Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf Import IPFilter 3.4.27
details: https://anonhg.NetBSD.org/src/rev/8888ce0f6a36
branches: trunk
changeset: 526350:8888ce0f6a36
user: martti <martti%NetBSD.org@localhost>
date: Thu May 02 16:51:52 2002 +0000
description:
Import IPFilter 3.4.27
diffstat:
dist/ipf/BSDOS3/OBJS/in_proto.o | Bin
dist/ipf/BSDOS3/OBJS/ioconf.o | Bin
dist/ipf/BSDOS3/OBJS/ip_input.o | Bin
dist/ipf/BSDOS3/OBJS/ip_output.o | Bin
dist/ipf/BSDOS4/OBJS/ip_input.o | Bin
dist/ipf/BSDOS4/OBJS/ip_output.o | Bin
dist/ipf/OpenBSD/3.1-rc-diffs | 83 +++
dist/ipf/OpenBSD/3.1-sys-diffs | 915 +++++++++++++++++++++++++++++++++++++++
dist/ipf/OpenBSD/makedevs-3.1 | 72 +++
dist/ipf/l4check/l4check.c | 7 +-
dist/ipf/test/expected/f11 | 47 ++
dist/ipf/test/expected/f17 | 10 +
dist/ipf/test/expected/in1 | 24 +
dist/ipf/test/expected/in2 | 22 +
dist/ipf/test/expected/in3 | 5 +
dist/ipf/test/expected/in4 | 5 +
dist/ipf/test/expected/ipv6.1 | 5 +
dist/ipf/test/expected/ipv6.2 | 17 +
dist/ipf/test/expected/l1 | 72 +-
dist/ipf/test/expected/l1.b | 72 +-
dist/ipf/test/expected/ni1 | 4 +-
dist/ipf/test/expected/ni2 | 18 +-
dist/ipf/test/expected/ni4 | 4 +
dist/ipf/test/expected/ni5 | 47 ++
dist/ipf/test/input/f11 | 5 +
dist/ipf/test/input/f17 | 61 ++
dist/ipf/test/input/ipv6.2 | 28 +
dist/ipf/test/input/ni2 | 16 +-
dist/ipf/test/input/ni4 | 10 +
dist/ipf/test/input/ni5 | 276 +++++++++++
dist/ipf/test/intest | 21 +
dist/ipf/test/logtest | 8 +-
dist/ipf/test/mhtest | 36 +
dist/ipf/test/regress/f11 | 1 +
dist/ipf/test/regress/f17 | 4 +
dist/ipf/test/regress/in1 | 24 +
dist/ipf/test/regress/in2 | 22 +
dist/ipf/test/regress/in3 | 5 +
dist/ipf/test/regress/in4 | 5 +
dist/ipf/test/regress/ipv6.2 | 5 +
dist/ipf/test/regress/ni4.ipf | 4 +
dist/ipf/test/regress/ni4.nat | 1 +
dist/ipf/test/regress/ni5.ipf | 3 +
dist/ipf/test/regress/ni5.nat | 1 +
44 files changed, 1867 insertions(+), 98 deletions(-)
diffs (truncated from 2288 to 300 lines):
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/BSDOS3/OBJS/in_proto.o
Binary file dist/ipf/BSDOS3/OBJS/in_proto.o has changed
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/BSDOS3/OBJS/ioconf.o
Binary file dist/ipf/BSDOS3/OBJS/ioconf.o has changed
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/BSDOS3/OBJS/ip_input.o
Binary file dist/ipf/BSDOS3/OBJS/ip_input.o has changed
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/BSDOS3/OBJS/ip_output.o
Binary file dist/ipf/BSDOS3/OBJS/ip_output.o has changed
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/BSDOS4/OBJS/ip_input.o
Binary file dist/ipf/BSDOS4/OBJS/ip_input.o has changed
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/BSDOS4/OBJS/ip_output.o
Binary file dist/ipf/BSDOS4/OBJS/ip_output.o has changed
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/OpenBSD/3.1-rc-diffs
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/OpenBSD/3.1-rc-diffs Thu May 02 16:51:52 2002 +0000
@@ -0,0 +1,83 @@
+diff -d -c -r tmp/etc/netstart etc/netstart
+*** tmp/etc/netstart Sun Apr 21 22:16:44 2002
+--- etc/netstart Thu Apr 25 04:33:59 2002
+***************
+*** 181,186 ****
+--- 181,196 ----
+ domainname `cat /etc/defaultdomain`
+ fi
+
++ # Configure the IP filter before configuring network interfaces
++ if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
++ echo 'configuring IP filter'
++ ipf -Fa -f ${ipfilter_rules}
++ ipfresync="ipf -y"
++ else
++ ipfilter=NO
++ ipfresync=NO
++ fi
++
+ # Set the address for the loopback interface.
+ # It will also initialize IPv6 address for lo0 (::1 and others).
+ ifconfig lo0 inet localhost
+***************
+*** 333,335 ****
+--- 343,358 ----
+
+ bridgestart $if
+ done
++
++ # Configure NAT after configuring network interfaces
++ if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then
++ echo 'configuring NAT'
++ ipnat -CF -f ${ipnat_rules}
++ else
++ ipnat=NO
++ fi
++
++ # Interfaces have come up so we should do an ipf -y if we're using IP filter.
++ if [ "${ipfresync}" != "NO" ]; then
++ ${ipfresync}
++ fi
+diff -d -c -r tmp/etc/rc etc/rc
+*** tmp/etc/rc Sun Apr 21 22:16:44 2002
+--- etc/rc Thu Apr 25 04:34:44 2002
+***************
+*** 215,220 ****
+--- 215,224 ----
+ echo 'starting named'; named $named_flags
+ fi
+
++ if [ X"${ipfilter}" = X"YES" -a X"${ipmon_flags}" != X"NO" ]; then
++ echo 'starting ipmon'; ipmon ${ipmon_flags}
++ fi
++
+ # $photurisd_flags is imported from /etc/rc.conf;
+ # If $photurisd_flags == NO or /etc/photuris/photuris.conf doesn't exist, then
+ # photurisd isn't run.
+diff -d -c -r tmp/etc/rc.conf etc/rc.conf
+*** tmp/etc/rc.conf Sun Apr 21 22:16:44 2002
+--- etc/rc.conf Thu Apr 25 04:35:43 2002
+***************
+*** 53,58 ****
+--- 53,60 ----
+ lockd=NO
+ gated=NO
+ amd=NO
++ ipfilter=NO # To enable ipfilter, set to YES
++ ipnat=NO # for "YES", ipfilter must also be "YES"
+ pf=NO # Packet filter / NAT
+ portmap=YES # almost always needed
+ inetd=YES # almost always needed
+***************
+*** 79,84 ****
+--- 81,89 ----
+ nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver
+ amd_dir=/tmp_mnt # AMD's mount directory
+ amd_master=/etc/amd/master # AMD 'master' map
++ ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering with IP Filter
++ ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation
++ ipmon_flags=-Ds # To disable logging, use ipmon_flags=NO
+ syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log"
+ named_user=named # Named should not run as root unless necessary
+ named_chroot=/var/named # Where to chroot named if not empty
diff -r c1df8e9d76b5 -r 8888ce0f6a36 dist/ipf/OpenBSD/3.1-sys-diffs
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/ipf/OpenBSD/3.1-sys-diffs Thu May 02 16:51:52 2002 +0000
@@ -0,0 +1,915 @@
+diff -d -c -r /tmp/sys/arch/alpha/alpha/conf.c sys/arch/alpha/alpha/conf.c
+*** /tmp/sys/arch/alpha/alpha/conf.c Tue Jan 22 21:21:03 2002
+--- sys/arch/alpha/alpha/conf.c Thu Apr 25 03:43:26 2002
+***************
+*** 113,118 ****
+--- 113,123 ----
+ #include "lpt.h"
+ cdev_decl(lpt);
+ cdev_decl(prom); /* XXX XXX XXX */
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
+ cdev_decl(wd);
+ cdev_decl(fd);
+ #include "cy.h"
+***************
+*** 191,197 ****
+ cdev_midi_init(NMIDI,midi), /* 41: MIDI I/O */
+ cdev_midi_init(NSEQUENCER,sequencer), /* 42: sequencer I/O */
+ cdev_disk_init(NRAID,raid), /* 43: RAIDframe disk driver */
+! cdev_notdef(), /* 44 */
+ cdev_usb_init(NUSB,usb), /* 45: USB controller */
+ cdev_usbdev_init(NUHID,uhid), /* 46: USB generic HID */
+ cdev_lpt_init(NULPT,ulpt), /* 47: USB printer */
+--- 196,202 ----
+ cdev_midi_init(NMIDI,midi), /* 41: MIDI I/O */
+ cdev_midi_init(NSEQUENCER,sequencer), /* 42: sequencer I/O */
+ cdev_disk_init(NRAID,raid), /* 43: RAIDframe disk driver */
+! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter log */
+ cdev_usb_init(NUSB,usb), /* 45: USB controller */
+ cdev_usbdev_init(NUHID,uhid), /* 46: USB generic HID */
+ cdev_lpt_init(NULPT,ulpt), /* 47: USB printer */
+diff -d -c -r /tmp/sys/arch/amiga/amiga/conf.c sys/arch/amiga/amiga/conf.c
+*** /tmp/sys/arch/amiga/amiga/conf.c Wed Mar 13 17:26:28 2002
+--- sys/arch/amiga/amiga/conf.c Thu Apr 25 03:44:01 2002
+***************
+*** 158,164 ****
+ cdev_random_init(1,random), /* 35: random data source */
+ cdev_uk_init(NUK,uk), /* 36: unknown SCSI */
+ cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */
+! cdev_notdef(), /* 38 */
+ cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */
+ cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */
+ cdev_disk_init(NRD,rd), /* 41: RAM disk */
+--- 158,164 ----
+ cdev_random_init(1,random), /* 35: random data source */
+ cdev_uk_init(NUK,uk), /* 36: unknown SCSI */
+ cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */
+! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */
+ cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */
+ cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */
+ cdev_disk_init(NRD,rd), /* 41: RAM disk */
+diff -d -c -r /tmp/sys/arch/hp300/hp300/conf.c sys/arch/hp300/hp300/conf.c
+*** /tmp/sys/arch/hp300/hp300/conf.c Tue Dec 11 15:19:02 2001
+--- sys/arch/hp300/hp300/conf.c Thu Apr 25 03:45:58 2002
+***************
+*** 127,132 ****
+--- 127,138 ----
+ cdev_decl(xfs_dev);
+ #endif
+
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ #include "pf.h"
+
+ #include <altq/altqconf.h>
+***************
+*** 170,176 ****
+ cdev_disk_init(NRD,rd), /* 34: RAM disk */
+ cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */
+ cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */
+! cdev_notdef(), /* 37 */
+ cdev_notdef(), /* 38 */
+ cdev_notdef(), /* 39 */
+ cdev_notdef(), /* 40 */
+--- 176,182 ----
+ cdev_disk_init(NRD,rd), /* 34: RAM disk */
+ cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */
+ cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */
+! cdev_pf_init(NIPF,ipl), /* 37: packet filter */
+ cdev_notdef(), /* 38 */
+ cdev_notdef(), /* 39 */
+ cdev_notdef(), /* 40 */
+diff -d -c -r /tmp/sys/arch/hppa/hppa/conf.c sys/arch/hppa/hppa/conf.c
+*** /tmp/sys/arch/hppa/hppa/conf.c Fri Mar 15 16:34:56 2002
+--- sys/arch/hppa/hppa/conf.c Thu Apr 25 03:48:20 2002
+***************
+*** 110,115 ****
+--- 110,121 ----
+ #include "com.h"
+ cdev_decl(com);
+
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ #include "pf.h"
+
+ #include <altq/altqconf.h>
+***************
+*** 155,160 ****
+--- 161,167 ----
+ cdev_notdef(), /* 32 */
+ #endif
+ cdev_altq_init(NALTQ,altq), /* 33: ALTQ control interface */
++ cdev_gen_ipf(NIPF,ipl), /* 34: ip filtering */
+ cdev_lkm_dummy(),
+ cdev_lkm_dummy(),
+ cdev_lkm_dummy(),
+diff -d -c -r /tmp/sys/arch/i386/i386/conf.c sys/arch/i386/i386/conf.c
+*** /tmp/sys/arch/i386/i386/conf.c Wed Mar 13 17:26:32 2002
+--- sys/arch/i386/i386/conf.c Thu Apr 25 03:50:28 2002
+***************
+*** 210,215 ****
+--- 210,221 ----
+ cdev_decl(cztty);
+ #include "radio.h"
+
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ /* XXX -- this needs to be supported by config(8)! */
+ #if (NCOM > 0) && (NPCCOM > 0)
+ #error com and pccom are mutually exclusive. Sorry.
+***************
+*** 337,342 ****
+--- 343,349 ----
+ cdev_iop_init(NIOP,iop), /* 75: I2O IOP control interface */
+ cdev_radio_init(NRADIO, radio), /* 76: generic radio I/O */
+ cdev_ugen_init(NUSCANNER,uscanner), /* 77: USB scanners */
++ cdev_gen_ipf(NIPF,ipl), /* 78: ip filtering */
+ };
+ int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]);
+
+diff -d -c -r /tmp/sys/arch/mac68k/mac68k/conf.c sys/arch/mac68k/mac68k/conf.c
+*** /tmp/sys/arch/mac68k/mac68k/conf.c Tue Dec 11 15:19:02 2001
+--- sys/arch/mac68k/mac68k/conf.c Thu Apr 25 03:51:20 2002
+***************
+*** 109,114 ****
+--- 109,120 ----
+ cdev_decl(xfs_dev);
+ #endif
+
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ #include "pf.h"
+
+ #include <altq/altqconf.h>
+***************
+*** 153,159 ****
+ cdev_pf_init(NPF,pf), /* 35: packet filter */
+ cdev_audio_init(NASC,asc), /* 36: ASC audio device */
+ cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */
+! cdev_notdef(), /* 38 */
+ cdev_notdef(), /* 39 */
+ cdev_notdef(), /* 40 */
+ cdev_notdef(), /* 41 */
+--- 159,165 ----
+ cdev_pf_init(NPF,pf), /* 35: packet filter */
+ cdev_audio_init(NASC,asc), /* 36: ASC audio device */
+ cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */
+! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */
+ cdev_notdef(), /* 39 */
+ cdev_notdef(), /* 40 */
+ cdev_notdef(), /* 41 */
+diff -d -c -r /tmp/sys/arch/macppc/macppc/conf.c sys/arch/macppc/macppc/conf.c
+*** /tmp/sys/arch/macppc/macppc/conf.c Wed Dec 12 11:19:17 2001
+--- sys/arch/macppc/macppc/conf.c Thu Apr 25 03:52:12 2002
+***************
+*** 105,110 ****
+--- 105,116 ----
+
+ #include "tun.h"
+
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++
+ #ifdef XFS
+ #include <xfs/nxfs.h>
Home |
Main Index |
Thread Index |
Old Index