head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.44 perseant-exfatfs-base:1.2 cjep_sun2x:1.2.0.42 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.40 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 pgoyette-compat-0728:1.2 pgoyette-compat-0625:1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 pgoyette-compat:1.2.0.38 pgoyette-compat-base:1.2 prg-localcount2-base3:1.2 prg-localcount2-base2:1.2 prg-localcount2-base1:1.2 prg-localcount2:1.2.0.36 prg-localcount2-base:1.2 pgoyette-localcount-20170426:1.2 bouyer-socketcan-base1:1.2 pgoyette-localcount-20170320:1.2 bouyer-socketcan:1.2.0.34 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 pgoyette-localcount-20161104:1.2 localcount-20160914:1.2 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.32 pgoyette-localcount-base:1.2 netbsd-5-2-3-RELEASE:1.2 netbsd-5-1-5-RELEASE:1.2 yamt-pagecache-base9:1.2 yamt-pagecache-tag8:1.2 tls-earlyentropy:1.2.0.28 tls-earlyentropy-base:1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2 riastradh-drm2-base3:1.2 netbsd-5-2-2-RELEASE:1.2 netbsd-5-1-4-RELEASE:1.2 netbsd-5-2-1-RELEASE:1.2 netbsd-5-1-3-RELEASE:1.2 agc-symver:1.2.0.30 agc-symver-base:1.2 tls-maxphys-base:1.2 yamt-pagecache-base8:1.2 netbsd-5-2:1.2.0.26 yamt-pagecache-base7:1.2 netbsd-5-2-RELEASE:1.2 netbsd-5-2-RC1:1.2 yamt-pagecache-base6:1.2 yamt-pagecache-base5:1.2 yamt-pagecache-base4:1.2 netbsd-5-1-2-RELEASE:1.2 netbsd-5-1-1-RELEASE:1.2 yamt-pagecache-base3:1.2 yamt-pagecache-base2:1.2 yamt-pagecache:1.2.0.24 yamt-pagecache-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.22 bouyer-quota2-base:1.2 matt-nb5-pq3:1.2.0.20 matt-nb5-pq3-base:1.2 netbsd-5-1:1.2.0.18 netbsd-5-1-RELEASE:1.2 netbsd-5-1-RC4:1.2 netbsd-5-1-RC3:1.2 netbsd-5-1-RC2:1.2 netbsd-5-1-RC1:1.2 netbsd-5-0-2-RELEASE:1.2 netbsd-5-0-1-RELEASE:1.2 jym-xensuspend-nbase:1.2 netbsd-5-0:1.2.0.16 netbsd-5-0-RELEASE:1.2 netbsd-5-0-RC4:1.2 netbsd-5-0-RC3:1.2 netbsd-5-0-RC2:1.2 jym-xensuspend:1.2.0.14 jym-xensuspend-base:1.2 netbsd-5-0-RC1:1.2 netbsd-5:1.2.0.12 netbsd-5-base:1.2 mjf-devfs2:1.2.0.10 mjf-devfs2-base:1.2 yamt-pf42-base4:1.2 yamt-pf42-base3:1.2 hpcarm-cleanup-nbase:1.2 v4-1-29:1.1.1.3 yamt-pf42-base2:1.2 yamt-pf42:1.2.0.8 yamt-pf42-base:1.2 keiichi-mipv6:1.2.0.6 keiichi-mipv6-base:1.2 cube-autoconf:1.2.0.4 cube-autoconf-base:1.2 hpcarm-cleanup:1.2.0.2 hpcarm-cleanup-base:1.2 v4-1-23:1.1.1.3 v4-1-22:1.1.1.3 v4-1-20:1.1.1.3 v4-1-19:1.1.1.3 v4-1-13:1.1.1.3 v4-1-8:1.1.1.3 v4-1-6:1.1.1.3 v4-1-5:1.1.1.3 v4-1-3:1.1.1.2 v4-1-1:1.1.1.2 v3-4-29:1.1.1.1 DARRENR:1.1.1; locks; strict; comment @# @; 1.2 date 2002.09.19.08.22.06; author martti; state dead; branches; next 1.1; 1.1 date 2002.09.19.07.56.27; author martti; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2002.09.19.07.56.27; author martti; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2004.03.28.08.56.04; author martti; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2005.02.08.06.53.10; author martti; state Exp; branches; next ; desc @@ 1.2 log @We don't need this file @ text @diff -cr sys.30/arch/alpha/alpha/conf.c sys/arch/alpha/alpha/conf.c *** sys.30/arch/alpha/alpha/conf.c Fri Sep 28 13:33:39 2001 --- sys/arch/alpha/alpha/conf.c Fri Dec 28 12:42:32 2001 *************** *** 104,109 **** --- 104,114 ---- #include "lpt.h" cdev_decl(lpt); cdev_decl(prom); /* XXX XXX XXX */ + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif cdev_decl(wd); #include "cy.h" cdev_decl(cy); *************** *** 174,180 **** cdev_random_init(1,random), /* 34: random data source */ cdev_pf_init(NPF, pf), /* 35: packet filter */ cdev_disk_init(NWD,wd), /* 36: ST506/ESDI/IDE disk */ ! cdev_notdef(), /* 37 */ cdev_tty_init(NCY,cy), /* 38: Cyclom serial port */ cdev_ksyms_init(NKSYMS,ksyms), /* 39: Kernel symbols device */ cdev_notdef(), /* 40 */ --- 179,185 ---- cdev_random_init(1,random), /* 34: random data source */ cdev_pf_init(NPF, pf), /* 35: packet filter */ cdev_disk_init(NWD,wd), /* 36: ST506/ESDI/IDE disk */ ! cdev_gen_ipf(NIPF,ipl), /* 37: IP filter log */ cdev_tty_init(NCY,cy), /* 38: Cyclom serial port */ cdev_ksyms_init(NKSYMS,ksyms), /* 39: Kernel symbols device */ cdev_notdef(), /* 40 */ diff -cr sys.30/arch/amiga/amiga/conf.c sys/arch/amiga/amiga/conf.c *** sys.30/arch/amiga/amiga/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/amiga/amiga/conf.c Fri Dec 28 12:45:04 2001 *************** *** 160,166 **** cdev_random_init(1,random), /* 35: random data source */ cdev_uk_init(NUK,uk), /* 36: unknown SCSI */ cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */ ! cdev_notdef(), /* 38 */ cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */ cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */ cdev_disk_init(NRD,rd), /* 41: RAM disk */ --- 160,166 ---- cdev_random_init(1,random), /* 35: random data source */ cdev_uk_init(NUK,uk), /* 36: unknown SCSI */ cdev_disk_init(NWD,wd), /* 37: ST506/ESDI/IDE disk */ ! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */ cdev_audio_init(NAUDIO,audio), /* 39: cc audio interface */ cdev_ch_init(NCH,ch), /* 40: SCSI autochanger */ cdev_disk_init(NRD,rd), /* 41: RAM disk */ diff -cr sys.30/arch/hp300/hp300/conf.c sys/arch/hp300/hp300/conf.c *** sys.30/arch/hp300/hp300/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/hp300/hp300/conf.c Fri Dec 28 12:48:02 2001 *************** *** 150,155 **** --- 150,161 ---- cdev_decl(xfs_dev); #endif + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 174,181 **** cdev_tty_init(NDCM,dcm), /* 15: 4-port serial */ cdev_tape_init(NMT,mt), /* 16: magnetic reel tape */ cdev_disk_init(NCCD,ccd), /* 17: concatenated disk */ - cdev_notdef(), /* 18 */ cdev_disk_init(NVND,vnd), /* 19: vnode disk driver */ cdev_tape_init(NST,st), /* 20: SCSI tape */ cdev_fd_init(1,filedesc), /* 21: file descriptor pseudo-device */ cdev_bpftun_init(NBPFILTER,bpf),/* 22: Berkeley packet filter */ --- 180,187 ---- cdev_tty_init(NDCM,dcm), /* 15: 4-port serial */ cdev_tape_init(NMT,mt), /* 16: magnetic reel tape */ cdev_disk_init(NCCD,ccd), /* 17: concatenated disk */ cdev_disk_init(NVND,vnd), /* 19: vnode disk driver */ + cdev_notdef(), /* 18 */ cdev_tape_init(NST,st), /* 20: SCSI tape */ cdev_fd_init(1,filedesc), /* 21: file descriptor pseudo-device */ cdev_bpftun_init(NBPFILTER,bpf),/* 22: Berkeley packet filter */ *************** *** 193,199 **** cdev_disk_init(NRD,rd), /* 34: RAM disk */ cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */ cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */ ! cdev_notdef(), /* 37 */ cdev_notdef(), /* 38 */ cdev_notdef(), /* 39 */ cdev_notdef(), /* 40 */ --- 199,205 ---- cdev_disk_init(NRD,rd), /* 34: RAM disk */ cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */ cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */ ! cdev_pf_init(NIPF,ipl), /* 37: packet filter */ cdev_notdef(), /* 38 */ cdev_notdef(), /* 39 */ cdev_notdef(), /* 40 */ diff -cr sys.30/arch/hppa/hppa/conf.c sys/arch/hppa/hppa/conf.c *** sys.30/arch/hppa/hppa/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/hppa/hppa/conf.c Fri Dec 28 12:48:49 2001 *************** *** 113,118 **** --- 113,124 ---- #include "com.h" cdev_decl(com); + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 158,163 **** --- 164,170 ---- cdev_notdef(), /* 32 */ #endif cdev_altq_init(NALTQ,altq), /* 33: ALTQ control interface */ + cdev_gen_ipf(NIPF,ipl), /* 34: ip filtering */ cdev_lkm_dummy(), cdev_lkm_dummy(), cdev_lkm_dummy(), diff -cr sys.30/arch/i386/i386/conf.c sys/arch/i386/i386/conf.c *** sys.30/arch/i386/i386/conf.c Fri Oct 5 07:46:03 2001 --- sys/arch/i386/i386/conf.c Fri Dec 28 12:50:34 2001 *************** *** 221,226 **** --- 221,232 ---- #include "radio.h" cdev_decl(radio); + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + /* XXX -- this needs to be supported by config(8)! */ #if (NCOM > 0) && (NPCCOM > 0) #error com and pccom are mutually exclusive. Sorry. *************** *** 348,353 **** --- 354,360 ---- cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */ cdev_iop_init(NIOP,iop), /* 75: I2O IOP control interface */ cdev_radio_init(NRADIO, radio), /* 76: generic radio I/O */ + cdev_gen_ipf(NIPF,ipl), /* 77: ip filtering */ }; int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]); diff -cr sys.30/arch/mac68k/mac68k/conf.c sys/arch/mac68k/mac68k/conf.c *** sys.30/arch/mac68k/mac68k/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/mac68k/mac68k/conf.c Fri Dec 28 12:51:45 2001 *************** *** 117,122 **** --- 117,128 ---- cdev_decl(xfs_dev); #endif + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 161,167 **** cdev_pf_init(NPF,pf), /* 35: packet filter */ cdev_audio_init(NASC,asc), /* 36: ASC audio device */ cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */ ! cdev_notdef(), /* 38 */ cdev_notdef(), /* 39 */ cdev_notdef(), /* 40 */ cdev_notdef(), /* 41 */ --- 167,173 ---- cdev_pf_init(NPF,pf), /* 35: packet filter */ cdev_audio_init(NASC,asc), /* 36: ASC audio device */ cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */ ! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */ cdev_notdef(), /* 39 */ cdev_notdef(), /* 40 */ cdev_notdef(), /* 41 */ diff -cr sys.30/arch/macppc/macppc/conf.c sys/arch/macppc/macppc/conf.c *** sys.30/arch/macppc/macppc/conf.c Thu Oct 4 00:45:37 2001 --- sys/arch/macppc/macppc/conf.c Fri Dec 28 12:53:03 2001 *************** *** 105,110 **** --- 105,116 ---- #include "tun.h" + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #ifdef XFS #include cdev_decl(xfs_dev); *************** *** 195,201 **** cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */ ! cdev_notdef(), /* 45 */ cdev_notdef(), /* 46 */ cdev_notdef(), /* 47 */ cdev_notdef(), /* 48 */ --- 201,207 ---- cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */ ! cdev_gen_ipf(NIPF,ipl), /* 45: IP filter */ cdev_notdef(), /* 46 */ cdev_notdef(), /* 47 */ cdev_notdef(), /* 48 */ diff -cr sys.30/arch/mvme68k/mvme68k/conf.c sys/arch/mvme68k/mvme68k/conf.c *** sys.30/arch/mvme68k/mvme68k/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/mvme68k/mvme68k/conf.c Fri Dec 28 12:55:36 2001 *************** *** 176,181 **** --- 176,187 ---- #include "tun.h" + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 226,232 **** cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ ! cdev_lkm_dummy(), /* 44 */ cdev_lkm_dummy(), /* 45 */ cdev_lkm_dummy(), /* 46 */ cdev_lkm_dummy(), /* 47 */ --- 232,238 ---- cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ ! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */ cdev_lkm_dummy(), /* 45 */ cdev_lkm_dummy(), /* 46 */ cdev_lkm_dummy(), /* 47 */ diff -cr sys.30/arch/mvme88k/mvme88k/conf.c sys/arch/mvme88k/mvme88k/conf.c *** sys.30/arch/mvme88k/mvme88k/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/mvme88k/mvme88k/conf.c Fri Dec 28 12:56:20 2001 *************** *** 113,118 **** --- 113,124 ---- cdev_decl(lptwo); #endif /* notyet */ + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 199,205 **** cdev_lkm_dummy(), /* 38 */ cdev_pf_init(NPF,pf), /* 39: packet filter */ cdev_random_init(1,random), /* 40: random data source */ ! cdev_notdef(), /* 41 */ cdev_notdef(), /* 42 */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ cdev_notdef(), /* 44 */ --- 205,211 ---- cdev_lkm_dummy(), /* 38 */ cdev_pf_init(NPF,pf), /* 39: packet filter */ cdev_random_init(1,random), /* 40: random data source */ ! cdev_gen_ipf(NIPF,ipl), /* 41: IP filter */ cdev_notdef(), /* 42 */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ cdev_notdef(), /* 44 */ diff -cr sys.30/arch/mvmeppc/mvmeppc/conf.c sys/arch/mvmeppc/mvmeppc/conf.c *** sys.30/arch/mvmeppc/mvmeppc/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/mvmeppc/mvmeppc/conf.c Fri Dec 28 12:57:20 2001 *************** *** 147,152 **** --- 147,158 ---- #include "ksyms.h" cdev_decl(ksyms); + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 200,206 **** cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ ! cdev_notdef(), /* 44 */ cdev_notdef(), /* 45 */ cdev_notdef(), /* 46 */ cdev_notdef(), /* 47 */ --- 206,212 ---- cdev_uk_init(NUK,uk), /* 41: unknown SCSI */ cdev_ss_init(NSS,ss), /* 42: SCSI scanner */ cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */ ! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */ cdev_notdef(), /* 45 */ cdev_notdef(), /* 46 */ cdev_notdef(), /* 47 */ diff -cr sys.30/arch/sparc/sparc/conf.c sys/arch/sparc/sparc/conf.c *** sys.30/arch/sparc/sparc/conf.c Fri Sep 28 12:53:13 2001 --- sys/arch/sparc/sparc/conf.c Fri Dec 28 12:59:25 2001 *************** *** 128,133 **** --- 128,139 ---- }; int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]); + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 202,208 **** cdev_notdef(), /* 57 */ cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */ cdev_pf_init(NPF,pf), /* 59: packet filter */ ! cdev_notdef(), /* 60 */ cdev_notdef(), /* 61 */ cdev_notdef(), /* 62 */ cdev_notdef(), /* 63 */ --- 208,214 ---- cdev_notdef(), /* 57 */ cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */ cdev_pf_init(NPF,pf), /* 59: packet filter */ ! cdev_gen_ipf(NIPF,ipl), /* 60: ip filtering log */ cdev_notdef(), /* 61 */ cdev_notdef(), /* 62 */ cdev_notdef(), /* 63 */ diff -cr sys.30/arch/sparc64/sparc64/conf.c sys/arch/sparc64/sparc64/conf.c *** sys.30/arch/sparc64/sparc64/conf.c Fri Sep 28 12:53:14 2001 --- sys/arch/sparc64/sparc64/conf.c Fri Dec 28 12:59:59 2001 *************** *** 116,121 **** --- 116,127 ---- #include "ses.h" cdev_decl(ses); + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 239,245 **** cdev_notdef(), /* 72 */ cdev_pf_init(NPF,pf), /* 73: packet filter */ cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */ ! cdev_notdef(), /* 75 */ cdev_ksyms_init(NKSYMS,ksyms), /* 76 *: Kernel symbols device */ cdev_notdef(), /* 77 */ cdev_notdef(), /* 78 */ --- 245,251 ---- cdev_notdef(), /* 72 */ cdev_pf_init(NPF,pf), /* 73: packet filter */ cdev_altq_init(NALTQ,altq), /* 74: ALTQ control interface */ ! cdev_gen_ipf(NIPF,ipl), /* 75: IP filter */ cdev_ksyms_init(NKSYMS,ksyms), /* 76 *: Kernel symbols device */ cdev_notdef(), /* 77 */ cdev_notdef(), /* 78 */ diff -cr sys.30/arch/sun3/sun3/conf.c sys/arch/sun3/sun3/conf.c *** sys.30/arch/sun3/sun3/conf.c Fri Sep 28 12:53:14 2001 --- sys/arch/sun3/sun3/conf.c Fri Dec 28 13:00:59 2001 *************** *** 111,116 **** --- 111,122 ---- }; int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]); + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 207,212 **** --- 213,219 ---- cdev_ch_init(NCH,ch), /* 83: SCSI autochanger */ cdev_ses_init(NSES,ses), /* 84: SCSI SES or SAF-TE device */ cdev_altq_init(NALTQ,altq), /* 85: ALTQ control interface */ + cdev_gen_ipf(NIPF,ipl), /* 86: IP filter */ }; int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]); diff -cr sys.30/arch/vax/vax/conf.c sys/arch/vax/vax/conf.c *** sys.30/arch/vax/vax/conf.c Fri Sep 28 12:53:14 2001 --- sys/arch/vax/vax/conf.c Fri Dec 28 13:01:58 2001 *************** *** 432,437 **** --- 432,443 ---- #include "wskbd.h" #include "wsmouse.h" + #ifdef IPFILTER + #define NIPF 1 + #else + #define NIPF 0 + #endif + #include "pf.h" #include *************** *** 485,491 **** cdev_notdef(), /* 44 was Datakit */ cdev_notdef(), /* 45 was Datakit */ cdev_notdef(), /* 46 was Datakit */ ! cdev_notdef(), /* 47 */ cdev_notdef(), /* 48 */ cdev_notdef(), /* 49 */ cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */ --- 491,497 ---- cdev_notdef(), /* 44 was Datakit */ cdev_notdef(), /* 45 was Datakit */ cdev_notdef(), /* 46 was Datakit */ ! cdev_gen_ipf(NIPF,ipl), /* 47: IP filter */ cdev_notdef(), /* 48 */ cdev_notdef(), /* 49 */ cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */ diff -cr sys.30/conf/GENERIC sys/conf/GENERIC *** sys.30/conf/GENERIC Tue Sep 18 03:04:27 2001 --- sys/conf/GENERIC Fri Dec 28 11:37:49 2001 *************** *** 71,76 **** --- 71,78 ---- #option EON # OSI tunneling over IP #option NETATALK # AppleTalk #option CCITT,LLC,HDLC # X.25 + option IPFILTER # IP packet filter for security + option IPFILTER_LOG # use /dev/ipl to log IPF option PPP_BSDCOMP # PPP BSD compression option PPP_DEFLATE #option MROUTING # Multicast router diff -cr sys.30/conf/files sys/conf/files *** sys.30/conf/files Fri Oct 5 07:43:37 2001 --- sys/conf/files Fri Dec 28 12:02:08 2001 *************** *** 652,657 **** --- 652,665 ---- file netinet/tcp_usrreq.c inet file netinet/udp_usrreq.c inet file netinet/ip_gre.c inet + file netinet/ip_fil.c ipfilter + file netinet/fil.c ipfilter + file netinet/ip_nat.c ipfilter + file netinet/ip_frag.c ipfilter + file netinet/ip_state.c ipfilter + file netinet/ip_proxy.c ipfilter + file netinet/ip_auth.c ipfilter + file netinet/ip_log.c ipfilter file netinet/ip_ipsp.c (inet | inet6) & (ipsec | tcp_signature) file netinet/ip_spd.c (inet | inet6) & (ipsec | tcp_signature) file netinet/ip_ipip.c inet | inet6 diff -cr sys.30/net/bridgestp.c sys/net/bridgestp.c *** sys.30/net/bridgestp.c Wed Jun 27 16:07:37 2001 --- sys/net/bridgestp.c Fri Dec 28 12:01:56 2001 *************** *** 63,68 **** --- 63,73 ---- #include #include #include + + #ifdef IPFILTER + #include + #include + #endif #endif #if NBPFILTER > 0 diff -cr sys.30/net/if.c sys/net/if.c *** sys.30/net/if.c Sat Jun 30 08:46:05 2001 --- sys/net/if.c Fri Dec 28 12:02:21 2001 *************** *** 99,104 **** --- 99,110 ---- #include #endif + #ifdef IPFILTER + #include + #include + #include + #endif + #if NBPFILTER > 0 #include #endif *************** *** 381,386 **** --- 387,397 ---- /* Remove the interface from the list of all interfaces. */ TAILQ_REMOVE(&ifnet, ifp, if_list); + + #ifdef IPFILTER + /* XXX More ipf & ipnat cleanup needed. */ + frsync(); + #endif /* Deallocate private resources. */ for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa; diff -cr sys.30/net/if_bridge.c sys/net/if_bridge.c *** sys.30/net/if_bridge.c Wed Aug 22 01:18:20 2001 --- sys/net/if_bridge.c Sun Dec 30 05:29:37 2001 *************** *** 61,67 **** #include #include ! #endif #if NPF > 0 #include --- 61,71 ---- #include #include ! # if (defined(IPFILTER) || defined(IPFILTER_LKM)) ! #include ! #include ! # endif ! #endif /* INET */ #if NPF > 0 #include *************** *** 139,145 **** int bridge_flushrule __P((struct bridge_iflist *)); int bridge_brlconf __P((struct bridge_softc *, struct ifbrlconf *)); u_int8_t bridge_filterrule __P((struct brl_head *, struct ether_header *)); ! #if NPF > 0 struct mbuf *bridge_filter __P((struct bridge_softc *, int, struct ifnet *, struct ether_header *, struct mbuf *m)); #endif --- 143,149 ---- int bridge_flushrule __P((struct bridge_iflist *)); int bridge_brlconf __P((struct bridge_softc *, struct ifbrlconf *)); u_int8_t bridge_filterrule __P((struct brl_head *, struct ether_header *)); ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) struct mbuf *bridge_filter __P((struct bridge_softc *, int, struct ifnet *, struct ether_header *, struct mbuf *m)); #endif *************** *** 1043,1049 **** m_freem(m); return; } ! #if NPF > 0 m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m); if (m == NULL) return; --- 1047,1053 ---- m_freem(m); return; } ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m); if (m == NULL) return; *************** *** 1086,1092 **** m_freem(m); return; } ! #if NPF > 0 m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m); if (m == NULL) return; --- 1090,1096 ---- m_freem(m); return; } ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m); if (m == NULL) return; *************** *** 1328,1334 **** } } ! #if NPF > 0 mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc); if (mc == NULL) continue; --- 1332,1338 ---- } } ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc); if (mc == NULL) continue; *************** *** 1911,1917 **** return (0); } ! #if NPF > 0 /* * Filter IP packets by peeking into the ethernet frame. This violates * the ISO model, but allows us to act as a IP filter at the data link --- 1915,1921 ---- return (0); } ! #if (NPF > 0) || defined(IPFILTER) || defined(IPFILTER_LKM) /* * Filter IP packets by peeking into the ethernet frame. This violates * the ISO model, but allows us to act as a IP filter at the data link *************** *** 1926,1932 **** struct ether_header *eh; struct mbuf *m; { ! #if NPF == 0 return (m); #else struct llc llc; --- 1930,1936 ---- struct ether_header *eh; struct mbuf *m; { ! #if defined(NPF) && (NPF == 0) && !defined(IPFILTER) && !defined(IPFILTER_LKM) return (m); #else struct llc llc; *************** *** 1934,1939 **** --- 1938,1947 ---- struct ip *ip; int hlen; + # if (defined(IPFILTER) || defined(IPFILTER_LKM)) && defined(NPF) && (NPF == 0) + if (fr_checkp == NULL) + return (m); + # endif if (eh->ether_type != htons(ETHERTYPE_IP)) { if (eh->ether_type > ETHERMTU || m->m_pkthdr.len < (LLC_SNAPFRAMELEN + *************** *** 2000,2007 **** --- 2008,2023 ---- /* Finally, we get to filter the packet! */ m->m_pkthdr.rcvif = ifp; + #if NPF > 0 if (pf_test(dir, ifp, &m) != PF_PASS) goto dropit; + #endif + #if defined(IPFILTER) || defined(IPFILTER_LKM) + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, dir, &m)) + goto dropit; + if (m == NULL) /* in case of 'fastroute' */ + goto dropit; + #endif /* Rebuild the IP header */ if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) *************** *** 2035,2040 **** if (m != NULL) m_freem(m); return (NULL); ! #endif /* NPF == 0 */ } #endif --- 2051,2056 ---- if (m != NULL) m_freem(m); return (NULL); ! #endif /* (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) */ } #endif diff -cr sys.30/netinet/in_proto.c sys/netinet/in_proto.c *** sys.30/netinet/in_proto.c Thu Aug 9 01:07:04 2001 --- sys/netinet/in_proto.c Fri Dec 28 12:05:44 2001 *************** *** 163,168 **** --- 163,173 ---- #include #endif /* MROUTING */ + #ifdef IPFILTER + void iplinit __P((void)); + #define ip_init iplinit + #endif + #ifdef INET6 #include #endif /* INET6 */ diff -cr sys.30/netinet/ip_input.c sys/netinet/ip_input.c *** sys.30/netinet/ip_input.c Wed Sep 19 01:24:32 2001 --- sys/netinet/ip_input.c Fri Dec 28 12:05:55 2001 *************** *** 149,154 **** --- 149,159 ---- struct in_ifaddrhead in_ifaddr; struct ifqueue ipintrq; + #if defined(IPFILTER) || defined(IPFILTER_LKM) + int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, + struct mbuf **)); + #endif + int ipq_locked; static __inline int ipq_lock_try __P((void)); static __inline void ipq_unlock __P((void)); *************** *** 398,403 **** --- 403,425 ---- ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; + #endif + + #if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * Check if we want to allow this packet to be processed. + * Consider it to be bad if not. + */ + { + struct mbuf *m0 = m; + if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) { + return; + } + if (m0 == 0) { /* in case of 'fastroute' */ + return; + } + ip = mtod(m = m0, struct ip *); + } #endif #ifdef ALTQ diff -cr sys.30/netinet/ip_output.c sys/netinet/ip_output.c *** sys.30/netinet/ip_output.c Mon Aug 27 07:12:06 2001 --- sys/netinet/ip_output.c Fri Dec 28 12:10:52 2001 *************** *** 91,96 **** --- 91,100 ---- static void ip_mloopback __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); + #if defined(IPFILTER) || defined(IPFILTER_LKM) + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); + #endif + /* * IP output. The packet in mbuf chain m contains a skeletal IP * header (with len, off, ttl, proto, tos, src, dst). *************** *** 535,540 **** --- 539,568 ---- if (sproto != 0) { s = splnet(); + #if defined(IPFILTER) || defined(IPFILTER_LKM) + if (fr_checkp) { + /* + * Ok, it's time for a simple round-trip to the IPF/NAT + * code with the enc0 interface. + */ + struct mbuf *m1 = m; + void *ifp = (void *)&encif[0].sc_if; + + if ((*fr_checkp)(ip, hlen, ifp, 1, &m1)) { + error = EHOSTUNREACH; + splx(s); + goto done; + } + if (m1 == 0) { /* in case of 'fastroute' */ + error = 0; + splx(s); + goto done; + } + ip = mtod(m = m1, struct ip *); + hlen = ip->ip_hl << 2; + } + #endif /* IPFILTER */ + /* * Packet filter */ *************** *** 636,641 **** --- 664,688 ---- m->m_pkthdr.csum &= ~M_UDPV4_CSUM_OUT; /* Clear */ } } + + #if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * looks like most checking has been done now...do a filter check + */ + { + struct mbuf *m1 = m; + + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m1)) { + error = EHOSTUNREACH; + goto done; + } + if (m1 == 0) { /* in case of 'fastroute' */ + error = 0; + goto done; + } + ip = mtod(m = m1, struct ip *); + } + #endif /* * Packet filter diff -cr sys.30/netinet6/ip6_input.c sys/netinet6/ip6_input.c *** sys.30/netinet6/ip6_input.c Sat Sep 15 13:54:40 2001 --- sys/netinet6/ip6_input.c Sat Dec 29 21:57:26 2001 *************** *** 134,139 **** --- 134,142 ---- #ifdef PULLDOWN_TEST static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int)); #endif + #if defined(IPFILTER) || defined(IPFILTER_LKM) + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); + #endif /* * IP6 initialization: fill in IP6 protocol switch table. *************** *** 286,291 **** --- 289,314 ---- in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); goto bad; } + + #if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * Check if we want to allow this packet to be processed. + * Consider it to be bad if not. + */ + if (fr_checkp != NULL) { + struct mbuf *m0 = m; + + if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), + m->m_pkthdr.rcvif, 0, &m0)) { + return; + } + m = m0; + if (m == 0) { /* in case of 'fastroute' */ + return; + } + ip6 = mtod(m, struct ip6_hdr *); + } + #endif ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; diff -cr sys.30/netinet6/ip6_output.c sys/netinet6/ip6_output.c *** sys.30/netinet6/ip6_output.c Tue Oct 2 02:03:09 2001 --- sys/netinet6/ip6_output.c Sat Dec 29 21:57:26 2001 *************** *** 118,123 **** --- 118,127 ---- struct mbuf *ip6e_dest2; }; + #if defined(IPFILTER) || defined(IPFILTER_LKM) + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); + #endif + static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *, struct socket *)); static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *)); *************** *** 889,894 **** --- 893,917 ---- ip6 = mtod(m, struct ip6_hdr *); #endif + + #if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * looks like most checking has been done now...do a filter check + */ + if (fr_checkp != NULL) { + struct mbuf *m1 = m; + if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) { + error = EHOSTUNREACH; + goto done; + } + m = m1; + if (m1 == 0) { /* in case of 'fastroute' */ + error = 0; + goto done; + } + ip6 = mtod(m, struct ip6_hdr *); + } + #endif /* * Send the packet to the outgoing interface. * If necessary, do IPv6 fragmentation before sending. diff -cr sys.30/sys/conf.h sys/sys/conf.h *** sys.30/sys/conf.h Fri Oct 5 07:46:03 2001 --- sys/sys/conf.h Fri Dec 28 13:45:33 2001 *************** *** 351,356 **** --- 351,363 ---- (dev_type_ioctl((*))) enodev, (dev_type_stop((*))) nullop, \ 0, (dev_type_select((*))) enodev, (dev_type_mmap((*))) enodev } + /* open, close, read, ioctl */ + #define cdev_gen_ipf(c, n) { \ + dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \ + (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \ + (dev_type_stop((*))) enodev, 0, (dev_type_select((*))) enodev, \ + (dev_type_mmap((*))) enodev } + /* open, close, read, write, ioctl, select */ #define cdev_xfs_init(c, n) { \ dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \ *************** *** 537,542 **** --- 544,550 ---- cdev_decl(bpf); + cdev_decl(ipl); cdev_decl(pf); cdev_decl(tun); @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Import IPFilter 3.4.29 @ text @@ 1.1.1.2 log @Import IPFilter 4.1.1 @ text @d478 1 a478 1 --- 71,79 ---- a483 1 + #option IPFILTER_LOOKUP # use /dev/ippool for IP pools d492 1 a492 1 --- 652,668 ---- a503 3 + file netinet/ip_pool.c ipfilter & ipfilter_lookup + file netinet/ip_htable.c ipfilter & ipfilter_lookup + file netinet/ip_lookup.c ipfilter & ipfilter_lookup @ 1.1.1.3 log @Import IPFilter 4.1.5 @ text @d484 1 a484 1 + #option IPFILTER_LOOKUP # use /dev/iplookup for IP pools d555 1 a555 1 + frsync(ifp); @