aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Reed <darrenr@FreeBSD.org>2007-06-04 02:50:28 +0000
committerDarren Reed <darrenr@FreeBSD.org>2007-06-04 02:50:28 +0000
commit4a9a9e0514bae1d22577753d9cd844d061805071 (patch)
treef9efeb29d9992430924bdce513e7199c9397ac36
parent4e39c44e098b5b1cd335a424201f3dec049c4f73 (diff)
downloadsrc-4a9a9e0514bae1d22577753d9cd844d061805071.tar.gz
src-4a9a9e0514bae1d22577753d9cd844d061805071.zip
Import IPFilter 4.1.23 to vendor branch.
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
Notes
Notes: svn path=/vendor/ipfilter/dist/; revision=170263
-rw-r--r--contrib/ipfilter/BSD/Makefile14
-rwxr-xr-xcontrib/ipfilter/BSD/ipfadm-rcd350
-rw-r--r--contrib/ipfilter/BugReport18
-rw-r--r--contrib/ipfilter/HISTORY163
-rw-r--r--contrib/ipfilter/Makefile13
-rw-r--r--contrib/ipfilter/bpf_filter.c5
-rw-r--r--contrib/ipfilter/ip_fil.c240
-rw-r--r--contrib/ipfilter/ipf.h35
-rw-r--r--contrib/ipfilter/iplang/iplang_y.y13
-rw-r--r--contrib/ipfilter/ipsend/44arp.c4
-rw-r--r--contrib/ipfilter/ipsend/arp.c9
-rw-r--r--contrib/ipfilter/ipsend/ip.c5
-rw-r--r--contrib/ipfilter/ipsend/iptests.c5
-rw-r--r--contrib/ipfilter/ipsend/resend.c5
-rw-r--r--contrib/ipfilter/ipsend/sdlpi.c3
-rw-r--r--contrib/ipfilter/ipsend/sock.c10
-rw-r--r--contrib/ipfilter/lib/Makefile68
-rw-r--r--contrib/ipfilter/lib/addicmp.c4
-rw-r--r--contrib/ipfilter/lib/addipopt.c4
-rw-r--r--contrib/ipfilter/lib/alist_free.c20
-rw-r--r--contrib/ipfilter/lib/alist_new.c64
-rw-r--r--contrib/ipfilter/lib/bcopywrap.c8
-rw-r--r--contrib/ipfilter/lib/binprint.c4
-rw-r--r--contrib/ipfilter/lib/buildopts.c4
-rw-r--r--contrib/ipfilter/lib/checkrev.c4
-rw-r--r--contrib/ipfilter/lib/count4bits.c4
-rw-r--r--contrib/ipfilter/lib/count6bits.c4
-rw-r--r--contrib/ipfilter/lib/debug.c4
-rw-r--r--contrib/ipfilter/lib/facpri.c6
-rw-r--r--contrib/ipfilter/lib/facpri.h4
-rw-r--r--contrib/ipfilter/lib/fill6bits.c4
-rw-r--r--contrib/ipfilter/lib/flags.c4
-rw-r--r--contrib/ipfilter/lib/gethost.c8
-rw-r--r--contrib/ipfilter/lib/getifname.c16
-rw-r--r--contrib/ipfilter/lib/getnattype.c29
-rw-r--r--contrib/ipfilter/lib/getport.c8
-rw-r--r--contrib/ipfilter/lib/getportproto.c8
-rw-r--r--contrib/ipfilter/lib/getproto.c8
-rw-r--r--contrib/ipfilter/lib/getsumd.c8
-rw-r--r--contrib/ipfilter/lib/hostname.c9
-rw-r--r--contrib/ipfilter/lib/icmpcode.c4
-rw-r--r--contrib/ipfilter/lib/initparse.c4
-rw-r--r--contrib/ipfilter/lib/ionames.c4
-rw-r--r--contrib/ipfilter/lib/ipf_dotuning.c8
-rw-r--r--contrib/ipfilter/lib/ipft_ef.c23
-rw-r--r--contrib/ipfilter/lib/ipft_hx.c4
-rw-r--r--contrib/ipfilter/lib/ipft_pc.c6
-rw-r--r--contrib/ipfilter/lib/ipft_sn.c6
-rw-r--r--contrib/ipfilter/lib/ipft_td.c10
-rw-r--r--contrib/ipfilter/lib/ipft_tx.c17
-rw-r--r--contrib/ipfilter/lib/ipoptsec.c4
-rw-r--r--contrib/ipfilter/lib/kmem.c4
-rw-r--r--contrib/ipfilter/lib/kmem.h4
-rw-r--r--contrib/ipfilter/lib/kmemcpywrap.c8
-rw-r--r--contrib/ipfilter/lib/kvatoname.c8
-rw-r--r--contrib/ipfilter/lib/load_file.c88
-rw-r--r--contrib/ipfilter/lib/load_hash.c8
-rw-r--r--contrib/ipfilter/lib/load_hashnode.c4
-rw-r--r--contrib/ipfilter/lib/load_http.c182
-rw-r--r--contrib/ipfilter/lib/load_pool.c4
-rw-r--r--contrib/ipfilter/lib/load_poolnode.c6
-rw-r--r--contrib/ipfilter/lib/load_url.c31
-rw-r--r--contrib/ipfilter/lib/mutex_emul.c8
-rw-r--r--contrib/ipfilter/lib/nametokva.c8
-rw-r--r--contrib/ipfilter/lib/nat_setgroupmap.c4
-rw-r--r--contrib/ipfilter/lib/ntomask.c8
-rw-r--r--contrib/ipfilter/lib/optname.c4
-rw-r--r--contrib/ipfilter/lib/optprint.c4
-rw-r--r--contrib/ipfilter/lib/optprintv6.c4
-rw-r--r--contrib/ipfilter/lib/optvalue.c4
-rw-r--r--contrib/ipfilter/lib/portname.c4
-rw-r--r--contrib/ipfilter/lib/print_toif.c4
-rw-r--r--contrib/ipfilter/lib/printactivenat.c16
-rw-r--r--contrib/ipfilter/lib/printaps.c4
-rw-r--r--contrib/ipfilter/lib/printbuf.c4
-rw-r--r--contrib/ipfilter/lib/printfr.c9
-rw-r--r--contrib/ipfilter/lib/printfraginfo.c13
-rw-r--r--contrib/ipfilter/lib/printhash.c102
-rw-r--r--contrib/ipfilter/lib/printhash_live.c77
-rw-r--r--contrib/ipfilter/lib/printhashdata.c112
-rw-r--r--contrib/ipfilter/lib/printhashnode.c3
-rw-r--r--contrib/ipfilter/lib/printhostmap.c12
-rw-r--r--contrib/ipfilter/lib/printhostmask.c4
-rw-r--r--contrib/ipfilter/lib/printifname.c4
-rw-r--r--contrib/ipfilter/lib/printip.c4
-rw-r--r--contrib/ipfilter/lib/printlog.c4
-rw-r--r--contrib/ipfilter/lib/printmask.c4
-rw-r--r--contrib/ipfilter/lib/printnat.c14
-rw-r--r--contrib/ipfilter/lib/printpacket.c5
-rw-r--r--contrib/ipfilter/lib/printpacket6.c8
-rw-r--r--contrib/ipfilter/lib/printpool.c56
-rw-r--r--contrib/ipfilter/lib/printpool_live.c78
-rw-r--r--contrib/ipfilter/lib/printpooldata.c78
-rw-r--r--contrib/ipfilter/lib/printpoolnode.c8
-rw-r--r--contrib/ipfilter/lib/printportcmp.c4
-rw-r--r--contrib/ipfilter/lib/printproto.c4
-rw-r--r--contrib/ipfilter/lib/printsbuf.c8
-rw-r--r--contrib/ipfilter/lib/printstate.c156
-rw-r--r--contrib/ipfilter/lib/printtqtable.c25
-rw-r--r--contrib/ipfilter/lib/printtunable.c8
-rw-r--r--contrib/ipfilter/lib/remove_hash.c4
-rw-r--r--contrib/ipfilter/lib/remove_hashnode.c4
-rw-r--r--contrib/ipfilter/lib/remove_pool.c4
-rw-r--r--contrib/ipfilter/lib/remove_poolnode.c4
-rw-r--r--contrib/ipfilter/lib/resetlexer.c8
-rw-r--r--contrib/ipfilter/lib/rwlock_emul.c8
-rw-r--r--contrib/ipfilter/lib/tcp_flags.c4
-rw-r--r--contrib/ipfilter/lib/tcpflags.c4
-rw-r--r--contrib/ipfilter/lib/tcpoptnames.c4
-rw-r--r--contrib/ipfilter/lib/v6ionames.c4
-rw-r--r--contrib/ipfilter/lib/v6optvalue.c4
-rw-r--r--contrib/ipfilter/lib/var.c8
-rw-r--r--contrib/ipfilter/lib/verbose.c4
-rw-r--r--contrib/ipfilter/man/ipf.812
-rw-r--r--contrib/ipfilter/man/ipfstat.86
-rw-r--r--contrib/ipfilter/man/ipmon.81
-rw-r--r--contrib/ipfilter/radix_ipf.h2
-rw-r--r--contrib/ipfilter/test/Makefile22
-rw-r--r--contrib/ipfilter/test/expected/f1224
-rw-r--r--contrib/ipfilter/test/expected/f1364
-rw-r--r--contrib/ipfilter/test/expected/i1118
-rw-r--r--contrib/ipfilter/test/expected/i124
-rw-r--r--contrib/ipfilter/test/expected/i42
-rw-r--r--contrib/ipfilter/test/expected/i92
-rw-r--r--contrib/ipfilter/test/expected/ip22
-rw-r--r--contrib/ipfilter/test/expected/ipv6.11
-rw-r--r--contrib/ipfilter/test/expected/ipv6.56
-rw-r--r--contrib/ipfilter/test/expected/n103
-rw-r--r--contrib/ipfilter/test/expected/n123
-rw-r--r--contrib/ipfilter/test/expected/n48
-rw-r--r--contrib/ipfilter/test/expected/n66
-rw-r--r--contrib/ipfilter/test/expected/n84
-rw-r--r--contrib/ipfilter/test/expected/n94
-rw-r--r--contrib/ipfilter/test/expected/ni115
-rw-r--r--contrib/ipfilter/test/expected/ni104
-rw-r--r--contrib/ipfilter/test/expected/ni114
-rw-r--r--contrib/ipfilter/test/expected/ni124
-rw-r--r--contrib/ipfilter/test/expected/ni1335
-rw-r--r--contrib/ipfilter/test/expected/ni1447
-rw-r--r--contrib/ipfilter/test/expected/ni1531
-rw-r--r--contrib/ipfilter/test/expected/ni1635
-rw-r--r--contrib/ipfilter/test/expected/ni1924
-rw-r--r--contrib/ipfilter/test/expected/ni211
-rw-r--r--contrib/ipfilter/test/expected/ni2024
-rw-r--r--contrib/ipfilter/test/expected/ni2329
-rw-r--r--contrib/ipfilter/test/expected/ni33
-rw-r--r--contrib/ipfilter/test/expected/ni43
-rw-r--r--contrib/ipfilter/test/expected/ni590
-rw-r--r--contrib/ipfilter/test/expected/ni68
-rw-r--r--contrib/ipfilter/test/expected/ni72
-rw-r--r--contrib/ipfilter/test/expected/ni84
-rw-r--r--contrib/ipfilter/test/expected/ni94
-rw-r--r--contrib/ipfilter/test/expected/p24
-rw-r--r--contrib/ipfilter/test/expected/p521
-rw-r--r--contrib/ipfilter/test/input/f133
-rw-r--r--contrib/ipfilter/test/input/ip2.data3
-rw-r--r--contrib/ipfilter/test/input/ipv6.112
-rw-r--r--contrib/ipfilter/test/input/ipv6.514
-rw-r--r--contrib/ipfilter/test/input/ni136
-rw-r--r--contrib/ipfilter/test/input/ni134
-rw-r--r--contrib/ipfilter/test/input/ni1416
-rw-r--r--contrib/ipfilter/test/input/ni164
-rw-r--r--contrib/ipfilter/test/input/ni26
-rw-r--r--contrib/ipfilter/test/input/ni233
-rw-r--r--contrib/ipfilter/test/input/ni32
-rw-r--r--contrib/ipfilter/test/input/ni42
-rw-r--r--contrib/ipfilter/test/input/ni5179
-rw-r--r--contrib/ipfilter/test/input/p58
-rwxr-xr-xcontrib/ipfilter/test/natipftest54
-rw-r--r--contrib/ipfilter/test/regress/ip22
-rw-r--r--contrib/ipfilter/test/regress/ipv6.52
-rw-r--r--contrib/ipfilter/test/regress/ni1.nat4
-rw-r--r--contrib/ipfilter/test/regress/ni23.ipf3
-rw-r--r--contrib/ipfilter/test/regress/ni23.nat2
-rw-r--r--contrib/ipfilter/test/regress/p5.ipf1
-rw-r--r--contrib/ipfilter/test/regress/p5.pool2
-rw-r--r--contrib/ipfilter/test/test.format5
-rwxr-xr-xcontrib/ipfilter/test/vfycksum.pl32
-rw-r--r--contrib/ipfilter/tools/Makefile6
-rw-r--r--contrib/ipfilter/tools/ipf.c24
-rw-r--r--contrib/ipfilter/tools/ipf_y.y44
-rw-r--r--contrib/ipfilter/tools/ipfcomp.c27
-rw-r--r--contrib/ipfilter/tools/ipfs.c20
-rw-r--r--contrib/ipfilter/tools/ipfstat.c510
-rw-r--r--contrib/ipfilter/tools/ipftest.c28
-rw-r--r--contrib/ipfilter/tools/ipmon.c43
-rw-r--r--contrib/ipfilter/tools/ipmon_y.y6
-rw-r--r--contrib/ipfilter/tools/ipnat.c237
-rw-r--r--contrib/ipfilter/tools/ipnat_y.y12
-rw-r--r--contrib/ipfilter/tools/ippool.c514
-rw-r--r--contrib/ipfilter/tools/ippool_y.y113
-rw-r--r--contrib/ipfilter/tools/ipscan_y.y6
-rw-r--r--contrib/ipfilter/tools/ipsyncm.c4
-rw-r--r--contrib/ipfilter/tools/ipsyncs.c4
-rw-r--r--contrib/ipfilter/tools/lex_var.h5
-rw-r--r--contrib/ipfilter/tools/lexer.c16
-rw-r--r--contrib/ipfilter/tools/lexer.h5
197 files changed, 3896 insertions, 1296 deletions
diff --git a/contrib/ipfilter/BSD/Makefile b/contrib/ipfilter/BSD/Makefile
index 1bce4f4d331f..6f4ea5d3d6bd 100644
--- a/contrib/ipfilter/BSD/Makefile
+++ b/contrib/ipfilter/BSD/Makefile
@@ -84,6 +84,11 @@ build all: machine $(OBJ)/libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \
-ln -s ../tools .
-ln -s ../tools ..
+bpf.h:
+ echo '#define DEV_BPF 1' > bpf.h
+
+$(TOP)/ip_compat.h: bpf.h
+
machine: Makefile.kmod
if [ -f Makefile.kmod ] ; then \
make -f Makefile.kmod depend MKUPDATE=no; \
@@ -137,7 +142,7 @@ ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \
fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
$(TOP)/opts.h $(TOP)/ip_rules.h
- $(CC) $(CCARGS) $(EXTRA) $(IPFBPF) -D_RADIX_H_ -c $(TOP)/fil.c -o $@
+ $(CC) $(CCARGS) $(EXTRA) $(IPFBPF) -c $(TOP)/fil.c -o $@
fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ipl.h \
$(TOP)/ip_rules.h
@@ -447,14 +452,14 @@ clean:
${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
${RM} -f ../ipscan ../ipsyncm ../ipsyncs
${RM} -f *.core *.o *.a ipt ipfstat ipf ipfstat ipftest ipmon
- ${RM} -f if_ipl ipnat ipfrule.ko* ipf.kld*
+ ${RM} -f if_ipl ipnat ipfrule.ko* ipf.kld* ipfrule.kld*
${RM} -f vnode_if.h $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h
${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
${RM} -f ippool ippool_y.c ippool_y.h ippool_l.c ippool_l.h
${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h
${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h
- ${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h
+ ${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h bpf.h
${RM} -f *.da *.gcov *.bb *.bbg tools
${MAKE} -f Makefile.ipsend ${MFLAGS} clean
@@ -514,6 +519,9 @@ install:
$(INSTALL) -cs -g wheel -m 755 -o root $$p $$def; \
fi \
done
+ if [ -d /etc/rc.d ] ; then \
+ $(INSTALL) -c -g wheel -m 755 -o root ../ipfadm-rcd $(SBINDEST)/ipfadm; \
+ fi
(cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP))
coverage:
diff --git a/contrib/ipfilter/BSD/ipfadm-rcd b/contrib/ipfilter/BSD/ipfadm-rcd
new file mode 100755
index 000000000000..41f62b0223df
--- /dev/null
+++ b/contrib/ipfilter/BSD/ipfadm-rcd
@@ -0,0 +1,350 @@
+#!/bin/sh
+#
+# Copyright (C) 2006 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+prog=$0
+
+RCD=/etc/rc.conf.d
+
+# This script is an interface to the following rc.d scripts:
+# /etc/rc.d/ipfilter
+# /etc/rc.d/ipfs
+# /etc/rc.d/ipnat
+# /etc/rc.d/ipmon
+
+running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'`
+
+usage() {
+ echo "$prog status"
+ echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>"
+ echo "$prog ipfs <enable|disable|status|start|stop>"
+ echo "$prog ipmon <enable|disable|restart|start|status|stop>"
+ echo "$prog ipnat <enable|disable|reload|start|status|stop>"
+ exit 1
+}
+
+enable() {
+ old=${RCD}/$1.old
+ new=${RCD}/$1
+ mkdir ${RCD}/$1.d
+ if [ $? -eq 0 ] ; then
+ if [ -f ${RCD}/$1 ] ; then
+ cp ${RCD}/$1 ${RCD}/$1.old
+ sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new}
+ /bin/rm ${old}
+ else
+ echo "$1=YES" > ${RCD}/$1
+ chmod go-wx ${RCD}/$1
+ fi
+ rmdir ${RCD}/$1.d
+ fi
+}
+
+disable() {
+ old=${RCD}/$1.old
+ new=${RCD}/$1
+ mkdir ${RCD}/$1.d
+ if [ $? -eq 0 ] ; then
+ if [ -f ${RCD}/$1 ] ; then
+ cp ${RCD}/$1 ${RCD}/$1.old
+ sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new}
+ /bin/rm ${old}
+ else
+ echo "$1=NO" > ${RCD}/$1
+ chmod go-wx ${RCD}/$1
+ fi
+ rmdir ${RCD}/$1.d
+ fi
+}
+
+status() {
+ active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"`
+ case $active in
+ NO)
+ return 0
+ ;;
+ YES)
+ return 1
+ ;;
+ esac
+ return 2
+}
+
+status_ipmon() {
+ echo -n "ipmon "
+ pid=`pgrep ipmon`
+ status ipmon
+ case $? in
+ 0)
+ if [ -n "$pid" ] ; then
+ echo "disabled-but-running"
+ else
+ echo "disabled"
+ fi
+ ;;
+ 1)
+ if [ -n "$pid" ] ; then
+ echo "enabled"
+ else
+ echo "enabled-not-running"
+ fi
+ ;;
+ 2)
+ if [ -n "$pid" ] ; then
+ echo "unknown-state-running"
+ else
+ echo "unknown-state"
+ fi
+ ;;
+ esac
+}
+
+status_ipfilter() {
+ if [ -z "$running" ] ; then
+ rules=
+ emsg="-not-in-kernel"
+ dmsg=
+ else
+ case $running in
+ yes)
+ emsg=
+ dmsg="-rules-loaded"
+ rules=`ipfstat -io 2>/dev/null`
+ if [ -z "$rules" ] ; then
+ rules=`ipfstat -aio 2>/dev/null`
+ if [ -z "$rules" ] ; then
+ emsg="-no-rules"
+ dmsg=
+ fi
+ fi
+ ;;
+ no)
+ rules=
+ emsg="-not-running"
+ dmsg=
+ ;;
+ esac
+ fi
+
+ echo -n "ipfilter "
+ status ipfilter
+ case $? in
+ 0)
+ echo "disabled${dmsg}"
+ ;;
+ 1)
+ echo "enabled${emsg}"
+ ;;
+ 2)
+ if [ -n "$rules" ] ; then
+ echo "unknown${dmsg}"
+ else
+ echo "unknown-state"
+ fi
+ ;;
+ esac
+}
+
+status_ipnat() {
+ if [ -z "$running" ] ; then
+ rules=
+ emsg="-not-in-kernel"
+ dmsg=
+ else
+ case $running in
+ yes)
+ emsg=
+ dmsg="-rules-loaded"
+ rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null`
+ if [ -z "$rules" ] ; then
+ emsg="-no-rules"
+ dmsg=
+ fi
+ ;;
+ no)
+ rules=
+ emsg="-not-running"
+ dmsg=
+ ;;
+ esac
+ fi
+
+ echo -n "ipnat "
+ status ipnat
+ case $? in
+ 0)
+ echo "disabled${dmsg}"
+ ;;
+ 1)
+ echo "enabled${dmsg}"
+ ;;
+ 2)
+ if [ -n "$rules" ] ; then
+ echo "unknown${dmsg}"
+ else
+ echo "unknown-state"
+ fi
+ ;;
+ esac
+}
+
+status_ipfs() {
+ status ipfs
+ report ipfs $?
+}
+
+report() {
+ echo -n "$1 "
+ case $2 in
+ 0)
+ echo "disabled"
+ ;;
+ 1)
+ echo "enabled"
+ ;;
+ 2)
+ echo "unknown-status"
+ ;;
+ *)
+ echo "$2"
+ ;;
+ esac
+}
+
+do_ipfilter() {
+ case $1 in
+ enable)
+ enable ipfilter
+ ;;
+ disable)
+ disable ipfilter
+ ;;
+ reload)
+ /etc/rc.d/ipfilter reload
+ ;;
+ resync)
+ /etc/rc.d/ipfilter resync
+ ;;
+ start)
+ /etc/rc.d/ipfilter start
+ ;;
+ status)
+ status_ipfilter
+ ;;
+ stop)
+ /etc/rc.d/ipfilter stop
+ ;;
+ *)
+ usage
+ ;;
+ esac
+}
+
+do_ipfs() {
+ case $1 in
+ enable)
+ enable ipfs
+ ;;
+ disable)
+ disble ipfs
+ ;;
+ start)
+ /etc/rc.d/ipfs start
+ ;;
+ status)
+ status_ipfs
+ ;;
+ stop)
+ /etc/rc.d/ipfs stop
+ ;;
+ *)
+ usage
+ ;;
+ esac
+}
+
+do_ipmon() {
+ case $1 in
+ enable)
+ enable ipmon
+ ;;
+ disable)
+ disble ipmon
+ ;;
+ restart)
+ /etc/rc.d/ipmon restart
+ ;;
+ start)
+ /etc/rc.d/ipmon start
+ ;;
+ status)
+ status_ipmon
+ ;;
+ stop)
+ /etc/rc.d/ipmon stop
+ ;;
+ *)
+ usage
+ ;;
+ esac
+}
+
+do_ipnat() {
+ case $1 in
+ enable)
+ enable ipnat
+ ;;
+ disable)
+ disable ipnat
+ ;;
+ reload)
+ /etc/rc.d/ipnat reload
+ ;;
+ restart)
+ /etc/rc.d/ipnat restart
+ ;;
+ start)
+ /etc/rc.d/ipnat start
+ ;;
+ status)
+ status_ipnat
+ ;;
+ stop)
+ /etc/rc.d/ipnat stop
+ ;;
+ *)
+ usage
+ ;;
+ esac
+}
+
+do_status_all() {
+ status_ipfilter
+ status_ipfs
+ status_ipmon
+ status_ipnat
+}
+
+case $1 in
+status)
+ do_status_all
+ ;;
+ipfilter)
+ do_ipfilter $2
+ ;;
+ipfs)
+ do_ipfs $2
+ ;;
+ipmon)
+ do_ipmon $2
+ ;;
+ipnat)
+ do_ipnat $2
+ ;;
+*)
+ usage
+ ;;
+esac
+exit 0
diff --git a/contrib/ipfilter/BugReport b/contrib/ipfilter/BugReport
index 0bd243ca1fd7..699483189012 100644
--- a/contrib/ipfilter/BugReport
+++ b/contrib/ipfilter/BugReport
@@ -1,10 +1,12 @@
-IP Filter bug report form.
---------------------------
-IP Filter Version:
-Operating System Version:
-Configuration: <LKM or compiled-into-kernel>
-
-Description of problem:
+Please submit this information at SourceForge using this URL:
+http://sourceforge.net/tracker/?func=add&group_id=169098&atid=849053
-How to repeat:
+Please also send an email to darrenr@reed.wattle.id.au.
+Some information that I generally find important:
+--------------------------
+* IP Filter Version
+* Operating System and its Version
+* Configuration: (LKM or compiled-into-kernel)
+* Description of problem
+* How to repeat
diff --git a/contrib/ipfilter/HISTORY b/contrib/ipfilter/HISTORY
index 996f883501f4..7a177168cb99 100644
--- a/contrib/ipfilter/HISTORY
+++ b/contrib/ipfilter/HISTORY
@@ -10,6 +10,168 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
+4.1.23 - Released 31 May 2007
+
+NAT was not always correctly fixing ICMP headers for errors
+
+some TCP state steps when closing do not update timeouts, leading to
+them being removed prematurely.
+
+fix compilation problems for netbsd 4.99
+
+protect enumeration of lists in the kernel from callout interrupts on
+BSD without locking
+
+fix various problems with IPv6 header checks: TCP/UDP checksum validation
+was not being done, fragmentation header parsed dangerously and routing
+header prevented others from being seen
+
+fix gcc 4.2 compiler warnings
+
+fix TCP/UDP checksum calculation for IPv6
+
+fix reference after free'ing ipftoken memory
+
+4.1.22 - Released 13 May 2007
+
+fix endless loop when flushing state/NAT by idle time
+
+4.1.21 - Released 12 May 2007
+
+show the number of states created against a rule with "-v" for ipfstat
+
+fix build problems with FreeBSD
+
+make it possible to flush the state table by idle time and TCP state
+
+fix flushing out idle connections when state/NAT tables fill
+
+print out the TCP state population with ipfstat/ipnat
+
+stop creation of state table orphans via return-*/fastroute
+
+fix printing out of rule groups - they now only appear once
+
+4.1.20 - Released 30 April 2007
+
+adjust TCP state numbers, making 11 closed (was 0) to better facilitate
+detecting closing connections that we can wipe out when a SYN arrives
+that matches the old
+
+make it compile on Solaris10 Update3
+
+structures used for ipf command ioctls weren't being freed in timeout
+fashion on solairs
+
+use NL_EXPIRE, not ISL_EXPIRE, for expiring NAT sessions
+
+adjust TCP timeout values and introduce a time-wait specifc timeout
+to get a better TCP FSM emulation and one that can hopefully do a better
+job of cleaning up in a speedy fashion than previous
+
+refactor the automatic flushing of TCP state entries when we fill up,
+but use the same algorithm as before but now it hopefully works
+
+only 2 out of 4 interface names were being changed by ipfs when
+interface renaming was being used for state entries
+
+add ipf_proxy_debug to ipf-T
+
+matching of last fragments that had a number of bytes that wasn't a
+multiple of 8 failed
+
+some combinations of TCP flags are considered bad aren't picked up as such,
+but these may be possible with T/TCP
+
+4.1.19 - Released 22 February 2007
+
+Fix up compilation problems with NetBSD and Solaris.
+
+4.1.18 - Released 18 February 2007
+
+fix compiling on Tru64
+
+fix listing out filter rules with ipfstat (delete token at end of
+the list and detect zero rule being returned.)
+
+fix extended flushing of NAT tables (was clearing out state tables)
+
+fix null-pointer deref in hash table lookup
+
+fix NAT and stateful filtering with to/reply-to on destination interface
+
+4.1.17 - Released 20 January 2007
+
+make flushing pools that are still in use mark them for deletion and
+have attempting to recreate them clear the delete flag
+
+walking through the NAT tables with ioctls caused lock recursion
+
+fix tracking TCP window scaling in the state code
+
+4.1.16 - Released 20 December 2006
+
+allow rdr rules to only differ on the new port number
+
+when creating state entry orphans, leave them on the linked list but not
+attached to the hash table and mark them visible as orphans in "ipfstat -sl"
+
+log state removed when unloading differently to allow visible cues
+
+return ipf ticks via SIOCGETGS for /dev/ipnat so "ipnat -l" can display ttl
+
+abort logging a packet if the mbuf pointer is null when ipflog is called
+
+Some NetBSD's have a selinfo.h instead of select.h
+
+SIOCIPFFL was using copyoutptr and should have been using bcopy for /dev/ipauth
+
+listing accounting rules using ioctl interface wasn't possible
+
+fix leakage of state entries due to packets not matching up with NAT
+
+improve ICMP error packet matching with state/NAT
+
+fix problems with parsing and printing "-" as an interface name in ipnat.conf
+
+4.1.15 - Released 03 November 2006
+
+Add in automatic flushing of NAT, like state, table if it fills up too much
+
+Update comments in the code for NAT checksum adjustments
+
+Fix compiling on FreeBSD 5.4 and 6.0
+
+prevent panics from read/write IOs trying to use uninitialised structures
+
+Newer NetBSD should use malloc() instead of MALLOC() in the kernel where
+the size is not staticly defined
+
+Some gcc warning message cleanup from NetBSD
+
+Missing include for <sys/filio.h> on Solaris for poll work
+
+NetBSD now uses opt_ipfilter.h, not opt_ipfilter_log.h
+
+4.1.14 - Released 04 October 2006
+
+rewrite checksum alteration for ICMP packets being NAT'd to use a sane
+algorithm that can be understood...now it needs better comments
+
+fix 1 byte error in checksum validation perl script
+
+remove unused files in lib directory
+
+ipftest will say "bad-packet" if it has been freed rather than just "blocked"
+
+make it possible to load IP address pools from external files in ippool.conf
+
+update copyright messages in tools directory
+
+consolidate ioctl hanlding source code into fil.c
+
+make ipfstat, ippool, ipnat retrieve information via ioctls rather than /dev/kmem
+
4.1.13 - Released 4 April 2006
fix bug where null pointers introduced by proxies could cause a crash
@@ -39,6 +201,7 @@ add missing ipfsync_canread() and ipfsync_canwrite()
behaviour of \ on the end of a line in ipf.conf does not match older behaviour
remove duplicate statistics line output with "ipfstat -s"
+
4.1.11 - Released 19 March 2006
Patch for NAT with ipfsync from N. Ersen (SESCI) - www.enderunix.org
diff --git a/contrib/ipfilter/Makefile b/contrib/ipfilter/Makefile
index b5451c627565..25db5ef560dc 100644
--- a/contrib/ipfilter/Makefile
+++ b/contrib/ipfilter/Makefile
@@ -5,7 +5,7 @@
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
-# $Id: Makefile,v 2.76.2.19 2006/03/17 10:38:38 darrenr Exp $
+# $Id: Makefile,v 2.76.2.21 2007/05/11 21:57:25 darrenr Exp $
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
@@ -187,7 +187,7 @@ freebsd22: include
fi
make freebsd20
-freebsd5 freebsd6: include
+freebsd5 freebsd6 freebsd7: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
@@ -229,6 +229,15 @@ freebsd3 freebsd30: include
netbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
+ @if [ ! -d /sys -o ! -d /sys/arch ] ; then \
+ echo "*****************************************************"; \
+ echo "* *"; \
+ echo "* Please extract source code to create /sys and *";\
+ echo "* /sys/arch and run 'config GENERIC' *"; \
+ echo "* *"; \
+ echo "*****************************************************"; \
+ exit 1; \
+ fi
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
(cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
diff --git a/contrib/ipfilter/bpf_filter.c b/contrib/ipfilter/bpf_filter.c
index 6949b33cbe75..a254f650488a 100644
--- a/contrib/ipfilter/bpf_filter.c
+++ b/contrib/ipfilter/bpf_filter.c
@@ -40,7 +40,7 @@
#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
static const char rcsid[] =
- "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.2 2005/12/30 12:57:28 darrenr Exp $ (LBL)";
+ "@(#) $Header: /devel/CVS/IP-Filter/bpf_filter.c,v 2.2.2.3 2006/10/03 11:25:56 darrenr Exp $ (LBL)";
#endif
#include <sys/param.h>
@@ -193,7 +193,8 @@ bpf_filter(pc, p, wirelen, buflen)
register int k;
int32 mem[BPF_MEMWORDS];
mb_t *m, *n;
- int merr, len;
+ int merr = 0; /* XXX: GCC */
+ int len;
if (buflen == 0) {
m = (mb_t *)p;
diff --git a/contrib/ipfilter/ip_fil.c b/contrib/ipfilter/ip_fil.c
index 6934bbe092d5..daeb201c6444 100644
--- a/contrib/ipfilter/ip_fil.c
+++ b/contrib/ipfilter/ip_fil.c
@@ -5,7 +5,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.11 2006/03/25 11:15:30 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.16 2007/05/28 11:56:22 darrenr Exp $";
#endif
#ifndef SOLARIS
@@ -62,7 +62,6 @@ struct file;
#include <stdlib.h>
#include <ctype.h>
#include <fcntl.h>
-#include <arpa/inet.h>
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
@@ -83,7 +82,9 @@ struct file;
#if defined(__FreeBSD__)
# include "radix_ipf.h"
#endif
-#include <net/route.h>
+#ifndef __osf__
+# include <net/route.h>
+#endif
#include <netinet/in.h>
#if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /* IRIX < 6 */ && \
!defined(__hpux) && !defined(linux)
@@ -107,6 +108,7 @@ struct file;
#include <netinet/ip_icmp.h>
#include <unistd.h>
#include <syslog.h>
+#include <arpa/inet.h>
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
@@ -144,7 +146,6 @@ extern struct protosw inetsw[];
static struct ifnet **ifneta = NULL;
static int nifs = 0;
-static int frzerostats __P((caddr_t));
static void fr_setifpaddr __P((struct ifnet *, char *));
void init_ifp __P((void));
#if defined(__sgi) && (IRIX < 60500)
@@ -167,37 +168,20 @@ static int write_output __P((struct ifnet *, struct mbuf *,
#endif
-int iplattach()
+int ipfattach()
{
fr_running = 1;
return 0;
}
-int ipldetach()
+int ipfdetach()
{
fr_running = -1;
return 0;
}
-static int frzerostats(data)
-caddr_t data;
-{
- friostat_t fio;
- int error;
-
- fr_getstat(&fio);
- error = copyoutptr(&fio, data, sizeof(fio));
- if (error)
- return EFAULT;
-
- bzero((char *)frstats, sizeof(*frstats) * 2);
-
- return 0;
-}
-
-
/*
* Filter ioctl interface.
*/
@@ -207,210 +191,20 @@ ioctlcmd_t cmd;
caddr_t data;
int mode;
{
- int error = 0, unit = 0, tmp;
- friostat_t fio;
+ int error = 0, unit = 0, uid;
+ SPL_INT(s);
+ uid = getuid();
unit = dev;
SPL_NET(s);
- if (unit == IPL_LOGNAT) {
- if (fr_running > 0)
- error = fr_nat_ioctl(data, cmd, mode);
- else
- error = EIO;
- SPL_X(s);
- return error;
- }
- if (unit == IPL_LOGSTATE) {
- if (fr_running > 0)
- error = fr_state_ioctl(data, cmd, mode);
- else
- error = EIO;
- SPL_X(s);
- return error;
- }
- if (unit == IPL_LOGAUTH) {
- if (fr_running > 0) {
- if ((cmd == (ioctlcmd_t)SIOCADAFR) ||
- (cmd == (ioctlcmd_t)SIOCRMAFR)) {
- if (!(mode & FWRITE)) {
- error = EPERM;
- } else {
- error = frrequest(unit, cmd, data,
- fr_active, 1);
- }
- } else {
- error = fr_auth_ioctl(data, mode, cmd);
- }
- } else
- error = EIO;
- SPL_X(s);
- return error;
- }
- if (unit == IPL_LOGSYNC) {
-#ifdef IPFILTER_SYNC
- if (fr_running > 0)
- error = fr_sync_ioctl(data, cmd, mode);
- else
-#endif
- error = EIO;
- SPL_X(s);
- return error;
- }
- if (unit == IPL_LOGSCAN) {
-#ifdef IPFILTER_SCAN
- if (fr_running > 0)
- error = fr_scan_ioctl(data, cmd, mode);
- else
-#endif
- error = EIO;
- SPL_X(s);
- return error;
- }
- if (unit == IPL_LOGLOOKUP) {
- if (fr_running > 0)
- error = ip_lookup_ioctl(data, cmd, mode);
- else
- error = EIO;
+ error = fr_ioctlswitch(unit, data, cmd, mode, uid, NULL);
+ if (error != -1) {
SPL_X(s);
return error;
}
- switch (cmd)
- {
- case FIONREAD :
-#ifdef IPFILTER_LOG
- error = COPYOUT(&iplused[IPL_LOGIPF], (caddr_t)data,
- sizeof(iplused[IPL_LOGIPF]));
-#endif
- break;
- case SIOCFRENB :
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- error = COPYIN(data, &tmp, sizeof(tmp));
- if (error)
- break;
- if (tmp)
- error = iplattach();
- else
- error = ipldetach();
- }
- break;
- case SIOCIPFSET :
- if (!(mode & FWRITE)) {
- error = EPERM;
- break;
- }
- case SIOCIPFGETNEXT :
- case SIOCIPFGET :
- error = fr_ipftune(cmd, (void *)data);
- break;
- case SIOCSETFF :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = COPYIN(data, &fr_flags, sizeof(fr_flags));
- break;
- case SIOCGETFF :
- error = COPYOUT(&fr_flags, data, sizeof(fr_flags));
- break;
- case SIOCFUNCL :
- error = fr_resolvefunc(data);
- break;
- case SIOCINAFR :
- case SIOCRMAFR :
- case SIOCADAFR :
- case SIOCZRLST :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = frrequest(unit, cmd, data, fr_active, 1);
- break;
- case SIOCINIFR :
- case SIOCRMIFR :
- case SIOCADIFR :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = frrequest(unit, cmd, data, 1 - fr_active, 1);
- break;
- case SIOCSWAPA :
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- bzero((char *)frcache, sizeof(frcache[0]) * 2);
- *(u_int *)data = fr_active;
- fr_active = 1 - fr_active;
- }
- break;
- case SIOCGETFS :
- fr_getstat(&fio);
- error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT);
- break;
- case SIOCFRZST :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = frzerostats(data);
- break;
- case SIOCIPFFL :
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- error = COPYIN(data, &tmp, sizeof(tmp));
- if (!error) {
- tmp = frflush(unit, 4, tmp);
- error = COPYOUT(&tmp, data, sizeof(tmp));
- }
- }
- break;
-#ifdef USE_INET6
- case SIOCIPFL6 :
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- error = COPYIN(data, &tmp, sizeof(tmp));
- if (!error) {
- tmp = frflush(unit, 6, tmp);
- error = COPYOUT(&tmp, data, sizeof(tmp));
- }
- }
- break;
-#endif
- case SIOCSTLCK :
- error = COPYIN(data, &tmp, sizeof(tmp));
- if (error == 0) {
- fr_state_lock = tmp;
- fr_nat_lock = tmp;
- fr_frag_lock = tmp;
- fr_auth_lock = tmp;
- } else
- error = EFAULT;
- break;
-#ifdef IPFILTER_LOG
- case SIOCIPFFB :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- *(int *)data = ipflog_clear(unit);
- break;
-#endif /* IPFILTER_LOG */
- case SIOCGFRST :
- error = fr_outobj(data, fr_fragstats(), IPFOBJ_FRAGSTAT);
- break;
- case SIOCFRSYN :
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- frsync(NULL);
- }
- break;
- default :
- error = EINVAL;
- break;
- }
SPL_X(s);
return error;
}
@@ -650,7 +444,7 @@ int v;
ifp->if_unit = -1;
}
#endif
- ifp->if_output = no_output;
+ ifp->if_output = (void *)no_output;
if (addr != NULL) {
fr_setifpaddr(ifp, addr);
@@ -686,7 +480,7 @@ void init_ifp()
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
- ifp->if_output = write_output;
+ ifp->if_output = (void *)write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
if (fd == -1)
@@ -996,3 +790,9 @@ struct in_addr *inp, *inpmask;
}
return 0;
}
+
+
+int ipfsync()
+{
+ return 0;
+}
diff --git a/contrib/ipfilter/ipf.h b/contrib/ipfilter/ipf.h
index aef610f9a942..1a2d0f003895 100644
--- a/contrib/ipfilter/ipf.h
+++ b/contrib/ipfilter/ipf.h
@@ -4,7 +4,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
- * $Id: ipf.h,v 2.71.2.8 2005/12/30 07:03:21 darrenr Exp $
+ * $Id: ipf.h,v 2.71.2.15 2007/05/11 10:44:14 darrenr Exp $
*/
#ifndef __IPF_H__
@@ -181,14 +181,14 @@ extern struct ipopt_names v6ionames[];
extern int addicmp __P((char ***, struct frentry *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
-extern int addkeep __P((char ***, struct frentry *, int));
+extern void alist_free __P((alist_t *));
+extern alist_t *alist_new __P((int, char *));
extern void binprint __P((void *, size_t));
extern void initparse __P((void));
extern u_32_t buildopts __P((char *, char *, int));
extern int checkrev __P((char *));
extern int count6bits __P((u_32_t *));
extern int count4bits __P((u_32_t));
-extern int extras __P((char ***, struct frentry *, int));
extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern void fill6bits __P((int, u_int *));
@@ -196,19 +196,12 @@ extern int gethost __P((char *, u_32_t *));
extern int getport __P((struct frentry *, char *, u_short *));
extern int getportproto __P((char *, int));
extern int getproto __P((char *));
-extern char *getline __P((char *, size_t, FILE *, int *));
-extern int genmask __P((char *, u_32_t *));
-extern char *getnattype __P((struct ipnat *));
+extern char *getnattype __P((struct nat *, int));
extern char *getsumd __P((u_32_t));
extern u_32_t getoptbyname __P((char *));
extern u_32_t getoptbyvalue __P((int));
extern u_32_t getv6optbyname __P((char *));
extern u_32_t getv6optbyvalue __P((int));
-extern void hexdump __P((FILE *, void *, int, int));
-extern int hostmask __P((char ***, char *, char *, u_32_t *, u_32_t *, int));
-extern int hostnum __P((u_32_t *, char *, int, char *));
-extern int icmpcode __P((char *));
-extern int icmpidnum __P((char *, u_short *, int));
extern void initparse __P((void));
extern void ipf_dotuning __P((int, char *, ioctlfunc_t));
extern void ipf_addrule __P((int, ioctlfunc_t, void *));
@@ -223,23 +216,21 @@ extern int ippool_parsefile __P((int, char *, ioctlfunc_t));
extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t));
extern int kmemcpywrap __P((void *, void *, size_t));
extern char *kvatoname __P((ipfunc_t, ioctlfunc_t));
+extern alist_t *load_file __P((char *));
extern int load_hash __P((struct iphtable_s *, struct iphtent_s *,
ioctlfunc_t));
extern int load_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
+extern alist_t *load_http __P((char *));
extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t));
extern int load_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
-extern int loglevel __P((char **, u_int *, int));
+extern alist_t *load_url __P((char *));
extern alist_t *make_range __P((int, struct in_addr, struct in_addr));
extern ipfunc_t nametokva __P((char *, ioctlfunc_t));
-extern ipnat_t *natparse __P((char *, int));
-extern void natparsefile __P((int, char *, int));
extern void nat_setgroupmap __P((struct ipnat *));
extern int ntomask __P((int, int, u_32_t *));
extern u_32_t optname __P((char ***, u_short *, int));
extern struct frentry *parse __P((char *, int));
extern char *portname __P((int, int));
-extern int portnum __P((char *, char *, u_short *, int));
-extern int ports __P((char ***, char *, u_short *, int *, u_short *, int));
extern int pri_findname __P((char *));
extern char *pri_toname __P((int));
extern void print_toif __P((char *, struct frdest *));
@@ -249,6 +240,8 @@ extern void printfr __P((struct frentry *, ioctlfunc_t));
extern void printtunable __P((ipftune_t *));
extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t,
char *, int));
+extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, int));
+extern void printhashdata __P((iphtable_t *, int));
extern struct iphtent_s *printhashnode __P((struct iphtable_s *,
struct iphtent_s *,
copyfunc_t, int));
@@ -261,6 +254,9 @@ extern void printpacket __P((struct ip *));
extern void printpacket6 __P((struct ip *));
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
char *, int));
+extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int,
+ char *, int));
+extern void printpooldata __P((ip_pool_t *, int));
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, int));
extern void printproto __P((struct protoent *, int, struct ipnat *));
extern void printportcmp __P((int, struct frpcmp *));
@@ -268,15 +264,12 @@ extern void optprint __P((u_short *, u_long, u_long));
#ifdef USE_INET6
extern void optprintv6 __P((u_short *, u_long, u_long));
#endif
-extern int ratoi __P((char *, int *, int, int));
-extern int ratoui __P((char *, u_int *, u_int, u_int));
extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t));
extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
extern int remove_pool __P((ip_pool_t *, ioctlfunc_t));
extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
extern u_char tcp_flags __P((char *, u_char *, int));
extern u_char tcpflags __P((char *));
-extern int to_interface __P((struct frdest *, char *, int));
extern void printc __P((struct frentry *));
extern void printC __P((int));
extern void emit __P((int, int, void *, struct frentry *));
@@ -288,9 +281,9 @@ extern char *hostname __P((int, void *));
extern struct ipstate *printstate __P((struct ipstate *, int, u_long));
extern void printsbuf __P((char *));
extern void printnat __P((struct ipnat *, int));
-extern void printactivenat __P((struct nat *, int));
+extern void printactivenat __P((struct nat *, int, int, u_long));
extern void printhostmap __P((struct hostmap *, u_int));
-extern void printpacket __P((struct ip *));
+extern void printtqtable __P((ipftq_t *));
extern void set_variable __P((char *, char *));
extern char *get_variable __P((char *, char **, int));
diff --git a/contrib/ipfilter/iplang/iplang_y.y b/contrib/ipfilter/iplang/iplang_y.y
index 2b69e8852287..735ac37a23ff 100644
--- a/contrib/ipfilter/iplang/iplang_y.y
+++ b/contrib/ipfilter/iplang/iplang_y.y
@@ -4,16 +4,16 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: iplang_y.y,v 2.9.2.4 2006/03/17 12:11:29 darrenr Exp $
+ * $Id: iplang_y.y,v 2.9.2.5 2007/02/17 12:41:48 darrenr Exp $
*/
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#if !defined(__SVR4) && !defined(__svr4__)
-#include <strings.h>
+# include <strings.h>
#else
-#include <sys/byteorder.h>
+# include <sys/byteorder.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
@@ -27,11 +27,14 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
-#include <netinet/ip_var.h>
+# include <netinet/ip_var.h>
+#endif
+#ifdef __osf__
+# include "radix_ipf_local.h"
#endif
#include <net/if.h>
#ifndef linux
-#include <netinet/if_ether.h>
+# include <netinet/if_ether.h>
#endif
#include <netdb.h>
#include <arpa/nameser.h>
diff --git a/contrib/ipfilter/ipsend/44arp.c b/contrib/ipfilter/ipsend/44arp.c
index ca571e01db02..4b08a8b5ce18 100644
--- a/contrib/ipfilter/ipsend/44arp.c
+++ b/contrib/ipfilter/ipsend/44arp.c
@@ -14,7 +14,9 @@
#if defined(__FreeBSD__)
# include "radix_ipf.h"
#endif
-#include <net/route.h>
+#ifndef __osf__
+# include <net/route.h>
+#endif
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <arpa/inet.h>
diff --git a/contrib/ipfilter/ipsend/arp.c b/contrib/ipfilter/ipsend/arp.c
index 609b8dd73fd7..d5497ef2599e 100644
--- a/contrib/ipfilter/ipsend/arp.c
+++ b/contrib/ipfilter/ipsend/arp.c
@@ -5,20 +5,23 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)arp.c 1.4 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.1 2005/06/12 07:18:38 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: arp.c,v 2.8.2.2 2007/02/17 12:41:50 darrenr Exp $";
#endif
#include <sys/types.h>
#include <sys/socket.h>
#if !defined(ultrix) && !defined(hpux) && !defined(__hpux) && !defined(__osf__) && !defined(_AIX51)
-#include <sys/sockio.h>
+# include <sys/sockio.h>
#endif
#include <sys/ioctl.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
+#ifdef __osf__
+# include "radix_ipf_local.h"
+#endif
#include <net/if.h>
#include <netinet/if_ether.h>
#ifndef ultrix
-#include <net/if_arp.h>
+# include <net/if_arp.h>
#endif
#include <netinet/in.h>
#include <netinet/ip.h>
diff --git a/contrib/ipfilter/ipsend/ip.c b/contrib/ipfilter/ipsend/ip.c
index a5023cd4bde0..e29f72253650 100644
--- a/contrib/ipfilter/ipsend/ip.c
+++ b/contrib/ipfilter/ipsend/ip.c
@@ -5,12 +5,15 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995";
-static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.1 2004/10/19 12:31:48 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <sys/socket.h>
+#ifdef __osf__
+# include "radix_ipf_local.h"
+#endif
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
diff --git a/contrib/ipfilter/ipsend/iptests.c b/contrib/ipfilter/ipsend/iptests.c
index 9329c225354b..8f492a24a46e 100644
--- a/contrib/ipfilter/ipsend/iptests.c
+++ b/contrib/ipfilter/ipsend/iptests.c
@@ -6,7 +6,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "%W% %G% (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.7 2006/03/21 16:10:55 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: iptests.c,v 2.8.2.8 2007/02/17 12:41:51 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
@@ -62,6 +62,9 @@ typedef int boolean_t;
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
#endif
+#ifdef __osf__
+# include "radix_ipf_local.h"
+#endif
#include <net/if.h>
#if defined(linux) && (LINUX >= 0200)
# include <asm/atomic.h>
diff --git a/contrib/ipfilter/ipsend/resend.c b/contrib/ipfilter/ipsend/resend.c
index b51ba0602a93..e7b1ef42cfa5 100644
--- a/contrib/ipfilter/ipsend/resend.c
+++ b/contrib/ipfilter/ipsend/resend.c
@@ -6,12 +6,15 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.2 2006/03/17 13:45:34 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: resend.c,v 2.8.2.3 2007/02/17 12:41:51 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
+#ifdef __osf__
+# include "radix_ipf_local.h"
+#endif
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
diff --git a/contrib/ipfilter/ipsend/sdlpi.c b/contrib/ipfilter/ipsend/sdlpi.c
index 38eeb8a103d4..1ce894659c3a 100644
--- a/contrib/ipfilter/ipsend/sdlpi.c
+++ b/contrib/ipfilter/ipsend/sdlpi.c
@@ -25,6 +25,7 @@
#endif
#ifdef __osf__
# include <sys/dlpihdr.h>
+# include "radix_ipf_local.h"
#else
# include <sys/dlpi.h>
#endif
@@ -46,7 +47,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)sdlpi.c 1.3 10/30/95 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.1 2004/12/09 19:41:13 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: sdlpi.c,v 2.8.2.2 2007/02/17 12:41:51 darrenr Exp $";
#endif
#define CHUNKSIZE 8192
diff --git a/contrib/ipfilter/ipsend/sock.c b/contrib/ipfilter/ipsend/sock.c
index 09d808d1ea44..65f4f924971e 100644
--- a/contrib/ipfilter/ipsend/sock.c
+++ b/contrib/ipfilter/ipsend/sock.c
@@ -6,7 +6,7 @@
*/
#if !defined(lint)
static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.4 2006/03/21 16:10:56 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: sock.c,v 2.8.4.6 2007/02/17 12:41:51 darrenr Exp $";
#endif
#include <sys/param.h>
#include <sys/types.h>
@@ -65,7 +65,9 @@ typedef int boolean_t;
#if defined(__FreeBSD__)
# include "radix_ipf.h"
#endif
-#include <net/route.h>
+#ifndef __osf__
+# include <net/route.h>
+#endif
#include <netinet/ip_var.h>
#include <netinet/in_pcb.h>
#include <netinet/tcp_timer.h>
@@ -293,11 +295,14 @@ struct tcpiphdr *ti;
return NULL;
fd = (struct filedesc *)malloc(sizeof(*fd));
+ if (fd == NULL)
+ return NULL;
#if defined( __FreeBSD_version) && __FreeBSD_version >= 500013
if (KMCPY(fd, p->ki_fd, sizeof(*fd)) == -1)
{
fprintf(stderr, "read(%#lx,%#lx) failed\n",
(u_long)p, (u_long)p->ki_fd);
+ free(fd);
return NULL;
}
#else
@@ -305,6 +310,7 @@ struct tcpiphdr *ti;
{
fprintf(stderr, "read(%#lx,%#lx) failed\n",
(u_long)p, (u_long)p->kp_proc.p_fd);
+ free(fd);
return NULL;
}
#endif
diff --git a/contrib/ipfilter/lib/Makefile b/contrib/ipfilter/lib/Makefile
index 3dcf3a16b66e..b0d50523df39 100644
--- a/contrib/ipfilter/lib/Makefile
+++ b/contrib/ipfilter/lib/Makefile
@@ -1,7 +1,16 @@
+#
+# Copyright (C) 1993-2001 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+# $Id: Makefile,v 1.41.2.13 2007/05/10 06:02:19 darrenr Exp $
+#
INCDEP=$(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ipf.h
LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/addipopt.o \
+ $(DEST)/alist_free.o \
+ $(DEST)/alist_new.o \
$(DEST)/bcopywrap.o \
$(DEST)/binprint.o \
$(DEST)/buildopts.o \
@@ -9,23 +18,17 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/count6bits.o \
$(DEST)/count4bits.o \
$(DEST)/debug.o \
- $(DEST)/extras.o \
$(DEST)/facpri.o \
$(DEST)/flags.o \
$(DEST)/fill6bits.o \
- $(DEST)/genmask.o \
$(DEST)/gethost.o \
$(DEST)/getifname.o \
- $(DEST)/getline.o \
$(DEST)/getnattype.o \
$(DEST)/getport.o \
$(DEST)/getportproto.o \
$(DEST)/getproto.o \
$(DEST)/getsumd.o \
- $(DEST)/hexdump.o \
- $(DEST)/hostmask.o \
$(DEST)/hostname.o \
- $(DEST)/hostnum.o \
$(DEST)/icmpcode.o \
$(DEST)/inet_addr.o \
$(DEST)/initparse.o \
@@ -41,11 +44,13 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/kmem.o \
$(DEST)/kmemcpywrap.o \
$(DEST)/kvatoname.o \
+ $(DEST)/load_file.o \
$(DEST)/load_hash.o \
$(DEST)/load_hashnode.o \
+ $(DEST)/load_http.o \
$(DEST)/load_pool.o \
$(DEST)/load_poolnode.o \
- $(DEST)/loglevel.o \
+ $(DEST)/load_url.o \
$(DEST)/mutex_emul.o \
$(DEST)/nametokva.o \
$(DEST)/nat_setgroupmap.o \
@@ -55,17 +60,19 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/optprintv6.o \
$(DEST)/optvalue.o \
$(DEST)/portname.o \
- $(DEST)/portnum.o \
- $(DEST)/ports.o \
$(DEST)/print_toif.o \
$(DEST)/printactivenat.o \
$(DEST)/printaps.o \
$(DEST)/printbuf.o \
$(DEST)/printhash.o \
+ $(DEST)/printhashdata.o \
$(DEST)/printhashnode.o \
+ $(DEST)/printhash_live.o \
$(DEST)/printip.o \
$(DEST)/printpool.o \
+ $(DEST)/printpooldata.o \
$(DEST)/printpoolnode.o \
+ $(DEST)/printpool_live.o \
$(DEST)/printproto.o \
$(DEST)/printfr.o \
$(DEST)/printfraginfo.o \
@@ -80,9 +87,8 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/printpacket6.o \
$(DEST)/printsbuf.o \
$(DEST)/printstate.o \
+ $(DEST)/printtqtable.o \
$(DEST)/printtunable.o \
- $(DEST)/ratoi.o \
- $(DEST)/ratoui.o \
$(DEST)/remove_hash.o \
$(DEST)/remove_hashnode.o \
$(DEST)/remove_pool.o \
@@ -91,7 +97,6 @@ LIBOBJS=$(DEST)/addicmp.o \
$(DEST)/rwlock_emul.o \
$(DEST)/tcpflags.o \
$(DEST)/tcp_flags.o \
- $(DEST)/to_interface.o \
$(DEST)/var.o \
$(DEST)/verbose.o \
$(DEST)/v6ionames.o \
@@ -106,6 +111,10 @@ $(DEST)/addicmp.o: $(LIBSRC)/addicmp.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addicmp.c -o $@
$(DEST)/addipopt.o: $(LIBSRC)/addipopt.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/addipopt.c -o $@
+$(DEST)/alist_free.o: $(LIBSRC)/alist_free.c $(INCDEP)
+ $(CC) $(CCARGS) -c $(LIBSRC)/alist_free.c -o $@
+$(DEST)/alist_new.o: $(LIBSRC)/alist_new.c $(INCDEP)
+ $(CC) $(CCARGS) -c $(LIBSRC)/alist_new.c -o $@
$(DEST)/bcopywrap.o: $(LIBSRC)/bcopywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/bcopywrap.c -o $@
$(DEST)/binprint.o: $(LIBSRC)/binprint.c $(INCDEP)
@@ -120,16 +129,12 @@ $(DEST)/count4bits.o: $(LIBSRC)/count4bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/count4bits.c -o $@
$(DEST)/debug.o: $(LIBSRC)/debug.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/debug.c -o $@
-$(DEST)/extras.o: $(LIBSRC)/extras.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/extras.c -o $@
$(DEST)/facpri.o: $(LIBSRC)/facpri.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/facpri.c -o $@
$(DEST)/fill6bits.o: $(LIBSRC)/fill6bits.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/fill6bits.c -o $@
$(DEST)/flags.o: $(LIBSRC)/flags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/flags.c -o $@
-$(DEST)/genmask.o: $(LIBSRC)/genmask.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/genmask.c -o $@
$(DEST)/getline.o: $(LIBSRC)/getline.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getline.c -o $@
$(DEST)/gethost.o: $(LIBSRC)/gethost.c $(INCDEP)
@@ -146,14 +151,8 @@ $(DEST)/getproto.o: $(LIBSRC)/getproto.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getproto.c -o $@
$(DEST)/getsumd.o: $(LIBSRC)/getsumd.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/getsumd.c -o $@
-$(DEST)/hexdump.o: $(LIBSRC)/hexdump.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/hexdump.c -o $@
-$(DEST)/hostmask.o: $(LIBSRC)/hostmask.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/hostmask.c -o $@
$(DEST)/hostname.o: $(LIBSRC)/hostname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/hostname.c -o $@
-$(DEST)/hostnum.o: $(LIBSRC)/hostnum.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/hostnum.c -o $@
$(DEST)/icmpcode.o: $(LIBSRC)/icmpcode.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/icmpcode.c -o $@
$(DEST)/ipoptsec.o: $(LIBSRC)/ipoptsec.c $(INCDEP)
@@ -184,14 +183,20 @@ $(DEST)/kmemcpywrap.o: $(LIBSRC)/kmemcpywrap.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kmemcpywrap.c -o $@
$(DEST)/kvatoname.o: $(LIBSRC)/kvatoname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/kvatoname.c -o $@
+$(DEST)/load_file.o: $(LIBSRC)/load_file.c $(INCDEP)
+ $(CC) $(CCARGS) -c $(LIBSRC)/load_file.c -o $@
$(DEST)/load_hash.o: $(LIBSRC)/load_hash.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hash.c -o $@
$(DEST)/load_hashnode.o: $(LIBSRC)/load_hashnode.c $(INCDEP) $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_hashnode.c -o $@
+$(DEST)/load_http.o: $(LIBSRC)/load_http.c $(INCDEP)
+ $(CC) $(CCARGS) -c $(LIBSRC)/load_http.c -o $@
$(DEST)/load_pool.o: $(LIBSRC)/load_pool.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_pool.c -o $@
$(DEST)/load_poolnode.o: $(LIBSRC)/load_poolnode.c $(INCDEP) $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/load_poolnode.c -o $@
+$(DEST)/load_url.o: $(LIBSRC)/load_url.c $(INCDEP)
+ $(CC) $(CCARGS) -c $(LIBSRC)/load_url.c -o $@
$(DEST)/make_range.o: $(LIBSRC)/make_range.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/make_range.c -o $@
$(DEST)/mutex_emul.o: $(LIBSRC)/mutex_emul.c $(INCDEP)
@@ -203,8 +208,6 @@ $(DEST)/nat_setgroupmap.o: $(LIBSRC)/nat_setgroupmap.c $(TOP)/ip_compat.h \
$(CC) $(CCARGS) -c $(LIBSRC)/nat_setgroupmap.c -o $@
$(DEST)/ntomask.o: $(LIBSRC)/ntomask.c $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(LIBSRC)/ntomask.c -o $@
-$(DEST)/loglevel.o: $(LIBSRC)/loglevel.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/loglevel.c -o $@
$(DEST)/optname.o: $(LIBSRC)/optname.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/optname.c -o $@
$(DEST)/optprint.o: $(LIBSRC)/optprint.c $(INCDEP)
@@ -233,16 +236,25 @@ $(DEST)/printfraginfo.o: $(LIBSRC)/printfraginfo.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printfraginfo.c -o $@
$(DEST)/printhash.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhash.c -o $@
+$(DEST)/printhashdata.o: $(LIBSRC)/printhash.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
+ $(CC) $(CCARGS) -c $(LIBSRC)/printhashdata.c -o $@
$(DEST)/printhashnode.o: $(LIBSRC)/printhashnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printhashnode.c -o $@
+$(DEST)/printhash_live.o: $(LIBSRC)/printhash_live.c $(TOP)/ip_fil.h $(TOP)/ip_htable.h
+ $(CC) $(CCARGS) -c $(LIBSRC)/printhash_live.c -o $@
$(DEST)/printip.o: $(LIBSRC)/printip.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printip.c -o $@
$(DEST)/printpool.o: $(LIBSRC)/printpool.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpool.c -o $@
+$(DEST)/printpooldata.o: $(LIBSRC)/printpooldata.c $(TOP)/ip_fil.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -c $(LIBSRC)/printpooldata.c -o $@
$(DEST)/printpoolnode.o: $(LIBSRC)/printpoolnode.c $(TOP)/ip_fil.h \
$(TOP)/ip_pool.h $(TOP)/ip_lookup.h
$(CC) $(CCARGS) -c $(LIBSRC)/printpoolnode.c -o $@
+$(DEST)/printpool_live.o: $(LIBSRC)/printpool_live.c $(TOP)/ip_fil.h \
+ $(TOP)/ip_pool.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) -c $(LIBSRC)/printpool_live.c -o $@
$(DEST)/printproto.o: $(LIBSRC)/printproto.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(LIBSRC)/printproto.c -o $@
$(DEST)/printhostmap.o: $(LIBSRC)/printhostmap.c $(TOP)/ip_fil.h
@@ -267,12 +279,10 @@ $(DEST)/printsbuf.o: $(LIBSRC)/printsbuf.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printsbuf.c -o $@
$(DEST)/printstate.o: $(LIBSRC)/printstate.c $(INCDEP) $(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(LIBSRC)/printstate.c -o $@
+$(DEST)/printtqtable.o: $(LIBSRC)/printtqtable.c $(INCDEP)
+ $(CC) $(CCARGS) -c $(LIBSRC)/printtqtable.c -o $@
$(DEST)/printtunable.o: $(LIBSRC)/printtunable.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/printtunable.c -o $@
-$(DEST)/ratoi.o: $(LIBSRC)/ratoi.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/ratoi.c -o $@
-$(DEST)/ratoui.o: $(LIBSRC)/ratoui.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/ratoui.c -o $@
$(DEST)/remove_hash.o: $(LIBSRC)/remove_hash.c $(INCDEP) \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) -c $(LIBSRC)/remove_hash.c -o $@
@@ -289,8 +299,6 @@ $(DEST)/resetlexer.o: $(LIBSRC)/resetlexer.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/resetlexer.c -o $@
$(DEST)/rwlock_emul.o: $(LIBSRC)/rwlock_emul.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/rwlock_emul.c -o $@
-$(DEST)/to_interface.o: $(LIBSRC)/to_interface.c $(INCDEP)
- $(CC) $(CCARGS) -c $(LIBSRC)/to_interface.c -o $@
$(DEST)/tcpflags.o: $(LIBSRC)/tcpflags.c $(INCDEP)
$(CC) $(CCARGS) -c $(LIBSRC)/tcpflags.c -o $@
$(DEST)/tcp_flags.o: $(LIBSRC)/tcp_flags.c $(INCDEP)
diff --git a/contrib/ipfilter/lib/addicmp.c b/contrib/ipfilter/lib/addicmp.c
index c83ecfedaeef..256739786b17 100644
--- a/contrib/ipfilter/lib/addicmp.c
+++ b/contrib/ipfilter/lib/addicmp.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: addicmp.c,v 1.10.2.4 2006/02/25 17:41:57 darrenr Exp $
+ * $Id: addicmp.c,v 1.10.2.5 2006/06/16 17:20:55 darrenr Exp $
*/
#include <ctype.h>
diff --git a/contrib/ipfilter/lib/addipopt.c b/contrib/ipfilter/lib/addipopt.c
index e39484fcc4bf..17fac0dc2c8e 100644
--- a/contrib/ipfilter/lib/addipopt.c
+++ b/contrib/ipfilter/lib/addipopt.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: addipopt.c,v 1.7 2002/01/28 06:50:45 darrenr Exp $
+ * $Id: addipopt.c,v 1.7.4.1 2006/06/16 17:20:56 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/alist_free.c b/contrib/ipfilter/lib/alist_free.c
new file mode 100644
index 000000000000..3c1a51880430
--- /dev/null
+++ b/contrib/ipfilter/lib/alist_free.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: alist_free.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $
+ */
+#include "ipf.h"
+
+void
+alist_free(hosts)
+alist_t *hosts;
+{
+ alist_t *a, *next;
+
+ for (a = hosts; a != NULL; a = next) {
+ next = a->al_next;
+ free(a);
+ }
+}
diff --git a/contrib/ipfilter/lib/alist_new.c b/contrib/ipfilter/lib/alist_new.c
new file mode 100644
index 000000000000..72da866849cb
--- /dev/null
+++ b/contrib/ipfilter/lib/alist_new.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: alist_new.c,v 1.1.2.2 2006/08/25 22:43:21 darrenr Exp $
+ */
+
+#include "ipf.h"
+
+alist_t *
+alist_new(int v, char *host)
+{
+ int a, b, c, d, bits;
+ char *slash;
+ alist_t *al;
+ u_int mask;
+
+ al = calloc(1, sizeof(*al));
+ if (al == NULL) {
+ fprintf(stderr, "alist_new out of memory\n");
+ return NULL;
+ }
+
+ bits = -1;
+ slash = strchr(host, '/');
+ if (slash != NULL) {
+ *slash = '\0';
+ bits = atoi(slash + 1);
+ }
+
+ a = b = c = d = -1;
+ sscanf(host, "%d.%d.%d.%d", &a, &b, &c, &d);
+
+ if (bits > 0 && bits < 33) {
+ mask = 0xffffffff << (32 - bits);
+ } else if (b == -1) {
+ mask = 0xff000000;
+ b = c = d = 0;
+ } else if (c == -1) {
+ mask = 0xffff0000;
+ c = d = 0;
+ } else if (d == -1) {
+ mask = 0xffffff00;
+ d = 0;
+ } else {
+ mask = 0xffffffff;
+ }
+
+ if (*host == '!') {
+ al->al_not = 1;
+ host++;
+ }
+
+ if (gethost(host, &al->al_addr) == -1) {
+ *slash = '/';
+ fprintf(stderr, "Cannot parse hostname\n");
+ free(al);
+ return NULL;
+ }
+ al->al_mask = htonl(mask);
+ *slash = '/';
+ return al;
+}
diff --git a/contrib/ipfilter/lib/bcopywrap.c b/contrib/ipfilter/lib/bcopywrap.c
index 1800373c1d1b..83fd04b34634 100644
--- a/contrib/ipfilter/lib/bcopywrap.c
+++ b/contrib/ipfilter/lib/bcopywrap.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: bcopywrap.c,v 1.1.4.1 2006/06/16 17:20:56 darrenr Exp $
+ */
+
#include "ipf.h"
int bcopywrap(from, to, size)
diff --git a/contrib/ipfilter/lib/binprint.c b/contrib/ipfilter/lib/binprint.c
index b07dfb0d7c95..4eb38280763c 100644
--- a/contrib/ipfilter/lib/binprint.c
+++ b/contrib/ipfilter/lib/binprint.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: binprint.c,v 1.8 2002/05/14 15:18:56 darrenr Exp $
+ * $Id: binprint.c,v 1.8.4.1 2006/06/16 17:20:56 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/buildopts.c b/contrib/ipfilter/lib/buildopts.c
index 706e7b73b97f..d493f5e8de76 100644
--- a/contrib/ipfilter/lib/buildopts.c
+++ b/contrib/ipfilter/lib/buildopts.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: buildopts.c,v 1.6 2002/01/28 06:50:45 darrenr Exp $
+ * $Id: buildopts.c,v 1.6.4.1 2006/06/16 17:20:56 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/checkrev.c b/contrib/ipfilter/lib/checkrev.c
index f95cc7977a70..3c40226a98cf 100644
--- a/contrib/ipfilter/lib/checkrev.c
+++ b/contrib/ipfilter/lib/checkrev.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: checkrev.c,v 1.12.2.1 2004/03/09 14:44:39 darrenr Exp $
+ * $Id: checkrev.c,v 1.12.2.2 2006/06/16 17:20:56 darrenr Exp $
*/
#include <sys/ioctl.h>
diff --git a/contrib/ipfilter/lib/count4bits.c b/contrib/ipfilter/lib/count4bits.c
index e3857fad67dd..51e60252b3bf 100644
--- a/contrib/ipfilter/lib/count4bits.c
+++ b/contrib/ipfilter/lib/count4bits.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: count4bits.c,v 1.1 2002/06/15 04:46:39 darrenr Exp $
+ * $Id: count4bits.c,v 1.1.4.1 2006/06/16 17:20:57 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/count6bits.c b/contrib/ipfilter/lib/count6bits.c
index e9a515936600..be090b7be30d 100644
--- a/contrib/ipfilter/lib/count6bits.c
+++ b/contrib/ipfilter/lib/count6bits.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: count6bits.c,v 1.4 2001/06/09 17:09:23 darrenr Exp $
+ * $Id: count6bits.c,v 1.4.4.1 2006/06/16 17:20:57 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/debug.c b/contrib/ipfilter/lib/debug.c
index 9f3f4cc84192..144bc0231a06 100644
--- a/contrib/ipfilter/lib/debug.c
+++ b/contrib/ipfilter/lib/debug.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: debug.c,v 1.6 2001/06/09 17:09:24 darrenr Exp $
+ * $Id: debug.c,v 1.6.4.1 2006/06/16 17:20:57 darrenr Exp $
*/
#if defined(__STDC__)
diff --git a/contrib/ipfilter/lib/facpri.c b/contrib/ipfilter/lib/facpri.c
index c438a1c62ef9..6785e22448f6 100644
--- a/contrib/ipfilter/lib/facpri.c
+++ b/contrib/ipfilter/lib/facpri.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $
+ * $Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $
*/
#include <stdio.h>
@@ -20,7 +20,7 @@
#include "facpri.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.4 2006/03/17 22:28:41 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: facpri.c,v 1.6.2.5 2006/06/16 17:20:58 darrenr Exp $";
#endif
diff --git a/contrib/ipfilter/lib/facpri.h b/contrib/ipfilter/lib/facpri.h
index d0d488a8cda9..b6d5f5afc363 100644
--- a/contrib/ipfilter/lib/facpri.h
+++ b/contrib/ipfilter/lib/facpri.h
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1999-2001 by Darren Reed.
+ * Copyright (C) 2000-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: facpri.h,v 1.3 2001/06/09 17:19:50 darrenr Exp $
+ * $Id: facpri.h,v 1.3.4.1 2006/06/16 17:20:58 darrenr Exp $
*/
#ifndef __FACPRI_H__
diff --git a/contrib/ipfilter/lib/fill6bits.c b/contrib/ipfilter/lib/fill6bits.c
index 421a07515a4a..a5f459a28af0 100644
--- a/contrib/ipfilter/lib/fill6bits.c
+++ b/contrib/ipfilter/lib/fill6bits.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: fill6bits.c,v 1.5 2002/03/27 15:09:57 darrenr Exp $
+ * $Id: fill6bits.c,v 1.5.4.1 2006/06/16 17:20:58 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/flags.c b/contrib/ipfilter/lib/flags.c
index 49f28e6bef1a..4baf3bdc277f 100644
--- a/contrib/ipfilter/lib/flags.c
+++ b/contrib/ipfilter/lib/flags.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: flags.c,v 1.4 2002/11/02 07:16:36 darrenr Exp $
+ * $Id: flags.c,v 1.4.4.1 2006/06/16 17:20:58 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/gethost.c b/contrib/ipfilter/lib/gethost.c
index afcd3b5c0994..d97766f1f102 100644
--- a/contrib/ipfilter/lib/gethost.c
+++ b/contrib/ipfilter/lib/gethost.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: gethost.c,v 1.3.2.2 2006/06/16 17:20:59 darrenr Exp $
+ */
+
#include "ipf.h"
int gethost(name, hostp)
diff --git a/contrib/ipfilter/lib/getifname.c b/contrib/ipfilter/lib/getifname.c
index 1480c1f26450..6163239edb29 100644
--- a/contrib/ipfilter/lib/getifname.c
+++ b/contrib/ipfilter/lib/getifname.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: getifname.c,v 1.5.2.3 2006/07/14 06:12:24 darrenr Exp $
+ */
+
#include "ipf.h"
#include "kmem.h"
@@ -6,6 +14,7 @@
* Given a pointer to an interface in the kernel, return a pointer to a
* string which is the interface name.
*/
+#if 0
char *getifname(ptr)
struct ifnet *ptr;
{
@@ -72,3 +81,10 @@ struct ifnet *ptr;
# endif
#endif
}
+#else
+char *getifname(ptr)
+struct ifnet *ptr;
+{
+ return "X";
+}
+#endif
diff --git a/contrib/ipfilter/lib/getnattype.c b/contrib/ipfilter/lib/getnattype.c
index 312a862c3edd..04463c22234a 100644
--- a/contrib/ipfilter/lib/getnattype.c
+++ b/contrib/ipfilter/lib/getnattype.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
@@ -9,26 +9,34 @@
#include "kmem.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3 2004/01/17 17:26:07 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: getnattype.c,v 1.3.2.2 2006/07/14 06:12:24 darrenr Exp $";
#endif
/*
* Get a nat filter type given its kernel address.
*/
-char *getnattype(ipnat)
-ipnat_t *ipnat;
+char *getnattype(nat, alive)
+nat_t *nat;
+int alive;
{
static char unknownbuf[20];
- ipnat_t ipnatbuff;
+ ipnat_t *ipn, ipnat;
char *which;
+ int type;
- if (!ipnat)
+ if (!nat)
return "???";
- if (kmemcpy((char *)&ipnatbuff, (long)ipnat, sizeof(ipnatbuff)))
- return "!!!";
+ if (alive) {
+ type = nat->nat_redir;
+ } else {
+ ipn = nat->nat_ptr;
+ if (kmemcpy((char *)&ipnat, (long)ipn, sizeof(ipnat)))
+ return "!!!";
+ type = ipnat.in_redir;
+ }
- switch (ipnatbuff.in_redir)
+ switch (type)
{
case NAT_MAP :
which = "MAP";
@@ -43,8 +51,7 @@ ipnat_t *ipnat;
which = "BIMAP";
break;
default :
- sprintf(unknownbuf, "unknown(%04x)",
- ipnatbuff.in_redir & 0xffffffff);
+ sprintf(unknownbuf, "unknown(%04x)", type & 0xffffffff);
which = unknownbuf;
break;
}
diff --git a/contrib/ipfilter/lib/getport.c b/contrib/ipfilter/lib/getport.c
index bb14fb300680..1c5177c56006 100644
--- a/contrib/ipfilter/lib/getport.c
+++ b/contrib/ipfilter/lib/getport.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2005 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: getport.c,v 1.1.4.6 2006/06/16 17:21:00 darrenr Exp $
+ */
+
#include "ipf.h"
int getport(fr, name, port)
diff --git a/contrib/ipfilter/lib/getportproto.c b/contrib/ipfilter/lib/getportproto.c
index d76e7611c1be..5a247aec6f68 100644
--- a/contrib/ipfilter/lib/getportproto.c
+++ b/contrib/ipfilter/lib/getportproto.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2005 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: getportproto.c,v 1.2.4.4 2006/06/16 17:21:00 darrenr Exp $
+ */
+
#include <ctype.h>
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/getproto.c b/contrib/ipfilter/lib/getproto.c
index 58e82bdb6ab5..9714da26a824 100644
--- a/contrib/ipfilter/lib/getproto.c
+++ b/contrib/ipfilter/lib/getproto.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2005 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: getproto.c,v 1.2.2.3 2006/06/16 17:21:00 darrenr Exp $
+ */
+
#include "ipf.h"
int getproto(name)
diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c
index 346c445ff849..00974bcf6f8f 100644
--- a/contrib/ipfilter/lib/getsumd.c
+++ b/contrib/ipfilter/lib/getsumd.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: getsumd.c,v 1.2.4.1 2006/06/16 17:21:01 darrenr Exp $
+ */
+
#include "ipf.h"
char *getsumd(sum)
diff --git a/contrib/ipfilter/lib/hostname.c b/contrib/ipfilter/lib/hostname.c
index a883fc6cb6aa..b8295d40321b 100644
--- a/contrib/ipfilter/lib/hostname.c
+++ b/contrib/ipfilter/lib/hostname.c
@@ -1,3 +1,10 @@
+/*
+ * Copyright (C) 2002-2003 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: hostname.c,v 1.6.2.2 2007/01/16 02:25:22 darrenr Exp $
+ */
#include "ipf.h"
@@ -10,6 +17,8 @@ void *ip;
struct in_addr ipa;
struct netent *np;
+ memset(&ipa, 0, sizeof(ipa)); /* XXX gcc */
+
if (v == 4) {
ipa.s_addr = *(u_32_t *)ip;
if (ipa.s_addr == htonl(0xfedcba98))
diff --git a/contrib/ipfilter/lib/icmpcode.c b/contrib/ipfilter/lib/icmpcode.c
index b60d2477a5f4..69841e0cc4b7 100644
--- a/contrib/ipfilter/lib/icmpcode.c
+++ b/contrib/ipfilter/lib/icmpcode.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: icmpcode.c,v 1.7.2.4 2006/02/25 17:40:22 darrenr Exp $
+ * $Id: icmpcode.c,v 1.7.2.5 2006/06/16 17:21:02 darrenr Exp $
*/
#include <ctype.h>
diff --git a/contrib/ipfilter/lib/initparse.c b/contrib/ipfilter/lib/initparse.c
index d875925c08ea..b9f162f55c27 100644
--- a/contrib/ipfilter/lib/initparse.c
+++ b/contrib/ipfilter/lib/initparse.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: initparse.c,v 1.6 2002/01/28 06:50:46 darrenr Exp $
+ * $Id: initparse.c,v 1.6.4.1 2006/06/16 17:21:02 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/ionames.c b/contrib/ipfilter/lib/ionames.c
index b1f655c2dc0b..cc9374d67644 100644
--- a/contrib/ipfilter/lib/ionames.c
+++ b/contrib/ipfilter/lib/ionames.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ionames.c,v 1.7 2002/01/28 06:50:46 darrenr Exp $
+ * $Id: ionames.c,v 1.7.4.1 2006/06/16 17:21:02 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/ipf_dotuning.c b/contrib/ipfilter/lib/ipf_dotuning.c
index daff02578a44..8f90fdbe95a9 100644
--- a/contrib/ipfilter/lib/ipf_dotuning.c
+++ b/contrib/ipfilter/lib/ipf_dotuning.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2003-2005 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: ipf_dotuning.c,v 1.2.4.3 2006/06/16 17:21:02 darrenr Exp $
+ */
+
#include "ipf.h"
#include "netinet/ipl.h"
#include <sys/ioctl.h>
diff --git a/contrib/ipfilter/lib/ipft_ef.c b/contrib/ipfilter/lib/ipft_ef.c
index 237febcb4b07..52eb508de6b1 100644
--- a/contrib/ipfilter/lib/ipft_ef.c
+++ b/contrib/ipfilter/lib/ipft_ef.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $
+ * $Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $
*/
/*
@@ -31,7 +31,7 @@ etherfind -n -t
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14 2004/01/08 13:34:31 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_ef.c,v 1.14.2.2 2006/06/16 17:21:02 darrenr Exp $";
#endif
static int etherf_open __P((char *));
@@ -96,13 +96,18 @@ int cnt, *dir;
switch (ip->ip_p) {
case IPPROTO_TCP :
+ if (isdigit(*sprt))
+ pkt.ti_sport = htons(atoi(sprt) & 65535);
+ if (isdigit(*dprt))
+ pkt.ti_dport = htons(atoi(dprt) & 65535);
+ extra = sizeof(struct tcphdr);
+ break;
case IPPROTO_UDP :
- s = strtok(NULL, " :");
- ip->ip_len += atoi(s);
- if (ip->ip_p == IPPROTO_TCP)
- extra = sizeof(struct tcphdr);
- else if (ip->ip_p == IPPROTO_UDP)
- extra = sizeof(struct udphdr);
+ if (isdigit(*sprt))
+ pkt.ti_sport = htons(atoi(sprt) & 65535);
+ if (isdigit(*dprt))
+ pkt.ti_dport = htons(atoi(dprt) & 65535);
+ extra = sizeof(struct udphdr);
break;
#ifdef IGMP
case IPPROTO_IGMP :
diff --git a/contrib/ipfilter/lib/ipft_hx.c b/contrib/ipfilter/lib/ipft_hx.c
index c6491078c1ae..4851fff3eae4 100644
--- a/contrib/ipfilter/lib/ipft_hx.c
+++ b/contrib/ipfilter/lib/ipft_hx.c
@@ -1,11 +1,11 @@
/*
- * Copyright (C) 1995-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.3 2005/12/04 10:07:21 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_hx.c,v 1.11.4.4 2006/06/16 17:21:03 darrenr Exp $";
#endif
#include <ctype.h>
diff --git a/contrib/ipfilter/lib/ipft_pc.c b/contrib/ipfilter/lib/ipft_pc.c
index de152355993c..fbfe6b063db5 100644
--- a/contrib/ipfilter/lib/ipft_pc.c
+++ b/contrib/ipfilter/lib/ipft_pc.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $
+ * $Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $
*/
#include "ipf.h"
#include "pcap-ipf.h"
@@ -11,7 +11,7 @@
#include "ipt.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.1 2005/12/04 09:55:10 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_pc.c,v 1.10.2.2 2006/06/16 17:21:03 darrenr Exp $";
#endif
struct llc {
diff --git a/contrib/ipfilter/lib/ipft_sn.c b/contrib/ipfilter/lib/ipft_sn.c
index 1b3e364396db..a4c73185cee3 100644
--- a/contrib/ipfilter/lib/ipft_sn.c
+++ b/contrib/ipfilter/lib/ipft_sn.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $
+ * $Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $
*/
/*
@@ -14,7 +14,7 @@
#include "ipt.h"
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7 2003/02/16 02:32:36 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_sn.c,v 1.7.4.1 2006/06/16 17:21:03 darrenr Exp $";
#endif
struct llc {
diff --git a/contrib/ipfilter/lib/ipft_td.c b/contrib/ipfilter/lib/ipft_td.c
index 1aa616670a87..21bb76430e14 100644
--- a/contrib/ipfilter/lib/ipft_td.c
+++ b/contrib/ipfilter/lib/ipft_td.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $
+ * $Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $
*/
/*
@@ -40,7 +40,7 @@ tcpdump -nqte
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15 2004/01/08 13:34:31 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_td.c,v 1.15.2.2 2006/06/16 17:21:03 darrenr Exp $";
#endif
static int tcpd_open __P((char *));
@@ -142,6 +142,8 @@ int cnt, *dir;
IP_HL_A(ip, sizeof(ip_t));
s = strtok(misc, " :");
+ if (s == NULL)
+ return 0;
ip->ip_p = getproto(s);
switch (ip->ip_p)
@@ -149,6 +151,8 @@ int cnt, *dir;
case IPPROTO_TCP :
case IPPROTO_UDP :
s = strtok(NULL, " :");
+ if (s == NULL)
+ return 0;
ip->ip_len += atoi(s);
if (ip->ip_p == IPPROTO_TCP)
extra = sizeof(struct tcphdr);
diff --git a/contrib/ipfilter/lib/ipft_tx.c b/contrib/ipfilter/lib/ipft_tx.c
index 04c2dab8777e..302f177a72da 100644
--- a/contrib/ipfilter/lib/ipft_tx.c
+++ b/contrib/ipfilter/lib/ipft_tx.c
@@ -1,13 +1,13 @@
/*
- * Copyright (C) 1995-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $
+ * $Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.7 2005/12/18 14:53:39 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.9 2006/06/16 17:21:04 darrenr Exp $";
#endif
#include <ctype.h>
@@ -127,6 +127,7 @@ int cnt, *dir;
{
register char *s;
char line[513];
+ ip_t *ip;
*ifn = NULL;
while (fgets(line, sizeof(line)-1, tfp)) {
@@ -142,12 +143,10 @@ int cnt, *dir;
printf("input: %s\n", line);
*ifn = NULL;
*dir = 0;
- if (!parseline(line, (ip_t *)buf, ifn, dir))
-#if 0
- return sizeof(ip_t) + sizeof(tcphdr_t);
-#else
- return sizeof(ip_t);
-#endif
+ if (!parseline(line, (ip_t *)buf, ifn, dir)) {
+ ip = (ip_t *)buf;
+ return ntohs(ip->ip_len);
+ }
}
if (feof(tfp))
return 0;
diff --git a/contrib/ipfilter/lib/ipoptsec.c b/contrib/ipfilter/lib/ipoptsec.c
index 558ae58a1b62..a59db23616fd 100644
--- a/contrib/ipfilter/lib/ipoptsec.c
+++ b/contrib/ipfilter/lib/ipoptsec.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ipoptsec.c,v 1.2 2002/01/28 06:50:46 darrenr Exp $
+ * $Id: ipoptsec.c,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/kmem.c b/contrib/ipfilter/lib/kmem.c
index 1fd00ab5350c..07830fbe1073 100644
--- a/contrib/ipfilter/lib/kmem.c
+++ b/contrib/ipfilter/lib/kmem.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -42,7 +42,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)kmem.c 1.4 1/12/96 (C) 1992 Darren Reed";
-static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.2 2005/06/12 07:18:41 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: kmem.c,v 1.16.2.3 2006/06/16 17:21:04 darrenr Exp $";
#endif
diff --git a/contrib/ipfilter/lib/kmem.h b/contrib/ipfilter/lib/kmem.h
index 2cdd5fb1820f..70f0a7a10886 100644
--- a/contrib/ipfilter/lib/kmem.h
+++ b/contrib/ipfilter/lib/kmem.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
- * $Id: kmem.h,v 1.2 2002/08/21 22:57:36 darrenr Exp $
+ * $Id: kmem.h,v 1.2.4.1 2006/06/16 17:21:04 darrenr Exp $
*/
#ifndef __KMEM_H__
diff --git a/contrib/ipfilter/lib/kmemcpywrap.c b/contrib/ipfilter/lib/kmemcpywrap.c
index 35715dc63d51..7a4a161f339b 100644
--- a/contrib/ipfilter/lib/kmemcpywrap.c
+++ b/contrib/ipfilter/lib/kmemcpywrap.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: kmemcpywrap.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $
+ */
+
#include "ipf.h"
#include "kmem.h"
diff --git a/contrib/ipfilter/lib/kvatoname.c b/contrib/ipfilter/lib/kvatoname.c
index b3f4af932cdc..b0fe69dafb3c 100644
--- a/contrib/ipfilter/lib/kvatoname.c
+++ b/contrib/ipfilter/lib/kvatoname.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: kvatoname.c,v 1.1.4.1 2006/06/16 17:21:05 darrenr Exp $
+ */
+
#include "ipf.h"
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/load_file.c b/contrib/ipfilter/lib/load_file.c
new file mode 100644
index 000000000000..9bb3899aebf5
--- /dev/null
+++ b/contrib/ipfilter/lib/load_file.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: load_file.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $
+ */
+
+#include "ipf.h"
+
+alist_t *
+load_file(char *filename)
+{
+ alist_t *a, *rtop, *rbot;
+ char *s, line[1024], *t;
+ int linenum, not;
+ FILE *fp;
+
+ fp = fopen(filename + 7, "r");
+ if (fp == NULL) {
+ fprintf(stderr, "load_file cannot open '%s'\n", filename);
+ return NULL;
+ }
+
+ a = NULL;
+ rtop = NULL;
+ rbot = NULL;
+ linenum = 0;
+
+ while (fgets(line, sizeof(line) - 1, fp)) {
+ line[sizeof(line) - 1] = '\0';
+ linenum++;
+ /*
+ * Hunt for CR/LF. If no LF, stop processing.
+ */
+ s = strchr(line, '\n');
+ if (s == NULL) {
+ fprintf(stderr, "%d:%s: line too long\n", linenum, filename);
+ fclose(fp);
+ alist_free(rtop);
+ return NULL;
+ }
+
+ *s = '\0';
+ s = strchr(line, '\r');
+ if (s != NULL)
+ *s = '\0';
+ for (t = line; isspace(*t); t++)
+ ;
+ if (*t == '!') {
+ not = 1;
+ t++;
+ } else
+ not = 0;
+
+ /*
+ * Remove comment markers
+ */
+ for (s = t; *s; s++) {
+ if (*s == '#')
+ *s = '\0';
+ }
+ if (!*t)
+ continue;
+ /*
+ * Trim off tailing white spaces
+ */
+ s = strlen(t) + t - 1;
+ while (isspace(*s))
+ *s-- = '\0';
+
+ if (isdigit(*t)) {
+ a = alist_new(4, t);
+ a->al_not = not;
+ if (rbot != NULL)
+ rbot->al_next = a;
+ else
+ rtop = a;
+ rbot = a;
+ } else {
+ fprintf(stderr, "%s: unrecognised content line %d\n",
+ filename, linenum);
+ }
+ }
+ fclose(fp);
+
+ return rtop;
+}
diff --git a/contrib/ipfilter/lib/load_hash.c b/contrib/ipfilter/lib/load_hash.c
index 638e9f5700a0..84abca03c166 100644
--- a/contrib/ipfilter/lib/load_hash.c
+++ b/contrib/ipfilter/lib/load_hash.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: load_hash.c,v 1.11.2.3 2005/11/13 15:41:12 darrenr Exp $
+ * $Id: load_hash.c,v 1.11.2.5 2006/07/14 06:12:25 darrenr Exp $
*/
#include <fcntl.h>
@@ -60,6 +60,7 @@ ioctlfunc_t iocfunc;
iph.iph_size = size;
iph.iph_seed = iphp->iph_seed;
iph.iph_table = NULL;
+ iph.iph_list = NULL;
iph.iph_ref = 0;
if ((opts & OPT_REMOVE) == 0) {
@@ -83,9 +84,10 @@ ioctlfunc_t iocfunc;
perror("calloc(size, sizeof(*iph.iph_table))");
return -1;
}
- iph.iph_table[0] = list;
+ iph.iph_list = list;
printhash(&iph, bcopywrap, iph.iph_name, opts);
free(iph.iph_table);
+ iph.iph_list = NULL;
for (a = list; a != NULL; a = a->ipe_next) {
a->ipe_addr.in4_addr = htonl(a->ipe_addr.in4_addr);
diff --git a/contrib/ipfilter/lib/load_hashnode.c b/contrib/ipfilter/lib/load_hashnode.c
index cee03385f40f..8ff907abe9bf 100644
--- a/contrib/ipfilter/lib/load_hashnode.c
+++ b/contrib/ipfilter/lib/load_hashnode.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2003-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: load_hashnode.c,v 1.2.4.1 2004/03/06 14:33:28 darrenr Exp $
+ * $Id: load_hashnode.c,v 1.2.4.2 2006/06/16 17:21:05 darrenr Exp $
*/
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/load_http.c b/contrib/ipfilter/lib/load_http.c
new file mode 100644
index 000000000000..164b8b4945f5
--- /dev/null
+++ b/contrib/ipfilter/lib/load_http.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: load_http.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $
+ */
+
+#include "ipf.h"
+
+/*
+ * Format expected is one addres per line, at the start of each line.
+ */
+alist_t *
+load_http(char *url)
+{
+ int fd, len, left, port, endhdr, removed;
+ char *s, *t, *u, buffer[1024], *myurl;
+ alist_t *a, *rtop, *rbot;
+ struct sockaddr_in sin;
+ struct hostent *host;
+
+ /*
+ * More than this would just be absurd.
+ */
+ if (strlen(url) > 512) {
+ fprintf(stderr, "load_http has a URL > 512 bytes?!\n");
+ return NULL;
+ }
+
+ fd = -1;
+ rtop = NULL;
+ rbot = NULL;
+
+ sprintf(buffer, "GET %s HTTP/1.0\r\n", url);
+
+ myurl = strdup(url);
+ if (myurl == NULL)
+ goto done;
+
+ s = myurl + 7; /* http:// */
+ t = strchr(s, '/');
+ if (t == NULL) {
+ fprintf(stderr, "load_http has a malformed URL '%s'\n", url);
+ free(myurl);
+ return NULL;
+ }
+ *t++ = '\0';
+
+ u = strchr(s, '@');
+ if (u != NULL)
+ s = u + 1; /* AUTH */
+
+ sprintf(buffer + strlen(buffer), "Host: %s\r\n\r\n", s);
+
+ u = strchr(s, ':');
+ if (u != NULL) {
+ *u++ = '\0';
+ port = atoi(u);
+ if (port < 0 || port > 65535)
+ goto done;
+ } else {
+ port = 80;
+ }
+
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(port);
+
+ if (isdigit(*s)) {
+ if (inet_aton(s, &sin.sin_addr) == -1) {
+ goto done;
+ }
+ } else {
+ host = gethostbyname(s);
+ if (host == NULL)
+ goto done;
+ memcpy(&sin.sin_addr, host->h_addr_list[0],
+ sizeof(sin.sin_addr));
+ }
+
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (fd == -1)
+ goto done;
+
+ if (connect(fd, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
+ close(fd);
+ goto done;
+ }
+
+ len = strlen(buffer);
+ if (write(fd, buffer, len) != len) {
+ close(fd);
+ goto done;
+ }
+
+ s = buffer;
+ endhdr = 0;
+ left = sizeof(buffer) - 1;
+
+ while ((len = read(fd, s, left)) > 0) {
+ s[len] = '\0';
+ left -= len;
+ s += len;
+
+ if (endhdr >= 0) {
+ if (endhdr == 0) {
+ t = strchr(buffer, ' ');
+ if (t == NULL)
+ continue;
+ t++;
+ if (*t != '2')
+ break;
+ }
+
+ u = buffer;
+ while ((t = strchr(u, '\r')) != NULL) {
+ if (t == u) {
+ if (*(t + 1) == '\n') {
+ u = t + 2;
+ endhdr = -1;
+ break;
+ } else
+ t++;
+ } else if (*(t + 1) == '\n') {
+ endhdr++;
+ u = t + 2;
+ } else
+ u = t + 1;
+ }
+ if (endhdr >= 0)
+ continue;
+ removed = (u - buffer) + 1;
+ memmove(buffer, u, (sizeof(buffer) - left) - removed);
+ s -= removed;
+ left += removed;
+ }
+
+ do {
+ t = strchr(buffer, '\n');
+ if (t == NULL)
+ break;
+
+ *t++ = '\0';
+ for (u = buffer; isdigit(*u) || (*u == '.'); u++)
+ ;
+ if (*u == '/') {
+ char *slash;
+
+ slash = u;
+ u++;
+ while (isdigit(*u))
+ u++;
+ if (!isspace(*u) && *u)
+ u = slash;
+ }
+ *u = '\0';
+
+ a = alist_new(4, buffer);
+ if (a != NULL) {
+ if (rbot != NULL)
+ rbot->al_next = a;
+ else
+ rtop = a;
+ rbot = a;
+ }
+
+ removed = t - buffer;
+ memmove(buffer, t, sizeof(buffer) - left - removed);
+ s -= removed;
+ left += removed;
+
+ } while (1);
+ }
+
+done:
+ if (myurl != NULL)
+ free(myurl);
+ if (fd != -1)
+ close(fd);
+ return rtop;
+}
diff --git a/contrib/ipfilter/lib/load_pool.c b/contrib/ipfilter/lib/load_pool.c
index 9cf22a233aab..f22b06328b6f 100644
--- a/contrib/ipfilter/lib/load_pool.c
+++ b/contrib/ipfilter/lib/load_pool.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: load_pool.c,v 1.14.2.3 2005/11/13 15:41:13 darrenr Exp $
+ * $Id: load_pool.c,v 1.14.2.4 2006/06/16 17:21:06 darrenr Exp $
*/
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/load_poolnode.c b/contrib/ipfilter/lib/load_poolnode.c
index e992a80281ec..2afc4d21f3ac 100644
--- a/contrib/ipfilter/lib/load_poolnode.c
+++ b/contrib/ipfilter/lib/load_poolnode.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2003-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: load_poolnode.c,v 1.3.2.1 2004/03/06 14:33:29 darrenr Exp $
+ * $Id: load_poolnode.c,v 1.3.2.3 2006/06/16 17:21:06 darrenr Exp $
*/
#include <fcntl.h>
@@ -52,7 +52,7 @@ ioctlfunc_t iocfunc;
if (err != 0) {
if ((opts & OPT_DONOTHING) == 0) {
- perror("load_pool:SIOCLOOKUP*NODE");
+ perror("load_poolnode:SIOCLOOKUP*NODE");
return -1;
}
}
diff --git a/contrib/ipfilter/lib/load_url.c b/contrib/ipfilter/lib/load_url.c
new file mode 100644
index 000000000000..77091534b0c2
--- /dev/null
+++ b/contrib/ipfilter/lib/load_url.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: load_url.c,v 1.1.2.1 2006/08/25 21:13:04 darrenr Exp $
+ */
+
+#include "ipf.h"
+
+alist_t *
+load_url(char *url)
+{
+ alist_t *hosts = NULL;
+
+ if (strncmp(url, "file://", 7) == 0) {
+ /*
+ * file:///etc/passwd
+ * ^------------s
+ */
+ hosts = load_file(url);
+
+ } else if (*url == '/' || *url == '.') {
+ hosts = load_file(url);
+
+ } else if (strncmp(url, "http://", 7) == 0) {
+ hosts = load_http(url);
+ }
+
+ return hosts;
+}
diff --git a/contrib/ipfilter/lib/mutex_emul.c b/contrib/ipfilter/lib/mutex_emul.c
index 9497ffebae55..1a5815658236 100644
--- a/contrib/ipfilter/lib/mutex_emul.c
+++ b/contrib/ipfilter/lib/mutex_emul.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2003 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: mutex_emul.c,v 1.2.4.1 2006/06/16 17:21:06 darrenr Exp $
+ */
+
#include "ipf.h"
#define EMM_MAGIC 0x9d7adba3
diff --git a/contrib/ipfilter/lib/nametokva.c b/contrib/ipfilter/lib/nametokva.c
index 9250d7ce6897..89e347467f42 100644
--- a/contrib/ipfilter/lib/nametokva.c
+++ b/contrib/ipfilter/lib/nametokva.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: nametokva.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $
+ */
+
#include "ipf.h"
#include <sys/ioctl.h>
diff --git a/contrib/ipfilter/lib/nat_setgroupmap.c b/contrib/ipfilter/lib/nat_setgroupmap.c
index 00e0df15bab6..ccf7864d40cb 100644
--- a/contrib/ipfilter/lib/nat_setgroupmap.c
+++ b/contrib/ipfilter/lib/nat_setgroupmap.c
@@ -1,10 +1,10 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: nat_setgroupmap.c,v 1.1.4.1 2006/06/16 17:21:07 darrenr Exp $";
#endif
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/ntomask.c b/contrib/ipfilter/lib/ntomask.c
index cd4e98362ff6..4a50ef804578 100644
--- a/contrib/ipfilter/lib/ntomask.c
+++ b/contrib/ipfilter/lib/ntomask.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2005 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: ntomask.c,v 1.6.2.1 2006/06/16 17:21:07 darrenr Exp $
+ */
+
#include "ipf.h"
int ntomask(v, nbits, ap)
diff --git a/contrib/ipfilter/lib/optname.c b/contrib/ipfilter/lib/optname.c
index 1f604d13d505..33e5f17be348 100644
--- a/contrib/ipfilter/lib/optname.c
+++ b/contrib/ipfilter/lib/optname.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: optname.c,v 1.3 2001/06/09 17:09:24 darrenr Exp $
+ * $Id: optname.c,v 1.3.4.1 2006/06/16 17:21:07 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/optprint.c b/contrib/ipfilter/lib/optprint.c
index ec94bbbec181..8c14fe47e6b6 100644
--- a/contrib/ipfilter/lib/optprint.c
+++ b/contrib/ipfilter/lib/optprint.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: optprint.c,v 1.6.4.1 2005/12/18 14:51:28 darrenr Exp $
+ * $Id: optprint.c,v 1.6.4.2 2006/06/16 17:21:08 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/optprintv6.c b/contrib/ipfilter/lib/optprintv6.c
index 4e4eee20d2f6..5172b5c1a6b4 100644
--- a/contrib/ipfilter/lib/optprintv6.c
+++ b/contrib/ipfilter/lib/optprintv6.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: optprintv6.c,v 1.2 2003/04/30 00:39:39 darrenr Exp $
+ * $Id: optprintv6.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/optvalue.c b/contrib/ipfilter/lib/optvalue.c
index 21d37b4d012c..37bfcf9031f4 100644
--- a/contrib/ipfilter/lib/optvalue.c
+++ b/contrib/ipfilter/lib/optvalue.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: optvalue.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $
+ * $Id: optvalue.c,v 1.2.4.1 2006/06/16 17:21:08 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c
index 7136d8c01780..d8bf1d91cc5b 100644
--- a/contrib/ipfilter/lib/portname.c
+++ b/contrib/ipfilter/lib/portname.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: portname.c,v 1.7 2003/08/14 14:27:43 darrenr Exp $
+ * $Id: portname.c,v 1.7.2.1 2006/06/16 17:21:09 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/print_toif.c b/contrib/ipfilter/lib/print_toif.c
index 5d88ef9de2d4..696fcd317279 100644
--- a/contrib/ipfilter/lib/print_toif.c
+++ b/contrib/ipfilter/lib/print_toif.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: print_toif.c,v 1.8 2002/01/28 06:50:47 darrenr Exp $
+ * $Id: print_toif.c,v 1.8.4.1 2006/06/16 17:21:09 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printactivenat.c b/contrib/ipfilter/lib/printactivenat.c
index 389818b67b2c..99f3e586e759 100644
--- a/contrib/ipfilter/lib/printactivenat.c
+++ b/contrib/ipfilter/lib/printactivenat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
@@ -10,16 +10,17 @@
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.4 2004/05/11 16:07:32 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: printactivenat.c,v 1.3.2.7 2006/12/12 16:13:00 darrenr Exp $";
#endif
-void printactivenat(nat, opts)
+void printactivenat(nat, opts, alive, now)
nat_t *nat;
-int opts;
+int opts, alive;
+u_long now;
{
- printf("%s", getnattype(nat->nat_ptr));
+ printf("%s", getnattype(nat, alive));
if (nat->nat_flags & SI_CLONE)
printf(" CLONE");
@@ -40,8 +41,9 @@ int opts;
printf("]");
if (opts & OPT_VERBOSE) {
- printf("\n\tage %lu use %hu sumd %s/",
- nat->nat_age, nat->nat_use, getsumd(nat->nat_sumd[0]));
+ printf("\n\tttl %lu use %hu sumd %s/",
+ nat->nat_age - now, nat->nat_use,
+ getsumd(nat->nat_sumd[0]));
printf("%s pr %u bkt %d/%d flags %x\n",
getsumd(nat->nat_sumd[1]), nat->nat_p,
nat->nat_hv[0], nat->nat_hv[1], nat->nat_flags);
diff --git a/contrib/ipfilter/lib/printaps.c b/contrib/ipfilter/lib/printaps.c
index 45b4b2f6adbc..c0c36d4dbf6b 100644
--- a/contrib/ipfilter/lib/printaps.c
+++ b/contrib/ipfilter/lib/printaps.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
@@ -11,7 +11,7 @@
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4 2004/01/08 13:34:32 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: printaps.c,v 1.4.2.1 2006/06/16 17:21:10 darrenr Exp $";
#endif
diff --git a/contrib/ipfilter/lib/printbuf.c b/contrib/ipfilter/lib/printbuf.c
index 613293ae19b6..bc097e025a67 100644
--- a/contrib/ipfilter/lib/printbuf.c
+++ b/contrib/ipfilter/lib/printbuf.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printbuf.c,v 1.5.4.1 2004/12/09 19:41:22 darrenr Exp $
+ * $Id: printbuf.c,v 1.5.4.2 2006/06/16 17:21:10 darrenr Exp $
*/
#include <ctype.h>
diff --git a/contrib/ipfilter/lib/printfr.c b/contrib/ipfilter/lib/printfr.c
index 6e7a405ecf7f..07506945a02c 100644
--- a/contrib/ipfilter/lib/printfr.c
+++ b/contrib/ipfilter/lib/printfr.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printfr.c,v 1.43.2.16 2006/03/29 11:19:59 darrenr Exp $
+ * $Id: printfr.c,v 1.43.2.18 2007/05/07 06:55:38 darrenr Exp $
*/
#include "ipf.h"
@@ -468,7 +468,12 @@ ioctlfunc_t iocfunc;
}
printf(")");
}
+
if (fp->fr_pps)
printf(" pps %d", fp->fr_pps);
+
+ if ((fp->fr_flags & FR_KEEPSTATE) && (opts & OPT_VERBOSE)) {
+ printf(" # count %d", fp->fr_statecnt);
+ }
(void)putchar('\n');
}
diff --git a/contrib/ipfilter/lib/printfraginfo.c b/contrib/ipfilter/lib/printfraginfo.c
index 557b031a6b35..012df06960cb 100644
--- a/contrib/ipfilter/lib/printfraginfo.c
+++ b/contrib/ipfilter/lib/printfraginfo.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2004 by Darren Reed.
+ * Copyright (C) 2004-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printfraginfo.c,v 1.1.2.2 2004/03/23 15:15:45 darrenr Exp $
+ * $Id: printfraginfo.c,v 1.1.2.5 2006/12/25 15:10:37 darrenr Exp $
*/
#include "ipf.h"
#include "kmem.h"
@@ -17,11 +17,12 @@ struct ipfr *ifr;
fr.fr_flags = 0xffffffff;
printf("%s%s -> ", prefix, hostname(4, &ifr->ipfr_src));
+/*
if (kmemcpy((char *)&fr, (u_long)ifr->ipfr_rule,
sizeof(fr)) == -1)
return;
- printf("%s id %d ttl %d pr %d seen0 %d ifp %p tos %#02x = %#x\n",
- hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_seen0,
- ifr->ipfr_ttl, ifr->ipfr_p, ifr->ipfr_ifp, ifr->ipfr_tos,
- fr.fr_flags);
+*/
+ printf("%s id %d ttl %ld pr %d seen0 %d ref %d tos %#02x\n",
+ hostname(4, &ifr->ipfr_dst), ifr->ipfr_id, ifr->ipfr_ttl,
+ ifr->ipfr_p, ifr->ipfr_seen0, ifr->ipfr_ref, ifr->ipfr_tos);
}
diff --git a/contrib/ipfilter/lib/printhash.c b/contrib/ipfilter/lib/printhash.c
index 5411190eb97e..8e7948b88d89 100644
--- a/contrib/ipfilter/lib/printhash.c
+++ b/contrib/ipfilter/lib/printhash.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -18,7 +18,7 @@ int opts;
{
iphtent_t *ipep, **table;
iphtable_t iph;
- int i, printed;
+ int printed;
size_t sz;
if ((*copyfunc)((char *)hp, (char *)&iph, sizeof(iph)))
@@ -27,94 +27,10 @@ int opts;
if ((name != NULL) && strncmp(name, iph.iph_name, FR_GROUPLEN))
return iph.iph_next;
- if ((opts & OPT_DEBUG) == 0) {
- if ((iph.iph_type & IPHASH_ANON) == IPHASH_ANON)
- PRINTF("# 'anonymous' table\n");
- switch (iph.iph_type & ~IPHASH_ANON)
- {
- case IPHASH_LOOKUP :
- PRINTF("table");
- break;
- case IPHASH_GROUPMAP :
- PRINTF("group-map");
- if (iph.iph_flags & FR_INQUE)
- PRINTF(" in");
- else if (iph.iph_flags & FR_OUTQUE)
- PRINTF(" out");
- else
- PRINTF(" ???");
- break;
- default :
- PRINTF("%#x", iph.iph_type);
- break;
- }
- PRINTF(" role = ");
- } else {
- PRINTF("Hash Table Number: %s", iph.iph_name);
- if ((iph.iph_type & IPHASH_ANON) == IPHASH_ANON)
- PRINTF("(anon)");
- putchar(' ');
- PRINTF("Role: ");
- }
-
- switch (iph.iph_unit)
- {
- case IPL_LOGNAT :
- PRINTF("nat");
- break;
- case IPL_LOGIPF :
- PRINTF("ipf");
- break;
- case IPL_LOGAUTH :
- PRINTF("auth");
- break;
- case IPL_LOGCOUNT :
- PRINTF("count");
- break;
- default :
- PRINTF("#%d", iph.iph_unit);
- break;
- }
-
- if ((opts & OPT_DEBUG) == 0) {
- if ((iph.iph_type & ~IPHASH_ANON) == IPHASH_LOOKUP)
- PRINTF(" type = hash");
- PRINTF(" number = %s size = %lu",
- iph.iph_name, (u_long)iph.iph_size);
- if (iph.iph_seed != 0)
- PRINTF(" seed = %lu", iph.iph_seed);
- putchar('\n');
- } else {
- PRINTF(" Type: ");
- switch (iph.iph_type & ~IPHASH_ANON)
- {
- case IPHASH_LOOKUP :
- PRINTF("lookup");
- break;
- case IPHASH_GROUPMAP :
- PRINTF("groupmap Group. %s", iph.iph_name);
- break;
- default :
- break;
- }
+ printhashdata(hp, opts);
- putchar('\n');
- PRINTF("\t\tSize: %lu\tSeed: %lu",
- (u_long)iph.iph_size, iph.iph_seed);
- PRINTF("\tRef. Count: %d\tMasks: %#x\n", iph.iph_ref,
- iph.iph_masks);
- }
-
- if ((opts & OPT_DEBUG) != 0) {
- struct in_addr m;
-
- for (i = 0; i < 32; i++) {
- if ((1 << i) & iph.iph_masks) {
- ntomask(4, i, &m.s_addr);
- PRINTF("\t\tMask: %s\n", inet_ntoa(m));
- }
- }
- }
+ if ((hp->iph_flags & IPHASH_DELETE) != 0)
+ PRINTF("# ");
if ((opts & OPT_DEBUG) == 0)
PRINTF("\t{");
@@ -124,11 +40,9 @@ int opts;
if ((*copyfunc)((char *)iph.iph_table, (char *)table, sz))
return NULL;
- for (i = 0, printed = 0; i < iph.iph_size; i++) {
- for (ipep = table[i]; ipep != NULL; ) {
- ipep = printhashnode(&iph, ipep, copyfunc, opts);
- printed++;
- }
+ for (printed = 0, ipep = iph.iph_list; ipep != NULL; ) {
+ ipep = printhashnode(&iph, ipep, copyfunc, opts);
+ printed++;
}
if (printed == 0)
putchar(';');
diff --git a/contrib/ipfilter/lib/printhash_live.c b/contrib/ipfilter/lib/printhash_live.c
new file mode 100644
index 000000000000..1afe63228e48
--- /dev/null
+++ b/contrib/ipfilter/lib/printhash_live.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+
+#include <sys/ioctl.h>
+#include "ipf.h"
+#include "netinet/ipl.h"
+
+#define PRINTF (void)printf
+#define FPRINTF (void)fprintf
+
+
+iphtable_t *printhash_live(hp, fd, name, opts)
+iphtable_t *hp;
+int fd;
+char *name;
+int opts;
+{
+ iphtent_t entry, *top, *node;
+ ipflookupiter_t iter;
+ int printed, last;
+ ipfobj_t obj;
+
+ if ((name != NULL) && strncmp(name, hp->iph_name, FR_GROUPLEN))
+ return hp->iph_next;
+
+ printhashdata(hp, opts);
+
+ if ((hp->iph_flags & IPHASH_DELETE) != 0)
+ PRINTF("# ");
+
+ if ((opts & OPT_DEBUG) == 0)
+ PRINTF("\t{");
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_LOOKUPITER;
+ obj.ipfo_ptr = &iter;
+ obj.ipfo_size = sizeof(iter);
+
+ iter.ili_data = &entry;
+ iter.ili_type = IPLT_HASH;
+ iter.ili_otype = IPFLOOKUPITER_NODE;
+ iter.ili_ival = IPFGENITER_LOOKUP;
+ iter.ili_unit = hp->iph_unit;
+ strncpy(iter.ili_name, hp->iph_name, FR_GROUPLEN);
+
+ last = 0;
+ top = NULL;
+ printed = 0;
+
+ while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) {
+ if (entry.ipe_next == NULL)
+ last = 1;
+ entry.ipe_next = top;
+ top = malloc(sizeof(*top));
+ if (top == NULL)
+ break;
+ bcopy(&entry, top, sizeof(entry));
+ }
+
+ while (top != NULL) {
+ node = top;
+ (void) printhashnode(hp, node, bcopywrap, opts);
+ top = node->ipe_next;
+ free(node);
+ printed++;
+ }
+
+ if (printed == 0)
+ putchar(';');
+
+ if ((opts & OPT_DEBUG) == 0)
+ PRINTF(" };\n");
+ return hp->iph_next;
+}
diff --git a/contrib/ipfilter/lib/printhashdata.c b/contrib/ipfilter/lib/printhashdata.c
new file mode 100644
index 000000000000..d278c365a69f
--- /dev/null
+++ b/contrib/ipfilter/lib/printhashdata.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+
+#include "ipf.h"
+
+#define PRINTF (void)printf
+#define FPRINTF (void)fprintf
+
+
+void printhashdata(hp, opts)
+iphtable_t *hp;
+int opts;
+{
+
+ if ((opts & OPT_DEBUG) == 0) {
+ if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON)
+ PRINTF("# 'anonymous' table\n");
+ if ((hp->iph_flags & IPHASH_DELETE) == IPHASH_DELETE)
+ PRINTF("# ");
+ switch (hp->iph_type & ~IPHASH_ANON)
+ {
+ case IPHASH_LOOKUP :
+ PRINTF("table");
+ break;
+ case IPHASH_GROUPMAP :
+ PRINTF("group-map");
+ if (hp->iph_flags & FR_INQUE)
+ PRINTF(" in");
+ else if (hp->iph_flags & FR_OUTQUE)
+ PRINTF(" out");
+ else
+ PRINTF(" ???");
+ break;
+ default :
+ PRINTF("%#x", hp->iph_type);
+ break;
+ }
+ PRINTF(" role = ");
+ } else {
+ PRINTF("Hash Table %s: %s",
+ isdigit(*hp->iph_name) ? "Number" : "Name",
+ hp->iph_name);
+ if ((hp->iph_type & IPHASH_ANON) == IPHASH_ANON)
+ PRINTF("(anon)");
+ putchar(' ');
+ PRINTF("Role: ");
+ }
+
+ switch (hp->iph_unit)
+ {
+ case IPL_LOGNAT :
+ PRINTF("nat");
+ break;
+ case IPL_LOGIPF :
+ PRINTF("ipf");
+ break;
+ case IPL_LOGAUTH :
+ PRINTF("auth");
+ break;
+ case IPL_LOGCOUNT :
+ PRINTF("count");
+ break;
+ default :
+ PRINTF("#%d", hp->iph_unit);
+ break;
+ }
+
+ if ((opts & OPT_DEBUG) == 0) {
+ if ((hp->iph_type & ~IPHASH_ANON) == IPHASH_LOOKUP)
+ PRINTF(" type = hash");
+ PRINTF(" %s = %s size = %lu",
+ isdigit(*hp->iph_name) ? "number" : "name",
+ hp->iph_name, (u_long)hp->iph_size);
+ if (hp->iph_seed != 0)
+ PRINTF(" seed = %lu", hp->iph_seed);
+ putchar('\n');
+ } else {
+ PRINTF(" Type: ");
+ switch (hp->iph_type & ~IPHASH_ANON)
+ {
+ case IPHASH_LOOKUP :
+ PRINTF("lookup");
+ break;
+ case IPHASH_GROUPMAP :
+ PRINTF("groupmap Group. %s", hp->iph_name);
+ break;
+ default :
+ break;
+ }
+
+ putchar('\n');
+ PRINTF("\t\tSize: %lu\tSeed: %lu",
+ (u_long)hp->iph_size, hp->iph_seed);
+ PRINTF("\tRef. Count: %d\tMasks: %#x\n", hp->iph_ref,
+ hp->iph_masks);
+ }
+
+ if ((opts & OPT_DEBUG) != 0) {
+ struct in_addr m;
+ int i;
+
+ for (i = 0; i < 32; i++) {
+ if ((1 << i) & hp->iph_masks) {
+ ntomask(4, i, &m.s_addr);
+ PRINTF("\t\tMask: %s\n", inet_ntoa(m));
+ }
+ }
+ }
+}
diff --git a/contrib/ipfilter/lib/printhashnode.c b/contrib/ipfilter/lib/printhashnode.c
index 05d4df7d8860..9b51af9bf9ac 100644
--- a/contrib/ipfilter/lib/printhashnode.c
+++ b/contrib/ipfilter/lib/printhashnode.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -45,6 +45,7 @@ int opts;
}
putchar(';');
}
+
ipep = ipe.ipe_next;
return ipep;
}
diff --git a/contrib/ipfilter/lib/printhostmap.c b/contrib/ipfilter/lib/printhostmap.c
index bed06078c18a..92996edfc371 100644
--- a/contrib/ipfilter/lib/printhostmap.c
+++ b/contrib/ipfilter/lib/printhostmap.c
@@ -1,14 +1,20 @@
+/*
+ * Copyright (C) 2002-2005 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: printhostmap.c,v 1.3.2.3 2006/09/30 21:42:07 darrenr Exp $
+ */
+
#include "ipf.h"
void printhostmap(hmp, hv)
hostmap_t *hmp;
u_int hv;
{
- struct in_addr in;
printf("%s,", inet_ntoa(hmp->hm_srcip));
printf("%s -> ", inet_ntoa(hmp->hm_dstip));
- in.s_addr = htonl(hmp->hm_mapip.s_addr);
- printf("%s ", inet_ntoa(in));
+ printf("%s ", inet_ntoa(hmp->hm_mapip));
printf("(use = %d hv = %u)\n", hmp->hm_ref, hv);
}
diff --git a/contrib/ipfilter/lib/printhostmask.c b/contrib/ipfilter/lib/printhostmask.c
index 207e36394f69..105fb20bb56e 100644
--- a/contrib/ipfilter/lib/printhostmask.c
+++ b/contrib/ipfilter/lib/printhostmask.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printhostmask.c,v 1.8 2002/04/11 15:01:19 darrenr Exp $
+ * $Id: printhostmask.c,v 1.8.4.1 2006/06/16 17:21:12 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printifname.c b/contrib/ipfilter/lib/printifname.c
index 12d46ffc31ef..1bfe27deeb83 100644
--- a/contrib/ipfilter/lib/printifname.c
+++ b/contrib/ipfilter/lib/printifname.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printifname.c,v 1.2 2002/01/28 06:50:47 darrenr Exp $
+ * $Id: printifname.c,v 1.2.4.1 2006/06/16 17:21:12 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printip.c b/contrib/ipfilter/lib/printip.c
index 828e0c1edcf2..fb91208e9f6b 100644
--- a/contrib/ipfilter/lib/printip.c
+++ b/contrib/ipfilter/lib/printip.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printip.c,v 1.3 2002/07/13 12:10:27 darrenr Exp $
+ * $Id: printip.c,v 1.3.4.1 2006/06/16 17:21:12 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printlog.c b/contrib/ipfilter/lib/printlog.c
index bf84eee87831..192c6717e100 100644
--- a/contrib/ipfilter/lib/printlog.c
+++ b/contrib/ipfilter/lib/printlog.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printlog.c,v 1.6.4.2 2005/12/18 14:49:06 darrenr Exp $
+ * $Id: printlog.c,v 1.6.4.3 2006/06/16 17:21:12 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printmask.c b/contrib/ipfilter/lib/printmask.c
index 18bf46f1c688..27b3e6cbbf6e 100644
--- a/contrib/ipfilter/lib/printmask.c
+++ b/contrib/ipfilter/lib/printmask.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printmask.c,v 1.5 2002/06/15 04:48:33 darrenr Exp $
+ * $Id: printmask.c,v 1.5.4.1 2006/06/16 17:21:13 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printnat.c b/contrib/ipfilter/lib/printnat.c
index 8ca4125f059e..da375d9b1076 100644
--- a/contrib/ipfilter/lib/printnat.c
+++ b/contrib/ipfilter/lib/printnat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
@@ -11,7 +11,7 @@
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.11 2005/11/14 17:45:06 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: printnat.c,v 1.22.2.13 2006/12/09 10:37:47 darrenr Exp $";
#endif
/*
@@ -46,10 +46,16 @@ int opts;
break;
}
- printf(" %s", np->in_ifnames[0]);
+ if (!strcmp(np->in_ifnames[0], "-"))
+ printf(" \"%s\"", np->in_ifnames[0]);
+ else
+ printf(" %s", np->in_ifnames[0]);
if ((np->in_ifnames[1][0] != '\0') &&
(strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) {
- printf(",%s", np->in_ifnames[1]);
+ if (!strcmp(np->in_ifnames[1], "-"))
+ printf(",\"%s\"", np->in_ifnames[1]);
+ else
+ printf(",%s", np->in_ifnames[1]);
}
putchar(' ');
diff --git a/contrib/ipfilter/lib/printpacket.c b/contrib/ipfilter/lib/printpacket.c
index dada8d0a55bd..142028ac5851 100644
--- a/contrib/ipfilter/lib/printpacket.c
+++ b/contrib/ipfilter/lib/printpacket.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printpacket.c,v 1.12.4.2 2005/12/04 09:33:06 darrenr Exp $
+ * $Id: printpacket.c,v 1.12.4.4 2006/09/30 21:44:43 darrenr Exp $
*/
#include "ipf.h"
@@ -41,6 +41,7 @@ struct ip *ip;
putchar(' ');
}
putchar('\n');
+ putchar('\n');
return;
}
diff --git a/contrib/ipfilter/lib/printpacket6.c b/contrib/ipfilter/lib/printpacket6.c
index f0147f107f02..16c807de647e 100644
--- a/contrib/ipfilter/lib/printpacket6.c
+++ b/contrib/ipfilter/lib/printpacket6.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: printpacket6.c,v 1.3.4.1 2006/06/16 17:21:13 darrenr Exp $
+ */
+
#include "ipf.h"
/*
diff --git a/contrib/ipfilter/lib/printpool.c b/contrib/ipfilter/lib/printpool.c
index 6af4460b01c5..cfb1e785a003 100644
--- a/contrib/ipfilter/lib/printpool.c
+++ b/contrib/ipfilter/lib/printpool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -24,58 +24,12 @@ int opts;
if ((name != NULL) && strncmp(name, ipp.ipo_name, FR_GROUPLEN))
return ipp.ipo_next;
- if ((opts & OPT_DEBUG) == 0) {
- if ((ipp.ipo_flags & IPOOL_ANON) != 0)
- PRINTF("# 'anonymous' tree %s\n", ipp.ipo_name);
- PRINTF("table role = ");
- } else {
- PRINTF("Name: %s", ipp.ipo_name);
- if ((ipp.ipo_flags & IPOOL_ANON) == IPOOL_ANON)
- PRINTF("(anon)");
- putchar(' ');
- PRINTF("Role: ");
- }
-
- switch (ipp.ipo_unit)
- {
- case IPL_LOGIPF :
- printf("ipf");
- break;
- case IPL_LOGNAT :
- printf("nat");
- break;
- case IPL_LOGSTATE :
- printf("state");
- break;
- case IPL_LOGAUTH :
- printf("auth");
- break;
- case IPL_LOGSYNC :
- printf("sync");
- break;
- case IPL_LOGSCAN :
- printf("scan");
- break;
- case IPL_LOGLOOKUP :
- printf("lookup");
- break;
- case IPL_LOGCOUNT :
- printf("count");
- break;
- default :
- printf("unknown(%d)", ipp.ipo_unit);
- }
+ printpooldata(&ipp, opts);
- if ((opts & OPT_DEBUG) == 0) {
- PRINTF(" type = tree number = %s\n", ipp.ipo_name);
+ if ((ipp.ipo_flags & IPOOL_DELETE) != 0)
+ PRINTF("# ");
+ if ((opts & OPT_DEBUG) == 0)
PRINTF("\t{");
- } else {
- putchar(' ');
-
- PRINTF("\tReferences: %d\tHits: %lu\n", ipp.ipo_ref,
- ipp.ipo_hits);
- PRINTF("\tNodes Starting at %p\n", ipp.ipo_list);
- }
ipnpn = ipp.ipo_list;
ipp.ipo_list = NULL;
diff --git a/contrib/ipfilter/lib/printpool_live.c b/contrib/ipfilter/lib/printpool_live.c
new file mode 100644
index 000000000000..0588cfbb7c8d
--- /dev/null
+++ b/contrib/ipfilter/lib/printpool_live.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+
+#include <sys/ioctl.h>
+#include "ipf.h"
+#include "netinet/ipl.h"
+
+#define PRINTF (void)printf
+#define FPRINTF (void)fprintf
+
+
+ip_pool_t *printpool_live(pool, fd, name, opts)
+ip_pool_t *pool;
+int fd;
+char *name;
+int opts;
+{
+ ip_pool_node_t entry, *top, *node;
+ ipflookupiter_t iter;
+ int printed, last;
+ ipfobj_t obj;
+
+ if ((name != NULL) && strncmp(name, pool->ipo_name, FR_GROUPLEN))
+ return pool->ipo_next;
+
+ printpooldata(pool, opts);
+
+ if ((pool->ipo_flags & IPOOL_DELETE) != 0)
+ PRINTF("# ");
+ if ((opts & OPT_DEBUG) == 0)
+ PRINTF("\t{");
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_LOOKUPITER;
+ obj.ipfo_ptr = &iter;
+ obj.ipfo_size = sizeof(iter);
+
+ iter.ili_data = &entry;
+ iter.ili_type = IPLT_POOL;
+ iter.ili_otype = IPFLOOKUPITER_NODE;
+ iter.ili_ival = IPFGENITER_LOOKUP;
+ iter.ili_unit = pool->ipo_unit;
+ strncpy(iter.ili_name, pool->ipo_name, FR_GROUPLEN);
+
+ last = 0;
+ top = NULL;
+ printed = 0;
+
+ while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) {
+ if (entry.ipn_next == NULL)
+ last = 1;
+ entry.ipn_next = top;
+ top = malloc(sizeof(*top));
+ if (top == NULL)
+ break;
+ bcopy(&entry, top, sizeof(entry));
+ }
+
+ while (top != NULL) {
+ node = top;
+ (void) printpoolnode(node, opts);
+ if ((opts & OPT_DEBUG) == 0)
+ putchar(';');
+ top = node->ipn_next;
+ free(node);
+ printed++;
+ }
+
+ if (printed == 0)
+ putchar(';');
+
+ if ((opts & OPT_DEBUG) == 0)
+ PRINTF(" };\n");
+ return pool->ipo_next;
+}
diff --git a/contrib/ipfilter/lib/printpooldata.c b/contrib/ipfilter/lib/printpooldata.c
new file mode 100644
index 000000000000..8d8e962cbbde
--- /dev/null
+++ b/contrib/ipfilter/lib/printpooldata.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+
+#include "ipf.h"
+
+#define PRINTF (void)printf
+#define FPRINTF (void)fprintf
+
+void printpooldata(pool, opts)
+ip_pool_t *pool;
+int opts;
+{
+
+ if ((opts & OPT_DEBUG) == 0) {
+ if ((pool->ipo_flags & IPOOL_ANON) != 0)
+ PRINTF("# 'anonymous' tree %s\n", pool->ipo_name);
+ if ((pool->ipo_flags & IPOOL_DELETE) != 0)
+ PRINTF("# ");
+ PRINTF("table role = ");
+ } else {
+ if ((pool->ipo_flags & IPOOL_DELETE) != 0)
+ PRINTF("# ");
+ PRINTF("%s: %s",
+ isdigit(*pool->ipo_name) ? "Number" : "Name",
+ pool->ipo_name);
+ if ((pool->ipo_flags & IPOOL_ANON) == IPOOL_ANON)
+ PRINTF("(anon)");
+ putchar(' ');
+ PRINTF("Role: ");
+ }
+
+ switch (pool->ipo_unit)
+ {
+ case IPL_LOGIPF :
+ printf("ipf");
+ break;
+ case IPL_LOGNAT :
+ printf("nat");
+ break;
+ case IPL_LOGSTATE :
+ printf("state");
+ break;
+ case IPL_LOGAUTH :
+ printf("auth");
+ break;
+ case IPL_LOGSYNC :
+ printf("sync");
+ break;
+ case IPL_LOGSCAN :
+ printf("scan");
+ break;
+ case IPL_LOGLOOKUP :
+ printf("lookup");
+ break;
+ case IPL_LOGCOUNT :
+ printf("count");
+ break;
+ default :
+ printf("unknown(%d)", pool->ipo_unit);
+ }
+
+ if ((opts & OPT_DEBUG) == 0) {
+ PRINTF(" type = tree %s = %s\n",
+ isdigit(*pool->ipo_name) ? "number" : "name",
+ pool->ipo_name);
+ } else {
+ putchar(' ');
+
+ PRINTF("\tReferences: %d\tHits: %lu\n", pool->ipo_ref,
+ pool->ipo_hits);
+ if ((pool->ipo_flags & IPOOL_DELETE) != 0)
+ PRINTF("# ");
+ PRINTF("\tNodes Starting at %p\n", pool->ipo_list);
+ }
+}
diff --git a/contrib/ipfilter/lib/printpoolnode.c b/contrib/ipfilter/lib/printpoolnode.c
index e2f953652985..a53ee3306512 100644
--- a/contrib/ipfilter/lib/printpoolnode.c
+++ b/contrib/ipfilter/lib/printpoolnode.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -21,11 +21,11 @@ int opts;
printip((u_32_t *)&np->ipn_addr.adf_addr.in4);
printmask((u_32_t *)&np->ipn_mask.adf_addr);
} else {
- PRINTF("\t\t%s%s", np->ipn_info ? "! " : "",
+ PRINTF("\tAddress: %s%s", np->ipn_info ? "! " : "",
inet_ntoa(np->ipn_addr.adf_addr.in4));
printmask((u_32_t *)&np->ipn_mask.adf_addr);
- PRINTF("\n\t\tHits %lu\tName %s\n",
- np->ipn_hits, np->ipn_name);
+ PRINTF("\t\tHits %lu\tName %s\tRef %d\n",
+ np->ipn_hits, np->ipn_name, np->ipn_ref);
}
return np->ipn_next;
}
diff --git a/contrib/ipfilter/lib/printportcmp.c b/contrib/ipfilter/lib/printportcmp.c
index b1ecd366f7e3..a8203874c49f 100644
--- a/contrib/ipfilter/lib/printportcmp.c
+++ b/contrib/ipfilter/lib/printportcmp.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: printportcmp.c,v 1.7 2003/02/16 02:31:05 darrenr Exp $
+ * $Id: printportcmp.c,v 1.7.4.1 2006/06/16 17:21:14 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/printproto.c b/contrib/ipfilter/lib/printproto.c
index dd0ce39ca57e..e65ec1160826 100644
--- a/contrib/ipfilter/lib/printproto.c
+++ b/contrib/ipfilter/lib/printproto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2005 by Darren Reed.
+ * Copyright (C) 2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -8,7 +8,7 @@
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.1 2005/06/12 07:21:53 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: printproto.c,v 1.1.2.2 2006/06/16 17:21:14 darrenr Exp $";
#endif
diff --git a/contrib/ipfilter/lib/printsbuf.c b/contrib/ipfilter/lib/printsbuf.c
index b066b58ac1bb..81f5e0b06750 100644
--- a/contrib/ipfilter/lib/printsbuf.c
+++ b/contrib/ipfilter/lib/printsbuf.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: printsbuf.c,v 1.2.4.2 2006/06/16 17:21:14 darrenr Exp $
+ */
+
#ifdef IPFILTER_SCAN
#include <ctype.h>
diff --git a/contrib/ipfilter/lib/printstate.c b/contrib/ipfilter/lib/printstate.c
index 102b0ea2b7c6..c1c14423d4f3 100644
--- a/contrib/ipfilter/lib/printstate.c
+++ b/contrib/ipfilter/lib/printstate.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2002-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -15,64 +15,64 @@ ipstate_t *sp;
int opts;
u_long now;
{
- ipstate_t ips;
synclist_t ipsync;
- if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips)))
- return NULL;
-
- PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4));
- PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n",
- hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p,
- ips.is_state[0], ips.is_state[1], ips.is_hv);
- PRINTF("\ttag %u ttl %lu", ips.is_tag, ips.is_die - now);
+ if (sp->is_phnext == NULL)
+ PRINTF("ORPHAN ");
+ PRINTF("%s -> ", hostname(sp->is_v, &sp->is_src.in4));
+ PRINTF("%s pass %#x pr %d state %d/%d",
+ hostname(sp->is_v, &sp->is_dst.in4), sp->is_pass, sp->is_p,
+ sp->is_state[0], sp->is_state[1]);
+ if (opts & OPT_DEBUG)
+ PRINTF(" bkt %d ref %d", sp->is_hv, sp->is_ref);
+ PRINTF("\n\ttag %u ttl %lu", sp->is_tag, sp->is_die - now);
- if (ips.is_p == IPPROTO_TCP) {
+ if (sp->is_p == IPPROTO_TCP) {
PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n",
- ntohs(ips.is_sport), ntohs(ips.is_dport),
- ips.is_send, ips.is_dend,
- ips.is_maxswin, ips.is_swinscale,
- ips.is_maxdwin, ips.is_dwinscale);
+ ntohs(sp->is_sport), ntohs(sp->is_dport),
+ sp->is_send, sp->is_dend,
+ sp->is_maxswin, sp->is_swinscale,
+ sp->is_maxdwin, sp->is_dwinscale);
PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n",
- ips.is_smsk[0], ips.is_smsk[1], ips.is_isc,
- ips.is_s0[0], ips.is_s0[1]);
+ sp->is_smsk[0], sp->is_smsk[1], sp->is_isc,
+ sp->is_s0[0], sp->is_s0[1]);
PRINTF("\tFWD:ISN inc %x sumd %x\n",
- ips.is_isninc[0], ips.is_sumd[0]);
+ sp->is_isninc[0], sp->is_sumd[0]);
PRINTF("\tREV:ISN inc %x sumd %x\n",
- ips.is_isninc[1], ips.is_sumd[1]);
+ sp->is_isninc[1], sp->is_sumd[1]);
#ifdef IPFILTER_SCAN
PRINTF("\tsbuf[0] [");
- printsbuf(ips.is_sbuf[0]);
+ printsbuf(sp->is_sbuf[0]);
PRINTF("] sbuf[1] [");
- printsbuf(ips.is_sbuf[1]);
+ printsbuf(sp->is_sbuf[1]);
PRINTF("]\n");
#endif
- } else if (ips.is_p == IPPROTO_UDP) {
- PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport),
- ntohs(ips.is_dport));
- } else if (ips.is_p == IPPROTO_GRE) {
- PRINTF(" call %hx/%hx\n", ntohs(ips.is_gre.gs_call[0]),
- ntohs(ips.is_gre.gs_call[1]));
- } else if (ips.is_p == IPPROTO_ICMP
+ } else if (sp->is_p == IPPROTO_UDP) {
+ PRINTF(" %hu -> %hu\n", ntohs(sp->is_sport),
+ ntohs(sp->is_dport));
+ } else if (sp->is_p == IPPROTO_GRE) {
+ PRINTF(" call %hx/%hx\n", ntohs(sp->is_gre.gs_call[0]),
+ ntohs(sp->is_gre.gs_call[1]));
+ } else if (sp->is_p == IPPROTO_ICMP
#ifdef USE_INET6
- || ips.is_p == IPPROTO_ICMPV6
+ || sp->is_p == IPPROTO_ICMPV6
#endif
)
- PRINTF(" id %hu seq %hu type %d\n", ips.is_icmp.ici_id,
- ips.is_icmp.ici_seq, ips.is_icmp.ici_type);
+ PRINTF(" id %hu seq %hu type %d\n", sp->is_icmp.ici_id,
+ sp->is_icmp.ici_seq, sp->is_icmp.ici_type);
#ifdef USE_QUAD_T
PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n",
- ips.is_pkts[0], ips.is_bytes[0],
- ips.is_pkts[1], ips.is_bytes[1],
- ips.is_pkts[2], ips.is_bytes[2],
- ips.is_pkts[3], ips.is_bytes[3]);
+ sp->is_pkts[0], sp->is_bytes[0],
+ sp->is_pkts[1], sp->is_bytes[1],
+ sp->is_pkts[2], sp->is_bytes[2],
+ sp->is_pkts[3], sp->is_bytes[3]);
#else
PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n",
- ips.is_pkts[0], ips.is_bytes[0],
- ips.is_pkts[1], ips.is_bytes[1],
- ips.is_pkts[2], ips.is_bytes[2],
- ips.is_pkts[3], ips.is_bytes[3]);
+ sp->is_pkts[0], sp->is_bytes[0],
+ sp->is_pkts[1], sp->is_bytes[1],
+ sp->is_pkts[2], sp->is_bytes[2],
+ sp->is_pkts[3], sp->is_bytes[3]);
#endif
PRINTF("\t");
@@ -81,11 +81,11 @@ u_long now;
* Print out bits set in the result code for the state being
* kept as they would for a rule.
*/
- if (FR_ISPASS(ips.is_pass)) {
+ if (FR_ISPASS(sp->is_pass)) {
PRINTF("pass");
- } else if (FR_ISBLOCK(ips.is_pass)) {
+ } else if (FR_ISBLOCK(sp->is_pass)) {
PRINTF("block");
- switch (ips.is_pass & FR_RETMASK)
+ switch (sp->is_pass & FR_RETMASK)
{
case FR_RETICMP :
PRINTF(" return-icmp");
@@ -99,77 +99,77 @@ u_long now;
default :
break;
}
- } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) {
+ } else if ((sp->is_pass & FR_LOGMASK) == FR_LOG) {
PRINTF("log");
- if (ips.is_pass & FR_LOGBODY)
+ if (sp->is_pass & FR_LOGBODY)
PRINTF(" body");
- if (ips.is_pass & FR_LOGFIRST)
+ if (sp->is_pass & FR_LOGFIRST)
PRINTF(" first");
- } else if (FR_ISACCOUNT(ips.is_pass)) {
+ } else if (FR_ISACCOUNT(sp->is_pass)) {
PRINTF("count");
- } else if (FR_ISPREAUTH(ips.is_pass)) {
+ } else if (FR_ISPREAUTH(sp->is_pass)) {
PRINTF("preauth");
- } else if (FR_ISAUTH(ips.is_pass))
+ } else if (FR_ISAUTH(sp->is_pass))
PRINTF("auth");
- if (ips.is_pass & FR_OUTQUE)
+ if (sp->is_pass & FR_OUTQUE)
PRINTF(" out");
else
PRINTF(" in");
- if ((ips.is_pass & FR_LOG) != 0) {
+ if ((sp->is_pass & FR_LOG) != 0) {
PRINTF(" log");
- if (ips.is_pass & FR_LOGBODY)
+ if (sp->is_pass & FR_LOGBODY)
PRINTF(" body");
- if (ips.is_pass & FR_LOGFIRST)
+ if (sp->is_pass & FR_LOGFIRST)
PRINTF(" first");
- if (ips.is_pass & FR_LOGORBLOCK)
+ if (sp->is_pass & FR_LOGORBLOCK)
PRINTF(" or-block");
}
- if (ips.is_pass & FR_QUICK)
+ if (sp->is_pass & FR_QUICK)
PRINTF(" quick");
- if (ips.is_pass & FR_KEEPFRAG)
+ if (sp->is_pass & FR_KEEPFRAG)
PRINTF(" keep frags");
/* a given; no? */
- if (ips.is_pass & FR_KEEPSTATE) {
+ if (sp->is_pass & FR_KEEPSTATE) {
PRINTF(" keep state");
- if (ips.is_pass & FR_STATESYNC)
+ if (sp->is_pass & FR_STATESYNC)
PRINTF(" ( sync )");
}
- PRINTF("\tIPv%d", ips.is_v);
+ PRINTF("\tIPv%d", sp->is_v);
PRINTF("\n");
PRINTF("\tpkt_flags & %x(%x) = %x,\t",
- ips.is_flags & 0xf, ips.is_flags,
- ips.is_flags >> 4);
- PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0],
- ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]);
+ sp->is_flags & 0xf, sp->is_flags,
+ sp->is_flags >> 4);
+ PRINTF("\tpkt_options & %x = %x, %x = %x \n", sp->is_optmsk[0],
+ sp->is_opt[0], sp->is_optmsk[1], sp->is_opt[1]);
PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
- ips.is_secmsk, ips.is_sec, ips.is_authmsk,
- ips.is_auth);
- PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1],
- ips.is_flx[1][0], ips.is_flx[1][1]);
- PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]),
- ips.is_ifname[0]);
+ sp->is_secmsk, sp->is_sec, sp->is_authmsk,
+ sp->is_auth);
+ PRINTF("\tis_flx %#x %#x %#x %#x\n", sp->is_flx[0][0], sp->is_flx[0][1],
+ sp->is_flx[1][0], sp->is_flx[1][1]);
+ PRINTF("\tinterfaces: in %s[%s", getifname(sp->is_ifp[0]),
+ sp->is_ifname[0]);
if (opts & OPT_DEBUG)
- PRINTF("/%p", ips.is_ifp[0]);
+ PRINTF("/%p", sp->is_ifp[0]);
putchar(']');
- PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]);
+ PRINTF(",%s[%s", getifname(sp->is_ifp[1]), sp->is_ifname[1]);
if (opts & OPT_DEBUG)
- PRINTF("/%p", ips.is_ifp[1]);
+ PRINTF("/%p", sp->is_ifp[1]);
putchar(']');
- PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]);
+ PRINTF(" out %s[%s", getifname(sp->is_ifp[2]), sp->is_ifname[2]);
if (opts & OPT_DEBUG)
- PRINTF("/%p", ips.is_ifp[2]);
+ PRINTF("/%p", sp->is_ifp[2]);
putchar(']');
- PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]);
+ PRINTF(",%s[%s", getifname(sp->is_ifp[3]), sp->is_ifname[3]);
if (opts & OPT_DEBUG)
- PRINTF("/%p", ips.is_ifp[3]);
+ PRINTF("/%p", sp->is_ifp[3]);
PRINTF("]\n");
- if (ips.is_sync != NULL) {
+ if (sp->is_sync != NULL) {
- if (kmemcpy((char *)&ipsync, (u_long)ips.is_sync, sizeof(ipsync))) {
+ if (kmemcpy((char *)&ipsync, (u_long)sp->is_sync, sizeof(ipsync))) {
PRINTF("\tSync status: status could not be retrieved\n");
return NULL;
@@ -183,5 +183,5 @@ u_long now;
PRINTF("\tSync status: not synchronized\n");
}
- return ips.is_next;
+ return sp->is_next;
}
diff --git a/contrib/ipfilter/lib/printtqtable.c b/contrib/ipfilter/lib/printtqtable.c
new file mode 100644
index 000000000000..67adb53b1c34
--- /dev/null
+++ b/contrib/ipfilter/lib/printtqtable.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2007 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
+
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include "ipf.h"
+
+
+void printtqtable(table)
+ipftq_t *table;
+{
+ int i;
+
+ printf("TCP Entries per state\n");
+ for (i = 0; i < IPF_TCP_NSTATES; i++)
+ printf(" %5d", i);
+ printf("\n");
+
+ for (i = 0; i < IPF_TCP_NSTATES; i++)
+ printf(" %5d", table[i].ifq_ref - 1);
+ printf("\n");
+}
diff --git a/contrib/ipfilter/lib/printtunable.c b/contrib/ipfilter/lib/printtunable.c
index 5c26851c7960..dcf9f859355a 100644
--- a/contrib/ipfilter/lib/printtunable.c
+++ b/contrib/ipfilter/lib/printtunable.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2003 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: printtunable.c,v 1.1.4.1 2006/06/16 17:21:15 darrenr Exp $
+ */
+
#include "ipf.h"
void printtunable(tup)
diff --git a/contrib/ipfilter/lib/remove_hash.c b/contrib/ipfilter/lib/remove_hash.c
index d1830ac76a2e..55dab91ed164 100644
--- a/contrib/ipfilter/lib/remove_hash.c
+++ b/contrib/ipfilter/lib/remove_hash.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: remove_hash.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $
+ * $Id: remove_hash.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $
*/
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/remove_hashnode.c b/contrib/ipfilter/lib/remove_hashnode.c
index afa0dbc554d8..d51f8ab53019 100644
--- a/contrib/ipfilter/lib/remove_hashnode.c
+++ b/contrib/ipfilter/lib/remove_hashnode.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: remove_hashnode.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $
+ * $Id: remove_hashnode.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $
*/
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/remove_pool.c b/contrib/ipfilter/lib/remove_pool.c
index d14529ab40e0..19ab4c6c11be 100644
--- a/contrib/ipfilter/lib/remove_pool.c
+++ b/contrib/ipfilter/lib/remove_pool.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: remove_pool.c,v 1.1 2003/04/13 06:40:14 darrenr Exp $
+ * $Id: remove_pool.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $
*/
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/remove_poolnode.c b/contrib/ipfilter/lib/remove_poolnode.c
index 2c7f9d302802..ad04b23c03aa 100644
--- a/contrib/ipfilter/lib/remove_poolnode.c
+++ b/contrib/ipfilter/lib/remove_poolnode.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2002 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: remove_poolnode.c,v 1.3 2003/11/22 10:14:36 darrenr Exp $
+ * $Id: remove_poolnode.c,v 1.3.2.1 2006/06/16 17:21:16 darrenr Exp $
*/
#include <fcntl.h>
diff --git a/contrib/ipfilter/lib/resetlexer.c b/contrib/ipfilter/lib/resetlexer.c
index d16a05e0ba39..ab9b82e468a8 100644
--- a/contrib/ipfilter/lib/resetlexer.c
+++ b/contrib/ipfilter/lib/resetlexer.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: resetlexer.c,v 1.1.4.1 2006/06/16 17:21:16 darrenr Exp $
+ */
+
#include "ipf.h"
long string_start = -1;
diff --git a/contrib/ipfilter/lib/rwlock_emul.c b/contrib/ipfilter/lib/rwlock_emul.c
index 3bccd9ab05b9..1f0c3a815662 100644
--- a/contrib/ipfilter/lib/rwlock_emul.c
+++ b/contrib/ipfilter/lib/rwlock_emul.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2003 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: rwlock_emul.c,v 1.1.4.1 2006/06/16 17:21:17 darrenr Exp $
+ */
+
#include "ipf.h"
#define EMM_MAGIC 0x97dd8b3a
diff --git a/contrib/ipfilter/lib/tcp_flags.c b/contrib/ipfilter/lib/tcp_flags.c
index 9c33da957df9..67b7dad9431e 100644
--- a/contrib/ipfilter/lib/tcp_flags.c
+++ b/contrib/ipfilter/lib/tcp_flags.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2004 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: tcp_flags.c,v 1.8 2004/02/07 18:15:54 darrenr Exp $
+ * $Id: tcp_flags.c,v 1.8.2.1 2006/06/16 17:21:17 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/tcpflags.c b/contrib/ipfilter/lib/tcpflags.c
index d4d6145c2707..bf2c284417cd 100644
--- a/contrib/ipfilter/lib/tcpflags.c
+++ b/contrib/ipfilter/lib/tcpflags.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: tcpflags.c,v 1.3 2002/11/02 07:18:01 darrenr Exp $
+ * $Id: tcpflags.c,v 1.3.4.1 2006/06/16 17:21:17 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/tcpoptnames.c b/contrib/ipfilter/lib/tcpoptnames.c
index 39f3dbbe18dc..7c037366e0f2 100644
--- a/contrib/ipfilter/lib/tcpoptnames.c
+++ b/contrib/ipfilter/lib/tcpoptnames.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2002 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: tcpoptnames.c,v 1.5 2002/01/28 06:50:48 darrenr Exp $
+ * $Id: tcpoptnames.c,v 1.5.4.1 2006/06/16 17:21:17 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/v6ionames.c b/contrib/ipfilter/lib/v6ionames.c
index c89e27c784e2..97c20b0a512a 100644
--- a/contrib/ipfilter/lib/v6ionames.c
+++ b/contrib/ipfilter/lib/v6ionames.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2003-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: v6ionames.c,v 1.1.4.2 2005/10/17 18:31:09 darrenr Exp $
+ * $Id: v6ionames.c,v 1.1.4.3 2006/06/16 17:21:18 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/v6optvalue.c b/contrib/ipfilter/lib/v6optvalue.c
index fd8e2e22b649..6123fc247046 100644
--- a/contrib/ipfilter/lib/v6optvalue.c
+++ b/contrib/ipfilter/lib/v6optvalue.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: v6optvalue.c,v 1.1 2003/04/26 04:55:58 darrenr Exp $
+ * $Id: v6optvalue.c,v 1.1.4.1 2006/06/16 17:21:18 darrenr Exp $
*/
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/var.c b/contrib/ipfilter/lib/var.c
index 37d310b130de..3d90a236818a 100644
--- a/contrib/ipfilter/lib/var.c
+++ b/contrib/ipfilter/lib/var.c
@@ -1,3 +1,11 @@
+/*
+ * Copyright (C) 2002-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id: var.c,v 1.4.2.3 2006/06/16 17:21:18 darrenr Exp $
+ */
+
#include <ctype.h>
#include "ipf.h"
diff --git a/contrib/ipfilter/lib/verbose.c b/contrib/ipfilter/lib/verbose.c
index e386038d1bb7..4a856b0c0f53 100644
--- a/contrib/ipfilter/lib/verbose.c
+++ b/contrib/ipfilter/lib/verbose.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2000-2001 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: verbose.c,v 1.6 2001/06/09 17:09:25 darrenr Exp $
+ * $Id: verbose.c,v 1.6.4.1 2006/06/16 17:21:18 darrenr Exp $
*/
#if defined(__STDC__)
diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8
index 431157774834..a438415ea7b7 100644
--- a/contrib/ipfilter/man/ipf.8
+++ b/contrib/ipfilter/man/ipf.8
@@ -73,6 +73,17 @@ one of the two options may be given. A fully established connection
will show up in \fBipfstat -s\fP output as 5/5, with deviations either
way indicating it is not fully established any more.
.TP
+.BR \-F <5|6|7|8|9|10|11>
+For the TCP states that represent the closing of a connection has begun,
+be it only one side or the complete connection, it is possible to flush
+those states directly using the number corresponding to that state.
+The numbers relate to the states as follows: 5 = close-wait, 6 = fin-wait-1,
+7 = closing, 8 = last-ack, 9 = fin-wait-2, 10 = time-wait, 11 = closed.
+.TP
+.BR \-F <number>
+If the argument supplied to \fB-F\fP is greater than 30, then state table
+entries that have been idle for more than this many seconds will be flushed.
+.TP
.BR \-f \0<filename>
This option specifies which files
\fBipf\fP should use to get input from for modifying the packet filter rule
@@ -104,6 +115,7 @@ Remove matching filter rules rather than add them to the internal lists
.TP
.B \-s
Swap the active filter list in use to be the "other" one.
+.TP
.B \-T <optionlist>
This option allows run-time changing of IPFilter kernel variables. Some
variables require IPFilter to be in a disabled state (\fB-D\fP) for changing,
diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8
index a3ec72a5c8d0..95cf6f37ff1f 100644
--- a/contrib/ipfilter/man/ipfstat.8
+++ b/contrib/ipfilter/man/ipfstat.8
@@ -123,7 +123,11 @@ seconds between an update. Any positive integer can be used. The default (and
minimal update time) is 1.
.TP
.B \-v
-Turn verbose mode on. Displays more debugging information.
+Turn verbose mode on. Displays more debugging information. When used with
+either \fB-i\fP or \fB-o\fP, counters associated with the rule, such as the
+number of times it has been matched and the number of bytes from such packets
+is displayed. For "keep state" rules, a count of the number of state sessions
+active against the rule is also displayed.
.SH SYNOPSIS
The role of \fBipfstat\fP is to display current kernel statistics gathered
as a result of applying the filters in place (if any) to packets going in and
diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8
index 03ffc81e584f..905a9c875404 100644
--- a/contrib/ipfilter/man/ipmon.8
+++ b/contrib/ipfilter/man/ipmon.8
@@ -106,6 +106,7 @@ even should the result be zero.
.B \-L <facility>
Using this option allows you to change the default syslog facility that
ipmon uses for syslog messages. The default is local0.
+.TP
.B \-n
IP addresses and port numbers will be mapped, where possible, back into
hostnames and service names.
diff --git a/contrib/ipfilter/radix_ipf.h b/contrib/ipfilter/radix_ipf.h
index 357b9c40dc2d..1fe10df171ad 100644
--- a/contrib/ipfilter/radix_ipf.h
+++ b/contrib/ipfilter/radix_ipf.h
@@ -40,7 +40,7 @@
# endif
#endif
-#if defined(__sgi)
+#if defined(__sgi) || defined(__osf__)
# define radix_mask ipf_radix_mask
# define radix_node ipf_radix_node
# define radix_node_head ipf_radix_node_head
diff --git a/contrib/ipfilter/test/Makefile b/contrib/ipfilter/test/Makefile
index 192390801708..9273ca6113e9 100644
--- a/contrib/ipfilter/test/Makefile
+++ b/contrib/ipfilter/test/Makefile
@@ -30,15 +30,15 @@ ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 \
ntests: n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14
nitests: ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 \
- ni16 ni19 ni20 ni21
+ ni16 ni19 ni20 ni21 ni23
intests: in1 in2 in3 in4 in5 in6
logtests: l1
-pools: p1 p2 p3 ip1
+pools: p1 p2 p3 p5 ip1 ip2
-ipv6: ipv6.1 ipv6.2 ipv6.3
+ipv6: ipv6.1 ipv6.2 ipv6.3 ipv6.5
bpf: bpf1 bpf-f1
@@ -54,10 +54,10 @@ i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21 bpf1:
n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14:
@/bin/sh ./nattest `awk "/^$@ / { print; } " test.format`
-ni1 ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20:
+ni2 ni3 ni4 ni5 ni7 ni8 ni9 ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20:
@/bin/sh ./natipftest single `awk "/^$@ / { print; } " test.format`
-ni6 ni21:
+ni1 ni6 ni21 ni23:
@/bin/sh ./natipftest multi `awk "/^$@ / { print; } " test.format`
in1 in2 in3 in4 in5 in6:
@@ -66,13 +66,13 @@ in1 in2 in3 in4 in5 in6:
l1:
@/bin/sh ./logtest `awk "/^$@ / { print; } " test.format`
-ipv6.1 ipv6.2 ipv6.3:
+ipv6.1 ipv6.2 ipv6.3 ipv6.5:
@/bin/sh ./dotest6 `awk "/^$@ / { print; } " test.format`
-p1 p2 p3:
+p1 p2 p3 p5:
@/bin/sh ./ptest `awk "/^$@ / { print; } " test.format`
-ip1:
+ip1 ip2:
@/bin/sh ./iptest `awk "/^$@ / { print; } " test.format`
bpf-f1:
@@ -83,11 +83,11 @@ clean:
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16 i17 i18 i19 i20 i21
/bin/rm -f n1 n2 n3 n4 n5 n6 n7 n8 n9 n10 n11 n12 n13 n14
/bin/rm -f ni1 ni2 ni3 ni4 ni5 ni6 ni7 ni8 ni9
- /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20 ni21
+ /bin/rm -f ni10 ni11 ni12 ni13 ni14 ni15 ni16 ni19 ni20 ni21 ni23
/bin/rm -f in1 in2 in3 in4 in5 in6
- /bin/rm -f p1 p2 p3 ip1
+ /bin/rm -f p1 p2 p3 p5 ip1 ip2
/bin/rm -f l1
- /bin/rm -f ipv6.1 ipv6.2 ipv6.3
+ /bin/rm -f ipv6.1 ipv6.2 ipv6.3 ipv6.5
/bin/rm -f bpf1 bpf-f1
/bin/rm -f results/* logout
diff --git a/contrib/ipfilter/test/expected/f12 b/contrib/ipfilter/test/expected/f12
index 88354d95030d..094d8c01d486 100644
--- a/contrib/ipfilter/test/expected/f12
+++ b/contrib/ipfilter/test/expected/f12
@@ -1,60 +1,60 @@
pass
pass
pass
+bad-packet
nomatch
nomatch
-nomatch
-nomatch
+bad-packet
nomatch
nomatch
--------
pass
pass
pass
-pass
-nomatch
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
nomatch
--------
nomatch
nomatch
nomatch
+bad-packet
block
-block
-nomatch
nomatch
+bad-packet
nomatch
nomatch
--------
nomatch
nomatch
block
+bad-packet
block
-block
-nomatch
nomatch
+bad-packet
nomatch
nomatch
--------
nomatch
nomatch
nomatch
+bad-packet
nomatch
nomatch
-nomatch
-pass
+bad-packet
nomatch
pass
--------
nomatch
nomatch
nomatch
+bad-packet
nomatch
nomatch
-nomatch
-nomatch
+bad-packet
nomatch
block
--------
diff --git a/contrib/ipfilter/test/expected/f13 b/contrib/ipfilter/test/expected/f13
index 2a0195b078ad..99c05651cea6 100644
--- a/contrib/ipfilter/test/expected/f13
+++ b/contrib/ipfilter/test/expected/f13
@@ -1,13 +1,13 @@
pass
-nomatch
+bad-packet
nomatch
pass
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
-nomatch
-nomatch
-nomatch
+bad-packet
nomatch
nomatch
nomatch
@@ -19,15 +19,15 @@ nomatch
nomatch
--------
block
-nomatch
+bad-packet
nomatch
block
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
-nomatch
-nomatch
-nomatch
+bad-packet
nomatch
nomatch
nomatch
@@ -39,15 +39,15 @@ nomatch
nomatch
--------
nomatch
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
nomatch
-nomatch
-nomatch
+bad-packet
pass
-pass
-nomatch
+bad-packet
nomatch
nomatch
pass
@@ -59,15 +59,15 @@ nomatch
nomatch
--------
nomatch
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
nomatch
-nomatch
-nomatch
+bad-packet
block
-block
-nomatch
+bad-packet
nomatch
nomatch
block
@@ -79,15 +79,15 @@ nomatch
nomatch
--------
block
-nomatch
+bad-packet
nomatch
pass
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
-nomatch
-nomatch
-nomatch
+bad-packet
nomatch
nomatch
nomatch
@@ -99,15 +99,15 @@ pass
pass
--------
block
-nomatch
+bad-packet
nomatch
block
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
-nomatch
-nomatch
-nomatch
+bad-packet
nomatch
nomatch
nomatch
@@ -119,15 +119,15 @@ block
block
--------
nomatch
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
nomatch
-nomatch
-nomatch
+bad-packet
pass
-pass
-nomatch
+bad-packet
nomatch
nomatch
nomatch
@@ -139,15 +139,15 @@ nomatch
nomatch
--------
block
-block
+bad-packet
nomatch
pass
-block
-nomatch
-nomatch
+bad-packet
nomatch
nomatch
+bad-packet
nomatch
+bad-packet
nomatch
nomatch
nomatch
diff --git a/contrib/ipfilter/test/expected/i11 b/contrib/ipfilter/test/expected/i11
index d4a6ec41abb0..154f31e810bb 100644
--- a/contrib/ipfilter/test/expected/i11
+++ b/contrib/ipfilter/test/expected/i11
@@ -1,11 +1,11 @@
-pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state
-block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state
+pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state # count 0
+block in log first on lo0(!) proto tcp/udp from any to any port = 7 keep state # count 0
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 20499 keep frags
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags (strict)
-pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags
-pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state
-pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state
-pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state
-pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state
-pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err,age 600/600)
-pass in proto udp from any to any keep state (sync,age 10/20)
+pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags # count 0
+pass in on ed0(!) out-via vx0(!) proto udp from any to any keep state # count 0
+pass out on ppp0(!) in-via le0(!) proto tcp from any to any keep state # count 0
+pass in on ed0(!),vx0(!) out-via vx0(!),ed0(!) proto udp from any to any keep state # count 0
+pass in proto tcp from any port > 1024 to 127.0.0.1/32 port = 1024 keep state # count 0
+pass in proto tcp from any to any flags S/FSRPAU keep state (limit 101,strict,newisn,no-icmp-err,age 600/600) # count 0
+pass in proto udp from any to any keep state (sync,age 10/20) # count 0
diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12
index e21724c7a259..dadf597fc3df 100644
--- a/contrib/ipfilter/test/expected/i12
+++ b/contrib/ipfilter/test/expected/i12
@@ -32,8 +32,8 @@ pass in proto udp from 3.3.3.3/32 to 6.6.6.6/32 port = 9
pass in from 10.10.10.10/32 to 11.11.11.11/32
pass in from pool/101(!) to hash/202(!)
pass in from hash/303(!) to pool/404(!)
-table role = ipf type = tree number =
+table role = ipf type = tree name =
{ ! 1.1.1.1/32; 2.2.2.2/32; ! 2.2.0.0/16; };
-table role = ipf type = tree number =
+table role = ipf type = tree name =
{ 1.1.0.0/16; };
pass in from pool/0(!) to pool/0(!)
diff --git a/contrib/ipfilter/test/expected/i4 b/contrib/ipfilter/test/expected/i4
index 639dae88aca5..49924555a27e 100644
--- a/contrib/ipfilter/test/expected/i4
+++ b/contrib/ipfilter/test/expected/i4
@@ -6,4 +6,4 @@ block in proto udp from any port != 123 to any port < 7
block in proto tcp from any port = 25 to any port > 25
pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3
pass in proto tcp/udp from any port 2:2 to any port 10:20
-pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state
+pass in log first quick proto tcp from any port > 1023 to any port = 1723 flags S/FSRPAU keep state # count 0
diff --git a/contrib/ipfilter/test/expected/i9 b/contrib/ipfilter/test/expected/i9
index 2d464543f177..b128f99d57ac 100644
--- a/contrib/ipfilter/test/expected/i9
+++ b/contrib/ipfilter/test/expected/i9
@@ -4,7 +4,7 @@ pass in from any to any with opt nop,rr,zsu
pass in from any to any with opt nop,rr,zsu not opt lsrr,ssrr
pass in from 127.0.0.1/32 to 127.0.0.1/32 with not frag
pass in from 127.0.0.1/32 to 127.0.0.1/32 with frag,frag-body
-pass in proto tcp from any to any flags S/FSRPAU with not oow keep state
+pass in proto tcp from any to any flags S/FSRPAU with not oow keep state # count 0
block in proto tcp from any to any with oow
pass in proto tcp from any to any flags S/FSRPAU with not bad,bad-src,bad-nat
block in proto tcp from any to any flags S/FSRPAU with bad,not bad-src,not bad-nat
diff --git a/contrib/ipfilter/test/expected/ip2 b/contrib/ipfilter/test/expected/ip2
new file mode 100644
index 000000000000..9b0ed2babae6
--- /dev/null
+++ b/contrib/ipfilter/test/expected/ip2
@@ -0,0 +1,2 @@
+table role = ipf type = tree name = letters
+ { 2.2.2.0/24; ! 2.2.0.0/16; 1.1.1.1/32; };
diff --git a/contrib/ipfilter/test/expected/ipv6.1 b/contrib/ipfilter/test/expected/ipv6.1
index abc0e87c6917..9fd54371f14b 100644
--- a/contrib/ipfilter/test/expected/ipv6.1
+++ b/contrib/ipfilter/test/expected/ipv6.1
@@ -1,3 +1,4 @@
pass
pass
+nomatch
--------
diff --git a/contrib/ipfilter/test/expected/ipv6.5 b/contrib/ipfilter/test/expected/ipv6.5
new file mode 100644
index 000000000000..3133a7f09e7f
--- /dev/null
+++ b/contrib/ipfilter/test/expected/ipv6.5
@@ -0,0 +1,6 @@
+pass
+nomatch
+--------
+block
+nomatch
+--------
diff --git a/contrib/ipfilter/test/expected/n10 b/contrib/ipfilter/test/expected/n10
index f30d7573bec5..ae541d158571 100644
--- a/contrib/ipfilter/test/expected/n10
+++ b/contrib/ipfilter/test/expected/n10
@@ -1,6 +1,9 @@
4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 655d 0000 0204 0064
+
-------------------------------
4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 61d9 0000 0204 03e8
+
-------------------------------
4500 002c 10c9 4000 ff06 5c9d cbcb cbcb 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 600d 0000 0204 05b4
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/n12 b/contrib/ipfilter/test/expected/n12
index 010b77b63e15..0d5cefbf7e77 100644
--- a/contrib/ipfilter/test/expected/n12
+++ b/contrib/ipfilter/test/expected/n12
@@ -1,4 +1,7 @@
4510 0040 2020 4000 4006 9478 c0a8 01bc c0a8 0303 2710 0017 4e33 298e 0000 0000 b002 4000 6ff8 0000 0204 05b4 0101 0402 0103 0300 0101 080a 0c72 549e 0000 0000
+
4500 003c 00b0 4000 fe06 7964 c0a8 0303 c0a8 7e53 0017 12c2 f674 e02c 4e33 298f a012 2798 7ace 0000 0101 080a 2c05 b797 0c72 549e 0103 0300 0204 05b4
+
4510 0034 493b 4000 4006 6b69 c0a8 01bc c0a8 0303 2710 0017 4e33 298f f674 e02d 8010 4000 f673 0000 0101 080a 0c72 549e 2c05 b797
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/n4 b/contrib/ipfilter/test/expected/n4
index 9349542396c1..863217c1db79 100644
--- a/contrib/ipfilter/test/expected/n4
+++ b/contrib/ipfilter/test/expected/n4
@@ -50,8 +50,8 @@ ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23
ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346
ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53
ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345
-ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53
-ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345
+ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53
+ip #0 40(20) 6 10.1.1.1,53 > 10.3.3.3,12345
-------------------------------
ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,23
ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12345
@@ -61,6 +61,6 @@ ip #0 40(20) 6 10.3.3.3,12346 > 10.1.0.0,23
ip #0 40(20) 6 10.2.2.1,10023 > 10.3.3.3,12346
ip #0 28(20) 17 10.3.3.3,12345 > 10.2.2.1,53
ip #0 28(20) 17 10.2.2.1,10053 > 10.3.3.3,12345
-ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,53
-ip #0 40(20) 6 10.1.1.0,53 > 10.3.3.3,12345
+ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53
+ip #0 40(20) 6 10.1.1.1,53 > 10.3.3.3,12345
-------------------------------
diff --git a/contrib/ipfilter/test/expected/n6 b/contrib/ipfilter/test/expected/n6
index 2b2c37fe7a90..cbdad9f1388e 100644
--- a/contrib/ipfilter/test/expected/n6
+++ b/contrib/ipfilter/test/expected/n6
@@ -13,7 +13,7 @@ ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53
ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53
-------------------------------
ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023
-ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023
+ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23
ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23
ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23
ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023
@@ -27,7 +27,7 @@ ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53
ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.0,53
-------------------------------
ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023
-ip #0 40(20) 6 10.2.2.2,12345 > 10.2.2.1,10023
+ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.2,23
ip #0 40(20) 6 10.3.0.1,12345 > 10.1.2.2,23
ip #0 40(20) 6 10.3.0.1,12345 > 10.2.2.2,23
ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,23
@@ -48,7 +48,7 @@ ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023
ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.1,53
ip #0 40(20) 6 10.3.3.3,12345 > 10.1.1.1,53
ip #0 40(20) 6 10.2.2.2,12345 > 10.1.0.0,23
-ip #0 40(20) 6 10.3.3.3,12345 > 10.2.2.1,10023
+ip #0 40(20) 6 10.3.3.3,12345 > 10.1.0.0,23
ip #0 28(20) 17 10.2.2.2,12345 > 10.1.1.0,53
ip #0 28(20) 17 10.3.3.3,12345 > 10.1.1.0,53
ip #0 40(20) 6 10.2.2.2,12345 > 10.1.1.0,53
diff --git a/contrib/ipfilter/test/expected/n8 b/contrib/ipfilter/test/expected/n8
index 7a26a26a6513..d3e061da974a 100644
--- a/contrib/ipfilter/test/expected/n8
+++ b/contrib/ipfilter/test/expected/n8
@@ -1,5 +1,9 @@
4500 0054 8bc1 0000 ff01 13d5 0a0a 0a01 0404 0404 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
4500 0054 8bc1 0000 ff01 13d5 0a0a 0a01 0404 0404 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/n9 b/contrib/ipfilter/test/expected/n9
index 39979fa55fff..917105f74ed4 100644
--- a/contrib/ipfilter/test/expected/n9
+++ b/contrib/ipfilter/test/expected/n9
@@ -1,5 +1,9 @@
4500 0054 8bc1 0000 ff01 17d9 0202 0202 0a0a 0a01 0800 efdf 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7df 6220 0000 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
4500 0054 8bc1 0000 ff01 17d9 0202 0202 0a0a 0a01 0800 efde 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
4500 0054 3fd5 4000 ff01 2fc8 0404 0404 0202 0202 0000 f7de 6220 0001 3f6f 6e80 000b 0d02 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni1 b/contrib/ipfilter/test/expected/ni1
index be981f1e10b0..d4e2de2db8a5 100644
--- a/contrib/ipfilter/test/expected/ni1
+++ b/contrib/ipfilter/test/expected/ni1
@@ -1,4 +1,19 @@
4500 0028 0000 4000 0111 65b2 0606 0606 0404 0404 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3
+
4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 afc9 829e 0014 6b10
+
4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 afc9 829e 0014 6b10 0402 0000 3be5 468d 000a cfc3
+
+4500 0028 0001 4000 0111 65b0 0606 0607 0404 0404 4e20 829e 0014 c4b0 0402 0000 3be5 468d 000a cfc3
+
+4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 5773 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 0800 829e 0014 12da
+
+4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 0800 829e 0014 12da 0402 0000 3be5 468d 000a cfc3
+
+4500 0028 0002 4000 0111 65ae 0606 0608 0404 0404 07d0 829e 0014 0b00 0402 0000 3be5 468d 000a cfc3
+
+4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0b00 ff6a 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 5000 829e 0014 22e2
+
+4500 0044 809a 0000 ff01 3115 0303 0303 0202 0202 0b00 0131 0000 0000 4500 0028 0000 4000 0111 6dba 0202 0202 0404 0404 5000 829e 0014 cad9 0402 0000 3be5 468d 000a cfc3
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni10 b/contrib/ipfilter/test/expected/ni10
index df7b03f83fee..3ee63fb8ddd0 100644
--- a/contrib/ipfilter/test/expected/ni10
+++ b/contrib/ipfilter/test/expected/ni10
@@ -1,5 +1,9 @@
4500 003c 4706 4000 ff06 20a2 0404 0404 0606 0606 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 0000 0000 ff01 afb9 0202 0202 0404 0404 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001
+
4500 0058 0001 0000 ff01 af98 0202 0202 0404 0404 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0404 0404 0202 0202 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28ab 0404 0404 0202 0201 5000 0050 0000 0001
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni11 b/contrib/ipfilter/test/expected/ni11
index d6db012a2ab0..88d6406e6ee7 100644
--- a/contrib/ipfilter/test/expected/ni11
+++ b/contrib/ipfilter/test/expected/ni11
@@ -1,5 +1,9 @@
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 0000 0000 ff01 a7b9 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001
+
4500 0058 0001 0000 ff01 a798 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni12 b/contrib/ipfilter/test/expected/ni12
index 70f991b8397e..7d24a493fd32 100644
--- a/contrib/ipfilter/test/expected/ni12
+++ b/contrib/ipfilter/test/expected/ni12
@@ -1,5 +1,9 @@
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9c40 0000 0001 0000 0000 a002 16d0 3ef4 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 809a 0000 ff01 2d1d 0303 0303 0404 0404 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001
+
4500 0058 809a 0000 ff01 2cfd 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 809a 0000 ff01 2b1b 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni13 b/contrib/ipfilter/test/expected/ni13
index 3848d395956d..897bef3e9b2c 100644
--- a/contrib/ipfilter/test/expected/ni13
+++ b/contrib/ipfilter/test/expected/ni13
@@ -1,32 +1,63 @@
4500 0030 5e11 4000 8006 3961 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402
+
4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4
+
4500 00c4 5e12 4000 8006 38cc c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00d0 5e13 4000 8006 38bf c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000
+
4500 0040 5e14 4000 8006 394e c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff
+
4500 0039 5e15 0000 802f 792b c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06
+
4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff
+
4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000
+
4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06
+
4500 003c 5e16 0000 802f 7927 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 0036 5e17 0000 802f 792c c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01
+
4500 0040 5e18 4000 8006 394a c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff
+
4500 0038 5e19 0000 802f 7928 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 5e1a 0000 802f 7921 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0030 5e1b 0000 802f 792e c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001
+
4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004
+
4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001
+
4500 0048 5e1c 0000 802f 7915 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0030 5e1d 0000 802f 792c c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01
+
4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001
-4500 002a 5e1e 0000 802f 7933 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004
-4500 0032 5e1f 0000 802f 792a c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc
+
+4500 002a 5e1e 0000 802f 7931 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004
+
+4500 0032 5e1f 0000 802f 7928 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc
+
4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni14 b/contrib/ipfilter/test/expected/ni14
index 852132396b58..5ad5a1b40409 100644
--- a/contrib/ipfilter/test/expected/ni14
+++ b/contrib/ipfilter/test/expected/ni14
@@ -1,32 +1,63 @@
4500 0030 5e11 4000 8006 ec0b c0a8 7101 7f00 0001 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 d44b 0000 0204 05b4 0101 0402
+
4500 002c 0000 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4
+
4500 00c4 5e12 4000 8006 eb76 c0a8 7101 7f00 0001 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 954b 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00c4 0001 4000 4006 d6dd c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00d0 5e13 4000 8006 eb69 c0a8 7101 7f00 0001 05e7 06bb abf0 4b42 a564 6977 5018 fa54 5eb2 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0048 0002 4000 4006 d758 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000
+
4500 0040 5e14 4000 8006 ebf8 c0a8 7101 7f00 0001 05e7 06bb abf0 4bea a564 6997 5018 fa34 9abb 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff
+
4500 0039 5e15 0000 802f 2bd6 c0a8 7101 7f00 0001 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06
+
4500 0020 0003 0000 ff2f 5856 c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff
+
4500 0028 0004 4000 4006 d776 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000
+
4500 0038 0005 0000 ff2f 583c c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 002f 0006 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06
+
4500 003c 5e16 0000 802f 2bd2 c0a8 7101 7f00 0001 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 0036 5e17 0000 802f 2bd7 c0a8 7101 7f00 0001 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 003a 0007 0000 ff2f 5838 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802
-4500 0032 0008 0000 ff2f a594 c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01
+
+4500 0032 0008 0000 ff2f 583f c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01
+
4500 0040 5e18 4000 8006 ebf4 c0a8 7101 7f00 0001 05e7 06bb abf0 4c02 a564 6997 5018 fa34 9aa3 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff
+
4500 0038 5e19 0000 802f 2bd3 c0a8 7101 7f00 0001 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
-4500 003e 0009 0000 ff2f a587 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
+4500 003e 0009 0000 ff2f 5832 c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 5e1a 0000 802f 2bcc c0a8 7101 7f00 0001 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
-4500 0044 000a 0000 ff2f a580 c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
+4500 0044 000a 0000 ff2f 582b c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0030 5e1b 0000 802f 2bd9 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001
-4500 002a 000b 0000 ff2f a599 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004
-4500 002c 000c 0000 ff2f a596 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001
+
+4500 002a 000b 0000 ff2f 5844 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004
+
+4500 002c 000c 0000 ff2f 5841 c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001
+
4500 0048 5e1c 0000 802f 2bc0 c0a8 7101 7f00 0001 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
-4500 0042 000d 0000 ff2f a57f c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
+4500 0042 000d 0000 ff2f 582a c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0030 5e1d 0000 802f 2bd7 c0a8 7101 7f00 0001 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01
-4500 0030 000e 0000 ff2f a590 c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001
+
+4500 0030 000e 0000 ff2f 583b c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001
+
4500 002a 5e1e 0000 802f 2bdc c0a8 7101 7f00 0001 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004
+
4500 0032 5e1f 0000 802f 2bd3 c0a8 7101 7f00 0001 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc
-4500 002a 000f 0000 ff2f a595 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004
+
+4500 002a 000f 0000 ff2f 5840 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni15 b/contrib/ipfilter/test/expected/ni15
index 1c59de17d466..3820d560d1b7 100644
--- a/contrib/ipfilter/test/expected/ni15
+++ b/contrib/ipfilter/test/expected/ni15
@@ -1,32 +1,63 @@
4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402
+
4500 002c 69a6 4000 4006 6dd0 c0a8 7103 c0a8 7101 06bb 05e7 a564 68da abf0 4aa6 6012 8000 a348 0000 0204 05b4
+
4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00c4 69a7 4000 4006 6d37 c0a8 7103 c0a8 7101 06bb 05e7 a564 68db abf0 4b42 5018 832c cecf 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0048 69a8 4000 4006 6db2 c0a8 7103 c0a8 7101 06bb 05e7 a564 6977 abf0 4bea 5018 832c 36fa 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000
+
4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff
+
4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06
+
4500 0020 69a9 0000 ff2f eeaf c0a8 7103 c0a8 7101 2081 880b 0000 4000 ffff ffff
+
4500 0028 69aa 4000 4006 6dd0 c0a8 7103 c0a8 7101 06bb 05e7 a564 6997 abf0 4c02 5010 832c b5c1 0000
+
4500 0038 69ab 0000 ff2f ee95 c0a8 7103 c0a8 7101 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 002f 69ac 0000 ff2f ee9d c0a8 7103 c0a8 7101 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06
+
4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 003a 69ad 0000 ff2f ee91 c0a8 7103 c0a8 7101 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 0032 69ae 0000 ff2f ee98 c0a8 7103 c0a8 7101 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01
+
4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff
+
4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 69af 0000 ff2f ee8b c0a8 7103 c0a8 7101 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0044 69b0 0000 ff2f ee84 c0a8 7103 c0a8 7101 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001
+
4500 002a 69b1 0000 ff2f ee9d c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004
+
4500 002c 69b2 0000 ff2f ee9a c0a8 7103 c0a8 7101 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001
+
4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0042 69b3 0000 ff2f ee83 c0a8 7103 c0a8 7101 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01
+
4500 0030 69b4 0000 ff2f ee94 c0a8 7103 c0a8 7101 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001
+
4500 002a 000d 0000 802f d742 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004
+
4500 0032 000e 0000 802f d739 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc
+
4500 002a 69b5 0000 ff2f ee99 c0a8 7103 c0a8 7101 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni16 b/contrib/ipfilter/test/expected/ni16
index c30b0d22bac4..2c34f5c7094d 100644
--- a/contrib/ipfilter/test/expected/ni16
+++ b/contrib/ipfilter/test/expected/ni16
@@ -1,32 +1,63 @@
4500 0030 0000 4000 8006 9772 c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa5 0000 0000 7002 faf0 21a1 0000 0204 05b4 0101 0402
+
4500 002c 69a6 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 68da abf0 4aa6 6012 8000 c8ee 0000 0204 05b4
+
4500 00c4 0001 4000 8006 96dd c0a8 7101 c0a8 7103 05e7 06bb abf0 4aa6 a564 68db 5018 faf0 e2a0 0000 009c 0001 1a2b 3c4d 0001 0000 0100 0000 0000 0001 0000 0001 0000 0a28 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 4d69 6372 6f73 6f66 7420 5769 6e64 6f77 7320 4e54 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00c4 69a7 4000 4006 92dd c0a8 7103 0a02 0202 06bb 05e7 a564 68db abf0 4b42 5018 832c f475 0000 009c 0001 1a2b 3c4d 0002 0000 0100 0100 0000 0000 0000 0000 0001 0001 6c6f 6361 6c00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 6c69 6e75 7800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 00d0 0002 4000 8006 96d0 c0a8 7101 c0a8 7103 05e7 06bb abf0 4b42 a564 6977 5018 fa54 ac07 0000 00a8 0001 1a2b 3c4d 0007 0000 4000 1331 0000 012c 05f5 e100 0000 0003 0000 0003 0040 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0048 69a8 4000 4006 9358 c0a8 7103 0a02 0202 06bb 05e7 a564 6977 abf0 4bea 5018 832c 5ca0 0000 0020 0001 1a2b 3c4d 0008 0000 0000 4000 0100 0000 05f5 e100 0040 0000 0000 0000
+
4500 0040 0003 4000 8006 975f c0a8 7101 c0a8 7103 05e7 06bb abf0 4bea a564 6997 5018 fa34 e810 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 ffff ffff ffff ffff
+
4500 0039 0004 0000 802f d73c c0a8 7101 c0a8 7103 3001 880b 0019 0000 0000 0000 ff03 c021 0100 0015 0104 0578 0506 577f 7c5b 0702 0802 0d03 06
+
4500 0020 69a9 0000 ff2f 1456 c0a8 7103 0a02 0202 2081 880b 0000 4000 ffff ffff
+
4500 0028 69aa 4000 4006 9376 c0a8 7103 0a02 0202 06bb 05e7 a564 6997 abf0 4c02 5010 832c db67 0000
+
4500 0038 69ab 0000 ff2f 143c c0a8 7103 0a02 0202 3001 880b 0018 4000 0000 0000 ff03 c021 0101 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 002f 69ac 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 000b 4000 0000 0001 0000 0000 ff03 c021 0400 0007 0d03 06
+
4500 003c 0005 0000 802f d738 c0a8 7101 c0a8 7103 3081 880b 0018 0000 0000 0001 0000 0001 ff03 c021 0201 0014 0206 0000 0000 0506 22d9 0cfa 0702 0802
+
4500 0036 0006 0000 802f d73d c0a8 7101 c0a8 7103 3001 880b 0016 0000 0000 0002 ff03 c021 0101 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 003a 69ad 0000 ff2f 1438 c0a8 7103 0a02 0202 3081 880b 0016 4000 0000 0002 0000 0002 ff03 c021 0201 0012 0104 0578 0506 577f 7c5b 0702 0802
+
4500 0032 69ae 0000 ff2f 143f c0a8 7103 0a02 0202 3001 880b 0012 4000 0000 0003 8021 0101 0010 0306 c0a8 0001 0206 002d 0f01
+
4500 0040 0007 4000 8006 975b c0a8 7101 c0a8 7103 05e7 06bb abf0 4c02 a564 6997 5018 fa34 e7f8 0000 0018 0001 1a2b 3c4d 000f 0000 0000 0000 0000 0000 ffff ffff
+
4500 0038 0008 0000 802f d739 c0a8 7101 c0a8 7103 3081 880b 0014 0000 0000 0003 0000 0003 c021 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 69af 0000 ff2f 1432 c0a8 7103 0a02 0202 3081 880b 001a 4000 0000 0004 0000 0003 ff03 c021 0702 0016 0c02 0012 577f 7c5b 4d53 5241 5356 352e 3130
+
4500 003e 0009 0000 802f d732 c0a8 7101 c0a8 7103 3081 880b 001a 0000 0000 0004 0000 0004 c021 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0044 69b0 0000 ff2f 142b c0a8 7103 0a02 0202 3081 880b 0020 4000 0000 0005 0000 0004 ff03 c021 0703 001c 0c03 0018 577f 7c5b 4d53 5241 532d 302d 434c 4159 4d4f 4f52
+
4500 0030 000a 0000 802f d73f c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0005 0000 0005 80fd 0104 000a 1206 0100 0001
+
4500 002a 69b1 0000 ff2f 1444 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 0006 0000 0005 80fd 0101 0004
+
4500 002c 69b2 0000 ff2f 1441 c0a8 7103 0a02 0202 3001 880b 000c 4000 0000 0007 80fd 0404 000a 1206 0100 0001
+
4500 0048 000b 0000 802f d726 c0a8 7101 c0a8 7103 3081 880b 0024 0000 0000 0006 0000 0007 8021 0105 0022 0306 0000 0000 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0042 69b3 0000 ff2f 142a c0a8 7103 0a02 0202 3081 880b 001e 4000 0000 0008 0000 0006 8021 0405 001c 8106 0000 0000 8206 0000 0000 8306 0000 0000 8406 0000 0000
+
4500 0030 000c 0000 802f d73d c0a8 7101 c0a8 7103 3081 880b 000c 0000 0000 0007 0000 0008 8021 0401 000a 0206 002d 0f01
+
4500 0030 69b4 0000 ff2f 143b c0a8 7103 0a02 0202 3081 880b 000c 4000 0000 0009 0000 0007 8021 0102 000a 0306 c0a8 0001
-4500 002a 000d 0000 802f d744 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004
-4500 0032 000e 0000 802f d73b c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc
+
+4500 002a 000d 0000 802f d742 c0a8 7101 c0a8 7103 3081 880b 0006 0000 0000 0008 0000 0009 80fd 0201 0004
+
+4500 0032 000e 0000 802f d739 c0a8 7101 c0a8 7103 3001 880b 0012 0000 0000 0009 80fd 0506 0010 577f 7c5b 003c cd74 0000 02dc
+
4500 002a 69b5 0000 ff2f 1440 c0a8 7103 0a02 0202 3081 880b 0006 4000 0000 000a 0000 0009 80fd 0606 0004
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni19 b/contrib/ipfilter/test/expected/ni19
index a75c583e27b3..fa40771a0f13 100644
--- a/contrib/ipfilter/test/expected/ni19
+++ b/contrib/ipfilter/test/expected/ni19
@@ -1,25 +1,49 @@
4500 0040 e3fc 4000 4006 40b5 0a01 0101 0a01 0104 03f1 0202 6523 90b2 0000 0000 b002 8000 a431 0000 0204 05b4 0103 0300 0402 0101 0101 080a 0000 0000 0000 0000
+
4500 0034 0000 4000 4006 fe13 0a01 0104 c0a8 7103 0202 03f1 915a a5c4 6523 90b3 8012 16d0 e89c 0000 0204 05b4 0101 0402 0103 0302
+
4500 0028 e3fd 4000 4006 40cc 0a01 0101 0a01 0104 03f1 0202 6523 90b3 915a a5c5 5010 832c e3b7 0000
+
4500 002d e3fe 4000 4006 40c6 0a01 0101 0a01 0104 03f1 0202 6523 90b3 915a a5c5 5018 832c 8242 0000 3130 3038 00
+
4500 0028 7ce5 4000 4006 813a 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90b8 5010 05b4 3a81 0000
+
4500 003c 1186 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a2 0000 0000 a002 16d0 b8c0 0000 0204 05b4 0402 080a 0039 d924 0000 0000 0103 0302
+
4500 0040 e3ff 4000 4006 40b2 0a01 0101 0a01 0104 03f0 03ff 66e5 b810 91d4 c8a3 b012 8000 452f 0000 0204 05b4 0103 0300 0101 080a 0000 0000 0039 d924 0402 0101
+
4500 0034 1188 4000 4006 ec8b 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8010 05b4 d99b 0000 0101 080a 0039 d925 0000 0000
+
4500 0030 e400 4000 4006 40c1 0a01 0101 0a01 0104 03f1 0202 6523 90b8 915a a5c5 5018 832c 3560 0000 6461 7272 656e 7200
+
4500 0028 7ce7 4000 4006 8138 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90c0 5010 05b4 3a79 0000
+
4500 0053 e401 4000 4006 409d 0a01 0101 0a01 0104 03f1 0202 6523 90c0 915a a5c5 5018 832c cce7 0000 6461 7272 656e 7200 7368 202d 6320 2265 6368 6f20 666f 6f20 3e26 313b 2065 6368 6f20 6261 7220 3e26 3222 00
+
4500 0028 7ce9 4000 4006 8136 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5010 05b4 3a4e 0000
+
4500 0029 7ceb 4000 4006 8133 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5018 05b4 3a45 0000 00
+
4500 0028 e403 4000 4006 40c6 0a01 0101 0a01 0104 03f1 0202 6523 90eb 915a a5c6 5010 832c e37e 0000
+
4500 002c 7ced 4000 4006 812e 0a01 0104 c0a8 7103 0202 03f1 915a a5c6 6523 90eb 5018 05b4 64c7 0000 666f 6f0a
+
4500 0038 118a 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8018 05b4 00dd 0000 0101 080a 0039 dd6c 0000 0000 6261 720a
+
4500 0028 7cef 4000 4006 8130 0a01 0104 c0a8 7103 0202 03f1 915a a5ca 6523 90eb 5011 05b4 3a48 0000
+
4500 0034 118c 4000 4006 ec87 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a7 66e5 b811 8011 05b4 d54e 0000 0101 080a 0039 dd6d 0000 0000
+
4500 0028 e404 4000 4006 1a1b c0a8 7103 0a01 0104 03f1 0202 6523 90eb 915a a5cb 5010 8328 bcd3 0000
+
4500 0034 e405 4000 4006 1a0e c0a8 7103 0a01 0104 03f0 03ff 66e5 b811 91d4 c8a8 8010 8328 57d7 0000 0101 080a 0000 0004 0039 dd6c
+
4500 0028 e40a 4000 4006 1a15 c0a8 7103 0a01 0104 03f1 0202 6523 90eb 915a a5cb 5011 832c bcce 0000
+
4500 0034 e40b 4000 4006 1a08 c0a8 7103 0a01 0104 03f0 03ff 66e5 b811 91d4 c8a8 8011 832c 57d2 0000 0101 080a 0000 0004 0039 dd6c
+
4500 0028 0004 4000 4006 fe1b 0a01 0104 c0a8 7103 0202 03f1 915a a5cb 6523 90ec 5010 05b4 3a47 0000
+
4500 0034 118e 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a8 66e5 b812 8010 05b4 d548 0000 0101 080a 0039 dd6e 0000 0004
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni2 b/contrib/ipfilter/test/expected/ni2
index 6aef39f7ce86..e2a7eb89ffaf 100644
--- a/contrib/ipfilter/test/expected/ni2
+++ b/contrib/ipfilter/test/expected/ni2
@@ -1,10 +1,19 @@
4510 002c 0000 4000 3e06 78df 0101 0101 c0a8 0133 9c40 0077 a664 2485 0000 0000 6002 4000 2ca8 0000 0204 05b4
+
4500 002c ce83 4000 7e06 606b c0a8 0133 0a01 0201 0077 05f6 fbdf 1a21 a664 2486 6012 2238 c0a8 0000 0204 05b4
+
4510 0028 0001 4000 3e06 78e2 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a22 5010 4470 29e3 0000
+
4500 005b cf83 4000 7e06 5f3c c0a8 0133 0a01 0201 0077 05f6 fbdf 1a22 a664 2486 5018 2238 ce2a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0a
+
4510 0028 0002 4000 3e06 78e1 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5010 4470 29b0 0000
+
4510 002e 0003 4000 3e06 78da 0101 0101 c0a8 0133 9c40 0077 a664 2486 fbdf 1a55 5018 4470 1c98 0000 0000 0000 0d0a
+
4500 0048 e383 4000 7e06 4b4f c0a8 0133 0a01 0201 0077 05f6 fbdf 1a55 a664 248c 5018 2232 d80a 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201 0077 05f6 fbdf 1a75 a664 248c 5010 2232 9f2d 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3331 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 1111 2222 3333 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
-4500 0038 0004 4000 4001 76e4 0101 0101 c0a8 0133 0304 444f 0000 05a0 4500 05dc e483 4000 7e06 4ebb c0a8 0133 0101 0101 0077 9c40 fbdf 1a75
+
+4500 0038 0004 4000 4001 76e4 0101 0101 c0a8 0133 0304 9dea 0000 05a0 4500 05dc e483 4000 7e06 4ebb c0a8 0133 0101 0101 0077 9c40 fbdf 1a75
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni20 b/contrib/ipfilter/test/expected/ni20
index 46833bd2eaf2..6001a5af9eb8 100644
--- a/contrib/ipfilter/test/expected/ni20
+++ b/contrib/ipfilter/test/expected/ni20
@@ -1,25 +1,49 @@
4500 0040 e3fc 4000 4006 f362 c0a8 7103 c0a8 7104 03f1 0202 6523 90b2 0000 0000 b002 8000 56df 0000 0204 05b4 0103 0300 0402 0101 0101 080a 0000 0000 0000 0000
+
4500 0034 0000 4000 4006 fe13 0a01 0104 c0a8 7103 0202 03f1 915a a5c4 6523 90b3 8012 16d0 e89c 0000 0204 05b4 0101 0402 0103 0302
+
4500 0028 e3fd 4000 4006 f379 c0a8 7103 c0a8 7104 03f1 0202 6523 90b3 915a a5c5 5010 832c 9665 0000
+
4500 002d e3fe 4000 4006 f373 c0a8 7103 c0a8 7104 03f1 0202 6523 90b3 915a a5c5 5018 832c 34f0 0000 3130 3038 00
+
4500 0028 7ce5 4000 4006 813a 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90b8 5010 05b4 3a81 0000
+
4500 003c 1186 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a2 0000 0000 a002 16d0 b8c0 0000 0204 05b4 0402 080a 0039 d924 0000 0000 0103 0302
+
4500 0040 e3ff 4000 4006 f35f c0a8 7103 c0a8 7104 03f0 03ff 66e5 b810 91d4 c8a3 b012 8000 f7dc 0000 0204 05b4 0103 0300 0101 080a 0000 0000 0039 d924 0402 0101
+
4500 0034 1188 4000 4006 ec8b 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8010 05b4 d99b 0000 0101 080a 0039 d925 0000 0000
+
4500 0030 e400 4000 4006 f36e c0a8 7103 c0a8 7104 03f1 0202 6523 90b8 915a a5c5 5018 832c e80d 0000 6461 7272 656e 7200
+
4500 0028 7ce7 4000 4006 8138 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90c0 5010 05b4 3a79 0000
+
4500 0053 e401 4000 4006 f34a c0a8 7103 c0a8 7104 03f1 0202 6523 90c0 915a a5c5 5018 832c 7f95 0000 6461 7272 656e 7200 7368 202d 6320 2265 6368 6f20 666f 6f20 3e26 313b 2065 6368 6f20 6261 7220 3e26 3222 00
+
4500 0028 7ce9 4000 4006 8136 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5010 05b4 3a4e 0000
+
4500 0029 7ceb 4000 4006 8133 0a01 0104 c0a8 7103 0202 03f1 915a a5c5 6523 90eb 5018 05b4 3a45 0000 00
+
4500 0028 e403 4000 4006 f373 c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5c6 5010 832c 962c 0000
+
4500 002c 7ced 4000 4006 812e 0a01 0104 c0a8 7103 0202 03f1 915a a5c6 6523 90eb 5018 05b4 64c7 0000 666f 6f0a
+
4500 0038 118a 4000 4006 ec85 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a3 66e5 b811 8018 05b4 00dd 0000 0101 080a 0039 dd6c 0000 0000 6261 720a
+
4500 0028 7cef 4000 4006 8130 0a01 0104 c0a8 7103 0202 03f1 915a a5ca 6523 90eb 5011 05b4 3a48 0000
+
4500 0034 118c 4000 4006 ec87 0a01 0104 c0a8 7103 03ff 03f0 91d4 c8a7 66e5 b811 8011 05b4 d54e 0000 0101 080a 0039 dd6d 0000 0000
+
4500 0028 e404 4000 4006 f372 c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5cb 5010 8328 962b 0000
+
4500 0034 e405 4000 4006 f365 c0a8 7103 c0a8 7104 03f0 03ff 66e5 b811 91d4 c8a8 8010 8328 312f 0000 0101 080a 0000 0004 0039 dd6c
+
4500 0028 e40a 4000 4006 f36c c0a8 7103 c0a8 7104 03f1 0202 6523 90eb 915a a5cb 5011 832c 9626 0000
+
4500 0034 e40b 4000 4006 f35f c0a8 7103 c0a8 7104 03f0 03ff 66e5 b811 91d4 c8a8 8011 832c 312a 0000 0101 080a 0000 0004 0039 dd6c
+
4500 0028 0004 4000 4006 d773 c0a8 7104 c0a8 7103 0202 03f1 915a a5cb 6523 90ec 5010 05b4 139f 0000
+
4500 0034 118e 4000 4006 c5dd c0a8 7104 c0a8 7103 03ff 03f0 91d4 c8a8 66e5 b812 8010 05b4 aea0 0000 0101 080a 0039 dd6e 0000 0004
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni23 b/contrib/ipfilter/test/expected/ni23
new file mode 100644
index 000000000000..24909b07f059
--- /dev/null
+++ b/contrib/ipfilter/test/expected/ni23
@@ -0,0 +1,29 @@
+ip #0 28(20) 17 4.4.4.4,6700 > 2.2.2.2,4500
+ip #0 28(20) 17 2.2.2.2,4500 > 3.3.3.1,6700
+ip #0 28(20) 17 1.1.2.3,4500 > 3.3.3.1,6700
+List of active MAP/Redirect filters:
+rdr le0,bge0 1.1.0.0/16 -> 2.2.2.2 ip
+map hme0,ppp0 3.3.3.0/24 -> 4.4.4.4/32
+
+List of active sessions:
+MAP 3.3.3.1 6700 <- -> 4.4.4.4 6700 [2.2.2.2 4500]
+RDR 2.2.2.2 4500 <- -> 1.1.2.3 4500 [3.3.3.1 6700]
+
+Hostmap table:
+3.3.3.1,2.2.2.2 -> 4.4.4.4 (use = 1 hv = 0)
+List of active state sessions:
+3.3.3.1 -> 2.2.2.2 pass 0x40008402 pr 17 state 0/0
+ tag 0 ttl 24 6700 -> 4500
+ forward: pkts in 1 bytes in 28 pkts out 1 bytes out 28
+ backward: pkts in 1 bytes in 28 pkts out 1 bytes out 28
+ pass in keep state IPv4
+ pkt_flags & 0(0) = 0, pkt_options & ffffffff = 0, ffffffff = 0
+ pkt_security & ffff = 0, pkt_auth & ffff = 0
+ is_flx 0x8001 0x8001 0x8001 0x1
+ interfaces: in X[le0],X[hme0] out X[ppp0],X[bge0]
+ Sync status: not synchronized
+List of configured pools
+List of configured hash tables
+List of groups configured (set 0)
+List of groups configured (set 1)
+-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni3 b/contrib/ipfilter/test/expected/ni3
index 600b6249a3ec..107d5d939342 100644
--- a/contrib/ipfilter/test/expected/ni3
+++ b/contrib/ipfilter/test/expected/ni3
@@ -1,4 +1,7 @@
4500 003c 0000 4000 ff06 67a8 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
+
4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni4 b/contrib/ipfilter/test/expected/ni4
index cd5ebac85c75..c9f7504d7ac1 100644
--- a/contrib/ipfilter/test/expected/ni4
+++ b/contrib/ipfilter/test/expected/ni4
@@ -1,4 +1,7 @@
4500 003c 0000 4000 ff06 67a8 0606 0606 0404 0404 9c40 0050 0000 0001 0000 0000 a002 16d0 849a 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 809a 0000 ff01 3121 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
+
4500 0058 809a 0000 ff01 3101 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni5 b/contrib/ipfilter/test/expected/ni5
index a64d8129820b..e713cf285101 100644
--- a/contrib/ipfilter/test/expected/ni5
+++ b/contrib/ipfilter/test/expected/ni5
@@ -1,47 +1,103 @@
4500 002c 0000 4000 ff06 02fc 0101 0101 96cb e002 8032 0015 bd6b c9c8 0000 0000 6002 2238 f5a2 0000 0204 05b4
+
4500 002c ffdd 4000 ef06 5374 96cb e002 c0a8 0103 0015 8032 3786 76c4 bd6b c9c9 6012 269c 8369 0000 0204 0584
+
4500 0028 0001 4000 ff06 02ff 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 76c5 5010 269c 5aa0 0000
+
4500 006f ffde 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 76c5 bd6b c9c9 5018 269c 967e 0000 3232 302d 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 7520 4e63 4654 5064 2053 6572 7665 7220 2866 7265 6520 6564 7563 6174 696f 6e61 6c20 6c69 6365 6e73 6529 2072 6561 6479 2e0d 0a
+
4500 0028 0002 4000 ff06 02fe 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 770c 5010 269c 5a59 0000
+
4500 00c7 ffdf 4000 ef06 52d7 96cb e002 c0a8 0103 0015 8032 3786 770c bd6b c9c9 5018 269c 1087 0000 3232 302d 0d0a 3232 302d 4d61 696e 7461 696e 6564 2062 7920 5253 5353 2061 6e64 2052 5350 4153 2049 5420 5374 6166 6620 2870 7265 7669 6f75 736c 7920 6b6e 6f77 6e20 6173 2043 6f6f 6d62 7320 436f 6d70 7574 696e 6720 556e 6974 290d 0a32 3230 2d41 6e79 2070 726f 626c 656d 7320 636f 6e74 6163 7420 6674 706d 6173 7465 7240 636f 6f6d 6273 2e61 6e75 2e65 6475 2e61 750d 0a32 3230 2d0d 0a32 3230 200d 0a
+
4500 0028 0003 4000 ff06 02fd 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5010 269c 59ba 0000
+
4500 0038 0004 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b c9c9 3786 77ab 5018 269c d1c5 0000 5553 4552 2061 6e6f 6e79 6d6f 7573 0d0a
+
4500 0028 ffe0 4000 ef06 5375 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5010 269c 9a00 0000
+
4500 006c ffe1 4000 ef06 5330 96cb e002 c0a8 0103 0015 8032 3786 77ab bd6b c9d9 5018 269c b00f 0000 3333 3120 4775 6573 7420 6c6f 6769 6e20 6f6b 2c20 7365 6e64 2079 6f75 7220 636f 6d70 6c65 7465 2065 2d6d 6169 6c20 6164 6472 6573 7320 6173 2070 6173 7377 6f72 642e 0d0a
+
4500 0028 0005 4000 ff06 02fb 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5010 269c 5966 0000
+
4500 0036 0006 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b c9d9 3786 77ef 5018 269c 373f 0000 5041 5353 2061 7661 6c6f 6e40 0d0a
+
4500 005f ffe2 4000 ef06 533c 96cb e002 c0a8 0103 0015 8032 3786 77ef bd6b c9e7 5018 269c 895e 0000 3233 302d 596f 7520 6172 6520 7573 6572 2023 3420 6f66 2035 3020 7369 6d75 6c74 616e 656f 7573 2075 7365 7273 2061 6c6c 6f77 6564 2e0d 0a
+
4500 0028 0007 4000 ff06 02f9 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7826 5010 269c 5921 0000
+
4500 0099 ffe3 4000 ef06 5301 96cb e002 c0a8 0103 0015 8032 3786 7826 bd6b c9e7 5018 269c d399 0000 3233 302d 0d0a 3233 302d 0d0a 3233 302d 4869 2e20 2057 6527 7265 2063 6c65 616e 696e 6720 7570 2e20 2041 6e79 2066 6565 6462 6163 6b20 6d6f 7374 2077 656c 636f 6d65 2e20 3130 2041 7567 2030 300d 0a32 3330 2d0d 0a32 3330 204c 6f67 6765 6420 696e 2061 6e6f 6e79 6d6f 7573 6c79 2e0d 0a
+
4500 0028 0008 4000 ff06 02f8 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5010 269c 58b0 0000
+
4500 0030 0009 4000 ff06 02ef 0101 0101 96cb e002 8032 0015 bd6b c9e7 3786 7897 5018 269c 86ae 0000 5459 5045 2049 0d0a
+
4500 0038 ffe4 4000 ef06 5361 96cb e002 c0a8 0103 0015 8032 3786 7897 bd6b c9ef 5018 269c 5fae 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a
+
4500 0028 000a 4000 ff06 02f6 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5010 269c 5898 0000
+
4500 003d 000b 4000 ff06 02e0 0101 0101 96cb e002 8032 0015 bd6b c9ef 3786 78a7 5018 269c 4b67 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 310d 0a
+
4500 0046 ffe5 4000 ef06 5352 96cb e002 c0a8 0103 0015 8032 3786 78a7 bd6b ca0c 5018 269c dbc3 0000 3230 3020 504f 5254 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a
+
4500 0030 000c 4000 ff06 02ec 0101 0101 96cb e002 8032 0015 bd6b ca04 3786 78c5 5018 269c 866b 0000 5459 5045 2041 0d0a
+
4500 0038 ffe6 4000 ef06 535f 96cb e002 c0a8 0103 0015 8032 3786 78c5 bd6b ca14 5018 269c 5f5b 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a
+
4500 002e 000d 4000 ff06 02ed 0101 0101 96cb e002 8032 0015 bd6b ca0c 3786 78d5 5018 269c a994 0000 4e4c 5354 0d0a
+
4500 002c ffe7 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 11d4 0000 0000 6002 2238 d190 0000 0204 0584
+
4500 002c 000e 4000 ff06 02ee 0101 0101 96cb e002 8033 0014 bd78 5c12 d9f8 11d5 6012 02f8 96de 0000 0204 0584
+
4500 0028 ffe8 4000 ef06 536d 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5010 269c cb1d 0000
+
4500 005d ffe9 4000 ef06 5337 96cb e002 c0a8 0103 0015 8032 3786 78d5 bd6b ca1a 5018 269c eed0 0000 3135 3020 4f70 656e 696e 6720 4153 4349 4920 6d6f 6465 2064 6174 6120 636f 6e6e 6563 7469 6f6e 2066 6f72 202f 6269 6e2f 6c73 2e0d 0a
+
4500 0028 000f 4000 ff06 02f1 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 11d5 5010 6348 4e1b 0000
-4500 0063 ffea 4000 ef06 5330 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5018 269c a315 0000 636f 6f6d 6273 7061 7065 7273 0d0a 6465 7074 730d 0a66 6f75 6e64 2d66 696c 6573 0d0a 696e 636f 6d69 6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075 620d 0a
-4500 0028 0010 4000 ff06 02f0 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 1210 5010 6348 4de0 0000
-4500 0028 ffeb 4000 ef06 536a 96cb e002 c0a8 0103 0014 8033 d9f8 1210 bd78 5c13 5011 269c cae1 0000
-4500 0028 10da 4000 ff06 327c c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000
-4500 0028 10db 4000 ff06 327b c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000
-4500 0028 ffec 4000 ef06 5369 96cb e002 c0a8 0103 0014 8033 d9f8 1211 bd78 5c14 5010 269c cae0 0000
-4500 0028 0011 4000 ff06 02ef 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 790a 5010 269c 5812 0000
-4500 0040 ffed 4000 ef06 5350 96cb e002 c0a8 0103 0015 8032 3786 790a bd6b ca1a 5018 269c 7c9e 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a
-4500 0030 0012 4000 ff06 02e6 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 7922 5018 269c 85f8 0000 5459 5045 2049 0d0a
-4500 0038 ffee 4000 ef06 5357 96cb e002 c0a8 0103 0015 8032 3786 7922 bd6b ca22 5018 269c 5ef0 0000 3230 3020 5479 7065 206f 6b61 792e 0d0a
-4500 0028 0013 4000 ff06 02ed 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5010 269c 57e2 0000
-4500 002e 0014 4000 ff06 02e6 0101 0101 96cb e002 8032 0015 bd6b ca1a 3786 7932 5018 269c b020 0000 5155 4954 0d0a
-4500 0036 ffef 4000 ef06 5358 96cb e002 c0a8 0103 0015 8032 3786 7932 bd6b ca28 5018 269c a93c 0000 3232 3120 476f 6f64 6279 652e 0d0a
-4500 0028 0015 4000 ff06 02eb 0101 0101 96cb e002 8032 0015 bd6b ca20 3786 7940 5011 269c 57cd 0000
-4500 0028 fff0 4000 ef06 5365 96cb e002 c0a8 0103 0015 8032 3786 7940 bd6b ca28 5011 269c 981b 0000
-4500 0028 10e1 4000 ff06 3275 c0a8 0103 96cb e002 8032 0015 bd6b ca25 3786 7941 5010 269c 981e 0000
-4500 0028 fff1 4000 ef06 5364 96cb e002 c0a8 0103 0015 8032 3786 7941 bd6b ca29 5010 269c 981a 0000
+
+4500 003d 0010 4000 ff06 02db 0101 0101 96cb e002 8032 0015 bd6b ca12 3786 78d5 5018 269c 4a16 0000 504f 5254 2031 2c31 2c31 2c31 2c31 3238 2c35 320d 0a
+
+4500 0046 ffea 4000 ef06 534d 96cb e002 c0a8 0103 0015 8032 3786 78d5 bd6b ca37 5018 269c db6a 0000 3230 3020 504f 5254 2063 6f6d 6d61 6e64 2073 7563 6365 7373 6675 6c2e 0d0a
+
+4500 0030 0011 4000 ff06 02e7 0101 0101 96cb e002 8032 0015 bd6b ca27 3786 78f3 5018 269c 861a 0000 5459 5045 2041 0d0a
+
+4500 0038 ffeb 4000 ef06 535a 96cb e002 c0a8 0103 0015 8032 3786 78f3 bd6b ca3f 5018 269c 5ef2 0000 3230 3020 5479 7065 206f 6b61 793e 0d0a
+
+4500 002e 0012 4000 ff06 02e8 0101 0101 96cb e002 8032 0015 bd6b ca2f 3786 7903 5018 269c a943 0000 4e4c 5354 0d0a
+
+4500 002c ffec 4000 ef06 5365 96cb e002 c0a8 0103 0014 8034 d9f8 11d4 0000 0000 6002 2238 d18f 0000 0204 0584
+
+4500 002c 0013 4000 ff06 02e9 0101 0101 96cb e002 8034 0014 bd78 5c12 d9f8 11d5 6012 02f8 96dd 0000 0204 0584
+
+4500 0028 ffec 4000 ef06 5369 96cb e002 c0a8 0103 0014 8034 d9f8 11d4 0000 0000 5010 2238 e90d 0000
+
+4500 0063 ffed 4000 ef06 532d 96cb e002 c0a8 0103 0014 8033 d9f8 11d5 bd78 5c13 5018 269c a315 0000 636f 6f6d 6273 7061 7065 7273 0d0a 6465 7074 730d 0a66 6f75 6e64 2d66 696c 6573 0d0a 696e 636f 6d69 6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075 620d 0a
+
+4500 0028 0014 4000 ff06 02ec 0101 0101 96cb e002 8033 0014 bd78 5c13 d9f8 1210 5010 6348 4de0 0000
+
+4500 0028 ffee 4000 ef06 5367 96cb e002 c0a8 0103 0014 8033 d9f8 1210 bd78 5c13 5011 269c cae1 0000
+
+4500 0028 10dd 4000 ff06 3279 c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5010 6348 8e35 0000
+
+4500 0028 10dd 4000 ff06 3279 c0a8 0103 96cb e002 8033 0014 bd78 5c13 d9f8 1211 5011 6348 8e34 0000
+
+4500 0028 ffef 4000 ef06 5366 96cb e002 c0a8 0103 0014 8033 d9f8 1211 bd78 5c14 5010 269c cae0 0000
+
+4500 0040 fff0 4000 ef06 534d 96cb e002 c0a8 0103 0015 8032 3786 7903 bd6b ca3f 5018 269c 7c80 0000 3232 3620 4c69 7374 696e 6720 636f 6d70 6c65 7465 642e 0d0a
+
+4500 0028 0015 4000 ff06 02eb 0101 0101 96cb e002 8032 0015 bd6b ca2f 3786 791b 5010 269c 57e4 0000
+
+4500 002e 0016 4000 ff06 02e4 0101 0101 96cb e002 8032 0015 bd6b ca2f 3786 791b 5018 269c b022 0000 5155 4954 0d0a
+
+4500 0036 fff2 4000 ef06 5355 96cb e002 c0a8 0103 0015 8032 3786 791b bd6b ca45 5018 269c a936 0000 3232 3120 476f 6f64 6279 652e 0d0a
+
+4500 0028 0017 4000 ff06 02e9 0101 0101 96cb e002 8032 0015 bd6b ca35 3786 7929 5011 269c 57cf 0000
+
+4500 0028 fff3 4000 ef06 5362 96cb e002 c0a8 0103 0015 8032 3786 7929 bd6b ca45 5011 269c 9815 0000
+
+4500 0028 10e3 4000 ff06 3273 c0a8 0103 96cb e002 8032 0015 bd6b ca3d 3786 792a 5010 269c 981d 0000
+
+4500 0028 fff4 4000 ef06 5361 96cb e002 c0a8 0103 0015 8032 3786 792a bd6b ca46 5010 269c 9814 0000
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni6 b/contrib/ipfilter/test/expected/ni6
index a4e4acebf537..0da034a781b3 100644
--- a/contrib/ipfilter/test/expected/ni6
+++ b/contrib/ipfilter/test/expected/ni6
@@ -1,9 +1,17 @@
4500 0054 cd8a 4000 ff11 1fbb c0a8 0601 c0a8 0701 8075 006f 0040 d26e 3e1d d249 0000 0000 0000 0002 0001 86a0 0000 0002 0000 0003 0000 0000 0000 0000 0000 0000 0000 0000 0001 86a3 0000 0003 0000 0011 0000 0000
+
4500 0054 0000 4000 ff11 ec44 c0a8 0702 c0a8 0701 8075 006f 0040 d16d 3e1d d249 0000 0000 0000 0002 0001 86a0 0000 0002 0000 0003 0000 0000 0000 0000 0000 0000 0000 0000 0001 86a3 0000 0003 0000 0011 0000 0000
+
4500 0038 cd83 4000 ff11 1fde c0a8 0701 c0a8 0601 006f 8075 0024 d805 3e1d d249 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0801
+
4500 0038 0001 4000 ff11 ee5f c0a8 0602 c0a8 0601 006f 8075 0024 d904 3e1d d249 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0801
+
4500 0044 d5a6 4000 ff11 17af c0a8 0601 c0a8 0701 80df 0801 0030 03f1 3e10 1fb1 0000 0000 0000 0002 0001 86a3 0000 0002 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0044 0002 4000 ff11 ec52 c0a8 0702 c0a8 0701 80df 0801 0030 02f0 3e10 1fb1 0000 0000 0000 0002 0001 86a3 0000 0002 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0034 0000 4000 fe11 ee65 c0a8 0701 c0a8 0601 0801 80df 0020 8ab8 3e10 1fb1 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000
+
4500 0034 0003 4000 fe11 ef61 c0a8 0602 c0a8 0601 0801 80df 0020 0000 3e10 1fb1 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni7 b/contrib/ipfilter/test/expected/ni7
index f0d0010d20b8..38c39ab71e23 100644
--- a/contrib/ipfilter/test/expected/ni7
+++ b/contrib/ipfilter/test/expected/ni7
@@ -1,3 +1,5 @@
4500 0028 4706 4000 0111 1eac 0404 0404 0606 0606 afc9 829e 0014 6308 0402 0000 3be5 468d 000a cfc3
+
4500 0038 0000 0000 ff01 afb9 0202 0202 0404 0404 0b00 f91c 0000 0000 4500 0028 4706 4000 0111 26b4 0404 0404 0202 0202 afc9 829e 0014 c966
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni8 b/contrib/ipfilter/test/expected/ni8
index 4741b18cfb80..689ccaa87ead 100644
--- a/contrib/ipfilter/test/expected/ni8
+++ b/contrib/ipfilter/test/expected/ni8
@@ -1,5 +1,9 @@
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 0000 0000 ff01 a7b9 0a02 0202 0404 0404 0303 a7fb 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001
+
4500 0058 0001 0000 ff01 a798 0a02 0202 0404 0404 0303 1137 0000 0000 4500 003c 4706 4000 ff06 20aa 0404 0404 0a02 0202 5000 0500 0000 0001 0000 0000 a002 16d0 cc32 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 0002 0000 ff01 abb3 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/ni9 b/contrib/ipfilter/test/expected/ni9
index 9effc52d3d2f..1eb6fbcca8c2 100644
--- a/contrib/ipfilter/test/expected/ni9
+++ b/contrib/ipfilter/test/expected/ni9
@@ -1,5 +1,9 @@
4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9c40 0000 0001 0000 0000 a002 16d0 3ef4 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 0000 0000 ff01 adb7 0303 0303 0404 0404 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001
+
4500 0058 0001 0000 ff01 ad96 0303 0303 0404 0404 0303 0735 0000 0000 4500 003c 4706 4000 ff06 2aac 0404 0404 0101 0101 5000 9d58 0000 0001 0000 0000 a002 16d0 3ddc 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+
4500 0038 0002 0000 ff01 abb3 0303 0303 0505 0505 0303 0fa3 0000 0000 4500 003c 4706 4000 ff06 2aab 0404 0404 0101 0102 5000 9d58 0000 0001
+
-------------------------------
diff --git a/contrib/ipfilter/test/expected/p2 b/contrib/ipfilter/test/expected/p2
index 2f330c26f8b9..67a7c3ea26f3 100644
--- a/contrib/ipfilter/test/expected/p2
+++ b/contrib/ipfilter/test/expected/p2
@@ -16,10 +16,10 @@ List of configured pools
List of configured hash tables
# 'anonymous' table
table role = ipf type = hash number = 2147483650 size = 3
- { 4.4.0.0/16; 127.0.0.1/32; };
+ { 127.0.0.1/32; 4.4.0.0/16; };
# 'anonymous' table
table role = ipf type = hash number = 2147483649 size = 3
- { 4.4.0.0/16; 127.0.0.1/32; };
+ { 127.0.0.1/32; 4.4.0.0/16; };
List of groups configured (set 0)
List of groups configured (set 1)
-------------------------------
diff --git a/contrib/ipfilter/test/expected/p5 b/contrib/ipfilter/test/expected/p5
new file mode 100644
index 000000000000..d8ea95c066a9
--- /dev/null
+++ b/contrib/ipfilter/test/expected/p5
@@ -0,0 +1,21 @@
+nomatch
+pass
+nomatch
+nomatch
+nomatch
+pass
+nomatch
+nomatch
+List of active MAP/Redirect filters:
+
+List of active sessions:
+
+Hostmap table:
+List of active state sessions:
+List of configured pools
+table role = ipf type = tree name = letters
+ { 1.1.1.1/32; ! 2.2.0.0/16; 2.2.2.0/24; };
+List of configured hash tables
+List of groups configured (set 0)
+List of groups configured (set 1)
+-------------------------------
diff --git a/contrib/ipfilter/test/input/f13 b/contrib/ipfilter/test/input/f13
index d7b07249ace4..77e537e2b638 100644
--- a/contrib/ipfilter/test/input/f13
+++ b/contrib/ipfilter/test/input/f13
@@ -1,3 +1,4 @@
+# This checksum is deliberately incorrect.
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,FO=0 SYN
[in]
4500 0028 0001 4000 3f06 36cc 0101 0101 0201 0101
@@ -16,7 +17,7 @@
# 1.1.1.1,1024 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN
[in]
4500 0028 0003 6000 3f06 16ca 0101 0101 0201 0101
-0400 0019 7000 0000 0000 0000 5002 2000 0000 0000
+0400 0019 7000 0000 0000 0000 5002 2000 16c6 0000
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
[in]
diff --git a/contrib/ipfilter/test/input/ip2.data b/contrib/ipfilter/test/input/ip2.data
new file mode 100644
index 000000000000..ef34eb5e1314
--- /dev/null
+++ b/contrib/ipfilter/test/input/ip2.data
@@ -0,0 +1,3 @@
+1.1.1.1/32
+!2.2.0.0/16
+2.2.2.0/24
diff --git a/contrib/ipfilter/test/input/ipv6.1 b/contrib/ipfilter/test/input/ipv6.1
index 39208103edde..3f0fd308102f 100644
--- a/contrib/ipfilter/test/input/ipv6.1
+++ b/contrib/ipfilter/test/input/ipv6.1
@@ -18,3 +18,15 @@ ef00 1001 2002 0001 0000 0000 0000 0070
f427
0000 0344 0000 0004 f8f1 9d3c ddba 0e00
+[in,gif0] 6000 0000 0048 3a40
+ef00 1001 0880 6cbf 0000 0000 0000 0001
+ef00 1001 2002 0001 0000 0000 0000 0070
+0300 7d44 0000 0000
+6000 0000 0018 1101
+ef00 1001 2002 1001 0000 0000 0000 0070
+2001 1002 3333 0001 0000 0000 0000 0001
+8083 829a
+0018
+f427
+0000 0344 0000 0004 f8f1 9d3c ddba 0e00
+
diff --git a/contrib/ipfilter/test/input/ipv6.5 b/contrib/ipfilter/test/input/ipv6.5
new file mode 100644
index 000000000000..e46407ca110f
--- /dev/null
+++ b/contrib/ipfilter/test/input/ipv6.5
@@ -0,0 +1,14 @@
+[out,de0]
+6000 0000 002c 2bff
+ef00 0000 0000 0000 0000 0000 0001 0013
+ff02 0000 0000 0000 0000 0001 ff01 000b
+0602 0000 0000 0000
+ff02 0000 0000 0000 0000 0001 ff01 000b
+0401 0019 0000 0000 0000 0000 5002 2000 9ea3 0000
+
+[out,de0]
+6000 0000 0014 06ff
+ef00 0000 0000 0000 0000 0000 0001 0013
+ff02 0000 0000 0000 0000 0001 ff01 000b
+0401 0019 0000 0000 0000 0000 5002 2000 9ea3 0000
+
diff --git a/contrib/ipfilter/test/input/ni1 b/contrib/ipfilter/test/input/ni1
index 8f548d5efca2..fb6b0b63e5f9 100644
--- a/contrib/ipfilter/test/input/ni1
+++ b/contrib/ipfilter/test/input/ni1
@@ -18,3 +18,39 @@ afc9 829e 0014 6308
afc9 829e 0014 6308
0402 0000 3be5 468d 000a cfc3
+[out,df0]
+4500 0028 4706 4000 0111 26b4 0202 0202
+0404 0404 0800 829e 0014 12da 0402 0000
+3be5 468d 000a cfc3
+
+[in,df0]
+4500 0038 809a 0000 ff01 2918 0303 0303
+0606 0607 0b00 5f7c 0000 0000
+4500 0028 0000 4000 0111 65b1 0606 0607 0404 0404
+4e20 829e 0014 c4b0
+
+[in,df0]
+4500 0044 809a 0000 ff01 290c 0303 0303
+0606 0607 0b00 093a 0000 0000
+4500 0028 0000 4000 0111 65b1 0606 0607 0404 0404
+4e20 829e 0014 c4b0
+0402 0000 3be5 468d 000a cfc3
+
+[out,df0]
+4500 0028 4706 4000 0111 26b4 0202 0202
+0404 0404 5000 829e 0014 cad9 0402 0000
+3be5 468d 000a cfc3
+
+[in,df0]
+4500 0038 809a 0000 ff01 2917 0303 0303
+0606 0608 0b00 0775 0000 0000
+4500 0028 0000 4000 0111 65b0 0606 0608 0404 0404
+07d0 829e 0014 6308
+
+[in,df0]
+4500 0044 809a 0000 ff01 290b 0303 0303
+0606 0608 0b00 093b 0000 0000
+4500 0028 0000 4000 0111 65b0 0606 0608 0404 0404
+07d0 829e 0014 0b00
+0402 0000 3be5 468d 000a cfc3
+
diff --git a/contrib/ipfilter/test/input/ni13 b/contrib/ipfilter/test/input/ni13
index 56ddb792abd2..77569eead702 100644
--- a/contrib/ipfilter/test/input/ni13
+++ b/contrib/ipfilter/test/input/ni13
@@ -216,13 +216,13 @@ c0a8 7101 3081 880b 000c 4000 0000 0009
# 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1)
[in,pcn1]
-4500 002a 5e1e 0000 802f 7933 c0a8 7101
+4500 002a 5e1e 0000 802f 7931 c0a8 7101
c0a8 7103 3081 880b 0006 0000 0000 0008
0000 0009 80fd 0201 0004 0000 0000
# 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6)
[in,pcn1]
-4500 0032 5e1f 0000 802f 792a c0a8 7101
+4500 0032 5e1f 0000 802f 7928 c0a8 7101
c0a8 7103 3001 880b 0012 0000 0000 0009
80fd 0506 0010 577f 7c5b 003c cd74 0000
02dc
diff --git a/contrib/ipfilter/test/input/ni14 b/contrib/ipfilter/test/input/ni14
index 00f02900952c..681132120e23 100644
--- a/contrib/ipfilter/test/input/ni14
+++ b/contrib/ipfilter/test/input/ni14
@@ -127,7 +127,7 @@ c0a8 7101 3081 880b 0016 4000 0000 0002
# 23:18:36.564803 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:3 ppp: IPCP 18: Conf-Req(1), IP-Addr=192.168.0.1, IP-Comp VJ-Comp
[out,pcn1]
-4500 0032 69ae 0000 ff2f ee98 7f00 0001
+4500 0032 69ae 0000 ff2f a143 7f00 0001
c0a8 7101 3001 880b 0012 4000 0000 0003
8021 0101 0010 0306 c0a8 0001 0206 002d
0f01
@@ -148,7 +148,7 @@ c0a8 7103 3081 880b 0014 0000 0000 0003
# 23:18:36.573856 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:4 A:3 ppp: LCP 26: Code-Rej(2)
[out,pcn1]
-4500 003e 69af 0000 ff2f ee8b 7f00 0001
+4500 003e 69af 0000 ff2f a136 7f00 0001
c0a8 7101 3081 880b 001a 4000 0000 0004
0000 0003 ff03 c021 0702 0016 0c02 0012
577f 7c5b 4d53 5241 5356 352e 3130
@@ -162,7 +162,7 @@ c0a8 7103 3081 880b 001a 0000 0000 0004
# 23:18:36.585562 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:5 A:4 ppp: LCP 32: Code-Rej(3)
[out,pcn1]
-4500 0044 69b0 0000 ff2f ee84 7f00 0001
+4500 0044 69b0 0000 ff2f a12f 7f00 0001
c0a8 7101 3081 880b 0020 4000 0000 0005
0000 0004 ff03 c021 0703 001c 0c03 0018
577f 7c5b 4d53 5241 532d 302d 434c 4159
@@ -176,13 +176,13 @@ c0a8 7103 3081 880b 000c 0000 0000 0005
# 23:18:36.589445 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:6 A:5 ppp: CCP 6: Conf-Req(1)
[out,pcn1]
-4500 002a 69b1 0000 ff2f ee9d 7f00 0001
+4500 002a 69b1 0000 ff2f a148 7f00 0001
c0a8 7101 3081 880b 0006 4000 0000 0006
0000 0005 80fd 0101 0004
# 23:18:36.589540 192.168.113.3 > 192.168.113.1: gre [KSv1] ID:4000 S:7 ppp: CCP 12: Conf-Rej(4), MPPC
[out,pcn1]
-4500 002c 69b2 0000 ff2f ee9a 7f00 0001
+4500 002c 69b2 0000 ff2f a145 7f00 0001
c0a8 7101 3001 880b 000c 4000 0000 0007
80fd 0404 000a 1206 0100 0001
@@ -196,7 +196,7 @@ c0a8 7103 3081 880b 0024 0000 0000 0006
# 23:18:36.590489 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:8 A:6 ppp: IPCP 30: Conf-Rej(5), Pri-DNS=0.0.0.0, Pri-NBNS=0.0.0.0, Sec-DNS=0.0.0.0, Sec-NBNS=0.0.0.0
[out,pcn1]
-4500 0042 69b3 0000 ff2f ee83 7f00 0001
+4500 0042 69b3 0000 ff2f a12e 7f00 0001
c0a8 7101 3081 880b 001e 4000 0000 0008
0000 0006 8021 0405 001c 8106 0000 0000
8206 0000 0000 8306 0000 0000 8406 0000
@@ -210,7 +210,7 @@ c0a8 7103 3081 880b 000c 0000 0000 0007
# 23:18:36.593819 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:9 A:7 ppp: IPCP 12: Conf-Req(2), IP-Addr=192.168.0.1
[out,pcn1]
-4500 0030 69b4 0000 ff2f ee94 7f00 0001
+4500 0030 69b4 0000 ff2f a13f 7f00 0001
c0a8 7101 3081 880b 000c 4000 0000 0009
0000 0007 8021 0102 000a 0306 c0a8 0001
@@ -229,7 +229,7 @@ c0a8 7103 3001 880b 0012 0000 0000 0009
# 23:18:36.595937 192.168.113.3 > 192.168.113.1: gre [KSAv1] ID:4000 S:10 A:9 ppp: CCP 6: Term-Ack(6)
[out,pcn1]
-4500 002a 69b5 0000 ff2f ee99 7f00 0001
+4500 002a 69b5 0000 ff2f a144 7f00 0001
c0a8 7101 3081 880b 0006 4000 0000 000a
0000 0009 80fd 0606 0004
diff --git a/contrib/ipfilter/test/input/ni16 b/contrib/ipfilter/test/input/ni16
index b1cc521ac8f2..24bfcfc3835f 100644
--- a/contrib/ipfilter/test/input/ni16
+++ b/contrib/ipfilter/test/input/ni16
@@ -216,13 +216,13 @@ c0a8 7101 3081 880b 000c 4000 0000 0009
# 23:18:36.594840 192.168.113.1 > 192.168.113.3: gre [KSAv1] ID:0000 S:8 A:9 ppp: CCP 6: Conf-Ack(1)
[out,pcn1]
-4500 002a 5e1e 0000 802f 9ed9 0a02 0202
+4500 002a 5e1e 0000 802f 9ed7 0a02 0202
c0a8 7103 3081 880b 0006 0000 0000 0008
0000 0009 80fd 0201 0004 0000 0000
# 23:18:36.595525 192.168.113.1 > 192.168.113.3: gre [KSv1] ID:0000 S:9 ppp: CCP 18: Term-Req(6)
[out,pcn1]
-4500 0032 5e1f 0000 802f 9ed0 0a02 0202
+4500 0032 5e1f 0000 802f 9ece 0a02 0202
c0a8 7103 3001 880b 0012 0000 0000 0009
80fd 0506 0010 577f 7c5b 003c cd74 0000
02dc
diff --git a/contrib/ipfilter/test/input/ni2 b/contrib/ipfilter/test/input/ni2
index b16cd027c600..30458212bb03 100644
--- a/contrib/ipfilter/test/input/ni2
+++ b/contrib/ipfilter/test/input/ni2
@@ -155,7 +155,7 @@ c0a8 0133
4500 0038 d71d 4000 4001 7d22
c0a8 6401
c0a8 0133
-0304 da99 0000 05a0 4500 05dc
-e483 4000 7e06 44bb c0a8 0133 0a01 0201
-0077 05f6 fbdf 1a75
+0304 3435 0000 05a0
+4500 05dc e483 4000 7e06 44bb c0a8 0133 0a01 0201
+0077 05f6 fbdf 1a75 a664
diff --git a/contrib/ipfilter/test/input/ni23 b/contrib/ipfilter/test/input/ni23
new file mode 100644
index 000000000000..938b7b86cf2d
--- /dev/null
+++ b/contrib/ipfilter/test/input/ni23
@@ -0,0 +1,3 @@
+in on le0 udp 3.3.3.1,6700 1.1.2.3,4500
+in on hme0 udp 2.2.2.2,4500 4.4.4.4,6700
+out on bge0 udp 2.2.2.2,4500 3.3.3.1,6700
diff --git a/contrib/ipfilter/test/input/ni3 b/contrib/ipfilter/test/input/ni3
index feb4b29b1ec1..66b22a6d4293 100644
--- a/contrib/ipfilter/test/input/ni3
+++ b/contrib/ipfilter/test/input/ni3
@@ -3,7 +3,7 @@
# going out)
[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
-[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ac 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01
+[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 ac ab 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
diff --git a/contrib/ipfilter/test/input/ni4 b/contrib/ipfilter/test/input/ni4
index b2be5503f835..ad5575f95317 100644
--- a/contrib/ipfilter/test/input/ni4
+++ b/contrib/ipfilter/test/input/ni4
@@ -3,7 +3,7 @@
# going out)
[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
-[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6c 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01
+[in,df0] 45 00 00 38 80 9a 00 00 ff 01 29 19 03 03 03 03 06 06 06 06 03 03 60 6b 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01
# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
[in,df0] 45 00 00 58 80 9a 00 00 ff 01 28 f9 03 03 03 03 06 06 06 06 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
diff --git a/contrib/ipfilter/test/input/ni5 b/contrib/ipfilter/test/input/ni5
index a8aec23b2961..c45be54266ff 100644
--- a/contrib/ipfilter/test/input/ni5
+++ b/contrib/ipfilter/test/input/ni5
@@ -1,18 +1,22 @@
+# 32818,21 SYN
[out,ppp0]
4500 002c 10c9 4000 ff06 3289 c0a8 0103
96cb e002 8032 0015 bd6b c9c8 0000 0000
6002 2238 35f9 0000 0204 05b4
+# 21,32818 SYN+ACK
[in,ppp0]
4500 002c ffdd 4000 ef06 131e 96cb e002
0101 0101 0015 8032 3786 76c4 bd6b c9c9
6012 269c 4313 0000 0204 0584
+# 32818,21 ACK
[out,ppp0]
4500 0028 10ca 4000 ff06 328c c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 76c5
5010 269c 9af6 0000
+# ACK+PUSH "[220-coombs.anu.edu.au NcFTPd Server (free educational license) ready.\r\n"
[in,ppp0]
4500 006f ffde 4000 ef06 12da 96cb e002
0101 0101 0015 8032 3786 76c5 bd6b c9c9
@@ -22,11 +26,16 @@
6520 6564 7563 6174 696f 6e61 6c20 6c69
6365 6e73 6529 2072 6561 6479 2e0d 0a
+# 32818,21 ACK
[out,ppp0]
4500 0028 10cb 4000 ff06 328b c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 770c
5010 269c 9aaf 0000
+# 21,32818 ACK+PUSH
+# "220-Maintained by RSSS and RSPAS IT Staff (previously known as Coombs Computing Unit)\r\n
+# "220-Any problems contact ftpmaster@coombs.anu.edu.au\r\n"
+# "220-\r\n220 \r\n"
[in,ppp0]
4500 00c7 ffdf 4000 ef06 1281 96cb e002
0101 0101 0015 8032 3786 770c bd6b c9c9
@@ -42,22 +51,26 @@
6e75 2e65 6475 2e61 750d 0a32 3230 2d0d
0a32 3230 200d 0a
+# 32818,21 ACK
[out,ppp0]
4500 0028 10cc 4000 ff06 328a c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 77ab
5010 269c 9a10 0000
+# 32818,21 ACK+PUSH "USER anonymous\r\n"
[out,ppp0]
4500 0038 10cd 4000 ff06 3279 c0a8 0103
96cb e002 8032 0015 bd6b c9c9 3786 77ab
5018 269c 121c 0000 5553 4552 2061 6e6f
6e79 6d6f 7573 0d0a
+# 21,32818 ACK
[in,ppp0]
4500 0028 ffe0 4000 ef06 131f 96cb e002
0101 0101 0015 8032 3786 77ab bd6b c9d9
5010 269c 59aa 0000
+# 21,32818 ACK+PUSH "331 Guest login ok, send your complete e-mail address as password.\r\n"
[in,ppp0]
4500 006c ffe1 4000 ef06 12da 96cb e002
0101 0101 0015 8032 3786 77ab bd6b c9d9
@@ -67,17 +80,21 @@
2d6d 6169 6c20 6164 6472 6573 7320 6173
2070 6173 7377 6f72 642e 0d0a
+# 32818,21 ACK
[out,ppp0]
4500 0028 10ce 4000 ff06 3288 c0a8 0103
96cb e002 8032 0015 bd6b c9d9 3786 77ef
5010 269c 99bc 0000
+# 32818,21 ACK+PUSH "PASS avalon@\r\n"
[out,ppp0]
4500 0036 10cf 4000 ff06 3279 c0a8 0103
96cb e002 8032 0015 bd6b c9d9 3786 77ef
5018 269c 7795 0000 5041 5353 2061 7661
6c6f 6e40 0d0a
+# 21,32818 ACK+PUSH
+# "230-You are user #4 of 50 simultaneous users allowed.\r\n"
[in,ppp0]
4500 005f ffe2 4000 ef06 12e6 96cb e002
0101 0101 0015 8032 3786 77ef bd6b c9e7
@@ -86,11 +103,16 @@
3020 7369 6d75 6c74 616e 656f 7573 2075
7365 7273 2061 6c6c 6f77 6564 2e0d 0a
+# 32818,21 ACK
[out,ppp0]
4500 0028 10d0 4000 ff06 3286 c0a8 0103
96cb e002 8032 0015 bd6b c9e7 3786 7826
5010 269c 9977 0000
+# 21,32818 ACK+PUSH
+# "230-\r\n230-\r\n"
+# "230-Hi. We're cleaning up. Any feedback most welcome. 10 Aug 00\r\n"
+# "230-\r\n230 Logged in anonymously.\r\n"
[in,ppp0]
4500 0099 ffe3 4000 ef06 12ab 96cb e002
0101 0101 0015 8032 3786 7826 bd6b c9e7
@@ -103,27 +125,32 @@
204c 6f67 6765 6420 696e 2061 6e6f 6e79
6d6f 7573 6c79 2e0d 0a
+# 32818,21 ACK
[out,ppp0]
4500 0028 10d1 4000 ff06 3285 c0a8 0103
96cb e002 8032 0015 bd6b c9e7 3786 7897
5010 269c 9906 0000
+# 32818,21 ACK "TYPE I\r\n"
[out,ppp0]
4500 0030 10d2 4000 ff06 327c c0a8 0103
96cb e002 8032 0015 bd6b c9e7 3786 7897
5018 269c c704 0000 5459 5045 2049 0d0a
+# 21,32818 "200 Type okay.\r\n"
[in,ppp0]
4500 0038 ffe4 4000 ef06 130b 96cb e002
0101 0101 0015 8032 3786 7897 bd6b c9ef
5018 269c 1f58 0000 3230 3020 5479 7065
206f 6b61 792e 0d0a
+# 32818,21 ACK
[out,ppp0]
4500 0028 10d3 4000 ff06 3283 c0a8 0103
96cb e002 8032 0015 bd6b c9ef 3786 78a7
5010 269c 98ee 0000
+# 32818,21 ACK "PORT 192,158,1,3,128,51\r\n"
[out,ppp0]
4500 0041 10d4 4000 ff06 3269 c0a8 0103
96cb e002 8032 0015 bd6b c9ef 3786 78a7
@@ -131,6 +158,7 @@
2c31 3638 2c31 2c33 2c31 3238 2c35 310d
0a
+# 32818,21 ACK "200 PORT command successful.\r\n"
[in,ppp0]
4500 0046 ffe5 4000 ef06 12fc 96cb e002
0101 0101 0015 8032 3786 78a7 bd6b ca08
@@ -138,37 +166,44 @@
2063 6f6d 6d61 6e64 2073 7563 6365 7373
6675 6c2e 0d0a
+# 32818,21 "TYPE A\r\n"
[out,ppp0]
4500 0030 10d5 4000 ff06 3279 c0a8 0103
96cb e002 8032 0015 bd6b ca08 3786 78c5
5018 269c c6bd 0000 5459 5045 2041 0d0a
+# 21,32818 "200 Type okay.\r\n"
[in,ppp0]
4500 0038 ffe6 4000 ef06 1309 96cb e002
0101 0101 0015 8032 3786 78c5 bd6b ca10
5018 269c 1f09 0000 3230 3020 5479 7065
206f 6b61 792e 0d0a
+# 32818,21 "NLST\r\n"
[out,ppp0]
4500 002e 10d6 4000 ff06 327a c0a8 0103
96cb e002 8032 0015 bd6b ca10 3786 78d5
5018 269c e9e6 0000 4e4c 5354 0d0a
+# 20,32819 SYN
[in,ppp0]
4500 002c ffe7 4000 ef06 1314 96cb e002
0101 0101 0014 8033 d9f8 11d4 0000 0000
6002 2238 913a 0000 0204 0584
+# 32819,20 SYN+ACK
[out,ppp0]
4500 002c 10d7 4000 ff06 327b c0a8 0103
96cb e002 8033 0014 bd78 5c12 d9f8 11d5
6012 02f8 d734 0000 0204 0584
+# 20,32819 ACK
[in,ppp0]
4500 0028 ffe8 4000 ef06 1317 96cb e002
0101 0101 0014 8033 d9f8 11d5 bd78 5c13
5010 269c 8ac7 0000
+# 21,32819 ACK "150 Opening ASCII mode data connection for /bin/ls.\r\n"
[in,ppp0]
4500 005d ffe9 4000 ef06 12e1 96cb e002
0101 0101 0015 8032 3786 78d5 bd6b ca16
@@ -177,13 +212,68 @@
6174 6120 636f 6e6e 6563 7469 6f6e 2066
6f72 202f 6269 6e2f 6c73 2e0d 0a
+# 32819,20 ACK
[out,ppp0]
4500 0028 10d8 4000 ff06 327e c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 11d5
5010 6348 8e71 0000
+# 32818,21 ACK+PUSH "PORT 192,158,1,3,128,52\r\n"
+[out,ppp0]
+4500 0041 10d9 4000 ff06 3264 c0a8 0103
+96cb e002 8032 0015 bd6b ca16 3786 78d5
+5018 269c 1af8 0000 504f 5254 2031 3932
+2c31 3638 2c31 2c33 2c31 3238 2c35 320d
+0a
+
+# 21,32818 ACK+PUSH "200 PORT command successful\r\n"
+[in,ppp0]
+4500 0046 ffea 4000 ef06 12f7 96cb e002
+0101 0101 0015 8032 3786 78d5 bd6b ca2f
+5018 269c 9b1c 0000 3230 3020 504f 5254
+2063 6f6d 6d61 6e64 2073 7563 6365 7373
+6675 6c2e 0d0a
+
+# 32818,21 ACK+PUSH "TYPE A\r\n"
+[out,ppp0]
+4500 0030 10da 4000 ff06 3274 c0a8 0103
+96cb e002 8032 0015 bd6b ca2f 3786 78f3
+5018 269c c668 0000 5459 5045 2041 0d0a
+
+# 21,32818 "200 Type okay.\r\n"
[in,ppp0]
-4500 0063 ffea 4000 ef06 12da 96cb e002
+4500 0038 ffeb 4000 ef06 1304 96cb e002
+0101 0101 0015 8032 3786 78f3 bd6b ca37
+5018 269c 1ea4 0000 3230 3020 5479 7065
+206f 6b61 793e 0d0a
+
+# 32818,21 ACK+PUSH "NLST\r\n"
+[out,ppp0]
+4500 002e 10db 4000 ff06 3275 c0a8 0103
+96cb e002 8032 0015 bd6b ca37 3786 7903
+5018 269c e991 0000 4e4c 5354 0d0a
+
+# 20,32820 2nd connection SYN
+[in,ppp0]
+4500 002c ffec 4000 ef06 130f 96cb e002
+0101 0101 0014 8034 d9f8 11d4 0000 0000
+6002 2238 9139 0000 0204 0584
+
+# 32820,20 SYN+ACK
+[out,ppp0]
+4500 002c 10d7 4000 ff06 327b c0a8 0103
+96cb e002 8034 0014 bd78 5c12 d9f8 11d5
+6012 02f8 d733 0000 0204 0584
+
+# 20,32820 ACK
+[in,ppp0]
+4500 0028 ffec 4000 ef06 1313 96cb e002
+0101 0101 0014 8034 d9f8 11d4 0000 0000
+5010 2238 a8b7 0000
+
+# 20,32819 ACK+PUSH
+[in,ppp0]
+4500 0063 ffed 4000 ef06 12d7 96cb e002
0101 0101 0014 8033 d9f8 11d5 bd78 5c13
5018 269c 62bf 0000 636f 6f6d 6273 7061
7065 7273 0d0a 6465 7074 730d 0a66 6f75
@@ -191,86 +281,83 @@
6e67 0d0a 6e6c 632d 7465 7374 0d0a 7075
620d 0a
+# 32819,20 ACK
[out,ppp0]
-4500 0028 10d9 4000 ff06 327d c0a8 0103
+4500 0028 10dc 4000 ff06 327a c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 1210
5010 6348 8e36 0000
+# 20,32819 FIN+ACK
[in,ppp0]
-4500 0028 ffeb 4000 ef06 1314 96cb e002
+4500 0028 ffee 4000 ef06 1311 96cb e002
0101 0101 0014 8033 d9f8 1210 bd78 5c13
5011 269c 8a8b 0000
+# 32819,20 ACK
[out,ppp0]
-4500 0028 10da 4000 ff06 327c c0a8 0103
+4500 0028 10dd 4000 ff06 3279 c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 1211
5010 6348 8e35 0000
+# 32819,20 FIN+ACK
[out,ppp0]
-4500 0028 10db 4000 ff06 327b c0a8 0103
+4500 0028 10dd 4000 ff06 3279 c0a8 0103
96cb e002 8033 0014 bd78 5c13 d9f8 1211
5011 6348 8e34 0000
+# 20,32819 ACK
[in,ppp0]
-4500 0028 ffec 4000 ef06 1313 96cb e002
+4500 0028 ffef 4000 ef06 1310 96cb e002
0101 0101 0014 8033 d9f8 1211 bd78 5c14
5010 269c 8a8a 0000
-[out,ppp0]
-4500 0028 10dc 4000 ff06 327a c0a8 0103
-96cb e002 8032 0015 bd6b ca16 3786 790a
-5010 269c 9864 0000
-
+# 21,32818 220 "226 Listing completed.\r\n"
[in,ppp0]
-4500 0040 ffed 4000 ef06 12fa 96cb e002
-0101 0101 0015 8032 3786 790a bd6b ca16
-5018 269c 3c4c 0000 3232 3620 4c69 7374
+4500 0040 fff0 4000 ef06 12f7 96cb e002
+0101 0101 0015 8032 3786 7903 bd6b ca37
+5018 269c 3c32 0000 3232 3620 4c69 7374
696e 6720 636f 6d70 6c65 7465 642e 0d0a
+# 32818,21 ACK
[out,ppp0]
-4500 0030 10dd 4000 ff06 3271 c0a8 0103
-96cb e002 8032 0015 bd6b ca16 3786 7922
-5018 269c c64a 0000 5459 5045 2049 0d0a
-
-[in,ppp0]
-4500 0038 ffee 4000 ef06 1301 96cb e002
-0101 0101 0015 8032 3786 7922 bd6b ca1e
-5018 269c 1e9e 0000 3230 3020 5479 7065
-206f 6b61 792e 0d0a
-
-[out,ppp0]
-4500 0028 10de 4000 ff06 3278 c0a8 0103
-96cb e002 8032 0015 bd6b ca1e 3786 7932
-5010 269c 9834 0000
+4500 0028 10e0 4000 ff06 3276 c0a8 0103
+96cb e002 8032 0015 bd6b ca37 3786 791b
+5010 269c 9832 0000
+# 32818,21 "QUIT\r\n"
[out,ppp0]
-4500 002e 10df 4000 ff06 3271 c0a8 0103
-96cb e002 8032 0015 bd6b ca1e 3786 7932
-5018 269c f072 0000 5155 4954 0d0a
+4500 002e 10e1 4000 ff06 326f c0a8 0103
+96cb e002 8032 0015 bd6b ca37 3786 791b
+5018 269c f070 0000 5155 4954 0d0a
+# 21,32818 "221 Goodbye."
[in,ppp0]
-4500 0036 ffef 4000 ef06 1302 96cb e002
-0101 0101 0015 8032 3786 7932 bd6b ca24
-5018 269c 68ea 0000 3232 3120 476f 6f64
+4500 0036 fff2 4000 ef06 12ff 96cb e002
+0101 0101 0015 8032 3786 791b bd6b ca3d
+5018 269c 68e8 0000 3232 3120 476f 6f64
6279 652e 0d0a
+# 32818,21 ACK+FIN
[out,ppp0]
-4500 0028 10e0 4000 ff06 3276 c0a8 0103
-96cb e002 8032 0015 bd6b ca24 3786 7940
-5011 269c 981f 0000
+4500 0028 10e2 4000 ff06 3274 c0a8 0103
+96cb e002 8032 0015 bd6b ca3d 3786 7929
+5011 269c 981d 0000
+# 21,32818 ACK+FIN
[in,ppp0]
-4500 0028 fff0 4000 ef06 130f 96cb e002
-0101 0101 0015 8032 3786 7940 bd6b ca24
-5011 269c 57c9 0000
+4500 0028 fff3 4000 ef06 130c 96cb e002
+0101 0101 0015 8032 3786 7929 bd6b ca3d
+5011 269c 57c7 0000
+# 32818,21 ACK
[out,ppp0]
-4500 0028 10e1 4000 ff06 3275 c0a8 0103
-96cb e002 8032 0015 bd6b ca25 3786 7941
-5010 269c 981e 0000
+4500 0028 10e3 4000 ff06 3273 c0a8 0103
+96cb e002 8032 0015 bd6b ca3d 3786 792a
+5010 269c 981d 0000
+# 21,32818 ACK
[in,ppp0]
-4500 0028 fff1 4000 ef06 130e 96cb e002
-0101 0101 0015 8032 3786 7941 bd6b ca25
-5010 269c 57c8 0000
+4500 0028 fff4 4000 ef06 130b 96cb e002
+0101 0101 0015 8032 3786 792a bd6b ca3e
+5010 269c 57c6 0000
diff --git a/contrib/ipfilter/test/input/p5 b/contrib/ipfilter/test/input/p5
new file mode 100644
index 000000000000..f6753fac4264
--- /dev/null
+++ b/contrib/ipfilter/test/input/p5
@@ -0,0 +1,8 @@
+in 127.0.0.1 127.0.0.1
+in 1.1.1.1 1.2.1.1
+out 127.0.0.1 127.0.0.1
+out 1.1.1.1 1.2.1.1
+in 2.3.0.1 1.2.1.1
+in 2.2.2.1 1.2.1.1
+in 2.2.0.1 1.2.1.1
+out 4.4.1.1 1.2.1.1
diff --git a/contrib/ipfilter/test/natipftest b/contrib/ipfilter/test/natipftest
index abdc7603b002..5776b4202c95 100755
--- a/contrib/ipfilter/test/natipftest
+++ b/contrib/ipfilter/test/natipftest
@@ -1,14 +1,26 @@
#!/bin/sh
mode=$1
+name=$2
+input=$3
+output=$4
shift
-if [ $3 = hex ] ; then
- format="-xF $2"
+if [ $output = hex ] ; then
+ format="-xF $input"
else
- format="-F $2"
-fi
-if [ "$4" != "" ] ; then
- format="-T $4 $format"
+ format="-F $input"
fi
+shift
+shift
+shift
+while [ $# -ge 1 ] ; do
+ l=`echo $1 | cut -c1`
+ if [ "$l" = "-" ] ; then
+ format="$format $1"
+ else
+ format="-T $1 $format"
+ fi
+ shift
+done
mkdir -p results
if [ -f /usr/ucb/touch ] ; then
TOUCH=/usr/ucb/touch
@@ -24,35 +36,35 @@ fi
case $mode in
single)
- echo "$1...";
- /bin/cp /dev/null results/$1
+ echo "$name...";
+ /bin/cp /dev/null results/$name
( while read rule; do
- echo "$rule" | ../ipftest -R $format -b -r regress/$1.ipf -N - -i input/$1 >> \
- results/$1;
+ echo "$rule" | ../ipftest -R $format -b -r regress/$name.ipf -N - -i input/$name >> \
+ results/$name;
if [ $? -ne 0 ] ; then
exit 1;
fi
- echo "-------------------------------" >> results/$1
- done ) < regress/$1.nat
- cmp expected/$1 results/$1
+ echo "-------------------------------" >> results/$name
+ done ) < regress/$name.nat
+ cmp expected/$name results/$name
status=$?
if [ $status = 0 ] ; then
- $TOUCH $1
+ $TOUCH $name
fi
;;
multi)
- echo "$1...";
- /bin/cp /dev/null results/$1
- ../ipftest -R $format -b -r regress/$1.ipf -N regress/$1.nat \
- -i input/$1 >> results/$1;
+ echo "$name...";
+ /bin/cp /dev/null results/$name
+ ../ipftest -R $format -b -r regress/$name.ipf -N regress/$name.nat \
+ -i input/$name >> results/$name;
if [ $? -ne 0 ] ; then
exit 2;
fi
- echo "-------------------------------" >> results/$1
- cmp expected/$1 results/$1
+ echo "-------------------------------" >> results/$name
+ cmp expected/$name results/$name
status=$?
if [ $status = 0 ] ; then
- $TOUCH $1
+ $TOUCH $name
fi
;;
esac
diff --git a/contrib/ipfilter/test/regress/ip2 b/contrib/ipfilter/test/regress/ip2
new file mode 100644
index 000000000000..76f31b60f9d4
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ip2
@@ -0,0 +1,2 @@
+table role = ipf type = tree name = letters
+ { "file://input/ip2.data"; };
diff --git a/contrib/ipfilter/test/regress/ipv6.5 b/contrib/ipfilter/test/regress/ipv6.5
new file mode 100644
index 000000000000..ba8cabb501e0
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ipv6.5
@@ -0,0 +1,2 @@
+pass out all with v6hdrs routing
+block out proto tcp all with v6hdrs routing
diff --git a/contrib/ipfilter/test/regress/ni1.nat b/contrib/ipfilter/test/regress/ni1.nat
index 4306f4b45d3d..f38e435bcf7a 100644
--- a/contrib/ipfilter/test/regress/ni1.nat
+++ b/contrib/ipfilter/test/regress/ni1.nat
@@ -1 +1,3 @@
-map df0 2.2.2.2/32 -> 6.6.6.6/32
+map df0 from 2.2.2.2/32 port 20000 >< 25000 to any -> 6.6.6.8/32 portmap udp 2000:2500
+map df0 from 2.2.2.2/32 port 2000 >< 2500 to any -> 6.6.6.7/32 portmap udp 20000:25000
+map df0 from 2.2.2.2/32 to any -> 6.6.6.6/32
diff --git a/contrib/ipfilter/test/regress/ni23.ipf b/contrib/ipfilter/test/regress/ni23.ipf
new file mode 100644
index 000000000000..49ebcf708766
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ni23.ipf
@@ -0,0 +1,3 @@
+block out all
+block in all
+pass in on le0,hme0 out-via ppp0,bge0 to ppp0:3.3.3.254 proto udp all keep state
diff --git a/contrib/ipfilter/test/regress/ni23.nat b/contrib/ipfilter/test/regress/ni23.nat
new file mode 100644
index 000000000000..094d377c00dc
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ni23.nat
@@ -0,0 +1,2 @@
+rdr le0,bge0 1.1.0.0/16 -> 2.2.2.2
+map hme0,ppp0 3.3.3.0/24 -> 4.4.4.4/32
diff --git a/contrib/ipfilter/test/regress/p5.ipf b/contrib/ipfilter/test/regress/p5.ipf
new file mode 100644
index 000000000000..ada9f56f0f72
--- /dev/null
+++ b/contrib/ipfilter/test/regress/p5.ipf
@@ -0,0 +1 @@
+pass in from pool/letters to any
diff --git a/contrib/ipfilter/test/regress/p5.pool b/contrib/ipfilter/test/regress/p5.pool
new file mode 100644
index 000000000000..9a8eaa3003d7
--- /dev/null
+++ b/contrib/ipfilter/test/regress/p5.pool
@@ -0,0 +1,2 @@
+table role = ipf type = tree name = letters
+ { 1.1.1.1/32; !2.2.0.0/16; 2.2.2.0/24; };
diff --git a/contrib/ipfilter/test/test.format b/contrib/ipfilter/test/test.format
index 4bb18515e39c..7c13d6ee79ef 100644
--- a/contrib/ipfilter/test/test.format
+++ b/contrib/ipfilter/test/test.format
@@ -49,9 +49,11 @@ in4 text text
in5 text text
in6 text text
ip1 text text
+ip2 text text
ipv6.1 hex hex
ipv6.2 hex hex
ipv6.3 hex hex
+ipv6.5 hex hex
l1 hex hex
n1 text text
n2 text text
@@ -86,6 +88,9 @@ ni16 hex hex fr_update_ipid=1
ni19 hex hex fr_update_ipid=0
ni20 hex hex fr_update_ipid=0
ni21 text text
+ni23 text text -D
p1 text text
p2 text text
p3 text text
+p4 text text
+p5 text text
diff --git a/contrib/ipfilter/test/vfycksum.pl b/contrib/ipfilter/test/vfycksum.pl
index d23c88430f5a..b3a20be0cf24 100755
--- a/contrib/ipfilter/test/vfycksum.pl
+++ b/contrib/ipfilter/test/vfycksum.pl
@@ -21,9 +21,7 @@ sub dosum {
for ($idx = $start, $lsum = $seed; $idx < $max; $idx++) {
$lsum += $bytes[$idx];
}
- while ($lsum > 65535) {
- $lsum = ($lsum & 0xffff) + ($lsum >> 16);
- }
+ $lsum = ($lsum & 0xffff) + ($lsum >> 16);
$lsum = ~$lsum & 0xffff;
return $lsum;
}
@@ -40,9 +38,9 @@ sub ipv4check {
if ($hs != 0) {
$bytes[$base + 5] = 0;
- $hs2 = &dosum($base, 0, $base + $hl);
+ $hs2 = &dosum(0, $base, $base + $hl);
$bytes[$base + 5] = $osum;
- printf " IP: (%x) %x != %x", $hs, $osum, $hs2;
+ printf " IP: ($hl,%x) %x != %x", $hs, $osum, $hs2;
} else {
print " IP($base): ok ";
}
@@ -104,6 +102,10 @@ sub tcpcheck {
$x = ($cnt - $base) * 2;
$y = $hl + $thl;
$z = 3;
+ } elsif ($len < $thl) {
+ $x = ($cnt - $base) * 2;
+ $y = $len;
+ $z = 4;
}
if ($z) {
@@ -199,19 +201,9 @@ sub icmpcheck {
}
local($osum) = $bytes[$base + $hl + 1];
- $bytes[$hl + 1] = 0;
- for ($i = $base + $hl, $hs2 = 0; $i < $cnt; $i++) {
- $hs2 += $bytes[$i];
- }
- $hs = $hs2 + $osum;
- while ($hs2 > 65535) {
- $hs2 = ($hs2 & 0xffff) + ($hs2 >> 16);
- }
- while ($hs > 65535) {
- $hs = ($hs & 0xffff) + ($hs >> 16);
- }
- $hs2 = ~$hs2 & 0xffff;
- $hs = ~$hs & 0xffff;
+ $bytes[$base + $hl + 1] = 0;
+ $hs2 = &dosum(0, $base + $hl, $cnt);
+ $bytes[$base + $hl + 1] = $osum;
if ($osum != $hs2) {
printf " ICMP: (%x) %x != %x", $hs, $osum, $hs2;
@@ -266,6 +258,10 @@ while ($#ARGV >= 0) {
$b=$_;
s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F]) (.*)/$1 $2$3 $4/g;
}
+ if (/.* [0-9a-fA-F][0-9a-fA-F] [0-9a-fA-F][0-9a-fA-F]/) {
+$b=$_;
+ s/(.*?) ([0-9a-fA-F][0-9a-fA-F]) ([0-9a-fA-F][0-9a-fA-F])/$1 $2$3/g;
+ }
while (/^[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F].*/) {
$x = $_;
$x =~ s/([0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]).*/$1/;
diff --git a/contrib/ipfilter/tools/Makefile b/contrib/ipfilter/tools/Makefile
index 49a869c78a45..43ec1a897b83 100644
--- a/contrib/ipfilter/tools/Makefile
+++ b/contrib/ipfilter/tools/Makefile
@@ -1,4 +1,8 @@
-
+#
+# Copyright (C) 1993-2001 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
DEST=.
all: $(DEST)/ipf_y.c $(DEST)/ipf_y.h $(DEST)/ipf_l.c \
diff --git a/contrib/ipfilter/tools/ipf.c b/contrib/ipfilter/tools/ipf.c
index 8e352a9049c6..063ecf08e68d 100644
--- a/contrib/ipfilter/tools/ipf.c
+++ b/contrib/ipfilter/tools/ipf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -19,7 +19,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipf.c 1.23 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.4 2006/03/17 11:48:08 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipf.c,v 1.35.2.8 2007/05/10 06:12:01 darrenr Exp $";
#endif
#if !defined(__SVR4) && defined(__GNUC__)
@@ -342,11 +342,13 @@ char *arg;
if (!arg || !*arg)
return;
- if (!strcmp(arg, "s") || !strcmp(arg, "S")) {
+ if (!strcmp(arg, "s") || !strcmp(arg, "S") || ISDIGIT(*arg)) {
if (*arg == 'S')
fl = 0;
- else
+ else if (*arg == 's')
fl = 1;
+ else
+ fl = atoi(arg);
rem = fl;
closedevice();
@@ -368,7 +370,7 @@ char *arg;
}
if ((opts & (OPT_DONOTHING|OPT_VERBOSE)) == OPT_VERBOSE) {
printf("remove flags %s (%d)\n", arg, rem);
- printf("removed %d filter rules\n", fl);
+ printf("removed %d entries\n", fl);
}
closedevice();
return;
@@ -451,15 +453,21 @@ void ipf_frsync()
void zerostats()
{
+ ipfobj_t obj;
friostat_t fio;
- friostat_t *fiop = &fio;
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_IPFSTAT;
+ obj.ipfo_size = sizeof(fio);
+ obj.ipfo_ptr = &fio;
+ obj.ipfo_offset = 0;
if (opendevice(ipfname, 1) != -2) {
- if (ioctl(fd, SIOCFRZST, &fiop) == -1) {
+ if (ioctl(fd, SIOCFRZST, &obj) == -1) {
perror("ioctl(SIOCFRZST)");
exit(-1);
}
- showstats(fiop);
+ showstats(&fio);
}
}
diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y
index d03887c4c6ed..dfda237f28fd 100644
--- a/contrib/ipfilter/tools/ipf_y.y
+++ b/contrib/ipfilter/tools/ipf_y.y
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2001-2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
%{
#include "ipf.h"
#include <sys/ioctl.h>
@@ -169,7 +174,7 @@ file: line
| file assign
;
-line: xx rule { while ((fr = frtop) != NULL) {
+line: rule { while ((fr = frtop) != NULL) {
frtop = fr->fr_next;
fr->fr_next = NULL;
(*ipfaddfunc)(ipffd, ipfioctl[IPL_LOGIPF], fr);
@@ -188,6 +193,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3);
resetlexer();
free($1);
free($3);
+ yyvarnext = 0;
}
;
@@ -211,8 +217,8 @@ outrule:
;
rulehead:
- collection action
- | insert collection action
+ xx collection action
+ | xx insert collection action
;
markin: IPFY_IN { fr->fr_flags |= FR_INQUE; }
@@ -835,20 +841,32 @@ dstportlist:
;
addr: pool '/' YY_NUMBER { pooled = 1;
- yyexpectaddr = 0;
$$.a.iplookuptype = IPLT_POOL;
+ $$.a.iplookupsubtype = 0;
$$.a.iplookupnum = $3; }
+ | pool '/' YY_STR { pooled = 1;
+ $$.a.iplookuptype = IPLT_POOL;
+ $$.a.iplookupsubtype = 1;
+ strncpy($$.a.iplookupname, $3,
+ sizeof($$.a.iplookupname));
+ }
| pool '=' '(' poollist ')' { pooled = 1;
- yyexpectaddr = 0;
$$.a.iplookuptype = IPLT_POOL;
+ $$.a.iplookupsubtype = 0;
$$.a.iplookupnum = makepool($4); }
| hash '/' YY_NUMBER { hashed = 1;
- yyexpectaddr = 0;
$$.a.iplookuptype = IPLT_HASH;
+ $$.a.iplookupsubtype = 0;
$$.a.iplookupnum = $3; }
+ | hash '/' YY_STR { pooled = 1;
+ $$.a.iplookuptype = IPLT_HASH;
+ $$.a.iplookupsubtype = 1;
+ strncpy($$.a.iplookupname, $3,
+ sizeof($$.a.iplookupname));
+ }
| hash '=' '(' addrlist ')' { hashed = 1;
- yyexpectaddr = 0;
$$.a.iplookuptype = IPLT_HASH;
+ $$.a.iplookupsubtype = 0;
$$.a.iplookupnum = makehash($4); }
| ipaddr { bcopy(&$1, &$$, sizeof($$));
yyexpectaddr = 0; }
@@ -1373,8 +1391,8 @@ servicename:
YY_STR { $$ = $1; }
;
-interfacename: YY_STR { $$ = $1; }
- | YY_STR ':' YY_NUMBER
+interfacename: name { $$ = $1; }
+ | name ':' YY_NUMBER
{ $$ = $1;
fprintf(stderr, "%d: Logical interface %s:%d unsupported, "
"use the physical interface %s instead.\n",
@@ -1383,6 +1401,7 @@ interfacename: YY_STR { $$ = $1; }
;
name: YY_STR { $$ = $1; }
+ | '-' { $$ = strdup("-"); }
;
ipv4_16:
@@ -2031,6 +2050,9 @@ void *ptr;
frentry_t *fr;
ipfobj_t obj;
+ if (ptr == NULL)
+ return;
+
fr = ptr;
add = 0;
del = 0;
@@ -2060,10 +2082,10 @@ void *ptr;
fr->fr_flags |= FR_OUTQUE;
if (fr->fr_hits)
fr->fr_hits--;
- if (fr && (opts & OPT_VERBOSE))
+ if ((opts & OPT_VERBOSE) != 0)
printfr(fr, ioctlfunc);
- if (opts & OPT_DEBUG) {
+ if ((opts & OPT_DEBUG) != 0) {
binprint(fr, sizeof(*fr));
if (fr->fr_data != NULL)
binprint(fr->fr_data, fr->fr_dsize);
diff --git a/contrib/ipfilter/tools/ipfcomp.c b/contrib/ipfilter/tools/ipfcomp.c
index 0362877fd011..aa25c774e958 100644
--- a/contrib/ipfilter/tools/ipfcomp.c
+++ b/contrib/ipfilter/tools/ipfcomp.c
@@ -1,11 +1,11 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2005 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.3 2006/03/17 22:31:57 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipfcomp.c,v 1.24.2.7 2007/05/01 22:15:00 darrenr Exp $";
#endif
#include "ipf.h"
@@ -92,11 +92,22 @@ frentry_t *fr;
fprintf(fp, "* to the original author and the contributors.\n");
fprintf(fp, "*/\n\n");
+ fprintf(fp, "#include <sys/param.h>\n");
fprintf(fp, "#include <sys/types.h>\n");
fprintf(fp, "#include <sys/time.h>\n");
fprintf(fp, "#include <sys/socket.h>\n");
- fprintf(fp, "#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)\n");
- fprintf(fp, "# include <sys/systm.h>\n");
+ fprintf(fp, "#if (__FreeBSD_version >= 40000)\n");
+ fprintf(fp, "# if defined(_KERNEL)\n");
+ fprintf(fp, "# include <sys/libkern.h>\n");
+ fprintf(fp, "# else\n");
+ fprintf(fp, "# include <sys/unistd.h>\n");
+ fprintf(fp, "# endif\n");
+ fprintf(fp, "#endif\n");
+ fprintf(fp, "#if (__NetBSD_Version__ >= 399000000)\n");
+ fprintf(fp, "#else\n");
+ fprintf(fp, "# if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)\n");
+ fprintf(fp, "# include <sys/systm.h>\n");
+ fprintf(fp, "# endif\n");
fprintf(fp, "#endif\n");
fprintf(fp, "#include <sys/errno.h>\n");
fprintf(fp, "#include <sys/param.h>\n");
@@ -491,7 +502,8 @@ u_int incount, outcount;
/*
* Output the array of pointers to rules for this group.
*/
- if (num == -2 && dir == 0 && header[0] == 0 && incount != 0) {
+ if (g != NULL && num == -2 && dir == 0 && header[0] == 0 &&
+ incount != 0) {
fprintf(fp, "\nfrentry_t *ipf_rules_in_%s[%d] = {",
group, incount);
for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
@@ -510,7 +522,8 @@ u_int incount, outcount;
fprintf(fp, "\n};\n");
}
- if (num == -2 && dir == 1 && header[1] == 0 && outcount != 0) {
+ if (g != NULL && num == -2 && dir == 1 && header[0] == 0 &&
+ outcount != 0) {
fprintf(fp, "\nfrentry_t *ipf_rules_out_%s[%d] = {",
group, outcount);
for (f = g->fg_start, i = 0; f != NULL; f = f->fr_next) {
@@ -539,7 +552,7 @@ u_int incount, outcount;
/*
* If the function header has not been printed then print it now.
*/
- if (header[dir] == 0) {
+ if (g != NULL && header[dir] == 0) {
int pdst = 0, psrc = 0;
openfunc = 1;
diff --git a/contrib/ipfilter/tools/ipfs.c b/contrib/ipfilter/tools/ipfs.c
index 4479d19e3539..3acb5d45e21f 100644
--- a/contrib/ipfilter/tools/ipfs.c
+++ b/contrib/ipfilter/tools/ipfs.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1999-2001, 2003 by Darren Reed.
+ * Copyright (C) 2001-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -131,6 +131,14 @@ char *ifs, *fname;
strcpy(ips.ips_is.is_ifname[1], s);
rw = 1;
}
+ if (!strncmp(ips.ips_is.is_ifname[2], ifs, olen + 1)) {
+ strcpy(ips.ips_is.is_ifname[2], s);
+ rw = 1;
+ }
+ if (!strncmp(ips.ips_is.is_ifname[3], ifs, olen + 1)) {
+ strcpy(ips.ips_is.is_ifname[3], s);
+ rw = 1;
+ }
if (rw == 1) {
if (lseek(fd, pos, SEEK_SET) != pos) {
perror("lseek");
@@ -188,6 +196,14 @@ char *ifs, *fname;
strcpy(nat->nat_ifnames[1], s);
rw = 1;
}
+ if (!strncmp(nat->nat_ifnames[2], ifs, olen + 1)) {
+ strcpy(nat->nat_ifnames[2], s);
+ rw = 1;
+ }
+ if (!strncmp(nat->nat_ifnames[3], ifs, olen + 1)) {
+ strcpy(nat->nat_ifnames[3], s);
+ rw = 1;
+ }
if (rw == 1) {
if (lseek(fd, pos, SEEK_SET) != pos) {
perror("lseek");
@@ -214,7 +230,7 @@ char *argv[];
char *dirname = NULL, *filename = NULL, *ifs = NULL;
progname = argv[0];
- while ((c = getopt(argc, argv, "d:f:lNnSRruvWw")) != -1)
+ while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
switch (c)
{
case 'd' :
diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c
index 5745f137a4a7..db8de45db9a0 100644
--- a/contrib/ipfilter/tools/ipfstat.c
+++ b/contrib/ipfilter/tools/ipfstat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001, 2003 by Darren Reed.
+ * Copyright (C) 2002-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -51,6 +51,7 @@
#ifdef STATETOP
# include <ctype.h>
# include <signal.h>
+# include <time.h>
# if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \
defined(__sgi)
# ifdef ERR
@@ -68,7 +69,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.14 2006/03/21 16:09:58 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.23 2007/05/31 13:13:02 darrenr Exp $";
#endif
#ifdef __hpux
@@ -81,10 +82,6 @@ extern int opterr;
#define PRINTF (void)printf
#define FPRINTF (void)fprintf
-#define F_IN 0
-#define F_OUT 1
-#define F_ACIN 2
-#define F_ACOUT 3
static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
"ipacct(in)", "ipacct(out)" };
static int state_logging = -1;
@@ -94,6 +91,10 @@ int use_inet6 = 0;
int live_kernel = 1;
int state_fd = -1;
int ipf_fd = -1;
+int auth_fd = -1;
+int nat_fd = -1;
+frgroup_t *grtop = NULL;
+frgroup_t *grtail = NULL;
#ifdef STATETOP
#define STSTRSIZE 80
@@ -128,19 +129,23 @@ typedef struct statetop {
int main __P((int, char *[]));
+static int fetchfrag __P((int, int, ipfr_t *));
static void showstats __P((friostat_t *, u_32_t));
-static void showfrstates __P((ipfrstat_t *));
+static void showfrstates __P((ipfrstat_t *, u_long));
static void showlist __P((friostat_t *));
static void showipstates __P((ips_stat_t *));
static void showauthstates __P((fr_authstat_t *));
static void showgroups __P((friostat_t *));
static void usage __P((char *));
-static void printlist __P((frentry_t *, char *));
+static void showtqtable_live __P((int));
+static void printlivelist __P((int, int, frentry_t *, char *, char *));
+static void printdeadlist __P((int, int, frentry_t *, char *, char *));
static void parse_ipportstr __P((const char *, i6addr_t *, int *));
static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **,
ipfrstat_t **, fr_authstat_t **, u_32_t *));
static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **,
ipfrstat_t **, fr_authstat_t **, u_32_t *));
+static ipstate_t *fetchstate __P((ipstate_t *, ipstate_t *));
#ifdef STATETOP
static void topipstates __P((i6addr_t, i6addr_t, int, int, int,
int, int, int));
@@ -190,7 +195,7 @@ char *argv[];
ips_stat_t *ipsstp = &ipsst;
ipfrstat_t ifrst;
ipfrstat_t *ifrstp = &ifrst;
- char *device = IPL_NAME, *memf = NULL;
+ char *memf = NULL;
char *options, *kern = NULL;
int c, myoptind;
@@ -243,8 +248,16 @@ char *argv[];
perror("open(IPSTATE_NAME)");
exit(-1);
}
- if ((ipf_fd = open(device, O_RDONLY)) == -1) {
- fprintf(stderr, "open(%s)", device);
+ if ((auth_fd = open(IPAUTH_NAME, O_RDONLY)) == -1) {
+ perror("open(IPAUTH_NAME)");
+ exit(-1);
+ }
+ if ((nat_fd = open(IPNAT_NAME, O_RDONLY)) == -1) {
+ perror("open(IPAUTH_NAME)");
+ exit(-1);
+ }
+ if ((ipf_fd = open(IPL_NAME, O_RDONLY)) == -1) {
+ fprintf(stderr, "open(%s)", IPL_NAME);
perror("");
exit(-1);
}
@@ -255,10 +268,12 @@ char *argv[];
(void)setuid(getuid());
}
- if (live_kernel == 1)
- (void) checkrev(device);
- if (openkmem(kern, memf) == -1)
- exit(-1);
+ if (live_kernel == 1) {
+ (void) checkrev(IPL_NAME);
+ } else {
+ if (openkmem(kern, memf) == -1)
+ exit(-1);
+ }
(void)setgid(getgid());
(void)setuid(getuid());
@@ -367,7 +382,7 @@ char *argv[];
bzero((char *)&ipsst, sizeof(ipsst));
bzero((char *)&ifrst, sizeof(ifrst));
- ipfstate_live(device, &fiop, &ipsstp, &ifrstp,
+ ipfstate_live(IPL_NAME, &fiop, &ipsstp, &ifrstp,
&frauthstp, &frf);
} else
ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf);
@@ -381,7 +396,7 @@ char *argv[];
showlist(fiop);
}
} else if (opts & OPT_FRSTATES)
- showfrstates(ifrstp);
+ showfrstates(ifrstp, fiop->f_ticks);
#ifdef STATETOP
else if (opts & OPT_STATETOP)
topipstates(saddr, daddr, sport, dport, protocol,
@@ -420,9 +435,9 @@ u_32_t *frfp;
if ((opts & OPT_AUTHSTATS) == 0) {
bzero((caddr_t)&ipfo, sizeof(ipfo));
ipfo.ipfo_rev = IPFILTER_VERSION;
+ ipfo.ipfo_type = IPFOBJ_IPFSTAT;
ipfo.ipfo_size = sizeof(friostat_t);
ipfo.ipfo_ptr = (void *)*fiopp;
- ipfo.ipfo_type = IPFOBJ_IPFSTAT;
if (ioctl(ipf_fd, SIOCGETFS, &ipfo) == -1) {
perror("ioctl(ipf:SIOCGETFS)");
@@ -437,9 +452,9 @@ u_32_t *frfp;
bzero((caddr_t)&ipfo, sizeof(ipfo));
ipfo.ipfo_rev = IPFILTER_VERSION;
+ ipfo.ipfo_type = IPFOBJ_STATESTAT;
ipfo.ipfo_size = sizeof(ips_stat_t);
ipfo.ipfo_ptr = (void *)*ipsstpp;
- ipfo.ipfo_type = IPFOBJ_STATESTAT;
if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) {
perror("ioctl(state:SIOCGETFS)");
@@ -454,9 +469,9 @@ u_32_t *frfp;
if ((opts & OPT_FRSTATES) != 0) {
bzero((caddr_t)&ipfo, sizeof(ipfo));
ipfo.ipfo_rev = IPFILTER_VERSION;
+ ipfo.ipfo_type = IPFOBJ_FRAGSTAT;
ipfo.ipfo_size = sizeof(ipfrstat_t);
ipfo.ipfo_ptr = (void *)*ifrstpp;
- ipfo.ipfo_type = IPFOBJ_FRAGSTAT;
if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) {
perror("ioctl(SIOCGFRST)");
@@ -464,27 +479,17 @@ u_32_t *frfp;
}
}
- if (opts & OPT_VERBOSE)
+ if (opts & OPT_DEBUG)
PRINTF("opts %#x name %s\n", opts, device);
if ((opts & OPT_AUTHSTATS) != 0) {
- if (ipf_fd >= 0) {
- close(ipf_fd);
- ipf_fd = -1;
- }
- device = IPAUTH_NAME;
- if ((ipf_fd = open(device, O_RDONLY)) == -1) {
- perror("open");
- exit(-1);
- }
-
bzero((caddr_t)&ipfo, sizeof(ipfo));
ipfo.ipfo_rev = IPFILTER_VERSION;
+ ipfo.ipfo_type = IPFOBJ_AUTHSTAT;
ipfo.ipfo_size = sizeof(fr_authstat_t);
ipfo.ipfo_ptr = (void *)*frauthstpp;
- ipfo.ipfo_type = IPFOBJ_AUTHSTAT;
- if (ioctl(ipf_fd, SIOCATHST, &ipfo) == -1) {
+ if (ioctl(auth_fd, SIOCATHST, &ipfo) == -1) {
perror("ioctl(SIOCATHST)");
exit(-1);
}
@@ -509,10 +514,11 @@ u_32_t *frfp;
static ips_stat_t ipsst, *ipsstp;
static ipfrstat_t ifrst, *ifrstp;
static friostat_t fio, *fiop;
+ static ipftq_t ipssttab[IPF_TCP_NSTATES];
int temp;
void *rules[2][2];
- struct nlist deadlist[43] = {
+ struct nlist deadlist[44] = {
{ "fr_authstats" }, /* 0 */
{ "fae_list" },
{ "ipauth" },
@@ -555,6 +561,7 @@ u_32_t *frfp;
{ "fr_pass" },
{ "fr_flags" }, /* 40 */
{ "ipstate_logging" },
+ { "ips_tqtqb" },
{ NULL }
};
@@ -667,9 +674,12 @@ u_32_t *frfp;
*/
kmemcpy((char *)ipsstp, (u_long)deadlist[14].n_value, sizeof(*ipsstp));
kmemcpy((char *)&temp, (u_long)deadlist[15].n_value, sizeof(temp));
+ kmemcpy((char *)ipssttab, (u_long)deadlist[42].n_value,
+ sizeof(ipssttab));
ipsstp->iss_active = temp;
ipsstp->iss_table = (void *)deadlist[18].n_value;
ipsstp->iss_list = (void *)deadlist[17].n_value;
+ ipsstp->iss_tcptab = ipssttab;
/*
* Build up the authentiation information stats structure.
@@ -769,21 +779,62 @@ u_32_t frf;
/*
* Print out a list of rules from the kernel, starting at the one passed.
*/
-static void printlist(fp, comment)
+static void printlivelist(out, set, fp, group, comment)
+int out, set;
frentry_t *fp;
-char *comment;
+char *group, *comment;
{
- struct frentry fb, *fg;
- char *data;
- u_32_t type;
- int n;
-
- for (n = 1; fp; n++) {
- if (kmemcpy((char *)&fb, (u_long)fp, sizeof(fb)) == -1) {
- perror("kmemcpy");
+ struct frentry fb;
+ ipfruleiter_t rule;
+ frentry_t zero;
+ frgroup_t *g;
+ ipfobj_t obj;
+ int n;
+
+ if (use_inet6 == 1)
+ fb.fr_v = 6;
+ else
+ fb.fr_v = 4;
+ fb.fr_next = fp;
+ n = 0;
+
+ rule.iri_inout = out;
+ rule.iri_active = set;
+ rule.iri_rule = &fb;
+ rule.iri_nrules = 1;
+ rule.iri_v = use_inet6 ? 6 : 4;
+ if (group != NULL)
+ strncpy(rule.iri_group, group, FR_GROUPLEN);
+ else
+ rule.iri_group[0] = '\0';
+
+ bzero((char *)&zero, sizeof(zero));
+
+ bzero((char *)&obj, sizeof(obj));
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_IPFITER;
+ obj.ipfo_size = sizeof(rule);
+ obj.ipfo_ptr = &rule;
+
+ do {
+ u_long array[1000];
+
+ memset(array, 0xff, sizeof(array));
+ fp = (frentry_t *)array;
+ rule.iri_rule = fp;
+ if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) {
+ perror("ioctl(SIOCIPFITER)");
+ n = IPFGENITER_IPF;
+ ioctl(ipf_fd, SIOCIPFDELTOK, &n);
return;
}
- fp = &fb;
+ if (bcmp(fp, &zero, sizeof(zero)) == 0)
+ break;
+ if (fp->fr_data != NULL)
+ fp->fr_data = (char *)fp + sizeof(*fp);
+
+ n++;
+
if (opts & (OPT_HITS|OPT_VERBOSE))
#ifdef USE_QUAD_T
PRINTF("%qu ", (unsigned long long) fp->fr_hits);
@@ -798,38 +849,144 @@ char *comment;
#endif
if (opts & OPT_SHOWLINENO)
PRINTF("@%d ", n);
+
+ printfr(fp, ioctl);
+ if (opts & OPT_DEBUG) {
+ binprint(fp, sizeof(*fp));
+ if (fp->fr_data != NULL && fp->fr_dsize > 0)
+ binprint(fp->fr_data, fp->fr_dsize);
+ }
+ if (fp->fr_grhead[0] != '\0') {
+ for (g = grtop; g != NULL; g = g->fg_next) {
+ if (!strncmp(fp->fr_grhead, g->fg_name,
+ FR_GROUPLEN))
+ break;
+ }
+ if (g == NULL) {
+ g = calloc(1, sizeof(*g));
+
+ if (g != NULL) {
+ strncpy(g->fg_name, fp->fr_grhead,
+ FR_GROUPLEN);
+ if (grtop == NULL) {
+ grtop = g;
+ grtail = g;
+ } else {
+ grtail->fg_next = g;
+ grtail = g;
+ }
+ }
+ }
+ }
+ if (fp->fr_type == FR_T_CALLFUNC) {
+ printlivelist(out, set, fp->fr_data, group,
+ "# callfunc: ");
+ }
+ } while (fp->fr_next != NULL);
+
+ n = IPFGENITER_IPF;
+ ioctl(ipf_fd, SIOCIPFDELTOK, &n);
+
+ if (group == NULL) {
+ while ((g = grtop) != NULL) {
+ printf("# Group %s\n", g->fg_name);
+ printlivelist(out, set, NULL, g->fg_name, comment);
+ grtop = g->fg_next;
+ free(g);
+ }
+ }
+}
+
+
+static void printdeadlist(out, set, fp, group, comment)
+int out, set;
+frentry_t *fp;
+char *group, *comment;
+{
+ frgroup_t *grtop, *grtail, *g;
+ struct frentry fb;
+ char *data;
+ u_32_t type;
+ int n;
+
+ fb.fr_next = fp;
+ n = 0;
+ grtop = NULL;
+ grtail = NULL;
+
+ do {
+ fp = fb.fr_next;
+ if (kmemcpy((char *)&fb, (u_long)fb.fr_next,
+ sizeof(fb)) == -1) {
+ perror("kmemcpy");
+ return;
+ }
+
data = NULL;
- type = fp->fr_type & ~FR_T_BUILTIN;
+ type = fb.fr_type & ~FR_T_BUILTIN;
if (type == FR_T_IPF || type == FR_T_BPFOPC) {
- if (fp->fr_dsize) {
- data = malloc(fp->fr_dsize);
+ if (fb.fr_dsize) {
+ data = malloc(fb.fr_dsize);
- if (kmemcpy(data, (u_long)fp->fr_data,
- fp->fr_dsize) == -1) {
+ if (kmemcpy(data, (u_long)fb.fr_data,
+ fb.fr_dsize) == -1) {
perror("kmemcpy");
return;
}
- fp->fr_data = data;
+ fb.fr_data = data;
}
}
+ n++;
+
+ if (opts & (OPT_HITS|OPT_VERBOSE))
+#ifdef USE_QUAD_T
+ PRINTF("%qu ", (unsigned long long) fb.fr_hits);
+#else
+ PRINTF("%lu ", fb.fr_hits);
+#endif
+ if (opts & (OPT_ACCNT|OPT_VERBOSE))
+#ifdef USE_QUAD_T
+ PRINTF("%qu ", (unsigned long long) fb.fr_bytes);
+#else
+ PRINTF("%lu ", fb.fr_bytes);
+#endif
+ if (opts & OPT_SHOWLINENO)
+ PRINTF("@%d ", n);
+
printfr(fp, ioctl);
if (opts & OPT_DEBUG) {
binprint(fp, sizeof(*fp));
- if (fp->fr_data != NULL && fp->fr_dsize > 0)
- binprint(fp->fr_data, fp->fr_dsize);
+ if (fb.fr_data != NULL && fb.fr_dsize > 0)
+ binprint(fb.fr_data, fb.fr_dsize);
}
if (data != NULL)
free(data);
- if (fp->fr_grp != NULL) {
- if (!kmemcpy((char *)&fg, (u_long)fp->fr_grp,
- sizeof(fg)))
- printlist(fg, comment);
+ if (fb.fr_grhead[0] != '\0') {
+ g = calloc(1, sizeof(*g));
+
+ if (g != NULL) {
+ strncpy(g->fg_name, fb.fr_grhead,
+ FR_GROUPLEN);
+ if (grtop == NULL) {
+ grtop = g;
+ grtail = g;
+ } else {
+ grtail->fg_next = g;
+ grtail = g;
+ }
+ }
}
if (type == FR_T_CALLFUNC) {
- printlist(fp->fr_data, "# callfunc: ");
+ printdeadlist(out, set, fb.fr_data, group,
+ "# callfunc: ");
}
- fp = fp->fr_next;
+ } while (fb.fr_next != NULL);
+
+ while ((g = grtop) != NULL) {
+ printdeadlist(out, set, NULL, g->fg_name, comment);
+ grtop = g->fg_next;
+ free(g);
}
}
@@ -885,17 +1042,20 @@ struct friostat *fiop;
} else
return;
}
- if (opts & OPT_VERBOSE)
+ if (opts & OPT_DEBUG)
FPRINTF(stderr, "showlist:opts %#x i %d\n", opts, i);
- if (opts & OPT_VERBOSE)
+ if (opts & OPT_DEBUG)
PRINTF("fp %p set %d\n", fp, set);
if (!fp) {
FPRINTF(stderr, "empty list for %s%s\n",
(opts & OPT_INACTIVE) ? "inactive " : "", filters[i]);
return;
}
- printlist(fp, NULL);
+ if (live_kernel == 1)
+ printlivelist(i, set, fp, NULL, NULL);
+ else
+ printdeadlist(i, set, fp, NULL, NULL);
}
@@ -906,23 +1066,45 @@ static void showipstates(ipsp)
ips_stat_t *ipsp;
{
u_long minlen, maxlen, totallen, *buckets;
+ ipftable_t table;
+ ipfobj_t obj;
int i, sz;
- sz = sizeof(*buckets) * ipsp->iss_statesize;
- buckets = (u_long *)malloc(sz);
- if (kmemcpy((char *)buckets, (u_long)ipsp->iss_bucketlen, sz)) {
- free(buckets);
- return;
- }
-
/*
* If a list of states hasn't been asked for, only print out stats
*/
if (!(opts & OPT_SHOWLIST)) {
+
+ sz = sizeof(*buckets) * ipsp->iss_statesize;
+ buckets = (u_long *)malloc(sz);
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_GTABLE;
+ obj.ipfo_size = sizeof(table);
+ obj.ipfo_ptr = &table;
+
+ table.ita_type = IPFTABLE_BUCKETS;
+ table.ita_table = buckets;
+
+ if (live_kernel == 1) {
+ if (ioctl(state_fd, SIOCGTABL, &obj) != 0) {
+ free(buckets);
+ return;
+ }
+ } else {
+ if (kmemcpy((char *)buckets,
+ (u_long)ipsp->iss_bucketlen, sz)) {
+ free(buckets);
+ return;
+ }
+ }
+
PRINTF("IP states added:\n\t%lu TCP\n\t%lu UDP\n\t%lu ICMP\n",
ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp);
PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits,
ipsp->iss_miss);
+ PRINTF("\t%lu bucket full\n", ipsp->iss_bucketfull);
+ PRINTF("\t%lu maximum rule references\n", ipsp->iss_maxref);
PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu bkts in use\n",
ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_inuse);
PRINTF("\t%lu active\n\t%lu expired\n\t%lu closed\n",
@@ -933,6 +1115,8 @@ ips_stat_t *ipsp;
PRINTF("\nState table bucket statistics:\n");
PRINTF("\t%lu in use\t\n", ipsp->iss_inuse);
+ PRINTF("\t%u%% hash efficiency\n", ipsp->iss_active ?
+ (u_int)(ipsp->iss_inuse * 100 / ipsp->iss_active) : 0);
minlen = ipsp->iss_max;
totallen = 0;
@@ -973,18 +1157,30 @@ ips_stat_t *ipsp;
PRINTF("\n");
free(buckets);
+
+ if (live_kernel == 1) {
+ showtqtable_live(state_fd);
+ } else {
+ printtqtable(ipsp->iss_tcptab);
+ }
+
return;
+
}
/*
* Print out all the state information currently held in the kernel.
*/
while (ipsp->iss_list != NULL) {
- ipsp->iss_list = printstate(ipsp->iss_list, opts,
- ipsp->iss_ticks);
- }
+ ipstate_t ips;
+
+ ipsp->iss_list = fetchstate(ipsp->iss_list, &ips);
- free(buckets);
+ if (ipsp->iss_list != NULL) {
+ ipsp->iss_list = ips.is_next;
+ printstate(&ips, opts, ipsp->iss_ticks);
+ }
+ }
}
@@ -1038,9 +1234,9 @@ int topclosed;
/* init ipfobj_t stuff */
bzero((caddr_t)&ipfo, sizeof(ipfo));
ipfo.ipfo_rev = IPFILTER_VERSION;
+ ipfo.ipfo_type = IPFOBJ_STATESTAT;
ipfo.ipfo_size = sizeof(*ipsstp);
ipfo.ipfo_ptr = (void *)ipsstp;
- ipfo.ipfo_type = IPFOBJ_STATESTAT;
/* repeat until user aborts */
while ( 1 ) {
@@ -1062,8 +1258,8 @@ int topclosed;
/* read the state table and store in tstable */
for (; ipsstp->iss_list; ipsstp->iss_list = ips.is_next) {
- if (kmemcpy((char *)&ips, (u_long)ipsstp->iss_list,
- sizeof(ips)))
+ ipsstp->iss_list = fetchstate(ipsstp->iss_list, &ips);
+ if (ipsstp->iss_list == NULL)
break;
if (ips.is_v != ver)
@@ -1430,8 +1626,9 @@ out:
/*
* Show fragment cache information that's held in the kernel.
*/
-static void showfrstates(ifsp)
+static void showfrstates(ifsp, ticks)
ipfrstat_t *ifsp;
+u_long ticks;
{
struct ipfr *ipfrtab[IPFT_SIZE], ifr;
int i;
@@ -1446,34 +1643,65 @@ ipfrstat_t *ifsp;
PRINTF("\t%lu no memory\n\t%lu already exist\n",
ifsp->ifs_nomem, ifsp->ifs_exists);
PRINTF("\t%lu inuse\n", ifsp->ifs_inuse);
- if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table, sizeof(ipfrtab)))
- return;
+ PRINTF("\n");
+
+ if (live_kernel == 0) {
+ if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table,
+ sizeof(ipfrtab)))
+ return;
+ }
/*
* Print out the contents (if any) of the fragment cache table.
*/
- PRINTF("\n");
- for (i = 0; i < IPFT_SIZE; i++)
- while (ipfrtab[i] != NULL) {
- if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
- sizeof(ifr)) == -1)
+ if (live_kernel == 1) {
+ do {
+ if (fetchfrag(ipf_fd, IPFGENITER_FRAG, &ifr) != 0)
+ break;
+ if (ifr.ipfr_ifp == NULL)
break;
+ ifr.ipfr_ttl -= ticks;
printfraginfo("", &ifr);
- ipfrtab[i] = ifr.ipfr_next;
- }
+ } while (1);
+ } else {
+ for (i = 0; i < IPFT_SIZE; i++)
+ while (ipfrtab[i] != NULL) {
+ if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
+ sizeof(ifr)) == -1)
+ break;
+ printfraginfo("", &ifr);
+ ipfrtab[i] = ifr.ipfr_next;
+ }
+ }
/*
* Print out the contents (if any) of the NAT fragment cache table.
*/
- if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,sizeof(ipfrtab)))
- return;
- for (i = 0; i < IPFT_SIZE; i++)
- while (ipfrtab[i] != NULL) {
- if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
- sizeof(ifr)) == -1)
+
+ if (live_kernel == 0) {
+ if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,
+ sizeof(ipfrtab)))
+ return;
+ }
+
+ if (live_kernel == 1) {
+ do {
+ if (fetchfrag(nat_fd, IPFGENITER_NATFRAG, &ifr) != 0)
+ break;
+ if (ifr.ipfr_ifp == NULL)
break;
+ ifr.ipfr_ttl -= ticks;
printfraginfo("NAT: ", &ifr);
- ipfrtab[i] = ifr.ipfr_next;
- }
+ } while (1);
+ } else {
+ for (i = 0; i < IPFT_SIZE; i++)
+ while (ipfrtab[i] != NULL) {
+ if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
+ sizeof(ifr)) == -1)
+ break;
+ printfraginfo("NAT: ", &ifr);
+ ipfrtab[i] = ifr.ipfr_next;
+ }
+ }
}
@@ -1484,6 +1712,17 @@ static void showauthstates(asp)
fr_authstat_t *asp;
{
frauthent_t *frap, fra;
+ ipfgeniter_t auth;
+ ipfobj_t obj;
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_GENITER;
+ obj.ipfo_size = sizeof(auth);
+ obj.ipfo_ptr = &auth;
+
+ auth.igi_type = IPFGENITER_AUTH;
+ auth.igi_nitems = 1;
+ auth.igi_data = &fra;
#ifdef USE_QUAD_T
printf("Authorisation hits: %qu\tmisses %qu\n",
@@ -1501,9 +1740,14 @@ fr_authstat_t *asp;
frap = asp->fas_faelist;
while (frap) {
- if (kmemcpy((char *)&fra, (u_long)frap, sizeof(fra)) == -1)
- break;
-
+ if (live_kernel == 1) {
+ if (ioctl(auth_fd, SIOCGENITER, &obj))
+ break;
+ } else {
+ if (kmemcpy((char *)&fra, (u_long)frap,
+ sizeof(fra)) == -1)
+ break;
+ }
printf("age %ld\t", fra.fae_age);
printfr(&fra.fae_fr, ioctl);
frap = fra.fae_next;
@@ -1793,3 +2037,75 @@ const void *b;
}
#endif
+
+
+ipstate_t *fetchstate(src, dst)
+ipstate_t *src, *dst;
+{
+ int i;
+
+ if (live_kernel == 1) {
+ ipfgeniter_t state;
+ ipfobj_t obj;
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_GENITER;
+ obj.ipfo_size = sizeof(state);
+ obj.ipfo_ptr = &state;
+
+ state.igi_type = IPFGENITER_STATE;
+ state.igi_nitems = 1;
+ state.igi_data = dst;
+
+ if (ioctl(state_fd, SIOCGENITER, &obj) != 0)
+ return NULL;
+ if (dst->is_next == NULL) {
+ i = IPFGENITER_STATE;
+ ioctl(state_fd, SIOCIPFDELTOK, &i);
+ }
+ } else {
+ if (kmemcpy((char *)dst, (u_long)src, sizeof(*dst)))
+ return NULL;
+ }
+ return dst;
+}
+
+
+static int fetchfrag(fd, type, frp)
+int fd, type;
+ipfr_t *frp;
+{
+ ipfgeniter_t frag;
+ ipfobj_t obj;
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_GENITER;
+ obj.ipfo_size = sizeof(frag);
+ obj.ipfo_ptr = &frag;
+
+ frag.igi_type = type;
+ frag.igi_nitems = 1;
+ frag.igi_data = frp;
+
+ if (ioctl(fd, SIOCGENITER, &obj))
+ return EFAULT;
+ return 0;
+}
+
+
+static void showtqtable_live(fd)
+int fd;
+{
+ ipftq_t table[IPF_TCP_NSTATES];
+ ipfobj_t obj;
+
+ bzero((char *)&obj, sizeof(obj));
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_size = sizeof(table);
+ obj.ipfo_ptr = (void *)table;
+ obj.ipfo_type = IPFOBJ_STATETQTAB;
+
+ if (ioctl(fd, SIOCGTQTAB, &obj) == 0) {
+ printtqtable(table);
+ }
+}
diff --git a/contrib/ipfilter/tools/ipftest.c b/contrib/ipfilter/tools/ipftest.c
index ec78d0d58370..8343b2c3b27c 100644
--- a/contrib/ipfilter/tools/ipftest.c
+++ b/contrib/ipfilter/tools/ipftest.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2002-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -10,7 +10,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.9 2006/03/29 11:21:13 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.13 2006/12/12 16:13:01 darrenr Exp $";
#endif
extern char *optarg;
@@ -20,12 +20,13 @@ extern struct ifnet *get_unit __P((char *, int));
extern void init_ifp __P((void));
extern ipnat_t *natparse __P((char *, int));
extern int fr_running;
-extern hostmap_t **maptable;
+extern hostmap_t **ipf_hm_maptable;
+extern hostmap_t *ipf_hm_maplist;
ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert;
ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock;
ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache;
-ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth;
+ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth, ipf_tokens;
int opts = OPT_DONOTHING;
int use_inet6 = 0;
int docksum = 0;
@@ -101,6 +102,7 @@ char *argv[];
RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock");
RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock");
RWLOCK_INIT(&ipf_frcache, "ipf filter cache");
+ RWLOCK_INIT(&ipf_tokens, "ipf token rwlock");
initparse();
if (fr_initialise() == -1)
@@ -249,7 +251,10 @@ char *argv[];
(void)printf("pass");
break;
case 1 :
- (void)printf("nomatch");
+ if (m == NULL)
+ (void)printf("bad-packet");
+ else
+ (void)printf("nomatch");
break;
case 3 :
(void)printf("block return-rst");
@@ -629,26 +634,23 @@ int n;
*/
void dumpnat()
{
- ipnat_t *ipn;
- nat_t *nat;
hostmap_t *hm;
- int i;
+ ipnat_t *ipn;
+ nat_t *nat;
printf("List of active MAP/Redirect filters:\n");
for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next)
printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
printf("\nList of active sessions:\n");
for (nat = nat_instances; nat; nat = nat->nat_next) {
- printactivenat(nat, opts);
+ printactivenat(nat, opts, 0, 0);
if (nat->nat_aps)
printaps(nat->nat_aps, opts);
}
printf("\nHostmap table:\n");
- for (i = 0; i < ipf_hostmap_sz; i++) {
- for (hm = maptable[i]; hm != NULL; hm = hm->hm_next)
- printhostmap(hm, i);
- }
+ for (hm = ipf_hm_maplist; hm != NULL; hm = hm->hm_next)
+ printhostmap(hm, 0);
}
diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c
index 58a4390661ba..3bc0555b7a94 100644
--- a/contrib/ipfilter/tools/ipmon.c
+++ b/contrib/ipfilter/tools/ipmon.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001, 2003 by Darren Reed.
+ * Copyright (C) 2001-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -76,7 +76,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.15 2006/03/18 06:59:39 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.18 2007/05/27 11:12:12 darrenr Exp $";
#endif
@@ -815,27 +815,49 @@ int blen;
(void) sprintf(t, ".%-.6ld ", ipl->ipl_usec);
t += strlen(t);
- if (sl->isl_type == ISL_NEW)
+ switch (sl->isl_type)
+ {
+ case ISL_NEW :
strcpy(t, "STATE:NEW ");
- else if (sl->isl_type == ISL_CLONE)
+ break;
+
+ case ISL_CLONE :
strcpy(t, "STATE:CLONED ");
- else if (sl->isl_type == ISL_EXPIRE) {
+ break;
+
+ case ISL_EXPIRE :
if ((sl->isl_p == IPPROTO_TCP) &&
(sl->isl_state[0] > IPF_TCPS_ESTABLISHED ||
sl->isl_state[1] > IPF_TCPS_ESTABLISHED))
strcpy(t, "STATE:CLOSE ");
else
strcpy(t, "STATE:EXPIRE ");
- } else if (sl->isl_type == ISL_FLUSH)
+ break;
+
+ case ISL_FLUSH :
strcpy(t, "STATE:FLUSH ");
- else if (sl->isl_type == ISL_INTERMEDIATE)
+ break;
+
+ case ISL_INTERMEDIATE :
strcpy(t, "STATE:INTERMEDIATE ");
- else if (sl->isl_type == ISL_REMOVE)
+ break;
+
+ case ISL_REMOVE :
strcpy(t, "STATE:REMOVE ");
- else if (sl->isl_type == ISL_KILLED)
+ break;
+
+ case ISL_KILLED :
strcpy(t, "STATE:KILLED ");
- else
+ break;
+
+ case ISL_UNLOAD :
+ strcpy(t, "STATE:UNLOAD ");
+ break;
+
+ default :
sprintf(t, "Type: %d ", sl->isl_type);
+ break;
+ }
t += strlen(t);
proto = getproto(sl->isl_p);
@@ -1627,6 +1649,7 @@ char *argv[];
if (!tr)
continue;
nr += tr;
+ n = 0;
tr = read_log(fd[i], &n, buf, sizeof(buf));
if (donehup) {
diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y
index 4eba00c2b018..bc3ec6ddfa31 100644
--- a/contrib/ipfilter/tools/ipmon_y.y
+++ b/contrib/ipfilter/tools/ipmon_y.y
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2001-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
%{
#include "ipf.h"
#include <syslog.h>
@@ -75,6 +80,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3);
resetlexer();
free($1);
free($3);
+ yyvarnext = 0;
}
;
diff --git a/contrib/ipfilter/tools/ipnat.c b/contrib/ipfilter/tools/ipnat.c
index d17d6686d053..83eb5be1e633 100644
--- a/contrib/ipfilter/tools/ipnat.c
+++ b/contrib/ipfilter/tools/ipnat.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
@@ -65,7 +65,7 @@ extern char *sys_errlist[];
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.6 2007/05/11 11:16:55 darrenr Exp $";
#endif
@@ -77,11 +77,17 @@ char thishost[MAXHOSTNAMELEN];
extern char *optarg;
-void dostats __P((natstat_t *, int)), flushtable __P((int, int));
+void dostats __P((int, natstat_t *, int, int));
+void flushtable __P((int, int));
void usage __P((char *));
int main __P((int, char*[]));
void showhostmap __P((natstat_t *nsp));
void natstat_dead __P((natstat_t *, char *));
+void dostats_live __P((int, natstat_t *, int));
+void showhostmap_dead __P((natstat_t *));
+void showhostmap_live __P((int, natstat_t *));
+void dostats_dead __P((natstat_t *, int));
+void showtqtable_live __P((int));
int opts;
@@ -166,6 +172,15 @@ char *argv[];
(void) setuid(getuid());
}
+ if (!(opts & OPT_DONOTHING)) {
+ if (((fd = open(IPNAT_NAME, mode)) == -1) &&
+ ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) {
+ (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME,
+ STRERROR(errno));
+ exit(1);
+ }
+ }
+
bzero((char *)&ns, sizeof(ns));
if ((opts & OPT_DONOTHING) == 0) {
@@ -175,22 +190,11 @@ char *argv[];
}
}
-
if (!(opts & OPT_DONOTHING) && (kernel == NULL) && (core == NULL)) {
- if (openkmem(kernel, core) == -1)
- exit(1);
-
- if (((fd = open(IPNAT_NAME, mode)) == -1) &&
- ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) {
- (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME,
- STRERROR(errno));
- exit(1);
- }
-
bzero((char *)&obj, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(*nsp);
obj.ipfo_type = IPFOBJ_NATSTAT;
+ obj.ipfo_size = sizeof(*nsp);
obj.ipfo_ptr = (void *)nsp;
if (ioctl(fd, SIOCGNATS, &obj) == -1) {
perror("ioctl(SIOCGNATS)");
@@ -204,7 +208,7 @@ char *argv[];
natstat_dead(nsp, kernel);
if (opts & (OPT_LIST|OPT_STAT))
- dostats(nsp, opts);
+ dostats(fd, nsp, opts, 0);
exit(0);
}
@@ -214,7 +218,7 @@ char *argv[];
ipnat_parsefile(fd, ipnat_addrule, ioctl, file);
}
if (opts & (OPT_LIST|OPT_STAT))
- dostats(nsp, opts);
+ dostats(fd, nsp, opts, 1);
return 0;
}
@@ -275,15 +279,74 @@ char *kernel;
/*
+ * Issue an ioctl to flush either the NAT rules table or the active mapping
+ * table or both.
+ */
+void flushtable(fd, opts)
+int fd, opts;
+{
+ int n = 0;
+
+ if (opts & OPT_FLUSH) {
+ n = 0;
+ if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
+ perror("ioctl(SIOCFLNAT)");
+ else
+ printf("%d entries flushed from NAT table\n", n);
+ }
+
+ if (opts & OPT_CLEAR) {
+ n = 1;
+ if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
+ perror("ioctl(SIOCCNATL)");
+ else
+ printf("%d entries flushed from NAT list\n", n);
+ }
+}
+
+
+/*
* Display NAT statistics.
*/
-void dostats(nsp, opts)
+void dostats_dead(nsp, opts)
natstat_t *nsp;
int opts;
{
nat_t *np, nat;
ipnat_t ipn;
+ printf("List of active MAP/Redirect filters:\n");
+ while (nsp->ns_list) {
+ if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
+ sizeof(ipn))) {
+ perror("kmemcpy");
+ break;
+ }
+ if (opts & OPT_HITS)
+ printf("%lu ", ipn.in_hits);
+ printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
+ nsp->ns_list = ipn.in_next;
+ }
+
+ printf("\nList of active sessions:\n");
+
+ for (np = nsp->ns_instances; np; np = nat.nat_next) {
+ if (kmemcpy((char *)&nat, (long)np, sizeof(nat)))
+ break;
+ printactivenat(&nat, opts, 0, nsp->ns_ticks);
+ if (nat.nat_aps)
+ printaps(nat.nat_aps, opts);
+ }
+
+ if (opts & OPT_VERBOSE)
+ showhostmap_dead(nsp);
+}
+
+
+void dostats(fd, nsp, opts, alive)
+natstat_t *nsp;
+int fd, opts, alive;
+{
/*
* Show statistics ?
*/
@@ -300,45 +363,78 @@ int opts;
if (opts & OPT_VERBOSE)
printf("table %p list %p\n",
nsp->ns_table, nsp->ns_list);
+ if (alive)
+ showtqtable_live(fd);
+ }
+
+ if (opts & OPT_LIST) {
+ if (alive)
+ dostats_live(fd, nsp, opts);
+ else
+ dostats_dead(nsp, opts);
}
+}
+
+
+/*
+ * Display NAT statistics.
+ */
+void dostats_live(fd, nsp, opts)
+natstat_t *nsp;
+int fd, opts;
+{
+ ipfgeniter_t iter;
+ ipfobj_t obj;
+ ipnat_t ipn;
+ nat_t nat;
+
+ bzero((char *)&obj, sizeof(obj));
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_GENITER;
+ obj.ipfo_size = sizeof(iter);
+ obj.ipfo_ptr = &iter;
+
+ iter.igi_type = IPFGENITER_IPNAT;
+ iter.igi_nitems = 1;
+ iter.igi_data = &ipn;
/*
* Show list of NAT rules and NAT sessions ?
*/
- if (opts & OPT_LIST) {
- printf("List of active MAP/Redirect filters:\n");
- while (nsp->ns_list) {
- if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
- sizeof(ipn))) {
- perror("kmemcpy");
- break;
- }
- if (opts & OPT_HITS)
- printf("%lu ", ipn.in_hits);
- printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
- nsp->ns_list = ipn.in_next;
- }
+ printf("List of active MAP/Redirect filters:\n");
+ while (nsp->ns_list) {
+ if (ioctl(fd, SIOCGENITER, &obj) == -1)
+ break;
+ if (opts & OPT_HITS)
+ printf("%lu ", ipn.in_hits);
+ printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
+ nsp->ns_list = ipn.in_next;
+ }
- printf("\nList of active sessions:\n");
+ printf("\nList of active sessions:\n");
- for (np = nsp->ns_instances; np; np = nat.nat_next) {
- if (kmemcpy((char *)&nat, (long)np, sizeof(nat)))
- break;
- printactivenat(&nat, opts);
- if (nat.nat_aps)
- printaps(nat.nat_aps, opts);
- }
+ iter.igi_type = IPFGENITER_NAT;
+ iter.igi_nitems = 1;
+ iter.igi_data = &nat;
- if (opts & OPT_VERBOSE)
- showhostmap(nsp);
+ while (nsp->ns_instances != NULL) {
+ if (ioctl(fd, SIOCGENITER, &obj) == -1)
+ break;
+ printactivenat(&nat, opts, 1, nsp->ns_ticks);
+ if (nat.nat_aps)
+ printaps(nat.nat_aps, opts);
+ nsp->ns_instances = nat.nat_next;
}
+
+ if (opts & OPT_VERBOSE)
+ showhostmap_live(fd, nsp);
}
/*
* Display the active host mapping table.
*/
-void showhostmap(nsp)
+void showhostmap_dead(nsp)
natstat_t *nsp;
{
hostmap_t hm, *hmp, **maptable;
@@ -372,27 +468,50 @@ natstat_t *nsp;
/*
- * Issue an ioctl to flush either the NAT rules table or the active mapping
- * table or both.
+ * Display the active host mapping table.
*/
-void flushtable(fd, opts)
-int fd, opts;
+void showhostmap_live(fd, nsp)
+int fd;
+natstat_t *nsp;
{
- int n = 0;
+ ipfgeniter_t iter;
+ hostmap_t hm;
+ ipfobj_t obj;
- if (opts & OPT_FLUSH) {
- n = 0;
- if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
- perror("ioctl(SIOCFLNAT)");
- else
- printf("%d entries flushed from NAT table\n", n);
+ bzero((char *)&obj, sizeof(obj));
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_GENITER;
+ obj.ipfo_size = sizeof(iter);
+ obj.ipfo_ptr = &iter;
+
+ iter.igi_type = IPFGENITER_HOSTMAP;
+ iter.igi_nitems = 1;
+ iter.igi_data = &hm;
+
+ printf("\nList of active host mappings:\n");
+
+ while (nsp->ns_maplist != NULL) {
+ if (ioctl(fd, SIOCGENITER, &obj) == -1)
+ break;
+ printhostmap(&hm, 0);
+ nsp->ns_maplist = hm.hm_next;
}
+}
- if (opts & OPT_CLEAR) {
- n = 1;
- if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
- perror("ioctl(SIOCCNATL)");
- else
- printf("%d entries flushed from NAT list\n", n);
+
+void showtqtable_live(fd)
+int fd;
+{
+ ipftq_t table[IPF_TCP_NSTATES];
+ ipfobj_t obj;
+
+ bzero((char *)&obj, sizeof(obj));
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_size = sizeof(table);
+ obj.ipfo_ptr = (void *)table;
+ obj.ipfo_type = IPFOBJ_STATETQTAB;
+
+ if (ioctl(fd, SIOCGTQTAB, &obj) == 0) {
+ printtqtable(table);
}
}
diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y
index 095b29437871..b20f623f0ef1 100644
--- a/contrib/ipfilter/tools/ipnat_y.y
+++ b/contrib/ipfilter/tools/ipnat_y.y
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2001-2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
%{
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
@@ -115,6 +120,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3);
resetlexer();
free($1);
free($3);
+ yyvarnext = 0;
}
;
@@ -346,11 +352,11 @@ portspec:
;
dport: | port portspec { nat->in_pmin = htons($2);
- nat->in_pmax = htons($2); }
+ nat->in_pmax = htons($2); }
| port portspec '-' portspec { nat->in_pmin = htons($2);
- nat->in_pmax = htons($4); }
+ nat->in_pmax = htons($4); }
| port portspec ':' portspec { nat->in_pmin = htons($2);
- nat->in_pmax = htons($4); }
+ nat->in_pmax = htons($4); }
;
nport: port portspec { nat->in_pnext = htons($2); }
diff --git a/contrib/ipfilter/tools/ippool.c b/contrib/ipfilter/tools/ippool.c
index 31b5bfdc131a..cbdfd69fff38 100644
--- a/contrib/ipfilter/tools/ippool.c
+++ b/contrib/ipfilter/tools/ippool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003 by Darren Reed.
+ * Copyright (C) 2002-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -27,8 +27,14 @@
#include <netdb.h>
#include <ctype.h>
#include <unistd.h>
+#ifdef linux
+# include <linux/a.out.h>
+#else
+# include <nlist.h>
+#endif
#include "ipf.h"
+#include "netinet/ipl.h"
#include "netinet/ip_lookup.h"
#include "netinet/ip_pool.h"
#include "netinet/ip_htable.h"
@@ -41,17 +47,21 @@ extern FILE *ippool_yyin;
extern char *optarg;
extern int lineNum;
-void showpools __P((ip_pool_stat_t *));
void usage __P((char *));
int main __P((int, char **));
int poolcommand __P((int, int, char *[]));
int poolnodecommand __P((int, int, char *[]));
int loadpoolfile __P((int, char *[], char *));
int poollist __P((int, char *[]));
+void poollist_dead __P((int, char *, int, char *, char *));
+void poollist_live __P((int, char *, int, int));
int poolflush __P((int, char *[]));
int poolstats __P((int, char *[]));
int gettype __P((char *, u_int *));
int getrole __P((char *));
+int setnodeaddr __P((ip_pool_node_t *node, char *arg));
+void showpools_live __P((int, int, ip_pool_stat_t *, char *));
+void showhashs_live __P((int, int, iphtstat_t *, char *));
int opts = 0;
int fd = -1;
@@ -113,7 +123,9 @@ char *argv[];
exit(1);
}
- return err;
+ if (err != 0)
+ exit(1);
+ return 0;
}
@@ -121,10 +133,9 @@ int poolnodecommand(remove, argc, argv)
int remove, argc;
char *argv[];
{
- char *poolname = NULL, *s;
int err, c, ipset, role;
+ char *poolname = NULL;
ip_pool_node_t node;
- struct in_addr mask;
ipset = 0;
role = IPL_LOGIPF;
@@ -138,22 +149,8 @@ char *argv[];
ippool_yydebug++;
break;
case 'i' :
- s = strchr(optarg, '/');
- if (s == NULL)
- mask.s_addr = 0xffffffff;
- else if (strchr(s, '.') == NULL) {
- if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0)
- return -1;
- } else {
- mask.s_addr = inet_addr(s + 1);
- }
- if (s != NULL)
- *s = '\0';
- ipset = 1;
- node.ipn_addr.adf_len = sizeof(node.ipn_addr);
- node.ipn_addr.adf_addr.in4.s_addr = inet_addr(optarg);
- node.ipn_mask.adf_len = sizeof(node.ipn_mask);
- node.ipn_mask.adf_addr.in4.s_addr = mask.s_addr;
+ if (setnodeaddr(&node, optarg) == 0)
+ ipset = 1;
break;
case 'm' :
poolname = optarg;
@@ -174,11 +171,19 @@ char *argv[];
break;
}
+ if (argv[optind] != NULL && ipset == 0) {
+ if (setnodeaddr(&node, argv[optind]) == 0)
+ ipset = 1;
+ }
+
if (opts & OPT_DEBUG)
fprintf(stderr, "poolnodecommand: opts = %#x\n", opts);
- if (ipset == 0)
+ if (ipset == 0) {
+ fprintf(stderr, "no IP address given with -i\n");
return -1;
+ }
+
if (poolname == NULL) {
fprintf(stderr, "poolname not given with add/remove node\n");
return -1;
@@ -336,151 +341,6 @@ char *argv[], *infile;
}
-int poollist(argc, argv)
-int argc;
-char *argv[];
-{
- char *kernel, *core, *poolname;
- int c, role, type, live_kernel;
- ip_pool_stat_t *plstp, plstat;
- iphtstat_t *htstp, htstat;
- iphtable_t *hptr;
- iplookupop_t op;
- ip_pool_t *ptr;
-
- core = NULL;
- kernel = NULL;
- live_kernel = 1;
- type = IPLT_ALL;
- poolname = NULL;
- role = IPL_LOGALL;
-
- while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1)
- switch (c)
- {
- case 'd' :
- opts |= OPT_DEBUG;
- break;
- case 'm' :
- poolname = optarg;
- break;
- case 'M' :
- live_kernel = 0;
- core = optarg;
- break;
- case 'N' :
- live_kernel = 0;
- kernel = optarg;
- break;
- case 'o' :
- role = getrole(optarg);
- if (role == IPL_LOGNONE) {
- fprintf(stderr, "unknown role '%s'\n", optarg);
- return -1;
- }
- break;
- case 'R' :
- opts |= OPT_NORESOLVE;
- break;
- case 't' :
- type = gettype(optarg, NULL);
- if (type == IPLT_NONE) {
- fprintf(stderr, "unknown type '%s'\n", optarg);
- return -1;
- }
- break;
- case 'v' :
- opts |= OPT_VERBOSE;
- break;
- }
-
- if (opts & OPT_DEBUG)
- fprintf(stderr, "poollist: opts = %#x\n", opts);
-
- if (!(opts & OPT_DONOTHING) && (fd == -1)) {
- fd = open(IPLOOKUP_NAME, O_RDWR);
- if (fd == -1) {
- perror("open(IPLOOKUP_NAME)");
- exit(1);
- }
- }
-
- bzero((char *)&op, sizeof(op));
- if (poolname != NULL) {
- strncpy(op.iplo_name, poolname, sizeof(op.iplo_name));
- op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
- }
- op.iplo_unit = role;
-
- if (openkmem(kernel, core) == -1)
- exit(-1);
-
- if (type == IPLT_ALL || type == IPLT_POOL) {
- plstp = &plstat;
- op.iplo_type = IPLT_POOL;
- op.iplo_size = sizeof(plstat);
- op.iplo_struct = &plstat;
- c = ioctl(fd, SIOCLOOKUPSTAT, &op);
- if (c == -1) {
- perror("ioctl(SIOCLOOKUPSTAT)");
- return -1;
- }
-
- if (role != IPL_LOGALL) {
- ptr = plstp->ipls_list[role];
- while (ptr != NULL) {
- ptr = printpool(ptr, kmemcpywrap, poolname,
- opts);
- }
- } else {
- for (role = 0; role <= IPL_LOGMAX; role++) {
- ptr = plstp->ipls_list[role];
- while (ptr != NULL) {
- ptr = printpool(ptr, kmemcpywrap,
- poolname, opts);
- }
- }
- role = IPL_LOGALL;
- }
- }
- if (type == IPLT_ALL || type == IPLT_HASH) {
- htstp = &htstat;
- op.iplo_type = IPLT_HASH;
- op.iplo_size = sizeof(htstat);
- op.iplo_struct = &htstat;
- c = ioctl(fd, SIOCLOOKUPSTAT, &op);
- if (c == -1) {
- perror("ioctl(SIOCLOOKUPSTAT)");
- return -1;
- }
-
- if (role != IPL_LOGALL) {
- hptr = htstp->iphs_tables;
- while (hptr != NULL) {
- hptr = printhash(hptr, kmemcpywrap,
- poolname, opts);
- }
- } else {
- for (role = 0; role <= IPL_LOGMAX; role++) {
- hptr = htstp->iphs_tables;
- while (hptr != NULL) {
- hptr = printhash(hptr, kmemcpywrap,
- poolname, opts);
- }
-
- op.iplo_unit = role;
- c = ioctl(fd, SIOCLOOKUPSTAT, &op);
- if (c == -1) {
- perror("ioctl(SIOCLOOKUPSTAT)");
- return -1;
- }
- }
- }
- }
- return 0;
-}
-
-
int poolstats(argc, argv)
int argc;
char *argv[];
@@ -681,7 +541,7 @@ u_int *minor;
{
int type;
- if (!strcasecmp(optarg, "tree")) {
+ if (!strcasecmp(optarg, "tree") || !strcasecmp(optarg, "pool")) {
type = IPLT_POOL;
} else if (!strcasecmp(optarg, "hash")) {
type = IPLT_HASH;
@@ -696,3 +556,321 @@ u_int *minor;
}
return type;
}
+
+
+int poollist(argc, argv)
+int argc;
+char *argv[];
+{
+ char *kernel, *core, *poolname;
+ int c, role, type, live_kernel;
+ iplookupop_t op;
+
+ core = NULL;
+ kernel = NULL;
+ live_kernel = 1;
+ type = IPLT_ALL;
+ poolname = NULL;
+ role = IPL_LOGALL;
+
+ while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1)
+ switch (c)
+ {
+ case 'd' :
+ opts |= OPT_DEBUG;
+ break;
+ case 'm' :
+ poolname = optarg;
+ break;
+ case 'M' :
+ live_kernel = 0;
+ core = optarg;
+ break;
+ case 'N' :
+ live_kernel = 0;
+ kernel = optarg;
+ break;
+ case 'o' :
+ role = getrole(optarg);
+ if (role == IPL_LOGNONE) {
+ fprintf(stderr, "unknown role '%s'\n", optarg);
+ return -1;
+ }
+ break;
+ case 'R' :
+ opts |= OPT_NORESOLVE;
+ break;
+ case 't' :
+ type = gettype(optarg, NULL);
+ if (type == IPLT_NONE) {
+ fprintf(stderr, "unknown type '%s'\n", optarg);
+ return -1;
+ }
+ break;
+ case 'v' :
+ opts |= OPT_VERBOSE;
+ break;
+ }
+
+ if (opts & OPT_DEBUG)
+ fprintf(stderr, "poollist: opts = %#x\n", opts);
+
+ if (!(opts & OPT_DONOTHING) && (fd == -1)) {
+ fd = open(IPLOOKUP_NAME, O_RDWR);
+ if (fd == -1) {
+ perror("open(IPLOOKUP_NAME)");
+ exit(1);
+ }
+ }
+
+ bzero((char *)&op, sizeof(op));
+ if (poolname != NULL) {
+ strncpy(op.iplo_name, poolname, sizeof(op.iplo_name));
+ op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
+ }
+ op.iplo_unit = role;
+
+ if (live_kernel)
+ poollist_live(role, poolname, type, fd);
+ else
+ poollist_dead(role, poolname, type, kernel, core);
+ return 0;
+}
+
+
+void poollist_dead(role, poolname, type, kernel, core)
+int role, type;
+char *poolname, *kernel, *core;
+{
+ iphtable_t *hptr;
+ ip_pool_t *ptr;
+
+ if (openkmem(kernel, core) == -1)
+ exit(-1);
+
+ if (type == IPLT_ALL || type == IPLT_POOL) {
+ ip_pool_t *pools[IPL_LOGSIZE];
+ struct nlist names[2] = { { "ip_pool_list" } , { "" } };
+
+ if (nlist(kernel, names) != 1)
+ return;
+
+ bzero(&pools, sizeof(pools));
+ if (kmemcpy((char *)&pools, names[0].n_value, sizeof(pools)))
+ return;
+
+ if (role != IPL_LOGALL) {
+ ptr = pools[role];
+ while (ptr != NULL) {
+ ptr = printpool(ptr, kmemcpywrap, poolname,
+ opts);
+ }
+ } else {
+ for (role = 0; role <= IPL_LOGMAX; role++) {
+ ptr = pools[role];
+ while (ptr != NULL) {
+ ptr = printpool(ptr, kmemcpywrap,
+ poolname, opts);
+ }
+ }
+ role = IPL_LOGALL;
+ }
+ }
+ if (type == IPLT_ALL || type == IPLT_HASH) {
+ iphtable_t *tables[IPL_LOGSIZE];
+ struct nlist names[2] = { { "ipf_htables" } , { "" } };
+
+ if (nlist(kernel, names) != 1)
+ return;
+
+ bzero(&tables, sizeof(tables));
+ if (kmemcpy((char *)&tables, names[0].n_value, sizeof(tables)))
+ return;
+
+ if (role != IPL_LOGALL) {
+ hptr = tables[role];
+ while (hptr != NULL) {
+ hptr = printhash(hptr, kmemcpywrap,
+ poolname, opts);
+ }
+ } else {
+ for (role = 0; role <= IPL_LOGMAX; role++) {
+ hptr = tables[role];
+ while (hptr != NULL) {
+ hptr = printhash(hptr, kmemcpywrap,
+ poolname, opts);
+ }
+ }
+ }
+ }
+}
+
+
+void poollist_live(role, poolname, type, fd)
+int role, type, fd;
+char *poolname;
+{
+ ip_pool_stat_t plstat;
+ iphtstat_t htstat;
+ iplookupop_t op;
+ int c;
+
+ if (type == IPLT_ALL || type == IPLT_POOL) {
+ op.iplo_type = IPLT_POOL;
+ op.iplo_size = sizeof(plstat);
+ op.iplo_struct = &plstat;
+ op.iplo_name[0] = '\0';
+ op.iplo_arg = 0;
+
+ if (role != IPL_LOGALL) {
+ op.iplo_unit = role;
+
+ c = ioctl(fd, SIOCLOOKUPSTAT, &op);
+ if (c == -1) {
+ perror("ioctl(SIOCLOOKUPSTAT)");
+ return;
+ }
+
+ showpools_live(fd, role, &plstat, poolname);
+ } else {
+ for (role = 0; role <= IPL_LOGMAX; role++) {
+ op.iplo_unit = role;
+
+ c = ioctl(fd, SIOCLOOKUPSTAT, &op);
+ if (c == -1) {
+ perror("ioctl(SIOCLOOKUPSTAT)");
+ return;
+ }
+
+ showpools_live(fd, role, &plstat, poolname);
+ }
+
+ role = IPL_LOGALL;
+ }
+ }
+
+ if (type == IPLT_ALL || type == IPLT_HASH) {
+ op.iplo_type = IPLT_HASH;
+ op.iplo_size = sizeof(htstat);
+ op.iplo_struct = &htstat;
+ op.iplo_name[0] = '\0';
+ op.iplo_arg = 0;
+
+ if (role != IPL_LOGALL) {
+ op.iplo_unit = role;
+
+ c = ioctl(fd, SIOCLOOKUPSTAT, &op);
+ if (c == -1) {
+ perror("ioctl(SIOCLOOKUPSTAT)");
+ return;
+ }
+ showhashs_live(fd, role, &htstat, poolname);
+ } else {
+ for (role = 0; role <= IPL_LOGMAX; role++) {
+
+ op.iplo_unit = role;
+ c = ioctl(fd, SIOCLOOKUPSTAT, &op);
+ if (c == -1) {
+ perror("ioctl(SIOCLOOKUPSTAT)");
+ return;
+ }
+
+ showhashs_live(fd, role, &htstat, poolname);
+ }
+ }
+ }
+}
+
+
+void showpools_live(fd, role, plstp, poolname)
+int fd, role;
+ip_pool_stat_t *plstp;
+char *poolname;
+{
+ ipflookupiter_t iter;
+ ip_pool_t pool;
+ ipfobj_t obj;
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_LOOKUPITER;
+ obj.ipfo_size = sizeof(iter);
+ obj.ipfo_ptr = &iter;
+
+ iter.ili_type = IPLT_POOL;
+ iter.ili_otype = IPFLOOKUPITER_LIST;
+ iter.ili_ival = IPFGENITER_LOOKUP;
+ iter.ili_nitems = 1;
+ iter.ili_data = &pool;
+ iter.ili_unit = role;
+ *iter.ili_name = '\0';
+
+ while (plstp->ipls_list[role] != NULL) {
+ if (ioctl(fd, SIOCLOOKUPITER, &obj)) {
+ perror("ioctl(SIOCLOOKUPITER)");
+ break;
+ }
+ printpool_live(&pool, fd, poolname, opts);
+
+ plstp->ipls_list[role] = pool.ipo_next;
+ }
+}
+
+
+void showhashs_live(fd, role, htstp, poolname)
+int fd, role;
+iphtstat_t *htstp;
+char *poolname;
+{
+ ipflookupiter_t iter;
+ iphtable_t table;
+ ipfobj_t obj;
+
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_type = IPFOBJ_LOOKUPITER;
+ obj.ipfo_size = sizeof(iter);
+ obj.ipfo_ptr = &iter;
+
+ iter.ili_type = IPLT_HASH;
+ iter.ili_otype = IPFLOOKUPITER_LIST;
+ iter.ili_ival = IPFGENITER_LOOKUP;
+ iter.ili_nitems = 1;
+ iter.ili_data = &table;
+ iter.ili_unit = role;
+ *iter.ili_name = '\0';
+
+ while (htstp->iphs_tables != NULL) {
+ if (ioctl(fd, SIOCLOOKUPITER, &obj)) {
+ perror("ioctl(SIOCLOOKUPITER)");
+ break;
+ }
+
+ printhash_live(&table, fd, poolname, opts);
+
+ htstp->iphs_tables = table.iph_next;
+ }
+}
+
+
+int setnodeaddr(ip_pool_node_t *node, char *arg)
+{
+ struct in_addr mask;
+ char *s;
+
+ s = strchr(arg, '/');
+ if (s == NULL)
+ mask.s_addr = 0xffffffff;
+ else if (strchr(s, '.') == NULL) {
+ if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0)
+ return -1;
+ } else {
+ mask.s_addr = inet_addr(s + 1);
+ }
+ if (s != NULL)
+ *s = '\0';
+ node->ipn_addr.adf_len = sizeof(node->ipn_addr);
+ node->ipn_addr.adf_addr.in4.s_addr = inet_addr(arg);
+ node->ipn_mask.adf_len = sizeof(node->ipn_mask);
+ node->ipn_mask.adf_addr.in4.s_addr = mask.s_addr;
+
+ return 0;
+}
diff --git a/contrib/ipfilter/tools/ippool_y.y b/contrib/ipfilter/tools/ippool_y.y
index a5082688cfdd..4aa51081090f 100644
--- a/contrib/ipfilter/tools/ippool_y.y
+++ b/contrib/ipfilter/tools/ippool_y.y
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2001-2006 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
%{
#include <sys/types.h>
#include <sys/time.h>
@@ -32,6 +37,7 @@
#include "kmem.h"
#define YYDEBUG 1
+#define YYSTACKSIZE 0x00ffffff
extern int yyparse __P((void));
extern int yydebug;
@@ -43,6 +49,9 @@ static ip_pool_t iplo;
static ioctlfunc_t poolioctl = NULL;
static char poolname[FR_GROUPLEN];
+static iphtent_t *add_htablehosts __P((char *));
+static ip_pool_node_t *add_poolhosts __P((char *));
+
%}
%union {
@@ -110,6 +119,7 @@ assign: YY_STR assigning YY_STR ';' { set_variable($1, $3);
resetlexer();
free($1);
free($3);
+ yyvarnext = 0;
}
;
@@ -246,6 +256,7 @@ groupentry:
FR_GROUPLEN);
free($3);
}
+ | YY_STR { $$ = add_htablehosts($1); }
;
range: addrmask { $$ = calloc(1, sizeof(*$$));
@@ -262,6 +273,7 @@ range: addrmask { $$ = calloc(1, sizeof(*$$));
$$->ipn_mask.adf_len = sizeof($$->ipn_mask);
$$->ipn_mask.adf_addr.in4.s_addr = $2[1].s_addr;
}
+ | YY_STR { $$ = add_poolhosts($1); }
hashlist:
next { $$ = NULL; }
@@ -278,6 +290,7 @@ hashentry:
(char *)&($$->ipe_mask),
sizeof($$->ipe_mask));
}
+ | YY_STR { $$ = add_htablehosts($1); }
;
addrmask:
@@ -291,9 +304,6 @@ addrmask:
ipaddr: ipv4 { $$ = $1; }
| YY_NUMBER { $$.s_addr = htonl($1); }
- | YY_STR { if (gethost($1, &($$.s_addr)) == -1)
- yyerror("Unknown hostname");
- }
;
mask: YY_NUMBER { ntomask(4, $1, (u_32_t *)&$$.s_addr); }
@@ -411,3 +421,100 @@ ioctlfunc_t iocfunc;
yyparse();
return 1;
}
+
+
+static iphtent_t *
+add_htablehosts(url)
+char *url;
+{
+ iphtent_t *htop, *hbot, *h;
+ alist_t *a, *hlist;
+
+ if (!strncmp(url, "file://", 7) || !strncmp(url, "http://", 7)) {
+ hlist = load_url(url);
+ } else {
+ use_inet6 = 0;
+
+ hlist = calloc(1, sizeof(*hlist));
+ if (hlist == NULL)
+ return NULL;
+
+ if (gethost(url, &hlist->al_addr) == -1)
+ yyerror("Unknown hostname");
+ }
+
+ hbot = NULL;
+ htop = NULL;
+
+ for (a = hlist; a != NULL; a = a->al_next) {
+ h = calloc(1, sizeof(*h));
+ if (h == NULL)
+ break;
+
+ bcopy((char *)&a->al_addr, (char *)&h->ipe_addr,
+ sizeof(h->ipe_addr));
+ bcopy((char *)&a->al_mask, (char *)&h->ipe_mask,
+ sizeof(h->ipe_mask));
+
+ if (hbot != NULL)
+ hbot->ipe_next = h;
+ else
+ htop = h;
+ hbot = h;
+ }
+
+ alist_free(hlist);
+
+ return htop;
+}
+
+
+static ip_pool_node_t *
+add_poolhosts(url)
+char *url;
+{
+ ip_pool_node_t *ptop, *pbot, *p;
+ alist_t *a, *hlist;
+
+ if (!strncmp(url, "file://", 7) || !strncmp(url, "http://", 7)) {
+ hlist = load_url(url);
+ } else {
+ use_inet6 = 0;
+
+ hlist = calloc(1, sizeof(*hlist));
+ if (hlist == NULL)
+ return NULL;
+
+ if (gethost(url, &hlist->al_addr) == -1)
+ yyerror("Unknown hostname");
+ }
+
+ pbot = NULL;
+ ptop = NULL;
+
+ for (a = hlist; a != NULL; a = a->al_next) {
+ p = calloc(1, sizeof(*p));
+ if (p == NULL)
+ break;
+
+ p->ipn_addr.adf_len = 8;
+ p->ipn_mask.adf_len = 8;
+
+ p->ipn_info = a->al_not;
+
+ bcopy((char *)&a->al_addr, (char *)&p->ipn_addr.adf_addr,
+ sizeof(p->ipn_addr.adf_addr));
+ bcopy((char *)&a->al_mask, (char *)&p->ipn_mask.adf_addr,
+ sizeof(p->ipn_mask.adf_addr));
+
+ if (pbot != NULL)
+ pbot->ipn_next = p;
+ else
+ ptop = p;
+ pbot = p;
+ }
+
+ alist_free(hlist);
+
+ return ptop;
+}
diff --git a/contrib/ipfilter/tools/ipscan_y.y b/contrib/ipfilter/tools/ipscan_y.y
index c3446ff6c3ae..5d7e7e66bcd9 100644
--- a/contrib/ipfilter/tools/ipscan_y.y
+++ b/contrib/ipfilter/tools/ipscan_y.y
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2001-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
%{
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -92,6 +97,7 @@ assign: YY_STR assigning YY_STR
resetlexer();
free($1);
free($3);
+ yyvarnext = 0;
}
;
diff --git a/contrib/ipfilter/tools/ipsyncm.c b/contrib/ipfilter/tools/ipsyncm.c
index abc48fe1f6ea..fc79abb9a11f 100644
--- a/contrib/ipfilter/tools/ipsyncm.c
+++ b/contrib/ipfilter/tools/ipsyncm.c
@@ -1,11 +1,11 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.4 2006/03/27 02:09:46 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipsyncm.c,v 1.4.2.5 2006/08/26 11:21:14 darrenr Exp $";
#endif
#include <sys/types.h>
#include <sys/time.h>
diff --git a/contrib/ipfilter/tools/ipsyncs.c b/contrib/ipfilter/tools/ipsyncs.c
index 0d95a9dc5061..3a8270fc4b2f 100644
--- a/contrib/ipfilter/tools/ipsyncs.c
+++ b/contrib/ipfilter/tools/ipsyncs.c
@@ -1,11 +1,11 @@
/*
- * Copyright (C) 1993-2001 by Darren Reed.
+ * Copyright (C) 2001-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.3 2006/03/27 02:09:47 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ipsyncs.c,v 1.5.2.4 2006/08/26 11:21:15 darrenr Exp $";
#endif
#include <sys/types.h>
#include <sys/time.h>
diff --git a/contrib/ipfilter/tools/lex_var.h b/contrib/ipfilter/tools/lex_var.h
index 0a0bd4bfff06..a6f9cf6a78e5 100644
--- a/contrib/ipfilter/tools/lex_var.h
+++ b/contrib/ipfilter/tools/lex_var.h
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2002 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
extern long string_start;
extern long string_end;
diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c
index 49eeb51ef2ad..9810345540c7 100644
--- a/contrib/ipfilter/tools/lexer.c
+++ b/contrib/ipfilter/tools/lexer.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003 by Darren Reed.
+ * Copyright (C) 2002-2006 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
@@ -283,8 +283,9 @@ nextchar:
yypos++;
}
} while (n != c);
- yyunputc(n);
- break;
+ rval = YY_STR;
+ goto done;
+ /* NOTREACHED */
case EOF :
yylineNum = 1;
@@ -465,6 +466,9 @@ nextchar:
done:
yystr = yytexttostr(0, yypos);
+ if (yydebug)
+ printf("isbuilding %d yyvarnext %d nokey %d\n",
+ isbuilding, yyvarnext, nokey);
if (isbuilding == 1) {
wordtab_t *w;
@@ -491,8 +495,8 @@ done:
yytokentype = rval;
if (yydebug)
- printf("lexed(%s) [%d,%d,%d] => %d\n", yystr, string_start,
- string_end, pos, rval);
+ printf("lexed(%s) [%d,%d,%d] => %d @%d\n", yystr, string_start,
+ string_end, pos, rval, yysavedepth);
switch (rval)
{
@@ -607,6 +611,8 @@ wordtab_t *newdict;
void yyresetdict()
{
+ if (yydebug)
+ printf("yyresetdict(%d)\n", yysavedepth);
if (yysavedepth > 0) {
yysettab(yysavewords[--yysavedepth]);
if (yydebug)
diff --git a/contrib/ipfilter/tools/lexer.h b/contrib/ipfilter/tools/lexer.h
index a296cb0bc39b..b838d41571c9 100644
--- a/contrib/ipfilter/tools/lexer.h
+++ b/contrib/ipfilter/tools/lexer.h
@@ -1,3 +1,8 @@
+/*
+ * Copyright (C) 2002-2004 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ */
typedef struct wordtab {
char *w_word;