diff options
84 files changed, 12 insertions, 7183 deletions
@@ -10598,3 +10598,15 @@ www/hs-gitit||2018-10-23|Has expired: Doesn't build with newest packages cad/kicad-library||2018-10-25|Has expired: KiCad has been upgraded to 5.0.0 devel/linux-kernel||2018-10-29|Has expired: no longer useful audio/py-musicbrainz2||2018-10-29|Has expired: Musicbrainz Web Service 1.0 support ended 2018-08-01 +games/bloboats||2018-11-01|Has expired: Upstream gone, FreeBSD 10 only +net/stf-6rd-kmod||2018-11-01|Has expired: Does not build on FreeBSD 11+ +net/pmf||2018-11-01|Has expired: Does not build on FreeBSD 11+ +net/knemo-kde4||2018-11-01|Has expired: KDE4 is EOL upstream, FreeBSD 10 only-port +net/userfw||2018-11-01|Has expired: Does not build on FreeBSD 11+ +sysutils/qjail4|sysutils/qjail|2018-11-01|Has expired: Only for FreeBSD 10.x , use sysutis/qjail instead +sysutils/bsdmoted||2018-11-01|Has expired: does not build on FreeBSD 11+ +sysutils/scprotect||2018-11-01|Has expired: Does not build on FreeBSD 11+ +www/typo3-7|www/typo3-8|2018-11-01|Has expired: Support will end in October 2018, please update to either www/typo3-8 or www/typo3-9 +devel/memleax||2018-11-01|Has expired: does not actually detect leaks +emulators/virtio-kmod||2018-11-01|Has expired: Does not build on FreeBSD 10+ +games/traindirector||2018-11-01|Has expired: Does not build on FreeBSD 11+ diff --git a/devel/Makefile b/devel/Makefile index 85e22a368697..2884cfc44d87 100644 --- a/devel/Makefile +++ b/devel/Makefile @@ -1758,7 +1758,6 @@ SUBDIR += mcpp SUBDIR += mdb SUBDIR += mdds - SUBDIR += memleax SUBDIR += menhir SUBDIR += mercator SUBDIR += mercurial diff --git a/devel/memleax/Makefile b/devel/memleax/Makefile deleted file mode 100644 index eb6aed22bfae..000000000000 --- a/devel/memleax/Makefile +++ /dev/null @@ -1,39 +0,0 @@ -# $FreeBSD$ - -PORTNAME= memleax -PORTVERSION= 1.0.3 -DISTVERSIONPREFIX= v -CATEGORIES= devel - -MAINTAINER= tobik@FreeBSD.org -COMMENT= Debug memory leaks of running processes - -LICENSE= GPLv2 -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= does not actually detect leaks -EXPIRATION_DATE= 2018-10-31 -BROKEN= does not actually detect leaks - -LIB_DEPENDS= libunwind.so:devel/libunwind -BUILD_DEPENDS= ${LOCALBASE}/lib/libdwarf.a:devel/libdwarf - -ONLY_FOR_ARCHS= amd64 - -USE_GITHUB= yes -GH_ACCOUNT= WuBingzheng - -USES= gmake -HAS_CONFIGURE= yes -CONFIGURE_ARGS= --prefix=${PREFIX} -ALL_TARGET= memleax -LLD_UNSAFE= yes # cf. devel/libunwind - -PLIST_FILES= bin/memleax \ - man/man1/memleax.1.gz - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/memleax ${STAGEDIR}${PREFIX}/bin - ${INSTALL_MAN} ${WRKSRC}/memleax.1 ${STAGEDIR}${PREFIX}/man/man1 - -.include <bsd.port.mk> diff --git a/devel/memleax/distinfo b/devel/memleax/distinfo deleted file mode 100644 index aea79b0f06b9..000000000000 --- a/devel/memleax/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1488351968 -SHA256 (WuBingzheng-memleax-v1.0.3_GH0.tar.gz) = ceffb192d25d56fb0d41f74d9476ec63821ec99c368f13c32d32c8ebdfda9e56 -SIZE (WuBingzheng-memleax-v1.0.3_GH0.tar.gz) = 30198 diff --git a/devel/memleax/pkg-descr b/devel/memleax/pkg-descr deleted file mode 100644 index 8956e593912d..000000000000 --- a/devel/memleax/pkg-descr +++ /dev/null @@ -1,11 +0,0 @@ -Memleax debugs memory leaks of running processes by attaching to them, -without recompiling or restarting. It hooks the target process's invocation -of memory allocation and free and reports the memory blocks which live -long enough as memory leak, in real time. - -It is convenient to use, and suitable for production environments. -There is no need to recompile the program or restart the target process. -You can run memleax to monitor the target process, wait for the real-time -memory leak report, and then kill it with ctrl-c to stop monitoring. - -WWW: https://github.com/WuBingzheng/memleax diff --git a/emulators/Makefile b/emulators/Makefile index 1029d83fef45..9b06d4319f9d 100644 --- a/emulators/Makefile +++ b/emulators/Makefile @@ -150,7 +150,6 @@ SUBDIR += vgb-bin SUBDIR += vgba-bin SUBDIR += vice - SUBDIR += virtio-kmod SUBDIR += virtualbox-ose SUBDIR += virtualbox-ose-additions SUBDIR += virtualbox-ose-additions-nox11 diff --git a/emulators/virtio-kmod/Makefile b/emulators/virtio-kmod/Makefile deleted file mode 100644 index 646cda1fc15a..000000000000 --- a/emulators/virtio-kmod/Makefile +++ /dev/null @@ -1,85 +0,0 @@ -# $FreeBSD$ - -PORTNAME= virtio -PORTVERSION= 0.${SVN_REV} -CATEGORIES= emulators -MASTER_SITES= LOCAL/kuriyama -PKGNAMESUFFIX= -kmod-${OSBRANCH} -DISTFILES= ${FILE_8} ${FILE_9} - -MAINTAINER= kuriyama@FreeBSD.org -COMMENT= virtio kernel modules port for 8.[234]/9.[01] - -DEPRECATED= Does not build on FreeBSD 10+ -EXPIRATION_DATE= 2018-10-31 - -ONLY_FOR_ARCHS= amd64 i386 - -WRKSRC= ${WRKDIR} -NEEDSUBDIRS= amd64 cam conf contrib dev/pci geom i386 kern net netinet netinet6 \ - sys tools vm x86 - -USES= kmod -.include <bsd.port.pre.mk> - -SVN_REV= 250249 -FILE_8= ${PORTNAME}-8-0.${SVN_REV}${EXTRACT_SUFX} -FILE_9= ${PORTNAME}-9-0.${SVN_REV}${EXTRACT_SUFX} -.if ${OSREL} == "8.2" -OSBRANCH= 8.2 -EXTRACT_ONLY= ${FILE_8} -.elif ${OSREL} == "8.3" -OSBRANCH= 8.3 -EXTRACT_ONLY= ${FILE_8} -.elif ${OSREL} == "8.4" -OSBRANCH= 8.4 -EXTRACT_ONLY= ${FILE_8} -.elif ${OSREL} == "9.0" -OSBRANCH= 9.0 -EXTRACT_ONLY= ${FILE_9} -.elif ${OSREL} == "9.1" -OSBRANCH= 9.1 -EXTRACT_ONLY= ${FILE_9} -.else -IGNORE= not supported $${OSREL} (${OSREL}) -.endif - -post-extract: - cd ${WRKSRC} && ${MKDIR} sys/dev tmp && ${MV} dev modules tmp/ -.for d in ${NEEDSUBDIRS} - [ ! -d ${SRC_BASE}/sys/${d} ] || ${CP} -Rp ${SRC_BASE}/sys/${d} ${WRKSRC}/sys/${d} -.endfor - ${CP} -Rp ${WRKSRC}/tmp/* ${WRKSRC}/sys/ -.if ${OSREL} == "8.1" || ${OSREL} == "8.2" -EXTRA_PATCHES= ${PATCHDIR}/extra-patch-virtio.h -.endif - -do-build: - cd ${WRKSRC}/sys/modules/virtio; ${MAKE} DEBUG_FLAGS=-g - -do-install: -.for f in pci/virtio_pci virtio/virtio block/virtio_blk balloon/virtio_balloon network/if_vtnet - ${INSTALL_KLD} ${WRKSRC}/sys/modules/virtio/${f}.ko ${STAGEDIR}${KMODDIR} - ${INSTALL_KLD} ${WRKSRC}/sys/modules/virtio/${f}.ko.symbols ${STAGEDIR}${KMODDIR} -.endfor - -# For maintainer only. -SVN_MIRROR?= http://svn.freebsd.org/base -EXPDIR= ${WRKSRC}/src/sys -maintainer-tar: - ${MKDIR} ${EXPDIR} - cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/stable/9/sys/dev/virtio dev/virtio - cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/stable/9/sys/modules/virtio modules/virtio - cd ${EXPDIR} && ${TAR} cfvz ${DISTDIR}/${FILE_9} dev modules - cd ${EXPDIR} && ${RM} -r dev modules - cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/stable/8/sys/dev/virtio dev/virtio - cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/stable/8/sys/modules/virtio modules/virtio - cd ${EXPDIR} && ${TAR} cfvz ${DISTDIR}/${FILE_8} dev modules - -maintainer-check: - @new9=`svn log -ql 1 ${SVN_MIRROR}@HEAD stable/9/sys/dev/virtio | ${GREP} -v ^- | ${SED} -e 's| .*||; s|r||'`;\ - new8=`svn log -ql 1 ${SVN_MIRROR}@HEAD stable/8/sys/dev/virtio | ${GREP} -v ^- | ${SED} -e 's| .*||; s|r||'`;\ - old="${SVN_REV}";\ - if [ "$${new9}" -gt "$${old}" ]; then ${ECHO_MSG} "New virtio rev: r$${new9} (was $${old}, 8-stable is $${new8})"; fi - -.include <bsd.port.post.mk> diff --git a/emulators/virtio-kmod/distinfo b/emulators/virtio-kmod/distinfo deleted file mode 100644 index 5baaba8e7bb5..000000000000 --- a/emulators/virtio-kmod/distinfo +++ /dev/null @@ -1,4 +0,0 @@ -SHA256 (virtio-8-0.250249.tar.gz) = 0a4d4327973c4ed2ddc63f8fc8b62dcca23f673f92bb45257a0e46991a0bafbb -SIZE (virtio-8-0.250249.tar.gz) = 64687 -SHA256 (virtio-9-0.250249.tar.gz) = 706876cf4c40eab1f5e0bde08eae806f1ad285f1d489979c179c25e0a2534f8e -SIZE (virtio-9-0.250249.tar.gz) = 65024 diff --git a/emulators/virtio-kmod/files/extra-patch-virtio.h b/emulators/virtio-kmod/files/extra-patch-virtio.h deleted file mode 100644 index c59f8620e81b..000000000000 --- a/emulators/virtio-kmod/files/extra-patch-virtio.h +++ /dev/null @@ -1,11 +0,0 @@ ---- sys/dev/virtio/virtio.h.orig 2012-08-22 09:25:24.732287379 +0900 -+++ sys/dev/virtio/virtio.h 2012-08-22 09:27:32.411327803 +0900 -@@ -150,4 +150,8 @@ - VIRTIO_RDWR_DEVICE_CONFIG(2, uint16_t); - VIRTIO_RDWR_DEVICE_CONFIG(4, uint32_t); - -+#ifndef DEVMETHOD_END -+#define DEVMETHOD_END { NULL, NULL } -+#endif -+ - #endif /* _VIRTIO_H_ */ diff --git a/emulators/virtio-kmod/files/patch-if_vtnet.c b/emulators/virtio-kmod/files/patch-if_vtnet.c deleted file mode 100644 index fc43920c835e..000000000000 --- a/emulators/virtio-kmod/files/patch-if_vtnet.c +++ /dev/null @@ -1,14 +0,0 @@ ---- sys/dev/virtio/network/if_vtnet.c.orig 2013-06-10 13:44:32.626245199 +0900 -+++ sys/dev/virtio/network/if_vtnet.c 2013-06-10 13:46:44.810245935 +0900 -@@ -2473,9 +2473,9 @@ - sglist_init(&sg, 4, segs); - error |= sglist_append(&sg, &hdr, sizeof(struct virtio_net_ctrl_hdr)); - error |= sglist_append(&sg, &filter->vmf_unicast, -- sizeof(struct vtnet_mac_table)); -+ sizeof(uint32_t) + filter->vmf_unicast.nentries * ETHER_ADDR_LEN); - error |= sglist_append(&sg, &filter->vmf_multicast, -- sizeof(struct vtnet_mac_table)); -+ sizeof(uint32_t) + filter->vmf_multicast.nentries * ETHER_ADDR_LEN); - error |= sglist_append(&sg, &ack, sizeof(uint8_t)); - KASSERT(error == 0 && sg.sg_nseg == 4, - ("error adding MAC filtering message to sglist")); diff --git a/emulators/virtio-kmod/pkg-descr b/emulators/virtio-kmod/pkg-descr deleted file mode 100644 index 91897e583541..000000000000 --- a/emulators/virtio-kmod/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -Port for package building of virtio kernel loadable modules. - -This port support only 8.[234] and 9.[01] releases. - -WWW: http://people.FreeBSD.org/~kuriyama/virtio/ diff --git a/emulators/virtio-kmod/pkg-message b/emulators/virtio-kmod/pkg-message deleted file mode 100644 index daa5f1b32264..000000000000 --- a/emulators/virtio-kmod/pkg-message +++ /dev/null @@ -1,22 +0,0 @@ -To use these modules, add loading lines in /boot/loader.conf: - -virtio_load="YES" -virtio_pci_load="YES" -virtio_blk_load="YES" -if_vtnet_load="YES" -virtio_balloon_load="YES" - -and edit fstab and interface config in rc.conf: - -# sed -i.bak -Ee 's|/dev/ada?|/dev/vtbd|' /etc/fstab -# echo 'ifconfig_vtnet0_name="em0"' >> /etc/rc.conf - -and enable virtio devices in host's domain.xml: - -- <target dev='hda' bus='ide'/> -- <address type='drive' controller='0' bus='0' unit='0'/> -+ <target dev='vda' bus='virtio'/> -+ <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> -... -- <model type='e1000'/> -+ <model type='virtio'/> diff --git a/emulators/virtio-kmod/pkg-plist b/emulators/virtio-kmod/pkg-plist deleted file mode 100644 index 5bcc9ad8412d..000000000000 --- a/emulators/virtio-kmod/pkg-plist +++ /dev/null @@ -1,10 +0,0 @@ -/%%KMODDIR%%/if_vtnet.ko -/%%KMODDIR%%/if_vtnet.ko.symbols -/%%KMODDIR%%/virtio.ko -/%%KMODDIR%%/virtio.ko.symbols -/%%KMODDIR%%/virtio_balloon.ko -/%%KMODDIR%%/virtio_balloon.ko.symbols -/%%KMODDIR%%/virtio_blk.ko -/%%KMODDIR%%/virtio_blk.ko.symbols -/%%KMODDIR%%/virtio_pci.ko -/%%KMODDIR%%/virtio_pci.ko.symbols diff --git a/games/Makefile b/games/Makefile index 5557500f141d..382352e8909e 100644 --- a/games/Makefile +++ b/games/Makefile @@ -96,7 +96,6 @@ SUBDIR += blinken-kde4 SUBDIR += blinkensisters SUBDIR += blobby - SUBDIR += bloboats SUBDIR += blobwars SUBDIR += block SUBDIR += blockade @@ -1042,7 +1041,6 @@ SUBDIR += toycars SUBDIR += trackballs SUBDIR += tractorgen - SUBDIR += traindirector SUBDIR += traingame SUBDIR += tremulous SUBDIR += trenchbroom diff --git a/games/bloboats/Makefile b/games/bloboats/Makefile deleted file mode 100644 index e98034e5d138..000000000000 --- a/games/bloboats/Makefile +++ /dev/null @@ -1,46 +0,0 @@ -# Created by: Emanuel Haupt <ehaupt@FreeBSD.org> -# $FreeBSD$ - -PORTNAME= bloboats -PORTVERSION= 1.0.2 -DISTVERSIONSUFFIX= -source -PORTREVISION= 10 -CATEGORIES= games -MASTER_SITES= http://bloboats.dy.fi/mirror/ \ - LOCAL/ehaupt - -MAINTAINER= ports@FreeBSD.org -COMMENT= Boat racing game in the spirit of Elasto Mania or X-Moto - -DEPRECATED= Upstream gone, FreeBSD 10 only -EXPIRATION_DATE= 2018-10-31 - -LICENSE= GPLv2 -LICENSE_FILE= ${WRKSRC}/copying.txt - -BROKEN_FreeBSD_11= does not build on 11.X -BROKEN_FreeBSD_12= does not build on 12.X # PR 226180 -BROKEN_FreeBSD_13= does not build on 13.X # PR 226180 - -USES= dos2unix gmake -USE_SDL= mixer image net sdl -USE_GL= gl glu - -DESKTOP_ENTRIES="Bloboats" \ - "${COMMENT}" \ - "${PORTNAME}" \ - "${PORTNAME}" \ - "Game;" \ - false - -MAKE_ENV+= DATADIR="${DATADIR}" STAGEDIR=${STAGEDIR} - -WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} - -DOS2UNIX_FILES= src/*.cpp - -post-install: - ${INSTALL_DATA} ${WRKSRC}/data/images/icon.png \ - ${STAGEDIR}${PREFIX}/share/pixmaps/${PORTNAME}.png - -.include <bsd.port.mk> diff --git a/games/bloboats/distinfo b/games/bloboats/distinfo deleted file mode 100644 index 553bd5dc898f..000000000000 --- a/games/bloboats/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1477651466 -SHA256 (bloboats-1.0.2-source.tar.gz) = 4aa5cbba7bae4471daefc6ba058cf6a84c62a4c06cd104a525f9ea1108787ccd -SIZE (bloboats-1.0.2-source.tar.gz) = 7592902 diff --git a/games/bloboats/files/patch-Makefile b/games/bloboats/files/patch-Makefile deleted file mode 100644 index 76f99fb0d3d1..000000000000 --- a/games/bloboats/files/patch-Makefile +++ /dev/null @@ -1,59 +0,0 @@ ---- Makefile.orig 2017-02-03 12:18:46 UTC -+++ Makefile -@@ -7,16 +7,13 @@ - ### Installation directory (Installation prefix) - # If you don't have root privileges, set this to /home/tentacleman/bloboats/ - # for example, otherwise /. Don't use ~ or other environment variables! --PREFIX = / - - ### Or if you don't want to run make install at all, uncomments the next line - # and comment the line below. Compile and run with './bin/bloboats' - #DATADIR = data - --DATADIR = $(PREFIX)/usr/games/bloboats/data -- - ### If you do make install, you may perhaps want to set these --BINARYDIR = $(PREFIX)/usr/bin -+BINARYDIR = $(PREFIX)/bin - CONFIGDIR = $(PREFIX)/etc - - PRIVATEDIR = ~/.bloboats -@@ -53,13 +50,13 @@ ICON_CMD = i586-mingw32msvc-windres -i s - - - ### C++ compiler to be used --CXX_DEFAULT = g++ -+CXX_DEFAULT ?= g++ - CXX_FREEBSD = g++ - CXX_NETBSD = g++ - CXX_MACOSX = g++ - CXX_CROSS = i586-mingw32msvc-g++ - --CXX = $(CXX_$(TARGET)) -+CXX ?= g++ - - - ### SDL-Config in your system -@@ -154,14 +151,14 @@ config: - echo "#define DEBUG $(DEBUG)" >> src/compiling_settings.h - - install: -- mkdir -p $(BINARYDIR)/ -- mkdir -p $(CONFIGDIR)/ -- cp bloboats.dirs $(CONFIGDIR)/ -- mkdir -p $(DATADIR)/ -- cp -R data/* $(DATADIR)/ -- cp bin/$(BINARY) $(BINARYDIR)/ -- chmod -R 744 $(DATADIR) -- chmod 755 `find $(DATADIR) -type d` -+ mkdir -p $(STAGEDIR)$(BINARYDIR)/ -+ mkdir -p $(STAGEDIR)$(CONFIGDIR)/ -+ cp bloboats.dirs $(STAGEDIR)$(CONFIGDIR)/ -+ mkdir -p $(STAGEDIR)$(DATADIR)/ -+ cp -R data/* $(STAGEDIR)$(DATADIR)/ -+ cp bin/$(BINARY) $(STAGEDIR)$(BINARYDIR)/ -+ chmod -R 744 $(STAGEDIR)$(DATADIR) -+ chmod 755 `find $(STAGEDIR)$(DATADIR) -type d` - - uninstall: - rm -f $(CONFIGDIR)/bloboats.dirs diff --git a/games/bloboats/files/patch-src_menu.cpp b/games/bloboats/files/patch-src_menu.cpp deleted file mode 100644 index 610b249da3b6..000000000000 --- a/games/bloboats/files/patch-src_menu.cpp +++ /dev/null @@ -1,12 +0,0 @@ ---- src/menu.cpp.orig 2017-02-03 12:18:46 UTC -+++ src/menu.cpp -@@ -1567,7 +1567,8 @@ void menu::resolution() { - // Get resolutions - vector<Resolution> resolutions; - SDL_Rect** modes = SDL_ListModes(NULL, SDL_FULLSCREEN|SDL_HWSURFACE|SDL_OPENGL); -- if(modes > 0) { -+ // if(modes > 0) { -+ if(modes != '\0') { - Uint32 bpp = SDL_GetVideoInfo()->vfmt->BitsPerPixel; - for(int i=0; modes[i] && i < 10; ++i) { - Resolution resolution; diff --git a/games/bloboats/pkg-descr b/games/bloboats/pkg-descr deleted file mode 100644 index 20fa8ddc5812..000000000000 --- a/games/bloboats/pkg-descr +++ /dev/null @@ -1,2 +0,0 @@ -Bloboats is a boat racing game in the spirit of Elasto Mania or X-Moto. It -introduces a handful of elements from Super Mario Bros-like games. diff --git a/games/bloboats/pkg-plist b/games/bloboats/pkg-plist deleted file mode 100644 index 63ebb59eb8f2..000000000000 --- a/games/bloboats/pkg-plist +++ /dev/null @@ -1,116 +0,0 @@ -bin/bloboats -etc/bloboats.dirs -%%DATADIR%%/sounds/vroom.wav -%%DATADIR%%/sounds/clonk.wav -%%DATADIR%%/sounds/explosion.wav -%%DATADIR%%/sounds/finish.wav -%%DATADIR%%/sounds/menuenter.wav -%%DATADIR%%/sounds/menuselect.wav -%%DATADIR%%/sounds/music0.ogg -%%DATADIR%%/sounds/music1.ogg -%%DATADIR%%/sounds/music2.ogg -%%DATADIR%%/sounds/music3.ogg -%%DATADIR%%/sounds/roarr.wav -%%DATADIR%%/sounds/sounds.txt -%%DATADIR%%/sounds/splash.wav -%%DATADIR%%/sounds/bump.wav -%%DATADIR%%/models/invader.mdl -%%DATADIR%%/models/broken.mdl -%%DATADIR%%/models/hirvio.mdl -%%DATADIR%%/models/boulder.mdl -%%DATADIR%%/models/menu.mdl -%%DATADIR%%/models/paatti.mdl -%%DATADIR%%/models/tux.mdl -%%DATADIR%%/levels/meri9.tdt -%%DATADIR%%/levels/meri0.hsc -%%DATADIR%%/levels/meri0.mdl -%%DATADIR%%/levels/meri0.tdt -%%DATADIR%%/levels/meri1.dat -%%DATADIR%%/levels/meri1.hsc -%%DATADIR%%/levels/meri1.mdl -%%DATADIR%%/levels/meri1.tdt -%%DATADIR%%/levels/meri10.dat -%%DATADIR%%/levels/meri10.hsc -%%DATADIR%%/levels/meri10.mdl -%%DATADIR%%/levels/meri10.tdt -%%DATADIR%%/levels/meri11.dat -%%DATADIR%%/levels/meri11.hsc -%%DATADIR%%/levels/meri11.mdl -%%DATADIR%%/levels/meri11.tdt -%%DATADIR%%/levels/meri12.dat -%%DATADIR%%/levels/meri12.hsc -%%DATADIR%%/levels/meri12.mdl -%%DATADIR%%/levels/meri12.tdt -%%DATADIR%%/levels/meri13.dat -%%DATADIR%%/levels/meri13.hsc -%%DATADIR%%/levels/meri13.mdl -%%DATADIR%%/levels/meri13.tdt -%%DATADIR%%/levels/meri14.dat -%%DATADIR%%/levels/meri14.hsc -%%DATADIR%%/levels/meri14.mdl -%%DATADIR%%/levels/meri14.tdt -%%DATADIR%%/levels/meri15.dat -%%DATADIR%%/levels/meri15.hsc -%%DATADIR%%/levels/meri15.mdl -%%DATADIR%%/levels/meri15.tdt -%%DATADIR%%/levels/meri16.dat -%%DATADIR%%/levels/meri16.hsc -%%DATADIR%%/levels/meri16.mdl -%%DATADIR%%/levels/meri16.tdt -%%DATADIR%%/levels/meri17.dat -%%DATADIR%%/levels/meri17.hsc -%%DATADIR%%/levels/meri17.mdl -%%DATADIR%%/levels/meri17.tdt -%%DATADIR%%/levels/meri2.dat -%%DATADIR%%/levels/meri2.hsc -%%DATADIR%%/levels/meri2.mdl -%%DATADIR%%/levels/meri2.tdt -%%DATADIR%%/levels/meri3.dat -%%DATADIR%%/levels/meri3.hsc -%%DATADIR%%/levels/meri3.mdl -%%DATADIR%%/levels/meri3.tdt -%%DATADIR%%/levels/meri4.dat -%%DATADIR%%/levels/meri4.hsc -%%DATADIR%%/levels/meri4.mdl -%%DATADIR%%/levels/meri4.tdt -%%DATADIR%%/levels/meri5.dat -%%DATADIR%%/levels/meri5.hsc -%%DATADIR%%/levels/meri5.mdl -%%DATADIR%%/levels/meri5.tdt -%%DATADIR%%/levels/meri6.dat -%%DATADIR%%/levels/meri6.hsc -%%DATADIR%%/levels/meri6.mdl -%%DATADIR%%/levels/meri6.tdt -%%DATADIR%%/levels/meri7.dat -%%DATADIR%%/levels/meri7.hsc -%%DATADIR%%/levels/meri7.mdl -%%DATADIR%%/levels/meri7.tdt -%%DATADIR%%/levels/meri8.dat -%%DATADIR%%/levels/meri8.hsc -%%DATADIR%%/levels/meri8.mdl -%%DATADIR%%/levels/meri8.tdt -%%DATADIR%%/levels/meri9.dat -%%DATADIR%%/levels/meri9.hsc -%%DATADIR%%/levels/meri9.mdl -%%DATADIR%%/levels/meri0.dat -%%DATADIR%%/images/tux.png -%%DATADIR%%/images/bloboats.png -%%DATADIR%%/images/boulder.png -%%DATADIR%%/images/ground.png -%%DATADIR%%/images/ground2.png -%%DATADIR%%/images/groundedge.png -%%DATADIR%%/images/groundedge2.png -%%DATADIR%%/images/hirvio.png -%%DATADIR%%/images/hirvio_.png -%%DATADIR%%/images/ice.png -%%DATADIR%%/images/icon.ico -%%DATADIR%%/images/icon.png -%%DATADIR%%/images/invader.png -%%DATADIR%%/images/maali.png -%%DATADIR%%/images/alus.png -%%DATADIR%%/fonts/font.png -%%DATADIR%%/fonts/font2.png -%%DATADIR%%/defaults/private/ghost/ghost.txt -%%DATADIR%%/defaults/private/records/records.txt -%%DATADIR%%/defaults/private/levels.dat -share/pixmaps/bloboats.png diff --git a/games/traindirector/Makefile b/games/traindirector/Makefile deleted file mode 100644 index a7b5f34aaab3..000000000000 --- a/games/traindirector/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -# $FreeBSD$ - -PORTNAME= traindirector -PORTVERSION= 3.6 -PORTREVISION= 7 -CATEGORIES= games -MASTER_SITES= http://www.backerstreet.com/traindir/ -DISTNAME= tdir36src - -MAINTAINER= madpilot@FreeBSD.org -COMMENT= Train controller simulation - -LICENSE= GPLv2 - -DEPRECATED= Does not build on FreeBSD 11+ -EXPIRATION_DATE= 2018-10-31 - -NO_WRKSUBDIR= yes - -USES= gmake zip -USE_GNOME= gtk20 - -USE_WX= 2.8 -WX_COMPS= wx:lib - -DESKTOP_ENTRIES="Train Director" "${COMMENT}" "" "traindir3" \ - "Game;Simulation;StrategyGame;" false - -PLIST_FILES= bin/traindir3 - -MAKEFILE= Makefile.fc9 - -.include <bsd.port.pre.mk> - -.if ${OPSYS} == "FreeBSD" && ((${OSVERSION} >= 1100508 && ${OSVERSION} < 1200000) || ${OSVERSION} >= 1200017) -BROKEN= Fails to compile with libc++ 3.9.0 and later -.endif - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/traindir3 ${STAGEDIR}${PREFIX}/bin - -.include <bsd.port.post.mk> diff --git a/games/traindirector/distinfo b/games/traindirector/distinfo deleted file mode 100644 index 92e24100d8fc..000000000000 --- a/games/traindirector/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (tdir36src.zip) = 93c0a09c848110cf4a5b108e81a1fd44ffe61f334f12280b7b7bb4a96c3676d7 -SIZE (tdir36src.zip) = 231097 diff --git a/games/traindirector/files/patch-Makefile.fc9 b/games/traindirector/files/patch-Makefile.fc9 deleted file mode 100644 index 552b5348e53c..000000000000 --- a/games/traindirector/files/patch-Makefile.fc9 +++ /dev/null @@ -1,45 +0,0 @@ ---- Makefile.fc9.orig 2008-08-31 17:53:10.000000000 +0200 -+++ Makefile.fc9 2011-06-21 11:52:40.309974439 +0200 -@@ -7,7 +7,7 @@ - - - --prefix = /usr/local -+prefix = ${PREFIX} - exec_prefix = ${prefix} - INSTALL = /usr/bin/install -c - EXEEXT = -@@ -18,18 +18,18 @@ - top_srcdir = - top_builddir = - LDFLAGS_GUI = --CXX = g++ -+CXX ?= g++ - #CXXFLAGS = -g -O0 -pthread -Wall -Wundef -Wno-ctor-dtor-privacy -finput-charset=ISO-8859-1 --CXXFLAGS = -O2 -pthread -Wall -Wundef -Wno-ctor-dtor-privacy -finput-charset=ISO-8859-1 -+CXXFLAGS += -pthread -Wall -Wundef -Wno-ctor-dtor-privacy - #CPPFLAGS = -D__WXDEBUG__ -DGTK_NO_CHECK_CASTS -pthread -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES -D_LARGEFILE_SOURCE=1 -DwxUSE_UNICODE=1 -I. --CPPFLAGS = -DGTK_NO_CHECK_CASTS -pthread -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES -D_LARGEFILE_SOURCE=1 -DwxUSE_UNICODE=1 -I. -I/usr/include/wx-2.8 -I/usr/lib/wx/include/gtk2-unicode-release-2.8 --LDFLAGS = -pthread -L/usr/X11R6/lib -+CPPFLAGS += -DGTK_NO_CHECK_CASTS -pthread -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES -D_LARGEFILE_SOURCE=1 -DwxUSE_UNICODE=1 -I. -I${LOCALBASE}/include/wx-2.8 -I${LOCALBASE}/lib/wx/include/gtk2-unicode-release-2.8 -+LDFLAGS = -pthread -L${LOCALBASE}/lib - WX_LIB_FLAVOUR = - TOOLKIT = GTK - TOOLKIT_LOWERCASE = gtk - TOOLKIT_VERSION = 2 --EXTRALIBS = -pthread -L/usr/X11R6/lib -lz -ldl -lm --EXTRALIBS_GUI = -Wl,--export-dynamic -pthread -lgtk-x11-2.0 -lgdk-x11-2.0 -latk-1.0 -lgdk_pixbuf-2.0 -lm -lpangoxft-1.0 -lpangox-1.0 -lpango-1.0 -lgobject-2.0 -lgmodule-2.0 -ldl -lgthread-2.0 -lglib-2.0 -lXinerama -lXxf86vm -lpng -lz -ljpeg -ltiff -+EXTRALIBS = -pthread -L${LOCALBASE}/lib -lz -lm -+EXTRALIBS_GUI = -Wl,--export-dynamic -pthread -lgtk-x11-2.0 -lgdk-x11-2.0 -latk-1.0 -lgdk_pixbuf-2.0 -lm -lpangoxft-1.0 -lpangox-1.0 -lpango-1.0 -lgobject-2.0 -lgmodule-2.0 -lgthread-2.0 -lglib-2.0 -lXinerama -lXxf86vm -lpng -lz -ljpeg -ltiff - EXTRALIBS_SDL = - HOST_SUFFIX = - SAMPLES_RPATH_FLAG = -Wl,-rpath,$(top_builddir)lib -@@ -38,7 +38,7 @@ - ### Variables: ### - - DESTDIR = --OBJDIR = objs/ -+OBJDIR = - WX_RELEASE = 2.8 - WX_VERSION = $(WX_RELEASE).4 - LIBDIRNAME = $(top_builddir)lib diff --git a/games/traindirector/pkg-descr b/games/traindirector/pkg-descr deleted file mode 100644 index af7ab54b965f..000000000000 --- a/games/traindirector/pkg-descr +++ /dev/null @@ -1,9 +0,0 @@ -Train Director is a clone of the popular Train Dispatcher simulation -software. - -With Train Director you can simulate the work of the Centralized -Traffic Control by controlling the movement of trains by throwing -switches and clearing signals. You can also create your own territories -with the included track layout editor. - -WWW: http://www.backerstreet.com/traindir/trdireng.htm diff --git a/net/Makefile b/net/Makefile index 4841dfc687b8..dfb8d5c4b1aa 100644 --- a/net/Makefile +++ b/net/Makefile @@ -345,7 +345,6 @@ SUBDIR += kmbox SUBDIR += kmime SUBDIR += knc - SUBDIR += knemo-kde4 SUBDIR += kontactinterface SUBDIR += kpimtextedit SUBDIR += krdc @@ -1025,7 +1024,6 @@ SUBDIR += pktanon SUBDIR += pload SUBDIR += plugdaemon - SUBDIR += pmf SUBDIR += polyorb SUBDIR += poptop SUBDIR += portfwd @@ -1427,7 +1425,6 @@ SUBDIR += ssmping SUBDIR += ssspl SUBDIR += ssvnc - SUBDIR += stf-6rd-kmod SUBDIR += stone SUBDIR += stund SUBDIR += subnetcalc @@ -1511,7 +1508,6 @@ SUBDIR += uriparser SUBDIR += urlendec SUBDIR += usbredir - SUBDIR += userfw SUBDIR += utftpd SUBDIR += vblade SUBDIR += vde diff --git a/net/knemo-kde4/Makefile b/net/knemo-kde4/Makefile deleted file mode 100644 index 1231adcc39a8..000000000000 --- a/net/knemo-kde4/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -# $FreeBSD$ - -PORTNAME= knemo -PORTVERSION= 0.7.7 -PORTREVISION= 2 -CATEGORIES= net kde -MASTER_SITES= http://kde-apps.org/CONTENT/content-files/ -DISTNAME= 12956-${PORTNAME}-${PORTVERSION} - -MAINTAINER= ports@FreeBSD.org -COMMENT= KDE network monitor - -DEPRECATED= KDE4 is EOL upstream, FreeBSD 10 only-port -EXPIRATION_DATE= 2018-10-31 - -BROKEN_FreeBSD_11= does not build due to access to kernel-private structure (error: member access into incomplete type 'struct in6_ifaddr') -BROKEN_FreeBSD_12= does not build due to access to kernel-private structure (error: member access into incomplete type 'struct in6_ifaddr') -BROKEN_FreeBSD_13= does not build due to access to kernel-private structure (error: member access into incomplete type 'struct in6_ifaddr') - -USES= cmake gettext kde:4 qt:4 shebangfix tar:xz -SHEBANG_FILES= src/kconf_update/*.pl -USE_QT= qmake_build moc_build uic_build rcc_build -USE_KDE= kdelibs workspace automoc4 - -WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} - -.include <bsd.port.mk> diff --git a/net/knemo-kde4/distinfo b/net/knemo-kde4/distinfo deleted file mode 100644 index 7c184eb8989b..000000000000 --- a/net/knemo-kde4/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (12956-knemo-0.7.7.tar.xz) = deff2201f11b48b3849d44d38ae3908fa0dcafc326657b5cc2cefc8b1e7fe9ea -SIZE (12956-knemo-0.7.7.tar.xz) = 611580 diff --git a/net/knemo-kde4/pkg-descr b/net/knemo-kde4/pkg-descr deleted file mode 100644 index 7608f785bf5c..000000000000 --- a/net/knemo-kde4/pkg-descr +++ /dev/null @@ -1,6 +0,0 @@ -KNemo - the KDE Network Monitor - -KNemo offers a network monitor similar to the one found in Windows. -For every network interface it displays an icon in the systray. - -WWW: http://extragear.kde.org/apps/knemo/ diff --git a/net/knemo-kde4/pkg-plist b/net/knemo-kde4/pkg-plist deleted file mode 100644 index 46b6abcbbcae..000000000000 --- a/net/knemo-kde4/pkg-plist +++ /dev/null @@ -1,155 +0,0 @@ -bin/knemo -lib/kde4/kcm_knemo.so -share/applications/kde4/knemo.desktop -share/apps/kconf_update/knemo-0.5.1-iconsets.pl -share/apps/kconf_update/knemo-0.5.2-misc.pl -share/apps/kconf_update/knemo-0.6.1-misc.pl -share/apps/kconf_update/knemo-0.6.3-misc.pl -share/apps/kconf_update/knemo-0.7.0-misc.pl -share/apps/kconf_update/knemo.upd -share/apps/knemo/knemo.notifyrc -share/apps/knemo/themes/modem.desktop -share/apps/knemo/themes/monitor.desktop -share/apps/knemo/themes/monochrome.desktop -share/apps/knemo/themes/network.desktop -share/apps/knemo/themes/wireless.desktop -share/autostart/knemo.desktop -share/icons/hicolor/128x128/apps/knemo.png -share/icons/hicolor/16x16/apps/knemo.png -share/icons/hicolor/22x22/apps/knemo.png -share/icons/hicolor/22x22/status/knemo-modem-error.png -share/icons/hicolor/22x22/status/knemo-modem-idle.png -share/icons/hicolor/22x22/status/knemo-modem-offline.png -share/icons/hicolor/22x22/status/knemo-modem-receive.png -share/icons/hicolor/22x22/status/knemo-modem-transmit-receive.png -share/icons/hicolor/22x22/status/knemo-modem-transmit.png -share/icons/hicolor/22x22/status/knemo-monitor-error.png -share/icons/hicolor/22x22/status/knemo-monitor-idle.png -share/icons/hicolor/22x22/status/knemo-monitor-offline.png -share/icons/hicolor/22x22/status/knemo-monitor-receive.png -share/icons/hicolor/22x22/status/knemo-monitor-transmit-receive.png -share/icons/hicolor/22x22/status/knemo-monitor-transmit.png -share/icons/hicolor/22x22/status/knemo-network-error.png -share/icons/hicolor/22x22/status/knemo-network-idle.png -share/icons/hicolor/22x22/status/knemo-network-offline.png -share/icons/hicolor/22x22/status/knemo-network-receive.png -share/icons/hicolor/22x22/status/knemo-network-transmit-receive.png -share/icons/hicolor/22x22/status/knemo-network-transmit.png -share/icons/hicolor/22x22/status/knemo-wireless-error.png -share/icons/hicolor/22x22/status/knemo-wireless-idle.png -share/icons/hicolor/22x22/status/knemo-wireless-offline.png -share/icons/hicolor/22x22/status/knemo-wireless-receive.png -share/icons/hicolor/22x22/status/knemo-wireless-transmit-receive.png -share/icons/hicolor/22x22/status/knemo-wireless-transmit.png -share/icons/hicolor/32x32/apps/knemo.png -share/icons/hicolor/48x48/apps/knemo.png -share/icons/hicolor/64x64/apps/knemo.png -share/icons/hicolor/scalable/apps/knemo.svgz -share/icons/hicolor/scalable/status/knemo-monochrome-error.svgz -share/icons/hicolor/scalable/status/knemo-monochrome-idle.svgz -share/icons/hicolor/scalable/status/knemo-monochrome-offline.svgz -share/icons/hicolor/scalable/status/knemo-monochrome-receive.svgz -share/icons/hicolor/scalable/status/knemo-monochrome-transmit-receive.svgz -share/icons/hicolor/scalable/status/knemo-monochrome-transmit.svgz -share/kde4/services/kcm_knemo.desktop -share/locale/ar/LC_MESSAGES/kcm_knemo.mo -share/locale/ar/LC_MESSAGES/knemo.mo -share/locale/ast/LC_MESSAGES/kcm_knemo.mo -share/locale/ast/LC_MESSAGES/knemo.mo -share/locale/bg/LC_MESSAGES/kcm_knemo.mo -share/locale/bg/LC_MESSAGES/knemo.mo -share/locale/br/LC_MESSAGES/kcm_knemo.mo -share/locale/br/LC_MESSAGES/knemo.mo -share/locale/bs/LC_MESSAGES/kcm_knemo.mo -share/locale/bs/LC_MESSAGES/knemo.mo -share/locale/ca/LC_MESSAGES/kcm_knemo.mo -share/locale/ca/LC_MESSAGES/knemo.mo -share/locale/cs/LC_MESSAGES/kcm_knemo.mo -share/locale/cs/LC_MESSAGES/knemo.mo -share/locale/cy/LC_MESSAGES/kcm_knemo.mo -share/locale/cy/LC_MESSAGES/knemo.mo -share/locale/da/LC_MESSAGES/kcm_knemo.mo -share/locale/da/LC_MESSAGES/knemo.mo -share/locale/de/LC_MESSAGES/kcm_knemo.mo -share/locale/de/LC_MESSAGES/knemo.mo -share/locale/el/LC_MESSAGES/kcm_knemo.mo -share/locale/el/LC_MESSAGES/knemo.mo -share/locale/en_GB/LC_MESSAGES/kcm_knemo.mo -share/locale/en_GB/LC_MESSAGES/knemo.mo -share/locale/eo/LC_MESSAGES/kcm_knemo.mo -share/locale/eo/LC_MESSAGES/knemo.mo -share/locale/es/LC_MESSAGES/kcm_knemo.mo -share/locale/es/LC_MESSAGES/knemo.mo -share/locale/et/LC_MESSAGES/kcm_knemo.mo -share/locale/et/LC_MESSAGES/knemo.mo -share/locale/fi/LC_MESSAGES/kcm_knemo.mo -share/locale/fi/LC_MESSAGES/knemo.mo -share/locale/fr/LC_MESSAGES/kcm_knemo.mo -share/locale/fr/LC_MESSAGES/knemo.mo -share/locale/ga/LC_MESSAGES/kcm_knemo.mo -share/locale/ga/LC_MESSAGES/knemo.mo -share/locale/gl/LC_MESSAGES/kcm_knemo.mo -share/locale/gl/LC_MESSAGES/knemo.mo -share/locale/hr/LC_MESSAGES/kcm_knemo.mo -share/locale/hr/LC_MESSAGES/knemo.mo -share/locale/hu/LC_MESSAGES/kcm_knemo.mo -share/locale/hu/LC_MESSAGES/knemo.mo -share/locale/ia/LC_MESSAGES/kcm_knemo.mo -share/locale/ia/LC_MESSAGES/knemo.mo -share/locale/is/LC_MESSAGES/kcm_knemo.mo -share/locale/is/LC_MESSAGES/knemo.mo -share/locale/it/LC_MESSAGES/kcm_knemo.mo -share/locale/it/LC_MESSAGES/knemo.mo -share/locale/ja/LC_MESSAGES/kcm_knemo.mo -share/locale/ja/LC_MESSAGES/knemo.mo -share/locale/ka/LC_MESSAGES/kcm_knemo.mo -share/locale/ka/LC_MESSAGES/knemo.mo -share/locale/km/LC_MESSAGES/kcm_knemo.mo -share/locale/km/LC_MESSAGES/knemo.mo -share/locale/lt/LC_MESSAGES/kcm_knemo.mo -share/locale/lt/LC_MESSAGES/knemo.mo -share/locale/mr/LC_MESSAGES/kcm_knemo.mo -share/locale/mr/LC_MESSAGES/knemo.mo -share/locale/ms/LC_MESSAGES/kcm_knemo.mo -share/locale/nb/LC_MESSAGES/kcm_knemo.mo -share/locale/nb/LC_MESSAGES/knemo.mo -share/locale/nds/LC_MESSAGES/kcm_knemo.mo -share/locale/nds/LC_MESSAGES/knemo.mo -share/locale/nl/LC_MESSAGES/kcm_knemo.mo -share/locale/nl/LC_MESSAGES/knemo.mo -share/locale/pl/LC_MESSAGES/kcm_knemo.mo -share/locale/pl/LC_MESSAGES/knemo.mo -share/locale/pt/LC_MESSAGES/kcm_knemo.mo -share/locale/pt/LC_MESSAGES/knemo.mo -share/locale/pt_BR/LC_MESSAGES/kcm_knemo.mo -share/locale/pt_BR/LC_MESSAGES/knemo.mo -share/locale/ro/LC_MESSAGES/kcm_knemo.mo -share/locale/ro/LC_MESSAGES/knemo.mo -share/locale/ru/LC_MESSAGES/kcm_knemo.mo -share/locale/ru/LC_MESSAGES/knemo.mo -share/locale/rw/LC_MESSAGES/kcm_knemo.mo -share/locale/rw/LC_MESSAGES/knemo.mo -share/locale/sk/LC_MESSAGES/kcm_knemo.mo -share/locale/sk/LC_MESSAGES/knemo.mo -share/locale/sl/LC_MESSAGES/kcm_knemo.mo -share/locale/sl/LC_MESSAGES/knemo.mo -share/locale/sr/LC_MESSAGES/kcm_knemo.mo -share/locale/sr/LC_MESSAGES/knemo.mo -share/locale/sr@ijekavian/LC_MESSAGES/kcm_knemo.mo -share/locale/sr@ijekavian/LC_MESSAGES/knemo.mo -share/locale/sr@ijekavianlatin/LC_MESSAGES/kcm_knemo.mo -share/locale/sr@ijekavianlatin/LC_MESSAGES/knemo.mo -share/locale/sr@latin/LC_MESSAGES/kcm_knemo.mo -share/locale/sr@latin/LC_MESSAGES/knemo.mo -share/locale/sv/LC_MESSAGES/kcm_knemo.mo -share/locale/sv/LC_MESSAGES/knemo.mo -share/locale/tr/LC_MESSAGES/kcm_knemo.mo -share/locale/tr/LC_MESSAGES/knemo.mo -share/locale/ug/LC_MESSAGES/kcm_knemo.mo -share/locale/ug/LC_MESSAGES/knemo.mo -share/locale/uk/LC_MESSAGES/kcm_knemo.mo -share/locale/uk/LC_MESSAGES/knemo.mo -share/locale/zh_CN/LC_MESSAGES/kcm_knemo.mo -share/locale/zh_CN/LC_MESSAGES/knemo.mo -share/locale/zh_TW/LC_MESSAGES/kcm_knemo.mo -share/locale/zh_TW/LC_MESSAGES/knemo.mo diff --git a/net/pmf/Makefile b/net/pmf/Makefile deleted file mode 100644 index 1c490bd1ce13..000000000000 --- a/net/pmf/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# Created by: adam -# $FreeBSD$ - -PORTNAME= pmf -PORTVERSION= 1.13.1 -PORTREVISION= 1 -CATEGORIES= net -MASTER_SITES= http://ftp.ntua.gr/pub/net/mud/lpmud/clients/pmf/ \ - LOCAL/glarkin - -MAINTAINER= ports@FreeBSD.org -COMMENT= Padrone's Mud Frontend - -BROKEN_powerpc64= fails to link: ld: cannot find -lreadline -DEPRECATED= Does not build on FreeBSD 11+ -EXPIRATION_DATE= 2018-10-31 - -WRKSRC= ${WRKDIR}/pmfdir -BUILD_WRKSRC= ${WRKDIR}/pmfdir/src -PATCH_WRKSRC= ${WRKDIR}/pmfdir/src - -USES= readline - -SUB_FILES= pmfrc.default - -OPTIONS_DEFINE= DOCS EXAMPLES - -.include <bsd.port.pre.mk> - -.if !exists(/usr/lib/libreadline.so) -BROKEN= Does not build with modern readline from ports -.endif - -post-build: - @${LN} -sf .pmfrc ${WRKSRC}/examples/dot.pmfrc - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/src/pmf ${STAGEDIR}${PREFIX}/bin - @${MKDIR} ${STAGEDIR}${DATADIR} - ${INSTALL_DATA} ${WRKSRC}/system_dir/NEWS ${STAGEDIR}${DATADIR} - ${INSTALL_DATA} ${WRKDIR}/pmfrc.default ${STAGEDIR}${DATADIR} - (cd ${WRKSRC}/system_dir && ${COPYTREE_SHARE} helpfiles ${STAGEDIR}${DATADIR}) - @${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/doc/* ${STAGEDIR}${DOCSDIR} - @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} - ${INSTALL_DATA} ${WRKSRC}/examples/* ${STAGEDIR}${EXAMPLESDIR} - -.include <bsd.port.post.mk> diff --git a/net/pmf/distinfo b/net/pmf/distinfo deleted file mode 100644 index 226bc39d52dd..000000000000 --- a/net/pmf/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (pmf-1.13.1.tar.gz) = 42d96dd2ce4f2fb6e7d5720cf419eef1cca842e09842db993e53f4b95f240707 -SIZE (pmf-1.13.1.tar.gz) = 246240 diff --git a/net/pmf/files/patch-Makefile b/net/pmf/files/patch-Makefile deleted file mode 100644 index 8a32a366841f..000000000000 --- a/net/pmf/files/patch-Makefile +++ /dev/null @@ -1,68 +0,0 @@ ---- ./Makefile.orig 1993-05-23 07:54:05.000000000 -0400 -+++ ./Makefile 2010-02-02 14:21:04.000000000 -0500 -@@ -29,12 +29,13 @@ - # pmf without GNU readline or without sound. - # Remove one (or both) of "-DGNU_READLINE" and "-DSOUND". - # --OPTIONS = -DGNU_READLINE -DSOUND -+#OPTIONS = -DGNU_READLINE -DSOUND -+OPTIONS = -DGNU_READLINE - - # This variable, SOUND_OBJECT, should be changed if you want to - # compile pmf without sound: remove this definition of SOUND_OBJECT. - # --SOUND_OBJECT = sound.o -+#SOUND_OBJECT = sound.o - - # This variable, HISTORY_OBJECT, should be changed if you want to - # compile pmf without GNU readline: define HISTORY_OBJECT as -@@ -56,7 +57,7 @@ - # If you want to use the GNU C compiler, - # change the variable CC to "gcc -traditional" instead: - # --CC = cc -+CC ?= cc - # CC = gcc -traditional - - ###################################################################### -@@ -65,7 +66,7 @@ - # -- the Makefiles in the subdirs have to be changed separately. - # Distribution: CFLAGS = -O - # Maximum debug: CFLAGS = -g -pg -DDEBUG -pipe --CFLAGS = -O -+CFLAGS += -DSYSTEM_DIR=\"${PREFIX}/share/pmf\" - - ###################################################################### - -@@ -101,7 +102,7 @@ - - READLINE_DIR = readline - C_PACKAGES_DIR = c_packages --READLINE_LIB = $(READLINE_DIR)/libreadline.a -+#READLINE_LIB = $(READLINE_DIR)/libreadline.a - C_PACKAGES_LIB = $(C_PACKAGES_DIR)/libc_packs.a - - LIBS = $(READLINE_LIB) $(C_PACKAGES_LIB) -@@ -123,8 +124,7 @@ - - pmf: $(OBJECTS) $(LIBS) - rm -f compile_time.c -- $(CC) -o pmf $(CFLAGS) $(OBJECTS) $(LIBS) -ltermcap -lresolv -- strip pmf -+ $(CC) -o pmf $(CFLAGS) $(OBJECTS) $(LIBS) -ltermcap -lreadline -lcompat - rm -f compile_time.o - - compile_time.c: -@@ -133,10 +133,10 @@ - ###################################################################### - - $(READLINE_LIB): -- ( cd $(READLINE_DIR); make ) -+ ( cd $(READLINE_DIR); $(MAKE) ) - - $(C_PACKAGES_LIB): -- ( cd $(C_PACKAGES_DIR); make ) -+ ( cd $(C_PACKAGES_DIR); $(MAKE) 'CFLAGS=$(CFLAGS)') - - READLINE_FILES = \ - $(READLINE_DIR)/* diff --git a/net/pmf/files/patch-c_packages__Makefile b/net/pmf/files/patch-c_packages__Makefile deleted file mode 100644 index a7edd41f4a5a..000000000000 --- a/net/pmf/files/patch-c_packages__Makefile +++ /dev/null @@ -1,11 +0,0 @@ ---- ./c_packages/Makefile.orig 1991-09-21 23:13:58.000000000 -0400 -+++ ./c_packages/Makefile 2010-02-02 14:21:04.000000000 -0500 -@@ -8,7 +8,7 @@ - for i in $(PACKAGES) ; \ - do \ - echo Making $$i...; \ -- ( cd $$i; make ) \ -+ ( cd $$i; $(MAKE) 'CFLAGS=$(CFLAGS)') \ - done - ln -s */*.o . - ar rv libc_packs.a *.o diff --git a/net/pmf/files/patch-c_packages__safe_malloc__Makefile b/net/pmf/files/patch-c_packages__safe_malloc__Makefile deleted file mode 100644 index 192b4974692f..000000000000 --- a/net/pmf/files/patch-c_packages__safe_malloc__Makefile +++ /dev/null @@ -1,16 +0,0 @@ ---- ./c_packages/safe_malloc/Makefile.orig 1991-09-21 23:13:52.000000000 -0400 -+++ ./c_packages/safe_malloc/Makefile 2010-02-02 14:21:04.000000000 -0500 -@@ -14,11 +14,11 @@ - INCLUDEDIRS = - - # CC = gcc -traditional --CC = cc -+CC ?= cc - - # Distribution: CFLAGS = -O - # Maximum debug: CFLAGS = -g -pg -DDEBUG -pipe --CFLAGS = -O -+#CFLAGS = -O - - all: $(OBJECTS) - diff --git a/net/pmf/files/patch-c_packages__safe_malloc__fatal.c b/net/pmf/files/patch-c_packages__safe_malloc__fatal.c deleted file mode 100644 index a118507a7ece..000000000000 --- a/net/pmf/files/patch-c_packages__safe_malloc__fatal.c +++ /dev/null @@ -1,13 +0,0 @@ ---- ./c_packages/safe_malloc/fatal.c.orig 1991-09-21 23:13:52.000000000 -0400 -+++ ./c_packages/safe_malloc/fatal.c 2010-02-02 14:21:04.000000000 -0500 -@@ -8,8 +8,8 @@ - #include "safe_malloc.h" - - extern int errno; --extern char *sys_errlist[]; --extern int sys_nerr; -+/*extern char *sys_errlist[]; -+extern int sys_nerr;*/ - - fatal(fmt, a1, a2, a3, a4, a5) - char *fmt, *a1, *a2, *a3, *a4, *a5; diff --git a/net/pmf/files/patch-config.h b/net/pmf/files/patch-config.h deleted file mode 100644 index 97e735dcce28..000000000000 --- a/net/pmf/files/patch-config.h +++ /dev/null @@ -1,44 +0,0 @@ ---- ./config.h.orig 1993-10-29 05:25:35.000000000 -0400 -+++ ./config.h 2010-02-02 14:21:04.000000000 -0500 -@@ -35,14 +35,16 @@ - * files instead. - * Note that "~" is not expanded in this directory name. - */ -+#ifndef SYSTEM_DIR - #define SYSTEM_DIR "/home/diagnostix3/ida/tompa/pmf-1.13.1/pmfdir/system_dir" -+#endif - - /* These are the names of some files, usually in the system directory - * SYSTEM_DIR that is #defined above. - * If these names start with a "/" they are considered - * relative to the root directory, otherwise to SYSTEM_DIR. - */ --#define SYSTEM_DEFAULT_INIT_FILE ".pmfrc.default" -+#define SYSTEM_DEFAULT_INIT_FILE "pmfrc.default" - #define SYSTEM_NEWS_FILE "NEWS" - #define SYSTEM_HELP_DIR "helpfiles" - #define SYSTEM_SOUND_DIR "soundfiles" -@@ -63,16 +65,22 @@ - #define X_OUTPUT_PROGRAM "cat" - - /* What system? Define one either BSD or SYSV:*/ -+#ifndef BSD - #define BSD -+#endif - /* #define SYSV */ - - /* What ioctl do we use for the ttys? */ --#ifdef BSD -+#if defined(BSD) && !defined(__FreeBSD__) - # define USE_TIOCGETP - #else - # define USE_TCGETA - #endif - -+#ifdef BSD -+#define _cnt _r -+#endif -+ - /* The prompt to print after doing a builtin command. 0 means no prompt. - * The prompt variable is initially set to the value of DEFAULT_PROMPT, - * but it can of course later be changed with the command "set prompt". diff --git a/net/pmf/files/patch-error.c b/net/pmf/files/patch-error.c deleted file mode 100644 index 59715da8e8b3..000000000000 --- a/net/pmf/files/patch-error.c +++ /dev/null @@ -1,13 +0,0 @@ ---- ./error.c.orig 1991-09-21 23:13:05.000000000 -0400 -+++ ./error.c 2010-02-02 14:21:04.000000000 -0500 -@@ -15,8 +15,8 @@ - #include "pmf.h" - - extern int errno; --extern char *sys_errlist[]; --extern int sys_nerr; -+/* extern char *sys_errlist[]; -+extern int sys_nerr; */ - - /*---------------------------------------------------------------------------*/ - diff --git a/net/pmf/files/patch-help.c b/net/pmf/files/patch-help.c deleted file mode 100644 index 32ae872bda91..000000000000 --- a/net/pmf/files/patch-help.c +++ /dev/null @@ -1,15 +0,0 @@ ---- help.c.orig -+++ help.c -@@ -16,10 +16,11 @@ - #include "globals.h" - - extern char compile_time[], version[]; -+extern void cmd_help(); - - /*---------------------------------------------------------------------------*/ - --cmd_help(orig_arg) -+void cmd_help(orig_arg) - char *orig_arg; - { - char *arg, *lc = NULL, *try2 = NULL, *try3 = NULL, *try4 = NULL; diff --git a/net/pmf/files/patch-ipc.c b/net/pmf/files/patch-ipc.c deleted file mode 100644 index 7b7bc60af35e..000000000000 --- a/net/pmf/files/patch-ipc.c +++ /dev/null @@ -1,21 +0,0 @@ ---- ipc.c.orig -+++ ipc.c -@@ -35,8 +35,7 @@ - #endif /* FD_ZERO */ - - extern char *get_now_date_string(); -- --extern int errno; -+extern void telnet_protocol(); - - static struct in_addr host_address; - static struct sockaddr_in socket_address; -@@ -360,7 +359,7 @@ - /* This function takes the three bytes from a telnet command, - * and implements a very limited telnet protocol. - */ --telnet_protocol(one, two, three) -+void telnet_protocol(one, two, three) - unsigned int one, two, three; - { - unsigned char reply[3]; diff --git a/net/pmf/files/patch-main.c b/net/pmf/files/patch-main.c deleted file mode 100644 index 3c65bfb7da2f..000000000000 --- a/net/pmf/files/patch-main.c +++ /dev/null @@ -1,43 +0,0 @@ ---- ./main.c.orig 1991-09-21 23:13:43.000000000 -0400 -+++ ./main.c 2010-02-02 14:21:04.000000000 -0500 -@@ -12,9 +12,9 @@ - #include <stdio.h> - #include <sys/types.h> - #include <sys/stat.h> --#include <sgtty.h> - #include <signal.h> - #include <setjmp.h> -+#include <sys/param.h> - #include "safe_malloc.h" - #include "str_galore.h" - #include "config.h" -@@ -37,7 +37,7 @@ - extern int stop_printing(); - extern int continue_printing(); - -- extern int last_c_pos; -+ extern int _rl_last_c_pos; - #endif - - /* Longjmp buffer, jump there after error() or CTRL-C */ -@@ -58,7 +58,7 @@ - ldisplay("\n"); - ldisplay("%s", rl_line_buffer); - rl_redisplay(count, key); -- last_c_pos = rl_end; -+ _rl_last_c_pos = rl_end; - } - #endif - -@@ -191,7 +191,11 @@ - #endif - - if (debug && exitval) { -+ #if defined(__FreeBSD__) && (__FreeBSD_version >= 500035) -+ signal(SIGABRT, SIG_DFL); -+ #else - signal(SIGIOT, SIG_DFL); -+ #endif - abort(); - } - else diff --git a/net/pmf/files/patch-misc.c b/net/pmf/files/patch-misc.c deleted file mode 100644 index 31a193e9dc89..000000000000 --- a/net/pmf/files/patch-misc.c +++ /dev/null @@ -1,11 +0,0 @@ ---- ./misc.c.orig 1991-09-21 23:13:43.000000000 -0400 -+++ ./misc.c 2010-02-02 14:21:04.000000000 -0500 -@@ -16,7 +16,7 @@ - #include "config.h" - #include "globals.h" - --extern long time(); -+extern time_t time(); - extern char *ctime(); - - /*---------------------------------------------------------------------------*/ diff --git a/net/pmf/files/patch-putget.c b/net/pmf/files/patch-putget.c deleted file mode 100644 index 395e4efdf5d4..000000000000 --- a/net/pmf/files/patch-putget.c +++ /dev/null @@ -1,28 +0,0 @@ ---- putget.c.orig -+++ putget.c -@@ -30,6 +30,7 @@ - *expand_variables(), - *find_robot_action_string(), - *return_last(); -+extern void cmd_putfile(), cmd_getfile(); - - /* This is a temporary buffer of text received from the MUD game. - * If the flag "getfiling" is true, the routines that receive the MUD -@@ -44,7 +45,7 @@ - /*---------------------------------------------------------------------------*/ - - /* Send a file to LPmud using the built-in editor */ --cmd_putfile(filename, optional_filename) -+void cmd_putfile(filename, optional_filename) - char *filename, *optional_filename; - { - char *local_filename, *remote_filename, cmd_buffer[MAX_LINE_LENGTH + 1]; -@@ -103,7 +104,7 @@ - /*---------------------------------------------------------------------------*/ - - /* Get a file from LPmud using the built-in editor */ --cmd_getfile(filename, optional_filename) -+void cmd_getfile(filename, optional_filename) - char *filename, *optional_filename; - { - char *local_filename, *remote_filename, cmd_buffer[MAX_LINE_LENGTH + 1]; diff --git a/net/pmf/files/patch-tty.c b/net/pmf/files/patch-tty.c deleted file mode 100644 index 67edbbaf9e07..000000000000 --- a/net/pmf/files/patch-tty.c +++ /dev/null @@ -1,28 +0,0 @@ ---- ./tty.c.orig 1993-10-29 05:09:06.000000000 -0400 -+++ ./tty.c 2010-02-02 14:21:04.000000000 -0500 -@@ -18,6 +18,9 @@ - /* Added by dodurham@stimpy.ualr.edu for Linux machines */ - #ifdef SYSV - # include <termio.h> -+#elif defined(__FreeBSD__) -+# include <termios.h> -+# define termio termios - #else - # include <sgtty.h> - #endif -@@ -161,13 +164,13 @@ - - pmf_save_terminal() - { -- if (ioctl(0, TCGETA, &terminal_state) == -1) -+ if (tcgetattr(0, &terminal_state) == -1) - fatal("ioctl TCGETA failed in pmf_save_terminal."); - } /* pmf_save_terminal */ - - pmf_restore_terminal() - { -- if (ioctl(0, TCSETA, &terminal_state) == -1) -+ if (tcsetattr(0, TCSANOW, &terminal_state) == -1) - fatal("ioctl TCSETA failed in pmf_restore_terminal."); - } /* pmf_restore_terminal */ - diff --git a/net/pmf/files/pmfrc.default.in b/net/pmf/files/pmfrc.default.in deleted file mode 100644 index 22fa8cd1dba1..000000000000 --- a/net/pmf/files/pmfrc.default.in +++ /dev/null @@ -1,54 +0,0 @@ -# -# Default init file for pmf. -# Thomas Padron-McCarhty, padrone@lysator.liu.se, Sept 22 1991 -# Remember that all blank lines are sent to Mud, which means that you -# should probably NOT have any blank lines in the init file. -# Silent mode is on while running the init file. -# -# -# First of all, set up some things: -# -/set prompt "pmf %d> " -/set history 40 -/set lines_to_save 100 -/set cryptkey "Have a Coke and a Smile!" -/unset substitute_history -/unset replace_control -# -# Some very useful aliases: -# -/alias c score -/alias l look -/alias g get all -/alias ec exa corpse -/alias dc drop corpse -/alias sb sell bottle -/alias m missile -/alias k shock -/alias f fireball -/alias gc "get $1 from corpse $2" -/alias gb "get $1 from bag $2" -/alias bdb "buy beer $n drink beer" -/alias h history -# -# This alias lets you run from the church to the pub: -# -/unalias . "perform $1 >" -/alias church-to-pub ". s $n . e $n . e $n . n $n . e" -# -# Some more aliases: -# -/alias /soundon "/source %%PREFIX%%/share/pmf/soundfiles/pmf-sparc-sound" -/alias /soundoff "/unset sound" -# -# Avoid printing some of the more annoying messages: -# -# /gag "Go player says: " -# /gag "Harry says: " -# -# A simple robot action: -# -/action "$1 tells you: $2" "/beep" -/alias /on /set robot -/alias /off /unset robot -/on diff --git a/net/pmf/pkg-descr b/net/pmf/pkg-descr deleted file mode 100644 index b0ec4ed1edb4..000000000000 --- a/net/pmf/pkg-descr +++ /dev/null @@ -1,2 +0,0 @@ -PMF is a linemode MUD client, with line history and editing. -It also provides gags, aliases and other useful features. diff --git a/net/pmf/pkg-plist b/net/pmf/pkg-plist deleted file mode 100644 index ff6a4c7ed1d0..000000000000 --- a/net/pmf/pkg-plist +++ /dev/null @@ -1,97 +0,0 @@ -bin/pmf -%%PORTDOCS%%%%DOCSDIR%%/mud-clients.FAQ -%%PORTDOCS%%%%DOCSDIR%%/mud-rwho.FAQ -%%PORTDOCS%%%%DOCSDIR%%/mud.FAQ -%%PORTDOCS%%%%DOCSDIR%%/mudlist.18oct93 -%%PORTDOCS%%%%DOCSDIR%%/pmf.doc -%%PORTDOCS%%%%DOCSDIR%%/resource-usage -%%PORTEXAMPLES%%%%EXAMPLESDIR%%/dot.pmfrc -%%PORTEXAMPLES%%%%EXAMPLESDIR%%/pmf-sparc-sound -%%PORTEXAMPLES%%%%EXAMPLESDIR%%/sample-robot -%%DATADIR%%/NEWS -%%DATADIR%%/pmfrc.default -%%DATADIR%%/helpfiles/!! -%%DATADIR%%/helpfiles/!number -%%DATADIR%%/helpfiles/!str -%%DATADIR%%/helpfiles/!string -%%DATADIR%%/helpfiles/+action -%%DATADIR%%/helpfiles/+alias -%%DATADIR%%/helpfiles/+beep -%%DATADIR%%/helpfiles/+cd -%%DATADIR%%/helpfiles/+connect -%%DATADIR%%/helpfiles/+cryptsay -%%DATADIR%%/helpfiles/+crypttell -%%DATADIR%%/helpfiles/+debuglog -%%DATADIR%%/helpfiles/+disconnect -%%DATADIR%%/helpfiles/+dump -%%DATADIR%%/helpfiles/+echo -%%DATADIR%%/helpfiles/+gag -%%DATADIR%%/helpfiles/+getfile -%%DATADIR%%/helpfiles/+help -%%DATADIR%%/helpfiles/+history -%%DATADIR%%/helpfiles/+last -%%DATADIR%%/helpfiles/+log -%%DATADIR%%/helpfiles/+perform -%%DATADIR%%/helpfiles/+putfile -%%DATADIR%%/helpfiles/+quit -%%DATADIR%%/helpfiles/+quote -%%DATADIR%%/helpfiles/+receive -%%DATADIR%%/helpfiles/+send -%%DATADIR%%/helpfiles/+set -%%DATADIR%%/helpfiles/+sound -%%DATADIR%%/helpfiles/+source -%%DATADIR%%/helpfiles/+status -%%DATADIR%%/helpfiles/+system -%%DATADIR%%/helpfiles/+unaction -%%DATADIR%%/helpfiles/+unactionall -%%DATADIR%%/helpfiles/+unalias -%%DATADIR%%/helpfiles/+ungag -%%DATADIR%%/helpfiles/+unset -%%DATADIR%%/helpfiles/+unsound -%%DATADIR%%/helpfiles/.pmfrc -%%DATADIR%%/helpfiles/242 -%%DATADIR%%/helpfiles/? -%%DATADIR%%/helpfiles/CTRL-C -%%DATADIR%%/helpfiles/CTRL-D -%%DATADIR%%/helpfiles/CTRL-Z -%%DATADIR%%/helpfiles/FRONT242 -%%DATADIR%%/helpfiles/Padrone -%%DATADIR%%/helpfiles/README -%%DATADIR%%/helpfiles/achtung -%%DATADIR%%/helpfiles/bug -%%DATADIR%%/helpfiles/can_gag_fight -%%DATADIR%%/helpfiles/cryptkey -%%DATADIR%%/helpfiles/debug -%%DATADIR%%/helpfiles/documentation -%%DATADIR%%/helpfiles/echo -%%DATADIR%%/helpfiles/frontcd -%%DATADIR%%/helpfiles/frontecho -%%DATADIR%%/helpfiles/fronthelp -%%DATADIR%%/helpfiles/frontquit -%%DATADIR%%/helpfiles/frontset -%%DATADIR%%/helpfiles/frontstatus -%%DATADIR%%/helpfiles/frontunset -%%DATADIR%%/helpfiles/help -%%DATADIR%%/helpfiles/history -%%DATADIR%%/helpfiles/host -%%DATADIR%%/helpfiles/ignoreeof -%%DATADIR%%/helpfiles/init -%%DATADIR%%/helpfiles/lines_to_save -%%DATADIR%%/helpfiles/options -%%DATADIR%%/helpfiles/padrone -%%DATADIR%%/helpfiles/pmf -%%DATADIR%%/helpfiles/port -%%DATADIR%%/helpfiles/prompt -%%DATADIR%%/helpfiles/quit -%%DATADIR%%/helpfiles/replace_control -%%DATADIR%%/helpfiles/robot -%%DATADIR%%/helpfiles/screen_length -%%DATADIR%%/helpfiles/show_receive -%%DATADIR%%/helpfiles/slash_commands -%%DATADIR%%/helpfiles/sound -%%DATADIR%%/helpfiles/source -%%DATADIR%%/helpfiles/source-code -%%DATADIR%%/helpfiles/status -%%DATADIR%%/helpfiles/substitute_history -%%DATADIR%%/helpfiles/variables -%%DATADIR%%/helpfiles/verbose diff --git a/net/stf-6rd-kmod/Makefile b/net/stf-6rd-kmod/Makefile deleted file mode 100644 index a432b54ec496..000000000000 --- a/net/stf-6rd-kmod/Makefile +++ /dev/null @@ -1,90 +0,0 @@ -# $FreeBSD$ - -PORTNAME= stf -PORTVERSION= 0.${SVN_REV} -CATEGORIES= net ipv6 -MASTER_SITES= LOCAL/kuriyama -PKGNAMESUFFIX= -6rd-kmod -DISTNAME= freebsd-stf-${OSREL}-${PORTVERSION} - -MAINTAINER= kuriyama@FreeBSD.org -COMMENT= 6rd patched stf(4) kernel modules port for 8.4+ - -DEPRECATED= Does not build on FreeBSD 11+ -EXPIRATION_DATE= 2018-10-31 - -ONLY_FOR_ARCHS= amd64 i386 - -WRKSRC= ${WRKDIR} -SVN_REV= 275558 -PATCH_STRIP= -p1 -#PATCH_DEBUG= YES - -USES= kmod - -.include <bsd.port.pre.mk> - -.if ${OSREL} == "8.4" -PATCHDIR= ${MASTERDIR}/files-8 -.elif ${OSREL} == "9.1" -PATCHDIR= ${MASTERDIR}/files-9.1 -.elif ${OSREL} == "9.3" -PATCHDIR= ${MASTERDIR}/files-9 -.elif ${OSREL} == "10.1" -PATCHDIR= ${MASTERDIR}/files-10 -.else -IGNORE= not supported $${OSREL} (${OSREL}) -.endif - -post-extract: - cd ${WRKSRC} && ${MKDIR} tmp && ${MV} net modules tmp/ - ${CP} -Rp ${SRC_BASE}/sys ${WRKSRC}/ - ${MKDIR} ${WRKSRC}/share/man - ${CP} -Rp ${SRC_BASE}/share/man/man4 ${WRKSRC}/share/man/ - ${CP} -Rp ${WRKSRC}/tmp/* ${WRKSRC}/sys/ - -do-build: - cd ${WRKSRC}/sys/modules/if_stf; ${MAKE} DEBUG_FLAGS=-g - -do-install: -.for f in if_stf - ${INSTALL_KLD} ${WRKSRC}/sys/modules/if_stf/${f}.ko ${STAGEDIR}${KMODDIR} - ${INSTALL_KLD} ${WRKSRC}/sys/modules/if_stf/${f}.ko.symbols ${STAGEDIR}${KMODDIR} -.endfor - -# For maintainer only. -SVN_MIRROR?= http://svn.freebsd.org/base -EXPDIR= ${WRKSRC}/src/sys -maintainer-tar-all: -.for r in 8.4 9.1 9.3 10.1 - ${MAKE} OSREL=${r} OSVERSION=${r:C/\.//}0000 UNAMER=${r}-RELEASE maintainer-tar -.endfor - -maintainer-diff: -.for r in 8 9 10 - ${FETCH_CMD} -o ${MASTERDIR}/files-${r}/patch-aa https://github.com/kuriyama/freebsd/compare/freebsd:stable/${r}...6rd-stable-${r}.diff -.endfor - ${FETCH_CMD} -o ${MASTERDIR}/files-9.1/patch-aa https://github.com/kuriyama/freebsd/compare/freebsd:releng/9.1...6rd-releng-9.1.diff - -maintainer-tar: - -${RM} -r ${EXPDIR} - ${MKDIR} ${EXPDIR} - cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/releng/${OSREL}/sys/net net - cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/releng/${OSREL}/sys/modules/if_stf modules/if_stf - ${SH} ${MASTERDIR}/files/fixup_mtime.sh ${EXPDIR} ${SVN_REV} ${SVN_MIRROR} ${OSREL} - cd ${EXPDIR} && ${TAR} cfz ${DISTDIR}/freebsd-stf-${OSREL}-${PORTVERSION}${EXTRACT_SUFX} net modules - -maintainer-check: - @new=`svn log -ql 1 ${SVN_MIRROR}@HEAD releng/${OSREL}/sys/net/if_stf.c | ${GREP} -v ^- | ${SED} -e 's| .*||'`;\ - old="r${SVN_REV}";\ - if [ "$${new}" != "$${old}" ]; then ${ECHO_MSG} "New stf rev: $${new}"; fi - -make-distinfo: - ${RM} distinfo.tmp.* -.for r in 8.4 9.1 9.3 10.1 - ${MAKE} OSREL=${r} OSVERSION=${r:C/\.//}0000 UNAMER=${r}-RELEASE DISTINFO_FILE=${MASTERDIR}/distinfo.tmp.${r} makesum -.endfor - ${CAT} ${MASTERDIR}/distinfo.tmp.* > ${MASTERDIR}/distinfo - ${RM} distinfo.tmp.* - -.include <bsd.port.post.mk> diff --git a/net/stf-6rd-kmod/distinfo b/net/stf-6rd-kmod/distinfo deleted file mode 100644 index 6818fc5fb652..000000000000 --- a/net/stf-6rd-kmod/distinfo +++ /dev/null @@ -1,8 +0,0 @@ -SHA256 (freebsd-stf-10.1-0.275558.tar.gz) = f63f044ff403702601caf77ea6be8471df6cc63a747870eb8c1b618720508b6a -SIZE (freebsd-stf-10.1-0.275558.tar.gz) = 543214 -SHA256 (freebsd-stf-8.4-0.275558.tar.gz) = 0496e8a23e55725f47e72e587b74b4963c11fdc98afe49e94aee861a0fad83bf -SIZE (freebsd-stf-8.4-0.275558.tar.gz) = 500025 -SHA256 (freebsd-stf-9.1-0.275558.tar.gz) = dbcecda506697d7255220838146a8af3d10a3986e67f942ef4efe0cb91d5a72e -SIZE (freebsd-stf-9.1-0.275558.tar.gz) = 509740 -SHA256 (freebsd-stf-9.3-0.275558.tar.gz) = 09c9a4dbafbb13bd1d6bbbe99792a7185725cd028a34228ed4be8bdc656e331b -SIZE (freebsd-stf-9.3-0.275558.tar.gz) = 528285 diff --git a/net/stf-6rd-kmod/files-10/patch-aa b/net/stf-6rd-kmod/files-10/patch-aa deleted file mode 100644 index 2bb7dbd6e2a1..000000000000 --- a/net/stf-6rd-kmod/files-10/patch-aa +++ /dev/null @@ -1,1298 +0,0 @@ -diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4 -index 5e210df..1f3da39 100644 ---- a/share/man/man4/stf.4 -+++ b/share/man/man4/stf.4 -@@ -1,6 +1,7 @@ - .\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $ - .\" - .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. -+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - .\" All rights reserved. - .\" - .\" Redistribution and use in source and binary forms, with or without -@@ -42,21 +43,11 @@ tunnel interface - .Sh DESCRIPTION - The - .Nm --interface supports --.Dq 6to4 --IPv6 in IPv4 encapsulation. --It can tunnel IPv6 traffic over IPv4, as specified in --.Li RFC3056 . --.Pp --For ordinary nodes in 6to4 site, you do not need --.Nm --interface. --The --.Nm --interface is necessary for site border router --(called --.Dq 6to4 router --in the specification). -+interface supports IPv6 in IPv4 encapsulation by -+tunneling IPv6 traffic over IPv4, as specified in -+.Li RFC3056 Pq 6to4 -+and -+.Li RFC5569 Pq 6rd . - .Pp - Each - .Nm -@@ -72,12 +63,28 @@ variable in - .Pp - Due to the way 6to4 protocol is specified, - .Nm --interface requires certain configuration to work properly. -+interface requires certain configuration to work properly. Two -+different protocols defined in RFC3056 and RFC5569 are basically the -+same as each other except for address handling, so -+.Nm -+decides its behavior based on the configured IPv6 addresses as -+explained in the following. -+The -+.Nm -+interface can be configured with multiple IPv6 addresses including -+both 6to4 and 6rd. -+.Sh RFC3056 (a.k.a. 6to4) - Single --(no more than 1) --valid 6to4 address needs to be configured to the interface. --.Dq A valid 6to4 address --is an address which has the following properties. -+.Pq no more than 1 valid 6to4 address needs to be configured to the interface. -+.Dq a valid 6to4 address -+is an address which has the following properties. For ordinary nodes -+in 6to4 site, you do not need -+.Nm -+interface; it is necessary only for site border router -+(called -+.Dq 6to4 router -+in the specification). -+.Pp - If any of the following properties are not satisfied, - .Nm - raises runtime error on packet transmission. -@@ -110,6 +117,78 @@ you may want to configure IPv6 prefix length as - .Nm - interface will check the IPv4 source address on packets, - if the IPv6 prefix length is larger than 16. -+.Sh RFC5569 (a.k.a. 6rd) -+The -+.Nm -+interface works in the 6rd mode when one or more IPv6 addresses that -+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length -+equal to or shorter than 64. In 6rd protocol, an IPv6 address -+.Li 2001:db8:c000:205::1/32 -+means the following, for example: -+.Bl -bullet -+.It -+The 6rd relay prefix is -+.Li 2001:db8::/32 . -+.It -+The 6rd router's IPv4 address is -+.Li 192.0.2.5 . -+.El -+.Pp -+As you can see the IPv4 address is embedded in the IPv6 address just -+after the prefix. While you can choose an IPv6 prefix length other -+than 32, it must be from 0 to 32. -+.Pp -+Assuming this address is configured on the -+.Nm -+interface, it does the following: -+.Bl -bullet -+.It -+An incoming IPv6 packet on -+.Nm -+will be encapsuled in an IPv4 packet with the source address -+.Li 192.0.2.5 -+and then the IPv4 packet is delivered based on the IPv4 routing table. -+The IPv4 destination address is calculated from the destination -+address of the original IPv6 packet in the same way as the source. -+.It -+An incoming IPv4 packet which encapsules an IPv6 packet whose -+destination address matches a 6rd prefix with embedded IPv4 address -+configured on the -+.Nm -+interface, the IPv6 packet will be decapsulated and delivered based on -+the IPv6 routing table. Note that -+.Nm -+interface normally has a route which covers whole range of a 6rd relay -+prefix, the delivered IPv6 packet can return to -+.Nm -+if there is no more specific route. In that case, the returned packet -+will be discarded silently. -+.El -+.\" XXX: example configuration will be added -+.\" .Pp -+.\" By using this interface, you can configure a 6rd domain. For simplicity, -+.\" we assume the following here: -+.\" .Bl -bullet -+.\" .It -+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access -+.\" toward network of his Internet Service Provider. The Customer has -+.\" a router called -+.\" .Dq CE Pq Customer Edge -+.\" Router, which can communicate between his LAN and the ISP over IPv4 -+.\" and encapsulate -+.\" his networks. -+.\" .It -+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd -+.\" protocol. The Provider offers access to a router called -+.\" .Dq PE Pq Provider Edge -+.\" Router, which can communicate with -+.\" .El -+.\" .Pp -+.\" A 6rd customer -+.\" needs to configure -+.\" .Nm -+.\" on his CE (Customer Edge) router. -+.Sh Other Functionality of the Interface - .Pp - .Nm - can be configured to be ECN friendly. -@@ -147,9 +226,6 @@ Packets with IPv4 multicast address as outer IPv4 source/destination - Packets with limited broadcast address as outer IPv4 source/destination - .Pq Li 255.0.0.0/8 - .It --Packets with private address as outer IPv4 source/destination --.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 --.It - Packets with subnet broadcast address as outer IPv4 source/destination. - The check is made against subnet broadcast addresses for - all of the directly connected subnets. -@@ -164,6 +240,11 @@ The same set of rules are applied against the IPv4 address embedded into - inner IPv6 address, if the IPv6 address matches 6to4 prefix. - .El - .Pp -+In addition to them, packets with private address as outer IPv4 -+source/destination -+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 -+are filtered out only in the 6to4 mode. -+.Pp - It is recommended to filter/audit - incoming IPv4 packet with IP protocol number 41, as necessary. - It is also recommended to filter/audit encapsulated IPv6 packets as well. -diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c -index 20251dc..37d96a9 100644 ---- a/sys/net/if_stf.c -+++ b/sys/net/if_stf.c -@@ -3,6 +3,7 @@ - - /*- - * Copyright (C) 2000 WIDE Project. -+ * Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -31,7 +32,7 @@ - */ - - /* -- * 6to4 interface, based on RFC3056. -+ * 6to4 interface, based on RFC3056 + 6rd (RFC5569) support. - * - * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting. - * There is no address mapping defined from IPv6 multicast address to IPv4 -@@ -60,7 +61,7 @@ - * ICMPv6: - * - Redirects cannot be used due to the lack of link-local address. - * -- * stf interface does not have, and will not need, a link-local address. -+ * stf interface does not have, and will not need, a link-local address. - * It seems to have no real benefit and does not help the above symptoms much. - * Even if we assign link-locals to interface, we cannot really - * use link-local unicast/multicast on top of 6to4 cloud (since there's no -@@ -72,6 +73,12 @@ - * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt - * for details. The code tries to filter out some of malicious packets. - * Note that there is no way to be 100% secure. -+ * -+ * 6rd (RFC5569) extension is enabled when an IPv6 GUA other than -+ * 2002::/16 is assigned. The stf(4) recognizes a 32-bit just after -+ * prefixlen as the IPv4 address of the 6rd customer site. The -+ * prefixlen must be shorter than 32. -+ * - */ - - #include "opt_inet.h" -@@ -120,20 +127,45 @@ - - #include <security/mac/mac_framework.h> - -+#define STF_DEBUG 1 -+#define ip_sprintf(buf, a) \ -+ sprintf(buf, "%d.%d.%d.%d", \ -+ (ntohl((a)->s_addr)>>24)&0xFF, \ -+ (ntohl((a)->s_addr)>>16)&0xFF, \ -+ (ntohl((a)->s_addr)>>8)&0xFF, \ -+ (ntohl((a)->s_addr))&0xFF); -+#if STF_DEBUG -+#define DEBUG_PRINTF(a, ...) \ -+ do { \ -+ if (V_stf_debug >= a) \ -+ printf(__VA_ARGS__); \ -+ } while (0) -+#else -+#define DEBUG_PRINTF(a, ...) -+#endif -+ - SYSCTL_DECL(_net_link); - static SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface"); - --static int stf_route_cache = 1; --SYSCTL_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -- &stf_route_cache, 0, "Caching of IPv4 routes for 6to4 Output"); -+static VNET_DEFINE(int, stf_route_cache) = 1; -+#define V_stf_route_cache VNET(stf_route_cache) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -+ &VNET_NAME(stf_route_cache), 0, -+ "Enable caching of IPv4 routes for 6to4 output."); -+ -+#if STF_DEBUG -+static VNET_DEFINE(int, stf_debug) = 0; -+#define V_stf_debug VNET(stf_debug) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, stf_debug, CTLFLAG_RW, -+ &VNET_NAME(stf_debug), 0, -+ "Enable displaying verbose debug message of stf interfaces"); -+#endif - - static int stf_permit_rfc1918 = 0; - TUNABLE_INT("net.link.stf.permit_rfc1918", &stf_permit_rfc1918); - SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RW | CTLFLAG_TUN, - &stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses"); - --#define STFUNIT 0 -- - #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) - - /* -@@ -149,19 +181,28 @@ struct stf_softc { - struct route_in6 __sc_ro6; /* just for safety */ - } __sc_ro46; - #define sc_ro __sc_ro46.__sc_ro4 -- struct mtx sc_ro_mtx; -+ struct mtx sc_mtx; - u_int sc_fibnum; - const struct encaptab *encap_cookie; -+ u_int sc_flags; -+ LIST_ENTRY(stf_softc) stf_list; - }; - #define STF2IFP(sc) ((sc)->sc_ifp) - - static const char stfname[] = "stf"; - --/* -- * Note that mutable fields in the softc are not currently locked. -- * We do lock sc_ro in stf_output though. -- */ -+static struct mtx stf_mtx; - static MALLOC_DEFINE(M_STF, stfname, "6to4 Tunnel Interface"); -+static VNET_DEFINE(LIST_HEAD(, stf_softc), stf_softc_list); -+#define V_stf_softc_list VNET(stf_softc_list) -+ -+#define STF_LOCK_INIT(sc) mtx_init(&(sc)->sc_mtx, "stf softc", \ -+ NULL, MTX_DEF); -+#define STF_LOCK_DESTROY(sc) mtx_destroy(&(sc)->sc_mtx) -+#define STF_LOCK(sc) mtx_lock(&(sc)->sc_mtx) -+#define STF_UNLOCK(sc) mtx_unlock(&(sc)->sc_mtx) -+#define STF_LOCK_ASSERT(sc) mtx_assert(&(sc)->sc_mtx, MA_OWNED) -+ - static const int ip_stf_ttl = 40; - - extern struct domain inetdomain; -@@ -190,7 +231,18 @@ static int stf_checkaddr6(struct stf_softc *, struct in6_addr *, - struct ifnet *); - static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *); - static int stf_ioctl(struct ifnet *, u_long, caddr_t); -- -+static int stf_is_up(struct ifnet *); -+ -+#define STF_GETIN4_USE_CACHE 1 -+static struct sockaddr_in *stf_getin4addr(struct sockaddr_in *, -+ struct ifaddr *, -+ int); -+static struct sockaddr_in *stf_getin4addr_in6(struct sockaddr_in *, -+ struct ifaddr *, -+ const struct in6_addr *); -+static struct sockaddr_in *stf_getin4addr_sin6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct sockaddr_in6 *); - static int stf_clone_match(struct if_clone *, const char *); - static int stf_clone_create(struct if_clone *, char *, size_t, caddr_t); - static int stf_clone_destroy(struct if_clone *, struct ifnet *); -@@ -212,45 +264,38 @@ stf_clone_match(struct if_clone *ifc, const char *name) - static int - stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) - { -- int err, unit; - struct stf_softc *sc; - struct ifnet *ifp; -- -- /* -- * We can only have one unit, but since unit allocation is -- * already locked, we use it to keep from allocating extra -- * interfaces. -- */ -- unit = STFUNIT; -- err = ifc_alloc_unit(ifc, &unit); -- if (err != 0) -- return (err); -+ char *dp; -+ int error, unit, wildcard; - - sc = malloc(sizeof(struct stf_softc), M_STF, M_WAITOK | M_ZERO); -+ sc->sc_fibnum = curthread->td_proc->p_fibnum; - ifp = STF2IFP(sc) = if_alloc(IFT_STF); -- if (ifp == NULL) { -+ if (sc->sc_ifp == NULL) { - free(sc, M_STF); -- ifc_free_unit(ifc, unit); -- return (ENOSPC); -+ return (ENOMEM); - } -+ STF_LOCK_INIT(sc); - ifp->if_softc = sc; -- sc->sc_fibnum = curthread->td_proc->p_fibnum; -- -- /* -- * Set the name manually rather then using if_initname because -- * we don't conform to the default naming convention for interfaces. -- */ -+ error = ifc_name2unit(name, &unit); -+ if (error != 0) -+ return (error); -+ wildcard = (unit < 0); -+ /* In the wildcard case, we need to update the name. */ -+ if (wildcard) { -+ for (dp = name; *dp != '\0'; dp++); -+ if (snprintf(dp, len - (dp-name), "%d", unit) > len - (dp-name) - 1) { -+ panic("%s: interface name too long", __func__); -+ } -+ } -+ ifp->if_dname = name; - strlcpy(ifp->if_xname, name, IFNAMSIZ); -- ifp->if_dname = stfname; -- ifp->if_dunit = IF_DUNIT_NONE; -- -- mtx_init(&(sc)->sc_ro_mtx, "stf ro", NULL, MTX_DEF); - sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6, - stf_encapcheck, &in_stf_protosw, sc); - if (sc->encap_cookie == NULL) { - if_printf(ifp, "attach failed\n"); - free(sc, M_STF); -- ifc_free_unit(ifc, unit); - return (ENOMEM); - } - -@@ -260,6 +305,11 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) - ifp->if_snd.ifq_maxlen = ifqmaxlen; - if_attach(ifp); - bpfattach(ifp, DLT_NULL, sizeof(u_int32_t)); -+ -+ mtx_lock(&stf_mtx); -+ LIST_INSERT_HEAD(&V_stf_softc_list, sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - return (0); - } - -@@ -269,33 +319,44 @@ stf_clone_destroy(struct if_clone *ifc, struct ifnet *ifp) - struct stf_softc *sc = ifp->if_softc; - int err; - -+ mtx_lock(&stf_mtx); -+ LIST_REMOVE(sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - err = encap_detach(sc->encap_cookie); - KASSERT(err == 0, ("Unexpected error detaching encap_cookie")); -- mtx_destroy(&(sc)->sc_ro_mtx); - bpfdetach(ifp); - if_detach(ifp); - if_free(ifp); - -+ STF_LOCK_DESTROY(sc); - free(sc, M_STF); -- ifc_free_unit(ifc, STFUNIT); - - return (0); - } - -+static void -+vnet_stf_init(const void *unused __unused) -+{ -+ -+ LIST_INIT(&V_stf_softc_list); -+} -+VNET_SYSINIT(vnet_stf_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_stf_init, -+ NULL); -+ - static int --stfmodevent(mod, type, data) -- module_t mod; -- int type; -- void *data; -+stfmodevent(module_t mod, int type, void *data) - { - - switch (type) { - case MOD_LOAD: -+ mtx_init(&stf_mtx, "stf_mtx", NULL, MTX_DEF); - stf_cloner = if_clone_advanced(stfname, 0, stf_clone_match, - stf_clone_create, stf_clone_destroy); - break; - case MOD_UNLOAD: - if_clone_detach(stf_cloner); -+ mtx_destroy(&stf_mtx); - break; - default: - return (EOPNOTSUPP); -@@ -311,28 +372,31 @@ static moduledata_t stf_mod = { - }; - - DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); -+MODULE_VERSION(if_stf, 1); - - static int --stf_encapcheck(m, off, proto, arg) -- const struct mbuf *m; -- int off; -- int proto; -- void *arg; -+stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg) - { - struct ip ip; - struct in6_ifaddr *ia6; -+ struct sockaddr_in ia6_in4addr; -+ struct sockaddr_in ia6_in4mask; -+ struct sockaddr_in *sin; - struct stf_softc *sc; -- struct in_addr a, b, mask; -+ struct ifnet *ifp; -+ int ret = 0; - -+ DEBUG_PRINTF(1, "%s: enter\n", __func__); - sc = (struct stf_softc *)arg; - if (sc == NULL) - return 0; -+ ifp = STF2IFP(sc); - -- if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) -+ if ((ifp->if_flags & IFF_UP) == 0) - return 0; - - /* IFF_LINK0 means "no decapsulation" */ -- if ((STF2IFP(sc)->if_flags & IFF_LINK0) != 0) -+ if ((ifp->if_flags & IFF_LINK0) != 0) - return 0; - - if (proto != IPPROTO_IPV6) -@@ -344,83 +408,162 @@ stf_encapcheck(m, off, proto, arg) - if (ip.ip_v != 4) - return 0; - -- ia6 = stf_getsrcifa6(STF2IFP(sc)); -+ /* Lookup an ia6 whose IPv4 addr encoded in the IPv6 addr is valid. */ -+ ia6 = stf_getsrcifa6(ifp); - if (ia6 == NULL) - return 0; -+ sin = stf_getin4addr(&ia6_in4addr, &ia6->ia_ifa, STF_GETIN4_USE_CACHE); -+ if (sin == NULL) -+ return 0; - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_netmask)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_netmask = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", __func__, buf); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6_in4addr.sin_addr = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_dst); -+ DEBUG_PRINTF(1, "%s: ip.ip_dst = %s\n", __func__, buf); -+ } -+#endif - /* - * check if IPv4 dst matches the IPv4 address derived from the - * local 6to4 address. - * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... - */ -- if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, -- sizeof(ip.ip_dst)) != 0) { -- ifa_free(&ia6->ia_ifa); -- return 0; -+ DEBUG_PRINTF(1, "%s: check1: ia6_in4addr.sin_addr == ip.ip_dst?\n", __func__); -+ if (ia6_in4addr.sin_addr.s_addr != ip.ip_dst.s_addr) { -+ DEBUG_PRINTF(1, "%s: check1: false. Ignore this packet.\n", __func__); -+ goto freeit; - } - -- /* -- * check if IPv4 src matches the IPv4 address derived from the -- * local 6to4 address masked by prefixmask. -- * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -- * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -- */ -- bzero(&a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_addr.sin6_addr), &a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_prefixmask.sin6_addr), &mask, sizeof(mask)); -- ifa_free(&ia6->ia_ifa); -- a.s_addr &= mask.s_addr; -- b = ip.ip_src; -- b.s_addr &= mask.s_addr; -- if (a.s_addr != b.s_addr) -- return 0; -+ DEBUG_PRINTF(1, "%s: check2: ia6->ia_addr is 2002::/16?\n", __func__); -+ if (IN6_IS_ADDR_6TO4(&ia6->ia_addr.sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ /* -+ * check if IPv4 src matches the IPv4 address derived -+ * from the local 6to4 address masked by prefixmask. -+ * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -+ * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -+ */ -+ DEBUG_PRINTF(1, "%s: check2: true.\n", __func__); -+ -+ memcpy(&ia6_in4mask.sin_addr, -+ GET_V4(&ia6->ia_prefixmask.sin6_addr), -+ sizeof(ia6_in4mask)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia6_in4mask.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", -+ __func__, buf); -+ -+ DEBUG_PRINTF(1, "%s: check3: ia6_in4addr.sin_addr & mask == ip.ip_src & mask\n", -+ __func__); -+ } -+#endif - -+ if ((ia6_in4addr.sin_addr.s_addr & ia6_in4mask.sin_addr.s_addr) != -+ (ip.ip_src.s_addr & ia6_in4mask.sin_addr.s_addr)) { -+ DEBUG_PRINTF(1, "%s: check3: false. Ignore this packet.\n", -+ __func__); -+ goto freeit; -+ } -+ } else { -+ /* 6rd (RFC 5569) */ -+ DEBUG_PRINTF(1, "%s: check2: false. 6rd.\n", __func__); -+ /* -+ * No restriction on the src address in the case of -+ * 6rd because the stf(4) interface always has a -+ * prefix which covers whole of IPv4 src address -+ * range. So, stf_output() will catch all of -+ * 6rd-capsuled IPv4 traffic with suspicious inner dst -+ * IPv4 address (i.e. the IPv6 destination address is -+ * one the admin does not like to route to outside), -+ * and then it discard them silently. -+ */ -+ } -+ DEBUG_PRINTF(1, "%s: all clear!\n", __func__); - /* stf interface makes single side match only */ -- return 32; -+ ret = 32; -+freeit: -+ ifa_free(&ia6->ia_ifa); -+ -+ return (ret); - } - - static struct in6_ifaddr * --stf_getsrcifa6(ifp) -- struct ifnet *ifp; -+stf_getsrcifa6(struct ifnet *ifp) - { -- struct ifaddr *ia; -+ struct ifaddr *ifa; - struct in_ifaddr *ia4; -- struct sockaddr_in6 *sin6; -- struct in_addr in; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - - if_addr_rlock(ifp); -- TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { -- if (ia->ifa_addr->sa_family != AF_INET6) -+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { -+ if (ifa->ifa_addr->sa_family != AF_INET6) - continue; -- sin6 = (struct sockaddr_in6 *)ia->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) -+ if ((sin = stf_getin4addr(&in4, ifa, -+ STF_GETIN4_USE_CACHE)) == NULL) - continue; -- -- bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); -- LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) -- if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) -+ LIST_FOREACH(ia4, INADDR_HASH(sin->sin_addr.s_addr), ia_hash) -+ if (ia4->ia_addr.sin_addr.s_addr == sin->sin_addr.s_addr) - break; - if (ia4 == NULL) - continue; - -- ifa_ref(ia); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ifa->ifa_addr->sin6_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia4->ia_addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia4->ia_addr.sin_addr = %s\n", -+ __func__, buf); -+ } -+#endif -+ ifa_ref(ifa); - if_addr_runlock(ifp); -- return (struct in6_ifaddr *)ia; -+ return (ifatoia6(ifa)); - } - if_addr_runlock(ifp); - -+ - return NULL; - } - - static int --stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, -- struct route *ro) -+stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, struct route *ro) - { - struct stf_softc *sc; - const struct sockaddr_in6 *dst6; - struct route *cached_route; -- struct in_addr in4; -- const void *ptr; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - struct sockaddr_in *dst4; - u_int8_t tos; - struct ip *ip; -@@ -472,20 +615,28 @@ stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - /* - * Pickup the right outer dst addr from the list of candidates. - * ip6_dst has priority as it may be able to give us shorter IPv4 hops. -+ * ip6_dst: destination addr in the packet header. -+ * dst6: destination addr specified in function argument. - */ -- ptr = NULL; -- if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) -- ptr = GET_V4(&ip6->ip6_dst); -- else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) -- ptr = GET_V4(&dst6->sin6_addr); -- else { -+ DEBUG_PRINTF(1, "%s: dst addr selection\n", __func__); -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &ip6->ip6_dst); -+ if (sin == NULL) -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &dst6->sin6_addr); -+ if (sin == NULL) { - ifa_free(&ia6->ia_ifa); - m_freem(m); - ifp->if_oerrors++; - return ENETUNREACH; - } -- bcopy(ptr, &in4, sizeof(in4)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: ip_dst = %s\n", __func__, buf); -+ } -+#endif - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -509,11 +660,26 @@ stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - ip = mtod(m, struct ip *); - - bzero(ip, sizeof(*ip)); -+ bcopy(&in4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); - -- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), -- &ip->ip_src, sizeof(ip->ip_src)); -+ sin = stf_getin4addr_sin6(&in4, &ia6->ia_ifa, &ia6->ia_addr); -+ if (sin == NULL) { -+ ifa_free(&ia6->ia_ifa); -+ m_freem(m); -+ ifp->if_oerrors++; -+ return ENETUNREACH; -+ } -+ bcopy(&in4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip_src = %s\n", __func__, buf); -+ } -+#endif - ifa_free(&ia6->ia_ifa); -- bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); - ip->ip_p = IPPROTO_IPV6; - ip->ip_ttl = ip_stf_ttl; - ip->ip_len = htons(m->m_pkthdr.len); -@@ -522,7 +688,7 @@ stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - else - ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); - -- if (!stf_route_cache) { -+ if (!V_stf_route_cache) { - cached_route = NULL; - goto sendit; - } -@@ -530,7 +696,7 @@ stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - /* - * Do we have a cached route? - */ -- mtx_lock(&(sc)->sc_ro_mtx); -+ STF_LOCK(sc); - dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst; - if (dst4->sin_family != AF_INET || - bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) { -@@ -548,8 +714,15 @@ stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - rtalloc_fib(&sc->sc_ro, sc->sc_fibnum); - if (sc->sc_ro.ro_rt == NULL) { - m_freem(m); -- mtx_unlock(&(sc)->sc_ro_mtx); - ifp->if_oerrors++; -+ STF_UNLOCK(sc); -+ return ENETUNREACH; -+ } -+ if (sc->sc_ro.ro_rt->rt_ifp == ifp) { -+ /* infinite loop detection */ -+ m_free(m); -+ ifp->if_oerrors++; -+ STF_UNLOCK(sc); - return ENETUNREACH; - } - } -@@ -558,35 +731,32 @@ stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - sendit: - M_SETFIB(m, sc->sc_fibnum); - ifp->if_opackets++; -+ DEBUG_PRINTF(1, "%s: ip_output dispatch.\n", __func__); - error = ip_output(m, NULL, cached_route, 0, NULL, NULL); - - if (cached_route != NULL) -- mtx_unlock(&(sc)->sc_ro_mtx); -+ STF_UNLOCK(sc); - return error; - } - - static int --isrfc1918addr(in) -- struct in_addr *in; -+isrfc1918addr(struct in_addr *in) - { - /* - * returns 1 if private address range: - * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - */ - if (stf_permit_rfc1918 == 0 && ( -- (ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || -- (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || -- (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)) -+ (ntohl(in->s_addr) & 0xff000000) == 10 << 24 || -+ (ntohl(in->s_addr) & 0xfff00000) == (172 * 256 + 16) << 16 || -+ (ntohl(in->s_addr) & 0xffff0000) == (192 * 256 + 168) << 16 )) - return 1; - - return 0; - } - - static int --stf_checkaddr4(sc, in, inifp) -- struct stf_softc *sc; -- struct in_addr *in; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr4(struct stf_softc *sc, struct in_addr *in, struct ifnet *inifp) - { - struct in_ifaddr *ia4; - -@@ -602,13 +772,6 @@ stf_checkaddr4(sc, in, inifp) - } - - /* -- * reject packets with private address range. -- * (requirement from RFC3056 section 2 1st paragraph) -- */ -- if (isrfc1918addr(in)) -- return -1; -- -- /* - * reject packets with broadcast - */ - IN_IFADDR_RLOCK(); -@@ -631,7 +794,7 @@ stf_checkaddr4(sc, in, inifp) - - bzero(&sin, sizeof(sin)); - sin.sin_family = AF_INET; -- sin.sin_len = sizeof(struct sockaddr_in); -+ sin.sin_len = sizeof(sin); - sin.sin_addr = *in; - rt = rtalloc1_fib((struct sockaddr *)&sin, 0, - 0UL, sc->sc_fibnum); -@@ -652,10 +815,7 @@ stf_checkaddr4(sc, in, inifp) - } - - static int --stf_checkaddr6(sc, in6, inifp) -- struct stf_softc *sc; -- struct in6_addr *in6; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr6(struct stf_softc *sc, struct in6_addr *in6, struct ifnet *inifp) - { - /* - * check 6to4 addresses -@@ -679,9 +839,7 @@ stf_checkaddr6(sc, in6, inifp) - } - - void --in_stf_input(m, off) -- struct mbuf *m; -- int off; -+in_stf_input(struct mbuf *m, int off) - { - int proto; - struct stf_softc *sc; -@@ -689,6 +847,7 @@ in_stf_input(m, off) - struct ip6_hdr *ip6; - u_int8_t otos, itos; - struct ifnet *ifp; -+ struct route_in6 rin6; - - proto = mtod(m, struct ip *)->ip_p; - -@@ -712,6 +871,17 @@ in_stf_input(m, off) - mac_ifnet_create_mbuf(ifp, m); - #endif - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ip->ip_dst); -+ DEBUG_PRINTF(1, "%s: ip->ip_dst = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip->ip_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against outer src/dst. - * for source, perform ingress filter as well. -@@ -732,6 +902,17 @@ in_stf_input(m, off) - } - ip6 = mtod(m, struct ip6_hdr *); - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &ip6->ip6_dst); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_dst = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ip6->ip6_src); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against inner src/dst. - * for source, perform ingress filter as well. -@@ -742,6 +923,41 @@ in_stf_input(m, off) - return; - } - -+ /* -+ * reject packets with private address range. -+ * (requirement from RFC3056 section 2 1st paragraph) -+ */ -+ if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip->ip_src)) || -+ (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip->ip_dst))) { -+ m_freem(m); -+ return; -+ } -+ -+ /* -+ * Ignore if the destination is the same stf interface because -+ * all of valid IPv6 outgoing traffic should go interfaces -+ * except for it. -+ */ -+ memset(&rin6, 0, sizeof(rin6)); -+ rin6.ro_dst.sin6_len = sizeof(rin6.ro_dst); -+ rin6.ro_dst.sin6_family = AF_INET6; -+ memcpy(&rin6.ro_dst.sin6_addr, &ip6->ip6_dst, -+ sizeof(rin6.ro_dst.sin6_addr)); -+ rtalloc((struct route *)&rin6); -+ if (rin6.ro_rt == NULL) { -+ DEBUG_PRINTF(1, "%s: no IPv6 dst. Ignored.\n", __func__); -+ m_free(m); -+ return; -+ } -+ if ((rin6.ro_rt->rt_ifp == ifp) && -+ (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &rin6.ro_dst.sin6_addr))) { -+ DEBUG_PRINTF(1, "%s: IPv6 dst is the same stf. Ignored.\n", __func__); -+ RTFREE(rin6.ro_rt); -+ m_free(m); -+ return; -+ } -+ RTFREE(rin6.ro_rt); -+ - itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - if ((ifp->if_flags & IFF_LINK1) != 0) - ip_ecn_egress(ECN_ALLOWED, &otos, &itos); -@@ -751,7 +967,7 @@ in_stf_input(m, off) - ip6->ip6_flow |= htonl((u_int32_t)itos << 20); - - m->m_pkthdr.rcvif = ifp; -- -+ - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -764,6 +980,7 @@ in_stf_input(m, off) - bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); - } - -+ DEBUG_PRINTF(1, "%s: netisr_dispatch(NETISR_IPV6)\n", __func__); - /* - * Put the packet to the network layer input queue according to the - * specified address family. -@@ -778,27 +995,277 @@ in_stf_input(m, off) - - /* ARGSUSED */ - static void --stf_rtrequest(cmd, rt, info) -- int cmd; -- struct rtentry *rt; -- struct rt_addrinfo *info; -+stf_rtrequest(int cmd, struct rtentry *rt, struct rt_addrinfo *info) - { -+ - RT_LOCK_ASSERT(rt); - rt->rt_mtu = rt->rt_ifp->if_mtu; - } - -+/* Check whether we have at least one instance with IFF_UP. */ - static int --stf_ioctl(ifp, cmd, data) -- struct ifnet *ifp; -- u_long cmd; -- caddr_t data; -+stf_is_up(struct ifnet *ifp) -+{ -+ struct stf_softc *scp; -+ struct stf_softc *sc_cur; -+ struct stf_softc *sc_is_up; -+ -+ sc_is_up = NULL; -+ if ((sc_cur = ifp->if_softc) == NULL) -+ return (EINVAL); -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(scp, &V_stf_softc_list, stf_list) { -+ if (scp == sc_cur) -+ continue; -+ if ((STF2IFP(scp)->if_flags & IFF_UP) != 0) { -+ sc_is_up = scp; -+ break; -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ -+ /* We already has at least one instance with IFF_UP. */ -+ if (stf_is_up != NULL) -+ return (ENOSPC); -+ -+ return (0); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_in6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ const struct in6_addr *in6) -+{ -+ struct sockaddr_in6 sin6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || in6 == NULL) -+ return NULL; -+ -+ memset(&sin6, 0, sizeof(sin6)); -+ memcpy(&sin6.sin6_addr, in6, sizeof(sin6.sin6_addr)); -+ sin6.sin6_len = sizeof(sin6); -+ sin6.sin6_family = AF_INET6; -+ -+ return(stf_getin4addr_sin6(sin, ifa, &sin6)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_sin6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct sockaddr_in6 *sin6) -+{ -+ struct in6_ifaddr ia6; -+ int i; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || sin6 == NULL) -+ return NULL; -+ -+ memset(&ia6, 0, sizeof(ia6)); -+ memcpy(&ia6, ifatoia6(ifa), sizeof(ia6)); -+ -+ /* -+ * Use prefixmask information from ifa, and -+ * address information from sin6. -+ */ -+ ia6.ia_addr.sin6_family = AF_INET6; -+ ia6.ia_ifa.ifa_addr = (struct sockaddr *)&ia6.ia_addr; -+ ia6.ia_ifa.ifa_dstaddr = NULL; -+ ia6.ia_ifa.ifa_netmask = (struct sockaddr *)&ia6.ia_prefixmask; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_addr.sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_prefixmask.sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ /* -+ * When (src addr & src mask) != (dst (sin6) addr & src mask), -+ * the dst is not in the 6rd domain. The IPv4 address must -+ * not be used. -+ */ -+ for (i = 0; i < sizeof(ia6.ia_addr.sin6_addr); i++) { -+ if ((((u_char *)&ia6.ia_addr.sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i]) -+ != -+ (((u_char *)&sin6->sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i])) -+ return NULL; -+ } -+ -+ /* After the mask check, overwrite ia6.ia_addr with sin6. */ -+ memcpy(&ia6.ia_addr, sin6, sizeof(ia6.ia_addr)); -+ return(stf_getin4addr(sin, (struct ifaddr *)&ia6, 0)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ int flags) -+{ -+ struct in_addr *in; -+ struct sockaddr_in6 *sin6; -+ struct in6_ifaddr *ia6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || -+ ifa->ifa_addr == NULL || -+ ifa->ifa_addr->sa_family != AF_INET6) -+ return NULL; -+ -+ sin6 = satosin6(ifa->ifa_addr); -+ ia6 = ifatoia6(ifa); -+ -+ if ((flags & STF_GETIN4_USE_CACHE) && -+ (ifa->ifa_dstaddr != NULL) && -+ (ifa->ifa_dstaddr->sa_family == AF_INET)) { -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ memcpy(sin, satosin(ifa->ifa_dstaddr), sizeof(*sin)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: cached address was used = %s\n", __func__, buf); -+ } -+#endif -+ return (sin); -+ } -+ memset(sin, 0, sizeof(*sin)); -+ in = &sin->sin_addr; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ bcopy(GET_V4(&sin6->sin6_addr), in, sizeof(*in)); -+ if (isrfc1918addr(in)) -+ return NULL; -+ } else { -+ /* 6rd (RFC 5569) */ -+ struct in6_addr buf; -+ u_char *p = (u_char *)&buf; -+ u_char *q = (u_char *)in; -+ u_int residue = 0; -+ u_char mask; -+ int i; -+ u_int plen; -+ -+ /* -+ * 6rd-relays IPv6 prefix is located at a 32-bit just -+ * after the prefix edge. -+ */ -+ plen = in6_mask2len(&satosin6(ifa->ifa_netmask)->sin6_addr, NULL); -+ if (32 < plen) -+ return NULL; -+ -+ memcpy(&buf, &sin6->sin6_addr, sizeof(buf)); -+ p += plen / 8; -+ residue = plen % 8; -+ mask = ~((u_char)(-1) >> residue); -+ -+ /* -+ * The p points head of the IPv4 address part in -+ * bytes. The residue is a bit-shift factor when -+ * prefixlen is not a multiple of 8. -+ */ -+ for (i = 0; i < 4; i++) { -+ DEBUG_PRINTF(2, "p[%d] = %d\n", i, p[i]); -+ DEBUG_PRINTF(2, "residue = %d\n", residue); -+ if (residue) { -+ p[i] <<= residue; -+ DEBUG_PRINTF(2, "p[%d] << residue = %d\n", -+ i, p[i]); -+ DEBUG_PRINTF(2, "mask = %x\n", -+ mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask = %d\n", -+ i, p[i + 1] & mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask >> (8 - residue) = %d\n", -+ i, (p[i + 1] & mask) >> (8-residue)); -+ p[i] |= ((p[i+1] & mask) >> (8 - residue)); -+ } -+ q[i] = p[i]; -+ } -+ } -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, in); -+ DEBUG_PRINTF(1, "%s: in->in_addr = %s\n", __func__, buf); -+ DEBUG_PRINTF(1, "%s: leave\n", __func__); -+ } -+#endif -+ if (flags & STF_GETIN4_USE_CACHE) { -+ DEBUG_PRINTF(1, "%s: try to access ifa->ifa_dstaddr.\n", __func__); -+ ifa->ifa_dstaddr = (struct sockaddr *)&ia6->ia_dstaddr; -+ DEBUG_PRINTF(1, "%s: try to memset 0 to ia_dstaddr.\n", __func__); -+ memset(&ia6->ia_dstaddr, 0, sizeof(ia6->ia_dstaddr)); -+ DEBUG_PRINTF(1, "%s: try to memcpy ifa->ifa_dstaddr.\n", __func__); -+ memcpy((struct sockaddr_in *)ifa->ifa_dstaddr, -+ sin, sizeof(struct sockaddr_in)); -+ DEBUG_PRINTF(1, "%s: try to set sa_family.\n", __func__); -+ ifa->ifa_dstaddr->sa_family = AF_INET; -+ DEBUG_PRINTF(1, "%s: in->in_addr is stored in ifa_dstaddr.\n", -+ __func__); -+ } -+ return (sin); -+} -+ -+static int -+stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) - { - struct ifaddr *ifa; - struct ifreq *ifr; -- struct sockaddr_in6 *sin6; -- struct in_addr addr; -+ struct sockaddr_in in4; - int error, mtu; - -+ /* -+ * Sanity check: if more than two interfaces have IFF_UP, do -+ * if_down() for all of them except for the specified one. -+ */ -+ if (ifp->if_flags & IFF_UP) { -+ struct stf_softc *sc_cur = ifp->if_softc; -+ struct stf_softc *sc; -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(sc, &V_stf_softc_list, stf_list) { -+ if (sc == sc_cur) -+ continue; -+ if ((STF2IFP(sc)->if_flags & IFF_UP) != 0) { -+ if_printf(STF2IFP(sc), -+ "marked as DOWN because at least " -+ "one instance of stf(4) is already " -+ "working.\n"); -+ if_down(STF2IFP(sc)); -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ } -+ - error = 0; - switch (cmd) { - case SIOCSIFADDR: -@@ -807,17 +1274,16 @@ stf_ioctl(ifp, cmd, data) - error = EAFNOSUPPORT; - break; - } -- sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ if (stf_getin4addr(&in4, ifa, 0) == NULL) { - error = EINVAL; - break; - } -- bcopy(GET_V4(&sin6->sin6_addr), &addr, sizeof(addr)); -- if (isrfc1918addr(&addr)) { -- error = EINVAL; -- break; -- } -- -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ if (ifa->ifa_dstaddr != NULL) -+ ifa->ifa_dstaddr->sa_family = AF_UNSPEC; - ifa->ifa_rtrequest = stf_rtrequest; - ifp->if_flags |= IFF_UP; - break; diff --git a/net/stf-6rd-kmod/files-8/patch-aa b/net/stf-6rd-kmod/files-8/patch-aa deleted file mode 100644 index c2e67aa5d03a..000000000000 --- a/net/stf-6rd-kmod/files-8/patch-aa +++ /dev/null @@ -1,1321 +0,0 @@ -diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4 -index 1178e03..9008738 100644 ---- a/share/man/man4/stf.4 -+++ b/share/man/man4/stf.4 -@@ -1,6 +1,7 @@ - .\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $ - .\" - .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. -+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - .\" All rights reserved. - .\" - .\" Redistribution and use in source and binary forms, with or without -@@ -42,21 +43,11 @@ tunnel interface - .Sh DESCRIPTION - The - .Nm --interface supports --.Dq 6to4 --IPv6 in IPv4 encapsulation. --It can tunnel IPv6 traffic over IPv4, as specified in --.Li RFC3056 . --.Pp --For ordinary nodes in 6to4 site, you do not need --.Nm --interface. --The --.Nm --interface is necessary for site border router --(called --.Dq 6to4 router --in the specification). -+interface supports IPv6 in IPv4 encapsulation by -+tunneling IPv6 traffic over IPv4, as specified in -+.Li RFC3056 Pq 6to4 -+and -+.Li RFC5569 Pq 6rd . - .Pp - Each - .Nm -@@ -72,12 +63,28 @@ variable in - .Pp - Due to the way 6to4 protocol is specified, - .Nm --interface requires certain configuration to work properly. -+interface requires certain configuration to work properly. Two -+different protocols defined in RFC3056 and RFC5569 are basically the -+same as each other except for address handling, so -+.Nm -+decides its behavior based on the configured IPv6 addresses as -+explained in the following. -+The -+.Nm -+interface can be configured with multiple IPv6 addresses including -+both 6to4 and 6rd. -+.Sh RFC3056 (a.k.a. 6to4) - Single --(no more than 1) --valid 6to4 address needs to be configured to the interface. --.Dq A valid 6to4 address --is an address which has the following properties. -+.Pq no more than 1 valid 6to4 address needs to be configured to the interface. -+.Dq a valid 6to4 address -+is an address which has the following properties. For ordinary nodes -+in 6to4 site, you do not need -+.Nm -+interface; it is necessary only for site border router -+(called -+.Dq 6to4 router -+in the specification). -+.Pp - If any of the following properties are not satisfied, - .Nm - raises runtime error on packet transmission. -@@ -110,6 +117,78 @@ you may want to configure IPv6 prefix length as - .Nm - interface will check the IPv4 source address on packets, - if the IPv6 prefix length is larger than 16. -+.Sh RFC5569 (a.k.a. 6rd) -+The -+.Nm -+interface works in the 6rd mode when one or more IPv6 addresses that -+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length -+equal to or shorter than 64. In 6rd protocol, an IPv6 address -+.Li 2001:db8:c000:205::1/32 -+means the following, for example: -+.Bl -bullet -+.It -+The 6rd relay prefix is -+.Li 2001:db8::/32 . -+.It -+The 6rd router's IPv4 address is -+.Li 192.0.2.5 . -+.El -+.Pp -+As you can see the IPv4 address is embedded in the IPv6 address just -+after the prefix. While you can choose an IPv6 prefix length other -+than 32, it must be from 0 to 32. -+.Pp -+Assuming this address is configured on the -+.Nm -+interface, it does the following: -+.Bl -bullet -+.It -+An incoming IPv6 packet on -+.Nm -+will be encapsuled in an IPv4 packet with the source address -+.Li 192.0.2.5 -+and then the IPv4 packet is delivered based on the IPv4 routing table. -+The IPv4 destination address is calculated from the destination -+address of the original IPv6 packet in the same way as the source. -+.It -+An incoming IPv4 packet which encapsules an IPv6 packet whose -+destination address matches a 6rd prefix with embedded IPv4 address -+configured on the -+.Nm -+interface, the IPv6 packet will be decapsulated and delivered based on -+the IPv6 routing table. Note that -+.Nm -+interface normally has a route which covers whole range of a 6rd relay -+prefix, the delivered IPv6 packet can return to -+.Nm -+if there is no more specific route. In that case, the returned packet -+will be discarded silently. -+.El -+.\" XXX: example configuration will be added -+.\" .Pp -+.\" By using this interface, you can configure a 6rd domain. For simplicity, -+.\" we assume the following here: -+.\" .Bl -bullet -+.\" .It -+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access -+.\" toward network of his Internet Service Provider. The Customer has -+.\" a router called -+.\" .Dq CE Pq Customer Edge -+.\" Router, which can communicate between his LAN and the ISP over IPv4 -+.\" and encapsulate -+.\" his networks. -+.\" .It -+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd -+.\" protocol. The Provider offers access to a router called -+.\" .Dq PE Pq Provider Edge -+.\" Router, which can communicate with -+.\" .El -+.\" .Pp -+.\" A 6rd customer -+.\" needs to configure -+.\" .Nm -+.\" on his CE (Customer Edge) router. -+.Sh Other Functionality of the Interface - .Pp - .Nm - can be configured to be ECN friendly. -@@ -147,9 +226,6 @@ Packets with IPv4 multicast address as outer IPv4 source/destination - Packets with limited broadcast address as outer IPv4 source/destination - .Pq Li 255.0.0.0/8 - .It --Packets with private address as outer IPv4 source/destination --.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 --.It - Packets with subnet broadcast address as outer IPv4 source/destination. - The check is made against subnet broadcast addresses for - all of the directly connected subnets. -@@ -164,6 +240,11 @@ The same set of rules are applied against the IPv4 address embedded into - inner IPv6 address, if the IPv6 address matches 6to4 prefix. - .El - .Pp -+In addition to them, packets with private address as outer IPv4 -+source/destination -+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 -+are filtered out only in the 6to4 mode. -+.Pp - It is recommended to filter/audit - incoming IPv4 packet with IP protocol number 41, as necessary. - It is also recommended to filter/audit encapsulated IPv6 packets as well. -diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c -index e32956e..da4d2aa 100644 ---- a/sys/net/if_stf.c -+++ b/sys/net/if_stf.c -@@ -3,6 +3,7 @@ - - /*- - * Copyright (C) 2000 WIDE Project. -+ * Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -31,7 +32,7 @@ - */ - - /* -- * 6to4 interface, based on RFC3056. -+ * 6to4 interface, based on RFC3056 + 6rd (RFC5569) support. - * - * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting. - * There is no address mapping defined from IPv6 multicast address to IPv4 -@@ -60,7 +61,7 @@ - * ICMPv6: - * - Redirects cannot be used due to the lack of link-local address. - * -- * stf interface does not have, and will not need, a link-local address. -+ * stf interface does not have, and will not need, a link-local address. - * It seems to have no real benefit and does not help the above symptoms much. - * Even if we assign link-locals to interface, we cannot really - * use link-local unicast/multicast on top of 6to4 cloud (since there's no -@@ -72,6 +73,12 @@ - * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt - * for details. The code tries to filter out some of malicious packets. - * Note that there is no way to be 100% secure. -+ * -+ * 6rd (RFC5569) extension is enabled when an IPv6 GUA other than -+ * 2002::/16 is assigned. The stf(4) recognizes a 32-bit just after -+ * prefixlen as the IPv4 address of the 6rd customer site. The -+ * prefixlen must be shorter than 32. -+ * - */ - - #include "opt_inet.h" -@@ -120,15 +127,41 @@ - - #include <security/mac/mac_framework.h> - -+#define STF_DEBUG 1 -+#define ip_sprintf(buf, a) \ -+ sprintf(buf, "%d.%d.%d.%d", \ -+ (ntohl((a)->s_addr)>>24)&0xFF, \ -+ (ntohl((a)->s_addr)>>16)&0xFF, \ -+ (ntohl((a)->s_addr)>>8)&0xFF, \ -+ (ntohl((a)->s_addr))&0xFF); -+#if STF_DEBUG -+#define DEBUG_PRINTF(a, ...) \ -+ do { \ -+ if (V_stf_debug >= a) \ -+ printf(__VA_ARGS__); \ -+ } while (0) -+#else -+#define DEBUG_PRINTF(a, ...) -+#endif -+ - SYSCTL_DECL(_net_link); - SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface"); - --static int stf_route_cache = 1; --SYSCTL_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -- &stf_route_cache, 0, "Caching of IPv4 routes for 6to4 Output"); -+static VNET_DEFINE(int, stf_route_cache) = 1; -+#define V_stf_route_cache VNET(stf_route_cache) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -+ &VNET_NAME(stf_route_cache), 0, -+ "Enable caching of IPv4 routes for 6to4 output."); -+ -+#if STF_DEBUG -+static VNET_DEFINE(int, stf_debug) = 0; -+#define V_stf_debug VNET(stf_debug) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, stf_debug, CTLFLAG_RW, -+ &VNET_NAME(stf_debug), 0, -+ "Enable displaying verbose debug message of stf interfaces"); -+#endif - - #define STFNAME "stf" --#define STFUNIT 0 - - #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) - -@@ -145,17 +178,26 @@ struct stf_softc { - struct route_in6 __sc_ro6; /* just for safety */ - } __sc_ro46; - #define sc_ro __sc_ro46.__sc_ro4 -- struct mtx sc_ro_mtx; -+ struct mtx sc_mtx; - u_int sc_fibnum; - const struct encaptab *encap_cookie; -+ u_int sc_flags; -+ LIST_ENTRY(stf_softc) stf_list; - }; - #define STF2IFP(sc) ((sc)->sc_ifp) - --/* -- * Note that mutable fields in the softc are not currently locked. -- * We do lock sc_ro in stf_output though. -- */ -+static struct mtx stf_mtx; - static MALLOC_DEFINE(M_STF, STFNAME, "6to4 Tunnel Interface"); -+static VNET_DEFINE(LIST_HEAD(, stf_softc), stf_softc_list); -+#define V_stf_softc_list VNET(stf_softc_list) -+ -+#define STF_LOCK_INIT(sc) mtx_init(&(sc)->sc_mtx, "stf softc", \ -+ NULL, MTX_DEF); -+#define STF_LOCK_DESTROY(sc) mtx_destroy(&(sc)->sc_mtx) -+#define STF_LOCK(sc) mtx_lock(&(sc)->sc_mtx) -+#define STF_UNLOCK(sc) mtx_unlock(&(sc)->sc_mtx) -+#define STF_LOCK_ASSERT(sc) mtx_assert(&(sc)->sc_mtx, MA_OWNED) -+ - static const int ip_stf_ttl = 40; - - extern struct domain inetdomain; -@@ -170,8 +212,6 @@ struct protosw in_stf_protosw = { - .pr_usrreqs = &rip_usrreqs - }; - --static char *stfnames[] = {"stf0", "stf", "6to4", NULL}; -- - static int stfmodevent(module_t, int, void *); - static int stf_encapcheck(const struct mbuf *, int, int, void *); - static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *); -@@ -184,68 +224,45 @@ static int stf_checkaddr6(struct stf_softc *, struct in6_addr *, - struct ifnet *); - static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *); - static int stf_ioctl(struct ifnet *, u_long, caddr_t); -- --static int stf_clone_match(struct if_clone *, const char *); --static int stf_clone_create(struct if_clone *, char *, size_t, caddr_t); --static int stf_clone_destroy(struct if_clone *, struct ifnet *); --struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0, -- NULL, stf_clone_match, stf_clone_create, stf_clone_destroy); -+static int stf_is_up(struct ifnet *); -+ -+#define STF_GETIN4_USE_CACHE 1 -+static struct sockaddr_in *stf_getin4addr(struct sockaddr_in *, -+ struct ifaddr *, -+ int); -+static struct sockaddr_in *stf_getin4addr_in6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct in6_addr *); -+static struct sockaddr_in *stf_getin4addr_sin6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct sockaddr_in6 *); -+static int stf_clone_create(struct if_clone *, int, caddr_t); -+static void stf_clone_destroy(struct ifnet *); -+ -+IFC_SIMPLE_DECLARE(stf, 0); - - static int --stf_clone_match(struct if_clone *ifc, const char *name) -+stf_clone_create(struct if_clone *ifc, int unit, caddr_t params) - { -- int i; -- -- for(i = 0; stfnames[i] != NULL; i++) { -- if (strcmp(stfnames[i], name) == 0) -- return (1); -- } -- -- return (0); --} -- --static int --stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) --{ -- int err, unit; - struct stf_softc *sc; - struct ifnet *ifp; - -- /* -- * We can only have one unit, but since unit allocation is -- * already locked, we use it to keep from allocating extra -- * interfaces. -- */ -- unit = STFUNIT; -- err = ifc_alloc_unit(ifc, &unit); -- if (err != 0) -- return (err); -- - sc = malloc(sizeof(struct stf_softc), M_STF, M_WAITOK | M_ZERO); -+ sc->sc_fibnum = curthread->td_proc->p_fibnum; - ifp = STF2IFP(sc) = if_alloc(IFT_STF); -- if (ifp == NULL) { -+ if (sc->sc_ifp == NULL) { - free(sc, M_STF); -- ifc_free_unit(ifc, unit); -- return (ENOSPC); -+ return (ENOMEM); - } -+ STF_LOCK_INIT(sc); - ifp->if_softc = sc; -- sc->sc_fibnum = curthread->td_proc->p_fibnum; -+ if_initname(ifp, ifc->ifc_name, unit); - -- /* -- * Set the name manually rather then using if_initname because -- * we don't conform to the default naming convention for interfaces. -- */ -- strlcpy(ifp->if_xname, name, IFNAMSIZ); -- ifp->if_dname = ifc->ifc_name; -- ifp->if_dunit = IF_DUNIT_NONE; -- -- mtx_init(&(sc)->sc_ro_mtx, "stf ro", NULL, MTX_DEF); - sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6, - stf_encapcheck, &in_stf_protosw, sc); - if (sc->encap_cookie == NULL) { - if_printf(ifp, "attach failed\n"); - free(sc, M_STF); -- ifc_free_unit(ifc, unit); - return (ENOMEM); - } - -@@ -255,41 +272,57 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) - ifp->if_snd.ifq_maxlen = ifqmaxlen; - if_attach(ifp); - bpfattach(ifp, DLT_NULL, sizeof(u_int32_t)); -+ -+ mtx_lock(&stf_mtx); -+ LIST_INSERT_HEAD(&V_stf_softc_list, sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - return (0); - } - --static int --stf_clone_destroy(struct if_clone *ifc, struct ifnet *ifp) -+static void -+stf_clone_destroy(struct ifnet *ifp) - { - struct stf_softc *sc = ifp->if_softc; - int err; - -+ mtx_lock(&stf_mtx); -+ LIST_REMOVE(sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - err = encap_detach(sc->encap_cookie); - KASSERT(err == 0, ("Unexpected error detaching encap_cookie")); -- mtx_destroy(&(sc)->sc_ro_mtx); - bpfdetach(ifp); - if_detach(ifp); - if_free(ifp); - -+ STF_LOCK_DESTROY(sc); - free(sc, M_STF); -- ifc_free_unit(ifc, STFUNIT); - -- return (0); -+ return; -+} -+ -+static void -+vnet_stf_init(const void *unused __unused) -+{ -+ -+ LIST_INIT(&V_stf_softc_list); - } -+VNET_SYSINIT(vnet_stf_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_stf_init, -+ NULL); - - static int --stfmodevent(mod, type, data) -- module_t mod; -- int type; -- void *data; -+stfmodevent(module_t mod, int type, void *data) - { - - switch (type) { - case MOD_LOAD: -+ mtx_init(&stf_mtx, "stf_mtx", NULL, MTX_DEF); - if_clone_attach(&stf_cloner); - break; - case MOD_UNLOAD: - if_clone_detach(&stf_cloner); -+ mtx_destroy(&stf_mtx); - break; - default: - return (EOPNOTSUPP); -@@ -305,28 +338,31 @@ static moduledata_t stf_mod = { - }; - - DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); -+MODULE_VERSION(if_stf, 1); - - static int --stf_encapcheck(m, off, proto, arg) -- const struct mbuf *m; -- int off; -- int proto; -- void *arg; -+stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg) - { - struct ip ip; - struct in6_ifaddr *ia6; -+ struct sockaddr_in ia6_in4addr; -+ struct sockaddr_in ia6_in4mask; -+ struct sockaddr_in *sin; - struct stf_softc *sc; -- struct in_addr a, b, mask; -+ struct ifnet *ifp; -+ int ret = 0; - -+ DEBUG_PRINTF(1, "%s: enter\n", __func__); - sc = (struct stf_softc *)arg; - if (sc == NULL) - return 0; -+ ifp = STF2IFP(sc); - -- if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) -+ if ((ifp->if_flags & IFF_UP) == 0) - return 0; - - /* IFF_LINK0 means "no decapsulation" */ -- if ((STF2IFP(sc)->if_flags & IFF_LINK0) != 0) -+ if ((ifp->if_flags & IFF_LINK0) != 0) - return 0; - - if (proto != IPPROTO_IPV6) -@@ -338,86 +374,162 @@ stf_encapcheck(m, off, proto, arg) - if (ip.ip_v != 4) - return 0; - -- ia6 = stf_getsrcifa6(STF2IFP(sc)); -+ /* Lookup an ia6 whose IPv4 addr encoded in the IPv6 addr is valid. */ -+ ia6 = stf_getsrcifa6(ifp); - if (ia6 == NULL) - return 0; -+ sin = stf_getin4addr(&ia6_in4addr, &ia6->ia_ifa, STF_GETIN4_USE_CACHE); -+ if (sin == NULL) -+ return 0; - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_netmask)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_netmask = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", __func__, buf); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6_in4addr.sin_addr = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_dst); -+ DEBUG_PRINTF(1, "%s: ip.ip_dst = %s\n", __func__, buf); -+ } -+#endif - /* - * check if IPv4 dst matches the IPv4 address derived from the - * local 6to4 address. - * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... - */ -- if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, -- sizeof(ip.ip_dst)) != 0) { -- ifa_free(&ia6->ia_ifa); -- return 0; -+ DEBUG_PRINTF(1, "%s: check1: ia6_in4addr.sin_addr == ip.ip_dst?\n", __func__); -+ if (ia6_in4addr.sin_addr.s_addr != ip.ip_dst.s_addr) { -+ DEBUG_PRINTF(1, "%s: check1: false. Ignore this packet.\n", __func__); -+ goto freeit; - } - -- /* -- * check if IPv4 src matches the IPv4 address derived from the -- * local 6to4 address masked by prefixmask. -- * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -- * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -- */ -- bzero(&a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_addr.sin6_addr), &a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_prefixmask.sin6_addr), &mask, sizeof(mask)); -- ifa_free(&ia6->ia_ifa); -- a.s_addr &= mask.s_addr; -- b = ip.ip_src; -- b.s_addr &= mask.s_addr; -- if (a.s_addr != b.s_addr) -- return 0; -+ DEBUG_PRINTF(1, "%s: check2: ia6->ia_addr is 2002::/16?\n", __func__); -+ if (IN6_IS_ADDR_6TO4(&ia6->ia_addr.sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ /* -+ * check if IPv4 src matches the IPv4 address derived -+ * from the local 6to4 address masked by prefixmask. -+ * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -+ * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -+ */ -+ DEBUG_PRINTF(1, "%s: check2: true.\n", __func__); -+ -+ memcpy(&ia6_in4mask.sin_addr, -+ GET_V4(&ia6->ia_prefixmask.sin6_addr), -+ sizeof(ia6_in4mask)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia6_in4mask.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", -+ __func__, buf); -+ -+ DEBUG_PRINTF(1, "%s: check3: ia6_in4addr.sin_addr & mask == ip.ip_src & mask\n", -+ __func__); -+ } -+#endif - -+ if ((ia6_in4addr.sin_addr.s_addr & ia6_in4mask.sin_addr.s_addr) != -+ (ip.ip_src.s_addr & ia6_in4mask.sin_addr.s_addr)) { -+ DEBUG_PRINTF(1, "%s: check3: false. Ignore this packet.\n", -+ __func__); -+ goto freeit; -+ } -+ } else { -+ /* 6rd (RFC 5569) */ -+ DEBUG_PRINTF(1, "%s: check2: false. 6rd.\n", __func__); -+ /* -+ * No restriction on the src address in the case of -+ * 6rd because the stf(4) interface always has a -+ * prefix which covers whole of IPv4 src address -+ * range. So, stf_output() will catch all of -+ * 6rd-capsuled IPv4 traffic with suspicious inner dst -+ * IPv4 address (i.e. the IPv6 destination address is -+ * one the admin does not like to route to outside), -+ * and then it discard them silently. -+ */ -+ } -+ DEBUG_PRINTF(1, "%s: all clear!\n", __func__); - /* stf interface makes single side match only */ -- return 32; -+ ret = 32; -+freeit: -+ ifa_free(&ia6->ia_ifa); -+ -+ return (ret); - } - - static struct in6_ifaddr * --stf_getsrcifa6(ifp) -- struct ifnet *ifp; -+stf_getsrcifa6(struct ifnet *ifp) - { -- struct ifaddr *ia; -+ struct ifaddr *ifa; - struct in_ifaddr *ia4; -- struct sockaddr_in6 *sin6; -- struct in_addr in; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - - if_addr_rlock(ifp); -- TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { -- if (ia->ifa_addr->sa_family != AF_INET6) -+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { -+ if (ifa->ifa_addr->sa_family != AF_INET6) - continue; -- sin6 = (struct sockaddr_in6 *)ia->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) -+ if ((sin = stf_getin4addr(&in4, ifa, -+ STF_GETIN4_USE_CACHE)) == NULL) - continue; -- -- bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); -- LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) -- if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) -+ LIST_FOREACH(ia4, INADDR_HASH(sin->sin_addr.s_addr), ia_hash) -+ if (ia4->ia_addr.sin_addr.s_addr == sin->sin_addr.s_addr) - break; - if (ia4 == NULL) - continue; - -- ifa_ref(ia); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ifa->ifa_addr->sin6_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia4->ia_addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia4->ia_addr.sin_addr = %s\n", -+ __func__, buf); -+ } -+#endif -+ ifa_ref(ifa); - if_addr_runlock(ifp); -- return (struct in6_ifaddr *)ia; -+ return (ifatoia6(ifa)); - } - if_addr_runlock(ifp); - -+ - return NULL; - } - - static int --stf_output(ifp, m, dst, ro) -- struct ifnet *ifp; -- struct mbuf *m; -- struct sockaddr *dst; -- struct route *ro; -+stf_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct route *ro) - { - struct stf_softc *sc; - struct sockaddr_in6 *dst6; - struct route *cached_route; -- struct in_addr in4; -- caddr_t ptr; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - struct sockaddr_in *dst4; - u_int8_t tos; - struct ip *ip; -@@ -479,20 +591,28 @@ stf_output(ifp, m, dst, ro) - /* - * Pickup the right outer dst addr from the list of candidates. - * ip6_dst has priority as it may be able to give us shorter IPv4 hops. -+ * ip6_dst: destination addr in the packet header. -+ * dst6: destination addr specified in function argument. - */ -- ptr = NULL; -- if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) -- ptr = GET_V4(&ip6->ip6_dst); -- else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) -- ptr = GET_V4(&dst6->sin6_addr); -- else { -+ DEBUG_PRINTF(1, "%s: dst addr selection\n", __func__); -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &ip6->ip6_dst); -+ if (sin == NULL) -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &dst6->sin6_addr); -+ if (sin == NULL) { - ifa_free(&ia6->ia_ifa); - m_freem(m); - ifp->if_oerrors++; - return ENETUNREACH; - } -- bcopy(ptr, &in4, sizeof(in4)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: ip_dst = %s\n", __func__, buf); -+ } -+#endif - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -516,11 +636,26 @@ stf_output(ifp, m, dst, ro) - ip = mtod(m, struct ip *); - - bzero(ip, sizeof(*ip)); -+ bcopy(&in4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); -+ -+ sin = stf_getin4addr_sin6(&in4, &ia6->ia_ifa, &ia6->ia_addr); -+ if (sin == NULL) { -+ ifa_free(&ia6->ia_ifa); -+ m_freem(m); -+ ifp->if_oerrors++; -+ return ENETUNREACH; -+ } -+ bcopy(&in4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), -- &ip->ip_src, sizeof(ip->ip_src)); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip_src = %s\n", __func__, buf); -+ } -+#endif - ifa_free(&ia6->ia_ifa); -- bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); - ip->ip_p = IPPROTO_IPV6; - ip->ip_ttl = ip_stf_ttl; - ip->ip_len = m->m_pkthdr.len; /*host order*/ -@@ -529,7 +664,7 @@ stf_output(ifp, m, dst, ro) - else - ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); - -- if (!stf_route_cache) { -+ if (!V_stf_route_cache) { - cached_route = NULL; - goto sendit; - } -@@ -537,7 +672,7 @@ stf_output(ifp, m, dst, ro) - /* - * Do we have a cached route? - */ -- mtx_lock(&(sc)->sc_ro_mtx); -+ STF_LOCK(sc); - dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst; - if (dst4->sin_family != AF_INET || - bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) { -@@ -555,8 +690,15 @@ stf_output(ifp, m, dst, ro) - rtalloc_fib(&sc->sc_ro, sc->sc_fibnum); - if (sc->sc_ro.ro_rt == NULL) { - m_freem(m); -- mtx_unlock(&(sc)->sc_ro_mtx); - ifp->if_oerrors++; -+ STF_UNLOCK(sc); -+ return ENETUNREACH; -+ } -+ if (sc->sc_ro.ro_rt->rt_ifp == ifp) { -+ /* infinite loop detection */ -+ m_free(m); -+ ifp->if_oerrors++; -+ STF_UNLOCK(sc); - return ENETUNREACH; - } - } -@@ -565,34 +707,31 @@ stf_output(ifp, m, dst, ro) - sendit: - M_SETFIB(m, sc->sc_fibnum); - ifp->if_opackets++; -+ DEBUG_PRINTF(1, "%s: ip_output dispatch.\n", __func__); - error = ip_output(m, NULL, cached_route, 0, NULL, NULL); - - if (cached_route != NULL) -- mtx_unlock(&(sc)->sc_ro_mtx); -+ STF_UNLOCK(sc); - return error; - } - - static int --isrfc1918addr(in) -- struct in_addr *in; -+isrfc1918addr(struct in_addr *in) - { - /* - * returns 1 if private address range: - * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - */ -- if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || -- (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || -- (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168) -+ if ((ntohl(in->s_addr) & 0xff000000) == 10 << 24 || -+ (ntohl(in->s_addr) & 0xfff00000) == (172 * 256 + 16) << 16 || -+ (ntohl(in->s_addr) & 0xffff0000) == (192 * 256 + 168) << 16 ) - return 1; - - return 0; - } - - static int --stf_checkaddr4(sc, in, inifp) -- struct stf_softc *sc; -- struct in_addr *in; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr4(struct stf_softc *sc, struct in_addr *in, struct ifnet *inifp) - { - struct in_ifaddr *ia4; - -@@ -608,20 +747,10 @@ stf_checkaddr4(sc, in, inifp) - } - - /* -- * reject packets with private address range. -- * (requirement from RFC3056 section 2 1st paragraph) -- */ -- if (isrfc1918addr(in)) -- return -1; -- -- /* - * reject packets with broadcast - */ - IN_IFADDR_RLOCK(); -- for (ia4 = TAILQ_FIRST(&V_in_ifaddrhead); -- ia4; -- ia4 = TAILQ_NEXT(ia4, ia_link)) -- { -+ TAILQ_FOREACH(ia4, &V_in_ifaddrhead, ia_link) { - if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) - continue; - if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { -@@ -640,7 +769,7 @@ stf_checkaddr4(sc, in, inifp) - - bzero(&sin, sizeof(sin)); - sin.sin_family = AF_INET; -- sin.sin_len = sizeof(struct sockaddr_in); -+ sin.sin_len = sizeof(sin); - sin.sin_addr = *in; - rt = rtalloc1_fib((struct sockaddr *)&sin, 0, - 0UL, sc->sc_fibnum); -@@ -661,10 +790,7 @@ stf_checkaddr4(sc, in, inifp) - } - - static int --stf_checkaddr6(sc, in6, inifp) -- struct stf_softc *sc; -- struct in6_addr *in6; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr6(struct stf_softc *sc, struct in6_addr *in6, struct ifnet *inifp) - { - /* - * check 6to4 addresses -@@ -688,9 +814,7 @@ stf_checkaddr6(sc, in6, inifp) - } - - void --in_stf_input(m, off) -- struct mbuf *m; -- int off; -+in_stf_input(struct mbuf *m, int off) - { - int proto; - struct stf_softc *sc; -@@ -698,6 +822,7 @@ in_stf_input(m, off) - struct ip6_hdr *ip6; - u_int8_t otos, itos; - struct ifnet *ifp; -+ struct route_in6 rin6; - - proto = mtod(m, struct ip *)->ip_p; - -@@ -721,6 +846,17 @@ in_stf_input(m, off) - mac_ifnet_create_mbuf(ifp, m); - #endif - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ip->ip_dst); -+ DEBUG_PRINTF(1, "%s: ip->ip_dst = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip->ip_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against outer src/dst. - * for source, perform ingress filter as well. -@@ -741,6 +877,17 @@ in_stf_input(m, off) - } - ip6 = mtod(m, struct ip6_hdr *); - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &ip6->ip6_dst); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_dst = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ip6->ip6_src); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against inner src/dst. - * for source, perform ingress filter as well. -@@ -751,6 +898,41 @@ in_stf_input(m, off) - return; - } - -+ /* -+ * reject packets with private address range. -+ * (requirement from RFC3056 section 2 1st paragraph) -+ */ -+ if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip->ip_src)) || -+ (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip->ip_dst))) { -+ m_freem(m); -+ return; -+ } -+ -+ /* -+ * Ignore if the destination is the same stf interface because -+ * all of valid IPv6 outgoing traffic should go interfaces -+ * except for it. -+ */ -+ memset(&rin6, 0, sizeof(rin6)); -+ rin6.ro_dst.sin6_len = sizeof(rin6.ro_dst); -+ rin6.ro_dst.sin6_family = AF_INET6; -+ memcpy(&rin6.ro_dst.sin6_addr, &ip6->ip6_dst, -+ sizeof(rin6.ro_dst.sin6_addr)); -+ rtalloc((struct route *)&rin6); -+ if (rin6.ro_rt == NULL) { -+ DEBUG_PRINTF(1, "%s: no IPv6 dst. Ignored.\n", __func__); -+ m_free(m); -+ return; -+ } -+ if ((rin6.ro_rt->rt_ifp == ifp) && -+ (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &rin6.ro_dst.sin6_addr))) { -+ DEBUG_PRINTF(1, "%s: IPv6 dst is the same stf. Ignored.\n", __func__); -+ RTFREE(rin6.ro_rt); -+ m_free(m); -+ return; -+ } -+ RTFREE(rin6.ro_rt); -+ - itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - if ((ifp->if_flags & IFF_LINK1) != 0) - ip_ecn_egress(ECN_ALLOWED, &otos, &itos); -@@ -760,7 +942,7 @@ in_stf_input(m, off) - ip6->ip6_flow |= htonl((u_int32_t)itos << 20); - - m->m_pkthdr.rcvif = ifp; -- -+ - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -773,6 +955,7 @@ in_stf_input(m, off) - bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); - } - -+ DEBUG_PRINTF(1, "%s: netisr_dispatch(NETISR_IPV6)\n", __func__); - /* - * Put the packet to the network layer input queue according to the - * specified address family. -@@ -787,27 +970,277 @@ in_stf_input(m, off) - - /* ARGSUSED */ - static void --stf_rtrequest(cmd, rt, info) -- int cmd; -- struct rtentry *rt; -- struct rt_addrinfo *info; -+stf_rtrequest(int cmd, struct rtentry *rt, struct rt_addrinfo *info) - { -+ - RT_LOCK_ASSERT(rt); - rt->rt_rmx.rmx_mtu = IPV6_MMTU; - } - -+/* Check whether we have at least one instance with IFF_UP. */ - static int --stf_ioctl(ifp, cmd, data) -- struct ifnet *ifp; -- u_long cmd; -- caddr_t data; -+stf_is_up(struct ifnet *ifp) -+{ -+ struct stf_softc *scp; -+ struct stf_softc *sc_cur; -+ struct stf_softc *sc_is_up; -+ -+ sc_is_up = NULL; -+ if ((sc_cur = ifp->if_softc) == NULL) -+ return (EINVAL); -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(scp, &V_stf_softc_list, stf_list) { -+ if (scp == sc_cur) -+ continue; -+ if ((STF2IFP(scp)->if_flags & IFF_UP) != 0) { -+ sc_is_up = scp; -+ break; -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ -+ /* We already has at least one instance with IFF_UP. */ -+ if (stf_is_up != NULL) -+ return (ENOSPC); -+ -+ return (0); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_in6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct in6_addr *in6) -+{ -+ struct sockaddr_in6 sin6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || in6 == NULL) -+ return NULL; -+ -+ memset(&sin6, 0, sizeof(sin6)); -+ memcpy(&sin6.sin6_addr, in6, sizeof(sin6.sin6_addr)); -+ sin6.sin6_len = sizeof(sin6); -+ sin6.sin6_family = AF_INET6; -+ -+ return(stf_getin4addr_sin6(sin, ifa, &sin6)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_sin6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct sockaddr_in6 *sin6) -+{ -+ struct in6_ifaddr ia6; -+ int i; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || sin6 == NULL) -+ return NULL; -+ -+ memset(&ia6, 0, sizeof(ia6)); -+ memcpy(&ia6, ifatoia6(ifa), sizeof(ia6)); -+ -+ /* -+ * Use prefixmask information from ifa, and -+ * address information from sin6. -+ */ -+ ia6.ia_addr.sin6_family = AF_INET6; -+ ia6.ia_ifa.ifa_addr = (struct sockaddr *)&ia6.ia_addr; -+ ia6.ia_ifa.ifa_dstaddr = NULL; -+ ia6.ia_ifa.ifa_netmask = (struct sockaddr *)&ia6.ia_prefixmask; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_addr.sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_prefixmask.sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ /* -+ * When (src addr & src mask) != (dst (sin6) addr & src mask), -+ * the dst is not in the 6rd domain. The IPv4 address must -+ * not be used. -+ */ -+ for (i = 0; i < sizeof(ia6.ia_addr.sin6_addr); i++) { -+ if ((((u_char *)&ia6.ia_addr.sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i]) -+ != -+ (((u_char *)&sin6->sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i])) -+ return NULL; -+ } -+ -+ /* After the mask check, overwrite ia6.ia_addr with sin6. */ -+ memcpy(&ia6.ia_addr, sin6, sizeof(ia6.ia_addr)); -+ return(stf_getin4addr(sin, (struct ifaddr *)&ia6, 0)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ int flags) -+{ -+ struct in_addr *in; -+ struct sockaddr_in6 *sin6; -+ struct in6_ifaddr *ia6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || -+ ifa->ifa_addr == NULL || -+ ifa->ifa_addr->sa_family != AF_INET6) -+ return NULL; -+ -+ sin6 = satosin6(ifa->ifa_addr); -+ ia6 = ifatoia6(ifa); -+ -+ if ((flags & STF_GETIN4_USE_CACHE) && -+ (ifa->ifa_dstaddr != NULL) && -+ (ifa->ifa_dstaddr->sa_family == AF_INET)) { -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ memcpy(sin, satosin(ifa->ifa_dstaddr), sizeof(*sin)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: cached address was used = %s\n", __func__, buf); -+ } -+#endif -+ return (sin); -+ } -+ memset(sin, 0, sizeof(*sin)); -+ in = &sin->sin_addr; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ bcopy(GET_V4(&sin6->sin6_addr), in, sizeof(*in)); -+ if (isrfc1918addr(in)) -+ return NULL; -+ } else { -+ /* 6rd (RFC 5569) */ -+ struct in6_addr buf; -+ u_char *p = (u_char *)&buf; -+ u_char *q = (u_char *)in; -+ u_int residue = 0; -+ u_char mask; -+ int i; -+ u_int plen; -+ -+ /* -+ * 6rd-relays IPv6 prefix is located at a 32-bit just -+ * after the prefix edge. -+ */ -+ plen = in6_mask2len(&satosin6(ifa->ifa_netmask)->sin6_addr, NULL); -+ if (32 < plen) -+ return NULL; -+ -+ memcpy(&buf, &sin6->sin6_addr, sizeof(buf)); -+ p += plen / 8; -+ residue = plen % 8; -+ mask = ~((u_char)(-1) >> residue); -+ -+ /* -+ * The p points head of the IPv4 address part in -+ * bytes. The residue is a bit-shift factor when -+ * prefixlen is not a multiple of 8. -+ */ -+ for (i = 0; i < 4; i++) { -+ DEBUG_PRINTF(2, "p[%d] = %d\n", i, p[i]); -+ DEBUG_PRINTF(2, "residue = %d\n", residue); -+ if (residue) { -+ p[i] <<= residue; -+ DEBUG_PRINTF(2, "p[%d] << residue = %d\n", -+ i, p[i]); -+ DEBUG_PRINTF(2, "mask = %x\n", -+ mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask = %d\n", -+ i, p[i + 1] & mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask >> (8 - residue) = %d\n", -+ i, (p[i + 1] & mask) >> (8-residue)); -+ p[i] |= ((p[i+1] & mask) >> (8 - residue)); -+ } -+ q[i] = p[i]; -+ } -+ } -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, in); -+ DEBUG_PRINTF(1, "%s: in->in_addr = %s\n", __func__, buf); -+ DEBUG_PRINTF(1, "%s: leave\n", __func__); -+ } -+#endif -+ if (flags & STF_GETIN4_USE_CACHE) { -+ DEBUG_PRINTF(1, "%s: try to access ifa->ifa_dstaddr.\n", __func__); -+ ifa->ifa_dstaddr = (struct sockaddr *)&ia6->ia_dstaddr; -+ DEBUG_PRINTF(1, "%s: try to memset 0 to ia_dstaddr.\n", __func__); -+ memset(&ia6->ia_dstaddr, 0, sizeof(ia6->ia_dstaddr)); -+ DEBUG_PRINTF(1, "%s: try to memcpy ifa->ifa_dstaddr.\n", __func__); -+ memcpy((struct sockaddr_in *)ifa->ifa_dstaddr, -+ sin, sizeof(struct sockaddr_in)); -+ DEBUG_PRINTF(1, "%s: try to set sa_family.\n", __func__); -+ ifa->ifa_dstaddr->sa_family = AF_INET; -+ DEBUG_PRINTF(1, "%s: in->in_addr is stored in ifa_dstaddr.\n", -+ __func__); -+ } -+ return (sin); -+} -+ -+static int -+stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) - { - struct ifaddr *ifa; - struct ifreq *ifr; -- struct sockaddr_in6 *sin6; -- struct in_addr addr; -+ struct sockaddr_in in4; - int error; - -+ /* -+ * Sanity check: if more than two interfaces have IFF_UP, do -+ * if_down() for all of them except for the specified one. -+ */ -+ if (ifp->if_flags & IFF_UP) { -+ struct stf_softc *sc_cur = ifp->if_softc; -+ struct stf_softc *sc; -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(sc, &V_stf_softc_list, stf_list) { -+ if (sc == sc_cur) -+ continue; -+ if ((STF2IFP(sc)->if_flags & IFF_UP) != 0) { -+ if_printf(STF2IFP(sc), -+ "marked as DOWN because at least " -+ "one instance of stf(4) is already " -+ "working.\n"); -+ if_down(STF2IFP(sc)); -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ } -+ - error = 0; - switch (cmd) { - case SIOCSIFADDR: -@@ -816,17 +1249,16 @@ stf_ioctl(ifp, cmd, data) - error = EAFNOSUPPORT; - break; - } -- sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ if (stf_getin4addr(&in4, ifa, 0) == NULL) { - error = EINVAL; - break; - } -- bcopy(GET_V4(&sin6->sin6_addr), &addr, sizeof(addr)); -- if (isrfc1918addr(&addr)) { -- error = EINVAL; -- break; -- } -- -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ if (ifa->ifa_dstaddr != NULL) -+ ifa->ifa_dstaddr->sa_family = AF_UNSPEC; - ifa->ifa_rtrequest = stf_rtrequest; - ifp->if_flags |= IFF_UP; - break; diff --git a/net/stf-6rd-kmod/files-9.1/patch-aa b/net/stf-6rd-kmod/files-9.1/patch-aa deleted file mode 100644 index c2e67aa5d03a..000000000000 --- a/net/stf-6rd-kmod/files-9.1/patch-aa +++ /dev/null @@ -1,1321 +0,0 @@ -diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4 -index 1178e03..9008738 100644 ---- a/share/man/man4/stf.4 -+++ b/share/man/man4/stf.4 -@@ -1,6 +1,7 @@ - .\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $ - .\" - .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. -+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - .\" All rights reserved. - .\" - .\" Redistribution and use in source and binary forms, with or without -@@ -42,21 +43,11 @@ tunnel interface - .Sh DESCRIPTION - The - .Nm --interface supports --.Dq 6to4 --IPv6 in IPv4 encapsulation. --It can tunnel IPv6 traffic over IPv4, as specified in --.Li RFC3056 . --.Pp --For ordinary nodes in 6to4 site, you do not need --.Nm --interface. --The --.Nm --interface is necessary for site border router --(called --.Dq 6to4 router --in the specification). -+interface supports IPv6 in IPv4 encapsulation by -+tunneling IPv6 traffic over IPv4, as specified in -+.Li RFC3056 Pq 6to4 -+and -+.Li RFC5569 Pq 6rd . - .Pp - Each - .Nm -@@ -72,12 +63,28 @@ variable in - .Pp - Due to the way 6to4 protocol is specified, - .Nm --interface requires certain configuration to work properly. -+interface requires certain configuration to work properly. Two -+different protocols defined in RFC3056 and RFC5569 are basically the -+same as each other except for address handling, so -+.Nm -+decides its behavior based on the configured IPv6 addresses as -+explained in the following. -+The -+.Nm -+interface can be configured with multiple IPv6 addresses including -+both 6to4 and 6rd. -+.Sh RFC3056 (a.k.a. 6to4) - Single --(no more than 1) --valid 6to4 address needs to be configured to the interface. --.Dq A valid 6to4 address --is an address which has the following properties. -+.Pq no more than 1 valid 6to4 address needs to be configured to the interface. -+.Dq a valid 6to4 address -+is an address which has the following properties. For ordinary nodes -+in 6to4 site, you do not need -+.Nm -+interface; it is necessary only for site border router -+(called -+.Dq 6to4 router -+in the specification). -+.Pp - If any of the following properties are not satisfied, - .Nm - raises runtime error on packet transmission. -@@ -110,6 +117,78 @@ you may want to configure IPv6 prefix length as - .Nm - interface will check the IPv4 source address on packets, - if the IPv6 prefix length is larger than 16. -+.Sh RFC5569 (a.k.a. 6rd) -+The -+.Nm -+interface works in the 6rd mode when one or more IPv6 addresses that -+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length -+equal to or shorter than 64. In 6rd protocol, an IPv6 address -+.Li 2001:db8:c000:205::1/32 -+means the following, for example: -+.Bl -bullet -+.It -+The 6rd relay prefix is -+.Li 2001:db8::/32 . -+.It -+The 6rd router's IPv4 address is -+.Li 192.0.2.5 . -+.El -+.Pp -+As you can see the IPv4 address is embedded in the IPv6 address just -+after the prefix. While you can choose an IPv6 prefix length other -+than 32, it must be from 0 to 32. -+.Pp -+Assuming this address is configured on the -+.Nm -+interface, it does the following: -+.Bl -bullet -+.It -+An incoming IPv6 packet on -+.Nm -+will be encapsuled in an IPv4 packet with the source address -+.Li 192.0.2.5 -+and then the IPv4 packet is delivered based on the IPv4 routing table. -+The IPv4 destination address is calculated from the destination -+address of the original IPv6 packet in the same way as the source. -+.It -+An incoming IPv4 packet which encapsules an IPv6 packet whose -+destination address matches a 6rd prefix with embedded IPv4 address -+configured on the -+.Nm -+interface, the IPv6 packet will be decapsulated and delivered based on -+the IPv6 routing table. Note that -+.Nm -+interface normally has a route which covers whole range of a 6rd relay -+prefix, the delivered IPv6 packet can return to -+.Nm -+if there is no more specific route. In that case, the returned packet -+will be discarded silently. -+.El -+.\" XXX: example configuration will be added -+.\" .Pp -+.\" By using this interface, you can configure a 6rd domain. For simplicity, -+.\" we assume the following here: -+.\" .Bl -bullet -+.\" .It -+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access -+.\" toward network of his Internet Service Provider. The Customer has -+.\" a router called -+.\" .Dq CE Pq Customer Edge -+.\" Router, which can communicate between his LAN and the ISP over IPv4 -+.\" and encapsulate -+.\" his networks. -+.\" .It -+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd -+.\" protocol. The Provider offers access to a router called -+.\" .Dq PE Pq Provider Edge -+.\" Router, which can communicate with -+.\" .El -+.\" .Pp -+.\" A 6rd customer -+.\" needs to configure -+.\" .Nm -+.\" on his CE (Customer Edge) router. -+.Sh Other Functionality of the Interface - .Pp - .Nm - can be configured to be ECN friendly. -@@ -147,9 +226,6 @@ Packets with IPv4 multicast address as outer IPv4 source/destination - Packets with limited broadcast address as outer IPv4 source/destination - .Pq Li 255.0.0.0/8 - .It --Packets with private address as outer IPv4 source/destination --.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 --.It - Packets with subnet broadcast address as outer IPv4 source/destination. - The check is made against subnet broadcast addresses for - all of the directly connected subnets. -@@ -164,6 +240,11 @@ The same set of rules are applied against the IPv4 address embedded into - inner IPv6 address, if the IPv6 address matches 6to4 prefix. - .El - .Pp -+In addition to them, packets with private address as outer IPv4 -+source/destination -+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 -+are filtered out only in the 6to4 mode. -+.Pp - It is recommended to filter/audit - incoming IPv4 packet with IP protocol number 41, as necessary. - It is also recommended to filter/audit encapsulated IPv6 packets as well. -diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c -index e32956e..da4d2aa 100644 ---- a/sys/net/if_stf.c -+++ b/sys/net/if_stf.c -@@ -3,6 +3,7 @@ - - /*- - * Copyright (C) 2000 WIDE Project. -+ * Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -31,7 +32,7 @@ - */ - - /* -- * 6to4 interface, based on RFC3056. -+ * 6to4 interface, based on RFC3056 + 6rd (RFC5569) support. - * - * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting. - * There is no address mapping defined from IPv6 multicast address to IPv4 -@@ -60,7 +61,7 @@ - * ICMPv6: - * - Redirects cannot be used due to the lack of link-local address. - * -- * stf interface does not have, and will not need, a link-local address. -+ * stf interface does not have, and will not need, a link-local address. - * It seems to have no real benefit and does not help the above symptoms much. - * Even if we assign link-locals to interface, we cannot really - * use link-local unicast/multicast on top of 6to4 cloud (since there's no -@@ -72,6 +73,12 @@ - * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt - * for details. The code tries to filter out some of malicious packets. - * Note that there is no way to be 100% secure. -+ * -+ * 6rd (RFC5569) extension is enabled when an IPv6 GUA other than -+ * 2002::/16 is assigned. The stf(4) recognizes a 32-bit just after -+ * prefixlen as the IPv4 address of the 6rd customer site. The -+ * prefixlen must be shorter than 32. -+ * - */ - - #include "opt_inet.h" -@@ -120,15 +127,41 @@ - - #include <security/mac/mac_framework.h> - -+#define STF_DEBUG 1 -+#define ip_sprintf(buf, a) \ -+ sprintf(buf, "%d.%d.%d.%d", \ -+ (ntohl((a)->s_addr)>>24)&0xFF, \ -+ (ntohl((a)->s_addr)>>16)&0xFF, \ -+ (ntohl((a)->s_addr)>>8)&0xFF, \ -+ (ntohl((a)->s_addr))&0xFF); -+#if STF_DEBUG -+#define DEBUG_PRINTF(a, ...) \ -+ do { \ -+ if (V_stf_debug >= a) \ -+ printf(__VA_ARGS__); \ -+ } while (0) -+#else -+#define DEBUG_PRINTF(a, ...) -+#endif -+ - SYSCTL_DECL(_net_link); - SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface"); - --static int stf_route_cache = 1; --SYSCTL_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -- &stf_route_cache, 0, "Caching of IPv4 routes for 6to4 Output"); -+static VNET_DEFINE(int, stf_route_cache) = 1; -+#define V_stf_route_cache VNET(stf_route_cache) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -+ &VNET_NAME(stf_route_cache), 0, -+ "Enable caching of IPv4 routes for 6to4 output."); -+ -+#if STF_DEBUG -+static VNET_DEFINE(int, stf_debug) = 0; -+#define V_stf_debug VNET(stf_debug) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, stf_debug, CTLFLAG_RW, -+ &VNET_NAME(stf_debug), 0, -+ "Enable displaying verbose debug message of stf interfaces"); -+#endif - - #define STFNAME "stf" --#define STFUNIT 0 - - #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) - -@@ -145,17 +178,26 @@ struct stf_softc { - struct route_in6 __sc_ro6; /* just for safety */ - } __sc_ro46; - #define sc_ro __sc_ro46.__sc_ro4 -- struct mtx sc_ro_mtx; -+ struct mtx sc_mtx; - u_int sc_fibnum; - const struct encaptab *encap_cookie; -+ u_int sc_flags; -+ LIST_ENTRY(stf_softc) stf_list; - }; - #define STF2IFP(sc) ((sc)->sc_ifp) - --/* -- * Note that mutable fields in the softc are not currently locked. -- * We do lock sc_ro in stf_output though. -- */ -+static struct mtx stf_mtx; - static MALLOC_DEFINE(M_STF, STFNAME, "6to4 Tunnel Interface"); -+static VNET_DEFINE(LIST_HEAD(, stf_softc), stf_softc_list); -+#define V_stf_softc_list VNET(stf_softc_list) -+ -+#define STF_LOCK_INIT(sc) mtx_init(&(sc)->sc_mtx, "stf softc", \ -+ NULL, MTX_DEF); -+#define STF_LOCK_DESTROY(sc) mtx_destroy(&(sc)->sc_mtx) -+#define STF_LOCK(sc) mtx_lock(&(sc)->sc_mtx) -+#define STF_UNLOCK(sc) mtx_unlock(&(sc)->sc_mtx) -+#define STF_LOCK_ASSERT(sc) mtx_assert(&(sc)->sc_mtx, MA_OWNED) -+ - static const int ip_stf_ttl = 40; - - extern struct domain inetdomain; -@@ -170,8 +212,6 @@ struct protosw in_stf_protosw = { - .pr_usrreqs = &rip_usrreqs - }; - --static char *stfnames[] = {"stf0", "stf", "6to4", NULL}; -- - static int stfmodevent(module_t, int, void *); - static int stf_encapcheck(const struct mbuf *, int, int, void *); - static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *); -@@ -184,68 +224,45 @@ static int stf_checkaddr6(struct stf_softc *, struct in6_addr *, - struct ifnet *); - static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *); - static int stf_ioctl(struct ifnet *, u_long, caddr_t); -- --static int stf_clone_match(struct if_clone *, const char *); --static int stf_clone_create(struct if_clone *, char *, size_t, caddr_t); --static int stf_clone_destroy(struct if_clone *, struct ifnet *); --struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0, -- NULL, stf_clone_match, stf_clone_create, stf_clone_destroy); -+static int stf_is_up(struct ifnet *); -+ -+#define STF_GETIN4_USE_CACHE 1 -+static struct sockaddr_in *stf_getin4addr(struct sockaddr_in *, -+ struct ifaddr *, -+ int); -+static struct sockaddr_in *stf_getin4addr_in6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct in6_addr *); -+static struct sockaddr_in *stf_getin4addr_sin6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct sockaddr_in6 *); -+static int stf_clone_create(struct if_clone *, int, caddr_t); -+static void stf_clone_destroy(struct ifnet *); -+ -+IFC_SIMPLE_DECLARE(stf, 0); - - static int --stf_clone_match(struct if_clone *ifc, const char *name) -+stf_clone_create(struct if_clone *ifc, int unit, caddr_t params) - { -- int i; -- -- for(i = 0; stfnames[i] != NULL; i++) { -- if (strcmp(stfnames[i], name) == 0) -- return (1); -- } -- -- return (0); --} -- --static int --stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) --{ -- int err, unit; - struct stf_softc *sc; - struct ifnet *ifp; - -- /* -- * We can only have one unit, but since unit allocation is -- * already locked, we use it to keep from allocating extra -- * interfaces. -- */ -- unit = STFUNIT; -- err = ifc_alloc_unit(ifc, &unit); -- if (err != 0) -- return (err); -- - sc = malloc(sizeof(struct stf_softc), M_STF, M_WAITOK | M_ZERO); -+ sc->sc_fibnum = curthread->td_proc->p_fibnum; - ifp = STF2IFP(sc) = if_alloc(IFT_STF); -- if (ifp == NULL) { -+ if (sc->sc_ifp == NULL) { - free(sc, M_STF); -- ifc_free_unit(ifc, unit); -- return (ENOSPC); -+ return (ENOMEM); - } -+ STF_LOCK_INIT(sc); - ifp->if_softc = sc; -- sc->sc_fibnum = curthread->td_proc->p_fibnum; -+ if_initname(ifp, ifc->ifc_name, unit); - -- /* -- * Set the name manually rather then using if_initname because -- * we don't conform to the default naming convention for interfaces. -- */ -- strlcpy(ifp->if_xname, name, IFNAMSIZ); -- ifp->if_dname = ifc->ifc_name; -- ifp->if_dunit = IF_DUNIT_NONE; -- -- mtx_init(&(sc)->sc_ro_mtx, "stf ro", NULL, MTX_DEF); - sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6, - stf_encapcheck, &in_stf_protosw, sc); - if (sc->encap_cookie == NULL) { - if_printf(ifp, "attach failed\n"); - free(sc, M_STF); -- ifc_free_unit(ifc, unit); - return (ENOMEM); - } - -@@ -255,41 +272,57 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) - ifp->if_snd.ifq_maxlen = ifqmaxlen; - if_attach(ifp); - bpfattach(ifp, DLT_NULL, sizeof(u_int32_t)); -+ -+ mtx_lock(&stf_mtx); -+ LIST_INSERT_HEAD(&V_stf_softc_list, sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - return (0); - } - --static int --stf_clone_destroy(struct if_clone *ifc, struct ifnet *ifp) -+static void -+stf_clone_destroy(struct ifnet *ifp) - { - struct stf_softc *sc = ifp->if_softc; - int err; - -+ mtx_lock(&stf_mtx); -+ LIST_REMOVE(sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - err = encap_detach(sc->encap_cookie); - KASSERT(err == 0, ("Unexpected error detaching encap_cookie")); -- mtx_destroy(&(sc)->sc_ro_mtx); - bpfdetach(ifp); - if_detach(ifp); - if_free(ifp); - -+ STF_LOCK_DESTROY(sc); - free(sc, M_STF); -- ifc_free_unit(ifc, STFUNIT); - -- return (0); -+ return; -+} -+ -+static void -+vnet_stf_init(const void *unused __unused) -+{ -+ -+ LIST_INIT(&V_stf_softc_list); - } -+VNET_SYSINIT(vnet_stf_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_stf_init, -+ NULL); - - static int --stfmodevent(mod, type, data) -- module_t mod; -- int type; -- void *data; -+stfmodevent(module_t mod, int type, void *data) - { - - switch (type) { - case MOD_LOAD: -+ mtx_init(&stf_mtx, "stf_mtx", NULL, MTX_DEF); - if_clone_attach(&stf_cloner); - break; - case MOD_UNLOAD: - if_clone_detach(&stf_cloner); -+ mtx_destroy(&stf_mtx); - break; - default: - return (EOPNOTSUPP); -@@ -305,28 +338,31 @@ static moduledata_t stf_mod = { - }; - - DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); -+MODULE_VERSION(if_stf, 1); - - static int --stf_encapcheck(m, off, proto, arg) -- const struct mbuf *m; -- int off; -- int proto; -- void *arg; -+stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg) - { - struct ip ip; - struct in6_ifaddr *ia6; -+ struct sockaddr_in ia6_in4addr; -+ struct sockaddr_in ia6_in4mask; -+ struct sockaddr_in *sin; - struct stf_softc *sc; -- struct in_addr a, b, mask; -+ struct ifnet *ifp; -+ int ret = 0; - -+ DEBUG_PRINTF(1, "%s: enter\n", __func__); - sc = (struct stf_softc *)arg; - if (sc == NULL) - return 0; -+ ifp = STF2IFP(sc); - -- if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) -+ if ((ifp->if_flags & IFF_UP) == 0) - return 0; - - /* IFF_LINK0 means "no decapsulation" */ -- if ((STF2IFP(sc)->if_flags & IFF_LINK0) != 0) -+ if ((ifp->if_flags & IFF_LINK0) != 0) - return 0; - - if (proto != IPPROTO_IPV6) -@@ -338,86 +374,162 @@ stf_encapcheck(m, off, proto, arg) - if (ip.ip_v != 4) - return 0; - -- ia6 = stf_getsrcifa6(STF2IFP(sc)); -+ /* Lookup an ia6 whose IPv4 addr encoded in the IPv6 addr is valid. */ -+ ia6 = stf_getsrcifa6(ifp); - if (ia6 == NULL) - return 0; -+ sin = stf_getin4addr(&ia6_in4addr, &ia6->ia_ifa, STF_GETIN4_USE_CACHE); -+ if (sin == NULL) -+ return 0; - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_netmask)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_netmask = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", __func__, buf); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6_in4addr.sin_addr = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_dst); -+ DEBUG_PRINTF(1, "%s: ip.ip_dst = %s\n", __func__, buf); -+ } -+#endif - /* - * check if IPv4 dst matches the IPv4 address derived from the - * local 6to4 address. - * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... - */ -- if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, -- sizeof(ip.ip_dst)) != 0) { -- ifa_free(&ia6->ia_ifa); -- return 0; -+ DEBUG_PRINTF(1, "%s: check1: ia6_in4addr.sin_addr == ip.ip_dst?\n", __func__); -+ if (ia6_in4addr.sin_addr.s_addr != ip.ip_dst.s_addr) { -+ DEBUG_PRINTF(1, "%s: check1: false. Ignore this packet.\n", __func__); -+ goto freeit; - } - -- /* -- * check if IPv4 src matches the IPv4 address derived from the -- * local 6to4 address masked by prefixmask. -- * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -- * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -- */ -- bzero(&a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_addr.sin6_addr), &a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_prefixmask.sin6_addr), &mask, sizeof(mask)); -- ifa_free(&ia6->ia_ifa); -- a.s_addr &= mask.s_addr; -- b = ip.ip_src; -- b.s_addr &= mask.s_addr; -- if (a.s_addr != b.s_addr) -- return 0; -+ DEBUG_PRINTF(1, "%s: check2: ia6->ia_addr is 2002::/16?\n", __func__); -+ if (IN6_IS_ADDR_6TO4(&ia6->ia_addr.sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ /* -+ * check if IPv4 src matches the IPv4 address derived -+ * from the local 6to4 address masked by prefixmask. -+ * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -+ * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -+ */ -+ DEBUG_PRINTF(1, "%s: check2: true.\n", __func__); -+ -+ memcpy(&ia6_in4mask.sin_addr, -+ GET_V4(&ia6->ia_prefixmask.sin6_addr), -+ sizeof(ia6_in4mask)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia6_in4mask.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", -+ __func__, buf); -+ -+ DEBUG_PRINTF(1, "%s: check3: ia6_in4addr.sin_addr & mask == ip.ip_src & mask\n", -+ __func__); -+ } -+#endif - -+ if ((ia6_in4addr.sin_addr.s_addr & ia6_in4mask.sin_addr.s_addr) != -+ (ip.ip_src.s_addr & ia6_in4mask.sin_addr.s_addr)) { -+ DEBUG_PRINTF(1, "%s: check3: false. Ignore this packet.\n", -+ __func__); -+ goto freeit; -+ } -+ } else { -+ /* 6rd (RFC 5569) */ -+ DEBUG_PRINTF(1, "%s: check2: false. 6rd.\n", __func__); -+ /* -+ * No restriction on the src address in the case of -+ * 6rd because the stf(4) interface always has a -+ * prefix which covers whole of IPv4 src address -+ * range. So, stf_output() will catch all of -+ * 6rd-capsuled IPv4 traffic with suspicious inner dst -+ * IPv4 address (i.e. the IPv6 destination address is -+ * one the admin does not like to route to outside), -+ * and then it discard them silently. -+ */ -+ } -+ DEBUG_PRINTF(1, "%s: all clear!\n", __func__); - /* stf interface makes single side match only */ -- return 32; -+ ret = 32; -+freeit: -+ ifa_free(&ia6->ia_ifa); -+ -+ return (ret); - } - - static struct in6_ifaddr * --stf_getsrcifa6(ifp) -- struct ifnet *ifp; -+stf_getsrcifa6(struct ifnet *ifp) - { -- struct ifaddr *ia; -+ struct ifaddr *ifa; - struct in_ifaddr *ia4; -- struct sockaddr_in6 *sin6; -- struct in_addr in; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - - if_addr_rlock(ifp); -- TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { -- if (ia->ifa_addr->sa_family != AF_INET6) -+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { -+ if (ifa->ifa_addr->sa_family != AF_INET6) - continue; -- sin6 = (struct sockaddr_in6 *)ia->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) -+ if ((sin = stf_getin4addr(&in4, ifa, -+ STF_GETIN4_USE_CACHE)) == NULL) - continue; -- -- bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); -- LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) -- if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) -+ LIST_FOREACH(ia4, INADDR_HASH(sin->sin_addr.s_addr), ia_hash) -+ if (ia4->ia_addr.sin_addr.s_addr == sin->sin_addr.s_addr) - break; - if (ia4 == NULL) - continue; - -- ifa_ref(ia); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ifa->ifa_addr->sin6_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia4->ia_addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia4->ia_addr.sin_addr = %s\n", -+ __func__, buf); -+ } -+#endif -+ ifa_ref(ifa); - if_addr_runlock(ifp); -- return (struct in6_ifaddr *)ia; -+ return (ifatoia6(ifa)); - } - if_addr_runlock(ifp); - -+ - return NULL; - } - - static int --stf_output(ifp, m, dst, ro) -- struct ifnet *ifp; -- struct mbuf *m; -- struct sockaddr *dst; -- struct route *ro; -+stf_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct route *ro) - { - struct stf_softc *sc; - struct sockaddr_in6 *dst6; - struct route *cached_route; -- struct in_addr in4; -- caddr_t ptr; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - struct sockaddr_in *dst4; - u_int8_t tos; - struct ip *ip; -@@ -479,20 +591,28 @@ stf_output(ifp, m, dst, ro) - /* - * Pickup the right outer dst addr from the list of candidates. - * ip6_dst has priority as it may be able to give us shorter IPv4 hops. -+ * ip6_dst: destination addr in the packet header. -+ * dst6: destination addr specified in function argument. - */ -- ptr = NULL; -- if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) -- ptr = GET_V4(&ip6->ip6_dst); -- else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) -- ptr = GET_V4(&dst6->sin6_addr); -- else { -+ DEBUG_PRINTF(1, "%s: dst addr selection\n", __func__); -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &ip6->ip6_dst); -+ if (sin == NULL) -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &dst6->sin6_addr); -+ if (sin == NULL) { - ifa_free(&ia6->ia_ifa); - m_freem(m); - ifp->if_oerrors++; - return ENETUNREACH; - } -- bcopy(ptr, &in4, sizeof(in4)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: ip_dst = %s\n", __func__, buf); -+ } -+#endif - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -516,11 +636,26 @@ stf_output(ifp, m, dst, ro) - ip = mtod(m, struct ip *); - - bzero(ip, sizeof(*ip)); -+ bcopy(&in4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); -+ -+ sin = stf_getin4addr_sin6(&in4, &ia6->ia_ifa, &ia6->ia_addr); -+ if (sin == NULL) { -+ ifa_free(&ia6->ia_ifa); -+ m_freem(m); -+ ifp->if_oerrors++; -+ return ENETUNREACH; -+ } -+ bcopy(&in4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), -- &ip->ip_src, sizeof(ip->ip_src)); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip_src = %s\n", __func__, buf); -+ } -+#endif - ifa_free(&ia6->ia_ifa); -- bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); - ip->ip_p = IPPROTO_IPV6; - ip->ip_ttl = ip_stf_ttl; - ip->ip_len = m->m_pkthdr.len; /*host order*/ -@@ -529,7 +664,7 @@ stf_output(ifp, m, dst, ro) - else - ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); - -- if (!stf_route_cache) { -+ if (!V_stf_route_cache) { - cached_route = NULL; - goto sendit; - } -@@ -537,7 +672,7 @@ stf_output(ifp, m, dst, ro) - /* - * Do we have a cached route? - */ -- mtx_lock(&(sc)->sc_ro_mtx); -+ STF_LOCK(sc); - dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst; - if (dst4->sin_family != AF_INET || - bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) { -@@ -555,8 +690,15 @@ stf_output(ifp, m, dst, ro) - rtalloc_fib(&sc->sc_ro, sc->sc_fibnum); - if (sc->sc_ro.ro_rt == NULL) { - m_freem(m); -- mtx_unlock(&(sc)->sc_ro_mtx); - ifp->if_oerrors++; -+ STF_UNLOCK(sc); -+ return ENETUNREACH; -+ } -+ if (sc->sc_ro.ro_rt->rt_ifp == ifp) { -+ /* infinite loop detection */ -+ m_free(m); -+ ifp->if_oerrors++; -+ STF_UNLOCK(sc); - return ENETUNREACH; - } - } -@@ -565,34 +707,31 @@ stf_output(ifp, m, dst, ro) - sendit: - M_SETFIB(m, sc->sc_fibnum); - ifp->if_opackets++; -+ DEBUG_PRINTF(1, "%s: ip_output dispatch.\n", __func__); - error = ip_output(m, NULL, cached_route, 0, NULL, NULL); - - if (cached_route != NULL) -- mtx_unlock(&(sc)->sc_ro_mtx); -+ STF_UNLOCK(sc); - return error; - } - - static int --isrfc1918addr(in) -- struct in_addr *in; -+isrfc1918addr(struct in_addr *in) - { - /* - * returns 1 if private address range: - * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - */ -- if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || -- (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || -- (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168) -+ if ((ntohl(in->s_addr) & 0xff000000) == 10 << 24 || -+ (ntohl(in->s_addr) & 0xfff00000) == (172 * 256 + 16) << 16 || -+ (ntohl(in->s_addr) & 0xffff0000) == (192 * 256 + 168) << 16 ) - return 1; - - return 0; - } - - static int --stf_checkaddr4(sc, in, inifp) -- struct stf_softc *sc; -- struct in_addr *in; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr4(struct stf_softc *sc, struct in_addr *in, struct ifnet *inifp) - { - struct in_ifaddr *ia4; - -@@ -608,20 +747,10 @@ stf_checkaddr4(sc, in, inifp) - } - - /* -- * reject packets with private address range. -- * (requirement from RFC3056 section 2 1st paragraph) -- */ -- if (isrfc1918addr(in)) -- return -1; -- -- /* - * reject packets with broadcast - */ - IN_IFADDR_RLOCK(); -- for (ia4 = TAILQ_FIRST(&V_in_ifaddrhead); -- ia4; -- ia4 = TAILQ_NEXT(ia4, ia_link)) -- { -+ TAILQ_FOREACH(ia4, &V_in_ifaddrhead, ia_link) { - if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) - continue; - if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { -@@ -640,7 +769,7 @@ stf_checkaddr4(sc, in, inifp) - - bzero(&sin, sizeof(sin)); - sin.sin_family = AF_INET; -- sin.sin_len = sizeof(struct sockaddr_in); -+ sin.sin_len = sizeof(sin); - sin.sin_addr = *in; - rt = rtalloc1_fib((struct sockaddr *)&sin, 0, - 0UL, sc->sc_fibnum); -@@ -661,10 +790,7 @@ stf_checkaddr4(sc, in, inifp) - } - - static int --stf_checkaddr6(sc, in6, inifp) -- struct stf_softc *sc; -- struct in6_addr *in6; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr6(struct stf_softc *sc, struct in6_addr *in6, struct ifnet *inifp) - { - /* - * check 6to4 addresses -@@ -688,9 +814,7 @@ stf_checkaddr6(sc, in6, inifp) - } - - void --in_stf_input(m, off) -- struct mbuf *m; -- int off; -+in_stf_input(struct mbuf *m, int off) - { - int proto; - struct stf_softc *sc; -@@ -698,6 +822,7 @@ in_stf_input(m, off) - struct ip6_hdr *ip6; - u_int8_t otos, itos; - struct ifnet *ifp; -+ struct route_in6 rin6; - - proto = mtod(m, struct ip *)->ip_p; - -@@ -721,6 +846,17 @@ in_stf_input(m, off) - mac_ifnet_create_mbuf(ifp, m); - #endif - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ip->ip_dst); -+ DEBUG_PRINTF(1, "%s: ip->ip_dst = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip->ip_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against outer src/dst. - * for source, perform ingress filter as well. -@@ -741,6 +877,17 @@ in_stf_input(m, off) - } - ip6 = mtod(m, struct ip6_hdr *); - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &ip6->ip6_dst); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_dst = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ip6->ip6_src); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against inner src/dst. - * for source, perform ingress filter as well. -@@ -751,6 +898,41 @@ in_stf_input(m, off) - return; - } - -+ /* -+ * reject packets with private address range. -+ * (requirement from RFC3056 section 2 1st paragraph) -+ */ -+ if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip->ip_src)) || -+ (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip->ip_dst))) { -+ m_freem(m); -+ return; -+ } -+ -+ /* -+ * Ignore if the destination is the same stf interface because -+ * all of valid IPv6 outgoing traffic should go interfaces -+ * except for it. -+ */ -+ memset(&rin6, 0, sizeof(rin6)); -+ rin6.ro_dst.sin6_len = sizeof(rin6.ro_dst); -+ rin6.ro_dst.sin6_family = AF_INET6; -+ memcpy(&rin6.ro_dst.sin6_addr, &ip6->ip6_dst, -+ sizeof(rin6.ro_dst.sin6_addr)); -+ rtalloc((struct route *)&rin6); -+ if (rin6.ro_rt == NULL) { -+ DEBUG_PRINTF(1, "%s: no IPv6 dst. Ignored.\n", __func__); -+ m_free(m); -+ return; -+ } -+ if ((rin6.ro_rt->rt_ifp == ifp) && -+ (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &rin6.ro_dst.sin6_addr))) { -+ DEBUG_PRINTF(1, "%s: IPv6 dst is the same stf. Ignored.\n", __func__); -+ RTFREE(rin6.ro_rt); -+ m_free(m); -+ return; -+ } -+ RTFREE(rin6.ro_rt); -+ - itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - if ((ifp->if_flags & IFF_LINK1) != 0) - ip_ecn_egress(ECN_ALLOWED, &otos, &itos); -@@ -760,7 +942,7 @@ in_stf_input(m, off) - ip6->ip6_flow |= htonl((u_int32_t)itos << 20); - - m->m_pkthdr.rcvif = ifp; -- -+ - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -773,6 +955,7 @@ in_stf_input(m, off) - bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); - } - -+ DEBUG_PRINTF(1, "%s: netisr_dispatch(NETISR_IPV6)\n", __func__); - /* - * Put the packet to the network layer input queue according to the - * specified address family. -@@ -787,27 +970,277 @@ in_stf_input(m, off) - - /* ARGSUSED */ - static void --stf_rtrequest(cmd, rt, info) -- int cmd; -- struct rtentry *rt; -- struct rt_addrinfo *info; -+stf_rtrequest(int cmd, struct rtentry *rt, struct rt_addrinfo *info) - { -+ - RT_LOCK_ASSERT(rt); - rt->rt_rmx.rmx_mtu = IPV6_MMTU; - } - -+/* Check whether we have at least one instance with IFF_UP. */ - static int --stf_ioctl(ifp, cmd, data) -- struct ifnet *ifp; -- u_long cmd; -- caddr_t data; -+stf_is_up(struct ifnet *ifp) -+{ -+ struct stf_softc *scp; -+ struct stf_softc *sc_cur; -+ struct stf_softc *sc_is_up; -+ -+ sc_is_up = NULL; -+ if ((sc_cur = ifp->if_softc) == NULL) -+ return (EINVAL); -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(scp, &V_stf_softc_list, stf_list) { -+ if (scp == sc_cur) -+ continue; -+ if ((STF2IFP(scp)->if_flags & IFF_UP) != 0) { -+ sc_is_up = scp; -+ break; -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ -+ /* We already has at least one instance with IFF_UP. */ -+ if (stf_is_up != NULL) -+ return (ENOSPC); -+ -+ return (0); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_in6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct in6_addr *in6) -+{ -+ struct sockaddr_in6 sin6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || in6 == NULL) -+ return NULL; -+ -+ memset(&sin6, 0, sizeof(sin6)); -+ memcpy(&sin6.sin6_addr, in6, sizeof(sin6.sin6_addr)); -+ sin6.sin6_len = sizeof(sin6); -+ sin6.sin6_family = AF_INET6; -+ -+ return(stf_getin4addr_sin6(sin, ifa, &sin6)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_sin6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct sockaddr_in6 *sin6) -+{ -+ struct in6_ifaddr ia6; -+ int i; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || sin6 == NULL) -+ return NULL; -+ -+ memset(&ia6, 0, sizeof(ia6)); -+ memcpy(&ia6, ifatoia6(ifa), sizeof(ia6)); -+ -+ /* -+ * Use prefixmask information from ifa, and -+ * address information from sin6. -+ */ -+ ia6.ia_addr.sin6_family = AF_INET6; -+ ia6.ia_ifa.ifa_addr = (struct sockaddr *)&ia6.ia_addr; -+ ia6.ia_ifa.ifa_dstaddr = NULL; -+ ia6.ia_ifa.ifa_netmask = (struct sockaddr *)&ia6.ia_prefixmask; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_addr.sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_prefixmask.sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ /* -+ * When (src addr & src mask) != (dst (sin6) addr & src mask), -+ * the dst is not in the 6rd domain. The IPv4 address must -+ * not be used. -+ */ -+ for (i = 0; i < sizeof(ia6.ia_addr.sin6_addr); i++) { -+ if ((((u_char *)&ia6.ia_addr.sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i]) -+ != -+ (((u_char *)&sin6->sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i])) -+ return NULL; -+ } -+ -+ /* After the mask check, overwrite ia6.ia_addr with sin6. */ -+ memcpy(&ia6.ia_addr, sin6, sizeof(ia6.ia_addr)); -+ return(stf_getin4addr(sin, (struct ifaddr *)&ia6, 0)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ int flags) -+{ -+ struct in_addr *in; -+ struct sockaddr_in6 *sin6; -+ struct in6_ifaddr *ia6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || -+ ifa->ifa_addr == NULL || -+ ifa->ifa_addr->sa_family != AF_INET6) -+ return NULL; -+ -+ sin6 = satosin6(ifa->ifa_addr); -+ ia6 = ifatoia6(ifa); -+ -+ if ((flags & STF_GETIN4_USE_CACHE) && -+ (ifa->ifa_dstaddr != NULL) && -+ (ifa->ifa_dstaddr->sa_family == AF_INET)) { -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ memcpy(sin, satosin(ifa->ifa_dstaddr), sizeof(*sin)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: cached address was used = %s\n", __func__, buf); -+ } -+#endif -+ return (sin); -+ } -+ memset(sin, 0, sizeof(*sin)); -+ in = &sin->sin_addr; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ bcopy(GET_V4(&sin6->sin6_addr), in, sizeof(*in)); -+ if (isrfc1918addr(in)) -+ return NULL; -+ } else { -+ /* 6rd (RFC 5569) */ -+ struct in6_addr buf; -+ u_char *p = (u_char *)&buf; -+ u_char *q = (u_char *)in; -+ u_int residue = 0; -+ u_char mask; -+ int i; -+ u_int plen; -+ -+ /* -+ * 6rd-relays IPv6 prefix is located at a 32-bit just -+ * after the prefix edge. -+ */ -+ plen = in6_mask2len(&satosin6(ifa->ifa_netmask)->sin6_addr, NULL); -+ if (32 < plen) -+ return NULL; -+ -+ memcpy(&buf, &sin6->sin6_addr, sizeof(buf)); -+ p += plen / 8; -+ residue = plen % 8; -+ mask = ~((u_char)(-1) >> residue); -+ -+ /* -+ * The p points head of the IPv4 address part in -+ * bytes. The residue is a bit-shift factor when -+ * prefixlen is not a multiple of 8. -+ */ -+ for (i = 0; i < 4; i++) { -+ DEBUG_PRINTF(2, "p[%d] = %d\n", i, p[i]); -+ DEBUG_PRINTF(2, "residue = %d\n", residue); -+ if (residue) { -+ p[i] <<= residue; -+ DEBUG_PRINTF(2, "p[%d] << residue = %d\n", -+ i, p[i]); -+ DEBUG_PRINTF(2, "mask = %x\n", -+ mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask = %d\n", -+ i, p[i + 1] & mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask >> (8 - residue) = %d\n", -+ i, (p[i + 1] & mask) >> (8-residue)); -+ p[i] |= ((p[i+1] & mask) >> (8 - residue)); -+ } -+ q[i] = p[i]; -+ } -+ } -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, in); -+ DEBUG_PRINTF(1, "%s: in->in_addr = %s\n", __func__, buf); -+ DEBUG_PRINTF(1, "%s: leave\n", __func__); -+ } -+#endif -+ if (flags & STF_GETIN4_USE_CACHE) { -+ DEBUG_PRINTF(1, "%s: try to access ifa->ifa_dstaddr.\n", __func__); -+ ifa->ifa_dstaddr = (struct sockaddr *)&ia6->ia_dstaddr; -+ DEBUG_PRINTF(1, "%s: try to memset 0 to ia_dstaddr.\n", __func__); -+ memset(&ia6->ia_dstaddr, 0, sizeof(ia6->ia_dstaddr)); -+ DEBUG_PRINTF(1, "%s: try to memcpy ifa->ifa_dstaddr.\n", __func__); -+ memcpy((struct sockaddr_in *)ifa->ifa_dstaddr, -+ sin, sizeof(struct sockaddr_in)); -+ DEBUG_PRINTF(1, "%s: try to set sa_family.\n", __func__); -+ ifa->ifa_dstaddr->sa_family = AF_INET; -+ DEBUG_PRINTF(1, "%s: in->in_addr is stored in ifa_dstaddr.\n", -+ __func__); -+ } -+ return (sin); -+} -+ -+static int -+stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) - { - struct ifaddr *ifa; - struct ifreq *ifr; -- struct sockaddr_in6 *sin6; -- struct in_addr addr; -+ struct sockaddr_in in4; - int error; - -+ /* -+ * Sanity check: if more than two interfaces have IFF_UP, do -+ * if_down() for all of them except for the specified one. -+ */ -+ if (ifp->if_flags & IFF_UP) { -+ struct stf_softc *sc_cur = ifp->if_softc; -+ struct stf_softc *sc; -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(sc, &V_stf_softc_list, stf_list) { -+ if (sc == sc_cur) -+ continue; -+ if ((STF2IFP(sc)->if_flags & IFF_UP) != 0) { -+ if_printf(STF2IFP(sc), -+ "marked as DOWN because at least " -+ "one instance of stf(4) is already " -+ "working.\n"); -+ if_down(STF2IFP(sc)); -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ } -+ - error = 0; - switch (cmd) { - case SIOCSIFADDR: -@@ -816,17 +1249,16 @@ stf_ioctl(ifp, cmd, data) - error = EAFNOSUPPORT; - break; - } -- sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ if (stf_getin4addr(&in4, ifa, 0) == NULL) { - error = EINVAL; - break; - } -- bcopy(GET_V4(&sin6->sin6_addr), &addr, sizeof(addr)); -- if (isrfc1918addr(&addr)) { -- error = EINVAL; -- break; -- } -- -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ if (ifa->ifa_dstaddr != NULL) -+ ifa->ifa_dstaddr->sa_family = AF_UNSPEC; - ifa->ifa_rtrequest = stf_rtrequest; - ifp->if_flags |= IFF_UP; - break; diff --git a/net/stf-6rd-kmod/files-9/patch-aa b/net/stf-6rd-kmod/files-9/patch-aa deleted file mode 100644 index 30e24d3fb4fb..000000000000 --- a/net/stf-6rd-kmod/files-9/patch-aa +++ /dev/null @@ -1,1327 +0,0 @@ -diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4 -index 5e32763..33dbab9 100644 ---- a/share/man/man4/stf.4 -+++ b/share/man/man4/stf.4 -@@ -1,6 +1,7 @@ - .\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $ - .\" - .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. -+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - .\" All rights reserved. - .\" - .\" Redistribution and use in source and binary forms, with or without -@@ -42,21 +43,11 @@ tunnel interface - .Sh DESCRIPTION - The - .Nm --interface supports --.Dq 6to4 --IPv6 in IPv4 encapsulation. --It can tunnel IPv6 traffic over IPv4, as specified in --.Li RFC3056 . --.Pp --For ordinary nodes in 6to4 site, you do not need --.Nm --interface. --The --.Nm --interface is necessary for site border router --(called --.Dq 6to4 router --in the specification). -+interface supports IPv6 in IPv4 encapsulation by -+tunneling IPv6 traffic over IPv4, as specified in -+.Li RFC3056 Pq 6to4 -+and -+.Li RFC5569 Pq 6rd . - .Pp - Each - .Nm -@@ -72,12 +63,28 @@ variable in - .Pp - Due to the way 6to4 protocol is specified, - .Nm --interface requires certain configuration to work properly. -+interface requires certain configuration to work properly. Two -+different protocols defined in RFC3056 and RFC5569 are basically the -+same as each other except for address handling, so -+.Nm -+decides its behavior based on the configured IPv6 addresses as -+explained in the following. -+The -+.Nm -+interface can be configured with multiple IPv6 addresses including -+both 6to4 and 6rd. -+.Sh RFC3056 (a.k.a. 6to4) - Single --(no more than 1) --valid 6to4 address needs to be configured to the interface. --.Dq A valid 6to4 address --is an address which has the following properties. -+.Pq no more than 1 valid 6to4 address needs to be configured to the interface. -+.Dq a valid 6to4 address -+is an address which has the following properties. For ordinary nodes -+in 6to4 site, you do not need -+.Nm -+interface; it is necessary only for site border router -+(called -+.Dq 6to4 router -+in the specification). -+.Pp - If any of the following properties are not satisfied, - .Nm - raises runtime error on packet transmission. -@@ -110,6 +117,78 @@ you may want to configure IPv6 prefix length as - .Nm - interface will check the IPv4 source address on packets, - if the IPv6 prefix length is larger than 16. -+.Sh RFC5569 (a.k.a. 6rd) -+The -+.Nm -+interface works in the 6rd mode when one or more IPv6 addresses that -+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length -+equal to or shorter than 64. In 6rd protocol, an IPv6 address -+.Li 2001:db8:c000:205::1/32 -+means the following, for example: -+.Bl -bullet -+.It -+The 6rd relay prefix is -+.Li 2001:db8::/32 . -+.It -+The 6rd router's IPv4 address is -+.Li 192.0.2.5 . -+.El -+.Pp -+As you can see the IPv4 address is embedded in the IPv6 address just -+after the prefix. While you can choose an IPv6 prefix length other -+than 32, it must be from 0 to 32. -+.Pp -+Assuming this address is configured on the -+.Nm -+interface, it does the following: -+.Bl -bullet -+.It -+An incoming IPv6 packet on -+.Nm -+will be encapsuled in an IPv4 packet with the source address -+.Li 192.0.2.5 -+and then the IPv4 packet is delivered based on the IPv4 routing table. -+The IPv4 destination address is calculated from the destination -+address of the original IPv6 packet in the same way as the source. -+.It -+An incoming IPv4 packet which encapsules an IPv6 packet whose -+destination address matches a 6rd prefix with embedded IPv4 address -+configured on the -+.Nm -+interface, the IPv6 packet will be decapsulated and delivered based on -+the IPv6 routing table. Note that -+.Nm -+interface normally has a route which covers whole range of a 6rd relay -+prefix, the delivered IPv6 packet can return to -+.Nm -+if there is no more specific route. In that case, the returned packet -+will be discarded silently. -+.El -+.\" XXX: example configuration will be added -+.\" .Pp -+.\" By using this interface, you can configure a 6rd domain. For simplicity, -+.\" we assume the following here: -+.\" .Bl -bullet -+.\" .It -+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access -+.\" toward network of his Internet Service Provider. The Customer has -+.\" a router called -+.\" .Dq CE Pq Customer Edge -+.\" Router, which can communicate between his LAN and the ISP over IPv4 -+.\" and encapsulate -+.\" his networks. -+.\" .It -+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd -+.\" protocol. The Provider offers access to a router called -+.\" .Dq PE Pq Provider Edge -+.\" Router, which can communicate with -+.\" .El -+.\" .Pp -+.\" A 6rd customer -+.\" needs to configure -+.\" .Nm -+.\" on his CE (Customer Edge) router. -+.Sh Other Functionality of the Interface - .Pp - .Nm - can be configured to be ECN friendly. -@@ -147,9 +226,6 @@ Packets with IPv4 multicast address as outer IPv4 source/destination - Packets with limited broadcast address as outer IPv4 source/destination - .Pq Li 255.0.0.0/8 - .It --Packets with private address as outer IPv4 source/destination --.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 --.It - Packets with subnet broadcast address as outer IPv4 source/destination. - The check is made against subnet broadcast addresses for - all of the directly connected subnets. -@@ -164,6 +240,11 @@ The same set of rules are applied against the IPv4 address embedded into - inner IPv6 address, if the IPv6 address matches 6to4 prefix. - .El - .Pp -+In addition to them, packets with private address as outer IPv4 -+source/destination -+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16 -+are filtered out only in the 6to4 mode. -+.Pp - It is recommended to filter/audit - incoming IPv4 packet with IP protocol number 41, as necessary. - It is also recommended to filter/audit encapsulated IPv6 packets as well. -diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c -index b4195bf..9630a86 100644 ---- a/sys/net/if_stf.c -+++ b/sys/net/if_stf.c -@@ -3,6 +3,7 @@ - - /*- - * Copyright (C) 2000 WIDE Project. -+ * Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -31,7 +32,7 @@ - */ - - /* -- * 6to4 interface, based on RFC3056. -+ * 6to4 interface, based on RFC3056 + 6rd (RFC5569) support. - * - * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting. - * There is no address mapping defined from IPv6 multicast address to IPv4 -@@ -60,7 +61,7 @@ - * ICMPv6: - * - Redirects cannot be used due to the lack of link-local address. - * -- * stf interface does not have, and will not need, a link-local address. -+ * stf interface does not have, and will not need, a link-local address. - * It seems to have no real benefit and does not help the above symptoms much. - * Even if we assign link-locals to interface, we cannot really - * use link-local unicast/multicast on top of 6to4 cloud (since there's no -@@ -72,6 +73,12 @@ - * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt - * for details. The code tries to filter out some of malicious packets. - * Note that there is no way to be 100% secure. -+ * -+ * 6rd (RFC5569) extension is enabled when an IPv6 GUA other than -+ * 2002::/16 is assigned. The stf(4) recognizes a 32-bit just after -+ * prefixlen as the IPv4 address of the 6rd customer site. The -+ * prefixlen must be shorter than 32. -+ * - */ - - #include "opt_inet.h" -@@ -120,12 +127,39 @@ - - #include <security/mac/mac_framework.h> - -+#define STF_DEBUG 1 -+#define ip_sprintf(buf, a) \ -+ sprintf(buf, "%d.%d.%d.%d", \ -+ (ntohl((a)->s_addr)>>24)&0xFF, \ -+ (ntohl((a)->s_addr)>>16)&0xFF, \ -+ (ntohl((a)->s_addr)>>8)&0xFF, \ -+ (ntohl((a)->s_addr))&0xFF); -+#if STF_DEBUG -+#define DEBUG_PRINTF(a, ...) \ -+ do { \ -+ if (V_stf_debug >= a) \ -+ printf(__VA_ARGS__); \ -+ } while (0) -+#else -+#define DEBUG_PRINTF(a, ...) -+#endif -+ - SYSCTL_DECL(_net_link); - static SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface"); - --static int stf_route_cache = 1; --SYSCTL_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -- &stf_route_cache, 0, "Caching of IPv4 routes for 6to4 Output"); -+static VNET_DEFINE(int, stf_route_cache) = 1; -+#define V_stf_route_cache VNET(stf_route_cache) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, -+ &VNET_NAME(stf_route_cache), 0, -+ "Enable caching of IPv4 routes for 6to4 output."); -+ -+#if STF_DEBUG -+static VNET_DEFINE(int, stf_debug) = 0; -+#define V_stf_debug VNET(stf_debug) -+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, stf_debug, CTLFLAG_RW, -+ &VNET_NAME(stf_debug), 0, -+ "Enable displaying verbose debug message of stf interfaces"); -+#endif - - static int stf_permit_rfc1918 = 0; - TUNABLE_INT("net.link.stf.permit_rfc1918", &stf_permit_rfc1918); -@@ -133,7 +167,6 @@ SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RW | CTLFLAG_TUN, - &stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses"); - - #define STFNAME "stf" --#define STFUNIT 0 - - #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) - -@@ -150,17 +183,26 @@ struct stf_softc { - struct route_in6 __sc_ro6; /* just for safety */ - } __sc_ro46; - #define sc_ro __sc_ro46.__sc_ro4 -- struct mtx sc_ro_mtx; -+ struct mtx sc_mtx; - u_int sc_fibnum; - const struct encaptab *encap_cookie; -+ u_int sc_flags; -+ LIST_ENTRY(stf_softc) stf_list; - }; - #define STF2IFP(sc) ((sc)->sc_ifp) - --/* -- * Note that mutable fields in the softc are not currently locked. -- * We do lock sc_ro in stf_output though. -- */ -+static struct mtx stf_mtx; - static MALLOC_DEFINE(M_STF, STFNAME, "6to4 Tunnel Interface"); -+static VNET_DEFINE(LIST_HEAD(, stf_softc), stf_softc_list); -+#define V_stf_softc_list VNET(stf_softc_list) -+ -+#define STF_LOCK_INIT(sc) mtx_init(&(sc)->sc_mtx, "stf softc", \ -+ NULL, MTX_DEF); -+#define STF_LOCK_DESTROY(sc) mtx_destroy(&(sc)->sc_mtx) -+#define STF_LOCK(sc) mtx_lock(&(sc)->sc_mtx) -+#define STF_UNLOCK(sc) mtx_unlock(&(sc)->sc_mtx) -+#define STF_LOCK_ASSERT(sc) mtx_assert(&(sc)->sc_mtx, MA_OWNED) -+ - static const int ip_stf_ttl = 40; - - extern struct domain inetdomain; -@@ -175,8 +217,6 @@ struct protosw in_stf_protosw = { - .pr_usrreqs = &rip_usrreqs - }; - --static char *stfnames[] = {"stf0", "stf", "6to4", NULL}; -- - static int stfmodevent(module_t, int, void *); - static int stf_encapcheck(const struct mbuf *, int, int, void *); - static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *); -@@ -189,68 +229,45 @@ static int stf_checkaddr6(struct stf_softc *, struct in6_addr *, - struct ifnet *); - static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *); - static int stf_ioctl(struct ifnet *, u_long, caddr_t); -- --static int stf_clone_match(struct if_clone *, const char *); --static int stf_clone_create(struct if_clone *, char *, size_t, caddr_t); --static int stf_clone_destroy(struct if_clone *, struct ifnet *); --struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0, -- NULL, stf_clone_match, stf_clone_create, stf_clone_destroy); -+static int stf_is_up(struct ifnet *); -+ -+#define STF_GETIN4_USE_CACHE 1 -+static struct sockaddr_in *stf_getin4addr(struct sockaddr_in *, -+ struct ifaddr *, -+ int); -+static struct sockaddr_in *stf_getin4addr_in6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct in6_addr *); -+static struct sockaddr_in *stf_getin4addr_sin6(struct sockaddr_in *, -+ struct ifaddr *, -+ struct sockaddr_in6 *); -+static int stf_clone_create(struct if_clone *, int, caddr_t); -+static void stf_clone_destroy(struct ifnet *); -+ -+IFC_SIMPLE_DECLARE(stf, 0); - - static int --stf_clone_match(struct if_clone *ifc, const char *name) -+stf_clone_create(struct if_clone *ifc, int unit, caddr_t params) - { -- int i; -- -- for(i = 0; stfnames[i] != NULL; i++) { -- if (strcmp(stfnames[i], name) == 0) -- return (1); -- } -- -- return (0); --} -- --static int --stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) --{ -- int err, unit; - struct stf_softc *sc; - struct ifnet *ifp; - -- /* -- * We can only have one unit, but since unit allocation is -- * already locked, we use it to keep from allocating extra -- * interfaces. -- */ -- unit = STFUNIT; -- err = ifc_alloc_unit(ifc, &unit); -- if (err != 0) -- return (err); -- - sc = malloc(sizeof(struct stf_softc), M_STF, M_WAITOK | M_ZERO); -+ sc->sc_fibnum = curthread->td_proc->p_fibnum; - ifp = STF2IFP(sc) = if_alloc(IFT_STF); -- if (ifp == NULL) { -+ if (sc->sc_ifp == NULL) { - free(sc, M_STF); -- ifc_free_unit(ifc, unit); -- return (ENOSPC); -+ return (ENOMEM); - } -+ STF_LOCK_INIT(sc); - ifp->if_softc = sc; -- sc->sc_fibnum = curthread->td_proc->p_fibnum; -+ if_initname(ifp, ifc->ifc_name, unit); - -- /* -- * Set the name manually rather then using if_initname because -- * we don't conform to the default naming convention for interfaces. -- */ -- strlcpy(ifp->if_xname, name, IFNAMSIZ); -- ifp->if_dname = ifc->ifc_name; -- ifp->if_dunit = IF_DUNIT_NONE; -- -- mtx_init(&(sc)->sc_ro_mtx, "stf ro", NULL, MTX_DEF); - sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6, - stf_encapcheck, &in_stf_protosw, sc); - if (sc->encap_cookie == NULL) { - if_printf(ifp, "attach failed\n"); - free(sc, M_STF); -- ifc_free_unit(ifc, unit); - return (ENOMEM); - } - -@@ -260,41 +277,57 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) - ifp->if_snd.ifq_maxlen = ifqmaxlen; - if_attach(ifp); - bpfattach(ifp, DLT_NULL, sizeof(u_int32_t)); -+ -+ mtx_lock(&stf_mtx); -+ LIST_INSERT_HEAD(&V_stf_softc_list, sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - return (0); - } - --static int --stf_clone_destroy(struct if_clone *ifc, struct ifnet *ifp) -+static void -+stf_clone_destroy(struct ifnet *ifp) - { - struct stf_softc *sc = ifp->if_softc; - int err; - -+ mtx_lock(&stf_mtx); -+ LIST_REMOVE(sc, stf_list); -+ mtx_unlock(&stf_mtx); -+ - err = encap_detach(sc->encap_cookie); - KASSERT(err == 0, ("Unexpected error detaching encap_cookie")); -- mtx_destroy(&(sc)->sc_ro_mtx); - bpfdetach(ifp); - if_detach(ifp); - if_free(ifp); - -+ STF_LOCK_DESTROY(sc); - free(sc, M_STF); -- ifc_free_unit(ifc, STFUNIT); - -- return (0); -+ return; -+} -+ -+static void -+vnet_stf_init(const void *unused __unused) -+{ -+ -+ LIST_INIT(&V_stf_softc_list); - } -+VNET_SYSINIT(vnet_stf_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_stf_init, -+ NULL); - - static int --stfmodevent(mod, type, data) -- module_t mod; -- int type; -- void *data; -+stfmodevent(module_t mod, int type, void *data) - { - - switch (type) { - case MOD_LOAD: -+ mtx_init(&stf_mtx, "stf_mtx", NULL, MTX_DEF); - if_clone_attach(&stf_cloner); - break; - case MOD_UNLOAD: - if_clone_detach(&stf_cloner); -+ mtx_destroy(&stf_mtx); - break; - default: - return (EOPNOTSUPP); -@@ -310,28 +343,31 @@ static moduledata_t stf_mod = { - }; - - DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); -+MODULE_VERSION(if_stf, 1); - - static int --stf_encapcheck(m, off, proto, arg) -- const struct mbuf *m; -- int off; -- int proto; -- void *arg; -+stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg) - { - struct ip ip; - struct in6_ifaddr *ia6; -+ struct sockaddr_in ia6_in4addr; -+ struct sockaddr_in ia6_in4mask; -+ struct sockaddr_in *sin; - struct stf_softc *sc; -- struct in_addr a, b, mask; -+ struct ifnet *ifp; -+ int ret = 0; - -+ DEBUG_PRINTF(1, "%s: enter\n", __func__); - sc = (struct stf_softc *)arg; - if (sc == NULL) - return 0; -+ ifp = STF2IFP(sc); - -- if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) -+ if ((ifp->if_flags & IFF_UP) == 0) - return 0; - - /* IFF_LINK0 means "no decapsulation" */ -- if ((STF2IFP(sc)->if_flags & IFF_LINK0) != 0) -+ if ((ifp->if_flags & IFF_LINK0) != 0) - return 0; - - if (proto != IPPROTO_IPV6) -@@ -343,86 +379,162 @@ stf_encapcheck(m, off, proto, arg) - if (ip.ip_v != 4) - return 0; - -- ia6 = stf_getsrcifa6(STF2IFP(sc)); -+ /* Lookup an ia6 whose IPv4 addr encoded in the IPv6 addr is valid. */ -+ ia6 = stf_getsrcifa6(ifp); - if (ia6 == NULL) - return 0; -+ sin = stf_getin4addr(&ia6_in4addr, &ia6->ia_ifa, STF_GETIN4_USE_CACHE); -+ if (sin == NULL) -+ return 0; - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_netmask)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_netmask = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6->ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", __func__, buf); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6_in4addr.sin_addr = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip.ip_dst); -+ DEBUG_PRINTF(1, "%s: ip.ip_dst = %s\n", __func__, buf); -+ } -+#endif - /* - * check if IPv4 dst matches the IPv4 address derived from the - * local 6to4 address. - * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... - */ -- if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, -- sizeof(ip.ip_dst)) != 0) { -- ifa_free(&ia6->ia_ifa); -- return 0; -+ DEBUG_PRINTF(1, "%s: check1: ia6_in4addr.sin_addr == ip.ip_dst?\n", __func__); -+ if (ia6_in4addr.sin_addr.s_addr != ip.ip_dst.s_addr) { -+ DEBUG_PRINTF(1, "%s: check1: false. Ignore this packet.\n", __func__); -+ goto freeit; - } - -- /* -- * check if IPv4 src matches the IPv4 address derived from the -- * local 6to4 address masked by prefixmask. -- * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -- * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -- */ -- bzero(&a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_addr.sin6_addr), &a, sizeof(a)); -- bcopy(GET_V4(&ia6->ia_prefixmask.sin6_addr), &mask, sizeof(mask)); -- ifa_free(&ia6->ia_ifa); -- a.s_addr &= mask.s_addr; -- b = ip.ip_src; -- b.s_addr &= mask.s_addr; -- if (a.s_addr != b.s_addr) -- return 0; -+ DEBUG_PRINTF(1, "%s: check2: ia6->ia_addr is 2002::/16?\n", __func__); -+ if (IN6_IS_ADDR_6TO4(&ia6->ia_addr.sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ /* -+ * check if IPv4 src matches the IPv4 address derived -+ * from the local 6to4 address masked by prefixmask. -+ * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 -+ * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 -+ */ -+ DEBUG_PRINTF(1, "%s: check2: true.\n", __func__); -+ -+ memcpy(&ia6_in4mask.sin_addr, -+ GET_V4(&ia6->ia_prefixmask.sin6_addr), -+ sizeof(ia6_in4mask)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ia6_in4addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ip.ip_src); -+ DEBUG_PRINTF(1, "%s: ip.ip_src = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia6_in4mask.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia6->ia_prefixmask = %s\n", -+ __func__, buf); -+ -+ DEBUG_PRINTF(1, "%s: check3: ia6_in4addr.sin_addr & mask == ip.ip_src & mask\n", -+ __func__); -+ } -+#endif - -+ if ((ia6_in4addr.sin_addr.s_addr & ia6_in4mask.sin_addr.s_addr) != -+ (ip.ip_src.s_addr & ia6_in4mask.sin_addr.s_addr)) { -+ DEBUG_PRINTF(1, "%s: check3: false. Ignore this packet.\n", -+ __func__); -+ goto freeit; -+ } -+ } else { -+ /* 6rd (RFC 5569) */ -+ DEBUG_PRINTF(1, "%s: check2: false. 6rd.\n", __func__); -+ /* -+ * No restriction on the src address in the case of -+ * 6rd because the stf(4) interface always has a -+ * prefix which covers whole of IPv4 src address -+ * range. So, stf_output() will catch all of -+ * 6rd-capsuled IPv4 traffic with suspicious inner dst -+ * IPv4 address (i.e. the IPv6 destination address is -+ * one the admin does not like to route to outside), -+ * and then it discard them silently. -+ */ -+ } -+ DEBUG_PRINTF(1, "%s: all clear!\n", __func__); - /* stf interface makes single side match only */ -- return 32; -+ ret = 32; -+freeit: -+ ifa_free(&ia6->ia_ifa); -+ -+ return (ret); - } - - static struct in6_ifaddr * --stf_getsrcifa6(ifp) -- struct ifnet *ifp; -+stf_getsrcifa6(struct ifnet *ifp) - { -- struct ifaddr *ia; -+ struct ifaddr *ifa; - struct in_ifaddr *ia4; -- struct sockaddr_in6 *sin6; -- struct in_addr in; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - - if_addr_rlock(ifp); -- TAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { -- if (ia->ifa_addr->sa_family != AF_INET6) -+ TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { -+ if (ifa->ifa_addr->sa_family != AF_INET6) - continue; -- sin6 = (struct sockaddr_in6 *)ia->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) -+ if ((sin = stf_getin4addr(&in4, ifa, -+ STF_GETIN4_USE_CACHE)) == NULL) - continue; -- -- bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); -- LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) -- if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) -+ LIST_FOREACH(ia4, INADDR_HASH(sin->sin_addr.s_addr), ia_hash) -+ if (ia4->ia_addr.sin_addr.s_addr == sin->sin_addr.s_addr) - break; - if (ia4 == NULL) - continue; - -- ifa_ref(ia); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr); -+ DEBUG_PRINTF(1, "%s: ifa->ifa_addr->sin6_addr = %s\n", -+ __func__, buf); -+ ip_sprintf(buf, &ia4->ia_addr.sin_addr); -+ DEBUG_PRINTF(1, "%s: ia4->ia_addr.sin_addr = %s\n", -+ __func__, buf); -+ } -+#endif -+ ifa_ref(ifa); - if_addr_runlock(ifp); -- return (struct in6_ifaddr *)ia; -+ return (ifatoia6(ifa)); - } - if_addr_runlock(ifp); - -+ - return NULL; - } - - static int --stf_output(ifp, m, dst, ro) -- struct ifnet *ifp; -- struct mbuf *m; -- struct sockaddr *dst; -- struct route *ro; -+stf_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct route *ro) - { - struct stf_softc *sc; - struct sockaddr_in6 *dst6; - struct route *cached_route; -- struct in_addr in4; -- caddr_t ptr; -+ struct sockaddr_in *sin; -+ struct sockaddr_in in4; - struct sockaddr_in *dst4; - u_int8_t tos; - struct ip *ip; -@@ -484,20 +596,28 @@ stf_output(ifp, m, dst, ro) - /* - * Pickup the right outer dst addr from the list of candidates. - * ip6_dst has priority as it may be able to give us shorter IPv4 hops. -+ * ip6_dst: destination addr in the packet header. -+ * dst6: destination addr specified in function argument. - */ -- ptr = NULL; -- if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) -- ptr = GET_V4(&ip6->ip6_dst); -- else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) -- ptr = GET_V4(&dst6->sin6_addr); -- else { -+ DEBUG_PRINTF(1, "%s: dst addr selection\n", __func__); -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &ip6->ip6_dst); -+ if (sin == NULL) -+ sin = stf_getin4addr_in6(&in4, &ia6->ia_ifa, &dst6->sin6_addr); -+ if (sin == NULL) { - ifa_free(&ia6->ia_ifa); - m_freem(m); - ifp->if_oerrors++; - return ENETUNREACH; - } -- bcopy(ptr, &in4, sizeof(in4)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: ip_dst = %s\n", __func__, buf); -+ } -+#endif - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -521,11 +641,26 @@ stf_output(ifp, m, dst, ro) - ip = mtod(m, struct ip *); - - bzero(ip, sizeof(*ip)); -+ bcopy(&in4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); -+ -+ sin = stf_getin4addr_sin6(&in4, &ia6->ia_ifa, &ia6->ia_addr); -+ if (sin == NULL) { -+ ifa_free(&ia6->ia_ifa); -+ m_freem(m); -+ ifp->if_oerrors++; -+ return ENETUNREACH; -+ } -+ bcopy(&in4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); - -- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), -- &ip->ip_src, sizeof(ip->ip_src)); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip_src = %s\n", __func__, buf); -+ } -+#endif - ifa_free(&ia6->ia_ifa); -- bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); - ip->ip_p = IPPROTO_IPV6; - ip->ip_ttl = ip_stf_ttl; - ip->ip_len = m->m_pkthdr.len; /*host order*/ -@@ -534,7 +669,7 @@ stf_output(ifp, m, dst, ro) - else - ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); - -- if (!stf_route_cache) { -+ if (!V_stf_route_cache) { - cached_route = NULL; - goto sendit; - } -@@ -542,7 +677,7 @@ stf_output(ifp, m, dst, ro) - /* - * Do we have a cached route? - */ -- mtx_lock(&(sc)->sc_ro_mtx); -+ STF_LOCK(sc); - dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst; - if (dst4->sin_family != AF_INET || - bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) { -@@ -560,8 +695,15 @@ stf_output(ifp, m, dst, ro) - rtalloc_fib(&sc->sc_ro, sc->sc_fibnum); - if (sc->sc_ro.ro_rt == NULL) { - m_freem(m); -- mtx_unlock(&(sc)->sc_ro_mtx); - ifp->if_oerrors++; -+ STF_UNLOCK(sc); -+ return ENETUNREACH; -+ } -+ if (sc->sc_ro.ro_rt->rt_ifp == ifp) { -+ /* infinite loop detection */ -+ m_free(m); -+ ifp->if_oerrors++; -+ STF_UNLOCK(sc); - return ENETUNREACH; - } - } -@@ -570,35 +712,32 @@ stf_output(ifp, m, dst, ro) - sendit: - M_SETFIB(m, sc->sc_fibnum); - ifp->if_opackets++; -+ DEBUG_PRINTF(1, "%s: ip_output dispatch.\n", __func__); - error = ip_output(m, NULL, cached_route, 0, NULL, NULL); - - if (cached_route != NULL) -- mtx_unlock(&(sc)->sc_ro_mtx); -+ STF_UNLOCK(sc); - return error; - } - - static int --isrfc1918addr(in) -- struct in_addr *in; -+isrfc1918addr(struct in_addr *in) - { - /* - * returns 1 if private address range: - * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - */ - if (stf_permit_rfc1918 == 0 && ( -- (ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || -- (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || -- (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)) -+ (ntohl(in->s_addr) & 0xff000000) == 10 << 24 || -+ (ntohl(in->s_addr) & 0xfff00000) == (172 * 256 + 16) << 16 || -+ (ntohl(in->s_addr) & 0xffff0000) == (192 * 256 + 168) << 16 )) - return 1; - - return 0; - } - - static int --stf_checkaddr4(sc, in, inifp) -- struct stf_softc *sc; -- struct in_addr *in; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr4(struct stf_softc *sc, struct in_addr *in, struct ifnet *inifp) - { - struct in_ifaddr *ia4; - -@@ -614,20 +753,10 @@ stf_checkaddr4(sc, in, inifp) - } - - /* -- * reject packets with private address range. -- * (requirement from RFC3056 section 2 1st paragraph) -- */ -- if (isrfc1918addr(in)) -- return -1; -- -- /* - * reject packets with broadcast - */ - IN_IFADDR_RLOCK(); -- for (ia4 = TAILQ_FIRST(&V_in_ifaddrhead); -- ia4; -- ia4 = TAILQ_NEXT(ia4, ia_link)) -- { -+ TAILQ_FOREACH(ia4, &V_in_ifaddrhead, ia_link) { - if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) - continue; - if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { -@@ -646,7 +775,7 @@ stf_checkaddr4(sc, in, inifp) - - bzero(&sin, sizeof(sin)); - sin.sin_family = AF_INET; -- sin.sin_len = sizeof(struct sockaddr_in); -+ sin.sin_len = sizeof(sin); - sin.sin_addr = *in; - rt = rtalloc1_fib((struct sockaddr *)&sin, 0, - 0UL, sc->sc_fibnum); -@@ -667,10 +796,7 @@ stf_checkaddr4(sc, in, inifp) - } - - static int --stf_checkaddr6(sc, in6, inifp) -- struct stf_softc *sc; -- struct in6_addr *in6; -- struct ifnet *inifp; /* incoming interface */ -+stf_checkaddr6(struct stf_softc *sc, struct in6_addr *in6, struct ifnet *inifp) - { - /* - * check 6to4 addresses -@@ -694,9 +820,7 @@ stf_checkaddr6(sc, in6, inifp) - } - - void --in_stf_input(m, off) -- struct mbuf *m; -- int off; -+in_stf_input(struct mbuf *m, int off) - { - int proto; - struct stf_softc *sc; -@@ -704,6 +828,7 @@ in_stf_input(m, off) - struct ip6_hdr *ip6; - u_int8_t otos, itos; - struct ifnet *ifp; -+ struct route_in6 rin6; - - proto = mtod(m, struct ip *)->ip_p; - -@@ -727,6 +852,17 @@ in_stf_input(m, off) - mac_ifnet_create_mbuf(ifp, m); - #endif - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &ip->ip_dst); -+ DEBUG_PRINTF(1, "%s: ip->ip_dst = %s\n", __func__, buf); -+ ip_sprintf(buf, &ip->ip_src); -+ DEBUG_PRINTF(1, "%s: ip->ip_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against outer src/dst. - * for source, perform ingress filter as well. -@@ -747,6 +883,17 @@ in_stf_input(m, off) - } - ip6 = mtod(m, struct ip6_hdr *); - -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &ip6->ip6_dst); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_dst = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ip6->ip6_src); -+ DEBUG_PRINTF(1, "%s: ip6->ip6_src = %s\n", __func__, buf); -+ } -+#endif - /* - * perform sanity check against inner src/dst. - * for source, perform ingress filter as well. -@@ -757,6 +904,41 @@ in_stf_input(m, off) - return; - } - -+ /* -+ * reject packets with private address range. -+ * (requirement from RFC3056 section 2 1st paragraph) -+ */ -+ if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip->ip_src)) || -+ (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip->ip_dst))) { -+ m_freem(m); -+ return; -+ } -+ -+ /* -+ * Ignore if the destination is the same stf interface because -+ * all of valid IPv6 outgoing traffic should go interfaces -+ * except for it. -+ */ -+ memset(&rin6, 0, sizeof(rin6)); -+ rin6.ro_dst.sin6_len = sizeof(rin6.ro_dst); -+ rin6.ro_dst.sin6_family = AF_INET6; -+ memcpy(&rin6.ro_dst.sin6_addr, &ip6->ip6_dst, -+ sizeof(rin6.ro_dst.sin6_addr)); -+ rtalloc((struct route *)&rin6); -+ if (rin6.ro_rt == NULL) { -+ DEBUG_PRINTF(1, "%s: no IPv6 dst. Ignored.\n", __func__); -+ m_free(m); -+ return; -+ } -+ if ((rin6.ro_rt->rt_ifp == ifp) && -+ (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &rin6.ro_dst.sin6_addr))) { -+ DEBUG_PRINTF(1, "%s: IPv6 dst is the same stf. Ignored.\n", __func__); -+ RTFREE(rin6.ro_rt); -+ m_free(m); -+ return; -+ } -+ RTFREE(rin6.ro_rt); -+ - itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - if ((ifp->if_flags & IFF_LINK1) != 0) - ip_ecn_egress(ECN_ALLOWED, &otos, &itos); -@@ -766,7 +948,7 @@ in_stf_input(m, off) - ip6->ip6_flow |= htonl((u_int32_t)itos << 20); - - m->m_pkthdr.rcvif = ifp; -- -+ - if (bpf_peers_present(ifp->if_bpf)) { - /* - * We need to prepend the address family as -@@ -779,6 +961,7 @@ in_stf_input(m, off) - bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); - } - -+ DEBUG_PRINTF(1, "%s: netisr_dispatch(NETISR_IPV6)\n", __func__); - /* - * Put the packet to the network layer input queue according to the - * specified address family. -@@ -793,27 +976,277 @@ in_stf_input(m, off) - - /* ARGSUSED */ - static void --stf_rtrequest(cmd, rt, info) -- int cmd; -- struct rtentry *rt; -- struct rt_addrinfo *info; -+stf_rtrequest(int cmd, struct rtentry *rt, struct rt_addrinfo *info) - { -+ - RT_LOCK_ASSERT(rt); - rt->rt_rmx.rmx_mtu = rt->rt_ifp->if_mtu; - } - -+/* Check whether we have at least one instance with IFF_UP. */ - static int --stf_ioctl(ifp, cmd, data) -- struct ifnet *ifp; -- u_long cmd; -- caddr_t data; -+stf_is_up(struct ifnet *ifp) -+{ -+ struct stf_softc *scp; -+ struct stf_softc *sc_cur; -+ struct stf_softc *sc_is_up; -+ -+ sc_is_up = NULL; -+ if ((sc_cur = ifp->if_softc) == NULL) -+ return (EINVAL); -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(scp, &V_stf_softc_list, stf_list) { -+ if (scp == sc_cur) -+ continue; -+ if ((STF2IFP(scp)->if_flags & IFF_UP) != 0) { -+ sc_is_up = scp; -+ break; -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ -+ /* We already has at least one instance with IFF_UP. */ -+ if (stf_is_up != NULL) -+ return (ENOSPC); -+ -+ return (0); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_in6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct in6_addr *in6) -+{ -+ struct sockaddr_in6 sin6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || in6 == NULL) -+ return NULL; -+ -+ memset(&sin6, 0, sizeof(sin6)); -+ memcpy(&sin6.sin6_addr, in6, sizeof(sin6.sin6_addr)); -+ sin6.sin6_len = sizeof(sin6); -+ sin6.sin6_family = AF_INET6; -+ -+ return(stf_getin4addr_sin6(sin, ifa, &sin6)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr_sin6(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ struct sockaddr_in6 *sin6) -+{ -+ struct in6_ifaddr ia6; -+ int i; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || sin6 == NULL) -+ return NULL; -+ -+ memset(&ia6, 0, sizeof(ia6)); -+ memcpy(&ia6, ifatoia6(ifa), sizeof(ia6)); -+ -+ /* -+ * Use prefixmask information from ifa, and -+ * address information from sin6. -+ */ -+ ia6.ia_addr.sin6_family = AF_INET6; -+ ia6.ia_ifa.ifa_addr = (struct sockaddr *)&ia6.ia_addr; -+ ia6.ia_ifa.ifa_dstaddr = NULL; -+ ia6.ia_ifa.ifa_netmask = (struct sockaddr *)&ia6.ia_prefixmask; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_addr.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_addr.sin6_addr = %s\n", __func__, buf); -+ ip6_sprintf(buf, &ia6.ia_prefixmask.sin6_addr); -+ DEBUG_PRINTF(1, "%s: ia6.ia_prefixmask.sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ /* -+ * When (src addr & src mask) != (dst (sin6) addr & src mask), -+ * the dst is not in the 6rd domain. The IPv4 address must -+ * not be used. -+ */ -+ for (i = 0; i < sizeof(ia6.ia_addr.sin6_addr); i++) { -+ if ((((u_char *)&ia6.ia_addr.sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i]) -+ != -+ (((u_char *)&sin6->sin6_addr)[i] & -+ ((u_char *)&ia6.ia_prefixmask.sin6_addr)[i])) -+ return NULL; -+ } -+ -+ /* After the mask check, overwrite ia6.ia_addr with sin6. */ -+ memcpy(&ia6.ia_addr, sin6, sizeof(ia6.ia_addr)); -+ return(stf_getin4addr(sin, (struct ifaddr *)&ia6, 0)); -+} -+ -+static struct sockaddr_in * -+stf_getin4addr(struct sockaddr_in *sin, -+ struct ifaddr *ifa, -+ int flags) -+{ -+ struct in_addr *in; -+ struct sockaddr_in6 *sin6; -+ struct in6_ifaddr *ia6; -+ -+ DEBUG_PRINTF(1, "%s: enter.\n", __func__); -+ if (ifa == NULL || -+ ifa->ifa_addr == NULL || -+ ifa->ifa_addr->sa_family != AF_INET6) -+ return NULL; -+ -+ sin6 = satosin6(ifa->ifa_addr); -+ ia6 = ifatoia6(ifa); -+ -+ if ((flags & STF_GETIN4_USE_CACHE) && -+ (ifa->ifa_dstaddr != NULL) && -+ (ifa->ifa_dstaddr->sa_family == AF_INET)) { -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ memcpy(sin, satosin(ifa->ifa_dstaddr), sizeof(*sin)); -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, &sin->sin_addr); -+ DEBUG_PRINTF(1, "%s: cached address was used = %s\n", __func__, buf); -+ } -+#endif -+ return (sin); -+ } -+ memset(sin, 0, sizeof(*sin)); -+ in = &sin->sin_addr; -+ -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip6_sprintf(buf, &sin6->sin6_addr); -+ DEBUG_PRINTF(1, "%s: sin6->sin6_addr = %s\n", __func__, buf); -+ } -+#endif -+ -+ if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ /* 6to4 (RFC 3056) */ -+ bcopy(GET_V4(&sin6->sin6_addr), in, sizeof(*in)); -+ if (isrfc1918addr(in)) -+ return NULL; -+ } else { -+ /* 6rd (RFC 5569) */ -+ struct in6_addr buf; -+ u_char *p = (u_char *)&buf; -+ u_char *q = (u_char *)in; -+ u_int residue = 0; -+ u_char mask; -+ int i; -+ u_int plen; -+ -+ /* -+ * 6rd-relays IPv6 prefix is located at a 32-bit just -+ * after the prefix edge. -+ */ -+ plen = in6_mask2len(&satosin6(ifa->ifa_netmask)->sin6_addr, NULL); -+ if (32 < plen) -+ return NULL; -+ -+ memcpy(&buf, &sin6->sin6_addr, sizeof(buf)); -+ p += plen / 8; -+ residue = plen % 8; -+ mask = ~((u_char)(-1) >> residue); -+ -+ /* -+ * The p points head of the IPv4 address part in -+ * bytes. The residue is a bit-shift factor when -+ * prefixlen is not a multiple of 8. -+ */ -+ for (i = 0; i < 4; i++) { -+ DEBUG_PRINTF(2, "p[%d] = %d\n", i, p[i]); -+ DEBUG_PRINTF(2, "residue = %d\n", residue); -+ if (residue) { -+ p[i] <<= residue; -+ DEBUG_PRINTF(2, "p[%d] << residue = %d\n", -+ i, p[i]); -+ DEBUG_PRINTF(2, "mask = %x\n", -+ mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask = %d\n", -+ i, p[i + 1] & mask); -+ DEBUG_PRINTF(2, "p[%d + 1] & mask >> (8 - residue) = %d\n", -+ i, (p[i + 1] & mask) >> (8-residue)); -+ p[i] |= ((p[i+1] & mask) >> (8 - residue)); -+ } -+ q[i] = p[i]; -+ } -+ } -+#if STF_DEBUG -+ { -+ char buf[INET6_ADDRSTRLEN + 1]; -+ memset(&buf, 0, sizeof(buf)); -+ -+ ip_sprintf(buf, in); -+ DEBUG_PRINTF(1, "%s: in->in_addr = %s\n", __func__, buf); -+ DEBUG_PRINTF(1, "%s: leave\n", __func__); -+ } -+#endif -+ if (flags & STF_GETIN4_USE_CACHE) { -+ DEBUG_PRINTF(1, "%s: try to access ifa->ifa_dstaddr.\n", __func__); -+ ifa->ifa_dstaddr = (struct sockaddr *)&ia6->ia_dstaddr; -+ DEBUG_PRINTF(1, "%s: try to memset 0 to ia_dstaddr.\n", __func__); -+ memset(&ia6->ia_dstaddr, 0, sizeof(ia6->ia_dstaddr)); -+ DEBUG_PRINTF(1, "%s: try to memcpy ifa->ifa_dstaddr.\n", __func__); -+ memcpy((struct sockaddr_in *)ifa->ifa_dstaddr, -+ sin, sizeof(struct sockaddr_in)); -+ DEBUG_PRINTF(1, "%s: try to set sa_family.\n", __func__); -+ ifa->ifa_dstaddr->sa_family = AF_INET; -+ DEBUG_PRINTF(1, "%s: in->in_addr is stored in ifa_dstaddr.\n", -+ __func__); -+ } -+ return (sin); -+} -+ -+static int -+stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) - { - struct ifaddr *ifa; - struct ifreq *ifr; -- struct sockaddr_in6 *sin6; -- struct in_addr addr; -+ struct sockaddr_in in4; - int error, mtu; - -+ /* -+ * Sanity check: if more than two interfaces have IFF_UP, do -+ * if_down() for all of them except for the specified one. -+ */ -+ if (ifp->if_flags & IFF_UP) { -+ struct stf_softc *sc_cur = ifp->if_softc; -+ struct stf_softc *sc; -+ -+ mtx_lock(&stf_mtx); -+ LIST_FOREACH(sc, &V_stf_softc_list, stf_list) { -+ if (sc == sc_cur) -+ continue; -+ if ((STF2IFP(sc)->if_flags & IFF_UP) != 0) { -+ if_printf(STF2IFP(sc), -+ "marked as DOWN because at least " -+ "one instance of stf(4) is already " -+ "working.\n"); -+ if_down(STF2IFP(sc)); -+ } -+ } -+ mtx_unlock(&stf_mtx); -+ } -+ - error = 0; - switch (cmd) { - case SIOCSIFADDR: -@@ -822,17 +1255,16 @@ stf_ioctl(ifp, cmd, data) - error = EAFNOSUPPORT; - break; - } -- sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; -- if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { -+ if (stf_getin4addr(&in4, ifa, 0) == NULL) { - error = EINVAL; - break; - } -- bcopy(GET_V4(&sin6->sin6_addr), &addr, sizeof(addr)); -- if (isrfc1918addr(&addr)) { -- error = EINVAL; -- break; -- } -- -+ /* -+ * XXX: ifa_dstaddr is used as a cache of the -+ * extracted IPv4 address. -+ */ -+ if (ifa->ifa_dstaddr != NULL) -+ ifa->ifa_dstaddr->sa_family = AF_UNSPEC; - ifa->ifa_rtrequest = stf_rtrequest; - ifp->if_flags |= IFF_UP; - break; diff --git a/net/stf-6rd-kmod/files/fixup_mtime.sh b/net/stf-6rd-kmod/files/fixup_mtime.sh deleted file mode 100644 index 6737e42c769b..000000000000 --- a/net/stf-6rd-kmod/files/fixup_mtime.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -EXPDIR=$1 -SVN_REV=$2 -SVN_MIRROR=$3 -OSREL=$4 - -cd ${EXPDIR} || exit 1 -t=`TZ=UTC svn info -r${SVN_REV} ${SVN_MIRROR}/releng/${OSREL}/sys/net | grep 'Last Changed Date:' |\ - sed -Ee 's|Last Changed Date: ||; s|(....-..-..) (..:..:..) .0000 \(.*|\1T\2Z|'` -find ${EXPDIR} -type d -print0 | xargs -0 touch -d$t - -# Local Variables: -# sh-basic-offset: 8 -# sh-indentation: 8 -# End: diff --git a/net/stf-6rd-kmod/pkg-descr b/net/stf-6rd-kmod/pkg-descr deleted file mode 100644 index 5222febb4954..000000000000 --- a/net/stf-6rd-kmod/pkg-descr +++ /dev/null @@ -1,8 +0,0 @@ -Port for package building of 6rd patched stf(4) kernel lodable modules. - -This port supports only 8.4+ releases. - -This patch was developed by hrs and obtained from -http://people.allbsd.org/~hrs/FreeBSD/stf_6rd_20100923-1.diff - -WWW: http://people.FreeBSD.org/~kuriyama/6rd/ diff --git a/net/stf-6rd-kmod/pkg-message b/net/stf-6rd-kmod/pkg-message deleted file mode 100644 index 59a8274410a3..000000000000 --- a/net/stf-6rd-kmod/pkg-message +++ /dev/null @@ -1,11 +0,0 @@ -To use these modules, add loading lines in /boot/loader.conf: - -if_stf_load="YES" - -If you have if_stf.ko in /boot/kernel directory, overwrite it by -copying from /boot/modules or remove it from /boot/kernel. - -6rd setting is up to your ISP. E.g. SAKURA Internet in Japan provides -example setting in their site (in Japanese). - -http://research.sakura.ad.jp/6rd-trial/6rd-trial-freebsd8/ diff --git a/net/stf-6rd-kmod/pkg-plist b/net/stf-6rd-kmod/pkg-plist deleted file mode 100644 index 98a8d792f892..000000000000 --- a/net/stf-6rd-kmod/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -/%%KMODDIR%%/if_stf.ko -/%%KMODDIR%%/if_stf.ko.symbols diff --git a/net/userfw/Makefile b/net/userfw/Makefile deleted file mode 100644 index 6b94df88ad13..000000000000 --- a/net/userfw/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# Created by: Maxim Ignatenko -# $FreeBSD$ - -PORTNAME= userfw -PORTVERSION= 0.1.3 -PORTREVISION= 1 -CATEGORIES= net -MASTER_SITES= http://userfw.net/files/release/ \ - http://imax.in.ua/files/ \ - http://projects.ukrweb.net/files/ - -MAINTAINER= gelraen.ua@gmail.com -COMMENT= Modular packet filter - -LICENSE= BSD2CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE - -BROKEN_powerpc= fails to compile -BROKEN_powerpc64= fails to compile: pcpu.h: size of array '__assert_0' is negative -BROKEN_FreeBSD_11= fails to build on FreeBSD 11+ -BROKEN_FreeBSD_12= fails to build on FreeBSD 11+ -BROKEN_FreeBSD_13= fails to build on FreeBSD 11+ -DEPRECATED= Does not build on FreeBSD 11+ -EXPIRATION_DATE= 2018-10-31 - -SSP_UNSAFE= kernel module does not support ssp -USES= cmake:outsource kmod tar:xz uidfix -USE_LDCONFIG= yes - -.include <bsd.port.pre.mk> - -.if !exists(${SRC_BASE}/sys/sys/module.h) -IGNORE= requires kernel source files -.endif - -CMAKE_ARGS+= -DDOMAIN_STUB:BOOL=OFF -CMAKE_ARGS+= -DOPCODE_VERIFICATION:BOOL=OFF -CMAKE_ARGS+= -DKMODDIR="${KMODDIR}" - -.include <bsd.port.post.mk> diff --git a/net/userfw/distinfo b/net/userfw/distinfo deleted file mode 100644 index 84f31ca21da1..000000000000 --- a/net/userfw/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (userfw-0.1.3.tar.xz) = 7398d469203e43ae5a11b7a2f3556910f6e0b7f3ae6cdfac0ee4bdebe3522244 -SIZE (userfw-0.1.3.tar.xz) = 33552 diff --git a/net/userfw/files/patch-cmake__userfw_module.cmake b/net/userfw/files/patch-cmake__userfw_module.cmake deleted file mode 100644 index bdaf295c0f09..000000000000 --- a/net/userfw/files/patch-cmake__userfw_module.cmake +++ /dev/null @@ -1,19 +0,0 @@ ---- ./cmake/userfw_module.cmake.orig 2013-03-29 14:22:50.000000000 +0000 -+++ ./cmake/userfw_module.cmake 2014-07-29 09:30:53.000000000 +0100 -@@ -11,7 +11,7 @@ - add_custom_target(userfw_${modname} ALL - DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/userfw_${modname}.ko") - -- install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=${CMAKE_INSTALL_PREFIX}\" -+ install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}\" - WORKING_DIRECTORY \"${CMAKE_CURRENT_SOURCE_DIR}\")") - endfunction(declare_userfw_module) - -@@ -28,6 +28,6 @@ - add_custom_target(userfw_${modname} ALL - DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${filename}.ko") - -- install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=${CMAKE_INSTALL_PREFIX}\" -+ install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}\" - WORKING_DIRECTORY \"${CMAKE_CURRENT_SOURCE_DIR}\")") - endfunction(declare_userfw_module_with_name) diff --git a/net/userfw/files/patch-core__CMakeLists.txt b/net/userfw/files/patch-core__CMakeLists.txt deleted file mode 100644 index fdf2951999a0..000000000000 --- a/net/userfw/files/patch-core__CMakeLists.txt +++ /dev/null @@ -1,14 +0,0 @@ ---- ./core/CMakeLists.txt.orig 2013-03-29 14:22:50.000000000 +0000 -+++ ./core/CMakeLists.txt 2014-07-29 09:31:46.000000000 +0100 -@@ -27,9 +27,9 @@ - add_custom_target(userfw_core_kmod ALL - DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/userfw.ko") - --install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=${CMAKE_INSTALL_PREFIX}\" -+install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}\" - WORKING_DIRECTORY \"${CMAKE_CURRENT_SOURCE_DIR}\")") - if (DOMAIN_STUB) -- install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=${CMAKE_INSTALL_PREFIX}\" -+ install(CODE "execute_process(COMMAND make install \"KMODDIR=${KMODDIR}\" \"PREFIX=\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}\" - WORKING_DIRECTORY \"${CMAKE_CURRENT_SOURCE_DIR}/domain_stub\")") - endif (DOMAIN_STUB) diff --git a/net/userfw/files/patch-modules__dummynet__dummynet.c b/net/userfw/files/patch-modules__dummynet__dummynet.c deleted file mode 100644 index dbadf9bc79cf..000000000000 --- a/net/userfw/files/patch-modules__dummynet__dummynet.c +++ /dev/null @@ -1,22 +0,0 @@ ---- ./modules/dummynet/dummynet.c.orig 2013-03-29 14:22:50.000000000 +0000 -+++ ./modules/dummynet/dummynet.c 2014-07-29 09:30:53.000000000 +0100 -@@ -57,15 +57,19 @@ - - if (ip_dn_io_ptr != NULL) - { -+#if __FreeBSD__ < 10 - SET_NET_IPLEN(mtod(*mb, struct ip *)); -+#endif - if (mtod(*mb, struct ip *)->ip_v == 4) - ret = ip_dn_io_ptr(mb, dir, &ipfw_args); - else if (mtod(*mb, struct ip *)->ip_v == 6) - ret = ip_dn_io_ptr(mb, dir | PROTO_IPV6, &ipfw_args); -+#if __FreeBSD__ < 10 - if ((*mb) != NULL) - { - SET_HOST_IPLEN(mtod(*mb, struct ip *)); - } -+#endif - } - return ret; - } diff --git a/net/userfw/files/patch-modules__ng_userfw_connector__ng_userfw_connector.c b/net/userfw/files/patch-modules__ng_userfw_connector__ng_userfw_connector.c deleted file mode 100644 index 0ab5b96bd854..000000000000 --- a/net/userfw/files/patch-modules__ng_userfw_connector__ng_userfw_connector.c +++ /dev/null @@ -1,12 +0,0 @@ ---- ./modules/ng_userfw_connector/ng_userfw_connector.c.orig 2013-03-29 14:22:50.000000000 +0000 -+++ ./modules/ng_userfw_connector/ng_userfw_connector.c 2014-07-29 09:30:53.000000000 +0100 -@@ -196,7 +196,9 @@ - if (hookp == NULL) - return ESRCH; - -+#if __FreeBSD__ < 10 - SET_NET_IPLEN(mtod(mb, struct ip *)); -+#endif - NG_SEND_DATA_ONLY(err, hookp, mb); - - return err; diff --git a/net/userfw/pkg-descr b/net/userfw/pkg-descr deleted file mode 100644 index c45c1d6a8da6..000000000000 --- a/net/userfw/pkg-descr +++ /dev/null @@ -1,3 +0,0 @@ -userfw is extensible packet filter for FreeBSD. Now it's mostly experimental. - -WWW: http://userfw.net/ diff --git a/net/userfw/pkg-plist b/net/userfw/pkg-plist deleted file mode 100644 index 642af78ecd46..000000000000 --- a/net/userfw/pkg-plist +++ /dev/null @@ -1,28 +0,0 @@ -bin/userfw -lib/libuserfw.so -include/userfw/cache.h -include/userfw/connection.h -include/userfw/io.h -include/userfw/message.h -include/userfw/mod_list.h -include/userfw/module.h -include/userfw/ruleset.h -include/userfw/types.h -include/userfw/modules/base.h -include/userfw/modules/bpf.h -include/userfw/modules/counters.h -include/userfw/modules/dummynet.h -include/userfw/modules/ip.h -include/userfw/modules/ipfw.h -include/userfw/modules/ipv4.h -include/userfw/modules/log.h -include/userfw/modules/multiruleset.h -include/userfw/modules/ng_userfw_connector.h -/%%KMODDIR%%/ng_userfw_connector.ko -/%%KMODDIR%%/userfw.ko -/%%KMODDIR%%/userfw_bpf.ko -/%%KMODDIR%%/userfw_counters.ko -/%%KMODDIR%%/userfw_dummynet.ko -/%%KMODDIR%%/userfw_ipfw.ko -/%%KMODDIR%%/userfw_log.ko -/%%KMODDIR%%/userfw_multiruleset.ko diff --git a/sysutils/Makefile b/sysutils/Makefile index be0ce0dd5855..3a18c14e3454 100644 --- a/sysutils/Makefile +++ b/sysutils/Makefile @@ -122,7 +122,6 @@ SUBDIR += bsdhwmon SUBDIR += bsdinfo SUBDIR += bsdisks - SUBDIR += bsdmoted SUBDIR += bsdploy SUBDIR += bsdstats SUBDIR += bstack @@ -1031,7 +1030,6 @@ SUBDIR += qchroot SUBDIR += qdirstat SUBDIR += qjail - SUBDIR += qjail4 SUBDIR += qlogtools SUBDIR += qpxtool SUBDIR += qsudo @@ -1190,7 +1188,6 @@ SUBDIR += scanbuttond SUBDIR += scct SUBDIR += schedutils - SUBDIR += scprotect SUBDIR += screen SUBDIR += screenfetch SUBDIR += screenie diff --git a/sysutils/bsdmoted/Makefile b/sysutils/bsdmoted/Makefile deleted file mode 100644 index 1ac9df14a499..000000000000 --- a/sysutils/bsdmoted/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -# Created by: Daniel Walter <sahne@0x90.at> -# $FreeBSD$ - -PORTNAME= bsdmoted -PORTVERSION= 0.4.0 -CATEGORIES= sysutils -MASTER_SITES= SF - -MAINTAINER= sahne@0x90.at -COMMENT= Use Wii remote as mouse - -LICENSE= BSD3CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE - -BROKEN_powerpc64= does not build: warning Make sure new member of socket address initialized -BROKEN_FreeBSD_11= does not build (bluetooth changes in 11.x need to be handled) -BROKEN_FreeBSD_12= does not build (bluetooth changes in 11.x need to be handled) -BROKEN_FreeBSD_13= does not build (bluetooth changes in 11.x need to be handled) -DEPRECATED= does not build on FreeBSD 11+ -EXPIRATION_DATE= 2018-10-31 - -USES= uidfix -PLIST_FILES= sbin/bsdmoted - -.include <bsd.port.mk> diff --git a/sysutils/bsdmoted/distinfo b/sysutils/bsdmoted/distinfo deleted file mode 100644 index 9f3399b143a4..000000000000 --- a/sysutils/bsdmoted/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (bsdmoted-0.4.0.tar.gz) = cabd0a593ae83430434a1a7ad4eb261b4f1b1050f4a3175ffdd7585a117a5022 -SIZE (bsdmoted-0.4.0.tar.gz) = 23539 diff --git a/sysutils/bsdmoted/files/patch-Makefile b/sysutils/bsdmoted/files/patch-Makefile deleted file mode 100644 index a483353c97e2..000000000000 --- a/sysutils/bsdmoted/files/patch-Makefile +++ /dev/null @@ -1,18 +0,0 @@ ---- ./Makefile.orig 2007-05-04 18:09:26.000000000 -0400 -+++ ./Makefile 2014-08-27 22:23:17.680151986 -0400 -@@ -9,12 +9,13 @@ - session.c - - CFLAGS+= -I${.CURDIR} --WARNS?= 6 -+WARNS?= 3 - DEBUG_FLAGS= -g - - DPADD= ${LIBBLUETOOTH} ${LIBSDP} - LDADD= -lbluetooth -lusbhid - --DESTDIR= /usr/local/sbin -+PREFIX?= /usr/local -+BINDIR= ${PREFIX}/sbin - - .include <bsd.prog.mk> diff --git a/sysutils/bsdmoted/files/patch-parser.y b/sysutils/bsdmoted/files/patch-parser.y deleted file mode 100644 index 417aa17b790d..000000000000 --- a/sysutils/bsdmoted/files/patch-parser.y +++ /dev/null @@ -1,10 +0,0 @@ ---- ./parser.y.orig 2014-08-01 13:12:16.000000000 -0400 -+++ ./parser.y 2014-08-01 13:12:32.000000000 -0400 -@@ -32,6 +32,7 @@ - * $FreeBSD: src/usr.sbin/bluetooth/bthidd/parser.y,v 1.4.2.2 2006/12/01 23:33:22 emax Exp $ - */ - -+#include <stdlib.h> - #include <sys/queue.h> - #include <bluetooth.h> - #include <dev/usb/usb.h> diff --git a/sysutils/bsdmoted/pkg-descr b/sysutils/bsdmoted/pkg-descr deleted file mode 100644 index 8c4d0239e7be..000000000000 --- a/sysutils/bsdmoted/pkg-descr +++ /dev/null @@ -1,6 +0,0 @@ -Wii remote is an innovative hci developed by Nintendo. -This project intends to help FreeBSD users use wii remote as mouse. -This project is based on bthidd, developed by Maksim Yevmenkin -<m_evmenkin@yahoo.com>, and information from http://www.wiili.org. - -WWW: https://sourceforge.net/projects/bsdmoted/ diff --git a/sysutils/qjail4/Makefile b/sysutils/qjail4/Makefile deleted file mode 100644 index b1df68be5566..000000000000 --- a/sysutils/qjail4/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -# Created by: Joe Barbish -# $FreeBSD$ - -PORTNAME= qjail -PORTVERSION= 4.9 -CATEGORIES= sysutils -MASTER_SITES= SF/${PORTNAME} -PKGNAMESUFFIX= 4 - -MAINTAINER= qjail1@a1poweruser.com -COMMENT= Utility to quickly deploy and manage jails - -LICENSE= BERNE-CONVENTION -LICENSE_NAME= Berne Convention -LICENSE_TEXT= As per the international "Berne Convention" this work is \ - protected and all rights reserved. \ - Before qjail may be forked, written permission must be \ - obtained from the author <qjail1@a1poweruser.com>. \ - This work is provided 'AS IS' and you use it at your own risk. \ - Redistribution and use is permitted providing this license \ - notice is retained. -LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept - -USES= tar:bzip2 -NO_BUILD= yes -NO_ARCH= yes - -DEPRECATED= Only for FreeBSD 10.x , use sysutis/qjail instead -EXPIRATION_DATE=2018-10-31 - -IGNORE_FreeBSD_11= Only for FreeBSD 10.x -IGNORE_FreeBSD_12= Only for FreeBSD 10.x -IGNORE_FreeBSD_13= Only for FreeBSD 10.x - -do-install: -.for i in qjail qjail.vnet.be qjail.vnet.ng - ${INSTALL_SCRIPT} ${WRKSRC}/${i} ${STAGEDIR}${PREFIX}/bin -.endfor - ${INSTALL_SCRIPT} ${WRKSRC}/qjail.bootime \ - ${STAGEDIR}${PREFIX}/etc/rc.d - ${INSTALL_DATA} ${WRKSRC}/qjail.portsnap.conf \ - ${STAGEDIR}${PREFIX}/etc/qjail.portsnap.conf.sample -.for i in qjail qjail-intro qjail-howto - ${INSTALL_MAN} ${WRKSRC}/${i}.8 ${STAGEDIR}${MAN8PREFIX}/man/man8 -.endfor - -# note examples are mandatory. qjail will not function without them - @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} - (cd ${WRKSRC}/examples/ \ - && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}) - -.include <bsd.port.mk> diff --git a/sysutils/qjail4/distinfo b/sysutils/qjail4/distinfo deleted file mode 100644 index e48262345aeb..000000000000 --- a/sysutils/qjail4/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (qjail-4.9.tar.bz2) = 163d8893d431ab0699156db4a15c1c8927a71c4918014adb6006a8b6657cb49b -SIZE (qjail-4.9.tar.bz2) = 66048 diff --git a/sysutils/qjail4/pkg-descr b/sysutils/qjail4/pkg-descr deleted file mode 100644 index b327c9c07c0d..000000000000 --- a/sysutils/qjail4/pkg-descr +++ /dev/null @@ -1,34 +0,0 @@ -This qjail version only supports the RELEASE-10.x series of releases. - -Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail -system that includes security and performance enhancements. Plus a new level -of "user friendliness" enhancements dealing with deploying just a few jails or -large scale jail environments consisting of 100's of jails. - -Qjail uses the jail(8) jail.conf method. This provides the ability to enable -the following options on a per-jail basis. exec.fib, securelevel, allow.sysvipc, -devfs_rulesets, allow.raw_sockets, allow.quotas, allow.mount.nullfs, -allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and vnet. The vnet option -gives a jail its own network stack using the experimental vimage kernel module. -The vnet option has only been tested on i386 and amd64 equipment. - -Qjail requires no knowledge of the jail command usage. It uses "nullfs" for -read-only system executables, sharing one copy of them with all the jails. - -Uses "mdconfig" to create sparse image jails. Sparse image jails provide a -method to limit the total disk space a jail can consume, while only occupying -the physical disk space of the sum size of the files in the image jail. - -Ability to assign ip address with their network device name, -so aliases are auto created on jail start and auto removed on jail stop. - -Ability to create "ZONE"s of identical qjail systems, each with their own -group of jails. - -Ability to designate a portion of the jail name as a group prefix so the -command being executed will apply to only those jail names matching that prefix. - -Qjail has been incorporated into the Finch open source project, -see http://dreamcat4.github.io/finch/ for details. - -WWW: http://qjail.sourceforge.net/ diff --git a/sysutils/qjail4/pkg-message b/sysutils/qjail4/pkg-message deleted file mode 100644 index 3608ccf19b71..000000000000 --- a/sysutils/qjail4/pkg-message +++ /dev/null @@ -1,42 +0,0 @@ - -######################################################################## - -Use the qjail utility to deploy small or large numbers of jails quickly. - -First issue "rehash" command to enable the qjail command (if using csh). -Then issue "man qjail-intro" to read the qjail introduction. -After reading that do "man qjail" for the usage details. -For the BIG PICTURE issue "man qjail-howto". - -######################################################################## - -For users who have existing qjail environments. Please take note. -There are changes to the internals of the jail(8) command and changes to -parameter names in the periodic files that have occured in FreeBSD -Release 10.2 that effects jail behavior in a very minor way. -IF your running qjail on an 10.2 or newer version of FreeBSD you should -consider doing the following. - -This version of qjail has an built in auto convert function that you may select -to choose that fixes those minor behavior problems with your existing jails. -This auto convert function is not documented in the qjail manual. Its only -shown here. So write it down. - - Issue [ qjail update -u ] from the host console. - -This will cause the existing "flavors" default & ssh-default directories to be -renamed and new ones populated. Then in each existing jail the periodic.conf -and newsyslog.conf files will be renamed with .saved suffix and new ones added. -The rc.conf file will be updated in place changing the -syslogd_enable= parameter value from "NO" to "YES". - -The new periodic.conf file has many sendmail reporting options disabled because -sendmail is disabled in the jails rc.conf file by default. This drastically -reduces the daily. weekly, monthly system and security status reports elapse -run times. This has a major effect on operating system performance where there -are a large number of jails. - -The [ qjail install ] command will install all the correct files depending on -what version of FreeBSD your host is running. - -######################################################################## diff --git a/sysutils/qjail4/pkg-plist b/sysutils/qjail4/pkg-plist deleted file mode 100644 index 9409c8e7bc16..000000000000 --- a/sysutils/qjail4/pkg-plist +++ /dev/null @@ -1,48 +0,0 @@ -bin/qjail -bin/qjail.vnet.be -bin/qjail.vnet.ng -@sample etc/qjail.portsnap.conf.sample -etc/rc.d/qjail.bootime -man/man8/qjail.8.gz -man/man8/qjail-intro.8.gz -man/man8/qjail-howto.8.gz -%%EXAMPLESDIR%%/vnet/ipfw.rules.host -%%EXAMPLESDIR%%/vnet/ipfw.rules.vnet -%%EXAMPLESDIR%%/vnet/ipf.rules.host -%%EXAMPLESDIR%%/vnet/ipf.rules.vnet -%%EXAMPLESDIR%%/vnet/pf.rules.host -%%EXAMPLESDIR%%/vnet/pf.rules.vnet -%%EXAMPLESDIR%%/default/etc/make.conf -%%EXAMPLESDIR%%/default/etc/motd -%%EXAMPLESDIR%%/default/etc/periodic.conf -%%EXAMPLESDIR%%/default/etc/periodic102.conf -%%EXAMPLESDIR%%/default/etc/newsyslog102.conf -%%EXAMPLESDIR%%/default/etc/rc.conf -%%EXAMPLESDIR%%/default/etc/rc102.conf -%%EXAMPLESDIR%%/default/root/.cshrc -%%EXAMPLESDIR%%/default/usr/local/etc/pkg.conf -%%EXAMPLESDIR%%/default/usr/local/etc/sudoers -%%EXAMPLESDIR%%/ssh-default/etc/group -%%EXAMPLESDIR%%/ssh-default/etc/make.conf -%%EXAMPLESDIR%%/ssh-default/etc/master.passwd -%%EXAMPLESDIR%%/ssh-default/etc/motd -%%EXAMPLESDIR%%/ssh-default/etc/passwd -%%EXAMPLESDIR%%/ssh-default/etc/periodic.conf -%%EXAMPLESDIR%%/ssh-default/etc/periodic102.conf -%%EXAMPLESDIR%%/ssh-default/etc/newsyslog102.conf -%%EXAMPLESDIR%%/ssh-default/etc/pwd.db -%%EXAMPLESDIR%%/ssh-default/etc/rc.conf -%%EXAMPLESDIR%%/ssh-default/etc/rc102.conf -%%EXAMPLESDIR%%/ssh-default/etc/spwd.db -%%EXAMPLESDIR%%/ssh-default/etc/ssh/sshd_config -%%EXAMPLESDIR%%/ssh-default/root/.cshrc -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.cshrc -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.login -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.login_conf -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.mail_aliases -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.mailrc -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.profile -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.rhosts -%%EXAMPLESDIR%%/ssh-default/usr/home/qjail/.shrc -%%EXAMPLESDIR%%/ssh-default/usr/local/etc/pkg.conf -%%EXAMPLESDIR%%/ssh-default/usr/local/etc/sudoers diff --git a/sysutils/scprotect/Makefile b/sysutils/scprotect/Makefile deleted file mode 100644 index f8a94777458a..000000000000 --- a/sysutils/scprotect/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -# Created by: Denis Barov <dindin@dindin.ru> -# $FreeBSD$ - -PORTNAME= scprotect -PORTVERSION= 20091116 -CATEGORIES= sysutils -MASTER_SITES= http://dindin.ru/download/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Protect process from killing when the swap space is exhausted - -BROKEN_FreeBSD_11= does not build on FreeBSD 11.x+ -BROKEN_FreeBSD_12= does not build on FreeBSD 11.x+: scprotect.c: 'sysctl__' undeclared (first use in this function) -BROKEN_FreeBSD_13= does not build on FreeBSD 11.x+: scprotect.c: 'sysctl__' undeclared (first use in this function) -DEPRECATED= Does not build on FreeBSD 11+ -EXPIRATION_DATE= 2018-10-31 - -USES= kmod uidfix - -WRKSRC= ${WRKDIR}/${PORTNAME} - -CFLAGS+= -DWITH_SCPROTECT_LIST - -post-extract: - @cd ${WRKSRC}/kmod && ${RM} machine - -post-install: - @${RM} -r ${STAGEDIR}/usr/lib/debug - -.include <bsd.port.mk> diff --git a/sysutils/scprotect/distinfo b/sysutils/scprotect/distinfo deleted file mode 100644 index d982eb1d1412..000000000000 --- a/sysutils/scprotect/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (scprotect-20091116.tar.gz) = 6ed37eeb174fb558a7c4eca88735b7de4c4167688de897b36a3ae8c724d265ce -SIZE (scprotect-20091116.tar.gz) = 4386 diff --git a/sysutils/scprotect/pkg-descr b/sysutils/scprotect/pkg-descr deleted file mode 100644 index 868c8a8d5b36..000000000000 --- a/sysutils/scprotect/pkg-descr +++ /dev/null @@ -1,7 +0,0 @@ -scprotect is implementation of system call for setting or unsetting -P_PROTECTED flag. It's similar to madvise(2) behaviour MADV_PROTECT, -but may be used for already running processes. Also rc.d/scprotect -scripts allow you to set protection flag even if process was -restarted by user. - -WWW: http://dindin.ru/scprotect/ diff --git a/sysutils/scprotect/pkg-message b/sysutils/scprotect/pkg-message deleted file mode 100644 index b0a4fdff09f5..000000000000 --- a/sysutils/scprotect/pkg-message +++ /dev/null @@ -1,13 +0,0 @@ - -******************************************************************************* -* This port contains a prebuilt kernel module. Due to the ever changing * -* nature of FreeBSD it may be necessary to rebuild the module after a kernel * -* source update. To do this reinstall the port. * -******************************************************************************* - -Also you may set for example - -scprotect_enable="YES" -scprotect_progs="sshd named" - -to protect those application even if they are restarted diff --git a/sysutils/scprotect/pkg-plist b/sysutils/scprotect/pkg-plist deleted file mode 100644 index 5c41b5212cac..000000000000 --- a/sysutils/scprotect/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -etc/rc.d/scprotect -/%%KMODDIR%%/scprotect.ko diff --git a/www/Makefile b/www/Makefile index 9ddf2fdbb392..dfea744dedb0 100644 --- a/www/Makefile +++ b/www/Makefile @@ -2414,7 +2414,6 @@ SUBDIR += twiki-WysiwygPlugin SUBDIR += twill SUBDIR += twms - SUBDIR += typo3-7 SUBDIR += typo3-8 SUBDIR += uchiwa SUBDIR += udmsearch diff --git a/www/typo3-7/Makefile b/www/typo3-7/Makefile deleted file mode 100644 index e25d183c9aa8..000000000000 --- a/www/typo3-7/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -# Created by: Helmut Ritter <freebsd-ports@charlieroot.de> -# $FreeBSD$ - -PORTNAME= typo3 -PORTVERSION= ${PORT_V_MAJOR}.${PORT_V_MINOR}.${PORT_V_PATCH} -CATEGORIES= www -MASTER_SITES= https://typo3.azureedge.net/typo3/${PORTVERSION}/ -PKGNAMESUFFIX= -${PORT_V_MAJOR} - -MAINTAINER= freebsd-ports@charlieroot.de -COMMENT= Typo3 content management system - -LICENSE= GPLv2 -LICENSE_FILE= ${WRKSRC}/LICENSE.txt - -PORTSCOUT= limit:^${PORT_V_MAJOR}\.${PORT_V_MINOR}\. - -DEPRECATED= Support will end in October 2018, please update to either www/typo3-8 or www/typo3-9 -EXPIRATION_DATE= 2018-10-31 - -USES= cpe shebangfix php:web -SHEBANG_GLOB= *.sh *.php -NO_BUILD= yes -NO_ARCH= yes -USE_PHP= ctype fileinfo filter hash json mysqli openssl pcre session simplexml soap xml zip -WRKSRC= ${WRKDIR}/${TYPO3SRC} - -PORT_V_MAJOR= 7 -PORT_V_MINOR= 6 -PORT_V_PATCH= 31 - -TYPO3WWW= www -TYPO3SRC= ${PORTNAME}_src-${PORTVERSION} -TYPO3DIR= ${PORTNAME}-${PORT_V_MAJOR} - -USERS= ${WWWOWN} -GROUPS= ${WWWGRP} - -DISTFILES+= ${TYPO3SRC}${EXTRACT_SUFX} - -OPTIONS_DEFINE= CURL GD GMP IMAGICK MBSTRING MYSQL ZLIB -GD_DESC= GDlib/freetype support -IMAGICK_DESC= ${IMAGEMAGICK_DESC} -MBSTRING_DESC= ${MULTIBYTE_DESC} -MYSQL_DESC= Install MySQL Server - -CURL_USE= PHP=curl -GD_USE= PHP=gd -GMP_USE= PHP=gmp -MBSTRING_USE= PHP=mbstring -MYSQL_USE= MYSQL=server -ZLIB_USE= PHP=zlib - -.include <bsd.port.options.mk> - -.if ${PORT_OPTIONS:MIMAGICK} -.if ${PORT_OPTIONS:MX11} -RUN_DEPENDS+= convert:graphics/ImageMagick -.else -RUN_DEPENDS+= convert:graphics/ImageMagick-nox11 -.endif -.endif - -do-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/${TYPO3WWW}/${TYPO3DIR} - ${CP} -R ${WRKDIR}/${TYPO3SRC} ${STAGEDIR}${PREFIX}/${TYPO3WWW}/ - ${LN} -fs ../${TYPO3SRC} ${STAGEDIR}${PREFIX}/${TYPO3WWW}/${TYPO3DIR}/typo3_src - ${LN} -fs typo3_src/index.php ${STAGEDIR}${PREFIX}/${TYPO3WWW}/${TYPO3DIR}/index.php - ${LN} -fs typo3_src/typo3 ${STAGEDIR}${PREFIX}/${TYPO3WWW}/${TYPO3DIR}/typo3 - ${CP} ${WRKDIR}/${TYPO3SRC}/_.htaccess ${STAGEDIR}${PREFIX}/${TYPO3WWW}/${TYPO3DIR}/.htaccess - -post-install: - @cd ${STAGEDIR}${PREFIX}; \ - ${FIND} * \( -type f -or -type l \) -path "${TYPO3WWW}/${TYPO3DIR}/*" | \ - ${SORT} >> ${TMPPLIST} - @cd ${STAGEDIR}${PREFIX}; \ - ${FIND} * \( -type f -or -type l \) -path "${TYPO3WWW}/${TYPO3SRC}/*" | \ - ${SORT} >> ${TMPPLIST} - -.include <bsd.port.mk> diff --git a/www/typo3-7/distinfo b/www/typo3-7/distinfo deleted file mode 100644 index 7f80395ee45c..000000000000 --- a/www/typo3-7/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1539249864 -SHA256 (typo3_src-7.6.31.tar.gz) = a2b2d045df5164917fdd5c18c702fb2a235b648e57c0b86293aaabb2d1e0724e -SIZE (typo3_src-7.6.31.tar.gz) = 20514071 diff --git a/www/typo3-7/pkg-descr b/www/typo3-7/pkg-descr deleted file mode 100644 index fb3f7cd9a77b..000000000000 --- a/www/typo3-7/pkg-descr +++ /dev/null @@ -1,9 +0,0 @@ -TYPO3 is a free Open Source content management system for enterprise purposes -on the web and in intranets. It offers full flexibility and extendability while -featuring an accomplished set of ready-made interfaces, functions and modules. - -The legacy stable LTS release. -The legacy version with Long Term Support (LTS). It will have maintenance and -security-related bugfixes until October 2018. - -WWW: http://typo3.org/ |