8 files changed, 262 insertions, 0 deletions
diff --git a/4bsd/conf.c.diffs b/4bsd/conf.c.diffs
new file mode 100644
index 0000000000000..b40324b4d8eb8
--- /dev/null
+++ b/4bsd/conf.c.diffs
@@ -0,0 +1,41 @@
+*** conf.c.orig	Wed May 10 23:38:08 1995
+--- conf.c	Thu May 11 00:33:19 1995
+***************
+*** 169,174 ****
+--- 169,187 ----
+  #endif
+  cdev_decl(lkm);
+  
++ /* open, close, read, ioctl */
++ cdev_decl(ipl);
++ #define	cdev_gen_ipf(c,n) { \
++ 	dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
++ 	(dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
++ 	(dev_type_stop((*))) nullop, 0, (dev_type_select((*))) enodev, \
++ 	(dev_type_mmap((*))) enodev, 0 }
++ #ifdef IPFILTER
++ #define NIPF 1
++ #else
++ #define NIPF 0
++ #endif
++ 
+  struct cdevsw	cdevsw[] =
+  {
+  	cdev_cn_init(1,cn),		/* 0: virtual console */
+***************
+*** 232,238 ****
+  	cdev_notdef(),			/* 56 */
+  	cdev_notdef(),			/* 57 */
+  	cdev_disk_init(NCD,cd),		/* 58 SCSI CD-ROM */
+! 	cdev_notdef(),			/* 59 */
+  	cdev_notdef(),			/* 60 */
+  	cdev_notdef(),			/* 61 */
+  	cdev_notdef(),			/* 62 */
+--- 245,251 ----
+  	cdev_notdef(),			/* 56 */
+  	cdev_notdef(),			/* 57 */
+  	cdev_disk_init(NCD,cd),		/* 58 SCSI CD-ROM */
+! 	cdev_gen_ipf(NIPF,ipl),		/* 59 */
+  	cdev_notdef(),			/* 60 */
+  	cdev_notdef(),			/* 61 */
+  	cdev_notdef(),			/* 62 */
diff --git a/4bsd/files.diffs b/4bsd/files.diffs
new file mode 100644
index 0000000000000..a09b9c653c219
--- /dev/null
+++ b/4bsd/files.diffs
@@ -0,0 +1,23 @@
+*** files.orig	Sat Apr 29 19:59:31 1995
+--- files	Sun Apr 23 17:54:18 1995
+***************
+*** 180,185 ****
+--- 180,197 ----
+  netinet/tcp_timer.c	optional inet
+  netinet/tcp_usrreq.c	optional inet
+  netinet/udp_usrreq.c	optional inet
++ netinet/ip_fil.c	optional ipfilter requires inet
++ netinet/fil.c		optional ipfilter requires inet
++ netinet/ip_nat.c	optional ipfilter requires inet
++ netinet/ip_auth.c	optional ipfilter requires inet
++ netinet/ip_frag.c	optional ipfilter requires inet
++ netinet/ip_state.c	optional ipfilter requires inet
++ netinet/ip_proxy.c	optional ipfilter requires inet
++ netinet/ip_log.c	optional ipfilter requires inet
++ netinet/ip_scan.c	optional ipfilter requires inet
++ netinet/ip_sync.c	optional ipfilter requires inet
++ netinet/ip_pool.c	optional ipfilter_pool requires inet
++ netinet/ip_rules.c	optional ipfilter_compiled requires ipfilter
+  netiso/clnp_debug.c	optional iso
+  netiso/clnp_er.c	optional iso
+  netiso/clnp_frag.c	optional iso
diff --git a/4bsd/files.newconf.diffs b/4bsd/files.newconf.diffs
new file mode 100644
index 0000000000000..e616cfd95de22
--- /dev/null
+++ b/4bsd/files.newconf.diffs
@@ -0,0 +1,23 @@
+*** files.newconf.orig	Sat Apr 29 20:00:02 1995
+--- files.newconf	Sun Apr 23 17:53:58 1995
+***************
+*** 222,227 ****
+--- 222,239 ----
+  file netinet/tcp_timer.c	inet
+  file netinet/tcp_usrreq.c	inet
+  file netinet/udp_usrreq.c	inet
++ file netinet/ip_fil.c		ipfilter
++ file netinet/fil.c		ipfilter
++ file netinet/ip_nat.c		ipfilter
++ file netinet/ip_frag.c	ipfilter
++ file netinet/ip_state.c	ipfilter
++ file netinet/ip_auth.c	ipfilter
++ file netinet/ip_proxy.c	ipfilter
++ file netinet/ip_log.c		ipfilter
++ file netinet/ip_scan.c	ipfilter
++ file netinet/ip_sync.c	ipfilter
++ file netinet/ip_pool.c	ipfilter_pool
++ file netinet/ip_rules.c	ipfilter_compiled
+  file netiso/clnp_debug.c	iso
+  file netiso/clnp_er.c	 	iso
+  file netiso/clnp_frag.c	 	iso
diff --git a/4bsd/files.oldconf.diffs b/4bsd/files.oldconf.diffs
new file mode 100644
index 0000000000000..87614a76d4898
--- /dev/null
+++ b/4bsd/files.oldconf.diffs
@@ -0,0 +1,23 @@
+*** files.oldconf.orig	Sat Apr 29 19:59:31 1995
+--- files.oldconf	Sun Apr 23 17:54:18 1995
+***************
+*** 180,185 ****
+--- 180,197 ----
+  netinet/tcp_timer.c	optional inet
+  netinet/tcp_usrreq.c	optional inet
+  netinet/udp_usrreq.c	optional inet
++ netinet/ip_fil.c	optional ipfilter requires inet
++ netinet/fil.c		optional ipfilter requires inet
++ netinet/ip_nat.c	optional ipfilter requires inet
++ netinet/ip_frag.c	optional ipfilter requires inet
++ netinet/ip_state.c	optional ipfilter requires inet
++ netinet/ip_proxy.c	optional ipfilter requires inet
++ netinet/ip_log.c	optional ipfilter requires inet
++ netinet/ip_auth.c	optional ipfilter requires inet
++ netinet/ip_scan.c	optional ipfilter requires inet
++ netinet/ip_sync.c	optional ipfilter requires inet
++ netinet/ip_pool.c	optional ipfilter_pool requires inet
++ netinet/ip_rules.c	optional ipfilter_compiled requires ipfilter
+  netiso/clnp_debug.c	optional iso
+  netiso/clnp_er.c	optional iso
+  netiso/clnp_frag.c	optional iso
diff --git a/4bsd/filez.diffs b/4bsd/filez.diffs
new file mode 100644
index 0000000000000..de2453ac9c763
--- /dev/null
+++ b/4bsd/filez.diffs
@@ -0,0 +1,23 @@
+*** files.orig	Sat Apr 29 20:00:02 1995
+--- files	Sun Apr 23 17:53:58 1995
+***************
+*** 222,227 ****
+--- 222,239 ----
+  file netinet/tcp_timer.c	inet
+  file netinet/tcp_usrreq.c	inet
+  file netinet/udp_usrreq.c	inet
++ file netinet/ip_fil.c		ipfilter
++ file netinet/fil.c		ipfilter
++ file netinet/ip_nat.c		ipfilter
++ file netinet/ip_frag.c	ipfilter
++ file netinet/ip_state.c	ipfilter
++ file netinet/ip_proxy.c	ipfilter
++ file netinet/ip_auth.c	ipfilter
++ file netinet/ip_log.c		ipfilter
++ file netinet/ip_scan.c	ipfilter
++ file netinet/ip_sync.c	ipfilter
++ file netinet/ip_pool.c	ipfilter_pool
++ file netinet/ip_rules.c	ipfilter_compiled
+  file netiso/clnp_debug.c	iso
+  file netiso/clnp_er.c	 	iso
+  file netiso/clnp_frag.c	 	iso
diff --git a/4bsd/ip_input.c.diffs b/4bsd/ip_input.c.diffs
new file mode 100644
index 0000000000000..37044d58971f5
--- /dev/null
+++ b/4bsd/ip_input.c.diffs
@@ -0,0 +1,38 @@
+*** ip_input.c.orig	Sun Apr 23 17:17:05 1995
+--- ip_input.c	Sun Apr 23 17:30:03 1995
+***************
+*** 80,85 ****
+--- 80,90 ----
+  int	ipqmaxlen = IFQ_MAXLEN;
+  struct	in_ifaddr *in_ifaddr;			/* first inet address */
+  struct	ifqueue ipintrq;
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ int	fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ int	(*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ #endif
+  
+  /*
+   * We need to save the IP options in case a protocol wants to respond
+***************
+*** 225,231 ****
+--- 233,252 ----
+  			m_adj(m, ip->ip_len - m->m_pkthdr.len);
+  	}
+  
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+  	/*
++ 	 * Check if we want to allow this packet to be processed.
++ 	 * Consider it to be bad if not.
++ 	 */
++ 	if (fr_checkp) {
++ 		struct mbuf *m1 = m;
++ 
++ 		if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
++ 			goto next;
++ 		ip = mtod(m = m1, struct ip *);
++ 	}
++ #endif
++ 	/*
+  	 * Process options and, if not destined for us,
+  	 * ship it on.  ip_dooptions returns 1 when an
+  	 * error was detected (causing an icmp message
diff --git a/4bsd/ip_output.c.diffs b/4bsd/ip_output.c.diffs
new file mode 100644
index 0000000000000..4b0350a6d6ac1
--- /dev/null
+++ b/4bsd/ip_output.c.diffs
@@ -0,0 +1,36 @@
+*** ip_output.c.orig	Sun Apr 23 17:17:05 1995
+--- ip_output.c	Sun Apr 23 17:32:11 1995
+***************
+*** 60,65 ****
+--- 60,69 ----
+  static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
+  static void ip_mloopback
+  	__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
++ #if defined(IPFILTER_LKM) || defined(IPFILTER)
++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
++ #endif
+  
+  /*
+   * IP output.  The packet in mbuf chain m contains a skeletal IP
+***************
+*** 277,282 ****
+--- 284,303 ----
+  	} else
+  		m->m_flags &= ~M_BCAST;
+  
+  sendit:
++ #if defined(IPFILTER) || defined(IPFILTER_LKM)
++ 	/*
++ 	 * looks like most checking has been done now...do a filter check
++ 	 */
++ 	if (fr_checkp) {
++ 		struct mbuf *m1 = m;
++ 
++ 		if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
++ 			goto done;
++ 		ip = mtod(m = m1, struct ip *);
++ 	}
++ #endif
+  	/*
+  	 * If small enough for interface, can just send directly.
diff --git a/4bsd/kinstall b/4bsd/kinstall
new file mode 100755
index 0000000000000..5f97ca0cc2404
--- /dev/null
+++ b/4bsd/kinstall
@@ -0,0 +1,55 @@
+#!/bin/csh -f
+#
+set dir=`pwd`
+set karch=`uname -m`
+set archdir="/sys/arch/$karch"
+set confdir="$archdir/conf"
+
+if ( $dir =~ *fil/4bsd ) cd ..
+if ($0 =~ *kinstall) then
+	echo "Installing ip_fil.c and ip_fil.h"
+	cp ip_fil.{c,h} /sys/netinet
+	echo "Patching $archdir/$karch/conf.c"
+	cat conf.c.diffs | (cd $archdir/$karch; patch)
+endif
+echo "Patching ip_input.c and ip_output.c"
+cat 4bsd/ip_{in,out}put.c.diffs | (cd /sys/netinet; patch)
+
+if ( -f /sys/conf/files.newconf ) then
+	echo "Patching /sys/conf/files.newconf"
+	cat 4bsd/files.newconf.diffs | (cd /sys/conf; patch)
+	echo "Patching /sys/conf/files"
+	cat 4bsd/files.diffs | (cd /sys/conf; patch)
+endif
+if ( -f /sys/conf/files.oldconf ) then
+	echo "Patching /sys/conf/files.oldconf"
+	cat 4bsd/files.oldconf.diffs | (cd /sys/conf; patch)
+	echo "Patching /sys/conf/files"
+	cat 4bsd/filez.diffs | (cd /sys/conf; patch)
+endif
+
+set config=`/bin/ls -1t $confdir [0-9A-Z_]* | head -1`
+
+echo -n "Kernel configuration to update [$config] "
+set newconfig=$<
+if ( "$newconfig" != "" ) then
+	set config="$confdir/$newconfig"
+else
+	set newconfig=$config
+endif
+echo "Re-config'ing $newconfig..."
+if ( -f $confdir/$newconfig ) then
+	mv $confdir/$newconfig $confdir/$newconfig.bak
+endif
+if ( -d $archdir/$newconfig ) then
+	mv $archdir/$newconfig $archdir/$newconfig.bak
+endif
+if ($0 =~ *kinstall) then
+	awk '{print $0;if($2=="INET"){print"options IPFILTER"}}}' \
+		$confdir/$newconfig.bak > $confdir/$newconfig
+else
+	awk '{print $0;if($2=="INET"){print"options IPFILTER_LKM"}}' \
+		$confdir/$newconfig.bak > $confdir/$newconfig
+endif
+echo 'You will now need to run "config" and build a new kernel.'
+exit 0