diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile index 72086a016cd..9a2158bcf47 100644 --- a/contrib/ipfilter/BSD/Makefile +++ b/contrib/ipfilter/BSD/Makefile @@ -8,7 +8,8 @@ SBINDEST=/sbin MANDIR=/usr/share/man SEARCHDIRS!=echo $(BINDEST) $(SBINDEST) /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin | awk '{for(i=1;i&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -n > report + sort -n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += $$F[0]/100*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,$$t/$$lc*100;' >> report + +clean-coverage: + /bin/rm -f *.gcov *.da diff --git a/contrib/ipfilter/BSD/Makefile.ipsend b/contrib/ipfilter/BSD/Makefile.ipsend index 410ea67c14f..a83de1c6a92 100644 --- a/contrib/ipfilter/BSD/Makefile.ipsend +++ b/contrib/ipfilter/BSD/Makefile.ipsend @@ -1,5 +1,5 @@ # -# Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp +# $Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp $ # BINDEST=/usr/sbin diff --git a/contrib/ipfilter/BSD/kupgrade b/contrib/ipfilter/BSD/kupgrade index 91f32daab43..77a6ba1f534 100644 --- a/contrib/ipfilter/BSD/kupgrade +++ b/contrib/ipfilter/BSD/kupgrade @@ -31,6 +31,14 @@ else major=x fi +if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then + echo "Please do a build of ipfilter and then run the following" + echo "command to build extra files:" + echo + echo "make ip_rules.c" + exit 1 +fi + echo -n "Installing " for j in auth frag nat proxy scan state sync pool htable lookup rules; do for i in ip_$j.[ch]; do diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 index 8a827cf899e..c232b2c1597 100755 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.0 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sun Feb 13 14:32:01 2000 --- ip6_input.c Wed Apr 26 22:31:34 2000 *************** diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 index a6a46129903..90dac19eb04 100644 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sat Jul 15 07:14:34 2000 --- ip6_input.c Thu Oct 19 17:14:37 2000 *************** diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 index a6a46129903..90dac19eb04 100644 --- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 +++ b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch-4.2 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" *** ip6_input.c.orig Sat Jul 15 07:14:34 2000 --- ip6_input.c Thu Oct 19 17:14:37 2000 *************** diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY index 9b93e8309ca..32daed422bb 100644 --- a/contrib/ipfilter/HISTORY +++ b/contrib/ipfilter/HISTORY @@ -10,6 +10,85 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +4.1.10 - Released 6 December 2005 + +Expand regression testing to cover more features + +Add "coverage" build target for BSD + +Fix building 64bit sparc target for Solaris + +Add IPv6 mobility header to list of accepted keywords for V6 headers + +Resolve locking problems on Solaris when sending RST/icmp packets + +#ifdef's for IPFILTER_BPF need to check if words are defined before +using them in comparisons + +Add checking for SACK permitted option in TCP SYN packets + +Fix loading anonymous pools from inline rule configuration groups + +Add -C command line option to ipftest + +Include extra "const" from NetBSD + +Don't require SIOCKSTLCK for SIOCSTPUT + +Fix some use of "sticky" on NAT rules + +Fix statistical counting of deleting state for TCP connections + +Fix compile problems caused by changes to is_opt/is_optmsk in ip_sync.c + +Fix TCP out-of-window (OOW) problems: +- window scaling turned off if one chose for its scale factor +- Microsoft Windows TCP sends the "next packet" to the right of the window + when using SACK and filling in a hole + +4.1.9 - Released 13 August 2005 + +make ipfilter fix IPv4 header checksums for outgoing packets if BRIDGE_IPF +is defined when compiled. + +move the definition of SIOCPROXY from ip_nat.h to ip_proxy.h + +make the BSD/upgrade script more instructive about the requiements for +ip_rules.[ch] when it is run + +register for interface events on FreeBSD (>5.2.1) and NetBSD so that +"ipf -y" is not not requried to tell ipfilter about interface changes. + +for "quick" rules that do "keep state", move the state adding into the rule +evaluation so that we can detect it failing as rules are evaluated and +continue on to the next rather than wait until we're done and it's too late +to recover for more rule processing. + +mark ICMP packets advertising an MTU that's too small as being bad + +rework ipv6 header parsing to get better code reuse and fix logic errors +in dealing with ipv6 packets containing fragment headers. Also, where a +protocol handler was doing both v4 & v6, make a seperate function for each. + +build for both amd64 and i86pc (32bit) on Solaris10 and later, if possible + +include start of work to get IPFilter working on AIX 5.3 + +Use FI_ICMPERR flag rather than try to compute its equivalent all the time + +Rewrork IPv6 extension header parsing to get better code reuse + +Add missing timeout on Linux + +Fix for locking when reading from ipsync (Frank Volf) + +Fix insertion/appending of rules that use a collection number + +Somehow turning up the spl knob to splnet disappeared on platforms that still +use the spl interface. + +fix problems with "ipf -T" not listing multiple variables properly + 4.1.8 - Released 29 March 2005 include path from Phil Dibowitz for sorting ipfstat -t output by source or diff --git a/contrib/ipfilter/INST.FreeBSD-2.2 b/contrib/ipfilter/INST.FreeBSD-2.2 index 0e0ea06786f..78f7295e089 100644 --- a/contrib/ipfilter/INST.FreeBSD-2.2 +++ b/contrib/ipfilter/INST.FreeBSD-2.2 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" To build a kernel for use with the loadable kernel module, follow these steps: diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile index c54e1db1b86..59fb797a54e 100644 --- a/contrib/ipfilter/Makefile +++ b/contrib/ipfilter/Makefile @@ -5,7 +5,7 @@ # provided that this notice is preserved and due credit is given # to the original author and the contributors. # -# Id: Makefile,v 2.76.2.13 2004/11/08 18:42:40 darrenr Exp +# $Id: Makefile,v 2.76.2.18 2005/12/04 23:41:22 darrenr Exp $ # SHELL=/bin/sh BINDEST=/usr/local/bin @@ -192,6 +192,15 @@ freebsd5: include else \ echo "#define INET6" > opt_inet6.h; \ fi + if [ "x$(IPFBPF)" = "x" ] ; then \ + echo "#undef NBPF" > opt_bpf.h; \ + echo "#undef NBPFILTER" > opt_bpf.h; \ + echo "#undef DEV_BPF" > opt_bpf.h; \ + else \ + echo "#define NBPF" > opt_bpf.h; \ + echo "#define NBPFILTER" > opt_bpf.h; \ + echo "#define DEV_BPF" > opt_bpf.h; \ + fi if [ x$(ENABLE_PFIL) = x ] ; then \ echo "#undef PFIL_HOOKS" > opt_pfil.h; \ else \ @@ -237,6 +246,11 @@ osf tru64: null include (cd OSF/`OSF/cpurev`; make build TRU64=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "MACHASSERT=$(MACHASSERT)" "OSREV=`../cpurev`"; cd ..) (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend build TRU64=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) +aix: null include + make setup "TARGOS=AIX" "CPUDIR=`AIX/cpurev`" + (cd AIX/`AIX/cpurev`; make build AIX=`uname -v` TOP=../.. "DEBUG=-g" $(MFLAGS) "OSREV=`../cpurev`" BITS=`../bootbits.sh`; cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend build AIX=`uname -v` TOP=../.. $(MFLAGS) "OSREV=`../cpurev`"; cd ..) + bsd: include make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)" (cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" "MLR=mln_rule.o"; cd ..) @@ -277,6 +291,7 @@ clean: clean-include (cd HPUX; $(MAKE) BITS=32 TOP=.. clean) (cd Linux; $(MAKE) TOP=.. clean) (cd OSF; $(MAKE) TOP=.. clean) + (cd AIX; $(MAKE) TOP=.. clean) if [ "`uname -s`" = "IRIX" ]; then (cd IRIX; $(MAKE) clean); fi [ -d test ] && (cd test; $(MAKE) clean) (cd ipsend; $(MAKE) clean) @@ -295,6 +310,9 @@ clean-hpux: clean-include clean-osf: clean-include (cd OSF; make clean) +clean-aix: clean-include + (cd AIX; make clean) + clean-linux: clean-include (cd Linux; make clean) @@ -347,6 +365,10 @@ install-sunos4: solaris install-sunos5: solaris null (cd SunOS5; $(MAKE) CPU=$(CPU) TOP=.. install) +install-aix: + (cd AIX/`AIX/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) +# (cd AIX/`AIX/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) + install-hpux: hpux (cd HPUX/`HPUX/cpurev`; $(MAKE) CPU=$(CPU) TOP=../.. "BITS=`getconf KERNEL_BITS`" install) @@ -355,7 +377,6 @@ install-irix: irix install-osf install-tru64: (cd OSF/`OSF/cpurev`; make install "TOP=../.." $(MFLAGS); cd ..) - (cd OSF/`OSF/cpurev`; make -f Makefile.ipsend INSTALL=$(INSTALL) install "TOP=../.." $(MFLAGS); cd ..) do-cvs: find . -type d -name CVS -print | xargs /bin/rm -rf @@ -378,3 +399,4 @@ mdb: -DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \ -I/home/dr146992/pfil -I/home/dr146992/ipf -f \ /usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h + diff --git a/contrib/ipfilter/NAT.FreeBSD b/contrib/ipfilter/NAT.FreeBSD index 996b009ab1b..8a7e95262f7 100644 --- a/contrib/ipfilter/NAT.FreeBSD +++ b/contrib/ipfilter/NAT.FreeBSD @@ -4,7 +4,7 @@ After you have installed IpFilter. You will need to change three files: /etc/rc.local -/etc/sysconfig +/etc/rc.conf /etc/natrules You will have to: diff --git a/contrib/ipfilter/bpf-ipf.h b/contrib/ipfilter/bpf-ipf.h index c30315242a4..544455e5ff3 100644 --- a/contrib/ipfilter/bpf-ipf.h +++ b/contrib/ipfilter/bpf-ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c index 9876ff3e263..c4ca42fc906 100644 --- a/contrib/ipfilter/bpf_filter.c +++ b/contrib/ipfilter/bpf_filter.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. @@ -42,7 +40,7 @@ #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL)) static const char rcsid[] = - "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2 2003/08/19 16:49:58 darrenr Exp $ (LBL)"; + "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.1 2005/06/18 02:41:30 darrenr Exp $ (LBL)"; #endif #include @@ -53,7 +51,7 @@ static const char rcsid[] = #include #include -#include "ip_compat.h" +#include "netinet/ip_compat.h" #include "bpf-ipf.h" diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h index 1398c05f7cd..3cf0ffb0623 100644 --- a/contrib/ipfilter/ipf.h +++ b/contrib/ipfilter/ipf.h @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ipf.h 1.12 6/5/96 - * Id: ipf.h,v 2.71.2.6 2005/02/21 05:05:29 darrenr Exp + * $Id: ipf.h,v 2.71.2.7 2005/06/12 07:18:31 darrenr Exp $ */ #ifndef __IPF_H__ @@ -265,6 +263,7 @@ extern void printpacket6 __P((struct ip *)); extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, char *, int)); extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int)); +extern void printproto __P((struct protoent *, int, struct ipnat *)); extern void printportcmp __P((int, struct frpcmp *)); extern void optprint __P((u_short *, u_long, u_long)); #ifdef USE_INET6 diff --git a/contrib/ipfilter/iplang/iplang.h b/contrib/ipfilter/iplang/iplang.h index 675897b8419..f36a3843c0a 100644 --- a/contrib/ipfilter/iplang/iplang.h +++ b/contrib/ipfilter/iplang/iplang.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1997-1998 by Darren Reed. * diff --git a/contrib/ipfilter/iplang/iplang_l.l b/contrib/ipfilter/iplang/iplang_l.l index 0a97ec94d4b..fae30a25ed2 100644 --- a/contrib/ipfilter/iplang/iplang_l.l +++ b/contrib/ipfilter/iplang/iplang_l.l @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - %{ /* * Copyright (C) 1997-1998 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp + * $Id: iplang_l.l,v 2.8 2003/07/28 01:15:31 darrenr Exp $ */ #include #include diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y index fa960dfd6d1..4d494fb44eb 100644 --- a/contrib/ipfilter/iplang/iplang_y.y +++ b/contrib/ipfilter/iplang/iplang_y.y @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - %{ /* * Copyright (C) 1997-1998 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: iplang_y.y,v 2.9.2.2 2004/12/09 19:41:10 darrenr Exp + * $Id: iplang_y.y,v 2.9.2.3 2005/10/17 17:25:04 darrenr Exp $ */ #include @@ -1290,8 +1288,14 @@ void prep_packet() if (ifp->if_fd == -1) ifp->if_fd = initdevice(ifp->if_name, 5); gwip = sending.snd_gw; - if (!gwip.s_addr) + if (!gwip.s_addr) { + if (aniphead == NULL) { + fprintf(stderr, + "no destination address defined for sending\n"); + return; + } gwip = aniphead->ah_ip->ip_dst; + } (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); } diff --git a/contrib/ipfilter/ipmon.h b/contrib/ipfilter/ipmon.h index a2408367e72..765a6469540 100644 --- a/contrib/ipfilter/ipmon.h +++ b/contrib/ipfilter/ipmon.h @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp + * $Id: ipmon.h,v 2.8 2003/07/25 22:16:20 darrenr Exp $ */ diff --git a/contrib/ipfilter/ipsd/Celler/ip_compat.h b/contrib/ipfilter/ipsd/Celler/ip_compat.h index 8b43cb94adf..a911fd83c3f 100644 --- a/contrib/ipfilter/ipsd/Celler/ip_compat.h +++ b/contrib/ipfilter/ipsd/Celler/ip_compat.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995 by Darren Reed. * diff --git a/contrib/ipfilter/ipsd/ipsd.c b/contrib/ipfilter/ipsd/ipsd.c index 3d9ea4cdf56..51d0a148902 100644 --- a/contrib/ipfilter/ipsd/ipsd.c +++ b/contrib/ipfilter/ipsd/ipsd.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * @@ -34,7 +32,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsd.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsd.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/ipsd.h b/contrib/ipfilter/ipsd/ipsd.h index 48f591101b5..3726b84149b 100644 --- a/contrib/ipfilter/ipsd/ipsd.h +++ b/contrib/ipfilter/ipsd/ipsd.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * diff --git a/contrib/ipfilter/ipsd/ipsdr.c b/contrib/ipfilter/ipsd/ipsdr.c index 4689cbad83e..af007e45f8a 100644 --- a/contrib/ipfilter/ipsd/ipsdr.c +++ b/contrib/ipfilter/ipsd/ipsdr.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. * @@ -35,7 +33,7 @@ #ifndef lint static const char sccsid[] = "@(#)ipsdr.c 1.3 12/3/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsdr.c,v 2.2 2001/06/09 17:09:25 darrenr Exp $"; #endif extern char *optarg; diff --git a/contrib/ipfilter/ipsd/linux.h b/contrib/ipfilter/ipsd/linux.h index 2fadfcfb252..d9606cbba15 100644 --- a/contrib/ipfilter/ipsd/linux.h +++ b/contrib/ipfilter/ipsd/linux.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1997-1998 by Darren Reed. * diff --git a/contrib/ipfilter/ipsd/sbpf.c b/contrib/ipfilter/ipsd/sbpf.c index 29a72008ab8..97bb4ce0ff3 100644 --- a/contrib/ipfilter/ipsd/sbpf.c +++ b/contrib/ipfilter/ipsd/sbpf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/sdlpi.c b/contrib/ipfilter/ipsd/sdlpi.c index 289ad2f4680..baede7c46a0 100644 --- a/contrib/ipfilter/ipsd/sdlpi.c +++ b/contrib/ipfilter/ipsd/sdlpi.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/slinux.c b/contrib/ipfilter/ipsd/slinux.c index 3b786b04b88..6372a607b2c 100644 --- a/contrib/ipfilter/ipsd/slinux.c +++ b/contrib/ipfilter/ipsd/slinux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsd/snit.c b/contrib/ipfilter/ipsd/snit.c index 8f250260c33..e78c59190e0 100644 --- a/contrib/ipfilter/ipsd/snit.c +++ b/contrib/ipfilter/ipsd/snit.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c index 420635516eb..ca571e01db0 100644 --- a/contrib/ipfilter/ipsend/44arp.c +++ b/contrib/ipfilter/ipsend/44arp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Based upon 4.4BSD's /usr/sbin/arp */ diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c index 0e8f556724a..609b8dd73fd 100644 --- a/contrib/ipfilter/ipsend/arp.c +++ b/contrib/ipfilter/ipsend/arp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * arp.c (C) 1995-1998 Darren Reed * @@ -7,11 +5,11 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: arp.c,v 2.8 2003/12/01 02:01:15 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $"; #endif #include #include -#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) +#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51) #include #endif #include diff --git a/contrib/ipfilter/ipsend/dlcommon.c b/contrib/ipfilter/ipsend/dlcommon.c index 6e351f0fd06..89941388a61 100644 --- a/contrib/ipfilter/ipsend/dlcommon.c +++ b/contrib/ipfilter/ipsend/dlcommon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Common (shared) DLPI test routines. * Mostly pretty boring boilerplate sorta stuff. diff --git a/contrib/ipfilter/ipsend/dltest.h b/contrib/ipfilter/ipsend/dltest.h index 9fafd9182dc..4c32c30eb1b 100644 --- a/contrib/ipfilter/ipsend/dltest.h +++ b/contrib/ipfilter/ipsend/dltest.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Common DLPI Test Suite header file * diff --git a/contrib/ipfilter/ipsend/hpux.c b/contrib/ipfilter/ipsend/hpux.c index 69f962c77c1..42078e3b7f5 100644 --- a/contrib/ipfilter/ipsend/hpux.c +++ b/contrib/ipfilter/ipsend/hpux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1997-1998 Darren Reed. (from tcplog) * diff --git a/contrib/ipfilter/ipsend/in_var.h b/contrib/ipfilter/ipsend/in_var.h index f228bbbb69f..2ebd731a489 100644 --- a/contrib/ipfilter/ipsend/in_var.h +++ b/contrib/ipfilter/ipsend/in_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* @(#)in_var.h 1.3 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c index 8302806f441..a5023cd4bde 100644 --- a/contrib/ipfilter/ipsend/ip.c +++ b/contrib/ipfilter/ipsend/ip.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ip.c (C) 1995-1998 Darren Reed * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ip_var.h b/contrib/ipfilter/ipsend/ip_var.h index b08f4e7a2fd..92eb38a0bef 100644 --- a/contrib/ipfilter/ipsend/ip_var.h +++ b/contrib/ipfilter/ipsend/ip_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* @(#)ip_var.h 1.11 88/08/19 SMI; from UCB 7.1 6/5/86 */ /* diff --git a/contrib/ipfilter/ipsend/ipresend.1 b/contrib/ipfilter/ipsend/ipresend.1 index cffc6f3c29b..6014313587b 100644 --- a/contrib/ipfilter/ipsend/ipresend.1 +++ b/contrib/ipfilter/ipsend/ipresend.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPRESEND 1 .SH NAME ipresend \- resend IP packets out to network diff --git a/contrib/ipfilter/ipsend/ipresend.c b/contrib/ipfilter/ipsend/ipresend.c index 1db54e19015..7e52fe959f5 100644 --- a/contrib/ipfilter/ipsend/ipresend.c +++ b/contrib/ipfilter/ipsend/ipresend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipresend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipresend.c,v 2.4 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.1 b/contrib/ipfilter/ipsend/ipsend.1 index 33320f3bd57..f2f806658dd 100644 --- a/contrib/ipfilter/ipsend/ipsend.1 +++ b/contrib/ipfilter/ipsend/ipsend.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSEND 1 .SH NAME ipsend \- sends IP packets diff --git a/contrib/ipfilter/ipsend/ipsend.5 b/contrib/ipfilter/ipsend/ipsend.5 index aac757adc64..4c1e66af3f8 100644 --- a/contrib/ipfilter/ipsend/ipsend.5 +++ b/contrib/ipfilter/ipsend/ipsend.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSEND 5 .SH NAME ipsend \- IP packet description language diff --git a/contrib/ipfilter/ipsend/ipsend.c b/contrib/ipfilter/ipsend/ipsend.c index 6c91d4d0b2d..a3cc1dc22d5 100644 --- a/contrib/ipfilter/ipsend/ipsend.c +++ b/contrib/ipfilter/ipsend/ipsend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.c (C) 1995-1998 Darren Reed * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsend.c,v 2.8.2.2 2004/11/13 16:50:10 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/ipsend.h b/contrib/ipfilter/ipsend/ipsend.h index be98c1b90d4..f5e51a7364c 100644 --- a/contrib/ipfilter/ipsend/ipsend.h +++ b/contrib/ipfilter/ipsend/ipsend.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.h (C) 1997-1998 Darren Reed * diff --git a/contrib/ipfilter/ipsend/ipsopt.c b/contrib/ipfilter/ipsend/ipsopt.c index 7f1670568f3..9326bc63c4a 100644 --- a/contrib/ipfilter/ipsend/ipsopt.c +++ b/contrib/ipfilter/ipsend/ipsopt.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-1998 by Darren Reed. * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.4.4.1 2004/03/23 12:58:05 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptest.1 b/contrib/ipfilter/ipsend/iptest.1 index 0af5cc23bc3..ca740946347 100644 --- a/contrib/ipfilter/ipsend/iptest.1 +++ b/contrib/ipfilter/ipsend/iptest.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPTEST 1 .SH NAME iptest \- automatically generate a packets to test IP functionality diff --git a/contrib/ipfilter/ipsend/iptest.c b/contrib/ipfilter/ipsend/iptest.c index 45f8f3a65f5..000d1cc254e 100644 --- a/contrib/ipfilter/ipsend/iptest.c +++ b/contrib/ipfilter/ipsend/iptest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ipsend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptest.c,v 2.6 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/iptests.c b/contrib/ipfilter/ipsend/iptests.c index a6cb41aa829..434b010a50e 100644 --- a/contrib/ipfilter/ipsend/iptests.c +++ b/contrib/ipfilter/ipsend/iptests.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-1998 by Darren Reed. * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.4 2005/06/12 07:18:39 darrenr Exp $"; #endif #include #include @@ -32,7 +30,7 @@ static const char rcsid[] = "@(#)Id: iptests.c,v 2.8.2.3 2004/04/16 23:33:04 dar # include #endif #if !defined(ultrix) && !defined(hpux) && !defined(linux) && \ - !defined(__sgi) && !defined(__osf__) + !defined(__sgi) && !defined(__osf__) && !defined(_AIX51) # include #endif #ifndef ultrix diff --git a/contrib/ipfilter/ipsend/larp.c b/contrib/ipfilter/ipsend/larp.c index a8e782e6bf7..3d0c89c66a5 100644 --- a/contrib/ipfilter/ipsend/larp.c +++ b/contrib/ipfilter/ipsend/larp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * larp.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)larp.c 1.1 8/19/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: larp.c,v 2.4 2003/12/01 02:01:16 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/linux.h b/contrib/ipfilter/ipsend/linux.h index d8296bafae8..ae2e05f5826 100644 --- a/contrib/ipfilter/ipsend/linux.h +++ b/contrib/ipfilter/ipsend/linux.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-1998 by Darren Reed. * diff --git a/contrib/ipfilter/ipsend/lsock.c b/contrib/ipfilter/ipsend/lsock.c index abe664e5cb9..825495eab7d 100644 --- a/contrib/ipfilter/ipsend/lsock.c +++ b/contrib/ipfilter/ipsend/lsock.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * lsock.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)lsock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: lsock.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c index 07220dfb774..9c782ac77d8 100644 --- a/contrib/ipfilter/ipsend/resend.c +++ b/contrib/ipfilter/ipsend/resend.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * resend.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: resend.c,v 2.8 2004/01/08 13:34:31 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sbpf.c b/contrib/ipfilter/ipsend/sbpf.c index 914792982c6..16a6e7ff783 100644 --- a/contrib/ipfilter/ipsend/sbpf.c +++ b/contrib/ipfilter/ipsend/sbpf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1995-1998 Darren Reed. (from tcplog) * @@ -46,7 +44,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sbpf.c,v 2.5 2002/02/24 07:30:03 darrenr Exp $"; #endif /* diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c index 215223abb24..38eeb8a103d 100644 --- a/contrib/ipfilter/ipsend/sdlpi.c +++ b/contrib/ipfilter/ipsend/sdlpi.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -48,7 +46,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sirix.c b/contrib/ipfilter/ipsend/sirix.c index 39a09925b49..0f634f766a4 100644 --- a/contrib/ipfilter/ipsend/sirix.c +++ b/contrib/ipfilter/ipsend/sirix.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. * (C)opyright 1997 Marc Boucher. diff --git a/contrib/ipfilter/ipsend/slinux.c b/contrib/ipfilter/ipsend/slinux.c index 3bc7f09c4db..7c362b6e46d 100644 --- a/contrib/ipfilter/ipsend/slinux.c +++ b/contrib/ipfilter/ipsend/slinux.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -30,7 +28,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)slinux.c 1.2 8/25/95"; -static const char rcsid[] = "@(#)Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: slinux.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/snit.c b/contrib/ipfilter/ipsend/snit.c index a4b19b9b83e..bcd07d04003 100644 --- a/contrib/ipfilter/ipsend/snit.c +++ b/contrib/ipfilter/ipsend/snit.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 1992-1998 Darren Reed. (from tcplog) * @@ -41,7 +39,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)snit.c 1.5 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: snit.c,v 2.3 2001/06/09 17:09:26 darrenr Exp $"; #endif #define CHUNKSIZE 8192 diff --git a/contrib/ipfilter/ipsend/sock.c b/contrib/ipfilter/ipsend/sock.c index ccc57f0ee98..45e7a0d0e77 100644 --- a/contrib/ipfilter/ipsend/sock.c +++ b/contrib/ipfilter/ipsend/sock.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * sock.c (C) 1995-1998 Darren Reed * @@ -8,7 +6,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.1 2004/03/23 12:58:06 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/ipsend/sockraw.c b/contrib/ipfilter/ipsend/sockraw.c index 822c146f8cf..0e3fe5928ca 100644 --- a/contrib/ipfilter/ipsend/sockraw.c +++ b/contrib/ipfilter/ipsend/sockraw.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)opyright 2000 Darren Reed. * diff --git a/contrib/ipfilter/ipsend/tcpip.h b/contrib/ipfilter/ipsend/tcpip.h index 0d3e04031ff..44a2de995c2 100644 --- a/contrib/ipfilter/ipsend/tcpip.h +++ b/contrib/ipfilter/ipsend/tcpip.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. @@ -29,7 +27,7 @@ * SUCH DAMAGE. * * @(#)tcpip.h 8.1 (Berkeley) 6/10/93 - * Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp + * $Id: tcpip.h,v 2.2.2.3 2004/05/26 15:45:48 darrenr Exp $ */ #ifndef _NETINET_TCPIP_H_ diff --git a/contrib/ipfilter/ipt.h b/contrib/ipfilter/ipt.h index 6a14fe5a57d..938e40041e9 100644 --- a/contrib/ipfilter/ipt.h +++ b/contrib/ipfilter/ipt.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp + * $Id: ipt.h,v 2.6 2003/02/16 02:33:09 darrenr Exp $ */ #ifndef __IPT_H__ diff --git a/contrib/ipfilter/kmem.h b/contrib/ipfilter/kmem.h index 7cb66357fc0..d2b1171aeb2 100644 --- a/contrib/ipfilter/kmem.h +++ b/contrib/ipfilter/kmem.h @@ -1,10 +1,8 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 2.5 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/l4check/http.ok b/contrib/ipfilter/l4check/http.ok index 0e7dd90187e..2b5d2c15266 100644 --- a/contrib/ipfilter/l4check/http.ok +++ b/contrib/ipfilter/l4check/http.ok @@ -1 +1 @@ - + \ No newline at end of file diff --git a/contrib/ipfilter/l4check/l4check.c b/contrib/ipfilter/l4check/l4check.c index 68c41de4e5a..3fecb80dbb9 100644 --- a/contrib/ipfilter/l4check/l4check.c +++ b/contrib/ipfilter/l4check/l4check.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * (C)Copyright March, 2000 - Darren Reed. */ diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile index d448ba0f4c1..a6e9cc47842 100644 --- a/contrib/ipfilter/lib/Makefile +++ b/contrib/ipfilter/lib/Makefile @@ -68,6 +68,7 @@ LIBOBJS=$(DEST)/addicmp.o \ $(DEST)/printip.o \ $(DEST)/printpool.o \ $(DEST)/printpoolnode.o \ + $(DEST)/printproto.o \ $(DEST)/printfr.o \ $(DEST)/printfraginfo.o \ $(DEST)/printhostmap.o \ @@ -246,6 +247,8 @@ $(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h $(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \ $(TOP)/ip_pool.h $(TOP)/ip_lookup.h $(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@ +$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h + $(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@ $(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h $(CC) $(CCARGS) -c $(LIBSRC)/printhostmap.c -o $@ $(DEST)/printifname.o: $(LIBSRC)/printifname.c $(INCDEP) diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c index a8c1722d46d..e18a787a0a5 100644 --- a/contrib/ipfilter/lib/addicmp.c +++ b/contrib/ipfilter/lib/addicmp.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp + * $Id: addicmp.c,v 1.10.2.1 2004/12/09 19:41:16 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c index 23f44273eb5..e39484fcc4b 100644 --- a/contrib/ipfilter/lib/addipopt.c +++ b/contrib/ipfilter/lib/addipopt.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp + * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/addkeep.c b/contrib/ipfilter/lib/addkeep.c index 3f20fb42420..bbc7759fbc9 100644 --- a/contrib/ipfilter/lib/addkeep.c +++ b/contrib/ipfilter/lib/addkeep.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp + * $Id: addkeep.c,v 1.12 2003/12/01 01:59:42 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/bcopywrap.c b/contrib/ipfilter/lib/bcopywrap.c index 939137ba284..1800373c1d1 100644 --- a/contrib/ipfilter/lib/bcopywrap.c +++ b/contrib/ipfilter/lib/bcopywrap.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int bcopywrap(from, to, size) diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c index afa491008fa..b07dfb0d7c9 100644 --- a/contrib/ipfilter/lib/binprint.c +++ b/contrib/ipfilter/lib/binprint.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp + * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c index a35649bf3c7..706e7b73b97 100644 --- a/contrib/ipfilter/lib/buildopts.c +++ b/contrib/ipfilter/lib/buildopts.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp + * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c index 28032ce81f2..f95cc7977a7 100644 --- a/contrib/ipfilter/lib/checkrev.c +++ b/contrib/ipfilter/lib/checkrev.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp + * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c index 0f2187fde14..e3857fad67d 100644 --- a/contrib/ipfilter/lib/count4bits.c +++ b/contrib/ipfilter/lib/count4bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp + * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c index bd4e9f80d23..e9a51593660 100644 --- a/contrib/ipfilter/lib/count6bits.c +++ b/contrib/ipfilter/lib/count6bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp + * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c index 15102225647..9f3f4cc8419 100644 --- a/contrib/ipfilter/lib/debug.c +++ b/contrib/ipfilter/lib/debug.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp + * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/lib/extras.c b/contrib/ipfilter/lib/extras.c index 0f7f39f1995..9087ca69c1a 100644 --- a/contrib/ipfilter/lib/extras.c +++ b/contrib/ipfilter/lib/extras.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp + * $Id: extras.c,v 1.12 2002/07/13 12:06:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c index 1e35ea9dfe7..2fc0a78f82c 100644 --- a/contrib/ipfilter/lib/facpri.c +++ b/contrib/ipfilter/lib/facpri.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp + * $Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $ */ #include @@ -22,7 +20,7 @@ #include "facpri.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: facpri.c,v 1.6 2003/12/01 01:59:43 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.1 2005/11/14 17:45:06 darrenr Exp $"; #endif @@ -42,10 +40,10 @@ table_t facs[] = { #else { "cron", LOG_CRON1 }, #endif -#ifdef LOG_FTP +#ifdef LOG_FTP { "ftp", LOG_FTP }, #endif -#ifdef LOG_AUTHPRIV +#ifdef LOG_AUTHPRIV { "authpriv", LOG_AUTHPRIV }, #endif #ifdef LOG_AUDIT diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h index e8eef2ba283..d0d488a8cda 100644 --- a/contrib/ipfilter/lib/facpri.h +++ b/contrib/ipfilter/lib/facpri.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp + * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $ */ #ifndef __FACPRI_H__ diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c index 8f23a6f918a..421a07515a4 100644 --- a/contrib/ipfilter/lib/fill6bits.c +++ b/contrib/ipfilter/lib/fill6bits.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp + * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c index df6645d1a4d..49f28e6bef1 100644 --- a/contrib/ipfilter/lib/flags.c +++ b/contrib/ipfilter/lib/flags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp + * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/genmask.c b/contrib/ipfilter/lib/genmask.c index 06f64043070..238e5b62afe 100644 --- a/contrib/ipfilter/lib/genmask.c +++ b/contrib/ipfilter/lib/genmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp + * $Id: genmask.c,v 1.7 2003/11/11 13:40:15 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/gethost.c b/contrib/ipfilter/lib/gethost.c index a03168a3f73..afcd3b5c099 100644 --- a/contrib/ipfilter/lib/gethost.c +++ b/contrib/ipfilter/lib/gethost.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int gethost(name, hostp) diff --git a/contrib/ipfilter/lib/getifname.c b/contrib/ipfilter/lib/getifname.c index 94c9c9c7e4f..1480c1f2645 100644 --- a/contrib/ipfilter/lib/getifname.c +++ b/contrib/ipfilter/lib/getifname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/getline.c b/contrib/ipfilter/lib/getline.c index 61c00ba3b93..7d06d4367b2 100644 --- a/contrib/ipfilter/lib/getline.c +++ b/contrib/ipfilter/lib/getline.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: getline.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c index c783d6fce81..312a862c3ed 100644 --- a/contrib/ipfilter/lib/getnattype.c +++ b/contrib/ipfilter/lib/getnattype.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -11,7 +9,7 @@ #include "kmem.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c index 7cf903d8fe2..03fcd179f6d 100644 --- a/contrib/ipfilter/lib/getport.c +++ b/contrib/ipfilter/lib/getport.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int getport(fr, name, port) diff --git a/contrib/ipfilter/lib/getportproto.c b/contrib/ipfilter/lib/getportproto.c index 17efa436198..d76e7611c1b 100644 --- a/contrib/ipfilter/lib/getportproto.c +++ b/contrib/ipfilter/lib/getportproto.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c index c75f13742d1..58e82bdb6ab 100644 --- a/contrib/ipfilter/lib/getproto.c +++ b/contrib/ipfilter/lib/getproto.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int getproto(name) @@ -14,6 +12,14 @@ char *name; if (*s == '\0') return atoi(name); +#ifdef _AIX51 + /* + * For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5 + */ + if (!strcasecmp(name, "ip")) + return 0; +#endif + p = getprotobyname(name); if (p != NULL) return p->p_proto; diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c index 11ecc573459..346c445ff84 100644 --- a/contrib/ipfilter/lib/getsumd.c +++ b/contrib/ipfilter/lib/getsumd.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" char *getsumd(sum) diff --git a/contrib/ipfilter/lib/hexdump.c b/contrib/ipfilter/lib/hexdump.c index 4eb3b9ad8f4..86e731ee4a2 100644 --- a/contrib/ipfilter/lib/hexdump.c +++ b/contrib/ipfilter/lib/hexdump.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostmask.c b/contrib/ipfilter/lib/hostmask.c index 67755f8383d..4ee41e16b94 100644 --- a/contrib/ipfilter/lib/hostmask.c +++ b/contrib/ipfilter/lib/hostmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp + * $Id: hostmask.c,v 1.10 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostname.c b/contrib/ipfilter/lib/hostname.c index a0109dafb93..a883fc6cb6a 100644 --- a/contrib/ipfilter/lib/hostname.c +++ b/contrib/ipfilter/lib/hostname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" diff --git a/contrib/ipfilter/lib/hostnum.c b/contrib/ipfilter/lib/hostnum.c index c62e4a10dbc..2ec0529a298 100644 --- a/contrib/ipfilter/lib/hostnum.c +++ b/contrib/ipfilter/lib/hostnum.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: hostnum.c,v 1.10.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c index 17e1ba4dfb1..fd1e647687e 100644 --- a/contrib/ipfilter/lib/icmpcode.c +++ b/contrib/ipfilter/lib/icmpcode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp + * $Id: icmpcode.c,v 1.7.2.1 2004/12/09 19:41:20 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/inet_addr.c b/contrib/ipfilter/lib/inet_addr.c index 5ccf6a96a0b..820b7b58a41 100644 --- a/contrib/ipfilter/lib/inet_addr.c +++ b/contrib/ipfilter/lib/inet_addr.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * ++Copyright++ 1983, 1990, 1993 * - @@ -57,7 +55,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "@(#)Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20 darrenr Exp $"; #endif /* LIBC_SCCS and not lint */ #include diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c index 676774c48b0..d875925c08e 100644 --- a/contrib/ipfilter/lib/initparse.c +++ b/contrib/ipfilter/lib/initparse.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp + * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c index 9e4602b8764..b1f655c2dc0 100644 --- a/contrib/ipfilter/lib/ionames.c +++ b/contrib/ipfilter/lib/ionames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp + * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ipf_dotuning.c b/contrib/ipfilter/lib/ipf_dotuning.c index c9416ff2411..daff02578a4 100644 --- a/contrib/ipfilter/lib/ipf_dotuning.c +++ b/contrib/ipfilter/lib/ipf_dotuning.c @@ -1,7 +1,5 @@ -/* $NetBSD$ */ - #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include void ipf_dotuning(fd, tuneargs, iocfn) @@ -33,6 +31,7 @@ ioctlfunc_t iocfn; printtunable(&tu); } } else if ((t = strchr(s, '=')) != NULL) { + tu.ipft_cookie = NULL; *t++ = '\0'; strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); if (sscanf(t, "%lu", &tu.ipft_vlong) == 1) { @@ -45,13 +44,16 @@ ioctlfunc_t iocfn; return; } } else { + tu.ipft_cookie = NULL; strncpy(tu.ipft_name, s, sizeof(tu.ipft_name)); if ((*iocfn)(fd, SIOCIPFGET, &obj) == -1) { perror("ioctl(SIOCIPFGET)"); return; } - if (tu.ipft_cookie == NULL) + if (tu.ipft_cookie == NULL) { + fprintf(stderr, "Null cookie for %s\n", s); return; + } tu.ipft_name[sizeof(tu.ipft_name) - 1] = '\0'; printtunable(&tu); diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c index eebc417fc8c..237febcb4b0 100644 --- a/contrib/ipfilter/lib/ipft_ef.c +++ b/contrib/ipfilter/lib/ipft_ef.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -33,7 +31,7 @@ etherfind -n -t #if !defined(lint) static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $"; #endif static int etherf_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c index 3cc8ec5e908..c6491078c1a 100644 --- a/contrib/ipfilter/lib/ipft_hx.c +++ b/contrib/ipfilter/lib/ipft_hx.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_hx.c,v 1.11.4.1 2004/12/09 19:41:20 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $"; #endif #include @@ -83,7 +81,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { printf("input: %s", line); } @@ -108,7 +106,7 @@ int cnt, *dir; s = line; t = (char *)ip; ip = (ip_t *)readhex(s, (char *)ip); - if (!(opts & OPT_BRIEF)) { + if ((opts & OPT_DEBUG) != 0) { if (opts & OPT_ASCII) { if (t < (char *)ip) putchar('\t'); @@ -124,6 +122,8 @@ int cnt, *dir; fflush(stdout); } } + if (feof(tfp)) + return 0; return -1; } diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c index 3678d7868c4..de152355993 100644 --- a/contrib/ipfilter/lib/ipft_pc.c +++ b/contrib/ipfilter/lib/ipft_pc.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp + * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $ */ #include "ipf.h" #include "pcap-ipf.h" @@ -13,7 +11,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_pc.c,v 1.10 2004/02/07 18:17:40 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $"; #endif struct llc { @@ -162,10 +160,19 @@ static int pcap_close() static int pcap_read_rec(rec) struct pcap_pkthdr *rec; { - int n, p; + int n, p, i; + char *s; - if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; + s = (char *)rec; + n = sizeof(*rec); + + while (n > 0) { + i = read(pfd, (char *)rec, sizeof(*rec)); + if (i <= 0) + return -2; + s += i; + n -= i; + } if (swapped) { rec->ph_clen = SWAPLONG(rec->ph_clen); @@ -178,6 +185,8 @@ struct pcap_pkthdr *rec; if (!n || n < 0) return -3; + if (p < 0 || p > 65536) + return -4; return p; } @@ -224,7 +233,7 @@ int cnt, *dir; struct pcap_pkthdr rec; struct llc *l; char *s, ty[4]; - int i, n; + int i, j, n; l = llcp; @@ -238,8 +247,14 @@ int cnt, *dir; bufp = realloc(bufp, i); s = bufp; - if (read(pfd, s, i) != i) - return -2; + for (j = i, n = 0; j > 0; ) { + n = read(pfd, s, j); + if (n <= 0) + return -2; + j -= n; + s += n; + } + s = bufp; i -= l->lc_sz; s += l->lc_to; diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c index 1458821e658..1b3e364396d 100644 --- a/contrib/ipfilter/lib/ipft_sn.c +++ b/contrib/ipfilter/lib/ipft_sn.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp + * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $ */ /* @@ -16,7 +14,7 @@ #include "ipt.h" #if !defined(lint) -static const char rcsid[] = "@(#)Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $"; #endif struct llc { diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c index b278c729326..1aa616670a8 100644 --- a/contrib/ipfilter/lib/ipft_td.c +++ b/contrib/ipfilter/lib/ipft_td.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp + * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $ */ /* @@ -42,7 +40,7 @@ tcpdump -nqte #if !defined(lint) static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $"; #endif static int tcpd_open __P((char *)); diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c index c77fbc42277..0432c08449a 100644 --- a/contrib/ipfilter/lib/ipft_tx.c +++ b/contrib/ipfilter/lib/ipft_tx.c @@ -1,15 +1,13 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1995-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp + * $Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $ */ #if !defined(lint) static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipft_tx.c,v 1.15.2.2 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.6 2005/12/04 10:07:22 darrenr Exp $"; #endif #include @@ -31,8 +29,8 @@ static int text_open __P((char *)), text_close __P((void)); static int text_readip __P((char *, int, char **, int *)); static int parseline __P((char *, ip_t *, char **, int *)); -static char _tcp_flagset[] = "FSRPAUEC"; -static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, +static char myflagset[] = "FSRPAUEC"; +static u_char myflags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, TH_ACK, TH_URG, TH_ECN, TH_CWR }; struct ipread iptext = { text_open, text_close, text_readip, R_DO_CKSUM }; @@ -161,7 +159,7 @@ int cnt, *dir; *s = '\0'; if (!*line) continue; - if (!(opts & OPT_BRIEF)) + if ((opts & OPT_DEBUG) != 0) printf("input: %s\n", line); *ifn = NULL; *dir = 0; @@ -172,6 +170,8 @@ int cnt, *dir; return sizeof(ip_t); #endif } + if (feof(tfp)) + return 0; return -1; } @@ -280,14 +280,12 @@ int *out; ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); cpp++; if (*cpp && ip->ip_p == IPPROTO_TCP) { - extern char _tcp_flagset[]; - extern u_char _tcp_flags[]; char *s, *t; tcp->th_flags = 0; for (s = *cpp; *s; s++) - if ((t = strchr(_tcp_flagset, *s))) - tcp->th_flags |= _tcp_flags[t - _tcp_flagset]; + if ((t = strchr(myflagset, *s))) + tcp->th_flags |= myflags[t - myflagset]; if (tcp->th_flags) cpp++; if (tcp->th_flags == 0) @@ -299,15 +297,22 @@ int *out; char **s, *t; int i; + t = strchr(*cpp, ','); + if (t != NULL) + *t = '\0'; + for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) - if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { + s++, i++) { + if (*s && !strcasecmp(*cpp, *s)) { ic->icmp_type = i; - if ((t = strchr(*cpp, ','))) - ic->icmp_code = atoi(t+1); + if (t != NULL) + ic->icmp_code = atoi(t + 1); cpp++; break; } + } + if (t != NULL) + *t = ','; } if (*cpp && !strcasecmp(*cpp, "opt")) { diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c index 95bde9c04d9..558ae58a1b6 100644 --- a/contrib/ipfilter/lib/ipoptsec.c +++ b/contrib/ipfilter/lib/ipoptsec.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp + * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c index 3f044bb20c5..1fd00ab5350 100644 --- a/contrib/ipfilter/lib/kmem.c +++ b/contrib/ipfilter/lib/kmem.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -18,7 +16,7 @@ #include #include #include -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51) #include #endif #include @@ -44,12 +42,13 @@ #if !defined(lint) static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed"; -static const char rcsid[] = "@(#)Id: kmem.c,v 1.16.2.1 2004/06/20 10:25:58 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $"; #endif -#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) +#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \ + !defined(linux) && !defined(_AIX51) /* * For all platforms where there is a libkvm and a kvm_t, we use that... */ diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h index 07a14f58b9c..2cdd5fb1820 100644 --- a/contrib/ipfilter/lib/kmem.h +++ b/contrib/ipfilter/lib/kmem.h @@ -1,10 +1,8 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. - * Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp + * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $ */ #ifndef __KMEM_H__ diff --git a/contrib/ipfilter/lib/kmemcpywrap.c b/contrib/ipfilter/lib/kmemcpywrap.c index 274bcb1ab14..35715dc63d5 100644 --- a/contrib/ipfilter/lib/kmemcpywrap.c +++ b/contrib/ipfilter/lib/kmemcpywrap.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/kvatoname.c b/contrib/ipfilter/lib/kvatoname.c index 030c6336337..b3f4af932cd 100644 --- a/contrib/ipfilter/lib/kvatoname.c +++ b/contrib/ipfilter/lib/kvatoname.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c index 4fc042bb4d2..638e9f5700a 100644 --- a/contrib/ipfilter/lib/load_hash.c +++ b/contrib/ipfilter/lib/load_hash.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hash.c,v 1.11.2.2 2005/02/01 02:44:05 darrenr Exp + * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $ */ #include @@ -72,8 +70,8 @@ ioctlfunc_t iocfunc; } } - strncpy(op.iplo_name, iph.iph_name, sizeof(op.iplo_name)); - strncpy(iphp->iph_name, iph.iph_name, sizeof(op.iplo_name)); + strncpy(iph.iph_name, op.iplo_name, sizeof(op.iplo_name)); + strncpy(iphp->iph_name, op.iplo_name, sizeof(op.iplo_name)); if (opts & OPT_VERBOSE) { for (a = list; a != NULL; a = a->ipe_next) { diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c index 186ba05e870..cee03385f40 100644 --- a/contrib/ipfilter/lib/load_hashnode.c +++ b/contrib/ipfilter/lib/load_hashnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp + * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c index 5fab3115199..9cf22a233aa 100644 --- a/contrib/ipfilter/lib/load_pool.c +++ b/contrib/ipfilter/lib/load_pool.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_pool.c,v 1.14.2.2 2005/02/01 02:44:06 darrenr Exp + * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $ */ #include @@ -38,7 +36,7 @@ ioctlfunc_t iocfunc; op.iplo_struct = &pool; bzero((char *)&pool, sizeof(pool)); strncpy(pool.ipo_name, plp->ipo_name, sizeof(pool.ipo_name)); - if (*plp->ipo_name == '\0') + if (plp->ipo_name[0] == '\0') op.iplo_arg |= IPOOL_ANON; if ((opts & OPT_REMOVE) == 0) { @@ -49,6 +47,9 @@ ioctlfunc_t iocfunc; } } + if (op.iplo_arg & IPOOL_ANON) + strncpy(pool.ipo_name, op.iplo_name, sizeof(pool.ipo_name)); + if ((opts & OPT_VERBOSE) != 0) { pool.ipo_list = plp->ipo_list; printpool(&pool, bcopywrap, pool.ipo_name, opts); @@ -56,7 +57,7 @@ ioctlfunc_t iocfunc; } for (a = plp->ipo_list; a != NULL; a = a->ipn_next) - load_poolnode(plp->ipo_unit, plp->ipo_name, a, iocfunc); + load_poolnode(plp->ipo_unit, pool.ipo_name, a, iocfunc); if ((opts & OPT_REMOVE) != 0) { if ((*iocfunc)(poolfd, SIOCLOOKUPDELTABLE, &op)) diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c index e9d233f1812..e992a80281e 100644 --- a/contrib/ipfilter/lib/load_poolnode.c +++ b/contrib/ipfilter/lib/load_poolnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp + * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/loglevel.c b/contrib/ipfilter/lib/loglevel.c index 31b4f17f81c..47dd8bac027 100644 --- a/contrib/ipfilter/lib/loglevel.c +++ b/contrib/ipfilter/lib/loglevel.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp + * $Id: loglevel.c,v 1.5 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/make_range.c b/contrib/ipfilter/lib/make_range.c index 9ec3ca34e90..e4335cddf18 100644 --- a/contrib/ipfilter/lib/make_range.c +++ b/contrib/ipfilter/lib/make_range.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp + * $Id: make_range.c,v 1.2 2002/05/18 07:27:52 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/mutex_emul.c b/contrib/ipfilter/lib/mutex_emul.c index 43b7f763afd..9497ffebae5 100644 --- a/contrib/ipfilter/lib/mutex_emul.c +++ b/contrib/ipfilter/lib/mutex_emul.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #define EMM_MAGIC 0x9d7adba3 diff --git a/contrib/ipfilter/lib/nametokva.c b/contrib/ipfilter/lib/nametokva.c index 50f30775e3b..9250d7ce689 100644 --- a/contrib/ipfilter/lib/nametokva.c +++ b/contrib/ipfilter/lib/nametokva.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #include diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c index ce64abb4dbb..00e0df15bab 100644 --- a/contrib/ipfilter/lib/nat_setgroupmap.c +++ b/contrib/ipfilter/lib/nat_setgroupmap.c @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. */ #if !defined(lint) -static const char rcsid[] = "@(#)Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/lib/natparse.c b/contrib/ipfilter/lib/natparse.c index adbbeb9e7b3..9937380f35a 100644 --- a/contrib/ipfilter/lib/natparse.c +++ b/contrib/ipfilter/lib/natparse.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: natparse.c,v 1.8.2.1 2004/12/09 19:41:21 darrenr Exp $"; #endif #include diff --git a/contrib/ipfilter/lib/ntomask.c b/contrib/ipfilter/lib/ntomask.c index 415a5e867c9..cd4e98362ff 100644 --- a/contrib/ipfilter/lib/ntomask.c +++ b/contrib/ipfilter/lib/ntomask.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" int ntomask(v, nbits, ap) diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c index 7fdcc57964d..1f604d13d50 100644 --- a/contrib/ipfilter/lib/optname.c +++ b/contrib/ipfilter/lib/optname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp + * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c index 261a75cb022..42c161837e0 100644 --- a/contrib/ipfilter/lib/optprint.c +++ b/contrib/ipfilter/lib/optprint.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp + * $Id: optprint.c,v 1.6 2002/07/13 15:59:49 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c index 75e0fd0615f..4e4eee20d2f 100644 --- a/contrib/ipfilter/lib/optprintv6.c +++ b/contrib/ipfilter/lib/optprintv6.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp + * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c index dc9448d1b42..21d37b4d012 100644 --- a/contrib/ipfilter/lib/optvalue.c +++ b/contrib/ipfilter/lib/optvalue.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/parse.c b/contrib/ipfilter/lib/parse.c index 4cf69abe88f..1a49d16bbd7 100644 --- a/contrib/ipfilter/lib/parse.c +++ b/contrib/ipfilter/lib/parse.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp + * $Id: parse.c,v 1.34.2.1 2004/12/09 19:41:21 darrenr Exp $ */ #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c index 7c0fc8796d7..7136d8c0178 100644 --- a/contrib/ipfilter/lib/portname.c +++ b/contrib/ipfilter/lib/portname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp + * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/portnum.c b/contrib/ipfilter/lib/portnum.c index 284bbc95455..4079f464c21 100644 --- a/contrib/ipfilter/lib/portnum.c +++ b/contrib/ipfilter/lib/portnum.c @@ -1,12 +1,10 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * * - * Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: portnum.c,v 1.6.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/ports.c b/contrib/ipfilter/lib/ports.c index 634dfeb6cab..9a44e2c06a2 100644 --- a/contrib/ipfilter/lib/ports.c +++ b/contrib/ipfilter/lib/ports.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: ports.c,v 1.9.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c index 0e230cdb478..5d88ef9de2d 100644 --- a/contrib/ipfilter/lib/print_toif.c +++ b/contrib/ipfilter/lib/print_toif.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp + * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c index 3c56b14d359..389818b67b2 100644 --- a/contrib/ipfilter/lib/printactivenat.c +++ b/contrib/ipfilter/lib/printactivenat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c index 5c5c3ddef98..45b4b2f6adb 100644 --- a/contrib/ipfilter/lib/printaps.c +++ b/contrib/ipfilter/lib/printaps.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -13,7 +11,7 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c index f2b7faaeb51..613293ae19b 100644 --- a/contrib/ipfilter/lib/printbuf.c +++ b/contrib/ipfilter/lib/printbuf.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp + * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c index f0f5a0e0c1d..f893ebb3563 100644 --- a/contrib/ipfilter/lib/printfr.c +++ b/contrib/ipfilter/lib/printfr.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfr.c,v 1.43.2.10 2005/03/16 15:38:13 darrenr Exp + * $Id: printfr.c,v 1.43.2.15 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -22,7 +20,7 @@ u_32_t *addr, *mask; switch (type) { case FRI_BROADCAST : - suffix = "/bcast"; + suffix = "bcast"; break; case FRI_DYNAMIC : @@ -32,15 +30,15 @@ u_32_t *addr, *mask; break; case FRI_NETWORK : - suffix = "/net"; + suffix = "net"; break; case FRI_NETMASKED : - suffix = "/netmasked"; + suffix = "netmasked"; break; case FRI_PEERADDR : - suffix = "/peer"; + suffix = "peer"; break; case FRI_LOOKUP : @@ -107,6 +105,9 @@ ioctlfunc_t iocfunc; if ((fp->fr_type & FR_T_BUILTIN) != 0) printf("# Builtin: "); + if (fp->fr_collect != 0) + printf("%u ", fp->fr_collect); + if (fp->fr_type == FR_T_CALLFUNC) { ; } else if (fp->fr_func != NULL) { @@ -189,12 +190,11 @@ ioctlfunc_t iocfunc; if (*fp->fr_ifnames[2]) { printifname("", fp->fr_ifnames[2], fp->fr_ifas[2]); - putchar(' '); - if (*fp->fr_ifnames[3]) { printifname(",", fp->fr_ifnames[3], fp->fr_ifas[3]); } + putchar(' '); } } @@ -208,10 +208,10 @@ ioctlfunc_t iocfunc; pr = -1; } else if (fp->fr_mip.fi_p) { pr = fp->fr_ip.fi_p; - if ((p = getprotobynumber(fp->fr_proto))) - printf("proto %s ", p->p_name); - else - printf("proto %d ", fp->fr_proto); + p = getprotobynumber(pr); + printf("proto "); + printproto(p, pr, NULL); + putchar(' '); } } @@ -370,6 +370,35 @@ ioctlfunc_t iocfunc; if (!(fp->fr_flx & FI_OOW)) printf("not "); printf("oow"); + comma = ","; + } + if (fp->fr_mflx & FI_MBCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MBCAST)) + printf("not "); + printf("mbcast"); + comma = ","; + } + if (fp->fr_mflx & FI_BROADCAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_BROADCAST)) + printf("not "); + printf("bcast"); + comma = ","; + } + if (fp->fr_mflx & FI_MULTICAST) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_MULTICAST)) + printf("not "); + printf("mcast"); + comma = ","; + } + if (fp->fr_mflx & FI_STATE) { + fputs(comma, stdout); + if (!(fp->fr_flx & FI_STATE)) + printf("not "); + printf("state"); + comma = ","; } } @@ -410,8 +439,8 @@ ioctlfunc_t iocfunc; if (fp->fr_flags & (FR_FRSTRICT)) { printf(" ("); if (fp->fr_flags & FR_FRSTRICT) - printf(" strict"); - printf(" )"); + printf("strict"); + printf(")"); } } diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c index b521c8315ef..557b031a6b3 100644 --- a/contrib/ipfilter/lib/printfraginfo.c +++ b/contrib/ipfilter/lib/printfraginfo.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2004 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp + * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $ */ #include "ipf.h" #include "kmem.h" diff --git a/contrib/ipfilter/lib/printhash.c b/contrib/ipfilter/lib/printhash.c index 80157bb1d27..5411190eb97 100644 --- a/contrib/ipfilter/lib/printhash.c +++ b/contrib/ipfilter/lib/printhash.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printhashnode.c b/contrib/ipfilter/lib/printhashnode.c index 39255e70d12..05d4df7d886 100644 --- a/contrib/ipfilter/lib/printhashnode.c +++ b/contrib/ipfilter/lib/printhashnode.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c index bdb67025409..bed06078c18 100644 --- a/contrib/ipfilter/lib/printhostmap.c +++ b/contrib/ipfilter/lib/printhostmap.c @@ -1,13 +1,14 @@ -/* $NetBSD$ */ - #include "ipf.h" void printhostmap(hmp, hv) hostmap_t *hmp; u_int hv; { + struct in_addr in; + printf("%s,", inet_ntoa(hmp->hm_srcip)); printf("%s -> ", inet_ntoa(hmp->hm_dstip)); - printf("%s ", inet_ntoa(hmp->hm_mapip)); + in.s_addr = htonl(hmp->hm_mapip.s_addr); + printf("%s ", inet_ntoa(in)); printf("(use = %d hv = %u)\n", hmp->hm_ref, hv); } diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c index c34bc43723a..207e36394f6 100644 --- a/contrib/ipfilter/lib/printhostmask.c +++ b/contrib/ipfilter/lib/printhostmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp + * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c index 53a7fd77fa0..12d46ffc31e 100644 --- a/contrib/ipfilter/lib/printifname.c +++ b/contrib/ipfilter/lib/printifname.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp + * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c index 1a04f1d4184..828e0c1edcf 100644 --- a/contrib/ipfilter/lib/printip.c +++ b/contrib/ipfilter/lib/printip.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp + * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c index d14add42945..1445971ad83 100644 --- a/contrib/ipfilter/lib/printlog.c +++ b/contrib/ipfilter/lib/printlog.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printlog.c,v 1.6 2002/01/28 06:50:47 darrenr Exp + * $Id: printlog.c,v 1.6.4.1 2005/11/14 17:45:06 darrenr Exp $ */ #include "ipf.h" @@ -27,12 +25,9 @@ frentry_t *fp; printf(" or-block"); if (fp->fr_loglevel != 0xffff) { printf(" level "); - if (fp->fr_loglevel & LOG_FACMASK) { - s = fac_toname(fp->fr_loglevel); - if (s == NULL) - s = "!!!"; - } else - s = ""; + s = fac_toname(fp->fr_loglevel); + if (s == NULL) + s = "!!!"; u = pri_toname(fp->fr_loglevel); if (u == NULL) u = "!!!"; diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c index d3d9a6f1e5f..18bf46f1c68 100644 --- a/contrib/ipfilter/lib/printmask.c +++ b/contrib/ipfilter/lib/printmask.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp + * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c index 15a688606a8..8ca4125f059 100644 --- a/contrib/ipfilter/lib/printnat.c +++ b/contrib/ipfilter/lib/printnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -13,11 +11,9 @@ #if !defined(lint) -static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.8 2005/01/12 03:39:04 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $"; #endif -static void printproto __P((ipnat_t *, struct protoent *)); - /* * Print out a NAT rule */ @@ -53,7 +49,7 @@ int opts; printf(" %s", np->in_ifnames[0]); if ((np->in_ifnames[1][0] != '\0') && (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) { - printf(",%s ", np->in_ifnames[1]); + printf(",%s", np->in_ifnames[1]); } putchar(' '); @@ -102,13 +98,16 @@ int opts; printf(" -> %s", inet_ntoa(np->in_in[0].in4)); if (np->in_flags & IPN_SPLIT) printf(",%s", inet_ntoa(np->in_in[1].in4)); + else if (np->in_inmsk == 0 && np->in_inip == 0) + printf("/0"); if (np->in_flags & IPN_TCPUDP) { if ((np->in_flags & IPN_FIXEDDPORT) != 0) printf(" port = %d", ntohs(np->in_pnext)); else printf(" port %d", ntohs(np->in_pnext)); } - printproto(np, pr); + putchar(' '); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_ROUNDR) printf(" round-robin"); if (np->in_flags & IPN_FRAG) @@ -164,10 +163,7 @@ int opts; } printf(" %.*s/", (int)sizeof(np->in_plabel), np->in_plabel); - if (pr != NULL) - fputs(pr->p_name, stdout); - else - printf("%d", np->in_p); + printproto(pr, np->in_p, NULL); } else if (np->in_redir == NAT_MAPBLK) { if ((np->in_pmin == 0) && (np->in_flags & IPN_AUTOPORTMAP)) @@ -178,11 +174,11 @@ int opts; printf("\n\tip modulous %d", np->in_pmax); } else if (np->in_pmin || np->in_pmax) { if (np->in_flags & IPN_ICMPQUERY) { - printf(" icmpidmap"); + printf(" icmpidmap "); } else { - printf(" portmap"); + printf(" portmap "); } - printproto(np, pr); + printproto(pr, np->in_p, np); if (np->in_flags & IPN_AUTOPORTMAP) { printf(" auto"); if (opts & OPT_DEBUG) @@ -194,8 +190,10 @@ int opts; printf(" %d:%d", ntohs(np->in_pmin), ntohs(np->in_pmax)); } - } else if (np->in_flags & IPN_TCPUDP || np->in_p) - printproto(np, pr); + } else if (np->in_flags & IPN_TCPUDP || np->in_p) { + putchar(' '); + printproto(pr, np->in_p, np); + } if (np->in_flags & IPN_FRAG) printf(" frag"); @@ -227,21 +225,3 @@ int opts; np->in_tqehead[0], np->in_tqehead[1], np->in_comment); } } - -static void printproto(np, pr) -ipnat_t *np; -struct protoent *pr; -{ - if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) - printf(" tcp/udp"); - else if (np->in_flags & IPN_TCP) - printf(" tcp"); - else if (np->in_flags & IPN_UDP) - printf(" udp"); - else if (np->in_flags & IPN_ICMPQUERY) - printf(" icmp"); - else if (pr != NULL) - printf(" %s", pr->p_name); - else - printf(" %d", np->in_p); -} diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c index 58460bec2cc..dada8d0a55b 100644 --- a/contrib/ipfilter/lib/printpacket.c +++ b/contrib/ipfilter/lib/printpacket.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printpacket.c,v 1.12.4.1 2005/02/21 05:09:24 darrenr Exp + * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $ */ #include "ipf.h" @@ -52,7 +50,8 @@ struct ip *ip; } tcp = (struct tcphdr *)((char *)ip + (IP_HL(ip) << 2)); - printf("ip %d(%d) %d", ntohs(ip->ip_len), IP_HL(ip) << 2, ip->ip_p); + printf("ip #%d %d(%d) %d", ntohs(ip->ip_id), ntohs(ip->ip_len), + IP_HL(ip) << 2, ip->ip_p); if (off & IP_OFFMASK) printf(" @%d", off << 3); printf(" %s", inet_ntoa(ip->ip_src)); diff --git a/contrib/ipfilter/lib/printpacket6.c b/contrib/ipfilter/lib/printpacket6.c index 2f9ea1dc551..f0147f107f0 100644 --- a/contrib/ipfilter/lib/printpacket6.c +++ b/contrib/ipfilter/lib/printpacket6.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" /* diff --git a/contrib/ipfilter/lib/printpool.c b/contrib/ipfilter/lib/printpool.c index 6291306395f..6af4460b01c 100644 --- a/contrib/ipfilter/lib/printpool.c +++ b/contrib/ipfilter/lib/printpool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printpoolnode.c b/contrib/ipfilter/lib/printpoolnode.c index dd0ef970540..e2f95365298 100644 --- a/contrib/ipfilter/lib/printpoolnode.c +++ b/contrib/ipfilter/lib/printpoolnode.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c index 7ec011604fa..b1ecd366f7e 100644 --- a/contrib/ipfilter/lib/printportcmp.c +++ b/contrib/ipfilter/lib/printportcmp.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp + * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/printproto.c b/contrib/ipfilter/lib/printproto.c new file mode 100644 index 00000000000..dd0ce39ca57 --- /dev/null +++ b/contrib/ipfilter/lib/printproto.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 1993-2005 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ + +#include "ipf.h" + + +#if !defined(lint) +static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.1 2005/06/12 07:21:53 darrenr Exp $"; +#endif + + +void printproto(pr, p, np) +struct protoent *pr; +int p; +ipnat_t *np; +{ + if (np != NULL) { + if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP) + printf("tcp/udp"); + else if (np->in_flags & IPN_TCP) + printf("tcp"); + else if (np->in_flags & IPN_UDP) + printf("udp"); + else if (np->in_flags & IPN_ICMPQUERY) + printf("icmp"); +#ifdef _AIX51 + /* + * To make up for "ip = 252" and "hopopt = 0" in /etc/protocols + */ + else if (np->in_p == 0) + printf("ip"); +#endif + else if (pr != NULL) + printf("%s", pr->p_name); + else + printf("%d", np->in_p); + } else { +#ifdef _AIX51 + if (p == 0) + printf("ip"); + else +#endif + if (pr != NULL) + printf("%s", pr->p_name); + else + printf("%d", p); + } +} diff --git a/contrib/ipfilter/lib/printsbuf.c b/contrib/ipfilter/lib/printsbuf.c index 805c03b0f71..b066b58ac1b 100644 --- a/contrib/ipfilter/lib/printsbuf.c +++ b/contrib/ipfilter/lib/printsbuf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #ifdef IPFILTER_SCAN #include diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c index 9cfdc8ab3fb..102b0ea2b7c 100644 --- a/contrib/ipfilter/lib/printstate.c +++ b/contrib/ipfilter/lib/printstate.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * @@ -144,8 +142,8 @@ u_long now; PRINTF("\tpkt_flags & %x(%x) = %x,\t", ips.is_flags & 0xf, ips.is_flags, ips.is_flags >> 4); - PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk, - ips.is_opt); + PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], + ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", ips.is_secmsk, ips.is_sec, ips.is_authmsk, ips.is_auth); diff --git a/contrib/ipfilter/lib/printtunable.c b/contrib/ipfilter/lib/printtunable.c index 46e9f80b5c5..5c26851c796 100644 --- a/contrib/ipfilter/lib/printtunable.c +++ b/contrib/ipfilter/lib/printtunable.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" void printtunable(tup) diff --git a/contrib/ipfilter/lib/ratoi.c b/contrib/ipfilter/lib/ratoi.c index 31ee122be0b..fb8552dfcc1 100644 --- a/contrib/ipfilter/lib/ratoi.c +++ b/contrib/ipfilter/lib/ratoi.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoi.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/ratoui.c b/contrib/ipfilter/lib/ratoui.c index e4d0cbf08b8..191f87f4d11 100644 --- a/contrib/ipfilter/lib/ratoui.c +++ b/contrib/ipfilter/lib/ratoui.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp + * $Id: ratoui.c,v 1.4 2001/06/09 17:09:25 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c index 256751ff5e7..d1830ac76a2 100644 --- a/contrib/ipfilter/lib/remove_hash.c +++ b/contrib/ipfilter/lib/remove_hash.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c index 5e5b6349fd6..afa0dbc554d 100644 --- a/contrib/ipfilter/lib/remove_hashnode.c +++ b/contrib/ipfilter/lib/remove_hashnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c index 3f5e0044eeb..d14529ab40e 100644 --- a/contrib/ipfilter/lib/remove_pool.c +++ b/contrib/ipfilter/lib/remove_pool.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp + * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c index aff4694687c..2c7f9d30280 100644 --- a/contrib/ipfilter/lib/remove_poolnode.c +++ b/contrib/ipfilter/lib/remove_poolnode.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2002 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp + * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $ */ #include diff --git a/contrib/ipfilter/lib/resetlexer.c b/contrib/ipfilter/lib/resetlexer.c index 0801242fdad..d16a05e0ba3 100644 --- a/contrib/ipfilter/lib/resetlexer.c +++ b/contrib/ipfilter/lib/resetlexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" long string_start = -1; diff --git a/contrib/ipfilter/lib/rwlock_emul.c b/contrib/ipfilter/lib/rwlock_emul.c index 64b807e494a..3bccd9ab05b 100644 --- a/contrib/ipfilter/lib/rwlock_emul.c +++ b/contrib/ipfilter/lib/rwlock_emul.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include "ipf.h" #define EMM_MAGIC 0x97dd8b3a diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c index 314b9d2ad23..9c33da957df 100644 --- a/contrib/ipfilter/lib/tcp_flags.c +++ b/contrib/ipfilter/lib/tcp_flags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp + * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c index b7ea4b8c307..d4d6145c270 100644 --- a/contrib/ipfilter/lib/tcpflags.c +++ b/contrib/ipfilter/lib/tcpflags.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp + * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c index b5e0cc77d67..39f3dbbe18d 100644 --- a/contrib/ipfilter/lib/tcpoptnames.c +++ b/contrib/ipfilter/lib/tcpoptnames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp + * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/to_interface.c b/contrib/ipfilter/lib/to_interface.c index 50f9a70e8f9..8f2c16f0437 100644 --- a/contrib/ipfilter/lib/to_interface.c +++ b/contrib/ipfilter/lib/to_interface.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp + * $Id: to_interface.c,v 1.8 2002/01/28 06:50:48 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c index 087da5d8a8d..c89e27c784e 100644 --- a/contrib/ipfilter/lib/v6ionames.c +++ b/contrib/ipfilter/lib/v6ionames.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6ionames.c,v 1.1.4.1 2005/01/02 13:08:49 darrenr Exp + * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $ */ #include "ipf.h" @@ -21,6 +19,7 @@ struct ipopt_names v6ionames[] ={ { IPPROTO_AH, 0x000020, 0, "ah" }, { IPPROTO_NONE, 0x000040, 0, "none" }, { IPPROTO_DSTOPTS, 0x000080, 0, "dstopts" }, + { IPPROTO_MOBILITY, 0x000100, 0, "mobility" }, { 0, 0, 0, (char *)NULL } }; diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c index 57dc2fbfb4e..fd8e2e22b64 100644 --- a/contrib/ipfilter/lib/v6optvalue.c +++ b/contrib/ipfilter/lib/v6optvalue.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp + * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $ */ #include "ipf.h" diff --git a/contrib/ipfilter/lib/var.c b/contrib/ipfilter/lib/var.c index 79b2517b9ae..37d310b130d 100644 --- a/contrib/ipfilter/lib/var.c +++ b/contrib/ipfilter/lib/var.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include "ipf.h" diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c index d4f3012ca6f..e386038d1bb 100644 --- a/contrib/ipfilter/lib/verbose.c +++ b/contrib/ipfilter/lib/verbose.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp + * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $ */ #if defined(__STDC__) diff --git a/contrib/ipfilter/man/ipf.4 b/contrib/ipfilter/man/ipf.4 index 7a0b20ab8f8..e2e5b5b10fb 100644 --- a/contrib/ipfilter/man/ipf.4 +++ b/contrib/ipfilter/man/ipf.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 4 .SH NAME ipf \- packet filtering kernel interface diff --git a/contrib/ipfilter/man/ipf.5 b/contrib/ipfilter/man/ipf.5 index ab7f93585e0..3fd9e94abd9 100644 --- a/contrib/ipfilter/man/ipf.5 +++ b/contrib/ipfilter/man/ipf.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 5 .SH NAME ipf, ipf.conf, ipf6.conf \- IP packet filter rule syntax @@ -58,8 +56,8 @@ port-range = "port" port-num range port-num . flags = "flags" flag { flag } [ "/" flag { flag } ] . with = "with" | "and" . icmp = "icmp-type" icmp-type [ "code" decnumber ] . -return-code = "("icmp-code")" . -keep = "keep" "state" | "keep" "frags" . +return-code = "(" icmp-code ")" . +keep = "keep" "state" [ "(" state-options ")" ] | "keep" "frags" . loglevel = facility"."priority | priority . nummask = host-name [ "/" decnumber ] . @@ -67,7 +65,10 @@ host-name = ipaddr | hostname | "any" . ipaddr = host-num "." host-num "." host-num "." host-num . host-num = digit [ digit [ digit ] ] . port-num = service-name | decnumber . +state-options = state-opts [ "," state-options ] . +state-opts = "age" decnumber [ "/" decnumber ] | "strict" | + "no-icmp-err" | "limit" decnumber | "newisn" | "sync" . withopt = [ "not" | "no" ] opttype [ withopt ] . opttype = "ipopts" | "short" | "frag" | "opt" optname . optname = ipopts [ "," optname ] . diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8 index c7d07c0bc5d..43115777483 100644 --- a/contrib/ipfilter/man/ipf.8 +++ b/contrib/ipfilter/man/ipf.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPF 8 .SH NAME ipf \- alters packet filtering lists for IP packet input and output diff --git a/contrib/ipfilter/man/ipfilter.4 b/contrib/ipfilter/man/ipfilter.4 index cf8ca9fa5f1..b2d2f2a7724 100644 --- a/contrib/ipfilter/man/ipfilter.4 +++ b/contrib/ipfilter/man/ipfilter.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IP\ FILTER 4 .SH NAME ipfilter \- Introduction to IP packet filtering diff --git a/contrib/ipfilter/man/ipfilter.5 b/contrib/ipfilter/man/ipfilter.5 index 9fbb6754261..0bba0f4bad0 100644 --- a/contrib/ipfilter/man/ipfilter.5 +++ b/contrib/ipfilter/man/ipfilter.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPFILTER 1 .SH NAME IP Filter diff --git a/contrib/ipfilter/man/ipfs.8 b/contrib/ipfilter/man/ipfs.8 index 52f6fcbf0be..d5bf460c296 100644 --- a/contrib/ipfilter/man/ipfs.8 +++ b/contrib/ipfilter/man/ipfs.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPFS 8 .SH NAME ipfs \- saves and restores information for NAT and state tables. diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index 549b31a8f72..a3ec72a5c8d 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH ipfstat 8 .SH NAME ipfstat \- reports on packet filter statistics and filter list diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index 4a17576797b..5153687ed1a 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipftest 1 .SH NAME ipftest \- test packet filter rules with arbitrary input. .SH SYNOPSIS .B ipftest [ -.B \-6bdDoRvx +.B \-6bCdDoRvx ] [ .B \-F input-format @@ -29,6 +27,9 @@ interface .B \-r ] [ +.B \-S + +] [ .B \-T ] @@ -58,6 +59,11 @@ Cause the output to be a brief summary (one-word) of the result of passing the packet through the filter; either "pass", "block" or "nomatch". This is used in the regression testing. .TP +.B \-C +Force the checksums to be (re)calculated for all packets being input into +\fBipftest\fP. This may be necessary if pcap files from tcpdump are being +fed in where there are partial checksums present due to hardware offloading. +.TP .B \-d Turn on filter rule debugging. Currently, this only shows you what caused the rule to not match in the IP header checking (addresses/netmasks, etc). @@ -169,6 +175,14 @@ Specify the filename from which to read filter rules in \fBipf\fP(5) format. .B \-R Don't attempt to convert IP addresses to hostnames. .TP +.BR \-S \0 +The IP address specifived with this option is used by ipftest to determine +whether a packet should be treated as "input" or "output". If the source +address in an IP packet matches then it is considered to be inbound. If it +does not match then it is considered to be outbound. This is primarily +for use with tcpdump (pcap) files where there is no in/out information +saved with each packet. +.TP .BR \-T \0 This option simulates the run-time changing of IPFilter kernel variables available with the \fB\-T\fP option of \fBipf\fP. diff --git a/contrib/ipfilter/man/ipl.4 b/contrib/ipfilter/man/ipl.4 index d45749b6750..d8106cc24d6 100644 --- a/contrib/ipfilter/man/ipl.4 +++ b/contrib/ipfilter/man/ipl.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPL 4 .SH NAME ipl \- IP packet log device diff --git a/contrib/ipfilter/man/ipmon.5 b/contrib/ipfilter/man/ipmon.5 index bc48466bc71..2e3eebd06ba 100644 --- a/contrib/ipfilter/man/ipmon.5 +++ b/contrib/ipfilter/man/ipmon.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPMON 5 .SH NAME ipmon, ipmon.conf \- ipmon configuration file format diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 0c2861c5752..1ddc307a9fe 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -1,12 +1,10 @@ -.\" $NetBSD$ -.\" .TH ipmon 8 .SH NAME ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS .B ipmon [ -.B \-abDFhnpstvxX +.B \-abBDFhnpstvxX ] [ .B "\-N " ] [ @@ -73,6 +71,9 @@ unreachable message. In order for \fBipmon\fP to properly work, the kernel option \fBIPFILTER_LOG\fP must be turned on in your kernel. Please see \fBoptions(4)\fP for more details. +.LP +\fBipmon\fP reopns its log file(s) and rereads its configuration file +when it receives a SIGHUP signal. .SH OPTIONS .TP .B \-a @@ -83,6 +84,11 @@ are displayed to the same output 'device' (stderr or syslog). For rules which log the body of a packet, generate hex output representing the packet contents after the headers. .TP +.B \-B +Enable logging of the raw, unformatted binary data to the specified +\fI\fP file. This can be read, later, using \fBipmon\fP +with the \fB-f\fP option. +.TP .B \-D Cause ipmon to turn itself into a daemon. Using subshells or backgrounding of ipmon is not required to turn it into an orphan so it can run indefinitely. diff --git a/contrib/ipfilter/man/ipnat.4 b/contrib/ipfilter/man/ipnat.4 index 6f696bd625b..54f55d3de81 100644 --- a/contrib/ipfilter/man/ipnat.4 +++ b/contrib/ipfilter/man/ipnat.4 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 4 .SH NAME ipnat \- Network Address Translation kernel interface diff --git a/contrib/ipfilter/man/ipnat.5 b/contrib/ipfilter/man/ipnat.5 index 7db33086eeb..2d76a466506 100644 --- a/contrib/ipfilter/man/ipnat.5 +++ b/contrib/ipfilter/man/ipnat.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 5 .SH NAME ipnat, ipnat.conf \- IP NAT file format @@ -12,9 +10,10 @@ ipmap :: = mapblock | redir | map . map ::= mapit ifname lhs "->" dstipmask [ mapicmp | mapport | mapproxy ] mapoptions . mapblock ::= "map-block" ifname lhs "->" ipmask [ ports ] mapoptions . -redir ::= "rdr" ifname ipmask dport "->" ip [ "," ip ] rdrport rdroptions . +redir ::= "rdr" ifname rlhs "->" ip [ "," ip ] rdrport rdroptions . lhs ::= ipmask | fromto . +rlhs ::= ipmask dport | fromto . dport ::= "port" portnum [ "-" portnum ] . ports ::= "ports" numports | "auto" . rdrport ::= "port" portnum . diff --git a/contrib/ipfilter/man/ipnat.8 b/contrib/ipfilter/man/ipnat.8 index 49a09beaf6d..683e8f15d9e 100644 --- a/contrib/ipfilter/man/ipnat.8 +++ b/contrib/ipfilter/man/ipnat.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPNAT 8 .SH NAME ipnat \- user interface to the NAT subsystem @@ -35,7 +33,7 @@ enabled. .TP .B \-C delete all entries in the current NAT rule listing (NAT rules) - .TP +.TP .B \-d Enable printing of some extra debugging information. .TP @@ -54,10 +52,10 @@ This flag (no-change) prevents \fBipf\fP from actually making any ioctl calls or doing anything which would alter the currently running kernel. .TP .B \-r -Remove matching NAT rules rather than add them to the internal lists +Remove matching NAT rules rather than add them to the internal lists. .TP .B \-s -Retrieve and display NAT statistics +Retrieve and display NAT statistics. .TP .B \-v Turn verbose mode on. Displays information relating to rule processing diff --git a/contrib/ipfilter/man/ippool.5 b/contrib/ipfilter/man/ippool.5 index c9eaaca65b1..1c720b9392d 100644 --- a/contrib/ipfilter/man/ippool.5 +++ b/contrib/ipfilter/man/ippool.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPPOOL 5 .SH NAME ippool, ippool.conf \- IP Pool file format diff --git a/contrib/ipfilter/man/ippool.8 b/contrib/ipfilter/man/ippool.8 index 6ed1e884160..e27cb92c2c9 100644 --- a/contrib/ipfilter/man/ippool.8 +++ b/contrib/ipfilter/man/ippool.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPPOOL 8 .SH NAME ippool \- user interface to the IPFilter pools diff --git a/contrib/ipfilter/man/ipscan.5 b/contrib/ipfilter/man/ipscan.5 index 4a001749e86..cc12ca38d4d 100644 --- a/contrib/ipfilter/man/ipscan.5 +++ b/contrib/ipfilter/man/ipscan.5 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSCAN 5 .SH NAME ipscan, ipscan.conf \- ipscan file format diff --git a/contrib/ipfilter/man/ipscan.8 b/contrib/ipfilter/man/ipscan.8 index d3ce9528734..958c4561073 100644 --- a/contrib/ipfilter/man/ipscan.8 +++ b/contrib/ipfilter/man/ipscan.8 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH IPSCAN 8 .SH NAME ipscan \- user interface to the IPFilter content scanning diff --git a/contrib/ipfilter/man/mkfilters.1 b/contrib/ipfilter/man/mkfilters.1 index 3bac7d16bb5..b5fd9dc59f3 100644 --- a/contrib/ipfilter/man/mkfilters.1 +++ b/contrib/ipfilter/man/mkfilters.1 @@ -1,5 +1,3 @@ -.\" $NetBSD$ -.\" .TH MKFILTERS 1 .SH NAME mkfilters \- generate a minimal firewall ruleset for ipfilter diff --git a/contrib/ipfilter/md5.c b/contrib/ipfilter/md5.c index 78a0eb720ae..c46a9576470 100644 --- a/contrib/ipfilter/md5.c +++ b/contrib/ipfilter/md5.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* diff --git a/contrib/ipfilter/md5.h b/contrib/ipfilter/md5.h index 40e8dc65a89..48bbaf1bb9d 100644 --- a/contrib/ipfilter/md5.h +++ b/contrib/ipfilter/md5.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* *********************************************************************** ** md5.h -- header file for implementation of MD5 ** diff --git a/contrib/ipfilter/mlf_ipl.c b/contrib/ipfilter/mlf_ipl.c index c0cdce825a3..b39a14d0d87 100644 --- a/contrib/ipfilter/mlf_ipl.c +++ b/contrib/ipfilter/mlf_ipl.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/mlf_rule.c b/contrib/ipfilter/mlf_rule.c index 731ef5e439c..c540ebde5fa 100644 --- a/contrib/ipfilter/mlf_rule.c +++ b/contrib/ipfilter/mlf_rule.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/mlfk_rule.c b/contrib/ipfilter/mlfk_rule.c index a4f3ba71ff2..c17507613d8 100644 --- a/contrib/ipfilter/mlfk_rule.c +++ b/contrib/ipfilter/mlfk_rule.c @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2000 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp + * $Id: mlfk_rule.c,v 2.4.4.2 2004/04/16 23:32:08 darrenr Exp $ */ diff --git a/contrib/ipfilter/opts.h b/contrib/ipfilter/opts.h index 602c4e38922..655f9f09ef4 100644 --- a/contrib/ipfilter/opts.h +++ b/contrib/ipfilter/opts.h @@ -1,11 +1,9 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2000 by Darren Reed. * * See the IPFILTER.LICENCE file for details on licencing. * - * Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp + * $Id: opts.h,v 2.12 2003/08/14 14:24:27 darrenr Exp $ */ #ifndef __OPTS_H__ diff --git a/contrib/ipfilter/pcap-ipf.h b/contrib/ipfilter/pcap-ipf.h index a6b974c5413..2ad5b01b22d 100644 --- a/contrib/ipfilter/pcap-ipf.h +++ b/contrib/ipfilter/pcap-ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * diff --git a/contrib/ipfilter/perl/ipf-mrtg.pl b/contrib/ipfilter/perl/ipf-mrtg.pl index a96a7cddb2b..cce30ab09c5 100644 --- a/contrib/ipfilter/perl/ipf-mrtg.pl +++ b/contrib/ipfilter/perl/ipf-mrtg.pl @@ -19,4 +19,4 @@ print "$in_pkts\n", my $uptime = `/usr/bin/uptime`; $uptime =~ /^\s+(\d{1,2}:\d{2}..)\s+up\s+(\d+)\s+(......),/; print "$2 $3\n", - "$firewall\n"; + "$firewall\n"; \ No newline at end of file diff --git a/contrib/ipfilter/perl/logfilter.pl b/contrib/ipfilter/perl/logfilter.pl index a75eafd72e9..6ebe401ab4e 100644 --- a/contrib/ipfilter/perl/logfilter.pl +++ b/contrib/ipfilter/perl/logfilter.pl @@ -178,4 +178,4 @@ tcp 6667 irc.log tcp 7070 realaudio.log tcp 8080 http.log tcp 12345 netbus.log -udp 31337 backorifice.log +udp 31337 backorifice.log \ No newline at end of file diff --git a/contrib/ipfilter/radix.c b/contrib/ipfilter/radix.c index 964c1095268..69b50c062a6 100644 --- a/contrib/ipfilter/radix.c +++ b/contrib/ipfilter/radix.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -103,6 +101,12 @@ static int rn_lexobetter __P((void *, void *)); static struct radix_mask *rn_new_radix_mask __P((struct radix_node *, struct radix_mask *)); static int rn_freenode __P((struct radix_node *, void *)); +#if defined(AIX) && !defined(_KERNEL) +struct radix_node *rn_match __P((void *, struct radix_node_head *)); +struct radix_node *rn_addmask __P((int, int, void *)); +#define FreeS(x, y) KFREES(x, y) +#define Bcopy(x, y, z) bcopy(x, y, z) +#endif /* * The data structure for the keys is a radix tree with one way diff --git a/contrib/ipfilter/radix_ipf.h b/contrib/ipfilter/radix_ipf.h index 1dada6034de..357b9c40dc2 100644 --- a/contrib/ipfilter/radix_ipf.h +++ b/contrib/ipfilter/radix_ipf.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (c) 1988, 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -28,7 +26,7 @@ * @(#)radix.h 8.2 (Berkeley) 10/31/94 */ -#ifndef _NET_RADIX_H_ +#if !defined(_NET_RADIX_H_) && !defined(_RADIX_H_) #define _NET_RADIX_H_ #ifndef _RADIX_H_ #define _RADIX_H_ @@ -42,7 +40,7 @@ # endif #endif -#ifdef __sgi +#if defined(__sgi) # define radix_mask ipf_radix_mask # define radix_node ipf_radix_node # define radix_node_head ipf_radix_node_head @@ -146,6 +144,12 @@ struct radix_node_head { }; +#if defined(AIX) +# undef Bcmp +# undef Bzero +# undef R_Malloc +# undef Free +#endif #define Bcmp(a, b, n) bcmp(((caddr_t)(a)), ((caddr_t)(b)), (unsigned)(n)) #if defined(linux) && defined(_KERNEL) # define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) @@ -157,7 +161,7 @@ struct radix_node_head { #define FreeS(p, z) KFREES(p, z) #define Free(p) KFREE(p) -#if (defined(__osf__) || (IRIX >= 60516)) && defined(_KERNEL) +#if (defined(__osf__) || defined(AIX) || (IRIX >= 60516)) && defined(_KERNEL) # define rn_init ipf_rn_init # define rn_fini ipf_rn_fini # define rn_inithead ipf_rn_inithead diff --git a/contrib/ipfilter/rules/example.1 b/contrib/ipfilter/rules/example.1 index 3da9f3ccab5..ff93f492caf 100644 --- a/contrib/ipfilter/rules/example.1 +++ b/contrib/ipfilter/rules/example.1 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all incoming TCP packets on le0 from host 10.1.1.1 to any destination. # diff --git a/contrib/ipfilter/rules/example.10 b/contrib/ipfilter/rules/example.10 index f7a0b011e14..560d1e670f6 100644 --- a/contrib/ipfilter/rules/example.10 +++ b/contrib/ipfilter/rules/example.10 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # pass ack packets (ie established connection) # diff --git a/contrib/ipfilter/rules/example.11 b/contrib/ipfilter/rules/example.11 index 1cefa9a3b35..c6b4e7ff0d7 100644 --- a/contrib/ipfilter/rules/example.11 +++ b/contrib/ipfilter/rules/example.11 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # allow any TCP packets from the same subnet as foo is on through to host # 10.1.1.2 if they are destined for port 6667. diff --git a/contrib/ipfilter/rules/example.12 b/contrib/ipfilter/rules/example.12 index 6dbaef58c56..c0ba1d3cdda 100644 --- a/contrib/ipfilter/rules/example.12 +++ b/contrib/ipfilter/rules/example.12 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # get rid of all short IP fragments (too small for valid comparison) # diff --git a/contrib/ipfilter/rules/example.13 b/contrib/ipfilter/rules/example.13 index ca741148931..854f07f1694 100644 --- a/contrib/ipfilter/rules/example.13 +++ b/contrib/ipfilter/rules/example.13 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # Log all short TCP packets to qe3, with 10.3.3.3 as the intended # destination for the packet. diff --git a/contrib/ipfilter/rules/example.2 b/contrib/ipfilter/rules/example.2 index 81e7d25c7c7..4f81725eeb0 100644 --- a/contrib/ipfilter/rules/example.2 +++ b/contrib/ipfilter/rules/example.2 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all outgoing TCP packets on le0 from any host to port 23 of # host 10.1.1.2 diff --git a/contrib/ipfilter/rules/example.3 b/contrib/ipfilter/rules/example.3 index c5b4344f91c..cd31f73e7c2 100644 --- a/contrib/ipfilter/rules/example.3 +++ b/contrib/ipfilter/rules/example.3 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all inbound packets. # diff --git a/contrib/ipfilter/rules/example.4 b/contrib/ipfilter/rules/example.4 index f18dcdd0cd2..7918ec2fbd9 100644 --- a/contrib/ipfilter/rules/example.4 +++ b/contrib/ipfilter/rules/example.4 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all ICMP packets. # diff --git a/contrib/ipfilter/rules/example.5 b/contrib/ipfilter/rules/example.5 index 959dfb83637..6d688b5eab8 100644 --- a/contrib/ipfilter/rules/example.5 +++ b/contrib/ipfilter/rules/example.5 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # test ruleset # diff --git a/contrib/ipfilter/rules/example.6 b/contrib/ipfilter/rules/example.6 index e9ce23ac27e..d40f0f3d2a1 100644 --- a/contrib/ipfilter/rules/example.6 +++ b/contrib/ipfilter/rules/example.6 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all TCP packets with only the SYN flag set (this is the first # packet sent to establish a connection) out of the SYN-ACK pair. diff --git a/contrib/ipfilter/rules/example.7 b/contrib/ipfilter/rules/example.7 index 0ddd7f77628..062de981193 100644 --- a/contrib/ipfilter/rules/example.7 +++ b/contrib/ipfilter/rules/example.7 @@ -1,4 +1,3 @@ -# $FreeBSD$ # block all ICMP packets. # block in proto icmp all diff --git a/contrib/ipfilter/rules/example.8 b/contrib/ipfilter/rules/example.8 index 2276b525b17..baa02581256 100644 --- a/contrib/ipfilter/rules/example.8 +++ b/contrib/ipfilter/rules/example.8 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # block all incoming TCP connections but send back a TCP-RST for ones to # the ident port diff --git a/contrib/ipfilter/rules/example.9 b/contrib/ipfilter/rules/example.9 index 50bb46a672d..daff2031db8 100644 --- a/contrib/ipfilter/rules/example.9 +++ b/contrib/ipfilter/rules/example.9 @@ -1,4 +1,3 @@ -# $FreeBSD$ # # drop all packets without IP security options # diff --git a/contrib/ipfilter/rules/example.sr b/contrib/ipfilter/rules/example.sr index 46fb6f14aaf..c4c1994030b 100644 --- a/contrib/ipfilter/rules/example.sr +++ b/contrib/ipfilter/rules/example.sr @@ -1,4 +1,3 @@ -# $FreeBSD$ # # log all inbound packet on le0 which has IP options present # diff --git a/contrib/ipfilter/samples/ipfilter-pb.gif b/contrib/ipfilter/samples/ipfilter-pb.gif index f729ab1365d..afaefa86654 100644 Binary files a/contrib/ipfilter/samples/ipfilter-pb.gif and b/contrib/ipfilter/samples/ipfilter-pb.gif differ diff --git a/contrib/ipfilter/samples/proxy.c b/contrib/ipfilter/samples/proxy.c index ccf2ac65e64..3a3d039ea96 100644 --- a/contrib/ipfilter/samples/proxy.c +++ b/contrib/ipfilter/samples/proxy.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Sample transparent proxy program. * @@ -94,8 +92,8 @@ char *argv[]; natlook.nl_outip = sin.sin_addr; natlook.nl_inip = sloc.sin_addr; natlook.nl_flags = IPN_TCP; - natlook.nl_outport = ntohs(sin.sin_port); - natlook.nl_inport = ntohs(sloc.sin_port); + natlook.nl_outport = sin.sin_port; + natlook.nl_inport = sloc.sin_port; /* * Open the NAT device and lookup the mapping pair. diff --git a/contrib/ipfilter/samples/relay.c b/contrib/ipfilter/samples/relay.c index b91779a4a8e..6b96fc42f61 100644 --- a/contrib/ipfilter/samples/relay.c +++ b/contrib/ipfilter/samples/relay.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Sample program to be used as a transparent proxy. * @@ -18,10 +16,10 @@ #include #include #include -#include "ip_compat.h" -#include "ip_fil.h" -#include "ip_nat.h" -#include "ipl.h" +#include "netinet/ip_compat.h" +#include "netinet/ip_fil.h" +#include "netinet/ip_nat.h" +#include "netinet/ipl.h" #define RELAY_BUFSZ 8192 diff --git a/contrib/ipfilter/samples/userauth.c b/contrib/ipfilter/samples/userauth.c index ef059ac0025..dbfeac60bfc 100644 --- a/contrib/ipfilter/samples/userauth.c +++ b/contrib/ipfilter/samples/userauth.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - #include #include #include diff --git a/contrib/ipfilter/snoop.h b/contrib/ipfilter/snoop.h index 12dea374029..8fa6f7e4a34 100644 --- a/contrib/ipfilter/snoop.h +++ b/contrib/ipfilter/snoop.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -11,7 +9,7 @@ /* * written to comply with the RFC (1761) from Sun. - * Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp + * $Id: snoop.h,v 2.3 2001/06/09 17:09:23 darrenr Exp $ */ struct snoophdr { char s_id[8]; diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile index 7f17241b3f2..16535bf265e 100644 --- a/contrib/ipfilter/test/Makefile +++ b/contrib/ipfilter/test/Makefile @@ -11,7 +11,7 @@ all: results tests results: mkdir -p results -tests: ipf nat logtests ipv6 pools +tests: ipf nat logtests ipv6 pools bpf ipf: ftests ptests @@ -21,12 +21,13 @@ first: -mkdir -p results # Filtering tests -ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 +ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 # Rule parsing tests -ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 +ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 \ + i20 i21 -ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 +ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 nitests: ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 @@ -40,16 +41,16 @@ ipv6: ipv6.1 ipv6.2 ipv6.3 bpf: bpf1 bpf-f1 -f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14: +f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f19: @/bin/sh ./dotest `awk "/^$@ / { print; } " test.format` -f15 f16 f17: +f15 f16 f17 f18: @/bin/sh ./mtest `awk "/^$@ / { print; } " test.format` -i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 bpf1: +i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 bpf1: @/bin/sh ./itest `awk "/^$@ / { print; } " test.format` -n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12: +n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14: @/bin/sh ./nattest `awk "/^$@ / { print; } " test.format` ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16: @@ -77,9 +78,9 @@ bpf-f1: /bin/sh ./bpftest `awk "/^$@ / { print; } " test.format` clean: - /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 - /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 - /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 + /bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 + /bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 + /bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14 /bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 /bin/rm -f in1 in2 in3 in4 in5 in6 diff --git a/contrib/ipfilter/test/dotest b/contrib/ipfilter/test/dotest index 71c8cceefc9..72853d4eb0b 100644 --- a/contrib/ipfilter/test/dotest +++ b/contrib/ipfilter/test/dotest @@ -1,5 +1,8 @@ #!/bin/sh +thistest=$1 format=$2 +output=$3 +tuning=$4 if [ -f /usr/ucb/touch ] ; then TOUCH=/usr/ucb/touch else @@ -11,18 +14,21 @@ else fi fi fi -echo "$1..."; -/bin/cp /dev/null results/$1 +if [ "$tuning" != "" ] ; then + tuning="-T $tuning" +fi +echo "${thistest}..."; +/bin/cp /dev/null results/${thistest} ( while read rule; do - echo "$rule" | ../ipftest -F $format -Rbr - -i input/$1 >> results/$1; + echo "$rule" | ../ipftest -F $format -Rbr - -i input/${thistest} $tuning>> results/${thistest}; if [ $? -ne 0 ] ; then exit 1; fi - echo "--------" >> results/$1 -done ) < regress/$1 -cmp expected/$1 results/$1 + echo "--------" >> results/${thistest} +done ) < regress/${thistest} +cmp expected/${thistest} results/${thistest} status=$? if [ $status = 0 ] ; then - $TOUCH $1 + $TOUCH ${thistest} fi exit $status diff --git a/contrib/ipfilter/test/expected/bpf1 b/contrib/ipfilter/test/expected/bpf1 index 9d0ad1b06b9..76381a748f6 100644 --- a/contrib/ipfilter/test/expected/bpf1 +++ b/contrib/ipfilter/test/expected/bpf1 @@ -1,4 +1,4 @@ -pass in bpf { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass in bpf { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass in bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "0 0 0 0 0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x1 0x6 0 0 0" } +pass in bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "0 0 0 0 0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x1 0x6 0 0 0" } diff --git a/contrib/ipfilter/test/expected/f13 b/contrib/ipfilter/test/expected/f13 index b3c7e54bf36..2a0195b078a 100644 --- a/contrib/ipfilter/test/expected/f13 +++ b/contrib/ipfilter/test/expected/f13 @@ -1,6 +1,12 @@ pass nomatch nomatch +pass +nomatch +nomatch +nomatch +nomatch +nomatch nomatch nomatch nomatch @@ -15,6 +21,12 @@ nomatch block nomatch nomatch +block +nomatch +nomatch +nomatch +nomatch +nomatch nomatch nomatch nomatch @@ -39,22 +51,34 @@ nomatch nomatch nomatch pass --------- -nomatch -nomatch -nomatch -nomatch -nomatch -nomatch -nomatch -block -block -nomatch -nomatch -nomatch -block --------- pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +block +block +nomatch +nomatch +nomatch +block +block +block +nomatch +nomatch +nomatch +nomatch +-------- +block nomatch nomatch pass @@ -67,6 +91,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +pass +nomatch +pass +pass -------- block nomatch @@ -81,4 +111,50 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +block +nomatch +block +block +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +block +block +nomatch +pass +block +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +nomatch +nomatch +pass -------- diff --git a/contrib/ipfilter/test/expected/f17 b/contrib/ipfilter/test/expected/f17 index 4fe3acf5764..c586e5b59a2 100644 --- a/contrib/ipfilter/test/expected/f17 +++ b/contrib/ipfilter/test/expected/f17 @@ -3,4 +3,5 @@ block return-rst pass pass pass +pass -------- diff --git a/contrib/ipfilter/test/expected/f18 b/contrib/ipfilter/test/expected/f18 new file mode 100644 index 00000000000..801abd36942 --- /dev/null +++ b/contrib/ipfilter/test/expected/f18 @@ -0,0 +1,5 @@ +pass +pass +pass +pass +-------- diff --git a/contrib/ipfilter/test/expected/f19 b/contrib/ipfilter/test/expected/f19 new file mode 100644 index 00000000000..5ee2e9d692a --- /dev/null +++ b/contrib/ipfilter/test/expected/f19 @@ -0,0 +1,10 @@ +pass +pass +pass +nomatch +-------- +pass +nomatch +nomatch +nomatch +-------- diff --git a/contrib/ipfilter/test/expected/f7 b/contrib/ipfilter/test/expected/f7 index 6aa7951f3e6..7a4daedd93e 100644 --- a/contrib/ipfilter/test/expected/f7 +++ b/contrib/ipfilter/test/expected/f7 @@ -7,6 +7,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- pass pass @@ -17,6 +23,12 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -27,6 +39,12 @@ block nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -37,6 +55,12 @@ pass nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -47,6 +71,12 @@ nomatch block block block +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -57,4 +87,58 @@ nomatch pass pass pass +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +pass +pass -------- diff --git a/contrib/ipfilter/test/expected/f9 b/contrib/ipfilter/test/expected/f9 index 709744d6287..cc5be688cd2 100644 --- a/contrib/ipfilter/test/expected/f9 +++ b/contrib/ipfilter/test/expected/f9 @@ -4,10 +4,16 @@ block block block block +block +block +block -------- nomatch nomatch nomatch +nomatch +nomatch +nomatch pass pass nomatch @@ -16,6 +22,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch block nomatch -------- @@ -23,6 +32,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch pass nomatch -------- @@ -32,6 +44,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -39,6 +54,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -46,6 +64,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -53,20 +74,29 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch +nomatch block nomatch nomatch nomatch nomatch +nomatch +nomatch -------- nomatch +nomatch pass nomatch nomatch nomatch nomatch +nomatch +nomatch -------- pass pass @@ -74,9 +104,15 @@ pass pass pass pass +pass +pass +pass -------- block block +block +nomatch +nomatch nomatch nomatch nomatch @@ -84,11 +120,7 @@ nomatch -------- pass pass -nomatch -nomatch -nomatch -nomatch --------- +pass nomatch nomatch nomatch @@ -102,6 +134,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -109,6 +144,9 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch @@ -116,10 +154,26 @@ nomatch nomatch nomatch nomatch +nomatch +nomatch +nomatch -------- nomatch nomatch nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch +-------- +nomatch +nomatch +nomatch +nomatch +nomatch +nomatch block block nomatch diff --git a/contrib/ipfilter/test/expected/i1 b/contrib/ipfilter/test/expected/i1 index 93530f9f575..c012af8b711 100644 --- a/contrib/ipfilter/test/expected/i1 +++ b/contrib/ipfilter/test/expected/i1 @@ -6,10 +6,12 @@ count in from any to any pass in from !any to any block in from any to !any pass in on ed0(!) from 127.0.0.1/32 to 127.0.0.1/32 +pass in on ed0(!),vx0(!) from 127.0.0.1/32 to 127.0.0.1/32 block in log first on lo0(!) from any to any pass in log body quick from any to any block return-rst in quick on le0(!) proto tcp from any to any block return-icmp in on qe0(!) from any to any block return-icmp(host-unr) in on qe0(!) from any to any +block return-icmp-as-dest in on le0(!) from any to any block return-icmp-as-dest(port-unr) in on qe0(!) from any to any pass out on longNICname0(!) from 254.220.186.152/32 to 254.220.186.152/32 diff --git a/contrib/ipfilter/test/expected/i11 b/contrib/ipfilter/test/expected/i11 index 058d03ac01c..26b8b78fade 100644 --- a/contrib/ipfilter/test/expected/i11 +++ b/contrib/ipfilter/test/expected/i11 @@ -1,8 +1,10 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state -block in log first on lo0(!) proto tcp/udp from any to any keep state +block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 20499 keep frags +pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags (strict) pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state +pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err) diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12 index 22a348871bf..e21724c7a25 100644 --- a/contrib/ipfilter/test/expected/i12 +++ b/contrib/ipfilter/test/expected/i12 @@ -13,14 +13,14 @@ pass in from 2.2.2.0/24 to 5.5.5.5/32 port = 25 pass in from 3.3.3.3/32 to 5.5.5.5/32 port = 25 pass in from 2.2.2.0/24 to 6.6.6.6/32 port = 25 pass in from 3.3.3.3/32 to 6.6.6.6/32 port = 25 -pass in proto tcp from 2.2.2.0/24 to 5.5.5.5/32 port = 53 -pass in proto tcp from 3.3.3.3/32 to 5.5.5.5/32 port = 53 -pass in proto tcp from 2.2.2.0/24 to 6.6.6.6/32 port = 53 -pass in proto tcp from 3.3.3.3/32 to 6.6.6.6/32 port = 53 -pass in proto tcp from 2.2.2.0/24 to 5.5.5.5/32 port = 9 -pass in proto tcp from 3.3.3.3/32 to 5.5.5.5/32 port = 9 -pass in proto tcp from 2.2.2.0/24 to 6.6.6.6/32 port = 9 -pass in proto tcp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 +pass in proto tcp from 2.2.2.0/24 port = 53 to 5.5.5.5/32 +pass in proto tcp from 3.3.3.3/32 port = 53 to 5.5.5.5/32 +pass in proto tcp from 2.2.2.0/24 port = 9 to 5.5.5.5/32 +pass in proto tcp from 3.3.3.3/32 port = 9 to 5.5.5.5/32 +pass in proto tcp from 2.2.2.0/24 port = 53 to 6.6.6.6/32 +pass in proto tcp from 3.3.3.3/32 port = 53 to 6.6.6.6/32 +pass in proto tcp from 2.2.2.0/24 port = 9 to 6.6.6.6/32 +pass in proto tcp from 3.3.3.3/32 port = 9 to 6.6.6.6/32 pass in proto udp from 2.2.2.0/24 to 5.5.5.5/32 port = 53 pass in proto udp from 3.3.3.3/32 to 5.5.5.5/32 port = 53 pass in proto udp from 2.2.2.0/24 to 6.6.6.6/32 port = 53 @@ -32,3 +32,8 @@ pass in proto udp from 3.3.3.3/32 to 6.6.6.6/32 port = 9 pass in from 10.10.10.10/32 to 11.11.11.11/32 pass in from pool/101(!) to hash/202(!) pass in from hash/303(!) to pool/404(!) +table role = ipf type = tree number = + { ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; }; +table role = ipf type = tree number = + { 1.1.0.0/16; }; +pass in from pool/0(!) to pool/0(!) diff --git a/contrib/ipfilter/test/expected/i14 b/contrib/ipfilter/test/expected/i14 index 5a10155b784..08ba19ad558 100644 --- a/contrib/ipfilter/test/expected/i14 +++ b/contrib/ipfilter/test/expected/i14 @@ -6,3 +6,5 @@ block in on vm0(!) proto tcp/udp from any to any head 101 pass in proto tcp/udp from 1.1.1.1/32 to 2.2.2.2/32 group 101 pass in proto tcp from 1.0.0.1/32 to 2.0.0.2/32 group 101 pass in proto udp from 2.0.0.2/32 to 3.0.0.3/32 group 101 +block in on vm0(!) proto tcp/udp from any to any head vm0-group +pass in proto tcp/udp from 1.1.1.1/32 to 2.2.2.2/32 group vm0-group diff --git a/contrib/ipfilter/test/expected/i16 b/contrib/ipfilter/test/expected/i16 new file mode 100644 index 00000000000..c5b3cf3f673 --- /dev/null +++ b/contrib/ipfilter/test/expected/i16 @@ -0,0 +1,3 @@ +block out all +100 pass in all +10101 pass out proto tcp from any to any diff --git a/contrib/ipfilter/test/expected/i17 b/contrib/ipfilter/test/expected/i17 new file mode 100644 index 00000000000..bcc4d2d544a --- /dev/null +++ b/contrib/ipfilter/test/expected/i17 @@ -0,0 +1,10 @@ +List of active MAP/Redirect filters: + +List of active sessions: + +Hostmap table: +List of active state sessions: +List of configured pools +List of configured hash tables +List of groups configured (set 0) +List of groups configured (set 1) diff --git a/contrib/ipfilter/test/expected/i18 b/contrib/ipfilter/test/expected/i18 new file mode 100644 index 00000000000..1aaa04f1c84 --- /dev/null +++ b/contrib/ipfilter/test/expected/i18 @@ -0,0 +1,10 @@ +pass in tos 0x50 from any to any +pass in tos 0x80 from any to any +pass in tos 0x28 from any to any +block in ttl 0 from any to any +block in ttl 1 from any to any +block in ttl 2 from any to any +block in ttl 3 from any to any +block in ttl 4 from any to any +block in ttl 5 from any to any +block in ttl 6 from any to any diff --git a/contrib/ipfilter/test/expected/i19 b/contrib/ipfilter/test/expected/i19 new file mode 100644 index 00000000000..4ca19b5138f --- /dev/null +++ b/contrib/ipfilter/test/expected/i19 @@ -0,0 +1,22 @@ +block in log level user.debug quick proto icmp from any to any +block in log level mail.info quick proto icmp from any to any +block in log level daemon.notice quick proto icmp from any to any +block in log level auth.warn quick proto icmp from any to any +block in log level syslog.err quick proto icmp from any to any +block in log level lpr.crit quick proto icmp from any to any +block in log level news.alert quick proto icmp from any to any +block in log level uucp.emerg quick proto icmp from any to any +block in log level cron.debug quick proto icmp from any to any +block in log level ftp.info quick proto icmp from any to any +block in log level authpriv.notice quick proto icmp from any to any +block in log level !!!.warn quick proto icmp from any to any +block in log level local0.err quick proto icmp from any to any +block in log level local1.crit quick proto icmp from any to any +block in log level local2.alert quick proto icmp from any to any +block in log level local3.emerg quick proto icmp from any to any +block in log level local4.debug quick proto icmp from any to any +block in log level local5.info quick proto icmp from any to any +block in log level local6.notice quick proto icmp from any to any +block in log level local7.warn quick proto icmp from any to any +block in log level kern.err quick proto icmp from any to any +block in log level !!!.emerg quick proto icmp from any to any diff --git a/contrib/ipfilter/test/expected/i2 b/contrib/ipfilter/test/expected/i2 index 37ec9c485b5..5ff18f4f924 100644 --- a/contrib/ipfilter/test/expected/i2 +++ b/contrib/ipfilter/test/expected/i2 @@ -5,3 +5,4 @@ block in proto ipv6 from any to any block in proto udp from any to any block in proto 250 from any to any pass in proto tcp/udp from any to any +block in proto tcp/udp from any to any diff --git a/contrib/ipfilter/test/expected/i20 b/contrib/ipfilter/test/expected/i20 new file mode 100644 index 00000000000..77eabdb55f0 --- /dev/null +++ b/contrib/ipfilter/test/expected/i20 @@ -0,0 +1,4 @@ +pass in on ppp0(!) from ppp0/peer to ppp0/32 +block in on hme0(!) from any to hme0/bcast +pass in on bge0(!) from bge0/net to bge0/32 +block in on eri0(!) from any to eri0/netmasked diff --git a/contrib/ipfilter/test/expected/i21 b/contrib/ipfilter/test/expected/i21 new file mode 100644 index 00000000000..a5f55b36d6f --- /dev/null +++ b/contrib/ipfilter/test/expected/i21 @@ -0,0 +1,10 @@ +pass in from any port = 10101 to any +pass out from any to any port != 22 +block in from any port 20:21 to any +block out from any to any port 10 <> 100 +pass out from any to any port = 3 +pass out from any to any port = 5 +pass out from any to any port = 7 +pass out from any to any port = 9 +block in from any port = 20 to any +block in from any port = 25 to any diff --git a/contrib/ipfilter/test/expected/i4 b/contrib/ipfilter/test/expected/i4 index 89c0995f6e4..639dae88aca 100644 --- a/contrib/ipfilter/test/expected/i4 +++ b/contrib/ipfilter/test/expected/i4 @@ -5,4 +5,5 @@ pass in proto udp from 127.0.0.1/32 port > 32000 to 127.0.0.1/32 port < 29000 block in proto udp from any port != 123 to any port < 7 block in proto tcp from any port = 25 to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 +pass in proto tcp/udp from any port 2:2 to any port 10:20 pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state diff --git a/contrib/ipfilter/test/expected/i6 b/contrib/ipfilter/test/expected/i6 index 40fe1857398..e4b14c328cb 100644 --- a/contrib/ipfilter/test/expected/i6 +++ b/contrib/ipfilter/test/expected/i6 @@ -7,4 +7,6 @@ pass in on le0(!) dup-to qe0(!):127.0.0.1 to hme0(!):10.1.1.1 from 127.0.0.1/32 block in quick on qe0(!) to qe1(!) from any to any block in quick to qe1(!) from any to any pass out quick dup-to hme0(!) from any to any +pass out quick on hme0(!) reply-to hme1(!) from any to any +pass in on le0(!) dup-to qe0(!):127.0.0.1 reply-to hme1(!):10.10.10.10 all pass in quick fastroute all diff --git a/contrib/ipfilter/test/expected/i7 b/contrib/ipfilter/test/expected/i7 index c46364b558b..309cd28691b 100644 --- a/contrib/ipfilter/test/expected/i7 +++ b/contrib/ipfilter/test/expected/i7 @@ -2,3 +2,8 @@ pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 flags S/ block in on lo0(!) proto tcp from any to any flags A/FSRPAU pass in on lo0(!) proto tcp from any to any flags /SPA block in on lo0(!) proto tcp from any to any flags C/A +pass in on lo0(!) proto tcp from any to any flags S/SA +block in on lo0(!) proto tcp from any to any flags S/SA +pass in on lo0(!) proto tcp from any to any flags S/FSRPAU +block in on lo0(!) proto tcp from any to any flags /A +pass in on lo0(!) proto tcp from any to any flags S/SA diff --git a/contrib/ipfilter/test/expected/i8 b/contrib/ipfilter/test/expected/i8 index 77dc1775763..5533a7dceff 100644 --- a/contrib/ipfilter/test/expected/i8 +++ b/contrib/ipfilter/test/expected/i8 @@ -1,2 +1,33 @@ pass in proto icmp from 127.0.0.1/32 to 127.0.0.1/32 icmp-type timest block in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp from any to any icmp-type unreach code 15 +pass in proto icmp from any to any icmp-type unreach code 13 +pass in proto icmp from any to any icmp-type unreach code 8 +pass in proto icmp from any to any icmp-type unreach code 4 +pass in proto icmp from any to any icmp-type unreach code 9 +pass in proto icmp from any to any icmp-type unreach code 11 +pass in proto icmp from any to any icmp-type unreach code 14 +pass in proto icmp from any to any icmp-type unreach code 10 +pass in proto icmp from any to any icmp-type unreach code 12 +pass in proto icmp from any to any icmp-type unreach code 7 +pass in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp from any to any icmp-type unreach code 6 +pass in proto icmp from any to any icmp-type unreach code 0 +pass in proto icmp from any to any icmp-type unreach code 3 +pass in proto icmp from any to any icmp-type unreach code 2 +pass in proto icmp from any to any icmp-type unreach code 5 +pass in proto icmp from any to any icmp-type echo +pass in proto icmp from any to any icmp-type echorep +pass in proto icmp from any to any icmp-type inforeq +pass in proto icmp from any to any icmp-type inforep +pass in proto icmp from any to any icmp-type maskrep +pass in proto icmp from any to any icmp-type maskreq +pass in proto icmp from any to any icmp-type paramprob +pass in proto icmp from any to any icmp-type redir +pass in proto icmp from any to any icmp-type unreach +pass in proto icmp from any to any icmp-type routerad +pass in proto icmp from any to any icmp-type routersol +pass in proto icmp from any to any icmp-type squench +pass in proto icmp from any to any icmp-type timest +pass in proto icmp from any to any icmp-type timestrep +pass in proto icmp from any to any icmp-type timex diff --git a/contrib/ipfilter/test/expected/i9 b/contrib/ipfilter/test/expected/i9 index bae7c9bcce1..bb4e54f703f 100644 --- a/contrib/ipfilter/test/expected/i9 +++ b/contrib/ipfilter/test/expected/i9 @@ -3,5 +3,10 @@ block in from any to any with ipopts pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt lsrr,ssrr pass in from 127.0.0.1/32 to 127.0.0.1/32 with not frag +pass in from 127.0.0.1/32 to 127.0.0.1/32 with frag,frag-body pass in proto tcp from any to any flags S/FSRPAU with not oow keep state pass in proto tcp from any to any flags S/FSRPAU with not bad,bad-src,bad-nat +block in quick from any to any with not nat +block in quick from any to any with not lowttl +pass in from any to any with mbcast,not bcast,mcast,not state +pass in from any to any with opt mtup,mtur,encode,ts,tr,sec,e-sec,cipso,satid,ssrr,addext,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump diff --git a/contrib/ipfilter/test/expected/in1 b/contrib/ipfilter/test/expected/in1 index ce5a61003ec..8c47a929e54 100644 --- a/contrib/ipfilter/test/expected/in1 +++ b/contrib/ipfilter/test/expected/in1 @@ -3,6 +3,8 @@ map le0 0.0.0.1/32 -> 0.0.0.1/32 map le0 128.0.0.0/1 -> 0.0.0.0/0 map le0 10.0.0.0/8 -> 1.2.3.0/24 map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 0.0.0.5/0.0.0.255 -> 1.2.3.0/24 map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap udp 20000:29999 @@ -25,3 +27,4 @@ map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 frag age 30/30 map fxp0 from 192.168.0.0/18 to any port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp map thisisalonginte 0.0.0.0/0 -> 0.0.0.0/32 mssclamp 1452 tag freddyliveshere map bar0 0.0.0.0/0 -> 0.0.0.0/32 icmpidmap icmp 1000:2000 +map ppp0,adsl0 0.0.0.0/0 -> 0.0.0.0/32 diff --git a/contrib/ipfilter/test/expected/in2 b/contrib/ipfilter/test/expected/in2 index 61c0d1854dd..1dc7b68dd78 100644 --- a/contrib/ipfilter/test/expected/in2 +++ b/contrib/ipfilter/test/expected/in2 @@ -2,7 +2,10 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip +rdr le0 9.0.0.0/8 -> 1.1.1.1 ip +rdr le0 9.8.0.0/16 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 9.8.7.6/32 port 80 -> 0.0.0.0/0 port 80 tcp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp/udp rdr le0 9.8.7.6/32 -> 1.1.1.1 icmp @@ -11,7 +14,7 @@ rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag rdr le0 9.8.7.6/32 -> 1.1.1.1 icmp frag -rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp/udp frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag age 10/10 @@ -65,3 +68,4 @@ rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port 5555 tcp rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port = 5555 tcp rdr le0 0.0.0.0/0 -> 254.220.186.152 ip rdr le0 0.0.0.0/0 -> 254.220.186.152,254.220.186.152 ip +rdr adsl0,ppp0 0.0.0.0/0 port 25 -> 127.0.0.1 port 25 tcp diff --git a/contrib/ipfilter/test/expected/in5 b/contrib/ipfilter/test/expected/in5 index 7b3120a7c55..f371b358eec 100644 --- a/contrib/ipfilter/test/expected/in5 +++ b/contrib/ipfilter/test/expected/in5 @@ -1,3 +1,4 @@ +map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1/32 portmap tcp 10000:20000 rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp rdr le0 from any to 9.8.7.6/32 -> 1.1.1.1 ip rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp diff --git a/contrib/ipfilter/test/expected/in6 b/contrib/ipfilter/test/expected/in6 index 08bbff061c7..338bd808f57 100644 --- a/contrib/ipfilter/test/expected/in6 +++ b/contrib/ipfilter/test/expected/in6 @@ -1,3 +1,7 @@ map foo0 from any port = 1 to any port != 0 -> 0.0.0.0/32 udp +map foo0 from any port = 1 to any port != 0 -> 0.0.0.0/32 udp +map foo0 from any port < 1 to any port > 0 -> 0.0.0.0/32 tcp map foo0 from any port < 1 to any port > 0 -> 0.0.0.0/32 tcp map foo0 from any port <= 1 to any port >= 0 -> 0.0.0.0/32 tcp/udp +map foo0 from any port <= 1 to any port >= 0 -> 0.0.0.0/32 tcp/udp +map foo0 from any port 1 >< 20 to any port 20 <> 40 -> 0.0.0.0/32 tcp/udp diff --git a/contrib/ipfilter/test/expected/n1 b/contrib/ipfilter/test/expected/n1 index 0f87034649b..537f9bb6550 100644 --- a/contrib/ipfilter/test/expected/n1 +++ b/contrib/ipfilter/test/expected/n1 @@ -1,105 +1,105 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.2.2.2 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.2.2.2 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- -ip 20(20) 255 10.3.4.5 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.5 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 48(20) 1 10.3.4.5 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 20(20) 34 10.3.4.5 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.5 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.1.1.2 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.5 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 48(20) 1 10.3.4.5 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 20(20) 34 10.3.4.5 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.5 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.1.1.2 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.5 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- -ip 20(20) 255 10.3.4.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.2 > 10.1.1.2 -ip 20(20) 255 10.3.4.3 > 10.1.1.1 -ip 40(20) 6 10.3.4.3,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.3,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.3.4.3 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.4 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.3.4.3 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.3.4.4 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.4 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 20(20) 255 10.3.4.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.2 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.3 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.3,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.3,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.3.4.3 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.4 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.3 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.4 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.4 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n11 b/contrib/ipfilter/test/expected/n11 index 3732709e672..5257a64a1f0 100644 --- a/contrib/ipfilter/test/expected/n11 +++ b/contrib/ipfilter/test/expected/n11 @@ -1,51 +1,51 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 1.6.7.8 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 1.6.7.8 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 ------------------------------- -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.1.1.0 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.1.1.0 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 ------------------------------- -ip 20(20) 255 10.3.4.0 > 10.1.1.2 -ip 20(20) 255 10.3.4.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.1.1.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.5 -ip 20(20) 255 10.1.1.2 > 10.1.1.5 +ip #0 20(20) 255 10.3.4.0 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.5 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.5 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n13 b/contrib/ipfilter/test/expected/n13 new file mode 100644 index 00000000000..bfe20188652 --- /dev/null +++ b/contrib/ipfilter/test/expected/n13 @@ -0,0 +1,5 @@ +ip #0 20(20) 0 203.1.1.23 > 150.1.1.1 +ip #0 20(20) 0 203.1.1.23 > 150.1.1.2 +ip #0 20(20) 0 203.1.1.24 > 150.1.1.2 +ip #0 20(20) 0 203.1.1.25 > 150.1.1.1 +------------------------------- diff --git a/contrib/ipfilter/test/expected/n14 b/contrib/ipfilter/test/expected/n14 new file mode 100644 index 00000000000..46693001a44 --- /dev/null +++ b/contrib/ipfilter/test/expected/n14 @@ -0,0 +1,5 @@ +ip #0 40(20) 6 10.2.2.5,2000 > 10.1.1.254,80 +ip #0 40(20) 6 10.2.2.6,2000 > 10.1.1.253,80 +ip #0 40(20) 6 10.2.2.7,2000 > 10.1.1.254,80 +ip #0 40(20) 6 10.2.2.5,2001 > 10.1.1.254,80 +------------------------------- diff --git a/contrib/ipfilter/test/expected/n2 b/contrib/ipfilter/test/expected/n2 index dc70138398d..827272e9103 100644 --- a/contrib/ipfilter/test/expected/n2 +++ b/contrib/ipfilter/test/expected/n2 @@ -1,80 +1,80 @@ -ip 40(20) 6 10.2.2.2,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.2.2.2,10001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.2.2.2,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.2.2.2,10001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10003 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10003 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.1.1.3,2000 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.1.1.3,2000 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n3 b/contrib/ipfilter/test/expected/n3 index 03c07179710..0e019aefb2b 100644 --- a/contrib/ipfilter/test/expected/n3 +++ b/contrib/ipfilter/test/expected/n3 @@ -1,12 +1,12 @@ -ip 40(20) 6 192.168.2.1,1488 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,1276 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,1032 > 203.1.1.1,80 -ip 28(20) 17 192.168.2.1,1032 > 203.1.1.1,80 -ip 40(20) 6 192.168.2.1,65299 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1488 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1276 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,1032 > 203.1.1.1,80 +ip #0 28(20) 17 192.168.2.1,1032 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.2.1,65299 > 203.1.1.1,80 ------------------------------- -ip 40(20) 6 192.168.1.1,1488 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.1,1276 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.0,1032 > 203.1.1.1,80 -ip 28(20) 17 192.168.1.0,1032 > 203.1.1.1,80 -ip 40(20) 6 192.168.1.255,65299 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.1,1488 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.1,1276 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.0,1032 > 203.1.1.1,80 +ip #0 28(20) 17 192.168.1.0,1032 > 203.1.1.1,80 +ip #0 40(20) 6 192.168.1.255,65299 > 203.1.1.1,80 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n4 b/contrib/ipfilter/test/expected/n4 index 8cdf78c3184..9349542396c 100644 --- a/contrib/ipfilter/test/expected/n4 +++ b/contrib/ipfilter/test/expected/n4 @@ -1,66 +1,66 @@ -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.2.2.1,10023 -ip 40(20) 6 10.1.0.0,23 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.1.1,23 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.2.2.1,10023 +ip #0 40(20) 6 10.1.0.0,23 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 -ip 28(20) 17 10.1.1.0,53 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 +ip #0 28(20) 17 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.1,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 ------------------------------- -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 -ip 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 -ip 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 -ip 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23 +ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53 +ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n5 b/contrib/ipfilter/test/expected/n5 index 521c7376ef4..0e578b64bcf 100644 --- a/contrib/ipfilter/test/expected/n5 +++ b/contrib/ipfilter/test/expected/n5 @@ -1,330 +1,330 @@ -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.2.2.2 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.2.2.2 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.1.1.1 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.2.2.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.2.2.2,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.2.2.2 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.2.2.2,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.2.2.2,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.2.2.2 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.2.2.2 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.1.1.1 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.2.2.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.2.2.2,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.2.2.2 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.2.2.2,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.2.2.2,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.3.4.5 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.3.4.5 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.0 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.3.4.5 > 10.1.1.2 -ip 20(20) 0 10.3.4.5 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,2000 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,2001 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,2002 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.3.4.5 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.0 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.3.4.5 > 10.1.1.2 +ip #0 20(20) 0 10.3.4.5 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.3.4.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.3.4.1 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.3.4.1 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.3.4.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.3.4.2 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.3,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.3,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.3,1025 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.3.4.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.1 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.3.4.1 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.3.4.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.3.4.2 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.3,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.3,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.3,1025 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 -ip 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 -ip 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 -ip 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.5,10001 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.2,1026 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.1.1.3,2000 > 10.1.2.1,80 +ip #0 40(20) 6 10.1.1.3,2001 > 10.1.3.1,80 +ip #0 40(20) 6 10.1.1.3,2002 > 10.1.4.1,80 +ip #0 40(20) 6 10.1.1.3,2003 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.5,10001 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10003 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.1,10009 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.1,10010 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 -ip 28(20) 17 10.3.4.1,10011 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.3.4.1,10012 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.3.4.1,10002 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10003 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10001 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.1,10004 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.1,10005 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.1,10006 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.1,10007 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.1,10008 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.1,10009 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.1,10010 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,40000 +ip #0 28(20) 17 10.3.4.1,10011 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.3.4.1,10012 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- -ip 20(20) 255 10.1.1.0 > 10.1.1.2 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 20(20) 255 10.2.2.1 > 10.1.2.1 -ip 20(20) 255 10.2.2.2 > 10.1.2.1 -ip 20(20) 255 10.1.1.1 > 10.1.1.2 -ip 20(20) 255 10.1.1.2 > 10.1.1.1 -ip 20(20) 255 10.2.2.1 > 10.2.1.1 -ip 20(20) 255 10.2.2.2 > 10.2.1.1 -ip 20(20) 255 10.2.2.3 > 10.1.1.1 -ip 20(20) 255 10.2.3.4 > 10.2.2.2 -ip 20(20) 255 10.1.1.1 > 10.2.2.2 -ip 20(20) 255 10.1.1.2 > 10.2.2.2 -ip 20(20) 255 10.1.1.0 > 10.3.4.5 -ip 20(20) 255 10.1.1.1 > 10.3.4.5 -ip 20(20) 255 10.1.1.2 > 10.3.4.5 -ip 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 -ip 48(20) 1 10.1.1.1 > 10.4.3.2 -ip 48(20) 1 10.4.3.2 > 10.2.2.2 -ip 48(20) 1 10.4.3.2 > 10.3.4.3 -ip 48(20) 1 10.4.3.2 > 10.3.4.5 -ip 20(20) 34 10.1.1.2 > 10.4.3.2 -ip 20(20) 34 10.4.3.2 > 10.3.4.4 -ip 20(20) 34 10.1.1.2 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.5 -ip 20(20) 34 10.1.1.3 > 10.4.3.4 -ip 20(20) 34 10.4.3.4 > 10.3.4.6 -ip 20(20) 35 10.1.1.3 > 10.4.3.4 -ip 20(20) 35 10.4.3.4 > 10.3.4.7 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.0 > 10.1.1.2 -ip 20(20) 0 10.1.1.1 > 10.1.2.1 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 -ip 28(20) 17 10.3.4.5,40001 > 10.1.1.1,1025 -ip 40(20) 6 10.3.4.5,40000 > 10.1.2.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.3.1,80 -ip 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 -ip 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 -ip 20(20) 0 10.1.1.1 > 10.1.1.2 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 20(20) 0 10.1.1.2 > 10.1.1.1 -ip 40(20) 6 10.3.4.5,40000 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 -ip 40(20) 6 10.3.4.5,40001 > 10.3.4.5,40000 -ip 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 -ip 28(20) 17 10.3.4.5,40000 > 10.3.4.5,40001 -ip 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 -ip 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 20(20) 255 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 20(20) 255 10.2.2.1 > 10.1.2.1 +ip #0 20(20) 255 10.2.2.2 > 10.1.2.1 +ip #0 20(20) 255 10.1.1.1 > 10.1.1.2 +ip #0 20(20) 255 10.1.1.2 > 10.1.1.1 +ip #0 20(20) 255 10.2.2.1 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.2 > 10.2.1.1 +ip #0 20(20) 255 10.2.2.3 > 10.1.1.1 +ip #0 20(20) 255 10.2.3.4 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.1 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.2 > 10.2.2.2 +ip #0 20(20) 255 10.1.1.0 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.1 > 10.3.4.5 +ip #0 20(20) 255 10.1.1.2 > 10.3.4.5 +ip #0 40(20) 6 10.1.1.1,1025 > 10.3.4.5,1025 +ip #0 48(20) 1 10.1.1.1 > 10.4.3.2 +ip #0 48(20) 1 10.4.3.2 > 10.2.2.2 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.3 +ip #0 48(20) 1 10.4.3.2 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.2 +ip #0 20(20) 34 10.4.3.2 > 10.3.4.4 +ip #0 20(20) 34 10.1.1.2 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.5 +ip #0 20(20) 34 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 34 10.4.3.4 > 10.3.4.6 +ip #0 20(20) 35 10.1.1.3 > 10.4.3.4 +ip #0 20(20) 35 10.4.3.4 > 10.3.4.7 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.0 > 10.1.1.2 +ip #0 20(20) 0 10.1.1.1 > 10.1.2.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 28(20) 17 10.3.4.5,40001 > 10.1.1.1,1025 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.2.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.3.1,80 +ip #0 40(20) 6 10.3.4.5,40000 > 10.1.4.1,80 +ip #0 40(20) 6 10.3.4.5,40001 > 10.1.4.1,80 +ip #0 20(20) 0 10.1.1.1 > 10.1.1.2 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 20(20) 0 10.1.1.2 > 10.1.1.1 +ip #0 40(20) 6 10.3.4.5,40000 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1026 > 10.3.4.5,40000 +ip #0 40(20) 6 10.3.4.5,40001 > 10.3.4.5,40000 +ip #0 40(20) 6 10.1.1.1,1025 > 10.1.1.2,1025 +ip #0 28(20) 17 10.3.4.5,40000 > 10.3.4.5,40001 +ip #0 28(20) 17 10.1.1.2,1025 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 +ip #0 40(20) 6 10.1.2.1,80 > 10.3.4.5,40001 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n6 b/contrib/ipfilter/test/expected/n6 index d28d4f1ee4d..2b2c37fe7a9 100644 --- a/contrib/ipfilter/test/expected/n6 +++ b/contrib/ipfilter/test/expected/n6 @@ -1,70 +1,70 @@ -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 -ip 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 -ip 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 -ip 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 -ip 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 -ip 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 -ip 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 -ip 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23 +ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23 +ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,10053 +ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53 +ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53 ------------------------------- diff --git a/contrib/ipfilter/test/expected/n7 b/contrib/ipfilter/test/expected/n7 index db8bb507801..eb23534d0b3 100644 --- a/contrib/ipfilter/test/expected/n7 +++ b/contrib/ipfilter/test/expected/n7 @@ -1,30 +1,30 @@ -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 -ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 -ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 -ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 -ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 -ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 -ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10050 +ip #0 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10079 +ip #0 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 +ip #0 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 +ip #0 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 +ip #0 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 ------------------------------- -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10023 -ip 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 -ip 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 -ip 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 -ip 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 -ip 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1232 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1233 > 10.2.2.1,10023 +ip #0 40(20) 6 10.2.3.1,1234 > 10.1.1.1,80 +ip #0 40(20) 6 10.2.3.1,1235 > 10.1.1.2,80 +ip #0 40(20) 6 10.2.3.1,1236 > 10.1.1.3,80 +ip #0 40(20) 6 10.2.3.1,1237 > 10.1.1.4,80 +ip #0 40(20) 6 10.2.3.1,1238 > 10.1.1.4,80 ------------------------------- -ip 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 -ip 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 -ip 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 -ip 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 -ip 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 -ip 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 -ip 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 -ip 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 -ip 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1230 > 10.1.1.1,22 +ip #0 40(20) 6 10.2.3.1,1231 > 10.1.1.1,23 +ip #0 40(20) 6 10.2.3.1,1232 > 10.1.1.1,50 +ip #0 40(20) 6 10.2.3.1,1233 > 10.1.1.1,79 +ip #0 40(20) 6 10.2.3.1,1234 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1235 > 1.2.2.129,3128 +ip #0 40(20) 6 10.2.3.1,1236 > 10.2.2.1,3128 +ip #0 40(20) 6 10.2.3.1,1237 > 1.2.2.129,3128 +ip #0 40(20) 6 10.2.3.1,1238 > 10.2.2.1,3128 ------------------------------- diff --git a/contrib/ipfilter/test/expected/p1 b/contrib/ipfilter/test/expected/p1 index c3f7afa66f5..9f02804439e 100644 --- a/contrib/ipfilter/test/expected/p1 +++ b/contrib/ipfilter/test/expected/p1 @@ -9,6 +9,8 @@ nomatch List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools table role = ipf type = tree number = 100 diff --git a/contrib/ipfilter/test/expected/p2 b/contrib/ipfilter/test/expected/p2 index bb15bdf7b14..2f330c26f8b 100644 --- a/contrib/ipfilter/test/expected/p2 +++ b/contrib/ipfilter/test/expected/p2 @@ -1,4 +1,4 @@ -nomatch +block nomatch pass nomatch @@ -9,10 +9,15 @@ pass List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools List of configured hash tables # 'anonymous' table +table role = ipf type = hash number = 2147483650 size = 3 + { 4.4.0.0/16; 127.0.0.1/32; }; +# 'anonymous' table table role = ipf type = hash number = 2147483649 size = 3 { 4.4.0.0/16; 127.0.0.1/32; }; List of groups configured (set 0) diff --git a/contrib/ipfilter/test/expected/p3 b/contrib/ipfilter/test/expected/p3 index 136543f8229..94fde9e701a 100644 --- a/contrib/ipfilter/test/expected/p3 +++ b/contrib/ipfilter/test/expected/p3 @@ -13,6 +13,8 @@ block List of active MAP/Redirect filters: List of active sessions: + +Hostmap table: List of active state sessions: List of configured pools List of configured hash tables diff --git a/contrib/ipfilter/test/input/f13 b/contrib/ipfilter/test/input/f13 index 0ca607ea17e..d7b07249ace 100644 --- a/contrib/ipfilter/test/input/f13 +++ b/contrib/ipfilter/test/input/f13 @@ -1,51 +1,94 @@ -# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0 SYN +# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN +[in] 4500 0028 0001 4000 3f06 36cc 0101 0101 0201 0101 -0401 0019 0000 0000 0000 0000 50 02 2000 86c5 0000 +0401 0019 0000 0000 0000 0000 50 02 2000 86bb 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF ACK +[in] 4500 0024 0002 2000 3f06 56cf 0101 0101 0201 0101 0401 0019 0000 0000 0000 0000 5010 2000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2 ACK +[in] 4500 002c 0002 0002 3f06 76c5 0101 0101 0201 0101 0000 0000 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 1213 -# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN +[in] 4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101 -0401 0019 0000 0000 0000 0000 5010 2000 0000 0000 +0400 0019 7000 0000 0000 0000 5002 2000 0000 0000 # 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0 +[in] 4500 001c 0004 6000 3f06 16d5 0101 0101 0201 0101 0401 0019 0000 0000 # 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN +[in] 4500 001c 0005 6001 3f06 16d3 0101 0101 0201 0101 0000 0000 5010 2000 # 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0 +[in] 4500 0014 0006 6000 3f11 16d0 0101 0101 0201 0101 # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0 +[in] 4500 0018 0007 2000 3f11 56cb 0101 0101 0201 0101 0035 0035 # 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0 +[in] 4500 001c 0008 2000 3f11 56c6 0101 0101 0201 0101 0035 0035 0004 0000 # 1.1.1.1,53 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 (short) +[in] 4500 0018 0008 2000 3f11 56ca 0101 0101 0201 0101 0035 0036 # 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 UDP MF FO=0 +[in] 4500 001c 0008 2000 3f11 56c6 0101 0101 0201 0101 0015 0036 0004 0000 # 1.1.1.1,21 -> 2.1.1.1,54 TTL=63 TCP MF FO=0 +[in] 4500 001c 0008 2000 3f06 56d1 0101 0101 0201 0101 0015 0036 0000 0000 0000 0000 50 02 2000 0000 0000 +# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=3 +[in] +4500 001c 0008 0003 3f11 76c3 0101 0101 0201 0101 +0000 0000 0000 0000 + # 1.1.1.1 -> 2.1.1.1 TTL=63 UDP FO=1 +[in] 4500 001c 0008 0001 3f11 76c5 0101 0101 0201 0101 0000 0000 0000 0000 +# 2.1.1.1,53 -> 1.1.1.1,53 TTL=63 UDP +[out] +4500 001c 0008 0000 3f11 76c6 0201 0101 0101 0101 +0035 0035 0004 0000 + +# 2.1.1.1,25 -> 1.1.1.1,1014 TTL=63 TCP DF SYN-ACK +[out] +4500 0028 0003 4000 3f06 36ca 0201 0101 0101 0101 +0019 0400 0000 0001 7000 0001 5012 2000 16b4 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK (OOW) +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 0040 0000 0000 0000 5010 2000 8678 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 7000 0004 0000 0002 5010 2000 16b2 0000 + +# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF ACK +[in] +4500 0028 0003 4000 3f06 36ca 0101 0101 0201 0101 +0400 0019 7000 0001 0000 0002 5010 2000 16b5 0000 + diff --git a/contrib/ipfilter/test/input/f17 b/contrib/ipfilter/test/input/f17 index 18af566af32..a0d44d7db58 100644 --- a/contrib/ipfilter/test/input/f17 +++ b/contrib/ipfilter/test/input/f17 @@ -1,28 +1,39 @@ +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN [out,ppp0] 4500 003c 8262 0000 4006 f254 0101 0101 0202 0202 d33c 0019 bfd0 8989 0000 0000 a002 4000 cfcd 0000 0204 05b4 0103 0300 0101 080a 008e 17f7 0000 0000 +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 ACK [in,ppp0] 4500 003c 8262 0000 1106 2155 0202 0202 0101 0101 0019 d33c 4020 3436 bfdf cbc9 5010 4000 694a 0000 0204 0584 0103 0300 0101 080a 008e 17f7 0000 0000 +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 SYN [out,ppp0] 4500 003c 8265 0000 4006 f251 0101 0101 0202 0202 d33c 0019 bfd0 8989 0000 0000 a002 4000 cfc2 0000 0204 05b4 0103 0300 0101 080a 008e 1802 0000 0000 +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 SYN-ACK [in,ppp0] 4500 002c 7442 4000 2906 d784 0202 0202 0101 0101 0019 d33c ed67 4d4e bfd0 898a 6012 2118 19c2 0000 0204 0584 +# TCP 1.1.1.1,54076 -> 2.2.2.2,27 ACK [out,ppp0] -4500 002c 8262 0000 4006 f264 0101 0101 +4500 0028 8262 0000 4006 f268 0101 0101 0202 0202 d33c 0019 bfd0 898a ed67 4d4e -5010 4000 0ce0 0000 0000 +5010 4000 1268 0000 + +# TCP 2.2.2.2,27 -> 1.1.1.1,54076 ACK+data +[in,ppp0] +4500 002a 7442 4000 2906 d786 0202 0202 +0101 0101 0019 d33c ed67 4d4e bfd0 8990 +5012 2118 2f43 0000 0203 diff --git a/contrib/ipfilter/test/input/f18 b/contrib/ipfilter/test/input/f18 new file mode 100644 index 00000000000..9ecbb7f59a2 --- /dev/null +++ b/contrib/ipfilter/test/input/f18 @@ -0,0 +1,4 @@ +in on le1 1.1.1.1 3.3.3.3 +in on le1 1.1.1.1 5.5.5.5 +out on le1 2.2.2.2 4.4.4.4 +out on le1 2.2.2.2 6.6.6.6 diff --git a/contrib/ipfilter/test/input/f19 b/contrib/ipfilter/test/input/f19 new file mode 100644 index 00000000000..6cab988e400 --- /dev/null +++ b/contrib/ipfilter/test/input/f19 @@ -0,0 +1,4 @@ +in tcp 127.0.0.1,1 127.0.0.1,21 S +in tcp 127.0.0.1,2 127.0.0.1,21 S +in tcp 127.0.0.1,3 127.0.0.1,21 S +in tcp 127.0.0.1,4 127.0.0.1,21 S diff --git a/contrib/ipfilter/test/input/f7 b/contrib/ipfilter/test/input/f7 index 2721af2fb71..dbc9e33e80a 100644 --- a/contrib/ipfilter/test/input/f7 +++ b/contrib/ipfilter/test/input/f7 @@ -7,3 +7,9 @@ in icmp 1.1.1.1 2.1.1.1 unreach,3 in icmp 1.1.1.1 2.1.1.1 echorep in icmp 1.1.1.1 2.1.1.1 echorep,1 in icmp 1.1.1.1 2.1.1.1 echorep,3 +in icmp 2.2.2.2 3.3.3.3 maskreq +out icmp 3.3.3.3 2.2.2.2 maskrep +in icmp 4.4.4.4 5.5.5.5 timest +out icmp 5.5.5.5 4.4.4.4 timestrep +in icmp 6.6.6.6 7.7.7.7 inforeq +out icmp 7.7.7.7 6.6.6.6 inforep diff --git a/contrib/ipfilter/test/input/f9 b/contrib/ipfilter/test/input/f9 index 33f3be392a7..e64e299fc0e 100644 --- a/contrib/ipfilter/test/input/f9 +++ b/contrib/ipfilter/test/input/f9 @@ -1,6 +1,9 @@ in 1.1.1.1 2.1.1.1 opt lsrr +in 1.1.1.1 2.1.1.1 opt lsrr=1.1.1.1 in 1.1.1.1 2.1.1.1 opt lsrr,ssrr in 1.1.1.1 2.1.1.1 opt ts +in 1.1.1.1 2.1.1.1 opt satid +in 1.1.1.1 2.1.1.1 opt satid=234 in 1.1.1.1 2.1.1.1 opt sec-class=topsecret in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret in 1.1.1.1 2.1.1.1 opt sec diff --git a/contrib/ipfilter/test/input/n13 b/contrib/ipfilter/test/input/n13 new file mode 100644 index 00000000000..ac7bbbda24a --- /dev/null +++ b/contrib/ipfilter/test/input/n13 @@ -0,0 +1,4 @@ +out on le0 192.168.1.1 150.1.1.1 +out on le0 192.168.1.1 150.1.1.2 +out on le0 192.168.1.2 150.1.1.2 +out on le0 192.168.1.3 150.1.1.1 diff --git a/contrib/ipfilter/test/input/n14 b/contrib/ipfilter/test/input/n14 new file mode 100644 index 00000000000..969eb1c2146 --- /dev/null +++ b/contrib/ipfilter/test/input/n14 @@ -0,0 +1,4 @@ +in on gre0 tcp 10.2.2.5,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.6,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.7,2000 203.1.1.1,80 +in on gre0 tcp 10.2.2.5,2001 203.1.1.1,80 diff --git a/contrib/ipfilter/test/input/ni17 b/contrib/ipfilter/test/input/ni17 new file mode 100644 index 00000000000..f9dec945524 --- /dev/null +++ b/contrib/ipfilter/test/input/ni17 @@ -0,0 +1,6 @@ +in on le0 tcp 10.2.2.5,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.6,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.7,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.7,2001 203.1.1.1,80 +in on le0 tcp 10.2.2.8,2000 203.1.1.1,80 +in on le0 tcp 10.2.2.9,2000 203.1.1.1,80 diff --git a/contrib/ipfilter/test/itest b/contrib/ipfilter/test/itest index 333afde75f2..8fefc634bfb 100644 --- a/contrib/ipfilter/test/itest +++ b/contrib/ipfilter/test/itest @@ -13,7 +13,14 @@ else fi echo "$1..."; /bin/cp /dev/null results/$1 -../ipf -Rnvf regress/$1 2>/dev/null > results/$1 +case $3 in +ipf) + ../ipf -Rnvf regress/$1 2>/dev/null > results/$1 + ;; +ipftest) + ../ipftest -D -r regress/$1 -i /dev/null > results/$1 + ;; +esac cmp expected/$1 results/$1 status=$? if [ $status = 0 ] ; then diff --git a/contrib/ipfilter/test/natipftest b/contrib/ipfilter/test/natipftest index f5cfdb8b243..abdc7603b00 100755 --- a/contrib/ipfilter/test/natipftest +++ b/contrib/ipfilter/test/natipftest @@ -27,7 +27,7 @@ single) echo "$1..."; /bin/cp /dev/null results/$1 ( while read rule; do - echo "$rule" | ../ipftest -R $format -bx -r regress/$1.ipf -N - -i input/$1 >> \ + echo "$rule" | ../ipftest -R $format -b -r regress/$1.ipf -N - -i input/$1 >> \ results/$1; if [ $? -ne 0 ] ; then exit 1; @@ -43,7 +43,7 @@ single) multi) echo "$1..."; /bin/cp /dev/null results/$1 - ../ipftest -R $format -bx -r regress/$1.ipf -N regress/$1.nat \ + ../ipftest -R $format -b -r regress/$1.ipf -N regress/$1.nat \ -i input/$1 >> results/$1; if [ $? -ne 0 ] ; then exit 2; diff --git a/contrib/ipfilter/test/regress/bpf1 b/contrib/ipfilter/test/regress/bpf1 index 2c8028311a7..5d83b77ed3c 100644 --- a/contrib/ipfilter/test/regress/bpf1 +++ b/contrib/ipfilter/test/regress/bpf1 @@ -1,4 +1,4 @@ pass in bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf-v4 { "0x20 0 0 0xc 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "src host 1.1.1.1" } pass in bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } -pass out bpf-v4 { "0x20 0 0 0x10 0x15 0 0x1 0x1010101 0x6 0 0 0x60 0x6 0 0 0" } +pass out bpf-v4 { "dst host 1.1.1.1" } diff --git a/contrib/ipfilter/test/regress/f13 b/contrib/ipfilter/test/regress/f13 index f123e4781c8..8106419f3e0 100644 --- a/contrib/ipfilter/test/regress/f13 +++ b/contrib/ipfilter/test/regress/f13 @@ -4,3 +4,5 @@ pass in proto udp from any to any port = 53 keep frags block in proto udp from any to any port = 53 keep frags pass in proto tcp from any to any port = 25 flags S/SA keep state keep frags block in proto tcp from any to any port = 25 flags S/SA keep state keep frags +pass in proto udp from any to any port = 53 keep frags(strict) +pass in proto tcp from any to any port = 25 keep state(strict) diff --git a/contrib/ipfilter/test/regress/f18 b/contrib/ipfilter/test/regress/f18 new file mode 100644 index 00000000000..acba2b33a81 --- /dev/null +++ b/contrib/ipfilter/test/regress/f18 @@ -0,0 +1,4 @@ +pass in from 1.1.1.1 to any +pass out from 2.2.2.2 to any +count in from 1.1.1.1 to 3.3.3.3 +count out from 2.2.2.2 to 4.4.4.4 diff --git a/contrib/ipfilter/test/regress/f19 b/contrib/ipfilter/test/regress/f19 new file mode 100644 index 00000000000..d7770b8a43e --- /dev/null +++ b/contrib/ipfilter/test/regress/f19 @@ -0,0 +1,2 @@ +pass in quick proto tcp all flags S keep state +pass in quick proto tcp all flags S keep state(limit 1) diff --git a/contrib/ipfilter/test/regress/f7 b/contrib/ipfilter/test/regress/f7 index 6848a688a37..be1b969c8ec 100644 --- a/contrib/ipfilter/test/regress/f7 +++ b/contrib/ipfilter/test/regress/f7 @@ -4,3 +4,6 @@ block in proto icmp from any to any icmp-type unreach code 3 pass in proto icmp from any to any icmp-type unreach code 3 block in proto icmp from any to any icmp-type echorep pass in proto icmp from any to any icmp-type echorep +pass in proto icmp all icmp-type maskreq keep state +pass in proto icmp all icmp-type timest keep state +pass in proto icmp all icmp-type inforeq keep state diff --git a/contrib/ipfilter/test/regress/i1 b/contrib/ipfilter/test/regress/i1 index df60d2beb5b..c86c3208ede 100644 --- a/contrib/ipfilter/test/regress/i1 +++ b/contrib/ipfilter/test/regress/i1 @@ -7,10 +7,12 @@ count in from any to any pass in from !any to any block in from any to !any pass in on ed0 from localhost to localhost +pass in on ed0,vx0 from localhost to localhost block in log first on lo0 from any to any pass in log body quick from any to any block return-rst in quick on le0 proto tcp from any to any block return-icmp in on qe0 from any to any block return-icmp(1) in on qe0 from any to any +block return-icmp-as-dest in on le0 from any to any block return-icmp-as-dest(port-unr) in on qe0 from any to any pass out on longNICname0 from test.host.dots to test\.host.dots diff --git a/contrib/ipfilter/test/regress/i11 b/contrib/ipfilter/test/regress/i11 index 2999a8588b7..89b35898594 100644 --- a/contrib/ipfilter/test/regress/i11 +++ b/contrib/ipfilter/test/regress/i11 @@ -1,8 +1,10 @@ pass in on ed0 proto tcp from localhost to localhost port = telnet keep state -block in log first on lo0 proto tcp/udp from any to any keep state +block in log first on lo0 proto tcp/udp from any to any port = echo keep state pass in proto udp from localhost to localhost port = 20499 keep frag +pass in proto udp from localhost to localhost port = 2049 keep frag(strict) pass in proto udp from localhost to localhost port = 53 keep state keep frags pass in on ed0 out-via vx0 proto udp from any to any keep state pass out on ppp0 in-via le0 proto tcp from any to any keep state +pass in on ed0,vx0 out-via vx0,ed0 proto udp from any to any keep state pass in proto tcp from any port gt 1024 to localhost port eq 1024 keep state pass in proto tcp all flags S keep state(strict,newisn,no-icmp-err,limit 101) diff --git a/contrib/ipfilter/test/regress/i12 b/contrib/ipfilter/test/regress/i12 index b8b2f3ea418..5342702353e 100644 --- a/contrib/ipfilter/test/regress/i12 +++ b/contrib/ipfilter/test/regress/i12 @@ -2,8 +2,9 @@ pass in from 1.1.1.1/32 to 2.2.2.2/32 pass in from (2.2.2.2/24,3.3.3.3/32) to 4.4.4.4/32 pass in from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) pass in from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (22,25) -pass in proto tcp from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (53,9) +pass in proto tcp from (2.2.2.2/24,3.3.3.3/32) port = (53,9) to (5.5.5.5/32,6.6.6.6/32) pass in proto udp from (2.2.2.2/24,3.3.3.3/32) to (5.5.5.5/32,6.6.6.6/32) port = (53,9) pass in from 10.10.10.10 to 11.11.11.11 pass in from pool/101 to hash/202 pass in from hash/303 to pool/404 +pass in from pool=(!1.1.1.1,2.2.2.2,!2.2.0.0/16) to pool = ( 1.1.0.0/16 ) diff --git a/contrib/ipfilter/test/regress/i14 b/contrib/ipfilter/test/regress/i14 index 3c9d7b81d28..2cd26130640 100644 --- a/contrib/ipfilter/test/regress/i14 +++ b/contrib/ipfilter/test/regress/i14 @@ -6,3 +6,5 @@ block in on vm0 proto tcp/udp all head 101 pass in from 1.1.1.1 to 2.2.2.2 group 101 pass in proto tcp from 1.0.0.1 to 2.0.0.2 group 101 pass in proto udp from 2.0.0.2 to 3.0.0.3 group 101 +block in on vm0 proto tcp/udp all head vm0-group +pass in from 1.1.1.1 to 2.2.2.2 group vm0-group diff --git a/contrib/ipfilter/test/regress/i16 b/contrib/ipfilter/test/regress/i16 new file mode 100644 index 00000000000..5c9144a9925 --- /dev/null +++ b/contrib/ipfilter/test/regress/i16 @@ -0,0 +1,3 @@ +0 block out all +100 pass in all +10101 pass out proto tcp all diff --git a/contrib/ipfilter/test/regress/i17 b/contrib/ipfilter/test/regress/i17 new file mode 100644 index 00000000000..a995ae59f86 --- /dev/null +++ b/contrib/ipfilter/test/regress/i17 @@ -0,0 +1,11 @@ +100 pass in all +200 pass in proto tcp all +110 pass in proto udp all +110 pass in from localhost to any +pass in all +pass in from localhost to any +@0 100 pass in from localhost to any +@1 pass in from any to localhost +@0 pass in from 1.1.1.1 to any +@1 110 pass in from 2.2.2.2 to any +@2 pass in from 3.3.3.3 to any diff --git a/contrib/ipfilter/test/regress/i18 b/contrib/ipfilter/test/regress/i18 new file mode 100644 index 00000000000..c2845d1d6c2 --- /dev/null +++ b/contrib/ipfilter/test/regress/i18 @@ -0,0 +1,2 @@ +pass in tos (80,0x80,40) all +block in ttl (0,1,2,3,4,5,6) all diff --git a/contrib/ipfilter/test/regress/i19 b/contrib/ipfilter/test/regress/i19 new file mode 100644 index 00000000000..a09fd56c510 --- /dev/null +++ b/contrib/ipfilter/test/regress/i19 @@ -0,0 +1,22 @@ +block in quick log level user.debug proto icmp all +block in quick log level mail.info proto icmp all +block in quick log level daemon.notice proto icmp all +block in quick log level auth.warn proto icmp all +block in quick log level syslog.err proto icmp all +block in quick log level lpr.crit proto icmp all +block in quick log level news.alert proto icmp all +block in quick log level uucp.emerg proto icmp all +block in quick log level cron.debug proto icmp all +block in quick log level ftp.info proto icmp all +block in quick log level authpriv.notice proto icmp all +block in quick log level logalert.warn proto icmp all +block in quick log level local0.err proto icmp all +block in quick log level local1.crit proto icmp all +block in quick log level local2.alert proto icmp all +block in quick log level local3.emerg proto icmp all +block in quick log level local4.debug proto icmp all +block in quick log level local5.info proto icmp all +block in quick log level local6.notice proto icmp all +block in quick log level local7.warn proto icmp all +block in quick log level kern.err proto icmp all +block in quick log level security.emerg proto icmp all diff --git a/contrib/ipfilter/test/regress/i2 b/contrib/ipfilter/test/regress/i2 index a3b9cd8ac52..50f610750bc 100644 --- a/contrib/ipfilter/test/regress/i2 +++ b/contrib/ipfilter/test/regress/i2 @@ -5,3 +5,4 @@ block in proto ipv6 from any to any block in proto 17 from any to any block in proto 250 from any to any pass in proto tcp/udp from any to any +block in proto tcp-udp from any to any diff --git a/contrib/ipfilter/test/regress/i20 b/contrib/ipfilter/test/regress/i20 new file mode 100644 index 00000000000..99039eeaf04 --- /dev/null +++ b/contrib/ipfilter/test/regress/i20 @@ -0,0 +1,4 @@ +pass in on ppp0 from ppp0/peer to ppp0/32 +block in on hme0 from any to hme0/broadcast +pass in on bge0 from bge0/network to bge0/32 +block in on eri0 from any to eri0/netmasked diff --git a/contrib/ipfilter/test/regress/i21 b/contrib/ipfilter/test/regress/i21 new file mode 100644 index 00000000000..bf797f953b7 --- /dev/null +++ b/contrib/ipfilter/test/regress/i21 @@ -0,0 +1,6 @@ +pass in from port = 10101 +pass out from any to port != 22 +block in from port 20:21 +block out from any to port 10 <> 100 +pass out from any to port = (3,5,7,9) +block in from port = (20,25) diff --git a/contrib/ipfilter/test/regress/i4 b/contrib/ipfilter/test/regress/i4 index 7170dc266e0..8551f764491 100644 --- a/contrib/ipfilter/test/regress/i4 +++ b/contrib/ipfilter/test/regress/i4 @@ -5,4 +5,5 @@ pass in proto 17 from localhost port > 32000 to localhost port < 29000 block in proto udp from any port != \ntp to any port < echo block in proto tcp from any port = smtp to any port > 25 pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3 +pass in proto tcp/udp from any port 2:2 to any port 10:20 pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S keep state diff --git a/contrib/ipfilter/test/regress/i6 b/contrib/ipfilter/test/regress/i6 index 1a5308920a2..0b371bd3e76 100644 --- a/contrib/ipfilter/test/regress/i6 +++ b/contrib/ipfilter/test/regress/i6 @@ -7,4 +7,6 @@ pass in on le0 to hme0:10.1.1.1 dup-to qe0:127.0.0.1 from localhost to localhost block in quick on qe0 to qe1 from any to any block in quick to qe1 from any to any pass out quick dup-to hme0 from any to any +pass out quick on hme0 reply-to hme1 from any to any +pass in on le0 dup-to qe0:127.0.0.1 reply-to hme1:10.10.10.10 all pass in quick fastroute all diff --git a/contrib/ipfilter/test/regress/i7 b/contrib/ipfilter/test/regress/i7 index 4f3328d06a5..1a82940c6c8 100644 --- a/contrib/ipfilter/test/regress/i7 +++ b/contrib/ipfilter/test/regress/i7 @@ -2,3 +2,8 @@ pass in on ed0 proto tcp from localhost to localhost port = 23 flags S/SA block in on lo0 proto tcp from any to any flags A pass in on lo0 proto tcp from any to any flags /SAP block in on lo0 proto tcp from any to any flags 0x80/A +pass in on lo0 proto tcp from any to any flags S/18 +block in on lo0 proto tcp from any to any flags 2/18 +pass in on lo0 proto tcp from any to any flags 2 +block in on lo0 proto tcp from any to any flags /16 +pass in on lo0 proto tcp from any to any flags 2/SA diff --git a/contrib/ipfilter/test/regress/i8 b/contrib/ipfilter/test/regress/i8 index bde6ed52900..cc984b275cd 100644 --- a/contrib/ipfilter/test/regress/i8 +++ b/contrib/ipfilter/test/regress/i8 @@ -1,2 +1,31 @@ pass in proto icmp from localhost to localhost icmp-type timest block in proto icmp from any to any icmp-type unreach code 1 +pass in proto icmp all icmp-type unreach code cutoff-preced +pass in proto icmp all icmp-type unreach code filter-prohib +pass in proto icmp all icmp-type unreach code isolate +pass in proto icmp all icmp-type unreach code needfrag +pass in proto icmp all icmp-type unreach code net-prohib +pass in proto icmp all icmp-type unreach code net-tos +pass in proto icmp all icmp-type unreach code host-preced +pass in proto icmp all icmp-type unreach code host-prohib +pass in proto icmp all icmp-type unreach code host-tos +pass in proto icmp all icmp-type unreach code host-unk +pass in proto icmp all icmp-type unreach code host-unr +pass in proto icmp all icmp-type unreach code (net-unk,net-unr) +pass in proto icmp all icmp-type unreach code port-unr +pass in proto icmp all icmp-type unreach code proto-unr +pass in proto icmp all icmp-type unreach code srcfail +pass in proto icmp all icmp-type (echo,echorep) +pass in proto icmp all icmp-type inforeq +pass in proto icmp all icmp-type inforep +pass in proto icmp all icmp-type maskrep +pass in proto icmp all icmp-type maskreq +pass in proto icmp all icmp-type paramprob +pass in proto icmp all icmp-type redir +pass in proto icmp all icmp-type unreach +pass in proto icmp all icmp-type routerad +pass in proto icmp all icmp-type routersol +pass in proto icmp all icmp-type squench +pass in proto icmp all icmp-type timest +pass in proto icmp all icmp-type timestrep +pass in proto icmp all icmp-type timex diff --git a/contrib/ipfilter/test/regress/i9 b/contrib/ipfilter/test/regress/i9 index 2b8fb103324..a966bed72f8 100644 --- a/contrib/ipfilter/test/regress/i9 +++ b/contrib/ipfilter/test/regress/i9 @@ -2,6 +2,11 @@ pass in from localhost to localhost with short,frags block in from any to any with ipopts pass in from any to any with opt nop,rr,zsu pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr -pass in from localhost to localhost with not frag +pass in from localhost to localhost and not frag +pass in from localhost to localhost with frags,frag-body pass in proto tcp all flags S with not oow keep state pass in proto tcp all flags S with not bad,bad-src,bad-nat +block in quick all with not nat +block in quick all with not lowttl +pass in all with mbcast,not bcast,multicast,not state +pass in from any to any with opt mtur,mtup,encode,ts,tr,sec,cipso,satid,ssrr,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump,addext,e-sec diff --git a/contrib/ipfilter/test/regress/in1 b/contrib/ipfilter/test/regress/in1 index 145e3d03886..163d834fb1c 100644 --- a/contrib/ipfilter/test/regress/in1 +++ b/contrib/ipfilter/test/regress/in1 @@ -3,14 +3,16 @@ map le0 1/32 -> 1/32 map le0 128.0.0.0/1 -> 0/0 map le0 10.0.0.0/8 -> 1.2.3.0/24 map le0 10.0.0.5/8 -> 1.2.3.4/24 +map le0 10.0.0.5/0xff000000 -> 1.2.3.4/24 +map le0 10.0.0.5/0xff -> 1.2.3.4/24 map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 map ppp0 192.168.0.0/16 -> 0/32 portmap udp 20000:29999 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp 30000:39999 map ppp0 192.168.0.0/16 -> 0/32 portmap tcp auto map ppp0 192.168.0.0/16 -> 0/32 portmap udp auto -map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp auto -map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp +map ppp0 192.168.0.0/16 -> 0/32 portmap tcpudp auto +map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/6 map ppp0 192.168.0.0/16 -> 0/32 proxy port 1010 ftp/tcp map le0 0/0 -> 0/32 frag map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag @@ -25,3 +27,4 @@ map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 frag age 30 map fxp0 from 192.168.0.0/18 to 0/0 port = 21 -> 1.2.3.4/32 proxy port 21 ftp/tcp map thisisalonginte 0/0 -> 0/32 mssclamp 1452 tag freddyliveshere map bar0 0/0 -> 0/32 icmpidmap icmp 1000:2000 +map ppp0,adsl0 0/0 -> 0/32 diff --git a/contrib/ipfilter/test/regress/in2 b/contrib/ipfilter/test/regress/in2 index 222a28cfeca..4a86de736ce 100644 --- a/contrib/ipfilter/test/regress/in2 +++ b/contrib/ipfilter/test/regress/in2 @@ -2,7 +2,10 @@ rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 tcp rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp rdr le0 9.8.7.6/32 -> 1.1.1.1 ip +rdr le0 9.8.7.6/0xff000000 -> 1.1.1.1 ip +rdr le0 9.8.7.6/0xffff0000 -> 1.1.1.1 ip rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 9.8.7.6/32 port 80 -> 0/0 port 80 tcp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp/udp rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 icmp @@ -11,7 +14,7 @@ rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin rdr le0 9.8.7.6/32 port 0 -> 1.1.1.1 port 0 ip frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 icmp frag -rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcpudp frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag rdr le0 9.8.7.6/32 -> 1.1.1.1 ip frag age 10 @@ -65,3 +68,4 @@ rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port 5555 tcp rdr le0 9.8.7.6/32 port 1000-2000 -> 1.1.1.1 port = 5555 tcp rdr le0 0/0 -> test.host.dots rdr le0 0/0 -> test.host.dots,test.host.dots +rdr adsl0,ppp0 0/0 port 25 -> 127.0.0.1 port 25 diff --git a/contrib/ipfilter/test/regress/in5 b/contrib/ipfilter/test/regress/in5 index d0a115c8b32..c539b03f3e5 100644 --- a/contrib/ipfilter/test/regress/in5 +++ b/contrib/ipfilter/test/regress/in5 @@ -1,9 +1,10 @@ +map le0 from 9.8.7.6/32 port > 1024 to any -> 1.1.1.1 portmap 10000:20000 tcp rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 tcp -rdr le0 from any to 9.8.7.6/32 port = 0 -> 1.1.1.1 port 0 ip -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 ip -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp -rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 udp +rdr le0 from any to 9.8.7.6/0xffffffff port = 0 -> 1.1.1.1 port 0 ip +rdr le0 from any to 9.8.7.6 port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 from any to 9.8.7.6/255.255.255.255 port = 8888 -> 1.1.1.1 port 888 ip +rdr le0 from any to 9.8.7.6 mask 0xffffffff port = 8888 -> 1.1.1.1 port 888 tcp +rdr le0 from any to 9.8.7.6 mask 255.255.255.255 port = 8888 -> 1.1.1.1 port 888 udp rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1 port 888 tcp/udp rdr le0 from any to 9.8.7.6/32 -> 1.1.1.1 port 888 icmp rdr le0 from any to 9.8.7.6/32 port = 8888 -> 1.1.1.1,1.1.1.2 port 888 tcp diff --git a/contrib/ipfilter/test/regress/in6 b/contrib/ipfilter/test/regress/in6 index 694879945f0..932df9b2367 100644 --- a/contrib/ipfilter/test/regress/in6 +++ b/contrib/ipfilter/test/regress/in6 @@ -1,3 +1,7 @@ map foo0 from any port = 1 to any port != 0 -> 0/32 udp +map foo0 from any port eq 1 to any port ne 0 -> 0/32 udp map foo0 from any port < 1 to any port > 0 -> 0/32 tcp +map foo0 from any port lt 1 to any port gt 0 -> 0/32 tcp map foo0 from any port <= 1 to any port >= 0 -> 0/32 tcp/udp +map foo0 from any port le 1 to any port ge 0 -> 0/32 tcp/udp +map foo0 from any port 1 >< 20 to any port 20 <> 40 -> 0/32 tcp/udp diff --git a/contrib/ipfilter/test/regress/n13 b/contrib/ipfilter/test/regress/n13 new file mode 100644 index 00000000000..80479300405 --- /dev/null +++ b/contrib/ipfilter/test/regress/n13 @@ -0,0 +1 @@ +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 diff --git a/contrib/ipfilter/test/regress/n14 b/contrib/ipfilter/test/regress/n14 new file mode 100644 index 00000000000..6f5d571d606 --- /dev/null +++ b/contrib/ipfilter/test/regress/n14 @@ -0,0 +1 @@ +rdr gre0 0/0 port 80 -> 10.1.1.254,10.1.1.253 port 80 tcp sticky diff --git a/contrib/ipfilter/test/regress/ni17.nat b/contrib/ipfilter/test/regress/ni17.nat new file mode 100644 index 00000000000..3da63383a7b --- /dev/null +++ b/contrib/ipfilter/test/regress/ni17.nat @@ -0,0 +1,4 @@ +rdr le0 0/0 port 80 -> 10.1.1.252 port 3128 tcp round-robin +rdr le0 0/0 port 80 -> 10.1.2.252 port 3128 tcp round-robin +rdr le0 0/0 port 80 -> 10.1.3.252 port 3128 tcp round-robin sticky +rdr le0 0/0 port 80 -> 10.1.1.253,10.1.2.253 port 3128 tcp round-robin sticky diff --git a/contrib/ipfilter/test/regress/p2.ipf b/contrib/ipfilter/test/regress/p2.ipf index 5b58647eab5..4cfb388e82d 100644 --- a/contrib/ipfilter/test/regress/p2.ipf +++ b/contrib/ipfilter/test/regress/p2.ipf @@ -1 +1,2 @@ pass out from hash=(127.0.0.1,4.4.0.0/16) to any +block in from hash=(127.0.0.1,4.4.0.0/16) to any diff --git a/contrib/ipfilter/test/test.format b/contrib/ipfilter/test/test.format index 090c8a983d0..f284542201e 100644 --- a/contrib/ipfilter/test/test.format +++ b/contrib/ipfilter/test/test.format @@ -1,6 +1,6 @@ #test input-format output-format bpf-f1 text text -bpf1 text text +bpf1 text ipf f1 text text f2 text text f3 text text @@ -18,21 +18,29 @@ f14 text text f15 text text f16 text text f17 hex hex -i1 text text -i2 text text -i3 text text -i4 text text -i5 text text -i6 text text -i7 text text -i8 text text -i9 text text -i10 text text -i11 text text -i12 text text -i13 text text -i14 text text -i15 text text +f18 text text +f19 text text fr_statemax=3 +i1 text ipf +i2 text ipf +i3 text ipf +i4 text ipf +i5 text ipf +i6 text ipf +i7 text ipf +i8 text ipf +i9 text ipf +i10 text ipf +i11 text ipf +i12 text ipf +i13 text ipf +i14 text ipf +i15 text ipf +i16 text ipf +i17 text ipftest +i18 text ipf +i19 text ipf +i20 text ipf +i21 text ipf in1 text text in2 text text in3 text text @@ -56,6 +64,8 @@ n9 hex hex fr_update_ipid=0 n10 hex hex fr_update_ipid=0 n11 text text n12 hex hex fr_update_ipid=0 +n13 text text +n14 text text ni1 hex hex fr_update_ipid=1 ni2 hex hex fr_update_ipid=1 ni3 hex hex fr_update_ipid=1 diff --git a/contrib/ipfilter/test/vfycksum.pl b/contrib/ipfilter/test/vfycksum.pl index 9cb47f651d6..d23c88430f5 100755 --- a/contrib/ipfilter/test/vfycksum.pl +++ b/contrib/ipfilter/test/vfycksum.pl @@ -3,6 +3,14 @@ # validate the IPv4 header checksum. # $bytes[] is an array of 16bit values, with $cnt elements in the array. # +sub dump { + print "\n"; + for ($i = 0; $i < $#bytes; $i++) { + printf "%04x ", $bytes[$i]; + } + print "\n"; +} + sub dosum { local($seed) = $_[0]; local($start) = $_[1]; @@ -99,7 +107,8 @@ sub tcpcheck { } if ($z) { - print " TCP: missing data($x $y $z)"; + print " TCP: missing data($x $y $z) $hl"; +# &dump(); return; } diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c index ea39780115b..245412445ad 100644 --- a/contrib/ipfilter/tools/ipf.c +++ b/contrib/ipfilter/tools/ipf.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -21,7 +19,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.3 2004/12/15 18:27:17 darrenr Exp $"; #endif #if !defined(__SVR4) && defined(__GNUC__) diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y index 0660d50dcf4..a65a2e2b793 100644 --- a/contrib/ipfilter/tools/ipf_y.y +++ b/contrib/ipfilter/tools/ipf_y.y @@ -1,11 +1,10 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include #include #ifdef IPFILTER_BPF -# include +# include "pcap-bpf.h" +# define _NET_BPF_H_ # include #endif #include "netinet/ip_pool.h" @@ -58,7 +57,7 @@ static struct wordtab icmpcodewords[17]; static struct wordtab icmptypewords[16]; static struct wordtab ipv4optwords[25]; static struct wordtab ipv4secwords[9]; -static struct wordtab ipv6optwords[8]; +static struct wordtab ipv6optwords[9]; static struct wordtab logwords[33]; %} @@ -135,6 +134,7 @@ static struct wordtab logwords[33]; %token IPF6_V6HDRS IPFY_IPV6OPT IPFY_IPV6OPT_DSTOPTS IPFY_IPV6OPT_HOPOPTS %token IPFY_IPV6OPT_IPV6 IPFY_IPV6OPT_NONE IPFY_IPV6OPT_ROUTING +%token IPFY_IPV6OPT_MOBILITY IPFY_IPV6OPT_ESP IPFY_IPV6OPT_FRAG %token IPFY_ICMPT_UNR IPFY_ICMPT_ECHO IPFY_ICMPT_ECHOR IPFY_ICMPT_SQUENCH %token IPFY_ICMPT_REDIR IPFY_ICMPT_TIMEX IPFY_ICMPT_PARAMP IPFY_ICMPT_TIMEST @@ -1025,7 +1025,7 @@ codelist: icmpcode { DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) } | codelist lmore icmpcode - { DOREM(fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } + { DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) } ; age: | IPFY_AGE YY_NUMBER { DOALL(fr->fr_age[0] = $2; \ @@ -1085,6 +1085,7 @@ stateopt: | IPFY_NOICMPERR { DOALL(fr->fr_flags |= FR_NOICMPERR;) } | IPFY_SYNC { DOALL(fr->fr_flags |= FR_STATESYNC;) } + age; ; portnum: @@ -1101,15 +1102,14 @@ portnum: ; withlist: - withopt - | withlist withopt - | withlist ',' withopt + withopt { nowith = 0; } + | withlist withopt { nowith = 0; } + | withlist ',' withopt { nowith = 0; } ; withopt: opttype { DOALL(fr->fr_flx |= $1; fr->fr_mflx |= $1;) } - | notwith opttype - { DOALL(fr->fr_mflx |= $2;) } + | notwith opttype { DOALL(fr->fr_mflx |= $2;) } | ipopt ipopts { yyresetdict(); } | notwith ipopt ipopts { yyresetdict(); } | startv6hdrs ipv6hdrs { yyresetdict(); } @@ -1267,12 +1267,13 @@ setsecclass: ipv6hdr: IPFY_AH { $$ = getv6optbyvalue(IPPROTO_AH); } | IPFY_IPV6OPT_DSTOPTS { $$ = getv6optbyvalue(IPPROTO_DSTOPTS); } - | IPFY_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } + | IPFY_IPV6OPT_ESP { $$ = getv6optbyvalue(IPPROTO_ESP); } | IPFY_IPV6OPT_HOPOPTS { $$ = getv6optbyvalue(IPPROTO_HOPOPTS); } | IPFY_IPV6OPT_IPV6 { $$ = getv6optbyvalue(IPPROTO_IPV6); } | IPFY_IPV6OPT_NONE { $$ = getv6optbyvalue(IPPROTO_NONE); } | IPFY_IPV6OPT_ROUTING { $$ = getv6optbyvalue(IPPROTO_ROUTING); } - | IPFY_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_FRAG { $$ = getv6optbyvalue(IPPROTO_FRAGMENT); } + | IPFY_IPV6OPT_MOBILITY { $$ = getv6optbyvalue(IPPROTO_MOBILITY); } ; level: IPFY_LEVEL { setsyslog(); } @@ -1434,6 +1435,7 @@ static struct wordtab ipfwords[95] = { { "mask", IPFY_MASK }, { "match-tag", IPFY_MATCHTAG }, { "mbcast", IPFY_MBCAST }, + { "mcast", IPFY_MULTICAST }, { "multicast", IPFY_MULTICAST }, { "nat", IPFY_NAT }, { "ne", YY_CMP_NE }, @@ -1573,12 +1575,13 @@ static struct wordtab ipv4secwords[9] = { { NULL, 0 }, }; -static struct wordtab ipv6optwords[8] = { +static struct wordtab ipv6optwords[9] = { { "dstopts", IPFY_IPV6OPT_DSTOPTS }, - { "esp", IPFY_ESP }, - { "frag", IPFY_FRAG }, + { "esp", IPFY_IPV6OPT_ESP }, + { "frag", IPFY_IPV6OPT_FRAG }, { "hopopts", IPFY_IPV6OPT_HOPOPTS }, { "ipv6", IPFY_IPV6OPT_IPV6 }, + { "mobility", IPFY_IPV6OPT_MOBILITY }, { "none", IPFY_IPV6OPT_NONE }, { "routing", IPFY_IPV6OPT_ROUTING }, { NULL, 0 }, @@ -1825,8 +1828,7 @@ char *phrase; fr->fr_v = v; fr->fr_type = FR_T_BPFOPC; - if (!strncmp(phrase, "\"0x", 2)) { - phrase++; + if (!strncmp(phrase, "0x", 2)) { fb = malloc(sizeof(fakebpf_t)); for (i = 0, s = strtok(phrase, " \r\n\t"); s != NULL; diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c index 262e909dd62..f09bfd314fd 100644 --- a/contrib/ipfilter/tools/ipfcomp.c +++ b/contrib/ipfilter/tools/ipfcomp.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.2 2004/04/28 10:34:44 darrenr Exp $"; #endif #include "ipf.h" diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c index 49e7e520a97..767dffb74df 100644 --- a/contrib/ipfilter/tools/ipfs.c +++ b/contrib/ipfilter/tools/ipfs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1999-2001, 2003 by Darren Reed. * @@ -41,7 +39,7 @@ #include #include #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #if !defined(lint) static const char rcsid[] = "@(#)Id: ipfs.c,v 1.12 2003/12/01 01:56:53 darrenr Exp"; diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index fbd6c354128..fb0c43383de 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -70,7 +68,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipfstat.c,v 1.44.2.11 2005/03/30 14:09:57 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.13 2005/10/17 17:26:32 darrenr Exp $"; #endif #ifdef __hpux @@ -1008,10 +1006,11 @@ int topclosed; { char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE]; int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT; - int i, j, winy, tsentry, maxx, maxy, redraw = 0; + int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0; int len, srclen, dstlen, forward = 1, c = 0; ips_stat_t ipsst, *ipsstp = &ipsst; statetop_t *tstable = NULL, *tp; + const char *errstr = ""; ipstate_t ips; ipfobj_t ipfo; struct timeval selecttimeout; @@ -1051,8 +1050,9 @@ int topclosed; /* get state table */ bzero((char *)&ipsst, sizeof(ipsst)); if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) { - perror("ioctl(SIOCGETFS)"); - exit(-1); + errstr = "ioctl(SIOCGETFS)"; + ret = -1; + goto out; } /* clear the history */ @@ -1416,12 +1416,15 @@ int topclosed; } } /* while */ +out: printw("\n"); curs_set(1); - nocbreak(); + /* nocbreak(); XXX - endwin() should make this redundant */ endwin(); free(tstable); + if (ret != 0) + perror(errstr); } #endif @@ -1612,7 +1615,9 @@ static char *getip(v, addr) int v; i6addr_t *addr; { +#ifdef USE_INET6 static char hostbuf[MAXHOSTNAMELEN+1]; +#endif if (v == 4) return inet_ntoa(addr->in4); diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c index fbc91e5aae6..913f756cfa4 100644 --- a/contrib/ipfilter/tools/ipftest.c +++ b/contrib/ipfilter/tools/ipftest.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -12,7 +10,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipftest.c,v 1.44.2.3 2005/02/01 02:41:24 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.7 2005/12/07 08:29:19 darrenr Exp $"; #endif extern char *optarg; @@ -22,13 +20,15 @@ extern struct ifnet *get_unit __P((char *, int)); extern void init_ifp __P((void)); extern ipnat_t *natparse __P((char *, int)); extern int fr_running; +extern hostmap_t **maptable; ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; -ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw; +ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; int opts = OPT_DONOTHING; int use_inet6 = 0; +int docksum = 0; int pfil_delayed_copy = 0; int main __P((int, char *[])); int loadrules __P((char *, int)); @@ -77,6 +77,7 @@ char *argv[]; { char *datain, *iface, *ifname, *logout; int fd, i, dir, c, loaded, dump, hlen; + struct in_addr sip; struct ifnet *ifp; struct ipread *r; mb_t mb, *m; @@ -90,21 +91,23 @@ char *argv[]; r = &iptext; iface = NULL; logout = NULL; - ifname = "anon0"; datain = NULL; + sip.s_addr = 0; + ifname = "anon0"; MUTEX_INIT(&ipf_rw, "ipf rw mutex"); MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock"); RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex"); RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); + RWLOCK_INIT(&ipf_frcache, "ipf filter cache"); initparse(); if (fr_initialise() == -1) abort(); fr_running = 1; - while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) + while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1) switch (c) { case '6' : @@ -121,6 +124,9 @@ char *argv[]; case 'd' : opts |= OPT_DEBUG; break; + case 'C' : + docksum = 1; + break; case 'D' : dump = 1; break; @@ -147,21 +153,6 @@ char *argv[]; case 'l' : logout = optarg; break; - case 'o' : - opts |= OPT_SAVEOUT; - break; - case 'r' : - if (ipf_parsefile(-1, ipf_addrule, iocfunctions, - optarg) == -1) - return -1; - loaded = 1; - break; - case 'R' : - opts |= OPT_NORESOLVE; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; case 'N' : if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, optarg) == -1) @@ -169,14 +160,32 @@ char *argv[]; loaded = 1; opts |= OPT_NAT; break; + case 'o' : + opts |= OPT_SAVEOUT; + break; case 'P' : if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) return -1; loaded = 1; break; + case 'r' : + if (ipf_parsefile(-1, ipf_addrule, iocfunctions, + optarg) == -1) + return -1; + loaded = 1; + break; + case 'S' : + sip.s_addr = inet_addr(optarg); + break; + case 'R' : + opts |= OPT_NORESOLVE; + break; case 'T' : ipf_dotuning(-1, optarg, ipftestioctl); break; + case 'v' : + opts |= OPT_VERBOSE; + break; case 'x' : opts |= OPT_HEX; break; @@ -207,9 +216,11 @@ char *argv[]; if (!use_inet6) { ip->ip_off = ntohs(ip->ip_off); ip->ip_len = ntohs(ip->ip_len); - if (r->r_flags & R_DO_CKSUM) + if ((r->r_flags & R_DO_CKSUM) || docksum) fixv4sums(m, ip); hlen = IP_HL(ip) << 2; + if (sip.s_addr) + dir = !(sip.s_addr == ip->ip_src.s_addr); } #ifdef USE_INET6 else @@ -283,6 +294,9 @@ char *argv[]; } m = &mb; } + + if (i != 0) + fprintf(stderr, "readip failed: %d\n", i); (*r->r_close)(); if (logout != NULL) { @@ -617,6 +631,8 @@ void dumpnat() { ipnat_t *ipn; nat_t *nat; + hostmap_t *hm; + int i; printf("List of active MAP/Redirect filters:\n"); for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) @@ -627,6 +643,12 @@ void dumpnat() if (nat->nat_aps) printaps(nat->nat_aps, opts); } + + printf("\nHostmap table:\n"); + for (i = 0; i < ipf_hostmap_sz; i++) { + for (hm = maptable[i]; hm != NULL; hm = hm->hm_next) + printhostmap(hm, i); + } } @@ -764,6 +786,10 @@ ip_t *ip; hdr = csump; csump += offsetof(udphdr_t, uh_sum); break; + case IPPROTO_ICMP : + hdr = csump; + csump += offsetof(icmphdr_t, icmp_cksum); + break; default : csump = NULL; hdr = NULL; diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c index a91eee455d4..1ef3351e98b 100644 --- a/contrib/ipfilter/tools/ipmon.c +++ b/contrib/ipfilter/tools/ipmon.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001, 2003 by Darren Reed. * @@ -78,7 +76,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.8 2004/12/09 19:41:26 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $"; #endif @@ -420,6 +418,14 @@ static void init_tabs() p->p_name != NULL && protocols[p->p_proto] == NULL) protocols[p->p_proto] = strdup(p->p_name); endprotoent(); +#if defined(_AIX51) + if (protocols[0]) + free(protocols[0]); + if (protocols[252]) + free(protocols[252]); + protocols[0] = "ip"; + protocols[252] = NULL; +#endif } if (udp_ports != NULL) { @@ -1024,7 +1030,8 @@ int blen; (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit); t += strlen(t); #endif -#ifdef __sgi +#if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \ + defined(__arm__) if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0')) #else if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0')) diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y index 8b300288c8d..4eba00c2b01 100644 --- a/contrib/ipfilter/tools/ipmon_y.y +++ b/contrib/ipfilter/tools/ipmon_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include "ipf.h" #include diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c index fc17cea76f2..d17d6686d05 100644 --- a/contrib/ipfilter/tools/ipnat.c +++ b/contrib/ipfilter/tools/ipnat.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -51,7 +49,7 @@ # include #endif #include "ipf.h" -#include "ipl.h" +#include "netinet/ipl.h" #include "kmem.h" #ifdef __hpux @@ -67,7 +65,7 @@ extern char *sys_errlist[]; #if !defined(lint) static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipnat.c,v 1.24.2.1 2004/04/28 17:56:22 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $"; #endif diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y index d3f18c66c4f..ddd431115eb 100644 --- a/contrib/ipfilter/tools/ipnat_y.y +++ b/contrib/ipfilter/tools/ipnat_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #ifdef __FreeBSD__ # ifndef __FreeBSD_cc_version @@ -160,8 +158,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -188,8 +184,6 @@ map: mapit ifnames addr IPNY_TLATE rhaddr proxy mapoptions strncpy(nat->in_ifnames[1], nat->in_ifnames[0], sizeof(nat->in_ifnames[0])); - if ((nat->in_flags & IPN_TCPUDPICMPQ) == 0) - setnatproto(nat->in_p); if (((nat->in_redir & NAT_MAPBLK) != 0) || ((nat->in_flags & IPN_AUTOPORTMAP) != 0)) nat_setgroupmap(nat); @@ -306,6 +300,11 @@ rhaddr: addr { $$.a = $1.a; $$.m = $1.m; } dip: hostname { nat->in_inip = $1.s_addr; nat->in_inmsk = 0xffffffff; } + | hostname '/' YY_NUMBER { if ($3 != 0 || $1.s_addr != 0) + yyerror("Only 0/0 supported"); + nat->in_inip = 0; + nat->in_inmsk = 0; + } | hostname ',' hostname { nat->in_flags |= IPN_SPLIT; nat->in_inip = $1.s_addr; nat->in_inmsk = $3.s_addr; } @@ -454,11 +453,11 @@ addr: IPNY_ANY { $$.a.s_addr = 0; $$.m.s_addr = 0; } $$.a.s_addr &= $$.m.s_addr; } | hostname '/' ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname '/' hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } | hostname IPNY_MASK ipv4 { $$.a = $1; $$.m = $3; $$.a.s_addr &= $$.m.s_addr; } - | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = $3; + | hostname IPNY_MASK hexnumber { $$.a = $1; $$.m.s_addr = htonl($3); $$.a.s_addr &= $$.m.s_addr; } ; @@ -471,7 +470,7 @@ nummask: portstuff: compare portspec { $$.pc = $1; $$.p1 = $2; } - | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p1 = $3; } + | portspec range portspec { $$.pc = $2; $$.p1 = $1; $$.p2 = $3; } ; mapoptions: diff --git a/contrib/ipfilter/tools/ippool.c b/contrib/ipfilter/tools/ippool.c index 7122c9443fd..31b5bfdc131 100644 --- a/contrib/ipfilter/tools/ippool.c +++ b/contrib/ipfilter/tools/ippool.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/ippool_y.y b/contrib/ipfilter/tools/ippool_y.y index 357745d0f0c..a5082688cfd 100644 --- a/contrib/ipfilter/tools/ippool_y.y +++ b/contrib/ipfilter/tools/ippool_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include #include diff --git a/contrib/ipfilter/tools/ipscan_y.y b/contrib/ipfilter/tools/ipscan_y.y index 64cbb6d0125..c3446ff6c3a 100644 --- a/contrib/ipfilter/tools/ipscan_y.y +++ b/contrib/ipfilter/tools/ipscan_y.y @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - %{ #include #include diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c index 20cc25e9d68..8a8797475df 100644 --- a/contrib/ipfilter/tools/ipsyncm.c +++ b/contrib/ipfilter/tools/ipsyncm.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.2 2005/01/08 14:31:46 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c index a189a9bcad2..29c63af0c7e 100644 --- a/contrib/ipfilter/tools/ipsyncs.c +++ b/contrib/ipfilter/tools/ipsyncs.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 1993-2001 by Darren Reed. * @@ -7,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp"; +static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.1 2004/10/31 18:46:44 darrenr Exp $"; #endif #include #include diff --git a/contrib/ipfilter/tools/lex_var.h b/contrib/ipfilter/tools/lex_var.h index 33fba256b97..0a0bd4bfff0 100644 --- a/contrib/ipfilter/tools/lex_var.h +++ b/contrib/ipfilter/tools/lex_var.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - extern long string_start; extern long string_end; diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c index f6fccfbbc62..66de8fcc411 100644 --- a/contrib/ipfilter/tools/lexer.c +++ b/contrib/ipfilter/tools/lexer.c @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - /* * Copyright (C) 2003 by Darren Reed. * diff --git a/contrib/ipfilter/tools/lexer.h b/contrib/ipfilter/tools/lexer.h index 4950aa8168d..a296cb0bc39 100644 --- a/contrib/ipfilter/tools/lexer.h +++ b/contrib/ipfilter/tools/lexer.h @@ -1,5 +1,3 @@ -/* $NetBSD$ */ - typedef struct wordtab { char *w_word;