From proff@suburbia.net  Sat Apr  5 11:48:45 1997
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA23848
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 5 Apr 1997 11:48:44 -0800 (PST)
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id LAA20078 for <FreeBSD-gnats-submit@freebsd.org>; Sat, 5 Apr 1997 11:50:43 -0800 (PST)
Received: (qmail 19627 invoked by uid 110); 5 Apr 1997 19:47:50 -0000
Message-Id: <19970405194750.19626.qmail@suburbia.net>
Date: 5 Apr 1997 19:47:50 -0000
From: proff@suburbia.net
Reply-To: proff@suburbia.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: FULL ipfilter build/bugfix intergration
X-Send-Pr-Version: 3.2

>Number:         3207
>Category:       kern
>Synopsis:       FULL ipfilter build/bugfix intergration
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr  5 11:50:01 PST 1997
>Closed-Date:    Mon Apr 14 03:10:35 PDT 1997
>Last-Modified:  Mon Apr 14 03:12:25 PDT 1997
>Originator:     Julian Assange
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:

	

>Description:

	ipfilter doesn't have any build system, does not support devfs,
	and panics under various conditions. this patch attempts to
	address the outstanding problems.

	

>How-To-Repeat:

	

>Fix:
	
	

Apply the following againt a recent current:


--- src/sys/conf/options~	Sun Apr  6 03:58:17 1997
+++ src/sys/conf/options	Sun Apr  6 03:58:17 1997
@@ -85,3 +85,6 @@
 IPFIREWALL		opt_ipfw.h
 IPFIREWALL_VERBOSE	opt_ipfw.h
 IPFIREWALL_VERBOSE_LIMIT	opt_ipfw.h
+IPFITLER		opt_ipfilter.h
+IPFITLER_LKM		opt_ipfilter.h
+IPFILTER_LOG		opt_ipfilter.h
--- src/etc/etc.i386/MAKEDEV~	Sun Apr  6 03:41:43 1997
+++ src/etc/etc.i386/MAKEDEV	Sun Apr  6 03:41:43 1997
@@ -103,6 +103,11 @@
 #	perfmon	CPU performance-monitoring counters
 #	pci	PCI configuration-space access from user mode
 #
+# IP-firewall devices:
+#	ipl	ipfirewall control device
+#	ipnat	ipfirewall network address translation device
+#	ipstate	ipfirewall state device
+#
 #	$Id: MAKEDEV,v 1.139 1997/03/10 02:10:58 danny Exp $
 #
 
@@ -186,6 +191,7 @@
 	sh MAKEDEV vty4						# cdev
 	sh MAKEDEV tun0						# cdev
 	sh MAKEDEV apm card0 card1				# cdev, laptop
+	sh MAKEDEV ipl ipnat ipstate				# cdev, ipfirewall
 	;;
 std)
 	rm -f console drum mem kmem null random urandom zero io tty klog
@@ -1224,6 +1230,25 @@
 	mknod perfmon c 2 32
 	chown root.kmem perfmon
 	chmod 640 perfmon
+	;;
+
+ipl)	
+	rm -f ipl
+	mknod ipl c 79 0
+	chown root.wheel ipl
+	chmod 600 ipl
+	;;
+ipnat)	
+	rm -f ipnat
+	mknod ipnat c 79 1
+	chown root.wheel ipnat
+	chmod 600 ipnat
+	;;
+ipstate)	
+	rm -f ipstate
+	mknod ipstate c 79 2
+	chown root.wheel ipstate
+	chmod 600 ipstate
 	;;
 
 local)
--- src/sbin/Makefile~	Sun Apr  6 04:02:34 1997
+++ src/sbin/Makefile	Sun Apr  6 04:02:34 1997
@@ -3,7 +3,7 @@
 # XXX MISSING:		icheck ncheck
 
 SUBDIR= adjkerntz badsect ccdconfig clri disklabel dmesg dset dump dumpfs \
-	dumplfs dumpon fsck fsdb fsirand ifconfig init ipfw md5 mknod modload \
+	dumplfs dumpon fsck fsdb fsirand ifconfig init ipf ipfw md5 mknod modload \
 	modunload mount mount_cd9660 mount_ext2fs \
 	mount_lfs mount_nfs mount_null mount_portal mount_std \
 	mount_umap mount_union mountd newfs newlfs nfsd nfsiod \
--- src/sys/netinet/in_proto.c~	Sun Apr  6 04:22:09 1997
+++ src/sys/netinet/in_proto.c	Sun Apr  6 04:22:09 1997
@@ -34,6 +34,8 @@
  *	$Id: in_proto.c,v 1.38 1997/02/18 20:46:22 wollman Exp $
  */
 
+#include "opt_ipfilter.h"
+
 #include <sys/param.h>
 #include <sys/queue.h>
 #include <sys/kernel.h>
--- src/sys/netinet/ip_input.c~	Sun Apr  6 04:20:36 1997
+++ src/sys/netinet/ip_input.c	Sun Apr  6 04:20:36 1997
@@ -38,6 +38,7 @@
 #define	_IP_VHL
 
 #include "opt_ipfw.h"
+#include "opt_ipfilter.h"
 
 #include <stddef.h>
 
--- src/sys/netinet/ip_output.c~	Sun Apr  6 04:20:23 1997
+++ src/sys/netinet/ip_output.c	Sun Apr  6 04:20:06 1997
@@ -34,6 +34,9 @@
  *	$Id: ip_output.c,v 1.54 1997/04/03 10:47:12 darrenr Exp $
  */
 
+#include "opt_ipfw.h"
+#include "opt_ipfilter.h"
+
 #define _IP_VHL
 
 #include <sys/param.h>
--- src/sys/i386/conf/LINT~	Sun Apr  6 04:27:57 1997
+++ src/sys/i386/conf/LINT	Sun Apr  6 04:27:57 1997
@@ -315,6 +315,11 @@
 					# dropped packets
 options		"IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
 options		IPDIVERT		#divert sockets
+# new IPFILTER firewall
+#options	IPFILTER		#only lkm works presently
+options		IPFILTER_LKM		#module version
+options		IPFITLER_LOG		#support logging
+#
 options		TCPDEBUG
 
 
diff -r -N -u oldsrc/Makefile src/sbin/ipf/Makefile
--- oldsrc/Makefile	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/Makefile	Sat Apr  5 15:51:15 1997
@@ -0,0 +1,5 @@
+#	@(#)Makefile	0.1 (RGrimes) 4/4/93
+
+SUBDIR=	ipf ipfstat ipftest ipmon ipnat
+
+.include <bsd.subdir.mk>
diff -r -N -u oldsrc/Makefile.inc src/sbin/ipf/Makefile.inc
--- oldsrc/Makefile.inc	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/Makefile.inc	Sat Apr  5 16:21:30 1997
@@ -0,0 +1,8 @@
+#	@(#)Makefile.inc	5.1 (Berkeley) 5/11/90
+
+BINDIR?=	/sbin
+
+CFLAGS+=-I${IPFILTER_DISTDIR}
+
+IPFILTER_DISTDIR?= ${.CURDIR}/../../../contrib/ipfilter
+.PATH:	${IPFILTER_DISTDIR} ${IPFILTER_DISTDIR}/man
diff -r -N -u oldsrc/ipf/Makefile src/sbin/ipf/ipf/Makefile
--- oldsrc/ipf/Makefile	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/ipf/Makefile	Sat Apr  5 16:25:11 1997
@@ -0,0 +1,8 @@
+#	$Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG=	ipf
+
+MAN1=	ipf.1 ipf.5
+SRCS=	ipf.c parse.c opt.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipfstat/Makefile src/sbin/ipf/ipfstat/Makefile
--- oldsrc/ipfstat/Makefile	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/ipfstat/Makefile	Sat Apr  5 16:25:51 1997
@@ -0,0 +1,8 @@
+#	$Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG=	ipfstat
+
+MAN1=	ipfstat.8
+SRCS=	fils.c parse.c kmem.c opt.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipftest/Makefile src/sbin/ipf/ipftest/Makefile
--- oldsrc/ipftest/Makefile	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/ipftest/Makefile	Sat Apr  5 16:38:26 1997
@@ -0,0 +1,9 @@
+#	$Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG=	ipftest
+
+MAN1=	ipftest.1
+SRCS=	ipt.c parse.c fil.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c opt.c \
+	ipft_tx.c misc.c ip_frag.c ip_state.c ip_nat.c ipft_hx.c ip_fil.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipmon/Makefile src/sbin/ipf/ipmon/Makefile
--- oldsrc/ipmon/Makefile	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/ipmon/Makefile	Sun Apr  6 04:40:11 1997
@@ -0,0 +1,8 @@
+#	$Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG=	ipmon
+
+MAN1=	ipmon.8
+SRCS=	ipmon.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/ipnat/Makefile src/sbin/ipf/ipnat/Makefile
--- oldsrc/ipnat/Makefile	Thu Jan  1 10:00:00 1970
+++ src/sbin/ipf/ipnat/Makefile	Sun Apr  6 04:48:18 1997
@@ -0,0 +1,9 @@
+#	$Id: Makefile,v 1.16 1997/02/22 16:14:02 peter Exp $
+
+PROG=	ipnat
+
+MAN1=	ipnat.1
+MAN5=	ipnat.5
+SRCS=	ipnat.c kmem.c
+
+.include <bsd.prog.mk>
diff -r -N -u oldsrc/Makefile src/lkm/if_ipf/Makefile
--- oldsrc/Makefile	Thu Jan  1 10:00:00 1970
+++ src/lkm/if_ipf/Makefile	Sun Apr  6 04:48:01 1997
@@ -0,0 +1,11 @@
+#	$Id: Makefile,v 1.5 1996/06/23 14:27:52 bde Exp $
+
+IPFILTER_DISTDIR?=	${.CURDIR}/../../contrib/ipfilter
+.PATH:	${IPFILTER_DISTDIR} ${IPFILTER_DISTDIR}/man
+KMOD=	if_ipl_mod
+SRCS=	ip_fil.c fil.c mlf_ipl.c ip_nat.c ip_frag.c ip_state.c
+MAN4=	ipf.4 ipnat.4
+CFLAGS+=-DIPFILTER_LKM -DIPFILTER_LOG
+CFLAGS+=-DINET
+
+.include <bsd.kmod.mk>
diff -r -N -u src/contrib/ipfilter.old/fil.c src/contrib/ipfilter/fil.c
--- src/contrib/ipfilter.old/fil.c	Thu Apr  3 20:10:10 1997
+++ src/contrib/ipfilter/fil.c	Sun Apr  6 05:06:48 1997
@@ -10,12 +10,19 @@
 static	char	rcsid[] = "$Id: fil.c,v 2.0.2.7 1997/04/02 12:23:15 darrenr Exp $";
 #endif
 
+#include "ipfconf.h"
+
 #include <sys/errno.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/file.h>
-#include <sys/ioctl.h>
+#if __FreeBSD_version >= 220000 && defined(KERNEL)
+# include <sys/fcntl.h>
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
 #if defined(_KERNEL) || defined(KERNEL)
 # include <sys/systm.h>
 #else
@@ -680,9 +687,16 @@
 				ICMP_ERROR(q, ip, ICMP_UNREACH, fin->fin_icode,
 					   qif, ip->ip_src);
 # else
+			if (pass & FR_DUP) {
+				struct mbuf *m2=m_copy(m, 0, M_COPYALL);
+				ICMP_ERROR(m2, ip, ICMP_UNREACH, fin->fin_icode,
+					   ifp, ip->ip_src);
+			} else
+			{
 				ICMP_ERROR(m, ip, ICMP_UNREACH, fin->fin_icode,
 					   ifp, ip->ip_src);
 				m = *mp = NULL;	/* freed by icmp_error() */
+			}
 # endif
 
 				frstats[0].fr_ret++;
diff -r -N -u src/contrib/ipfilter.old/fils.c src/contrib/ipfilter/fils.c
--- src/contrib/ipfilter.old/fils.c	Thu Apr  3 20:10:18 1997
+++ src/contrib/ipfilter/fils.c	Sun Apr  6 03:11:08 1997
@@ -6,6 +6,8 @@
  * to the original author and the contributors.
  */
 
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #if !defined(__SVR4) && !defined(__svr4__)
diff -r -N -u src/contrib/ipfilter.old/inet_addr.c src/contrib/ipfilter/inet_addr.c
--- src/contrib/ipfilter.old/inet_addr.c	Thu Apr  3 20:10:27 1997
+++ src/contrib/ipfilter/inet_addr.c	Sun Apr  6 03:11:26 1997
@@ -58,6 +58,8 @@
 static char rcsid[] = "$Id: inet_addr.c,v 2.0.2.3 1997/03/27 13:45:00 darrenr Exp $";
 #endif /* LIBC_SCCS and not lint */
 
+#include "ipfconf.h"
+
 #include <sys/param.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
diff -r -N -u src/contrib/ipfilter.old/ip_fil.c src/contrib/ipfilter/ip_fil.c
--- src/contrib/ipfilter.old/ip_fil.c	Thu Apr  3 20:10:52 1997
+++ src/contrib/ipfilter/ip_fil.c	Sun Apr  6 05:30:59 1997
@@ -10,13 +10,12 @@
 static	char	rcsid[] = "$Id: ip_fil.c,v 2.0.2.6 1997/04/02 12:23:19 darrenr Exp $";
 #endif
 
+#include "ipfconf.h"
+
 #ifndef	SOLARIS
 #define	SOLARIS	(defined(sun) && (defined(__svr4__) || defined(__SVR4)))
 #endif
 
-#ifdef	__FreeBSD__
-#include <osreldate.h>
-#endif
 #ifndef	_KERNEL
 #include <stdio.h>
 #include <string.h>
@@ -25,7 +24,12 @@
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/file.h>
-#include <sys/ioctl.h>
+#if __FreeBSD_version >= 220000 && defined(KERNEL)
+# include <sys/fcntl.h>
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
 #include <sys/time.h>
 #ifdef	_KERNEL
 #include <sys/systm.h>
@@ -47,6 +51,9 @@
 #ifdef sun
 #include <net/af.h>
 #endif
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
 #include <net/route.h>
 #include <netinet/in.h>
 #include <netinet/in_var.h>
@@ -66,6 +73,9 @@
 #ifndef	MIN
 #define	MIN(a,b)	(((a)<(b))?(a):(b))
 #endif
+#ifdef __FreeBSD__
+int    ip_optcopy __P((struct ip *, struct ip *));
+#endif
 
 extern	fr_flags, fr_active;
 extern	struct	protosw	inetsw[];
@@ -746,7 +756,17 @@
 	/*
 	 * extra 0 in case of multicast
 	 */
+#if __FreeBSD_version >= 220000
+	;{
+	struct route ro;
+	bzero(&ro, sizeof ro);
+	(void) ip_output(m, (struct mbuf *)0, &ro, 0, 0);
+	if (ro.ro_rt)
+		RTFREE(ro.ro_rt);
+	};
+#else
 	(void) ip_output(m, (struct mbuf *)0, 0, 0, 0);
+#endif
 	return 0;
 }
 
diff -r -N -u src/contrib/ipfilter.old/ip_frag.c src/contrib/ipfilter/ip_frag.c
--- src/contrib/ipfilter.old/ip_frag.c	Thu Apr  3 20:11:03 1997
+++ src/contrib/ipfilter/ip_frag.c	Sun Apr  6 00:48:56 1997
@@ -10,6 +10,8 @@
 static	char	rcsid[] = "$Id: ip_frag.c,v 2.0.2.5 1997/04/02 12:23:21 darrenr Exp $";
 #endif
 
+#include "ipfconf.h"
+
 #if !defined(_KERNEL) && !defined(KERNEL)
 # include <string.h>
 # include <stdlib.h>
@@ -19,8 +21,7 @@
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/file.h>
-#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
-#include <sys/ioccom.h>
+#if defined(KERNEL) && __FreeBSD_version >= 220000
 #include <sys/filio.h>
 #include <sys/fcntl.h>
 #else
@@ -80,7 +81,9 @@
 # if BSD < 199306
 int ipfr_slowtimer __P((void));
 # else
+#  if __FreeBSD_version < 300000
 void ipfr_slowtimer __P((void));
+#  endif
 # endif
 #endif /* __FreeBSD__ */
 
diff -r -N -u src/contrib/ipfilter.old/ip_nat.c src/contrib/ipfilter/ip_nat.c
--- src/contrib/ipfilter.old/ip_nat.c	Thu Apr  3 20:11:11 1997
+++ src/contrib/ipfilter/ip_nat.c	Sun Apr  6 05:31:09 1997
@@ -12,6 +12,8 @@
 static	char	rcsid[] = "$Id: ip_nat.c,v 2.0.2.8 1997/04/02 12:23:23 darrenr Exp $";
 #endif
 
+#include "ipfconf.h"
+
 #if defined(__FreeBSD__) && defined(KERNEL)
 #define _KERNEL
 #endif
@@ -26,7 +28,12 @@
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/file.h>
+#if defined(KERNEL)  && __FreeBSD_version >= 220000
+#include <sys/filio.h>
+#include <sys/fcntl.h>
+#else
 #include <sys/ioctl.h>
+#endif
 #include <sys/uio.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
@@ -43,6 +50,9 @@
 #endif
 
 #include <net/if.h>
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
 #ifdef sun
 #include <net/af.h>
 #endif
@@ -51,6 +61,10 @@
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 
+#if __FreeBSD_version >= 300000
+# include <sys/queue.h>
+#endif
+
 #ifdef RFC1825
 #include <vpn/md5.h>
 #include <vpn/ipsec.h>
@@ -425,15 +439,23 @@
 #else
 				struct ifaddr *ifa;
 				struct sockaddr_in *sin;
-
+# if __FreeBSD_version >= 300000
+				ifa = TAILQ_FIRST(&ifp->if_addrhead);
+# else
 				ifa = ifp->if_addrlist;
+# endif
+				
 # if	BSD < 199306
 				sin = (struct sockaddr_in *)&ifa->ifa_addr;
 # else
 				sin = (struct sockaddr_in *)ifa->ifa_addr;
 				while (sin && ifa &&
 				       sin->sin_family != AF_INET) {
+# if __FreeBSD_version >= 300000
+					ifa = TAILQ_NEXT(ifa, ifa_link);
+# else
 					ifa = ifa->ifa_next;
+# endif
 					sin = (struct sockaddr_in *)ifa->ifa_addr;
 				}
 				if (!ifa)
diff -r -N -u src/contrib/ipfilter.old/ip_sfil.c src/contrib/ipfilter/ip_sfil.c
--- src/contrib/ipfilter.old/ip_sfil.c	Thu Apr  3 20:11:24 1997
+++ src/contrib/ipfilter/ip_sfil.c	Sun Apr  6 03:11:45 1997
@@ -12,6 +12,8 @@
 static	char	rcsid[] = "$Id: ip_sfil.c,v 2.0.2.3 1997/03/27 13:45:13 darrenr Exp $";
 #endif
 
+#include "ipfconf.h"
+
 #include <sys/types.h>
 #include <sys/errno.h>
 #include <sys/param.h>
diff -r -N -u src/contrib/ipfilter.old/ip_state.c src/contrib/ipfilter/ip_state.c
--- src/contrib/ipfilter.old/ip_state.c	Thu Apr  3 20:11:29 1997
+++ src/contrib/ipfilter/ip_state.c	Sun Apr  6 00:50:21 1997
@@ -10,6 +10,8 @@
 static	char	rcsid[] = "$Id: ip_state.c,v 2.0.2.6 1997/04/02 12:23:24 darrenr Exp $";
 #endif
 
+#include "ipfconf.h"
+
 #if !defined(_KERNEL) && !defined(KERNEL)
 # include <stdlib.h>
 # include <string.h>
@@ -19,8 +21,7 @@
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/file.h>
-#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
-#include <sys/ioccom.h>
+#if defined(KERNEL) && __FreeBSD_version >= 220000
 #include <sys/filio.h>
 #include <sys/fcntl.h>
 #else
diff -r -N -u src/contrib/ipfilter.old/ipf.c src/contrib/ipfilter/ipf.c
--- src/contrib/ipfilter.old/ipf.c	Thu Apr  3 20:11:38 1997
+++ src/contrib/ipfilter/ipf.c	Sun Apr  6 05:32:14 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <unistd.h>
 #include <string.h>
@@ -22,7 +25,11 @@
 #include <sys/ioctl.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
+#include <sys/time.h>
 #include <net/if.h>
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
 #include <netinet/ip.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
diff -r -N -u src/contrib/ipfilter.old/ipfconf.h src/contrib/ipfilter/ipfconf.h
--- src/contrib/ipfilter.old/ipfconf.h	Thu Jan  1 10:00:00 1970
+++ src/contrib/ipfilter/ipfconf.h	Sat Apr  5 22:58:11 1997
@@ -0,0 +1,8 @@
+#ifdef __FreeBSD__
+# include <osreldate.h>
+# if defined(KERNEL)
+#  ifndef _KERNEL
+#    define _KERNEL
+#  endif
+# endif
+#endif
diff -r -N -u src/contrib/ipfilter.old/ipft_ef.c src/contrib/ipfilter/ipft_ef.c
--- src/contrib/ipfilter.old/ipft_ef.c	Thu Apr  3 20:11:52 1997
+++ src/contrib/ipfilter/ipft_ef.c	Sun Apr  6 03:11:59 1997
@@ -19,6 +19,9 @@
  0.32    91   04    131.170.1.10  128.250.133.13
  0.33   566  udp  128.250.37.155   128.250.133.3        901        901
 */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #if !defined(__SVR4) && !defined(__GNUC__)
@@ -31,6 +34,7 @@
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netinet/in_systm.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_hx.c src/contrib/ipfilter/ipft_hx.c
--- src/contrib/ipfilter.old/ipft_hx.c	Thu Apr  3 20:11:58 1997
+++ src/contrib/ipfilter/ipft_hx.c	Sun Apr  6 03:12:06 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <ctype.h>
 #include <assert.h>
@@ -16,6 +19,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_pc.c src/contrib/ipfilter/ipft_pc.c
--- src/contrib/ipfilter.old/ipft_pc.c	Thu Apr  3 20:12:02 1997
+++ src/contrib/ipfilter/ipft_pc.c	Sun Apr  6 03:12:16 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #if !defined(__SVR4) && !defined(__GNUC__)
diff -r -N -u src/contrib/ipfilter.old/ipft_sn.c src/contrib/ipfilter/ipft_sn.c
--- src/contrib/ipfilter.old/ipft_sn.c	Thu Apr  3 20:12:06 1997
+++ src/contrib/ipfilter/ipft_sn.c	Sun Apr  6 03:12:25 1997
@@ -9,6 +9,9 @@
 /*
  * Written to comply with the recent RFC 1761 from Sun.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #if !defined(__SVR4) && !defined(__GNUC__)
@@ -21,6 +24,7 @@
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip_var.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_td.c src/contrib/ipfilter/ipft_td.c
--- src/contrib/ipfilter.old/ipft_td.c	Thu Apr  3 20:12:11 1997
+++ src/contrib/ipfilter/ipft_td.c	Sun Apr  6 03:12:38 1997
@@ -28,6 +28,9 @@
 8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27
 
 */
+
+#include <ipfconf.h>
+
 #include <stdio.h>
 #include <string.h>
 #if !defined(__SVR4) && !defined(__GNUC__)
@@ -35,6 +38,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ipft_tx.c src/contrib/ipfilter/ipft_tx.c
--- src/contrib/ipfilter.old/ipft_tx.c	Thu Apr  3 20:12:16 1997
+++ src/contrib/ipfilter/ipft_tx.c	Sun Apr  6 03:12:50 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <ctype.h>
 #include <assert.h>
@@ -16,6 +19,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ipl_ldev.c src/contrib/ipfilter/ipl_ldev.c
--- src/contrib/ipfilter.old/ipl_ldev.c	Mon Feb 10 09:49:49 1997
+++ src/contrib/ipfilter/ipl_ldev.c	Sun Apr  6 03:13:10 1997
@@ -6,6 +6,8 @@
  * to the original author and the contributors.
  */
 
+#include "ipfconf.h"
+
 /*
  * routines below for saving IP headers to buffer
  */
diff -r -N -u src/contrib/ipfilter.old/ipmon.c src/contrib/ipfilter/ipmon.c
--- src/contrib/ipfilter.old/ipmon.c	Thu Apr  3 20:12:30 1997
+++ src/contrib/ipfilter/ipmon.c	Sun Apr  6 04:12:24 1997
@@ -6,6 +6,8 @@
  * to the original author and the contributors.
  */
 
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <unistd.h>
 #include <string.h>
@@ -894,7 +896,7 @@
 				break;
 			}
 		}
-		if (!nr && regular && (opts & OPT_TAIL))
+		if (nr==0)
 			sleep(1);
 	}
 	exit(0);
diff -r -N -u src/contrib/ipfilter.old/ipnat.c src/contrib/ipfilter/ipnat.c
--- src/contrib/ipfilter.old/ipnat.c	Thu Apr  3 20:12:35 1997
+++ src/contrib/ipfilter/ipnat.c	Sun Apr  6 03:13:33 1997
@@ -16,6 +16,9 @@
  * Will redirect all incoming packets on le1 to any machine, port 79 to
  * host 199.165.219.129, port 9901
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #include <fcntl.h>
diff -r -N -u src/contrib/ipfilter.old/ipt.c src/contrib/ipfilter/ipt.c
--- src/contrib/ipfilter.old/ipt.c	Thu Apr  3 20:12:41 1997
+++ src/contrib/ipfilter/ipt.c	Sun Apr  6 05:33:42 1997
@@ -5,6 +5,8 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <assert.h>
 #include <string.h>
@@ -16,6 +18,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stddef.h>
@@ -30,6 +33,9 @@
 #include <netinet/ip_icmp.h>
 #include <netinet/tcpip.h>
 #include <net/if.h>
+#if __FreeBSD_version >= 220000
+# include <net/if_var.h>
+#endif
 #include <netdb.h>
 #include <arpa/nameser.h>
 #include <arpa/inet.h>
diff -r -N -u src/contrib/ipfilter.old/kmem.c src/contrib/ipfilter/kmem.c
--- src/contrib/ipfilter.old/kmem.c	Thu Apr  3 20:12:53 1997
+++ src/contrib/ipfilter/kmem.c	Sun Apr  6 03:13:48 1997
@@ -10,6 +10,8 @@
  * returns 0 on success, -1 on error.
  */
 
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/uio.h>
diff -r -N -u src/contrib/ipfilter.old/misc.c src/contrib/ipfilter/misc.c
--- src/contrib/ipfilter.old/misc.c	Thu Apr  3 20:13:19 1997
+++ src/contrib/ipfilter/misc.c	Sun Apr  6 03:13:56 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <assert.h>
 #include <string.h>
@@ -15,6 +18,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/ml_ipl.c src/contrib/ipfilter/ml_ipl.c
--- src/contrib/ipfilter.old/ml_ipl.c	Mon Feb 10 09:49:49 1997
+++ src/contrib/ipfilter/ml_ipl.c	Sun Apr  6 03:14:05 1997
@@ -12,6 +12,9 @@
  * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
  * its own major char number! Way cool patch!
  */
+
+#include "ipfconf.h"
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/time.h>
diff -r -N -u src/contrib/ipfilter.old/mlf_ipl.c src/contrib/ipfilter/mlf_ipl.c
--- src/contrib/ipfilter.old/mlf_ipl.c	Thu Jan  1 10:00:00 1970
+++ src/contrib/ipfilter/mlf_ipl.c	Sun Apr  6 03:30:01 1997
@@ -0,0 +1,162 @@
+/*
+ * (C)opyright 1997 by Julian Assange. <proff@suburbia.net>
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and due credit is given
+ * to the original author and the contributors.
+ */
+
+#include "ipfconf.h"
+
+#ifndef IPFILTER_LKM
+# include "opt_ipfilter.h"
+#endif
+
+#define DEVFS
+#include <sys/errno.h>
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/conf.h>
+#include <sys/kernel.h>
+#ifdef DEVFS
+#  include <sys/devfsext.h>
+#endif /*DEVFS*/
+
+#define	IPL_DEV		"ipl"
+#define	IPL_DEV_NAT	"ipnat"
+#define	IPL_DEV_STATE	"ipstate"
+
+#define CDEV_MAJOR 79
+
+extern	int	iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
+extern	int	iplopen __P((dev_t, int, int, struct proc *));
+extern	int	iplclose __P((dev_t, int, int, struct proc *));
+#ifdef IPFILTER_LOG
+extern	int	iplread __P((dev_t, struct uio *, int));
+#endif
+extern	int	iplattach __P((void));
+extern	int	ipldetach __P((void));
+
+struct	cdevsw	ipl_cdevsw = 
+{
+	iplopen,		/* open */
+	iplclose,		/* close */
+#ifdef	IPFILTER_LOG
+	iplread,		/* read */
+#else
+	nodev,
+#endif
+	(void *)nullop,		/* write */
+	iplioctl,		/* ioctl */
+	(void *)nullop,		/* stop */
+	(void *)nullop,		/* reset */
+	(void *)NULL,		/* tty */
+	(void *)nullop,		/* select */
+	(void *)nullop,		/* mmap */
+	NULL,			/* strategy */
+	IPL_DEV,		/* name */
+	NULL,			/* d_bdev */
+	CDEV_MAJOR		/* d_maj */
+};
+
+int	ipl_major = CDEV_MAJOR;
+
+#ifdef	DEVFS
+struct	ipf_devs {
+	void *devfs_token;
+	char *name;
+} ipf_devs[] = {
+	{NULL,	IPL_DEV		},
+	{NULL,	IPL_DEV_NAT	},
+	{NULL,	IPL_DEV_STATE	}
+};
+#define NUM_MINORS (sizeof(ipf_devs)/sizeof(struct ipf_devs))
+	
+static void ipl_attach_devfs(void)
+{
+	int i;
+	for (i=0; i<NUM_MINORS; i++)
+		ipf_devs[i].devfs_token = devfs_add_devswf(&ipl_cdevsw, i, DV_CHR, UID_ROOT, GID_WHEEL, 0600, ipf_devs[i].name);
+}
+static void ipl_detach_devfs(void)
+{
+	int i;
+	for (i=0; i<NUM_MINORS; i++)
+		if (ipf_devs[i].devfs_token)
+			devfs_remove_dev(ipf_devs[i].devfs_token);
+}
+#endif
+
+#define MSG_HEAD "IP Filter: devices ipl, ipnat, ipstat " /* compact strings with gcc text merge */
+static void load_msg(void)
+{
+	printf("%sassigned major#%d\n", MSG_HEAD, ipl_major);
+}
+static void unload_msg(void)
+{
+	printf("%sdeactivated from major#%d\n", MSG_HEAD, ipl_major);
+}
+#ifdef IPFILTER_LKM
+
+#include <sys/exec.h>
+#include <sys/sysent.h>
+#include <sys/sysproto.h>
+#include <sys/lkm.h>
+
+MOD_DEV(if_ipl, LM_DT_CHAR, CDEV_MAJOR, &ipl_cdevsw);
+
+static int ipl_action (struct lkm_table *lkmtp, int cmd)
+{
+	int	error;
+	switch (cmd) {
+	case LKM_E_LOAD:
+		error = iplattach();
+#ifdef DEVFS
+		ipl_attach_devfs();
+#endif
+		load_msg();
+		break;
+	case LKM_E_UNLOAD:
+#ifdef DEVFS
+		ipl_detach_devfs();
+#endif
+		error = ipldetach();
+		unload_msg();
+		break;
+	case LKM_E_STAT:
+		error = 0;
+		break;
+	default:
+		error = EIO;
+	}
+	return error;
+}
+
+int if_ipl_mod(struct lkm_table *lkmtp, int cmd, int ver)
+{
+#define _module if_ipl_module
+	DISPATCH(lkmtp, cmd, ver, ipl_action, ipl_action, ipl_action);
+}
+
+#else /* IPFITLER_LKM */
+
+static ipl_cdevsw_installed = 0;
+
+static void ipl_drvinit (void *unused)
+{
+	if(!ipl_cdevsw_installed) {
+		dev_t dev;
+		ipl_cdevsw_installed = 1;
+		if (iplattach()!=0)
+			return;
+		dev = makedev(CDEV_MAJOR, 0);
+		cdevsw_add(&dev, &ipl_cdevsw, NULL);
+#ifdef DEVFS
+		ipl_attach_devfs();
+#endif
+		load_msg();
+	}
+}
+
+SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL)
+#endif
diff -r -N -u src/contrib/ipfilter.old/mln_ipl.c src/contrib/ipfilter/mln_ipl.c
--- src/contrib/ipfilter.old/mln_ipl.c	Thu Apr  3 20:13:28 1997
+++ src/contrib/ipfilter/mln_ipl.c	Sun Apr  6 03:14:38 1997
@@ -10,6 +10,7 @@
  * its own major char number! Way cool patch!
  */
 
+#include "ipfconf.h"
 
 #include <sys/param.h>
 
@@ -22,12 +23,6 @@
 #  define NETBSD_PF
 #endif
 
-#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
-# include <osreldate.h>
-# ifdef	IPFILTER_LKM
-#  define	ACTUALLY_LKM_NOT_KERNEL
-# endif
-#endif
 #include <sys/systm.h>
 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
 # include <sys/conf.h>
diff -r -N -u src/contrib/ipfilter.old/mls_ipl.c src/contrib/ipfilter/mls_ipl.c
--- src/contrib/ipfilter.old/mls_ipl.c	Thu Apr  3 20:13:34 1997
+++ src/contrib/ipfilter/mls_ipl.c	Sun Apr  6 03:15:04 1997
@@ -9,6 +9,9 @@
  * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
  * its own major char number! Way cool patch!
  */
+
+#include "ipfconf.h"
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/time.h>
diff -r -N -u src/contrib/ipfilter.old/opt.c src/contrib/ipfilter/opt.c
--- src/contrib/ipfilter.old/opt.c	Thu Apr  3 20:13:39 1997
+++ src/contrib/ipfilter/opt.c	Sun Apr  6 03:15:14 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
diff -r -N -u src/contrib/ipfilter.old/parse.c src/contrib/ipfilter/parse.c
--- src/contrib/ipfilter.old/parse.c	Thu Apr  3 20:13:44 1997
+++ src/contrib/ipfilter/parse.c	Sun Apr  6 03:15:23 1997
@@ -5,6 +5,9 @@
  * provided that this notice is preserved and due credit is given
  * to the original author and the contributors.
  */
+
+#include "ipfconf.h"
+
 #include <stdio.h>
 #include <string.h>
 #if !defined(__SVR4) && !defined(__svr4__)
@@ -14,6 +17,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/time.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <stddef.h>
diff -r -N -u src/contrib/ipfilter.old/solaris.c src/contrib/ipfilter/solaris.c
--- src/contrib/ipfilter.old/solaris.c	Thu Apr  3 20:14:10 1997
+++ src/contrib/ipfilter/solaris.c	Sun Apr  6 03:15:53 1997
@@ -8,6 +8,8 @@
 /* #pragma ident   "@(#)solaris.c	1.12 6/5/96 (C) 1995 Darren Reed"*/
 #pragma ident   "$Id: solaris.c,v 2.0.2.3 1997/03/27 13:45:28 darrenr Exp $";
 
+#include "ipfconf.h"
+
 #include <sys/systm.h>
 #include <sys/types.h>
 #include <sys/param.h>
>Release-Note:
>Audit-Trail:

From: proff@suburbia.net
To: freebsd-gnats-submit@freebsd.org, proff@suburbia.net
Cc:  Subject: subject=Re: kern/3207: FULL ipfilter build/bugfix intergration
Date: 12 Apr 1997 22:53:07 -0000

 This PR can be deleted. See my suequent PR dated Apr 13 97
State-Changed-From-To: open->closed 
State-Changed-By: jmg 
State-Changed-When: Mon Apr 14 03:10:35 PDT 1997 
State-Changed-Why:  
closed at originator's request.. 
>Unformatted:

At this point in time, the patches above (if to the current source in
FreeBSD) are to "alpha" code.

Some of these patches are usable and worthwile (e.g. those to the MAKEDEV
script), but it is not felt that all are worthwhile at present, especailly
as there has been some doubt raised recently about "how" IP Filter should be
integrated into FreeBSD.

From my POV, some of these patches make the code more FreeBSD-current
specific which isn't necessarily in anyone's best interests.a
A
8Q/4/97 - Darren
