From e246b3be6fb350a2d317fb6a37b61764c7d3a70e Mon Sep 17 00:00:00 2001 From: Guido van Rooij Date: Fri, 30 Dec 2005 11:34:54 +0000 Subject: [PATCH] Import IP Filter 4.1.10 --- contrib/ipfilter/BSD/Makefile | 55 +- contrib/ipfilter/BSD/Makefile.ipsend | 2 +- contrib/ipfilter/BSD/kupgrade | 8 + contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 | 2 - contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 | 2 - contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 | 2 - contrib/ipfilter/HISTORY | 79 +++ contrib/ipfilter/INST.FreeBSD-2.2 | 2 - contrib/ipfilter/Makefile | 26 +- contrib/ipfilter/NAT.FreeBSD | 2 +- contrib/ipfilter/bpf-ipf.h | 2 - contrib/ipfilter/bpf_filter.c | 6 +- contrib/ipfilter/ipf.h | 5 +- contrib/ipfilter/iplang/iplang.h | 2 - contrib/ipfilter/iplang/iplang_l.l | 4 +- contrib/ipfilter/iplang/iplang_y.y | 12 +- contrib/ipfilter/ipmon.h | 4 +- contrib/ipfilter/ipsd/Celler/ip_compat.h | 2 - contrib/ipfilter/ipsd/ipsd.c | 4 +- contrib/ipfilter/ipsd/ipsd.h | 2 - contrib/ipfilter/ipsd/ipsdr.c | 4 +- contrib/ipfilter/ipsd/linux.h | 2 - contrib/ipfilter/ipsd/sbpf.c | 2 - contrib/ipfilter/ipsd/sdlpi.c | 2 - contrib/ipfilter/ipsd/slinux.c | 2 - contrib/ipfilter/ipsd/snit.c | 2 - contrib/ipfilter/ipsend/44arp.c | 2 - contrib/ipfilter/ipsend/arp.c | 6 +- contrib/ipfilter/ipsend/dlcommon.c | 2 - contrib/ipfilter/ipsend/dltest.h | 2 - contrib/ipfilter/ipsend/hpux.c | 2 - contrib/ipfilter/ipsend/in_var.h | 2 - contrib/ipfilter/ipsend/ip.c | 4 +- contrib/ipfilter/ipsend/ip_var.h | 2 - contrib/ipfilter/ipsend/ipresend.1 | 2 - contrib/ipfilter/ipsend/ipresend.c | 4 +- contrib/ipfilter/ipsend/ipsend.1 | 2 - contrib/ipfilter/ipsend/ipsend.5 | 2 - contrib/ipfilter/ipsend/ipsend.c | 4 +- contrib/ipfilter/ipsend/ipsend.h | 2 - contrib/ipfilter/ipsend/ipsopt.c | 4 +- contrib/ipfilter/ipsend/iptest.1 | 2 - contrib/ipfilter/ipsend/iptest.c | 4 +- contrib/ipfilter/ipsend/iptests.c | 6 +- contrib/ipfilter/ipsend/larp.c | 4 +- contrib/ipfilter/ipsend/linux.h | 2 - contrib/ipfilter/ipsend/lsock.c | 4 +- contrib/ipfilter/ipsend/resend.c | 4 +- contrib/ipfilter/ipsend/sbpf.c | 4 +- contrib/ipfilter/ipsend/sdlpi.c | 4 +- contrib/ipfilter/ipsend/sirix.c | 2 - contrib/ipfilter/ipsend/slinux.c | 4 +- contrib/ipfilter/ipsend/snit.c | 4 +- contrib/ipfilter/ipsend/sock.c | 4 +- contrib/ipfilter/ipsend/sockraw.c | 2 - contrib/ipfilter/ipsend/tcpip.h | 4 +- contrib/ipfilter/ipt.h | 4 +- contrib/ipfilter/kmem.h | 4 +- contrib/ipfilter/l4check/http.ok | 2 +- contrib/ipfilter/l4check/l4check.c | 2 - contrib/ipfilter/lib/Makefile | 3 + contrib/ipfilter/lib/addicmp.c | 4 +- contrib/ipfilter/lib/addipopt.c | 4 +- contrib/ipfilter/lib/addkeep.c | 4 +- contrib/ipfilter/lib/bcopywrap.c | 2 - contrib/ipfilter/lib/binprint.c | 4 +- contrib/ipfilter/lib/buildopts.c | 4 +- contrib/ipfilter/lib/checkrev.c | 4 +- contrib/ipfilter/lib/count4bits.c | 4 +- contrib/ipfilter/lib/count6bits.c | 4 +- contrib/ipfilter/lib/debug.c | 4 +- contrib/ipfilter/lib/extras.c | 4 +- contrib/ipfilter/lib/facpri.c | 10 +- contrib/ipfilter/lib/facpri.h | 4 +- contrib/ipfilter/lib/fill6bits.c | 4 +- contrib/ipfilter/lib/flags.c | 4 +- contrib/ipfilter/lib/genmask.c | 4 +- contrib/ipfilter/lib/gethost.c | 2 - contrib/ipfilter/lib/getifname.c | 2 - contrib/ipfilter/lib/getline.c | 4 +- contrib/ipfilter/lib/getnattype.c | 4 +- contrib/ipfilter/lib/getport.c | 2 - contrib/ipfilter/lib/getportproto.c | 2 - contrib/ipfilter/lib/getproto.c | 10 +- contrib/ipfilter/lib/getsumd.c | 2 - contrib/ipfilter/lib/hexdump.c | 2 - contrib/ipfilter/lib/hostmask.c | 4 +- contrib/ipfilter/lib/hostname.c | 2 - contrib/ipfilter/lib/hostnum.c | 4 +- contrib/ipfilter/lib/icmpcode.c | 4 +- contrib/ipfilter/lib/inet_addr.c | 4 +- contrib/ipfilter/lib/initparse.c | 4 +- contrib/ipfilter/lib/ionames.c | 4 +- contrib/ipfilter/lib/ipf_dotuning.c | 10 +- contrib/ipfilter/lib/ipft_ef.c | 6 +- contrib/ipfilter/lib/ipft_hx.c | 10 +- contrib/ipfilter/lib/ipft_pc.c | 35 +- contrib/ipfilter/lib/ipft_sn.c | 6 +- contrib/ipfilter/lib/ipft_td.c | 6 +- contrib/ipfilter/lib/ipft_tx.c | 35 +- contrib/ipfilter/lib/ipoptsec.c | 4 +- contrib/ipfilter/lib/kmem.c | 9 +- contrib/ipfilter/lib/kmem.h | 4 +- contrib/ipfilter/lib/kmemcpywrap.c | 2 - contrib/ipfilter/lib/kvatoname.c | 2 - contrib/ipfilter/lib/load_hash.c | 8 +- contrib/ipfilter/lib/load_hashnode.c | 4 +- contrib/ipfilter/lib/load_pool.c | 11 +- contrib/ipfilter/lib/load_poolnode.c | 4 +- contrib/ipfilter/lib/loglevel.c | 4 +- contrib/ipfilter/lib/make_range.c | 4 +- contrib/ipfilter/lib/mutex_emul.c | 2 - contrib/ipfilter/lib/nametokva.c | 2 - contrib/ipfilter/lib/nat_setgroupmap.c | 4 +- contrib/ipfilter/lib/natparse.c | 4 +- contrib/ipfilter/lib/ntomask.c | 2 - contrib/ipfilter/lib/optname.c | 4 +- contrib/ipfilter/lib/optprint.c | 4 +- contrib/ipfilter/lib/optprintv6.c | 4 +- contrib/ipfilter/lib/optvalue.c | 4 +- contrib/ipfilter/lib/parse.c | 4 +- contrib/ipfilter/lib/portname.c | 4 +- contrib/ipfilter/lib/portnum.c | 4 +- contrib/ipfilter/lib/ports.c | 4 +- contrib/ipfilter/lib/print_toif.c | 4 +- contrib/ipfilter/lib/printactivenat.c | 4 +- contrib/ipfilter/lib/printaps.c | 4 +- contrib/ipfilter/lib/printbuf.c | 4 +- contrib/ipfilter/lib/printfr.c | 59 +- contrib/ipfilter/lib/printfraginfo.c | 4 +- contrib/ipfilter/lib/printhash.c | 2 - contrib/ipfilter/lib/printhashnode.c | 2 - contrib/ipfilter/lib/printhostmap.c | 7 +- contrib/ipfilter/lib/printhostmask.c | 4 +- contrib/ipfilter/lib/printifname.c | 4 +- contrib/ipfilter/lib/printip.c | 4 +- contrib/ipfilter/lib/printlog.c | 13 +- contrib/ipfilter/lib/printmask.c | 4 +- contrib/ipfilter/lib/printnat.c | 48 +- contrib/ipfilter/lib/printpacket.c | 7 +- contrib/ipfilter/lib/printpacket6.c | 2 - contrib/ipfilter/lib/printpool.c | 2 - contrib/ipfilter/lib/printpoolnode.c | 2 - contrib/ipfilter/lib/printportcmp.c | 4 +- contrib/ipfilter/lib/printproto.c | 51 ++ contrib/ipfilter/lib/printsbuf.c | 2 - contrib/ipfilter/lib/printstate.c | 6 +- contrib/ipfilter/lib/printtunable.c | 2 - contrib/ipfilter/lib/ratoi.c | 4 +- contrib/ipfilter/lib/ratoui.c | 4 +- contrib/ipfilter/lib/remove_hash.c | 4 +- contrib/ipfilter/lib/remove_hashnode.c | 4 +- contrib/ipfilter/lib/remove_pool.c | 4 +- contrib/ipfilter/lib/remove_poolnode.c | 4 +- contrib/ipfilter/lib/resetlexer.c | 2 - contrib/ipfilter/lib/rwlock_emul.c | 2 - contrib/ipfilter/lib/tcp_flags.c | 4 +- contrib/ipfilter/lib/tcpflags.c | 4 +- contrib/ipfilter/lib/tcpoptnames.c | 4 +- contrib/ipfilter/lib/to_interface.c | 4 +- contrib/ipfilter/lib/v6ionames.c | 5 +- contrib/ipfilter/lib/v6optvalue.c | 4 +- contrib/ipfilter/lib/var.c | 2 - contrib/ipfilter/lib/verbose.c | 4 +- contrib/ipfilter/man/ipf.4 | 2 - contrib/ipfilter/man/ipf.5 | 9 +- contrib/ipfilter/man/ipf.8 | 2 - contrib/ipfilter/man/ipfilter.4 | 2 - contrib/ipfilter/man/ipfilter.5 | 2 - contrib/ipfilter/man/ipfs.8 | 2 - contrib/ipfilter/man/ipfstat.8 | 2 - contrib/ipfilter/man/ipftest.1 | 20 +- contrib/ipfilter/man/ipl.4 | 2 - contrib/ipfilter/man/ipmon.5 | 2 - contrib/ipfilter/man/ipmon.8 | 12 +- contrib/ipfilter/man/ipnat.4 | 2 - contrib/ipfilter/man/ipnat.5 | 5 +- contrib/ipfilter/man/ipnat.8 | 8 +- contrib/ipfilter/man/ippool.5 | 2 - contrib/ipfilter/man/ippool.8 | 2 - contrib/ipfilter/man/ipscan.5 | 2 - contrib/ipfilter/man/ipscan.8 | 2 - contrib/ipfilter/man/mkfilters.1 | 2 - contrib/ipfilter/md5.c | 2 - contrib/ipfilter/md5.h | 2 - contrib/ipfilter/mlf_ipl.c | 2 - contrib/ipfilter/mlf_rule.c | 2 - contrib/ipfilter/mlfk_rule.c | 4 +- contrib/ipfilter/opts.h | 4 +- contrib/ipfilter/pcap-ipf.h | 2 - contrib/ipfilter/perl/ipf-mrtg.pl | 2 +- contrib/ipfilter/perl/logfilter.pl | 2 +- contrib/ipfilter/radix.c | 8 +- contrib/ipfilter/radix_ipf.h | 14 +- contrib/ipfilter/rules/example.1 | 1 - contrib/ipfilter/rules/example.10 | 1 - contrib/ipfilter/rules/example.11 | 1 - contrib/ipfilter/rules/example.12 | 1 - contrib/ipfilter/rules/example.13 | 1 - contrib/ipfilter/rules/example.2 | 1 - contrib/ipfilter/rules/example.3 | 1 - contrib/ipfilter/rules/example.4 | 1 - contrib/ipfilter/rules/example.5 | 1 - contrib/ipfilter/rules/example.6 | 1 - contrib/ipfilter/rules/example.7 | 1 - contrib/ipfilter/rules/example.8 | 1 - contrib/ipfilter/rules/example.9 | 1 - contrib/ipfilter/rules/example.sr | 1 - contrib/ipfilter/samples/ipfilter-pb.gif | Bin 796 -> 795 bytes contrib/ipfilter/samples/proxy.c | 6 +- contrib/ipfilter/samples/relay.c | 10 +- contrib/ipfilter/samples/userauth.c | 2 - contrib/ipfilter/snoop.h | 4 +- contrib/ipfilter/test/Makefile | 23 +- contrib/ipfilter/test/dotest | 20 +- contrib/ipfilter/test/expected/bpf1 | 8 +- contrib/ipfilter/test/expected/f13 | 106 +++- contrib/ipfilter/test/expected/f17 | 1 + contrib/ipfilter/test/expected/f18 | 5 + contrib/ipfilter/test/expected/f19 | 10 + contrib/ipfilter/test/expected/f7 | 84 +++ contrib/ipfilter/test/expected/f9 | 64 +- contrib/ipfilter/test/expected/i1 | 2 + contrib/ipfilter/test/expected/i11 | 4 +- contrib/ipfilter/test/expected/i12 | 21 +- contrib/ipfilter/test/expected/i14 | 2 + contrib/ipfilter/test/expected/i16 | 3 + contrib/ipfilter/test/expected/i17 | 10 + contrib/ipfilter/test/expected/i18 | 10 + contrib/ipfilter/test/expected/i19 | 22 + contrib/ipfilter/test/expected/i2 | 1 + contrib/ipfilter/test/expected/i20 | 4 + contrib/ipfilter/test/expected/i21 | 10 + contrib/ipfilter/test/expected/i4 | 1 + contrib/ipfilter/test/expected/i6 | 2 + contrib/ipfilter/test/expected/i7 | 5 + contrib/ipfilter/test/expected/i8 | 31 + contrib/ipfilter/test/expected/i9 | 5 + contrib/ipfilter/test/expected/in1 | 3 + contrib/ipfilter/test/expected/in2 | 6 +- contrib/ipfilter/test/expected/in5 | 1 + contrib/ipfilter/test/expected/in6 | 4 + contrib/ipfilter/test/expected/n1 | 204 +++--- contrib/ipfilter/test/expected/n11 | 96 +-- contrib/ipfilter/test/expected/n13 | 5 + contrib/ipfilter/test/expected/n14 | 5 + contrib/ipfilter/test/expected/n2 | 152 ++--- contrib/ipfilter/test/expected/n3 | 20 +- contrib/ipfilter/test/expected/n4 | 120 ++-- contrib/ipfilter/test/expected/n5 | 648 ++++++++++---------- contrib/ipfilter/test/expected/n6 | 130 ++-- contrib/ipfilter/test/expected/n7 | 54 +- contrib/ipfilter/test/expected/p1 | 2 + contrib/ipfilter/test/expected/p2 | 7 +- contrib/ipfilter/test/expected/p3 | 2 + contrib/ipfilter/test/input/f13 | 51 +- contrib/ipfilter/test/input/f17 | 15 +- contrib/ipfilter/test/input/f18 | 4 + contrib/ipfilter/test/input/f19 | 4 + contrib/ipfilter/test/input/f7 | 6 + contrib/ipfilter/test/input/f9 | 3 + contrib/ipfilter/test/input/n13 | 4 + contrib/ipfilter/test/input/n14 | 4 + contrib/ipfilter/test/input/ni17 | 6 + contrib/ipfilter/test/itest | 9 +- contrib/ipfilter/test/natipftest | 4 +- contrib/ipfilter/test/regress/bpf1 | 4 +- contrib/ipfilter/test/regress/f13 | 2 + contrib/ipfilter/test/regress/f18 | 4 + contrib/ipfilter/test/regress/f19 | 2 + contrib/ipfilter/test/regress/f7 | 3 + contrib/ipfilter/test/regress/i1 | 2 + contrib/ipfilter/test/regress/i11 | 4 +- contrib/ipfilter/test/regress/i12 | 3 +- contrib/ipfilter/test/regress/i14 | 2 + contrib/ipfilter/test/regress/i16 | 3 + contrib/ipfilter/test/regress/i17 | 11 + contrib/ipfilter/test/regress/i18 | 2 + contrib/ipfilter/test/regress/i19 | 22 + contrib/ipfilter/test/regress/i2 | 1 + contrib/ipfilter/test/regress/i20 | 4 + contrib/ipfilter/test/regress/i21 | 6 + contrib/ipfilter/test/regress/i4 | 1 + contrib/ipfilter/test/regress/i6 | 2 + contrib/ipfilter/test/regress/i7 | 5 + contrib/ipfilter/test/regress/i8 | 29 + contrib/ipfilter/test/regress/i9 | 7 +- contrib/ipfilter/test/regress/in1 | 7 +- contrib/ipfilter/test/regress/in2 | 6 +- contrib/ipfilter/test/regress/in5 | 11 +- contrib/ipfilter/test/regress/in6 | 4 + contrib/ipfilter/test/regress/n13 | 1 + contrib/ipfilter/test/regress/n14 | 1 + contrib/ipfilter/test/regress/ni17.nat | 4 + contrib/ipfilter/test/regress/p2.ipf | 1 + contrib/ipfilter/test/test.format | 42 +- contrib/ipfilter/test/vfycksum.pl | 11 +- contrib/ipfilter/tools/ipf.c | 4 +- contrib/ipfilter/tools/ipf_y.y | 36 +- contrib/ipfilter/tools/ipfcomp.c | 4 +- contrib/ipfilter/tools/ipfs.c | 4 +- contrib/ipfilter/tools/ipfstat.c | 19 +- contrib/ipfilter/tools/ipftest.c | 70 ++- contrib/ipfilter/tools/ipmon.c | 15 +- contrib/ipfilter/tools/ipmon_y.y | 2 - contrib/ipfilter/tools/ipnat.c | 6 +- contrib/ipfilter/tools/ipnat_y.y | 17 +- contrib/ipfilter/tools/ippool.c | 2 - contrib/ipfilter/tools/ippool_y.y | 2 - contrib/ipfilter/tools/ipscan_y.y | 2 - contrib/ipfilter/tools/ipsyncm.c | 4 +- contrib/ipfilter/tools/ipsyncs.c | 4 +- contrib/ipfilter/tools/lex_var.h | 2 - contrib/ipfilter/tools/lexer.c | 2 - contrib/ipfilter/tools/lexer.h | 2 - 315 files changed, 2051 insertions(+), 1524 deletions(-) create mode 100644 contrib/ipfilter/lib/printproto.c create mode 100644 contrib/ipfilter/test/expected/f18 create mode 100644 contrib/ipfilter/test/expected/f19 create mode 100644 contrib/ipfilter/test/expected/i16 create mode 100644 contrib/ipfilter/test/expected/i17 create mode 100644 contrib/ipfilter/test/expected/i18 create mode 100644 contrib/ipfilter/test/expected/i19 create mode 100644 contrib/ipfilter/test/expected/i20 create mode 100644 contrib/ipfilter/test/expected/i21 create mode 100644 contrib/ipfilter/test/expected/n13 create mode 100644 contrib/ipfilter/test/expected/n14 create mode 100644 contrib/ipfilter/test/input/f18 create mode 100644 contrib/ipfilter/test/input/f19 create mode 100644 contrib/ipfilter/test/input/n13 create mode 100644 contrib/ipfilter/test/input/n14 create mode 100644 contrib/ipfilter/test/input/ni17 create mode 100644 contrib/ipfilter/test/regress/f18 create mode 100644 contrib/ipfilter/test/regress/f19 create mode 100644 contrib/ipfilter/test/regress/i16 create mode 100644 contrib/ipfilter/test/regress/i17 create mode 100644 contrib/ipfilter/test/regress/i18 create mode 100644 contrib/ipfilter/test/regress/i19 create mode 100644 contrib/ipfilter/test/regress/i20 create mode 100644 contrib/ipfilter/test/regress/i21 create mode 100644 contrib/ipfilter/test/regress/n13 create mode 100644 contrib/ipfilter/test/regress/n14 create mode 100644 contrib/ipfilter/test/regress/ni17.nat diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile index 72086a016cdb..9a2158bcf47a 100644 --- a/contrib/ipfilter/BSD/Makefile +++ b/contrib/ipfilter/BSD/Makefile @@ -8,7 +8,8 @@ SBINDEST=/sbin MANDIR=/usr/share/man SEARCHDIRS!=echo $(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin | awk '{for(i=1;i&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -n > report + sort -n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += $$F[0]/100*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,$$t/$$lc*100;' >> report + +clean-coverage: + /bin/rm -f *.gcov *.da diff --git a/contrib/ipfilter/BSD/Makefile.ipsend b/contrib/ipfilter/BSD/Makefile.ipsend index 410ea67c14fa..a83de1c6a92c 100644 --- a/contrib/ipfilter/BSD/Makefile.ipsend +++ b/contrib/ipfilter/BSD/Makefile.ipsend @@ -1,5 +1,5 @@ # -# Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp +# $Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp $ # BINDEST=/usr/sbin diff --git a/contrib/ipfilter/BSD/kupgrade b/contrib/ipfilter/BSD/kupgrade index 91f32daab43b..77a6ba1f534e 100644 --- a/contrib/ipfilter/BSD/kupgrade +++ b/contrib/ipfilter/BSD/kupgrade @@ -31,6 +31,14 @@ else major=x fi +if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then + echo "Please do a build of ipfilter and then run the following" + echo "command to build extra files:" + echo + echo "make ip_rules.c" + exit 1 +fi + echo -n "Installing " for j in auth frag nat proxy scan state sync pool htable lookup rules; do for i in ip_$j.[ch]; do diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 index 8a827cf899e3..c232b2c15972 100755 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sun Feb 13 14:32:01 2000 --- ip6_input.c Wed Apr 26 22:31:34 2000 *************** diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 index a6a461299036..90dac19eb044 100644 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sat Jul 15 07:14:34 2000 --- ip6_input.c Thu Oct 19 17:14:37 2000 *************** diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 index a6a461299036..90dac19eb044 100644 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sat Jul 15 07:14:34 2000 --- ip6_input.c Thu Oct 19 17:14:37 2000 *************** diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY index 9b93e8309cab..32daed422bb3 100644 --- a/contrib/ipfilter/HISTORY +++ b/contrib/ipfilter/HISTORY @@ -10,6 +10,85 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +4.1.10 - Released 6 December 2005 + +Expand regression testing to cover more features + +Add "coverage" build target for BSD + +Fix building 64bit sparc target for Solaris + +Add IPv6 mobility header to list of accepted keywords for V6 headers + +Resolve locking problems on Solaris when sending RST/icmp packets + +#ifdef's for IPFILTER_BPF need to check if words are defined before +using them in comparisons + +Add checking for SACK permitted option in TCP SYN packets + +Fix loading anonymous pools from inline rule configuration groups + +Add -C command line option to ipftest + +Include extra "const" from NetBSD + +Don't require SIOCKSTLCK for SIOCSTPUT + +Fix some use of "sticky" on NAT rules + +Fix statistical counting of deleting state for TCP connections + +Fix compile problems caused by changes to is_opt/is_optmsk in ip_sync.c + +Fix TCP out-of-window (OOW) problems: +- window scaling turned off if one chose for its scale factor +- Microsoft Windows TCP sends the "next packet" to the right of the window + when using SACK and filling in a hole + +4.1.9 - Released 13 August 2005 + +make ipfilter fix IPv4 header checksums for outgoing packets if BRIDGE_IPF +is defined when compiled. + +move the definition of SIOCPROXY from ip_nat.h to ip_proxy.h + +make the BSD/upgrade script more instructive about the requiements for +ip_rules.[ch] when it is run + +register for interface events on FreeBSD (>5.2.1) and NetBSD so that +"ipf -y" is not not requried to tell ipfilter about interface changes. + +for "quick" rules that do "keep state", move the state adding into the rule +evaluation so that we can detect it failing as rules are evaluated and +continue on to the next rather than wait until we're done and it's too late +to recover for more rule processing. + +mark ICMP packets advertising an MTU that's too small as being bad + +rework ipv6 header parsing to get better code reuse and fix logic errors +in dealing with ipv6 packets containing fragment headers. Also, where a +protocol handler was doing both v4 & v6, make a seperate function for each. + +build for both amd64 and i86pc (32bit) on Solaris10 and later, if possible + +include start of work to get IPFilter working on AIX 5.3 + +Use FI_ICMPERR flag rather than try to compute its equivalent all the time + +Rewrork IPv6 extension header parsing to get better code reuse + +Add missing timeout on Linux + +Fix for locking when reading from ipsync (Frank Volf) + +Fix insertion/appending of rules that use a collection number + +Somehow turning up the spl knob to splnet disappeared on platforms that still +use the spl interface. + +fix problems with "ipf -T" not listing multiple variables properly + 4.1.8 - Released 29 March 2005 include path from Phil Dibowitz for sorting ipfstat -t output by source or diff --git a/contrib/ipfilter/INST.FreeBSD-2.2 b/contrib/ipfilter/INST.FreeBSD-2.2 index 0e0ea06786f9..78f7295e0894 100644 --- a/contrib/ipfilter/INST.FreeBSD-2.2 +++ b/contrib/ipfilter/INST.FreeBSD-2.2 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" To build a kernel for use with the loadable kernel module, follow these steps: diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile index c54e1db1b866..59fb797a54ea 100644 --- a/contrib/ipfilter/Makefile +++ b/contrib/ipfilter/Makefile @@ -5,7 +5,7 @@ # provided that this notice is preserved and due credit is given # to the original author and the contributors. # -# Id: Makefile,v 2.76.2.13 2004/11/08 18:42:40 darrenr Exp +# $Id: Makefile,v 2.76.2.18 2005/12/04 23:41:22 darrenr Exp $ # SHELL=/bin/sh BINDEST=/usr/local/bin @@ -192,6 +192,15 @@ freebsd5: include else \ echo "#define INET6" > opt_inet6.h; \ fi + if [ "x$(IPFBPF)" = "x" ] ; then \ + echo "#undef NBPF" > opt_bpf.h; \ + echo "#undef NBPFILTER" > opt_bpf.h; \ + echo "#undef DEV_BPF" > opt_bpf.h; \ + else \ + echo "#define NBPF" > opt_bpf.h; \ + echo "#define NBPFILTER" > opt_bpf.h; \ + echo "#define DEV_BPF" > opt_bpf.h; \ + fi if [ x$(ENABLE_PFIL) = x ] ; then \ echo "#undef PFIL_HOOKS" > opt_pfil.h; \ else \ @@ -237,6 +246,11 @@ osf tru64: null include (cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..) (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) +aix: null include + make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`" + (cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) + bsd: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..) @@ -277,6 +291,7 @@ clean: clean-include (cd HPUX; $(MAKE) BITS=32 TOP=.. clean) (cd Linux; $(MAKE) TOP=.. clean) (cd OSF; $(MAKE) TOP=.. clean) + (cd AIX; $(MAKE) TOP=.. clean) if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi [ -d test ] && (cd test; $(MAKE) clean) (cd ipsend; $(MAKE) clean) @@ -295,6 +310,9 @@ clean-hpux: clean-include clean-osf: clean-include (cd OSF; make clean) +clean-aix: clean-include + (cd AIX; make clean) + clean-linux: clean-include (cd Linux; make clean) @@ -347,6 +365,10 @@ install-sunos4: solaris install-sunos5: solaris null (cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install) +install-aix: + (cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) + install-hpux: hpux (cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install) @@ -355,7 +377,6 @@ install-irix: irix install-osf install-tru64: (cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) - (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) do-cvs: find . -type d -name CVS -print | xargs /bin/rm -rf @@ -378,3 +399,4 @@ mdb: -DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \ -I/home/dr146992/pfil -I/home/dr146992/ipf -f \ /usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h + diff --git a/contrib/ipfilter/NAT.FreeBSD b/contrib/ipfilter/NAT.FreeBSD index 996b009ab1bf..8a7e95262f7c 100644 --- a/contrib/ipfilter/NAT.FreeBSD +++ b/contrib/ipfilter/NAT.FreeBSD @@ -4,7 +4,7 @@ After you have installed IpFilter. You will need to change three files: /etc/rc.local -/etc/sysconfig +/etc/rc.conf /etc/natrules You will have to: diff --git a/contrib/ipfilter/bpf-ipf.h b/contrib/ipfilter/bpf-ipf.h index c30315242a42..544455e5ff39 100644 --- a/contrib/ipfilter/bpf-ipf.h +++ b/contrib/ipfilter/bpf-ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c index 9876ff3e2637..c4ca42fc906f 100644 --- a/contrib/ipfilter/bpf_filter.c +++ b/contrib/ipfilter/bpf_filter.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. @@ -42,7 +40,7 @@ #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL)) static const char rcsid[] = - "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2 2003/08/19 16:49:58 darrenr Exp $ (LBL)"; + "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.1 2005/06/18 02:41:30 darrenr Exp $ (LBL)"; #endif #include @@ -53,7 +51,7 @@ static const char rcsid[] = #include #include -#include "ip_compat.h" +#include "netinet/ip_compat.h" #include "bpf-ipf.h" diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h index 1398c05f7cd7..3cf0ffb06238 100644 --- a/contrib/ipfilter/ipf.h +++ b/contrib/ipfilter/ipf.h @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 - * Id: ipf.h,v 2.71.2.6 2005/02/21 05:05:29 darrenr Exp + * $Id: ipf.h,v 2.71.2.7 2005/06/12 07:18:31 darrenr Exp $ */ #ifndef __IPF_H__ @@ -265,6 +263,7 @@ extern void printpacket6 __P((struct ip *)); extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, char *, int)); extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int)); +extern void printproto __P((struct protoent *, int, struct ipnat *)); extern void printportcmp __P((int, struct frpcmp *)); extern void optprint __P((u_short *, u_long, u_long)); #ifdef USE_INET6 diff --git a/contrib/ipfilter/iplang/iplang.h b/contrib/ipfilter/iplang/iplang.h index 675897b8419d..f36a3843c0aa 100644 --- a/contrib/ipfilter/iplang/iplang.h +++ b/contrib/ipfilter/iplang/iplang.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1997-1998 by Darren Reed. * diff --git a/contrib/ipfilter/iplang/iplang_l.l b/contrib/ipfilter/iplang/iplang_l.l index 0a97ec94d4bf..fae30a25ed2d 100644 --- a/contrib/ipfilter/iplang/iplang_l.l +++ b/contrib/ipfilter/iplang/iplang_l.l @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - %{ /* * Copyright (C) 1997-1998 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp + * $Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp $ */ #include #include diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y index fa960dfd6d16..4d494fb44ebf 100644 --- a/contrib/ipfilter/iplang/iplang_y.y +++ b/contrib/ipfilter/iplang/iplang_y.y @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - %{ /* * Copyright (C) 1997-1998 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_y.y,v 2.9.2.2 2004/12/09 19:41:10 darrenr Exp + * $Id: iplang_y.y,v 2.9.2.3 2005/10/17 17:25:04 darrenr Exp $ */ #include @@ -1290,8 +1288,14 @@ void prep_packet() if (ifp->if_fd == -1) ifp->if_fd = initdevice(ifp->if_name, 5); gwip = sending.snd_gw; - if (!gwip.s_addr) + if (!gwip.s_addr) { + if (aniphead == NULL) { + fprintf(stderr, + "no destination address defined for sending\n"); + return; + } gwip = aniphead->ah_ip->ip_dst; + } (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); } diff --git a/contrib/ipfilter/ipmon.h b/contrib/ipfilter/ipmon.h index a2408367e729..765a6469540f 100644 --- a/contrib/ipfilter/ipmon.h +++ b/contrib/ipfilter/ipmon.h @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp + * $Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp $ */ diff --git a/contrib/ipfilter/ipsd/Celler/ip_compat.h b/contrib/ipfilter/ipsd/Celler/ip_compat.h index 8b43cb94adf7..a911fd83c3f3 100644 --- a/contrib/ipfilter/ipsd/Celler/ip_compat.h +++ b/contrib/ipfilter/ipsd/Celler/ip_compat.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995 by Darren Reed. * diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c index 3d9ea4cdf568..51d0a148902f 100644 --- a/contrib/ipfilter/ipsd/ipsd.c +++ b/contrib/ipfilter/ipsd/ipsd.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * @@ -34,7 +32,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/ipsd.h b/contrib/ipfilter/ipsd/ipsd.h index 48f591101b50..3726b84149b1 100644 --- a/contrib/ipfilter/ipsd/ipsd.h +++ b/contrib/ipfilter/ipsd/ipsd.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c index 4689cbad83e7..af007e45f8aa 100644 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ b/contrib/ipfilter/ipsd/ipsdr.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * @@ -35,7 +33,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/linux.h b/contrib/ipfilter/ipsd/linux.h index 2fadfcfb2529..d9606cbba15d 100644 --- a/contrib/ipfilter/ipsd/linux.h +++ b/contrib/ipfilter/ipsd/linux.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1997-1998 by Darren Reed. * diff --git a/contrib/ipfilter/ipsd/sbpf.c b/contrib/ipfilter/ipsd/sbpf.c index 29a72008ab84..97bb4ce0ff3a 100644 --- a/contrib/ipfilter/ipsd/sbpf.c +++ b/contrib/ipfilter/ipsd/sbpf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/sdlpi.c b/contrib/ipfilter/ipsd/sdlpi.c index 289ad2f46804..baede7c46a06 100644 --- a/contrib/ipfilter/ipsd/sdlpi.c +++ b/contrib/ipfilter/ipsd/sdlpi.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/slinux.c b/contrib/ipfilter/ipsd/slinux.c index 3b786b04b88c..6372a607b2c1 100644 --- a/contrib/ipfilter/ipsd/slinux.c +++ b/contrib/ipfilter/ipsd/slinux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/snit.c b/contrib/ipfilter/ipsd/snit.c index 8f250260c33f..e78c59190e00 100644 --- a/contrib/ipfilter/ipsd/snit.c +++ b/contrib/ipfilter/ipsd/snit.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c index 420635516ebf..ca571e01db02 100644 --- a/contrib/ipfilter/ipsend/44arp.c +++ b/contrib/ipfilter/ipsend/44arp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Based upon 4.4BSD's /usr/sbin/arp */ diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c index 0e8f556724ac..609b8dd73fd7 100644 --- a/contrib/ipfilter/ipsend/arp.c +++ b/contrib/ipfilter/ipsend/arp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * arp.c (C) 1995-1998 Darren Reed * @@ -7,11 +5,11 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: arp.c,v 2.8 2003/12/01 02:01:15 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $"; #endif #include #include -#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) +#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51) #include #endif #include diff --git a/contrib/ipfilter/ipsend/dlcommon.c b/contrib/ipfilter/ipsend/dlcommon.c index 6e351f0fd061..89941388a618 100644 --- a/contrib/ipfilter/ipsend/dlcommon.c +++ b/contrib/ipfilter/ipsend/dlcommon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Common (shared) DLPI test routines. * Mostly pretty boring boilerplate sorta stuff. diff --git a/contrib/ipfilter/ipsend/dltest.h b/contrib/ipfilter/ipsend/dltest.h index 9fafd9182dc0..4c32c30eb1bc 100644 --- a/contrib/ipfilter/ipsend/dltest.h +++ b/contrib/ipfilter/ipsend/dltest.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Common DLPI Test Suite header file * diff --git a/contrib/ipfilter/ipsend/hpux.c b/contrib/ipfilter/ipsend/hpux.c index 69f962c77c13..42078e3b7f54 100644 --- a/contrib/ipfilter/ipsend/hpux.c +++ b/contrib/ipfilter/ipsend/hpux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1997-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsend/in_var.h b/contrib/ipfilter/ipsend/in_var.h index f228bbbb69f2..2ebd731a4892 100644 --- a/contrib/ipfilter/ipsend/in_var.h +++ b/contrib/ipfilter/ipsend/in_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* @(#)in_var.h 1.3 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c index 8302806f441d..a5023cd4bde0 100644 --- a/contrib/ipfilter/ipsend/ip.c +++ b/contrib/ipfilter/ipsend/ip.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ip.c (C) 1995-1998 Darren Reed * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ip_var.h b/contrib/ipfilter/ipsend/ip_var.h index b08f4e7a2fd3..92eb38a0befc 100644 --- a/contrib/ipfilter/ipsend/ip_var.h +++ b/contrib/ipfilter/ipsend/ip_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* diff --git a/contrib/ipfilter/ipsend/ipresend.1 b/contrib/ipfilter/ipsend/ipresend.1 index cffc6f3c29b6..6014313587b0 100644 --- a/contrib/ipfilter/ipsend/ipresend.1 +++ b/contrib/ipfilter/ipsend/ipresend.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPRESEND 1 .SH NAME ipresend \- resend IP packets out to network diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c index 1db54e19015f..7e52fe959f51 100644 --- a/contrib/ipfilter/ipsend/ipresend.c +++ b/contrib/ipfilter/ipsend/ipresend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipresend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.1 b/contrib/ipfilter/ipsend/ipsend.1 index 33320f3bd57b..f2f806658dd3 100644 --- a/contrib/ipfilter/ipsend/ipsend.1 +++ b/contrib/ipfilter/ipsend/ipsend.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSEND 1 .SH NAME ipsend \- sends IP packets diff --git a/contrib/ipfilter/ipsend/ipsend.5 b/contrib/ipfilter/ipsend/ipsend.5 index aac757adc646..4c1e66af3f81 100644 --- a/contrib/ipfilter/ipsend/ipsend.5 +++ b/contrib/ipfilter/ipsend/ipsend.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSEND 5 .SH NAME ipsend \- IP packet description language diff --git a/contrib/ipfilter/ipsend/ipsend.c b/contrib/ipfilter/ipsend/ipsend.c index 6c91d4d0b2d5..a3cc1dc22d5e 100644 --- a/contrib/ipfilter/ipsend/ipsend.c +++ b/contrib/ipfilter/ipsend/ipsend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.c (C) 1995-1998 Darren Reed * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.h b/contrib/ipfilter/ipsend/ipsend.h index be98c1b90d42..f5e51a7364c2 100644 --- a/contrib/ipfilter/ipsend/ipsend.h +++ b/contrib/ipfilter/ipsend/ipsend.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.h (C) 1997-1998 Darren Reed * diff --git a/contrib/ipfilter/ipsend/ipsopt.c b/contrib/ipfilter/ipsend/ipsopt.c index 7f1670568f35..9326bc63c4a2 100644 --- a/contrib/ipfilter/ipsend/ipsopt.c +++ b/contrib/ipfilter/ipsend/ipsopt.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-1998 by Darren Reed. * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptest.1 b/contrib/ipfilter/ipsend/iptest.1 index 0af5cc23bc33..ca740946347c 100644 --- a/contrib/ipfilter/ipsend/iptest.1 +++ b/contrib/ipfilter/ipsend/iptest.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPTEST 1 .SH NAME iptest \- automatically generate a packets to test IP functionality diff --git a/contrib/ipfilter/ipsend/iptest.c b/contrib/ipfilter/ipsend/iptest.c index 45f8f3a65f50..000d1cc254e8 100644 --- a/contrib/ipfilter/ipsend/iptest.c +++ b/contrib/ipfilter/ipsend/iptest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptests.c b/contrib/ipfilter/ipsend/iptests.c index a6cb41aa829d..434b010a50e9 100644 --- a/contrib/ipfilter/ipsend/iptests.c +++ b/contrib/ipfilter/ipsend/iptests.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-1998 by Darren Reed. * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.4 2005/06/12 07:18:39 darrenr Exp $"; #endif #include #include @@ -32,7 +30,7 @@ static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 dar # include #endif #if !defined(ultrix) && !defined(hpux) && !defined(linux) && \ - !defined(__sgi) && !defined(__osf__) + !defined(__sgi) && !defined(__osf__) && !defined(_AIX51) # include #endif #ifndef ultrix diff --git a/contrib/ipfilter/ipsend/larp.c b/contrib/ipfilter/ipsend/larp.c index a8e782e6bf7b..3d0c89c66a56 100644 --- a/contrib/ipfilter/ipsend/larp.c +++ b/contrib/ipfilter/ipsend/larp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * larp.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/linux.h b/contrib/ipfilter/ipsend/linux.h index d8296bafae8a..ae2e05f58264 100644 --- a/contrib/ipfilter/ipsend/linux.h +++ b/contrib/ipfilter/ipsend/linux.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-1998 by Darren Reed. * diff --git a/contrib/ipfilter/ipsend/lsock.c b/contrib/ipfilter/ipsend/lsock.c index abe664e5cb95..825495eab7db 100644 --- a/contrib/ipfilter/ipsend/lsock.c +++ b/contrib/ipfilter/ipsend/lsock.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * lsock.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c index 07220dfb7745..9c782ac77d8d 100644 --- a/contrib/ipfilter/ipsend/resend.c +++ b/contrib/ipfilter/ipsend/resend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * resend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sbpf.c b/contrib/ipfilter/ipsend/sbpf.c index 914792982c62..16a6e7ff7836 100644 --- a/contrib/ipfilter/ipsend/sbpf.c +++ b/contrib/ipfilter/ipsend/sbpf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * @@ -46,7 +44,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp $"; #endif /* diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c index 215223abb241..38eeb8a103d4 100644 --- a/contrib/ipfilter/ipsend/sdlpi.c +++ b/contrib/ipfilter/ipsend/sdlpi.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -48,7 +46,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sirix.c b/contrib/ipfilter/ipsend/sirix.c index 39a09925b491..0f634f766a46 100644 --- a/contrib/ipfilter/ipsend/sirix.c +++ b/contrib/ipfilter/ipsend/sirix.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. * (C)opyright 1997 Marc Boucher. diff --git a/contrib/ipfilter/ipsend/slinux.c b/contrib/ipfilter/ipsend/slinux.c index 3bc7f09c4db7..7c362b6e46d7 100644 --- a/contrib/ipfilter/ipsend/slinux.c +++ b/contrib/ipfilter/ipsend/slinux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -30,7 +28,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95"; -static const char rcsid[] = "@(#)Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/snit.c b/contrib/ipfilter/ipsend/snit.c index a4b19b9b83ee..bcd07d04003e 100644 --- a/contrib/ipfilter/ipsend/snit.c +++ b/contrib/ipfilter/ipsend/snit.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -41,7 +39,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sock.c b/contrib/ipfilter/ipsend/sock.c index ccc57f0ee983..45e7a0d0e779 100644 --- a/contrib/ipfilter/ipsend/sock.c +++ b/contrib/ipfilter/ipsend/sock.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * sock.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sockraw.c b/contrib/ipfilter/ipsend/sockraw.c index 822c146f8cf3..0e3fe5928ca1 100644 --- a/contrib/ipfilter/ipsend/sockraw.c +++ b/contrib/ipfilter/ipsend/sockraw.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 2000 Darren Reed. * diff --git a/contrib/ipfilter/ipsend/tcpip.h b/contrib/ipfilter/ipsend/tcpip.h index 0d3e04031ff0..44a2de995c28 100644 --- a/contrib/ipfilter/ipsend/tcpip.h +++ b/contrib/ipfilter/ipsend/tcpip.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. @@ -29,7 +27,7 @@ * SUCH DAMAGE. * * @(#)tcpip.h 8.1 (Berkeley) 6/10/93 - * Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp + * $Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp $ */ #ifndef _NETINET_TCPIP_H_ diff --git a/contrib/ipfilter/ipt.h b/contrib/ipfilter/ipt.h index 6a14fe5a57d2..938e40041e95 100644 --- a/contrib/ipfilter/ipt.h +++ b/contrib/ipfilter/ipt.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp + * $Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp $ */ #ifndef __IPT_H__ diff --git a/contrib/ipfilter/kmem.h b/contrib/ipfilter/kmem.h index 7cb66357fc0d..d2b1171aeb2c 100644 --- a/contrib/ipfilter/kmem.h +++ b/contrib/ipfilter/kmem.h @@ -1,10 +1,8 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/l4check/http.ok b/contrib/ipfilter/l4check/http.ok index 0e7dd90187e0..2b5d2c15266d 100644 --- a/contrib/ipfilter/l4check/http.ok +++ b/contrib/ipfilter/l4check/http.ok @@ -1 +1 @@ - + \ No newline at end of file diff --git a/contrib/ipfilter/l4check/l4check.c b/contrib/ipfilter/l4check/l4check.c index 68c41de4e5a3..3fecb80dbb9b 100644 --- a/contrib/ipfilter/l4check/l4check.c +++ b/contrib/ipfilter/l4check/l4check.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)Copyright March, 2000 - Darren Reed. */ diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile index d448ba0f4c1c..a6e9cc47842d 100644 --- a/contrib/ipfilter/lib/Makefile +++ b/contrib/ipfilter/lib/Makefile @@ -68,6 +68,7 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/printip.o \ $(DEST)/printpool.o \ $(DEST)/printpoolnode.o \ + $(DEST)/printproto.o \ $(DEST)/printfr.o \ $(DEST)/printfraginfo.o \ $(DEST)/printhostmap.o \ @@ -246,6 +247,8 @@ $(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h $(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_pool.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@ +$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h + $(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@ $(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@ $(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP) diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index a8c1722d46df..e18a787a0a59 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp + * $Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c index 23f44273eb5b..e39484fcc4bf 100644 --- a/contrib/ipfilter/lib/addipopt.c +++ b/contrib/ipfilter/lib/addipopt.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp + * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/addkeep.c b/contrib/ipfilter/lib/addkeep.c index 3f20fb424201..bbc7759fbc93 100644 --- a/contrib/ipfilter/lib/addkeep.c +++ b/contrib/ipfilter/lib/addkeep.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp + * $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/bcopywrap.c b/contrib/ipfilter/lib/bcopywrap.c index 939137ba2846..1800373c1d1b 100644 --- a/contrib/ipfilter/lib/bcopywrap.c +++ b/contrib/ipfilter/lib/bcopywrap.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int bcopywrap(from, to, size) diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c index afa491008fa1..b07dfb0d7c95 100644 --- a/contrib/ipfilter/lib/binprint.c +++ b/contrib/ipfilter/lib/binprint.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp + * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c index a35649bf3c74..706e7b73b97f 100644 --- a/contrib/ipfilter/lib/buildopts.c +++ b/contrib/ipfilter/lib/buildopts.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp + * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c index 28032ce81f25..f95cc7977a70 100644 --- a/contrib/ipfilter/lib/checkrev.c +++ b/contrib/ipfilter/lib/checkrev.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp + * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c index 0f2187fde14c..e3857fad67dd 100644 --- a/contrib/ipfilter/lib/count4bits.c +++ b/contrib/ipfilter/lib/count4bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp + * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c index bd4e9f80d23d..e9a515936600 100644 --- a/contrib/ipfilter/lib/count6bits.c +++ b/contrib/ipfilter/lib/count6bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp + * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c index 151022256478..9f3f4cc84192 100644 --- a/contrib/ipfilter/lib/debug.c +++ b/contrib/ipfilter/lib/debug.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp + * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/lib/extras.c b/contrib/ipfilter/lib/extras.c index 0f7f39f1995d..9087ca69c1ab 100644 --- a/contrib/ipfilter/lib/extras.c +++ b/contrib/ipfilter/lib/extras.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp + * $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index 1e35ea9dfe71..2fc0a78f82c5 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp + * $Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $ */ #include @@ -22,7 +20,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $"; #endif @@ -42,10 +40,10 @@ table_t facs[] = { #else { "cron", LOG_CRON1 }, #endif -#ifdef LOG_FTP +#ifdef LOG_FTP { "ftp", LOG_FTP }, #endif -#ifdef LOG_AUTHPRIV +#ifdef LOG_AUTHPRIV { "authpriv", LOG_AUTHPRIV }, #endif #ifdef LOG_AUDIT diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h index e8eef2ba283a..d0d488a8cda9 100644 --- a/contrib/ipfilter/lib/facpri.h +++ b/contrib/ipfilter/lib/facpri.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp + * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $ */ #ifndef __FACPRI_H__ diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c index 8f23a6f918a7..421a07515a4a 100644 --- a/contrib/ipfilter/lib/fill6bits.c +++ b/contrib/ipfilter/lib/fill6bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp + * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c index df6645d1a4dd..49f28e6bef1a 100644 --- a/contrib/ipfilter/lib/flags.c +++ b/contrib/ipfilter/lib/flags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp + * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/genmask.c b/contrib/ipfilter/lib/genmask.c index 06f64043070f..238e5b62afeb 100644 --- a/contrib/ipfilter/lib/genmask.c +++ b/contrib/ipfilter/lib/genmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp + * $Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/gethost.c b/contrib/ipfilter/lib/gethost.c index a03168a3f73e..afcd3b5c0994 100644 --- a/contrib/ipfilter/lib/gethost.c +++ b/contrib/ipfilter/lib/gethost.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int gethost(name, hostp) diff --git a/contrib/ipfilter/lib/getifname.c b/contrib/ipfilter/lib/getifname.c index 94c9c9c7e4f0..1480c1f26450 100644 --- a/contrib/ipfilter/lib/getifname.c +++ b/contrib/ipfilter/lib/getifname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/getline.c b/contrib/ipfilter/lib/getline.c index 61c00ba3b933..7d06d4367b28 100644 --- a/contrib/ipfilter/lib/getline.c +++ b/contrib/ipfilter/lib/getline.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c index c783d6fce813..312a862c3edd 100644 --- a/contrib/ipfilter/lib/getnattype.c +++ b/contrib/ipfilter/lib/getnattype.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -11,7 +9,7 @@ #include "kmem.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c index 7cf903d8fe25..03fcd179f6dd 100644 --- a/contrib/ipfilter/lib/getport.c +++ b/contrib/ipfilter/lib/getport.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int getport(fr, name, port) diff --git a/contrib/ipfilter/lib/getportproto.c b/contrib/ipfilter/lib/getportproto.c index 17efa4361984..d76e7611c1be 100644 --- a/contrib/ipfilter/lib/getportproto.c +++ b/contrib/ipfilter/lib/getportproto.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c index c75f13742d10..58e82bdb6ab5 100644 --- a/contrib/ipfilter/lib/getproto.c +++ b/contrib/ipfilter/lib/getproto.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int getproto(name) @@ -14,6 +12,14 @@ char *name; if (*s == '\0') return atoi(name); +#ifdef _AIX51 + /* + * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 + */ + if (!strcasecmp(name, "ip")) + return 0; +#endif + p = getprotobyname(name); if (p != NULL) return p->p_proto; diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c index 11ecc5734596..346c445ff849 100644 --- a/contrib/ipfilter/lib/getsumd.c +++ b/contrib/ipfilter/lib/getsumd.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" char *getsumd(sum) diff --git a/contrib/ipfilter/lib/hexdump.c b/contrib/ipfilter/lib/hexdump.c index 4eb3b9ad8f42..86e731ee4a23 100644 --- a/contrib/ipfilter/lib/hexdump.c +++ b/contrib/ipfilter/lib/hexdump.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostmask.c b/contrib/ipfilter/lib/hostmask.c index 67755f8383dc..4ee41e16b94f 100644 --- a/contrib/ipfilter/lib/hostmask.c +++ b/contrib/ipfilter/lib/hostmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp + * $Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostname.c b/contrib/ipfilter/lib/hostname.c index a0109dafb939..a883fc6cb6aa 100644 --- a/contrib/ipfilter/lib/hostname.c +++ b/contrib/ipfilter/lib/hostname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostnum.c b/contrib/ipfilter/lib/hostnum.c index c62e4a10dbcb..2ec0529a2981 100644 --- a/contrib/ipfilter/lib/hostnum.c +++ b/contrib/ipfilter/lib/hostnum.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index 17e1ba4dfb1c..fd1e647687ec 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/inet_addr.c b/contrib/ipfilter/lib/inet_addr.c index 5ccf6a96a0b8..820b7b58a416 100644 --- a/contrib/ipfilter/lib/inet_addr.c +++ b/contrib/ipfilter/lib/inet_addr.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ++Copyright++ 1983, 1990, 1993 * - @@ -57,7 +55,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c index 676774c48b03..d875925c08ea 100644 --- a/contrib/ipfilter/lib/initparse.c +++ b/contrib/ipfilter/lib/initparse.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp + * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c index 9e4602b8764e..b1f655c2dc0b 100644 --- a/contrib/ipfilter/lib/ionames.c +++ b/contrib/ipfilter/lib/ionames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp + * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ipf_dotuning.c b/contrib/ipfilter/lib/ipf_dotuning.c index c9416ff2411b..daff02578a44 100644 --- a/contrib/ipfilter/lib/ipf_dotuning.c +++ b/contrib/ipfilter/lib/ipf_dotuning.c @@ -1,7 +1,5 @@ -/* $NetBSD$ */ - #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include void ipf_dotuning(fd, tuneargs, iocfn) @@ -33,6 +31,7 @@ ioctlfunc_t iocfn; printtunable(&tu); } } else if ((t = strchr(s, '=')) != NULL) { + tu.ipft_cookie = NULL; *t++ = '\0'; strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); if (sscanf(t, "%lu", &tu.ipft_vlong) == 1) { @@ -45,13 +44,16 @@ ioctlfunc_t iocfn; return; } } else { + tu.ipft_cookie = NULL; strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); if ((*iocfn)(fd, SIOCIPFGET, &obj) == -1) { perror("ioctl(SIOCIPFGET)"); return; } - if (tu.ipft_cookie == NULL) + if (tu.ipft_cookie == NULL) { + fprintf(stderr, "Null cookie for %s\n", s); return; + } tu.ipft_name[sizeof(tu.ipft_name) - 1] = '\0'; printtunable(&tu); diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c index eebc417fc8c8..237febcb4b07 100644 --- a/contrib/ipfilter/lib/ipft_ef.c +++ b/contrib/ipfilter/lib/ipft_ef.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -33,7 +31,7 @@ etherfind -n -t #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $"; #endif static int etherf_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c index 3cc8ec5e908a..c6491078c1ae 100644 --- a/contrib/ipfilter/lib/ipft_hx.c +++ b/contrib/ipfilter/lib/ipft_hx.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_hx.c,v 1.11.4.1 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $"; #endif #include @@ -83,7 +81,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { printf("input: %s", line); } @@ -108,7 +106,7 @@ int cnt, *dir; s = line; t = (char *)ip; ip = (ip_t *)readhex(s, (char *)ip); - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { if (opts & OPT_ASCII) { if (t < (char *)ip) putchar('\t'); @@ -124,6 +122,8 @@ int cnt, *dir; fflush(stdout); } } + if (feof(tfp)) + return 0; return -1; } diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c index 3678d7868c4c..de152355993c 100644 --- a/contrib/ipfilter/lib/ipft_pc.c +++ b/contrib/ipfilter/lib/ipft_pc.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp + * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" @@ -13,7 +11,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $"; #endif struct llc { @@ -162,10 +160,19 @@ static int pcap_close() static int pcap_read_rec(rec) struct pcap_pkthdr *rec; { - int n, p; + int n, p, i; + char *s; - if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; + s = (char *)rec; + n = sizeof(*rec); + + while (n > 0) { + i = read(pfd, (char *)rec, sizeof(*rec)); + if (i <= 0) + return -2; + s += i; + n -= i; + } if (swapped) { rec->ph_clen = SWAPLONG(rec->ph_clen); @@ -178,6 +185,8 @@ struct pcap_pkthdr *rec; if (!n || n < 0) return -3; + if (p < 0 || p > 65536) + return -4; return p; } @@ -224,7 +233,7 @@ int cnt, *dir; struct pcap_pkthdr rec; struct llc *l; char *s, ty[4]; - int i, n; + int i, j, n; l = llcp; @@ -238,8 +247,14 @@ int cnt, *dir; bufp = realloc(bufp, i); s = bufp; - if (read(pfd, s, i) != i) - return -2; + for (j = i, n = 0; j > 0; ) { + n = read(pfd, s, j); + if (n <= 0) + return -2; + j -= n; + s += n; + } + s = bufp; i -= l->lc_sz; s += l->lc_to; diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c index 1458821e658e..1b3e364396db 100644 --- a/contrib/ipfilter/lib/ipft_sn.c +++ b/contrib/ipfilter/lib/ipft_sn.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp + * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $ */ /* @@ -16,7 +14,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $"; #endif struct llc { diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c index b278c7293269..1aa616670a87 100644 --- a/contrib/ipfilter/lib/ipft_td.c +++ b/contrib/ipfilter/lib/ipft_td.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -42,7 +40,7 @@ tcpdump -nqte #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; #endif static int tcpd_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index c77fbc42277d..0432c08449ac 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -1,15 +1,13 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp + * $Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $"; #endif #include @@ -31,8 +29,8 @@ static int text_open __P((char *)), text_close __P((void)); static int text_readip __P((char *, int, char **, int *)); static int parseline __P((char *, ip_t *, char **, int *)); -static char _tcp_flagset[] = "FSRPAUEC"; -static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, +static char myflagset[] = "FSRPAUEC"; +static u_char myflags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG, TH_ECN, TH_CWR }; struct ipread iptext = { text_open, text_close, text_readip, R_DO_CKSUM }; @@ -161,7 +159,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) + if ((opts & OPT_DEBUG) != 0) printf("input: %s\n", line); *ifn = NULL; *dir = 0; @@ -172,6 +170,8 @@ int cnt, *dir; return sizeof(ip_t); #endif } + if (feof(tfp)) + return 0; return -1; } @@ -280,14 +280,12 @@ int *out; ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); cpp++; if (*cpp && ip->ip_p == IPPROTO_TCP) { - extern char _tcp_flagset[]; - extern u_char _tcp_flags[]; char *s, *t; tcp->th_flags = 0; for (s = *cpp; *s; s++) - if ((t = strchr(_tcp_flagset, *s))) - tcp->th_flags |= _tcp_flags[t - _tcp_flagset]; + if ((t = strchr(myflagset, *s))) + tcp->th_flags |= myflags[t - myflagset]; if (tcp->th_flags) cpp++; if (tcp->th_flags == 0) @@ -299,15 +297,22 @@ int *out; char **s, *t; int i; + t = strchr(*cpp, ','); + if (t != NULL) + *t = '\0'; + for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) - if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { + s++, i++) { + if (*s && !strcasecmp(*cpp, *s)) { ic->icmp_type = i; - if ((t = strchr(*cpp, ','))) - ic->icmp_code = atoi(t+1); + if (t != NULL) + ic->icmp_code = atoi(t + 1); cpp++; break; } + } + if (t != NULL) + *t = ','; } if (*cpp && !strcasecmp(*cpp, "opt")) { diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c index 95bde9c04d9b..558ae58a1b62 100644 --- a/contrib/ipfilter/lib/ipoptsec.c +++ b/contrib/ipfilter/lib/ipoptsec.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp + * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c index 3f044bb20c5b..1fd00ab5350c 100644 --- a/contrib/ipfilter/lib/kmem.c +++ b/contrib/ipfilter/lib/kmem.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -18,7 +16,7 @@ #include #include #include -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51) #include #endif #include @@ -44,12 +42,13 @@ #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)Id: kmem.c,v 1.16.2.1 2004/06/20 10:25:58 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $"; #endif -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \ + !defined(linux) && !defined(_AIX51) /* * For all platforms where there is a libkvm and a kvm_t, we use that... */ diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h index 07a14f58b9ce..2cdd5fb1820f 100644 --- a/contrib/ipfilter/lib/kmem.h +++ b/contrib/ipfilter/lib/kmem.h @@ -1,10 +1,8 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/lib/kmemcpywrap.c b/contrib/ipfilter/lib/kmemcpywrap.c index 274bcb1ab14a..35715dc63d51 100644 --- a/contrib/ipfilter/lib/kmemcpywrap.c +++ b/contrib/ipfilter/lib/kmemcpywrap.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/kvatoname.c b/contrib/ipfilter/lib/kvatoname.c index 030c63363377..b3f4af932cdc 100644 --- a/contrib/ipfilter/lib/kvatoname.c +++ b/contrib/ipfilter/lib/kvatoname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c index 4fc042bb4d2a..638e9f5700a0 100644 --- a/contrib/ipfilter/lib/load_hash.c +++ b/contrib/ipfilter/lib/load_hash.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hash.c,v 1.11.2.2 2005/02/01 02:44:05 darrenr Exp + * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $ */ #include @@ -72,8 +70,8 @@ ioctlfunc_t iocfunc; } } - strncpy(op.iplo_name, iph.iph_name, sizeof(op.iplo_name)); - strncpy(iphp->iph_name, iph.iph_name, sizeof(op.iplo_name)); + strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name)); + strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name)); if (opts & OPT_VERBOSE) { for (a = list; a != NULL; a = a->ipe_next) { diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c index 186ba05e8707..cee03385f40f 100644 --- a/contrib/ipfilter/lib/load_hashnode.c +++ b/contrib/ipfilter/lib/load_hashnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp + * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c index 5fab31151997..9cf22a233aab 100644 --- a/contrib/ipfilter/lib/load_pool.c +++ b/contrib/ipfilter/lib/load_pool.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_pool.c,v 1.14.2.2 2005/02/01 02:44:06 darrenr Exp + * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $ */ #include @@ -38,7 +36,7 @@ ioctlfunc_t iocfunc; op.iplo_struct = &pool; bzero((char *)&pool, sizeof(pool)); strncpy(pool.ipo_name, plp->ipo_name, sizeof(pool.ipo_name)); - if (*plp->ipo_name == '\0') + if (plp->ipo_name[0] == '\0') op.iplo_arg |= IPOOL_ANON; if ((opts & OPT_REMOVE) == 0) { @@ -49,6 +47,9 @@ ioctlfunc_t iocfunc; } } + if (op.iplo_arg & IPOOL_ANON) + strncpy(pool.ipo_name, op.iplo_name, sizeof(pool.ipo_name)); + if ((opts & OPT_VERBOSE) != 0) { pool.ipo_list = plp->ipo_list; printpool(&pool, bcopywrap, pool.ipo_name, opts); @@ -56,7 +57,7 @@ ioctlfunc_t iocfunc; } for (a = plp->ipo_list; a != NULL; a = a->ipn_next) - load_poolnode(plp->ipo_unit, plp->ipo_name, a, iocfunc); + load_poolnode(plp->ipo_unit, pool.ipo_name, a, iocfunc); if ((opts & OPT_REMOVE) != 0) { if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op)) diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c index e9d233f18127..e992a80281ec 100644 --- a/contrib/ipfilter/lib/load_poolnode.c +++ b/contrib/ipfilter/lib/load_poolnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp + * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/loglevel.c b/contrib/ipfilter/lib/loglevel.c index 31b4f17f81cf..47dd8bac0273 100644 --- a/contrib/ipfilter/lib/loglevel.c +++ b/contrib/ipfilter/lib/loglevel.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp + * $Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/make_range.c b/contrib/ipfilter/lib/make_range.c index 9ec3ca34e907..e4335cddf18b 100644 --- a/contrib/ipfilter/lib/make_range.c +++ b/contrib/ipfilter/lib/make_range.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp + * $Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/mutex_emul.c b/contrib/ipfilter/lib/mutex_emul.c index 43b7f763afd0..9497ffebae55 100644 --- a/contrib/ipfilter/lib/mutex_emul.c +++ b/contrib/ipfilter/lib/mutex_emul.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #define EMM_MAGIC 0x9d7adba3 diff --git a/contrib/ipfilter/lib/nametokva.c b/contrib/ipfilter/lib/nametokva.c index 50f30775e3bf..9250d7ce6897 100644 --- a/contrib/ipfilter/lib/nametokva.c +++ b/contrib/ipfilter/lib/nametokva.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c index ce64abb4dbb6..00e0df15bab6 100644 --- a/contrib/ipfilter/lib/nat_setgroupmap.c +++ b/contrib/ipfilter/lib/nat_setgroupmap.c @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) -static const char rcsid[] = "@(#)Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/lib/natparse.c b/contrib/ipfilter/lib/natparse.c index adbbeb9e7b31..9937380f35a7 100644 --- a/contrib/ipfilter/lib/natparse.c +++ b/contrib/ipfilter/lib/natparse.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp $"; #endif #include diff --git a/contrib/ipfilter/lib/ntomask.c b/contrib/ipfilter/lib/ntomask.c index 415a5e867c9d..cd4e98362ff6 100644 --- a/contrib/ipfilter/lib/ntomask.c +++ b/contrib/ipfilter/lib/ntomask.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int ntomask(v, nbits, ap) diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c index 7fdcc57964d7..1f604d13d505 100644 --- a/contrib/ipfilter/lib/optname.c +++ b/contrib/ipfilter/lib/optname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 261a75cb0220..42c161837e04 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp + * $Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c index 75e0fd0615f5..4e4eee20d2f6 100644 --- a/contrib/ipfilter/lib/optprintv6.c +++ b/contrib/ipfilter/lib/optprintv6.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp + * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c index dc9448d1b42e..21d37b4d012c 100644 --- a/contrib/ipfilter/lib/optvalue.c +++ b/contrib/ipfilter/lib/optvalue.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/parse.c b/contrib/ipfilter/lib/parse.c index 4cf69abe88f8..1a49d16bbd7e 100644 --- a/contrib/ipfilter/lib/parse.c +++ b/contrib/ipfilter/lib/parse.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp + * $Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp $ */ #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c index 7c0fc8796d70..7136d8c01780 100644 --- a/contrib/ipfilter/lib/portname.c +++ b/contrib/ipfilter/lib/portname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp + * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/portnum.c b/contrib/ipfilter/lib/portnum.c index 284bbc954557..4079f464c21f 100644 --- a/contrib/ipfilter/lib/portnum.c +++ b/contrib/ipfilter/lib/portnum.c @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * - * Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/ports.c b/contrib/ipfilter/lib/ports.c index 634dfeb6cab3..9a44e2c06a2d 100644 --- a/contrib/ipfilter/lib/ports.c +++ b/contrib/ipfilter/lib/ports.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c index 0e230cdb4780..5d88ef9de2d4 100644 --- a/contrib/ipfilter/lib/print_toif.c +++ b/contrib/ipfilter/lib/print_toif.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp + * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c index 3c56b14d3592..389818b67b2c 100644 --- a/contrib/ipfilter/lib/printactivenat.c +++ b/contrib/ipfilter/lib/printactivenat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c index 5c5c3ddef98a..45b4b2f6adbc 100644 --- a/contrib/ipfilter/lib/printaps.c +++ b/contrib/ipfilter/lib/printaps.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -13,7 +11,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c index f2b7faaeb510..613293ae19b6 100644 --- a/contrib/ipfilter/lib/printbuf.c +++ b/contrib/ipfilter/lib/printbuf.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index f0f5a0e0c1dd..f893ebb35636 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfr.c,v 1.43.2.10 2005/03/16 15:38:13 darrenr Exp + * $Id: printfr.c,v 1.43.2.15 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -22,7 +20,7 @@ u_32_t *addr, *mask; switch (type) { case FRI_BROADCAST : - suffix = "/bcast"; + suffix = "bcast"; break; case FRI_DYNAMIC : @@ -32,15 +30,15 @@ u_32_t *addr, *mask; break; case FRI_NETWORK : - suffix = "/net"; + suffix = "net"; break; case FRI_NETMASKED : - suffix = "/netmasked"; + suffix = "netmasked"; break; case FRI_PEERADDR : - suffix = "/peer"; + suffix = "peer"; break; case FRI_LOOKUP : @@ -107,6 +105,9 @@ ioctlfunc_t iocfunc; if ((fp->fr_type & FR_T_BUILTIN) != 0) printf("# Builtin: "); + if (fp->fr_collect != 0) + printf("%u ", fp->fr_collect); + if (fp->fr_type == FR_T_CALLFUNC) { ; } else if (fp->fr_func != NULL) { @@ -189,12 +190,11 @@ ioctlfunc_t iocfunc; if (*fp->fr_ifnames[2]) { printifname("", fp->fr_ifnames[2], fp->fr_ifas[2]); - putchar(' '); - if (*fp->fr_ifnames[3]) { printifname(",", fp->fr_ifnames[3], fp->fr_ifas[3]); } + putchar(' '); } } @@ -208,10 +208,10 @@ ioctlfunc_t iocfunc; pr = -1; } else if (fp->fr_mip.fi_p) { pr = fp->fr_ip.fi_p; - if ((p = getprotobynumber(fp->fr_proto))) - printf("proto %s ", p->p_name); - else - printf("proto %d ", fp->fr_proto); + p = getprotobynumber(pr); + printf("proto "); + printproto(p, pr, NULL); + putchar(' '); } } @@ -370,6 +370,35 @@ ioctlfunc_t iocfunc; if (!(fp->fr_flx & FI_OOW)) printf("not "); printf("oow"); + comma = ","; + } + if (fp->fr_mflx & FI_MBCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MBCAST)) + printf("not "); + printf("mbcast"); + comma = ","; + } + if (fp->fr_mflx & FI_BROADCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_BROADCAST)) + printf("not "); + printf("bcast"); + comma = ","; + } + if (fp->fr_mflx & FI_MULTICAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MULTICAST)) + printf("not "); + printf("mcast"); + comma = ","; + } + if (fp->fr_mflx & FI_STATE) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_STATE)) + printf("not "); + printf("state"); + comma = ","; } } @@ -410,8 +439,8 @@ ioctlfunc_t iocfunc; if (fp->fr_flags & (FR_FRSTRICT)) { printf(" ("); if (fp->fr_flags & FR_FRSTRICT) - printf(" strict"); - printf(" )"); + printf("strict"); + printf(")"); } } diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c index b521c8315eff..557b031a6b35 100644 --- a/contrib/ipfilter/lib/printfraginfo.c +++ b/contrib/ipfilter/lib/printfraginfo.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp + * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/printhash.c b/contrib/ipfilter/lib/printhash.c index 80157bb1d27f..5411190eb97e 100644 --- a/contrib/ipfilter/lib/printhash.c +++ b/contrib/ipfilter/lib/printhash.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printhashnode.c b/contrib/ipfilter/lib/printhashnode.c index 39255e70d127..05d4df7d8860 100644 --- a/contrib/ipfilter/lib/printhashnode.c +++ b/contrib/ipfilter/lib/printhashnode.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c index bdb670254095..bed06078c18a 100644 --- a/contrib/ipfilter/lib/printhostmap.c +++ b/contrib/ipfilter/lib/printhostmap.c @@ -1,13 +1,14 @@ -/* $NetBSD$ */ - #include "ipf.h" void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { + struct in_addr in; + printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); - printf("%s ", inet_ntoa(hmp->hm_mapip)); + in.s_addr = htonl(hmp->hm_mapip.s_addr); + printf("%s ", inet_ntoa(in)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c index c34bc43723a2..207e36394f69 100644 --- a/contrib/ipfilter/lib/printhostmask.c +++ b/contrib/ipfilter/lib/printhostmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp + * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c index 53a7fd77fa01..12d46ffc31ef 100644 --- a/contrib/ipfilter/lib/printifname.c +++ b/contrib/ipfilter/lib/printifname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c index 1a04f1d41846..828e0c1edcf2 100644 --- a/contrib/ipfilter/lib/printip.c +++ b/contrib/ipfilter/lib/printip.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp + * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index d14add42945f..1445971ad833 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printlog.c,v 1.6 2002/01/28 06:50:47 darrenr Exp + * $Id: printlog.c,v 1.6.4.1 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -27,12 +25,9 @@ frentry_t *fp; printf(" or-block"); if (fp->fr_loglevel != 0xffff) { printf(" level "); - if (fp->fr_loglevel & LOG_FACMASK) { - s = fac_toname(fp->fr_loglevel); - if (s == NULL) - s = "!!!"; - } else - s = ""; + s = fac_toname(fp->fr_loglevel); + if (s == NULL) + s = "!!!"; u = pri_toname(fp->fr_loglevel); if (u == NULL) u = "!!!"; diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c index d3d9a6f1e5f8..18bf46f1c688 100644 --- a/contrib/ipfilter/lib/printmask.c +++ b/contrib/ipfilter/lib/printmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp + * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index 15a688606a85..8ca4125f059e 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -13,11 +11,9 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.8 2005/01/12 03:39:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $"; #endif -static void printproto __P((ipnat_t *, struct protoent *)); - /* * Print out a NAT rule */ @@ -53,7 +49,7 @@ int opts; printf(" %s", np->in_ifnames[0]); if ((np->in_ifnames[1][0] != '\0') && (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) { - printf(",%s ", np->in_ifnames[1]); + printf(",%s", np->in_ifnames[1]); } putchar(' '); @@ -102,13 +98,16 @@ int opts; printf(" -> %s", inet_ntoa(np->in_in[0].in4)); if (np->in_flags & IPN_SPLIT) printf(",%s", inet_ntoa(np->in_in[1].in4)); + else if (np->in_inmsk == 0 && np->in_inip == 0) + printf("/0"); if (np->in_flags & IPN_TCPUDP) { if ((np->in_flags & IPN_FIXEDDPORT) != 0) printf(" port = %d", ntohs(np->in_pnext)); else printf(" port %d", ntohs(np->in_pnext)); } - printproto(np, pr); + putchar(' '); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_ROUNDR) printf(" round-robin"); if (np->in_flags & IPN_FRAG) @@ -164,10 +163,7 @@ int opts; } printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); - if (pr != NULL) - fputs(pr->p_name, stdout); - else - printf("%d", np->in_p); + printproto(pr, np->in_p, NULL); } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -178,11 +174,11 @@ int opts; printf("\n\tip modulous %d", np->in_pmax); } else if (np->in_pmin || np->in_pmax) { if (np->in_flags & IPN_ICMPQUERY) { - printf(" icmpidmap"); + printf(" icmpidmap "); } else { - printf(" portmap"); + printf(" portmap "); } - printproto(np, pr); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -194,8 +190,10 @@ int opts; printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) - printproto(np, pr); + } else if (np->in_flags & IPN_TCPUDP || np->in_p) { + putchar(' '); + printproto(pr, np->in_p, np); + } if (np->in_flags & IPN_FRAG) printf(" frag"); @@ -227,21 +225,3 @@ int opts; np->in_tqehead[0], np->in_tqehead[1], np->in_comment); } } - -static void printproto(np, pr) -ipnat_t *np; -struct protoent *pr; -{ - if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) - printf(" tcp/udp"); - else if (np->in_flags & IPN_TCP) - printf(" tcp"); - else if (np->in_flags & IPN_UDP) - printf(" udp"); - else if (np->in_flags & IPN_ICMPQUERY) - printf(" icmp"); - else if (pr != NULL) - printf(" %s", pr->p_name); - else - printf(" %d", np->in_p); -} diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index 58460bec2cc3..dada8d0a55bd 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printpacket.c,v 1.12.4.1 2005/02/21 05:09:24 darrenr Exp + * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $ */ #include "ipf.h" @@ -52,7 +50,8 @@ struct ip *ip; } tcp = (struct tcphdr *)((char *)ip + (IP_HL(ip) << 2)); - printf("ip %d(%d) %d", ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); + printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), + IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) printf(" @%d", off << 3); printf(" %s", inet_ntoa(ip->ip_src)); diff --git a/contrib/ipfilter/lib/printpacket6.c b/contrib/ipfilter/lib/printpacket6.c index 2f9ea1dc5514..f0147f107f02 100644 --- a/contrib/ipfilter/lib/printpacket6.c +++ b/contrib/ipfilter/lib/printpacket6.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" /* diff --git a/contrib/ipfilter/lib/printpool.c b/contrib/ipfilter/lib/printpool.c index 6291306395f4..6af4460b01c5 100644 --- a/contrib/ipfilter/lib/printpool.c +++ b/contrib/ipfilter/lib/printpool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printpoolnode.c b/contrib/ipfilter/lib/printpoolnode.c index dd0ef9705403..e2f953652985 100644 --- a/contrib/ipfilter/lib/printpoolnode.c +++ b/contrib/ipfilter/lib/printpoolnode.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c index 7ec011604faf..b1ecd366f7e3 100644 --- a/contrib/ipfilter/lib/printportcmp.c +++ b/contrib/ipfilter/lib/printportcmp.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp + * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printproto.c b/contrib/ipfilter/lib/printproto.c new file mode 100644 index 000000000000..dd0ce39ca57e --- /dev/null +++ b/contrib/ipfilter/lib/printproto.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 1993-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include "ipf.h" + + +#if !defined(lint) +static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.1 2005/06/12 07:21:53 darrenr Exp $"; +#endif + + +void printproto(pr, p, np) +struct protoent *pr; +int p; +ipnat_t *np; +{ + if (np != NULL) { + if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) + printf("tcp/udp"); + else if (np->in_flags & IPN_TCP) + printf("tcp"); + else if (np->in_flags & IPN_UDP) + printf("udp"); + else if (np->in_flags & IPN_ICMPQUERY) + printf("icmp"); +#ifdef _AIX51 + /* + * To make up for "ip = 252" and "hopopt = 0" in /etc/protocols + */ + else if (np->in_p == 0) + printf("ip"); +#endif + else if (pr != NULL) + printf("%s", pr->p_name); + else + printf("%d", np->in_p); + } else { +#ifdef _AIX51 + if (p == 0) + printf("ip"); + else +#endif + if (pr != NULL) + printf("%s", pr->p_name); + else + printf("%d", p); + } +} diff --git a/contrib/ipfilter/lib/printsbuf.c b/contrib/ipfilter/lib/printsbuf.c index 805c03b0f71d..b066b58ac1bb 100644 --- a/contrib/ipfilter/lib/printsbuf.c +++ b/contrib/ipfilter/lib/printsbuf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #ifdef IPFILTER_SCAN #include diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index 9cfdc8ab3fb6..102b0ea2b7c6 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * @@ -144,8 +142,8 @@ u_long now; PRINTF("\tpkt_flags & %x(%x) = %x,\t", ips.is_flags & 0xf, ips.is_flags, ips.is_flags >> 4); - PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk, - ips.is_opt); + PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], + ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); diff --git a/contrib/ipfilter/lib/printtunable.c b/contrib/ipfilter/lib/printtunable.c index 46e9f80b5c5e..5c26851c7960 100644 --- a/contrib/ipfilter/lib/printtunable.c +++ b/contrib/ipfilter/lib/printtunable.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" void printtunable(tup) diff --git a/contrib/ipfilter/lib/ratoi.c b/contrib/ipfilter/lib/ratoi.c index 31ee122be0b0..fb8552dfcc15 100644 --- a/contrib/ipfilter/lib/ratoi.c +++ b/contrib/ipfilter/lib/ratoi.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ratoui.c b/contrib/ipfilter/lib/ratoui.c index e4d0cbf08b8c..191f87f4d116 100644 --- a/contrib/ipfilter/lib/ratoui.c +++ b/contrib/ipfilter/lib/ratoui.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c index 256751ff5e79..d1830ac76a2e 100644 --- a/contrib/ipfilter/lib/remove_hash.c +++ b/contrib/ipfilter/lib/remove_hash.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c index 5e5b6349fd6f..afa0dbc554d8 100644 --- a/contrib/ipfilter/lib/remove_hashnode.c +++ b/contrib/ipfilter/lib/remove_hashnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c index 3f5e0044eebb..d14529ab40e0 100644 --- a/contrib/ipfilter/lib/remove_pool.c +++ b/contrib/ipfilter/lib/remove_pool.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c index aff4694687cb..2c7f9d302802 100644 --- a/contrib/ipfilter/lib/remove_poolnode.c +++ b/contrib/ipfilter/lib/remove_poolnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp + * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/resetlexer.c b/contrib/ipfilter/lib/resetlexer.c index 0801242fdadc..d16a05e0ba39 100644 --- a/contrib/ipfilter/lib/resetlexer.c +++ b/contrib/ipfilter/lib/resetlexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" long string_start = -1; diff --git a/contrib/ipfilter/lib/rwlock_emul.c b/contrib/ipfilter/lib/rwlock_emul.c index 64b807e494a2..3bccd9ab05b9 100644 --- a/contrib/ipfilter/lib/rwlock_emul.c +++ b/contrib/ipfilter/lib/rwlock_emul.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #define EMM_MAGIC 0x97dd8b3a diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c index 314b9d2ad230..9c33da957df9 100644 --- a/contrib/ipfilter/lib/tcp_flags.c +++ b/contrib/ipfilter/lib/tcp_flags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp + * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c index b7ea4b8c307e..d4d6145c2707 100644 --- a/contrib/ipfilter/lib/tcpflags.c +++ b/contrib/ipfilter/lib/tcpflags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp + * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c index b5e0cc77d67f..39f3dbbe18dc 100644 --- a/contrib/ipfilter/lib/tcpoptnames.c +++ b/contrib/ipfilter/lib/tcpoptnames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp + * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/to_interface.c b/contrib/ipfilter/lib/to_interface.c index 50f9a70e8f9f..8f2c16f04377 100644 --- a/contrib/ipfilter/lib/to_interface.c +++ b/contrib/ipfilter/lib/to_interface.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp + * $Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c index 087da5d8a8d0..c89e27c784e2 100644 --- a/contrib/ipfilter/lib/v6ionames.c +++ b/contrib/ipfilter/lib/v6ionames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6ionames.c,v 1.1.4.1 2005/01/02 13:08:49 darrenr Exp + * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $ */ #include "ipf.h" @@ -21,6 +19,7 @@ struct ipopt_names v6ionames[] ={ { IPPROTO_AH, 0x000020, 0, "ah" }, { IPPROTO_NONE, 0x000040, 0, "none" }, { IPPROTO_DSTOPTS, 0x000080, 0, "dstopts" }, + { IPPROTO_MOBILITY, 0x000100, 0, "mobility" }, { 0, 0, 0, (char *)NULL } }; diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c index 57dc2fbfb4e4..fd8e2e22b649 100644 --- a/contrib/ipfilter/lib/v6optvalue.c +++ b/contrib/ipfilter/lib/v6optvalue.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp + * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/var.c b/contrib/ipfilter/lib/var.c index 79b2517b9ae2..37d310b130de 100644 --- a/contrib/ipfilter/lib/var.c +++ b/contrib/ipfilter/lib/var.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c index d4f3012ca6f8..e386038d1bb7 100644 --- a/contrib/ipfilter/lib/verbose.c +++ b/contrib/ipfilter/lib/verbose.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp + * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/man/ipf.4 b/contrib/ipfilter/man/ipf.4 index 7a0b20ab8f83..e2e5b5b10fbd 100644 --- a/contrib/ipfilter/man/ipf.4 +++ b/contrib/ipfilter/man/ipf.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 4 .SH NAME ipf \- packet filtering kernel interface diff --git a/contrib/ipfilter/man/ipf.5 b/contrib/ipfilter/man/ipf.5 index ab7f93585e04..3fd9e94abd99 100644 --- a/contrib/ipfilter/man/ipf.5 +++ b/contrib/ipfilter/man/ipf.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 5 .SH NAME ipf, ipf.conf, ipf6.conf \- IP packet filter rule syntax @@ -58,8 +56,8 @@ port-range = "port" port-num range port-num . flags = "flags" flag { flag } [ "/" flag { flag } ] . with = "with" | "and" . icmp = "icmp-type" icmp-type [ "code" decnumber ] . -return-code = "("icmp-code")" . -keep = "keep" "state" | "keep" "frags" . +return-code = "(" icmp-code ")" . +keep = "keep" "state" [ "(" state-options ")" ] | "keep" "frags" . loglevel = facility"."priority | priority . nummask = host-name [ "/" decnumber ] . @@ -67,7 +65,10 @@ host-name = ipaddr | hostname | "any" . ipaddr = host-num "." host-num "." host-num "." host-num . host-num = digit [ digit [ digit ] ] . port-num = service-name | decnumber . +state-options = state-opts [ "," state-options ] . +state-opts = "age" decnumber [ "/" decnumber ] | "strict" | + "no-icmp-err" | "limit" decnumber | "newisn" | "sync" . withopt = [ "not" | "no" ] opttype [ withopt ] . opttype = "ipopts" | "short" | "frag" | "opt" optname . optname = ipopts [ "," optname ] . diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8 index c7d07c0bc5d2..431157774834 100644 --- a/contrib/ipfilter/man/ipf.8 +++ b/contrib/ipfilter/man/ipf.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 8 .SH NAME ipf \- alters packet filtering lists for IP packet input and output diff --git a/contrib/ipfilter/man/ipfilter.4 b/contrib/ipfilter/man/ipfilter.4 index cf8ca9fa5f10..b2d2f2a77245 100644 --- a/contrib/ipfilter/man/ipfilter.4 +++ b/contrib/ipfilter/man/ipfilter.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IP\ FILTER 4 .SH NAME ipfilter \- Introduction to IP packet filtering diff --git a/contrib/ipfilter/man/ipfilter.5 b/contrib/ipfilter/man/ipfilter.5 index 9fbb6754261d..0bba0f4bad02 100644 --- a/contrib/ipfilter/man/ipfilter.5 +++ b/contrib/ipfilter/man/ipfilter.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPFILTER 1 .SH NAME IP Filter diff --git a/contrib/ipfilter/man/ipfs.8 b/contrib/ipfilter/man/ipfs.8 index 52f6fcbf0be9..d5bf460c2963 100644 --- a/contrib/ipfilter/man/ipfs.8 +++ b/contrib/ipfilter/man/ipfs.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPFS 8 .SH NAME ipfs \- saves and restores information for NAT and state tables. diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index 549b31a8f726..a3ec72a5c8d0 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH ipfstat 8 .SH NAME ipfstat \- reports on packet filter statistics and filter list diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index 4a17576797bd..5153687ed1a5 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-6bdDoRvx +.B \-6bCdDoRvx ] [ .B \-F input-format @@ -29,6 +27,9 @@ interface .B \-r ] [ +.B \-S + +] [ .B \-T ] @@ -58,6 +59,11 @@ Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. .TP +.B \-C +Force the checksums to be (re)calculated for all packets being input into +\fBipftest\fP. This may be necessary if pcap files from tcpdump are being +fed in where there are partial checksums present due to hardware offloading. +.TP .B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). @@ -169,6 +175,14 @@ Specify the filename from which to read filter rules in \fBipf\fP(5) format. .B \-R Don't attempt to convert IP addresses to hostnames. .TP +.BR \-S \0 +The IP address specifived with this option is used by ipftest to determine +whether a packet should be treated as "input" or "output". If the source +address in an IP packet matches then it is considered to be inbound. If it +does not match then it is considered to be outbound. This is primarily +for use with tcpdump (pcap) files where there is no in/out information +saved with each packet. +.TP .BR \-T \0 This option simulates the run-time changing of IPFilter kernel variables available with the \fB\-T\fP option of \fBipf\fP. diff --git a/contrib/ipfilter/man/ipl.4 b/contrib/ipfilter/man/ipl.4 index d45749b6750e..d8106cc24d64 100644 --- a/contrib/ipfilter/man/ipl.4 +++ b/contrib/ipfilter/man/ipl.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPL 4 .SH NAME ipl \- IP packet log device diff --git a/contrib/ipfilter/man/ipmon.5 b/contrib/ipfilter/man/ipmon.5 index bc48466bc718..2e3eebd06ba2 100644 --- a/contrib/ipfilter/man/ipmon.5 +++ b/contrib/ipfilter/man/ipmon.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPMON 5 .SH NAME ipmon, ipmon.conf \- ipmon configuration file format diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 0c2861c5752a..1ddc307a9fe5 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipmon 8 .SH NAME ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS .B ipmon [ -.B \-abDFhnpstvxX +.B \-abBDFhnpstvxX ] [ .B "\-N " ] [ @@ -73,6 +71,9 @@ unreachable message. In order for \fBipmon\fP to properly work, the kernel option \fBIPFILTER_LOG\fP must be turned on in your kernel. Please see \fBoptions(4)\fP for more details. +.LP +\fBipmon\fP reopns its log file(s) and rereads its configuration file +when it receives a SIGHUP signal. .SH OPTIONS .TP .B \-a @@ -83,6 +84,11 @@ are displayed to the same output 'device' (stderr or syslog). For rules which log the body of a packet, generate hex output representing the packet contents after the headers. .TP +.B \-B +Enable logging of the raw, unformatted binary data to the specified +\fI\fP file. This can be read, later, using \fBipmon\fP +with the \fB-f\fP option. +.TP .B \-D Cause ipmon to turn itself into a daemon. Using subshells or backgrounding of ipmon is not required to turn it into an orphan so it can run indefinitely. diff --git a/contrib/ipfilter/man/ipnat.4 b/contrib/ipfilter/man/ipnat.4 index 6f696bd625b9..54f55d3de810 100644 --- a/contrib/ipfilter/man/ipnat.4 +++ b/contrib/ipfilter/man/ipnat.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 4 .SH NAME ipnat \- Network Address Translation kernel interface diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5 index 7db33086eeb8..2d76a4665064 100644 --- a/contrib/ipfilter/man/ipnat.5 +++ b/contrib/ipfilter/man/ipnat.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 5 .SH NAME ipnat, ipnat.conf \- IP NAT file format @@ -12,9 +10,10 @@ ipmap :: = mapblock | redir | map . map ::= mapit ifname lhs "->" dstipmask [ mapicmp | mapport | mapproxy ] mapoptions . mapblock ::= "map-block" ifname lhs "->" ipmask [ ports ] mapoptions . -redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions . +redir ::= "rdr" ifname rlhs "->" ip [ "," ip ] rdrport rdroptions . lhs ::= ipmask | fromto . +rlhs ::= ipmask dport | fromto . dport ::= "port" portnum [ "-" portnum ] . ports ::= "ports" numports | "auto" . rdrport ::= "port" portnum . diff --git a/contrib/ipfilter/man/ipnat.8 b/contrib/ipfilter/man/ipnat.8 index 49a09beaf6d6..683e8f15d9e9 100644 --- a/contrib/ipfilter/man/ipnat.8 +++ b/contrib/ipfilter/man/ipnat.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 8 .SH NAME ipnat \- user interface to the NAT subsystem @@ -35,7 +33,7 @@ enabled. .TP .B \-C delete all entries in the current NAT rule listing (NAT rules) - .TP +.TP .B \-d Enable printing of some extra debugging information. .TP @@ -54,10 +52,10 @@ This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-r -Remove matching NAT rules rather than add them to the internal lists +Remove matching NAT rules rather than add them to the internal lists. .TP .B \-s -Retrieve and display NAT statistics +Retrieve and display NAT statistics. .TP .B \-v Turn verbose mode on. Displays information relating to rule processing diff --git a/contrib/ipfilter/man/ippool.5 b/contrib/ipfilter/man/ippool.5 index c9eaaca65b19..1c720b9392dd 100644 --- a/contrib/ipfilter/man/ippool.5 +++ b/contrib/ipfilter/man/ippool.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPPOOL 5 .SH NAME ippool, ippool.conf \- IP Pool file format diff --git a/contrib/ipfilter/man/ippool.8 b/contrib/ipfilter/man/ippool.8 index 6ed1e8841603..e27cb92c2c91 100644 --- a/contrib/ipfilter/man/ippool.8 +++ b/contrib/ipfilter/man/ippool.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPPOOL 8 .SH NAME ippool \- user interface to the IPFilter pools diff --git a/contrib/ipfilter/man/ipscan.5 b/contrib/ipfilter/man/ipscan.5 index 4a001749e863..cc12ca38d4d3 100644 --- a/contrib/ipfilter/man/ipscan.5 +++ b/contrib/ipfilter/man/ipscan.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSCAN 5 .SH NAME ipscan, ipscan.conf \- ipscan file format diff --git a/contrib/ipfilter/man/ipscan.8 b/contrib/ipfilter/man/ipscan.8 index d3ce9528734d..958c45610736 100644 --- a/contrib/ipfilter/man/ipscan.8 +++ b/contrib/ipfilter/man/ipscan.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSCAN 8 .SH NAME ipscan \- user interface to the IPFilter content scanning diff --git a/contrib/ipfilter/man/mkfilters.1 b/contrib/ipfilter/man/mkfilters.1 index 3bac7d16bb5d..b5fd9dc59f36 100644 --- a/contrib/ipfilter/man/mkfilters.1 +++ b/contrib/ipfilter/man/mkfilters.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH MKFILTERS 1 .SH NAME mkfilters \- generate a minimal firewall ruleset for ipfilter diff --git a/contrib/ipfilter/md5.c b/contrib/ipfilter/md5.c index 78a0eb720ae7..c46a95764705 100644 --- a/contrib/ipfilter/md5.c +++ b/contrib/ipfilter/md5.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* diff --git a/contrib/ipfilter/md5.h b/contrib/ipfilter/md5.h index 40e8dc65a89c..48bbaf1bb9d0 100644 --- a/contrib/ipfilter/md5.h +++ b/contrib/ipfilter/md5.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* *********************************************************************** ** md5.h -- header file for implementation of MD5 ** diff --git a/contrib/ipfilter/mlf_ipl.c b/contrib/ipfilter/mlf_ipl.c index c0cdce825a31..b39a14d0d877 100644 --- a/contrib/ipfilter/mlf_ipl.c +++ b/contrib/ipfilter/mlf_ipl.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/mlf_rule.c b/contrib/ipfilter/mlf_rule.c index 731ef5e439c4..c540ebde5faa 100644 --- a/contrib/ipfilter/mlf_rule.c +++ b/contrib/ipfilter/mlf_rule.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/mlfk_rule.c b/contrib/ipfilter/mlfk_rule.c index a4f3ba71ff22..c17507613d87 100644 --- a/contrib/ipfilter/mlfk_rule.c +++ b/contrib/ipfilter/mlfk_rule.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2000 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp + * $Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp $ */ diff --git a/contrib/ipfilter/opts.h b/contrib/ipfilter/opts.h index 602c4e389222..655f9f09ef43 100644 --- a/contrib/ipfilter/opts.h +++ b/contrib/ipfilter/opts.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2000 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp + * $Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp $ */ #ifndef __OPTS_H__ diff --git a/contrib/ipfilter/pcap-ipf.h b/contrib/ipfilter/pcap-ipf.h index a6b974c5413f..2ad5b01b22d5 100644 --- a/contrib/ipfilter/pcap-ipf.h +++ b/contrib/ipfilter/pcap-ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/perl/ipf-mrtg.pl b/contrib/ipfilter/perl/ipf-mrtg.pl index a96a7cddb2b3..cce30ab09c5b 100644 --- a/contrib/ipfilter/perl/ipf-mrtg.pl +++ b/contrib/ipfilter/perl/ipf-mrtg.pl @@ -19,4 +19,4 @@ print "$in_pkts\n", my $uptime = `/usr/bin/uptime`; $uptime =~ /^\s+(\d{1,2}:\d{2}..)\s+up\s+(\d+)\s+(......),/; print "$2 $3\n", - "$firewall\n"; + "$firewall\n"; \ No newline at end of file diff --git a/contrib/ipfilter/perl/logfilter.pl b/contrib/ipfilter/perl/logfilter.pl index a75eafd72e9c..6ebe401ab4ee 100644 --- a/contrib/ipfilter/perl/logfilter.pl +++ b/contrib/ipfilter/perl/logfilter.pl @@ -178,4 +178,4 @@ tcp 6667 irc.log tcp 7070 realaudio.log tcp 8080 http.log tcp 12345 netbus.log -udp 31337 backorifice.log +udp 31337 backorifice.log \ No newline at end of file diff --git a/contrib/ipfilter/radix.c b/contrib/ipfilter/radix.c index 964c10952687..69b50c062a60 100644 --- a/contrib/ipfilter/radix.c +++ b/contrib/ipfilter/radix.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -103,6 +101,12 @@ static int rn_lexobetter __P((void *, void *)); static struct radix_mask *rn_new_radix_mask __P((struct radix_node *, struct radix_mask *)); static int rn_freenode __P((struct radix_node *, void *)); +#if defined(AIX) && !defined(_KERNEL) +struct radix_node *rn_match __P((void *, struct radix_node_head *)); +struct radix_node *rn_addmask __P((int, int, void *)); +#define FreeS(x, y) KFREES(x, y) +#define Bcopy(x, y, z) bcopy(x, y, z) +#endif /* * The data structure for the keys is a radix tree with one way diff --git a/contrib/ipfilter/radix_ipf.h b/contrib/ipfilter/radix_ipf.h index 1dada6034def..357b9c40dc2d 100644 --- a/contrib/ipfilter/radix_ipf.h +++ b/contrib/ipfilter/radix_ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -28,7 +26,7 @@ * @(#)radix.h 8.2 (Berkeley) 10/31/94 */ -#ifndef _NET_RADIX_H_ +#if !defined(_NET_RADIX_H_) && !defined(_RADIX_H_) #define _NET_RADIX_H_ #ifndef _RADIX_H_ #define _RADIX_H_ @@ -42,7 +40,7 @@ # endif #endif -#ifdef __sgi +#if defined(__sgi) # define radix_mask ipf_radix_mask # define radix_node ipf_radix_node # define radix_node_head ipf_radix_node_head @@ -146,6 +144,12 @@ struct radix_node_head { }; +#if defined(AIX) +# undef Bcmp +# undef Bzero +# undef R_Malloc +# undef Free +#endif #define Bcmp(a, b, n) bcmp(((caddr_t)(a)), ((caddr_t)(b)), (unsigned)(n)) #if defined(linux) && defined(_KERNEL) # define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) @@ -157,7 +161,7 @@ struct radix_node_head { #define FreeS(p, z) KFREES(p, z) #define Free(p) KFREE(p) -#if (defined(__osf__) || (IRIX >= 60516)) && defined(_KERNEL) +#if (defined(__osf__) || defined(AIX) || (IRIX >= 60516)) && defined(_KERNEL) # define rn_init ipf_rn_init # define rn_fini ipf_rn_fini # define rn_inithead ipf_rn_inithead diff --git a/contrib/ipfilter/rules/example.1 b/contrib/ipfilter/rules/example.1 index 3da9f3ccab5c..ff93f492cafe 100644 --- a/contrib/ipfilter/rules/example.1 +++ b/contrib/ipfilter/rules/example.1 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all incoming TCP packets on le0 from host 10.1.1.1 to any destination. # diff --git a/contrib/ipfilter/rules/example.10 b/contrib/ipfilter/rules/example.10 index f7a0b011e144..560d1e670f61 100644 --- a/contrib/ipfilter/rules/example.10 +++ b/contrib/ipfilter/rules/example.10 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # pass ack packets (ie established connection) # diff --git a/contrib/ipfilter/rules/example.11 b/contrib/ipfilter/rules/example.11 index 1cefa9a3b35d..c6b4e7ff0d73 100644 --- a/contrib/ipfilter/rules/example.11 +++ b/contrib/ipfilter/rules/example.11 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # allow any TCP packets from the same subnet as foo is on through to host # 10.1.1.2 if they are destined for port 6667. diff --git a/contrib/ipfilter/rules/example.12 b/contrib/ipfilter/rules/example.12 index 6dbaef58c561..c0ba1d3cdda1 100644 --- a/contrib/ipfilter/rules/example.12 +++ b/contrib/ipfilter/rules/example.12 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # get rid of all short IP fragments (too small for valid comparison) # diff --git a/contrib/ipfilter/rules/example.13 b/contrib/ipfilter/rules/example.13 index ca741148931e..854f07f1694f 100644 --- a/contrib/ipfilter/rules/example.13 +++ b/contrib/ipfilter/rules/example.13 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # Log all short TCP packets to qe3, with 10.3.3.3 as the intended # destination for the packet. diff --git a/contrib/ipfilter/rules/example.2 b/contrib/ipfilter/rules/example.2 index 81e7d25c7c71..4f81725eeb0c 100644 --- a/contrib/ipfilter/rules/example.2 +++ b/contrib/ipfilter/rules/example.2 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all outgoing TCP packets on le0 from any host to port 23 of # host 10.1.1.2 diff --git a/contrib/ipfilter/rules/example.3 b/contrib/ipfilter/rules/example.3 index c5b4344f91ce..cd31f73e7c2b 100644 --- a/contrib/ipfilter/rules/example.3 +++ b/contrib/ipfilter/rules/example.3 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all inbound packets. # diff --git a/contrib/ipfilter/rules/example.4 b/contrib/ipfilter/rules/example.4 index f18dcdd0cd27..7918ec2fbd99 100644 --- a/contrib/ipfilter/rules/example.4 +++ b/contrib/ipfilter/rules/example.4 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all ICMP packets. # diff --git a/contrib/ipfilter/rules/example.5 b/contrib/ipfilter/rules/example.5 index 959dfb836371..6d688b5eab80 100644 --- a/contrib/ipfilter/rules/example.5 +++ b/contrib/ipfilter/rules/example.5 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # test ruleset # diff --git a/contrib/ipfilter/rules/example.6 b/contrib/ipfilter/rules/example.6 index e9ce23ac27e6..d40f0f3d2a18 100644 --- a/contrib/ipfilter/rules/example.6 +++ b/contrib/ipfilter/rules/example.6 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all TCP packets with only the SYN flag set (this is the first # packet sent to establish a connection) out of the SYN-ACK pair. diff --git a/contrib/ipfilter/rules/example.7 b/contrib/ipfilter/rules/example.7 index 0ddd7f77628b..062de9811935 100644 --- a/contrib/ipfilter/rules/example.7 +++ b/contrib/ipfilter/rules/example.7 @@ -1,4 +1,3 @@ -# $FreeBSD$ # block all ICMP packets. # block in proto icmp all diff --git a/contrib/ipfilter/rules/example.8 b/contrib/ipfilter/rules/example.8 index 2276b525b17d..baa02581256e 100644 --- a/contrib/ipfilter/rules/example.8 +++ b/contrib/ipfilter/rules/example.8 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all incoming TCP connections but send back a TCP-RST for ones to # the ident port diff --git a/contrib/ipfilter/rules/example.9 b/contrib/ipfilter/rules/example.9 index 50bb46a672d8..daff2031db8e 100644 --- a/contrib/ipfilter/rules/example.9 +++ b/contrib/ipfilter/rules/example.9 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # drop all packets without IP security options # diff --git a/contrib/ipfilter/rules/example.sr b/contrib/ipfilter/rules/example.sr index 46fb6f14aaf6..c4c1994030ba 100644 --- a/contrib/ipfilter/rules/example.sr +++ b/contrib/ipfilter/rules/example.sr @@ -1,4 +1,3 @@ -# $FreeBSD$ # # log all inbound packet on le0 which has IP options present # diff --git a/contrib/ipfilter/samples/ipfilter-pb.gif b/contrib/ipfilter/samples/ipfilter-pb.gif index f729ab1365da85890fa029cccd6b20064a8231a2..afaefa866541bb0e11bc0b14cd41623506825641 100644 GIT binary patch delta 7 OcmbQkHk)mOG&2AR*8&m% delta 9 QcmbQuHivD4G&3U?01gEL9RL6T diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c index ccf2ac65e646..3a3d039ea964 100644 --- a/contrib/ipfilter/samples/proxy.c +++ b/contrib/ipfilter/samples/proxy.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Sample transparent proxy program. * @@ -94,8 +92,8 @@ char *argv[]; natlook.nl_outip = sin.sin_addr; natlook.nl_inip = sloc.sin_addr; natlook.nl_flags = IPN_TCP; - natlook.nl_outport = ntohs(sin.sin_port); - natlook.nl_inport = ntohs(sloc.sin_port); + natlook.nl_outport = sin.sin_port; + natlook.nl_inport = sloc.sin_port; /* * Open the NAT device and lookup the mapping pair. diff --git a/contrib/ipfilter/samples/relay.c b/contrib/ipfilter/samples/relay.c index b91779a4a8e4..6b96fc42f613 100644 --- a/contrib/ipfilter/samples/relay.c +++ b/contrib/ipfilter/samples/relay.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Sample program to be used as a transparent proxy. * @@ -18,10 +16,10 @@ #include #include #include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ip_nat.h" -#include "ipl.h" +#include "netinet/ip_compat.h" +#include "netinet/ip_fil.h" +#include "netinet/ip_nat.h" +#include "netinet/ipl.h" #define RELAY_BUFSZ 8192 diff --git a/contrib/ipfilter/samples/userauth.c b/contrib/ipfilter/samples/userauth.c index ef059ac00250..dbfeac60bfce 100644 --- a/contrib/ipfilter/samples/userauth.c +++ b/contrib/ipfilter/samples/userauth.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include #include diff --git a/contrib/ipfilter/snoop.h b/contrib/ipfilter/snoop.h index 12dea374029b..8fa6f7e4a34a 100644 --- a/contrib/ipfilter/snoop.h +++ b/contrib/ipfilter/snoop.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -11,7 +9,7 @@ /* * written to comply with the RFC (1761) from Sun. - * Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp + * $Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp $ */ struct snoophdr { char s_id[8]; diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile index 7f17241b3f23..16535bf265ee 100644 --- a/contrib/ipfilter/test/Makefile +++ b/contrib/ipfilter/test/Makefile @@ -11,7 +11,7 @@ all: results tests results: mkdir -p results -tests: ipf nat logtests ipv6 pools +tests: ipf nat logtests ipv6 pools bpf ipf: ftests ptests @@ -21,12 +21,13 @@ first: -mkdir -p results # Filtering tests -ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 +ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 # Rule parsing tests -ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 +ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 \ + i20 i21 -ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 +ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 nitests: ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 @@ -40,16 +41,16 @@ ipv6: ipv6.1 ipv6.2 ipv6.3 bpf: bpf1 bpf-f1 -f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14: +f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f19: @/bin/sh ./dotest `awk "/^$@ / { print; } " test.format` -f15 f16 f17: +f15 f16 f17 f18: @/bin/sh ./mtest `awk "/^$@ / { print; } " test.format` -i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 bpf1: +i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 bpf1: @/bin/sh ./itest `awk "/^$@ / { print; } " test.format` -n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12: +n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14: @/bin/sh ./nattest `awk "/^$@ / { print; } " test.format` ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16: @@ -77,9 +78,9 @@ bpf-f1: /bin/sh ./bpftest `awk "/^$@ / { print; } " test.format` clean: - /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 - /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 - /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 + /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 + /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 + /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 /bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 /bin/rm -f in1 in2 in3 in4 in5 in6 diff --git a/contrib/ipfilter/test/dotest b/contrib/ipfilter/test/dotest index 71c8cceefc9f..72853d4eb0b3 100644 --- a/contrib/ipfilter/test/dotest +++ b/contrib/ipfilter/test/dotest @@ -1,5 +1,8 @@ #!/bin/sh +thistest=$1 format=$2 +output=$3 +tuning=$4 if [ -f /usr/ucb/touch ] ; then TOUCH=/usr/ucb/touch else @@ -11,18 +14,21 @@ else fi fi fi -echo "$1..."; -/bin/cp /dev/null results/$1 +if [ "$tuning" != "" ] ; then + tuning="-T $tuning" +fi +echo "${thistest}..."; +/bin/cp /dev/null results/${thistest} ( while read rule; do - echo "$rule" | ../ipftest -F $format -Rbr - -i input/$1 >> results/$1; + echo "$rule" | ../ipftest -F $format -Rbr - -i input/${thistest} $tuning>> results/${thistest}; if [ $? -ne 0 ] ; then exit 1; fi - echo "--------" >> results/$1 -done ) < regress/$1 -cmp expected/$1 results/$1 + echo "--------" >> results/${thistest} +done ) < regress/${thistest} +cmp expected/${thistest} results/${thistest} status=$? if [ $status = 0 ] ; then - $TOUCH $1 + $TOUCH ${thistest} fi exit $status diff --git a/contrib/ipfilter/test/expected/bpf1 b/contrib/ipfilter/test/expected/bpf1 index 9d0ad1b06b92..76381a748f60 100644 --- a/contrib/ipfilter/test/expected/bpf1 +++ b/contrib/ipfilter/test/expected/bpf1 @@ -1,4 +1,4 @@ -pass in bpf { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass in bpf { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass in bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "0 0 0 0 0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x1 0x6 0 0 0" } +pass in bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "0 0 0 0 0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x1 0x6 0 0 0" } diff --git a/contrib/ipfilter/test/expected/f13 b/contrib/ipfilter/test/expected/f13 index b3c7e54bf362..2a0195b078ad 100644 --- a/contrib/ipfilter/test/expected/f13 +++ b/contrib/ipfilter/test/expected/f13 @@ -1,6 +1,12 @@ pass nomatch nomatch +pass +nomatch +nomatch +nomatch +nomatch +nomatch nomatch nomatch nomatch @@ -15,6 +21,12 @@ nomatch block nomatch nomatch +block +nomatch +nomatch +nomatch +nomatch +nomatch nomatch nomatch nomatch @@ -39,22 +51,34 @@ nomatch nomatch nomatch pass --------- -nomatch -nomatch -nomatch -nomatch -nomatch -nomatch -nomatch -block -block -nomatch -nomatch -nomatch -block --------- pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +block +block +nomatch +nomatch +nomatch +block +block +block +nomatch +nomatch +nomatch +nomatch +-------- +block nomatch nomatch pass @@ -67,6 +91,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +pass +nomatch +pass +pass -------- block nomatch @@ -81,4 +111,50 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +block +nomatch +block +block +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +block +block +nomatch +pass +block +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +nomatch +nomatch +pass -------- diff --git a/contrib/ipfilter/test/expected/f17 b/contrib/ipfilter/test/expected/f17 index 4fe3acf5764d..c586e5b59a2c 100644 --- a/contrib/ipfilter/test/expected/f17 +++ b/contrib/ipfilter/test/expected/f17 @@ -3,4 +3,5 @@ block return-rst pass pass pass +pass -------- diff --git a/contrib/ipfilter/test/expected/f18 b/contrib/ipfilter/test/expected/f18 new file mode 100644 index 000000000000..801abd369426 --- /dev/null +++ b/contrib/ipfilter/test/expected/f18 @@ -0,0 +1,5 @@ +pass +pass +pass +pass +-------- diff --git a/contrib/ipfilter/test/expected/f19 b/contrib/ipfilter/test/expected/f19 new file mode 100644 index 000000000000..5ee2e9d692a1 --- /dev/null +++ b/contrib/ipfilter/test/expected/f19 @@ -0,0 +1,10 @@ +pass +pass +pass +nomatch +-------- +pass +nomatch +nomatch +nomatch +-------- diff --git a/contrib/ipfilter/test/expected/f7 b/contrib/ipfilter/test/expected/f7 index 6aa7951f3e6b..7a4daedd93e8 100644 --- a/contrib/ipfilter/test/expected/f7 +++ b/contrib/ipfilter/test/expected/f7 @@ -7,6 +7,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- pass pass @@ -17,6 +23,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -27,6 +39,12 @@ block nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -37,6 +55,12 @@ pass nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -47,6 +71,12 @@ nomatch block block block +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -57,4 +87,58 @@ nomatch pass pass pass +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass -------- diff --git a/contrib/ipfilter/test/expected/f9 b/contrib/ipfilter/test/expected/f9 index 709744d62871..cc5be688cd2d 100644 --- a/contrib/ipfilter/test/expected/f9 +++ b/contrib/ipfilter/test/expected/f9 @@ -4,10 +4,16 @@ block block block block +block +block +block -------- nomatch nomatch nomatch +nomatch +nomatch +nomatch pass pass nomatch @@ -16,6 +22,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch block nomatch -------- @@ -23,6 +32,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch pass nomatch -------- @@ -32,6 +44,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -39,6 +54,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -46,6 +64,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -53,20 +74,29 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch +nomatch block nomatch nomatch nomatch nomatch +nomatch +nomatch -------- nomatch +nomatch pass nomatch nomatch nomatch nomatch +nomatch +nomatch -------- pass pass @@ -74,9 +104,15 @@ pass pass pass pass +pass +pass +pass -------- block block +block +nomatch +nomatch nomatch nomatch nomatch @@ -84,11 +120,7 @@ nomatch -------- pass pass -nomatch -nomatch -nomatch -nomatch --------- +pass nomatch nomatch nomatch @@ -102,6 +134,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -109,6 +144,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -116,10 +154,26 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch block block nomatch diff --git a/contrib/ipfilter/test/expected/i1 b/contrib/ipfilter/test/expected/i1 index 93530f9f575a..c012af8b711b 100644 --- a/contrib/ipfilter/test/expected/i1 +++ b/contrib/ipfilter/test/expected/i1 @@ -6,10 +6,12 @@ count in from any to any pass in from !any to any block in from any to !any pass in on ed0(!) from 127.0.0.1/32 to 127.0.0.1/32 +pass in on ed0(!),vx0(!) from 127.0.0.1/32 to 127.0.0.1/32 block in log first on lo0(!) from any to any pass in log body quick from any to any block return-rst in quick on le0(!) proto tcp from any to any block return-icmp in on qe0(!) from any to any block return-icmp(host-unr) in on qe0(!) from any to any +block return-icmp-as-dest in on le0(!) from any to any block return-icmp-as-dest(port-unr) in on qe0(!) from any to any pass out on longNICname0(!) from 254.220.186.152/32 to 254.220.186.152/32 diff --git a/contrib/ipfilter/test/expected/i11 b/contrib/ipfilter/test/expected/i11 index 058d03ac01cb..26b8b78fade9 100644 --- a/contrib/ipfilter/test/expected/i11 +++ b/contrib/ipfilter/test/expected/i11 @@ -1,8 +1,10 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state -block in log first on lo0(!) proto tcp/udp from any to any keep state +block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 20499 keep frags +pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags (strict) pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state +pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err) diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12 index 22a348871bf6..e21724c7a259 100644 --- a/contrib/ipfilter/test/expected/i12 +++ b/contrib/ipfilter/test/expected/i12 @@ -13,14 +13,14 @@ pass in from 2.2.2.0/24 to 5.5.5.5/32 port = 25 pass in from 3.3.3.3/32 to 5.5.5.5/32 port = 25 pass in from 2.2.2.0/24 to 6.6.6.6/32 port = 25 pass in from 3.3.3.3/32 to 6.6.6.6/32 port = 25 -pass in proto tcp from 2.2.2.0/24 to 5.5.5.5/32 port = 53 -pass in proto tcp from 3.3.3.3/32 to 5.5.5.5/32 port = 53 -pass in proto tcp from 2.2.2.0/24 to 6.6.6.6/32 port = 53 -pass in proto tcp from 3.3.3.3/32 to 6.6.6.6/32 port = 53 -pass in proto tcp from 2.2.2.0/24 to 5.5.5.5/32 port = 9 -pass in proto tcp from 3.3.3.3/32 to 5.5.5.5/32 port = 9 -pass in proto tcp from 2.2.2.0/24 to 6.6.6.6/32 port = 9 -pass in proto tcp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 +pass in proto tcp from 2.2.2.0/24 port = 53 to 5.5.5.5/32 +pass in proto tcp from 3.3.3.3/32 port = 53 to 5.5.5.5/32 +pass in proto tcp from 2.2.2.0/24 port = 9 to 5.5.5.5/32 +pass in proto tcp from 3.3.3.3/32 port = 9 to 5.5.5.5/32 +pass in proto tcp from 2.2.2.0/24 port = 53 to 6.6.6.6/32 +pass in proto tcp from 3.3.3.3/32 port = 53 to 6.6.6.6/32 +pass in proto tcp from 2.2.2.0/24 port = 9 to 6.6.6.6/32 +pass in proto tcp from 3.3.3.3/32 port = 9 to 6.6.6.6/32 pass in proto udp from 2.2.2.0/24 to 5.5.5.5/32 port = 53 pass in proto udp from 3.3.3.3/32 to 5.5.5.5/32 port = 53 pass in proto udp from 2.2.2.0/24 to 6.6.6.6/32 port = 53 @@ -32,3 +32,8 @@ pass in proto udp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 pass in from 10.10.10.10/32 to 11.11.11.11/32 pass in from pool/101(!) to hash/202(!) pass in from hash/303(!) to pool/404(!) +table role = ipf type = tree number = + { ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; }; +table role = ipf type = tree number = + { 1.1.0.0/16; }; +pass in from pool/0(!) to pool/0(!) diff --git a/contrib/ipfilter/test/expected/i14 b/contrib/ipfilter/test/expected/i14 index 5a10155b784f..08ba19ad5588 100644 --- a/contrib/ipfilter/test/expected/i14 +++ b/contrib/ipfilter/test/expected/i14 @@ -6,3 +6,5 @@ block in on vm0(!) proto tcp/udp from any to any head 101 pass in proto tcp/udp from 1.1.1.1/32 to 2.2.2.2/32 group 101 pass in proto tcp from 1.0.0.1/32 to 2.0.0.2/32 group 101 pass in proto udp from 2.0.0.2/32 to 3.0.0.3/32 group 101 +block in on vm0(!) proto tcp/udp from any to any head vm0-group +pass in proto tcp/udp from 1.1.1.1/32 to 2.2.2.2/32 group vm0-group diff --git a/contrib/ipfilter/test/expected/i16 b/contrib/ipfilter/test/expected/i16 new file mode 100644 index 000000000000..c5b3cf3f6738 --- /dev/null +++ b/contrib/ipfilter/test/expected/i16 @@ -0,0 +1,3 @@ +block out all +100 pass in all +10101 pass out proto tcp from any to any diff --git a/contrib/ipfilter/test/expected/i17 b/contrib/ipfilter/test/expected/i17 new file mode 100644 index 000000000000..bcc4d2d544a5 --- /dev/null +++ b/contrib/ipfilter/test/expected/i17 @@ -0,0 +1,10 @@ +List of active MAP/Redirect filters: + +List of active sessions: + +Hostmap table: +List of active state sessions: +List of configured pools +List of configured hash tables +List of groups configured (set 0) +List of groups configured (set 1) diff --git a/contrib/ipfilter/test/expected/i18 b/contrib/ipfilter/test/expected/i18 new file mode 100644 index 000000000000..1aaa04f1c84f --- /dev/null +++ b/contrib/ipfilter/test/expected/i18 @@ -0,0 +1,10 @@ +pass in tos 0x50 from any to any +pass in tos 0x80 from any to any +pass in tos 0x28 from any to any +block in ttl 0 from any to any +block in ttl 1 from any to any +block in ttl 2 from any to any +block in ttl 3 from any to any +block in ttl 4 from any to any +block in ttl 5 from any to any +block in ttl 6 from any to any diff --git a/contrib/ipfilter/test/expected/i19 b/contrib/ipfilter/test/expected/i19 new file mode 100644 index 000000000000..4ca19b5138fa --- /dev/null +++ b/contrib/ipfilter/test/expected/i19 @@ -0,0 +1,22 @@ +block in log level user.debug quick proto icmp from any to any +block in log level mail.info quick proto icmp from any to any +block in log level daemon.notice quick proto icmp from any to any +block in log level auth.warn quick proto icmp from any to any +block in log level syslog.err quick proto icmp from any to any +block in log level lpr.crit quick proto icmp from any to any +block in log level news.alert quick proto icmp from any to any +block in log level uucp.emerg quick proto icmp from any to any +block in log level cron.debug quick proto icmp from any to any +block in log level ftp.info quick proto icmp from any to any +block in log level authpriv.notice quick proto icmp from any to any +block in log level !!!.warn quick proto icmp from any to any +block in log level local0.err quick proto icmp from any to any +block in log level local1.crit quick proto icmp from any to any +block in log level local2.alert quick proto icmp from any to any +block in log level local3.emerg quick proto icmp from any to any +block in log level local4.debug quick proto icmp from any to any +block in log level local5.info quick proto icmp from any to any +block in log level local6.notice quick proto icmp from any to any +block in log level local7.warn quick proto icmp from any to any +block in log level kern.err quick proto icmp from any to any +block in log level !!!.emerg quick proto icmp from any to any diff --git a/contrib/ipfilter/test/expected/i2 b/contrib/ipfilter/test/expected/i2 index 37ec9c485b50..5ff18f4f924c 100644 --- a/contrib/ipfilter/test/expected/i2 +++ b/contrib/ipfilter/test/expected/i2 @@ -5,3 +5,4 @@ block in proto ipv6 from any to any block in proto udp from any to any block in proto 250 from any to any pass in proto tcp/udp from any to any +block in proto tcp/udp from any to any diff --git a/contrib/ipfilter/test/expected/i20 b/contrib/ipfilter/test/expected/i20 new file mode 100644 index 000000000000..77eabdb55f0b --- /dev/null +++ b/contrib/ipfilter/test/expected/i20 @@ -0,0 +1,4 @@ +pass in on ppp0(!) from ppp0/peer to ppp0/32 +block in on hme0(!) from any to hme0/bcast +pass in on bge0(!) from bge0/net to bge0/32 +block in on eri0(!) from any to eri0/netmasked diff --git a/contrib/ipfilter/test/expected/i21 b/contrib/ipfilter/test/expected/i21 new file mode 100644 index 000000000000..a5f55b36d6f5 --- /dev/null +++ b/contrib/ipfilter/test/expected/i21 @@ -0,0 +1,10 @@ +pass in from any port = 10101 to any +pass out from any to any port != 22 +block in from any port 20:21 to any +block out from any to any port 10 <> 100 +pass out from any to any port = 3 +pass out from any to any port = 5 +pass out from any to any port = 7 +pass out from any to any port = 9 +block in from any port = 20 to any +block in from any port = 25 to any diff --git a/contrib/ipfilter/test/expected/i4 b/contrib/ipfilter/test/expected/i4 index 89c0995f6e4d..639dae88aca5 100644 --- a/contrib/ipfilter/test/expected/i4 +++ b/contrib/ipfilter/test/expected/i4 @@ -5,4 +5,5 @@ pass in proto udp from 127.0.0.1/32 port > 32000 to 127.0.0.1/32 port < 29000 block in proto udp from any port != 123 to any port < 7 block in proto tcp from any port = 25 to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 +pass in proto tcp/udp from any port 2:2 to any port 10:20 pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state diff --git a/contrib/ipfilter/test/expected/i6 b/contrib/ipfilter/test/expected/i6 index 40fe1857398b..e4b14c328cbf 100644 --- a/contrib/ipfilter/test/expected/i6 +++ b/contrib/ipfilter/test/expected/i6 @@ -7,4 +7,6 @@ pass in on le0(!) dup-to qe0(!):127.0.0.1 to hme0(!):10.1.1.1 from 127.0.0.1/32 block in quick on qe0(!) to qe1(!) from any to any block in quick to qe1(!) from any to any pass out quick dup-to hme0(!) from any to any +pass out quick on hme0(!) reply-to hme1(!) from any to any +pass in on le0(!) dup-to qe0(!):127.0.0.1 reply-to hme1(!):10.10.10.10 all pass in quick fastroute all diff --git a/contrib/ipfilter/test/expected/i7 b/contrib/ipfilter/test/expected/i7 index c46364b558b1..309cd28691b1 100644 --- a/contrib/ipfilter/test/expected/i7 +++ b/contrib/ipfilter/test/expected/i7 @@ -2,3 +2,8 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 flags S/ block in on lo0(!) proto tcp from any to any flags A/FSRPAU pass in on lo0(!) proto tcp from any to any flags /SPA block in on lo0(!) proto tcp from any to any flags C/A +pass in on lo0(!) proto tcp from any to any flags S/SA +block in on lo0(!) proto tcp from any to any flags S/SA +pass in on lo0(!) proto tcp from any to any flags S/FSRPAU +block in on lo0(!) proto tcp from any to any flags /A +pass in on lo0(!) proto tcp from any to any flags S/SA diff --git a/contrib/ipfilter/test/expected/i8 b/contrib/ipfilter/test/expected/i8 index 77dc1775763e..5533a7dceff3 100644 --- a/contrib/ipfilter/test/expected/i8 +++ b/contrib/ipfilter/test/expected/i8 @@ -1,2 +1,33 @@ pass in proto icmp from 127.0.0.1/32 to 127.0.0.1/32 icmp-type timest block in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp from any to any icmp-type unreach code 15 +pass in proto icmp from any to any icmp-type unreach code 13 +pass in proto icmp from any to any icmp-type unreach code 8 +pass in proto icmp from any to any icmp-type unreach code 4 +pass in proto icmp from any to any icmp-type unreach code 9 +pass in proto icmp from any to any icmp-type unreach code 11 +pass in proto icmp from any to any icmp-type unreach code 14 +pass in proto icmp from any to any icmp-type unreach code 10 +pass in proto icmp from any to any icmp-type unreach code 12 +pass in proto icmp from any to any icmp-type unreach code 7 +pass in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp from any to any icmp-type unreach code 6 +pass in proto icmp from any to any icmp-type unreach code 0 +pass in proto icmp from any to any icmp-type unreach code 3 +pass in proto icmp from any to any icmp-type unreach code 2 +pass in proto icmp from any to any icmp-type unreach code 5 +pass in proto icmp from any to any icmp-type echo +pass in proto icmp from any to any icmp-type echorep +pass in proto icmp from any to any icmp-type inforeq +pass in proto icmp from any to any icmp-type inforep +pass in proto icmp from any to any icmp-type maskrep +pass in proto icmp from any to any icmp-type maskreq +pass in proto icmp from any to any icmp-type paramprob +pass in proto icmp from any to any icmp-type redir +pass in proto icmp from any to any icmp-type unreach +pass in proto icmp from any to any icmp-type routerad +pass in proto icmp from any to any icmp-type routersol +pass in proto icmp from any to any icmp-type squench +pass in proto icmp from any to any icmp-type timest +pass in proto icmp from any to any icmp-type timestrep +pass in proto icmp from any to any icmp-type timex diff --git a/contrib/ipfilter/test/expected/i9 b/contrib/ipfilter/test/expected/i9 index bae7c9bcce10..bb4e54f703ff 100644 --- a/contrib/ipfilter/test/expected/i9 +++ b/contrib/ipfilter/test/expected/i9 @@ -3,5 +3,10 @@ block in from any to any with ipopts pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt lsrr,ssrr pass in from 127.0.0.1/32 to 127.0.0.1/32 with not frag +pass in from 127.0.0.1/32 to 127.0.0.1/32 with frag,frag-body pass in proto tcp from any to any flags S/FSRPAU with not oow keep state pass in proto tcp from any to any flags S/FSRPAU with not bad,bad-src,bad-nat +block in quick from any to any with not nat +block in quick from any to any with not lowttl +pass in from any to any with mbcast,not bcast,mcast,not state +pass in from any to any with opt mtup,mtur,encode,ts,tr,sec,e-sec,cipso,satid,ssrr,addext,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump diff --git a/contrib/ipfilter/test/expected/in1 b/contrib/ipfilter/test/expected/in1 index ce5a61003ec3..8c47a929e540 100644 --- a/contrib/ipfilter/test/expected/in1 +++ b/contrib/ipfilter/test/expected/in1 @@ -3,6 +3,8 @@ map le0 0.0.0.1/32 -> 0.0.0.1/32 map le0 128.0.0.0/1 -> 0.0.0.0/0 map le0 10.0.0.0/8 -> 1.2.3.0/24 map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 0.0.0.5/0.0.0.255 -> 1.2.3.0/24 map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap udp 20000:29999 @@ -25,3 +27,4 @@ map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 frag age 30/30 map fxp0 from 192.168.0.0/18 to any port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp map thisisalonginte 0.0.0.0/0 -> 0.0.0.0/32 mssclamp 1452 tag freddyliveshere map bar0 0.0.0.0/0 -> 0.0.0.0/32 icmpidmap icmp 1000:2000 +map ppp0,adsl0 0.0.0.0/0 -> 0.0.0.0/32 diff --git a/contrib/ipfilter/test/expected/in2 b/contrib/ipfilter/test/expected/in2 index 61c0d1854dd5..1dc7b68dd783 100644 --- a/contrib/ipfilter/test/expected/in2 +++ b/contrib/ipfilter/test/expected/in2 @@ -2,7 +2,10 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip +rdr le0 9.0.0.0/8 -> 1.1.1.1 ip +rdr le0 9.8.0.0/16 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 9.8.7.6/32 port 80 -> 0.0.0.0/0 port 80 tcp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp/udp rdr le0 9.8.7.6/32 -> 1.1.1.1 icmp @@ -11,7 +14,7 @@ rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag rdr le0 9.8.7.6/32 -> 1.1.1.1 icmp frag -rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp/udp frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag age 10/10 @@ -65,3 +68,4 @@ rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port 5555 tcp rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port = 5555 tcp rdr le0 0.0.0.0/0 -> 254.220.186.152 ip rdr le0 0.0.0.0/0 -> 254.220.186.152,254.220.186.152 ip +rdr adsl0,ppp0 0.0.0.0/0 port 25 -> 127.0.0.1 port 25 tcp diff --git a/contrib/ipfilter/test/expected/in5 b/contrib/ipfilter/test/expected/in5 index 7b3120a7c553..f371b358eece 100644 --- a/contrib/ipfilter/test/expected/in5 +++ b/contrib/ipfilter/test/expected/in5 @@ -1,3 +1,4 @@ +map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1/32 portmap tcp 10000:20000 rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp rdr le0 from any to 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp diff --git a/contrib/ipfilter/test/expected/in6 b/contrib/ipfilter/test/expected/in6 index 08bbff061c74..338bd808f57f 100644 --- a/contrib/ipfilter/test/expected/in6 +++ b/contrib/ipfilter/test/expected/in6 @@ -1,3 +1,7 @@ map foo0 from any port = 1 to any port != 0 -> 0.0.0.0/32 udp +map foo0 from any port = 1 to any port != 0 -> 0.0.0.0/32 udp +map foo0 from any port < 1 to any port > 0 -> 0.0.0.0/32 tcp map foo0 from any port < 1 to any port > 0 -> 0.0.0.0/32 tcp map foo0 from any port <= 1 to any port >= 0 -> 0.0.0.0/32 tcp/udp +map foo0 from any port <= 1 to any port >= 0 -> 0.0.0.0/32 tcp/udp +map foo0 from any port 1 >< 20 to any port 20 <> 40 -> 0.0.0.0/32 tcp/udp diff --git a/contrib/ipfilter/test/expected/n1 b/contrib/ipfilter/test/expected/n1 index 0f87034649b8..537f9bb65503 100644 --- a/contrib/ipfilter/test/expected/n1 +++ b/contrib/ipfilter/test/expected/n1 @@ -1,105 +1,105 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.2.2.2 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.2.2.2 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- -ip 20(20) 255 10.3.4.5 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.5 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 48(20) 1 10.3.4.5 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 20(20) 34 10.3.4.5 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.5 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.1.1.2 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.5 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 48(20) 1 10.3.4.5 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 20(20) 34 10.3.4.5 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.5 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.1.1.2 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.5 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- -ip 20(20) 255 10.3.4.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.2 > 10.1.1.2 -ip 20(20) 255 10.3.4.3 > 10.1.1.1 -ip 40(20) 6 10.3.4.3,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.3,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.3.4.3 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.3.4.3 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.3.4.4 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.4 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.3.4.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.2 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.3 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.3,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.3,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.3.4.3 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.3 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.4 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.4 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n11 b/contrib/ipfilter/test/expected/n11 index 3732709e6727..5257a64a1f08 100644 --- a/contrib/ipfilter/test/expected/n11 +++ b/contrib/ipfilter/test/expected/n11 @@ -1,51 +1,51 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 1.6.7.8 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 1.6.7.8 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 ------------------------------- -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.1.1.0 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.1.1.0 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 ------------------------------- -ip 20(20) 255 10.3.4.0 > 10.1.1.2 -ip 20(20) 255 10.3.4.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.1.1.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.5 -ip 20(20) 255 10.1.1.2 > 10.1.1.5 +ip #0 20(20) 255 10.3.4.0 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.5 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.5 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n13 b/contrib/ipfilter/test/expected/n13 new file mode 100644 index 000000000000..bfe201886528 --- /dev/null +++ b/contrib/ipfilter/test/expected/n13 @@ -0,0 +1,5 @@ +ip #0 20(20) 0 203.1.1.23 > 150.1.1.1 +ip #0 20(20) 0 203.1.1.23 > 150.1.1.2 +ip #0 20(20) 0 203.1.1.24 > 150.1.1.2 +ip #0 20(20) 0 203.1.1.25 > 150.1.1.1 +------------------------------- diff --git a/contrib/ipfilter/test/expected/n14 b/contrib/ipfilter/test/expected/n14 new file mode 100644 index 000000000000..46693001a444 --- /dev/null +++ b/contrib/ipfilter/test/expected/n14 @@ -0,0 +1,5 @@ +ip #0 40(20) 6 10.2.2.5,2000 > 10.1.1.254,80 +ip #0 40(20) 6 10.2.2.6,2000 > 10.1.1.253,80 +ip #0 40(20) 6 10.2.2.7,2000 > 10.1.1.254,80 +ip #0 40(20) 6 10.2.2.5,2001 > 10.1.1.254,80 +------------------------------- diff --git a/contrib/ipfilter/test/expected/n2 b/contrib/ipfilter/test/expected/n2 index dc70138398d3..827272e91031 100644 --- a/contrib/ipfilter/test/expected/n2 +++ b/contrib/ipfilter/test/expected/n2 @@ -1,80 +1,80 @@ -ip 40(20) 6 10.2.2.2,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.2.2.2,10001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.2.2.2,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.2.2.2,10001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10003 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10003 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.1.1.3,2000 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.1.1.3,2000 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n3 b/contrib/ipfilter/test/expected/n3 index 03c071797106..0e019aefb2ba 100644 --- a/contrib/ipfilter/test/expected/n3 +++ b/contrib/ipfilter/test/expected/n3 @@ -1,12 +1,12 @@ -ip 40(20) 6 192.168.2.1,1488 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,1276 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,1032 > 203.1.1.1,80 -ip 28(20) 17 192.168.2.1,1032 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,65299 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1488 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1276 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1032 > 203.1.1.1,80 +ip #0 28(20) 17 192.168.2.1,1032 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,65299 > 203.1.1.1,80 ------------------------------- -ip 40(20) 6 192.168.1.1,1488 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.1,1276 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.0,1032 > 203.1.1.1,80 -ip 28(20) 17 192.168.1.0,1032 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.255,65299 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.1,1488 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.1,1276 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.0,1032 > 203.1.1.1,80 +ip #0 28(20) 17 192.168.1.0,1032 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.255,65299 > 203.1.1.1,80 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n4 b/contrib/ipfilter/test/expected/n4 index 8cdf78c31843..9349542396c1 100644 --- a/contrib/ipfilter/test/expected/n4 +++ b/contrib/ipfilter/test/expected/n4 @@ -1,66 +1,66 @@ -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.2.2.1,10023 -ip 40(20) 6 10.1.0.0,23 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.0.0,23 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 -ip 28(20) 17 10.1.1.0,53 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 +ip #0 28(20) 17 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n5 b/contrib/ipfilter/test/expected/n5 index 521c7376ef45..0e578b64bcfc 100644 --- a/contrib/ipfilter/test/expected/n5 +++ b/contrib/ipfilter/test/expected/n5 @@ -1,330 +1,330 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.2.2.2 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.2.2.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.2.2.2,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.2.2.2 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.2.2.2,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.2.2.2,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.2.2.2 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.2.2.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.2.2.2,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.2.2.2 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.2.2.2,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.2.2.2,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.3.4.5 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.5 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.3.4.5 > 10.1.1.2 -ip 20(20) 0 10.3.4.5 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,2000 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,2001 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,2002 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 0 10.3.4.5 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.3.4.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.3.4.1 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.1 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.3.4.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.2 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.3,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.3,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.3,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.3.4.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.1 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.1 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.2 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.3,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.3,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.3,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.5,10001 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.5,10001 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10003 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.1,10009 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.1,10010 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.1,10011 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.3.4.1,10012 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10003 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.1,10009 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.1,10010 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.1,10011 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.3.4.1,10012 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,40000 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.5,40001 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 28(20) 17 10.3.4.5,40000 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.5,40001 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 28(20) 17 10.3.4.5,40000 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n6 b/contrib/ipfilter/test/expected/n6 index d28d4f1ee4d7..2b2c37fe7a90 100644 --- a/contrib/ipfilter/test/expected/n6 +++ b/contrib/ipfilter/test/expected/n6 @@ -1,70 +1,70 @@ -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n7 b/contrib/ipfilter/test/expected/n7 index db8bb5078018..eb23534d0b30 100644 --- a/contrib/ipfilter/test/expected/n7 +++ b/contrib/ipfilter/test/expected/n7 @@ -1,30 +1,30 @@ -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 -ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 -ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 -ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 -ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 -ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 -ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 +ip #0 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 +ip #0 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 +ip #0 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 +ip #0 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 +ip #0 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 ------------------------------- -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 -ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 -ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 -ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 -ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 +ip #0 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 +ip #0 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 +ip #0 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 ------------------------------- -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 -ip 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 -ip 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 -ip 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 -ip 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 -ip 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 -ip 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 -ip 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 +ip #0 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 +ip #0 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 +ip #0 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 +ip #0 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 ------------------------------- diff --git a/contrib/ipfilter/test/expected/p1 b/contrib/ipfilter/test/expected/p1 index c3f7afa66f55..9f02804439e8 100644 --- a/contrib/ipfilter/test/expected/p1 +++ b/contrib/ipfilter/test/expected/p1 @@ -9,6 +9,8 @@ nomatch List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools table role = ipf type = tree number = 100 diff --git a/contrib/ipfilter/test/expected/p2 b/contrib/ipfilter/test/expected/p2 index bb15bdf7b146..2f330c26f8b9 100644 --- a/contrib/ipfilter/test/expected/p2 +++ b/contrib/ipfilter/test/expected/p2 @@ -1,4 +1,4 @@ -nomatch +block nomatch pass nomatch @@ -9,10 +9,15 @@ pass List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools List of configured hash tables # 'anonymous' table +table role = ipf type = hash number = 2147483650 size = 3 + { 4.4.0.0/16; 127.0.0.1/32; }; +# 'anonymous' table table role = ipf type = hash number = 2147483649 size = 3 { 4.4.0.0/16; 127.0.0.1/32; }; List of groups configured (set 0) diff --git a/contrib/ipfilter/test/expected/p3 b/contrib/ipfilter/test/expected/p3 index 136543f82291..94fde9e701af 100644 --- a/contrib/ipfilter/test/expected/p3 +++ b/contrib/ipfilter/test/expected/p3 @@ -13,6 +13,8 @@ block List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools List of configured hash tables diff --git a/contrib/ipfilter/test/input/f13 b/contrib/ipfilter/test/input/f13 index 0ca607ea17e1..d7b07249ace4 100644 --- a/contrib/ipfilter/test/input/f13 +++ b/contrib/ipfilter/test/input/f13 @@ -1,51 +1,94 @@ -# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0 SYN +# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN +[in] 4500 0028 0001 4000 3f06 36cc 0101 0101 0201 0101 -0401 0019 0000 0000 0000 0000 50 02 2000 86c5 0000 +0401 0019 0000 0000 0000 0000 50 02 2000 86bb 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF ACK +[in] 4500 0024 0002 2000 3f06 56cf 0101 0101 0201 0101 0401 0019 0000 0000 0000 0000 5010 2000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2 ACK +[in] 4500 002c 0002 0002 3f06 76c5 0101 0101 0201 0101 0000 0000 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 1213 -# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN +[in] 4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101 -0401 0019 0000 0000 0000 0000 5010 2000 0000 0000 +0400 0019 7000 0000 0000 0000 5002 2000 0000 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0 +[in] 4500 001c 0004 6000 3f06 16d5 0101 0101 0201 0101 0401 0019 0000 0000 # 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN +[in] 4500 001c 0005 6001 3f06 16d3 0101 0101 0201 0101 0000 0000 5010 2000 # 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0 +[in] 4500 0014 0006 6000 3f11 16d0 0101 0101 0201 0101 # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0 +[in] 4500 0018 0007 2000 3f11 56cb 0101 0101 0201 0101 0035 0035 # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0 +[in] 4500 001c 0008 2000 3f11 56c6 0101 0101 0201 0101 0035 0035 0004 0000 # 1.1.1.1,53 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 (short) +[in] 4500 0018 0008 2000 3f11 56ca 0101 0101 0201 0101 0035 0036 # 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 +[in] 4500 001c 0008 2000 3f11 56c6 0101 0101 0201 0101 0015 0036 0004 0000 # 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 TCP MF FO=0 +[in] 4500 001c 0008 2000 3f06 56d1 0101 0101 0201 0101 0015 0036 0000 0000 0000 0000 50 02 2000 0000 0000 +# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=3 +[in] +4500 001c 0008 0003 3f11 76c3 0101 0101 0201 0101 +0000 0000 0000 0000 + # 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=1 +[in] 4500 001c 0008 0001 3f11 76c5 0101 0101 0201 0101 0000 0000 0000 0000 +# 2.1.1.1,53 -> 1.1.1.1,53 TTL=63 UDP +[out] +4500 001c 0008 0000 3f11 76c6 0201 0101 0101 0101 +0035 0035 0004 0000 + +# 2.1.1.1,25 -> 1.1.1.1,1014 TTL=63 TCP DF SYN-ACK +[out] +4500 0028 0003 4000 3f06 36ca 0201 0101 0101 0101 +0019 0400 0000 0001 7000 0001 5012 2000 16b4 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK (OOW) +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 0040 0000 0000 0000 5010 2000 8678 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 7000 0004 0000 0002 5010 2000 16b2 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 7000 0001 0000 0002 5010 2000 16b5 0000 + diff --git a/contrib/ipfilter/test/input/f17 b/contrib/ipfilter/test/input/f17 index 18af566af32e..a0d44d7db58d 100644 --- a/contrib/ipfilter/test/input/f17 +++ b/contrib/ipfilter/test/input/f17 @@ -1,28 +1,39 @@ +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN [out,ppp0] 4500 003c 8262 0000 4006 f254 0101 0101 0202 0202 d33c 0019 bfd0 8989 0000 0000 a002 4000 cfcd 0000 0204 05b4 0103 0300 0101 080a 008e 17f7 0000 0000 +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 ACK [in,ppp0] 4500 003c 8262 0000 1106 2155 0202 0202 0101 0101 0019 d33c 4020 3436 bfdf cbc9 5010 4000 694a 0000 0204 0584 0103 0300 0101 080a 008e 17f7 0000 0000 +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN [out,ppp0] 4500 003c 8265 0000 4006 f251 0101 0101 0202 0202 d33c 0019 bfd0 8989 0000 0000 a002 4000 cfc2 0000 0204 05b4 0103 0300 0101 080a 008e 1802 0000 0000 +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 SYN-ACK [in,ppp0] 4500 002c 7442 4000 2906 d784 0202 0202 0101 0101 0019 d33c ed67 4d4e bfd0 898a 6012 2118 19c2 0000 0204 0584 +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 ACK [out,ppp0] -4500 002c 8262 0000 4006 f264 0101 0101 +4500 0028 8262 0000 4006 f268 0101 0101 0202 0202 d33c 0019 bfd0 898a ed67 4d4e -5010 4000 0ce0 0000 0000 +5010 4000 1268 0000 + +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 ACK+data +[in,ppp0] +4500 002a 7442 4000 2906 d786 0202 0202 +0101 0101 0019 d33c ed67 4d4e bfd0 8990 +5012 2118 2f43 0000 0203 diff --git a/contrib/ipfilter/test/input/f18 b/contrib/ipfilter/test/input/f18 new file mode 100644 index 000000000000..9ecbb7f59a23 --- /dev/null +++ b/contrib/ipfilter/test/input/f18 @@ -0,0 +1,4 @@ +in on le1 1.1.1.1 3.3.3.3 +in on le1 1.1.1.1 5.5.5.5 +out on le1 2.2.2.2 4.4.4.4 +out on le1 2.2.2.2 6.6.6.6 diff --git a/contrib/ipfilter/test/input/f19 b/contrib/ipfilter/test/input/f19 new file mode 100644 index 000000000000..6cab988e400b --- /dev/null +++ b/contrib/ipfilter/test/input/f19 @@ -0,0 +1,4 @@ +in tcp 127.0.0.1,1 127.0.0.1,21 S +in tcp 127.0.0.1,2 127.0.0.1,21 S +in tcp 127.0.0.1,3 127.0.0.1,21 S +in tcp 127.0.0.1,4 127.0.0.1,21 S diff --git a/contrib/ipfilter/test/input/f7 b/contrib/ipfilter/test/input/f7 index 2721af2fb71e..dbc9e33e80ac 100644 --- a/contrib/ipfilter/test/input/f7 +++ b/contrib/ipfilter/test/input/f7 @@ -7,3 +7,9 @@ in icmp 1.1.1.1 2.1.1.1 unreach,3 in icmp 1.1.1.1 2.1.1.1 echorep in icmp 1.1.1.1 2.1.1.1 echorep,1 in icmp 1.1.1.1 2.1.1.1 echorep,3 +in icmp 2.2.2.2 3.3.3.3 maskreq +out icmp 3.3.3.3 2.2.2.2 maskrep +in icmp 4.4.4.4 5.5.5.5 timest +out icmp 5.5.5.5 4.4.4.4 timestrep +in icmp 6.6.6.6 7.7.7.7 inforeq +out icmp 7.7.7.7 6.6.6.6 inforep diff --git a/contrib/ipfilter/test/input/f9 b/contrib/ipfilter/test/input/f9 index 33f3be392a7d..e64e299fc0e5 100644 --- a/contrib/ipfilter/test/input/f9 +++ b/contrib/ipfilter/test/input/f9 @@ -1,6 +1,9 @@ in 1.1.1.1 2.1.1.1 opt lsrr +in 1.1.1.1 2.1.1.1 opt lsrr=1.1.1.1 in 1.1.1.1 2.1.1.1 opt lsrr,ssrr in 1.1.1.1 2.1.1.1 opt ts +in 1.1.1.1 2.1.1.1 opt satid +in 1.1.1.1 2.1.1.1 opt satid=234 in 1.1.1.1 2.1.1.1 opt sec-class=topsecret in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret in 1.1.1.1 2.1.1.1 opt sec diff --git a/contrib/ipfilter/test/input/n13 b/contrib/ipfilter/test/input/n13 new file mode 100644 index 000000000000..ac7bbbda24a8 --- /dev/null +++ b/contrib/ipfilter/test/input/n13 @@ -0,0 +1,4 @@ +out on le0 192.168.1.1 150.1.1.1 +out on le0 192.168.1.1 150.1.1.2 +out on le0 192.168.1.2 150.1.1.2 +out on le0 192.168.1.3 150.1.1.1 diff --git a/contrib/ipfilter/test/input/n14 b/contrib/ipfilter/test/input/n14 new file mode 100644 index 000000000000..969eb1c21466 --- /dev/null +++ b/contrib/ipfilter/test/input/n14 @@ -0,0 +1,4 @@ +in on gre0 tcp 10.2.2.5,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.6,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.7,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.5,2001 203.1.1.1,80 diff --git a/contrib/ipfilter/test/input/ni17 b/contrib/ipfilter/test/input/ni17 new file mode 100644 index 000000000000..f9dec945524d --- /dev/null +++ b/contrib/ipfilter/test/input/ni17 @@ -0,0 +1,6 @@ +in on le0 tcp 10.2.2.5,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.6,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.7,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.7,2001 203.1.1.1,80 +in on le0 tcp 10.2.2.8,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.9,2000 203.1.1.1,80 diff --git a/contrib/ipfilter/test/itest b/contrib/ipfilter/test/itest index 333afde75f27..8fefc634bfb9 100644 --- a/contrib/ipfilter/test/itest +++ b/contrib/ipfilter/test/itest @@ -13,7 +13,14 @@ else fi echo "$1..."; /bin/cp /dev/null results/$1 -../ipf -Rnvf regress/$1 2>/dev/null > results/$1 +case $3 in +ipf) + ../ipf -Rnvf regress/$1 2>/dev/null > results/$1 + ;; +ipftest) + ../ipftest -D -r regress/$1 -i /dev/null > results/$1 + ;; +esac cmp expected/$1 results/$1 status=$? if [ $status = 0 ] ; then diff --git a/contrib/ipfilter/test/natipftest b/contrib/ipfilter/test/natipftest index f5cfdb8b2439..abdc7603b002 100755 --- a/contrib/ipfilter/test/natipftest +++ b/contrib/ipfilter/test/natipftest @@ -27,7 +27,7 @@ single) echo "$1..."; /bin/cp /dev/null results/$1 ( while read rule; do - echo "$rule" | ../ipftest -R $format -bx -r regress/$1.ipf -N - -i input/$1 >> \ + echo "$rule" | ../ipftest -R $format -b -r regress/$1.ipf -N - -i input/$1 >> \ results/$1; if [ $? -ne 0 ] ; then exit 1; @@ -43,7 +43,7 @@ single) multi) echo "$1..."; /bin/cp /dev/null results/$1 - ../ipftest -R $format -bx -r regress/$1.ipf -N regress/$1.nat \ + ../ipftest -R $format -b -r regress/$1.ipf -N regress/$1.nat \ -i input/$1 >> results/$1; if [ $? -ne 0 ] ; then exit 2; diff --git a/contrib/ipfilter/test/regress/bpf1 b/contrib/ipfilter/test/regress/bpf1 index 2c8028311a7e..5d83b77ed3ce 100644 --- a/contrib/ipfilter/test/regress/bpf1 +++ b/contrib/ipfilter/test/regress/bpf1 @@ -1,4 +1,4 @@ pass in bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "src host 1.1.1.1" } pass in bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "dst host 1.1.1.1" } diff --git a/contrib/ipfilter/test/regress/f13 b/contrib/ipfilter/test/regress/f13 index f123e4781c86..8106419f3e08 100644 --- a/contrib/ipfilter/test/regress/f13 +++ b/contrib/ipfilter/test/regress/f13 @@ -4,3 +4,5 @@ pass in proto udp from any to any port = 53 keep frags block in proto udp from any to any port = 53 keep frags pass in proto tcp from any to any port = 25 flags S/SA keep state keep frags block in proto tcp from any to any port = 25 flags S/SA keep state keep frags +pass in proto udp from any to any port = 53 keep frags(strict) +pass in proto tcp from any to any port = 25 keep state(strict) diff --git a/contrib/ipfilter/test/regress/f18 b/contrib/ipfilter/test/regress/f18 new file mode 100644 index 000000000000..acba2b33a813 --- /dev/null +++ b/contrib/ipfilter/test/regress/f18 @@ -0,0 +1,4 @@ +pass in from 1.1.1.1 to any +pass out from 2.2.2.2 to any +count in from 1.1.1.1 to 3.3.3.3 +count out from 2.2.2.2 to 4.4.4.4 diff --git a/contrib/ipfilter/test/regress/f19 b/contrib/ipfilter/test/regress/f19 new file mode 100644 index 000000000000..d7770b8a43e8 --- /dev/null +++ b/contrib/ipfilter/test/regress/f19 @@ -0,0 +1,2 @@ +pass in quick proto tcp all flags S keep state +pass in quick proto tcp all flags S keep state(limit 1) diff --git a/contrib/ipfilter/test/regress/f7 b/contrib/ipfilter/test/regress/f7 index 6848a688a374..be1b969c8ec2 100644 --- a/contrib/ipfilter/test/regress/f7 +++ b/contrib/ipfilter/test/regress/f7 @@ -4,3 +4,6 @@ block in proto icmp from any to any icmp-type unreach code 3 pass in proto icmp from any to any icmp-type unreach code 3 block in proto icmp from any to any icmp-type echorep pass in proto icmp from any to any icmp-type echorep +pass in proto icmp all icmp-type maskreq keep state +pass in proto icmp all icmp-type timest keep state +pass in proto icmp all icmp-type inforeq keep state diff --git a/contrib/ipfilter/test/regress/i1 b/contrib/ipfilter/test/regress/i1 index df60d2beb5b0..c86c3208eded 100644 --- a/contrib/ipfilter/test/regress/i1 +++ b/contrib/ipfilter/test/regress/i1 @@ -7,10 +7,12 @@ count in from any to any pass in from !any to any block in from any to !any pass in on ed0 from localhost to localhost +pass in on ed0,vx0 from localhost to localhost block in log first on lo0 from any to any pass in log body quick from any to any block return-rst in quick on le0 proto tcp from any to any block return-icmp in on qe0 from any to any block return-icmp(1) in on qe0 from any to any +block return-icmp-as-dest in on le0 from any to any block return-icmp-as-dest(port-unr) in on qe0 from any to any pass out on longNICname0 from test.host.dots to test\.host.dots diff --git a/contrib/ipfilter/test/regress/i11 b/contrib/ipfilter/test/regress/i11 index 2999a8588b75..89b35898594b 100644 --- a/contrib/ipfilter/test/regress/i11 +++ b/contrib/ipfilter/test/regress/i11 @@ -1,8 +1,10 @@ pass in on ed0 proto tcp from localhost to localhost port = telnet keep state -block in log first on lo0 proto tcp/udp from any to any keep state +block in log first on lo0 proto tcp/udp from any to any port = echo keep state pass in proto udp from localhost to localhost port = 20499 keep frag +pass in proto udp from localhost to localhost port = 2049 keep frag(strict) pass in proto udp from localhost to localhost port = 53 keep state keep frags pass in on ed0 out-via vx0 proto udp from any to any keep state pass out on ppp0 in-via le0 proto tcp from any to any keep state +pass in on ed0,vx0 out-via vx0,ed0 proto udp from any to any keep state pass in proto tcp from any port gt 1024 to localhost port eq 1024 keep state pass in proto tcp all flags S keep state(strict,newisn,no-icmp-err,limit 101) diff --git a/contrib/ipfilter/test/regress/i12 b/contrib/ipfilter/test/regress/i12 index b8b2f3ea418e..5342702353e4 100644 --- a/contrib/ipfilter/test/regress/i12 +++ b/contrib/ipfilter/test/regress/i12 @@ -2,8 +2,9 @@ pass in from 1.1.1.1/32 to 2.2.2.2/32 pass in from (2.2.2.2/24,3.3.3.3/32) to 4.4.4.4/32 pass in from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) pass in from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (22,25) -pass in proto tcp from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (53,9) +pass in proto tcp from (2.2.2.2/24,3.3.3.3/32) port = (53,9) to (5.5.5.5/32,6.6.6.6/32) pass in proto udp from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (53,9) pass in from 10.10.10.10 to 11.11.11.11 pass in from pool/101 to hash/202 pass in from hash/303 to pool/404 +pass in from pool=(!1.1.1.1,2.2.2.2,!2.2.0.0/16) to pool = ( 1.1.0.0/16 ) diff --git a/contrib/ipfilter/test/regress/i14 b/contrib/ipfilter/test/regress/i14 index 3c9d7b81d283..2cd26130640a 100644 --- a/contrib/ipfilter/test/regress/i14 +++ b/contrib/ipfilter/test/regress/i14 @@ -6,3 +6,5 @@ block in on vm0 proto tcp/udp all head 101 pass in from 1.1.1.1 to 2.2.2.2 group 101 pass in proto tcp from 1.0.0.1 to 2.0.0.2 group 101 pass in proto udp from 2.0.0.2 to 3.0.0.3 group 101 +block in on vm0 proto tcp/udp all head vm0-group +pass in from 1.1.1.1 to 2.2.2.2 group vm0-group diff --git a/contrib/ipfilter/test/regress/i16 b/contrib/ipfilter/test/regress/i16 new file mode 100644 index 000000000000..5c9144a99257 --- /dev/null +++ b/contrib/ipfilter/test/regress/i16 @@ -0,0 +1,3 @@ +0 block out all +100 pass in all +10101 pass out proto tcp all diff --git a/contrib/ipfilter/test/regress/i17 b/contrib/ipfilter/test/regress/i17 new file mode 100644 index 000000000000..a995ae59f860 --- /dev/null +++ b/contrib/ipfilter/test/regress/i17 @@ -0,0 +1,11 @@ +100 pass in all +200 pass in proto tcp all +110 pass in proto udp all +110 pass in from localhost to any +pass in all +pass in from localhost to any +@0 100 pass in from localhost to any +@1 pass in from any to localhost +@0 pass in from 1.1.1.1 to any +@1 110 pass in from 2.2.2.2 to any +@2 pass in from 3.3.3.3 to any diff --git a/contrib/ipfilter/test/regress/i18 b/contrib/ipfilter/test/regress/i18 new file mode 100644 index 000000000000..c2845d1d6c2d --- /dev/null +++ b/contrib/ipfilter/test/regress/i18 @@ -0,0 +1,2 @@ +pass in tos (80,0x80,40) all +block in ttl (0,1,2,3,4,5,6) all diff --git a/contrib/ipfilter/test/regress/i19 b/contrib/ipfilter/test/regress/i19 new file mode 100644 index 000000000000..a09fd56c5104 --- /dev/null +++ b/contrib/ipfilter/test/regress/i19 @@ -0,0 +1,22 @@ +block in quick log level user.debug proto icmp all +block in quick log level mail.info proto icmp all +block in quick log level daemon.notice proto icmp all +block in quick log level auth.warn proto icmp all +block in quick log level syslog.err proto icmp all +block in quick log level lpr.crit proto icmp all +block in quick log level news.alert proto icmp all +block in quick log level uucp.emerg proto icmp all +block in quick log level cron.debug proto icmp all +block in quick log level ftp.info proto icmp all +block in quick log level authpriv.notice proto icmp all +block in quick log level logalert.warn proto icmp all +block in quick log level local0.err proto icmp all +block in quick log level local1.crit proto icmp all +block in quick log level local2.alert proto icmp all +block in quick log level local3.emerg proto icmp all +block in quick log level local4.debug proto icmp all +block in quick log level local5.info proto icmp all +block in quick log level local6.notice proto icmp all +block in quick log level local7.warn proto icmp all +block in quick log level kern.err proto icmp all +block in quick log level security.emerg proto icmp all diff --git a/contrib/ipfilter/test/regress/i2 b/contrib/ipfilter/test/regress/i2 index a3b9cd8ac522..50f610750bc2 100644 --- a/contrib/ipfilter/test/regress/i2 +++ b/contrib/ipfilter/test/regress/i2 @@ -5,3 +5,4 @@ block in proto ipv6 from any to any block in proto 17 from any to any block in proto 250 from any to any pass in proto tcp/udp from any to any +block in proto tcp-udp from any to any diff --git a/contrib/ipfilter/test/regress/i20 b/contrib/ipfilter/test/regress/i20 new file mode 100644 index 000000000000..99039eeaf04c --- /dev/null +++ b/contrib/ipfilter/test/regress/i20 @@ -0,0 +1,4 @@ +pass in on ppp0 from ppp0/peer to ppp0/32 +block in on hme0 from any to hme0/broadcast +pass in on bge0 from bge0/network to bge0/32 +block in on eri0 from any to eri0/netmasked diff --git a/contrib/ipfilter/test/regress/i21 b/contrib/ipfilter/test/regress/i21 new file mode 100644 index 000000000000..bf797f953b70 --- /dev/null +++ b/contrib/ipfilter/test/regress/i21 @@ -0,0 +1,6 @@ +pass in from port = 10101 +pass out from any to port != 22 +block in from port 20:21 +block out from any to port 10 <> 100 +pass out from any to port = (3,5,7,9) +block in from port = (20,25) diff --git a/contrib/ipfilter/test/regress/i4 b/contrib/ipfilter/test/regress/i4 index 7170dc266e09..8551f7644915 100644 --- a/contrib/ipfilter/test/regress/i4 +++ b/contrib/ipfilter/test/regress/i4 @@ -5,4 +5,5 @@ pass in proto 17 from localhost port > 32000 to localhost port < 29000 block in proto udp from any port != \ntp to any port < echo block in proto tcp from any port = smtp to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 +pass in proto tcp/udp from any port 2:2 to any port 10:20 pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S keep state diff --git a/contrib/ipfilter/test/regress/i6 b/contrib/ipfilter/test/regress/i6 index 1a5308920a24..0b371bd3e761 100644 --- a/contrib/ipfilter/test/regress/i6 +++ b/contrib/ipfilter/test/regress/i6 @@ -7,4 +7,6 @@ pass in on le0 to hme0:10.1.1.1 dup-to qe0:127.0.0.1 from localhost to localhost block in quick on qe0 to qe1 from any to any block in quick to qe1 from any to any pass out quick dup-to hme0 from any to any +pass out quick on hme0 reply-to hme1 from any to any +pass in on le0 dup-to qe0:127.0.0.1 reply-to hme1:10.10.10.10 all pass in quick fastroute all diff --git a/contrib/ipfilter/test/regress/i7 b/contrib/ipfilter/test/regress/i7 index 4f3328d06a50..1a82940c6c86 100644 --- a/contrib/ipfilter/test/regress/i7 +++ b/contrib/ipfilter/test/regress/i7 @@ -2,3 +2,8 @@ pass in on ed0 proto tcp from localhost to localhost port = 23 flags S/SA block in on lo0 proto tcp from any to any flags A pass in on lo0 proto tcp from any to any flags /SAP block in on lo0 proto tcp from any to any flags 0x80/A +pass in on lo0 proto tcp from any to any flags S/18 +block in on lo0 proto tcp from any to any flags 2/18 +pass in on lo0 proto tcp from any to any flags 2 +block in on lo0 proto tcp from any to any flags /16 +pass in on lo0 proto tcp from any to any flags 2/SA diff --git a/contrib/ipfilter/test/regress/i8 b/contrib/ipfilter/test/regress/i8 index bde6ed52900e..cc984b275cd2 100644 --- a/contrib/ipfilter/test/regress/i8 +++ b/contrib/ipfilter/test/regress/i8 @@ -1,2 +1,31 @@ pass in proto icmp from localhost to localhost icmp-type timest block in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp all icmp-type unreach code cutoff-preced +pass in proto icmp all icmp-type unreach code filter-prohib +pass in proto icmp all icmp-type unreach code isolate +pass in proto icmp all icmp-type unreach code needfrag +pass in proto icmp all icmp-type unreach code net-prohib +pass in proto icmp all icmp-type unreach code net-tos +pass in proto icmp all icmp-type unreach code host-preced +pass in proto icmp all icmp-type unreach code host-prohib +pass in proto icmp all icmp-type unreach code host-tos +pass in proto icmp all icmp-type unreach code host-unk +pass in proto icmp all icmp-type unreach code host-unr +pass in proto icmp all icmp-type unreach code (net-unk,net-unr) +pass in proto icmp all icmp-type unreach code port-unr +pass in proto icmp all icmp-type unreach code proto-unr +pass in proto icmp all icmp-type unreach code srcfail +pass in proto icmp all icmp-type (echo,echorep) +pass in proto icmp all icmp-type inforeq +pass in proto icmp all icmp-type inforep +pass in proto icmp all icmp-type maskrep +pass in proto icmp all icmp-type maskreq +pass in proto icmp all icmp-type paramprob +pass in proto icmp all icmp-type redir +pass in proto icmp all icmp-type unreach +pass in proto icmp all icmp-type routerad +pass in proto icmp all icmp-type routersol +pass in proto icmp all icmp-type squench +pass in proto icmp all icmp-type timest +pass in proto icmp all icmp-type timestrep +pass in proto icmp all icmp-type timex diff --git a/contrib/ipfilter/test/regress/i9 b/contrib/ipfilter/test/regress/i9 index 2b8fb103324a..a966bed72f8a 100644 --- a/contrib/ipfilter/test/regress/i9 +++ b/contrib/ipfilter/test/regress/i9 @@ -2,6 +2,11 @@ pass in from localhost to localhost with short,frags block in from any to any with ipopts pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr -pass in from localhost to localhost with not frag +pass in from localhost to localhost and not frag +pass in from localhost to localhost with frags,frag-body pass in proto tcp all flags S with not oow keep state pass in proto tcp all flags S with not bad,bad-src,bad-nat +block in quick all with not nat +block in quick all with not lowttl +pass in all with mbcast,not bcast,multicast,not state +pass in from any to any with opt mtur,mtup,encode,ts,tr,sec,cipso,satid,ssrr,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump,addext,e-sec diff --git a/contrib/ipfilter/test/regress/in1 b/contrib/ipfilter/test/regress/in1 index 145e3d038861..163d834fb1c1 100644 --- a/contrib/ipfilter/test/regress/in1 +++ b/contrib/ipfilter/test/regress/in1 @@ -3,14 +3,16 @@ map le0 1/32 -> 1/32 map le0 128.0.0.0/1 -> 0/0 map le0 10.0.0.0/8 -> 1.2.3.0/24 map le0 10.0.0.5/8 -> 1.2.3.4/24 +map le0 10.0.0.5/0xff000000 -> 1.2.3.4/24 +map le0 10.0.0.5/0xff -> 1.2.3.4/24 map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 map ppp0 192.168.0.0/16 -> 0/32 portmap udp 20000:29999 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp 30000:39999 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp auto map ppp0 192.168.0.0/16 -> 0/32 portmap udp auto -map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp auto -map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp +map ppp0 192.168.0.0/16 -> 0/32 portmap tcpudp auto +map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/6 map ppp0 192.168.0.0/16 -> 0/32 proxy port 1010 ftp/tcp map le0 0/0 -> 0/32 frag map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag @@ -25,3 +27,4 @@ map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 frag age 30 map fxp0 from 192.168.0.0/18 to 0/0 port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp map thisisalonginte 0/0 -> 0/32 mssclamp 1452 tag freddyliveshere map bar0 0/0 -> 0/32 icmpidmap icmp 1000:2000 +map ppp0,adsl0 0/0 -> 0/32 diff --git a/contrib/ipfilter/test/regress/in2 b/contrib/ipfilter/test/regress/in2 index 222a28cfeca8..4a86de736ce4 100644 --- a/contrib/ipfilter/test/regress/in2 +++ b/contrib/ipfilter/test/regress/in2 @@ -2,7 +2,10 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip +rdr le0 9.8.7.6/0xff000000 -> 1.1.1.1 ip +rdr le0 9.8.7.6/0xffff0000 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 9.8.7.6/32 port 80 -> 0/0 port 80 tcp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp/udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 icmp @@ -11,7 +14,7 @@ rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 icmp frag -rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcpudp frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag age 10 @@ -65,3 +68,4 @@ rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port 5555 tcp rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port = 5555 tcp rdr le0 0/0 -> test.host.dots rdr le0 0/0 -> test.host.dots,test.host.dots +rdr adsl0,ppp0 0/0 port 25 -> 127.0.0.1 port 25 diff --git a/contrib/ipfilter/test/regress/in5 b/contrib/ipfilter/test/regress/in5 index d0a115c8b327..c539b03f3e5d 100644 --- a/contrib/ipfilter/test/regress/in5 +++ b/contrib/ipfilter/test/regress/in5 @@ -1,9 +1,10 @@ +map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1 portmap 10000:20000 tcp rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp -rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 ip -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 ip -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 udp +rdr le0 from any to 9.8.7.6/0xffffffff port = 0 -> 1.1.1.1 port 0 ip +rdr le0 from any to 9.8.7.6 port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 from any to 9.8.7.6/255.255.255.255 port = 8888 -> 1.1.1.1 port 888 ip +rdr le0 from any to 9.8.7.6 mask 0xffffffff port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 from any to 9.8.7.6 mask 255.255.255.255 port = 8888 -> 1.1.1.1 port 888 udp rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp/udp rdr le0 from any to 9.8.7.6/32 -> 1.1.1.1 port 888 icmp rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1,1.1.1.2 port 888 tcp diff --git a/contrib/ipfilter/test/regress/in6 b/contrib/ipfilter/test/regress/in6 index 694879945f04..932df9b23676 100644 --- a/contrib/ipfilter/test/regress/in6 +++ b/contrib/ipfilter/test/regress/in6 @@ -1,3 +1,7 @@ map foo0 from any port = 1 to any port != 0 -> 0/32 udp +map foo0 from any port eq 1 to any port ne 0 -> 0/32 udp map foo0 from any port < 1 to any port > 0 -> 0/32 tcp +map foo0 from any port lt 1 to any port gt 0 -> 0/32 tcp map foo0 from any port <= 1 to any port >= 0 -> 0/32 tcp/udp +map foo0 from any port le 1 to any port ge 0 -> 0/32 tcp/udp +map foo0 from any port 1 >< 20 to any port 20 <> 40 -> 0/32 tcp/udp diff --git a/contrib/ipfilter/test/regress/n13 b/contrib/ipfilter/test/regress/n13 new file mode 100644 index 000000000000..804793004050 --- /dev/null +++ b/contrib/ipfilter/test/regress/n13 @@ -0,0 +1 @@ +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 diff --git a/contrib/ipfilter/test/regress/n14 b/contrib/ipfilter/test/regress/n14 new file mode 100644 index 000000000000..6f5d571d606e --- /dev/null +++ b/contrib/ipfilter/test/regress/n14 @@ -0,0 +1 @@ +rdr gre0 0/0 port 80 -> 10.1.1.254,10.1.1.253 port 80 tcp sticky diff --git a/contrib/ipfilter/test/regress/ni17.nat b/contrib/ipfilter/test/regress/ni17.nat new file mode 100644 index 000000000000..3da63383a7b8 --- /dev/null +++ b/contrib/ipfilter/test/regress/ni17.nat @@ -0,0 +1,4 @@ +rdr le0 0/0 port 80 -> 10.1.1.252 port 3128 tcp round-robin +rdr le0 0/0 port 80 -> 10.1.2.252 port 3128 tcp round-robin +rdr le0 0/0 port 80 -> 10.1.3.252 port 3128 tcp round-robin sticky +rdr le0 0/0 port 80 -> 10.1.1.253,10.1.2.253 port 3128 tcp round-robin sticky diff --git a/contrib/ipfilter/test/regress/p2.ipf b/contrib/ipfilter/test/regress/p2.ipf index 5b58647eab5b..4cfb388e82d6 100644 --- a/contrib/ipfilter/test/regress/p2.ipf +++ b/contrib/ipfilter/test/regress/p2.ipf @@ -1 +1,2 @@ pass out from hash=(127.0.0.1,4.4.0.0/16) to any +block in from hash=(127.0.0.1,4.4.0.0/16) to any diff --git a/contrib/ipfilter/test/test.format b/contrib/ipfilter/test/test.format index 090c8a983d0a..f284542201e6 100644 --- a/contrib/ipfilter/test/test.format +++ b/contrib/ipfilter/test/test.format @@ -1,6 +1,6 @@ #test input-format output-format bpf-f1 text text -bpf1 text text +bpf1 text ipf f1 text text f2 text text f3 text text @@ -18,21 +18,29 @@ f14 text text f15 text text f16 text text f17 hex hex -i1 text text -i2 text text -i3 text text -i4 text text -i5 text text -i6 text text -i7 text text -i8 text text -i9 text text -i10 text text -i11 text text -i12 text text -i13 text text -i14 text text -i15 text text +f18 text text +f19 text text fr_statemax=3 +i1 text ipf +i2 text ipf +i3 text ipf +i4 text ipf +i5 text ipf +i6 text ipf +i7 text ipf +i8 text ipf +i9 text ipf +i10 text ipf +i11 text ipf +i12 text ipf +i13 text ipf +i14 text ipf +i15 text ipf +i16 text ipf +i17 text ipftest +i18 text ipf +i19 text ipf +i20 text ipf +i21 text ipf in1 text text in2 text text in3 text text @@ -56,6 +64,8 @@ n9 hex hex fr_update_ipid=0 n10 hex hex fr_update_ipid=0 n11 text text n12 hex hex fr_update_ipid=0 +n13 text text +n14 text text ni1 hex hex fr_update_ipid=1 ni2 hex hex fr_update_ipid=1 ni3 hex hex fr_update_ipid=1 diff --git a/contrib/ipfilter/test/vfycksum.pl b/contrib/ipfilter/test/vfycksum.pl index 9cb47f651d6f..d23c88430f5a 100755 --- a/contrib/ipfilter/test/vfycksum.pl +++ b/contrib/ipfilter/test/vfycksum.pl @@ -3,6 +3,14 @@ # validate the IPv4 header checksum. # $bytes[] is an array of 16bit values, with $cnt elements in the array. # +sub dump { + print "\n"; + for ($i = 0; $i < $#bytes; $i++) { + printf "%04x ", $bytes[$i]; + } + print "\n"; +} + sub dosum { local($seed) = $_[0]; local($start) = $_[1]; @@ -99,7 +107,8 @@ sub tcpcheck { } if ($z) { - print " TCP: missing data($x $y $z)"; + print " TCP: missing data($x $y $z) $hl"; +# &dump(); return; } diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index ea39780115b1..245412445adf 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -21,7 +19,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index 0660d50dcf4d..a65a2e2b7933 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -1,11 +1,10 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include #include #ifdef IPFILTER_BPF -# include +# include "pcap-bpf.h" +# define _NET_BPF_H_ # include #endif #include "netinet/ip_pool.h" @@ -58,7 +57,7 @@ static struct wordtab icmpcodewords[17]; static struct wordtab icmptypewords[16]; static struct wordtab ipv4optwords[25]; static struct wordtab ipv4secwords[9]; -static struct wordtab ipv6optwords[8]; +static struct wordtab ipv6optwords[9]; static struct wordtab logwords[33]; %} @@ -135,6 +134,7 @@ static struct wordtab logwords[33]; %token IPF6_V6HDRS IPFY_IPV6OPT IPFY_IPV6OPT_DSTOPTS IPFY_IPV6OPT_HOPOPTS %token IPFY_IPV6OPT_IPV6 IPFY_IPV6OPT_NONE IPFY_IPV6OPT_ROUTING +%token IPFY_IPV6OPT_MOBILITY IPFY_IPV6OPT_ESP IPFY_IPV6OPT_FRAG %token IPFY_ICMPT_UNR IPFY_ICMPT_ECHO IPFY_ICMPT_ECHOR IPFY_ICMPT_SQUENCH %token IPFY_ICMPT_REDIR IPFY_ICMPT_TIMEX IPFY_ICMPT_PARAMP IPFY_ICMPT_TIMEST @@ -1025,7 +1025,7 @@ codelist: icmpcode { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) } | codelist lmore icmpcode - { DOREM(fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } + { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } ; age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ @@ -1085,6 +1085,7 @@ stateopt: | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) } | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) } + age; ; portnum: @@ -1101,15 +1102,14 @@ portnum: ; withlist: - withopt - | withlist withopt - | withlist ',' withopt + withopt { nowith = 0; } + | withlist withopt { nowith = 0; } + | withlist ',' withopt { nowith = 0; } ; withopt: opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) } - | notwith opttype - { DOALL(fr->fr_mflx |= $2;) } + | notwith opttype { DOALL(fr->fr_mflx |= $2;) } | ipopt ipopts { yyresetdict(); } | notwith ipopt ipopts { yyresetdict(); } | startv6hdrs ipv6hdrs { yyresetdict(); } @@ -1267,12 +1267,13 @@ setsecclass: ipv6hdr: IPFY_AH { $$ = getv6optbyvalue(IPPROTO_AH); } | IPFY_IPV6OPT_DSTOPTS { $$ = getv6optbyvalue(IPPROTO_DSTOPTS); } - | IPFY_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } + | IPFY_IPV6OPT_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } | IPFY_IPV6OPT_HOPOPTS { $$ = getv6optbyvalue(IPPROTO_HOPOPTS); } | IPFY_IPV6OPT_IPV6 { $$ = getv6optbyvalue(IPPROTO_IPV6); } | IPFY_IPV6OPT_NONE { $$ = getv6optbyvalue(IPPROTO_NONE); } | IPFY_IPV6OPT_ROUTING { $$ = getv6optbyvalue(IPPROTO_ROUTING); } - | IPFY_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_MOBILITY { $$ = getv6optbyvalue(IPPROTO_MOBILITY); } ; level: IPFY_LEVEL { setsyslog(); } @@ -1434,6 +1435,7 @@ static struct wordtab ipfwords[95] = { { "mask", IPFY_MASK }, { "match-tag", IPFY_MATCHTAG }, { "mbcast", IPFY_MBCAST }, + { "mcast", IPFY_MULTICAST }, { "multicast", IPFY_MULTICAST }, { "nat", IPFY_NAT }, { "ne", YY_CMP_NE }, @@ -1573,12 +1575,13 @@ static struct wordtab ipv4secwords[9] = { { NULL, 0 }, }; -static struct wordtab ipv6optwords[8] = { +static struct wordtab ipv6optwords[9] = { { "dstopts", IPFY_IPV6OPT_DSTOPTS }, - { "esp", IPFY_ESP }, - { "frag", IPFY_FRAG }, + { "esp", IPFY_IPV6OPT_ESP }, + { "frag", IPFY_IPV6OPT_FRAG }, { "hopopts", IPFY_IPV6OPT_HOPOPTS }, { "ipv6", IPFY_IPV6OPT_IPV6 }, + { "mobility", IPFY_IPV6OPT_MOBILITY }, { "none", IPFY_IPV6OPT_NONE }, { "routing", IPFY_IPV6OPT_ROUTING }, { NULL, 0 }, @@ -1825,8 +1828,7 @@ char *phrase; fr->fr_v = v; fr->fr_type = FR_T_BPFOPC; - if (!strncmp(phrase, "\"0x", 2)) { - phrase++; + if (!strncmp(phrase, "0x", 2)) { fb = malloc(sizeof(fakebpf_t)); for (i = 0, s = strtok(phrase, " \r\n\t"); s != NULL; diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index 262e909dd627..f09bfd314fd2 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c index 49e7e520a973..767dffb74df6 100644 --- a/contrib/ipfilter/tools/ipfs.c +++ b/contrib/ipfilter/tools/ipfs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001, 2003 by Darren Reed. * @@ -41,7 +39,7 @@ #include #include #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #if !defined(lint) static const char rcsid[] = "@(#)Id: ipfs.c,v 1.12 2003/12/01 01:56:53 darrenr Exp"; diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index fbd6c3541283..fb0c43383de0 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -70,7 +68,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.11 2005/03/30 14:09:57 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.13 2005/10/17 17:26:32 darrenr Exp $"; #endif #ifdef __hpux @@ -1008,10 +1006,11 @@ int topclosed; { char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE]; int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT; - int i, j, winy, tsentry, maxx, maxy, redraw = 0; + int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0; int len, srclen, dstlen, forward = 1, c = 0; ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; + const char *errstr = ""; ipstate_t ips; ipfobj_t ipfo; struct timeval selecttimeout; @@ -1051,8 +1050,9 @@ int topclosed; /* get state table */ bzero((char *)&ipsst, sizeof(ipsst)); if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { - perror("ioctl(SIOCGETFS)"); - exit(-1); + errstr = "ioctl(SIOCGETFS)"; + ret = -1; + goto out; } /* clear the history */ @@ -1416,12 +1416,15 @@ int topclosed; } } /* while */ +out: printw("\n"); curs_set(1); - nocbreak(); + /* nocbreak(); XXX - endwin() should make this redundant */ endwin(); free(tstable); + if (ret != 0) + perror(errstr); } #endif @@ -1612,7 +1615,9 @@ static char *getip(v, addr) int v; i6addr_t *addr; { +#ifdef USE_INET6 static char hostbuf[MAXHOSTNAMELEN+1]; +#endif if (v == 4) return inet_ntoa(addr->in4); diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index fbc91e5aae66..913f756cfa4f 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipftest.c,v 1.44.2.3 2005/02/01 02:41:24 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.7 2005/12/07 08:29:19 darrenr Exp $"; #endif extern char *optarg; @@ -22,13 +20,15 @@ extern struct ifnet *get_unit __P((char *, int)); extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; +extern hostmap_t **maptable; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; -ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw; +ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int opts = OPT_DONOTHING; int use_inet6 = 0; +int docksum = 0; int pfil_delayed_copy = 0; int main __P((int, char *[])); int loadrules __P((char *, int)); @@ -77,6 +77,7 @@ char *argv[]; { char *datain, *iface, *ifname, *logout; int fd, i, dir, c, loaded, dump, hlen; + struct in_addr sip; struct ifnet *ifp; struct ipread *r; mb_t mb, *m; @@ -90,21 +91,23 @@ char *argv[]; r = &iptext; iface = NULL; logout = NULL; - ifname = "anon0"; datain = NULL; + sip.s_addr = 0; + ifname = "anon0"; MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock"); RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex"); RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); initparse(); if (fr_initialise() == -1) abort(); fr_running = 1; - while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) + while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1) switch (c) { case '6' : @@ -121,6 +124,9 @@ char *argv[]; case 'd' : opts |= OPT_DEBUG; break; + case 'C' : + docksum = 1; + break; case 'D' : dump = 1; break; @@ -147,21 +153,6 @@ char *argv[]; case 'l' : logout = optarg; break; - case 'o' : - opts |= OPT_SAVEOUT; - break; - case 'r' : - if (ipf_parsefile(-1, ipf_addrule, iocfunctions, - optarg) == -1) - return -1; - loaded = 1; - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; case 'N' : if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, optarg) == -1) @@ -169,14 +160,32 @@ char *argv[]; loaded = 1; opts |= OPT_NAT; break; + case 'o' : + opts |= OPT_SAVEOUT; + break; case 'P' : if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) return -1; loaded = 1; break; + case 'r' : + if (ipf_parsefile(-1, ipf_addrule, iocfunctions, + optarg) == -1) + return -1; + loaded = 1; + break; + case 'S' : + sip.s_addr = inet_addr(optarg); + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; case 'T' : ipf_dotuning(-1, optarg, ipftestioctl); break; + case 'v' : + opts |= OPT_VERBOSE; + break; case 'x' : opts |= OPT_HEX; break; @@ -207,9 +216,11 @@ char *argv[]; if (!use_inet6) { ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - if (r->r_flags & R_DO_CKSUM) + if ((r->r_flags & R_DO_CKSUM) || docksum) fixv4sums(m, ip); hlen = IP_HL(ip) << 2; + if (sip.s_addr) + dir = !(sip.s_addr == ip->ip_src.s_addr); } #ifdef USE_INET6 else @@ -283,6 +294,9 @@ char *argv[]; } m = &mb; } + + if (i != 0) + fprintf(stderr, "readip failed: %d\n", i); (*r->r_close)(); if (logout != NULL) { @@ -617,6 +631,8 @@ void dumpnat() { ipnat_t *ipn; nat_t *nat; + hostmap_t *hm; + int i; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) @@ -627,6 +643,12 @@ void dumpnat() if (nat->nat_aps) printaps(nat->nat_aps, opts); } + + printf("\nHostmap table:\n"); + for (i = 0; i < ipf_hostmap_sz; i++) { + for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) + printhostmap(hm, i); + } } @@ -764,6 +786,10 @@ ip_t *ip; hdr = csump; csump += offsetof(udphdr_t, uh_sum); break; + case IPPROTO_ICMP : + hdr = csump; + csump += offsetof(icmphdr_t, icmp_cksum); + break; default : csump = NULL; hdr = NULL; diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index a91eee455d46..1ef3351e98bd 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -78,7 +76,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.8 2004/12/09 19:41:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $"; #endif @@ -420,6 +418,14 @@ static void init_tabs() p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); +#if defined(_AIX51) + if (protocols[0]) + free(protocols[0]); + if (protocols[252]) + free(protocols[252]); + protocols[0] = "ip"; + protocols[252] = NULL; +#endif } if (udp_ports != NULL) { @@ -1024,7 +1030,8 @@ int blen; (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); t += strlen(t); #endif -#ifdef __sgi +#if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \ + defined(__arm__) if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0')) #else if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0')) diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y index 8b300288c8d1..4eba00c2b018 100644 --- a/contrib/ipfilter/tools/ipmon_y.y +++ b/contrib/ipfilter/tools/ipmon_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index fc17cea76f27..d17d6686d053 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -51,7 +49,7 @@ # include #endif #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include "kmem.h" #ifdef __hpux @@ -67,7 +65,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipnat.c,v 1.24.2.1 2004/04/28 17:56:22 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index d3f18c66c4fb..ddd431115eb7 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version @@ -160,8 +158,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -188,8 +184,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -306,6 +300,11 @@ rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } dip: hostname { nat->in_inip = $1.s_addr; nat->in_inmsk = 0xffffffff; } + | hostname '/' YY_NUMBER { if ($3 != 0 || $1.s_addr != 0) + yyerror("Only 0/0 supported"); + nat->in_inip = 0; + nat->in_inmsk = 0; + } | hostname ',' hostname { nat->in_flags |= IPN_SPLIT; nat->in_inip = $1.s_addr; nat->in_inmsk = $3.s_addr; } @@ -454,11 +453,11 @@ addr: IPNY_ANY { $$.a.s_addr = 0; $$.m.s_addr = 0; } $$.a.s_addr &= $$.m.s_addr; } | hostname '/' ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } | hostname IPNY_MASK ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } ; @@ -471,7 +470,7 @@ nummask: portstuff: compare portspec { $$.pc = $1; $$.p1 = $2; } - | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; } + | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } ; mapoptions: diff --git a/contrib/ipfilter/tools/ippool.c b/contrib/ipfilter/tools/ippool.c index 7122c9443fd1..31b5bfdc131a 100644 --- a/contrib/ipfilter/tools/ippool.c +++ b/contrib/ipfilter/tools/ippool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/ippool_y.y b/contrib/ipfilter/tools/ippool_y.y index 357745d0f0ca..a5082688cfdd 100644 --- a/contrib/ipfilter/tools/ippool_y.y +++ b/contrib/ipfilter/tools/ippool_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include #include diff --git a/contrib/ipfilter/tools/ipscan_y.y b/contrib/ipfilter/tools/ipscan_y.y index 64cbb6d0125d..c3446ff6c3ae 100644 --- a/contrib/ipfilter/tools/ipscan_y.y +++ b/contrib/ipfilter/tools/ipscan_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include #include diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index 20cc25e9d685..8a8797475dff 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index a189a9bcad24..29c63af0c7ef 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/lex_var.h b/contrib/ipfilter/tools/lex_var.h index 33fba256b973..0a0bd4bfff06 100644 --- a/contrib/ipfilter/tools/lex_var.h +++ b/contrib/ipfilter/tools/lex_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - extern long string_start; extern long string_end; diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index f6fccfbbc624..66de8fcc4118 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/lexer.h b/contrib/ipfilter/tools/lexer.h index 4950aa8168dc..a296cb0bc39b 100644 --- a/contrib/ipfilter/tools/lexer.h +++ b/contrib/ipfilter/tools/lexer.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - typedef struct wordtab { char *w_word;