diff -cr ip_fil3.3.21/HISTORY ip_fil3.3.22/HISTORY *** ip_fil3.3.21/HISTORY Mon Jan 15 01:33:15 2001 --- ip_fil3.3.22/HISTORY Fri Apr 6 21:22:37 2001 *************** *** 20,25 **** --- 20,30 ---- # and especially those who have found the time to port IP Filter to new # platforms. # + 3.3.22 06/04/2001 - Released + + fix fragment#0 handling bug where they could get in via cache information + created by state table entries + 3.3.21 15/01/2001 - Released log all NAT sessions that get created, not just those that match rules diff -cr ip_fil3.3.21/SunOS5/pkginfo ip_fil3.3.22/SunOS5/pkginfo *** ip_fil3.3.21/SunOS5/pkginfo Mon Jan 15 01:33:17 2001 --- ip_fil3.3.22/SunOS5/pkginfo Fri Apr 6 21:22:39 2001 *************** *** 5,11 **** PKG=ipf NAME=IP Filter ARCH=sparc,i386 ! VERSION=3.3.21 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed --- 5,11 ---- PKG=ipf NAME=IP Filter ARCH=sparc,i386 ! VERSION=3.3.22 CATEGORY=system DESC=This package contains tools for building a firewall VENDOR=Darren Reed diff -cr ip_fil3.3.21/SunOS5/system ip_fil3.3.22/SunOS5/system *** ip_fil3.3.21/SunOS5/system Sun Aug 1 23:18:16 1999 --- ip_fil3.3.22/SunOS5/system Wed Jan 17 23:28:47 2001 *************** *** 18,25 **** set ipf:fr_icmptimeout = 120 * NAT timeouts ! set ipf:fr_defnaticmpage = 600 ! set ipf:fr_defnatage = 6 * Fragment timeouts set ipf:fr_ipfrttl = 1200 --- 18,25 ---- set ipf:fr_icmptimeout = 120 * NAT timeouts ! set ipf:fr_defnaticmpage = 6 ! set ipf:fr_defnatage = 600 * Fragment timeouts set ipf:fr_ipfrttl = 1200 diff -cr ip_fil3.3.21/fil.c ip_fil3.3.22/fil.c *** ip_fil3.3.21/fil.c Mon Jan 15 00:55:06 2001 --- ip_fil3.3.22/fil.c Fri Apr 6 20:50:14 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.26 2001/01/14 13:55:06 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: fil.c,v 2.3.2.27 2001/04/06 10:50:14 darrenr Exp $"; #endif #include *************** *** 1191,1197 **** * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.3.2.26 2001/01/14 13:55:06 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, --- 1191,1197 ---- * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 ! * $Id: fil.c,v 2.3.2.27 2001/04/06 10:50:14 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff -cr ip_fil3.3.21/ip_compat.h ip_fil3.3.22/ip_compat.h *** ip_fil3.3.21/ip_compat.h Mon Jan 15 01:33:04 2001 --- ip_fil3.3.22/ip_compat.h Fri Apr 6 20:50:59 2001 *************** *** 1,12 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.1.2.8 2001/01/14 14:33:04 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ --- 1,12 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * @(#)ip_compat.h 1.8 1/14/96 ! * $Id: ip_compat.h,v 2.1.2.9 2001/04/06 10:50:59 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ diff -cr ip_fil3.3.21/ip_fil.c ip_fil3.3.22/ip_fil.c *** ip_fil3.3.21/ip_fil.c Sat Oct 28 10:22:18 2000 --- ip_fil3.3.22/ip_fil.c Fri Apr 6 20:51:23 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.4.2.25 2000/10/27 23:22:18 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.4.2.27 2001/04/06 10:51:23 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 234,251 **** # ifdef IPFILTER_LOG ipflog_init(); # endif ! if (nat_init() == -1) return -1; ! if (fr_stateinit() == -1) return -1; ! if (appr_init() == -1) return -1; # ifdef NETBSD_PF # if __NetBSD_Version__ >= 104200000 error = pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); if (error) { appr_unload(); ip_natunload(); fr_stateunload(); --- 234,258 ---- # ifdef IPFILTER_LOG ipflog_init(); # endif ! if (nat_init() == -1) { ! SPL_X(s); return -1; ! } ! if (fr_stateinit() == -1) { ! SPL_X(s); return -1; ! } ! if (appr_init() == -1) { ! SPL_X(s); return -1; + } # ifdef NETBSD_PF # if __NetBSD_Version__ >= 104200000 error = pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); if (error) { + SPL_X(s); appr_unload(); ip_natunload(); fr_stateunload(); diff -cr ip_fil3.3.21/ip_frag.c ip_fil3.3.22/ip_frag.c *** ip_fil3.3.21/ip_frag.c Mon Jan 15 00:56:08 2001 --- ip_fil3.3.22/ip_frag.c Fri Apr 6 22:31:05 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.4.2.7 2001/01/14 13:56:08 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.4.2.8 2001/04/06 12:31:05 darrenr Exp $"; #endif #if defined(KERNEL) && !defined(_KERNEL) *************** *** 134,145 **** u_int pass; ipfr_t *table[]; { ! ipfr_t **fp, *fra, frag; ! u_int idx; if (ipfr_inuse >= IPFT_SIZE) return NULL; frag.ipfr_p = ip->ip_p; idx = ip->ip_p; frag.ipfr_id = ip->ip_id; --- 134,148 ---- u_int pass; ipfr_t *table[]; { ! ipfr_t **fp, *fra, frag; ! u_int idx, off; if (ipfr_inuse >= IPFT_SIZE) return NULL; + if (!(fin->fin_fi.fi_fl & FI_FRAG)) + return NULL; + frag.ipfr_p = ip->ip_p; idx = ip->ip_p; frag.ipfr_id = ip->ip_id; *************** *** 193,199 **** /* * Compute the offset of the expected start of the next packet. */ ! fra->ipfr_off = (ip->ip_off & IP_OFFMASK) + (fin->fin_dlen >> 3); ATOMIC_INC(ipfr_stats.ifs_new); ATOMIC_INC(ipfr_inuse); return fra; --- 196,205 ---- /* * Compute the offset of the expected start of the next packet. */ ! off = ip->ip_off & IP_OFFMASK; ! if (!off) ! fra->ipfr_seen0 = 1; ! fra->ipfr_off = off + (fin->fin_dlen >> 3); ATOMIC_INC(ipfr_stats.ifs_new); ATOMIC_INC(ipfr_inuse); return fra; *************** *** 245,250 **** --- 251,259 ---- ipfr_t *f, frag; u_int idx; + if (!(fin->fin_fi.fi_fl & FI_FRAG)) + return NULL; + /* * For fragments, we record protocol, packet id, TOS and both IP#'s * (these should all be the same for all fragments of a packet). *************** *** 272,277 **** --- 281,299 ---- IPFR_CMPSZ)) { u_short atoff, off; + /* + * XXX - We really need to be guarding against the + * retransmission of (src,dst,id,offset-range) here + * because a fragmented packet is never resent with + * the same IP ID#. + */ + off = ip->ip_off & IP_OFFMASK; + if (f->ipfr_seen0) { + if (!off || (fin->fin_fi.fi_fl & FI_SHORT)) + continue; + } else if (!off) + f->ipfr_seen0 = 1; + if (f != table[idx]) { /* * move fragment info. to the top of the list *************** *** 284,290 **** f->ipfr_prev = NULL; table[idx] = f; } - off = ip->ip_off & IP_OFFMASK; atoff = off + (fin->fin_dlen >> 3); /* * If we've follwed the fragments, and this is the --- 306,311 ---- diff -cr ip_fil3.3.21/ip_frag.h ip_fil3.3.22/ip_frag.h *** ip_fil3.3.21/ip_frag.h Sat Nov 11 00:11:45 2000 --- ip_fil3.3.22/ip_frag.h Fri Apr 6 22:31:06 2001 *************** *** 1,12 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * @(#)ip_frag.h 1.5 3/24/96 ! * $Id: ip_frag.h,v 2.2.2.1 2000/11/10 13:11:45 darrenr Exp $ */ #ifndef __IP_FRAG_H__ --- 1,12 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * @(#)ip_frag.h 1.5 3/24/96 ! * $Id: ip_frag.h,v 2.2.2.2 2001/04/06 12:31:06 darrenr Exp $ */ #ifndef __IP_FRAG_H__ *************** *** 24,30 **** u_char ipfr_p; u_char ipfr_tos; u_short ipfr_off; ! u_short ipfr_ttl; frentry_t *ipfr_rule; } ipfr_t; --- 24,31 ---- u_char ipfr_p; u_char ipfr_tos; u_short ipfr_off; ! u_char ipfr_ttl; ! u_char ipfr_seen0; frentry_t *ipfr_rule; } ipfr_t; *************** *** 40,46 **** struct ipfr **ifs_nattab; } ipfrstat_t; ! #define IPFR_CMPSZ (4 + 4 + 2 + 1 + 1) extern int fr_ipfrttl; extern ipfrstat_t *ipfr_fragstats __P((void)); --- 41,48 ---- struct ipfr **ifs_nattab; } ipfrstat_t; ! #define IPFR_CMPSZ (offsetof(ipfr_t, ipfr_off) - \ ! offsetof(ipfr_t, ipfr_src)) extern int fr_ipfrttl; extern ipfrstat_t *ipfr_fragstats __P((void)); diff -cr ip_fil3.3.21/ip_nat.c ip_fil3.3.22/ip_nat.c *** ip_fil3.3.21/ip_nat.c Mon Jan 15 00:56:35 2001 --- ip_fil3.3.22/ip_nat.c Sat Apr 7 00:08:21 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1995-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1995-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 9,15 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.2.2.23 2001/01/14 13:56:35 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) --- 9,15 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.2.2.26 2001/04/06 14:07:50 darrenr Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) *************** *** 1429,1435 **** if (nat) { np = nat->nat_ptr; ! if (natadd && fin->fin_fi.fi_fl & FI_FRAG) ipfr_nat_newfrag(ip, fin, 0, nat); ip->ip_src = nat->nat_outip; MUTEX_ENTER(&ipf_rw); --- 1429,1436 ---- if (nat) { np = nat->nat_ptr; ! if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && ! np && (np->in_flags & IPN_FRAG)) ipfr_nat_newfrag(ip, fin, 0, nat); ip->ip_src = nat->nat_outip; MUTEX_ENTER(&ipf_rw); *************** *** 1606,1612 **** if (nat) { np = nat->nat_ptr; fin->fin_fr = nat->nat_fr; ! if (natadd && fin->fin_fi.fi_fl & FI_FRAG) ipfr_nat_newfrag(ip, fin, 0, nat); if ((np->in_apr != NULL) && (np->in_dport == 0 || (tcp != NULL && sport == np->in_dport))) --- 1607,1614 ---- if (nat) { np = nat->nat_ptr; fin->fin_fr = nat->nat_fr; ! if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) && ! np && (np->in_flags & IPN_FRAG)) ipfr_nat_newfrag(ip, fin, 0, nat); if ((np->in_apr != NULL) && (np->in_dport == 0 || (tcp != NULL && sport == np->in_dport))) diff -cr ip_fil3.3.21/ip_nat.h ip_fil3.3.22/ip_nat.h *** ip_fil3.3.21/ip_nat.h Thu Mar 16 00:57:03 2000 --- ip_fil3.3.22/ip_nat.h Fri Apr 6 23:48:50 2001 *************** *** 6,12 **** * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.1.2.4 2000/03/15 13:57:03 darrenr Exp $ */ #ifndef __IP_NAT_H__ --- 6,12 ---- * to the original author and the contributors. * * @(#)ip_nat.h 1.5 2/4/96 ! * $Id: ip_nat.h,v 2.1.2.5 2001/04/06 13:47:49 darrenr Exp $ */ #ifndef __IP_NAT_H__ *************** *** 175,180 **** --- 175,181 ---- #define IPN_AUTOPORTMAP 0x10 #define IPN_RANGE 0x20 #define IPN_USERFLAGS (IPN_TCPUDP|IPN_AUTOPORTMAP|IPN_RANGE) + #define IPN_FRAG 0x200000 typedef struct natlog { diff -cr ip_fil3.3.21/ip_state.c ip_fil3.3.22/ip_state.c *** ip_fil3.3.21/ip_state.c Wed Aug 9 02:00:35 2000 --- ip_fil3.3.22/ip_state.c Fri Apr 6 22:31:07 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1995-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1995-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.3.2.28 2000/08/08 16:00:35 darrenr Exp $"; #endif #include --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.3.2.30 2001/04/06 12:31:07 darrenr Exp $"; #endif #include *************** *** 427,433 **** #endif RWLOCK_EXIT(&ipf_state); fin->fin_rev = (is->is_dst.s_addr != ip->ip_dst.s_addr); ! if (fin->fin_fi.fi_fl & FI_FRAG) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return is; } --- 427,433 ---- #endif RWLOCK_EXIT(&ipf_state); fin->fin_rev = (is->is_dst.s_addr != ip->ip_dst.s_addr); ! if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG)) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return is; } *************** *** 477,483 **** if (!(tcp->th_flags & TH_ACK)) { /* Pretend an ack was sent */ ack = tdata->td_end; win = 1; ! if ((tcp->th_flags == TH_SYN) && (tdata->td_maxwin == 0)) tdata->td_maxwin = 1; } else if (((tcp->th_flags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) && (ack == 0)) { --- 477,484 ---- if (!(tcp->th_flags & TH_ACK)) { /* Pretend an ack was sent */ ack = tdata->td_end; win = 1; ! if ((tcp->th_flags & TH_SYN == TH_SYN) && ! (tdata->td_maxwin == 0)) tdata->td_maxwin = 1; } else if (((tcp->th_flags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) && (ack == 0)) { *************** *** 1021,1027 **** fr_delstate(is); #endif RWLOCK_EXIT(&ipf_state); ! if (fin->fin_fi.fi_fl & FI_FRAG) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return fr; } --- 1022,1028 ---- fr_delstate(is); #endif RWLOCK_EXIT(&ipf_state); ! if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG)) ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE); return fr; } diff -cr ip_fil3.3.21/ipft_tx.c ip_fil3.3.22/ipft_tx.c *** ip_fil3.3.21/ipft_tx.c Thu Aug 5 03:30:05 1999 --- ip_fil3.3.22/ipft_tx.c Fri Apr 6 20:53:25 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1995-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1995-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 43,49 **** #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.1 1999/08/04 17:30:05 darrenr Exp $"; #endif extern int opts; --- 43,49 ---- #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 2.1.2.2 2001/04/06 10:53:25 darrenr Exp $"; #endif extern int opts; *************** *** 225,234 **** ip->ip_v = IPVERSION; for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; ) cps[++i] = strtok(NULL, " \b\t\r\n"); - if (i < 2) - return 1; cpp = cps; c = **cpp; if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) { --- 225,234 ---- ip->ip_v = IPVERSION; for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; ) cps[++i] = strtok(NULL, " \b\t\r\n"); cpp = cps; + if (!*cpp) + return 1; c = **cpp; if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) { *************** *** 237,248 **** --- 237,252 ---- } *out = (tolower(c) == 'o') ? 1 : 0; cpp++; + if (!*cpp) + return 1; if (!strcasecmp(*cpp, "on")) { cpp++; if (!*cpp) return 1; *ifn = strdup(*cpp++); + if (!*cpp) + return 1; } c = **cpp; diff -cr ip_fil3.3.21/ipl.h ip_fil3.3.22/ipl.h *** ip_fil3.3.21/ipl.h Mon Jan 15 01:33:16 2001 --- ip_fil3.3.22/ipl.h Fri Apr 6 21:22:38 2001 *************** *** 11,16 **** #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.3.21" #endif --- 11,16 ---- #ifndef __IPL_H__ #define __IPL_H__ ! #define IPL_VERSION "IP Filter: v3.3.22" #endif diff -cr ip_fil3.3.21/ipmon.c ip_fil3.3.22/ipmon.c *** ip_fil3.3.21/ipmon.c Mon Aug 7 23:04:51 2000 --- ip_fil3.3.22/ipmon.c Fri Apr 6 20:53:47 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 7,13 **** */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-1998 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.3.2.6 2000/08/07 13:04:51 darrenr Exp $"; #endif #ifndef SOLARIS --- 7,13 ---- */ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-1998 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: ipmon.c,v 2.3.2.7 2001/04/06 10:53:47 darrenr Exp $"; #endif #ifndef SOLARIS *************** *** 91,96 **** --- 91,98 ---- { TH_FIN, 'F' }, { TH_URG, 'U' }, { TH_PUSH,'P' }, + { TH_ECN, 'E' }, + { TH_CWR, 'C' }, { 0, '\0' } }; diff -cr ip_fil3.3.21/ipsend/sdlpi.c ip_fil3.3.22/ipsend/sdlpi.c *** ip_fil3.3.21/ipsend/sdlpi.c Thu Aug 5 03:31:13 1999 --- ip_fil3.3.22/ipsend/sdlpi.c Wed Feb 28 21:51:38 2001 *************** *** 40,46 **** #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.1 1999/08/04 17:31:13 darrenr Exp $"; #endif #define CHUNKSIZE 8192 --- 40,46 ---- #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.1.2.1 2001/02/28 10:51:38 darrenr Exp $"; #endif #define CHUNKSIZE 8192 *************** *** 58,64 **** char devname[16], *s, buf[256]; int i, fd; ! (void) sprintf(devname, "/dev/%s", device); s = devname + 5; while (*s && !isdigit(*s)) --- 58,65 ---- char devname[16], *s, buf[256]; int i, fd; ! (void) strcpy(devname, "/dev/"); ! (void) strncat(devname, device, sizeof(devname) - strlen(devname)); s = devname + 5; while (*s && !isdigit(*s)) diff -cr ip_fil3.3.21/natparse.c ip_fil3.3.22/natparse.c *** ip_fil3.3.21/natparse.c Sun Jun 25 17:13:28 2000 --- ip_fil3.3.22/natparse.c Fri Apr 6 23:48:50 2001 *************** *** 53,59 **** #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.2.2.3 2000/06/25 07:13:28 darrenr Exp $"; #endif --- 53,59 ---- #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: natparse.c,v 1.2.2.4 2001/04/06 13:47:50 darrenr Exp $"; #endif *************** *** 136,141 **** --- 136,143 ---- printf(" tcp"); else if ((np->in_flags & IPN_UDP) == IPN_UDP) printf(" udp"); + if (np->in_flags & IPN_FRAG) + printf(" frag"); printf("\n"); if (verbose) printf("\t%p %lu %x %u %p %d\n", np->in_ifp, *************** *** 205,210 **** --- 207,214 ---- ntohs(np->in_pmax)); } } + if (np->in_flags & IPN_FRAG) + printf(" frag"); printf("\n"); if (verbose) { printf("\tifp %p space %lu nextip %s pnext %d", *************** *** 557,563 **** ipn.in_p = atoi(s); } proto = s; ! if ((s = strtok(NULL, " \t"))) { fprintf(stderr, "%d: extra junk at the end of rdr: %s\n", linenum, s); --- 561,572 ---- ipn.in_p = atoi(s); } proto = s; ! s = strtok(NULL, " \t"); ! if (s && !strcasecmp(s, "frag")) { ! s = strtok(NULL, " \t"); ! ipn.in_flags |= IPN_FRAG; ! } ! if (s != NULL) { fprintf(stderr, "%d: extra junk at the end of rdr: %s\n", linenum, s); *************** *** 576,581 **** --- 585,595 ---- if ((ipn.in_redir & NAT_MAPBLK) != 0) nat_setgroupmap(&ipn); + + if (s && !strcasecmp(s, "frag")) { + s = strtok(NULL, " \t"); + ipn.in_flags |= IPN_FRAG; + } if (!s) return &ipn; diff -cr ip_fil3.3.21/parse.c ip_fil3.3.22/parse.c *** ip_fil3.3.21/parse.c Mon Jan 15 00:59:54 2001 --- ip_fil3.3.22/parse.c Fri Apr 6 20:53:56 2001 *************** *** 1,5 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given --- 1,5 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given *************** *** 41,47 **** #if !defined(lint) static const char sccsid[] = "@(#)parse.c 1.44 6/5/96 (C) 1993-1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: parse.c,v 2.1.2.16 2001/01/14 13:59:54 darrenr Exp $"; #endif extern struct ipopt_names ionames[], secclass[]; --- 41,47 ---- #if !defined(lint) static const char sccsid[] = "@(#)parse.c 1.44 6/5/96 (C) 1993-1996 Darren Reed"; ! static const char rcsid[] = "@(#)$Id: parse.c,v 2.1.2.17 2001/04/06 10:53:56 darrenr Exp $"; #endif extern struct ipopt_names ionames[], secclass[]; diff -cr ip_fil3.3.21/solaris.c ip_fil3.3.22/solaris.c *** ip_fil3.3.21/solaris.c Mon May 22 16:57:56 2000 --- ip_fil3.3.22/solaris.c Fri Apr 6 20:54:03 2001 *************** *** 1,12 **** /* ! * Copyright (C) 1993-1998 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.1.2.20 2000/05/22 06:57:56 darrenr Exp $" #include #include --- 1,12 ---- /* ! * Copyright (C) 1993-2001 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. */ /* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/ ! #pragma ident "@(#)$Id: solaris.c,v 2.1.2.22 2001/04/06 10:54:03 darrenr Exp $" #include #include *************** *** 785,790 **** --- 785,792 ---- freemsg(mb); mb = m1; frstats[0].fr_copy++; + if (!mb) + return 0; } READ_ENTER(&ipf_solaris); *************** *** 886,891 **** --- 888,895 ---- freemsg(mb); mb = m1; frstats[1].fr_copy++; + if (!mb) + return 0; } READ_ENTER(&ipf_solaris);