[Glibc-bsd-commits] r3471 - in trunk/freebsd-utils/debian: . patches
Robert Millan
rmh at alioth.debian.org
Sat Jun 18 17:34:20 UTC 2011
Author: rmh
Date: 2011-06-18 17:34:20 +0000 (Sat, 18 Jun 2011)
New Revision: 3471
Modified:
trunk/freebsd-utils/debian/changelog
trunk/freebsd-utils/debian/patches/013_pf.diff
trunk/freebsd-utils/debian/rules
Log:
* Removed kludges from 013_pf.diff. strtonum.c is obsoleted
by libbsd, pf_ruleset.c is imported from upstream source.
Modified: trunk/freebsd-utils/debian/changelog
===================================================================
--- trunk/freebsd-utils/debian/changelog 2011-06-18 17:09:26 UTC (rev 3470)
+++ trunk/freebsd-utils/debian/changelog 2011-06-18 17:34:20 UTC (rev 3471)
@@ -1,4 +1,4 @@
-freebsd-utils (8.2-3) UNRELEASED; urgency=low
+freebsd-utils (8.2+ds1-1) UNRELEASED; urgency=low
[ Petr Salinger ]
* Require newer eglibc, drop <net/if.h> workaround
@@ -9,6 +9,8 @@
- Bump libbsd-dev Build-Depends to (>= 0.3.0).
- Add pkg-config to Build-Depends.
- Remove some now obsolete porting code.
+ * Removed kludges from 013_pf.diff. strtonum.c is obsoleted
+ by libbsd, pf_ruleset.c is imported from upstream source.
-- Robert Millan <rmh at debian.org> Sat, 18 Jun 2011 19:07:34 +0200
Modified: trunk/freebsd-utils/debian/patches/013_pf.diff
===================================================================
--- trunk/freebsd-utils/debian/patches/013_pf.diff 2011-06-18 17:09:26 UTC (rev 3470)
+++ trunk/freebsd-utils/debian/patches/013_pf.diff 2011-06-18 17:34:20 UTC (rev 3471)
@@ -677,520 +677,6 @@
pfr.rule.flags = (proto == IPPROTO_TCP ? TH_SYN : 0);
pfr.rule.flagset = (proto == IPPROTO_TCP ?
(TH_SYN|TH_ACK|TH_FIN|TH_RST) : 0);
---- /dev/null
-+++ b/sbin/pfctl/pf_ruleset.c
-@@ -0,0 +1,511 @@
-+
-+/* This is a (temp) hack,
-+
-+ this file is concatenation of file
-+
-+ src/lib/libc/stdlib/strtonum.c
-+ src/sys/contrib/pf/net/pf_ruleset.c
-+
-+ */
-+
-+
-+/*-
-+ * Copyright (c) 2004 Ted Unangst and Todd Miller
-+ * All rights reserved.
-+ *
-+ * Permission to use, copy, modify, and distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ *
-+ * $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $
-+ */
-+
-+#include <sys/cdefs.h>
-+/* __FBSDID("$FreeBSD: src/lib/libc/stdlib/strtonum.c,v 1.2 2006/03/14 19:53:03 ache Exp $"); */
-+
-+
-+#include <errno.h>
-+#include <limits.h>
-+#include <stdlib.h>
-+
-+#define INVALID 1
-+#define TOOSMALL 2
-+#define TOOLARGE 3
-+
-+long long
-+strtonum(const char *numstr, long long minval, long long maxval,
-+ const char **errstrp)
-+{
-+ long long ll = 0;
-+ char *ep;
-+ int error = 0;
-+ struct errval {
-+ const char *errstr;
-+ int err;
-+ } ev[4] = {
-+ { NULL, 0 },
-+ { "invalid", EINVAL },
-+ { "too small", ERANGE },
-+ { "too large", ERANGE },
-+ };
-+
-+ ev[0].err = errno;
-+ errno = 0;
-+ if (minval > maxval)
-+ error = INVALID;
-+ else {
-+ ll = strtoll(numstr, &ep, 10);
-+ if (errno == EINVAL || numstr == ep || *ep != '\0')
-+ error = INVALID;
-+ else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
-+ error = TOOSMALL;
-+ else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
-+ error = TOOLARGE;
-+ }
-+ if (errstrp != NULL)
-+ *errstrp = ev[error].errstr;
-+ errno = ev[error].err;
-+ if (error)
-+ ll = 0;
-+
-+ return (ll);
-+}
-+
-+
-+
-+
-+/* $OpenBSD: pf_ruleset.c,v 1.1 2006/10/27 13:56:51 mcbride Exp $ */
-+
-+/*
-+ * Copyright (c) 2001 Daniel Hartmeier
-+ * Copyright (c) 2002,2003 Henning Brauer
-+ * All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * - Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * - Redistributions in binary form must reproduce the above
-+ * copyright notice, this list of conditions and the following
-+ * disclaimer in the documentation and/or other materials provided
-+ * with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-+ * POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ * Effort sponsored in part by the Defense Advanced Research Projects
-+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
-+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
-+ *
-+ */
-+
-+
-+#include <sys/param.h>
-+#include <sys/socket.h>
-+#ifdef _KERNEL
-+# include <sys/systm.h>
-+#endif /* _KERNEL */
-+
-+#include <netinet/in.h>
-+#include <netinet/in_systm.h>
-+#include <netinet/ip.h>
-+#include <netinet/tcp.h>
-+
-+#include <net/if.h>
-+#include <net/pfvar.h>
-+
-+#ifdef INET6
-+#include <netinet/ip6.h>
-+#endif /* INET6 */
-+
-+
-+#ifdef _KERNEL
-+# define DPFPRINTF(format, x...) \
-+ if (pf_status.debug >= PF_DEBUG_NOISY) \
-+ printf(format , ##x)
-+#ifdef __FreeBSD_kernel__
-+#define rs_malloc(x) malloc(x, M_TEMP, M_NOWAIT)
-+#else
-+#define rs_malloc(x) malloc(x, M_TEMP, M_WAITOK)
-+#endif
-+#define rs_free(x) free(x, M_TEMP)
-+
-+#else
-+/* Userland equivalents so we can lend code to pfctl et al. */
-+
-+# include <arpa/inet.h>
-+# include <errno.h>
-+# include <stdio.h>
-+# include <stdlib.h>
-+# include <string.h>
-+# define rs_malloc(x) malloc(x)
-+# define rs_free(x) free(x)
-+
-+# ifdef PFDEBUG
-+# include <sys/stdarg.h>
-+# define DPFPRINTF(format, x...) fprintf(stderr, format , ##x)
-+# else
-+# define DPFPRINTF(format, x...) ((void)0)
-+# endif /* PFDEBUG */
-+#endif /* _KERNEL */
-+
-+
-+struct pf_anchor_global pf_anchors;
-+struct pf_anchor pf_main_anchor;
-+
-+#ifndef __FreeBSD_kernel__
-+/* XXX: hum? */
-+int pf_get_ruleset_number(u_int8_t);
-+void pf_init_ruleset(struct pf_ruleset *);
-+int pf_anchor_setup(struct pf_rule *,
-+ const struct pf_ruleset *, const char *);
-+int pf_anchor_copyout(const struct pf_ruleset *,
-+ const struct pf_rule *, struct pfioc_rule *);
-+void pf_anchor_remove(struct pf_rule *);
-+#endif
-+
-+static __inline int pf_anchor_compare(struct pf_anchor *, struct pf_anchor *);
-+
-+RB_GENERATE(pf_anchor_global, pf_anchor, entry_global, pf_anchor_compare);
-+RB_GENERATE(pf_anchor_node, pf_anchor, entry_node, pf_anchor_compare);
-+
-+static __inline int
-+pf_anchor_compare(struct pf_anchor *a, struct pf_anchor *b)
-+{
-+ int c = strcmp(a->path, b->path);
-+
-+ return (c ? (c < 0 ? -1 : 1) : 0);
-+}
-+
-+int
-+pf_get_ruleset_number(u_int8_t action)
-+{
-+ switch (action) {
-+ case PF_SCRUB:
-+ case PF_NOSCRUB:
-+ return (PF_RULESET_SCRUB);
-+ break;
-+ case PF_PASS:
-+ case PF_DROP:
-+ return (PF_RULESET_FILTER);
-+ break;
-+ case PF_NAT:
-+ case PF_NONAT:
-+ return (PF_RULESET_NAT);
-+ break;
-+ case PF_BINAT:
-+ case PF_NOBINAT:
-+ return (PF_RULESET_BINAT);
-+ break;
-+ case PF_RDR:
-+ case PF_NORDR:
-+ return (PF_RULESET_RDR);
-+ break;
-+ default:
-+ return (PF_RULESET_MAX);
-+ break;
-+ }
-+}
-+
-+void
-+pf_init_ruleset(struct pf_ruleset *ruleset)
-+{
-+ int i;
-+
-+ memset(ruleset, 0, sizeof(struct pf_ruleset));
-+ for (i = 0; i < PF_RULESET_MAX; i++) {
-+ TAILQ_INIT(&ruleset->rules[i].queues[0]);
-+ TAILQ_INIT(&ruleset->rules[i].queues[1]);
-+ ruleset->rules[i].active.ptr = &ruleset->rules[i].queues[0];
-+ ruleset->rules[i].inactive.ptr = &ruleset->rules[i].queues[1];
-+ }
-+}
-+
-+struct pf_anchor *
-+pf_find_anchor(const char *path)
-+{
-+ struct pf_anchor *key, *found;
-+
-+ key = (struct pf_anchor *)rs_malloc(sizeof(*key));
-+ memset(key, 0, sizeof(*key));
-+ strlcpy(key->path, path, sizeof(key->path));
-+ found = RB_FIND(pf_anchor_global, &pf_anchors, key);
-+ rs_free(key);
-+ return (found);
-+}
-+
-+struct pf_ruleset *
-+pf_find_ruleset(const char *path)
-+{
-+ struct pf_anchor *anchor;
-+
-+ while (*path == '/')
-+ path++;
-+ if (!*path)
-+ return (&pf_main_ruleset);
-+ anchor = pf_find_anchor(path);
-+ if (anchor == NULL)
-+ return (NULL);
-+ else
-+ return (&anchor->ruleset);
-+}
-+
-+struct pf_ruleset *
-+pf_find_or_create_ruleset(const char *path)
-+{
-+ char *p, *q, *r;
-+ struct pf_ruleset *ruleset;
-+#ifdef __FreeBSD_kernel__
-+ struct pf_anchor *anchor = NULL, *dup, *parent = NULL;
-+#else
-+ struct pf_anchor *anchor, *dup, *parent = NULL;
-+#endif
-+
-+ if (path[0] == 0)
-+ return (&pf_main_ruleset);
-+ while (*path == '/')
-+ path++;
-+ ruleset = pf_find_ruleset(path);
-+ if (ruleset != NULL)
-+ return (ruleset);
-+ p = (char *)rs_malloc(MAXPATHLEN);
-+ bzero(p, MAXPATHLEN);
-+ strlcpy(p, path, MAXPATHLEN);
-+ while (parent == NULL && (q = strrchr(p, '/')) != NULL) {
-+ *q = 0;
-+ if ((ruleset = pf_find_ruleset(p)) != NULL) {
-+ parent = ruleset->anchor;
-+ break;
-+ }
-+ }
-+ if (q == NULL)
-+ q = p;
-+ else
-+ q++;
-+ strlcpy(p, path, MAXPATHLEN);
-+ if (!*q) {
-+ rs_free(p);
-+ return (NULL);
-+ }
-+ while ((r = strchr(q, '/')) != NULL || *q) {
-+ if (r != NULL)
-+ *r = 0;
-+ if (!*q || strlen(q) >= PF_ANCHOR_NAME_SIZE ||
-+ (parent != NULL && strlen(parent->path) >=
-+ MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 1)) {
-+ rs_free(p);
-+ return (NULL);
-+ }
-+ anchor = (struct pf_anchor *)rs_malloc(sizeof(*anchor));
-+ if (anchor == NULL) {
-+ rs_free(p);
-+ return (NULL);
-+ }
-+ memset(anchor, 0, sizeof(*anchor));
-+ RB_INIT(&anchor->children);
-+ strlcpy(anchor->name, q, sizeof(anchor->name));
-+ if (parent != NULL) {
-+ strlcpy(anchor->path, parent->path,
-+ sizeof(anchor->path));
-+ strlcat(anchor->path, "/", sizeof(anchor->path));
-+ }
-+ strlcat(anchor->path, anchor->name, sizeof(anchor->path));
-+ if ((dup = RB_INSERT(pf_anchor_global, &pf_anchors, anchor)) !=
-+ NULL) {
-+ printf("pf_find_or_create_ruleset: RB_INSERT1 "
-+ "'%s' '%s' collides with '%s' '%s'\n",
-+ anchor->path, anchor->name, dup->path, dup->name);
-+ rs_free(anchor);
-+ rs_free(p);
-+ return (NULL);
-+ }
-+ if (parent != NULL) {
-+ anchor->parent = parent;
-+ if ((dup = RB_INSERT(pf_anchor_node, &parent->children,
-+ anchor)) != NULL) {
-+ printf("pf_find_or_create_ruleset: "
-+ "RB_INSERT2 '%s' '%s' collides with "
-+ "'%s' '%s'\n", anchor->path, anchor->name,
-+ dup->path, dup->name);
-+ RB_REMOVE(pf_anchor_global, &pf_anchors,
-+ anchor);
-+ rs_free(anchor);
-+ rs_free(p);
-+ return (NULL);
-+ }
-+ }
-+ pf_init_ruleset(&anchor->ruleset);
-+ anchor->ruleset.anchor = anchor;
-+ parent = anchor;
-+ if (r != NULL)
-+ q = r + 1;
-+ else
-+ *q = 0;
-+ }
-+ rs_free(p);
-+ return (&anchor->ruleset);
-+}
-+
-+void
-+pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset)
-+{
-+ struct pf_anchor *parent;
-+ int i;
-+
-+ while (ruleset != NULL) {
-+ if (ruleset == &pf_main_ruleset || ruleset->anchor == NULL ||
-+ !RB_EMPTY(&ruleset->anchor->children) ||
-+ ruleset->anchor->refcnt > 0 || ruleset->tables > 0 ||
-+ ruleset->topen)
-+ return;
-+ for (i = 0; i < PF_RULESET_MAX; ++i)
-+ if (!TAILQ_EMPTY(ruleset->rules[i].active.ptr) ||
-+ !TAILQ_EMPTY(ruleset->rules[i].inactive.ptr) ||
-+ ruleset->rules[i].inactive.open)
-+ return;
-+ RB_REMOVE(pf_anchor_global, &pf_anchors, ruleset->anchor);
-+ if ((parent = ruleset->anchor->parent) != NULL)
-+ RB_REMOVE(pf_anchor_node, &parent->children,
-+ ruleset->anchor);
-+ rs_free(ruleset->anchor);
-+ if (parent == NULL)
-+ return;
-+ ruleset = &parent->ruleset;
-+ }
-+}
-+
-+int
-+pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s,
-+ const char *name)
-+{
-+ char *p, *path;
-+ struct pf_ruleset *ruleset;
-+
-+ r->anchor = NULL;
-+ r->anchor_relative = 0;
-+ r->anchor_wildcard = 0;
-+ if (!name[0])
-+ return (0);
-+ path = (char *)rs_malloc(MAXPATHLEN);
-+ bzero(path, MAXPATHLEN);
-+ if (name[0] == '/')
-+ strlcpy(path, name + 1, MAXPATHLEN);
-+ else {
-+ /* relative path */
-+ r->anchor_relative = 1;
-+ if (s->anchor == NULL || !s->anchor->path[0])
-+ path[0] = 0;
-+ else
-+ strlcpy(path, s->anchor->path, MAXPATHLEN);
-+ while (name[0] == '.' && name[1] == '.' && name[2] == '/') {
-+ if (!path[0]) {
-+ printf("pf_anchor_setup: .. beyond root\n");
-+ rs_free(path);
-+ return (1);
-+ }
-+ if ((p = strrchr(path, '/')) != NULL)
-+ *p = 0;
-+ else
-+ path[0] = 0;
-+ r->anchor_relative++;
-+ name += 3;
-+ }
-+ if (path[0])
-+ strlcat(path, "/", MAXPATHLEN);
-+ strlcat(path, name, MAXPATHLEN);
-+ }
-+ if ((p = strrchr(path, '/')) != NULL && !strcmp(p, "/*")) {
-+ r->anchor_wildcard = 1;
-+ *p = 0;
-+ }
-+ ruleset = pf_find_or_create_ruleset(path);
-+ rs_free(path);
-+ if (ruleset == NULL || ruleset->anchor == NULL) {
-+ printf("pf_anchor_setup: ruleset\n");
-+ return (1);
-+ }
-+ r->anchor = ruleset->anchor;
-+ r->anchor->refcnt++;
-+ return (0);
-+}
-+
-+int
-+pf_anchor_copyout(const struct pf_ruleset *rs, const struct pf_rule *r,
-+ struct pfioc_rule *pr)
-+{
-+ pr->anchor_call[0] = 0;
-+ if (r->anchor == NULL)
-+ return (0);
-+ if (!r->anchor_relative) {
-+ strlcpy(pr->anchor_call, "/", sizeof(pr->anchor_call));
-+ strlcat(pr->anchor_call, r->anchor->path,
-+ sizeof(pr->anchor_call));
-+ } else {
-+ char *a, *p;
-+ int i;
-+
-+ a = (char *)rs_malloc(MAXPATHLEN);
-+ bzero(a, MAXPATHLEN);
-+ if (rs->anchor == NULL)
-+ a[0] = 0;
-+ else
-+ strlcpy(a, rs->anchor->path, MAXPATHLEN);
-+ for (i = 1; i < r->anchor_relative; ++i) {
-+ if ((p = strrchr(a, '/')) == NULL)
-+ p = a;
-+ *p = 0;
-+ strlcat(pr->anchor_call, "../",
-+ sizeof(pr->anchor_call));
-+ }
-+ if (strncmp(a, r->anchor->path, strlen(a))) {
-+ printf("pf_anchor_copyout: '%s' '%s'\n", a,
-+ r->anchor->path);
-+ rs_free(a);
-+ return (1);
-+ }
-+ if (strlen(r->anchor->path) > strlen(a))
-+ strlcat(pr->anchor_call, r->anchor->path + (a[0] ?
-+ strlen(a) + 1 : 0), sizeof(pr->anchor_call));
-+ rs_free(a);
-+ }
-+ if (r->anchor_wildcard)
-+ strlcat(pr->anchor_call, pr->anchor_call[0] ? "/*" : "*",
-+ sizeof(pr->anchor_call));
-+ return (0);
-+}
-+
-+void
-+pf_anchor_remove(struct pf_rule *r)
-+{
-+ if (r->anchor == NULL)
-+ return;
-+ if (r->anchor->refcnt <= 0) {
-+ printf("pf_anchor_remove: broken refcount\n");
-+ r->anchor = NULL;
-+ return;
-+ }
-+ if (!--r->anchor->refcnt)
-+ pf_remove_if_empty_ruleset(&r->anchor->ruleset);
-+ r->anchor = NULL;
-+}
-+
--- a/sbin/pfctl/Makefile
+++ b/sbin/pfctl/Makefile
@@ -21,7 +21,7 @@
Modified: trunk/freebsd-utils/debian/rules
===================================================================
--- trunk/freebsd-utils/debian/rules 2011-06-18 17:09:26 UTC (rev 3470)
+++ trunk/freebsd-utils/debian/rules 2011-06-18 17:34:20 UTC (rev 3471)
@@ -42,7 +42,7 @@
usr.bin/ktrdump usr.bin/vmstat sbin/devfs sbin/fdisk \
sbin/ifconfig sbin/route usr.bin/netstat usr.sbin/rpc.umntall \
usr.sbin/ppp usr.sbin/pppctl usr.sbin/arp usr.bin/mkuzip \
- sbin/ipfw contrib/pf sbin/pfctl usr.sbin/authpf \
+ sbin/ipfw contrib/pf sbin/pfctl usr.sbin/authpf sys/contrib/pf/net \
sbin/mount_std sbin/umount sbin/mount_autofs sbin/mount_cd9660 \
sbin/mount_ext2fs sbin/mount_hpfs sbin/mount_msdosfs sbin/mount_nfs \
sbin/mount_ntfs sbin/mount_nullfs sbin/mount_udf sbin/mount_unionfs \
More information about the Glibc-bsd-commits
mailing list