svn commit: r363768 - in stable/12: contrib/ipfilter/iplang contrib/ipfilter/ipsend libexec/rc/rc.d sys/contrib/ipfilter/netinet
Cy Schubert
cy at FreeBSD.org
Sun Aug 2 04:25:15 UTC 2020
Author: cy
Date: Sun Aug 2 04:25:11 2020
New Revision: 363768
URL: https://svnweb.freebsd.org/changeset/base/363768
Log:
MFC r363284-r363285, r363452, r363670
r363284:
pfil_run_hooks() can be called recursively, so we have to
define FASTROUTE_RECURSION in fil.c
Submitted by: christos at NetBSD.org
Reported by: christos at NetBSD.org
Obtained from: NetBSD r1.31
r363285:
Fix incorrect byte order in ipfstat -f output.
- make sure frag is initialized to 0
- initialize ipfr_p field
NetBSD PR: 55137
Submitted by: christos at NetBSD.org
Reported by: christos at NetBSD.org
Obtained from: NetBSD fil.c r1.32, ip_frag.c r1.8
r363452:
Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail.
PR: 248109
Reported by: joeb1 at a1poweruser.com
r363670:
Continued ipfilter #ifdef cleanup. The r343701 log entry contains a
complete description.
Modified:
stable/12/contrib/ipfilter/iplang/iplang_y.y
stable/12/contrib/ipfilter/ipsend/arp.c
stable/12/contrib/ipfilter/ipsend/ipresend.c
stable/12/contrib/ipfilter/ipsend/ipsend.c
stable/12/contrib/ipfilter/ipsend/iptest.c
stable/12/contrib/ipfilter/ipsend/iptests.c
stable/12/contrib/ipfilter/ipsend/sock.c
stable/12/libexec/rc/rc.d/ipfilter
stable/12/libexec/rc/rc.d/ipmon
stable/12/libexec/rc/rc.d/ipnat
stable/12/libexec/rc/rc.d/ippool
stable/12/sys/contrib/ipfilter/netinet/fil.c
stable/12/sys/contrib/ipfilter/netinet/ip_frag.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/contrib/ipfilter/iplang/iplang_y.y
==============================================================================
--- stable/12/contrib/ipfilter/iplang/iplang_y.y Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/iplang/iplang_y.y Sun Aug 2 04:25:11 2020 (r363768)
@@ -45,11 +45,6 @@
#include "ipf.h"
#include "iplang.h"
-#if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \
- __FreeBSD_version < 400020) && (!SOLARIS || SOLARIS2 < 10)
-extern struct ether_addr *ether_aton __P((char *));
-#endif
-
extern int opts;
extern struct ipopt_names ionames[];
extern int state, state, lineNum, token;
@@ -58,11 +53,7 @@ extern char yytext[];
extern FILE *yyin;
int yylex __P((void));
#define YYDEBUG 1
-#if !defined(ultrix) && !defined(hpux)
int yydebug = 1;
-#else
-extern int yydebug;
-#endif
iface_t *iflist = NULL, **iftail = &iflist;
iface_t *cifp = NULL;
Modified: stable/12/contrib/ipfilter/ipsend/arp.c
==============================================================================
--- stable/12/contrib/ipfilter/ipsend/arp.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/ipsend/arp.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -11,17 +11,13 @@ static const char rcsid[] = "@(#)$Id$";
#endif
#include <sys/types.h>
#include <sys/socket.h>
-#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51)
# include <sys/sockio.h>
-#endif
#include <sys/ioctl.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <net/if.h>
#include <netinet/if_ether.h>
-#ifndef ultrix
# include <net/if_arp.h>
-#endif
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
Modified: stable/12/contrib/ipfilter/ipsend/ipresend.c
==============================================================================
--- stable/12/contrib/ipfilter/ipsend/ipresend.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/ipsend/ipresend.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -38,15 +38,7 @@ int opts = 0;
# ifdef sun
char default_device[] = "le0";
# else
-# ifdef ultrix
-char default_device[] = "ln0";
-# else
-# ifdef __bsdi__
-char default_device[] = "ef0";
-# else
char default_device[] = "lan0";
-# endif
-# endif
# endif
#else
char default_device[] = DEFAULT_DEVICE;
Modified: stable/12/contrib/ipfilter/ipsend/ipsend.c
==============================================================================
--- stable/12/contrib/ipfilter/ipsend/ipsend.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/ipsend/ipsend.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -33,15 +33,7 @@ extern void iplang __P((FILE *));
char options[68];
int opts;
-# ifdef ultrix
-char default_device[] = "ln0";
-# else
-# ifdef __bsdi__
-char default_device[] = "ef0";
-# else
char default_device[] = "le0";
-# endif /* __bsdi__ */
-# endif /* ultrix */
static void usage __P((char *));
Modified: stable/12/contrib/ipfilter/ipsend/iptest.c
==============================================================================
--- stable/12/contrib/ipfilter/ipsend/iptest.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/ipsend/iptest.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -34,15 +34,7 @@ char options[68];
# ifdef sun
char default_device[] = "le0";
# else
-# ifdef ultrix
-char default_device[] = "ln0";
-# else
-# ifdef __bsdi__
-char default_device[] = "ef0";
-# else
char default_device[] = "lan0";
-# endif
-# endif
# endif
static void usage __P((char *));
Modified: stable/12/contrib/ipfilter/ipsend/iptests.c
==============================================================================
--- stable/12/contrib/ipfilter/ipsend/iptests.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/ipsend/iptests.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -36,18 +36,13 @@ typedef int boolean_t;
# endif
# undef _KERNEL
# undef KERNEL
-#if !defined(solaris) && !defined(linux) && !defined(__sgi)
+#if !defined(solaris)
# include <nlist.h>
# include <sys/user.h>
# include <sys/proc.h>
#endif
-#if !defined(ultrix) && !defined(hpux) && !defined(linux) && \
- !defined(__sgi) && !defined(__osf__) && !defined(_AIX51)
# include <kvm.h>
-#endif
-#ifndef ultrix
# include <sys/socket.h>
-#endif
#if defined(solaris)
# include <sys/stream.h>
#else
@@ -57,11 +52,9 @@ typedef int boolean_t;
#include <sys/systm.h>
#include <sys/session.h>
#endif
-#if BSD >= 199103
# include <sys/sysctl.h>
# include <sys/filedesc.h>
# include <paths.h>
-#endif
#include <netinet/in_systm.h>
#include <sys/socket.h>
#include <net/if.h>
@@ -74,7 +67,7 @@ typedef int boolean_t;
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
-#if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
+#if defined(__SVR4) || defined(__svr4__)
# include <sys/sysmacros.h>
#endif
#include <stdio.h>
@@ -82,7 +75,7 @@ typedef int boolean_t;
#include <stdlib.h>
#include <string.h>
# include <netinet/ip_var.h>
-# if !defined(__hpux) && !defined(solaris)
+# if !defined(solaris)
# include <netinet/in_pcb.h>
# endif
#include "ipsend.h"
Modified: stable/12/contrib/ipfilter/ipsend/sock.c
==============================================================================
--- stable/12/contrib/ipfilter/ipsend/sock.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/contrib/ipfilter/ipsend/sock.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -21,14 +21,8 @@ static const char rcsid[] = "@(#)$Id$";
*/
typedef int boolean_t;
#endif
-#ifndef ultrix
#include <fcntl.h>
-#endif
-#if (__FreeBSD_version >= 300000)
# include <sys/dirent.h>
-#else
-# include <sys/dir.h>
-#endif
# ifdef __NetBSD__
# include <machine/lock.h>
# endif
@@ -38,10 +32,6 @@ typedef int boolean_t;
# define _KERNEL
# define KERNEL
# endif
-# ifdef ultrix
-# undef LOCORE
-# include <sys/smp_lock.h>
-# endif
# include <sys/file.h>
# ifdef __FreeBSD__
# undef _WANT_FILE
@@ -54,18 +44,14 @@ typedef int boolean_t;
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
-#if !defined(ultrix) && !defined(hpux) && !defined(__osf__)
# include <kvm.h>
-#endif
#ifdef sun
#include <sys/systm.h>
#include <sys/session.h>
#endif
-#if BSD >= 199103
#include <sys/sysctl.h>
#include <sys/filedesc.h>
#include <paths.h>
-#endif
#include <math.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -143,128 +129,10 @@ int kmemcpy(buf, pos, n)
struct nlist names[4] = {
{ "_proc" },
{ "_nproc" },
-#ifdef ultrix
- { "_u" },
-#else
{ NULL },
-#endif
{ NULL }
};
-#if BSD < 199103
-static struct proc *getproc()
-{
- struct proc *p;
- pid_t pid = getpid();
- int siz, n;
-
- n = nlist(KERNEL, names);
- if (n != 0)
- {
- fprintf(stderr, "nlist(%#x) == %d\n", names, n);
- return NULL;
- }
- if (KMCPY(&nproc, names[1].n_value, sizeof(nproc)) == -1)
- {
- fprintf(stderr, "read nproc (%#x)\n", names[1].n_value);
- return NULL;
- }
- siz = nproc * sizeof(struct proc);
- if (KMCPY(&p, names[0].n_value, sizeof(p)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x,%d) proc\n",
- names[0].n_value, &p, sizeof(p));
- return NULL;
- }
- proc = (struct proc *)malloc(siz);
- if (KMCPY(proc, p, siz) == -1)
- {
- fprintf(stderr, "read(%#x,%#x,%d) proc\n",
- p, proc, siz);
- return NULL;
- }
-
- p = proc;
-
- for (n = nproc; n; n--, p++)
- if (p->p_pid == pid)
- break;
- if (!n)
- return NULL;
-
- return p;
-}
-
-
-struct tcpcb *find_tcp(fd, ti)
- int fd;
- struct tcpiphdr *ti;
-{
- struct tcpcb *t;
- struct inpcb *i;
- struct socket *s;
- struct user *up;
- struct proc *p;
- struct file *f, **o;
-
- if (!(p = getproc()))
- return NULL;
- up = (struct user *)malloc(sizeof(*up));
-#ifndef ultrix
- if (KMCPY(up, p->p_uarea, sizeof(*up)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x) failed\n", p, p->p_uarea);
- return NULL;
- }
-#else
- if (KMCPY(up, names[2].n_value, sizeof(*up)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x) failed\n", p, names[2].n_value);
- return NULL;
- }
-#endif
-
- o = (struct file **)calloc(up->u_lastfile + 1, sizeof(*o));
- if (KMCPY(o, up->u_ofile, (up->u_lastfile + 1) * sizeof(*o)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x,%d) - u_ofile - failed\n",
- up->u_ofile, o, sizeof(*o));
- return NULL;
- }
- f = (struct file *)calloc(1, sizeof(*f));
- if (KMCPY(f, o[fd], sizeof(*f)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x,%d) - o[fd] - failed\n",
- up->u_ofile[fd], f, sizeof(*f));
- return NULL;
- }
-
- s = (struct socket *)calloc(1, sizeof(*s));
- if (KMCPY(s, f->f_data, sizeof(*s)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x,%d) - f_data - failed\n",
- o[fd], s, sizeof(*s));
- return NULL;
- }
-
- i = (struct inpcb *)calloc(1, sizeof(*i));
- if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1)
- {
- fprintf(stderr, "kvm_read(%#x,%#x,%d) - so_pcb - failed\n",
- s->so_pcb, i, sizeof(*i));
- return NULL;
- }
-
- t = (struct tcpcb *)calloc(1, sizeof(*t));
- if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1)
- {
- fprintf(stderr, "read(%#x,%#x,%d) - inp_ppcb - failed\n",
- i->inp_ppcb, t, sizeof(*t));
- return NULL;
- }
- return (struct tcpcb *)i->inp_ppcb;
-}
-#else
static struct kinfo_proc *getproc()
{
static struct kinfo_proc kp;
@@ -304,7 +172,7 @@ struct tcpcb *find_tcp(tfd, ti)
fd = (struct filedesc *)malloc(sizeof(*fd));
if (fd == NULL)
return NULL;
-#if defined( __FreeBSD_version) && __FreeBSD_version >= 500013
+#if defined( __FreeBSD_version)
if (KMCPY(fd, p->ki_fd, sizeof(*fd)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx) failed\n",
@@ -381,7 +249,6 @@ finderror:
free(t);
return NULL;
}
-#endif /* BSD < 199301 */
int do_socket(dev, mtu, ti, gwip)
char *dev;
Modified: stable/12/libexec/rc/rc.d/ipfilter
==============================================================================
--- stable/12/libexec/rc/rc.d/ipfilter Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/libexec/rc/rc.d/ipfilter Sun Aug 2 04:25:11 2020 (r363768)
@@ -5,7 +5,7 @@
# PROVIDE: ipfilter
# REQUIRE: FILESYSTEMS
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
Modified: stable/12/libexec/rc/rc.d/ipmon
==============================================================================
--- stable/12/libexec/rc/rc.d/ipmon Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/libexec/rc/rc.d/ipmon Sun Aug 2 04:25:11 2020 (r363768)
@@ -6,7 +6,7 @@
# PROVIDE: ipmon
# REQUIRE: FILESYSTEMS hostname sysctl ipfilter
# BEFORE: SERVERS
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
Modified: stable/12/libexec/rc/rc.d/ipnat
==============================================================================
--- stable/12/libexec/rc/rc.d/ipnat Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/libexec/rc/rc.d/ipnat Sun Aug 2 04:25:11 2020 (r363768)
@@ -5,7 +5,7 @@
# PROVIDE: ipnat
# REQUIRE: ipfilter
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
Modified: stable/12/libexec/rc/rc.d/ippool
==============================================================================
--- stable/12/libexec/rc/rc.d/ippool Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/libexec/rc/rc.d/ippool Sun Aug 2 04:25:11 2020 (r363768)
@@ -6,7 +6,7 @@
# PROVIDE: ippool
# REQUIRE: FILESYSTEMS
# BEFORE: ipfilter
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
Modified: stable/12/sys/contrib/ipfilter/netinet/fil.c
==============================================================================
--- stable/12/sys/contrib/ipfilter/netinet/fil.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/sys/contrib/ipfilter/netinet/fil.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -115,6 +115,8 @@ extern int opts;
extern int blockreason;
#endif /* _KERNEL */
+#define FASTROUTE_RECURSION
+
#define LBUMP(x) softc->x++
#define LBUMPD(x, y) do { softc->x.y++; DT(y); } while (0)
@@ -1696,7 +1698,7 @@ ipf_pr_ipv4hdr(fin)
fi->fi_p = p;
fin->fin_crc = p;
fi->fi_tos = ip->ip_tos;
- fin->fin_id = ip->ip_id;
+ fin->fin_id = ntohs(ip->ip_id);
off = ntohs(ip->ip_off);
/* Get both TTL and protocol */
Modified: stable/12/sys/contrib/ipfilter/netinet/ip_frag.c
==============================================================================
--- stable/12/sys/contrib/ipfilter/netinet/ip_frag.c Sat Aug 1 16:02:32 2020 (r363767)
+++ stable/12/sys/contrib/ipfilter/netinet/ip_frag.c Sun Aug 2 04:25:11 2020 (r363768)
@@ -404,6 +404,7 @@ ipfr_frag_new(softc, softf, fin, pass, table
}
}
+ memset(&frag, 0, sizeof(frag));
frag.ipfr_v = fin->fin_v;
idx = fin->fin_v;
frag.ipfr_p = fin->fin_p;
@@ -452,6 +453,7 @@ ipfr_frag_new(softc, softf, fin, pass, table
FBUMPD(ifs_nomem);
return NULL;
}
+ memset(fran, 0, sizeof(*fran));
WRITE_ENTER(lock);
@@ -489,6 +491,7 @@ ipfr_frag_new(softc, softf, fin, pass, table
table[idx] = fra;
bcopy((char *)&frag.ipfr_ifp, (char *)&fra->ipfr_ifp, IPFR_CMPSZ);
fra->ipfr_v = fin->fin_v;
+ fra->ipfr_p = fin->fin_p;
fra->ipfr_ttl = softc->ipf_ticks + softf->ipfr_ttl;
fra->ipfr_firstend = frag.ipfr_firstend;
@@ -677,6 +680,7 @@ ipf_frag_lookup(softc, softf, fin, table
*
* build up a hash value to index the table with.
*/
+ memset(&frag, 0, sizeof(frag));
frag.ipfr_v = fin->fin_v;
idx = fin->fin_v;
frag.ipfr_p = fin->fin_p;
More information about the svn-src-stable-12
mailing list