From owner-freebsd-audit Sat Jul 14 14:43: 9 2001 Delivered-To: freebsd-audit@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id D392237B401; Sat, 14 Jul 2001 14:41:47 -0700 (PDT) (envelope-from brdavis@odin.ac.hmc.edu) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id f6ELflx27984; Sat, 14 Jul 2001 14:41:47 -0700 Date: Sat, 14 Jul 2001 14:41:47 -0700 From: Brooks Davis To: net@freebsd.org, audit@freebsd.org Subject: review request: if_faith modernization Message-ID: <20010714144147.A27610@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Please review the following patch. It makes the faith interface loadable, unloadable, and clonable. It also converts it from a count device to an option device. A copy is also available at: http://people.freebsd.org/~brooks/patches/faith.diff Thanks, Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 Index: sys/conf/files =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/conf/files,v retrieving revision 1.551 diff -u -r1.551 files --- sys/conf/files 2001/07/14 08:25:18 1.551 +++ sys/conf/files 2001/07/14 21:21:45 @@ -892,7 +892,7 @@ net/if_disc.c optional disc net/if_ef.c optional ef net/if_ethersubr.c optional ether -net/if_faith.c count faith +net/if_faith.c optional faith net/if_fddisubr.c optional fddi net/if_gif.c optional gif net/if_iso88025subr.c optional token @@ -1018,6 +1018,7 @@ netgraph/ng_echo.c optional netgraph_echo netgraph/ng_ether.c optional netgraph_ether netgraph/ng_frame_relay.c optional netgraph_frame_relay +netgraph/ng_gif.c optional netgraph_gif netgraph/ng_hole.c optional netgraph_hole netgraph/ng_iface.c optional netgraph_iface netgraph/ng_ksocket.c optional netgraph_ksocket Index: sys/modules/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/modules/Makefile,v retrieving revision 1.190 diff -u -r1.190 Makefile --- sys/modules/Makefile 2001/07/08 04:17:26 1.190 +++ sys/modules/Makefile 2001/07/13 23:10:49 @@ -6,21 +6,122 @@ _random=3D random .endif =20 -SUBDIR=3D 3dfx accf_data accf_http agp aha amr an aue \ - cam ccd cd9660 coda cue dc de digi ed fdescfs fdc fs fxp \ - if_disc if_ef if_gif if_ppp if_sl if_stf if_tap if_tun \ - ip6fw ipfilter ipfw ispfw joy kue lge \ - libmchain linux lnc md mii mlx msdosfs ncp netgraph nfs nge nmdm ntfs \ - nullfs nwfs pcn portalfs procfs ${_random} \ - rl rp sf sis sk sn snp sound sppp ste sym syscons sysvipc ti tl twe \ - tx udbp ugen uhid ukbd ulpt umapfs umass umodem ums unionfs urio usb \ +SUBDIR=3D 3dfx \ + accf_data \ + accf_http \ + agp \ + aha \ + amr \ + an \ + aue \ + cam \ + ccd \ + cd9660 \ + coda \ + cue \ + dc \ + de \ + digi \ + ed \ + fdescfs \ + fdc \ + fs \ + fxp \ + if_disc \ + if_ef \ + if_gif \ + if_ppp \ + if_sl \ + if_stf \ + if_tap \ + if_tun \ + ip6fw \ + ipfilter \ + ipfw \ + ispfw \ + joy \ + kue \ + lge \ + linux \ + lnc \ + md \ + mii \ + mlx \ + msdosfs \ + ncp \ + netgraph \ + nfs \ + nge \ + nmdm \ + ntfs \ + nullfs \ + nwfs \ + pcn \ + portalfs \ + procfs \ + ${_random} \ + rl \ + rp \ + sf \ + sis \ + sk \ + sn \ + snp \ + sound \ + sppp \ + ste \ + sym \ + syscons \ + sysvipc \ + ti \ + tl \ + twe \ + tx \ + udbp \ + ugen \ + uhid \ + ukbd \ + ulpt \ + umapfs \ + umass \ + umodem \ + ums \ + unionfs \ + urio \ + usb \ uscanner \ - vinum vpo vr vx wb wx xl + vinum \ + vpo \ + vr \ + vx \ + wb \ + wx \ + xl =20 # XXX some of these can move to the general case when de-i386'ed .if ${MACHINE_ARCH} =3D=3D "i386" -SUBDIR+=3Daac aic ar asr atspeaker bktr coff el fpu gnufpu ibcs2 mly \ - oltr pecoff ray s3 smbfs splash sr streams vesa wi +SUBDIR+=3Daac \ + aic \ + ar \ + asr \ + atspeaker \ + bktr \ + coff \ + el \ + fpu \ + gnufpu \ + ibcs2 \ + mly \ + oltr \ + pecoff \ + ray \ + s3 \ + smbfs \ + splash \ + sr \ + streams \ + vesa \ + wi .endif =20 .if ${MACHINE} =3D=3D "pc98" Index: sys/net/if_faith.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/net/if_faith.c,v retrieving revision 1.6 diff -u -r1.6 if_faith.c --- sys/net/if_faith.c 2001/07/05 14:42:54 1.6 +++ sys/net/if_faith.c 2001/07/14 01:21:02 @@ -46,9 +46,6 @@ #include "opt_inet.h" #include "opt_inet6.h" =20 -#include "faith.h" -#if NFAITH > 0 - #include #include #include @@ -58,13 +55,16 @@ #include #include #include +#include +#include +#include /* XXX: Shouldn't really be required! */ +#include =20 #include #include #include #include #include -#include =20 #ifdef INET #include @@ -82,56 +82,159 @@ #include #endif =20 -#include "bpf.h" -#define NBPFILTER NBPF - #include =20 +#define FAITHNAME "faith" +#define FAITH_MAXUNIT 0x7fff /* ifp->if_unit is only 15 bits */ + +struct faith_softc { + struct ifnet sc_if; /* must be first */ + struct resource *r_unit; + LIST_ENTRY(faith_softc) sc_list; +}; + static int faithioctl __P((struct ifnet *, u_long, caddr_t)); int faithoutput __P((struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *)); static void faithrtrequest __P((int, struct rtentry *, struct sockaddr *)); +static int faithprefix __P((struct in6_addr *)); + +static int faithmodevent __P((module_t, int, void *)); + +static MALLOC_DEFINE(M_FAITH, FAITHNAME, "Firewall Assisted Tunnel Interfa= ce"); +static struct rman faithunits[1]; +LIST_HEAD(, faith_softc) faith_softc_list; =20 -void faithattach __P((void *)); -PSEUDO_SET(faithattach, if_faith); +int faith_clone_create __P((struct if_clone *, int *)); +void faith_clone_destroy __P((struct ifnet *)); =20 -static struct ifnet faithif[NFAITH]; +struct if_clone faith_cloner =3D + IF_CLONE_INITIALIZER(FAITHNAME, faith_clone_create, faith_clone_destro= y); =20 #define FAITHMTU 1500 =20 -/* ARGSUSED */ -void -faithattach(faith) - void *faith; +static int +faithmodevent(mod, type, data) + module_t mod; + int type; + void *data; { - struct ifnet *ifp; - int i; + int err; + + switch (type) { + case MOD_LOAD: + faithunits->rm_type =3D RMAN_ARRAY; + faithunits->rm_descr =3D "configurable if_faith units"; + err =3D rman_init(faithunits); + if (err !=3D 0) + return (err); + err =3D rman_manage_region(faithunits, 0, FAITH_MAXUNIT); + if (err !=3D 0) { + printf("%s: faithunits: rman_manage_region: " + "Failed %d\n", FAITHNAME, err); + rman_fini(faithunits); + return (err); + } + LIST_INIT(&faith_softc_list); + if_clone_attach(&faith_cloner); =20 - for (i =3D 0; i < NFAITH; i++) { - ifp =3D &faithif[i]; - bzero(ifp, sizeof(faithif[i])); - ifp->if_name =3D "faith"; - ifp->if_unit =3D i; - ifp->if_mtu =3D FAITHMTU; - /* LOOPBACK commented out to announce IPv6 routes to faith */ - ifp->if_flags =3D /* IFF_LOOPBACK | */ IFF_MULTICAST; - ifp->if_ioctl =3D faithioctl; - ifp->if_output =3D faithoutput; - ifp->if_type =3D IFT_FAITH; - ifp->if_snd.ifq_maxlen =3D ifqmaxlen; - ifp->if_hdrlen =3D 0; - ifp->if_addrlen =3D 0; - if_attach(ifp); -#if NBPFILTER > 0 -#ifdef HAVE_OLD_BPF - bpfattach(ifp, DLT_NULL, sizeof(u_int)); -#else - bpfattach(&ifp->if_bpf, ifp, DLT_NULL, sizeof(u_int)); +#ifdef INET6 + faithprefix_p =3D faithprefix; #endif + + break; + case MOD_UNLOAD: +#ifdef INET6 + faithprefix_p =3D NULL; #endif + + if_clone_detach(&faith_cloner); + + while (!LIST_EMPTY(&faith_softc_list)) + faith_clone_destroy( + &LIST_FIRST(&faith_softc_list)->sc_if); + + err =3D rman_fini(faithunits); + if (err !=3D 0) + return (err); + + break; + } + return 0; +} + +static moduledata_t faith_mod =3D { + "if_faith", + faithmodevent, + 0 +}; + +DECLARE_MODULE(if_faith, faith_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); +MODULE_VERSION(if_faith, 1); + +int +faith_clone_create(ifc, unit) + struct if_clone *ifc; + int *unit; +{ + struct resource *r; + struct faith_softc *sc; + + if (*unit > FAITH_MAXUNIT) + return (ENXIO); + + if (*unit < 0) { + r =3D rman_reserve_resource(faithunits, 0, FAITH_MAXUNIT, 1, + RF_ALLOCATED | RF_ACTIVE, NULL); + if (r =3D=3D NULL) + return (ENOSPC); + *unit =3D rman_get_start(r); + } else { + r =3D rman_reserve_resource(faithunits, *unit, *unit, 1, + RF_ALLOCATED | RF_ACTIVE, NULL); + if (r =3D=3D NULL) + return (ENOSPC); } + + sc =3D malloc(sizeof(struct faith_softc), M_FAITH, M_WAITOK); + bzero(sc, sizeof(struct faith_softc)); + + sc->sc_if.if_softc =3D sc; + sc->sc_if.if_name =3D FAITHNAME; + sc->sc_if.if_unit =3D *unit; + sc->r_unit =3D r; + + sc->sc_if.if_mtu =3D FAITHMTU; + /* Change to BROADCAST experimentaly to announce its prefix. */ + sc->sc_if.if_flags =3D /* IFF_LOOPBACK */ IFF_BROADCAST | IFF_MULTICAST; + sc->sc_if.if_ioctl =3D faithioctl; + sc->sc_if.if_output =3D faithoutput; + sc->sc_if.if_type =3D IFT_FAITH; + sc->sc_if.if_hdrlen =3D 0; + sc->sc_if.if_addrlen =3D 0; + if_attach(&sc->sc_if); + bpfattach(&sc->sc_if, DLT_NULL, sizeof(u_int)); + LIST_INSERT_HEAD(&faith_softc_list, sc, sc_list); + return (0); } =20 +void +faith_clone_destroy(ifp) + struct ifnet *ifp; +{ + int err; + struct faith_softc *sc =3D (void *) ifp; + + LIST_REMOVE(sc, sc_list); + bpfdetach(ifp); + if_detach(ifp); + + err =3D rman_release_resource(sc->r_unit); + KASSERT(err =3D=3D 0, ("Unexpected error freeing resource")); + + free(sc, M_FAITH); +} + int faithoutput(ifp, m, dst, rt) struct ifnet *ifp; @@ -144,7 +247,7 @@ =20 if ((m->m_flags & M_PKTHDR) =3D=3D 0) panic("faithoutput no HDR"); -#if NBPFILTER > 0 + /* BPF write needs to be handled specially */ if (dst->sa_family =3D=3D AF_UNSPEC) { dst->sa_family =3D *(mtod(m, int *)); @@ -168,13 +271,8 @@ m0.m_len =3D 4; m0.m_data =3D (char *)⁡ =20 -#ifdef HAVE_OLD_BPF bpf_mtap(ifp, &m0); -#else - bpf_mtap(ifp->if_bpf, &m0); -#endif } -#endif =20 if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) { m_freem(m); @@ -297,7 +395,7 @@ * XXX could be slow * XXX could be layer violation to call sys/net from sys/netinet6 */ -int +static int faithprefix(in6) struct in6_addr *in6; { @@ -323,4 +421,3 @@ return ret; } #endif -#endif /* NFAITH > 0 */ Index: sys/netinet/in_pcb.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.85 diff -u -r1.85 in_pcb.c --- sys/netinet/in_pcb.c 2001/06/29 12:07:29 1.85 +++ sys/netinet/in_pcb.c 2001/07/13 22:28:51 @@ -67,8 +67,6 @@ #include #endif /* INET6 */ =20 -#include "faith.h" - #ifdef IPSEC #include #include @@ -870,11 +868,9 @@ #endif if (inp->inp_faddr.s_addr =3D=3D INADDR_ANY && inp->inp_lport =3D=3D lport) { -#if defined(NFAITH) && NFAITH > 0 if (ifp && ifp->if_type =3D=3D IFT_FAITH && (inp->inp_flags & INP_FAITH) =3D=3D 0) continue; -#endif if (inp->inp_laddr.s_addr =3D=3D laddr.s_addr) return (inp); else if (inp->inp_laddr.s_addr =3D=3D INADDR_ANY) { Index: sys/netinet/ip_icmp.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v retrieving revision 1.58 diff -u -r1.58 ip_icmp.c --- sys/netinet/ip_icmp.c 2001/06/23 17:17:58 1.58 +++ sys/netinet/ip_icmp.c 2001/07/13 21:10:23 @@ -46,6 +46,7 @@ #include =20 #include +#include #include =20 #define _IP_VHL @@ -62,11 +63,6 @@ #include #endif =20 -#include "faith.h" -#if defined(NFAITH) && NFAITH > 0 -#include -#endif - #include =20 /* @@ -275,7 +271,6 @@ m->m_len +=3D hlen; m->m_data -=3D hlen; =20 -#if defined(NFAITH) && 0 < NFAITH if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type =3D=3D IFT_FAITH) { /* * Deliver very specific ICMP type only. @@ -288,7 +283,6 @@ goto freeit; } } -#endif =20 #ifdef ICMPPRINTFS if (icmpprintfs) Index: sys/netinet/ip_input.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.174 diff -u -r1.174 ip_input.c --- sys/netinet/ip_input.c 2001/06/23 17:17:58 1.174 +++ sys/netinet/ip_input.c 2001/07/13 21:12:18 @@ -60,6 +60,7 @@ =20 #include #include +#include #include #include #include @@ -86,11 +87,6 @@ #include #endif =20 -#include "faith.h" -#if defined(NFAITH) && NFAITH > 0 -#include -#endif - #ifdef DUMMYNET #include #endif @@ -636,7 +632,6 @@ if (ip->ip_dst.s_addr =3D=3D INADDR_ANY) goto ours; =20 -#if defined(NFAITH) && 0 < NFAITH /* * FAITH(Firewall Aided Internet Translator) */ @@ -648,7 +643,7 @@ m_freem(m); return; } -#endif + /* * Not for us; forward if possible and desirable. */ Index: sys/netinet/ip_output.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v retrieving revision 1.127 diff -u -r1.127 ip_output.c --- sys/netinet/ip_output.c 2001/06/11 18:38:11 1.127 +++ sys/netinet/ip_output.c 2001/07/13 21:13:53 @@ -63,8 +63,6 @@ #include #include =20 -#include "faith.h" - #include =20 static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options= "); @@ -1158,9 +1156,7 @@ case IP_RECVRETOPTS: case IP_RECVDSTADDR: case IP_RECVIF: -#if defined(NFAITH) && NFAITH > 0 case IP_FAITH: -#endif error =3D sooptcopyin(sopt, &optval, sizeof optval, sizeof optval); if (error) @@ -1196,11 +1192,9 @@ OPTSET(INP_RECVIF); break; =20 -#if defined(NFAITH) && NFAITH > 0 case IP_FAITH: OPTSET(INP_FAITH); break; -#endif } break; #undef OPTSET @@ -1292,9 +1286,7 @@ case IP_RECVDSTADDR: case IP_RECVIF: case IP_PORTRANGE: -#if defined(NFAITH) && NFAITH > 0 case IP_FAITH: -#endif switch (sopt->sopt_name) { =20 case IP_TOS: @@ -1332,11 +1324,9 @@ optval =3D 0; break; =20 -#if defined(NFAITH) && NFAITH > 0 case IP_FAITH: optval =3D OPTBIT(INP_FAITH); break; -#endif } error =3D sooptcopyout(sopt, &optval, sizeof optval); break; Index: sys/netinet6/in6.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/in6.c,v retrieving revision 1.13 diff -u -r1.13 in6.c --- sys/netinet6/in6.c 2001/07/02 21:02:08 1.13 +++ sys/netinet6/in6.c 2001/07/13 22:58:31 @@ -138,6 +138,8 @@ =20 struct in6_multihead in6_multihead; /* XXX BSS initialization */ =20 +int (*faithprefix_p)(struct in6_addr *); + /* * Subroutine for in6_ifaddloop() and in6_ifremloop(). * This routine does actual work. Index: sys/netinet6/in6.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/in6.h,v retrieving revision 1.14 diff -u -r1.14 in6.h --- sys/netinet6/in6.h 2001/06/24 20:43:01 1.14 +++ sys/netinet6/in6.h 2001/07/13 22:58:22 @@ -600,6 +600,8 @@ #define satosin6(sa) ((struct sockaddr_in6 *)(sa)) #define sin6tosa(sin6) ((struct sockaddr *)(sin6)) #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) + +extern int (*faithprefix_p)(struct in6_addr *); #endif /* _KERNEL */ =20 __BEGIN_DECLS Index: sys/netinet6/icmp6.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/icmp6.c,v retrieving revision 1.13 diff -u -r1.13 icmp6.c --- sys/netinet6/icmp6.c 2001/07/03 11:54:07 1.13 +++ sys/netinet6/icmp6.c 2001/07/13 23:00:30 @@ -103,11 +103,6 @@ #include #endif =20 -#include "faith.h" -#if defined(NFAITH) && 0 < NFAITH -#include -#endif - #include =20 #ifdef HAVE_NRL_INPCB @@ -439,8 +434,7 @@ goto freeit; } =20 -#if defined(NFAITH) && 0 < NFAITH - if (faithprefix(&ip6->ip6_dst)) { + if (faithprefix_p !=3D NULL && (*faithprefix_p)(&ip6->ip6_dst)) { /* * Deliver very specific ICMP6 type only. * This is important to deilver TOOBIG. Otherwise PMTUD @@ -455,7 +449,6 @@ goto freeit; } } -#endif =20 icmp6stat.icp6s_inhist[icmp6->icmp6_type]++; icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_msg); Index: sys/netinet6/in6_pcb.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/in6_pcb.c,v retrieving revision 1.15 diff -u -r1.15 in6_pcb.c --- sys/netinet6/in6_pcb.c 2001/06/11 12:39:05 1.15 +++ sys/netinet6/in6_pcb.c 2001/07/13 23:01:21 @@ -100,11 +100,6 @@ #include #include =20 -#include "faith.h" -#if defined(NFAITH) && NFAITH > 0 -#include -#endif - #ifdef IPSEC #include #ifdef INET6 @@ -1001,11 +996,10 @@ u_short fport =3D fport_arg, lport =3D lport_arg; int faith; =20 -#if defined(NFAITH) && NFAITH > 0 - faith =3D faithprefix(laddr); -#else - faith =3D 0; -#endif + if (faithprefix_p !=3D NULL) + faith =3D (*faithprefix_p)(laddr); + else + faith =3D 0; =20 /* * First look for an exact match. Index: sys/netinet6/ip6_input.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/ip6_input.c,v retrieving revision 1.28 diff -u -r1.28 ip6_input.c --- sys/netinet6/ip6_input.c 2001/07/02 21:02:09 1.28 +++ sys/netinet6/ip6_input.c 2001/07/13 21:19:34 @@ -120,8 +120,6 @@ =20 #include =20 -#include "faith.h" - #include =20 extern struct domain inet6domain; @@ -632,7 +630,6 @@ /* * FAITH(Firewall Aided Internet Translator) */ -#if defined(NFAITH) && 0 < NFAITH if (ip6_keepfaith) { if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp && ip6_forward_rt.ro_rt->rt_ifp->if_type =3D=3D IFT_FAITH) { @@ -642,7 +639,6 @@ goto hbhcheck; } } -#endif =20 /* * Now there is no reason to process the packet if it's not our own Index: sys/netinet6/raw_ip6.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/raw_ip6.c,v retrieving revision 1.11 diff -u -r1.11 raw_ip6.c --- sys/netinet6/raw_ip6.c 2001/06/11 12:39:06 1.11 +++ sys/netinet6/raw_ip6.c 2001/07/13 23:01:32 @@ -104,11 +104,6 @@ =20 #include =20 -#include "faith.h" -#if defined(NFAITH) && 0 < NFAITH -#include -#endif - #define satosin6(sa) ((struct sockaddr_in6 *)(sa)) #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) =20 @@ -142,13 +137,11 @@ =20 rip6stat.rip6s_ipackets++; =20 -#if defined(NFAITH) && 0 < NFAITH - if (faithprefix(&ip6->ip6_dst)) { + if (faithprefix_p !=3D NULL && (*faithprefix_p)(&ip6->ip6_dst)) { /* XXX send icmp6 host/port unreach? */ m_freem(m); return IPPROTO_DONE; } -#endif =20 init_sin6(&rip6src, m); /* general init */ =20 Index: sys/netinet6/udp6_output.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/udp6_output.c,v retrieving revision 1.3 diff -u -r1.3 udp6_output.c --- sys/netinet6/udp6_output.c 2001/06/11 12:39:06 1.3 +++ sys/netinet6/udp6_output.c 2001/07/13 22:30:30 @@ -106,8 +106,6 @@ #endif #endif /*IPSEC*/ =20 -#include "faith.h" - #include =20 /* Index: sys/netinet6/udp6_usrreq.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet6/udp6_usrreq.c,v retrieving revision 1.15 diff -u -r1.15 udp6_usrreq.c --- sys/netinet6/udp6_usrreq.c 2001/06/11 12:39:06 1.15 +++ sys/netinet6/udp6_usrreq.c 2001/07/13 23:01:40 @@ -106,11 +106,6 @@ #include #endif /*IPSEC*/ =20 -#include "faith.h" -#if defined(NFAITH) && NFAITH > 0 -#include -#endif - /* * UDP protocol inplementation. * Per RFC 768, August, 1980. @@ -161,13 +156,11 @@ =20 ip6 =3D mtod(m, struct ip6_hdr *); =20 -#if defined(NFAITH) && 0 < NFAITH - if (faithprefix(&ip6->ip6_dst)) { + if (faithprefix_p !=3D NULL && (*faithprefix_p)(&ip6->ip6_dst)) { /* XXX send icmp6 host/port unreach? */ m_freem(m); return IPPROTO_DONE; } -#endif =20 udpstat.udps_ipackets++; =20 Index: share/man/man4/faith.4 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/share/man/man4/faith.4,v retrieving revision 1.10 diff -u -r1.10 faith.4 --- share/man/man4/faith.4 2001/06/11 12:38:48 1.10 +++ share/man/man4/faith.4 2001/07/14 02:14:28 @@ -36,7 +36,7 @@ .Nm faith .Nd IPv6-to-IPv4 TCP relay capturing interface .Sh SYNOPSIS -.Cd "device faith" Op Ar count +.Cd "device faith" .Sh DESCRIPTION The .Nm --- sys/modules/if_faith/Makefile.orig Fri Jul 13 19:55:29 2001 +++ sys/modules/if_faith/Makefile Fri Jul 13 16:06:52 2001 @@ -0,0 +1,15 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../net + +KMOD=3D if_faith +SRCS=3D if_faith.c opt_inet.h opt_inet6.h +NOMAN=3D + +opt_inet.h: + echo "#define INET 1" > ${.TARGET} + +opt_inet6.h: + echo "#define INET6 1" > ${.TARGET} + +.include --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7ULyaXY6L6fI4GtQRAhDLAKCuFUiaM2iTma0zV7W2CPg97JiEqQCcCgdm qOqdITYEPraWYbIs3eqgSPQ= =Ci8Q -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message