diff --git a/dist/ipf/FreeBSD-4.0/INST.FreeBSD-4 b/dist/ipf/FreeBSD-4.0/INST.FreeBSD-4 deleted file mode 100644 index 6ae366a394cd..000000000000 --- a/dist/ipf/FreeBSD-4.0/INST.FreeBSD-4 +++ /dev/null @@ -1,24 +0,0 @@ -To build a kernel with the IP filter, follow these seven steps: - - 1. do "make freebsd4" - - 2. do "make install-bsd" - (probably has to be done as root) - - 3. run "FreeBSD-4/kinstall" as root - - 4. build a new kernel - - 5. install the new kernel - - 6. If not using DEVFS, create devices for IP Filter as follows: - mknod /dev/ipl c 79 0 - mknod /dev/ipnat c 79 1 - mknod /dev/ipstate c 79 2 - mknod /dev/ipauth c 79 3 - - 7. reboot - - -Darren Reed -darrenr@pobox.com diff --git a/dist/ipf/FreeBSD-4.0/ipv6-patch-4.0 b/dist/ipf/FreeBSD-4.0/ipv6-patch-4.0 deleted file mode 100644 index c8af1194552e..000000000000 --- a/dist/ipf/FreeBSD-4.0/ipv6-patch-4.0 +++ /dev/null @@ -1,63 +0,0 @@ -.\" $NetBSD: ipv6-patch-4.0,v 1.1.1.1 2001/03/26 03:53:49 mike Exp $ -.\" -*** ip6_input.c.orig Sun Feb 13 14:32:01 2000 ---- ip6_input.c Wed Apr 26 22:31:34 2000 -*************** -*** 121,126 **** ---- 121,127 ---- - - extern struct domain inet6domain; - extern struct ip6protosw inet6sw[]; -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); - - u_char ip6_protox[IPPROTO_MAX]; - static int ip6qmaxlen = IFQ_MAXLEN; -*************** -*** 302,307 **** ---- 303,317 ---- - ip6stat.ip6s_badvers++; - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); - goto bad; -+ } -+ -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif, -+ 0, &m1) || !m1) -+ return; -+ ip6 = mtod(m = m1, struct ip6_hdr *); - } - - ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; -*** ip6_output.c.orig Fri Mar 10 01:57:16 2000 ---- ip6_output.c Wed Apr 26 22:34:34 2000 -*************** -*** 108,113 **** ---- 108,115 ---- - #include - #endif - -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ - static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options"); - - struct ip6_exthdrs { -*************** -*** 754,759 **** ---- 756,770 ---- - ip6->ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) - ip6->ip6_dst.s6_addr16[1] = 0; -+ } -+ -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) || -+ !m1) -+ goto done; -+ ip6 = mtod(m = m1, struct ip6_hdr *); - } - - #ifdef IPV6FIREWALL diff --git a/dist/ipf/FreeBSD-4.0/ipv6-patch-4.1 b/dist/ipf/FreeBSD-4.0/ipv6-patch-4.1 deleted file mode 100644 index c4f338912ab5..000000000000 --- a/dist/ipf/FreeBSD-4.0/ipv6-patch-4.1 +++ /dev/null @@ -1,65 +0,0 @@ -.\" $NetBSD: ipv6-patch-4.1,v 1.1.1.1 2001/03/26 03:53:49 mike Exp $ -.\" -*** ip6_input.c.orig Sat Jul 15 07:14:34 2000 ---- ip6_input.c Thu Oct 19 17:14:37 2000 -*************** -*** 120,125 **** ---- 120,127 ---- - - extern struct domain inet6domain; - extern struct ip6protosw inet6sw[]; -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, -+ struct mbuf **)); - - u_char ip6_protox[IPPROTO_MAX]; - static int ip6qmaxlen = IFQ_MAXLEN; -*************** -*** 289,294 **** ---- 291,305 ---- - ip6stat.ip6s_badvers++; - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); - goto bad; -+ } -+ -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif, -+ 0, &m1) || !m1) -+ return; -+ ip6 = mtod(m = m1, struct ip6_hdr *); - } - - ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; - -*** ip6_output.c.orig Sat Jul 15 07:14:35 2000 ---- ip6_output.c Thu Oct 19 17:13:53 2000 -*************** -*** 106,111 **** ---- 106,113 ---- - #include - #endif - -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ - static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options"); - - struct ip6_exthdrs { -*************** -*** 787,792 **** ---- 789,803 ---- - ip6->ip6_src.s6_addr16[1] = 0; - if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) - ip6->ip6_dst.s6_addr16[1] = 0; -+ } -+ -+ if (fr_checkp) { -+ struct mbuf *m1 = m; -+ -+ if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) || -+ !m1) -+ goto done; -+ ip6 = mtod(m = m1, struct ip6_hdr *); - } - - #ifdef IPV6FIREWALL diff --git a/dist/ipf/IRIX/Makefile.ipsend.std b/dist/ipf/IRIX/Makefile.ipsend.std deleted file mode 100644 index c408d7d3a88b..000000000000 --- a/dist/ipf/IRIX/Makefile.ipsend.std +++ /dev/null @@ -1,82 +0,0 @@ -OBJS=ipsend.o ip.o ipsopt.o y.tab.o lex.yy.o -IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o -ROBJS=ipresend.o ip.o resend.o $(IPFTO) inet_addr.o opt.o -TOBJS=iptest.o iptests.o ip.o -UNIXOBJS=sirix.o arp.o -LIBS= - -CC=cc -CFLAGS=-g -I$(TOP) -CCARGS=$(DEBUG) $(CFLAGS) -D_STANDALONE - -all build irix : ipsend ipresend iptest - -.c.o: - $(CC) $(CCARGS) -c $< -o $@ - -y.tab.o: $(TOP)/iplang/iplang_y.y - (cd $(TOP)/iplang; $(MAKE) 'CFLAGS=$(CCARGS)' 'DESTDIR=../IRIX/$(CPUDIR)' ) - -lex.yy.o: $(TOP)/iplang/iplang_l.l - (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../IRIX/$(CPUDIR)' ) - -ipsend: $(OBJS) $(UNIXOBJS) - $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll - -ipresend: $(ROBJS) $(UNIXOBJS) - $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) - -iptest: $(TOBJS) $(UNIXOBJS) - $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) - -clean: - rm -rf *.o core a.out ipsend ipresend iptest - -ipsend.o: $(TOP)/ipsend/ipsend.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/ipsend.c -o $@ - -ipsopt.o: $(TOP)/ipsend/ipsopt.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/ipsopt.c -o $@ - -ipresend.o: $(TOP)/ipsend/ipresend.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/ipresend.c -o $@ - -ip.o: $(TOP)/ipsend/ip.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/ip.c -o $@ - -resend.o: $(TOP)/ipsend/resend.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/resend.c -o $@ - -ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \ - $(TOP)/snoop.h - $(CC) $(CCARGS) -c $(TOP)/ipft_sn.c -o $@ - -ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_ef.c -o $@ - -ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_td.c -o $@ - -ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_pc.c -o $@ - -ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_tx.c -o $@ - -ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_hx.c -o $@ - -iptest.o: $(TOP)/ipsend/iptest.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/iptest.c -o $@ - -iptests.o: $(TOP)/ipsend/iptests.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/iptests.c -o $@ - -sock.o: $(TOP)/ipsend/sock.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/sock.c -o $@ - -arp.o: $(TOP)/ipsend/arp.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/arp.c -o $@ - -sirix.o: $(TOP)/ipsend/sirix.c - $(CC) $(CCARGS) -c $(TOP)/ipsend/sirix.c -o $@ diff --git a/dist/ipf/IRIX/Makefile.std b/dist/ipf/IRIX/Makefile.std deleted file mode 100644 index a16527005f52..000000000000 --- a/dist/ipf/IRIX/Makefile.std +++ /dev/null @@ -1,268 +0,0 @@ -#!smake -# -# Copyright (C) 1993-1998 by Darren Reed. -# Copyright (C) 1997 by Marc Boucher. -# -# Redistribution and use in source and binary forms are permitted -# provided that this notice is preserved and due credit is given -# to the original authors and the contributors. -# -# For IRIX -# -# Automatically determine compiler switches and defines for kernel compilation -# based on our current CPU: -# -SGIREV=-DIRIX=$(SGI) -DCPU=`uname -m` -KFLAGS=`$(TOP)/IRIX/getkflags` -# -BINDEST=/usr/sbin -SBINDEST=/usr/etc -MANDIR=/usr/share/man/local -INCDEST=/usr/include/netinet -LKMDEST=/var/sysgen/boot -CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` -TOP=.. -#CC=cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O -CFLAGS=-g -I$(TOP) -# -ML=mli_ipl.c -MLD=$(ML) -IPFILC=ip_fil.c -#if defined(IPFLKM) && !empty(IPFLKM) -MLFLAGS= -G 0 -LKM=ipflkm.o -#else -MLFLAGS= -G 8 -LKM=ipfilter.o -#endif -MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \ - 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \ - "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \ - "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \ - "CPUDIR=$(CPUDIR)" -# -CCARGS=$(SGIREV) -D_STANDALONE $(DEBUG) $(CFLAGS) $(IPFLOG) -# -########## ########## ########## ########## ########## ########## ########## -# -CP=/bin/cp -RM=/bin/rm -CHMOD=/bin/chmod -INSTALL=/sbin/install -# -MODOBJS=ip_fil.o fil_k.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \ - ip_auth.o ip_log.o -DFLAGS=$(IPFLKM) $(KFLAGS) $(MLFLAGS) -jalr $(SGIREV) \ - #-D_MP_NETLOCKS -DMP -IPF=ipf.o parse.o common.o opt.o inet_addr.o facpri.o -IPT=ipt.o parse.o common.o fil.o ipft_sn.o ipft_ef.o ipft_td.o ipft_pc.o \ - opt.o ipft_tx.o misc.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_proxy_u.o \ - ip_auth_u.o ipft_hx.o ip_fil_u.o ip_log_u.o inet_addr.o natparse.o \ - facpri.o printnat.o printstate.o -IPNAT=ipnat.o kmem.o natparse.o common.o inet_addr.o printnat.o -FILS=fils.o parse.o common.o kmem.o opt.o inet_addr.o facpri.o printstate.o - -build all: ipf ipfstat ipftest ipmon ipnat $(LKM) - -ipfstat: $(FILS) - $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) $(FILS) \ - -o $@ $(LIBS) $(STATETOP_LIB) -lelf - -ipf: $(IPF) - $(CC) $(CCARGS) $(IPF) -o $@ $(LIBS) - ${RM} -f $(TOP)/ipf - ln -s `pwd`/ipf $(TOP) - -ipftest: $(IPT) - $(CC) $(CCARGS) $(IPT) -o $@ $(LIBS) - ${RM} -f $(TOP)/ipftest - ln -s `pwd`/ipftest $(TOP) - -ipnat: $(IPNAT) - $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS) -lelf - -tests: - (cd test; make ) - -fils.o: $(TOP)/fils.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_frag.h \ - $(TOP)/ip_compat.h $(TOP)/ip_state.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \ - -c $(TOP)/fils.c -o $@ - -fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h - $(CC) $(CCARGS) -c $(TOP)/fil.c -o $@ - -fil_k.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h - $(CC) $(CCARGS) $(POLICY) $(DFLAGS) -c $(TOP)/fil.c -o $@ - -ipf.o: $(TOP)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h - $(CC) $(CCARGS) -c $(TOP)/ipf.c -o $@ - -ipt.o: $(TOP)/ipt.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h - $(CC) $(CCARGS) -c $(TOP)/ipt.c -o $@ - -misc.o: $(TOP)/misc.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h - $(CC) $(CCARGS) -c $(TOP)/misc.c -o $@ - -inet_addr.o: $(TOP)/inet_addr.c - $(CC) $(ATON) $(CCARGS) -c $(TOP)/inet_addr.c -o $@ - -opt.o: $(TOP)/opt.c $(TOP)/ip_fil.h $(TOP)/ipf.h - $(CC) $(CCARGS) -c $(TOP)/opt.c -o $@ - -ipnat.o: $(TOP)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) -c $(TOP)/ipnat.c -o $@ - -ipft_sn.o: $(TOP)/ipft_sn.c $(TOP)/ipt.h $(TOP)/ipf.h $(TOP)/ip_fil.h \ - $(TOP)/snoop.h - $(CC) $(CCARGS) -c $(TOP)/ipft_sn.c -o $@ - -ipft_ef.o: $(TOP)/ipft_ef.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_ef.c -o $@ - -ipft_td.o: $(TOP)/ipft_td.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_td.c -o $@ - -ipft_pc.o: $(TOP)/ipft_pc.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_pc.c -o $@ - -ipft_tx.o: $(TOP)/ipft_tx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_tx.c -o $@ - -ipft_hx.o: $(TOP)/ipft_hx.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOP)/ipt.h - $(CC) $(CCARGS) -c $(TOP)/ipft_hx.c -o $@ - -ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(TOP)/ip_nat.c -o $@ - -ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) -c $(TOP)/ip_proxy.c -o $@ - -ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(TOP)/ip_frag.c -o $@ - -ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) -c $(TOP)/ip_state.c -o $@ - -ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(TOP)/ip_auth.c -o $@ - -ip_fil_u.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h - $(CC) $(CCARGS) -c $(TOP)/$(IPFILC) -o $@ - -ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h - $(CC) $(CCARGS) -c $(TOP)/ip_log.c -o $@ - -$(LKM): $(MODOBJS) - ld $(MLFLAGS) -r -d $(MODOBJS) -o $(LKM) - -ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@ - -ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@ - -ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_state.c -o $@ - -ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@ - -ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \ - $(TOP)/ip_fil.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@ - -ip_fil.o: $(TOP)/$(IPFILC) $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/$(IPFILC) -o $@ - -ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h - $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@ - -ml_ipl.o: $(TOP)/$(MLD) $(TOP)/ipl.h - $(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@ - -kmem.o: $(TOP)/kmem.c - $(CC) $(CCARGS) -c $(TOP)/kmem.c -o $@ - -parse.o: $(TOP)/parse.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(TOP)/parse.c -o $@ - -common.o: $(TOP)/common.c $(TOP)/ip_fil.h - $(CC) $(CCARGS) -c $(TOP)/common.c -o $@ - -facpri.o: $(TOP)/facpri.c $(TOP)/facpri.h - $(CC) $(CCARGS) -c $(TOP)/facpri.c -o $@ - -ipmon: $(TOP)/ipmon.c - $(CC) $(CCARGS) $(LOGFAC) $(TOP)/ipmon.c -o $@ $(LIBS) - ${RM} -f $(TOP)/ipmon - ln -s `pwd`/ipmon $(TOP) - -natparse.o: $(TOP)/natparse.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \ - $(TOP)/ip_proxy.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) -c $(TOP)/natparse.c -o $@ - -printnat.o: $(TOP)/printnat.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \ - $(TOP)/ip_proxy.h $(TOP)/ip_nat.h - $(CC) $(CCARGS) -c $(TOP)/printnat.c -o $@ - -printstate.o: $(TOP)/printstate.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \ - $(TOP)/ip_state.h - $(CC) $(CCARGS) -c $(TOP)/printstate.c -o $@ - -clean: - ${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon ipnat $(LKM) - ${MAKE} -f Makefile.ipsend ${MFLAGS} clean - -(for i in *; do \ - if [ -d $${i} -a -f $${i}/Makefile ] ; then \ - cd $${i}; (make clean); cd ..; \ - ${RM} $${i}/Makefile* $${i}/Makefile.ipsend*; \ - rmdir $${i}; \ - fi \ - done) - -install: - -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipf -O ipf - -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipfstat -O ipfstat - -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipnat -O ipnat - - -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipmon -O ipmon - -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipftest -O ipftest - -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipsend -O ipsend - -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipresend -O ipresend - -if [ -r $(LKMDEST)/$(LKM) -a ! -r $(LKMDEST)/$(LKM).DIST ]; then \ - cp -p $(LKMDEST)/$(LKM) $(LKMDEST)/$(LKM).DIST; \ - fi - -$(INSTALL) -F $(LKMDEST) -m 444 -src $(CPUDIR)/$(LKM) -O $(LKM) - -$(INSTALL) -F $(INCDEST) -m 444 -src $(TOP)/ip_fil.h -O ip_fil.h - -$(INSTALL) -F $(INCDEST) -m 444 -src $(TOP)/ip_nat.h -O ip_nat.h - -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/ipsend.1 -O ipsend.1 - -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/ipresend.1 -O ipresend.1 - -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/iptest.1 -O iptest.1 - -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/ipsend/ipsend.5 -O ipsend.5 - -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipnat.8 -O ipnat.8 - -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/man/ipftest.1 -O ipftest.1 - -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipf.4 -O ipf.4 - -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipl.4 -O ipl.4 - -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipnat.4 -O ipnat.4 - -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipf.5 -O ipf.5 - -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipnat.5 -O ipnat.5 - -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipfilter.5 -O ipfilter.5 - -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipf.8 -O ipf.8 - -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipfs.8 -O ipfs.8 - -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipfstat.8 -O ipfstat.8 - -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipmon.8 -O ipmon.8 - -$(INSTALL) -F /etc/init.d -m 755 -src ipfboot -O ipf - -$(INSTALL) -F /etc/rc2.d -lns ../init.d/ipf -O S33ipf -#if !defined(IPFLKM) || empty(IPFLKM) - -${RM} -f $(LKMDEST)/ipflkm.o - /etc/autoconfig -#endif - diff --git a/dist/ipf/IRIX/getkflags b/dist/ipf/IRIX/getkflags deleted file mode 100644 index d3faf6a46bac..000000000000 --- a/dist/ipf/IRIX/getkflags +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -CPUNUM=`uname -m | sed -e 's/IP//'` -sed \ --e 's/\!empty//' \ --e 's/"//g' \ --e 's/\$(\([_A-Z]*\)) == /\1 == /' \ --e 's/== *IP/== /g' -e 's/)=/) =/g' -e 's/#[^ie].*//' \ --e 's/\$(CPUBOARD)/CPUBOARD/g' \ --e 's/^#$//' /var/sysgen/Makefile.kernio | \ -/usr/lib/cpp -DCPUBOARD=${CPUNUM} | \ -egrep -v '^$|^#.*|^$|^ROOT=|^include' -exit 0 diff --git a/dist/ipf/IRIX/getrev b/dist/ipf/IRIX/getrev deleted file mode 100644 index 91c365dcadf3..000000000000 --- a/dist/ipf/IRIX/getrev +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -osrev=`uname -r` -major=`expr $osrev : '\([0-9]\)\..*'` -minor=`expr $osrev : '.*\.\([0-9]\)'` -printf '%d%02d' $major $minor -exit 0 diff --git a/dist/ipf/OpenBSD/2.9-IPv6.diffs b/dist/ipf/OpenBSD/2.9-IPv6.diffs deleted file mode 100644 index f04a7a13ff1c..000000000000 --- a/dist/ipf/OpenBSD/2.9-IPv6.diffs +++ /dev/null @@ -1,86 +0,0 @@ -*** ip6_input.c.orig Sun Sep 2 12:51:02 2001 ---- ip6_input.c Mon Sep 3 22:25:23 2001 -*************** -*** 130,135 **** ---- 130,138 ---- - #ifdef PULLDOWN_TEST - static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int)); - #endif -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif - - /* - * IP6 initialization: fill in IP6 protocol switch table. -*************** -*** 274,279 **** ---- 277,302 ---- - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); - goto bad; - } -+ -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * Check if we want to allow this packet to be processed. -+ * Consider it to be bad if not. -+ */ -+ if (fr_checkp != NULL) { -+ struct mbuf *m0 = m; -+ -+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), -+ m->m_pkthdr.rcvif, 0, &m0)) { -+ return; -+ } -+ m = m0; -+ if (m == 0) { /* in case of 'fastroute' */ -+ return; -+ } -+ ip6 = mtod(m, struct ip6_hdr *); -+ } -+ #endif - - ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; - -*** ip6_output.c.orig Sun Sep 2 12:51:21 2001 ---- ip6_output.c Mon Sep 3 22:27:46 2001 -*************** -*** 113,118 **** ---- 113,122 ---- - struct mbuf *ip6e_dest2; - }; - -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif -+ - static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *, - struct socket *)); - static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *)); -*************** -*** 910,915 **** ---- 914,938 ---- - m->m_pkthdr.rcvif = NULL; - } - -+ -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * looks like most checking has been done now...do a filter check -+ */ -+ if (fr_checkp != NULL) { -+ struct mbuf *m1 = m; -+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) { -+ error = EHOSTUNREACH; -+ goto done; -+ } -+ m = m1; -+ if (m1 == 0) { /* in case of 'fastroute' */ -+ error = 0; -+ goto done; -+ } -+ ip6 = mtod(m, struct ip6_hdr *); -+ } -+ #endif - /* - * Send the packet to the outgoing interface. - * If necessary, do IPv6 fragmentation before sending. diff --git a/dist/ipf/OpenBSD/3.0-MAKEDEV-diffs b/dist/ipf/OpenBSD/3.0-MAKEDEV-diffs deleted file mode 100644 index 70aaeb93be16..000000000000 --- a/dist/ipf/OpenBSD/3.0-MAKEDEV-diffs +++ /dev/null @@ -1,569 +0,0 @@ -diff -cr src.30/etc/etc.alpha/MAKEDEV src/etc/etc.alpha/MAKEDEV -*** src.30/etc/etc.alpha/MAKEDEV Thu Jul 5 12:54:06 2001 ---- src/etc/etc.alpha/MAKEDEV Fri Dec 28 12:43:16 2001 -*************** -*** 83,88 **** ---- 83,89 ---- - # *random inkernal random data source - # uk* SCSI Unknown device - # ss* SCSI scanners -+ # ipl IP filter log - # altq ALTQ control interface - # iop I2O controller device - -*************** -*** 161,167 **** - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - sh $this pf audio0 tun0 tun1 tun2 tun3 - sh $this ttyB0 ttyB1 tty00 tty01 lkm -! sh $this mmclock lpa0 lpt0 random - sh $this uk0 uk1 ss0 ss1 - sh $this ttyc0 ttyc1 ttyc2 ttyc3 ttyc4 ttyc5 ttyc6 ttyc7 - sh $this local xfs0 altq ---- 162,168 ---- - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - sh $this pf audio0 tun0 tun1 tun2 tun3 - sh $this ttyB0 ttyB1 tty00 tty01 lkm -! sh $this mmclock lpa0 lpt0 random ipl - sh $this uk0 uk1 ss0 ss1 - sh $this ttyc0 ttyc1 ttyc2 ttyc3 ttyc4 ttyc5 ttyc6 ttyc7 - sh $this local xfs0 altq -*************** -*** 495,500 **** ---- 496,510 ---- - mknod pf c 35 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 37 0 -+ mknod ipnat c 37 1 -+ mknod ipstate c 37 2 -+ mknod ipauth c 37 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.amiga/MAKEDEV src/etc/etc.amiga/MAKEDEV -*** src.30/etc/etc.amiga/MAKEDEV Thu Jun 28 12:58:53 2001 ---- src/etc/etc.amiga/MAKEDEV Fri Dec 28 12:45:25 2001 -*************** -*** 86,91 **** ---- 86,92 ---- - # lkm loadable kernel modules interface - # bpf* Berkeley Packet Filter - # tun* network tunnel driver -+ # ipf IP filter - # ss* SCSI scanners - # uk* SCSI Unknown device - # *random inkernal random data source -*************** -*** 168,174 **** - sh $this vnd0 vnd1 vnd2 vnd3 vnd4 vnd5 vnd6 cd0 cd1 fd0 fd1 fd2 fd3 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - sh $this view00 view01 view02 view03 view04 view05 pty0 pty1 -! sh $this lpa0 lpa1 lpt0 lpt1 lpt2 - sh $this ccd0 ccd1 ccd2 ccd3 wd0 wd1 ch0 uk0 uk1 - sh $this pf tun0 tun1 par0 lkm ss0 random audio0 xfs0 altq local - ;; ---- 169,175 ---- - sh $this vnd0 vnd1 vnd2 vnd3 vnd4 vnd5 vnd6 cd0 cd1 fd0 fd1 fd2 fd3 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - sh $this view00 view01 view02 view03 view04 view05 pty0 pty1 -! sh $this lpa0 lpa1 lpt0 lpt1 lpt2 ipl - sh $this ccd0 ccd1 ccd2 ccd3 wd0 wd1 ch0 uk0 uk1 - sh $this pf tun0 tun1 par0 lkm ss0 random audio0 xfs0 altq local - ;; -*************** -*** 182,188 **** - - std) - rm -f console drum kmem mem reload null zero tty -! rm -f klog stdin stdout stderr ksyms - mknod console c 0 0 - mknod drum c 3 0 ; chmod 640 drum ; chown root.kmem drum - mknod kmem c 2 1 ; chmod 640 kmem ; chown root.kmem kmem ---- 183,189 ---- - - std) - rm -f console drum kmem mem reload null zero tty -! rm -f klog stdin stdout stderr ipf ksyms - mknod console c 0 0 - mknod drum c 3 0 ; chmod 640 drum ; chown root.kmem drum - mknod kmem c 2 1 ; chmod 640 kmem ; chown root.kmem kmem -*************** -*** 195,200 **** ---- 196,202 ---- - mknod stdin c 21 0 ; chmod 666 stdin - mknod stdout c 21 1 ; chmod 666 stdout - mknod stderr c 21 2 ; chmod 666 stderr -+ mknod ipf c 35 0 ; chmod 444 ipf - mknod ksyms c 42 0 ; chmod 640 ksyms ; chown root.kmem ksyms - ;; - -*************** -*** 602,607 **** ---- 604,618 ---- - rm -f $name$unit - mknod $name$unit c 33 `expr $unit + $flags` - chown root.wheel $name$unit -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 38 0 -+ mknod ipnat c 38 1 -+ mknod ipstate c 38 2 -+ mknod ipauth c 38 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.hp300/MAKEDEV src/etc/etc.hp300/MAKEDEV -*** src.30/etc/etc.hp300/MAKEDEV Thu Jun 28 12:58:53 2001 ---- src/etc/etc.hp300/MAKEDEV Fri Dec 28 12:47:17 2001 -*************** -*** 103,109 **** - sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3 - sh MAKEDEV hil grf0 apci0 ppi0 ite0 dca0 dcm0 dcm1 dcm2 dcm3 - sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh MAKEDEV pf tun0 tun1 tun2 tun3 lkm random xfs0 altq - sh MAKEDEV local - ;; - ---- 103,109 ---- - sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3 - sh MAKEDEV hil grf0 apci0 ppi0 ite0 dca0 dcm0 dcm1 dcm2 dcm3 - sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh MAKEDEV ipl pf tun0 tun1 tun2 tun3 lkm random xfs0 altq - sh MAKEDEV local - ;; - -*************** -*** 195,200 **** ---- 195,209 ---- - mknod pf c 33 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 37 0 -+ mknod ipnat c 37 1 -+ mknod ipstate c 37 2 -+ mknod ipauth c 37 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.hppa/MAKEDEV src/etc/etc.hppa/MAKEDEV -*** src.30/etc/etc.hppa/MAKEDEV Fri Sep 7 05:40:21 2001 ---- src/etc/etc.hppa/MAKEDEV Fri Dec 28 12:49:46 2001 -*************** -*** 106,112 **** - sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3 - sh MAKEDEV tty00 tty01 tty02 tty03 - sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh MAKEDEV pf tun0 tun1 tun2 tun3 lkm random xfs0 altq - sh MAKEDEV local - ;; - ---- 106,112 ---- - sh MAKEDEV sd0 sd1 sd2 rd0 rd1 pty0 vnd0 vnd1 vnd2 vnd3 - sh MAKEDEV tty00 tty01 tty02 tty03 - sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh MAKEDEV ipl pf tun0 tun1 tun2 tun3 lkm random xfs0 altq - sh MAKEDEV local - ;; - -*************** -*** 187,192 **** ---- 187,201 ---- - mknod pf c 21 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 34 0 -+ mknod ipnat c 34 1 -+ mknod ipstate c 34 2 -+ mknod ipauth c 34 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.i386/MAKEDEV src/etc/etc.i386/MAKEDEV -*** src.30/etc/etc.i386/MAKEDEV Fri Oct 5 08:38:13 2001 ---- src/etc/etc.i386/MAKEDEV Fri Dec 28 12:50:50 2001 -*************** -*** 193,199 **** - sh $this ttyC0 ttyC1 ttyC2 ttyC3 ttyC4 ttyC5 ttyC6 ttyC7 ttyC8 ttyC9 - sh $this ttyCa ttyCb - sh $this wscons -! sh $this pf tun0 tun1 tun2 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - sh $this speaker lkm audio0 radio0 joy0 joy1 apm local - sh $this random ses0 uk0 uk1 ss0 ss1 pctr bktr0 tuner0 wdt0 ---- 193,199 ---- - sh $this ttyC0 ttyC1 ttyC2 ttyC3 ttyC4 ttyC5 ttyC6 ttyC7 ttyC8 ttyC9 - sh $this ttyCa ttyCb - sh $this wscons -! sh $this pf ipl tun0 tun1 tun2 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - sh $this speaker lkm audio0 radio0 joy0 joy1 apm local - sh $this random ses0 uk0 uk1 ss0 ss1 pctr bktr0 tuner0 wdt0 -*************** -*** 587,592 **** ---- 587,601 ---- - mknod pf c 73 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 77 0 -+ mknod ipnat c 77 1 -+ mknod ipstate c 77 2 -+ mknod ipauth c 77 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - speaker) # (XXX - installed) -diff -cr src.30/etc/etc.mac68k/MAKEDEV src/etc/etc.mac68k/MAKEDEV -*** src.30/etc/etc.mac68k/MAKEDEV Thu Jun 28 12:58:54 2001 ---- src/etc/etc.mac68k/MAKEDEV Fri Dec 28 12:52:19 2001 -*************** -*** 140,145 **** ---- 140,146 ---- - sh $this adb asc0 grf0 grf1 grf2 grf3 ttye0 - sh $this tty00 tty01 pty0 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -+ sh $this ipl - sh $this pf tun0 tun1 tun2 tun3 - sh $this lkm - sh $this random -*************** -*** 427,432 **** ---- 428,442 ---- - mknod pf c 35 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 38 0 -+ mknod ipnat c 38 1 -+ mknod ipstate c 38 2 -+ mknod ipauth c 38 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.macppc/MAKEDEV src/etc/etc.macppc/MAKEDEV -*** src.30/etc/etc.macppc/MAKEDEV Thu Oct 4 00:50:38 2001 ---- src/etc/etc.macppc/MAKEDEV Fri Dec 28 12:53:20 2001 -*************** -*** 160,166 **** - sh $this ttyC0 ttyCcfg - sh $this tty00 tty01 tty02 tty03 pty0 pty1 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh $this pf tun0 tun1 tun2 tun3 - sh $this audio0 - sh $this random uk0 uk1 ss0 ss1 - sh $this wscons ---- 160,166 ---- - sh $this ttyC0 ttyCcfg - sh $this tty00 tty01 tty02 tty03 pty0 pty1 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh $this ipl pf tun0 tun1 tun2 tun3 - sh $this audio0 - sh $this random uk0 uk1 ss0 ss1 - sh $this wscons -*************** -*** 551,556 **** ---- 551,565 ---- - mknod pf c 39 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 45 0 -+ mknod ipnat c 45 1 -+ mknod ipstate c 45 2 -+ mknod ipauth c 45 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.mvme68k/MAKEDEV src/etc/etc.mvme68k/MAKEDEV -*** src.30/etc/etc.mvme68k/MAKEDEV Thu Jun 28 12:58:55 2001 ---- src/etc/etc.mvme68k/MAKEDEV Fri Dec 28 12:55:33 2001 -*************** -*** 91,97 **** - sh MAKEDEV tty00 tty01 tty02 tty03 - sh MAKEDEV ttyw0 - sh MAKEDEV sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9 -! sh MAKEDEV vnd0 vnd1 pty0 cd0 - sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - #sh MAKEDEV ccd0 ccd1 ccd2 ccd3 - sh MAKEDEV pf tun0 tun1 lkm local ---- 91,97 ---- - sh MAKEDEV tty00 tty01 tty02 tty03 - sh MAKEDEV ttyw0 - sh MAKEDEV sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9 -! sh MAKEDEV vnd0 vnd1 pty0 cd0 ipl - sh MAKEDEV bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - #sh MAKEDEV ccd0 ccd1 ccd2 ccd3 - sh MAKEDEV pf tun0 tun1 lkm local -*************** -*** 431,436 **** ---- 431,445 ---- - chown root.kmem lkm - chmod 640 lkm - ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 44 0 -+ mknod ipnat c 44 1 -+ mknod ipstate c 44 2 -+ mknod ipauth c 44 3 -+ chown root.wheel ipl ipnat ipstate ipauth -+ ;; - - sram*|nvram*|flash*|vmel*|vmes*) - rm -f $i -diff -cr src.30/etc/etc.mvme88k/MAKEDEV src/etc/etc.mvme88k/MAKEDEV -*** src.30/etc/etc.mvme88k/MAKEDEV Thu Jun 28 12:58:55 2001 ---- src/etc/etc.mvme88k/MAKEDEV Fri Dec 28 12:29:24 2001 -*************** -*** 78,84 **** - sh $this tty00 tty01 tty02 tty03 - sh $this ttyw0 - sh $this sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9 -! sh $this vnd0 vnd1 pty0 cd0 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - #sh $this ccd0 ccd1 ccd2 ccd3 - sh $this pf tun0 tun1 lkm local ---- 78,84 ---- - sh $this tty00 tty01 tty02 tty03 - sh $this ttyw0 - sh $this sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9 -! sh $this vnd0 vnd1 pty0 cd0 ipl - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 - #sh $this ccd0 ccd1 ccd2 ccd3 - sh $this pf tun0 tun1 lkm local -*************** -*** 293,298 **** ---- 293,307 ---- - mknod pf c 39 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 41 0 -+ mknod ipnat c 41 1 -+ mknod ipstate c 41 2 -+ mknod ipauth c 41 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - bpf*|tun*) -diff -cr src.30/etc/etc.mvmeppc/MAKEDEV src/etc/etc.mvmeppc/MAKEDEV -*** src.30/etc/etc.mvmeppc/MAKEDEV Mon Jul 2 12:37:13 2001 ---- src/etc/etc.mvmeppc/MAKEDEV Fri Dec 28 12:57:54 2001 -*************** -*** 158,164 **** - sh $this ttyC0 ttyCcfg - sh $this tty00 tty01 tty02 tty03 pty0 pty1 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh $this pf tun0 tun1 tun2 tun3 - sh $this audio0 - sh $this random uk0 uk1 ss0 ss1 - sh $this wscons ---- 158,164 ---- - sh $this ttyC0 ttyCcfg - sh $this tty00 tty01 tty02 tty03 pty0 pty1 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! sh $this ipl pf tun0 tun1 tun2 tun3 - sh $this audio0 - sh $this random uk0 uk1 ss0 ss1 - sh $this wscons -*************** -*** 532,537 **** ---- 532,546 ---- - mknod pf c 39 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 44 0 -+ mknod ipnat c 44 1 -+ mknod ipstate c 44 2 -+ mknod ipauth c 44 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.sparc/MAKEDEV src/etc/etc.sparc/MAKEDEV -*** src.30/etc/etc.sparc/MAKEDEV Fri Sep 7 05:45:34 2001 ---- src/etc/etc.sparc/MAKEDEV Fri Dec 28 12:30:46 2001 -*************** -*** 86,91 **** ---- 86,92 ---- - # spif* spif card (makes 8 tty and 1 bpp) - # bpp* bpp - # xfs* XFS filesystem devices -+ # ipl IP filter log - # altq ALTQ control interface - - PATH=/sbin:/bin:/usr/bin:/usr/sbin -*************** -*** 206,211 **** ---- 207,213 ---- - sh $this ccd0 ccd1 ccd2 ccd3 - sh $this raid0 raid1 raid2 raid3 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -+ sh $this ipl - sh $this bwtwo0 cgtwo0 cgthree0 cgfour0 cgsix0 - sh $this cgeight0 cgfourteen0 tcx0 - sh $this lkm random local -*************** -*** 341,346 **** ---- 343,357 ---- - mknod pf c 59 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 60 0 -+ mknod ipnat c 60 1 -+ mknod ipstate c 60 2 -+ mknod ipauth c 60 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.sparc64/MAKEDEV src/etc/etc.sparc64/MAKEDEV -*** src.30/etc/etc.sparc64/MAKEDEV Sat Sep 22 03:58:56 2001 ---- src/etc/etc.sparc64/MAKEDEV Fri Dec 28 12:33:35 2001 -*************** -*** 188,194 **** - R vnd0 vnd1 ccd0 ccd1 ccd2 ccd3 - R raid0 raid1 raid2 raid3 - R bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! R pf altq tun0 tun1 tun2 random ses0 uk0 uk1 ss0 ss1 - R fd0 fd0B fd0C fd0D fd0E fd0F fd0G fd0H - R fd1 fd1B fd1C fd1D fd1E fd1F fd1G fd1H - R xfs0 tcx0 lkm audio0 local ---- 188,194 ---- - R vnd0 vnd1 ccd0 ccd1 ccd2 ccd3 - R raid0 raid1 raid2 raid3 - R bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -! R ipl pf altq tun0 tun1 tun2 random ses0 uk0 uk1 ss0 ss1 - R fd0 fd0B fd0C fd0D fd0E fd0F fd0G fd0H - R fd1 fd1B fd1C fd1D fd1E fd1F fd1G fd1H - R xfs0 tcx0 lkm audio0 local -*************** -*** 243,248 **** ---- 243,253 ---- - U=$(($U+1)) - done;; - pf*)M pf c 73 0 600;; -+ ipl*)M ipl c 75 0 600 root.wheel -+ M ipnat c 75 1 root.wheel -+ M ipstate c 75 2 root.wheel -+ M ipauth c 75 3 root.wheel -+ ;; - cgsix*)M cgsix$U c 67 $U 666;; - audio*)M sound$U c 69 $U - M mixer$U c 69 $(($U+16)) -diff -cr src.30/etc/etc.sun3/MAKEDEV src/etc/etc.sun3/MAKEDEV -*** src.30/etc/etc.sun3/MAKEDEV Fri Sep 7 05:45:34 2001 ---- src/etc/etc.sun3/MAKEDEV Fri Dec 28 13:01:23 2001 -*************** -*** 70,75 **** ---- 70,76 ---- - # tun* network tunnel driver - # *random inkernal random data source - # xfs* XFS filesystem devices -+ # ipl IP filter log - # altq ALTQ control interface - - PATH=/sbin:/bin:/usr/bin:/usr/sbin -*************** -*** 187,192 **** ---- 188,194 ---- - sh $this pty0 vnd0 vnd1 vnd2 vnd3 pf tun0 tun1 tun2 tun3 - sh $this ccd0 ccd1 ccd2 ccd3 - sh $this bpf0 bpf1 bpf2 bpf3 bpf4 bpf5 bpf6 bpf7 bpf8 bpf9 -+ sh $this ipl - sh $this bwtwo0 cgtwo0 cgfour0 - sh $this random local - sh $this xfs0 altq -*************** -*** 277,282 **** ---- 279,293 ---- - mknod pf c 75 0 - chown root.wheel pf - chmod 600 pf -+ ;; -+ -+ ipl) -+ rm -f ipl ipnat ipstate ipauth -+ mknod ipl c 86 0 -+ mknod ipnat c 86 1 -+ mknod ipstate c 86 2 -+ mknod ipauth c 86 3 -+ chown root.wheel ipl ipnat ipstate ipauth - ;; - - tun*) -diff -cr src.30/etc/etc.vax/MAKEDEV src/etc/etc.vax/MAKEDEV -*** src.30/etc/etc.vax/MAKEDEV Fri Jul 13 10:06:30 2001 ---- src/etc/etc.vax/MAKEDEV Fri Dec 28 13:02:17 2001 -*************** -*** 93,99 **** - std) - rm -f console drum floppy crl csa1 csa2 tu0 tu1 - rm -f kUmem kmem mem null zero tty klog ttyg[0-3] -! rm -f stdin stdout stderr ksyms - mknod console c 0 0 - mknod ttyg0 c 25 0 - mknod ttyg1 c 25 1 ---- 93,99 ---- - std) - rm -f console drum floppy crl csa1 csa2 tu0 tu1 - rm -f kUmem kmem mem null zero tty klog ttyg[0-3] -! rm -f stdin stdout stderr ksyms ipl ipnat ipstate ipauth - mknod console c 0 0 - mknod ttyg0 c 25 0 - mknod ttyg1 c 25 1 -*************** -*** 117,122 **** ---- 117,126 ---- - mknod stdout c 53 1 ; chmod 666 stdout - mknod stderr c 53 2 ; chmod 666 stderr - mknod ksyms c 50 0 ; chmod 640 ksyms ; chown root.kmem ksyms -+ mknod ipl c 47 0 ; chmod 600 ipl -+ mknod ipnat c 47 1 ; chmod 600 ipnat -+ mknod ipstate c 47 2 ; chmod 600 ipstate -+ mknod ipauth c 47 3 ; chmod 600 ipauth - ;; - - fd) diff --git a/dist/ipf/OpenBSD/3.0-rc-diffs b/dist/ipf/OpenBSD/3.0-rc-diffs deleted file mode 100644 index 53fa9482785d..000000000000 --- a/dist/ipf/OpenBSD/3.0-rc-diffs +++ /dev/null @@ -1,83 +0,0 @@ -diff -cr src.30/etc/netstart src/etc/netstart -*** src.30/etc/netstart Tue Jul 31 18:27:35 2001 ---- src/etc/netstart Wed Jan 2 10:02:01 2002 -*************** -*** 27,32 **** ---- 27,42 ---- - domainname `cat /etc/defaultdomain` - fi - -+ # Configure the IP filter before configuring network interfaces -+ if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then -+ echo 'configuring IP filter' -+ ipf -Fa -f ${ipfilter_rules} -+ ipfresync="ipf -y" -+ else -+ ipfilter=NO -+ ipfresync=NO -+ fi -+ - # set the address for the loopback interface - # it will also initialize IPv6 address for lo0 (::1 and others). - ifconfig lo0 inet localhost -*************** -*** 273,275 **** ---- 283,298 ---- - route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null - ;; - esac -+ -+ # Configure NAT after configuring network interfaces -+ if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then -+ echo 'configuring NAT' -+ ipnat -CF -f ${ipnat_rules} -+ else -+ ipnat=NO -+ fi -+ -+ # Interfaces have come up so we should do an ipf -y if we're using IP filter. -+ if [ "${ipfresync}" != "NO" ]; then -+ ${ipfresync} -+ fi -diff -cr src.30/etc/rc src/etc/rc -*** src.30/etc/rc Wed Oct 10 04:44:17 2001 ---- src/etc/rc Wed Jan 2 09:55:31 2002 -*************** -*** 213,218 **** ---- 213,222 ---- - echo 'starting named'; named $named_flags - fi - -+ if [ X"${ipfilter}" = X"YES" -a X"${ipmon_flags}" != X"NO" ]; then -+ echo 'starting ipmon'; ipmon ${ipmon_flags} -+ fi -+ - # $photurisd_flags is imported from /etc/rc.conf; - # If $photurisd_flags == NO or /etc/photuris/photuris.conf doesn't exist, then - # photurisd isn't run. -diff -cr src.30/etc/rc.conf src/etc/rc.conf -*** src.30/etc/rc.conf Sat Oct 13 08:40:58 2001 ---- src/etc/rc.conf Wed Jan 2 10:04:35 2002 -*************** -*** 53,58 **** ---- 53,60 ---- - lockd=NO - gated=NO - amd=NO -+ ipfilter=NO # To enable ipfilter, set to YES -+ ipnat=NO # for "YES", ipfilter must also be "YES" - pf=NO # Packet filter / NAT - portmap=YES # almost always needed - inetd=YES # almost always needed -*************** -*** 78,83 **** ---- 80,88 ---- - nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver - amd_dir=/tmp_mnt # AMD's mount directory - amd_master=/etc/amd/master # AMD 'master' map -+ ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering with IP Filter -+ ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation -+ ipmon_flags=-Ds # To disable logging, use ipmon_flags=NO - syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log" - named_user=named # Named should not run as root unless necessary - named_chroot=/var/named # Where to chroot named if not empty diff --git a/dist/ipf/OpenBSD/3.0-sys-diffs b/dist/ipf/OpenBSD/3.0-sys-diffs deleted file mode 100644 index 610235a317d0..000000000000 --- a/dist/ipf/OpenBSD/3.0-sys-diffs +++ /dev/null @@ -1,982 +0,0 @@ -diff -cr sys.30/arch/alpha/alpha/conf.c sys/arch/alpha/alpha/conf.c -*** sys.30/arch/alpha/alpha/conf.c Fri Sep 28 13:33:39 2001 ---- sys/arch/alpha/alpha/conf.c Fri Dec 28 12:42:32 2001 -*************** -*** 104,109 **** ---- 104,114 ---- - #include "lpt.h" - cdev_decl(lpt); - cdev_decl(prom); /* XXX XXX XXX */ -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif - cdev_decl(wd); - #include "cy.h" - cdev_decl(cy); -*************** -*** 174,180 **** - cdev_random_init(1,random), /* 34: random data source */ - cdev_pf_init(NPF, pf), /* 35: packet filter */ - cdev_disk_init(NWD,wd), /* 36: ST506/ESDI/IDE disk */ -! cdev_notdef(), /* 37 */ - cdev_tty_init(NCY,cy), /* 38: Cyclom serial port */ - cdev_ksyms_init(NKSYMS,ksyms), /* 39: Kernel symbols device */ - cdev_notdef(), /* 40 */ ---- 179,185 ---- - cdev_random_init(1,random), /* 34: random data source */ - cdev_pf_init(NPF, pf), /* 35: packet filter */ - cdev_disk_init(NWD,wd), /* 36: ST506/ESDI/IDE disk */ -! cdev_gen_ipf(NIPF,ipl), /* 37: IP filter log */ - cdev_tty_init(NCY,cy), /* 38: Cyclom serial port */ - cdev_ksyms_init(NKSYMS,ksyms), /* 39: Kernel symbols device */ - cdev_notdef(), /* 40 */ -diff -cr sys.30/arch/amiga/amiga/conf.c sys/arch/amiga/amiga/conf.c -*** sys.30/arch/amiga/amiga/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/amiga/amiga/conf.c Fri Dec 28 12:45:04 2001 -*************** -*** 160,166 **** - cdev_random_init(1,random), /* 35: random data source */ - cdev_uk_init(NUK,uk), /* 36: unknown SCSI */ - cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */ -! cdev_notdef(), /* 38 */ - cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */ - cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */ - cdev_disk_init(NRD,rd), /* 41: RAM disk */ ---- 160,166 ---- - cdev_random_init(1,random), /* 35: random data source */ - cdev_uk_init(NUK,uk), /* 36: unknown SCSI */ - cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */ -! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */ - cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */ - cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */ - cdev_disk_init(NRD,rd), /* 41: RAM disk */ -diff -cr sys.30/arch/hp300/hp300/conf.c sys/arch/hp300/hp300/conf.c -*** sys.30/arch/hp300/hp300/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/hp300/hp300/conf.c Fri Dec 28 12:48:02 2001 -*************** -*** 150,155 **** ---- 150,161 ---- - cdev_decl(xfs_dev); - #endif - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 174,181 **** - cdev_tty_init(NDCM,dcm), /* 15: 4-port serial */ - cdev_tape_init(NMT,mt), /* 16: magnetic reel tape */ - cdev_disk_init(NCCD,ccd), /* 17: concatenated disk */ -- cdev_notdef(), /* 18 */ - cdev_disk_init(NVND,vnd), /* 19: vnode disk driver */ - cdev_tape_init(NST,st), /* 20: SCSI tape */ - cdev_fd_init(1,filedesc), /* 21: file descriptor pseudo-device */ - cdev_bpftun_init(NBPFILTER,bpf),/* 22: Berkeley packet filter */ ---- 180,187 ---- - cdev_tty_init(NDCM,dcm), /* 15: 4-port serial */ - cdev_tape_init(NMT,mt), /* 16: magnetic reel tape */ - cdev_disk_init(NCCD,ccd), /* 17: concatenated disk */ - cdev_disk_init(NVND,vnd), /* 19: vnode disk driver */ -+ cdev_notdef(), /* 18 */ - cdev_tape_init(NST,st), /* 20: SCSI tape */ - cdev_fd_init(1,filedesc), /* 21: file descriptor pseudo-device */ - cdev_bpftun_init(NBPFILTER,bpf),/* 22: Berkeley packet filter */ -*************** -*** 193,199 **** - cdev_disk_init(NRD,rd), /* 34: RAM disk */ - cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */ - cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */ -! cdev_notdef(), /* 37 */ - cdev_notdef(), /* 38 */ - cdev_notdef(), /* 39 */ - cdev_notdef(), /* 40 */ ---- 199,205 ---- - cdev_disk_init(NRD,rd), /* 34: RAM disk */ - cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */ - cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */ -! cdev_pf_init(NIPF,ipl), /* 37: packet filter */ - cdev_notdef(), /* 38 */ - cdev_notdef(), /* 39 */ - cdev_notdef(), /* 40 */ -diff -cr sys.30/arch/hppa/hppa/conf.c sys/arch/hppa/hppa/conf.c -*** sys.30/arch/hppa/hppa/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/hppa/hppa/conf.c Fri Dec 28 12:48:49 2001 -*************** -*** 113,118 **** ---- 113,124 ---- - #include "com.h" - cdev_decl(com); - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 158,163 **** ---- 164,170 ---- - cdev_notdef(), /* 32 */ - #endif - cdev_altq_init(NALTQ,altq), /* 33: ALTQ control interface */ -+ cdev_gen_ipf(NIPF,ipl), /* 34: ip filtering */ - cdev_lkm_dummy(), - cdev_lkm_dummy(), - cdev_lkm_dummy(), -diff -cr sys.30/arch/i386/i386/conf.c sys/arch/i386/i386/conf.c -*** sys.30/arch/i386/i386/conf.c Fri Oct 5 07:46:03 2001 ---- sys/arch/i386/i386/conf.c Fri Dec 28 12:50:34 2001 -*************** -*** 221,226 **** ---- 221,232 ---- - #include "radio.h" - cdev_decl(radio); - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - /* XXX -- this needs to be supported by config(8)! */ - #if (NCOM > 0) && (NPCCOM > 0) - #error com and pccom are mutually exclusive. Sorry. -*************** -*** 348,353 **** ---- 354,360 ---- - cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */ - cdev_iop_init(NIOP,iop), /* 75: I2O IOP control interface */ - cdev_radio_init(NRADIO, radio), /* 76: generic radio I/O */ -+ cdev_gen_ipf(NIPF,ipl), /* 77: ip filtering */ - }; - int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]); - -diff -cr sys.30/arch/mac68k/mac68k/conf.c sys/arch/mac68k/mac68k/conf.c -*** sys.30/arch/mac68k/mac68k/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/mac68k/mac68k/conf.c Fri Dec 28 12:51:45 2001 -*************** -*** 117,122 **** ---- 117,128 ---- - cdev_decl(xfs_dev); - #endif - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 161,167 **** - cdev_pf_init(NPF,pf), /* 35: packet filter */ - cdev_audio_init(NASC,asc), /* 36: ASC audio device */ - cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */ -! cdev_notdef(), /* 38 */ - cdev_notdef(), /* 39 */ - cdev_notdef(), /* 40 */ - cdev_notdef(), /* 41 */ ---- 167,173 ---- - cdev_pf_init(NPF,pf), /* 35: packet filter */ - cdev_audio_init(NASC,asc), /* 36: ASC audio device */ - cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */ -! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */ - cdev_notdef(), /* 39 */ - cdev_notdef(), /* 40 */ - cdev_notdef(), /* 41 */ -diff -cr sys.30/arch/macppc/macppc/conf.c sys/arch/macppc/macppc/conf.c -*** sys.30/arch/macppc/macppc/conf.c Thu Oct 4 00:45:37 2001 ---- sys/arch/macppc/macppc/conf.c Fri Dec 28 12:53:03 2001 -*************** -*** 105,110 **** ---- 105,116 ---- - - #include "tun.h" - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #ifdef XFS - #include - cdev_decl(xfs_dev); -*************** -*** 195,201 **** - cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ - cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */ -! cdev_notdef(), /* 45 */ - cdev_notdef(), /* 46 */ - cdev_notdef(), /* 47 */ - cdev_notdef(), /* 48 */ ---- 201,207 ---- - cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ - cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */ -! cdev_gen_ipf(NIPF,ipl), /* 45: IP filter */ - cdev_notdef(), /* 46 */ - cdev_notdef(), /* 47 */ - cdev_notdef(), /* 48 */ -diff -cr sys.30/arch/mvme68k/mvme68k/conf.c sys/arch/mvme68k/mvme68k/conf.c -*** sys.30/arch/mvme68k/mvme68k/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/mvme68k/mvme68k/conf.c Fri Dec 28 12:55:36 2001 -*************** -*** 176,181 **** ---- 176,187 ---- - - #include "tun.h" - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 226,232 **** - cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ - cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ -! cdev_lkm_dummy(), /* 44 */ - cdev_lkm_dummy(), /* 45 */ - cdev_lkm_dummy(), /* 46 */ - cdev_lkm_dummy(), /* 47 */ ---- 232,238 ---- - cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ - cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ -! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */ - cdev_lkm_dummy(), /* 45 */ - cdev_lkm_dummy(), /* 46 */ - cdev_lkm_dummy(), /* 47 */ -diff -cr sys.30/arch/mvme88k/mvme88k/conf.c sys/arch/mvme88k/mvme88k/conf.c -*** sys.30/arch/mvme88k/mvme88k/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/mvme88k/mvme88k/conf.c Fri Dec 28 12:56:20 2001 -*************** -*** 113,118 **** ---- 113,124 ---- - cdev_decl(lptwo); - #endif /* notyet */ - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 199,205 **** - cdev_lkm_dummy(), /* 38 */ - cdev_pf_init(NPF,pf), /* 39: packet filter */ - cdev_random_init(1,random), /* 40: random data source */ -! cdev_notdef(), /* 41 */ - cdev_notdef(), /* 42 */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ - cdev_notdef(), /* 44 */ ---- 205,211 ---- - cdev_lkm_dummy(), /* 38 */ - cdev_pf_init(NPF,pf), /* 39: packet filter */ - cdev_random_init(1,random), /* 40: random data source */ -! cdev_gen_ipf(NIPF,ipl), /* 41: IP filter */ - cdev_notdef(), /* 42 */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ - cdev_notdef(), /* 44 */ -diff -cr sys.30/arch/mvmeppc/mvmeppc/conf.c sys/arch/mvmeppc/mvmeppc/conf.c -*** sys.30/arch/mvmeppc/mvmeppc/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/mvmeppc/mvmeppc/conf.c Fri Dec 28 12:57:20 2001 -*************** -*** 147,152 **** ---- 147,158 ---- - #include "ksyms.h" - cdev_decl(ksyms); - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 200,206 **** - cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ - cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ -! cdev_notdef(), /* 44 */ - cdev_notdef(), /* 45 */ - cdev_notdef(), /* 46 */ - cdev_notdef(), /* 47 */ ---- 206,212 ---- - cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ - cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ - cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ -! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */ - cdev_notdef(), /* 45 */ - cdev_notdef(), /* 46 */ - cdev_notdef(), /* 47 */ -diff -cr sys.30/arch/sparc/sparc/conf.c sys/arch/sparc/sparc/conf.c -*** sys.30/arch/sparc/sparc/conf.c Fri Sep 28 12:53:13 2001 ---- sys/arch/sparc/sparc/conf.c Fri Dec 28 12:59:25 2001 -*************** -*** 128,133 **** ---- 128,139 ---- - }; - int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]); - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 202,208 **** - cdev_notdef(), /* 57 */ - cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */ - cdev_pf_init(NPF,pf), /* 59: packet filter */ -! cdev_notdef(), /* 60 */ - cdev_notdef(), /* 61 */ - cdev_notdef(), /* 62 */ - cdev_notdef(), /* 63 */ ---- 208,214 ---- - cdev_notdef(), /* 57 */ - cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */ - cdev_pf_init(NPF,pf), /* 59: packet filter */ -! cdev_gen_ipf(NIPF,ipl), /* 60: ip filtering log */ - cdev_notdef(), /* 61 */ - cdev_notdef(), /* 62 */ - cdev_notdef(), /* 63 */ -diff -cr sys.30/arch/sparc64/sparc64/conf.c sys/arch/sparc64/sparc64/conf.c -*** sys.30/arch/sparc64/sparc64/conf.c Fri Sep 28 12:53:14 2001 ---- sys/arch/sparc64/sparc64/conf.c Fri Dec 28 12:59:59 2001 -*************** -*** 116,121 **** ---- 116,127 ---- - #include "ses.h" - cdev_decl(ses); - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 239,245 **** - cdev_notdef(), /* 72 */ - cdev_pf_init(NPF,pf), /* 73: packet filter */ - cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */ -! cdev_notdef(), /* 75 */ - cdev_ksyms_init(NKSYMS,ksyms), /* 76 *: Kernel symbols device */ - cdev_notdef(), /* 77 */ - cdev_notdef(), /* 78 */ ---- 245,251 ---- - cdev_notdef(), /* 72 */ - cdev_pf_init(NPF,pf), /* 73: packet filter */ - cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */ -! cdev_gen_ipf(NIPF,ipl), /* 75: IP filter */ - cdev_ksyms_init(NKSYMS,ksyms), /* 76 *: Kernel symbols device */ - cdev_notdef(), /* 77 */ - cdev_notdef(), /* 78 */ -diff -cr sys.30/arch/sun3/sun3/conf.c sys/arch/sun3/sun3/conf.c -*** sys.30/arch/sun3/sun3/conf.c Fri Sep 28 12:53:14 2001 ---- sys/arch/sun3/sun3/conf.c Fri Dec 28 13:00:59 2001 -*************** -*** 111,116 **** ---- 111,122 ---- - }; - int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]); - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 207,212 **** ---- 213,219 ---- - cdev_ch_init(NCH,ch), /* 83: SCSI autochanger */ - cdev_ses_init(NSES,ses), /* 84: SCSI SES or SAF-TE device */ - cdev_altq_init(NALTQ,altq), /* 85: ALTQ control interface */ -+ cdev_gen_ipf(NIPF,ipl), /* 86: IP filter */ - }; - int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]); - -diff -cr sys.30/arch/vax/vax/conf.c sys/arch/vax/vax/conf.c -*** sys.30/arch/vax/vax/conf.c Fri Sep 28 12:53:14 2001 ---- sys/arch/vax/vax/conf.c Fri Dec 28 13:01:58 2001 -*************** -*** 432,437 **** ---- 432,443 ---- - #include "wskbd.h" - #include "wsmouse.h" - -+ #ifdef IPFILTER -+ #define NIPF 1 -+ #else -+ #define NIPF 0 -+ #endif -+ - #include "pf.h" - - #include -*************** -*** 485,491 **** - cdev_notdef(), /* 44 was Datakit */ - cdev_notdef(), /* 45 was Datakit */ - cdev_notdef(), /* 46 was Datakit */ -! cdev_notdef(), /* 47 */ - cdev_notdef(), /* 48 */ - cdev_notdef(), /* 49 */ - cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */ ---- 491,497 ---- - cdev_notdef(), /* 44 was Datakit */ - cdev_notdef(), /* 45 was Datakit */ - cdev_notdef(), /* 46 was Datakit */ -! cdev_gen_ipf(NIPF,ipl), /* 47: IP filter */ - cdev_notdef(), /* 48 */ - cdev_notdef(), /* 49 */ - cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */ -diff -cr sys.30/conf/GENERIC sys/conf/GENERIC -*** sys.30/conf/GENERIC Tue Sep 18 03:04:27 2001 ---- sys/conf/GENERIC Fri Dec 28 11:37:49 2001 -*************** -*** 71,76 **** ---- 71,78 ---- - #option EON # OSI tunneling over IP - #option NETATALK # AppleTalk - #option CCITT,LLC,HDLC # X.25 -+ option IPFILTER # IP packet filter for security -+ option IPFILTER_LOG # use /dev/ipl to log IPF - option PPP_BSDCOMP # PPP BSD compression - option PPP_DEFLATE - #option MROUTING # Multicast router -diff -cr sys.30/conf/files sys/conf/files -*** sys.30/conf/files Fri Oct 5 07:43:37 2001 ---- sys/conf/files Fri Dec 28 12:02:08 2001 -*************** -*** 652,657 **** ---- 652,665 ---- - file netinet/tcp_usrreq.c inet - file netinet/udp_usrreq.c inet - file netinet/ip_gre.c inet -+ file netinet/ip_fil.c ipfilter -+ file netinet/fil.c ipfilter -+ file netinet/ip_nat.c ipfilter -+ file netinet/ip_frag.c ipfilter -+ file netinet/ip_state.c ipfilter -+ file netinet/ip_proxy.c ipfilter -+ file netinet/ip_auth.c ipfilter -+ file netinet/ip_log.c ipfilter - file netinet/ip_ipsp.c (inet | inet6) & (ipsec | tcp_signature) - file netinet/ip_spd.c (inet | inet6) & (ipsec | tcp_signature) - file netinet/ip_ipip.c inet | inet6 -diff -cr sys.30/net/bridgestp.c sys/net/bridgestp.c -*** sys.30/net/bridgestp.c Wed Jun 27 16:07:37 2001 ---- sys/net/bridgestp.c Fri Dec 28 12:01:56 2001 -*************** -*** 63,68 **** ---- 63,73 ---- - #include - #include - #include -+ -+ #ifdef IPFILTER -+ #include -+ #include -+ #endif - #endif - - #if NBPFILTER > 0 -diff -cr sys.30/net/if.c sys/net/if.c -*** sys.30/net/if.c Sat Jun 30 08:46:05 2001 ---- sys/net/if.c Fri Dec 28 12:02:21 2001 -*************** -*** 99,104 **** ---- 99,110 ---- - #include - #endif - -+ #ifdef IPFILTER -+ #include -+ #include -+ #include -+ #endif -+ - #if NBPFILTER > 0 - #include - #endif -*************** -*** 381,386 **** ---- 387,397 ---- - - /* Remove the interface from the list of all interfaces. */ - TAILQ_REMOVE(&ifnet, ifp, if_list); -+ -+ #ifdef IPFILTER -+ /* XXX More ipf & ipnat cleanup needed. */ -+ frsync(); -+ #endif - - /* Deallocate private resources. */ - for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa; -diff -cr sys.30/net/if_bridge.c sys/net/if_bridge.c -*** sys.30/net/if_bridge.c Wed Aug 22 01:18:20 2001 ---- sys/net/if_bridge.c Sun Dec 30 05:29:37 2001 -*************** -*** 61,67 **** - #include - - #include -! #endif - - #if NPF > 0 - #include ---- 61,71 ---- - #include - - #include -! # if (defined(IPFILTER) || defined(IPFILTER_LKM)) -! #include -! #include -! # endif -! #endif /* INET */ - - #if NPF > 0 - #include -*************** -*** 139,145 **** - int bridge_flushrule __P((struct bridge_iflist *)); - int bridge_brlconf __P((struct bridge_softc *, struct ifbrlconf *)); - u_int8_t bridge_filterrule __P((struct brl_head *, struct ether_header *)); -! #if NPF > 0 - struct mbuf *bridge_filter __P((struct bridge_softc *, int, struct ifnet *, - struct ether_header *, struct mbuf *m)); - #endif ---- 143,149 ---- - int bridge_flushrule __P((struct bridge_iflist *)); - int bridge_brlconf __P((struct bridge_softc *, struct ifbrlconf *)); - u_int8_t bridge_filterrule __P((struct brl_head *, struct ether_header *)); -! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) - struct mbuf *bridge_filter __P((struct bridge_softc *, int, struct ifnet *, - struct ether_header *, struct mbuf *m)); - #endif -*************** -*** 1043,1049 **** - m_freem(m); - return; - } -! #if NPF > 0 - m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m); - if (m == NULL) - return; ---- 1047,1053 ---- - m_freem(m); - return; - } -! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) - m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m); - if (m == NULL) - return; -*************** -*** 1086,1092 **** - m_freem(m); - return; - } -! #if NPF > 0 - m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m); - if (m == NULL) - return; ---- 1090,1096 ---- - m_freem(m); - return; - } -! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) - m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m); - if (m == NULL) - return; -*************** -*** 1328,1334 **** - } - } - -! #if NPF > 0 - mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc); - if (mc == NULL) - continue; ---- 1332,1338 ---- - } - } - -! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) - mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc); - if (mc == NULL) - continue; -*************** -*** 1911,1917 **** - return (0); - } - -! #if NPF > 0 - /* - * Filter IP packets by peeking into the ethernet frame. This violates - * the ISO model, but allows us to act as a IP filter at the data link ---- 1915,1921 ---- - return (0); - } - -! #if (NPF > 0) || defined(IPFILTER) || defined(IPFILTER_LKM) - /* - * Filter IP packets by peeking into the ethernet frame. This violates - * the ISO model, but allows us to act as a IP filter at the data link -*************** -*** 1926,1932 **** - struct ether_header *eh; - struct mbuf *m; - { -! #if NPF == 0 - return (m); - #else - struct llc llc; ---- 1930,1936 ---- - struct ether_header *eh; - struct mbuf *m; - { -! #if defined(NPF) && (NPF == 0) && !defined(IPFILTER) && !defined(IPFILTER_LKM) - return (m); - #else - struct llc llc; -*************** -*** 1934,1939 **** ---- 1938,1947 ---- - struct ip *ip; - int hlen; - -+ # if (defined(IPFILTER) || defined(IPFILTER_LKM)) && defined(NPF) && (NPF == 0) -+ if (fr_checkp == NULL) -+ return (m); -+ # endif - if (eh->ether_type != htons(ETHERTYPE_IP)) { - if (eh->ether_type > ETHERMTU || - m->m_pkthdr.len < (LLC_SNAPFRAMELEN + -*************** -*** 2000,2007 **** ---- 2008,2023 ---- - - /* Finally, we get to filter the packet! */ - m->m_pkthdr.rcvif = ifp; -+ #if NPF > 0 - if (pf_test(dir, ifp, &m) != PF_PASS) - goto dropit; -+ #endif -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, dir, &m)) -+ goto dropit; -+ if (m == NULL) /* in case of 'fastroute' */ -+ goto dropit; -+ #endif - - /* Rebuild the IP header */ - if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) -*************** -*** 2035,2040 **** - if (m != NULL) - m_freem(m); - return (NULL); -! #endif /* NPF == 0 */ - } - #endif ---- 2051,2056 ---- - if (m != NULL) - m_freem(m); - return (NULL); -! #endif /* (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) */ - } - #endif -diff -cr sys.30/netinet/in_proto.c sys/netinet/in_proto.c -*** sys.30/netinet/in_proto.c Thu Aug 9 01:07:04 2001 ---- sys/netinet/in_proto.c Fri Dec 28 12:05:44 2001 -*************** -*** 163,168 **** ---- 163,173 ---- - #include - #endif /* MROUTING */ - -+ #ifdef IPFILTER -+ void iplinit __P((void)); -+ #define ip_init iplinit -+ #endif -+ - #ifdef INET6 - #include - #endif /* INET6 */ -diff -cr sys.30/netinet/ip_input.c sys/netinet/ip_input.c -*** sys.30/netinet/ip_input.c Wed Sep 19 01:24:32 2001 ---- sys/netinet/ip_input.c Fri Dec 28 12:05:55 2001 -*************** -*** 149,154 **** ---- 149,159 ---- - struct in_ifaddrhead in_ifaddr; - struct ifqueue ipintrq; - -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, -+ struct mbuf **)); -+ #endif -+ - int ipq_locked; - static __inline int ipq_lock_try __P((void)); - static __inline void ipq_unlock __P((void)); -*************** -*** 398,403 **** ---- 403,425 ---- - - ip = mtod(m, struct ip *); - hlen = ip->ip_hl << 2; -+ #endif -+ -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * Check if we want to allow this packet to be processed. -+ * Consider it to be bad if not. -+ */ -+ { -+ struct mbuf *m0 = m; -+ if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) { -+ return; -+ } -+ if (m0 == 0) { /* in case of 'fastroute' */ -+ return; -+ } -+ ip = mtod(m = m0, struct ip *); -+ } - #endif - - #ifdef ALTQ -diff -cr sys.30/netinet/ip_output.c sys/netinet/ip_output.c -*** sys.30/netinet/ip_output.c Mon Aug 27 07:12:06 2001 ---- sys/netinet/ip_output.c Fri Dec 28 12:10:52 2001 -*************** -*** 91,96 **** ---- 91,100 ---- - static void ip_mloopback - __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); - -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif -+ - /* - * IP output. The packet in mbuf chain m contains a skeletal IP - * header (with len, off, ttl, proto, tos, src, dst). -*************** -*** 535,540 **** ---- 539,568 ---- - if (sproto != 0) { - s = splnet(); - -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ if (fr_checkp) { -+ /* -+ * Ok, it's time for a simple round-trip to the IPF/NAT -+ * code with the enc0 interface. -+ */ -+ struct mbuf *m1 = m; -+ void *ifp = (void *)&encif[0].sc_if; -+ -+ if ((*fr_checkp)(ip, hlen, ifp, 1, &m1)) { -+ error = EHOSTUNREACH; -+ splx(s); -+ goto done; -+ } -+ if (m1 == 0) { /* in case of 'fastroute' */ -+ error = 0; -+ splx(s); -+ goto done; -+ } -+ ip = mtod(m = m1, struct ip *); -+ hlen = ip->ip_hl << 2; -+ } -+ #endif /* IPFILTER */ -+ - /* - * Packet filter - */ -*************** -*** 636,641 **** ---- 664,688 ---- - m->m_pkthdr.csum &= ~M_UDPV4_CSUM_OUT; /* Clear */ - } - } -+ -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * looks like most checking has been done now...do a filter check -+ */ -+ { -+ struct mbuf *m1 = m; -+ -+ if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m1)) { -+ error = EHOSTUNREACH; -+ goto done; -+ } -+ if (m1 == 0) { /* in case of 'fastroute' */ -+ error = 0; -+ goto done; -+ } -+ ip = mtod(m = m1, struct ip *); -+ } -+ #endif - - /* - * Packet filter -diff -cr sys.30/netinet6/ip6_input.c sys/netinet6/ip6_input.c -*** sys.30/netinet6/ip6_input.c Sat Sep 15 13:54:40 2001 ---- sys/netinet6/ip6_input.c Sat Dec 29 21:57:26 2001 -*************** -*** 134,139 **** ---- 134,142 ---- - #ifdef PULLDOWN_TEST - static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int)); - #endif -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif - - /* - * IP6 initialization: fill in IP6 protocol switch table. -*************** -*** 286,291 **** ---- 289,314 ---- - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); - goto bad; - } -+ -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * Check if we want to allow this packet to be processed. -+ * Consider it to be bad if not. -+ */ -+ if (fr_checkp != NULL) { -+ struct mbuf *m0 = m; -+ -+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), -+ m->m_pkthdr.rcvif, 0, &m0)) { -+ return; -+ } -+ m = m0; -+ if (m == 0) { /* in case of 'fastroute' */ -+ return; -+ } -+ ip6 = mtod(m, struct ip6_hdr *); -+ } -+ #endif - - ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; - -diff -cr sys.30/netinet6/ip6_output.c sys/netinet6/ip6_output.c -*** sys.30/netinet6/ip6_output.c Tue Oct 2 02:03:09 2001 ---- sys/netinet6/ip6_output.c Sat Dec 29 21:57:26 2001 -*************** -*** 118,123 **** ---- 118,127 ---- - struct mbuf *ip6e_dest2; - }; - -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); -+ #endif -+ - static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *, - struct socket *)); - static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *)); -*************** -*** 889,894 **** ---- 893,917 ---- - ip6 = mtod(m, struct ip6_hdr *); - #endif - -+ -+ #if defined(IPFILTER) || defined(IPFILTER_LKM) -+ /* -+ * looks like most checking has been done now...do a filter check -+ */ -+ if (fr_checkp != NULL) { -+ struct mbuf *m1 = m; -+ if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) { -+ error = EHOSTUNREACH; -+ goto done; -+ } -+ m = m1; -+ if (m1 == 0) { /* in case of 'fastroute' */ -+ error = 0; -+ goto done; -+ } -+ ip6 = mtod(m, struct ip6_hdr *); -+ } -+ #endif - /* - * Send the packet to the outgoing interface. - * If necessary, do IPv6 fragmentation before sending. -diff -cr sys.30/sys/conf.h sys/sys/conf.h -*** sys.30/sys/conf.h Fri Oct 5 07:46:03 2001 ---- sys/sys/conf.h Fri Dec 28 13:45:33 2001 -*************** -*** 351,356 **** ---- 351,363 ---- - (dev_type_ioctl((*))) enodev, (dev_type_stop((*))) nullop, \ - 0, (dev_type_select((*))) enodev, (dev_type_mmap((*))) enodev } - -+ /* open, close, read, ioctl */ -+ #define cdev_gen_ipf(c, n) { \ -+ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \ -+ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \ -+ (dev_type_stop((*))) enodev, 0, (dev_type_select((*))) enodev, \ -+ (dev_type_mmap((*))) enodev } -+ - /* open, close, read, write, ioctl, select */ - #define cdev_xfs_init(c, n) { \ - dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \ -*************** -*** 537,542 **** ---- 544,550 ---- - - cdev_decl(bpf); - -+ cdev_decl(ipl); - cdev_decl(pf); - - cdev_decl(tun); diff --git a/dist/ipf/OpenBSD/README.3_0 b/dist/ipf/OpenBSD/README.3_0 deleted file mode 100644 index da65d6df0c74..000000000000 --- a/dist/ipf/OpenBSD/README.3_0 +++ /dev/null @@ -1,77 +0,0 @@ - -Installing IPFilter into OpenBSD 3.0 Kernel -=========================================== -The installation of IPFilter should be as easy as following the steps -below. In cases where "i386" is mentioned, if you are working on a -different platform, substitute that name there and it should work equally -as well. The patches include enabling IPFilter for IPv4 filtering, IPv6 -filtering and bridge filtering. - -The commands given below are intended as guides rather than exact matches -on what needs to be typed. In many cases, paths to files or directories -may bear little resemblence to what is presented below. - -You may encounter difficulties with step 7 if you have made changes to the -rc files which cause "patch" to not be able to work out how to apply the -changes correctly. - -If the below steps are followed with no problems then it should be safe to -perform step 8 and reboot with the new kernel. Of course if you are not -using GENERIC then substitute GENERIC for your kernel name. If your kernel -config file includes the "GENERIC" one then you will not need to add explicit -options for IPFilter. - -1. Extract your source tree into /usr/src, creating /usr/src/sys. - -cd /usr/src -gunzip -c sys.tar.gz | tar xpf - - -2. Change directory to /usr/src - -3. Unpack IPFilter and apply the patches to the kernel source - -cd ~ -gunzip -c ip_fil3.4.23.tar.gz | tar xpf - -cd /usr/src -patch < ~/ip_fil3.4.23/OpenBSD/3.0-sys-diffs - -4. Add IPFilter to the source code tree: - -cd ~/ip_fil3.4.23 -BSD/kupgrade - -5. Build a new OpenBSD kernel - -/bin/rm -rf /sys/arch/i386/compile/GENERIC -cd /sys/arch/i386/conf -config GENERIC -cd ../compile/GENERIC -make depend && make -cp bsd /bsd - -6. Build and install IPFilter - -cd ip_fil3.4.23 -make openbsd -make install-bsd -OpenBSD/makedevs-3.0 - -7. Patch rc scripts in /etc - -cd /etc -patch < ~/ip_fil3.4.23/OpenBSD/3.0-rc-diffs - -8. Reboot - - -IPFilter device files -===================== -Patches to include making IPFilter devices can be found in the file -3.0-MAKEDEV-diffs. These diffs are generally only of interested if -you are going to be building a distribution for others and want the -correct MAKEDEV scripts to be built. You may also wish to use this -to patch /dev/MAKEDEV on your machine to be correct. Pre-fab'd MAKEDEV -scripts (or individual patches) for each architecture are not provided. -You will need to have extracted "./etc" from src.tar.gz to use these -patches. - diff --git a/dist/ipf/OpenBSD/fixdist-3.0 b/dist/ipf/OpenBSD/fixdist-3.0 deleted file mode 100644 index 1fe8638bddb1..000000000000 --- a/dist/ipf/OpenBSD/fixdist-3.0 +++ /dev/null @@ -1,435 +0,0 @@ -.\" $NetBSD: fixdist-3.0,v 1.1.1.2 2002/03/14 12:30:13 martti Exp $ -.\" -#!/bin/sh -# -# Install IPFilter into the source tree of OpenBSD 3.0 -# - -if [ $# -eq 1 ] ; then - if [ "$1" = "-d" ] ; then - debug=echo - fi -fi - -copyfiles() { - while [ $# -gt 0 ] ; do - if [ X"$1" = X"\\" ] ; then - : - elif [ -f $IPFDIR/$1 ] ; then - $debug cp -p $IPFDIR/$1 . - elif [ -f $IPFDIR/man/$1 ] ; then - $debug cp -p $IPFDIR/man/$1 . - elif [ -f $IPFDIR/iplang/$1 ] ; then - $debug cp -p $IPFDIR/iplang/$1 . - elif [ -f $IPFDIR/ipsend/$1 ] ; then - $debug cp -p $IPFDIR/ipsend/$1 . - else - echo "Could not find $IPFDIR/$1" - fi - shift - done -} - -prep() { - $debug mkdir $1 - $debug cd $1 -} - -IPFDIR=`pwd` -SRC=/usr/src - -# -# 3 Programs into /sbin: ipf, ipfstat, ipnat -# -cd $SRC/sbin -/bin/rm -rf ipf ipfstat ipnat - -prep ipf -MFILES="ipf.8 ipf.4 ipf.5" -SFILES="ipf.c parse.c opt.c facpri.c common.c" -IFILES="ipf.h facpri.h" -if [ X$debug = X ] ; then - OFILE=Makefile -else - OFILE=/dev/tty -fi -cat > ${OFILE} << __EOF__ -# $OpenBSD: Makefile,v 1.10 2001/01/17 05:00:57 fgsch Exp $ - -PROG= ipf -MAN= ${MFILES} -SRCS= ${SFILES} -CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - -# -# Setup ipfstat(8) -# -prep ../ipfstat -MFILES=ipfstat.8 -SFILES="fils.c parse.c opt.c kmem.c facpri.c common.c printstate.c" -IFILES=kmem.h -cat > ${OFILE} << __EOF__ -# $OpenBSD: Makefile,v 1.8 2001/02/13 01:12:33 fgsch Exp $ - -PROG= ipfstat -MAN= ${MFILES} -SRCS= ${SFILES} -.PATH: \${.CURDIR}/../../sbin/ipf -CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf -DSTATETOP \\ - -I\${.CURDIR}/../../sys/netinet -DPADD= \${LIBCURSES} -LDADD= -lcurses -lkvm - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - -# -# Setup ipnat(8) -# -prep ../ipnat -MFILES="ipnat.8 ipnat.4 ipnat.5" -SFILES="ipnat.c kmem.c natparse.c common.c printnat.c" -IFILES= -cat > ${OFILE} << __EOF__ -# $OpenBSD: Makefile,v 1.10 2001/01/17 05:01:01 fgsch Exp $ - -PROG= ipnat -MAN= ${MFILES} -SRCS= ${SFILES} -.PATH: \${.CURDIR}/../ipfstat \${.CURDIR}/../ipf -CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipfstat -I\${.CURDIR}/../ipf \\ - -I\${.CURDIR}/../../sys/netinet -LDADD= -lkvm - -.include -__EOF__ -copyfiles $MFILES $SFILES -echo "`pwd` done" - -# -# Now fix up the top level Makefile -# -cd $SRC/sbin -grep -q ipf Makefile -if [ $? -ne 0 ] ; then - cat <<__EOF__ | patch -*** Makefile.orig Tue Jan 1 15:01:51 2002 ---- Makefile Mon Jan 7 20:31:56 2002 -*************** -*** 34,37 **** ---- 34,40 ---- - # Man pages (and manpages to do) - SUBDIR+= fdisk pdisk ancontrol wicontrol wsconsctl - -+ # IPFilter -+ SUBDIR+= ipf ipfstat ipnat -+ - .include -__EOF__ -fi - - -# -# 3 Programs into /usr/sbin: ipfs, ipfstat, ipmon -# Also, include ipsend suite of tools. -# -cd $SRC/usr.sbin -/bin/rm -rf ipfs ipftest ipmon ipsend - -# -# Create directory for ipftest -# -prep ipftest -MFILES=ipftest.1 -SFILES="ipt.c fil.c ipft_hx.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c \\ - ipft_tx.c misc.c parse.c opt.c ip_frag.c ip_nat.c ip_state.c \\ - ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c common.c \\ - printnat.c printstate.c" -IFILES="ipt.h pcap.h snoop.h kmem.h" -cat > ${OFILE} << __EOF__ -# $OpenBSD: Makefile,v 1.9 2001/01/17 06:01:21 fgsch Exp $ - -PROG= ipftest -MAN= ${MFILES} -SRCS= ${SFILES} - -.PATH: \${.CURDIR}/../../sbin/ipf \${.CURDIR}/../../sbin/ipfstat \\ - \${.CURDIR}/../../sys/netinet \${.CURDIR}/../../sbin/ipnat - -CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\ - -I\${.CURDIR}/../../sys/netinet -I\${.CURDIR}/../../sys -I\${.CURDIR} - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - - -# -# Create directory for ipfs -# -prep ../ipfs -MFILES=ipfs.8 -SFILES=ipfs.c -IFILES= -cat > ${OFILE} << __EOF__ -# \$OpenBSD: Makefile,v 1.1 2001/01/17 06:31:06 fgsch Exp \$ - -PROG= ipfs -MAN= ${MFILES} -SRCS= ${SFILES} - -CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sbin/ipf \\ - -I\${.CURDIR}/../../sys/netinet - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - - -# -# -# -prep ../ipmon -MFILES=ipmon.8 -SFILES=ipmon.c -IFILES= -cat > ${OFILE} << __EOF__ -# \$OpenBSD: Makefile,v 1.4 1998/09/15 10:01:38 pattonme Exp \$ - -PROG= ipmon -MAN= ${MFILES} -SRCS= ${SFILES} -CFLAGS+=-DUSE_INET6 -I\${.CURDIR}/../../sys/netinet - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - - -# -# Create top level directories for ipsend -# -prep ../ipsend -cat > ${OFILE} << __EOF__ -# $OpenBSD: Makefile,v 1.4 1997/09/21 11:43:47 deraadt Exp $ - -SUBDIR= ipsend ipresend iptest - -.include -__EOF__ -echo "`pwd` done" - -prep iplang -copyfiles iplang.h - -# -# 1st ipsend program - ipsend itself -# -prep ../ipsend -MFILES="ipsend.1 ipsend.5" -SFILES="ipsend.c ip.c ipsopt.c sbpf.c sock.c 44arp.c iplang_y.y iplang_l.l" -IFILES="ipsend.h iplang.h" -cat > ${OFILE} << __EOF__ -# $OpenBSD: Makefile,v 1.3 1998/01/26 19:46:23 weingart Exp $ - -PROG= ipsend -BINDIR= /usr/sbin -MAN= ${MFILES} -SRCS= ${SFILES} -CFLAGS+= -DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\ - -I\${.CURDIR}/../../../sbin/ipf -I\${.CURDIR}/../../../sys/netinet \\ - -I\${.CURDIR}/.. -I\${.OBJDIR} - -LDADD= -lfl -CLEANFILES+=y.tab.h - -.PATH: \${.CURDIR}/../common - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - - -# -# 2nd ipsend program - ipresend -# -prep ../ipresend -MFILES=ipresend.1 -SFILES="ipresend.c resend.c \\ - ipft_ef.c ipft_hx.c ipft_pc.c ipft_sn.c ipft_td.c ipft_tx.c opt.c \\ - sock.c 44arp.c sbpf.c ip.c" -IFILES="ipsend.h" -cat > ${OFILE} << __EOF__ -# \$OpenBSD: Makefile,v 1.4 1999/02/21 23:11:05 tholo Exp \$ - -PROG= ipresend -BINDIR= /usr/sbin -MAN= ${MFILES} -SRCS= ${SFILES} -CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\ - -I\${.CURDIR}/../../../sbin/ipf \\ - -I\${.CURDIR}/../../../sys/netinet -I\${.CURDIR}/.. -.PATH: \${.CURDIR}/../common \${.CURDIR}/../../ipftest \\ - \${.CURDIR}/../../../sbin/ipf - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - - -# -# 3rd ipsend program - iptest -# -prep ../iptest -MFILES=iptest.1 -SFILES="iptest.c iptests.c ip.c sbpf.c sock.c 44arp.c" -IFILES="ipsend.h" -cat > ${OFILE} << __EOF__ -# \$OpenBSD: Makefile,v 1.2 1998/01/26 04:17:08 dgregor Exp \$ - -PROG= iptest -BINDIR= /usr/sbin -MAN= ${MFILES} -SRCS= ${SFILES} -CFLAGS+=-DDOSOCKET -I\${.CURDIR}/../common -I\${.CURDIR}/../../ipftest \\ - -I\${.CURDIR}/../../../sys/netinet \\ - -I\${.CURDIR}/../../../sbin/ipf -I\${.CURDIR}/.. -.PATH: \${.CURDIR}/../common - -.include -__EOF__ -copyfiles $MFILES $SFILES $IFILES -echo "`pwd` done" - -cd $SRC/usr.sbin -grep -q ipmon Makefile -if [ $? -ne 0 ] ; then - cat << __EOF__ | patch -*** Makefile.orig Tue Jan 1 15:06:30 2002 ---- Makefile Mon Jan 7 20:34:05 2002 -*************** -*** 36,39 **** ---- 36,42 ---- - SUBDIR+=ypbind yppoll ypset ypserv - .endif - -+ # IPFilter -+ SUBDIR+=ipftest ipfs ipmon ipsend -+ - .include -__EOF__ -fi - -echo "Patching base install set" -cd $SRC -cd distrib/sets/lists/base -grep -q ipfstat mi -if [ $? -ne 0 ] ; then - cat << __EOF__ | patch -*** mi.orig Sat Oct 6 03:30:51 2001 ---- mi Tue Jan 8 05:45:39 2002 -*************** -*** 89,94 **** ---- 89,97 ---- - ./sbin/halt - ./sbin/ifconfig - ./sbin/init -+ ./sbin/ipf -+ ./sbin/ipfstat -+ ./sbin/ipnat - ./sbin/ipsecadm - ./sbin/isakmpd - ./sbin/kbd -*************** -*** 1276,1281 **** ---- 1279,1290 ---- - ./usr/sbin/ifmcstat - ./usr/sbin/inetd - ./usr/sbin/iostat -+ ./usr/sbin/ipfs -+ ./usr/sbin/ipftest -+ ./usr/sbin/ipmon -+ ./usr/sbin/ipresend -+ ./usr/sbin/ipsend -+ ./usr/sbin/iptest - ./usr/sbin/kadmin - ./usr/sbin/kdb_destroy - ./usr/sbin/kdb_edit -__EOF__ -fi - -echo "Patching man install set" -cd $SRC -cd distrib/sets/lists/man -grep -q ipfstat mi -if [ $? -ne 0 ] ; then - cat << __EOF__ | patch -*** mi.orig Wed Oct 10 03:28:42 2001 ---- mi Tue Jan 8 19:37:54 2002 -*************** -*** 319,324 **** ---- 319,328 ---- - ./usr/share/man/cat1/intro.0 - ./usr/share/man/cat1/ipcrm.0 - ./usr/share/man/cat1/ipcs.0 -+ ./usr/share/man/cat1/ipftest.0 -+ ./usr/share/man/cat1/ipresend.0 -+ ./usr/share/man/cat1/ipsend.0 -+ ./usr/share/man/cat1/iptest.0 - ./usr/share/man/cat1/jobs.0 - ./usr/share/man/cat1/join.0 - ./usr/share/man/cat1/jot.0 -*************** -*** 1054,1059 **** ---- 1058,1066 ---- - ./usr/share/man/cat4/ip.0 - ./usr/share/man/cat4/ip6.0 - ./usr/share/man/cat4/ipcomp.0 -+ ./usr/share/man/cat4/ipf.0 -+ ./usr/share/man/cat4/ipl.0 -+ ./usr/share/man/cat4/ipnat.0 - ./usr/share/man/cat4/ipsec.0 - ./usr/share/man/cat4/isa.0 - ./usr/share/man/cat4/isapnp.0 -*************** -*** 1414,1419 **** ---- 1421,1429 ---- - ./usr/share/man/cat5/info.0 - ./usr/share/man/cat5/inode.0 - ./usr/share/man/cat5/intro.0 -+ ./usr/share/man/cat5/ipf.0 -+ ./usr/share/man/cat5/ipnat.0 -+ ./usr/share/man/cat5/ipsend.0 - ./usr/share/man/cat5/isakmpd.conf.0 - ./usr/share/man/cat5/isakmpd.policy.0 - ./usr/share/man/cat5/keynote.0 -*************** -*** 1657,1662 **** ---- 1667,1677 ---- - ./usr/share/man/cat8/intro.0 - ./usr/share/man/cat8/iopctl.0 - ./usr/share/man/cat8/iostat.0 -+ ./usr/share/man/cat8/ipf.0 -+ ./usr/share/man/cat8/ipfs.0 -+ ./usr/share/man/cat8/ipfstat.0 -+ ./usr/share/man/cat8/ipmon.0 -+ ./usr/share/man/cat8/ipnat.0 - ./usr/share/man/cat8/ipsecadm.0 - ./usr/share/man/cat8/isakmpd.0 - ./usr/share/man/cat8/kadmin.0 -__EOF__ -fi - -exit 0 diff --git a/dist/ipf/OpenBSD/makedevs-3.0 b/dist/ipf/OpenBSD/makedevs-3.0 deleted file mode 100644 index 0bba697dfd8d..000000000000 --- a/dist/ipf/OpenBSD/makedevs-3.0 +++ /dev/null @@ -1,72 +0,0 @@ -.\" $NetBSD: makedevs-3.0,v 1.1.1.1 2002/01/24 08:18:32 martti Exp $ -.\" -#!/bin/sh - -platform=`uname -m` - -case $platform in - alpha) - major=37 - ;; - amiga) - major=38 - ;; - hp300) - major=37 - ;; - hppa) - major=34 - ;; - i386) - major=77 - ;; - mac68k) - major=38 - ;; - macppc) - major=45 - ;; - mvme68k) - major=44 - ;; - mvme88k) - major=41 - ;; - mvmeppc) - major=44 - ;; - sparc) - major=60 - ;; - sparc64) - major=75 - ;; - sun3) - major=86 - ;; - vax) - major=47 - ;; - *) - echo "Unrecognised platform $platform" - exit 1 - ;; -esac - -minor=0 -echo -echo "Creating IPFilter device files in /dev." -echo -echo -n "Platform $platform Major Number $major: " -for i in ipl ipnat ipstate ipauth; do - /bin/rm -f /dev/$i - mknod /dev/$i c $major $minor - chown root.wheel /dev/$i - chmod 600 /dev/$i - echo -n "$i($minor) " - minor=`expr $minor + 1` -done -echo -echo Done. -echo -exit 0 diff --git a/dist/ipf/OpenBSD/mknewipf.sh b/dist/ipf/OpenBSD/mknewipf.sh deleted file mode 100644 index 71344babfd5c..000000000000 --- a/dist/ipf/OpenBSD/mknewipf.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -# documented from -# http://www.tfsb.org/ipf-openbsd/ -ARCH=sparc -KERNEL=MULAN -IPF=ip-fil3.4.17 -rm -rf $IPF -tar zxf $IPF.tar.gz -cd $IPF -perl -pi -e "s/#STATETOP_CFLAGS=/STATETOP_CFLAGS=/" Makefile -perl -pi -e "s/#STATETOP_INC=$/STATETOP_INC=/" Makefile -perl -pi -e "s/#STATETOP_LIB=-lncurses/STATETOP_LIB=-lcurses/" Makefile -perl -pi -e "s/#INET6/INET6/" Makefile -make openbsd -make install-bsd -cd OpenBSD -echo $KERNEL | ./kinstall >/dev/null 2>&1 -cd /usr/src/sys/arch/$ARCH/conf -config $KERNEL -cd /usr/src/sys/arch/$ARCH/compile/$KERNEL -make clean && make depend && make && mv /bsd /bsd.old && mv bsd /bsd && reboot \ No newline at end of file