2.25.2.5 1997/12/02 13:55:39 *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.0.2.25.2.4 1997/11/24 10:02:07 darrenr Exp $"; #endif #include --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_sfil.c,v 2.0.2.25.2.5 1997/12/02 13:55:39 darrenr Exp $"; #endif #include *************** *** 250,256 **** case SIOCIPFFL : if (!(mode & FWRITE)) return EPERM; ! IWCOPY((caddr_t)data, (caddr_t)&tmp, sizeof(tmp)); mutex_enter(&ipf_mutex); frflush(unit, &tmp); mutex_exit(&ipf_mutex); --- 250,256 ---- case SIOCIPFFL : if (!(mode & FWRITE)) return EPERM; ! IRCOPY((caddr_t)data, (caddr_t)&tmp, sizeof(tmp)); mutex_enter(&ipf_mutex); frflush(unit, &tmp); mutex_exit(&ipf_mutex); Index: ipl.h =================================================================== RCS file: /devel/CVS/IP-Filter/ipl.h,v retrieving revision 2.0.2.23.2.2 retrieving revision 2.0.2.23.2.3 diff -c -r2.0.2.23.2.2 -r2.0.2.23.2.3 *** 2.0.2.23.2.2 1997/11/28 07:28:22 --- 2.0.2.23.2.3 1997/12/10 09:56:34 *************** *** 11,16 **** #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter v3.2.2" #endif --- 11,16 ---- #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter v3.2.3" #endif Index: mlf_ipl.c =================================================================== RCS file: /devel/CVS/IP-Filter/mlf_ipl.c,v retrieving revision 2.0.2.10 retrieving revision 2.0.2.10.2.1 diff -c -r2.0.2.10 -r2.0.2.10.2.1 *** 2.0.2.10 1997/10/23 14:54:41 --- 2.0.2.10.2.1 1997/12/10 09:10:39 *************** *** 135,140 **** --- 135,144 ---- &fr_defaultauthage, 0, ""); #endif + #ifdef DEVFS + void *ipf_devfs[IPL_LOGMAX + 1]; + #endif + #if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000) int ipl_major = 0; *************** *** 156,161 **** --- 160,166 ---- static int iplaction __P((struct lkm_table *, int)); + static void ipl_drvinit __P((void *)); static int iplaction(lkmtp, cmd) *************** *** 188,200 **** args->lkm_offset = i; /* slot in cdevsw[] */ #endif printf("IP Filter: loaded into slot %d\n", ipl_major); ! return if_ipl_load(lkmtp, cmd); break; case LKM_E_UNLOAD : err = if_ipl_unload(lkmtp, cmd); ! if (!err) printf("IP Filter: unloaded from slot %d\n", ipl_major); return err; case LKM_E_STAT : break; --- 193,219 ---- args->lkm_offset = i; /* slot in cdevsw[] */ #endif printf("IP Filter: loaded into slot %d\n", ipl_major); ! err = if_ipl_load(lkmtp, cmd); ! if (!err) ! ipl_drvinit((void *)NULL); ! return err; break; case LKM_E_UNLOAD : err = if_ipl_unload(lkmtp, cmd); ! if (!err) { printf("IP Filter: unloaded from slot %d\n", ipl_major); + # ifdef DEVFS + if (ipf_devfs[IPL_LOGIPF]) + devfs_remove_dev(ipf_devfs[IPL_LOGIPF]); + if (ipf_devfs[IPL_LOGNAT]) + devfs_remove_dev(ipf_devfs[IPL_LOGNAT]); + if (ipf_devfs[IPL_LOGSTATE]) + devfs_remove_dev(ipf_devfs[IPL_LOGSTATE]); + if (ipf_devfs[IPL_LOGAUTH]) + devfs_remove_dev(ipf_devfs[IPL_LOGAUTH]); + # endif + } return err; case LKM_E_STAT : break; *************** *** 326,367 **** { DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction); } ! # else ! ! #ifdef DEVFS ! static void *ipf_devfs_token[IPL_LOGMAX + 1]; ! #endif static ipl_devsw_installed = 0; static void ipl_drvinit __P((void *unused)) { dev_t dev; ! #ifdef DEVFS ! void **tp = ipf_devfs_token; ! #endif if (!ipl_devsw_installed ) { dev = makedev(CDEV_MAJOR, 0); cdevsw_add(&dev, &ipl_cdevsw, NULL); ipl_devsw_installed = 1; ! #ifdef DEVFS tp[IPL_LOGIPF] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGIPF, ! DV_CHR, 0, 0, 0600, ! "ipf", IPL_LOGIPF); tp[IPL_LOGNAT] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGNAT, ! DV_CHR, 0, 0, 0600, ! "ipnat", IPL_LOGNAT); tp[IPL_LOGSTATE] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGSTATE, DV_CHR, 0, 0, 0600, ! "ipstate", IPL_LOGSTATE); tp[IPL_LOGAUTH] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGAUTH, ! DV_CHR, 0, 0, 0600, ! "ipstate", IPL_LOGAUTH); ! #endif } } SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL) # endif /* IPFILTER_LKM */ #endif /* _FreeBSD_version */ --- 345,381 ---- { DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction); } ! # endif static ipl_devsw_installed = 0; static void ipl_drvinit __P((void *unused)) { dev_t dev; ! # ifdef DEVFS ! void **tp = ipf_devfs; ! # endif if (!ipl_devsw_installed ) { dev = makedev(CDEV_MAJOR, 0); cdevsw_add(&dev, &ipl_cdevsw, NULL); ipl_devsw_installed = 1; ! # ifdef DEVFS tp[IPL_LOGIPF] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGIPF, ! DV_CHR, 0, 0, 0600, "ipf"); tp[IPL_LOGNAT] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGNAT, ! DV_CHR, 0, 0, 0600, "ipnat"); tp[IPL_LOGSTATE] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGSTATE, DV_CHR, 0, 0, 0600, ! "ipstate"); tp[IPL_LOGAUTH] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGAUTH, ! DV_CHR, 0, 0, 0600, ! "ipauth"); ! # endif } } + # ifdef IPFILTER_LKM SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL) # endif /* IPFILTER_LKM */ #endif /* _FreeBSD_version */ Index: BSD/.cvsignore =================================================================== RCS file: /devel/CVS/IP-Filter/BSD/.cvsignore,v retrieving revision 2.0.2.5 retrieving revision 2.0.2.5.2.1 diff -c -r2.0.2.5 -r2.0.2.5.2.1 *** 2.0.2.5 1997/06/23 04:56:09 --- 2.0.2.5.2.1 1997/12/10 09:12:11 *************** *** 14,16 **** --- 14,17 ---- NetBSD-1.1-amiga NetBSD-1.2-i386 NetBSD-1.2G-i386 + FreeBSD-2.2.5-RELEASE-i386 Index: BSD/Makefile =================================================================== RCS file: /devel/CVS/IP-Filter/BSD/Makefile,v retrieving revision 2.0.2.15 retrieving revision 2.0.2.15.2.2 diff -c -r2.0.2.15 -r2.0.2.15.2.2 *** 2.0.2.15 1997/09/28 07:12:49 --- 2.0.2.15.2.2 1997/12/10 09:11:02 *************** *** 13,21 **** # # For NetBSD/FreeBSD # ! CPU=`uname -m` INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch ! DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST VNODESHDIR=/sys/kern MLD=$(ML) vnode_if.h --- 13,22 ---- # # For NetBSD/FreeBSD # ! DEVFS!=/usr/bin/lsvfs 2>&1 | sed -n 's/.*devfs.*/-DDEVFS/p' ! CPU!=uname -m INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch ! DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEVFS) IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST VNODESHDIR=/sys/kern MLD=$(ML) vnode_if.h Index: SunOS4/Makefile =================================================================== RCS file: /devel/CVS/IP-Filter/SunOS4/Makefile,v retrieving revision 2.0.2.11 retrieving revision 2.0.2.11.2.1 diff -c -r2.0.2.11 -r2.0.2.11.2.1 *** 2.0.2.11 1997/09/28 07:12:57 --- 2.0.2.11.2.1 1997/12/03 10:10:18 *************** *** 13,19 **** # # For SunOS 4.1.x # ! DCPU=`uname -m` DEF=-D$(DCPU) -D__$(DCPU)__ -DINET -DKERNEL -D_KERNEL -Dsun $(CPU) IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST IPFILC=ip_fil.c --- 13,19 ---- # # For SunOS 4.1.x # ! DCPU:sh=uname -m DEF=-D$(DCPU) -D__$(DCPU)__ -DINET -DKERNEL -D_KERNEL -Dsun $(CPU) IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST IPFILC=ip_fil.c Index: SunOS5/Makefile =================================================================== RCS file: /devel/CVS/IP-Filter/SunOS5/Makefile,v retrieving revision 2.0.2.13.2.1 retrieving revision 2.0.2.13.2.3 diff -c -r2.0.2.13.2.1 -r2.0.2.13.2.3 *** 2.0.2.13.2.1 1997/11/20 12:40:29 --- 2.0.2.13.2.3 1997/12/03 10:09:21 *************** *** 171,180 **** $(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS) clean: ! ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon ipnat ipf.exe ! ${RM} -f ipnat.5 ipnat.4 ipnat.1 ipfilter.5 ! ${RM} -f prototype pkginfo postinstall copyright ! find $(ROOT) -name CVS -prune -o -type f -print | xargs /bin/rm -f make -f Makefile.ipsend clean -(for i in *; do \ if [ -d $${i} -a -f $${i}/Makefile ] ; then \ --- 171,182 ---- $(CC) $(DEBUG) $(CFLAGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS) clean: ! if [ `basename \`pwd\`` != SunOS5 ] ; then \ ! ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon ipnat ipf.exe; \ ! ${RM} -f ipnat.5 ipnat.4 ipnat.1 ipfilter.5; \ ! ${RM} -f prototype pkginfo postinstall copyright; \ ! fi ! /bin/rm -rf */root make -f Makefile.ipsend clean -(for i in *; do \ if [ -d $${i} -a -f $${i}/Makefile ] ; then \ Index: SunOS5/Makefile.ipsend =================================================================== RCS file: /devel/CVS/IP-Filter/SunOS5/Makefile.ipsend,v retrieving revision 2.0.2.2 retrieving revision 2.0.2.2.2.1 diff -c -r2.0.2.2 -r2.0.2.2.2.1 *** 2.0.2.2 1997/08/20 16:59:40 --- 2.0.2.2.2.1 1997/12/03 10:09:58 *************** *** 14,23 **** $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ y.tab.o: $(TOP)/iplang/iplang_y.y ! (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../SunOS5/$(CPU)' ) lex.yy.o: $(TOP)/iplang/iplang_l.l ! (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../SunOS5/$(CPU)' ) ipsend: $(OBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll --- 14,23 ---- $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@ y.tab.o: $(TOP)/iplang/iplang_y.y ! (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPU)/$@ 'DESTDIR=../SunOS5/$(CPU)' ) lex.yy.o: $(TOP)/iplang/iplang_l.l ! (cd $(TOP)/iplang; $(MAKE) ../SunOS5/$(CPU)/$@ 'DESTDIR=../SunOS5/$(CPU)' ) ipsend: $(OBJS) $(UNIXOBJS) $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll Index: SunOS5/pkginfo =================================================================== RCS file: /devel/CVS/IP-Filter/SunOS5/pkginfo,v retrieving revision 2.0.2.22.2.2 retrieving revision 2.0.2.22.2.3 diff -c -r2.0.2.22.2.2 -r2.0.2.22.2.3 *** 2.0.2.22.2.2 1997/11/28 07:28:24 --- 2.0.2.22.2.3 1997/12/10 09:56:38 *************** *** 5,11 **** PKG=CYBSipf NAME=IP Filter ARCH=sparc,i386 ! VERSION=3.2,REV=2 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Cybersource --- 5,11 ---- PKG=CYBSipf NAME=IP Filter ARCH=sparc,i386 ! VERSION=3.2,REV=3 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Cybersource Index: iplang/iplang.tst =================================================================== RCS file: /devel/CVS/IP-Filter/iplang/iplang.tst,v retrieving revision 2.0.2.1 retrieving revision 2.0.2.1.2.1 diff -c -r2.0.2.1 -r2.0.2.1.2.1 *** 2.0.2.1 1997/08/20 16:32:24 --- 2.0.2.1.2.1 1997/12/10 09:14:27 *************** *** 1,11 **** # ! interface { ifname le0; mtu 1500; } ipv4 { src 1.1.1.1; dst 2.2.2.2; tcp { seq 12345; ack 0; sport 9999; dport 23; flags S; data { value "abcdef"; } ; ! } ! } ! send { via 10.1.1.1; } --- 1,11 ---- # ! interface { ifname le0; mtu 1500; } ; ipv4 { src 1.1.1.1; dst 2.2.2.2; tcp { seq 12345; ack 0; sport 9999; dport 23; flags S; data { value "abcdef"; } ; ! } ; ! } ; ! send { via 10.1.1.1; } ; Index: iplang/iplang_l.l =================================================================== RCS file: /devel/CVS/IP-Filter/iplang/iplang_l.l,v retrieving revision 2.0.2.15.2.1 retrieving revision 2.0.2.15.2.2 diff -c -r2.0.2.15.2.1 -r2.0.2.15.2.2 *** 2.0.2.15.2.1 1997/11/05 11:04:04 --- 2.0.2.15.2.2 1997/12/10 09:54:15 *************** *** 10,16 **** * provided that this notice is preserved and due credit is given * to the original author and the contributors. * ! * $Id: iplang_l.l,v 2.0.2.15.2.1 1997/11/05 11:04:04 darrenr Exp $ */ #include #include --- 10,16 ---- * provided that this notice is preserved and due credit is given * to the original author and the contributors. * ! * $Id: iplang_l.l,v 2.0.2.15.2.2 1997/12/10 09:54:15 darrenr Exp $ */ #include #include *************** *** 164,169 **** --- 164,170 ---- ttime { return next_state(IL_ICMP_TTIME, -1); } icmpseq { return next_state(IL_ICMP_SEQ, -1); } icmpid { return next_state(IL_ICMP_SEQ, -1); } + \377 { return 0; } /* EOF */ \{ { push_proto(); return next_item('{'); } \} { pop_proto(); return next_item('}'); } \. { return next_item(IL_DOT); } *************** *** 210,220 **** int save_token() { - static char *buf = NULL; ! if (buf && (buf == yylval.str)) ! free(buf); ! buf = yylval.str = strdup(yytext); return IL_TOKEN; } --- 211,218 ---- int save_token() { ! yylval.str = strdup(yytext); return IL_TOKEN; } Index: iplang/iplang_y.y =================================================================== RCS file: /devel/CVS/IP-Filter/iplang/iplang_y.y,v retrieving revision 2.0.2.18.2.4 retrieving revision 2.0.2.18.2.5 diff -c -r2.0.2.18.2.4 -r2.0.2.18.2.5 *** 2.0.2.18.2.4 1997/11/27 09:04:57 --- 2.0.2.18.2.5 1997/12/10 09:54:45 *************** *** 6,12 **** * provided that this notice is preserved and due credit is given * to the original author and the contributors. * ! * $Id: iplang_y.y,v 2.0.2.18.2.4 1997/11/27 09:04:57 darrenr Exp $ */ #include --- 6,12 ---- * provided that this notice is preserved and due credit is given * to the original author and the contributors. * ! * $Id: iplang_y.y,v 2.0.2.18.2.5 1997/12/10 09:54:45 darrenr Exp $ */ #include *************** *** 190,197 **** %token IL_IPO_TS IL_IPO_TR IL_IPO_SEC IL_IPO_LSRR IL_IPO_ESEC %token IL_IPO_SATID IL_IPO_SSRR IL_IPO_ADDEXT IL_IPO_VISA IL_IPO_IMITD %token IL_IPO_EIP IL_IPO_FINN IL_IPO_SECCLASS IL_IPO_CIPSO IL_IPO_ENCODE ! %token IL_IPS_RESERV4 IL_IPS_TOPSECRET IL_IPS_SECRET IL_IPS_RESERV3 ! %token IL_IPS_CONFID IL_IPS_UNCLASS IL_IPS_RESERV2 IL_IPS_RESERV1 %token IL_ICMP_ECHOREPLY IL_ICMP_UNREACH IL_ICMP_UNREACH_NET %token IL_ICMP_UNREACH_HOST IL_ICMP_UNREACH_PROTOCOL IL_ICMP_UNREACH_PORT %token IL_ICMP_UNREACH_NEEDFRAG IL_ICMP_UNREACH_SRCFAIL --- 190,197 ---- %token IL_IPO_TS IL_IPO_TR IL_IPO_SEC IL_IPO_LSRR IL_IPO_ESEC %token IL_IPO_SATID IL_IPO_SSRR IL_IPO_ADDEXT IL_IPO_VISA IL_IPO_IMITD %token IL_IPO_EIP IL_IPO_FINN IL_IPO_SECCLASS IL_IPO_CIPSO IL_IPO_ENCODE ! %token IL_IPS_RESERV4 IL_IPS_TOPSECRET IL_IPS_SECRET IL_IPS_RESERV3 ! %token IL_IPS_CONFID IL_IPS_UNCLASS IL_IPS_RESERV2 IL_IPS_RESERV1 %token IL_ICMP_ECHOREPLY IL_ICMP_UNREACH IL_ICMP_UNREACH_NET %token IL_ICMP_UNREACH_HOST IL_ICMP_UNREACH_PROTOCOL IL_ICMP_UNREACH_PORT %token IL_ICMP_UNREACH_NEEDFRAG IL_ICMP_UNREACH_SRCFAIL *************** *** 235,244 **** ; ifaceopt: ! IL_IFNAME token { set_ifname(&yylval.str); } ! | IL_MTU number { set_ifmtu(yylval.num); } ! | IL_V4ADDR token { set_ifv4addr(&yylval.str); } ! | IL_EADDR token { set_ifeaddr(&yylval.str); } ; send: sendhdr '{' sendbody '}' ';' { packet_done(); } --- 235,244 ---- ; ifaceopt: ! IL_IFNAME token { set_ifname(&$2); } ! | IL_MTU number { set_ifmtu($2); } ! | IL_V4ADDR token { set_ifv4addr(&$2); } ! | IL_EADDR token { set_ifeaddr(&$2); } ; send: sendhdr '{' sendbody '}' ';' { packet_done(); } *************** *** 255,262 **** ; sendopt: ! IL_IFNAME token { set_sendif(&yylval.str); } ! | IL_VIA token { set_sendvia(&yylval.str); } ; arp: arphdr '{' arpbody '}' ';' --- 255,262 ---- ; sendopt: ! IL_IFNAME token { set_sendif(&$2); } ! | IL_VIA token { set_sendvia(&$2); } ; arp: arphdr '{' arpbody '}' ';' *************** *** 270,281 **** | arpbody arpopt ; ! arpopt: IL_V4ADDR token { set_arpv4addr(&yylval.str); } ! | IL_EADDR token { set_arpeaddr(&yylval.str); } ; defrouter: ! IL_DEFROUTER token { set_defaultrouter(&yylval.str); } ; bodyline: --- 270,281 ---- | arpbody arpopt ; ! arpopt: IL_V4ADDR token { set_arpv4addr(&$2); } ! | IL_EADDR token { set_arpeaddr(&$2); } ; defrouter: ! IL_DEFROUTER token { set_defaultrouter(&$2); } ; bodyline: *************** *** 298,314 **** ; ipv4type: ! IL_V4PROTO token { set_ipv4proto(&yylval.str); } ! | IL_V4SRC token { set_ipv4src(&yylval.str); } ! | IL_V4DST token { set_ipv4dst(&yylval.str); } ! | IL_V4OFF token { set_ipv4off(&yylval.str); } ! | IL_V4V token { set_ipv4v(&yylval.str); } ! | IL_V4HL token { set_ipv4hl(&yylval.str); } ! | IL_V4ID token { set_ipv4id(&yylval.str); } ! | IL_V4TTL token { set_ipv4ttl(&yylval.str); } ! | IL_V4TOS token { set_ipv4tos(&yylval.str); } ! | IL_V4SUM token { set_ipv4sum(&yylval.str); } ! | IL_V4LEN token { set_ipv4len(&yylval.str); } | ipv4opt '{' ipv4optlist '}' ';' { end_ipopt(); } ; --- 298,314 ---- ; ipv4type: ! IL_V4PROTO token { set_ipv4proto(&$2); } ! | IL_V4SRC token { set_ipv4src(&$2); } ! | IL_V4DST token { set_ipv4dst(&$2); } ! | IL_V4OFF token { set_ipv4off(&$2); } ! | IL_V4V token { set_ipv4v(&$2); } ! | IL_V4HL token { set_ipv4hl(&$2); } ! | IL_V4ID token { set_ipv4id(&$2); } ! | IL_V4TTL token { set_ipv4ttl(&$2); } ! | IL_V4TOS token { set_ipv4tos(&$2); } ! | IL_V4SUM token { set_ipv4sum(&$2); } ! | IL_V4LEN token { set_ipv4len(&$2); } | ipv4opt '{' ipv4optlist '}' ';' { end_ipopt(); } ; *************** *** 326,340 **** ; tcpbody: ! IL_SPORT token { set_tcpsport(&yylval.str); } ! | IL_DPORT token { set_tcpdport(&yylval.str); } ! | IL_TCPSEQ token { set_tcpseq(&yylval.str); } ! | IL_TCPACK token { set_tcpack(&yylval.str); } ! | IL_TCPOFF token { set_tcpoff(&yylval.str); } ! | IL_TCPURP token { set_tcpurp(&yylval.str); } ! | IL_TCPWIN token { set_tcpwin(&yylval.str); } ! | IL_TCPSUM token { set_tcpsum(&yylval.str); } ! | IL_TCPFL token { set_tcpflags(&yylval.str); } | IL_TCPOPT '{' tcpopts '}' ';' { end_tcpopt(); } ; --- 326,340 ---- ; tcpbody: ! IL_SPORT token { set_tcpsport(&$2); } ! | IL_DPORT token { set_tcpdport(&$2); } ! | IL_TCPSEQ token { set_tcpseq(&$2); } ! | IL_TCPACK token { set_tcpack(&$2); } ! | IL_TCPOFF token { set_tcpoff(&$2); } ! | IL_TCPURP token { set_tcpurp(&$2); } ! | IL_TCPWIN token { set_tcpwin(&$2); } ! | IL_TCPSUM token { set_tcpsum(&$2); } ! | IL_TCPFL token { set_tcpflags(&$2); } | IL_TCPOPT '{' tcpopts '}' ';' { end_tcpopt(); } ; *************** *** 344,352 **** tcpopt: IL_TCPO_NOP ';' { set_tcpopt(IL_TCPO_NOP, NULL); } | IL_TCPO_EOL ';' { set_tcpopt(IL_TCPO_EOL, NULL); } ! | IL_TCPO_MSS optoken { set_tcpopt(IL_TCPO_MSS,&yylval.str);} ! | IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_MSS,&yylval.str);} ! | IL_TCPO_TS optoken { set_tcpopt(IL_TCPO_TS, &yylval.str);} ; udp: IL_UDP { new_udpheader(); } --- 344,352 ---- tcpopt: IL_TCPO_NOP ';' { set_tcpopt(IL_TCPO_NOP, NULL); } | IL_TCPO_EOL ';' { set_tcpopt(IL_TCPO_EOL, NULL); } ! | IL_TCPO_MSS optoken { set_tcpopt(IL_TCPO_MSS,&$2);} ! | IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_MSS,&$2);} ! | IL_TCPO_TS optoken { set_tcpopt(IL_TCPO_TS, &$2);} ; udp: IL_UDP { new_udpheader(); } *************** *** 364,373 **** ; udpbody: ! IL_SPORT token { set_tcpsport(&yylval.str); } ! | IL_DPORT token { set_tcpdport(&yylval.str); } ! | IL_UDPLEN token { set_udplen(&yylval.str); } ! | IL_UDPSUM token { set_udpsum(&yylval.str); } ; icmp: IL_ICMP { new_icmpheader(); } --- 364,373 ---- ; udpbody: ! IL_SPORT token { set_tcpsport(&$2); } ! | IL_DPORT token { set_tcpdport(&$2); } ! | IL_UDPLEN token { set_udplen(&$2); } ! | IL_UDPSUM token { set_udpsum(&$2); } ; icmp: IL_ICMP { new_icmpheader(); } *************** *** 388,394 **** ; icmpcode: ! IL_ICMPCODE token { set_icmpcodetok(&yylval.str); } ; icmptype: --- 388,394 ---- ; icmpcode: ! IL_ICMPCODE token { set_icmpcodetok(&$2); } ; icmptype: *************** *** 414,420 **** | IL_ICMP_MASKREPLY '{' token '}' ';' | IL_ICMP_PARAMPROB ';' { set_icmptype(ICMP_PARAMPROB); } | IL_ICMP_PARAMPROB '{' paramprob '}' ';' ! | IL_TOKEN ';' { set_icmptypetok(&yylval.str); } ; icmpechoopts: --- 414,420 ---- | IL_ICMP_MASKREPLY '{' token '}' ';' | IL_ICMP_PARAMPROB ';' { set_icmptype(ICMP_PARAMPROB); } | IL_ICMP_PARAMPROB '{' paramprob '}' ';' ! | IL_TOKEN ';' { set_icmptypetok(&$1); } ; icmpechoopts: *************** *** 422,438 **** ; icmpecho: ! IL_ICMP_SEQ number { set_icmpseq(yylval.num); } ! | IL_ICMP_ID number { set_icmpid(yylval.num); } ; icmptsopts: | icmptsopts icmpts ';' ; ! icmpts: IL_ICMP_OTIME number { set_icmpotime(yylval.num); } ! | IL_ICMP_RTIME number { set_icmprtime(yylval.num); } ! | IL_ICMP_TTIME number { set_icmpttime(yylval.num); } ; unreach: --- 422,438 ---- ; icmpecho: ! IL_ICMP_SEQ number { set_icmpseq($2); } ! | IL_ICMP_ID number { set_icmpid($2); } ; icmptsopts: | icmptsopts icmpts ';' ; ! icmpts: IL_ICMP_OTIME number { set_icmpotime($2); } ! | IL_ICMP_RTIME number { set_icmprtime($2); } ! | IL_ICMP_TTIME number { set_icmpttime($2); } ; unreach: *************** *** 445,451 **** | IL_ICMP_UNREACH_HOST line | IL_ICMP_UNREACH_PROTOCOL line | IL_ICMP_UNREACH_PORT line ! | IL_ICMP_UNREACH_NEEDFRAG number ';' { set_icmpmtu(yylval.num); } | IL_ICMP_UNREACH_SRCFAIL line | IL_ICMP_UNREACH_NET_UNKNOWN line | IL_ICMP_UNREACH_HOST_UNKNOWN line --- 445,451 ---- | IL_ICMP_UNREACH_HOST line | IL_ICMP_UNREACH_PROTOCOL line | IL_ICMP_UNREACH_PORT line ! | IL_ICMP_UNREACH_NEEDFRAG number ';' { set_icmpmtu($2); } | IL_ICMP_UNREACH_SRCFAIL line | IL_ICMP_UNREACH_NET_UNKNOWN line | IL_ICMP_UNREACH_HOST_UNKNOWN line *************** *** 465,474 **** ; redirectopts: ! | IL_ICMP_REDIRECT_NET token { set_redir(0, &yylval.str); } ! | IL_ICMP_REDIRECT_HOST token { set_redir(1, &yylval.str); } ! | IL_ICMP_REDIRECT_TOSNET token { set_redir(2, &yylval.str); } ! | IL_ICMP_REDIRECT_TOSHOST token { set_redir(3, &yylval.str); } ; exceed: --- 465,474 ---- ; redirectopts: ! | IL_ICMP_REDIRECT_NET token { set_redir(0, &$2); } ! | IL_ICMP_REDIRECT_HOST token { set_redir(1, &$2); } ! | IL_ICMP_REDIRECT_TOSNET token { set_redir(2, &$2); } ! | IL_ICMP_REDIRECT_TOSHOST token { set_redir(3, &$2); } ; exceed: *************** *** 481,487 **** | IL_ICMP_PARAMPROB_OPTABSENT paraprobarg paraprobarg: ! '{' number '}' ';' { set_icmppprob(yylval.num); } ; ipv4opt: IL_V4OPT { new_ipv4opt(); } --- 481,487 ---- | IL_ICMP_PARAMPROB_OPTABSENT paraprobarg paraprobarg: ! '{' number '}' ';' { set_icmppprob($2); } ; ipv4opt: IL_V4OPT { new_ipv4opt(); } *************** *** 493,499 **** ipv4opts: IL_IPO_NOP ';' { add_ipopt(IL_IPO_NOP, NULL); } ! | IL_IPO_RR optnumber { add_ipopt(IL_IPO_RR, &yylval.num); } | IL_IPO_ZSU ';' { add_ipopt(IL_IPO_ZSU, NULL); } | IL_IPO_MTUP ';' { add_ipopt(IL_IPO_MTUP, NULL); } | IL_IPO_MTUR ';' { add_ipopt(IL_IPO_MTUR, NULL); } --- 493,499 ---- ipv4opts: IL_IPO_NOP ';' { add_ipopt(IL_IPO_NOP, NULL); } ! | IL_IPO_RR optnumber { add_ipopt(IL_IPO_RR, &$2); } | IL_IPO_ZSU ';' { add_ipopt(IL_IPO_ZSU, NULL); } | IL_IPO_MTUP ';' { add_ipopt(IL_IPO_MTUP, NULL); } | IL_IPO_MTUR ';' { add_ipopt(IL_IPO_MTUR, NULL); } *************** *** 502,512 **** | IL_IPO_TR ';' { add_ipopt(IL_IPO_TR, NULL); } | IL_IPO_SEC ';' { add_ipopt(IL_IPO_SEC, NULL); } | IL_IPO_SECCLASS secclass { add_ipopt(IL_IPO_SECCLASS, sclass); } ! | IL_IPO_LSRR token { add_ipopt(IL_IPO_LSRR,&yylval.str); } | IL_IPO_ESEC ';' { add_ipopt(IL_IPO_ESEC, NULL); } | IL_IPO_CIPSO ';' { add_ipopt(IL_IPO_CIPSO, NULL); } ! | IL_IPO_SATID optnumber { add_ipopt(IL_IPO_SATID,&yylval.num);} ! | IL_IPO_SSRR token { add_ipopt(IL_IPO_SSRR,&yylval.str); } | IL_IPO_ADDEXT ';' { add_ipopt(IL_IPO_ADDEXT, NULL); } | IL_IPO_VISA ';' { add_ipopt(IL_IPO_VISA, NULL); } | IL_IPO_IMITD ';' { add_ipopt(IL_IPO_IMITD, NULL); } --- 502,512 ---- | IL_IPO_TR ';' { add_ipopt(IL_IPO_TR, NULL); } | IL_IPO_SEC ';' { add_ipopt(IL_IPO_SEC, NULL); } | IL_IPO_SECCLASS secclass { add_ipopt(IL_IPO_SECCLASS, sclass); } ! | IL_IPO_LSRR token { add_ipopt(IL_IPO_LSRR,&$2); } | IL_IPO_ESEC ';' { add_ipopt(IL_IPO_ESEC, NULL); } | IL_IPO_CIPSO ';' { add_ipopt(IL_IPO_CIPSO, NULL); } ! | IL_IPO_SATID optnumber { add_ipopt(IL_IPO_SATID,&$2);} ! | IL_IPO_SSRR token { add_ipopt(IL_IPO_SSRR,&$2); } | IL_IPO_ADDEXT ';' { add_ipopt(IL_IPO_ADDEXT, NULL); } | IL_IPO_VISA ';' { add_ipopt(IL_IPO_VISA, NULL); } | IL_IPO_IMITD ';' { add_ipopt(IL_IPO_IMITD, NULL); } *************** *** 515,528 **** ; secclass: ! IL_IPS_RESERV4 ';' { set_secclass(&yylval.str); } ! | IL_IPS_TOPSECRET ';' { set_secclass(&yylval.str); } ! | IL_IPS_SECRET ';' { set_secclass(&yylval.str); } ! | IL_IPS_RESERV3 ';' { set_secclass(&yylval.str); } ! | IL_IPS_CONFID ';' { set_secclass(&yylval.str); } ! | IL_IPS_UNCLASS ';' { set_secclass(&yylval.str); } ! | IL_IPS_RESERV2 ';' { set_secclass(&yylval.str); } ! | IL_IPS_RESERV1 ';' { set_secclass(&yylval.str); } ; data: IL_DATA { new_data(); } --- 515,528 ---- ; secclass: ! IL_IPS_RESERV4 ';' { set_secclass(&$1); } ! | IL_IPS_TOPSECRET ';' { set_secclass(&$1); } ! | IL_IPS_SECRET ';' { set_secclass(&$1); } ! | IL_IPS_RESERV3 ';' { set_secclass(&$1); } ! | IL_IPS_CONFID ';' { set_secclass(&$1); } ! | IL_IPS_UNCLASS ';' { set_secclass(&$1); } ! | IL_IPS_RESERV2 ';' { set_secclass(&$1); } ! | IL_IPS_RESERV1 ';' { set_secclass(&$1); } ; data: IL_DATA { new_data(); } *************** *** 537,545 **** ; dataopts: ! IL_DLEN token { set_datalen(&yylval.str); } ! | IL_DVALUE token { set_data(&yylval.str); } ! | IL_DFILE token { set_datafile(&yylval.str); } ; token: IL_TOKEN ';' --- 537,545 ---- ; dataopts: ! IL_DLEN token { set_datalen(&$2); } ! | IL_DVALUE token { set_data(&$2); } ! | IL_DFILE token { set_datafile(&$2); } ; token: IL_TOKEN ';' *************** *** 642,648 **** struct servent *sp; if (!(sp = getservbyname(name, pr))) ! return atoi(name); return sp->s_port; } --- 642,648 ---- struct servent *sp; if (!(sp = getservbyname(name, pr))) ! return htons(atoi(name)); return sp->s_port; } *************** *** 1719,1725 **** canip->ah_next = NULL; aniptail = &canip->ah_next; } ! free(aip); } --- 1719,1727 ---- canip->ah_next = NULL; aniptail = &canip->ah_next; } ! ! if (canip) ! free(aip); } Index: rules/example.2 =================================================================== RCS file: /devel/CVS/IP-Filter/rules/example.2,v retrieving revision 2.0.2.1 retrieving revision 2.0.2.1.2.1 diff -c -r2.0.2.1 -r2.0.2.1.2.1 *** 2.0.2.1 1997/01/12 08:48:17 --- 2.0.2.1.2.1 1997/12/10 09:11:43 *************** *** 1,4 **** # # block all outgoing TCP packets on le0 from any host to port 23 of host bar. # ! block out on le0 proto tcp from any to bar/32 port != 23 --- 1,4 ---- # # block all outgoing TCP packets on le0 from any host to port 23 of host bar. # ! block out on le0 proto tcp from any to bar/32 port = 23