release/4.1.1

2 files changed, 0 insertions, 959 deletions

diff --git a/sys/contrib/ipfilter/netinet/ip_log.c b/sys/contrib/ipfilter/netinet/ip_log.c
deleted file mode 100644
index 082a0a3cf832..000000000000
--- a/sys/contrib/ipfilter/netinet/ip_log.c
+++ /dev/null
@@ -1,507 +0,0 @@
-/*
- * Copyright (C) 1997-2000 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- *
- * $Id: ip_log.c,v 2.5.2.1 2000/07/19 13:11:47 darrenr Exp $
- * $FreeBSD$
- */
-#include <sys/param.h>
-#if defined(KERNEL) && !defined(_KERNEL)
-# define       _KERNEL
-#endif
-#if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM)
-# include "opt_ipfilter_log.h"
-#endif
-#ifdef  __FreeBSD__
-# if defined(IPFILTER_LKM) || defined(_KERNEL)
-#  if !defined(__FreeBSD_version) 
-#   include <sys/osreldate.h>
-#  endif
-#  if !defined(IPFILTER_LKM)
-#   if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
-#    include "opt_ipfilter.h"
-#   endif
-#  endif
-# else
-#  ifdef KLD_MODULE
-#   include <osreldate.h>
-#  endif
-# endif
-#endif
-#ifdef  IPFILTER_LOG
-# ifndef SOLARIS
-#  define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
-# endif
-# ifndef _KERNEL
-#  include <stdio.h>
-#  include <string.h>
-#  include <stdlib.h>
-#  include <ctype.h>
-# endif
-# include <sys/errno.h>
-# include <sys/types.h>
-# include <sys/file.h>
-# if __FreeBSD_version >= 220000 && defined(_KERNEL)
-#  include <sys/fcntl.h>
-#  include <sys/filio.h>
-# else
-#  include <sys/ioctl.h>
-# endif
-# include <sys/time.h>
-# if defined(_KERNEL) && !defined(linux)
-#  include <sys/systm.h>
-# endif
-# include <sys/uio.h>
-# if !SOLARIS
-#  if (NetBSD > 199609) || (OpenBSD > 199603) || (__FreeBSD_version >= 300000)
-#   include <sys/dirent.h>
-#  else
-#   include <sys/dir.h>
-#  endif
-#  ifndef linux
-#   include <sys/mbuf.h>
-#  endif
-# else
-#  include <sys/filio.h>
-#  include <sys/cred.h>
-#  include <sys/ddi.h>
-#  include <sys/sunddi.h>
-#  include <sys/ksynch.h>
-#  include <sys/kmem.h>
-#  include <sys/mkdev.h>
-#  include <sys/dditypes.h>
-#  include <sys/cmn_err.h>
-# endif
-# ifndef linux
-#  include <sys/protosw.h>
-# endif
-# include <sys/socket.h>
-
-# include <net/if.h>
-# ifdef sun
-#  include <net/af.h>
-# endif
-# if __FreeBSD_version >= 300000
-#  include <net/if_var.h>
-# endif
-# include <net/route.h>
-# include <netinet/in.h>
-# ifdef __sgi
-#  include <sys/ddi.h>
-#  ifdef IFF_DRVRLOCK /* IRIX6 */
-#   include <sys/hashing.h>
-#  endif
-# endif
-# if !defined(linux) && !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /*IRIX<6*/
-#  include <netinet/in_var.h>
-# endif
-# include <netinet/in_systm.h>
-# include <netinet/ip.h>
-# include <netinet/tcp.h>
-# include <netinet/udp.h>
-# include <netinet/ip_icmp.h>
-# ifndef linux
-#  include <netinet/ip_var.h>
-# endif
-# ifndef _KERNEL
-#  include <syslog.h>
-# endif
-# include "netinet/ip_compat.h"
-# include <netinet/tcpip.h>
-# include "netinet/ip_fil.h"
-# include "netinet/ip_proxy.h"
-# include "netinet/ip_nat.h"
-# include "netinet/ip_frag.h"
-# include "netinet/ip_state.h"
-# include "netinet/ip_auth.h"
-# if (__FreeBSD_version >= 300000)
-#  include <sys/malloc.h>
-# endif
-
-# ifndef MIN
-#  define	MIN(a,b)	(((a)<(b))?(a):(b))
-# endif
-
-
-# if SOLARIS || defined(__sgi)
-extern	kmutex_t	ipl_mutex;
-#  if SOLARIS
-extern	kcondvar_t	iplwait;
-#  endif
-# endif
-
-iplog_t	**iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1], *ipll[IPL_LOGMAX+1];
-size_t	iplused[IPL_LOGMAX+1];
-static fr_info_t	iplcrc[IPL_LOGMAX+1];
-# ifdef	linux
-static struct wait_queue *iplwait[IPL_LOGMAX+1];
-# endif
-
-
-/*
- * Initialise log buffers & pointers.  Also iniialised the CRC to a local
- * secret for use in calculating the "last log checksum".
- */
-void ipflog_init()
-{
-	int	i;
-
-	for (i = IPL_LOGMAX; i >= 0; i--) {
-		iplt[i] = NULL;
-		ipll[i] = NULL;
-		iplh[i] = &iplt[i];
-		iplused[i] = 0;
-		bzero((char *)&iplcrc[i], sizeof(iplcrc[i]));
-	}
-}
-
-
-/*
- * ipflog
- * Create a log record for a packet given that it has been triggered by a
- * rule (or the default setting).  Calculate the transport protocol header
- * size using predetermined size of a couple of popular protocols and thus
- * how much data to copy into the log, including part of the data body if
- * requested.
- */
-int ipflog(flags, ip, fin, m)
-u_int flags;
-ip_t *ip;
-fr_info_t *fin;
-mb_t *m;
-{
-	ipflog_t ipfl;
-	register size_t mlen, hlen;
-	size_t sizes[2];
-	void *ptrs[2];
-	int types[2];
-	u_char p;
-# if SOLARIS
-	ill_t *ifp = fin->fin_ifp;
-# else
-	struct ifnet *ifp = fin->fin_ifp;
-# endif
-
-	/*
-	 * calculate header size.
-	 */
-	hlen = fin->fin_hlen;
-	if (fin->fin_off == 0) {
-		p = fin->fin_fi.fi_p;
-		if (p == IPPROTO_TCP)
-			hlen += MIN(sizeof(tcphdr_t), fin->fin_dlen);
-		else if (p == IPPROTO_UDP)
-			hlen += MIN(sizeof(udphdr_t), fin->fin_dlen);
-		else if (p == IPPROTO_ICMP) {
-			struct icmp *icmp;
-
-			icmp = (struct icmp *)fin->fin_dp;
-	 
-			/*
-			 * For ICMP, if the packet is an error packet, also
-			 * include the information about the packet which
-			 * caused the error.
-			 */
-			switch (icmp->icmp_type)
-			{
-			case ICMP_UNREACH :
-			case ICMP_SOURCEQUENCH :
-			case ICMP_REDIRECT :
-			case ICMP_TIMXCEED :
-			case ICMP_PARAMPROB :
-				hlen += MIN(sizeof(struct icmp) + 8,
-					    fin->fin_dlen);
-				break;
-			default :
-				hlen += MIN(sizeof(struct icmp),
-					    fin->fin_dlen);
-				break;
-			}
-		}
-	}
-	/*
-	 * Get the interface number and name to which this packet is
-	 * currently associated.
-	 */
-# if SOLARIS
-	ipfl.fl_unit = (u_char)ifp->ill_ppa;
-	bcopy(ifp->ill_name, ipfl.fl_ifname, MIN(ifp->ill_name_length, 4));
-	mlen = (flags & FR_LOGBODY) ? MIN(msgdsize(m) - hlen, 128) : 0;
-# else
-#  if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
-	(defined(OpenBSD) && (OpenBSD >= 199603))
-	strncpy(ipfl.fl_ifname, ifp->if_xname, IFNAMSIZ);
-#  else
-#   ifndef linux
-	ipfl.fl_unit = (u_char)ifp->if_unit;
-#   endif
-	if ((ipfl.fl_ifname[0] = ifp->if_name[0]))
-		if ((ipfl.fl_ifname[1] = ifp->if_name[1]))
-			if ((ipfl.fl_ifname[2] = ifp->if_name[2]))
-				ipfl.fl_ifname[3] = ifp->if_name[3];
-#  endif
-	mlen = (flags & FR_LOGBODY) ? MIN(fin->fin_plen - hlen, 128) : 0;
-# endif
-	ipfl.fl_plen = (u_char)mlen;
-	ipfl.fl_hlen = (u_char)hlen;
-	ipfl.fl_rule = fin->fin_rule;
-	ipfl.fl_group = fin->fin_group;
-	if (fin->fin_fr != NULL)
-		ipfl.fl_loglevel = fin->fin_fr->fr_loglevel;
-	else
-		ipfl.fl_loglevel = 0xffff;
-	ipfl.fl_flags = flags;
-	ptrs[0] = (void *)&ipfl;
-	sizes[0] = sizeof(ipfl);
-	types[0] = 0;
-# if SOLARIS
-	/*
-	 * Are we copied from the mblk or an aligned array ?
-	 */
-	if (ip == (ip_t *)m->b_rptr) {
-		ptrs[1] = m;
-		sizes[1] = hlen + mlen;
-		types[1] = 1;
-	} else {
-		ptrs[1] = ip;
-		sizes[1] = hlen + mlen;
-		types[1] = 0;
-	}
-# else
-	ptrs[1] = m;
-	sizes[1] = hlen + mlen;
-	types[1] = 1;
-# endif
-	return ipllog(IPL_LOGIPF, fin, ptrs, sizes, types, 2);
-}
-
-
-/*
- * ipllog
- */
-int ipllog(dev, fin, items, itemsz, types, cnt)
-int dev;
-fr_info_t *fin;
-void **items;
-size_t *itemsz;
-int *types, cnt;
-{
-	caddr_t buf, s;
-	iplog_t *ipl;
-	size_t len;
-	int i;
- 
-	/*
-	 * Check to see if this log record has a CRC which matches the last
-	 * record logged.  If it does, just up the count on the previous one
-	 * rather than create a new one.
-	 */
-	MUTEX_ENTER(&ipl_mutex);
-	if (fin != NULL) {
-		if ((ipll[dev] != NULL) &&
-		    bcmp((char *)fin, (char *)&iplcrc[dev], FI_CSIZE) == 0) {
-			ipll[dev]->ipl_count++;
-			MUTEX_EXIT(&ipl_mutex);
-			return 1;
-		}
-		bcopy((char *)fin, (char *)&iplcrc[dev], FI_CSIZE);
-	} else
-		bzero((char *)&iplcrc[dev], FI_CSIZE);
-	MUTEX_EXIT(&ipl_mutex);
-
-	/*
-	 * Get the total amount of data to be logged.
-	 */
-	for (i = 0, len = sizeof(iplog_t); i < cnt; i++)
-		len += itemsz[i];
-
-	/*
-	 * check that we have space to record this information and can
-	 * allocate that much.
-	 */
-	KMALLOCS(buf, caddr_t, len);
-	if (!buf)
-		return 0;
-	MUTEX_ENTER(&ipl_mutex);
-	if ((iplused[dev] + len) > IPLLOGSIZE) {
-		MUTEX_EXIT(&ipl_mutex);
-		KFREES(buf, len);
-		return 0;
-	}
-	iplused[dev] += len;
-	MUTEX_EXIT(&ipl_mutex);
-
-	/*
-	 * advance the log pointer to the next empty record and deduct the
-	 * amount of space we're going to use.
-	 */
-	ipl = (iplog_t *)buf;
-	ipl->ipl_magic = IPL_MAGIC;
-	ipl->ipl_count = 1;
-	ipl->ipl_next = NULL;
-	ipl->ipl_dsize = len;
-# if SOLARIS || defined(sun) || defined(linux)
-	uniqtime((struct timeval *)&ipl->ipl_sec);
-# else
-#  if BSD >= 199306 || defined(__FreeBSD__) || defined(__sgi)
-	microtime((struct timeval *)&ipl->ipl_sec);
-#  endif
-# endif
-
-	/*
-	 * Loop through all the items to be logged, copying each one to the
-	 * buffer.  Use bcopy for normal data or the mb_t copyout routine.
-	 */
-	for (i = 0, s = buf + sizeof(*ipl); i < cnt; i++) {
-		if (types[i] == 0)
-			bcopy(items[i], s, itemsz[i]);
-		else if (types[i] == 1) {
-# if SOLARIS
-			copyout_mblk(items[i], 0, itemsz[i], s);
-# else
-			m_copydata(items[i], 0, itemsz[i], s);
-# endif
-		}
-		s += itemsz[i];
-	}
-	MUTEX_ENTER(&ipl_mutex);
-	ipll[dev] = ipl;
-	*iplh[dev] = ipl;
-	iplh[dev] = &ipl->ipl_next;
-# if SOLARIS
-	cv_signal(&iplwait);
-	mutex_exit(&ipl_mutex);
-# else
-	MUTEX_EXIT(&ipl_mutex);
-#  ifdef linux
-	wake_up_interruptible(&iplwait[dev]);
-#  else
-	wakeup(&iplh[dev]);
-#  endif
-# endif
-	return 1;
-}
-
-
-int ipflog_read(unit, uio)
-minor_t unit;
-struct uio *uio;
-{
-	size_t dlen, copied;
-	int error = 0;
-	iplog_t *ipl;
-# if defined(_KERNEL) && !SOLARIS
-	int s;
-# endif
-
-	/*
-	 * Sanity checks.  Make sure the minor # is valid and we're copying
-	 * a valid chunk of data.
-	 */
-	if (IPL_LOGMAX < unit)
-		return ENXIO;
-	if (!uio->uio_resid)
-		return 0;
-	if ((uio->uio_resid < sizeof(iplog_t)) ||
-	    (uio->uio_resid > IPLLOGSIZE))
-		return EINVAL;
- 
-	/*
-	 * Lock the log so we can snapshot the variables.  Wait for a signal
-	 * if the log is empty.
-	 */
-	SPL_NET(s);
-	MUTEX_ENTER(&ipl_mutex);
-
-	while (!iplused[unit] || !iplt[unit]) {
-# if SOLARIS && defined(_KERNEL)
-		if (!cv_wait_sig(&iplwait, &ipl_mutex)) {
-			MUTEX_EXIT(&ipl_mutex);
-			return EINTR;
-		}
-# else
-#  ifdef linux
-		interruptible_sleep_on(&iplwait[unit]);
-		if (current->signal & ~current->blocked)
-			return -EINTR;
-#  else
-		MUTEX_EXIT(&ipl_mutex);
-		SPL_X(s);
-		error = SLEEP(&iplh[unit], "ipl sleep");
-		if (error)
-			return error;
-		SPL_NET(s);
-		MUTEX_ENTER(&ipl_mutex);
-#  endif /* linux */
-# endif /* SOLARIS */
-	}
-
-# if BSD >= 199306 || defined(__FreeBSD__)
-	uio->uio_rw = UIO_READ;
-# endif
-
-	for (copied = 0; (ipl = iplt[unit]); copied += dlen) {
-		dlen = ipl->ipl_dsize;
-		if (dlen > uio->uio_resid)
-			break;
-		/*
-		 * Don't hold the mutex over the uiomove call.
-		 */
-		iplt[unit] = ipl->ipl_next;
-		iplused[unit] -= dlen;
-		MUTEX_EXIT(&ipl_mutex);
-		SPL_X(s);
-		error = UIOMOVE((caddr_t)ipl, dlen, UIO_READ, uio);
-		if (error) {
-			SPL_NET(s);
-			MUTEX_ENTER(&ipl_mutex);
-			ipl->ipl_next = iplt[unit];
-			iplt[unit] = ipl;
-			iplused[unit] += dlen;
-			break;
-		}
-		KFREES((caddr_t)ipl, dlen);
-		SPL_NET(s);
-		MUTEX_ENTER(&ipl_mutex);
-	}
-	if (!iplt[unit]) {
-		iplused[unit] = 0;
-		iplh[unit] = &iplt[unit];
-		ipll[unit] = NULL;
-	}
-
-	MUTEX_EXIT(&ipl_mutex);
-	SPL_X(s);
-# ifdef 	linux
-	if (!error)
-		return (int)copied;
-	return -error;
-# else
-	return error;
-# endif
-}
-
-
-int ipflog_clear(unit)
-minor_t unit;
-{
-	iplog_t *ipl;
-	int used;
-
-	MUTEX_ENTER(&ipl_mutex);
-	while ((ipl = iplt[unit])) {
-		iplt[unit] = ipl->ipl_next;
-		KFREES((caddr_t)ipl, ipl->ipl_dsize);
-	}
-	iplh[unit] = &iplt[unit];
-	ipll[unit] = NULL;
-	used = iplused[unit];
-	iplused[unit] = 0;
-	bzero((char *)&iplcrc[unit], FI_CSIZE);
-	MUTEX_EXIT(&ipl_mutex);
-	return used;
-}
-#endif /* IPFILTER_LOG */
diff --git a/sys/contrib/ipfilter/netinet/ip_proxy.c b/sys/contrib/ipfilter/netinet/ip_proxy.c
deleted file mode 100644
index 47d0e5ea0de3..000000000000
--- a/sys/contrib/ipfilter/netinet/ip_proxy.c
+++ /dev/null
@@ -1,452 +0,0 @@
-/*
- * Copyright (C) 1997-2000 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- */
-#if !defined(lint)
-/*static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.2.2.1 1999/09/19 12:18:19 darrenr Exp $";*/
-static const char rcsid[] = "@(#)$FreeBSD$";
-#endif
-
-#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
-# define	_KERNEL
-#endif
-
-#include <sys/errno.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/file.h>
-#if !defined(__FreeBSD_version)  
-# include <sys/ioctl.h>      
-#endif
-#include <sys/fcntl.h>
-#include <sys/uio.h>
-#if !defined(_KERNEL) && !defined(KERNEL)
-# include <stdio.h>
-# include <string.h>
-# include <stdlib.h>
-#endif
-#ifndef	linux
-# include <sys/protosw.h>
-#endif
-#include <sys/socket.h>
-#if defined(_KERNEL)
-# if !defined(linux)
-#  include <sys/systm.h>
-# else
-#  include <linux/string.h>
-# endif
-#endif
-#if !defined(__SVR4) && !defined(__svr4__)
-# ifndef linux
-#  include <sys/mbuf.h>
-# endif
-#else
-# include <sys/byteorder.h>
-# ifdef _KERNEL
-#  include <sys/dditypes.h>
-# endif
-# include <sys/stream.h>
-# include <sys/kmem.h>
-#endif
-#if __FreeBSD__ > 2
-# include <sys/queue.h>
-#endif
-#include <net/if.h>
-#ifdef sun
-# include <net/af.h>
-#endif
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#ifndef linux
-# include <netinet/ip_var.h>
-#endif
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/ip_icmp.h>
-#include "netinet/ip_compat.h"
-#include <netinet/tcpip.h>
-#include "netinet/ip_fil.h"
-#include "netinet/ip_proxy.h"
-#include "netinet/ip_nat.h"
-#include "netinet/ip_state.h"
-#if (__FreeBSD_version >= 300000)
-# include <sys/malloc.h>
-#endif
-
-
-#ifndef MIN
-#define MIN(a,b)        (((a)<(b))?(a):(b))
-#endif
-
-static ap_session_t *appr_new_session __P((aproxy_t *, ip_t *,
-					   fr_info_t *, nat_t *));
-static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int ));
-
-
-#define	AP_SESS_SIZE	53
-
-#if defined(_KERNEL) && !defined(linux)
-#include "netinet/ip_ftp_pxy.c"
-#include "netinet/ip_rcmd_pxy.c"
-#include "netinet/ip_raudio_pxy.c"
-#endif
-
-ap_session_t	*ap_sess_tab[AP_SESS_SIZE];
-ap_session_t	*ap_sess_list = NULL;
-aproxy_t	*ap_proxylist = NULL;
-aproxy_t	ap_proxies[] = {
-#ifdef	IPF_FTP_PROXY
-	{ NULL, "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL,
-	  ippr_ftp_new, ippr_ftp_in, ippr_ftp_out },
-#endif
-#ifdef	IPF_RCMD_PROXY
-	{ NULL, "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, NULL,
-	  ippr_rcmd_new, NULL, ippr_rcmd_out },
-#endif
-#ifdef	IPF_RAUDIO_PROXY
-	{ NULL, "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, NULL,
-	  ippr_raudio_new, ippr_raudio_in, ippr_raudio_out },
-#endif
-	{ NULL, "", '\0', 0, 0, NULL, NULL }
-};
-
-
-int appr_add(ap)
-aproxy_t *ap;
-{
-	aproxy_t *a;
-
-	for (a = ap_proxies; a->apr_p; a++)
-		if ((a->apr_p == ap->apr_p) &&
-		    !strncmp(a->apr_label, ap->apr_label,
-			     sizeof(ap->apr_label)))
-			return -1;
-
-	for (a = ap_proxylist; a->apr_p; a = a->apr_next)
-		if ((a->apr_p == ap->apr_p) &&
-		    !strncmp(a->apr_label, ap->apr_label,
-			     sizeof(ap->apr_label)))
-			return -1;
-	ap->apr_next = ap_proxylist;
-	ap_proxylist = ap;
-	return (*ap->apr_init)();
-}
-
-
-int appr_del(ap)
-aproxy_t *ap;
-{
-	aproxy_t *a, **app;
-
-	for (app = &ap_proxylist; (a = *app); app = &a->apr_next)
-		if (a == ap) {
-			if (ap->apr_ref != 0)
-				return 1;
-			*app = a->apr_next;
-			return 0;
-		}
-	return -1;
-}
-
-
-int appr_ok(ip, tcp, nat)
-ip_t *ip;
-tcphdr_t *tcp;
-ipnat_t *nat;
-{
-	aproxy_t *apr = nat->in_apr;
-	u_short dport = nat->in_dport;
-
-	if (!apr || (apr->apr_flags & APR_DELETE) ||
-	    (ip->ip_p != apr->apr_p))
-		return 0;
-	if ((tcp && (tcp->th_dport != dport)) || (!tcp && dport))
-		return 0;
-	return 1;
-}
-
-
-/*
- * Allocate a new application proxy structure and fill it in with the
- * relevant details.  call the init function once complete, prior to
- * returning.
- */
-static ap_session_t *appr_new_session(apr, ip, fin, nat)
-aproxy_t *apr;
-ip_t *ip;
-fr_info_t *fin;
-nat_t *nat;
-{
-	register ap_session_t *aps;
-
-	if (!apr || (apr->apr_flags & APR_DELETE) || (ip->ip_p != apr->apr_p))
-		return NULL;
-
-	KMALLOC(aps, ap_session_t *);
-	if (!aps)
-		return NULL;
-	bzero((char *)aps, sizeof(*aps));
-	aps->aps_p = ip->ip_p;
-	aps->aps_data = NULL;
-	aps->aps_apr = apr;
-	aps->aps_psiz = 0;
-	if (apr->apr_new != NULL)
-		if ((*apr->apr_new)(fin, ip, aps, nat) == -1) {
-			KFREE(aps);
-			return NULL;
-		}
-	aps->aps_nat = nat;
-	aps->aps_next = ap_sess_list;
-	ap_sess_list = aps;
-	return aps;
-}
-
-
-/*
- * check to see if a packet should be passed through an active proxy routine
- * if one has been setup for it.
- */
-int appr_check(ip, fin, nat)
-ip_t *ip;
-fr_info_t *fin;
-nat_t *nat;
-{
-	ap_session_t *aps;
-	aproxy_t *apr;
-	tcphdr_t *tcp = NULL;
-	u_32_t sum;
-	short rv;
-	int err;
-
-	if (nat->nat_aps == NULL)
-		nat->nat_aps = appr_new_session(nat->nat_ptr->in_apr, ip,
-						fin, nat);
-	aps = nat->nat_aps;
-	if ((aps != NULL) && (aps->aps_p == ip->ip_p)) {
-		if (ip->ip_p == IPPROTO_TCP) {
-			tcp = (tcphdr_t *)fin->fin_dp;
-			/*
-			 * verify that the checksum is correct.  If not, then
-			 * don't do anything with this packet.
-			 */
-#if SOLARIS && defined(_KERNEL)
-			sum = fr_tcpsum(fin->fin_qfm, ip, tcp);
-#else
-			sum = fr_tcpsum(*(mb_t **)fin->fin_mp, ip, tcp);
-#endif
-			if (sum != tcp->th_sum) {
-				frstats[fin->fin_out].fr_tcpbad++;
-				return -1;
-			}
-		}
-
-		apr = aps->aps_apr;
-		err = 0;
-		if (fin->fin_out != 0) {
-			if (apr->apr_outpkt != NULL)
-				err = (*apr->apr_outpkt)(fin, ip, aps, nat);
-		} else {
-			if (apr->apr_inpkt != NULL)
-				err = (*apr->apr_inpkt)(fin, ip, aps, nat);
-		}
-
-		rv = APR_EXIT(err);
-		if (rv == -1)
-			return rv;
-
-		if (tcp != NULL) {
-			err = appr_fixseqack(fin, ip, aps, APR_INC(err));
-#if SOLARIS && defined(_KERNEL)
-			tcp->th_sum = fr_tcpsum(fin->fin_qfm, ip, tcp);
-#else
-			tcp->th_sum = fr_tcpsum(*(mb_t **)fin->fin_mp, ip, tcp);
-#endif
-		}
-		aps->aps_bytes += ip->ip_len;
-		aps->aps_pkts++;
-		return 1;
-	}
-	return 0;
-}
-
-
-aproxy_t *appr_match(pr, name)
-u_int pr;
-char *name;
-{
-	aproxy_t *ap;
-
-	for (ap = ap_proxies; ap->apr_p; ap++)
-		if ((ap->apr_p == pr) &&
-		    !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) {
-			ap->apr_ref++;
-			return ap;
-		}
-
-	for (ap = ap_proxylist; ap; ap = ap->apr_next)
-		if ((ap->apr_p == pr) &&
-		    !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) {
-			ap->apr_ref++;
-			return ap;
-		}
-	return NULL;
-}
-
-
-void appr_free(ap)
-aproxy_t *ap;
-{
-	ap->apr_ref--;
-}
-
-
-void aps_free(aps)
-ap_session_t *aps;
-{
-	ap_session_t *a, **ap;
-
-	if (!aps)
-		return;
-
-	for (ap = &ap_sess_list; (a = *ap); ap = &a->aps_next)
-		if (a == aps) {
-			*ap = a->aps_next;
-			break;
-		}
-
-	if ((aps->aps_data != NULL) && (aps->aps_psiz != 0))
-		KFREES(aps->aps_data, aps->aps_psiz);
-	KFREE(aps);
-}
-
-
-static int appr_fixseqack(fin, ip, aps, inc)
-fr_info_t *fin;
-ip_t *ip;
-ap_session_t *aps;
-int inc;
-{
-	int sel, ch = 0, out, nlen;
-	u_32_t seq1, seq2;
-	tcphdr_t *tcp;
-
-	tcp = (tcphdr_t *)fin->fin_dp;
-	out = fin->fin_out;
-	nlen = ip->ip_len;
-	nlen -= (ip->ip_hl << 2) + (tcp->th_off << 2);
-
-	if (out != 0) {
-		seq1 = (u_32_t)ntohl(tcp->th_seq);
-		sel = aps->aps_sel[out];
-
-		/* switch to other set ? */
-		if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) &&
-		    (seq1 > aps->aps_seqmin[!sel]))
-			sel = aps->aps_sel[out] = !sel;
-
-		if (aps->aps_seqoff[sel]) {
-			seq2 = aps->aps_seqmin[sel] - aps->aps_seqoff[sel];
-			if (seq1 > seq2) {
-				seq2 = aps->aps_seqoff[sel];
-				seq1 += seq2;
-				tcp->th_seq = htonl(seq1);
-				ch = 1;
-			}
-		}
-
-		if (inc && (seq1 > aps->aps_seqmin[!sel])) {
-			aps->aps_seqmin[!sel] = seq1 + nlen - 1;
-			aps->aps_seqoff[!sel] = aps->aps_seqoff[sel] + inc;
-		}
-
-		/***/
-
-		seq1 = ntohl(tcp->th_ack);
-		sel = aps->aps_sel[1 - out];
-
-		/* switch to other set ? */
-		if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) &&
-		    (seq1 > aps->aps_ackmin[!sel]))
-			sel = aps->aps_sel[1 - out] = !sel;
-
-		if (aps->aps_ackoff[sel] && (seq1 > aps->aps_ackmin[sel])) {
-			seq2 = aps->aps_ackoff[sel];
-			tcp->th_ack = htonl(seq1 - seq2);
-			ch = 1;
-		}
-	} else {
-		seq1 = ntohl(tcp->th_seq);
-		sel = aps->aps_sel[out];
-
-		/* switch to other set ? */
-		if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) &&
-		    (seq1 > aps->aps_ackmin[!sel]))
-			sel = aps->aps_sel[out] = !sel;
-
-		if (aps->aps_ackoff[sel]) {
-			seq2 = aps->aps_ackmin[sel] -
-			       aps->aps_ackoff[sel];
-			if (seq1 > seq2) {
-				seq2 = aps->aps_ackoff[sel];
-				seq1 += seq2;
-				tcp->th_seq = htonl(seq1);
-				ch = 1;
-			}
-		}
-
-		if (inc && (seq1 > aps->aps_ackmin[!sel])) {
-			aps->aps_ackmin[!sel] = seq1 + nlen - 1;
-			aps->aps_ackoff[!sel] = aps->aps_ackoff[sel] + inc;
-		}
-
-		/***/
-
-		seq1 = ntohl(tcp->th_ack);
-		sel = aps->aps_sel[1 - out];
-
-		/* switch to other set ? */
-		if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) &&
-		    (seq1 > aps->aps_seqmin[!sel]))
-			sel = aps->aps_sel[1 - out] = !sel;
-
-		if (aps->aps_seqoff[sel] && (seq1 > aps->aps_seqmin[sel])) {
-			seq2 = aps->aps_seqoff[sel];
-			tcp->th_ack = htonl(seq1 - seq2);
-			ch = 1;
-		}
-	}
-	return ch ? 2 : 0;
-}
-
-
-int appr_init()
-{
-	aproxy_t *ap;
-	int err = 0;
-
-	for (ap = ap_proxies; ap->apr_p; ap++) {
-		err = (*ap->apr_init)();
-		if (err != 0)
-			break;
-	}
-	return err;
-}
-
-
-void appr_unload()
-{
-	aproxy_t *ap;
-
-	for (ap = ap_proxies; ap->apr_p; ap++)
-		if (ap->apr_fini)
-			(*ap->apr_fini)();
-	for (ap = ap_proxylist; ap; ap = ap->apr_next)
-		if (ap->apr_fini)
-			(*ap->apr_fini)();
-}