d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge ^/head r343571 through r343711.

Browse Source
This commit is contained in:
Dimitry Andric 2019-02-03 11:41:43 +00:00
commit c2c227a536
245 changed files with 29212 additions and 7015 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ObsoleteFiles.inc
View File

@ -190,6 +190,12 @@ OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.ubsan_standalone_cxx-x86_
OLD_DIRS+=usr/lib/clang/7.0.1/lib/freebsd
OLD_DIRS+=usr/lib/clang/7.0.1/lib
OLD_DIRS+=usr/lib/clang/7.0.1
# 20190131: pfil(9) changed
OLD_FILES+=usr/share/man/man9/pfil_hook_get.9
OLD_FILES+=usr/share/man/man9/pfil_rlock.9
OLD_FILES+=usr/share/man/man9/pfil_runlock.9
OLD_FILES+=usr/share/man/man9/pfil_wlock.9
OLD_FILES+=usr/share/man/man9/pfil_wunlock.9
# 20190126: adv(4) / adw(4) removal
OLD_FILES+=usr/share/man/man4/adv.4.gz
OLD_FILES+=usr/share/man/man4/adw.4.gz

7
UPDATING
View File

@ -37,6 +37,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
prerequisites and upgrading, if you are not already using clang 3.5.0
or higher.
20190131:
Iflib is no longer unconditionally compiled into the kernel. Drivers
using iflib and statically compiled into the kernel, now require
the 'device iflib' config option. For the same drivers loaded as
modules on kernels not having 'device iflib', the iflib.ko module
is loaded automatically.
20181230:
r342635 changes the way efibootmgr(8) works by requiring users to add
the -b (bootnum) parameter for commands where the bootnum was previously

121
contrib/elftoolchain/readelf/readelf.c
View File

@ -220,6 +220,11 @@ struct mips_option {
const char *desc;
};
struct flag_desc {
uint64_t flag;
const char *desc;
};
static void add_dumpop(struct readelf *re, size_t si, const char *sn, int op,
int t);
static const char *aeabi_adv_simd_arch(uint64_t simd);
@ -293,6 +298,7 @@ static void dump_dwarf_ranges_foreach(struct readelf *re, Dwarf_Die die,
static void dump_dwarf_str(struct readelf *re);
static void dump_eflags(struct readelf *re, uint64_t e_flags);
static void dump_elf(struct readelf *re);
static void dump_flags(struct flag_desc *fd, uint64_t flags);
static void dump_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab);
static void dump_dynamic(struct readelf *re);
static void dump_liblist(struct readelf *re);
@ -307,6 +313,8 @@ static void dump_mips_specific_info(struct readelf *re);
static void dump_notes(struct readelf *re);
static void dump_notes_content(struct readelf *re, const char *buf, size_t sz,
off_t off);
static void dump_notes_data(const char *name, uint32_t type, const char *buf,
size_t sz);
static void dump_svr4_hash(struct section *s);
static void dump_svr4_hash64(struct readelf *re, struct section *s);
static void dump_gnu_hash(struct readelf *re, struct section *s);
@ -2720,6 +2728,58 @@ dump_arch_dyn_val(struct readelf *re, GElf_Dyn *dyn)
}
}
static void
dump_flags(struct flag_desc *desc, uint64_t val)
{
struct flag_desc *fd;
for (fd = desc; fd->flag != 0; fd++) {
if (val & fd->flag) {
val &= ~fd->flag;
printf(" %s", fd->desc);
}
}
if (val != 0)
printf(" unknown (0x%jx)", (uintmax_t)val);
}
static struct flag_desc dt_flags[] = {
{ DF_ORIGIN, "ORIGIN" },
{ DF_SYMBOLIC, "SYMBOLIC" },
{ DF_TEXTREL, "TEXTREL" },
{ DF_BIND_NOW, "BIND_NOW" },
{ DF_STATIC_TLS, "STATIC_TLS" },
{ 0, NULL }
};
static struct flag_desc dt_flags_1[] = {
{ DF_1_BIND_NOW, "NOW" },
{ DF_1_GLOBAL, "GLOBAL" },
{ 0x4, "GROUP" },
{ DF_1_NODELETE, "NODELETE" },
{ DF_1_LOADFLTR, "LOADFLTR" },
{ 0x20, "INITFIRST" },
{ DF_1_NOOPEN, "NOOPEN" },
{ DF_1_ORIGIN, "ORIGIN" },
{ 0x100, "DIRECT" },
{ DF_1_INTERPOSE, "INTERPOSE" },
{ DF_1_NODEFLIB, "NODEFLIB" },
{ 0x1000, "NODUMP" },
{ 0x2000, "CONFALT" },
{ 0x4000, "ENDFILTEE" },
{ 0x8000, "DISPRELDNE" },
{ 0x10000, "DISPRELPND" },
{ 0x20000, "NODIRECT" },
{ 0x40000, "IGNMULDEF" },
{ 0x80000, "NOKSYMS" },
{ 0x100000, "NOHDR" },
{ 0x200000, "EDITED" },
{ 0x400000, "NORELOC" },
{ 0x800000, "SYMINTPOSE" },
{ 0x1000000, "GLOBAUDIT" },
{ 0, NULL }
};
static void
dump_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab)
{
@ -2804,6 +2864,12 @@ dump_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab)
case DT_GNU_PRELINKED:
printf(" %s\n", timestamp(dyn->d_un.d_val));
break;
case DT_FLAGS:
dump_flags(dt_flags, dyn->d_un.d_val);
break;
case DT_FLAGS_1:
dump_flags(dt_flags_1, dyn->d_un.d_val);
break;
default:
printf("\n");
}
@ -3422,6 +3488,53 @@ dump_notes(struct readelf *re)
}
}
static struct flag_desc note_feature_ctl_flags[] = {
{ NT_FREEBSD_FCTL_ASLR_DISABLE, "ASLR_DISABLE" },
{ 0, NULL }
};
static void
dump_notes_data(const char *name, uint32_t type, const char *buf, size_t sz)
{
size_t i;
const uint32_t *ubuf;
/* Note data is at least 4-byte aligned. */
if (((uintptr_t)buf & 3) != 0) {
warnx("bad note data alignment");
goto unknown;
}
ubuf = (const uint32_t *)(const void *)buf;
if (strcmp(name, "FreeBSD") == 0) {
switch (type) {
case NT_FREEBSD_ABI_TAG:
if (sz != 4)
goto unknown;
printf(" ABI tag: %u\n", ubuf[0]);
return;
/* NT_FREEBSD_NOINIT_TAG carries no data, treat as unknown. */
case NT_FREEBSD_ARCH_TAG:
if (sz != 4)
goto unknown;
printf(" Arch tag: %x\n", ubuf[0]);
return;
case NT_FREEBSD_FEATURE_CTL:
if (sz != 4)
goto unknown;
printf(" Features:");
dump_flags(note_feature_ctl_flags, ubuf[0]);
printf("\n");
return;
}
}
unknown:
printf(" description data:");
for (i = 0; i < sz; i++)
printf(" %02x", (unsigned char)buf[i]);
printf("\n");
}
static void
dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
{
@ -3438,7 +3551,9 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
return;
}
note = (Elf_Note *)(uintptr_t) buf;
name = (char *)(uintptr_t)(note + 1);
buf += sizeof(Elf_Note);
name = buf;
buf += roundup2(note->n_namesz, 4);
/*
* The name field is required to be nul-terminated, and
* n_namesz includes the terminating nul in observed
@ -3456,8 +3571,8 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
printf(" %-13s %#010jx", name, (uintmax_t) note->n_descsz);
printf(" %s\n", note_type(name, re->ehdr.e_type,
note->n_type));
buf += sizeof(Elf_Note) + roundup2(note->n_namesz, 4) +
roundup2(note->n_descsz, 4);
dump_notes_data(name, note->n_type, buf, note->n_descsz);
buf += roundup2(note->n_descsz, 4);
}
}

12
contrib/ipfilter/arc4random.c
View File

@ -7,7 +7,7 @@
*
* Dan Moschuk
*/
#if !defined(SOLARIS2) && !defined(__osf__)
#if !defined(SOLARIS2)
# include <sys/cdefs.h>
#endif
@ -16,26 +16,16 @@
#ifdef __FreeBSD__
# include <sys/kernel.h>
#endif
#if !defined(__osf__)
# include <sys/random.h>
#endif
#ifdef __FreeBSD__
# include <sys/libkern.h>
#endif
#include <sys/lock.h>
#ifndef __osf__
# include <sys/mutex.h>
#endif
#include <sys/time.h>
#if defined(SOLARIS2) && (SOLARIS2 < 9)
# include <netinet/in_systm.h>
#endif
#include <sys/socket.h>
#include <net/if.h>
#ifdef __osf__
# include <net/route.h>
#endif
#include <netinet/in.h>
#include <netinet/ip.h>
#include "netinet/ip_compat.h"

14
contrib/ipfilter/ip_dstlist.c
View File

@ -9,9 +9,6 @@
# define KERNEL 1
# define _KERNEL 1
#endif
#if defined(__osf__)
# define _PROTO_NET_H_
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
@ -21,9 +18,6 @@
# include <stdlib.h>
# include <string.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#else
@ -33,14 +27,12 @@ struct file;
# endif
#endif
#include <sys/time.h>
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL) && (!defined(__SVR4) && !defined(__svr4__))
#if defined(_KERNEL) && !defined(__SVR4)
# include <sys/mbuf.h>
#endif
#if defined(__SVR4) || defined(__svr4__)
#if defined(__SVR4)
# include <sys/filio.h>
# include <sys/byteorder.h>
# ifdef _KERNEL
@ -49,7 +41,7 @@ struct file;
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif

83
contrib/ipfilter/ip_fil.c
View File

@ -25,24 +25,10 @@ struct rtentry;
static void ipf_setifpaddr __P((struct ifnet *, char *));
void init_ifp __P((void));
#if defined(__sgi) && (IRIX < 60500)
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *));
#else
# if TRU64 >= 1885
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *, char *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *, char *));
# else
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
# endif
#endif
struct ifaddr {
struct sockaddr_storage ifa_addr;
@ -123,17 +109,8 @@ ipf_forgetifp(softc, ifp)
static int
#if defined(__sgi) && (IRIX < 60500)
no_output(ifp, m, s)
#else
# if TRU64 >= 1885
no_output (ifp, m, s, rt, cp)
char *cp;
# else
no_output(ifp, m, s, rt)
# endif
struct rtentry *rt;
#endif
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
@ -143,17 +120,8 @@ no_output(ifp, m, s, rt)
static int
#if defined(__sgi) && (IRIX < 60500)
write_output(ifp, m, s)
#else
# if TRU64 >= 1885
write_output (ifp, m, s, rt, cp)
char *cp;
# else
write_output(ifp, m, s, rt)
# endif
struct rtentry *rt;
#endif
struct ifnet *ifp;
struct mbuf *m;
struct sockaddr *s;
@ -167,8 +135,7 @@ write_output(ifp, m, s, rt)
ip = MTOD(mb, ip_t *);
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
defined(__FreeBSD__)
sprintf(fname, "/tmp/%s", ifp->if_xname);
#else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
@ -189,42 +156,26 @@ ipf_setifpaddr(ifp, addr)
struct ifnet *ifp;
char *addr;
{
#ifdef __sgi
struct in_ifaddr *ifa;
#else
struct ifaddr *ifa;
#endif
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
#if defined(__NetBSD__) || defined(__FreeBSD__)
if (ifp->if_addrlist.tqh_first != NULL)
#else
# ifdef __sgi
if (ifp->in_ifaddr != NULL)
# else
if (ifp->if_addrlist != NULL)
# endif
#endif
return;
ifa = (struct ifaddr *)malloc(sizeof(*ifa));
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
#if defined(__NetBSD__) || defined(__FreeBSD__)
ifp->if_addrlist.tqh_first = ifa;
#else
# ifdef __sgi
ifp->in_ifaddr = ifa;
# else
ifp->if_addrlist = ifa;
# endif
#endif
if (ifa != NULL) {
struct sockaddr_in *sin;
#ifdef __sgi
sin = (struct sockaddr_in *)&ifa->ia_addr;
#else
sin = (struct sockaddr_in *)&ifa->ifa_addr;
#endif
#ifdef USE_INET6
if (index(addr, ':') != NULL) {
struct sockaddr_in6 *sin6;
@ -263,8 +214,7 @@ get_unit(name, family)
struct ifnet *ifp, **ifpp, **old_ifneta;
char *addr;
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
defined(__FreeBSD__)
if (!*name)
return NULL;
@ -333,12 +283,11 @@ get_unit(name, family)
}
ifp = ifneta[nifs - 1];
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
#if defined(__NetBSD__) || defined(__FreeBSD__)
TAILQ_INIT(&ifp->if_addrlist);
#endif
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
defined(__FreeBSD__)
(void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname));
#else
s = name + strlen(name) - 1;
@ -375,8 +324,7 @@ get_ifname(ifp)
{
static char ifname[LIFNAMSIZ];
#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
#if defined(__NetBSD__) || defined(__FreeBSD__)
sprintf(ifname, "%s", ifp->if_xname);
#else
if (ifp->if_unit != -1)
@ -397,8 +345,7 @@ init_ifp()
int fd;
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113))
defined(__FreeBSD__)
for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
ifp->if_output = (void *)write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
@ -717,20 +664,12 @@ ipf_ifpaddr(softc, v, atype, ifptr, inp, inpmask)
i6addr_t *inp, *inpmask;
{
struct ifnet *ifp = ifptr;
#ifdef __sgi
struct in_ifaddr *ifa;
#else
struct ifaddr *ifa;
#endif
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
#if defined(__NetBSD__) || defined(__FreeBSD__)
ifa = ifp->if_addrlist.tqh_first;
#else
# ifdef __sgi
ifa = (struct in_ifaddr *)ifp->in_ifaddr;
# else
ifa = ifp->if_addrlist;
# endif
#endif
if (ifa != NULL) {
if (v == 4) {
@ -738,11 +677,7 @@ ipf_ifpaddr(softc, v, atype, ifptr, inp, inpmask)
mask.sin_addr.s_addr = 0xffffffff;
#ifdef __sgi
sin = (struct sockaddr_in *)&ifa->ia_addr;
#else
sin = (struct sockaddr_in *)&ifa->ifa_addr;
#endif
return ipf_ifpfillv4addr(atype, sin, &mask,
&inp->in4, &inpmask->in4);

47
contrib/ipfilter/ip_fil_compat.c
View File

@ -9,15 +9,12 @@
# define KERNEL 1
# define _KERNEL 1
#endif
#if defined(__osf__)
# define _PROTO_NET_H_
#endif
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/file.h>
#if __FreeBSD_version >= 220000 && defined(_KERNEL)
#if defined(__FreeBSD_version) && defined(_KERNEL)
# include <sys/fcntl.h>
# include <sys/filio.h>
#else
@ -26,17 +23,10 @@
#if !defined(_KERNEL)
# include <string.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#endif
#include <sys/socket.h>
#if (defined(__osf__) || defined(AIX) || defined(__hpux) || defined(__sgi)) && defined(_KERNEL)
# include "radix_ipf_local.h"
# define _RADIX_H_
#endif
#include <net/if.h>
#if defined(__FreeBSD__)
# include <sys/cdefs.h>
@ -44,7 +34,7 @@ struct file;
#endif
#if defined(_KERNEL)
# include <sys/systm.h>
# if !defined(__SVR4) && !defined(__svr4__)
# if !defined(__SVR4)
# include <sys/mbuf.h>
# endif
#endif
@ -348,9 +338,6 @@ typedef struct fr_info_4_1_32 {
void *fin_qpi;
char fin_ifname[LIFNAMSIZ];
#endif
#ifdef __sgi
void *fin_hbuf;
#endif
} fr_info_4_1_32_t;
typedef struct fr_info_4_1_24 {
@ -389,9 +376,6 @@ typedef struct fr_info_4_1_24 {
void *fin_qpi;
char fin_ifname[LIFNAMSIZ];
#endif
#ifdef __sgi
void *fin_hbuf;
#endif
} fr_info_4_1_24_t;
typedef struct fr_info_4_1_23 {
@ -429,9 +413,6 @@ typedef struct fr_info_4_1_23 {
void *fin_qpi;
char fin_ifname[LIFNAMSIZ];
#endif
#ifdef __sgi
void *fin_hbuf;
#endif
} fr_info_4_1_23_t;
typedef struct fr_info_4_1_11 {
@ -468,9 +449,6 @@ typedef struct fr_info_4_1_11 {
void *fin_qpi;
char fin_ifname[LIFNAMSIZ];
#endif
#ifdef __sgi
void *fin_hbuf;
#endif
} fr_info_4_1_11_t;
/* ------------------------------------------------------------------------ */
@ -2678,9 +2656,6 @@ fr_info_4_1_32_to_current(old, current)
fin->fin_qfm = old->fin_qfm;
fin->fin_qpi = old->fin_qpi;
#endif
#ifdef __sgi
fin->fin_hbuf = old->fin_hbuf;
#endif
}
@ -2719,9 +2694,6 @@ fr_info_4_1_24_to_current(old, current)
fin->fin_qfm = old->fin_qfm;
fin->fin_qpi = old->fin_qpi;
#endif
#ifdef __sgi
fin->fin_hbuf = old->fin_hbuf;
#endif
}
@ -2759,9 +2731,6 @@ fr_info_4_1_23_to_current(old, current)
fin->fin_qfm = old->fin_qfm;
fin->fin_qpi = old->fin_qpi;
#endif
#ifdef __sgi
fin->fin_hbuf = fin->fin_hbuf;
#endif
}
@ -2799,9 +2768,6 @@ fr_info_4_1_11_to_current(old, current)
fin->fin_qfm = old->fin_qfm;
fin->fin_qpi = old->fin_qpi;
#endif
#ifdef __sgi
fin->fin_hbuf = fin->fin_hbuf;
#endif
}
@ -4078,9 +4044,6 @@ fr_info_current_to_4_1_24(current, old)
old->fin_qpi = fin->fin_qpi;
old->fin_ifname[0] = '\0';
#endif
#ifdef __sgi
old->fin_hbuf = fin->fin_hbuf;
#endif
}
@ -4121,9 +4084,6 @@ fr_info_current_to_4_1_23(current, old)
old->fin_qpi = fin->fin_qpi;
old->fin_ifname[0] = '\0';
#endif
#ifdef __sgi
old->fin_hbuf = fin->fin_hbuf;
#endif
}
@ -4164,9 +4124,6 @@ fr_info_current_to_4_1_11(current, old)
old->fin_qpi = fin->fin_qpi;
old->fin_ifname[0] = '\0';
#endif
#ifdef __sgi
old->fin_hbuf = fin->fin_hbuf;
#endif
}

20
contrib/ipfilter/ipf.h
View File

@ -12,11 +12,6 @@
#ifndef __IPF_H__
#define __IPF_H__
#if defined(__osf__)
# define radix_mask ipf_radix_mask
# define radix_node ipf_radix_node
# define radix_node_head ipf_radix_node_head
#endif
#include <sys/param.h>
#include <sys/types.h>
@ -31,9 +26,6 @@
# define _KERNEL
# define KERNEL
#endif
#ifdef __OpenBSD__
struct file;
#endif
#include <sys/uio.h>
#ifdef ADD_KERNEL
# undef _KERNEL
@ -188,9 +180,8 @@ typedef struct proxyrule {
} proxyrule_t;
#if defined(__NetBSD__) || defined(__OpenBSD__) || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux)
#if defined(__NetBSD__) || defined(__FreeBSD_version) || \
SOLARIS
# include <stdarg.h>
typedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...));
#else
@ -200,13 +191,6 @@ typedef int (* addfunc_t) __P((int, ioctlfunc_t, void *));
typedef int (* copyfunc_t) __P((void *, void *, size_t));
/*
* SunOS4
*/
#if defined(sun) && !defined(__SVR4) && !defined(__svr4__)
extern int ioctl __P((int, int, void *));
#endif
extern char thishost[];
extern char flagset[];
extern u_char flags[];

244
contrib/ipfilter/ipsend/.OLD/ip_compat.h
View File

@ -1,244 +0,0 @@
/* $FreeBSD$ */
/*
* (C)opyright 1995 by Darren Reed.
*
* This code may be freely distributed as long as it retains this notice
* and is not changed in any way. The author accepts no responsibility
* for the use of this software. I hate legaleese, don't you ?
*
* @(#)ip_compat.h 1.2 12/7/95
*/
/*
* These #ifdef's are here mainly for linux, but who knows, they may
* not be in other places or maybe one day linux will grow up and some
* of these will turn up there too.
*/
#ifndef ICMP_UNREACH
# define ICMP_UNREACH ICMP_DEST_UNREACH
#endif
#ifndef ICMP_SOURCEQUENCH
# define ICMP_SOURCEQUENCH ICMP_SOURCE_QUENCH
#endif
#ifndef ICMP_TIMXCEED
# define ICMP_TIMXCEED ICMP_TIME_EXCEEDED
#endif
#ifndef ICMP_PARAMPROB
# define ICMP_PARAMPROB ICMP_PARAMETERPROB
#endif
#ifndef IPVERSION
# define IPVERSION 4
#endif
#ifndef IPOPT_MINOFF
# define IPOPT_MINOFF 4
#endif
#ifndef IPOPT_COPIED
# define IPOPT_COPIED(x) ((x)&0x80)
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IP_MF
# define IP_MF ((u_short)0x2000)
#endif
#ifndef ETHERTYPE_IP
# define ETHERTYPE_IP ((u_short)0x0800)
#endif
#ifndef TH_FIN
# define TH_FIN 0x01
#endif
#ifndef TH_SYN
# define TH_SYN 0x02
#endif
#ifndef TH_RST
# define TH_RST 0x04
#endif
#ifndef TH_PUSH
# define TH_PUSH 0x08
#endif
#ifndef TH_ACK
# define TH_ACK 0x10
#endif
#ifndef TH_URG
# define TH_URG 0x20
#endif
#ifndef IPOPT_EOL
# define IPOPT_EOL 0
#endif
#ifndef IPOPT_NOP
# define IPOPT_NOP 1
#endif
#ifndef IPOPT_RR
# define IPOPT_RR 7
#endif
#ifndef IPOPT_TS
# define IPOPT_TS 68
#endif
#ifndef IPOPT_SECURITY
# define IPOPT_SECURITY 130
#endif
#ifndef IPOPT_LSRR
# define IPOPT_LSRR 131
#endif
#ifndef IPOPT_SATID
# define IPOPT_SATID 136
#endif
#ifndef IPOPT_SSRR
# define IPOPT_SSRR 137
#endif
#ifndef IPOPT_SECUR_UNCLASS
# define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
#endif
#ifndef IPOPT_SECUR_CONFID
# define IPOPT_SECUR_CONFID ((u_short)0xf135)
#endif
#ifndef IPOPT_SECUR_EFTO
# define IPOPT_SECUR_EFTO ((u_short)0x789a)
#endif
#ifndef IPOPT_SECUR_MMMM
# define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
#endif
#ifndef IPOPT_SECUR_RESTR
# define IPOPT_SECUR_RESTR ((u_short)0xaf13)
#endif
#ifndef IPOPT_SECUR_SECRET
# define IPOPT_SECUR_SECRET ((u_short)0xd788)
#endif
#ifndef IPOPT_SECUR_TOPSECRET
# define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
#endif
#ifdef linux
# if LINUX < 0200
# define icmp icmphdr
# define icmp_type type
# define icmp_code code
# endif
/*
* From /usr/include/netinet/ip_var.h
* !%@#!$@# linux...
*/
struct ipovly {
caddr_t ih_next, ih_prev; /* for protocol sequence q's */
u_char ih_x1; /* (unused) */
u_char ih_pr; /* protocol */
short ih_len; /* protocol length */
struct in_addr ih_src; /* source internet address */
struct in_addr ih_dst; /* destination internet address */
};
typedef struct {
__u16 th_sport;
__u16 th_dport;
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 th_res:4;
__u8 th_off:4;
#else
__u8 th_off:4;
__u8 th_res:4;
#endif
__u8 th_flags;
__u16 th_win;
__u16 th_sum;
__u16 th_urp;
} tcphdr_t;
typedef struct {
__u16 uh_sport;
__u16 uh_dport;
__s16 uh_ulen;
__u16 uh_sum;
} udphdr_t;
typedef struct {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
defined(vax)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
__u8 ip_hl:4;
__u8 ip_v:4;
# endif
__u8 ip_tos;
__u16 ip_len;
__u16 ip_id;
__u16 ip_off;
__u8 ip_ttl;
__u8 ip_p;
__u16 ip_sum;
struct in_addr ip_src;
struct in_addr ip_dst;
} ip_t;
typedef struct {
__u8 ether_dhost[6];
__u8 ether_shost[6];
__u16 ether_type;
} ether_header_t;
typedef struct icmp {
u_char icmp_type; /* type of message, see below */
u_char icmp_code; /* type sub code */
u_short icmp_cksum; /* ones complement cksum of struct */
union {
u_char ih_pptr; /* ICMP_PARAMPROB */
struct in_addr ih_gwaddr; /* ICMP_REDIRECT */
struct ih_idseq {
n_short icd_id;
n_short icd_seq;
} ih_idseq;
int ih_void;
} icmp_hun;
#define icmp_pptr icmp_hun.ih_pptr
#define icmp_gwaddr icmp_hun.ih_gwaddr
#define icmp_id icmp_hun.ih_idseq.icd_id
#define icmp_seq icmp_hun.ih_idseq.icd_seq
#define icmp_void icmp_hun.ih_void
union {
struct id_ts {
n_time its_otime;
n_time its_rtime;
n_time its_ttime;
} id_ts;
struct id_ip {
ip_t idi_ip;
/* options and then 64 bits of data */
} id_ip;
u_long id_mask;
char id_data[1];
} icmp_dun;
#define icmp_otime icmp_dun.id_ts.its_otime
#define icmp_rtime icmp_dun.id_ts.its_rtime
#define icmp_ttime icmp_dun.id_ts.its_ttime
#define icmp_ip icmp_dun.id_ip.idi_ip
#define icmp_mask icmp_dun.id_mask
#define icmp_data icmp_dun.id_data
} icmphdr_t;
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define ifnet device
#else
typedef struct udphdr udphdr_t;
typedef struct tcphdr tcphdr_t;
typedef struct ip ip_t;
typedef struct ether_header ether_header_t;
#endif
#if defined(__SVR4) || defined(__svr4__)
# define bcopy(a,b,c) memmove(b,a,c)
# define bcmp(a,b,c) memcmp(a,b,c)
# define bzero(a,b) memset(a,0,b)
#endif

2
contrib/ipfilter/ipsend/44arp.c
View File

@ -10,9 +10,7 @@
#include <net/if.h>
#include <net/if_dl.h>
#include <net/if_types.h>
#ifndef __osf__
# include <net/route.h>
#endif
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <arpa/inet.h>

2
contrib/ipfilter/ipsend/arp.c
View File

@ -88,7 +88,6 @@ int arp(ip, ether)
sin = (struct sockaddr_in *)&ar.arp_pa;
sin->sin_family = AF_INET;
bcopy(ip, (char *)&sin->sin_addr.s_addr, 4);
#ifndef hpux
if ((hp = gethostbyaddr(ip, 4, AF_INET)))
# if SOLARIS && (SOLARIS2 >= 10)
if (!(ether_hostton(hp->h_name, (struct ether_addr *)ether)))
@ -96,7 +95,6 @@ int arp(ip, ether)
if (!(ether_hostton(hp->h_name, ether)))
# endif
goto savearp;
#endif
if (sfd == -1)
if ((sfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1)

4
contrib/ipfilter/ipsend/dlcommon.c
View File

@ -20,11 +20,7 @@ typedef unsigned long ulong;
#include <sys/types.h>
#include <sys/stream.h>
#include <sys/stropts.h>
#ifdef __osf__
# include <sys/dlpihdr.h>
#else
# include <sys/dlpi.h>
#endif
#include <sys/signal.h>
#include <stdio.h>
#include <string.h>

2
contrib/ipfilter/ipsend/ip.c
View File

@ -17,11 +17,9 @@ static const char rcsid[] = "@(#)$Id$";
#include <netinet/in.h>
#include <netinet/ip.h>
#include <sys/param.h>
#ifndef linux
# include <net/route.h>
# include <netinet/if_ether.h>
# include <netinet/ip_var.h>
#endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>

10
contrib/ipfilter/ipsend/ipresend.c
View File

@ -18,9 +18,7 @@ static const char rcsid[] = "@(#)$Id$";
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@ -37,9 +35,6 @@ extern struct ipread pcap, iphex, iptext;
int opts = 0;
#ifndef DEFAULT_DEVICE
# ifdef linux
char default_device[] = "eth0";
# else
# ifdef sun
char default_device[] = "le0";
# else
@ -49,15 +44,10 @@ char default_device[] = "ln0";
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
char default_device[] = "lan0";
# endif
# endif
# endif
# endif
# endif
#else
char default_device[] = DEFAULT_DEVICE;
#endif

16
contrib/ipfilter/ipsend/ipsend.c
View File

@ -21,14 +21,10 @@ static const char rcsid[] = "@(#)$Id$";
#include <netdb.h>
#include <string.h>
#include <netinet/ip.h>
#ifndef linux
# include <netinet/ip_var.h>
#endif
#include "ipsend.h"
#include "ipf.h"
#ifndef linux
# include <netinet/udp_var.h>
#endif
extern char *optarg;
@ -37,27 +33,15 @@ extern void iplang __P((FILE *));
char options[68];
int opts;
#ifdef linux
char default_device[] = "eth0";
#else
# ifdef ultrix
char default_device[] = "ln0";
# else
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
# ifdef __hpux
char default_device[] = "lan0";
# else
char default_device[] = "le0";
# endif /* __hpux */
# endif /* __sgi */
# endif /* __bsdi__ */
# endif /* ultrix */
#endif /* linux */
static void usage __P((char *));

7
contrib/ipfilter/ipsend/ipsend.h
View File

@ -26,9 +26,6 @@
#include <net/if.h>
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
#endif
/* XXX: The following is needed by tcpip.h */
#include <netinet/ip_var.h>
#include "netinet/tcpip.h"
@ -49,11 +46,7 @@ extern u_32_t buildopts __P((char *, char *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
extern int initdevice __P((char *, int));
extern int sendip __P((int, char *, int));
#ifdef linux
extern struct sock *find_tcp __P((int, struct tcpiphdr *));
#else
extern struct tcpcb *find_tcp __P((int, struct tcpiphdr *));
#endif
extern int ip_resend __P((char *, int, struct ipread *, struct in_addr, char *));
extern void ip_test1 __P((char *, int, ip_t *, struct in_addr, int));

2
contrib/ipfilter/ipsend/ipsopt.c
View File

@ -20,9 +20,7 @@ static const char rcsid[] = "@(#)$Id$";
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include "ipsend.h"

13
contrib/ipfilter/ipsend/iptest.c
View File

@ -18,12 +18,7 @@ static const char rcsid[] = "@(#)$Id$";
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
#include <netinet/ip_var.h>
#endif
#ifdef linux
#include <linux/sockios.h>
#endif
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
@ -36,9 +31,6 @@ extern char *optarg;
extern int optind;
char options[68];
#ifdef linux
char default_device[] = "eth0";
#else
# ifdef sun
char default_device[] = "le0";
# else
@ -48,15 +40,10 @@ char default_device[] = "ln0";
# ifdef __bsdi__
char default_device[] = "ef0";
# else
# ifdef __sgi
char default_device[] = "ec0";
# else
char default_device[] = "lan0";
# endif
# endif
# endif
# endif
#endif
static void usage __P((char *));
int main __P((int, char **));

22
contrib/ipfilter/ipsend/iptests.c
View File

@ -21,7 +21,6 @@ static const char rcsid[] = "@(#)$Id$";
typedef int boolean_t;
#endif
#include <sys/time.h>
#if !defined(__osf__)
# ifdef __NetBSD__
# include <machine/lock.h>
# include <machine/mutex.h>
@ -37,7 +36,6 @@ typedef int boolean_t;
# endif
# undef _KERNEL
# undef KERNEL
#endif
#if !defined(solaris) && !defined(linux) && !defined(__sgi)
# include <nlist.h>
# include <sys/user.h>
@ -66,24 +64,13 @@ typedef int boolean_t;
#endif
#include <netinet/in_systm.h>
#include <sys/socket.h>
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
#endif
#include <net/if.h>
#if defined(linux) && (LINUX >= 0200)
# include <asm/atomic.h>
#endif
#if !defined(linux)
# if defined(__FreeBSD__)
# include "radix_ipf.h"
# endif
# if !defined(solaris)
# include <net/route.h>
# endif
#else
# define __KERNEL__ /* because there's a macro not wrapped by this */
# include <net/route.h> /* in this file :-/ */
#endif
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
@ -94,20 +81,13 @@ typedef int boolean_t;
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
#if !defined(linux)
# include <netinet/ip_var.h>
# if !defined(__hpux) && !defined(solaris)
# include <netinet/in_pcb.h>
# endif
#endif
#include "ipsend.h"
#if !defined(linux) && !defined(__hpux)
# include <netinet/tcp_timer.h>
# include <netinet/tcp_var.h>
#endif
#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 106000000)
# define USE_NANOSLEEP
#endif
@ -951,9 +931,7 @@ void ip_test5(dev, mtu, ip, gwip, ptest)
int nfd, i;
t = (tcphdr_t *)((char *)ip + (IP_HL(ip) << 2));
#if !defined(linux) && !defined(__osf__)
t->th_x2 = 0;
#endif
TCP_OFF_A(t, 0);
t->th_sport = htons(1);
t->th_dport = htons(1);

2
contrib/ipfilter/ipsend/resend.c
View File

@ -19,10 +19,8 @@ static const char rcsid[] = "@(#)$Id$";
#include <arpa/inet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
# include <netinet/ip_var.h>
# include <netinet/if_ether.h>
#endif
#include <stdio.h>
#include <netdb.h>
#include <string.h>

7
contrib/ipfilter/ipsend/sdlpi.c
View File

@ -25,14 +25,7 @@
# include <sys/pfmod.h>
# include <sys/bufmod.h>
#endif
#ifdef __osf__
# include <sys/dlpihdr.h>
#else
# include <sys/dlpi.h>
#endif
#ifdef __hpux
# include <sys/dlpi_ext.h>
#endif
#include <net/if.h>
#include <netinet/in.h>

4
contrib/ipfilter/ipsend/sock.c
View File

@ -29,7 +29,6 @@ typedef int boolean_t;
#else
# include <sys/dir.h>
#endif
#if !defined(__osf__)
# ifdef __NetBSD__
# include <machine/lock.h>
# endif
@ -50,7 +49,6 @@ typedef int boolean_t;
# undef _KERNEL
# undef KERNEL
# endif
#endif
#include <nlist.h>
#include <sys/user.h>
#include <sys/socket.h>
@ -74,9 +72,7 @@ typedef int boolean_t;
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <net/if.h>
#ifndef __osf__
# include <net/route.h>
#endif
#include <netinet/ip_var.h>
#define _WANT_INPCB
#include <netinet/in_pcb.h>

3
contrib/ipfilter/lib/getifname.c
View File

@ -25,9 +25,6 @@ char *getifname(ptr)
# include <sys/mutex.h>
# include <sys/condvar.h>
# endif
# ifdef __hpux
# include "compat.h"
# endif
# include "../pfil/qif.h"
char *ifname;
qif_t qif;

8
contrib/ipfilter/lib/getproto.c
View File

@ -23,14 +23,6 @@ int getproto(name)
if (*s == '\0')
return atoi(name);
#ifdef _AIX51
/*
* For some bogus reason, "ip" is 252 in /etc/protocols on AIX 5
* The IANA has doubled up on the definition of 0 - it is now also
* used for IPv6 hop-opts, so we can no longer rely on /etc/protocols
* providing the correct name->number mapping
*/
#endif
if (!strcasecmp(name, "ip"))
return 0;

2
contrib/ipfilter/lib/inet_addr.c
View File

@ -72,7 +72,6 @@ static const char rcsid[] = "@(#)$Id: inet_addr.c,v 1.8.2.3 2004/12/09 19:41:20
# define __P(x) ()
# endif
#endif
#ifndef linux
int inet_aton __P((const char *, struct in_addr *));
/*
@ -189,7 +188,6 @@ inet_aton(cp, addr)
addr->s_addr = htonl(val);
return (1);
}
#endif
/* these are compatibility routines, not needed on recent BSD releases */

79
contrib/ipfilter/lib/kmem.c
View File

@ -18,9 +18,7 @@
#include <string.h>
#include <fcntl.h>
#include <sys/file.h>
#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && !defined(linux) && !defined(_AIX51)
#include <kvm.h>
#endif
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
@ -29,9 +27,6 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/if.h>
#if defined(linux) || defined(__osf__) || defined(__sgi) || defined(__hpux)
# include <stdlib.h>
#endif
#include "kmem.h"
@ -46,82 +41,8 @@ static const char rcsid[] = "@(#)$Id$";
#if !defined(__sgi) && !defined(__hpux) && !defined(__osf__) && \
!defined(linux) && !defined(_AIX51)
/*
* For all platforms where there is a libkvm and a kvm_t, we use that...
*/
static kvm_t *kvm_f = NULL;
#else
/*
*...and for the others (HP-UX, IRIX, Tru64), we have to provide our own.
*/
typedef int * kvm_t;
static kvm_t kvm_f = NULL;
static char *kvm_errstr = NULL;
kvm_t kvm_open __P((char *, char *, char *, int, char *));
int kvm_read __P((kvm_t, u_long, char *, size_t));
kvm_t kvm_open(kernel, core, swap, mode, errstr)
char *kernel, *core, *swap;
int mode;
char *errstr;
{
kvm_t k;
int fd;
kvm_errstr = errstr;
if (core == NULL)
core = "/dev/kmem";
fd = open(core, mode);
if (fd == -1)
return NULL;
k = malloc(sizeof(*k));
if (k == NULL)
return NULL;
*k = fd;
return k;
}
int kvm_read(kvm, pos, buffer, size)
kvm_t kvm;
u_long pos;
char *buffer;
size_t size;
{
int r = 0, left;
char *bufp;
if (lseek(*kvm, pos, 0) == -1) {
if (kvm_errstr != NULL) {
fprintf(stderr, "%s", kvm_errstr);
perror("lseek");
}
return -1;
}
for (bufp = buffer, left = size; left > 0; bufp += r, left -= r) {
r = read(*kvm, bufp, left);
#ifdef __osf__
/*
* Tru64 returns "0" for successful operation, not the number
* of bytes read.
*/
if (r == 0)
r = left;
#endif
if (r <= 0)
return -1;
}
return r;
}
#endif /* !defined(__sgi) && !defined(__hpux) && !defined(__osf__) */
int openkmem(kern, core)
char *kern, *core;

13
contrib/ipfilter/lib/printproto.c
View File

@ -27,14 +27,6 @@ printproto(pr, p, np)
PRINTF("udp");
else if (np->in_flags & IPN_ICMPQUERY)
PRINTF("icmp");
#ifdef _AIX51
/*
* To make up for "ip = 252" and "hopopt = 0" in /etc/protocols
* The IANA has doubled up on the definition of 0 - it is now
* also used for IPv6 hop-opts, so we can no longer rely on
* /etc/protocols providing the correct name->number mapping.
*/
#endif
else if (np->in_pr[0] == 0)
PRINTF("ip");
else if (pr != NULL)
@ -42,11 +34,6 @@ printproto(pr, p, np)
else
PRINTF("%d", np->in_pr[0]);
} else {
#ifdef _AIX51
if (p == 0)
PRINTF("ip");
else
#endif
if (pr != NULL)
PRINTF("%s", pr->p_name);
else

7
contrib/ipfilter/md5.c
View File

@ -35,16 +35,11 @@
***********************************************************************
*/
#if defined(linux) && defined(_KERNEL)
extern void *memcpy(void *, const void *, unsigned long);
# define bcopy(a,b,c) memcpy(b,a,c)
#else
# if defined(_KERNEL) && !defined(__sgi)
# if defined(_KERNEL)
# include <sys/systm.h>
# else
# include <string.h>
# endif
#endif
#include "md5.h"

164
contrib/ipfilter/ml_ipl.c
View File

@ -1,164 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/conf.h>
#include <sys/syslog.h>
#include <sys/buf.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/vnode.h>
#include <sundev/mbvar.h>
#include <sun/autoconf.h>
#include <sun/vddrv.h>
#if defined(sun4c) || defined(sun4m)
#include <sun/openprom.h>
#endif
#ifndef IPL_NAME
#define IPL_NAME "/dev/ipf"
#endif
extern int ipfattach(), ipfopen(), ipfclose(), ipfioctl(), ipfread();
extern int nulldev(), ipfidentify(), errno;
struct cdevsw ipfdevsw =
{
ipfopen, ipfclose, ipfread, nulldev,
ipfioctl, nulldev, nulldev, nulldev,
0, nulldev,
};
struct dev_ops ipf_ops =
{
1,
ipfidentify,
ipfattach,
ipfopen,
ipfclose,
ipfread,
NULL, /* write */
NULL, /* strategy */
NULL, /* dump */
0, /* psize */
ipfioctl,
NULL, /* reset */
NULL /* mmap */
};
int ipf_major = 0;
#ifdef sun4m
struct vdldrv vd =
{
VDMAGIC_PSEUDO,
"ipf",
&ipf_ops,
NULL,
&ipfdevsw,
0,
0,
NULL,
NULL,
NULL,
0,
1,
};
#else /* sun4m */
struct vdldrv vd =
{
VDMAGIC_PSEUDO, /* magic */
"ipf", /* name */
#ifdef sun4c
&ipf_ops, /* dev_ops */
#else
NULL, /* struct mb_ctlr *mb_ctlr */
NULL, /* struct mb_driver *mb_driver */
NULL, /* struct mb_device *mb_device */
0, /* num ctlrs */
1, /* numdevs */
#endif /* sun4c */
NULL, /* bdevsw */
&ipfdevsw, /* cdevsw */
0, /* block major */
0, /* char major */
};
#endif /* sun4m */
extern int vd_unuseddev();
extern struct cdevsw cdevsw[];
extern int nchrdev;
xxxinit(fc, vdp, vdi, vds)
u_int fc;
struct vddrv *vdp;
caddr_t vdi;
struct vdstat *vds;
{
struct vdlinkage *v;
int i;
switch (fc)
{
case VDLOAD:
while (ipf_major < nchrdev &&
cdevsw[ipf_major].d_open != vd_unuseddev)
ipf_major++;
if (ipf_major == nchrdev)
return ENODEV;
vd.Drv_charmajor = ipf_major;
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
return ipf_attach(vdi);
case VDUNLOAD:
return unload(vdp, vdi);
case VDSTAT:
return 0;
default:
return EIO;
}
}
static unload(vdp, vdi)
struct vddrv *vdp;
struct vdioctl_unload *vdi;
{
int i;
(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
return ipfdetach();
}
static int ipf_attach(vdi)
struct vdioctl_load *vdi;
{
struct vnode *vp;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600;
(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
vattr_null(&vattr);
vattr.va_type = MFTOVT(fmode);
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = ipf_major<<8;
error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error == 0)
VN_RELE(vp);
return ipfattach(0);
}

596
contrib/ipfilter/mlf_ipl.c
View File

@ -1,596 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/param.h>
#ifdef IPFILTER_LKM
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
# define ACTUALLY_LKM_NOT_KERNEL
#else
# ifndef __FreeBSD_cc_version
# include <sys/osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <sys/osreldate.h>
# endif
# endif
#endif
#include <sys/systm.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
# ifndef ACTUALLY_LKM_NOT_KERNEL
# include "opt_devfs.h"
# endif
# include <sys/conf.h>
# include <sys/kernel.h>
# ifdef DEVFS
# include <sys/devfsext.h>
# endif /*DEVFS*/
#endif
#include <sys/conf.h>
#include <sys/file.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
# include <sys/lock.h>
#endif
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#if BSD >= 199506
# include <sys/sysctl.h>
#endif
#if (__FreeBSD_version >= 300000)
# include <sys/socket.h>
#endif
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/sysent.h>
#include <sys/lkm.h>
#include "netinet/ipl.h"
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_state.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_auth.h"
#include "netinet/ip_frag.h"
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
int xxxinit __P((struct lkm_table *, int, int));
#ifdef SYSCTL_OID
int sysctl_ipf_int SYSCTL_HANDLER_ARGS;
# define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
ptr, val, sysctl_ipf_int, "I", descr);
# define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
# define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
&ipf_tcpidletimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
&ipf_tcphalfclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
&ipf_tcpclosewait, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
&ipf_tcplastack, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
&ipf_tcptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
&ipf_tcpclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
&ipf_udptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
&ipf_icmptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
&ipf_defnatage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
&ipf_ipfrttl, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
&ipf_running, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
&ipf_statesize, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
&ipf_statemax, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
&ipf_authsize, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
&ipf_authused, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
&ipf_defaultauthage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
&ippr_ftp_pasvonly, 0, "");
#endif
#ifdef DEVFS
static void *ipf_devfs[IPL_LOGSIZE];
#endif
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
int ipf_major = 0;
static struct cdevsw ipfdevsw =
{
ipfopen, /* open */
ipfclose, /* close */
ipfread, /* read */
(void *)nullop, /* write */
ipfioctl, /* ioctl */
(void *)nullop, /* stop */
(void *)nullop, /* reset */
(void *)NULL, /* tty */
(void *)nullop, /* select */
(void *)nullop, /* mmap */
NULL /* strategy */
};
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
extern struct cdevsw cdevsw[];
extern int vd_unuseddev __P((void));
extern int nchrdev;
#else
static struct cdevsw ipf_cdevsw = {
ipfopen, ipfclose, ipfread, nowrite, /* 79 */
ipfioctl, nostop, noreset, nodevtotty,
#if (__FreeBSD_version >= 300000)
seltrue, nommap, nostrategy, "ipf",
#else
noselect, nommap, nostrategy, "ipf",
#endif
NULL, -1
};
#endif
static void ipf_drvinit __P((void *));
#ifdef ACTUALLY_LKM_NOT_KERNEL
static int if_ipf_unload __P((struct lkm_table *, int));
static int if_ipf_load __P((struct lkm_table *, int));
static int if_ipf_remove __P((void));
static int ipf_major = CDEV_MAJOR;
static int ipfaction __P((struct lkm_table *, int));
static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
IPL_SCAN, IPL_SYNC, IPL_POOL, NULL };
extern int lkmenodev __P((void));
static int ipfaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
int i = ipf_major;
struct lkm_dev *args = lkmtp->private.lkm_dev;
#endif
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == lkmenodev ||
cdevsw[i].d_open == ipfopen)
break;
if (i == nchrdev) {
printf("IP Filter: No free cdevsw slots\n");
return ENODEV;
}
ipf_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
#endif
printf("IP Filter: loaded into slot %d\n", ipf_major);
err = if_ipf_load(lkmtp, cmd);
if (!err)
ipf_drvinit((void *)NULL);
return err;
break;
case LKM_E_UNLOAD :
err = if_ipf_unload(lkmtp, cmd);
if (!err) {
printf("IP Filter: unloaded from slot %d\n",
ipf_major);
#ifdef DEVFS
if (ipf_devfs[IPL_LOGIPF])
devfs_remove_dev(ipf_devfs[IPL_LOGIPF]);
if (ipf_devfs[IPL_LOGNAT])
devfs_remove_dev(ipf_devfs[IPL_LOGNAT]);
if (ipf_devfs[IPL_LOGSTATE])
devfs_remove_dev(ipf_devfs[IPL_LOGSTATE]);
if (ipf_devfs[IPL_LOGAUTH])
devfs_remove_dev(ipf_devfs[IPL_LOGAUTH]);
if (ipf_devfs[IPL_LOGSCAN])
devfs_remove_dev(ipf_devfs[IPL_LOGSCAN]);
if (ipf_devfs[IPL_LOGSYNC])
devfs_remove_dev(ipf_devfs[IPL_LOGSYNC]);
if (ipf_devfs[IPL_LOGLOOKUP])
devfs_remove_dev(ipf_devfs[IPL_LOGLOOKUP]);
#endif
}
return err;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return 0;
}
static int if_ipf_remove __P((void))
{
char *name;
struct nameidata nd;
int error, i;
for (i = 0; (name = ipf_devfiles[i]); i++) {
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
if ((error = namei(&nd)))
return (error);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
#if (__FreeBSD_version >= 300000)
VOP_LOCK(nd.ni_vp, LK_RETRY | LK_EXCLUSIVE, curproc);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
if (nd.ni_vp != NULLVP)
vput(nd.ni_vp);
#else
VOP_LOCK(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
#endif
}
return 0;
}
static int if_ipf_unload(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int error = 0;
error = ipfdetach();
if (!error)
error = if_ipf_remove();
return error;
}
static int if_ipf_load(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
struct nameidata nd;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
error = ipfattach();
if (error)
return error;
(void) if_ipf_remove();
for (i = 0; (name = ipf_devfiles[i]); i++) {
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
if ((error = namei(&nd)))
return error;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
return (EEXIST);
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
#if (__FreeBSD_version >= 300000)
vput(nd.ni_dvp);
#endif
if (error)
return error;
}
return 0;
}
#endif /* actually LKM */
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
/*
* strlen isn't present in 2.1.* kernels.
*/
size_t strlen(string)
char *string;
{
register char *s;
for (s = string; *s; s++)
;
return (size_t)(s - string);
}
int xxxinit(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
}
#else /* __FREEBSD_version >= 220000 */
# ifdef IPFILTER_LKM
# include <sys/exec.h>
# if (__FreeBSD_version >= 300000)
MOD_DEV(if_ipf, LM_DT_CHAR, CDEV_MAJOR, &ipf_cdevsw);
# else
MOD_DECL(if_ipf);
static struct lkm_dev _module = {
LM_DEV,
LKM_VERSION,
IPL_VERSION,
CDEV_MAJOR,
LM_DT_CHAR,
{ (void *)&ipf_cdevsw }
};
# endif
int if_ipf __P((struct lkm_table *, int, int));
int if_ipf(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
# if (__FreeBSD_version >= 300000)
MOD_DISPATCH(if_ipf, lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
# else
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
# endif
}
# endif /* IPFILTER_LKM */
static ipf_devsw_installed = 0;
static void ipf_drvinit __P((void *unused))
{
dev_t dev;
# ifdef DEVFS
void **tp = ipf_devfs;
# endif
if (!ipf_devsw_installed ) {
dev = makedev(CDEV_MAJOR, 0);
cdevsw_add(&dev, &ipf_cdevsw, NULL);
ipf_devsw_installed = 1;
# ifdef DEVFS
tp[IPL_LOGIPF] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGIPF,
DV_CHR, 0, 0, 0600, "ipf");
tp[IPL_LOGNAT] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGNAT,
DV_CHR, 0, 0, 0600, "ipnat");
tp[IPL_LOGSTATE] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGSTATE,
DV_CHR, 0, 0, 0600,
"ipstate");
tp[IPL_LOGAUTH] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGAUTH,
DV_CHR, 0, 0, 0600,
"ipauth");
# endif
}
}
#ifdef SYSCTL_IPF
int
sysctl_ipf_int SYSCTL_HANDLER_ARGS
{
int error = 0;
if (arg1)
error = SYSCTL_OUT(req, arg1, sizeof(int));
else
error = SYSCTL_OUT(req, &arg2, sizeof(int));
if (error || !req->newptr)
return (error);
if (!arg1)
error = EPERM;
else {
if ((oidp->oid_kind & CTLFLAG_OFF) && (ipf_running > 0))
error = EBUSY;
else
error = SYSCTL_IN(req, arg1, sizeof(int));
}
return (error);
}
#endif
# if defined(IPFILTER_LKM) || \
defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
SYSINIT(ipfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipf_drvinit,NULL)
# endif /* IPFILTER_LKM */
#endif /* _FreeBSD_version */
/*
* routines below for saving IP headers to buffer
*/
int ipfopen(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
int ipfclose(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
int ipfread(dev, uio, ioflag)
int ioflag;
#else
int ipfread(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
register struct uio *uio;
{
u_int unit = GET_MINOR(dev);
if (unit < 0)
return ENXIO;
if (ipf_running < 1)
return EIO;
if (unit == IPL_LOGSYNC)
return ipfsync_read(uio);
#ifdef IPFILTER_LOG
return ipflog_read(unit, uio);
#else
return ENXIO;
#endif
}
/*
* ipfwrite
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
int ipfwrite(dev, uio, ioflag)
int ioflag;
#else
int ipfwrite(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
register struct uio *uio;
{
if (ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipfsync_write(uio);
return ENXIO;
}

168
contrib/ipfilter/mlf_rule.c
View File

@ -1,168 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/param.h>
#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
# ifdef IPFILTER_LKM
# include <osreldate.h>
# define ACTUALLY_LKM_NOT_KERNEL
# else
# include <sys/osreldate.h>
# endif
#endif
#include <sys/systm.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
# include <sys/conf.h>
# include <sys/kernel.h>
# ifdef DEVFS
# include <sys/devfsext.h>
# endif /*DEVFS*/
#endif
#include <sys/conf.h>
#include <sys/file.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
# include <sys/lock.h>
#endif
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#if BSD >= 199506
# include <sys/sysctl.h>
#endif
#if (__FreeBSD_version >= 300000)
# include <sys/socket.h>
#endif
#if (__FreeBSD_version >= 199511)
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#endif
#if (__FreeBSD__ > 1)
# include <sys/sysent.h>
#endif
#include <sys/lkm.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_rules.h"
int xxxinit __P((struct lkm_table *, int, int));
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
#endif
static int ipfrule_ioctl __P((struct lkm_table *, int));
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
int xxxinit(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
}
#else /* __FREEBSD_version >= 220000 */
# ifdef IPFILTER_LKM
# include <sys/exec.h>
# if (__FreeBSD_version >= 300000)
MOD_MISC(ipfrule);
# else
MOD_DECL(ipfrule);
static struct lkm_misc _module = {
LM_MISC,
LKM_VERSION,
"IP Filter rules",
0,
};
# endif
int ipfrule __P((struct lkm_table *, int, int));
int ipfrule(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
# if (__FreeBSD_version >= 300000)
MOD_DISPATCH(ipfrule, lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl,
ipfrule_ioctl);
# else
DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
# endif
}
# endif /* IPFILTER_LKM */
int ipfrule_load(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
return ipfrule_add();
}
int ipfrule_unload(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
return ipfrule_remove();
}
static int ipfrule_ioctl(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
err = ipfrule_load(lkmtp, cmd);
if (!err)
ipf_refcnt++;
break;
case LKM_E_UNLOAD :
err = ipfrule_unload(lkmtp, cmd);
if (!err)
ipf_refcnt--;
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
#endif /* _FreeBSD_version */

529
contrib/ipfilter/mlfk_ipl.c
View File

@ -1,529 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/select.h>
#if __FreeBSD_version >= 500000
# include <sys/selinfo.h>
#endif
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include "netinet/ipl.h"
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_state.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_auth.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_sync.h"
extern ipf_main_softc_t ipfmain;
#if __FreeBSD_version >= 502116
static struct cdev *ipf_devs[IPL_LOGSIZE];
#else
static dev_t ipf_devs[IPL_LOGSIZE];
#endif
#if 0
static int sysctl_ipf_int ( SYSCTL_HANDLER_ARGS );
#endif
static int ipf_modload(void);
static int ipf_modunload(void);
#if (__FreeBSD_version >= 500024)
# if (__FreeBSD_version >= 502116)
static int ipfopen __P((struct cdev*, int, int, struct thread *));
static int ipfclose __P((struct cdev*, int, int, struct thread *));
# else
static int ipfopen __P((dev_t, int, int, struct thread *));
static int ipfclose __P((dev_t, int, int, struct thread *));
# endif /* __FreeBSD_version >= 502116 */
#else
static int ipfopen __P((dev_t, int, int, struct proc *));
static int ipfclose __P((dev_t, int, int, struct proc *));
#endif
#if (__FreeBSD_version >= 502116)
static int ipfread __P((struct cdev*, struct uio *, int));
static int ipfwrite __P((struct cdev*, struct uio *, int));
#else
static int ipfread __P((dev_t, struct uio *, int));
static int ipfwrite __P((dev_t, struct uio *, int));
#endif /* __FreeBSD_version >= 502116 */
SYSCTL_DECL(_net_inet);
#define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
ptr, val, sysctl_ipf_int, "I", descr);
#define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
#define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
#if 0
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
&ipf_tcpidletimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
&ipf_tcphalfclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
&ipf_tcpclosewait, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
&ipf_tcplastack, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
&ipf_tcptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
&ipf_tcpclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
&ipf_udptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RWO,
&ipf_udpacktimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
&ipf_icmptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
&ipf_nat_defage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
&ipf_ipfrttl, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
&ipf_running, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
&ipf_state_size, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
&ipf_state_max, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_nattable_sz, CTLFLAG_RWO,
&ipf_nat_table_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_natrules_sz, CTLFLAG_RWO,
&ipf_nat_maprules_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_rdrrules_sz, CTLFLAG_RWO,
&ipf_nat_rdrrules_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_hostmap_sz, CTLFLAG_RWO,
&ipf_nat_hostmap_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
&ipf_auth_size, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
&ipf_auth_used, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
&ipf_auth_defaultage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
#endif
#define CDEV_MAJOR 79
#include <sys/poll.h>
#if __FreeBSD_version >= 500043
# include <sys/select.h>
static int ipfpoll(struct cdev *dev, int events, struct thread *td);
static struct cdevsw ipf_cdevsw = {
#if __FreeBSD_version >= 502103
.d_version = D_VERSION,
.d_flags = 0, /* D_NEEDGIANT - Should be SMP safe */
#endif
.d_open = ipfopen,
.d_close = ipfclose,
.d_read = ipfread,
.d_write = ipfwrite,
.d_ioctl = ipfioctl,
.d_poll = ipfpoll,
.d_name = "ipf",
#if __FreeBSD_version < 600000
.d_maj = CDEV_MAJOR,
#endif
};
#else
static int ipfpoll(dev_t dev, int events, struct proc *td);
static struct cdevsw ipf_cdevsw = {
/* open */ ipfopen,
/* close */ ipfclose,
/* read */ ipfread,
/* write */ ipfwrite,
/* ioctl */ ipfioctl,
/* poll */ ipfpoll,
/* mmap */ nommap,
/* strategy */ nostrategy,
/* name */ "ipf",
/* maj */ CDEV_MAJOR,
/* dump */ nodump,
/* psize */ nopsize,
/* flags */ 0,
# if (__FreeBSD_version < 500043)
/* bmaj */ -1,
# endif
# if (__FreeBSD_version >= 430000)
/* kqfilter */ NULL
# endif
};
#endif
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME, IPAUTH_NAME,
IPSYNC_NAME, IPSCAN_NAME, IPLOOKUP_NAME, NULL };
static int
ipfilter_modevent(module_t mod, int type, void *unused)
{
int error = 0;
switch (type)
{
case MOD_LOAD :
error = ipf_modload();
break;
case MOD_UNLOAD :
error = ipf_modunload();
break;
default:
error = EINVAL;
break;
}
return error;
}
static int
ipf_modload()
{
char *defpass, *c, *str;
int i, j, error;
if (ipf_load_all() != 0)
return EIO;
if (ipf_create_all(&ipfmain) == NULL)
return EIO;
error = ipfattach(&ipfmain);
if (error)
return error;
for (i = 0; i < IPL_LOGSIZE; i++)
ipf_devs[i] = NULL;
for (i = 0; (str = ipf_devfiles[i]); i++) {
c = NULL;
for(j = strlen(str); j > 0; j--)
if (str[j] == '/') {
c = str + j + 1;
break;
}
if (!c)
c = str;
ipf_devs[i] = make_dev(&ipf_cdevsw, i, 0, 0, 0600, c);
}
error = ipf_pfil_hook();
if (error != 0)
return error;
ipf_event_reg();
if (FR_ISPASS(ipfmain.ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipfmain.ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
return 0;
}
static int
ipf_modunload()
{
int error, i;
if (ipfmain.ipf_refcnt)
return EBUSY;
error = ipf_pfil_unhook();
if (error != 0)
return error;
if (ipfmain.ipf_running >= 0) {
error = ipfdetach(&ipfmain);
if (error != 0)
return error;
ipf_destroy_all(&ipfmain);
ipf_unload_all();
} else
error = 0;
ipfmain.ipf_running = -2;
for (i = 0; ipf_devfiles[i]; i++) {
if (ipf_devs[i] != NULL)
destroy_dev(ipf_devs[i]);
}
printf("%s unloaded\n", ipfilter_version);
return error;
}
static moduledata_t ipfiltermod = {
"ipfilter",
ipfilter_modevent,
0
};
DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
#ifdef MODULE_VERSION
MODULE_VERSION(ipfilter, 1);
#endif
#if 0
#ifdef SYSCTL_IPF
int
sysctl_ipf_int ( SYSCTL_HANDLER_ARGS )
{
int error = 0;
if (arg1)
error = SYSCTL_OUT(req, arg1, sizeof(int));
else
error = SYSCTL_OUT(req, &arg2, sizeof(int));
if (error || !req->newptr)
return (error);
if (!arg1)
error = EPERM;
else {
if ((oidp->oid_kind & CTLFLAG_OFF) && (ipfmain.ipf_running > 0))
error = EBUSY;
else
error = SYSCTL_IN(req, arg1, sizeof(int));
}
return (error);
}
#endif
#endif
static int
#if __FreeBSD_version >= 500043
ipfpoll(struct cdev *dev, int events, struct thread *td)
#else
ipfpoll(dev_t dev, int events, struct proc *td)
#endif
{
u_int unit = GET_MINOR(dev);
int revents;
if (unit < 0 || unit > IPL_LOGMAX)
return 0;
revents = 0;
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
#ifdef IPFILTER_LOG
if ((events & (POLLIN | POLLRDNORM)) && ipf_log_canread(&ipfmain, unit))
revents |= events & (POLLIN | POLLRDNORM);
#endif
break;
case IPL_LOGAUTH :
if ((events & (POLLIN | POLLRDNORM)) && ipf_auth_waiting(&ipfmain))
revents |= events & (POLLIN | POLLRDNORM);
break;
case IPL_LOGSYNC :
if ((events & (POLLIN | POLLRDNORM)) && ipf_sync_canread(&ipfmain))
revents |= events & (POLLIN | POLLRDNORM);
if ((events & (POLLOUT | POLLWRNORM)) && ipf_sync_canwrite(&ipfmain))
revents |= events & (POLLOUT | POLLWRNORM);
break;
case IPL_LOGSCAN :
case IPL_LOGLOOKUP :
default :
break;
}
if ((revents == 0) && ((events & (POLLIN|POLLRDNORM)) != 0))
selrecord(td, &ipfmain.ipf_selwait[unit]);
return revents;
}
/*
* routines below for saving IP headers to buffer
*/
static int ipfopen(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
int error;
if (IPL_LOGMAX < unit)
error = ENXIO;
else {
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
case IPL_LOGAUTH :
case IPL_LOGLOOKUP :
case IPL_LOGSYNC :
#ifdef IPFILTER_SCAN
case IPL_LOGSCAN :
#endif
error = 0;
break;
default :
error = ENXIO;
break;
}
}
return error;
}
static int ipfclose(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
static int ipfread(dev, uio, ioflag)
int ioflag;
#else
static int ipfread(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
struct uio *uio;
{
u_int unit = GET_MINOR(dev);
if (unit < 0)
return ENXIO;
if (ipfmain.ipf_running < 1)
return EIO;
if (unit == IPL_LOGSYNC)
return ipf_sync_read(&ipfmain, uio);
#ifdef IPFILTER_LOG
return ipf_log_read(&ipfmain, unit, uio);
#else
return ENXIO;
#endif
}
/*
* ipfwrite
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
static int ipfwrite(dev, uio, ioflag)
int ioflag;
#else
static int ipfwrite(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
struct uio *uio;
{
if (ipfmain.ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipf_sync_write(&ipfmain, uio);
return ENXIO;
}

114
contrib/ipfilter/mlh_rule.c
View File

@ -1,114 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
/*typedef unsigned int spustate_t;*/
struct uio;
#include <sys/types.h>
#include <sys/cmn_err.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/conf.h>
#include <sys/callout.h>
#include <sys/moddefs.h>
#include <sys/io.h>
#include <sys/wsio.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/byteorder.h>
#include <sys/socket.h>
#include <sys/stropts.h>
#include <net/if.h>
#include <net/af.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
/*
* Driver Header
*/
static drv_info_t ipf_drv_info = {
"IP Filter Rules", /* type */
"pseudo", /* class */
DRV_PSEUDO|DRV_SAVE_CONF|DRV_MP_SAFE, /* flags */
-1, /* b_major */
-1, /* c_major */
NULL, /* cdio */
NULL, /* gio_private */
NULL, /* cdio_private */
};
extern struct mod_operations gio_mod_ops;
static drv_info_t ipf_drv_info;
extern struct mod_conf_data ipf_conf_data;
static struct mod_type_data ipf_drv_link = {
IPL_VERSION, (void *)NULL
};
static struct modlink ipf_mod_link[] = {
{ &gio_mod_ops, (void *)&ipf_drv_link },
{ NULL, (void *)NULL }
};
struct modwrapper ipf_wrapper = {
MODREV,
ipf_load,
ipf_unload,
(void (*)())NULL,
(void *)&ipf_conf_data,
ipf_mod_link
};
static int ipf_load(void *arg)
{
int i;
i = ipfrule_add();
if (!i)
ipf_refcnt--;
#ifdef IPFDEBUG
printf("IP Filter Rules: ipfrule_add() = %d\n", i);
#endif
if (!i)
cmn_err(CE_CONT, "IP Filter Rules: Loaded\n");
return i;
}
static int ipf_unload(void *arg)
{
int i;
i = ipfrule_remove();
if (!i)
ipf_refcnt--;
#ifdef IPFDEBUG
printf("IP Filter Rules: ipfrule_remove() = %d\n", i);
#endif
if (!i)
cmn_err(CE_CONT, "IP Filter Rules: Unloaded\n");
return i;
}

355
contrib/ipfilter/mln_ipl.c
View File

@ -1,355 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/param.h>
/*
* Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
* on those hooks. We don't need any special mods with this!
*/
#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
(defined(NetBSD1_2) && NetBSD1_2 > 1)
# define NETBSD_PF
#endif
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/uio.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include <sys/poll.h>
#include <sys/select.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_auth.h"
#include "ip_state.h"
#include "ip_nat.h"
#include "ip_sync.h"
#if !defined(__NetBSD_Version__) || __NetBSD_Version__ < 103050000
#define vn_lock(v,f) VOP_LOCK(v)
#endif
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
extern int lkmenodev __P((void));
#if NetBSD >= 199706
int ipflkm_lkmentry __P((struct lkm_table *, int, int));
#else
int xxxinit __P((struct lkm_table *, int, int));
#endif
static int ipf_unload __P((void));
static int ipf_load __P((void));
static int ipf_remove __P((void));
static int ipfaction __P((struct lkm_table *, int));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
IPLOOKUP_NAME, NULL };
int ipf_major = 0;
extern ipf_main_softc_t ipfmain;
extern const struct cdevsw ipl_cdevsw;
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
MOD_DEV(IPL_VERSION, "ipf", NULL, -1, &ipl_cdevsw, -1);
#else
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
#endif
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
int
#if NetBSD >= 199706
ipflkm_lkmentry(lkmtp, cmd, ver)
#else
xxxinit(lkmtp, cmd, ver)
#endif
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
}
static int
ipfaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
int i;
#endif
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
# if (__NetBSD_Version__ < 200000000)
err = devsw_attach(args->lkm_devname,
args->lkm_bdev, &args->lkm_bdevmaj,
args->lkm_cdev, &args->lkm_cdevmaj);
if (err != 0)
return (err);
# endif
ipf_major = args->lkm_cdevmaj;
#else
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
cdevsw[i].d_open == ipfopen)
break;
if (i == nchrdev) {
printf("IP Filter: No free cdevsw slots\n");
return ENODEV;
}
ipf_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
#endif
printf("IP Filter: loaded into slot %d\n", ipf_major);
return ipf_load();
case LKM_E_UNLOAD :
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
devsw_detach(args->lkm_bdev, args->lkm_cdev);
args->lkm_bdevmaj = -1;
args->lkm_cdevmaj = -1;
#endif
err = ipf_unload();
if (!err)
printf("IP Filter: unloaded from slot %d\n",
ipf_major);
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
static int
ipf_remove()
{
char *name;
struct nameidata nd;
int error, i;
for (i = 0; (name = ipf_devfiles[i]); i++) {
#if (__NetBSD_Version__ > 106009999)
# if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ > 499001400)
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
name);
# else
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
name, curlwp);
# endif
# else
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
name, curproc);
# endif
#else
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
#endif
if ((error = namei(&nd)))
return (error);
#if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ > 399002000)
# if (__NetBSD_Version__ < 499001400)
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
# endif
# else
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
# endif
#else
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
#endif
#if !defined(__NetBSD_Version__) || (__NetBSD_Version__ < 106000000)
vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
#endif
#if (__NetBSD_Version__ >= 399002000)
# if (__NetBSD_Version__ < 499001400)
VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_cred, LEASE_WRITE);
# endif
#else
# if (__NetBSD_Version__ > 399001400)
VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
# else
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
# endif
#endif
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
}
return 0;
}
static int
ipf_unload()
{
int error = 0;
/*
* Unloading - remove the filter rule check from the IP
* input/output stream.
*/
if (ipfmain.ipf_refcnt)
error = EBUSY;
else if (ipfmain.ipf_running >= 0) {
error = ipfdetach(&ipfmain);
if (error == 0) {
ipf_destroy_all(&ipfmain);
ipf_unload_all();
}
}
if (error == 0) {
ipfmain.ipf_running = -2;
error = ipf_remove();
printf("%s unloaded\n", ipfilter_version);
}
return error;
}
static int
ipf_load()
{
struct nameidata nd;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
/*
* XXX Remove existing device nodes prior to creating new ones
* XXX using the assigned LKM device slot's major number. In a
* XXX perfect world we could use the ones specified by cdevsw[].
*/
(void)ipf_remove();
bzero((char *)&ipfmain, sizeof(ipfmain));
error = ipf_load_all();
if (error != 0)
return error;
if (ipf_create_all(&ipfmain) == NULL) {
ipf_unload_all();
return EIO;
}
error = ipfattach(&ipfmain);
if (error != 0) {
(void) ipf_unload();
return error;
}
for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
#if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ > 499001400)
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name);
# else
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curlwp);
# endif
#else
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
#endif
if ((error = namei(&nd)))
break;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
error = EEXIST;
break;
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
#if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ >= 399002000)
# if (__NetBSD_Version__ < 499001400)
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
# endif
# else
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
# endif
#else
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
#endif
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
if (error == 0)
vput(nd.ni_vp);
}
if (error == 0) {
char *defpass;
if (FR_ISPASS(ipfmain.ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipfmain.ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
ipfmain.ipf_running = 1;
}
return error;
}

83
contrib/ipfilter/mln_rule.c
View File

@ -1,83 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/ioctl.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/exec.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
static int ipfruleaction __P((struct lkm_table *, int));
#ifdef IPFILTER_LKM
# if NetBSD >= 199706
int ipfrule_lkmentry __P((struct lkm_table *, int, int));
# else
int xxxinit __P((struct lkm_table *, int, int));
# endif
MOD_MISC("IPFilter Rules");
# if NetBSD >= 199706
int ipfrule_lkmentry(lkmtp, cmd, ver)
# else
int xxxinit(lkmtp, cmd, ver)
# endif
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
}
static int ipfruleaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
err = ipfrule_add();
if (!err)
ipf_refcnt++;
break;
case LKM_E_UNLOAD :
err = ipfrule_remove();
if (!err)
ipf_refcnt--;
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
#endif /* IPFILTER_LKM */

364
contrib/ipfilter/mlo_ipl.c
View File

@ -1,364 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/uio.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#define vn_lock(v,f) VOP_LOCK(v)
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
extern int lkmenodev __P((void));
#if OpenBSD >= 200311
int if_ipf_lkmentry __P((struct lkm_table *, int, int));
#else
int if_ipf __P((struct lkm_table *, int, int));
#endif
static int ipf_unload __P((void));
static int ipf_load __P((void));
static int ipf_remove __P((void));
static int ipfaction __P((struct lkm_table *, int));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
IPLOOKUP_NAME, NULL };
struct cdevsw ipfdevsw =
{
ipfopen, /* open */
ipfclose, /* close */
ipfread, /* read */
(void *)nullop, /* write */
ipfioctl, /* ioctl */
(void *)nullop, /* stop */
(void *)NULL, /* tty */
(void *)nullop, /* select */
(void *)nullop, /* mmap */
NULL /* strategy */
};
int ipf_major = 0;
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
#if OpenBSD >= 200311
int if_ipf_lkmentry (lkmtp, cmd, ver)
#else
int if_ipf(lkmtp, cmd, ver)
#endif
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
}
int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
static int ipfaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int i;
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
cdevsw[i].d_open == ipfopen)
break;
if (i == nchrdev) {
printf("IP Filter: No free cdevsw slots\n");
return ENODEV;
}
ipf_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
printf("IP Filter: loaded into slot %d\n", ipf_major);
return ipf_load();
case LKM_E_UNLOAD :
err = ipf_unload();
if (!err)
printf("IP Filter: unloaded from slot %d\n",
ipf_major);
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
static int ipf_remove()
{
struct nameidata nd;
int error, i;
char *name;
for (i = 0; (name = ipf_devfiles[i]); i++) {
#if OpenBSD >= 200311
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF, UIO_SYSSPACE,
name, curproc);
#else
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
#endif
if ((error = namei(&nd)))
return (error);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
#if OpenBSD < 200311
VOP_LOCK(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY, curproc);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
#else
(void)uvm_vnp_uncache(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
#endif
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
}
return 0;
}
static int ipf_unload()
{
int error = 0;
/*
* Unloading - remove the filter rule check from the IP
* input/output stream.
*/
if (ipf_refcnt)
error = EBUSY;
else if (ipf_running >= 0)
error = ipfdetach();
if (error == 0) {
ipf_running = -2;
error = ipf_remove();
printf("%s unloaded\n", ipfilter_version);
}
return error;
}
static int ipf_load()
{
struct nameidata nd;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
/*
* XXX Remove existing device nodes prior to creating new ones
* XXX using the assigned LKM device slot's major number. In a
* XXX perfect world we could use the ones specified by cdevsw[].
*/
(void)ipf_remove();
error = ipfattach();
for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
if ((error = namei(&nd)))
break;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
error = EEXIST;
break;
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
}
if (error == 0) {
char *defpass;
if (FR_ISPASS(ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
ipf_running = 1;
}
return error;
}
/*
* routines below for saving IP headers to buffer
*/
int
ipfopen(dev, flags, devtype, p)
dev_t dev;
int flags;
int devtype;
struct proc *p;
{
u_int min = GET_MINOR(dev);
int error;
if (IPL_LOGMAX < min) {
error = ENXIO;
} else {
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
case IPL_LOGAUTH :
case IPL_LOGLOOKUP :
case IPL_LOGSYNC :
#ifdef IPFILTER_SCAN
case IPL_LOGSCAN :
#endif
error = 0;
break;
default :
error = ENXIO;
break;
}
}
return error;
}
int
ipfclose(dev, flags, devtype, p)
dev_t dev;
int flags;
int devtype;
struct proc *p;
{
u_int min = GET_MINOR(dev);
if (IPL_LOGMAX < min)
min = ENXIO;
else
min = 0;
return min;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int
ipfread(dev, uio, ioflag)
dev_t dev;
register struct uio *uio;
int ioflag;
{
if (ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipfsync_read(uio);
#ifdef IPFILTER_LOG
return ipflog_read(GET_MINOR(dev), uio);
#else
return ENXIO;
#endif
}
/*
* ipfwrite
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int
#if (BSD >= 199306)
ipfwrite(dev, uio, ioflag)
int ioflag;
#else
ipfwrite(dev, uio)
#endif
dev_t dev;
register struct uio *uio;
{
if (ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipfsync_write(uio);
return ENXIO;
}

80
contrib/ipfilter/mlo_rule.c
View File

@ -1,80 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/ioctl.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/exec.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
#ifdef IPFILTER_LKM
static int ipfruleaction __P((struct lkm_table *, int));
int ipfrule __P((struct lkm_table *, int, int));
MOD_MISC("IPFilter Rules");
int ipfrule(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
}
int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
static int ipfruleaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
err = ipfrule_add();
if (!err)
ipf_refcnt++;
break;
case LKM_E_UNLOAD :
err = ipfrule_remove();
if (!err)
ipf_refcnt--;
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
#endif /* IPFILTER_LKM */

351
contrib/ipfilter/mls_ipl.c
View File

@ -1,351 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/conf.h>
#include <sys/syslog.h>
#include <sys/buf.h>
#include <sys/mbuf.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/vnode.h>
#include <sundev/mbvar.h>
#include <sun/autoconf.h>
#include <sun/vddrv.h>
#if defined(sun4c) || defined(sun4m)
# include <sun/openprom.h>
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#if !defined(lint)
static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
extern int ipfdetach __P((void));
#ifndef IPFILTER_LOG
#define ipfread nulldev
#endif
extern int nulldev __P((void));
extern int errno;
extern int nodev __P((void));
static int unload __P((void));
static int ipf_attach __P((void));
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
IPLOOKUP_NAME, NULL };
static int ipfopen __P((dev_t, int));
static int ipfclose __P((dev_t, int));
static int ipfread __P((dev_t, struct uio *));
static int ipfwrite __P((dev_t, struct uio *));
struct cdevsw ipfdevsw =
{
ipfopen, ipfclose, ipfread, nulldev,
ipfioctl, nulldev, nulldev, nulldev,
0, nulldev,
};
struct dev_ops ipf_ops =
{
1,
ipfidentify,
ipfattach,
ipfopen,
ipfclose,
ipfread,
ipfwrite,
NULL, /* strategy */
NULL, /* dump */
0, /* psize */
ipfioctl,
NULL, /* reset */
NULL /* mmap */
};
int ipf_major = 0;
#ifdef sun4m
struct vdldrv vd =
{
VDMAGIC_PSEUDO,
IPL_VERSION,
&ipf_ops,
NULL,
&ipfdevsw,
0,
0,
NULL,
NULL,
NULL,
0,
1,
};
#else /* sun4m */
struct vdldrv vd =
{
VDMAGIC_PSEUDO, /* magic */
IPL_VERSION,
#ifdef sun4c
&ipf_ops, /* dev_ops */
#else
NULL, /* struct mb_ctlr *mb_ctlr */
NULL, /* struct mb_driver *mb_driver */
NULL, /* struct mb_device *mb_device */
0, /* num ctlrs */
1, /* numdevs */
#endif /* sun4c */
NULL, /* bdevsw */
&ipfdevsw, /* cdevsw */
0, /* block major */
0, /* char major */
};
#endif /* sun4m */
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
xxxinit(fc, vdp, data, vds)
u_int fc;
struct vddrv *vdp;
caddr_t data;
struct vdstat *vds;
{
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
switch (fc)
{
case VDLOAD:
{
struct vdconf *vdc;
if (vdi && vdi->vdi_userconf)
for (vdc = vdi->vdi_userconf; vdc->vdc_type; vdc++)
if (vdc->vdc_type == VDCCHARMAJOR) {
ipf_major = vdc->vdc_data;
break;
}
if (!ipf_major) {
while (ipf_major < nchrdev &&
cdevsw[ipf_major].d_open != vd_unuseddev)
ipf_major++;
if (ipf_major == nchrdev)
return ENODEV;
}
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
vd.Drv_charmajor = ipf_major;
return ipf_attach();
}
case VDUNLOAD:
return unload();
case VDSTAT:
return 0;
default:
return EIO;
}
}
static int
unload()
{
int err = 0, i;
char *name;
if (ipf_refcnt != 0)
err = EBUSY;
else if (ipf_running >= 0)
err = ipfdetach();
if (err)
return err;
ipf_running = -2;
for (i = 0; (name = ipf_devfiles[i]); i++)
(void) vn_remove(name, UIO_SYSSPACE, FILE);
printf("%s unloaded\n", ipfilter_version);
return 0;
}
static int
ipf_attach()
{
struct vnode *vp;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
error = ipfattach();
if (error)
return error;
for (i = 0; (name = ipf_devfiles[i]); i++) {
(void) vn_remove(name, UIO_SYSSPACE, FILE);
vattr_null(&vattr);
vattr.va_type = MFTOVT(fmode);
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
error = vn_create(name, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error) {
printf("IP Filter: vn_create(%s) = %d\n", name, error);
break;
} else {
VN_RELE(vp);
}
}
if (error == 0) {
char *defpass;
if (FR_ISPASS(ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
ipf_running = 1;
}
return error;
}
/*
* routines below for saving IP headers to buffer
*/
static int
ipfopen(dev, flags)
dev_t dev;
int flags;
{
u_int unit = GET_MINOR(dev);
int error;
if (IPL_LOGMAX < unit) {
error = ENXIO;
} else {
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
case IPL_LOGAUTH :
case IPL_LOGLOOKUP :
case IPL_LOGSYNC :
#ifdef IPFILTER_SCAN
case IPL_LOGSCAN :
#endif
error = 0;
break;
default :
error = ENXIO;
break;
}
}
return error;
}
static int
ipfclose(dev, flags)
dev_t dev;
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
static int
ipfread(dev, uio)
dev_t dev;
register struct uio *uio;
{
if (ipf_running < 1) {
ipfmain.ipf_interror = 130006;
return EIO;
}
#ifdef IPFILTER_LOG
return ipflog_read(GET_MINOR(dev), uio);
#else
ipfmain.ipf_interror = 130007;
return ENXIO;
#endif
}
/*
* ipfwrite
*/
static int
ipfwrite(dev, uio)
dev_t dev;
register struct uio *uio;
{
if (ipf_running < 1) {
ipfmain.ipf_interror = 130008;
return EIO;
}
if (getminor(dev) == IPL_LOGSYNC)
return ipfsync_write(uio);
ipfmain.ipf_interror = 130009;
return ENXIO;
}

116
contrib/ipfilter/mls_rule.c
View File

@ -1,116 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/conf.h>
#include <sys/syslog.h>
#include <sys/buf.h>
#include <sys/mbuf.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/vnode.h>
#include <sundev/mbvar.h>
#include <sun/autoconf.h>
#include <sun/vddrv.h>
#if defined(sun4c) || defined(sun4m)
# include <sun/openprom.h>
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
extern int errno;
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
int ipl_major = 0;
#ifdef sun4m
struct vdldrv vd =
{
VDMAGIC_USER,
"IP Filter rules",
NULL,
NULL,
NULL,
0,
0,
NULL,
NULL,
NULL,
0,
1,
};
#else /* sun4m */
struct vdldrv vd =
{
VDMAGIC_USER, /* magic */
"IP Filter rules",
#ifdef sun4c
NULL, /* dev_ops */
#else
NULL, /* struct mb_ctlr *mb_ctlr */
NULL, /* struct mb_driver *mb_driver */
NULL, /* struct mb_device *mb_device */
0, /* num ctlrs */
1, /* numdevs */
#endif /* sun4c */
NULL, /* bdevsw */
NULL, /* cdevsw */
0, /* block major */
0, /* char major */
};
#endif /* sun4m */
xxxinit(fc, vdp, data, vds)
u_int fc;
struct vddrv *vdp;
caddr_t data;
struct vdstat *vds;
{
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
int err;
switch (fc)
{
case VDLOAD:
err = ipfrule_add();
if (!err)
ipf_refcnt++;
break;
case VDUNLOAD:
err = ipfrule_remove();
if (!err)
ipf_refcnt--;
break;
case VDSTAT:
err = 0;
break;
default:
err = EIO;
break;
}
}

130
contrib/ipfilter/mlso_rule.c
View File

@ -1,130 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#pragma ident "@(#)$Id$"
#include <sys/systm.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/buf.h>
#include <sys/modctl.h>
#include <sys/open.h>
#include <sys/kmem.h>
#include <sys/conf.h>
#include <sys/cmn_err.h>
#include <sys/stat.h>
#include <sys/cred.h>
#include <sys/dditypes.h>
#include <sys/stream.h>
#include <sys/poll.h>
#include <sys/autoconf.h>
#include <sys/byteorder.h>
#include <sys/socket.h>
#include <sys/dlpi.h>
#include <sys/stropts.h>
#include <sys/sockio.h>
#include <net/if.h>
#if SOLARIS2 >= 6
# include <net/if_types.h>
#endif
#include <net/af.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <sys/ddi.h>
#include <sys/sunddi.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
char _depends_on[] = "drv/ipf";
extern ipf_main_softc_t ipfmain;
extern struct mod_ops mod_miscops;
static struct modlmisc ipfrulemod = {
&mod_miscops,
"IP Filter rules"
};
static struct modlinkage modlink1 = {
MODREV_1,
&ipfrulemod,
NULL
};
int _init()
{
int ipfruleinst;
ipfruleinst = mod_install(&modlink1);
#ifdef IPFRULEDEBUG
cmn_err(CE_NOTE, "IP Filter Rules: _init() = %d", ipfruleinst);
#endif
if (ipfruleinst == 0) {
if (ipfmain.ipf_running >= 0) {
ipfruleinst = ipfrule_add();
if (!ipfruleinst)
ipfmain.ipf_refcnt++;
else {
cmn_err(CE_NOTE,
"IP Filter Rules: ipfrule_add failed");
ipfruleinst = -1;
}
} else
ipfruleinst = -1;
}
if (ipfruleinst == 0)
cmn_err(CE_CONT, "IP Filter Rules: loaded\n");
return ipfruleinst;
}
int _fini(void)
{
int ipfruleinst;
ipfruleinst = mod_remove(&modlink1);
#ifdef IPFRULEDEBUG
cmn_err(CE_NOTE, "IP Filter Rules: _fini() = %d", ipfruleinst);
#endif
if (ipfruleinst == 0) {
ipfruleinst = ipfrule_remove();
if (!ipfruleinst)
ipfmain.ipf_refcnt--;
else
ipfruleinst = -1;
}
if (ipfruleinst == 0)
cmn_err(CE_CONT, "IP Filter Rules: unloaded\n");
return ipfruleinst;
}
int _info(modinfop)
struct modinfo *modinfop;
{
int ipfruleinst;
ipfruleinst = mod_info(&modlink1, modinfop);
#ifdef IPFRULEDEBUG
cmn_err(CE_NOTE, "IP Filter Rules: _info(%x) = %x",
modinfop, ipfruleinst);
#endif
return ipfruleinst;
}

9
contrib/ipfilter/tools/ipf.c
View File

@ -5,15 +5,6 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include "ipf.h"
#include <fcntl.h>
#include <ctype.h>

9
contrib/ipfilter/tools/ipfs.c
View File

@ -5,15 +5,6 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>

45
contrib/ipfilter/tools/ipfstat.c
View File

@ -5,58 +5,26 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <sys/ioctl.h>
#include <ctype.h>
#include <fcntl.h>
#ifdef linux
# include <linux/a.out.h>
#else
# include <nlist.h>
#endif
#include <ctype.h>
#if defined(sun) && (defined(__svr4__) || defined(__SVR4))
#if defined(sun) && defined(__SVR4)
# include <stddef.h>
#endif
#include "ipf.h"
#include "netinet/ipl.h"
#if defined(STATETOP)
# if defined(_BSDI_VERSION)
# undef STATETOP
# endif
# if defined(__FreeBSD__) && \
(!defined(__FreeBSD_version) || (__FreeBSD_version < 430000))
# undef STATETOP
# endif
# if defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105000000)
# undef STATETOP
# endif
# if defined(sun)
# if defined(__svr4__) || defined(__SVR4)
#if defined(STATETOP)
# if defined(sun) && defined(__SVR4)
# include <sys/select.h>
# else
# undef STATETOP /* NOT supported on SunOS4 */
# endif
# endif
#endif
#if defined(STATETOP) && !defined(linux)
# include <netinet/ip_var.h>
# include <netinet/tcp_fsm.h>
#endif
#ifdef STATETOP
# include <ctype.h>
# include <signal.h>
# include <time.h>
# if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \
defined(__sgi)
# if SOLARIS || defined(__NetBSD__)
# ifdef ERR
# undef ERR
# endif
@ -66,7 +34,7 @@
# endif /* SOLARIS */
#endif /* STATETOP */
#include "kmem.h"
#if defined(__NetBSD__) || (__OpenBSD__)
#if defined(__NetBSD__)
# include <paths.h>
#endif
@ -75,9 +43,6 @@ static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed"
static const char rcsid[] = "@(#)$Id$";
#endif
#ifdef __hpux
# define nlist nlist64
#endif
extern char *optarg;
extern int optind;

158
contrib/ipfilter/tools/ipftest.c
View File

@ -43,9 +43,6 @@ void dumprules __P((frentry_t *));
void drain_log __P((char *));
void fixv4sums __P((mb_t *, ip_t *));
#if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
defined(__osf__) || defined(linux)
int ipftestioctl __P((int, ioctlcmd_t, ...));
int ipnattestioctl __P((int, ioctlcmd_t, ...));
int ipstatetestioctl __P((int, ioctlcmd_t, ...));
@ -53,15 +50,6 @@ int ipauthtestioctl __P((int, ioctlcmd_t, ...));
int ipscantestioctl __P((int, ioctlcmd_t, ...));
int ipsynctestioctl __P((int, ioctlcmd_t, ...));
int ipooltestioctl __P((int, ioctlcmd_t, ...));
#else
int ipftestioctl __P((dev_t, ioctlcmd_t, void *));
int ipnattestioctl __P((dev_t, ioctlcmd_t, void *));
int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *));
int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *));
int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *));
int ipscantestioctl __P((dev_t, ioctlcmd_t, void *));
int ipooltestioctl __P((dev_t, ioctlcmd_t, void *));
#endif
static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl,
ipnattestioctl,
@ -292,15 +280,7 @@ main(argc,argv)
ipf_state_flush(softc, 1, 0);
if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL))
#if defined(__sgi) && (IRIX < 60500)
(*ifp->if_output)(ifp, (void *)m, NULL);
#else
# if TRU64 >= 1885
(*ifp->if_output)(ifp, (void *)m, NULL, 0, 0);
# else
(*ifp->if_output)(ifp, (void *)m, NULL, 0);
# endif
#endif
while ((m != NULL) && (m != &mb)) {
n = m->mb_next;
@ -351,9 +331,6 @@ main(argc,argv)
}
#if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
defined(__osf__) || defined(linux)
int ipftestioctl(int dev, ioctlcmd_t cmd, ...)
{
caddr_t data;
@ -513,141 +490,6 @@ int ipooltestioctl(int dev, ioctlcmd_t cmd, ...)
}
return 0;
}
#else
int ipftestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGIPF, cmd, data, FWRITE|FREAD);
if ((opts & OPT_DEBUG) || (i != 0))
fprintf(stderr, "ipfioctl(IPF,%#x,%p) = %d (%d)\n",
cmd, data, i, softc->ipf_interror);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
int ipnattestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGNAT, cmd, data, FWRITE|FREAD);
if ((opts & OPT_DEBUG) || (i != 0))
fprintf(stderr, "ipfioctl(NAT,%#x,%p) = %d\n", cmd, data, i);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
int ipstatetestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
if ((opts & OPT_DEBUG) || (i != 0))
fprintf(stderr, "ipfioctl(STATE,%#x,%p) = %d\n", cmd, data, i);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
int ipauthtestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
if ((opts & OPT_DEBUG) || (i != 0))
fprintf(stderr, "ipfioctl(AUTH,%#x,%p) = %d\n", cmd, data, i);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
int ipsynctestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
if ((opts & OPT_DEBUG) || (i != 0))
fprintf(stderr, "ipfioctl(SYNC,%#x,%p) = %d\n", cmd, data, i);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
int ipscantestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
if ((opts & OPT_DEBUG) || (i != 0))
fprintf(stderr, "ipfioctl(SCAN,%#x,%p) = %d\n", cmd, data, i);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
int ipooltestioctl(dev, cmd, data)
dev_t dev;
ioctlcmd_t cmd;
void *data;
{
int i;
dev = dev; /* gcc -Wextra */
i = ipfioctl(softc, IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
if (opts & OPT_DEBUG)
fprintf(stderr, "ipfioctl(POOL,%#x,%p) = %d (%d)\n",
cmd, data, i, softc->ipf_interror);
if (i != 0) {
errno = i;
return -1;
}
return 0;
}
#endif
int kmemcpy(addr, offset, size)

43
contrib/ipfilter/tools/ipmon.c
View File

@ -20,12 +20,7 @@ static const char rcsid[] = "@(#)$Id$";
#endif
#if defined(sun) && !defined(SOLARIS2)
#define STRERROR(x) sys_errlist[x]
extern char *sys_errlist[];
#else
#define STRERROR(x) strerror(x)
#endif
extern int optind;
extern char *optarg;
@ -116,11 +111,7 @@ char *reasons[] = {
#ifdef MENTAT
static char *pidfile = "/etc/opt/ipf/ipmon.pid";
#else
# if BSD >= 199306
static char *pidfile = "/var/run/ipmon.pid";
# else
static char *pidfile = "/etc/ipmon.pid";
# endif
#endif
static char line[2048];
@ -138,11 +129,7 @@ static char *icmpname __P((u_int, u_int));
static char *icmpname6 __P((u_int, u_int));
static icmp_type_t *find_icmptype __P((int, icmp_type_t *, size_t));
static icmp_subtype_t *find_icmpsubtype __P((int, icmp_subtype_t *, size_t));
#ifdef __hpux
static struct tm *get_tm __P((u_32_t));
#else
static struct tm *get_tm __P((time_t));
#endif
char *portlocalname __P((int, char *, u_int));
int main __P((int, char *[]));
@ -400,11 +387,6 @@ static void init_tabs()
if (protocols[0])
free(protocols[0]);
protocols[0] = strdup("ip");
#if defined(_AIX51)
if (protocols[252])
free(protocols[252]);
protocols[252] = NULL;
#endif
}
if (udp_ports != NULL) {
@ -643,11 +625,7 @@ void dumphex(log, dopts, buf, len)
static struct tm *get_tm(sec)
#ifdef __hpux
u_32_t sec;
#else
time_t sec;
#endif
{
struct tm *tm;
time_t t;
@ -1123,10 +1101,6 @@ static void print_ipflog(conf, buf, blen)
sprintf(t, "%dx ", ipl->ipl_count);
t += strlen(t);
}
#if (defined(MENTAT) || \
(defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
(defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux)
{
char ifname[sizeof(ipf->fl_ifname) + 1];
@ -1134,28 +1108,13 @@ static void print_ipflog(conf, buf, blen)
ifname[sizeof(ipf->fl_ifname)] = '\0';
sprintf(t, "%s", ifname);
t += strlen(t);
# if defined(MENTAT) || defined(linux)
# if defined(linux)
/*
* On Linux, the loopback interface is just "lo", not "lo0".
*/
if (strcmp(ifname, "lo") != 0)
# endif
# if defined(MENTAT)
if (ISALPHA(*(t - 1))) {
sprintf(t, "%d", ipf->fl_unit);
t += strlen(t);
}
# endif
}
#else
for (len = 0; len < 3; len++)
if (ipf->fl_ifname[len] == '\0')
break;
if (ipf->fl_ifname[len])
len++;
sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit);
t += strlen(t);
#endif
if ((ipf->fl_group[0] == (char)~0) && (ipf->fl_group[1] == '\0'))
strcat(t, " @-1:");
else if (ipf->fl_group[0] == '\0')

16
contrib/ipfilter/tools/ipnat.c
View File

@ -12,7 +12,7 @@
#include <fcntl.h>
#include <errno.h>
#include <sys/types.h>
#if !defined(__SVR4) && !defined(__svr4__)
#if !defined(__SVR4)
#include <strings.h>
#else
#include <sys/byteorder.h>
@ -28,7 +28,7 @@
#undef _KERNEL
#include <sys/socket.h>
#include <sys/ioctl.h>
#if defined(sun) && (defined(__svr4__) || defined(__SVR4))
#if defined(sun) && defined(__SVR4)
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
#endif
@ -42,25 +42,13 @@
#include <arpa/inet.h>
#include <resolv.h>
#include <ctype.h>
#if defined(linux)
# include <linux/a.out.h>
#else
# include <nlist.h>
#endif
#include "ipf.h"
#include "netinet/ipl.h"
#include "kmem.h"
#ifdef __hpux
# define nlist nlist64
#endif
#if defined(sun) && !SOLARIS2
# define STRERROR(x) sys_errlist[x]
extern char *sys_errlist[];
#else
# define STRERROR(x) strerror(x)
#endif
#if !defined(lint)
static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";

9
contrib/ipfilter/tools/ipnat_y.y
View File

@ -6,15 +6,6 @@
* See the IPFILTER.LICENCE file for details on licencing.
*/
%{
#ifdef __FreeBSD__
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>

6
contrib/ipfilter/tools/ippool.c
View File

@ -9,9 +9,7 @@
#include <sys/time.h>
#include <sys/param.h>
#include <sys/socket.h>
#if defined(BSD) && (BSD >= 199306)
# include <sys/cdefs.h>
#endif
#include <sys/ioctl.h>
#include <net/if.h>
@ -26,11 +24,7 @@
#include <netdb.h>
#include <ctype.h>
#include <unistd.h>
#ifdef linux
# include <linux/a.out.h>
#else
# include <nlist.h>
#endif
#include "ipf.h"
#include "netinet/ipl.h"

2
contrib/ipfilter/tools/ippool_y.y
View File

@ -10,9 +10,7 @@
#include <sys/time.h>
#include <sys/param.h>
#include <sys/socket.h>
#if defined(BSD) && (BSD >= 199306)
# include <sys/cdefs.h>
#endif
#include <sys/ioctl.h>
#include <net/if.h>

3
lib/libc/tests/stdlib/Makefile
View File

@ -2,6 +2,7 @@
.include <src.opts.mk>
ATF_TESTS_C+= dynthr_test
ATF_TESTS_C+= heapsort_test
ATF_TESTS_C+= mergesort_test
ATF_TESTS_C+= qsort_test
@ -62,4 +63,6 @@ LIBADD.${t}+= netbsd util
LIBADD.strtod_test+= m
SUBDIR+= dynthr_mod
.include <bsd.test.mk>

11
lib/libc/tests/stdlib/dynthr_mod/Makefile Normal file
View File

@ -0,0 +1,11 @@
# $FreeBSD$
SHLIB_NAME= dynthr_mod.so
SHLIBDIR= ${TESTSDIR}
SRCS= dynthr_mod.c
LIBADD= pthread
TESTSDIR:= ${TESTSBASE}/${RELDIR:C/libc\/tests/libc/:H}
.include <bsd.lib.mk>

71
lib/libc/tests/stdlib/dynthr_mod/dynthr_mod.c Normal file
View File

@ -0,0 +1,71 @@
/*
* SPDX-License-Identifier: BSD-2-Clause
*
* Copyright (C) 2019 Andrew Gierth
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* Though this file is initially distributed under the 2-clause BSD license,
* the author grants permission for its redistribution under alternative
* licenses as set forth at <https://rhodiumtoad.github.io/RELICENSE.txt>.
* This paragraph and the RELICENSE.txt file are not part of the license and
* may be omitted in redistributions.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <pthread.h>
static pthread_t thr;
static void *
mod_thread(void *ptr)
{
char *volatile dummy;
dummy = malloc(500);
return (NULL);
}
void
mod_main(int op)
{
int rc;
switch (op) {
case 1:
rc = pthread_create(&thr, NULL, mod_thread, NULL);
if (rc != 0)
_exit(1);
break;
case 0:
pthread_join(thr, NULL);
break;
}
}

93
lib/libc/tests/stdlib/dynthr_test.c Normal file
View File

@ -0,0 +1,93 @@
/*
* SPDX-License-Identifier: BSD-2-Clause
*
* Copyright (C) 2019 Andrew Gierth
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* Though this file is initially distributed under the 2-clause BSD license,
* the author grants permission for its redistribution under alternative
* licenses as set forth at <https://rhodiumtoad.github.io/RELICENSE.txt>.
* This paragraph and the RELICENSE.txt file are not part of the license and
* may be omitted in redistributions.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <dlfcn.h>
#include <atf-c.h>
typedef void (modfunc_t)(int op);
/*
* Minimal test case for PR 235158; mutual dependencies between jemalloc and
* libthr causing issues in thread creation. Specifically to this case, libthr
* uses calloc to initialize pthread mutexes, and jemalloc uses pthread mutexes.
*
* Deferred initialization provided by jemalloc proved to be fragile, causing
* issues like in the referenced PR where thread creation in a shared object
* loaded via dlopen(3) would stall unless the calling application also linked
* against pthread.
*/
ATF_TC(maintc);
ATF_TC_HEAD(maintc, tc)
{
atf_tc_set_md_var(tc, "timeout", "3");
}
ATF_TC_BODY(maintc, tc)
{
char *libpath;
modfunc_t *func;
void *mod_handle;
const char *srcdir;
dlfunc_t rawfunc;
srcdir = atf_tc_get_config_var(tc, "srcdir");
if (asprintf(&libpath, "%s/dynthr_mod.so", srcdir) < 0)
atf_tc_fail("failed to construct path to libthr");
mod_handle = dlopen(libpath, RTLD_LOCAL);
free(libpath);
if (mod_handle == NULL)
atf_tc_fail("failed to open dynthr_mod.so: %s", dlerror());
rawfunc = dlfunc(mod_handle, "mod_main");
if (rawfunc == NULL)
atf_tc_fail("failed to resolve function mod_main");
func = (modfunc_t *)rawfunc;
func(1);
func(0);
}
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, maintc);
return (atf_no_error());
}

18
lib/libsdp/sdp.h
View File

@ -586,6 +586,24 @@ void sdp_print (uint32_t level, uint8_t const *start,
#define SDP_PDU_SERVICE_UNREGISTER_REQUEST 0x82
#define SDP_PDU_SERVICE_CHANGE_REQUEST 0x83
struct sdp_audio_sink_profile
{
uint16_t psm;
uint16_t protover;
uint16_t features;
};
typedef struct sdp_audio_sink_profile sdp_audio_sink_profile_t;
typedef struct sdp_audio_sink_profile *sdp_audio_sink_profile_p;
struct sdp_audio_source_profile
{
uint16_t psm;
uint16_t protover;
uint16_t features;
};
typedef struct sdp_audio_source_profile sdp_audio_source_profile_t;
typedef struct sdp_audio_source_profile *sdp_audio_source_profile_p;
struct sdp_dun_profile
{
uint8_t server_channel;

4
lib/libthr/Makefile
View File

@ -27,7 +27,7 @@ CFLAGS+=-I${SRCTOP}/lib/libthread_db
CFLAGS+=-Winline
CFLAGS.thr_stack.c+= -Wno-cast-align
CFLAGS.malloc.c+= -Wno-cast-align
CFLAGS.rtld_malloc.c+= -Wno-cast-align
.include <bsd.compiler.mk>
.if !(${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} < 40300)
CFLAGS.thr_symbols.c+= -Wno-missing-variable-declarations
@ -58,7 +58,7 @@ PRECIOUSLIB=
.endif
.include "${.CURDIR}/sys/Makefile.inc"
.include "${.CURDIR}/thread/Makefile.inc"
SRCS+= malloc.c
SRCS+= rtld_malloc.c
.if ${MK_INSTALLLIB} != "no"
SYMLINKS+=lib${LIB}.a ${LIBDIR}/libpthread.a

9
lib/msun/Makefile
View File

@ -108,6 +108,15 @@ COMMON_SRCS+= catrigl.c \
s_nextafterl.c s_nexttoward.c s_remquol.c s_rintl.c s_roundl.c \
s_scalbnl.c s_sinl.c s_sincosl.c \
s_tanhl.c s_tanl.c s_truncl.c w_cabsl.c
# Work around this warning from gcc 6:
# lib/msun/ld80/e_powl.c:275:1: error: floating constant exceeds range of
# 'long double' [-Werror=overflow]
# if( y >= LDBL_MAX )
# See also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=130067
.include <bsd.compiler.mk>
.if ${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 60000
CFLAGS.e_powl.c+= -Wno-error=overflow
.endif
.endif
# C99 complex functions

14
libexec/rtld-elf/Makefile
View File

@ -14,9 +14,17 @@ PROG?= ld-elf.so.1
.if (${PROG:M*ld-elf32*} != "")
TAGS+= lib32
.endif
SRCS= rtld_start.S \
reloc.c rtld.c rtld_lock.c rtld_printf.c map_object.c \
malloc.c xmalloc.c debug.c libmap.c
SRCS= \
rtld_start.S \
reloc.c \
rtld.c \
rtld_lock.c \
rtld_malloc.c \
rtld_printf.c \
map_object.c \
xmalloc.c \
debug.c \
libmap.c
MAN= rtld.1
CSTD?= gnu99
CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD -ffreestanding

4
libexec/rtld-elf/i386/reloc.c
View File

@ -146,6 +146,10 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry *obj_rtld, int flags,
} else
cache = NULL;
/* Appease some compilers. */
symval = 0;
def = NULL;
rellim = (const Elf_Rel *)((const char *)obj->rel + obj->relsize);
for (rel = obj->rel; rel < rellim; rel++) {
switch (ELF_R_TYPE(rel->r_info)) {

0
libexec/rtld-elf/malloc.c → libexec/rtld-elf/rtld_malloc.c
View File

1
sbin/Makefile
View File

@ -52,6 +52,7 @@ SUBDIR=adjkerntz \
newfs_msdos \
nfsiod \
nos-tun \
pfilctl \
ping \
rcorder \
reboot \

45
sbin/ifconfig/ifieee80211.c
View File

@ -4301,7 +4301,10 @@ list_roam(int s)
rp = &roamparams.params[mode];
if (rp->rssi == 0 && rp->rate == 0)
continue;
if (mode == IEEE80211_MODE_11NA || mode == IEEE80211_MODE_11NG) {
if (mode == IEEE80211_MODE_11NA ||
mode == IEEE80211_MODE_11NG ||
mode == IEEE80211_MODE_VHT_2GHZ ||
mode == IEEE80211_MODE_VHT_5GHZ) {
if (rp->rssi & 1)
LINE_CHECK("roam:%-7.7s rssi %2u.5dBm MCS %2u ",
modename[mode], rp->rssi/2,
@ -4321,6 +4324,21 @@ list_roam(int s)
}
}
/* XXX TODO: rate-to-string method... */
static const char*
get_mcs_mbs_rate_str(uint8_t rate)
{
return (rate & IEEE80211_RATE_MCS) ? "MCS " : "Mb/s";
}
static uint8_t
get_rate_value(uint8_t rate)
{
if (rate & IEEE80211_RATE_MCS)
return (rate &~ IEEE80211_RATE_MCS);
return (rate / 2);
}
static void
list_txparams(int s)
{
@ -4332,21 +4350,28 @@ list_txparams(int s)
tp = &txparams.params[mode];
if (tp->mgmtrate == 0 && tp->mcastrate == 0)
continue;
if (mode == IEEE80211_MODE_11NA || mode == IEEE80211_MODE_11NG) {
if (mode == IEEE80211_MODE_11NA ||
mode == IEEE80211_MODE_11NG ||
mode == IEEE80211_MODE_VHT_2GHZ ||
mode == IEEE80211_MODE_VHT_5GHZ) {
if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
LINE_CHECK("%-7.7s ucast NONE mgmt %2u MCS "
"mcast %2u MCS maxretry %u",
LINE_CHECK("%-7.7s ucast NONE mgmt %2u %s "
"mcast %2u %s maxretry %u",
modename[mode],
tp->mgmtrate &~ IEEE80211_RATE_MCS,
tp->mcastrate &~ IEEE80211_RATE_MCS,
get_rate_value(tp->mgmtrate),
get_mcs_mbs_rate_str(tp->mgmtrate),
get_rate_value(tp->mcastrate),
get_mcs_mbs_rate_str(tp->mcastrate),
tp->maxretry);
else
LINE_CHECK("%-7.7s ucast %2u MCS mgmt %2u MCS "
"mcast %2u MCS maxretry %u",
LINE_CHECK("%-7.7s ucast %2u MCS mgmt %2u %s "
"mcast %2u %s maxretry %u",
modename[mode],
tp->ucastrate &~ IEEE80211_RATE_MCS,
tp->mgmtrate &~ IEEE80211_RATE_MCS,
tp->mcastrate &~ IEEE80211_RATE_MCS,
get_rate_value(tp->mgmtrate),
get_mcs_mbs_rate_str(tp->mgmtrate),
get_rate_value(tp->mcastrate),
get_mcs_mbs_rate_str(tp->mcastrate),
tp->maxretry);
} else {
if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)

9
sbin/pfilctl/Makefile Normal file
View File

@ -0,0 +1,9 @@
# $FreeBSD$
PROG= pfilctl
SRCS= pfilctl.c
WARNS?= 6
MAN= pfilctl.8
.include <bsd.prog.mk>

117
sbin/pfilctl/pfilctl.8 Normal file
View File

@ -0,0 +1,117 @@
.\" Copyright (c) 2019 Gleb Smirnoff <glebius@FreeBSD.org>
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd January 28, 2019
.Dt PFILCTL 8
.Os
.Sh NAME
.Nm pfilctl
.Nd pfil(9) control utility
.Sh SYNOPSIS
.Nm
.Cm heads
.Nm
.Cm hooks
.Nm
.Cm link
.Aq Fl i | Fl o
.Op Fl a
.Ar hook Ar head
.Nm
.Cm unlink
.Aq Fl i | Fl o
.Ar hook Ar head
.Sh DESCRIPTION
The
.Nm
utility is intended to view and change configuration of the
.Xr pfil 9
packet filtering hooks and filters on them.
.Sh COMMANDS
.Bl -tag -width "unlink"
.It Cm heads
List available packet filtering points.
.It Cm hooks
List available packet filters.
.It Xo
.Cm link
.Aq Fl i | Fl o
.Op Fl a
.Ar hook Ar head
.Xc
Link
.Ar hook
to
.Ar head .
With the
.Fl i
flag the hook will be connected as input and with
.Fl o
as output hook.
At least one of
.Fl i
or
.Fl o
is required.
By default
.Nm
will prepend the hook in front of other hooks if any present:
new hook will be as close to the wire as possible, so that on input
it will be the first filter and on output it will be the last.
Adding the
.Fl a
flag switches to appending new hook instead of prepending.
.It Xo
.Cm unlink
.Aq Fl i | Fl o
.Ar hook Ar head
.Xc
Unlink
.Ar hook
on
.Ar head .
At least one of
.Fl i
or
.Fl o
is required.
With the
.Fl i
flag the hook will be removed from the input list of hooks
and with
.Fl o
on output list.
.El
.Sh SEE ALSO
.Xr ipfilter 4 ,
.Xr ipfw 4 ,
.Xr pf 4 ,
.Xr pfil 9
.Sh AUTHORS
.An -nosplit
The
.Nm
utility was written by
.An Gleb Smirnoff Aq Mt glebius@FreeBSD.org .

229
sbin/pfilctl/pfilctl.c Normal file
View File

@ -0,0 +1,229 @@
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2019 Gleb Smirnoff <glebius@FreeBSD.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <net/pfil.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
static int dev;
static const char * const typenames[] = {
[PFIL_TYPE_IP4] = "IPv4",
[PFIL_TYPE_IP6] = "IPv6",
[PFIL_TYPE_ETHERNET] = "Ethernet",
};
static void listheads(int argc, char *argv[]);
static void listhooks(int argc, char *argv[]);
static void hook(int argc, char *argv[]);
static void help(void);
static const struct cmd {
const char *cmd_name;
void (*cmd_func)(int argc, char *argv[]);
} cmds[] = {
{ "heads", listheads },
{ "hooks", listhooks },
{ "link", hook },
{ "unlink", hook },
{ NULL, NULL },
};
int
main(int argc __unused, char *argv[] __unused)
{
int cmd = -1;
if (--argc == 0)
help();
argv++;
for (int i = 0; cmds[i].cmd_name != NULL; i++)
if (!strncmp(argv[0], cmds[i].cmd_name, strlen(argv[0]))) {
if (cmd != -1)
errx(1, "ambiguous command: %s", argv[0]);
cmd = i;
}
if (cmd == -1)
errx(1, "unknown command: %s", argv[0]);
dev = open("/dev/" PFILDEV, O_RDWR);
if (dev == -1)
err(1, "open(%s)", "/dev/" PFILDEV);
(*cmds[cmd].cmd_func)(argc, argv);
return (0);
}
static void
help(void)
{
fprintf(stderr, "usage: %s (heads|hooks|link|unlink)\n", getprogname());
exit(0);
}
static void
listheads(int argc __unused, char *argv[] __unused)
{
struct pfilioc_list plh;
u_int nheads, nhooks, i;
int j, h;
plh.pio_nheads = 0;
plh.pio_nhooks = 0;
if (ioctl(dev, PFILIOC_LISTHEADS, &plh) != 0)
err(1, "ioctl(PFILIOC_LISTHEADS)");
retry:
plh.pio_heads = calloc(plh.pio_nheads, sizeof(struct pfilioc_head));
if (plh.pio_heads == NULL)
err(1, "malloc");
plh.pio_hooks = calloc(plh.pio_nhooks, sizeof(struct pfilioc_hook));
if (plh.pio_hooks == NULL)
err(1, "malloc");
nheads = plh.pio_nheads;
nhooks = plh.pio_nhooks;
if (ioctl(dev, PFILIOC_LISTHEADS, &plh) != 0)
err(1, "ioctl(PFILIOC_LISTHEADS)");
if (plh.pio_nheads > nheads || plh.pio_nhooks > nhooks) {
free(plh.pio_heads);
free(plh.pio_hooks);
goto retry;
}
#define FMTHD "%16s %8s\n"
#define FMTHK "%29s %16s %16s\n"
printf(FMTHD, "Intercept point", "Type");
for (i = 0, h = 0; i < plh.pio_nheads; i++) {
printf(FMTHD, plh.pio_heads[i].pio_name,
typenames[plh.pio_heads[i].pio_type]);
for (j = 0; j < plh.pio_heads[i].pio_nhooksin; j++, h++)
printf(FMTHK, "In", plh.pio_hooks[h].pio_module,
plh.pio_hooks[h].pio_ruleset);
for (j = 0; j < plh.pio_heads[i].pio_nhooksout; j++, h++)
printf(FMTHK, "Out", plh.pio_hooks[h].pio_module,
plh.pio_hooks[h].pio_ruleset);
}
}
static void
listhooks(int argc __unused, char *argv[] __unused)
{
struct pfilioc_list plh;
u_int nhooks, i;
plh.pio_nhooks = 0;
if (ioctl(dev, PFILIOC_LISTHEADS, &plh) != 0)
err(1, "ioctl(PFILIOC_LISTHEADS)");
retry:
plh.pio_hooks = calloc(plh.pio_nhooks, sizeof(struct pfilioc_hook));
if (plh.pio_hooks == NULL)
err(1, "malloc");
nhooks = plh.pio_nhooks;
if (ioctl(dev, PFILIOC_LISTHOOKS, &plh) != 0)
err(1, "ioctl(PFILIOC_LISTHOOKS)");
if (plh.pio_nhooks > nhooks) {
free(plh.pio_hooks);
goto retry;
}
printf("Available hooks:\n");
for (i = 0; i < plh.pio_nhooks; i++) {
printf("\t%s:%s %s\n", plh.pio_hooks[i].pio_module,
plh.pio_hooks[i].pio_ruleset,
typenames[plh.pio_hooks[i].pio_type]);
}
}
static void
hook(int argc, char *argv[])
{
struct pfilioc_link req;
int c;
char *ruleset;
if (argv[0][0] == 'u')
req.pio_flags = PFIL_UNLINK;
else
req.pio_flags = 0;
while ((c = getopt(argc, argv, "ioa")) != -1)
switch (c) {
case 'i':
req.pio_flags |= PFIL_IN;
break;
case 'o':
req.pio_flags |= PFIL_OUT;
break;
case 'a':
req.pio_flags |= PFIL_APPEND;
break;
default:
help();
}
if (!PFIL_DIR(req.pio_flags))
help();
argc -= optind;
argv += optind;
if (argc != 2)
help();
/* link mod:ruleset head */
if ((ruleset = strchr(argv[0], ':')) == NULL)
help();
*ruleset = '\0';
ruleset++;
strlcpy(req.pio_name, argv[1], sizeof(req.pio_name));
strlcpy(req.pio_module, argv[0], sizeof(req.pio_module));
strlcpy(req.pio_ruleset, ruleset, sizeof(req.pio_ruleset));
if (ioctl(dev, PFILIOC_LINK, &req) != 0)
err(1, "ioctl(PFILIOC_LINK)");
}

3
share/man/man4/bnxt.4
View File

@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd September 20, 2018
.Dd January 30, 2019
.Dt BNXT 4
.Os
.Sh NAME
@ -36,6 +36,7 @@ To compile this driver into the kernel,
place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device iflib"
.Cd "device bnxt"
.Ed
.Pp

5
share/man/man4/em.4
View File

@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd September 20, 2018
.Dd January 30, 2019
.Dt EM 4
.Os
.Sh NAME
@ -39,9 +39,10 @@
.Nd "Intel(R) PRO/1000 Gigabit Ethernet adapter driver"
.Sh SYNOPSIS
To compile this driver into the kernel,
place the following line in your
place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device iflib"
.Cd "device em"
.Ed
.Pp

3
share/man/man4/iavf.4
View File

@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd October 5, 2018
.Dd January 30, 2019
.Dt IAVF 4
.Os
.Sh NAME
@ -41,6 +41,7 @@
To compile this driver into the kernel, place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device iflib"
.Cd "device iavf"
.Ed
.Pp

1
share/man/man4/imcsmb.4
View File

@ -2,7 +2,6 @@
.\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD
.\"
.\" Copyright (c) 2018 Panasas
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions

5
share/man/man4/ixgbe.4
View File

@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 19, 2010
.Dd January 30, 2019
.Dt IXGBE 4
.Os
.Sh NAME
@ -39,9 +39,10 @@
.Nd "Intel(R) 10Gb Ethernet driver for the FreeBSD operating system"
.Sh SYNOPSIS
To compile this driver into the kernel,
place the following line in your
place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device iflib"
.Cd "device ixgbe"
.Ed
.Pp

3
share/man/man4/ixl.4
View File

@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd October 5, 2018
.Dd January 30, 2019
.Dt IXL 4
.Os
.Sh NAME
@ -41,6 +41,7 @@
To compile this driver into the kernel, place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device iflib"
.Cd "device ixl"
.Ed
.Pp

1
share/man/man4/jedec_dimm.4
View File

@ -3,7 +3,6 @@
.\"
.\" Copyright (c) 2016 Andriy Gapon <avg@FreeBSD.org>
.\" Copyright (c) 2018 Ravi Pokala <rpokala@freebsd.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions

5
share/man/man4/vmx.4
View File

@ -17,7 +17,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd March 17, 2014
.Dd January 30, 2019
.Dt VMX 4
.Os
.Sh NAME
@ -25,9 +25,10 @@
.Nd VMware VMXNET3 Virtual Interface Controller device
.Sh SYNOPSIS
To compile this driver into the kernel,
place the following line in your
place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device iflib"
.Cd "device vmx"
.Ed
.Pp

37
share/man/man5/src.conf.5
View File

@ -1,6 +1,6 @@
.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
.\" $FreeBSD$
.Dd December 15, 2018
.Dd January 31, 2019
.Dt SRC.CONF 5
.Os
.Sh NAME
@ -335,6 +335,8 @@ When set, it enforces these options:
.It
.Va WITHOUT_CTF
.It
.Va WITHOUT_LOADER_ZFS
.It
.Va WITHOUT_ZFS
.El
.It Va WITHOUT_CLANG
@ -1045,12 +1047,12 @@ amd64/amd64, arm/armv7, arm64/aarch64 and i386/i386.
Set to use GNU binutils ld as the system linker, instead of LLVM's LLD.
.Pp
This is a default setting on
arm/arm, arm/armv6, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpcspe, riscv/riscv64 and sparc64/sparc64.
arm/arm, arm/armv6, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpcspe, riscv/riscv64 and sparc64/sparc64.
.It Va WITH_LLD_IS_LD
Set to use LLVM's LLD as the system linker, instead of GNU binutils ld.
.Pp
This is a default setting on
amd64/amd64, arm/armv7 and arm64/aarch64.
amd64/amd64, arm/armv7, arm64/aarch64 and i386/i386.
.It Va WITHOUT_LLVM_COV
Set to not build the
.Xr llvm-cov 1
@ -1082,7 +1084,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
riscv/riscv64 and sparc64/sparc64.
arm/arm, arm/armv6, riscv/riscv64 and sparc64/sparc64.
.It Va WITH_LLVM_TARGET_AARCH64
Set to build LLVM target support for AArch64.
The
@ -1090,7 +1092,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
amd64/amd64, arm/arm, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
.It Va WITHOUT_LLVM_TARGET_ALL
Set to only build the required LLVM target support.
This option is preferred to specific target support options.
@ -1156,7 +1158,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
riscv/riscv64 and sparc64/sparc64.
arm/arm, arm/armv6, riscv/riscv64 and sparc64/sparc64.
.It Va WITH_LLVM_TARGET_MIPS
Set to build LLVM target support for MIPS.
The
@ -1164,7 +1166,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
amd64/amd64, arm/arm, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
.It Va WITHOUT_LLVM_TARGET_POWERPC
Set to not build LLVM target support for PowerPC.
The
@ -1172,7 +1174,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
riscv/riscv64 and sparc64/sparc64.
arm/arm, arm/armv6, riscv/riscv64 and sparc64/sparc64.
.It Va WITH_LLVM_TARGET_POWERPC
Set to build LLVM target support for PowerPC.
The
@ -1180,7 +1182,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
amd64/amd64, arm/arm, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
.It Va WITHOUT_LLVM_TARGET_SPARC
Set to not build LLVM target support for SPARC.
The
@ -1188,7 +1190,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
riscv/riscv64 and sparc64/sparc64.
arm/arm, arm/armv6, riscv/riscv64 and sparc64/sparc64.
.It Va WITH_LLVM_TARGET_SPARC
Set to build LLVM target support for SPARC.
The
@ -1196,7 +1198,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
amd64/amd64, arm/arm, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
.It Va WITHOUT_LLVM_TARGET_X86
Set to not build LLVM target support for X86.
The
@ -1204,7 +1206,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
riscv/riscv64 and sparc64/sparc64.
arm/arm, arm/armv6, riscv/riscv64 and sparc64/sparc64.
.It Va WITH_LLVM_TARGET_X86
Set to build LLVM target support for X86.
The
@ -1212,7 +1214,7 @@ The
option should be used rather than this in most cases.
.Pp
This is a default setting on
amd64/amd64, arm/arm, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
.It Va WITH_LOADER_FIREWIRE
Enable firewire support in /boot/loader on x86. This option is a nop
on all other platforms.
@ -1259,6 +1261,13 @@ Set to build ubldr.
.Pp
This is a default setting on
arm/arm, arm/armv6, arm/armv7, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
.It Va WITH_LOADER_VERBOSE
Set to build with extra verbose debugging in the loader.
May explode already nearly too large loader over the limit.
Use with care.
.It Va WITHOUT_LOADER_ZFS
Set to not build ZFS file system boot loader support.
.It Va WITHOUT_LOCALES
Set to not build localization files; see
.Xr locale 1 .
@ -1890,7 +1899,7 @@ without support for the IEEE 802.1X protocol and without
support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS
protocols (usable only via 802.1X).
.It Va WITHOUT_ZFS
Set to not build ZFS file system.
Set to not build ZFS file system kernel module, libraries, and user commands.
.It Va WITHOUT_ZONEINFO
Set to not build the timezone database.
When set, it enforces these options:

6
share/man/man9/Makefile
View File

@ -1635,13 +1635,9 @@ MLINKS+=pci_iov_schema.9 pci_iov_schema_alloc_node.9 \
MLINKS+=pfil.9 pfil_add_hook.9 \
pfil.9 pfil_head_register.9 \
pfil.9 pfil_head_unregister.9 \
pfil.9 pfil_hook_get.9 \
pfil.9 pfil_remove_hook.9 \
pfil.9 pfil_rlock.9 \
pfil.9 pfil_run_hooks.9 \
pfil.9 pfil_runlock.9 \
pfil.9 pfil_wlock.9 \
pfil.9 pfil_wunlock.9
pfil.9 pfil_link.9
MLINKS+=pfind.9 zpfind.9
MLINKS+=PHOLD.9 PRELE.9 \
PHOLD.9 _PHOLD.9 \

293
share/man/man9/pfil.9
View File

@ -1,5 +1,6 @@
.\" $NetBSD: pfil.9,v 1.22 2003/07/01 13:04:06 wiz Exp $
.\"
.\" Copyright (c) 2019 Gleb Smirnoff <glebius@FreeBSD.org>
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
.\"
@ -28,194 +29,127 @@
.\"
.\" $FreeBSD$
.\"
.Dd March 10, 2018
.Dd January 28, 2019
.Dt PFIL 9
.Os
.Sh NAME
.Nm pfil ,
.Nm pfil_head_register ,
.Nm pfil_head_unregister ,
.Nm pfil_head_get ,
.Nm pfil_add_hook ,
.Nm pfil_add_hook_flags ,
.Nm pfil_remove_hook ,
.Nm pfil_remove_hook_flags ,
.Nm pfil_run_hooks ,
.Nm pfil_rlock ,
.Nm pfil_runlock ,
.Nm pfil_wlock ,
.Nm pfil_wunlock
.Nm pfil_link ,
.Nm pfil_run_hooks
.Nd packet filter interface
.Sh SYNOPSIS
.In sys/param.h
.In sys/mbuf.h
.In net/if.h
.In net/pfil.h
.Bd -literal
typedef int (*pfil_func_t)(void *arg, struct mbuf **mp, struct ifnet *, int dir, struct inpcb);
.Bd -literal
typedef int (*pfil_func_flags_t)(void *arg, struct mbuf **mp, struct ifnet *, int dir, int flags, struct inpcb);
.Ft int
.Fn pfil_head_register "struct pfil_head *head"
.Ft int
.Fn pfil_head_unregister "struct pfil_head *head"
.Ft "struct pfil_head *"
.Fn pfil_head_get "int af" "u_long dlt"
.Ft int
.Fn pfil_add_hook "pfil_func_t" "void *arg" "struct pfil_head *"
.Ft int
.Fn pfil_add_hook_flags "pfil_func_flags_t" "void *arg" "int flags" "struct pfil_head *"
.Ft int
.Fn pfil_remove_hook "pfil_func_t" "void *arg" "struct pfil_head *"
.Ft int
.Fn pfil_remove_hook_flags "pfil_func_flags_t" "void *arg" "int flags" "struct pfil_head *"
.Ft int
.Fn pfil_run_hooks "struct pfil_head *head" "struct mbuf **mp" "struct ifnet *" "int dir" "int flags" "struct inpcb *"
.Ft pfil_head_t
.Fn pfil_head_register "struct pfil_head_args *args"
.Ft void
.Fn pfil_rlock "struct pfil_head *" "struct rm_priotracker *"
.Fn pfil_head_unregister "struct pfil_head_t *head"
.Ft pfil_hook_t
.Fn pfil_add_hook "struct pfil_hook_args *"
.Ft void
.Fn pfil_runlock "struct pfil_head *" "struct rm_priotracker *"
.Ft void
.Fn pfil_wlock "struct pfil_head *"
.Ft void
.Fn pfil_wunlock "struct pfil_head *"
.Ed
.Fn pfil_remove_hook "pfil_hook_t"
.Ft int
.Fn pfil_link "struct pfil_link_args *args"
.Ft int
.Fn pfil_run_hooks "phil_head_t *" "pfil_packet_t" "struct ifnet *" "int" "struct inpcb *"
.Sh DESCRIPTION
The
.Nm
framework allows for a specified function to be invoked for every
incoming or outgoing packet for a particular network I/O stream.
framework allows for a specified function or a list of functions
to be invoked for every incoming or outgoing packet for a particular
network I/O stream.
These hooks may be used to implement a firewall or perform packet
transformations.
.Pp
Packet filtering points are registered with
Packet filtering points, for historical reasons named
.Em heads ,
are registered with
.Fn pfil_head_register .
Filtering points are identified by a key
.Pq Vt "void *"
and a data link type
.Pq Vt int
in the
.Vt pfil_head
structure.
Packet filters use the key and data link type to look up the filtering
point with which they register themselves.
The key is unique to the filtering point.
The data link type is a
.Xr bpf 4
DLT constant indicating what kind of header is present on the packet
at the filtering point.
Each filtering point uses common per-VNET rmlock by default.
This can be changed by specifying
.Vt PFIL_FLAG_PRIVATE_LOCK
as
.Vt "flags"
field in the
.Vt pfil_head
structure.
Note that specifying private lock can break filters sharing the same
ruleset and/or state between different data link types.
Filtering points may be unregistered with the
.Fn pfil_head_unregister
function.
The function is supplied with special versioned
.Vt struct pfil_head_args
structure that specifies type and features of the head as well as
human readable name.
If the filtering point to be ever destroyed, the subsystem that
created it must unregister it with call to
.Fn pfil_head_unregister .
.Pp
Packet filters register/unregister themselves with a filtering point
with the
Packet filtering systems may register arbitrary number of filters,
for historical reasons named
.Em hooks .
To register a new hook
.Fn pfil_add_hook
and
with special versioned
.Vt struct pfil_hook_args
structure is called.
The structure specifies type and features of the hook, pointer to
the actual filtering function and user readable name of the filtering
module and ruleset name.
Later hooks can be removed with
.Fn pfil_remove_hook
functions, respectively.
.I
The head is looked up using the
.Fn pfil_head_get
function, which takes the key and data link type that the packet filter
expects.
Filters may provide an argument to be passed to the filter when
invoked on a packet.
.Pp
When a filter is invoked, the packet appears just as if it
.Dq came off the wire .
That is, all protocol fields are in network byte order.
The filter is called with its specified argument, the pointer to the
pointer to the
.Vt mbuf
containing the packet, the pointer to the network
interface that the packet is traversing, and the direction
.Dv ( PFIL_IN
or
.Dv PFIL_OUT )
that the packet is traveling.
The
.Vt flags
argument will indicate if an outgoing packet is simply being forwarded with the
value PFIL_FWD.
The filter may change which mbuf the
.Vt "mbuf\ **"
argument references.
The filter returns an error (errno) if the packet processing is to stop, or 0
if the processing is to continue.
If the packet processing is to stop, it is the responsibility of the
filter to free the packet.
.Pp
Every filter hook is called with
.Nm
read lock held.
All heads uses the same lock within the same VNET instance.
Packet filter can use this lock instead of own locking model to
improve performance.
Since
.Nm
uses
.Xr rmlock 9
.Fn pfil_rlock
and
.Fn pfil_runlock
require
.Va struct rm_priotracker
to be passed as argument.
Filter can acquire and release writer lock via
.Fn pfil_wlock
and
.Fn pfil_wunlock
functions.
See
.Xr rmlock 9
for more details.
.Sh FILTERING POINTS
Currently, filtering points are implemented for the following link types:
.Pp
.Bl -tag -width "AF_INET6" -offset XXX -compact
.It AF_INET
To connect existing
.Em hook
to an existing
.Em head
function
.Fn pfil_link
shall be used.
The function is supplied with versioned
.Vt struct pfil_link_args
structure that specifies either literal names of hook and head or
pointers to them.
Typically
.Fn pfil_link
is called by filtering modules to autoregister their default ruleset
and default filtering points.
It also serves on the kernel side of
.Xr ioctl 2
when user changes
.Nm
configuration with help of
.Xr pfilctl 8
utility.
.Pp
For every packet traveling through a
.Em head
the latter shall invoke
.Fn pfil_run_hooks .
The function can accept either
.Vt struct mbuf *
pointer or a
.Vt void *
pointer and length.
In case if a hooked filtering module cannot understand
.Vt void *
pointer
.Nm
will provide it with a fake one.
All calls to
.Fn pfil_run_hooks
are performed in network
.Xr epoch 9 .
.Sh HEADS (filtering points)
By default kernel creates the following heads:
.Bl -tag -width "ethernet"
.It inet
IPv4 packets.
.It AF_INET6
.It inet6
IPv6 packets.
.It AF_LINK
.It ethernet
Link-layer packets.
.El
.Sh RETURN VALUES
If successful,
.Fn pfil_head_get
returns the
.Vt pfil_head
structure for the given key/dlt.
The
.Fn pfil_add_hook
and
.Fn pfil_remove_hook
functions
return 0 if successful.
If called with flag
.Dv PFIL_WAITOK ,
.Fn pfil_remove_hook
is expected to always succeed.
.Pp
The
.Fn pfil_head_unregister
function
might sleep!
Default rulesets are automatically linked to these heads to preserve
historical behavavior.
.Sh SEE ALSO
.Xr bpf 4 ,
.Xr if_bridge 4 ,
.Xr rmlock 9
.Xr ipfilter 4 ,
.Xr ipfw 4 ,
.Xr pf 4 ,
.Xr pfilctl 8
.Sh HISTORY
The
.Nm
@ -223,45 +157,8 @@ interface first appeared in
.Nx 1.3 .
The
.Nm
input and output lists were originally implemented as
.In sys/queue.h
.Dv LIST
structures;
however this was changed in
.Nx 1.4
to
.Dv TAILQ
structures.
This change was to allow the input and output filters to be processed in
reverse order, to allow the same path to be taken, in or out of the kernel.
.Pp
The
.Nm
interface was changed in 1.4T to accept a 3rd parameter to both
.Fn pfil_add_hook
and
.Fn pfil_remove_hook ,
introducing the capability of per-protocol filtering.
This was done primarily in order to support filtering of IPv6.
.Pp
In 1.5K, the
.Nm
framework was changed to work with an arbitrary number of filtering points,
as well as be less IP-centric.
.Pp
Fine-grained locking was added in
interface was imported into
.Fx 5.2 .
.Nm
lock export was added in
.Fx 10.0 .
.Sh BUGS
When a
.Vt pfil_head
is being modified, no traffic is diverted
(to avoid deadlock).
This means that traffic may be dropped unconditionally for a short period
of time.
.Fn pfil_run_hooks
will return
.Er ENOBUFS
to indicate this.
In
.Fx 13.0
the interface was significantly rewritten.

6
share/mk/src.opts.mk
View File

@ -321,11 +321,9 @@ __DEFAULT_YES_OPTIONS+=LLVM_LIBUNWIND
.else
__DEFAULT_NO_OPTIONS+=LLVM_LIBUNWIND
.endif
.if ${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "armv7"
.if ${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "armv7" || \
${__T} == "i386"
__DEFAULT_YES_OPTIONS+=LLD_BOOTSTRAP LLD_IS_LD
.elif ${__T} == "i386"
__DEFAULT_YES_OPTIONS+=LLD_BOOTSTRAP
__DEFAULT_NO_OPTIONS+=LLD_IS_LD
.else
__DEFAULT_NO_OPTIONS+=LLD_BOOTSTRAP LLD_IS_LD
.endif

13
sys/amd64/conf/GENERIC
View File

@ -234,14 +234,18 @@ device ppi # Parallel port interface device
device puc # Multi I/O cards and multi-channel UARTs
# PCI Ethernet NICs.
device bxe # Broadcom NetXtreme II BCM5771X/BCM578XX 10GbE
device de # DEC/Intel DC21x4x (``Tulip'')
# PCI/PCI-X/PCIe Ethernet NICs that use iflib infrastructure
device iflib
device em # Intel PRO/1000 Gigabit Ethernet Family
device ix # Intel PRO/10GbE PCIE PF Ethernet
device ixv # Intel PRO/10GbE PCIE VF Ethernet
device ixl # Intel 700 Series Physical Function
device iavf # Intel Adaptive Virtual Function
device vmx # VMware VMXNET3 Ethernet
# PCI Ethernet NICs.
device bxe # Broadcom NetXtreme II BCM5771X/BCM578XX 10GbE
device de # DEC/Intel DC21x4x (``Tulip'')
device le # AMD Am7900 LANCE and Am79C9xx PCnet
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device txp # 3Com 3cR990 (``Typhoon'')
@ -369,9 +373,6 @@ device hyperv # HyperV drivers
options XENHVM # Xen HVM kernel infrastructure
device xenpci # Xen HVM Hypervisor services driver
# VMware support
device vmx # VMware VMXNET3 Ethernet
# Netmap provides direct access to TX/RX rings on supported NICs
device netmap # netmap(4) support

7
sys/arm64/conf/GENERIC
View File

@ -145,14 +145,17 @@ device al_pci # Annapurna Alpine PCI-E
options PCI_HP # PCI-Express native HotPlug
options PCI_IOV # PCI SR-IOV support
# PCI/PCI-X/PCIe Ethernet NICs that use iflib infrastructure
device iflib
device em # Intel PRO/1000 Gigabit Ethernet Family
device ix # Intel 10Gb Ethernet Family
# Ethernet NICs
device mdio
device mii
device miibus # MII bus support
device awg # Allwinner EMAC Gigabit Ethernet
device axgbe # AMD Opteron A1100 integrated NIC
device em # Intel PRO/1000 Gigabit Ethernet Family
device ix # Intel 10Gb Ethernet Family
device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet
device neta # Marvell Armada 370/38x/XP/3700 NIC
device smc # SMSC LAN91C111

6
sys/cam/scsi/scsi_da.c
View File

@ -3314,14 +3314,12 @@ dastart(struct cam_periph *periph, union ccb *start_ccb)
/*
* BIO_FLUSH doesn't currently communicate
* range data, so we synchronize the cache
* over the whole disk. We also force
* ordered tag semantics the flush applies
* to all previously queued I/O.
* over the whole disk.
*/
scsi_synchronize_cache(&start_ccb->csio,
/*retries*/1,
/*cbfcnp*/dadone,
MSG_ORDERED_Q_TAG,
/*tag_action*/tag_code,
/*begin_lba*/0,
/*lb_count*/0,
SSD_FULL_SIZE,

1
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
View File

@ -1097,7 +1097,6 @@ vdev_geom_io_start(zio_t *zio)
break;
case ZIO_TYPE_IOCTL:
bp->bio_cmd = BIO_FLUSH;
bp->bio_flags |= BIO_ORDERED;
bp->bio_data = NULL;
bp->bio_offset = cp->provider->mediasize;
bp->bio_length = 0;

2
sys/compat/ndis/ndis_var.h
View File

@ -1736,8 +1736,6 @@ extern int ndis_get_supported_oids(void *, ndis_oid **, int *);
extern int ndis_send_packets(void *, ndis_packet **, int);
extern int ndis_send_packet(void *, ndis_packet *);
extern int ndis_convert_res(void *);
extern int ndis_alloc_amem(void *);
extern void ndis_free_amem(void *);
extern void ndis_free_packet(ndis_packet *);
extern void ndis_free_bufs(ndis_buffer *);
extern int ndis_reset_nic(void *);

9
sys/conf/NOTES
View File

@ -2092,15 +2092,18 @@ device vte # DM&P Vortex86 RDC R6040 Fast Ethernet
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# PCI/PCI-X/PCIe Ethernet NICs that use iflib infrastructure
device iflib
device em # Intel Pro/1000 Gigabit Ethernet
device ix # Intel Pro/10Gbe PCIE Ethernet
device ixv # Intel Pro/10Gbe PCIE Ethernet VF
# PCI Ethernet NICs.
device cxgb # Chelsio T3 10 Gigabit Ethernet
device cxgb_t3fw # Chelsio T3 10 Gigabit Ethernet firmware
device cxgbe # Chelsio T4-T6 1/10/25/40/100 Gigabit Ethernet
device cxgbev # Chelsio T4-T6 Virtual Functions
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel Pro/1000 Gigabit Ethernet
device ix # Intel Pro/10Gbe PCIE Ethernet
device ixv # Intel Pro/10Gbe PCIE Ethernet VF
device le # AMD Am7900 LANCE and Am79C9xx PCnet
device mxge # Myricom Myri-10G 10GbE NIC
device oce # Emulex 10 GbE (OneConnect Ethernet)

8
sys/conf/files
View File

@ -4132,10 +4132,10 @@ net/if_tun.c optional tun
net/if_tap.c optional tap
net/if_vlan.c optional vlan
net/if_vxlan.c optional vxlan inet | vxlan inet6
net/ifdi_if.m optional ether pci
net/iflib.c optional ether pci
net/iflib_clone.c optional ether pci
net/mp_ring.c optional ether
net/ifdi_if.m optional ether pci iflib
net/iflib.c optional ether pci iflib
net/iflib_clone.c optional ether pci iflib
net/mp_ring.c optional ether iflib
net/mppcc.c optional netgraph_mppc_compression
net/mppcd.c optional netgraph_mppc_compression
net/netisr.c standard

1
sys/conf/files.powerpc
View File

@ -201,6 +201,7 @@ powerpc/powernv/opalcall.S optional powernv
powerpc/powernv/platform_powernv.c optional powernv
powerpc/powernv/powernv_centaur.c optional powernv
powerpc/powernv/powernv_xscom.c optional powernv
powerpc/powernv/xive.c optional powernv
powerpc/powerpc/altivec.c optional powerpc | powerpc64
powerpc/powerpc/autoconf.c standard
powerpc/powerpc/bus_machdep.c standard

69
sys/contrib/ipfilter/netinet/fil.c
View File

@ -20,26 +20,18 @@
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#if defined(_KERNEL) && defined(__FreeBSD_version) && \
(__FreeBSD_version >= 220000)
# if (__FreeBSD_version >= 400000)
#if defined(_KERNEL) && defined(__FreeBSD_version)
# if !defined(IPFILTER_LKM)
# include "opt_inet6.h"
# endif
# if (__FreeBSD_version == 400019)
# define CSUM_DELAY_DATA
# endif
# endif
# include <sys/filio.h>
#else
# include <sys/ioctl.h>
#endif
#if (defined(__SVR4) || defined(__svr4__)) && defined(sun)
#if defined(__SVR4) || defined(sun) /* SOLARIS */
# include <sys/filio.h>
#endif
#if !defined(_AIX51)
# include <sys/fcntl.h>
#endif
#if defined(_KERNEL)
# include <sys/systm.h>
# include <sys/file.h>
@ -50,29 +42,18 @@
# include <stddef.h>
# include <sys/file.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#endif
#if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux) && \
!defined(linux)
#if !defined(__SVR4)
# include <sys/mbuf.h>
#else
# if !defined(linux)
# include <sys/byteorder.h>
# endif
# if (SOLARIS2 < 5) && defined(sun)
# include <sys/dditypes.h>
# endif
#endif
#ifdef __hpux
# define _NET_ROUTE_INCLUDED
#endif
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#include <net/if.h>
#ifdef sun
@ -81,25 +62,13 @@ struct file;
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#if defined(__sgi) && defined(IFF_DRVRLOCK) /* IRIX 6 */
# include <sys/hashing.h>
# include <netinet/in_var.h>
#endif
#include <netinet/tcp.h>
#if (!defined(__sgi) && !defined(AIX)) || defined(_KERNEL)
# include <netinet/udp.h>
# include <netinet/ip_icmp.h>
#endif
#ifdef __hpux
# undef _NET_ROUTE_INCLUDED
#endif
#ifdef __osf__
# undef _RADIX_H_
#endif
#include "netinet/ip_compat.h"
#ifdef USE_INET6
# include <netinet/icmp6.h>
# if !SOLARIS && defined(_KERNEL) && !defined(__osf__) && !defined(__hpux)
# if !SOLARIS && defined(_KERNEL)
# include <netinet6/in6_var.h>
# endif
#endif
@ -122,7 +91,7 @@ struct file;
#if defined(IPFILTER_BPF) && defined(_KERNEL)
# include <net/bpf.h>
#endif
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif
#include "netinet/ipl.h"
@ -131,10 +100,6 @@ struct file;
# include <sys/callout.h>
extern struct callout ipf_slowtimer_ch;
#endif
#if defined(__OpenBSD__)
# include <sys/timeout.h>
extern struct timeout ipf_slowtimer_ch;
#endif
/* END OF INCLUDES */
#if !defined(lint)
@ -214,10 +179,7 @@ static int ipf_updateipid __P((fr_info_t *));
static int ipf_settimeout __P((struct ipf_main_softc_s *,
struct ipftuneable *,
ipftuneval_t *));
#if !defined(_KERNEL) || (!defined(__NetBSD__) && !defined(__OpenBSD__) && \
!defined(__FreeBSD__)) || \
FREEBSD_LT_REV(501000) || NETBSD_LT_REV(105000000) || \
OPENBSD_LT_REV(200006)
#if !defined(_KERNEL) || SOLARIS
static int ppsratecheck(struct timeval *, int *, int);
#endif
@ -2815,13 +2777,14 @@ ipf_firewall(fin, passp)
/* -2 == requires authentication */
/* Kernel: */
/* > 0 == filter error # for packet */
/* Parameters: ip(I) - pointer to start of IPv4/6 packet */
/* Parameters: ctx(I) - pointer to the instance context */
/* ip(I) - pointer to start of IPv4/6 packet */
/* hlen(I) - length of header */
/* ifp(I) - pointer to interface this packet is on */
/* out(I) - 0 == packet going in, 1 == packet going out */
/* mp(IO) - pointer to caller's buffer pointer that holds this */
/* IP packet. */
/* Solaris & HP-UX ONLY : */
/* Solaris: */
/* qpi(I) - pointer to STREAMS queue information for this */
/* interface & direction. */
/* */
@ -3266,12 +3229,6 @@ ipf_check(ctx, ip, hlen, ifp, out
}
} else {
LBUMP(ipf_stats[out].fr_pass);
#if defined(_KERNEL) && defined(__sgi)
if ((fin->fin_hbuf != NULL) &&
(mtod(fin->fin_m, struct ip *) != fin->fin_ip)) {
COPYBACK(fin->fin_m, 0, fin->fin_plen, fin->fin_hbuf);
}
#endif
}
SPL_X(s);
@ -5482,10 +5439,7 @@ ipf_resolvefunc(softc, data)
}
#if !defined(_KERNEL) || (!defined(__NetBSD__) && !defined(__OpenBSD__) && \
!defined(__FreeBSD__)) || \
FREEBSD_LT_REV(501000) || NETBSD_LT_REV(105000000) || \
OPENBSD_LT_REV(200006)
#if !defined(_KERNEL) || SOLARIS
/*
* From: NetBSD
* ppsratecheck(): packets (or events) per second limitation.
@ -10110,9 +10064,6 @@ ipf_slowtimer(softc)
ipf_rule_expire(softc);
ipf_sync_expire(softc);
softc->ipf_ticks++;
# if defined(__OpenBSD__)
timeout_add(&ipf_slowtimer_ch, hz/2);
# endif
}

52
sys/contrib/ipfilter/netinet/ip_auth.c
View File

@ -24,29 +24,24 @@
# endif
# include <string.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#endif
#if defined(_KERNEL) && (__FreeBSD_version >= 220000)
#if defined(_KERNEL) && defined(__FreeBSD_version)
# include <sys/filio.h>
# include <sys/fcntl.h>
#else
# include <sys/ioctl.h>
#endif
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL)
# include <sys/systm.h>
# if !defined(__SVR4) && !defined(__svr4__) && !defined(linux)
# if !defined(__SVR4)
# include <sys/mbuf.h>
# endif
#endif
#if defined(__SVR4) || defined(__svr4__)
#if defined(__SVR4)
# include <sys/filio.h>
# include <sys/byteorder.h>
# ifdef _KERNEL
@ -55,11 +50,10 @@ struct file;
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if (defined(_BSDI_VERSION) && (_BSDI_VERSION >= 199802)) || \
(defined(__FreeBSD_version) &&(__FreeBSD_version >= 400000))
#if defined(__FreeBSD_version)
# include <sys/queue.h>
#endif
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(bsdi)
#if defined(__NetBSD__)
# include <machine/cpu.h>
#endif
#if defined(_KERNEL) && defined(__NetBSD__) && (__NetBSD_Version__ >= 104000000)
@ -76,10 +70,8 @@ struct file;
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#if !defined(linux)
# include <netinet/ip_var.h>
#endif
#if !defined(_KERNEL) && !defined(__osf__) && !defined(__sgi)
#if !defined(_KERNEL)
# define KERNEL
# define _KERNEL
# define NOT_KERNEL
@ -89,34 +81,26 @@ struct file;
# undef KERNEL
#endif
#include <netinet/tcp.h>
#if defined(IRIX) && (IRIX < 60516) /* IRIX < 6 */
extern struct ifqueue ipintrq; /* ip packet input queue */
#else
# if !defined(__hpux) && !defined(linux)
# if __FreeBSD_version >= 300000
# if defined(__FreeBSD_version)
# include <net/if_var.h>
# if __FreeBSD_version >= 500042
# define IF_QFULL _IF_QFULL
# define IF_DROP _IF_DROP
# endif /* __FreeBSD_version >= 500042 */
# endif
# include <netinet/in_var.h>
# include <netinet/tcp_fsm.h>
# endif
#endif
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
#include "netinet/ip_auth.h"
#if !defined(MENTAT) && !defined(linux)
#if !defined(MENTAT)
# include <net/netisr.h>
# ifdef __FreeBSD__
# include <machine/cpufunc.h>
# endif
#endif
#if (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
# if defined(_KERNEL) && !defined(IPFILTER_LKM)
# include <sys/libkern.h>
@ -232,9 +216,6 @@ ipf_auth_soft_init(softc, arg)
bzero((char *)softa->ipf_auth_pkts,
softa->ipf_auth_size * sizeof(*softa->ipf_auth_pkts));
#if defined(linux) && defined(_KERNEL)
init_waitqueue_head(&softa->ipf_auth_next_linux);
#endif
return 0;
}
@ -1106,22 +1087,7 @@ ipf_auth_wait(softc, softa, data)
error = EINTR;
}
# else /* SOLARIS */
# ifdef __hpux
{
lock_t *l;
l = get_sleep_lock(&softa->ipf_auth_next);
error = sleep(&softa->ipf_auth_next, PZERO+1);
spinunlock(l);
}
# else
# ifdef __osf__
error = mpsleep(&softa->ipf_auth_next, PSUSP|PCATCH, "ipf_auth_next",
0, &softa->ipf_auth_mx, MS_LOCK_SIMPLE);
# else
error = SLEEP(&softa->ipf_auth_next, "ipf_auth_next");
# endif /* __osf__ */
# endif /* __hpux */
# endif /* SOLARIS */
#endif
MUTEX_EXIT(&softa->ipf_auth_mx);

37
sys/contrib/ipfilter/netinet/ip_compat.h
View File

@ -33,7 +33,7 @@
#endif
#ifndef SOLARIS
# if defined(sun) && (defined(__svr4__) || defined(__SVR4))
# if defined(sun) && defined(__SVR4)
# define SOLARIS 1
# else
# define SOLARIS 0
@ -41,7 +41,7 @@
#endif
#if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
#if defined(__SVR4)
# define index strchr
# if !defined(_KERNEL)
# define bzero(a,b) memset(a,0,b)
@ -62,11 +62,6 @@
# endif
#endif
#if defined(__sgi) || defined(bsdi) || defined(__hpux) || defined(hpux)
struct ether_addr {
u_char ether_addr_octet[6];
};
#endif
# ifdef __STDC__
# define IPL_EXTERN(ep) ipl##ep
@ -100,15 +95,6 @@ struct ether_addr {
(__FreeBSD_version > (x)))
#define FREEBSD_LT_REV(x) (defined(__FreeBSD_version) && \
(__FreeBSD_version < (x)))
#define BSDOS_GE_REV(x) (defined(_BSDI_VERSION) && \
(_BSDI_VERSION >= (x)))
#define BSDOS_GT_REV(x) (defined(_BSDI_VERSION) && \
(_BSDI_VERSION > (x)))
#define BSDOS_LT_REV(x) (defined(_BSDI_VERSION) && \
(_BSDI_VERSION < (x)))
#define OPENBSD_GE_REV(x) (defined(OpenBSD) && (OpenBSD >= (x)))
#define OPENBSD_GT_REV(x) (defined(OpenBSD) && (OpenBSD > (x)))
#define OPENBSD_LT_REV(x) (defined(OpenBSD) && (OpenBSD < (x)))
#define BSD_GE_YEAR(x) (defined(BSD) && (BSD >= (x)))
#define BSD_GT_YEAR(x) (defined(BSD) && (BSD > (x)))
#define BSD_LT_YEAR(x) (defined(BSD) && (BSD < (x)))
@ -321,8 +307,7 @@ typedef union {
#define ipf_isw ipf_lkun_s.ipf_sw
#define ipf_magic ipf_lkun_s.ipf_magic
#if !defined(__GNUC__) || \
(defined(__FreeBSD_version) && (__FreeBSD_version >= 503000))
#if !defined(__GNUC__) || defined(__FreeBSD_version)
# ifndef INLINE
# define INLINE
# endif
@ -473,11 +458,10 @@ extern mb_t *allocmbt(size_t);
#ifdef USE_INET6
# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
defined(__osf__) || defined(linux)
# if defined(__NetBSD__) || defined(__FreeBSD__)
# include <netinet/ip6.h>
# include <netinet/icmp6.h>
# if defined(_KERNEL) && !defined(__osf__)
# if defined(_KERNEL)
# include <netinet6/ip6_var.h>
# endif
typedef struct ip6_hdr ip6_t;
@ -497,21 +481,16 @@ typedef struct ip6_hdr ip6_t;
# define COPYBACK m_copyback
# endif
# if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
defined(_BSDI_VERSION)
defined(__FreeBSD__)
# include <vm/vm.h>
# endif
# if !defined(__FreeBSD__) || FREEBSD_GE_REV(300000)
# if NETBSD_GE_REV(105180000) || OPENBSD_GE_REV(200111)
# if NETBSD_GE_REV(105180000)
# include <uvm/uvm_extern.h>
# else
# include <vm/vm_extern.h>
extern vm_map_t kmem_map;
# endif
# include <sys/proc.h>
# else /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
# include <vm/vm_kern.h>
# endif /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
# ifdef IPFILTER_M_IPFILTER
# include <sys/malloc.h>
@ -611,7 +590,7 @@ MALLOC_DECLARE(M_IPFILTER);
# define COPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
# endif
# ifndef KMALLOC
# if SOLARIS && !defined(KMALLOC)
# define KMALLOC(a,b) (a) = (b)new_kmem_alloc(sizeof(*(a)), \
KMEM_NOSLEEP)
# define KMALLOCS(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)

14
sys/contrib/ipfilter/netinet/ip_dstlist.c
View File

@ -9,9 +9,6 @@
# define KERNEL 1
# define _KERNEL 1
#endif
#if defined(__osf__)
# define _PROTO_NET_H_
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
@ -21,9 +18,6 @@
# include <stdlib.h>
# include <string.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#else
@ -33,14 +27,12 @@ struct file;
# endif
#endif
#include <sys/time.h>
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL) && (!defined(__SVR4) && !defined(__svr4__))
#if defined(_KERNEL) && !defined(__SVR4)
# include <sys/mbuf.h>
#endif
#if defined(__SVR4) || defined(__svr4__)
#if defined(__SVR4)
# include <sys/filio.h>
# include <sys/byteorder.h>
# ifdef _KERNEL
@ -49,7 +41,7 @@ struct file;
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif

82
sys/contrib/ipfilter/netinet/ip_fil.h
View File

@ -11,9 +11,7 @@
#ifndef __IP_FIL_H__
#define __IP_FIL_H__
#if !defined(linux) || !defined(_KERNEL)
# include <netinet/in.h>
#endif
#include "netinet/ip_compat.h"
#include "netinet/ipf_rb.h"
@ -21,15 +19,11 @@
# include <sys/callout.h>
#endif
#if defined(BSD) && defined(_KERNEL)
# if NETBSD_LT_REV(399000000) || defined(__osf__) || FREEBSD_LT_REV(500043)
# include <sys/select.h>
# else
# include <sys/selinfo.h>
# endif
#endif
#ifndef SOLARIS
# if defined(sun) && (defined(__svr4__) || defined(__SVR4))
# if defined(sun) && defined(__SVR4)
# define SOLARIS 1
# else
# define SOLARIS 0
@ -44,7 +38,7 @@
# endif
#endif
#if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
#if defined(__STDC__) || defined(__GNUC__)
# define SIOCADAFR _IOW('r', 60, struct ipfobj)
# define SIOCRMAFR _IOW('r', 61, struct ipfobj)
# define SIOCSETFF _IOW('r', 62, u_int)
@ -458,9 +452,6 @@ typedef struct fr_info {
mb_t *fin_qfm; /* pointer to mblk where pkt starts */
void *fin_qpi;
char fin_ifname[LIFNAMSIZ];
#endif
#ifdef __sgi
void *fin_hbuf;
#endif
void *fin_fraghdr; /* pointer to start of ipv6 frag hdr */
} fr_info_t;
@ -1425,10 +1416,6 @@ typedef struct ipftune {
/*
** HPUX Port
*/
#ifdef __hpux
/* HP-UX locking sequence deadlock detection module lock MAJOR ID */
# define IPF_SMAJ 0 /* temp assignment XXX, not critical */
#endif
#if !defined(CDEV_MAJOR) && defined (__FreeBSD_version) && \
(__FreeBSD_version >= 220000)
@ -1624,22 +1611,14 @@ typedef struct ipf_main_softc_s {
frentry_t *ipf_rule_explist[2];
ipftoken_t *ipf_token_head;
ipftoken_t **ipf_token_tail;
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) && \
defined(_KERNEL)
#if defined(__FreeBSD_version) && defined(_KERNEL)
struct callout ipf_slow_ch;
#endif
#if defined(linux) && defined(_KERNEL)
struct timer_list ipf_timer;
#endif
#if NETBSD_GE_REV(104040000)
struct callout ipf_slow_ch;
#endif
#if SOLARIS
# if SOLARIS2 >= 7
timeout_id_t ipf_slow_ch;
# else
int ipf_slow_ch;
# endif
#endif
#if defined(_KERNEL)
# if SOLARIS
@ -1662,12 +1641,7 @@ typedef struct ipf_main_softc_s {
hook_t *ipf_hk_loop_v6_out;
# endif
# else
# if defined(linux) && defined(_KERNEL)
struct poll_table_struct ipf_selwait[IPL_LOGSIZE];
wait_queue_head_t iplh_linux[IPL_LOGSIZE];
# else
struct selinfo ipf_selwait[IPL_LOGSIZE];
# endif
# endif
#endif
void *ipf_slow;
@ -1697,67 +1671,27 @@ extern void ipfilterattach __P((int));
extern int ipl_enable __P((void));
extern int ipl_disable __P((void));
# ifdef MENTAT
/* XXX MENTAT is always defined for Solaris */
extern int ipf_check __P((void *, struct ip *, int, void *, int, void *,
mblk_t **));
# if SOLARIS
extern void ipf_prependmbt(fr_info_t *, mblk_t *);
# if SOLARIS2 >= 7
extern int ipfioctl __P((dev_t, int, intptr_t, int, cred_t *, int *));
# else
extern int ipfioctl __P((dev_t, int, int *, int, cred_t *, int *));
# endif
# endif
# ifdef __hpux
extern int ipfioctl __P((dev_t, int, caddr_t, int));
extern int ipf_select __P((dev_t, int));
# endif
extern int ipf_qout __P((queue_t *, mblk_t *));
# else /* MENTAT */
/* XXX MENTAT is never defined for FreeBSD & NetBSD */
extern int ipf_check __P((void *, struct ip *, int, void *, int, mb_t **));
extern int (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **));
extern size_t mbufchainlen __P((mb_t *));
# ifdef __sgi
# include <sys/cred.h>
extern int ipfioctl __P((dev_t, int, caddr_t, int, cred_t *, int *));
extern int ipfilter_sgi_attach __P((void));
extern void ipfilter_sgi_detach __P((void));
extern void ipfilter_sgi_intfsync __P((void));
# else
# ifdef IPFILTER_LKM
extern int ipf_identify __P((char *));
# endif
# if BSDOS_GE_REV(199510) || FREEBSD_GE_REV(220000) || \
(defined(NetBSD) && (NetBSD >= 199511)) || defined(__OpenBSD__)
# if defined(__NetBSD__) || BSDOS_GE_REV(199701) || \
defined(__OpenBSD__) || FREEBSD_GE_REV(300000)
# if (__FreeBSD_version >= 500024)
# if (__FreeBSD_version >= 502116)
# if defined(__FreeBSD_version)
extern int ipfioctl __P((struct cdev*, u_long, caddr_t, int, struct thread *));
# else
extern int ipfioctl __P((dev_t, u_long, caddr_t, int, struct thread *));
# endif /* __FreeBSD_version >= 502116 */
# else
# if NETBSD_GE_REV(499001000)
# elif defined(__NetBSD__)
extern int ipfioctl __P((dev_t, u_long, void *, int, struct lwp *));
# else
# if NETBSD_GE_REV(399001400)
extern int ipfioctl __P((dev_t, u_long, caddr_t, int, struct lwp *));
# else
extern int ipfioctl __P((dev_t, u_long, caddr_t, int, struct proc *));
# endif
# endif
# endif /* __FreeBSD_version >= 500024 */
# else
extern int ipfioctl __P((dev_t, int, caddr_t, int, struct proc *));
# endif
# else
# ifdef linux
extern int ipfioctl __P((struct inode *, struct file *, u_int, u_long));
# else
extern int ipfioctl __P((dev_t, int, caddr_t, int));
# endif
# endif /* (_BSDI_VERSION >= 199510) */
# endif /* __ sgi */
# endif
# endif /* MENTAT */
# if defined(__FreeBSD_version)

115
sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
View File

@ -25,6 +25,7 @@ static const char rcsid[] = "@(#)$Id$";
# include "opt_random_ip_id.h"
#endif
#include <sys/param.h>
#include <sys/conf.h>
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/file.h>
@ -126,32 +127,33 @@ static void ipf_ifevent(arg, ifp)
static int
ipf_check_wrapper(void *arg, struct mbuf **mp, struct ifnet *ifp, int dir)
static pfil_return_t
ipf_check_wrapper(struct mbuf **mp, struct ifnet *ifp, int flags,
void *ruleset __unused, struct inpcb *inp)
{
struct ip *ip = mtod(*mp, struct ip *);
int rv;
pfil_return_t rv;
CURVNET_SET(ifp->if_vnet);
rv = ipf_check(&V_ipfmain, ip, ip->ip_hl << 2, ifp, (dir == PFIL_OUT),
mp);
rv = ipf_check(&V_ipfmain, ip, ip->ip_hl << 2, ifp,
!!(flags & PFIL_OUT), mp);
CURVNET_RESTORE();
return rv;
return (rv == 0 ? PFIL_PASS : PFIL_DROPPED);
}
# ifdef USE_INET6
# include <netinet/ip6.h>
static int
ipf_check_wrapper6(void *arg, struct mbuf **mp, struct ifnet *ifp, int dir)
#ifdef USE_INET6
static pfil_return_t
ipf_check_wrapper6(struct mbuf **mp, struct ifnet *ifp, int flags,
void *ruleset __unused, struct inpcb *inp)
{
int error;
pfil_return_t rv;
CURVNET_SET(ifp->if_vnet);
error = ipf_check(&V_ipfmain, mtod(*mp, struct ip *),
sizeof(struct ip6_hdr), ifp, (dir == PFIL_OUT), mp);
rv = ipf_check(&V_ipfmain, mtod(*mp, struct ip *),
sizeof(struct ip6_hdr), ifp, !!(flags & PFIL_OUT), mp);
CURVNET_RESTORE();
return (error);
return (rv == 0 ? PFIL_PASS : PFIL_DROPPED);
}
# endif
#if defined(IPFILTER_LKM)
@ -1318,53 +1320,62 @@ ipf_inject(fin, m)
return error;
}
int ipf_pfil_unhook(void) {
struct pfil_head *ph_inet;
#ifdef USE_INET6
struct pfil_head *ph_inet6;
#endif
VNET_DEFINE_STATIC(pfil_hook_t, ipf_inet_hook);
VNET_DEFINE_STATIC(pfil_hook_t, ipf_inet6_hook);
#define V_ipf_inet_hook VNET(ipf_inet_hook)
#define V_ipf_inet6_hook VNET(ipf_inet6_hook)
ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
if (ph_inet != NULL)
pfil_remove_hook((void *)ipf_check_wrapper, NULL,
PFIL_IN|PFIL_OUT|PFIL_WAITOK, ph_inet);
# ifdef USE_INET6
ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
if (ph_inet6 != NULL)
pfil_remove_hook((void *)ipf_check_wrapper6, NULL,
PFIL_IN|PFIL_OUT|PFIL_WAITOK, ph_inet6);
# endif
int ipf_pfil_unhook(void) {
pfil_remove_hook(V_ipf_inet_hook);
#ifdef USE_INET6
pfil_remove_hook(V_ipf_inet6_hook);
#endif
return (0);
}
int ipf_pfil_hook(void) {
struct pfil_head *ph_inet;
struct pfil_hook_args pha;
struct pfil_link_args pla;
int error, error6;
pha.pa_version = PFIL_VERSION;
pha.pa_flags = PFIL_IN | PFIL_OUT;
pha.pa_modname = "ipfilter";
pha.pa_rulname = "default";
pha.pa_func = ipf_check_wrapper;
pha.pa_ruleset = NULL;
pha.pa_type = PFIL_TYPE_IP4;
V_ipf_inet_hook = pfil_add_hook(&pha);
#ifdef USE_INET6
struct pfil_head *ph_inet6;
pha.pa_func = ipf_check_wrapper6;
pha.pa_type = PFIL_TYPE_IP6;
V_ipf_inet6_hook = pfil_add_hook(&pha);
#endif
ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
# ifdef USE_INET6
ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
# endif
if (ph_inet == NULL
# ifdef USE_INET6
&& ph_inet6 == NULL
# endif
) {
return ENODEV;
}
pla.pa_version = PFIL_VERSION;
pla.pa_flags = PFIL_IN | PFIL_OUT |
PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet_pfil_head;
pla.pa_hook = V_ipf_inet_hook;
error = pfil_link(&pla);
if (ph_inet != NULL)
pfil_add_hook((void *)ipf_check_wrapper, NULL,
PFIL_IN|PFIL_OUT|PFIL_WAITOK, ph_inet);
# ifdef USE_INET6
if (ph_inet6 != NULL)
pfil_add_hook((void *)ipf_check_wrapper6, NULL,
PFIL_IN|PFIL_OUT|PFIL_WAITOK, ph_inet6);
# endif
return (0);
error6 = 0;
#ifdef USE_INET6
pla.pa_head = V_inet6_pfil_head;
pla.pa_hook = V_ipf_inet6_hook;
error6 = pfil_link(&pla);
#endif
if (error || error6)
error = ENODEV;
else
error = 0;
return (error);
}
void

15
sys/contrib/ipfilter/netinet/ip_frag.c
View File

@ -16,30 +16,21 @@
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#ifdef __hpux
# include <sys/timeout.h>
#endif
#if !defined(_KERNEL)
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#endif
#if defined(_KERNEL) && \
defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
#if defined(_KERNEL) && defined(__FreeBSD_version)
# include <sys/filio.h>
# include <sys/fcntl.h>
#else
# include <sys/ioctl.h>
#endif
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL)
# include <sys/systm.h>
@ -48,7 +39,7 @@ struct file;
# endif
#endif
#if !defined(__SVR4) && !defined(__svr4__)
# if defined(_KERNEL) && !defined(__sgi) && !defined(AIX)
# if defined(_KERNEL)
# include <sys/kernel.h>
# endif
#else
@ -66,9 +57,7 @@ struct file;
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#if !defined(linux)
# include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>

8
sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
View File

@ -1308,11 +1308,7 @@ ipf_p_ftp_process(softf, fin, nat, ftp, rv)
t = &ftp->ftp_side[1 - rv];
thseq = ntohl(tcp->th_seq);
thack = ntohl(tcp->th_ack);
#ifdef __sgi
mlen = fin->fin_plen - off;
#else
mlen = MSGDSIZE(m) - off;
#endif
DT3(process_debug, tcphdr_t *, tcp, int, off, int, mlen);
if (softf->ipf_p_ftp_debug & DEBUG_INFO)
@ -1609,11 +1605,7 @@ ipf_p_ftp_process(softf, fin, nat, ftp, rv)
if (tcp->th_flags & TH_FIN)
f->ftps_seq[1]++;
if (softf->ipf_p_ftp_debug & DEBUG_PARSE_INFO) {
#ifdef __sgi
mlen = fin->fin_plen;
#else
mlen = MSGDSIZE(m);
#endif
mlen -= off;
printf("ftps_seq[1] = %x inc %d len %d\n",
f->ftps_seq[1], inc, mlen);

8
sys/contrib/ipfilter/netinet/ip_htable.c
View File

@ -20,22 +20,18 @@
# include <stdlib.h>
# include <string.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#endif
#include <sys/socket.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif
#if defined(__FreeBSD__)
# include <sys/cdefs.h>
# include <sys/proc.h>
#endif
#if !defined(__svr4__) && !defined(__SVR4) && !defined(__hpux) && \
!defined(linux)
#if !defined(__SVR4)
# include <sys/mbuf.h>
#endif
#if defined(_KERNEL)

6
sys/contrib/ipfilter/netinet/ip_irc_pxy.c
View File

@ -278,11 +278,7 @@ ipf_p_irc_send(fin, nat)
bzero(ctcpbuf, sizeof(ctcpbuf));
off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
#ifdef __sgi
dlen = fin->fin_plen - off;
#else
dlen = MSGDSIZE(m) - off;
#endif
if (dlen <= 0)
return 0;
COPYDATA(m, off, MIN(sizeof(ctcpbuf), dlen), ctcpbuf);
@ -361,7 +357,7 @@ ipf_p_irc_send(fin, nat)
fin->fin_flx |= FI_DOCKSUM;
if (inc != 0) {
#if defined(MENTAT) || defined(__sgi)
#if defined(MENTAT)
register u_32_t sum1, sum2;
sum1 = fin->fin_plen;

76
sys/contrib/ipfilter/netinet/ip_log.c
View File

@ -19,7 +19,7 @@
# include <osreldate.h>
#endif
#ifndef SOLARIS
# if defined(sun) && (defined(__svr4__) || defined(__SVR4))
# if defined(sun) && defined(__SVR4)
# define SOLARIS 1
# else
# define SOLARIS 0
@ -35,15 +35,11 @@
# include <ctype.h>
# define _KERNEL
# define KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
# undef KERNEL
#endif
#if (defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)) && \
defined(_KERNEL)
#if defined(__FreeBSD_version) && defined(_KERNEL)
# include <sys/fcntl.h>
# include <sys/filio.h>
#else
@ -56,21 +52,15 @@ struct file;
# include <sys/proc.h>
# endif
#endif /* _KERNEL */
#if !SOLARIS && !defined(__hpux) && !defined(linux)
# if (defined(NetBSD) && (NetBSD > 199609)) || \
(defined(OpenBSD) && (OpenBSD > 199603)) || \
(defined(__FreeBSD_version) && (__FreeBSD_version >= 300000))
# if defined(NetBSD) || defined(__FreeBSD_version)
# include <sys/dirent.h>
# else
# include <sys/dir.h>
# endif
# include <sys/mbuf.h>
# include <sys/select.h>
# if __FreeBSD_version >= 500000
# endif
# if defined(__FreeBSD_version)
# include <sys/selinfo.h>
# endif
#else
# if !defined(__hpux) && defined(_KERNEL)
#if SOLARIS && defined(_KERNEL)
# include <sys/filio.h>
# include <sys/cred.h>
# include <sys/ddi.h>
@ -80,24 +70,18 @@ struct file;
# include <sys/mkdev.h>
# include <sys/dditypes.h>
# include <sys/cmn_err.h>
# endif /* !__hpux */
#endif /* !SOLARIS && !__hpux */
#if !defined(linux)
#endif /* SOLARIS && _KERNEL */
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#include <net/if.h>
#ifdef sun
# include <net/af.h>
#endif
#if __FreeBSD_version >= 300000
#if defined(__FreeBSD_version)
# include <net/if_var.h>
#endif
#include <netinet/in.h>
#ifdef __sgi
# include <sys/ddi.h>
#endif
# include <netinet/in_var.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -107,9 +91,7 @@ struct file;
#ifdef USE_INET6
# include <netinet/icmp6.h>
#endif
#if !defined(linux)
# include <netinet/ip_var.h>
#endif
#ifndef _KERNEL
# include <syslog.h>
#endif
@ -120,7 +102,7 @@ struct file;
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
#include "netinet/ip_auth.h"
#if (__FreeBSD_version >= 300000) || defined(__NetBSD__)
#if defined(__FreeBSD_version) || defined(__NetBSD__)
# include <sys/malloc.h>
#endif
/* END OF INCLUDES */
@ -138,12 +120,6 @@ typedef struct ipf_log_softc_s {
ipfmutex_t ipl_mutex[IPL_LOGSIZE];
# if SOLARIS && defined(_KERNEL)
kcondvar_t ipl_wait[IPL_LOGSIZE];
# endif
# if defined(linux) && defined(_KERNEL)
wait_queue_head_t iplh_linux[IPL_LOGSIZE];
# endif
# if defined(__hpux) && defined(_KERNEL)
iplog_select_t ipl_ss[IPL_LOGSIZE];
# endif
iplog_t **iplh[IPL_LOGSIZE];
iplog_t *iplt[IPL_LOGSIZE];
@ -386,11 +362,11 @@ ipf_log_pkt(fin, flags)
ipflog_t ipfl;
u_char p;
mb_t *m;
# if (SOLARIS || defined(__hpux)) && defined(_KERNEL) && !defined(FW_HOOKS)
# if SOLARIS && defined(_KERNEL) && !defined(FW_HOOKS)
qif_t *ifp;
# else
struct ifnet *ifp;
# endif /* SOLARIS || __hpux */
# endif /* SOLARIS */
m = fin->fin_m;
if (m == NULL)
@ -460,14 +436,14 @@ ipf_log_pkt(fin, flags)
* Get the interface number and name to which this packet is
* currently associated.
*/
# if (SOLARIS || defined(__hpux)) && defined(_KERNEL)
# if SOLARIS && defined(_KERNEL)
# if !defined(FW_HOOKS)
ipfl.fl_unit = (u_int)ifp->qf_ppa;
# endif
COPYIFNAME(fin->fin_v, ifp, ipfl.fl_ifname);
# else
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
OPENBSD_GE_REV(199603) || defined(linux) || FREEBSD_GE_REV(501113)
defined(__FreeBSD_version)
COPYIFNAME(fin->fin_v, ifp, ipfl.fl_ifname);
# else
ipfl.fl_unit = (u_int)ifp->if_unit;
@ -738,32 +714,9 @@ ipf_log_read(softc, unit, uio)
return EINTR;
}
# else
# if defined(__hpux) && defined(_KERNEL)
lock_t *l;
# ifdef IPL_SELECT
if (uio->uio_fpflags & (FNBLOCK|FNDELAY)) {
/* this is no blocking system call */
softl->ipl_readers[unit]--;
MUTEX_EXIT(&softl->ipl_mutex[unit]);
return 0;
}
# endif
MUTEX_EXIT(&softl->ipl_mutex[unit]);
l = get_sleep_lock(&softl->iplh[unit]);
error = sleep(&softl->iplh[unit], PZERO+1);
spinunlock(l);
# else
# if defined(__osf__) && defined(_KERNEL)
error = mpsleep(&softl->iplh[unit], PSUSP|PCATCH, "ipfread", 0,
&softl->ipl_mutex, MS_LOCK_SIMPLE);
# else
MUTEX_EXIT(&softl->ipl_mutex[unit]);
SPL_X(s);
error = SLEEP(unit + softl->iplh, "ipl sleep");
# endif /* __osf__ */
# endif /* __hpux */
SPL_NET(s);
MUTEX_ENTER(&softl->ipl_mutex[unit]);
if (error) {
@ -781,8 +734,7 @@ ipf_log_read(softc, unit, uio)
return EIO;
}
# if (defined(BSD) && (BSD >= 199101)) || defined(__FreeBSD__) || \
defined(__osf__)
# if (defined(BSD) && (BSD >= 199101)) || defined(__FreeBSD__)
uio->uio_rw = UIO_READ;
# endif

10
sys/contrib/ipfilter/netinet/ip_lookup.c
View File

@ -10,15 +10,12 @@
# define KERNEL 1
# define _KERNEL 1
#endif
#if defined(__osf__)
# define _PROTO_NET_H_
#endif
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/file.h>
#if __FreeBSD_version >= 220000 && defined(_KERNEL)
#if defined(__FreeBSD_version) && defined(_KERNEL)
# include <sys/fcntl.h>
# include <sys/filio.h>
#else
@ -29,9 +26,6 @@
# include <string.h>
# include <stdlib.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#endif
@ -43,7 +37,7 @@ struct file;
#endif
#if defined(_KERNEL)
# include <sys/systm.h>
# if !defined(__SVR4) && !defined(__svr4__)
# if !defined(__SVR4)
# include <sys/mbuf.h>
# endif
#else

73
sys/contrib/ipfilter/netinet/ip_nat.c
View File

@ -31,27 +31,22 @@ struct file;
# include <sys/uio.h>
# undef KERNEL
#endif
#if defined(_KERNEL) && \
defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
#if defined(_KERNEL) && defined(__FreeBSD_version)
# include <sys/filio.h>
# include <sys/fcntl.h>
#else
# include <sys/ioctl.h>
#endif
#if !defined(AIX)
# include <sys/fcntl.h>
#endif
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL)
# include <sys/systm.h>
# if !defined(__SVR4) && !defined(__svr4__)
# if !defined(__SVR4)
# include <sys/mbuf.h>
# endif
#endif
#if defined(__SVR4) || defined(__svr4__)
#if defined(__SVR4)
# include <sys/filio.h>
# include <sys/byteorder.h>
# ifdef KERNEL
@ -60,11 +55,11 @@ struct file;
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if __FreeBSD_version >= 300000
#if defined(__FreeBSD_version)
# include <sys/queue.h>
#endif
#include <net/if.h>
#if __FreeBSD_version >= 300000
#if defined(__FreeBSD_version)
# include <net/if_var.h>
#endif
#ifdef sun
@ -80,9 +75,7 @@ struct file;
extern struct ifnet vpnif;
#endif
#if !defined(linux)
# include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
@ -97,7 +90,7 @@ extern struct ifnet vpnif;
#include "netinet/ip_lookup.h"
#include "netinet/ip_dstlist.h"
#include "netinet/ip_sync.h"
#if FREEBSD_GE_REV(300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif
#ifdef HAS_SYS_MD5_H
@ -1024,7 +1017,7 @@ ipf_nat_ioctl(softc, data, cmd, mode, uid, ctx)
KAUTH_REQ_NETWORK_FIREWALL_FW,
NULL, NULL, NULL))
# else
# if defined(__FreeBSD_version) && (__FreeBSD_version >= 500034)
# if defined(__FreeBSD_version)
if (securelevel_ge(curthread->td_ucred, 3) && (mode & FWRITE))
# else
if ((securelevel >= 3) && (mode & FWRITE))
@ -1036,11 +1029,7 @@ ipf_nat_ioctl(softc, data, cmd, mode, uid, ctx)
}
#endif
#if defined(__osf__) && defined(_KERNEL)
getlock = 0;
#else
getlock = (mode & NAT_LOCKHELD) ? 0 : 1;
#endif
n = NULL;
nt = NULL;
@ -1866,7 +1855,7 @@ ipf_nat_getent(softc, data, getlock)
*/
if (nat->nat_ptr != NULL)
bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat,
ipn->ipn_ipnat.in_size);
sizeof(nat->nat_ptr));
/*
* If we also know the NAT entry has an associated filter rule,
@ -1904,21 +1893,17 @@ ipf_nat_getent(softc, data, getlock)
}
}
if (error == 0) {
if (getlock) {
READ_ENTER(&softc->ipf_nat);
getlock = 0;
}
error = ipf_outobjsz(softc, data, ipn, IPFOBJ_NATSAVE,
ipns.ipn_dsize);
}
finished:
if (getlock) {
READ_ENTER(&softc->ipf_nat);
}
if (ipn != NULL) {
KFREES(ipn, ipns.ipn_dsize);
}
if (getlock) {
RWLOCK_EXIT(&softc->ipf_nat);
}
return error;
}
@ -3306,7 +3291,7 @@ ipf_nat_finalise(fin, nat)
u_32_t sum1, sum2, sumd;
frentry_t *fr;
u_32_t flags;
#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) && defined(ICK_M_CTL_MAGIC)
#if SOLARIS && defined(_KERNEL) && defined(ICK_M_CTL_MAGIC)
qpktinfo_t *qpi = fin->fin_qpi;
#endif
@ -5238,8 +5223,8 @@ ipf_nat_out(fin, nat, natadd, nflags)
uh = (udphdr_t *)(ip + 1);
uh->uh_ulen += fin->fin_plen;
uh->uh_ulen = htons(uh->uh_ulen);
#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) || \
defined(linux) || defined(BRIDGE_IPF) || defined(__FreeBSD__)
#if !defined(_KERNEL) || defined(MENTAT) || \
defined(BRIDGE_IPF) || defined(__FreeBSD__)
ipf_fix_outcksum(0, &ip->ip_sum, sumd, 0);
#endif
@ -5659,8 +5644,7 @@ ipf_nat_in(fin, nat, natadd, nflags)
}
fin->fin_ip->ip_dst = nat->nat_osrcip;
fin->fin_daddr = nat->nat_osrcaddr;
#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) || \
defined(__osf__) || defined(linux)
#if !defined(_KERNEL) || defined(MENTAT)
ipf_fix_incksum(0, &fin->fin_ip->ip_sum, ipsumd, 0);
#endif
break;
@ -5692,8 +5676,7 @@ ipf_nat_in(fin, nat, natadd, nflags)
sum2 += ntohs(ip->ip_off) & IP_DF;
CALC_SUMD(sum1, sum2, sumd);
#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) || \
defined(__osf__) || defined(linux)
#if !defined(_KERNEL) || defined(MENTAT)
ipf_fix_outcksum(0, &ip->ip_sum, sumd, 0);
#endif
PREP_MB_T(fin, m);
@ -6212,27 +6195,6 @@ ipf_nat_log(softc, softn, nat, action)
}
#if defined(__OpenBSD__)
/* ------------------------------------------------------------------------ */
/* Function: ipf_nat_ifdetach */
/* Returns: Nil */
/* Parameters: ifp(I) - pointer to network interface */
/* */
/* Compatibility interface for OpenBSD to trigger the correct updating of */
/* interface references within IPFilter. */
/* ------------------------------------------------------------------------ */
void
ipf_nat_ifdetach(ifp)
void *ifp;
{
ipf_main_softc_t *softc;
softc = ipf_get_softc(0);
ipf_sync(ifp);
return;
}
#endif
/* ------------------------------------------------------------------------ */
@ -7463,8 +7425,7 @@ ipf_nat_decap(fin, nat)
CALC_SUMD(sum1, sum2, sumd);
fin->fin_ip->ip_dst = nat->nat_osrcip;
fin->fin_daddr = nat->nat_osrcaddr;
#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) || \
defined(__osf__) || defined(linux)
#if !defined(_KERNEL) || defined(MENTAT)
ipf_fix_outcksum(0, &fin->fin_ip->ip_sum, sumd, 0);
#endif
}

5
sys/contrib/ipfilter/netinet/ip_nat.h
View File

@ -14,7 +14,7 @@
#define __IP_NAT_H__
#ifndef SOLARIS
# if defined(sun) && (defined(__svr4__) || defined(__SVR4))
# if defined(sun) && defined(__SVR4)
# define SOLARIS 1
# else
# define SOLARIS 0
@ -694,9 +694,6 @@ extern int ipf_nat_hostmap_rehash __P((ipf_main_softc_t *,
ipftuneable_t *, ipftuneval_t *));
extern nat_t *ipf_nat_icmperrorlookup __P((fr_info_t *, int));
extern nat_t *ipf_nat_icmperror __P((fr_info_t *, u_int *, int));
#if defined(__OpenBSD__)
extern void ipf_nat_ifdetach __P((void *));
#endif
extern int ipf_nat_init __P((void));
extern nat_t *ipf_nat_inlookup __P((fr_info_t *, u_int, u_int,
struct in_addr, struct in_addr));

20
sys/contrib/ipfilter/netinet/ip_nat6.c
View File

@ -29,26 +29,22 @@ struct file;
# include <sys/uio.h>
# undef _KERNEL
#endif
#if defined(_KERNEL) && (__FreeBSD_version >= 220000)
#if defined(_KERNEL) && defined(__FreeBSD_version)
# include <sys/filio.h>
# include <sys/fcntl.h>
#else
# include <sys/ioctl.h>
#endif
#if !defined(AIX)
# include <sys/fcntl.h>
#endif
#if !defined(linux)
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL)
# include <sys/systm.h>
# if !defined(__SVR4) && !defined(__svr4__)
# if !defined(__SVR4)
# include <sys/mbuf.h>
# endif
#endif
#if defined(__SVR4) || defined(__svr4__)
#if defined(__SVR4)
# include <sys/filio.h>
# include <sys/byteorder.h>
# ifdef _KERNEL
@ -57,11 +53,11 @@ struct file;
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if __FreeBSD_version >= 300000
#if defined(__FreeBSD_version)
# include <sys/queue.h>
#endif
#include <net/if.h>
#if __FreeBSD_version >= 300000
#if defined(__FreeBSD_version)
# include <net/if_var.h>
#endif
#ifdef sun
@ -78,9 +74,7 @@ struct file;
extern struct ifnet vpnif;
#endif
#if !defined(linux)
# include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
@ -94,7 +88,7 @@ extern struct ifnet vpnif;
#include "netinet/ip_lookup.h"
#include "netinet/ip_dstlist.h"
#include "netinet/ip_sync.h"
#if (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif
#ifdef HAS_SYS_MD5_H
@ -970,7 +964,7 @@ ipf_nat6_add(fin, np, natsave, flags, direction)
u_int nflags;
natinfo_t ni;
int move;
#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) && defined(ICK_M_CTL_MAGIC)
#if SOLARIS && defined(_KERNEL) && defined(ICK_M_CTL_MAGIC)
qpktinfo_t *qpi = fin->fin_qpi;
#endif

10
sys/contrib/ipfilter/netinet/ip_pool.c
View File

@ -9,9 +9,6 @@
# define KERNEL 1
# define _KERNEL 1
#endif
#if defined(__osf__)
# define _PROTO_NET_H_
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
@ -21,9 +18,6 @@
# include <stdlib.h>
# include <string.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
# include <sys/uio.h>
# undef _KERNEL
#else
@ -36,7 +30,7 @@ struct file;
#if defined(_KERNEL) && !defined(SOLARIS2)
# include <sys/mbuf.h>
#endif
#if defined(__SVR4) || defined(__svr4__)
#if defined(__SVR4)
# include <sys/byteorder.h>
# ifdef _KERNEL
# include <sys/dditypes.h>
@ -44,7 +38,7 @@ struct file;
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
#if defined(__FreeBSD_version)
# include <sys/malloc.h>
#endif

Some files were not shown because too many files have changed in this diff Show More