summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/httpd/Makefile.bsd-wrapper4
-rw-r--r--usr.sbin/httpd/htdocs/manual/misc/index.html10
-rw-r--r--usr.sbin/httpd/htdocs/manual/misc/nopgp.html99
-rw-r--r--usr.sbin/httpd/htdocs/manual/misc/vif-info.html408
-rw-r--r--usr.sbin/httpd/htdocs/manual/mod/core.html.html3
-rw-r--r--usr.sbin/httpd/htdocs/manual/sitemap.html2
-rw-r--r--usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html5
7 files changed, 4 insertions, 527 deletions
diff --git a/usr.sbin/httpd/Makefile.bsd-wrapper b/usr.sbin/httpd/Makefile.bsd-wrapper
index b917de100a4..66c2e5a753c 100644
--- a/usr.sbin/httpd/Makefile.bsd-wrapper
+++ b/usr.sbin/httpd/Makefile.bsd-wrapper
@@ -1,5 +1,5 @@
# Build wrapper for Apache
-# $OpenBSD: Makefile.bsd-wrapper,v 1.50 2005/07/28 19:12:39 jmc Exp $
+# $OpenBSD: Makefile.bsd-wrapper,v 1.51 2005/07/28 19:37:16 jmc Exp $
# Our lndir is hacked; specify a full path to avoid potential conflicts
# with the one installed with X11.
@@ -282,14 +282,12 @@ MANUALFILES= \
manual/misc/howto.html \
manual/misc/index.html \
manual/misc/known_client_problems.html \
- manual/misc/nopgp.html \
manual/misc/perf-bsd44.html \
manual/misc/perf-tuning.html \
manual/misc/perf.html \
manual/misc/rewriteguide.html \
manual/misc/security_tips.html \
manual/misc/tutorials.html \
- manual/misc/vif-info.html \
manual/misc/windoz_keepalive.html \
manual/sections.html.html \
manual/server-wide.html.html \
diff --git a/usr.sbin/httpd/htdocs/manual/misc/index.html b/usr.sbin/httpd/htdocs/manual/misc/index.html
index 50faa72182c..0663008bfb6 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/index.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/index.html
@@ -85,11 +85,6 @@
<dd>A list of problems in HTTP clients which can be mitigated
by Apache.</dd>
- <dt><a href="nopgp.html">No PGP</a></dt>
-
- <dd>Why we took PEM and PGP support out of the base Apache
- distribution.</dd>
-
<dt><a href="perf-bsd44.html">Performance Notes (BSD
4.4)</a></dt>
@@ -114,11 +109,6 @@
<dd>Some "do"s - and "don't"s - for keeping your Apache web
site secure.</dd>
- <dt><a href="vif-info.html">Virtual Hosts (IP-based)</a></dt>
-
- <dd>Excerpts and notes about configuring and using Apache
- IP-based virtual hosts.</dd>
-
<dt><a href="windoz_keepalive.html">Windows Bug with Web
Keepalive</a></dt>
diff --git a/usr.sbin/httpd/htdocs/manual/misc/nopgp.html b/usr.sbin/httpd/htdocs/manual/misc/nopgp.html
deleted file mode 100644
index eeafb9699db..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/nopgp.html
+++ /dev/null
@@ -1,99 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Why We Took PEM Out of Apache</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <div align="CENTER">
- <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
-
- <h3>Apache HTTP Server Version 1.3</h3>
- </div>
-
-
- <h1 align="CENTER">Why We Took PEM Out of Apache</h1>
- On May 17th, 1995, we were asked by a representative of NCSA to
- remove any copies of NCSA httpd prior to 1.4.1 from our web
- site. They were mandated by the NSA to inform us that
- redistribution of pre-1.4.1 code violated the same laws that
- make distributing Phill Zimmerman's PGP package to other
- countries illegal. There was <strong>no</strong> encryption in
- NCSA's httpd, only hooks to publicly available libraries of PEM
- code. By the NSA's rules, even hooks to this type of
- application is illegal.
-
- <p>Because Apache is based on NCSA code, and we had basically
- not touched that part of the software, we were informed that
- Apache was also illegal to distribute to foreign countries, and
- advised (not mandated) by NCSA to remove it. So, we removed
- both the copies of the NCSA httpd we had, and all versions of
- Apache previous to 0.6.5.</p>
-
- <p>The Apache members are strong advocates of the right to
- digital privacy, so the decision to submit to the NSA and
- remove the code was not an easy one. Here are some elements in
- our rationale:</p>
-
- <ul>
- <li>The PEM code in httpd was not widely used. No major site
- relied upon its use, so its loss is not a blow to encryption
- and security on the world wide web. There are other efforts
- designed to give much more flexible security - SSL and SHTTP
- - so this wasn't a function whose absence would really be
- missed on a functional level.</li>
-
- <li>We didn't feel like being just a couple more martyrs in a
- fight being fought very well by many other people. Rather
- than have the machine that supports the project confiscated
- or relocated to South Africa, <em>etc.</em>, we think there
- are more efficient methods to address the issue.</li>
- </ul>
- It kind of sickens us that we had to do it, but so be it.
-
- <p>Patches that re-implement the PEM code may be available at a
- foreign site soon. If it does show up, we'll point to it - that
- can't be illegal!</p>
-
- <p>Finally, here is a compendium of pointers to sites related
- to encryption and export law. We can't promise this list will
- be up to date, so send us mail when you see a problem or want a
- link added. Thanks.</p>
-
- <ul>
- <li><a
- href="http://dir.yahoo.com/Computers_and_Internet/security_and_encryption/">
- Yahoo - Science: Mathematics: Security and
- Encryption</a></li>
-
- <li><a href="http://www.eff.org/Privacy/Crypto/">EFF
- Crypto/Privacy/Security Archive</a></li>
-
- <li><a
- href="http://www.quadralay.com/www/Crypt/Crypt.html">Crypto
- page at Quadralay</a></li>
-
- <li><a
- href="ftp://ftp.cygnus.com/pub/export/export.html">Cryptography
- Export Control Archives (Cygnus)</a></li>
-
- <li><a href="http://www.law.indiana.edu/law/iclu.html">ICLU -
- Your Rights in Cyberspace</a></li>
- </ul>
- <a href="http://www.behlendorf.com/~brian/">Brian</a>, <a
- href="mailto:brian@hyperreal.com">brian@hyperreal.com</a>
- <hr />
-
- <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
- <a href="./"><img src="../images/index.gif" alt="Index" /></a>
- <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
- </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/vif-info.html b/usr.sbin/httpd/htdocs/manual/misc/vif-info.html
deleted file mode 100644
index a6a4f1a9285..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/vif-info.html
+++ /dev/null
@@ -1,408 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Configuring Multiple IP Addresses</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <div align="CENTER">
- <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
-
- <h3>Apache HTTP Server Version 1.3</h3>
- </div>
-
-
- <h1 align="CENTER">Configuring Multiple IP Addresses</h1>
-<pre>
-This material is originally from John Ioannidis (ji@polaris.ctr.columbia.edu)
-I have condensed it some and applied some corrections for SunOS 4.1.x
-courtesy of Chuck Smoko (csmoko@relay.nswc.navy.mil).
-
-Bob Baggerman (bob@bizweb.com)
-12 Jan 94
-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-John Ionnidis writes:
-
-This is a topic that comes up once in a while on comp.protocols.tcp-ip
-and other newsgroups. The question is, how to get a machine with one
-network interface to respond to more than one IP addresses.
-
-I have a solution than might suit you. For my doctoral work (there's
-a paper about it in this year's ('91) SIGCOMM, also available for
-anonymous FTP from cs.columbia.edu:/pub/ji/sigcomm*.ps.Z), I've
-developed what I call the "Virtual Interface" (VIF). To the networking
-code, it looks like an interface. It gets ifattach()ed when you open
-the /dev/vif* device, and then you can ifconfig it as you like. It
-does not have an if_input procedure; it only has an if_output. Packets
-that it receives (from higher-level protocols) which have its
-IP address, it simply loops back (like any well-behaved if driver).
-Packets that it receives that are destined for some other address, it
-encapsulates in an encapsulation protocol I call IPIP (IP-within-IP,
-protocol number IPPROTO_IPIP == 94), and sends it to another machine
-that groks that encapsulation protocol. This feature you won't need,
-but here's how to have multiple IP addresses on a machine with a
-single real interface:
-
-Let's say your primary interface's IP address is 198.3.2.1, and you
-also want it to respond to addresses 198.4.3.2 and 198.5.4.3 (note
-that these are three distinct class C addresses in three distinct
-class C nets). Here are the ifconfigs:
-
- ifconfig le0 198.3.2.1 up -trailers # config primary interface
-
- ifconfig vif0 198.4.3.2 up # config first virtual interface
- route delete net 198.4.3 198.4.3.2 # delete spurious route
- route add host 198.4.3.2 198.4.3.2 0 # add route for this i/f
-
- ifconfig vif1 198.5.4.3 up # config second virtual interface
- route delete net 198.5.4 198.5.4.3 # delete spurious route
- route add host 198.5.4.3 198.5.4.3 0 # add route for this i/f
-
-The route deletes are needed because the ifconfig creates a default
-route to the interface's network, which can cause problems; all that's
-needed is the (host) route to the interface's address.
-
-Now, get le0's ethernet address (say, 8:0:20:3:2:1), and add the
-following static ARP entries:
-
- arp -s 198.4.3.2 8:0:20:3:2:1 pub
- arp -s 198.5.4.3 8:0:20:3:2:1 pub
-
-This will cause any ARP requests for the VIF addresses to be replied
-with your machine's ethernet address.
-
-Now, make sure your default route is to your segment's gateway,
-through the real interface. Finally, make sure your routers and/or
-hosts on the same segment as yours know that 198.4.3.2 and 198.5.4.3
-are on that cable.
-
-Here's what you've accomplished.
-
-ARP requests for any of your host's addresses will be replied to with
-the host's ethernet address (the real one, because that's what it is,
-the virtual ones because of the public static arp entries). Packets
-reaching your host with any of these addresses will be accepted by the
-ip_input routine because they match the address of one of the host's
-interfaces. Packets leaving your host can have any of its addresses
-(real and virtual).
-
-The code for vif follows. To use it, put the stuff in netinet/if_vif.c
-and netinet/if_vif.h, configure your kernel with the number of
-virtual interfaces you want using a line like:
-
-pseudo-device vif4 # Virtual IP interface
-
-in your configuration file, and the line
-
-netinet/if_vif.c optional vif device-driver
-
-in the "files" file. Also, add the appropriate entries in conf.c, so
-that you can access the if_attach() routine when you open the device:
-
-
--------------------------- conf.c------------------------------------------
-
-add this in the appropriate place in the headers of conf.c:
-
---------------------
-#include "vif.h"
-#if NVIF &gt; 0
-int vifopen(), vifclose(), vifread(), vifwrite(), vifselect(), vifioctl();
-#else
-#define vifopen nodev
-#define vifclose nodev
-#define vifread nodev
-#define vifwrite nodev
-#define vifselect nodev
-#define vifioctl nodev
-#endif
---------------------
-
-then, way down in the definition for cdevsw[]:
-
---------------------
- vifopen, vifclose, vifread, vifwrite, /*14*/
- vifioctl, nodev, nodev, 0,
- 0, nodev,
---------------------
-
-Make sure you remember the correct major device number, 14 in this case!
-
----------------------------------------------------------------------------
-
-Finally, here's the code. It has the tunneling pieces removed (you
-need more code to use that anyway), and it comes from a Mach 2.6
-kernel; it should compile on any Berkeley-derived unix with minor
-changes (most likely only in the includes).
-
----------------------netinet/if_vif.h--------------------------------------
-typedef struct
-{
- struct ifnet vif_if;
- struct ifnet *vif_sif; /* slave interface */
- int vif_flags;
-} vif_softc_t;
-
-#define VIFMTU (1024+512)
----------------------------------------------------------------------------
-
-and
-
----------------------netinet/if_vif.c--------------------------------------
-/*
- * Virtual IP interface module.
- */
-
-#include "param.h"
-#include "../sys/systm.h"
-#include "../sys/mbuf.h"
-#include "../sys/socket.h"
-#include "../sys/errno.h"
-#include "../sys/ioctl.h"
-
-#include "../net/if.h"
-#include "../net/netisr.h"
-#include "../net/route.h"
-
-#ifdef INET
-#include "../netinet/in.h"
-#include "../netinet/in_systm.h"
-#include "../netinet/in_var.h"
-#include "../netinet/ip.h"
-#endif
-
-#include "in_pcb.h"
-#include "vif.h"
-
-typedef struct
-{
- struct ifnet vif_if;
- struct ifnet *vif_sif; /* slave interface */
- int vif_flags;
-} vif_softc_t;
-
-#define VIFMTU (1024+512)
-
-vif_softc_t vif_softc[NVIF];
-
-int vifs_inited = 0;
-
-
-vifattach()
-{
- register int i;
- register struct ifnet *ifp;
- int vifoutput(), vififioctl();
-
- for (i=0; i&lt;NVIF; i++)
- {
- ifp = &amp;vif_softc[i].vif_if;
- ifp-&gt;if_name = "vif";
- ifp-&gt;if_unit = i;
- ifp-&gt;if_mtu = VIFMTU;
- ifp-&gt;if_flags = IFF_LOOPBACK | IFF_NOARP;
- ifp-&gt;if_ioctl = vififioctl;
- ifp-&gt;if_output = vifoutput;
- if_attach(ifp);
- }
-}
-
-vifopen(dev, flag)
-int dev, flag;
-{
- int unit;
-
- if (!vifs_inited)
- {
- vifattach();
- vifs_inited = 1;
- printf("vif initialized\n");
- }
-
- unit = minor(dev);
- if ((unit &lt; 0) || (unit &gt;= NVIF))
- {
- return ENXIO;
- }
-
- return 0;
-}
-
-vifclose(dev, flag)
-int dev, flag;
-{
- return 0;
-}
-
-vifread()
-{
- return ENXIO;
-}
-
-vifwrite()
-{
- return ENXIO;
-}
-
-vifselect()
-{
- return ENXIO;
-}
-
-vifoutput(ifp, m0, dst)
- struct ifnet *ifp;
- register struct mbuf *m0;
- struct sockaddr *dst;
-{
- int s;
- register struct ifqueue *ifq;
- struct mbuf *m;
- struct sockaddr_in *din;
-
- if (dst-&gt;sa_family != AF_INET)
- {
- printf("%s%d: can't handle af%d\n",
- ifp-&gt;if_name, ifp-&gt;if_unit,
- dst-&gt;sa_family);
- m_freem(m0);
- return (EAFNOSUPPORT);
- }
-
- din = (struct sockaddr_in *)dst;
-
- if (din-&gt;sin_addr.s_addr == IA_SIN(ifp-&gt;if_addrlist)-&gt;sin_addr.s_addr)
- {
- /* printf("%s%d: looping\n", ifp-&gt;if_name, ifp-&gt;if_unit); */
-
- /*
- * Place interface pointer before the data
- * for the receiving protocol.
- */
- if (m0-&gt;m_off &lt;= MMAXOFF &amp;&amp;
- m0-&gt;m_off &gt;= MMINOFF + sizeof(struct ifnet *)) {
- m0-&gt;m_off -= sizeof(struct ifnet *);
- m0-&gt;m_len += sizeof(struct ifnet *);
- } else {
- MGET(m, M_DONTWAIT, MT_HEADER);
- if (m == (struct mbuf *)0)
- return (ENOBUFS);
- m-&gt;m_off = MMINOFF;
- m-&gt;m_len = sizeof(struct ifnet *);
- m-&gt;m_next = m0;
- m0 = m;
- }
- *(mtod(m0, struct ifnet **)) = ifp;
- s = splimp();
- ifp-&gt;if_opackets++;
- ifq = &amp;ipintrq;
- if (IF_QFULL(ifq)) {
- IF_DROP(ifq);
- m_freem(m0);
- splx(s);
- return (ENOBUFS);
- }
- IF_ENQUEUE(ifq, m0);
- schednetisr(NETISR_IP);
- ifp-&gt;if_ipackets++;
- splx(s);
- return (0);
- }
-
- return EHOSTUNREACH;
-}
-
-/*
- * Process an ioctl request.
- */
-/* ARGSUSED */
-vififioctl(ifp, cmd, data)
- register struct ifnet *ifp;
- int cmd;
- caddr_t data;
-{
- int error = 0;
-
- switch (cmd) {
-
- case SIOCSIFADDR:
- ifp-&gt;if_flags |= IFF_UP;
- /*
- * Everything else is done at a higher level.
- */
- break;
-
- default:
- error = EINVAL;
- }
- return (error);
-}
-
-vifioctl(dev, cmd, arg, mode)
-dev_t dev;
-int cmd;
-caddr_t arg;
-int mode;
-{
- int unit;
-
- unit = minor(dev);
- if ((unit &lt; 0) || (unit &gt;= NVIF))
- return ENXIO;
-
- return EINVAL;
-}
-----------------------------------------------------------------------------
-
-To use it, compile your kernel, and reboot. Then create the vif
-device:
-
-# mknod /dev/vif c 14 0
-
-(or whatever major number it ended up being), and echo something into
-it:
-
-# echo &gt; /dev/vif
-
-This will cause the device to be opened, which will if_attach the
-interfaces. If you feel like playing with the code, you may want to
-kmem_alloc() the vif_softc structure at open time, and use the minor
-number of the device to tell it how many interfaces to create.
-
-Now you can go ahead and ifconfig <em>etc.</em>
-
-I'll be happy to answer minor questions, and hear about success and
-failure stories, but I cannot help you if you don't already know how
-to hack kernels.
-
-Good luck!
-
-/ji
-
-In-Real-Life: John "Heldenprogrammer" Ioannidis
-E-Mail-To: ji@cs.columbia.edu
-V-Mail-To: +1 212 854 8120
-P-Mail-To: 450 Computer Science \n Columbia University \n New York, NY 10027
-</pre>
-
- <p>Note: there is also a <a
- href="http://www.multihost.com/">commercial-product-turned-freeware
- called "Col. Patch"</a> which does this as a loadable kernel
- module for SunOS 4.1.3_U1.</p>
-
- <p> <hr />
-
- <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
- <a href="./"><img src="../images/index.gif" alt="Index" /></a>
- <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
- </p>
- </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html.html b/usr.sbin/httpd/htdocs/manual/mod/core.html.html
index 4bede88ffaf..6d90427d685 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/core.html.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/core.html.html
@@ -4078,8 +4078,7 @@ Syntax OK
accept IP packets for multiple addresses. (If the machine does
not have multiple network interfaces, then this can be
accomplished with the <code>ifconfig alias</code> command (if
- your OS supports it), or with kernel patches like <a
- href="../misc/vif-info.html">VIF</a> (for SunOS(TM) 4.1.x)).
+ your OS supports it).
<p>You can specify more than one IP address. This is useful if
a machine responds to the same name on two different
diff --git a/usr.sbin/httpd/htdocs/manual/sitemap.html b/usr.sbin/httpd/htdocs/manual/sitemap.html
index 248c9265295..16a4e131a06 100644
--- a/usr.sbin/httpd/htdocs/manual/sitemap.html
+++ b/usr.sbin/httpd/htdocs/manual/sitemap.html
@@ -151,8 +151,6 @@ Side Includes</a></li>
<li><a href="misc/descriptors.html">Descriptors and Apache</a></li>
<li><a href="misc/fin_wait_2.html">Connections in FIN_WAIT_2 and Apache</a></li>
<li><a href="misc/known_client_problems.html">Known Client Problems</a></li>
-<li><a href="misc/nopgp.html">Why We Took PEM Out of Apache</a></li>
-<li><a href="misc/vif-info.html">Configuring Multiple IP Addresses</a></li>
<li><a href="misc/windoz_keepalive.html">MS Windows Netscape 3.0b4 KeepAlive problem solved</a></li>
<li><a href="misc/client_block_api.html">Reading Client Input in Apache 1.2</a></li>
</ul></li>
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
index 0c5116196d4..c745f25e786 100644
--- a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
+++ b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
@@ -65,9 +65,8 @@
Due to limitations in the HTTP/1.0 protocol, the web server
<strong>must have a different IP address for each virtual
host</strong>. This can be achieved by the machine having
- several physical network connections, or by use of a <a
- href="../misc/vif-info.html">virtual interface</a> on some
- operating systems.
+ several physical network connections, or by use of
+ virtual interface on some operating systems.
<h2>How to set up Apache</h2>
There are two ways of configuring apache to support multiple