vendor/ipfilter-sys/v3_2_1

3 files changed, 0 insertions, 597 deletions

diff --git a/sys/netinet/ip_ftp_pxy.c b/sys/netinet/ip_ftp_pxy.c
deleted file mode 100644
index 48196e97fd0f..000000000000
--- a/sys/netinet/ip_ftp_pxy.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Simple FTP transparent proxy for in-kernel.
- */
-
-#define	isdigit(x)	((x) >= '0' && (x) <= '9')
-
-#define	IPF_FTP_PROXY
-
-#define	IPF_MINPORTLEN	18
-#define	IPF_MAXPORTLEN	30
-
-
-int ippr_ftp_init(fin, ip, tcp, aps, nat)
-fr_info_t *fin;
-ip_t *ip;
-tcphdr_t *tcp;
-ap_session_t *aps;
-nat_t *nat;
-{
-	aps->aps_sport = tcp->th_sport;
-	aps->aps_dport = tcp->th_dport;
-	return 0;
-}
-
-
-int ippr_ftp_in(fin, ip, tcp, aps, nat)
-fr_info_t *fin;
-ip_t *ip;
-tcphdr_t *tcp;
-ap_session_t *aps;
-nat_t *nat;
-{
-	int	ch = 0;
-	u_long	sum1, sum2;
-
-	if (tcp->th_dport != aps->aps_dport) {
-		sum2 = (u_long)ntohl(tcp->th_ack);
-		if (aps->aps_seqoff && (sum2 > aps->aps_after)) {
-			sum1 = (u_long)aps->aps_seqoff;
-			tcp->th_ack = htonl(sum2 - sum1);
-			return 2;
-		}
-	}
-	return 0;
-}
-
-
-u_short ipf_ftp_atoi(ptr)
-char **ptr;
-{
-	register char *s = *ptr, c;
-	register u_char i = 0, j = 0;
-
-	while ((c = *s++) && isdigit(c)) {
-		i *= 10;
-		i += c - '0';
-	}
-	if (c != ',') {
-		*ptr = NULL;
-		return 0;
-	}
-	while ((c = *s++) && isdigit(c)) {
-		j *= 10;
-		j += c - '0';
-	}
-	*ptr = s;
-	return (i << 8) | j;
-}
-
-
-int ippr_ftp_out(fin, ip, tcp, aps, nat)
-fr_info_t *fin;
-ip_t *ip;
-tcphdr_t *tcp;
-ap_session_t *aps;
-nat_t *nat;
-{
-	register u_long	sum1, sum2, sumd;
-	char	newbuf[IPF_MAXPORTLEN+1];
-	char	portbuf[IPF_MAXPORTLEN+1], *s, c;
-	int	ch = 0, off = (ip->ip_hl << 2) + (tcp->th_off << 2), len;
-	u_int	a1, a2, a3, a4;
-	u_short	a5, a6;
-	int	olen, dlen, nlen, inc = 0, blen;
-	tcphdr_t tcph, *tcp2 = &tcph;
-	void	*savep;
-	nat_t	*ipn;
-	struct	in_addr	swip;
-#if	SOLARIS
-	mblk_t *m1, *m = *(mblk_t **)fin->fin_mp;
-
-	dlen = m->b_wptr - m->b_rptr - off;
-	blen = m->b_datap->db_lim - m->b_datap->db_base;
-	bzero(portbuf, sizeof(portbuf));
-	copyout_mblk(m, off, portbuf, MIN(sizeof(portbuf), dlen));
-#else
-	struct mbuf *m1, *m = *(struct mbuf **)fin->fin_mp;
-
-	dlen = m->m_len - off;
-# if BSD >= 199306
-	blen = (MLEN - m->m_len) - (m->m_data - m->m_dat);
-# else
-	blen = (MLEN - m->m_len) - m->m_off;
-# endif
-	if (blen < 0)
-		panic("blen < 0 - size of mblk/mbuf wrong");
-	bzero(portbuf, sizeof(portbuf));
-	m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
-#endif
-	portbuf[IPF_MAXPORTLEN] = '\0';
-	len = MIN(32, dlen);
-
-	if ((len < IPF_MINPORTLEN) || strncmp(portbuf, "PORT ", 5))
-		goto adjust_seqack;
-
-	/*
-	 * Skip the PORT command + space
-	 */
-	s = portbuf + 5;
-	/*
-	 * Pick out the address components, two at a time.
-	 */
-	(void) ipf_ftp_atoi(&s);
-	if (!s)
-		goto adjust_seqack;
-	(void) ipf_ftp_atoi(&s);
-	if (!s)
-		goto adjust_seqack;
-	a5 = ipf_ftp_atoi(&s);
-	if (!s)
-		goto adjust_seqack;
-	/*
-	 * check for CR-LF at the end.
-	 */
-	if (*s != '\n' || *(s - 1) != '\r')
-		goto adjust_seqack;
-	a6 = a5 & 0xff;
-	a5 >>= 8;
-	/*
-	 * Calculate new address parts for PORT command
-	 */
-	a1 = ntohl(ip->ip_src.s_addr);
-	a2 = (a1 >> 16) & 0xff;
-	a3 = (a1 >> 8) & 0xff;
-	a4 = a1 & 0xff;
-	a1 >>= 24;
-	olen = s - portbuf + 1;
-	(void) sprintf(newbuf, "PORT %d,%d,%d,%d,%d,%d\r\n",
-		a1, a2, a3, a4, a5, a6);
-	nlen = strlen(newbuf);
-	inc = nlen - olen;
-	if (tcp->th_seq > aps->aps_after) {
-		aps->aps_after = ntohl(tcp->th_seq) + dlen;
-		aps->aps_seqoff += inc;
-	}
-#if SOLARIS
-	if (inc && dlen)
-		if ((inc < 0) || (blen >= dlen)) {
-			bcopy(m->b_rptr + off,
-			      m->b_rptr + off + aps->aps_seqoff, dlen);
-		}
-	for (m1 = m; m1->b_cont; m1 = m1->b_cont)
-		;
-	m1->b_wptr += inc;
-	copyin_mblk(m, off, newbuf, strlen(newbuf));
-#else
-	if (inc && dlen)
-		if ((inc < 0) || (blen >= dlen)) {
-			bcopy((char *)ip + off,
-			      (char *)ip + off + aps->aps_seqoff, dlen);
-		}
-	m->m_len += inc;
-	m_copyback(m, off, nlen, newbuf);
-#endif
-	ip->ip_len += inc;
-	ch = 1;
-
-	/*
-	 * Add skeleton NAT entry for connection which will come back the
-	 * other way.
-	 */
-	savep = fin->fin_dp;
-	fin->fin_dp = (char *)tcp2;
-	tcp2->th_sport = htons(a5 << 8 | a6);
-	tcp2->th_dport = htons(20);
-	swip = ip->ip_src;
-	ip->ip_src = nat->nat_inip;
-	if ((ipn = nat_new(nat->nat_ptr, ip, fin, IPN_TCP, NAT_OUTBOUND)))
-		ipn->nat_age = fr_defnatage;
-	ip->ip_src = swip;
-	fin->fin_dp = (char *)savep;
-
-adjust_seqack:
-	if (tcp->th_dport == aps->aps_dport) {
-		sum2 = (u_long)ntohl(tcp->th_seq);
-		if (aps->aps_seqoff && (sum2 > aps->aps_after)) {
-			sum1 = (u_long)aps->aps_seqoff;
-			tcp->th_seq = htonl(sum2 + sum1);
-			ch = 1;
-		}
-	}
-
-	return ch ? 2 : 0;
-}
diff --git a/sys/netinet/ipl.h b/sys/netinet/ipl.h
deleted file mode 100644
index a7a582800b0c..000000000000
--- a/sys/netinet/ipl.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
- * (C)opyright 1993-1997 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- *
- * @(#)ipl.h	1.21 6/5/96
- */
-
-#ifndef	__IPL_H__
-#define	__IPL_H__
-
-#define	IPL_VERSION	"IP Filter v3.2alpha7"
-
-#endif
diff --git a/sys/netinet/mln_ipl.c b/sys/netinet/mln_ipl.c
deleted file mode 100644
index fe035da0cbb7..000000000000
--- a/sys/netinet/mln_ipl.c
+++ /dev/null
@@ -1,377 +0,0 @@
-/*
- * (C)opyright 1993,1994,1995 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-
-
-#include <sys/param.h>
-
-#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
-# ifdef	IPFILTER_LKM
-#  include <osreldate.h>
-#  define	ACTUALLY_LKM_NOT_KERNEL
-# else
-#  include <sys/osreldate.h>
-# endif
-#endif
-#include <sys/systm.h>
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
-# include <sys/conf.h>
-# include <sys/kernel.h>
-# ifdef DEVFS
-#  include <sys/devfsext.h>
-# endif /*DEVFS*/
-#endif
-#include <sys/conf.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/proc.h>
-#include <sys/uio.h>
-#include <sys/kernel.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/malloc.h>
-#include <sys/mount.h>
-#include <sys/exec.h>
-#include <sys/mbuf.h>
-#if	BSD >= 199506
-# include <sys/sysctl.h>
-#endif
-#if (__FreeBSD_version >= 199511)
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#endif
-#if (__FreeBSD__ > 1)
-# include <sys/sysent.h>
-#endif
-#include <sys/lkm.h>
-#include "netinet/ipl.h"
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
-
-#ifndef	IPL_NAME
-#define	IPL_NAME	"/dev/ipl"
-#endif
-#define	IPL_NAT		"/dev/ipnat"
-#define	IPL_STATE	"/dev/ipstate"
-
-#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
-#define	VOP_LEASE	LEASE_CHECK
-#endif
-
-#ifndef	MIN
-#define	MIN(a,b)	(((a)<(b))?(a):(b))
-#endif
-
-extern	int	lkmenodev __P((void));
-
-
-static	int	ipl_unload __P((void));
-static	int	ipl_load __P((void));
-static	int	ipl_remove __P((void));
-int	xxxinit __P((struct lkm_table *, int, int));
-
-
-struct	cdevsw	ipldevsw = 
-{
-	iplopen,		/* open */
-	iplclose,		/* close */
-	iplread,		/* read */
-	(void *)nullop,		/* write */
-	iplioctl,		/* ioctl */
-	(void *)nullop,		/* stop */
-	(void *)nullop,		/* reset */
-	(void *)NULL,		/* tty */
-	(void *)nullop,		/* select */
-	(void *)nullop,		/* mmap */
-	NULL			/* strategy */
-};
-
-#ifdef  SYSCTL_INT
-SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
-	   &ipl_unreach, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_inited, CTLFLAG_RD,
-	   &ipl_inited, 0, "");
-#endif
-
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
-int	ipl_major = 0;
-
-MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
-
-extern struct cdevsw cdevsw[];
-extern int vd_unuseddev __P((void));
-extern int nchrdev;
-#else
-int	ipl_major = CDEV_MAJOR;
-
-static struct cdevsw ipl_cdevsw = {
-	iplopen,	iplclose,	iplread,	nowrite, /* 79 */
-	iplioctl,	nostop,		noreset,	nodevtotty,
-	noselect,	nommap,		nostrategy,	"ipl",
-	NULL,	-1
-};
-#endif
-
-
-static int iplaction __P((struct lkm_table *, int));
-
-
-static int iplaction(lkmtp, cmd)
-struct lkm_table *lkmtp;
-int cmd;
-{
-	int i = ipl_major;
-	struct lkm_dev *args = lkmtp->private.lkm_dev;
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
-		for (i = 0; i < nchrdev; i++)
-			if (cdevsw[i].d_open == lkmenodev ||
-			    cdevsw[i].d_open == iplopen)
-				break;
-		if (i == nchrdev) {
-			printf("IP Filter: No free cdevsw slots\n");
-			return ENODEV;
-		}
-
-		ipl_major = i;
-		args->lkm_offset = i;   /* slot in cdevsw[] */
-#endif
-		printf("IP Filter: loaded into slot %d\n", ipl_major);
-		return ipl_load();
-		break;
-	case LKM_E_UNLOAD :
-		printf("IP Filter: unloaded from slot %d\n", ipl_major);
-		return ipl_unload();
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return 0;
-}
-
-
-static int ipl_remove __P((void))
-{
-	struct nameidata nd;
-	int error;
-
-	NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_NAME, curproc);
-	if ((error = namei(&nd)))
-		return (error);
-	VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-	VOP_LOCK(nd.ni_vp);
-	VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-	(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-
-	NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_NAT, curproc);
-	if ((error = namei(&nd)))
-		return (error);
-	VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-	VOP_LOCK(nd.ni_vp);
-	VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-	(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-
-	NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_STATE, curproc);
-	if ((error = namei(&nd)))
-		return (error);
-	VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-	VOP_LOCK(nd.ni_vp);
-	VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-	(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-	return 0;
-}
-
-
-static int ipl_unload()
-{
-	int error = 0;
-
-	error = ipldetach();
-	if (!error)
-		error = ipl_remove();
-	return error;
-}
-
-
-static int ipl_load()
-{
-	struct nameidata nd;
-	struct vattr vattr;
-	int error = 0, fmode = S_IFCHR|0600;
-
-	error = iplattach();
-	if (error)
-		return error;
-	(void) ipl_remove();
-
-	NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_NAME, curproc);
-	if (error = namei(&nd))
-		return error;
-	if (nd.ni_vp != NULL) {
-		VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
-		if (nd.ni_dvp == nd.ni_vp)
-			vrele(nd.ni_dvp);
-		else
-			vput(nd.ni_dvp);
-		vrele(nd.ni_vp);
-		return (EEXIST);
-	}
-	VATTR_NULL(&vattr);
-	vattr.va_type = VCHR;
-	vattr.va_mode = (fmode & 07777);
-	vattr.va_rdev = ipl_major<<8;
-	VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
-	if (error)
-		return error;
-
-	NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_NAT, curproc);
-	if (error = namei(&nd))
-		return error;
-	if (nd.ni_vp != NULL) {
-		VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
-		if (nd.ni_dvp == nd.ni_vp)
-			vrele(nd.ni_dvp);
-		else
-			vput(nd.ni_dvp);
-		vrele(nd.ni_vp);
-		return (EEXIST);
-	}
-	VATTR_NULL(&vattr);
-	vattr.va_type = VCHR;
-	vattr.va_mode = (fmode & 07777);
-	vattr.va_rdev = (ipl_major<<8)|1;
-	VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
-	if (error)
-		return error;
-
-	NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_STATE, curproc);
-	if (error = namei(&nd))
-		return error;
-	if (nd.ni_vp != NULL) {
-		VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
-		if (nd.ni_dvp == nd.ni_vp)
-			vrele(nd.ni_dvp);
-		else
-			vput(nd.ni_dvp);
-		vrele(nd.ni_vp);
-		return (EEXIST);
-	}
-	VATTR_NULL(&vattr);
-	vattr.va_type = VCHR;
-	vattr.va_mode = (fmode & 07777);
-	vattr.va_rdev = (ipl_major<<8)|2;
-	VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
-	if (error)
-		return error;
-	return 0;
-}
-
-
-#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
-/*
- * strlen isn't present in 2.1.* kernels.
- */
-size_t strlen(string)
-char *string;
-{
-        register char *s;
-
-        for (s = string; *s; s++)
-		;
-        return (size_t)(s - string);
-}
-
-
-int xxxinit(lkmtp, cmd, ver)
-struct lkm_table *lkmtp;
-int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
-}
-#else
-# ifdef	IPFILTER_LKM
-#  include <sys/exec.h>
-
-MOD_DECL(if_ipl);
-
-static struct lkm_dev _module = {
-	LM_DEV,
-	LKM_VERSION,
-	IPL_VERSION,
-	CDEV_MAJOR,
-	LM_DT_CHAR,
-	(void *)&ipl_cdevsw
-};
-
-int if_ipl(lkmtp, cmd, ver)
-struct lkm_table *lkmtp;
-int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
-}
-# else
-
-#ifdef DEVFS
-static  void *ipf_devfs_token[3];
-#endif
-static ipl_devsw_installed = 0;
-
-static void ipl_drvinit __P((void *unused))
-{
-	dev_t dev;
-#ifdef	DEVFS
-	void **tp = ipf_devfs_token;
-#endif
-
-	if (!ipl_devsw_installed ) {
-		dev = makedev(CDEV_MAJOR, 0);
-		cdevsw_add(&dev, &ipl_cdevsw, NULL);
-		ipl_devsw_installed = 1;
-
-#ifdef	DEVFS
-		tp[IPL_LOGIPF] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGIPF,
-						  DV_CHR, 0, 0, 0600,
-						  "ipf", IPL_LOGIPF);
-		tp[IPL_LOGNAT] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGNAT,
-						  DV_CHR, 0, 0, 0600,
-						  "ipnat", IPL_LOGNAT);
-		tp[IPL_LOGSTATE] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGSTATE,
-					            DV_CHR, 0, 0, 0600,
-						    "ipstate", IPL_LOGSTATE);
-#endif
-	}
-}
-
-SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL)
-# endif /* IPFILTER_LKM */
-#endif /* _FreeBSD_version */