svn commit: r264235 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Mon Apr 7 19:32:56 2014
New Revision: 264235
URL: http://svnweb.freebsd.org/changeset/base/264235
Log:
Implement the final missing sysctls by moving ipf_auth_softc_t from
ip_auth.c to ip_auth.h. ip_frag_soft_t moves from ip_frag.c to
ip_frag.h. mlfk_ipl.c creates sysctl MIBs that reference control blocks
that are dynamically created when IP Filter is loaded. This necessitated
creating them on-the-fly rather than statically at compile time.
Approved by: glebius (mentor)
Modified:
head/sys/contrib/ipfilter/netinet/ip_auth.c
head/sys/contrib/ipfilter/netinet/ip_auth.h
head/sys/contrib/ipfilter/netinet/ip_frag.c
head/sys/contrib/ipfilter/netinet/ip_frag.h
head/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Modified: head/sys/contrib/ipfilter/netinet/ip_auth.c
==
--- head/sys/contrib/ipfilter/netinet/ip_auth.c Mon Apr 7 19:02:47 2014
(r264234)
+++ head/sys/contrib/ipfilter/netinet/ip_auth.c Mon Apr 7 19:32:56 2014
(r264235)
@@ -131,33 +131,6 @@ static const char rcsid[] = "@(#)$FreeBS
#endif
-
-typedefstruct ipf_auth_softc_s {
-#if SOLARIS && defined(_KERNEL)
- kcondvar_t ipf_auth_wait;
-#endif /* SOLARIS */
-#if defined(linux) && defined(_KERNEL)
- wait_queue_head_t ipf_auth_next_linux;
-#endif
- ipfrwlock_t ipf_authlk;
- ipfmutex_t ipf_auth_mx;
- int ipf_auth_size;
- int ipf_auth_used;
- int ipf_auth_replies;
- int ipf_auth_defaultage;
- int ipf_auth_lock;
- ipf_authstat_t ipf_auth_stats;
- frauth_t*ipf_auth;
- mb_t**ipf_auth_pkts;
- int ipf_auth_start;
- int ipf_auth_end;
- int ipf_auth_next;
- frauthent_t *ipf_auth_entries;
- frentry_t *ipf_auth_ip;
- frentry_t *ipf_auth_rules;
-} ipf_auth_softc_t;
-
-
static void ipf_auth_deref __P((frauthent_t **));
static void ipf_auth_deref_unlocked __P((ipf_auth_softc_t *, frauthent_t **));
static int ipf_auth_geniter __P((ipf_main_softc_t *, ipftoken_t *,
Modified: head/sys/contrib/ipfilter/netinet/ip_auth.h
==
--- head/sys/contrib/ipfilter/netinet/ip_auth.h Mon Apr 7 19:02:47 2014
(r264234)
+++ head/sys/contrib/ipfilter/netinet/ip_auth.h Mon Apr 7 19:32:56 2014
(r264235)
@@ -49,6 +49,24 @@ typedef struct ipf_authstat {
frauthent_t *fas_faelist;
} ipf_authstat_t;
+typedefstruct ipf_auth_softc_s {
+ ipfrwlock_t ipf_authlk;
+ ipfmutex_t ipf_auth_mx;
+ int ipf_auth_size;
+ int ipf_auth_used;
+ int ipf_auth_replies;
+ int ipf_auth_defaultage;
+ int ipf_auth_lock;
+ ipf_authstat_t ipf_auth_stats;
+ frauth_t*ipf_auth;
+ mb_t**ipf_auth_pkts;
+ int ipf_auth_start;
+ int ipf_auth_end;
+ int ipf_auth_next;
+ frauthent_t *ipf_auth_entries;
+ frentry_t *ipf_auth_ip;
+ frentry_t *ipf_auth_rules;
+} ipf_auth_softc_t;
extern frentry_t *ipf_auth_check __P((fr_info_t *, u_32_t *));
extern voidipf_auth_expire __P((ipf_main_softc_t *));
Modified: head/sys/contrib/ipfilter/netinet/ip_frag.c
==
--- head/sys/contrib/ipfilter/netinet/ip_frag.c Mon Apr 7 19:02:47 2014
(r264234)
+++ head/sys/contrib/ipfilter/netinet/ip_frag.c Mon Apr 7 19:32:56 2014
(r264235)
@@ -91,27 +91,6 @@ static const char rcsid[] = "@(#)$FreeBS
#endif
-typedef struct ipf_frag_softc_s {
- ipfrwlock_t ipfr_ipidfrag;
- ipfrwlock_t ipfr_frag;
- ipfrwlock_t ipfr_natfrag;
- int ipfr_size;
- int ipfr_ttl;
- int ipfr_lock;
- int ipfr_inited;
- ipfr_t *ipfr_list;
- ipfr_t **ipfr_tail;
- ipfr_t *ipfr_natlist;
- ipfr_t **ipfr_nattail;
- ipfr_t *ipfr_ipidlist;
- ipfr_t **ipfr_ipidtail;
- ipfr_t **ipfr_heads;
- ipfr_t **ipfr_nattab;
- ipfr_t **ipfr_ipidtab;
- ipfrstat_t ipfr_stats;
-} ipf_frag_softc_t;
-
-
#ifdef USE_MUTEXES
static ipfr_t *ipfr_frag_new __P((ipf_main_softc_t *, ipf_frag_softc_t *,
fr_info_t *, u_32_t, ipfr_t **,
Modified: head/sys/contrib/ipfilter/netinet/ip_frag.h
==
--- head/sys/contrib/ipfilter/netinet/ip_frag.h Mon Apr 7 19:02:47 2014
(r264234)
+++ head/sys/contrib/ipfilter/netinet/ip_frag.h Mo
svn commit: r253482 - in head: contrib/ipfilter sys/contrib/ipfilter
Author: cy Date: Sat Jul 20 07:29:19 2013 New Revision: 253482 URL: http://svnweb.freebsd.org/changeset/base/253482 Log: As per the developers handbook (5.3.1 step 1), bootstrap svn:mergeinfo on the ipfilter directories in the main tree to the last commit made to the ipfilter trees in the vendor branches (r253468) which flattened the ipfilter vendor trees. Now that this step is complete, we are free to import new sources into the ipfilter vendor trees. Approved by: glebius (Mentor) Modified: Directory Properties: head/contrib/ipfilter/ (props changed) head/sys/contrib/ipfilter/ (props changed) ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r254220 - vendor/ipfilter/5.1.2
Author: cy Date: Sun Aug 11 14:37:51 2013 New Revision: 254220 URL: http://svnweb.freebsd.org/changeset/base/254220 Log: Tag import of IP-Filter 5.1.2. Approved by: glebius (Mentor) Added: vendor/ipfilter/5.1.2/ - copied from r254219, vendor/ipfilter/dist/ ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r254221 - vendor-sys/ipfilter/5-1-2
Author: cy Date: Sun Aug 11 14:39:27 2013 New Revision: 254221 URL: http://svnweb.freebsd.org/changeset/base/254221 Log: Tag import of IP-Filter 5.1.2. Approved by: glebius (Mentor) Added: vendor-sys/ipfilter/5-1-2/ - copied from r254220, vendor-sys/ipfilter/dist/ ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r254401 - vendor-sys/ipfilter/dist/netinet
Author: cy
Date: Fri Aug 16 07:03:28 2013
New Revision: 254401
URL: http://svnweb.freebsd.org/changeset/base/254401
Log:
Include three new files that should be in vendor-sys branch too.
Approved by: glebius (Mentor)
Added:
vendor-sys/ipfilter/dist/netinet/ip_dns_pxy.c
vendor-sys/ipfilter/dist/netinet/ip_nat6.c
vendor-sys/ipfilter/dist/netinet/ip_tftp_pxy.c
Added: vendor-sys/ipfilter/dist/netinet/ip_dns_pxy.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor-sys/ipfilter/dist/netinet/ip_dns_pxy.c Fri Aug 16 07:03:28
2013(r254401)
@@ -0,0 +1,402 @@
+/*
+ * Copyright (C) 2012 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: ip_dns_pxy.c,v 1.1.2.10 2012/07/22 08:04:23 darren_r Exp $
+ */
+
+#defineIPF_DNS_PROXY
+
+/*
+ * map ... proxy port dns/udp 53 { block .cnn.com; }
+ */
+typedefstruct ipf_dns_filter {
+ struct ipf_dns_filter *idns_next;
+ char*idns_name;
+ int idns_namelen;
+ int idns_pass;
+} ipf_dns_filter_t;
+
+
+typedef struct ipf_dns_softc_s {
+ ipf_dns_filter_t*ipf_p_dns_list;
+ ipfrwlock_t ipf_p_dns_rwlock;
+ u_long ipf_p_dns_compress;
+ u_long ipf_p_dns_toolong;
+ u_long ipf_p_dns_nospace;
+} ipf_dns_softc_t;
+
+int ipf_p_dns_allow_query __P((ipf_dns_softc_t *, dnsinfo_t *));
+int ipf_p_dns_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
+int ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
+int ipf_p_dns_get_name __P((ipf_dns_softc_t *, char *, int, char *, int));
+int ipf_p_dns_inout __P((void *, fr_info_t *, ap_session_t *, nat_t *));
+int ipf_p_dns_match __P((fr_info_t *, ap_session_t *, nat_t *));
+int ipf_p_dns_match_names __P((ipf_dns_filter_t *, char *, int));
+int ipf_p_dns_new __P((void *, fr_info_t *, ap_session_t *, nat_t *));
+void *ipf_p_dns_soft_create __P((ipf_main_softc_t *));
+void ipf_p_dns_soft_destroy __P((ipf_main_softc_t *, void *));
+
+typedef struct {
+ u_char dns_id[2];
+ u_short dns_ctlword;
+ u_short dns_qdcount;
+ u_short dns_ancount;
+ u_short dns_nscount;
+ u_short dns_arcount;
+} ipf_dns_hdr_t;
+
+#defineDNS_QR(x) ((ntohs(x) & 0x8000) >> 15)
+#defineDNS_OPCODE(x) ((ntohs(x) & 0x7800) >> 11)
+#defineDNS_AA(x) ((ntohs(x) & 0x0400) >> 10)
+#defineDNS_TC(x) ((ntohs(x) & 0x0200) >> 9)
+#defineDNS_RD(x) ((ntohs(x) & 0x0100) >> 8)
+#defineDNS_RA(x) ((ntohs(x) & 0x0080) >> 7)
+#defineDNS_Z(x)((ntohs(x) & 0x0070) >> 4)
+#defineDNS_RCODE(x)((ntohs(x) & 0x000f) >> 0)
+
+
+void *
+ipf_p_dns_soft_create(softc)
+ ipf_main_softc_t *softc;
+{
+ ipf_dns_softc_t *softd;
+
+ KMALLOC(softd, ipf_dns_softc_t *);
+ if (softd == NULL)
+ return NULL;
+
+ bzero((char *)softd, sizeof(*softd));
+ RWLOCK_INIT(&softd->ipf_p_dns_rwlock, "ipf dns rwlock");
+
+ return softd;
+}
+
+
+void
+ipf_p_dns_soft_destroy(softc, arg)
+ ipf_main_softc_t *softc;
+ void *arg;
+{
+ ipf_dns_softc_t *softd = arg;
+ ipf_dns_filter_t *idns;
+
+ while ((idns = softd->ipf_p_dns_list) != NULL) {
+ KFREES(idns->idns_name, idns->idns_namelen);
+ idns->idns_name = NULL;
+ idns->idns_namelen = 0;
+ softd->ipf_p_dns_list = idns->idns_next;
+ KFREE(idns);
+ }
+ RW_DESTROY(&softd->ipf_p_dns_rwlock);
+
+ KFREE(softd);
+}
+
+
+int
+ipf_p_dns_ctl(softc, arg, ctl)
+ ipf_main_softc_t *softc;
+ void *arg;
+ ap_ctl_t *ctl;
+{
+ ipf_dns_softc_t *softd = arg;
+ ipf_dns_filter_t *tmp, *idns, **idnsp;
+ int error = 0;
+
+ /*
+* To make locking easier.
+*/
+ KMALLOC(tmp, ipf_dns_filter_t *);
+
+ WRITE_ENTER(&softd->ipf_p_dns_rwlock);
+ for (idnsp = &softd->ipf_p_dns_list; (idns = *idnsp) != NULL;
+idnsp = &idns->idns_next) {
+ if (idns->idns_namelen != ctl->apc_dsize)
+ continue;
+ if (!strncmp(ctl->apc_data, idns->idns_name,
+ idns->idns_namelen))
+ break;
+ }
+
+ switch (ctl->apc_cmd)
+ {
+ case APC_CMD_DEL :
+ if (idns == NULL) {
+ IPFERROR(80006);
+ error = ESRCH;
+ break;
+ }
+ *idnsp = idns->idns_next;
+ idns->idns_next = NULL;
+ KFREES(idns->idns_name, idns->idns_namelen);
+ idns->idns_name = NULL;
+ idns->idns_namelen
svn commit: r254403 - vendor-sys/ipfilter/5-1-2/netinet
Author: cy
Date: Fri Aug 16 07:16:26 2013
New Revision: 254403
URL: http://svnweb.freebsd.org/changeset/base/254403
Log:
Tag three new files that should have been in vendor-sys in r254219 and
r254221.
Approved by: glebius (Mentor)
Added:
vendor-sys/ipfilter/5-1-2/netinet/ip_dns_pxy.c
- copied unchanged from r254401,
vendor-sys/ipfilter/dist/netinet/ip_dns_pxy.c
vendor-sys/ipfilter/5-1-2/netinet/ip_nat6.c
- copied unchanged from r254401, vendor-sys/ipfilter/dist/netinet/ip_nat6.c
vendor-sys/ipfilter/5-1-2/netinet/ip_tftp_pxy.c
- copied unchanged from r254401,
vendor-sys/ipfilter/dist/netinet/ip_tftp_pxy.c
Copied: vendor-sys/ipfilter/5-1-2/netinet/ip_dns_pxy.c (from r254401,
vendor-sys/ipfilter/dist/netinet/ip_dns_pxy.c)
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor-sys/ipfilter/5-1-2/netinet/ip_dns_pxy.c Fri Aug 16 07:16:26
2013(r254403, copy of r254401,
vendor-sys/ipfilter/dist/netinet/ip_dns_pxy.c)
@@ -0,0 +1,402 @@
+/*
+ * Copyright (C) 2012 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: ip_dns_pxy.c,v 1.1.2.10 2012/07/22 08:04:23 darren_r Exp $
+ */
+
+#defineIPF_DNS_PROXY
+
+/*
+ * map ... proxy port dns/udp 53 { block .cnn.com; }
+ */
+typedefstruct ipf_dns_filter {
+ struct ipf_dns_filter *idns_next;
+ char*idns_name;
+ int idns_namelen;
+ int idns_pass;
+} ipf_dns_filter_t;
+
+
+typedef struct ipf_dns_softc_s {
+ ipf_dns_filter_t*ipf_p_dns_list;
+ ipfrwlock_t ipf_p_dns_rwlock;
+ u_long ipf_p_dns_compress;
+ u_long ipf_p_dns_toolong;
+ u_long ipf_p_dns_nospace;
+} ipf_dns_softc_t;
+
+int ipf_p_dns_allow_query __P((ipf_dns_softc_t *, dnsinfo_t *));
+int ipf_p_dns_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
+int ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
+int ipf_p_dns_get_name __P((ipf_dns_softc_t *, char *, int, char *, int));
+int ipf_p_dns_inout __P((void *, fr_info_t *, ap_session_t *, nat_t *));
+int ipf_p_dns_match __P((fr_info_t *, ap_session_t *, nat_t *));
+int ipf_p_dns_match_names __P((ipf_dns_filter_t *, char *, int));
+int ipf_p_dns_new __P((void *, fr_info_t *, ap_session_t *, nat_t *));
+void *ipf_p_dns_soft_create __P((ipf_main_softc_t *));
+void ipf_p_dns_soft_destroy __P((ipf_main_softc_t *, void *));
+
+typedef struct {
+ u_char dns_id[2];
+ u_short dns_ctlword;
+ u_short dns_qdcount;
+ u_short dns_ancount;
+ u_short dns_nscount;
+ u_short dns_arcount;
+} ipf_dns_hdr_t;
+
+#defineDNS_QR(x) ((ntohs(x) & 0x8000) >> 15)
+#defineDNS_OPCODE(x) ((ntohs(x) & 0x7800) >> 11)
+#defineDNS_AA(x) ((ntohs(x) & 0x0400) >> 10)
+#defineDNS_TC(x) ((ntohs(x) & 0x0200) >> 9)
+#defineDNS_RD(x) ((ntohs(x) & 0x0100) >> 8)
+#defineDNS_RA(x) ((ntohs(x) & 0x0080) >> 7)
+#defineDNS_Z(x)((ntohs(x) & 0x0070) >> 4)
+#defineDNS_RCODE(x)((ntohs(x) & 0x000f) >> 0)
+
+
+void *
+ipf_p_dns_soft_create(softc)
+ ipf_main_softc_t *softc;
+{
+ ipf_dns_softc_t *softd;
+
+ KMALLOC(softd, ipf_dns_softc_t *);
+ if (softd == NULL)
+ return NULL;
+
+ bzero((char *)softd, sizeof(*softd));
+ RWLOCK_INIT(&softd->ipf_p_dns_rwlock, "ipf dns rwlock");
+
+ return softd;
+}
+
+
+void
+ipf_p_dns_soft_destroy(softc, arg)
+ ipf_main_softc_t *softc;
+ void *arg;
+{
+ ipf_dns_softc_t *softd = arg;
+ ipf_dns_filter_t *idns;
+
+ while ((idns = softd->ipf_p_dns_list) != NULL) {
+ KFREES(idns->idns_name, idns->idns_namelen);
+ idns->idns_name = NULL;
+ idns->idns_namelen = 0;
+ softd->ipf_p_dns_list = idns->idns_next;
+ KFREE(idns);
+ }
+ RW_DESTROY(&softd->ipf_p_dns_rwlock);
+
+ KFREE(softd);
+}
+
+
+int
+ipf_p_dns_ctl(softc, arg, ctl)
+ ipf_main_softc_t *softc;
+ void *arg;
+ ap_ctl_t *ctl;
+{
+ ipf_dns_softc_t *softd = arg;
+ ipf_dns_filter_t *tmp, *idns, **idnsp;
+ int error = 0;
+
+ /*
+* To make locking easier.
+*/
+ KMALLOC(tmp, ipf_dns_filter_t *);
+
+ WRITE_ENTER(&softd->ipf_p_dns_rwlock);
+ for (idnsp = &softd->ipf_p_dns_list; (idns = *idnsp) != NULL;
+idnsp = &idns->idns_next) {
+ if (idns->idns_namelen != ctl->apc_dsize)
+ continue;
+ if (!strncmp(ctl->apc_data, idns->idns_name,
+ idns->idns_namelen))
+ break;
+ }
+
+ switch (ctl->apc_cmd)
+ {
+ c
svn commit: r254560 - vendor/ipfilter/dist
Author: cy Date: Tue Aug 20 13:19:35 2013 New Revision: 254560 URL: http://svnweb.freebsd.org/changeset/base/254560 Log: Document the FreeBSD use of IP-FIlter under the previously existing non-GPL license. Approved by: Darren Reed (IP-Filter author) glebius (mentor) Added: vendor/ipfilter/dist/IPFILTER.LICENCE.FreeBSD Added: vendor/ipfilter/dist/IPFILTER.LICENCE.FreeBSD == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/ipfilter/dist/IPFILTER.LICENCE.FreeBSD Tue Aug 20 13:19:35 2013(r254560) @@ -0,0 +1,83 @@ +Received: from slippy (localhost [127.0.0.1]) + by slippy.cwsent.com (8.14.7/8.14.7) with ESMTP id r68DreQv004291 + for ; Mon, 8 Jul 2013 06:53:40 -0700 (PDT) + (envelope-from cy.schub...@komquats.com) +X-Original-To: slippy +Delivered-To: sli...@komquats.com +Received: from cwfw [10.1.1.254] + by slippy with POP3 (fetchmail-6.3.22) + for (single-drop); Mon, 08 Jul 2013 06:53:40 -0700 (PDT) +Received: by spqr.komquats.com (Postfix, from userid 1000) + id 377821BC; Mon, 8 Jul 2013 06:53:38 -0700 (PDT) +X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on cwfw.cwsent.com +X-Spam-Level: +X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,MY_DSL,SMILEY + autolearn=no version=3.3.2 +X-Original-To: cy.schub...@komquats.com +Delivered-To: cy.schub...@komquats.com +Received: from mail.ipfilter.com.au (dsl-202-45-110-141-static.VIC.netspace.net.au [202.45.110.141]) + by spqr.komquats.com (Postfix) with ESMTP id C69AE18D + for ; Mon, 8 Jul 2013 06:53:31 -0700 (PDT) +Received: (from root@localhost) + by firewall.reed.wattle.id.au (8.12.10/8.11.0) id r68DrJF8001558; + Mon, 8 Jul 2013 23:53:19 +1000 (EST) +Message-ID: <51dac488.1050...@reed.wattle.id.au> +Date: Mon, 08 Jul 2013 23:54:16 +1000 +From: Darren Reed +Reply-To: darr...@reed.wattle.id.au +User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 +MIME-Version: 1.0 +To: Cy Schubert +CC: Gleb Smirnoff , Andre Oppermann , +Pedro Giffuni +Subject: Re: IP Filter 5.1.2 License +References: <201307011513.r61fd9ik005...@slippy.cwsent.com> +In-Reply-To: <201307011513.r61fd9ik005...@slippy.cwsent.com> +X-Enigmail-Version: 1.5.1 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +X-UIDL: NC"#!o_F!!BlL!!bL6!! + +On 2/07/2013 1:13 AM, Cy Schubert wrote: +> In message <51d19503.2090...@reed.wattle.id.au>, Darren Reed writes: +>> On 25/06/2013 11:03 AM, Cy Schubert wrote: +>>> Hi Darren, +>>> +>>> I'm not sure if you remember me or not but I'm a committer at the FreeBSD +>>> Project. I've been a long time IPF user, both under FreeBSD and Solaris. +>>> I've volunteered to maintain IP Filter in the src/ tree. I noticed that the +>> +>>> IP Filter license changed from the previous IP Filter license to GPLv2 +>>> somewhere between 4.1.34 and 4.1.35. I was planning on importing 5.1.2 +>>> however upon discovering it was GPL I decided to update the FreeBSD IPF +>>> from 4.1.28 to 4.1.34 until it was brought to my attention a few days ago +>>> that IPF 5.1.2 was imported into NetBSD. I'm not sure what kind of policy +>>> the NetBSD folks have toward GPL so I thought it best to ask you directly +>>> under what license you imported IPF into NetBSD? If I can I'd like to +>>> import 5.1.2. As IPF author and owner of the code, what are your thoughts. +>> +>>> Can I import IPF 5.1.2 into FreeBSD under a different license from GPL? +>> I imported IPF into NetBSD under the same license that has had previously. +>> When I eventually update FreeBSD, I'll publish the code under the same +>> license that it has now. +>> + +[...] + +> +> When we import into FreeBSD we will not touch the IPFILTER.LICENSE file +> keeping the license as before in our tree. +> +> I don't mind doing the work if you won't mind. + +Not at all. + +Ok, I think there's one important thing for me to say here: + +I, Darren Reed, authorise Cy Schubert to use the IP-Filter source code from CVS on sourceforge in the FreeBSD source code tree using the existing license that currently covers IP-Filter in FreeBSD . + +I think something like that should cover you. + +Cheers, +Darren + ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r254561 - vendor-sys/ipfilter/dist/netinet
* copied, in part or in whole, and put under another distribution licence + * [including the GNU Public Licence.] + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * I hate legalese, don't you ? + */ Added: vendor-sys/ipfilter/dist/netinet/IPFILTER.LICENCE.FreeBSD == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-sys/ipfilter/dist/netinet/IPFILTER.LICENCE.FreeBSD Tue Aug 20 13:22:21 2013(r254561) @@ -0,0 +1,83 @@ +Received: from slippy (localhost [127.0.0.1]) + by slippy.cwsent.com (8.14.7/8.14.7) with ESMTP id r68DreQv004291 + for ; Mon, 8 Jul 2013 06:53:40 -0700 (PDT) + (envelope-from cy.schub...@komquats.com) +X-Original-To: slippy +Delivered-To: sli...@komquats.com +Received: from cwfw [10.1.1.254] + by slippy with POP3 (fetchmail-6.3.22) + for (single-drop); Mon, 08 Jul 2013 06:53:40 -0700 (PDT) +Received: by spqr.komquats.com (Postfix, from userid 1000) + id 377821BC; Mon, 8 Jul 2013 06:53:38 -0700 (PDT) +X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on cwfw.cwsent.com +X-Spam-Level: +X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,MY_DSL,SMILEY + autolearn=no version=3.3.2 +X-Original-To: cy.schub...@komquats.com +Delivered-To: cy.schub...@komquats.com +Received: from mail.ipfilter.com.au (dsl-202-45-110-141-static.VIC.netspace.net.au [202.45.110.141]) + by spqr.komquats.com (Postfix) with ESMTP id C69AE18D + for ; Mon, 8 Jul 2013 06:53:31 -0700 (PDT) +Received: (from root@localhost) + by firewall.reed.wattle.id.au (8.12.10/8.11.0) id r68DrJF8001558; + Mon, 8 Jul 2013 23:53:19 +1000 (EST) +Message-ID: <51dac488.1050...@reed.wattle.id.au> +Date: Mon, 08 Jul 2013 23:54:16 +1000 +From: Darren Reed +Reply-To: darr...@reed.wattle.id.au +User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 +MIME-Version: 1.0 +To: Cy Schubert +CC: Gleb Smirnoff , Andre Oppermann , +Pedro Giffuni +Subject: Re: IP Filter 5.1.2 License +References: <201307011513.r61fd9ik005...@slippy.cwsent.com> +In-Reply-To: <201307011513.r61fd9ik005...@slippy.cwsent.com> +X-Enigmail-Version: 1.5.1 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +X-UIDL: NC"#!o_F!!BlL!!bL6!! + +On 2/07/2013 1:13 AM, Cy Schubert wrote: +> In message <51d19503.2090...@reed.wattle.id.au>, Darren Reed writes: +>> On 25/06/2013 11:03 AM, Cy Schubert wrote: +>>> Hi Darren, +>>> +>>> I'm not sure if you remember me or not but I'm a committer at the FreeBSD +>>> Project. I've been a long time IPF user, both under FreeBSD and Solaris. +>>> I've volunteered to maintain IP Filter in the src/ tree. I noticed that the +>> +>>> IP Filter license changed from the previous IP Filter license to GPLv2 +>>> somewhere between 4.1.34 and 4.1.35. I was planning on importing 5.1.2 +>>> however upon discovering it was GPL I decided to update the FreeBSD IPF +>>> from 4.1.28 to 4.1.34 until it was brought to my attention a few days ago +>>> that IPF 5.1.2 was imported into NetBSD. I'm not sure what kind of policy +>>> the NetBSD folks have toward GPL so I thought it best to ask you directly +>>> under what license you imported IPF into NetBSD? If I can I'd like to +>>> import 5.1.2. As IPF author and owner of the code, what are your thoughts. +>> +>>> Can I import IPF 5.1.2 into FreeBSD under a different license from GPL? +>> I imported IPF into NetBSD under the same license that has had previously. +>> When I eventually update FreeBSD, I'll publish the code under the same +>> license that it has now. +>> + +[...] + +> +> When we import into FreeBSD we will not touch the IPFILTER.LICENSE file +> keeping the license as before in our tree. +> +> I don't mind doing the work if you won't mind. + +Not at all. + +Ok, I think there's one important thing for me to say here: + +I, Darren Re
svn commit: r254562 - vendor-sys/ipfilter/dist/netinet
Author: cy
Date: Tue Aug 20 13:24:44 2013
New Revision: 254562
URL: http://svnweb.freebsd.org/changeset/base/254562
Log:
Add kernel sources from IP-Filter 5.1.2 to vendor-sys/ branch.
Approved by: glebius (mentor)
Added:
vendor-sys/ipfilter/dist/netinet/ip_dstlist.c (contents, props changed)
vendor-sys/ipfilter/dist/netinet/ip_dstlist.h
vendor-sys/ipfilter/dist/netinet/ipf_rb.h
vendor-sys/ipfilter/dist/netinet/radix_ipf.c (contents, props changed)
vendor-sys/ipfilter/dist/netinet/radix_ipf.h
Added: vendor-sys/ipfilter/dist/netinet/ip_dstlist.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor-sys/ipfilter/dist/netinet/ip_dstlist.c Tue Aug 20 13:24:44
2013(r254562)
@@ -0,0 +1,1351 @@
+/*
+ * Copyright (C) 2012 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+# undef KERNEL
+# undef _KERNEL
+# defineKERNEL 1
+# define_KERNEL1
+#endif
+#if defined(__osf__)
+# define _PROTO_NET_H_
+#endif
+#include
+#include
+#include
+#include
+#if !defined(_KERNEL) && !defined(__KERNEL__)
+# include
+# include
+# include
+# define _KERNEL
+# ifdef __OpenBSD__
+struct file;
+# endif
+# include
+# undef _KERNEL
+#else
+# include
+# if defined(NetBSD) && (__NetBSD_Version__ >= 10400)
+# include
+# endif
+#endif
+#include
+#if !defined(linux)
+# include
+#endif
+#include
+#if defined(_KERNEL) && (!defined(__SVR4) && !defined(__svr4__))
+# include
+#endif
+#if defined(__SVR4) || defined(__svr4__)
+# include
+# include
+# ifdef _KERNEL
+# include
+# endif
+# include
+# include
+#endif
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 30)
+# include
+#endif
+
+#include
+#include
+
+#include "netinet/ip_compat.h"
+#include "netinet/ip_fil.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_lookup.h"
+#include "netinet/ip_dstlist.h"
+
+/* END OF INCLUDES */
+
+#ifdef HAS_SYS_MD5_H
+# include
+#else
+# include "md5.h"
+#endif
+
+#if !defined(lint)
+static const char rcsid[] = "@(#)$Id: ip_dstlist.c,v 1.13.2.12 2012/07/20
08:40:19 darren_r Exp $";
+#endif
+
+typedef struct ipf_dstl_softc_s {
+ ippool_dst_t*dstlist[LOOKUP_POOL_SZ];
+ ippool_dst_t**tails[LOOKUP_POOL_SZ];
+ ipf_dstl_stat_t stats;
+} ipf_dstl_softc_t;
+
+
+static void *ipf_dstlist_soft_create __P((ipf_main_softc_t *));
+static void ipf_dstlist_soft_destroy __P((ipf_main_softc_t *, void *));
+static int ipf_dstlist_soft_init __P((ipf_main_softc_t *, void *));
+static void ipf_dstlist_soft_fini __P((ipf_main_softc_t *, void *));
+static int ipf_dstlist_addr_find __P((ipf_main_softc_t *, void *, int,
+ void *, u_int));
+static size_t ipf_dstlist_flush __P((ipf_main_softc_t *, void *,
+iplookupflush_t *));
+static int ipf_dstlist_iter_deref __P((ipf_main_softc_t *, void *, int, int,
+ void *));
+static int ipf_dstlist_iter_next __P((ipf_main_softc_t *, void *, ipftoken_t *,
+ ipflookupiter_t *));
+static int ipf_dstlist_node_add __P((ipf_main_softc_t *, void *,
+iplookupop_t *, int));
+static int ipf_dstlist_node_del __P((ipf_main_softc_t *, void *,
+iplookupop_t *, int));
+static int ipf_dstlist_stats_get __P((ipf_main_softc_t *, void *,
+ iplookupop_t *));
+static int ipf_dstlist_table_add __P((ipf_main_softc_t *, void *,
+ iplookupop_t *));
+static int ipf_dstlist_table_del __P((ipf_main_softc_t *, void *,
+ iplookupop_t *));
+static int ipf_dstlist_table_deref __P((ipf_main_softc_t *, void *, void *));
+static void *ipf_dstlist_table_find __P((void *, int, char *));
+static void ipf_dstlist_table_free __P((ipf_dstl_softc_t *, ippool_dst_t *));
+static void ipf_dstlist_table_remove __P((ipf_main_softc_t *,
+ ipf_dstl_softc_t *, ippool_dst_t *));
+static void ipf_dstlist_table_clearnodes __P((ipf_dstl_softc_t *,
+ ippool_dst_t *));
+static ipf_dstnode_t *ipf_dstlist_select __P((fr_info_t *, ippool_dst_t *));
+static void *ipf_dstlist_select_ref __P((void *, int, char *));
+static void ipf_dstlist_node_free __P((ipf_dstl_softc_t *, ippool_dst_t *,
ipf_dstnode_t *));
+static int ipf_dstlist_node_deref __P((void *, ipf_dstnode_t *));
+static void ipf_dstlist_expire __P((ipf_main_softc_t *, void *));
+static void ipf_dstlist_sync __P((ipf_main_softc_t *, void *));
+
+ipf_lookup_t ipf_dstlist_backend = {
+ IPLT_DSTLIST,
+ ipf_dstlist_soft_create,
+ ipf_dstlist_soft_destroy,
+ ipf_dstlist_soft_init,
+ ipf_dstlist_soft_fini,
+ ipf
svn commit: r254563 - vendor/ipfilter/5.1.2
Author: cy Date: Tue Aug 20 13:38:40 2013 New Revision: 254563 URL: http://svnweb.freebsd.org/changeset/base/254563 Log: Tag authorization to use IP-Filter under old license. Approved by: glebius (mentor) Added: vendor/ipfilter/5.1.2/IPFILTER.LICENCE.FreeBSD - copied unchanged from r254562, vendor/ipfilter/dist/IPFILTER.LICENCE.FreeBSD Copied: vendor/ipfilter/5.1.2/IPFILTER.LICENCE.FreeBSD (from r254562, vendor/ipfilter/dist/IPFILTER.LICENCE.FreeBSD) == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/ipfilter/5.1.2/IPFILTER.LICENCE.FreeBSD Tue Aug 20 13:38:40 2013(r254563, copy of r254562, vendor/ipfilter/dist/IPFILTER.LICENCE.FreeBSD) @@ -0,0 +1,83 @@ +Received: from slippy (localhost [127.0.0.1]) + by slippy.cwsent.com (8.14.7/8.14.7) with ESMTP id r68DreQv004291 + for ; Mon, 8 Jul 2013 06:53:40 -0700 (PDT) + (envelope-from cy.schub...@komquats.com) +X-Original-To: slippy +Delivered-To: sli...@komquats.com +Received: from cwfw [10.1.1.254] + by slippy with POP3 (fetchmail-6.3.22) + for (single-drop); Mon, 08 Jul 2013 06:53:40 -0700 (PDT) +Received: by spqr.komquats.com (Postfix, from userid 1000) + id 377821BC; Mon, 8 Jul 2013 06:53:38 -0700 (PDT) +X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on cwfw.cwsent.com +X-Spam-Level: +X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,MY_DSL,SMILEY + autolearn=no version=3.3.2 +X-Original-To: cy.schub...@komquats.com +Delivered-To: cy.schub...@komquats.com +Received: from mail.ipfilter.com.au (dsl-202-45-110-141-static.VIC.netspace.net.au [202.45.110.141]) + by spqr.komquats.com (Postfix) with ESMTP id C69AE18D + for ; Mon, 8 Jul 2013 06:53:31 -0700 (PDT) +Received: (from root@localhost) + by firewall.reed.wattle.id.au (8.12.10/8.11.0) id r68DrJF8001558; + Mon, 8 Jul 2013 23:53:19 +1000 (EST) +Message-ID: <51dac488.1050...@reed.wattle.id.au> +Date: Mon, 08 Jul 2013 23:54:16 +1000 +From: Darren Reed +Reply-To: darr...@reed.wattle.id.au +User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 +MIME-Version: 1.0 +To: Cy Schubert +CC: Gleb Smirnoff , Andre Oppermann , +Pedro Giffuni +Subject: Re: IP Filter 5.1.2 License +References: <201307011513.r61fd9ik005...@slippy.cwsent.com> +In-Reply-To: <201307011513.r61fd9ik005...@slippy.cwsent.com> +X-Enigmail-Version: 1.5.1 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +X-UIDL: NC"#!o_F!!BlL!!bL6!! + +On 2/07/2013 1:13 AM, Cy Schubert wrote: +> In message <51d19503.2090...@reed.wattle.id.au>, Darren Reed writes: +>> On 25/06/2013 11:03 AM, Cy Schubert wrote: +>>> Hi Darren, +>>> +>>> I'm not sure if you remember me or not but I'm a committer at the FreeBSD +>>> Project. I've been a long time IPF user, both under FreeBSD and Solaris. +>>> I've volunteered to maintain IP Filter in the src/ tree. I noticed that the +>> +>>> IP Filter license changed from the previous IP Filter license to GPLv2 +>>> somewhere between 4.1.34 and 4.1.35. I was planning on importing 5.1.2 +>>> however upon discovering it was GPL I decided to update the FreeBSD IPF +>>> from 4.1.28 to 4.1.34 until it was brought to my attention a few days ago +>>> that IPF 5.1.2 was imported into NetBSD. I'm not sure what kind of policy +>>> the NetBSD folks have toward GPL so I thought it best to ask you directly +>>> under what license you imported IPF into NetBSD? If I can I'd like to +>>> import 5.1.2. As IPF author and owner of the code, what are your thoughts. +>> +>>> Can I import IPF 5.1.2 into FreeBSD under a different license from GPL? +>> I imported IPF into NetBSD under the same license that has had previously. +>> When I eventually update FreeBSD, I'll publish the code under the same +>> license that it has now. +>> + +[...] + +> +> When we import into FreeBSD we will not touch the IPFILTER.LICENSE file +> keeping the license as before in our tree. +> +> I don't mind doing the work if you won't mind. + +Not at all. + +Ok, I think there's one important thing for me to say here: + +I, Darren Reed, authorise Cy Schubert to use the IP-Filter source code from CVS on sourceforge in the FreeBSD source code tree using the existing license that currently covers IP-Filter in FreeBSD . + +I think something like that should cover you. + +Cheers, +Darren + ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r254564 - vendor-sys/ipfilter/5-1-2/netinet
Author: cy Date: Tue Aug 20 13:50:36 2013 New Revision: 254564 URL: http://svnweb.freebsd.org/changeset/base/254564 Log: Tag authorization to use IP-Filter under old license. Tag additional kernel sources from IP-Filter 5.1.2 tarball. Approved by: glebius Added: vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE.FreeBSD - copied unchanged from r254563, vendor-sys/ipfilter/dist/netinet/IPFILTER.LICENCE.FreeBSD vendor-sys/ipfilter/5-1-2/netinet/ip_dstlist.c - copied unchanged from r254563, vendor-sys/ipfilter/dist/netinet/ip_dstlist.c vendor-sys/ipfilter/5-1-2/netinet/ip_dstlist.h - copied unchanged from r254563, vendor-sys/ipfilter/dist/netinet/ip_dstlist.h vendor-sys/ipfilter/5-1-2/netinet/ipf_rb.h - copied unchanged from r254563, vendor-sys/ipfilter/dist/netinet/ipf_rb.h vendor-sys/ipfilter/5-1-2/netinet/radix_ipf.c - copied unchanged from r254563, vendor-sys/ipfilter/dist/netinet/radix_ipf.c vendor-sys/ipfilter/5-1-2/netinet/radix_ipf.h - copied unchanged from r254563, vendor-sys/ipfilter/dist/netinet/radix_ipf.h Copied: vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE.FreeBSD (from r254563, vendor-sys/ipfilter/dist/netinet/IPFILTER.LICENCE.FreeBSD) == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE.FreeBSD Tue Aug 20 13:50:36 2013(r254564, copy of r254563, vendor-sys/ipfilter/dist/netinet/IPFILTER.LICENCE.FreeBSD) @@ -0,0 +1,83 @@ +Received: from slippy (localhost [127.0.0.1]) + by slippy.cwsent.com (8.14.7/8.14.7) with ESMTP id r68DreQv004291 + for ; Mon, 8 Jul 2013 06:53:40 -0700 (PDT) + (envelope-from cy.schub...@komquats.com) +X-Original-To: slippy +Delivered-To: sli...@komquats.com +Received: from cwfw [10.1.1.254] + by slippy with POP3 (fetchmail-6.3.22) + for (single-drop); Mon, 08 Jul 2013 06:53:40 -0700 (PDT) +Received: by spqr.komquats.com (Postfix, from userid 1000) + id 377821BC; Mon, 8 Jul 2013 06:53:38 -0700 (PDT) +X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on cwfw.cwsent.com +X-Spam-Level: +X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,MY_DSL,SMILEY + autolearn=no version=3.3.2 +X-Original-To: cy.schub...@komquats.com +Delivered-To: cy.schub...@komquats.com +Received: from mail.ipfilter.com.au (dsl-202-45-110-141-static.VIC.netspace.net.au [202.45.110.141]) + by spqr.komquats.com (Postfix) with ESMTP id C69AE18D + for ; Mon, 8 Jul 2013 06:53:31 -0700 (PDT) +Received: (from root@localhost) + by firewall.reed.wattle.id.au (8.12.10/8.11.0) id r68DrJF8001558; + Mon, 8 Jul 2013 23:53:19 +1000 (EST) +Message-ID: <51dac488.1050...@reed.wattle.id.au> +Date: Mon, 08 Jul 2013 23:54:16 +1000 +From: Darren Reed +Reply-To: darr...@reed.wattle.id.au +User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 +MIME-Version: 1.0 +To: Cy Schubert +CC: Gleb Smirnoff , Andre Oppermann , +Pedro Giffuni +Subject: Re: IP Filter 5.1.2 License +References: <201307011513.r61fd9ik005...@slippy.cwsent.com> +In-Reply-To: <201307011513.r61fd9ik005...@slippy.cwsent.com> +X-Enigmail-Version: 1.5.1 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 7bit +X-UIDL: NC"#!o_F!!BlL!!bL6!! + +On 2/07/2013 1:13 AM, Cy Schubert wrote: +> In message <51d19503.2090...@reed.wattle.id.au>, Darren Reed writes: +>> On 25/06/2013 11:03 AM, Cy Schubert wrote: +>>> Hi Darren, +>>> +>>> I'm not sure if you remember me or not but I'm a committer at the FreeBSD +>>> Project. I've been a long time IPF user, both under FreeBSD and Solaris. +>>> I've volunteered to maintain IP Filter in the src/ tree. I noticed that the +>> +>>> IP Filter license changed from the previous IP Filter license to GPLv2 +>>> somewhere between 4.1.34 and 4.1.35. I was planning on importing 5.1.2 +>>> however upon discovering it was GPL I decided to update the FreeBSD IPF +>>> from 4.1.28 to 4.1.34 until it was brought to my attention a few days ago +>>> that IPF 5.1.2 was imported into NetBSD. I'm not sure what kind of policy +>>> the NetBSD folks have toward GPL so I thought it best to ask you directly +>>> under what license you imported IPF into NetBSD? If I can I'd like to +>>> import 5.1.2. As IPF author and owner of the code, what are your thoughts. +>> +>>> Can I import IPF 5.1.2 into FreeBSD under a different license from GPL? +>> I imported IPF into NetBSD under the same license that has had previously. +>> When I eventually update FreeBSD, I'll publish the code under the same +>> license that it has now. +>> + +[...] + +> +
svn commit: r254565 - vendor-sys/ipfilter/5-1-2/netinet
Author: cy Date: Tue Aug 20 13:55:49 2013 New Revision: 254565 URL: http://svnweb.freebsd.org/changeset/base/254565 Log: Tag the revert of IP-Filter 5.1.2 licence to the old licence currently used under FreeBSD. Approved by: Darren Reed (IP-Filter author) glebius (mentor) Modified: vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE (contents, props changed) Modified: vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE == --- vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE Tue Aug 20 13:50:36 2013(r254564) +++ vendor-sys/ipfilter/5-1-2/netinet/IPFILTER.LICENCE Tue Aug 20 13:55:49 2013(r254565) @@ -1,340 +1,29 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -cons
svn commit: r255260 - vendor-sys/ipfilter/dist/netinet vendor/ipfilter/dist
Author: cy
Date: Thu Sep 5 18:45:23 2013
New Revision: 255260
URL: http://svnweb.freebsd.org/changeset/base/255260
Log:
Grab ip_fil_freebsd.c r1.42 from the ipfilter CVS tree to fix,
3529491 checksum validation could be better
3529486 tcp checksum wrong for ipv6
Approved by: glebius
Modified:
vendor/ipfilter/dist/ip_fil_freebsd.c
Changes in other areas also in this revision:
Modified:
vendor-sys/ipfilter/dist/netinet/ip_fil_freebsd.c
Modified: vendor/ipfilter/dist/ip_fil_freebsd.c
==
--- vendor/ipfilter/dist/ip_fil_freebsd.c Thu Sep 5 18:18:23 2013
(r255259)
+++ vendor/ipfilter/dist/ip_fil_freebsd.c Thu Sep 5 18:45:23 2013
(r255260)
@@ -1244,9 +1244,7 @@ ipf_checkv4sum(fin)
else
sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
htonl(m->m_pkthdr.csum_data +
- fin->fin_ip->ip_len -
- (fin->fin_ip->ip_hl << 2) +
- fin->fin_p));
+ fin->fin_dlen + fin->fin_p));
sum ^= 0x;
if (sum != 0) {
fin->fin_cksum = FI_CK_BAD;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255260 - vendor-sys/ipfilter/dist/netinet vendor/ipfilter/dist
Author: cy
Date: Thu Sep 5 18:45:23 2013
New Revision: 255260
URL: http://svnweb.freebsd.org/changeset/base/255260
Log:
Grab ip_fil_freebsd.c r1.42 from the ipfilter CVS tree to fix,
3529491 checksum validation could be better
3529486 tcp checksum wrong for ipv6
Approved by: glebius
Modified:
vendor-sys/ipfilter/dist/netinet/ip_fil_freebsd.c
Changes in other areas also in this revision:
Modified:
vendor/ipfilter/dist/ip_fil_freebsd.c
Modified: vendor-sys/ipfilter/dist/netinet/ip_fil_freebsd.c
==
--- vendor-sys/ipfilter/dist/netinet/ip_fil_freebsd.c Thu Sep 5 18:18:23
2013(r255259)
+++ vendor-sys/ipfilter/dist/netinet/ip_fil_freebsd.c Thu Sep 5 18:45:23
2013(r255260)
@@ -1244,9 +1244,7 @@ ipf_checkv4sum(fin)
else
sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
htonl(m->m_pkthdr.csum_data +
- fin->fin_ip->ip_len -
- (fin->fin_ip->ip_hl << 2) +
- fin->fin_p));
+ fin->fin_dlen + fin->fin_p));
sum ^= 0x;
if (sum != 0) {
fin->fin_cksum = FI_CK_BAD;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r255355 - head/sys/contrib/ipfilter/netinet
In message <201309070947.r879li4v050...@svn.freebsd.org>, Gleb Smirnoff writes: > Author: glebius > Date: Sat Sep 7 09:47:18 2013 > New Revision: 255355 > URL: http://svnweb.freebsd.org/changeset/base/255355 > > Log: > Fix !INET6 build. > > Modified: > head/sys/contrib/ipfilter/netinet/fil.c > > Modified: head/sys/contrib/ipfilter/netinet/fil.c > = > = > --- head/sys/contrib/ipfilter/netinet/fil.c Sat Sep 7 09:45:43 2013 > (r255354) > +++ head/sys/contrib/ipfilter/netinet/fil.c Sat Sep 7 09:47:18 2013 > (r255355) > @@ -9862,8 +9862,8 @@ ipf_ht_node_make_key(htp, key, family, a > key->hn_addr.adf_addr.i6[0] = addr->i6[0] & >htonl(0x << (32 - bits)); > } > - } > #endif > + } > } > Thanks. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255450 - head/etc/rc.d
Author: cy
Date: Tue Sep 10 13:48:33 2013
New Revision: 255450
URL: http://svnweb.freebsd.org/changeset/base/255450
Log:
ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if
available (the kernel module is loaded or compiled into the kernel).
Approved by: glebius (mentor)
Approved by: re (blanket)
Modified:
head/etc/rc.d/ipfilter
head/etc/rc.d/ipfs
head/etc/rc.d/ipmon
Modified: head/etc/rc.d/ipfilter
==
--- head/etc/rc.d/ipfilter Tue Sep 10 10:38:15 2013(r255449)
+++ head/etc/rc.d/ipfilter Tue Sep 10 13:48:33 2013(r255450)
@@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
ipfilter_start()
{
echo "Enabling ipfilter."
- if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
${ipfilter_program:-/sbin/ipf} -E
fi
${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@ ipfilter_start()
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- ${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@ ipfilter_start()
ipfilter_stop()
{
- # XXX - The ipf -D command is not effective for 'lkm's
- if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+ if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
echo "Saving firewall state tables"
${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
echo "Disabling ipfilter."
Modified: head/etc/rc.d/ipfs
==
--- head/etc/rc.d/ipfs Tue Sep 10 10:38:15 2013(r255449)
+++ head/etc/rc.d/ipfs Tue Sep 10 13:48:33 2013(r255450)
@@ -23,7 +23,7 @@ ipfs_prestart()
if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
- if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'
>/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0
Modified: head/etc/rc.d/ipmon
==
--- head/etc/rc.d/ipmon Tue Sep 10 10:38:15 2013(r255449)
+++ head/etc/rc.d/ipmon Tue Sep 10 13:48:33 2013(r255450)
@@ -23,7 +23,7 @@ ipmon_precmd()
if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
- if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'
>/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255754 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Sat Sep 21 03:57:56 2013 New Revision: 255754 URL: http://svnweb.freebsd.org/changeset/base/255754 Log: Remove additional non-FreeBSD code. Approved by: glebius (mentor) Approved by: re (blanket) Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h == --- head/sys/contrib/ipfilter/netinet/ip_compat.h Sat Sep 21 03:52:08 2013(r255753) +++ head/sys/contrib/ipfilter/netinet/ip_compat.h Sat Sep 21 03:57:56 2013(r255754) @@ -37,24 +37,6 @@ !defined(_KERNEL) && !defined(USE_INET6) && !defined(NOINET6) # define USE_INET6 #endif -#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 10500) && \ -!defined(_KERNEL) && !defined(USE_INET6) -# define USE_INET6 -#endif -#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 10614) && \ -defined(_KERNEL) && \ -(!defined(IPFILTER_LKM) || (__NetBSD_Version__ >= 399000100)) -# define IPFILTER_M_IPFILTER -#endif -#if !defined(USE_INET6) -# if defined(OpenBSD) && (OpenBSD >= 200206) && \ -!defined(_KERNEL) && !defined(USE_INET6) -# define USE_INET6 -# endif -# if defined(HPUXREV) && (HPUXREV >= ) -# define USE_INET6 -# endif -#endif #if defined(__SVR4) || defined(__svr4__) || defined(__sgi) @@ -546,13 +528,8 @@ MALLOC_DECLARE(M_IPFILTER); # define GETIFMTU_6(x) ((struct ifnet *)x)->if_mtu # if !defined(USE_MUTEXES) && !defined(SPL_NET) -# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199407)) || \ - OPENBSD_GE_REV(26) -# define SPL_NET(x) x = splsoftnet() -# else -# define SPL_IMP(x) x = splimp() -# define SPL_NET(x) x = splnet() -# endif /* NetBSD && (NetBSD <= 1991011) && (NetBSD >= 199407) */ +# define SPL_IMP(x) x = splimp() +# define SPL_NET(x) x = splnet() # if !defined(SPL_SCHED) # define SPL_SCHED(x)x = splsched() # endif ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255755 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Sat Sep 21 04:05:38 2013
New Revision: 255755
URL: http://svnweb.freebsd.org/changeset/base/255755
Log:
Convert ipfilter from timeout(9) to callout(9).
Submitted by: jhb
Approved by: glebius (mentor)
Approved by: re (blanket)
Modified:
head/sys/contrib/ipfilter/netinet/ip_fil.h
head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
Modified: head/sys/contrib/ipfilter/netinet/ip_fil.h
==
--- head/sys/contrib/ipfilter/netinet/ip_fil.h Sat Sep 21 03:57:56 2013
(r255754)
+++ head/sys/contrib/ipfilter/netinet/ip_fil.h Sat Sep 21 04:05:38 2013
(r255755)
@@ -1654,7 +1654,7 @@ typedef struct ipf_main_softc_s {
ipftoken_t **ipf_token_tail;
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 30) && \
defined(_KERNEL)
- struct callout_handle ipf_slow_ch;
+ struct callout ipf_slow_ch;
#endif
#if defined(linux) && defined(_KERNEL)
struct timer_list ipf_timer;
Modified: head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
==
--- head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Sat Sep 21 03:57:56
2013(r255754)
+++ head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Sat Sep 21 04:05:38
2013(r255755)
@@ -178,11 +178,13 @@ ipf_timer_func(arg)
ipf_slowtimer(softc);
if (softc->ipf_running == -1 || softc->ipf_running == 1) {
-#if FREEBSD_GE_REV(30)
+#if 0
softc->ipf_slow_ch = timeout(ipf_timer_func, softc, hz/2);
-#else
- timeout(ipf_timer_func, softc, hz/2);
#endif
+ callout_init(&softc->ipf_slow_ch, CALLOUT_MPSAFE);
+ callout_reset(&softc->ipf_slow_ch,
+ (hz / IPF_HZ_DIVIDE) * IPF_HZ_MULT,
+ ipf_timer_func, softc);
}
RWLOCK_EXIT(&softc->ipf_global);
SPL_X(s);
@@ -223,8 +225,13 @@ ipfattach(softc)
ipid = 0;
SPL_X(s);
+#if 0
softc->ipf_slow_ch = timeout(ipf_timer_func, softc,
(hz / IPF_HZ_DIVIDE) * IPF_HZ_MULT);
+#endif
+ callout_init(&softc->ipf_slow_ch, CALLOUT_MPSAFE);
+ callout_reset(&softc->ipf_slow_ch, (hz / IPF_HZ_DIVIDE) * IPF_HZ_MULT,
+ ipf_timer_func, softc);
return 0;
}
@@ -246,9 +253,12 @@ ipfdetach(softc)
SPL_NET(s);
+#if 0
if (softc->ipf_slow_ch.callout != NULL)
untimeout(ipf_timer_func, softc, softc->ipf_slow_ch);
bzero(&softc->ipf_slow, sizeof(softc->ipf_slow));
+#endif
+ callout_drain(&softc->ipf_slow_ch);
#ifndef NETBSD_PF
if (ipf_checkp != NULL)
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255756 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Sat Sep 21 04:08:52 2013 New Revision: 255756 URL: http://svnweb.freebsd.org/changeset/base/255756 Log: Enable main ipfilter sysctl MIBs. Approved by: glebius (mentor) Approved by: re (blanket) Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c == --- head/sys/contrib/ipfilter/netinet/mlfk_ipl.cSat Sep 21 04:05:38 2013(r255755) +++ head/sys/contrib/ipfilter/netinet/mlfk_ipl.cSat Sep 21 04:08:52 2013(r255756) @@ -41,9 +41,7 @@ static struct cdev *ipf_devs[IPL_LOGSIZE static dev_t ipf_devs[IPL_LOGSIZE]; #endif -#if 0 static int sysctl_ipf_int ( SYSCTL_HANDLER_ARGS ); -#endif static int ipf_modload(void); static int ipf_modunload(void); @@ -68,7 +66,6 @@ staticint ipfwrite __P((dev_t, struct u #endif /* __FreeBSD_version >= 502116 */ - SYSCTL_DECL(_net_inet); #define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \ SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \ @@ -76,55 +73,58 @@ SYSCTL_DECL(_net_inet); #defineCTLFLAG_OFF 0x0080 /* IPFilter must be disabled */ #defineCTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF) SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF"); -#if 0 -SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, ""); -SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, ""); -SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, ""); +SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipfmain.ipf_flags, 0, ""); +SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipfmain.ipf_pass, 0, ""); +SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipfmain.ipf_active, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO, - &ipf_tcpidletimeout, 0, ""); + &ipfmain.ipf_tcpidletimeout, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO, - &ipf_tcphalfclosed, 0, ""); + &ipfmain.ipf_tcphalfclosed, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO, - &ipf_tcpclosewait, 0, ""); + &ipfmain.ipf_tcpclosewait, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO, - &ipf_tcplastack, 0, ""); + &ipfmain.ipf_tcplastack, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO, - &ipf_tcptimeout, 0, ""); + &ipfmain.ipf_tcptimeout, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO, - &ipf_tcpclosed, 0, ""); + &ipfmain.ipf_tcpclosed, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO, - &ipf_udptimeout, 0, ""); + &ipfmain.ipf_udptimeout, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RWO, - &ipf_udpacktimeout, 0, ""); + &ipfmain.ipf_udpacktimeout, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO, - &ipf_icmptimeout, 0, ""); + &ipfmain.ipf_icmptimeout, 0, ""); +#if 0 +/* this needs to be resolved at compile time */ SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO, - &ipf_nat_defage, 0, ""); + &((ipf_nat_softc_t *)ipfmain.ipf_nat_soft)->ipf_nat_defage, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW, &ipf_ipfrttl, 0, ""); +#endif SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD, - &ipf_running, 0, ""); + &ipfmain.ipf_running, 0, ""); +#if 0 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO, - &ipf_state_size, 0, ""); + &ipfmain.ipf_state_soft)->ipf_state_size, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO, - &ipf_state_max, 0, ""); + &(ipfmain.ipf_state_soft)->ipf_state_max, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_nattable_sz, CTLFLAG_RWO, - &ipf_nat_table_sz, 0, ""); + &(ipfmain.ipf_nat_soft)->ipf_nat_table_sz, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_natrules_sz, CTLFLAG_RWO, - &ipf_nat_maprules_sz, 0, ""); + &(ipfmain.ipf_nat_soft)->ipf_nat_maprules_sz, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_rdrrules_sz, CTLFLAG_RWO, - &ipf_nat_rdrrules_sz, 0, ""); + &(ipfmain.ipf_nat_soft)->ipf_nat_rdrrules_sz, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_hostmap_sz, CTLFLAG_RWO, - &ipf_nat_hostmap_sz, 0, ""); + &(ipfmain.ipf_nat_soft)->ipf_nat_hostmap_sz, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO, &ipf_auth_size, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD, &ipf_auth_used, 0, ""); SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW, &ipf_auth_defaultage, 0, "
svn commit: r255757 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Sat Sep 21 04:11:51 2013 New Revision: 255757 URL: http://svnweb.freebsd.org/changeset/base/255757 Log: Address double init of ip_log mutex, fixing a panic after ipfilter is re-enabled following it being disabled. Approved by: glebius (mentor) Approved by: re (blanket) Modified: head/sys/contrib/ipfilter/netinet/ip_log.c Modified: head/sys/contrib/ipfilter/netinet/ip_log.c == --- head/sys/contrib/ipfilter/netinet/ip_log.c Sat Sep 21 04:08:52 2013 (r255756) +++ head/sys/contrib/ipfilter/netinet/ip_log.c Sat Sep 21 04:11:51 2013 (r255757) @@ -324,7 +324,7 @@ ipf_log_soft_fini(softc, arg) # endif MUTEX_ENTER(&softl->ipl_mutex[i]); } - MUTEX_EXIT(&softl->ipl_mutex[i]); + MUTEX_DESTROY(&softl->ipl_mutex[i]); } return 0; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255761 - head/contrib/ipfilter
Author: cy
Date: Sat Sep 21 14:22:07 2013
New Revision: 255761
URL: http://svnweb.freebsd.org/changeset/base/255761
Log:
Check return code from inet_pton.
Discovered by:Coverity.
Approved by: glebius (mentor)
Approved by: re (blanket)
Modified:
head/contrib/ipfilter/ip_fil.c
Modified: head/contrib/ipfilter/ip_fil.c
==
--- head/contrib/ipfilter/ip_fil.c Sat Sep 21 11:10:09 2013
(r255760)
+++ head/contrib/ipfilter/ip_fil.c Sat Sep 21 14:22:07 2013
(r255761)
@@ -228,7 +228,19 @@ ipf_setifpaddr(ifp, addr)
sin6 = (struct sockaddr_in6 *)&ifa->ifa_addr;
sin6->sin6_family = AF_INET6;
- inet_pton(AF_INET6, addr, &sin6->sin6_addr);
+ /* Abort if bad address. */
+ switch (inet_pton(AF_INET6, addr, &sin6->sin6_addr))
+ {
+ case 1:
+ break;
+ case -1:
+ perror("inet_pton");
+ abort();
+ break;
+ default:
+ abort();
+ break;
+ }
} else
#endif
{
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r255762 - in head/contrib/ipfilter: . BSD FWTK FreeBSD FreeBSD-2.2 FreeBSD-3 FreeBSD-4.0 etc perl test
Author: cy Date: Sat Sep 21 14:23:20 2013 New Revision: 255762 URL: http://svnweb.freebsd.org/changeset/base/255762 Log: Remove redundant files. Approved by:glebius (mentor) Approved by:re (blanket) Deleted: head/contrib/ipfilter/BSD/ head/contrib/ipfilter/FAQ.FreeBSD head/contrib/ipfilter/FWTK/ head/contrib/ipfilter/FreeBSD/ head/contrib/ipfilter/FreeBSD-2.2/ head/contrib/ipfilter/FreeBSD-3/ head/contrib/ipfilter/FreeBSD-4.0/ head/contrib/ipfilter/IMPORTANT head/contrib/ipfilter/INST.FreeBSD-2.2 head/contrib/ipfilter/INSTALL.FreeBSD head/contrib/ipfilter/INSTALL.xBSD head/contrib/ipfilter/IPF.KANJI head/contrib/ipfilter/WhatsNew40.txt head/contrib/ipfilter/bsdinstall head/contrib/ipfilter/etc/ head/contrib/ipfilter/perl/ head/contrib/ipfilter/test/ head/contrib/ipfilter/todo ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r235847 - in head/sys/modules/drm2: . drm2 i915kms
In message <201205231710.q4nhan9s085...@svn.freebsd.org>, Konstantin Belousov w rites: > Author: kib > Date: Wed May 23 17:10:22 2012 > New Revision: 235847 > URL: http://svn.freebsd.org/changeset/base/235847 > > Log: > The drm2 modules makefiles commit. > Still not attached to the build. > > Sponsored by: The FreeBSD Foundation > MFC after: 1 month > Thank you. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r233274 - in head/sys/dev/ata: . chipsets
ATA_CAM
int
ata_controlcmd(device_t dev, u_int8_t command, u_int16_t feature,
u_int64_t lba, u_int16_t count)
@@ -158,9 +153,7 @@
}
return error;
}
-#endif
-#ifndef ATA_CAM
int
ata_atapicmd(device_t dev, u_int8_t *ccb, caddr_t data,
int count, int flags, int timeout)
@@ -183,9 +176,7 @@
}
return error;
}
-#endif
-#ifndef ATA_CAM
void
ata_start(device_t dev)
{
@@ -244,9 +235,7 @@
}
}
}
-#endif
-#ifndef ATA_CAM
void
ata_finish(struct ata_request *request)
{
@@ -274,9 +263,7 @@
}
}
}
-#endif
-#ifndef ATA_CAM
static void
ata_completed(void *context, int dummy)
{
@@ -508,7 +495,6 @@
if (ch)
ata_start(ch->dev);
}
-#endif
void
ata_timeout(struct ata_request *request)
@@ -605,7 +591,6 @@
}
#endif
-#ifndef ATA_CAM
static u_int64_t
ata_get_lba(struct ata_request *request)
{
@@ -627,9 +612,7 @@
else
return request->u.ata.lba;
}
-#endif
-#ifndef ATA_CAM
static void
ata_sort_queue(struct ata_channel *ch, struct ata_request *request)
{
@@ -682,7 +665,6 @@
ch->freezepoint = request;
TAILQ_INSERT_AFTER(&ch->ata_queue, this, request, chain);
}
-#endif
const char *
ata_cmd2str(struct ata_request *request)
@@ -798,7 +780,6 @@
return buffer;
}
-#ifndef ATA_CAM
static const char *
ata_skey2str(u_int8_t skey)
{
@@ -822,4 +803,3 @@
default: return("UNKNOWN");
}
}
-#endif
--
Cheers,
Cy Schubert
FreeBSD UNIX: Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r233274 - in head/sys/dev/ata: . chipsets
In message <20120326065004.gs37...@alchemy.franken.de>, Marius Strobl writes: > On Sun, Mar 25, 2012 at 10:35:33PM -0700, Cy Schubert wrote: > > In message <201203210857.q2l8vflb062...@svn.freebsd.org>, Marius Strobl > > writes: > > > Author: marius > > > Date: Wed Mar 21 08:57:15 2012 > > > New Revision: 233274 > > > URL: http://svn.freebsd.org/changeset/base/233274 > > > > > > Log: > > > Remove remnants of ATA_LOCKING uses in the ATA_CAM case and wrap it > > > along with functions, SYSCTLs and tunables that are not used with > > > ATA_CAM in #ifndef ATA_CAM, similar to the existing #ifdef'ed ATA_CAM > > > code for the other way around. This makes it easier to understand > > > which parts of ata(4) actually are used in the new world order and > > > to later on remove the !ATA_CAM bits. It also makes it obvious that > > > there is something fishy with the C-bus front-end as well as in the > > > ATP850 support, as these used ATA_LOCKING which is defunct in the > > > ATA_CAM case. When fixing the former, ATA_LOCKING probably needs to > > > be brought back in some form or other. > > > > > > Reviewed by:mav > > > MFC after: 1 week > > > > > > Modified: > > > head/sys/dev/ata/ata-all.c > > > head/sys/dev/ata/ata-cbus.c > > > head/sys/dev/ata/ata-pci.c > > > head/sys/dev/ata/ata-pci.h > > > head/sys/dev/ata/ata-queue.c > > > head/sys/dev/ata/chipsets/ata-acard.c > > > > > [... diff removed for brevity ...] > > > > Hi, > > > > This commit broke kernels with device atapicam specified: > > > > # ATA and ATAPI devices > > device atapicam# emulate ATAPI devices as SCSI ditto via > > CAM > > # needs CAM to be present (scbus & > > pass) > > > > Here are two examples when device atapicam is specified in the kernel > > config: > > > > <...> > > Apparently, you are using both "device atapicam" and "options ATA_CAM", > which are mutually exclusive at run-time. As an intentional side-effect, > r233274 breaks such configurations. The fact that you could compile > both into the same kernel before was a bug, as ATA_CAM always took > precedence. > > > > > And, the patch to fix the issue: > > No, this is backwards. Cool, thanks. I've removed device atapicam from my configs. ;) -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r189267 - head/sbin/dump
Author: cy (ports committer)
Date: Mon Mar 2 03:08:46 2009
New Revision: 189267
URL: http://svn.freebsd.org/changeset/base/189267
Log:
Verify that the filesystem being referenced in fstab is indeed a UFS
filesystem. This avoids confusion with nullfs and unionfs filesystems
which reference the root of a UFS filesystem as a target.
PR: 116849
Approved by: kib
Modified:
head/sbin/dump/optr.c
Modified: head/sbin/dump/optr.c
==
--- head/sbin/dump/optr.c Mon Mar 2 02:51:52 2009(r189266)
+++ head/sbin/dump/optr.c Mon Mar 2 03:08:46 2009(r189267)
@@ -318,9 +318,10 @@ dump_getfstab(void)
return;
}
while ((fs = getfsent()) != NULL) {
- if (strcmp(fs->fs_type, FSTAB_RW) &&
+ if ((strcmp(fs->fs_type, FSTAB_RW) &&
strcmp(fs->fs_type, FSTAB_RO) &&
- strcmp(fs->fs_type, FSTAB_RQ))
+ strcmp(fs->fs_type, FSTAB_RQ)) ||
+ strcmp(fs->fs_vfstype, "ufs"))
continue;
fs = allocfsent(fs);
if ((pf = (struct pfstab *)malloc(sizeof (*pf))) == NULL)
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r267634 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Thu Jun 19 05:45:17 2014 New Revision: 267634 URL: http://svnweb.freebsd.org/changeset/base/267634 Log: Fix case where fastroute or "to interface" is used with incorrect FIB. PR: 183065 Submitted by: p-freebsd-b...@ziemba.us Approved by: glebius MFC after:1 week Modified: head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Modified: head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c == --- head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Thu Jun 19 05:28:42 2014(r267633) +++ head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Thu Jun 19 05:45:17 2014(r267634) @@ -787,7 +787,7 @@ ipf_fastroute(m0, mpp, fin, fdp) dst->sin_addr = fdp->fd_ip; dst->sin_len = sizeof(*dst); - in_rtalloc(ro, 0); + in_rtalloc(ro, M_GETFIB(m0)); if ((ifp == NULL) && (ro->ro_rt != NULL)) ifp = ro->ro_rt->rt_ifp; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r267868 - stable/10/sys/contrib/ipfilter/netinet
Author: cy Date: Wed Jun 25 13:33:31 2014 New Revision: 267868 URL: http://svnweb.freebsd.org/changeset/base/267868 Log: MFC r267634: Fix case where fastroute or "to interface" is used with incorrect FIB. PR: 183065 Submitted by: p-freebsd-b...@ziemba.us Approved by: glebius (mentor) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c == --- stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Wed Jun 25 12:32:41 2014(r267867) +++ stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Wed Jun 25 13:33:31 2014(r267868) @@ -787,7 +787,7 @@ ipf_fastroute(m0, mpp, fin, fdp) dst->sin_addr = fdp->fd_ip; dst->sin_len = sizeof(*dst); - in_rtalloc(ro, 0); + in_rtalloc(ro, M_GETFIB(m0)); if ((ifp == NULL) && (ro->ro_rt != NULL)) ifp = ro->ro_rt->rt_ifp; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r268003 - in head/contrib/llvm: lib/Target/PowerPC patches
In message <201406280953.s5s9ri9e067...@svn.freebsd.org>, Dimitry Andric writes : > Author: dim > Date: Sat Jun 28 09:53:44 2014 > New Revision: 268003 > URL: http://svnweb.freebsd.org/changeset/base/268003 > > Log: > Fix breakage after r267981. > > Pointy hat to: dim > MFC after: 3 days > X-MFC-With: r267981 > > Modified: > head/contrib/llvm/lib/Target/PowerPC/PPCFastISel.cpp > head/contrib/llvm/patches/patch-r267981-llvm-r211435-fix-ppc-fctiduz.diff > > Modified: head/contrib/llvm/lib/Target/PowerPC/PPCFastISel.cpp > = > = > --- head/contrib/llvm/lib/Target/PowerPC/PPCFastISel.cpp Sat Jun 28 05:5 > 1:45 2014 (r268002) > +++ head/contrib/llvm/lib/Target/PowerPC/PPCFastISel.cpp Sat Jun 28 09:5 > 3:44 2014 (r268003) > @@ -1027,7 +1027,7 @@ bool PPCFastISel::SelectFPToI(const Inst > return false; > >// If we don't have FCTIDUZ and we need it, punt to SelectionDAG. > - if (DstVT == MVT::i64 && !IsSigned && !PPCSubTarget->hasFPCVT()) > + if (DstVT == MVT::i64 && !IsSigned && !PPCSubTarget.hasFPCVT()) > return false; > >Value *Src = I->getOperand(0); > > Modified: head/contrib/llvm/patches/patch-r267981-llvm-r211435-fix-ppc-fctidu > z.diff > = > = > --- head/contrib/llvm/patches/patch-r267981-llvm-r211435-fix-ppc-fctiduz.diff > Sat Jun 28 05:51:45 2014(r268002) > +++ head/contrib/llvm/patches/patch-r267981-llvm-r211435-fix-ppc-fctiduz.diff > Sat Jun 28 09:53:44 2014(r268003) > @@ -32,7 +32,7 @@ Index: lib/Target/PowerPC/PPCFastISel.cp > return false; > > + // If we don't have FCTIDUZ and we need it, punt to SelectionDAG. > -+ if (DstVT == MVT::i64 && !IsSigned && !PPCSubTarget->hasFPCVT()) > ++ if (DstVT == MVT::i64 && !IsSigned && !PPCSubTarget.hasFPCVT()) > +return false; > + > Value *Src = I->getOperand(0); > > Thanks. Looks like they changed PPCSubTarget to a pointer in llvm trunk about five weeks ago. :~ -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r268286 - head/contrib/ipfilter/lib
Author: cy
Date: Sat Jul 5 07:15:19 2014
New Revision: 268286
URL: http://svnweb.freebsd.org/changeset/base/268286
Log:
Fix compile-time errors when NO_WERROR and WITHOUT_INET6_SUPPORT
(NO_INET6) are specified.
Approved by: glebius
MFC after:1 week
Modified:
head/contrib/ipfilter/lib/printhost.c
head/contrib/ipfilter/lib/printhostmask.c
head/contrib/ipfilter/lib/save_v1trap.c
head/contrib/ipfilter/lib/save_v2trap.c
Modified: head/contrib/ipfilter/lib/printhost.c
==
--- head/contrib/ipfilter/lib/printhost.c Sat Jul 5 06:12:48 2014
(r268285)
+++ head/contrib/ipfilter/lib/printhost.c Sat Jul 5 07:15:19 2014
(r268286)
@@ -23,9 +23,9 @@ printhost(family, addr)
if ((family == -1) || !*addr)
PRINTF("any");
else {
+#ifdef USE_INET6
void *ptr = addr;
-#ifdef USE_INET6
PRINTF("%s", inet_ntop(family, ptr, ipbuf, sizeof(ipbuf)));
#else
ipa.s_addr = *addr;
Modified: head/contrib/ipfilter/lib/printhostmask.c
==
--- head/contrib/ipfilter/lib/printhostmask.c Sat Jul 5 06:12:48 2014
(r268285)
+++ head/contrib/ipfilter/lib/printhostmask.c Sat Jul 5 07:15:19 2014
(r268286)
@@ -25,9 +25,9 @@ printhostmask(family, addr, mask)
if ((family == -1) || ((!addr || !*addr) && (!mask || !*mask)))
PRINTF("any");
else {
+#ifdef USE_INET6
void *ptr = addr;
-#ifdef USE_INET6
PRINTF("%s", inet_ntop(family, ptr, ipbuf, sizeof(ipbuf)));
#else
ipa.s_addr = *addr;
Modified: head/contrib/ipfilter/lib/save_v1trap.c
==
--- head/contrib/ipfilter/lib/save_v1trap.c Sat Jul 5 06:12:48 2014
(r268285)
+++ head/contrib/ipfilter/lib/save_v1trap.c Sat Jul 5 07:15:19 2014
(r268286)
@@ -178,7 +178,7 @@ snmpv1_parse(char **strings)
if (ctx->fd >= 0) {
ctx->sin.sin_family = AF_INET;
ctx->sin.sin_port = htons(162);
- if (connect(ctx->fd, &ctx->sin,
+ if (connect(ctx->fd, (struct sockaddr *)&ctx->sin,
sizeof(ctx->sin)) != 0) {
snmpv1_destroy(ctx);
return NULL;
Modified: head/contrib/ipfilter/lib/save_v2trap.c
==
--- head/contrib/ipfilter/lib/save_v2trap.c Sat Jul 5 06:12:48 2014
(r268285)
+++ head/contrib/ipfilter/lib/save_v2trap.c Sat Jul 5 07:15:19 2014
(r268286)
@@ -181,7 +181,7 @@ snmpv2_parse(char **strings)
if (ctx->fd >= 0) {
ctx->sin.sin_family = AF_INET;
ctx->sin.sin_port = htons(162);
- if (connect(ctx->fd, &ctx->sin,
+ if (connect(ctx->fd, (struct sockaddr *)&ctx->sin,
sizeof(ctx->sin)) != 0) {
snmpv2_destroy(ctx);
return NULL;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r268532 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Fri Jul 11 16:26:51 2014 New Revision: 268532 URL: http://svnweb.freebsd.org/changeset/base/268532 Log: Remove redundant USE_INET6 test that enables INET6 in the ipfilter userland regardless of the setting in make.conf. PR: 190964 Approved by: glebius (mentor) MFC after:1 week Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h == --- head/sys/contrib/ipfilter/netinet/ip_compat.h Fri Jul 11 16:16:26 2014(r268531) +++ head/sys/contrib/ipfilter/netinet/ip_compat.h Fri Jul 11 16:26:51 2014(r268532) @@ -33,10 +33,6 @@ #endif #defineSOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) -#if defined(__FreeBSD_version) && (__FreeBSD_version >= 40) && \ -!defined(_KERNEL) && !defined(USE_INET6) && !defined(NOINET6) -# define USE_INET6 -#endif #if defined(__SVR4) || defined(__svr4__) || defined(__sgi) ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r268563 - stable/10/contrib/ipfilter/lib
Author: cy
Date: Sat Jul 12 05:59:19 2014
New Revision: 268563
URL: http://svnweb.freebsd.org/changeset/base/268563
Log:
MFC r268286: Fix compile-time errors when NO_WERROR and WITHOUT_INET6_SUPPORT
(NO_INET6) are specified.
Approved by: glebius (mentor)
Modified:
stable/10/contrib/ipfilter/lib/printhost.c
stable/10/contrib/ipfilter/lib/printhostmask.c
stable/10/contrib/ipfilter/lib/save_v1trap.c
stable/10/contrib/ipfilter/lib/save_v2trap.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/lib/printhost.c
==
--- stable/10/contrib/ipfilter/lib/printhost.c Sat Jul 12 05:46:33 2014
(r268562)
+++ stable/10/contrib/ipfilter/lib/printhost.c Sat Jul 12 05:59:19 2014
(r268563)
@@ -23,9 +23,9 @@ printhost(family, addr)
if ((family == -1) || !*addr)
PRINTF("any");
else {
+#ifdef USE_INET6
void *ptr = addr;
-#ifdef USE_INET6
PRINTF("%s", inet_ntop(family, ptr, ipbuf, sizeof(ipbuf)));
#else
ipa.s_addr = *addr;
Modified: stable/10/contrib/ipfilter/lib/printhostmask.c
==
--- stable/10/contrib/ipfilter/lib/printhostmask.c Sat Jul 12 05:46:33
2014(r268562)
+++ stable/10/contrib/ipfilter/lib/printhostmask.c Sat Jul 12 05:59:19
2014(r268563)
@@ -25,9 +25,9 @@ printhostmask(family, addr, mask)
if ((family == -1) || ((!addr || !*addr) && (!mask || !*mask)))
PRINTF("any");
else {
+#ifdef USE_INET6
void *ptr = addr;
-#ifdef USE_INET6
PRINTF("%s", inet_ntop(family, ptr, ipbuf, sizeof(ipbuf)));
#else
ipa.s_addr = *addr;
Modified: stable/10/contrib/ipfilter/lib/save_v1trap.c
==
--- stable/10/contrib/ipfilter/lib/save_v1trap.cSat Jul 12 05:46:33
2014(r268562)
+++ stable/10/contrib/ipfilter/lib/save_v1trap.cSat Jul 12 05:59:19
2014(r268563)
@@ -178,7 +178,7 @@ snmpv1_parse(char **strings)
if (ctx->fd >= 0) {
ctx->sin.sin_family = AF_INET;
ctx->sin.sin_port = htons(162);
- if (connect(ctx->fd, &ctx->sin,
+ if (connect(ctx->fd, (struct sockaddr *)&ctx->sin,
sizeof(ctx->sin)) != 0) {
snmpv1_destroy(ctx);
return NULL;
Modified: stable/10/contrib/ipfilter/lib/save_v2trap.c
==
--- stable/10/contrib/ipfilter/lib/save_v2trap.cSat Jul 12 05:46:33
2014(r268562)
+++ stable/10/contrib/ipfilter/lib/save_v2trap.cSat Jul 12 05:59:19
2014(r268563)
@@ -181,7 +181,7 @@ snmpv2_parse(char **strings)
if (ctx->fd >= 0) {
ctx->sin.sin_family = AF_INET;
ctx->sin.sin_port = htons(162);
- if (connect(ctx->fd, &ctx->sin,
+ if (connect(ctx->fd, (struct sockaddr *)&ctx->sin,
sizeof(ctx->sin)) != 0) {
snmpv2_destroy(ctx);
return NULL;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r268585 - head/contrib/ipfilter/lib
In message <201407131038.s6dac1g5095...@svn.freebsd.org>, Sergey Kandaurov writ es: > Author: pluknet > Date: Sun Jul 13 10:38:01 2014 > New Revision: 268585 > URL: http://svnweb.freebsd.org/changeset/base/268585 > > Log: > Unbreak with gcc. > > I'm tired to see tinderbox spamming. Feel free to fix it your way. > > Modified: > head/contrib/ipfilter/lib/printipfexpr.c > > Modified: head/contrib/ipfilter/lib/printipfexpr.c > = > = > --- head/contrib/ipfilter/lib/printipfexpr.c Sun Jul 13 10:31:29 2014 > (r268584) > +++ head/contrib/ipfilter/lib/printipfexpr.c Sun Jul 13 10:38:01 2014 > (r268585) > @@ -3,7 +3,9 @@ > static void printport __P((int *)); > static void printhosts __P((int *)); > static void printsingle __P((int *)); > +#ifdef USE_INET6 > static void printhostsv6 __P((int *)); > +#endif > > void > printipfexpr(array) Thank you. My bad. That's the proper fix. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r268937 - in stable/10: contrib/ipfilter/lib sys/contrib/ipfilter/netinet
Author: cy Date: Mon Jul 21 06:45:19 2014 New Revision: 268937 URL: http://svnweb.freebsd.org/changeset/base/268937 Log: MFC r268532 and r268585. When world and kernel are built without INET6 support, the userland was still built with INET6 turned on. PR: 190964 Approved by: glebius (mentor, implicit) Modified: stable/10/contrib/ipfilter/lib/printipfexpr.c stable/10/sys/contrib/ipfilter/netinet/ip_compat.h Directory Properties: stable/10/ (props changed) Modified: stable/10/contrib/ipfilter/lib/printipfexpr.c == --- stable/10/contrib/ipfilter/lib/printipfexpr.c Mon Jul 21 04:48:02 2014(r268936) +++ stable/10/contrib/ipfilter/lib/printipfexpr.c Mon Jul 21 06:45:19 2014(r268937) @@ -3,7 +3,9 @@ static void printport __P((int *)); static void printhosts __P((int *)); static void printsingle __P((int *)); +#ifdef USE_INET6 static void printhostsv6 __P((int *)); +#endif void printipfexpr(array) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_compat.h == --- stable/10/sys/contrib/ipfilter/netinet/ip_compat.h Mon Jul 21 04:48:02 2014(r268936) +++ stable/10/sys/contrib/ipfilter/netinet/ip_compat.h Mon Jul 21 06:45:19 2014(r268937) @@ -33,10 +33,6 @@ #endif #defineSOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) -#if defined(__FreeBSD_version) && (__FreeBSD_version >= 40) && \ -!defined(_KERNEL) && !defined(USE_INET6) && !defined(NOINET6) -# define USE_INET6 -#endif #if defined(__SVR4) || defined(__svr4__) || defined(__sgi) ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272551 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 5 03:41:47 2014
New Revision: 272551
URL: https://svnweb.freebsd.org/changeset/base/272551
Log:
ipfiler bug #550 filter rule list corrupted with inserted rules
Obtained from:ipfilter CVS repo (r1.128); NetBSD CVS repo (r1.15)
Modified:
head/sys/contrib/ipfilter/netinet/fil.c
Modified: head/sys/contrib/ipfilter/netinet/fil.c
==
--- head/sys/contrib/ipfilter/netinet/fil.c Sun Oct 5 03:18:30 2014
(r272550)
+++ head/sys/contrib/ipfilter/netinet/fil.c Sun Oct 5 03:41:47 2014
(r272551)
@@ -4496,7 +4496,15 @@ frrequest(softc, unit, req, data, set, m
fp = f;
f = NULL;
+ fp->fr_next = NULL;
fp->fr_dnext = NULL;
+ fp->fr_pnext = NULL;
+ fp->fr_pdnext = NULL;
+ fp->fr_grp = NULL;
+ fp->fr_grphead = NULL;
+ fp->fr_icmpgrp = NULL;
+ fp->fr_isc = (void *)-1;
+ fp->fr_ptr = NULL;
fp->fr_ref = 0;
fp->fr_flags |= FR_COPIED;
} else {
@@ -5000,7 +5008,9 @@ frrequest(softc, unit, req, data, set, m
if (f->fr_collect > fp->fr_collect)
break;
ftail = &f->fr_next;
+ fprev = ftail;
}
+ ftail = fprev;
f = NULL;
ptr = NULL;
} else if (req == (ioctlcmd_t)SIOCINAFR ||
@@ -5091,6 +5101,8 @@ frrequest(softc, unit, req, data, set, m
fp->fr_ref = 1;
fp->fr_pnext = ftail;
fp->fr_next = *ftail;
+ if (fp->fr_next != NULL)
+ fp->fr_next->fr_pnext = &fp->fr_next;
*ftail = fp;
if (addrem == 0)
ipf_fixskip(ftail, fp, 1);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272552 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 5 03:45:19 2014
New Revision: 272552
URL: https://svnweb.freebsd.org/changeset/base/272552
Log:
ipfilter bug #554 Determining why a ipf rule matches is hard -- replace
ipfilter rule compare with new ipf_rule_compare() function.
Obtained from:ipfilter CVS rep (r1.129)
Modified:
head/sys/contrib/ipfilter/netinet/fil.c
Modified: head/sys/contrib/ipfilter/netinet/fil.c
==
--- head/sys/contrib/ipfilter/netinet/fil.c Sun Oct 5 03:41:47 2014
(r272551)
+++ head/sys/contrib/ipfilter/netinet/fil.c Sun Oct 5 03:45:19 2014
(r272552)
@@ -4436,6 +4436,39 @@ ipf_matchicmpqueryreply(v, ic, icmp, rev
/* */
+/* Function:ipf_rule_compare*/
+/* Parameters: fr1(I) - first rule structure to compare*/
+/* fr2(I) - second rule structure to compare */
+/* Returns: int- 0 == rules are the same, else mismatch */
+/* */
+/* Compare two rules and return 0 if they match or a number indicating */
+/* which of the individual checks failed. */
+/* */
+static int
+ipf_rule_compare(frentry_t *fr1, frentry_t *fr2)
+{
+ if (fr1->fr_cksum != fr2->fr_cksum)
+ return 1;
+ if (fr1->fr_size != fr2->fr_size)
+ return 2;
+ if (fr1->fr_dsize != fr2->fr_dsize)
+ return 3;
+ if (bcmp((char *)&fr1->fr_func, (char *)&fr2->fr_func,
+fr1->fr_size - offsetof(struct frentry, fr_func)) != 0)
+ return 4;
+ if (fr1->fr_data && !fr2->fr_data)
+ return 5;
+ if (!fr1->fr_data && fr2->fr_data)
+ return 6;
+ if (fr1->fr_data) {
+ if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize))
+ return 7;
+ }
+ return 0;
+}
+
+
+/* */
/* Function:frrequest */
/* Returns: int - 0 == success, > 0 == errno value */
/* Parameters: unit(I) - device for which this is for */
@@ -4928,17 +4961,7 @@ frrequest(softc, unit, req, data, set, m
}
for (; (f = *ftail) != NULL; ftail = &f->fr_next) {
- DT2(rule_cmp, frentry_t *, fp, frentry_t *, f);
- if ((fp->fr_cksum != f->fr_cksum) ||
- (fp->fr_size != f->fr_size) ||
- (f->fr_dsize != fp->fr_dsize))
- continue;
- if (bcmp((char *)&f->fr_func, (char *)&fp->fr_func,
-fp->fr_size - offsetof(struct frentry, fr_func)) != 0)
- continue;
- if ((!ptr && !f->fr_data) ||
- (ptr && f->fr_data &&
-!bcmp((char *)ptr, (char *)f->fr_data, f->fr_dsize)))
+ if (ipf_rule_compare(fp, f) == 0)
break;
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272553 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 5 03:48:09 2014
New Revision: 272553
URL: https://svnweb.freebsd.org/changeset/base/272553
Log:
ipfilter bug #538 ipf_p_dns_del should return void
Obtained from:ipfilter cvs repo (r1.8)
Modified:
head/sys/contrib/ipfilter/netinet/ip_dns_pxy.c
Modified: head/sys/contrib/ipfilter/netinet/ip_dns_pxy.c
==
--- head/sys/contrib/ipfilter/netinet/ip_dns_pxy.c Sun Oct 5 03:45:19
2014(r272552)
+++ head/sys/contrib/ipfilter/netinet/ip_dns_pxy.c Sun Oct 5 03:48:09
2014(r272553)
@@ -29,7 +29,7 @@ typedef struct ipf_dns_softc_s {
int ipf_p_dns_allow_query __P((ipf_dns_softc_t *, dnsinfo_t *));
int ipf_p_dns_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
-int ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
+void ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
int ipf_p_dns_get_name __P((ipf_dns_softc_t *, char *, int, char *, int));
int ipf_p_dns_inout __P((void *, fr_info_t *, ap_session_t *, nat_t *));
int ipf_p_dns_match __P((fr_info_t *, ap_session_t *, nat_t *));
@@ -214,7 +214,7 @@ ipf_p_dns_new(arg, fin, aps, nat)
/* ARGSUSED */
-int
+void
ipf_p_dns_del(softc, aps)
ipf_main_softc_t *softc;
ap_session_t *aps;
@@ -227,7 +227,6 @@ ipf_p_dns_del(softc, aps)
KFREES(aps->aps_data, aps->aps_psiz);
aps->aps_data = NULL;
aps->aps_psiz = 0;
- return 0;
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272554 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Sun Oct 5 03:52:09 2014 New Revision: 272554 URL: https://svnweb.freebsd.org/changeset/base/272554 Log: ipfilter bug #534 destination list hashing not endian neutral Obtained from:ipfilter CVS repo (r1.26), NetBSD CVS repo (r1.8) Modified: head/sys/contrib/ipfilter/netinet/ip_dstlist.c Modified: head/sys/contrib/ipfilter/netinet/ip_dstlist.c == --- head/sys/contrib/ipfilter/netinet/ip_dstlist.c Sun Oct 5 03:48:09 2014(r272553) +++ head/sys/contrib/ipfilter/netinet/ip_dstlist.c Sun Oct 5 03:52:09 2014(r272554) @@ -1193,7 +1193,7 @@ ipf_dstlist_select(fin, d) MD5Update(&ctx, (u_char *)&fin->fin_dst6, sizeof(fin->fin_dst6)); MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; + x = ntohl(hash[0]) % d->ipld_nodes; sel = d->ipld_dests[x]; break; @@ -1203,7 +1203,7 @@ ipf_dstlist_select(fin, d) MD5Update(&ctx, (u_char *)&fin->fin_src6, sizeof(fin->fin_src6)); MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; + x = ntohl(hash[0]) % d->ipld_nodes; sel = d->ipld_dests[x]; break; @@ -1213,7 +1213,7 @@ ipf_dstlist_select(fin, d) MD5Update(&ctx, (u_char *)&fin->fin_dst6, sizeof(fin->fin_dst6)); MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; + x = ntohl(hash[0]) % d->ipld_nodes; sel = d->ipld_dests[x]; break; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272555 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 5 03:58:30 2014
New Revision: 272555
URL: https://svnweb.freebsd.org/changeset/base/272555
Log:
ipfilter bug #537 NAT rules with sticky have incorrect hostmap IP address.
This fixes when an IP address mapping is put in the hostmap table for
sticky NAT rules, it ends up having the wrong byte order.
Obtained from:ipfilter CVS repo (r1.102), NetBSD CVS repo (r1.12)
Modified:
head/sys/contrib/ipfilter/netinet/ip_nat.c
Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c
==
--- head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Oct 5 03:52:09 2014
(r272554)
+++ head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Oct 5 03:58:30 2014
(r272555)
@@ -2946,10 +2946,11 @@ ipf_nat_newrdr(fin, nat, ni)
*/
if (np->in_flags & IPN_SPLIT) {
in.s_addr = np->in_dnip;
+ inb.s_addr = htonl(in.s_addr);
if ((np->in_flags & (IPN_ROUNDR|IPN_STICKY)) == IPN_STICKY) {
hm = ipf_nat_hostmap(softn, NULL, fin->fin_src,
-fin->fin_dst, in, (u_32_t)dport);
+fin->fin_dst, inb, (u_32_t)dport);
if (hm != NULL) {
in.s_addr = hm->hm_ndstip.s_addr;
move = 0;
@@ -3050,13 +3051,14 @@ ipf_nat_newrdr(fin, nat, ni)
return -1;
}
+ inb.s_addr = htonl(in.s_addr);
nat->nat_ndstaddr = htonl(in.s_addr);
nat->nat_odstip = fin->fin_dst;
nat->nat_nsrcip = fin->fin_src;
nat->nat_osrcip = fin->fin_src;
if ((nat->nat_hm == NULL) && ((np->in_flags & IPN_STICKY) != 0))
nat->nat_hm = ipf_nat_hostmap(softn, np, fin->fin_src,
- fin->fin_dst, in, (u_32_t)dport);
+ fin->fin_dst, inb, (u_32_t)dport);
if (flags & IPN_TCPUDP) {
nat->nat_odport = dport;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272985 - stable/10/contrib/ipfilter/lib
Author: cy
Date: Sun Oct 12 16:46:03 2014
New Revision: 272985
URL: https://svnweb.freebsd.org/changeset/base/272985
Log:
MFC r271970
ipv6 address for test.hosts.dots in wrong byte order.
Obtained from:ipfilter CVS repo (r1.11), netbsd CVS repo (r1.5)
Modified:
stable/10/contrib/ipfilter/lib/gethost.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/lib/gethost.c
==
--- stable/10/contrib/ipfilter/lib/gethost.cSun Oct 12 15:49:52 2014
(r272984)
+++ stable/10/contrib/ipfilter/lib/gethost.cSun Oct 12 16:46:03 2014
(r272985)
@@ -25,10 +25,10 @@ int gethost(family, name, hostp)
}
#ifdef USE_INET6
if (family == AF_INET6) {
- hostp->i6[0] = 0xfe80aa55;
- hostp->i6[1] = 0x12345678;
- hostp->i6[2] = 0x5a5aa5a5;
- hostp->i6[3] = 0xfedcba98;
+ hostp->i6[0] = htonl(0xfe80aa55);
+ hostp->i6[1] = htonl(0x12345678);
+ hostp->i6[2] = htonl(0x5a5aa5a5);
+ hostp->i6[3] = htonl(0xfedcba98);
}
#endif
return 0;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272986 - stable/10/contrib/ipfilter/lib
Author: cy
Date: Sun Oct 12 16:48:22 2014
New Revision: 272986
URL: https://svnweb.freebsd.org/changeset/base/272986
Log:
MFC r271971
Fix ipfilter bug #553 gethost needs to zero entire IP address structure.
Obtained from:ipfilter CVS repo (r1.11)
Modified:
stable/10/contrib/ipfilter/lib/gethost.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/lib/gethost.c
==
--- stable/10/contrib/ipfilter/lib/gethost.cSun Oct 12 16:46:03 2014
(r272985)
+++ stable/10/contrib/ipfilter/lib/gethost.cSun Oct 12 16:48:22 2014
(r272986)
@@ -19,6 +19,7 @@ int gethost(family, name, hostp)
struct netent *n;
u_32_t addr;
+ bzero(hostp, sizeof(*hostp));
if (!strcmp(name, "test.host.dots")) {
if (family == AF_INET) {
hostp->in4.s_addr = htonl(0xfedcba98);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272987 - stable/10/contrib/ipfilter/lib
Author: cy
Date: Sun Oct 12 16:51:02 2014
New Revision: 272987
URL: https://svnweb.freebsd.org/changeset/base/272987
Log:
MFC r271972
Fix ipfilter bug #536 ipnat can try to print rule as dstlist incorrectly.
Obtained from:ipfilter CVS repo (r1.14), netbsd CVS repo (r1.3)
Modified:
stable/10/contrib/ipfilter/lib/printnat.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/lib/printnat.c
==
--- stable/10/contrib/ipfilter/lib/printnat.c Sun Oct 12 16:48:22 2014
(r272986)
+++ stable/10/contrib/ipfilter/lib/printnat.c Sun Oct 12 16:51:02 2014
(r272987)
@@ -153,7 +153,8 @@ printnat(np, opts)
} else if (np->in_redir & NAT_REWRITE) {
PRINTF(" -> src ");
- if (np->in_nsrc.na_type == IPLT_DSTLIST) {
+ if (np->in_nsrc.na_atype == FRI_LOOKUP &&
+ np->in_nsrc.na_type == IPLT_DSTLIST) {
PRINTF("dstlist/");
if (np->in_nsrc.na_subtype == 0)
PRINTF("%d", np->in_nsrc.na_num);
@@ -174,7 +175,8 @@ printnat(np, opts)
}
}
PRINTF(" dst ");
- if (np->in_ndst.na_type == IPLT_DSTLIST) {
+ if (np->in_ndst.na_atype == FRI_LOOKUP &&
+ np->in_ndst.na_type == IPLT_DSTLIST) {
PRINTF("dstlist/");
if (np->in_ndst.na_subtype == 0)
PRINTF("%d", np->in_nsrc.na_num);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272988 - stable/10/contrib/ipfilter/tools
Author: cy
Date: Sun Oct 12 16:55:26 2014
New Revision: 272988
URL: https://svnweb.freebsd.org/changeset/base/272988
Log:
MFC r271974
ipfilter bug #551 ipf.conf address structure not properly zero filled.
Obtained from:ipfilter CVS repo (r1.37), netbsd CVS repo (r1.3)
Modified:
stable/10/contrib/ipfilter/tools/ipf_y.y
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/tools/ipf_y.y
==
--- stable/10/contrib/ipfilter/tools/ipf_y.ySun Oct 12 16:51:02 2014
(r272987)
+++ stable/10/contrib/ipfilter/tools/ipf_y.ySun Oct 12 16:55:26 2014
(r272988)
@@ -1020,12 +1020,13 @@ addr: pool '/' YY_NUMBER { pooled = 1;
yyexpectaddr = 0; }
;
-ipaddr:IPFY_ANY{ bzero(&($$), sizeof($$));
+ipaddr:IPFY_ANY{ memset(&($$), 0, sizeof($$));
$$.type = FRI_NORMAL;
$$.ifpos = -1;
yyexpectaddr = 0;
}
- | hostname { $$.a = $1.adr;
+ | hostname { memset(&($$), 0, sizeof($$));
+ $$.a = $1.adr;
$$.f = $1.f;
if ($1.f == AF_INET6)
fill6bits(128, $$.m.i6);
@@ -1038,7 +1039,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
| hostname { yyresetdict(); }
maskspace { yysetdict(maskwords);
yyexpectaddr = 2; }
- ipmask { ntomask($1.f, $5, $$.m.i6);
+ ipmask { memset(&($$), 0, sizeof($$));
+ ntomask($1.f, $5, $$.m.i6);
$$.a = $1.adr;
$$.a.i6[0] &= $$.m.i6[0];
$$.a.i6[1] &= $$.m.i6[1];
@@ -1060,7 +1062,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
yyresetdict();
yyexpectaddr = 0;
}
- | '(' YY_STR ')'{ $$.type = FRI_DYNAMIC;
+ | '(' YY_STR ')'{ memset(&($$), 0, sizeof($$));
+ $$.type = FRI_DYNAMIC;
ifpflag = FRI_DYNAMIC;
$$.ifpos = addname(&fr, $2);
$$.lif = 0;
@@ -1068,7 +1071,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
| '(' YY_STR ')' '/'
{ ifpflag = FRI_DYNAMIC; yysetdict(maskwords); }
maskopts
- { $$.type = ifpflag;
+ { memset(&($$), 0, sizeof($$));
+ $$.type = ifpflag;
$$.ifpos = addname(&fr, $2);
$$.lif = 0;
if (frc->fr_family == AF_UNSPEC)
@@ -1083,7 +1087,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
| '(' YY_STR ':' YY_NUMBER ')' '/'
{ ifpflag = FRI_DYNAMIC; yysetdict(maskwords); }
maskopts
- { $$.type = ifpflag;
+ { memset(&($$), 0, sizeof($$));
+ $$.type = ifpflag;
$$.ifpos = addname(&fr, $2);
$$.lif = $4;
if (frc->fr_family == AF_UNSPEC)
@@ -1142,30 +1147,35 @@ maskopts:
;
hostname:
- ipv4{ $$.adr.in4 = $1;
+ ipv4{ memset(&($$), 0, sizeof($$));
+ $$.adr.in4 = $1;
if (frc->fr_family == AF_INET6)
YYERROR;
$$.f = AF_INET;
yyexpectaddr = 2;
}
- | YY_NUMBER { if (frc->fr_family == AF_INET6)
+ | YY_NUMBER { memset(&($$), 0, sizeof($$));
+ if (frc->fr_family == AF_INET6)
YYERROR;
$$.adr.in4_addr
svn commit: r272989 - stable/10/contrib/ipfilter/tools
Author: cy
Date: Sun Oct 12 16:58:45 2014
New Revision: 272989
URL: https://svnweb.freebsd.org/changeset/base/272989
Log:
MFC r271977
3561691 gethost never returns an ipv6 address
Obtained from:ipfilter CVS repo (r1.34), netbsd CVS repo (r1.4)
Modified:
stable/10/contrib/ipfilter/tools/ipnat_y.y
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/tools/ipnat_y.y
==
--- stable/10/contrib/ipfilter/tools/ipnat_y.y Sun Oct 12 16:55:26 2014
(r272988)
+++ stable/10/contrib/ipfilter/tools/ipnat_y.y Sun Oct 12 16:58:45 2014
(r272989)
@@ -1164,17 +1164,19 @@ hexnumber:
hostname:
YY_STR { i6addr_t addr;
+ int family;
+#ifdef USE_INET6
+ if (nat->in_v[0] == 6)
+ family = AF_INET6;
+ else
+#endif
+ family = AF_INET;
bzero(&$$, sizeof($$));
- if (gethost(AF_INET, $1,
- &addr) == 0) {
- $$.a = addr;
- $$.f = AF_INET;
- } else
- if (gethost(AF_INET6, $1,
+ $$.f = family;
+ if (gethost(family, $1,
&addr) == 0) {
$$.a = addr;
- $$.f = AF_INET6;
} else {
FPRINTF(stderr,
"Unknown host '%s'\n",
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272990 - stable/10/contrib/ipfilter/tools
Author: cy
Date: Sun Oct 12 17:03:47 2014
New Revision: 272990
URL: https://svnweb.freebsd.org/changeset/base/272990
Log:
MFC r271978
ipfilter bug #552 destination port not zero after parsing nat rule.
Obtained from:netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
Modified:
stable/10/contrib/ipfilter/tools/ipnat_y.y
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/ipfilter/tools/ipnat_y.y
==
--- stable/10/contrib/ipfilter/tools/ipnat_y.y Sun Oct 12 16:58:45 2014
(r272989)
+++ stable/10/contrib/ipfilter/tools/ipnat_y.y Sun Oct 12 17:03:47 2014
(r272990)
@@ -871,9 +871,9 @@ mapport:
}
free($2);
if ($3.p1 < 0 || $3.p1 > 65535)
- yyerror("invalid ICMP Id number");
+ yyerror("invalid 1st ICMP Id number");
if ($3.p2 < 0 || $3.p2 > 65535)
- yyerror("invalid ICMP Id number");
+ yyerror("invalid 2nd ICMP Id number");
if (strcmp($2, "ipv6-icmp") == 0) {
nat->in_pr[0] = IPPROTO_ICMPV6;
nat->in_pr[1] = IPPROTO_ICMPV6;
@@ -1058,7 +1058,7 @@ hash: IPNY_HASH { if
(!(nat->in_flags
;
portstuff:
- compare portspec{ $$.pc = $1; $$.p1 = $2; }
+ compare portspec{ $$.pc = $1; $$.p1 = $2; $$.p2 = 0; }
| portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; }
;
@@ -1151,7 +1151,7 @@ proto:YY_NUMBER { $$ = $1;
| YY_STR{ $$ = getproto($1);
free($1);
if ($$ == -1)
- yyerror("unknwon protocol");
+ yyerror("unknown protocol");
if ($$ != IPPROTO_TCP &&
$$ != IPPROTO_UDP)
suggest_port = 0;
@@ -1172,7 +1172,8 @@ hostname:
else
#endif
family = AF_INET;
- bzero(&$$, sizeof($$));
+ memset(&($$), 0, sizeof($$));
+ memset(&addr, 0, sizeof(addr));
$$.f = family;
if (gethost(family, $1,
&addr) == 0) {
@@ -1184,17 +1185,17 @@ hostname:
}
free($1);
}
- | YY_NUMBER { bzero(&$$, sizeof($$));
+ | YY_NUMBER { memset(&($$), 0, sizeof($$));
$$.a.in4.s_addr = htonl($1);
if ($$.a.in4.s_addr != 0)
$$.f = AF_INET;
}
| ipv4 { $$ = $1; }
- | YY_IPV6 { bzero(&$$, sizeof($$));
+ | YY_IPV6 { memset(&($$), 0, sizeof($$));
$$.a = $1;
$$.f = AF_INET6;
}
- | YY_NUMBER YY_IPV6 { bzero(&$$, sizeof($$));
+ | YY_NUMBER YY_IPV6 { memset(&($$), 0, sizeof($$));
$$.a = $2;
$$.f = AF_INET6;
}
@@ -1429,6 +1430,9 @@ setnatproto(p)
nat->in_flags |= IPN_UDP;
nat->in_flags &= ~IPN_TCP;
break;
+#ifdef USE_INET6
+ case IPPROTO_ICMPV6 :
+#endif
case IPPROTO_ICMP :
nat->in_flags &= ~IPN_TCPUDP;
if (!(nat->in_flags & IPN_ICMPQUERY) &&
@@ -1508,7 +1512,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
printnat(ipn, opts);
if (opts & OPT_DEBUG)
- binprint(ipn, sizeof(*ipn));
+ binprint(ipn, ipn->in_size);
if ((opts & OPT_ZERORULEST) != 0) {
if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) {
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272992 - stable/10/sys/contrib/ipfilter/netinet
Author: cy Date: Sun Oct 12 17:08:44 2014 New Revision: 272992 URL: https://svnweb.freebsd.org/changeset/base/272992 Log: MFC r271980 Check for NULL before de-refencing; in particular sel is assigned to NULL, in the default case, and then couple of lines down we do sel-> Obtained from:NetBSD CVS repo (r1.5) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c == --- stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c Sun Oct 12 17:07:15 2014(r272991) +++ stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c Sun Oct 12 17:08:44 2014(r272992) @@ -1134,7 +1134,7 @@ ipf_dstlist_select(fin, d) int family; int x; - if (d->ipld_dests == NULL || *d->ipld_dests == NULL) + if (d == NULL || d->ipld_dests == NULL || *d->ipld_dests == NULL) return NULL; family = fin->fin_family; @@ -1222,7 +1222,7 @@ ipf_dstlist_select(fin, d) break; } - if (sel->ipfd_dest.fd_addr.adf_family != family) + if (sel && sel->ipfd_dest.fd_addr.adf_family != family) sel = NULL; d->ipld_selected = sel; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272993 - stable/10/sys/contrib/ipfilter/netinet
Author: cy Date: Sun Oct 12 17:10:44 2014 New Revision: 272993 URL: https://svnweb.freebsd.org/changeset/base/272993 Log: MFC r272052 ipfilter bug #558 add in some missing frag table function comments. Obtained from:ipfilter CVS repo (r1.36) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_frag.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_frag.c == --- stable/10/sys/contrib/ipfilter/netinet/ip_frag.cSun Oct 12 17:08:44 2014(r272992) +++ stable/10/sys/contrib/ipfilter/netinet/ip_frag.cSun Oct 12 17:10:44 2014(r272993) @@ -930,7 +930,8 @@ ipf_frag_known(fin, passp) /* */ /* Function:ipf_frag_natforget */ /* Returns: Nil */ -/* Parameters: ptr(I) - pointer to data structure */ +/* Parameters: softc(I) - pointer to soft context main structure */ +/* ptr(I) - pointer to data structure */ /* */ /* Search through all of the fragment cache entries for NAT and wherever a */ /* pointer is found to match ptr, reset it to NULL.*/ @@ -954,7 +955,8 @@ ipf_frag_natforget(softc, ptr) /* */ /* Function:ipf_frag_delete */ /* Returns: Nil */ -/* Parameters: fra(I) - pointer to fragment structure to delete */ +/* Parameters: softc(I) - pointer to soft context main structure */ +/* fra(I) - pointer to fragment structure to delete */ /* tail(IO) - pointer to the pointer to the tail of the frag */ /* list */ /* */ @@ -991,7 +993,10 @@ ipf_frag_delete(softc, fra, tail) /* */ /* Function:ipf_frag_free */ /* Returns: Nil */ +/* Parameters: softf(I) - pointer to fragment context information */ +/* fra(I) - pointer to fragment structure to free*/ /* */ +/* Free up a fragment cache entry and bump relevent statistics. */ /* */ static void ipf_frag_free(softf, fra) @@ -1007,7 +1012,7 @@ ipf_frag_free(softf, fra) /* */ /* Function:ipf_frag_clear */ /* Returns: Nil */ -/* Parameters: Nil */ +/* Parameters: softc(I) - pointer to soft context main structure */ /* */ /* Free memory in use by fragment state information kept. Do the normal*/ /* fragment state stuff first and then the NAT-fragment table. */ @@ -1048,7 +1053,7 @@ ipf_frag_clear(softc) /* */ /* Function:ipf_frag_expire */ /* Returns: Nil */ -/* Parameters: Nil */ +/* Parameters: softc(I) - pointer to soft context main structure */ /* */ /* Expire entries in the fragment cache table that have been there too long */ /* */ @@ -1120,6 +1125,13 @@ ipf_frag_expire(softc) /* */ /* Function:ipf_frag_pkt_next */ +/* Returns: int - 0 == success, else error */ +/* Parameters: softc(I) - pointer to soft context main structure */ +/* token(I) - pointer to token information for this caller */ +/* itp(I) - pointer to generic iterator from caller */ +/* */ +/* This function is used to st
svn commit: r272994 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 12 17:13:14 2014
New Revision: 272994
URL: https://svnweb.freebsd.org/changeset/base/272994
Log:
MFC r272551
ipfiler bug #550 filter rule list corrupted with inserted rules
Obtained from:ipfilter CVS repo (r1.128); NetBSD CVS repo (r1.15)
Modified:
stable/10/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/10/sys/contrib/ipfilter/netinet/fil.cSun Oct 12 17:10:44
2014(r272993)
+++ stable/10/sys/contrib/ipfilter/netinet/fil.cSun Oct 12 17:13:14
2014(r272994)
@@ -4496,7 +4496,15 @@ frrequest(softc, unit, req, data, set, m
fp = f;
f = NULL;
+ fp->fr_next = NULL;
fp->fr_dnext = NULL;
+ fp->fr_pnext = NULL;
+ fp->fr_pdnext = NULL;
+ fp->fr_grp = NULL;
+ fp->fr_grphead = NULL;
+ fp->fr_icmpgrp = NULL;
+ fp->fr_isc = (void *)-1;
+ fp->fr_ptr = NULL;
fp->fr_ref = 0;
fp->fr_flags |= FR_COPIED;
} else {
@@ -5000,7 +5008,9 @@ frrequest(softc, unit, req, data, set, m
if (f->fr_collect > fp->fr_collect)
break;
ftail = &f->fr_next;
+ fprev = ftail;
}
+ ftail = fprev;
f = NULL;
ptr = NULL;
} else if (req == (ioctlcmd_t)SIOCINAFR ||
@@ -5091,6 +5101,8 @@ frrequest(softc, unit, req, data, set, m
fp->fr_ref = 1;
fp->fr_pnext = ftail;
fp->fr_next = *ftail;
+ if (fp->fr_next != NULL)
+ fp->fr_next->fr_pnext = &fp->fr_next;
*ftail = fp;
if (addrem == 0)
ipf_fixskip(ftail, fp, 1);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272995 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 12 17:15:20 2014
New Revision: 272995
URL: https://svnweb.freebsd.org/changeset/base/272995
Log:
MFC r272552
ipfilter bug #554 Determining why a ipf rule matches is hard -- replace
ipfilter rule compare with new ipf_rule_compare() function.
Obtained from:ipfilter CVS rep (r1.129)
Modified:
stable/10/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/10/sys/contrib/ipfilter/netinet/fil.cSun Oct 12 17:13:14
2014(r272994)
+++ stable/10/sys/contrib/ipfilter/netinet/fil.cSun Oct 12 17:15:20
2014(r272995)
@@ -4436,6 +4436,39 @@ ipf_matchicmpqueryreply(v, ic, icmp, rev
/* */
+/* Function:ipf_rule_compare*/
+/* Parameters: fr1(I) - first rule structure to compare*/
+/* fr2(I) - second rule structure to compare */
+/* Returns: int- 0 == rules are the same, else mismatch */
+/* */
+/* Compare two rules and return 0 if they match or a number indicating */
+/* which of the individual checks failed. */
+/* */
+static int
+ipf_rule_compare(frentry_t *fr1, frentry_t *fr2)
+{
+ if (fr1->fr_cksum != fr2->fr_cksum)
+ return 1;
+ if (fr1->fr_size != fr2->fr_size)
+ return 2;
+ if (fr1->fr_dsize != fr2->fr_dsize)
+ return 3;
+ if (bcmp((char *)&fr1->fr_func, (char *)&fr2->fr_func,
+fr1->fr_size - offsetof(struct frentry, fr_func)) != 0)
+ return 4;
+ if (fr1->fr_data && !fr2->fr_data)
+ return 5;
+ if (!fr1->fr_data && fr2->fr_data)
+ return 6;
+ if (fr1->fr_data) {
+ if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize))
+ return 7;
+ }
+ return 0;
+}
+
+
+/* */
/* Function:frrequest */
/* Returns: int - 0 == success, > 0 == errno value */
/* Parameters: unit(I) - device for which this is for */
@@ -4928,17 +4961,7 @@ frrequest(softc, unit, req, data, set, m
}
for (; (f = *ftail) != NULL; ftail = &f->fr_next) {
- DT2(rule_cmp, frentry_t *, fp, frentry_t *, f);
- if ((fp->fr_cksum != f->fr_cksum) ||
- (fp->fr_size != f->fr_size) ||
- (f->fr_dsize != fp->fr_dsize))
- continue;
- if (bcmp((char *)&f->fr_func, (char *)&fp->fr_func,
-fp->fr_size - offsetof(struct frentry, fr_func)) != 0)
- continue;
- if ((!ptr && !f->fr_data) ||
- (ptr && f->fr_data &&
-!bcmp((char *)ptr, (char *)f->fr_data, f->fr_dsize)))
+ if (ipf_rule_compare(fp, f) == 0)
break;
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272996 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 12 17:17:19 2014
New Revision: 272996
URL: https://svnweb.freebsd.org/changeset/base/272996
Log:
MFC r272553
ipfilter bug #538 ipf_p_dns_del should return void
Obtained from:ipfilter cvs repo (r1.8)
Modified:
stable/10/sys/contrib/ipfilter/netinet/ip_dns_pxy.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_dns_pxy.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_dns_pxy.c Sun Oct 12 17:15:20
2014(r272995)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_dns_pxy.c Sun Oct 12 17:17:19
2014(r272996)
@@ -29,7 +29,7 @@ typedef struct ipf_dns_softc_s {
int ipf_p_dns_allow_query __P((ipf_dns_softc_t *, dnsinfo_t *));
int ipf_p_dns_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
-int ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
+void ipf_p_dns_del __P((ipf_main_softc_t *, ap_session_t *));
int ipf_p_dns_get_name __P((ipf_dns_softc_t *, char *, int, char *, int));
int ipf_p_dns_inout __P((void *, fr_info_t *, ap_session_t *, nat_t *));
int ipf_p_dns_match __P((fr_info_t *, ap_session_t *, nat_t *));
@@ -214,7 +214,7 @@ ipf_p_dns_new(arg, fin, aps, nat)
/* ARGSUSED */
-int
+void
ipf_p_dns_del(softc, aps)
ipf_main_softc_t *softc;
ap_session_t *aps;
@@ -227,7 +227,6 @@ ipf_p_dns_del(softc, aps)
KFREES(aps->aps_data, aps->aps_psiz);
aps->aps_data = NULL;
aps->aps_psiz = 0;
- return 0;
}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272997 - stable/10/sys/contrib/ipfilter/netinet
Author: cy Date: Sun Oct 12 17:19:11 2014 New Revision: 272997 URL: https://svnweb.freebsd.org/changeset/base/272997 Log: MFC r272554 ipfilter bug #534 destination list hashing not endian neutral Obtained from:ipfilter CVS repo (r1.26), NetBSD CVS repo (r1.8) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c == --- stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c Sun Oct 12 17:17:19 2014(r272996) +++ stable/10/sys/contrib/ipfilter/netinet/ip_dstlist.c Sun Oct 12 17:19:11 2014(r272997) @@ -1193,7 +1193,7 @@ ipf_dstlist_select(fin, d) MD5Update(&ctx, (u_char *)&fin->fin_dst6, sizeof(fin->fin_dst6)); MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; + x = ntohl(hash[0]) % d->ipld_nodes; sel = d->ipld_dests[x]; break; @@ -1203,7 +1203,7 @@ ipf_dstlist_select(fin, d) MD5Update(&ctx, (u_char *)&fin->fin_src6, sizeof(fin->fin_src6)); MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; + x = ntohl(hash[0]) % d->ipld_nodes; sel = d->ipld_dests[x]; break; @@ -1213,7 +1213,7 @@ ipf_dstlist_select(fin, d) MD5Update(&ctx, (u_char *)&fin->fin_dst6, sizeof(fin->fin_dst6)); MD5Final((u_char *)hash, &ctx); - x = hash[0] % d->ipld_nodes; + x = ntohl(hash[0]) % d->ipld_nodes; sel = d->ipld_dests[x]; break; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272998 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Sun Oct 12 17:21:15 2014
New Revision: 272998
URL: https://svnweb.freebsd.org/changeset/base/272998
Log:
MFC r272555
ipfilter bug #537 NAT rules with sticky have incorrect hostmap IP address.
This fixes when an IP address mapping is put in the hostmap table for
sticky NAT rules, it ends up having the wrong byte order.
Obtained from:ipfilter CVS repo (r1.102), NetBSD CVS repo (r1.12)
Modified:
stable/10/sys/contrib/ipfilter/netinet/ip_nat.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_nat.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Sun Oct 12 17:19:11
2014(r272997)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Sun Oct 12 17:21:15
2014(r272998)
@@ -2946,10 +2946,11 @@ ipf_nat_newrdr(fin, nat, ni)
*/
if (np->in_flags & IPN_SPLIT) {
in.s_addr = np->in_dnip;
+ inb.s_addr = htonl(in.s_addr);
if ((np->in_flags & (IPN_ROUNDR|IPN_STICKY)) == IPN_STICKY) {
hm = ipf_nat_hostmap(softn, NULL, fin->fin_src,
-fin->fin_dst, in, (u_32_t)dport);
+fin->fin_dst, inb, (u_32_t)dport);
if (hm != NULL) {
in.s_addr = hm->hm_ndstip.s_addr;
move = 0;
@@ -3050,13 +3051,14 @@ ipf_nat_newrdr(fin, nat, ni)
return -1;
}
+ inb.s_addr = htonl(in.s_addr);
nat->nat_ndstaddr = htonl(in.s_addr);
nat->nat_odstip = fin->fin_dst;
nat->nat_nsrcip = fin->fin_src;
nat->nat_osrcip = fin->fin_src;
if ((nat->nat_hm == NULL) && ((np->in_flags & IPN_STICKY) != 0))
nat->nat_hm = ipf_nat_hostmap(softn, np, fin->fin_src,
- fin->fin_dst, in, (u_32_t)dport);
+ fin->fin_dst, inb, (u_32_t)dport);
if (flags & IPN_TCPUDP) {
nat->nat_odport = dport;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r266605 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Sat May 24 06:05:21 2014
New Revision: 266605
URL: http://svnweb.freebsd.org/changeset/base/266605
Log:
Move mutex creation from ipf_log_soft_init() to ipf_log_soft_create()
to be consistent with mutex destruction in ipf_log_soft_destroy(). As a
result mutex destruction in ipf_log_soft_fini() is redundant.
Approved by: glebius (mentor)
Obtained from:darrenr (author)
Modified:
head/sys/contrib/ipfilter/netinet/ip_log.c
Modified: head/sys/contrib/ipfilter/netinet/ip_log.c
==
--- head/sys/contrib/ipfilter/netinet/ip_log.c Sat May 24 03:09:27 2014
(r266604)
+++ head/sys/contrib/ipfilter/netinet/ip_log.c Sat May 24 06:05:21 2014
(r266605)
@@ -214,6 +214,7 @@ ipf_log_soft_create(softc)
ipf_main_softc_t *softc;
{
ipf_log_softc_t *softl;
+ int i;
KMALLOC(softl, ipf_log_softc_t *);
if (softl == NULL)
@@ -234,6 +235,10 @@ ipf_log_soft_create(softc)
return NULL;
}
+ for (i = IPL_LOGMAX; i >= 0; i--) {
+ MUTEX_INIT(&softl->ipl_mutex[i], "ipf log mutex");
+ }
+
softl->ipl_suppress = 1;
softl->ipl_logall = 0;
softl->ipl_log_init = 0;
@@ -267,13 +272,6 @@ ipf_log_soft_init(softc, arg)
softl->iplog_ss[i].read_waiter = 0;
softl->iplog_ss[i].state = 0;
# endif
-# if defined(linux) && defined(_KERNEL)
- init_waitqueue_head(softl->iplh_linux + i);
-# endif
-# if SOLARIS && defined(_KERNEL)
- cv_init(&softl->ipl_wait[i], NULL, CV_DRIVER, NULL);
-# endif
- MUTEX_INIT(&softl->ipl_mutex[i], "ipf log mutex");
}
@@ -324,7 +322,7 @@ ipf_log_soft_fini(softc, arg)
# endif
MUTEX_ENTER(&softl->ipl_mutex[i]);
}
- MUTEX_DESTROY(&softl->ipl_mutex[i]);
+ MUTEX_EXIT(&softl->ipl_mutex[i]);
}
return 0;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r266829 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Thu May 29 02:55:07 2014
New Revision: 266829
URL: http://svnweb.freebsd.org/changeset/base/266829
Log:
MFC r264235:
Implement the final missing sysctls by moving ipf_auth_softc_t from
ip_auth.c to ip_auth.h. ip_frag_soft_t moves from ip_frag.c to
ip_frag.h. mlfk_ipl.c creates sysctl MIBs that reference control blocks
that are dynamically created when IP Filter is loaded. This necessitated
creating them on-the-fly rather than statically at compile time.
Approved by: glebius (mentor)
Modified:
stable/10/sys/contrib/ipfilter/netinet/ip_auth.c
stable/10/sys/contrib/ipfilter/netinet/ip_auth.h
stable/10/sys/contrib/ipfilter/netinet/ip_frag.c
stable/10/sys/contrib/ipfilter/netinet/ip_frag.h
stable/10/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_auth.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_auth.cThu May 29 02:26:12
2014(r266828)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_auth.cThu May 29 02:55:07
2014(r266829)
@@ -131,33 +131,6 @@ static const char rcsid[] = "@(#)$FreeBS
#endif
-
-typedefstruct ipf_auth_softc_s {
-#if SOLARIS && defined(_KERNEL)
- kcondvar_t ipf_auth_wait;
-#endif /* SOLARIS */
-#if defined(linux) && defined(_KERNEL)
- wait_queue_head_t ipf_auth_next_linux;
-#endif
- ipfrwlock_t ipf_authlk;
- ipfmutex_t ipf_auth_mx;
- int ipf_auth_size;
- int ipf_auth_used;
- int ipf_auth_replies;
- int ipf_auth_defaultage;
- int ipf_auth_lock;
- ipf_authstat_t ipf_auth_stats;
- frauth_t*ipf_auth;
- mb_t**ipf_auth_pkts;
- int ipf_auth_start;
- int ipf_auth_end;
- int ipf_auth_next;
- frauthent_t *ipf_auth_entries;
- frentry_t *ipf_auth_ip;
- frentry_t *ipf_auth_rules;
-} ipf_auth_softc_t;
-
-
static void ipf_auth_deref __P((frauthent_t **));
static void ipf_auth_deref_unlocked __P((ipf_auth_softc_t *, frauthent_t **));
static int ipf_auth_geniter __P((ipf_main_softc_t *, ipftoken_t *,
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_auth.h
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_auth.hThu May 29 02:26:12
2014(r266828)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_auth.hThu May 29 02:55:07
2014(r266829)
@@ -49,6 +49,24 @@ typedef struct ipf_authstat {
frauthent_t *fas_faelist;
} ipf_authstat_t;
+typedefstruct ipf_auth_softc_s {
+ ipfrwlock_t ipf_authlk;
+ ipfmutex_t ipf_auth_mx;
+ int ipf_auth_size;
+ int ipf_auth_used;
+ int ipf_auth_replies;
+ int ipf_auth_defaultage;
+ int ipf_auth_lock;
+ ipf_authstat_t ipf_auth_stats;
+ frauth_t*ipf_auth;
+ mb_t**ipf_auth_pkts;
+ int ipf_auth_start;
+ int ipf_auth_end;
+ int ipf_auth_next;
+ frauthent_t *ipf_auth_entries;
+ frentry_t *ipf_auth_ip;
+ frentry_t *ipf_auth_rules;
+} ipf_auth_softc_t;
extern frentry_t *ipf_auth_check __P((fr_info_t *, u_32_t *));
extern voidipf_auth_expire __P((ipf_main_softc_t *));
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_frag.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_frag.cThu May 29 02:26:12
2014(r266828)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_frag.cThu May 29 02:55:07
2014(r266829)
@@ -91,27 +91,6 @@ static const char rcsid[] = "@(#)$FreeBS
#endif
-typedef struct ipf_frag_softc_s {
- ipfrwlock_t ipfr_ipidfrag;
- ipfrwlock_t ipfr_frag;
- ipfrwlock_t ipfr_natfrag;
- int ipfr_size;
- int ipfr_ttl;
- int ipfr_lock;
- int ipfr_inited;
- ipfr_t *ipfr_list;
- ipfr_t **ipfr_tail;
- ipfr_t *ipfr_natlist;
- ipfr_t **ipfr_nattail;
- ipfr_t *ipfr_ipidlist;
- ipfr_t **ipfr_ipidtail;
- ipfr_t **ipfr_heads;
- ipfr_t **ipfr_nattab;
- ipfr_t **ipfr_ipidtab;
- ipfrstat_t ipfr_stats;
-} ipf_frag_softc_t;
-
-
#ifdef USE_MUTEXES
static ipfr_t *ipfr_frag_new __P((ipf_main_softc_t *, ipf_frag_softc_t *,
fr_info_t *, u_32_t, ipfr_t **,
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_frag.h
svn commit: r267020 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Tue Jun 3 19:06:47 2014
New Revision: 267020
URL: http://svnweb.freebsd.org/changeset/base/267020
Log:
MFC r266605.
Move mutex creation from ipf_log_soft_init() to ipf_log_soft_create()
to be consistent with mutex destruction in ipf_log_soft_destroy(). As a
result mutex destruction in ipf_log_soft_fini() is redundant.
Approved by: glebius (mentor)
Modified:
stable/10/sys/contrib/ipfilter/netinet/ip_log.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_log.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_log.c Tue Jun 3 19:03:23
2014(r267019)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_log.c Tue Jun 3 19:06:47
2014(r267020)
@@ -214,6 +214,7 @@ ipf_log_soft_create(softc)
ipf_main_softc_t *softc;
{
ipf_log_softc_t *softl;
+ int i;
KMALLOC(softl, ipf_log_softc_t *);
if (softl == NULL)
@@ -234,6 +235,10 @@ ipf_log_soft_create(softc)
return NULL;
}
+ for (i = IPL_LOGMAX; i >= 0; i--) {
+ MUTEX_INIT(&softl->ipl_mutex[i], "ipf log mutex");
+ }
+
softl->ipl_suppress = 1;
softl->ipl_logall = 0;
softl->ipl_log_init = 0;
@@ -267,13 +272,6 @@ ipf_log_soft_init(softc, arg)
softl->iplog_ss[i].read_waiter = 0;
softl->iplog_ss[i].state = 0;
# endif
-# if defined(linux) && defined(_KERNEL)
- init_waitqueue_head(softl->iplh_linux + i);
-# endif
-# if SOLARIS && defined(_KERNEL)
- cv_init(&softl->ipl_wait[i], NULL, CV_DRIVER, NULL);
-# endif
- MUTEX_INIT(&softl->ipl_mutex[i], "ipf log mutex");
}
@@ -324,7 +322,7 @@ ipf_log_soft_fini(softc, arg)
# endif
MUTEX_ENTER(&softl->ipl_mutex[i]);
}
- MUTEX_DESTROY(&softl->ipl_mutex[i]);
+ MUTEX_EXIT(&softl->ipl_mutex[i]);
}
return 0;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r269585 - in head: sbin/ipf sys/contrib/ipfilter/netinet
Author: cy
Date: Tue Aug 5 13:01:21 2014
New Revision: 269585
URL: http://svnweb.freebsd.org/changeset/base/269585
Log:
Honour WITH and WITHOUT_INET6_SUPPORT.
Approved by: glebius (mentor)
MFC after:3 days
Modified:
head/sbin/ipf/Makefile.inc
head/sys/contrib/ipfilter/netinet/ip_compat.h
Modified: head/sbin/ipf/Makefile.inc
==
--- head/sbin/ipf/Makefile.inc Tue Aug 5 12:08:50 2014(r269584)
+++ head/sbin/ipf/Makefile.inc Tue Aug 5 13:01:21 2014(r269585)
@@ -1,5 +1,7 @@
# $FreeBSD$
+.include
+
WARNS?=2
NO_WFORMAT=
NO_WARRAY_BOUNDS=
@@ -10,6 +12,12 @@ CFLAGS+= -I${.CURDIR}/../../../sys
CFLAGS+= -I${.CURDIR}/../../../sys/contrib/ipfilter
CFLAGS+= -DSTATETOP -D__UIO_EXPOSE
+.if ${MK_INET6_SUPPORT} != "no"
+CFLAGS+= -DUSE_INET6
+.else
+CFLAGS+= -DNOINET6
+.endif
+
LIBIPF=${.OBJDIR}/../libipf/libipf.a
DPADD+=${LIBIPF} ${LIBKVM}
LDADD+=${LIBIPF} -lkvm
Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h
==
--- head/sys/contrib/ipfilter/netinet/ip_compat.h Tue Aug 5 12:08:50
2014(r269584)
+++ head/sys/contrib/ipfilter/netinet/ip_compat.h Tue Aug 5 13:01:21
2014(r269585)
@@ -118,6 +118,10 @@ struct ether_addr {
# if defined(INET6) && !defined(USE_INET6)
# define USE_INET6
# endif
+# else
+# if !defined(USE_INET6) && !defined(NOINET6)
+# define USE_INET6
+# endif
# endif
# if defined(_KERNEL)
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r269696 - in stable/10: sbin/ipf sys/contrib/ipfilter/netinet
Author: cy
Date: Fri Aug 8 00:58:24 2014
New Revision: 269696
URL: http://svnweb.freebsd.org/changeset/base/269696
Log:
MFC r269585 - Honour WITH and WITHOUT_INET6_SUPPORT.
Approved by: glebius (mentor - implicit)
Modified:
stable/10/sbin/ipf/Makefile.inc
stable/10/sys/contrib/ipfilter/netinet/ip_compat.h
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sbin/ipf/Makefile.inc
==
--- stable/10/sbin/ipf/Makefile.inc Thu Aug 7 22:14:37 2014
(r269695)
+++ stable/10/sbin/ipf/Makefile.inc Fri Aug 8 00:58:24 2014
(r269696)
@@ -1,5 +1,7 @@
# $FreeBSD$
+.include
+
WARNS?=2
NO_WFORMAT=
NO_WARRAY_BOUNDS=
@@ -10,6 +12,12 @@ CFLAGS+= -I${.CURDIR}/../../../sys
CFLAGS+= -I${.CURDIR}/../../../sys/contrib/ipfilter
CFLAGS+= -DSTATETOP -D__UIO_EXPOSE
+.if ${MK_INET6_SUPPORT} != "no"
+CFLAGS+= -DUSE_INET6
+.else
+CFLAGS+= -DNOINET6
+.endif
+
LIBIPF=${.OBJDIR}/../libipf/libipf.a
DPADD+=${LIBIPF} ${LIBKVM}
LDADD+=${LIBIPF} -lkvm
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_compat.h
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_compat.h Thu Aug 7 22:14:37
2014(r269695)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_compat.h Fri Aug 8 00:58:24
2014(r269696)
@@ -118,6 +118,10 @@ struct ether_addr {
# if defined(INET6) && !defined(USE_INET6)
# define USE_INET6
# endif
+# else
+# if !defined(USE_INET6) && !defined(NOINET6)
+# define USE_INET6
+# endif
# endif
# if defined(_KERNEL)
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r275199 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Fri Nov 28 04:07:06 2014
New Revision: 275199
URL: https://svnweb.freebsd.org/changeset/base/275199
Log:
Correctly define constants.
MFC after:1 week
Modified:
head/sys/contrib/ipfilter/netinet/fil.c
head/sys/contrib/ipfilter/netinet/ip_frag.c
Modified: head/sys/contrib/ipfilter/netinet/fil.c
==
--- head/sys/contrib/ipfilter/netinet/fil.c Thu Nov 27 23:42:32 2014
(r275198)
+++ head/sys/contrib/ipfilter/netinet/fil.c Fri Nov 28 04:07:06 2014
(r275199)
@@ -252,7 +252,7 @@ static conststruct optlist ipopts[20] =
};
#ifdef USE_INET6
-static struct optlist ip6exthdr[] = {
+static const struct optlist ip6exthdr[] = {
{ IPPROTO_HOPOPTS, 0x01 },
{ IPPROTO_IPV6, 0x02 },
{ IPPROTO_ROUTING, 0x04 },
Modified: head/sys/contrib/ipfilter/netinet/ip_frag.c
==
--- head/sys/contrib/ipfilter/netinet/ip_frag.c Thu Nov 27 23:42:32 2014
(r275198)
+++ head/sys/contrib/ipfilter/netinet/ip_frag.c Fri Nov 28 04:07:06 2014
(r275199)
@@ -112,7 +112,7 @@ static void ipf_frag_free __P((ipf_frag_
static frentry_t ipfr_block;
-ipftuneable_t ipf_tuneables[] = {
+const ipftuneable_t ipf_tuneables[] = {
{ { (void *)offsetof(ipf_frag_softc_t, ipfr_size) },
"frag_size",1, 0x7fff,
stsizeof(ipf_frag_softc_t, ipfr_size),
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r275213 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Fri Nov 28 20:39:35 2014
New Revision: 275213
URL: https://svnweb.freebsd.org/changeset/base/275213
Log:
MFC r274744.
Set the current vnet inside the ioctl handler for ipfilter.
Without this fix, the vnet was NULL and would crash.
This fix is similar to what was done inside the ioctl handler for PF.
Tested by:
(1) Boot a kernel with "options VIMAGE" enabled
(2) Type:
echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" >
/etc/ipnat.rules ; service ipnat onerestart
PR: 176992
Differential Revision: https://reviews.freebsd.org/D1191
Modified:
stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Fri Nov 28
19:21:46 2014(r275212)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Fri Nov 28
20:39:35 2014(r275213)
@@ -33,6 +33,9 @@ static const char rcsid[] = "@(#)$Id$";
#include
#include
# include
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 80)
+#include
+#endif
# include
# include
#if !defined(__hpux)
@@ -52,6 +55,12 @@ static const char rcsid[] = "@(#)$Id$";
#include
#include
#include
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 80)
+#include
+#else
+#define CURVNET_SET(arg)
+#define CURVNET_RESTORE()
+#endif
#if defined(__osf__)
# include
#endif
@@ -323,7 +332,9 @@ ipfioctl(dev, cmd, data, mode
SPL_NET(s);
+ CURVNET_SET(TD_TO_VNET(p));
error = ipf_ioctlswitch(&ipfmain, unit, data, cmd, mode, p->p_uid, p);
+ CURVNET_RESTORE();
if (error != -1) {
SPL_X(s);
return error;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r275690 - stable/10/sys/contrib/ipfilter/netinet
Author: cy
Date: Wed Dec 10 20:54:23 2014
New Revision: 275690
URL: https://svnweb.freebsd.org/changeset/base/275690
Log:
MFC r275199.
Correctly define constants.
Modified:
stable/10/sys/contrib/ipfilter/netinet/fil.c
stable/10/sys/contrib/ipfilter/netinet/ip_frag.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/10/sys/contrib/ipfilter/netinet/fil.cWed Dec 10 20:44:51
2014(r275689)
+++ stable/10/sys/contrib/ipfilter/netinet/fil.cWed Dec 10 20:54:23
2014(r275690)
@@ -252,7 +252,7 @@ static conststruct optlist ipopts[20] =
};
#ifdef USE_INET6
-static struct optlist ip6exthdr[] = {
+static const struct optlist ip6exthdr[] = {
{ IPPROTO_HOPOPTS, 0x01 },
{ IPPROTO_IPV6, 0x02 },
{ IPPROTO_ROUTING, 0x04 },
Modified: stable/10/sys/contrib/ipfilter/netinet/ip_frag.c
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_frag.cWed Dec 10 20:44:51
2014(r275689)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_frag.cWed Dec 10 20:54:23
2014(r275690)
@@ -112,7 +112,7 @@ static void ipf_frag_free __P((ipf_frag_
static frentry_t ipfr_block;
-ipftuneable_t ipf_tuneables[] = {
+const ipftuneable_t ipf_tuneables[] = {
{ { (void *)offsetof(ipf_frag_softc_t, ipfr_size) },
"frag_size",1, 0x7fff,
stsizeof(ipf_frag_softc_t, ipfr_size),
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r275969 - svnadmin/conf
Author: cy Date: Sat Dec 20 22:51:01 2014 New Revision: 275969 URL: https://svnweb.freebsd.org/changeset/base/275969 Log: Temporarily remove size limit restriction in order to import ntp-4.2.8 into the vendor branch. Modified: svnadmin/conf/sizelimit.conf Modified: svnadmin/conf/sizelimit.conf == --- svnadmin/conf/sizelimit.confSat Dec 20 22:12:04 2014 (r275968) +++ svnadmin/conf/sizelimit.confSat Dec 20 22:51:01 2014 (r275969) @@ -20,6 +20,7 @@ #lulf # adrian brooks +cy des dim ed ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r275971 - vendor/ntp/4.2.8
Author: cy Date: Sat Dec 20 22:56:06 2014 New Revision: 275971 URL: https://svnweb.freebsd.org/changeset/base/275971 Log: Tag ntp-4.2.8. Reviewed by: roberto Security: VUXML: 4033d826-87dd-11e4-9079-3c970e169bc2 Security: http://www.kb.cert.org/vuls/id/852879 Security: CVE-2014-9293 Security CVE-2014-9294 Security CVE-2014-9295 Security CVE-2014-9296 Added: vendor/ntp/4.2.8/ - copied from r275970, vendor/ntp/dist/ ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r275972 - svnadmin/conf
Author: cy Date: Sat Dec 20 22:58:43 2014 New Revision: 275972 URL: https://svnweb.freebsd.org/changeset/base/275972 Log: ntp-4.2.8 vendor import complete. Remove sizelimit restriction. Modified: svnadmin/conf/sizelimit.conf Modified: svnadmin/conf/sizelimit.conf == --- svnadmin/conf/sizelimit.confSat Dec 20 22:56:06 2014 (r275971) +++ svnadmin/conf/sizelimit.confSat Dec 20 22:58:43 2014 (r275972) @@ -20,7 +20,7 @@ #lulf # adrian brooks -cy +# cy des dim ed ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r277854 - head/etc/rc.d
Author: cy
Date: Wed Jan 28 21:01:55 2015
New Revision: 277854
URL: https://svnweb.freebsd.org/changeset/base/277854
Log:
ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4
and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table,
including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa
statement.
PR: 188318
MFC after:2 weeks
Modified:
head/etc/rc.d/ipfilter
Modified: head/etc/rc.d/ipfilter
==
--- head/etc/rc.d/ipfilter Wed Jan 28 20:22:48 2015(r277853)
+++ head/etc/rc.d/ipfilter Wed Jan 28 21:01:55 2015(r277854)
@@ -65,7 +65,6 @@ ipfilter_reload()
err 1 'Load of rules into alternate set failed;
aborting reload'
fi
fi
- ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -I -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r277854 - head/etc/rc.d
In message <201501282101.t0sl1ukn054...@svn.freebsd.org>, Cy Schubert
writes:
> Author: cy
> Date: Wed Jan 28 21:01:55 2015
> New Revision: 277854
> URL: https://svnweb.freebsd.org/changeset/base/277854
>
> Log:
> ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4
> and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table,
> including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa
> statement.
>
> PR: 188318
> MFC after: 2 weeks
>
> Modified:
> head/etc/rc.d/ipfilter
>
> Modified: head/etc/rc.d/ipfilter
> =
> =
> --- head/etc/rc.d/ipfilterWed Jan 28 20:22:48 2015(r277853)
> +++ head/etc/rc.d/ipfilterWed Jan 28 21:01:55 2015(r277854)
> @@ -65,7 +65,6 @@ ipfilter_reload()
> err 1 'Load of rules into alternate set failed; abortin
> g reload'
> fi
> fi
> - ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
> if [ -r "${ipv6_ipfilter_rules}" ]; then
> ${ipfilter_program:-/sbin/ipf} -I -6 \
> -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
>
A subsequent commit to this one will address the redundant ipf rules file
issue. As the next commit to this will affect POLA, it will not MFC to
stable/10. This commit is safe to MFC.
I will hold off committing the next change to this file for a while to
allow ample time for this commit to mature.
--
Cheers,
Cy Schubert or
FreeBSD UNIX: Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r282408 - in head: contrib/ntp contrib/ntp/adjtimed contrib/ntp/clockstuff contrib/ntp/html contrib/ntp/include contrib/ntp/include/isc contrib/ntp/kernel contrib/ntp/kernel/sys contrib...
Author: cy Date: Mon May 4 04:45:59 2015 New Revision: 282408 URL: https://svnweb.freebsd.org/changeset/base/282408 Log: MFV ntp 4.2.8p2 (r281348) Reviewed by:delphij (suggested MFC) Approved by: roberto Security: CVE-2015-1798, CVE-2015-1799 Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2 MFC after:1 month Added: head/contrib/ntp/scripts/update-leap/ - copied from r281348, vendor/ntp/dist/scripts/update-leap/ head/contrib/ntp/sntp/libevent/m4/acx_pthread.m4 - copied unchanged from r281348, vendor/ntp/dist/sntp/libevent/m4/acx_pthread.m4 head/contrib/ntp/sntp/m4/ax_c99_struct_init.m4 - copied unchanged from r281348, vendor/ntp/dist/sntp/m4/ax_c99_struct_init.m4 head/contrib/ntp/sntp/m4/openldap-thread-check.m4 - copied unchanged from r281348, vendor/ntp/dist/sntp/m4/openldap-thread-check.m4 head/contrib/ntp/sntp/m4/openldap.m4 - copied unchanged from r281348, vendor/ntp/dist/sntp/m4/openldap.m4 Deleted: head/contrib/ntp/sntp/libevent/README head/contrib/ntp/sntp/libevent/m4/openldap-thread-check.m4 head/contrib/ntp/sntp/libevent/m4/openldap.m4 head/contrib/ntp/util/jitter.h Modified: head/contrib/ntp/ChangeLog head/contrib/ntp/CommitLog head/contrib/ntp/Makefile.in head/contrib/ntp/NEWS head/contrib/ntp/aclocal.m4 head/contrib/ntp/adjtimed/Makefile.in head/contrib/ntp/clockstuff/Makefile.in head/contrib/ntp/config.h.in head/contrib/ntp/configure head/contrib/ntp/configure.ac head/contrib/ntp/html/build.html head/contrib/ntp/html/miscopt.html head/contrib/ntp/html/sntp.html head/contrib/ntp/include/Makefile.in head/contrib/ntp/include/binio.h head/contrib/ntp/include/isc/Makefile.in head/contrib/ntp/include/mbg_gps166.h head/contrib/ntp/include/ntp.h head/contrib/ntp/include/ntp_calendar.h head/contrib/ntp/include/ntp_fp.h head/contrib/ntp/include/ntp_md5.h head/contrib/ntp/include/ntpd.h head/contrib/ntp/include/parse.h head/contrib/ntp/include/parse_conf.h head/contrib/ntp/kernel/Makefile.in head/contrib/ntp/kernel/sys/Makefile.in head/contrib/ntp/kernel/sys/parsestreams.h head/contrib/ntp/lib/isc/inet_ntop.c head/contrib/ntp/lib/isc/log.c head/contrib/ntp/lib/isc/result.c head/contrib/ntp/lib/isc/unix/file.c head/contrib/ntp/lib/isc/unix/ifiter_getifaddrs.c head/contrib/ntp/lib/isc/unix/ifiter_ioctl.c head/contrib/ntp/lib/isc/unix/net.c head/contrib/ntp/libntp/Makefile.in head/contrib/ntp/libntp/ntp_calendar.c head/contrib/ntp/libntp/work_fork.c head/contrib/ntp/libparse/Makefile.in head/contrib/ntp/libparse/clk_computime.c head/contrib/ntp/libparse/clk_dcf7000.c head/contrib/ntp/libparse/clk_hopf6021.c head/contrib/ntp/libparse/clk_meinberg.c head/contrib/ntp/libparse/clk_rawdcf.c head/contrib/ntp/libparse/clk_rcc8000.c head/contrib/ntp/libparse/clk_schmid.c head/contrib/ntp/libparse/clk_sel240x.c head/contrib/ntp/libparse/clk_trimtaip.c head/contrib/ntp/libparse/clk_trimtsip.c head/contrib/ntp/libparse/clk_varitext.c head/contrib/ntp/libparse/clk_wharton.c head/contrib/ntp/libparse/data_mbg.c head/contrib/ntp/libparse/gpstolfp.c head/contrib/ntp/libparse/parse.c head/contrib/ntp/libparse/parse_conf.c head/contrib/ntp/libparse/parsesolaris.c head/contrib/ntp/libparse/parsestreams.c head/contrib/ntp/libparse/trim_info.c head/contrib/ntp/ntpd/Makefile.in head/contrib/ntp/ntpd/cmd_args.c head/contrib/ntp/ntpd/invoke-ntp.conf.texi head/contrib/ntp/ntpd/invoke-ntp.keys.texi head/contrib/ntp/ntpd/invoke-ntpd.texi head/contrib/ntp/ntpd/keyword-gen-utd head/contrib/ntp/ntpd/keyword-gen.c head/contrib/ntp/ntpd/ntp.conf.5man head/contrib/ntp/ntpd/ntp.conf.5mdoc head/contrib/ntp/ntpd/ntp.conf.def head/contrib/ntp/ntpd/ntp.conf.html head/contrib/ntp/ntpd/ntp.conf.man.in head/contrib/ntp/ntpd/ntp.conf.mdoc.in head/contrib/ntp/ntpd/ntp.keys.5man head/contrib/ntp/ntpd/ntp.keys.5mdoc head/contrib/ntp/ntpd/ntp.keys.html head/contrib/ntp/ntpd/ntp.keys.man.in head/contrib/ntp/ntpd/ntp.keys.mdoc.in head/contrib/ntp/ntpd/ntp_config.c head/contrib/ntp/ntpd/ntp_control.c head/contrib/ntp/ntpd/ntp_crypto.c head/contrib/ntp/ntpd/ntp_keyword.h head/contrib/ntp/ntpd/ntp_leapsec.c head/contrib/ntp/ntpd/ntp_loopfilter.c head/contrib/ntp/ntpd/ntp_parser.c head/contrib/ntp/ntpd/ntp_parser.h head/contrib/ntp/ntpd/ntp_peer.c head/contrib/ntp/ntpd/ntp_proto.c head/contrib/ntp/ntpd/ntpd-opts.c head/contrib/ntp/ntpd/ntpd-opts.h head/contrib/ntp/ntpd/ntpd.1ntpdman head/contrib/ntp/ntpd/ntpd.1ntpdmdoc head/contrib/ntp/ntpd/ntpd.c head/contrib/ntp/ntpd/ntpd.html head/contrib/ntp/ntpd/ntpd.man.in head/contrib/ntp/ntpd/ntpd.mdoc.in head/contrib/ntp/ntpd/ntpdbase-opts.def head/contrib/ntp/ntpd/refclock_palisade.c head/contrib/ntp/ntpd/refclock_palisade.h head/contrib/ntp/ntpd/refclock_parse.c head/contrib/ntp/ntpdate/Makefile.in head/contrib/ntp/ntpdc/Makefile.i
svn commit: r282415 - head/usr.sbin/ntp
Author: cy Date: Mon May 4 12:42:52 2015 New Revision: 282415 URL: https://svnweb.freebsd.org/changeset/base/282415 Log: Restore CPU dependent compile time conditionals. MFC after:1 month (with r281143 and r282408) Modified: head/usr.sbin/ntp/config.h Modified: head/usr.sbin/ntp/config.h == --- head/usr.sbin/ntp/config.h Mon May 4 09:33:57 2015(r282414) +++ head/usr.sbin/ntp/config.h Mon May 4 12:42:52 2015(r282415) @@ -1469,13 +1469,21 @@ /* #undef SCO5_CLOCK */ /* The size of `char*', as computed by sizeof. */ +#if defined(__alpha__) || defined(__sparc64__) || defined(__amd64__) #define SIZEOF_CHARP 8 +#else +#define SIZEOF_CHARP 4 +#endif /* The size of `int', as computed by sizeof. */ #define SIZEOF_INT 4 /* The size of `long', as computed by sizeof. */ +#if defined(__alpha__) || defined(__sparc64__) || defined(__amd64__) #define SIZEOF_LONG 8 +#else +#define SIZEOF_LONG 4 +#endif /* The size of `long long', as computed by sizeof. */ #define SIZEOF_LONG_LONG 8 @@ -1490,7 +1498,11 @@ #define SIZEOF_SIGNED_CHAR 1 /* The size of `time_t', as computed by sizeof. */ +#if defined(__alpha__) || defined(__sparc64__) || defined(__amd64__) #define SIZEOF_TIME_T 8 +#else +#define SIZEOF_TIME_T 4 +#endif /* Does SIOCGIFCONF return size in the buffer? */ /* #undef SIZE_RETURNED_IN_BUFFER */ @@ -1516,7 +1528,15 @@ /* #undef STRERROR_R_CHAR_P */ /* canonical system (cpu-vendor-os) of where we should run */ -#define STR_SYSTEM "amd64-portbld-freebsd10.1" +#if defined(__alpha__) +#define STR_SYSTEM "alpha-undermydesk-freebsd" +#elif defined(__sparc64__) +#define STR_SYSTEM "sparc64-undermydesk-freebsd" +#elif defined(__amd64__) +#define STR_SYSTEM "amd64-undermydesk-freebsd" +#else +#define STR_SYSTEM "i386-undermydesk-freebsd" +#endif /* Does Xettimeofday take 1 arg? */ /* #undef SYSV_TIMEOFDAY */ ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r282986 - head/share/mk
Author: cy
Date: Fri May 15 19:37:17 2015
New Revision: 282986
URL: https://svnweb.freebsd.org/changeset/base/282986
Log:
Correct location for libntpevent.a.
Modified:
head/share/mk/src.libnames.mk
Modified: head/share/mk/src.libnames.mk
==
--- head/share/mk/src.libnames.mk Fri May 15 18:25:48 2015
(r282985)
+++ head/share/mk/src.libnames.mk Fri May 15 19:37:17 2015
(r282986)
@@ -340,7 +340,7 @@ LIBNTPDIR= ${ROOTOBJDIR}/usr.sbin/ntp/li
LIBNTP?= ${LIBNTPDIR}/libntp.a
LIBNTPEVENTDIR=${ROOTOBJDIR}/usr.sbin/ntp/libntpevent
-LIBNTPEVENT?= ${LIBNTPDIR}/libntpevent.a
+LIBNTPEVENT?= ${LIBNTPEVENTDIR}/libntpevent.a
LIBOPTSDIR=${ROOTOBJDIR}/usr.sbin/ntp/libopts
LIBOTPS?= ${LIBOPTSDIR}/libopts.a
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r282415 - head/usr.sbin/ntp
In message <20150517190810.4006b...@bender.home>, Andrew Turner writes: > On Mon, 4 May 2015 12:42:53 + (UTC) > Cy Schubert wrote: > > > Author: cy > > Date: Mon May 4 12:42:52 2015 > > New Revision: 282415 > > URL: https://svnweb.freebsd.org/changeset/base/282415 > > > > Log: > > Restore CPU dependent compile time conditionals. > > > > MFC after:1 month (with r281143 and r282408) > > Do you have any plans on fixing this before you MFC it? Specifically: > * sizeof(char *) == 8 on arm64, powerpc64, and mips64 > * sizeof(long) == 8 on arm64, powerpc64, and mips64 > * sizeof(time_t) == 8 on arm, arm64, powerpc64, mips, and mips64 > * STR_SYSTEM is incorrect on arm, arm64, powerpc64, mips, and mips64, >however this is now less broken as it was previously also broken on >i386, and sparc64. > > This change is only correct for amd64, i386, and sparc64. That is correct. > > I suspect all of the above will also be relevant on ia64. We still have > support in 10-STABLE for this so should be fixed before an MFC. We should support ia64 at least until it's no longer supported in -stable. > > I have heard reports that NTP is broken on some of the above platforms > so they don't keep very accurate time. Can you fix this, or revert this > change until a fix can be written. Unfortunately -stable is currently as broken as it is in -current. The quick fix is to add all supported platforms. The other unfortunate fact is that, scanning the tree for other examples there's more code as broken as this is. I propose: 1. Fix NTP -- I will do this. I have some free time coming up this week to focus on this. 2. Identify other parts of the tree needing a little love and either putting it up on the wiki or in phabricator. 3. Fix #2 (either me or others as we see fit). Alternatively, a common solution for all parts of the tree, if possible. This is probably a long term solution though. (The purist in me prefers this but I am practical too.) -- Cheers, Cy Schubert or FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r280915 - head/contrib/ntp/ntpd
Author: cy
Date: Tue Mar 31 19:35:32 2015
New Revision: 280915
URL: https://svnweb.freebsd.org/changeset/base/280915
Log:
Fix build.
Modified:
head/contrib/ntp/ntpd/ntp_parser.y
Modified: head/contrib/ntp/ntpd/ntp_parser.y
==
--- head/contrib/ntp/ntpd/ntp_parser.y Tue Mar 31 19:12:13 2015
(r280914)
+++ head/contrib/ntp/ntpd/ntp_parser.y Tue Mar 31 19:35:32 2015
(r280915)
@@ -8,8 +8,8 @@
* Copyright (c) 2006
*/
-%parse-param {struct FILE_INFO *ip_file}
-%lex-param {struct FILE_INFO *ip_file}
+%parse-param { struct FILE_INFO *ip_file }
+%lex-param { struct FILE_INFO *ip_file }
%{
#ifdef HAVE_CONFIG_H
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r280849 - in head: contrib/ntp contrib/ntp/adjtimed contrib/ntp/arlib contrib/ntp/clockstuff contrib/ntp/conf contrib/ntp/html contrib/ntp/html/build contrib/ntp/html/drivers contri
In message
, NGie Cooper writes:
> On Mon, Mar 30, 2015 at 6:30 AM, Cy Schubert wrote:
> > Author: cy
> > Date: Mon Mar 30 13:30:15 2015
> > New Revision: 280849
> > URL: https://svnweb.freebsd.org/changeset/base/280849
> >
> > Log:
> > MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)
> >
> > Thanks to roberto for providing pointers to wedge this into HEAD.
> >
> > Approved by: roberto
>
> This change broke the build. Please fix :(.
>
IIRC this is the fix.
Index: ntp_parser.y
===
--- ntp_parser.y(revision 280914)
+++ ntp_parser.y(revision 280915)
@@ -8,8 +8,8 @@
* Copyright (c) 2006
*/
-%parse-param {struct FILE_INFO *ip_file}
-%lex-param {struct FILE_INFO *ip_file}
+%parse-param { struct FILE_INFO *ip_file }
+%lex-param { struct FILE_INFO *ip_file }
%{
#ifdef HAVE_CONFIG_H
--
Cheers,
Cy Schubert or
FreeBSD UNIX: Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r280915 - head/contrib/ntp/ntpd
In message , NGie Cooper writes: > On Tue, Mar 31, 2015 at 12:35 PM, Cy Schubert wrote: > > Author: cy > > Date: Tue Mar 31 19:35:32 2015 > > New Revision: 280915 > > URL: https://svnweb.freebsd.org/changeset/base/280915 > > > > Log: > > Fix build. > > > > Modified: > > head/contrib/ntp/ntpd/ntp_parser.y > > That fixed it -- thanks :)! > Strangely I had no such issues locally. Having to put spaces around curly braces would appear to work around a bug. Is this normal for YACC? -- Cheers, Cy Schubert or FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r281015 - head/contrib/ntp/ntpd
Author: cy Date: Fri Apr 3 10:17:36 2015 New Revision: 281015 URL: https://svnweb.freebsd.org/changeset/base/281015 Log: Remove rednandt file. Submitted by: jkim Deleted: head/contrib/ntp/ntpd/ntp_parser.y ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r281016 - head/contrib/ntp/ntpd
Author: cy
Date: Fri Apr 3 10:20:59 2015
New Revision: 281016
URL: https://svnweb.freebsd.org/changeset/base/281016
Log:
Fix merge error.
Submitted by: jkim
Modified:
head/contrib/ntp/ntpd/ntp_crypto.c
Modified: head/contrib/ntp/ntpd/ntp_crypto.c
==
--- head/contrib/ntp/ntpd/ntp_crypto.c Fri Apr 3 10:17:36 2015
(r281015)
+++ head/contrib/ntp/ntpd/ntp_crypto.c Fri Apr 3 10:20:59 2015
(r281016)
@@ -826,10 +826,10 @@ crypto_recv(
* Decrypt the cookie, hunting all the time for
* errors.
*/
- if (vallen == (u_int) EVP_PKEY_size(host_pkey)) {
+ if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
u_int32 *cookiebuf = malloc(
RSA_size(host_pkey->pkey.rsa));
- if (cookiebuf == NULL) {
+ if (!cookiebuf) {
rval = XEVNT_CKY;
break;
}
@@ -3817,7 +3817,7 @@ crypto_setup(void)
randfile);
exit (-1);
}
- get_systime(&seed);
+ arc4random_buf(&seed, sizeof(l_fp));
RAND_seed(&seed, sizeof(l_fp));
RAND_write_file(randfile);
#ifdef DEBUG
@@ -3850,36 +3850,6 @@ crypto_setup(void)
pinfo = crypto_key(filename, passwd, NULL);
if (pinfo == NULL) {
msyslog(LOG_ERR,
- "crypto_setup: random seed file not specified");
- exit (-1);
- }
- if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
- msyslog(LOG_ERR,
- "crypto_setup: random seed file %s not found\n",
- rand_file);
- exit (-1);
- }
- arc4random_buf(&seed, sizeof(l_fp));
- RAND_seed(&seed, sizeof(l_fp));
- RAND_write_file(rand_file);
- OpenSSL_add_all_algorithms();
-#ifdef DEBUG
- if (debug)
- printf(
- "crypto_setup: OpenSSL version %lx random seed file %s
bytes read %d\n",
- SSLeay(), rand_file, bytes);
-#endif
-
- /*
-* Load required host key from file "ntpkey_host_". If
-* no host key file is not found or has invalid password, life
-* as we know it ends. The host key also becomes the default
-* sign key.
-*/
- snprintf(filename, sizeof(filename), "ntpkey_host_%s", hostname);
- pinfo = crypto_key(filename, passwd, NULL);
- if (pinfo == NULL) {
- msyslog(LOG_ERR,
"crypto_setup: host key file %s not found or corrupt",
filename);
exit (-1);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r278284 - in vendor/ntp/dist: . adjtimed clockstuff html html/drivers html/pic include include/isc kernel kernel/sys lib/isc lib/isc/include/isc lib/isc/unix libjsmn libntp libparse ntp...
Author: cy Date: Thu Feb 5 20:53:33 2015 New Revision: 278284 URL: https://svnweb.freebsd.org/changeset/base/278284 Log: Vendor import ntp-4.2.8p1. Approved by: roberto Added: vendor/ntp/dist/html/pic/ vendor/ntp/dist/html/pic/9400n.jpg (contents, props changed) vendor/ntp/dist/html/pic/alice11.gif (contents, props changed) vendor/ntp/dist/html/pic/alice13.gif (contents, props changed) vendor/ntp/dist/html/pic/alice15.gif (contents, props changed) vendor/ntp/dist/html/pic/alice23.gif (contents, props changed) vendor/ntp/dist/html/pic/alice31.gif (contents, props changed) vendor/ntp/dist/html/pic/alice32.gif (contents, props changed) vendor/ntp/dist/html/pic/alice35.gif (contents, props changed) vendor/ntp/dist/html/pic/alice38.gif (contents, props changed) vendor/ntp/dist/html/pic/alice44.gif (contents, props changed) vendor/ntp/dist/html/pic/alice47.gif (contents, props changed) vendor/ntp/dist/html/pic/alice51.gif (contents, props changed) vendor/ntp/dist/html/pic/alice61.gif (contents, props changed) vendor/ntp/dist/html/pic/barnstable.gif (contents, props changed) vendor/ntp/dist/html/pic/beaver.gif (contents, props changed) vendor/ntp/dist/html/pic/boom3.gif (contents, props changed) vendor/ntp/dist/html/pic/boom3a.gif (contents, props changed) vendor/ntp/dist/html/pic/boom4.gif (contents, props changed) vendor/ntp/dist/html/pic/broad.gif (contents, props changed) vendor/ntp/dist/html/pic/bustardfly.gif (contents, props changed) vendor/ntp/dist/html/pic/c51.jpg (contents, props changed) vendor/ntp/dist/html/pic/description.jpg (contents, props changed) vendor/ntp/dist/html/pic/discipline.gif (contents, props changed) vendor/ntp/dist/html/pic/dogsnake.gif (contents, props changed) vendor/ntp/dist/html/pic/driver29.gif (contents, props changed) vendor/ntp/dist/html/pic/driver43_1.gif (contents, props changed) vendor/ntp/dist/html/pic/driver43_2.jpg (contents, props changed) vendor/ntp/dist/html/pic/fg6021.gif (contents, props changed) vendor/ntp/dist/html/pic/fg6039.jpg (contents, props changed) vendor/ntp/dist/html/pic/fig_3_1.gif (contents, props changed) vendor/ntp/dist/html/pic/flatheads.gif (contents, props changed) vendor/ntp/dist/html/pic/flt1.gif (contents, props changed) vendor/ntp/dist/html/pic/flt2.gif (contents, props changed) vendor/ntp/dist/html/pic/flt3.gif (contents, props changed) vendor/ntp/dist/html/pic/flt4.gif (contents, props changed) vendor/ntp/dist/html/pic/flt5.gif (contents, props changed) vendor/ntp/dist/html/pic/flt6.gif (contents, props changed) vendor/ntp/dist/html/pic/flt7.gif (contents, props changed) vendor/ntp/dist/html/pic/flt8.gif (contents, props changed) vendor/ntp/dist/html/pic/flt9.gif (contents, props changed) vendor/ntp/dist/html/pic/freq1211.gif (contents, props changed) vendor/ntp/dist/html/pic/gadget.jpg (contents, props changed) vendor/ntp/dist/html/pic/gps167.jpg (contents, props changed) vendor/ntp/dist/html/pic/group.gif (contents, props changed) vendor/ntp/dist/html/pic/hornraba.gif (contents, props changed) vendor/ntp/dist/html/pic/igclock.gif (contents, props changed) vendor/ntp/dist/html/pic/neoclock4x.gif (contents, props changed) vendor/ntp/dist/html/pic/offset1211.gif (contents, props changed) vendor/ntp/dist/html/pic/oncore_evalbig.gif (contents, props changed) vendor/ntp/dist/html/pic/oncore_remoteant.jpg (contents, props changed) vendor/ntp/dist/html/pic/oncore_utplusbig.gif (contents, props changed) vendor/ntp/dist/html/pic/oz2.gif (contents, props changed) vendor/ntp/dist/html/pic/panda.gif (contents, props changed) vendor/ntp/dist/html/pic/pd_om006.gif (contents, props changed) vendor/ntp/dist/html/pic/pd_om011.gif (contents, props changed) vendor/ntp/dist/html/pic/peer.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo1a.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo3a.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo4.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo5.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo6.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo7.gif (contents, props changed) vendor/ntp/dist/html/pic/pogo8.gif (contents, props changed) vendor/ntp/dist/html/pic/pzf509.jpg (contents, props changed) vendor/ntp/dist/html/pic/pzf511.jpg (contents, props changed) vendor/ntp/dist/html/pic/rabbit.gif (contents, props changed) vendor/ntp/dist/html/pic/radio2.jpg (contents, props changed) vendor/ntp/dist/html/pic/sheepb.jpg (contents, props changed) vendor/ntp/dist/html/pic/stack1a.jpg (contents, props changed) vendor/ntp/dist/html/pic/stats.gif (contents, props changed) vendor/ntp/dist/html/pic/sx5.gif (contents,
svn commit: r278285 - vendor/ntp/4.2.8p1
Author: cy Date: Thu Feb 5 20:55:55 2015 New Revision: 278285 URL: https://svnweb.freebsd.org/changeset/base/278285 Log: Tag ntp-4.2.8p1. Approved by: roberto Added: vendor/ntp/4.2.8p1/ - copied from r278284, vendor/ntp/dist/ ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r278550 - stable/10/etc/rc.d
Author: cy
Date: Wed Feb 11 02:43:58 2015
New Revision: 278550
URL: https://svnweb.freebsd.org/changeset/base/278550
Log:
MFC r277854:
ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4
and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table,
including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa
statement.
PR: 188318
Modified:
stable/10/etc/rc.d/ipfilter
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/etc/rc.d/ipfilter
==
--- stable/10/etc/rc.d/ipfilter Wed Feb 11 02:02:56 2015(r278549)
+++ stable/10/etc/rc.d/ipfilter Wed Feb 11 02:43:58 2015(r278550)
@@ -65,7 +65,6 @@ ipfilter_reload()
err 1 'Load of rules into alternate set failed;
aborting reload'
fi
fi
- ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -I -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r271970 - head/contrib/ipfilter/lib
Author: cy
Date: Mon Sep 22 16:03:29 2014
New Revision: 271970
URL: http://svnweb.freebsd.org/changeset/base/271970
Log:
ipv6 address for test.hosts.dots in wrong byte order.
Approved by: glebius (mentor)
Obtained from:ipfilter CVS repo (r1.11), netbsd CVS repo (r1.5)
Modified:
head/contrib/ipfilter/lib/gethost.c
Modified: head/contrib/ipfilter/lib/gethost.c
==
--- head/contrib/ipfilter/lib/gethost.c Mon Sep 22 15:32:31 2014
(r271969)
+++ head/contrib/ipfilter/lib/gethost.c Mon Sep 22 16:03:29 2014
(r271970)
@@ -25,10 +25,10 @@ int gethost(family, name, hostp)
}
#ifdef USE_INET6
if (family == AF_INET6) {
- hostp->i6[0] = 0xfe80aa55;
- hostp->i6[1] = 0x12345678;
- hostp->i6[2] = 0x5a5aa5a5;
- hostp->i6[3] = 0xfedcba98;
+ hostp->i6[0] = htonl(0xfe80aa55);
+ hostp->i6[1] = htonl(0x12345678);
+ hostp->i6[2] = htonl(0x5a5aa5a5);
+ hostp->i6[3] = htonl(0xfedcba98);
}
#endif
return 0;
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r271971 - head/contrib/ipfilter/lib
Author: cy
Date: Mon Sep 22 16:06:37 2014
New Revision: 271971
URL: http://svnweb.freebsd.org/changeset/base/271971
Log:
#553 gethost needs to zero entire IP address structure
Approved by: glebius (mentor)
Obtained from:ipfilter CVS repo (r1.11)
Modified:
head/contrib/ipfilter/lib/gethost.c
Modified: head/contrib/ipfilter/lib/gethost.c
==
--- head/contrib/ipfilter/lib/gethost.c Mon Sep 22 16:03:29 2014
(r271970)
+++ head/contrib/ipfilter/lib/gethost.c Mon Sep 22 16:06:37 2014
(r271971)
@@ -19,6 +19,7 @@ int gethost(family, name, hostp)
struct netent *n;
u_32_t addr;
+ bzero(hostp, sizeof(*hostp));
if (!strcmp(name, "test.host.dots")) {
if (family == AF_INET) {
hostp->in4.s_addr = htonl(0xfedcba98);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r271972 - head/contrib/ipfilter/lib
Author: cy
Date: Mon Sep 22 16:09:18 2014
New Revision: 271972
URL: http://svnweb.freebsd.org/changeset/base/271972
Log:
#536 ipnat can try to print rule as dstlist incorrectly
Approved by: glebius (mentor)
Obtained from:ipfilter CVS repo (r1.14), netbsd CVS repo (r1.3)
Modified:
head/contrib/ipfilter/lib/printnat.c
Modified: head/contrib/ipfilter/lib/printnat.c
==
--- head/contrib/ipfilter/lib/printnat.cMon Sep 22 16:06:37 2014
(r271971)
+++ head/contrib/ipfilter/lib/printnat.cMon Sep 22 16:09:18 2014
(r271972)
@@ -153,7 +153,8 @@ printnat(np, opts)
} else if (np->in_redir & NAT_REWRITE) {
PRINTF(" -> src ");
- if (np->in_nsrc.na_type == IPLT_DSTLIST) {
+ if (np->in_nsrc.na_atype == FRI_LOOKUP &&
+ np->in_nsrc.na_type == IPLT_DSTLIST) {
PRINTF("dstlist/");
if (np->in_nsrc.na_subtype == 0)
PRINTF("%d", np->in_nsrc.na_num);
@@ -174,7 +175,8 @@ printnat(np, opts)
}
}
PRINTF(" dst ");
- if (np->in_ndst.na_type == IPLT_DSTLIST) {
+ if (np->in_ndst.na_atype == FRI_LOOKUP &&
+ np->in_ndst.na_type == IPLT_DSTLIST) {
PRINTF("dstlist/");
if (np->in_ndst.na_subtype == 0)
PRINTF("%d", np->in_nsrc.na_num);
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r271974 - head/contrib/ipfilter/tools
Author: cy
Date: Mon Sep 22 16:13:38 2014
New Revision: 271974
URL: http://svnweb.freebsd.org/changeset/base/271974
Log:
#551 ipf.conf address structure not properly zero filled
Approved by: glebius (mentor)
Obtained from:ipfilter CVS repo (r1.37), netbsd CVS repo (r1.3)
Modified:
head/contrib/ipfilter/tools/ipf_y.y
Modified: head/contrib/ipfilter/tools/ipf_y.y
==
--- head/contrib/ipfilter/tools/ipf_y.y Mon Sep 22 16:13:33 2014
(r271973)
+++ head/contrib/ipfilter/tools/ipf_y.y Mon Sep 22 16:13:38 2014
(r271974)
@@ -1020,12 +1020,13 @@ addr: pool '/' YY_NUMBER { pooled = 1;
yyexpectaddr = 0; }
;
-ipaddr:IPFY_ANY{ bzero(&($$), sizeof($$));
+ipaddr:IPFY_ANY{ memset(&($$), 0, sizeof($$));
$$.type = FRI_NORMAL;
$$.ifpos = -1;
yyexpectaddr = 0;
}
- | hostname { $$.a = $1.adr;
+ | hostname { memset(&($$), 0, sizeof($$));
+ $$.a = $1.adr;
$$.f = $1.f;
if ($1.f == AF_INET6)
fill6bits(128, $$.m.i6);
@@ -1038,7 +1039,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
| hostname { yyresetdict(); }
maskspace { yysetdict(maskwords);
yyexpectaddr = 2; }
- ipmask { ntomask($1.f, $5, $$.m.i6);
+ ipmask { memset(&($$), 0, sizeof($$));
+ ntomask($1.f, $5, $$.m.i6);
$$.a = $1.adr;
$$.a.i6[0] &= $$.m.i6[0];
$$.a.i6[1] &= $$.m.i6[1];
@@ -1060,7 +1062,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
yyresetdict();
yyexpectaddr = 0;
}
- | '(' YY_STR ')'{ $$.type = FRI_DYNAMIC;
+ | '(' YY_STR ')'{ memset(&($$), 0, sizeof($$));
+ $$.type = FRI_DYNAMIC;
ifpflag = FRI_DYNAMIC;
$$.ifpos = addname(&fr, $2);
$$.lif = 0;
@@ -1068,7 +1071,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
| '(' YY_STR ')' '/'
{ ifpflag = FRI_DYNAMIC; yysetdict(maskwords); }
maskopts
- { $$.type = ifpflag;
+ { memset(&($$), 0, sizeof($$));
+ $$.type = ifpflag;
$$.ifpos = addname(&fr, $2);
$$.lif = 0;
if (frc->fr_family == AF_UNSPEC)
@@ -1083,7 +1087,8 @@ ipaddr: IPFY_ANY{ bzero(&($$),
sizeof
| '(' YY_STR ':' YY_NUMBER ')' '/'
{ ifpflag = FRI_DYNAMIC; yysetdict(maskwords); }
maskopts
- { $$.type = ifpflag;
+ { memset(&($$), 0, sizeof($$));
+ $$.type = ifpflag;
$$.ifpos = addname(&fr, $2);
$$.lif = $4;
if (frc->fr_family == AF_UNSPEC)
@@ -1142,30 +1147,35 @@ maskopts:
;
hostname:
- ipv4{ $$.adr.in4 = $1;
+ ipv4{ memset(&($$), 0, sizeof($$));
+ $$.adr.in4 = $1;
if (frc->fr_family == AF_INET6)
YYERROR;
$$.f = AF_INET;
yyexpectaddr = 2;
}
- | YY_NUMBER { if (frc->fr_family == AF_INET6)
+ | YY_NUMBER { memset(&($$), 0, sizeof($$));
+ if (frc->fr_family == AF_INET6)
YYERROR;
$$.adr.in4_addr = $1;
$$.f = AF_INET;
svn commit: r271977 - head/contrib/ipfilter/tools
Author: cy
Date: Mon Sep 22 16:21:25 2014
New Revision: 271977
URL: http://svnweb.freebsd.org/changeset/base/271977
Log:
3561691 gethost never returns an ipv6 address
Approved by: glebius (mentor)
Obtained from:ipfilter CVS repo (r1.34), netbsd CVS repo (r1.4)
Modified:
head/contrib/ipfilter/tools/ipnat_y.y
Modified: head/contrib/ipfilter/tools/ipnat_y.y
==
--- head/contrib/ipfilter/tools/ipnat_y.y Mon Sep 22 16:20:47 2014
(r271976)
+++ head/contrib/ipfilter/tools/ipnat_y.y Mon Sep 22 16:21:25 2014
(r271977)
@@ -1164,17 +1164,19 @@ hexnumber:
hostname:
YY_STR { i6addr_t addr;
+ int family;
+#ifdef USE_INET6
+ if (nat->in_v[0] == 6)
+ family = AF_INET6;
+ else
+#endif
+ family = AF_INET;
bzero(&$$, sizeof($$));
- if (gethost(AF_INET, $1,
- &addr) == 0) {
- $$.a = addr;
- $$.f = AF_INET;
- } else
- if (gethost(AF_INET6, $1,
+ $$.f = family;
+ if (gethost(family, $1,
&addr) == 0) {
$$.a = addr;
- $$.f = AF_INET6;
} else {
FPRINTF(stderr,
"Unknown host '%s'\n",
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r271978 - head/contrib/ipfilter/tools
Author: cy
Date: Mon Sep 22 16:35:48 2014
New Revision: 271978
URL: http://svnweb.freebsd.org/changeset/base/271978
Log:
#552 destination port not zero after parsing nat rule
Approved by: glebius (mentor)
Obtained from:netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
Modified:
head/contrib/ipfilter/tools/ipnat_y.y
Modified: head/contrib/ipfilter/tools/ipnat_y.y
==
--- head/contrib/ipfilter/tools/ipnat_y.y Mon Sep 22 16:21:25 2014
(r271977)
+++ head/contrib/ipfilter/tools/ipnat_y.y Mon Sep 22 16:35:48 2014
(r271978)
@@ -871,9 +871,9 @@ mapport:
}
free($2);
if ($3.p1 < 0 || $3.p1 > 65535)
- yyerror("invalid ICMP Id number");
+ yyerror("invalid 1st ICMP Id number");
if ($3.p2 < 0 || $3.p2 > 65535)
- yyerror("invalid ICMP Id number");
+ yyerror("invalid 2nd ICMP Id number");
if (strcmp($2, "ipv6-icmp") == 0) {
nat->in_pr[0] = IPPROTO_ICMPV6;
nat->in_pr[1] = IPPROTO_ICMPV6;
@@ -1058,7 +1058,7 @@ hash: IPNY_HASH { if
(!(nat->in_flags
;
portstuff:
- compare portspec{ $$.pc = $1; $$.p1 = $2; }
+ compare portspec{ $$.pc = $1; $$.p1 = $2; $$.p2 = 0; }
| portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; }
;
@@ -1151,7 +1151,7 @@ proto:YY_NUMBER { $$ = $1;
| YY_STR{ $$ = getproto($1);
free($1);
if ($$ == -1)
- yyerror("unknwon protocol");
+ yyerror("unknown protocol");
if ($$ != IPPROTO_TCP &&
$$ != IPPROTO_UDP)
suggest_port = 0;
@@ -1172,7 +1172,8 @@ hostname:
else
#endif
family = AF_INET;
- bzero(&$$, sizeof($$));
+ memset(&($$), 0, sizeof($$));
+ memset(&addr, 0, sizeof(addr));
$$.f = family;
if (gethost(family, $1,
&addr) == 0) {
@@ -1184,17 +1185,17 @@ hostname:
}
free($1);
}
- | YY_NUMBER { bzero(&$$, sizeof($$));
+ | YY_NUMBER { memset(&($$), 0, sizeof($$));
$$.a.in4.s_addr = htonl($1);
if ($$.a.in4.s_addr != 0)
$$.f = AF_INET;
}
| ipv4 { $$ = $1; }
- | YY_IPV6 { bzero(&$$, sizeof($$));
+ | YY_IPV6 { memset(&($$), 0, sizeof($$));
$$.a = $1;
$$.f = AF_INET6;
}
- | YY_NUMBER YY_IPV6 { bzero(&$$, sizeof($$));
+ | YY_NUMBER YY_IPV6 { memset(&($$), 0, sizeof($$));
$$.a = $2;
$$.f = AF_INET6;
}
@@ -1429,6 +1430,9 @@ setnatproto(p)
nat->in_flags |= IPN_UDP;
nat->in_flags &= ~IPN_TCP;
break;
+#ifdef USE_INET6
+ case IPPROTO_ICMPV6 :
+#endif
case IPPROTO_ICMP :
nat->in_flags &= ~IPN_TCPUDP;
if (!(nat->in_flags & IPN_ICMPQUERY) &&
@@ -1508,7 +1512,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
printnat(ipn, opts);
if (opts & OPT_DEBUG)
- binprint(ipn, sizeof(*ipn));
+ binprint(ipn, ipn->in_size);
if ((opts & OPT_ZERORULEST) != 0) {
if ((*ioctlfunc)(fd, add, (void *)&obj) == -1) {
___
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r271980 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Mon Sep 22 16:45:28 2014 New Revision: 271980 URL: http://svnweb.freebsd.org/changeset/base/271980 Log: Check for NULL before de-refencing; in particular sel is assigned to NULL, in the default case, and then couple of lines down we do sel-> Approved by: glebius (mentor) Obtained from:NetBSD CVS repo (r1.5) Modified: head/sys/contrib/ipfilter/netinet/ip_dstlist.c Modified: head/sys/contrib/ipfilter/netinet/ip_dstlist.c == --- head/sys/contrib/ipfilter/netinet/ip_dstlist.c Mon Sep 22 16:37:37 2014(r271979) +++ head/sys/contrib/ipfilter/netinet/ip_dstlist.c Mon Sep 22 16:45:28 2014(r271980) @@ -1134,7 +1134,7 @@ ipf_dstlist_select(fin, d) int family; int x; - if (d->ipld_dests == NULL || *d->ipld_dests == NULL) + if (d == NULL || d->ipld_dests == NULL || *d->ipld_dests == NULL) return NULL; family = fin->fin_family; @@ -1222,7 +1222,7 @@ ipf_dstlist_select(fin, d) break; } - if (sel->ipfd_dest.fd_addr.adf_family != family) + if (sel && sel->ipfd_dest.fd_addr.adf_family != family) sel = NULL; d->ipld_selected = sel; ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r272052 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Wed Sep 24 01:21:31 2014 New Revision: 272052 URL: http://svnweb.freebsd.org/changeset/base/272052 Log: ipfilter bug #558 add in some missing frag table function comments. Approved by: glebius (mentor) Obtained from:ipfilter CVS repo (r1.36) Modified: head/sys/contrib/ipfilter/netinet/ip_frag.c Modified: head/sys/contrib/ipfilter/netinet/ip_frag.c == --- head/sys/contrib/ipfilter/netinet/ip_frag.c Tue Sep 23 22:57:11 2014 (r272051) +++ head/sys/contrib/ipfilter/netinet/ip_frag.c Wed Sep 24 01:21:31 2014 (r272052) @@ -930,7 +930,8 @@ ipf_frag_known(fin, passp) /* */ /* Function:ipf_frag_natforget */ /* Returns: Nil */ -/* Parameters: ptr(I) - pointer to data structure */ +/* Parameters: softc(I) - pointer to soft context main structure */ +/* ptr(I) - pointer to data structure */ /* */ /* Search through all of the fragment cache entries for NAT and wherever a */ /* pointer is found to match ptr, reset it to NULL.*/ @@ -954,7 +955,8 @@ ipf_frag_natforget(softc, ptr) /* */ /* Function:ipf_frag_delete */ /* Returns: Nil */ -/* Parameters: fra(I) - pointer to fragment structure to delete */ +/* Parameters: softc(I) - pointer to soft context main structure */ +/* fra(I) - pointer to fragment structure to delete */ /* tail(IO) - pointer to the pointer to the tail of the frag */ /* list */ /* */ @@ -991,7 +993,10 @@ ipf_frag_delete(softc, fra, tail) /* */ /* Function:ipf_frag_free */ /* Returns: Nil */ +/* Parameters: softf(I) - pointer to fragment context information */ +/* fra(I) - pointer to fragment structure to free*/ /* */ +/* Free up a fragment cache entry and bump relevent statistics. */ /* */ static void ipf_frag_free(softf, fra) @@ -1007,7 +1012,7 @@ ipf_frag_free(softf, fra) /* */ /* Function:ipf_frag_clear */ /* Returns: Nil */ -/* Parameters: Nil */ +/* Parameters: softc(I) - pointer to soft context main structure */ /* */ /* Free memory in use by fragment state information kept. Do the normal*/ /* fragment state stuff first and then the NAT-fragment table. */ @@ -1048,7 +1053,7 @@ ipf_frag_clear(softc) /* */ /* Function:ipf_frag_expire */ /* Returns: Nil */ -/* Parameters: Nil */ +/* Parameters: softc(I) - pointer to soft context main structure */ /* */ /* Expire entries in the fragment cache table that have been there too long */ /* */ @@ -1120,6 +1125,13 @@ ipf_frag_expire(softc) /* */ /* Function:ipf_frag_pkt_next */ +/* Returns: int - 0 == success, else error */ +/* Parameters: softc(I) - pointer to soft context main structure */ +/* token(I) - pointer to token information for this caller */ +/* itp(I) - pointer to generic iterator from caller */ +/* */ +/* This function is used to step through the fragment cache list used for */ +/* filter rule
Re: svn commit: r349176 - head/sys/dev/random
In message <20190618185512.e2nbzwbtvxz2azge@mutt-hbsd>, Shawn Webb writes: > > --mmc352mzirnzscxj > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Tue, Jun 18, 2019 at 06:50:58PM +, Conrad Meyer wrote: > > Author: cem > > Date: Tue Jun 18 18:50:58 2019 > > New Revision: 349176 > > URL: https://svnweb.freebsd.org/changeset/base/349176 > >=20 > > Log: > > random(4): Fix a regression in short AES mode reads > > =20 > > In r349154, random device reads of size < 16 bytes (AES block size) were > > accidentally broken to loop forever. Correct the loop condition for sm= > all > > reads. > > =20 > > Reported by: pho > > Reviewed by: delphij > > Approved by: secteam(delphij) > > Differential Revision: https://reviews.freebsd.org/D20686 > > Hey Conrad, > > Thanks for fixing this issue! Any plans to MFC? Why? -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349182 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet
Author: cy
Date: Wed Jun 19 01:28:13 2019
New Revision: 349182
URL: https://svnweb.freebsd.org/changeset/base/349182
Log:
MFC r348985:
Enclose a long multi-line single conditional statement in braces to
improve legibility and aesthetics.
Modified:
stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Directory Properties:
stable/12/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/11/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c
==
--- stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 19 00:37:54
2019(r349181)
+++ stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 19 01:28:13
2019(r349182)
@@ -211,7 +211,7 @@ vnet_ipf_init(void)
else
defpass = "no-match -> block";
- if (IS_DEFAULT_VNET(curvnet))
+ if (IS_DEFAULT_VNET(curvnet)) {
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
@@ -225,6 +225,7 @@ vnet_ipf_init(void)
""
#endif
);
+ }
}
VNET_SYSINIT(vnet_ipf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,
vnet_ipf_init, NULL);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349182 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet
Author: cy
Date: Wed Jun 19 01:28:13 2019
New Revision: 349182
URL: https://svnweb.freebsd.org/changeset/base/349182
Log:
MFC r348985:
Enclose a long multi-line single conditional statement in braces to
improve legibility and aesthetics.
Modified:
stable/11/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Directory Properties:
stable/11/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/11/sys/contrib/ipfilter/netinet/mlfk_ipl.c
==
--- stable/11/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 19 00:37:54
2019(r349181)
+++ stable/11/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 19 01:28:13
2019(r349182)
@@ -211,7 +211,7 @@ vnet_ipf_init(void)
else
defpass = "no-match -> block";
- if (IS_DEFAULT_VNET(curvnet))
+ if (IS_DEFAULT_VNET(curvnet)) {
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
@@ -225,6 +225,7 @@ vnet_ipf_init(void)
""
#endif
);
+ }
}
VNET_SYSINIT(vnet_ipf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,
vnet_ipf_init, NULL);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349223 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet
Author: cy
Date: Thu Jun 20 05:01:35 2019
New Revision: 349223
URL: https://svnweb.freebsd.org/changeset/base/349223
Log:
MFC r349152:
Make ipf_objbytes a constant. ipf_objbytes is a table of internal data
structures that are saved across reboots by ipfs(8). The table is not
changed at runtime.
Modified:
stable/11/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
stable/11/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/12/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/11/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/11/sys/contrib/ipfilter/netinet/fil.cThu Jun 20 01:19:08
2019(r349222)
+++ stable/11/sys/contrib/ipfilter/netinet/fil.cThu Jun 20 05:01:35
2019(r349223)
@@ -6268,7 +6268,7 @@ ipf_ioctlswitch(softc, unit, data, cmd, mode, uid, ctx
* Flags:
* 1 = minimum size, not absolute size
*/
-static int ipf_objbytes[IPFOBJ_COUNT][3] = {
+static const int ipf_objbytes[IPFOBJ_COUNT][3] = {
{ 1,sizeof(struct frentry), 501 }, /* 0 */
{ 1,sizeof(struct friostat),501 },
{ 0,sizeof(struct fr_info), 501 },
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349223 - in stable: 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet
Author: cy
Date: Thu Jun 20 05:01:35 2019
New Revision: 349223
URL: https://svnweb.freebsd.org/changeset/base/349223
Log:
MFC r349152:
Make ipf_objbytes a constant. ipf_objbytes is a table of internal data
structures that are saved across reboots by ipfs(8). The table is not
changed at runtime.
Modified:
stable/12/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
stable/12/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/11/sys/contrib/ipfilter/netinet/fil.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/12/sys/contrib/ipfilter/netinet/fil.c
==
--- stable/12/sys/contrib/ipfilter/netinet/fil.cThu Jun 20 01:19:08
2019(r349222)
+++ stable/12/sys/contrib/ipfilter/netinet/fil.cThu Jun 20 05:01:35
2019(r349223)
@@ -6268,7 +6268,7 @@ ipf_ioctlswitch(softc, unit, data, cmd, mode, uid, ctx
* Flags:
* 1 = minimum size, not absolute size
*/
-static int ipf_objbytes[IPFOBJ_COUNT][3] = {
+static const int ipf_objbytes[IPFOBJ_COUNT][3] = {
{ 1,sizeof(struct frentry), 501 }, /* 0 */
{ 1,sizeof(struct friostat),501 },
{ 0,sizeof(struct fr_info), 501 },
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349331 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Mon Jun 24 02:58:02 2019 New Revision: 349331 URL: https://svnweb.freebsd.org/changeset/base/349331 Log: Clean out duplicate definitions of TCP macros also found in netinet/tcp.h. MFC after:1 week Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h == --- head/sys/contrib/ipfilter/netinet/ip_compat.h Mon Jun 24 02:39:56 2019(r349330) +++ head/sys/contrib/ipfilter/netinet/ip_compat.h Mon Jun 24 02:58:02 2019(r349331) @@ -829,37 +829,6 @@ typedefstruct tcpiphdrtcpiphdr_t; #undef IPOPT_AH #defineIPOPT_AH256+IPPROTO_AH -#ifndef TCPOPT_EOL -# define TCPOPT_EOL0 -#endif -#ifndef TCPOPT_NOP -# define TCPOPT_NOP1 -#endif -#ifndef TCPOPT_MAXSEG -# define TCPOPT_MAXSEG 2 -#endif -#ifndef TCPOLEN_MAXSEG -# define TCPOLEN_MAXSEG4 -#endif -#ifndef TCPOPT_WINDOW -# define TCPOPT_WINDOW 3 -#endif -#ifndef TCPOLEN_WINDOW -# define TCPOLEN_WINDOW3 -#endif -#ifndef TCPOPT_SACK_PERMITTED -# define TCPOPT_SACK_PERMITTED 4 -#endif -#ifndef TCPOLEN_SACK_PERMITTED -# define TCPOLEN_SACK_PERMITTED2 -#endif -#ifndef TCPOPT_SACK -# define TCPOPT_SACK 5 -#endif -#ifndef TCPOPT_TIMESTAMP -# define TCPOPT_TIMESTAMP 8 -#endif - #ifndefICMP_MINLEN # define ICMP_MINLEN 8 #endif ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349362 - head/sys/contrib/ipfilter/netinet
Author: cy Date: Tue Jun 25 07:04:47 2019 New Revision: 349362 URL: https://svnweb.freebsd.org/changeset/base/349362 Log: The definition of icmptypes in ip_compt.h is dead code as it already use the icmptypes in ip_icmp.h. MFC after:1 week Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h Modified: head/sys/contrib/ipfilter/netinet/ip_compat.h == --- head/sys/contrib/ipfilter/netinet/ip_compat.h Tue Jun 25 06:24:56 2019(r349361) +++ head/sys/contrib/ipfilter/netinet/ip_compat.h Tue Jun 25 07:04:47 2019(r349362) @@ -829,159 +829,9 @@ typedef struct tcpiphdrtcpiphdr_t; #undef IPOPT_AH #defineIPOPT_AH256+IPPROTO_AH -#ifndefICMP_MINLEN -# define ICMP_MINLEN 8 -#endif -#ifndefICMP_ECHOREPLY -# define ICMP_ECHOREPLY 0 -#endif -#ifndefICMP_UNREACH -# define ICMP_UNREACH3 -#endif -#ifndefICMP_UNREACH_NET -# define ICMP_UNREACH_NET0 -#endif -#ifndefICMP_UNREACH_HOST -# define ICMP_UNREACH_HOST 1 -#endif -#ifndefICMP_UNREACH_PROTOCOL -# define ICMP_UNREACH_PROTOCOL 2 -#endif -#ifndefICMP_UNREACH_PORT -# define ICMP_UNREACH_PORT 3 -#endif -#ifndefICMP_UNREACH_NEEDFRAG -# define ICMP_UNREACH_NEEDFRAG 4 -#endif -#ifndefICMP_UNREACH_SRCFAIL -# define ICMP_UNREACH_SRCFAIL5 -#endif -#ifndefICMP_UNREACH_NET_UNKNOWN -# define ICMP_UNREACH_NET_UNKNOWN6 -#endif -#ifndefICMP_UNREACH_HOST_UNKNOWN -# define ICMP_UNREACH_HOST_UNKNOWN 7 -#endif -#ifndefICMP_UNREACH_ISOLATED -# define ICMP_UNREACH_ISOLATED 8 -#endif -#ifndefICMP_UNREACH_NET_PROHIB -# define ICMP_UNREACH_NET_PROHIB 9 -#endif -#ifndefICMP_UNREACH_HOST_PROHIB -# define ICMP_UNREACH_HOST_PROHIB10 -#endif -#ifndefICMP_UNREACH_TOSNET -# define ICMP_UNREACH_TOSNET 11 -#endif -#ifndefICMP_UNREACH_TOSHOST -# define ICMP_UNREACH_TOSHOST12 -#endif -#ifndefICMP_UNREACH_ADMIN_PROHIBIT -# define ICMP_UNREACH_ADMIN_PROHIBIT 13 -#endif -#ifndefICMP_UNREACH_FILTER -# define ICMP_UNREACH_FILTER 13 -#endif -#ifndefICMP_UNREACH_HOST_PRECEDENCE -# define ICMP_UNREACH_HOST_PRECEDENCE14 -#endif -#ifndefICMP_UNREACH_PRECEDENCE_CUTOFF -# define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 -#endif -#ifndefICMP_SOURCEQUENCH -# define ICMP_SOURCEQUENCH 4 -#endif -#ifndefICMP_REDIRECT_NET -# define ICMP_REDIRECT_NET 0 -#endif -#ifndefICMP_REDIRECT_HOST -# define ICMP_REDIRECT_HOST 1 -#endif -#ifndefICMP_REDIRECT_TOSNET -# define ICMP_REDIRECT_TOSNET2 -#endif -#ifndefICMP_REDIRECT_TOSHOST -# define ICMP_REDIRECT_TOSHOST 3 -#endif -#ifndefICMP_ALTHOSTADDR -# define ICMP_ALTHOSTADDR6 -#endif -#ifndefICMP_TIMXCEED -# define ICMP_TIMXCEED 11 -#endif -#ifndefICMP_TIMXCEED_INTRANS -# define ICMP_TIMXCEED_INTRANS 0 -#endif -#ifndefICMP_TIMXCEED_REASS -# define ICMP_TIMXCEED_REASS 1 -#endif -#ifndefICMP_PARAMPROB -# define ICMP_PARAMPROB 12 -#endif -#ifndefICMP_PARAMPROB_ERRATPTR -# define ICMP_PARAMPROB_ERRATPTR 0 -#endif -#ifndefICMP_PARAMPROB_OPTABSENT -# define ICMP_PARAMPROB_OPTABSENT1 -#endif -#ifndefICMP_PARAMPROB_LENGTH -# define ICMP_PARAMPROB_LENGTH 2 -#endif -#ifndef ICMP_TSTAMP -# define ICMP_TSTAMP 13 -#endif -#ifndef ICMP_TSTAMPREPLY -# define ICMP_TSTAMPREPLY14 -#endif -#ifndef ICMP_IREQ -# define ICMP_IREQ 15 -#endif -#ifndef ICMP_IREQREPLY -# define ICMP_IREQREPLY 16 -#endif -#ifndefICMP_MASKREQ -# define ICMP_MASKREQ17 -#endif -#ifndef ICMP_MASKREPLY -# define ICMP_MASKREPLY 18 -#endif -#ifndefICMP_TRACEROUTE -# define ICMP_TRACEROUTE 30 -#endif -#ifndefICMP_DATACONVERR -# define ICMP_DATACONVERR31 -#endif -#ifndefICMP_MOBILE_REDIRECT -# define ICMP_MOBILE_REDIRECT32 -#endif -#ifndefICMP_IPV6_WHEREAREYOU -# define ICMP_IPV6_WHEREAREYOU 33 -#endif -#ifndefICMP_IPV6_IAMHERE -# define ICMP_IPV6_IAMHERE 34 -#endif -#ifndefICMP_MOBILE_REGREQUEST -# define ICMP_MOBILE_REGREQUEST 35 -#endif -#ifndefICMP_MOBILE_REGREPLY -# define ICMP_MOBILE_REGREPLY36 -#endif -#ifndefICMP_SKIP -# define ICMP_SKIP 39 -#endif -#ifndefICMP_PHOTURIS -# define ICMP_PHOTURIS 40 -#endif -#ifndefICMP_PHOTURIS_UNKNOWN_INDEX -# define ICMP_PHOTURIS_UNKNOWN_INDEX 1 -#endif -#ifndefICMP_PHOTURIS_AUTH_FAILED -# define ICMP_PHOTUR
svn commit: r349399 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Wed Jun 26 00:53:43 2019
New Revision: 349399
URL: https://svnweb.freebsd.org/changeset/base/349399
Log:
Prompted by r349366, ipfilter is also does not conform to RFC 3128
by dropping TCP fragments with offset = 1.
In addition to dropping these fragments, add a DTrace probe to allow
for more detailed monitoring and diagnosis if required.
MFC after:1 week
Modified:
head/sys/contrib/ipfilter/netinet/fil.c
Modified: head/sys/contrib/ipfilter/netinet/fil.c
==
--- head/sys/contrib/ipfilter/netinet/fil.c Wed Jun 26 00:06:41 2019
(r349398)
+++ head/sys/contrib/ipfilter/netinet/fil.c Wed Jun 26 00:53:43 2019
(r349399)
@@ -1723,6 +1723,10 @@ ipf_pr_ipv4hdr(fin)
* calculate the byte offset that it represents.
*/
off &= IP_MF|IP_OFFMASK;
+ if (off == 1 && p == IPPROTO_TCP) {
+ fin->fin_flx |= FI_SHORT; /* RFC 3128 */
+ DT1(ipf_fi_tcp_frag_off_1, fr_info_t *, fin);
+ }
if (off != 0) {
int morefrag = off & IP_MF;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349401 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Wed Jun 26 00:53:49 2019
New Revision: 349401
URL: https://svnweb.freebsd.org/changeset/base/349401
Log:
While working on PR/238796 I discovered an unused variable in frdest,
the next hop structure. It is likely this contributes to PR/238796
though other factors remain to be investigated.
PR: 238796
MFC after:1 week
Modified:
head/sys/contrib/ipfilter/netinet/fil.c
head/sys/contrib/ipfilter/netinet/ip_fil.h
Modified: head/sys/contrib/ipfilter/netinet/fil.c
==
--- head/sys/contrib/ipfilter/netinet/fil.c Wed Jun 26 00:53:46 2019
(r349400)
+++ head/sys/contrib/ipfilter/netinet/fil.c Wed Jun 26 00:53:49 2019
(r349401)
@@ -7474,10 +7474,6 @@ ipf_resolvedest(softc, base, fdp, v)
}
fdp->fd_ptr = ifp;
- if ((ifp != NULL) && (ifp != (void *)-1)) {
- fdp->fd_local = ipf_deliverlocal(softc, v, ifp, &fdp->fd_ip6);
- }
-
return errval;
}
Modified: head/sys/contrib/ipfilter/netinet/ip_fil.h
==
--- head/sys/contrib/ipfilter/netinet/ip_fil.h Wed Jun 26 00:53:46 2019
(r349400)
+++ head/sys/contrib/ipfilter/netinet/ip_fil.h Wed Jun 26 00:53:49 2019
(r349401)
@@ -560,7 +560,6 @@ typedef struct frdest {
addrfamily_tfd_addr;
fr_dtypes_t fd_type;
int fd_name;
- int fd_local;
} frdest_t;
#definefd_ip6 fd_addr.adf_addr
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349400 - head/sys/contrib/ipfilter/netinet
Author: cy
Date: Wed Jun 26 00:53:46 2019
New Revision: 349400
URL: https://svnweb.freebsd.org/changeset/base/349400
Log:
Remove a tautological compare for offset != 0.
MFC after:1 week
Modified:
head/sys/contrib/ipfilter/netinet/fil.c
Modified: head/sys/contrib/ipfilter/netinet/fil.c
==
--- head/sys/contrib/ipfilter/netinet/fil.c Wed Jun 26 00:53:43 2019
(r349399)
+++ head/sys/contrib/ipfilter/netinet/fil.c Wed Jun 26 00:53:46 2019
(r349400)
@@ -1732,24 +1732,22 @@ ipf_pr_ipv4hdr(fin)
fi->fi_flx |= FI_FRAG;
off &= IP_OFFMASK;
- if (off != 0) {
- fin->fin_flx |= FI_FRAGBODY;
- off <<= 3;
- if ((off + fin->fin_dlen > 65535) ||
- (fin->fin_dlen == 0) ||
- ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
- /*
-* The length of the packet, starting at its
-* offset cannot exceed 65535 (0x) as the
-* length of an IP packet is only 16 bits.
-*
-* Any fragment that isn't the last fragment
-* must have a length greater than 0 and it
-* must be an even multiple of 8.
-*/
- fi->fi_flx |= FI_BAD;
- DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *,
fin);
- }
+ fin->fin_flx |= FI_FRAGBODY;
+ off <<= 3;
+ if ((off + fin->fin_dlen > 65535) ||
+ (fin->fin_dlen == 0) ||
+ ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
+ /*
+* The length of the packet, starting at its
+* offset cannot exceed 65535 (0x) as the
+* length of an IP packet is only 16 bits.
+*
+* Any fragment that isn't the last fragment
+* must have a length greater than 0 and it
+* must be an even multiple of 8.
+*/
+ fi->fi_flx |= FI_BAD;
+ DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
}
}
fin->fin_off = off;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r349393 - head/sys/vm
0xfe0035853c00, usermode=1) at /opt/src/svn-current/sys/amd64/amd64/trap.c:846 #14 0x809ad4ab in trap (frame=0xfe0035853c00) at /opt/src/svn-current/sys/amd64/amd64/trap.c:355 #15 #16 0x00215f3e in ?? () Backtrace stopped: Cannot access memory at address 0x7fefe4b0 -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349448 - head/contrib/ipfilter/man
Author: cy Date: Thu Jun 27 02:42:56 2019 New Revision: 349448 URL: https://svnweb.freebsd.org/changeset/base/349448 Log: Fix a typo. PR/238816 initially addressed updates to usage() however it has now become a shopping list of fixes to ipmon man pages and usage(). PR: 238816 MFC after:3 days Modified: head/contrib/ipfilter/man/ipmon.8 Modified: head/contrib/ipfilter/man/ipmon.8 == --- head/contrib/ipfilter/man/ipmon.8 Thu Jun 27 00:00:48 2019 (r349447) +++ head/contrib/ipfilter/man/ipmon.8 Thu Jun 27 02:42:56 2019 (r349448) @@ -27,7 +27,7 @@ ipmon \- monitors /dev/ipl for logged packets .LP \fBipmon\fP opens \fB/dev/ipl\fP for reading and awaits data to be saved from the packet filter. The binary data read from the device is reprinted in -human readable for, however, IP#'s are not mapped back to hostnames, nor are +human readable form, however, IP#'s are not mapped back to hostnames, nor are ports mapped back to service names. The output goes to standard output by default or a filename, if given on the command line. Should the \fB\-s\fP option be used, output is instead sent to \fBsyslogd(8)\fP. Messages sent ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349450 - head/contrib/ipfilter/tools
Author: cy
Date: Thu Jun 27 02:43:30 2019
New Revision: 349450
URL: https://svnweb.freebsd.org/changeset/base/349450
Log:
Update usage() to refect the current state of ipmon.
PR: 238816
MFC after:1 week
Modified:
head/contrib/ipfilter/tools/ipmon.c
Modified: head/contrib/ipfilter/tools/ipmon.c
==
--- head/contrib/ipfilter/tools/ipmon.c Thu Jun 27 02:43:26 2019
(r349449)
+++ head/contrib/ipfilter/tools/ipmon.c Thu Jun 27 02:43:30 2019
(r349450)
@@ -1438,8 +1438,11 @@ printipflog:
static void usage(prog)
char *prog;
{
- fprintf(stderr, "%s: [-NFhstvxX] [-f ]\n", prog);
- exit(1);
+ fprintf(stderr, "Usage: %s [ -abDFhnpstvxX ] [ -B ] [
-C ]\n"
+ "\t[ -f ] [ -L ] [ -N ]\n"
+ "\t[ -o [NSI] ] [ -O [NSI] ] [ -P ] [ -S ]\n"
+ "\t[ ]\n", prog);
+ exit(-1);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r349449 - in head: sbin/ipf/ipmon tools/build/mk
Author: cy
Date: Thu Jun 27 02:43:26 2019
New Revision: 349449
URL: https://svnweb.freebsd.org/changeset/base/349449
Log:
Add the ipmon.5 man page.
PR/238816 initially addressed updates to usage() however the PR has
morphed into a shopping list of updates to usage() and man pages.
PR: 238816 (I added to the list during discussion)
MFC after:1 week
Modified:
head/sbin/ipf/ipmon/Makefile
head/tools/build/mk/OptionalObsoleteFiles.inc
Modified: head/sbin/ipf/ipmon/Makefile
==
--- head/sbin/ipf/ipmon/MakefileThu Jun 27 02:42:56 2019
(r349448)
+++ head/sbin/ipf/ipmon/MakefileThu Jun 27 02:43:26 2019
(r349449)
@@ -3,7 +3,7 @@
PACKAGE= ipf
PROG= ipmon
SRCS= ${GENHDRS} ipmon.c ipmon_y.c ipmon_l.c
-MAN= ipmon.8
+MAN= ipmon.5 ipmon.8
CFLAGS+= -DLOGFAC=LOG_LOCAL0 -I.
Modified: head/tools/build/mk/OptionalObsoleteFiles.inc
==
--- head/tools/build/mk/OptionalObsoleteFiles.inc Thu Jun 27 02:42:56
2019(r349448)
+++ head/tools/build/mk/OptionalObsoleteFiles.inc Thu Jun 27 02:43:26
2019(r349449)
@@ -3350,6 +3350,7 @@ OLD_FILES+=usr/share/man/man5/ipf.5.gz
OLD_FILES+=usr/share/man/man5/ipf.conf.5.gz
OLD_FILES+=usr/share/man/man5/ipf6.conf.5.gz
OLD_FILES+=usr/share/man/man5/ipfilter.5.gz
+OLD_FILES+=usr/share/man/man8/ipmon.5.gz
OLD_FILES+=usr/share/man/man5/ipnat.5.gz
OLD_FILES+=usr/share/man/man5/ipnat.conf.5.gz
OLD_FILES+=usr/share/man/man5/ippool.5.gz
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r349450 - head/contrib/ipfilter/tools
In message <201906270301.x5r31slh057...@gndrsh.dnsmgr.net>, "Rodney W.
Grimes"
writes:
> > Author: cy
> > Date: Thu Jun 27 02:43:30 2019
> > New Revision: 349450
> > URL: https://svnweb.freebsd.org/changeset/base/349450
> >
> > Log:
> > Update usage() to refect the current state of ipmon.
> >
> > PR: 238816
> > MFC after:1 week
> >
> > Modified:
> > head/contrib/ipfilter/tools/ipmon.c
> >
> > Modified: head/contrib/ipfilter/tools/ipmon.c
> > ===
> ===
> > --- head/contrib/ipfilter/tools/ipmon.c Thu Jun 27 02:43:26 2019
> (r349449)
> > +++ head/contrib/ipfilter/tools/ipmon.c Thu Jun 27 02:43:30 2019
> (r349450)
> > @@ -1438,8 +1438,11 @@ printipflog:
> > static void usage(prog)
> > char *prog;
> > {
> > - fprintf(stderr, "%s: [-NFhstvxX] [-f ]\n", prog);
> > - exit(1);
> expected
>
> > + fprintf(stderr, "Usage: %s [ -abDFhnpstvxX ] [ -B ] [
> -C ]\n"
> > + "\t[ -f ] [ -L ] [ -N ]\n"
> > + "\t[ -o [NSI] ] [ -O [NSI] ] [ -P ] [ -S ]\n
> "
> > + "\t[ ]\n", prog);
> > + exit(-1);
>
> Was it intentional to flip the exit code to -1?
> Someones scripts might not be prepared for that.
My mistake I missed that.
--
Cheers,
Cy Schubert
FreeBSD UNIX: Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
