author: Cy Schubert <cy@FreeBSD.org> 2019-02-03 05:26:07 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2019-02-03 05:26:07 +0000
commit: e9a5006bff7649603eca4271b166b3453a906171 (patch)
tree: c6878ee69f0e5c7c87590907af932aeec5ee90b0 /contrib
parent: e82e8246fc1ab8b3892f69fbdd4ec546f617e2ff (diff)
download: src-test2-e9a5006bff7649603eca4271b166b3453a906171.tar.gz
src-test2-e9a5006bff7649603eca4271b166b3453a906171.zip
12 files changed, 0 insertions, 3050 deletions
diff --git a/contrib/ipfilter/ml_ipl.c b/contrib/ipfilter/ml_ipl.c
deleted file mode 100644
index aaf61a419c06..000000000000
--- a/contrib/ipfilter/ml_ipl.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/file.h>
-#include <sys/conf.h>
-#include <sys/syslog.h>
-#include <sys/buf.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/uio.h>
-#include <sys/vnode.h>
-#include <sundev/mbvar.h>
-#include <sun/autoconf.h>
-#include <sun/vddrv.h>
-#if defined(sun4c) || defined(sun4m)
-#include <sun/openprom.h>
-#endif
-
-#ifndef	IPL_NAME
-#define	IPL_NAME	"/dev/ipf"
-#endif
-
-extern	int	ipfattach(), ipfopen(), ipfclose(), ipfioctl(), ipfread();
-extern	int	nulldev(), ipfidentify(), errno;
-
-struct	cdevsw	ipfdevsw =
-{
-	ipfopen, ipfclose, ipfread, nulldev,
-	ipfioctl, nulldev, nulldev, nulldev,
-	0, nulldev,
-};
-
-
-struct	dev_ops	ipf_ops =
-{
-	1,
-	ipfidentify,
-	ipfattach,
-	ipfopen,
-	ipfclose,
-	ipfread,
-	NULL,		/* write */
-	NULL,		/* strategy */
-	NULL,		/* dump */
-	0,		/* psize */
-        ipfioctl,
-	NULL,		/* reset */
-	NULL		/* mmap */
-};
-
-int	ipf_major = 0;
-
-#ifdef sun4m
-struct	vdldrv	vd =
-{
-	VDMAGIC_PSEUDO,
-	"ipf",
-	&ipf_ops,
-	NULL,
-	&ipfdevsw,
-	0,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	0,
-	1,
-};
-#else /* sun4m */
-struct vdldrv vd =
-{
-	VDMAGIC_PSEUDO,	/* magic */
-	"ipf",		/* name */
-#ifdef sun4c
-	&ipf_ops,	/* dev_ops */
-#else
-	NULL,		/* struct mb_ctlr *mb_ctlr */
-	NULL,		/* struct mb_driver *mb_driver */
-	NULL,		/* struct mb_device *mb_device */
-	0,		/* num ctlrs */
-	1,		/* numdevs */
-#endif /* sun4c */
-	NULL,		/* bdevsw */
-	&ipfdevsw,	/* cdevsw */
-	0,		/* block major */
-	0,		/* char major */
-};
-#endif /* sun4m */
-
-extern int vd_unuseddev();
-extern struct cdevsw cdevsw[];
-extern int nchrdev;
-
-xxxinit(fc, vdp, vdi, vds)
-	u_int	fc;
-	struct	vddrv	*vdp;
-	caddr_t	vdi;
-	struct	vdstat	*vds;
-{
-	struct	vdlinkage *v;
-	int	i;
-
-	switch (fc)
-	{
-	case VDLOAD:
-		while (ipf_major < nchrdev &&
-		       cdevsw[ipf_major].d_open != vd_unuseddev)
-			ipf_major++;
-		if (ipf_major == nchrdev)
-			return ENODEV;
-		vd.Drv_charmajor = ipf_major;
-		vdp->vdd_vdtab = (struct vdlinkage *)&vd;
-		return ipf_attach(vdi);
-	case VDUNLOAD:
-		return unload(vdp, vdi);
-
-	case VDSTAT:
-		return 0;
-
-	default:
-		return EIO;
-	}
-}
-
-static unload(vdp, vdi)
-	struct vddrv *vdp;
-	struct vdioctl_unload  *vdi;
-{
-	int	i;
-
-	(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
-	return ipfdetach();
-}
-
-
-static	int	ipf_attach(vdi)
-struct	vdioctl_load	*vdi;
-{
-	struct	vnode	*vp;
-	struct	vattr	vattr;
-	int		error = 0, fmode = S_IFCHR|0600;
-
-	(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
-	vattr_null(&vattr);
-	vattr.va_type = MFTOVT(fmode);
-	vattr.va_mode = (fmode & 07777);
-	vattr.va_rdev = ipf_major<<8;
-
-	error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
-	if (error == 0)
-		VN_RELE(vp);
-	return ipfattach(0);
-}
diff --git a/contrib/ipfilter/mlf_ipl.c b/contrib/ipfilter/mlf_ipl.c
deleted file mode 100644
index 93995af956f0..000000000000
--- a/contrib/ipfilter/mlf_ipl.c
+++ /dev/null
@@ -1,596 +0,0 @@
-/*	$FreeBSD$	*/
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-
-
-#include <sys/param.h>
-
-#ifdef	IPFILTER_LKM
-# ifndef __FreeBSD_cc_version
-#  include <osreldate.h>
-# else
-#  if __FreeBSD_cc_version < 430000
-#   include <osreldate.h>
-#  endif
-# endif
-# define	ACTUALLY_LKM_NOT_KERNEL
-#else
-# ifndef __FreeBSD_cc_version
-#  include <sys/osreldate.h>
-# else
-#  if __FreeBSD_cc_version < 430000
-#   include <sys/osreldate.h>
-#  endif
-# endif
-#endif
-#include <sys/systm.h>
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
-# ifndef ACTUALLY_LKM_NOT_KERNEL
-#  include "opt_devfs.h"
-# endif
-# include <sys/conf.h>
-# include <sys/kernel.h>
-# ifdef DEVFS
-#  include <sys/devfsext.h>
-# endif /*DEVFS*/
-#endif
-#include <sys/conf.h>
-#include <sys/file.h>
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
-# include <sys/lock.h>
-#endif
-#include <sys/stat.h>
-#include <sys/proc.h>
-#include <sys/kernel.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/malloc.h>
-#include <sys/mount.h>
-#include <sys/exec.h>
-#include <sys/mbuf.h>
-#if	BSD >= 199506
-# include <sys/sysctl.h>
-#endif
-#if (__FreeBSD_version >= 300000)
-# include <sys/socket.h>
-#endif
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <sys/sysent.h>
-#include <sys/lkm.h>
-#include "netinet/ipl.h"
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
-#include "netinet/ip_state.h"
-#include "netinet/ip_nat.h"
-#include "netinet/ip_auth.h"
-#include "netinet/ip_frag.h"
-
-
-#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
-#define	VOP_LEASE	LEASE_CHECK
-#endif
-
-int	xxxinit __P((struct lkm_table *, int, int));
-
-#ifdef  SYSCTL_OID
-int sysctl_ipf_int SYSCTL_HANDLER_ARGS;
-# define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
-	SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
-		   ptr, val, sysctl_ipf_int, "I", descr);
-# define	CTLFLAG_OFF	0x00800000	/* IPFilter must be disabled */
-# define	CTLFLAG_RWO	(CTLFLAG_RW|CTLFLAG_OFF)
-SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
-	   &ipf_tcpidletimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
-	   &ipf_tcphalfclosed, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
-	   &ipf_tcpclosewait, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
-	   &ipf_tcplastack, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
-	   &ipf_tcptimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
-	   &ipf_tcpclosed, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
-	   &ipf_udptimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
-	   &ipf_icmptimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
-	   &ipf_defnatage, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
-	   &ipf_ipfrttl, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
-	   &ipf_running, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
-	   &ipf_statesize, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
-	   &ipf_statemax, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
-	   &ipf_authsize, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
-	   &ipf_authused, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
-	   &ipf_defaultauthage, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
-	   &ippr_ftp_pasvonly, 0, "");
-#endif
-
-#ifdef DEVFS
-static void *ipf_devfs[IPL_LOGSIZE];
-#endif
-
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
-int	ipf_major = 0;
-
-static struct   cdevsw  ipfdevsw =
-{
-	ipfopen,		/* open */
-	ipfclose,		/* close */
-	ipfread,		/* read */
-	(void *)nullop,		/* write */
-	ipfioctl,		/* ioctl */
-	(void *)nullop,		/* stop */
-	(void *)nullop,		/* reset */
-	(void *)NULL,		/* tty */
-	(void *)nullop,		/* select */
-	(void *)nullop,		/* mmap */
-	NULL			/* strategy */
-};
-
-MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
-
-extern struct cdevsw cdevsw[];
-extern int vd_unuseddev __P((void));
-extern int nchrdev;
-#else
-
-static struct cdevsw ipf_cdevsw = {
-	ipfopen,	ipfclose,	ipfread,	nowrite, /* 79 */
-	ipfioctl,	nostop,		noreset,	nodevtotty,
-#if (__FreeBSD_version >= 300000)
-	seltrue,	nommap,		nostrategy,	"ipf",
-#else
-	noselect,	nommap,		nostrategy,	"ipf",
-#endif
-	NULL,	-1
-};
-#endif
-
-static void ipf_drvinit __P((void *));
-
-#ifdef ACTUALLY_LKM_NOT_KERNEL
-static  int     if_ipf_unload __P((struct lkm_table *, int));
-static  int     if_ipf_load __P((struct lkm_table *, int));
-static  int     if_ipf_remove __P((void));
-static  int     ipf_major = CDEV_MAJOR;
-
-static int ipfaction __P((struct lkm_table *, int));
-static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
-				IPL_SCAN, IPL_SYNC, IPL_POOL, NULL };
-
-extern	int	lkmenodev __P((void));
-
-static int ipfaction(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
-	int i = ipf_major;
-	struct lkm_dev *args = lkmtp->private.lkm_dev;
-#endif
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
-		for (i = 0; i < nchrdev; i++)
-			if (cdevsw[i].d_open == lkmenodev ||
-			    cdevsw[i].d_open == ipfopen)
-				break;
-		if (i == nchrdev) {
-			printf("IP Filter: No free cdevsw slots\n");
-			return ENODEV;
-		}
-
-		ipf_major = i;
-		args->lkm_offset = i;   /* slot in cdevsw[] */
-#endif
-		printf("IP Filter: loaded into slot %d\n", ipf_major);
-		err = if_ipf_load(lkmtp, cmd);
-		if (!err)
-			ipf_drvinit((void *)NULL);
-		return err;
-		break;
-	case LKM_E_UNLOAD :
-		err = if_ipf_unload(lkmtp, cmd);
-		if (!err) {
-			printf("IP Filter: unloaded from slot %d\n",
-				ipf_major);
-#ifdef	DEVFS
-			if (ipf_devfs[IPL_LOGIPF])
-				devfs_remove_dev(ipf_devfs[IPL_LOGIPF]);
-			if (ipf_devfs[IPL_LOGNAT])
-				devfs_remove_dev(ipf_devfs[IPL_LOGNAT]);
-			if (ipf_devfs[IPL_LOGSTATE])
-				devfs_remove_dev(ipf_devfs[IPL_LOGSTATE]);
-			if (ipf_devfs[IPL_LOGAUTH])
-				devfs_remove_dev(ipf_devfs[IPL_LOGAUTH]);
-			if (ipf_devfs[IPL_LOGSCAN])
-				devfs_remove_dev(ipf_devfs[IPL_LOGSCAN]);
-			if (ipf_devfs[IPL_LOGSYNC])
-				devfs_remove_dev(ipf_devfs[IPL_LOGSYNC]);
-			if (ipf_devfs[IPL_LOGLOOKUP])
-				devfs_remove_dev(ipf_devfs[IPL_LOGLOOKUP]);
-#endif
-		}
-		return err;
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return 0;
-}
-
-
-static int if_ipf_remove __P((void))
-{
-	char *name;
-	struct nameidata nd;
-	int error, i;
-
-	for (i = 0; (name = ipf_devfiles[i]); i++) {
-		NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-		if ((error = namei(&nd)))
-			return (error);
-		VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-#if (__FreeBSD_version >= 300000)
-		VOP_LOCK(nd.ni_vp, LK_RETRY | LK_EXCLUSIVE, curproc);
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-		(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-
-		if (nd.ni_dvp == nd.ni_vp)
-			vrele(nd.ni_dvp);
-		else
-			vput(nd.ni_dvp);
-		if (nd.ni_vp != NULLVP)
-			vput(nd.ni_vp);
-#else
-		VOP_LOCK(nd.ni_vp);
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-		(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-#endif
-	}
-
-	return 0;
-}
-
-
-static int if_ipf_unload(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	int error = 0;
-
-	error = ipfdetach();
-	if (!error)
-		error = if_ipf_remove();
-	return error;
-}
-
-
-static int if_ipf_load(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	struct nameidata nd;
-	struct vattr vattr;
-	int error = 0, fmode = S_IFCHR|0600, i;
-	char *name;
-
-	error = ipfattach();
-	if (error)
-		return error;
-	(void) if_ipf_remove();
-
-	for (i = 0; (name = ipf_devfiles[i]); i++) {
-		NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-		if ((error = namei(&nd)))
-			return error;
-		if (nd.ni_vp != NULL) {
-			VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
-			if (nd.ni_dvp == nd.ni_vp)
-				vrele(nd.ni_dvp);
-			else
-				vput(nd.ni_dvp);
-			vrele(nd.ni_vp);
-			return (EEXIST);
-		}
-		VATTR_NULL(&vattr);
-		vattr.va_type = VCHR;
-		vattr.va_mode = (fmode & 07777);
-		vattr.va_rdev = (ipf_major << 8) | i;
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-		error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
-#if (__FreeBSD_version >= 300000)
-		vput(nd.ni_dvp);
-#endif
-		if (error)
-			return error;
-	}
-	return 0;
-}
-
-#endif  /* actually LKM */
-
-#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
-/*
- * strlen isn't present in 2.1.* kernels.
- */
-size_t strlen(string)
-	char *string;
-{
-	register char *s;
-
-	for (s = string; *s; s++)
-		;
-	return (size_t)(s - string);
-}
-
-
-int xxxinit(lkmtp, cmd, ver)
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
-}
-#else	/* __FREEBSD_version >= 220000 */
-# ifdef	IPFILTER_LKM
-#  include <sys/exec.h>
-
-#  if (__FreeBSD_version >= 300000)
-MOD_DEV(if_ipf, LM_DT_CHAR, CDEV_MAJOR, &ipf_cdevsw);
-#  else
-MOD_DECL(if_ipf);
-
-
-static struct lkm_dev _module = {
-	LM_DEV,
-	LKM_VERSION,
-	IPL_VERSION,
-	CDEV_MAJOR,
-	LM_DT_CHAR,
-	{ (void *)&ipf_cdevsw }
-};
-#  endif
-
-
-int if_ipf __P((struct lkm_table *, int, int));
-
-
-int if_ipf(lkmtp, cmd, ver)
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-#  if (__FreeBSD_version >= 300000)
-	MOD_DISPATCH(if_ipf, lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
-#  else
-	DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
-#  endif
-}
-# endif /* IPFILTER_LKM */
-static ipf_devsw_installed = 0;
-
-static void ipf_drvinit __P((void *unused))
-{
-	dev_t dev;
-# ifdef	DEVFS
-	void **tp = ipf_devfs;
-# endif
-
-	if (!ipf_devsw_installed ) {
-		dev = makedev(CDEV_MAJOR, 0);
-		cdevsw_add(&dev, &ipf_cdevsw, NULL);
-		ipf_devsw_installed = 1;
-
-# ifdef	DEVFS
-		tp[IPL_LOGIPF] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGIPF,
-						  DV_CHR, 0, 0, 0600, "ipf");
-		tp[IPL_LOGNAT] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGNAT,
-						  DV_CHR, 0, 0, 0600, "ipnat");
-		tp[IPL_LOGSTATE] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGSTATE,
-						    DV_CHR, 0, 0, 0600,
-						    "ipstate");
-		tp[IPL_LOGAUTH] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGAUTH,
-						   DV_CHR, 0, 0, 0600,
-						   "ipauth");
-# endif
-	}
-}
-
-
-#ifdef SYSCTL_IPF
-int
-sysctl_ipf_int SYSCTL_HANDLER_ARGS
-{
-	int error = 0;
-
-	if (arg1)
-		error = SYSCTL_OUT(req, arg1, sizeof(int));
-	else
-		error = SYSCTL_OUT(req, &arg2, sizeof(int));
-
-	if (error || !req->newptr)
-		return (error);
-
-	if (!arg1)
-		error = EPERM;
-	else {
-		if ((oidp->oid_kind & CTLFLAG_OFF) && (ipf_running > 0))
-			error = EBUSY;
-		else
-			error = SYSCTL_IN(req, arg1, sizeof(int));
-	}
-	return (error);
-}
-#endif
-
-
-# if defined(IPFILTER_LKM) || \
-     defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
-SYSINIT(ipfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipf_drvinit,NULL)
-# endif /* IPFILTER_LKM */
-#endif /* _FreeBSD_version */
-
-
-/*
- * routines below for saving IP headers to buffer
- */
-int ipfopen(dev, flags
-#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
-, devtype, p)
-	int devtype;
-# if (__FreeBSD_version >= 500024)
-	struct thread *p;
-# else
-	struct proc *p;
-# endif /* __FreeBSD_version >= 500024 */
-#else
-)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	int flags;
-{
-	u_int unit = GET_MINOR(dev);
-
-	if (IPL_LOGMAX < unit)
-		unit = ENXIO;
-	else
-		unit = 0;
-	return unit;
-}
-
-
-int ipfclose(dev, flags
-#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
-, devtype, p)
-	int devtype;
-# if (__FreeBSD_version >= 500024)
-	struct thread *p;
-# else
-	struct proc *p;
-# endif /* __FreeBSD_version >= 500024 */
-#else
-)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	int flags;
-{
-	u_int	unit = GET_MINOR(dev);
-
-	if (IPL_LOGMAX < unit)
-		unit = ENXIO;
-	else
-		unit = 0;
-	return unit;
-}
-
-/*
- * ipfread/ipflog
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-#if (BSD >= 199306)
-int ipfread(dev, uio, ioflag)
-	int ioflag;
-#else
-int ipfread(dev, uio)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	register struct uio *uio;
-{
-	u_int	unit = GET_MINOR(dev);
-
-	if (unit < 0)
-		return ENXIO;
-
-	if (ipf_running < 1)
-		return EIO;
-
-	if (unit == IPL_LOGSYNC)
-		return ipfsync_read(uio);
-
-#ifdef IPFILTER_LOG
-	return ipflog_read(unit, uio);
-#else
-	return ENXIO;
-#endif
-}
-
-
-/*
- * ipfwrite
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-#if (BSD >= 199306)
-int ipfwrite(dev, uio, ioflag)
-	int ioflag;
-#else
-int ipfwrite(dev, uio)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	register struct uio *uio;
-{
-
-	if (ipf_running < 1)
-		return EIO;
-
-	if (GET_MINOR(dev) == IPL_LOGSYNC)
-		return ipfsync_write(uio);
-	return ENXIO;
-}
diff --git a/contrib/ipfilter/mlf_rule.c b/contrib/ipfilter/mlf_rule.c
deleted file mode 100644
index babd2c64a93b..000000000000
--- a/contrib/ipfilter/mlf_rule.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*	$FreeBSD$	*/
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-
-
-#include <sys/param.h>
-
-#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
-# ifdef	IPFILTER_LKM
-#  include <osreldate.h>
-#  define	ACTUALLY_LKM_NOT_KERNEL
-# else
-#  include <sys/osreldate.h>
-# endif
-#endif
-#include <sys/systm.h>
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
-# include <sys/conf.h>
-# include <sys/kernel.h>
-# ifdef DEVFS
-#  include <sys/devfsext.h>
-# endif /*DEVFS*/
-#endif
-#include <sys/conf.h>
-#include <sys/file.h>
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
-# include <sys/lock.h>
-#endif
-#include <sys/stat.h>
-#include <sys/proc.h>
-#include <sys/kernel.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/malloc.h>
-#include <sys/mount.h>
-#include <sys/exec.h>
-#include <sys/mbuf.h>
-#if	BSD >= 199506
-# include <sys/sysctl.h>
-#endif
-#if (__FreeBSD_version >= 300000)
-# include <sys/socket.h>
-#endif
-#if (__FreeBSD_version >= 199511)
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#endif
-#if (__FreeBSD__ > 1)
-# include <sys/sysent.h>
-#endif
-#include <sys/lkm.h>
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
-#include "netinet/ip_rules.h"
-
-
-int	xxxinit __P((struct lkm_table *, int, int));
-
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
-MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
-#endif
-
-static int ipfrule_ioctl __P((struct lkm_table *, int));
-
-#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
-
-int xxxinit(lkmtp, cmd, ver)
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
-}
-#else	/* __FREEBSD_version >= 220000 */
-# ifdef	IPFILTER_LKM
-#  include <sys/exec.h>
-
-#  if (__FreeBSD_version >= 300000)
-MOD_MISC(ipfrule);
-#  else
-MOD_DECL(ipfrule);
-
-
-static struct lkm_misc _module = {
-	LM_MISC,
-	LKM_VERSION,
-	"IP Filter rules",
-	0,
-};
-#  endif
-
-
-int ipfrule __P((struct lkm_table *, int, int));
-
-
-int ipfrule(lkmtp, cmd, ver)
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-#  if (__FreeBSD_version >= 300000)
-	MOD_DISPATCH(ipfrule, lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl,
-		     ipfrule_ioctl);
-#  else
-	DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
-#  endif
-}
-# endif /* IPFILTER_LKM */
-
-
-int ipfrule_load(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	return ipfrule_add();
-}
-
-
-int ipfrule_unload(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	return ipfrule_remove();
-}
-
-
-static int ipfrule_ioctl(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-		err = ipfrule_load(lkmtp, cmd);
-		if (!err)
-			ipf_refcnt++;
-		break;
-	case LKM_E_UNLOAD :
-		err = ipfrule_unload(lkmtp, cmd);
-		if (!err)
-			ipf_refcnt--;
-		break;
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return err;
-}
-#endif /* _FreeBSD_version */
diff --git a/contrib/ipfilter/mlfk_ipl.c b/contrib/ipfilter/mlfk_ipl.c
deleted file mode 100644
index ba1f44f0c105..000000000000
--- a/contrib/ipfilter/mlfk_ipl.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-
-
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <sys/kernel.h>
-#include <sys/module.h>
-#include <sys/conf.h>
-#include <sys/socket.h>
-#include <sys/sysctl.h>
-#include <sys/select.h>
-#if __FreeBSD_version >= 500000
-# include <sys/selinfo.h>
-#endif
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-
-
-#include "netinet/ipl.h"
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
-#include "netinet/ip_state.h"
-#include "netinet/ip_nat.h"
-#include "netinet/ip_auth.h"
-#include "netinet/ip_frag.h"
-#include "netinet/ip_sync.h"
-
-extern ipf_main_softc_t ipfmain;
-
-#if __FreeBSD_version >= 502116
-static struct cdev *ipf_devs[IPL_LOGSIZE];
-#else
-static dev_t ipf_devs[IPL_LOGSIZE];
-#endif
-
-#if 0
-static int sysctl_ipf_int ( SYSCTL_HANDLER_ARGS );
-#endif
-static int ipf_modload(void);
-static int ipf_modunload(void);
-
-#if (__FreeBSD_version >= 500024)
-# if (__FreeBSD_version >= 502116)
-static	int	ipfopen __P((struct cdev*, int, int, struct thread *));
-static	int	ipfclose __P((struct cdev*, int, int, struct thread *));
-# else
-static	int	ipfopen __P((dev_t, int, int, struct thread *));
-static	int	ipfclose __P((dev_t, int, int, struct thread *));
-# endif /* __FreeBSD_version >= 502116 */
-#else
-static	int	ipfopen __P((dev_t, int, int, struct proc *));
-static	int	ipfclose __P((dev_t, int, int, struct proc *));
-#endif
-#if (__FreeBSD_version >= 502116)
-static	int	ipfread __P((struct cdev*, struct uio *, int));
-static	int	ipfwrite __P((struct cdev*, struct uio *, int));
-#else
-static	int	ipfread __P((dev_t, struct uio *, int));
-static	int	ipfwrite __P((dev_t, struct uio *, int));
-#endif /* __FreeBSD_version >= 502116 */
-
-
-
-SYSCTL_DECL(_net_inet);
-#define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
-	SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
-		   ptr, val, sysctl_ipf_int, "I", descr);
-#define	CTLFLAG_OFF	0x00800000	/* IPFilter must be disabled */
-#define	CTLFLAG_RWO	(CTLFLAG_RW|CTLFLAG_OFF)
-SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
-#if 0
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
-	   &ipf_tcpidletimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
-	   &ipf_tcphalfclosed, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
-	   &ipf_tcpclosewait, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
-	   &ipf_tcplastack, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
-	   &ipf_tcptimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
-	   &ipf_tcpclosed, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
-	   &ipf_udptimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RWO,
-	   &ipf_udpacktimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
-	   &ipf_icmptimeout, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
-	   &ipf_nat_defage, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
-	   &ipf_ipfrttl, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
-	   &ipf_running, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
-	   &ipf_state_size, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
-	   &ipf_state_max, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_nattable_sz, CTLFLAG_RWO,
-	   &ipf_nat_table_sz, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_natrules_sz, CTLFLAG_RWO,
-	   &ipf_nat_maprules_sz, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_rdrrules_sz, CTLFLAG_RWO,
-	   &ipf_nat_rdrrules_sz, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_hostmap_sz, CTLFLAG_RWO,
-	   &ipf_nat_hostmap_sz, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
-	   &ipf_auth_size, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
-	   &ipf_auth_used, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
-	   &ipf_auth_defaultage, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
-SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
-#endif
-
-#define CDEV_MAJOR 79
-#include <sys/poll.h>
-#if __FreeBSD_version >= 500043
-# include <sys/select.h>
-static int ipfpoll(struct cdev *dev, int events, struct thread *td);
-
-static struct cdevsw ipf_cdevsw = {
-#if __FreeBSD_version >= 502103
-	.d_version =	D_VERSION,
-	.d_flags =	0,	/* D_NEEDGIANT - Should be SMP safe */
-#endif
-	.d_open =	ipfopen,
-	.d_close =	ipfclose,
-	.d_read =	ipfread,
-	.d_write =	ipfwrite,
-	.d_ioctl =	ipfioctl,
-	.d_poll =	ipfpoll,
-	.d_name =	"ipf",
-#if __FreeBSD_version < 600000
-	.d_maj =	CDEV_MAJOR,
-#endif
-};
-#else
-static int ipfpoll(dev_t dev, int events, struct proc *td);
-
-static struct cdevsw ipf_cdevsw = {
-	/* open */	ipfopen,
-	/* close */	ipfclose,
-	/* read */	ipfread,
-	/* write */	ipfwrite,
-	/* ioctl */	ipfioctl,
-	/* poll */	ipfpoll,
-	/* mmap */	nommap,
-	/* strategy */	nostrategy,
-	/* name */	"ipf",
-	/* maj */	CDEV_MAJOR,
-	/* dump */	nodump,
-	/* psize */	nopsize,
-	/* flags */	0,
-# if (__FreeBSD_version < 500043)
-	/* bmaj */	-1,
-# endif
-# if (__FreeBSD_version >= 430000)
-	/* kqfilter */	NULL
-# endif
-};
-#endif
-
-static char *ipf_devfiles[] = {	IPL_NAME, IPNAT_NAME, IPSTATE_NAME, IPAUTH_NAME,
-				IPSYNC_NAME, IPSCAN_NAME, IPLOOKUP_NAME, NULL };
-
-
-static int
-ipfilter_modevent(module_t mod, int type, void *unused)
-{
-	int error = 0;
-
-	switch (type)
-	{
-	case MOD_LOAD :
-		error = ipf_modload();
-		break;
-
-	case MOD_UNLOAD :
-		error = ipf_modunload();
-		break;
-	default:
-		error = EINVAL;
-		break;
-	}
-	return error;
-}
-
-
-static int
-ipf_modload()
-{
-	char *defpass, *c, *str;
-	int i, j, error;
-
-	if (ipf_load_all() != 0)
-		return EIO;
-
-	if (ipf_create_all(&ipfmain) == NULL)
-		return EIO;
-
-	error = ipfattach(&ipfmain);
-	if (error)
-		return error;
-
-	for (i = 0; i < IPL_LOGSIZE; i++)
-		ipf_devs[i] = NULL;
-
-	for (i = 0; (str = ipf_devfiles[i]); i++) {
-		c = NULL;
-		for(j = strlen(str); j > 0; j--)
-			if (str[j] == '/') {
-				c = str + j + 1;
-				break;
-			}
-		if (!c)
-			c = str;
-		ipf_devs[i] = make_dev(&ipf_cdevsw, i, 0, 0, 0600, c);
-	}
-
-	error = ipf_pfil_hook();
-	if (error != 0)
-		return error;
-	ipf_event_reg();
-
-	if (FR_ISPASS(ipfmain.ipf_pass))
-		defpass = "pass";
-	else if (FR_ISBLOCK(ipfmain.ipf_pass))
-		defpass = "block";
-	else
-		defpass = "no-match -> block";
-
-	printf("%s initialized.  Default = %s all, Logging = %s%s\n",
-		ipfilter_version, defpass,
-#ifdef IPFILTER_LOG
-		"enabled",
-#else
-		"disabled",
-#endif
-#ifdef IPFILTER_COMPILED
-		" (COMPILED)"
-#else
-		""
-#endif
-		);
-	return 0;
-}
-
-
-static int
-ipf_modunload()
-{
-	int error, i;
-
-	if (ipfmain.ipf_refcnt)
-		return EBUSY;
-
-	error = ipf_pfil_unhook();
-	if (error != 0)
-		return error;
-
-	if (ipfmain.ipf_running >= 0) {
-		error = ipfdetach(&ipfmain);
-		if (error != 0)
-			return error;
-
-		ipf_destroy_all(&ipfmain);
-		ipf_unload_all();
-	} else
-		error = 0;
-
-	ipfmain.ipf_running = -2;
-
-	for (i = 0; ipf_devfiles[i]; i++) {
-		if (ipf_devs[i] != NULL)
-			destroy_dev(ipf_devs[i]);
-	}
-
-	printf("%s unloaded\n", ipfilter_version);
-
-	return error;
-}
-
-
-static moduledata_t ipfiltermod = {
-	"ipfilter",
-	ipfilter_modevent,
-	0
-};
-
-
-DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
-#ifdef	MODULE_VERSION
-MODULE_VERSION(ipfilter, 1);
-#endif
-
-
-#if 0
-#ifdef SYSCTL_IPF
-int
-sysctl_ipf_int ( SYSCTL_HANDLER_ARGS )
-{
-	int error = 0;
-
-	if (arg1)
-		error = SYSCTL_OUT(req, arg1, sizeof(int));
-	else
-		error = SYSCTL_OUT(req, &arg2, sizeof(int));
-
-	if (error || !req->newptr)
-		return (error);
-
-	if (!arg1)
-		error = EPERM;
-	else {
-		if ((oidp->oid_kind & CTLFLAG_OFF) && (ipfmain.ipf_running > 0))
-			error = EBUSY;
-		else
-			error = SYSCTL_IN(req, arg1, sizeof(int));
-	}
-	return (error);
-}
-#endif
-#endif
-
-
-static int
-#if __FreeBSD_version >= 500043
-ipfpoll(struct cdev *dev, int events, struct thread *td)
-#else
-ipfpoll(dev_t dev, int events, struct proc *td)
-#endif
-{
-	u_int unit = GET_MINOR(dev);
-	int revents;
-
-	if (unit < 0 || unit > IPL_LOGMAX)
-		return 0;
-
-	revents = 0;
-
-	switch (unit)
-	{
-	case IPL_LOGIPF :
-	case IPL_LOGNAT :
-	case IPL_LOGSTATE :
-#ifdef IPFILTER_LOG
-		if ((events & (POLLIN | POLLRDNORM)) && ipf_log_canread(&ipfmain, unit))
-			revents |= events & (POLLIN | POLLRDNORM);
-#endif
-		break;
-	case IPL_LOGAUTH :
-		if ((events & (POLLIN | POLLRDNORM)) && ipf_auth_waiting(&ipfmain))
-			revents |= events & (POLLIN | POLLRDNORM);
-		break;
-	case IPL_LOGSYNC :
-		if ((events & (POLLIN | POLLRDNORM)) && ipf_sync_canread(&ipfmain))
-			revents |= events & (POLLIN | POLLRDNORM);
-		if ((events & (POLLOUT | POLLWRNORM)) && ipf_sync_canwrite(&ipfmain))
-			revents |= events & (POLLOUT | POLLWRNORM);
-		break;
-	case IPL_LOGSCAN :
-	case IPL_LOGLOOKUP :
-	default :
-		break;
-	}
-
-	if ((revents == 0) && ((events & (POLLIN|POLLRDNORM)) != 0))
-		selrecord(td, &ipfmain.ipf_selwait[unit]);
-
-	return revents;
-}
-
-
-/*
- * routines below for saving IP headers to buffer
- */
-static int ipfopen(dev, flags
-#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
-, devtype, p)
-	int devtype;
-# if (__FreeBSD_version >= 500024)
-	struct thread *p;
-# else
-	struct proc *p;
-# endif /* __FreeBSD_version >= 500024 */
-#else
-)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	int flags;
-{
-	u_int unit = GET_MINOR(dev);
-	int error;
-
-	if (IPL_LOGMAX < unit)
-		error = ENXIO;
-	else {
-		switch (unit)
-		{
-		case IPL_LOGIPF :
-		case IPL_LOGNAT :
-		case IPL_LOGSTATE :
-		case IPL_LOGAUTH :
-		case IPL_LOGLOOKUP :
-		case IPL_LOGSYNC :
-#ifdef IPFILTER_SCAN
-		case IPL_LOGSCAN :
-#endif
-			error = 0;
-			break;
-		default :
-			error = ENXIO;
-			break;
-		}
-	}
-	return error;
-}
-
-
-static int ipfclose(dev, flags
-#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
-, devtype, p)
-	int devtype;
-# if (__FreeBSD_version >= 500024)
-	struct thread *p;
-# else
-	struct proc *p;
-# endif /* __FreeBSD_version >= 500024 */
-#else
-)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	int flags;
-{
-	u_int	unit = GET_MINOR(dev);
-
-	if (IPL_LOGMAX < unit)
-		unit = ENXIO;
-	else
-		unit = 0;
-	return unit;
-}
-
-/*
- * ipfread/ipflog
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-#if (BSD >= 199306)
-static int ipfread(dev, uio, ioflag)
-	int ioflag;
-#else
-static int ipfread(dev, uio)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	struct uio *uio;
-{
-	u_int	unit = GET_MINOR(dev);
-
-	if (unit < 0)
-		return ENXIO;
-
-	if (ipfmain.ipf_running < 1)
-		return EIO;
-
-	if (unit == IPL_LOGSYNC)
-		return ipf_sync_read(&ipfmain, uio);
-
-#ifdef IPFILTER_LOG
-	return ipf_log_read(&ipfmain, unit, uio);
-#else
-	return ENXIO;
-#endif
-}
-
-
-/*
- * ipfwrite
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-#if (BSD >= 199306)
-static int ipfwrite(dev, uio, ioflag)
-	int ioflag;
-#else
-static int ipfwrite(dev, uio)
-#endif
-#if (__FreeBSD_version >= 502116)
-	struct cdev *dev;
-#else
-	dev_t dev;
-#endif
-	struct uio *uio;
-{
-
-	if (ipfmain.ipf_running < 1)
-		return EIO;
-
-	if (GET_MINOR(dev) == IPL_LOGSYNC)
-		return ipf_sync_write(&ipfmain, uio);
-	return ENXIO;
-}
diff --git a/contrib/ipfilter/mlh_rule.c b/contrib/ipfilter/mlh_rule.c
deleted file mode 100644
index cc2a74c86264..000000000000
--- a/contrib/ipfilter/mlh_rule.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*	$FreeBSD$	*/
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- */
-/* #pragma ident   "@(#)solaris.c	1.12 6/5/96 (C) 1995 Darren Reed"*/
-
-/*typedef unsigned int spustate_t;*/
-struct uio;
-
-#include <sys/types.h>
-#include <sys/cmn_err.h>
-#include <sys/kernel.h>
-#include <sys/systm.h>
-#include <sys/malloc.h>
-#include <sys/conf.h>
-#include <sys/callout.h>
-#include <sys/moddefs.h>
-#include <sys/io.h>
-#include <sys/wsio.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/byteorder.h>
-#include <sys/socket.h>
-#include <sys/stropts.h>
-#include <net/if.h>
-#include <net/af.h>
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/if_ether.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/tcpip.h>
-#include <netinet/ip_icmp.h>
-
-#include "ip_compat.h"
-#include "ip_fil.h"
-#include "ip_rules.h"
-
-
-/*
- * Driver Header
- */
-static drv_info_t ipf_drv_info = {
-	"IP Filter Rules",				/* type */
-	"pseudo",					/* class */
-	DRV_PSEUDO|DRV_SAVE_CONF|DRV_MP_SAFE,		/* flags */
-	-1,						/* b_major */
-	-1,						/* c_major */
-	NULL,						/* cdio */
-	NULL,						/* gio_private */
-	NULL,						/* cdio_private */
-};
-
-
-extern	struct	mod_operations	gio_mod_ops;
-static	drv_info_t	ipf_drv_info;
-extern	struct	mod_conf_data	ipf_conf_data;
-
-static struct mod_type_data	ipf_drv_link = {
-	IPL_VERSION, (void *)NULL
-};
-
-static	struct	modlink	ipf_mod_link[] = {
-	{ &gio_mod_ops, (void *)&ipf_drv_link },
-	{ NULL, (void *)NULL }
-};
-
-struct	modwrapper	ipf_wrapper = {
-	MODREV,
-	ipf_load,
-	ipf_unload,
-	(void (*)())NULL,
-	(void *)&ipf_conf_data,
-	ipf_mod_link
-};
-
-
-static int ipf_load(void *arg)
-{
-	int i;
-
-	i = ipfrule_add();
-	if (!i)
-		ipf_refcnt--;
-#ifdef	IPFDEBUG
-	printf("IP Filter Rules: ipfrule_add() = %d\n", i);
-#endif
-	if (!i)
-		cmn_err(CE_CONT, "IP Filter Rules: Loaded\n");
-	return i;
-}
-
-
-static int ipf_unload(void *arg)
-{
-	int i;
-
-	i = ipfrule_remove();
-	if (!i)
-		ipf_refcnt--;
-#ifdef	IPFDEBUG
-	printf("IP Filter Rules: ipfrule_remove() = %d\n", i);
-#endif
-	if (!i)
-		cmn_err(CE_CONT, "IP Filter Rules: Unloaded\n");
-	return i;
-}
diff --git a/contrib/ipfilter/mln_ipl.c b/contrib/ipfilter/mln_ipl.c
deleted file mode 100644
index 28b54071634d..000000000000
--- a/contrib/ipfilter/mln_ipl.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-
-
-#include <sys/param.h>
-
-/*
- * Post NetBSD 1.2 has the PFIL interface for packet filters.  This turns
- * on those hooks.  We don't need any special mods with this!
- */
-#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
-    (defined(NetBSD1_2) && NetBSD1_2 > 1)
-# define NETBSD_PF
-#endif
-
-#include <sys/systm.h>
-#include <sys/conf.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/proc.h>
-#include <sys/uio.h>
-#include <sys/kernel.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/malloc.h>
-#include <sys/mount.h>
-#include <sys/exec.h>
-#include <sys/mbuf.h>
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <sys/lkm.h>
-#include <sys/poll.h>
-#include <sys/select.h>
-#include "ipl.h"
-#include "ip_compat.h"
-#include "ip_fil.h"
-#include "ip_auth.h"
-#include "ip_state.h"
-#include "ip_nat.h"
-#include "ip_sync.h"
-
-#if !defined(__NetBSD_Version__) || __NetBSD_Version__ < 103050000
-#define vn_lock(v,f) VOP_LOCK(v)
-#endif
-
-#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
-#define	VOP_LEASE	LEASE_CHECK
-#endif
-
-
-extern	int	lkmenodev __P((void));
-
-#if NetBSD >= 199706
-int	ipflkm_lkmentry __P((struct lkm_table *, int, int));
-#else
-int	xxxinit __P((struct lkm_table *, int, int));
-#endif
-static	int	ipf_unload __P((void));
-static	int	ipf_load __P((void));
-static	int	ipf_remove __P((void));
-static	int	ipfaction __P((struct lkm_table *, int));
-static	char	*ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
-				    IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
-				    IPLOOKUP_NAME, NULL };
-
-int				ipf_major = 0;
-extern	ipf_main_softc_t	ipfmain;
-extern	const struct cdevsw ipl_cdevsw;
-
-#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
-MOD_DEV(IPL_VERSION, "ipf", NULL, -1, &ipl_cdevsw, -1);
-#else
-MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
-#endif
-
-extern int vd_unuseddev __P((void));
-extern struct cdevsw cdevsw[];
-extern int nchrdev;
-
-
-int
-#if NetBSD >= 199706
-ipflkm_lkmentry(lkmtp, cmd, ver)
-#else
-xxxinit(lkmtp, cmd, ver)
-#endif
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
-}
-
-
-static int
-ipfaction(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
-	int i;
-#endif
-	struct lkm_dev *args = lkmtp->private.lkm_dev;
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
-# if (__NetBSD_Version__ < 200000000)
-		err = devsw_attach(args->lkm_devname,
-				   args->lkm_bdev, &args->lkm_bdevmaj,
-				   args->lkm_cdev, &args->lkm_cdevmaj);
-		if (err != 0)
-			return (err);
-# endif
-		ipf_major = args->lkm_cdevmaj;
-#else
-		for (i = 0; i < nchrdev; i++)
-			if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
-			    cdevsw[i].d_open == ipfopen)
-				break;
-		if (i == nchrdev) {
-			printf("IP Filter: No free cdevsw slots\n");
-			return ENODEV;
-		}
-
-		ipf_major = i;
-		args->lkm_offset = i;   /* slot in cdevsw[] */
-#endif
-		printf("IP Filter: loaded into slot %d\n", ipf_major);
-		return ipf_load();
-	case LKM_E_UNLOAD :
-#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
-		devsw_detach(args->lkm_bdev, args->lkm_cdev);
-		args->lkm_bdevmaj = -1;
-		args->lkm_cdevmaj = -1;
-#endif
-		err = ipf_unload();
-		if (!err)
-			printf("IP Filter: unloaded from slot %d\n",
-			       ipf_major);
-		break;
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return err;
-}
-
-
-static int
-ipf_remove()
-{
-	char *name;
-	struct nameidata nd;
-	int error, i;
-
-        for (i = 0; (name = ipf_devfiles[i]); i++) {
-#if (__NetBSD_Version__ > 106009999)
-# if (__NetBSD_Version__ > 399001400)
-#  if (__NetBSD_Version__ > 499001400)
-		NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
-		       name);
-#  else
-		NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
-		       name, curlwp);
-#  endif
-# else
-		NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
-		       name, curproc);
-# endif
-#else
-		NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-#endif
-		if ((error = namei(&nd)))
-			return (error);
-#if (__NetBSD_Version__ > 399001400)
-# if (__NetBSD_Version__ > 399002000)
-#  if (__NetBSD_Version__ < 499001400)
-		VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
-#  endif
-# else
-		VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
-# endif
-#else
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-#endif
-#if !defined(__NetBSD_Version__) || (__NetBSD_Version__ < 106000000)
-		vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
-#endif
-#if (__NetBSD_Version__ >= 399002000)
-# if (__NetBSD_Version__ < 499001400)
-		VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_cred, LEASE_WRITE);
-# endif
-#else
-# if (__NetBSD_Version__ > 399001400)
-		VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
-# else
-		VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-# endif
-#endif
-		(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-	}
-	return 0;
-}
-
-
-static int
-ipf_unload()
-{
-	int error = 0;
-
-	/*
-	 * Unloading - remove the filter rule check from the IP
-	 * input/output stream.
-	 */
-	if (ipfmain.ipf_refcnt)
-		error = EBUSY;
-	else if (ipfmain.ipf_running >= 0) {
-		error = ipfdetach(&ipfmain);
-		if (error == 0) {
-			ipf_destroy_all(&ipfmain);
-			ipf_unload_all();
-		}
-	}
-
-	if (error == 0) {
-		ipfmain.ipf_running = -2;
-		error = ipf_remove();
-		printf("%s unloaded\n", ipfilter_version);
-	}
-	return error;
-}
-
-
-static int
-ipf_load()
-{
-	struct nameidata nd;
-	struct vattr vattr;
-	int error = 0, fmode = S_IFCHR|0600, i;
-	char *name;
-
-	/*
-	 * XXX Remove existing device nodes prior to creating new ones
-	 * XXX using the assigned LKM device slot's major number.  In a
-	 * XXX perfect world we could use the ones specified by cdevsw[].
-	 */
-	(void)ipf_remove();
-
-	bzero((char *)&ipfmain, sizeof(ipfmain));
-        error = ipf_load_all();
-	if (error != 0)
-		return error;
-	if (ipf_create_all(&ipfmain) == NULL) {
-		ipf_unload_all();
-		return EIO;
-	}
-
-	error = ipfattach(&ipfmain);
-	if (error != 0) {
-		(void) ipf_unload();
-		return error;
-	}
-
-	for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
-#if (__NetBSD_Version__ > 399001400)
-# if (__NetBSD_Version__ > 499001400)
-		NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name);
-# else
-		NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curlwp);
-# endif
-#else
-		NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-#endif
-		if ((error = namei(&nd)))
-			break;
-		if (nd.ni_vp != NULL) {
-			VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
-			if (nd.ni_dvp == nd.ni_vp)
-				vrele(nd.ni_dvp);
-			else
-				vput(nd.ni_dvp);
-			vrele(nd.ni_vp);
-			error = EEXIST;
-			break;
-		}
-		VATTR_NULL(&vattr);
-		vattr.va_type = VCHR;
-		vattr.va_mode = (fmode & 07777);
-		vattr.va_rdev = (ipf_major << 8) | i;
-#if (__NetBSD_Version__ > 399001400)
-# if (__NetBSD_Version__ >= 399002000)
-#  if (__NetBSD_Version__ < 499001400)
-		VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
-#  endif
-# else
-		VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
-# endif
-#else
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-#endif
-		error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
-		if (error == 0)
-			vput(nd.ni_vp);
-	}
-
-	if (error == 0) {
-		char *defpass;
-
-		if (FR_ISPASS(ipfmain.ipf_pass))
-			defpass = "pass";
-		else if (FR_ISBLOCK(ipfmain.ipf_pass))
-			defpass = "block";
-		else
-			defpass = "no-match -> block";
-
-		printf("%s initialized.  Default = %s all, Logging = %s%s\n",
-			ipfilter_version, defpass,
-#ifdef IPFILTER_LOG
-			"enabled",
-#else
-			"disabled",
-#endif
-#ifdef IPFILTER_COMPILED
-			" (COMPILED)"
-#else
-			""
-#endif
-			);
-		ipfmain.ipf_running = 1;
-	}
-	return error;
-}
diff --git a/contrib/ipfilter/mln_rule.c b/contrib/ipfilter/mln_rule.c
deleted file mode 100644
index 2df3376816b4..000000000000
--- a/contrib/ipfilter/mln_rule.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- */
-
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <sys/conf.h>
-#include <sys/proc.h>
-#include <sys/ioctl.h>
-#include <sys/kernel.h>
-#include <sys/mbuf.h>
-#include <sys/exec.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <sys/lkm.h>
-#include "ip_compat.h"
-#include "ip_fil.h"
-#include "ip_rules.h"
-
-
-static int ipfruleaction __P((struct lkm_table *, int));
-
-#ifdef IPFILTER_LKM
-# if NetBSD >= 199706
-int	ipfrule_lkmentry __P((struct lkm_table *, int, int));
-# else
-int	xxxinit __P((struct lkm_table *, int, int));
-# endif
-
-
-MOD_MISC("IPFilter Rules");
-
-# if NetBSD >= 199706
-int ipfrule_lkmentry(lkmtp, cmd, ver)
-# else
-int xxxinit(lkmtp, cmd, ver)
-# endif
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
-}
-
-static int ipfruleaction(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-		err = ipfrule_add();
-		if (!err)
-			ipf_refcnt++;
-		break;
-	case LKM_E_UNLOAD :
-		err = ipfrule_remove();
-		if (!err)
-			ipf_refcnt--;
-		break;
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return err;
-}
-#endif /* IPFILTER_LKM */
diff --git a/contrib/ipfilter/mlo_ipl.c b/contrib/ipfilter/mlo_ipl.c
deleted file mode 100644
index 35556fa33f54..000000000000
--- a/contrib/ipfilter/mlo_ipl.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- */
-
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <sys/conf.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/proc.h>
-#include <sys/uio.h>
-#include <sys/kernel.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/malloc.h>
-#include <sys/mount.h>
-#include <sys/exec.h>
-#include <sys/mbuf.h>
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <sys/lkm.h>
-#include "ipl.h"
-#include "ip_compat.h"
-#include "ip_fil.h"
-
-#define vn_lock(v,f) VOP_LOCK(v)
-
-#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
-#define	VOP_LEASE	LEASE_CHECK
-#endif
-
-
-extern	int	lkmenodev __P((void));
-
-#if OpenBSD >= 200311
-int	if_ipf_lkmentry __P((struct lkm_table *, int, int));
-#else
-int	if_ipf __P((struct lkm_table *, int, int));
-#endif
-static	int	ipf_unload __P((void));
-static	int	ipf_load __P((void));
-static	int	ipf_remove __P((void));
-static	int	ipfaction __P((struct lkm_table *, int));
-static	char	*ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
-				    IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
-				    IPLOOKUP_NAME, NULL };
-
-
-struct	cdevsw	ipfdevsw =
-{
-	ipfopen,		/* open */
-	ipfclose,		/* close */
-	ipfread,		/* read */
-	(void *)nullop,		/* write */
-	ipfioctl,		/* ioctl */
-	(void *)nullop,		/* stop */
-	(void *)NULL,		/* tty */
-	(void *)nullop,		/* select */
-	(void *)nullop,		/* mmap */
-	NULL			/* strategy */
-};
-
-int	ipf_major = 0;
-
-MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
-
-extern int vd_unuseddev __P((void));
-extern struct cdevsw cdevsw[];
-extern int nchrdev;
-
-
-#if OpenBSD >= 200311
-int if_ipf_lkmentry (lkmtp, cmd, ver)
-#else
-int if_ipf(lkmtp, cmd, ver)
-#endif
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
-}
-
-int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
-
-static int ipfaction(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	int i;
-	struct lkm_dev *args = lkmtp->private.lkm_dev;
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-		for (i = 0; i < nchrdev; i++)
-			if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
-			    cdevsw[i].d_open == ipfopen)
-				break;
-		if (i == nchrdev) {
-			printf("IP Filter: No free cdevsw slots\n");
-			return ENODEV;
-		}
-
-		ipf_major = i;
-		args->lkm_offset = i;   /* slot in cdevsw[] */
-		printf("IP Filter: loaded into slot %d\n", ipf_major);
-		return ipf_load();
-	case LKM_E_UNLOAD :
-		err = ipf_unload();
-		if (!err)
-			printf("IP Filter: unloaded from slot %d\n",
-			       ipf_major);
-		break;
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return err;
-}
-
-
-static int ipf_remove()
-{
-	struct nameidata nd;
-	int error, i;
-	char *name;
-
-        for (i = 0; (name = ipf_devfiles[i]); i++) {
-#if OpenBSD >= 200311
-		NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF, UIO_SYSSPACE,
-		       name, curproc);
-#else
-		NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-#endif
-		if ((error = namei(&nd)))
-			return (error);
-		VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-#if OpenBSD < 200311
-		VOP_LOCK(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY, curproc);
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-#else
-		(void)uvm_vnp_uncache(nd.ni_vp);
-
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-		VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
-#endif
-		(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-	}
-	return 0;
-}
-
-
-static int ipf_unload()
-{
-	int error = 0;
-
-	/*
-	 * Unloading - remove the filter rule check from the IP
-	 * input/output stream.
-	 */
-        if (ipf_refcnt)
-                error = EBUSY;
-	else if (ipf_running >= 0)
-		error = ipfdetach();
-
-	if (error == 0) {
-		ipf_running = -2;
-		error = ipf_remove();
-		printf("%s unloaded\n", ipfilter_version);
-	}
-	return error;
-}
-
-
-static int ipf_load()
-{
-	struct nameidata nd;
-	struct vattr vattr;
-	int error = 0, fmode = S_IFCHR|0600, i;
-	char *name;
-
-	/*
-	 * XXX Remove existing device nodes prior to creating new ones
-	 * XXX using the assigned LKM device slot's major number.  In a
-	 * XXX perfect world we could use the ones specified by cdevsw[].
-	 */
-	(void)ipf_remove();
-
-	error = ipfattach();
-
-	for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
-		NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-		if ((error = namei(&nd)))
-			break;
-		if (nd.ni_vp != NULL) {
-			VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
-			if (nd.ni_dvp == nd.ni_vp)
-				vrele(nd.ni_dvp);
-			else
-				vput(nd.ni_dvp);
-			vrele(nd.ni_vp);
-			error = EEXIST;
-			break;
-		}
-		VATTR_NULL(&vattr);
-		vattr.va_type = VCHR;
-		vattr.va_mode = (fmode & 07777);
-		vattr.va_rdev = (ipf_major << 8) | i;
-		VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-		error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
-	}
-
-	if (error == 0) {
-		char *defpass;
-
-		if (FR_ISPASS(ipf_pass))
-			defpass = "pass";
-		else if (FR_ISBLOCK(ipf_pass))
-			defpass = "block";
-		else
-			defpass = "no-match -> block";
-
-		printf("%s initialized.  Default = %s all, Logging = %s%s\n",
-			ipfilter_version, defpass,
-#ifdef IPFILTER_LOG
-			"enabled",
-#else
-			"disabled",
-#endif
-#ifdef IPFILTER_COMPILED
-			" (COMPILED)"
-#else
-			""
-#endif
-			);
-		ipf_running = 1;
-	}
-	return error;
-}
-
-
-/*
- * routines below for saving IP headers to buffer
- */
-int
-ipfopen(dev, flags, devtype, p)
-	dev_t dev;
-	int flags;
-	int devtype;
-	struct proc *p;
-{
-	u_int min = GET_MINOR(dev);
-	int error;
-
-	if (IPL_LOGMAX < min) {
-		error = ENXIO;
-	} else {
-		switch (unit)
-		{
-		case IPL_LOGIPF :
-		case IPL_LOGNAT :
-		case IPL_LOGSTATE :
-		case IPL_LOGAUTH :
-		case IPL_LOGLOOKUP :
-		case IPL_LOGSYNC :
-#ifdef IPFILTER_SCAN
-		case IPL_LOGSCAN :
-#endif
-			error = 0;
-			break;
-		default :
-			error = ENXIO;
-			break;
-		}
-	}
-	return error;
-}
-
-
-int
-ipfclose(dev, flags, devtype, p)
-	dev_t dev;
-	int flags;
-	int devtype;
-	struct proc *p;
-{
-	u_int   min = GET_MINOR(dev);
-
-	if (IPL_LOGMAX < min)
-		min = ENXIO;
-	else
-		min = 0;
-	return min;
-}
-
-
-/*
- * ipfread/ipflog
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-int
-ipfread(dev, uio, ioflag)
-	dev_t dev;
-	register struct uio *uio;
-	int ioflag;
-{
-
-	if (ipf_running < 1)
-		return EIO;
-
-	if (GET_MINOR(dev) == IPL_LOGSYNC)
-		return ipfsync_read(uio);
-
-#ifdef IPFILTER_LOG
-	return ipflog_read(GET_MINOR(dev), uio);
-#else
-	return ENXIO;
-#endif
-}
-
-
-/*
- * ipfwrite
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-int
-#if (BSD >= 199306)
-ipfwrite(dev, uio, ioflag)
-	int ioflag;
-#else
-ipfwrite(dev, uio)
-#endif
-	dev_t dev;
-	register struct uio *uio;
-{
-
-	if (ipf_running < 1)
-		return EIO;
-
-	if (GET_MINOR(dev) == IPL_LOGSYNC)
-		return ipfsync_write(uio);
-	return ENXIO;
-}
diff --git a/contrib/ipfilter/mlo_rule.c b/contrib/ipfilter/mlo_rule.c
deleted file mode 100644
index dbd4305970ee..000000000000
--- a/contrib/ipfilter/mlo_rule.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- *
- */
-
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <sys/conf.h>
-#include <sys/proc.h>
-#include <sys/ioctl.h>
-#include <sys/kernel.h>
-#include <sys/mbuf.h>
-#include <sys/exec.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#include <netinet/in_systm.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <net/route.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <sys/lkm.h>
-#include "ip_compat.h"
-#include "ip_fil.h"
-#include "ip_rules.h"
-
-
-#ifdef	IPFILTER_LKM
-
-static int ipfruleaction __P((struct lkm_table *, int));
-
-int	ipfrule __P((struct lkm_table *, int, int));
-
-
-MOD_MISC("IPFilter Rules");
-
-int ipfrule(lkmtp, cmd, ver)
-	struct lkm_table *lkmtp;
-	int cmd, ver;
-{
-	DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
-}
-
-int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
-
-static int ipfruleaction(lkmtp, cmd)
-	struct lkm_table *lkmtp;
-	int cmd;
-{
-	int err = 0;
-
-	switch (cmd)
-	{
-	case LKM_E_LOAD :
-		if (lkmexists(lkmtp))
-			return EEXIST;
-
-		err = ipfrule_add();
-		if (!err)
-			ipf_refcnt++;
-		break;
-	case LKM_E_UNLOAD :
-		err = ipfrule_remove();
-		if (!err)
-			ipf_refcnt--;
-		break;
-	case LKM_E_STAT :
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-	return err;
-}
-#endif	/* IPFILTER_LKM */
diff --git a/contrib/ipfilter/mls_ipl.c b/contrib/ipfilter/mls_ipl.c
deleted file mode 100644
index 4388b617e631..000000000000
--- a/contrib/ipfilter/mls_ipl.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/conf.h>
-#include <sys/syslog.h>
-#include <sys/buf.h>
-#include <sys/mbuf.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/uio.h>
-#include <sys/vnode.h>
-#include <sundev/mbvar.h>
-#include <sun/autoconf.h>
-#include <sun/vddrv.h>
-#if defined(sun4c) || defined(sun4m)
-# include <sun/openprom.h>
-#endif
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <net/if.h>
-#include "ipl.h"
-#include "ip_compat.h"
-#include "ip_fil.h"
-
-
-#if !defined(lint)
-static const char sccsid[] = "@(#)mls_ipl.c	2.6 10/15/95 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id$";
-#endif
-
-extern	int	ipfdetach __P((void));
-#ifndef	IPFILTER_LOG
-#define	ipfread	nulldev
-#endif
-extern	int	nulldev __P((void));
-extern	int	errno;
-
-extern int nodev __P((void));
-
-static	int	unload __P((void));
-static	int	ipf_attach __P((void));
-int	xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
-static	char	*ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
-				    IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
-				    IPLOOKUP_NAME, NULL };
-static	int	ipfopen __P((dev_t, int));
-static	int	ipfclose __P((dev_t, int));
-static	int	ipfread __P((dev_t, struct uio *));
-static	int	ipfwrite __P((dev_t, struct uio *));
-
-
-struct	cdevsw	ipfdevsw =
-{
-	ipfopen, ipfclose, ipfread, nulldev,
-	ipfioctl, nulldev, nulldev, nulldev,
-	0, nulldev,
-};
-
-
-struct	dev_ops	ipf_ops =
-{
-	1,
-	ipfidentify,
-	ipfattach,
-	ipfopen,
-	ipfclose,
-	ipfread,
-	ipfwrite,
-	NULL,		/* strategy */
-	NULL,		/* dump */
-	0,		/* psize */
-        ipfioctl,
-	NULL,		/* reset */
-	NULL		/* mmap */
-};
-
-int	ipf_major = 0;
-
-#ifdef sun4m
-struct	vdldrv	vd =
-{
-	VDMAGIC_PSEUDO,
-	IPL_VERSION,
-	&ipf_ops,
-	NULL,
-	&ipfdevsw,
-	0,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	0,
-	1,
-};
-#else /* sun4m */
-struct vdldrv vd =
-{
-	VDMAGIC_PSEUDO,	/* magic */
-	IPL_VERSION,
-#ifdef sun4c
-	&ipf_ops,	/* dev_ops */
-#else
-	NULL,		/* struct mb_ctlr *mb_ctlr */
-	NULL,		/* struct mb_driver *mb_driver */
-	NULL,		/* struct mb_device *mb_device */
-	0,		/* num ctlrs */
-	1,		/* numdevs */
-#endif /* sun4c */
-	NULL,		/* bdevsw */
-	&ipfdevsw,	/* cdevsw */
-	0,		/* block major */
-	0,		/* char major */
-};
-#endif /* sun4m */
-
-extern int vd_unuseddev __P((void));
-extern struct cdevsw cdevsw[];
-extern int nchrdev;
-
-xxxinit(fc, vdp, data, vds)
-	u_int	fc;
-	struct	vddrv	*vdp;
-	caddr_t	data;
-	struct	vdstat	*vds;
-{
-	struct vdioctl_load *vdi = (struct vdioctl_load *)data;
-
-	switch (fc)
-	{
-	case VDLOAD:
-	    {
-		struct vdconf *vdc;
-		if (vdi && vdi->vdi_userconf)
-			for (vdc = vdi->vdi_userconf; vdc->vdc_type; vdc++)
-				if (vdc->vdc_type == VDCCHARMAJOR) {
-					ipf_major = vdc->vdc_data;
-					break;
-				}
-
-		if (!ipf_major) {
-			while (ipf_major < nchrdev &&
-			       cdevsw[ipf_major].d_open != vd_unuseddev)
-				ipf_major++;
-			if (ipf_major == nchrdev)
-				return ENODEV;
-		}
-		vdp->vdd_vdtab = (struct vdlinkage *)&vd;
-		vd.Drv_charmajor = ipf_major;
-		return ipf_attach();
-	    }
-	case VDUNLOAD:
-		return unload();
-	case VDSTAT:
-		return 0;
-	default:
-		return EIO;
-	}
-}
-
-
-static int
-unload()
-{
-	int err = 0, i;
-	char *name;
-
-	if (ipf_refcnt != 0)
-		err = EBUSY;
-	else if (ipf_running >= 0)
-		err = ipfdetach();
-	if (err)
-		return err;
-
-	ipf_running = -2;
-	for (i = 0; (name = ipf_devfiles[i]); i++)
-		(void) vn_remove(name, UIO_SYSSPACE, FILE);
-	printf("%s unloaded\n", ipfilter_version);
-	return 0;
-}
-
-
-static int
-ipf_attach()
-{
-	struct vnode *vp;
-	struct vattr vattr;
-	int error = 0, fmode = S_IFCHR|0600, i;
-	char *name;
-
-	error = ipfattach();
-	if (error)
-		return error;
-
-        for (i = 0; (name = ipf_devfiles[i]); i++) {
-		(void) vn_remove(name, UIO_SYSSPACE, FILE);
-		vattr_null(&vattr);
-		vattr.va_type = MFTOVT(fmode);
-		vattr.va_mode = (fmode & 07777);
-		vattr.va_rdev = (ipf_major << 8) | i;
-
-		error = vn_create(name, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
-		if (error) {
-			printf("IP Filter: vn_create(%s) = %d\n", name, error);
-			break;
-		} else {
-			VN_RELE(vp);
-		}
-	}
-
-	if (error == 0) {
-		char *defpass;
-
-		if (FR_ISPASS(ipf_pass))
-			defpass = "pass";
-		else if (FR_ISBLOCK(ipf_pass))
-			defpass = "block";
-		else
-			defpass = "no-match -> block";
-
-		printf("%s initialized.  Default = %s all, Logging = %s%s\n",
-			ipfilter_version, defpass,
-#ifdef IPFILTER_LOG
-			"enabled",
-#else
-			"disabled",
-#endif
-#ifdef IPFILTER_COMPILED
-			" (COMPILED)"
-#else
-			""
-#endif
-			);
-		ipf_running = 1;
-	}
-	return error;
-}
-
-
-/*
- * routines below for saving IP headers to buffer
- */
-static int
-ipfopen(dev, flags)
-	dev_t dev;
-	int flags;
-{
-	u_int unit = GET_MINOR(dev);
-	int error;
-
-	if (IPL_LOGMAX < unit) {
-		error = ENXIO;
-	} else {
-		switch (unit)
-		{
-		case IPL_LOGIPF :
-		case IPL_LOGNAT :
-		case IPL_LOGSTATE :
-		case IPL_LOGAUTH :
-		case IPL_LOGLOOKUP :
-		case IPL_LOGSYNC :
-#ifdef IPFILTER_SCAN
-		case IPL_LOGSCAN :
-#endif
-			error = 0;
-			break;
-		default :
-			error = ENXIO;
-			break;
-		}
-	}
-	return error;
-}
-
-
-static int
-ipfclose(dev, flags)
-	dev_t dev;
-	int flags;
-{
-	u_int	unit = GET_MINOR(dev);
-
-	if (IPL_LOGMAX < unit)
-		unit = ENXIO;
-	else
-		unit = 0;
-	return unit;
-}
-
-
-/*
- * ipfread/ipflog
- * both of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-static int
-ipfread(dev, uio)
-	dev_t dev;
-	register struct uio *uio;
-{
-
-	if (ipf_running < 1) {
-		ipfmain.ipf_interror = 130006;
-		return EIO;
-	}
-
-#ifdef IPFILTER_LOG
-	return ipflog_read(GET_MINOR(dev), uio);
-#else
-	ipfmain.ipf_interror = 130007;
-	return ENXIO;
-#endif
-}
-
-
-/*
- * ipfwrite
- */
-static int
-ipfwrite(dev, uio)
-	dev_t dev;
-	register struct uio *uio;
-{
-
-	if (ipf_running < 1) {
-		ipfmain.ipf_interror = 130008;
-		return EIO;
-	}
-
-	if (getminor(dev) == IPL_LOGSYNC)
-		return ipfsync_write(uio);
-	ipfmain.ipf_interror = 130009;
-	return ENXIO;
-}
diff --git a/contrib/ipfilter/mls_rule.c b/contrib/ipfilter/mls_rule.c
deleted file mode 100644
index e37df0c89314..000000000000
--- a/contrib/ipfilter/mls_rule.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
- * its own major char number! Way cool patch!
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/conf.h>
-#include <sys/syslog.h>
-#include <sys/buf.h>
-#include <sys/mbuf.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/uio.h>
-#include <sys/vnode.h>
-#include <sundev/mbvar.h>
-#include <sun/autoconf.h>
-#include <sun/vddrv.h>
-#if defined(sun4c) || defined(sun4m)
-# include <sun/openprom.h>
-#endif
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <net/if.h>
-#include "ip_compat.h"
-#include "ip_fil.h"
-#include "ip_rules.h"
-
-
-extern	int	errno;
-
-
-int	xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
-
-int	ipl_major = 0;
-
-#ifdef sun4m
-struct	vdldrv	vd =
-{
-	VDMAGIC_USER,
-	"IP Filter rules",
-	NULL,
-	NULL,
-	NULL,
-	0,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	0,
-	1,
-};
-#else /* sun4m */
-struct vdldrv vd =
-{
-	VDMAGIC_USER,	/* magic */
-	"IP Filter rules",
-#ifdef sun4c
-	NULL,	/* dev_ops */
-#else
-	NULL,		/* struct mb_ctlr *mb_ctlr */
-	NULL,		/* struct mb_driver *mb_driver */
-	NULL,		/* struct mb_device *mb_device */
-	0,		/* num ctlrs */
-	1,		/* numdevs */
-#endif /* sun4c */
-	NULL,		/* bdevsw */
-	NULL,		/* cdevsw */
-	0,		/* block major */
-	0,		/* char major */
-};
-#endif /* sun4m */
-
-
-xxxinit(fc, vdp, data, vds)
-	u_int	fc;
-	struct	vddrv	*vdp;
-	caddr_t	data;
-	struct	vdstat	*vds;
-{
-	struct vdioctl_load *vdi = (struct vdioctl_load *)data;
-	int err;
-
-	switch (fc)
-	{
-	case VDLOAD:
-		err = ipfrule_add();
-		if (!err)
-			ipf_refcnt++;
-		break;
-	case VDUNLOAD:
-		err = ipfrule_remove();
-		if (!err)
-			ipf_refcnt--;
-		break;
-	case VDSTAT:
-		err = 0;
-		break;
-	default:
-		err = EIO;
-		break;
-	}
-}
diff --git a/contrib/ipfilter/mlso_rule.c b/contrib/ipfilter/mlso_rule.c
deleted file mode 100644
index a9395f2d2f71..000000000000
--- a/contrib/ipfilter/mlso_rule.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* $FreeBSD$ */
-
-/*
- * Copyright (C) 2012 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-#pragma ident "@(#)$Id$"
-
-#include <sys/systm.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/uio.h>
-#include <sys/buf.h>
-#include <sys/modctl.h>
-#include <sys/open.h>
-#include <sys/kmem.h>
-#include <sys/conf.h>
-#include <sys/cmn_err.h>
-#include <sys/stat.h>
-#include <sys/cred.h>
-#include <sys/dditypes.h>
-#include <sys/stream.h>
-#include <sys/poll.h>
-#include <sys/autoconf.h>
-#include <sys/byteorder.h>
-#include <sys/socket.h>
-#include <sys/dlpi.h>
-#include <sys/stropts.h>
-#include <sys/sockio.h>
-#include <net/if.h>
-#if SOLARIS2 >= 6
-# include <net/if_types.h>
-#endif
-#include <net/af.h>
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/if_ether.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/tcpip.h>
-#include <netinet/ip_icmp.h>
-#include <sys/ddi.h>
-#include <sys/sunddi.h>
-#include "ip_compat.h"
-#include "ip_fil.h"
-#include "ip_rules.h"
-
-char	_depends_on[] = "drv/ipf";
-
-
-extern	ipf_main_softc_t	ipfmain;
-extern	struct mod_ops		mod_miscops;
-static	struct modlmisc		ipfrulemod = {
-		&mod_miscops,
-		"IP Filter rules"
-};
-
-static	struct modlinkage	modlink1 = {
-		MODREV_1,
-		&ipfrulemod,
-		NULL
-};
-
-
-int _init()
-{
-	int ipfruleinst;
-
-	ipfruleinst = mod_install(&modlink1);
-#ifdef	IPFRULEDEBUG
-	cmn_err(CE_NOTE, "IP Filter Rules: _init() = %d", ipfruleinst);
-#endif
-
-	if (ipfruleinst == 0) {
-		if (ipfmain.ipf_running >= 0) {
-			ipfruleinst = ipfrule_add();
-			if (!ipfruleinst)
-				ipfmain.ipf_refcnt++;
-			else {
-				cmn_err(CE_NOTE,
-					"IP Filter Rules: ipfrule_add failed");
-				ipfruleinst = -1;
-			}
-		} else
-			ipfruleinst = -1;
-	}
-	if (ipfruleinst == 0)
-		cmn_err(CE_CONT, "IP Filter Rules: loaded\n");
-	return ipfruleinst;
-}
-
-
-int _fini(void)
-{
-	int ipfruleinst;
-
-	ipfruleinst = mod_remove(&modlink1);
-#ifdef	IPFRULEDEBUG
-	cmn_err(CE_NOTE, "IP Filter Rules: _fini() = %d", ipfruleinst);
-#endif
-	if (ipfruleinst == 0) {
-		ipfruleinst = ipfrule_remove();
-		if (!ipfruleinst)
-			ipfmain.ipf_refcnt--;
-		else
-			ipfruleinst = -1;
-	}
-	if (ipfruleinst == 0)
-		cmn_err(CE_CONT, "IP Filter Rules: unloaded\n");
-	return ipfruleinst;
-}
-
-
-int _info(modinfop)
-	struct modinfo *modinfop;
-{
-	int ipfruleinst;
-
-	ipfruleinst = mod_info(&modlink1, modinfop);
-#ifdef	IPFRULEDEBUG
-	cmn_err(CE_NOTE, "IP Filter Rules: _info(%x) = %x",
-		modinfop, ipfruleinst);
-#endif
-	return ipfruleinst;
-}
author	Cy Schubert <cy@FreeBSD.org>	2019-02-03 05:26:07 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2019-02-03 05:26:07 +0000
commit	e9a5006bff7649603eca4271b166b3453a906171 (patch)
tree	c6878ee69f0e5c7c87590907af932aeec5ee90b0 /contrib
parent	e82e8246fc1ab8b3892f69fbdd4ec546f617e2ff (diff)
download	src-test2-e9a5006bff7649603eca4271b166b3453a906171.tar.gz src-test2-e9a5006bff7649603eca4271b166b3453a906171.zip