aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2013-08-11 14:28:45 +0000
committerCy Schubert <cy@FreeBSD.org>2013-08-11 14:28:45 +0000
commit05ddbb8d93073fe6263bb3fff26e1c4c8651352e (patch)
tree1edb84380ee8d48a5e93a53f33d1b6373e330d5e
parentc63520fcdd8c7ba7a737717520fa3896db69342f (diff)
downloadsrc-05ddbb8d93073fe6263bb3fff26e1c4c8651352e.tar.gz
src-05ddbb8d93073fe6263bb3fff26e1c4c8651352e.zip
Import IP-Filter 5.1.2 into vendor branches using the existing license that
the current version of IP-Filter in FreeBSD is under as per email received from Darren Reed on Mon, 08 Jul 2013 23:54:16 +1000. Approved by: glebius (Mentor), Darren Reed <darrenr@reed.wattle.id.au>
Notes
Notes: svn path=/vendor/ipfilter/dist/; revision=254219
-rw-r--r--.cvsignore53
-rw-r--r--4bsd/conf.c.diffs41
-rw-r--r--4bsd/files.diffs23
-rw-r--r--4bsd/files.newconf.diffs23
-rw-r--r--4bsd/files.oldconf.diffs23
-rw-r--r--4bsd/filez.diffs23
-rw-r--r--4bsd/ip_input.c.diffs38
-rw-r--r--4bsd/ip_output.c.diffs36
-rwxr-xr-x4bsd/kinstall55
-rw-r--r--AIX/Makefile401
-rw-r--r--AIX/Makefile.ipsend78
-rw-r--r--AIX/aix_cfg_ipf.c257
-rwxr-xr-xAIX/bootbits.sh21
-rwxr-xr-xAIX/cpurev6
-rw-r--r--AIX/ipfkext.exp2
-rw-r--r--AIX/ipfkext.map (renamed from FWTK/FWTK.sed)0
-rw-r--r--BNF2
-rw-r--r--BSD/.cvsignore22
-rw-r--r--BSD/Makefile155
-rw-r--r--BSD/Makefile.ipsend7
-rwxr-xr-xBSD/ipfadm-rcd2
-rw-r--r--BSD/kupgrade86
-rwxr-xr-xBSD/upgrade46
-rw-r--r--BSDOS/files.diffs23
-rw-r--r--BSDOS/ioconf.c.i386.diffs28
-rw-r--r--BSDOS/ip_input.c.diffs37
-rw-r--r--BSDOS/ip_output.c.diffs35
-rwxr-xr-xBSDOS/kinstall56
-rw-r--r--BSDOS3/OBJS/README6
-rw-r--r--BSDOS3/OBJS/files342
-rw-r--r--BSDOS3/OBJS/ioconf.c644
-rw-r--r--BSDOS3/files.diffs23
-rw-r--r--BSDOS3/in_proto.c.diffs16
-rw-r--r--BSDOS3/ioconf.c.i386.diffs28
-rw-r--r--BSDOS3/ip_input.c.diffs37
-rw-r--r--BSDOS3/ip_output.c.diffs33
-rw-r--r--BSDOS3/kinstall77
-rw-r--r--BSDOS3/unkinstall55
-rw-r--r--BSDOS4/files.diffs23
-rw-r--r--BSDOS4/in_proto.c.diffs16
-rw-r--r--BSDOS4/ioconf.c.i386.diffs28
-rw-r--r--BSDOS4/ip_input.c.diffs38
-rw-r--r--BSDOS4/ip_output.c.diffs35
-rw-r--r--BSDOS4/kinstall80
-rw-r--r--BSDOS4/unkinstall55
-rw-r--r--FAQ.FreeBSD6
-rw-r--r--FWTK/ftp-gw.diff2
-rw-r--r--FWTK/fwtk-2.1-transparency.txt707
-rw-r--r--FWTK/fwtk_transparent.diff4
-rw-r--r--FWTK/tproxy.diff82
-rwxr-xr-xFreeBSD-2.2/kinstall4
-rw-r--r--FreeBSD-3/INST.FreeBSD-34
-rwxr-xr-xFreeBSD-3/kinstall4
-rw-r--r--FreeBSD-4.0/INST.FreeBSD-424
-rwxr-xr-xFreeBSD-4.0/ipv6-patch61
-rwxr-xr-xFreeBSD-4.0/kinstall4
-rwxr-xr-xFreeBSD/kinstall4
-rw-r--r--HISTORY1003
-rw-r--r--HPUX/INSTALL.TXT45
-rwxr-xr-xHPUX/IPF-ALL/checkinstall29
-rwxr-xr-xHPUX/IPF-ALL/checkremove28
-rwxr-xr-xHPUX/IPF-ALL/description6
-rwxr-xr-xHPUX/IPF-ALL/postinstall70
-rwxr-xr-xHPUX/IPF-ALL/postremove31
-rwxr-xr-xHPUX/IPF-ALL/preinstall50
-rwxr-xr-xHPUX/IPF-ALL/preremove29
-rwxr-xr-xHPUX/IPF-ALL/verify28
-rw-r--r--HPUX/Makefile464
-rw-r--r--HPUX/Makefile.ipsend65
-rwxr-xr-xHPUX/cpurev6
-rw-r--r--HPUX/ethers.c124
-rwxr-xr-xHPUX/installmod27
-rw-r--r--HPUX/ipf.psf.dist161
-rw-r--r--HPUX/ipfboot115
-rw-r--r--HPUX/ipfconf26
-rwxr-xr-xHPUX/makeargs10
-rw-r--r--HPUX/master33
-rw-r--r--HPUX/space.h3
-rw-r--r--HPUX/system8
-rw-r--r--INSTALL.FreeBSD11
-rw-r--r--INSTALL.IRIX23
-rw-r--r--INSTALL.Linux69
-rw-r--r--INSTALL.Sol215
-rw-r--r--INSTALL.Tru6418
-rw-r--r--IRIX/Makefile81
-rw-r--r--IRIX/Makefile.common380
-rw-r--r--IRIX/Makefile.ipsend68
-rw-r--r--IRIX/Makefile.ipsend.std (renamed from ipsd/ipsd.sed)0
-rw-r--r--IRIX/Makefile.std66
-rwxr-xr-xIRIX/cpurev10
-rwxr-xr-x[-rw-r--r--]IRIX/getkflags (renamed from test/expected/expected.sed)0
-rwxr-xr-xIRIX/getrev13
-rw-r--r--IRIX/ipfboot85
-rw-r--r--IRIX/ipl3
-rw-r--r--Linux/Makefile540
-rw-r--r--Linux/Makefile.ipsend79
-rw-r--r--Linux/Makefile.kbuild198
-rw-r--r--Linux/Tips_SuSE91.txt5
-rwxr-xr-xLinux/howchkconfig8
-rw-r--r--Linux/initscript8
-rw-r--r--Linux/ipf-linux.h187
-rwxr-xr-x[-rw-r--r--]Linux/ipfilter (renamed from test/input/input.sed)0
-rwxr-xr-xLinux/ipfilter-redhat108
-rwxr-xr-xLinux/ipfilter-suse106
-rw-r--r--Linux/ipfilter.spec.dist98
-rwxr-xr-xLinux/linuxversion3
-rwxr-xr-xLinux/minstall18
-rwxr-xr-xLinux/mkinit10
-rw-r--r--Makefile46
-rw-r--r--NAT.FreeBSD6
-rw-r--r--NetBSD-1.2/conf.c-PATCH52
-rw-r--r--NetBSD-1.2/files-PATCH21
-rw-r--r--NetBSD-1.2/files.oldconf-PATCH21
-rw-r--r--NetBSD-1.2/in_proto.c-PATCH16
-rw-r--r--NetBSD-1.2/ip_input.c-PATCH37
-rw-r--r--NetBSD-1.2/ip_output.c-PATCH37
-rwxr-xr-xNetBSD-1.2/kinstall135
-rwxr-xr-xNetBSD-1.2/minstall135
-rw-r--r--NetBSD/conf.c.diffs39
-rw-r--r--NetBSD/conf.c.old.diffs39
-rw-r--r--NetBSD/files.diffs23
-rw-r--r--NetBSD/files.newconf.diffs23
-rw-r--r--NetBSD/files.oldconf.diffs23
-rw-r--r--NetBSD/filez.diffs23
-rw-r--r--NetBSD/in_proto.c.diffs16
-rw-r--r--NetBSD/in_proto.c.old.diffs16
-rw-r--r--NetBSD/ip_input.c.diffs37
-rw-r--r--NetBSD/ip_output.c.diffs36
-rwxr-xr-xNetBSD/kinstall88
-rwxr-xr-xNetBSD/minstall67
-rwxr-xr-xNetBSD/unkinstall68
-rwxr-xr-xNetBSD/unminstall52
-rw-r--r--OSF/Makefile409
-rw-r--r--OSF/Makefile.ipsend78
-rwxr-xr-xOSF/cpurev6
-rw-r--r--OSF/ipfboot181
-rw-r--r--OSF/sysconfigtab15
-rw-r--r--OpenBSD-2/2.9-IPv6.diffs86
-rw-r--r--OpenBSD-2/files.diffs14
-rw-r--r--OpenBSD-2/ipf-fastroute.patch-2.7 (renamed from test/regress/regress.sed)0
-rwxr-xr-xOpenBSD-2/kinstall88
-rw-r--r--OpenBSD-2/mknewipf.sh21
-rw-r--r--OpenBSD-2/patch.121
-rw-r--r--OpenBSD-2/unkinstall53
-rw-r--r--OpenBSD-3/3.0-MAKEDEV-diffs612
-rw-r--r--OpenBSD-3/3.0-rc-diffs83
-rw-r--r--OpenBSD-3/3.0-sys-diffs986
-rw-r--r--OpenBSD-3/3.1-MAKEDEV-diffs349
-rw-r--r--OpenBSD-3/3.1-rc-diffs89
-rw-r--r--OpenBSD-3/3.1-sys-diffs918
-rw-r--r--OpenBSD-3/3.2-MAKEDEV-diffs818
-rw-r--r--OpenBSD-3/3.2-rc-diffs91
-rw-r--r--OpenBSD-3/3.2-sys-diffs1056
-rw-r--r--OpenBSD-3/3.3-MAKEDEV-diffs797
-rw-r--r--OpenBSD-3/3.3-rc-diffs91
-rw-r--r--OpenBSD-3/3.3-sys-diffs1015
-rw-r--r--OpenBSD-3/3.4-MAKEDEV-diffs797
-rw-r--r--OpenBSD-3/3.4-rc-diffs91
-rw-r--r--OpenBSD-3/3.4-sys-diffs1017
-rw-r--r--OpenBSD-3/3.5-MAKEDEV-diffs615
-rw-r--r--OpenBSD-3/3.5-rc-diffs91
-rw-r--r--OpenBSD-3/3.5-sys-diffs778
-rw-r--r--OpenBSD-3/README.3_075
-rw-r--r--OpenBSD-3/README.3_186
-rw-r--r--OpenBSD-3/README.3_286
-rw-r--r--OpenBSD-3/README.3_386
-rw-r--r--OpenBSD-3/README.3_486
-rw-r--r--OpenBSD-3/README.3_586
-rwxr-xr-xOpenBSD-3/fixdist-3.0495
-rwxr-xr-xOpenBSD-3/fixdist-3.2495
-rwxr-xr-xOpenBSD-3/fixdist-3.3495
-rwxr-xr-xOpenBSD-3/fixdist-3.4495
-rwxr-xr-xOpenBSD-3/fixdist-3.5495
-rwxr-xr-xOpenBSD-3/makedevs-3.070
-rwxr-xr-xOpenBSD-3/makedevs-3.170
-rwxr-xr-xOpenBSD-3/makedevs-3.270
-rwxr-xr-xOpenBSD-3/makedevs-3.370
-rwxr-xr-xOpenBSD-3/makedevs-3.470
-rwxr-xr-xOpenBSD-3/makedevs-3.570
-rw-r--r--OpenBSD/files.diffs18
-rwxr-xr-xOpenBSD/kinstall82
-rw-r--r--OpenBSD/mknewipf.sh21
-rw-r--r--OpenBSD/patch.121
-rw-r--r--OpenBSD/unkinstall53
-rw-r--r--QNX_OCL.txt275
-rw-r--r--SunOS4/Makefile391
-rw-r--r--SunOS4/Makefile.ipsend77
-rw-r--r--SunOS4/conf.c.diff45
-rw-r--r--SunOS4/files.cmn.diff25
-rw-r--r--SunOS4/in_proto.c.diffs16
-rwxr-xr-xSunOS4/kinstall60
-rwxr-xr-xSunOS4/minstall35
-rwxr-xr-xSunOS4/mkroutes35
-rwxr-xr-xSunOS4/rc.ipf41
-rwxr-xr-xSunOS4/reload21
-rwxr-xr-xSunOS4/unkinstall47
-rwxr-xr-xSunOS4/unminstall33
-rw-r--r--SunOS5/Makefile617
-rw-r--r--SunOS5/Makefile.ipsend62
-rw-r--r--SunOS5/copyright16
-rw-r--r--SunOS5/depend2
-rw-r--r--SunOS5/ipf.conf3
-rw-r--r--SunOS5/ipfboot233
-rwxr-xr-xSunOS5/makeargs10
-rw-r--r--SunOS5/mblk_misc.c122
-rw-r--r--SunOS5/pkginfo18
-rwxr-xr-xSunOS5/postinstall40
-rwxr-xr-xSunOS5/postremove12
-rwxr-xr-xSunOS5/preremove10
-rw-r--r--SunOS5/prototype100
-rw-r--r--SunOS5/prototype32112
-rw-r--r--SunOS5/prototype6416
-rw-r--r--SunOS5/prototype_amd6416
-rw-r--r--SunOS5/prototype_ia32112
-rwxr-xr-xSunOS5/replace137
-rwxr-xr-xSunOS5/solinstall48
-rwxr-xr-xSunOS5/uninstall13
-rw-r--r--UPGRADE_NOTICE10
-rw-r--r--WhatsNew50.txt83
-rw-r--r--arc4random.c277
-rw-r--r--bpf-ipf.h450
-rw-r--r--bpf.h450
-rw-r--r--bpf_filter.c593
-rwxr-xr-xbuildlinux16
-rwxr-xr-xbuildsunos108
-rw-r--r--common.c610
-rw-r--r--etc/etc.sed2
-rw-r--r--etc/protocols2
-rw-r--r--etc/services6
-rw-r--r--facpri.c151
-rw-r--r--facpri.h40
-rw-r--r--fil.c8829
-rw-r--r--fils.c1536
-rw-r--r--hpux.c651
-rw-r--r--inet_addr.c199
-rw-r--r--ip_auth.c1384
-rw-r--r--ip_auth.h51
-rw-r--r--ip_compat.h1141
-rw-r--r--ip_dns_pxy.c402
-rw-r--r--ip_dstlist.c1351
-rw-r--r--ip_dstlist.h68
-rw-r--r--ip_fil.c618
-rw-r--r--ip_fil.h1554
-rw-r--r--ip_fil_aix.c1706
-rw-r--r--ip_fil_compat.c4854
-rw-r--r--ip_fil_freebsd.c1316
-rw-r--r--ip_fil_hpux.c923
-rw-r--r--ip_fil_irix.c1369
-rw-r--r--ip_fil_linux.c1169
-rw-r--r--ip_fil_netbsd.c2127
-rw-r--r--ip_fil_openbsd.c1306
-rw-r--r--ip_fil_osf.c1378
-rw-r--r--ip_fil_solaris.c1550
-rw-r--r--ip_fil_sunos4.c969
-rw-r--r--ip_frag.c1195
-rw-r--r--ip_frag.h103
-rw-r--r--ip_ftp_pxy.c1720
-rw-r--r--ip_h323_pxy.c296
-rw-r--r--ip_htable.c1378
-rw-r--r--ip_htable.h50
-rw-r--r--ip_ipsec_pxy.c336
-rw-r--r--ip_irc_pxy.c129
-rw-r--r--ip_lfil.c975
-rw-r--r--ip_log.c682
-rw-r--r--ip_lookup.c999
-rw-r--r--ip_lookup.h105
-rw-r--r--ip_msnrpc_pxy.c328
-rw-r--r--ip_nat.c7655
-rw-r--r--ip_nat.h676
-rw-r--r--ip_nat6.c4098
-rw-r--r--ip_netbios_pxy.c40
-rw-r--r--ip_pool.c1411
-rw-r--r--ip_pool.h86
-rw-r--r--ip_pptp_pxy.c307
-rw-r--r--ip_proxy.c1198
-rw-r--r--ip_proxy.h215
-rw-r--r--ip_raudio_pxy.c103
-rw-r--r--ip_rcmd_pxy.c331
-rw-r--r--ip_rpcb_pxy.c341
-rw-r--r--ip_scan.c255
-rw-r--r--ip_scan.h24
-rw-r--r--ip_sfil.c991
-rw-r--r--ip_state.c4215
-rw-r--r--ip_state.h206
-rw-r--r--ip_sync.c1038
-rw-r--r--ip_sync.h40
-rw-r--r--ip_tftp_pxy.c506
-rw-r--r--ipf.c764
-rw-r--r--ipf.h168
-rw-r--r--ipf_rb.h364
-rw-r--r--ipfs.c859
-rw-r--r--ipft_ef.c155
-rw-r--r--ipft_hx.c173
-rw-r--r--ipft_pc.c275
-rw-r--r--ipft_sn.c219
-rw-r--r--ipft_td.c193
-rw-r--r--ipft_tx.c353
-rw-r--r--ipl.h12
-rw-r--r--ipl_ldev.c83
-rw-r--r--iplang/.cvsignore9
-rw-r--r--iplang/Makefile9
-rw-r--r--iplang/iplang.h2
-rw-r--r--iplang/iplang.tst2
-rw-r--r--iplang/iplang_l.l4
-rw-r--r--iplang/iplang_y.y22
-rw-r--r--ipmon.c1493
-rw-r--r--ipmon.h93
-rw-r--r--ipnat.c433
-rw-r--r--ipsd/Makefile2
-rw-r--r--ipsd/ip_compat.h201
-rw-r--r--ipsd/ipsd.c24
-rw-r--r--ipsd/ipsdr.c32
-rw-r--r--ipsd/linux.h2
-rw-r--r--ipsd/sbpf.c10
-rw-r--r--ipsd/sdlpi.c10
-rw-r--r--ipsd/slinux.c10
-rw-r--r--ipsd/snit.c10
-rw-r--r--ipsend/.cvsignore3
-rw-r--r--ipsend/44arp.c7
-rw-r--r--ipsend/Makefile2
-rw-r--r--ipsend/README8
-rw-r--r--ipsend/arp.c11
-rw-r--r--ipsend/dlcommon.c218
-rw-r--r--ipsend/hpux.c112
-rw-r--r--ipsend/in_var.h177
-rw-r--r--ipsend/ip.c48
-rw-r--r--ipsend/ip_compat.h242
-rw-r--r--ipsend/ip_var.h123
-rw-r--r--ipsend/ipresend.c19
-rw-r--r--ipsend/ipsend.52
-rw-r--r--ipsend/ipsend.c20
-rw-r--r--ipsend/ipsend.h2
-rw-r--r--ipsend/ipsend.sed3
-rw-r--r--ipsend/ipsopt.c18
-rw-r--r--ipsend/iptest.c8
-rw-r--r--ipsend/iptests.c98
-rw-r--r--ipsend/larp.c8
-rw-r--r--ipsend/linux.h2
-rw-r--r--ipsend/lsock.c20
-rw-r--r--ipsend/resend.c31
-rw-r--r--ipsend/sbpf.c14
-rw-r--r--ipsend/sdlpi.c13
-rw-r--r--ipsend/sirix.c2
-rw-r--r--ipsend/slinux.c10
-rw-r--r--ipsend/snit.c12
-rw-r--r--ipsend/sock.c29
-rw-r--r--ipsend/tcpip.h84
-rw-r--r--ipsend/ultrix.c84
-rw-r--r--ipt.c551
-rw-r--r--ipt.h9
-rw-r--r--kmem.c244
-rw-r--r--kmem.h4
-rw-r--r--l4check/Makefile2
-rw-r--r--l4check/l4check.c83
-rw-r--r--lib/Makefile209
-rw-r--r--lib/addicmp.c4
-rw-r--r--lib/addipopt.c22
-rw-r--r--lib/addkeep.c84
-rw-r--r--lib/alist_free.c6
-rw-r--r--lib/alist_new.c89
-rw-r--r--lib/allocmbt.c22
-rw-r--r--lib/assigndefined.c27
-rw-r--r--lib/bcopywrap.c12
-rw-r--r--lib/binprint.c8
-rw-r--r--lib/buildopts.c14
-rw-r--r--lib/checkrev.c24
-rw-r--r--lib/connecttcp.c48
-rw-r--r--lib/count4bits.c6
-rw-r--r--lib/count6bits.c6
-rw-r--r--lib/debug.c37
-rw-r--r--lib/dupmbt.c24
-rw-r--r--lib/extras.c112
-rw-r--r--lib/facpri.c24
-rw-r--r--lib/facpri.h4
-rw-r--r--lib/familyname.c12
-rw-r--r--lib/fill6bits.c8
-rw-r--r--lib/findword.c25
-rw-r--r--lib/flags.c4
-rw-r--r--lib/freembt.c16
-rw-r--r--lib/ftov.c16
-rw-r--r--lib/genmask.c66
-rw-r--r--lib/gethost.c69
-rw-r--r--lib/geticmptype.c29
-rw-r--r--lib/getifname.c19
-rw-r--r--lib/getline.c56
-rw-r--r--lib/getnattype.c43
-rw-r--r--lib/getport.c31
-rw-r--r--lib/getportproto.c16
-rw-r--r--lib/getproto.c20
-rw-r--r--lib/getsumd.c14
-rw-r--r--lib/hexdump.c28
-rw-r--r--lib/hostmask.c93
-rw-r--r--lib/hostname.c24
-rw-r--r--lib/hostnum.c47
-rw-r--r--lib/icmpcode.c4
-rw-r--r--lib/icmptypename.c28
-rw-r--r--lib/icmptypes.c107
-rw-r--r--lib/inet_addr.c208
-rw-r--r--lib/initparse.c4
-rw-r--r--lib/interror.c582
-rw-r--r--lib/ionames.c49
-rw-r--r--lib/ipf_dotuning.c26
-rw-r--r--lib/ipf_perror.c47
-rw-r--r--lib/ipft_ef.c133
-rw-r--r--lib/ipft_hx.c47
-rw-r--r--lib/ipft_pc.c163
-rw-r--r--lib/ipft_sn.c195
-rw-r--r--lib/ipft_td.c176
-rw-r--r--lib/ipft_tx.c273
-rw-r--r--lib/ipoptsec.c15
-rw-r--r--lib/kmem.c32
-rw-r--r--lib/kmem.h4
-rw-r--r--lib/kmemcpywrap.c16
-rw-r--r--lib/kvatoname.c18
-rw-r--r--lib/load_dstlist.c69
-rw-r--r--lib/load_dstlistnode.c70
-rw-r--r--lib/load_file.c44
-rw-r--r--lib/load_hash.c47
-rw-r--r--lib/load_hashnode.c42
-rw-r--r--lib/load_http.c97
-rw-r--r--lib/load_pool.c36
-rw-r--r--lib/load_poolnode.c43
-rw-r--r--lib/load_url.c12
-rw-r--r--lib/loglevel.c53
-rw-r--r--lib/make_range.c24
-rw-r--r--lib/mb_hexdump.c32
-rw-r--r--lib/msgdsize.c20
-rw-r--r--lib/mutex_emul.c81
-rw-r--r--lib/nametokva.c18
-rw-r--r--lib/nat_setgroupmap.c20
-rw-r--r--lib/natparse.c728
-rw-r--r--lib/ntomask.c29
-rw-r--r--lib/optname.c10
-rw-r--r--lib/optprint.c8
-rw-r--r--lib/optprintv6.c10
-rw-r--r--lib/optvalue.c8
-rw-r--r--lib/parse.c752
-rw-r--r--lib/parsefields.c48
-rw-r--r--lib/parseipfexpr.c283
-rw-r--r--lib/parsewhoisline.c132
-rw-r--r--lib/poolio.c53
-rw-r--r--lib/portname.c15
-rw-r--r--lib/portnum.c62
-rw-r--r--lib/ports.c79
-rw-r--r--lib/prependmbt.c18
-rw-r--r--lib/print_toif.c50
-rw-r--r--lib/printactiveaddr.c37
-rw-r--r--lib/printactivenat.c130
-rw-r--r--lib/printaddr.c75
-rw-r--r--lib/printaps.c63
-rw-r--r--lib/printbuf.c18
-rw-r--r--lib/printdstl_live.c84
-rw-r--r--lib/printdstlist.c60
-rw-r--r--lib/printdstlistdata.c47
-rw-r--r--lib/printdstlistnode.c78
-rw-r--r--lib/printdstlistpolicy.c31
-rw-r--r--lib/printfieldhdr.c55
-rw-r--r--lib/printfr.c448
-rw-r--r--lib/printfraginfo.c32
-rw-r--r--lib/printhash.c22
-rw-r--r--lib/printhash_live.c41
-rw-r--r--lib/printhashdata.c52
-rw-r--r--lib/printhashnode.c48
-rw-r--r--lib/printhost.c35
-rw-r--r--lib/printhostmap.c35
-rw-r--r--lib/printhostmask.c33
-rw-r--r--lib/printifname.c16
-rw-r--r--lib/printip.c35
-rw-r--r--lib/printipfexpr.c197
-rw-r--r--lib/printiphdr.c20
-rw-r--r--lib/printlog.c21
-rw-r--r--lib/printlookup.c42
-rw-r--r--lib/printmask.c26
-rw-r--r--lib/printnat.c365
-rw-r--r--lib/printnataddr.c48
-rw-r--r--lib/printnatfield.c220
-rw-r--r--lib/printnatside.c55
-rw-r--r--lib/printpacket.c67
-rw-r--r--lib/printpacket6.c39
-rw-r--r--lib/printpool.c29
-rw-r--r--lib/printpool_live.c54
-rw-r--r--lib/printpooldata.c52
-rw-r--r--lib/printpoolfield.c168
-rw-r--r--lib/printpoolnode.c42
-rw-r--r--lib/printportcmp.c17
-rw-r--r--lib/printproto.c38
-rw-r--r--lib/printsbuf.c26
-rw-r--r--lib/printstate.c151
-rw-r--r--lib/printstatefields.c358
-rw-r--r--lib/printtcpflags.c30
-rw-r--r--lib/printtqtable.c17
-rw-r--r--lib/printtunable.c29
-rw-r--r--lib/printunit.c47
-rw-r--r--lib/ratoi.c24
-rw-r--r--lib/ratoui.c24
-rw-r--r--lib/remove_hash.c25
-rw-r--r--lib/remove_hashnode.c28
-rw-r--r--lib/remove_pool.c25
-rw-r--r--lib/remove_poolnode.c27
-rw-r--r--lib/resetlexer.c12
-rw-r--r--lib/rwlock_emul.c50
-rw-r--r--lib/save_execute.c80
-rw-r--r--lib/save_file.c130
-rw-r--r--lib/save_nothing.c58
-rw-r--r--lib/save_syslog.c137
-rw-r--r--lib/save_v1trap.c463
-rw-r--r--lib/save_v2trap.c459
-rw-r--r--lib/tcp_flags.c48
-rw-r--r--lib/tcpflags.c6
-rw-r--r--lib/tcpoptnames.c4
-rw-r--r--lib/to_interface.c29
-rw-r--r--lib/v6ionames.c8
-rw-r--r--lib/v6optvalue.c8
-rw-r--r--lib/var.c26
-rw-r--r--lib/verbose.c32
-rw-r--r--lib/vtof.c16
-rw-r--r--linux.c351
-rw-r--r--linux.h9
-rw-r--r--man/Makefile2
-rw-r--r--man/ipf.1109
-rw-r--r--man/ipf.410
-rw-r--r--man/ipf.52191
-rw-r--r--man/ipfilter.418
-rw-r--r--man/ipfilter.4.mandoc22
-rw-r--r--man/ipfstat.810
-rw-r--r--man/ipftest.13
-rw-r--r--man/ipmon.5237
-rw-r--r--man/ipmon.82
-rw-r--r--man/ipnat.148
-rw-r--r--man/ipnat.42
-rw-r--r--man/ipnat.5911
-rw-r--r--man/ipnat.85
-rw-r--r--man/ippool.5415
-rw-r--r--man/ippool.811
-rw-r--r--man/man.sed1
-rw-r--r--md5.c11
-rw-r--r--misc.c207
-rw-r--r--mkfilters4
-rw-r--r--ml_ipl.c77
-rw-r--r--mlf_ipl.c303
-rw-r--r--mlf_rule.c26
-rw-r--r--mlfk_ipl.c384
-rw-r--r--mlfk_rule.c9
-rw-r--r--mlh_rule.c8
-rw-r--r--mli_ipl.c443
-rw-r--r--mln_ipl.c286
-rw-r--r--mln_rule.c83
-rw-r--r--mlo_ipl.c362
-rw-r--r--mlo_rule.c78
-rw-r--r--mls_ipl.c222
-rw-r--r--mls_rule.c114
-rw-r--r--mlso_rule.c128
-rw-r--r--natparse.c902
-rw-r--r--net/.cvsignore1
-rw-r--r--opt.c179
-rw-r--r--opt_inet6.h1
-rw-r--r--opts.h6
-rw-r--r--parse.c1510
-rw-r--r--pcap-ipf.h2
-rw-r--r--pcap.h34
-rw-r--r--perl/Ipfanaly.pl62
-rw-r--r--perl/Isbgraph14
-rw-r--r--perl/Services164
-rw-r--r--perl/ipfmeta.pl4
-rw-r--r--perl/logfilter.pl38
-rw-r--r--printnat.c487
-rw-r--r--printstate.c151
-rw-r--r--radix.c1212
-rw-r--r--radix_ipf.c1528
-rw-r--r--radix_ipf.h287
-rw-r--r--relay.c227
-rw-r--r--rules/.cvsignore1
-rw-r--r--rules/BASIC_1.FW4
-rw-r--r--rules/BASIC_2.FW2
-rw-r--r--rules/firewall2
-rw-r--r--rules/ipmon.conf29
-rw-r--r--rules/rules.sed5
-rw-r--r--rules/server2
-rw-r--r--samples/.cvsignore4
-rw-r--r--samples/proxy.c12
-rw-r--r--samples/relay.c6
-rw-r--r--snoop.h4
-rw-r--r--solaris.c2561
-rw-r--r--sys/tree.h750
-rw-r--r--test/.cvsignore72
-rw-r--r--test/Makefile479
-rw-r--r--test/bpftest35
-rw-r--r--test/dotest43
-rw-r--r--test/e4to661
-rw-r--r--test/expected/.cvsignore1
-rw-r--r--test/expected/116
-rw-r--r--test/expected/1440
-rw-r--r--test/expected/236
-rw-r--r--test/expected/340
-rw-r--r--test/expected/440
-rw-r--r--test/expected/51344
-rw-r--r--test/expected/61344
-rw-r--r--test/expected/754
-rw-r--r--test/expected/836
-rw-r--r--test/expected/f11128
-rw-r--r--test/expected/f1320
-rw-r--r--test/expected/f1822
-rw-r--r--test/expected/f215
-rw-r--r--test/expected/f225
-rw-r--r--test/expected/f2535
-rw-r--r--test/expected/f26 (renamed from test/expected/10)98
-rw-r--r--test/expected/f27 (renamed from test/expected/9)66
-rw-r--r--test/expected/f2832
-rw-r--r--test/expected/f2964
-rw-r--r--test/expected/f30 (renamed from test/expected/11)34
-rw-r--r--test/expected/i16
-rw-r--r--test/expected/i1010
-rw-r--r--test/expected/i1111
-rw-r--r--test/expected/i1276
-rw-r--r--test/expected/i1410
-rw-r--r--test/expected/i1719
-rw-r--r--test/expected/i184
-rw-r--r--test/expected/i1922
-rw-r--r--test/expected/i23
-rw-r--r--test/expected/i208
-rw-r--r--test/expected/i225
-rw-r--r--test/expected/i230
-rw-r--r--test/expected/i316
-rw-r--r--test/expected/i42
-rw-r--r--test/expected/i54
-rw-r--r--test/expected/i612
-rw-r--r--test/expected/i77
-rw-r--r--test/expected/i8101
-rw-r--r--test/expected/i912
-rw-r--r--test/expected/in144
-rw-r--r--test/expected/in1003
-rw-r--r--test/expected/in1014
-rw-r--r--test/expected/in1025
-rw-r--r--test/expected/in2106
-rw-r--r--test/expected/in34
-rw-r--r--test/expected/in546
-rw-r--r--test/expected/in616
-rw-r--r--test/expected/in70
-rw-r--r--test/expected/ip1100
-rw-r--r--test/expected/ip24
-rw-r--r--test/expected/ip314
-rw-r--r--test/expected/ipv6.4 (renamed from test/expected/12)35
-rw-r--r--test/expected/ipv6.67
-rw-r--r--test/expected/l111
-rw-r--r--test/expected/l1.b13
-rw-r--r--test/expected/n1296
-rw-r--r--test/expected/n1063
-rw-r--r--test/expected/n10033
-rw-r--r--test/expected/n10129
-rw-r--r--test/expected/n10229
-rw-r--r--test/expected/n10333
-rw-r--r--test/expected/n10450
-rw-r--r--test/expected/n10525
-rw-r--r--test/expected/n10625
-rw-r--r--test/expected/n11169
-rw-r--r--test/expected/n11_6124
-rw-r--r--test/expected/n1221
-rw-r--r--test/expected/n12_628
-rw-r--r--test/expected/n1335
-rw-r--r--test/expected/n13_632
-rw-r--r--test/expected/n1433
-rw-r--r--test/expected/n14_630
-rw-r--r--test/expected/n1547
-rw-r--r--test/expected/n15_647
-rw-r--r--test/expected/n1610
-rw-r--r--test/expected/n1724
-rw-r--r--test/expected/n18111
-rw-r--r--test/expected/n1_6197
-rw-r--r--test/expected/n2263
-rw-r--r--test/expected/n20025
-rw-r--r--test/expected/n2_6191
-rw-r--r--test/expected/n374
-rw-r--r--test/expected/n4244
-rw-r--r--test/expected/n4_6190
-rw-r--r--test/expected/n5851
-rw-r--r--test/expected/n5_6533
-rw-r--r--test/expected/n6233
-rw-r--r--test/expected/n6_6173
-rw-r--r--test/expected/n7122
-rw-r--r--test/expected/n7_698
-rw-r--r--test/expected/n821
-rw-r--r--test/expected/n8_630
-rw-r--r--test/expected/n920
-rw-r--r--test/expected/n9_629
-rw-r--r--test/expected/ni103
-rw-r--r--test/expected/ni115
-rw-r--r--test/expected/ni127
-rw-r--r--test/expected/ni177
-rw-r--r--test/expected/ni185
-rw-r--r--test/expected/ni1918
-rw-r--r--test/expected/ni22
-rw-r--r--test/expected/ni2044
-rw-r--r--test/expected/ni218
-rw-r--r--test/expected/ni2334
-rw-r--r--test/expected/ni42
-rw-r--r--test/expected/ni535
-rw-r--r--test/expected/ni678
-rw-r--r--test/expected/ni82
-rw-r--r--test/expected/p113
-rw-r--r--test/expected/p1040
-rw-r--r--test/expected/p1140
-rw-r--r--test/expected/p1240
-rw-r--r--test/expected/p1330
-rw-r--r--test/expected/p218
-rw-r--r--test/expected/p326
-rw-r--r--test/expected/p438
-rw-r--r--test/expected/p52
-rw-r--r--test/expected/p624
-rw-r--r--test/expected/p740
-rw-r--r--test/expected/p940
-rw-r--r--test/h4to6135
-rw-r--r--test/hextest27
-rw-r--r--test/i4to612
-rw-r--r--test/input/106
-rw-r--r--test/input/1111
-rw-r--r--test/input/1235
-rw-r--r--test/input/1339
-rw-r--r--test/input/145
-rw-r--r--test/input/26
-rw-r--r--test/input/35
-rw-r--r--test/input/45
-rw-r--r--test/input/528
-rw-r--r--test/input/628
-rw-r--r--test/input/79
-rw-r--r--test/input/86
-rw-r--r--test/input/96
-rw-r--r--test/input/f132
-rw-r--r--test/input/f2131
-rw-r--r--test/input/f2231
-rw-r--r--test/input/f242
-rw-r--r--test/input/f2541
-rw-r--r--test/input/f2613
-rw-r--r--test/input/f2784
-rw-r--r--test/input/f287
-rw-r--r--test/input/f2911
-rw-r--r--test/input/f3016
-rw-r--r--test/input/ipf6-126
-rw-r--r--test/input/ipv6.119
-rw-r--r--test/input/ipv6.36
-rw-r--r--test/input/ipv6.4522
-rw-r--r--test/input/ipv6.614
-rw-r--r--test/input/n104
-rw-r--r--test/input/n1008
-rw-r--r--test/input/n1018
-rw-r--r--test/input/n1028
-rw-r--r--test/input/n1038
-rw-r--r--test/input/n10448
-rw-r--r--test/input/n1058
-rw-r--r--test/input/n1068
-rw-r--r--test/input/n10_66
-rw-r--r--test/input/n11_616
-rw-r--r--test/input/n1212
-rw-r--r--test/input/n12_618
-rw-r--r--test/input/n13_64
-rw-r--r--test/input/n14_64
-rw-r--r--test/input/n152
-rw-r--r--test/input/n15_62
-rw-r--r--test/input/n1626
-rw-r--r--test/input/n1724
-rw-r--r--test/input/n17_624
-rw-r--r--test/input/n188
-rw-r--r--test/input/n1_634
-rw-r--r--test/input/n2006
-rw-r--r--test/input/n2_619
-rw-r--r--test/input/n4_610
-rw-r--r--test/input/n5_654
-rw-r--r--test/input/n6_613
-rw-r--r--test/input/n7_69
-rw-r--r--test/input/n812
-rw-r--r--test/input/n8_637
-rw-r--r--test/input/n912
-rw-r--r--test/input/n9_634
-rw-r--r--test/input/ni145
-rw-r--r--test/input/ni1010
-rw-r--r--test/input/ni114
-rw-r--r--test/input/ni1214
-rw-r--r--test/input/ni13130
-rw-r--r--test/input/ni14126
-rw-r--r--test/input/ni152
-rw-r--r--test/input/ni162
-rw-r--r--test/input/ni184
-rw-r--r--test/input/ni1914
-rw-r--r--test/input/ni242
-rw-r--r--test/input/ni2048
-rw-r--r--test/input/ni316
-rw-r--r--test/input/ni414
-rw-r--r--test/input/ni52
-rw-r--r--test/input/ni710
-rw-r--r--test/input/ni811
-rw-r--r--test/input/ni97
-rw-r--r--test/input/p1010
-rw-r--r--test/input/p1110
-rw-r--r--test/input/p1210
-rw-r--r--test/input/p13 (renamed from test/input/1)4
-rw-r--r--test/input/p412
-rw-r--r--test/input/p62
-rw-r--r--test/input/p710
-rw-r--r--test/input/p910
-rwxr-xr-xtest/intest30
-rw-r--r--test/ipflib.sh59
-rw-r--r--test/iptest30
-rw-r--r--test/itest41
-rwxr-xr-xtest/logtest40
-rwxr-xr-xtest/mhtest36
-rwxr-xr-xtest/mtest44
-rwxr-xr-xtest/natipftest48
-rwxr-xr-xtest/nattest43
-rw-r--r--test/ptest47
-rw-r--r--test/regress/14
-rw-r--r--test/regress/1018
-rw-r--r--test/regress/116
-rw-r--r--test/regress/126
-rw-r--r--test/regress/136
-rw-r--r--test/regress/148
-rw-r--r--test/regress/26
-rw-r--r--test/regress/38
-rw-r--r--test/regress/48
-rw-r--r--test/regress/548
-rw-r--r--test/regress/648
-rw-r--r--test/regress/76
-rw-r--r--test/regress/86
-rw-r--r--test/regress/918
-rw-r--r--test/regress/f131
-rw-r--r--test/regress/f212
-rw-r--r--test/regress/f222
-rw-r--r--test/regress/f251
-rw-r--r--test/regress/f266
-rw-r--r--test/regress/f276
-rw-r--r--test/regress/f28.ipf2
-rw-r--r--test/regress/f28.pool2
-rw-r--r--test/regress/f29.ipf2
-rw-r--r--test/regress/f29.pool2
-rw-r--r--test/regress/f304
-rw-r--r--test/regress/i111
-rw-r--r--test/regress/i1210
-rw-r--r--test/regress/i142
-rw-r--r--test/regress/i174
-rw-r--r--test/regress/i186
-rw-r--r--test/regress/i21
-rw-r--r--test/regress/i216
-rw-r--r--test/regress/i225
-rw-r--r--test/regress/i231
-rw-r--r--test/regress/i75
-rw-r--r--test/regress/i833
-rw-r--r--test/regress/in1003
-rw-r--r--test/regress/in1014
-rw-r--r--test/regress/in1025
-rw-r--r--test/regress/in24
-rw-r--r--test/regress/in71
-rw-r--r--test/regress/ip314
-rw-r--r--test/regress/ipf6-13
-rw-r--r--test/regress/ipv6.43
-rw-r--r--test/regress/ipv6.54
-rw-r--r--test/regress/ipv6.61
-rw-r--r--test/regress/n1001
-rw-r--r--test/regress/n1011
-rw-r--r--test/regress/n1021
-rw-r--r--test/regress/n1031
-rw-r--r--test/regress/n1041
-rw-r--r--test/regress/n1051
-rw-r--r--test/regress/n1061
-rw-r--r--test/regress/n10_63
-rw-r--r--test/regress/n11_63
-rw-r--r--test/regress/n122
-rw-r--r--test/regress/n12_61
-rw-r--r--test/regress/n13_61
-rw-r--r--test/regress/n14_61
-rw-r--r--test/regress/n152
-rw-r--r--test/regress/n15_62
-rw-r--r--test/regress/n16_61
-rw-r--r--test/regress/n171
-rw-r--r--test/regress/n17_61
-rw-r--r--test/regress/n183
-rw-r--r--test/regress/n1_63
-rw-r--r--test/regress/n28
-rw-r--r--test/regress/n2001
-rw-r--r--test/regress/n2_64
-rw-r--r--test/regress/n4_66
-rw-r--r--test/regress/n56
-rw-r--r--test/regress/n5_66
-rw-r--r--test/regress/n6_65
-rw-r--r--test/regress/n7_63
-rw-r--r--test/regress/n8_61
-rw-r--r--test/regress/n9_61
-rw-r--r--test/regress/ni1.nat4
-rw-r--r--test/regress/ni13.nat2
-rw-r--r--test/regress/ni14.nat2
-rw-r--r--test/regress/ni17.ipf0
-rw-r--r--test/regress/ni18.ipf0
-rw-r--r--test/regress/ni18.nat4
-rw-r--r--test/regress/ni2.nat2
-rw-r--r--test/regress/ni4.nat2
-rw-r--r--test/regress/p1.pool2
-rw-r--r--test/regress/p10.nat1
-rw-r--r--test/regress/p10.pool2
-rw-r--r--test/regress/p11.nat1
-rw-r--r--test/regress/p11.pool2
-rw-r--r--test/regress/p12.nat1
-rw-r--r--test/regress/p12.pool2
-rw-r--r--test/regress/p13.ipf1
-rw-r--r--test/regress/p13.pool2
-rw-r--r--test/regress/p3.ipf4
-rw-r--r--test/regress/p4.nat1
-rw-r--r--test/regress/p4.pool2
-rw-r--r--test/regress/p6.ipf1
-rw-r--r--test/regress/p6.pool1
-rw-r--r--test/regress/p6.whois241
-rw-r--r--test/regress/p7.nat1
-rw-r--r--test/regress/p7.pool2
-rw-r--r--test/regress/p9.nat1
-rw-r--r--test/regress/p9.pool2
-rw-r--r--test/test.format105
-rw-r--r--test/test.sed6
-rwxr-xr-xtest/vfycksum.pl282
-rw-r--r--todo18
-rw-r--r--tools/BNF.ipf2
-rw-r--r--tools/Makefile17
-rw-r--r--tools/ipf.c148
-rw-r--r--tools/ipf_y.y1296
-rw-r--r--tools/ipfcomp.c142
-rw-r--r--tools/ipfs.c46
-rw-r--r--tools/ipfstat.c1085
-rw-r--r--tools/ipfsyncd.c671
-rw-r--r--tools/ipftest.c414
-rw-r--r--tools/ipmon.c1256
-rw-r--r--tools/ipmon_y.y722
-rw-r--r--tools/ipnat.c544
-rw-r--r--tools/ipnat_y.y1556
-rw-r--r--tools/ippool.c434
-rw-r--r--tools/ippool_y.y551
-rw-r--r--tools/ipscan_y.y5
-rw-r--r--tools/ipsyncm.c46
-rw-r--r--tools/ipsyncs.c52
-rw-r--r--tools/lex_var.h2
-rw-r--r--tools/lexer.c128
-rw-r--r--tools/lexer.h8
-rw-r--r--tru64.c1281
937 files changed, 111223 insertions, 49116 deletions
diff --git a/.cvsignore b/.cvsignore
index 616828f4144d..1e12757928ce 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,28 +1,43 @@
-ipf
-sparcv7
-sparcv9
-h
-ipf-darren
-bugs
-ipftest
-patches
-state
-cbits
CVS
-old
-new
-netinet
-import
+amd64
bak
-streams
+bugs
+cbits
cvs.diff
-threads
+cvs.diffs
+extern
glibc
+h
hp
-windows
+i86
+import
+ipf
+ipf-darren
+ipfstat
+ipftest
ipnat
-opt_inet6.h
ippool
ipmon
-ip_rules.c
+ipscan
+ipsyncm
+ipsyncs
ip_rules.h
+ip_rules.c
+net
+netinet
+new
+old
+opt_bpf.h
+opt_inet6.h
+opt_pfil.h
+patches
+sparcv7
+sparcv9
+state
+streams
+threads
+windows
+SunOS5/i386-5.10
+*.o
+*/*.o
+*/*/*.o
diff --git a/4bsd/conf.c.diffs b/4bsd/conf.c.diffs
new file mode 100644
index 000000000000..b40324b4d8eb
--- /dev/null
+++ b/4bsd/conf.c.diffs
@@ -0,0 +1,41 @@
+*** conf.c.orig Wed May 10 23:38:08 1995
+--- conf.c Thu May 11 00:33:19 1995
+***************
+*** 169,174 ****
+--- 169,187 ----
+ #endif
+ cdev_decl(lkm);
+
++ /* open, close, read, ioctl */
++ cdev_decl(ipl);
++ #define cdev_gen_ipf(c,n) { \
++ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
++ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
++ (dev_type_stop((*))) nullop, 0, (dev_type_select((*))) enodev, \
++ (dev_type_mmap((*))) enodev, 0 }
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ struct cdevsw cdevsw[] =
+ {
+ cdev_cn_init(1,cn), /* 0: virtual console */
+***************
+*** 232,238 ****
+ cdev_notdef(), /* 56 */
+ cdev_notdef(), /* 57 */
+ cdev_disk_init(NCD,cd), /* 58 SCSI CD-ROM */
+! cdev_notdef(), /* 59 */
+ cdev_notdef(), /* 60 */
+ cdev_notdef(), /* 61 */
+ cdev_notdef(), /* 62 */
+--- 245,251 ----
+ cdev_notdef(), /* 56 */
+ cdev_notdef(), /* 57 */
+ cdev_disk_init(NCD,cd), /* 58 SCSI CD-ROM */
+! cdev_gen_ipf(NIPF,ipl), /* 59 */
+ cdev_notdef(), /* 60 */
+ cdev_notdef(), /* 61 */
+ cdev_notdef(), /* 62 */
diff --git a/4bsd/files.diffs b/4bsd/files.diffs
new file mode 100644
index 000000000000..a09b9c653c21
--- /dev/null
+++ b/4bsd/files.diffs
@@ -0,0 +1,23 @@
+*** files.orig Sat Apr 29 19:59:31 1995
+--- files Sun Apr 23 17:54:18 1995
+***************
+*** 180,185 ****
+--- 180,197 ----
+ netinet/tcp_timer.c optional inet
+ netinet/tcp_usrreq.c optional inet
+ netinet/udp_usrreq.c optional inet
++ netinet/ip_fil.c optional ipfilter requires inet
++ netinet/fil.c optional ipfilter requires inet
++ netinet/ip_nat.c optional ipfilter requires inet
++ netinet/ip_auth.c optional ipfilter requires inet
++ netinet/ip_frag.c optional ipfilter requires inet
++ netinet/ip_state.c optional ipfilter requires inet
++ netinet/ip_proxy.c optional ipfilter requires inet
++ netinet/ip_log.c optional ipfilter requires inet
++ netinet/ip_scan.c optional ipfilter requires inet
++ netinet/ip_sync.c optional ipfilter requires inet
++ netinet/ip_pool.c optional ipfilter_pool requires inet
++ netinet/ip_rules.c optional ipfilter_compiled requires ipfilter
+ netiso/clnp_debug.c optional iso
+ netiso/clnp_er.c optional iso
+ netiso/clnp_frag.c optional iso
diff --git a/4bsd/files.newconf.diffs b/4bsd/files.newconf.diffs
new file mode 100644
index 000000000000..e616cfd95de2
--- /dev/null
+++ b/4bsd/files.newconf.diffs
@@ -0,0 +1,23 @@
+*** files.newconf.orig Sat Apr 29 20:00:02 1995
+--- files.newconf Sun Apr 23 17:53:58 1995
+***************
+*** 222,227 ****
+--- 222,239 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter
++ file netinet/fil.c ipfilter
++ file netinet/ip_nat.c ipfilter
++ file netinet/ip_frag.c ipfilter
++ file netinet/ip_state.c ipfilter
++ file netinet/ip_auth.c ipfilter
++ file netinet/ip_proxy.c ipfilter
++ file netinet/ip_log.c ipfilter
++ file netinet/ip_scan.c ipfilter
++ file netinet/ip_sync.c ipfilter
++ file netinet/ip_pool.c ipfilter_pool
++ file netinet/ip_rules.c ipfilter_compiled
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/4bsd/files.oldconf.diffs b/4bsd/files.oldconf.diffs
new file mode 100644
index 000000000000..87614a76d489
--- /dev/null
+++ b/4bsd/files.oldconf.diffs
@@ -0,0 +1,23 @@
+*** files.oldconf.orig Sat Apr 29 19:59:31 1995
+--- files.oldconf Sun Apr 23 17:54:18 1995
+***************
+*** 180,185 ****
+--- 180,197 ----
+ netinet/tcp_timer.c optional inet
+ netinet/tcp_usrreq.c optional inet
+ netinet/udp_usrreq.c optional inet
++ netinet/ip_fil.c optional ipfilter requires inet
++ netinet/fil.c optional ipfilter requires inet
++ netinet/ip_nat.c optional ipfilter requires inet
++ netinet/ip_frag.c optional ipfilter requires inet
++ netinet/ip_state.c optional ipfilter requires inet
++ netinet/ip_proxy.c optional ipfilter requires inet
++ netinet/ip_log.c optional ipfilter requires inet
++ netinet/ip_auth.c optional ipfilter requires inet
++ netinet/ip_scan.c optional ipfilter requires inet
++ netinet/ip_sync.c optional ipfilter requires inet
++ netinet/ip_pool.c optional ipfilter_pool requires inet
++ netinet/ip_rules.c optional ipfilter_compiled requires ipfilter
+ netiso/clnp_debug.c optional iso
+ netiso/clnp_er.c optional iso
+ netiso/clnp_frag.c optional iso
diff --git a/4bsd/filez.diffs b/4bsd/filez.diffs
new file mode 100644
index 000000000000..de2453ac9c76
--- /dev/null
+++ b/4bsd/filez.diffs
@@ -0,0 +1,23 @@
+*** files.orig Sat Apr 29 20:00:02 1995
+--- files Sun Apr 23 17:53:58 1995
+***************
+*** 222,227 ****
+--- 222,239 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter
++ file netinet/fil.c ipfilter
++ file netinet/ip_nat.c ipfilter
++ file netinet/ip_frag.c ipfilter
++ file netinet/ip_state.c ipfilter
++ file netinet/ip_proxy.c ipfilter
++ file netinet/ip_auth.c ipfilter
++ file netinet/ip_log.c ipfilter
++ file netinet/ip_scan.c ipfilter
++ file netinet/ip_sync.c ipfilter
++ file netinet/ip_pool.c ipfilter_pool
++ file netinet/ip_rules.c ipfilter_compiled
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/4bsd/ip_input.c.diffs b/4bsd/ip_input.c.diffs
new file mode 100644
index 000000000000..37044d58971f
--- /dev/null
+++ b/4bsd/ip_input.c.diffs
@@ -0,0 +1,38 @@
+*** ip_input.c.orig Sun Apr 23 17:17:05 1995
+--- ip_input.c Sun Apr 23 17:30:03 1995
+***************
+*** 80,85 ****
+--- 80,90 ----
+ int ipqmaxlen = IFQ_MAXLEN;
+ struct in_ifaddr *in_ifaddr; /* first inet address */
+ struct ifqueue ipintrq;
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ #endif
+
+ /*
+ * We need to save the IP options in case a protocol wants to respond
+***************
+*** 225,231 ****
+--- 233,252 ----
+ m_adj(m, ip->ip_len - m->m_pkthdr.len);
+ }
+
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ /*
++ * Check if we want to allow this packet to be processed.
++ * Consider it to be bad if not.
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
++ goto next;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
++ /*
+ * Process options and, if not destined for us,
+ * ship it on. ip_dooptions returns 1 when an
+ * error was detected (causing an icmp message
diff --git a/4bsd/ip_output.c.diffs b/4bsd/ip_output.c.diffs
new file mode 100644
index 000000000000..4b0350a6d6ac
--- /dev/null
+++ b/4bsd/ip_output.c.diffs
@@ -0,0 +1,36 @@
+*** ip_output.c.orig Sun Apr 23 17:17:05 1995
+--- ip_output.c Sun Apr 23 17:32:11 1995
+***************
+*** 60,65 ****
+--- 60,69 ----
+ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+ static void ip_mloopback
+ __P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER_LKM) || defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ #endif
+
+ /*
+ * IP output. The packet in mbuf chain m contains a skeletal IP
+***************
+*** 277,282 ****
+--- 284,303 ----
+ } else
+ m->m_flags &= ~M_BCAST;
+
+ sendit:
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ /*
++ * looks like most checking has been done now...do a filter check
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
++ goto done;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * If small enough for interface, can just send directly.
diff --git a/4bsd/kinstall b/4bsd/kinstall
new file mode 100755
index 000000000000..5f97ca0cc240
--- /dev/null
+++ b/4bsd/kinstall
@@ -0,0 +1,55 @@
+#!/bin/csh -f
+#
+set dir=`pwd`
+set karch=`uname -m`
+set archdir="/sys/arch/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ *fil/4bsd ) cd ..
+if ($0 =~ *kinstall) then
+ echo "Installing ip_fil.c and ip_fil.h"
+ cp ip_fil.{c,h} /sys/netinet
+ echo "Patching $archdir/$karch/conf.c"
+ cat conf.c.diffs | (cd $archdir/$karch; patch)
+endif
+echo "Patching ip_input.c and ip_output.c"
+cat 4bsd/ip_{in,out}put.c.diffs | (cd /sys/netinet; patch)
+
+if ( -f /sys/conf/files.newconf ) then
+ echo "Patching /sys/conf/files.newconf"
+ cat 4bsd/files.newconf.diffs | (cd /sys/conf; patch)
+ echo "Patching /sys/conf/files"
+ cat 4bsd/files.diffs | (cd /sys/conf; patch)
+endif
+if ( -f /sys/conf/files.oldconf ) then
+ echo "Patching /sys/conf/files.oldconf"
+ cat 4bsd/files.oldconf.diffs | (cd /sys/conf; patch)
+ echo "Patching /sys/conf/files"
+ cat 4bsd/filez.diffs | (cd /sys/conf; patch)
+endif
+
+set config=`/bin/ls -1t $confdir [0-9A-Z_]* | head -1`
+
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+ set config="$confdir/$newconfig"
+else
+ set newconfig=$config
+endif
+echo "Re-config'ing $newconfig..."
+if ( -f $confdir/$newconfig ) then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/$newconfig ) then
+ mv $archdir/$newconfig $archdir/$newconfig.bak
+endif
+if ($0 =~ *kinstall) then
+ awk '{print $0;if($2=="INET"){print"options IPFILTER"}}}' \
+ $confdir/$newconfig.bak > $confdir/$newconfig
+else
+ awk '{print $0;if($2=="INET"){print"options IPFILTER_LKM"}}' \
+ $confdir/$newconfig.bak > $confdir/$newconfig
+endif
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/AIX/Makefile b/AIX/Makefile
new file mode 100644
index 000000000000..f48c3941bb24
--- /dev/null
+++ b/AIX/Makefile
@@ -0,0 +1,401 @@
+#
+# Copyright (C) 2012 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+BINDEST=/usr/sbin
+SBINDEST=/sbin
+MANDIR=/usr/share/man
+CC=cc
+CFLAGS=-g -I$(TOP)
+DEBUG=-O3
+#
+# For AIX 5.3
+#
+CPU=`uname -p`
+INC=-I/usr/include
+DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC)
+LKM=ipf
+DLKM=
+OBJ=.
+TOP=..
+HERE=AIX/$(OSREV)
+AIX=`uname -v`
+DEST=.
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "DEBUG=$(DEBUG)" "DCPU=$(CPU)" "CPUDIR=$(CPUDIR)" \
+ "LOOKUP=$(LOOKUP)" "XID=$(XID)" "SCAN=$(SCAN)" "ALLOPTS=$(ALLOPTS)"
+LIBS=-q$(BITS) -L. -lipf
+CCARGS=$(DEBUG) $(CFLAGS) -I. -DAIX=$(AIX) -q$(BITS)
+EXTRA=$(ALLOPTS)
+MILLI=`../bootbits.sh`
+FIXMILLI=-D_H_STRING=1 -Dbzero=bzero$(MILLI) \
+-Dmemcmp=memcmp$(MILLI) \
+-Dmemcpy=memcpy$(MILLI) \
+-Dmemccpy=memccpy$(MILLI) \
+-Dmemset=memset$(MILLI) \
+-Dmemmove=memmove$(MILLI) \
+-Dfill=fill$(MILLI) \
+-Dstrstr=strstr$(MILLI)
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+CP=/bin/cp
+RM=/bin/rm
+CHMOD=/bin/chmod
+INSTALL=$(TOP)/bsdinstall
+#
+MODOBJS=ip_fil.o fil.o md5.o ip_nat.o ip_frag.o ip_state.o ip_nat6.o \
+ ip_proxy.o ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o \
+ ip_sync.o ip_scan.o ip_rules.o
+DFLAGS=$(DEBUG) -DAIX=$(AIX) $(IPFLKM) $(IPFLOG) $(DEF) $(CFLAGS) $(DLKM) \
+ $(FIXMILLI) $(IPFBPF) $(LOOKUP) $(XID) -I.
+IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
+IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_nat6_u.o \
+ ip_proxy_u.o ip_auth_u.o ip_fil_u.o ip_sync_u.o ip_scan_u.o \
+ ip_log_u.o ip_pool_u.o ip_htable_u.o ip_lookup_u.o ip_rules_u.o \
+ ipf_y.o ipf_l.o ipnat_y.o ipnat_l.o ippool_y.o ippool_l.o \
+ md5_u.o radix_ipf_u.o
+IPNAT=ipnat.o ipnat_y.o ipnat_l.o
+IPMON=ipmon.o ipmon_y.o ipmon_l.o
+IPPOOL=ippool_y.o ippool_l.o kmem.o ippool.o
+FILS=ipfstat.o
+LIBSRC=$(TOP)/lib
+RANLIB=ranlib
+AROPTS=-X $(BITS) crs
+TOOL=$(TOP)/tools
+
+include $(TOP)/lib/Makefile
+
+build all: ./libipf.a ipf.exe ipfs ipfstat ipftest ipmon \
+ ipnat ippool ipscan ipsyncm ipsyncs cfg_ipf $(LKM)
+ -sh -c 'for i in ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
+ -ln -s `pwd`/ipf.exe $(TOP)/ipf
+
+ipfstat: $(FILS) ./libipf.a
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) $(FILS) \
+ -o $@ $(LIBS) $(STATETOP_LIB)
+
+ipf.exe: $(IPF) ./libipf.a
+ $(CC) $(CCARGS) $(IPF) -o $@ $(LIBS) $(LIBBPF)
+
+ipftest: $(IPT) ./libipf.a
+ $(CC) $(CCARGS) $(IPT) -o $@ $(LIBS) $(LIBBPF)
+
+ipnat: $(IPNAT) ./libipf.a
+ $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS)
+
+ipfs: ipfs.o ./libipf.a
+ $(CC) $(CCARGS) ipfs.o -o $@ $(LIBS)
+
+ipsyncm: ipsyncm.o ./libipf.a
+ $(CC) $(CCARGS) ipsyncm.o -o $@ $(LIBS)
+
+ipsyncs: ipsyncs.o ./libipf.a
+ $(CC) $(CCARGS) ipsyncs.o -o $@ $(LIBS)
+
+ipsyncm.o: $(TOOL)/ipsyncm.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncm.c -o $@
+
+ipsyncs.o: $(TOOL)/ipsyncs.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncs.c -o $@
+
+tests:
+ (cd test; make )
+
+ipfstat.o: $(TOOL)/ipfstat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_frag.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_state.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
+ -c $(TOOL)/ipfstat.c -o $@
+
+ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \
+ $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfs.c -o $@
+
+fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) $(FIXRADIX) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipf.c -o $@
+
+ipf_y.o: ipf_y.c ipf_y.h $(TOP)/ipf.h ipf_l.h
+ $(CC) $(CCARGS) $(IPFBPF) -c ipf_y.c -o $@
+
+ipf_l.o: ipf_l.c ipf_y.h $(TOP)/ipf.h ipf_l.h
+ $(CC) $(CCARGS) -I. -c ipf_l.c -o $@
+
+ipf_y.h ipf_y.c: $(TOOL)/ipf_y.y $(TOP)/ip_pool.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipf_l.c ipf_l.h: $(TOOL)/lexer.c $(TOP)/ipf.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipfcomp.o: $(TOOL)/ipfcomp.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfcomp.c -o $@
+
+ipftest.o: $(TOOL)/ipftest.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipftest.c -o $@
+
+ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
+
+ipnat_y.o: ipnat_y.c ipnat_y.h $(TOP)/ip_fil.h $(TOP)/ip_compat.h \
+ $(TOP)/ipf.h $(TOP)/ip_nat.h ipnat_l.h
+ $(CC) $(CCARGS) -c ipnat_y.c -o $@
+
+ipnat_l.o: ipnat_l.c ipnat_y.h $(TOP)/ip_fil.h $(TOP)/ip_compat.h \
+ $(TOP)/ipf.h $(TOP)/ip_nat.h ipnat_l.h
+ $(CC) $(CCARGS) -I. -c ipnat_l.c -o $@
+
+ipnat_y.h ipnat_y.c: $(TOOL)/ipnat_y.y $(TOP)/ip_nat.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipnat_l.c ipnat_l.h: $(TOOL)/lexer.c $(TOP)/ip_nat.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ip_rules.c: $(TOP)/rules/ip_rules $(TOP)/tools/ipfcomp.c ipf.exe
+ ./ipf.exe -cc -nf $(TOP)/rules/ip_rules
+
+$(TOP)/ip_rules.h: ip_rules.c
+ if [ ! -f $(TOP)/ip_rules.h ] ; then \
+ /bin/mv -f ip_rules.h $(TOP); \
+ else \
+ touch $(TOP)/ip_rules.h; \
+ fi
+
+ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat.c -o $@
+
+ip_nat6_u.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat6.c -o $@
+
+ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_proxy.c -o $@
+
+ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_frag.c -o $@
+
+ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_state.c -o $@
+
+ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_auth.c -o $@
+
+ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) $(FIXRADIX) -c $(TOP)/ip_fil.c -o $@
+
+ip_scan_u.o: $(TOP)/ip_scan.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_scan.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync_u.o: $(TOP)/ip_sync.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_sync.c -o $@
+
+ip_rules_u.o: ip_rules.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_rules.h
+ $(CC) $(CCARGS) $(EXTRA) -c ip_rules.c -o $@
+
+ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_log.c -o $@
+
+ip_pool_u.o: $(TOP)/ip_pool.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_pool.c -o $@
+
+ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_htable.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_htable.c -o $@
+
+ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_lookup.c -o $@
+
+bpf_filter_u.o: $(TOP)/bpf_filter.c $(TOP)/pcap-ipf.h $(TOP)/bpf-ipf.h
+ $(CC) $(CCARGS) -c $(TOP)/bpf_filter.c -o $@
+
+md5_u.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(CCARGS) -c $(TOP)/md5.c -o $@
+
+radix_ipf_u.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) -c $(TOP)/radix_ipf.c -o $@
+
+cfg_ipf: cfg_ipf.o
+# ld -o cfg_ipf cfg_ipf.o -L/usr/lib/ia64l32 -L/usr/ccs/lib/ia64l32 \
+# -lodm -lrts -lcfg
+ $(CC) $(CCARGS) -o cfg_ipf cfg_ipf.o -lodm -lrts -lcfg
+
+cfg_ipf.o: ../aix_cfg_ipf.c
+ $(CC) -D_ALL_SOURCE -D_KERNEL $(CCARGS) -c ../aix_cfg_ipf.c -o $@
+
+$(LKM): $(MODOBJS) ../ipfkext.exp /lib/kernex.exp /lib/syscalls.exp
+ ld -G -eipfconfig -bimport:/lib/syscalls.exp -bimport:/lib/kernex.exp \
+ -bimport:/lib/kernex.exp -bimport:/lib/netinet.exp \
+ -bimport:/lib/statcmd.exp \
+ -lcsys -lsys -bexport:../ipfkext.exp -bmap:ipfkext.map \
+ $(MODOBJS) -o $(LKM)32
+ /bin/rm -f $(LKM)
+ ar -X $(BITS) cq $(LKM) $(LKM)32
+
+fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h $(TOP)/ipl.h
+ $(CC) $(POLICY) $(DFLAGS) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
+
+ip_nat6.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_nat6.c -o $@
+
+ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
+
+ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(DFLAGS) -DIPSTATE_SIZE=127 -c $(TOP)/ip_state.c -o $@
+
+ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_nat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@
+
+ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@
+
+ip_fil.o: $(TOP)/ip_fil_aix.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h
+ $(CC) $(DFLAGS) $(COMPIPF) -c $(TOP)/ip_fil_aix.c -o $@
+
+ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
+
+ip_scan.o: $(TOP)/ip_scan.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_scan.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync.o: $(TOP)/ip_sync.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_sync.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_sync.c -o $@
+
+radix_ipf.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) $(DFLAGS) -c $(TOP)/radix_ipf.c -o $@
+
+ip_pool.o: $(TOP)/ip_pool.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_pool.h $(TOP)/radix_ipf.h
+ $(CC) $(DFLAGS) $(FIXRADIX) -c $(TOP)/ip_pool.c -o $@
+
+ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_htable.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
+
+ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_lookup.h
+ $(CC) $(DFLAGS) $(FIXRADIX) -c $(TOP)/ip_lookup.c -o $@
+
+ip_rules.o: ip_rules.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_rules.h
+ $(CC) -I. $(DFLAGS) -c ip_rules.c -o $@
+
+ip_rulesx.o: ip_rules.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_rules.h
+ $(CC) -I. -DIPFILTER_COMPILED $(DFLAGS) -c ip_rules.c -o $@
+
+#aix.o: $(TOP)/aix.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+# $(CC) $(DFLAGS) -c $(TOP)/aix.c -o $@
+
+md5.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(DFLAGS) -c $(TOP)/md5.c -o $@
+
+ipmon: $(IPMON) ./libipf.a
+ $(CC) $(CCARGS) $(LOGFAC) $(IPMON) -o $@ $(LIBS) -ll
+
+ipmon.o: $(TOOL)/ipmon.c $(TOP)/ipmon.h
+ $(CC) $(CCARGS) $(LOGFAC) -c $(TOOL)/ipmon.c -o $@
+
+ipmon_y.o: ipmon_y.c ipmon_y.h $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -c ipmon_y.c -o $@
+
+ipmon_l.o: ipmon_l.c ipmon_y.h $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -I. -c ipmon_l.c -o $@
+
+ipmon_y.h ipmon_y.c: $(TOOL)/ipmon_y.y $(TOP)/ipmon.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipmon_l.c ipmon_l.h: $(TOOL)/lexer.c $(TOP)/ipmon.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan: ipscan_y.o ipscan_l.o
+ $(CC) $(DEBUG) ipscan_y.o ipscan_l.o -o $@ -ll $(LIBS)
+
+ipscan_y.o: ipscan_y.c ipscan_y.h $(TOP)/ip_scan.h ipscan_l.h
+ $(CC) $(CCARGS) -c ipscan_y.c -o $@
+
+ipscan_l.o: ipscan_l.c ipscan_y.h $(TOP)/ip_scan.h ipscan_l.h
+ $(CC) $(CCARGS) -I. -c ipscan_l.c -o $@
+
+ipscan_y.h ipscan_y.c: $(TOOL)/ipscan_y.y $(TOP)/ip_scan.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan_l.c ipscan_l.h: $(TOOL)/lexer.c $(TOP)/ip_scan.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ippool: $(IPPOOL)
+ $(CC) $(DEBUG) -I. $(CFLAGS) $(IPPOOL) -o $@ $(LIBS) -ll
+
+ippool.o: $(TOOL)/ippool.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@
+
+ippool_y.o: ippool_y.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -c ippool_y.c -o $@
+
+ippool_l.o: ippool_l.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -I. -c ippool_l.c -o $@
+
+ippool_y.h ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ippool_l.c ippool_l.h: $(TOOL)/lexer.c $(TOP)/ip_pool.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+.y.c:
+
+.l.c:
+
+clean:
+ ${RM} -f ../ipf.exe ../ipnat ../ipmon ../ippool ../ipftest
+ ${RM} -f ../ipscan ../ipsyncm ../ipsyncs cfg_ipf
+ ${RM} -f *.core *.o *.a *.o.d
+ ${RM} -f fils ipf.exe ipfstat ipftest ipmon if_ipl ipnat
+ ${RM} -f $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h
+ ${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
+ ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
+ ${RM} -f ippool ippool_y.c ippool_y.h ippool_l.c ippool_l.h
+ ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h
+ ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h
+ ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c y.tab.? lex.yy.c ipfs
+ ${RM} -f ipsyncm ipsyncs ip_rules.c ip_rules.h
+
+ ${MAKE} -f Makefile.ipsend ${MFLAGS} clean
+ -(for i in *; do \
+ if [ -d $${i} -a -f $${i}/Makefile ] ; then \
+ cd $${i}; (make TOP=../.. clean); cd ..; \
+ rm $${i}/Makefile $${i}/Makefile.ipsend; \
+ rmdir $${i}; \
+ fi \
+ done)
+
+install:
+ cp cfg_ipf /usr/lib/methods
+ cp $(LKM) /usr/lib/drivers/ipf
+ -for i in ipfs ipnat ipscan ipfstat; do \
+ $(INSTALL) -s -c -g system -m 755 -o root $$i $(SBINDEST); \
+ done
+ $(INSTALL) -s -c -g system -m 755 -o root ipf.exe $(SBINDEST)/ipf
+ -for i in ipmon ipftest ipsyncs ipsyncm; do \
+ $(INSTALL) -s -c -g system -m 755 -o root $$i $(BINDEST); \
+ done
+ (cd $(TOP)/man; make INSTALL=../bsdinstall MANDIR=$(MANDIR) install; cd $(TOP))
+ sync
diff --git a/AIX/Makefile.ipsend b/AIX/Makefile.ipsend
new file mode 100644
index 000000000000..c7950120c01f
--- /dev/null
+++ b/AIX/Makefile.ipsend
@@ -0,0 +1,78 @@
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ "CC=$(CC)" "CFLAGS=$(CFLAGS)" "DEBUG=$(DEBUG)" \
+ "IPFLKM=$(IPFLKM)" "IPFLOG=$(IPFLOG)" \
+ "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" "LOOKUP=$(LOOKUP)"
+FIXRADIX=-Dradix_node=ipf_radix_node -Dradix_node_head=ipf_radix_node_head
+OBJS=ipsend.o ip.o ipsopt.o iplang_y.o iplang_l.o
+IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o
+ROBJS=ipresend.o ip.o resend.o
+TOBJS=iptest.o iptests.o ip.o
+UNIXOBJS=dlcommon.o sbpf.o arp.o sock.o
+OBJ=.
+LIBS=-L$(OBJ) -lipf
+
+CC=cc
+CFLAGS=-g -I$(TOP)
+CCARGS=$(DEBUG) $(CFLAGS) -I.
+
+all nit sunos4 sunos4-nit build : ipsend ipresend iptest
+
+iplang_y.o: $(TOP)/iplang/iplang_y.y
+ (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../AIX/$(OSREV)' )
+
+iplang_l.o: $(TOP)/iplang/iplang_l.l
+ (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../AIX/$(OSREV)' )
+
+.c.o:
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/$< -o $@
+
+ipsend: $(OBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll
+
+ipresend: $(ROBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+iptest: $(TOBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+clean:
+ rm -rf *.o core a.out ipsend ipresend iptest iplang_y.* iplang_l.*
+
+ipsend.o: $(TOP)/ipsend/ipsend.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ipsend.c -o $@
+ipsopt.o: $(TOP)/ipsend/ipsopt.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ipsopt.c -o $@
+ipresend.o: $(TOP)/ipsend/ipresend.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ipresend.c -o $@
+ip.o: $(TOP)/ipsend/ip.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ip.c -o $@
+resend.o: $(TOP)/ipsend/resend.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/resend.c -o $@
+ipft_sn.o: $(TOP)/ipft_sn.c
+ $(CC) $(CCARGS) -c $(TOP)/ipft_sn.c -o $@
+ipft_pc.o: $(TOP)/ipft_pc.c
+ $(CC) $(CCARGS) -c $(TOP)/ipft_pc.c -o $@
+iptest.o: $(TOP)/ipsend/iptest.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/iptest.c -o $@
+iptests.o: $(TOP)/ipsend/iptests.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/iptests.c -o $@
+sbpf.o: $(TOP)/ipsend/sbpf.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/sbpf.c -o $@
+snit.o: $(TOP)/ipsend/snit.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/snit.c -o $@
+sock.o: $(TOP)/ipsend/sock.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/sock.c -o $@
+arp.o: $(TOP)/ipsend/arp.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/arp.c -o $@
+44arp.o: $(TOP)/ipsend/44arp.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/44arp.c -o $@
+lsock.o: $(TOP)/ipsend/lsock.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/lsock.c -o $@
+slinux.o: $(TOP)/ipsend/slinux.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/slinux.c -o $@
+larp.o: $(TOP)/ipsend/larp.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/larp.c -o $@
+dlcommon.o: $(TOP)/ipsend/dlcommon.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/dlcommon.c -o $@
+sdlpi.o: $(TOP)/ipsend/sdlpi.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/sdlpi.c -o $@
diff --git a/AIX/aix_cfg_ipf.c b/AIX/aix_cfg_ipf.c
new file mode 100644
index 000000000000..26807fa62990
--- /dev/null
+++ b/AIX/aix_cfg_ipf.c
@@ -0,0 +1,257 @@
+/*
+ * Copyright (C) 2012 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * $Id$
+ */
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/file.h>
+#include <sys/ldr.h>
+/*
+ * This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD.
+ * Needed here because on some systems <sys/uio.h> gets included by things
+ * like <sys/socket.h>
+ */
+#include <sys/uio.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <net/if.h>
+#define _TCP_DEBUG_H_
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "netinet/ip_compat.h"
+#include "netinet/ip_fil.h"
+
+#ifndef __P
+# ifdef __STDC__
+# define __P(x) x
+# else
+# define __P(x) ()
+# endif
+#endif
+#ifndef __STDC__
+# undef const
+# define const
+#endif
+
+/*
+ * AIX requires a specific configure/unconfigure program
+ */
+#undef ASSERT
+#include <sys/device.h>
+#include <sys/sysconfig.h>
+
+void loadipf __P((int major, int minor, dev_t devno, char *));
+void unloadipf __P((int major, int minor, dev_t devno));
+void queryipf __P((int major, int minor, dev_t devno));
+int checkarg __P((int, char *arg));
+void usage __P((char *));
+
+static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
+ IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
+ IPLOOKUP_NAME, NULL };
+
+int
+main(int argc, char *argv[])
+{
+ int major, minor, action;
+ dev_t devno;
+
+ action = checkarg(argc, argv[1]);
+ if (action == -1)
+ usage(argv[0]);
+
+ if (odm_initialize() == -1) {
+ fprintf(stderr, "odm_initialize() failed\n");
+ exit(1);
+ }
+
+ major = genmajor("ipf");
+ if (major == -1) {
+ fprintf(stderr, "genmajor(ipf) failed\n");
+ exit(1);
+ }
+ minor = 0;
+
+ devno = makedev(major, minor);
+ if (devno == -1) {
+ fprintf(stderr, "makedev(%d,%d) failed\n", major, minor);
+ exit(1);
+ }
+ printf("Major %d\ndevno %x\n", major, devno);
+
+ switch (action)
+ {
+ case 1 :
+ loadipf(major, minor, devno, argv[2]);
+ break;
+ case 2 :
+ unloadipf(major, minor, devno);
+ break;
+ case 3 :
+ queryipf(major, minor, devno);
+ break;
+ }
+
+ odm_terminate();
+
+ return 0;
+}
+
+
+void usage(char *prog)
+{
+ fprintf(stderr, "Usage:\t%s -l\n\t%s -u\n\t%s -q\n",
+ prog, prog, prog);
+ exit(1);
+}
+
+
+int checkarg(int argc, char *arg)
+{
+ if (argc < 2)
+ return -1;
+
+ if (!strcmp(arg, "-l") && (argc <= 3))
+ return 1;
+
+ if (!strcmp(arg, "-u") && (argc == 2))
+ return 2;
+
+ if (!strcmp(arg, "-q") && (argc == 2))
+ return 3;
+
+ return -1;
+}
+
+
+void
+loadipf(int major, int minor, dev_t devno, char *path)
+{
+ struct cfg_dd ipfcfg;
+ struct cfg_load cfg;
+ char *buffer[1024];
+ char *ipfpath;
+ int i;
+
+ bzero(buffer, sizeof(buffer));
+ if (path != NULL)
+ ipfpath = path;
+ else
+ ipfpath = "/usr/lib/drivers/ipf";
+
+#if 0
+ bzero((char *)&cfg, sizeof(cfg));
+ cfg.path = ipfpath;
+ cfg.libpath = "/usr/lib/drivers/";
+ sysconfig(SYS_SINGLELOAD, &cfg, sizeof(cfg));
+ ipfcfg.kmid = cfg.kmid;
+#else
+ ipfcfg.kmid = (mid_t)loadext(ipfpath, TRUE, TRUE);
+#endif
+ if (ipfcfg.kmid == (mid_t)NULL)
+ {
+ perror("loadext");
+ buffer[0] = "execerror";
+ buffer[1] = "ipf";
+ loadquery(1, &buffer[2], sizeof(buffer) - sizeof(*buffer)*2);
+ execvp("/usr/sbin/execerror", buffer);
+ exit(errno);
+ }
+
+ ipfcfg.devno = devno;
+ ipfcfg.cmd = CFG_INIT;
+ ipfcfg.ddsptr = (caddr_t)NULL;
+ ipfcfg.ddslen = 0;
+
+ if (sysconfig(SYS_CFGDD, &ipfcfg, sizeof(ipfcfg)) == -1) {
+ perror("sysconifg(SYS_CFGDD)");
+ exit(errno);
+ }
+
+ for (i = 0; ipf_devfiles[i] != NULL; i++) {
+ unlink(ipf_devfiles[i]);
+ if (mknod(ipf_devfiles[i], 0600 | _S_IFCHR, devno) == -1) {
+ perror("mknod(devfile)");
+ exit(errno);
+ }
+ }
+}
+
+
+void
+unloadipf(int major, int minor, dev_t devno)
+{
+ struct cfg_dd ipfcfg;
+ struct cfg_load cfg;
+ int i;
+
+ cfg.path = "/usr/lib/drivers/ipf";
+ cfg.kmid = 0;
+ if (sysconfig(SYS_QUERYLOAD, &cfg, sizeof(cfg)) == -1) {
+ perror("sysconfig(SYS_QUERYLOAD)");
+ exit(errno);
+ }
+
+ ipfcfg.kmid = cfg.kmid;
+ ipfcfg.devno = devno;
+ ipfcfg.cmd = CFG_TERM;
+ if (sysconfig(SYS_CFGDD, &ipfcfg, sizeof(ipfcfg)) == -1) {
+ perror("sysconfig(SYS_CFGDD)");
+ exit(errno);
+ }
+
+ for (i = 0; ipf_devfiles[i] != NULL; i++) {
+ unlink(ipf_devfiles[i]);
+ }
+
+ if (loadext("ipf", FALSE, FALSE) == NULL) {
+ perror("loadext");
+ exit(errno);
+ }
+}
+
+
+void
+queryipf(int major, int minor, dev_t devno)
+{
+ struct cfg_dd ipfcfg;
+ struct cfg_load cfg;
+ int i;
+
+ cfg.path = "/usr/lib/drivers/ipf";
+ cfg.kmid = 0;
+ if (sysconfig(SYS_QUERYLOAD, &cfg, sizeof(cfg)) == -1) {
+ perror("sysconfig(SYS_QUERYLOAD)");
+ exit(errno);
+ }
+
+ printf("Kernel module ID: %d\n", cfg.kmid);
+
+ ipfcfg.kmid = cfg.kmid;
+ ipfcfg.devno = devno;
+ ipfcfg.cmd = CFG_QVPD;
+ if (sysconfig(SYS_CFGDD, &ipfcfg, sizeof(ipfcfg)) == -1) {
+ perror("sysconfig(SYS_CFGDD)");
+ exit(errno);
+ }
+}
+
diff --git a/AIX/bootbits.sh b/AIX/bootbits.sh
new file mode 100755
index 000000000000..245a4582a688
--- /dev/null
+++ b/AIX/bootbits.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+case `file /unix 2>/dev/null` in
+*64*)
+ bits=64
+ ;;
+*)
+ bits=32
+ ;;
+esac
+
+case $1 in
+milli)
+ if [ $bits = 64 ] ; then
+ echo 64
+ fi
+ ;;
+*)
+ echo $bits
+ ;;
+esac
+exit 0
diff --git a/AIX/cpurev b/AIX/cpurev
new file mode 100755
index 000000000000..aa5837572fc2
--- /dev/null
+++ b/AIX/cpurev
@@ -0,0 +1,6 @@
+#!/bin/sh
+rev=`uname -r`
+build=`uname -v`
+model=`uname -M`
+echo $rev.$build.$model
+exit 0
diff --git a/AIX/ipfkext.exp b/AIX/ipfkext.exp
new file mode 100644
index 000000000000..66a9f6c7c448
--- /dev/null
+++ b/AIX/ipfkext.exp
@@ -0,0 +1,2 @@
+#!/unix
+* export values from ipfkext
diff --git a/FWTK/FWTK.sed b/AIX/ipfkext.map
index e69de29bb2d1..e69de29bb2d1 100644
--- a/FWTK/FWTK.sed
+++ b/AIX/ipfkext.map
diff --git a/BNF b/BNF
index 404cc281fccf..ef35d25e9f8a 100644
--- a/BNF
+++ b/BNF
@@ -67,7 +67,7 @@ facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
"audit" | "logalert" | "local0" | "local1" | "local2" |
"local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
- "info" | "debug" .
+ "info" | "debug" .
hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .
diff --git a/BSD/.cvsignore b/BSD/.cvsignore
deleted file mode 100644
index c149a0043f45..000000000000
--- a/BSD/.cvsignore
+++ /dev/null
@@ -1,22 +0,0 @@
-ipf
-ipfs
-ipfstat
-ipftest
-ipmon
-ipnat
-ipresend
-ipsend
-iptest
-vnode_if.h
-if_ipl
-i386
-amiga
-FreeBSD*
-BSDOS*
-NetBSD*
-OpenBSD*
-*_lex_var.h
-*_y.c
-*_l.c
-*_y.h
-ip_rules.*
diff --git a/BSD/Makefile b/BSD/Makefile
index fe8a4d4e567f..4f2c2b9dcd41 100644
--- a/BSD/Makefile
+++ b/BSD/Makefile
@@ -1,9 +1,8 @@
#
-# Copyright (C) 1993-1998 by Darren Reed.
+# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
-TOP=../..
BINDEST=/usr/sbin
SBINDEST=/sbin
MANDIR=/usr/share/man
@@ -17,13 +16,14 @@ CFLAGS=-g -I$(TOP)
#
DEVFS!=/usr/bin/lsvfs 2>&1 | sed -n 's/.*devfs.*/-DDEVFS/p'
CPU!=uname -m
-INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch
+COMPDIR!=/bin/ls -1tr /usr/src/sys/arch/${CPU}/compile | tail -1
+INC=-I/usr/include -I/sys -I/sys/sys -I/sys/arch -I/usr/src/sys/arch/${CPU}/compile/${COMPDIR}
DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEVFS) -fno-builtin
IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST
VNODESHDIR=/sys/kern
MLD=$(ML)
ML=mln_ipl.c
-LKM=if_ipl.o
+LKM=ipflkm.o
LKMR=ipfrule.o
DLKM=
OBJ=.
@@ -44,15 +44,15 @@ INSTALL=install
#
MODOBJS=ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o ip_rules.o \
- ip_scan.o ip_sync.o
+ ip_scan.o ip_sync.o ip_nat6.o ip_dstlist.o radix_ipf.o
# ip_trafcon.o
DFLAGS=$(IPFLKM) $(IPFLOG) $(LOOKUP) $(SYNC) $(DEF) $(DLKM) $(IPFBPF)
-IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o bpf_filter_u.o
-IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o \
+IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
+IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_nat6_u.o \
ip_proxy_u.o ip_auth_u.o ip_htable_u.o ip_lookup_u.o ip_pool_u.o \
ip_scan_u.o ip_sync_u.o ip_rules_u.o ip_fil_u.o ip_log_u.o \
ippool_y.o ippool_l.o ipf_y.o ipf_l.o ipnat_y.o ipnat_l.o \
- md5_u.o radix_u.o bpf_filter_u.o
+ md5_u.o radix_ipf_u.o ip_dstlist_u.o
# ip_syn_u.o
#ip_trafcon_u.o
TOOL=$(TOP)/tools
@@ -60,9 +60,9 @@ IPNAT=ipnat.o ipnat_y.o ipnat_l.o
IPMON=ipmon.o ipmon_y.o ipmon_l.o
IPPOOL=ippool_y.o ippool_l.o kmem.o ippool.o
IPTRAFCON=iptrafcon.o
-PROXYLIST=$(TOP)/ip_ftp_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_irc_pxy.c \
- $(TOP)/ip_netbios_pxy.c $(TOP)/ip_raudio_pxy.c $(TOP)/ip_rcmd_pxy.c \
- $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_pptp_pxy.c
+PROXYLIST=$(TOP)/ip_dns_pxy.c $(TOP)/ip_ftp_pxy.c $(TOP)/ip_ipsec_pxy.c \
+ $(TOP)/ip_irc_pxy.c $(TOP)/ip_netbios_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_pptp_pxy.c
FILS=ipfstat.o
LIBSRC=$(TOP)/lib
RANLIB=ranlib
@@ -70,6 +70,11 @@ AROPTS=cq
HERE!=pwd
CCARGS=-I. $(DEBUG) $(CFLAGS) $(UFLAGS)
KCARGS=-I. $(DEBUG) $(CFLAGS)
+.if ${MACHINE_ARCH} == amd64
+KCARGS+=-mcmodel=kernel -mno-red-zone -fno-omit-frame-pointer \
+ -mfpmath=387 -mno-sse -mno-sse2 -mno-mmx -mno-3dnow \
+ -msoft-float -fno-asynchronous-unwind-tables
+.endif
#
# Extra is option kernel things we always want in user space.
#
@@ -77,9 +82,11 @@ EXTRA=$(ALLOPTS)
include $(TOP)/lib/Makefile
-build all: machine $(OBJ)/libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \
- ippool ipscan ipsyncm ipsyncs $(LKM) $(LKMR)
- -sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
+build all: machine $(OBJ)/libipf.a tools $(LKM) $(LKMR)
+
+tools: ipf ipfs ipfstat ipftest ipmon ipnat ippool ipscan ipsyncm \
+ ipsyncs ipfsyncd
+ -sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs ipfsyncd; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
-/bin/rm -f ../tools ./tools
-ln -s ../tools .
-ln -s ../tools ..
@@ -122,12 +129,18 @@ ipsyncm: ipsyncm.o $(OBJ)/libipf.a
ipsyncs: ipsyncs.o $(OBJ)/libipf.a
$(CC) $(CCARGS) ipsyncs.o -o $@ $(LIBS)
+ipfsyncd: ipfsyncd.o $(OBJ)/libipf.a
+ $(CC) $(CCARGS) ipfsyncd.o -o $@ $(LIBS)
+
ipsyncm.o: $(TOOL)/ipsyncm.c $(TOP)/ip_sync.h
$(CC) $(CCARGS) -c $(TOOL)/ipsyncm.c -o $@
ipsyncs.o: $(TOOL)/ipsyncs.c $(TOP)/ip_sync.h
$(CC) $(CCARGS) -c $(TOOL)/ipsyncs.c -o $@
+ipfsyncd.o: $(TOOL)/ipfsyncd.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfsyncd.c -o $@
+
tests:
(cd test; make )
@@ -146,7 +159,7 @@ fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ipl.h \
$(TOP)/ip_rules.h
- $(CC) $(KCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) $(COMPIPF) \
+ $(CC) $(KCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) $(COMPIPF) $(COMPATIPF) \
-c $(TOP)/fil.c -o $@
ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/opts.h
@@ -163,7 +176,7 @@ ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h \
$(TOP)/opts.h
$(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
-ipnat_y.o: ipnat_y.c ipnat_y.h ipnat_l.h
+ipnat_y.o: ipnat_y.c ipnat_y.h ipnat_l.h $(TOP)/ip_fil.h $(TOP)/ip_nat.h
$(CC) $(CCARGS) -c ipnat_y.c -o $@
ipnat_l.o: ipnat_l.c ipnat_y.h
@@ -183,6 +196,9 @@ ipnat_l.h: $(TOOL)/lexer.h
ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat.c -o $@
+ip_nat6_u.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat6.c -o $@
+
ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
$(TOP)/ip_fil.h $(PROXYLIST) $(TOP)/ip_nat.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_proxy.c -o $@
@@ -222,8 +238,13 @@ ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_htable.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_htable.c -o $@
+ip_dstlist_u.o: $(TOP)/ip_dstlist.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_dstlist.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_dstlist.c -o $@
+
ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
- $(TOP)/ip_lookup.h $(TOP)/ip_pool.h $(TOP)/ip_htable.h
+ $(TOP)/ip_lookup.h $(TOP)/ip_pool.h $(TOP)/ip_htable.h \
+ $(TOP)/ip_dstlist.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_lookup.c -o $@
ip_trafcon_u.o: $(TOP)/ip_trafcon.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
@@ -236,19 +257,28 @@ ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
md5_u.o: $(TOP)/md5.c $(TOP)/md5.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/md5.c -o $@
-radix_u.o: $(TOP)/md5.c $(TOP)/radix_ipf.h
- $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix.c -o $@
+radix_ipf_u.o: $(TOP)/md5.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix_ipf.c -o $@
bpf_filter_u.o: $(TOP)/bpf_filter.c $(TOP)/pcap-ipf.h
$(CC) $(CCARGS) $(EXTRA) -c $(TOP)/bpf_filter.c -o $@
-if_ipl.o: $(MODOBJS)
+ipflkm.o: $(MODOBJS)
ld -r $(MODOBJS) -o $(LKM)
- ${RM} -f if_ipl
+ ${RM} -f ipflkm
ipfrule.ko.5: ip_rulesx.o $(MLR)
+.if ${MACHINE_ARCH} != amd64
ld -warn-common -r -d -o $(.TARGET:S/.ko/.kld/) ip_rulesx.o $(MLR)
- ld -Bshareable -d -warn-common -o $(LKMR:S/.5$//) $(.TARGET:S/.ko/.kld/)
+ ld -Bshareable -d -warn-common -o $(LKMR:S/.5$//) $(.TARGET:S/.ko/.kld/)
+.else
+ ld -warn-common -r -d -o $(.TARGET:S/.5$//) ip_rulesx.o $(MLR)
+ nm -g $(.TARGET:S/.5$//) | \
+ awk '/^[^[:space:]]+ [^AU] (.*)$$/ { print ($$2=="C" ? "-N" : "-L") $$3 }' | \
+ xargs -J% objcopy % $(.TARGET:S/.5$//)
+
+.endif
+
ipfrule.ko: ip_rulesx.o $(MLR)
gensetdefs ip_rulesx.o $(MLR)
$(CC) $(KCARGS) -c setdef0.c
@@ -256,10 +286,17 @@ ipfrule.ko: ip_rulesx.o $(MLR)
ld -Bshareable -o $@ setdef0.o ip_rulesx.o $(MLR) setdef1.o
ipf.ko.5 ipl.ko.5: $(MODOBJS)
+.if ${MACHINE_ARCH} != amd64
ld -warn-common -r -d -o $(.TARGET:S/.ko/.kld/) $(MODOBJS)
ld -Bshareable -d -warn-common -o $(LKM:S/.5$//) $(.TARGET:S/.ko/.kld/)
-
-ipf.ko ipl.ko: $(MODOBJS)
+.else
+ ld -warn-common -r -d -o $(.TARGET:S/.5$//) $(MODOBJS)
+ nm -g $(.TARGET:S/.5$//) | \
+ awk '/^[^[:space:]]+ [^AU] (.*)$$/ { print ($$2=="C" ? "-N" : "-L") $$3 }' | \
+ xargs -J% objcopy % $(.TARGET:S/.5$//)
+.endif
+
+ipf.ko ipl.ko: $(MODOBJS)
gensetdefs $(MODOBJS)
$(CC) $(KCARGS) -c setdef0.c
$(CC) $(KCARGS) -c setdef1.c
@@ -268,6 +305,9 @@ ipf.ko ipl.ko: $(MODOBJS)
ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
+ip_nat6.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_nat6.c -o $@
+
ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
@@ -290,6 +330,11 @@ ip_fil.c:
ip_fil.o: ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h
$(CC) $(KCARGS) $(DFLAGS) $(COMPIPF) -c ip_fil.c -o $@
+ip_fil_compat.o: $(TOP)/ip_fil_compat.c $(TOP)/ipl.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_nat.h $(TOP)/ip_state.h
+ $(CC) $(KCARGS) $(DFLAGS) $(COMPIPF) $(COMPATIPF) \
+ -c $(TOP)/ip_fil_compat.c -o $@
+
ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
@@ -307,16 +352,26 @@ ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_lookup.h $(TOP)/ip_htable.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
+ip_dstlist.o: $(TOP)/ip_dstlist.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_lookup.h $(TOP)/ip_dstlist.h
+ $(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_dstlist.c -o $@
+
ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
- $(TOP)/ip_pool.h $(TOP)/ip_htable.h $(TOP)/ip_lookup.h
+ $(TOP)/ip_pool.h $(TOP)/ip_htable.h $(TOP)/ip_lookup.h \
+ $(TOP)/ip_dstlist.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_lookup.c -o $@
+radix_ipf.o: $(TOP)/md5.c $(TOP)/radix_ipf.h
+ $(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/radix_ipf.c -o $@
+
ip_trafcon.o: $(TOP)/ip_trafcon.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
$(TOP)/ip_trafcon.h
$(CC) $(KCARGS) $(DFLAGS) -c $(TOP)/ip_trafcon.c -o $@
vnode_if.h: $(VNODESHDIR)/vnode_if.src
mkdir -p ../sys
+ mkdir -p ../rump/include/rump
+ mkdir -p ../rump/librump/rumpvfs
if [ -f $(VNODESHDIR)/vnode_if.sh ] ; then \
sh $(VNODESHDIR)/vnode_if.sh $(VNODESHDIR)/vnode_if.src; \
fi
@@ -325,10 +380,11 @@ vnode_if.h: $(VNODESHDIR)/vnode_if.src
fi
if [ -f ../sys/vnode_if.h ] ; then mv ../sys/vnode_if.h .; fi
rmdir ../sys
+ rm -rf ../rump
ml_ipl.o: vnode_if.h $(TOP)/$(MLD) $(TOP)/ipl.h
-/bin/rm -f vnode_if.c
- $(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@
+ $(CC) -I. $(KCARGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@
ip_rules.o: ip_rules.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) $(COMPIPF) -c ip_rules.c -o $@
@@ -344,7 +400,7 @@ $(TOP)/ip_rules.h: ip_rules.c
fi
ip_rulesx.o: ip_rules.c $(TOP)/ip_rules.h
- $(CC) -I. $(CFLAGS) $(DFLAGS) -DIPFILTER_COMPILED -c ip_rules.c -o $@
+ $(CC) -I. $(KCARGS) $(DFLAGS) -DIPFILTER_COMPILED -c ip_rules.c -o $@
mlf_rule.o: $(TOP)/mlf_rule.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/mlf_rule.c -o $@
@@ -356,7 +412,7 @@ mlo_rule.o: $(TOP)/mlo_rule.c $(TOP)/ip_rules.h
$(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/mlo_rule.c -o $@
mlfk_rule.o: $(TOP)/mlfk_rule.c $(TOP)/ip_rules.h
- $(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/mlfk_rule.c -o $@
+ $(CC) -I. $(KCARGS) $(DFLAGS) -c $(TOP)/mlfk_rule.c -o $@
ipf_y.o: ipf_y.c ipf_y.h $(TOP)/ipf.h ipf_l.h $(TOP)/opts.h
$(CC) $(CCARGS) $(IPFBPF) -c ipf_y.c -o $@
@@ -427,10 +483,11 @@ ippool_y.o: ippool_y.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
ippool_l.o: ippool_l.c ippool_y.h $(TOP)/ip_pool.h
$(CC) $(CCARGS) -I. -c ippool_l.c -o $@
-ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h ippool_l.h
+ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h ippool_l.h ippool_y.h
(cd $(TOOL); make "DEST=$(HERE)" $(HERE)/$@)
-ippool_y.h: ippool_y.c
+ippool_y.h: $(TOOL)/ippool_y.y
+ (cd $(TOOL); make "DEST=$(HERE)" $(HERE)/$@)
ippool_l.c: $(TOOL)/lexer.c $(TOP)/ip_pool.h
(cd $(TOOL); make "DEST=$(HERE)" $(HERE)/$@)
@@ -449,10 +506,10 @@ iptrafcon: $(IPTRAFCON) $(OBJ)/libipf.a
.l.c:
clean:
- ${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
+ ${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
${RM} -f ../ipscan ../ipsyncm ../ipsyncs
${RM} -f *.core *.o *.a ipt ipfstat ipf ipfstat ipftest ipmon
- ${RM} -f if_ipl ipnat ipfrule.ko* ipf.kld* ipfrule.kld*
+ ${RM} -f ipflkm ipnat ipfrule.ko* ipf.kld* ipfrule.kld*
${RM} -f vnode_if.h $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h
${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
@@ -481,8 +538,8 @@ install:
/bin/cp $(TOP)/$$i /usr/include/netinet/; \
$(CHMOD) 444 /usr/include/netinet/$$i; \
done
- -if [ -d /lkm -a -f if_ipl.o ] ; then \
- cp if_ipl.o /lkm; \
+ -if [ -d /lkm -a -f ipflkm.o ] ; then \
+ cp ipflkm.o /lkm; \
fi
-if [ -d /modules -a -f ipf.ko ] ; then \
if [ -f /modules/ipl.ko ] ; then \
@@ -494,6 +551,7 @@ install:
-if [ -d /modules -a -f ipfrule.ko ] ; then \
cp ipfrule.ko /modules; \
fi
+.if ${MACHINE_ARCH} != amd64
-if [ -d /boot/kernel -a -f ipf.ko ] ; then \
if [ -f /boot/kernel/ipl.ko ] ; then \
cp ipf.ko /boot/kernel/ipl.ko; \
@@ -504,8 +562,29 @@ install:
-if [ -d /boot/kernel -a -f ipfrule.ko ] ; then \
cp ipfrule.ko /boot/kernel; \
fi
- -if [ -d /usr/lkm -a -f if_ipl.o ] ; then \
- cp if_ipl.o /usr/lkm; \
+.else
+ -if [ -d /boot/kernel -a -f ipf.ko ] ; then \
+ if [ -f /boot/kernel/ipl.ko ] ; then \
+ objcopy --only-keep-debug ipf.ko
+ /boot/kernel/ipl.ko.symbols; \
+ objcopy --strip-debug \
+ --add-gnu-debuglink=ipl.ko.symbols \
+ ipf.ko /boot/kernel/ipl.ko; \
+ else \
+ objcopy --only-keep-debug ipf.ko \
+ /boot/kernel/ipf.ko.symbols; \
+ objcopy --strip-debug \
+ --add-gnu-debuglink=ipl.ko.symbols \
+ ipf.ko /boot/kernel/ipf.ko; \
+ fi \
+ fi
+ -if [ -d /boot/kernel -a -f ipfrule.ko ] ; then \
+ objcopy --only-keep-debug ipfrule.ko /boot/kernel/ipfrule.ko.symbols; \
+ objcopy --strip-debug --add-gnu-debuglink=ipfrule.ko.symbols ipfrule.ko /boot/kernel/ipfrule.ko; \
+ fi
+.endif
+ -if [ -d /usr/lkm -a -f ipflkm.o ] ; then \
+ cp ipflkm.o /usr/lkm; \
fi
-$(INSTALL) -cs -g wheel -m 755 -o root ipscan $(SBINDEST)
(cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP))
@@ -533,8 +612,8 @@ install:
(cd $(TOP)/man; make INSTALL=$(INSTALL) MANDIR=$(MANDIR) install; cd $(TOP))
coverage:
- ksh -c 'for i in *.da; do j=$${i%%.da}.c; gcov $$j 2>&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -k 1n -k 3n > report
- sort -k 1n -k 3n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += ($$F[0]/100)*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,($$t/$$lc)*100;' >> report
+ ksh -c 'for i in *.da; do j=$${i%%.da}.c; gcov $$j 2>&1 | egrep -v "y.tab.c|Could|Creating|_l\.c|\.h"; done' | sort -n > report
+ sort -n report | perl -e 'while(<>) { next if (/^0.00/); s/\%//g; @F=split;$$lc+=$$F[2];$$t += $$F[0]/100*$$F[2];} printf "%d of %d = %d%%\n", $$t, $$lc,$$t/$$lc*100;' >> report
clean-coverage:
/bin/rm -f *.gcov *.da
diff --git a/BSD/Makefile.ipsend b/BSD/Makefile.ipsend
index a83de1c6a92c..68edf1a0c656 100644
--- a/BSD/Makefile.ipsend
+++ b/BSD/Makefile.ipsend
@@ -1,5 +1,5 @@
#
-# $Id: Makefile.ipsend,v 2.8 2002/05/22 16:15:36 darrenr Exp $
+# $Id$
#
BINDEST=/usr/sbin
@@ -23,7 +23,8 @@ MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
"SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
"CPUDIR=$(CPUDIR)" "LOOKUP=$(LOOKUP)"
#
-all build bsd-bpf : ipsend ipresend iptest
+build:
+all bsd-bpf : ipsend ipresend iptest
iplang_y.o: $(TOP)/iplang/iplang_y.y
(cd $(TOP)/iplang; $(MAKE) ../BSD/$(CPUDIR)/$@ $(MFLAGS) 'DESTDIR=../BSD/$(CPUDIR)' )
@@ -103,6 +104,6 @@ dlcommon.o: $(TOP)/ipsend/dlcommon.c
sdlpi.o: $(TOP)/ipsend/sdlpi.c
$(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sdlpi.c -o $@
-install:
+install:
-$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST)
diff --git a/BSD/ipfadm-rcd b/BSD/ipfadm-rcd
index 41f62b0223df..dbbd151b97e3 100755
--- a/BSD/ipfadm-rcd
+++ b/BSD/ipfadm-rcd
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# Copyright (C) 2006 by Darren Reed.
+# Copyright (C) 2012 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
diff --git a/BSD/kupgrade b/BSD/kupgrade
index 04b257d7ca60..30df4545f294 100644
--- a/BSD/kupgrade
+++ b/BSD/kupgrade
@@ -2,7 +2,7 @@
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
argv0=`basename $0`
-
+
os=`uname -s`
rev=`uname -r`
maj=`expr $rev : '\([0-9]*\)\.'`
@@ -23,6 +23,7 @@ fi
if [ -d /sys/dist/ipf ] ; then
ipfdir=/sys/dist/ipf/netinet
fi
+mkdir -m 755 -p $ipfdir/../net
confdir="$archdir/conf"
if [ -f /dev/ipnat ] ; then
major=`ls -l /dev/ipnat | sed -e 's/.* \([0-9]*\),.*/\1/'`
@@ -30,7 +31,7 @@ if [ -f /dev/ipnat ] ; then
else
major=x
fi
-
+
if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then
echo "Trying to build ip_rules.c and ip_rules.h"
make ip_rules.c
@@ -43,8 +44,9 @@ if [ ! -f ip_rules.c -o ! -f ip_rules.h ] ; then
fi
fi
-echo -n "Installing "
-for j in auth frag nat proxy scan state sync pool htable lookup rules; do
+echo -n "Installing into $ipfdir"
+for j in auth frag nat proxy scan state sync pool dstlist htable lookup rules \
+ dstlist; do
for i in ip_$j.[ch]; do
if [ -f "$i" ] ; then
echo -n " $i"
@@ -53,6 +55,12 @@ for j in auth frag nat proxy scan state sync pool htable lookup rules; do
fi
done
done
+echo -n " net/radix_ipf.h"
+cp radix_ipf.h $ipfdir
+chmod 644 $ipfdir/radix_ipf.h
+echo -n " radix_ipf.c -> $ipfdir/radix_ipf.c"
+cp radix_ipf.c $ipfdir/radix_ipf.c
+chmod 644 $ipfdir/radix_ipf.c
case $os in
SunOS)
@@ -88,14 +96,16 @@ if [ -f $ipfdir/ip_fil.c ] ; then
chmod 644 $ipfdir/ip_fil.c
fi
-for i in ip_fil.h fil.c ip_log.c ip_compat.h ipl.h ip_*_pxy.c; do
+for i in ip_nat6.c ip_fil.h fil.c ip_log.c ip_compat.h ipl.h ip_*_pxy.c \
+ ip_fil_compat.c ipf_rb.h; do
echo -n " $i"
cp $i $ipfdir
chmod 644 $ipfdir/$i
done
echo ""
echo -n "Installing into /usr/include/netinet"
-for j in auth compat fil frag nat proxy scan state sync pool htable lookup; do
+for j in auth compat fil frag nat proxy scan state sync pool htable dstlist \
+ lookup; do
i=ip_$j.h
if [ -f "$i" ] ; then
echo -n " $i"
@@ -103,7 +113,7 @@ for j in auth compat fil frag nat proxy scan state sync pool htable lookup; do
chmod 644 /usr/include/netinet/$i
fi
done
-for j in ipl.h; do
+for j in ipl.h ipf_rb.h; do
if [ -f "$j" ] ; then
echo -n " $j"
cp $j /usr/include/netinet/$j
@@ -157,15 +167,19 @@ if [ $os = FreeBSD -a -f /sys/conf/files ] ; then
mv files files.preipf4
cp -p files.preipf4 files
fi
- for i in htable pool lookup; do
+ for i in dstlist htable pool lookup; do
grep ip_$i.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "contrib/ipfilter/netinet/ip_$i.c optional ipfilter inet ipfilter_lookup" >> files
fi
done
+ grep ip_fil_compat.c files >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo 'contrib/ipfilter/netinet/ip_fil_compat.c optional ipfilter inet ipfilter_compat' >> files
+ fi
grep ip_sync.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
- echo 'contrib/ipfilter/netinet/ip_sync.c optional ipfilter inet ipfilter_sync' >> files
+ echo 'contrib/ipfilter/netinet/ip_sync.c optional ipfilter inet' >> files
fi
grep ip_scan.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
@@ -177,13 +191,19 @@ if [ $os = FreeBSD -a -f /sys/conf/files ] ; then
fi
fi
if [ $os = NetBSD -a -f /sys/conf/files ] ; then
+ if [ -f /sys/netinet/files.ipfilter ] ; then
+ if ! grep -q ip_fil_compat.c /sys/netinet/files.ipfilter; then
+ echo 'file dist/ipf/netinet/ip_fil_compat.c ipfilter & ipfilter_compat' >> /sys/netinet/files.ipfilter
+ echo 'defflag opt_ipfilter.h IPFILTER_COMPAT' >> /sys/netinet/files.ipfilter
+ fi
+ fi
cd /sys/conf
if [ ! -f files.preipf4 ] ; then
mv files files.preipf4
cp -p files.preipf4 files
fi
if [ $fullrev -ge 010600 -a $fullrev -lt 020000 ] ; then
- for i in htable pool lookup; do
+ for i in dstlist htable pool lookup; do
grep ip_$i.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "file netinet/ip_$i.c ipfilter & ipfilter_lookup" >> files
@@ -191,7 +211,7 @@ if [ $os = NetBSD -a -f /sys/conf/files ] ; then
done
grep ip_sync.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
- echo 'file netinet/ip_sync.c ipfilter & ipfilter_sync' >> files
+ echo 'file netinet/ip_sync.c ipfilter' >> files
fi
grep ip_scan.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
@@ -210,15 +230,18 @@ if [ $os = OpenBSD -a -f /sys/conf/files ] ; then
cp -p files.preipf4 files
fi
if [ $fullrev -ge 030400 ] ; then
- for i in htable pool lookup; do
+ for i in dstlist htable pool lookup; do
grep ip_$i.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "file netinet/ip_$i.c ipfilter & ipfilter_lookup" >> files
fi
done
- grep ip_sync.c files >/dev/null 2>&1
+ grep ip_fil_compat.c files >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo 'file netinet/ip_fil_compat.c ipfilter & ipfilter_compat' >> files
+ fi
if [ $? -ne 0 ] ; then
- echo 'file netinet/ip_sync.c ipfilter & ipfilter_sync' >> files
+ echo 'file netinet/ip_sync.c ipfilter' >> files
fi
grep ip_scan.c files >/dev/null 2>&1
if [ $? -ne 0 ] ; then
@@ -241,7 +264,7 @@ cat | (cd /usr/src/sys/modules/ipfilter; patch) <<__EOF__
KMOD= ipl
SRCS= mlfk_ipl.c ip_nat.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \\
! ip_log.c ip_fil.c fil.c
-
+
.if !defined(NOINET6)
CFLAGS+= -DUSE_INET6
.endif
@@ -249,10 +272,10 @@ cat | (cd /usr/src/sys/modules/ipfilter; patch) <<__EOF__
! CFLAGS+= -DIPFILTER=1 -DIPFILTER_LKM -DIPFILTER_LOG -DPFIL_HOOKS
--- 5,15 ----
KMOD= ipl
- SRCS= mlfk_ipl.c ip_nat.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \\
-! ip_log.c ip_fil.c fil.c ip_lookup.c ip_pool.c ip_htable.c \\
-! ip_sync.c ip_scan.c ip_rules.c
-
+ SRCS= mlfk_ipl.c ip_nat.c ip_nat6.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \\
+! ip_log.c ip_fil.c fil.c ip_lookup.c ip_pool.c ip_dstlist.c ip_htable.c \\
+! ip_sync.c ip_scan.c ip_rules.c ip_fil_compat.c
+
.if !defined(NOINET6)
CFLAGS+= -DUSE_INET6
.endif
@@ -261,4 +284,29 @@ cat | (cd /usr/src/sys/modules/ipfilter; patch) <<__EOF__
! -DIPFILTER_LOOKUP -DIPFILTER_COMPILED
__EOF__
fi
+
+CONF=/sys/netinet/files.ipfilter
+if [ -f $CONF -a $os = NetBSD ] ; then
+ for i in ip_nat6.c ip_dstlist.c radix_ipf.c; do
+ echo "Checking for $i in $CONF"
+ grep $i $CONF >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo "Adding $i to $CONF"
+ sed -n -e /ip_nat.c/s/ip_nat.c/$i/p $CONF >> $CONF
+ fi
+ done
+fi
+
+CONF=/sys/conf/files
+if [ -f $CONF -a $os = FreeBSD ] ; then
+ for i in ip_nat6.c ip_dstlist.c radix_ipf.c; do
+ echo "Checking for $i in $CONF"
+ grep $i $CONF >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo "Adding $i to $CONF"
+ sed -n -e /ip_nat.c/,/NORMAL/p $CONF | \
+ sed -e s/ip_nat.c/$i/p >> $CONF
+ fi
+ done
+fi
exit 0
diff --git a/BSD/upgrade b/BSD/upgrade
new file mode 100755
index 000000000000..d5f815438656
--- /dev/null
+++ b/BSD/upgrade
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+argv0=`basename $0`
+
+case `pwd` in
+*BSD)
+ ;;
+*)
+ cd BSD
+ ;;
+esac
+os=`uname -s`
+rev=`uname -r`
+maj=`expr $rev : '\([0-9]*\)\.'`
+min=`expr $rev : '[0-9]*\.\([0-9]*\)'`
+sub=`expr $rev : '[0-9]*\.[0-9]*\.\([0-9]*\)'`
+plat=`uname -p`
+objdir=${os}-${rev}-${plat}
+
+# try to bomb out fast if anything fails....
+set -e
+
+for i in ipf ipfstat ipmon ipnat ippool; do
+ if [ ! -f /sbin/${i}.dist -a -f /sbin/${i} ] ; then
+ mv /sbin/${i} /sbin/${i}.dist
+ cp -p /sbin/${i}.dist /sbin/${i}
+ cp ${objdir}/${i} /sbin/
+ fi
+ if [ ! -f /usr/sbin/${i}.dist -a -f /usr/sbin/${i} ] ; then
+ mv /usr/sbin/${i} /usr/sbin/${i}.dist
+ cp -p /usr/sbin/${i}.dist /usr/sbin/${i}
+ cp ${objdir}/${i} /usr/sbin/
+ fi
+done
+if [ -f /boot/kernel/ipl.ko ] ; then
+ if [ ! -f /boot/kernel/ipl.ko.dist ] ; then
+ mv /boot/kernel/ipl.ko /boot/kernel/ipl.ko.dist
+ cp -p /boot/kernel/ipl.ko.dist /boot/kernel/ipl.ko
+ fi
+ if [ ! -f /boot/kernel/ipl.ko.symbols.dist ] ; then
+ mv /boot/kernel/ipl.ko.symbols /boot/kernel/ipl.ko.symbols.dist
+ fi
+ cp ${objdir}/ipf.ko /boot/kernel/ipl.ko
+fi
+exit 0
diff --git a/BSDOS/files.diffs b/BSDOS/files.diffs
new file mode 100644
index 000000000000..0b34dbc37e9c
--- /dev/null
+++ b/BSDOS/files.diffs
@@ -0,0 +1,23 @@
+*** files.orig Tue Mar 19 16:18:21 1996
+--- files Fri Mar 8 14:20:52 1996
+***************
+*** 201,206 ****
+--- 201,218 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter
++ file netinet/fil.c ipfilter
++ file netinet/ip_nat.c ipfilter
++ file netinet/ip_frag.c ipfilter
++ file netinet/ip_state.c ipfilter
++ file netinet/ip_auth.c ipfilter
++ file netinet/ip_proxy.c ipfilter
++ file netinet/ip_log.c ipfilter
++ file netinet/ip_scan.c ipfilter
++ file netinet/ip_sync.c ipfilter
++ file netinet/ip_pool.c ipfilter_pool
++ file netinet/ip_rules.c ipfilter_compiled
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/BSDOS/ioconf.c.i386.diffs b/BSDOS/ioconf.c.i386.diffs
new file mode 100644
index 000000000000..a7e07f0e591d
--- /dev/null
+++ b/BSDOS/ioconf.c.i386.diffs
@@ -0,0 +1,28 @@
+*** ioconf.c.i386.orig Tue Mar 19 16:20:07 1996
+--- ioconf.c.i386 Fri Mar 8 15:12:59 1996
+***************
+*** 21,26 ****
+--- 21,29 ----
+ extern struct devsw cnsw, cttysw, mmsw, swapsw, logsw, devfdsw;
+ extern struct devsw ptssw, ptcsw;
+ extern struct devsw pcsw, kbdsw;
++ #if defined(IPFILTER)
++ extern struct devsw iplsw;
++ #endif
+
+ %DECLSW
+
+***************
+*** 62,67 ****
+--- 65,75 ----
+ %DEVSW(sr), /* 34 = SCSI removeable disks (clone of sd) */
+ %DEVSW(rp), /* 35 = Comtrol Rocketport */
+ %DEVSW(cy), /* 36 = Cyclades async mux */
++ #if defined(IPFILTER)
++ &iplsw, /* 37 = IP Filter */
++ #else
++ NULL, /* 37 = IP Filter */
++ #endif
+ };
+ #define NDEVSW (sizeof(devsw) / sizeof(*devsw))
+ int ndevsw = NDEVSW;
diff --git a/BSDOS/ip_input.c.diffs b/BSDOS/ip_input.c.diffs
new file mode 100644
index 000000000000..2829f4edaa44
--- /dev/null
+++ b/BSDOS/ip_input.c.diffs
@@ -0,0 +1,37 @@
+*** ip_input.c.orig Tue Mar 19 16:19:06 1996
+--- ip_input.c Fri Mar 8 18:31:22 1996
+***************
+*** 77,82 ****
+--- 77,86 ----
+ int ipqmaxlen = IFQ_MAXLEN;
+ struct in_ifaddr *in_ifaddr; /* first inet address */
+ struct ifqueue ipintrq;
++ #if defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * We need to save the IP options in case a protocol wants to respond
+***************
+*** 232,237 ****
+--- 236,254 ----
+ m_adj(m, ip->ip_len - m->m_pkthdr.len);
+ }
+
++ #if defined(IPFILTER)
++ /*
++ * Check if we want to allow this packet to be processed.
++ * Consider it to be bad if not.
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
++ goto next;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * Process options and, if not destined for us,
+ * ship it on. ip_dooptions returns 1 when an
diff --git a/BSDOS/ip_output.c.diffs b/BSDOS/ip_output.c.diffs
new file mode 100644
index 000000000000..1ee533c9dd0b
--- /dev/null
+++ b/BSDOS/ip_output.c.diffs
@@ -0,0 +1,35 @@
+*** ip_output.c.orig Tue Mar 19 16:19:33 1996
+--- ip_output.c Fri Mar 8 14:50:51 1996
+***************
+*** 60,65 ****
+--- 60,69 ----
+ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+ static void ip_mloopback
+ __P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * IP output. The packet in mbuf chain m contains a skeletal IP
+***************
+*** 276,281 ****
+--- 280,296 ----
+ } else
+ m->m_flags &= ~M_BCAST;
+
+ sendit:
++ #if defined(IPFILTER)
++ {
++ struct mbuf *m1 = m;
++ /*
++ * looks like most checking has been done now...do a filter check
++ */
++ if (fr_checkp && ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1))
++ goto done;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * If small enough for interface, can just send directly.
diff --git a/BSDOS/kinstall b/BSDOS/kinstall
new file mode 100755
index 000000000000..58417f2795eb
--- /dev/null
+++ b/BSDOS/kinstall
@@ -0,0 +1,56 @@
+#!/bin/csh -f
+#
+set dir=`pwd`
+set karch=`uname -m`
+if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
+if ( -d /sys/$karch ) set archdir="/sys/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ *fil/BSDOS ) cd ..
+if ($0 =~ *kinstall) then
+ foreach i (ip_{auth,fil,frag,nat,proxy,scan,state,sync}.[ch] \
+ fil.c ip_compat.h ip_log.c ip_*_pxy.c)
+ echo -n "$i ";
+ cp $i /sys/netinet
+ chmod 664 /sys/netinet/$i
+ switch ($i)
+ case *.h:
+ /bin/cp $i /usr/include/netinet/$i
+ chmod 644 /usr/include/netinet/$i
+ breaksw
+ endsw
+ end
+ echo ""
+ echo "Patching $archdir/$karch/ioconf.c.$karch"
+ cat ioconf.c.$karch.diffs | (cd $archdir/$karch; patch)
+endif
+echo "Patching ip_input.c and ip_output.c"
+cat BSDOS/ip_{in,out}put.c.diffs | (cd /sys/netinet; patch)
+
+if ( -f /sys/conf/files ) then
+ echo "Patching /sys/conf/files"
+ cat BSDOS/files.diffs | (cd /sys/conf; patch)
+endif
+
+set config=`/bin/ls -1t $confdir [0-9A-Z_]* | head -1`
+
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+ set config="$confdir/$newconfig"
+else
+ set newconfig=$config
+endif
+echo "Re-config'ing $newconfig..."
+if ( -f $confdir/$newconfig ) then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/$newconfig ) then
+ mv $archdir/$newconfig $archdir/$newconfig.bak
+endif
+if ($0 =~ *kinstall) then
+ awk '{print $0;if($2=="INET"){print"options IPFILTER"}}' \
+ $confdir/$newconfig.bak > $confdir/$newconfig
+endif
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/BSDOS3/OBJS/README b/BSDOS3/OBJS/README
new file mode 100644
index 000000000000..14346e20dfc7
--- /dev/null
+++ b/BSDOS3/OBJS/README
@@ -0,0 +1,6 @@
+
+If you have any questions or comments relating to the .o files in this
+directory, please email Alan Clegg - abc@bsdi.com.
+
+Cheers,
+Darren
diff --git a/BSDOS3/OBJS/files b/BSDOS3/OBJS/files
new file mode 100644
index 000000000000..519d58187755
--- /dev/null
+++ b/BSDOS3/OBJS/files
@@ -0,0 +1,342 @@
+# BSDI $Id$
+#
+# @(#)files.newconf 8.9 (Berkeley) 3/31/94
+
+# generic attributes
+define disk
+define tape
+define ifnet
+define tty
+
+# net device attributes - we have generic code for ether.
+# we should have imp but right now it is a pseudo-device.
+define ether
+define p2p
+define token
+define fddi
+# define imp
+pseudo-device imp
+
+# scsi driver and associated stuff
+define scsi { target = -1 }
+device tg at scsi { unit = -1 }
+file dev/scsi/scsi_subr.c scsi
+file dev/scsi/scsi_spi.c scsi
+
+# support functions used by low level spi drivers
+define spilow
+file dev/scsi/scsi_spilow.c spilow
+
+
+device sd at tg: disk
+device sr at tg: disk
+file dev/scsi/sd.c sd|sr
+
+device st at tg: tape
+file dev/scsi/st.c st
+
+device sg at tg
+file dev/scsi/sg.c sg
+
+# media indepent interface network layer
+define mii { phy = -1 }
+file dev/mii/mii_subr.c mii
+
+# legitimate pseudo-devices
+pseudo-device appp: ifnet, p2p
+pseudo-device pif
+pseudo-device bpfilter
+pseudo-device gwscreen
+pseudo-device cd: disk
+pseudo-device sp: disk
+pseudo-device loop
+pseudo-device tun
+pseudo-device pty: tty
+pseudo-device sl: ifnet
+pseudo-device vnd: disk
+pseudo-device rd: disk
+
+file dev/disk_subr.c disk
+file dev/cd.c cd&!objsrc always-source
+
+file dev/sp.c sp
+
+file dev/vnd.c vnd
+
+file dev/rd.c rd
+
+# kernel sources
+file isofs/cd9660/cd9660_bmap.c cd9660
+file isofs/cd9660/cd9660_lookup.c cd9660
+file isofs/cd9660/cd9660_node.c cd9660
+file isofs/cd9660/cd9660_rrip.c cd9660
+file isofs/cd9660/cd9660_util.c cd9660
+file isofs/cd9660/cd9660_vfsops.c cd9660
+file isofs/cd9660/cd9660_vnops.c cd9660
+file kern/init_main.c
+file kern/kern_acct.c
+file kern/kern_clock.c
+file kern/kern_descrip.c
+file kern/kern_exec.c
+file kern/kern_exit.c
+file kern/kern_fork.c
+file kern/kern_ktrace.c ktrace | !source
+file kern/kern_lock.c
+file kern/kern_malloc.c
+file kern/kern_physio.c
+file kern/kern_proc.c
+file kern/kern_prot.c
+file kern/kern_resource.c
+file kern/kern_sig.c
+file kern/kern_subr.c
+file kern/kern_synch.c
+file kern/kern_sysctl.c
+file kern/kern_license.c
+file kern/kern_time.c
+file kern/kern_xxx.c
+file kern/subr_autoconf.c
+file kern/subr_log.c
+file kern/subr_prf.c
+file kern/subr_prof.c
+file kern/subr_rmap.c
+file kern/subr_xxx.c
+file kern/sys_generic.c
+file kern/sys_process.c
+file kern/sys_socket.c
+file kern/sys_sem.c compat_semaphore
+file kern/sysv_ipc.c
+file kern/sysv_msg.c
+file kern/sysv_sem.c
+file kern/sysv_shm.c
+file kern/tty.c
+file kern/tty_compat.c
+file kern/tty_conf.c !objsrc always-source
+file kern/tty_pty.c pty
+file kern/tty_subr.c
+file kern/tty_tb.c tb needs-flag
+file kern/tty_tty.c
+file kern/uipc_domain.c !objsrc always-source
+file kern/uipc_mbuf.c
+file kern/uipc_proto.c !objsrc always-source
+file kern/uipc_socket.c
+file kern/uipc_socket2.c
+file kern/uipc_syscalls.c
+file kern/uipc_usrreq.c
+file kern/vfs_bio.c
+file kern/vfs_cache.c
+file kern/vfs_cluster.c
+file kern/vfs_conf.c !objsrc always-source
+file kern/vfs_init.c
+file kern/vfs_lookup.c
+file kern/vfs_subr.c
+file kern/vfs_syscalls.c
+file kern/vfs_vnops.c
+file miscfs/deadfs/dead_vnops.c
+file miscfs/fdesc/fdesc_vfsops.c fdesc
+file miscfs/fdesc/fdesc_vnops.c fdesc
+file miscfs/fifofs/fifo_vnops.c fifo | !source
+file miscfs/kernfs/kernfs_vfsops.c kernfs
+file miscfs/kernfs/kernfs_vnops.c kernfs
+file miscfs/nullfs/null_subr.c (nullfs | umapfs)
+file miscfs/nullfs/null_vfsops.c (nullfs | umapfs)
+file miscfs/nullfs/null_vnops.c (nullfs | umapfs)
+file miscfs/portal/portal_vfsops.c portal
+file miscfs/portal/portal_vnops.c portal
+file miscfs/procfs/procfs_subr.c procfs
+file miscfs/procfs/procfs_vnops.c procfs
+file miscfs/procfs/procfs_vfsops.c procfs
+file miscfs/procfs/procfs_note.c procfs
+file miscfs/procfs/procfs_mem.c procfs
+file miscfs/procfs/procfs_ctl.c procfs
+file miscfs/procfs/procfs_status.c procfs
+file miscfs/procfs/procfs_regs.c procfs
+file miscfs/procfs/procfs_fpregs.c procfs
+file miscfs/specfs/spec_vnops.c
+file miscfs/umapfs/umap_subr.c umapfs
+file miscfs/umapfs/umap_vfsops.c umapfs
+file miscfs/umapfs/umap_vnops.c umapfs
+file miscfs/union/union_subr.c union
+file miscfs/union/union_vfsops.c union
+file miscfs/union/union_vnops.c union
+file msdosfs/msdosfs_conv.c msdosfs
+file msdosfs/msdosfs_denode.c msdosfs
+file msdosfs/msdosfs_fat.c msdosfs
+file msdosfs/msdosfs_lookup.c msdosfs
+file msdosfs/msdosfs_vfsops.c msdosfs
+file msdosfs/msdosfs_vnops.c msdosfs
+file net/bpf.c bpfilter needs-flag
+file net/bpf_filter.c bpfilter needs-flag
+file net/gw_screen.c gwscreen&!objsrc always-source
+file net/if.c !objsrc always-source
+file net/if_appp.c appp needs-flag
+file net/if_c_hdlc.c cisco_hdlc
+file net/if_ethersubr.c (ether|fddi)&!objsrc always-source
+file net/if_link.c
+file net/if_loop.c loop&!objsrc always-source
+file net/if_tun.c tun
+file net/if_media.c (ether|fddi|token)
+file net/if_p2pproto.c p2p&!objsrc always-source
+file net/if_p2psubr.c p2p&!objsrc always-source
+file net/if_ppp.c ppp
+file net/if_pppmp.c ppp&pif&!nomultilink
+file net/if_pif.c pif
+file net/if_sl.c sl needs-flag
+file net/if_tokensubr.c token&!objsrc needs-flag always-source
+file net/if_fddisubr.c fddi&!objsrc needs-flag always-source
+file net/net_proto.c
+file net/radix.c
+file net/raw_cb.c
+file net/raw_usrreq.c
+file net/route.c
+file net/rtsock.c
+file net/slcompress.c sl|ppp
+file netccitt/ccitt_proto.c ccitt
+file netccitt/llc_input.c llc
+file netccitt/llc_output.c llc
+file netccitt/llc_subr.c llc
+file netccitt/llc_timer.c llc
+file netccitt/hd_debug.c hdlc
+file netccitt/hd_input.c hdlc
+file netccitt/hd_output.c hdlc
+file netccitt/hd_subr.c hdlc
+file netccitt/hd_timer.c hdlc
+file netccitt/if_x25subr.c ccitt&!objsrc always-source
+file netccitt/pk_acct.c ccitt
+file netccitt/pk_debug.c ccitt
+file netccitt/pk_input.c ccitt
+file netccitt/pk_llcsubr.c llc|hdlc
+file netccitt/pk_output.c ccitt
+file netccitt/pk_subr.c ccitt
+file netccitt/pk_timer.c ccitt
+file netccitt/pk_usrreq.c ccitt
+file netimp/if_imp.c imp needs-count
+file netimp/if_imphost.c imp needs-count
+file netimp/raw_imp.c imp
+file netinet/if_ether.c (ether|token|fddi)&!objsrc needs-flag always-source
+file netinet/igmp.c inet
+file netinet/in.c inet
+file netinet/in_pcb.c inet
+file netinet/in_proto.c inet&!objsrc always-source
+file netinet/ip_icmp.c inet
+file netinet/ip_input.c inet
+file netinet/ip_mroute.c inet&mrouting
+file netinet/ip_output.c inet
+file netinet/ip_screen.c gwscreen&!objsrc always-source
+file netinet/raw_ip.c inet
+file netinet/tcp_debug.c inet
+file netinet/tcp_input.c inet
+file netinet/tcp_output.c inet
+file netinet/tcp_subr.c inet
+file netinet/tcp_timer.c inet
+file netinet/tcp_usrreq.c inet
+file netinet/udp_usrreq.c inet
+file netinet/ip_fil.c ipfilter
+file netinet/fil.c ipfilter
+file netinet/ip_nat.c ipfilter
+file netinet/ip_frag.c ipfilter
+file netinet/ip_state.c ipfilter
+file netinet/ip_auth.c ipfilter
+file netinet/ip_proxy.c ipfilter
+file netinet/ip_log.c ipfilter
+file netiso/clnp_debug.c iso
+file netiso/clnp_er.c iso
+file netiso/clnp_frag.c iso
+file netiso/clnp_input.c iso
+file netiso/clnp_options.c iso
+file netiso/clnp_output.c iso
+file netiso/clnp_raw.c iso
+file netiso/clnp_subr.c iso
+file netiso/clnp_timer.c iso
+file netiso/cltp_usrreq.c iso
+file netiso/esis.c iso
+file netiso/if_eon.c eon
+file netiso/idrp_usrreq.c iso
+file netiso/iso.c iso
+file netiso/iso_chksum.c iso
+file netiso/iso_pcb.c iso
+file netiso/iso_proto.c iso&!objsrc always-source
+file netiso/iso_snpac.c iso
+file netiso/tp_astring.c iso|tpip
+file netiso/tp_cons.c iso
+file netiso/tp_driver.c iso|tpip
+file netiso/tp_emit.c iso|tpip
+file netiso/tp_inet.c iso|tpip
+file netiso/tp_input.c iso|tpip
+file netiso/tp_iso.c iso
+file netiso/tp_meas.c iso|tpip
+file netiso/tp_output.c iso|tpip
+file netiso/tp_pcb.c iso|tpip
+file netiso/tp_subr.c iso|tpip
+file netiso/tp_subr2.c iso|tpip
+file netiso/tp_timer.c iso|tpip
+file netiso/tp_trace.c iso|tpip
+file netiso/tp_usrreq.c iso|tpip
+file netiso/tuba_subr.c iso&tuba
+file netiso/tuba_table.c iso&tuba
+file netiso/tuba_usrreq.c iso&tuba
+file netns/idp_usrreq.c ns&!objsrc always-source
+file netns/ns.c ns
+file netns/ns_error.c ns
+file netns/ns_input.c ns
+file netns/ns_ip.c ns
+file netns/ns_output.c ns
+file netns/ns_pcb.c ns
+file netns/ns_proto.c ns&!objsrc always-source
+file netns/spp_debug.c ns
+file netns/spp_usrreq.c ns
+file nfs/nfs_bio.c nfs
+file nfs/nfs_node.c nfs
+file nfs/nfs_nqlease.c nfs
+file nfs/nfs_serv.c nfs
+file nfs/nfs_socket.c nfs
+file nfs/nfs_srvcache.c nfs
+file nfs/nfs_subs.c nfs
+file nfs/nfs_syscalls.c nfs
+file nfs/nfs_vfsops.c nfs
+file nfs/nfs_vnops.c nfs
+file ufs/ffs/ffs_alloc.c ffs|mfs
+file ufs/ffs/ffs_balloc.c ffs|mfs
+file ufs/ffs/ffs_inode.c ffs|mfs
+file ufs/ffs/ffs_subr.c ffs|mfs
+file ufs/ffs/ffs_tables.c ffs|mfs
+file ufs/ffs/ffs_vfsops.c ffs|mfs
+file ufs/ffs/ffs_vnops.c ffs|mfs
+file ufs/lfs/lfs_alloc.c lfs
+file ufs/lfs/lfs_bio.c lfs
+file ufs/lfs/lfs_balloc.c lfs
+file ufs/lfs/lfs_cksum.c lfs
+file ufs/lfs/lfs_debug.c lfs
+file ufs/lfs/lfs_inode.c lfs
+file ufs/lfs/lfs_segment.c lfs
+file ufs/lfs/lfs_subr.c lfs
+file ufs/lfs/lfs_syscalls.c lfs
+file ufs/lfs/lfs_vfsops.c lfs
+file ufs/lfs/lfs_vnops.c lfs
+file ufs/mfs/mfs_vfsops.c mfs
+file ufs/mfs/mfs_vnops.c mfs
+file ufs/ufs/ufs_bmap.c ffs|lfs|mfs
+file ufs/ufs/ufs_ihash.c ffs|lfs|mfs
+file ufs/ufs/ufs_inode.c ffs|lfs|mfs
+file ufs/ufs/ufs_lockf.c ffs|lfs|mfs
+file ufs/ufs/ufs_lookup.c ffs|lfs|mfs
+file ufs/ufs/ufs_quota.c ffs|lfs|mfs
+file ufs/ufs/ufs_vfsops.c ffs|lfs|mfs
+file ufs/ufs/ufs_vnops.c ffs|lfs|mfs
+file vm/asyncdaemon.c
+file vm/device_pager.c
+file vm/swap_pager.c
+file vm/vm_fault.c
+file vm/vm_glue.c
+file vm/vm_init.c
+file vm/vm_kern.c
+file vm/vm_map.c
+file vm/vm_meter.c
+file vm/vm_mmap.c
+file vm/vm_object.c
+file vm/vm_page.c
+file vm/vm_pageout.c
+file vm/vm_pager.c
+file vm/vm_swap.c
+file vm/vm_unix.c
+file vm/vm_user.c
+file vm/vnode_pager.c
diff --git a/BSDOS3/OBJS/ioconf.c b/BSDOS3/OBJS/ioconf.c
new file mode 100644
index 000000000000..5ec979df2cda
--- /dev/null
+++ b/BSDOS3/OBJS/ioconf.c
@@ -0,0 +1,644 @@
+/*
+ * MACHINE GENERATED: DO NOT EDIT
+ *
+ * ioconf.c, from "DIALOUT"
+ */
+
+#line 1 "../../i386/conf/ioconf.c.i386"
+/*-
+ * Copyright (c) 1994, 1995, 1996 Berkeley Software Design, Inc.
+ * All rights reserved.
+ * The Berkeley Software Design Inc. software License Agreement specifies
+ * the terms and conditions for redistribution.
+ *
+ * BSDI $Id$
+ *
+ * WILDBOAR $Wildboar: ioconf.c.i386,v 1.8 1996/02/13 13:01:15 shigeya Exp $
+ *
+ * Portions or all of this file are Copyright(c) 1994,1995,1996
+ * Yoichi Shinoda, Yoshitaka Tokugawa, WIDE Project, Wildboar Project
+ * and Foretune. All rights reserved.
+ *
+ * This code has been contributed to Berkeley Software Design, Inc.
+ * by the Wildboar Project and its contributors.
+ */
+
+/* template ioconf.c for i386 */
+
+#include <sys/param.h>
+#include <sys/conf.h>
+#include <sys/device.h>
+#include <i386/isa/isa.h>
+#include <i386/isa/isavar.h>
+#include <i386/isa/icu.h>
+
+extern struct cfdriver tgcd;
+extern struct cfdriver sdcd;
+extern struct cfdriver srcd;
+extern struct cfdriver stcd;
+extern struct cfdriver sgcd;
+extern struct cfdriver isacd;
+extern struct cfdriver pcconscd;
+extern struct cfdriver pcauxcd;
+extern struct cfdriver comcd;
+extern struct cfdriver lpcd;
+extern struct cfdriver fdccd;
+extern struct cfdriver fdcd;
+extern struct cfdriver dptcd;
+extern struct cfdriver wdccd;
+extern struct cfdriver wdcd;
+extern struct cfdriver wdpicd;
+extern struct cfdriver mcdcd;
+extern struct cfdriver wtcd;
+extern struct cfdriver npxcd;
+extern struct cfdriver vgacd;
+extern struct cfdriver bmscd;
+extern struct cfdriver lmscd;
+extern struct cfdriver ahacd;
+extern struct cfdriver bhacd;
+extern struct cfdriver necd;
+extern struct cfdriver epcd;
+extern struct cfdriver sacd;
+extern struct cfdriver ncrcd;
+extern struct cfdriver saturncd;
+extern struct cfdriver aiccd;
+extern struct cfdriver tncd;
+extern struct cfdriver hppcd;
+extern struct cfdriver recd;
+extern struct cfdriver wecd;
+extern struct cfdriver tlcd;
+extern struct cfdriver ebcd;
+extern struct cfdriver efcd;
+extern struct cfdriver elcd;
+extern struct cfdriver excd;
+extern struct cfdriver eahacd;
+extern struct cfdriver pciccd;
+extern struct cfdriver ccecd;
+extern struct cfdriver mzcd;
+extern struct cfdriver decd;
+extern struct cfdriver expcd;
+extern struct cfdriver nsphycd;
+extern struct cfdriver ics90pcd;
+extern struct cfdriver i555pcd;
+extern struct cfdriver tn100acd;
+
+
+/* locators */
+static int loc[395] = {
+ 0, 0, 0, 0, -1, -1, BUS_EISA, 0,
+ 0, 0, 0, -1, -1, BUS_PCI, IO_KBD, 0,
+ 0, 0, -1, -1, BUS_ISA, IO_KBD, 0, 0,
+ 0, 0xc, -1, BUS_ISA, 0x3e0, 0, 0, 0,
+ 0xb, -1, BUS_ISA, 0x3e2, 0, 0, 0, 0xa,
+ -1, BUS_ISA, 0x3e4, 0, 0, 0, 0xa, -1,
+ BUS_ISA, IO_COM1, 0, 0, 0, -1, -1, BUS_ISA,
+ IO_COM2, 0, 0, 0, -1, -1, BUS_ISA, 0,
+ 0, 0, 0, -1, -1, BUS_PCMCIA, 0x378, 0,
+ 0, 0, 7, -1, BUS_ISA, 0x3bc, 0, 0,
+ 0, 7, -1, BUS_ISA, IO_FD1, 0, 0, 0,
+ -1, 2, BUS_ISA, 0x280, 0, 0, 0, -1,
+ -1, BUS_ISA, 0x2a0, 0, 0, 0, -1, -1,
+ BUS_ISA, 0x2e0, 0, 0, 0, -1, -1, BUS_ISA,
+ 0x300, 0, 0, 0, -1, -1, BUS_ISA, 0x310,
+ 0, 0, 0, -1, -1, BUS_ISA, 0x330, 0,
+ 0, 0, -1, -1, BUS_ISA, 0x350, 0, 0,
+ 0, -1, -1, BUS_ISA, 0x250, 0, 0, 0,
+ -1, -1, BUS_ISA, 0x260, 0, 0, 0, -1,
+ -1, BUS_ISA, 0x310, 0, 0xd0000, 0x10000, -1, -1,
+ BUS_ISA, 0, 0, 0, 0, -1, -1, BUS_ANY,
+ 0x170, 0, 0, 0, -1, 5, BUS_ISA, IO_WD1,
+ 0, 0, 0, -1, -1, BUS_ISA, IO_WD2, 0,
+ 0, 0, -1, -1, BUS_ISA, 0x300, 0, 0,
+ 0, -1, 1, BUS_ISA, IO_NPX, 0, 0, 0,
+ -1, -1, BUS_ISA, IO_VGA, 0, 0xa0000, 0x10000, -1,
+ -1, BUS_ISA, 0x23c, 0, 0, 0, 5, -1,
+ BUS_ISA, 0x334, 0, 0, 0, 9, -1, BUS_ISA,
+ 0x340, 0, 0, 0, 9, -1, BUS_ISA, 0x334,
+ 0, 0, 0, -1, -1, BUS_ISA, 0x340, 0,
+ 0, 0, -1, -1, BUS_ISA, 0x320, 0, 0,
+ 0, -1, -1, BUS_ISA, 0x360, 0, 0, 0,
+ -1, -1, BUS_ISA, 0x240, 0, 0, 0, -1,
+ -1, BUS_ISA, 0x320, 0, 0, 0, -1, 3,
+ BUS_ISA, 0x340, 0, 0, 0, -1, 3, BUS_ISA,
+ 0x360, 0, 0, 0, -1, 3, BUS_ISA, 0x300,
+ 0, 0, 0, -1, 3, BUS_ISA, 0x2c0, 0,
+ 0xc8000, 0x800, -1, -1, BUS_ISA, 0x300, 0, 0xc8000,
+ 0x800, -1, -1, BUS_ISA, 0x380, 0, 0, 0,
+ -1, -1, BUS_ISA, 0x280, 0, 0xd0000, 0x4000, -1,
+ -1, BUS_ISA, 0x2a0, 0, 0xd0000, 0x4000, -1, -1,
+ BUS_ISA, 0x2c0, 0, 0xd0000, 0x4000, -1, -1, BUS_ISA,
+ 0x2e0, 0, 0xd0000, 0x4000, -1, -1, BUS_ISA, 0x300,
+ 0, 0xd0000, 0x4000, -1, -1, BUS_ISA, 0x320, 0,
+ 0xd0000, 0x4000, -1, -1, BUS_ISA, 0x340, 0, 0xd0000,
+ 0x4000, -1, -1, BUS_ISA, 0x360, 0, 0xd0000, 0x4000,
+ -1, -1, BUS_ISA, 0x380, 0, 0xd0000, 0x4000, -1,
+ -1, BUS_ISA, 0x3a0, 0, 0xd0000, 0x4000, -1, -1,
+ BUS_ISA, 0x3e0, 0, 0xd0000, 0x4000, -1, -1, BUS_ISA,
+ -1, 1, 0,
+};
+
+/* parent vectors */
+static short pv[48] = {
+ 17, 19, 18, 25, 39, 40, 41, 42, 45, 43, 46, 44, 47, 48, 49, 50,
+ 51, 52, 53, 118, 119, 120, -1, 21, 22, 23, 24, -1, 68, 71, 83, 88,
+ -1, 22, 23, -1, 0, -1, 68, -1, 14, -1, 71, -1, 20, -1, 21, -1,
+};
+
+#define NORM FSTATE_NOTFOUND
+#define STAR FSTATE_STAR
+
+struct cfdata cfdata[] = {
+ /* driver unit state loc flags parents ivstubs */
+/* 0: isa0 at root */
+ {&isacd, 0, NORM, loc, 0, pv+22, 0},
+/* 1: saturn0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&saturncd, 0, NORM, loc+ 7, 0, pv+36, 0},
+/* 2: pccons0 at isa0 port IO_KBD nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&pcconscd, 0, NORM, loc+ 14, 0, pv+36, 0},
+/* 3: pcaux0 at isa0 port IO_KBD nports 0 iomem 0 iosiz 0 irq 0xc drq -1 bustype BUS_ISA */
+ {&pcauxcd, 0, NORM, loc+ 21, 0, pv+36, 0},
+/* 4: pcic0 at isa0 port 0x3e0 nports 0 iomem 0 iosiz 0 irq 0xb drq -1 bustype BUS_ISA */
+ {&pciccd, 0, NORM, loc+ 28, 0, pv+36, 0},
+/* 5: pcic1 at isa0 port 0x3e2 nports 0 iomem 0 iosiz 0 irq 0xa drq -1 bustype BUS_ISA */
+ {&pciccd, 1, NORM, loc+ 35, 0, pv+36, 0},
+/* 6: pcic1 at isa0 port 0x3e4 nports 0 iomem 0 iosiz 0 irq 0xa drq -1 bustype BUS_ISA */
+ {&pciccd, 1, NORM, loc+ 42, 0, pv+36, 0},
+/* 7: com0 at isa0 port IO_COM1 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&comcd, 0, NORM, loc+ 49, 0, pv+36, 0},
+/* 8: com1 at isa0 port IO_COM2 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&comcd, 1, NORM, loc+ 56, 0, pv+36, 0},
+/* 9: com2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&comcd, 2, NORM, loc+ 63, 0, pv+36, 0},
+/* 10: com3 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&comcd, 3, NORM, loc+ 63, 0, pv+36, 0},
+/* 11: lp0 at isa0 port 0x378 nports 0 iomem 0 iosiz 0 irq 7 drq -1 bustype BUS_ISA */
+ {&lpcd, 0, NORM, loc+ 70, 0x1, pv+36, 0},
+/* 12: lp0 at isa0 port 0x3bc nports 0 iomem 0 iosiz 0 irq 7 drq -1 bustype BUS_ISA */
+ {&lpcd, 0, NORM, loc+ 77, 0x1, pv+36, 0},
+/* 13: lp2 at isa0 port 0x3bc nports 0 iomem 0 iosiz 0 irq 7 drq -1 bustype BUS_ISA */
+ {&lpcd, 2, NORM, loc+ 77, 0x1, pv+36, 0},
+/* 14: fdc0 at isa0 port IO_FD1 nports 0 iomem 0 iosiz 0 irq -1 drq 2 bustype BUS_ISA */
+ {&fdccd, 0, NORM, loc+ 84, 0, pv+36, 0},
+/* 15: fd0 at fdc0 drive 0 */
+ {&fdcd, 0, NORM, loc+394, 0, pv+40, 0},
+/* 16: fd1 at fdc0 drive 1 */
+ {&fdcd, 1, NORM, loc+393, 0, pv+40, 0},
+/* 17: dpt0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ANY */
+ {&dptcd, 0, NORM, loc+161, 0, pv+36, 0},
+/* 18: dpt* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ANY */
+ {&dptcd, 1, STAR, loc+161, 0, pv+36, 0},
+/* 19: dpt0 at isa0 port 0x170 nports 0 iomem 0 iosiz 0 irq -1 drq 5 bustype BUS_ISA */
+ {&dptcd, 0, NORM, loc+168, 0, pv+36, 0},
+/* 20: tg* at dpt0|dpt0|dpt*|wdpi*|ncr0|ncr1|ncr2|aic0|aic0|aic1|aic1|aic2|aic2|bha0|aha0|bha1|aha1|sa0|sa0|eaha0|eaha1|eaha2 target -1 */
+ {&tgcd, 0, STAR, loc+392, 0, pv+ 0, 0},
+/* 21: wdc0 at isa0 port IO_WD1 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wdccd, 0, NORM, loc+175, 0, pv+36, 0},
+/* 22: wdc1 at isa0 port IO_WD2 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wdccd, 1, NORM, loc+182, 0, pv+36, 0},
+/* 23: wdc1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&wdccd, 1, NORM, loc+ 63, 0, pv+36, 0},
+/* 24: wdc2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&wdccd, 2, NORM, loc+ 63, 0, pv+36, 0},
+/* 25: wdpi* at wdc0|wdc1|wdc1|wdc2 drive -1 */
+ {&wdpicd, 0, STAR, loc+392, 0, pv+23, 0},
+/* 26: wd0 at wdc0 drive 0 */
+ {&wdcd, 0, NORM, loc+394, 0, pv+46, 0},
+/* 27: wd1 at wdc0 drive 1 */
+ {&wdcd, 1, NORM, loc+393, 0, pv+46, 0},
+/* 28: wd2 at wdc1|wdc1 drive 0 */
+ {&wdcd, 2, NORM, loc+394, 0, pv+33, 0},
+/* 29: wd3 at wdc1|wdc1 drive 1 */
+ {&wdcd, 3, NORM, loc+393, 0, pv+33, 0},
+/* 30: wd4 at wdc2 drive 0 */
+ {&wdcd, 4, NORM, loc+394, 0, pv+26, 0},
+/* 31: wd5 at wdc2 drive 1 */
+ {&wdcd, 5, NORM, loc+393, 0, pv+26, 0},
+/* 32: wt0 at isa0 port 0x300 nports 0 iomem 0 iosiz 0 irq -1 drq 1 bustype BUS_ISA */
+ {&wtcd, 0, NORM, loc+189, 0, pv+36, 0},
+/* 33: npx0 at isa0 port IO_NPX nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&npxcd, 0, NORM, loc+196, 0, pv+36, 0},
+/* 34: vga0 at isa0 port IO_VGA nports 0 iomem 0xa0000 iosiz 0x10000 irq -1 drq -1 bustype BUS_ISA */
+ {&vgacd, 0, NORM, loc+203, 0, pv+36, 0},
+/* 35: bms0 at isa0 port 0x23c nports 0 iomem 0 iosiz 0 irq 5 drq -1 bustype BUS_ISA */
+ {&bmscd, 0, NORM, loc+210, 0, pv+36, 0},
+/* 36: lms0 at isa0 port 0x23c nports 0 iomem 0 iosiz 0 irq 5 drq -1 bustype BUS_ISA */
+ {&lmscd, 0, NORM, loc+210, 0, pv+36, 0},
+/* 37: mcd0 at isa0 port 0x334 nports 0 iomem 0 iosiz 0 irq 9 drq -1 bustype BUS_ISA */
+ {&mcdcd, 0, NORM, loc+217, 0, pv+36, 0},
+/* 38: mcd0 at isa0 port 0x340 nports 0 iomem 0 iosiz 0 irq 9 drq -1 bustype BUS_ISA */
+ {&mcdcd, 0, NORM, loc+224, 0, pv+36, 0},
+/* 39: ncr0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&ncrcd, 0, NORM, loc+ 7, 0, pv+36, 0},
+/* 40: ncr1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&ncrcd, 1, NORM, loc+ 7, 0, pv+36, 0},
+/* 41: ncr2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&ncrcd, 2, NORM, loc+ 7, 0, pv+36, 0},
+/* 42: aic0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&aiccd, 0, NORM, loc+ 7, 0, pv+36, 0},
+/* 43: aic1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&aiccd, 1, NORM, loc+ 7, 0, pv+36, 0},
+/* 44: aic2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&aiccd, 2, NORM, loc+ 7, 0, pv+36, 0},
+/* 45: aic0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&aiccd, 0, NORM, loc+ 0, 0, pv+36, 0},
+/* 46: aic1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&aiccd, 1, NORM, loc+ 0, 0, pv+36, 0},
+/* 47: aic2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&aiccd, 2, NORM, loc+ 0, 0, pv+36, 0},
+/* 48: bha0 at isa0 port 0x330 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&bhacd, 0, NORM, loc+126, 0, pv+36, 0},
+/* 49: aha0 at isa0 port 0x330 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&ahacd, 0, NORM, loc+126, 0, pv+36, 0},
+/* 50: bha1 at isa0 port 0x334 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&bhacd, 1, NORM, loc+231, 0, pv+36, 0},
+/* 51: aha1 at isa0 port 0x334 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&ahacd, 1, NORM, loc+231, 0, pv+36, 0},
+/* 52: sa0 at isa0 port 0x340 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&sacd, 0, NORM, loc+238, 0, pv+36, 0},
+/* 53: sa0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&sacd, 0, NORM, loc+ 63, 0, pv+36, 0},
+/* 54: sr* at tg* unit -1 */
+ {&srcd, 0, STAR, loc+392, 0, pv+44, 0},
+/* 55: sd* at tg* unit -1 */
+ {&sdcd, 0, STAR, loc+392, 0, pv+44, 0},
+/* 56: st* at tg* unit -1 */
+ {&stcd, 0, STAR, loc+392, 0, pv+44, 0},
+/* 57: sg* at tg* unit -1 */
+ {&sgcd, 0, STAR, loc+392, 0, pv+44, 0},
+/* 58: ne0 at isa0 port 0x320 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&necd, 0, NORM, loc+245, 0, pv+36, 0},
+/* 59: ne0 at isa0 port 0x340 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&necd, 0, NORM, loc+238, 0, pv+36, 0},
+/* 60: ne0 at isa0 port 0x360 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&necd, 0, NORM, loc+252, 0, pv+36, 0},
+/* 61: ne0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&necd, 0, NORM, loc+ 63, 0, pv+36, 0},
+/* 62: ep0 at isa0 port 0x240 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&epcd, 0, NORM, loc+259, 0, pv+36, 0},
+/* 63: ep0 at isa0 port 0x320 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&epcd, 0, NORM, loc+245, 0, pv+36, 0},
+/* 64: tn0 at isa0 port 0x320 nports 0 iomem 0 iosiz 0 irq -1 drq 3 bustype BUS_ISA */
+ {&tncd, 0, NORM, loc+266, 0, pv+36, 0},
+/* 65: tn0 at isa0 port 0x340 nports 0 iomem 0 iosiz 0 irq -1 drq 3 bustype BUS_ISA */
+ {&tncd, 0, NORM, loc+273, 0, pv+36, 0},
+/* 66: tn0 at isa0 port 0x360 nports 0 iomem 0 iosiz 0 irq -1 drq 3 bustype BUS_ISA */
+ {&tncd, 0, NORM, loc+280, 0, pv+36, 0},
+/* 67: tn0 at isa0 port 0x300 nports 0 iomem 0 iosiz 0 irq -1 drq 3 bustype BUS_ISA */
+ {&tncd, 0, NORM, loc+287, 0, pv+36, 0},
+/* 68: de* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ANY */
+ {&decd, 0, STAR, loc+161, 0, pv+36, 0},
+/* 69: nsphy* at de*|exp*|eb*|tl* phy -1 */
+ {&nsphycd, 0, STAR, loc+392, 0, pv+28, 0},
+/* 70: ics90p* at de* phy -1 */
+ {&ics90pcd, 0, STAR, loc+392, 0, pv+38, 0},
+/* 71: exp* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&expcd, 0, STAR, loc+ 7, 0, pv+36, 0},
+/* 72: i555p* at exp* phy -1 */
+ {&i555pcd, 0, STAR, loc+392, 0, pv+42, 0},
+/* 73: hpp0 at isa0 port 0x2c0 nports 0 iomem 0xc8000 iosiz 0x800 irq -1 drq -1 bustype BUS_ISA */
+ {&hppcd, 0, NORM, loc+294, 0, pv+36, 0},
+/* 74: hpp0 at isa0 port 0x300 nports 0 iomem 0xc8000 iosiz 0x800 irq -1 drq -1 bustype BUS_ISA */
+ {&hppcd, 0, NORM, loc+301, 0, pv+36, 0},
+/* 75: re0 at isa0 port 0x240 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+259, 0, pv+36, 0},
+/* 76: re0 at isa0 port 0x260 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+147, 0, pv+36, 0},
+/* 77: re0 at isa0 port 0x280 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+ 91, 0, pv+36, 0},
+/* 78: re0 at isa0 port 0x2a0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+ 98, 0, pv+36, 0},
+/* 79: re0 at isa0 port 0x300 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+112, 0, pv+36, 0},
+/* 80: re0 at isa0 port 0x320 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+245, 0, pv+36, 0},
+/* 81: re0 at isa0 port 0x340 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+238, 0, pv+36, 0},
+/* 82: re0 at isa0 port 0x380 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&recd, 0, NORM, loc+308, 0, pv+36, 0},
+/* 83: eb* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&ebcd, 0, STAR, loc+ 7, 0, pv+36, 0},
+/* 84: ef0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&efcd, 0, NORM, loc+ 7, 0, pv+36, 0},
+/* 85: ef1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&efcd, 1, NORM, loc+ 7, 0, pv+36, 0},
+/* 86: ef* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&efcd, 3, STAR, loc+ 7, 0, pv+36, 0},
+/* 87: ne* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&necd, 1, STAR, loc+ 7, 0, pv+36, 0},
+/* 88: tl* at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCI */
+ {&tlcd, 0, STAR, loc+ 7, 0, pv+36, 0},
+/* 89: tn100a* at tl* phy -1 */
+ {&tn100acd, 0, STAR, loc+392, 0, pv+31, 0},
+/* 90: we0 at isa0 port 0x280 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+315, 0, pv+36, 0},
+/* 91: we0 at isa0 port 0x2a0 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+322, 0, pv+36, 0},
+/* 92: we0 at isa0 port 0x2c0 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+329, 0, pv+36, 0},
+/* 93: we0 at isa0 port 0x2e0 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+336, 0, pv+36, 0},
+/* 94: we0 at isa0 port 0x300 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+343, 0, pv+36, 0},
+/* 95: we0 at isa0 port 0x320 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+350, 0, pv+36, 0},
+/* 96: we0 at isa0 port 0x340 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+357, 0, pv+36, 0},
+/* 97: we0 at isa0 port 0x360 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+364, 0, pv+36, 0},
+/* 98: we0 at isa0 port 0x380 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+371, 0, pv+36, 0},
+/* 99: we0 at isa0 port 0x3a0 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+378, 0, pv+36, 0},
+/*100: we0 at isa0 port 0x3e0 nports 0 iomem 0xd0000 iosiz 0x4000 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+385, 0, pv+36, 0},
+/*101: we0 at isa0 port 0x280 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+ 91, 0, pv+36, 0},
+/*102: we0 at isa0 port 0x2a0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+ 98, 0, pv+36, 0},
+/*103: we0 at isa0 port 0x2e0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+105, 0, pv+36, 0},
+/*104: we0 at isa0 port 0x300 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+112, 0, pv+36, 0},
+/*105: we0 at isa0 port 0x310 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+119, 0, pv+36, 0},
+/*106: we0 at isa0 port 0x330 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+126, 0, pv+36, 0},
+/*107: we0 at isa0 port 0x350 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&wecd, 0, NORM, loc+133, 0, pv+36, 0},
+/*108: ef0 at isa0 port 0x250 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&efcd, 0, NORM, loc+140, 0, pv+36, 0},
+/*109: ef1 at isa0 port 0x260 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&efcd, 1, NORM, loc+147, 0, pv+36, 0},
+/*110: ef0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&efcd, 0, NORM, loc+ 0, 0, pv+36, 0},
+/*111: ef1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&efcd, 1, NORM, loc+ 0, 0, pv+36, 0},
+/*112: ef2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&efcd, 2, NORM, loc+ 0, 0, pv+36, 0},
+/*113: ef0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&efcd, 0, NORM, loc+ 63, 0, pv+36, 0},
+/*114: el0 at isa0 port 0x310 nports 0 iomem 0xd0000 iosiz 0x10000 irq -1 drq -1 bustype BUS_ISA */
+ {&elcd, 0, NORM, loc+154, 0, pv+36, 0},
+/*115: ex0 at isa0 port 0x260 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_ISA */
+ {&excd, 0, NORM, loc+147, 0, pv+36, 0},
+/*116: cce0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&ccecd, 0, NORM, loc+ 63, 0, pv+36, 0},
+/*117: mz0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_PCMCIA */
+ {&mzcd, 0, NORM, loc+ 63, 0, pv+36, 0},
+/*118: eaha0 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&eahacd, 0, NORM, loc+ 0, 0, pv+36, 0},
+/*119: eaha1 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&eahacd, 1, NORM, loc+ 0, 0, pv+36, 0},
+/*120: eaha2 at isa0 port 0 nports 0 iomem 0 iosiz 0 irq -1 drq -1 bustype BUS_EISA */
+ {&eahacd, 2, NORM, loc+ 0, 0, pv+36, 0},
+ {0}
+};
+
+short cfroots[] = {
+ 0 /* isa0 */,
+ -1
+};
+
+/* pseudo-devices */
+extern void loopattach __P((int));
+extern void ptyattach __P((int));
+extern void slattach __P((int));
+extern void apppattach __P((int));
+extern void pifattach __P((int));
+extern void bpfilterattach __P((int));
+extern void rdattach __P((int));
+extern void tunattach __P((int));
+extern void apmattach __P((int));
+extern void ssattach __P((int));
+extern void csattach __P((int));
+extern void vndattach __P((int));
+
+struct pdevinit pdevinit[] = {
+ { loopattach, 1 },
+ { ptyattach, 1 },
+ { slattach, 1 },
+ { apppattach, 2 },
+ { pifattach, 1 },
+ { bpfilterattach, 10 },
+ { rdattach, 1 },
+ { tunattach, 2 },
+ { apmattach, 1 },
+ { ssattach, 4 },
+ { csattach, 1 },
+ { vndattach, 2 },
+ { 0, 0 }
+};
+#line 28 "../../i386/conf/ioconf.c.i386"
+
+
+extern struct devsw cnsw, cttysw, mmsw, swapsw, logsw, devfdsw;
+extern struct devsw ptssw, ptcsw;
+extern struct devsw pcsw, kbdsw;
+#if defined(IPFILTER)
+extern struct devsw iplsw;
+#endif
+
+extern struct devsw tgsw;
+extern struct devsw sdsw;
+extern struct devsw srsw;
+extern struct devsw stsw;
+extern struct devsw sgsw;
+extern struct devsw apppsw;
+extern struct devsw pifsw;
+extern struct devsw bpfiltersw;
+extern struct devsw loopsw;
+extern struct devsw tunsw;
+extern struct devsw ptysw;
+extern struct devsw slsw;
+extern struct devsw vndsw;
+extern struct devsw rdsw;
+extern struct devsw isasw;
+extern struct devsw pcconssw;
+extern struct devsw pcauxsw;
+extern struct devsw comsw;
+extern struct devsw lpsw;
+extern struct devsw fdcsw;
+extern struct devsw fdsw;
+extern struct devsw dptsw;
+extern struct devsw wdcsw;
+extern struct devsw wdsw;
+extern struct devsw wdpisw;
+extern struct devsw mcdsw;
+extern struct devsw wtsw;
+extern struct devsw npxsw;
+extern struct devsw vgasw;
+extern struct devsw bmssw;
+extern struct devsw lmssw;
+extern struct devsw ahasw;
+extern struct devsw bhasw;
+extern struct devsw nesw;
+extern struct devsw epsw;
+extern struct devsw sasw;
+extern struct devsw ncrsw;
+extern struct devsw saturnsw;
+extern struct devsw aicsw;
+extern struct devsw tnsw;
+extern struct devsw hppsw;
+extern struct devsw resw;
+extern struct devsw wesw;
+extern struct devsw tlsw;
+extern struct devsw ebsw;
+extern struct devsw efsw;
+extern struct devsw elsw;
+extern struct devsw exsw;
+extern struct devsw eahasw;
+extern struct devsw apmsw;
+extern struct devsw sssw;
+extern struct devsw cssw;
+extern struct devsw pcicsw;
+extern struct devsw ccesw;
+extern struct devsw mzsw;
+extern struct devsw desw;
+extern struct devsw expsw;
+extern struct devsw nsphysw;
+extern struct devsw ics90psw;
+extern struct devsw i555psw;
+extern struct devsw tn100asw;
+#line 37 "../../i386/conf/ioconf.c.i386"
+
+
+struct devsw *devsw[] = {
+ &cnsw, /* 0 = virtual console */
+ &cttysw, /* 1 = controlling terminal */
+ &mmsw, /* 2 = /dev/{null,mem,kmem,...} */
+ &wdsw, /* 3 = st506/rll/esdi/ide disk */
+ &swapsw, /* 4 = /dev/drum (swap pseudo-device) */
+ &ptssw, /* 5 = pseudo-tty slave */
+ &ptcsw, /* 6 = pseudo-tty master */
+ &logsw, /* 7 = /dev/klog */
+ &comsw, /* 8 = serial communications ports */
+ &fdsw, /* 9 = floppy disk */
+ &wtsw, /* 10 = QIC-02/36 cartridge tape */
+ NULL, /* 11 = RISCom/N8 async mux */
+ &pcsw, /* 12 = vga console */
+ &pcauxsw, /* 13 = console/keyboard aux port */
+ &bpfiltersw, /* 14 = berkeley packet filter */
+ &devfdsw, /* 15 = file descriptor devices */
+ &vgasw, /* 16 = VGA display for X */
+ &kbdsw, /* 17 = Keyboard device (excl from cn) */
+ &sdsw, /* 18 = SCSI disk pseudo-device (sd) */
+ &stsw, /* 19 = SCSI tape pseudo-device */
+ &lpsw, /* 20 = printer on a parallel port */
+ &bmssw, /* 21 = Microsoft Bus Mouse */
+ NULL, /* 22 = Midi device (RETIRED) */
+ &mcdsw, /* 23 = Mitsumi CD-ROM */
+ NULL, /* 24 = Maxpeed Async Mux */
+ &lmssw, /* 25 = Logitec Bus Mouse */
+ NULL, /* 26 = DigiBoard PC/X[ei] */
+ NULL, /* 27 = Specialix multiplexor */
+ NULL, /* 28 = SoundBlaster Pro (RETIRED) */
+ NULL, /* 29 = Chase IOPRO control driver */
+ NULL, /* 30 = Chase IOPRO data driver */
+ NULL, /* 31 = Equinox tty */
+ NULL, /* 32 = Concatenated disk pseudo-device */
+ NULL, /* 33 = Voxware sound system */
+ &srsw, /* 34 = SCSI removeable disks (clone of sd) */
+ NULL, /* 35 = Comtrol Rocketport */
+ NULL, /* 36 = Cyclades async mux */
+ NULL, /* 37 = Disk splicing driver */
+ &dptsw, /* 38 = DPT config driver */
+ &sgsw, /* 39 = SCSI generic driver, catch all */
+ NULL, /* 40 = Stallion async mux */
+ NULL, /* 41 = Stallion intelligent async mux */
+ &vndsw, /* 42 = vnode disk driver */
+ NULL, /* 43 = Connectix QuickCam */
+ &rdsw, /* 44 = ram disk driver */
+ &tunsw, /* 45 = Tunnel Network Interface */
+#if defined(IPFILTER)
+ &iplsw, /* 46 = IP Filter */
+#else
+ NULL, /* 46 = (unused) */
+#endif
+ NULL, /* 47 = (unused) */
+ NULL, /* 48 = (unused) */
+ NULL, /* 49 = (unused) */
+ &apmsw, /* 50 = APM Interface module */
+ &cssw, /* 51 = PCMCIA CS Interface module */
+ NULL, /* 52 = Focus Video Capture */
+ NULL, /* 53 = PCMCIA SRAM Drive */
+};
+#define NDEVSW (sizeof(devsw) / sizeof(*devsw))
+int ndevsw = NDEVSW;
+
+#ifdef COMPAT_DEV
+/* cross-correlation to devsw[] above, from old bdevsw index */
+/* (i.e., devsw[blktodev[i]] is the driver for old block device i) */
+int blktodev[7] = {
+ 3, /* 0 = wd = 3 */
+ 4, /* 1 = swap = 4 */
+ 9, /* 2 = floppy = 9 */
+ 10, /* 3 = wt = 10 */
+ 18, /* 4 = sd = 18 */
+ 19, /* 5 = st = 19 */
+ 23, /* 6 = mcd = 23 */
+};
+#endif
+
+/*
+ * Swapdev is a fake device implemented
+ * in vm_swap.c used only internally to get to swstrategy.
+ * It cannot be provided to the users, because the
+ * swstrategy routine munches the b_dev and b_blkno entries
+ * before calling the appropriate driver. This would horribly
+ * confuse, e.g. the hashing routines. Instead, /dev/drum is
+ * provided as a character (raw) device.
+ */
+dev_t swapdev = makedev(4, 0);
+
+/*
+ * Routine that identifies /dev/mem and /dev/kmem.
+ *
+ * A minimal stub routine can always return 0.
+ */
+iskmemdev(dev)
+ dev_t dev;
+{
+
+ return (major(dev) == 2 && (minor(dev) == 0 || minor(dev) == 1));
+}
+
+iszerodev(dev)
+ dev_t dev;
+{
+ return (major(dev) == 2 && minor(dev) == 12);
+}
+
+#ifdef COMPAT_DEV
+#include <sys/vnode.h>
+
+int
+devcompat(dev, type)
+ dev_t dev;
+ int type;
+{
+ int maj, min, unit = 0;
+
+ if (dev > USHRT_MAX)
+ return (dev);
+ maj = dev >> 8;
+ min = dev & 0xff;
+ if (type == VBLK && maj < sizeof(blktodev) / sizeof(blktodev[0]))
+ maj = blktodev[maj];
+ switch (maj) {
+ case 3: /* 0 = wd = 3 */
+ case 9: /* 2 = floppy = 9 */
+ case 18: /* 4 = sd = 18 */
+ case 23: /* 6 = mcd = 23 */
+ unit = min >> 3; /* drive */
+ min &= 0x7; /* partition */
+ break;
+
+ case 10: /* 3 = wt = 10 */
+ case 19: /* 5 = st = 19 */
+ unit = min & 3; /* unit */
+ min >>= 2; /* rewind, density */
+ break;
+ }
+ return (dv_makedev(maj, unit, min));
+}
+#endif
diff --git a/BSDOS3/files.diffs b/BSDOS3/files.diffs
new file mode 100644
index 000000000000..bf2f73454e20
--- /dev/null
+++ b/BSDOS3/files.diffs
@@ -0,0 +1,23 @@
+*** /sys/conf/files.orig Sat Nov 1 05:14:50 1997
+--- /sys/conf/files Sat Nov 1 05:13:12 1997
+***************
+*** 230,235 ****
+--- 230,247 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter always-source
++ file netinet/fil.c ipfilter always-source
++ file netinet/ip_nat.c ipfilter always-source
++ file netinet/ip_frag.c ipfilter always-source
++ file netinet/ip_state.c ipfilter always-source
++ file netinet/ip_auth.c ipfilter always-source
++ file netinet/ip_proxy.c ipfilter always-source
++ file netinet/ip_log.c ipfilter always-source
++ file netinet/ip_scan.c ipfilter always-source
++ file netinet/ip_sync.c ipfilter always-source
++ file netinet/ip_pool.c ipfilter_pool always-source
++ file netinet/ip_rules.c ipfilter_compiled always-source
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/BSDOS3/in_proto.c.diffs b/BSDOS3/in_proto.c.diffs
new file mode 100644
index 000000000000..406b5f90c459
--- /dev/null
+++ b/BSDOS3/in_proto.c.diffs
@@ -0,0 +1,16 @@
+*** sys/netinet/in_proto.c-ORIG Wed Apr 24 22:49:02 1996
+--- sys/netinet/in_proto.c Wed Apr 24 22:50:30 1996
+***************
+*** 83,88 ****
+--- 83,93 ----
+ #include <netinet/ip_mroute.h>
+ #endif /* MROUTING */
+
++ #ifdef IPFILTER
++ void iplinit();
++ #define ip_init iplinit
++ #endif
++
+ extern struct domain inetdomain;
+
+ struc protosw inetsw[] = {
diff --git a/BSDOS3/ioconf.c.i386.diffs b/BSDOS3/ioconf.c.i386.diffs
new file mode 100644
index 000000000000..b8570960dd30
--- /dev/null
+++ b/BSDOS3/ioconf.c.i386.diffs
@@ -0,0 +1,28 @@
+*** ioconf.c.i386.orig Mon Nov 3 15:50:55 1997
+--- ioconf.c.i386 Mon Nov 3 16:14:36 1997
+***************
+*** 30,35 ****
+--- 30,38 ----
+ extern struct devsw cnsw, cttysw, mmsw, swapsw, logsw, devfdsw;
+ extern struct devsw ptssw, ptcsw;
+ extern struct devsw pcsw, kbdsw;
++ #if defined(IPFILTER)
++ extern struct devsw iplsw;
++ #endif
+
+ %DECLSW
+
+***************
+*** 80,86 ****
+--- 83,93 ----
+ %DEVSW(qcam), /* 43 = Connectix QuickCam */
+ %DEVSW(rd), /* 44 = ram disk driver */
+ %DEVSW(tun), /* 45 = Tunnel Network Interface */
++ #if defined(IPFILTER)
++ &iplsw, /* 46 = IP Filter */
++ #else
+ NULL, /* 46 = (unused) */
++ #endif
+ NULL, /* 47 = (unused) */
+ NULL, /* 48 = (unused) */
+ NULL, /* 49 = (unused) */
diff --git a/BSDOS3/ip_input.c.diffs b/BSDOS3/ip_input.c.diffs
new file mode 100644
index 000000000000..2829f4edaa44
--- /dev/null
+++ b/BSDOS3/ip_input.c.diffs
@@ -0,0 +1,37 @@
+*** ip_input.c.orig Tue Mar 19 16:19:06 1996
+--- ip_input.c Fri Mar 8 18:31:22 1996
+***************
+*** 77,82 ****
+--- 77,86 ----
+ int ipqmaxlen = IFQ_MAXLEN;
+ struct in_ifaddr *in_ifaddr; /* first inet address */
+ struct ifqueue ipintrq;
++ #if defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * We need to save the IP options in case a protocol wants to respond
+***************
+*** 232,237 ****
+--- 236,254 ----
+ m_adj(m, ip->ip_len - m->m_pkthdr.len);
+ }
+
++ #if defined(IPFILTER)
++ /*
++ * Check if we want to allow this packet to be processed.
++ * Consider it to be bad if not.
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
++ goto next;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * Process options and, if not destined for us,
+ * ship it on. ip_dooptions returns 1 when an
diff --git a/BSDOS3/ip_output.c.diffs b/BSDOS3/ip_output.c.diffs
new file mode 100644
index 000000000000..d19b865216e5
--- /dev/null
+++ b/BSDOS3/ip_output.c.diffs
@@ -0,0 +1,33 @@
+*** ip_output.c.orig Sat Nov 1 04:53:02 1997
+--- ip_output.c Sat Nov 1 04:56:47 1997
+***************
+*** 60,65 ****
+--- 60,69 ----
+ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+ static void ip_mloopback
+ __P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * IP output. The packet in mbuf chain m contains a skeletal IP
+***************
+*** 313,318 ****
+--- 317,331 ----
+ } else
+ mtu = ifp->if_mtu;
+
++ #if defined(IPFILTER)
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
++ goto done;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * If small enough for route, can just send directly.
+ */
diff --git a/BSDOS3/kinstall b/BSDOS3/kinstall
new file mode 100644
index 000000000000..7e0c56611798
--- /dev/null
+++ b/BSDOS3/kinstall
@@ -0,0 +1,77 @@
+#!/bin/csh -f
+#
+set major=46
+set minor=0
+set dir=`pwd`
+set karch=`uname -m`
+if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
+if ( -d /sys/$karch ) set archdir="/sys/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ */BSDOS3 ) cd ..
+foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
+ ip_compat.h ip_log.c ip_proxy.[ch] ip_{ftp,rcmd}_pxy.c ip_auth.[ch])
+ echo -n "$i ";
+ cp $i /sys/netinet
+ chmod 664 /sys/netinet/$i
+end
+echo ""
+echo "Patching $archdir/$karch/ioconf.c.$karch"
+cat ioconf.c.$karch.diffs | (cd $archdir/$karch; patch)
+if ( -f /sys/netinet/ip_input.c ) then
+ echo "Patching ip_input.c, ip_output.c, in_proto.c"
+ cat BSDOS3/ip_{in,out}put.c.diffs BSDOS3/in_proto.c.diffs | \
+ (cd /sys/netinet; patch)
+else
+ echo "Patching in_proto.c"
+ cat BSDOS3/in_proto.c.diffs | (cd /sys/netinet; patch)
+ echo "Installing new object files ip_input.o, ip_output.o"
+ foreach i (ip_input.o ip_output.o)
+ if ( ! -f /sys/$arch/OBJ/$i.preipf ) then
+ mv /sys/$arch/OBJ/$i /sys/$arch/OBJ/$i.preipf
+ endif
+ cp OBJS/$i /sys/$arch/OBJ/$i
+ chmod 644 /sys/$arch/OBJ/$i
+ switch ($i)
+ case *.h:
+ /bin/cp $i /usr/include/netinet/$i
+ chmod 644 /usr/include/netinet/$i
+ breaksw
+ endsw
+ end
+endif
+
+echo "Patching /sys/conf/files, /sys/i386/conf/ioconf.c.i386"
+cat BSDOS3/files.diffs | (cd /sys/conf; patch)
+cat BSDOS3/ioconf.c.i386.diffs | (cd /sys/i386/conf; patch)
+
+echo "Creating device files..."
+foreach i (/dev/ipl /dev/ipnat /dev/ipstate /dev/ipauth /dev/ipsync /dev/ipscan)
+ if ( -f $i ) then
+ /bin/rm -f $i
+ endif
+ echo "$i - character device major $major, minor $minor"
+ mknod $i c $major $minor
+ set minor=`expr $minor + 1`
+end
+
+set config=`/bin/ls -1t $confdir/[0-9A-Z_]* | head -1`
+
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+ set config="$confdir/$newconfig"
+else
+ set newconfig=$config
+endif
+echo "Re-config'ing $newconfig..."
+if ( -f $confdir/$newconfig ) then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/$newconfig ) then
+ mv $archdir/$newconfig $archdir/$newconfig.bak
+endif
+awk '{print $0;if($2=="INET"){print"options IPFILTER"}}' \
+ $confdir/$newconfig.bak > $confdir/$newconfig
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/BSDOS3/unkinstall b/BSDOS3/unkinstall
new file mode 100644
index 000000000000..752e8c53bfdf
--- /dev/null
+++ b/BSDOS3/unkinstall
@@ -0,0 +1,55 @@
+#!/bin/csh -f
+#
+set dir=`pwd`
+set karch=`uname -m`
+if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
+if ( -d /sys/$karch ) set archdir="/sys/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ */BSDOS3* ) cd ..
+echo -n "Uninstalling "
+foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
+ ip_auth.[ch] ip_proxy.[ch] ip_ftp_pxy.c ip_compat.h ip_log.c \
+ mlf_ipl.c ipl.h)
+ echo -n "$i ";
+ /bin/rm -f /sys/netinet/$i
+end
+echo ""
+if ( -f /sys/netinet/ip_input.c ) then
+ echo "Unpatching ip_input.c, ip_output.c and in_proto.c"
+ cat BSDOS3/ip_{in,out}put.c.diffs BSDOS3/in_proto.c.diffs | \
+ (cd /sys/netinet; patch -R)
+else
+ echo "Unpatching in_proto.c"
+ cat BSDOS3/in_proto.c.diffs | (cd /sys/netinet; patch -R)
+ foreach i (ip_input.o ip_output.o)
+ /bin/mv -f $archdir/OBJ/$i.preipf $archdir/OBJ/$i.preipf
+ end
+endif
+
+echo "Unpatching /sys/conf/files"
+cat BSDOS3/files.diffs | (cd /sys/conf; patch -R)
+
+set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+ set config="$confdir/$newconfig"
+else
+ set newconfig=$config
+endif
+if ( -f $confdir/$newconfig ) then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/../compile/$newconfig ) then
+ set bak=".bak"
+ set dot=0
+ while ( -d $archdir/../compile/${newconfig}.${bak} )
+ set bak=".bak.$dot"
+ set dot=`expr 1 + $dot`
+ end
+ mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak}
+endif
+egrep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/BSDOS4/files.diffs b/BSDOS4/files.diffs
new file mode 100644
index 000000000000..b0306dcc1720
--- /dev/null
+++ b/BSDOS4/files.diffs
@@ -0,0 +1,23 @@
+*** /sys/conf/files.orig Fri Aug 28 11:24:52 1998
+--- /sys/conf/files Fri Aug 28 11:26:31 1998
+***************
+*** 254,259 ****
+--- 254,261 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter always-source
++ file netinet/fil.c ipfilter always-source
++ file netinet/ip_nat.c ipfilter always-source
++ file netinet/ip_frag.c ipfilter always-source
++ file netinet/ip_state.c ipfilter always-source
++ file netinet/ip_auth.c ipfilter always-source
++ file netinet/ip_proxy.c ipfilter always-source
++ file netinet/ip_log.c ipfilter always-source
++ file netinet/ip_scan.c ipfilter always-source
++ file netinet/ip_sync.c ipfilter always-source
++ file netinet/ip_pool.c ipfilter_pool always-source
++ file netinet/ip_rules.c ipfilter_compiled always-source
+
+ # Additions for IPv6 and IPsec extension files.
+ # See the NRL Copyright notice for conditions on this modification.
diff --git a/BSDOS4/in_proto.c.diffs b/BSDOS4/in_proto.c.diffs
new file mode 100644
index 000000000000..d954400df49e
--- /dev/null
+++ b/BSDOS4/in_proto.c.diffs
@@ -0,0 +1,16 @@
+*** /sys/netinet/in_proto.c.orig Fri Aug 28 11:28:56 1998
+--- /sys/netinet/in_proto.c Fri Aug 28 11:30:16 1998
+***************
+*** 131,136 ****
+--- 131,141 ----
+ #endif /* IPSEC_ESP */
+ #endif /* IPSEC */
+
++ #ifdef IPFILTER
++ void iplinit();
++ #define ip_init iplinit
++ #endif
++
+ extern struct domain inetdomain;
+
+ struct protosw inetsw[] = {
diff --git a/BSDOS4/ioconf.c.i386.diffs b/BSDOS4/ioconf.c.i386.diffs
new file mode 100644
index 000000000000..0279d4f1437f
--- /dev/null
+++ b/BSDOS4/ioconf.c.i386.diffs
@@ -0,0 +1,28 @@
+*** /sys/i386/conf/ioconf.c.i386.orig Fri Aug 28 11:31:07 1998
+--- /sys/i386/conf/ioconf.c.i386 Fri Aug 28 11:32:27 1998
+***************
+*** 30,35 ****
+--- 30,38 ----
+ extern struct devsw cnsw, cttysw, mmsw, swapsw, logsw, devfdsw;
+ extern struct devsw ptssw, ptcsw;
+ extern struct devsw pcsw, kbdsw;
++ #if defined(IPFILTER)
++ extern struct devsw iplsw;
++ #endif
+
+ %DECLSW
+
+***************
+*** 81,87 ****
+--- 84,94 ----
+ %DEVSW(rd), /* 44 = ram disk driver */
+ %DEVSW(tun), /* 45 = Tunnel Network Interface */
+ %DEVSW(cr), /* 46 = SMART 2 Driver */
++ #if defined(IPFILTER)
++ &iplsw, /* 47 = IP Filter */
++ #else
+ NULL, /* 47 = (unused) */
++ #endif
+ NULL, /* 48 = (unused) */
+ NULL, /* 49 = (unused) */
+ %DEVSW(apm), /* 50 = APM Interface module */
diff --git a/BSDOS4/ip_input.c.diffs b/BSDOS4/ip_input.c.diffs
new file mode 100644
index 000000000000..4f292d7de109
--- /dev/null
+++ b/BSDOS4/ip_input.c.diffs
@@ -0,0 +1,38 @@
+*** /sys/netinet/ip_input.c.orig Fri Aug 28 11:33:27 1998
+--- /sys/netinet/ip_input.c Fri Aug 28 13:49:37 1998
+***************
+*** 107,112 ****
+--- 107,116 ----
+ int ipqmaxlen;
+ struct in_ifaddr *in_ifaddr; /* first inet address */
+ struct ifqueue ipintrq;
++ #if defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * We need to save the IP options in case a protocol wants to respond
+***************
+*** 406,411 ****
+--- 410,429 ----
+ } else
+ m_adj(m, ip->ip_len - m->m_pkthdr.len);
+ }
++
++ #if defined(IPFILTER)
++ /*
++ * Check if we want to allow this packet to be processed.
++ * Consider it to be bad if not.
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
++ goto next;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+
+ /*
+ * Process options and, if not destined for us,
diff --git a/BSDOS4/ip_output.c.diffs b/BSDOS4/ip_output.c.diffs
new file mode 100644
index 000000000000..9aeeef7ef1b8
--- /dev/null
+++ b/BSDOS4/ip_output.c.diffs
@@ -0,0 +1,35 @@
+*** /sys/netinet/ip_output.c.orig Fri Aug 28 13:49:46 1998
+--- /sys/netinet/ip_output.c Fri Aug 28 13:53:05 1998
+***************
+*** 99,104 ****
+--- 99,109 ----
+ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+ static void ip_mloopback
+ __P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
++
+
+ /*
+ * IP output. The packet in mbuf chain m contains a skeletal IP
+***************
+*** 447,452 ****
+--- 452,467 ----
+
+ if (mtu > IP_MAXPACKET)
+ mtu = IP_MAXPACKET;
++
++ #if defined(IPFILTER)
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
++ goto done;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+
+ #ifdef IPFW
+ if (ipfw_output.filter &&
diff --git a/BSDOS4/kinstall b/BSDOS4/kinstall
new file mode 100644
index 000000000000..bccb3fbd9976
--- /dev/null
+++ b/BSDOS4/kinstall
@@ -0,0 +1,80 @@
+#!/bin/csh -f
+#
+set major=47
+set minor=0
+set dir=`pwd`
+set karch=`uname -m`
+if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
+if ( -d /sys/$karch ) set archdir="/sys/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ */BSDOS4 ) cd ..
+foreach i (ip_{auth,fil,frag,nat,proxy,scan,state,sync}.[ch] fil.c ipl.h \
+ ip_compat.h ip_log.c ip_*_pxy.c )
+ echo -n "$i ";
+ cp $i /sys/netinet
+ chmod 664 /sys/netinet/$i
+ switch ($i)
+ case *.h:
+ /bin/cp $i /usr/include/netinet/$i
+ chmod 644 /usr/include/netinet/$i
+ breaksw
+ endsw
+end
+echo ""
+if ( -f /sys/netinet/ip_input.c ) then
+ echo "Patching ip_input.c, ip_output.c, in_proto.c"
+ cat BSDOS4/ip_{in,out}put.c.diffs BSDOS4/in_proto.c.diffs | \
+ (cd /sys/netinet; patch)
+else
+ echo "Patching in_proto.c"
+ cat BSDOS4/in_proto.c.diffs | (cd /sys/netinet; patch)
+ echo "Installing new object files ip_input.o, ip_output.o"
+ foreach i (ip_input.o ip_output.o)
+ if ( ! -f $archdir/OBJ/$i.preipf ) then
+ mv $archdir/OBJ/$i $archdir/OBJ/$i.preipf
+ endif
+ cp -p BSDOS4/OBJS/$i $archdir/OBJ/$i
+ chmod 644 $archdir/OBJ/$i
+ end
+endif
+
+echo "Patching /sys/conf/files, $archdir/conf/ioconf.c.i386"
+cat BSDOS4/files.diffs | (cd /sys/conf; patch)
+cat BSDOS4/ioconf.c.i386.diffs | (cd $archdir/conf; patch)
+
+echo "Creating device files..."
+foreach i (/dev/ipl /dev/ipnat /dev/ipstate /dev/ipauth /dev/ipsync /dev/ipscan)
+ if ( -f $i ) then
+ /bin/rm -f $i
+ endif
+ echo "$i - character device major $major, minor $minor"
+ mknod $i c $major $minor
+ set minor=`expr $minor + 1`
+end
+
+set confpath=`/bin/ls -1t $confdir/[0-9A-Z_]* | head -1`
+set config=`basename $confpath`
+
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+ set config="$confdir/$newconfig"
+else
+ set newconfig=$config
+endif
+echo "Re-config'ing $newconfig..."
+if ( -f $confdir/$newconfig ) then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/$newconfig ) then
+ mv $archdir/$newconfig $archdir/$newconfig.bak
+endif
+awk '{ print $0; if($2=="INET") \
+ { \
+ print "options \tIPFILTER\t\t# IP Filtering"; \
+ print "# options \tIPFILTER_LOG\t\t# IP Filter logging"; \
+ } \
+ }' $confdir/$newconfig.bak > $confdir/$newconfig
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/BSDOS4/unkinstall b/BSDOS4/unkinstall
new file mode 100644
index 000000000000..9eed477f9913
--- /dev/null
+++ b/BSDOS4/unkinstall
@@ -0,0 +1,55 @@
+#!/bin/csh -f
+#
+set dir=`pwd`
+set karch=`uname -m`
+if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch"
+if ( -d /sys/$karch ) set archdir="/sys/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ */BSDOS4* ) cd ..
+echo -n "Uninstalling "
+foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
+ ip_auth.[ch] ip_proxy.[ch] ip_ftp_pxy.c ip_compat.h ip_log.c \
+ mlf_ipl.c ipl.h)
+ echo -n "$i ";
+ /bin/rm -f /sys/netinet/$i
+end
+echo ""
+if ( -f /sys/netinet/ip_input.c ) then
+ echo "Unpatching ip_input.c, ip_output.c and in_proto.c"
+ cat BSDOS4/ip_{in,out}put.c.diffs BSDOS4/in_proto.c.diffs | \
+ (cd /sys/netinet; patch -R)
+else
+ echo "Unpatching in_proto.c"
+ cat BSDOS4/in_proto.c.diffs | (cd /sys/netinet; patch -R)
+ foreach i (ip_input.o ip_output.o)
+ /bin/mv -f $archdir/OBJ/$i.preipf $archdir/OBJ/$i.preipf
+ end
+endif
+
+echo "Unpatching /sys/conf/files"
+cat BSDOS4/files.diffs | (cd /sys/conf; patch -R)
+
+set config=`(cd $confdir; /bin/ls -1t [0-9A-Z_]*) | head -1`
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+ set config="$confdir/$newconfig"
+else
+ set newconfig=$config
+endif
+if ( -f $confdir/$newconfig ) then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/../compile/$newconfig ) then
+ set bak=".bak"
+ set dot=0
+ while ( -d $archdir/../compile/${newconfig}.${bak} )
+ set bak=".bak.$dot"
+ set dot=`expr 1 + $dot`
+ end
+ mv $archdir/../compile/$newconfig $archdir/../compile/${newconfig}.${bak}
+endif
+egrep -v IPFILTER $confdir/$newconfig.bak > $confdir/$newconfig
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/FAQ.FreeBSD b/FAQ.FreeBSD
index 3b069c9f4b53..6539b4fc61be 100644
--- a/FAQ.FreeBSD
+++ b/FAQ.FreeBSD
@@ -1,4 +1,4 @@
-These are Instructions for Configuring A FreeBSD Box For NAT
+These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IP-Filter.
You will need to change three files:
@@ -54,7 +54,7 @@ fpx0 is the interface with the real internet address.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
-portmap tcp/udp 10000:65000
+portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
@@ -67,7 +67,7 @@ reboots.
In your /etc/rc.local put the line:
-ipnat -f /etc/natrules
+ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls
diff --git a/FWTK/ftp-gw.diff b/FWTK/ftp-gw.diff
index be613423c86f..a47eba05e719 100644
--- a/FWTK/ftp-gw.diff
+++ b/FWTK/ftp-gw.diff
@@ -4,7 +4,7 @@
*** 11,31 ****
--- 11,41 ----
*/
- static char RcsId[] = "$Header: /devel/CVS/IP-Filter/FWTK/ftp-gw.diff,v 2.1 1999/08/04 17:30:30 darrenr Exp $";
+ static char RcsId[] = "$Header$";
+ /*
+ * Patches for IP Filter NAT extensions written by Darren Reed, 7/7/96
diff --git a/FWTK/fwtk-2.1-transparency.txt b/FWTK/fwtk-2.1-transparency.txt
deleted file mode 100644
index 2e719383f32b..000000000000
--- a/FWTK/fwtk-2.1-transparency.txt
+++ /dev/null
@@ -1,707 +0,0 @@
-diff -c -r ./ftp-gw/ftp-gw.c ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c
-*** ./ftp-gw/ftp-gw.c Thu Feb 5 19:05:43 1998
---- ../../fwtk-2.1-violated/fwtk/ftp-gw/ftp-gw.c Thu May 21 17:36:09 1998
-***************
-*** 44,49 ****
---- 44,51 ----
-
- extern char *optarg;
-
-+ char *getdsthost();
-+
- #include "firewall.h"
-
-
-***************
-*** 88,93 ****
---- 90,97 ----
- static int cmdcnt = 0;
- static int timeout = PROXY_TIMEOUT;
-
-+ static int do_transparent = 0;
-+
-
- static int cmd_user();
- static int cmd_authorize();
-***************
-*** 101,106 ****
---- 105,111 ----
- static int cmd_passthru();
- static void saveline();
- static void flushsaved();
-+ static int connectdest();
-
- #define OP_CONN 001 /* only valid if connected */
- #define OP_WCON 002 /* writethrough if connected */
-***************
-*** 173,178 ****
---- 178,184 ----
- char xuf[1024];
- char huf[512];
- char *passuser = (char *)0; /* passed user as av */
-+ char *psychic, *hotline;
-
- #ifndef LOG_DAEMON
- openlog("ftp-gw",LOG_PID);
-***************
-*** 317,322 ****
---- 323,332 ----
- } else
- timeout = PROXY_TIMEOUT;
-
-+ psychic = getdsthost(0, NULL);
-+ if (psychic)
-+ do_transparent++;
-+
- /* display a welcome file or message */
- if(passuser == (char *)0) {
- if((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
-***************
-*** 324,329 ****
---- 334,345 ----
- syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
- exit(1);
- }
-+ if (do_transparent) {
-+ if (sayfile2(0, cf->argv[0], 220)) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
-+ exit(1);
-+ }
-+ } else
- if(sayfile(0,cf->argv[0],220)) {
- syslog(LLEV,"fwtksyserr: cannot display welcome %.512s: %m",cf->argv[0]);
- exit(1);
-***************
-*** 336,341 ****
---- 352,360 ----
- if(say(0,"220-Proxy first requires authentication"))
- exit(1);
-
-+ if (do_transparent)
-+ sprintf(xuf, "220-%s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
-+ else
- sprintf(xuf, "220 %s FTP proxy (Version %s) ready.",huf, FWTK_VERSION_MINOR);
- if(say(0,xuf))
- exit(1);
-***************
-*** 357,362 ****
---- 376,384 ----
- exit(1);
- }
-
-+ if (do_transparent)
-+ connectdest(psychic, 21);
-+
- /* main loop */
- while(1) {
- FD_ZERO(&rdy);
-***************
-*** 653,658 ****
---- 675,696 ----
- return(sayn(0,noad,sizeof(noad)-1));
- }
-
-+ if (do_transparent) {
-+ if((rfd == (-1)) && (x = connectdest(dest,port)))
-+ return x;
-+
-+ sprintf(buf,"USER %s",user);
-+
-+ if (say(rfd, buf))
-+ return(1);
-+
-+ x = getresp(rfd, buf, sizeof(buf), 1);
-+ if (sendsaved(0, x))
-+ return(1);
-+
-+ return(say(0, buf));
-+ }
-+
- if(*dest == '\0')
- dest = "localhost";
-
-***************
-*** 694,705 ****
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! sprintf(buf,"521 %s: %s",dest,ebuf);
- rfd = -1;
- return(say(0,buf));
- }
-! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
-! saveline(buf);
-
- /* we are now connected and need to try the autologin thing */
- x = getresp(rfd,buf,sizeof(buf),1);
---- 732,748 ----
- char ebuf[512];
-
- strcpy(ebuf,buf);
-! if (do_transparent)
-! sprintf(buf, "521 %s,%d: %s", dest, ntohs(port), ebuf);
-! else
-! sprintf(buf,"521 %s: %s",dest,ebuf);
- rfd = -1;
- return(say(0,buf));
- }
-! if (!do_transparent) {
-! sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
-! saveline(buf);
-! }
-
- /* we are now connected and need to try the autologin thing */
- x = getresp(rfd,buf,sizeof(buf),1);
-***************
-*** 1889,1891 ****
---- 1932,2050 ----
- dup(nread);
- }
- #endif
-+
-+ static int connectdest(dest, port)
-+ char *dest;
-+ short port;
-+ {
-+ char buf[1024], mbuf[512];
-+ int msg_int, x;
-+
-+ if(*dest == '\0')
-+ dest = "localhost";
-+
-+ if(validests != (char **)0) {
-+ char **xp;
-+ int x;
-+
-+ for(xp = validests; *xp != (char *)0; xp++) {
-+ if(**xp == '!' && hostmatch(*xp + 1,dest)) {
-+ return(baddest(0,dest));
-+ } else {
-+ if(hostmatch(*xp,dest))
-+ break;
-+ }
-+ }
-+ if(*xp == (char *)0)
-+ return(baddest(0,dest));
-+ }
-+
-+ /* Extended permissions processing goes in here for destination */
-+ if(extendperm) {
-+ msg_int = auth_perm(confp, authuser, "ftp-gw", dest,(char *)0);
-+ if(msg_int == 1) {
-+ sprintf(mbuf,"Permission denied for user %s to connect to %s",authuser,dest);
-+ syslog(LLEV,"deny host=%s/%s connect to %s user=%s",rladdr,riaddr,dest,authuser);
-+ say(0,mbuf);
-+ return(1);
-+ } else {
-+ if(msg_int == -1) {
-+ sprintf(mbuf,"No match in netperm-table for %s to ftp to %s",authuser,dest);
-+ say(0,mbuf);
-+ return(1);
-+ }
-+ }
-+ }
-+
-+ syslog(LLEV,"permit host=%s/%s connect to %s",rladdr,riaddr,dest);
-+
-+ if((rfd = conn_server(dest,port,0,buf)) < 0) {
-+ char ebuf[512];
-+
-+ strcpy(ebuf,buf);
-+ if (do_transparent)
-+ sprintf(buf,"521 %s,%d: %s",dest,ntohs(port),ebuf);
-+ else
-+ sprintf(buf,"521 %s: %s",dest,ebuf);
-+ rfd = -1;
-+ return(say(0,buf));
-+ }
-+ if (!do_transparent) {
-+ sprintf(buf,"----GATEWAY CONNECTED TO %s----",dest);
-+ saveline(buf);
-+ }
-+
-+ /* we are now connected and need to try the autologin thing */
-+ x = getresp(rfd,buf,sizeof(buf),1);
-+ if(x / 100 != COMPLETE) {
-+ sendsaved(0,-1);
-+ return(say(0,buf));
-+ }
-+ saveline(buf);
-+
-+ sendsaved(0,-1);
-+ return 0;
-+ }
-+
-+ /* quick hack */
-+ sayfile2(fd,fn,code)
-+ int fd;
-+ char *fn;
-+ int code;
-+ {
-+ FILE *f;
-+ char buf[BUFSIZ];
-+ char yuf[BUFSIZ];
-+ char *c;
-+ int x;
-+ int saidsomething = 0;
-+
-+ if((f = fopen(fn,"r")) == (FILE *)0)
-+ return(1);
-+ while(fgets(buf,sizeof(buf),f) != (char *)0) {
-+ if((c = index(buf,'\n')) != (char *)0)
-+ *c = '\0';
-+ x = fgetc(f);
-+ if(feof(f))
-+ sprintf(yuf,"%3.3d-%s",code,buf);
-+ else {
-+ sprintf(yuf,"%3.3d-%s",code,buf);
-+ ungetc(x,f);
-+ }
-+ if(say(fd,yuf)) {
-+ fclose(f);
-+ return(1);
-+ }
-+ saidsomething++;
-+ }
-+ fclose(f);
-+ if (!saidsomething) {
-+ syslog(LLEV,"fwtkcfgerr: sayfile for %d is empty",code);
-+ sprintf(yuf, "%3.3d The file to display is empty",code);
-+ if(say(fd,yuf)) {
-+ fclose(f);
-+ return(1);
-+ }
-+ }
-+ return(0);
-+ }
-diff -c -r ./http-gw/http-gw.c ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c
-*** ./http-gw/http-gw.c Fri Feb 6 18:32:25 1998
---- ../../fwtk-2.1-violated/fwtk/http-gw/http-gw.c Thu May 21 17:00:47 1998
-***************
-*** 27,32 ****
---- 27,35 ----
- static char http_buffer[8192];
- static char reason[8192];
- static int checkBrowserType = 1;
-+ static int do_transparent = 0;
-+
-+ char * getdsthost();
-
- static void do_logging()
- { char *proto = "GOPHER";
-***************
-*** 473,478 ****
---- 476,490 ----
- /*(NOT A SPECIAL FORM)*/
-
- if((rem_type & TYPE_LOCAL)== 0){
-+ char * psychic = getdsthost(sockfd, &def_port);
-+ if (psychic) {
-+ if (strlen(psychic) <= MAXHOSTNAMELEN) {
-+ do_transparent ++;
-+ strncpy(def_httpd, psychic, strlen(psychic));
-+ strncpy(def_server, psychic, strlen(psychic));
-+ }
-+ }
-+
- /* See if it can be forwarded */
-
- if( can_forward(buf)){
-***************
-*** 1564,1570 ****
- parse_vec[0],
- parse_vec[1],
- ourname, ourport);
-! }else{
- sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
- parse_vec[0], parse_vec[2],
- parse_vec[3], chk_type_ch,
---- 1576,1589 ----
- parse_vec[0],
- parse_vec[1],
- ourname, ourport);
-! }
-! else
-! if (do_transparent) {
-! sprintf(new_reply, "%s\t%s\t%s\t%s",
-! parse_vec[0], parse_vec[1],
-! parse_vec[2],parse_vec[3]);
-! }
-! else {
- sprintf(new_reply,"%s\tgopher://%s:%s/%c%s\t%s\t%u",
- parse_vec[0], parse_vec[2],
- parse_vec[3], chk_type_ch,
-diff -c -r ./lib/hnam.c ../../fwtk-2.1-violated/fwtk/lib/hnam.c
-*** ./lib/hnam.c Tue Dec 10 13:08:48 1996
---- ../../fwtk-2.1-violated/fwtk/lib/hnam.c Thu May 21 17:10:00 1998
-***************
-*** 23,28 ****
---- 23,33 ----
-
- #include "firewall.h"
-
-+ #ifdef __FreeBSD__ /* or OpenBSD, NetBSD, BSDI, etc. Fix this for your system. */
-+ #include <net/if.h>
-+ #include "ip_nat.h"
-+ #endif /* __FreeBSD__ */
-+
-
- char *
- maphostname(name)
-***************
-*** 49,52 ****
---- 54,132 ----
- }
- bcopy(hp->h_addr,&sin.sin_addr,hp->h_length);
- return(inet_ntoa(sin.sin_addr));
-+ }
-+
-+ char *getdsthost(fd, ptr)
-+ int fd;
-+ int *ptr;
-+ {
-+ struct sockaddr_in sin;
-+ struct hostent * hp;
-+ int sl = sizeof(struct sockaddr_in), err = 0, local_h = 0, i = 0;
-+ char buf[255], hostbuf[255];
-+ #ifdef __FreeBSD__
-+ struct sockaddr_in rsin;
-+ struct natlookup natlookup;
-+ #endif
-+
-+ #ifdef linux
-+ if (!(err = getsockname(0, &sin, &sl))) {
-+ if(ptr)
-+ * ptr = ntohs(sin.sin_port);
-+
-+ sprintf(buf, "%s", inet_ntoa(sin.sin_addr));
-+ gethostname(hostbuf, 254);
-+ hp = gethostbyname(hostbuf);
-+ while (hp->h_addr_list[i]) {
-+ bzero(&sin, &sl);
-+ memcpy(&sin.sin_addr, hp->h_addr_list[i++],
-+ sizeof(hp->h_addr_list[i++]));
-+
-+ if (!strcmp(buf, inet_ntoa(sin.sin_addr)))
-+ local_h++;
-+ }
-+
-+ if(local_h)
-+ return(NULL);
-+ else
-+ return(buf);
-+ }
-+ #endif
-+
-+ #ifdef __FreeBSD__
-+ /* The basis for this block of code is Darren Reed's
-+ * patches to the TIS ftwk's ftp-gw.
-+ */
-+ bzero((char*)&sin, sizeof(sin));
-+ bzero((char*)&rsin, sizeof(rsin));
-+
-+ if (getsockname(fd, (struct sockaddr*)&sin, &sl) < 0)
-+ return NULL;
-+
-+ sl = sizeof(rsin);
-+
-+ if(getpeername(fd, (struct sockaddr*)&rsin, &sl) < 0)
-+ return NULL;
-+
-+ natlookup.nl_inport=sin.sin_port;
-+ natlookup.nl_outport=rsin.sin_port;
-+ natlookup.nl_inip=sin.sin_addr;
-+ natlookup.nl_outip=rsin.sin_addr;
-+
-+ if ((natfd = open("/dev/ipl",O_RDONLY)) < 0)
-+ return NULL;
-+
-+ if (ioctl(natfd, SIOCGNATL,&natlookup) == (-1))
-+ return NULL;
-+
-+ close(natfd);
-+
-+ if (ptr)
-+ *ptr = ntohs(natlookup.nl_inport);
-+
-+ sprintf(buf, "%s", inet_ntoa(natlookup.nl_inip));
-+ #endif
-+
-+ /* No transparent proxy support */
-+ return(NULL);
- }
-diff -c -r ./plug-gw/plug-gw.c ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c
-*** ./plug-gw/plug-gw.c Thu Feb 5 19:07:35 1998
---- ../../fwtk-2.1-violated/fwtk/plug-gw/plug-gw.c Thu May 21 17:29:01 1998
-***************
-*** 43,48 ****
---- 43,50 ----
- static char **validdests = (char **)0;
- static int net_write();
-
-+ static int do_transparent = 0;
-+
- main(ac,av)
- int ac;
- char *av[];
-***************
-*** 198,206 ****
---- 200,220 ----
- char *ptr;
- int state = 0;
- int ssl_plug = 0;
-+ char * getdsthost();
-+ int pport = 0;
-
- struct timeval timo;
-
-+ /* Transparent plug-gw is probably a bad idea, but then, plug-gw is a bad
-+ * idea ..
-+ */
-+ dhost = getdsthost(0, &pport);
-+ if (dhost) {
-+ do_transparent++;
-+ portid = pport;
-+ }
-+
-+
- if(c->flags & PERM_DENY) {
- if (p == -1)
- syslog(LLEV,"deny host=%.512s/%.20s port=any",rhost,raddr);
-***************
-*** 220,226 ****
- syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
- exit (1);
- }
-! dhost = av[x];
- continue;
- }
-
---- 234,241 ----
- syslog(LLEV,"fwtkcfgerr: -plug-to takes an argument, line %d",c->ln);
- exit (1);
- }
-! if (!dhost)
-! dhost = av[x];
- continue;
- }
-
-diff -c -r ./rlogin-gw/rlogin-gw.c ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c
-*** ./rlogin-gw/rlogin-gw.c Thu Feb 5 19:08:38 1998
---- ../../fwtk-2.1-violated/fwtk/rlogin-gw/rlogin-gw.c Thu May 21 17:20:25 1998
-***************
-*** 103,108 ****
---- 103,111 ----
- static int trusted = 0;
- static int doX = 0;
- static char *prompt;
-+ static int do_transparent = 0;
-+
-+ char * getdsthost();
-
- main(ac,av)
- int ac;
-***************
-*** 123,128 ****
---- 126,132 ----
- static char *tokav[56];
- int tokac;
- struct timeval timo;
-+ char * psychic;
-
- #ifndef LOG_NDELAY
- openlog("rlogin-gw",LOG_PID);
-***************
-*** 188,194 ****
- xforwarder = cf->argv[0];
- }
-
-!
-
- if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
- if(cf->argc != 1) {
---- 192,203 ----
- xforwarder = cf->argv[0];
- }
-
-! psychic = getdsthost(0, NULL);
-! if (psychic) {
-! do_transparent++;
-! strncpy(dest, psychic, 511);
-! dest[511] = '\0';
-! }
-
- if((cf = cfg_get("directory",confp)) != (Cfg *)0) {
- if(cf->argc != 1) {
-***************
-*** 266,271 ****
---- 275,281 ----
- if((p = index(rusername,'@')) != (char *)0) {
- char *namp;
-
-+ dest[0] = '\0';
- *p++ = '\0';
- if(*p == '\0')
- p = "localhost";
-***************
-*** 297,302 ****
---- 307,326 ----
-
- if(dest[0] != '\0') {
- /* Setup connection directly to remote machine */
-+ if ((cf = cfg_get("welcome-msg",confp)) != (Cfg *)0) {
-+ if (cf->argc != 1) {
-+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
-+ exit(1);
-+ }
-+
-+ if (sayfile(0, cf->argv[0])) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %s: %m",cf->argv[0]);
-+ exit(1);
-+ }
-+ }
-+
-+ /* Hey fwtk developer people -- this connect_dest thing is *nasty!* */
-+
- sprintf(buf,"connect %.1000s",dest);
- tokac = enargv(buf, tokav, 56, tokbuf, sizeof(tokbuf));
- if (cmd_connect(tokac, tokav, buf) != 2)
-***************
-*** 535,548 ****
- char ebuf[512];
-
- syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
-! if(strlen(namp) > 20)
-! namp[20] = '\0';
-! if(rusername[0] != '\0')
-! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
-! else
-! sprintf(ebuf,"Trying %s...",namp);
-! if(say(0,ebuf))
-! return(1);
- } else
- syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
- if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
---- 559,574 ----
- char ebuf[512];
-
- syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,namp);
-! if (!do_transparent) {
-! if(strlen(namp) > 20)
-! namp[20] = '\0';
-! if(rusername[0] != '\0')
-! sprintf(ebuf,"Trying %s@%s...",rusername,namp);
-! else
-! sprintf(ebuf,"Trying %s...",namp);
-! if(say(0,ebuf))
-! return(1);
-! }
- } else
- syslog(LLEV,"permit host=%.512s/%.20s connect to %.512s",rhost,raddr,av[1]);
- if((serfd = conn_server(av[1],RLOGINPORT,1,buf)) < 0) {
-diff -c -r ./tn-gw/tn-gw.c ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c
-*** ./tn-gw/tn-gw.c Thu Feb 5 19:11:36 1998
---- ../../fwtk-2.1-violated/fwtk/tn-gw/tn-gw.c Thu May 21 17:25:06 1998
-***************
-*** 91,96 ****
---- 91,100 ----
- static int cmd_xforward();
- static int cmd_timeout();
-
-+ char * getdsthost();
-+
-+ static int do_transparent = 0;
-+
- static int tn3270 = 1; /* don't do tn3270 stuff */
- static int doX;
-
-***************
-*** 144,149 ****
---- 148,155 ----
- char tokbuf[BSIZ];
- char *tokav[56];
- int tokac;
-+ int port;
-+ char * psychic;
-
- #ifndef LOG_DAEMON
- openlog("tn-gw",LOG_PID);
-***************
-*** 325,330 ****
---- 331,362 ----
- }
- }
-
-+ psychic = getdsthost(0, &port);
-+ if (psychic) {
-+ if ((strlen(psychic) + 10) < 510) {
-+ do_transparent++;
-+ if (port)
-+ sprintf(dest, "%s:%d", psychic, port);
-+ else
-+ sprintf(dest, "%s", psychic);
-+
-+ if (!welcomedone)
-+ if ((cf = cfg_get("welcome-msg", confp)) != (Cfg *)0) {
-+ if (cf->argc != 1) {
-+ syslog(LLEV,"fwtkcfgerr: welcome-msg must have one parameter, line %d",cf->ln);
-+ exit(1);
-+ }
-+
-+ if (sayfile(0, cf->argv[0])) {
-+ syslog(LLEV,"fwtksyserr: cannot display welcome %s:%m",cf->argv[0]);
-+ exit(1);
-+ }
-+
-+ welcomedone = 1;
-+ }
-+ }
-+ }
-+
- while (argc > 1) {
- argc--;
- argv++;
-***************
-*** 947,955 ****
- char ebuf[512];
-
- syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
-! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
-! if(say(0,ebuf))
-! return(1);
- } else
- syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
-
---- 979,989 ----
- char ebuf[512];
-
- syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,namp);
-! if (!do_transparent) {
-! sprintf(ebuf,"Trying %.100s port %d...",namp,port);
-! if(say(0,ebuf))
-! return(1);
-! }
- } else
- syslog(LLEV,"permit host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
-
-***************
-*** 991,998 ****
-
- syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
- strncpy(dest,av[1], 511);
-! sprintf(buf, "Connected to %.512s.", dest);
-! say(0, buf);
- return(2);
- }
-
---- 1025,1034 ----
-
- syslog(LLEV,"connected host=%.512s/%.20s destination=%.512s",rladdr,riaddr,av[1]);
- strncpy(dest,av[1], 511);
-! if (!do_transparent) {
-! sprintf(buf, "Connected to %.512s.", dest);
-! say(0, buf);
-! }
- return(2);
- }
-
diff --git a/FWTK/fwtk_transparent.diff b/FWTK/fwtk_transparent.diff
index a6c21fa1f1d1..8f0aeb46e123 100644
--- a/FWTK/fwtk_transparent.diff
+++ b/FWTK/fwtk_transparent.diff
@@ -124,7 +124,7 @@ diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
***************
*** 11,30 ****
#
- # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $"
+ # RcsId: "$Header$"
# Your C compiler (eg, "cc" or "gcc")
@@ -145,7 +145,7 @@ diff -cr ../TIS.orig/fwtk/Makefile.config.solaris fwtk/Makefile.config.solaris
-Dgethostbyaddr=res_gethostbyaddr -Dgetnetbyname=res_getnetbyname \
--- 11,34 ----
#
- # RcsId: "$Header: /devel/CVS/IP-Filter/FWTK/fwtk_transparent.diff,v 2.2 2001/02/28 09:36:06 darrenr Exp $"
+ # RcsId: "$Header$"
+ #
+ # Path to sources of ip_filter (ip_nat.h required in lib/hnam.c)
diff --git a/FWTK/tproxy.diff b/FWTK/tproxy.diff
deleted file mode 100644
index 234404bf2364..000000000000
--- a/FWTK/tproxy.diff
+++ /dev/null
@@ -1,82 +0,0 @@
-*** tproxy.c.orig Fri Dec 20 10:53:24 1996
---- tproxy.c Sun Jan 3 11:33:55 1999
-***************
-*** 135,140 ****
---- 135,144 ----
- #include <netinet/in.h>
- #include <sys/signal.h>
- #include <syslog.h>
-+ #include <unistd.h>
-+ #include <fcntl.h>
-+ #include <sys/ioctl.h>
-+ #include <net/if.h>
- #include "tproxy.h"
-
- #ifdef AIX
-***************
-*** 147,152 ****
---- 151,159 ----
- #define bzero(buf,size) memset(buf, '\0', size);
- #endif /* SYSV */
-
-+ #include "ip_compat.h"
-+ #include "ip_fil.h"
-+ #include "ip_nat.h"
-
-
- /* socket to audio server */
-***************
-*** 324,329 ****
---- 331,369 ----
- char localbuf[2048];
- void timeout();
- extern int errno;
-+ /*
-+ * IP-Filter block
-+ */
-+ struct sockaddr_in laddr, faddr;
-+ struct natlookup natlookup;
-+ int slen, natfd;
-+
-+ bzero((char *)&laddr, sizeof(laddr));
-+ bzero((char *)&faddr, sizeof(faddr));
-+ slen = sizeof(laddr);
-+ if (getsockname(0, (struct sockaddr *)&laddr, &slen) < 0)
-+ return -1;
-+ slen = sizeof(faddr);
-+ if (getpeername(0, (struct sockaddr *)&faddr, &slen) < 0)
-+ return -1;
-+ natlookup.nl_inport = laddr.sin_port;
-+ natlookup.nl_outport = faddr.sin_port;
-+ natlookup.nl_inip = laddr.sin_addr;
-+ natlookup.nl_outip = faddr.sin_addr;
-+ natlookup.nl_flags = IPN_TCP;
-+ if ((natfd = open(IPL_NAT, O_RDONLY)) < 0)
-+ return -1;
-+ if (ioctl(natfd, SIOCGNATL, &natlookup) == -1) {
-+ syslog(LOG_ERR, "SIOCGNATL failed: %m\n");
-+ close(natfd);
-+ return -1;
-+ }
-+ close(natfd);
-+ strcpy(hostname, inet_ntoa(natlookup.nl_realip));
-+ serverport = ntohs(natlookup.nl_realport);
-+ /*
-+ * End of IP-Filter block
-+ */
-
- /* setup a timeout in case dialog doesn't finish */
- signal(SIGALRM, timeout);
-***************
-*** 337,344 ****
---- 377,386 ----
- * and modify the call to (and subroutine) serverconnect() as
- * appropriate.
- */
-+ #if 0
- strcpy(hostname, "randomhostname");
- serverport = 7070;
-+ #endif
- /* Can we connect to the server */
- if ( (serverfd = serverconnect(hostname, serverport)) < 0 ) {
- /* errno may still be set from previous call */
diff --git a/FreeBSD-2.2/kinstall b/FreeBSD-2.2/kinstall
index 5a4368eba122..421681fc0081 100755
--- a/FreeBSD-2.2/kinstall
+++ b/FreeBSD-2.2/kinstall
@@ -17,8 +17,8 @@ foreach i (ip_{auth,fil,frag,nat,pool,proxy,scan,state,sync}.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
- breaksw
- endsw
+ breaksw
+ endsw
end
echo ""
echo "Copying /usr/include/osreldate.h to /sys/sys"
diff --git a/FreeBSD-3/INST.FreeBSD-3 b/FreeBSD-3/INST.FreeBSD-3
index 5c30b57821f2..5b9de7ca0afb 100644
--- a/FreeBSD-3/INST.FreeBSD-3
+++ b/FreeBSD-3/INST.FreeBSD-3
@@ -10,7 +10,7 @@ To build a kernel with the IP filter, follow these seven steps:
4. build a new kernel
5. install the new kernel
-
+
6. If not using DEVFS, create devices for IP Filter as follows:
mknod /dev/ipl c 79 0
mknod /dev/ipnat c 79 1
@@ -18,7 +18,7 @@ To build a kernel with the IP filter, follow these seven steps:
mknod /dev/ipauth c 79 3
mknod /dev/ipsync c 79 4
mknod /dev/ipscan c 79 5
-
+
7. reboot
diff --git a/FreeBSD-3/kinstall b/FreeBSD-3/kinstall
index 20f0369d6eaf..294e795ee4b5 100755
--- a/FreeBSD-3/kinstall
+++ b/FreeBSD-3/kinstall
@@ -18,8 +18,8 @@ foreach i (ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
- breaksw
- endsw
+ breaksw
+ endsw
end
echo ""
echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"
diff --git a/FreeBSD-4.0/INST.FreeBSD-4 b/FreeBSD-4.0/INST.FreeBSD-4
index 7d1b7a2b8f4c..e69de29bb2d1 100644
--- a/FreeBSD-4.0/INST.FreeBSD-4
+++ b/FreeBSD-4.0/INST.FreeBSD-4
@@ -1,24 +0,0 @@
-To build a kernel with the IP filter, follow these seven steps:
-
- 1. do "make freebsd4"
-
- 2. do "make install-bsd"
- (probably has to be done as root)
-
- 3. run "FreeBSD-4.0/kinstall" as root
-
- 4. build a new kernel
-
- 5. install the new kernel
-
- 6. If not using DEVFS, create devices for IP Filter as follows:
- mknod /dev/ipl c 79 0
- mknod /dev/ipnat c 79 1
- mknod /dev/ipstate c 79 2
- mknod /dev/ipauth c 79 3
-
- 7. reboot
-
-
-Darren Reed
-darrenr@pobox.com
diff --git a/FreeBSD-4.0/ipv6-patch b/FreeBSD-4.0/ipv6-patch
deleted file mode 100755
index c232b2c15972..000000000000
--- a/FreeBSD-4.0/ipv6-patch
+++ /dev/null
@@ -1,61 +0,0 @@
-*** ip6_input.c.orig Sun Feb 13 14:32:01 2000
---- ip6_input.c Wed Apr 26 22:31:34 2000
-***************
-*** 121,126 ****
---- 121,127 ----
-
- extern struct domain inet6domain;
- extern struct ip6protosw inet6sw[];
-+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
-
- u_char ip6_protox[IPPROTO_MAX];
- static int ip6qmaxlen = IFQ_MAXLEN;
-***************
-*** 302,307 ****
---- 303,317 ----
- ip6stat.ip6s_badvers++;
- in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
- goto bad;
-+ }
-+
-+ if (fr_checkp) {
-+ struct mbuf *m1 = m;
-+
-+ if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif,
-+ 0, &m1) || !m1)
-+ return;
-+ ip6 = mtod(m = m1, struct ip6_hdr *);
- }
-
- ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
-*** ip6_output.c.orig Fri Mar 10 01:57:16 2000
---- ip6_output.c Wed Apr 26 22:34:34 2000
-***************
-*** 108,113 ****
---- 108,115 ----
- #include <netinet6/ip6_fw.h>
- #endif
-
-+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
-+
- static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
-
- struct ip6_exthdrs {
-***************
-*** 754,759 ****
---- 756,770 ----
- ip6->ip6_src.s6_addr16[1] = 0;
- if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
- ip6->ip6_dst.s6_addr16[1] = 0;
-+ }
-+
-+ if (fr_checkp) {
-+ struct mbuf *m1 = m;
-+
-+ if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) ||
-+ !m1)
-+ goto done;
-+ ip6 = mtod(m = m1, struct ip6_hdr *);
- }
-
- #ifdef IPV6FIREWALL
diff --git a/FreeBSD-4.0/kinstall b/FreeBSD-4.0/kinstall
index ebd6e2e8a075..9233199215bf 100755
--- a/FreeBSD-4.0/kinstall
+++ b/FreeBSD-4.0/kinstall
@@ -20,8 +20,8 @@ foreach i (ip_{auth,fil,nat,pool,proxy,scan,state,sync}.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
- breaksw
- endsw
+ breaksw
+ endsw
end
echo ""
echo "Linking /usr/include/osreldate.h to /sys/sys/osreldate.h"
diff --git a/FreeBSD/kinstall b/FreeBSD/kinstall
index 2b67b9ad995c..7d08503ed989 100755
--- a/FreeBSD/kinstall
+++ b/FreeBSD/kinstall
@@ -17,8 +17,8 @@ foreach i (ip_{auth,fil,frag,nat,pool,proxy,scan,state,sync}.[ch] fil.c \
case *.h:
/bin/cp $i /usr/include/netinet/$i
chmod 644 /usr/include/netinet/$i
- breaksw
- endsw
+ breaksw
+ endsw
end
echo ""
grep iplopen $archdir/$karch/conf.c >& /dev/null
diff --git a/HISTORY b/HISTORY
index b500c20632ca..8b67de7bfe47 100644
--- a/HISTORY
+++ b/HISTORY
@@ -10,745 +10,268 @@
# and especially those who have found the time to port IP Filter to new
# platforms.
#
-4.1.28 - Release 16 October 2007
-
-backout changes (B1) & (B2) as they've caused NAT entries to persist for
-too long and possibly other side effects.
-
-Still need to compile in our own radix.c for Solaris as the one in S10U4
-has a different alignment of structure members (causes panic)
-
-keep state doesn't work with multicast/broadcast packets (makes UPnP easier)
-
-ippool -l may only lists every 2nd pool's contents
-
-4.1.27 - Released 29 September 2007
-
-SunOS5/replace script does not deal with i386 systems that have the
-i86/amd64 directory pair.
-
-make BSD/kupgrade try to build ip_rules.[ch] before complaining
-
-Need to look for ipl.ko LKM on FreeBSD, not just ipf.ko
-
-Cleanup SunOS5 Makefile pieces, removing CPU, sunos5x86; buildsunos needs
-to drive 32bit cc builds differently for sparc/i386 now.
-
-Update instructions for rebuilding FreeBSD kernels
-
-Make the target "freebsd" work for building ipfilter
-
-destroying NAT entries for blocked packets can lead to NAT table entry leak,
-provide a counter of orphan'd NAT entries to track this problem.
-
-4.1.26 - Released 24 September 2007
-
-Fix build problem for Solaris prior to S10U4
-
-4.1.25 - Released 20 September 2007
-
-stepping through structures with ioctls can lead to the wrong things
-being free'd and panics
-
-if a NAT entry (such as an rdr) is created but the packet ends up being
-blocked, tear down the NAT entry.
-
-fix fragment cache preventing keep state from functioning
-
-fix handling of \ to indicate a continued line in .conf files
-
-include port ranges in the allowed input for ipf when using "port = ()"
-
-only advance TCP state for packets on the leading edge of the window. (B1)
-
-using ipnat -l can lead to memory corruption in high stress situations
-
-track TCP sequence numbers with NAT so that it can do timeout advances
-correctly inline with state
-
-ICMP checksums for some redirect'd packets are not adjusted correctly.
-
-IPv6 address components need to be explicitly cast to a 32bit pointer
-boundary so that compilers don't try to access them as two 64bit
-pieces (no guarantee is made that an Ipv6 address is on a 64bit
-aligned address)
-
-filling up the ipauth packet queue can lead to no more packets being
-processed.
-
-locking used to deref a nat entry causes a significant performance hit
-
-m_pulldown isn't properly handled, leading to possible panics with ICMPv6
-packets
-
-IPv6 fragment handling doesn't allow for "keep frag" to work
-
-build on Solaris10 Update4 with pfhooks in the kernel
-
-logging of Ipv6 packets with extension headers fix - Miroslaw Luc
-
-4.1.24 - Released 8 July 2007
-
-patch from Stuart Remphrey to address recursive mutex lock with TCP state
-
-add hash table bucket stats display to ipnat -s
-
-give ASSERT some teeth for user compiles
-
-initialising ipf_global, ipf_frcache, ipf_mutex should all be done very
-early on
-
-do some caddr_t cleanup, where possible
-
-fr_ref no longer tracks the number of children rules in a group for head rules
-
-make sure all BCOPY* have a value assigned to something
-
-fix possible use of icmp pointer after pullup makes it invalid
-
-resolve compile problems related to FreeBSD tree
-
-4.1.23 - Released 31 May 2007
-
-NAT was not always correctly fixing ICMP headers for errors
-
-some TCP state steps when closing do not update timeouts, leading to
-them being removed prematurely. (B2)
-
-fix compilation problems for netbsd 4.99
-
-protect enumeration of lists in the kernel from callout interrupts on
-BSD without locking
-
-fix various problems with IPv6 header checks: TCP/UDP checksum validation
-was not being done, fragmentation header parsed dangerously and routing
-header prevented others from being seen
-
-fix gcc 4.2 compiler warnings
-
-fix TCP/UDP checksum calculation for IPv6
-
-fix reference after free'ing ipftoken memory
-
-4.1.22 - Released 13 May 2007
-
-fix endless loop when flushing state/NAT by idle time
-
-4.1.21 - Released 12 May 2007
-
-show the number of states created against a rule with "-v" for ipfstat
-
-fix build problems with FreeBSD
-
-make it possible to flush the state table by idle time and TCP state
-
-fix flushing out idle connections when state/NAT tables fill
-
-print out the TCP state population with ipfstat/ipnat
-
-stop creation of state table orphans via return-*/fastroute
-
-fix printing out of rule groups - they now only appear once
-
-4.1.20 - Released 30 April 2007
-
-adjust TCP state numbers, making 11 closed (was 0) to better facilitate
-detecting closing connections that we can wipe out when a SYN arrives
-that matches the old
-
-make it compile on Solaris10 Update3
-
-structures used for ipf command ioctls weren't being freed in timeout
-fashion on solairs
-
-use NL_EXPIRE, not ISL_EXPIRE, for expiring NAT sessions
-
-adjust TCP timeout values and introduce a time-wait specifc timeout
-to get a better TCP FSM emulation and one that can hopefully do a better
-job of cleaning up in a speedy fashion than previous
-
-refactor the automatic flushing of TCP state entries when we fill up,
-but use the same algorithm as before but now it hopefully works
-
-only 2 out of 4 interface names were being changed by ipfs when
-interface renaming was being used for state entries
-
-add ipf_proxy_debug to ipf-T
-
-matching of last fragments that had a number of bytes that wasn't a
-multiple of 8 failed
-
-some combinations of TCP flags are considered bad aren't picked up as such,
-but these may be possible with T/TCP
-
-4.1.19 - Released 22 February 2007
-
-Fix up compilation problems with NetBSD and Solaris.
-
-4.1.18 - Released 18 February 2007
-
-fix compiling on Tru64
-
-fix listing out filter rules with ipfstat (delete token at end of
-the list and detect zero rule being returned.)
-
-fix extended flushing of NAT tables (was clearing out state tables)
-
-fix null-pointer deref in hash table lookup
-
-fix NAT and stateful filtering with to/reply-to on destination interface
-
-4.1.17 - Released 20 January 2007
-
-make flushing pools that are still in use mark them for deletion and
-have attempting to recreate them clear the delete flag
-
-walking through the NAT tables with ioctls caused lock recursion
-
-fix tracking TCP window scaling in the state code
-
-4.1.16 - Released 20 December 2006
-
-allow rdr rules to only differ on the new port number
-
-when creating state entry orphans, leave them on the linked list but not
-attached to the hash table and mark them visible as orphans in "ipfstat -sl"
-
-log state removed when unloading differently to allow visible cues
-
-return ipf ticks via SIOCGETGS for /dev/ipnat so "ipnat -l" can display ttl
-
-abort logging a packet if the mbuf pointer is null when ipflog is called
-
-Some NetBSD's have a selinfo.h instead of select.h
-
-SIOCIPFFL was using copyoutptr and should have been using bcopy for /dev/ipauth
-
-listing accounting rules using ioctl interface wasn't possible
-
-fix leakage of state entries due to packets not matching up with NAT
-
-improve ICMP error packet matching with state/NAT
-
-fix problems with parsing and printing "-" as an interface name in ipnat.conf
-
-4.1.15 - Released 03 November 2006
-
-Add in automatic flushing of NAT, like state, table if it fills up too much
-
-Update comments in the code for NAT checksum adjustments
-
-Fix compiling on FreeBSD 5.4 and 6.0
-
-prevent panics from read/write IOs trying to use uninitialised structures
-
-Newer NetBSD should use malloc() instead of MALLOC() in the kernel where
-the size is not staticly defined
-
-Some gcc warning message cleanup from NetBSD
-
-Missing include for <sys/filio.h> on Solaris for poll work
-
-NetBSD now uses opt_ipfilter.h, not opt_ipfilter_log.h
-
-4.1.14 - Released 04 October 2006
-
-rewrite checksum alteration for ICMP packets being NAT'd to use a sane
-algorithm that can be understood...now it needs better comments
-
-fix 1 byte error in checksum validation perl script
-
-remove unused files in lib directory
-
-ipftest will say "bad-packet" if it has been freed rather than just "blocked"
-
-make it possible to load IP address pools from external files in ippool.conf
-
-update copyright messages in tools directory
-
-consolidate ioctl hanlding source code into fil.c
-
-make ipfstat, ippool, ipnat retrieve information via ioctls rather than /dev/kmem
-
-4.1.13 - Released 4 April 2006
-
-fix bug where null pointers introduced by proxies could cause a crash
-
-pass out the rule flags with SIOCAUTHW
-
-force loading NAT rules with bad proxy labels to cause an error
-
-nat_state is used unsafely in calls to fr_addstate
-
-make return-rst and return-icmp* work with auth rules
-
-4.1.12 - Released 28 March 2006
-
-poll support on FreeBSD/NetBSD needs to use selrecord/selwakeup
-
-make the fastroute code used by ipftest invoke state/NAT
-
-move verbose/debug macros out of fil.c and into ip_fil.h (for wider use)
-
-remove unused code in fr_fastroute
-
-fix NAT with rules that specify forward and reverise interfaces
-
-add missing ipfsync_canread() and ipfsync_canwrite()
-
-behaviour of \ on the end of a line in ipf.conf does not match older behaviour
-
-remove duplicate statistics line output with "ipfstat -s"
-
-4.1.11 - Released 19 March 2006
-
-Patch for NAT with ipfsync from N. Ersen (SESCI) - www.enderunix.org
-
-NetBSD coverity report fixes (from run 5)
-
-Possible to reacquire ipf_auth without releasing it in some circumstances
-
-Locking in FreeBSD's iplioctl for ipf_global isn't present like it shoudl be
-
-Add poll support for platforms I can build on: NetBSD, FreeBSD, Solaris, Linux
-
-Using auth rules to return "keep state" got broken with pushing fr_addstate
-call into fr_firewall
-
-all use of '!' in map/rdr rules to match use in ipf configs
-
-add -L command line option to ipmon to set the default syslog facility
-
-looking up a port number is more complex than needed in ipft_tx.c
-
-allow lib/getport to work when neither tcp or udp are specified in a rule
-
-remove some dead code from lib/addicmpc, lib/facpri.c, lib/icmpcode.c
-
-program in some more cases where TCP packets fail an initial in-window
-check but should be allowed to match
-
-filter rule added with NAT/state handling of SIOCSTPUT doesn't properly
-initialise all fields, making it possible to panic
-
-simplify NAT ICMP error handling where it updates checksums
-
-rename "min" variables to "xmin" on NetBSD to avoid problems with the
-macro "min"
-
-#ifdef's for NetBSD compile incorrect for pfil interface
-
-support select/poll on NetBSD
-
-copying out a packet with an auth rule fails (EFAULT) because the wrong
-pointer is passed to copyoutptr
-
-ip_len/ip_off where byte swapped twice instead of once for packets
-going to be stored on the auth queue
-
-change timeout queue manipulation functions to make fewer mutex calls
-
-fix use of skip rules with groups
-fix coding problems discovered by the coverity project for FreeBSD
-
-update BPF program validation with FreeBSD changes
-
-4.1.10 - Released 6 December 2005
-
-Expand regression testing to cover more features
-
-Add "coverage" build target for BSD
-
-Fix building 64bit sparc target for Solaris
-
-Add IPv6 mobility header to list of accepted keywords for V6 headers
-
-Resolve locking problems on Solaris when sending RST/icmp packets
-
-#ifdef's for IPFILTER_BPF need to check if words are defined before
-using them in comparisons
-
-Add checking for SACK permitted option in TCP SYN packets
-
-Fix loading anonymous pools from inline rule configuration groups
-
-Add -C command line option to ipftest
-
-Include extra "const" from NetBSD
-
-Don't require SIOCKSTLCK for SIOCSTPUT
-
-Fix some use of "sticky" on NAT rules
-
-Fix statistical counting of deleting state for TCP connections
-
-Fix compile problems caused by changes to is_opt/is_optmsk in ip_sync.c
-
-Fix TCP out-of-window (OOW) problems:
-- window scaling turned off if one chose for its scale factor
-- Microsoft Windows TCP sends the "next packet" to the right of the window
- when using SACK and filling in a hole
-
-4.1.9 - Released 13 August 2005
-
-make ipfilter fix IPv4 header checksums for outgoing packets if BRIDGE_IPF
-is defined when compiled.
-
-move the definition of SIOCPROXY from ip_nat.h to ip_proxy.h
-
-make the BSD/upgrade script more instructive about the requiements for
-ip_rules.[ch] when it is run
-
-register for interface events on FreeBSD (>5.2.1) and NetBSD so that
-"ipf -y" is not not requried to tell ipfilter about interface changes.
-
-for "quick" rules that do "keep state", move the state adding into the rule
-evaluation so that we can detect it failing as rules are evaluated and
-continue on to the next rather than wait until we're done and it's too late
-to recover for more rule processing.
-
-mark ICMP packets advertising an MTU that's too small as being bad
-
-rework ipv6 header parsing to get better code reuse and fix logic errors
-in dealing with ipv6 packets containing fragment headers. Also, where a
-protocol handler was doing both v4 & v6, make a seperate function for each.
-
-build for both amd64 and i86pc (32bit) on Solaris10 and later, if possible
-
-include start of work to get IPFilter working on AIX 5.3
-
-Use FI_ICMPERR flag rather than try to compute its equivalent all the time
-
-Rewrork IPv6 extension header parsing to get better code reuse
-
-Add missing timeout on Linux
-
-Fix for locking when reading from ipsync (Frank Volf)
-
-Fix insertion/appending of rules that use a collection number
-
-Somehow turning up the spl knob to splnet disappeared on platforms that still
-use the spl interface.
-
-fix problems with "ipf -T" not listing multiple variables properly
-
-4.1.8 - Released 29 March 2005
-
-include path from Phil Dibowitz for sorting ipfstat -t output by source or
-destination port.
-
-fix a bug in printing rules where interface names could not be printed,
-even if they're in the rule structure.
-
-fix BSD/kupgrade to correctly change ipfilter lkm Makefile for FreeBSD
-
-add 2 new features to SIOCGNATL:
-- if IPN_FINDFORWARD is set, check if the respective MAP is already
- present in the outbound table
-- if IPN_IN is set, search for a matching MAP entry instead of RDR
- (Peter Potsma)
-
-turn off function inlining for freebsd 5.3+
-
-UDP doesn't pullup enough data which can sometimes cause a panic.
-Fix other protocols, as required, where a similar problem may exist.
-
-overhaul the timeout queue management, especially that for user defined queues
-which are now only freed in an orderly manner.
-
-4.1.7 - Released 13 March 2005
-
-Using the GRE call field is almost impossible because it is unbalanced and
-both call fields are not present in each v1 header.
-
-Fix a problem where it was possible to load duplicate rules into ipf
-
-patch from John Wehle to address problems with fastroute on solaris
-
-Copying data out for ipf -z failed because it tried to copy out to an address
-that is a kernel pointer in user space.
-
-add "ip" timeout for both NAT & state that's for non-TCP/UDP/ICMP
-
-synch up with NetBSD's changes
-
-fix problems parsing long lines of text in the ftp proxy where they would not
-be parsed properly and stop the session from working
-
-enhance the PPTP proxy so that it tries to decode messages in the TCP stream
-so it knows when to create and destroy the state/nat sessions for GRE. There
-are also 4 new regression tests for it, testing map/rdr rules.
-
-impose some limits on the size of data that can be moved with SIOCSTPUT in
-the NAT code and also prevent a duplicate session entry from being created
-using this method.
-
-add a new flag (IPN_FINDFORWARD) to NAT code that can be used with SIOCGNATL
-to check if it is possible to create an outgoing transparent NAT mapping to
-compliment the redirect being investigated.
-
-Linux requires that the checksums in the IP header get adjusted
-
-only resolve unknown interfaces in fr_stinsert, and nuke all interface pointers
-in SIOCSTPUT to prevent bad data being loaded from userspace.
-
-make the byte counting for state correct (was counting data from ICMP packet
-twice)
-
-print out the keyword "frag-body" if the flag is set.
-
-fix ipfs loading/restoring NAT sessions
-
-patch from Frank to correctly format IP addresses in ipfstat -t output
-
-parsing port numbers in ipf/ipnat was confusing as the port number was returned
-in an int that was also overloaded to be the suceess/failure. instead, change
-the port using pass by reference and only use the return value for indicating
-success or failure.
-
-4.1.6 - Released 19 February 2005
-
-add a new timeout number to NAT (fr_defnatipage) that is used for all
-non-TCP/UDP/ICMP protocols - default 60 seconds.
-
-buffer leak with bad nat - David Gueluy
-
-fix memory leak with state entries created by proxies
-
-eliminate copying too much data into a scan buffer
-
-allow a trailing protocol name for map rules as well as rdr ones
-
-fix bug in parsing of <= and > for NAT rules (two were crossed over)
-
-FreeBSD's iplwrite hasn't kept pace with iplread's prototype
-
-expand documention on the karma of using "auto" in ipnat map rules
-
-add matching on IP protocol to ipnat map rules
-
-allow ippool definitions to contain no addresses to start with
-
-Linux NAT needs to modify the IP header checksum as it gets called after it
-has been computed by IP.
-
-UDP was missing a pullup for packet header information before examining
-the header
-
-4.1.5 - Released 9 January 2005
-
-all rules were being converted into "dup-to" rules in the kernel
-
-fix two ftp proxy problems: 1st, buffer needs to be bigger for fitting in
-complete RETR/CWD commands, 2nd is () use in 227 messages isn't copied
-over correctly.
-
-response to CWDs
-revert ip_off back to network byte order in the ICMP error packet that
-gets generated.
-
-4.1.4 - Released 9 January 2005
-
-force NAT rules to only match ipv4 NAT rules (which all are, currently,
-by default)
-
-include state synchronisation fixes from Frank Volf
-
-make the maximum log size for internally buffered log entries accessible
-via "ipf -T"
-
-redesign start of fr_check() to avoid putting duplicate information in
-ipfilter about how much data needs to be pulled up for a protocol to be
-properly filtered.
-
-tidy up sending ICMP error messages - some bad inputs could result in
-data not being freed and/or no error returned.
-
-make the maximum size of the log buffer run-time tunable
-
-fix bug in parsing TCP header when looking for MSS option that could make
-the system hang
-
-change pool lookups that fail to find a match to return "no match"
-rather than fail.
-
-add run-time tunable debugging for proxy support code and FTP proxy.
-
-fix state table updates for entries where the first packet as an ICMPv6
-multicast message
-
-fix hang when flushing state for v4/v6 and other (v6/v4) entries are present
-too
-
-attaching filtering to ipv6 pfil hook wasn't present for solaris
-
-don't allow rules with "keep state" and "with oow"
-
-move a bunch of userland only code from fil.c to ip_fil.c
-
-make fr_coalesce() more resiliant to bad input, just returning an error
-instead of crashing, making calling it easier in many places
-
-When m_pulldown doesn't return NULL, it doesn't necessarily return a pointer
-to the same mbuf passed in as the first arg.
-
-remove fr_unreach and use ENETUNREACH by default.
-
-printing out of tag data in ipf rules doesn't match input syntax
-
-ipftest(1) man page update
-
-ipfs command line option parsing still rejects some valid syntaxes
-
-SIGHUP handling by ipmon was not as safe as it could be
-
-fix various parsing regressions, including "<thishost>", "tcpudp", ordering
-of "keep" options
-
-patches from Frank Volk: add udp_acktimeout to sysctl list for FreeBSD,
-ICMP packet length not calculated correctly in send_icmp_err, reply-to
-not printed by ipfstat, keep state with icmp passing (mtrr)
-
-patches for return-rst and return-icmp from Attila Fueloep
-(lichtscheu@gesindel.org)
-
-4.1.3 - Released 18 July 2004
-
-do some more fine tuning on NAT checksum adjustments
-
-correct IP address byte order in proxy setup for ipsec/pptp
-
-man page updates
-
-fix numerous problems with ipfs operation
-
-complete new syntax for ipmon.conf in its parser and update the sample file
-
-assign error value consistantly in fastroute code
-
-rewrite allocation of mbufs in send_reset/send_icmp_err to better use
-mbuf clusters and size calculations
-
-resolve problem with linux panic'ing because the wrong flag was being
-passed to skb_clone/skb_alloc
-
-enable use of shared/exclusive locks on freebsd5 and above
-
-do not rely on m_pkthdr.len to be valid all the time for mbufs on modern BSD
-and so use mbufchainlen to get the mbuf length instead
-
-replace lots of COPYIN/COPYOUT with BCOPYIN/BCOPYOUT where the data is
-going to be on the stack and not in userland
-
-packet buffer pointers were not refreshed & used properly in fr_check()
-
-include extra bits for OpenBSD 3.4 & 3.5.
-
-fix ipf/ipnat parsing regression problems with v3.4
-
-4.1.2 - RELEASED - 27 May 2004
-
-add state top for ipv6
-
-fix numerous parsing regressions
-
-change sample proxies to use SIOCGNATL with the new API
-
-allow macro names to contain underscores (_)
-
-split the parser into a collection of dictionaries so that keywords do
-not interfere with resolving hostnames and portnames
-
-fix ipfrule LKM loading on freebsd
-
-support mapping a fixed range of ports to a single port
-
-fix timeout queue use by proxies with private queues
-
-handle space-led ftp server replies properly
-
-fix timeout queue management
-
-fix fastroute, generation of RST & ICMP packets and operation with to/fastroute
-
-resolve further linux compatibility problems
-
-replace the use of COPYIN with BCOPYIN for platforms that provide ioctl
-args on the stack
-
-allow flushing of ipv6 rules independant of ipv4 rules
-
-correct internal ipv6 checksum calculations
-
-if a 'keep state' rule fails to create state, block the packet rather
-than let it through
-
-correct all checksums in regression tests and correct NAT code to adjust
-checksums correctly.
-
-fix ipfs -R/-W
-
-4.1.1 - RELEASED - 24 March 2004
-
-allow new connections with the same port numbers as an existing one
-in the state table if the creating packet is a SYN
-
-timeout values have drifted, incorrectly, from what they were in 3.4
-
-FreeBSD - compatibility changes for 5.2
-
-don't match on sequence number (as well) for ICMO ECHO/REPLY, just the
-ICMP Id. field as otherwise thre is a state/NAT entry per packet pair
-rather than per "flow"
-
-fr_cksum() returned the wrong answer for ICMP
-
-Linux:
-- get return-rst and return-icmp working
-- treat the interface name the same as if_xname on BSD
-
-adjust expectations for TCP urgent bits based on observed traffic in the
-wild
-
-openbsd3.4 has ip_len/ip_off in network byte order when ipfilter is called
-
-fix flushing of hash pool gorups (ippool -F) as well as displaying them
-(ippool -l)
-
-passing of pointers to interface structures wrong for HP-UX/Solaris with
-return-* rules.
-
-Make the solaris boot script able to run on 2.5.1
-
-ippool related files missing from Solaris packages
-
-The name /dev/ippool should be /dev/iplookup
-
-add regression testing for parsing long interface names in nat rules,
-along with mssclamp and tags. Also add test for mssclamp operation.
-
-ttl displayed for "ipfstat -t" is wrong because ttl is not computed.
-
-parse logical interface names (Sun)
-
-unloading LKMs was only working if they were enabled.
-
-sync'ing up NAT sessions when NICs change should cause NAT rules to
-re-lookup name->pointer mappings
-
-not all of the ippool ioctl's are IOWR and they should be because they
-use the ipfobj_t for passing information in/out of the kernel. leave the
-old values defined and handle them, for compatibility.
-
-pool stats wrong: ippoolstate used where ipoolstat should be, hash table
- statistics not reported at all
-
-fr_running not set correctly for OpenBSD when compiled into the kernel
-
-Allow SIOCGETFF while disabled
-
-Fix mssclamp with NAT (pasing and printing of the word, plus wrong bytes
-altered. How do you say "untested" ?)
+5.1.2 - RELEASED - 22 Jul 2012
+
+3546266 macro letters could be more consistent
+3546265 not all of the state statistics are displayed
+3546261 scripts for updating BSD environment out of date
+3546260 compiler warnings about non-integer array subscript
+3546259 asserting numdereflists == 0 is not correct
+3546258 expression matching does not see IPF_EXP_END
+3544317 ipnat/ipfstat are not using ipfexp_t
+3545324 proxy checksum calculation is not hardware aware
+3545321 FTP sequence number adjustment incorrectly applied
+3545320 EPSV is not recognised
+3545319 move nat rule creation to ip_proxy.c
+3545317 better feedback of checksum requirements for proxies
+3545314 ftp proxy levels do not make sense
+3545312 EPRT is not supported by ftp proxy
+3544318 ipnat.conf parsing ignores LHS address family
+3545309 non-ipv6 safe proxies do not fail with ipv6
+3545323 NAT updates the source port twice
+3545322 ipv6 nat rules cannot start proxies
+3544314 bucket copyout tries to copy too much data
+3544313 remove nat encap feature
+3546248 compat rule pointer type mismatch
+3546247 UDP hardware checksum offload not recognised
+3545311 ifp_ifaddr does not find the first set address
+3545310 ipmon needs ipl_sec on 64bit boundary
+3545326 reference count changes made without lock
+3544315 stateful matching does not use ipfexp_t
+3543493 tokens are not flushed when disabled
+3543487 NAT rules do not always release lookup objects
+3543491 function comments in ip_state.c are old
+3543404 ipnat.conf parsing uses family/ip version badly
+3543403 incorrect line number printed in ipnat parsing errors
+3543402 Not all NAT statistics are printed
+3542979 NAT session list management is too simple
+3542978 ipv4 and ipv6 nat insert have common hash insertion
+3542977 ipnat_t refence tracking incomplete
+3542975 proxies must use ipnat_t separately
+3542980 printing ipv6 expressions is wrong
+3542983 ippool cannot handle more than one ipv6 address
+3543018 mask array shifted incorrectly.
+3542974 reason for dropping packet is lost
+3542982 line numbers not recorded/displayed correctly by ipf
+3542981 exclamation mark cuases trouble with pools
+3541655 test suite checksums incorrect
+3541653 display proxy fail status correctly
+3540993 IP header offset excluded in pullup calculations
+3540994 pullupmsg does not work as required
+3540992 pointer to ipv6 frag header not updated on pullup
+3541645 netmask management adds /32 for /0
+3541637 ipnat parser does not zero port fields for non-port protocol
+3541635 pool names cannot by numbers
+3540995 IPv6 fragment tracking does not always work
+3540996 printing of nextip for ipv6 nat rules is wrong
+3540999 ipnat.conf parsing has trouble with icmpidmap for ipv6
+3540825 whois output parsing error for ipv6
+3540814 ipfd_lock serves no purpose
+3540810 lookup objects need tail pointers
+3540809 refactor hash table lookups for nat
+3540819 radix tree does not work with ipv6
+3540820 mutex emulation should be logged
+3540828 ipfstat filtering with -m fails tests
+3536480 ippool could be more like the others
+3536477 pool printing not uniform
+3536483 flushing empty destination lists causes panic
+3536481 more use of bzero after KMALLOC required
+3536479 ipnat.conf line numbers not stored
+3536484 Makefile missing dependency for ippool
+3536199 TFTP proxy requires something extra
+3536198 ICMP checksum out by one
+3536203 ipnat does not return an error
+3536201 ipf.conf parsing too address friendly
+3536200 printing of bytes/packets not indented
+3497941 ipv4 multicast detection incorrect on little endian
+3535361 to interfaces printed out of order
+3535363 ipf parser is inconsistent
+3532306 deleting ipnat rules does not work
+3532054 new error required for ipf_rx_create
+3532053 icmp6 checksums wrong
+3532052 icmpv6 state check with incorrect length
+3531871 checksum verification wants too many icmp6 bytes
+3531870 ipnat.conf parsing needs to support inet6
+3532048 error in ipf group parsing
+3531868 ICMPV6 checksum not validated
+3531893 ipftest exits without error for bad input
+3531890 whois pool parsing builds bad structures
+3531891 icmpv6 text parsing ignorant of icmp types
+3531653 rewrite with icmp does not work
+3530563 NAT operations fail with EPERM
+3530544 first pass at gcc -Wextra cleanup
+3530540 lookup create functions do not set error properly
+3530539 ipf_main_soft_destroy doesn't need 2nd arg
+3530541 reorder structure for better packing
+3530543 ipnat purge needs documentation
+3530515 BSD upgrade script required
+3528029 ipmon bad-mutex panic
+3530247 loading address pools light on input validation
+3530255 radix tree delete uses wrong lookup
+3530254 radix tree allocation support wrong
+3530264 ipmon prints qd for some 64bit numbers
+3530260 decapsulate rules not printed correctly.
+3530266 ipfstat -v/-d flags confused
+2939220 why a packet is blocked is not discernable
+2939218 output interface not recorded
+2941850 use of destination lists with to/dup-to beneficial
+3457747 build errors introduced with radix change
+3535360 timeout groups leak
+3535359 memory leak with tokens
+3535358 listing rules in groups requires tracking groups
+3535357 rule head removal is problematic
+3530259 not all ioctl error checked wth SIOCIPFINTERROR
+3530258 error routine that uses fd required
+3530253 inadequate function comment blocks
+3530249 walking lookup tables leaks memory
+3530241 extra lock padding required for freebsd
+3529901 ipf returns 0 when rules fail to load
+3529491 checksum validation could be better
+3529486 tcp checksum wrong for ipv6
+3533779 ipv6 nat rules missing inet6 keyword
+3532693 ipnat.conf rejects some ipv6 addresses
+3532691 ipv4 should not be forced for icmp
+3532689 ipv6 nat rules do not print inet6
+3532688 ipv6 address always printed with "to <if>"
+3532687 with v6hdrs not supported like with ipopts
+3532686 ipf expressions do not work with ipv6
+3540825 whois output parsing error for ipv6
+3540818 NAT for certain IPv6 ICMP packets should not be allowed
+3540815 memory leak with destination lists
+3540814 ipfd_lock serves no purpose
+3540810 lookup objects need tail pointers
+3540809 refactor hash table lookups for nat
+3540808 completed tokens do not stop iteration
+3530492 address hash table name not used
+3528029 ipmon bad-mutex panic
+3530256 hook memory leaked
+3530271 pools parsing produces badly formed address structures
+3488061 cleanup for illumos build
+3484434 SIOCIPFINTERROR must work for all devices
+3484067 mandoc -Tlint warnings to be fixed
+3483343 compile warning in ipfcomp.c
+3482893 building without IPFILTER_LOG fails
+3482765 building netbsd kernel without inet6 fails
+3482116 ipf_check frees packet from ipftest
+3481663 does not compile on solaris 11
+
+5.1.1 - RELEASED - 9 May 2012
+
+3481322 ip_fil_compat.c needs a cleanup
+3481211 add user errors to dtrace
+3481152 compatibility for 4.1 needs more work
+3481153 PRIu64 problems on FreeBSD
+3481155 ipnat listing incorrect
+3480543 change leads to compat problems
+3480538 compiler errors from earlier patch
+3480537 ipf_instance_destroy is incomplete
+3480536 _fini order leads to panic
+3479991 compiler warnings about size mismatches
+3479974 copyright dates are wrong (fix)
+3479464 add support for leaks testing
+3479457 %qu is not the prefered way
+3479451 iterators leak memory
+3479453 nat rules with pools leak
+3479454 memory leak in hostmap table
+3479461 load_hash uses memory after free
+3479462 printpool leaks memory
+3479452 missing FREE_MB_T to freembt leaks
+3479450 ipfdetach is called when detached
+3479448 group mapping rules memory leak
+3479455 memory leak from tuning
+3479458 ipf must be running in global zone
+3479460 driver replace is wrong
+3479459 radix tree tries to free null pointer
+3479463 rwlock emulation does not free memory
+3479465 parser leaks memory
+3475959 hardware checksum not correctly used
+3475426 ip pseudo checksum wrong
+3473566 radix tree does not delete dups right
+3472987 compile is not clean
+3472337 not everything is zero'd
+3472344 interface setup needs to be after insert
+3472340 wildcard counter drops twice
+3472338 change fastroute interface
+3472335 kernel lock defines not placed correctly
+3472324 ICMP INFOREQ/REPLY not handled
+3472330 multicast packets tagged by address
+3472333 ipf_deliverlocal called incorrectly
+3472345 mutex debug could be more granular
+3472761 building i19 regression is flawed
+3456457 use of bsd tree.h needs to be removed
+3460522 code cleanup required for building on freebsd
+3459734 trade some cpu for memory
+3457747 build errors introduced with radix change
+3457804 build errors from removal of pcap-int,h
+3440163 rewrite radix tree
+3428004 snoop, tcpdump, etherfind readers are unused
+3439495 ipf_rand_push never called (fix brackets)
+3437732 getnattype does not need to use ipnat_t (fix variable name)
+3437696 fr_cksum is a nightmare
+3439061 ipf_send_ip doesn't need 3rd arg
+3439059 ipid needs to be file local
+3437740 complete buildout of fnew
+3438575 add dtrace probes to block events
+3438347 comment blocks missing softc
+3437687 description of ipf_makefrip wrong
+3438340 more stats as dtrace probes
+3438316 free on nat structure uses fixed size
+3437745 nat iterator using the wrong size
+3437710 fail checksum verification if packet is short
+3437696 fr_cksum is a nightmare
+3437732 getnattype does not need to use ipnat_t
+3437735 rename ipf_allocmbt to allocmbt
+3437697 fr_family to version assignment is wrong
+3437746 ap_session_t has unused fields
+3437747 move softc structure to .h file (ip_state.c)
+3437704 there is no DTRACE_PROBE5
+3437748 wrong interface in qpktinfo_t
+3437729 create function to hexdump mb_t
+3438273 msgdsize should be easier to read
+3437683 object direction not set for 32bit
+3433767 calling ip_cksum could be easier
+3433764 left over locking
+3428015 printing proxy data size is useless
+3428013 add M_ADJ to hide adjmsg/m_adj
+3428012 interface name is not always returned correctly
+3428002 ip_ttl is too low
+3427997 ipft readers do not set buffer length
+3426558 resistence is futile
+3424495 various copy-paste errors
+1826936 shall we allow ipf to be as dumb as its admin
+3424477 specfuncs needs to go
+3424484 missing fr_checkv6sum
+3424478 one entry at a time
+2998760 auth rules do not mix well with to/dup-to/fastroute
+3424195 add ctfmerge to sunos5 makefile
+3424132 some dtrace probes to start with
+3423812 makefile needs ip_frag.h for some files
+3423817 reference count useful in verbose output
+3423800 walking lists does not drop reference
+3423805 fragmentation stats not reported correclty
+3423808 ip addresses reportied incorrectly with ipfstat -f
+3423821 track packets and bytes for fragmentation
+3423803 attempt to double free rule
+3423805 fragmentation stats not reported correctly
+3422712 system panic with ipfstat -f
+3422619 pullup counter bumped for every packet
+3422608 dummy rtentry required to build
+3422018 frflush next to ipf_fini_all is redundant
+3422012 instance cleanup is not clean
+3421845 instance name not set
+3005622 ip_fil5.1.0 does not load on Solaris 10 U8
+2976332 stateful filtering is incompatible with ipv4 options
+3387509 ipftest needs help construction ip packets with options
+2998746 passp can never be null
+3064034 mbuf clobbering problem with ipv6
+3105725 ipnat divide by zero panic
+2998750 ipf_htent_insert can leak memory
+3064034 mbuf clobbering problem with ipv6
+3105725 ipnat divie by zero panic
+
+5.1 - RELEASED - 9 May 2010
+
+* See WhatsNew50.txt
4.1 - RELEASED - 12 February 2004
@@ -1744,7 +1267,7 @@ loop forms in frag cache table - Yury Pshenychny <yura@rd.zgik.zaporizhzhe.ua>
should use SPLNET/SPLX around expire routines in NAT/frag/state code.
-redeclared malloc in 44arp.c -
+redeclared malloc in 44arp.c -
3.1.7 8/2/97 - Released
diff --git a/HPUX/INSTALL.TXT b/HPUX/INSTALL.TXT
new file mode 100644
index 000000000000..dada2c981d93
--- /dev/null
+++ b/HPUX/INSTALL.TXT
@@ -0,0 +1,45 @@
+Installation instructions:
+=========================
+
+1. Update HP-UX Kernel
+----------------------
+General instructions on preparation for installing and proceeding with an
+installation of IPFilter on HP-UX can be found at:
+http://coombs.anu.edu.au/~avalon/ipf-mentat.html
+
+You are required to at least install the latest jumbo patches from HP,
+for HP-UX 11. A summary of those that I used can be found at:
+At http://coombs.anu.edu.au/~avalon/ipf-hp11.html
+
+I do not recommend using anything less than as many of these as will apply
+to your own system.
+
+2. Build and Install pfil
+-------------------------
+Next, you need to download and install "pfil". This is a STREAMS interface
+for packet filtering that removes the need for packet filtering code to be
+written as a STREAMS module. This can be downloaded from
+
+http://coombs.anu.edu.au/~avalon/pfil-2.1.1.tar.gz
+
+Unpack this and type "make" in the pfil directory. Once compelte, type
+"make install" to kick off the installation.
+
+3. Build and Install IP Filter
+------------------------------
+Having got this far, you now need to download the latest IP Filter package
+and compile/install that. The source code for IP Filter can be obtained
+from:
+http://coombs.anu.edu.au/~avalon/ip-filter.html
+
+Download the latest version that is 4.1 or greater.
+
+This should be unpacked into the same directory as "pfil" is. The
+directory layout will look like this:
+
+/directory/ip_fil4.*
+/directory/pfil
+
+This complete, do a "make hpux" in the ip_fil4.* directory, followed
+by a "make install". You will need to reboot for it to become active.
+
diff --git a/HPUX/IPF-ALL/checkinstall b/HPUX/IPF-ALL/checkinstall
new file mode 100755
index 000000000000..714cb965344c
--- /dev/null
+++ b/HPUX/IPF-ALL/checkinstall
@@ -0,0 +1,29 @@
+#! /sbin/sh
+########
+# Product: IP Filter
+# Fileset: IPF-ALL
+# checkinstall
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+
+CONTRIBDIR=/usr/contrib/ipf
+########
+# Source control script environment
+########
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+########
+# Make sure that the header files exist
+########
+
+exit $exitval
diff --git a/HPUX/IPF-ALL/checkremove b/HPUX/IPF-ALL/checkremove
new file mode 100755
index 000000000000..a954e3a3609f
--- /dev/null
+++ b/HPUX/IPF-ALL/checkremove
@@ -0,0 +1,28 @@
+#! /sbin/sh
+########
+# Product: IP Filter
+# Fileset: IPF-ALL
+# checkremove
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+
+########
+# Source control script environment
+########
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+########
+#
+########
+
+exit $exitval
diff --git a/HPUX/IPF-ALL/description b/HPUX/IPF-ALL/description
new file mode 100755
index 000000000000..2afee1d516bb
--- /dev/null
+++ b/HPUX/IPF-ALL/description
@@ -0,0 +1,6 @@
+Vendor Name IP Filter
+
+Product Name IP Filter
+Fileset Name IPF-ALL
+
+This is the IP Filter package.
diff --git a/HPUX/IPF-ALL/postinstall b/HPUX/IPF-ALL/postinstall
new file mode 100755
index 000000000000..7f08ee016e75
--- /dev/null
+++ b/HPUX/IPF-ALL/postinstall
@@ -0,0 +1,70 @@
+#!/usr/bin/sh
+########
+# Product: IP Fitler
+# Fileset: IPF-ALL
+# postinstall
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+PATH=/usr/bin:/usr/sbin:/bin:/sbin
+export PATH
+########
+# Source control script environment
+########
+ETCDIR=/etc/opt/ipf
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+########
+# Restore original header files
+# The script checkremove has verified that it exists.
+########
+
+# exit $GLOBAL_ERROR
+
+for i in ipf.conf ipnat.conf; do
+ /bin/touch ${ETCDIR}/$i
+ /bin/chmod 444 ${ETCDIR}/$i
+done
+(kmadmin -U ipf)
+(kminstall -d ipf)
+
+cd ${SW_ROOT_DIRECTORY}var/tmp/build
+
+kminstall -u ipf
+if [[ $? -ne 0 ]] ; then
+ exit 1
+fi
+config -M ipf -u
+if [[ $? -ne 0 ]] ; then
+ exit 1
+fi
+kmadmin -L ipf
+kmadmin -Q ipf
+if [[ $? -ne 0 ]] ; then
+ exit 1
+fi
+input=`kmadmin -Q ipf | grep 'Character Major'`
+set $input
+major=$3
+j=0
+for i in ipl ipnat ipstate ipauth ipsync ipscan; do
+ /bin/rm -f /dev/$i
+ mknod /dev/$i c $major $j
+ j=$((j + 1))
+done
+ln -s /sbin/init.d/ipfboot /sbin/rc2.d/S020ipfboot
+
+. /usr/lbin/sw/control_utils
+mod_pathfile -a MP /opt/ipf/man
+mod_pathfile -a P /opt/ipf/bin
+
+exit $exitval
diff --git a/HPUX/IPF-ALL/postremove b/HPUX/IPF-ALL/postremove
new file mode 100755
index 000000000000..11e9030e12ce
--- /dev/null
+++ b/HPUX/IPF-ALL/postremove
@@ -0,0 +1,31 @@
+#! /sbin/sh
+########
+# Product: IP Filter
+# Fileset: IPF-ALL
+# postremove
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+
+########
+# Source control script environment
+########
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+########
+# Restore original header files
+# The script checkremove has verified that it exists.
+########
+
+# exit $GLOBAL_ERROR
+
+exit $exitval
diff --git a/HPUX/IPF-ALL/preinstall b/HPUX/IPF-ALL/preinstall
new file mode 100755
index 000000000000..a1cdd069dbca
--- /dev/null
+++ b/HPUX/IPF-ALL/preinstall
@@ -0,0 +1,50 @@
+#! /sbin/sh
+########
+# Product: IP Filter
+# Fileset: IPF-ALL
+# preinstall
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+
+########
+# Source control script environment
+########
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+CONTRIBDIR=/usr/contrib/ipf
+ETCDIR=/etc/opt/ipf
+
+########
+# Create directories so that installation can take place
+########
+
+if [[ ! -d ${ETCDIR} ]]; then
+ mkdir -m 755 -p ${ETCDIR}
+fi
+
+for i in ipf.conf ipnat.conf; do
+ touch ${ETCDIR}/$i
+ chmod 444 ${ETCDIR}/$i
+done
+
+if [[ ! -d ${CONTRIBDIR} ]]; then
+ mkdir -m 755 -p ${CONTRIBDIR}
+fi
+
+for i in bin man include examples; do
+ if [[ ! -d ${CONTRIBDIR}/$i ]]; then
+ mkdir -m 755 -p ${CONTRIBDIR}/$i
+ fi
+done
+
+exit $exitval
diff --git a/HPUX/IPF-ALL/preremove b/HPUX/IPF-ALL/preremove
new file mode 100755
index 000000000000..65cd7e4d2953
--- /dev/null
+++ b/HPUX/IPF-ALL/preremove
@@ -0,0 +1,29 @@
+#! /sbin/sh
+########
+# Product: IP Filter
+# Fileset: IPF-ALL
+# preremove
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+
+########
+# Source control script environment
+########
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+########
+# Kill off inetd first
+########
+
+kmadmin -U ipf
+exit $exitval
diff --git a/HPUX/IPF-ALL/verify b/HPUX/IPF-ALL/verify
new file mode 100755
index 000000000000..39248a4fb7be
--- /dev/null
+++ b/HPUX/IPF-ALL/verify
@@ -0,0 +1,28 @@
+#! /sbin/sh
+########
+# Product: IP Filter
+# Fileset: IPF-ALL
+# verify
+########
+#
+# (c) Copyright (C) 2012 by Darren Reed.
+#
+########
+
+########
+# Source control script environment
+########
+
+UTILS="/usr/lbin/sw/control_utils"
+if [[ ! -f $UTILS ]] ; then
+ echo "ERROR: Cannot find $UTILS"
+ exit 1
+fi
+. $UTILS
+exitval=$SUCCESS
+
+########
+# Make sure that the header files exist
+########
+
+exit $exitval
diff --git a/HPUX/Makefile b/HPUX/Makefile
new file mode 100644
index 000000000000..deb3e83e8044
--- /dev/null
+++ b/HPUX/Makefile
@@ -0,0 +1,464 @@
+#
+# Copyright (C) 2012 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+SHELL=/bin/sh
+DEPOT=IPF.v4.1.depot
+DEPOTDIR=/var/spool/sw
+DEST=/opt/ipf
+SBINDEST=/sbin
+MANDIR=${DEST}/man
+BINDEST=${DEST}/bin
+EXTRADIR=${DEST}/examples
+INCDIR=${DEST}/include
+ETCDIR=/etc/opt/ipf
+RCDIR=/sbin/init.d
+#CFLAGS=-I$(TOP)
+#
+OBJ=.
+HERE=HPUX/$(CPUDIR)
+DEST=.
+TOP=..
+TOOL=$(TOP)/tools
+TMP=/tmp
+#
+HPUXREV=`uname -r | sed -e 's/^[A-Z]\.\([0-9]*\)\.\([0-9]\)/\1\2/'`
+#BITS=`getconf KERNEL_BITS`
+ABI=+DD${BITS}
+KFLAGS=-Ae +ES1.Xindirect_calls -U__hp9000s700 \
+ -D__STDC_EXT__ -D_XPG4_EXTENDED -D_HPUX_SOURCE -D__hp9000s800 -D_KERNEL \
+ -DKERNEL +Xidu +ESlit -Wp,-H300000 +Hx0 +R500 -Wl,-a,archive +ESsfc -q +ESssf
+DEBUG=-g
+LIBS=-lnsl -lelf -L. -lipf
+DEF=-D_KERNEL
+ATON=-DNEED_INET_ATON
+HPINC=-I/usr/conf/h
+#SPU=-Dspustate_t=u_long
+HFLAGS=$(KFLAGS) $(SPU) $(HPINC)
+CC=cc $(ABI) -DHPUXREV=$(HPUXREV) -I$(TOP)/../pfil -I/usr/conf -I.
+#
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS) $(ARCHINC)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "DEBUG=$(DEBUG)" "CPUDIR=$(CPUDIR)" "HPUXREV=$(HPUXREV)" \
+ "LOOKUP=$(LOOKUP)" "XID=$(XID)"
+#
+O2=+O2
+#O2=-g
+O3=+O3
+#O3=-g
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+CP=/bin/cp
+RM=/bin/rm
+CHMOD=/bin/chmod
+INSTALL=$(TOP)/bsdinstall
+#
+DFLAGS=$(IPFLKM) $(IPFLOG) $(DEF) $(IPFBPF) $(LOOKUP) $(XID)
+#-DIPFDEBUG
+MODOBJS=ip_fil.o fil.o ip_state.o ip_frag.o \
+ ip_nat.o ip_proxy.o ip_auth.o ip_log.o \
+ ip_pool.o ip_htable.o ip_lookup.o \
+ ip_sync.o ip_scan.o ip_rules.o hpux.o $(BPFILTER) md5.o radix_ipf.o
+# ip_trafcon.o
+IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
+IPT=ipftest.o fil_u.o ip_state_u.o ip_frag_u.o \
+ ip_nat_u.o ip_fil_u.o ip_proxy_u.o ip_sync_u.o ip_scan_u.o \
+ ip_auth_u.o ip_pool_u.o ip_rules_u.o ip_log_u.o \
+ ip_htable_u.o ip_lookup_u.o \
+ ipf_y.o ipf_l.o ipnat_y.o ipnat_l.o ippool_y.o ippool_l.o \
+ md5_u.o radix_ipf_u.o
+# ip_trafcon_u.o
+IPMON=ipmon.o ipmon_y.o ipmon_l.o
+IPPOOL=ippool_y.o ippool_l.o ippool.o
+IPNAT=ipnat.o ipnat_y.o ipnat_l.o
+IPTRAFCON=iptrafcon.o
+FILS=ipfstat.o
+LIBSRC=$(TOP)/lib
+RANLIB=ranlib
+AROPTS=cq
+CCARGS=$(DEBUG) $(CFLAGS) -I$(TOP)/../pfil/HP-UX
+EXTRA=$(ALLOPTS)
+#
+include $(TOP)/lib/Makefile
+
+build: $(DEST)/libipf.a ipf ipfstat ipftest ipmon ipnat ippool \
+ ipfs ipscan ipsyncm ipsyncs mod.o
+ -sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
+
+.y.c:
+
+.l.c:
+
+pkg: ipf.pkg
+
+ipfstat: $(FILS) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(FILS) -o $@ $(LIBS)
+
+ipf: $(IPF) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(IPF) -o $@ $(LIBS) $(LLIB) $(LIBBPF)
+
+ipftest: $(IPT) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(IPT) -o $@ $(LIBS) $(LIBBPF)
+
+ipnat: $(IPNAT) $(DEST)/libipf.a
+ $(CC) $(CFLAGS) $(IPNAT) -o $@ $(LIBS) $(LLIB)
+
+ipfs: ipfs.o $(DEST)/libipf.a
+ $(CC) $(CCARGS) ipfs.o -o $@ $(LIBS)
+
+ipsyncm: ipsyncm.o $(DEST)/libipf.a
+ $(CC) $(CCARGS) ipsyncm.o -o $@ $(LIBS)
+
+ipsyncs: ipsyncs.o $(DEST)/libipf.a
+ $(CC) $(CCARGS) ipsyncs.o -o $@ $(LIBS)
+
+ipsyncm.o: $(TOOL)/ipsyncm.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncm.c -o $@
+
+ipsyncs.o: $(TOOL)/ipsyncs.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncs.c -o $@
+
+ipscan: ipscan_y.o ipscan_l.o $(DEST)/libipf.a
+ $(CC) $(DEBUG) ipscan_y.o ipscan_l.o -o $@ $(LLIB) $(LIBS)
+
+ipscan_y.h ipscan_y.c: $(TOOL)/ipscan_y.y $(TOP)/ip_scan.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan_l.c: $(TOOL)/lexer.c $(TOP)/ip_scan.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan_y.o: ipscan_y.c ipscan_y.h ipscan_l.h $(TOP)/ip_scan.h
+ $(CC) $(CCARGS) -c ipscan_y.c -o $@
+
+ipscan_l.o: ipscan_l.c ipscan_y.h ipscan_l.h $(TOP)/ip_scan.h
+ $(CC) $(CCARGS) -I. -c ipscan_l.c -o $@
+
+tests:
+ (cd test; $(MAKE) )
+
+ipfstat.o: $(TOOL)/ipfstat.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) $(HPINC) -c $(TOOL)/ipfstat.c -o $@
+
+ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \
+ $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfs.c -o $@
+
+fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_rules.h
+ $(CC) $(CCARGS) $(EXTRA) $(FIXRADIX) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
+ $(TOP)/ipl.h $(TOP)/ip_rules.h
+ $(CC) -I$(TOP) $(POLICY) $(DFLAGS) $(HFLAGS) $(IPFBPF) \
+ $(O2) -c $(TOP)/fil.c -o $@
+
+ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipf.c -o $@
+
+ipfcomp.o: $(TOOL)/ipfcomp.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfcomp.c -o $@
+
+ipf_y.o: ipf_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h ipf_y.h ipf_l.h
+ $(CC) $(CCARGS) $(IPFBPF) -c ipf_y.c -o $@
+
+ipf_l.o: ipf_l.c $(TOP)/ip_fil.h $(TOP)/ipf.h ipf_y.h
+ $(CC) $(CCARGS) -I. -I$(TOP)/tools -c ipf_l.c -o $@
+
+ipf_y.h ipf_y.c: $(TOOL)/ipf_y.y $(TOP)/ipf.h $(TOP)/ip_fil.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipf_l.c: $(TOOL)/lexer.c $(TOP)/ipf.h $(TOP)/ip_fil.h $(TOOL)/lexer.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipf_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipftest.o: $(TOOL)/ipftest.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipftest.c -o $@
+
+ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
+
+ipnat_y.o: ipnat_y.c ipnat_y.h $(TOP)/ip_nat.h ipnat_l.h
+ $(CC) $(CCARGS) -c ipnat_y.c -o $@
+
+ipnat_l.o: ipnat_l.c ipnat_y.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -I. -c ipnat_l.c -o $@
+
+ipnat_y.h ipnat_y.c: $(TOOL)/ipnat_y.y $(TOP)/ip_nat.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipnat_l.c: $(TOOL)/lexer.c $(TOP)/ip_nat.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipnat_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+mod.o: $(MODOBJS)
+ -if [ "$(BITS)" = "64" ] ; then \
+ /bin/rm -f libmilli.a; \
+ ln -s /usr/lib/pa20_64/milli.a libmilli.a; \
+ ld -r $(MODOBJS) -L. -lmilli -o $@; \
+ else \
+ /bin/rm -f libmilli.a; \
+ ln -s /usr/lib/milli.a libmilli.a; \
+ ld -r $(MODOBJS) -L. -lmilli -o $@; \
+ fi
+
+ip_rules.c: $(TOP)/rules/ip_rules $(TOP)/tools/ipfcomp.c ipf
+ ./ipf -cc -nf $(TOP)/rules/ip_rules
+
+$(TOP)/ip_rules.h: ip_rules.c
+ if [ ! -f $(TOP)/ip_rules.h ] ; then \
+ /bin/mv -f ip_rules.h $(TOP); \
+ else \
+ touch $(TOP)/ip_rules.h; \
+ fi
+
+ip_rules.o: ip_rules.c $(TOP)/ip_rules.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O3) -c ip_rules.c -o $@
+
+ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O3) -c $(TOP)/ip_nat.c -o $@
+
+ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O3) -c $(TOP)/ip_state.c -o $@
+
+ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_h323_pxy.c $(TOP)/ip_irc_pxy.c $(TOP)/ip_ipsec_pxy.c \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_raudio_pxy.c $(TOP)/ip_rpcb_pxy.c \
+ $(TOP)/ip_nat.h $(TOP)/ip_fil.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/ip_proxy.c -o $@
+
+ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O3) -c $(TOP)/ip_frag.c -o $@
+
+ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/ip_auth.c -o $@
+
+ip_scan.o: $(TOP)/ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync.o: $(TOP)/ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/ip_sync.c -o $@
+
+ip_trafcon.o: $(TOP)/ip_trafcon.c $(TOP)/ip_trafcon.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) -c $(TOP)/ip_trafcon.c -o $@
+
+radix_ipf.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/radix_ipf.c -o $@
+
+ip_pool.o: $(TOP)/ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h radix_ipf.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(FIXRADIX) $(O2) \
+ -c $(TOP)/ip_pool.c -o $@
+
+ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_htable.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/ip_htable.c -o $@
+
+ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_lookup.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(FIXRADIX) $(O2) \
+ -c $(TOP)/ip_lookup.c -o $@
+
+ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat.c -o $@
+
+ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_frag.c -o $@
+
+ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_state.c -o $@
+
+ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_auth.c -o $@
+
+ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_h323_pxy.c $(TOP)/ip_irc_pxy.c $(TOP)/ip_ipsec_pxy.c \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_raudio_pxy.c $(TOP)/ip_rpcb_pxy.c \
+ $(TOP)/ip_nat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_proxy.c -o $@
+
+ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_nat.h $(TOP)/ip_frag.h $(TOP)/ip_state.h \
+ $(TOP)/ip_auth.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_log.c -o $@
+
+ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) $(FIXRADIX) -c $(TOP)/ip_fil.c -o $@
+
+ip_scan_u.o: $(TOP)/ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync_u.o: $(TOP)/ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_sync.c -o $@
+
+ip_rules_u.o: ip_rules.c $(TOP)/ip_rules.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c ip_rules.c -o $@
+
+ip_pool_u.o: $(TOP)/ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_pool.c -o $@
+
+ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_htable.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_htable.c -o $@
+
+ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_lookup.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_lookup.c -o $@
+
+ip_trafcon_u.o: $(TOP)/ip_trafcon.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_trafcon.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_trafcon.c -o $@
+
+ip_fil.o: $(TOP)/ip_fil_hpux.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) \
+ $(COMPIPF) -c $(TOP)/ip_fil_hpux.c -o $@
+
+ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/ip_log.c -o $@
+
+hpux.o: $(TOP)/hpux.c $(TOP)/ipl.h $(TOP)/ip_compat.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/hpux.c -o $@
+
+bpf_filter_u.o: $(TOP)/bpf_filter.c $(TOP)/bpf-ipf.h $(TOP)/pcap-ipf.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/bpf_filter.c -o $@
+
+bpf_filter.o: $(TOP)/bpf_filter.c
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O2) -c $(TOP)/bpf_filter.c -o $@
+
+md5_u.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/md5.c -o $@
+
+md5.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) -I$(TOP) $(DFLAGS) $(HFLAGS) $(O3) $(SPU) -c $(TOP)/md5.c -o $@
+
+radix_ipf_u.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix_ipf.c -o $@
+
+ipmon: $(IPMON) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(LOGFAC) $(IPMON) -o $@ $(LIBS) $(LLIB)
+
+$(TOP)/ipmon.c:
+
+ipmon_y.c ipmon_y.h: $(TOOL)/ipmon_y.y $(TOP)/ipmon.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipmon_l.c: $(TOOL)/lexer.c $(TOP)/ipmon.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipmon_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipmon.o: $(TOOL)/ipmon.c
+ $(CC) $(CCARGS) $(LOGFAC) -c $(TOOL)/ipmon.c -o $@
+
+ipmon_y.o: ipmon_y.c $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -c ipmon_y.c -o $@
+
+ipmon_l.o: ipmon_l.c $(TOP)/ipmon.h
+ $(CC) $(CCARGS) -I. -c ipmon_l.c -o $@
+
+ippool: $(IPPOOL)
+ $(CC) $(DEBUG) -I. $(CFLAGS) $(IPPOOL) -o $@ $(LIBS) $(LLIB)
+
+ippool.o: $(TOOL)/ippool.c $(TOP)/ipf.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@
+
+ippool_y.o: ippool_y.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -c ippool_y.c -o $@
+
+ippool_l.o: ippool_l.c ippool_y.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -I. -c ippool_l.c -o $@
+
+ippool_y.h ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ippool_l.c: $(TOOL)/lexer.c $(TOP)/ip_pool.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ippool_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); $(MAKE) "DEST=../$(HERE)" ../$(HERE)/$@)
+
+iptrafcon.o: $(TOP)/iptrafcon.c
+ $(CC) $(CCARGS) -c $(TOP)/iptrafcon.c -o $@
+
+iptrafcon: $(IPTRAFCON) libipf.a
+ $(CC) $(CCARGS) $(IPTRAFCON) -o $@ $(LIBS)
+
+clean:
+ ${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
+ ${RM} -f ../ipscan ../ipsyncm ../ipsyncs
+ ${RM} -f core *.o *.a ipt ipfstat ipf ipfstat ipftest ipmon
+ ${RM} -f if_ipl ipnat $(LKM) libmilli.a ipf.psf
+ ${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
+ ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
+ ${RM} -f ippool ippool_y.c ippool_y.h ippool_l.c ippool_l.h
+ ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h
+ ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h
+ ${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h
+ ${RM} -f ipnat.5 ipnat.4 ipnat.8 ipfilter.4 ipfilter.5
+ ${MAKE} -f Makefile.ipsend clean
+ -(for i in *; do \
+ if [ -d $${i} -a -h $${i}/Makefile ] ; then \
+ cd $${i}; (make TOP=../.. clean); cd ..; \
+ rm $${i}/Makefile $${i}/Makefile.ipsend; \
+ rmdir $${i}; \
+ fi \
+ done)
+
+ipf.pkg:
+ sed -e "s/HPREV/`uname -r`/g" ../ipf.psf.dist > ipf.psf
+ swpackage -x media_type=tape -s ipf.psf @ /tmp/${DEPOT}
+ mv /tmp/${DEPOT} ipf.pkg
+
+install:
+ sed -e "s/HPREV/`uname -r`/g" ../ipf.psf.dist > ipf.psf
+ swpackage -s ipf.psf @ ${DEPOTDIR}/${DEPOT}
+ swreg -l depot ${DEPOTDIR}/${DEPOT}
+ @echo now do:
+ @echo swinstall -s ${DEPOTDIR}/${DEPOT} -x reinstall=true IPF-RUN
+
+manualinstall:
+ mkdir -p -m 755 ${DEST} ${MANDIR} ${BINDEST} ${EXTRADIR} ${INCDIR}
+ mkdir -p -m 700 ${ETCDIR}
+ -$(INSTALL) -c -s ipftest $(BINDEST)/ipftest
+ -$(INSTALL) -c -s ipmon $(BINDEST)/ipmon
+ -$(INSTALL) -c -s ipsend $(BINDEST)/ipsend
+ -$(INSTALL) -c -s ipresend $(BINDEST)/ipresend
+ -$(INSTALL) -c $(TOP)/mkfilters $(BINDEST)/mkfilters
+ -$(INSTALL) -c -s ipfs $(SBINDEST)/ipfs
+ -$(INSTALL) -c -s ipnat $(SBINDEST)/ipnat
+ -$(INSTALL) -c -s ipf $(SBINDEST)/ipf
+ -$(INSTALL) -c -s ipfstat $(SBINDEST)/ipfstat
+ -$(INSTALL) -c ipfboot $(RCDIR)
+ -cp $(TOP)/man/*.[0-9] .
+ -$(INSTALL) ipf.8 $(MANDIR)/man8
+ -$(INSTALL) ipfs.8 $(MANDIR)/man8
+ -$(INSTALL) ipnat.8 $(MANDIR)/man8
+ -$(INSTALL) ipftest.1 $(MANDIR)/man1
+ -$(INSTALL) mkfilters.1 $(MANDIR)/man1
+ -$(INSTALL) ipf.4 $(MANDIR)/man4
+ -$(INSTALL) ipfilter.4 $(MANDIR)/man4
+ -$(INSTALL) ipnat.4 $(MANDIR)/man4
+ -$(INSTALL) ipl.4 $(MANDIR)/man4
+ -$(INSTALL) ipf.5 $(MANDIR)/man5
+ -$(INSTALL) ipnat.5 $(MANDIR)/man5
+ -$(INSTALL) ipfilter.5 $(MANDIR)/man5
+ -$(INSTALL) ipfstat.8 $(MANDIR)/man8
+ -$(INSTALL) ipmon.8 $(MANDIR)/man8
+ -$(INSTALL) ipmon.5 $(MANDIR)/man5
+ -$(INSTALL) ippool.8 $(MANDIR)/man8
+ -$(INSTALL) ippool.5 $(MANDIR)/man5
+ -$(INSTALL) ipscan.8 $(MANDIR)/man8
+ -$(INSTALL) ipscan.5 $(MANDIR)/man5
+ -cp $(TOP)/rules/* $(EXTRADIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_fil.h $(INCDIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_compat.h $(INCDIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_state.h $(INCDIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_nat.h $(INCDIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_frag.h $(INCDIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_proxy.h $(INCDIR)
+ -$(INSTALL) -m 644 -c $(TOP)/ip_auth.h $(INCDIR)
+ -touch ${ETCDIR}/ipf.conf ${ETCDIR}/ipnat.conf
diff --git a/HPUX/Makefile.ipsend b/HPUX/Makefile.ipsend
new file mode 100644
index 000000000000..632f0779e488
--- /dev/null
+++ b/HPUX/Makefile.ipsend
@@ -0,0 +1,65 @@
+OBJS=ipsend.o ip.o ipsopt.o iplang_y.o iplang_l.o ethers.o
+IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o ethers.o
+ROBJS=ipresend.o ip.o resend.o ethers.o
+TOBJS=iptest.o iptests.o ip.o ethers.o
+UNIXOBJS=dlcommon.o sdlpi.o arp.o ethers.o
+HPUX=hpux.o sock.o arp.o ethers.o
+ABI=+DD${BITS} -I$(TOP)/../pfil -I/usr/conf -I.
+CC=cc $(ABI) -DHPUXREV=$(HPUXREV)
+OBJ=.
+LIBS=-lnsl -L$(OBJ) -lipf
+
+CFLAGS=-g -I$$(TOP) -Dhpux
+
+all build dlpi hpux : ipsend ipresend iptest
+
+.c.o:
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $< -o $@
+
+ethers.o: ../ethers.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c ../ethers.c -o $@
+
+iplang_y.o: $(TOP)/iplang/iplang_y.y
+ (cd $(TOP)/iplang; $(MAKE) "DESTDIR=../HPUX/$(CPUDIR)" 'CFLAGS=$(CFLAGS) $(ABI)')
+
+iplang_l.o: $(TOP)/iplang/iplang_l.l
+ (cd $(TOP)/iplang; $(MAKE) "DESTDIR=../HPUX/$(CPUDIR)" 'CFLAGS=$(CFLAGS) $(ABI)')
+
+ipsend: $(OBJS) $(UNIXOBJS)
+ $(CC) $(ABI) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll
+
+ipresend: $(ROBJS) $(UNIXOBJS)
+ $(CC) $(ABI) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+iptest: $(TOBJS) $(UNIXOBJS)
+ $(CC) $(ABI) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+clean:
+ rm -rf *.o core a.out ipsend ipresend iptest iplang_l.* iplang_y.*
+
+ipsend.o: $(TOP)/ipsend/ipsend.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) $(SPU) -c $(TOP)/ipsend/ipsend.c -o $@
+ipsopt.o: $(TOP)/ipsend/ipsopt.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsopt.c -o $@
+ipresend.o: $(TOP)/ipsend/ipresend.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipresend.c -o $@
+ip.o: $(TOP)/ipsend/ip.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ip.c -o $@
+resend.o: $(TOP)/ipsend/resend.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/resend.c -o $@
+ipft_sn.o: $(TOP)/ipft_sn.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_sn.c -o $@
+ipft_pc.o: $(TOP)/ipft_pc.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipft_pc.c -o $@
+iptest.o: $(TOP)/ipsend/iptest.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptest.c -o $@
+iptests.o: $(TOP)/ipsend/iptests.c
+ $(CC) $(ABI) $(HPREV) $(DEBUG) $(CFLAGS) -Dhpux -c $(TOP)/ipsend/iptests.c -o $@
+sock.o: $(TOP)/ipsend/sock.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sock.c -o $@
+arp.o: $(TOP)/ipsend/arp.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/arp.c -o $@
+dlcommon.o: $(TOP)/ipsend/dlcommon.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/dlcommon.c -o $@
+sdlpi.o: $(TOP)/ipsend/sdlpi.c
+ $(CC) $(ABI) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sdlpi.c -o $@
diff --git a/HPUX/cpurev b/HPUX/cpurev
new file mode 100755
index 000000000000..5cc37ba56898
--- /dev/null
+++ b/HPUX/cpurev
@@ -0,0 +1,6 @@
+#!/bin/sh
+bits=`getconf KERNEL_BITS`
+rev=`uname -r`
+model=`uname -m|sed -e 's!/!.!'`
+echo $rev.$model.$bits
+exit 0
diff --git a/HPUX/ethers.c b/HPUX/ethers.c
new file mode 100644
index 000000000000..ffe7c4e8eed3
--- /dev/null
+++ b/HPUX/ethers.c
@@ -0,0 +1,124 @@
+/* $NetBSD: ethers.c,v 1.17 2000/01/22 22:19:14 mycroft Exp $ */
+
+/*
+ * ethers(3N) a la Sun.
+ *
+ * Written by Roland McGrath <roland@frob.com> 10/14/93.
+ * Public domain.
+ */
+
+#if defined(__hpux) && (HPUXREV >= 1111) && !defined(_KERNEL)
+# include <sys/kern_svcs.h>
+#endif
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <net/if_arp.h>
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "ip_compat.h"
+
+
+struct ether_addr *
+ether_aton(s)
+ const char *s;
+{
+ static struct ether_addr n;
+ u_int i[6];
+
+ if (sscanf(s, " %x:%x:%x:%x:%x:%x ", &i[0], &i[1],
+ &i[2], &i[3], &i[4], &i[5]) == 6) {
+ n.ether_addr_octet[0] = (u_char)i[0];
+ n.ether_addr_octet[1] = (u_char)i[1];
+ n.ether_addr_octet[2] = (u_char)i[2];
+ n.ether_addr_octet[3] = (u_char)i[3];
+ n.ether_addr_octet[4] = (u_char)i[4];
+ n.ether_addr_octet[5] = (u_char)i[5];
+ return &n;
+ }
+ return NULL;
+}
+
+
+int
+ether_hostton(hostname, e)
+ const char *hostname;
+ struct ether_addr *e;
+{
+ FILE *f;
+ char *p;
+ size_t len;
+ char try[MAXHOSTNAMELEN + 1];
+ char line[512];
+#ifdef YP
+ int hostlen = strlen(hostname);
+#endif
+
+ f = fopen("/etc/ethers", "r");
+ if (f==NULL)
+ return -1;
+
+ while ((p = fgets(line, sizeof(line), f)) != NULL) {
+ if (p[len - 1] != '\n')
+ continue; /* skip lines w/o \n */
+ p[--len] = '\0';
+#ifdef YP
+ /* A + in the file means try YP now. */
+ if (len == 1 && *p == '+') {
+ char *ypbuf, *ypdom;
+ int ypbuflen;
+
+ if (yp_get_default_domain(&ypdom))
+ continue;
+ if (yp_match(ypdom, "ethers.byname", hostname, hostlen,
+ &ypbuf, &ypbuflen))
+ continue;
+ if (ether_line(ypbuf, e, try) == 0) {
+ free(ypbuf);
+ (void)fclose(f);
+ return 0;
+ }
+ free(ypbuf);
+ continue;
+ }
+#endif
+ if (ether_line(p, e, try) == 0 && strcmp(hostname, try) == 0) {
+ (void)fclose(f);
+ return 0;
+ }
+ }
+ (void)fclose(f);
+ errno = ENOENT;
+ return -1;
+}
+
+
+int
+ether_line(l, e, hostname)
+ const char *l;
+ struct ether_addr *e;
+ char *hostname;
+{
+ u_int i[6];
+ static char buf[sizeof " %x:%x:%x:%x:%x:%x %s\\n" + 21];
+ /* XXX: 21 == strlen (ASCII representation of 2^64) */
+
+ if (! buf[0])
+ snprintf(buf, sizeof buf, " %%x:%%x:%%x:%%x:%%x:%%x %%%ds\\n",
+ MAXHOSTNAMELEN);
+ if (sscanf(l, buf,
+ &i[0], &i[1], &i[2], &i[3], &i[4], &i[5], hostname) == 7) {
+ e->ether_addr_octet[0] = (u_char)i[0];
+ e->ether_addr_octet[1] = (u_char)i[1];
+ e->ether_addr_octet[2] = (u_char)i[2];
+ e->ether_addr_octet[3] = (u_char)i[3];
+ e->ether_addr_octet[4] = (u_char)i[4];
+ e->ether_addr_octet[5] = (u_char)i[5];
+ return 0;
+ }
+ errno = EINVAL;
+ return -1;
+}
diff --git a/HPUX/installmod b/HPUX/installmod
new file mode 100755
index 000000000000..eb7215e80798
--- /dev/null
+++ b/HPUX/installmod
@@ -0,0 +1,27 @@
+#!/bin/ksh
+(kmadmin -U ipf)
+(kminstall -d ipf)
+kminstall -u ipf
+if [[ $? -ne 0 ]] ; then
+ exit 1
+fi
+config -M ipf -u
+if [[ $? -ne 0 ]] ; then
+ exit 1
+fi
+kmadmin -L ipf
+kmadmin -Q ipf
+if [[ $? -ne 0 ]] ; then
+ exit 1
+fi
+input=`kmadmin -Q ipf | grep 'Character Major'`
+set $input
+major=$3
+/bin/rm -f /dev/ipl /dev/ipnat /dev/ipstate /dev/ipauth
+mknod /dev/ipl c $major 0
+mknod /dev/ipnat c $major 1
+mknod /dev/ipstate c $major 2
+mknod /dev/ipauth c $major 3
+mknod /dev/ipsync c $major 4
+mknod /dev/ipscan c $major 5
+exit 0
diff --git a/HPUX/ipf.psf.dist b/HPUX/ipf.psf.dist
new file mode 100644
index 000000000000..529741023d8c
--- /dev/null
+++ b/HPUX/ipf.psf.dist
@@ -0,0 +1,161 @@
+# File: psf
+#
+# Purpose: IP Filter Product Specification File (PSF) for swpackage
+#
+# Copyright (C) 2012 by Darren Reed.
+#
+# Description: PSF for IP FIlter 5.1.0
+#
+# $Id$
+
+
+# The vendor definition here applies to all subsequently defined products.
+vendor
+ tag IPFilter
+ title IPFilter Products
+ description Firewall/NAT Products
+end
+
+category
+ tag HPUXAdditions
+ title IP Filter
+end
+
+# Bundle definition(s):
+bundle
+ tag IPF
+ title IP Filter 5.1.0
+ description Firewall/NAT
+ revision A.05.01.00
+ architecture HP-UX_HPREV_32/64
+ machine_type 9000/[678]??:*
+ os_name HP-UX
+ os_release HPREV
+ os_version *
+ category_tag HPUXAdditions
+ is_protected false
+ is_reference false
+ vendor_tag IPFilter
+ hp_srdo swtype=O;user=B;bundle_type=O
+ contents IPF-RUN,r=A.05.01.00,a=HP-UX_HPREV_32/64,v=IPFilter
+end # bundle IPF
+
+# Product definition(s):
+product
+ tag IPF-RUN
+ title IP Filter 5.1.0
+ description Firewall/NAT
+ copyright < ../../SunOS5/copyright
+ revision A.05.01.00
+ architecture HP-UX_HPREV_32/64
+ machine_type 9000/[678]??:*
+ os_name HP-UX
+ os_release HPREV
+ os_version *
+ directory /
+ is_locatable false
+ vendor_tag IPFilter
+
+# configure doc/configure
+# unconfigure doc/unconfigure
+
+ ########################################################################
+ # #
+ # The following filesets already exist on the system. #
+ # #
+ ########################################################################
+
+ # InternetSrvcs.IPF-ALL
+ fileset
+ tag IPF-ALL
+ title IP Filter 5.1.0 : IPF-ALL
+ description < ../IPF-ALL/description
+ revision A.05.01.00
+ architecture HP-UX_HPREV_32/64
+ machine_type 9000/[678]??:*
+ os_name HP-UX
+ os_release HPREV
+ os_version *
+ is_kernel false
+ is_reboot false
+
+# prerequisites PHKL_18543.NET-KRN,a=HP-UX_HPREV_32/64,v=HP
+
+ checkinstall ../IPF-ALL/checkinstall
+ preinstall ../IPF-ALL/preinstall
+ postinstall ../IPF-ALL/postinstall
+ verify ../IPF-ALL/verify
+ checkremove ../IPF-ALL/checkremove
+ preremove ../IPF-ALL/preremove
+ postremove ../IPF-ALL/postremove
+
+ directory . = /
+ file_permissions -m 555 -o bin -g bin
+ file mod.o var/tmp/build/mod.o
+ file ../master var/tmp/build/master
+ file ../system var/tmp/build/system
+ file ../space.h var/tmp/build/space.h
+ file ../ipfboot sbin/init.d/ipfboot
+ file ../ipfconf etc/rc.config.d/ipfconf
+ file ipf sbin/ipf
+ file ipfs sbin/ipfs
+ file ipnat sbin/ipnat
+ file ipfstat sbin/ipfstat
+ file ipmon opt/ipf/bin/ipmon
+ file ipsend opt/ipf/bin/ipsend
+ file ipftest opt/ipf/bin/ipftest
+ file ipresend opt/ipf/bin/ipresend
+# file ipscan opt/ipf/bin/ipscan
+# file ipsyncs opt/ipf/bin/ipsyncs
+# file ipsyncm opt/ipf/bin/ipsyncm
+ file ../../mkfilters opt/ipf/bin/mkfilters
+ file_permissions -m 444 -o bin -g bin
+ file ../../ip_fil.h opt/ipf/include/ip_fil.h
+ file ../../ip_nat.h opt/ipf/include/ip_nat.h
+ file ../../ip_state.h opt/ipf/include/ip_state.h
+ file ../../ip_compat.h opt/ipf/include/ip_compat.h
+ file ../../ip_proxy.h opt/ipf/include/ip_proxy.h
+ file ../../ip_frag.h opt/ipf/include/ip_frag.h
+ file ../../ip_auth.h opt/ipf/include/ip_auth.h
+ file ../../man/ipf.8 opt/ipf/man/man8/ipf.8
+ file ../../man/ipnat.8 opt/ipf/man/man1/ipnat.8
+ file ../../man/ipmon.8 opt/ipf/man/man8/ipmon.8
+ file ../../man/ipfstat.8 opt/ipf/man/man8/ipfstat.8
+ file ../../man/ipftest.1 opt/ipf/man/man1/ipftest.1
+ file ../../man/ipfs.8 opt/ipf/man/man8/ipfs.8
+ file ../../man/mkfilters.1 opt/ipf/man/man1/mkfilters.1
+ file ../../man/ipf.4 opt/ipf/man/man4/ipf.4
+ file ../../man/ipfilter.4 opt/ipf/man/man4/ipfilter.4
+ file ../../man/ipl.4 opt/ipf/man/man4/ipl.4
+ file ../../man/ipnat.4 opt/ipf/man/man4/ipnat.4
+ file ../../man/ipf.5 opt/ipf/man/man5/ipf.5
+ file ../../man/ipfilter.5 opt/ipf/man/man4/ipfilter.5
+ file ../../man/ipnat.5 opt/ipf/man/man5/ipnat.5
+ file ../../rules/example.1 opt/ipf/examples/example.1
+ file ../../rules/example.2 opt/ipf/examples/example.2
+ file ../../rules/example.3 opt/ipf/examples/example.3
+ file ../../rules/example.4 opt/ipf/examples/example.4
+ file ../../rules/example.5 opt/ipf/examples/example.5
+ file ../../rules/example.6 opt/ipf/examples/example.6
+ file ../../rules/example.7 opt/ipf/examples/example.7
+ file ../../rules/example.8 opt/ipf/examples/example.8
+ file ../../rules/example.9 opt/ipf/examples/example.9
+ file ../../rules/example.10 opt/ipf/examples/example.10
+ file ../../rules/example.11 opt/ipf/examples/example.11
+ file ../../rules/example.12 opt/ipf/examples/example.12
+ file ../../rules/example.13 opt/ipf/examples/example.13
+ file ../../rules/example.sr opt/ipf/examples/example.sr
+ file ../../rules/nat.eg opt/ipf/examples/nat.eg
+ file ../../rules/server opt/ipf/examples/server
+ file ../../rules/tcpstate opt/ipf/examples/tcpstate
+ file ../../rules/BASIC.NAT opt/ipf/examples/BASIC.NAT
+ file ../../rules/BASIC_1.FW opt/ipf/examples/BASIC_1.FW
+ file ../../rules/BASIC_2.FW opt/ipf/examples/BASIC_2.FW
+ file ../../rules/firewall opt/ipf/examples/firewall
+ file ../../rules/ftp-proxy opt/ipf/examples/ftp-proxy
+ file ../../rules/ftppxy opt/ipf/examples/ftppxy
+ file ../../rules/nat-setup opt/ipf/examples/nat-setup
+ end # fileset IPF-ALL
+
+end # product IPF-RUN
+
diff --git a/HPUX/ipfboot b/HPUX/ipfboot
new file mode 100644
index 000000000000..b31b4b105f3b
--- /dev/null
+++ b/HPUX/ipfboot
@@ -0,0 +1,115 @@
+#!/sbin/sh
+#
+PATH=/sbin:/usr/bin:/usr/sbin:/opt/ipf/bin
+#
+pid=`ps -e | grep ipmon | awk ' { print $1 } ' -`
+. /etc/rc.config
+
+block_default_workaround() {
+ ipf -F a
+ echo "constructing minimal name resolution rules..."
+ NAMESERVERS=`cat /etc/resolv.conf | awk '/nameserver/ {printf "%s ", $2}'`
+ for NS in $NAMESERVERS
+ do
+ IF_TO_NS=`/usr/sbin/route -n get $NS | awk '/interface/ {print $NF}'`
+ IP_TO_NS=any
+ echo "pass out quick proto udp from $IP_TO_NS to $NS port = 53 keep state" | \
+ ipf -f -
+ done
+}
+
+set_device_files() {
+ input=`kmadmin -Q ipf | grep 'Character Major'`
+ set $input
+ major=$3
+ /bin/rm -f /dev/ipl /dev/ipnat /dev/ipstate /dev/ipauth
+ /bin/rm -f /dev/ipsync /dev/ipscan /dev/iplookup
+ mknod /dev/ipl c $major 0
+ mknod /dev/ipnat c $major 1
+ mknod /dev/ipstate c $major 2
+ mknod /dev/ipauth c $major 3
+ mknod /dev/ipsync c $major 4
+ mknod /dev/ipscan c $major 5
+ mknod /dev/iplookup c $major 6
+}
+
+case "$1" in
+ start_msg)
+ echo "Starting IP Filter"
+ ;;
+
+ stop_msg)
+ echo "Stopping IP Filter"
+ ;;
+
+ start)
+ if [ ${IPF_START} -eq 1 ] ; then
+ if [ x$pid != x ] ; then
+ kill -TERM $pid
+ fi
+ kmadmin -L ipf
+ set_device_files
+ ipf -E
+ if [ -r ${IPF_CONF} ]; then
+ BLOCK_DEFAULT=`/sbin/ipf -V | grep Default | \
+ awk '{print $2}'`
+ if [ x$BLOCK_DEFAULT = "xblock" ] ; then
+ block_default_workaround
+ fi
+ ipf -IFa -f ${IPF_CONF}
+ if [ $? != 0 ]; then
+ echo "$0: load of ${IPF_CONF} into alternate set failed"
+ else
+ ipf -s
+ fi
+ fi
+ if [ -r ${IPNAT_CONF} ]; then
+ ipnat -CF -f ${IPNAT_CONF}
+ if [ $? != 0 ]; then
+ echo "$0: load of ${IPNAT_CONF} failed"
+ fi
+ fi
+ if [ ${IPMON_START} -eq 1 ] ; then
+ ipmon ${IPMON_FLAGS}
+ fi
+ else
+ exit 2
+ fi
+ ;;
+
+ stop)
+ if [ x$pid != x ] ; then
+ kill -TERM $pid
+ fi
+ ipf -D
+ kmadmin -U ipf
+ ;;
+
+ reload)
+ if [ -r ${IPF_CONF} ]; then
+ ipf -I -Fa -f ${IPF_CONF}
+ if [ $? != 0 ]; then
+ echo "$0: reload of ${IPF_CONF} into alternate set failed"
+ else
+ ipf -s
+ fi
+ fi
+ if [ -r ${IPNAT_CONF} ]; then
+ ipnat -CF -f ${IPNAT_CONF}
+ if [ $? != 0 ]; then
+ echo "$0: reload of ${IPNAT_CONF} failed"
+ fi
+ fi
+ ;;
+
+ setdevs)
+ set_device_files
+ ;;
+
+ *)
+ echo "Usage: $0 (start|stop|reload)" >&2
+ exit 1
+ ;;
+
+esac
+exit 0
diff --git a/HPUX/ipfconf b/HPUX/ipfconf
new file mode 100644
index 000000000000..26dc093a717d
--- /dev/null
+++ b/HPUX/ipfconf
@@ -0,0 +1,26 @@
+#
+# Directory where IP Filter configuration files are kept
+#
+IPF_CONFDIR=/etc/opt/ipf
+#
+# Packet filtering configuration file
+#
+IPF_CONF=${IPF_CONFDIR}/ipf.conf
+#
+# Network address translation configuration file
+#
+IPNAT_CONF=${IPF_CONFDIR}/ipnat.conf
+#
+# Load the ipfilter module ?
+# 1 = Start, 0 = Do not start
+#
+IPF_START=1
+#
+# Start ipmon ?
+# 1 = Start, 0 = Do not start
+#
+IPMON_START=1
+#
+# Options to start ipmon with
+#
+IPMON_FLAGS=-sD
diff --git a/HPUX/makeargs b/HPUX/makeargs
new file mode 100755
index 000000000000..f6b9c5606f6f
--- /dev/null
+++ b/HPUX/makeargs
@@ -0,0 +1,10 @@
+#!/bin/ksh
+dir=${0%makeargs}
+hprev=`uname -r | sed -e 's/^[A-Z]\.\([0-9]*\)\.\([0-9]\)/\1\2/'`
+if [ $hprev -lt 1111 ] ; then
+ lib=' LLIB=-ll'
+ dcpu=' SPU="-Dspustate_t=u_long"'
+fi
+cpu=`$dir/cpurev`
+echo 'CPUDIR='$cpu' HPUXREV='$hprev''$lib$dcpu
+exit 0
diff --git a/HPUX/master b/HPUX/master
new file mode 100644
index 000000000000..26718d0f2c01
--- /dev/null
+++ b/HPUX/master
@@ -0,0 +1,33 @@
+*
+* master file for "ipf" module
+*
+
+$VERSION
+* Should start from 1, currently only 1 is correct value
+1
+$$$
+
+$DRIVER_INSTALL
+*
+* Driver Block major Char major required for minimal system
+*
+ipf -1 -1
+$$$
+
+$LOADABLE
+$$$
+
+$INTERFACE
+base
+$$$
+
+$DRIVER_DEPENDENCY
+ipf pfil
+$$$
+
+$TYPE
+ipf wsio_class pseudo cpmi -1 -1
+$$$
+
+$TUNABLE
+$$$
diff --git a/HPUX/space.h b/HPUX/space.h
new file mode 100644
index 000000000000..fe7f45da12e3
--- /dev/null
+++ b/HPUX/space.h
@@ -0,0 +1,3 @@
+/*
+ * Tunable parameters for "ipf" module
+ */
diff --git a/HPUX/system b/HPUX/system
new file mode 100644
index 000000000000..8bad230b2423
--- /dev/null
+++ b/HPUX/system
@@ -0,0 +1,8 @@
+*
+* system file for "ipf" module
+*
+$VERSION 1
+$CONFIGURE Y
+$LOADABLE Y
+$TUNABLE
+$$$
diff --git a/INSTALL.FreeBSD b/INSTALL.FreeBSD
index a4a787ac42be..2a16942c15f0 100644
--- a/INSTALL.FreeBSD
+++ b/INSTALL.FreeBSD
@@ -1,8 +1,11 @@
-This file is for use with FreeBSD 4.x and 5.x only.
+Thi file is for use with FreeBSD 4.x and 5.x only.
To build a kernel for use with the loadable kernel module, follow these
steps:
+ 0. Run "config GENERIC" or similar in /sys/i386/conf or the
+ appropriate directory for your kernel.
+
1. For FreeBSD version:
4.* do make freebsd4
5.* do make freebsd5
@@ -16,10 +19,12 @@ steps:
5. install and reboot with the new kernel
- 6. use modload(8) to load the packet filter with:
+ 6. use modload(8)/kldload(8) to load the packet filter with:
modload if_ipl.o
+ kldload ipf.ko
- 7. do "modstat" to confirm that it has been loaded successfully.
+ 7. do "modstat" or "kldstat" to confirm that it has been loaded
+ successfully.
There is no need to use mknod to create the device in /dev;
- upon loading the module, it will create itself with the correct values,
diff --git a/INSTALL.IRIX b/INSTALL.IRIX
index b64d4349879b..779ccf64c50f 100644
--- a/INSTALL.IRIX
+++ b/INSTALL.IRIX
@@ -1,7 +1,7 @@
-IP Filter has been mostly tested under IRIX 6.2. It should work under IRIX 6.3
-as well. Under IRIX 5.3, it has been successfully compiled and linked in the
-kernel, but not tested. Compilation under IRIX >= 6.4 is not yet supported.
+IP Filter has been mostly tested under IRIX 6.2 and 6.5.
+Under IRIX 5.3, it has been successfully compiled and linked in the kernel,
+but not tested.
To build a kernel with the IP filter and install it on your system,
follow these steps:
@@ -17,13 +17,6 @@ follow these steps:
CC=gcc
to
CC=cc
- b) enable full optimization
- This means changing the lines reading:
- DEBUG=-g
- CFLAGS=-I$$(TOP)
- to
- DEBUG=
- CFLAGS=-O2 -I$$(TOP)
1. do "make irix" (Warning: GNU make is not supported, so if it has
been installed on your system, verify your path and/or do "which make"
@@ -80,11 +73,10 @@ ADDITIONAL NOTES:
the same major device number.
- We have not tested IP Filter on a multiprocessor machine yet.
- However, feel free to try it and send your experiences/patches
- back to marc@CAM.ORG. SGI prescribes that kernel code be built on such
- systems with -D_MP_NETLOCKS -DMP. Therefore, these flags should
- probably be uncommented on the DFLAGS line of IRIX/Makefile if your
- machine has more than one processor.
+ SGI prescribes that kernel code be built on such systems with
+ -D_MP_NETLOCKS -DMP. Therefore, these flags should probably be
+ uncommented on the DFLAGS line of IRIX/Makefile if your machine
+ has more than one processor.
- It is also possible to build IP Filter as a dynamically loadable
kernel module (by retaining the IPFLKM=-DIPFILTER_LKM definition in the
@@ -95,7 +87,6 @@ ADDITIONAL NOTES:
with IP22 CPU boards and can sometime cause panics during loading due
to a potential race condition.
-
CREDITS:
IP Filter was ported to IRIX by Marc Boucher <marc@CAM.ORG>
diff --git a/INSTALL.Linux b/INSTALL.Linux
index 1a5d15b59f02..b25f39782f95 100644
--- a/INSTALL.Linux
+++ b/INSTALL.Linux
@@ -1,50 +1,43 @@
-IP-Filter on Linux 2.0.31
--------------------------
-NOTE: I have *ONLY* compiled and created patches for using IP Filter on
- Linux 2.0.31. Any other kernel revision may need seprate patches.
- Also, I've only tested on a x86 CPU so I can't make any guarantees
- about it working on Sparc/Mac/Amiga.
+The Linux 2.4 and 2.6 series of kernels are supported by this software.
-First, you should do a sanity check of your system to make sure it will
-compile IP Filter. You will need a "libfl" and a "libelf". If you don't
-have these, install them before proceeding.
+Building has been tested on RedHat 9 and SUSE 9.x, although your results
+may vary.
-The installation and compiliation process assumes that Linux 2.0.31
-will be in the /usr/src/linux directory and that all the symbolic links
-in /usr/include match. /usr/src/linux may be a symbolic link too, but
-it must point to a 2.0.31 kernel source tree.
+In general, you will need to have your kernel source in /usr/src/linux
+to build IPFilter but different Linux projects may differ. See below.
-The first step is to make the IP Filter binaries. Do this with a
-"make linux" from the ip_fil3.2.x directory. If this completes with
-no errors, install IP Filter with a "make install-linux".
+Projects
+========
-Now that the user part of it is complete, it is time to work on the kernel.
-To start this off, run "Linux/minstall". This will configure the devices
-you will need for the IP Filter. Then run "Linux/kinstall". This will
-patch your kernel source code and configuration files so you can enabled IP
-Filter. You must now go to /usr/src/linux and configure your kernel using one
-of the available interfaces to enable IP Filter. IP Filter will be presented
-as a three way choice "y/m/n" - select "m" to enable it. Save your kernel
-configuration file, rebuild, install and reboot with the new kernel.
+Fedora
+------
+For Fedora, point your web browser at this URL and follow the instructions:
+http://fedoraproject.org/wiki/Building_a_custom_kernel
-When you've rebooted with the new kernel, you should be able to load
-IP Filter with the command "insmod if_ipl". All going will, you will
-see a message like this on your console:
+For me, following the instructions put all of the kernel source code (for
+Fedora 11) in $HOME/rpmbuild. As an example of the directory I used, see
+BUILDROOT in Makefile.
-IP Filter: initialized. Default = pass all, Logging = enabled
-indicating that IP Filter has successfully been loaded into the kernel
-and is awaiting.
+Building IPFilter
+=================
+The steps required are as follows:
-Darren
+1. Create the binaries
+
+make linux
+
+2. Create the RPM file
-Features Not Available on Linux, yet:
+make install-linux
-- compiled into the kernel
-"<action> in on <if> to <if> ..."
-"<action> in on <if> dup-to <if> ..."
-"<action> in on <if> fastroute ..."
-"block return-rst ..."
-"map ... proxy ..." (Linux's masquerading is better at present)
+3. In an ideal world, this step wouldn't be required. At this point you
+need to locate the actual RPM file as the rpmbuild failed in the previous
+step. Now run:
+rpm -i /path/to/ipfilter.rpm
+
+At this point IPFilter should be installed and ready to use.
+
+Darren
diff --git a/INSTALL.Sol2 b/INSTALL.Sol2
index 5ba84b931985..fffa97caa362 100644
--- a/INSTALL.Sol2
+++ b/INSTALL.Sol2
@@ -2,6 +2,11 @@
For those running Solaris 2.5 or later, please read COMPILE.2.5 before
building IP Filter.
+Download, build and install the pfil package.
+A pointer to this can be found at:
+
+http://coombs.anu.edu.au/~avalon/ipf-mentat.html
+
Type "make solaris" to build all the required binaries. DO NOT USE THE
GNU make!!!
@@ -12,15 +17,15 @@ directory to SunOS5 and enter the following command:
make package
-This will build the package into SunOS5/<arch>/root, copy that to
-/var/spool/pkg as a package and then start the installation using
-pkgadd.
+This will build the package into SunOS5/<arch>/root, create a package
+file called "ipf.pkg" in the SunOS5 directory and then start the
+installation using pkgadd.
As part of the postinstall script, it will install loadable kernel module
as part of Solaris 2 (using add_drv) making it available for immeadiate use.
-IP Filter will be installed into /opt/CYBSipf (programs, manual pages and
-examples) and create a directory /etc/opt/CYBSipf with a null body file
+IP Filter will be installed into /opt/ipf (programs, manual pages and
+examples) and create a directory /etc/opt/ipf with a null body file
called "ipf.conf" using touch. The rc scripts have been written to look
for the configuration file here, using the installed binaries in /sbin.
diff --git a/INSTALL.Tru64 b/INSTALL.Tru64
new file mode 100644
index 000000000000..08cfca0cbb53
--- /dev/null
+++ b/INSTALL.Tru64
@@ -0,0 +1,18 @@
+
+Versions of Tru64 (aka OSF1) earlier than 5.1 aren't supported since
+the relevant interfaces don't exist. Tru64 5.1 and 5.1a have been
+tested.
+
+ 1. do a "make tru64" (or "make osf") in this directory
+
+ 2. run "make install-osf", in the same directory, to install
+
+To enable IPFilter, you then need to do:
+sysconfig -c ipfilter
+
+Tru64 checkpoints:
+- enable ipforwarding and ipgateway with "iprsetup -s"
+
+Darren Reed
+darrenr@pobox.com
+
diff --git a/IRIX/Makefile b/IRIX/Makefile
new file mode 100644
index 000000000000..d08d9087a090
--- /dev/null
+++ b/IRIX/Makefile
@@ -0,0 +1,81 @@
+#!smake
+#
+# Copyright (C) 2012 by Darren Reed.
+# Copyright (C) 1997 by Marc Boucher.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+# For IRIX
+#
+# Automatically determine compiler switches and defines for kernel compilation
+# based on our current CPU:
+#
+DCPU=`uname -m`
+# workaround minor Makefile.kernio IP22 bug
+#if defined(DCPU) && ( $(DCPU) == "IP22" )
+CMODELWRKAROUND="COMPILATION_MODEL=32"
+#else
+CMODELWRKAROUND=
+#endif
+KFLAGS != smake -d v -n \
+ -f $(ROOT)/var/sysgen/Makefile.kernio \
+ CPUBOARD=$(DCPU) $(CMODELWRKAROUND) 2>/dev/null \
+ | sed -n -e '/^Global:CFLAGS =/h' -e '$$g' -e '$$s/Global:CFLAGS =//' \
+ -e '$$s/ -G *8 / /' -e '$$p' -e 's/-fullwarn//'
+WOFF=-woff 1172,1174,1196,1233,1412,1413,1498,1506,1692
+#
+SGIREV=-DIRIX=$(SGI)
+BINDEST=/usr/sbin
+SBINDEST=/sbin
+MANDIR=/usr/share/man/local
+INCDEST=/usr/include/netinet
+LKMDEST=/var/sysgen/boot
+HERE=IRIX/$(CPUDIR)
+CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -R`-`uname -m`
+RANLIB=echo
+AROPTS=crs
+OBJ=.
+DEST=.
+TOP=..
+TOOL=$(TOP)/tools
+LIBS=-L. -lipf
+#CC=cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O
+CC=cc -common
+CFLAGS=-g -I$(TOP) -I.
+#
+ML=mli_ipl.c
+MLD=$(ML)
+#if defined(IPFLKM) && !empty(IPFLKM)
+MLFLAGS= -G 0
+LKM=ipflkm.o
+#else
+MLFLAGS= -G 8
+LKM=ipfilter.o
+#endif
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
+ "CPUDIR=$(CPUDIR)" "LOOKUP=$(LOOKUP)" "XID=$(XID)"
+CCARGS=$(DEBUG) $(CFLAGS) -D_KMEMUSER -DIPFILTER_LOG
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+CP=/bin/cp
+RM=/bin/rm
+CHMOD=/bin/chmod
+INSTALL=/sbin/install
+LIBSRC=$(TOP)/lib
+#
+DFLAGS=$(WOFF) $(IPFLKM) $(IPFLOG) $(KFLAGS) $(MLFLAGS) -jalr $(SGIREV) \
+ $(LOOKUP) $(XID) #-D_MP_NETLOCKS -DMP
+
+include $(TOP)/lib/Makefile
+
+include Makefile.common
+
+#if !defined(IPFLKM) || empty(IPFLKM)
+ -${RM} -f $(LKMDEST)/ipflkm.o
+ /etc/autoconfig
+#endif
+
diff --git a/IRIX/Makefile.common b/IRIX/Makefile.common
new file mode 100644
index 000000000000..3379d19daf35
--- /dev/null
+++ b/IRIX/Makefile.common
@@ -0,0 +1,380 @@
+MODOBJS=ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o ip_state.o ip_proxy.o \
+ ip_auth.o ip_log.o ip_scan.o ip_sync.o md5.o radix.o ip_nat6.o \
+ ip_lookup.o ip_htable.o ip_pool.o
+IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
+IPFTEST=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_proxy_u.o \
+ ip_auth_u.o ip_fil_u.o ip_log_u.o ip_scan_u.o ip_sync_u.o \
+ ip_lookup_u.o ip_htable_u.o ip_pool_u.o ip_rules_u.o ip_nat6_u.o \
+ ipf_y.o ipf_l.o ipnat_y.o ipnat_l.o ippool_y.o ippool_l.o \
+ bpf_filter_u.o md5_u.o radix_u.o
+IPNAT=ipnat.o ipnat_y.o ipnat_l.o
+IPMON=ipmon.o ipmon_y.o ipmon_l.o
+IPPOOL=ippool_y.o ippool_l.o ippool.o
+IPFSTAT=ipfstat.o
+EXTRA=-DIPFILTER_LOG -DIPFILTER_LOOKUP
+#FIXRADIX=-Dradix_node=ipf_radix_node -Dradix_node_head=ipf_radix_node_head \
+# -Drn_inithead=ipf_rn_inithead -Drn_walktree=ipf_rn_walktree
+FIXRADIX=-D__NET_RADIX_H_
+
+build all: radix_ipf_local.h $(DEST)/libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \
+ ippool ipscan ipsyncm ipsyncs $(LKM)
+ -sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
+
+ipfstat: $(IPFSTAT) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
+ $(IPFSTAT) -o $@ $(LIBS) $(STATETOP_LIB) -lelf
+
+ipf: $(IPF) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(IPF) -o $@ $(LIBS) $(LIBBPF)
+
+ipftest: $(IPFTEST) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(IPFTEST) -o $@ $(LIBS) $(LIBBPF)
+
+ipnat: $(IPNAT) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS) -lelf
+
+ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
+
+ipnat_y.o: ipnat_y.c ipnat_y.h $(TOP)/ip_nat.h ipnat_l.h
+ $(CC) $(CCARGS) -c ipnat_y.c -o $@
+
+ipnat_y.c ipnat_y.h: $(TOOL)/ipnat_y.y $(TOP)/ip_nat.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipnat_l.o: ipnat_l.c ipnat_l.h $(TOP)/ip_nat.h ipnat_y.h
+ $(CC) $(CCARGS) -c ipnat_l.c -o $@
+
+ipnat_l.c: $(TOOL)/lexer.c ipnat_y.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipnat_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+tests:
+ (cd test; make )
+
+ipfstat.o: $(TOOL)/ipfstat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_frag.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_state.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
+ -c $(TOOL)/ipfstat.c -o $@
+
+fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
+ $(TOP)/ipl.h radix_ipf_local.h
+ $(CC) $(CCARGS) $(EXTRA) $(IPFBPF) -I. -c $(TOP)/fil.c -o $@
+
+fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
+ $(TOP)/ipl.h
+ $(CC) $(CCARGS) $(POLICY) $(DFLAGS) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipf.c -o $@
+
+ipfcomp.o: $(TOOL)/ipfcomp.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfcomp.c -o $@
+
+ipftest.o: $(TOOL)/ipftest.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
+ $(CC) $(SGIREV) $(CCARGS) -c $(TOOL)/ipftest.c -o $@
+
+ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat.c -o $@
+
+ip_nat6_u.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat6.c -o $@
+
+ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_proxy.c -o $@
+
+ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_frag.c -o $@
+
+ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_state.c -o $@
+
+ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_auth.c -o $@
+
+ip_rules_u.o: ip_rules.c $(TOP)/ip_rules.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c ip_rules.c -o $@
+
+ip_pool_u.o: $(TOP)/ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_pool.c -o $@
+
+ip_scan_u.o: $(TOP)/ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync_u.o: $(TOP)/ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_sync.c -o $@
+
+ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_lookup.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_lookup.c -o $@
+
+ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_htable.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_htable.c -o $@
+
+ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h radix_ipf_local.h
+ $(CC) $(CCARGS) $(EXTRA) -I. -c $(TOP)/ip_fil.c -o $@
+
+bpf_filter_u.o: $(TOP)/bpf_filter.c
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/bpf_filter.c -o $@
+
+md5_u.o: $(TOP)/md5.c
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/md5.c -o $@
+
+radix_u.o: $(TOP)/radix.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix.c -o $@
+
+ipfs: ipfs.o
+ $(CC) $(CCARGS) ipfs.o -o $@
+
+ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \
+ $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfs.c -o $@
+
+ipsyncm: ipsyncm.o $(DEST)/libipf.a
+ $(CC) $(CCARGS) ipsyncm.o -o $@ $(LIBS)
+
+ipsyncs: ipsyncs.o $(DEST)/libipf.a
+ $(CC) $(CCARGS) ipsyncs.o -o $@ $(LIBS)
+
+ipsyncm.o: $(TOOL)/ipsyncm.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncm.c -o $@
+
+ipsyncs.o: $(TOOL)/ipsyncs.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncs.c -o $@
+
+ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_log.c -o $@
+
+ip_rules.c: $(TOP)/rules/ip_rules $(TOP)/tools/ipfcomp.c ipf
+ ./ipf -cc -nf $(TOP)/rules/ip_rules
+
+$(TOP)/ip_rules.h: ip_rules.c
+ if [ ! -f $(TOP)/ip_rules.h ] ; then \
+ /bin/mv -f ip_rules.h $(TOP); \
+ else \
+ touch $(TOP)/ip_rules.h; \
+ fi
+
+$(LKM): $(MODOBJS)
+ ld $(MLFLAGS) -r -d $(MODOBJS) -o $(LKM)
+
+ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
+
+ip_nat6.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_nat6.c -o $@
+
+ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
+
+ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_state.c -o $@
+
+ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@
+
+ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@
+
+ip_pool.o: $(TOP)/ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h radix_ipf_local.h
+ $(CC) $(CCARGS) $(DFLAGS) $(FIXRADIX) -I. -c $(TOP)/ip_pool.c -o $@
+
+ip_scan.o: $(TOP)/ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync.o: $(TOP)/ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_sync.c -o $@
+
+radix.o: $(TOP)/radix.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) $(DFLAGS) $(FIXRADIX) -c $(TOP)/radix.c -o $@
+
+ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_lookup.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h radix_ipf_local.h
+ $(CC) $(CCARGS) $(DFLAGS) $(FIXRADIX) -I. -c $(TOP)/ip_lookup.c -o $@
+
+ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_htable.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
+
+ip_fil.o: $(TOP)/ip_fil_irix.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(DFLAGS) $(COMPIPF) -c $(TOP)/ip_fil_irix.c -o $@
+
+ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
+
+md5.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(CCARGS) $(DFLAGS) -c $(TOP)/md5.c -o $@
+
+ml_ipl.o: $(TOP)/$(MLD) $(TOP)/ipl.h
+ $(CC) -I. $(CFLAGS) $(DFLAGS) -c $(TOP)/$(ML) -o $@
+
+ipf_y.o: ipf_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h ipf_y.h ipf_l.h
+ $(CC) $(CCARGS) $(IPFBPF) -c ipf_y.c -o $@
+
+ipf_l.o: ipf_l.c $(TOP)/ip_fil.h $(TOP)/ipf.h ipf_y.h ipf_l.h
+ $(CC) $(CCARGS) -c ipf_l.c -o $@
+
+ipf_y.c ipf_y.h: $(TOOL)/ipf_y.y $(TOP)/ipf.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipf_l.c: $(TOOL)/lexer.c $(TOP)/ipf.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipf_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipmon: $(IPMON) $(DEST)/libipf.a
+ $(CC) $(CCARGS) $(LOGFAC) $(IPMON) -o $@ $(LIBS)
+
+ipmon.o: $(TOOL)/ipmon.c $(TOP)/ipmon.h
+ $(CC) $(CCARGS) $(LOGFAC) -c $(TOOL)/ipmon.c -o $@
+
+ipmon_y.o: ipmon_y.c ipmon_y.h $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -c ipmon_y.c -o $@
+
+ipmon_y.c ipmon_y.h: $(TOOL)/ipmon_y.y $(TOP)/ipmon.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipmon_l.o: ipmon_l.c ipmon_y.h $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -c ipmon_l.c -o $@
+
+ipmon_l.c: $(TOOL)/lexer.c $(TOP)/ipmon.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipmon_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipscan: ipscan_y.o ipscan_l.o $(DEST)/libipf.a
+ $(CC) $(DEBUG) ipscan_y.o ipscan_l.o -o $@ $(LIBS)
+
+ipscan_y.o: ipscan_y.c ipscan_y.h $(TOP)/ip_scan.h ipscan_l.h
+ $(CC) $(CCARGS) -c ipscan_y.c -o $@
+
+ipscan_l.o: ipscan_l.c ipscan_y.h $(TOP)/ip_scan.h ipscan_l.h
+ $(CC) $(CCARGS) -I. -c ipscan_l.c -o $@
+
+ipscan_y.h ipscan_y.c: $(TOOL)/ipscan_y.y $(TOP)/ip_scan.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipscan_l.c: $(TOOL)/lexer.c $(TOP)/ip_scan.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ipscan_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ippool: $(IPPOOL)
+ $(CC) $(CCARGS) -I. $(IPPOOL) -o $@ $(LIBS)
+
+ippool.o: $(TOOL)/ippool.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@
+
+ippool_y.o: ippool_y.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -c ippool_y.c -o $@
+
+ippool_l.o: ippool_l.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -I. -c ippool_l.c -o $@
+
+ippool_y.h ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ippool_l.c: $(TOOL)/lexer.c $(TOP)/ip_pool.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+ippool_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make DEST=../$(HERE) ../$(HERE)/$@)
+
+radix_ipf_local.h: $(TOP)/radix_ipf.h
+
+radix_ipf_local.h radix_ipf.h: $(TOP)/radix_ipf.h Makefile
+ cat $(TOP)/radix_ipf.h > $@
+# sed -e 's/radix_node/ipf_radix_node/g' \
+# -e 's/radix_mask/ipf_radix_mask/g' \
+# $(TOP)/radix_ipf.h > $@
+
+.y.c:
+
+.l.c:
+
+clean:
+ ${RM} -f ../ipf ../ipmon ../ipnat ../ippool ../ipftest
+ ${RM} -f ../ipscan ../ipsyncm ../ipsyncs
+ ${RM} -f core *.o *.a ipt ipfstat ipf ipfstat ipftest ipmon
+ ${RM} -f if_ipl ipnat $(LKM)
+ ${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
+ ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
+ ${RM} -f ippool ippool_y.c ippool_y.h ippool_l.c ippool_l.h
+ ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h
+ ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h
+ ${RM} -f ipsyncm ipsyncs ipfs ip_rules.c ip_rules.h
+ ${MAKE} -f Makefile.ipsend ${MFLAGS} TOP=$(TOP) clean
+ -(for i in *; do \
+ if [ -d $${i} -a -f $${i}/Makefile ] ; then \
+ cd $${i}; ($(MAKE) clean TOP=../..); cd ..; \
+ ${RM} $${i}/Makefile $${i}/Makefile.ipsend; \
+ ${RM} $${i}/Makefile.common; \
+ rmdir $${i}; \
+ fi \
+ done)
+
+install:
+ -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipf -O ipf
+ -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipfstat -O ipfstat
+ -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipnat -O ipnat
+
+ -$(INSTALL) -F $(SBINDEST) -m 755 -src $(CPUDIR)/ipmon -O ipmon
+ -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipftest -O ipftest
+ -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipsend -O ipsend
+# -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipsyncs -O ipsyncs
+# -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipsyncm -O ipsyncm
+ -$(INSTALL) -F $(BINDEST) -m 755 -src $(CPUDIR)/ipresend -O ipresend
+ -if [ -r $(LKMDEST)/$(LKM) -a ! -r $(LKMDEST)/$(LKM).DIST ]; then \
+ cp -p $(LKMDEST)/$(LKM) $(LKMDEST)/$(LKM).DIST; \
+ fi
+ -$(INSTALL) -F /var/sysgen/master.d -m 644 ipl
+ -$(INSTALL) -F $(LKMDEST) -m 444 -src $(CPUDIR)/$(LKM) -O $(LKM)
+ -$(INSTALL) -F $(INCDEST) -m 444 -src $(TOP)/ip_fil.h -O ip_fil.h
+ -$(INSTALL) -F $(INCDEST) -m 444 -src $(TOP)/ip_nat.h -O ip_nat.h
+ -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/ipsend.1 -O ipsend.1
+ -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/ipresend.1 -O ipresend.1
+ -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/ipsend/iptest.1 -O iptest.1
+ -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/ipsend/ipsend.5 -O ipsend.5
+ -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipnat.8 -O ipnat.8
+ -$(INSTALL) -F $(MANDIR)/man1 -m 444 -src $(TOP)/man/ipftest.1 -O ipftest.1
+ -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipf.4 -O ipf.4
+ -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipfilter.4 -O ipfilter.4
+ -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipl.4 -O ipl.4
+ -$(INSTALL) -F $(MANDIR)/man4 -m 444 -src $(TOP)/man/ipnat.4 -O ipnat.4
+ -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipf.5 -O ipf.5
+ -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipnat.5 -O ipnat.5
+ -$(INSTALL) -F $(MANDIR)/man5 -m 444 -src $(TOP)/man/ipfilter.5 -O ipfilter.5
+ -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipf.8 -O ipf.8
+ -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipfs.8 -O ipfs.8
+ -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipfstat.8 -O ipfstat.8
+ -$(INSTALL) -F $(MANDIR)/man8 -m 444 -src $(TOP)/man/ipmon.8 -O ipmon.8
+ -$(INSTALL) -F /etc/init.d -m 755 -src ipfboot -O ipf
+#if !defined(IPFLKM) || empty(IPFLKM)
+ -${RM} -f $(LKMDEST)/ipflkm.o
+ /etc/autoconfig
+#endif
diff --git a/IRIX/Makefile.ipsend b/IRIX/Makefile.ipsend
new file mode 100644
index 000000000000..fe9e4afb9451
--- /dev/null
+++ b/IRIX/Makefile.ipsend
@@ -0,0 +1,68 @@
+IOBJS=ipsend.o ip.o ipsopt.o iplang_y.o iplang_l.o
+ROBJS=ipresend.o ip.o resend.o
+TOBJS=iptest.o iptests.o ip.o
+UNIXOBJS=sirix.o arp.o
+OBJ=.
+LIBSRC=../../lib
+DEST=.
+TOP=../..
+LIBS=-L$(OBJ) -lipf
+
+CC=cc
+CFLAGS=-g -I$(TOP)
+
+include $(TOP)/lib/Makefile
+
+all build irix : libipf.a ipsend ipresend iptest
+
+.c.o:
+ $(CC) $(DEBUG) $(CFLAGS) -c $< -o $@
+
+iplang_y.o: $(TOP)/iplang/iplang_y.y
+ (cd $(TOP)/iplang; $(MAKE) 'CFLAGS=$(CFLAGS)' 'DESTDIR=../IRIX/$(CPUDIR)' )
+
+iplang_l.o: $(TOP)/iplang/iplang_l.l
+ (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../IRIX/$(CPUDIR)' )
+
+ipsend: $(IOBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(IOBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll
+
+ipresend: $(ROBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+iptest: $(TOBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+clean:
+ rm -rf *.o core a.out ipsend ipresend iptest
+ rm -rf iplany_y.c iplang_l.c iplang_y.h iplang_y.c
+
+ipsend.o: $(TOP)/ipsend/ipsend.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsend.c -o $@
+
+ipsopt.o: $(TOP)/ipsend/ipsopt.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipsopt.c -o $@
+
+ipresend.o: $(TOP)/ipsend/ipresend.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ipresend.c -o $@
+
+ip.o: $(TOP)/ipsend/ip.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/ip.c -o $@
+
+resend.o: $(TOP)/ipsend/resend.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/resend.c -o $@
+
+iptest.o: $(TOP)/ipsend/iptest.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptest.c -o $@
+
+iptests.o: $(TOP)/ipsend/iptests.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/iptests.c -o $@
+
+sock.o: $(TOP)/ipsend/sock.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sock.c -o $@
+
+arp.o: $(TOP)/ipsend/arp.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/arp.c -o $@
+
+sirix.o: $(TOP)/ipsend/sirix.c
+ $(CC) $(DEBUG) $(CFLAGS) -c $(TOP)/ipsend/sirix.c -o $@
diff --git a/ipsd/ipsd.sed b/IRIX/Makefile.ipsend.std
index e69de29bb2d1..e69de29bb2d1 100644
--- a/ipsd/ipsd.sed
+++ b/IRIX/Makefile.ipsend.std
diff --git a/IRIX/Makefile.std b/IRIX/Makefile.std
new file mode 100644
index 000000000000..5c9e3cf1b1e6
--- /dev/null
+++ b/IRIX/Makefile.std
@@ -0,0 +1,66 @@
+#!smake
+#
+# Copyright (C) 2012 by Darren Reed.
+# Copyright (C) 1997 by Marc Boucher.
+#
+# Redistribution and use in source and binary forms are permitted
+# provided that this notice is preserved and due credit is given
+# to the original authors and the contributors.
+#
+# For IRIX
+#
+# Automatically determine compiler switches and defines for kernel compilation
+# based on our current CPU:
+#
+DCPU=`uname -m`
+KFLAGS=`$(TOP)/IRIX/getkflags`
+#
+BINDEST=/usr/sbin
+SBINDEST=/sbin
+MANDIR=/usr/share/man/local
+INCDEST=/usr/include/netinet
+LKMDEST=/var/sysgen/boot
+HERE=IRIX/$(CPUDIR)
+CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`
+RANLIB=echo
+AROPTS=crs
+OBJ=.
+DEST=.
+TOP=..
+TOOL=$(TOP)/tools
+LIBS=-L. -lipf
+#CC=cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O
+CFLAGS=-g -I$(TOP)
+#
+ML=mli_ipl.c
+MLD=$(ML)
+#if defined(IPFLKM) && !empty(IPFLKM)
+MLFLAGS= -G 0
+LKM=ipflkm.o
+#else
+MLFLAGS= -G 8
+LKM=ipfilter.o
+#endif
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
+ "CPUDIR=$(CPUDIR)" "LOOKUP=$(LOOKUP)"
+#
+CCARGS=-D_STANDALONE $(DEBUG) $(CFLAGS) -D_KMEMUSER -DIPFILTER_LOG
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+CP=/bin/cp
+RM=/bin/rm
+CHMOD=/bin/chmod
+INSTALL=/sbin/install
+LIBSRC=$(TOP)/lib
+#
+DFLAGS=$(IPFLKM) $(IPFLOG) $(KFLAGS) $(MLFLAGS) -jalr #-D_MP_NETLOCKS -DMP \
+ $(LOOKUP)
+
+include $(TOP)/lib/Makefile
+
+include Makefile.common
+
diff --git a/IRIX/cpurev b/IRIX/cpurev
new file mode 100755
index 000000000000..0f5b322e46bc
--- /dev/null
+++ b/IRIX/cpurev
@@ -0,0 +1,10 @@
+#!/bin/sh
+rev=`uname -R 2>/dev/null`
+if [ $? -eq 0 ] ; then
+ rev=`echo $rev | awk ' { print $NF; } ' -`
+else
+ rev=`uname -r`
+fi
+model=`uname -m|sed -e 's!/!.!'`
+echo $rev.$model
+exit 0
diff --git a/test/expected/expected.sed b/IRIX/getkflags
index e69de29bb2d1..e69de29bb2d1 100644..100755
--- a/test/expected/expected.sed
+++ b/IRIX/getkflags
diff --git a/IRIX/getrev b/IRIX/getrev
new file mode 100755
index 000000000000..69b5f6556c2f
--- /dev/null
+++ b/IRIX/getrev
@@ -0,0 +1,13 @@
+#!/bin/sh
+uname -R 2>/dev/null >/dev/null
+if [ $? -eq 0 ] ; then
+ osrev=`uname -R| awk ' { print $NF; } ' -`
+ sub=`expr $osrev : '[0-9]*\.[0-9]*\.\([0-9]*\).*'`
+else
+ osrev=`uname -r`
+ sub=0
+fi
+major=`expr $osrev : '\([0-9]\)\..*'`
+minor=`expr $osrev : '[0-9]*\.\([0-9]*\).*'`
+printf '%d%02d%02d' $major $minor $sub
+exit 0
diff --git a/IRIX/ipfboot b/IRIX/ipfboot
new file mode 100644
index 000000000000..e5ad14643670
--- /dev/null
+++ b/IRIX/ipfboot
@@ -0,0 +1,85 @@
+#!/bin/sh
+#
+# Major device number definition from /dev/MAKEDEV:
+C_IPL=79 # IP packet filtering device
+#
+PATH=/sbin:/usr/etc:/usr/sbin:${PATH}
+if [ -r /var/sysgen/boot/ipflkm.o ]; then
+ ipflkm=true
+else
+ ipflkm=false
+fi
+id=`ml list | grep ipl | awk ' { print $2; } ' -`
+pid=`ps -e | grep ipmon | awk ' { print $1 } ' -`
+
+IPFILCONF=/etc/ipf.conf
+IPNATCONF=/etc/ipnat.conf
+
+case "$1" in
+ start)
+ if [ x$pid != x ] ; then
+ kill -TERM $pid
+ fi
+ if [ x$id != x ] ; then
+ /sbin/ml unld $id
+ fi
+ if ${ipflkm}; then
+ /sbin/ml ld -v -c /var/sysgen/boot/ipflkm.o -p ipl -s $C_IPL
+ fi
+ (cd /dev && rm -f ipf ipl ipnat ipstate ipauth)
+ (cd /dev && rm -f ipsync ipscan iplookup)
+ mknod /dev/ipf c $C_IPL 0
+ mknod /dev/ipl c $C_IPL 0
+ mknod /dev/ipnat c $C_IPL 1
+ mknod /dev/ipstate c $C_IPL 2
+ mknod /dev/ipauth c $C_IPL 3
+ mknod /dev/ipsync c $C_IPL 4
+ mknod /dev/ipscan c $C_IPL 5
+ mknod /dev/iplookup c $C_IPL 7
+ (cd /dev && chmod 600 ipf ipl ipnat ipstate ipauth)
+ (cd /dev && chmod 600 ipsync ipscan iplookup)
+ ipf -E
+ [ -r ${IPFILCONF} ] && ipf -Fa -f ${IPFILCONF}
+ [ -r ${IPNATCONF} ] && ipnat -CF -f ${IPNATCONF}
+ ipmon -sn </dev/null >/dev/null 2>&1 &
+ ;;
+
+ stop)
+ if [ "x$pid" != "x" ] ; then
+ kill -TERM $pid
+ fi
+ if ${ipflkm}; then
+ if [ x$id != x ] ; then
+ /sbin/ml unld $id && \
+ (cd /dev && rm -f ipf ipl ipnat ipstate ipauth)
+ (cd /dev && rm -f ipsync ipscan iplookup)
+ fi
+ else
+ ipf -D
+ fi
+ ;;
+
+ reload)
+ if [ -r ${IPFILCONF} ]; then
+ ipf -I -Fa -f ${IPFILCONF}
+ if [ $? != 0 ]; then
+ echo "$0: reload of ${IPFILCONF} into alternate set failed"
+ else
+ ipf -s
+ fi
+ fi
+ if [ -r ${IPNATCONF} ]; then
+ ipnat -CF -f ${IPNATCONF}
+ if [ $? != 0 ]; then
+ echo "$0: reload of ${IPNATCONF} failed"
+ fi
+ fi
+ ;;
+
+ *)
+ echo "Usage: $0 (start|stop|reload)" >&2
+ exit 1
+ ;;
+
+esac
+exit 0
diff --git a/IRIX/ipl b/IRIX/ipl
new file mode 100644
index 000000000000..b461e8513420
--- /dev/null
+++ b/IRIX/ipl
@@ -0,0 +1,3 @@
+*FLAG PREFIX SOFT #DEV DEPENDENCIES
+codns ipl 79 -
+$$$
diff --git a/Linux/Makefile b/Linux/Makefile
new file mode 100644
index 000000000000..033b5cb25ff7
--- /dev/null
+++ b/Linux/Makefile
@@ -0,0 +1,540 @@
+#
+# Copyright (C) 2012 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+#gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2
+#-fomit-frame-pointer -fno-strength-reduce -pipe -m486 -malign-loops=2
+#-malign-jumps=2 -malign-functions=2 -DCPU=586 -c -o ip_input.o ip_input.c
+
+SPECFILE=ipfilter.spec
+ROOTDIR=/usr/src/redhat/BUILD/ipfilter/
+BINDEST=/usr/bin
+SBINDEST=/sbin
+MANDIR=/usr/share/man
+#CC=cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O
+CFLAGS=-g -I$(TOP)
+#
+# For Linux
+#
+CPUTYPE:=`uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/`
+ARCH:=$(shell uname -i)
+OBJ=.
+TOP=..
+TOOL=$(TOP)/tools
+CPU:=$(shell uname -i)
+KREV:=$(shell uname -r)
+MODEXT:=$(shell modprobe -l | head -n 1 | sed -e 's/.*\.\([^\.]*\)$$/\1/')
+MODDIR=/lib/modules/$(KREV)
+IPV4DIR=$(MODDIR)/kernel/net/ipv4/
+CPUDIR=$(shell uname -s|sed -e 's@/@@g')-$(KREV)-$(ARCH)
+HERE=Linux
+#LEXLIB=-ll
+DEST=$(OBJ)
+DEBUG=-g
+LINUXKERNEL=/usr/src/linux
+LIBS=-L$(OBJ) -lipf $(LIBBPF)
+INC=-nostdinc -I$(TOP) -I$(LINUXKERNEL)/include/
+DEF=-D$(CPU) -D__$(CPU)__ -DINET -D__KERNEL__ -DCONFIG_NETFILTER -DMODULE
+KCFLAGS=-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -Wno-trigraphs \
+ -fno-strict-aliasing -fno-common -DLINUX=$(LINUX) -I/usr/src/linux/asm/${mcore}
+IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST
+IPFILC=ip_lfil.c
+XCFLAGS=-DLINUX=$(LINUX) -I.. -I`pwd`/.. -I`pwd`/../.. $(LOOKUP) $(XID) $(IPFLOG) -O2
+EXTRA_CFLAGS += $(XCFLAGS)
+#
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "DEBUG=$(DEBUG)" "DCPU=$(CPU)" "CPUDIR=$(CPUDIR)"
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+CP=/bin/cp
+RM=/bin/rm
+CHMOD=/bin/chmod
+INSTALL=install
+INSTALL=$(TOP)/bsdinstall
+LIBSRC=$(TOP)/lib
+RANLIB=ranlib
+AROPTS=crs
+#
+MODOBJS=$(OBJ)/linux.o $(OBJ)/ip_fil.o $(OBJ)/fil.o $(OBJ)/ip_nat.o \
+ $(OBJ)/ip_frag.o $(OBJ)/ip_scan.o $(OBJ)/ip_sync.o $(OBJ)/ip_nat6.o \
+ $(OBJ)/ip_state.o $(OBJ)/ip_proxy.o $(OBJ)/ip_auth.o \
+ $(OBJ)/ip_lookup.o $(OBJ)/ip_pool.o $(OBJ)/ip_htable.o \
+ $(OBJ)/ip_dstlist.o $(OBJ)/ip_log.o $(OBJ)/radix_ipf.o $(OBJ)/md5.o
+KCCARGS=$(KCFLAGS) -D_BSD_SOURCE=1 $(IPFLKM) $(DEF) $(DLKM) -march=$(ARCH) \
+ $(INC) -iwithprefix include -I. $(LOOKUP) $(XID) $(IPFLOG)
+IPF=$(OBJ)/ipf.o $(OBJ)/ipfcomp.o $(OBJ)/ipf_y.o $(OBJ)/ipf_l.o
+IPT=$(OBJ)/ipftest.o $(OBJ)/ip_fil_u.o $(OBJ)/ip_state_u.o \
+ $(OBJ)/ip_frag_u.o $(OBJ)/ip_nat_u.o $(OBJ)/fil_u.o $(OBJ)/ip_nat6_u.o \
+ $(OBJ)/ip_pool_u.o $(OBJ)/ip_htable_u.o $(OBJ)/ip_lookup_u.o \
+ $(OBJ)/ip_proxy_u.o $(OBJ)/ip_auth_u.o $(OBJ)/ip_log_u.o \
+ $(OBJ)/ippool_y.o $(OBJ)/ippool_l.o $(OBJ)/ipnat_y.o $(OBJ)/ipnat_l.o \
+ $(OBJ)/ipf_y.o $(OBJ)/ipf_l.o $(OBJ)/radix_ipf_u.o $(OBJ)/md5_u.o \
+ $(OBJ)/ip_dstlist_u.o $(OBJ)/ip_scan_u.o $(OBJ)/ip_sync_u.o
+# $(OBJ)/ip_trafcon_u.o
+IPNAT=$(OBJ)/ipnat.o $(OBJ)/ipnat_y.o $(OBJ)/ipnat_l.o
+IPMON=$(OBJ)/ipmon.o $(OBJ)/ipmon_y.o $(OBJ)/ipmon_l.o
+IPPOOL=$(OBJ)/ippool_y.o $(OBJ)/ippool_l.o $(OBJ)/kmem.o $(OBJ)/ippool.o
+IPTRAFCON=$(OBJ)/iptrafcon.o
+FILS=$(OBJ)/ipfstat.o
+#
+CCARGS=-I. -I$(CPUDIR) $(DEBUG) $(CFLAGS) $(LOOKUP) $(XID) $(IPFLOG) -DLINUX=$(LINUX)
+EXTRA=-DIPFILTER_LOG -DIPFILTER_LOOKUP
+
+include $(TOP)/lib/Makefile
+
+$(OBJ):
+ @if [ ! -d $(OBJ) ] ; then \
+ mkdir $(OBJ) ; \
+ if [ $(LINUX) -ge 20600 ] ; then \
+ ln -s ../Makefile.kbuild $(OBJ)/Makefile ; \
+ fi ; \
+ ln -s ../Makefile.ipsend $(OBJ) ; \
+ fi
+
+build all: $(OBJ) $(OBJ)/ipf $(OBJ)/ipfs $(OBJ)/ipfstat $(OBJ)/ipftest \
+ $(OBJ)/ipmon $(OBJ)/ipnat $(OBJ)/ippool
+ -sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$(OBJ)/$$i $(TOP); done'
+
+ipflkm:
+ if [ $(LINUX) -lt 20499 ] ; then \
+ make $(OBJ)/ipfilter.o; \
+ else \
+ (cd $(OBJ); pwd; unset MAKEFLAGS; make -C "$(MODDIR)/build" SUBDIRS="`pwd`" TOP="../.." CPUDIR="$(CPUDIR)" EXTRA_CFLAGS="$(EXTRA_CFLAGS)" OBJ= modules); \
+ fi
+
+$(OBJ)/ipfstat: $(FILS) $(OBJ)/libipf.a $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_state.h \
+ $(TOP)/ip_nat.h
+ -if [ ! -f /usr/lib/libelf.so ] ; then \
+ (cd /usr/lib; a=`echo libelf.so.*|head -n 1`; \
+ if [ "$$a" != "" ] ; then ln -s $$a libelf.so; fi) \
+ fi
+ $(CC) $(CCARGS) $(FILS) -o $@ -lelf $(LIBS) $(STATETOP_LIB)
+
+$(OBJ)/ipf: $(IPF) $(OBJ)/libipf.a
+ $(CC) $(CCARGS) $(IPF) -o $@ $(LIBS) $(LEXLIB) $(LIBBPF)
+
+$(OBJ)/ipftest: $(IPT) $(OBJ)/libipf.a
+ $(CC) $(CCARGS) $(IPT) -o $@ $(LIBS) $(LEXLIB) $(LIBBPF)
+ /bin/rm -f $(TOP)/ipftest
+ ln -s `pwd`/ipftest $(TOP)
+
+$(OBJ)/ipnat: $(IPNAT) $(OBJ)/libipf.a
+ -if [ ! -f /usr/lib/libelf.so ] ; then \
+ (cd /usr/lib; a=`echo libelf.so.*|head -n 1`; \
+ if [ "$$a" != "" ] ; then ln -s $$a libelf.so; fi) \
+ fi
+ $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS) -lelf $(LEXLIB)
+
+$(OBJ)/ipfs: $(OBJ)/ipfs.o $(OBJ)/libipf.a
+ $(CC) $(CCARGS) $(OBJ)/ipfs.o -o $@ $(LIBS)
+
+$(OBJ)/ipsyncm: ipsyncm.o $(OBJ)/libipf.a
+ $(CC) $(CCARGS) ipsyncm.o -o $@
+
+$(OBJ)/ipsyncs: ipsyncs.o $(OBJ)/ibipf.a
+ $(CC) $(CCARGS) ipsyncs.o -o $@
+
+tests:
+ (cd test; make )
+
+$(OBJ)/ipfstat.o: $(TOOL)/ipfstat.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) -c $(TOOL)/ipfstat.c -o $@
+
+$(OBJ)/ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \
+ $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfs.c -o $@
+
+$(OBJ)/fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+$(OBJ)/fil.o: fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h ipf-linux.h
+ $(CC) $(KCCARGS) $(POLICY) $(IPFBPF) -c fil.c -o $@
+
+fil.c: $(TOP)/fil.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipf.c -o $@
+
+$(OBJ)/ipfcomp.o: $(TOOL)/ipfcomp.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfcomp.c -o $@
+
+$(OBJ)/ipf_y.o: $(OBJ)/ipf_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ipf_y.h $(OBJ)/ipf_l.h
+ $(CC) $(CCARGS) $(IPFBPF) -c $(OBJ)/ipf_y.c -o $@
+
+$(OBJ)/ipf_l.o: $(OBJ)/ipf_l.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(OBJ)/ipf_y.h \
+ $(OBJ)/ipf_l.h
+ $(CC) $(CCARGS) -I. -I$(TOP)/tools -c $(OBJ)/ipf_l.c -o $@
+
+$(OBJ)/ipf_y.h $(OBJ)/ipf_y.c: $(TOOL)/ipf_y.y $(TOP)/ipf.h $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+ mv $(OBJ)/ipf_y.c $(OBJ)/ipf_y.c.NP
+ sed -e 's/int ipf_yygrowstack();/int ipf_yygrowstack(void);/' \
+ $(OBJ)/ipf_y.c.NP > $(OBJ)/ipf_y.c
+
+$(OBJ)/ipf_l.c: $(TOOL)/lexer.c $(TOP)/ipf.h $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ipf_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ippool_y.o: $(OBJ)/ippool_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ippool_y.h $(OBJ)/ippool_l.h
+ $(CC) $(CCARGS) -c $(OBJ)/ippool_y.c -o $@
+
+$(OBJ)/ippool_l.o: $(OBJ)/ippool_l.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ippool_y.h $(OBJ)/ippool_l.h
+ $(CC) $(CCARGS) -I. -I$(TOP)/tools -c $(OBJ)/ippool_l.c -o $@
+
+$(OBJ)/ippool_y.h $(OBJ)/ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ipf.h \
+ $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+ mv $(OBJ)/ippool_y.c $(OBJ)/ippool_y.c.NP
+ sed -e 's/int ippool_yygrowstack();/int ippool_yygrowstack(void);/' \
+ $(OBJ)/ippool_y.c.NP > $(OBJ)/ippool_y.c
+
+$(OBJ)/ippool_l.c: $(TOOL)/lexer.c $(TOP)/ipf.h $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ippool_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ippool.o: $(TOOL)/ippool.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@
+
+$(OBJ)/ippool: $(IPPOOL) $(OBJ)/libipf.a
+ $(CC) $(CCARGS) $(IPPOOL) -o $@ $(LIBS) -lelf $(LEXLIB)
+
+$(OBJ)/ipnat_y.o: $(OBJ)/ipnat_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ipnat_y.h $(OBJ)/ipnat_l.h
+ $(CC) $(CCARGS) -c $(OBJ)/ipnat_y.c -o $@
+
+$(OBJ)/ipnat_l.o: $(OBJ)/ipnat_l.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ipnat_y.h $(OBJ)/ipnat_l.h
+ $(CC) $(CCARGS) -I. -I$(TOP)/tools -c $(OBJ)/ipnat_l.c -o $@
+
+$(OBJ)/ipnat_y.h $(OBJ)/ipnat_y.c: $(TOOL)/ipnat_y.y $(TOP)/ipf.h \
+ $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+ mv $(OBJ)/ipnat_y.c $(OBJ)/ipnat_y.c.NP
+ sed -e 's/int ipnat_yygrowstack();/int ipnat_yygrowstack(void);/' \
+ $(OBJ)/ipnat_y.c.NP > $(OBJ)/ipnat_y.c
+
+$(OBJ)/ipnat_l.c: $(TOOL)/lexer.c $(TOP)/ipf.h $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ipnat_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ipftest.o: $(TOOL)/ipftest.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipftest.c -o $@
+
+$(OBJ)/ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
+
+$(OBJ)/md5_u.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/md5.c -o $@
+
+$(OBJ)/radix_ipf_u.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/radix_ipf.c -o $@
+
+$(OBJ)/ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_nat.c -o $@
+
+$(OBJ)/ip_nat6_u.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_nat6.c -o $@
+
+$(OBJ)/ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_proxy.c -o $@
+
+$(OBJ)/ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_frag.c -o $@
+
+$(OBJ)/ip_scan_u.o: $(TOP)/ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_scan.c -o $@
+
+$(OBJ)/ip_sync_u.o: $(TOP)/ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_sync.c -o $@
+
+$(OBJ)/ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_state.c -o $@
+
+$(OBJ)/ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_auth.c -o $@
+
+$(OBJ)/ip_pool_u.o: $(TOP)/ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_pool.c -o $@
+
+$(OBJ)/ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_htable.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_htable.c -o $@
+
+$(OBJ)/ip_dstlist_u.o: $(TOP)/ip_dstlist.c $(TOP)/ip_dstlist.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_dstlist.c -o $@
+
+$(OBJ)/ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_lookup.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_lookup.c -o $@
+
+$(OBJ)/ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_fil.c -o $@
+
+$(OBJ)/ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) -c $(TOP)/ip_log.c -o $@
+
+$(OBJ)/ipfilter.o: $(MODOBJS)
+ ld -r $(MODOBJS) -o $(OBJ)/ipfilter.o
+ ${RM} -f $(OBJ)/ipfilter
+
+$(OBJ)/ip_nat.o: ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_nat.c -o $@
+
+$(OBJ)/ip_nat6.o: ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_nat6.c -o $@
+
+ip_nat.c: $(TOP)/ip_nat.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_frag.o: ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_frag.c -o $@
+
+ip_frag.c: $(TOP)/ip_frag.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_state.o: ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_state.c -o $@
+
+ip_state.c: $(TOP)/ip_state.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_proxy.o: ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_proxy.c -o $@
+
+ip_proxy.c: $(TOP)/ip_proxy.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_auth.o: ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_auth.c -o $@
+
+ip_auth.c: $(TOP)/ip_auth.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_lookup.o: ip_lookup.c $(TOP)/ip_lookup.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_lookup.c -o $@
+
+ip_lookup.c: $(TOP)/ip_lookup.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_htable.o: ip_htable.c $(TOP)/ip_htable.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_htable.c -o $@
+
+ip_htable.c: $(TOP)/ip_htable.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_dstlist.o: ip_dstlist.c $(TOP)/ip_dstlist.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_dstlist.c -o $@
+
+ip_dstlist.c: $(TOP)/ip_dstlist.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_pool.o: ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_pool.c -o $@
+
+ip_pool.c: $(TOP)/ip_pool.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_scan.o: ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_scan.c -o $@
+
+ip_scan.c: $(TOP)/ip_scan.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_sync.o: ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_sync.c -o $@
+
+ip_sync.c: $(TOP)/ip_sync.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/ip_log.o: ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h ipf-linux.h
+ $(CC) $(KCCARGS) -c ip_log.c -o $@
+
+ip_log.c: $(TOP)/ip_log.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+$(OBJ)/radix_ipf.o: radix_ipf.c $(TOP)/radix_ipf.h ipf-linux.h
+ $(CC) $(KCCARGS) -c radix_ipf.c -o $@
+
+$(OBJ)/md5.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(KCCARGS) -c $(TOP)/md5.c -o $@
+
+radix_ipf.c: $(TOP)/radix_ipf.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_rules.c: $(TOP)/rules/ip_rules $(TOP)/tools/ipfcomp.o $(OBJ)/ipf
+ $(OBJ)/ipf -cc -nf $(TOP)/rules/ip_rules
+
+$(TOP)/ip_rules.h: ip_rules.c
+ if [ ! -f $(TOP)/ip_rules.h ] ; then \
+ /bin/mv -f ip_rules.h $(TOP); \
+ else \
+ touch $(TOP)/ip_rules.h; \
+ fi
+
+$(OBJ)/linux.o: $(TOP)/linux.c $(TOP)/radix_ipf.h ipf-linux.h
+ $(CC) $(KCCARGS) -DMODVERSIONS -D__GENKSYMS__ -DEXPORT_SYMTAB -c $(TOP)/linux.c -o $@
+
+$(OBJ)/ip_fil.o: $(TOP)/ip_fil_linux.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ ipf-linux.h
+ $(CC) $(KCCARGS) -c $(TOP)/ip_fil_linux.c -o $@
+
+$(OBJ)/ipmon: $(IPMON) $(OBJ)/libipf.a
+ $(CC) $(CCARGS) $(IPMON) -o $@ $(LIBS) $(LEXLIB) -ldl
+
+$(OBJ)/ipmon.o: $(TOOL)/ipmon.c $(TOP)/ipmon.h
+ $(CC) $(CCARGS) $(LOGFAC) -c $(TOOL)/ipmon.c -o $@
+
+$(OBJ)/ipmon_y.o: $(OBJ)/ipmon_y.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ipmon_y.h $(OBJ)/ipmon_l.h
+ $(CC) $(CCARGS) -c $(OBJ)/ipmon_y.c -o $@
+
+$(OBJ)/ipmon_l.o: $(OBJ)/ipmon_l.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(OBJ)/ipmon_y.h $(OBJ)/ipmon_l.h
+ $(CC) $(CCARGS) -I. -I$(TOP)/tools -c $(OBJ)/ipmon_l.c -o $@
+
+$(OBJ)/ipmon_y.h $(OBJ)/ipmon_y.c: $(TOOL)/ipmon_y.y $(TOP)/ipf.h \
+ $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+ mv $(OBJ)/ipmon_y.c $(OBJ)/ipmon_y.c.NP
+ sed -e 's/int ipmon_yygrowstack();/int ipmon_yygrowstack(void);/' \
+ $(OBJ)/ipmon_y.c.NP > $(OBJ)/ipmon_y.c
+
+$(OBJ)/ipmon_l.c: $(TOOL)/lexer.c $(TOP)/ipf.h $(TOP)/ip_fil.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+$(OBJ)/ipmon_l.h: $(TOOL)/lexer.h
+ (cd $(TOOL); make "DEST=../$(HERE)/$(OBJ)" ../$(HERE)/$@)
+
+clean:
+ ${RM} -f $(TOP)/ipf $(TOP)/ipnat $(TOP)/ipmon $(TOP)/ippool
+ ${RM} -f $(TOP)/ipftest $(TOP)/ipscan $(TOP)/ipsyncm $(TOP)/ipsyncs
+ ${RM} -f *.core *.o ipt fils ipf ipfstat ipftest ipmon ippool ipnat \
+ ipfilter.o
+ ${RM} -f fil.c ip_auth.c ip_frag.c ip_htable.c ip_lookup.c ip_log.c
+ ${RM} -f ip_lookup.c ip_nat.c ip_pool.c ip_proxy.c ip_scan.c
+ ${RM} -f ip_state.c ip_sync.c radix_ipf.c ip_rules.c ip_rules.h
+ ${MAKE} -f Makefile.ipsend ${MFLAGS} clean
+ -(for i in Linux*; do \
+ if [ -d $${i} ] ; then \
+ /bin/rm -rf $${i}; \
+ fi \
+ done)
+
+install: $(CPUDIR)/$(SPECFILE) $(CPUDIR)/ipfilter
+ mkdir -p $(ROOTDIR) $(ROOTDIR)/usr/include/netinet
+ mkdir -p $(ROOTDIR)$(SBINDEST) $(ROOTDIR)$(BINDEST)
+ mkdir -p $(ROOTDIR)$(IPV4DIR)
+ mkdir -p $(ROOTDIR)/etc/init.d
+ mkdir -p $(ROOTDIR)/etc/sysconfig
+ mkdir -p $(ROOTDIR)$(MANDIR)/man1
+ mkdir -p $(ROOTDIR)$(MANDIR)/man4
+ mkdir -p $(ROOTDIR)$(MANDIR)/man5
+ mkdir -p $(ROOTDIR)$(MANDIR)/man8
+ mkdir -p $(ROOTDIR)/usr/share/ipfilter/examples
+ touch $(ROOTDIR)/etc/sysconfig/ipfilter
+ for i in fil nat compat state sync scan frag auth lookup pool htable proxy; do \
+ $(CP) $(TOP)/ip_$$i.h $(ROOTDIR)/usr/include/netinet/ip_$$i.h; \
+ $(CHMOD) 444 $(ROOTDIR)/usr/include/netinet/ip_$$i.h; \
+ done
+ $(CP) $(TOP)/ipl.h $(ROOTDIR)/usr/include/netinet/ipl.h
+ -if [ -d $(IPV4DIR) ] ; then \
+ if [ -f $(CPUDIR)/ipfilter.$(MODEXT) ] ; then \
+ cp $(CPUDIR)/ipfilter.$(MODEXT) $(ROOTDIR)$(IPV4DIR)/ipfilter.$(MODEXT); \
+ else \
+ cp $(CPUDIR)/ipfilter.o $(ROOTDIR)$(IPV4DIR)/ipfilter.$(MODEXT); \
+ fi \
+ fi
+ (for i in ipfstat ipf ipnat ippool ipfs; do \
+ (cd $(CPUDIR); ../$(INSTALL) -c -s -g wheel -m 755 -o root $$i $(ROOTDIR)$(SBINDEST)); \
+ done;)
+ (for i in ipmon ipftest; do \
+ (cd $(CPUDIR); ../$(INSTALL) -c -s -g wheel -m 755 -o root $$i $(ROOTDIR)$(BINDEST)); \
+ done;)
+ (cd $(CPUDIR); ../$(INSTALL) -c -g wheel -m 755 -o root ipfilter $(ROOTDIR)/etc/init.d)
+ (cd $(TOP)/man; make INSTALL=../bsdinstall MANDIR=$(ROOTDIR)$(MANDIR) install; cd $(TOP))
+ for i in BASIC_1.FW BASIC_2.FW BASIC.NAT example.1 example.2 \
+ example.3 example.4 example.5 example.6 example.7 \
+ example.8 example.9 example.10 example.11 example.12 \
+ example.13 example.sr firewall ftp-proxy ftppxy ipmon.conf \
+ ip_rules nat.eg nat-setup pool.conf server tcpstate; do \
+ $(CP) $(TOP)/rules/$$i $(ROOTDIR)/usr/share/ipfilter/examples; \
+ $(CHMOD) 444 $(ROOTDIR)/usr/share/ipfilter/examples/$$i; \
+ chown root:root $(ROOTDIR)/usr/share/ipfilter/examples/$$i; \
+ done
+ rpmbuild -bb $(CPUDIR)/$(SPECFILE)
+ rpm -i ipfilter
+
+$(CPUDIR)/$(SPECFILE): $(SPECFILE).dist
+ sed -e "s/KERNELBUILD/$(KREV)/" \
+ -e "s/MODEXT/$(MODEXT)/" \
+ -e "s/TURNONIPFILTER/`./howchkconfig`/" \
+ $< > $@
+
+$(CPUDIR)/ipfilter:
+ ./mkinit `pwd`/$(CPUDIR)
+
diff --git a/Linux/Makefile.ipsend b/Linux/Makefile.ipsend
new file mode 100644
index 000000000000..5dd7f345763d
--- /dev/null
+++ b/Linux/Makefile.ipsend
@@ -0,0 +1,79 @@
+OBJS=ipsend.o ip.o ipsopt.o iplang_y.o iplang_l.o
+IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o
+ROBJS=ipresend.o ip.o resend.o $(IPFTO) opt.o
+TOBJS=iptest.o iptests.o ip.o
+UNIXOBJS=lsock.o slinux.o larp.o
+INC=-I/usr/include -I/usr/src/linux/include
+
+CC=cc
+#-Wuninitialized -Wstrict-prototypes -O
+CFLAGS=-g -I$(TOP)
+#
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS) $(SOLARIS2)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "SOLARIS2=$(SOLARIS2)" "DEBUG=$(DEBUG)" "DCPU=$(CPU)" \
+ "CPUDIR=$(CPUDIR)"
+#
+all build bsd-bpf : ipsend ipresend iptest
+
+iplang_y.o: $(TOP)/iplang/iplang_y.y
+ (cd $(TOP)/iplang; $(MAKE) ../Linux/$(CPUDIR)/iplang_y.o $(MFLAGS) "LINUX=$(INC) $(LINUXK)" 'DESTDIR=../Linux/$(CPUDIR)' )
+
+iplang_l.o: $(TOP)/iplang/iplang_l.l
+ (cd $(TOP)/iplang; $(MAKE) ../Linux/$(CPUDIR)/iplang_l.o $(MFLAGS) "LINUX=$(INC) $(LINUXK)" 'DESTDIR=../Linux/$(CPUDIR)' )
+
+.c.o:
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $< -o $@
+
+ipsend: $(OBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -lfl -lelf
+
+ipresend: $(ROBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS) -lfl -lelf
+
+iptest: $(TOBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS) -lfl -lelf
+
+clean:
+ rm -rf $(TOBJS) $(OBJS) $(ROBJS) $(UNIXOBJS) core a.out ipsend ipresend iptest
+
+ipsend.o: $(TOP)/ipsend/ipsend.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/ipsend.c -o $@
+
+ipsopt.o: $(TOP)/ipsend/ipsopt.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/ipsopt.c -o $@
+
+ipresend.o: $(TOP)/ipsend/ipresend.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/ipresend.c -o $@
+
+ip.o: $(TOP)/ipsend/ip.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/ip.c -o $@
+
+resend.o: $(TOP)/ipsend/resend.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/resend.c -o $@
+
+ipft_sn.o: $(TOP)/ipft_sn.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipft_sn.c -o $@
+
+ipft_pc.o: $(TOP)/ipft_pc.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipft_pc.c -o $@
+
+iptest.o: $(TOP)/ipsend/iptest.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/iptest.c -o $@
+
+iptests.o: $(TOP)/ipsend/iptests.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/iptests.c -o $@
+
+lsock.o: $(TOP)/ipsend/lsock.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/lsock.c -o $@
+
+slinux.o: $(TOP)/ipsend/slinux.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/slinux.c -o $@
+
+larp.o: $(TOP)/ipsend/larp.c
+ $(CC) $(DEBUG) $(CFLAGS) $(INC) $(LINUXK) -c $(TOP)/ipsend/larp.c -o $@
+
+install:
+ -$(INSTALL) -cs -g wheel -m 755 -o root ipsend ipresend iptest $(BINDEST)
+
diff --git a/Linux/Makefile.kbuild b/Linux/Makefile.kbuild
new file mode 100644
index 000000000000..bab8df0a9915
--- /dev/null
+++ b/Linux/Makefile.kbuild
@@ -0,0 +1,198 @@
+#
+# Copyright (C) 2012 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+CONFIG_IPFILTER=m
+#
+# For Linux
+#
+CPUTYPE:=$(shell uname -m | sed -e 's/i.86/i386/' -e 's/sun4u/sparc64/' -e 's/arm.*/arm/' -e 's/sa110/arm/')
+ARCH:=$(shell uname -m | sed -e 's/i.86/i386/')
+OBJ=.
+TOP=../..
+CPU:=$(shell uname -i)
+KREV:=$(shell uname -r)
+MODDIR=/lib/modules/$(KREV)
+IPV4DIR=$(MODDIR)/kernel/net/ipv4/
+CPUDIR=
+DEBUG=-g
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+#
+MODOBJS=$(OBJ)/linuxm.o $(OBJ)/ip_film.o $(OBJ)/fil.o $(OBJ)/ip_nat.o \
+ $(OBJ)/ip_frag.o $(OBJ)/ip_scan.o $(OBJ)/ip_sync.o \
+ $(OBJ)/ip_state.o $(OBJ)/ip_proxy.o $(OBJ)/ip_auth.o \
+ $(OBJ)/ip_lookup.o $(OBJ)/ip_pool.o $(OBJ)/ip_htable.o \
+ $(OBJ)/ip_dstlist.o $(OBJ)/ip_log.o $(OBJ)/radix.o $(OBJ)/md5.o
+
+obj-$(CONFIG_IPFILTER) += ipfilter.o
+ipfilter-objs =$(MODOBJS)
+
+all: ipflkm
+
+ipflkm:
+ if [ $(LINUX) -lt 20499 ] ; then \
+ make $(OBJ)/ipfilter.o ; \
+ else \
+ make $(OBJ)/ipflkm.o ; \
+ fi
+
+$(OBJ)/ipfilter.o: $(MODOBJS)
+ ld -r $(MODOBJS) -o $(OBJ)/ipfilter.o
+ ${RM} -f $(OBJ)/ipfilter
+
+
+fil.c $(obj)//fil.c: $(TOP)/fil.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_nat.c $(obj)//ip_nat.c: $(TOP)/ip_nat.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_frag.c $(obj)//ip_frag.c: $(TOP)/ip_frag.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_state.c $(obj)//ip_state.c: $(TOP)/ip_state.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_proxy.c $(obj)//ip_proxy.c: $(TOP)/ip_proxy.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_auth.c $(obj)//ip_auth.c: $(TOP)/ip_auth.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_lookup.c $(obj)//ip_lookup.c: $(TOP)/ip_lookup.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_htable.c $(obj)//ip_htable.c: $(TOP)/ip_htable.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_dstlist.c $(obj)//ip_dstlist.c: $(TOP)/ip_dstlist.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_pool.c $(obj)//ip_pool.c: $(TOP)/ip_pool.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_scan.c $(obj)//ip_scan.c: $(TOP)/ip_scan.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_sync.c $(obj)//ip_sync.c: $(TOP)/ip_sync.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_log.c $(obj)//ip_log.c: $(TOP)/ip_log.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+radix.c $(obj)//radix.c: $(TOP)/radix.c Makefile
+ sed -e '/^#/,$$d' $< > $@
+ echo '#include "ipf-linux.h"' >> $@
+ sed -ne '/END OF INCLUDES/,$$p' $< >> $@
+
+ip_rules.c: $(TOP)/rules/ip_rules $(TOP)/tools/ipfcomp.o $(OBJ)/ipf
+ $(OBJ)/ipf -cc -nf $(TOP)/rules/ip_rules
+
+md5.c $(obj)//md5.c: $(TOP)/md5.c Makefile
+ /bin/rm -f md5.c
+ cp $< $(obj)//md5.c
+
+$(TOP)/ip_rules.h: ip_rules.c
+ if [ ! -f $(TOP)/ip_rules.h ] ; then \
+ /bin/mv -f ip_rules.h $(TOP); \
+ else \
+ touch $(TOP)/ip_rules.h; \
+ fi
+
+$(OBJ)/ip_log.o: ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(obj)/../ipf-linux.h
+$(obj)//linuxm.o: $(obj)/linuxm.c
+$(obj)//fil.o: $(obj)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h \
+ $(obj)/../ipf-linux.h
+$(obj)//ip_auth.o: $(obj)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_film.o: $(obj)/ip_film.c
+$(obj)//ip_frag.o: $(obj)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_htable.o: $(obj)/ip_htable.c $(TOP)/ip_htable.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_dstlist.o: $(obj)/ip_dstlist.c $(TOP)/ip_dstlist.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_lookup.o: $(obj)/ip_lookup.c $(TOP)/ip_lookup.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_nat.o: $(obj)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_pool.o: $(obj)/ip_pool.c $(TOP)/ip_pool.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_proxy.o: $(obj)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_scan.o: $(obj)/ip_scan.c $(TOP)/ip_scan.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//ip_state.o: $(obj)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h $(obj)/../ipf-linux.h
+$(obj)//ip_sync.o: $(obj)/ip_sync.c $(TOP)/ip_sync.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)//radix.o: $(obj)/radix.c $(TOP)/radix_ipf.h $(obj)/../ipf-linux.h
+$(obj)//md5.o: md5.c $(TOP)/md5.h
+$(obj)/$(CPUDIR)/linux.o: $(obj)/$(CPUDIR)/linux.c
+$(obj)/$(CPUDIR)/fil.o: $(obj)/$(CPUDIR)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h \
+ $(TOP)/ip_compat.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_auth.o: $(obj)/$(CPUDIR)/ip_auth.c $(TOP)/ip_auth.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_film.o: $(obj)/$(CPUDIR)/ip_film.c
+$(obj)/$(CPUDIR)/ip_frag.o: $(obj)/$(CPUDIR)/ip_frag.c $(TOP)/ip_frag.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_htable.o: $(obj)/$(CPUDIR)/ip_htable.c $(TOP)/ip_htable.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_dstlist.o: $(obj)/$(CPUDIR)/ip_dstlist.c \
+ $(TOP)/ip_dstlist.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_lookup.o: $(obj)/$(CPUDIR)/ip_lookup.c $(TOP)/ip_lookup.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_nat.o: $(obj)/$(CPUDIR)/ip_nat.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_pool.o: $(obj)/$(CPUDIR)/ip_pool.c $(TOP)/ip_pool.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_proxy.o: $(obj)/$(CPUDIR)/ip_proxy.c $(TOP)/ip_proxy.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_scan.o: $(obj)/$(CPUDIR)/ip_scan.c $(TOP)/ip_scan.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_state.o: $(obj)/$(CPUDIR)/ip_state.c $(TOP)/ip_state.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_nat.h \
+ $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/ip_sync.o: $(obj)/$(CPUDIR)/ip_sync.c $(TOP)/ip_sync.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(obj)/../ipf-linux.h
+$(obj)/$(CPUDIR)/radix.o: $(obj)/$(CPUDIR)/radix.c $(TOP)/radix_ipf.h \
+ ipf-linux.h
+$(obj)/$(CPUDIR)/md5.o: md5.c $(TOP)/md5.h
+
+$(obj)/$(CPUDIR)/linuxm.c $(obj)//linuxm.c: $(TOP)/linux.c
+ @if [ ! -h $@ ] ; then ln -s $< $@; fi
+
+$(obj)/$(CPUDIR)/ip_film.c $(obj)//ip_film.c: $(TOP)/ip_fil_linux.c
+ @if [ ! -h $@ ] ; then ln -s $< $@; fi
+
diff --git a/Linux/Tips_SuSE91.txt b/Linux/Tips_SuSE91.txt
new file mode 100644
index 000000000000..ea338b8b8aa8
--- /dev/null
+++ b/Linux/Tips_SuSE91.txt
@@ -0,0 +1,5 @@
+cd /usr/src/linux
+make mrproper
+cp /boot/config-* .config
+make oldconfig
+make prepare-all
diff --git a/Linux/howchkconfig b/Linux/howchkconfig
new file mode 100755
index 000000000000..3b2a5d3cb61c
--- /dev/null
+++ b/Linux/howchkconfig
@@ -0,0 +1,8 @@
+#!/bin/sh
+level=`/sbin/chkconfig --help 2>& 1 | grep level`
+if [ "$level" = "" ] ; then
+ echo '-s ipfilter 2345'
+else
+ echo '--level 2345 ipfilter on'
+fi
+exit 0
diff --git a/Linux/initscript b/Linux/initscript
new file mode 100644
index 000000000000..a9a3124c91ca
--- /dev/null
+++ b/Linux/initscript
@@ -0,0 +1,8 @@
+#!/bin/sh
+if [ -f /etc/SuSE-release ] ; then
+ echo ipfilter-suse
+fi
+if [ -f /etc/redhat-release ] ; then
+ echo ipfilter-redhat
+fi
+exit 0
diff --git a/Linux/ipf-linux.h b/Linux/ipf-linux.h
new file mode 100644
index 000000000000..08b1de9cf350
--- /dev/null
+++ b/Linux/ipf-linux.h
@@ -0,0 +1,187 @@
+#ifndef __IPF_LINUX_H__
+#define __IPF_LINUX_H__
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
+# include <linux/autoconf.h>
+# include <linux/poll.h>
+#else
+# include <linux/config.h>
+#endif
+#ifndef CONFIG_NETFILTER
+# define CONFIG_NETFILTER
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+# define __irq_h 1 /* stop it being included! */
+# include <linux/mtd/compatmac.h>
+#else
+# include <linux/compatmac.h>
+# include <linux/version.h>
+#endif
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/types.h>
+#include <linux/time.h>
+#include <linux/string.h>
+#include <linux/slab.h>
+#include <linux/socket.h>
+#include <linux/netdevice.h>
+#include <linux/inetdevice.h>
+#include <linux/skbuff.h>
+#include <linux/in.h>
+#include <linux/ip.h>
+#include <net/ip.h> /* IP_DF */
+#include <linux/icmp.h>
+#include <linux/rtnetlink.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv6.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+# include <asm/ioctls.h>
+#else
+# define ipftcphdr tcphdr
+# define ipfudphdr udphdr
+#endif
+
+struct ipftcphdr {
+ __u16 th_sport;
+ __u16 th_dport;
+ __u32 th_seq;
+ __u32 th_ack;
+# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
+ defined(__vax__) || defined(__x86_64__)
+ __u8 th_res:4;
+ __u8 th_off:4;
+#else
+ __u8 th_off:4;
+ __u8 th_res:4;
+#endif
+ __u8 th_flags;
+ __u16 th_win;
+ __u16 th_sum;
+ __u16 th_urp;
+};
+
+typedef __u32 tcp_seq;
+
+struct ipfudphdr {
+ __u16 uh_sport;
+ __u16 uh_dport;
+ __u16 uh_ulen;
+ __u16 uh_sum;
+};
+
+struct ip {
+# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
+ defined(__vax__)
+ __u8 ip_hl:4;
+ __u8 ip_v:4;
+# else
+ __u8 ip_v:4;
+ __u8 ip_hl:4;
+# endif
+ __u8 ip_tos;
+ __u16 ip_len;
+ __u16 ip_id;
+ __u16 ip_off;
+ __u8 ip_ttl;
+ __u8 ip_p;
+ __u16 ip_sum;
+ struct in_addr ip_src;
+ struct in_addr ip_dst;
+};
+
+/*
+ * Structure of an icmp header.
+ */
+struct icmp {
+ __u8 icmp_type; /* type of message, see below */
+ __u8 icmp_code; /* type sub code */
+ __u16 icmp_cksum; /* ones complement cksum of struct */
+ union {
+ __u8 ih_pptr; /* ICMP_PARAMPROB */
+ struct in_addr ih_gwaddr; /* ICMP_REDIRECT */
+ struct ih_idseq {
+ __u16 icd_id;
+ __u16 icd_seq;
+ } ih_idseq;
+ __u32 ih_void;
+ struct ih_pmtu {
+ __u16 ipm_void;
+ __u16 ipm_nextmtu;
+ } ih_pmtu;
+ } icmp_hun;
+# define icmp_pptr icmp_hun.ih_pptr
+# define icmp_gwaddr icmp_hun.ih_gwaddr
+# define icmp_id icmp_hun.ih_idseq.icd_id
+# define icmp_seq icmp_hun.ih_idseq.icd_seq
+# define icmp_void icmp_hun.ih_void
+# define icmp_nextmtu icmp_hun.ih_pmtu.ipm_nextmtu
+ union {
+ struct id_ts {
+ __u32 its_otime;
+ __u32 its_rtime;
+ __u32 its_ttime;
+ } id_ts;
+ struct id_ip {
+ struct ip idi_ip;
+ /* options and then 64 bits of data */
+ } id_ip;
+ u_long id_mask;
+ char id_data[1];
+ } icmp_dun;
+# define icmp_otime icmp_dun.id_ts.its_otime
+# define icmp_rtime icmp_dun.id_ts.its_rtime
+# define icmp_ttime icmp_dun.id_ts.its_ttime
+# define icmp_ip icmp_dun.id_ip.idi_ip
+# define icmp_mask icmp_dun.id_mask
+# define icmp_data icmp_dun.id_data
+};
+
+# ifndef LINUX_IPOVLY
+# define LINUX_IPOVLY
+struct ipovly {
+ caddr_t ih_next, ih_prev; /* for protocol sequence q's */
+ u_char ih_x1; /* (unused) */
+ u_char ih_pr; /* protocol */
+ short ih_len; /* protocol length */
+ struct in_addr ih_src; /* source internet address */
+ struct in_addr ih_dst; /* destination internet address */
+};
+# endif
+
+struct ether_header {
+ __u8 ether_dhost[6];
+ __u8 ether_shost[6];
+ __u16 ether_type;
+};
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+typedef struct ipftcphdr tcphdr_t;
+typedef struct ipfudphdr udphdr_t;
+#endif
+
+#include "ip_compat.h"
+#include "ip_fil.h"
+#include "ip_auth.h"
+#include "ip_state.h"
+#include "ip_nat.h"
+#include "ip_proxy.h"
+#include "ip_sync.h"
+#include "ip_frag.h"
+#include "ip_lookup.h"
+#include "ip_dstlist.h"
+#include "ip_pool.h"
+#include "ip_htable.h"
+#ifdef IPFILTER_SYNC
+# include "netinet/ip_sync.h"
+#endif
+#ifdef IPFILTER_SCAN
+# include "netinet/ip_scan.h"
+#endif
+#ifdef IPFILTER_COMPILED
+# include "netinet/ip_rules.h"
+#endif
+#include "ipl.h"
+
+#endif /* __IPF_LINUX_H__ */
diff --git a/test/input/input.sed b/Linux/ipfilter
index e69de29bb2d1..e69de29bb2d1 100644..100755
--- a/test/input/input.sed
+++ b/Linux/ipfilter
diff --git a/Linux/ipfilter-redhat b/Linux/ipfilter-redhat
new file mode 100755
index 000000000000..1d4aa4cb4ac1
--- /dev/null
+++ b/Linux/ipfilter-redhat
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# chkconfig: 2345 26 74
+# description: ipfilter
+# processname: ipfilter
+# config: /etc/sysconfig/ipfilter
+
+CONFIG=/etc/sysconfig/ipfilter
+LOGPRI=user.info
+IPFCONF=/etc/ipf.conf
+IPNATCONF=/etc/ipnat.conf
+IPPOOLCONF=/etc/ippool.conf
+
+# Source function library.
+. /etc/init.d/functions
+if [ ! -f /etc/ipf.conf -a ! -f /etc/ipnat.conf ] ; then
+ exit 0
+fi
+RETVAL=0
+
+logit() {
+ if [ $1 -ne 0 ] ; then
+ logger -t $2 -p $LOGPRI "$3"
+ fi
+}
+
+start() {
+ modprobe ipfilter
+ echo -n $"Starting IPFilter: "
+
+ minor=0
+ ipfdev=`awk ' /ipf/ { print $1; } ' /proc/devices`
+ for i in ipl ipnat ipstate ipauth ipsync ipscan iplookup; do
+ /bin/rm -f /dev/$i
+ mknod /dev/$i c $ipfdev $minor
+ minor=`expr $minor + 1`
+ done
+ msg=`/sbin/ipf -E 2>&1`
+ RETVAL=$?
+ logit $RETVAL ipf "$msg"
+ if [ $RETVAL -eq 0 -a -f $IPFCONF ] ; then
+ msg=`/sbin/ipf -f $IPFCONF 2>&1`
+ RETVAL=$?
+ logit $RETVAL ipf "$msg"
+ fi
+ if [ $RETVAL -eq 0 -a -f $IPNATCONF ] ; then
+ msg=`/sbin/ipnat -f $IPNATCONF 2>&1`
+ RETVAL=$?
+ logit $RETVAL ipnat "$msg"
+ fi
+ if [ $RETVAL -eq 0 -a -f $IPPOOLCONF ] ; then
+ msg=`/sbin/ippool -f $IPPOOLCONF 2>&1`
+ RETVAL=$?
+ logit $RETVAL ippool "$msg"
+ fi
+ if [ $RETVAL -eq 0 ] ; then
+ /usr/bin/ipmon -Das
+ RETVAL=$?
+ fi
+ if [ $RETVAL -eq 0 ] ; then
+ echo_success
+ else
+ echo_failure
+ fi
+ echo
+ return $RETVAL
+}
+
+stop() {
+ echo -n $"Shutting down IPFilter: "
+ killproc ipmon
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && /sbin/ipf -D && /sbin/modprobe -r ipfilter 2>&1 >/dev/null
+ echo
+ return $RETVAL
+}
+
+dostatus() {
+ status ipmon
+ RETVAL=$?
+}
+
+restart() {
+ stop
+ start
+ RETVAL=$?
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ dostatus
+ ;;
+ restart|reload)
+ restart
+ ;;
+ *)
+ echo "Usage: ipfilter {start|stop|status|restart|reload}"
+ RETVAL=1
+esac
+
+exit $?
diff --git a/Linux/ipfilter-suse b/Linux/ipfilter-suse
new file mode 100755
index 000000000000..6a1fb495c47d
--- /dev/null
+++ b/Linux/ipfilter-suse
@@ -0,0 +1,106 @@
+#!/bin/sh
+#
+# chkconfig: 2345 26 74
+# description: ipfilter
+# processname: ipfilter
+# config: /etc/sysconfig/ipfilter
+
+CONFIG=/etc/sysconfig/ipfilter
+LOGPRI=user.info
+IPFCONF=/etc/ipf.conf
+IPNATCONF=/etc/ipnat.conf
+IPPOOLCONF=/etc/ippool.conf
+
+# Source function library.
+. /etc/rc.status
+if [ ! -f /etc/ipf.conf -a ! -f /etc/ipnat.conf ] ; then
+ exit 0
+fi
+rc_reset
+rc=0
+
+logit() {
+ if [ $1 -ne 0 ] ; then
+ logger -t $2 -p $LOGPRI "$3"
+ fi
+}
+
+start() {
+ modprobe ipfilter
+ rc=$?
+ if [ ${rc} -ne 0 ] ; then
+ rc_status -v
+ exit $rc
+ fi
+ echo -n $"Starting IPFilter: "
+
+ minor=0
+ ipfdev=`awk ' /ipf/ { print $1; } ' /proc/devices`
+ for i in ipl ipnat ipstate ipauth ipsync ipscan iplookup; do
+ /bin/rm -f /dev/$i
+ mknod /dev/$i c $ipfdev $minor
+ minor=`expr $minor + 1`
+ done
+ /sbin/ipf -E
+ if [ -f $IPFCONF ] ; then
+ msg=`/sbin/ipf -f $IPFCONF 2>&1`
+ rc=$?
+ logit $rc ipf "$msg"
+ fi
+ if [ $rc -eq 0 -a -f $IPNATCONF ] ; then
+ msg=`/sbin/ipnat -f $IPNATCONF 2>&1`
+ rc=$?
+ logit $rc ipnat "$msg"
+ fi
+ if [ $rc -eq 0 -a -f $IPPOOLCONF ] ; then
+ msg=`/sbin/ippool -f $IPPOOLCONF 2>&1`
+ rc=$?
+ logit $rc ippool "$msg"
+ fi
+ if [ $rc -eq 0 ] ; then
+ /usr/bin/ipmon -Das
+ rc=$?
+ fi
+ rc_status -v
+ return $rc
+}
+
+stop() {
+ echo -n $"Shutting down IPFilter: "
+ killproc ipmon
+ rc=$?
+ [ $rc -eq 0 ] && /sbin/modprobe -r ipfilter 2>&1 >/dev/null
+ rc_status -v
+}
+
+dostatus() {
+# status ipmon
+ rc=$?
+}
+
+restart() {
+ stop
+ start
+ rc=$?
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ dostatus
+ ;;
+ restart|reload)
+ restart
+ ;;
+ *)
+ echo "Usage: ipfilter {start|stop|status|restart|reload}"
+ rc=1
+esac
+rc_status -v
+exit $?
diff --git a/Linux/ipfilter.spec.dist b/Linux/ipfilter.spec.dist
new file mode 100644
index 000000000000..5eabd1ac890b
--- /dev/null
+++ b/Linux/ipfilter.spec.dist
@@ -0,0 +1,98 @@
+Summary: IP Filter Software
+Name: ipfilter
+Version: 5.1.2
+Release: 1
+License: GPLv2
+Group: System Environment/Base
+BuildRoot: /usr/src/redhat/BUILD/ipfilter
+
+%description
+Packet Filtering and NAT for firewall applications
+
+%files
+%defattr(-,root,root)
+
+/lib/modules/KERNELBUILD/kernel/net/ipv4/ipfilter.MODEXT
+/etc/init.d/ipfilter
+/etc/sysconfig/ipfilter
+/sbin/ipf
+/sbin/ipfs
+/sbin/ipnat
+/sbin/ippool
+/sbin/ipfstat
+/usr/bin/ipmon
+/usr/bin/ipftest
+/usr/share/man/man1/ipftest.1
+/usr/share/man/man4/ipfilter.4
+/usr/share/man/man4/ipf.4
+/usr/share/man/man4/ipl.4
+/usr/share/man/man4/ipnat.4
+/usr/share/man/man5/ipf.5
+/usr/share/man/man5/ipnat.5
+/usr/share/man/man5/ipfilter.5
+/usr/share/man/man5/ipmon.5
+/usr/share/man/man5/ippool.5
+/usr/share/man/man5/ipscan.5
+/usr/share/man/man8/ipscan.8
+/usr/share/man/man8/ipf.8
+/usr/share/man/man8/ipfs.8
+/usr/share/man/man8/ipmon.8
+/usr/share/man/man8/ipnat.8
+/usr/share/man/man8/ippool.8
+/usr/share/man/man8/ipfstat.8
+/usr/include/netinet/ip_fil.h
+/usr/include/netinet/ip_nat.h
+/usr/include/netinet/ip_frag.h
+/usr/include/netinet/ip_auth.h
+/usr/include/netinet/ip_pool.h
+/usr/include/netinet/ip_proxy.h
+/usr/include/netinet/ip_state.h
+/usr/include/netinet/ip_compat.h
+/usr/include/netinet/ip_htable.h
+/usr/include/netinet/ip_lookup.h
+/usr/include/netinet/ip_scan.h
+/usr/include/netinet/ip_sync.h
+/usr/include/netinet/ipl.h
+/usr/share/ipfilter/examples/ip_rules
+/usr/share/ipfilter/examples/ipmon.conf
+/usr/share/ipfilter/examples/pool.conf
+/usr/share/ipfilter/examples/example.1
+/usr/share/ipfilter/examples/example.2
+/usr/share/ipfilter/examples/example.3
+/usr/share/ipfilter/examples/example.4
+/usr/share/ipfilter/examples/example.5
+/usr/share/ipfilter/examples/example.6
+/usr/share/ipfilter/examples/example.7
+/usr/share/ipfilter/examples/example.8
+/usr/share/ipfilter/examples/example.9
+/usr/share/ipfilter/examples/example.10
+/usr/share/ipfilter/examples/example.11
+/usr/share/ipfilter/examples/example.12
+/usr/share/ipfilter/examples/example.13
+/usr/share/ipfilter/examples/example.sr
+/usr/share/ipfilter/examples/nat.eg
+/usr/share/ipfilter/examples/server
+/usr/share/ipfilter/examples/tcpstate
+/usr/share/ipfilter/examples/BASIC.NAT
+/usr/share/ipfilter/examples/BASIC_1.FW
+/usr/share/ipfilter/examples/BASIC_2.FW
+/usr/share/ipfilter/examples/firewall
+/usr/share/ipfilter/examples/ftp-proxy
+/usr/share/ipfilter/examples/ftppxy
+/usr/share/ipfilter/examples/nat-setup
+
+%pre
+if [ -f /etc/init.d/ipfilter ] ; then
+ /sbin/chkconfig --del ipfilter
+fi
+
+%post
+/sbin/chkconfig --add ipfilter
+/sbin/chkconfig TURNONIPFILTER
+/sbin/depmod -A
+
+%preun
+/etc/init.d/ipfilter stop
+/sbin/chkconfig --del ipfilter
+
+%changelog
diff --git a/Linux/linuxversion b/Linux/linuxversion
new file mode 100755
index 000000000000..7daee92be270
--- /dev/null
+++ b/Linux/linuxversion
@@ -0,0 +1,3 @@
+#!/bin/sh
+uname -r | perl -e '$_=<>;@F=split(/\./);printf "%02d%02d\n",$F[0],$F[1];';
+exit 0
diff --git a/Linux/minstall b/Linux/minstall
new file mode 100755
index 000000000000..c6a39bcbb817
--- /dev/null
+++ b/Linux/minstall
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+dir=`pwd`
+karch=`uname -m`
+
+if [ `basename $dir` = Linux ] ; then cd ..; fi
+echo "Creating device files..."
+
+minor=0
+major=`awk ' /ipf/ { print $1; } ' /proc/devices`
+
+for i in ipl ipnat ipstate ipauth ipsync ipscan iplookup; do
+ echo ".../dev/$i"
+ mknod /dev/$i c $major $minor
+ minor=`expr $minor + 1`
+done
+
+exit 0
diff --git a/Linux/mkinit b/Linux/mkinit
new file mode 100755
index 000000000000..3e188e0fb125
--- /dev/null
+++ b/Linux/mkinit
@@ -0,0 +1,10 @@
+#!/bin/sh
+if [ -f /etc/SuSE-release ] ; then
+ cp ipfilter-suse $1/ipfilter
+ exit 0
+fi
+if [ -f /etc/redhat-release ] ; then
+ cp ipfilter-redhat $1/ipfilter
+ exit 0
+fi
+exit 1
diff --git a/Makefile b/Makefile
index 1b2f8f5618a5..cfbd5e6e88a7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,18 @@
#
-# Copyright (C) 1993-2001 by Darren Reed.
+# Copyright (C) 2012 by Darren Reed.
#
# Redistribution and use in source and binary forms are permitted
# provided that this notice is preserved and due credit is given
# to the original author and the contributors.
#
-# $Id: Makefile,v 2.76.2.24 2007/09/26 10:04:03 darrenr Exp $
+# $Id$
#
SHELL=/bin/sh
BINDEST=/usr/local/bin
SBINDEST=/sbin
MANDIR=/usr/local/man
#To test prototyping
-#CC=gcc -Wstrict-prototypes -Wmissing-prototypes
-# -Wunused -Wuninitialized
+CC=gcc -Wstrict-prototypes -Wmissing-prototypes -Wunused -Wuninitialized
#CC=gcc
#CC=cc -Dconst=
DEBUG=-g
@@ -35,13 +34,13 @@ IPFLOG=-DIPFILTER_LOG
#
#COMPIPF=-DIPFILTER_COMPILED
#
-# To enable synchronisation between IPFilter hosts
+# To enable IPFilter compatibility with older CLI utilities
#
-#SYNC=-DIPFILTER_SYNC
+#COMPATIPF=-DIPFILTER_COMPAT
#
-# To enable extended IPFilter functionality
+# To enable synchronisation between IPFilter hosts
#
-LOOKUP=-DIPFILTER_LOOKUP -DIPFILTER_SCAN
+#SYNC=-DIPFILTER_SYNC
#
# The facility you wish to log messages from ipmon to syslogd with.
#
@@ -64,22 +63,27 @@ LOGFAC=-DLOGFAC=LOG_LOCAL0
# By default IPFilter looks for /usr/src/linux, but you may have to change
# it to /usr/src/linux-2.4 or similar.
#
-LINUXKERNEL=/usr/src/linux
+LINUXKERNEL=/usr/src/kernels/2.6.29.5-191.fc11.i586
LINUX=`uname -r | awk -F. ' { printf"%d",$$1;for(i=1;i<NF&&i<3;i++){printf("%02d",$$(i+1));}}'`
+#
+#
+#
+#BUILDROOT=/usr/src/redhat/BUILD/ipfilter
+BUILDROOT=${HOME}/rpmbuild/BUILDROOT/ipfilter-4.1.32-1.i386
#
# All of the compile-time options are here, used for compiling the userland
# tools for regression testing. Well, all except for IPFILTER_LKM, of course.
#
ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
- -DIPFILTER_SCAN -DIPFILTER_SYNC -DIPFILTER_CKSUM
+ -DIPFILTER_SYNC -DIPFILTER_CKSUM
#
# Uncomment the next 3 lines if you want to view the state table a la top(1)
# (requires that you have installed ncurses).
#STATETOP_CFLAGS=-DSTATETOP
#
-# Where to find the ncurses include files (if not in default path),
+# Where to find the ncurses include files (if not in default path),
#
#STATETOP_INC=
#STATETOP_INC=-I/usr/local/include
@@ -92,7 +96,7 @@ ALLOPTS=-DIPFILTER_LOG -DIPFILTER_LOOKUP \
#
# Uncomment this when building IPv6 capability.
#
-#INET6=-DUSE_INET6
+INET6=-DUSE_INET6
#
# For packets which don't match any pass rules or any block rules, set either
# FR_PASS or FR_BLOCK (respectively). It defaults to FR_PASS if left
@@ -109,6 +113,7 @@ MFLAGS1='CFLAGS=$(CFLAGS) $(ARCHINC) $(SOLARIS2) $(SGIREV) $(INET6)' \
'STATETOP_CFLAGS=$(STATETOP_CFLAGS)' "BPFILTER=$(BPFILTER)" \
'STATETOP_INC=$(STATETOP_INC)' 'STATETOP_LIB=$(STATETOP_LIB)' \
"BITS=$(BITS)" "OBJ=$(OBJ)" "LOOKUP=$(LOOKUP)" "COMPIPF=$(COMPIPF)" \
+ "COMPATIPF=$(COMPATIPF)" \
'SYNC=$(SYNC)' 'ALLOPTS=$(ALLOPTS)' 'LIBBPF=$(LIBBPF)'
MFLAGS=$(MFLAGS1) "IPFLKM=$(IPFLKM)"
MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h | head -1`
@@ -155,10 +160,6 @@ include:
touch netinet/done; \
fi
-(cd netinet; ln -s ../ip_rules.h ip_rules.h)
- if [ ! -f net/done ] ; then \
- (cd net; ln -s ../radix_ipf.h .; ); \
- touch net/done; \
- fi
sunos solaris: include
MAKE="$(MAKE)" MAKEFLAGS="$(MAKEFLAGS)" BPFILTER=$(BPFILTER) \
@@ -188,7 +189,7 @@ freebsd22: include
fi
make freebsd20
-freebsd5 freebsd6 freebsd7: include
+freebsd5 freebsd6 freebsd7 freebsd8: include
if [ x$(INET6) = x ] ; then \
echo "#undef INET6" > opt_inet6.h; \
else \
@@ -211,7 +212,7 @@ freebsd5 freebsd6 freebsd7: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) "ML=mlfk_ipl.c" "MLD=mlfk_ipl.c" "LKM=ipf.ko.5" "LKMR=ipfrule.ko.5" "DLKM=-DKLD_MODULE" "MLR=mlfk_rule.o"; cd ..)
- (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
+# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS1); cd ..)
freebsd4 : include
if [ x$(INET6) = x ] ; then \
@@ -240,7 +241,7 @@ netbsd: include
exit 1; \
fi
(cd BSD/$(CPUDIR); make build TOP=../.. $(MFLAGS) 'DLKM=-D_LKM' "ML=mln_ipl.c" LKMR= "MLR=mln_rule.o"; cd ..)
- (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
+# (cd BSD/$(CPUDIR); make -f Makefile.ipsend build TOP=../.. $(MFLAGS); cd ..)
openbsd: include
make setup "TARGOS=BSD" "CPUDIR=$(CPUDIR)"
@@ -293,7 +294,7 @@ setup:
clean: clean-include
/bin/rm -rf h y.output
- ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl \
+ ${RM} -f core *.o ipt fils ipf ipfstat ipftest ipmon if_ipl ipflkm \
vnode_if.h $(LKM) *~
/bin/rm -rf sparcv7 sparcv9 mdbgen_build
(cd SunOS4; $(MAKE) TOP=.. clean)
@@ -351,7 +352,7 @@ sunos4 solaris1:
(cd SunOS4; make -f Makefile.ipsend build "CC=$(CC)" TOP=.. $(DEST) $(MFLAGS); cd ..)
sunos5 solaris2: null
- (cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)"; cd ..)
+ (cd SunOS5/$(CPUDIR); $(MAKE) build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS) "SOLARIS2=$(SOLARIS2)" INSTANCE=$(INSTANCE); cd ..)
(cd SunOS5/$(CPUDIR); $(MAKE) -f Makefile.ipsend build TOP=../.. "CC=$(CC)" $(DEST) $(MFLAGS); cd ..)
linux: include
@@ -360,7 +361,7 @@ linux: include
# (cd Linux; make -f Makefile.ipsend build LINUX=$(LINUX) TOP=.. "CC=$(CC)" $(MFLAGS); cd ..)
install-linux: linux
- (cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) install ; cd ..)
+ (cd Linux/; make LINUX=$(LINUX) TOP=.. "DEBUG=-g" "CC=$(CC)" $(MFLAGS) OBJ=$(CPUDIR) ROOTDIR=$(BUILDROOT) install ; cd ..)
install-bsd:
(cd BSD/$(CPUDIR); make install "TOP=../.." $(MFLAGS); cd ..)
@@ -406,4 +407,3 @@ mdb:
-DIPFILTER_SCAN -DIPFILTER_LKM -DSOLARIS2=10 -n ipf_mdb -k \
-I/home/dr146992/pfil -I/home/dr146992/ipf -f \
/usr/include/netinet/in_systm.h,/usr/include/sys/ethernet.h,/usr/include/netinet/in.h,/usr/include/netinet/ip.h,/usr/include/netinet/ip_var.h,/usr/include/netinet/tcp.h,/usr/include/netinet/tcpip.h,/usr/include/netinet/ip_icmp.h,/usr/include/netinet/udp.h,ip_compat.h,ip_fil.h,ip_nat.h,ip_state.h,ip_proxy.h,ip_scan.h
-
diff --git a/NAT.FreeBSD b/NAT.FreeBSD
index 8a7e95262f7c..4a1a7ede543c 100644
--- a/NAT.FreeBSD
+++ b/NAT.FreeBSD
@@ -1,4 +1,4 @@
-These are Instructions for Configuring A FreeBSD Box For NAT
+These are Instructions for Configuring A FreeBSD Box For NAT
After you have installed IpFilter.
You will need to change three files:
@@ -54,7 +54,7 @@ fpx0 is the interface with the real internet address.
/32 is the subnet mask 255.255.255.255, ie only use this ip address.
-portmap tcp/udp 10000:65000
+portmap tcp/udp 10000:65000
tells it to use the ports to redirect the tcp/udp calls through
@@ -67,7 +67,7 @@ reboots.
In your /etc/rc.local put the line:
-ipnat -f /etc/natrules
+ipnat -f /etc/natrules
To check and see if it is loaded, as root type
ipnat -ls
diff --git a/NetBSD-1.2/conf.c-PATCH b/NetBSD-1.2/conf.c-PATCH
new file mode 100644
index 000000000000..8cd97a688077
--- /dev/null
+++ b/NetBSD-1.2/conf.c-PATCH
@@ -0,0 +1,52 @@
+*** sys/arch/i386/i386/conf.c-ORIG Mon May 27 11:14:49 1996
+--- sys/arch/i386/i386/conf.c Mon May 27 16:29:25 1996
+***************
+*** 179,184 ****
+--- 179,210 ----
+ #include "joy.h"
+ cdev_decl(joy);
+
++ cdev_decl(ipl);
++
++ #ifdef IPFILTER_LOG
++ /* open, close, read, ioctl */
++ # define cdev_ipf_init(c,n) { \
++ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
++ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
++ (dev_type_stop((*))) nullop, 0, (dev_type_select((*))) enodev, \
++ (dev_type_mmap((*))) enodev, 0 }
++ #else /* IPFILTER_LOG */
++ /* XXX same as cdev_ch_init */
++ /* open, close, ioctl */
++ # define cdev_ipf_init(c,n) { \
++ dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \
++ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
++ (dev_type_stop((*))) nullop, 0, (dev_type_select((*))) enodev, \
++ (dev_type_mmap((*))) enodev, 0 }
++ #endif /* IPFILTER_LOG */
++
++ /* make up for missing "ipl.h" */
++ #ifdef IPFILTER
++ # define NIPF 1
++ #else
++ # define NIPF 0
++ #endif
++
+ struct cdevsw cdevsw[] =
+ {
+ cdev_cn_init(1,cn), /* 0: virtual console */
+***************
+*** 229,234 ****
+--- 255,266 ----
+ #else
+ cdev_notdef(), /* 43 */
+ #endif
++ cdev_notdef(), /* 44 */
++ cdev_notdef(), /* 45 */
++ cdev_notdef(), /* 46 */
++ cdev_notdef(), /* 47 */
++ cdev_notdef(), /* 48 */
++ cdev_ipf_init(NIPF,ipl), /* 49 */
+ };
+ int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]);
+
diff --git a/NetBSD-1.2/files-PATCH b/NetBSD-1.2/files-PATCH
new file mode 100644
index 000000000000..75a38fb8e671
--- /dev/null
+++ b/NetBSD-1.2/files-PATCH
@@ -0,0 +1,21 @@
+*** sys/conf/files-ORIG Mon May 20 08:03:42 1996
+--- sys/conf/files Mon May 27 13:44:27 1996
+***************
+*** 257,262 ****
+--- 257,272 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter
++ file netinet/fil.c ipfilter
++ file netinet/ip_nat.c ipfilter
++ file netinet/ip_frag.c ipfilter
++ file netinet/ip_state.c ipfilter
++ file netinet/ip_proxy.c ipfilter
++ file netinet/ip_auth.c ipfilter
++ file netinet/ip_log.c ipfilter
++ file netinet/ip_scan.c ipfilter
++ file netinet/ip_sync.c ipfilter
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/NetBSD-1.2/files.oldconf-PATCH b/NetBSD-1.2/files.oldconf-PATCH
new file mode 100644
index 000000000000..4ccca9f6229f
--- /dev/null
+++ b/NetBSD-1.2/files.oldconf-PATCH
@@ -0,0 +1,21 @@
+*** sys/conf/files.oldconf-ORIG Sun May 26 07:40:50 1996
+--- sys/conf/files.oldconf Mon May 27 15:23:35 1996
+***************
+*** 184,189 ****
+--- 184,199 ----
+ netinet/tcp_timer.c optional inet
+ netinet/tcp_usrreq.c optional inet
+ netinet/udp_usrreq.c optional inet
++ netinet/ip_fil.c optional ipfilter
++ netinet/fil.c optional ipfilter
++ netinet/ip_nat.c optional ipfilter
++ netinet/ip_frag.c optional ipfilter
++ netinet/ip_state.c optional ipfilter
++ netinet/ip_proxy.c optional ipfilter
++ netinet/ip_auth.c optional ipfilter
++ netinet/ip_log.c optional ipfilter
++ netinet/ip_scan.c optional ipfilter
++ netinet/ip_sync.c optional ipfilter
+ netiso/clnp_debug.c optional iso
+ netiso/clnp_er.c optional iso
+ netiso/clnp_frag.c optional iso
diff --git a/NetBSD-1.2/in_proto.c-PATCH b/NetBSD-1.2/in_proto.c-PATCH
new file mode 100644
index 000000000000..406b5f90c459
--- /dev/null
+++ b/NetBSD-1.2/in_proto.c-PATCH
@@ -0,0 +1,16 @@
+*** sys/netinet/in_proto.c-ORIG Wed Apr 24 22:49:02 1996
+--- sys/netinet/in_proto.c Wed Apr 24 22:50:30 1996
+***************
+*** 83,88 ****
+--- 83,93 ----
+ #include <netinet/ip_mroute.h>
+ #endif /* MROUTING */
+
++ #ifdef IPFILTER
++ void iplinit();
++ #define ip_init iplinit
++ #endif
++
+ extern struct domain inetdomain;
+
+ struc protosw inetsw[] = {
diff --git a/NetBSD-1.2/ip_input.c-PATCH b/NetBSD-1.2/ip_input.c-PATCH
new file mode 100644
index 000000000000..80e314994077
--- /dev/null
+++ b/NetBSD-1.2/ip_input.c-PATCH
@@ -0,0 +1,37 @@
+*** sys/netinet/ip_input.c-ORIG Sun Mar 17 07:29:08 1996
+--- sys/netinet/ip_input.c Wed Apr 24 22:45:05 1996
+***************
+*** 100,105 ****
+--- 100,109 ----
+ int ipqmaxlen = IFQ_MAXLEN;
+ struct in_ifaddrhead in_ifaddr;
+ struct ifqueue ipintrq;
++ #if defined(IPFILTER_LKM) || defined(IPFILTER)
++ int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL;
++ #endif
+
+ /*
+ * We need to save the IP options in case a protocol wants to respond
+***************
+*** 237,242 ****
+--- 241,259 ----
+ m_adj(m, ip->ip_len - m->m_pkthdr.len);
+ }
+
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ /*
++ * Check if we want to allow this packet to be processed.
++ * Consider it to be bad if not.
++ */
++ {
++ struct mbuf *m0 = m;
++ if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
++ goto next;
++ else
++ ip = mtod(m = m0, struct ip *);
++ }
++ #endif
+ /*
+ * Process options and, if not destined for us,
+ * ship it on. ip_dooptions returns 1 when an
diff --git a/NetBSD-1.2/ip_output.c-PATCH b/NetBSD-1.2/ip_output.c-PATCH
new file mode 100644
index 000000000000..8d9b910a4623
--- /dev/null
+++ b/NetBSD-1.2/ip_output.c-PATCH
@@ -0,0 +1,37 @@
+*** sys/netinet/ip_output.c-ORIG Tue Feb 27 07:27:02 1996
+--- sys/netinet/ip_output.c Wed Apr 24 22:45:05 1996
+***************
+*** 63,68 ****
+--- 63,72 ----
+ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+ static void ip_mloopback
+ __P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER_LKM) || defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * IP output. The packet in mbuf chain m contains a skeletal IP
+***************
+*** 293,298 ****
+--- 297,315 ----
+ } else
+ m->m_flags &= ~M_BCAST;
+
+ sendit:
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ {
++ struct mbuf *m0 = m;
++ /*
++ * looks like most checking has been done now...do a filter check
++ */
++ if (fr_checkp && (error = (*fr_checkp)(ip, hlen, ifp, 1, &m0)) || !m0)
++ {
++ goto done;
++ } else
++ ip = mtod(m = m0, struct ip *);
++ }
++ #endif
+ /*
+ * If small enough for interface, can just send directly.
diff --git a/NetBSD-1.2/kinstall b/NetBSD-1.2/kinstall
new file mode 100755
index 000000000000..135ef2793bfe
--- /dev/null
+++ b/NetBSD-1.2/kinstall
@@ -0,0 +1,135 @@
+#! /bin/sh -e
+# $Id$
+# install ip-filter & patches to kernel sources
+#
+# Heavily hacked by vax@linkdead.paranoia.com (VaX-n8)
+# NOTE: There is an "-e" option on the first line; bomb out quickly if errors
+# WARNING: This script should be run exactly once on a virgin system.
+# NOTE: Once you have configured a kernel with this device, it will default
+# to being enabled. Use "ipf -D" in /etc/netstart (before configuring
+# interfaces) to disable it.
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+
+# there's some brain damage in ash that won't handle non-argument flags,
+# so I have a -m which should really be a boolean here
+export optstring="d:c:a:m:"
+export supparches="i386"
+export argv0=$(basename "$0")
+export destdir="" # assume $destdir/sys is a symlink to the src tree
+export architecture=$(uname -m) # take a good guess at architecture
+# do some rather tedious guesswork at the kernel config location
+kconfull="$(IFS=:; set -- $(uname -v); eval echo \"\$$#\")"
+export kconfull
+if [ -n "$kconfull" ]; then
+ kconfdir=$(dirname $(dirname "$kconfull"))/conf
+ export newconfig="$(basename "$kconfull")"
+else
+ kconfdir="/sys/arch/${architecture}/conf"
+fi
+export kconfdir
+while getopts "$optstring" name; do
+ # ash is broken; case statements don't work right, calls * every time
+ # seems ash requires quotes on the patterns -- strange
+ case "$name" in
+ #( root of the source tree, a la DESTDIR in NetBSD Makefiles
+ 'd') destdir="$OPTARG";;
+ #( name of new config file
+ 'c') newconfig="$OPTARG";;
+ #( name of architecture
+ 'a') architecture="$OPTARG";;
+ #( if we want it as a loadable kernel module or not
+ 'm') modload="_LKM";;
+ #( default... bad arg, missing option, etc
+ *)
+ export OLDIFS="$IFS" # save IFS
+ echo -n "Usage: $argv0 [-"
+ # I would use IFS="."; echo "$@" except ash screws it up
+ # I have submitted a send-pr to fix it. Until then...
+ IFS=":"
+ set -- $optstring
+ while [ "$#" -gt 0 ]; do echo -n "$1"; shift; done; echo "]"
+ IFS="$OLDIFS"
+ expln="\
+OPT:ARG:DEFAULT:MEANING:\
+-d:destdir:\"$destdir\":parent dir of \"sys\", no slash:\
+-c:configfile:\"$newconfig\":kernel config filename, no dir:\
+-k:kconfdir:\"$kconfdir\":kernel config directory:\
+-a:arch:\"$architecture\":architecture, e.g. $supparches:\
+-m:boolean:\"$modload\":install as loadable module:\
+-?:::this help screen"
+ IFS=$(printf ":\012\015"); set -- $expln; IFS="$OLDIFS"
+ for i in 1 2 3; do eval "maxsz$i=0"; done
+ while [ "$#" -ge 4 ]; do for i in 1 2 3; do
+ eval j=\"\$$i\ \" \; len=\${#j} \; \
+ if test \"\$maxsz$i\" -lt \"\$len\" \; then \
+ maxsz$i=\"\$len\" \; fi
+ done; shift 4; done
+ IFS=$(printf ":\012\015"); set -- $expln; IFS="$OLDIFS"
+ while [ "$#" -ge 4 ]; do for i in 1 2 3; do
+ eval j=\"\$$i\ \" \; printf \"%-\${maxsz$i}s\" \"\$j\"
+ done; echo "$4"; shift 4; done
+ exit 127 ;;
+ esac
+done
+
+archdir="$destdir/sys/arch/$architecture"
+
+case "$architecture" in
+i386)
+ echo "Patching $archdir/$architecture/conf.c"
+ (cd "$archdir/$architecture" && patch) < conf.c-PATCH
+ ;;
+*)
+ echo "$argv0: target architecture not supported: $architecture" 1>&2
+ exit 2
+ ;;
+esac
+
+(cd ..
+files="ip_nat.[ch] ip_fil.[ch] ip_frag.[ch] ip_state.[ch] fil.c ip_compat.h ip_proxy.[ch] ip_auth.[ch] ip_{ftp,rcmd}_pxy.c ip_log.c"
+echo "Installing $files"
+install -c -m 644 $files "$destdir/sys/netinet"
+)
+
+set -- i*.c-PATCH
+echo "Patching $(echo "$@" | sed -n 's/\([a-zA-Z]*\)-PATCH/\1/gp')"
+while [ -n "$1" ]; do
+ (cd "$destdir/sys/netinet" && patch) < "$1"
+ shift
+done
+
+set -- files*-PATCH
+echo "Patching $(echo "$@" | sed -n 's/\([a-zA-Z]*\)-PATCH/\1/gp')"
+while [ -n "$1" ]; do
+ (cd "$destdir/" && patch) < "$1"
+ shift
+done
+
+# get this kernel's name from uname version string as a good guess for kconfig
+set -- $(uname -v | sed -n '/.*(\([^ ][^ ]*\)).*/s//\1/p; 1q') "GENERIC"
+while [ ! -f "$kconfdir/$newconfig" ]; do
+ eval ${newconfig:+"echo $kconfdir/$newconfig not found 1>&2"}
+ read -p "Kernel configuration to update [$1] " newconfig junk
+ : ${newconfig:=$1} # set to default if not set
+done
+
+if tmp=`grep IPFILTER "$kconfdir/$newconfig"`; then
+ echo "$newconfig already contains \"$tmp\"..."
+ echo 'You will now need to build a new kernel.'
+else
+ echo "Saving $newconfig as $newconfig.bak"
+ mv -i "$kconfdir/$newconfig" "$kconfdir/$newconfig.bak"
+ compdir="$archdir/compile"
+ if [ -d "$compdir/$newconfig" ]; then
+ echo "Saving $compdir/$newconfig as $compdir/$newconfig.bak"
+ mv -i "$compdir/$newconfig" "$compdir/$newconfig.bak"
+ fi
+ modload="options IPFILTER${modload}"
+ echo "Modifying $newconfig, adding $modload"
+ awk "{print \$0} \$2==\"INET\"{print \"$modload\"}" \
+ "$kconfdir/$newconfig.bak" > "$kconfdir/$newconfig"
+ echo 'You will now need to run "config" and build a new kernel.'
+fi
+
+exit 0
diff --git a/NetBSD-1.2/minstall b/NetBSD-1.2/minstall
new file mode 100755
index 000000000000..34f148820960
--- /dev/null
+++ b/NetBSD-1.2/minstall
@@ -0,0 +1,135 @@
+#! /bin/sh -e
+# $Id$
+# install ip-filter & patches to kernel sources
+#
+# Heavily hacked by vax@linkdead.paranoia.com (VaX-n8)
+# NOTE: There is an "-e" option on the first line; bomb out quickly if errors
+# WARNING: This script should be run exactly once on a virgin system.
+# NOTE: Once you have configured a kernel with this device, it will default
+# to being enabled. Use "ipf -D" in /etc/netstart (before configuring
+# interfaces) to disable it.
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+
+# there's some brain damage in ash that won't handle non-argument flags,
+# so I have a -m which should really be a boolean here
+export optstring="d:c:a:m:"
+export supparches="i386"
+export argv0=$(basename "$0")
+export destdir="" # assume $destdir/sys is a symlink to the src tree
+export architecture=$(uname -m) # take a good guess at architecture
+# do some rather tedious guesswork at the kernel config location
+kconfull="$(IFS=:; set -- $(uname -v); eval echo \"\$$#\")"
+export kconfull
+if [ -n "$kconfull" ]; then
+ kconfdir=$(dirname $(dirname "$kconfull"))/conf
+ export newconfig="$(basename "$kconfull")"
+else
+ kconfdir="/sys/arch/${architecture}/conf"
+fi
+export kconfdir
+while getopts "$optstring" name; do
+ # ash is broken; case statements don't work right, calls * every time
+ # seems ash requires quotes on the patterns -- strange
+ case "$name" in
+ #( root of the source tree, a la DESTDIR in NetBSD Makefiles
+ 'd') destdir="$OPTARG";;
+ #( name of new config file
+ 'c') newconfig="$OPTARG";;
+ #( name of architecture
+ 'a') architecture="$OPTARG";;
+ #( if we want it as a loadable kernel module or not
+ 'm') modload="_LKM";;
+ #( default... bad arg, missing option, etc
+ *)
+ export OLDIFS="$IFS" # save IFS
+ echo -n "Usage: $argv0 [-"
+ # I would use IFS="."; echo "$@" except ash screws it up
+ # I have submitted a send-pr to fix it. Until then...
+ IFS=":"
+ set -- $optstring
+ while [ "$#" -gt 0 ]; do echo -n "$1"; shift; done; echo "]"
+ IFS="$OLDIFS"
+ expln="\
+OPT:ARG:DEFAULT:MEANING:\
+-d:destdir:\"$destdir\":parent dir of \"sys\", no slash:\
+-c:configfile:\"$newconfig\":kernel config filename, no dir:\
+-k:kconfdir:\"$kconfdir\":kernel config directory:\
+-a:arch:\"$architecture\":architecture, e.g. $supparches:\
+-m:boolean:\"$modload\":install as loadable module:\
+-?:::this help screen"
+ IFS=$(printf ":\012\015"); set -- $expln; IFS="$OLDIFS"
+ for i in 1 2 3; do eval "maxsz$i=0"; done
+ while [ "$#" -ge 4 ]; do for i in 1 2 3; do
+ eval j=\"\$$i\ \" \; len=\${#j} \; \
+ if test \"\$maxsz$i\" -lt \"\$len\" \; then \
+ maxsz$i=\"\$len\" \; fi
+ done; shift 4; done
+ IFS=$(printf ":\012\015"); set -- $expln; IFS="$OLDIFS"
+ while [ "$#" -ge 4 ]; do for i in 1 2 3; do
+ eval j=\"\$$i\ \" \; printf \"%-\${maxsz$i}s\" \"\$j\"
+ done; echo "$4"; shift 4; done
+ exit 127 ;;
+ esac
+done
+
+archdir="$destdir/sys/arch/$architecture"
+
+case "$architecture" in
+i386)
+ echo "Patching $archdir/$architecture/conf.c"
+ (cd "$archdir/$architecture" && patch) < conf.c-PATCH
+ ;;
+*)
+ echo "$argv0: target architecture not supported: $architecture" 1>&2
+ exit 2
+ ;;
+esac
+
+(cd ..
+files="ip_nat.[ch] ip_fil.[ch] ip_frag.[ch] ip_state.[ch] fil.c ip_compat.h"
+echo "Installing $files"
+install -c -m 644 $files "$destdir/sys/netinet"
+)
+
+set -- i*.c-PATCH
+echo "Patching $(echo "$@" | sed -n 's/\([a-zA-Z]*\)-PATCH/\1/gp')"
+while [ -n "$1" ]; do
+ (cd "$destdir/sys/netinet" && patch) < "$1"
+ shift
+done
+
+set -- files*-PATCH
+echo "Patching $(echo "$@" | sed -n 's/\([a-zA-Z]*\)-PATCH/\1/gp')"
+while [ -n "$1" ]; do
+ (cd "$destdir/" && patch) < "$1"
+ shift
+done
+
+# get this kernel's name from uname version string as a good guess for kconfig
+set -- $(uname -v | sed -n '/.*(\([^ ][^ ]*\)).*/s//\1/p; 1q') "GENERIC"
+while [ ! -f "$kconfdir/$newconfig" ]; do
+ eval ${newconfig:+"echo $kconfdir/$newconfig not found 1>&2"}
+ read -p "Kernel configuration to update [$1] " newconfig junk
+ : ${newconfig:=$1} # set to default if not set
+done
+
+if tmp=`grep IPFILTER "$kconfdir/$newconfig"`; then
+ echo "$newconfig already contains \"$tmp\"..."
+ echo 'You will now need to build a new kernel.'
+else
+ echo "Saving $newconfig as $newconfig.bak"
+ mv -i "$kconfdir/$newconfig" "$kconfdir/$newconfig.bak"
+ compdir="$archdir/compile"
+ if [ -d "$compdir/$newconfig" ]; then
+ echo "Saving $compdir/$newconfig as $compdir/$newconfig.bak"
+ mv -i "$compdir/$newconfig" "$compdir/$newconfig.bak"
+ fi
+ modload="options IPFILTER${modload}"
+ echo "Modifying $newconfig, adding $modload"
+ awk "{print \$0} \$2==\"INET\"{print \"$modload\"}" \
+ "$kconfdir/$newconfig.bak" > "$kconfdir/$newconfig"
+ echo 'You will now need to run "config" and build a new kernel.'
+fi
+
+exit 0
diff --git a/NetBSD/conf.c.diffs b/NetBSD/conf.c.diffs
new file mode 100644
index 000000000000..fb8985063ee0
--- /dev/null
+++ b/NetBSD/conf.c.diffs
@@ -0,0 +1,39 @@
+*** conf.c.orig Mon Oct 28 11:24:52 1996
+--- conf.c Mon Oct 28 11:36:17 1996
+***************
+*** 175,180 ****
+--- 175,193 ----
+ cdev_decl(svr4_net);
+ cdev_decl(ccd);
+
++ /* open, close, read, ioctl */
++ cdev_decl(ipl);
++ #define cdev_gen_ipf(c,n) { \
++ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
++ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
++ (dev_type_stop((*))) nullop, 0, (dev_type_select((*))) enodev, \
++ (dev_type_mmap((*))) enodev, 0 }
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ struct cdevsw cdevsw[] =
+ {
+ cdev_cn_init(1,cn), /* 0: virtual console */
+***************
+*** 204,209 ****
+ cdev_fd_init(1,fd), /* 22: file descriptor pseudo-device */
+ cdev_bpftun_init(NBPFILTER,bpf),/* 23: Berkeley packet filter */
+! cdev_notdef(), /* 24 */
+ cdev_notdef(), /* 25 */
+ cdev_notdef(), /* 26 */
+ cdev_spkr_init(NSPEAKER,spkr), /* 27: PC speaker */
+--- 217,222 ----
+ cdev_fd_init(1,fd), /* 22: file descriptor pseudo-device */
+ cdev_bpftun_init(NBPFILTER,bpf),/* 23: Berkeley packet filter */
+! cdev_notdef(NIPF,ipl), /* 24 */
+ cdev_notdef(), /* 25 */
+ cdev_notdef(), /* 26 */
+ cdev_spkr_init(NSPEAKER,spkr), /* 27: PC speaker */
diff --git a/NetBSD/conf.c.old.diffs b/NetBSD/conf.c.old.diffs
new file mode 100644
index 000000000000..5f9591a52dc2
--- /dev/null
+++ b/NetBSD/conf.c.old.diffs
@@ -0,0 +1,39 @@
+*** conf.c.orig Wed May 10 23:38:08 1995
+--- conf.c Thu May 11 00:33:19 1995
+***************
+*** 169,174 ****
+--- 169,187 ----
+ #endif
+ cdev_decl(lkm);
+
++ /* open, close, read, ioctl */
++ cdev_decl(ipl);
++ #define cdev_gen_ipf(c,n) { \
++ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
++ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
++ (dev_type_stop((*))) nullop, 0, (dev_type_select((*))) enodev, \
++ (dev_type_mmap((*))) enodev, 0 }
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ struct cdevsw cdevsw[] =
+ {
+ cdev_cn_init(1,cn), /* 0: virtual console */
+***************
+*** 233,238 ****
+ cdev_notdef(), /* 57 */
+ cdev_disk_init(NCD,cd), /* 58 SCSI CD-ROM */
+! cdev_notdef(), /* 59 */
+ cdev_notdef(), /* 60 */
+ cdev_notdef(), /* 61 */
+ cdev_notdef(), /* 62 */
+--- 246,251 ----
+ cdev_notdef(), /* 57 */
+ cdev_disk_init(NCD,cd), /* 58 SCSI CD-ROM */
+! cdev_gen_ipf(NIPF,ipl), /* 59 */
+ cdev_notdef(), /* 60 */
+ cdev_notdef(), /* 61 */
+ cdev_notdef(), /* 62 */
diff --git a/NetBSD/files.diffs b/NetBSD/files.diffs
new file mode 100644
index 000000000000..f015740f7257
--- /dev/null
+++ b/NetBSD/files.diffs
@@ -0,0 +1,23 @@
+*** files.orig Sat Apr 29 19:59:31 1995
+--- files Sun Apr 23 17:54:18 1995
+***************
+*** 180,185 ****
+--- 180,197 ----
+ netinet/tcp_timer.c optional inet
+ netinet/tcp_usrreq.c optional inet
+ netinet/udp_usrreq.c optional inet
++ netinet/ip_fil.c optional ipfilter
++ netinet/fil.c optional ipfilter
++ netinet/ip_nat.c optional ipfilter
++ netinet/ip_frag.c optional ipfilter
++ netinet/ip_state.c optional ipfilter
++ netinet/ip_proxy.c optional ipfilter
++ netinet/ip_auth.c optional ipfilter
++ netinet/ip_log.c optional ipfilter
++ netinet/ip_scan.c optional ipfilter
++ netinet/ip_sync.c optional ipfilter
++ netinet/ip_pool.c optional ipfilter_pool
++ netinet/ip_rules.c optional ipfilter_compiled
+ netiso/clnp_debug.c optional iso
+ netiso/clnp_er.c optional iso
+ netiso/clnp_frag.c optional iso
diff --git a/NetBSD/files.newconf.diffs b/NetBSD/files.newconf.diffs
new file mode 100644
index 000000000000..9e5c43a5931b
--- /dev/null
+++ b/NetBSD/files.newconf.diffs
@@ -0,0 +1,23 @@
+*** files.newconf.orig Sat Apr 29 20:00:02 1995
+--- files.newconf Sun Apr 23 17:53:58 1995
+***************
+*** 222,227 ****
+--- 222,239 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter
++ file netinet/fil.c ipfilter
++ file netinet/ip_nat.c ipfilter
++ file netinet/ip_frag.c ipfilter
++ file netinet/ip_state.c ipfilter
++ file netinet/ip_proxy.c ipfilter
++ file netinet/ip_auth.c ipfilter
++ file netinet/ip_log.c ipfilter
++ file netinet/ip_scan.c ipfilter
++ file netinet/ip_sync.c ipfilter
++ file netinet/ip_pool.c ipfilter_pool
++ file netinet/ip_rules.c ipfilter_compiled
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/NetBSD/files.oldconf.diffs b/NetBSD/files.oldconf.diffs
new file mode 100644
index 000000000000..c74b707c429a
--- /dev/null
+++ b/NetBSD/files.oldconf.diffs
@@ -0,0 +1,23 @@
+*** files.oldconf.orig Sat Apr 29 19:59:31 1995
+--- files.oldconf Sun Apr 23 17:54:18 1995
+***************
+*** 180,185 ****
+--- 180,197 ----
+ netinet/tcp_timer.c optional inet
+ netinet/tcp_usrreq.c optional inet
+ netinet/udp_usrreq.c optional inet
++ netinet/ip_fil.c optional ipfilter
++ netinet/fil.c optional ipfilter
++ netinet/ip_nat.c optional ipfilter
++ netinet/ip_frag.c optional ipfilter
++ netinet/ip_state.c optional ipfilter
++ netinet/ip_proxy.c optional ipfilter
++ netinet/ip_auth.c optional ipfilter
++ netinet/ip_log.c optional ipfilter
++ netinet/ip_scan.c optional ipfilter
++ netinet/ip_sync.c optional ipfilter
++ netinet/ip_pool.c optional ipfilter_pool
++ netinet/ip_rules.c optional ipfilter_compiled
+ netiso/clnp_debug.c optional iso
+ netiso/clnp_er.c optional iso
+ netiso/clnp_frag.c optional iso
diff --git a/NetBSD/filez.diffs b/NetBSD/filez.diffs
new file mode 100644
index 000000000000..b8409fda1db6
--- /dev/null
+++ b/NetBSD/filez.diffs
@@ -0,0 +1,23 @@
+*** files.orig Sat Apr 29 20:00:02 1995
+--- files Sun Apr 23 17:53:58 1995
+***************
+*** 224,229 ****
+--- 224,241 ----
+ file netinet/tcp_timer.c inet
+ file netinet/tcp_usrreq.c inet
+ file netinet/udp_usrreq.c inet
++ file netinet/ip_fil.c ipfilter
++ file netinet/fil.c ipfilter
++ file netinet/ip_nat.c ipfilter
++ file netinet/ip_frag.c ipfilter
++ file netinet/ip_state.c ipfilter
++ file netinet/ip_proxy.c ipfilter
++ file netinet/ip_auth.c ipfilter
++ file netinet/ip_log.c ipfilter
++ file netinet/ip_scan.c ipfilter
++ file netinet/ip_sync.c ipfilter
++ file netinet/ip_pool.c ipfilter_pool
++ file netinet/ip_rules.c ipfilter_compiled
+ file netiso/clnp_debug.c iso
+ file netiso/clnp_er.c iso
+ file netiso/clnp_frag.c iso
diff --git a/NetBSD/in_proto.c.diffs b/NetBSD/in_proto.c.diffs
new file mode 100644
index 000000000000..e91f01677d43
--- /dev/null
+++ b/NetBSD/in_proto.c.diffs
@@ -0,0 +1,16 @@
+*** in_proto.c.orig Mon Oct 28 11:58:19 1996
+--- in_proto.c Mon Oct 28 12:00:02 1996
+***************
+*** 82,87 ****
+--- 82,92 ----
+ void ipip_input();
+ #endif /* MROUTING */
+
++ #ifdef IPFILTER
++ void iplinit();
++ #define ip_init iplinit
++ #endif
++
+ extern struct domain inetdomain;
+
+ struct protosw inetsw[] = {
diff --git a/NetBSD/in_proto.c.old.diffs b/NetBSD/in_proto.c.old.diffs
new file mode 100644
index 000000000000..052dd514ee18
--- /dev/null
+++ b/NetBSD/in_proto.c.old.diffs
@@ -0,0 +1,16 @@
+*** in_proto.c.orig Wed Sep 6 20:31:34 1995
+--- in_proto.c Mon Mar 11 22:40:03 1996
+***************
+*** 81,86 ****
+--- 81,91 ----
+ void eoninput(), eonctlinput(), eonprotoinit();
+ #endif /* EON */
+
++ #ifdef IPFILTER
++ void iplinit();
++ #define ip_init iplinit
++ #endif
++
+ void rsvp_input(struct mbuf *, int);
+ void ipip_input(struct mbuf *, int);
+
diff --git a/NetBSD/ip_input.c.diffs b/NetBSD/ip_input.c.diffs
new file mode 100644
index 000000000000..b5ef509db320
--- /dev/null
+++ b/NetBSD/ip_input.c.diffs
@@ -0,0 +1,37 @@
+*** /sys/netinet/ip_input.c.orig Sat Oct 14 12:51:10 1995
+--- /sys/netinet/ip_input.c Tue Feb 18 21:32:33 1997
+***************
+*** 80,85 ****
+--- 80,89 ----
+ int ipqmaxlen = IFQ_MAXLEN;
+ struct in_ifaddrhead in_ifaddr;
+ struct ifqueue ipintrq;
++ #if defined(IPFILTER_LKM) || defined(IPFILTER)
++ int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * We need to save the IP options in case a protocol wants to respond
+***************
+*** 216,221 ****
+--- 220,238 ----
+ m_adj(m, ip->ip_len - m->m_pkthdr.len);
+ }
+
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ /*
++ * Check if we want to allow this packet to be processed.
++ * Consider it to be bad if not.
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
++ goto next;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * Process options and, if not destined for us,
+ * ship it on. ip_dooptions returns 1 when an
diff --git a/NetBSD/ip_output.c.diffs b/NetBSD/ip_output.c.diffs
new file mode 100644
index 000000000000..d45841865a8f
--- /dev/null
+++ b/NetBSD/ip_output.c.diffs
@@ -0,0 +1,36 @@
+*** /sys/netinet/ip_output.c.orig Sat Oct 14 12:51:15 1995
+--- /sys/netinet/ip_output.c Tue Feb 18 21:36:10 1997
+***************
+*** 60,65 ****
+--- 60,69 ----
+ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+ static void ip_mloopback
+ __P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER_LKM) || defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
++ #endif
+
+ /*
+ * IP output. The packet in mbuf chain m contains a skeletal IP
+***************
+*** 277,282 ****
+--- 281,298 ----
+ m->m_flags &= ~M_BCAST;
+
+ sendit:
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ /*
++ * looks like most checking has been done now...do a filter check
++ */
++ if (fr_checkp) {
++ struct mbuf *m1 = m;
++
++ if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
++ goto done;
++ ip = mtod(m = m1, struct ip *);
++ }
++ #endif
+ /*
+ * If small enough for interface, can just send directly.
+ */
diff --git a/NetBSD/kinstall b/NetBSD/kinstall
new file mode 100755
index 000000000000..fa9e3674b469
--- /dev/null
+++ b/NetBSD/kinstall
@@ -0,0 +1,88 @@
+#! /bin/sh
+#
+# kinstall/minstall - install patches to kernel sources
+#
+# WARNING: This script should be run exactly once on a virgin system
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+
+# try to bomb out fast if anything fails....
+set -e
+
+argv0=`basename $0`
+dir=`pwd`
+karch=`uname -m`
+archdir="/sys/arch/$karch"
+confdir="$archdir/conf"
+
+case "$dir" in
+*/NetBSD )
+ cd ..
+ ;;
+esac
+
+echo -n "Installing "
+for i in ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c ip_compat.h ip_proxy.[ch] ip_{ftp,rcmd}_pxy.c ip_auth.[ch] ip_log.c; do
+ echo -n "$i "
+ cp $i /sys/netinet/
+ chmod 644 /sys/netinet/$i
+ switch ($i)
+ case *.h:
+ /bin/cp $i /usr/include/netinet/$i
+ chmod 644 /usr/include/netinet/$i
+ breaksw
+ endsw
+done
+echo
+echo "Patching ip_input.c, ip_output.c and in_proto.c ..."
+cat NetBSD/ip*.c.diffs | (cd /sys/netinet; patch)
+
+if [ -f /sys/conf/files.newconf ]; then
+ echo "Patching in_proto.c ..."
+ cat NetBSD/in_proto.c.old.diffs | (cd /sys/netinet; patch)
+ echo "Patching $archdir/$karch/conf.c"
+ cat NetBSD/conf.c.old.diffs | (cd $archdir/$karch; patch)
+ echo "Patching /sys/conf/files.newconf ..."
+ cat NetBSD/files.newconf.diffs | (cd /sys/conf; patch)
+ echo "Patching /sys/conf/files ..."
+ cat NetBSD/files.diffs | (cd /sys/conf; patch)
+fi
+if [ -f /sys/conf/files.oldconf ]; then
+ echo "Patching in_proto.c ..."
+ cat NetBSD/in_proto.c.diffs | (cd /sys/netinet; patch)
+ echo "Patching $archdir/$karch/conf.c"
+ cat NetBSD/conf.c.diffs | (cd $archdir/$karch; patch)
+ echo "Patching /sys/conf/files.oldconf ..."
+ cat NetBSD/files.oldconf.diffs | (cd /sys/conf; patch)
+ echo "Patching /sys/conf/files ..."
+ cat NetBSD/filez.diffs | (cd /sys/conf; patch)
+fi
+
+echo -n "Kernel configuration to update [GENERIC] "
+read newconfig junk
+
+if [ -n "$newconfig" ] ; then
+ config="$confdir/$newconfig"
+else
+ newconfig="$confdir/GENERIC"
+fi
+
+if egrep 'options.*IPFILTER' $confdir/$newconfig > /dev/null 2>&1 ; then
+ echo "$newconfig already contains proper options statement..."
+ echo 'You will now need to build a new kernel.'
+else
+ echo "Backing up $newconfig to .bak and adding IPFILTER options..."
+ if [ -f $confdir/$newconfig ]; then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+ fi
+ if [ -d $archdir/compile/$newconfig ]; then
+ mv $archdir/compile/$newconfig $archdir/compile/$newconfig.bak
+ fi
+ awk '{print $0} $2=="INET"{print "options IPFILTER"}' \
+ $confdir/$newconfig.bak > $confdir/$newconfig
+
+ echo 'You will now need to run "config" and build a new kernel.'
+fi
+
+exit 0
+
diff --git a/NetBSD/minstall b/NetBSD/minstall
new file mode 100755
index 000000000000..b94d2a1dea34
--- /dev/null
+++ b/NetBSD/minstall
@@ -0,0 +1,67 @@
+#! /bin/sh
+#
+# kinstall/minstall - install patches to kernel sources
+#
+# WARNING: This script should be run exactly once on a virgin system
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+
+# try to bomb out fast if anything fails....
+set -e
+
+argv0=`basename $0`
+dir=`pwd`
+karch=`uname -m`
+archdir="/sys/arch/$karch"
+confdir="$archdir/conf"
+
+case "$dir" in
+*/NetBSD )
+ cd ..
+ ;;
+esac
+
+echo "Patching ip_input.c, ip_output.c and in_proto.c ..."
+cat NetBSD/i*.c.diffs | (cd /sys/netinet; patch)
+
+if [ -f /sys/conf/files.newconf ]; then
+ echo "Patching /sys/conf/files.newconf ..."
+ cat NetBSD/files.newconf.diffs | (cd /sys/conf; patch)
+ echo "Patching /sys/conf/files ..."
+ cat NetBSD/files.diffs | (cd /sys/conf; patch)
+fi
+if [ -f /sys/conf/files.oldconf ]; then
+ echo "Patching /sys/conf/files.oldconf ..."
+ cat NetBSD/files.oldconf.diffs | (cd /sys/conf; patch)
+ echo "Patching /sys/conf/files ..."
+ cat NetBSD/filez.diffs | (cd /sys/conf; patch)
+fi
+
+echo -n "Kernel configuration to update [GENERIC] "
+read newconfig junk
+
+if [ -n "$newconfig" ] ; then
+ config="$confdir/$newconfig"
+else
+ newconfig="$confdir/GENERIC"
+fi
+
+if egrep '^options.*IPFILTER_LKM' $confdir/$newconfig > /dev/null 2>&1 ; then
+ echo "$newconfig already contains proper options statement..."
+ echo 'You will now need to build a new kernel.'
+else
+ echo "Backing up $newconfig to .bak and adding IPFILTER options..."
+ if [ -f $confdir/$newconfig ]; then
+ mv $confdir/$newconfig $confdir/$newconfig.bak
+ fi
+ if [ -d $archdir/compile/$newconfig ]; then
+ mv $archdir/compile/$newconfig $archdir/compile/$newconfig.bak
+ fi
+ grep -v IPFILTER $confdir/$newconfig.bak | \
+ awk '{print $0} $2=="INET"{print "options IPFILTER_LKM"}' \
+ > $confdir/$newconfig
+
+ echo 'You will now need to run "config" and build a new kernel.'
+fi
+
+exit 0
diff --git a/NetBSD/unkinstall b/NetBSD/unkinstall
new file mode 100755
index 000000000000..349ee88ed558
--- /dev/null
+++ b/NetBSD/unkinstall
@@ -0,0 +1,68 @@
+#! /bin/sh
+#
+# kinstall/minstall - install patches to kernel sources
+#
+# WARNING: This script should be run exactly once on a virgin system
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+
+# try to bomb out fast if anything fails....
+set -e
+
+argv0=`basename $0`
+dir=`pwd`
+karch=`uname -m`
+archdir="/sys/arch/$karch"
+confdir="$archdir/conf"
+
+case "$dir" in
+*/NetBSD )
+ cd ..
+ ;;
+esac
+
+echo -n "Removing "
+for i in ip_fil.[ch] ip_nat.[ch] ip_frag.[ch] ip_state.[ch] fil.c ip_compat.h ip_proxy.[ch] ip_ftp_pxy.c ip_auth.[ch] ip_log.c
+do
+ echo -n "/sys/netinet/$i "
+ /bin/rm -f /sys/netinet/$i
+done
+echo
+
+echo "Unpatching ip_input.c and ip_output.c ..."
+cat NetBSD/ip*.c.diffs | (cd /sys/netinet; patch -R)
+
+if [ -f /sys/conf/files.newconf ]; then
+ echo "Unpatching in_proto.c ..."
+ cat NetBSD/in_proto.c.old.diffs | (cd /sys/netinet; patch -R)
+ echo "Unpatching $archdir/$karch/conf.c"
+ cat NetBSD/conf.c.old.diffs | (cd $archdir/$karch; patch -R)
+ echo "Unpatching /sys/conf/files.newconf ..."
+ cat NetBSD/files.newconf.diffs | (cd /sys/conf; patch -R)
+ echo "Unpatching /sys/conf/files ..."
+ cat NetBSD/files.diffs | (cd /sys/conf; patch -R)
+fi
+if [ -f /sys/conf/files.oldconf ]; then
+ echo "Unpatching in_proto.c ..."
+ cat NetBSD/in_proto.c.diffs | (cd /sys/netinet; patch -R)
+ echo "Unpatching $archdir/$karch/conf.c"
+ cat NetBSD/conf.c.diffs | (cd $archdir/$karch; patch -R)
+ echo "Unpatching /sys/conf/files.oldconf ..."
+ cat NetBSD/files.oldconf.diffs | (cd /sys/conf; patch -R)
+ echo "Unpatching /sys/conf/files ..."
+ cat NetBSD/filez.diffs | (cd /sys/conf; patch -R)
+fi
+
+echo -n "Kernel configuration to update [GENERIC] "
+read newconfig junk
+
+if [ -n "$newconfig" ] ; then
+ config="$confdir/$newconfig"
+else
+ newconfig="$confdir/GENERIC"
+fi
+
+mv $archdir/compile/$newconfig $archdir/compile/$newconfig.bak
+egrep -v 'IPFILTER' $confdir/$newconfig.bak > $confdir/$newconfig
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/NetBSD/unminstall b/NetBSD/unminstall
new file mode 100755
index 000000000000..866b7392bfc4
--- /dev/null
+++ b/NetBSD/unminstall
@@ -0,0 +1,52 @@
+#! /bin/sh
+#
+# kinstall/minstall - install patch -Res to kernel sources
+#
+# WARNING: This script should be run exactly once on a virgin system
+#
+PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
+
+# try to bomb out fast if anything fails....
+set -e
+
+argv0=`basename $0`
+dir=`pwd`
+karch=`uname -m`
+archdir="/sys/arch/$karch"
+confdir="$archdir/conf"
+
+case "$dir" in
+*/NetBSD )
+ cd ..
+ ;;
+esac
+
+echo "Unpatching ip_input.c, ip_output.c and in_proto.c ..."
+cat NetBSD/i*.c.diffs | (cd /sys/netinet; patch -R)
+
+if [ -f /sys/conf/files.newconf ]; then
+ echo "Unpatching /sys/conf/files.newconf ..."
+ cat NetBSD/files.newconf.diffs | (cd /sys/conf; patch -R)
+ echo "Unpatching /sys/conf/files ..."
+ cat NetBSD/files.diffs | (cd /sys/conf; patch -R)
+fi
+if [ -f /sys/conf/files.oldconf ]; then
+ echo "Unpatching /sys/conf/files.oldconf ..."
+ cat NetBSD/files.oldconf.diffs | (cd /sys/conf; patch -R)
+ echo "Unpatching /sys/conf/files ..."
+ cat NetBSD/filez.diffs | (cd /sys/conf; patch -R)
+fi
+
+echo -n "Kernel configuration to update [GENERIC] "
+read newconfig junk
+
+if [ -n "$newconfig" ] ; then
+ config="$confdir/$newconfig"
+else
+ newconfig="$confdir/GENERIC"
+fi
+
+mv $confdir/$newconfig $confdir/$newconfig.bak
+egrep -v IPFILTER $confdir/$newconfig > $confdir/$newconfig
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0
diff --git a/OSF/Makefile b/OSF/Makefile
new file mode 100644
index 000000000000..c9bfcc37ae30
--- /dev/null
+++ b/OSF/Makefile
@@ -0,0 +1,409 @@
+#
+# Copyright (C) 2012 by Darren Reed.
+#
+# See the IPFILTER.LICENCE file for details on licencing.
+#
+BINDEST=/usr/sbin
+SBINDEST=/sbin
+MANDIR=/usr/share/man
+CC=cc -std1 -msg_disable expandeddefined
+#\ -msg_disable bitnotint,expandeddefined,intrinsicdecl,ptrmismatch,subscrbounds
+CFLAGS=-g -I$(TOP)
+#
+# For Tru64 5.1
+#
+CPU=`uname -m`
+MACHASSERT=`/bin/ls -1 /usr/sys/*/mach_assert.h -print | head -1`
+KDIR=`dirname ${MACHASSERT}`
+INC=-I/usr/include -I$(KDIR) -I/usr/sys/include
+DEFX=-DLANGUAGE_C -DUERF -DOSF -DMACH -DRT_SEM -DKERNEL -D_KERNEL -D_BSD -D_USE_KERNEL_PROTOS -compress -MD -no_excpt -nointrinsics -Wg,-unroll,1 -Wb,-static -Wco,-nofloat -msg_enable cvtdiftypes,warnimplfunc,macroredef,lvaluecast,uselesstyped -msg_inform cvtdiftypes,warnimplfunc,macroredef,lvaluecast,uselesstyped -msg_enable uninit1,falloffend,intrinsicint,outtoomany,outtoofew,questcompare,storclsdcl,tentredef -msg_warn uninit1,falloffend,intrinsicint,outtoomany,outtoofew,questcompare,storclsdcl,tentredef -msg_enable othermember -msg_error othermember -Umips -UMIPS -U__intel__ -D__alpha -D__digital__ -D__arch64__ -DUNIX_LOCKS=1
+DEF=-D$(CPU) -D__$(CPU)__ -DINET -DKERNEL -D_KERNEL $(INC) $(DEFX)
+IPDEF=$(DEF) -DGATEWAY -DDIRECTED_BROADCAST
+VNODESHDIR=/sys/kern
+LKM=if_ipl.o
+DLKM=
+OBJ=.
+TOP=..
+HERE=OSF/$(OSREV)
+TRU64=`uname -v`
+DEST=.
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ 'CFLAGS=$(CFLAGS)' "IPFLKM=$(IPFLKM)" \
+ "IPFLOG=$(IPFLOG)" "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" \
+ "DEBUG=$(DEBUG)" "DCPU=$(CPU)" "CPUDIR=$(CPUDIR)" \
+ "LOOKUP=$(LOOKUP)" "XID=$(XID)" "SCAN=$(SCAN)" "ALLOPTS=$(ALLOPTS)"
+LIBS=-L. -lipf
+CCARGS=$(DEBUG) $(CFLAGS) -I. -DTRU64=$(TRU64)
+EXTRA=$(ALLOPTS)
+#
+########## ########## ########## ########## ########## ########## ##########
+#
+CP=/bin/cp
+RM=/bin/rm
+CHMOD=/bin/chmod
+INSTALL=$(TOP)/bsdinstall
+#
+MODOBJS=md5.o arc4random.o tru64.o radix_ipf.o \
+ ip_fil.o fil.o ip_nat.o ip_frag.o ip_state.o ip_nat6.o \
+ ip_proxy.o ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o \
+ ip_dstlist.o ip_sync.o ip_scan.o ip_rules.o
+DFLAGS=$(DEBUG) -DTRU64=$(TRU64) $(IPFLKM) $(IPFLOG) $(DEF) $(CFLAGS) $(DLKM) \
+ $(IPFBPF) $(LOOKUP) $(XID) -I.
+IPF=ipf.o ipfcomp.o ipf_y.o ipf_l.o
+IPT=ipftest.o fil_u.o ip_frag_u.o ip_state_u.o ip_nat_u.o ip_nat6_u.o \
+ ip_proxy_u.o ip_auth_u.o ip_fil_u.o ip_sync_u.o ip_scan_u.o \
+ ip_log_u.o ip_pool_u.o ip_htable_u.o ip_lookup_u.o ip_rules_u.o \
+ ipf_y.o ipf_l.o ipnat_y.o ipnat_l.o ippool_y.o ippool_l.o \
+ md5_u.o radix_ipf_u.o ip_dstlist_u.o
+IPNAT=ipnat.o ipnat_y.o ipnat_l.o
+IPMON=ipmon.o ipmon_y.o ipmon_l.o
+IPPOOL=ippool_y.o ippool_l.o kmem.o ippool.o
+FILS=ipfstat.o
+LIBSRC=$(TOP)/lib
+RANLIB=ranlib
+AROPTS=crs
+TOOL=$(TOP)/tools
+
+include $(TOP)/lib/Makefile
+
+build all: ./libipf.a ipf ipfs ipfstat ipftest ipmon ipnat \
+ ippool ipscan ipsyncm ipsyncs $(LKM)
+ -sh -c 'for i in ipf ipftest ipmon ippool ipnat ipscan ipsyncm ipsyncs; do /bin/rm -f $(TOP)/$$i; ln -s `pwd`/$$i $(TOP); done'
+
+ipfstat: $(FILS) ./libipf.a
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) $(FILS) \
+ -o $@ $(LIBS) $(STATETOP_LIB)
+
+ipf: $(IPF) ./libipf.a
+ $(CC) $(CCARGS) $(IPF) -o $@ $(LIBS) $(LIBBPF)
+
+ipftest: $(IPT) ./libipf.a
+ $(CC) $(CCARGS) $(IPT) -o $@ $(LIBS) $(LIBBPF)
+
+ipnat: $(IPNAT) ./libipf.a
+ $(CC) $(CCARGS) $(IPNAT) -o $@ $(LIBS)
+
+ipfs: ipfs.o ./libipf.a
+ $(CC) $(CCARGS) ipfs.o -o $@ $(LIBS)
+
+ipsyncm: ipsyncm.o ./libipf.a
+ $(CC) $(CCARGS) ipsyncm.o -o $@ $(LIBS)
+
+ipsyncs: ipsyncs.o ./libipf.a
+ $(CC) $(CCARGS) ipsyncs.o -o $@ $(LIBS)
+
+ipsyncm.o: $(TOOL)/ipsyncm.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncm.c -o $@
+
+ipsyncs.o: $(TOOL)/ipsyncs.c $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipsyncs.c -o $@
+
+tests:
+ (cd test; make )
+
+ipfstat.o: $(TOOL)/ipfstat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_frag.h \
+ $(TOP)/ip_compat.h $(TOP)/ip_state.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(STATETOP_CFLAGS) $(STATETOP_INC) \
+ -c $(TOOL)/ipfstat.c -o $@
+
+ipfs.o: $(TOOL)/ipfs.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_state.h \
+ $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfs.c -o $@
+
+fil_u.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) $(FIXRADIX) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+ipf.o: $(TOOL)/ipf.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipf.c -o $@
+
+ipf_y.o: ipf_y.c ipf_y.h $(TOP)/ipf.h ipf_l.h
+ $(CC) $(CCARGS) $(IPFBPF) -c ipf_y.c -o $@
+
+ipf_l.o: ipf_l.c ipf_y.h $(TOP)/ipf.h ipf_l.h
+ $(CC) $(CCARGS) -I. -c ipf_l.c -o $@
+
+ipf_y.h ipf_y.c: $(TOOL)/ipf_y.y $(TOP)/ip_pool.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipf_l.c ipf_l.h: $(TOOL)/lexer.c $(TOP)/ipf.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipfcomp.o: $(TOOL)/ipfcomp.c $(TOP)/ip_fil.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipfcomp.c -o $@
+
+ipftest.o: $(TOOL)/ipftest.c $(TOP)/ip_fil.h $(TOP)/ipt.h $(TOP)/ipf.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipftest.c -o $@
+
+ipnat.o: $(TOOL)/ipnat.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) -c $(TOOL)/ipnat.c -o $@
+
+ipnat_y.o: ipnat_y.c ipnat_y.h $(TOP)/ip_fil.h $(TOP)/ip_compat.h \
+ $(TOP)/ipf.h $(TOP)/ip_nat.h ipnat_l.h
+ $(CC) $(CCARGS) -c ipnat_y.c -o $@
+
+ipnat_l.o: ipnat_l.c ipnat_y.h $(TOP)/ip_fil.h $(TOP)/ip_compat.h \
+ $(TOP)/ipf.h $(TOP)/ip_nat.h ipnat_l.h
+ $(CC) $(CCARGS) -I. -c ipnat_l.c -o $@
+
+ipnat_y.h ipnat_y.c: $(TOOL)/ipnat_y.y $(TOP)/ip_nat.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipnat_l.c ipnat_l.h: $(TOOL)/lexer.c $(TOP)/ip_nat.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ip_rules.c: $(TOP)/rules/ip_rules $(TOP)/tools/ipfcomp.c ipf
+ ./ipf -cc -nf $(TOP)/rules/ip_rules
+
+$(TOP)/ip_rules.h: ip_rules.c
+ if [ ! -f $(TOP)/ip_rules.h ] ; then \
+ /bin/mv -f ip_rules.h $(TOP); \
+ else \
+ touch $(TOP)/ip_rules.h; \
+ fi
+
+ip_nat_u.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat.c -o $@
+
+ip_nat6_u.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_nat6.c -o $@
+
+ip_proxy_u.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_proxy.c -o $@
+
+ip_frag_u.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_frag.c -o $@
+
+ip_state_u.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_state.c -o $@
+
+ip_auth_u.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_auth.c -o $@
+
+ip_fil_u.o: $(TOP)/ip_fil.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h
+ $(CC) $(CCARGS) $(EXTRA) $(FIXRADIX) -c $(TOP)/ip_fil.c -o $@
+
+ip_scan_u.o: $(TOP)/ip_scan.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_scan.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync_u.o: $(TOP)/ip_sync.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_sync.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_sync.c -o $@
+
+ip_rules_u.o: ip_rules.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_rules.h
+ $(CC) $(CCARGS) $(EXTRA) -c ip_rules.c -o $@
+
+ip_log_u.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_log.c -o $@
+
+ip_pool_u.o: $(TOP)/ip_pool.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_pool.c -o $@
+
+ip_htable_u.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_htable.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_htable.c -o $@
+
+ip_dstlist_u.o: $(TOP)/ip_dstlist.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_dstlist.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_dstlist.c -o $@
+
+ip_lookup_u.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_lookup.h
+ $(CC) $(CCARGS) $(EXTRA) -c $(TOP)/ip_lookup.c -o $@
+
+bpf_filter_u.o: $(TOP)/bpf_filter.c $(TOP)/pcap-ipf.h $(TOP)/bpf-ipf.h
+ $(CC) $(CCARGS) -c $(TOP)/bpf_filter.c -o $@
+
+md5_u.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(CCARGS) -c $(TOP)/md5.c -o $@
+
+radix_ipf_u.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) $(CCARGS) -c $(TOP)/radix_ipf.c -o $@
+
+if_ipl.o: $(MODOBJS)
+ ld -r -dc $(MODOBJS) -o $(LKM)
+ ${RM} -f if_ipl
+
+fil.o: $(TOP)/fil.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_compat.h $(TOP)/ipl.h
+ $(CC) $(POLICY) $(DFLAGS) $(IPFBPF) -c $(TOP)/fil.c -o $@
+
+ip_nat.o: $(TOP)/ip_nat.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_nat.c -o $@
+
+ip_nat6.o: $(TOP)/ip_nat6.c $(TOP)/ip_nat.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_nat6.c -o $@
+
+ip_frag.o: $(TOP)/ip_frag.c $(TOP)/ip_frag.h $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_frag.c -o $@
+
+ip_state.o: $(TOP)/ip_state.c $(TOP)/ip_state.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h $(TOP)/ip_nat.h
+ $(CC) $(DFLAGS) -DIPSTATE_SIZE=127 -c $(TOP)/ip_state.c -o $@
+
+ip_proxy.o: $(TOP)/ip_proxy.c $(TOP)/ip_proxy.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_ftp_pxy.c $(TOP)/ip_rcmd_pxy.c $(TOP)/ip_raudio_pxy.c \
+ $(TOP)/ip_rpcb_pxy.c $(TOP)/ip_ipsec_pxy.c $(TOP)/ip_nat.h \
+ $(TOP)/ip_nat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_proxy.c -o $@
+
+ip_auth.o: $(TOP)/ip_auth.c $(TOP)/ip_auth.h $(TOP)/ip_compat.h \
+ $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_auth.c -o $@
+
+ip_fil.o: $(TOP)/ip_fil_osf.c $(TOP)/ip_fil.h $(TOP)/ip_compat.h $(TOP)/ip_nat.h
+ $(CC) $(DFLAGS) $(COMPIPF) -c $(TOP)/ip_fil_osf.c -o $@
+
+ip_log.o: $(TOP)/ip_log.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_log.c -o $@
+
+ip_scan.o: $(TOP)/ip_scan.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_scan.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_scan.c -o $@
+
+ip_sync.o: $(TOP)/ip_sync.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_sync.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_sync.c -o $@
+
+radix_ipf.o: $(TOP)/radix_ipf.c $(TOP)/radix_ipf.h
+ $(CC) $(DFLAGS) -c $(TOP)/radix_ipf.c -o $@
+
+ip_pool.o: $(TOP)/ip_pool.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_pool.h $(TOP)/radix_ipf.h
+ $(CC) $(DFLAGS) $(FIXRADIX) -c $(TOP)/ip_pool.c -o $@
+
+ip_htable.o: $(TOP)/ip_htable.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_htable.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_htable.c -o $@
+
+ip_dstlist.o: $(TOP)/ip_dstlist.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_dstlist.h
+ $(CC) $(DFLAGS) -c $(TOP)/ip_dstlist.c -o $@
+
+ip_lookup.o: $(TOP)/ip_lookup.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h \
+ $(TOP)/ip_lookup.h
+ $(CC) $(DFLAGS) $(FIXRADIX) -c $(TOP)/ip_lookup.c -o $@
+
+ip_rules.o: ip_rules.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_rules.h
+ $(CC) -I. $(DFLAGS) -c ip_rules.c -o $@
+
+ip_rulesx.o: ip_rules.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h $(TOP)/ip_rules.h
+ $(CC) -I. -DIPFILTER_COMPILED $(DFLAGS) -c ip_rules.c -o $@
+
+tru64.o: $(TOP)/tru64.c $(TOP)/ip_compat.h $(TOP)/ip_fil.h
+ $(CC) $(DFLAGS) -c $(TOP)/tru64.c -o $@
+
+md5.o: $(TOP)/md5.c $(TOP)/md5.h
+ $(CC) $(DFLAGS) -c $(TOP)/md5.c -o $@
+
+arc4random.o: $(TOP)/arc4random.c $(TOP)/md5.h
+ $(CC) $(DFLAGS) -DNEED_LOCAL_RAND=1 -c $(TOP)/arc4random.c -o $@
+
+ipmon: $(IPMON) ./libipf.a
+ $(CC) $(CCARGS) $(LOGFAC) $(IPMON) -o $@ $(LIBS) -ll
+
+ipmon.o: $(TOOL)/ipmon.c $(TOP)/ipmon.h
+ $(CC) $(CCARGS) $(LOGFAC) -c $(TOOL)/ipmon.c -o $@
+
+ipmon_y.o: ipmon_y.c ipmon_y.h $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -c ipmon_y.c -o $@
+
+ipmon_l.o: ipmon_l.c ipmon_y.h $(TOP)/ipmon.h ipmon_l.h
+ $(CC) $(CCARGS) -I. -c ipmon_l.c -o $@
+
+ipmon_y.h ipmon_y.c: $(TOOL)/ipmon_y.y $(TOP)/ipmon.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipmon_l.c ipmon_l.h: $(TOOL)/lexer.c $(TOP)/ipmon.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan: ipscan_y.o ipscan_l.o
+ $(CC) $(DEBUG) ipscan_y.o ipscan_l.o -o $@ -ll $(LIBS)
+
+ipscan_y.o: ipscan_y.c ipscan_y.h $(TOP)/ip_scan.h ipscan_l.h
+ $(CC) $(CCARGS) -c ipscan_y.c -o $@
+
+ipscan_l.o: ipscan_l.c ipscan_y.h $(TOP)/ip_scan.h ipscan_l.h
+ $(CC) $(CCARGS) -I. -c ipscan_l.c -o $@
+
+ipscan_y.h ipscan_y.c: $(TOOL)/ipscan_y.y $(TOP)/ip_scan.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ipscan_l.c ipscan_l.h: $(TOOL)/lexer.c $(TOP)/ip_scan.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ippool: $(IPPOOL)
+ $(CC) $(DEBUG) -I. $(CFLAGS) $(IPPOOL) -o $@ $(LIBS) -ll
+
+ippool.o: $(TOOL)/ippool.c $(TOP)/ip_fil.h $(TOP)/ipf.h $(TOP)/ip_pool.h
+ $(CC) $(CCARGS) -c $(TOOL)/ippool.c -o $@
+
+ippool_y.o: ippool_y.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -c ippool_y.c -o $@
+
+ippool_l.o: ippool_l.c ippool_y.h $(TOP)/ip_pool.h ippool_l.h
+ $(CC) $(CCARGS) -I. -c ippool_l.c -o $@
+
+ippool_y.h ippool_y.c: $(TOOL)/ippool_y.y $(TOP)/ip_pool.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+ippool_l.c ippool_l.h: $(TOOL)/lexer.c $(TOP)/ip_pool.h
+ (cd $(TOOL); make "DEST=../$(HERE)" ../$(HERE)/$@)
+
+.y.c:
+
+.l.c:
+
+clean:
+ ${RM} -f ../ipf ../ipnat ../ipmon ../ippool ../ipftest
+ ${RM} -f ../ipscan ../ipsyncm ../ipsyncs
+ ${RM} -f *.core *.o *.a *.o.d
+ ${RM} -f fils ipf ipfstat ipftest ipmon if_ipl ipnat
+ ${RM} -f $(LKM) ioconf.h *.ko setdef1.c setdef0.c setdefs.h
+ ${RM} -f ip_fil.c ipf_l.c ipf_y.c ipf_y.h ipf_l.h
+ ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c ipscan_l.h
+ ${RM} -f ippool ippool_y.c ippool_y.h ippool_l.c ippool_l.h
+ ${RM} -f ipnat_y.c ipnat_y.h ipnat_l.c ipnat_l.h
+ ${RM} -f ipmon_y.c ipmon_y.h ipmon_l.c ipmon_l.h
+ ${RM} -f ipscan ipscan_y.c ipscan_y.h ipscan_l.c y.tab.? lex.yy.c ipfs
+ ${RM} -f ipsyncm ipsyncs ip_rules.c ip_rules.h
+ -if [ -h sysconfigtab ] ; then /bin/rm -f sysconfigtab; fi
+
+ ${MAKE} -f Makefile.ipsend ${MFLAGS} clean
+ -(for i in *; do \
+ if [ -d $${i} -a -f $${i}/Makefile ] ; then \
+ cd $${i}; (make TOP=../.. clean); cd ..; \
+ rm $${i}/Makefile $${i}/Makefile.ipsend; \
+ rmdir $${i}; \
+ fi \
+ done)
+
+install:
+ -$(CP) $(TOP)/ip_fil.h /usr/include/netinet/ip_fil.h
+ -$(CHMOD) 444 /usr/include/netinet/ip_fil.h
+ -mkdir -m 755 -p /usr/sys/io/ipfilter/
+ echo /usr/sys/io/ipfilter: > /usr/sys/conf/ipfilter.list
+ /bin/rm -f /var/subsys/ipfilter.mth
+ ln -s ../../../subsys/device.mth /var/subsys/ipfilter.mth
+ -$(INSTALL) -c -g system -m 755 -o root if_ipl.o /sys/BINARY/ipfilter.mod
+ /bin/rm -f /var/subsys/ipfilter.mod
+ ln -s ../../../sys/BINARY/ipfilter.mod /var/subsys/ipfilter.mod
+ mkdir -p /usr/sys/io/ipfilter
+ chmod 755 /usr/sys/io/ipfilter
+ /bin/rm -f sysconfigtab
+ /bin/ln -s ../sysconfigtab .
+ -$(INSTALL) -c -g system -m 755 -o root sysconfigtab /usr/sys/io/ipfilter/
+ -for i in ipf ipfs ipnat ipscan ipfstat; do \
+ $(INSTALL) -s -c -g system -m 755 -o root $$i $(SBINDEST); \
+ done
+ -for i in ipmon ipftest ipsyncs ipsyncm; do \
+ $(INSTALL) -s -c -g system -m 755 -o root $$i $(BINDEST); \
+ done
+ (cd $(TOP)/man; make INSTALL=../bsdinstall MANDIR=$(MANDIR) install; cd $(TOP))
+ sync
+ -sysconfigdb -d ipfilter
+ sysconfigdb -f /usr/sys/io/ipfilter/sysconfigtab -a ipfilter
diff --git a/OSF/Makefile.ipsend b/OSF/Makefile.ipsend
new file mode 100644
index 000000000000..09dc0ea57ecc
--- /dev/null
+++ b/OSF/Makefile.ipsend
@@ -0,0 +1,78 @@
+MFLAGS="BINDEST=$(BINDEST)" "SBINDEST=$(SBINDEST)" "MANDIR=$(MANDIR)" \
+ "CC=$(CC)" "CFLAGS=$(CFLAGS)" "DEBUG=$(DEBUG)" \
+ "IPFLKM=$(IPFLKM)" "IPFLOG=$(IPFLOG)" \
+ "LOGFAC=$(LOGFAC)" "POLICY=$(POLICY)" "LOOKUP=$(LOOKUP)"
+FIXRADIX=-Dradix_node=ipf_radix_node -Dradix_node_head=ipf_radix_node_head
+OBJS=ipsend.o ip.o ipsopt.o iplang_y.o iplang_l.o
+IPFTO=ipft_ef.o ipft_hx.o ipft_pc.o ipft_sn.o ipft_td.o ipft_tx.o
+ROBJS=ipresend.o ip.o resend.o
+TOBJS=iptest.o iptests.o ip.o
+UNIXOBJS=dlcommon.o sdlpi.o arp.o
+OBJ=.
+LIBS=-L$(OBJ) -lipf
+
+CC=cc -std1 -msg_disable expandeddefined,badsubscript
+CFLAGS=-g -I$(TOP)
+CCARGS=$(DEBUG) $(CFLAGS) -I.
+
+all nit sunos4 sunos4-nit build : ipsend ipresend iptest
+
+iplang_y.o: $(TOP)/iplang/iplang_y.y
+ (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../OSF/$(OSREV)' )
+
+iplang_l.o: $(TOP)/iplang/iplang_l.l
+ (cd $(TOP)/iplang; $(MAKE) 'DESTDIR=../OSF/$(OSREV)' )
+
+.c.o:
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/$< -o $@
+
+ipsend: $(OBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(OBJS) $(UNIXOBJS) -o $@ $(LIBS) -ll
+
+ipresend: $(ROBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(ROBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+iptest: $(TOBJS) $(UNIXOBJS)
+ $(CC) $(DEBUG) $(TOBJS) $(UNIXOBJS) -o $@ $(LIBS)
+
+clean:
+ rm -rf *.o core a.out ipsend ipresend iptest iplang_y.* iplang_l.*
+
+ipsend.o: $(TOP)/ipsend/ipsend.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ipsend.c -o $@
+ipsopt.o: $(TOP)/ipsend/ipsopt.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ipsopt.c -o $@
+ipresend.o: $(TOP)/ipsend/ipresend.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ipresend.c -o $@
+ip.o: $(TOP)/ipsend/ip.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/ip.c -o $@
+resend.o: $(TOP)/ipsend/resend.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/resend.c -o $@
+ipft_sn.o: $(TOP)/ipft_sn.c
+ $(CC) $(CCARGS) -c $(TOP)/ipft_sn.c -o $@
+ipft_pc.o: $(TOP)/ipft_pc.c
+ $(CC) $(CCARGS) -c $(TOP)/ipft_pc.c -o $@
+iptest.o: $(TOP)/ipsend/iptest.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/iptest.c -o $@
+iptests.o: $(TOP)/ipsend/iptests.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/iptests.c -o $@
+sbpf.o: $(TOP)/ipsend/sbpf.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/sbpf.c -o $@
+snit.o: $(TOP)/ipsend/snit.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/snit.c -o $@
+sock.o: $(TOP)/ipsend/sock.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/sock.c -o $@
+arp.o: $(TOP)/ipsend/arp.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/arp.c -o $@
+44arp.o: $(TOP)/ipsend/44arp.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/44arp.c -o $@
+lsock.o: $(TOP)/ipsend/lsock.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/lsock.c -o $@
+slinux.o: $(TOP)/ipsend/slinux.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/slinux.c -o $@
+larp.o: $(TOP)/ipsend/larp.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/larp.c -o $@
+dlcommon.o: $(TOP)/ipsend/dlcommon.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/dlcommon.c -o $@
+sdlpi.o: $(TOP)/ipsend/sdlpi.c
+ $(CC) $(CCARGS) -c $(TOP)/ipsend/sdlpi.c -o $@
diff --git a/OSF/cpurev b/OSF/cpurev
new file mode 100755
index 000000000000..fc6cbbb0d10f
--- /dev/null
+++ b/OSF/cpurev
@@ -0,0 +1,6 @@
+#!/bin/sh
+rev=`uname -r`
+build=`uname -v`
+model=`uname -m`
+echo $rev.$build.$model
+exit 0
diff --git a/OSF/ipfboot b/OSF/ipfboot
new file mode 100644
index 000000000000..e81f18fe5d31
--- /dev/null
+++ b/OSF/ipfboot
@@ -0,0 +1,181 @@
+#!/bin/sh
+#
+IPFBASE=/etc
+
+PATH=/bin:/sbin:/usr/sbin:${PATH}
+IPFILCONF=${IPFBASE}/ipf.conf
+IP6FILCONF=${IPFBASE}/ipf6.conf
+IPNATCONF=${IPFBASE}/ipnat.conf
+IPPOOLCONF=${IPFBASE}/ippool.conf
+PFILCHECKED=no
+if [ -d /var/run ] ; then
+ PIDFILE=/var/run/ipmon.pid
+else
+ PIDFILE=${IPFBASE}/ipmon.pid
+fi
+
+
+logmsg()
+{
+ logger -p local0.emerg -t ipfilter "$1"
+ echo "$1" >&2
+}
+
+
+getids()
+{
+ if [ -f $PIDFILE ] ; then
+ pid=`cat $PIDFILE 2>/dev/null`
+ else
+ pid=`pgrep ipmon`
+ fi
+}
+
+
+block_default_workaround() {
+ ipf -F a
+ echo "constructing minimal name resolution rules..."
+ NAMESERVERS=`cat /etc/resolv.conf 2>/dev/null| \
+ nawk '/nameserver/ {printf "%s ", $2}' 2>/dev/null`
+ if [ -z "$NAMESERVERS" ] ; then
+ return
+ fi
+ for NS in $NAMESERVERS ; do
+ IF_TO_NS=`route -n get $NS 2>/dev/null| \
+ nawk '$1 == "interface:" { print $NF ; exit }' \
+ 2>/dev/null`
+ if [ -z "$IF_TO_NS" ] ; then
+ continue
+ fi
+ IP_TO_NS=`ifconfig $IF_TO_NS 2>/dev/null| \
+ nawk 'NR == "2" { print $2 ; exit }' 2>/dev/null`
+ if [ -z "$IP_TO_NS" ] ; then
+ continue
+ fi
+ echo "pass out quick on $IF_TO_NS proto udp from $IP_TO_NS to $NS port = 53 keep state" | \
+ ipf -f -
+ done
+}
+
+
+load_ipf_config() {
+ bad=0
+ if [ -r ${IPFILCONF} ]; then
+ if `ipf -V | \
+ nawk '$1 == "Default:" && $2 == "pass" { exit 1 }'` ; then
+ block_default_workaround
+ fi
+ ipf -IFa -f ${IPFILCONF}
+ if [ $? != 0 ]; then
+ echo "$0: load of ${IPFILCONF} into alternate set failed"
+ bad=1
+ fi
+ fi
+ if [ -r ${IP6FILCONF} ]; then
+ ipf -6IFa -f ${IP6FILCONF}
+ if [ $? != 0 ]; then
+ echo "$0: load of ${IPFILCONF} into alternate set failed"
+ bad=1
+ fi
+ fi
+ if [ $bad -eq 0 ] ; then
+ ipf -s -y
+ else
+ echo Not switching config due to load error.
+ fi
+}
+
+
+load_ipnat_config() {
+ if [ -r ${IPNATCONF} ]; then
+ ipnat -CF -f ${IPNATCONF}
+ if [ $? != 0 ]; then
+ echo "$0: load of ${IPNATCONF} failed"
+ else
+ ipf -y
+ fi
+ fi
+}
+
+
+load_ippool_config() {
+ if [ -r ${IPPOOLCONF} ]; then
+ ippool -F
+ ippool -f ${IPPOOLCONF}
+ if [ $? != 0 ]; then
+ echo "$0: load of ${IPPOOLCONF} failed"
+ fi
+ fi
+}
+
+
+case "$1" in
+ start)
+ getids
+ [ -n "$pid" ] && kill -TERM $pid 2>/dev/null
+# [ -n "$ipfruleid" ] && modunload -i $ipfruleid 2>/dev/null
+# [ -n "$ipfid" ] && modunload -i $ipfid 2>/dev/null
+ /sbin/sysconfig -c ipfilter
+ ipf -E
+ load_ippool_config
+ load_ipf_config
+ load_ipnat_config
+ ipmon -Ds
+ ;;
+
+ stop)
+ getids
+ [ -n "$pid" ] && kill -TERM $pid
+ /bin/rm -f $PIDFILE
+ ipf -D
+# [ -n "$ipfruleid" ] && modunload -i $ipfruleid 2>/dev/null
+# [ -n "$ipfid" ] && modunload -i $ipfid
+ ;;
+
+ pause)
+ getids
+ ipfs -l
+ ipfs -NS -w
+ ipf -D
+ if [ -f $PIDFILE ] ; then
+ if kill -0 $pid; then
+ kill -TERM $pid
+ else
+ cp /dev/null $PIDFILE
+ fi
+ fi
+ ;;
+
+ resume)
+ getids
+ ipf -E
+ ipfs -R
+ load_ippool_config
+ load_ipf_config
+ load_ipnat_config
+ if [ -f $PIDFILE -a x$pid != x ] ; then
+ ipmon -Ds
+ fi
+ ;;
+
+ reload)
+ load_ippool_config
+ load_ipf_config
+ load_ipnat_config
+ ;;
+
+ reipf)
+ load_ipf_config
+ ;;
+
+ reipnat)
+ load_ipnat_config
+ ;;
+
+ *)
+ echo "Usage: $0 (start|stop|reload|reipf|reipnat|pause|resume)" >&2
+ exit 1
+ ;;
+