From 6a03354eaf5595cb09622704ea7d2ef2794ccffb Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Thu, 12 Mar 2015 16:10:34 -0700 Subject: [PATCH] ipfw2 - Rename FreeBSD ipfw port to ipfw3 * Rename all elements of the port to ipfw3 to reduce confusion. --- lib/Makefile | 2 +- lib/{libipfw2 => libipfw3}/Makefile | 0 lib/{libipfw2 => libipfw3}/basic/Makefile | 6 +- .../basic/ipfw3_basic.c} | 6 +- .../basic/ipfw3_basic.h} | 2 +- lib/{libipfw2 => libipfw3}/dummynet/Makefile | 6 +- .../dummynet/ipfw3_dummynet.c} | 6 +- .../dummynet/ipfw3_dummynet.h} | 2 +- lib/{libipfw2 => libipfw3}/layer2/Makefile | 6 +- .../layer2/ipfw3_layer2.c} | 6 +- .../layer2/ipfw3_layer2.h} | 2 +- lib/{libipfw2 => libipfw3}/layer4/Makefile | 6 +- .../layer4/ipfw3_layer4.c} | 6 +- .../layer4/ipfw3_layer4.h} | 2 +- lib/{libipfw2 => libipfw3}/nat/Makefile | 6 +- lib/{libipfw2 => libipfw3}/nat/ipfw2_nat.c | 6 +- lib/{libipfw2 => libipfw3}/nat/ipfw2_nat.h | 2 +- sbin/Makefile | 1 + sbin/{ipfw2 => ipfw3}/Makefile | 6 +- sbin/{ipfw2 => ipfw3}/ipfw.h | 0 sbin/{ipfw2/ipfw2.8 => ipfw3/ipfw3.8} | 18 ++-- sbin/{ipfw2/ipfw2.c => ipfw3/ipfw3.c} | 12 +-- sys/conf/files | 4 +- sys/conf/options | 1 + sys/net/Makefile | 5 +- sys/net/{dummynet2 => dummynet3}/Makefile | 4 +- .../{dummynet2 => dummynet3}/ip_dummynet.h | 8 +- .../ip_dummynet3.c} | 10 +- .../ip_dummynet3.h} | 4 +- .../ip_dummynet3_glue.c} | 4 +- sys/net/if_ethersubr.c | 6 +- sys/net/ipfw2_basic/Makefile | 4 - sys/net/ipfw2_layer2/Makefile | 4 - sys/net/ipfw2_layer4/Makefile | 4 - sys/net/ipfw2_nat/Makefile | 4 - sys/net/{ipfw2 => ipfw3}/Makefile | 4 +- sys/net/{ipfw2 => ipfw3}/ip_fw.h | 6 +- sys/net/{ipfw2 => ipfw3}/ip_fw3.c | 96 +++++++++---------- sys/net/{ipfw2 => ipfw3}/ip_fw3.h | 23 +++-- sys/net/{ipfw2 => ipfw3}/ip_fw3_glue.c | 18 ++-- sys/net/ipfw3_basic/Makefile | 4 + .../ip_fw3_basic.c} | 42 ++++---- .../ip_fw3_basic.h} | 2 +- sys/net/ipfw3_layer2/Makefile | 4 + .../ip_fw3_layer2.c} | 26 ++--- .../ip_fw3_layer2.h} | 0 sys/net/ipfw3_layer4/Makefile | 4 + .../ip_fw3_layer4.c} | 26 ++--- .../ip_fw3_layer4.h} | 0 sys/net/ipfw3_nat/Makefile | 4 + .../ip_fw2_nat.c => ipfw3_nat/ip_fw3_nat.c} | 16 ++-- .../ip_fw2_nat.h => ipfw3_nat/ip_fw3_nat.h} | 2 +- sys/net/libalias/alias_db.c | 2 +- sys/netinet/raw_ip.c | 10 +- 54 files changed, 234 insertions(+), 226 deletions(-) rename lib/{libipfw2 => libipfw3}/Makefile (100%) rename lib/{libipfw2 => libipfw3}/basic/Makefile (88%) rename lib/{libipfw2/basic/ipfw2_basic.c => libipfw3/basic/ipfw3_basic.c} (99%) rename lib/{libipfw2/basic/ipfw2_basic.h => libipfw3/basic/ipfw3_basic.h} (96%) rename lib/{libipfw2 => libipfw3}/dummynet/Makefile (86%) rename lib/{libipfw2/dummynet/ipfw2_dummynet.c => libipfw3/dummynet/ipfw3_dummynet.c} (96%) rename lib/{libipfw2/dummynet/ipfw2_dummynet.h => libipfw3/dummynet/ipfw3_dummynet.h} (96%) rename lib/{libipfw2 => libipfw3}/layer2/Makefile (87%) rename lib/{libipfw2/layer2/ipfw2_layer2.c => libipfw3/layer2/ipfw3_layer2.c} (97%) rename lib/{libipfw2/layer2/ipfw2_layer2.h => libipfw3/layer2/ipfw3_layer2.h} (96%) rename lib/{libipfw2 => libipfw3}/layer4/Makefile (87%) rename lib/{libipfw2/layer4/ipfw2_layer4.c => libipfw3/layer4/ipfw3_layer4.c} (97%) rename lib/{libipfw2/layer4/ipfw2_layer4.h => libipfw3/layer4/ipfw3_layer4.h} (96%) rename lib/{libipfw2 => libipfw3}/nat/Makefile (89%) rename lib/{libipfw2 => libipfw3}/nat/ipfw2_nat.c (95%) rename lib/{libipfw2 => libipfw3}/nat/ipfw2_nat.h (97%) rename sbin/{ipfw2 => ipfw3}/Makefile (74%) rename sbin/{ipfw2 => ipfw3}/ipfw.h (100%) rename sbin/{ipfw2/ipfw2.8 => ipfw3/ipfw3.8} (99%) rename sbin/{ipfw2/ipfw2.c => ipfw3/ipfw3.c} (99%) rename sys/net/{dummynet2 => dummynet3}/Makefile (91%) rename sys/net/{dummynet2 => dummynet3}/ip_dummynet.h (93%) rename sys/net/{dummynet2/ip_dummynet2.c => dummynet3/ip_dummynet3.c} (99%) rename sys/net/{dummynet2/ip_dummynet2.h => dummynet3/ip_dummynet3.h} (99%) rename sys/net/{dummynet2/ip_dummynet2_glue.c => dummynet3/ip_dummynet3_glue.c} (99%) delete mode 100644 sys/net/ipfw2_basic/Makefile delete mode 100644 sys/net/ipfw2_layer2/Makefile delete mode 100644 sys/net/ipfw2_layer4/Makefile delete mode 100644 sys/net/ipfw2_nat/Makefile rename sys/net/{ipfw2 => ipfw3}/Makefile (91%) rename sys/net/{ipfw2 => ipfw3}/ip_fw.h (96%) rename sys/net/{ipfw2 => ipfw3}/ip_fw3.c (96%) rename sys/net/{ipfw2 => ipfw3}/ip_fw3.h (97%) rename sys/net/{ipfw2 => ipfw3}/ip_fw3_glue.c (89%) create mode 100644 sys/net/ipfw3_basic/Makefile rename sys/net/{ipfw2_basic/ip_fw2_basic.c => ipfw3_basic/ip_fw3_basic.c} (97%) rename sys/net/{ipfw2_basic/ip_fw2_basic.h => ipfw3_basic/ip_fw3_basic.h} (98%) create mode 100644 sys/net/ipfw3_layer2/Makefile rename sys/net/{ipfw2_layer2/ip_fw2_layer2.c => ipfw3_layer2/ip_fw3_layer2.c} (88%) rename sys/net/{ipfw2_layer2/ip_fw2_layer2.h => ipfw3_layer2/ip_fw3_layer2.h} (100%) create mode 100644 sys/net/ipfw3_layer4/Makefile rename sys/net/{ipfw2_layer4/ip_fw2_layer4.c => ipfw3_layer4/ip_fw3_layer4.c} (92%) rename sys/net/{ipfw2_layer4/ip_fw2_layer4.h => ipfw3_layer4/ip_fw3_layer4.h} (100%) create mode 100644 sys/net/ipfw3_nat/Makefile rename sys/net/{ipfw2_nat/ip_fw2_nat.c => ipfw3_nat/ip_fw3_nat.c} (98%) rename sys/net/{ipfw2_nat/ip_fw2_nat.h => ipfw3_nat/ip_fw3_nat.h} (98%) diff --git a/lib/Makefile b/lib/Makefile index f193b5e714..c237ee71b3 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -54,7 +54,7 @@ SUBDIR= ${SUBDIR_ORDERED} \ libfsid \ libftpio \ libhammer \ - libipfw2 \ + libipfw3 \ libipsec \ libkcore \ libkiconv \ diff --git a/lib/libipfw2/Makefile b/lib/libipfw3/Makefile similarity index 100% rename from lib/libipfw2/Makefile rename to lib/libipfw3/Makefile diff --git a/lib/libipfw2/basic/Makefile b/lib/libipfw3/basic/Makefile similarity index 88% rename from lib/libipfw2/basic/Makefile rename to lib/libipfw3/basic/Makefile index 44e2af6d29..32a8239252 100644 --- a/lib/libipfw2/basic/Makefile +++ b/lib/libipfw3/basic/Makefile @@ -1,9 +1,9 @@ SRCDIR= ${.CURDIR}/ -LIB= ipfw2basic -SRCS= ipfw2_basic.c +LIB= ipfw3basic +SRCS= ipfw3_basic.c -INCS= ipfw2_basic.h +INCS= ipfw3_basic.h WARNS?= 2 diff --git a/lib/libipfw2/basic/ipfw2_basic.c b/lib/libipfw3/basic/ipfw3_basic.c similarity index 99% rename from lib/libipfw2/basic/ipfw2_basic.c rename to lib/libipfw3/basic/ipfw3_basic.c index 2d51b636f6..c12ebc2067 100644 --- a/lib/libipfw2/basic/ipfw2_basic.c +++ b/lib/libipfw3/basic/ipfw3_basic.c @@ -55,9 +55,9 @@ #include #include -#include "../../../sys/net/ipfw2/ip_fw3.h" -#include "../../../sbin/ipfw2/ipfw.h" -#include "ipfw2_basic.h" +#include "../../../sys/net/ipfw3/ip_fw3.h" +#include "../../../sbin/ipfw3/ipfw.h" +#include "ipfw3_basic.h" #define IP_MASK_ALL 0xffffffff diff --git a/lib/libipfw2/basic/ipfw2_basic.h b/lib/libipfw3/basic/ipfw3_basic.h similarity index 96% rename from lib/libipfw2/basic/ipfw2_basic.h rename to lib/libipfw3/basic/ipfw3_basic.h index 5b17e47ba1..eeacc0710d 100644 --- a/lib/libipfw2/basic/ipfw2_basic.h +++ b/lib/libipfw3/basic/ipfw3_basic.h @@ -35,6 +35,6 @@ #ifndef _IPFW_BASIC_H #define _IPFW_BASIC_H -#include <../../../sys/net/ipfw2_basic/ip_fw2_basic.h> +#include <../../../sys/net/ipfw3_basic/ip_fw3_basic.h> #endif diff --git a/lib/libipfw2/dummynet/Makefile b/lib/libipfw3/dummynet/Makefile similarity index 86% rename from lib/libipfw2/dummynet/Makefile rename to lib/libipfw3/dummynet/Makefile index bd8db43e85..c5ce2752f7 100644 --- a/lib/libipfw2/dummynet/Makefile +++ b/lib/libipfw3/dummynet/Makefile @@ -1,9 +1,9 @@ SRCDIR= ${.CURDIR}/ -LIB= ipfw2dummynet -SRCS= ipfw2_dummynet.c +LIB= ipfw3dummynet +SRCS= ipfw3_dummynet.c -INCS= ipfw2_dummynet.h +INCS= ipfw3_dummynet.h WARNS?= 2 diff --git a/lib/libipfw2/dummynet/ipfw2_dummynet.c b/lib/libipfw3/dummynet/ipfw3_dummynet.c similarity index 96% rename from lib/libipfw2/dummynet/ipfw2_dummynet.c rename to lib/libipfw3/dummynet/ipfw3_dummynet.c index 1dfb022786..ecd3e2efc7 100644 --- a/lib/libipfw2/dummynet/ipfw2_dummynet.c +++ b/lib/libipfw3/dummynet/ipfw3_dummynet.c @@ -40,9 +40,9 @@ #include #include -#include "../../../sys/net/ipfw2/ip_fw3.h" -#include "../../../sbin/ipfw2/ipfw.h" -#include "ipfw2_dummynet.h" +#include "../../../sys/net/ipfw3/ip_fw3.h" +#include "../../../sbin/ipfw3/ipfw.h" +#include "ipfw3_dummynet.h" void parse_pipe(ipfw_insn **cmd, int *ac, char **av[]) diff --git a/lib/libipfw2/dummynet/ipfw2_dummynet.h b/lib/libipfw3/dummynet/ipfw3_dummynet.h similarity index 96% rename from lib/libipfw2/dummynet/ipfw2_dummynet.h rename to lib/libipfw3/dummynet/ipfw3_dummynet.h index fd30c16f8c..a1c5dcfadc 100644 --- a/lib/libipfw2/dummynet/ipfw2_dummynet.h +++ b/lib/libipfw3/dummynet/ipfw3_dummynet.h @@ -35,6 +35,6 @@ #ifndef _IPFW_DUMMYNET_H #define _IPFW_DUMMYNET_H -#include "../../../../sys/net/dummynet2/ip_dummynet2.h" +#include "../../../../sys/net/dummynet3/ip_dummynet3.h" #endif diff --git a/lib/libipfw2/layer2/Makefile b/lib/libipfw3/layer2/Makefile similarity index 87% rename from lib/libipfw2/layer2/Makefile rename to lib/libipfw3/layer2/Makefile index edaf8d4b49..2f51fbdb64 100644 --- a/lib/libipfw2/layer2/Makefile +++ b/lib/libipfw3/layer2/Makefile @@ -1,9 +1,9 @@ SRCDIR= ${.CURDIR}/ -LIB= ipfw2layer2 -SRCS= ipfw2_layer2.c +LIB= ipfw3layer2 +SRCS= ipfw3_layer2.c -INCS= ipfw2_layer2.h +INCS= ipfw3_layer2.h WARNS?= 2 diff --git a/lib/libipfw2/layer2/ipfw2_layer2.c b/lib/libipfw3/layer2/ipfw3_layer2.c similarity index 97% rename from lib/libipfw2/layer2/ipfw2_layer2.c rename to lib/libipfw3/layer2/ipfw3_layer2.c index 550b9fd5e7..29de19e26b 100644 --- a/lib/libipfw2/layer2/ipfw2_layer2.c +++ b/lib/libipfw3/layer2/ipfw3_layer2.c @@ -44,9 +44,9 @@ #include #include -#include "../../../sys/net/ipfw2/ip_fw3.h" -#include "../../../sbin/ipfw2/ipfw.h" -#include "ipfw2_layer2.h" +#include "../../../sys/net/ipfw3/ip_fw3.h" +#include "../../../sbin/ipfw3/ipfw.h" +#include "ipfw3_layer2.h" /* * Returns the number of bits set (from left) in a contiguous bitmask, diff --git a/lib/libipfw2/layer2/ipfw2_layer2.h b/lib/libipfw3/layer2/ipfw3_layer2.h similarity index 96% rename from lib/libipfw2/layer2/ipfw2_layer2.h rename to lib/libipfw3/layer2/ipfw3_layer2.h index 0751874faf..13bca098dd 100644 --- a/lib/libipfw2/layer2/ipfw2_layer2.h +++ b/lib/libipfw3/layer2/ipfw3_layer2.h @@ -35,6 +35,6 @@ #ifndef _IPFW_LAYER2_H #define _IPFW_LAYER2_H -#include "../../../../sys/net/ipfw2_layer2/ip_fw2_layer2.h" +#include "../../../../sys/net/ipfw3_layer2/ip_fw3_layer2.h" #endif diff --git a/lib/libipfw2/layer4/Makefile b/lib/libipfw3/layer4/Makefile similarity index 87% rename from lib/libipfw2/layer4/Makefile rename to lib/libipfw3/layer4/Makefile index 749349878d..8e0f0b6337 100644 --- a/lib/libipfw2/layer4/Makefile +++ b/lib/libipfw3/layer4/Makefile @@ -1,9 +1,9 @@ SRCDIR= ${.CURDIR}/ -LIB= ipfw2layer4 -SRCS= ipfw2_layer4.c +LIB= ipfw3layer4 +SRCS= ipfw3_layer4.c -INCS= ipfw2_layer4.h +INCS= ipfw3_layer4.h WARNS?= 2 diff --git a/lib/libipfw2/layer4/ipfw2_layer4.c b/lib/libipfw3/layer4/ipfw3_layer4.c similarity index 97% rename from lib/libipfw2/layer4/ipfw2_layer4.c rename to lib/libipfw3/layer4/ipfw3_layer4.c index 069f53cd08..6434c46b9b 100644 --- a/lib/libipfw2/layer4/ipfw2_layer4.c +++ b/lib/libipfw3/layer4/ipfw3_layer4.c @@ -46,9 +46,9 @@ #include #include -#include "../../../sys/net/ipfw2/ip_fw3.h" -#include "../../../sbin/ipfw2/ipfw.h" -#include "ipfw2_layer4.h" +#include "../../../sys/net/ipfw3/ip_fw3.h" +#include "../../../sbin/ipfw3/ipfw.h" +#include "ipfw3_layer4.h" void diff --git a/lib/libipfw2/layer4/ipfw2_layer4.h b/lib/libipfw3/layer4/ipfw3_layer4.h similarity index 96% rename from lib/libipfw2/layer4/ipfw2_layer4.h rename to lib/libipfw3/layer4/ipfw3_layer4.h index 02e6e2eb5c..efe1f35cfc 100644 --- a/lib/libipfw2/layer4/ipfw2_layer4.h +++ b/lib/libipfw3/layer4/ipfw3_layer4.h @@ -35,6 +35,6 @@ #ifndef _IPFW_LAYER2_H #define _IPFW_LAYER2_H -#include "../../../../sys/net/ipfw2_layer4/ip_fw2_layer4.h" +#include "../../../../sys/net/ipfw3_layer4/ip_fw3_layer4.h" #endif diff --git a/lib/libipfw2/nat/Makefile b/lib/libipfw3/nat/Makefile similarity index 89% rename from lib/libipfw2/nat/Makefile rename to lib/libipfw3/nat/Makefile index 1dc3bd4af0..74feaec4ed 100644 --- a/lib/libipfw2/nat/Makefile +++ b/lib/libipfw3/nat/Makefile @@ -1,9 +1,9 @@ SRCDIR= ${.CURDIR}/ -LIB= ipfw2nat -SRCS= ipfw2_nat.c +LIB= ipfw3nat +SRCS= ipfw3_nat.c -INCS= ipfw2_nat.h +INCS= ipfw3_nat.h WARNS?= 2 diff --git a/lib/libipfw2/nat/ipfw2_nat.c b/lib/libipfw3/nat/ipfw2_nat.c similarity index 95% rename from lib/libipfw2/nat/ipfw2_nat.c rename to lib/libipfw3/nat/ipfw2_nat.c index d957eca63f..41dcd29b9b 100644 --- a/lib/libipfw2/nat/ipfw2_nat.c +++ b/lib/libipfw3/nat/ipfw2_nat.c @@ -40,9 +40,9 @@ #include #include -#include "../../../sys/net/ipfw2/ip_fw3.h" -#include "../../../sbin/ipfw2/ipfw.h" -#include "ipfw2_nat.h" +#include "../../../sys/net/ipfw3/ip_fw3.h" +#include "../../../sbin/ipfw3/ipfw.h" +#include "ipfw3_nat.h" void diff --git a/lib/libipfw2/nat/ipfw2_nat.h b/lib/libipfw3/nat/ipfw2_nat.h similarity index 97% rename from lib/libipfw2/nat/ipfw2_nat.h rename to lib/libipfw3/nat/ipfw2_nat.h index 20b92bb469..adc4cc2644 100644 --- a/lib/libipfw2/nat/ipfw2_nat.h +++ b/lib/libipfw3/nat/ipfw2_nat.h @@ -35,6 +35,6 @@ #ifndef _IPFW_NAT_H #define _IPFW_NAT_H -#include "../../../../sys/net/ipfw2_nat/ip_fw2_nat.h" +#include "../../../../sys/net/ipfw3_nat/ip_fw3_nat.h" #endif diff --git a/sbin/Makefile b/sbin/Makefile index 82e67d0c91..be093deee7 100644 --- a/sbin/Makefile +++ b/sbin/Makefile @@ -35,6 +35,7 @@ SUBDIR= adjkerntz \ init \ ip6fw \ ipfw \ + ipfw3 \ iscontrol \ jscan \ kldconfig \ diff --git a/sbin/ipfw2/Makefile b/sbin/ipfw3/Makefile similarity index 74% rename from sbin/ipfw2/Makefile rename to sbin/ipfw3/Makefile index 376b58c728..f6a3cd5d79 100644 --- a/sbin/ipfw2/Makefile +++ b/sbin/ipfw3/Makefile @@ -1,8 +1,8 @@ # $FreeBSD: src/sbin/ipfw/Makefile,v 1.6.6.3 2002/07/24 03:21:23 luigi Exp $ -PROG= ipfw2 -MAN= ipfw2.8 -SRCS= ipfw2.c +PROG= ipfw3 +MAN= ipfw3.8 +SRCS= ipfw3.c WARNS?= 2 .include diff --git a/sbin/ipfw2/ipfw.h b/sbin/ipfw3/ipfw.h similarity index 100% rename from sbin/ipfw2/ipfw.h rename to sbin/ipfw3/ipfw.h diff --git a/sbin/ipfw2/ipfw2.8 b/sbin/ipfw3/ipfw3.8 similarity index 99% rename from sbin/ipfw2/ipfw2.8 rename to sbin/ipfw3/ipfw3.8 index 17bab635f0..005913366f 100644 --- a/sbin/ipfw2/ipfw2.8 +++ b/sbin/ipfw3/ipfw3.8 @@ -77,9 +77,9 @@ traffic shaper in .Bd -ragged -offset XXXX .Em NOTE: ipfw is a controlling utility for ipfw/ipacct facilities for FreeBSD 2.0 which -released in November, 1994. This manual page documentation is for the ipfw2 of +released in November, 1994. This manual page documentation is for the ipfw3 of DragonflyBSD since Feb 2015. This version of -.Nm ipfw2 +.Nm ipfw3 is rewrited for DragonflyBSD and it is not fully compatible with ipfw in FreeBSD. The differences between the two are listed in Section .Sx IPFW2 ENHANCEMENTS , @@ -645,9 +645,9 @@ The rule body has the following format: .Pp The first part (protocol from src to dst) is for backward compatibility with -.Nm ipfw1 . +.Nm ipfw2 . In -.Nm ipfw2 +.Nm ipfw3 any match pattern (including MAC headers, IPv4 protocols, addresses and ports) can be specified in the .Ar options @@ -913,7 +913,7 @@ The rule has a limited lifetime (controlled by a set of .Xr sysctl 8 variables), and the lifetime is refreshed every time a matching packet is found. -the state can be manually created/deleted using the ipfw2 utility. +the state can be manually created/deleted using the ipfw3 utility. .It Cm layer2 Matches only layer2 packets, i.e. those passed to .Nm @@ -1587,9 +1587,9 @@ Controls whether layer-2 packets are passed to .Nm . Default is no. .El -.Sh IPFW2 ENHANCEMENTS +.Sh IPFW3 ENHANCEMENTS This Section lists the features that have been introduced in -.Nm ipfw2 of DragonflyBSD +.Nm ipfw3 of DragonflyBSD which were not present in .Nm ipfw of FreeBSD. We list them in order of the potential impact that they can @@ -1646,7 +1646,7 @@ All other SYN packets will be rejected by the final rule. .Pp If you administer one or more subnets, you can take advantage of the -.Nm ipfw2 +.Nm ipfw3 syntax to specify address sets and or-blocks and write extremely compact rulesets which selectively enable services to blocks of clients, as below: @@ -1858,7 +1858,7 @@ was introduced in .Fx 2.2.8 . Stateful extensions were introduced in .Fx 4.0 . -.Nm ipfw2 +.Nm ipfw3 was introduced in Summer 2002. .Sh AUTHORS .An Ugen J. S. Antsilevich , diff --git a/sbin/ipfw2/ipfw2.c b/sbin/ipfw3/ipfw3.c similarity index 99% rename from sbin/ipfw2/ipfw2.c rename to sbin/ipfw3/ipfw3.c index 16ec5b9a3c..6a54962e3b 100644 --- a/sbin/ipfw2/ipfw2.c +++ b/sbin/ipfw3/ipfw3.c @@ -57,11 +57,11 @@ #include -#include "../../sys/net/ipfw2/ip_fw3.h" -#include "../../sys/net/dummynet2/ip_dummynet2.h" +#include "../../sys/net/ipfw3/ip_fw3.h" +#include "../../sys/net/dummynet3/ip_dummynet3.h" #include "../../sys/net/libalias/alias.h" -#include "../../sys/net/ipfw2_basic/ip_fw2_basic.h" -#include "../../sys/net/ipfw2_nat/ip_fw2_nat.h" +#include "../../sys/net/ipfw3_basic/ip_fw3_basic.h" +#include "../../sys/net/ipfw3_nat/ip_fw3_nat.h" #include "ipfw.h" @@ -71,7 +71,7 @@ #define MAX_KEYWORD_LEN 20 #define MAX_ARGS 32 #define WHITESP " \t\f\v\n\r" -#define IPFW_LIB_PATH "/usr/lib/libipfw2%s.so" +#define IPFW_LIB_PATH "/usr/lib/libipfw3%s.so" #define IP_MASK_ALL 0xffffffff #define NAT_BUF_LEN 1024 /* @@ -267,7 +267,7 @@ static void get_modules(char *modules_str, int len) { if (do_get_x(IP_FW_MODULE, modules_str, &len) < 0) - errx(EX_USAGE, "ipfw2 not loaded."); + errx(EX_USAGE, "ipfw3 not loaded."); } static void diff --git a/sys/conf/files b/sys/conf/files index e873262ee9..9b38556dc5 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1463,8 +1463,8 @@ net/dummynet/ip_dummynet_glue.c optional inet netinet/ip_flow.c optional inet net/ipfw/ip_fw2.c optional ipfirewall net/ipfw/ip_fw2_glue.c optional inet -net/ipfw2/ip_fw3.c optional ipfirewall -net/ipfw2/ip_fw3_glue.c optional inet +net/ipfw3/ip_fw3.c optional ipfirewall3 +net/ipfw3/ip_fw3_glue.c optional inet netinet/ip_icmp.c optional inet netinet/ip_input.c optional inet netinet/ip_demux.c optional inet diff --git a/sys/conf/options b/sys/conf/options index b27e782ce7..49c8440e4f 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -277,6 +277,7 @@ IPDIVERT DUMMYNET opt_ipdn.h DUMMYNET_DEBUG opt_ipdn.h IPFIREWALL opt_ipfw.h +IPFIREWALL3 opt_ipfw.h IPFIREWALL_DEBUG opt_ipfw.h IPFIREWALL_VERBOSE opt_ipfw.h IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h diff --git a/sys/net/Makefile b/sys/net/Makefile index f52813ccf5..dee8162f62 100644 --- a/sys/net/Makefile +++ b/sys/net/Makefile @@ -1,5 +1,6 @@ SUBDIR=accf_data accf_http disc faith gif gre sl stf tap tun \ - vlan zlib bridge lagg libalias dummynet ipfw ipfw2 ip6fw ip_mroute \ - sppp ppp_layer pf + vlan zlib bridge lagg libalias dummynet ipfw \ + dummynet3 ipfw3 ipfw3_basic ipfw3_nat ipfw3_layer2 ipfw3_layer4 \ + ip6fw ip_mroute sppp ppp_layer pf .include diff --git a/sys/net/dummynet2/Makefile b/sys/net/dummynet3/Makefile similarity index 91% rename from sys/net/dummynet2/Makefile rename to sys/net/dummynet3/Makefile index 501c0003fa..04519417f5 100644 --- a/sys/net/dummynet2/Makefile +++ b/sys/net/dummynet3/Makefile @@ -1,8 +1,8 @@ # $FreeBSD: src/sys/modules/dummynet/Makefile,v 1.1.2.2 2003/04/08 10:18:00 maxim Exp $ # $DragonFly: src/sys/net/dummynet/Makefile,v 1.7 2008/09/16 12:30:57 sephe Exp $ -KMOD= dummynet2 -SRCS= ip_dummynet2.c +KMOD= dummynet3 +SRCS= ip_dummynet3.c SRCS+= opt_ipdn.h .ifndef BUILDING_WITH_KERNEL diff --git a/sys/net/dummynet2/ip_dummynet.h b/sys/net/dummynet3/ip_dummynet.h similarity index 93% rename from sys/net/dummynet2/ip_dummynet.h rename to sys/net/dummynet3/ip_dummynet.h index b126cd76f6..48821a1a6d 100644 --- a/sys/net/dummynet2/ip_dummynet.h +++ b/sys/net/dummynet3/ip_dummynet.h @@ -32,9 +32,9 @@ * SUCH DAMAGE. */ -#ifndef _IP_DUMMYNET_H_V2 -#define _IP_DUMMYNET_H_V2 +#ifndef _IP_DUMMYNET_H_V3 +#define _IP_DUMMYNET_H_V3 -#include +#include -#endif /* _IP_DUMMYNET_V2_H */ +#endif /* _IP_DUMMYNET_V3_H */ diff --git a/sys/net/dummynet2/ip_dummynet2.c b/sys/net/dummynet3/ip_dummynet3.c similarity index 99% rename from sys/net/dummynet2/ip_dummynet2.c rename to sys/net/dummynet3/ip_dummynet3.c index d02e835617..cbb161343e 100644 --- a/sys/net/dummynet2/ip_dummynet2.c +++ b/sys/net/dummynet3/ip_dummynet3.c @@ -65,8 +65,8 @@ #include #include -#include -#include +#include +#include void check_pipe(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); @@ -2058,6 +2058,6 @@ static moduledata_t dummynet_mod = { dummynet_modevent, NULL }; -DECLARE_MODULE(dummynet2, dummynet_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); -MODULE_DEPEND(dummynet2, ipfw2_basic, 1, 1, 1); -MODULE_VERSION(dummynet2, 1); +DECLARE_MODULE(dummynet3, dummynet_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); +MODULE_DEPEND(dummynet3, ipfw3_basic, 1, 1, 1); +MODULE_VERSION(dummynet3, 1); diff --git a/sys/net/dummynet2/ip_dummynet2.h b/sys/net/dummynet3/ip_dummynet3.h similarity index 99% rename from sys/net/dummynet2/ip_dummynet2.h rename to sys/net/dummynet3/ip_dummynet3.h index 9e03d1dcb1..226c684be2 100644 --- a/sys/net/dummynet2/ip_dummynet2.h +++ b/sys/net/dummynet3/ip_dummynet3.h @@ -28,8 +28,8 @@ * $DragonFly: src/sys/net/dummynet/ip_dummynet.h,v 1.19 2008/09/20 04:36:51 sephe Exp $ */ -#ifndef _IP_DUMMYNET2_H_V2 -#define _IP_DUMMYNET2_H_V2 +#ifndef _IP_DUMMYNET3_H_ +#define _IP_DUMMYNET3_H_ #ifndef _IP_DUMMYNET_H diff --git a/sys/net/dummynet2/ip_dummynet2_glue.c b/sys/net/dummynet3/ip_dummynet3_glue.c similarity index 99% rename from sys/net/dummynet2/ip_dummynet2_glue.c rename to sys/net/dummynet3/ip_dummynet3_glue.c index dc75d677d9..bdfae5b4a6 100644 --- a/sys/net/dummynet2/ip_dummynet2_glue.c +++ b/sys/net/dummynet3/ip_dummynet3_glue.c @@ -52,8 +52,8 @@ #include #include -#include -#include +#include +#include static void ip_dn_ether_output(netmsg_t); static void ip_dn_ether_demux(netmsg_t); diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index bc6958c53f..59217a1c60 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -75,7 +75,7 @@ #include #include #include -#include +#include #include #endif #ifdef INET6 @@ -422,7 +422,7 @@ ether_output_frame(struct ifnet *ifp, struct mbuf *m) if (ifq_is_enabled(&ifp->if_snd)) altq_etherclassify(&ifp->if_snd, m, &pktattr); crit_enter(); - if ((IPFW_LOADED || IPFW2_LOADED) && ether_ipfw != 0) { + if ((IPFW_LOADED || IPFW3_LOADED) && ether_ipfw != 0) { struct ether_header save_eh, *eh; eh = mtod(m, struct ether_header *); @@ -994,7 +994,7 @@ ether_demux_oncpu(struct ifnet *ifp, struct mbuf *m) } post_stats: - if ((IPFW_LOADED || IPFW2_LOADED) && ether_ipfw != 0 && !discard) { + if ((IPFW_LOADED || IPFW3_LOADED) && ether_ipfw != 0 && !discard) { struct ether_header save_eh = *eh; /* XXX old crufty stuff, needs to be removed */ diff --git a/sys/net/ipfw2_basic/Makefile b/sys/net/ipfw2_basic/Makefile deleted file mode 100644 index ddbc1f38a9..0000000000 --- a/sys/net/ipfw2_basic/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -KMOD= ipfw2_basic -SRCS= ip_fw2_basic.c - -.include diff --git a/sys/net/ipfw2_layer2/Makefile b/sys/net/ipfw2_layer2/Makefile deleted file mode 100644 index a43c3ebed2..0000000000 --- a/sys/net/ipfw2_layer2/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -KMOD= ipfw2_layer2 -SRCS= ip_fw2_layer2.c - -.include diff --git a/sys/net/ipfw2_layer4/Makefile b/sys/net/ipfw2_layer4/Makefile deleted file mode 100644 index 6bcb556a78..0000000000 --- a/sys/net/ipfw2_layer4/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -KMOD= ipfw2_layer4 -SRCS= ip_fw2_layer4.c - -.include diff --git a/sys/net/ipfw2_nat/Makefile b/sys/net/ipfw2_nat/Makefile deleted file mode 100644 index b44a5872a4..0000000000 --- a/sys/net/ipfw2_nat/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -KMOD= ipfw2_nat -SRCS= ip_fw2_nat.c - -.include diff --git a/sys/net/ipfw2/Makefile b/sys/net/ipfw3/Makefile similarity index 91% rename from sys/net/ipfw2/Makefile rename to sys/net/ipfw3/Makefile index a19653bc86..509c55171e 100644 --- a/sys/net/ipfw2/Makefile +++ b/sys/net/ipfw3/Makefile @@ -1,7 +1,7 @@ # $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.11.2.1 2003/02/14 14:09:21 maxim Exp $ # $DragonFly: src/sys/net/ipfw/Makefile,v 1.6 2008/09/16 12:16:08 sephe Exp $ -KMOD= ipfw2 +KMOD= ipfw3 SRCS= ip_fw3.c SRCS+= opt_ipfw.h opt_inet.h @@ -10,7 +10,7 @@ opt_inet.h: echo '#define INET 1' > ${.OBJDIR}/${.TARGET} opt_ipfw.h: - echo '#define IPFIREWALL 1' > ${.OBJDIR}/${.TARGET} + echo '#define IPFIREWALL3 1' > ${.OBJDIR}/${.TARGET} # Debug prints #echo '#define IPFIREWALL_DEBUG 1' >> ${.OBJDIR}/${.TARGET} # diff --git a/sys/net/ipfw2/ip_fw.h b/sys/net/ipfw3/ip_fw.h similarity index 96% rename from sys/net/ipfw2/ip_fw.h rename to sys/net/ipfw3/ip_fw.h index d6d5ce242b..82f373603b 100644 --- a/sys/net/ipfw2/ip_fw.h +++ b/sys/net/ipfw3/ip_fw.h @@ -32,9 +32,9 @@ * SUCH DAMAGE. */ -#ifndef _IP_FW_H_V2 -#define _IP_FW_H_V2 +#ifndef _IP_FW_H_V3 +#define _IP_FW_H_V3 -#include +#include #endif /* _IP_FW_H */ diff --git a/sys/net/ipfw2/ip_fw3.c b/sys/net/ipfw3/ip_fw3.c similarity index 96% rename from sys/net/ipfw2/ip_fw3.c rename to sys/net/ipfw3/ip_fw3.c index cabcf73cfd..7a513a4a8f 100644 --- a/sys/net/ipfw2/ip_fw3.c +++ b/sys/net/ipfw3/ip_fw3.c @@ -36,7 +36,7 @@ #include "opt_ipfw.h" #include "opt_inet.h" #ifndef INET -#error IPFIREWALL requires INET. +#error IPFIREWALL3 requires INET. #endif /* INET */ #include @@ -76,12 +76,12 @@ #include #include -#include -#include -#include -#include +#include +#include +#include +#include -MALLOC_DEFINE(M_IPFW2, "IPFW2", "ip_fw2 default module"); +MALLOC_DEFINE(M_IPFW3, "IPFW3", "ip_fw3 default module"); #ifdef IPFIREWALL_DEBUG #define DPRINTF(fmt, ...) \ @@ -153,22 +153,22 @@ static int autoinc_step = IPFW_AUTOINC_STEP_DEF; static int ipfw_sysctl_enable(SYSCTL_HANDLER_ARGS); static int ipfw_sysctl_autoinc_step(SYSCTL_HANDLER_ARGS); -SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw2, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_PROC(_net_inet_ip_fw2, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, - &fw2_enable, 0, ipfw_sysctl_enable, "I", "Enable ipfw"); -SYSCTL_PROC(_net_inet_ip_fw2, OID_AUTO, autoinc_step, CTLTYPE_INT | CTLFLAG_RW, +SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw3, CTLFLAG_RW, 0, "Firewall"); +SYSCTL_PROC(_net_inet_ip_fw3, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, + &fw3_enable, 0, ipfw_sysctl_enable, "I", "Enable ipfw"); +SYSCTL_PROC(_net_inet_ip_fw3, OID_AUTO, autoinc_step, CTLTYPE_INT | CTLFLAG_RW, &autoinc_step, 0, ipfw_sysctl_autoinc_step, "I", "Rule number autincrement step"); -SYSCTL_INT(_net_inet_ip_fw2, OID_AUTO,one_pass,CTLFLAG_RW, - &fw2_one_pass, 0, +SYSCTL_INT(_net_inet_ip_fw3, OID_AUTO,one_pass,CTLFLAG_RW, + &fw3_one_pass, 0, "Only do a single pass through ipfw when using dummynet(4)"); -SYSCTL_INT(_net_inet_ip_fw2, OID_AUTO, debug, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw3, OID_AUTO, debug, CTLFLAG_RW, &fw_debug, 0, "Enable printing of debug ip_fw statements"); -SYSCTL_INT(_net_inet_ip_fw2, OID_AUTO, verbose, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw3, OID_AUTO, verbose, CTLFLAG_RW, &fw_verbose, 0, "Log matches to ipfw rules"); -SYSCTL_INT(_net_inet_ip_fw2, OID_AUTO, verbose_limit, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw3, OID_AUTO, verbose_limit, CTLFLAG_RW, &verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); -SYSCTL_INT(_net_inet_ip_fw2, OID_AUTO, static_count, CTLFLAG_RD, +SYSCTL_INT(_net_inet_ip_fw3, OID_AUTO, static_count, CTLFLAG_RD, &static_count, 0, "Number of static rules"); filter_func filter_funcs[MAX_MODULE][MAX_OPCODE_PER_MODULE]; @@ -201,7 +201,7 @@ register_ipfw_module(int module_id,char *module_name) } tmp++; } - kprintf("ipfw2 module %s loaded ", module_name); + kprintf("ipfw3 module %s loaded ", module_name); } int @@ -237,7 +237,7 @@ decide: for (i = 0; i < MAX_MODULE; i++) { if (tmp->type == 1 && tmp->id == module_id) { tmp->type = 0; - kprintf("ipfw2 module %s unloaded ", tmp->name); + kprintf("ipfw3 module %s unloaded ", tmp->name); break; } tmp++; @@ -291,7 +291,7 @@ init_module(void) static __inline int ipfw_free_rule(struct ip_fw *rule) { - kfree(rule, M_IPFW2); + kfree(rule, M_IPFW3); rule = NULL; return 1; } @@ -443,11 +443,11 @@ after_ip_checks: * Packet has already been tagged. Look for the next rule * to restart processing. * - * If fw2_one_pass != 0 then just accept it. + * If fw3_one_pass != 0 then just accept it. * XXX should not happen here, but optimized out in * the caller. */ - if (fw2_one_pass) + if (fw3_one_pass) return IP_FW_PASS; /* This rule is being/has been flushed */ @@ -642,7 +642,7 @@ ipfw_add_rule_dispatch(netmsg_t nmsg) ioc_rule = fwmsg->ioc_rule; // create rule by ioc_rule - rule = kmalloc(RULESIZE(ioc_rule), M_IPFW2, M_WAITOK | M_ZERO); + rule = kmalloc(RULESIZE(ioc_rule), M_IPFW3, M_WAITOK | M_ZERO); rule->act_ofs = ioc_rule->act_ofs; rule->cmd_len = ioc_rule->cmd_len; rule->rulenum = ioc_rule->rulenum; @@ -758,7 +758,7 @@ ipfw_delete_rule(struct ipfw_context *ctx, if (mycpuid == IPFW_CFGCPUID) ipfw_dec_static_count(rule); - kfree(rule, M_IPFW2); + kfree(rule, M_IPFW3); rule = NULL; return NULL; } @@ -782,7 +782,7 @@ ipfw_flush_rule_dispatch(netmsg_t nmsg) if (mycpuid == IPFW_CFGCPUID) ipfw_dec_static_count(the_rule); - kfree(the_rule, M_IPFW2); + kfree(the_rule, M_IPFW3); } ifnet_forwardmsg(lmsg, mycpuid + 1); @@ -1839,11 +1839,11 @@ ipfw_sysctl_enable_dispatch(netmsg_t nmsg) struct lwkt_msg *lmsg = &nmsg->lmsg; int enable = lmsg->u.ms_result; - if (fw2_enable == enable) + if (fw3_enable == enable) goto reply; - fw2_enable = enable; - if (fw2_enable) + fw3_enable = enable; + if (fw3_enable) ipfw_hook(); else ipfw_dehook(); @@ -1859,7 +1859,7 @@ ipfw_sysctl_enable(SYSCTL_HANDLER_ARGS) struct lwkt_msg *lmsg; int enable, error; - enable = fw2_enable; + enable = fw3_enable; error = sysctl_handle_int(oidp, &enable, 0, req); if (error || req->newptr == NULL) return error; @@ -1889,13 +1889,13 @@ ipfw_ctx_init_dispatch(netmsg_t nmsg) if (mycpuid == 0 ) { ipfw_nat_ctx = kmalloc(sizeof(struct ipfw_nat_context), - M_IPFW2, M_WAITOK | M_ZERO); + M_IPFW3, M_WAITOK | M_ZERO); } - ctx = kmalloc(sizeof(struct ipfw_context), M_IPFW2, M_WAITOK | M_ZERO); + ctx = kmalloc(sizeof(struct ipfw_context), M_IPFW3, M_WAITOK | M_ZERO); ipfw_ctx[mycpuid] = ctx; - def_rule = kmalloc(sizeof(struct ip_fw), M_IPFW2, M_WAITOK | M_ZERO); + def_rule = kmalloc(sizeof(struct ip_fw), M_IPFW3, M_WAITOK | M_ZERO); def_rule->act_ofs = 0; def_rule->rulenum = IPFW_DEFAULT_RULE; def_rule->cmd_len = 2; @@ -1935,7 +1935,7 @@ ipfw_init_dispatch(netmsg_t nmsg) { struct netmsg_ipfw fwmsg; int error = 0; - if (IPFW2_LOADED) { + if (IPFW3_LOADED) { kprintf("IP firewall already loaded\n"); error = EEXIST; goto reply; @@ -1950,7 +1950,7 @@ ipfw_init_dispatch(netmsg_t nmsg) ip_fw_ctl_x_ptr = ipfw_ctl_x; ip_fw_dn_io_ptr = ipfw_dummynet_io; - kprintf("ipfw2 initialized, default to %s, logging ", + kprintf("ipfw3 initialized, default to %s, logging ", (int)(ipfw_ctx[mycpuid]->ipfw_default_rule->cmd[0].opcode) == O_BASIC_ACCEPT ? "accept" : "deny"); @@ -1969,15 +1969,15 @@ ipfw_init_dispatch(netmsg_t nmsg) verbose_limit); } kprintf("\n"); - ip_fw2_loaded = 1; - if (fw2_enable) + ip_fw3_loaded = 1; + if (fw3_enable) ipfw_hook(); reply: lwkt_replymsg(&nmsg->lmsg, error); } static int -ipfw2_init(void) +ipfw3_init(void) { struct netmsg_base smsg; init_module(); @@ -1993,7 +1993,7 @@ ipfw_fini_dispatch(netmsg_t nmsg) { int error = 0, cpu; - ip_fw2_loaded = 0; + ip_fw3_loaded = 0; ipfw_dehook(); netmsg_service_sync(); @@ -2004,11 +2004,11 @@ ipfw_fini_dispatch(netmsg_t nmsg) /* Free pre-cpu context */ for (cpu = 0; cpu < ncpus; ++cpu) { if (ipfw_ctx[cpu] != NULL) { - kfree(ipfw_ctx[cpu], M_IPFW2); + kfree(ipfw_ctx[cpu], M_IPFW3); ipfw_ctx[cpu] = NULL; } } - kfree(ipfw_nat_ctx,M_IPFW2); + kfree(ipfw_nat_ctx,M_IPFW3); ipfw_nat_ctx = NULL; kprintf("IP firewall unloaded\n"); @@ -2016,7 +2016,7 @@ ipfw_fini_dispatch(netmsg_t nmsg) } static int -ipfw2_fini(void) +ipfw3_fini(void) { struct netmsg_base smsg; netmsg_init(&smsg, NULL, &curthread->td_msgport, @@ -2027,13 +2027,13 @@ ipfw2_fini(void) #endif /* KLD_MODULE */ static int -ipfw2_modevent(module_t mod, int type, void *unused) +ipfw3_modevent(module_t mod, int type, void *unused) { int err = 0; switch (type) { case MOD_LOAD: - err = ipfw2_init(); + err = ipfw3_init(); break; case MOD_UNLOAD: @@ -2042,7 +2042,7 @@ ipfw2_modevent(module_t mod, int type, void *unused) kprintf("ipfw statically compiled, cannot unload\n"); err = EBUSY; #else - err = ipfw2_fini(); + err = ipfw3_fini(); #endif break; default: @@ -2051,10 +2051,10 @@ ipfw2_modevent(module_t mod, int type, void *unused) return err; } -static moduledata_t ipfw2mod = { - "ipfw2", - ipfw2_modevent, +static moduledata_t ipfw3mod = { + "ipfw3", + ipfw3_modevent, 0 }; -DECLARE_MODULE(ipfw2, ipfw2mod, SI_SUB_PROTO_END, SI_ORDER_ANY); -MODULE_VERSION(ipfw2, 1); +DECLARE_MODULE(ipfw3, ipfw3mod, SI_SUB_PROTO_END, SI_ORDER_ANY); +MODULE_VERSION(ipfw3, 1); diff --git a/sys/net/ipfw2/ip_fw3.h b/sys/net/ipfw3/ip_fw3.h similarity index 97% rename from sys/net/ipfw2/ip_fw3.h rename to sys/net/ipfw3/ip_fw3.h index d197d4bfce..1173df397e 100644 --- a/sys/net/ipfw2/ip_fw3.h +++ b/sys/net/ipfw3/ip_fw3.h @@ -33,20 +33,25 @@ * */ -#ifndef _IP_FW2_H_V2 -#define _IP_FW2_H_V2 +#ifndef _IP_FW3_H_ +#define _IP_FW3_H_ #ifdef _KERNEL #include -int ip_fw2_sockopt(struct sockopt *); -extern int ip_fw2_loaded; +int ip_fw3_sockopt(struct sockopt *); +extern int ip_fw3_loaded; #endif -#define IPFW2_LOADED (ip_fw2_loaded) +#define IPFW3_LOADED (ip_fw3_loaded) +/* + * _IPFW2_H is from ipfw/ip_fw2.h, both cannot be included past this + * point but we need both the IPFW2_LOADED and IPFW3_LOADED macros + */ #ifndef _IPFW2_H +#define _IPFW2_H #define RESERVED_SIZE 12 #define SIZE_OF_IPFWINSN 8 @@ -331,8 +336,8 @@ extern ip_fw_chk_t *ip_fw_chk_ptr; extern ip_fw_ctl_t *ip_fw_ctl_x_ptr; extern ip_fw_dn_io_t *ip_fw_dn_io_ptr; -extern int fw2_one_pass; -extern int fw2_enable; +extern int fw3_one_pass; +extern int fw3_enable; #define IPFW_CFGCPUID 0 @@ -500,7 +505,7 @@ typedef struct _ip_fw_x_header { typedef void ipfw_basic_delete_state_t(struct ip_fw *); typedef void ipfw_basic_append_state_t(struct ipfw_ioc_state *); -/* IP_FW2 opcodes */ +/* IP_FW3 opcodes */ #define IP_FW_ADD 50 /* add a firewall rule to chain */ #define IP_FW_DEL 51 /* delete a firewall rule from chain */ @@ -527,4 +532,4 @@ typedef void ipfw_basic_append_state_t(struct ipfw_ioc_state *); #define IP_FW_STATE_FLUSH 58 /* flush all states */ #endif -#endif /* _IPFW2_H */ +#endif /* _IPFW3_H_ */ diff --git a/sys/net/ipfw2/ip_fw3_glue.c b/sys/net/ipfw3/ip_fw3_glue.c similarity index 89% rename from sys/net/ipfw2/ip_fw3_glue.c rename to sys/net/ipfw3/ip_fw3_glue.c index 73e9c49b92..73f6de0d59 100644 --- a/sys/net/ipfw2/ip_fw3_glue.c +++ b/sys/net/ipfw3/ip_fw3_glue.c @@ -42,34 +42,34 @@ #include -#include +#include -int ip_fw2_loaded; -int fw2_enable = 1; -int fw2_one_pass = 1; +int ip_fw3_loaded; +int fw3_enable = 1; +int fw3_one_pass = 1; -static void ip_fw2_sockopt_dispatch(netmsg_t msg); +static void ip_fw3_sockopt_dispatch(netmsg_t msg); int -ip_fw2_sockopt(struct sockopt *sopt) +ip_fw3_sockopt(struct sockopt *sopt) { struct netmsg_base smsg; netmsg_init(&smsg, NULL, &curthread->td_msgport, - 0, ip_fw2_sockopt_dispatch); + 0, ip_fw3_sockopt_dispatch); smsg.lmsg.u.ms_resultp = sopt; return lwkt_domsg(IPFW_CFGPORT, &smsg.lmsg, 0); } static void -ip_fw2_sockopt_dispatch(netmsg_t msg) +ip_fw3_sockopt_dispatch(netmsg_t msg) { struct sockopt *sopt = msg->lmsg.u.ms_resultp; int error; KKASSERT(mycpuid == 0); - if (IPFW2_LOADED) + if (IPFW3_LOADED) error = ip_fw_ctl_x_ptr(sopt); else error = ENOPROTOOPT; diff --git a/sys/net/ipfw3_basic/Makefile b/sys/net/ipfw3_basic/Makefile new file mode 100644 index 0000000000..f027fb574a --- /dev/null +++ b/sys/net/ipfw3_basic/Makefile @@ -0,0 +1,4 @@ +KMOD= ipfw3_basic +SRCS= ip_fw3_basic.c + +.include diff --git a/sys/net/ipfw2_basic/ip_fw2_basic.c b/sys/net/ipfw3_basic/ip_fw3_basic.c similarity index 97% rename from sys/net/ipfw2_basic/ip_fw2_basic.c rename to sys/net/ipfw3_basic/ip_fw3_basic.c index b84faf9e46..05a2b613a7 100644 --- a/sys/net/ipfw2_basic/ip_fw2_basic.c +++ b/sys/net/ipfw3_basic/ip_fw3_basic.c @@ -65,9 +65,9 @@ #include #include -#include +#include -#include "ip_fw2_basic.h" +#include "ip_fw3_basic.h" #define TIME_LEQ(a, b) ((int)((a) - (b)) <= 0) @@ -158,15 +158,15 @@ adjust_hash_size_dispatch(netmsg_t nmsg) while (state != NULL) { the_state = state; state = state->next; - kfree(the_state, M_IPFW2_BASIC); + kfree(the_state, M_IPFW3_BASIC); the_state = NULL; } } } - kfree(ctx->state_ctx,M_IPFW2_BASIC); + kfree(ctx->state_ctx,M_IPFW3_BASIC); ctx->state_ctx = kmalloc(state_hash_size * sizeof(struct ipfw_state_context), - M_IPFW2_BASIC, M_WAITOK | M_ZERO); + M_IPFW3_BASIC, M_WAITOK | M_ZERO); ctx->state_hash_size = state_hash_size; ifnet_forwardmsg(&nmsg->lmsg, mycpuid + 1); } @@ -330,7 +330,7 @@ install_state(struct ip_fw *rule, ipfw_insn *cmd, struct ip_fw_args *args) struct ipfw_state_context *state_ctx; state_ctx = &ctx->state_ctx[hash_packet(&args->f_id)]; state = kmalloc(sizeof(struct ip_fw_state), - M_IPFW2_BASIC, M_NOWAIT | M_ZERO); + M_IPFW3_BASIC, M_NOWAIT | M_ZERO); if (state == NULL) { return NULL; } @@ -637,7 +637,7 @@ ipfw_basic_add_state(struct ipfw_ioc_state *ioc_state) struct ipfw_state_context *state_ctx; state_ctx = &ctx->state_ctx[hash_packet(&(ioc_state->flow_id))]; state = kmalloc(sizeof(struct ip_fw_state), - M_IPFW2_BASIC, M_WAITOK | M_ZERO); + M_IPFW3_BASIC, M_WAITOK | M_ZERO); struct ip_fw *rule = ctx->ipfw_rule_chain; while (rule != NULL) { if (rule->rulenum == ioc_state->rulenum) { @@ -698,7 +698,7 @@ ipfw_basic_flush_state(struct ip_fw *rule) the_state = state; state = state->next; - kfree(the_state, M_IPFW2_BASIC); + kfree(the_state, M_IPFW3_BASIC); state_ctx->count--; if (state == NULL) state_ctx->last = prev_state; @@ -739,7 +739,7 @@ ipfw_cleanup_expired_state(netmsg_t nmsg) state_ctx->last = NULL; - kfree(the_state, M_IPFW2_BASIC); + kfree(the_state, M_IPFW3_BASIC); state_ctx->count--; } else { prev_state = state; @@ -794,7 +794,7 @@ static void ipfw_basic_init_dispatch(netmsg_t nmsg) { IPFW_ASSERT_CFGPORT(&curthread->td_msgport); - KKASSERT(IPFW_LOADED); + KKASSERT(IPFW3_LOADED); int error = 0; callout_init_mp(&ipfw_tick_callout); @@ -859,7 +859,7 @@ ipfw_basic_init(void) if (ctx != NULL) { ctx->state_ctx = kmalloc(state_hash_size * sizeof(struct ipfw_state_context), - M_IPFW2_BASIC, M_WAITOK | M_ZERO); + M_IPFW3_BASIC, M_WAITOK | M_ZERO); ctx->state_hash_size = state_hash_size; } } @@ -875,7 +875,7 @@ static void ipfw_basic_stop_dispatch(netmsg_t nmsg) { IPFW_ASSERT_CFGPORT(&curthread->td_msgport); - KKASSERT(IPFW_LOADED); + KKASSERT(IPFW3_LOADED); int error = 0; callout_stop(&ipfw_tick_callout); netmsg_service_sync(); @@ -912,12 +912,12 @@ ipfw_basic_stop(void) state_ctx->last = NULL; kfree(the_state, - M_IPFW2_BASIC); + M_IPFW3_BASIC); } } } ctx->state_hash_size = 0; - kfree(ctx->state_ctx, M_IPFW2_BASIC); + kfree(ctx->state_ctx, M_IPFW3_BASIC); ctx->state_ctx = NULL; } } @@ -931,7 +931,7 @@ ipfw_basic_stop(void) static int -ipfw2_basic_modevent(module_t mod, int type, void *data) +ipfw3_basic_modevent(module_t mod, int type, void *data) { int err; switch (type) { @@ -947,11 +947,11 @@ ipfw2_basic_modevent(module_t mod, int type, void *data) return err; } -static moduledata_t ipfw2_basic_mod = { - "ipfw2_basic", - ipfw2_basic_modevent, +static moduledata_t ipfw3_basic_mod = { + "ipfw3_basic", + ipfw3_basic_modevent, NULL }; -DECLARE_MODULE(ipfw2_basic, ipfw2_basic_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); -MODULE_DEPEND(ipfw2_basic, ipfw2, 1, 1, 1); -MODULE_VERSION(ipfw2_basic, 1); +DECLARE_MODULE(ipfw3_basic, ipfw3_basic_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); +MODULE_DEPEND(ipfw3_basic, ipfw3, 1, 1, 1); +MODULE_VERSION(ipfw3_basic, 1); diff --git a/sys/net/ipfw2_basic/ip_fw2_basic.h b/sys/net/ipfw3_basic/ip_fw3_basic.h similarity index 98% rename from sys/net/ipfw2_basic/ip_fw2_basic.h rename to sys/net/ipfw3_basic/ip_fw3_basic.h index a994eae119..2e9d897165 100644 --- a/sys/net/ipfw2_basic/ip_fw2_basic.h +++ b/sys/net/ipfw3_basic/ip_fw3_basic.h @@ -38,7 +38,7 @@ #define MODULE_BASIC_NAME "basic" #ifdef _KERNEL -MALLOC_DEFINE(M_IPFW2_BASIC,"IPFW2_BASIC", "ip_fw2 basic module"); +MALLOC_DEFINE(M_IPFW3_BASIC,"IPFW3_BASIC", "ip_fw3 basic module"); #endif enum ipfw_basic_opcodes { diff --git a/sys/net/ipfw3_layer2/Makefile b/sys/net/ipfw3_layer2/Makefile new file mode 100644 index 0000000000..fa51d0c698 --- /dev/null +++ b/sys/net/ipfw3_layer2/Makefile @@ -0,0 +1,4 @@ +KMOD= ipfw3_layer2 +SRCS= ip_fw3_layer2.c + +.include diff --git a/sys/net/ipfw2_layer2/ip_fw2_layer2.c b/sys/net/ipfw3_layer2/ip_fw3_layer2.c similarity index 88% rename from sys/net/ipfw2_layer2/ip_fw2_layer2.c rename to sys/net/ipfw3_layer2/ip_fw3_layer2.c index b2a64f9f86..7cdf042c25 100644 --- a/sys/net/ipfw2_layer2/ip_fw2_layer2.c +++ b/sys/net/ipfw3_layer2/ip_fw3_layer2.c @@ -49,9 +49,9 @@ #include #include -#include +#include -#include "ip_fw2_layer2.h" +#include "ip_fw3_layer2.h" void check_layer2(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, @@ -86,7 +86,7 @@ check_mac(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, } static int -ipfw2_layer2_init(void) +ipfw3_layer2_init(void) { register_ipfw_module(MODULE_LAYER2_ID, MODULE_LAYER2_NAME); register_ipfw_filter_funcs(MODULE_LAYER2_ID, @@ -97,30 +97,30 @@ ipfw2_layer2_init(void) } static int -ipfw2_layer2_stop(void) +ipfw3_layer2_stop(void) { return unregister_ipfw_module(MODULE_LAYER2_ID); } static int -ipfw2_layer2_modevent(module_t mod, int type, void *data) +ipfw3_layer2_modevent(module_t mod, int type, void *data) { switch (type) { case MOD_LOAD: - return ipfw2_layer2_init(); + return ipfw3_layer2_init(); case MOD_UNLOAD: - return ipfw2_layer2_stop(); + return ipfw3_layer2_stop(); default: break; } return 0; } -static moduledata_t ipfw2_layer2_mod = { - "ipfw2_layer2", - ipfw2_layer2_modevent, +static moduledata_t ipfw3_layer2_mod = { + "ipfw3_layer2", + ipfw3_layer2_modevent, NULL }; -DECLARE_MODULE(ipfw2_layer2, ipfw2_layer2_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); -MODULE_DEPEND(ipfw2_layer2, ipfw2_basic, 1, 1, 1); -MODULE_VERSION(ipfw2_layer2, 1); +DECLARE_MODULE(ipfw3_layer2, ipfw3_layer2_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); +MODULE_DEPEND(ipfw3_layer2, ipfw3_basic, 1, 1, 1); +MODULE_VERSION(ipfw3_layer2, 1); diff --git a/sys/net/ipfw2_layer2/ip_fw2_layer2.h b/sys/net/ipfw3_layer2/ip_fw3_layer2.h similarity index 100% rename from sys/net/ipfw2_layer2/ip_fw2_layer2.h rename to sys/net/ipfw3_layer2/ip_fw3_layer2.h diff --git a/sys/net/ipfw3_layer4/Makefile b/sys/net/ipfw3_layer4/Makefile new file mode 100644 index 0000000000..6ff56b4523 --- /dev/null +++ b/sys/net/ipfw3_layer4/Makefile @@ -0,0 +1,4 @@ +KMOD= ipfw3_layer4 +SRCS= ip_fw3_layer4.c + +.include diff --git a/sys/net/ipfw2_layer4/ip_fw2_layer4.c b/sys/net/ipfw3_layer4/ip_fw3_layer4.c similarity index 92% rename from sys/net/ipfw2_layer4/ip_fw2_layer4.c rename to sys/net/ipfw3_layer4/ip_fw3_layer4.c index aa4766db11..ea6c714da6 100644 --- a/sys/net/ipfw2_layer4/ip_fw2_layer4.c +++ b/sys/net/ipfw3_layer4/ip_fw3_layer4.c @@ -63,9 +63,9 @@ #include #include -#include +#include -#include "ip_fw2_layer4.h" +#include "ip_fw3_layer4.h" void check_tcpflag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, @@ -156,7 +156,7 @@ check_gid(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, } static int -ipfw2_layer4_init(void) +ipfw3_layer4_init(void) { register_ipfw_module(MODULE_LAYER4_ID, MODULE_LAYER4_NAME); register_ipfw_filter_funcs(MODULE_LAYER4_ID, O_LAYER4_TCPFLAG, @@ -169,30 +169,30 @@ ipfw2_layer4_init(void) } static int -ipfw2_layer4_stop(void) +ipfw3_layer4_stop(void) { return unregister_ipfw_module(MODULE_LAYER4_ID); } static int -ipfw2_layer4_modevent(module_t mod, int type, void *data) +ipfw3_layer4_modevent(module_t mod, int type, void *data) { switch (type) { case MOD_LOAD: - return ipfw2_layer4_init(); + return ipfw3_layer4_init(); case MOD_UNLOAD: - return ipfw2_layer4_stop(); + return ipfw3_layer4_stop(); default: break; } return 0; } -static moduledata_t ipfw2_layer4_mod = { - "ipfw2_layer4", - ipfw2_layer4_modevent, +static moduledata_t ipfw3_layer4_mod = { + "ipfw3_layer4", + ipfw3_layer4_modevent, NULL }; -DECLARE_MODULE(ipfw2_layer4, ipfw2_layer4_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); -MODULE_DEPEND(ipfw2_layer4, ipfw2_basic, 1, 1, 1); -MODULE_VERSION(ipfw2_layer4, 1); +DECLARE_MODULE(ipfw3_layer4, ipfw3_layer4_mod, SI_SUB_PROTO_END, SI_ORDER_ANY); +MODULE_DEPEND(ipfw3_layer4, ipfw3_basic, 1, 1, 1); +MODULE_VERSION(ipfw3_layer4, 1); diff --git a/sys/net/ipfw2_layer4/ip_fw2_layer4.h b/sys/net/ipfw3_layer4/ip_fw3_layer4.h similarity index 100% rename from sys/net/ipfw2_layer4/ip_fw2_layer4.h rename to sys/net/ipfw3_layer4/ip_fw3_layer4.h diff --git a/sys/net/ipfw3_nat/Makefile b/sys/net/ipfw3_nat/Makefile new file mode 100644 index 0000000000..0540aedef4 --- /dev/null +++ b/sys/net/ipfw3_nat/Makefile @@ -0,0 +1,4 @@ +KMOD= ipfw3_nat +SRCS= ip_fw3_nat.c + +.include diff --git a/sys/net/ipfw2_nat/ip_fw2_nat.c b/sys/net/ipfw3_nat/ip_fw3_nat.c similarity index 98% rename from sys/net/ipfw2_nat/ip_fw2_nat.c rename to sys/net/ipfw3_nat/ip_fw3_nat.c index a2356faee4..5f87316574 100644 --- a/sys/net/ipfw2_nat/ip_fw2_nat.c +++ b/sys/net/ipfw3_nat/ip_fw3_nat.c @@ -73,9 +73,9 @@ #include #include -#include +#include -#include "ip_fw2_nat.h" +#include "ip_fw3_nat.h" static struct lock nat_lock; @@ -535,7 +535,7 @@ ipfw_nat_flush(struct sockopt *sopt) static int ipfw_nat_init(void) { - lockinit(&nat_lock, "ipfw2 nat lock", 0, 0); + lockinit(&nat_lock, "ipfw3 nat lock", 0, 0); register_ipfw_module(MODULE_NAT_ID, MODULE_NAT_NAME); register_ipfw_filter_funcs(MODULE_NAT_ID, O_NAT_NAT, (filter_func)check_nat); @@ -582,13 +582,13 @@ static int ipfw_nat_modevent(module_t mod, int type, void *data) } static moduledata_t ipfw_nat_mod = { - "ipfw2_nat", + "ipfw3_nat", ipfw_nat_modevent, NULL }; -DECLARE_MODULE(ipfw2_nat, ipfw_nat_mod, +DECLARE_MODULE(ipfw3_nat, ipfw_nat_mod, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY); -MODULE_DEPEND(ipfw2_nat, libalias, 1, 1, 1); -MODULE_DEPEND(ipfw2_nat, ipfw2_basic, 1, 1, 1); -MODULE_VERSION(ipfw2_nat, 1); +MODULE_DEPEND(ipfw3_nat, libalias, 1, 1, 1); +MODULE_DEPEND(ipfw3_nat, ipfw3_basic, 1, 1, 1); +MODULE_VERSION(ipfw3_nat, 1); diff --git a/sys/net/ipfw2_nat/ip_fw2_nat.h b/sys/net/ipfw3_nat/ip_fw3_nat.h similarity index 98% rename from sys/net/ipfw2_nat/ip_fw2_nat.h rename to sys/net/ipfw3_nat/ip_fw3_nat.h index 27c5ea086e..fcf4a5d4cf 100644 --- a/sys/net/ipfw2_nat/ip_fw2_nat.h +++ b/sys/net/ipfw3_nat/ip_fw3_nat.h @@ -39,7 +39,7 @@ #define MODULE_NAT_NAME "nat" #ifdef _KERNEL -MALLOC_DEFINE(M_IPFW_NAT, "IPFW2/NAT", "IPFW2/NAT 's"); +MALLOC_DEFINE(M_IPFW_NAT, "IPFW3/NAT", "IPFW3/NAT 's"); #endif enum ipfw_nat_opcodes { diff --git a/sys/net/libalias/alias_db.c b/sys/net/libalias/alias_db.c index ad020f8f8d..d93e206a7d 100644 --- a/sys/net/libalias/alias_db.c +++ b/sys/net/libalias/alias_db.c @@ -2821,7 +2821,7 @@ ClearFWHole(struct alias_link *lnk) if (fwhole < 0) return; - memset(&rule, 0, sizeof rule); /* useless for ipfw2 */ + memset(&rule, 0, sizeof rule); /* useless for ipfw3 */ while (!setsockopt(la->fireWallFD, IPPROTO_IP, IP_FW_DEL, &fwhole, sizeof fwhole)); fw_clrfield(la, la->fireWallField, fwhole); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index bf0dbe7529..d8a7feaea4 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -69,9 +69,9 @@ #include #include -#include +#include #include -#include +#include #ifdef FAST_IPSEC #include @@ -380,8 +380,8 @@ rip_ctloutput(netmsg_t msg) soopt_from_kbuf(sopt, &optval, sizeof optval); break; case IP_FW_X: - if (IPFW2_LOADED) - error = ip_fw2_sockopt(sopt); + if (IPFW3_LOADED) + error = ip_fw3_sockopt(sopt); else error = ENOPROTOOPT; break; @@ -433,7 +433,7 @@ rip_ctloutput(netmsg_t msg) inp->inp_flags &= ~INP_HDRINCL; break; case IP_FW_X: - if (IPFW2_LOADED) + if (IPFW3_LOADED) error = ip_fw_ctl_x_ptr(sopt); else error = ENOPROTOOPT; -- 2.41.0