Index: HISTORY =================================================================== RCS file: /devel/CVS/IP-Filter/HISTORY,v retrieving revision 2.0.1.3 retrieving revision 2.0.1.4 diff -c -r2.0.1.3 -r2.0.1.4 *** 2.0.1.3 1997/01/10 00:30:38 --- 2.0.1.4 1997/01/13 10:05:46 *************** *** 5,10 **** --- 5,18 ---- # Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the # loan of a machine to work on a Solaris 2.x port of this software. # + 3.1.5 13/1/97 - Released + + fixed setting of NAT timeouts and use different timeouts for concurrent + TCP sessions using the same IP# mapping (when port mapping isn't used) + + multiple loading/unloading of LKM's doesn't clean up cdevsw properly for + *BSD systems. + 3.1.4 10/1/97 - Released add command line options -C and -F to ipnat to flush NAT list and table Index: Makefile =================================================================== RCS file: /devel/CVS/IP-Filter/Makefile,v retrieving revision 2.0.1.1 retrieving revision 2.0.1.2 diff -c -r2.0.1.1 -r2.0.1.2 *** 2.0.1.1 1997/01/09 15:14:42 --- 2.0.1.2 1997/01/12 09:58:09 *************** *** 5,11 **** # and is not changed in any way. The author accepts no responsibility # for the use of this software. I hate legaleese, don't you ? # ! # $Id: Makefile,v 2.0.1.1 1997/01/09 15:14:42 darrenr Exp $ # # where to put things. # --- 5,11 ---- # and is not changed in any way. The author accepts no responsibility # for the use of this software. I hate legaleese, don't you ? # ! # $Id: Makefile,v 2.0.1.2 1997/01/12 09:58:09 darrenr Exp $ # # where to put things. # *************** *** 103,108 **** --- 103,117 ---- [ -d test ] && (cd test; make clean) (cd ipsend; make clean) + clean-bsd: + (cd BSD; make clean) + + clean-sunos4: + (cd SunOS4; make clean) + + clean-sunos5: + (cd SunOS5; make clean) + get: -@for i in ipf.c ipt.h solaris.c ipf.h kmem.c ipft_ef.c linux.h \ ipft_pc.c fil.c ipft_sn.c mln_ipl.c fils.c ipft_td.c \ *************** *** 116,126 **** fi \ done ! install-bsd: (cd BSD/$(DCPU); $(MAKE) "TOP=../.." install) ! install-SunOS4: (cd SunOS4; $(MAKE) "TOP=.." install) ! install-SunOS5: (cd SunOS5; $(MAKE) "TOP=../.." install) # XXX FIXME: bogus to depend on all! --- 125,135 ---- fi \ done ! install-bsd: bsd (cd BSD/$(DCPU); $(MAKE) "TOP=../.." install) ! install-SunOS4: solaris (cd SunOS4; $(MAKE) "TOP=.." install) ! install-SunOS5: solaris (cd SunOS5; $(MAKE) "TOP=../.." install) # XXX FIXME: bogus to depend on all! Index: ip_nat.c =================================================================== RCS file: /devel/CVS/IP-Filter/ip_nat.c,v retrieving revision 2.0.1.3 retrieving revision 2.0.1.4 diff -c -r2.0.1.3 -r2.0.1.4 *** 2.0.1.3 1997/01/10 00:28:47 --- 2.0.1.4 1997/01/12 10:42:56 *************** *** 18,24 **** */ #if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static char rcsid[] = "$Id: ip_nat.c,v 2.0.1.3 1997/01/10 00:28:47 darrenr Exp $"; #endif #if !defined(_KERNEL) && !defined(KERNEL) --- 18,24 ---- */ #if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; ! static char rcsid[] = "$Id: ip_nat.c,v 2.0.1.4 1997/01/12 10:42:56 darrenr Exp $"; #endif #if !defined(_KERNEL) && !defined(KERNEL) *************** *** 292,298 **** tcphdr_t *tcp = NULL; nat_t *nat, **natp; ! if (flags) { tcp = (tcphdr_t *)fin->fin_dp; sport = tcp->th_sport; dport = tcp->th_dport; --- 292,298 ---- tcphdr_t *tcp = NULL; nat_t *nat, **natp; ! if (flags & IPN_TCPUDP) { tcp = (tcphdr_t *)fin->fin_dp; sport = tcp->th_sport; dport = tcp->th_dport; *************** *** 330,335 **** --- 330,337 ---- np->in_nip = ntohl(np->in_outip) + 1; } while (nat_lookupinip(in, sport)); + if (!port && (flags & IPN_TCPUDP)) + port = sport; /* Setup the NAT table */ nat->nat_use = 0; nat->nat_inip = ip->ip_src; *************** *** 356,362 **** sumd = (sumd & 0xffff) + (sumd >> 16); nat->nat_sumd = (sumd & 0xffff) + (sumd >> 16); ! if (sport) { nat->nat_inport = sport; nat->nat_outport = port; } else { --- 358,364 ---- sumd = (sumd & 0xffff) + (sumd >> 16); nat->nat_sumd = (sumd & 0xffff) + (sumd >> 16); ! if (flags & IPN_TCPUDP) { nat->nat_inport = sport; nat->nat_outport = port; } else { *************** *** 398,404 **** sumd = (sumd & 0xffff) + (sumd >> 16); nat->nat_sumd = (sumd & 0xffff) + (sumd >> 16); ! if (dport) { nat->nat_inport = nport; nat->nat_outport = dport; nat->nat_oport = sport; --- 400,406 ---- sumd = (sumd & 0xffff) + (sumd >> 16); nat->nat_sumd = (sumd & 0xffff) + (sumd >> 16); ! if (flags & IPN_TCPUDP) { nat->nat_inport = nport; nat->nat_outport = dport; nat->nat_oport = sport; *************** *** 418,428 **** nat->nat_next[1] = *natp; *natp = nat; nat->nat_use++; if (direction == NAT_OUTBOUND) { ! if (flags) tcp->th_sport = htons(port); } else { ! if (flags) tcp->th_dport = htons(nport); } nat_stats.ns_added++; --- 420,434 ---- nat->nat_next[1] = *natp; *natp = nat; nat->nat_use++; + if (flags & IPN_TCP) { + nat->nat_state[0] = 0; + nat->nat_state[1] = 0; + } if (direction == NAT_OUTBOUND) { ! if (flags & IPN_TCPUDP) tcp->th_sport = htons(port); } else { ! if (flags & IPN_TCPUDP) tcp->th_dport = htons(nport); } nat_stats.ns_added++; *************** *** 511,517 **** register u_long ipa; tcphdr_t *tcp = NULL; nat_t *nat; ! u_short nflags = 0, sport = 0; struct ifnet *ifp = fin->fin_ifp; if (!(ip->ip_off & 0x1fff) && !(fin->fin_fi.fi_fl & FI_SHORT)) { --- 517,523 ---- register u_long ipa; tcphdr_t *tcp = NULL; nat_t *nat; ! u_short nflags = 0, sport = 0, *csump = NULL; struct ifnet *ifp = fin->fin_ifp; if (!(ip->ip_off & 0x1fff) && !(fin->fin_fi.fi_fl & FI_SHORT)) { *************** *** 547,554 **** * Redirections are only for incoming * connections. */ ! if (!(nat = nat_new(np, ip, fin, ! nflags & np->in_flags, NAT_OUTBOUND))) break; } --- 553,559 ---- * Redirections are only for incoming * connections. */ ! if (!(nat = nat_new(np, ip, fin, nflags, NAT_OUTBOUND))) break; } *************** *** 570,590 **** tcp->th_sport = nat->nat_outport; if (ip->ip_p == IPPROTO_TCP) { ! FIX_OUTCKSUM(&tcp->th_sum, nat); set_tcp_age(&nat->nat_age, ! nat->nat_state, ip, fin, ! tcp->th_dport == ! nat->nat_inport); } else if (ip->ip_p == IPPROTO_UDP) { udphdr_t *udp = (udphdr_t *)tcp; if (udp->uh_sum) ! FIX_OUTCKSUM(&udp->uh_sum, nat); } else if (ip->ip_p == IPPROTO_ICMP) { icmphdr_t *ic = (icmphdr_t *)tcp; ! FIX_OUTCKSUM(&ic->icmp_cksum, nat); } } nat_stats.ns_mapped[1]++; MUTEX_EXIT(&ipf_nat); --- 575,595 ---- tcp->th_sport = nat->nat_outport; if (ip->ip_p == IPPROTO_TCP) { ! csump = &tcp->th_sum; set_tcp_age(&nat->nat_age, ! nat->nat_state, ip, fin,1); } else if (ip->ip_p == IPPROTO_UDP) { udphdr_t *udp = (udphdr_t *)tcp; if (udp->uh_sum) ! csump = &udp->uh_sum; } else if (ip->ip_p == IPPROTO_ICMP) { icmphdr_t *ic = (icmphdr_t *)tcp; ! csump = &ic->icmp_cksum; } + if (csump) + FIX_OUTCKSUM(csump, nat); } nat_stats.ns_mapped[1]++; MUTEX_EXIT(&ipf_nat); *************** *** 608,614 **** register struct in_addr in; struct ifnet *ifp = fin->fin_ifp; tcphdr_t *tcp = NULL; ! u_short port = 0, nflags = 0; nat_t *nat; if (!(ip->ip_off & 0x1fff) && !(fin->fin_fi.fi_fl & FI_SHORT)) { --- 613,619 ---- register struct in_addr in; struct ifnet *ifp = fin->fin_ifp; tcphdr_t *tcp = NULL; ! u_short port = 0, nflags = 0, *csump = NULL; nat_t *nat; if (!(ip->ip_off & 0x1fff) && !(fin->fin_fi.fi_fl & FI_SHORT)) { *************** *** 665,685 **** tcp->th_dport = nat->nat_inport; if (ip->ip_p == IPPROTO_TCP) { ! FIX_INCKSUM(&tcp->th_sum, nat); set_tcp_age(&nat->nat_age, ! nat->nat_state, ip, fin, ! tcp->th_dport == ! nat->nat_inport); } else if (ip->ip_p == IPPROTO_UDP) { udphdr_t *udp = (udphdr_t *)tcp; if (udp->uh_sum) ! FIX_INCKSUM(&udp->uh_sum, nat); } else if (ip->ip_p == IPPROTO_ICMP) { icmphdr_t *ic = (icmphdr_t *)tcp; ! FIX_INCKSUM(&ic->icmp_cksum, nat); } } nat_stats.ns_mapped[0]++; MUTEX_EXIT(&ipf_nat); --- 670,690 ---- tcp->th_dport = nat->nat_inport; if (ip->ip_p == IPPROTO_TCP) { ! csump = &tcp->th_sum; set_tcp_age(&nat->nat_age, ! nat->nat_state, ip, fin,0); } else if (ip->ip_p == IPPROTO_UDP) { udphdr_t *udp = (udphdr_t *)tcp; if (udp->uh_sum) ! csump = &udp->uh_sum; } else if (ip->ip_p == IPPROTO_ICMP) { icmphdr_t *ic = (icmphdr_t *)tcp; ! csump = &ic->icmp_cksum; } + if (csump) + FIX_INCKSUM(csump, nat); } nat_stats.ns_mapped[0]++; MUTEX_EXIT(&ipf_nat); Index: ipl.h =================================================================== RCS file: /devel/CVS/IP-Filter/ipl.h,v retrieving revision 2.0.1.3 retrieving revision 2.0.1.4 diff -c -r2.0.1.3 -r2.0.1.4 *** 2.0.1.3 1997/01/10 00:30:37 --- 2.0.1.4 1997/01/13 10:05:47 *************** *** 11,16 **** #ifndef __IPL_H_ #define __IPL_H__ ! #define IPL_VERSION "IP Filter v3.1.4 - 10/1/97" #endif --- 11,16 ---- #ifndef __IPL_H_ #define __IPL_H__ ! #define IPL_VERSION "IP Filter v3.1.5 - 13/01/97" #endif Index: ipnat.c =================================================================== RCS file: /devel/CVS/IP-Filter/ipnat.c,v retrieving revision 2.0.1.2 retrieving revision 2.0.1.3 diff -c -r2.0.1.2 -r2.0.1.3 *** 2.0.1.2 1997/01/10 00:30:07 --- 2.0.1.3 1997/01/12 09:57:13 *************** *** 51,57 **** #if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static char rcsid[] = "$Id: ipnat.c,v 2.0.1.2 1997/01/10 00:30:07 darrenr Exp $"; #endif #if SOLARIS --- 51,57 ---- #if !defined(lint) && defined(LIBC_SCCS) static char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed"; ! static char rcsid[] = "$Id: ipnat.c,v 2.0.1.3 1997/01/12 09:57:13 darrenr Exp $"; #endif #if SOLARIS *************** *** 263,269 **** printf("%s %hu <- -> ", inet_ntoa(nat.nat_inip), ntohs(nat.nat_inport)); ! printf("%s %hu %hu %hu %lx [", inet_ntoa(nat.nat_outip), ntohs(nat.nat_outport), nat.nat_age, nat.nat_use, --- 263,269 ---- printf("%s %hu <- -> ", inet_ntoa(nat.nat_inip), ntohs(nat.nat_inport)); ! printf("%s %hu %d %hu %lx [", inet_ntoa(nat.nat_outip), ntohs(nat.nat_outport), nat.nat_age, nat.nat_use, Index: mln_ipl.c =================================================================== RCS file: /devel/CVS/IP-Filter/mln_ipl.c,v retrieving revision 2.0.1.1 retrieving revision 2.0.1.2 diff -c -r2.0.1.1 -r2.0.1.2 *** 2.0.1.1 1997/01/09 15:14:44 --- 2.0.1.2 1997/01/12 10:43:41 *************** *** 116,121 **** --- 116,122 ---- NULL /* strategy */ }; #endif + static struct cdevsw cdev_sav; int ipl_major = 0; MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw); *************** *** 149,163 **** if (cdevsw[i].d_open != iplopen) { bcopy(&cdevsw[i], &args->lkm_olddev.cdev, sizeof(struct cdevsw)); bcopy(args->lkm_dev.cdev, &cdevsw[i], sizeof(struct cdevsw)); } args->lkm_offset = i; /* slot in cdevsw[] */ return ipl_load(); case LKM_E_UNLOAD : ! i = args->lkm_offset; ! bcopy(&args->lkm_olddev.cdev, &cdevsw[i], sizeof(struct cdevsw)); return ipl_unload(); case LKM_E_STAT : break; --- 150,165 ---- if (cdevsw[i].d_open != iplopen) { bcopy(&cdevsw[i], &args->lkm_olddev.cdev, sizeof(struct cdevsw)); + bcopy(&cdevsw[i], &cdev_sav, sizeof(struct cdevsw)); bcopy(args->lkm_dev.cdev, &cdevsw[i], sizeof(struct cdevsw)); } args->lkm_offset = i; /* slot in cdevsw[] */ return ipl_load(); case LKM_E_UNLOAD : ! bcopy(&args->lkm_olddev.cdev, &cdevsw[ipl_major], sizeof(struct cdevsw)); + bcopy(&cdev_sav, &cdevsw[ipl_major], sizeof(struct cdevsw)); return ipl_unload(); case LKM_E_STAT : break;