diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile index 1bce4f4d331f..6f4ea5d3d6bd 100644 --- a/contrib/ipfilter/BSD/Makefile +++ b/contrib/ipfilter/BSD/Makefile @@ -84,6 +84,11 @@ build all: machine $(OBJ)/libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \ -ln -s ../tools . -ln -s ../tools .. +bpf.h: + echo '#define DEV_BPF 1' > bpf.h + +$(TOP)/ip_compat.h: bpf.h + machine: Makefile.kmod if [ -f Makefile.kmod ] ; then \ make -f Makefile.kmod depend MKUPDATE=no; \ @@ -137,7 +142,7 @@ ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \ fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \ $(TOP)/opts.h $(TOP)/ip_rules.h - $(CC) $(CCARGS) $(EXTRA) $(IPFBPF) -D_RADIX_H_ -c $(TOP)/fil.c -o $@ + $(CC) $(CCARGS) $(EXTRA) $(IPFBPF) -c $(TOP)/fil.c -o $@ fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ipl.h \ $(TOP)/ip_rules.h @@ -447,14 +452,14 @@ clean: ${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest ${RM} -f ../ipscan ../ipsyncm ../ipsyncs ${RM} -f *.core *.o *.a ipt ipfstat ipf ipfstat ipftest ipmon - ${RM} -f if_ipl ipnat ipfrule.ko* ipf.kld* + ${RM} -f if_ipl ipnat ipfrule.ko* ipf.kld* ipfrule.kld* ${RM} -f vnode_if.h $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h ${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h ${RM} -f ippool ippool_y.c ippool_y.h ippool_l.c ippool_l.h ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h - ${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h + ${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h bpf.h ${RM} -f *.da *.gcov *.bb *.bbg tools ${MAKE} -f Makefile.ipsend ${MFLAGS} clean @@ -514,6 +519,9 @@ install: $(INSTALL) -cs -g wheel -m 755 -o root $$p $$def; \ fi \ done + if [ -d /etc/rc.d ] ; then \ + $(INSTALL) -c -g wheel -m 755 -o root ../ipfadm-rcd $(SBINDEST)/ipfadm; \ + fi (cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP)) coverage: diff --git a/contrib/ipfilter/BSD/ipfadm-rcd b/contrib/ipfilter/BSD/ipfadm-rcd new file mode 100755 index 000000000000..41f62b0223df --- /dev/null +++ b/contrib/ipfilter/BSD/ipfadm-rcd @@ -0,0 +1,350 @@ +#!/bin/sh +# +# Copyright (C) 2006 by Darren Reed. +# +# See the IPFILTER.LICENCE file for details on licencing. +# +prog=$0 + +RCD=/etc/rc.conf.d + +# This script is an interface to the following rc.d scripts: +# /etc/rc.d/ipfilter +# /etc/rc.d/ipfs +# /etc/rc.d/ipnat +# /etc/rc.d/ipmon + +running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'` + +usage() { + echo "$prog status" + echo "$prog ipfilter " + echo "$prog ipfs " + echo "$prog ipmon " + echo "$prog ipnat " + exit 1 +} + +enable() { + old=${RCD}/$1.old + new=${RCD}/$1 + mkdir ${RCD}/$1.d + if [ $? -eq 0 ] ; then + if [ -f ${RCD}/$1 ] ; then + cp ${RCD}/$1 ${RCD}/$1.old + sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new} + /bin/rm ${old} + else + echo "$1=YES" > ${RCD}/$1 + chmod go-wx ${RCD}/$1 + fi + rmdir ${RCD}/$1.d + fi +} + +disable() { + old=${RCD}/$1.old + new=${RCD}/$1 + mkdir ${RCD}/$1.d + if [ $? -eq 0 ] ; then + if [ -f ${RCD}/$1 ] ; then + cp ${RCD}/$1 ${RCD}/$1.old + sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new} + /bin/rm ${old} + else + echo "$1=NO" > ${RCD}/$1 + chmod go-wx ${RCD}/$1 + fi + rmdir ${RCD}/$1.d + fi +} + +status() { + active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"` + case $active in + NO) + return 0 + ;; + YES) + return 1 + ;; + esac + return 2 +} + +status_ipmon() { + echo -n "ipmon " + pid=`pgrep ipmon` + status ipmon + case $? in + 0) + if [ -n "$pid" ] ; then + echo "disabled-but-running" + else + echo "disabled" + fi + ;; + 1) + if [ -n "$pid" ] ; then + echo "enabled" + else + echo "enabled-not-running" + fi + ;; + 2) + if [ -n "$pid" ] ; then + echo "unknown-state-running" + else + echo "unknown-state" + fi + ;; + esac +} + +status_ipfilter() { + if [ -z "$running" ] ; then + rules= + emsg="-not-in-kernel" + dmsg= + else + case $running in + yes) + emsg= + dmsg="-rules-loaded" + rules=`ipfstat -io 2>/dev/null` + if [ -z "$rules" ] ; then + rules=`ipfstat -aio 2>/dev/null` + if [ -z "$rules" ] ; then + emsg="-no-rules" + dmsg= + fi + fi + ;; + no) + rules= + emsg="-not-running" + dmsg= + ;; + esac + fi + + echo -n "ipfilter " + status ipfilter + case $? in + 0) + echo "disabled${dmsg}" + ;; + 1) + echo "enabled${emsg}" + ;; + 2) + if [ -n "$rules" ] ; then + echo "unknown${dmsg}" + else + echo "unknown-state" + fi + ;; + esac +} + +status_ipnat() { + if [ -z "$running" ] ; then + rules= + emsg="-not-in-kernel" + dmsg= + else + case $running in + yes) + emsg= + dmsg="-rules-loaded" + rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null` + if [ -z "$rules" ] ; then + emsg="-no-rules" + dmsg= + fi + ;; + no) + rules= + emsg="-not-running" + dmsg= + ;; + esac + fi + + echo -n "ipnat " + status ipnat + case $? in + 0) + echo "disabled${dmsg}" + ;; + 1) + echo "enabled${dmsg}" + ;; + 2) + if [ -n "$rules" ] ; then + echo "unknown${dmsg}" + else + echo "unknown-state" + fi + ;; + esac +} + +status_ipfs() { + status ipfs + report ipfs $? +} + +report() { + echo -n "$1 " + case $2 in + 0) + echo "disabled" + ;; + 1) + echo "enabled" + ;; + 2) + echo "unknown-status" + ;; + *) + echo "$2" + ;; + esac +} + +do_ipfilter() { + case $1 in + enable) + enable ipfilter + ;; + disable) + disable ipfilter + ;; + reload) + /etc/rc.d/ipfilter reload + ;; + resync) + /etc/rc.d/ipfilter resync + ;; + start) + /etc/rc.d/ipfilter start + ;; + status) + status_ipfilter + ;; + stop) + /etc/rc.d/ipfilter stop + ;; + *) + usage + ;; + esac +} + +do_ipfs() { + case $1 in + enable) + enable ipfs + ;; + disable) + disble ipfs + ;; + start) + /etc/rc.d/ipfs start + ;; + status) + status_ipfs + ;; + stop) + /etc/rc.d/ipfs stop + ;; + *) + usage + ;; + esac +} + +do_ipmon() { + case $1 in + enable) + enable ipmon + ;; + disable) + disble ipmon + ;; + restart) + /etc/rc.d/ipmon restart + ;; + start) + /etc/rc.d/ipmon start + ;; + status) + status_ipmon + ;; + stop) + /etc/rc.d/ipmon stop + ;; + *) + usage + ;; + esac +} + +do_ipnat() { + case $1 in + enable) + enable ipnat + ;; + disable) + disable ipnat + ;; + reload) + /etc/rc.d/ipnat reload + ;; + restart) + /etc/rc.d/ipnat restart + ;; + start) + /etc/rc.d/ipnat start + ;; + status) + status_ipnat + ;; + stop) + /etc/rc.d/ipnat stop + ;; + *) + usage + ;; + esac +} + +do_status_all() { + status_ipfilter + status_ipfs + status_ipmon + status_ipnat +} + +case $1 in +status) + do_status_all + ;; +ipfilter) + do_ipfilter $2 + ;; +ipfs) + do_ipfs $2 + ;; +ipmon) + do_ipmon $2 + ;; +ipnat) + do_ipnat $2 + ;; +*) + usage + ;; +esac +exit 0 diff --git a/contrib/ipfilter/BugReport b/contrib/ipfilter/BugReport index 0bd243ca1fd7..699483189012 100644 --- a/contrib/ipfilter/BugReport +++ b/contrib/ipfilter/BugReport @@ -1,10 +1,12 @@ -IP Filter bug report form. +Please submit this information at SourceForge using this URL: +http://sourceforge.net/tracker/?func=add&group_id=169098&atid=849053 + +Please also send an email to darrenr@reed.wattle.id.au. + +Some information that I generally find important: -------------------------- -IP Filter Version: -Operating System Version: -Configuration: - -Description of problem: - -How to repeat: - +* IP Filter Version +* Operating System and its Version +* Configuration: (LKM or compiled-into-kernel) +* Description of problem +* How to repeat diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY index 996f883501f4..7a177168cb99 100644 --- a/contrib/ipfilter/HISTORY +++ b/contrib/ipfilter/HISTORY @@ -10,6 +10,168 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +4.1.23 - Released 31 May 2007 + +NAT was not always correctly fixing ICMP headers for errors + +some TCP state steps when closing do not update timeouts, leading to +them being removed prematurely. + +fix compilation problems for netbsd 4.99 + +protect enumeration of lists in the kernel from callout interrupts on +BSD without locking + +fix various problems with IPv6 header checks: TCP/UDP checksum validation +was not being done, fragmentation header parsed dangerously and routing +header prevented others from being seen + +fix gcc 4.2 compiler warnings + +fix TCP/UDP checksum calculation for IPv6 + +fix reference after free'ing ipftoken memory + +4.1.22 - Released 13 May 2007 + +fix endless loop when flushing state/NAT by idle time + +4.1.21 - Released 12 May 2007 + +show the number of states created against a rule with "-v" for ipfstat + +fix build problems with FreeBSD + +make it possible to flush the state table by idle time and TCP state + +fix flushing out idle connections when state/NAT tables fill + +print out the TCP state population with ipfstat/ipnat + +stop creation of state table orphans via return-*/fastroute + +fix printing out of rule groups - they now only appear once + +4.1.20 - Released 30 April 2007 + +adjust TCP state numbers, making 11 closed (was 0) to better facilitate +detecting closing connections that we can wipe out when a SYN arrives +that matches the old + +make it compile on Solaris10 Update3 + +structures used for ipf command ioctls weren't being freed in timeout +fashion on solairs + +use NL_EXPIRE, not ISL_EXPIRE, for expiring NAT sessions + +adjust TCP timeout values and introduce a time-wait specifc timeout +to get a better TCP FSM emulation and one that can hopefully do a better +job of cleaning up in a speedy fashion than previous + +refactor the automatic flushing of TCP state entries when we fill up, +but use the same algorithm as before but now it hopefully works + +only 2 out of 4 interface names were being changed by ipfs when +interface renaming was being used for state entries + +add ipf_proxy_debug to ipf-T + +matching of last fragments that had a number of bytes that wasn't a +multiple of 8 failed + +some combinations of TCP flags are considered bad aren't picked up as such, +but these may be possible with T/TCP + +4.1.19 - Released 22 February 2007 + +Fix up compilation problems with NetBSD and Solaris. + +4.1.18 - Released 18 February 2007 + +fix compiling on Tru64 + +fix listing out filter rules with ipfstat (delete token at end of +the list and detect zero rule being returned.) + +fix extended flushing of NAT tables (was clearing out state tables) + +fix null-pointer deref in hash table lookup + +fix NAT and stateful filtering with to/reply-to on destination interface + +4.1.17 - Released 20 January 2007 + +make flushing pools that are still in use mark them for deletion and +have attempting to recreate them clear the delete flag + +walking through the NAT tables with ioctls caused lock recursion + +fix tracking TCP window scaling in the state code + +4.1.16 - Released 20 December 2006 + +allow rdr rules to only differ on the new port number + +when creating state entry orphans, leave them on the linked list but not +attached to the hash table and mark them visible as orphans in "ipfstat -sl" + +log state removed when unloading differently to allow visible cues + +return ipf ticks via SIOCGETGS for /dev/ipnat so "ipnat -l" can display ttl + +abort logging a packet if the mbuf pointer is null when ipflog is called + +Some NetBSD's have a selinfo.h instead of select.h + +SIOCIPFFL was using copyoutptr and should have been using bcopy for /dev/ipauth + +listing accounting rules using ioctl interface wasn't possible + +fix leakage of state entries due to packets not matching up with NAT + +improve ICMP error packet matching with state/NAT + +fix problems with parsing and printing "-" as an interface name in ipnat.conf + +4.1.15 - Released 03 November 2006 + +Add in automatic flushing of NAT, like state, table if it fills up too much + +Update comments in the code for NAT checksum adjustments + +Fix compiling on FreeBSD 5.4 and 6.0 + +prevent panics from read/write IOs trying to use uninitialised structures + +Newer NetBSD should use malloc() instead of MALLOC() in the kernel where +the size is not staticly defined + +Some gcc warning message cleanup from NetBSD + +Missing include for on Solaris for poll work + +NetBSD now uses opt_ipfilter.h, not opt_ipfilter_log.h + +4.1.14 - Released 04 October 2006 + +rewrite checksum alteration for ICMP packets being NAT'd to use a sane +algorithm that can be understood...now it needs better comments + +fix 1 byte error in checksum validation perl script + +remove unused files in lib directory + +ipftest will say "bad-packet" if it has been freed rather than just "blocked" + +make it possible to load IP address pools from external files in ippool.conf + +update copyright messages in tools directory + +consolidate ioctl hanlding source code into fil.c + +make ipfstat, ippool, ipnat retrieve information via ioctls rather than /dev/kmem + 4.1.13 - Released 4 April 2006 fix bug where null pointers introduced by proxies could cause a crash @@ -39,6 +201,7 @@ add missing ipfsync_canread() and ipfsync_canwrite() behaviour of \ on the end of a line in ipf.conf does not match older behaviour remove duplicate statistics line output with "ipfstat -s" + 4.1.11 - Released 19 March 2006 Patch for NAT with ipfsync from N. Ersen (SESCI) - www.enderunix.org diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile index 3dcf3a16b66e..b0d50523df39 100644 --- a/contrib/ipfilter/lib/Makefile +++ b/contrib/ipfilter/lib/Makefile @@ -1,7 +1,16 @@ +# +# Copyright (C) 1993-2001 by Darren Reed. +# +# See the IPFILTER.LICENCE file for details on licencing. +# +# $Id: Makefile,v 1.41.2.13 2007/05/10 06:02:19 darrenr Exp $ +# INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/addipopt.o \ + $(DEST)/alist_free.o \ + $(DEST)/alist_new.o \ $(DEST)/bcopywrap.o \ $(DEST)/binprint.o \ $(DEST)/buildopts.o \ @@ -9,23 +18,17 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/count6bits.o \ $(DEST)/count4bits.o \ $(DEST)/debug.o \ - $(DEST)/extras.o \ $(DEST)/facpri.o \ $(DEST)/flags.o \ $(DEST)/fill6bits.o \ - $(DEST)/genmask.o \ $(DEST)/gethost.o \ $(DEST)/getifname.o \ - $(DEST)/getline.o \ $(DEST)/getnattype.o \ $(DEST)/getport.o \ $(DEST)/getportproto.o \ $(DEST)/getproto.o \ $(DEST)/getsumd.o \ - $(DEST)/hexdump.o \ - $(DEST)/hostmask.o \ $(DEST)/hostname.o \ - $(DEST)/hostnum.o \ $(DEST)/icmpcode.o \ $(DEST)/inet_addr.o \ $(DEST)/initparse.o \ @@ -41,11 +44,13 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/kmem.o \ $(DEST)/kmemcpywrap.o \ $(DEST)/kvatoname.o \ + $(DEST)/load_file.o \ $(DEST)/load_hash.o \ $(DEST)/load_hashnode.o \ + $(DEST)/load_http.o \ $(DEST)/load_pool.o \ $(DEST)/load_poolnode.o \ - $(DEST)/loglevel.o \ + $(DEST)/load_url.o \ $(DEST)/mutex_emul.o \ $(DEST)/nametokva.o \ $(DEST)/nat_setgroupmap.o \ @@ -55,17 +60,19 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/optprintv6.o \ $(DEST)/optvalue.o \ $(DEST)/portname.o \ - $(DEST)/portnum.o \ - $(DEST)/ports.o \ $(DEST)/print_toif.o \ $(DEST)/printactivenat.o \ $(DEST)/printaps.o \ $(DEST)/printbuf.o \ $(DEST)/printhash.o \ + $(DEST)/printhashdata.o \ $(DEST)/printhashnode.o \ + $(DEST)/printhash_live.o \ $(DEST)/printip.o \ $(DEST)/printpool.o \ + $(DEST)/printpooldata.o \ $(DEST)/printpoolnode.o \ + $(DEST)/printpool_live.o \ $(DEST)/printproto.o \ $(DEST)/printfr.o \ $(DEST)/printfraginfo.o \ @@ -80,9 +87,8 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/printpacket6.o \ $(DEST)/printsbuf.o \ $(DEST)/printstate.o \ + $(DEST)/printtqtable.o \ $(DEST)/printtunable.o \ - $(DEST)/ratoi.o \ - $(DEST)/ratoui.o \ $(DEST)/remove_hash.o \ $(DEST)/remove_hashnode.o \ $(DEST)/remove_pool.o \ @@ -91,7 +97,6 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/rwlock_emul.o \ $(DEST)/tcpflags.o \ $(DEST)/tcp_flags.o \ - $(DEST)/to_interface.o \ $(DEST)/var.o \ $(DEST)/verbose.o \ $(DEST)/v6ionames.o \ @@ -106,6 +111,10 @@ $(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@ $(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@ +$(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@ +$(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@ $(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@ $(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP) @@ -120,16 +129,12 @@ $(DEST)/count4bits.o: $(LIBSRC)/count4bits.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@ $(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@ -$(DEST)/extras.o: $(LIBSRC)/extras.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/extras.c -o $@ $(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@ $(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@ $(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@ -$(DEST)/genmask.o: $(LIBSRC)/genmask.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/genmask.c -o $@ $(DEST)/getline.o: $(LIBSRC)/getline.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/getline.c -o $@ $(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP) @@ -146,14 +151,8 @@ $(DEST)/getproto.o: $(LIBSRC)/getproto.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/getproto.c -o $@ $(DEST)/getsumd.o: $(LIBSRC)/getsumd.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/getsumd.c -o $@ -$(DEST)/hexdump.o: $(LIBSRC)/hexdump.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hexdump.c -o $@ -$(DEST)/hostmask.o: $(LIBSRC)/hostmask.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hostmask.c -o $@ $(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@ -$(DEST)/hostnum.o: $(LIBSRC)/hostnum.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/hostnum.c -o $@ $(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@ $(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP) @@ -184,14 +183,20 @@ $(DEST)/kmemcpywrap.o: $(LIBSRC)/kmemcpywrap.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/kmemcpywrap.c -o $@ $(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@ +$(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@ $(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@ $(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/load_hashnode.c -o $@ +$(DEST)/load_http.o: $(LIBSRC)/load_http.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/load_http.c -o $@ $(DEST)/load_pool.o: $(LIBSRC)/load_pool.c $(INCDEP) $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(LIBSRC)/load_pool.c -o $@ $(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@ +$(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@ $(DEST)/make_range.o: $(LIBSRC)/make_range.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/make_range.c -o $@ $(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP) @@ -203,8 +208,6 @@ $(DEST)/nat_setgroupmap.o: $(LIBSRC)/nat_setgroupmap.c $(TOP)/ip_compat.h \ $(CC) $(CCARGS) -c $(LIBSRC)/nat_setgroupmap.c -o $@ $(DEST)/ntomask.o: $(LIBSRC)/ntomask.c $(TOP)/ip_compat.h $(CC) $(CCARGS) -c $(LIBSRC)/ntomask.c -o $@ -$(DEST)/loglevel.o: $(LIBSRC)/loglevel.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/loglevel.c -o $@ $(DEST)/optname.o: $(LIBSRC)/optname.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/optname.c -o $@ $(DEST)/optprint.o: $(LIBSRC)/optprint.c $(INCDEP) @@ -233,16 +236,25 @@ $(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@ $(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@ +$(DEST)/printhashdata.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h + $(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@ $(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_htable.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@ +$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h + $(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@ $(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@ $(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h $(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@ +$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h + $(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@ $(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_pool.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@ +$(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \ + $(TOP)/ip_pool.h $(TOP)/ip_lookup.h + $(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@ $(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@ $(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h @@ -267,12 +279,10 @@ $(DEST)/printsbuf.o: $(LIBSRC)/printsbuf.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/printsbuf.c -o $@ $(DEST)/printstate.o: $(LIBSRC)/printstate.c $(INCDEP) $(TOP)/ip_state.h $(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@ +$(DEST)/printtqtable.o: $(LIBSRC)/printtqtable.c $(INCDEP) + $(CC) $(CCARGS) -c $(LIBSRC)/printtqtable.c -o $@ $(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@ -$(DEST)/ratoi.o: $(LIBSRC)/ratoi.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ratoi.c -o $@ -$(DEST)/ratoui.o: $(LIBSRC)/ratoui.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/ratoui.c -o $@ $(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \ $(TOP)/ip_htable.h $(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@ @@ -289,8 +299,6 @@ $(DEST)/resetlexer.o: $(LIBSRC)/resetlexer.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/resetlexer.c -o $@ $(DEST)/rwlock_emul.o: $(LIBSRC)/rwlock_emul.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/rwlock_emul.c -o $@ -$(DEST)/to_interface.o: $(LIBSRC)/to_interface.c $(INCDEP) - $(CC) $(CCARGS) -c $(LIBSRC)/to_interface.c -o $@ $(DEST)/tcpflags.o: $(LIBSRC)/tcpflags.c $(INCDEP) $(CC) $(CCARGS) -c $(LIBSRC)/tcpflags.c -o $@ $(DEST)/tcp_flags.o: $(LIBSRC)/tcp_flags.c $(INCDEP) diff --git a/contrib/ipfilter/lib/alist_free.c b/contrib/ipfilter/lib/alist_free.c new file mode 100644 index 000000000000..3c1a51880430 --- /dev/null +++ b/contrib/ipfilter/lib/alist_free.c @@ -0,0 +1,20 @@ +/* + * Copyright (C) 2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: alist_free.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ + */ +#include "ipf.h" + +void +alist_free(hosts) +alist_t *hosts; +{ + alist_t *a, *next; + + for (a = hosts; a != NULL; a = next) { + next = a->al_next; + free(a); + } +} diff --git a/contrib/ipfilter/lib/alist_new.c b/contrib/ipfilter/lib/alist_new.c new file mode 100644 index 000000000000..72da866849cb --- /dev/null +++ b/contrib/ipfilter/lib/alist_new.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: alist_new.c,v 1.1.2.2 2006/08/25 22:43:21 darrenr Exp $ + */ + +#include "ipf.h" + +alist_t * +alist_new(int v, char *host) +{ + int a, b, c, d, bits; + char *slash; + alist_t *al; + u_int mask; + + al = calloc(1, sizeof(*al)); + if (al == NULL) { + fprintf(stderr, "alist_new out of memory\n"); + return NULL; + } + + bits = -1; + slash = strchr(host, '/'); + if (slash != NULL) { + *slash = '\0'; + bits = atoi(slash + 1); + } + + a = b = c = d = -1; + sscanf(host, "%d.%d.%d.%d", &a, &b, &c, &d); + + if (bits > 0 && bits < 33) { + mask = 0xffffffff << (32 - bits); + } else if (b == -1) { + mask = 0xff000000; + b = c = d = 0; + } else if (c == -1) { + mask = 0xffff0000; + c = d = 0; + } else if (d == -1) { + mask = 0xffffff00; + d = 0; + } else { + mask = 0xffffffff; + } + + if (*host == '!') { + al->al_not = 1; + host++; + } + + if (gethost(host, &al->al_addr) == -1) { + *slash = '/'; + fprintf(stderr, "Cannot parse hostname\n"); + free(al); + return NULL; + } + al->al_mask = htonl(mask); + *slash = '/'; + return al; +} diff --git a/contrib/ipfilter/lib/load_file.c b/contrib/ipfilter/lib/load_file.c new file mode 100644 index 000000000000..9bb3899aebf5 --- /dev/null +++ b/contrib/ipfilter/lib/load_file.c @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: load_file.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ + */ + +#include "ipf.h" + +alist_t * +load_file(char *filename) +{ + alist_t *a, *rtop, *rbot; + char *s, line[1024], *t; + int linenum, not; + FILE *fp; + + fp = fopen(filename + 7, "r"); + if (fp == NULL) { + fprintf(stderr, "load_file cannot open '%s'\n", filename); + return NULL; + } + + a = NULL; + rtop = NULL; + rbot = NULL; + linenum = 0; + + while (fgets(line, sizeof(line) - 1, fp)) { + line[sizeof(line) - 1] = '\0'; + linenum++; + /* + * Hunt for CR/LF. If no LF, stop processing. + */ + s = strchr(line, '\n'); + if (s == NULL) { + fprintf(stderr, "%d:%s: line too long\n", linenum, filename); + fclose(fp); + alist_free(rtop); + return NULL; + } + + *s = '\0'; + s = strchr(line, '\r'); + if (s != NULL) + *s = '\0'; + for (t = line; isspace(*t); t++) + ; + if (*t == '!') { + not = 1; + t++; + } else + not = 0; + + /* + * Remove comment markers + */ + for (s = t; *s; s++) { + if (*s == '#') + *s = '\0'; + } + if (!*t) + continue; + /* + * Trim off tailing white spaces + */ + s = strlen(t) + t - 1; + while (isspace(*s)) + *s-- = '\0'; + + if (isdigit(*t)) { + a = alist_new(4, t); + a->al_not = not; + if (rbot != NULL) + rbot->al_next = a; + else + rtop = a; + rbot = a; + } else { + fprintf(stderr, "%s: unrecognised content line %d\n", + filename, linenum); + } + } + fclose(fp); + + return rtop; +} diff --git a/contrib/ipfilter/lib/load_http.c b/contrib/ipfilter/lib/load_http.c new file mode 100644 index 000000000000..164b8b4945f5 --- /dev/null +++ b/contrib/ipfilter/lib/load_http.c @@ -0,0 +1,182 @@ +/* + * Copyright (C) 2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: load_http.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ + */ + +#include "ipf.h" + +/* + * Format expected is one addres per line, at the start of each line. + */ +alist_t * +load_http(char *url) +{ + int fd, len, left, port, endhdr, removed; + char *s, *t, *u, buffer[1024], *myurl; + alist_t *a, *rtop, *rbot; + struct sockaddr_in sin; + struct hostent *host; + + /* + * More than this would just be absurd. + */ + if (strlen(url) > 512) { + fprintf(stderr, "load_http has a URL > 512 bytes?!\n"); + return NULL; + } + + fd = -1; + rtop = NULL; + rbot = NULL; + + sprintf(buffer, "GET %s HTTP/1.0\r\n", url); + + myurl = strdup(url); + if (myurl == NULL) + goto done; + + s = myurl + 7; /* http:// */ + t = strchr(s, '/'); + if (t == NULL) { + fprintf(stderr, "load_http has a malformed URL '%s'\n", url); + free(myurl); + return NULL; + } + *t++ = '\0'; + + u = strchr(s, '@'); + if (u != NULL) + s = u + 1; /* AUTH */ + + sprintf(buffer + strlen(buffer), "Host: %s\r\n\r\n", s); + + u = strchr(s, ':'); + if (u != NULL) { + *u++ = '\0'; + port = atoi(u); + if (port < 0 || port > 65535) + goto done; + } else { + port = 80; + } + + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + + if (isdigit(*s)) { + if (inet_aton(s, &sin.sin_addr) == -1) { + goto done; + } + } else { + host = gethostbyname(s); + if (host == NULL) + goto done; + memcpy(&sin.sin_addr, host->h_addr_list[0], + sizeof(sin.sin_addr)); + } + + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd == -1) + goto done; + + if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) == -1) { + close(fd); + goto done; + } + + len = strlen(buffer); + if (write(fd, buffer, len) != len) { + close(fd); + goto done; + } + + s = buffer; + endhdr = 0; + left = sizeof(buffer) - 1; + + while ((len = read(fd, s, left)) > 0) { + s[len] = '\0'; + left -= len; + s += len; + + if (endhdr >= 0) { + if (endhdr == 0) { + t = strchr(buffer, ' '); + if (t == NULL) + continue; + t++; + if (*t != '2') + break; + } + + u = buffer; + while ((t = strchr(u, '\r')) != NULL) { + if (t == u) { + if (*(t + 1) == '\n') { + u = t + 2; + endhdr = -1; + break; + } else + t++; + } else if (*(t + 1) == '\n') { + endhdr++; + u = t + 2; + } else + u = t + 1; + } + if (endhdr >= 0) + continue; + removed = (u - buffer) + 1; + memmove(buffer, u, (sizeof(buffer) - left) - removed); + s -= removed; + left += removed; + } + + do { + t = strchr(buffer, '\n'); + if (t == NULL) + break; + + *t++ = '\0'; + for (u = buffer; isdigit(*u) || (*u == '.'); u++) + ; + if (*u == '/') { + char *slash; + + slash = u; + u++; + while (isdigit(*u)) + u++; + if (!isspace(*u) && *u) + u = slash; + } + *u = '\0'; + + a = alist_new(4, buffer); + if (a != NULL) { + if (rbot != NULL) + rbot->al_next = a; + else + rtop = a; + rbot = a; + } + + removed = t - buffer; + memmove(buffer, t, sizeof(buffer) - left - removed); + s -= removed; + left += removed; + + } while (1); + } + +done: + if (myurl != NULL) + free(myurl); + if (fd != -1) + close(fd); + return rtop; +} diff --git a/contrib/ipfilter/lib/load_url.c b/contrib/ipfilter/lib/load_url.c new file mode 100644 index 000000000000..77091534b0c2 --- /dev/null +++ b/contrib/ipfilter/lib/load_url.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2006 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * $Id: load_url.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $ + */ + +#include "ipf.h" + +alist_t * +load_url(char *url) +{ + alist_t *hosts = NULL; + + if (strncmp(url, "file://", 7) == 0) { + /* + * file:///etc/passwd + * ^------------s + */ + hosts = load_file(url); + + } else if (*url == '/' || *url == '.') { + hosts = load_file(url); + + } else if (strncmp(url, "http://", 7) == 0) { + hosts = load_http(url); + } + + return hosts; +} diff --git a/contrib/ipfilter/lib/printhash_live.c b/contrib/ipfilter/lib/printhash_live.c new file mode 100644 index 000000000000..1afe63228e48 --- /dev/null +++ b/contrib/ipfilter/lib/printhash_live.c @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include +#include "ipf.h" +#include "netinet/ipl.h" + +#define PRINTF (void)printf +#define FPRINTF (void)fprintf + + +iphtable_t *printhash_live(hp, fd, name, opts) +iphtable_t *hp; +int fd; +char *name; +int opts; +{ + iphtent_t entry, *top, *node; + ipflookupiter_t iter; + int printed, last; + ipfobj_t obj; + + if ((name != NULL) && strncmp(name, hp->iph_name, FR_GROUPLEN)) + return hp->iph_next; + + printhashdata(hp, opts); + + if ((hp->iph_flags & IPHASH_DELETE) != 0) + PRINTF("# "); + + if ((opts & OPT_DEBUG) == 0) + PRINTF("\t{"); + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_LOOKUPITER; + obj.ipfo_ptr = &iter; + obj.ipfo_size = sizeof(iter); + + iter.ili_data = &entry; + iter.ili_type = IPLT_HASH; + iter.ili_otype = IPFLOOKUPITER_NODE; + iter.ili_ival = IPFGENITER_LOOKUP; + iter.ili_unit = hp->iph_unit; + strncpy(iter.ili_name, hp->iph_name, FR_GROUPLEN); + + last = 0; + top = NULL; + printed = 0; + + while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) { + if (entry.ipe_next == NULL) + last = 1; + entry.ipe_next = top; + top = malloc(sizeof(*top)); + if (top == NULL) + break; + bcopy(&entry, top, sizeof(entry)); + } + + while (top != NULL) { + node = top; + (void) printhashnode(hp, node, bcopywrap, opts); + top = node->ipe_next; + free(node); + printed++; + } + + if (printed == 0) + putchar(';'); + + if ((opts & OPT_DEBUG) == 0) + PRINTF(" };\n"); + return hp->iph_next; +} diff --git a/contrib/ipfilter/lib/printhashdata.c b/contrib/ipfilter/lib/printhashdata.c new file mode 100644 index 000000000000..d278c365a69f --- /dev/null +++ b/contrib/ipfilter/lib/printhashdata.c @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include "ipf.h" + +#define PRINTF (void)printf +#define FPRINTF (void)fprintf + + +void printhashdata(hp, opts) +iphtable_t *hp; +int opts; +{ + + if ((opts & OPT_DEBUG) == 0) { + if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON) + PRINTF("# 'anonymous' table\n"); + if ((hp->iph_flags & IPHASH_DELETE) == IPHASH_DELETE) + PRINTF("# "); + switch (hp->iph_type & ~IPHASH_ANON) + { + case IPHASH_LOOKUP : + PRINTF("table"); + break; + case IPHASH_GROUPMAP : + PRINTF("group-map"); + if (hp->iph_flags & FR_INQUE) + PRINTF(" in"); + else if (hp->iph_flags & FR_OUTQUE) + PRINTF(" out"); + else + PRINTF(" ???"); + break; + default : + PRINTF("%#x", hp->iph_type); + break; + } + PRINTF(" role = "); + } else { + PRINTF("Hash Table %s: %s", + isdigit(*hp->iph_name) ? "Number" : "Name", + hp->iph_name); + if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON) + PRINTF("(anon)"); + putchar(' '); + PRINTF("Role: "); + } + + switch (hp->iph_unit) + { + case IPL_LOGNAT : + PRINTF("nat"); + break; + case IPL_LOGIPF : + PRINTF("ipf"); + break; + case IPL_LOGAUTH : + PRINTF("auth"); + break; + case IPL_LOGCOUNT : + PRINTF("count"); + break; + default : + PRINTF("#%d", hp->iph_unit); + break; + } + + if ((opts & OPT_DEBUG) == 0) { + if ((hp->iph_type & ~IPHASH_ANON) == IPHASH_LOOKUP) + PRINTF(" type = hash"); + PRINTF(" %s = %s size = %lu", + isdigit(*hp->iph_name) ? "number" : "name", + hp->iph_name, (u_long)hp->iph_size); + if (hp->iph_seed != 0) + PRINTF(" seed = %lu", hp->iph_seed); + putchar('\n'); + } else { + PRINTF(" Type: "); + switch (hp->iph_type & ~IPHASH_ANON) + { + case IPHASH_LOOKUP : + PRINTF("lookup"); + break; + case IPHASH_GROUPMAP : + PRINTF("groupmap Group. %s", hp->iph_name); + break; + default : + break; + } + + putchar('\n'); + PRINTF("\t\tSize: %lu\tSeed: %lu", + (u_long)hp->iph_size, hp->iph_seed); + PRINTF("\tRef. Count: %d\tMasks: %#x\n", hp->iph_ref, + hp->iph_masks); + } + + if ((opts & OPT_DEBUG) != 0) { + struct in_addr m; + int i; + + for (i = 0; i < 32; i++) { + if ((1 << i) & hp->iph_masks) { + ntomask(4, i, &m.s_addr); + PRINTF("\t\tMask: %s\n", inet_ntoa(m)); + } + } + } +} diff --git a/contrib/ipfilter/lib/printpool_live.c b/contrib/ipfilter/lib/printpool_live.c new file mode 100644 index 000000000000..0588cfbb7c8d --- /dev/null +++ b/contrib/ipfilter/lib/printpool_live.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include +#include "ipf.h" +#include "netinet/ipl.h" + +#define PRINTF (void)printf +#define FPRINTF (void)fprintf + + +ip_pool_t *printpool_live(pool, fd, name, opts) +ip_pool_t *pool; +int fd; +char *name; +int opts; +{ + ip_pool_node_t entry, *top, *node; + ipflookupiter_t iter; + int printed, last; + ipfobj_t obj; + + if ((name != NULL) && strncmp(name, pool->ipo_name, FR_GROUPLEN)) + return pool->ipo_next; + + printpooldata(pool, opts); + + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); + if ((opts & OPT_DEBUG) == 0) + PRINTF("\t{"); + + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_type = IPFOBJ_LOOKUPITER; + obj.ipfo_ptr = &iter; + obj.ipfo_size = sizeof(iter); + + iter.ili_data = &entry; + iter.ili_type = IPLT_POOL; + iter.ili_otype = IPFLOOKUPITER_NODE; + iter.ili_ival = IPFGENITER_LOOKUP; + iter.ili_unit = pool->ipo_unit; + strncpy(iter.ili_name, pool->ipo_name, FR_GROUPLEN); + + last = 0; + top = NULL; + printed = 0; + + while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) { + if (entry.ipn_next == NULL) + last = 1; + entry.ipn_next = top; + top = malloc(sizeof(*top)); + if (top == NULL) + break; + bcopy(&entry, top, sizeof(entry)); + } + + while (top != NULL) { + node = top; + (void) printpoolnode(node, opts); + if ((opts & OPT_DEBUG) == 0) + putchar(';'); + top = node->ipn_next; + free(node); + printed++; + } + + if (printed == 0) + putchar(';'); + + if ((opts & OPT_DEBUG) == 0) + PRINTF(" };\n"); + return pool->ipo_next; +} diff --git a/contrib/ipfilter/lib/printpooldata.c b/contrib/ipfilter/lib/printpooldata.c new file mode 100644 index 000000000000..8d8e962cbbde --- /dev/null +++ b/contrib/ipfilter/lib/printpooldata.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2002 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include "ipf.h" + +#define PRINTF (void)printf +#define FPRINTF (void)fprintf + +void printpooldata(pool, opts) +ip_pool_t *pool; +int opts; +{ + + if ((opts & OPT_DEBUG) == 0) { + if ((pool->ipo_flags & IPOOL_ANON) != 0) + PRINTF("# 'anonymous' tree %s\n", pool->ipo_name); + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); + PRINTF("table role = "); + } else { + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); + PRINTF("%s: %s", + isdigit(*pool->ipo_name) ? "Number" : "Name", + pool->ipo_name); + if ((pool->ipo_flags & IPOOL_ANON) == IPOOL_ANON) + PRINTF("(anon)"); + putchar(' '); + PRINTF("Role: "); + } + + switch (pool->ipo_unit) + { + case IPL_LOGIPF : + printf("ipf"); + break; + case IPL_LOGNAT : + printf("nat"); + break; + case IPL_LOGSTATE : + printf("state"); + break; + case IPL_LOGAUTH : + printf("auth"); + break; + case IPL_LOGSYNC : + printf("sync"); + break; + case IPL_LOGSCAN : + printf("scan"); + break; + case IPL_LOGLOOKUP : + printf("lookup"); + break; + case IPL_LOGCOUNT : + printf("count"); + break; + default : + printf("unknown(%d)", pool->ipo_unit); + } + + if ((opts & OPT_DEBUG) == 0) { + PRINTF(" type = tree %s = %s\n", + isdigit(*pool->ipo_name) ? "number" : "name", + pool->ipo_name); + } else { + putchar(' '); + + PRINTF("\tReferences: %d\tHits: %lu\n", pool->ipo_ref, + pool->ipo_hits); + if ((pool->ipo_flags & IPOOL_DELETE) != 0) + PRINTF("# "); + PRINTF("\tNodes Starting at %p\n", pool->ipo_list); + } +} diff --git a/contrib/ipfilter/lib/printproto.c b/contrib/ipfilter/lib/printproto.c index dd0ce39ca57e..e65ec1160826 100644 --- a/contrib/ipfilter/lib/printproto.c +++ b/contrib/ipfilter/lib/printproto.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1993-2005 by Darren Reed. + * Copyright (C) 2005 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ @@ -8,7 +8,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.1 2005/06/12 07:21:53 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.2 2006/06/16 17:21:14 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printtqtable.c b/contrib/ipfilter/lib/printtqtable.c new file mode 100644 index 000000000000..67adb53b1c34 --- /dev/null +++ b/contrib/ipfilter/lib/printtqtable.c @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2007 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include +#include +#include "ipf.h" + + +void printtqtable(table) +ipftq_t *table; +{ + int i; + + printf("TCP Entries per state\n"); + for (i = 0; i < IPF_TCP_NSTATES; i++) + printf(" %5d", i); + printf("\n"); + + for (i = 0; i < IPF_TCP_NSTATES; i++) + printf(" %5d", table[i].ifq_ref - 1); + printf("\n"); +} diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile index 192390801708..9273ca6113e9 100644 --- a/contrib/ipfilter/test/Makefile +++ b/contrib/ipfilter/test/Makefile @@ -30,15 +30,15 @@ ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 \ ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 nitests: ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 \ - ni16 ni19 ni20 ni21 + ni16 ni19 ni20 ni21 ni23 intests: in1 in2 in3 in4 in5 in6 logtests: l1 -pools: p1 p2 p3 ip1 +pools: p1 p2 p3 p5 ip1 ip2 -ipv6: ipv6.1 ipv6.2 ipv6.3 +ipv6: ipv6.1 ipv6.2 ipv6.3 ipv6.5 bpf: bpf1 bpf-f1 @@ -54,10 +54,10 @@ i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 bpf1: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14: @/bin/sh ./nattest `awk "/^$@ / { print; } " test.format` -ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20: +ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20: @/bin/sh ./natipftest single `awk "/^$@ / { print; } " test.format` -ni6 ni21: +ni1 ni6 ni21 ni23: @/bin/sh ./natipftest multi `awk "/^$@ / { print; } " test.format` in1 in2 in3 in4 in5 in6: @@ -66,13 +66,13 @@ in1 in2 in3 in4 in5 in6: l1: @/bin/sh ./logtest `awk "/^$@ / { print; } " test.format` -ipv6.1 ipv6.2 ipv6.3: +ipv6.1 ipv6.2 ipv6.3 ipv6.5: @/bin/sh ./dotest6 `awk "/^$@ / { print; } " test.format` -p1 p2 p3: +p1 p2 p3 p5: @/bin/sh ./ptest `awk "/^$@ / { print; } " test.format` -ip1: +ip1 ip2: @/bin/sh ./iptest `awk "/^$@ / { print; } " test.format` bpf-f1: @@ -83,11 +83,11 @@ clean: /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 /bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 - /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20 ni21 + /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20 ni21 ni23 /bin/rm -f in1 in2 in3 in4 in5 in6 - /bin/rm -f p1 p2 p3 ip1 + /bin/rm -f p1 p2 p3 p5 ip1 ip2 /bin/rm -f l1 - /bin/rm -f ipv6.1 ipv6.2 ipv6.3 + /bin/rm -f ipv6.1 ipv6.2 ipv6.3 ipv6.5 /bin/rm -f bpf1 bpf-f1 /bin/rm -f results/* logout diff --git a/contrib/ipfilter/test/expected/f12 b/contrib/ipfilter/test/expected/f12 index 88354d95030d..094d8c01d486 100644 --- a/contrib/ipfilter/test/expected/f12 +++ b/contrib/ipfilter/test/expected/f12 @@ -1,60 +1,60 @@ pass pass pass +bad-packet nomatch nomatch -nomatch -nomatch +bad-packet nomatch nomatch -------- pass pass pass -pass -nomatch -nomatch -nomatch -nomatch -nomatch --------- -nomatch -nomatch -nomatch -block -block -nomatch -nomatch -nomatch -nomatch --------- -nomatch -nomatch -block -block -block +bad-packet nomatch nomatch +bad-packet nomatch nomatch -------- nomatch nomatch nomatch +bad-packet +block +nomatch +bad-packet +nomatch +nomatch +-------- +nomatch +nomatch +block +bad-packet +block +nomatch +bad-packet +nomatch +nomatch +-------- nomatch nomatch nomatch -pass +bad-packet +nomatch +nomatch +bad-packet nomatch pass -------- nomatch nomatch nomatch +bad-packet nomatch nomatch -nomatch -nomatch +bad-packet nomatch block -------- diff --git a/contrib/ipfilter/test/expected/f13 b/contrib/ipfilter/test/expected/f13 index 2a0195b078ad..99c05651cea6 100644 --- a/contrib/ipfilter/test/expected/f13 +++ b/contrib/ipfilter/test/expected/f13 @@ -1,13 +1,13 @@ pass -nomatch +bad-packet nomatch pass +bad-packet nomatch nomatch +bad-packet nomatch -nomatch -nomatch -nomatch +bad-packet nomatch nomatch nomatch @@ -19,15 +19,15 @@ nomatch nomatch -------- block -nomatch +bad-packet nomatch block +bad-packet nomatch nomatch +bad-packet nomatch -nomatch -nomatch -nomatch +bad-packet nomatch nomatch nomatch @@ -39,15 +39,15 @@ nomatch nomatch -------- nomatch +bad-packet nomatch nomatch +bad-packet nomatch nomatch -nomatch -nomatch +bad-packet pass -pass -nomatch +bad-packet nomatch nomatch pass @@ -59,15 +59,15 @@ nomatch nomatch -------- nomatch +bad-packet nomatch nomatch +bad-packet nomatch nomatch -nomatch -nomatch +bad-packet block -block -nomatch +bad-packet nomatch nomatch block @@ -79,15 +79,15 @@ nomatch nomatch -------- block -nomatch +bad-packet nomatch pass +bad-packet nomatch nomatch +bad-packet nomatch -nomatch -nomatch -nomatch +bad-packet nomatch nomatch nomatch @@ -99,15 +99,15 @@ pass pass -------- block -nomatch +bad-packet nomatch block +bad-packet nomatch nomatch +bad-packet nomatch -nomatch -nomatch -nomatch +bad-packet nomatch nomatch nomatch @@ -119,15 +119,15 @@ block block -------- nomatch +bad-packet nomatch nomatch +bad-packet nomatch nomatch -nomatch -nomatch +bad-packet pass -pass -nomatch +bad-packet nomatch nomatch nomatch @@ -139,15 +139,15 @@ nomatch nomatch -------- block -block +bad-packet nomatch pass -block -nomatch -nomatch +bad-packet nomatch nomatch +bad-packet nomatch +bad-packet nomatch nomatch nomatch diff --git a/contrib/ipfilter/test/expected/i11 b/contrib/ipfilter/test/expected/i11 index d4a6ec41abb0..154f31e810bb 100644 --- a/contrib/ipfilter/test/expected/i11 +++ b/contrib/ipfilter/test/expected/i11 @@ -1,11 +1,11 @@ -pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state -block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state +pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state # count 0 +block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state # count 0 pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 20499 keep frags pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags (strict) -pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags -pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state -pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state -pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state -pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state -pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err,age 600/600) -pass in proto udp from any to any keep state (sync,age 10/20) +pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags # count 0 +pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state # count 0 +pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state # count 0 +pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state # count 0 +pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state # count 0 +pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err,age 600/600) # count 0 +pass in proto udp from any to any keep state (sync,age 10/20) # count 0 diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12 index e21724c7a259..dadf597fc3df 100644 --- a/contrib/ipfilter/test/expected/i12 +++ b/contrib/ipfilter/test/expected/i12 @@ -32,8 +32,8 @@ pass in proto udp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 pass in from 10.10.10.10/32 to 11.11.11.11/32 pass in from pool/101(!) to hash/202(!) pass in from hash/303(!) to pool/404(!) -table role = ipf type = tree number = +table role = ipf type = tree name = { ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; }; -table role = ipf type = tree number = +table role = ipf type = tree name = { 1.1.0.0/16; }; pass in from pool/0(!) to pool/0(!) diff --git a/contrib/ipfilter/test/expected/i4 b/contrib/ipfilter/test/expected/i4 index 639dae88aca5..49924555a27e 100644 --- a/contrib/ipfilter/test/expected/i4 +++ b/contrib/ipfilter/test/expected/i4 @@ -6,4 +6,4 @@ block in proto udp from any port != 123 to any port < 7 block in proto tcp from any port = 25 to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 pass in proto tcp/udp from any port 2:2 to any port 10:20 -pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state +pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state # count 0 diff --git a/contrib/ipfilter/test/expected/i9 b/contrib/ipfilter/test/expected/i9 index 2d464543f177..b128f99d57ac 100644 --- a/contrib/ipfilter/test/expected/i9 +++ b/contrib/ipfilter/test/expected/i9 @@ -4,7 +4,7 @@ pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt lsrr,ssrr pass in from 127.0.0.1/32 to 127.0.0.1/32 with not frag pass in from 127.0.0.1/32 to 127.0.0.1/32 with frag,frag-body -pass in proto tcp from any to any flags S/FSRPAU with not oow keep state +pass in proto tcp from any to any flags S/FSRPAU with not oow keep state # count 0 block in proto tcp from any to any with oow pass in proto tcp from any to any flags S/FSRPAU with not bad,bad-src,bad-nat block in proto tcp from any to any flags S/FSRPAU with bad,not bad-src,not bad-nat diff --git a/contrib/ipfilter/test/expected/ip2 b/contrib/ipfilter/test/expected/ip2 new file mode 100644 index 000000000000..9b0ed2babae6 --- /dev/null +++ b/contrib/ipfilter/test/expected/ip2 @@ -0,0 +1,2 @@ +table role = ipf type = tree name = letters + { 2.2.2.0/24; ! 2.2.0.0/16; 1.1.1.1/32; }; diff --git a/contrib/ipfilter/test/expected/ipv6.1 b/contrib/ipfilter/test/expected/ipv6.1 index abc0e87c6917..9fd54371f14b 100644 --- a/contrib/ipfilter/test/expected/ipv6.1 +++ b/contrib/ipfilter/test/expected/ipv6.1 @@ -1,3 +1,4 @@ pass pass +nomatch -------- diff --git a/contrib/ipfilter/test/expected/ipv6.5 b/contrib/ipfilter/test/expected/ipv6.5 new file mode 100644 index 000000000000..3133a7f09e7f --- /dev/null +++ b/contrib/ipfilter/test/expected/ipv6.5 @@ -0,0 +1,6 @@ +pass +nomatch +-------- +block +nomatch +-------- diff --git a/contrib/ipfilter/test/expected/n10 b/contrib/ipfilter/test/expected/n10 index f30d7573bec5..ae541d158571 100644 --- a/contrib/ipfilter/test/expected/n10 +++ b/contrib/ipfilter/test/expected/n10 @@ -1,6 +1,9 @@ 4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 655d 0000 0204 0064 + ------------------------------- 4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 61d9 0000 0204 03e8 + ------------------------------- 4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 600d 0000 0204 05b4 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/n12 b/contrib/ipfilter/test/expected/n12 index 010b77b63e15..0d5cefbf7e77 100644 --- a/contrib/ipfilter/test/expected/n12 +++ b/contrib/ipfilter/test/expected/n12 @@ -1,4 +1,7 @@ 4510 0040 2020 4000 4006 9478 c0a8 01bc c0a8 0303 2710 0017 4e33 298e 0000 0000 b002 4000 6ff8 0000 0204 05b4 0101 0402 0103 0300 0101 080a 0c72 549e 0000 0000 + 4500 003c 00b0 4000 fe06 7964 c0a8 0303 c0a8 7e53 0017 12c2 f674 e02c 4e33 298f a012 2798 7ace 0000 0101 080a 2c05 b797 0c72 549e 0103 0300 0204 05b4 + 4510 0034 493b 4000 4006 6b69 c0a8 01bc c0a8 0303 2710 0017 4e33 298f f674 e02d 8010 4000 f673 0000 0101 080a 0c72 549e 2c05 b797 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/n4 b/contrib/ipfilter/test/expected/n4 index 9349542396c1..863217c1db79 100644 --- a/contrib/ipfilter/test/expected/n4 +++ b/contrib/ipfilter/test/expected/n4 @@ -50,8 +50,8 @@ ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.1.1.1,53 > 10.3.3.3,12345 ------------------------------- ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 @@ -61,6 +61,6 @@ ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.1.1.1,53 > 10.3.3.3,12345 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n6 b/contrib/ipfilter/test/expected/n6 index 2b2c37fe7a90..cbdad9f1388e 100644 --- a/contrib/ipfilter/test/expected/n6 +++ b/contrib/ipfilter/test/expected/n6 @@ -13,7 +13,7 @@ ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 @@ -27,7 +27,7 @@ ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 @@ -48,7 +48,7 @@ ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 diff --git a/contrib/ipfilter/test/expected/n8 b/contrib/ipfilter/test/expected/n8 index 7a26a26a6513..d3e061da974a 100644 --- a/contrib/ipfilter/test/expected/n8 +++ b/contrib/ipfilter/test/expected/n8 @@ -1,5 +1,9 @@ 4500 0054 8bc1 0000 ff01 13d5 0a0a 0a01 0404 0404 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 8bc1 0000 ff01 13d5 0a0a 0a01 0404 0404 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/n9 b/contrib/ipfilter/test/expected/n9 index 39979fa55fff..917105f74ed4 100644 --- a/contrib/ipfilter/test/expected/n9 +++ b/contrib/ipfilter/test/expected/n9 @@ -1,5 +1,9 @@ 4500 0054 8bc1 0000 ff01 17d9 0202 0202 0a0a 0a01 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 8bc1 0000 ff01 17d9 0202 0202 0a0a 0a01 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + 4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni1 b/contrib/ipfilter/test/expected/ni1 index be981f1e10b0..d4e2de2db8a5 100644 --- a/contrib/ipfilter/test/expected/ni1 +++ b/contrib/ipfilter/test/expected/ni1 @@ -1,4 +1,19 @@ 4500 0028 0000 4000 0111 65b2 0606 0606 0404 0404 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3 + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 afc9 829e 0014 6b10 + 4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 afc9 829e 0014 6b10 0402 0000 3be5 468d 000a cfc3 + +4500 0028 0001 4000 0111 65b0 0606 0607 0404 0404 4e20 829e 0014 c4b0 0402 0000 3be5 468d 000a cfc3 + +4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 0800 829e 0014 12da + +4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 0800 829e 0014 12da 0402 0000 3be5 468d 000a cfc3 + +4500 0028 0002 4000 0111 65ae 0606 0608 0404 0404 07d0 829e 0014 0b00 0402 0000 3be5 468d 000a cfc3 + +4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 ff6a 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 5000 829e 0014 22e2 + +4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 5000 829e 0014 cad9 0402 0000 3be5 468d 000a cfc3 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni10 b/contrib/ipfilter/test/expected/ni10 index df7b03f83fee..3ee63fb8ddd0 100644 --- a/contrib/ipfilter/test/expected/ni10 +++ b/contrib/ipfilter/test/expected/ni10 @@ -1,5 +1,9 @@ 4500 003c 4706 4000 ff06 20a2 0404 0404 0606 0606 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 afb9 0202 0202 0404 0404 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001 + 4500 0058 0001 0000 ff01 af98 0202 0202 0404 0404 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28ab 0404 0404 0202 0201 5000 0050 0000 0001 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni11 b/contrib/ipfilter/test/expected/ni11 index d6db012a2ab0..88d6406e6ee7 100644 --- a/contrib/ipfilter/test/expected/ni11 +++ b/contrib/ipfilter/test/expected/ni11 @@ -1,5 +1,9 @@ 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 a7b9 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 + 4500 0058 0001 0000 ff01 a798 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni12 b/contrib/ipfilter/test/expected/ni12 index 70f991b8397e..7d24a493fd32 100644 --- a/contrib/ipfilter/test/expected/ni12 +++ b/contrib/ipfilter/test/expected/ni12 @@ -1,5 +1,9 @@ 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9c40 0000 0001 0000 0000 a002 16d0 3ef4 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2d1d 0303 0303 0404 0404 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 + 4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni13 b/contrib/ipfilter/test/expected/ni13 index 3848d395956d..897bef3e9b2c 100644 --- a/contrib/ipfilter/test/expected/ni13 +++ b/contrib/ipfilter/test/expected/ni13 @@ -1,32 +1,63 @@ 4500 0030 5e11 4000 8006 3961 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 + 4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 + 4500 00c4 5e12 4000 8006 38cc c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 5e13 4000 8006 38bf c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 5e14 4000 8006 394e c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 5e15 0000 802f 792b c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff + 4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 + 4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 5e16 0000 802f 7927 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 5e17 0000 802f 792c c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 5e18 4000 8006 394a c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 5e19 0000 802f 7928 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 5e1a 0000 802f 7921 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 5e1b 0000 802f 792e c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 + 4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + 4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 5e1c 0000 802f 7915 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 5e1d 0000 802f 792c c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 + 4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 -4500 002a 5e1e 0000 802f 7933 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 -4500 0032 5e1f 0000 802f 792a c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc + +4500 002a 5e1e 0000 802f 7931 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 + +4500 0032 5e1f 0000 802f 7928 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc + 4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni14 b/contrib/ipfilter/test/expected/ni14 index 852132396b58..5ad5a1b40409 100644 --- a/contrib/ipfilter/test/expected/ni14 +++ b/contrib/ipfilter/test/expected/ni14 @@ -1,32 +1,63 @@ 4500 0030 5e11 4000 8006 ec0b c0a8 7101 7f00 0001 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 d44b 0000 0204 05b4 0101 0402 + 4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 + 4500 00c4 5e12 4000 8006 eb76 c0a8 7101 7f00 0001 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 954b 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 5e13 4000 8006 eb69 c0a8 7101 7f00 0001 05e7 06bb abf0 4b42 a564 6977 5018 fa54 5eb2 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 5e14 4000 8006 ebf8 c0a8 7101 7f00 0001 05e7 06bb abf0 4bea a564 6997 5018 fa34 9abb 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 5e15 0000 802f 2bd6 c0a8 7101 7f00 0001 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff + 4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 + 4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 5e16 0000 802f 2bd2 c0a8 7101 7f00 0001 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 5e17 0000 802f 2bd7 c0a8 7101 7f00 0001 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 -4500 0032 0008 0000 ff2f a594 c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + +4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 5e18 4000 8006 ebf4 c0a8 7101 7f00 0001 05e7 06bb abf0 4c02 a564 6997 5018 fa34 9aa3 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 5e19 0000 802f 2bd3 c0a8 7101 7f00 0001 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 -4500 003e 0009 0000 ff2f a587 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + +4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 5e1a 0000 802f 2bcc c0a8 7101 7f00 0001 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 -4500 0044 000a 0000 ff2f a580 c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + +4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 5e1b 0000 802f 2bd9 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 -4500 002a 000b 0000 ff2f a599 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 -4500 002c 000c 0000 ff2f a596 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + +4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + +4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 5e1c 0000 802f 2bc0 c0a8 7101 7f00 0001 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 -4500 0042 000d 0000 ff2f a57f c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + +4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 5e1d 0000 802f 2bd7 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 -4500 0030 000e 0000 ff2f a590 c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 + +4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 + 4500 002a 5e1e 0000 802f 2bdc c0a8 7101 7f00 0001 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 + 4500 0032 5e1f 0000 802f 2bd3 c0a8 7101 7f00 0001 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc -4500 002a 000f 0000 ff2f a595 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + +4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni15 b/contrib/ipfilter/test/expected/ni15 index 1c59de17d466..3820d560d1b7 100644 --- a/contrib/ipfilter/test/expected/ni15 +++ b/contrib/ipfilter/test/expected/ni15 @@ -1,32 +1,63 @@ 4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 + 4500 002c 69a6 4000 4006 6dd0 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4 + 4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 69a7 4000 4006 6d37 c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 69a8 4000 4006 6db2 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 69a9 0000 ff2f eeaf c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff + 4500 0028 69aa 4000 4006 6dd0 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000 + 4500 0038 69ab 0000 ff2f ee95 c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 69ac 0000 ff2f ee9d c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 69ad 0000 ff2f ee91 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 0032 69ae 0000 ff2f ee98 c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 69af 0000 ff2f ee8b c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0044 69b0 0000 ff2f ee84 c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 + 4500 002a 69b1 0000 ff2f ee9d c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + 4500 002c 69b2 0000 ff2f ee9a c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0042 69b3 0000 ff2f ee83 c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 + 4500 0030 69b4 0000 ff2f ee94 c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 + 4500 002a 000d 0000 802f d742 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 + 4500 0032 000e 0000 802f d739 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc + 4500 002a 69b5 0000 ff2f ee99 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni16 b/contrib/ipfilter/test/expected/ni16 index c30b0d22bac4..2c34f5c7094d 100644 --- a/contrib/ipfilter/test/expected/ni16 +++ b/contrib/ipfilter/test/expected/ni16 @@ -1,32 +1,63 @@ 4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402 + 4500 002c 69a6 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 68da abf0 4aa6 6012 8000 c8ee 0000 0204 05b4 + 4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00c4 69a7 4000 4006 92dd c0a8 7103 0a02 0202 06bb 05e7 a564 68db abf0 4b42 5018 832c f475 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0048 69a8 4000 4006 9358 c0a8 7103 0a02 0202 06bb 05e7 a564 6977 abf0 4bea 5018 832c 5ca0 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000 + 4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff + 4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06 + 4500 0020 69a9 0000 ff2f 1456 c0a8 7103 0a02 0202 2081 880b 0000 4000 ffff ffff + 4500 0028 69aa 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 6997 abf0 4c02 5010 832c db67 0000 + 4500 0038 69ab 0000 ff2f 143c c0a8 7103 0a02 0202 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 002f 69ac 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06 + 4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802 + 4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 003a 69ad 0000 ff2f 1438 c0a8 7103 0a02 0202 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802 + 4500 0032 69ae 0000 ff2f 143f c0a8 7103 0a02 0202 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 + 4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff + 4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 69af 0000 ff2f 1432 c0a8 7103 0a02 0202 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 + 4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0044 69b0 0000 ff2f 142b c0a8 7103 0a02 0202 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52 + 4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001 + 4500 002a 69b1 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 + 4500 002c 69b2 0000 ff2f 1441 c0a8 7103 0a02 0202 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 + 4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0042 69b3 0000 ff2f 142a c0a8 7103 0a02 0202 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000 + 4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01 + 4500 0030 69b4 0000 ff2f 143b c0a8 7103 0a02 0202 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 -4500 002a 000d 0000 802f d744 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 -4500 0032 000e 0000 802f d73b c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc + +4500 002a 000d 0000 802f d742 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 + +4500 0032 000e 0000 802f d739 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc + 4500 002a 69b5 0000 ff2f 1440 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni19 b/contrib/ipfilter/test/expected/ni19 index a75c583e27b3..fa40771a0f13 100644 --- a/contrib/ipfilter/test/expected/ni19 +++ b/contrib/ipfilter/test/expected/ni19 @@ -1,25 +1,49 @@ 4500 0040 e3fc 4000 4006 40b5 0a01 0101 0a01 0104 03f1 0202 6523 90b2 0000 0000 b002 8000 a431 0000 0204 05b4 0103 0300 0402 0101 0101 080a 0000 0000 0000 0000 + 4500 0034 0000 4000 4006 fe13 0a01 0104 c0a8 7103 0202 03f1 915a a5c4 6523 90b3 8012 16d0 e89c 0000 0204 05b4 0101 0402 0103 0302 + 4500 0028 e3fd 4000 4006 40cc 0a01 0101 0a01 0104 03f1 0202 6523 90b3 915a a5c5 5010 832c e3b7 0000 + 4500 002d e3fe 4000 4006 40c6 0a01 0101 0a01 0104 03f1 0202 6523 90b3 915a a5c5 5018 832c 8242 0000 3130 3038 00 + 4500 0028 7ce5 4000 4006 813a 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90b8 5010 05b4 3a81 0000 + 4500 003c 1186 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a2 0000 0000 a002 16d0 b8c0 0000 0204 05b4 0402 080a 0039 d924 0000 0000 0103 0302 + 4500 0040 e3ff 4000 4006 40b2 0a01 0101 0a01 0104 03f0 03ff 66e5 b810 91d4 c8a3 b012 8000 452f 0000 0204 05b4 0103 0300 0101 080a 0000 0000 0039 d924 0402 0101 + 4500 0034 1188 4000 4006 ec8b 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8010 05b4 d99b 0000 0101 080a 0039 d925 0000 0000 + 4500 0030 e400 4000 4006 40c1 0a01 0101 0a01 0104 03f1 0202 6523 90b8 915a a5c5 5018 832c 3560 0000 6461 7272 656e 7200 + 4500 0028 7ce7 4000 4006 8138 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90c0 5010 05b4 3a79 0000 + 4500 0053 e401 4000 4006 409d 0a01 0101 0a01 0104 03f1 0202 6523 90c0 915a a5c5 5018 832c cce7 0000 6461 7272 656e 7200 7368 202d 6320 2265 6368 6f20 666f 6f20 3e26 313b 2065 6368 6f20 6261 7220 3e26 3222 00 + 4500 0028 7ce9 4000 4006 8136 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5010 05b4 3a4e 0000 + 4500 0029 7ceb 4000 4006 8133 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5018 05b4 3a45 0000 00 + 4500 0028 e403 4000 4006 40c6 0a01 0101 0a01 0104 03f1 0202 6523 90eb 915a a5c6 5010 832c e37e 0000 + 4500 002c 7ced 4000 4006 812e 0a01 0104 c0a8 7103 0202 03f1 915a a5c6 6523 90eb 5018 05b4 64c7 0000 666f 6f0a + 4500 0038 118a 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8018 05b4 00dd 0000 0101 080a 0039 dd6c 0000 0000 6261 720a + 4500 0028 7cef 4000 4006 8130 0a01 0104 c0a8 7103 0202 03f1 915a a5ca 6523 90eb 5011 05b4 3a48 0000 + 4500 0034 118c 4000 4006 ec87 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a7 66e5 b811 8011 05b4 d54e 0000 0101 080a 0039 dd6d 0000 0000 + 4500 0028 e404 4000 4006 1a1b c0a8 7103 0a01 0104 03f1 0202 6523 90eb 915a a5cb 5010 8328 bcd3 0000 + 4500 0034 e405 4000 4006 1a0e c0a8 7103 0a01 0104 03f0 03ff 66e5 b811 91d4 c8a8 8010 8328 57d7 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 e40a 4000 4006 1a15 c0a8 7103 0a01 0104 03f1 0202 6523 90eb 915a a5cb 5011 832c bcce 0000 + 4500 0034 e40b 4000 4006 1a08 c0a8 7103 0a01 0104 03f0 03ff 66e5 b811 91d4 c8a8 8011 832c 57d2 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 0004 4000 4006 fe1b 0a01 0104 c0a8 7103 0202 03f1 915a a5cb 6523 90ec 5010 05b4 3a47 0000 + 4500 0034 118e 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a8 66e5 b812 8010 05b4 d548 0000 0101 080a 0039 dd6e 0000 0004 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni2 b/contrib/ipfilter/test/expected/ni2 index 6aef39f7ce86..e2a7eb89ffaf 100644 --- a/contrib/ipfilter/test/expected/ni2 +++ b/contrib/ipfilter/test/expected/ni2 @@ -1,10 +1,19 @@ 4510 002c 0000 4000 3e06 78df 0101 0101 c0a8 0133 9c40 0077 a664 2485 0000 0000 6002 4000 2ca8 0000 0204 05b4 + 4500 002c ce83 4000 7e06 606b c0a8 0133 0a01 0201 0077 05f6 fbdf 1a21 a664 2486 6012 2238 c0a8 0000 0204 05b4 + 4510 0028 0001 4000 3e06 78e2 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a22 5010 4470 29e3 0000 + 4500 005b cf83 4000 7e06 5f3c c0a8 0133 0a01 0201 0077 05f6 fbdf 1a22 a664 2486 5018 2238 ce2a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0a + 4510 0028 0002 4000 3e06 78e1 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5010 4470 29b0 0000 + 4510 002e 0003 4000 3e06 78da 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5018 4470 1c98 0000 0000 0000 0d0a + 4500 0048 e383 4000 7e06 4b4f c0a8 0133 0a01 0201 0077 05f6 fbdf 1a55 a664 248c 5018 2232 d80a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201 0077 05f6 fbdf 1a75 a664 248c 5010 2232 9f2d 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3331 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 -4500 0038 0004 4000 4001 76e4 0101 0101 c0a8 0133 0304 444f 0000 05a0 4500 05dc e483 4000 7e06 4ebb c0a8 0133 0101 0101 0077 9c40 fbdf 1a75 + +4500 0038 0004 4000 4001 76e4 0101 0101 c0a8 0133 0304 9dea 0000 05a0 4500 05dc e483 4000 7e06 4ebb c0a8 0133 0101 0101 0077 9c40 fbdf 1a75 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni20 b/contrib/ipfilter/test/expected/ni20 index 46833bd2eaf2..6001a5af9eb8 100644 --- a/contrib/ipfilter/test/expected/ni20 +++ b/contrib/ipfilter/test/expected/ni20 @@ -1,25 +1,49 @@ 4500 0040 e3fc 4000 4006 f362 c0a8 7103 c0a8 7104 03f1 0202 6523 90b2 0000 0000 b002 8000 56df 0000 0204 05b4 0103 0300 0402 0101 0101 080a 0000 0000 0000 0000 + 4500 0034 0000 4000 4006 fe13 0a01 0104 c0a8 7103 0202 03f1 915a a5c4 6523 90b3 8012 16d0 e89c 0000 0204 05b4 0101 0402 0103 0302 + 4500 0028 e3fd 4000 4006 f379 c0a8 7103 c0a8 7104 03f1 0202 6523 90b3 915a a5c5 5010 832c 9665 0000 + 4500 002d e3fe 4000 4006 f373 c0a8 7103 c0a8 7104 03f1 0202 6523 90b3 915a a5c5 5018 832c 34f0 0000 3130 3038 00 + 4500 0028 7ce5 4000 4006 813a 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90b8 5010 05b4 3a81 0000 + 4500 003c 1186 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a2 0000 0000 a002 16d0 b8c0 0000 0204 05b4 0402 080a 0039 d924 0000 0000 0103 0302 + 4500 0040 e3ff 4000 4006 f35f c0a8 7103 c0a8 7104 03f0 03ff 66e5 b810 91d4 c8a3 b012 8000 f7dc 0000 0204 05b4 0103 0300 0101 080a 0000 0000 0039 d924 0402 0101 + 4500 0034 1188 4000 4006 ec8b 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8010 05b4 d99b 0000 0101 080a 0039 d925 0000 0000 + 4500 0030 e400 4000 4006 f36e c0a8 7103 c0a8 7104 03f1 0202 6523 90b8 915a a5c5 5018 832c e80d 0000 6461 7272 656e 7200 + 4500 0028 7ce7 4000 4006 8138 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90c0 5010 05b4 3a79 0000 + 4500 0053 e401 4000 4006 f34a c0a8 7103 c0a8 7104 03f1 0202 6523 90c0 915a a5c5 5018 832c 7f95 0000 6461 7272 656e 7200 7368 202d 6320 2265 6368 6f20 666f 6f20 3e26 313b 2065 6368 6f20 6261 7220 3e26 3222 00 + 4500 0028 7ce9 4000 4006 8136 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5010 05b4 3a4e 0000 + 4500 0029 7ceb 4000 4006 8133 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5018 05b4 3a45 0000 00 + 4500 0028 e403 4000 4006 f373 c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5c6 5010 832c 962c 0000 + 4500 002c 7ced 4000 4006 812e 0a01 0104 c0a8 7103 0202 03f1 915a a5c6 6523 90eb 5018 05b4 64c7 0000 666f 6f0a + 4500 0038 118a 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8018 05b4 00dd 0000 0101 080a 0039 dd6c 0000 0000 6261 720a + 4500 0028 7cef 4000 4006 8130 0a01 0104 c0a8 7103 0202 03f1 915a a5ca 6523 90eb 5011 05b4 3a48 0000 + 4500 0034 118c 4000 4006 ec87 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a7 66e5 b811 8011 05b4 d54e 0000 0101 080a 0039 dd6d 0000 0000 + 4500 0028 e404 4000 4006 f372 c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5cb 5010 8328 962b 0000 + 4500 0034 e405 4000 4006 f365 c0a8 7103 c0a8 7104 03f0 03ff 66e5 b811 91d4 c8a8 8010 8328 312f 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 e40a 4000 4006 f36c c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5cb 5011 832c 9626 0000 + 4500 0034 e40b 4000 4006 f35f c0a8 7103 c0a8 7104 03f0 03ff 66e5 b811 91d4 c8a8 8011 832c 312a 0000 0101 080a 0000 0004 0039 dd6c + 4500 0028 0004 4000 4006 d773 c0a8 7104 c0a8 7103 0202 03f1 915a a5cb 6523 90ec 5010 05b4 139f 0000 + 4500 0034 118e 4000 4006 c5dd c0a8 7104 c0a8 7103 03ff 03f0 91d4 c8a8 66e5 b812 8010 05b4 aea0 0000 0101 080a 0039 dd6e 0000 0004 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni23 b/contrib/ipfilter/test/expected/ni23 new file mode 100644 index 000000000000..24909b07f059 --- /dev/null +++ b/contrib/ipfilter/test/expected/ni23 @@ -0,0 +1,29 @@ +ip #0 28(20) 17 4.4.4.4,6700 > 2.2.2.2,4500 +ip #0 28(20) 17 2.2.2.2,4500 > 3.3.3.1,6700 +ip #0 28(20) 17 1.1.2.3,4500 > 3.3.3.1,6700 +List of active MAP/Redirect filters: +rdr le0,bge0 1.1.0.0/16 -> 2.2.2.2 ip +map hme0,ppp0 3.3.3.0/24 -> 4.4.4.4/32 + +List of active sessions: +MAP 3.3.3.1 6700 <- -> 4.4.4.4 6700 [2.2.2.2 4500] +RDR 2.2.2.2 4500 <- -> 1.1.2.3 4500 [3.3.3.1 6700] + +Hostmap table: +3.3.3.1,2.2.2.2 -> 4.4.4.4 (use = 1 hv = 0) +List of active state sessions: +3.3.3.1 -> 2.2.2.2 pass 0x40008402 pr 17 state 0/0 + tag 0 ttl 24 6700 -> 4500 + forward: pkts in 1 bytes in 28 pkts out 1 bytes out 28 + backward: pkts in 1 bytes in 28 pkts out 1 bytes out 28 + pass in keep state IPv4 + pkt_flags & 0(0) = 0, pkt_options & ffffffff = 0, ffffffff = 0 + pkt_security & ffff = 0, pkt_auth & ffff = 0 + is_flx 0x8001 0x8001 0x8001 0x1 + interfaces: in X[le0],X[hme0] out X[ppp0],X[bge0] + Sync status: not synchronized +List of configured pools +List of configured hash tables +List of groups configured (set 0) +List of groups configured (set 1) +------------------------------- diff --git a/contrib/ipfilter/test/expected/ni3 b/contrib/ipfilter/test/expected/ni3 index 600b6249a3ec..107d5d939342 100644 --- a/contrib/ipfilter/test/expected/ni3 +++ b/contrib/ipfilter/test/expected/ni3 @@ -1,4 +1,7 @@ 4500 003c 0000 4000 ff06 67a8 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 + 4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni4 b/contrib/ipfilter/test/expected/ni4 index cd5ebac85c75..c9f7504d7ac1 100644 --- a/contrib/ipfilter/test/expected/ni4 +++ b/contrib/ipfilter/test/expected/ni4 @@ -1,4 +1,7 @@ 4500 003c 0000 4000 ff06 67a8 0606 0606 0404 0404 9c40 0050 0000 0001 0000 0000 a002 16d0 849a 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 + 4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni5 b/contrib/ipfilter/test/expected/ni5 index a64d8129820b..e713cf285101 100644 --- a/contrib/ipfilter/test/expected/ni5 +++ b/contrib/ipfilter/test/expected/ni5 @@ -1,47 +1,103 @@ 4500 002c 0000 4000 ff06 02fc 0101 0101 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 f5a2 0000 0204 05b4 + 4500 002c ffdd 4000 ef06 5374 96cb e002 c0a8 0103 0015 8032 3786 76c4 bd6b c9c9 6012 269c 8369 0000 0204 0584 + 4500 0028 0001 4000 ff06 02ff 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000 + 4500 006f ffde 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 76c5 bd6b c9c9 5018 269c 967e 0000 3232 302d 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 7520 4e63 4654 5064 2053 6572 7665 7220 2866 7265 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a + 4500 0028 0002 4000 ff06 02fe 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000 + 4500 00c7 ffdf 4000 ef06 52d7 96cb e002 c0a8 0103 0015 8032 3786 770c bd6b c9c9 5018 269c 1087 0000 3232 302d 0d0a 3232 302d 4d61 696e 7461 696e 6564 2062 7920 5253 5353 2061 6e64 2052 5350 4153 2049 5420 5374 6166 6620 2870 7265 7669 6f75 736c 7920 6b6e 6f77 6e20 6173 2043 6f6f 6d62 7320 436f 6d70 7574 696e 6720 556e 6974 290d 0a32 3230 2d41 6e79 2070 726f 626c 656d 7320 636f 6e74 6163 7420 6674 706d 6173 7465 7240 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a + 4500 0028 0003 4000 ff06 02fd 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000 + 4500 0038 0004 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a + 4500 0028 ffe0 4000 ef06 5375 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5010 269c 9a00 0000 + 4500 006c ffe1 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5018 269c b00f 0000 3333 3120 4775 6573 7420 6c6f 6769 6e20 6f6b 2c20 7365 6e64 2079 6f75 7220 636f 6d70 6c65 7465 2065 2d6d 6169 6c20 6164 6472 6573 7320 6173 2070 6173 7377 6f72 642e 0d0a + 4500 0028 0005 4000 ff06 02fb 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5010 269c 5966 0000 + 4500 0036 0006 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5018 269c 373f 0000 5041 5353 2061 7661 6c6f 6e40 0d0a + 4500 005f ffe2 4000 ef06 533c 96cb e002 c0a8 0103 0015 8032 3786 77ef bd6b c9e7 5018 269c 895e 0000 3233 302d 596f 7520 6172 6520 7573 6572 2023 3420 6f66 2035 3020 7369 6d75 6c74 616e 656f 7573 2075 7365 7273 2061 6c6c 6f77 6564 2e0d 0a + 4500 0028 0007 4000 ff06 02f9 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7826 5010 269c 5921 0000 + 4500 0099 ffe3 4000 ef06 5301 96cb e002 c0a8 0103 0015 8032 3786 7826 bd6b c9e7 5018 269c d399 0000 3233 302d 0d0a 3233 302d 0d0a 3233 302d 4869 2e20 2057 6527 7265 2063 6c65 616e 696e 6720 7570 2e20 2041 6e79 2066 6565 6462 6163 6b20 6d6f 7374 2077 656c 636f 6d65 2e20 3130 2041 7567 2030 300d 0a32 3330 2d0d 0a32 3330 204c 6f67 6765 6420 696e 2061 6e6f 6e79 6d6f 7573 6c79 2e0d 0a + 4500 0028 0008 4000 ff06 02f8 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5010 269c 58b0 0000 + 4500 0030 0009 4000 ff06 02ef 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5018 269c 86ae 0000 5459 5045 2049 0d0a + 4500 0038 ffe4 4000 ef06 5361 96cb e002 c0a8 0103 0015 8032 3786 7897 bd6b c9ef 5018 269c 5fae 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a + 4500 0028 000a 4000 ff06 02f6 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5010 269c 5898 0000 + 4500 003d 000b 4000 ff06 02e0 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5018 269c 4b67 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 310d 0a + 4500 0046 ffe5 4000 ef06 5352 96cb e002 c0a8 0103 0015 8032 3786 78a7 bd6b ca0c 5018 269c dbc3 0000 3230 3020 504f 5254 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a + 4500 0030 000c 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b ca04 3786 78c5 5018 269c 866b 0000 5459 5045 2041 0d0a + 4500 0038 ffe6 4000 ef06 535f 96cb e002 c0a8 0103 0015 8032 3786 78c5 bd6b ca14 5018 269c 5f5b 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a + 4500 002e 000d 4000 ff06 02ed 0101 0101 96cb e002 8032 0015 bd6b ca0c 3786 78d5 5018 269c a994 0000 4e4c 5354 0d0a + 4500 002c ffe7 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 11d4 0000 0000 6002 2238 d190 0000 0204 0584 + 4500 002c 000e 4000 ff06 02ee 0101 0101 96cb e002 8033 0014 bd78 5c12 d9f8 11d5 6012 02f8 96de 0000 0204 0584 + 4500 0028 ffe8 4000 ef06 536d 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5010 269c cb1d 0000 + 4500 005d ffe9 4000 ef06 5337 96cb e002 c0a8 0103 0015 8032 3786 78d5 bd6b ca1a 5018 269c eed0 0000 3135 3020 4f70 656e 696e 6720 4153 4349 4920 6d6f 6465 2064 6174 6120 636f 6e6e 6563 7469 6f6e 2066 6f72 202f 6269 6e2f 6c73 2e0d 0a + 4500 0028 000f 4000 ff06 02f1 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 11d5 5010 6348 4e1b 0000 -4500 0063 ffea 4000 ef06 5330 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5018 269c a315 0000 636f 6f6d 6273 7061 7065 7273 0d0a 6465 7074 730d 0a66 6f75 6e64 2d66 696c 6573 0d0a 696e 636f 6d69 6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075 620d 0a -4500 0028 0010 4000 ff06 02f0 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 1210 5010 6348 4de0 0000 -4500 0028 ffeb 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 1210 bd78 5c13 5011 269c cae1 0000 -4500 0028 10da 4000 ff06 327c c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000 -4500 0028 10db 4000 ff06 327b c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000 -4500 0028 ffec 4000 ef06 5369 96cb e002 c0a8 0103 0014 8033 d9f8 1211 bd78 5c14 5010 269c cae0 0000 -4500 0028 0011 4000 ff06 02ef 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 790a 5010 269c 5812 0000 -4500 0040 ffed 4000 ef06 5350 96cb e002 c0a8 0103 0015 8032 3786 790a bd6b ca1a 5018 269c 7c9e 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a -4500 0030 0012 4000 ff06 02e6 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 7922 5018 269c 85f8 0000 5459 5045 2049 0d0a -4500 0038 ffee 4000 ef06 5357 96cb e002 c0a8 0103 0015 8032 3786 7922 bd6b ca22 5018 269c 5ef0 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a -4500 0028 0013 4000 ff06 02ed 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5010 269c 57e2 0000 -4500 002e 0014 4000 ff06 02e6 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5018 269c b020 0000 5155 4954 0d0a -4500 0036 ffef 4000 ef06 5358 96cb e002 c0a8 0103 0015 8032 3786 7932 bd6b ca28 5018 269c a93c 0000 3232 3120 476f 6f64 6279 652e 0d0a -4500 0028 0015 4000 ff06 02eb 0101 0101 96cb e002 8032 0015 bd6b ca20 3786 7940 5011 269c 57cd 0000 -4500 0028 fff0 4000 ef06 5365 96cb e002 c0a8 0103 0015 8032 3786 7940 bd6b ca28 5011 269c 981b 0000 -4500 0028 10e1 4000 ff06 3275 c0a8 0103 96cb e002 8032 0015 bd6b ca25 3786 7941 5010 269c 981e 0000 -4500 0028 fff1 4000 ef06 5364 96cb e002 c0a8 0103 0015 8032 3786 7941 bd6b ca29 5010 269c 981a 0000 + +4500 003d 0010 4000 ff06 02db 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 78d5 5018 269c 4a16 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 320d 0a + +4500 0046 ffea 4000 ef06 534d 96cb e002 c0a8 0103 0015 8032 3786 78d5 bd6b ca37 5018 269c db6a 0000 3230 3020 504f 5254 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a + +4500 0030 0011 4000 ff06 02e7 0101 0101 96cb e002 8032 0015 bd6b ca27 3786 78f3 5018 269c 861a 0000 5459 5045 2041 0d0a + +4500 0038 ffeb 4000 ef06 535a 96cb e002 c0a8 0103 0015 8032 3786 78f3 bd6b ca3f 5018 269c 5ef2 0000 3230 3020 5479 7065 206f 6b61 793e 0d0a + +4500 002e 0012 4000 ff06 02e8 0101 0101 96cb e002 8032 0015 bd6b ca2f 3786 7903 5018 269c a943 0000 4e4c 5354 0d0a + +4500 002c ffec 4000 ef06 5365 96cb e002 c0a8 0103 0014 8034 d9f8 11d4 0000 0000 6002 2238 d18f 0000 0204 0584 + +4500 002c 0013 4000 ff06 02e9 0101 0101 96cb e002 8034 0014 bd78 5c12 d9f8 11d5 6012 02f8 96dd 0000 0204 0584 + +4500 0028 ffec 4000 ef06 5369 96cb e002 c0a8 0103 0014 8034 d9f8 11d4 0000 0000 5010 2238 e90d 0000 + +4500 0063 ffed 4000 ef06 532d 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5018 269c a315 0000 636f 6f6d 6273 7061 7065 7273 0d0a 6465 7074 730d 0a66 6f75 6e64 2d66 696c 6573 0d0a 696e 636f 6d69 6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075 620d 0a + +4500 0028 0014 4000 ff06 02ec 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 1210 5010 6348 4de0 0000 + +4500 0028 ffee 4000 ef06 5367 96cb e002 c0a8 0103 0014 8033 d9f8 1210 bd78 5c13 5011 269c cae1 0000 + +4500 0028 10dd 4000 ff06 3279 c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000 + +4500 0028 10dd 4000 ff06 3279 c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000 + +4500 0028 ffef 4000 ef06 5366 96cb e002 c0a8 0103 0014 8033 d9f8 1211 bd78 5c14 5010 269c cae0 0000 + +4500 0040 fff0 4000 ef06 534d 96cb e002 c0a8 0103 0015 8032 3786 7903 bd6b ca3f 5018 269c 7c80 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a + +4500 0028 0015 4000 ff06 02eb 0101 0101 96cb e002 8032 0015 bd6b ca2f 3786 791b 5010 269c 57e4 0000 + +4500 002e 0016 4000 ff06 02e4 0101 0101 96cb e002 8032 0015 bd6b ca2f 3786 791b 5018 269c b022 0000 5155 4954 0d0a + +4500 0036 fff2 4000 ef06 5355 96cb e002 c0a8 0103 0015 8032 3786 791b bd6b ca45 5018 269c a936 0000 3232 3120 476f 6f64 6279 652e 0d0a + +4500 0028 0017 4000 ff06 02e9 0101 0101 96cb e002 8032 0015 bd6b ca35 3786 7929 5011 269c 57cf 0000 + +4500 0028 fff3 4000 ef06 5362 96cb e002 c0a8 0103 0015 8032 3786 7929 bd6b ca45 5011 269c 9815 0000 + +4500 0028 10e3 4000 ff06 3273 c0a8 0103 96cb e002 8032 0015 bd6b ca3d 3786 792a 5010 269c 981d 0000 + +4500 0028 fff4 4000 ef06 5361 96cb e002 c0a8 0103 0015 8032 3786 792a bd6b ca46 5010 269c 9814 0000 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni6 b/contrib/ipfilter/test/expected/ni6 index a4e4acebf537..0da034a781b3 100644 --- a/contrib/ipfilter/test/expected/ni6 +++ b/contrib/ipfilter/test/expected/ni6 @@ -1,9 +1,17 @@ 4500 0054 cd8a 4000 ff11 1fbb c0a8 0601 c0a8 0701 8075 006f 0040 d26e 3e1d d249 0000 0000 0000 0002 0001 86a0 0000 0002 0000 0003 0000 0000 0000 0000 0000 0000 0000 0000 0001 86a3 0000 0003 0000 0011 0000 0000 + 4500 0054 0000 4000 ff11 ec44 c0a8 0702 c0a8 0701 8075 006f 0040 d16d 3e1d d249 0000 0000 0000 0002 0001 86a0 0000 0002 0000 0003 0000 0000 0000 0000 0000 0000 0000 0000 0001 86a3 0000 0003 0000 0011 0000 0000 + 4500 0038 cd83 4000 ff11 1fde c0a8 0701 c0a8 0601 006f 8075 0024 d805 3e1d d249 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0801 + 4500 0038 0001 4000 ff11 ee5f c0a8 0602 c0a8 0601 006f 8075 0024 d904 3e1d d249 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0801 + 4500 0044 d5a6 4000 ff11 17af c0a8 0601 c0a8 0701 80df 0801 0030 03f1 3e10 1fb1 0000 0000 0000 0002 0001 86a3 0000 0002 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0044 0002 4000 ff11 ec52 c0a8 0702 c0a8 0701 80df 0801 0030 02f0 3e10 1fb1 0000 0000 0000 0002 0001 86a3 0000 0002 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0034 0000 4000 fe11 ee65 c0a8 0701 c0a8 0601 0801 80df 0020 8ab8 3e10 1fb1 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 + 4500 0034 0003 4000 fe11 ef61 c0a8 0602 c0a8 0601 0801 80df 0020 0000 3e10 1fb1 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni7 b/contrib/ipfilter/test/expected/ni7 index f0d0010d20b8..38c39ab71e23 100644 --- a/contrib/ipfilter/test/expected/ni7 +++ b/contrib/ipfilter/test/expected/ni7 @@ -1,3 +1,5 @@ 4500 0028 4706 4000 0111 1eac 0404 0404 0606 0606 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3 + 4500 0038 0000 0000 ff01 afb9 0202 0202 0404 0404 0b00 f91c 0000 0000 4500 0028 4706 4000 0111 26b4 0404 0404 0202 0202 afc9 829e 0014 c966 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni8 b/contrib/ipfilter/test/expected/ni8 index 4741b18cfb80..689ccaa87ead 100644 --- a/contrib/ipfilter/test/expected/ni8 +++ b/contrib/ipfilter/test/expected/ni8 @@ -1,5 +1,9 @@ 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 a7b9 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 + 4500 0058 0001 0000 ff01 a798 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0002 0000 ff01 abb3 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/ni9 b/contrib/ipfilter/test/expected/ni9 index 9effc52d3d2f..1eb6fbcca8c2 100644 --- a/contrib/ipfilter/test/expected/ni9 +++ b/contrib/ipfilter/test/expected/ni9 @@ -1,5 +1,9 @@ 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9c40 0000 0001 0000 0000 a002 16d0 3ef4 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0000 0000 ff01 adb7 0303 0303 0404 0404 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 + 4500 0058 0001 0000 ff01 ad96 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 + 4500 0038 0002 0000 ff01 abb3 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001 + ------------------------------- diff --git a/contrib/ipfilter/test/expected/p2 b/contrib/ipfilter/test/expected/p2 index 2f330c26f8b9..67a7c3ea26f3 100644 --- a/contrib/ipfilter/test/expected/p2 +++ b/contrib/ipfilter/test/expected/p2 @@ -16,10 +16,10 @@ List of configured pools List of configured hash tables # 'anonymous' table table role = ipf type = hash number = 2147483650 size = 3 - { 4.4.0.0/16; 127.0.0.1/32; }; + { 127.0.0.1/32; 4.4.0.0/16; }; # 'anonymous' table table role = ipf type = hash number = 2147483649 size = 3 - { 4.4.0.0/16; 127.0.0.1/32; }; + { 127.0.0.1/32; 4.4.0.0/16; }; List of groups configured (set 0) List of groups configured (set 1) ------------------------------- diff --git a/contrib/ipfilter/test/expected/p5 b/contrib/ipfilter/test/expected/p5 new file mode 100644 index 000000000000..d8ea95c066a9 --- /dev/null +++ b/contrib/ipfilter/test/expected/p5 @@ -0,0 +1,21 @@ +nomatch +pass +nomatch +nomatch +nomatch +pass +nomatch +nomatch +List of active MAP/Redirect filters: + +List of active sessions: + +Hostmap table: +List of active state sessions: +List of configured pools +table role = ipf type = tree name = letters + { 1.1.1.1/32; ! 2.2.0.0/16; 2.2.2.0/24; }; +List of configured hash tables +List of groups configured (set 0) +List of groups configured (set 1) +------------------------------- diff --git a/contrib/ipfilter/test/input/f13 b/contrib/ipfilter/test/input/f13 index d7b07249ace4..77e537e2b638 100644 --- a/contrib/ipfilter/test/input/f13 +++ b/contrib/ipfilter/test/input/f13 @@ -1,3 +1,4 @@ +# This checksum is deliberately incorrect. # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN [in] 4500 0028 0001 4000 3f06 36cc 0101 0101 0201 0101 @@ -16,7 +17,7 @@ # 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN [in] 4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101 -0400 0019 7000 0000 0000 0000 5002 2000 0000 0000 +0400 0019 7000 0000 0000 0000 5002 2000 16c6 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0 [in] diff --git a/contrib/ipfilter/test/input/ip2.data b/contrib/ipfilter/test/input/ip2.data new file mode 100644 index 000000000000..ef34eb5e1314 --- /dev/null +++ b/contrib/ipfilter/test/input/ip2.data @@ -0,0 +1,3 @@ +1.1.1.1/32 +!2.2.0.0/16 +2.2.2.0/24 diff --git a/contrib/ipfilter/test/input/ipv6.1 b/contrib/ipfilter/test/input/ipv6.1 index 39208103edde..3f0fd308102f 100644 --- a/contrib/ipfilter/test/input/ipv6.1 +++ b/contrib/ipfilter/test/input/ipv6.1 @@ -18,3 +18,15 @@ ef00 1001 2002 0001 0000 0000 0000 0070 f427 0000 0344 0000 0004 f8f1 9d3c ddba 0e00 +[in,gif0] 6000 0000 0048 3a40 +ef00 1001 0880 6cbf 0000 0000 0000 0001 +ef00 1001 2002 0001 0000 0000 0000 0070 +0300 7d44 0000 0000 +6000 0000 0018 1101 +ef00 1001 2002 1001 0000 0000 0000 0070 +2001 1002 3333 0001 0000 0000 0000 0001 +8083 829a +0018 +f427 +0000 0344 0000 0004 f8f1 9d3c ddba 0e00 + diff --git a/contrib/ipfilter/test/input/ipv6.5 b/contrib/ipfilter/test/input/ipv6.5 new file mode 100644 index 000000000000..e46407ca110f --- /dev/null +++ b/contrib/ipfilter/test/input/ipv6.5 @@ -0,0 +1,14 @@ +[out,de0] +6000 0000 002c 2bff +ef00 0000 0000 0000 0000 0000 0001 0013 +ff02 0000 0000 0000 0000 0001 ff01 000b +0602 0000 0000 0000 +ff02 0000 0000 0000 0000 0001 ff01 000b +0401 0019 0000 0000 0000 0000 5002 2000 9ea3 0000 + +[out,de0] +6000 0000 0014 06ff +ef00 0000 0000 0000 0000 0000 0001 0013 +ff02 0000 0000 0000 0000 0001 ff01 000b +0401 0019 0000 0000 0000 0000 5002 2000 9ea3 0000 + diff --git a/contrib/ipfilter/test/input/ni1 b/contrib/ipfilter/test/input/ni1 index 8f548d5efca2..fb6b0b63e5f9 100644 --- a/contrib/ipfilter/test/input/ni1 +++ b/contrib/ipfilter/test/input/ni1 @@ -18,3 +18,39 @@ afc9 829e 0014 6308 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3 +[out,df0] +4500 0028 4706 4000 0111 26b4 0202 0202 +0404 0404 0800 829e 0014 12da 0402 0000 +3be5 468d 000a cfc3 + +[in,df0] +4500 0038 809a 0000 ff01 2918 0303 0303 +0606 0607 0b00 5f7c 0000 0000 +4500 0028 0000 4000 0111 65b1 0606 0607 0404 0404 +4e20 829e 0014 c4b0 + +[in,df0] +4500 0044 809a 0000 ff01 290c 0303 0303 +0606 0607 0b00 093a 0000 0000 +4500 0028 0000 4000 0111 65b1 0606 0607 0404 0404 +4e20 829e 0014 c4b0 +0402 0000 3be5 468d 000a cfc3 + +[out,df0] +4500 0028 4706 4000 0111 26b4 0202 0202 +0404 0404 5000 829e 0014 cad9 0402 0000 +3be5 468d 000a cfc3 + +[in,df0] +4500 0038 809a 0000 ff01 2917 0303 0303 +0606 0608 0b00 0775 0000 0000 +4500 0028 0000 4000 0111 65b0 0606 0608 0404 0404 +07d0 829e 0014 6308 + +[in,df0] +4500 0044 809a 0000 ff01 290b 0303 0303 +0606 0608 0b00 093b 0000 0000 +4500 0028 0000 4000 0111 65b0 0606 0608 0404 0404 +07d0 829e 0014 0b00 +0402 0000 3be5 468d 000a cfc3 + diff --git a/contrib/ipfilter/test/input/ni13 b/contrib/ipfilter/test/input/ni13 index 56ddb792abd2..77569eead702 100644 --- a/contrib/ipfilter/test/input/ni13 +++ b/contrib/ipfilter/test/input/ni13 @@ -216,13 +216,13 @@ c0a8 7101 3081 880b 000c 4000 0000 0009 # 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1) [in,pcn1] -4500 002a 5e1e 0000 802f 7933 c0a8 7101 +4500 002a 5e1e 0000 802f 7931 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 0000 0000 # 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6) [in,pcn1] -4500 0032 5e1f 0000 802f 792a c0a8 7101 +4500 0032 5e1f 0000 802f 7928 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc diff --git a/contrib/ipfilter/test/input/ni14 b/contrib/ipfilter/test/input/ni14 index 00f02900952c..681132120e23 100644 --- a/contrib/ipfilter/test/input/ni14 +++ b/contrib/ipfilter/test/input/ni14 @@ -127,7 +127,7 @@ c0a8 7101 3081 880b 0016 4000 0000 0002 # 23:18:36.564803 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:3 ppp: IPCP 18: Conf-Req(1), IP-Addr=192.168.0.1, IP-Comp VJ-Comp [out,pcn1] -4500 0032 69ae 0000 ff2f ee98 7f00 0001 +4500 0032 69ae 0000 ff2f a143 7f00 0001 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01 @@ -148,7 +148,7 @@ c0a8 7103 3081 880b 0014 0000 0000 0003 # 23:18:36.573856 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:4 A:3 ppp: LCP 26: Code-Rej(2) [out,pcn1] -4500 003e 69af 0000 ff2f ee8b 7f00 0001 +4500 003e 69af 0000 ff2f a136 7f00 0001 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130 @@ -162,7 +162,7 @@ c0a8 7103 3081 880b 001a 0000 0000 0004 # 23:18:36.585562 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:5 A:4 ppp: LCP 32: Code-Rej(3) [out,pcn1] -4500 0044 69b0 0000 ff2f ee84 7f00 0001 +4500 0044 69b0 0000 ff2f a12f 7f00 0001 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 @@ -176,13 +176,13 @@ c0a8 7103 3081 880b 000c 0000 0000 0005 # 23:18:36.589445 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:6 A:5 ppp: CCP 6: Conf-Req(1) [out,pcn1] -4500 002a 69b1 0000 ff2f ee9d 7f00 0001 +4500 002a 69b1 0000 ff2f a148 7f00 0001 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004 # 23:18:36.589540 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:7 ppp: CCP 12: Conf-Rej(4), MPPC [out,pcn1] -4500 002c 69b2 0000 ff2f ee9a 7f00 0001 +4500 002c 69b2 0000 ff2f a145 7f00 0001 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001 @@ -196,7 +196,7 @@ c0a8 7103 3081 880b 0024 0000 0000 0006 # 23:18:36.590489 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:8 A:6 ppp: IPCP 30: Conf-Rej(5), Pri-DNS=0.0.0.0, Pri-NBNS=0.0.0.0, Sec-DNS=0.0.0.0, Sec-NBNS=0.0.0.0 [out,pcn1] -4500 0042 69b3 0000 ff2f ee83 7f00 0001 +4500 0042 69b3 0000 ff2f a12e 7f00 0001 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 @@ -210,7 +210,7 @@ c0a8 7103 3081 880b 000c 0000 0000 0007 # 23:18:36.593819 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:9 A:7 ppp: IPCP 12: Conf-Req(2), IP-Addr=192.168.0.1 [out,pcn1] -4500 0030 69b4 0000 ff2f ee94 7f00 0001 +4500 0030 69b4 0000 ff2f a13f 7f00 0001 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001 @@ -229,7 +229,7 @@ c0a8 7103 3001 880b 0012 0000 0000 0009 # 23:18:36.595937 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:10 A:9 ppp: CCP 6: Term-Ack(6) [out,pcn1] -4500 002a 69b5 0000 ff2f ee99 7f00 0001 +4500 002a 69b5 0000 ff2f a144 7f00 0001 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004 diff --git a/contrib/ipfilter/test/input/ni16 b/contrib/ipfilter/test/input/ni16 index b1cc521ac8f2..24bfcfc3835f 100644 --- a/contrib/ipfilter/test/input/ni16 +++ b/contrib/ipfilter/test/input/ni16 @@ -216,13 +216,13 @@ c0a8 7101 3081 880b 000c 4000 0000 0009 # 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1) [out,pcn1] -4500 002a 5e1e 0000 802f 9ed9 0a02 0202 +4500 002a 5e1e 0000 802f 9ed7 0a02 0202 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004 0000 0000 # 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6) [out,pcn1] -4500 0032 5e1f 0000 802f 9ed0 0a02 0202 +4500 0032 5e1f 0000 802f 9ece 0a02 0202 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc diff --git a/contrib/ipfilter/test/input/ni2 b/contrib/ipfilter/test/input/ni2 index b16cd027c600..30458212bb03 100644 --- a/contrib/ipfilter/test/input/ni2 +++ b/contrib/ipfilter/test/input/ni2 @@ -155,7 +155,7 @@ c0a8 0133 4500 0038 d71d 4000 4001 7d22 c0a8 6401 c0a8 0133 -0304 da99 0000 05a0 4500 05dc -e483 4000 7e06 44bb c0a8 0133 0a01 0201 -0077 05f6 fbdf 1a75 +0304 3435 0000 05a0 +4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201 +0077 05f6 fbdf 1a75 a664 diff --git a/contrib/ipfilter/test/input/ni23 b/contrib/ipfilter/test/input/ni23 new file mode 100644 index 000000000000..938b7b86cf2d --- /dev/null +++ b/contrib/ipfilter/test/input/ni23 @@ -0,0 +1,3 @@ +in on le0 udp 3.3.3.1,6700 1.1.2.3,4500 +in on hme0 udp 2.2.2.2,4500 4.4.4.4,6700 +out on bge0 udp 2.2.2.2,4500 3.3.3.1,6700 diff --git a/contrib/ipfilter/test/input/ni3 b/contrib/ipfilter/test/input/ni3 index feb4b29b1ec1..66b22a6d4293 100644 --- a/contrib/ipfilter/test/input/ni3 +++ b/contrib/ipfilter/test/input/ni3 @@ -3,7 +3,7 @@ # going out) [out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 -[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ac 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 +[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ab 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 # ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) [in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 diff --git a/contrib/ipfilter/test/input/ni4 b/contrib/ipfilter/test/input/ni4 index b2be5503f835..ad5575f95317 100644 --- a/contrib/ipfilter/test/input/ni4 +++ b/contrib/ipfilter/test/input/ni4 @@ -3,7 +3,7 @@ # going out) [out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 -[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6c 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 +[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6b 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 # ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) [in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 diff --git a/contrib/ipfilter/test/input/ni5 b/contrib/ipfilter/test/input/ni5 index a8aec23b2961..c45be54266ff 100644 --- a/contrib/ipfilter/test/input/ni5 +++ b/contrib/ipfilter/test/input/ni5 @@ -1,18 +1,22 @@ +# 32818,21 SYN [out,ppp0] 4500 002c 10c9 4000 ff06 3289 c0a8 0103 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 35f9 0000 0204 05b4 +# 21,32818 SYN+ACK [in,ppp0] 4500 002c ffdd 4000 ef06 131e 96cb e002 0101 0101 0015 8032 3786 76c4 bd6b c9c9 6012 269c 4313 0000 0204 0584 +# 32818,21 ACK [out,ppp0] 4500 0028 10ca 4000 ff06 328c c0a8 0103 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 9af6 0000 +# ACK+PUSH "[220-coombs.anu.edu.au NcFTPd Server (free educational license) ready.\r\n" [in,ppp0] 4500 006f ffde 4000 ef06 12da 96cb e002 0101 0101 0015 8032 3786 76c5 bd6b c9c9 @@ -22,11 +26,16 @@ 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a +# 32818,21 ACK [out,ppp0] 4500 0028 10cb 4000 ff06 328b c0a8 0103 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 9aaf 0000 +# 21,32818 ACK+PUSH +# "220-Maintained by RSSS and RSPAS IT Staff (previously known as Coombs Computing Unit)\r\n +# "220-Any problems contact ftpmaster@coombs.anu.edu.au\r\n" +# "220-\r\n220 \r\n" [in,ppp0] 4500 00c7 ffdf 4000 ef06 1281 96cb e002 0101 0101 0015 8032 3786 770c bd6b c9c9 @@ -42,22 +51,26 @@ 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a +# 32818,21 ACK [out,ppp0] 4500 0028 10cc 4000 ff06 328a c0a8 0103 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 9a10 0000 +# 32818,21 ACK+PUSH "USER anonymous\r\n" [out,ppp0] 4500 0038 10cd 4000 ff06 3279 c0a8 0103 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c 121c 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a +# 21,32818 ACK [in,ppp0] 4500 0028 ffe0 4000 ef06 131f 96cb e002 0101 0101 0015 8032 3786 77ab bd6b c9d9 5010 269c 59aa 0000 +# 21,32818 ACK+PUSH "331 Guest login ok, send your complete e-mail address as password.\r\n" [in,ppp0] 4500 006c ffe1 4000 ef06 12da 96cb e002 0101 0101 0015 8032 3786 77ab bd6b c9d9 @@ -67,17 +80,21 @@ 2d6d 6169 6c20 6164 6472 6573 7320 6173 2070 6173 7377 6f72 642e 0d0a +# 32818,21 ACK [out,ppp0] 4500 0028 10ce 4000 ff06 3288 c0a8 0103 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5010 269c 99bc 0000 +# 32818,21 ACK+PUSH "PASS avalon@\r\n" [out,ppp0] 4500 0036 10cf 4000 ff06 3279 c0a8 0103 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5018 269c 7795 0000 5041 5353 2061 7661 6c6f 6e40 0d0a +# 21,32818 ACK+PUSH +# "230-You are user #4 of 50 simultaneous users allowed.\r\n" [in,ppp0] 4500 005f ffe2 4000 ef06 12e6 96cb e002 0101 0101 0015 8032 3786 77ef bd6b c9e7 @@ -86,11 +103,16 @@ 3020 7369 6d75 6c74 616e 656f 7573 2075 7365 7273 2061 6c6c 6f77 6564 2e0d 0a +# 32818,21 ACK [out,ppp0] 4500 0028 10d0 4000 ff06 3286 c0a8 0103 96cb e002 8032 0015 bd6b c9e7 3786 7826 5010 269c 9977 0000 +# 21,32818 ACK+PUSH +# "230-\r\n230-\r\n" +# "230-Hi. We're cleaning up. Any feedback most welcome. 10 Aug 00\r\n" +# "230-\r\n230 Logged in anonymously.\r\n" [in,ppp0] 4500 0099 ffe3 4000 ef06 12ab 96cb e002 0101 0101 0015 8032 3786 7826 bd6b c9e7 @@ -103,27 +125,32 @@ 204c 6f67 6765 6420 696e 2061 6e6f 6e79 6d6f 7573 6c79 2e0d 0a +# 32818,21 ACK [out,ppp0] 4500 0028 10d1 4000 ff06 3285 c0a8 0103 96cb e002 8032 0015 bd6b c9e7 3786 7897 5010 269c 9906 0000 +# 32818,21 ACK "TYPE I\r\n" [out,ppp0] 4500 0030 10d2 4000 ff06 327c c0a8 0103 96cb e002 8032 0015 bd6b c9e7 3786 7897 5018 269c c704 0000 5459 5045 2049 0d0a +# 21,32818 "200 Type okay.\r\n" [in,ppp0] 4500 0038 ffe4 4000 ef06 130b 96cb e002 0101 0101 0015 8032 3786 7897 bd6b c9ef 5018 269c 1f58 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a +# 32818,21 ACK [out,ppp0] 4500 0028 10d3 4000 ff06 3283 c0a8 0103 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5010 269c 98ee 0000 +# 32818,21 ACK "PORT 192,158,1,3,128,51\r\n" [out,ppp0] 4500 0041 10d4 4000 ff06 3269 c0a8 0103 96cb e002 8032 0015 bd6b c9ef 3786 78a7 @@ -131,6 +158,7 @@ 2c31 3638 2c31 2c33 2c31 3238 2c35 310d 0a +# 32818,21 ACK "200 PORT command successful.\r\n" [in,ppp0] 4500 0046 ffe5 4000 ef06 12fc 96cb e002 0101 0101 0015 8032 3786 78a7 bd6b ca08 @@ -138,37 +166,44 @@ 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a +# 32818,21 "TYPE A\r\n" [out,ppp0] 4500 0030 10d5 4000 ff06 3279 c0a8 0103 96cb e002 8032 0015 bd6b ca08 3786 78c5 5018 269c c6bd 0000 5459 5045 2041 0d0a +# 21,32818 "200 Type okay.\r\n" [in,ppp0] 4500 0038 ffe6 4000 ef06 1309 96cb e002 0101 0101 0015 8032 3786 78c5 bd6b ca10 5018 269c 1f09 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a +# 32818,21 "NLST\r\n" [out,ppp0] 4500 002e 10d6 4000 ff06 327a c0a8 0103 96cb e002 8032 0015 bd6b ca10 3786 78d5 5018 269c e9e6 0000 4e4c 5354 0d0a +# 20,32819 SYN [in,ppp0] 4500 002c ffe7 4000 ef06 1314 96cb e002 0101 0101 0014 8033 d9f8 11d4 0000 0000 6002 2238 913a 0000 0204 0584 +# 32819,20 SYN+ACK [out,ppp0] 4500 002c 10d7 4000 ff06 327b c0a8 0103 96cb e002 8033 0014 bd78 5c12 d9f8 11d5 6012 02f8 d734 0000 0204 0584 +# 20,32819 ACK [in,ppp0] 4500 0028 ffe8 4000 ef06 1317 96cb e002 0101 0101 0014 8033 d9f8 11d5 bd78 5c13 5010 269c 8ac7 0000 +# 21,32819 ACK "150 Opening ASCII mode data connection for /bin/ls.\r\n" [in,ppp0] 4500 005d ffe9 4000 ef06 12e1 96cb e002 0101 0101 0015 8032 3786 78d5 bd6b ca16 @@ -177,13 +212,68 @@ 6174 6120 636f 6e6e 6563 7469 6f6e 2066 6f72 202f 6269 6e2f 6c73 2e0d 0a +# 32819,20 ACK [out,ppp0] 4500 0028 10d8 4000 ff06 327e c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 11d5 5010 6348 8e71 0000 +# 32818,21 ACK+PUSH "PORT 192,158,1,3,128,52\r\n" +[out,ppp0] +4500 0041 10d9 4000 ff06 3264 c0a8 0103 +96cb e002 8032 0015 bd6b ca16 3786 78d5 +5018 269c 1af8 0000 504f 5254 2031 3932 +2c31 3638 2c31 2c33 2c31 3238 2c35 320d +0a + +# 21,32818 ACK+PUSH "200 PORT command successful\r\n" [in,ppp0] -4500 0063 ffea 4000 ef06 12da 96cb e002 +4500 0046 ffea 4000 ef06 12f7 96cb e002 +0101 0101 0015 8032 3786 78d5 bd6b ca2f +5018 269c 9b1c 0000 3230 3020 504f 5254 +2063 6f6d 6d61 6e64 2073 7563 6365 7373 +6675 6c2e 0d0a + +# 32818,21 ACK+PUSH "TYPE A\r\n" +[out,ppp0] +4500 0030 10da 4000 ff06 3274 c0a8 0103 +96cb e002 8032 0015 bd6b ca2f 3786 78f3 +5018 269c c668 0000 5459 5045 2041 0d0a + +# 21,32818 "200 Type okay.\r\n" +[in,ppp0] +4500 0038 ffeb 4000 ef06 1304 96cb e002 +0101 0101 0015 8032 3786 78f3 bd6b ca37 +5018 269c 1ea4 0000 3230 3020 5479 7065 +206f 6b61 793e 0d0a + +# 32818,21 ACK+PUSH "NLST\r\n" +[out,ppp0] +4500 002e 10db 4000 ff06 3275 c0a8 0103 +96cb e002 8032 0015 bd6b ca37 3786 7903 +5018 269c e991 0000 4e4c 5354 0d0a + +# 20,32820 2nd connection SYN +[in,ppp0] +4500 002c ffec 4000 ef06 130f 96cb e002 +0101 0101 0014 8034 d9f8 11d4 0000 0000 +6002 2238 9139 0000 0204 0584 + +# 32820,20 SYN+ACK +[out,ppp0] +4500 002c 10d7 4000 ff06 327b c0a8 0103 +96cb e002 8034 0014 bd78 5c12 d9f8 11d5 +6012 02f8 d733 0000 0204 0584 + +# 20,32820 ACK +[in,ppp0] +4500 0028 ffec 4000 ef06 1313 96cb e002 +0101 0101 0014 8034 d9f8 11d4 0000 0000 +5010 2238 a8b7 0000 + +# 20,32819 ACK+PUSH +[in,ppp0] +4500 0063 ffed 4000 ef06 12d7 96cb e002 0101 0101 0014 8033 d9f8 11d5 bd78 5c13 5018 269c 62bf 0000 636f 6f6d 6273 7061 7065 7273 0d0a 6465 7074 730d 0a66 6f75 @@ -191,86 +281,83 @@ 6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075 620d 0a +# 32819,20 ACK [out,ppp0] -4500 0028 10d9 4000 ff06 327d c0a8 0103 +4500 0028 10dc 4000 ff06 327a c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1210 5010 6348 8e36 0000 +# 20,32819 FIN+ACK [in,ppp0] -4500 0028 ffeb 4000 ef06 1314 96cb e002 +4500 0028 ffee 4000 ef06 1311 96cb e002 0101 0101 0014 8033 d9f8 1210 bd78 5c13 5011 269c 8a8b 0000 +# 32819,20 ACK [out,ppp0] -4500 0028 10da 4000 ff06 327c c0a8 0103 +4500 0028 10dd 4000 ff06 3279 c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000 +# 32819,20 FIN+ACK [out,ppp0] -4500 0028 10db 4000 ff06 327b c0a8 0103 +4500 0028 10dd 4000 ff06 3279 c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000 +# 20,32819 ACK [in,ppp0] -4500 0028 ffec 4000 ef06 1313 96cb e002 +4500 0028 ffef 4000 ef06 1310 96cb e002 0101 0101 0014 8033 d9f8 1211 bd78 5c14 5010 269c 8a8a 0000 -[out,ppp0] -4500 0028 10dc 4000 ff06 327a c0a8 0103 -96cb e002 8032 0015 bd6b ca16 3786 790a -5010 269c 9864 0000 - +# 21,32818 220 "226 Listing completed.\r\n" [in,ppp0] -4500 0040 ffed 4000 ef06 12fa 96cb e002 -0101 0101 0015 8032 3786 790a bd6b ca16 -5018 269c 3c4c 0000 3232 3620 4c69 7374 +4500 0040 fff0 4000 ef06 12f7 96cb e002 +0101 0101 0015 8032 3786 7903 bd6b ca37 +5018 269c 3c32 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a -[out,ppp0] -4500 0030 10dd 4000 ff06 3271 c0a8 0103 -96cb e002 8032 0015 bd6b ca16 3786 7922 -5018 269c c64a 0000 5459 5045 2049 0d0a - -[in,ppp0] -4500 0038 ffee 4000 ef06 1301 96cb e002 -0101 0101 0015 8032 3786 7922 bd6b ca1e -5018 269c 1e9e 0000 3230 3020 5479 7065 -206f 6b61 792e 0d0a - -[out,ppp0] -4500 0028 10de 4000 ff06 3278 c0a8 0103 -96cb e002 8032 0015 bd6b ca1e 3786 7932 -5010 269c 9834 0000 - -[out,ppp0] -4500 002e 10df 4000 ff06 3271 c0a8 0103 -96cb e002 8032 0015 bd6b ca1e 3786 7932 -5018 269c f072 0000 5155 4954 0d0a - -[in,ppp0] -4500 0036 ffef 4000 ef06 1302 96cb e002 -0101 0101 0015 8032 3786 7932 bd6b ca24 -5018 269c 68ea 0000 3232 3120 476f 6f64 -6279 652e 0d0a - +# 32818,21 ACK [out,ppp0] 4500 0028 10e0 4000 ff06 3276 c0a8 0103 -96cb e002 8032 0015 bd6b ca24 3786 7940 -5011 269c 981f 0000 - -[in,ppp0] -4500 0028 fff0 4000 ef06 130f 96cb e002 -0101 0101 0015 8032 3786 7940 bd6b ca24 -5011 269c 57c9 0000 +96cb e002 8032 0015 bd6b ca37 3786 791b +5010 269c 9832 0000 +# 32818,21 "QUIT\r\n" [out,ppp0] -4500 0028 10e1 4000 ff06 3275 c0a8 0103 -96cb e002 8032 0015 bd6b ca25 3786 7941 -5010 269c 981e 0000 +4500 002e 10e1 4000 ff06 326f c0a8 0103 +96cb e002 8032 0015 bd6b ca37 3786 791b +5018 269c f070 0000 5155 4954 0d0a +# 21,32818 "221 Goodbye." [in,ppp0] -4500 0028 fff1 4000 ef06 130e 96cb e002 -0101 0101 0015 8032 3786 7941 bd6b ca25 -5010 269c 57c8 0000 +4500 0036 fff2 4000 ef06 12ff 96cb e002 +0101 0101 0015 8032 3786 791b bd6b ca3d +5018 269c 68e8 0000 3232 3120 476f 6f64 +6279 652e 0d0a + +# 32818,21 ACK+FIN +[out,ppp0] +4500 0028 10e2 4000 ff06 3274 c0a8 0103 +96cb e002 8032 0015 bd6b ca3d 3786 7929 +5011 269c 981d 0000 + +# 21,32818 ACK+FIN +[in,ppp0] +4500 0028 fff3 4000 ef06 130c 96cb e002 +0101 0101 0015 8032 3786 7929 bd6b ca3d +5011 269c 57c7 0000 + +# 32818,21 ACK +[out,ppp0] +4500 0028 10e3 4000 ff06 3273 c0a8 0103 +96cb e002 8032 0015 bd6b ca3d 3786 792a +5010 269c 981d 0000 + +# 21,32818 ACK +[in,ppp0] +4500 0028 fff4 4000 ef06 130b 96cb e002 +0101 0101 0015 8032 3786 792a bd6b ca3e +5010 269c 57c6 0000 diff --git a/contrib/ipfilter/test/input/p5 b/contrib/ipfilter/test/input/p5 new file mode 100644 index 000000000000..f6753fac4264 --- /dev/null +++ b/contrib/ipfilter/test/input/p5 @@ -0,0 +1,8 @@ +in 127.0.0.1 127.0.0.1 +in 1.1.1.1 1.2.1.1 +out 127.0.0.1 127.0.0.1 +out 1.1.1.1 1.2.1.1 +in 2.3.0.1 1.2.1.1 +in 2.2.2.1 1.2.1.1 +in 2.2.0.1 1.2.1.1 +out 4.4.1.1 1.2.1.1 diff --git a/contrib/ipfilter/test/natipftest b/contrib/ipfilter/test/natipftest index abdc7603b002..5776b4202c95 100755 --- a/contrib/ipfilter/test/natipftest +++ b/contrib/ipfilter/test/natipftest @@ -1,14 +1,26 @@ #!/bin/sh mode=$1 +name=$2 +input=$3 +output=$4 shift -if [ $3 = hex ] ; then - format="-xF $2" +if [ $output = hex ] ; then + format="-xF $input" else - format="-F $2" -fi -if [ "$4" != "" ] ; then - format="-T $4 $format" + format="-F $input" fi +shift +shift +shift +while [ $# -ge 1 ] ; do + l=`echo $1 | cut -c1` + if [ "$l" = "-" ] ; then + format="$format $1" + else + format="-T $1 $format" + fi + shift +done mkdir -p results if [ -f /usr/ucb/touch ] ; then TOUCH=/usr/ucb/touch @@ -24,35 +36,35 @@ fi case $mode in single) - echo "$1..."; - /bin/cp /dev/null results/$1 + echo "$name..."; + /bin/cp /dev/null results/$name ( while read rule; do - echo "$rule" | ../ipftest -R $format -b -r regress/$1.ipf -N - -i input/$1 >> \ - results/$1; + echo "$rule" | ../ipftest -R $format -b -r regress/$name.ipf -N - -i input/$name >> \ + results/$name; if [ $? -ne 0 ] ; then exit 1; fi - echo "-------------------------------" >> results/$1 - done ) < regress/$1.nat - cmp expected/$1 results/$1 + echo "-------------------------------" >> results/$name + done ) < regress/$name.nat + cmp expected/$name results/$name status=$? if [ $status = 0 ] ; then - $TOUCH $1 + $TOUCH $name fi ;; multi) - echo "$1..."; - /bin/cp /dev/null results/$1 - ../ipftest -R $format -b -r regress/$1.ipf -N regress/$1.nat \ - -i input/$1 >> results/$1; + echo "$name..."; + /bin/cp /dev/null results/$name + ../ipftest -R $format -b -r regress/$name.ipf -N regress/$name.nat \ + -i input/$name >> results/$name; if [ $? -ne 0 ] ; then exit 2; fi - echo "-------------------------------" >> results/$1 - cmp expected/$1 results/$1 + echo "-------------------------------" >> results/$name + cmp expected/$name results/$name status=$? if [ $status = 0 ] ; then - $TOUCH $1 + $TOUCH $name fi ;; esac diff --git a/contrib/ipfilter/test/regress/ip2 b/contrib/ipfilter/test/regress/ip2 new file mode 100644 index 000000000000..76f31b60f9d4 --- /dev/null +++ b/contrib/ipfilter/test/regress/ip2 @@ -0,0 +1,2 @@ +table role = ipf type = tree name = letters + { "file://input/ip2.data"; }; diff --git a/contrib/ipfilter/test/regress/ipv6.5 b/contrib/ipfilter/test/regress/ipv6.5 new file mode 100644 index 000000000000..ba8cabb501e0 --- /dev/null +++ b/contrib/ipfilter/test/regress/ipv6.5 @@ -0,0 +1,2 @@ +pass out all with v6hdrs routing +block out proto tcp all with v6hdrs routing diff --git a/contrib/ipfilter/test/regress/ni1.nat b/contrib/ipfilter/test/regress/ni1.nat index 4306f4b45d3d..f38e435bcf7a 100644 --- a/contrib/ipfilter/test/regress/ni1.nat +++ b/contrib/ipfilter/test/regress/ni1.nat @@ -1 +1,3 @@ -map df0 2.2.2.2/32 -> 6.6.6.6/32 +map df0 from 2.2.2.2/32 port 20000 >< 25000 to any -> 6.6.6.8/32 portmap udp 2000:2500 +map df0 from 2.2.2.2/32 port 2000 >< 2500 to any -> 6.6.6.7/32 portmap udp 20000:25000 +map df0 from 2.2.2.2/32 to any -> 6.6.6.6/32 diff --git a/contrib/ipfilter/test/regress/ni23.ipf b/contrib/ipfilter/test/regress/ni23.ipf new file mode 100644 index 000000000000..49ebcf708766 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni23.ipf @@ -0,0 +1,3 @@ +block out all +block in all +pass in on le0,hme0 out-via ppp0,bge0 to ppp0:3.3.3.254 proto udp all keep state diff --git a/contrib/ipfilter/test/regress/ni23.nat b/contrib/ipfilter/test/regress/ni23.nat new file mode 100644 index 000000000000..094d377c00dc --- /dev/null +++ b/contrib/ipfilter/test/regress/ni23.nat @@ -0,0 +1,2 @@ +rdr le0,bge0 1.1.0.0/16 -> 2.2.2.2 +map hme0,ppp0 3.3.3.0/24 -> 4.4.4.4/32 diff --git a/contrib/ipfilter/test/regress/p5.ipf b/contrib/ipfilter/test/regress/p5.ipf new file mode 100644 index 000000000000..ada9f56f0f72 --- /dev/null +++ b/contrib/ipfilter/test/regress/p5.ipf @@ -0,0 +1 @@ +pass in from pool/letters to any diff --git a/contrib/ipfilter/test/regress/p5.pool b/contrib/ipfilter/test/regress/p5.pool new file mode 100644 index 000000000000..9a8eaa3003d7 --- /dev/null +++ b/contrib/ipfilter/test/regress/p5.pool @@ -0,0 +1,2 @@ +table role = ipf type = tree name = letters + { 1.1.1.1/32; !2.2.0.0/16; 2.2.2.0/24; }; diff --git a/contrib/ipfilter/test/test.format b/contrib/ipfilter/test/test.format index 4bb18515e39c..7c13d6ee79ef 100644 --- a/contrib/ipfilter/test/test.format +++ b/contrib/ipfilter/test/test.format @@ -49,9 +49,11 @@ in4 text text in5 text text in6 text text ip1 text text +ip2 text text ipv6.1 hex hex ipv6.2 hex hex ipv6.3 hex hex +ipv6.5 hex hex l1 hex hex n1 text text n2 text text @@ -86,6 +88,9 @@ ni16 hex hex fr_update_ipid=1 ni19 hex hex fr_update_ipid=0 ni20 hex hex fr_update_ipid=0 ni21 text text +ni23 text text -D p1 text text p2 text text p3 text text +p4 text text +p5 text text diff --git a/contrib/ipfilter/test/vfycksum.pl b/contrib/ipfilter/test/vfycksum.pl index d23c88430f5a..b3a20be0cf24 100755 --- a/contrib/ipfilter/test/vfycksum.pl +++ b/contrib/ipfilter/test/vfycksum.pl @@ -21,9 +21,7 @@ sub dosum { for ($idx = $start, $lsum = $seed; $idx < $max; $idx++) { $lsum += $bytes[$idx]; } - while ($lsum > 65535) { - $lsum = ($lsum & 0xffff) + ($lsum >> 16); - } + $lsum = ($lsum & 0xffff) + ($lsum >> 16); $lsum = ~$lsum & 0xffff; return $lsum; } @@ -40,9 +38,9 @@ sub ipv4check { if ($hs != 0) { $bytes[$base + 5] = 0; - $hs2 = &dosum($base, 0, $base + $hl); + $hs2 = &dosum(0, $base, $base + $hl); $bytes[$base + 5] = $osum; - printf " IP: (%x) %x != %x", $hs, $osum, $hs2; + printf " IP: ($hl,%x) %x != %x", $hs, $osum, $hs2; } else { print " IP($base): ok "; } @@ -104,6 +102,10 @@ sub tcpcheck { $x = ($cnt - $base) * 2; $y = $hl + $thl; $z = 3; + } elsif ($len < $thl) { + $x = ($cnt - $base) * 2; + $y = $len; + $z = 4; } if ($z) { @@ -199,19 +201,9 @@ sub icmpcheck { } local($osum) = $bytes[$base + $hl + 1]; - $bytes[$hl + 1] = 0; - for ($i = $base + $hl, $hs2 = 0; $i < $cnt; $i++) { - $hs2 += $bytes[$i]; - } - $hs = $hs2 + $osum; - while ($hs2 > 65535) { - $hs2 = ($hs2 & 0xffff) + ($hs2 >> 16); - } - while ($hs > 65535) { - $hs = ($hs & 0xffff) + ($hs >> 16); - } - $hs2 = ~$hs2 & 0xffff; - $hs = ~$hs & 0xffff; + $bytes[$base + $hl + 1] = 0; + $hs2 = &dosum(0, $base + $hl, $cnt); + $bytes[$base + $hl + 1] = $osum; if ($osum != $hs2) { printf " ICMP: (%x) %x != %x", $hs, $osum, $hs2; @@ -266,6 +258,10 @@ while ($#ARGV >= 0) { $b=$_; s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F]) (.*)/$1 $2$3 $4/g; } + if (/.* [0-9a-fA-F][0-9a-fA-F] [0-9a-fA-F][0-9a-fA-F]/) { +$b=$_; + s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F])/$1 $2$3/g; + } while (/^[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F].*/) { $x = $_; $x =~ s/([0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]).*/$1/; diff --git a/contrib/ipfilter/tools/Makefile b/contrib/ipfilter/tools/Makefile index 49a869c78a45..43ec1a897b83 100644 --- a/contrib/ipfilter/tools/Makefile +++ b/contrib/ipfilter/tools/Makefile @@ -1,4 +1,8 @@ - +# +# Copyright (C) 1993-2001 by Darren Reed. +# +# See the IPFILTER.LICENCE file for details on licencing. +# DEST=. all: $(DEST)/ipf_y.c $(DEST)/ipf_y.h $(DEST)/ipf_l.c \ diff --git a/sys/contrib/ipfilter/netinet/ip_htable.h b/sys/contrib/ipfilter/netinet/ip_htable.h index ebee58d7525f..2c0881230117 100644 --- a/sys/contrib/ipfilter/netinet/ip_htable.h +++ b/sys/contrib/ipfilter/netinet/ip_htable.h @@ -5,10 +5,12 @@ typedef struct iphtent_s { struct iphtent_s *ipe_next, **ipe_pnext; + struct iphtent_s *ipe_hnext, **ipe_phnext; void *ipe_ptr; i6addr_t ipe_addr; i6addr_t ipe_mask; int ipe_ref; + int ipe_unit; union { char ipeu_char[16]; u_long ipeu_long; @@ -26,6 +28,7 @@ typedef struct iphtable_s { ipfrwlock_t iph_rwlock; struct iphtable_s *iph_next, **iph_pnext; struct iphtent_s **iph_table; + struct iphtent_s *iph_list; size_t iph_size; /* size of hash table */ u_long iph_seed; /* hashing seed */ u_32_t iph_flags; @@ -39,6 +42,7 @@ typedef struct iphtable_s { /* iph_type */ #define IPHASH_LOOKUP 0 #define IPHASH_GROUPMAP 1 +#define IPHASH_DELETE 2 #define IPHASH_ANON 0x80000000 @@ -53,17 +57,22 @@ typedef struct iphtstat_s { extern iphtable_t *ipf_htables[IPL_LOGSIZE]; +extern iphtable_t *fr_existshtable __P((int, char *)); +extern int fr_clearhtable __P((iphtable_t *)); extern void fr_htable_unload __P((void)); extern int fr_newhtable __P((iplookupop_t *)); extern iphtable_t *fr_findhtable __P((int, char *)); -extern int fr_removehtable __P((iplookupop_t *)); +extern int fr_removehtable __P((int, char *)); extern size_t fr_flushhtable __P((iplookupflush_t *)); extern int fr_addhtent __P((iphtable_t *, iphtent_t *)); extern int fr_delhtent __P((iphtable_t *, iphtent_t *)); -extern void fr_derefhtable __P((iphtable_t *)); -extern void fr_delhtable __P((iphtable_t *)); +extern int fr_derefhtable __P((iphtable_t *)); +extern int fr_derefhtent __P((iphtent_t *)); +extern int fr_delhtable __P((iphtable_t *)); extern void *fr_iphmfindgroup __P((void *, void *)); extern int fr_iphmfindip __P((void *, int, void *)); extern int fr_gethtablestat __P((iplookupop_t *)); +extern int fr_htable_getnext __P((ipftoken_t *, ipflookupiter_t *)); +extern void fr_htable_iterderef __P((u_int, int, void *)); #endif /* __IP_HTABLE_H__ */ diff --git a/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c b/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c index 93cf070c8b72..e88a6b98b514 100644 --- a/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c @@ -6,7 +6,7 @@ * Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT * code. * - * $Id: ip_ipsec_pxy.c,v 2.20.2.7 2005/08/20 13:48:22 darrenr Exp $ + * $Id: ip_ipsec_pxy.c,v 2.20.2.8 2006/07/14 06:12:14 darrenr Exp $ * */ #define IPF_IPSEC_PROXY @@ -177,7 +177,7 @@ nat_t *nat; ipsec->ipsc_state = fr_addstate(&fi, &ipsec->ipsc_state, SI_WILDP); if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); + fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_p = p & 0xff; return 0; @@ -256,7 +256,7 @@ nat_t *nat; &ipsec->ipsc_state, SI_WILDP); if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); + fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_p = p; } diff --git a/sys/contrib/ipfilter/netinet/ip_irc_pxy.c b/sys/contrib/ipfilter/netinet/ip_irc_pxy.c index 0aa571024c22..5bb252a25dac 100644 --- a/sys/contrib/ipfilter/netinet/ip_irc_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_irc_pxy.c @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ip_irc_pxy.c,v 2.39.2.5 2005/12/04 23:39:27 darrenr Exp $ + * $Id: ip_irc_pxy.c,v 2.39.2.6 2006/07/14 06:12:14 darrenr Exp $ */ #define IPF_IRC_PROXY @@ -415,7 +415,7 @@ nat_t *nat; (void) fr_addstate(&fi, NULL, SI_W_DPORT); if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); + fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_src = swip; } diff --git a/sys/contrib/ipfilter/netinet/ip_lookup.c b/sys/contrib/ipfilter/netinet/ip_lookup.c index 3c7eb5f75c52..12b1f4aee3d0 100644 --- a/sys/contrib/ipfilter/netinet/ip_lookup.c +++ b/sys/contrib/ipfilter/netinet/ip_lookup.c @@ -34,9 +34,6 @@ struct file; #endif #include #if (defined(__osf__) || defined(AIX) || defined(__hpux) || defined(__sgi)) && defined(_KERNEL) -# ifdef __osf__ -# include -# endif # include "radix_ipf_local.h" # define _RADIX_H_ #endif @@ -61,7 +58,7 @@ struct file; /* END OF INCLUDES */ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.8 2005/11/13 15:35:45 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.15 2007/05/26 13:05:13 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP @@ -129,10 +126,11 @@ void ip_lookup_unload() /* involves just calling another function to handle the specifics of each */ /* command. */ /* ------------------------------------------------------------------------ */ -int ip_lookup_ioctl(data, cmd, mode) +int ip_lookup_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; -int mode; +int mode, uid; +void *ctx; { int err; SPL_INT(s); @@ -182,6 +180,10 @@ int mode; RWLOCK_EXIT(&ip_poolrw); break; + case SIOCLOOKUPITER : + err = ip_lookup_iterate(data, uid, ctx); + break; + default : err = EINVAL; break; @@ -210,8 +212,13 @@ caddr_t data; ip_pool_t *p; int err; - err = 0; - BCOPYIN(data, &op, sizeof(op)); + err = BCOPYIN(data, &op, sizeof(op)); + if (err != 0) + return EFAULT; + + if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) + return EINVAL; + op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; switch (op.iplo_type) @@ -283,6 +290,9 @@ caddr_t data; err = 0; BCOPYIN(data, &op, sizeof(op)); + if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) + return EINVAL; + op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; switch (op.iplo_type) @@ -341,8 +351,12 @@ caddr_t data; iplookupop_t op; int err; - err = 0; - BCOPYIN(data, &op, sizeof(op)); + err = BCOPYIN(data, &op, sizeof(op)); + if (err != 0) + return EFAULT; + + if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) + return EINVAL; op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; @@ -371,8 +385,10 @@ caddr_t data; * For anonymous pools, copy back the operation struct because in the * case of success it will contain the new table's name. */ - if ((err == 0) && ((op.iplo_arg & IPOOL_ANON) != 0)) { - BCOPYOUT(&op, data, sizeof(op)); + if ((err == 0) && ((op.iplo_arg & LOOKUP_ANON) != 0)) { + err = BCOPYOUT(&op, data, sizeof(op)); + if (err != 0) + err = EFAULT; } return err; @@ -393,11 +409,14 @@ caddr_t data; iplookupop_t op; int err; - BCOPYIN(data, &op, sizeof(op)); - op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; + err = BCOPYIN(data, &op, sizeof(op)); + if (err != 0) + return EFAULT; - if (op.iplo_arg & IPLT_ANON) - op.iplo_arg &= IPLT_ANON; + if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) + return EINVAL; + + op.iplo_name[sizeof(op.iplo_name) - 1] = '\0'; /* * create a new pool - fail if one already exists with @@ -406,11 +425,11 @@ caddr_t data; switch (op.iplo_type) { case IPLT_POOL : - err = ip_pool_destroy(&op); + err = ip_pool_destroy(op.iplo_unit, op.iplo_name); break; case IPLT_HASH : - err = fr_removehtable(&op); + err = fr_removehtable(op.iplo_unit, op.iplo_name); break; default : @@ -434,8 +453,12 @@ caddr_t data; iplookupop_t op; int err; - err = 0; - BCOPYIN(data, &op, sizeof(op)); + err = BCOPYIN(data, &op, sizeof(op)); + if (err != 0) + return EFAULT; + + if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX) + return EINVAL; switch (op.iplo_type) { @@ -469,15 +492,16 @@ caddr_t data; int err, unit, num, type; iplookupflush_t flush; - err = 0; - BCOPYIN(data, &flush, sizeof(flush)); - - flush.iplf_name[sizeof(flush.iplf_name) - 1] = '\0'; + err = BCOPYIN(data, &flush, sizeof(flush)); + if (err != 0) + return EFAULT; unit = flush.iplf_unit; if ((unit < 0 || unit > IPL_LOGMAX) && (unit != IPLT_ALL)) return EINVAL; + flush.iplf_name[sizeof(flush.iplf_name) - 1] = '\0'; + type = flush.iplf_type; err = EINVAL; num = 0; @@ -494,12 +518,23 @@ caddr_t data; if (err == 0) { flush.iplf_count = num; - err = COPYOUT(&flush, data, sizeof(flush)); + err = BCOPYOUT(&flush, data, sizeof(flush)); + if (err != 0) + err = EFAULT; } return err; } +/* ------------------------------------------------------------------------ */ +/* Function: ip_lookup_delref */ +/* Returns: void */ +/* Parameters: type(I) - table type to operate on */ +/* ptr(I) - pointer to object to remove reference for */ +/* */ +/* This function organises calling the correct deref function for a given */ +/* type of object being passed into it. */ +/* ------------------------------------------------------------------------ */ void ip_lookup_deref(type, ptr) int type; void *ptr; @@ -522,13 +557,102 @@ void *ptr; } +/* ------------------------------------------------------------------------ */ +/* Function: ip_lookup_iterate */ +/* Returns: int - 0 = success, else error */ +/* Parameters: data(I) - pointer to data from ioctl call */ +/* */ +/* Decodes ioctl request to step through either hash tables or pools. */ +/* ------------------------------------------------------------------------ */ +int ip_lookup_iterate(data, uid, ctx) +void *data; +int uid; +void *ctx; +{ + ipflookupiter_t iter; + ipftoken_t *token; + int err; + SPL_INT(s); + + err = fr_inobj(data, &iter, IPFOBJ_LOOKUPITER); + if (err != 0) + return err; + + if (iter.ili_unit < 0 || iter.ili_unit > IPL_LOGMAX) + return EINVAL; + + if (iter.ili_ival != IPFGENITER_LOOKUP) + return EINVAL; + + SPL_SCHED(s); + token = ipf_findtoken(iter.ili_key, uid, ctx); + if (token == NULL) { + RWLOCK_EXIT(&ipf_tokens); + SPL_X(s); + return ESRCH; + } + + switch (iter.ili_type) + { + case IPLT_POOL : + err = ip_pool_getnext(token, &iter); + break; + case IPLT_HASH : + err = fr_htable_getnext(token, &iter); + break; + default : + err = EINVAL; + break; + } + RWLOCK_EXIT(&ipf_tokens); + SPL_X(s); + + return err; +} + + +/* ------------------------------------------------------------------------ */ +/* Function: iplookup_iterderef */ +/* Returns: int - 0 = success, else error */ +/* Parameters: data(I) - pointer to data from ioctl call */ +/* */ +/* Decodes ioctl request to remove a particular hash table or pool and */ +/* calls the relevant function to do the cleanup. */ +/* ------------------------------------------------------------------------ */ +void ip_lookup_iterderef(type, data) +u_32_t type; +void *data; +{ + iplookupiterkey_t key; + + key.ilik_key = type; + + if (key.ilik_unstr.ilik_ival != IPFGENITER_LOOKUP) + return; + + switch (key.ilik_unstr.ilik_type) + { + case IPLT_HASH : + fr_htable_iterderef((u_int)key.ilik_unstr.ilik_otype, + (int)key.ilik_unstr.ilik_unit, data); + break; + case IPLT_POOL : + ip_pool_iterderef((u_int)key.ilik_unstr.ilik_otype, + (int)key.ilik_unstr.ilik_unit, data); + break; + } +} + + + #else /* IPFILTER_LOOKUP */ /*ARGSUSED*/ -int ip_lookup_ioctl(data, cmd, mode) +int ip_lookup_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; -int mode; +int mode, uid; +void *ctx; { return EIO; } diff --git a/sys/contrib/ipfilter/netinet/ip_lookup.h b/sys/contrib/ipfilter/netinet/ip_lookup.h index 953dde1149f1..4b90655d2e62 100644 --- a/sys/contrib/ipfilter/netinet/ip_lookup.h +++ b/sys/contrib/ipfilter/netinet/ip_lookup.h @@ -33,6 +33,9 @@ typedef struct iplookupop { void *iplo_struct; } iplookupop_t; +#define LOOKUP_ANON 0x80000000 + + typedef struct iplookupflush { int iplf_type; /* IPLT_* */ int iplf_unit; /* IPL_LOG* */ @@ -55,9 +58,39 @@ typedef struct iplookuplink { #define IPLT_ANON 0x80000000 + +typedef union { + struct iplookupiterkey { + char ilik_ival; + u_char ilik_type; /* IPLT_* */ + u_char ilik_otype; + char ilik_unit; /* IPL_LOG* */ + } ilik_unstr; + u_32_t ilik_key; +} iplookupiterkey_t; + +typedef struct ipflookupiter { + int ili_nitems; + iplookupiterkey_t ili_lkey; + char ili_name[FR_GROUPLEN]; + void *ili_data; +} ipflookupiter_t; + +#define ili_key ili_lkey.ilik_key +#define ili_ival ili_lkey.ilik_unstr.ilik_ival +#define ili_unit ili_lkey.ilik_unstr.ilik_unit +#define ili_type ili_lkey.ilik_unstr.ilik_type +#define ili_otype ili_lkey.ilik_unstr.ilik_otype + +#define IPFLOOKUPITER_LIST 0 +#define IPFLOOKUPITER_NODE 1 + + extern int ip_lookup_init __P((void)); -extern int ip_lookup_ioctl __P((caddr_t, ioctlcmd_t, int)); +extern int ip_lookup_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern void ip_lookup_unload __P((void)); extern void ip_lookup_deref __P((int, void *)); +extern int ip_lookup_iterate __P((void *, int, void *)); +extern void ip_lookup_iterderef __P((u_32_t, void *)); #endif /* __IP_LOOKUP_H__ */ diff --git a/sys/contrib/ipfilter/netinet/ip_pool.c b/sys/contrib/ipfilter/netinet/ip_pool.c index 3d19afbf06ba..b7e994604adf 100644 --- a/sys/contrib/ipfilter/netinet/ip_pool.c +++ b/sys/contrib/ipfilter/netinet/ip_pool.c @@ -55,9 +55,6 @@ struct file; #if defined(_KERNEL) && (defined(__osf__) || defined(AIX) || \ defined(__hpux) || defined(__sgi)) -# ifdef __osf__ -# include -# endif # include "radix_ipf_local.h" # define _RADIX_H_ #endif @@ -78,7 +75,7 @@ static int rn_freenode __P((struct radix_node *, void *)); #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.15 2005/11/13 15:38:37 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.20 2007/05/31 12:27:35 darrenr Exp $"; #endif #ifdef IPFILTER_LOOKUP @@ -90,6 +87,9 @@ static const char rcsid[] = "@(#)$Id: ip_pool.c,v 2.55.2.15 2005/11/13 15:38:37 # define RADIX_NODE_HEAD_UNLOCK(x) ; # endif +static void ip_pool_clearnodes __P((ip_pool_t *)); +static void *ip_pool_exists __P((int, char *)); + ip_pool_stat_t ipoolstat; ipfrwlock_t ip_poolrw; @@ -137,7 +137,7 @@ main(argc, argv) strcpy(op.iplo_name, "0"); if (ip_pool_create(&op) == 0) - ipo = ip_pool_find(0, "0"); + ipo = ip_pool_exists(0, "0"); a.adf_addr.in4.s_addr = 0x0a010203; b.adf_addr.in4.s_addr = 0xffffffff; @@ -262,18 +262,14 @@ int ip_pool_init() void ip_pool_fini() { ip_pool_t *p, *q; - iplookupop_t op; int i; ASSERT(rw_read_locked(&ipf_global.ipf_lk) == 0); for (i = 0; i <= IPL_LOGMAX; i++) { for (q = ip_pool_list[i]; (p = q) != NULL; ) { - op.iplo_unit = i; - (void)strncpy(op.iplo_name, p->ipo_name, - sizeof(op.iplo_name)); q = p->ipo_next; - (void) ip_pool_destroy(&op); + (void) ip_pool_destroy(i, p->ipo_name); } } @@ -307,8 +303,8 @@ iplookupop_t *op; stats.ipls_list[i] = ip_pool_list[i]; } else if (unit >= 0 && unit < IPL_LOGSIZE) { if (op->iplo_name[0] != '\0') - stats.ipls_list[unit] = ip_pool_find(unit, - op->iplo_name); + stats.ipls_list[unit] = ip_pool_exists(unit, + op->iplo_name); else stats.ipls_list[unit] = ip_pool_list[unit]; } else @@ -319,16 +315,15 @@ iplookupop_t *op; } - /* ------------------------------------------------------------------------ */ -/* Function: ip_pool_find */ +/* Function: ip_pool_exists */ /* Returns: int - 0 = success, else error */ /* Parameters: ipo(I) - pointer to the pool getting the new node. */ /* */ /* Find a matching pool inside the collection of pools for a particular */ /* device, indicated by the unit number. */ /* ------------------------------------------------------------------------ */ -void *ip_pool_find(unit, name) +static void *ip_pool_exists(unit, name) int unit; char *name; { @@ -341,6 +336,29 @@ char *name; } +/* ------------------------------------------------------------------------ */ +/* Function: ip_pool_find */ +/* Returns: int - 0 = success, else error */ +/* Parameters: ipo(I) - pointer to the pool getting the new node. */ +/* */ +/* Find a matching pool inside the collection of pools for a particular */ +/* device, indicated by the unit number. If it is marked for deletion then */ +/* pretend it does not exist. */ +/* ------------------------------------------------------------------------ */ +void *ip_pool_find(unit, name) +int unit; +char *name; +{ + ip_pool_t *p; + + p = ip_pool_exists(unit, name); + if ((p != NULL) && (p->ipo_flags & IPOOL_DELETE)) + return NULL; + + return p; +} + + /* ------------------------------------------------------------------------ */ /* Function: ip_pool_findeq */ /* Returns: int - 0 = success, else error */ @@ -375,9 +393,9 @@ addrfamily_t *addr, *mask; /* */ /* Search the pool for a given address and return a search result. */ /* ------------------------------------------------------------------------ */ -int ip_pool_search(tptr, version, dptr) +int ip_pool_search(tptr, ipversion, dptr) void *tptr; -int version; +int ipversion; void *dptr; { struct radix_node *rn; @@ -397,11 +415,11 @@ void *dptr; bzero(&v, sizeof(v)); v.adf_len = offsetof(addrfamily_t, adf_addr); - if (version == 4) { + if (ipversion == 4) { v.adf_len += sizeof(addr->in4); v.adf_addr.in4 = addr->in4; #ifdef USE_INET6 - } else if (version == 6) { + } else if (ipversion == 6) { v.adf_len += sizeof(addr->in6); v.adf_addr.in6 = addr->in6; #endif @@ -475,6 +493,7 @@ int info; return ENOMEM; } + x->ipn_ref = 1; x->ipn_next = ipo->ipo_list; x->ipn_pnext = &ipo->ipo_list; if (ipo->ipo_list != NULL) @@ -498,6 +517,10 @@ int info; /* when being inserted - assume this has already been done. If the pool is */ /* marked as being anonymous, give it a new, unique, identifier. Call any */ /* other functions required to initialise the structure. */ +/* */ +/* If the structure is flagged for deletion then reset the flag and return, */ +/* as this likely means we've tried to free a pool that is in use (flush) */ +/* and now want to repopulate it with "new" data. */ /* ------------------------------------------------------------------------ */ int ip_pool_create(op) iplookupop_t *op; @@ -508,23 +531,37 @@ iplookupop_t *op; ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); - KMALLOC(h, ip_pool_t *); - if (h == NULL) - return ENOMEM; - bzero(h, sizeof(*h)); - - if (rn_inithead((void **)&h->ipo_head, - offsetof(addrfamily_t, adf_addr) << 3) == 0) { - KFREE(h); - return ENOMEM; - } - unit = op->iplo_unit; - if ((op->iplo_arg & IPOOL_ANON) != 0) { + if ((op->iplo_arg & LOOKUP_ANON) == 0) + h = ip_pool_exists(unit, op->iplo_name); + else + h = NULL; + + if (h != NULL) { + if ((h->ipo_flags & IPOOL_DELETE) != 0) { + h->ipo_flags &= ~IPOOL_DELETE; + return 0; + } + return EEXIST; + } else { + KMALLOC(h, ip_pool_t *); + if (h == NULL) + return ENOMEM; + bzero(h, sizeof(*h)); + + if (rn_inithead((void **)&h->ipo_head, + offsetof(addrfamily_t, adf_addr) << 3) == 0) { + KFREE(h); + return ENOMEM; + } + } + + if ((op->iplo_arg & LOOKUP_ANON) != 0) { ip_pool_t *p; - poolnum = IPOOL_ANON; + h->ipo_flags |= IPOOL_ANON; + poolnum = LOOKUP_ANON; #if defined(SNPRINTF) && defined(_KERNEL) SNPRINTF(name, sizeof(name), "%x", poolnum); @@ -549,19 +586,21 @@ iplookupop_t *op; (void)strncpy(h->ipo_name, name, sizeof(h->ipo_name)); (void)strncpy(op->iplo_name, name, sizeof(op->iplo_name)); } else { - (void) strncpy(h->ipo_name, op->iplo_name, sizeof(h->ipo_name)); + (void)strncpy(h->ipo_name, op->iplo_name, sizeof(h->ipo_name)); } - h->ipo_ref = 1; - h->ipo_list = NULL; - h->ipo_unit = unit; - h->ipo_next = ip_pool_list[unit]; - if (ip_pool_list[unit] != NULL) - ip_pool_list[unit]->ipo_pnext = &h->ipo_next; - h->ipo_pnext = &ip_pool_list[unit]; - ip_pool_list[unit] = h; + if ((h->ipo_flags & IPOOL_DELETE) == 0) { + h->ipo_ref = 1; + h->ipo_list = NULL; + h->ipo_unit = unit; + h->ipo_next = ip_pool_list[unit]; + if (ip_pool_list[unit] != NULL) + ip_pool_list[unit]->ipo_pnext = &h->ipo_next; + h->ipo_pnext = &ip_pool_list[unit]; + ip_pool_list[unit] = h; - ipoolstat.ipls_pools++; + ipoolstat.ipls_pools++; + } return 0; } @@ -574,36 +613,26 @@ iplookupop_t *op; /* ipe(I) - address being deleted as a node */ /* Locks: WRITE(ip_poolrw) */ /* */ -/* Add another node to the pool given by ipo. The three parameters passed */ -/* in (addr, mask, info) shold all be stored in the node. */ +/* Remove a node from the pool given by ipo. */ /* ------------------------------------------------------------------------ */ int ip_pool_remove(ipo, ipe) ip_pool_t *ipo; ip_pool_node_t *ipe; { - ip_pool_node_t **ipp, *n; ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); - for (ipp = &ipo->ipo_list; (n = *ipp) != NULL; ipp = &n->ipn_next) { - if (ipe == n) { - *n->ipn_pnext = n->ipn_next; - if (n->ipn_next) - n->ipn_next->ipn_pnext = n->ipn_pnext; - break; - } - } - - if (n == NULL) - return ENOENT; + if (ipe->ipn_pnext != NULL) + *ipe->ipn_pnext = ipe->ipn_next; + if (ipe->ipn_next != NULL) + ipe->ipn_next->ipn_pnext = ipe->ipn_pnext; RADIX_NODE_HEAD_LOCK(ipo->ipo_head); - ipo->ipo_head->rnh_deladdr(&n->ipn_addr, &n->ipn_mask, + ipo->ipo_head->rnh_deladdr(&ipe->ipn_addr, &ipe->ipn_mask, ipo->ipo_head); RADIX_NODE_HEAD_UNLOCK(ipo->ipo_head); - KFREE(n); - ipoolstat.ipls_nodes--; + ip_pool_node_deref(ipe); return 0; } @@ -616,23 +645,28 @@ ip_pool_node_t *ipe; /* Locks: WRITE(ip_poolrw) or WRITE(ipf_global) */ /* */ /* Search for a pool using paramters passed in and if it's not otherwise */ -/* busy, free it. */ +/* busy, free it. If it is busy, clear all of its nodes, mark it for being */ +/* deleted and return an error saying it is busy. */ /* */ -/* NOTE: Because this function is called out of ipldetach() where ip_poolrw */ +/* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ -int ip_pool_destroy(op) -iplookupop_t *op; +int ip_pool_destroy(unit, name) +int unit; +char *name; { ip_pool_t *ipo; - ipo = ip_pool_find(op->iplo_unit, op->iplo_name); + ipo = ip_pool_exists(unit, name); if (ipo == NULL) return ESRCH; - if (ipo->ipo_ref != 1) - return EBUSY; + if (ipo->ipo_ref != 1) { + ip_pool_clearnodes(ipo); + ipo->ipo_flags |= IPOOL_DELETE; + return 0; + } ip_pool_free(ipo); return 0; @@ -648,7 +682,7 @@ iplookupop_t *op; /* Free all pools associated with the device that matches the unit number */ /* passed in with operation. */ /* */ -/* NOTE: Because this function is called out of ipldetach() where ip_poolrw */ +/* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ @@ -669,7 +703,7 @@ iplookupflush_t *fp; (void)strncpy(op.iplo_name, p->ipo_name, sizeof(op.iplo_name)); q = p->ipo_next; - err = ip_pool_destroy(&op); + err = ip_pool_destroy(op.iplo_unit, op.iplo_name); if (err == 0) num++; else @@ -690,12 +724,36 @@ iplookupflush_t *fp; /* all of the address information stored in it, including any tree data */ /* structures also allocated. */ /* */ -/* NOTE: Because this function is called out of ipldetach() where ip_poolrw */ +/* NOTE: Because this function is called out of ipfdetach() where ip_poolrw */ /* may not be initialised, we can't use an ASSERT to enforce the locking */ /* assertion that one of the two (ip_poolrw,ipf_global) is held. */ /* ------------------------------------------------------------------------ */ void ip_pool_free(ipo) ip_pool_t *ipo; +{ + + ip_pool_clearnodes(ipo); + + if (ipo->ipo_next != NULL) + ipo->ipo_next->ipo_pnext = ipo->ipo_pnext; + *ipo->ipo_pnext = ipo->ipo_next; + rn_freehead(ipo->ipo_head); + KFREE(ipo); + + ipoolstat.ipls_pools--; +} + + +/* ------------------------------------------------------------------------ */ +/* Function: ip_pool_clearnodes */ +/* Returns: void */ +/* Parameters: ipo(I) - pointer to pool structure */ +/* Locks: WRITE(ip_poolrw) or WRITE(ipf_global) */ +/* */ +/* Deletes all nodes stored in a pool structure. */ +/* ------------------------------------------------------------------------ */ +static void ip_pool_clearnodes(ipo) +ip_pool_t *ipo; { ip_pool_node_t *n; @@ -715,13 +773,6 @@ ip_pool_t *ipo; RADIX_NODE_HEAD_UNLOCK(ipo->ipo_head); ipo->ipo_list = NULL; - if (ipo->ipo_next != NULL) - ipo->ipo_next->ipo_pnext = ipo->ipo_pnext; - *ipo->ipo_pnext = ipo->ipo_next; - rn_freehead(ipo->ipo_head); - KFREE(ipo); - - ipoolstat.ipls_pools--; } @@ -741,8 +792,179 @@ ip_pool_t *ipo; ASSERT(rw_read_locked(&ip_poolrw.ipf_lk) == 0); ipo->ipo_ref--; + if (ipo->ipo_ref == 0) ip_pool_free(ipo); + + else if ((ipo->ipo_ref == 1) && (ipo->ipo_flags & IPOOL_DELETE)) + ip_pool_destroy(ipo->ipo_unit, ipo->ipo_name); +} + + +/* ------------------------------------------------------------------------ */ +/* Function: ip_pool_node_deref */ +/* Returns: void */ +/* Parameters: ipn(I) - pointer to pool structure */ +/* Locks: WRITE(ip_poolrw) */ +/* */ +/* Drop a reference to the pool node passed in and if we're the last, free */ +/* it all up and adjust the stats accordingly. */ +/* ------------------------------------------------------------------------ */ +void ip_pool_node_deref(ipn) +ip_pool_node_t *ipn; +{ + + ipn->ipn_ref--; + + if (ipn->ipn_ref == 0) { + KFREE(ipn); + ipoolstat.ipls_nodes--; + } +} + + +/* ------------------------------------------------------------------------ */ +/* Function: ip_pool_getnext */ +/* Returns: void */ +/* Parameters: token(I) - pointer to pool structure */ +/* Parameters: ilp(IO) - pointer to pool iterating structure */ +/* */ +/* ------------------------------------------------------------------------ */ +int ip_pool_getnext(token, ilp) +ipftoken_t *token; +ipflookupiter_t *ilp; +{ + ip_pool_node_t *node, zn, *nextnode; + ip_pool_t *ipo, zp, *nextipo; + int err; + + err = 0; + node = NULL; + nextnode = NULL; + ipo = NULL; + nextipo = NULL; + + READ_ENTER(&ip_poolrw); + + switch (ilp->ili_otype) + { + case IPFLOOKUPITER_LIST : + ipo = token->ipt_data; + if (ipo == NULL) { + nextipo = ip_pool_list[(int)ilp->ili_unit]; + } else { + nextipo = ipo->ipo_next; + } + + if (nextipo != NULL) { + ATOMIC_INC(nextipo->ipo_ref); + if (nextipo->ipo_next == NULL) + token->ipt_alive = 0; + } else { + bzero((char *)&zp, sizeof(zp)); + nextipo = &zp; + } + break; + + case IPFLOOKUPITER_NODE : + node = token->ipt_data; + if (node == NULL) { + ipo = ip_pool_exists(ilp->ili_unit, ilp->ili_name); + if (ipo == NULL) + err = ESRCH; + else { + nextnode = ipo->ipo_list; + ipo = NULL; + } + } else { + nextnode = node->ipn_next; + } + + if (nextnode != NULL) { + ATOMIC_INC(nextnode->ipn_ref); + if (nextnode->ipn_next == NULL) + token->ipt_alive = 0; + } else { + bzero((char *)&zn, sizeof(zn)); + nextnode = &zn; + } + break; + default : + err = EINVAL; + break; + } + + RWLOCK_EXIT(&ip_poolrw); + + if (err != 0) + return err; + + switch (ilp->ili_otype) + { + case IPFLOOKUPITER_LIST : + if (ipo != NULL) { + WRITE_ENTER(&ip_poolrw); + ip_pool_deref(ipo); + RWLOCK_EXIT(&ip_poolrw); + } + token->ipt_data = nextipo; + err = COPYOUT(nextipo, ilp->ili_data, sizeof(*nextipo)); + if (err != 0) + err = EFAULT; + break; + + case IPFLOOKUPITER_NODE : + if (node != NULL) { + WRITE_ENTER(&ip_poolrw); + ip_pool_node_deref(node); + RWLOCK_EXIT(&ip_poolrw); + } + token->ipt_data = nextnode; + err = COPYOUT(nextnode, ilp->ili_data, sizeof(*nextnode)); + if (err != 0) + err = EFAULT; + break; + } + + return err; +} + + +/* ------------------------------------------------------------------------ */ +/* Function: ip_pool_iterderef */ +/* Returns: void */ +/* Parameters: ipn(I) - pointer to pool structure */ +/* Locks: WRITE(ip_poolrw) */ +/* */ +/* ------------------------------------------------------------------------ */ +void ip_pool_iterderef(otype, unit, data) +u_int otype; +int unit; +void *data; +{ + + if (data == NULL) + return; + + if (unit < 0 || unit > IPL_LOGMAX) + return; + + switch (otype) + { + case IPFLOOKUPITER_LIST : + WRITE_ENTER(&ip_poolrw); + ip_pool_deref((ip_pool_t *)data); + RWLOCK_EXIT(&ip_poolrw); + break; + + case IPFLOOKUPITER_NODE : + WRITE_ENTER(&ip_poolrw); + ip_pool_node_deref((ip_pool_node_t *)data); + RWLOCK_EXIT(&ip_poolrw); + break; + default : + break; + } } @@ -780,5 +1002,4 @@ rn_freehead(rnh) Free(rnh); } # endif - #endif /* IPFILTER_LOOKUP */ diff --git a/sys/contrib/ipfilter/netinet/ip_pool.h b/sys/contrib/ipfilter/netinet/ip_pool.h index 3731fe964bcb..927276f9ce4f 100644 --- a/sys/contrib/ipfilter/netinet/ip_pool.h +++ b/sys/contrib/ipfilter/netinet/ip_pool.h @@ -3,7 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. * - * $Id: ip_pool.h,v 2.26.2.3 2005/06/12 07:18:27 darrenr Exp $ + * $Id: ip_pool.h,v 2.26.2.5 2007/01/14 14:06:12 darrenr Exp $ */ #ifndef __IP_POOL_H__ @@ -35,8 +35,9 @@ typedef struct ip_pool_node { addrfamily_t ipn_addr; addrfamily_t ipn_mask; int ipn_info; - char ipn_name[FR_GROUPLEN]; - u_long ipn_hits; + int ipn_ref; +char ipn_name[FR_GROUPLEN]; +u_long ipn_hits; struct ip_pool_node *ipn_next, **ipn_pnext; } ip_pool_node_t; @@ -53,7 +54,8 @@ typedef struct ip_pool_s { char ipo_name[FR_GROUPLEN]; } ip_pool_t; -#define IPOOL_ANON 0x80000000 +#define IPOOL_DELETE 0x01 +#define IPOOL_ANON 0x02 typedef struct ip_pool_stat { @@ -73,13 +75,16 @@ extern void ip_pool_fini __P((void)); extern int ip_pool_create __P((iplookupop_t *)); extern int ip_pool_insert __P((ip_pool_t *, i6addr_t *, i6addr_t *, int)); extern int ip_pool_remove __P((ip_pool_t *, ip_pool_node_t *)); -extern int ip_pool_destroy __P((iplookupop_t *)); +extern int ip_pool_destroy __P((int, char *)); extern void ip_pool_free __P((ip_pool_t *)); extern void ip_pool_deref __P((ip_pool_t *)); +extern void ip_pool_node_deref __P((ip_pool_node_t *)); extern void *ip_pool_find __P((int, char *)); extern ip_pool_node_t *ip_pool_findeq __P((ip_pool_t *, addrfamily_t *, addrfamily_t *)); extern int ip_pool_flush __P((iplookupflush_t *)); extern int ip_pool_statistics __P((iplookupop_t *)); +extern int ip_pool_getnext __P((ipftoken_t *, ipflookupiter_t *)); +extern void ip_pool_iterderef __P((u_int, int, void *)); #endif /* __IP_POOL_H__ */ diff --git a/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c b/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c index 2ef2e17dc5dc..3924d4b829ed 100644 --- a/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c @@ -4,7 +4,7 @@ * Simple PPTP transparent proxy for in-kernel use. For use with the NAT * code. * - * $Id: ip_pptp_pxy.c,v 2.10.2.13 2006/03/17 10:40:05 darrenr Exp $ + * $Id: ip_pptp_pxy.c,v 2.10.2.15 2006/10/31 12:11:23 darrenr Exp $ * */ #define IPF_PPTP_PROXY @@ -78,6 +78,9 @@ void ippr_pptp_fini() /* * Setup for a new PPTP proxy. + * + * NOTE: The printf's are broken up with %s in them to prevent them being + * optimised into puts statements on FreeBSD (this doesn't exist in the kernel) */ int ippr_pptp_new(fin, aps, nat) fr_info_t *fin; @@ -220,7 +223,7 @@ pptp_pxy_t *pptp; pptp->pptp_state = fr_addstate(&fi, &pptp->pptp_state, 0); if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); + fr_statederef((ipstate_t **)&fi.fin_state); } ip->ip_p = p; return; diff --git a/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c b/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c index 112e4da8e5ca..4350bf408c55 100644 --- a/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c @@ -37,7 +37,7 @@ * o The enclosed hack of STREAMS support is pretty sick and most likely * broken. * - * $Id: ip_rpcb_pxy.c,v 2.25.2.3 2005/02/04 10:22:56 darrenr Exp $ + * $Id: ip_rpcb_pxy.c,v 2.25.2.6 2007/01/17 11:34:54 darrenr Exp $ */ #define IPF_RPCB_PROXY @@ -290,6 +290,7 @@ ippr_rpcb_out(fin, aps, nat) /* Perform basic variable initialization. */ rs = (rpcb_session_t *)aps->aps_data; + rx = NULL; m = fin->fin_m; off = (char *)fin->fin_dp - (char *)fin->fin_ip; @@ -307,6 +308,8 @@ ippr_rpcb_out(fin, aps, nat) COPYDATA(m, off, dlen, (caddr_t)&rm->rm_msgbuf); rm->rm_buflen = dlen; + rx = NULL; /* XXX gcc */ + /* Send off to decode reply. */ rv = ippr_rpcb_decoderep(fin, nat, rs, rm, &rx); @@ -1156,6 +1159,8 @@ ippr_rpcb_getnat(fin, nat, proto, port) /* Generate dummy fr_info */ bcopy((char *)fin, (char *)&fi, sizeof(fi)); + fi.fin_state = NULL; + fi.fin_nat = NULL; fi.fin_out = 0; fi.fin_src = fin->fin_dst; fi.fin_dst = nat->nat_outip; @@ -1191,8 +1196,9 @@ ippr_rpcb_getnat(fin, nat, proto, port) * no use for this lock, so simply unlock it if necessary. */ is = fr_stlookup(&fi, &tcp, NULL); - if (is != NULL) + if (is != NULL) { RWLOCK_EXIT(&ipf_state); + } RWLOCK_EXIT(&ipf_nat); @@ -1271,7 +1277,7 @@ ippr_rpcb_getnat(fin, nat, proto, port) return(-1); } if (fi.fin_state != NULL) - fr_statederef(&fi, (ipstate_t **)&fi.fin_state); + fr_statederef((ipstate_t **)&fi.fin_state); } return(0); diff --git a/sys/contrib/ipfilter/netinet/ip_scan.c b/sys/contrib/ipfilter/netinet/ip_scan.c index 13a5a60210e1..ad372166f3bc 100644 --- a/sys/contrib/ipfilter/netinet/ip_scan.c +++ b/sys/contrib/ipfilter/netinet/ip_scan.c @@ -58,7 +58,7 @@ struct file; #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_scan.c,v 2.40.2.6 2006/03/26 23:06:49 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_scan.c,v 2.40.2.9 2007/03/13 09:42:05 darrenr Exp $"; #endif #ifdef IPFILTER_SCAN /* endif at bottom of file */ @@ -115,8 +115,10 @@ caddr_t data; return ENOMEM; err = copyinptr(data, isc, sizeof(*isc)); - if (err) + if (err) { + KFREE(isc); return err; + } WRITE_ENTER(&ipsc_rwlock); @@ -230,20 +232,17 @@ struct ipstate *is; fr = is->is_rule; if (fr) { i = fr->fr_isc; - if (!i || (i != (ipscan_t *)-1)) { + if ((i != NULL) && (i != (ipscan_t *)-1)) { is->is_isc = i; - if (i) { - ATOMIC_INC32(i->ipsc_sref); - if (i->ipsc_clen) - is->is_flags |= IS_SC_CLIENT; - else - is->is_flags |= IS_SC_MATCHC; - if (i->ipsc_slen) - is->is_flags |= IS_SC_SERVER; - else - is->is_flags |= IS_SC_MATCHS; - } else - is->is_flags |= (IS_SC_CLIENT|IS_SC_SERVER); + ATOMIC_INC32(i->ipsc_sref); + if (i->ipsc_clen) + is->is_flags |= IS_SC_CLIENT; + else + is->is_flags |= IS_SC_MATCHC; + if (i->ipsc_slen) + is->is_flags |= IS_SC_SERVER; + else + is->is_flags |= IS_SC_MATCHS; } } RWLOCK_EXIT(&ipsc_rwlock); @@ -568,10 +567,11 @@ ipstate_t *is; } -int fr_scan_ioctl(data, cmd, mode) +int fr_scan_ioctl(data, cmd, mode, uid, ctx) caddr_t data; ioctlcmd_t cmd; -int mode; +int mode, uid; +void *ctx; { ipscanstat_t ipscs; int err = 0; diff --git a/sys/contrib/ipfilter/netinet/ip_scan.h b/sys/contrib/ipfilter/netinet/ip_scan.h index d85745378b81..4772d28c012b 100644 --- a/sys/contrib/ipfilter/netinet/ip_scan.h +++ b/sys/contrib/ipfilter/netinet/ip_scan.h @@ -4,7 +4,7 @@ * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * $Id: ip_scan.h,v 2.9.2.1 2005/06/12 07:18:29 darrenr Exp $ + * $Id: ip_scan.h,v 2.9.2.2 2006/07/14 06:12:19 darrenr Exp $ */ #ifndef __IP_SCAN_H__ @@ -94,7 +94,7 @@ typedef struct ipscanstat { } ipscanstat_t; -extern int fr_scan_ioctl __P((caddr_t, ioctlcmd_t, int)); +extern int fr_scan_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); extern int ipsc_init __P((void)); extern int ipsc_attachis __P((struct ipstate *)); extern int ipsc_attachfr __P((struct frentry *)); diff --git a/sys/contrib/ipfilter/netinet/ip_sync.h b/sys/contrib/ipfilter/netinet/ip_sync.h index 76862f7534a1..8104db3f2c3d 100644 --- a/sys/contrib/ipfilter/netinet/ip_sync.h +++ b/sys/contrib/ipfilter/netinet/ip_sync.h @@ -4,7 +4,7 @@ * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * $Id: ip_sync.h,v 2.11.2.3 2006/03/19 14:59:39 darrenr Exp $ + * $Id: ip_sync.h,v 2.11.2.4 2006/07/14 06:12:20 darrenr Exp $ */ #ifndef __IP_SYNC_H__ @@ -102,16 +102,16 @@ typedef struct syncupdent { /* 28 or 32 bytes */ extern synclogent_t synclog[SYNCLOG_SZ]; -extern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int)); -extern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); -extern void ipfsync_del __P((synclist_t *)); -extern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); -extern int ipfsync_init __P((void)); -extern int ipfsync_nat __P((synchdr_t *sp, void *data)); -extern int ipfsync_state __P((synchdr_t *sp, void *data)); -extern int ipfsync_read __P((struct uio *uio)); -extern int ipfsync_write __P((struct uio *uio)); -extern int ipfsync_canread __P((void)); -extern int ipfsync_canwrite __P((void)); +extern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); +extern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); +extern void ipfsync_del __P((synclist_t *)); +extern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); +extern int ipfsync_init __P((void)); +extern int ipfsync_nat __P((synchdr_t *sp, void *data)); +extern int ipfsync_state __P((synchdr_t *sp, void *data)); +extern int ipfsync_read __P((struct uio *uio)); +extern int ipfsync_write __P((struct uio *uio)); +extern int ipfsync_canread __P((void)); +extern int ipfsync_canwrite __P((void)); #endif /* IP_SYNC */