aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Reed <darrenr@FreeBSD.org>2002-04-27 16:52:49 +0000
committerDarren Reed <darrenr@FreeBSD.org>2002-04-27 16:52:49 +0000
commit635ff71d68c21b0cc5df26ad8a0eeb3a73f0f96b (patch)
tree012c8006390a2fc3f7f147cd5b625f66bdf27ff2
parent43ba65e60d8d4967956752a79619c4e7950a846a (diff)
downloadsrc-635ff71d68c21b0cc5df26ad8a0eeb3a73f0f96b.tar.gz
src-635ff71d68c21b0cc5df26ad8a0eeb3a73f0f96b.zip
Import version 3.4.27
Notes
Notes: svn path=/vendor-sys/ipfilter/dist/; revision=95561
-rw-r--r--sys/contrib/ipfilter/netinet/fil.c24
-rw-r--r--sys/contrib/ipfilter/netinet/ip_compat.h7
-rw-r--r--sys/contrib/ipfilter/netinet/ip_ftp_pxy.c75
-rw-r--r--sys/contrib/ipfilter/netinet/ip_log.c5
-rw-r--r--sys/contrib/ipfilter/netinet/ip_nat.c9
-rw-r--r--sys/contrib/ipfilter/netinet/ip_proxy.c4
-rw-r--r--sys/contrib/ipfilter/netinet/ip_state.c68
-rw-r--r--sys/contrib/ipfilter/netinet/ipl.h4
8 files changed, 123 insertions, 73 deletions
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
index 3ce8131413cd..92d82f1a5d78 100644
--- a/sys/contrib/ipfilter/netinet/fil.c
+++ b/sys/contrib/ipfilter/netinet/fil.c
@@ -97,7 +97,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.59 2002/03/25 11:07:37 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: fil.c,v 2.35.2.60 2002/04/26 10:20:34 darrenr Exp $";
#endif
#ifndef _KERNEL
@@ -1454,7 +1454,13 @@ nodata:
# endif /* defined(BSD) || defined(sun) */
# endif /* SOLARIS */
#else /* KERNEL */
- sum2 = 0;
+ for (; slen > 1; slen -= 2)
+ sum += *sp++;
+ if (slen)
+ sum += ntohs(*(u_char *)sp << 8);
+ while (sum > 0xffff)
+ sum = (sum & 0xffff) + (sum >> 16);
+ sum2 = (u_short)(~sum & 0xffff);
#endif /* KERNEL */
tcp->th_sum = ts;
return sum2;
@@ -1495,7 +1501,7 @@ nodata:
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * $Id: fil.c,v 2.35.2.59 2002/03/25 11:07:37 darrenr Exp $
+ * $Id: fil.c,v 2.35.2.60 2002/04/26 10:20:34 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@@ -2160,3 +2166,15 @@ int icmptoicmp6unreach[ICMP_MAX_UNREACH] = {
ICMP6_DST_UNREACH_ADMIN, /* 13: ICMP_UNREACH_ADMIN_PROHIBIT */
};
#endif
+
+
+#ifndef _KERNEL
+int mbuflen(buf)
+mb_t *buf;
+{
+ ip_t *ip;
+
+ ip = (ip_t *)buf;
+ return ip->ip_len;
+}
+#endif
diff --git a/sys/contrib/ipfilter/netinet/ip_compat.h b/sys/contrib/ipfilter/netinet/ip_compat.h
index d0dc859aae47..3b1b9807b561 100644
--- a/sys/contrib/ipfilter/netinet/ip_compat.h
+++ b/sys/contrib/ipfilter/netinet/ip_compat.h
@@ -4,7 +4,7 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_compat.h 1.8 1/14/96
- * $Id: ip_compat.h,v 2.26.2.43 2002/04/23 16:08:50 darrenr Exp $
+ * $Id: ip_compat.h,v 2.26.2.44 2002/04/25 16:32:15 darrenr Exp $
*/
#ifndef __IP_COMPAT_H__
@@ -252,7 +252,7 @@ typedef u_int32_t u_32_t;
# define USE_INET6
# endif
# endif
-# if !defined(_KERNEL) && !defined(IPFILTER_LKM)
+# if !defined(_KERNEL) && !defined(IPFILTER_LKM) && !defined(USE_INET6)
# if (defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)) || \
(defined(OpenBSD) && (OpenBSD >= 200111)) || \
(defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000))
@@ -572,7 +572,8 @@ extern void m_copyback __P((struct mbuf *, int, int, caddr_t));
# endif
# if (BSD >= 199306) || defined(__FreeBSD__)
# if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
- defined(__FreeBSD__) || defined(__OpenBSD__) || defined(_BSDI_VERSION)
+ defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
+ defined(_BSDI_VERSION)
# include <vm/vm.h>
# endif
# if !defined(__FreeBSD__) || (defined (__FreeBSD_version) && \
diff --git a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
index 0968b1055dc9..2411bd998c61 100644
--- a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
+++ b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
@@ -2,7 +2,7 @@
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
- * $Id: ip_ftp_pxy.c,v 2.7.2.33 2002/02/15 14:48:38 darrenr Exp $
+ * $Id: ip_ftp_pxy.c,v 2.7.2.34 2002/04/26 10:22:45 darrenr Exp $
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@@ -184,7 +184,11 @@ int dlen;
if ((inc + ip->ip_len) > 65535)
return 0;
-#if SOLARIS
+#if !defined(_KERNEL)
+ m = *((mb_t **)fin->fin_mp);
+ bcopy(newbuf, (char *)m + off, nlen);
+#else
+# if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
@@ -210,19 +214,20 @@ int dlen;
m1->b_wptr += inc;
}
copyin_mblk(m, off, nlen, newbuf);
-#else
+# else
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
m_copyback(m, off, nlen, newbuf);
-# ifdef M_PKTHDR
+# ifdef M_PKTHDR
if (!(m->m_flags & M_PKTHDR))
m->m_pkthdr.len += inc;
+# endif
# endif
#endif
if (inc != 0) {
-#if SOLARIS || defined(__sgi)
+#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
register u_32_t sum1, sum2;
sum1 = ip->ip_len;
@@ -269,6 +274,7 @@ int dlen;
tcp2->th_win = htons(8192);
tcp2->th_sport = htons(sp);
tcp2->th_off = 5;
+ tcp2->th_flags = TH_SYN;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
fi.fin_data[1] = 0;
fi.fin_dlen = sizeof(*tcp2);
@@ -452,7 +458,11 @@ int dlen;
if ((inc + ip->ip_len) > 65535)
return 0;
-#if SOLARIS
+#if !defined(_KERNEL)
+ m = *((mb_t **)fin->fin_mp);
+ m_copyback(m, off, nlen, newbuf);
+#else
+# if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
@@ -475,15 +485,16 @@ int dlen;
m1->b_wptr += inc;
}
/*copyin_mblk(m, off, nlen, newbuf);*/
-#else /* SOLARIS */
+# else /* SOLARIS */
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
/*m_copyback(m, off, nlen, newbuf);*/
-#endif /* SOLARIS */
+# endif /* SOLARIS */
+#endif /* _KERNEL */
if (inc != 0) {
-#if SOLARIS || defined(__sgi)
+#if (SOLARIS || defined(__sgi)) && defined(_KERNEL)
register u_32_t sum1, sum2;
sum1 = ip->ip_len;
@@ -520,6 +531,7 @@ int dlen;
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
+ tcp2->th_flags = TH_SYN;
fi.fin_data[1] = a5 << 8 | a6;
fi.fin_dlen = sizeof(*tcp2);
tcp2->th_dport = htons(fi.fin_data[1]);
@@ -721,17 +733,22 @@ int rv;
tcp = (tcphdr_t *)fin->fin_dp;
off = fin->fin_hlen + (tcp->th_off << 2);
-#if SOLARIS
+#if SOLARIS && defined(_KERNEL)
m = fin->fin_qfm;
#else
m = *((mb_t **)fin->fin_mp);
#endif
-#if SOLARIS
- mlen = msgdsize(m) - off;
+#ifndef _KERNEL
+ mlen = mbuflen(m);
#else
- mlen = mbufchainlen(m) - off;
+# if SOLARIS
+ mlen = msgdsize(m);
+# else
+ mlen = mbufchainlen(m);
+# endif
#endif
+ mlen -= off;
t = &ftp->ftp_side[1 - rv];
f = &ftp->ftp_side[rv];
@@ -743,15 +760,18 @@ int rv;
return 0;
}
- inc = 0;
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
+ i = 0;
sel = nat->nat_aps->aps_sel[1 - rv];
- if (rv)
- i = nat->nat_aps->aps_ackoff[sel];
- else
- i = nat->nat_aps->aps_seqoff[sel];
+ if (rv) {
+ if (nat->nat_aps->aps_ackmin[sel] > ntohl(tcp->th_seq))
+ i = nat->nat_aps->aps_ackoff[sel];
+ } else {
+ if (nat->nat_aps->aps_seqmin[sel] > ntohl(tcp->th_seq))
+ i = nat->nat_aps->aps_seqoff[sel];
+ }
/*
* XXX - Ideally, this packet should get dropped because we now know
* that it is out of order (and there is no real danger in doing so
@@ -759,18 +779,26 @@ int rv;
*/
if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq))
f->ftps_seq = ntohl(tcp->th_seq);
- else if (ntohl(tcp->th_seq) + i != f->ftps_seq) {
- return APR_ERR(1);
+ else {
+ inc = ntohl(tcp->th_seq) - f->ftps_seq;
+ if (inc > i) {
+ return APR_ERR(1);
+ }
}
+ inc = 0;
f->ftps_len = mlen;
while (mlen > 0) {
len = MIN(mlen, FTP_BUFSZ / 2);
-#if SOLARIS
- copyout_mblk(m, off, len, wptr);
+#if !defined(_KERNEL)
+ bcopy((char *)m + off, wptr, len);
#else
+# if SOLARIS
+ copyout_mblk(m, off, len, wptr);
+# else
m_copydata(m, off, len, wptr);
+# endif
#endif
mlen -= len;
off += len;
@@ -800,8 +828,9 @@ int rv;
* Off to a bad start so lets just forget about using the
* ftp proxy for this connection.
*/
- if ((f->ftps_cmds == 0) && (f->ftps_junk == 1))
+ if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) {
return APR_ERR(2);
+ }
while ((f->ftps_junk == 1) && (rptr < wptr)) {
while ((rptr < wptr) && (*rptr != '\r'))
diff --git a/sys/contrib/ipfilter/netinet/ip_log.c b/sys/contrib/ipfilter/netinet/ip_log.c
index 45bc74c7114c..6bf7a4d9b171 100644
--- a/sys/contrib/ipfilter/netinet/ip_log.c
+++ b/sys/contrib/ipfilter/netinet/ip_log.c
@@ -3,13 +3,14 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*
- * $Id: ip_log.c,v 2.5.2.18 2002/03/26 15:54:40 darrenr Exp $
+ * $Id: ip_log.c,v 2.5.2.19 2002/04/25 16:32:48 darrenr Exp $
*/
#include <sys/param.h>
#if defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
-#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM)
+#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
+ defined(_KERNEL)
# include "opt_ipfilter_log.h"
#endif
#ifdef __FreeBSD__
diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c
index e0d595193460..bf346610beca 100644
--- a/sys/contrib/ipfilter/netinet/ip_nat.c
+++ b/sys/contrib/ipfilter/netinet/ip_nat.c
@@ -109,7 +109,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.66 2002/04/23 14:58:27 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.37.2.67 2002/04/27 15:23:39 darrenr Exp $";
#endif
nat_t **nat_table[2] = { NULL, NULL },
@@ -1768,7 +1768,6 @@ int dir;
sumd2 = sumd;
}
-#if 1
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
@@ -1788,7 +1787,6 @@ int dir;
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
}
-#endif
} else {
/*
@@ -1837,7 +1835,6 @@ int dir;
sumd2 = sumd;
}
-#if 1
/*
* Fix TCP pseudo header checksum to compensate for the
* IP address change. Before we can do the change, we
@@ -1856,9 +1853,7 @@ int dir;
*/
CALC_SUMD(sum1, sum2, sumd);
sumd2 = sumd;
- };
-#endif
-
+ }
#endif
}
diff --git a/sys/contrib/ipfilter/netinet/ip_proxy.c b/sys/contrib/ipfilter/netinet/ip_proxy.c
index a4ce80a5da97..2bc32d410f74 100644
--- a/sys/contrib/ipfilter/netinet/ip_proxy.c
+++ b/sys/contrib/ipfilter/netinet/ip_proxy.c
@@ -75,7 +75,7 @@
#endif
#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.21 2002/03/06 09:44:14 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.22 2002/04/26 10:23:17 darrenr Exp $";
#endif
#if defined(_KERNEL) && (SOLARIS || defined(__sgi))
@@ -91,8 +91,8 @@ static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int ));
#define AP_SESS_SIZE 53
-#if defined(_KERNEL)
#include "netinet/ip_ftp_pxy.c"
+#if defined(_KERNEL)
#include "netinet/ip_rcmd_pxy.c"
#include "netinet/ip_raudio_pxy.c"
#include "netinet/ip_netbios_pxy.c"
diff --git a/sys/contrib/ipfilter/netinet/ip_state.c b/sys/contrib/ipfilter/netinet/ip_state.c
index 2e8b8f3f7e1b..a6d1773b5ba9 100644
--- a/sys/contrib/ipfilter/netinet/ip_state.c
+++ b/sys/contrib/ipfilter/netinet/ip_state.c
@@ -93,7 +93,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.66 2002/04/15 12:14:03 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.30.2.70 2002/04/27 16:06:15 darrenr Exp $";
#endif
#ifndef MIN
@@ -683,11 +683,18 @@ u_int flags;
hv += is->is_sport;
hv += is->is_dport;
}
- is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
- (off = (tcp->th_off << 2)) +
- ((tcp->th_flags & TH_SYN) ? 1 : 0) +
- ((tcp->th_flags & TH_FIN) ? 1 : 0);
- is->is_maxsend = is->is_send;
+ if ((flags & FI_IGNOREPKT) == 0) {
+ is->is_send = ntohl(tcp->th_seq) + fin->fin_dlen -
+ (off = (tcp->th_off << 2)) +
+ ((tcp->th_flags & TH_SYN) ? 1 : 0) +
+ ((tcp->th_flags & TH_FIN) ? 1 : 0);
+ is->is_maxsend = is->is_send;
+
+ if ((tcp->th_flags & TH_SYN) &&
+ ((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
+ is->is_swscale = fr_tcpoptions(tcp);
+ }
+
is->is_maxdwin = 1;
is->is_maxswin = ntohs(tcp->th_win);
if (is->is_maxswin == 0)
@@ -696,10 +703,6 @@ u_int flags;
if ((tcp->th_flags & TH_OPENING) == TH_SYN)
is->is_fsm = 1;
- if ((tcp->th_flags & TH_SYN) &&
- ((tcp->th_off << 2) >= (sizeof(*tcp) + 4)))
- is->is_swscale = fr_tcpoptions(tcp);
-
/*
* If we're creating state for a starting connection, start the
* timer on it as we'll never see an error if it fails to
@@ -970,7 +973,7 @@ tcphdr_t *tcp;
}
}
MUTEX_EXIT(&is->is_lock);
- if ((ret == 0) && (tcp->th_flags != TH_SYN))
+ if ((ret == 0) && ((tcp->th_flags & TH_OPENING) != TH_SYN))
fin->fin_misc |= FM_BADSTATE;
return ret;
}
@@ -1224,6 +1227,10 @@ fr_info_t *fin;
*/
bzero((char *)&src, sizeof(src));
bzero((char *)&dst, sizeof(dst));
+ bzero((char *)&ofin, sizeof(ofin));
+ ofin.fin_ifp = fin->fin_ifp;
+ ofin.fin_out = !fin->fin_out;
+ ofin.fin_v = 4;
fr = NULL;
switch (oip->ip_p)
@@ -1258,12 +1265,8 @@ fr_info_t *fin;
savelen = oip->ip_len;
oip->ip_len = len;
- ofin.fin_v = 4;
fr_makefrip(ohlen, oip, &ofin);
oip->ip_len = savelen;
- ofin.fin_ifp = fin->fin_ifp;
- ofin.fin_out = !fin->fin_out;
- ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
@@ -1312,12 +1315,8 @@ fr_info_t *fin;
*/
savelen = oip->ip_len;
oip->ip_len = len;
- ofin.fin_v = 4;
fr_makefrip(ohlen, oip, &ofin);
oip->ip_len = savelen;
- ofin.fin_ifp = fin->fin_ifp;
- ofin.fin_out = !fin->fin_out;
- ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
/*
@@ -1847,7 +1846,7 @@ int dir, fsm;
break;
case TCPS_SYN_SENT: /* 2 */
- if (flags == TH_SYN) {
+ if ((flags & ~(TH_ECN|TH_CWR)) == TH_SYN) {
/*
* A retransmitted SYN packet. We do not reset the
* timeout here to fr_tcptimeout because a connection
@@ -1893,6 +1892,12 @@ int dir, fsm;
*/
state[dir] = TCPS_ESTABLISHED;
newage = fr_tcpidletimeout;
+ } else if ((flags & ~(TH_ECN|TH_CWR)) == TH_OPENING) {
+ /*
+ * We see an SA from 'dir' which is already in
+ * SYN_RECEIVED state.
+ */
+ newage = fr_tcptimeout;
} else if (flags & TH_FIN) {
/*
* We see an F from 'dir' which is in SYN_RECEIVED
@@ -1987,6 +1992,8 @@ int dir, fsm;
* timeout
*/
newage = fr_tcplastack;
+ else
+ newage = *age;
}
/*
* We cannot detect when we go out of LAST_ACK state to CLOSED
@@ -2094,6 +2101,15 @@ fr_info_t *fin;
if (fin->fin_plen < sizeof(*oip))
return NULL;
+ if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP) &&
+ (oip->ip6_nxt != IPPROTO_ICMPV6))
+ return NULL;
+
+ bzero((char *)&ofin, sizeof(ofin));
+ ofin.fin_out = !fin->fin_out;
+ ofin.fin_ifp = fin->fin_ifp;
+ ofin.fin_v = 6;
+
if (oip->ip6_nxt == IPPROTO_ICMPV6) {
oic = (struct icmp6_hdr *)(oip + 1);
/*
@@ -2119,12 +2135,8 @@ fr_info_t *fin;
hv %= fr_statesize;
oip->ip6_plen = ntohs(oip->ip6_plen);
- ofin.fin_v = 6;
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
oip->ip6_plen = htons(oip->ip6_plen);
- ofin.fin_ifp = fin->fin_ifp;
- ofin.fin_out = !fin->fin_out;
- ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext)
@@ -2149,10 +2161,8 @@ fr_info_t *fin;
RWLOCK_EXIT(&ipf_state);
return NULL;
- };
+ }
- if ((oip->ip6_nxt != IPPROTO_TCP) && (oip->ip6_nxt != IPPROTO_UDP))
- return NULL;
tcp = (tcphdr_t *)(oip + 1);
dport = tcp->th_dport;
sport = tcp->th_sport;
@@ -2183,12 +2193,8 @@ fr_info_t *fin;
*/
savelen = oip->ip6_plen;
oip->ip6_plen = ip->ip6_plen - sizeof(*ip) - ICMPERR_ICMPHLEN;
- ofin.fin_v = 6;
fr_makefrip(sizeof(*oip), (ip_t *)oip, &ofin);
oip->ip6_plen = savelen;
- ofin.fin_ifp = fin->fin_ifp;
- ofin.fin_out = !fin->fin_out;
- ofin.fin_mp = NULL; /* if dereferenced, panic XXX */
READ_ENTER(&ipf_state);
for (isp = &ips_table[hv]; (is = *isp); isp = &is->is_hnext) {
/*
diff --git a/sys/contrib/ipfilter/netinet/ipl.h b/sys/contrib/ipfilter/netinet/ipl.h
index 2e99b65c0276..0fc3a8ddfeda 100644
--- a/sys/contrib/ipfilter/netinet/ipl.h
+++ b/sys/contrib/ipfilter/netinet/ipl.h
@@ -4,12 +4,12 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipl.h 1.21 6/5/96
- * $Id: ipl.h,v 2.15.2.32 2002/04/23 14:59:13 darrenr Exp $
+ * $Id: ipl.h,v 2.15.2.33 2002/04/27 14:53:48 darrenr Exp $
*/
#ifndef __IPL_H__
#define __IPL_H__
-#define IPL_VERSION "IP Filter: v3.4.26"
+#define IPL_VERSION "IP Filter: v3.4.27"
#endif