diff options
| author | yz155240 <none@none> | 2006-07-19 01:15:53 -0700 | 
|---|---|---|
| committer | yz155240 <none@none> | 2006-07-19 01:15:53 -0700 | 
| commit | ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4 (patch) | |
| tree | 8f3a55a94fbaf0fdcbf3d0270606e4528a9dbb37 /usr/src/cmd/ipf/lib/common/ipft_tx.c | |
| parent | e32cd585e45b9f19db8e971dfa93046993fced0f (diff) | |
| download | illumos-joyent-ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4.tar.gz | |
PSARC 2006/082 IP Filter Code Merge on ip_fil4.1.9
4912568 ipftest ipf ipfstat ipnat ippool need a non-name resolution flag
5040248 ipfs -W fails to save kernel state tables
5081834 syntax parser reports wrong error position and line number
5094575 keyword "netmask" is un-supported in ipnat.conf (4)
6181751 ipf parser fails on wrong subnet notations
6181773 ipf parser fails on wrong port ranges
6248745 ipnat drops packets if the IP header is not 32 bit aligned
6340621 RFE: IP Filter code merge on ip_fil4.1.9
6359805 ipf command incorrectly check options in rules and core dumps
6395837 ipnat tcpudp parsing is incomplete
6426469 IPFilter rejects IPv6 neighbour discovery packets
6447872 usr/src/common/ipf/ip_compat.h should not be CDDL
--HG--
rename : usr/src/common/ipf/bpf-ipf.h => usr/src/uts/common/inet/ipf/bpf-ipf.h
rename : usr/src/common/ipf/fil.c => usr/src/uts/common/inet/ipf/fil.c
rename : usr/src/common/ipf/ip_auth.c => usr/src/uts/common/inet/ipf/ip_auth.c
rename : usr/src/common/ipf/ip_fil_solaris.c => usr/src/uts/common/inet/ipf/ip_fil_solaris.c
rename : usr/src/common/ipf/ip_frag.c => usr/src/uts/common/inet/ipf/ip_frag.c
rename : usr/src/common/ipf/ip_htable.c => usr/src/uts/common/inet/ipf/ip_htable.c
rename : usr/src/common/ipf/ip_log.c => usr/src/uts/common/inet/ipf/ip_log.c
rename : usr/src/common/ipf/ip_lookup.c => usr/src/uts/common/inet/ipf/ip_lookup.c
rename : usr/src/common/ipf/ip_nat.c => usr/src/uts/common/inet/ipf/ip_nat.c
rename : usr/src/common/ipf/ip_pool.c => usr/src/uts/common/inet/ipf/ip_pool.c
rename : usr/src/common/ipf/ip_proxy.c => usr/src/uts/common/inet/ipf/ip_proxy.c
rename : usr/src/common/ipf/ip_state.c => usr/src/uts/common/inet/ipf/ip_state.c
rename : usr/src/common/ipf/ipf.h => usr/src/uts/common/inet/ipf/ipf.h
rename : usr/src/common/ipf/ipmon.h => usr/src/uts/common/inet/ipf/ipmon.h
rename : usr/src/common/ipf/ipt.h => usr/src/uts/common/inet/ipf/ipt.h
rename : usr/src/common/ipf/Makefile => usr/src/uts/common/inet/ipf/netinet/Makefile
rename : usr/src/common/ipf/ip_auth.h => usr/src/uts/common/inet/ipf/netinet/ip_auth.h
rename : usr/src/common/ipf/ip_compat.h => usr/src/uts/common/inet/ipf/netinet/ip_compat.h
rename : usr/src/common/ipf/ip_fil.h => usr/src/uts/common/inet/ipf/netinet/ip_fil.h
rename : usr/src/common/ipf/ip_frag.h => usr/src/uts/common/inet/ipf/netinet/ip_frag.h
rename : usr/src/common/ipf/ip_ftp_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_ftp_pxy.c
rename : usr/src/common/ipf/ip_h323_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_h323_pxy.c
rename : usr/src/common/ipf/ip_htable.h => usr/src/uts/common/inet/ipf/netinet/ip_htable.h
rename : usr/src/common/ipf/ip_ipsec_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_ipsec_pxy.c
rename : usr/src/common/ipf/ip_irc_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_irc_pxy.c
rename : usr/src/common/ipf/ip_lookup.h => usr/src/uts/common/inet/ipf/netinet/ip_lookup.h
rename : usr/src/common/ipf/ip_nat.h => usr/src/uts/common/inet/ipf/netinet/ip_nat.h
rename : usr/src/common/ipf/ip_netbios_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_netbios_pxy.c
rename : usr/src/common/ipf/ip_pool.h => usr/src/uts/common/inet/ipf/netinet/ip_pool.h
rename : usr/src/common/ipf/ip_proxy.h => usr/src/uts/common/inet/ipf/netinet/ip_proxy.h
rename : usr/src/common/ipf/ip_raudio_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_raudio_pxy.c
rename : usr/src/common/ipf/ip_rcmd_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_rcmd_pxy.c
rename : usr/src/common/ipf/ip_rpcb_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_rpcb_pxy.c
rename : usr/src/common/ipf/ip_state.h => usr/src/uts/common/inet/ipf/netinet/ip_state.h
rename : usr/src/common/ipf/ipl.h => usr/src/uts/common/inet/ipf/netinet/ipl.h
rename : usr/src/common/ipf/opts.h => usr/src/uts/common/inet/ipf/opts.h
rename : usr/src/common/ipf/radix.c => usr/src/uts/common/inet/ipf/radix.c
rename : usr/src/common/ipf/radix.h => usr/src/uts/common/inet/ipf/radix.h
rename : usr/src/common/ipf/solaris.c => usr/src/uts/common/inet/ipf/solaris.c
rename : usr/src/uts/common/inet/ipf/compat.h => usr/src/uts/common/inet/pfil/compat.h
rename : usr/src/uts/common/inet/ipf/misc.c => usr/src/uts/common/inet/pfil/misc.c
rename : usr/src/uts/common/inet/ipf/ndd.c => usr/src/uts/common/inet/pfil/ndd.c
rename : usr/src/uts/common/inet/ipf/os.h => usr/src/uts/common/inet/pfil/os.h
rename : usr/src/uts/common/inet/ipf/pfil.c => usr/src/uts/common/inet/pfil/pfil.c
rename : usr/src/uts/common/inet/ipf/pfil.conf => usr/src/uts/common/inet/pfil/pfil.conf
rename : usr/src/uts/common/inet/ipf/pfil.h => usr/src/uts/common/inet/pfil/pfil.h
rename : usr/src/common/ipf/pfild.h => usr/src/uts/common/inet/pfil/pfild.h
rename : usr/src/uts/common/inet/ipf/pfildrv.c => usr/src/uts/common/inet/pfil/pfildrv.c
rename : usr/src/uts/common/inet/ipf/pfilstream.c => usr/src/uts/common/inet/pfil/pfilstream.c
rename : usr/src/uts/common/inet/ipf/pkt.c => usr/src/uts/common/inet/pfil/pkt.c
rename : usr/src/uts/common/inet/ipf/qif.c => usr/src/uts/common/inet/pfil/qif.c
rename : usr/src/uts/common/inet/ipf/qif.h => usr/src/uts/common/inet/pfil/qif.h
Diffstat (limited to 'usr/src/cmd/ipf/lib/common/ipft_tx.c')
| -rw-r--r-- | usr/src/cmd/ipf/lib/common/ipft_tx.c | 56 | 
1 files changed, 27 insertions, 29 deletions
| diff --git a/usr/src/cmd/ipf/lib/common/ipft_tx.c b/usr/src/cmd/ipf/lib/common/ipft_tx.c index 3d0f5800ce..82eca169d8 100644 --- a/usr/src/cmd/ipf/lib/common/ipft_tx.c +++ b/usr/src/cmd/ipf/lib/common/ipft_tx.c @@ -3,11 +3,11 @@   *   * See the IPFILTER.LICENCE file for details on licencing.   * - * $Id: ipft_tx.c,v 1.11 2003/02/16 02:32:01 darrenr Exp $ + * $Id: ipft_tx.c,v 1.15.2.3 2005/06/18 02:41:34 darrenr Exp $   */  #if !defined(lint)  static const char sccsid[] = "@(#)ipft_tx.c	1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.11 2003/02/16 02:32:01 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.15.2.3 2005/06/18 02:41:34 darrenr Exp $";  #endif  #include <ctype.h> @@ -15,10 +15,9 @@ static const char rcsid[] = "@(#)$Id: ipft_tx.c,v 1.11 2003/02/16 02:32:01 darre  #include "ipf.h"  #include "ipt.h" -#undef	ICMP_MAXTYPE -#include <netinet/ip_icmp.h> +#ifndef linux  #include <netinet/ip_var.h> -#include <netinet/udp.h> +#endif  #include <netinet/tcpip.h> @@ -30,8 +29,8 @@ static	int	text_open __P((char *)), text_close __P((void));  static	int	text_readip __P((char *, int, char **, int *));  static	int	parseline __P((char *, ip_t *, char **, int *)); -static	char	_tcp_flagset[] = "FSRPAUEC"; -static	u_char	_tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, +static	char	myflagset[] = "FSRPAUEC"; +static	u_char	myflags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,  				TH_ACK, TH_URG, TH_ECN, TH_CWR };  struct	ipread	iptext = { text_open, text_close, text_readip, R_DO_CKSUM }; @@ -50,24 +49,20 @@ static	u_32_t	tx_hostnum(host, resolved)  char	*host;  int	*resolved;  { -	struct	hostent	*hp; -	struct	netent	*np; +	u_32_t	ipa;  	*resolved = 0; -	if (!strcasecmp("any",host)) +	if (!strcasecmp("any", host))  		return 0L; -	if (isdigit(*host)) +	if (ISDIGIT(*host))  		return inet_addr(host); -	if (!(hp = gethostbyname(host))) { -		if (!(np = getnetbyname(host))) { -			*resolved = -1; -			fprintf(stderr, "can't resolve hostname: %s\n", host); -			return 0; -		} -		return htonl(np->n_net); +	if (gethost(host, &ipa) == -1) { +		*resolved = -1; +		fprintf(stderr, "can't resolve hostname: %s\n", host); +		return 0;  	} -	return *(u_32_t *)hp->h_addr; +	return ipa;  } @@ -81,7 +76,7 @@ char	*name;  	struct	servent	*sp, *sp2;  	u_short	p1 = 0; -	if (isdigit(*name)) +	if (ISDIGIT(*name))  		return (u_short)atoi(name);  	if (!tx_proto)  		tx_proto = "tcp/udp"; @@ -205,11 +200,11 @@ int	*out;  		return 1;  	c = **cpp; -	if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) { +	if (!ISALPHA(c) || (TOLOWER(c) != 'o' && TOLOWER(c) != 'i')) {  		fprintf(stderr, "bad direction \"%s\"\n", *cpp);  		return 1;  	} -	*out = (tolower(c) == 'o') ? 1 : 0; +	*out = (TOLOWER(c) == 'o') ? 1 : 0;  	cpp++;  	if (!*cpp)  		return 1; @@ -241,7 +236,7 @@ int	*out;  			tx_proto = "icmp";  		}  		cpp++; -	} else if (isdigit(**cpp) && !index(*cpp, '.')) { +	} else if (ISDIGIT(**cpp) && !index(*cpp, '.')) {  		ip->ip_p = atoi(*cpp);  		cpp++;  	} else @@ -259,6 +254,10 @@ int	*out;  		}  		*last++ = '\0';  		tcp->th_sport = htons(tx_portnum(last)); +		if (ip->ip_p == IPPROTO_TCP) { +			tcp->th_win = htons(4096); +			TCP_OFF_A(tcp, sizeof(*tcp) >> 2); +		}  	}  	ip->ip_src.s_addr = tx_hostnum(*cpp, &r);  	cpp++; @@ -279,19 +278,18 @@ int	*out;  	ip->ip_dst.s_addr = tx_hostnum(*cpp, &r);  	cpp++;  	if (*cpp && ip->ip_p == IPPROTO_TCP) { -		extern	char	_tcp_flagset[]; -		extern	u_char	_tcp_flags[];  		char	*s, *t; +		tcp->th_flags = 0;  		for (s = *cpp; *s; s++) -			if ((t  = strchr(_tcp_flagset, *s))) -				tcp->th_flags |= _tcp_flags[t - _tcp_flagset]; +			if ((t  = strchr(myflagset, *s))) +				tcp->th_flags |= myflags[t - myflagset];  		if (tcp->th_flags)  			cpp++;  		if (tcp->th_flags == 0)  			abort(); -		tcp->th_win = htons(4096); -		TCP_OFF_A(tcp, sizeof(*tcp) >> 2); +		if (tcp->th_flags & TH_URG) +			tcp->th_urp = htons(1);  	} else if (*cpp && ip->ip_p == IPPROTO_ICMP) {  		extern	char	*tx_icmptypes[];  		char	**s, *t; | 
