Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src Pull up file removal (requested by darrenr):
details: https://anonhg.NetBSD.org/src/rev/6552423dc708
branches: netbsd-1-4
changeset: 469955:6552423dc708
user: he <he%NetBSD.org@localhost>
date: Mon Dec 20 21:10:37 1999 +0000
description:
Pull up file removal (requested by darrenr):
Update IPF to version 3.3.5.
diffstat:
sys/lkm/netinet/if_ipl/ipl.h | 18 -
usr.sbin/ipf/ipf/LICENCE | 16 -
usr.sbin/ipf/ipf/ipf.4 | 215 ----
usr.sbin/ipf/ipf/ipf.5 | 494 ----------
usr.sbin/ipf/ipf/ipf.8 | 125 --
usr.sbin/ipf/ipf/ipf.c | 496 ----------
usr.sbin/ipf/ipf/ipf.h | 89 -
usr.sbin/ipf/ipf/ipl.4 | 139 --
usr.sbin/ipf/ipf/opt.c | 180 ---
usr.sbin/ipf/ipf/parse.c | 1358 ---------------------------
usr.sbin/ipf/ipfilter2netbsd | 424 --------
usr.sbin/ipf/ipfstat/fils.c | 511 ----------
usr.sbin/ipf/ipfstat/ipfstat.8 | 82 -
usr.sbin/ipf/ipfstat/kmem.c | 69 -
usr.sbin/ipf/ipfstat/kmem.h | 27 -
usr.sbin/ipf/ipftest/ipft_ef.c | 156 ---
usr.sbin/ipf/ipftest/ipft_hx.c | 174 ---
usr.sbin/ipf/ipftest/ipft_pc.c | 233 ----
usr.sbin/ipf/ipftest/ipft_sn.c | 215 ----
usr.sbin/ipf/ipftest/ipft_td.c | 193 ---
usr.sbin/ipf/ipftest/ipft_tx.c | 347 -------
usr.sbin/ipf/ipftest/ipftest.1 | 128 --
usr.sbin/ipf/ipftest/ipt.c | 224 ----
usr.sbin/ipf/ipftest/ipt.h | 32 -
usr.sbin/ipf/ipftest/misc.c | 107 --
usr.sbin/ipf/ipftest/pcap.h | 37 -
usr.sbin/ipf/ipftest/snoop.h | 49 -
usr.sbin/ipf/ipmon/ipmon.8 | 156 ---
usr.sbin/ipf/ipmon/ipmon.c | 970 -------------------
usr.sbin/ipf/ipnat/ipnat.4 | 98 -
usr.sbin/ipf/ipnat/ipnat.5 | 76 -
usr.sbin/ipf/ipnat/ipnat.8 | 79 -
usr.sbin/ipf/ipnat/ipnat.c | 901 ------------------
usr.sbin/ipf/ipresend/ipresend.1 | 107 --
usr.sbin/ipf/ipresend/ipresend.c | 168 ---
usr.sbin/ipf/ipresend/resend.c | 144 --
usr.sbin/ipf/ipsend/44arp.c | 111 --
usr.sbin/ipf/ipsend/ip.c | 349 -------
usr.sbin/ipf/ipsend/iplang.h | 56 -
usr.sbin/ipf/ipsend/iplang.tst | 11 -
usr.sbin/ipf/ipsend/iplang_l.l | 322 ------
usr.sbin/ipf/ipsend/iplang_y.y | 1868 --------------------------------------
usr.sbin/ipf/ipsend/ipsend.1 | 111 --
usr.sbin/ipf/ipsend/ipsend.5 | 403 --------
usr.sbin/ipf/ipsend/ipsend.c | 402 --------
usr.sbin/ipf/ipsend/ipsend.h | 69 -
usr.sbin/ipf/ipsend/ipsopt.c | 197 ----
usr.sbin/ipf/ipsend/sbpf.c | 138 --
usr.sbin/ipf/ipsend/tcpip.h | 93 -
usr.sbin/ipf/iptest/iptest.1 | 103 --
usr.sbin/ipf/iptest/iptest.c | 226 ----
usr.sbin/ipf/iptest/iptests.c | 1335 ---------------------------
usr.sbin/ipf/iptest/sock.c | 397 --------
usr.sbin/ipf/rules/BASIC.NAT | 45 -
usr.sbin/ipf/rules/BASIC_1.FW | 99 --
usr.sbin/ipf/rules/BASIC_2.FW | 72 -
usr.sbin/ipf/rules/example.1 | 4 -
usr.sbin/ipf/rules/example.10 | 12 -
usr.sbin/ipf/rules/example.11 | 26 -
usr.sbin/ipf/rules/example.12 | 17 -
usr.sbin/ipf/rules/example.13 | 17 -
usr.sbin/ipf/rules/example.2 | 5 -
usr.sbin/ipf/rules/example.3 | 40 -
usr.sbin/ipf/rules/example.4 | 4 -
usr.sbin/ipf/rules/example.5 | 25 -
usr.sbin/ipf/rules/example.6 | 5 -
usr.sbin/ipf/rules/example.7 | 12 -
usr.sbin/ipf/rules/example.8 | 10 -
usr.sbin/ipf/rules/example.9 | 12 -
usr.sbin/ipf/rules/example.sr | 61 -
usr.sbin/ipf/rules/firewall | 39 -
usr.sbin/ipf/rules/ftp-proxy | 40 -
usr.sbin/ipf/rules/ftppxy | 6 -
usr.sbin/ipf/rules/mediaone | 45 -
usr.sbin/ipf/rules/mkfilters | 73 -
usr.sbin/ipf/rules/mkfilters.1 | 16 -
usr.sbin/ipf/rules/nat-setup | 77 -
usr.sbin/ipf/rules/nat.eg | 14 -
usr.sbin/ipf/rules/server | 11 -
usr.sbin/ipf/rules/tcpstate | 13 -
80 files changed, 0 insertions(+), 15828 deletions(-)
diffs (truncated from 16148 to 300 lines):
diff -r f8b3c357744f -r 6552423dc708 sys/lkm/netinet/if_ipl/ipl.h
--- a/sys/lkm/netinet/if_ipl/ipl.h Mon Dec 20 21:08:10 1999 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-/* $NetBSD: ipl.h,v 1.13 1998/11/22 14:41:29 mrg Exp $ */
-
-/*
- * Copyright (C) 1993-1998 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- *
- * @(#)ipl.h 1.21 6/5/96
- */
-
-#ifndef __IPL_H__
-#define __IPL_H__
-
-#define IPL_VERSION "IP Filter v3.2.10"
-
-#endif
diff -r f8b3c357744f -r 6552423dc708 usr.sbin/ipf/ipf/LICENCE
--- a/usr.sbin/ipf/ipf/LICENCE Mon Dec 20 21:08:10 1999 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-/*
- * (C)opyright 1993, 1994, 1995 by Darren Reed.
- *
- * The author accepts no responsibility for the use of this software and
- * provides it on an ``as is'' basis without express or implied warranty.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * I hate legaleese, don't you ?
- */
diff -r f8b3c357744f -r 6552423dc708 usr.sbin/ipf/ipf/ipf.4
--- a/usr.sbin/ipf/ipf/ipf.4 Mon Dec 20 21:08:10 1999 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,215 +0,0 @@
-.\" $NetBSD: ipf.4,v 1.4 1998/01/09 08:09:23 perry Exp $
-.\"
-.TH IPF 4
-.SH NAME
-ipf \- packet filtering kernel interface
-.SH SYNOPSIS
-#include <netinet/ip_compat.h>
-.br
-#include <netinet/ip_fil.h>
-.SH IOCTLS
-.PP
-To add and delete rules to the filter list, three 'basic' ioctls are provided
-for use. The ioctl's are called as:
-.LP
-.nf
- ioctl(fd, SIOCADDFR, struct frentry *)
- ioctl(fd, SIOCDELFR, struct frentry *)
- ioctl(fd, SIOCIPFFL, int *)
-.fi
-.PP
-However, the full complement is as follows:
-.LP
-.nf
- ioctl(fd, SIOCADAFR, struct frentry *) (same as SUICADDFR)
- ioctl(fd, SIOCRMAFR, struct frentry *) (same as SUICDELFR)
- ioctl(fd, SIOCADIFR, struct frentry *)
- ioctl(fd, SIOCRMIFR, struct frentry *)
- ioctl(fd, SIOCINAFR, struct frentry *)
- ioctl(fd, SIOCINIFR, struct frentry *)
- ioctl(fd, SIOCIPFFL, int *)
-.fi
-.PP
-The variations, SIOCADAFR vs. SIOCADIFR, allow operation on the two lists,
-active and inactive, respectively. All of these ioctl's are implemented
-as being routing ioctls and thus the same rules for the various routing
-ioctls and the file descriptor are employed, mainly being that the fd must
-be that of the device associated with the module (i.e., /dev/ipl).
-.LP
-.PP
-The three groups of ioctls above perform adding rules to the end of the
-list (SIOCAD*), deletion of rules from any place in the list (SIOCRM*)
-and insertion of a rule into the list (SIOCIN*). The rule place into
-which it is inserted is stored in the "fr_hits" field, below.
-.LP
-.nf
-typedef struct frentry {
- struct frentry *fr_next;
- u_short fr_group; /* group to which this rule belongs */
- u_short fr_head; /* group # which this rule starts */
- struct frentry *fr_grp;
- int fr_ref; /* reference count - for grouping */
- struct ifnet *fr_ifa;
- /*
- * These are only incremented when a packet matches this rule and
- * it is the last match
- */
- U_QUAD_T fr_hits;
- U_QUAD_T fr_bytes;
- /*
- * Fields after this may not change whilst in the kernel.
- */
- struct fr_ip fr_ip;
- struct fr_ip fr_mip;
-
- u_char fr_tcpfm; /* tcp flags mask */
- u_char fr_tcpf; /* tcp flags */
-
- u_short fr_icmpm; /* data for ICMP packets (mask) */
- u_short fr_icmp;
-
- u_char fr_scmp; /* data for port comparisons */
- u_char fr_dcmp;
- u_short fr_dport;
- u_short fr_sport;
- u_short fr_stop; /* top port for <> and >< */
- u_short fr_dtop; /* top port for <> and >< */
- u_long fr_flags; /* per-rule flags && options (see below) */
- int fr_skip; /* # of rules to skip */
- int (*fr_func)(); /* call this function */
- char fr_icode; /* return ICMP code */
- char fr_ifname[IFNAMSIZ];
- struct frdest fr_tif; /* "to" interface */
- struct frdest fr_dif; /* duplicate packet interfaces */
-} frentry_t;
-.fi
-.PP
-When adding a new rule, all unused fields (in the filter rule) should be
-initialised to be zero. To insert a rule, at a particular position in the
-filter list, the number of the rule which it is to be inserted before must
-be put in the "fr_hits" field (the first rule is number 0).
-.LP
-.PP
-Flags which are recognised in fr_pass:
-.nf
-
- FR_BLOCK 0x000001 /* do not allow packet to pass */
- FR_PASS 0x000002 /* allow packet to pass */
- FR_OUTQUE 0x000004 /* outgoing packets */
- FR_INQUE 0x000008 /* ingoing packets */
- FR_LOG 0x000010 /* Log */
- FR_LOGP 0x000011 /* Log-pass */
- FR_LOGB 0x000012 /* Log-fail */
- FR_LOGBODY 0x000020 /* log the body of packets too */
- FR_LOGFIRST 0x000040 /* log only the first packet to match */
- FR_RETRST 0x000080 /* return a TCP RST packet if blocked */
- FR__RETICMP 0x000100 /* return an ICMP packet if blocked */
- FR_NOMATCH 0x000200 /* no match occured */
- FR_ACCOUNT 0x000400 /* count packet bytes */
- FR_KEEPFRAG 0x000800 /* keep fragment information */
- FR_KEEPSTATE 0x001000 /* keep `connection' state information */
- FR_INACTIVE 0x002000
- FR_QUICK 0x004000 /* match & stop processing list */
- FR_FASTROUTE 0x008000 /* bypass normal routing */
- FR_CALLNOW 0x010000 /* call another function (fr_func) if matches */
- FR_DUP 0x020000 /* duplicate the packet */
- FR_LOGORBLOCK 0x040000 /* block the packet if it can't be logged */
- FR_NOTSRCIP 0x080000 /* not the src IP# */
- FR_NOTDSTIP 0x100000 /* not the dst IP# */
- FR_AUTH 0x200000 /* use authentication */
- FR_PREAUTH 0x400000 /* require preauthentication */
-
-.fi
-.PP
-Values for fr_scomp and fr_dcomp (source and destination port value
-comparisons) :
-.LP
-.nf
- FR_NONE 0
- FR_EQUAL 1
- FR_NEQUAL 2
- FR_LESST 3
- FR_GREATERT 4
- FR_LESSTE 5
- FR_GREATERTE 6
- FR_OUTRANGE 7
- FR_INRANGE 8
-.fi
-.PP
-The third ioctl, SIOCIPFFL, flushes either the input filter list, the
-output filter list or both and it returns the number of filters removed
-from the list(s). The values which it will take and recognise are FR_INQUE
-and FR_OUTQUE (see above).
-
-\fBGeneral Logging Flags\fP
-There are two flags which can be set to log packets independantly of the
-rules used. These allow for packets which are either passed or blocked
-to be logged. To set (and clear)/get these flags, two ioctls are
-provided:
-.IP SIOCSETFF 16
-Takes an unsigned integer as the parameter. The flags are then set to
-those provided (clearing/setting all in one).
-.nf
-
- FF_LOGPASS 0x10000000
- FF_LOGBLOCK 0x20000000
- FF_LOGNOMATCH 0x40000000
- FF_BLOCKNONIP 0x80000000 /* Solaris 2.x only */
-.fi
-.IP SIOCGETFF 16
-Takes a pointer to an unsigned integer as the parameter. A copy of the
-flags currently in used is copied to user space.
-.LP
-\fBFilter statistics\fP
-Statistics on the various operations performed by this package on packets
-is kept inside the kernel. These statistics apply to packets traversing
-through the kernel. To retrieve this structure, use this ioctl:
-.nf
-
- ioctl(fd, SIOCGETFS, struct friostat *)
-
-struct friostat {
- struct filterstats f_st[2];
- struct frentry *f_fin[2];
- struct frentry *f_fout[2];
- struct frentry *f_acctin[2];
- struct frentry *f_acctout[2];
- struct frentry *f_auth;
- int f_active;
-};
-
-struct filterstats {
- u_long fr_pass; /* packets allowed */
- u_long fr_block; /* packets denied */
- u_long fr_nom; /* packets which don't match any rule */
- u_long fr_ppkl; /* packets allowed and logged */
- u_long fr_bpkl; /* packets denied and logged */
- u_long fr_npkl; /* packets unmatched and logged */
- u_long fr_pkl; /* packets logged */
- u_long fr_skip; /* packets to be logged but buffer full */
- u_long fr_ret; /* packets for which a return is sent */
- u_long fr_acct; /* packets for which counting was performed */
- u_long fr_bnfr; /* bad attempts to allocate fragment state */
- u_long fr_nfr; /* new fragment state kept */
- u_long fr_cfr; /* add new fragment state but complete pkt */
- u_long fr_bads; /* bad attempts to allocate packet state */
- u_long fr_ads; /* new packet state kept */
- u_long fr_chit; /* cached hit */
- u_long fr_pull[2]; /* good and bad pullup attempts */
-#if SOLARIS
- u_long fr_bad; /* bad IP packets to the filter */
- u_long fr_notip; /* packets passed through no on ip queue */
- u_long fr_drop; /* packets dropped - no info for them! */
-#endif
-};
-.fi
-.SH FILES
-/dev/ipauth
-.br
-/dev/ipl
-.br
-/dev/ipnat
-.br
-/dev/ipstate
-.SH SEE ALSO
-ipl(4), ipnat(4), ipf(5), ipf(8), ipfstat(8)
diff -r f8b3c357744f -r 6552423dc708 usr.sbin/ipf/ipf/ipf.5
--- a/usr.sbin/ipf/ipf/ipf.5 Mon Dec 20 21:08:10 1999 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,494 +0,0 @@
-.\" $NetBSD: ipf.5,v 1.6 1998/11/22 15:21:54 mrg Exp $
-.\"
-.TH IPF 5
-.SH NAME
-ipf, ipf.conf \- IP packet filter rule syntax
-.SH DESCRIPTION
-.PP
-A rule file for \fBipf\fP may have any name or even be stdin. As
-\fBipfstat\fP produces parseable rules as output when displaying the internal
-kernel filter lists, it is quite plausible to use its output to feed back
-into \fBipf\fP. Thus, to remove all filters on input packets, the following
-could be done:
-.nf
-
-\fC# ipfstat \-i | ipf \-rf \-\fP
-.fi
-.SH GRAMMAR
-.PP
-The format used by \fBipf\fP for construction of filtering rules can be
-described using the following grammar in BNF:
-\fC
-.nf
-filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
- [ proto ] [ ip ] [ group ].
-
-insert = "@" decnumber .
-action = block | "pass" | log | "count" | skip | auth | call .
-in-out = "in" | "out" .
-options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] .
-tos = "tos" decnumber | "tos" hexnumber .
-ttl = "ttl" decnumber .
-proto = "proto" protocol .
-ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
-group = [ "head" decnumber ] [ "group" decnumber ] .
-
Home |
Main Index |
Thread Index |
Old Index