Update to 1.6.4 and remove the FreeBSD's specific feature FIREWALL option

to ease port maintenance. PR: 226860 Reported by: Leo Vandewoestijne <freebsd@dns.company>
author: Olivier Cochard <olivier@FreeBSD.org> 2018-03-27 23:09:22 +0800
committer: Olivier Cochard <olivier@FreeBSD.org> 2018-03-27 23:09:22 +0800
commit: 101f50499cd13613abb1a418da6b464ec8f3de35 (patch)
tree: 45f23e78912cfddf21568e4b31c89c380d248ea0
parent: 610a3c55dc020e05d90ee1a568613d5cf467b662 (diff)
download: freebsd-ports-101f50499cd13613abb1a418da6b464ec8f3de35.tar.gz
freebsd-ports-101f50499cd13613abb1a418da6b464ec8f3de35.tar.zst
freebsd-ports-101f50499cd13613abb1a418da6b464ec8f3de35.zip
7 files changed, 19 insertions, 975 deletions
diff --git a/net/bird/Makefile b/net/bird/Makefile
index 4ea80b4ed8cb..365366a0f362 100644
--- a/net/bird/Makefile
+++ b/net/bird/Makefile
@@ -2,11 +2,9 @@
 # $FreeBSD$
 
 PORTNAME=	bird
-PORTVERSION=	1.6.3
-PORTREVISION=	4
+PORTVERSION=	1.6.4
 CATEGORIES=	net
-MASTER_SITES=	ftp://bird.network.cz/pub/bird/ \
-		http://bird.mpls.in/distfiles/bird/
+MASTER_SITES=	ftp://bird.network.cz/pub/bird/
 
 MAINTAINER=	olivier@FreeBSD.org
 COMMENT?=	Dynamic IP routing daemon (${FLAVOR:Uipv4:S/ip/IP/} version)
@@ -16,14 +14,10 @@ LICENSE=	GPLv2
 FLAVORS=	ipv4 ipv6
 ipv6_PKGNAMESUFFIX=	6
 
-USES=		bison gmake ncurses readline
+USES=		autoreconf bison gmake ncurses readline
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var
 
-OPTIONS_DEFINE?=	FIREWALL
-FIREWALL_DESC=	Enable firewall protocol
-NO_OPTIONS_SORT=	yes
-
 MAKE_JOBS_UNSAFE=	yes
 
 USE_RC_SUBR=	${PKGBASE}
@@ -35,19 +29,4 @@ PLIST_SUB=	VER=6
 PLIST_SUB?=	VER=""
 .endif
 
-FIREWALL_EXTRA_PATCHES+=	${FILESDIR}/firewall_support.patch
-
-.include <bsd.port.options.mk>
-
-post-patch:
-.if ${PORT_OPTIONS:MFIREWALL}
-	@${REINPLACE_CMD} -e 's/^\(all_protocols=".*\)"/\1 firewall"/' ${WRKSRC}/configure
-	@${REINPLACE_CMD} -e '/proto_build(&proto_device);/{G;s/$$/  proto_build(\&proto_firewall);/;}' ${WRKSRC}/nest/proto.c
-	@${REINPLACE_CMD} -e '/CONFIG_PIPE/{G;s/$$/#undef CONFIG_FIREWALL_IPSET/;}' ${WRKSRC}/sysdep/autoconf.h.in
-	@${REINPLACE_CMD} -e '/CONFIG_PIPE/{G;s/$$/#undef CONFIG_FIREWALL_PF/;}' ${WRKSRC}/sysdep/autoconf.h.in
-	@${REINPLACE_CMD} -e '/CONFIG_PIPE/{G;s/$$/#undef CONFIG_FIREWALL_IPFW/;}' ${WRKSRC}/sysdep/autoconf.h.in
-	@${REINPLACE_CMD} -e '/CONFIG_PIPE/{G;s/$$/#undef CONFIG_FIREWALL/;}' ${WRKSRC}/sysdep/autoconf.h.in
-	@${REINPLACE_CMD} -e 's/\(proto_bfd\)/\1, proto_firewall/' ${WRKSRC}/nest/protocol.h
-.endif
-
 .include <bsd.port.mk>
diff --git a/net/bird/distinfo b/net/bird/distinfo
index 9aaf1225b2da..294ce076bbaa 100644
--- a/net/bird/distinfo
+++ b/net/bird/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1485093974
-SHA256 (bird-1.6.3.tar.gz) = 39c51cf57c3ba8b5978b2a657ffa2f647ec7f3ae643e91cf42ee5cb070cf7e7c
-SIZE (bird-1.6.3.tar.gz) = 1337198
+TIMESTAMP = 1521796106
+SHA256 (bird-1.6.4.tar.gz) = 089db0570dbc171a1330862f84b908c15d869879a806c925621515e207f7296f
+SIZE (bird-1.6.4.tar.gz) = 1360234
diff --git a/net/bird/files/firewall_support.patch b/net/bird/files/firewall_support.patch
deleted file mode 100644
index 1d84cfabe8e5..000000000000
--- a/net/bird/files/firewall_support.patch
+++ /dev/null
@@ -1,913 +0,0 @@
-From f610486180e7ba5a0f7b7127edfdcfaf704353a1 Mon Sep 17 00:00:00 2001
-From: Alexander V. Chernikov <melifaro@ipfw.ru>
-Date: Wed, 15 Aug 2012 16:09:21 +0000
-Subject: [PATCH 1/1] Add firewall support v2
-
----
- configure.in              |    6 +-
- doc/bird.sgml             |   34 ++++
- nest/proto.c              |    3 +
- nest/protocol.h           |    2 +-
- nest/route.h              |    3 +-
- proto/firewall/Doc        |    1 +
- proto/firewall/Makefile   |    6 +
- proto/firewall/config.Y   |   77 +++++++++
- proto/firewall/firewall.c |  198 ++++++++++++++++++++++
- proto/firewall/firewall.h |   54 ++++++
- sysdep/autoconf.h.in      |    5 +
- sysdep/bsd/Modules        |    1 +
- sysdep/bsd/fw.c           |  404 +++++++++++++++++++++++++++++++++++++++++++++
- 13 files changed, 791 insertions(+), 3 deletions(-)
- create mode 100644 proto/firewall/Doc
- create mode 100644 proto/firewall/Makefile
- create mode 100644 proto/firewall/config.Y
- create mode 100644 proto/firewall/firewall.c
- create mode 100644 proto/firewall/firewall.h
- create mode 100644 sysdep/bsd/fw.c
-
-diff --git a/configure.in b/configure.in
-index 54993df..51b7cc2 100644
---- configure.in
-+++ configure.in
-@@ -137,10 +137,13 @@ else
- 		ipv4:netbsd*)	sysdesc=bsd
- 				CPPFLAGS="$CPPFLAGS -I/usr/pkg/include"
- 				LDFLAGS="$LDFLAGS -L/usr/pkg/lib -R/usr/pkg/lib"
-+				AC_DEFINE(CONFIG_FIREWALL_PF, 1)
- 				;;
- 		ipv6:freebsd*)	sysdesc=bsd-v6
- 				;;
- 		ipv4:freebsd*)	sysdesc=bsd
-+				AC_DEFINE(CONFIG_FIREWALL_IPFW, 1)
-+				AC_DEFINE(CONFIG_FIREWALL_PF, 1)
- 				;;
- 		ipv6:dragonfly*)	sysdesc=bsd-v6
- 				;;
-@@ -153,6 +156,7 @@ else
- 		ipv6:openbsd*)	sysdesc=bsd-v6
- 				;;
- 		ipv4:openbsd*)	sysdesc=bsd
-+				AC_DEFINE(CONFIG_FIREWALL_PF, 1)
- 				;;
- 		*)		AC_MSG_ERROR([Cannot determine correct system configuration. Please use --with-sysconfig to set it manually.])
- 				;;
-diff --git a/doc/bird.sgml b/doc/bird.sgml
-index 24bc302..a01ec99 100644
---- doc/bird.sgml
-+++ doc/bird.sgml
-@@ -2743,6 +2743,40 @@ protocol static {
- }
- </code>
- 
-+<sect>Firewall
-+
-+<p>Firewall protocol doesn't communicate with any network devices,
-+but instead it allows you to add announced prefixes to given firewall table.
-+At the moment IPFW and PF are supported. One can also specify special integer tag
-+that can be passed as argument to IPFW table. Any number of instances can be configured.
-+
-+<p>Firewall protocol does not have many configuration options.
-+
-+<descrip>
-+	<tag>fwtype pf|ipfw</tag> Select firewall type.
-+	<tag>fwtable <m/name/</tag> Specifies firewall table name.
-+	<tag>keep on startup|shutdown</tag>Do not flush table on protocol startup or shutdown.
-+	<tag>keep always</tag>Do not flush table on protocol startup and shutdown.
-+</descrip>
-+
-+<p>Firewall defines single route attribute:
-+
-+<descrip>
-+	<tag>int <cf/fw_value/</tag> Value that can be passed with prefix.
-+	Value is unsigned 4-byte integer. It can be set when importing routes from the other
-+	protocols or on protocol export.
-+</descrip>
-+
-+<p>Example firewall config might look like this:
-+
-+<p><code>
-+protocol firewall {
-+	table testable;			 # Connect to a non-default routing table
-+	fwtype ipfw;			 # Use IPFW as backend
-+	fwtable "2";			 # Use table 2
-+	export filter { fw_value = 125; accept; }; # Set value 125 for all prefixes
-+}
-+</code>
- <chapt>Conclusions
- 
- <sect>Future work
-diff --git a/nest/route.h b/nest/route.h
-index 524e69b..f3062a2 100644
---- nest/route.h
-+++ nest/route.h
-@@ -361,7 +361,8 @@ typedef struct eattr {
- #define EAP_OSPF 3			/* OSPF */
- #define EAP_KRT 4			/* Kernel route attributes */
- #define EAP_BABEL 5			/* Babel attributes */
--#define EAP_MAX 6
-+#define EAP_FIREWALL 6			/* Abstact firewall interface */
-+#define EAP_MAX 7
- 
- #define EA_CODE(proto,id) (((proto) << 8) | (id))
- #define EA_PROTO(ea) ((ea) >> 8)
-diff --git a/proto/firewall/Doc b/proto/firewall/Doc
-new file mode 100644
-index 0000000..5779342
---- /dev/null
-+++ proto/firewall/Doc
-@@ -0,0 +1 @@
-+S firewall.c
-diff --git a/proto/firewall/Makefile b/proto/firewall/Makefile
-new file mode 100644
-index 0000000..a322ab6
---- /dev/null
-+++ proto/firewall/Makefile
-@@ -0,0 +1,6 @@
-+source=firewall.c
-+root-rel=../../
-+dir-name=proto/firewall
-+
-+include ../../Rules
-+
-diff --git a/proto/firewall/config.Y b/proto/firewall/config.Y
-new file mode 100644
-index 0000000..aefc606
---- /dev/null
-+++ proto/firewall/config.Y
-@@ -0,0 +1,77 @@
-+/*
-+ *	BIRD -- Firewall Protocol Configuration
-+ *
-+ *	(c) 2011 Alexander V. Chernikov <melifaro@FreeBSD.org>
-+ *
-+ *	Can be freely distributed and used under the terms of the GNU GPL.
-+ */
-+
-+CF_HDR
-+
-+#include "proto/firewall/firewall.h"
-+
-+CF_DEFINES
-+
-+#define FIREWALL_CFG ((struct firewall_config *) this_proto)
-+
-+CF_DECLS
-+
-+CF_KEYWORDS(FIREWALL, FWTABLE, FWTYPE, FW_VALUE, IPFW, PF, IPSET, KEEP, ON, STARTUP, SHUTDOWN, ALWAYS)
-+
-+%type <i> firewall_type
-+CF_GRAMMAR
-+
-+CF_ADDTO(proto, firewall_proto '}')
-+
-+firewall_proto_start: proto_start FIREWALL {
-+     this_proto = proto_config_new(&proto_firewall, $1);
-+     this_proto->preference = 0;
-+     FIREWALL_CFG->flush_start = 1;
-+     FIREWALL_CFG->flush_shutdown = 1;
-+  }
-+ ;
-+
-+firewall_proto:
-+   firewall_proto_start proto_name '{'
-+ | firewall_proto proto_item ';'
-+ | firewall_proto firewall_proto_item ';'
-+ ;
-+
-+firewall_proto_item:
-+   FWTYPE firewall_type {
-+	switch ($2)
-+	  {
-+#ifdef CONFIG_FIREWALL_IPFW
-+	  case FWTYPE_IPFW:
-+	    break;
-+#endif
-+#ifdef CONFIG_FIREWALL_PF
-+	  case FWTYPE_PF:
-+	    break;
-+#endif
-+#ifdef CONFIG_FIREWALL_IPSET
-+	  case FWTYPE_IPSET:
-+	    break;
-+#endif
-+	  default:
-+	    cf_error("firewall type is not supported by your OS/build");
-+	}
-+	FIREWALL_CFG->fwtype = $2;
-+  };
-+ | FWTABLE TEXT { FIREWALL_CFG->fwtable = $2; }
-+ | KEEP ON STARTUP { FIREWALL_CFG->flush_start = 0; }
-+ | KEEP ON SHUTDOWN { FIREWALL_CFG->flush_shutdown = 0; }
-+ | KEEP ALWAYS { FIREWALL_CFG->flush_start = 0; FIREWALL_CFG->flush_shutdown = 0; }
-+ ;
-+
-+firewall_type:
-+   IPFW { $$ = FWTYPE_IPFW; }
-+ | PF { $$ = FWTYPE_PF; }
-+ | IPSET { $$ = FWTYPE_IPSET; }
-+ ;
-+ 
-+CF_ADDTO(dynamic_attr, FW_VALUE { $$ = f_new_dynamic_attr(EAF_TYPE_INT, T_INT, EA_FIREWALL_VALUE); })
-+
-+CF_CODE
-+
-+CF_END
-diff --git a/proto/firewall/firewall.c b/proto/firewall/firewall.c
-new file mode 100644
-index 0000000..e447470
---- /dev/null
-+++ proto/firewall/firewall.c
-@@ -0,0 +1,199 @@
-+/*
-+ *	BIRD -- Firewall Protocol Configuration
-+ *
-+ *	(c) 2011 Alexander V. Chernikov <melifaro@FreeBSD.org>
-+ *
-+ *	Can be freely distributed and used under the terms of the GNU GPL.
-+ */
-+
-+/**
-+ * DOC: Firewall
-+ *
-+ * Firewall protocol is very simple. It adds or removes exported routes to given firewall
-+ * table with zero (or filter-specified) value. Table can be flushed on startup to
-+ * avoid error messages on bird restart.
-+ */
-+
-+#undef LOCAL_DEBUG
-+
-+#include "nest/bird.h"
-+#include "nest/iface.h"
-+#include "nest/protocol.h"
-+#include "nest/route.h"
-+#include "conf/conf.h"
-+#include "filter/filter.h"
-+#include "lib/string.h"
-+
-+#include "firewall.h"
-+
-+static int init_done = 0;
-+struct tbf rl_fw_err;
-+
-+static void
-+firewall_collect(void)
-+{
-+  memset(&firewalls, 0, sizeof(firewalls));
-+  log(L_DEBUG "Initializing firewalls..");
-+#ifdef CONFIG_FIREWALL_IPFW
-+  firewalls[FWTYPE_IPFW] = &fw_ipfw;
-+  log(L_DEBUG "IPFW..");
-+#endif
-+#ifdef CONFIG_FIREWALL_PF
-+  firewalls[FWTYPE_PF] = &fw_pf;
-+  log(L_DEBUG "PF..");
-+#endif
-+#ifdef CONFIG_FIREWALL_IPSET
-+  firewalls[FWTYPE_IPSET] = &fw_ipset;
-+  log(L_DEBUG "IPSET..");
-+#endif
-+}
-+
-+static void
-+firewall_rt_notify(struct proto *P, rtable *src_table, net *n, rte *new, rte *old, ea_list *attrs)
-+{
-+  struct firewall_proto *p = (struct firewall_proto *) P;
-+  u32 prefix_val;
-+  char prefix_data[10];
-+
-+  if (!new && !old)
-+    return;
-+
-+  prefix_val = ea_get_int(attrs, EA_FIREWALL_VALUE, 0);
-+  
-+  if (prefix_val)
-+    bsnprintf(prefix_data, sizeof(prefix_data), "%u", prefix_val);
-+  else
-+   prefix_data[0] = '\0';
-+
-+  DBG("Got prefix %I/%d with data '%s'\n", n->n.prefix, n->n.pxlen, prefix_data);
-+
-+  if (old && new && p->fw->fw_replace)
-+    {
-+      p->fw->fw_replace(p->fwdata, n, prefix_data);
-+      return;
-+    }
-+
-+  if (old)
-+    p->fw->fw_del(p->fwdata, n);
-+
-+  if (new)
-+    p->fw->fw_add(p->fwdata, n, prefix_data);
-+}
-+
-+static int
-+firewall_start(struct proto *P)
-+{
-+  struct firewall_proto *p = (struct firewall_proto *) P;
-+  struct firewall_config *c = (struct firewall_config *)P->cf;
-+  void *fwdata;
-+
-+  if ((fwdata = p->fw->fw_init(P, c->fwtable)) == NULL)
-+    return PS_START;
-+
-+  p->fwdata = fwdata;
-+
-+  /* Flush table if needed */
-+  if ((c->flush_start) && (p->fw->fw_flush))
-+    if (!p->fw->fw_flush(fwdata))
-+      {
-+	log(L_ERR "flush failed for table %s", c->fwtable);
-+	return PS_START;
-+      }
-+
-+  return PS_UP;
-+}
-+
-+static int
-+firewall_shutdown(struct proto *P)
-+{
-+  struct firewall_proto *p = (struct firewall_proto *) P;
-+  struct firewall_config *c = (struct firewall_config *)P->cf;
-+
-+  log(L_DEBUG, "Shutdown requested");
-+
-+  /* Flush table if needed */
-+  if ((c->flush_shutdown) && (p->fw->fw_flush))
-+    if (!p->fw->fw_flush(p->fwdata))
-+	log(L_ERR "flush failed for table %s", c->fwtable);
-+
-+  p->fw->fw_shutdown(p->fwdata);
-+
-+  return PS_DOWN;
-+}
-+
-+static struct proto *
-+firewall_init(struct proto_config *C)
-+{
-+  struct firewall_config *c = (struct firewall_config *) C;
-+  struct proto *P = proto_new(C, sizeof(struct firewall_proto));
-+  struct firewall_proto *p = (struct firewall_proto *) P;
-+
-+  /* Configure firewalls */
-+  if (!init_done)
-+    {
-+      init_done = 1;
-+      firewall_collect();
-+    }
-+
-+  p->fwtype = c->fwtype;
-+  p->fw = firewalls[p->fwtype];
-+  P->accept_ra_types = RA_OPTIMAL;
-+  P->rt_notify = firewall_rt_notify;
-+
-+  return P;
-+}
-+
-+static int
-+firewall_reconfigure(struct proto *P, struct proto_config *new)
-+{
-+  struct firewall_config *o = (struct firewall_config *) P->cf;
-+  struct firewall_config *n = (struct firewall_config *) new;
-+
-+  if ((o->fwtype != n->fwtype) || (strcmp(o->fwtable, n->fwtable)))
-+    return 0;
-+
-+  return 1;
-+}
-+
-+static void
-+firewall_copy_config(struct proto_config *dest, struct proto_config *src)
-+{
-+  /* Just a shallow copy, not many items here */
-+  proto_copy_rest(dest, src, sizeof(struct firewall_config));
-+}
-+
-+static void
-+firewall_get_status(struct proto *P, byte *buf)
-+{
-+  struct firewall_config *c = (struct firewall_config *) P->cf;
-+
-+  bsprintf(buf, "Table [%s]", c->fwtable);
-+}
-+
-+static int
-+firewall_get_attr(eattr * a, byte * buf, int buflen UNUSED)
-+{
-+  switch (a->id)
-+  {
-+  case EA_FIREWALL_VALUE:
-+    bsprintf(buf, "fw_value");
-+    return GA_NAME;
-+  default:
-+    return GA_UNKNOWN;
-+  }
-+}
-+
-+
-+struct protocol proto_firewall = {
-+  name:		"Firewall",
-+  template:	"fw%d",
-+  attr_class:	EAP_FIREWALL,
-+  config_size:	sizeof(struct firewall_config),
-+  init:		firewall_init,
-+  start:	firewall_start,
-+  shutdown:	firewall_shutdown,
-+  reconfigure:	firewall_reconfigure,
-+  copy_config:  firewall_copy_config,
-+  get_status:	firewall_get_status,
-+  get_attr:	firewall_get_attr,
-+};
-diff --git a/proto/firewall/firewall.h b/proto/firewall/firewall.h
-new file mode 100644
-index 0000000..c97ed38
---- /dev/null
-+++ proto/firewall/firewall.h
-@@ -0,0 +1,54 @@
-+/*
-+ *	BIRD -- Firewall Protocol Configuration
-+ *
-+ *	(c) 2011 Alexander V. Chernikov <melifaro@FreeBSD.org>
-+ *
-+ *	Can be freely distributed and used under the terms of the GNU GPL.
-+ */
-+
-+#ifndef _BIRD_FIREWALL_H_
-+#define _BIRD_FIREWALL_H_
-+
-+#define FWTYPE_IPFW		0
-+#define FWTYPE_PF		1
-+#define FWTYPE_IPSET		2
-+
-+#define FWTYPE_MAX		3
-+
-+#define EA_FIREWALL_VALUE	EA_CODE(EAP_FIREWALL, 0)
-+
-+struct firewall_config {
-+  struct proto_config c;
-+  int fwtype;				/* Firewall type */
-+  char *fwtable;			/* Firewall table to write to */
-+  int flush_start;			/* Do table flush on startup? */
-+  int flush_shutdown;			/* Do table flush on shutdown? */
-+};
-+
-+struct firewall_control {
-+  int fwtype;				/* Firewall type */
-+  char *description;			/* Firewall description */
-+  void *(*fw_init)(struct proto *, char *);	/* Init firewall instance */
-+  void (*fw_shutdown)(void *);		/* Shutdown firewall instance */
-+  int (*fw_flush)(void *);		/* Flush firewall table */
-+  int (*fw_add)(void *, net *, char *);	/* Add record to table */
-+  int (*fw_del)(void *, net *);		/* Remove record from table */
-+  int (*fw_replace)(void *, net *, char *);	/* Replace record. Optional */
-+};
-+
-+struct firewall_control * firewalls[FWTYPE_MAX];
-+
-+struct firewall_proto {
-+  struct proto p;
-+  int fwtype;				/* Firewall type */
-+  struct firewall_control *fw;		/* Pointer to configured protocol type */
-+  void *fwdata;				/* Firewall instance private data */
-+};
-+
-+extern struct protocol proto_firewall;
-+
-+extern struct firewall_control fw_ipfw, fw_pf, fw_ipset;
-+extern struct tbf rl_fw_err;
-+#define FW_ERR(x, y...)	log_rl(&rl_fw_err, L_ERR x, ##y)
-+
-+#endif
-diff --git a/sysdep/bsd/Modules b/sysdep/bsd/Modules
-index 3729587..0607321 100644
---- sysdep/bsd/Modules
-+++ sysdep/bsd/Modules
-@@ -1,3 +1,4 @@
- krt-sock.c
- krt-sys.h
- sysio.h
-+fw.c
-diff --git a/sysdep/bsd/fw.c b/sysdep/bsd/fw.c
-new file mode 100644
-index 0000000..e841e06
---- /dev/null
-+++ sysdep/bsd/fw.c
-@@ -0,0 +1,404 @@
-+/*
-+ *	BIRD -- IPFW/PF manipulations
-+ *
-+ *	(c) 2011 Alexander V. Chernikov <melifaro@FreeBSD.org>
-+ *
-+ *	Can be freely distributed and used under the terms of the GNU GPL.
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <limits.h>
-+#include <ctype.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+#include <sys/param.h>
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/sysctl.h>
-+#include <sys/ioctl.h>
-+#include <netinet/in.h>
-+#include <errno.h>
-+#include <err.h>
-+#include <net/route.h>
-+#include <net/if.h>
-+#include <net/if_dl.h>
-+
-+#undef LOCAL_DEBUG
-+
-+#include "nest/bird.h"
-+#include "nest/iface.h"
-+#include "nest/route.h"
-+#include "nest/protocol.h"
-+#include "nest/iface.h"
-+#include "lib/timer.h"
-+#include "lib/unix.h"
-+#include "lib/krt.h"
-+#include "lib/string.h"
-+#include "lib/socket.h"
-+#ifdef CONFIG_FIREWALL
-+#include "proto/firewall/firewall.h"
-+#ifdef CONFIG_FIREWALL_IPFW
-+#include "netinet/ip_fw.h"
-+#endif
-+#ifdef CONFIG_FIREWALL_PF
-+#include "net/pfvar.h"
-+#endif
-+
-+#ifdef CONFIG_FIREWALL_IPFW
-+
-+int ipfw_fd = -1;
-+int ipfw_instance_count = 0;
-+
-+struct ipfw_priv {
-+  int	table; /* Table number */
-+  pool *pool; /* Protocol pool */
-+};
-+
-+int
-+ipfw_do_cmd(int optname, void *optval, uintptr_t optlen)
-+{
-+  return setsockopt(ipfw_fd, IPPROTO_IP, optname, optval, optlen);
-+}
-+
-+void *
-+ipfw_fw_init(struct proto *p, char *table)
-+{
-+  pool *fwpool = p->pool;
-+  int table_num = strtol(table, NULL, 10);
-+  int tables_max;
-+  size_t len = sizeof(tables_max);
-+
-+  if (sysctlbyname("net.inet.ip.fw.tables_max", &tables_max, &len, NULL, 0) == -1)
-+    {
-+      log(L_ERR "Error getting maximum ipfw table count");
-+      tables_max = IPFW_TABLES_MAX;
-+    }
-+  DBG("ipfw maximum table count set to %d\n", tables_max);
-+
-+  if ((table_num < 0) || (table_num >= tables_max))
-+    {
-+      log(L_ERR "ipfw table %d is not within possible range (0..%d)", table_num, tables_max);
-+      return NULL;
-+    }
-+
-+  if (ipfw_fd == -1)
-+    {
-+      if ((ipfw_fd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1)
-+	{
-+	  log(L_ERR "ipfw: error opering raw socket: %m");
-+	  return NULL;
-+	}
-+      DBG("Opened IPFW socked %d\n", ipfw_fd);
-+    }
-+
-+  struct ipfw_priv *priv = mb_alloc(fwpool, sizeof(struct ipfw_priv));
-+
-+  priv->table = table_num;
-+  priv->pool = fwpool;
-+
-+  ipfw_instance_count++;
-+
-+  return priv;
-+}
-+
-+void
-+ipfw_fw_shutdown(void *_priv UNUSED)
-+{
-+  if (--ipfw_instance_count == 0)
-+    {
-+      DBG("Closing ipfw socket %d\n", ipfw_fd);
-+      close(ipfw_fd);
-+      ipfw_fd = -1;
-+    }
-+}
-+
-+int
-+ipfw_fw_flush(void *_priv)
-+{
-+  struct ipfw_priv *priv = _priv;
-+  ipfw_table_entry ent;
-+
-+  memset(&ent, 0, sizeof(ent));
-+  ent.tbl = priv->table;
-+  
-+  log(L_DEBUG "Flushing ipfw table %d", priv->table);
-+
-+  if (ipfw_do_cmd(IP_FW_TABLE_FLUSH, &ent.tbl, sizeof(ent.tbl)) == -1)
-+    {
-+      log(L_ERR "Error flushing ipfw table %d: %m", priv->table);
-+      return 0;
-+    }
-+
-+  return 1;
-+}
-+
-+int
-+ipfw_fw_add(void *_priv, net *n, char *prefixdata)
-+{
-+  struct ipfw_priv *priv = _priv;
-+  ip_addr addr;
-+  ipfw_table_entry ent;
-+
-+  addr = n->n.prefix;
-+  ipa_hton(addr);
-+
-+  ent.masklen = n->n.pxlen;
-+  memcpy(&ent.addr, &addr, sizeof(ip_addr));
-+  ent.value = strtol(prefixdata, NULL, 0);
-+  ent.tbl = priv->table;
-+  
-+  DBG("Adding %I/%d to ipfw table %d with value %s\n", n->n.prefix, n->n.pxlen, priv->table, prefixdata);
-+
-+  if (ipfw_do_cmd(IP_FW_TABLE_ADD, &ent, sizeof(ent)) == -1)
-+    {
-+      FW_ERR("Error adding %I/%d to ipfw table %d: %m", n->n.prefix, n->n.pxlen, priv->table);
-+      return 0;
-+    }
-+
-+  return 1;
-+}
-+
-+int
-+ipfw_fw_del(void *_priv, net *n)
-+{
-+  struct ipfw_priv *priv = _priv;
-+  ip_addr addr;
-+  ipfw_table_entry ent;
-+
-+  addr = n->n.prefix;
-+  ipa_hton(addr);
-+
-+  ent.masklen = n->n.pxlen;
-+  memcpy(&ent.addr, &addr, sizeof(ip_addr));
-+  ent.value = 0;
-+  ent.tbl = priv->table;
-+
-+  DBG("Removing %I/%d from ipfw table %d\n", n->n.prefix, n->n.pxlen, priv->table);
-+  
-+  if (ipfw_do_cmd(IP_FW_TABLE_DEL, &ent, sizeof(ent)) == -1)
-+    {
-+      FW_ERR("Error removing %I/%d from ipfw table %d: %m", n->n.prefix, n->n.pxlen, priv->table);
-+      return 0;
-+    }
-+
-+  return 1;
-+}
-+
-+struct firewall_control fw_ipfw = {
-+  fwtype:	FWTYPE_IPFW,
-+  description:	"IPFW",
-+  fw_init:	ipfw_fw_init,
-+  fw_shutdown:	ipfw_fw_shutdown,
-+  fw_flush:	ipfw_fw_flush,
-+  fw_add:	ipfw_fw_add,
-+  fw_del:	ipfw_fw_del,
-+};
-+#endif
-+
-+#ifdef CONFIG_FIREWALL_PF
-+
-+#define PF_DEVNAME	"/dev/pf"
-+int pf_fd = -1;
-+int pf_instance_count = 0;
-+
-+struct pf_priv {
-+  struct pfr_table table; /* PF table structure */
-+  pool *pool; /* Protocol pool */
-+};
-+
-+#define pf_tablename	table.pfrt_name
-+
-+int
-+pf_do_cmd(struct pfr_table *tbl, unsigned long cmd, void *buffer, int esize, int items, int *nadd, int *ndel, int flags)
-+{
-+  struct pfioc_table io;
-+
-+  bzero(&io, sizeof(io));
-+  io.pfrio_flags = flags;
-+  if (tbl)
-+    io.pfrio_table = *tbl;
-+  io.pfrio_buffer = buffer;
-+  io.pfrio_esize = esize;
-+  io.pfrio_size = items;
-+
-+  /* DBG("Doing PF ioctl %X for table %s on fd %d\n", cmd, tbl ? tbl->pfrt_name : "NULL", pf_fd); */
-+  if (ioctl(pf_fd, cmd, &io))
-+    return 0;
-+
-+  if (nadd)
-+    *nadd = io.pfrio_nadd;
-+  if (ndel)
-+    *ndel = io.pfrio_ndel;
-+  
-+  return 1;
-+}
-+
-+void *
-+pf_fw_init(struct proto *p, char *table)
-+{
-+  pool *fwpool = p->pool;
-+  struct pfr_table pf_table;
-+  int nadd = 0;
-+
-+  if (strlen(table) > PF_TABLE_NAME_SIZE)
-+    {
-+      log(L_ERR "PF table name too long, max %d", PF_TABLE_NAME_SIZE);
-+      return NULL;
-+    }
-+
-+  memset(&pf_table, 0, sizeof(pf_table));
-+  
-+  if (pf_fd == -1)
-+    {
-+      if ((pf_fd = open(PF_DEVNAME, O_RDWR)) == -1)
-+	{
-+	  log(L_ERR "pf: error opening %s: %m", PF_DEVNAME);
-+	  return NULL;
-+	}
-+
-+      DBG("Opened PF socked %d\n", pf_fd);
-+    }
-+
-+  strcpy(pf_table.pfrt_name, table);
-+  pf_table.pfrt_flags |= PFR_TFLAG_PERSIST;
-+  if (!pf_do_cmd(NULL, DIOCRADDTABLES, &pf_table, sizeof(pf_table), 1, &nadd, NULL, 0))
-+    {
-+      log(L_ERR "Error creating PF table %s: %m", table);
-+      if (pf_instance_count == 0)
-+	{
-+	  log(L_ERR "Closing PF socket");
-+	  close(pf_fd);
-+	  pf_fd = -1;
-+	}
-+      return NULL;
-+    }
-+  DBG("PF table %s created\n", table);
-+  /* Remove persistent flag */ 
-+  pf_table.pfrt_flags = 0;
-+
-+  struct pf_priv *priv = mb_alloc(fwpool, sizeof(struct pf_priv));
-+
-+  priv->table = pf_table;
-+  priv->pool = fwpool;
-+
-+  pf_instance_count++;
-+
-+  return priv;
-+}
-+
-+void
-+pf_fw_shutdown(void *_priv UNUSED)
-+{
-+  if (--pf_instance_count == 0)
-+    {
-+      DBG("Closing PF socket %d\n", pf_fd);
-+      close(pf_fd);
-+      pf_fd = -1;
-+    }
-+}
-+
-+int
-+pf_fw_flush(void *_priv)
-+{
-+  struct pf_priv *priv = _priv;
-+  int ndel;
-+
-+  log(L_DEBUG "Flushing PF table %s", priv->pf_tablename);
-+
-+  if (!pf_do_cmd(&priv->table, DIOCRCLRADDRS, NULL, 0, 0, NULL, &ndel, 0))
-+    {
-+      log(L_ERR "Error flushing PF table %s: %m", priv->pf_tablename);
-+      return 0;
-+    }
-+
-+  DBG("Flushed %d record(s) from PF table %s\n", ndel, priv->pf_tablename);
-+
-+  return 1;
-+}
-+
-+static int
-+pf_put_addr(struct pfr_addr *pf_addr, net *n)
-+{
-+  int rt_family = AF_INET;
-+  ip_addr addr;
-+
-+  memset(pf_addr, 0, sizeof(struct pfr_addr));
-+  pf_addr->pfra_not = 0;
-+  pf_addr->pfra_net = n->n.pxlen;
-+  switch (rt_family)
-+    {
-+      case AF_INET:
-+	addr = n->n.prefix;
-+	ipa_hton(addr);
-+	pf_addr->pfra_ip4addr.s_addr = addr;
-+	pf_addr->pfra_af = rt_family;
-+	break;
-+      default:
-+	log(L_ERR "Address family %d is not supported by pf, ignoring prefix", rt_family);
-+	return 0;
-+    }
-+
-+  return 1;
-+}
-+
-+int
-+pf_fw_add(void *_priv, net *n, char *prefixdata)
-+{
-+  struct pf_priv *priv = _priv;
-+  struct pfr_addr pf_addr;
-+  int nadd = 0;
-+
-+  if (!pf_put_addr(&pf_addr, n))
-+    {
-+      FW_ERR("Error adding %I/%d to PF table %s", n->n.prefix, n->n.pxlen, priv->pf_tablename);
-+      return 0;
-+    }
-+
-+  DBG("Adding %I/%d to PF table %s with value %s\n", n->n.prefix, n->n.pxlen, priv->pf_tablename, prefixdata);
-+  if (!pf_do_cmd(&priv->table, DIOCRADDADDRS, &pf_addr, sizeof(pf_addr), 1, &nadd, NULL, 0))
-+    {
-+      FW_ERR("Error adding %I/%d to PF table %s: %m", n->n.prefix, n->n.pxlen, priv->pf_tablename);
-+      return 0;
-+    }
-+
-+  return 1;
-+}
-+
-+int
-+pf_fw_del(void *_priv, net *n)
-+{
-+  struct pf_priv *priv = _priv;
-+  struct pfr_addr pf_addr;
-+  int ndel = 0;
-+
-+  if (!pf_put_addr(&pf_addr, n))
-+    {
-+      FW_ERR("Error deleting %I/%d from PF table %s", n->n.prefix, n->n.pxlen, priv->pf_tablename);
-+      return 0;
-+    }
-+
-+  DBG("Deleting %I/%d from PF table %s\n", n->n.prefix, n->n.pxlen, priv->pf_tablename);
-+  if (!pf_do_cmd(&priv->table, DIOCRDELADDRS, &pf_addr, sizeof(pf_addr), 1, NULL, &ndel, 0))
-+    {
-+      FW_ERR("Error deleting %I/%d from PF table %s: %m", n->n.prefix, n->n.pxlen, priv->pf_tablename);
-+      return 0;
-+    }
-+
-+  return 1;
-+}
-+
-+struct firewall_control fw_pf = {
-+  fwtype:	FWTYPE_PF,
-+  description:	"PF",
-+  fw_init:	pf_fw_init,
-+  fw_shutdown:	pf_fw_shutdown,
-+  fw_flush:	pf_fw_flush,
-+  fw_add:	pf_fw_add,
-+  fw_del:	pf_fw_del,
-+};
-+#endif
-+
-+
-+#endif
-+
--- 
-1.7.3.2
-
---- configure.orig	2012-08-07 13:28:04.000000000 +0400
-+++ configure	2012-08-15 15:54:05.000000000 +0400
-@@ -4361,6 +4361,8 @@
- 		ipv6:freebsd*)	sysdesc=bsd-v6
- 				;;
- 		ipv4:freebsd*)	sysdesc=bsd
-+				$as_echo "#define CONFIG_FIREWALL_IPFW 1" >>confdefs.h
-+				$as_echo "#define CONFIG_FIREWALL_PF 1" >>confdefs.h
- 				;;
- 		ipv6:dragonfly*)	sysdesc=bsd-v6
- 				;;
-
diff --git a/net/bird/files/patch-filter-filter.c b/net/bird/files/patch-filter-filter.c
deleted file mode 100644
index 145809e94375..000000000000
--- a/net/bird/files/patch-filter-filter.c
+++ /dev/null
@@ -1,10 +0,0 @@
---- filter/filter.c.orig	2018-02-07 16:42:34.914441000 +0100
-+++ filter/filter.c	2018-02-07 16:43:07.274018000 +0100
-@@ -1559,6 +1559,7 @@
-   case P('<','='): TWOARGS; break;
- 
-   case '!': ONEARG; break;
-+  case P('!', '~'):
-   case '~': TWOARGS; break;
-   case P('d','e'): ONEARG; break;
- 
diff --git a/net/bird/files/patch-sysdep-bsd-setkey.h b/net/bird/files/patch-sysdep-bsd-setkey.h
index 9eb12f81e92e..99096b754e53 100644
--- a/net/bird/files/patch-sysdep-bsd-setkey.h
+++ b/net/bird/files/patch-sysdep-bsd-setkey.h
@@ -1,5 +1,5 @@
---- sysdep/bsd/setkey.h	2017-05-15 14:04:47.215628000 +0300
-+++ sysdep/bsd/setkey.h	2017-05-15 14:05:36.850028000 +0300
+--- sysdep/bsd/setkey.h.orig	2018-03-22 12:32:46 UTC
++++ sysdep/bsd/setkey.h
 @@ -158,12 +158,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr 
      if (len > TCP_KEYLEN_MAX)
        ERR_MSG("The password for TCP MD5 Signature is too long");
diff --git a/net/bird/files/patch-sysdep-bsd-sysio.h b/net/bird/files/patch-sysdep-bsd-sysio.h
deleted file mode 100644
index 609fbef089ee..000000000000
--- a/net/bird/files/patch-sysdep-bsd-sysio.h
+++ /dev/null
@@ -1,23 +0,0 @@
-diff --git sysdep/bsd/sysio.h sysdep/bsd/sysio.h
-index 2610a47..9b10e6e 100644
---- sysdep/bsd/sysio.h
-+++ sysdep/bsd/sysio.h
-@@ -9,6 +9,7 @@
- #include <net/if_dl.h>
- #include <netinet/in_systm.h> // Workaround for some BSDs
- #include <netinet/ip.h>
-+#include <sys/param.h>
- 
- 
- #ifdef __NetBSD__
-@@ -179,8 +180,8 @@ sk_prepare_ip_header(sock *s, void *hdr, int dlen)
-   ip->ip_src = ipa_to_in4(s->saddr);
-   ip->ip_dst = ipa_to_in4(s->daddr);
- 
--#ifdef __OpenBSD__
--  /* OpenBSD expects ip_len in network order, other BSDs expect host order */
-+#if (defined __OpenBSD__) || (defined __DragonFly__) || (defined __FreeBSD__ && (__FreeBSD_version >= 1100030))
-+  /* Different BSDs have different expectations of ip_len endianity */
-   ip->ip_len = htons(ip->ip_len);
- #endif
- }
diff --git a/net/bird/files/patch-tools_gendist b/net/bird/files/patch-tools_gendist
new file mode 100644
index 000000000000..12baaf5300ce
--- /dev/null
+++ b/net/bird/files/patch-tools_gendist
@@ -0,0 +1,11 @@
+--- tools/gendist.orig	2018-03-26 21:29:43 UTC
++++ tools/gendist
+@@ -5,7 +5,7 @@
+ #
+ 
+ set -e
+-AC=`if [ -x /usr/bin/autoconf2.50 ] ; then echo autoconf2.50 ; else echo autoconf ; fi`
++AC=autoreconf
+ $AC
+ ./configure
+ make distclean
author	Olivier Cochard <olivier@FreeBSD.org>	2018-03-27 23:09:22 +0800
committer	Olivier Cochard <olivier@FreeBSD.org>	2018-03-27 23:09:22 +0800
commit	101f50499cd13613abb1a418da6b464ec8f3de35 (patch)
tree	45f23e78912cfddf21568e4b31c89c380d248ea0
parent	610a3c55dc020e05d90ee1a568613d5cf467b662 (diff)
download	freebsd-ports-101f50499cd13613abb1a418da6b464ec8f3de35.tar.gz freebsd-ports-101f50499cd13613abb1a418da6b464ec8f3de35.tar.zst freebsd-ports-101f50499cd13613abb1a418da6b464ec8f3de35.zip