bring changes in IPFilter to 3.4.31 on to the head

svn path=/head/; revision=110920
2025-01-06 13:09:50 +00:00 · 2003-02-15 06:32:48 +00:00 · 2003-02-15 06:32:48 +00:00 · 57e3d9cf76 · 2020-12-20 02:59:44 +00:00
commit 57e3d9cf76
parent 50d563d31c
10 changed files with 60 additions and 16 deletions
--- a/contrib/ipfilter/iplang/iplang_y.y
+++ b/contrib/ipfilter/iplang/iplang_y.y
@ -10,7 +10,7 @@
 * $FreeBSD$
 */

-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
 # include <sys/ptimers.h>
 #endif
 #include <stdio.h>
@ -53,7 +53,7 @@
 #include "iplang.h"

 #if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \
-    __FreeBSD_version < 400020)
+    __FreeBSD_version < 400020 ) && SOLARIS2 < 10 
 extern	struct ether_addr *ether_aton __P((char *));
 #endif

--- a/contrib/ipfilter/ipmon.c
+++ b/contrib/ipfilter/ipmon.c
@ -8,7 +8,7 @@
 #define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun)
 #endif

-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
 # include <sys/ptimers.h>
 #endif
 #include <sys/types.h>
--- a/contrib/ipfilter/ipsend/ipsend.c
+++ b/contrib/ipfilter/ipsend/ipsend.c
@ -9,7 +9,7 @@
 *
 * See the IPFILTER.LICENCE file for details on licencing.
 */
-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
 # include <sys/ptimers.h>
 #endif
 #include <stdio.h>
--- a/contrib/ipfilter/ipsend/iptests.c
+++ b/contrib/ipfilter/ipsend/iptests.c
@ -3,7 +3,7 @@
 *
 * See the IPFILTER.LICENCE file for details on licencing.
 */
-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
 # include <sys/ptimers.h>
 #endif
 #include <stdio.h>
@ -75,20 +75,28 @@
 #if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
 # include <sys/sysmacros.h>
 #endif
+#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 106000000)
+# define USE_NANOSLEEP
+#endif
 #include "ipsend.h"

 #if 0
 #if !defined(lint)
 static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.5 2002/02/22 15:32:58 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: iptests.c,v 2.1.4.8 2002/12/06 11:40:35 darrenr Exp $";
 #endif
 #endif

 __FBSDID("$FreeBSD$");


-#define	PAUSE()	tv.tv_sec = 0; tv.tv_usec = 10000; \
-		  (void) select(0, NULL, NULL, NULL, &tv)
+#ifdef	USE_NANOSLEEP
+# define	PAUSE()	ts.tv_sec = 0; ts.tv_nsec = 10000000; \
+		  (void) nanosleep(&ts, NULL)
+#else
+# define	PAUSE()	tv.tv_sec = 0; tv.tv_usec = 10000; \
+				  (void) select(0, NULL, NULL, NULL, &tv)
+#endif


 void	ip_test1(dev, mtu, ip, gwip, ptest)
@ -98,7 +106,11 @@ ip_t	*ip;
 struct	in_addr	gwip;
 int	ptest;
 {
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
 	udphdr_t *u;
 	int	nfd, i = 0, len, id = getpid();

@ -442,7 +454,11 @@ ip_t	*ip;
 struct	in_addr	gwip;
 int	ptest;
 {
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
 	int	nfd;
 	u_char	*s;

@ -533,7 +549,11 @@ int	ptest;
 {
 	static	int	ict1[10] = { 8, 9, 10, 13, 14, 15, 16, 17, 18, 0 };
 	static	int	ict2[8] = { 3, 9, 10, 13, 14, 17, 18, 0 };
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
 	struct	icmp	*icp;
 	int	nfd, i;

@ -725,7 +745,11 @@ ip_t	*ip;
 struct	in_addr	gwip;
 int	ptest;
 {
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
 	udphdr_t	*u;
 	int	nfd, i;

@ -883,7 +907,11 @@ ip_t	*ip;
 struct	in_addr	gwip;
 int	ptest;
 {
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
 	tcphdr_t *t;
 	int	nfd, i;

@ -1226,7 +1254,11 @@ ip_t	*ip;
 struct	in_addr	gwip;
 int	ptest;
 {
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
 	udphdr_t *u;
 	int	nfd, i, j, k;

@ -1301,8 +1333,12 @@ ip_t	*ip;
 struct	in_addr	gwip;
 int	ptest;
 {
-	ip_t	*pip;
+#ifdef	USE_NANOSLEEP
+	struct	timespec ts;
+#else
 	struct	timeval	tv;
+#endif
+	ip_t	*pip;
 	int	nfd, i, j;
 	u_char	*s;

--- a/contrib/ipfilter/ipsend/sock.c
+++ b/contrib/ipfilter/ipsend/sock.c
@ -4,7 +4,7 @@
 *
 * See the IPFILTER.LICENCE file for details on licencing.
 */
-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
 # include <sys/ptimers.h>
 #endif
 #include <stdio.h>
@ -66,7 +66,7 @@

 #if !defined(lint)
 static const char sccsid[] = "@(#)sock.c	1.2 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.5 2002/02/22 15:32:58 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: sock.c,v 2.1.4.6 2002/12/06 11:40:36 darrenr Exp $";
 #endif


--- a/contrib/ipfilter/man/ipf.5
+++ b/contrib/ipfilter/man/ipf.5
@ -62,7 +62,7 @@ host-num = digit [ digit [ digit ] ] .
 port-num = service-name | decnumber .

 withopt = [ "not" | "no" ] opttype [ withopt ] .
-opttype = "ipopts" | "short" | "frag" | "opt" ipopts  .
+opttype = "ipopts" | "short" | "frag" | "opt" optname .
 optname	= ipopts [ "," optname ] .
 ipopts  = optlist | "sec-class" [ secname ] .
 secname	= seclvl [ "," secname ] .
--- a/contrib/ipfilter/man/ipf.8
+++ b/contrib/ipfilter/man/ipf.8
@ -56,7 +56,7 @@ the order on the command line being that used to execute options.
 .TP
 .BR \-F \0<s|S>
 To flush entries from the state table, the \fB-F\fP option is used in
-conjuction with either "s" (removes state information about any non-fully
+conjunction with either "s" (removes state information about any non-fully
 established connections) or "S" (deletes the entire state table).  Only
 one of the two options may be given.  A fully established connection
 will show up in \fBipfstat -s\fP output as 4/4, with deviations either
--- a/contrib/ipfilter/man/ipfstat.8
+++ b/contrib/ipfilter/man/ipfstat.8
@ -123,7 +123,7 @@ be used while ipfstat is in top mode.
 .BR \-T \0<refreshtime>
 This option is only valid in combination with \fB\-t\fP. Specifies how often
 the state top display should be updated. The refresh time is the number of
-seconds between an update. Any postive integer can be used. The default (and
+seconds between an update. Any positive integer can be used. The default (and
 minimal update time) is 1.
 .TP
 .B \-v
@ -163,7 +163,7 @@ the number of bytes. States are sorted in descending order, but you can use
 the \fBr\fP key to sort them in ascending order.
 .SH STATE TOP LIMITATIONS
 It is currently not possible to interactively change the source, destination
-and protocol filters or the refreh frequency. This must be done from the
+and protocol filters or the refresh frequency. This must be done from the
 command line.
 .PP
 The screen must have at least 80 columns. This is however not checked.
--- a/contrib/ipfilter/man/ipftest.1
+++ b/contrib/ipfilter/man/ipftest.1
@ -15,6 +15,9 @@ interface
 [
 .B \-i
 <filename>
+] [
+.B \-s
+<ipaddress>
 ]
 .SH DESCRIPTION
 .PP
@ -129,6 +132,11 @@ Specify the filename from which to take input.  Default is stdin.
 .TP
 .BR \-r \0<filename>
 Specify the filename from which to read filter rules.
+.TP
+.BR \-s \0<ipaddress>
+Where the input format is incapable of telling \fBipftest\fP whther a packet is
+going in or out, setting this option to an IP address results in the direction
+being set to out if the source matches or in if the destination matches. 
 .SH SEE ALSO
 ipf(5), ipf(8), snoop(1m), tcpdump(8), etherfind(8c)
 .SH BUGS
--- a/contrib/ipfilter/man/ipmon.8
+++ b/contrib/ipfilter/man/ipmon.8
@ -55,7 +55,7 @@ setting, not a particular rule.
 .LP
 6. The addresses.
 This is actually three fields: the source address and port
-(separted by a comma), the \fB->\fP symbol, and the destination address
+(separated by a comma), the \fB->\fP symbol, and the destination address
 and port. E.g.: \fB209.53.17.22,80 -> 198.73.220.17,1722\fP.
 .LP
 7. \fBPR\fP followed by the protocol name or number, e.g., \fBPR tcp\fP.