Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ipf This file is not needed
details: https://anonhg.NetBSD.org/src/rev/401b7db230b0
branches: trunk
changeset: 521147:401b7db230b0
user: martti <martti%NetBSD.org@localhost>
date: Thu Jan 24 08:25:37 2002 +0000
description:
This file is not needed
diffstat:
dist/ipf/ip_lfil.c | 987 -----------------------------------------------------
dist/ipf/ip_sfil.c | 922 -------------------------------------------------
2 files changed, 0 insertions(+), 1909 deletions(-)
diffs (truncated from 1917 to 300 lines):
diff -r 388a23753055 -r 401b7db230b0 dist/ipf/ip_lfil.c
--- a/dist/ipf/ip_lfil.c Thu Jan 24 08:25:21 2002 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,987 +0,0 @@
-/* $NetBSD: ip_lfil.c,v 1.4 2002/01/24 08:21:32 martti Exp $ */
-
-/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-#if !defined(lint)
-static const char rcsid[] = "@(#)Id: ip_lfil.c,v 2.6.2.3 2001/09/30 14:09:29 darrenr Exp";
-#endif
-
-#if defined(KERNEL) && !defined(_KERNEL)
-# define _KERNEL
-#endif
-#include <sys/errno.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/file.h>
-#include <sys/ioctl.h>
-#include <sys/time.h>
-#include <sys/uio.h>
-#include <sys/dir.h>
-#include <sys/socket.h>
-#ifndef _KERNEL
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-# include <ctype.h>
-#else
-# include <linux/module.h>
-#endif
-
-#include <net/if.h>
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/ip_icmp.h>
-#ifndef _KERNEL
-# include <syslog.h>
-#endif
-#include "netinet/ip_compat.h"
-#include <netinet/tcpip.h>
-#include "netinet/ip_fil.h"
-#include "netinet/ip_nat.h"
-#include "netinet/ip_proxy.h"
-#include "netinet/ip_frag.h"
-#include "netinet/ip_state.h"
-#include "netinet/ip_auth.h"
-#ifdef _KERNEL
-#include <net/ip_forward.h>
-#endif
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
-
-#ifndef _KERNEL
-# include "ipt.h"
-static struct ifnet **ifneta = NULL;
-static int nifs = 0;
-#endif
-
-int fr_running = 0;
-int ipl_unreach = ICMP_UNREACH_FILTER;
-u_long ipl_frouteok[2] = {0, 0};
-
-static int frzerostats __P((caddr_t));
-static void frsync __P((void));
-#if defined(__NetBSD__) || defined(__OpenBSD__)
-static int frrequest __P((int, u_long, caddr_t, int));
-#else
-static int frrequest __P((int, u_long, caddr_t, int));
-#endif
-#ifdef _KERNEL
-static int (*fr_savep) __P((ip_t *, int, void *, int, mb_t **));
-#else
-int ipllog __P((void));
-void init_ifp __P((void));
-static int no_output __P((mb_t *, struct ifnet *));
-static int write_output __P((mb_t *, struct ifnet *));
-#endif
-
-#ifdef _KERNEL
-
-int fr_precheck(struct iphdr *ip, struct device *dev, int out, struct device **ifp)
-{
- int hlen = ip->ihl << 2;
-
- return fr_check((ip_t *)ip, hlen, dev, out, (mb_t **)ifp);
-}
-
-
-int iplattach()
-{
- char *defpass;
- int s;
-
- if (fr_running || (fr_checkp == fr_precheck)) {
- printk("IP Filter: already initialized\n");
- return EBUSY;
- }
-
- fr_running = 1;
- bzero((char *)frcache, sizeof(frcache));
- bzero((char *)nat_table, sizeof(nat_table));
- fr_savep = fr_checkp;
- fr_checkp = fr_precheck;
-
-# ifdef IPFILTER_LOG
- ipflog_init();
-# endif
- if (fr_pass & FR_PASS)
- defpass = "pass";
- else if (fr_pass & FR_BLOCK)
- defpass = "block";
- else
- defpass = "no-match -> block";
-
- printk("IP Filter: initialized. Default = %s all, Logging = %s\n",
- defpass,
-# ifdef IPFILTER_LOG
- "enabled");
-# else
- "disabled");
-# endif
- return 0;
-}
-
-
-/*
- * Disable the filter by removing the hooks from the IP input/output
- * stream.
- */
-int ipldetach()
-{
- int s, i = FR_INQUE|FR_OUTQUE;
-
- if (!fr_running)
- {
- printk("IP Filter: not initialized\n");
- return 0;
- }
-
- fr_checkp = fr_savep;
- i = frflush(IPL_LOGIPF, i);
- fr_running = 0;
-
- ipfr_unload();
- ip_natunload();
- fr_stateunload();
- fr_authunload();
-
- printk("IP Filter: unloaded\n");
-
- return 0;
-}
-#endif /* _KERNEL */
-
-
-static int frzerostats(data)
-caddr_t data;
-{
- struct friostat fio;
- int error;
-
- bcopy((char *)frstats, (char *)fio.f_st,
- sizeof(struct filterstats) * 2);
- fio.f_fin[0] = ipfilter[0][0];
- fio.f_fin[1] = ipfilter[0][1];
- fio.f_fout[0] = ipfilter[1][0];
- fio.f_fout[1] = ipfilter[1][1];
- fio.f_acctin[0] = ipacct[0][0];
- fio.f_acctin[1] = ipacct[0][1];
- fio.f_acctout[0] = ipacct[1][0];
- fio.f_acctout[1] = ipacct[1][1];
- fio.f_active = fr_active;
- fio.f_froute[0] = ipl_frouteok[0];
- fio.f_froute[1] = ipl_frouteok[1];
- error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
- if (!error)
- bzero((char *)frstats, sizeof(*frstats) * 2);
- return error;
-}
-
-
-/*
- * Filter ioctl interface.
- */
-#if defined(_KERNEL)
-int iplioctl(struct inode *inode, struct file *file, u_int cmd, u_long arg)
-{
- int s;
- caddr_t data = (caddr_t)arg;
-
- int mode = file->f_mode;
-#else
-int iplioctl(dev_t dev, int cmd, caddr_t data, int mode)
-{
-#endif
- int error = 0, unit = 0, tmp;
-
-#ifdef _KERNEL
- unit = GET_MINOR(inode->i_rdev);
- if ((IPL_LOGMAX < unit) || (unit < 0))
- return ENXIO;
-#endif
-
- if (unit == IPL_LOGNAT) {
- error = nat_ioctl(data, cmd, mode);
- return error;
- }
- if (unit == IPL_LOGSTATE) {
- error = fr_state_ioctl(data, cmd, mode);
- return error;
- }
-
- switch (cmd) {
- case FIONREAD :
-#ifdef IPFILTER_LOG
- error = IWCOPY((caddr_t)&iplused[IPL_LOGIPF], data,
- sizeof(iplused[IPL_LOGIPF]));
-#endif
- break;
-#if !defined(IPFILTER_LKM) && defined(_KERNEL)
- case SIOCFRENB :
- {
- u_int enable;
-
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- error = IRCOPY(data, (caddr_t)&enable, sizeof(enable));
- if (error)
- break;
- if (enable)
- error = iplattach();
- else
- error = ipldetach();
- }
- break;
- }
-#endif
- case SIOCSETFF :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = IRCOPY(data, (caddr_t)&fr_flags,
- sizeof(fr_flags));
- break;
- case SIOCGETFF :
- error = IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags));
- break;
- case SIOCINAFR :
- case SIOCRMAFR :
- case SIOCADAFR :
- case SIOCZRLST :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = frrequest(unit, cmd, data, fr_active);
- break;
- case SIOCINIFR :
- case SIOCRMIFR :
- case SIOCADIFR :
- if (!(mode & FWRITE))
- error = EPERM;
- else
- error = frrequest(unit, cmd, data, 1 - fr_active);
- break;
- case SIOCSWAPA :
- if (!(mode & FWRITE))
- error = EPERM;
- else {
- bzero((char *)frcache, sizeof(frcache[0]) * 2);
- *(u_int *)data = fr_active;
- fr_active = 1 - fr_active;
- }
- break;
- case SIOCGETFS :
- {
- struct friostat fio;
-
- bcopy((char *)frstats, (char *)fio.f_st,
- sizeof(struct filterstats) * 2);
- fio.f_fin[0] = ipfilter[0][0];
- fio.f_fin[1] = ipfilter[0][1];
- fio.f_fout[0] = ipfilter[1][0];
- fio.f_fout[1] = ipfilter[1][1];
- fio.f_acctin[0] = ipacct[0][0];
- fio.f_acctin[1] = ipacct[0][1];
- fio.f_acctout[0] = ipacct[1][0];
- fio.f_acctout[1] = ipacct[1][1];
- fio.f_auth = ipauth;
Home |
Main Index |
Thread Index |
Old Index