diff options
Diffstat (limited to 'BSDOS')
| -rw-r--r-- | BSDOS/files.diffs | 23 | ||||
| -rw-r--r-- | BSDOS/ioconf.c.i386.diffs | 28 | ||||
| -rw-r--r-- | BSDOS/ip_input.c.diffs | 37 | ||||
| -rw-r--r-- | BSDOS/ip_output.c.diffs | 35 | ||||
| -rwxr-xr-x | BSDOS/kinstall | 56 |
5 files changed, 179 insertions, 0 deletions
diff --git a/BSDOS/files.diffs b/BSDOS/files.diffs new file mode 100644 index 0000000000000..0b34dbc37e9c2 --- /dev/null +++ b/BSDOS/files.diffs @@ -0,0 +1,23 @@ +*** files.orig Tue Mar 19 16:18:21 1996 +--- files Fri Mar 8 14:20:52 1996 +*************** +*** 201,206 **** +--- 201,218 ---- + file netinet/tcp_timer.c inet + file netinet/tcp_usrreq.c inet + file netinet/udp_usrreq.c inet ++ file netinet/ip_fil.c ipfilter ++ file netinet/fil.c ipfilter ++ file netinet/ip_nat.c ipfilter ++ file netinet/ip_frag.c ipfilter ++ file netinet/ip_state.c ipfilter ++ file netinet/ip_auth.c ipfilter ++ file netinet/ip_proxy.c ipfilter ++ file netinet/ip_log.c ipfilter ++ file netinet/ip_scan.c ipfilter ++ file netinet/ip_sync.c ipfilter ++ file netinet/ip_pool.c ipfilter_pool ++ file netinet/ip_rules.c ipfilter_compiled + file netiso/clnp_debug.c iso + file netiso/clnp_er.c iso + file netiso/clnp_frag.c iso diff --git a/BSDOS/ioconf.c.i386.diffs b/BSDOS/ioconf.c.i386.diffs new file mode 100644 index 0000000000000..a7e07f0e591de --- /dev/null +++ b/BSDOS/ioconf.c.i386.diffs @@ -0,0 +1,28 @@ +*** ioconf.c.i386.orig Tue Mar 19 16:20:07 1996 +--- ioconf.c.i386 Fri Mar 8 15:12:59 1996 +*************** +*** 21,26 **** +--- 21,29 ---- + extern struct devsw cnsw, cttysw, mmsw, swapsw, logsw, devfdsw; + extern struct devsw ptssw, ptcsw; + extern struct devsw pcsw, kbdsw; ++ #if defined(IPFILTER) ++ extern struct devsw iplsw; ++ #endif + + %DECLSW + +*************** +*** 62,67 **** +--- 65,75 ---- + %DEVSW(sr), /* 34 = SCSI removeable disks (clone of sd) */ + %DEVSW(rp), /* 35 = Comtrol Rocketport */ + %DEVSW(cy), /* 36 = Cyclades async mux */ ++ #if defined(IPFILTER) ++ &iplsw, /* 37 = IP Filter */ ++ #else ++ NULL, /* 37 = IP Filter */ ++ #endif + }; + #define NDEVSW (sizeof(devsw) / sizeof(*devsw)) + int ndevsw = NDEVSW; diff --git a/BSDOS/ip_input.c.diffs b/BSDOS/ip_input.c.diffs new file mode 100644 index 0000000000000..2829f4edaa448 --- /dev/null +++ b/BSDOS/ip_input.c.diffs @@ -0,0 +1,37 @@ +*** ip_input.c.orig Tue Mar 19 16:19:06 1996 +--- ip_input.c Fri Mar 8 18:31:22 1996 +*************** +*** 77,82 **** +--- 77,86 ---- + int ipqmaxlen = IFQ_MAXLEN; + struct in_ifaddr *in_ifaddr; /* first inet address */ + struct ifqueue ipintrq; ++ #if defined(IPFILTER) ++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); ++ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); ++ #endif + + /* + * We need to save the IP options in case a protocol wants to respond +*************** +*** 232,237 **** +--- 236,254 ---- + m_adj(m, ip->ip_len - m->m_pkthdr.len); + } + ++ #if defined(IPFILTER) ++ /* ++ * Check if we want to allow this packet to be processed. ++ * Consider it to be bad if not. ++ */ ++ if (fr_checkp) { ++ struct mbuf *m1 = m; ++ ++ if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) ++ goto next; ++ ip = mtod(m = m1, struct ip *); ++ } ++ #endif + /* + * Process options and, if not destined for us, + * ship it on. ip_dooptions returns 1 when an diff --git a/BSDOS/ip_output.c.diffs b/BSDOS/ip_output.c.diffs new file mode 100644 index 0000000000000..1ee533c9dd0b4 --- /dev/null +++ b/BSDOS/ip_output.c.diffs @@ -0,0 +1,35 @@ +*** ip_output.c.orig Tue Mar 19 16:19:33 1996 +--- ip_output.c Fri Mar 8 14:50:51 1996 +*************** +*** 60,65 **** +--- 60,69 ---- + static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); + static void ip_mloopback + __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); ++ #if defined(IPFILTER) ++ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); ++ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); ++ #endif + + /* + * IP output. The packet in mbuf chain m contains a skeletal IP +*************** +*** 276,281 **** +--- 280,296 ---- + } else + m->m_flags &= ~M_BCAST; + + sendit: ++ #if defined(IPFILTER) ++ { ++ struct mbuf *m1 = m; ++ /* ++ * looks like most checking has been done now...do a filter check ++ */ ++ if (fr_checkp && ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)) ++ goto done; ++ ip = mtod(m = m1, struct ip *); ++ } ++ #endif + /* + * If small enough for interface, can just send directly. diff --git a/BSDOS/kinstall b/BSDOS/kinstall new file mode 100755 index 0000000000000..58417f2795ebf --- /dev/null +++ b/BSDOS/kinstall @@ -0,0 +1,56 @@ +#!/bin/csh -f +# +set dir=`pwd` +set karch=`uname -m` +if ( -d /sys/arch/$karch ) set archdir="/sys/arch/$karch" +if ( -d /sys/$karch ) set archdir="/sys/$karch" +set confdir="$archdir/conf" + +if ( $dir =~ *fil/BSDOS ) cd .. +if ($0 =~ *kinstall) then + foreach i (ip_{auth,fil,frag,nat,proxy,scan,state,sync}.[ch] \ + fil.c ip_compat.h ip_log.c ip_*_pxy.c) + echo -n "$i "; + cp $i /sys/netinet + chmod 664 /sys/netinet/$i + switch ($i) + case *.h: + /bin/cp $i /usr/include/netinet/$i + chmod 644 /usr/include/netinet/$i + breaksw + endsw + end + echo "" + echo "Patching $archdir/$karch/ioconf.c.$karch" + cat ioconf.c.$karch.diffs | (cd $archdir/$karch; patch) +endif +echo "Patching ip_input.c and ip_output.c" +cat BSDOS/ip_{in,out}put.c.diffs | (cd /sys/netinet; patch) + +if ( -f /sys/conf/files ) then + echo "Patching /sys/conf/files" + cat BSDOS/files.diffs | (cd /sys/conf; patch) +endif + +set config=`/bin/ls -1t $confdir [0-9A-Z_]* | head -1` + +echo -n "Kernel configuration to update [$config] " +set newconfig=$< +if ( "$newconfig" != "" ) then + set config="$confdir/$newconfig" +else + set newconfig=$config +endif +echo "Re-config'ing $newconfig..." +if ( -f $confdir/$newconfig ) then + mv $confdir/$newconfig $confdir/$newconfig.bak +endif +if ( -d $archdir/$newconfig ) then + mv $archdir/$newconfig $archdir/$newconfig.bak +endif +if ($0 =~ *kinstall) then + awk '{print $0;if($2=="INET"){print"options IPFILTER"}}' \ + $confdir/$newconfig.bak > $confdir/$newconfig +endif +echo 'You will now need to run "config" and build a new kernel.' +exit 0 |