PERFORCE change 122811 for review
Peter Wemm
peter at FreeBSD.org
Tue Jul 3 22:58:20 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=122811
Change 122811 by peter at peter_daintree on 2007/07/03 22:57:37
IFC @122807
Affected files ...
.. //depot/projects/hammer/ObsoleteFiles.inc#29 integrate
.. //depot/projects/hammer/UPDATING#103 integrate
.. //depot/projects/hammer/bin/ed/Makefile#11 integrate
.. //depot/projects/hammer/contrib/netcat/netcat.c#4 integrate
.. //depot/projects/hammer/contrib/pf/authpf/authpf.8#5 integrate
.. //depot/projects/hammer/contrib/pf/authpf/authpf.c#6 integrate
.. //depot/projects/hammer/contrib/pf/ftp-proxy/filter.c#1 branch
.. //depot/projects/hammer/contrib/pf/ftp-proxy/filter.h#1 branch
.. //depot/projects/hammer/contrib/pf/ftp-proxy/ftp-proxy.8#5 integrate
.. //depot/projects/hammer/contrib/pf/ftp-proxy/ftp-proxy.c#5 integrate
.. //depot/projects/hammer/contrib/pf/ftp-proxy/getline.c#3 delete
.. //depot/projects/hammer/contrib/pf/ftp-proxy/util.c#4 delete
.. //depot/projects/hammer/contrib/pf/ftp-proxy/util.h#3 delete
.. //depot/projects/hammer/contrib/pf/libevent/buffer.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/evbuffer.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/event-internal.h#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/event.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/event.h#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/evsignal.h#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/kqueue.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/log.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/log.h#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/poll.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/select.c#1 branch
.. //depot/projects/hammer/contrib/pf/libevent/signal.c#1 branch
.. //depot/projects/hammer/contrib/pf/man/pf.4#8 integrate
.. //depot/projects/hammer/contrib/pf/man/pf.conf.5#12 integrate
.. //depot/projects/hammer/contrib/pf/man/pf.os.5#5 integrate
.. //depot/projects/hammer/contrib/pf/man/pflog.4#6 integrate
.. //depot/projects/hammer/contrib/pf/man/pfsync.4#10 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/parse.y#6 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pf_print_state.c#4 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl.8#5 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl.c#5 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl.h#5 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_altq.c#7 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_optimize.c#2 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_osfp.c#4 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_parser.c#6 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_parser.h#5 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_radix.c#4 integrate
.. //depot/projects/hammer/contrib/pf/pfctl/pfctl_table.c#6 integrate
.. //depot/projects/hammer/contrib/pf/pflogd/pflogd.8#5 integrate
.. //depot/projects/hammer/contrib/pf/pflogd/pflogd.c#9 integrate
.. //depot/projects/hammer/contrib/pf/pflogd/pflogd.h#2 integrate
.. //depot/projects/hammer/contrib/pf/pflogd/privsep.c#3 integrate
.. //depot/projects/hammer/contrib/pf/tftp-proxy/filter.c#1 branch
.. //depot/projects/hammer/contrib/pf/tftp-proxy/filter.h#1 branch
.. //depot/projects/hammer/contrib/pf/tftp-proxy/tftp-proxy.8#1 branch
.. //depot/projects/hammer/contrib/pf/tftp-proxy/tftp-proxy.c#1 branch
.. //depot/projects/hammer/contrib/telnet/telnet/externs.h#2 integrate
.. //depot/projects/hammer/contrib/traceroute/traceroute.c#9 integrate
.. //depot/projects/hammer/etc/mtree/BSD.include.dist#45 integrate
.. //depot/projects/hammer/include/Makefile#67 integrate
.. //depot/projects/hammer/lib/libc/net/sctp_sys_calls.c#7 integrate
.. //depot/projects/hammer/lib/libipsec/Makefile#11 integrate
.. //depot/projects/hammer/lib/libipsec/ipsec_dump_policy.c#4 integrate
.. //depot/projects/hammer/lib/libipsec/ipsec_get_policylen.c#2 integrate
.. //depot/projects/hammer/lib/libipsec/ipsec_set_policy.3#9 integrate
.. //depot/projects/hammer/lib/libipsec/ipsec_strerror.3#7 integrate
.. //depot/projects/hammer/lib/libipsec/ipsec_strerror.c#2 integrate
.. //depot/projects/hammer/lib/libipsec/pfkey.c#4 integrate
.. //depot/projects/hammer/lib/libipsec/pfkey_dump.c#7 integrate
.. //depot/projects/hammer/lib/libipsec/policy_parse.y#3 integrate
.. //depot/projects/hammer/lib/libipsec/policy_token.l#4 integrate
.. //depot/projects/hammer/lib/libipsec/test-policy.c#3 integrate
.. //depot/projects/hammer/libexec/Makefile#32 integrate
.. //depot/projects/hammer/libexec/ftp-proxy/Makefile#3 delete
.. //depot/projects/hammer/libexec/tftp-proxy/Makefile#1 branch
.. //depot/projects/hammer/release/doc/en_US.ISO8859-1/relnotes/article.sgml#9 integrate
.. //depot/projects/hammer/release/i386/fixit_crunch.conf#9 integrate
.. //depot/projects/hammer/sbin/dhclient/dhclient-script#11 integrate
.. //depot/projects/hammer/sbin/pfctl/Makefile#7 integrate
.. //depot/projects/hammer/sbin/ping/ping.c#22 integrate
.. //depot/projects/hammer/sbin/ping6/Makefile#6 integrate
.. //depot/projects/hammer/sbin/ping6/ping6.c#10 integrate
.. //depot/projects/hammer/sbin/setkey/Makefile#4 integrate
.. //depot/projects/hammer/sbin/setkey/parse.y#3 integrate
.. //depot/projects/hammer/sbin/setkey/setkey.c#2 integrate
.. //depot/projects/hammer/sbin/setkey/test-pfkey.c#2 integrate
.. //depot/projects/hammer/sbin/setkey/test-policy.c#2 integrate
.. //depot/projects/hammer/sbin/setkey/token.l#3 integrate
.. //depot/projects/hammer/share/man/man4/ath.4#34 integrate
.. //depot/projects/hammer/share/man/man4/ieee80211.4#7 integrate
.. //depot/projects/hammer/share/man/man4/msk.4#3 integrate
.. //depot/projects/hammer/share/man/man4/wi.4#28 integrate
.. //depot/projects/hammer/share/man/man7/hier.7#35 integrate
.. //depot/projects/hammer/share/man/man9/ieee80211_ioctl.9#5 integrate
.. //depot/projects/hammer/share/misc/committers-ports.dot#4 integrate
.. //depot/projects/hammer/share/mk/sys.mk#23 integrate
.. //depot/projects/hammer/sys/Makefile#16 integrate
.. //depot/projects/hammer/sys/amd64/amd64/pmap.c#161 integrate
.. //depot/projects/hammer/sys/amd64/conf/GENERIC#96 integrate
.. //depot/projects/hammer/sys/amd64/conf/NOTES#100 integrate
.. //depot/projects/hammer/sys/cam/scsi/scsi_da.c#43 integrate
.. //depot/projects/hammer/sys/conf/NOTES#121 integrate
.. //depot/projects/hammer/sys/conf/files#153 integrate
.. //depot/projects/hammer/sys/conf/files.amd64#92 integrate
.. //depot/projects/hammer/sys/conf/files.arm#9 integrate
.. //depot/projects/hammer/sys/conf/files.i386#78 integrate
.. //depot/projects/hammer/sys/conf/files.ia64#39 integrate
.. //depot/projects/hammer/sys/conf/files.pc98#61 integrate
.. //depot/projects/hammer/sys/conf/files.powerpc#23 integrate
.. //depot/projects/hammer/sys/conf/files.sparc64#41 integrate
.. //depot/projects/hammer/sys/conf/files.sun4v#3 integrate
.. //depot/projects/hammer/sys/conf/options#108 integrate
.. //depot/projects/hammer/sys/contrib/altq/altq/altq_cbq.c#4 integrate
.. //depot/projects/hammer/sys/contrib/altq/altq/altq_hfsc.c#3 integrate
.. //depot/projects/hammer/sys/contrib/altq/altq/altq_priq.c#3 integrate
.. //depot/projects/hammer/sys/contrib/altq/altq/altq_red.c#3 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/if_pflog.c#19 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/if_pflog.h#8 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/if_pfsync.c#26 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/if_pfsync.h#7 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf.c#30 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf_if.c#9 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf_ioctl.c#24 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf_mtag.h#1 branch
.. //depot/projects/hammer/sys/contrib/pf/net/pf_norm.c#13 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf_osfp.c#5 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf_ruleset.c#1 branch
.. //depot/projects/hammer/sys/contrib/pf/net/pf_subr.c#3 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pf_table.c#6 integrate
.. //depot/projects/hammer/sys/contrib/pf/net/pfvar.h#13 integrate
.. //depot/projects/hammer/sys/crypto/via/padlock.c#6 integrate
.. //depot/projects/hammer/sys/dev/isp/isp.c#26 integrate
.. //depot/projects/hammer/sys/dev/isp/isp_freebsd.h#22 integrate
.. //depot/projects/hammer/sys/dev/isp/isp_library.c#7 integrate
.. //depot/projects/hammer/sys/dev/isp/ispvar.h#20 integrate
.. //depot/projects/hammer/sys/dev/snp/snp.c#22 integrate
.. //depot/projects/hammer/sys/dev/sound/pci/hda/hdac.c#8 integrate
.. //depot/projects/hammer/sys/dev/sound/pci/hda/hdac_private.h#5 integrate
.. //depot/projects/hammer/sys/dev/sound/pcm/ac97_patch.c#9 integrate
.. //depot/projects/hammer/sys/dev/usb/umass.c#45 integrate
.. //depot/projects/hammer/sys/dev/usb/usbdevs#81 integrate
.. //depot/projects/hammer/sys/fs/devfs/devfs_int.h#4 integrate
.. //depot/projects/hammer/sys/fs/devfs/devfs_vnops.c#51 integrate
.. //depot/projects/hammer/sys/i386/conf/GENERIC#54 integrate
.. //depot/projects/hammer/sys/i386/conf/NOTES#90 integrate
.. //depot/projects/hammer/sys/i386/i386/pmap.c#93 integrate
.. //depot/projects/hammer/sys/kern/kern_conf.c#44 integrate
.. //depot/projects/hammer/sys/kern/kern_descrip.c#69 integrate
.. //depot/projects/hammer/sys/kern/kern_lockf.c#15 integrate
.. //depot/projects/hammer/sys/kern/kern_priv.c#3 integrate
.. //depot/projects/hammer/sys/kern/subr_smp.c#30 integrate
.. //depot/projects/hammer/sys/kern/sysv_sem.c#27 integrate
.. //depot/projects/hammer/sys/kern/tty_pts.c#6 integrate
.. //depot/projects/hammer/sys/kern/tty_pty.c#34 integrate
.. //depot/projects/hammer/sys/kern/tty_tty.c#13 integrate
.. //depot/projects/hammer/sys/kern/uipc_syscalls.c#63 integrate
.. //depot/projects/hammer/sys/modules/ipfw/Makefile#9 integrate
.. //depot/projects/hammer/sys/modules/pf/Makefile#13 integrate
.. //depot/projects/hammer/sys/net/if_ethersubr.c#64 integrate
.. //depot/projects/hammer/sys/net/if_ppp.c#30 integrate
.. //depot/projects/hammer/sys/net/pfkeyv2.h#8 integrate
.. //depot/projects/hammer/sys/net80211/ieee80211_radiotap.h#9 integrate
.. //depot/projects/hammer/sys/netinet/in_pcb.c#49 integrate
.. //depot/projects/hammer/sys/netinet/in_pcb.h#34 integrate
.. //depot/projects/hammer/sys/netinet/in_proto.c#23 integrate
.. //depot/projects/hammer/sys/netinet/ip_fw2.c#83 integrate
.. //depot/projects/hammer/sys/netinet/ip_icmp.c#34 integrate
.. //depot/projects/hammer/sys/netinet/ip_input.c#66 integrate
.. //depot/projects/hammer/sys/netinet/ip_ipsec.c#5 integrate
.. //depot/projects/hammer/sys/netinet/ip_output.c#64 integrate
.. //depot/projects/hammer/sys/netinet/raw_ip.c#48 integrate
.. //depot/projects/hammer/sys/netinet/sctp_indata.c#10 integrate
.. //depot/projects/hammer/sys/netinet/sctp_input.c#9 integrate
.. //depot/projects/hammer/sys/netinet/sctp_input.h#5 integrate
.. //depot/projects/hammer/sys/netinet/sctp_os_bsd.h#9 integrate
.. //depot/projects/hammer/sys/netinet/sctp_output.c#9 integrate
.. //depot/projects/hammer/sys/netinet/sctp_pcb.c#9 integrate
.. //depot/projects/hammer/sys/netinet/sctp_usrreq.c#9 integrate
.. //depot/projects/hammer/sys/netinet/sctp_var.h#6 integrate
.. //depot/projects/hammer/sys/netinet/sctputil.c#11 integrate
.. //depot/projects/hammer/sys/netinet/tcp_input.c#74 integrate
.. //depot/projects/hammer/sys/netinet/tcp_output.c#43 integrate
.. //depot/projects/hammer/sys/netinet/tcp_subr.c#66 integrate
.. //depot/projects/hammer/sys/netinet/tcp_syncache.c#43 integrate
.. //depot/projects/hammer/sys/netinet/udp_usrreq.c#48 integrate
.. //depot/projects/hammer/sys/netinet6/ah.h#5 delete
.. //depot/projects/hammer/sys/netinet6/ah6.h#4 delete
.. //depot/projects/hammer/sys/netinet6/ah_aesxcbcmac.c#5 delete
.. //depot/projects/hammer/sys/netinet6/ah_aesxcbcmac.h#3 delete
.. //depot/projects/hammer/sys/netinet6/ah_core.c#13 delete
.. //depot/projects/hammer/sys/netinet6/ah_input.c#8 delete
.. //depot/projects/hammer/sys/netinet6/ah_output.c#9 delete
.. //depot/projects/hammer/sys/netinet6/esp.h#4 delete
.. //depot/projects/hammer/sys/netinet6/esp6.h#3 delete
.. //depot/projects/hammer/sys/netinet6/esp_aesctr.c#6 delete
.. //depot/projects/hammer/sys/netinet6/esp_aesctr.h#3 delete
.. //depot/projects/hammer/sys/netinet6/esp_camellia.c#2 delete
.. //depot/projects/hammer/sys/netinet6/esp_camellia.h#2 delete
.. //depot/projects/hammer/sys/netinet6/esp_core.c#11 delete
.. //depot/projects/hammer/sys/netinet6/esp_input.c#11 delete
.. //depot/projects/hammer/sys/netinet6/esp_rijndael.c#7 delete
.. //depot/projects/hammer/sys/netinet6/esp_rijndael.h#5 delete
.. //depot/projects/hammer/sys/netinet6/icmp6.c#29 integrate
.. //depot/projects/hammer/sys/netinet6/in6.h#17 integrate
.. //depot/projects/hammer/sys/netinet6/in6_pcb.c#30 integrate
.. //depot/projects/hammer/sys/netinet6/in6_proto.c#18 integrate
.. //depot/projects/hammer/sys/netinet6/ip6_forward.c#18 integrate
.. //depot/projects/hammer/sys/netinet6/ip6_input.c#31 integrate
.. //depot/projects/hammer/sys/netinet6/ip6_ipsec.c#1 branch
.. //depot/projects/hammer/sys/netinet6/ip6_ipsec.h#1 branch
.. //depot/projects/hammer/sys/netinet6/ip6_output.c#43 integrate
.. //depot/projects/hammer/sys/netinet6/ipcomp.h#3 delete
.. //depot/projects/hammer/sys/netinet6/ipcomp6.h#3 delete
.. //depot/projects/hammer/sys/netinet6/ipcomp_core.c#6 delete
.. //depot/projects/hammer/sys/netinet6/ipcomp_input.c#6 delete
.. //depot/projects/hammer/sys/netinet6/ipcomp_output.c#6 delete
.. //depot/projects/hammer/sys/netinet6/ipsec.c#22 delete
.. //depot/projects/hammer/sys/netinet6/ipsec.h#9 delete
.. //depot/projects/hammer/sys/netinet6/ipsec6.h#6 delete
.. //depot/projects/hammer/sys/netinet6/nd6.c#31 integrate
.. //depot/projects/hammer/sys/netinet6/nd6_nbr.c#22 integrate
.. //depot/projects/hammer/sys/netinet6/raw_ip6.c#30 integrate
.. //depot/projects/hammer/sys/netinet6/sctp6_usrreq.c#9 integrate
.. //depot/projects/hammer/sys/netinet6/udp6_output.c#17 integrate
.. //depot/projects/hammer/sys/netinet6/udp6_usrreq.c#27 integrate
.. //depot/projects/hammer/sys/netipsec/ipsec.c#18 integrate
.. //depot/projects/hammer/sys/netipsec/ipsec.h#12 integrate
.. //depot/projects/hammer/sys/netipsec/ipsec6.h#3 integrate
.. //depot/projects/hammer/sys/netipsec/ipsec_mbuf.c#8 integrate
.. //depot/projects/hammer/sys/netipsec/ipsec_output.c#11 integrate
.. //depot/projects/hammer/sys/netipsec/key.c#17 integrate
.. //depot/projects/hammer/sys/netipsec/key_debug.c#5 integrate
.. //depot/projects/hammer/sys/netipsec/keysock.c#14 integrate
.. //depot/projects/hammer/sys/netipsec/xform_ah.c#12 integrate
.. //depot/projects/hammer/sys/netipsec/xform_ipip.c#11 integrate
.. //depot/projects/hammer/sys/netkey/key.c#25 delete
.. //depot/projects/hammer/sys/netkey/key.h#5 delete
.. //depot/projects/hammer/sys/netkey/key_debug.c#8 delete
.. //depot/projects/hammer/sys/netkey/key_debug.h#5 delete
.. //depot/projects/hammer/sys/netkey/key_var.h#4 delete
.. //depot/projects/hammer/sys/netkey/keydb.c#8 delete
.. //depot/projects/hammer/sys/netkey/keydb.h#7 delete
.. //depot/projects/hammer/sys/netkey/keysock.c#17 delete
.. //depot/projects/hammer/sys/netkey/keysock.h#5 delete
.. //depot/projects/hammer/sys/nfsclient/nfs_bio.c#43 integrate
.. //depot/projects/hammer/sys/nfsclient/nfs_subs.c#28 integrate
.. //depot/projects/hammer/sys/security/audit/audit.c#9 integrate
.. //depot/projects/hammer/sys/security/audit/audit_bsm.c#9 integrate
.. //depot/projects/hammer/sys/sys/conf.h#41 integrate
.. //depot/projects/hammer/sys/sys/mbuf.h#60 integrate
.. //depot/projects/hammer/sys/sys/param.h#88 integrate
.. //depot/projects/hammer/sys/sys/systm.h#47 integrate
.. //depot/projects/hammer/sys/ufs/ufs/dir.h#5 integrate
.. //depot/projects/hammer/sys/vm/vm_pageout.c#44 integrate
.. //depot/projects/hammer/tools/tools/tinybsd/conf/bridge/tinybsd.basefiles#3 integrate
.. //depot/projects/hammer/tools/tools/tinybsd/conf/default/tinybsd.basefiles#3 integrate
.. //depot/projects/hammer/tools/tools/tinybsd/conf/wireless/tinybsd.basefiles#3 integrate
.. //depot/projects/hammer/tools/tools/tinybsd/conf/wrap/tinybsd.basefiles#3 integrate
.. //depot/projects/hammer/usr.bin/netstat/Makefile#14 integrate
.. //depot/projects/hammer/usr.bin/netstat/ipsec.c#7 integrate
.. //depot/projects/hammer/usr.bin/netstat/main.c#23 integrate
.. //depot/projects/hammer/usr.bin/netstat/netstat.h#17 integrate
.. //depot/projects/hammer/usr.bin/netstat/pfkey.c#3 integrate
.. //depot/projects/hammer/usr.bin/telnet/Makefile#9 integrate
.. //depot/projects/hammer/usr.sbin/Makefile#78 integrate
.. //depot/projects/hammer/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c#6 integrate
.. //depot/projects/hammer/usr.sbin/ftp-proxy/Makefile#1 branch
.. //depot/projects/hammer/usr.sbin/ftp-proxy/Makefile.inc#1 branch
.. //depot/projects/hammer/usr.sbin/ftp-proxy/ftp-proxy/Makefile#1 branch
.. //depot/projects/hammer/usr.sbin/ftp-proxy/libevent/Makefile#1 branch
.. //depot/projects/hammer/usr.sbin/inetd/Makefile#8 integrate
.. //depot/projects/hammer/usr.sbin/inetd/inetd.c#19 integrate
.. //depot/projects/hammer/usr.sbin/rrenumd/Makefile#4 integrate
.. //depot/projects/hammer/usr.sbin/rrenumd/rrenumd.c#4 integrate
.. //depot/projects/hammer/usr.sbin/traceroute6/Makefile#4 integrate
.. //depot/projects/hammer/usr.sbin/traceroute6/traceroute6.c#10 integrate
.. //depot/projects/hammer/usr.sbin/wicontrol/Makefile#3 delete
.. //depot/projects/hammer/usr.sbin/wicontrol/wicontrol.8#15 delete
.. //depot/projects/hammer/usr.sbin/wicontrol/wicontrol.c#11 delete
Differences ...
==== //depot/projects/hammer/ObsoleteFiles.inc#29 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $FreeBSD: src/ObsoleteFiles.inc,v 1.97 2007/06/25 05:06:52 rafan Exp $
+# $FreeBSD: src/ObsoleteFiles.inc,v 1.102 2007/07/03 13:06:45 mlaier Exp $
#
# This file lists old files (OLD_FILES), libraries (OLD_LIBS) and
# directories (OLD_DIRS) which should get removed at an update. Recently
@@ -14,6 +14,30 @@
# The file is partitioned: OLD_FILES first, then OLD_LIBS and OLD_DIRS last.
#
+# 20070703: pf 4.1 import
+OLD_FILES+=usr/libexec/ftp-proxy
+# 20070701: KAME IPSec removal
+OLD_FILES+=usr/include/netinet6/ah.h
+OLD_FILES+=usr/include/netinet6/ah6.h
+OLD_FILES+=usr/include/netinet6/ah_aesxcbcmac.h
+OLD_FILES+=usr/include/netinet6/esp.h
+OLD_FILES+=usr/include/netinet6/esp6.h
+OLD_FILES+=usr/include/netinet6/esp_aesctr.h
+OLD_FILES+=usr/include/netinet6/esp_camellia.h
+OLD_FILES+=usr/include/netinet6/esp_rijndael.h
+OLD_FILES+=usr/include/netinet6/ipsec.h
+OLD_FILES+=usr/include/netinet6/ipsec6.h
+OLD_FILES+=usr/include/netinet6/ipcomp.h
+OLD_FILES+=usr/include/netinet6/ipcomp6.h
+OLD_FILES+=usr/include/netkey/key.h
+OLD_FILES+=usr/include/netkey/key_debug.h
+OLD_FILES+=usr/include/netkey/key_var.h
+OLD_FILES+=usr/include/netkey/keydb.h
+OLD_FILES+=usr/include/netkey/keysock.h
+OLD_DIRS+=usr/include/netkey
+# 20070701: remove wicontrol
+OLD_FILES+=usr/sbin/wicontrol
+OLD_FILES+=usr/share/man/man8/wicontrol.8.gz
# 20070625: umapfs removal
OLD_FILES+=rescue/mount_umapfs
OLD_FILES+=sbin/mount_umapfs
@@ -3589,7 +3613,6 @@
# - usr/share/tmac/mm/locale
# - usr/share/tmac/mm/se_locale
# - var/yp/Makefile
-
# 20070519: GCC 4.2
OLD_LIBS+=usr/lib/libg2c.a
OLD_LIBS+=usr/lib/libg2c.so
==== //depot/projects/hammer/UPDATING#103 (text+ko) ====
@@ -21,6 +21,26 @@
developers choose to disable these features on build machines
to maximize performance.
+20070702:
+ The packet filter (pf) code has been updated to OpenBSD 4.1 Please
+ note the changed syntax - keep state is now on by default. Also
+ note the fact that ftp-proxy(8) has been changed from bottom up and
+ has been moved from libexec to usr/sbin. Changes in the ALTQ
+ handling also affect users of IPFW's ALTQ capabilities.
+
+20070701:
+ Remove KAME IPsec in favor of FAST_IPSEC, which is now the
+ only IPsec supported by FreeBSD. The new IPsec stack
+ supports both IPv4 and IPv6. The kernel option will change
+ after the code changes have settled in. For now the kernel
+ option IPSEC is deprecated and FAST_IPSEC is the only option, that
+ will change after some settling time.
+
+20070701:
+ The wicontrol(8) utility has been removed from the base system. wi(4)
+ cards should be configured using ifconfig(8), see the man page for more
+ information.
+
20070612:
By default, /etc/rc.d/sendmail no longer rebuilds the aliases
database if it is missing or older than the aliases file. If
@@ -857,4 +877,4 @@
Contact Warner Losh if you have any questions about your use of
this document.
-$FreeBSD: src/UPDATING,v 1.497 2007/06/12 17:33:56 gshapiro Exp $
+$FreeBSD: src/UPDATING,v 1.500 2007/07/03 13:06:44 mlaier Exp $
==== //depot/projects/hammer/bin/ed/Makefile#11 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/bin/ed/Makefile,v 1.32 2006/03/17 18:54:20 ru Exp $
+# $FreeBSD: src/bin/ed/Makefile,v 1.33 2007/07/02 14:00:25 kensmith Exp $
.include <bsd.own.mk>
@@ -7,11 +7,13 @@
LINKS= ${BINDIR}/ed ${BINDIR}/red
MLINKS= ed.1 red.1
+.if !defined(RELEASE_CRUNCH)
.if ${MK_OPENSSL} != "no"
CFLAGS+=-DDES
WARNS?= 2
DPADD= ${LIBCRYPTO}
LDADD= -lcrypto
.endif
+.endif
.include <bsd.prog.mk>
==== //depot/projects/hammer/contrib/netcat/netcat.c#4 (text+ko) ====
@@ -25,7 +25,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/contrib/netcat/netcat.c,v 1.5 2007/03/28 01:57:03 delphij Exp $
+ * $FreeBSD: src/contrib/netcat/netcat.c,v 1.6 2007/07/01 12:08:04 gnn Exp $
*/
/*
@@ -42,7 +42,7 @@
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifdef IPSEC
-#include <netinet6/ipsec.h>
+#include <netipsec/ipsec.h>
#endif
#include <netinet/tcp.h>
#include <netinet/ip.h>
==== //depot/projects/hammer/contrib/pf/authpf/authpf.8#5 (text+ko) ====
@@ -1,29 +1,19 @@
-.\" $FreeBSD: src/contrib/pf/authpf/authpf.8,v 1.2 2006/03/28 15:26:16 mlaier Exp $
-.\" $OpenBSD: authpf.8,v 1.38 2005/01/04 09:57:04 jmc Exp $
+.\" $FreeBSD: src/contrib/pf/authpf/authpf.8,v 1.3 2007/07/03 12:30:00 mlaier Exp $
+.\" $OpenBSD: authpf.8,v 1.43 2007/02/24 17:21:04 beck Exp $
.\"
-.\" Copyright (c) 2002 Bob Beck (beck at openbsd.org>. All rights reserved.
+.\" Copyright (c) 1998-2007 Bob Beck (beck at openbsd.org>. All rights reserved.
.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote products
-.\" derived from this software without specific prior written permission.
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd March 28, 2006
.Dt AUTHPF 8
@@ -230,8 +220,11 @@
hijack the session.
Note that TCP keepalives are not sufficient for
this, since they are not secure.
-Also note that
+Also note that the various SSH tunnelling mechanisms,
+such as
.Ar AllowTcpForwarding
+and
+.Ar PermitTunnel ,
should be disabled for
.Nm
users to prevent them from circumventing restrictions imposed by the
@@ -429,8 +422,7 @@
external_if = "xl0"
internal_if = "fxp0"
-pass in log quick on $internal_if proto tcp from $user_ip to any \e
- keep state
+pass in log quick on $internal_if proto tcp from $user_ip to any
pass in quick on $internal_if from $user_ip to any
.Ed
.Pp
@@ -445,16 +437,15 @@
# rdr ftp for proxying by ftp-proxy(8)
rdr on $internal_if proto tcp from $user_ip to any port 21 \e
- -> 127.0.0.1 port 8081
+ -> 127.0.0.1 port 8021
# allow out ftp, ssh, www and https only, and allow user to negotiate
# ipsec with the ipsec server.
pass in log quick on $internal_if proto tcp from $user_ip to any \e
- port { 21, 22, 80, 443 } flags S/SA
+ port { 21, 22, 80, 443 }
pass in quick on $internal_if proto tcp from $user_ip to any \e
port { 21, 22, 80, 443 }
-pass in quick proto udp from $user_ip to $ipsec_gw port = isakmp \e
- keep state
+pass in quick proto udp from $user_ip to $ipsec_gw port = isakmp
pass in quick proto esp from $user_ip to $ipsec_gw
.Ed
.Pp
@@ -469,7 +460,7 @@
# nat and tag connections...
nat on $ext_if from $user_ip to any tag $user_ip -> $ext_addr
pass in quick on $int_if from $user_ip to any
-pass out log quick on $ext_if tagged $user_ip keep state
+pass out log quick on $ext_if tagged $user_ip
.Ed
.Pp
With the above rules added by
@@ -495,7 +486,7 @@
.Bd -literal
table <authpf_users> persist
pass in on $ext_if proto tcp from <authpf_users> \e
- to port { smtp imap } keep state
+ to port { smtp imap }
.Ed
.Pp
It is also possible to use the "authpf_users"
@@ -522,6 +513,7 @@
.Xr pf 4 ,
.Xr pf.conf 5 ,
.Xr fdescfs 5 ,
+.Xr securelevel 7 ,
.Xr ftp-proxy 8
.Sh HISTORY
The
==== //depot/projects/hammer/contrib/pf/authpf/authpf.c#6 (text+ko) ====
@@ -1,32 +1,23 @@
-/* $OpenBSD: authpf.c,v 1.89 2005/02/10 04:24:15 joel Exp $ */
+/* $OpenBSD: authpf.c,v 1.104 2007/02/24 17:35:08 beck Exp $ */
/*
- * Copyright (C) 1998 - 2002 Bob Beck (beck at openbsd.org).
+ * Copyright (C) 1998 - 2007 Bob Beck (beck at openbsd.org).
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/contrib/pf/authpf/authpf.c,v 1.7 2005/12/25 22:57:08 mlaier Exp $");
+__FBSDID("$FreeBSD: src/contrib/pf/authpf/authpf.c,v 1.8 2007/07/03 12:30:01 mlaier Exp $");
#include <sys/param.h>
#include <sys/file.h>
@@ -56,15 +47,13 @@
#include "pathnames.h"
-extern int symset(const char *, const char *, int);
-
static int read_config(FILE *);
static void print_message(char *);
static int allowed_luser(char *);
static int check_luser(char *, char *);
static int remove_stale_rulesets(void);
static int change_filter(int, const char *, const char *);
-static int change_table(int, const char *, const char *);
+static int change_table(int, const char *);
static void authpf_kill_states(void);
int dev; /* pf device */
@@ -73,7 +62,6 @@
char tablename[PF_TABLE_NAME_SIZE] = "authpf_users";
FILE *pidfp;
-char *infile; /* file name printed by yyerror() in parse.y */
char luser[MAXLOGNAME]; /* username */
char ipsrc[256]; /* ip as a string */
char pidfile[MAXPATHLEN]; /* we save pid in this file. */
@@ -102,11 +90,16 @@
struct in6_addr ina;
struct passwd *pw;
char *cp;
+ gid_t gid;
uid_t uid;
char *shell;
login_cap_t *lc;
config = fopen(PATH_CONFFILE, "r");
+ if (config == NULL) {
+ syslog(LOG_ERR, "can not open %s (%m)", PATH_CONFFILE);
+ exit(1);
+ }
if ((cp = getenv("SSH_TTY")) == NULL) {
syslog(LOG_ERR, "non-interactive session connection for authpf");
@@ -143,7 +136,6 @@
uid = getuid();
pw = getpwuid(uid);
- endpwent();
if (pw == NULL) {
syslog(LOG_ERR, "cannot find user for uid %u", uid);
goto die;
@@ -256,6 +248,8 @@
if (++lockcnt > 10) {
syslog(LOG_ERR, "cannot kill previous authpf (pid %d)",
otherpid);
+ fclose(pidfp);
+ pidfp = NULL;
goto dogdeath;
}
sleep(1);
@@ -265,12 +259,22 @@
* it's lock, giving us a chance to get it now
*/
fclose(pidfp);
+ pidfp = NULL;
} while (1);
+
+ /* whack the group list */
+ gid = getegid();
+ if (setgroups(1, &gid) == -1) {
+ syslog(LOG_INFO, "setgroups: %s", strerror(errno));
+ do_death(0);
+ }
/* revoke privs */
- seteuid(getuid());
- setuid(getuid());
-
+ uid = getuid();
+ if (setresuid(uid, uid, uid) == -1) {
+ syslog(LOG_INFO, "setresuid: %s", strerror(errno));
+ do_death(0);
+ }
openlog("authpf", LOG_PID | LOG_NDELAY, LOG_DAEMON);
if (!check_luser(PATH_BAN_DIR, luser) || !allowed_luser(luser)) {
@@ -278,8 +282,8 @@
do_death(0);
}
- if (config == NULL || read_config(config)) {
- syslog(LOG_INFO, "bad or nonexistent %s", PATH_CONFFILE);
+ if (read_config(config)) {
+ syslog(LOG_ERR, "invalid config file %s", PATH_CONFFILE);
do_death(0);
}
@@ -298,7 +302,7 @@
printf("Unable to modify filters\r\n");
do_death(0);
}
- if (change_table(1, luser, ipsrc) == -1) {
+ if (change_table(1, ipsrc) == -1) {
printf("Unable to modify table\r\n");
change_filter(0, luser, ipsrc);
do_death(0);
@@ -309,7 +313,7 @@
signal(SIGALRM, need_death);
signal(SIGPIPE, need_death);
signal(SIGHUP, need_death);
- signal(SIGSTOP, need_death);
+ signal(SIGQUIT, need_death);
signal(SIGTSTP, need_death);
while (1) {
printf("\r\nHello %s. ", luser);
@@ -559,9 +563,11 @@
while (fputs(tmp, stdout) != EOF && !feof(f)) {
if (fgets(tmp, sizeof(tmp), f) == NULL) {
fflush(stdout);
+ fclose(f);
return (0);
}
}
+ fclose(f);
}
fflush(stdout);
return (0);
@@ -645,6 +651,7 @@
char *fdpath = NULL, *userstr = NULL, *ipstr = NULL;
char *rsn = NULL, *fn = NULL;
pid_t pid;
+ gid_t gid;
int s;
if (luser == NULL || !luser[0] || ipsrc == NULL || !ipsrc[0]) {
@@ -684,8 +691,14 @@
switch (pid = fork()) {
case -1:
- err(1, "fork failed");
+ syslog(LOG_ERR, "fork failed");
+ goto error;
case 0:
+ /* revoke group privs before exec */
+ gid = getgid();
+ if (setregid(gid, gid) == -1) {
+ err(1, "setregid");
+ }
execvp(PATH_PFCTL, pargv);
warn("exec of %s failed", PATH_PFCTL);
_exit(1);
@@ -694,10 +707,8 @@
/* parent */
waitpid(pid, &s, 0);
if (s != 0) {
- if (WIFEXITED(s)) {
- syslog(LOG_ERR, "pfctl exited abnormally");
- goto error;
- }
+ syslog(LOG_ERR, "pfctl exited abnormally");
+ goto error;
}
if (add) {
@@ -718,16 +729,10 @@
syslog(LOG_ERR, "malloc failed");
error:
free(fdpath);
- fdpath = NULL;
free(rsn);
- rsn = NULL;
free(userstr);
- userstr = NULL;
free(ipstr);
- ipstr = NULL;
free(fn);
- fn = NULL;
- infile = NULL;
return (-1);
}
@@ -735,13 +740,14 @@
* Add/remove this IP from the "authpf_users" table.
*/
static int
-change_table(int add, const char *luser, const char *ipsrc)
+change_table(int add, const char *ipsrc)
{
struct pfioc_table io;
struct pfr_addr addr;
bzero(&io, sizeof(io));
- strlcpy(io.pfrio_table.pfrt_name, tablename, sizeof(io.pfrio_table));
+ strlcpy(io.pfrio_table.pfrt_name, tablename,
+ sizeof(io.pfrio_table.pfrt_name));
io.pfrio_buffer = &addr;
io.pfrio_esize = sizeof(addr);
io.pfrio_size = 1;
@@ -834,13 +840,11 @@
if (active) {
change_filter(0, luser, ipsrc);
- change_table(0, luser, ipsrc);
+ change_table(0, ipsrc);
authpf_kill_states();
remove_stale_rulesets();
}
- if (pidfp)
- ftruncate(fileno(pidfp), 0);
- if (pidfile[0])
+ if (pidfile[0] && (pidfp != NULL))
if (unlink(pidfile) == -1)
syslog(LOG_ERR, "cannot unlink %s (%m)", pidfile);
exit(ret);
==== //depot/projects/hammer/contrib/pf/ftp-proxy/ftp-proxy.8#5 (text+ko) ====
@@ -1,295 +1,185 @@
-.\" $OpenBSD: ftp-proxy.8,v 1.42 2004/11/19 00:47:23 jmc Exp $
+.\" $OpenBSD: ftp-proxy.8,v 1.7 2006/12/30 13:01:54 camield Exp $
.\"
-.\" Copyright (c) 1996-2001
-.\" Obtuse Systems Corporation, All rights reserved.
+.\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd at sentia.nl>
.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
.\"
-.\" THIS SOFTWARE IS PROVIDED BY OBTUSE SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL OBTUSE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $FreeBSD: src/contrib/pf/ftp-proxy/ftp-proxy.8,v 1.4 2005/05/03 16:55:19 mlaier Exp $
+.\" $FreeBSD: src/contrib/pf/ftp-proxy/ftp-proxy.8,v 1.5 2007/07/03 12:30:01 mlaier Exp $
.\"
-.Dd August 17, 2001
+.Dd November 28, 2004
.Dt FTP-PROXY 8
.Os
.Sh NAME
.Nm ftp-proxy
-.Nd Internet File Transfer Protocol proxy server
+.Nd Internet File Transfer Protocol proxy daemon
.Sh SYNOPSIS
.Nm ftp-proxy
-.Bk -words
-.Op Fl AnrVw
+.Op Fl 6Adrv
.Op Fl a Ar address
-.Op Fl D Ar debuglevel
-.Op Fl g Ar group
-.Op Fl M Ar maxport
-.Op Fl m Ar minport
-.Op Fl R Ar address[:port]
-.Op Fl S Ar address
+.Op Fl b Ar address
+.Op Fl D Ar level
+.Op Fl m Ar maxsessions
+.Op Fl P Ar port
+.Op Fl p Ar port
+.Op Fl q Ar queue
+.Op Fl R Ar address
.Op Fl t Ar timeout
-.Op Fl u Ar user
-.Ek
.Sh DESCRIPTION
.Nm
is a proxy for the Internet File Transfer Protocol.
-The proxy uses
+FTP control connections should be redirected into the proxy using the
.Xr pf 4
-and expects to have the FTP control connection as described in
-.Xr services 5
-redirected to it via a
+.Ar rdr
+command, after which the proxy connects to the server on behalf of
+the client.
+.Pp
+The proxy allows data connections to pass, rewriting and redirecting
+them so that the right addresses are used.
+All connections from the client to the server have their source
+address rewritten so they appear to come from the proxy.
+Consequently, all connections from the server to the proxy have
+their destination address rewritten, so they are redirected to the
+client.
+The proxy uses the
.Xr pf 4
-.Em rdr
-command.
-An example of how to do that is further down in this document.
+.Ar anchor
+facility for this.
+.Pp
+Assuming the FTP control connection is from $client to $server, the
+proxy connected to the server using the $proxy source address, and
+$port is negotiated, then
+.Nm ftp-proxy
+adds the following rules to the various anchors.
+(These example rules use inet, but the proxy also supports inet6.)
+.Pp
+In case of active mode (PORT or EPRT):
+.Bd -literal -offset 2n
+rdr from $server to $proxy port $port -> $client
+pass quick inet proto tcp \e
+ from $server to $client port $port
+.Ed
+.Pp
+In case of passive mode (PASV or EPSV):
+.Bd -literal -offset 2n
+nat from $client to $server port $port -> $proxy
+pass in quick inet proto tcp \e
+ from $client to $server port $port
+pass out quick inet proto tcp \e
+ from $proxy to $server port $port
+.Ed
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl 6
+IPv6 mode.
+The proxy will expect and use IPv6 addresses for all communication.
+Only the extended FTP modes EPSV and EPRT are allowed with IPv6.
+The proxy is in IPv4 mode by default.
.It Fl A
-Permit only anonymous FTP connections.
-The proxy will allow connections to log in to other sites as the user
-.Qq ftp
-or
-.Qq anonymous
-only.
-Any attempt to log in as another user will be blocked by the proxy.
+Only permit anonymous FTP connections.
+Either user "ftp" or user "anonymous" is allowed.
.It Fl a Ar address
-Specify the local IP address to use in
-.Xr bind 2
-as the source for connections made by
-.Nm ftp-proxy
-when connecting to destination FTP servers.
-This may be necessary if the interface address of
-your default route is not reachable from the destinations
-.Nm
-is attempting connections to, or this address is different from the one
-connections are being NATed to.
-In the usual case this means that
-.Ar address
-should be a publicly visible IP address assigned to one of
-the interfaces on the machine running
-.Nm
-and should be the same address to which you are translating traffic
-if you are using the
-.Fl n
-option.
-.It Fl D Ar debuglevel
-Specify a debug level, where the proxy emits verbose debug output
-into
-.Xr syslogd 8
-at level
-.Dv LOG_DEBUG .
-Meaningful values of debuglevel are 0-3, where 0 is no debug output and
-3 is lots of debug output, the default being 0.
-.It Fl g Ar group
-Specify the named group to drop group privileges to, after doing
-.Xr pf 4
-lookups which require root.
-By default,
-.Nm
-uses the default group of the user it drops privilege to.
-.It Fl M Ar maxport
-Specify the upper end of the port range the proxy will use for the
-data connections it establishes.
-The default is
-.Dv IPPORT_HILASTAUTO
-defined in
-.Aq Pa netinet/in.h
-as 65535.
-.It Fl m Ar minport
-Specify the lower end of the port range the proxy will use for all
-data connections it establishes.
-The default is
-.Dv IPPORT_HIFIRSTAUTO
-defined in
-.Aq Pa netinet/in.h
-as 49152.
-.It Fl n
-Activate network address translation
-.Pq NAT
-mode.
-In this mode, the proxy will not attempt to proxy passive mode
-.Pq PASV or EPSV
-data connections.
-In order for this to work, the machine running the proxy will need to
-be forwarding packets and doing network address translation to allow
-the outbound passive connections from the client to reach the server.
-See
-.Xr pf.conf 5
-for more details on NAT.
-The proxy only ignores passive mode data connections when using this flag;
-it will still proxy PORT and EPRT mode data connections.
-Without this flag,
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list