diff options
| -rw-r--r-- | sys/netinet6/in6.h | 11 | ||||
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 18 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 32 | ||||
| -rw-r--r-- | sys/netinet6/ip6_output.c | 54 |
4 files changed, 5 insertions, 110 deletions
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 71e65293c56..a974e6efa73 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.h,v 1.19 2001/02/16 16:00:56 itojun Exp $ */ +/* $OpenBSD: in6.h,v 1.20 2001/02/16 16:38:14 itojun Exp $ */ /* $KAME: in6.h,v 1.77 2001/02/09 06:17:40 jinmei Exp $ */ /* @@ -407,14 +407,7 @@ struct route_in6 { #endif #define IPV6_FAITH 29 /* bool; accept FAITH'ed connections */ -#if 1 /*IPV6FIREWALL*/ -#define IPV6_FW_ADD 30 /* add a firewall rule to chain */ -#define IPV6_FW_DEL 31 /* delete a firewall rule from chain */ -#define IPV6_FW_FLUSH 32 /* flush firewall rule chain */ -#define IPV6_FW_ZERO 33 /* clear single/all firewall counter(s) */ -#define IPV6_FW_GET 34 /* get entire firewall rule chain */ -#endif -/* 35-52: reserved */ +/* 30-52: reserved */ #define IPV6_AUTH_LEVEL 53 /* int; authentication used */ #define IPV6_ESP_TRANS_LEVEL 54 /* int; transport encryption */ #define IPV6_ESP_NETWORK_LEVEL 55 /* int; full-packet encryption */ diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 355c5c966cd..06882a137bb 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.11 2001/02/16 08:48:05 itojun Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.12 2001/02/16 16:38:14 itojun Exp $ */ /* $KAME: ip6_forward.c,v 1.44 2000/07/27 13:43:21 itojun Exp $ */ /* @@ -417,22 +417,6 @@ ip6_forward(m, srcrt) (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) type = ND_REDIRECT; -#ifdef IPV6FIREWALL - /* - * Check with the firewall... - */ - if (ip6_fw_chk_ptr) { - u_short port = 0; - /* If ipfw says divert, we have to just drop packet */ - if ((*ip6_fw_chk_ptr)(&ip6, rt->rt_ifp, &port, &m)) { - m_freem(m); - goto freecopy; - } - if (!m) - goto freecopy; - } -#endif - /* * Fake scoped addresses. Note that even link-local source or * destinaion can appear, if the originating node just sends the diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 87425ebfec3..9132853c49a 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.26 2001/02/16 16:00:57 itojun Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.27 2001/02/16 16:38:15 itojun Exp $ */ /* $KAME: ip6_input.c,v 1.176 2001/02/14 07:13:39 itojun Exp $ */ /* @@ -102,10 +102,6 @@ #include <netinet6/nd6.h> #include <netinet6/in6_prefix.h> -#ifdef IPV6FIREWALL -#include <netinet6/ip6_fw.h> -#endif - #include <netinet6/ip6protosw.h> #include "faith.h" @@ -126,12 +122,6 @@ int ip6_forward_srcrt; /* XXX */ int ip6_sourcecheck; /* XXX */ int ip6_sourcecheck_interval; /* XXX */ -#ifdef IPV6FIREWALL -/* firewall hooks */ -ip6_fw_chk_t *ip6_fw_chk_ptr; -ip6_fw_ctl_t *ip6_fw_ctl_ptr; -#endif - struct ip6stat ip6stat; static void ip6_init2 __P((void *)); @@ -164,9 +154,6 @@ ip6_init() ip6intrq.ifq_maxlen = ip6qmaxlen; nd6_init(); frag6_init(); -#ifdef IPV6FIREWALL - ip6_fw_init(); -#endif ip6_flow_seq = arc4random(); ip6_init2((void *)0); } @@ -288,23 +275,6 @@ ip6_input(m) ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; -#ifdef IPV6FIREWALL - /* - * Check with the firewall... - */ - if (ip6_fw_chk_ptr) { - u_short port = 0; - /* If ipfw says divert, we have to just drop packet */ - /* use port as a dummy argument */ - if ((*ip6_fw_chk_ptr)(&ip6, NULL, &port, &m)) { - m_freem(m); - m = NULL; - } - if (!m) - return; - } -#endif - /* * Scope check */ diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index dfba4518e67..3e003d34468 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.24 2001/02/16 14:58:13 itojun Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.25 2001/02/16 16:38:15 itojun Exp $ */ /* $KAME: ip6_output.c,v 1.164 2001/02/10 05:05:15 itojun Exp $ */ /* @@ -105,10 +105,6 @@ extern int ipsec_esp_network_default_level; #include <net/net_osdep.h> -#ifdef IPV6FIREWALL -#include <netinet6/ip6_fw.h> -#endif - struct ip6_exthdrs { struct mbuf *ip6e_ip6; struct mbuf *ip6e_hbh; @@ -880,25 +876,6 @@ skip_ipsec2:; ip6->ip6_dst.s6_addr16[1] = 0; } -#ifdef IPV6FIREWALL - /* - * Check with the firewall... - */ - if (ip6_fw_chk_ptr) { - u_short port = 0; - m->m_pkthdr.rcvif = NULL; /*XXX*/ - /* If ipfw says divert, we have to just drop packet */ - if ((*ip6_fw_chk_ptr)(&ip6, ifp, &port, &m)) { - m_freem(m); - goto done; - } - if (!m) { - error = EACCES; - goto done; - } - } -#endif - /* * If the outgoing packet contains a hop-by-hop options header, * it must be examined and processed even by the source node. @@ -1444,21 +1421,6 @@ ip6_ctloutput(op, so, level, optname, mp) break; #endif /* IPSEC */ -#ifdef IPV6FIREWALL - case IPV6_FW_ADD: - case IPV6_FW_DEL: - case IPV6_FW_FLUSH: - case IPV6_FW_ZERO: - { - if (ip6_fw_ctl_ptr == NULL) { - if (m) (void)m_free(m); - return EINVAL; - } - error = (*ip6_fw_ctl_ptr)(optname, mp); - m = *mp; - } - break; -#endif case IPSEC6_OUTSA: #ifndef IPSEC error = EINVAL; @@ -1676,20 +1638,6 @@ ip6_ctloutput(op, so, level, optname, mp) } #endif /* IPSEC */ -#ifdef IPV6FIREWALL - case IPV6_FW_GET: - { - if (ip6_fw_ctl_ptr == NULL) - { - if (m) - (void)m_free(m); - return EINVAL; - } - error = (*ip6_fw_ctl_ptr)(optname, mp); - } - break; -#endif - case IPSEC6_OUTSA: #ifndef IPSEC error = EINVAL; |