Date: 5 Apr 1997 19:47:50 -0000 From: proff@suburbia.net To: FreeBSD-gnats-submit@freebsd.org Subject: kern/3207: FULL ipfilter build/bugfix intergration Message-ID: <19970405194750.19626.qmail@suburbia.net> Resent-Message-ID: <199704051950.LAA23938@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 3207
>Category: kern
>Synopsis: FULL ipfilter build/bugfix intergration
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 5 11:50:01 PST 1997
>Last-Modified:
>Originator: Julian Assange
>Organization:
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
>Description:
ipfilter doesn't have any build system, does not support devfs,
and panics under various conditions. this patch attempts to
address the outstanding problems.
>How-To-Repeat:
>Fix:
Apply the following againt a recent current:
--- src/sys/conf/options~ Sun Apr 6 03:58:17 1997
+++ src/sys/conf/options Sun Apr 6 03:58:17 1997
@@ -85,3 +85,6 @@
IPFIREWALL opt_ipfw.h
IPFIREWALL_VERBOSE opt_ipfw.h
IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h
+IPFITLER opt_ipfilter.h
+IPFITLER_LKM opt_ipfilter.h
+IPFILTER_LOG opt_ipfilter.h
--- src/etc/etc.i386/MAKEDEV~ Sun Apr 6 03:41:43 1997
+++ src/etc/etc.i386/MAKEDEV Sun Apr 6 03:41:43 1997
@@ -103,6 +103,11 @@
# perfmon CPU performance-monitoring counters
# pci PCI configuration-space access from user mode
#
+# IP-firewall devices:
+# ipl ipfirewall control device
+# ipnat ipfirewall network address translation device
+# ipstate ipfirewall state device
+#
# $Id: MAKEDEV,v 1.139 1997/03/10 02:10:58 danny Exp $
#
@@ -186,6 +191,7 @@
sh MAKEDEV vty4 # cdev
sh MAKEDEV tun0 # cdev
sh MAKEDEV apm card0 card1 # cdev, laptop
+ sh MAKEDEV ipl ipnat ipstate # cdev, ipfirewall
;;
std)
rm -f console drum mem kmem null random urandom zero io tty klog
@@ -1224,6 +1230,25 @@
mknod perfmon c 2 32
chown root.kmem perfmon
chmod 640 perfmon
+ ;;
+
+ipl)
+ rm -f ipl
+ mknod ipl c 79 0
+ chown root.wheel ipl
+ chmod 600 ipl
+ ;;
+ipnat)
+ rm -f ipnat
+ mknod ipnat c 79 1
+ chown root.wheel ipnat
+ chmod 600 ipnat
+ ;;
+ipstate)
+ rm -f ipstate
+ mknod ipstate c 79 2
+ chown root.wheel ipstate
+ chmod 600 ipstate
;;
local)
--- src/sbin/Makefile~ Sun Apr 6 04:02:34 1997
+++ src/sbin/Makefile Sun Apr 6 04:02:34 1997
@@ -3,7 +3,7 @@
# XXX MISSING: icheck ncheck
SUBDIR= adjkerntz badsect ccdconfig clri disklabel dmesg dset dump dumpfs \
- dumplfs dumpon fsck fsdb fsirand ifconfig init ipfw md5 mknod modload \
+ dumplfs dumpon fsck fsdb fsirand ifconfig init ipf ipfw md5 mknod modload \
modunload mount mount_cd9660 mount_ext2fs \
mount_lfs mount_nfs mount_null mount_portal mount_std \
mount_umap mount_union mountd newfs newlfs nfsd nfsiod \
--- src/sys/netinet/in_proto.c~ Sun Apr 6 04:22:09 1997
+++ src/sys/netinet/in_proto.c Sun Apr 6 04:22:09 1997
@@ -34,6 +34,8 @@
* $Id: in_proto.c,v 1.38 1997/02/18 20:46:22 wollman Exp $
*/
+#include "opt_ipfilter.h"
+
#include <sys/param.h>
#include <sys/queue.h>
#include <sys/kernel.h>
--- src/sys/netinet/ip_input.c~ Sun Apr 6 04:20:36 1997
+++ src/sys/netinet/ip_input.c Sun Apr 6 04:20:36 1997
@@ -38,6 +38,7 @@
#define _IP_VHL
#include "opt_ipfw.h"
+#include "opt_ipfilter.h"
#include <stddef.h>
--- src/sys/netinet/ip_output.c~ Sun Apr 6 04:20:23 1997
+++ src/sys/netinet/ip_output.c Sun Apr 6 04:20:06 1997
@@ -34,6 +34,9 @@
* $Id: ip_output.c,v 1.54 1997/04/03 10:47:12 darrenr Exp $
*/
+#include "opt_ipfw.h"
+#include "opt_ipfilter.h"
+
#define _IP_VHL
#include <sys/param.h>
--- src/sys/i386/conf/LINT~ Sun Apr 6 04:27:57 1997
+++ src/sys/i386/conf/LINT Sun Apr 6 04:27:57 1997
@@ -315,6 +315,11 @@
# dropped packets
options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
options IPDIVERT #divert sockets
+# new IPFILTER firewall
+#options IPFILTER #only lkm works presently
+options IPFILTER_LKM #module version
+options IPFITLER_LOG #support logging
+#
options TCPDEBUG
diff -r -N -u oldsrc/Makefile src/sbin/ipf/Makefile
--- oldsrc/Makefile Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/Makefile Sat Apr 5 15:51:15 1997
@@ -0,0 +1,5 @@
+# @(#)Makefile 0.1 (RGrimes) 4/4/93
+
+SUBDIR= ipf ipfstat ipftest ipmon ipnat
+
+.include <bsd.subdir.mk>
diff -r -N -u oldsrc/Makefile.inc src/sbin/ipf/Makefile.inc
--- oldsrc/Makefile.inc Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/Makefile.inc Sat Apr 5 16:21:30 1997
@@ -0,0 +1,8 @@
+# @(#)Makefile.inc 5.1 (Berkeley) 5/11/90
+
+BINDIR?= /sbin
+
+CFLAGS+=-I${IPFILTER_DISTDIR}
+
+IPFILTER_DISTDIR?= ${.CURDIR}/../../../contrib/ipfilter
+.PATH: ${IPFILTER_DISTDIR} ${IPFILTER_DISTDIR}/man
diff -r -N -u oldsrc/ipf/Makefile src/sbin/ipf/ipf/Makefile
--- oldsrc/ipf/Makefile Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/ipf/Makefile Sat Apr 5 16:25:11 1997
@@ -0,0 +1,8 @@
+# $Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG= ipf
+
+MAN1= ipf.1 ipf.5
+SRCS= ipf.c parse.c opt.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipfstat/Makefile src/sbin/ipf/ipfstat/Makefile
--- oldsrc/ipfstat/Makefile Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/ipfstat/Makefile Sat Apr 5 16:25:51 1997
@@ -0,0 +1,8 @@
+# $Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG= ipfstat
+
+MAN1= ipfstat.8
+SRCS= fils.c parse.c kmem.c opt.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipftest/Makefile src/sbin/ipf/ipftest/Makefile
--- oldsrc/ipftest/Makefile Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/ipftest/Makefile Sat Apr 5 16:38:26 1997
@@ -0,0 +1,9 @@
+# $Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG= ipftest
+
+MAN1= ipftest.1
+SRCS= ipt.c parse.c fil.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c opt.c \
+ ipft_tx.c misc.c ip_frag.c ip_state.c ip_nat.c ipft_hx.c ip_fil.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipmon/Makefile src/sbin/ipf/ipmon/Makefile
--- oldsrc/ipmon/Makefile Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/ipmon/Makefile Sun Apr 6 04:40:11 1997
@@ -0,0 +1,8 @@
+# $Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG= ipmon
+
+MAN1= ipmon.8
+SRCS= ipmon.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipnat/Makefile src/sbin/ipf/ipnat/Makefile
--- oldsrc/ipnat/Makefile Thu Jan 1 10:00:00 1970
+++ src/sbin/ipf/ipnat/Makefile Sun Apr 6 04:48:18 1997
@@ -0,0 +1,9 @@
+# $Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG= ipnat
+
+MAN1= ipnat.1
+MAN5= ipnat.5
+SRCS= ipnat.c kmem.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/Makefile src/lkm/if_ipf/Makefile
--- oldsrc/Makefile Thu Jan 1 10:00:00 1970
+++ src/lkm/if_ipf/Makefile Sun Apr 6 04:48:01 1997
@@ -0,0 +1,11 @@
+# $Id: Makefile,v 1.5 1996/06/23 14:27:52 bde Exp $
+
+IPFILTER_DISTDIR?= ${.CURDIR}/../../contrib/ipfilter
+.PATH: ${IPFILTER_DISTDIR} ${IPFILTER_DISTDIR}/man
+KMOD= if_ipl_mod
+SRCS= ip_fil.c fil.c mlf_ipl.c ip_nat.c ip_frag.c ip_state.c
+MAN4= ipf.4 ipnat.4
+CFLAGS+=-DIPFILTER_LKM -DIPFILTER_LOG
+CFLAGS+=-DINET
+
+.include <bsd.kmod.mk>
diff -r -N -u src/contrib/ipfilter.old/fil.c src/contrib/ipfilter/fil.c
--- src/contrib/ipfilter.old/fil.c Thu Apr 3 20:10:10 1997
+++ src/contrib/ipfilter/fil.c Sun Apr 6 05:06:48 1997
@@ -10,12 +10,19 @@
static char rcsid[] = "$Id: fil.c,v 2.0.2.7 1997/04/02 12:23:15 darrenr Exp $";
#endif
+#include "ipfconf.h"
+
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
-#include <sys/ioctl.h>
+#if __FreeBSD_version >= 220000 && defined(KERNEL)
+# include <sys/fcntl.h>
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
#if defined(_KERNEL) || defined(KERNEL)
# include <sys/systm.h>
#else
@@ -680,9 +687,16 @@
ICMP_ERROR(q, ip, ICMP_UNREACH, fin->fin_icode,
qif, ip->ip_src);
# else
+ if (pass & FR_DUP) {
+ struct mbuf *m2=m_copy(m, 0, M_COPYALL);
+ ICMP_ERROR(m2, ip, ICMP_UNREACH, fin->fin_icode,
+ ifp, ip->ip_src);
+ } else
+ {
ICMP_ERROR(m, ip, ICMP_UNREACH, fin->fin_icode,
ifp, ip->ip_src);
m = *mp = NULL; /* freed by icmp_error() */
+ }
# endif
frstats[0].fr_ret++;
diff -r -N -u src/contrib/ipfilter.old/fils.c src/contrib/ipfilter/fils.c
--- src/contrib/ipfilter.old/fils.c Thu Apr 3 20:10:18 1997
+++ src/contrib/ipfilter/fils.c Sun Apr 6 03:11:08 1997
@@ -6,6 +6,8 @@
* to the original author and the contributors.
*/
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__svr4__)
diff -r -N -u src/contrib/ipfilter.old/inet_addr.c src/contrib/ipfilter/inet_addr.c
--- src/contrib/ipfilter.old/inet_addr.c Thu Apr 3 20:10:27 1997
+++ src/contrib/ipfilter/inet_addr.c Sun Apr 6 03:11:26 1997
@@ -58,6 +58,8 @@
static char rcsid[] = "$Id: inet_addr.c,v 2.0.2.3 1997/03/27 13:45:00 darrenr Exp $";
#endif /* LIBC_SCCS and not lint */
+#include "ipfconf.h"
+
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
diff -r -N -u src/contrib/ipfilter.old/ip_fil.c src/contrib/ipfilter/ip_fil.c
--- src/contrib/ipfilter.old/ip_fil.c Thu Apr 3 20:10:52 1997
+++ src/contrib/ipfilter/ip_fil.c Sun Apr 6 05:30:59 1997
@@ -10,13 +10,12 @@
static char rcsid[] = "$Id: ip_fil.c,v 2.0.2.6 1997/04/02 12:23:19 darrenr Exp $";
#endif
+#include "ipfconf.h"
+
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
-#ifdef __FreeBSD__
-#include <osreldate.h>
-#endif
#ifndef _KERNEL
#include <stdio.h>
#include <string.h>
@@ -25,7 +24,12 @@
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
-#include <sys/ioctl.h>
+#if __FreeBSD_version >= 220000 && defined(KERNEL)
+# include <sys/fcntl.h>
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
#include <sys/time.h>
#ifdef _KERNEL
#include <sys/systm.h>
@@ -47,6 +51,9 @@
#ifdef sun
#include <net/af.h>
#endif
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
@@ -66,6 +73,9 @@
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
+#ifdef __FreeBSD__
+int ip_optcopy __P((struct ip *, struct ip *));
+#endif
extern fr_flags, fr_active;
extern struct protosw inetsw[];
@@ -746,7 +756,17 @@
/*
* extra 0 in case of multicast
*/
+#if __FreeBSD_version >= 220000
+ ;{
+ struct route ro;
+ bzero(&ro, sizeof ro);
+ (void) ip_output(m, (struct mbuf *)0, &ro, 0, 0);
+ if (ro.ro_rt)
+ RTFREE(ro.ro_rt);
+ };
+#else
(void) ip_output(m, (struct mbuf *)0, 0, 0, 0);
+#endif
return 0;
}
diff -r -N -u src/contrib/ipfilter.old/ip_frag.c src/contrib/ipfilter/ip_frag.c
--- src/contrib/ipfilter.old/ip_frag.c Thu Apr 3 20:11:03 1997
+++ src/contrib/ipfilter/ip_frag.c Sun Apr 6 00:48:56 1997
@@ -10,6 +10,8 @@
static char rcsid[] = "$Id: ip_frag.c,v 2.0.2.5 1997/04/02 12:23:21 darrenr Exp $";
#endif
+#include "ipfconf.h"
+
#if !defined(_KERNEL) && !defined(KERNEL)
# include <string.h>
# include <stdlib.h>
@@ -19,8 +21,7 @@
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
-#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
-#include <sys/ioccom.h>
+#if defined(KERNEL) && __FreeBSD_version >= 220000
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
@@ -80,7 +81,9 @@
# if BSD < 199306
int ipfr_slowtimer __P((void));
# else
+# if __FreeBSD_version < 300000
void ipfr_slowtimer __P((void));
+# endif
# endif
#endif /* __FreeBSD__ */
diff -r -N -u src/contrib/ipfilter.old/ip_nat.c src/contrib/ipfilter/ip_nat.c
--- src/contrib/ipfilter.old/ip_nat.c Thu Apr 3 20:11:11 1997
+++ src/contrib/ipfilter/ip_nat.c Sun Apr 6 05:31:09 1997
@@ -12,6 +12,8 @@
static char rcsid[] = "$Id: ip_nat.c,v 2.0.2.8 1997/04/02 12:23:23 darrenr Exp $";
#endif
+#include "ipfconf.h"
+
#if defined(__FreeBSD__) && defined(KERNEL)
#define _KERNEL
#endif
@@ -26,7 +28,12 @@
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
+#if defined(KERNEL) && __FreeBSD_version >= 220000
+#include <sys/filio.h>
+#include <sys/fcntl.h>
+#else
#include <sys/ioctl.h>
+#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
@@ -43,6 +50,9 @@
#endif
#include <net/if.h>
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
#ifdef sun
#include <net/af.h>
#endif
@@ -51,6 +61,10 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
+#if __FreeBSD_version >= 300000
+# include <sys/queue.h>
+#endif
+
#ifdef RFC1825
#include <vpn/md5.h>
#include <vpn/ipsec.h>
@@ -425,15 +439,23 @@
#else
struct ifaddr *ifa;
struct sockaddr_in *sin;
-
+# if __FreeBSD_version >= 300000
+ ifa = TAILQ_FIRST(&ifp->if_addrhead);
+# else
ifa = ifp->if_addrlist;
+# endif
+
# if BSD < 199306
sin = (struct sockaddr_in *)&ifa->ifa_addr;
# else
sin = (struct sockaddr_in *)ifa->ifa_addr;
while (sin && ifa &&
sin->sin_family != AF_INET) {
+# if __FreeBSD_version >= 300000
+ ifa = TAILQ_NEXT(ifa, ifa_link);
+# else
ifa = ifa->ifa_next;
+# endif
sin = (struct sockaddr_in *)ifa->ifa_addr;
}
if (!ifa)
diff -r -N -u src/contrib/ipfilter.old/ip_sfil.c src/contrib/ipfilter/ip_sfil.c
--- src/contrib/ipfilter.old/ip_sfil.c Thu Apr 3 20:11:24 1997
+++ src/contrib/ipfilter/ip_sfil.c Sun Apr 6 03:11:45 1997
@@ -12,6 +12,8 @@
static char rcsid[] = "$Id: ip_sfil.c,v 2.0.2.3 1997/03/27 13:45:13 darrenr Exp $";
#endif
+#include "ipfconf.h"
+
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/param.h>
diff -r -N -u src/contrib/ipfilter.old/ip_state.c src/contrib/ipfilter/ip_state.c
--- src/contrib/ipfilter.old/ip_state.c Thu Apr 3 20:11:29 1997
+++ src/contrib/ipfilter/ip_state.c Sun Apr 6 00:50:21 1997
@@ -10,6 +10,8 @@
static char rcsid[] = "$Id: ip_state.c,v 2.0.2.6 1997/04/02 12:23:24 darrenr Exp $";
#endif
+#include "ipfconf.h"
+
#if !defined(_KERNEL) && !defined(KERNEL)
# include <stdlib.h>
# include <string.h>
@@ -19,8 +21,7 @@
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
-#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
-#include <sys/ioccom.h>
+#if defined(KERNEL) && __FreeBSD_version >= 220000
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
diff -r -N -u src/contrib/ipfilter.old/ipf.c src/contrib/ipfilter/ipf.c
--- src/contrib/ipfilter.old/ipf.c Thu Apr 3 20:11:38 1997
+++ src/contrib/ipfilter/ipf.c Sun Apr 6 05:32:14 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <unistd.h>
#include <string.h>
@@ -22,7 +25,11 @@
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
+#include <sys/time.h>
#include <net/if.h>
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
#include <netinet/ip.h>
#include <netdb.h>
#include <arpa/nameser.h>
diff -r -N -u src/contrib/ipfilter.old/ipfconf.h src/contrib/ipfilter/ipfconf.h
--- src/contrib/ipfilter.old/ipfconf.h Thu Jan 1 10:00:00 1970
+++ src/contrib/ipfilter/ipfconf.h Sat Apr 5 22:58:11 1997
@@ -0,0 +1,8 @@
+#ifdef __FreeBSD__
+# include <osreldate.h>
+# if defined(KERNEL)
+# ifndef _KERNEL
+# define _KERNEL
+# endif
+# endif
+#endif
diff -r -N -u src/contrib/ipfilter.old/ipft_ef.c src/contrib/ipfilter/ipft_ef.c
--- src/contrib/ipfilter.old/ipft_ef.c Thu Apr 3 20:11:52 1997
+++ src/contrib/ipfilter/ipft_ef.c Sun Apr 6 03:11:59 1997
@@ -19,6 +19,9 @@
0.32 91 04 131.170.1.10 128.250.133.13
0.33 566 udp 128.250.37.155 128.250.133.3 901 901
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
@@ -31,6 +34,7 @@
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in_systm.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_hx.c src/contrib/ipfilter/ipft_hx.c
--- src/contrib/ipfilter.old/ipft_hx.c Thu Apr 3 20:11:58 1997
+++ src/contrib/ipfilter/ipft_hx.c Sun Apr 6 03:12:06 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <ctype.h>
#include <assert.h>
@@ -16,6 +19,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_pc.c src/contrib/ipfilter/ipft_pc.c
--- src/contrib/ipfilter.old/ipft_pc.c Thu Apr 3 20:12:02 1997
+++ src/contrib/ipfilter/ipft_pc.c Sun Apr 6 03:12:16 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
diff -r -N -u src/contrib/ipfilter.old/ipft_sn.c src/contrib/ipfilter/ipft_sn.c
--- src/contrib/ipfilter.old/ipft_sn.c Thu Apr 3 20:12:06 1997
+++ src/contrib/ipfilter/ipft_sn.c Sun Apr 6 03:12:25 1997
@@ -9,6 +9,9 @@
/*
* Written to comply with the recent RFC 1761 from Sun.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
@@ -21,6 +24,7 @@
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip_var.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_td.c src/contrib/ipfilter/ipft_td.c
--- src/contrib/ipfilter.old/ipft_td.c Thu Apr 3 20:12:11 1997
+++ src/contrib/ipfilter/ipft_td.c Sun Apr 6 03:12:38 1997
@@ -28,6 +28,9 @@
8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
*/
+
+#include <ipfconf.h>
+
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__GNUC__)
@@ -35,6 +38,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_tx.c src/contrib/ipfilter/ipft_tx.c
--- src/contrib/ipfilter.old/ipft_tx.c Thu Apr 3 20:12:16 1997
+++ src/contrib/ipfilter/ipft_tx.c Sun Apr 6 03:12:50 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <ctype.h>
#include <assert.h>
@@ -16,6 +19,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ipl_ldev.c src/contrib/ipfilter/ipl_ldev.c
--- src/contrib/ipfilter.old/ipl_ldev.c Mon Feb 10 09:49:49 1997
+++ src/contrib/ipfilter/ipl_ldev.c Sun Apr 6 03:13:10 1997
@@ -6,6 +6,8 @@
* to the original author and the contributors.
*/
+#include "ipfconf.h"
+
/*
* routines below for saving IP headers to buffer
*/
diff -r -N -u src/contrib/ipfilter.old/ipmon.c src/contrib/ipfilter/ipmon.c
--- src/contrib/ipfilter.old/ipmon.c Thu Apr 3 20:12:30 1997
+++ src/contrib/ipfilter/ipmon.c Sun Apr 6 04:12:24 1997
@@ -6,6 +6,8 @@
* to the original author and the contributors.
*/
+#include "ipfconf.h"
+
#include <stdio.h>
#include <unistd.h>
#include <string.h>
@@ -894,7 +896,7 @@
break;
}
}
- if (!nr && regular && (opts & OPT_TAIL))
+ if (nr==0)
sleep(1);
}
exit(0);
diff -r -N -u src/contrib/ipfilter.old/ipnat.c src/contrib/ipfilter/ipnat.c
--- src/contrib/ipfilter.old/ipnat.c Thu Apr 3 20:12:35 1997
+++ src/contrib/ipfilter/ipnat.c Sun Apr 6 03:13:33 1997
@@ -16,6 +16,9 @@
* Will redirect all incoming packets on le1 to any machine, port 79 to
* host 199.165.219.129, port 9901
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
diff -r -N -u src/contrib/ipfilter.old/ipt.c src/contrib/ipfilter/ipt.c
--- src/contrib/ipfilter.old/ipt.c Thu Apr 3 20:12:41 1997
+++ src/contrib/ipfilter/ipt.c Sun Apr 6 05:33:42 1997
@@ -5,6 +5,8 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+#include "ipfconf.h"
+
#include <stdio.h>
#include <assert.h>
#include <string.h>
@@ -16,6 +18,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
@@ -30,6 +33,9 @@
#include <netinet/ip_icmp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
#include <netdb.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
diff -r -N -u src/contrib/ipfilter.old/kmem.c src/contrib/ipfilter/kmem.c
--- src/contrib/ipfilter.old/kmem.c Thu Apr 3 20:12:53 1997
+++ src/contrib/ipfilter/kmem.c Sun Apr 6 03:13:48 1997
@@ -10,6 +10,8 @@
* returns 0 on success, -1 on error.
*/
+#include "ipfconf.h"
+
#include <stdio.h>
#include <sys/types.h>
#include <sys/uio.h>
diff -r -N -u src/contrib/ipfilter.old/misc.c src/contrib/ipfilter/misc.c
--- src/contrib/ipfilter.old/misc.c Thu Apr 3 20:13:19 1997
+++ src/contrib/ipfilter/misc.c Sun Apr 6 03:13:56 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <assert.h>
#include <string.h>
@@ -15,6 +18,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ml_ipl.c src/contrib/ipfilter/ml_ipl.c
--- src/contrib/ipfilter.old/ml_ipl.c Mon Feb 10 09:49:49 1997
+++ src/contrib/ipfilter/ml_ipl.c Sun Apr 6 03:14:05 1997
@@ -12,6 +12,9 @@
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
+
+#include "ipfconf.h"
+
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
diff -r -N -u src/contrib/ipfilter.old/mlf_ipl.c src/contrib/ipfilter/mlf_ipl.c
--- src/contrib/ipfilter.old/mlf_ipl.c Thu Jan 1 10:00:00 1970
+++ src/contrib/ipfilter/mlf_ipl.c Sun Apr 6 03:30:01 1997
@@ -0,0 +1,162 @@
+/*
+ * (C)opyright 1997 by Julian Assange. <proff@suburbia.net>
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and due credit is given
+ * to the original author and the contributors.
+ */
+
+#include "ipfconf.h"
+
+#ifndef IPFILTER_LKM
+# include "opt_ipfilter.h"
+#endif
+
+#define DEVFS
+#include <sys/errno.h>
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/conf.h>
+#include <sys/kernel.h>
+#ifdef DEVFS
+# include <sys/devfsext.h>
+#endif /*DEVFS*/
+
+#define IPL_DEV "ipl"
+#define IPL_DEV_NAT "ipnat"
+#define IPL_DEV_STATE "ipstate"
+
+#define CDEV_MAJOR 79
+
+extern int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
+extern int iplopen __P((dev_t, int, int, struct proc *));
+extern int iplclose __P((dev_t, int, int, struct proc *));
+#ifdef IPFILTER_LOG
+extern int iplread __P((dev_t, struct uio *, int));
+#endif
+extern int iplattach __P((void));
+extern int ipldetach __P((void));
+
+struct cdevsw ipl_cdevsw =
+{
+ iplopen, /* open */
+ iplclose, /* close */
+#ifdef IPFILTER_LOG
+ iplread, /* read */
+#else
+ nodev,
+#endif
+ (void *)nullop, /* write */
+ iplioctl, /* ioctl */
+ (void *)nullop, /* stop */
+ (void *)nullop, /* reset */
+ (void *)NULL, /* tty */
+ (void *)nullop, /* select */
+ (void *)nullop, /* mmap */
+ NULL, /* strategy */
+ IPL_DEV, /* name */
+ NULL, /* d_bdev */
+ CDEV_MAJOR /* d_maj */
+};
+
+int ipl_major = CDEV_MAJOR;
+
+#ifdef DEVFS
+struct ipf_devs {
+ void *devfs_token;
+ char *name;
+} ipf_devs[] = {
+ {NULL, IPL_DEV },
+ {NULL, IPL_DEV_NAT },
+ {NULL, IPL_DEV_STATE }
+};
+#define NUM_MINORS (sizeof(ipf_devs)/sizeof(struct ipf_devs))
+
+static void ipl_attach_devfs(void)
+{
+ int i;
+ for (i=0; i<NUM_MINORS; i++)
+ ipf_devs[i].devfs_token = devfs_add_devswf(&ipl_cdevsw, i, DV_CHR, UID_ROOT, GID_WHEEL, 0600, ipf_devs[i].name);
+}
+static void ipl_detach_devfs(void)
+{
+ int i;
+ for (i=0; i<NUM_MINORS; i++)
+ if (ipf_devs[i].devfs_token)
+ devfs_remove_dev(ipf_devs[i].devfs_token);
+}
+#endif
+
+#define MSG_HEAD "IP Filter: devices ipl, ipnat, ipstat " /* compact strings with gcc text merge */
+static void load_msg(void)
+{
+ printf("%sassigned major#%d\n", MSG_HEAD, ipl_major);
+}
+static void unload_msg(void)
+{
+ printf("%sdeactivated from major#%d\n", MSG_HEAD, ipl_major);
+}
+#ifdef IPFILTER_LKM
+
+#include <sys/exec.h>
+#include <sys/sysent.h>
+#include <sys/sysproto.h>
+#include <sys/lkm.h>
+
+MOD_DEV(if_ipl, LM_DT_CHAR, CDEV_MAJOR, &ipl_cdevsw);
+
+static int ipl_action (struct lkm_table *lkmtp, int cmd)
+{
+ int error;
+ switch (cmd) {
+ case LKM_E_LOAD:
+ error = iplattach();
+#ifdef DEVFS
+ ipl_attach_devfs();
+#endif
+ load_msg();
+ break;
+ case LKM_E_UNLOAD:
+#ifdef DEVFS
+ ipl_detach_devfs();
+#endif
+ error = ipldetach();
+ unload_msg();
+ break;
+ case LKM_E_STAT:
+ error = 0;
+ break;
+ default:
+ error = EIO;
+ }
+ return error;
+}
+
+int if_ipl_mod(struct lkm_table *lkmtp, int cmd, int ver)
+{
+#define _module if_ipl_module
+ DISPATCH(lkmtp, cmd, ver, ipl_action, ipl_action, ipl_action);
+}
+
+#else /* IPFITLER_LKM */
+
+static ipl_cdevsw_installed = 0;
+
+static void ipl_drvinit (void *unused)
+{
+ if(!ipl_cdevsw_installed) {
+ dev_t dev;
+ ipl_cdevsw_installed = 1;
+ if (iplattach()!=0)
+ return;
+ dev = makedev(CDEV_MAJOR, 0);
+ cdevsw_add(&dev, &ipl_cdevsw, NULL);
+#ifdef DEVFS
+ ipl_attach_devfs();
+#endif
+ load_msg();
+ }
+}
+
+SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL)
+#endif
diff -r -N -u src/contrib/ipfilter.old/mln_ipl.c src/contrib/ipfilter/mln_ipl.c
--- src/contrib/ipfilter.old/mln_ipl.c Thu Apr 3 20:13:28 1997
+++ src/contrib/ipfilter/mln_ipl.c Sun Apr 6 03:14:38 1997
@@ -10,6 +10,7 @@
* its own major char number! Way cool patch!
*/
+#include "ipfconf.h"
#include <sys/param.h>
@@ -22,12 +23,6 @@
# define NETBSD_PF
#endif
-#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
-# include <osreldate.h>
-# ifdef IPFILTER_LKM
-# define ACTUALLY_LKM_NOT_KERNEL
-# endif
-#endif
#include <sys/systm.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
# include <sys/conf.h>
diff -r -N -u src/contrib/ipfilter.old/mls_ipl.c src/contrib/ipfilter/mls_ipl.c
--- src/contrib/ipfilter.old/mls_ipl.c Thu Apr 3 20:13:34 1997
+++ src/contrib/ipfilter/mls_ipl.c Sun Apr 6 03:15:04 1997
@@ -9,6 +9,9 @@
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
+
+#include "ipfconf.h"
+
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
diff -r -N -u src/contrib/ipfilter.old/opt.c src/contrib/ipfilter/opt.c
--- src/contrib/ipfilter.old/opt.c Thu Apr 3 20:13:39 1997
+++ src/contrib/ipfilter/opt.c Sun Apr 6 03:15:14 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
diff -r -N -u src/contrib/ipfilter.old/parse.c src/contrib/ipfilter/parse.c
--- src/contrib/ipfilter.old/parse.c Thu Apr 3 20:13:44 1997
+++ src/contrib/ipfilter/parse.c Sun Apr 6 03:15:23 1997
@@ -5,6 +5,9 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*/
+
+#include "ipfconf.h"
+
#include <stdio.h>
#include <string.h>
#if !defined(__SVR4) && !defined(__svr4__)
@@ -14,6 +17,7 @@
#endif
#include <sys/types.h>
#include <sys/param.h>
+#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/solaris.c src/contrib/ipfilter/solaris.c
--- src/contrib/ipfilter.old/solaris.c Thu Apr 3 20:14:10 1997
+++ src/contrib/ipfilter/solaris.c Sun Apr 6 03:15:53 1997
@@ -8,6 +8,8 @@
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
#pragma ident "$Id: solaris.c,v 2.0.2.3 1997/03/27 13:45:28 darrenr Exp $";
+#include "ipfconf.h"
+
#include <sys/systm.h>
#include <sys/types.h>
#include <sys/param.h>
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970405194750.19626.qmail>