Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove stuff not related to NetBSD

This commit is contained in:
jdolecek 2002-04-01 15:58:08 +00:00
parent aa2f829ddf
commit 1414ac04e0
15 changed files with 0 additions and 2845 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
dist/ipf/FreeBSD-4.0/INST.FreeBSD-4 vendored
View File

@ -1,24 +0,0 @@
To build a kernel with the IP filter, follow these seven steps:
1. do "make freebsd4"
2. do "make install-bsd"
(probably has to be done as root)
3. run "FreeBSD-4/kinstall" as root
4. build a new kernel
5. install the new kernel
6. If not using DEVFS, create devices for IP Filter as follows:
mknod /dev/ipl c 79 0
mknod /dev/ipnat c 79 1
mknod /dev/ipstate c 79 2
mknod /dev/ipauth c 79 3
7. reboot
Darren Reed
darrenr@pobox.com

63
dist/ipf/FreeBSD-4.0/ipv6-patch-4.0 vendored
View File

@ -1,63 +0,0 @@
.\" $NetBSD: ipv6-patch-4.0,v 1.1.1.1 2001/03/26 03:53:49 mike Exp $
.\"
*** ip6_input.c.orig Sun Feb 13 14:32:01 2000
--- ip6_input.c Wed Apr 26 22:31:34 2000
***************
*** 121,126 ****
--- 121,127 ----
extern struct domain inet6domain;
extern struct ip6protosw inet6sw[];
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
u_char ip6_protox[IPPROTO_MAX];
static int ip6qmaxlen = IFQ_MAXLEN;
***************
*** 302,307 ****
--- 303,317 ----
ip6stat.ip6s_badvers++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
goto bad;
+ }
+
+ if (fr_checkp) {
+ struct mbuf *m1 = m;
+
+ if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif,
+ 0, &m1) || !m1)
+ return;
+ ip6 = mtod(m = m1, struct ip6_hdr *);
}
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
*** ip6_output.c.orig Fri Mar 10 01:57:16 2000
--- ip6_output.c Wed Apr 26 22:34:34 2000
***************
*** 108,113 ****
--- 108,115 ----
#include <netinet6/ip6_fw.h>
#endif
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+
static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
struct ip6_exthdrs {
***************
*** 754,759 ****
--- 756,770 ----
ip6->ip6_src.s6_addr16[1] = 0;
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
ip6->ip6_dst.s6_addr16[1] = 0;
+ }
+
+ if (fr_checkp) {
+ struct mbuf *m1 = m;
+
+ if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) ||
+ !m1)
+ goto done;
+ ip6 = mtod(m = m1, struct ip6_hdr *);
}
#ifdef IPV6FIREWALL

65
dist/ipf/FreeBSD-4.0/ipv6-patch-4.1 vendored
View File

@ -1,65 +0,0 @@
.\" $NetBSD: ipv6-patch-4.1,v 1.1.1.1 2001/03/26 03:53:49 mike Exp $
.\"
*** ip6_input.c.orig Sat Jul 15 07:14:34 2000
--- ip6_input.c Thu Oct 19 17:14:37 2000
***************
*** 120,125 ****
--- 120,127 ----
extern struct domain inet6domain;
extern struct ip6protosw inet6sw[];
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int,
+ struct mbuf **));
u_char ip6_protox[IPPROTO_MAX];
static int ip6qmaxlen = IFQ_MAXLEN;
***************
*** 289,294 ****
--- 291,305 ----
ip6stat.ip6s_badvers++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
goto bad;
+ }
+
+ if (fr_checkp) {
+ struct mbuf *m1 = m;
+
+ if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif,
+ 0, &m1) || !m1)
+ return;
+ ip6 = mtod(m = m1, struct ip6_hdr *);
}
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
*** ip6_output.c.orig Sat Jul 15 07:14:35 2000
--- ip6_output.c Thu Oct 19 17:13:53 2000
***************
*** 106,111 ****
--- 106,113 ----
#include <netinet6/ip6_fw.h>
#endif
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+
static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
struct ip6_exthdrs {
***************
*** 787,792 ****
--- 789,803 ----
ip6->ip6_src.s6_addr16[1] = 0;
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
ip6->ip6_dst.s6_addr16[1] = 0;
+ }
+
+ if (fr_checkp) {
+ struct mbuf *m1 = m;
+
+ if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) ||
+ !m1)
+ goto done;
+ ip6 = mtod(m = m1, struct ip6_hdr *);
}
#ifdef IPV6FIREWALL

82
dist/ipf/IRIX/Makefile.ipsend.std vendored
View File

@ -1,82 +0,0 @@
OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o
IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o
ROBJS=ipresend.o ip.o resend.o $(IPFTO) inet_addr.o opt.o
TOBJS=iptest.o iptests.o ip.o
UNIXOBJS=sirix.o arp.o
LIBS=
CC=cc
CFLAGS=-g -I$(TOP)
CCARGS=$(DEBUG) $(CFLAGS) -D_STANDALONE
all build irix : ipsend ipresend iptest
.c.o:
$(CC) $(CCARGS) -c $< -o $@
y.tab.o: $(TOP)/iplang/iplang_y.y
(cd $(TOP)/iplang; $(MAKE) 'CFLAGS=$(CCARGS)' 'DESTDIR=../IRIX/$(CPUDIR)' )
lex.yy.o: $(TOP)/iplang/iplang_l.l
(cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../IRIX/$(CPUDIR)' )
ipsend: $(OBJS) $(UNIXOBJS)
$(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll
ipresend: $(ROBJS) $(UNIXOBJS)
$(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS)
iptest: $(TOBJS) $(UNIXOBJS)
$(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS)
clean:
rm -rf *.o core a.out ipsend ipresend iptest
ipsend.o: $(TOP)/ipsend/ipsend.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/ipsend.c -o $@
ipsopt.o: $(TOP)/ipsend/ipsopt.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/ipsopt.c -o $@
ipresend.o: $(TOP)/ipsend/ipresend.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/ipresend.c -o $@
ip.o: $(TOP)/ipsend/ip.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/ip.c -o $@
resend.o: $(TOP)/ipsend/resend.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/resend.c -o $@
ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \
$(TOP)/snoop.h
$(CC) $(CCARGS) -c $(TOP)/ipft_sn.c -o $@
ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_ef.c -o $@
ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_td.c -o $@
ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_pc.c -o $@
ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_tx.c -o $@
ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_hx.c -o $@
iptest.o: $(TOP)/ipsend/iptest.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/iptest.c -o $@
iptests.o: $(TOP)/ipsend/iptests.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/iptests.c -o $@
sock.o: $(TOP)/ipsend/sock.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/sock.c -o $@
arp.o: $(TOP)/ipsend/arp.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/arp.c -o $@
sirix.o: $(TOP)/ipsend/sirix.c
$(CC) $(CCARGS) -c $(TOP)/ipsend/sirix.c -o $@

268
dist/ipf/IRIX/Makefile.std vendored
View File

@ -1,268 +0,0 @@
#!smake
#
# Copyright (C) 1993-1998 by Darren Reed.
# Copyright (C) 1997 by Marc Boucher.
#
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
# to the original authors and the contributors.
#
# For IRIX
#
# Automatically determine compiler switches and defines for kernel compilation
# based on our current CPU:
#
SGIREV=-DIRIX=$(SGI)
DCPU=`uname -m`
KFLAGS=`$(TOP)/IRIX/getkflags`
#
BINDEST=/usr/sbin
SBINDEST=/usr/etc
MANDIR=/usr/share/man/local
INCDEST=/usr/include/netinet
LKMDEST=/var/sysgen/boot
CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
TOP=..
#CC=cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O
CFLAGS=-g -I$(TOP)
#
ML=mli_ipl.c
MLD=$(ML)
IPFILC=ip_fil.c
#if defined(IPFLKM) && !empty(IPFLKM)
MLFLAGS= -G 0
LKM=ipflkm.o
#else
MLFLAGS= -G 8
LKM=ipfilter.o
#endif
MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \
"IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)"
#
CCARGS=$(SGIREV) -D_STANDALONE $(DEBUG) $(CFLAGS) $(IPFLOG)
#
########## ########## ########## ########## ########## ########## ##########
#
CP=/bin/cp
RM=/bin/rm
CHMOD=/bin/chmod
INSTALL=/sbin/install
#
MODOBJS=ip_fil.o fil_k.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
ip_auth.o ip_log.o
DFLAGS=$(IPFLKM) $(KFLAGS) $(MLFLAGS) -jalr $(SGIREV) \
#-D_MP_NETLOCKS -DMP
IPF=ipf.o parse.o common.o opt.o inet_addr.o facpri.o
IPT=ipt.o parse.o common.o fil.o ipft_sn.o ipft_ef.o ipft_td.o ipft_pc.o \
opt.o ipft_tx.o misc.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_proxy_u.o \
ip_auth_u.o ipft_hx.o ip_fil_u.o ip_log_u.o inet_addr.o natparse.o \
facpri.o printnat.o printstate.o
IPNAT=ipnat.o kmem.o natparse.o common.o inet_addr.o printnat.o
FILS=fils.o parse.o common.o kmem.o opt.o inet_addr.o facpri.o printstate.o
build all: ipf ipfstat ipftest ipmon ipnat $(LKM)
ipfstat: $(FILS)
$(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) $(FILS) \
-o $@ $(LIBS) $(STATETOP_LIB) -lelf
ipf: $(IPF)
$(CC) $(CCARGS) $(IPF) -o $@ $(LIBS)
${RM} -f $(TOP)/ipf
ln -s `pwd`/ipf $(TOP)
ipftest: $(IPT)
$(CC) $(CCARGS) $(IPT) -o $@ $(LIBS)
${RM} -f $(TOP)/ipftest
ln -s `pwd`/ipftest $(TOP)
ipnat: $(IPNAT)
$(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS) -lelf
tests:
(cd test; make )
fils.o: $(TOP)/fils.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_frag.h \
$(TOP)/ip_compat.h $(TOP)/ip_state.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
-c $(TOP)/fils.c -o $@
fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(TOP)/fil.c -o $@
fil_k.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) $(POLICY) $(DFLAGS) -c $(TOP)/fil.c -o $@
ipf.o: $(TOP)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h
$(CC) $(CCARGS) -c $(TOP)/ipf.c -o $@
ipt.o: $(TOP)/ipt.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
$(CC) $(CCARGS) -c $(TOP)/ipt.c -o $@
misc.o: $(TOP)/misc.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
$(CC) $(CCARGS) -c $(TOP)/misc.c -o $@
inet_addr.o: $(TOP)/inet_addr.c
$(CC) $(ATON) $(CCARGS) -c $(TOP)/inet_addr.c -o $@
opt.o: $(TOP)/opt.c $(TOP)/ip_fil.h $(TOP)/ipf.h
$(CC) $(CCARGS) -c $(TOP)/opt.c -o $@
ipnat.o: $(TOP)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/ipnat.c -o $@
ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \
$(TOP)/snoop.h
$(CC) $(CCARGS) -c $(TOP)/ipft_sn.c -o $@
ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_ef.c -o $@
ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_td.c -o $@
ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_pc.c -o $@
ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_tx.c -o $@
ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h
$(CC) $(CCARGS) -c $(TOP)/ipft_hx.c -o $@
ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(TOP)/ip_nat.c -o $@
ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/ip_proxy.c -o $@
ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(TOP)/ip_frag.c -o $@
ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/ip_state.c -o $@
ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(TOP)/ip_auth.c -o $@
ip_fil_u.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(TOP)/$(IPFILC) -o $@
ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
$(CC) $(CCARGS) -c $(TOP)/ip_log.c -o $@
$(LKM): $(MODOBJS)
ld $(MLFLAGS) -r -d $(MODOBJS) -o $(LKM)
ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_state.c -o $@
ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@
ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@
ip_fil.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/$(IPFILC) -o $@
ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
ml_ipl.o: $(TOP)/$(MLD) $(TOP)/ipl.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@
kmem.o: $(TOP)/kmem.c
$(CC) $(CCARGS) -c $(TOP)/kmem.c -o $@
parse.o: $(TOP)/parse.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(TOP)/parse.c -o $@
common.o: $(TOP)/common.c $(TOP)/ip_fil.h
$(CC) $(CCARGS) -c $(TOP)/common.c -o $@
facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h
$(CC) $(CCARGS) -c $(TOP)/facpri.c -o $@
ipmon: $(TOP)/ipmon.c
$(CC) $(CCARGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS)
${RM} -f $(TOP)/ipmon
ln -s `pwd`/ipmon $(TOP)
natparse.o: $(TOP)/natparse.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_proxy.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/natparse.c -o $@
printnat.o: $(TOP)/printnat.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_proxy.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c $(TOP)/printnat.c -o $@
printstate.o: $(TOP)/printstate.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_state.h
$(CC) $(CCARGS) -c $(TOP)/printstate.c -o $@
clean:
${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon ipnat $(LKM)
${MAKE} -f Makefile.ipsend ${MFLAGS} clean
-(for i in *; do \
if [ -d $${i} -a -f $${i}/Makefile ] ; then \
cd $${i}; (make clean); cd ..; \
${RM} $${i}/Makefile* $${i}/Makefile.ipsend*; \
rmdir $${i}; \
fi \
done)
install:
-$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipf -O ipf
-$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipfstat -O ipfstat
-$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipnat -O ipnat
-$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipmon -O ipmon
-$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipftest -O ipftest
-$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipsend -O ipsend
-$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipresend -O ipresend
-if [ -r $(LKMDEST)/$(LKM) -a ! -r $(LKMDEST)/$(LKM).DIST ]; then \
cp -p $(LKMDEST)/$(LKM) $(LKMDEST)/$(LKM).DIST; \
fi
-$(INSTALL) -F $(LKMDEST) -m 444 -src $(CPUDIR)/$(LKM) -O $(LKM)
-$(INSTALL) -F $(INCDEST) -m 444 -src $(TOP)/ip_fil.h -O ip_fil.h
-$(INSTALL) -F $(INCDEST) -m 444 -src $(TOP)/ip_nat.h -O ip_nat.h
-$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/ipsend.1 -O ipsend.1
-$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/ipresend.1 -O ipresend.1
-$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/iptest.1 -O iptest.1
-$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/ipsend/ipsend.5 -O ipsend.5
-$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipnat.8 -O ipnat.8
-$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/man/ipftest.1 -O ipftest.1
-$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipf.4 -O ipf.4
-$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipl.4 -O ipl.4
-$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipnat.4 -O ipnat.4
-$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipf.5 -O ipf.5
-$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipnat.5 -O ipnat.5
-$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipfilter.5 -O ipfilter.5
-$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipf.8 -O ipf.8
-$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipfs.8 -O ipfs.8
-$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipfstat.8 -O ipfstat.8
-$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipmon.8 -O ipmon.8
-$(INSTALL) -F /etc/init.d -m 755 -src ipfboot -O ipf
-$(INSTALL) -F /etc/rc2.d -lns ../init.d/ipf -O S33ipf
#if !defined(IPFLKM) || empty(IPFLKM)
-${RM} -f $(LKMDEST)/ipflkm.o
/etc/autoconfig
#endif

12
dist/ipf/IRIX/getkflags vendored
View File

@ -1,12 +0,0 @@
#!/bin/sh
CPUNUM=`uname -m | sed -e 's/IP//'`
sed \
-e 's/\!empty//' \
-e 's/"//g' \
-e 's/\$(\([_A-Z]*\)) == /\1 == /' \
-e 's/== *IP/== /g' -e 's/)=/) =/g' -e 's/#[^ie].*//' \
-e 's/\$(CPUBOARD)/CPUBOARD/g' \
-e 's/^#$//' /var/sysgen/Makefile.kernio | \
/usr/lib/cpp -DCPUBOARD=${CPUNUM} | \
egrep -v '^$|^#.*|^$|^ROOT=|^include'
exit 0

6
dist/ipf/IRIX/getrev vendored
View File

@ -1,6 +0,0 @@
#!/bin/sh
osrev=`uname -r`
major=`expr $osrev : '\([0-9]\)\..*'`
minor=`expr $osrev : '.*\.\([0-9]\)'`
printf '%d%02d' $major $minor
exit 0

86
dist/ipf/OpenBSD/2.9-IPv6.diffs vendored
View File

@ -1,86 +0,0 @@
*** ip6_input.c.orig Sun Sep 2 12:51:02 2001
--- ip6_input.c Mon Sep 3 22:25:23 2001
***************
*** 130,135 ****
--- 130,138 ----
#ifdef PULLDOWN_TEST
static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int));
#endif
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
/*
* IP6 initialization: fill in IP6 protocol switch table.
***************
*** 274,279 ****
--- 277,302 ----
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
goto bad;
}
+
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
+ * Check if we want to allow this packet to be processed.
+ * Consider it to be bad if not.
+ */
+ if (fr_checkp != NULL) {
+ struct mbuf *m0 = m;
+
+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6),
+ m->m_pkthdr.rcvif, 0, &m0)) {
+ return;
+ }
+ m = m0;
+ if (m == 0) { /* in case of 'fastroute' */
+ return;
+ }
+ ip6 = mtod(m, struct ip6_hdr *);
+ }
+ #endif
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
*** ip6_output.c.orig Sun Sep 2 12:51:21 2001
--- ip6_output.c Mon Sep 3 22:27:46 2001
***************
*** 113,118 ****
--- 113,122 ----
struct mbuf *ip6e_dest2;
};
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
+
static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *,
struct socket *));
static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *));
***************
*** 910,915 ****
--- 914,938 ----
m->m_pkthdr.rcvif = NULL;
}
+
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
+ * looks like most checking has been done now...do a filter check
+ */
+ if (fr_checkp != NULL) {
+ struct mbuf *m1 = m;
+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) {
+ error = EHOSTUNREACH;
+ goto done;
+ }
+ m = m1;
+ if (m1 == 0) { /* in case of 'fastroute' */
+ error = 0;
+ goto done;
+ }
+ ip6 = mtod(m, struct ip6_hdr *);
+ }
+ #endif
/*
* Send the packet to the outgoing interface.
* If necessary, do IPv6 fragmentation before sending.

569
dist/ipf/OpenBSD/3.0-MAKEDEV-diffs vendored
View File

@ -1,569 +0,0 @@
diff -cr src.30/etc/etc.alpha/MAKEDEV src/etc/etc.alpha/MAKEDEV
*** src.30/etc/etc.alpha/MAKEDEV Thu Jul 5 12:54:06 2001
--- src/etc/etc.alpha/MAKEDEV Fri Dec 28 12:43:16 2001
***************
*** 83,88 ****
--- 83,89 ----
# *random inkernal random data source
# uk* SCSI Unknown device
# ss* SCSI scanners
+ # ipl IP filter log
# altq ALTQ control interface
# iop I2O controller device
***************
*** 161,167 ****
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
sh $this pf audio0 tun0 tun1 tun2 tun3
sh $this ttyB0 ttyB1 tty00 tty01 lkm
! sh $this mmclock lpa0 lpt0 random
sh $this uk0 uk1 ss0 ss1
sh $this ttyc0 ttyc1 ttyc2 ttyc3 ttyc4 ttyc5 ttyc6 ttyc7
sh $this local xfs0 altq
--- 162,168 ----
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
sh $this pf audio0 tun0 tun1 tun2 tun3
sh $this ttyB0 ttyB1 tty00 tty01 lkm
! sh $this mmclock lpa0 lpt0 random ipl
sh $this uk0 uk1 ss0 ss1
sh $this ttyc0 ttyc1 ttyc2 ttyc3 ttyc4 ttyc5 ttyc6 ttyc7
sh $this local xfs0 altq
***************
*** 495,500 ****
--- 496,510 ----
mknod pf c 35 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 37 0
+ mknod ipnat c 37 1
+ mknod ipstate c 37 2
+ mknod ipauth c 37 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.amiga/MAKEDEV src/etc/etc.amiga/MAKEDEV
*** src.30/etc/etc.amiga/MAKEDEV Thu Jun 28 12:58:53 2001
--- src/etc/etc.amiga/MAKEDEV Fri Dec 28 12:45:25 2001
***************
*** 86,91 ****
--- 86,92 ----
# lkm loadable kernel modules interface
# bpf* Berkeley Packet Filter
# tun* network tunnel driver
+ # ipf IP filter
# ss* SCSI scanners
# uk* SCSI Unknown device
# *random inkernal random data source
***************
*** 168,174 ****
sh $this vnd0 vnd1 vnd2 vnd3 vnd4 vnd5 vnd6 cd0 cd1 fd0 fd1 fd2 fd3
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
sh $this view00 view01 view02 view03 view04 view05 pty0 pty1
! sh $this lpa0 lpa1 lpt0 lpt1 lpt2
sh $this ccd0 ccd1 ccd2 ccd3 wd0 wd1 ch0 uk0 uk1
sh $this pf tun0 tun1 par0 lkm ss0 random audio0 xfs0 altq local
;;
--- 169,175 ----
sh $this vnd0 vnd1 vnd2 vnd3 vnd4 vnd5 vnd6 cd0 cd1 fd0 fd1 fd2 fd3
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
sh $this view00 view01 view02 view03 view04 view05 pty0 pty1
! sh $this lpa0 lpa1 lpt0 lpt1 lpt2 ipl
sh $this ccd0 ccd1 ccd2 ccd3 wd0 wd1 ch0 uk0 uk1
sh $this pf tun0 tun1 par0 lkm ss0 random audio0 xfs0 altq local
;;
***************
*** 182,188 ****
std)
rm -f console drum kmem mem reload null zero tty
! rm -f klog stdin stdout stderr ksyms
mknod console c 0 0
mknod drum c 3 0 ; chmod 640 drum ; chown root.kmem drum
mknod kmem c 2 1 ; chmod 640 kmem ; chown root.kmem kmem
--- 183,189 ----
std)
rm -f console drum kmem mem reload null zero tty
! rm -f klog stdin stdout stderr ipf ksyms
mknod console c 0 0
mknod drum c 3 0 ; chmod 640 drum ; chown root.kmem drum
mknod kmem c 2 1 ; chmod 640 kmem ; chown root.kmem kmem
***************
*** 195,200 ****
--- 196,202 ----
mknod stdin c 21 0 ; chmod 666 stdin
mknod stdout c 21 1 ; chmod 666 stdout
mknod stderr c 21 2 ; chmod 666 stderr
+ mknod ipf c 35 0 ; chmod 444 ipf
mknod ksyms c 42 0 ; chmod 640 ksyms ; chown root.kmem ksyms
;;
***************
*** 602,607 ****
--- 604,618 ----
rm -f $name$unit
mknod $name$unit c 33 `expr $unit + $flags`
chown root.wheel $name$unit
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 38 0
+ mknod ipnat c 38 1
+ mknod ipstate c 38 2
+ mknod ipauth c 38 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.hp300/MAKEDEV src/etc/etc.hp300/MAKEDEV
*** src.30/etc/etc.hp300/MAKEDEV Thu Jun 28 12:58:53 2001
--- src/etc/etc.hp300/MAKEDEV Fri Dec 28 12:47:17 2001
***************
*** 103,109 ****
sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3
sh MAKEDEV hil grf0 apci0 ppi0 ite0 dca0 dcm0 dcm1 dcm2 dcm3
sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh MAKEDEV pf tun0 tun1 tun2 tun3 lkm random xfs0 altq
sh MAKEDEV local
;;
--- 103,109 ----
sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3
sh MAKEDEV hil grf0 apci0 ppi0 ite0 dca0 dcm0 dcm1 dcm2 dcm3
sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh MAKEDEV ipl pf tun0 tun1 tun2 tun3 lkm random xfs0 altq
sh MAKEDEV local
;;
***************
*** 195,200 ****
--- 195,209 ----
mknod pf c 33 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 37 0
+ mknod ipnat c 37 1
+ mknod ipstate c 37 2
+ mknod ipauth c 37 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.hppa/MAKEDEV src/etc/etc.hppa/MAKEDEV
*** src.30/etc/etc.hppa/MAKEDEV Fri Sep 7 05:40:21 2001
--- src/etc/etc.hppa/MAKEDEV Fri Dec 28 12:49:46 2001
***************
*** 106,112 ****
sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3
sh MAKEDEV tty00 tty01 tty02 tty03
sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh MAKEDEV pf tun0 tun1 tun2 tun3 lkm random xfs0 altq
sh MAKEDEV local
;;
--- 106,112 ----
sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3
sh MAKEDEV tty00 tty01 tty02 tty03
sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh MAKEDEV ipl pf tun0 tun1 tun2 tun3 lkm random xfs0 altq
sh MAKEDEV local
;;
***************
*** 187,192 ****
--- 187,201 ----
mknod pf c 21 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 34 0
+ mknod ipnat c 34 1
+ mknod ipstate c 34 2
+ mknod ipauth c 34 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.i386/MAKEDEV src/etc/etc.i386/MAKEDEV
*** src.30/etc/etc.i386/MAKEDEV Fri Oct 5 08:38:13 2001
--- src/etc/etc.i386/MAKEDEV Fri Dec 28 12:50:50 2001
***************
*** 193,199 ****
sh $this ttyC0 ttyC1 ttyC2 ttyC3 ttyC4 ttyC5 ttyC6 ttyC7 ttyC8 ttyC9
sh $this ttyCa ttyCb
sh $this wscons
! sh $this pf tun0 tun1 tun2
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
sh $this speaker lkm audio0 radio0 joy0 joy1 apm local
sh $this random ses0 uk0 uk1 ss0 ss1 pctr bktr0 tuner0 wdt0
--- 193,199 ----
sh $this ttyC0 ttyC1 ttyC2 ttyC3 ttyC4 ttyC5 ttyC6 ttyC7 ttyC8 ttyC9
sh $this ttyCa ttyCb
sh $this wscons
! sh $this pf ipl tun0 tun1 tun2
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
sh $this speaker lkm audio0 radio0 joy0 joy1 apm local
sh $this random ses0 uk0 uk1 ss0 ss1 pctr bktr0 tuner0 wdt0
***************
*** 587,592 ****
--- 587,601 ----
mknod pf c 73 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 77 0
+ mknod ipnat c 77 1
+ mknod ipstate c 77 2
+ mknod ipauth c 77 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
speaker) # (XXX - installed)
diff -cr src.30/etc/etc.mac68k/MAKEDEV src/etc/etc.mac68k/MAKEDEV
*** src.30/etc/etc.mac68k/MAKEDEV Thu Jun 28 12:58:54 2001
--- src/etc/etc.mac68k/MAKEDEV Fri Dec 28 12:52:19 2001
***************
*** 140,145 ****
--- 140,146 ----
sh $this adb asc0 grf0 grf1 grf2 grf3 ttye0
sh $this tty00 tty01 pty0
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
+ sh $this ipl
sh $this pf tun0 tun1 tun2 tun3
sh $this lkm
sh $this random
***************
*** 427,432 ****
--- 428,442 ----
mknod pf c 35 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 38 0
+ mknod ipnat c 38 1
+ mknod ipstate c 38 2
+ mknod ipauth c 38 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.macppc/MAKEDEV src/etc/etc.macppc/MAKEDEV
*** src.30/etc/etc.macppc/MAKEDEV Thu Oct 4 00:50:38 2001
--- src/etc/etc.macppc/MAKEDEV Fri Dec 28 12:53:20 2001
***************
*** 160,166 ****
sh $this ttyC0 ttyCcfg
sh $this tty00 tty01 tty02 tty03 pty0 pty1
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh $this pf tun0 tun1 tun2 tun3
sh $this audio0
sh $this random uk0 uk1 ss0 ss1
sh $this wscons
--- 160,166 ----
sh $this ttyC0 ttyCcfg
sh $this tty00 tty01 tty02 tty03 pty0 pty1
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh $this ipl pf tun0 tun1 tun2 tun3
sh $this audio0
sh $this random uk0 uk1 ss0 ss1
sh $this wscons
***************
*** 551,556 ****
--- 551,565 ----
mknod pf c 39 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 45 0
+ mknod ipnat c 45 1
+ mknod ipstate c 45 2
+ mknod ipauth c 45 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.mvme68k/MAKEDEV src/etc/etc.mvme68k/MAKEDEV
*** src.30/etc/etc.mvme68k/MAKEDEV Thu Jun 28 12:58:55 2001
--- src/etc/etc.mvme68k/MAKEDEV Fri Dec 28 12:55:33 2001
***************
*** 91,97 ****
sh MAKEDEV tty00 tty01 tty02 tty03
sh MAKEDEV ttyw0
sh MAKEDEV sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9
! sh MAKEDEV vnd0 vnd1 pty0 cd0
sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
#sh MAKEDEV ccd0 ccd1 ccd2 ccd3
sh MAKEDEV pf tun0 tun1 lkm local
--- 91,97 ----
sh MAKEDEV tty00 tty01 tty02 tty03
sh MAKEDEV ttyw0
sh MAKEDEV sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9
! sh MAKEDEV vnd0 vnd1 pty0 cd0 ipl
sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
#sh MAKEDEV ccd0 ccd1 ccd2 ccd3
sh MAKEDEV pf tun0 tun1 lkm local
***************
*** 431,436 ****
--- 431,445 ----
chown root.kmem lkm
chmod 640 lkm
;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 44 0
+ mknod ipnat c 44 1
+ mknod ipstate c 44 2
+ mknod ipauth c 44 3
+ chown root.wheel ipl ipnat ipstate ipauth
+ ;;
sram*|nvram*|flash*|vmel*|vmes*)
rm -f $i
diff -cr src.30/etc/etc.mvme88k/MAKEDEV src/etc/etc.mvme88k/MAKEDEV
*** src.30/etc/etc.mvme88k/MAKEDEV Thu Jun 28 12:58:55 2001
--- src/etc/etc.mvme88k/MAKEDEV Fri Dec 28 12:29:24 2001
***************
*** 78,84 ****
sh $this tty00 tty01 tty02 tty03
sh $this ttyw0
sh $this sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9
! sh $this vnd0 vnd1 pty0 cd0
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
#sh $this ccd0 ccd1 ccd2 ccd3
sh $this pf tun0 tun1 lkm local
--- 78,84 ----
sh $this tty00 tty01 tty02 tty03
sh $this ttyw0
sh $this sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9
! sh $this vnd0 vnd1 pty0 cd0 ipl
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
#sh $this ccd0 ccd1 ccd2 ccd3
sh $this pf tun0 tun1 lkm local
***************
*** 293,298 ****
--- 293,307 ----
mknod pf c 39 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 41 0
+ mknod ipnat c 41 1
+ mknod ipstate c 41 2
+ mknod ipauth c 41 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
bpf*|tun*)
diff -cr src.30/etc/etc.mvmeppc/MAKEDEV src/etc/etc.mvmeppc/MAKEDEV
*** src.30/etc/etc.mvmeppc/MAKEDEV Mon Jul 2 12:37:13 2001
--- src/etc/etc.mvmeppc/MAKEDEV Fri Dec 28 12:57:54 2001
***************
*** 158,164 ****
sh $this ttyC0 ttyCcfg
sh $this tty00 tty01 tty02 tty03 pty0 pty1
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh $this pf tun0 tun1 tun2 tun3
sh $this audio0
sh $this random uk0 uk1 ss0 ss1
sh $this wscons
--- 158,164 ----
sh $this ttyC0 ttyCcfg
sh $this tty00 tty01 tty02 tty03 pty0 pty1
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! sh $this ipl pf tun0 tun1 tun2 tun3
sh $this audio0
sh $this random uk0 uk1 ss0 ss1
sh $this wscons
***************
*** 532,537 ****
--- 532,546 ----
mknod pf c 39 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 44 0
+ mknod ipnat c 44 1
+ mknod ipstate c 44 2
+ mknod ipauth c 44 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.sparc/MAKEDEV src/etc/etc.sparc/MAKEDEV
*** src.30/etc/etc.sparc/MAKEDEV Fri Sep 7 05:45:34 2001
--- src/etc/etc.sparc/MAKEDEV Fri Dec 28 12:30:46 2001
***************
*** 86,91 ****
--- 86,92 ----
# spif* spif card (makes 8 tty and 1 bpp)
# bpp* bpp
# xfs* XFS filesystem devices
+ # ipl IP filter log
# altq ALTQ control interface
PATH=/sbin:/bin:/usr/bin:/usr/sbin
***************
*** 206,211 ****
--- 207,213 ----
sh $this ccd0 ccd1 ccd2 ccd3
sh $this raid0 raid1 raid2 raid3
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
+ sh $this ipl
sh $this bwtwo0 cgtwo0 cgthree0 cgfour0 cgsix0
sh $this cgeight0 cgfourteen0 tcx0
sh $this lkm random local
***************
*** 341,346 ****
--- 343,357 ----
mknod pf c 59 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 60 0
+ mknod ipnat c 60 1
+ mknod ipstate c 60 2
+ mknod ipauth c 60 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.sparc64/MAKEDEV src/etc/etc.sparc64/MAKEDEV
*** src.30/etc/etc.sparc64/MAKEDEV Sat Sep 22 03:58:56 2001
--- src/etc/etc.sparc64/MAKEDEV Fri Dec 28 12:33:35 2001
***************
*** 188,194 ****
R vnd0 vnd1 ccd0 ccd1 ccd2 ccd3
R raid0 raid1 raid2 raid3
R bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! R pf altq tun0 tun1 tun2 random ses0 uk0 uk1 ss0 ss1
R fd0 fd0B fd0C fd0D fd0E fd0F fd0G fd0H
R fd1 fd1B fd1C fd1D fd1E fd1F fd1G fd1H
R xfs0 tcx0 lkm audio0 local
--- 188,194 ----
R vnd0 vnd1 ccd0 ccd1 ccd2 ccd3
R raid0 raid1 raid2 raid3
R bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
! R ipl pf altq tun0 tun1 tun2 random ses0 uk0 uk1 ss0 ss1
R fd0 fd0B fd0C fd0D fd0E fd0F fd0G fd0H
R fd1 fd1B fd1C fd1D fd1E fd1F fd1G fd1H
R xfs0 tcx0 lkm audio0 local
***************
*** 243,248 ****
--- 243,253 ----
U=$(($U+1))
done;;
pf*)M pf c 73 0 600;;
+ ipl*)M ipl c 75 0 600 root.wheel
+ M ipnat c 75 1 root.wheel
+ M ipstate c 75 2 root.wheel
+ M ipauth c 75 3 root.wheel
+ ;;
cgsix*)M cgsix$U c 67 $U 666;;
audio*)M sound$U c 69 $U
M mixer$U c 69 $(($U+16))
diff -cr src.30/etc/etc.sun3/MAKEDEV src/etc/etc.sun3/MAKEDEV
*** src.30/etc/etc.sun3/MAKEDEV Fri Sep 7 05:45:34 2001
--- src/etc/etc.sun3/MAKEDEV Fri Dec 28 13:01:23 2001
***************
*** 70,75 ****
--- 70,76 ----
# tun* network tunnel driver
# *random inkernal random data source
# xfs* XFS filesystem devices
+ # ipl IP filter log
# altq ALTQ control interface
PATH=/sbin:/bin:/usr/bin:/usr/sbin
***************
*** 187,192 ****
--- 188,194 ----
sh $this pty0 vnd0 vnd1 vnd2 vnd3 pf tun0 tun1 tun2 tun3
sh $this ccd0 ccd1 ccd2 ccd3
sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9
+ sh $this ipl
sh $this bwtwo0 cgtwo0 cgfour0
sh $this random local
sh $this xfs0 altq
***************
*** 277,282 ****
--- 279,293 ----
mknod pf c 75 0
chown root.wheel pf
chmod 600 pf
+ ;;
+
+ ipl)
+ rm -f ipl ipnat ipstate ipauth
+ mknod ipl c 86 0
+ mknod ipnat c 86 1
+ mknod ipstate c 86 2
+ mknod ipauth c 86 3
+ chown root.wheel ipl ipnat ipstate ipauth
;;
tun*)
diff -cr src.30/etc/etc.vax/MAKEDEV src/etc/etc.vax/MAKEDEV
*** src.30/etc/etc.vax/MAKEDEV Fri Jul 13 10:06:30 2001
--- src/etc/etc.vax/MAKEDEV Fri Dec 28 13:02:17 2001
***************
*** 93,99 ****
std)
rm -f console drum floppy crl csa1 csa2 tu0 tu1
rm -f kUmem kmem mem null zero tty klog ttyg[0-3]
! rm -f stdin stdout stderr ksyms
mknod console c 0 0
mknod ttyg0 c 25 0
mknod ttyg1 c 25 1
--- 93,99 ----
std)
rm -f console drum floppy crl csa1 csa2 tu0 tu1
rm -f kUmem kmem mem null zero tty klog ttyg[0-3]
! rm -f stdin stdout stderr ksyms ipl ipnat ipstate ipauth
mknod console c 0 0
mknod ttyg0 c 25 0
mknod ttyg1 c 25 1
***************
*** 117,122 ****
--- 117,126 ----
mknod stdout c 53 1 ; chmod 666 stdout
mknod stderr c 53 2 ; chmod 666 stderr
mknod ksyms c 50 0 ; chmod 640 ksyms ; chown root.kmem ksyms
+ mknod ipl c 47 0 ; chmod 600 ipl
+ mknod ipnat c 47 1 ; chmod 600 ipnat
+ mknod ipstate c 47 2 ; chmod 600 ipstate
+ mknod ipauth c 47 3 ; chmod 600 ipauth
;;
fd)

83
dist/ipf/OpenBSD/3.0-rc-diffs vendored
View File

@ -1,83 +0,0 @@
diff -cr src.30/etc/netstart src/etc/netstart
*** src.30/etc/netstart Tue Jul 31 18:27:35 2001
--- src/etc/netstart Wed Jan 2 10:02:01 2002
***************
*** 27,32 ****
--- 27,42 ----
domainname `cat /etc/defaultdomain`
fi
+ # Configure the IP filter before configuring network interfaces
+ if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
+ echo 'configuring IP filter'
+ ipf -Fa -f ${ipfilter_rules}
+ ipfresync="ipf -y"
+ else
+ ipfilter=NO
+ ipfresync=NO
+ fi
+
# set the address for the loopback interface
# it will also initialize IPv6 address for lo0 (::1 and others).
ifconfig lo0 inet localhost
***************
*** 273,275 ****
--- 283,298 ----
route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null
;;
esac
+
+ # Configure NAT after configuring network interfaces
+ if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then
+ echo 'configuring NAT'
+ ipnat -CF -f ${ipnat_rules}
+ else
+ ipnat=NO
+ fi
+
+ # Interfaces have come up so we should do an ipf -y if we're using IP filter.
+ if [ "${ipfresync}" != "NO" ]; then
+ ${ipfresync}
+ fi
diff -cr src.30/etc/rc src/etc/rc
*** src.30/etc/rc Wed Oct 10 04:44:17 2001
--- src/etc/rc Wed Jan 2 09:55:31 2002
***************
*** 213,218 ****
--- 213,222 ----
echo 'starting named'; named $named_flags
fi
+ if [ X"${ipfilter}" = X"YES" -a X"${ipmon_flags}" != X"NO" ]; then
+ echo 'starting ipmon'; ipmon ${ipmon_flags}
+ fi
+
# $photurisd_flags is imported from /etc/rc.conf;
# If $photurisd_flags == NO or /etc/photuris/photuris.conf doesn't exist, then
# photurisd isn't run.
diff -cr src.30/etc/rc.conf src/etc/rc.conf
*** src.30/etc/rc.conf Sat Oct 13 08:40:58 2001
--- src/etc/rc.conf Wed Jan 2 10:04:35 2002
***************
*** 53,58 ****
--- 53,60 ----
lockd=NO
gated=NO
amd=NO
+ ipfilter=NO # To enable ipfilter, set to YES
+ ipnat=NO # for "YES", ipfilter must also be "YES"
pf=NO # Packet filter / NAT
portmap=YES # almost always needed
inetd=YES # almost always needed
***************
*** 78,83 ****
--- 80,88 ----
nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver
amd_dir=/tmp_mnt # AMD's mount directory
amd_master=/etc/amd/master # AMD 'master' map
+ ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering with IP Filter
+ ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation
+ ipmon_flags=-Ds # To disable logging, use ipmon_flags=NO
syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log"
named_user=named # Named should not run as root unless necessary
named_chroot=/var/named # Where to chroot named if not empty

982
dist/ipf/OpenBSD/3.0-sys-diffs vendored
View File

@ -1,982 +0,0 @@
diff -cr sys.30/arch/alpha/alpha/conf.c sys/arch/alpha/alpha/conf.c
*** sys.30/arch/alpha/alpha/conf.c Fri Sep 28 13:33:39 2001
--- sys/arch/alpha/alpha/conf.c Fri Dec 28 12:42:32 2001
***************
*** 104,109 ****
--- 104,114 ----
#include "lpt.h"
cdev_decl(lpt);
cdev_decl(prom); /* XXX XXX XXX */
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
cdev_decl(wd);
#include "cy.h"
cdev_decl(cy);
***************
*** 174,180 ****
cdev_random_init(1,random), /* 34: random data source */
cdev_pf_init(NPF, pf), /* 35: packet filter */
cdev_disk_init(NWD,wd), /* 36: ST506/ESDI/IDE disk */
! cdev_notdef(), /* 37 */
cdev_tty_init(NCY,cy), /* 38: Cyclom serial port */
cdev_ksyms_init(NKSYMS,ksyms), /* 39: Kernel symbols device */
cdev_notdef(), /* 40 */
--- 179,185 ----
cdev_random_init(1,random), /* 34: random data source */
cdev_pf_init(NPF, pf), /* 35: packet filter */
cdev_disk_init(NWD,wd), /* 36: ST506/ESDI/IDE disk */
! cdev_gen_ipf(NIPF,ipl), /* 37: IP filter log */
cdev_tty_init(NCY,cy), /* 38: Cyclom serial port */
cdev_ksyms_init(NKSYMS,ksyms), /* 39: Kernel symbols device */
cdev_notdef(), /* 40 */
diff -cr sys.30/arch/amiga/amiga/conf.c sys/arch/amiga/amiga/conf.c
*** sys.30/arch/amiga/amiga/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/amiga/amiga/conf.c Fri Dec 28 12:45:04 2001
***************
*** 160,166 ****
cdev_random_init(1,random), /* 35: random data source */
cdev_uk_init(NUK,uk), /* 36: unknown SCSI */
cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */
! cdev_notdef(), /* 38 */
cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */
cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */
cdev_disk_init(NRD,rd), /* 41: RAM disk */
--- 160,166 ----
cdev_random_init(1,random), /* 35: random data source */
cdev_uk_init(NUK,uk), /* 36: unknown SCSI */
cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */
! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */
cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */
cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */
cdev_disk_init(NRD,rd), /* 41: RAM disk */
diff -cr sys.30/arch/hp300/hp300/conf.c sys/arch/hp300/hp300/conf.c
*** sys.30/arch/hp300/hp300/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/hp300/hp300/conf.c Fri Dec 28 12:48:02 2001
***************
*** 150,155 ****
--- 150,161 ----
cdev_decl(xfs_dev);
#endif
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 174,181 ****
cdev_tty_init(NDCM,dcm), /* 15: 4-port serial */
cdev_tape_init(NMT,mt), /* 16: magnetic reel tape */
cdev_disk_init(NCCD,ccd), /* 17: concatenated disk */
- cdev_notdef(), /* 18 */
cdev_disk_init(NVND,vnd), /* 19: vnode disk driver */
cdev_tape_init(NST,st), /* 20: SCSI tape */
cdev_fd_init(1,filedesc), /* 21: file descriptor pseudo-device */
cdev_bpftun_init(NBPFILTER,bpf),/* 22: Berkeley packet filter */
--- 180,187 ----
cdev_tty_init(NDCM,dcm), /* 15: 4-port serial */
cdev_tape_init(NMT,mt), /* 16: magnetic reel tape */
cdev_disk_init(NCCD,ccd), /* 17: concatenated disk */
cdev_disk_init(NVND,vnd), /* 19: vnode disk driver */
+ cdev_notdef(), /* 18 */
cdev_tape_init(NST,st), /* 20: SCSI tape */
cdev_fd_init(1,filedesc), /* 21: file descriptor pseudo-device */
cdev_bpftun_init(NBPFILTER,bpf),/* 22: Berkeley packet filter */
***************
*** 193,199 ****
cdev_disk_init(NRD,rd), /* 34: RAM disk */
cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */
cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */
! cdev_notdef(), /* 37 */
cdev_notdef(), /* 38 */
cdev_notdef(), /* 39 */
cdev_notdef(), /* 40 */
--- 199,205 ----
cdev_disk_init(NRD,rd), /* 34: RAM disk */
cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */
cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */
! cdev_pf_init(NIPF,ipl), /* 37: packet filter */
cdev_notdef(), /* 38 */
cdev_notdef(), /* 39 */
cdev_notdef(), /* 40 */
diff -cr sys.30/arch/hppa/hppa/conf.c sys/arch/hppa/hppa/conf.c
*** sys.30/arch/hppa/hppa/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/hppa/hppa/conf.c Fri Dec 28 12:48:49 2001
***************
*** 113,118 ****
--- 113,124 ----
#include "com.h"
cdev_decl(com);
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 158,163 ****
--- 164,170 ----
cdev_notdef(), /* 32 */
#endif
cdev_altq_init(NALTQ,altq), /* 33: ALTQ control interface */
+ cdev_gen_ipf(NIPF,ipl), /* 34: ip filtering */
cdev_lkm_dummy(),
cdev_lkm_dummy(),
cdev_lkm_dummy(),
diff -cr sys.30/arch/i386/i386/conf.c sys/arch/i386/i386/conf.c
*** sys.30/arch/i386/i386/conf.c Fri Oct 5 07:46:03 2001
--- sys/arch/i386/i386/conf.c Fri Dec 28 12:50:34 2001
***************
*** 221,226 ****
--- 221,232 ----
#include "radio.h"
cdev_decl(radio);
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
/* XXX -- this needs to be supported by config(8)! */
#if (NCOM > 0) && (NPCCOM > 0)
#error com and pccom are mutually exclusive. Sorry.
***************
*** 348,353 ****
--- 354,360 ----
cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */
cdev_iop_init(NIOP,iop), /* 75: I2O IOP control interface */
cdev_radio_init(NRADIO, radio), /* 76: generic radio I/O */
+ cdev_gen_ipf(NIPF,ipl), /* 77: ip filtering */
};
int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]);
diff -cr sys.30/arch/mac68k/mac68k/conf.c sys/arch/mac68k/mac68k/conf.c
*** sys.30/arch/mac68k/mac68k/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/mac68k/mac68k/conf.c Fri Dec 28 12:51:45 2001
***************
*** 117,122 ****
--- 117,128 ----
cdev_decl(xfs_dev);
#endif
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 161,167 ****
cdev_pf_init(NPF,pf), /* 35: packet filter */
cdev_audio_init(NASC,asc), /* 36: ASC audio device */
cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */
! cdev_notdef(), /* 38 */
cdev_notdef(), /* 39 */
cdev_notdef(), /* 40 */
cdev_notdef(), /* 41 */
--- 167,173 ----
cdev_pf_init(NPF,pf), /* 35: packet filter */
cdev_audio_init(NASC,asc), /* 36: ASC audio device */
cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */
! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */
cdev_notdef(), /* 39 */
cdev_notdef(), /* 40 */
cdev_notdef(), /* 41 */
diff -cr sys.30/arch/macppc/macppc/conf.c sys/arch/macppc/macppc/conf.c
*** sys.30/arch/macppc/macppc/conf.c Thu Oct 4 00:45:37 2001
--- sys/arch/macppc/macppc/conf.c Fri Dec 28 12:53:03 2001
***************
*** 105,110 ****
--- 105,116 ----
#include "tun.h"
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#ifdef XFS
#include <xfs/nxfs.h>
cdev_decl(xfs_dev);
***************
*** 195,201 ****
cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */
! cdev_notdef(), /* 45 */
cdev_notdef(), /* 46 */
cdev_notdef(), /* 47 */
cdev_notdef(), /* 48 */
--- 201,207 ----
cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */
! cdev_gen_ipf(NIPF,ipl), /* 45: IP filter */
cdev_notdef(), /* 46 */
cdev_notdef(), /* 47 */
cdev_notdef(), /* 48 */
diff -cr sys.30/arch/mvme68k/mvme68k/conf.c sys/arch/mvme68k/mvme68k/conf.c
*** sys.30/arch/mvme68k/mvme68k/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/mvme68k/mvme68k/conf.c Fri Dec 28 12:55:36 2001
***************
*** 176,181 ****
--- 176,187 ----
#include "tun.h"
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 226,232 ****
cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
! cdev_lkm_dummy(), /* 44 */
cdev_lkm_dummy(), /* 45 */
cdev_lkm_dummy(), /* 46 */
cdev_lkm_dummy(), /* 47 */
--- 232,238 ----
cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */
cdev_lkm_dummy(), /* 45 */
cdev_lkm_dummy(), /* 46 */
cdev_lkm_dummy(), /* 47 */
diff -cr sys.30/arch/mvme88k/mvme88k/conf.c sys/arch/mvme88k/mvme88k/conf.c
*** sys.30/arch/mvme88k/mvme88k/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/mvme88k/mvme88k/conf.c Fri Dec 28 12:56:20 2001
***************
*** 113,118 ****
--- 113,124 ----
cdev_decl(lptwo);
#endif /* notyet */
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 199,205 ****
cdev_lkm_dummy(), /* 38 */
cdev_pf_init(NPF,pf), /* 39: packet filter */
cdev_random_init(1,random), /* 40: random data source */
! cdev_notdef(), /* 41 */
cdev_notdef(), /* 42 */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
cdev_notdef(), /* 44 */
--- 205,211 ----
cdev_lkm_dummy(), /* 38 */
cdev_pf_init(NPF,pf), /* 39: packet filter */
cdev_random_init(1,random), /* 40: random data source */
! cdev_gen_ipf(NIPF,ipl), /* 41: IP filter */
cdev_notdef(), /* 42 */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
cdev_notdef(), /* 44 */
diff -cr sys.30/arch/mvmeppc/mvmeppc/conf.c sys/arch/mvmeppc/mvmeppc/conf.c
*** sys.30/arch/mvmeppc/mvmeppc/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/mvmeppc/mvmeppc/conf.c Fri Dec 28 12:57:20 2001
***************
*** 147,152 ****
--- 147,158 ----
#include "ksyms.h"
cdev_decl(ksyms);
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 200,206 ****
cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
! cdev_notdef(), /* 44 */
cdev_notdef(), /* 45 */
cdev_notdef(), /* 46 */
cdev_notdef(), /* 47 */
--- 206,212 ----
cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */
cdev_notdef(), /* 45 */
cdev_notdef(), /* 46 */
cdev_notdef(), /* 47 */
diff -cr sys.30/arch/sparc/sparc/conf.c sys/arch/sparc/sparc/conf.c
*** sys.30/arch/sparc/sparc/conf.c Fri Sep 28 12:53:13 2001
--- sys/arch/sparc/sparc/conf.c Fri Dec 28 12:59:25 2001
***************
*** 128,133 ****
--- 128,139 ----
};
int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]);
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 202,208 ****
cdev_notdef(), /* 57 */
cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */
cdev_pf_init(NPF,pf), /* 59: packet filter */
! cdev_notdef(), /* 60 */
cdev_notdef(), /* 61 */
cdev_notdef(), /* 62 */
cdev_notdef(), /* 63 */
--- 208,214 ----
cdev_notdef(), /* 57 */
cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */
cdev_pf_init(NPF,pf), /* 59: packet filter */
! cdev_gen_ipf(NIPF,ipl), /* 60: ip filtering log */
cdev_notdef(), /* 61 */
cdev_notdef(), /* 62 */
cdev_notdef(), /* 63 */
diff -cr sys.30/arch/sparc64/sparc64/conf.c sys/arch/sparc64/sparc64/conf.c
*** sys.30/arch/sparc64/sparc64/conf.c Fri Sep 28 12:53:14 2001
--- sys/arch/sparc64/sparc64/conf.c Fri Dec 28 12:59:59 2001
***************
*** 116,121 ****
--- 116,127 ----
#include "ses.h"
cdev_decl(ses);
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 239,245 ****
cdev_notdef(), /* 72 */
cdev_pf_init(NPF,pf), /* 73: packet filter */
cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */
! cdev_notdef(), /* 75 */
cdev_ksyms_init(NKSYMS,ksyms), /* 76 *: Kernel symbols device */
cdev_notdef(), /* 77 */
cdev_notdef(), /* 78 */
--- 245,251 ----
cdev_notdef(), /* 72 */
cdev_pf_init(NPF,pf), /* 73: packet filter */
cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */
! cdev_gen_ipf(NIPF,ipl), /* 75: IP filter */
cdev_ksyms_init(NKSYMS,ksyms), /* 76 *: Kernel symbols device */
cdev_notdef(), /* 77 */
cdev_notdef(), /* 78 */
diff -cr sys.30/arch/sun3/sun3/conf.c sys/arch/sun3/sun3/conf.c
*** sys.30/arch/sun3/sun3/conf.c Fri Sep 28 12:53:14 2001
--- sys/arch/sun3/sun3/conf.c Fri Dec 28 13:00:59 2001
***************
*** 111,116 ****
--- 111,122 ----
};
int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]);
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 207,212 ****
--- 213,219 ----
cdev_ch_init(NCH,ch), /* 83: SCSI autochanger */
cdev_ses_init(NSES,ses), /* 84: SCSI SES or SAF-TE device */
cdev_altq_init(NALTQ,altq), /* 85: ALTQ control interface */
+ cdev_gen_ipf(NIPF,ipl), /* 86: IP filter */
};
int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]);
diff -cr sys.30/arch/vax/vax/conf.c sys/arch/vax/vax/conf.c
*** sys.30/arch/vax/vax/conf.c Fri Sep 28 12:53:14 2001
--- sys/arch/vax/vax/conf.c Fri Dec 28 13:01:58 2001
***************
*** 432,437 ****
--- 432,443 ----
#include "wskbd.h"
#include "wsmouse.h"
+ #ifdef IPFILTER
+ #define NIPF 1
+ #else
+ #define NIPF 0
+ #endif
+
#include "pf.h"
#include <altq/altqconf.h>
***************
*** 485,491 ****
cdev_notdef(), /* 44 was Datakit */
cdev_notdef(), /* 45 was Datakit */
cdev_notdef(), /* 46 was Datakit */
! cdev_notdef(), /* 47 */
cdev_notdef(), /* 48 */
cdev_notdef(), /* 49 */
cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */
--- 491,497 ----
cdev_notdef(), /* 44 was Datakit */
cdev_notdef(), /* 45 was Datakit */
cdev_notdef(), /* 46 was Datakit */
! cdev_gen_ipf(NIPF,ipl), /* 47: IP filter */
cdev_notdef(), /* 48 */
cdev_notdef(), /* 49 */
cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */
diff -cr sys.30/conf/GENERIC sys/conf/GENERIC
*** sys.30/conf/GENERIC Tue Sep 18 03:04:27 2001
--- sys/conf/GENERIC Fri Dec 28 11:37:49 2001
***************
*** 71,76 ****
--- 71,78 ----
#option EON # OSI tunneling over IP
#option NETATALK # AppleTalk
#option CCITT,LLC,HDLC # X.25
+ option IPFILTER # IP packet filter for security
+ option IPFILTER_LOG # use /dev/ipl to log IPF
option PPP_BSDCOMP # PPP BSD compression
option PPP_DEFLATE
#option MROUTING # Multicast router
diff -cr sys.30/conf/files sys/conf/files
*** sys.30/conf/files Fri Oct 5 07:43:37 2001
--- sys/conf/files Fri Dec 28 12:02:08 2001
***************
*** 652,657 ****
--- 652,665 ----
file netinet/tcp_usrreq.c inet
file netinet/udp_usrreq.c inet
file netinet/ip_gre.c inet
+ file netinet/ip_fil.c ipfilter
+ file netinet/fil.c ipfilter
+ file netinet/ip_nat.c ipfilter
+ file netinet/ip_frag.c ipfilter
+ file netinet/ip_state.c ipfilter
+ file netinet/ip_proxy.c ipfilter
+ file netinet/ip_auth.c ipfilter
+ file netinet/ip_log.c ipfilter
file netinet/ip_ipsp.c (inet | inet6) & (ipsec | tcp_signature)
file netinet/ip_spd.c (inet | inet6) & (ipsec | tcp_signature)
file netinet/ip_ipip.c inet | inet6
diff -cr sys.30/net/bridgestp.c sys/net/bridgestp.c
*** sys.30/net/bridgestp.c Wed Jun 27 16:07:37 2001
--- sys/net/bridgestp.c Fri Dec 28 12:01:56 2001
***************
*** 63,68 ****
--- 63,73 ----
#include <netinet/in_var.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
+
+ #ifdef IPFILTER
+ #include <netinet/ip_compat.h>
+ #include <netinet/ip_fil.h>
+ #endif
#endif
#if NBPFILTER > 0
diff -cr sys.30/net/if.c sys/net/if.c
*** sys.30/net/if.c Sat Jun 30 08:46:05 2001
--- sys/net/if.c Fri Dec 28 12:02:21 2001
***************
*** 99,104 ****
--- 99,110 ----
#include <netinet6/in6_ifattach.h>
#endif
+ #ifdef IPFILTER
+ #include <netinet/ip_compat.h>
+ #include <netinet/ip_fil.h>
+ #include <netinet/ip_nat.h>
+ #endif
+
#if NBPFILTER > 0
#include <net/bpf.h>
#endif
***************
*** 381,386 ****
--- 387,397 ----
/* Remove the interface from the list of all interfaces. */
TAILQ_REMOVE(&ifnet, ifp, if_list);
+
+ #ifdef IPFILTER
+ /* XXX More ipf & ipnat cleanup needed. */
+ frsync();
+ #endif
/* Deallocate private resources. */
for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa;
diff -cr sys.30/net/if_bridge.c sys/net/if_bridge.c
*** sys.30/net/if_bridge.c Wed Aug 22 01:18:20 2001
--- sys/net/if_bridge.c Sun Dec 30 05:29:37 2001
***************
*** 61,67 ****
#include <netinet/ip_ipsp.h>
#include <net/if_enc.h>
! #endif
#if NPF > 0
#include <net/pfvar.h>
--- 61,71 ----
#include <netinet/ip_ipsp.h>
#include <net/if_enc.h>
! # if (defined(IPFILTER) || defined(IPFILTER_LKM))
! #include <netinet/ip_compat.h>
! #include <netinet/ip_fil.h>
! # endif
! #endif /* INET */
#if NPF > 0
#include <net/pfvar.h>
***************
*** 139,145 ****
int bridge_flushrule __P((struct bridge_iflist *));
int bridge_brlconf __P((struct bridge_softc *, struct ifbrlconf *));
u_int8_t bridge_filterrule __P((struct brl_head *, struct ether_header *));
! #if NPF > 0
struct mbuf *bridge_filter __P((struct bridge_softc *, int, struct ifnet *,
struct ether_header *, struct mbuf *m));
#endif
--- 143,149 ----
int bridge_flushrule __P((struct bridge_iflist *));
int bridge_brlconf __P((struct bridge_softc *, struct ifbrlconf *));
u_int8_t bridge_filterrule __P((struct brl_head *, struct ether_header *));
! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
struct mbuf *bridge_filter __P((struct bridge_softc *, int, struct ifnet *,
struct ether_header *, struct mbuf *m));
#endif
***************
*** 1043,1049 ****
m_freem(m);
return;
}
! #if NPF > 0
m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m);
if (m == NULL)
return;
--- 1047,1053 ----
m_freem(m);
return;
}
! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m);
if (m == NULL)
return;
***************
*** 1086,1092 ****
m_freem(m);
return;
}
! #if NPF > 0
m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m);
if (m == NULL)
return;
--- 1090,1096 ----
m_freem(m);
return;
}
! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m);
if (m == NULL)
return;
***************
*** 1328,1334 ****
}
}
! #if NPF > 0
mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc);
if (mc == NULL)
continue;
--- 1332,1338 ----
}
}
! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc);
if (mc == NULL)
continue;
***************
*** 1911,1917 ****
return (0);
}
! #if NPF > 0
/*
* Filter IP packets by peeking into the ethernet frame. This violates
* the ISO model, but allows us to act as a IP filter at the data link
--- 1915,1921 ----
return (0);
}
! #if (NPF > 0) || defined(IPFILTER) || defined(IPFILTER_LKM)
/*
* Filter IP packets by peeking into the ethernet frame. This violates
* the ISO model, but allows us to act as a IP filter at the data link
***************
*** 1926,1932 ****
struct ether_header *eh;
struct mbuf *m;
{
! #if NPF == 0
return (m);
#else
struct llc llc;
--- 1930,1936 ----
struct ether_header *eh;
struct mbuf *m;
{
! #if defined(NPF) && (NPF == 0) && !defined(IPFILTER) && !defined(IPFILTER_LKM)
return (m);
#else
struct llc llc;
***************
*** 1934,1939 ****
--- 1938,1947 ----
struct ip *ip;
int hlen;
+ # if (defined(IPFILTER) || defined(IPFILTER_LKM)) && defined(NPF) && (NPF == 0)
+ if (fr_checkp == NULL)
+ return (m);
+ # endif
if (eh->ether_type != htons(ETHERTYPE_IP)) {
if (eh->ether_type > ETHERMTU ||
m->m_pkthdr.len < (LLC_SNAPFRAMELEN +
***************
*** 2000,2007 ****
--- 2008,2023 ----
/* Finally, we get to filter the packet! */
m->m_pkthdr.rcvif = ifp;
+ #if NPF > 0
if (pf_test(dir, ifp, &m) != PF_PASS)
goto dropit;
+ #endif
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, dir, &m))
+ goto dropit;
+ if (m == NULL) /* in case of 'fastroute' */
+ goto dropit;
+ #endif
/* Rebuild the IP header */
if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL))
***************
*** 2035,2040 ****
if (m != NULL)
m_freem(m);
return (NULL);
! #endif /* NPF == 0 */
}
#endif
--- 2051,2056 ----
if (m != NULL)
m_freem(m);
return (NULL);
! #endif /* (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) */
}
#endif
diff -cr sys.30/netinet/in_proto.c sys/netinet/in_proto.c
*** sys.30/netinet/in_proto.c Thu Aug 9 01:07:04 2001
--- sys/netinet/in_proto.c Fri Dec 28 12:05:44 2001
***************
*** 163,168 ****
--- 163,173 ----
#include <netinet/ip_mroute.h>
#endif /* MROUTING */
+ #ifdef IPFILTER
+ void iplinit __P((void));
+ #define ip_init iplinit
+ #endif
+
#ifdef INET6
#include <netinet6/ip6_var.h>
#endif /* INET6 */
diff -cr sys.30/netinet/ip_input.c sys/netinet/ip_input.c
*** sys.30/netinet/ip_input.c Wed Sep 19 01:24:32 2001
--- sys/netinet/ip_input.c Fri Dec 28 12:05:55 2001
***************
*** 149,154 ****
--- 149,159 ----
struct in_ifaddrhead in_ifaddr;
struct ifqueue ipintrq;
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int,
+ struct mbuf **));
+ #endif
+
int ipq_locked;
static __inline int ipq_lock_try __P((void));
static __inline void ipq_unlock __P((void));
***************
*** 398,403 ****
--- 403,425 ----
ip = mtod(m, struct ip *);
hlen = ip->ip_hl << 2;
+ #endif
+
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
+ * Check if we want to allow this packet to be processed.
+ * Consider it to be bad if not.
+ */
+ {
+ struct mbuf *m0 = m;
+ if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) {
+ return;
+ }
+ if (m0 == 0) { /* in case of 'fastroute' */
+ return;
+ }
+ ip = mtod(m = m0, struct ip *);
+ }
#endif
#ifdef ALTQ
diff -cr sys.30/netinet/ip_output.c sys/netinet/ip_output.c
*** sys.30/netinet/ip_output.c Mon Aug 27 07:12:06 2001
--- sys/netinet/ip_output.c Fri Dec 28 12:10:52 2001
***************
*** 91,96 ****
--- 91,100 ----
static void ip_mloopback
__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
+
/*
* IP output. The packet in mbuf chain m contains a skeletal IP
* header (with len, off, ttl, proto, tos, src, dst).
***************
*** 535,540 ****
--- 539,568 ----
if (sproto != 0) {
s = splnet();
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ if (fr_checkp) {
+ /*
+ * Ok, it's time for a simple round-trip to the IPF/NAT
+ * code with the enc0 interface.
+ */
+ struct mbuf *m1 = m;
+ void *ifp = (void *)&encif[0].sc_if;
+
+ if ((*fr_checkp)(ip, hlen, ifp, 1, &m1)) {
+ error = EHOSTUNREACH;
+ splx(s);
+ goto done;
+ }
+ if (m1 == 0) { /* in case of 'fastroute' */
+ error = 0;
+ splx(s);
+ goto done;
+ }
+ ip = mtod(m = m1, struct ip *);
+ hlen = ip->ip_hl << 2;
+ }
+ #endif /* IPFILTER */
+
/*
* Packet filter
*/
***************
*** 636,641 ****
--- 664,688 ----
m->m_pkthdr.csum &= ~M_UDPV4_CSUM_OUT; /* Clear */
}
}
+
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
+ * looks like most checking has been done now...do a filter check
+ */
+ {
+ struct mbuf *m1 = m;
+
+ if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m1)) {
+ error = EHOSTUNREACH;
+ goto done;
+ }
+ if (m1 == 0) { /* in case of 'fastroute' */
+ error = 0;
+ goto done;
+ }
+ ip = mtod(m = m1, struct ip *);
+ }
+ #endif
/*
* Packet filter
diff -cr sys.30/netinet6/ip6_input.c sys/netinet6/ip6_input.c
*** sys.30/netinet6/ip6_input.c Sat Sep 15 13:54:40 2001
--- sys/netinet6/ip6_input.c Sat Dec 29 21:57:26 2001
***************
*** 134,139 ****
--- 134,142 ----
#ifdef PULLDOWN_TEST
static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int));
#endif
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
/*
* IP6 initialization: fill in IP6 protocol switch table.
***************
*** 286,291 ****
--- 289,314 ----
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
goto bad;
}
+
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
+ * Check if we want to allow this packet to be processed.
+ * Consider it to be bad if not.
+ */
+ if (fr_checkp != NULL) {
+ struct mbuf *m0 = m;
+
+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6),
+ m->m_pkthdr.rcvif, 0, &m0)) {
+ return;
+ }
+ m = m0;
+ if (m == 0) { /* in case of 'fastroute' */
+ return;
+ }
+ ip6 = mtod(m, struct ip6_hdr *);
+ }
+ #endif
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
diff -cr sys.30/netinet6/ip6_output.c sys/netinet6/ip6_output.c
*** sys.30/netinet6/ip6_output.c Tue Oct 2 02:03:09 2001
--- sys/netinet6/ip6_output.c Sat Dec 29 21:57:26 2001
***************
*** 118,123 ****
--- 118,127 ----
struct mbuf *ip6e_dest2;
};
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
+
static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *,
struct socket *));
static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *));
***************
*** 889,894 ****
--- 893,917 ----
ip6 = mtod(m, struct ip6_hdr *);
#endif
+
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
+ * looks like most checking has been done now...do a filter check
+ */
+ if (fr_checkp != NULL) {
+ struct mbuf *m1 = m;
+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) {
+ error = EHOSTUNREACH;
+ goto done;
+ }
+ m = m1;
+ if (m1 == 0) { /* in case of 'fastroute' */
+ error = 0;
+ goto done;
+ }
+ ip6 = mtod(m, struct ip6_hdr *);
+ }
+ #endif
/*
* Send the packet to the outgoing interface.
* If necessary, do IPv6 fragmentation before sending.
diff -cr sys.30/sys/conf.h sys/sys/conf.h
*** sys.30/sys/conf.h Fri Oct 5 07:46:03 2001
--- sys/sys/conf.h Fri Dec 28 13:45:33 2001
***************
*** 351,356 ****
--- 351,363 ----
(dev_type_ioctl((*))) enodev, (dev_type_stop((*))) nullop, \
0, (dev_type_select((*))) enodev, (dev_type_mmap((*))) enodev }
+ /* open, close, read, ioctl */
+ #define cdev_gen_ipf(c, n) { \
+ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
+ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
+ (dev_type_stop((*))) enodev, 0, (dev_type_select((*))) enodev, \
+ (dev_type_mmap((*))) enodev }
+
/* open, close, read, write, ioctl, select */
#define cdev_xfs_init(c, n) { \
dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
***************
*** 537,542 ****
--- 544,550 ----
cdev_decl(bpf);
+ cdev_decl(ipl);
cdev_decl(pf);
cdev_decl(tun);

77
dist/ipf/OpenBSD/README.3_0 vendored
View File

@ -1,77 +0,0 @@
Installing IPFilter into OpenBSD 3.0 Kernel
===========================================
The installation of IPFilter should be as easy as following the steps
below. In cases where "i386" is mentioned, if you are working on a
different platform, substitute that name there and it should work equally
as well. The patches include enabling IPFilter for IPv4 filtering, IPv6
filtering and bridge filtering.
The commands given below are intended as guides rather than exact matches
on what needs to be typed. In many cases, paths to files or directories
may bear little resemblence to what is presented below.
You may encounter difficulties with step 7 if you have made changes to the
rc files which cause "patch" to not be able to work out how to apply the
changes correctly.
If the below steps are followed with no problems then it should be safe to
perform step 8 and reboot with the new kernel. Of course if you are not
using GENERIC then substitute GENERIC for your kernel name. If your kernel
config file includes the "GENERIC" one then you will not need to add explicit
options for IPFilter.
1. Extract your source tree into /usr/src, creating /usr/src/sys.
cd /usr/src
gunzip -c sys.tar.gz | tar xpf -
2. Change directory to /usr/src
3. Unpack IPFilter and apply the patches to the kernel source
cd ~
gunzip -c ip_fil3.4.23.tar.gz | tar xpf -
cd /usr/src
patch < ~/ip_fil3.4.23/OpenBSD/3.0-sys-diffs
4. Add IPFilter to the source code tree:
cd ~/ip_fil3.4.23
BSD/kupgrade
5. Build a new OpenBSD kernel
/bin/rm -rf /sys/arch/i386/compile/GENERIC
cd /sys/arch/i386/conf
config GENERIC
cd ../compile/GENERIC
make depend && make
cp bsd /bsd
6. Build and install IPFilter
cd ip_fil3.4.23
make openbsd
make install-bsd
OpenBSD/makedevs-3.0
7. Patch rc scripts in /etc
cd /etc
patch < ~/ip_fil3.4.23/OpenBSD/3.0-rc-diffs
8. Reboot
IPFilter device files
=====================
Patches to include making IPFilter devices can be found in the file
3.0-MAKEDEV-diffs. These diffs are generally only of interested if
you are going to be building a distribution for others and want the
correct MAKEDEV scripts to be built. You may also wish to use this
to patch /dev/MAKEDEV on your machine to be correct. Pre-fab'd MAKEDEV
scripts (or individual patches) for each architecture are not provided.
You will need to have extracted "./etc" from src.tar.gz to use these
patches.

435
dist/ipf/OpenBSD/fixdist-3.0 vendored
View File

@ -1,435 +0,0 @@
.\" $NetBSD: fixdist-3.0,v 1.1.1.2 2002/03/14 12:30:13 martti Exp $
.\"
#!/bin/sh
#
# Install IPFilter into the source tree of OpenBSD 3.0
#
if [ $# -eq 1 ] ; then
if [ "$1" = "-d" ] ; then
debug=echo
fi
fi
copyfiles() {
while [ $# -gt 0 ] ; do
if [ X"$1" = X"\\" ] ; then
:
elif [ -f $IPFDIR/$1 ] ; then
$debug cp -p $IPFDIR/$1 .
elif [ -f $IPFDIR/man/$1 ] ; then
$debug cp -p $IPFDIR/man/$1 .
elif [ -f $IPFDIR/iplang/$1 ] ; then
$debug cp -p $IPFDIR/iplang/$1 .
elif [ -f $IPFDIR/ipsend/$1 ] ; then
$debug cp -p $IPFDIR/ipsend/$1 .
else
echo "Could not find $IPFDIR/$1"
fi
shift
done
}
prep() {
$debug mkdir $1
$debug cd $1
}
IPFDIR=`pwd`
SRC=/usr/src
#
# 3 Programs into /sbin: ipf, ipfstat, ipnat
#
cd $SRC/sbin
/bin/rm -rf ipf ipfstat ipnat
prep ipf
MFILES="ipf.8 ipf.4 ipf.5"
SFILES="ipf.c parse.c opt.c facpri.c common.c"
IFILES="ipf.h facpri.h"
if [ X$debug = X ] ; then
OFILE=Makefile
else
OFILE=/dev/tty
fi
cat > ${OFILE} << __EOF__
# $OpenBSD: Makefile,v 1.10 2001/01/17 05:00:57 fgsch Exp $
PROG= ipf
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
# Setup ipfstat(8)
#
prep ../ipfstat
MFILES=ipfstat.8
SFILES="fils.c parse.c opt.c kmem.c facpri.c common.c printstate.c"
IFILES=kmem.h
cat > ${OFILE} << __EOF__
# $OpenBSD: Makefile,v 1.8 2001/02/13 01:12:33 fgsch Exp $
PROG= ipfstat
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../../sbin/ipf
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf -DSTATETOP \\
-I\${.CURDIR}/../../sys/netinet
DPADD= \${LIBCURSES}
LDADD= -lcurses -lkvm
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
# Setup ipnat(8)
#
prep ../ipnat
MFILES="ipnat.8 ipnat.4 ipnat.5"
SFILES="ipnat.c kmem.c natparse.c common.c printnat.c"
IFILES=
cat > ${OFILE} << __EOF__
# $OpenBSD: Makefile,v 1.10 2001/01/17 05:01:01 fgsch Exp $
PROG= ipnat
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../ipfstat \${.CURDIR}/../ipf
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipfstat -I\${.CURDIR}/../ipf \\
-I\${.CURDIR}/../../sys/netinet
LDADD= -lkvm
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES
echo "`pwd` done"
#
# Now fix up the top level Makefile
#
cd $SRC/sbin
grep -q ipf Makefile
if [ $? -ne 0 ] ; then
cat <<__EOF__ | patch
*** Makefile.orig Tue Jan 1 15:01:51 2002
--- Makefile Mon Jan 7 20:31:56 2002
***************
*** 34,37 ****
--- 34,40 ----
# Man pages (and manpages to do)
SUBDIR+= fdisk pdisk ancontrol wicontrol wsconsctl
+ # IPFilter
+ SUBDIR+= ipf ipfstat ipnat
+
.include <bsd.subdir.mk>
__EOF__
fi
#
# 3 Programs into /usr/sbin: ipfs, ipfstat, ipmon
# Also, include ipsend suite of tools.
#
cd $SRC/usr.sbin
/bin/rm -rf ipfs ipftest ipmon ipsend
#
# Create directory for ipftest
#
prep ipftest
MFILES=ipftest.1
SFILES="ipt.c fil.c ipft_hx.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c \\
ipft_tx.c misc.c parse.c opt.c ip_frag.c ip_nat.c ip_state.c \\
ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c common.c \\
printnat.c printstate.c"
IFILES="ipt.h pcap.h snoop.h kmem.h"
cat > ${OFILE} << __EOF__
# $OpenBSD: Makefile,v 1.9 2001/01/17 06:01:21 fgsch Exp $
PROG= ipftest
MAN= ${MFILES}
SRCS= ${SFILES}
.PATH: \${.CURDIR}/../../sbin/ipf \${.CURDIR}/../../sbin/ipfstat \\
\${.CURDIR}/../../sys/netinet \${.CURDIR}/../../sbin/ipnat
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\
-I\${.CURDIR}/../../sys/netinet -I\${.CURDIR}/../../sys -I\${.CURDIR}
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
# Create directory for ipfs
#
prep ../ipfs
MFILES=ipfs.8
SFILES=ipfs.c
IFILES=
cat > ${OFILE} << __EOF__
# \$OpenBSD: Makefile,v 1.1 2001/01/17 06:31:06 fgsch Exp \$
PROG= ipfs
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\
-I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
#
#
prep ../ipmon
MFILES=ipmon.8
SFILES=ipmon.c
IFILES=
cat > ${OFILE} << __EOF__
# \$OpenBSD: Makefile,v 1.4 1998/09/15 10:01:38 pattonme Exp \$
PROG= ipmon
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
# Create top level directories for ipsend
#
prep ../ipsend
cat > ${OFILE} << __EOF__
# $OpenBSD: Makefile,v 1.4 1997/09/21 11:43:47 deraadt Exp $
SUBDIR= ipsend ipresend iptest
.include <bsd.subdir.mk>
__EOF__
echo "`pwd` done"
prep iplang
copyfiles iplang.h
#
# 1st ipsend program - ipsend itself
#
prep ../ipsend
MFILES="ipsend.1 ipsend.5"
SFILES="ipsend.c ip.c ipsopt.c sbpf.c sock.c 44arp.c iplang_y.y iplang_l.l"
IFILES="ipsend.h iplang.h"
cat > ${OFILE} << __EOF__
# $OpenBSD: Makefile,v 1.3 1998/01/26 19:46:23 weingart Exp $
PROG= ipsend
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+= -DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sbin/ipf -I\${.CURDIR}/../../../sys/netinet \\
-I\${.CURDIR}/.. -I\${.OBJDIR}
LDADD= -lfl
CLEANFILES+=y.tab.h
.PATH: \${.CURDIR}/../common
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
# 2nd ipsend program - ipresend
#
prep ../ipresend
MFILES=ipresend.1
SFILES="ipresend.c resend.c \\
ipft_ef.c ipft_hx.c ipft_pc.c ipft_sn.c ipft_td.c ipft_tx.c opt.c \\
sock.c 44arp.c sbpf.c ip.c"
IFILES="ipsend.h"
cat > ${OFILE} << __EOF__
# \$OpenBSD: Makefile,v 1.4 1999/02/21 23:11:05 tholo Exp \$
PROG= ipresend
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sbin/ipf \\
-I\${.CURDIR}/../../../sys/netinet -I\${.CURDIR}/..
.PATH: \${.CURDIR}/../common \${.CURDIR}/../../ipftest \\
\${.CURDIR}/../../../sbin/ipf
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
#
# 3rd ipsend program - iptest
#
prep ../iptest
MFILES=iptest.1
SFILES="iptest.c iptests.c ip.c sbpf.c sock.c 44arp.c"
IFILES="ipsend.h"
cat > ${OFILE} << __EOF__
# \$OpenBSD: Makefile,v 1.2 1998/01/26 04:17:08 dgregor Exp \$
PROG= iptest
BINDIR= /usr/sbin
MAN= ${MFILES}
SRCS= ${SFILES}
CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\
-I\${.CURDIR}/../../../sys/netinet \\
-I\${.CURDIR}/../../../sbin/ipf -I\${.CURDIR}/..
.PATH: \${.CURDIR}/../common
.include <bsd.prog.mk>
__EOF__
copyfiles $MFILES $SFILES $IFILES
echo "`pwd` done"
cd $SRC/usr.sbin
grep -q ipmon Makefile
if [ $? -ne 0 ] ; then
cat << __EOF__ | patch
*** Makefile.orig Tue Jan 1 15:06:30 2002
--- Makefile Mon Jan 7 20:34:05 2002
***************
*** 36,39 ****
--- 36,42 ----
SUBDIR+=ypbind yppoll ypset ypserv
.endif
+ # IPFilter
+ SUBDIR+=ipftest ipfs ipmon ipsend
+
.include <bsd.subdir.mk>
__EOF__
fi
echo "Patching base install set"
cd $SRC
cd distrib/sets/lists/base
grep -q ipfstat mi
if [ $? -ne 0 ] ; then
cat << __EOF__ | patch
*** mi.orig Sat Oct 6 03:30:51 2001
--- mi Tue Jan 8 05:45:39 2002
***************
*** 89,94 ****
--- 89,97 ----
./sbin/halt
./sbin/ifconfig
./sbin/init
+ ./sbin/ipf
+ ./sbin/ipfstat
+ ./sbin/ipnat
./sbin/ipsecadm
./sbin/isakmpd
./sbin/kbd
***************
*** 1276,1281 ****
--- 1279,1290 ----
./usr/sbin/ifmcstat
./usr/sbin/inetd
./usr/sbin/iostat
+ ./usr/sbin/ipfs
+ ./usr/sbin/ipftest
+ ./usr/sbin/ipmon
+ ./usr/sbin/ipresend
+ ./usr/sbin/ipsend
+ ./usr/sbin/iptest
./usr/sbin/kadmin
./usr/sbin/kdb_destroy
./usr/sbin/kdb_edit
__EOF__
fi
echo "Patching man install set"
cd $SRC
cd distrib/sets/lists/man
grep -q ipfstat mi
if [ $? -ne 0 ] ; then
cat << __EOF__ | patch
*** mi.orig Wed Oct 10 03:28:42 2001
--- mi Tue Jan 8 19:37:54 2002
***************
*** 319,324 ****
--- 319,328 ----
./usr/share/man/cat1/intro.0
./usr/share/man/cat1/ipcrm.0
./usr/share/man/cat1/ipcs.0
+ ./usr/share/man/cat1/ipftest.0
+ ./usr/share/man/cat1/ipresend.0
+ ./usr/share/man/cat1/ipsend.0
+ ./usr/share/man/cat1/iptest.0
./usr/share/man/cat1/jobs.0
./usr/share/man/cat1/join.0
./usr/share/man/cat1/jot.0
***************
*** 1054,1059 ****
--- 1058,1066 ----
./usr/share/man/cat4/ip.0
./usr/share/man/cat4/ip6.0
./usr/share/man/cat4/ipcomp.0
+ ./usr/share/man/cat4/ipf.0
+ ./usr/share/man/cat4/ipl.0
+ ./usr/share/man/cat4/ipnat.0
./usr/share/man/cat4/ipsec.0
./usr/share/man/cat4/isa.0
./usr/share/man/cat4/isapnp.0
***************
*** 1414,1419 ****
--- 1421,1429 ----
./usr/share/man/cat5/info.0
./usr/share/man/cat5/inode.0
./usr/share/man/cat5/intro.0
+ ./usr/share/man/cat5/ipf.0
+ ./usr/share/man/cat5/ipnat.0
+ ./usr/share/man/cat5/ipsend.0
./usr/share/man/cat5/isakmpd.conf.0
./usr/share/man/cat5/isakmpd.policy.0
./usr/share/man/cat5/keynote.0
***************
*** 1657,1662 ****
--- 1667,1677 ----
./usr/share/man/cat8/intro.0
./usr/share/man/cat8/iopctl.0
./usr/share/man/cat8/iostat.0
+ ./usr/share/man/cat8/ipf.0
+ ./usr/share/man/cat8/ipfs.0
+ ./usr/share/man/cat8/ipfstat.0
+ ./usr/share/man/cat8/ipmon.0
+ ./usr/share/man/cat8/ipnat.0
./usr/share/man/cat8/ipsecadm.0
./usr/share/man/cat8/isakmpd.0
./usr/share/man/cat8/kadmin.0
__EOF__
fi
exit 0

72
dist/ipf/OpenBSD/makedevs-3.0 vendored
View File

@ -1,72 +0,0 @@
.\" $NetBSD: makedevs-3.0,v 1.1.1.1 2002/01/24 08:18:32 martti Exp $
.\"
#!/bin/sh
platform=`uname -m`
case $platform in
alpha)
major=37
;;
amiga)
major=38
;;
hp300)
major=37
;;
hppa)
major=34
;;
i386)
major=77
;;
mac68k)
major=38
;;
macppc)
major=45
;;
mvme68k)
major=44
;;
mvme88k)
major=41
;;
mvmeppc)
major=44
;;
sparc)
major=60
;;
sparc64)
major=75
;;
sun3)
major=86
;;
vax)
major=47
;;
*)
echo "Unrecognised platform $platform"
exit 1
;;
esac
minor=0
echo
echo "Creating IPFilter device files in /dev."
echo
echo -n "Platform $platform Major Number $major: "
for i in ipl ipnat ipstate ipauth; do
/bin/rm -f /dev/$i
mknod /dev/$i c $major $minor
chown root.wheel /dev/$i
chmod 600 /dev/$i
echo -n "$i($minor) "
minor=`expr $minor + 1`
done
echo
echo Done.
echo
exit 0

21
dist/ipf/OpenBSD/mknewipf.sh vendored
View File

@ -1,21 +0,0 @@
#!/bin/sh
# documented from
# http://www.tfsb.org/ipf-openbsd/
ARCH=sparc
KERNEL=MULAN
IPF=ip-fil3.4.17
rm -rf $IPF
tar zxf $IPF.tar.gz
cd $IPF
perl -pi -e "s/#STATETOP_CFLAGS=/STATETOP_CFLAGS=/" Makefile
perl -pi -e "s/#STATETOP_INC=$/STATETOP_INC=/" Makefile
perl -pi -e "s/#STATETOP_LIB=-lncurses/STATETOP_LIB=-lcurses/" Makefile
perl -pi -e "s/#INET6/INET6/" Makefile
make openbsd
make install-bsd
cd OpenBSD
echo $KERNEL | ./kinstall >/dev/null 2>&1
cd /usr/src/sys/arch/$ARCH/conf
config $KERNEL
cd /usr/src/sys/arch/$ARCH/compile/$KERNEL
make clean && make depend && make && mv /bsd /bsd.old && mv bsd /bsd && reboot