Index: projects/clang700-import/cddl/usr.sbin/dwatch/libexec/Makefile
===================================================================
--- projects/clang700-import/cddl/usr.sbin/dwatch/libexec/Makefile	(revision 337646)
+++ projects/clang700-import/cddl/usr.sbin/dwatch/libexec/Makefile	(revision 337647)
@@ -1,91 +1,91 @@
 # $FreeBSD$
 
 FILESDIR=	${LIBEXECDIR}/dwatch
 FILES=		chmod \
 		errno \
 		io \
 		ip \
 		kill \
 		nanosleep \
 		open \
 		proc \
 		rw \
 		sched \
 		sendrecv \
+		systop \
 		tcp \
 		udp \
 		udplite \
 		vop_create \
 		vop_readdir \
 		vop_rename \
 		vop_symlink
 
 LINKS=	${LIBEXECDIR}/dwatch/chmod ${LIBEXECDIR}/dwatch/fchmodat
 LINKS+=	${LIBEXECDIR}/dwatch/chmod ${LIBEXECDIR}/dwatch/lchmod
 LINKS+=	${LIBEXECDIR}/dwatch/io ${LIBEXECDIR}/dwatch/io-done
 LINKS+=	${LIBEXECDIR}/dwatch/io ${LIBEXECDIR}/dwatch/io-start
 LINKS+=	${LIBEXECDIR}/dwatch/ip ${LIBEXECDIR}/dwatch/ip-receive
 LINKS+=	${LIBEXECDIR}/dwatch/ip ${LIBEXECDIR}/dwatch/ip-send
 LINKS+=	${LIBEXECDIR}/dwatch/open ${LIBEXECDIR}/dwatch/openat
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-create
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exec
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exec-failure
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exec-success
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exit
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal-clear
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal-discard
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal-send
 LINKS+=	${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-status
 LINKS+=	${LIBEXECDIR}/dwatch/rw ${LIBEXECDIR}/dwatch/read
 LINKS+=	${LIBEXECDIR}/dwatch/rw ${LIBEXECDIR}/dwatch/write
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-change-pri
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-cpu
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-dequeue
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-enqueue
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-exec
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-lend-pri
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-load-change
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-off-cpu
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-on-cpu
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-preempt
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-pri
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-queue
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-remain-cpu
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-sleep
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-surrender
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-tick
 LINKS+=	${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-wakeup
 LINKS+=	${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/recv
 LINKS+=	${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/recvfrom
 LINKS+=	${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/recvmsg
 LINKS+=	${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/send
 LINKS+=	${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/sendmsg
 LINKS+=	${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/sendto
-LINKS+=	${LIBEXECDIR}/dwatch/systop ${LIBEXECDIR}/dwatch/systop
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-accept
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-accept-established
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-accept-refused
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect-established
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect-refused
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect-request
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-established
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-init
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-io
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-receive
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-refused
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-send
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-state-change
 LINKS+=	${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-status
 LINKS+=	${LIBEXECDIR}/dwatch/udp ${LIBEXECDIR}/dwatch/udp-receive
 LINKS+=	${LIBEXECDIR}/dwatch/udp ${LIBEXECDIR}/dwatch/udp-send
 LINKS+=	${LIBEXECDIR}/dwatch/udplite ${LIBEXECDIR}/dwatch/udplite-receive
 LINKS+=	${LIBEXECDIR}/dwatch/udplite ${LIBEXECDIR}/dwatch/udplite-send
 LINKS+=	${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_lookup
 LINKS+=	${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_mkdir
 LINKS+=	${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_mknod
 LINKS+=	${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_remove
 LINKS+=	${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_rmdir
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/cddl
===================================================================
--- projects/clang700-import/cddl	(revision 337646)
+++ projects/clang700-import/cddl	(revision 337647)

Property changes on: projects/clang700-import/cddl
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head/cddl:r337616-337645
Index: projects/clang700-import/etc/sysctl.conf
===================================================================
--- projects/clang700-import/etc/sysctl.conf	(revision 337646)
+++ projects/clang700-import/etc/sysctl.conf	(nonexistent)
@@ -1,9 +0,0 @@
-# $FreeBSD$
-#
-#  This file is read when going to multi-user and its contents piped thru
-#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
-#
-
-# Uncomment this to prevent users from seeing information about processes that
-# are being run under another UID.
-#security.bsd.see_other_uids=0

Property changes on: projects/clang700-import/etc/sysctl.conf
___________________________________________________________________
Deleted: svn:keywords
## -1 +0,0 ##
-FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/etc/ddb.conf
===================================================================
--- projects/clang700-import/etc/ddb.conf	(revision 337646)
+++ projects/clang700-import/etc/ddb.conf	(nonexistent)
@@ -1,15 +0,0 @@
-# $FreeBSD$
-#
-#  This file is read when going to multi-user and its contents piped thru
-#  ``ddb'' to define debugging scripts.
-#
-# see ``man 4 ddb'' and ``man 8 ddb'' for details.
-#
-
-script lockinfo=show locks; show alllocks; show lockedvnods
-
-# kdb.enter.panic	panic(9) was called.
-script kdb.enter.panic=textdump set; capture on; run lockinfo; show pcpu; bt; ps; alltrace; capture off; call doadump; reset
-
-# kdb.enter.witness	witness(4) detected a locking error.
-script kdb.enter.witness=run lockinfo

Property changes on: projects/clang700-import/etc/ddb.conf
___________________________________________________________________
Deleted: svn:keywords
## -1 +0,0 ##
-FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/etc/pf.os
===================================================================
--- projects/clang700-import/etc/pf.os	(revision 337646)
+++ projects/clang700-import/etc/pf.os	(nonexistent)
@@ -1,709 +0,0 @@
-# $FreeBSD$
-# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $
-# passive OS fingerprinting
-# -------------------------
-#
-# SYN signatures. Those signatures work for SYN packets only (duh!).
-#
-# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
-# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
-#
-#  Permission to use, copy, modify, and distribute this software for any
-#  purpose with or without fee is hereby granted, provided that the above
-#  copyright notice and this permission notice appear in all copies.
-#
-#  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-#  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-#  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-#  ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-#  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-#  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-#  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-#
-#
-# This fingerprint database is adapted from Michal Zalewski's p0f passive
-# operating system package.  The last database sync was from a Nov 3 2003
-# p0f.fp.
-#
-#
-# Each line in this file specifies a single fingerprint. Please read the
-# information below carefully before attempting to append any signatures
-# reported as UNKNOWN to this file to avoid mistakes.
-#
-# We use the following set metrics for fingerprinting:
-#
-# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
-#   performance control (max. amount of data to be sent without ACK).
-#   Some systems use a fixed value for initial packets. On other
-#   systems, it is a multiple of MSS or MTU (MSS+40). In some rare
-#   cases, the value is just arbitrary.
-#
-#   NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
-#   appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
-#   means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
-#   value of nn is not fixed (unlikely), just copy the Snn or Tnn token
-#   literally. If you know this device has a simple stack and a fixed
-#   MTU, you can however multiply S value by MSS, or T value by MSS+40,
-#   and put it instead of Snn or Tnn.
-#
-#   If WSS otherwise looks like a fixed value (for example a multiple
-#   of two), or if you can confirm the value is fixed, please quote
-#   it literally. If there's no apparent pattern in WSS chosen, you
-#   should consider wildcarding this value.
-#
-# - Overall packet size - a function of all IP and TCP options and bugs.
-#
-#   NEW SIGNATURE: Copy this value literally.
-#
-# - Initial TTL - We check the actual TTL of a received packet. It can't
-#   be higher than the initial TTL, and also shouldn't be dramatically
-#   lower (maximum distance is defined as 40 hops).
-#
-#   NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
-#   You need to determine the initial TTL. The best way to do it is to
-#   check the documentation for a remote system, or check its settings.
-#   A fairly good method is to simply round the observed TTL up to
-#   32, 64, 128, or 255, but it should be noted that some obscure devices
-#   might not use round TTLs (in particular, some shoddy appliances use
-#   "original" initial TTL settings). If not sure, you can see how many
-#   hops you're away from the remote party with traceroute or mtr.
-#
-# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
-#   discovery. Others do not bother.
-#
-#   NEW SIGNATURE: Copy this value literally.
-#
-# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
-#   uses it to determine link type of the remote host.
-#
-#   NEW SIGNATURE: Always wildcard this value, except for rare cases when
-#   you have an appliance with a fixed value, know the system supports only
-#   a very limited number of network interface types, or know the system
-#   is using a value it pulled out of nowhere.  Specific unique MSS
-#   can be used to tell Google crawlbots from the rest of the population.
-#
-# - Window scaling (WSCALE) - this feature is used to scale WSS.
-#   It extends the size of a TCP/IP window to 32 bits. Some modern
-#   systems implement this feature.
-#
-#   NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
-#   to zero or other low value. There's usually no need to wildcard this
-#   parameter.
-#
-# - Timestamp - some systems that implement timestamps set them to
-#   zero in the initial SYN. This case is detected and handled appropriately.
-#
-# - Selective ACK permitted - a flag set by systems that implement
-#   selective ACK functionality.
-#
-# - The sequence of TCP all options (MSS, window scaling, selective ACK
-#   permitted, timestamp, NOP). Other than the options previously
-#   discussed, p0f also checks for timestamp option (a silly
-#   extension to broadcast your uptime ;-), NOP options (used for
-#   header padding) and sackOK option (selective ACK feature).
-#
-#   NEW SIGNATURE: Copy the sequence literally.
-#
-# To wildcard any value (except for initial TTL or TCP options), replace
-# it with '*'. You can also use a modulo operator to match any values
-# that divide by nnn - '%nnn'.
-#
-# Fingerprint entry format:
-#
-# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
-#
-# wwww     - window size (can be *, %nnn, Snn or Tnn).  The special values
-#            "S" and "T" which are a multiple of MSS or a multiple of MTU
-#            respectively.
-# ttt      - initial TTL
-# D        - don't fragment bit (0 - not set, 1 - set)
-# ss       - overall SYN packet size
-# OOO      - option value and order specification (see below)
-# OS       - OS genre (Linux, Solaris, Windows)
-# Version  - OS Version (2.0.27 on x86, etc)
-# Subtype  - OS subtype or patchlevel (SP3, lo0)
-# details  - Generic OS details
-#
-# If OS genre starts with '*', p0f will not show distance, link type
-# and timestamp data. It is useful for userland TCP/IP stacks of
-# network scanners and so on, where many settings are randomized or
-# bogus.
-#
-# If OS genre starts with @, it denotes an approximate hit for a group
-# of operating systems (signature reporting still enabled in this case).
-# Use this feature at the end of this file to catch cases for which
-# you don't have a precise match, but can tell it's Windows or FreeBSD
-# or whatnot by looking at, say, flag layout alone.
-#
-# Option block description is a list of comma or space separated
-# options in the order they appear in the packet:
-#
-# N	   - NOP option
-# Wnnn	   - window scaling option, value nnn (or * or %nnn)
-# Mnnn	   - maximum segment size option, value nnn (or * or %nnn)
-# S	   - selective ACK OK
-# T	   - timestamp
-# T0	   - timestamp with a zero value
-#
-# To denote no TCP options, use a single '.'.
-#
-# Please report any additions to this file, or any inaccuracies or
-# problems spotted, to the maintainers: lcamtuf@coredump.cx,
-# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
-# capture of the relevant SYN packet(s)
-#
-# A test and submission page is available at
-# http://lcamtuf.coredump.cx/p0f-help/
-#
-#
-# WARNING WARNING WARNING
-# -----------------------
-#
-# Do not add a system X as OS Y just because NMAP says so. It is often
-# the case that X is a NAT firewall. While nmap is talking to the
-# device itself, p0f is fingerprinting the guy behind the firewall
-# instead.
-#
-# When in doubt, use common sense, don't add something that looks like
-# a completely different system as Linux or FreeBSD or LinkSys router.
-# Check DNS name, establish a connection to the remote host and look
-# at SYN+ACK - does it look similar?
-#
-# Some users tweak their TCP/IP settings - enable or disable RFC1323
-# functionality, enable or disable timestamps or selective ACK,
-# disable PMTU discovery, change MTU and so on. Always compare a new rule
-# to other fingerprints for this system, and verify the system isn't
-# "customized" before adding it. It is OK to add signature variants
-# caused by a commonly used software (personal firewalls, security
-# packages, etc), but it makes no sense to try to add every single
-# possible /proc/sys/net/ipv4 tweak on Linux or so.
-#
-# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
-# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
-# normalize packets. Signatures will not correspond to the originating
-# system (and probably not quite to the firewall either).
-#
-# NOTE: Try to keep this file in some reasonable order, from most to
-# least likely systems. This will speed up operation. Also keep most
-# generic and broad rules near the end.
-#
-
-##########################
-# Standard OS signatures #
-##########################
-
-# ----------------- AIX ---------------------
-
-# AIX is first because its signatures are close to NetBSD, MacOS X and
-# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
-# This is a shoddy hack, though.
-
-45046:64:0:44:M*:		AIX:4.3::AIX 4.3
-16384:64:0:44:M512:		AIX:4.3:2-3:AIX 4.3.2 and earlier
-
-16384:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-16384:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-32768:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-32768:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-65535:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
-65535:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
-65535:64:0:64:M*,N,W1,N,N,T,N,N,S:	AIX:5.3:ML1:AIX 5.3 ML1
-
-# ----------------- Linux -------------------
-
-# S1:64:0:44:M*:A:		Linux:1.2::Linux 1.2.x (XXX quirks support)
-512:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x
-16384:64:0:44:M*:		Linux:2.0:3x:Linux 2.0.3x
-
-# Endian snafu! Nelson says "ha-ha":
-2:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
-64:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
-
-
-S4:64:1:60:M1360,S,T,N,W0:	Linux:google::Linux (Google crawlbot)
-
-S2:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4 (big boy)
-S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:.18-21:Linux 2.4.18 and newer
-S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6 <= 2.6.7
-S4:64:1:60:M*,S,T,N,W0:		Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
-
-S4:64:1:60:M*,S,T,N,W5:		Linux:2.6::Linux 2.6 (newer, 1)
-S4:64:1:60:M*,S,T,N,W6:		Linux:2.6::Linux 2.6 (newer, 2)
-S4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 3)
-T4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 4)
-
-S10:64:1:60:M*,S,T,N,W4:	Linux:3.0::Linux 3.0
-
-S3:64:1:60:M*,S,T,N,W1:		Linux:2.5::Linux 2.5 (sometimes 2.4)
-S4:64:1:60:M*,S,T,N,W1:		Linux:2.5-2.6::Linux 2.5/2.6
-S3:64:1:60:M*,S,T,N,W2:		Linux:2.5::Linux 2.5 (sometimes 2.4)
-S4:64:1:60:M*,S,T,N,W2:		Linux:2.5::Linux 2.5 (sometimes 2.4)
-
-S20:64:1:60:M*,S,T,N,W0:	Linux:2.2:20-25:Linux 2.2.20 and newer
-S22:64:1:60:M*,S,T,N,W0:	Linux:2.2::Linux 2.2
-S11:64:1:60:M*,S,T,N,W0:	Linux:2.2::Linux 2.2
-
-# Popular cluster config scripts disable timestamps and
-# selective ACK:
-S4:64:1:48:M1460,N,W0:		Linux:2.4:cluster:Linux 2.4 in cluster
-
-# This needs to be investigated. On some systems, WSS
-# is selected as a multiple of MTU instead of MSS. I got
-# many submissions for this for many late versions of 2.4:
-T4:64:1:60:M1412,S,T,N,W0:	Linux:2.4::Linux 2.4 (late, uncommon)
-
-# This happens only over loopback, but let's make folks happy:
-32767:64:1:60:M16396,S,T,N,W0:	Linux:2.4:lo0:Linux 2.4 (local)
-S8:64:1:60:M3884,S,T,N,W0:	Linux:2.2:lo0:Linux 2.2 (local)
-
-# Opera visitors:
-16384:64:1:60:M*,S,T,N,W0:	Linux:2.2:Opera:Linux 2.2 (Opera?)
-32767:64:1:60:M*,S,T,N,W0:	Linux:2.4:Opera:Linux 2.4 (Opera?)
-
-# Some fairly common mods:
-S4:64:1:52:M*,N,N,S,N,W0:	Linux:2.4:ts:Linux 2.4 w/o timestamps
-S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:Linux 2.2 w/o timestamps
-
-
-# ----------------- FreeBSD -----------------
-
-16384:64:1:44:M*:		FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
-16384:64:1:44:M*:		FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
-16384:64:1:44:M*:		FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
-16384:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
-
-1024:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
-
-57344:64:1:44:M*:		FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
-57344:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
-
-32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
-32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
-65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
-65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
-65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
-
-# XXX need quirks support
-# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
-# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
-# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3)
-# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323)
-
-# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
-
-# ----------------- NetBSD ------------------
-
-16384:64:0:60:M*,N,W0,N,N,T:	NetBSD:1.3::NetBSD 1.3
-65535:64:0:60:M*,N,W0,N,N,T0:	NetBSD:1.6:opera:NetBSD 1.6 (Opera)
-16384:64:0:60:M*,N,W0,N,N,T0:	NetBSD:1.6::NetBSD 1.6
-16384:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6:df:NetBSD 1.6 (DF)
-65535:64:1:60:M*,N,W1,N,N,T0:	NetBSD:1.6::NetBSD 1.6W-current (DF)
-65535:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6::NetBSD 1.6X (DF)
-32768:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization)
-
-# ----------------- OpenBSD -----------------
-
-16384:64:0:60:M*,N,W0,N,N,T:		OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
-16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
-16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
-57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
-57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
-
-65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
-
-16384:64:1:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9::OpenBSD 4.9
-16384:64:0:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
-
-16384:64:1:64:M*,N,N,S,N,W6,N,N,T:      OpenBSD:6.1::OpenBSD 6.1
-16384:64:0:64:M*,N,N,S,N,W6,N,N,T:      OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df)
-
-# ----------------- DragonFly BSD -----------------
-
-57344:64:1:60:M*,N,W0,N,N,T:		DragonFly:1.0:A:DragonFly 1.0A
-57344:64:0:64:M*,N,W0,N,N,S,N,N,T:	DragonFly:1.2-1.12::DragonFly 1.2-1.12
-5840:64:1:60:M*,S,T,N,W4:			DragonFly:2.0-2.1::DragonFly 2.0-2.1
-57344:64:0:64:M*,N,W0,N,N,S,N,N,T:	DragonFly:2.2-2.3::DragonFly 2.2-2.3
-57344:64:0:64:M*,N,W5,N,N,S,N,N,T:	DragonFly:2.4-2.7::DragonFly 2.4-2.7
-
-# ----------------- Solaris -----------------
-
-S17:64:1:64:N,W3,N,N,T0,N,N,S,M*:	Solaris:8:RFC1323:Solaris 8 RFC1323
-S17:64:1:48:N,N,S,M*:			Solaris:8::Solaris 8
-S17:255:1:44:M*:			Solaris:2.5-2.7::Solaris 2.5 to 7
-
-S6:255:1:44:M*:				Solaris:2.6-2.7::Solaris 2.6 to 7
-S23:255:1:44:M*:			Solaris:2.5:1:Solaris 2.5.1
-S34:64:1:48:M*,N,N,S:			Solaris:2.9::Solaris 9
-S44:255:1:44:M*:			Solaris:2.7::Solaris 7
-
-4096:64:0:44:M1460:			SunOS:4.1::SunOS 4.1.x
-
-S34:64:1:52:M*,N,W0,N,N,S:		Solaris:10:beta:Solaris 10 (beta)
-32850:64:1:64:M*,N,N,T,N,W1,N,N,S:	Solaris:10::Solaris 10 1203
-
-# ----------------- IRIX --------------------
-
-49152:64:0:44:M*:			IRIX:6.4::IRIX 6.4
-61440:64:0:44:M*:			IRIX:6.2-6.5::IRIX 6.2-6.5
-49152:64:0:52:M*,N,W2,N,N,S:		IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
-49152:64:0:52:M*,N,W3,N,N,S:		IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
-
-61440:64:0:48:M*,N,N,S:			IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
-49152:64:0:48:M*,N,N,S:			IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
-
-49152:60:0:64:M*,N,W2,N,N,T,N,N,S:	IRIX:6.5:IP27:IRIX 6.5 IP27
-
-
-# ----------------- Tru64 -------------------
-
-32768:64:1:48:M*,N,W0:			Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4)
-32768:64:0:48:M*,N,W0:			Tru64:5.0::Tru64 5.0
-8192:64:0:44:M1460:			Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
-61440:64:0:48:M*,N,W0:			Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
-
-# ----------------- OpenVMS -----------------
-
-6144:64:1:60:M*,N,W0,N,N,T:		OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
-
-# ----------------- MacOS -------------------
-
-# XXX Need EOL tcp opt support
-# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
-
-# XXX some of these use EOL too
-16616:255:1:48:M*,W0:			MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
-16616:255:1:48:M*,W0:			MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
-16616:255:1:48:M*,N,N,N:		MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
-32768:255:1:48:M*,W0,N:			MacOS:9.0-9.2::MacOS 9.0-9.2
-65535:255:1:48:M*,N,N,N,N:		MacOS:9.1::MacOS 9.1 (OT 2.7.4)
-
-
-# ----------------- Windows -----------------
-
-# Windows TCP/IP stack is a mess. For most recent XP, 2000 and
-# even 98, the patchlevel, not the actual OS version, is more
-# relevant to the signature. They share the same code, so it would
-# seem. Luckily for us, almost all Windows 9x boxes have an
-# awkward MSS of 536, which I use to tell one from another
-# in most difficult cases.
-
-8192:32:1:44:M*:			Windows:3.11::Windows 3.11 (Tucows)
-S44:64:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:95::Windows 95
-8192:128:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:95:b:Windows 95b
-
-# There were so many tweaking tools and so many stack versions for
-# Windows 98 it is no longer possible to tell them from each other
-# without some very serious research. Until then, there's an insane
-# number of signatures, for your amusement:
-
-S44:32:1:48:M*,N,N,S:			Windows:98:lowTTL:Windows 98 (low TTL)
-8192:32:1:48:M*,N,N,S:			Windows:98:lowTTL:Windows 98 (low TTL)
-%8192:64:1:48:M536,N,N,S:		Windows:98::Windows 98
-%8192:128:1:48:M536,N,N,S:		Windows:98::Windows 98
-S4:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-S6:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-S12:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S:	Windows:98::Windows 98
-32767:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-37300:64:1:48:M*,N,N,S:			Windows:98::Windows 98
-46080:64:1:52:M*,N,W3,N,N,S:		Windows:98:RFC1323:Windows 98 (RFC1323)
-65535:64:1:44:M*:			Windows:98:noSack:Windows 98 (no sack)
-S16:128:1:48:M*,N,N,S:			Windows:98::Windows 98
-S16:128:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:98::Windows 98
-S26:128:1:48:M*,N,N,S:			Windows:98::Windows 98
-T30:128:1:48:M*,N,N,S:			Windows:98::Windows 98
-32767:128:1:52:M*,N,W0,N,N,S:		Windows:98::Windows 98
-60352:128:1:48:M*,N,N,S:		Windows:98::Windows 98
-60352:128:1:64:M*,N,W2,N,N,T0,N,N,S:	Windows:98::Windows 98
-
-# What's with 1414 on NT?
-T31:128:1:44:M1414:			Windows:NT:4.0:Windows NT 4.0 SP6a
-64512:128:1:44:M1414:			Windows:NT:4.0:Windows NT 4.0 SP6a
-8192:128:1:44:M*:			Windows:NT:4.0:Windows NT 4.0 (older)
-
-# Windows XP and 2000. Most of the signatures that were
-# either dubious or non-specific (no service pack data)
-# were deleted and replaced with generics at the end.
-
-65535:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows 2000 SP4, XP SP1
-65535:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows 2000 SP4, XP SP1
-%8192:128:1:48:M*,N,N,S:		Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
-%8192:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
-S20:128:1:48:M*,N,N,S:			Windows:2000::Windows 2000/XP SP3
-S20:128:1:48:M*,N,N,S:			Windows:XP:SP3:Windows 2000/XP SP3
-S45:128:1:48:M*,N,N,S:			Windows:2000:SP4:Windows 2000 SP4, XP SP 1
-S45:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows 2000 SP4, XP SP 1
-40320:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows 2000 SP4
-
-S6:128:1:48:M*,N,N,S:			Windows:2000:SP2:Windows XP, 2000 SP2+
-S6:128:1:48:M*,N,N,S:			Windows:XP::Windows XP, 2000 SP2+
-S12:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows XP SP1
-S44:128:1:48:M*,N,N,S:			Windows:2000:SP3:Windows Pro SP1, 2000 SP3
-S44:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows Pro SP1, 2000 SP3
-64512:128:1:48:M*,N,N,S:		Windows:2000:SP3:Windows SP1, 2000 SP3
-64512:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows SP1, 2000 SP3
-32767:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows SP1, 2000 SP4
-32767:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows SP1, 2000 SP4
-
-8192:128:1:52:M*,N,W2,N,N,S:		Windows:Vista::Windows Vista/7
-
-# Odds, ends, mods:
-
-S52:128:1:48:M1260,N,N,S:		Windows:2000:cisco:Windows XP/2000 via Cisco
-S52:128:1:48:M1260,N,N,S:		Windows:XP:cisco:Windows XP/2000 via Cisco
-65520:128:1:48:M*,N,N,S:		Windows:XP::Windows XP bare-bone
-16384:128:1:52:M536,N,W0,N,N,S:		Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm?
-2048:255:0:40:.:			Windows:.NET::Windows .NET Enterprise Server
-
-44620:64:0:48:M*,N,N,S:			Windows:ME::Windows ME no SP (?)
-S6:255:1:48:M536,N,N,S:			Windows:95:winsock2:Windows 95 winsock 2
-32768:32:1:52:M1460,N,W0,N,N,S:		Windows:2003:AS:Windows 2003 AS
-
-
-# No need to be more specific, it passes:
-# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk
-# there is an equiv similar generic sig w/o the quirk
-
-# ----------------- HP/UX -------------------
-
-32768:64:1:44:M*:			HP-UX:B.10.20::HP-UX B.10.20
-32768:64:0:48:M*,W0,N:			HP-UX:11.0::HP-UX 11.0
-32768:64:1:48:M*,W0,N:			HP-UX:11.10::HP-UX 11.0 or 11.11
-32768:64:1:48:M*,W0,N:			HP-UX:11.11::HP-UX 11.0 or 11.11
-
-# Whoa. Hardcore WSS.
-0:64:0:48:M*,W0,N:			HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
-
-# ----------------- RiscOS ------------------
-
-# We don't yet support the ?12 TCP option
-#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12:	RISCOS:3.70-4.36::RISC OS 3.70-4.36
-12288:32:0:44:M536:				RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10
-
-# XXX quirk
-# 4096:64:1:56:M1460,N,N,T:T:			RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00
-
-
-
-# ----------------- BSD/OS ------------------
-
-# Once again, power of two WSS is also shared by MacOS X with DF set
-8192:64:1:60:M1460,N,W0,N,N,T:		BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
-8192:64:1:60:M1460,N,W0,N,N,T:		BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
-
-
-# ---------------- NewtonOS -----------------
-
-4096:64:0:44:M1420:		NewtonOS:2.1::NewtonOS 2.1
-
-# ---------------- NeXTSTEP -----------------
-
-S4:64:0:44:M1024:		NeXTSTEP:3.3::NeXTSTEP 3.3
-S8:64:0:44:M512:		NeXTSTEP:3.3::NeXTSTEP 3.3
-
-# ------------------ BeOS -------------------
-
-1024:255:0:48:M*,N,W0:		BeOS:5.0-5.1::BeOS 5.0-5.1
-12288:255:0:44:M1402:		BeOS:5.0::BeOS 5.0.x
-
-# ------------------ OS/400 -----------------
-
-8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR4::OS/400 VR4/R5
-8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR5::OS/400 VR4/R5
-4096:64:1:60:M1440,N,W0,N,N,T:	OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
-
-# XXX quirk
-# 28672:64:0:44:M1460:A:OS/390:?
-
-# ------------------ ULTRIX -----------------
-
-16384:64:0:40:.:		ULTRIX:4.5::ULTRIX 4.5
-
-# ------------------- QNX -------------------
-
-S16:64:0:44:M512:		QNX:::QNX demodisk
-
-# ------------------ Novell -----------------
-
-16384:128:1:44:M1460:		Novell:NetWare:5.0:Novel Netware 5.0
-6144:128:1:44:M1460:		Novell:IntranetWare:4.11:Novell IntranetWare 4.11
-6144:128:1:44:M1368:		Novell:BorderManager::Novell BorderManager ?
-
-6144:128:1:52:M*,W0,N,S,N,N:	Novell:Netware:6:Novell Netware 6 SP3
-
-
-# ----------------- SCO ------------------
-S3:64:1:60:M1460,N,W0,N,N,T:	SCO:UnixWare:7.1:SCO UnixWare 7.1
-S17:64:1:60:M1380,N,W0,N,N,T:	SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3
-S23:64:1:44:M1380:		SCO:OpenServer:5.0:SCO OpenServer 5.0
-
-# ------------------- DOS -------------------
-
-2048:255:0:44:M536:		DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
-T2:255:0:44:M984:		DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro)
-
-# ------------------ OS/2 -------------------
-
-S56:64:0:44:M512:		OS/2:4::OS/2 4
-28672:64:0:44:M1460:		OS/2:4::OS/2 Warp 4.0
-
-# ----------------- TOPS-20 -----------------
-
-# Another hardcore MSS, one of the ACK leakers hunted down.
-# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7
-0:64:0:44:M1460:		TOPS-20:7::TOPS-20 version 7
-
-# ----------------- FreeMiNT ----------------
-
-S44:255:0:44:M536:		FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari)
-
-# ------------------ AMIGA ------------------
-
-# XXX TCP option 12
-# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack
-
-# ------------------ Plan9 ------------------
-
-65535:255:0:48:M1460,W0,N:	Plan9:4::Plan9 edition 4
-
-# ----------------- AMIGAOS -----------------
-
-16384:64:1:48:M1560,N,N,S:	AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX
-
-###########################################
-# Appliance / embedded / other signatures #
-###########################################
-
-# ---------- Firewalls / routers ------------
-
-S12:64:1:44:M1460:			@Checkpoint:::Checkpoint (unknown 1)
-S12:64:1:48:N,N,S,M1460:		@Checkpoint:::Checkpoint (unknown 2)
-4096:32:0:44:M1460:			ExtremeWare:4.x::ExtremeWare 4.x
-
-# XXX TCP option 12
-# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3
-# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026
-
-S4:64:1:60:W0,N,S,T,M1460:		FortiNet:FortiGate:50:FortiNet FortiGate 50
-
-8192:64:1:44:M1460:			Eagle:::Eagle Secure Gateway
-
-S52:128:1:48:M1260,N,N,N,N:		LinkSys:WRV54G::LinkSys WRV54G VPN router
-
-
-
-# ------- Switches and other stuff ----------
-
-4128:255:0:44:M*:			Cisco:::Cisco Catalyst 3500, 7500 etc
-S8:255:0:44:M*:				Cisco:12008::Cisco 12008
-60352:128:1:64:M1460,N,W2,N,N,T,N,N,S:	Alteon:ACEswitch::Alteon ACEswitch
-64512:128:1:44:M1370:			Nortel:Contivity Client::Nortel Conectivity Client
-
-
-# ---------- Caches and whatnots ------------
-
-S4:64:1:52:M1460,N,N,S,N,W0:		AOL:web cache::AOL web cache
-
-32850:64:1:64:N,W1,N,N,T,N,N,S,M*:	NetApp:5.x::NetApp Data OnTap 5.x
-16384:64:1:64:M1460,N,N,S,N,W0,N:	NetApp:5.3:1:NetApp 5.3.1
-65535:64:0:64:M1460,N,N,S,N,W*,N,N,T:	NetApp:5.3-5.5::NetApp 5.3-5.5
-65535:64:0:60:M1460,N,W0,N,N,T:		NetApp:CacheFlow::NetApp CacheFlow
-8192:64:1:64:M1460,N,N,S,N,W0,N,N,T:	NetApp:5.2:1:NetApp NetCache 5.2.1
-20480:64:1:64:M1460,N,N,S,N,W0,N,N,T:	NetApp:4.1::NetApp NetCache4.1
-
-65535:64:0:60:M1460,N,W0,N,N,T:		CacheFlow:4.1::CacheFlow CacheOS 4.1
-8192:64:0:60:M1380,N,N,N,N,N,N,T:	CacheFlow:1.1::CacheFlow CacheOS 1.1
-
-S4:64:0:48:M1460,N,N,S:			Cisco:Content Engine::Cisco Content Engine
-
-27085:128:0:40:.:			Dell:PowerApp cache::Dell PowerApp (Linux-based)
-
-65535:255:1:48:N,W1,M1460:		Inktomi:crawler::Inktomi crawler
-S1:255:1:60:M1460,S,T,N,W0:		LookSmart:ZyBorg::LookSmart ZyBorg
-
-16384:255:0:40:.:			Proxyblocker:::Proxyblocker (what's this?)
-
-65535:255:0:48:M*,N,N,S:		Redline:::Redline T|X 2200
-
-32696:128:0:40:M1460:			Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine
-
-# ----------- Embedded systems --------------
-
-S9:255:0:44:M536:			PalmOS:Tungsten:C:PalmOS Tungsten C
-S5:255:0:44:M536:			PalmOS:3::PalmOS 3/4
-S5:255:0:44:M536:			PalmOS:4::PalmOS 3/4
-S4:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5
-2948:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5.3 (Handera)
-S29:255:0:44:M536:			PalmOS:5::PalmOS 5.0
-16384:255:0:44:M1398:			PalmOS:5.2:Clie:PalmOS 5.2 (Clie)
-S14:255:0:44:M1350:			PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo)
-
-S23:64:1:64:N,W1,N,N,T,N,N,S,M1460:	SymbianOS:7::SymbianOS 7
-
-8192:255:0:44:M1460:			SymbianOS:6048::Symbian OS 6048 (Nokia 7650?)
-8192:255:0:44:M536:			SymbianOS:9210::Symbian OS (Nokia 9210?)
-S22:64:1:56:M1460,T,S:			SymbianOS:P800::Symbian OS ? (SE P800?)
-S36:64:1:56:M1360,T,S:			SymbianOS:6600::Symbian OS 60xx (Nokia 6600?)
-
-
-# Perhaps S4?
-5840:64:1:60:M1452,S,T,N,W1:		Zaurus:3.10::Zaurus 3.10
-
-32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S:	PocketPC:2002::PocketPC 2002
-
-S1:255:0:44:M346:			Contiki:1.1:rc0:Contiki 1.1-rc0
-
-4096:128:0:44:M1460:			Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
-T5:64:0:44:M536:			Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027)
-S22:64:1:44:M1460:			Sony:PS2::Sony Playstation 2 (SOCOM?)
-
-S12:64:0:44:M1452:			AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
-
-3100:32:1:44:M1460:			Windows:CE:2.0:Windows CE 2.0
-
-####################
-# Fancy signatures #
-####################
-
-1024:64:0:40:.:				*NMAP:syn scan:1:NMAP syn scan (1)
-2048:64:0:40:.:				*NMAP:syn scan:2:NMAP syn scan (2)
-3072:64:0:40:.:				*NMAP:syn scan:3:NMAP syn scan (3)
-4096:64:0:40:.:				*NMAP:syn scan:4:NMAP syn scan (4)
-
-# Requires quirks support
-# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1)
-# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2)
-# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3)
-# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4)
-
-1024:64:0:60:W10,N,M265,T:		*NMAP:OS:1:NMAP OS detection probe (1)
-2048:64:0:60:W10,N,M265,T:		*NMAP:OS:2:NMAP OS detection probe (2)
-3072:64:0:60:W10,N,M265,T:		*NMAP:OS:3:NMAP OS detection probe (3)
-4096:64:0:60:W10,N,M265,T:		*NMAP:OS:4:NMAP OS detection probe (4)
-
-32767:64:0:40:.:			*NAST:::NASTsyn scan
-
-# Requires quirks support
-# 12345:255:0:40:.:A:-p0f:sendsyn utility
-
-
-#####################################
-# Generic signatures - just in case #
-#####################################
-
-#*:64:1:60:M*,N,W*,N,N,T:		@FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
-#*:64:1:60:M*,N,W*,N,N,T:		@FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
-
-*:128:1:52:M*,N,W0,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
-*:128:1:52:M*,N,W0,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
-*:128:1:52:M*,N,W*,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
-*:128:1:52:M*,N,W*,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
-*:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
-*:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
-*:128:1:64:M*,N,W*,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP (RFC1323, w+)
-*:128:1:48:M536,N,N,S:			@Windows:98::Windows 98
-*:128:1:48:M*,N,N,S:			@Windows:XP::Windows XP/2000
-*:128:1:48:M*,N,N,S:			@Windows:2000::Windows XP/2000
-
-

Property changes on: projects/clang700-import/etc/pf.os
___________________________________________________________________
Deleted: svn:keywords
## -1 +0,0 ##
-FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/etc/snmpd.config
===================================================================
--- projects/clang700-import/etc/snmpd.config	(revision 337646)
+++ projects/clang700-import/etc/snmpd.config	(nonexistent)
@@ -1,322 +0,0 @@
-# $FreeBSD$
-#
-# Example configuration file for bsnmpd(1).
-#
-
-#
-# Set some common variables
-#
-location := "Room 200"
-contact := "sysmeister@example.com"
-system := 1	# FreeBSD
-traphost := localhost
-trapport := 162
-
-#
-# Set the SNMP engine ID.
-#
-# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
-# this configuration file, an ID is assigned based on the value of the
-# kern.hostid variable
-# engine := 0x80:0x10:0x08:0x10:0x80:0x25
-# snmpEngineID = $(engine)
-
-# Change this!
-read := "public"
-# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
-# string to enable write access.
-write := "geheim"
-trap := "mytrap"
-
-#
-# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
-#
-
-NoAuthProtocol		:= 1.3.6.1.6.3.10.1.1.1
-HMACMD5AuthProtocol	:= 1.3.6.1.6.3.10.1.1.2
-HMACSHAAuthProtocol	:= 1.3.6.1.6.3.10.1.1.3
-NoPrivProtocol		:= 1.3.6.1.6.3.10.1.2.1
-DESPrivProtocol		:= 1.3.6.1.6.3.10.1.2.2
-AesCfb128Protocol	:= 1.3.6.1.6.3.10.1.2.4
-
-#
-# Enumerations from SNMP-FRAMEWORK-MIB
-#
-
-# Security models
-securityModelAny	:= 0
-securityModelSNMPv1	:= 1
-securityModelSNMPv2c	:= 2
-securityModelUSM	:= 3
-
-# Message Processing models
-MPmodelSNMPv1		:= 0
-MPmodelSNMPv2c		:= 1
-MPmodelSNMPv3		:= 3
-
-# Security levels
-noAuthNoPriv := 1
-authNoPriv := 2
-authPriv := 3
-
-
-# SNMPv3 USM User definition
-#
-# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
-# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
-# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
-# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
-# with a private password "bsnmptest", localized for the above engine ID.
-#
-#user1 := "bsnmp"
-#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
-
-#
-# Configuration
-#
-%snmpd
-begemotSnmpdDebugDumpPdus	= 2
-begemotSnmpdDebugSyslogPri	= 7
-
-#
-# Set the read and write communities.
-#
-# The default value of the community strings is NULL (note, that this is
-# different from the empty string). This disables both read and write access.
-# To enable read access only the read community string must be set. Setting
-# the write community string enables both read and write access with that
-# string.
-#
-# Be sure to understand the security implications of SNMPv2 - the community
-# strings are readable on the wire!
-#
-begemotSnmpdCommunityString.0.1	= $(read)
-# begemotSnmpdCommunityString.0.2	= $(write)
-begemotSnmpdCommunityDisable	= 1
-
-# open standard SNMP ports
-begemotSnmpdPortStatus.0.0.0.0.161 = 1
-
-# open a unix domain socket
-begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
-begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
-
-# send traps to the traphost
-begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
-begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
-begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
-
-sysContact	= $(contact)
-sysLocation	= $(location)
-sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)
-
-snmpEnableAuthenTraps = 2
-
-# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable
-# modules
-
-#
-# Control configuration for the modules in the module specific sections, e.g.
-# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the
-# %usm specific section. You must uncomment the section specific header in
-# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)`
-# can only be used if %usm is uncommented.
-#
-# Modules are loaded in the order listed, so they must be before any
-# dependent modules, e.g. "mibII" vs "bridge".
-#
-
-#
-# MIB-2 module
-#
-begemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
-
-#
-# Bridge module
-#  This requires the mibII module.
-#
-#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
-
-#
-# Host resources module
-#  This requires the mibII module.
-#
-#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
-
-#
-# LM75 Sensor module
-#
-#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"
-
-#
-# Netgraph module
-#
-#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
-
-#
-# pf(4) module
-#
-#begemotSnmpdModulePath."pf"	= "/usr/lib/snmp_pf.so"
-
-#
-# SNMPv3 Notification Targets
-#
-# begemotSnmpdModulePath."target"	= "/usr/lib/snmp_target.so"
-
-#
-# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
-#
-#begemotSnmpdModulePath."usm"	= "/usr/lib/snmp_usm.so"
-
-#
-# SNMPv3 View-based Access Control module
-#
-#begemotSnmpdModulePath."vacm"	= "/usr/lib/snmp_vacm.so"
-
-#
-# Wireless module
-#  This requires the mibII module.
-#
-#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
-
-#
-# SNMPv3 USM User definition.
-#
-
-#%usm
-
-#
-# The following block creates a user with name "bsnmp" and sets privacy
-# and encryption options to SHA256 message digests and AES encryption
-# for this user.
-#
-# usmUserStatus.$(engine).$(user1) = 5
-# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
-# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
-# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
-# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
-# usmUserStatus.$(engine).$(user1) = 1
-#
-
-#
-# The following block creates a user with name "public" with no authentication
-# or encryption options.
-#
-# usmUserStatus.$(engine).$(read) = 5
-# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
-# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
-# usmUserStatus.$(engine).$(read) = 1
-#
-
-#
-# Definition of view-based access control entries.
-#
-#%vacm
-
-# Definition of a SNMPv1 group
-# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
-# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
-
-# Definition of SNMPv2 group
-# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
-# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
-
-# Definition of SNMPv3 group with users "bsnmp" and "public"
-# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
-# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
-# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
-# vacmGroupName.$(securityModelUSM).$(read) = $(write)
-
-#
-# The OID of the .iso.org.dod.internet subtree
-#
-# internetoid := 1.3.6.1
-# internetoidlen := 4
-
-#
-# Definitions of two views
-#
-# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
-# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
-
-#
-# Access control
-#
-
-#
-# Read-only access for SNMPv1 users
-#
-# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
-# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
-
-#
-# Read-write access for SNMPv2 users
-#
-# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
-# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
-# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
-
-#
-# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
-#
-# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
-# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
-# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
-# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
-
-#
-#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
-#
-# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4
-# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
-# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
-# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
-
-#%target
-# Send notifications to target tag "test"
-# tag		:= "test"
-# snmpNotifyRowStatus.$(tag) = 4
-# snmpNotifyTag.$(tag) = $(tag)
-
-# tagremote		:= "testremote"
-# snmpNotifyRowStatus.$(tagremote) = 4
-# snmpNotifyTag.$(tagremote) = $(tagremote)
-
-#
-# Specify the target parameters for the notifications - send with the credentials
-# of user "bsnmp"
-#
-# snmpTargetParamsRowStatus.$(tag) = 5
-# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
-# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
-# snmpTargetParamsSecurityName.$(tag) = $(user1)
-# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
-# snmpTargetParamsRowStatus.$(tag) = 1
-
-#
-# Define the notifications' target address - port 162 on localhost
-#
-# snmpTargetAddrRowStatus.$(tag) = 5
-# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
-# snmpTargetAddrTagList.$(tag) = "test notification"
-# snmpTargetAddrParams.$(tag) = $(tag)
-# snmpTargetAddrRowStatus.$(tag) = 1
-
-#
-# Define the notifications' target address - port 162 on 10.0.0.1
-#
-# snmpTargetAddrRowStatus.$(tagremote) = 5
-# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
-# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
-# snmpTargetAddrParams.$(tagremote) = $(tag)
-# snmpTargetAddrRowStatus.$(tagremote) = 1
-
-# Force a polling rate for the 64-bit interface counters in case
-# the automatic computation is wrong (which may be the case if an interface
-# announces the wrong bit rate via its MIB).
-#%mibII
-#begemotIfForcePoll = 2000
-
-#%netgraph
-#begemotNgControlNodeName = "snmpd"
-

Property changes on: projects/clang700-import/etc/snmpd.config
___________________________________________________________________
Deleted: svn:keywords
## -1 +0,0 ##
-FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/etc/cron.d/at
===================================================================
--- projects/clang700-import/etc/cron.d/at	(revision 337646)
+++ projects/clang700-import/etc/cron.d/at	(nonexistent)
@@ -1,7 +0,0 @@
-# $FreeBSD$
-#
-SHELL=/bin/sh
-PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
-
-# See crontab(5) for field format.
-*/5	*	*	*	*	root	/usr/libexec/atrun

Property changes on: projects/clang700-import/etc/cron.d/at
___________________________________________________________________
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:keywords
## -1 +0,0 ##
-FreeBSD=%H
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: projects/clang700-import/etc/cron.d/Makefile
===================================================================
--- projects/clang700-import/etc/cron.d/Makefile	(revision 337646)
+++ projects/clang700-import/etc/cron.d/Makefile	(nonexistent)
@@ -1,11 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-.if ${MK_AT} != "no"
-FILES+=		at
-.endif
-
-BINDIR=		/etc/cron.d
-
-.include <bsd.prog.mk>

Property changes on: projects/clang700-import/etc/cron.d/Makefile
___________________________________________________________________
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:keywords
## -1 +0,0 ##
-FreeBSD=%H
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: projects/clang700-import/etc/Makefile
===================================================================
--- projects/clang700-import/etc/Makefile	(revision 337646)
+++ projects/clang700-import/etc/Makefile	(revision 337647)
@@ -1,373 +1,347 @@
 #	from: @(#)Makefile	5.11 (Berkeley) 5/21/91
 # $FreeBSD$
 
 .include <src.opts.mk>
 
 FILESGROUPS=	FILES
 
 # No need as it is empty and just causes rebuilds since this file does so much.
 UPDATE_DEPENDFILE=	no
 
 .if ${MK_SENDMAIL} != "no"
 SUBDIR+=sendmail
 .endif
 
 BIN1=	crontab \
 	devd.conf \
 	devfs.conf \
-	ddb.conf \
 	dhclient.conf \
 	disktab \
 	fbtab \
 	gettytab \
 	group \
 	hosts \
 	hosts.allow \
 	hosts.equiv \
 	libalias.conf \
 	libmap.conf \
 	login.access \
 	login.conf \
 	mac.conf \
 	motd \
 	netconfig \
 	networks \
 	newsyslog.conf \
 	nsswitch.conf \
 	phones \
 	profile \
 	protocols \
 	rc.bsdextended \
 	rc.firewall \
 	remote \
 	rpc \
 	services \
-	sysctl.conf \
 	syslog.conf \
 	termcap.small
 
 .if exists(${.CURDIR}/etc.${MACHINE}/ttys)
 BIN1+=	etc.${MACHINE}/ttys
 .elif exists(${.CURDIR}/etc.${MACHINE_ARCH}/ttys)
 BIN1+=	etc.${MACHINE_ARCH}/ttys
 .elif exists(${.CURDIR}/etc.${MACHINE_CPUARCH}/ttys)
 BIN1+=	etc.${MACHINE_CPUARCH}/ttys
 .else
 .error etc.MACHINE/ttys missing
 .endif
 
-OPENBSMDIR=			${SRCTOP}/contrib/openbsm
-BSM_ETC_OPEN_FILES=		${OPENBSMDIR}/etc/audit_class \
-				${OPENBSMDIR}/etc/audit_event
-BSM_ETC_RESTRICTED_FILES=	${OPENBSMDIR}/etc/audit_control \
-				${OPENBSMDIR}/etc/audit_user
-BSM_ETC_EXEC_FILES=		${OPENBSMDIR}/etc/audit_warn
-BSM_ETC_DIR=			${DESTDIR}/etc/security
-
 # NB: keep these sorted by MK_* knobs
 
 .if ${MK_AMD} != "no"
 BIN1+= amd.map
 .endif
 
 .if ${MK_FTP} != "no"
 BIN1+= ftpusers
 .endif
 
 .if ${MK_INETD} != "no"
 BIN1+= inetd.conf
 .endif
 
 .if ${MK_LOCATE} != "no"
 BIN1+=	${SRCTOP}/usr.bin/locate/locate/locate.rc
 .endif
 
 .if ${MK_LPR} != "no"
 BIN1+=	hosts.lpd printcap
 .endif
 
 .if ${MK_MAIL} != "no"
 BIN1+=	${SRCTOP}/usr.bin/mail/misc/mail.rc
 .endif
 
 .if ${MK_NTP} != "no"
 BIN1+=	ntp.conf
 .endif
 
 .if ${MK_OPENSSH} != "no"
 SSH=	${SRCTOP}/crypto/openssh/ssh_config \
 	${SRCTOP}/crypto/openssh/sshd_config \
 	${SRCTOP}/crypto/openssh/moduli
 .endif
 .if ${MK_OPENSSL} != "no"
 SSL=	${SRCTOP}/crypto/openssl/apps/openssl.cnf
 .endif
 
-.if ${MK_PF} != "no"
-BIN1+= pf.os
-.endif
-
 .if ${MK_SENDMAIL} != "no"
 BIN1+=	rc.sendmail
 .endif
 
 .if ${MK_TCSH} != "no"
 BIN1+= csh.cshrc csh.login csh.logout
 .endif
 
 .if ${MK_WIRELESS} != "no"
 BIN1+= regdomain.xml
 .endif
 
 .if ${MK_SENDMAIL} == "no"
 ETCMAIL=mailer.conf aliases
 .else
 ETCMAIL=Makefile README mailer.conf access.sample virtusertable.sample \
 	mailertable.sample aliases
 .endif
 
 # Special top level files for FreeBSD
 FREEBSD=COPYRIGHT
 
 # Sanitize DESTDIR
 DESTDIR:=	${DESTDIR:C://*:/:g}
 
 afterinstall:
 .if ${MK_MAN} != "no"
 	${_+_}cd ${SRCTOP}/share/man; ${MAKE} makedb
 .endif
 
 distribute:
 	# Avoid installing tests here; "make distribution" will do this and
 	# correctly place them in the right location.
 	${_+_}cd ${.CURDIR} ; ${MAKE} MK_TESTS=no install \
 	    DESTDIR=${DISTDIR}/${DISTRIBUTION}
 	${_+_}cd ${.CURDIR} ; ${MAKE} distribution DESTDIR=${DISTDIR}/${DISTRIBUTION}
 
 .include <bsd.endian.mk>
 
 .if defined(NO_ROOT)
 METALOG.add?=	cat -l >> ${METALOG}
 .endif
 
 distribution:
 .if !defined(DESTDIR)
 	@echo "set DESTDIR before running \"make ${.TARGET}\""
 	@false
 .endif
 	cd ${.CURDIR}; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 		${BIN1} ${DESTDIR}/etc; \
 	    cap_mkdb ${CAP_MKDB_ENDIAN} ${DESTDIR}/etc/login.conf; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
 		master.passwd nsmb.conf opieaccess ${DESTDIR}/etc;
 
 .if ${MK_SERVICESDB} != "no"
 	cd ${.CURDIR}; \
 	    services_mkdb ${CAP_MKDB_ENDIAN} -q -o ${DESTDIR}/var/db/services.db \
 		${DESTDIR}/etc/services;
 .endif
 
-.if ${MK_BSNMP} != "no"
-	cd ${.CURDIR}; \
-	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
-		snmpd.config ${DESTDIR}/etc;
-.endif
 .if ${MK_TCSH} == "no"
 	sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd
 .endif
 	pwd_mkdb -i -p -d ${DESTDIR}/etc ${DESTDIR}/etc/master.passwd
 .if defined(NO_ROOT)
 	( \
 		echo "./etc/login.conf.db type=file mode=0644 uname=root gname=wheel"; \
 		echo "./etc/passwd type=file mode=0644 uname=root gname=wheel"; \
 		echo "./etc/pwd.db type=file mode=0644 uname=root gname=wheel"; \
 		echo "./etc/spwd.db type=file mode=0600 uname=root gname=wheel"; \
 		echo "./var/db/services.db type=file mode=0644 uname=root gname=wheel"; \
 	) | ${METALOG.add}
 .endif
 .if ${MK_BLUETOOTH} != "no"
 	${_+_}cd ${.CURDIR}/bluetooth; ${MAKE} install
 .endif
-	${_+_}cd ${.CURDIR}/cron.d; ${MAKE} install
 	${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
 	${_+_}cd ${.CURDIR}/devd; ${MAKE} install
 	${_+_}cd ${.CURDIR}/gss; ${MAKE} install
 	${_+_}cd ${.CURDIR}/mtree; ${MAKE} install
 	${_+_}cd ${.CURDIR}/newsyslog.conf.d; ${MAKE} install
 .if ${MK_NTP} != "no"
 	${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
 .endif
 	${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
 	${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap
 	${_+_}cd ${.CURDIR}/syslog.d; ${MAKE} install
 	${_+_}cd ${SRCTOP}/usr.sbin/rmt; ${MAKE} etc-rmt
 	${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install
-	cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0444 \
-	    ${BSM_ETC_OPEN_FILES} ${BSM_ETC_DIR}
-	cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0600 \
-	    ${BSM_ETC_RESTRICTED_FILES} ${BSM_ETC_DIR}
-	cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0500 \
-	    ${BSM_ETC_EXEC_FILES} ${BSM_ETC_DIR}
 .if ${MK_UNBOUND} != "no"
 	if [ ! -e ${DESTDIR}/etc/unbound ]; then \
 		${INSTALL_SYMLINK} ../var/unbound ${DESTDIR}/etc/unbound; \
 	fi
 .endif
 .if ${MK_SENDMAIL} != "no"
 	${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution
 .endif
 .if ${MK_OPENSSH} != "no"
 	cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 	    ${SSH} ${DESTDIR}/etc/ssh
 .endif
 .if ${MK_OPENSSL} != "no"
 	cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 	    ${SSL} ${DESTDIR}/etc/ssl
 .endif
 .if ${MK_KERBEROS} != "no"
 	cd ${.CURDIR}/root; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 		dot.k5login ${DESTDIR}/root/.k5login;
 .endif
 	cd ${.CURDIR}/root; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 		dot.profile ${DESTDIR}/root/.profile; \
 	    rm -f ${DESTDIR}/.profile; \
 	    ${INSTALL_LINK} ${DESTDIR}/root/.profile ${DESTDIR}/.profile
 .if ${MK_TCSH} != "no"
 	cd ${.CURDIR}/root; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 		dot.cshrc ${DESTDIR}/root/.cshrc; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 		dot.login ${DESTDIR}/root/.login; \
 	    rm -f ${DESTDIR}/.cshrc; \
 	    ${INSTALL_LINK} ${DESTDIR}/root/.cshrc ${DESTDIR}/.cshrc
 .endif
 .if ${MK_MAIL} != "no"
 	cd ${.CURDIR}/mail; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 	    ${ETCMAIL} ${DESTDIR}/etc/mail
 	if [ -d ${DESTDIR}/etc/mail -a -f ${DESTDIR}/etc/mail/aliases -a \
 	      ! -f ${DESTDIR}/etc/aliases ]; then \
 		${INSTALL_SYMLINK} mail/aliases ${DESTDIR}/etc/aliases; \
 	fi
 .endif
 .if ${MK_LOCATE} != "no"
 	${INSTALL} -o nobody -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/db/locate.database
 .endif
 	cd ${.CURDIR}/..; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
 		${FREEBSD} ${DESTDIR}/
 .if ${MK_BOOT} != "no"
 .if exists(${SRCTOP}/sys/${MACHINE}/conf/GENERIC.hints)
 	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
 	    ${SRCTOP}/sys/${MACHINE}/conf/GENERIC.hints \
 	    ${DESTDIR}/boot/device.hints
 .endif
 .endif
 .if ${MK_NIS} == "no"
 	sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \
 		${DESTDIR}/etc/nsswitch.conf
 .endif
 
 MTREE_CMD?=	mtree
 
 MTREES=		mtree/BSD.root.dist		/		\
 		mtree/BSD.var.dist		/var		\
 		mtree/BSD.usr.dist		/usr		\
 		mtree/BSD.include.dist		/usr/include	\
 		mtree/BSD.debug.dist		/usr/lib
 .if ${MK_LIB32} != "no"
 MTREES+=	mtree/BSD.lib32.dist		/usr
 MTREES+=	mtree/BSD.lib32.dist		/usr/lib/debug/usr
 .endif
 .if ${MK_LIBSOFT} != "no"
 MTREES+=	mtree/BSD.libsoft.dist		/usr
 MTREES+=	mtree/BSD.libsoft.dist		/usr/lib/debug/usr
 .endif
 .if ${MK_TESTS} != "no"
 MTREES+=	mtree/BSD.tests.dist		${TESTSBASE}
 MTREES+=	mtree/BSD.tests.dist		/usr/lib/debug/${TESTSBASE}
 .endif
 .if ${MK_SENDMAIL} != "no"
 MTREES+=	mtree/BSD.sendmail.dist		/
 .endif
 .for mtree in ${LOCAL_MTREE}
 MTREES+=	../${mtree}			/
 .endfor
 
 # Clean up some directories that where mistakenly created as files that
 # should not have been as part of the nvi update in r281994.
 # This should be removed after 11.0-RELEASE.
 DISTRIB_CLEANUP_SHARE_FILES=	${SHAREDIR}/doc/usd/10.exref ${SHAREDIR}/doc/usd/11.edit
 DISTRIB_CLEANUP_SHARE_FILES+=	${SHAREDIR}/doc/usd/12.vi ${SHAREDIR}/doc/usd/13.viref
 distrib-cleanup: .PHONY
 	for file in ${DISTRIB_CLEANUP_SHARE_FILES}; do \
 		if [ -f ${DESTDIR}/$${file} ]; then \
 			rm -f ${DESTDIR}/$${file}; \
 		fi; \
 	done
 
 distrib-dirs: ${MTREES:N/*} distrib-cleanup .PHONY
 	@set ${MTREES}; \
 	while test $$# -ge 2; do \
 		m=${.CURDIR}/$$1; \
 		shift; \
 		d=${DESTDIR}$$1; \
 		shift; \
 		test -d $$d || mkdir -p $$d; \
 		${ECHO} ${MTREE_CMD} -deU ${MTREE_FSCHG} \
 		    ${MTREE_FOLLOWS_SYMLINKS} -f $$m -p $$d; \
 		${MTREE_FILTER} $$m | \
 		${MTREE_CMD} -deU ${MTREE_FSCHG} ${MTREE_FOLLOWS_SYMLINKS} \
 		    -p $$d; \
 	done; true
 .if defined(NO_ROOT)
 	@set ${MTREES}; \
 	while test $$# -ge 2; do \
 		m=${.CURDIR}/$$1; \
 		shift; \
 		d=$$1; \
 		test "$$d" == "/" && d=""; \
 		d=${DISTBASE}$$d; \
 		shift; \
 		test -d ${DESTDIR}/$$d || mkdir -p ${DESTDIR}/$$d; \
 		${ECHO} "${MTREE_CMD:N-W} -C -f $$m -K all | " \
 		    "sed s#^\.#.$$d# | ${METALOG.add}" ; \
 		${MTREE_FILTER} $$m | \
 		${MTREE_CMD:N-W} -C -K all | sed s#^\.#.$$d# | \
 		    ${METALOG.add} ; \
 	done; true
 .endif
 .if ${MK_NLS} != "no"
 	set - `grep "^[a-zA-Z]" ${.CURDIR}/nls.alias`; \
 	while [ $$# -gt 0 ] ; do \
 		${INSTALL_SYMLINK} "$$2" "${DESTDIR}${SHAREDIR}/nls/$$1"; \
 		shift; shift; \
 	done
 .endif
 
 etc-examples-install: ${META_DEPS}
 	cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \
 	    ${BIN1} ${BIN2} nsmb.conf opieaccess \
 	    ${DESTDIR}${SHAREDIR}/examples/etc
 
 etc-examples: etc-examples-install
 	${_+_}cd ${.CURDIR}/defaults; \
 	    ${MAKE} ${${MK_STAGING} == "yes":?all:install} \
 	    DESTDIR=${DESTDIR}${SHAREDIR}/examples
 
 .include <bsd.prog.mk>
 
 .if ${MK_INSTALL_AS_USER} == "yes" && ${_uid} != 0
 MTREE_FILTER= sed -e 's,\([gu]\)name=,\1id=,g' \
 	-e 's,\(uid=\)[^ ]* ,\1${_uid} ,' \
 	-e 's,\(gid=\)[^ ]* ,\1${_gid} ,' \
 	-e 's,\(uid=\)[^ ]*$$,\1${_uid},' \
 	-e 's,\(gid=\)[^ ]*$$,\1${_gid},'
 .else
 MTREE_FILTER= cat
 .if !defined(NO_FSCHG)
 MTREE_FSCHG=	-i
 .endif
 .endif
Index: projects/clang700-import/sbin/ddb/Makefile
===================================================================
--- projects/clang700-import/sbin/ddb/Makefile	(revision 337646)
+++ projects/clang700-import/sbin/ddb/Makefile	(revision 337647)
@@ -1,10 +1,11 @@
 # $FreeBSD$
 
+CONFS=	ddb.conf
 PACKAGE=runtime
 PROG=	ddb
 SRCS=	ddb.c ddb_capture.c ddb_script.c
 MAN=	ddb.8
 
 LIBADD=	kvm
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/sbin/ddb/ddb.conf
===================================================================
--- projects/clang700-import/sbin/ddb/ddb.conf	(nonexistent)
+++ projects/clang700-import/sbin/ddb/ddb.conf	(revision 337647)
@@ -0,0 +1,15 @@
+# $FreeBSD$
+#
+#  This file is read when going to multi-user and its contents piped thru
+#  ``ddb'' to define debugging scripts.
+#
+# see ``man 4 ddb'' and ``man 8 ddb'' for details.
+#
+
+script lockinfo=show locks; show alllocks; show lockedvnods
+
+# kdb.enter.panic	panic(9) was called.
+script kdb.enter.panic=textdump set; capture on; run lockinfo; show pcpu; bt; ps; alltrace; capture off; call doadump; reset
+
+# kdb.enter.witness	witness(4) detected a locking error.
+script kdb.enter.witness=run lockinfo

Property changes on: projects/clang700-import/sbin/ddb/ddb.conf
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/sbin/pfctl/Makefile
===================================================================
--- projects/clang700-import/sbin/pfctl/Makefile	(revision 337646)
+++ projects/clang700-import/sbin/pfctl/Makefile	(revision 337647)
@@ -1,37 +1,38 @@
 # $FreeBSD$
 
 .include <src.opts.mk>
 
 # pf_ruleset.c is shared between kernel and pfctl
 .PATH: ${SRCTOP}/sys/netpfil/pf
 
 PACKAGE=pf
+CONFS=	pf.os
 PROG=	pfctl
 MAN=	pfctl.8
 
 SRCS = pfctl.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c
 SRCS+= pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c
 SRCS+= pfctl_optimize.c
 SRCS+= pf_ruleset.c
 
 WARNS?=	2
 CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized
 CFLAGS+= -Wstrict-prototypes
 CFLAGS+= -DENABLE_ALTQ -I${.CURDIR}
 
 # Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords
 .if ${MK_INET6_SUPPORT} != "no"
 CFLAGS+= -DWITH_INET6
 .endif
 .if ${MK_INET_SUPPORT} != "no"
 CFLAGS+= -DWITH_INET
 .endif
 
 YFLAGS=
 
 LIBADD=	m md
 
 HAS_TESTS=
 SUBDIR.${MK_TESTS}+= tests
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/sbin/pfctl/pf.os
===================================================================
--- projects/clang700-import/sbin/pfctl/pf.os	(nonexistent)
+++ projects/clang700-import/sbin/pfctl/pf.os	(revision 337647)
@@ -0,0 +1,709 @@
+# $FreeBSD$
+# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $
+# passive OS fingerprinting
+# -------------------------
+#
+# SYN signatures. Those signatures work for SYN packets only (duh!).
+#
+# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
+# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
+#
+#  Permission to use, copy, modify, and distribute this software for any
+#  purpose with or without fee is hereby granted, provided that the above
+#  copyright notice and this permission notice appear in all copies.
+#
+#  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+#  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+#  ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+#  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+#  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+#  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+#
+# This fingerprint database is adapted from Michal Zalewski's p0f passive
+# operating system package.  The last database sync was from a Nov 3 2003
+# p0f.fp.
+#
+#
+# Each line in this file specifies a single fingerprint. Please read the
+# information below carefully before attempting to append any signatures
+# reported as UNKNOWN to this file to avoid mistakes.
+#
+# We use the following set metrics for fingerprinting:
+#
+# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
+#   performance control (max. amount of data to be sent without ACK).
+#   Some systems use a fixed value for initial packets. On other
+#   systems, it is a multiple of MSS or MTU (MSS+40). In some rare
+#   cases, the value is just arbitrary.
+#
+#   NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
+#   appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
+#   means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
+#   value of nn is not fixed (unlikely), just copy the Snn or Tnn token
+#   literally. If you know this device has a simple stack and a fixed
+#   MTU, you can however multiply S value by MSS, or T value by MSS+40,
+#   and put it instead of Snn or Tnn.
+#
+#   If WSS otherwise looks like a fixed value (for example a multiple
+#   of two), or if you can confirm the value is fixed, please quote
+#   it literally. If there's no apparent pattern in WSS chosen, you
+#   should consider wildcarding this value.
+#
+# - Overall packet size - a function of all IP and TCP options and bugs.
+#
+#   NEW SIGNATURE: Copy this value literally.
+#
+# - Initial TTL - We check the actual TTL of a received packet. It can't
+#   be higher than the initial TTL, and also shouldn't be dramatically
+#   lower (maximum distance is defined as 40 hops).
+#
+#   NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
+#   You need to determine the initial TTL. The best way to do it is to
+#   check the documentation for a remote system, or check its settings.
+#   A fairly good method is to simply round the observed TTL up to
+#   32, 64, 128, or 255, but it should be noted that some obscure devices
+#   might not use round TTLs (in particular, some shoddy appliances use
+#   "original" initial TTL settings). If not sure, you can see how many
+#   hops you're away from the remote party with traceroute or mtr.
+#
+# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
+#   discovery. Others do not bother.
+#
+#   NEW SIGNATURE: Copy this value literally.
+#
+# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
+#   uses it to determine link type of the remote host.
+#
+#   NEW SIGNATURE: Always wildcard this value, except for rare cases when
+#   you have an appliance with a fixed value, know the system supports only
+#   a very limited number of network interface types, or know the system
+#   is using a value it pulled out of nowhere.  Specific unique MSS
+#   can be used to tell Google crawlbots from the rest of the population.
+#
+# - Window scaling (WSCALE) - this feature is used to scale WSS.
+#   It extends the size of a TCP/IP window to 32 bits. Some modern
+#   systems implement this feature.
+#
+#   NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
+#   to zero or other low value. There's usually no need to wildcard this
+#   parameter.
+#
+# - Timestamp - some systems that implement timestamps set them to
+#   zero in the initial SYN. This case is detected and handled appropriately.
+#
+# - Selective ACK permitted - a flag set by systems that implement
+#   selective ACK functionality.
+#
+# - The sequence of TCP all options (MSS, window scaling, selective ACK
+#   permitted, timestamp, NOP). Other than the options previously
+#   discussed, p0f also checks for timestamp option (a silly
+#   extension to broadcast your uptime ;-), NOP options (used for
+#   header padding) and sackOK option (selective ACK feature).
+#
+#   NEW SIGNATURE: Copy the sequence literally.
+#
+# To wildcard any value (except for initial TTL or TCP options), replace
+# it with '*'. You can also use a modulo operator to match any values
+# that divide by nnn - '%nnn'.
+#
+# Fingerprint entry format:
+#
+# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
+#
+# wwww     - window size (can be *, %nnn, Snn or Tnn).  The special values
+#            "S" and "T" which are a multiple of MSS or a multiple of MTU
+#            respectively.
+# ttt      - initial TTL
+# D        - don't fragment bit (0 - not set, 1 - set)
+# ss       - overall SYN packet size
+# OOO      - option value and order specification (see below)
+# OS       - OS genre (Linux, Solaris, Windows)
+# Version  - OS Version (2.0.27 on x86, etc)
+# Subtype  - OS subtype or patchlevel (SP3, lo0)
+# details  - Generic OS details
+#
+# If OS genre starts with '*', p0f will not show distance, link type
+# and timestamp data. It is useful for userland TCP/IP stacks of
+# network scanners and so on, where many settings are randomized or
+# bogus.
+#
+# If OS genre starts with @, it denotes an approximate hit for a group
+# of operating systems (signature reporting still enabled in this case).
+# Use this feature at the end of this file to catch cases for which
+# you don't have a precise match, but can tell it's Windows or FreeBSD
+# or whatnot by looking at, say, flag layout alone.
+#
+# Option block description is a list of comma or space separated
+# options in the order they appear in the packet:
+#
+# N	   - NOP option
+# Wnnn	   - window scaling option, value nnn (or * or %nnn)
+# Mnnn	   - maximum segment size option, value nnn (or * or %nnn)
+# S	   - selective ACK OK
+# T	   - timestamp
+# T0	   - timestamp with a zero value
+#
+# To denote no TCP options, use a single '.'.
+#
+# Please report any additions to this file, or any inaccuracies or
+# problems spotted, to the maintainers: lcamtuf@coredump.cx,
+# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
+# capture of the relevant SYN packet(s)
+#
+# A test and submission page is available at
+# http://lcamtuf.coredump.cx/p0f-help/
+#
+#
+# WARNING WARNING WARNING
+# -----------------------
+#
+# Do not add a system X as OS Y just because NMAP says so. It is often
+# the case that X is a NAT firewall. While nmap is talking to the
+# device itself, p0f is fingerprinting the guy behind the firewall
+# instead.
+#
+# When in doubt, use common sense, don't add something that looks like
+# a completely different system as Linux or FreeBSD or LinkSys router.
+# Check DNS name, establish a connection to the remote host and look
+# at SYN+ACK - does it look similar?
+#
+# Some users tweak their TCP/IP settings - enable or disable RFC1323
+# functionality, enable or disable timestamps or selective ACK,
+# disable PMTU discovery, change MTU and so on. Always compare a new rule
+# to other fingerprints for this system, and verify the system isn't
+# "customized" before adding it. It is OK to add signature variants
+# caused by a commonly used software (personal firewalls, security
+# packages, etc), but it makes no sense to try to add every single
+# possible /proc/sys/net/ipv4 tweak on Linux or so.
+#
+# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
+# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
+# normalize packets. Signatures will not correspond to the originating
+# system (and probably not quite to the firewall either).
+#
+# NOTE: Try to keep this file in some reasonable order, from most to
+# least likely systems. This will speed up operation. Also keep most
+# generic and broad rules near the end.
+#
+
+##########################
+# Standard OS signatures #
+##########################
+
+# ----------------- AIX ---------------------
+
+# AIX is first because its signatures are close to NetBSD, MacOS X and
+# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
+# This is a shoddy hack, though.
+
+45046:64:0:44:M*:		AIX:4.3::AIX 4.3
+16384:64:0:44:M512:		AIX:4.3:2-3:AIX 4.3.2 and earlier
+
+16384:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
+16384:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
+32768:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
+32768:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
+65535:64:0:60:M512,N,W%2,N,N,T:		AIX:4.3:3:AIX 4.3.3-5.2
+65535:64:0:60:M512,N,W%2,N,N,T:		AIX:5.1-5.2::AIX 4.3.3-5.2
+65535:64:0:64:M*,N,W1,N,N,T,N,N,S:	AIX:5.3:ML1:AIX 5.3 ML1
+
+# ----------------- Linux -------------------
+
+# S1:64:0:44:M*:A:		Linux:1.2::Linux 1.2.x (XXX quirks support)
+512:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x
+16384:64:0:44:M*:		Linux:2.0:3x:Linux 2.0.3x
+
+# Endian snafu! Nelson says "ha-ha":
+2:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
+64:64:0:44:M*:			Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
+
+
+S4:64:1:60:M1360,S,T,N,W0:	Linux:google::Linux (Google crawlbot)
+
+S2:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4 (big boy)
+S3:64:1:60:M*,S,T,N,W0:		Linux:2.4:.18-21:Linux 2.4.18 and newer
+S4:64:1:60:M*,S,T,N,W0:		Linux:2.4::Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W0:		Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
+
+S4:64:1:60:M*,S,T,N,W5:		Linux:2.6::Linux 2.6 (newer, 1)
+S4:64:1:60:M*,S,T,N,W6:		Linux:2.6::Linux 2.6 (newer, 2)
+S4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 3)
+T4:64:1:60:M*,S,T,N,W7:		Linux:2.6::Linux 2.6 (newer, 4)
+
+S10:64:1:60:M*,S,T,N,W4:	Linux:3.0::Linux 3.0
+
+S3:64:1:60:M*,S,T,N,W1:		Linux:2.5::Linux 2.5 (sometimes 2.4)
+S4:64:1:60:M*,S,T,N,W1:		Linux:2.5-2.6::Linux 2.5/2.6
+S3:64:1:60:M*,S,T,N,W2:		Linux:2.5::Linux 2.5 (sometimes 2.4)
+S4:64:1:60:M*,S,T,N,W2:		Linux:2.5::Linux 2.5 (sometimes 2.4)
+
+S20:64:1:60:M*,S,T,N,W0:	Linux:2.2:20-25:Linux 2.2.20 and newer
+S22:64:1:60:M*,S,T,N,W0:	Linux:2.2::Linux 2.2
+S11:64:1:60:M*,S,T,N,W0:	Linux:2.2::Linux 2.2
+
+# Popular cluster config scripts disable timestamps and
+# selective ACK:
+S4:64:1:48:M1460,N,W0:		Linux:2.4:cluster:Linux 2.4 in cluster
+
+# This needs to be investigated. On some systems, WSS
+# is selected as a multiple of MTU instead of MSS. I got
+# many submissions for this for many late versions of 2.4:
+T4:64:1:60:M1412,S,T,N,W0:	Linux:2.4::Linux 2.4 (late, uncommon)
+
+# This happens only over loopback, but let's make folks happy:
+32767:64:1:60:M16396,S,T,N,W0:	Linux:2.4:lo0:Linux 2.4 (local)
+S8:64:1:60:M3884,S,T,N,W0:	Linux:2.2:lo0:Linux 2.2 (local)
+
+# Opera visitors:
+16384:64:1:60:M*,S,T,N,W0:	Linux:2.2:Opera:Linux 2.2 (Opera?)
+32767:64:1:60:M*,S,T,N,W0:	Linux:2.4:Opera:Linux 2.4 (Opera?)
+
+# Some fairly common mods:
+S4:64:1:52:M*,N,N,S,N,W0:	Linux:2.4:ts:Linux 2.4 w/o timestamps
+S22:64:1:52:M*,N,N,S,N,W0:	Linux:2.2:ts:Linux 2.2 w/o timestamps
+
+
+# ----------------- FreeBSD -----------------
+
+16384:64:1:44:M*:		FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
+16384:64:1:44:M*:		FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
+16384:64:1:44:M*:		FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
+16384:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
+
+1024:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.4::FreeBSD 4.4
+
+57344:64:1:44:M*:		FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
+57344:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
+
+32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
+32768:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
+65535:64:1:60:M*,N,W1,N,N,T:	FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
+
+# XXX need quirks support
+# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
+# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
+# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3)
+# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323)
+
+# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
+
+# ----------------- NetBSD ------------------
+
+16384:64:0:60:M*,N,W0,N,N,T:	NetBSD:1.3::NetBSD 1.3
+65535:64:0:60:M*,N,W0,N,N,T0:	NetBSD:1.6:opera:NetBSD 1.6 (Opera)
+16384:64:0:60:M*,N,W0,N,N,T0:	NetBSD:1.6::NetBSD 1.6
+16384:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6:df:NetBSD 1.6 (DF)
+65535:64:1:60:M*,N,W1,N,N,T0:	NetBSD:1.6::NetBSD 1.6W-current (DF)
+65535:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6::NetBSD 1.6X (DF)
+32768:64:1:60:M*,N,W0,N,N,T0:	NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization)
+
+# ----------------- OpenBSD -----------------
+
+16384:64:0:60:M*,N,W0,N,N,T:		OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
+16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
+16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
+57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
+57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
+
+65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
+
+16384:64:1:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9::OpenBSD 4.9
+16384:64:0:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
+
+16384:64:1:64:M*,N,N,S,N,W6,N,N,T:      OpenBSD:6.1::OpenBSD 6.1
+16384:64:0:64:M*,N,N,S,N,W6,N,N,T:      OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df)
+
+# ----------------- DragonFly BSD -----------------
+
+57344:64:1:60:M*,N,W0,N,N,T:		DragonFly:1.0:A:DragonFly 1.0A
+57344:64:0:64:M*,N,W0,N,N,S,N,N,T:	DragonFly:1.2-1.12::DragonFly 1.2-1.12
+5840:64:1:60:M*,S,T,N,W4:			DragonFly:2.0-2.1::DragonFly 2.0-2.1
+57344:64:0:64:M*,N,W0,N,N,S,N,N,T:	DragonFly:2.2-2.3::DragonFly 2.2-2.3
+57344:64:0:64:M*,N,W5,N,N,S,N,N,T:	DragonFly:2.4-2.7::DragonFly 2.4-2.7
+
+# ----------------- Solaris -----------------
+
+S17:64:1:64:N,W3,N,N,T0,N,N,S,M*:	Solaris:8:RFC1323:Solaris 8 RFC1323
+S17:64:1:48:N,N,S,M*:			Solaris:8::Solaris 8
+S17:255:1:44:M*:			Solaris:2.5-2.7::Solaris 2.5 to 7
+
+S6:255:1:44:M*:				Solaris:2.6-2.7::Solaris 2.6 to 7
+S23:255:1:44:M*:			Solaris:2.5:1:Solaris 2.5.1
+S34:64:1:48:M*,N,N,S:			Solaris:2.9::Solaris 9
+S44:255:1:44:M*:			Solaris:2.7::Solaris 7
+
+4096:64:0:44:M1460:			SunOS:4.1::SunOS 4.1.x
+
+S34:64:1:52:M*,N,W0,N,N,S:		Solaris:10:beta:Solaris 10 (beta)
+32850:64:1:64:M*,N,N,T,N,W1,N,N,S:	Solaris:10::Solaris 10 1203
+
+# ----------------- IRIX --------------------
+
+49152:64:0:44:M*:			IRIX:6.4::IRIX 6.4
+61440:64:0:44:M*:			IRIX:6.2-6.5::IRIX 6.2-6.5
+49152:64:0:52:M*,N,W2,N,N,S:		IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
+49152:64:0:52:M*,N,W3,N,N,S:		IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
+
+61440:64:0:48:M*,N,N,S:			IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
+49152:64:0:48:M*,N,N,S:			IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
+
+49152:60:0:64:M*,N,W2,N,N,T,N,N,S:	IRIX:6.5:IP27:IRIX 6.5 IP27
+
+
+# ----------------- Tru64 -------------------
+
+32768:64:1:48:M*,N,W0:			Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4)
+32768:64:0:48:M*,N,W0:			Tru64:5.0::Tru64 5.0
+8192:64:0:44:M1460:			Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
+61440:64:0:48:M*,N,W0:			Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
+
+# ----------------- OpenVMS -----------------
+
+6144:64:1:60:M*,N,W0,N,N,T:		OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
+
+# ----------------- MacOS -------------------
+
+# XXX Need EOL tcp opt support
+# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
+
+# XXX some of these use EOL too
+16616:255:1:48:M*,W0:			MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
+16616:255:1:48:M*,W0:			MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
+16616:255:1:48:M*,N,N,N:		MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
+32768:255:1:48:M*,W0,N:			MacOS:9.0-9.2::MacOS 9.0-9.2
+65535:255:1:48:M*,N,N,N,N:		MacOS:9.1::MacOS 9.1 (OT 2.7.4)
+
+
+# ----------------- Windows -----------------
+
+# Windows TCP/IP stack is a mess. For most recent XP, 2000 and
+# even 98, the patchlevel, not the actual OS version, is more
+# relevant to the signature. They share the same code, so it would
+# seem. Luckily for us, almost all Windows 9x boxes have an
+# awkward MSS of 536, which I use to tell one from another
+# in most difficult cases.
+
+8192:32:1:44:M*:			Windows:3.11::Windows 3.11 (Tucows)
+S44:64:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:95::Windows 95
+8192:128:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:95:b:Windows 95b
+
+# There were so many tweaking tools and so many stack versions for
+# Windows 98 it is no longer possible to tell them from each other
+# without some very serious research. Until then, there's an insane
+# number of signatures, for your amusement:
+
+S44:32:1:48:M*,N,N,S:			Windows:98:lowTTL:Windows 98 (low TTL)
+8192:32:1:48:M*,N,N,S:			Windows:98:lowTTL:Windows 98 (low TTL)
+%8192:64:1:48:M536,N,N,S:		Windows:98::Windows 98
+%8192:128:1:48:M536,N,N,S:		Windows:98::Windows 98
+S4:64:1:48:M*,N,N,S:			Windows:98::Windows 98
+S6:64:1:48:M*,N,N,S:			Windows:98::Windows 98
+S12:64:1:48:M*,N,N,S:			Windows:98::Windows 98
+T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S:	Windows:98::Windows 98
+32767:64:1:48:M*,N,N,S:			Windows:98::Windows 98
+37300:64:1:48:M*,N,N,S:			Windows:98::Windows 98
+46080:64:1:52:M*,N,W3,N,N,S:		Windows:98:RFC1323:Windows 98 (RFC1323)
+65535:64:1:44:M*:			Windows:98:noSack:Windows 98 (no sack)
+S16:128:1:48:M*,N,N,S:			Windows:98::Windows 98
+S16:128:1:64:M*,N,W0,N,N,T0,N,N,S:	Windows:98::Windows 98
+S26:128:1:48:M*,N,N,S:			Windows:98::Windows 98
+T30:128:1:48:M*,N,N,S:			Windows:98::Windows 98
+32767:128:1:52:M*,N,W0,N,N,S:		Windows:98::Windows 98
+60352:128:1:48:M*,N,N,S:		Windows:98::Windows 98
+60352:128:1:64:M*,N,W2,N,N,T0,N,N,S:	Windows:98::Windows 98
+
+# What's with 1414 on NT?
+T31:128:1:44:M1414:			Windows:NT:4.0:Windows NT 4.0 SP6a
+64512:128:1:44:M1414:			Windows:NT:4.0:Windows NT 4.0 SP6a
+8192:128:1:44:M*:			Windows:NT:4.0:Windows NT 4.0 (older)
+
+# Windows XP and 2000. Most of the signatures that were
+# either dubious or non-specific (no service pack data)
+# were deleted and replaced with generics at the end.
+
+65535:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows 2000 SP4, XP SP1
+65535:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows 2000 SP4, XP SP1
+%8192:128:1:48:M*,N,N,S:		Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
+%8192:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
+S20:128:1:48:M*,N,N,S:			Windows:2000::Windows 2000/XP SP3
+S20:128:1:48:M*,N,N,S:			Windows:XP:SP3:Windows 2000/XP SP3
+S45:128:1:48:M*,N,N,S:			Windows:2000:SP4:Windows 2000 SP4, XP SP 1
+S45:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows 2000 SP4, XP SP 1
+40320:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows 2000 SP4
+
+S6:128:1:48:M*,N,N,S:			Windows:2000:SP2:Windows XP, 2000 SP2+
+S6:128:1:48:M*,N,N,S:			Windows:XP::Windows XP, 2000 SP2+
+S12:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows XP SP1
+S44:128:1:48:M*,N,N,S:			Windows:2000:SP3:Windows Pro SP1, 2000 SP3
+S44:128:1:48:M*,N,N,S:			Windows:XP:SP1:Windows Pro SP1, 2000 SP3
+64512:128:1:48:M*,N,N,S:		Windows:2000:SP3:Windows SP1, 2000 SP3
+64512:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows SP1, 2000 SP3
+32767:128:1:48:M*,N,N,S:		Windows:2000:SP4:Windows SP1, 2000 SP4
+32767:128:1:48:M*,N,N,S:		Windows:XP:SP1:Windows SP1, 2000 SP4
+
+8192:128:1:52:M*,N,W2,N,N,S:		Windows:Vista::Windows Vista/7
+
+# Odds, ends, mods:
+
+S52:128:1:48:M1260,N,N,S:		Windows:2000:cisco:Windows XP/2000 via Cisco
+S52:128:1:48:M1260,N,N,S:		Windows:XP:cisco:Windows XP/2000 via Cisco
+65520:128:1:48:M*,N,N,S:		Windows:XP::Windows XP bare-bone
+16384:128:1:52:M536,N,W0,N,N,S:		Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm?
+2048:255:0:40:.:			Windows:.NET::Windows .NET Enterprise Server
+
+44620:64:0:48:M*,N,N,S:			Windows:ME::Windows ME no SP (?)
+S6:255:1:48:M536,N,N,S:			Windows:95:winsock2:Windows 95 winsock 2
+32768:32:1:52:M1460,N,W0,N,N,S:		Windows:2003:AS:Windows 2003 AS
+
+
+# No need to be more specific, it passes:
+# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk
+# there is an equiv similar generic sig w/o the quirk
+
+# ----------------- HP/UX -------------------
+
+32768:64:1:44:M*:			HP-UX:B.10.20::HP-UX B.10.20
+32768:64:0:48:M*,W0,N:			HP-UX:11.0::HP-UX 11.0
+32768:64:1:48:M*,W0,N:			HP-UX:11.10::HP-UX 11.0 or 11.11
+32768:64:1:48:M*,W0,N:			HP-UX:11.11::HP-UX 11.0 or 11.11
+
+# Whoa. Hardcore WSS.
+0:64:0:48:M*,W0,N:			HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
+
+# ----------------- RiscOS ------------------
+
+# We don't yet support the ?12 TCP option
+#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12:	RISCOS:3.70-4.36::RISC OS 3.70-4.36
+12288:32:0:44:M536:				RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10
+
+# XXX quirk
+# 4096:64:1:56:M1460,N,N,T:T:			RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00
+
+
+
+# ----------------- BSD/OS ------------------
+
+# Once again, power of two WSS is also shared by MacOS X with DF set
+8192:64:1:60:M1460,N,W0,N,N,T:		BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
+8192:64:1:60:M1460,N,W0,N,N,T:		BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
+
+
+# ---------------- NewtonOS -----------------
+
+4096:64:0:44:M1420:		NewtonOS:2.1::NewtonOS 2.1
+
+# ---------------- NeXTSTEP -----------------
+
+S4:64:0:44:M1024:		NeXTSTEP:3.3::NeXTSTEP 3.3
+S8:64:0:44:M512:		NeXTSTEP:3.3::NeXTSTEP 3.3
+
+# ------------------ BeOS -------------------
+
+1024:255:0:48:M*,N,W0:		BeOS:5.0-5.1::BeOS 5.0-5.1
+12288:255:0:44:M1402:		BeOS:5.0::BeOS 5.0.x
+
+# ------------------ OS/400 -----------------
+
+8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR4::OS/400 VR4/R5
+8192:64:1:60:M1440,N,W0,N,N,T:	OS/400:VR5::OS/400 VR4/R5
+4096:64:1:60:M1440,N,W0,N,N,T:	OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
+
+# XXX quirk
+# 28672:64:0:44:M1460:A:OS/390:?
+
+# ------------------ ULTRIX -----------------
+
+16384:64:0:40:.:		ULTRIX:4.5::ULTRIX 4.5
+
+# ------------------- QNX -------------------
+
+S16:64:0:44:M512:		QNX:::QNX demodisk
+
+# ------------------ Novell -----------------
+
+16384:128:1:44:M1460:		Novell:NetWare:5.0:Novel Netware 5.0
+6144:128:1:44:M1460:		Novell:IntranetWare:4.11:Novell IntranetWare 4.11
+6144:128:1:44:M1368:		Novell:BorderManager::Novell BorderManager ?
+
+6144:128:1:52:M*,W0,N,S,N,N:	Novell:Netware:6:Novell Netware 6 SP3
+
+
+# ----------------- SCO ------------------
+S3:64:1:60:M1460,N,W0,N,N,T:	SCO:UnixWare:7.1:SCO UnixWare 7.1
+S17:64:1:60:M1380,N,W0,N,N,T:	SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3
+S23:64:1:44:M1380:		SCO:OpenServer:5.0:SCO OpenServer 5.0
+
+# ------------------- DOS -------------------
+
+2048:255:0:44:M536:		DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
+T2:255:0:44:M984:		DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro)
+
+# ------------------ OS/2 -------------------
+
+S56:64:0:44:M512:		OS/2:4::OS/2 4
+28672:64:0:44:M1460:		OS/2:4::OS/2 Warp 4.0
+
+# ----------------- TOPS-20 -----------------
+
+# Another hardcore MSS, one of the ACK leakers hunted down.
+# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7
+0:64:0:44:M1460:		TOPS-20:7::TOPS-20 version 7
+
+# ----------------- FreeMiNT ----------------
+
+S44:255:0:44:M536:		FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari)
+
+# ------------------ AMIGA ------------------
+
+# XXX TCP option 12
+# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack
+
+# ------------------ Plan9 ------------------
+
+65535:255:0:48:M1460,W0,N:	Plan9:4::Plan9 edition 4
+
+# ----------------- AMIGAOS -----------------
+
+16384:64:1:48:M1560,N,N,S:	AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX
+
+###########################################
+# Appliance / embedded / other signatures #
+###########################################
+
+# ---------- Firewalls / routers ------------
+
+S12:64:1:44:M1460:			@Checkpoint:::Checkpoint (unknown 1)
+S12:64:1:48:N,N,S,M1460:		@Checkpoint:::Checkpoint (unknown 2)
+4096:32:0:44:M1460:			ExtremeWare:4.x::ExtremeWare 4.x
+
+# XXX TCP option 12
+# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3
+# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026
+
+S4:64:1:60:W0,N,S,T,M1460:		FortiNet:FortiGate:50:FortiNet FortiGate 50
+
+8192:64:1:44:M1460:			Eagle:::Eagle Secure Gateway
+
+S52:128:1:48:M1260,N,N,N,N:		LinkSys:WRV54G::LinkSys WRV54G VPN router
+
+
+
+# ------- Switches and other stuff ----------
+
+4128:255:0:44:M*:			Cisco:::Cisco Catalyst 3500, 7500 etc
+S8:255:0:44:M*:				Cisco:12008::Cisco 12008
+60352:128:1:64:M1460,N,W2,N,N,T,N,N,S:	Alteon:ACEswitch::Alteon ACEswitch
+64512:128:1:44:M1370:			Nortel:Contivity Client::Nortel Conectivity Client
+
+
+# ---------- Caches and whatnots ------------
+
+S4:64:1:52:M1460,N,N,S,N,W0:		AOL:web cache::AOL web cache
+
+32850:64:1:64:N,W1,N,N,T,N,N,S,M*:	NetApp:5.x::NetApp Data OnTap 5.x
+16384:64:1:64:M1460,N,N,S,N,W0,N:	NetApp:5.3:1:NetApp 5.3.1
+65535:64:0:64:M1460,N,N,S,N,W*,N,N,T:	NetApp:5.3-5.5::NetApp 5.3-5.5
+65535:64:0:60:M1460,N,W0,N,N,T:		NetApp:CacheFlow::NetApp CacheFlow
+8192:64:1:64:M1460,N,N,S,N,W0,N,N,T:	NetApp:5.2:1:NetApp NetCache 5.2.1
+20480:64:1:64:M1460,N,N,S,N,W0,N,N,T:	NetApp:4.1::NetApp NetCache4.1
+
+65535:64:0:60:M1460,N,W0,N,N,T:		CacheFlow:4.1::CacheFlow CacheOS 4.1
+8192:64:0:60:M1380,N,N,N,N,N,N,T:	CacheFlow:1.1::CacheFlow CacheOS 1.1
+
+S4:64:0:48:M1460,N,N,S:			Cisco:Content Engine::Cisco Content Engine
+
+27085:128:0:40:.:			Dell:PowerApp cache::Dell PowerApp (Linux-based)
+
+65535:255:1:48:N,W1,M1460:		Inktomi:crawler::Inktomi crawler
+S1:255:1:60:M1460,S,T,N,W0:		LookSmart:ZyBorg::LookSmart ZyBorg
+
+16384:255:0:40:.:			Proxyblocker:::Proxyblocker (what's this?)
+
+65535:255:0:48:M*,N,N,S:		Redline:::Redline T|X 2200
+
+32696:128:0:40:M1460:			Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine
+
+# ----------- Embedded systems --------------
+
+S9:255:0:44:M536:			PalmOS:Tungsten:C:PalmOS Tungsten C
+S5:255:0:44:M536:			PalmOS:3::PalmOS 3/4
+S5:255:0:44:M536:			PalmOS:4::PalmOS 3/4
+S4:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5
+2948:255:0:44:M536:			PalmOS:3:5:PalmOS 3.5.3 (Handera)
+S29:255:0:44:M536:			PalmOS:5::PalmOS 5.0
+16384:255:0:44:M1398:			PalmOS:5.2:Clie:PalmOS 5.2 (Clie)
+S14:255:0:44:M1350:			PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo)
+
+S23:64:1:64:N,W1,N,N,T,N,N,S,M1460:	SymbianOS:7::SymbianOS 7
+
+8192:255:0:44:M1460:			SymbianOS:6048::Symbian OS 6048 (Nokia 7650?)
+8192:255:0:44:M536:			SymbianOS:9210::Symbian OS (Nokia 9210?)
+S22:64:1:56:M1460,T,S:			SymbianOS:P800::Symbian OS ? (SE P800?)
+S36:64:1:56:M1360,T,S:			SymbianOS:6600::Symbian OS 60xx (Nokia 6600?)
+
+
+# Perhaps S4?
+5840:64:1:60:M1452,S,T,N,W1:		Zaurus:3.10::Zaurus 3.10
+
+32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S:	PocketPC:2002::PocketPC 2002
+
+S1:255:0:44:M346:			Contiki:1.1:rc0:Contiki 1.1-rc0
+
+4096:128:0:44:M1460:			Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
+T5:64:0:44:M536:			Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027)
+S22:64:1:44:M1460:			Sony:PS2::Sony Playstation 2 (SOCOM?)
+
+S12:64:0:44:M1452:			AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
+
+3100:32:1:44:M1460:			Windows:CE:2.0:Windows CE 2.0
+
+####################
+# Fancy signatures #
+####################
+
+1024:64:0:40:.:				*NMAP:syn scan:1:NMAP syn scan (1)
+2048:64:0:40:.:				*NMAP:syn scan:2:NMAP syn scan (2)
+3072:64:0:40:.:				*NMAP:syn scan:3:NMAP syn scan (3)
+4096:64:0:40:.:				*NMAP:syn scan:4:NMAP syn scan (4)
+
+# Requires quirks support
+# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1)
+# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2)
+# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3)
+# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4)
+
+1024:64:0:60:W10,N,M265,T:		*NMAP:OS:1:NMAP OS detection probe (1)
+2048:64:0:60:W10,N,M265,T:		*NMAP:OS:2:NMAP OS detection probe (2)
+3072:64:0:60:W10,N,M265,T:		*NMAP:OS:3:NMAP OS detection probe (3)
+4096:64:0:60:W10,N,M265,T:		*NMAP:OS:4:NMAP OS detection probe (4)
+
+32767:64:0:40:.:			*NAST:::NASTsyn scan
+
+# Requires quirks support
+# 12345:255:0:40:.:A:-p0f:sendsyn utility
+
+
+#####################################
+# Generic signatures - just in case #
+#####################################
+
+#*:64:1:60:M*,N,W*,N,N,T:		@FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
+#*:64:1:60:M*,N,W*,N,N,T:		@FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
+
+*:128:1:52:M*,N,W0,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W0,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W*,N,N,S:		@Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W*,N,N,S:		@Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
+*:128:1:64:M*,N,W0,N,N,T0,N,N,S:	@Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
+*:128:1:64:M*,N,W*,N,N,T0,N,N,S:	@Windows:XP:RFC1323:Windows XP (RFC1323, w+)
+*:128:1:48:M536,N,N,S:			@Windows:98::Windows 98
+*:128:1:48:M*,N,N,S:			@Windows:XP::Windows XP/2000
+*:128:1:48:M*,N,N,S:			@Windows:2000::Windows XP/2000
+
+

Property changes on: projects/clang700-import/sbin/pfctl/pf.os
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/sbin/restore/tape.c
===================================================================
--- projects/clang700-import/sbin/restore/tape.c	(revision 337646)
+++ projects/clang700-import/sbin/restore/tape.c	(revision 337647)
@@ -1,1702 +1,1702 @@
 /*-
  * SPDX-License-Identifier: BSD-3-Clause
  *
  * Copyright (c) 1983, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 
 #ifndef lint
 #if 0
 static char sccsid[] = "@(#)tape.c	8.9 (Berkeley) 5/1/95";
 #endif
 #endif /* not lint */
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
 #include <sys/file.h>
 #include <sys/mtio.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/extattr.h>
 #include <sys/acl.h>
 
 #include <ufs/ufs/extattr.h>
 #include <ufs/ufs/dinode.h>
 #include <protocols/dumprestore.h>
 
 #include <errno.h>
 #include <limits.h>
 #include <paths.h>
 #include <setjmp.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include <timeconv.h>
 #include <unistd.h>
 
 #include "restore.h"
 #include "extern.h"
 
 static long	fssize = MAXBSIZE;
 static int	mt = -1;
 static int	pipein = 0;
 static int	pipecmdin = 0;
 static FILE	*popenfp = NULL;
 static char	*magtape;
 static int	blkcnt;
 static int	numtrec;
 static char	*tapebuf;
 static union	u_spcl endoftapemark;
 static long	byteslide = 0;
 static long	blksread;		/* blocks read since last header */
 static int64_t	tapeaddr = 0;		/* current TP_BSIZE tape record */
 static long	tapesread;
 static jmp_buf	restart;
 static int	gettingfile = 0;	/* restart has a valid frame */
 static char	*host = NULL;
 static int	readmapflag;
 
 static int	ofile;
 static char	*map;
 static char	lnkbuf[MAXPATHLEN + 1];
 static int	pathlen;
 
 int		Bcvt;		/* Swap Bytes */
 int		oldinofmt;	/* FreeBSD 1 inode format needs cvt */
 
 #define	FLUSHTAPEBUF()	blkcnt = ntrec + 1
 
 char *namespace_names[] = EXTATTR_NAMESPACE_NAMES;
 
 static void	 accthdr(struct s_spcl *);
 static int	 checksum(int *);
 static void	 findinode(struct s_spcl *);
 static void	 findtapeblksize(void);
 static char	*setupextattr(int);
 static void	 xtrattr(char *, size_t);
 static void	 skiphole(void (*)(char *, size_t), size_t *);
 static int	 gethead(struct s_spcl *);
 static void	 readtape(char *);
 static void	 setdumpnum(void);
 static u_long	 swabl(u_long);
 static u_char	*swablong(u_char *, int);
 static u_char	*swabshort(u_char *, int);
 static void	 terminateinput(void);
 static void	 xtrfile(char *, size_t);
 static void	 xtrlnkfile(char *, size_t);
 static void	 xtrlnkskip(char *, size_t);
 static void	 xtrmap(char *, size_t);
 static void	 xtrmapskip(char *, size_t);
 static void	 xtrskip(char *, size_t);
 
 /*
  * Set up an input source
  */
 void
 setinput(char *source, int ispipecommand)
 {
 	FLUSHTAPEBUF();
 	if (bflag)
 		newtapebuf(ntrec);
 	else
 		newtapebuf(MAX(NTREC, HIGHDENSITYTREC));
 	terminal = stdin;
 
 	if (ispipecommand)
 		pipecmdin++;
 	else
 #ifdef RRESTORE
 	if (strchr(source, ':')) {
 		host = source;
 		source = strchr(host, ':');
 		*source++ = '\0';
 		if (rmthost(host) == 0)
 			done(1);
 	} else
 #endif
 	if (strcmp(source, "-") == 0) {
 		/*
 		 * Since input is coming from a pipe we must establish
 		 * our own connection to the terminal.
 		 */
 		terminal = fopen(_PATH_TTY, "r");
 		if (terminal == NULL) {
 			(void)fprintf(stderr, "cannot open %s: %s\n",
 			    _PATH_TTY, strerror(errno));
 			terminal = fopen(_PATH_DEVNULL, "r");
 			if (terminal == NULL) {
 				(void)fprintf(stderr, "cannot open %s: %s\n",
 				    _PATH_DEVNULL, strerror(errno));
 				done(1);
 			}
 		}
 		pipein++;
 	}
 	/* no longer need or want root privileges */
 	if (setuid(getuid()) != 0) {
 		fprintf(stderr, "setuid failed\n");
 		done(1);
 	}
 	magtape = strdup(source);
 	if (magtape == NULL) {
 		fprintf(stderr, "Cannot allocate space for magtape buffer\n");
 		done(1);
 	}
 }
 
 void
 newtapebuf(long size)
 {
 	static int tapebufsize = -1;
 
 	ntrec = size;
 	if (size <= tapebufsize)
 		return;
 	if (tapebuf != NULL)
 		free(tapebuf - TP_BSIZE);
 	tapebuf = malloc((size+1) * TP_BSIZE);
 	if (tapebuf == NULL) {
 		fprintf(stderr, "Cannot allocate space for tape buffer\n");
 		done(1);
 	}
 	tapebuf += TP_BSIZE;
 	tapebufsize = size;
 }
 
 /*
  * Verify that the tape drive can be accessed and
  * that it actually is a dump tape.
  */
 void
 setup(void)
 {
 	int i, j, *ip;
 	struct stat stbuf;
 
 	vprintf(stdout, "Verify tape and initialize maps\n");
 	if (pipecmdin) {
 		if (setenv("RESTORE_VOLUME", "1", 1) == -1) {
 			fprintf(stderr, "Cannot set $RESTORE_VOLUME: %s\n",
 			    strerror(errno));
 			done(1);
 		}
 		popenfp = popen(magtape, "r");
 		mt = popenfp ? fileno(popenfp) : -1;
 	} else
 #ifdef RRESTORE
 	if (host)
 		mt = rmtopen(magtape, 0);
 	else
 #endif
 	if (pipein)
 		mt = 0;
 	else
 		mt = open(magtape, O_RDONLY, 0);
 	if (mt < 0) {
 		fprintf(stderr, "%s: %s\n", magtape, strerror(errno));
 		done(1);
 	}
 	volno = 1;
 	setdumpnum();
 	FLUSHTAPEBUF();
 	if (!pipein && !pipecmdin && !bflag)
 		findtapeblksize();
 	if (gethead(&spcl) == FAIL) {
 		fprintf(stderr, "Tape is not a dump tape\n");
 		done(1);
 	}
 	if (pipein) {
 		endoftapemark.s_spcl.c_magic = FS_UFS2_MAGIC;
 		endoftapemark.s_spcl.c_type = TS_END;
 		ip = (int *)&endoftapemark;
 		j = sizeof(union u_spcl) / sizeof(int);
 		i = 0;
 		do
 			i += *ip++;
 		while (--j);
 		endoftapemark.s_spcl.c_checksum = CHECKSUM - i;
 	}
 	if (vflag || command == 't')
 		printdumpinfo();
 	dumptime = _time64_to_time(spcl.c_ddate);
 	dumpdate = _time64_to_time(spcl.c_date);
 	if (stat(".", &stbuf) < 0) {
 		fprintf(stderr, "cannot stat .: %s\n", strerror(errno));
 		done(1);
 	}
 	if (stbuf.st_blksize > 0 && stbuf.st_blksize < TP_BSIZE )
 		fssize = TP_BSIZE;
 	if (stbuf.st_blksize >= TP_BSIZE && stbuf.st_blksize <= MAXBSIZE)
 		fssize = stbuf.st_blksize;
 	if (((TP_BSIZE - 1) & stbuf.st_blksize) != 0) {
 		fprintf(stderr, "Warning: filesystem with non-multiple-of-%d "
 		    "blocksize (%d);\n", TP_BSIZE, stbuf.st_blksize);
 		fssize = roundup(fssize, TP_BSIZE);
 		fprintf(stderr, "\twriting using blocksize %ld\n", fssize);
 	}
 	if (spcl.c_volume != 1) {
 		fprintf(stderr, "Tape is not volume 1 of the dump\n");
 		done(1);
 	}
 	if (gethead(&spcl) == FAIL) {
 		dprintf(stdout, "header read failed at %ld blocks\n", blksread);
 		panic("no header after volume mark!\n");
 	}
 	findinode(&spcl);
 	if (spcl.c_type != TS_CLRI) {
 		fprintf(stderr, "Cannot find file removal list\n");
 		done(1);
 	}
 	maxino = (spcl.c_count * TP_BSIZE * NBBY) + 1;
 	dprintf(stdout, "maxino = %ju\n", (uintmax_t)maxino);
 	map = calloc((unsigned)1, (unsigned)howmany(maxino, NBBY));
 	if (map == NULL)
 		panic("no memory for active inode map\n");
 	usedinomap = map;
 	curfile.action = USING;
 	getfile(xtrmap, xtrmapskip, xtrmapskip);
 	if (spcl.c_type != TS_BITS) {
 		fprintf(stderr, "Cannot find file dump list\n");
 		done(1);
 	}
 	map = calloc((unsigned)1, (unsigned)howmany(maxino, NBBY));
 	if (map == (char *)NULL)
 		panic("no memory for file dump list\n");
 	dumpmap = map;
 	curfile.action = USING;
 	getfile(xtrmap, xtrmapskip, xtrmapskip);
 	/*
 	 * If there may be whiteout entries on the tape, pretend that the
 	 * whiteout inode exists, so that the whiteout entries can be
 	 * extracted.
 	 */
 	SETINO(UFS_WINO, dumpmap);
 	/* 'r' restores don't call getvol() for tape 1, so mark it as read. */
 	if (command == 'r')
 		tapesread = 1;
 }
 
 /*
  * Prompt user to load a new dump volume.
  * "Nextvol" is the next suggested volume to use.
  * This suggested volume is enforced when doing full
  * or incremental restores, but can be overridden by
  * the user when only extracting a subset of the files.
  */
 void
 getvol(long nextvol)
 {
 	int64_t prevtapea;
 	long i, newvol, savecnt;
 	union u_spcl tmpspcl;
 #	define tmpbuf tmpspcl.s_spcl
 	char buf[TP_BSIZE];
 
 	if (nextvol == 1) {
 		tapesread = 0;
 		gettingfile = 0;
 	}
 	prevtapea = tapeaddr;
 	savecnt = blksread;
 	if (pipein) {
 		if (nextvol != 1) {
 			panic("Changing volumes on pipe input?\n");
 			/* Avoid looping if we couldn't ask the user. */
 			if (yflag || ferror(terminal) || feof(terminal))
 				done(1);
 		}
 		if (volno == 1)
 			return;
 		newvol = 0;
 		goto gethdr;
 	}
 again:
 	if (pipein)
 		done(1); /* pipes do not get a second chance */
 	if (command == 'R' || command == 'r' || curfile.action != SKIP)
 		newvol = nextvol;
 	else
 		newvol = 0;
 	while (newvol <= 0) {
 		if (tapesread == 0) {
 			fprintf(stderr, "%s%s%s%s%s%s%s",
 			    "You have not read any tapes yet.\n",
 			    "If you are extracting just a few files,",
 			    " start with the last volume\n",
 			    "and work towards the first; restore",
 			    " can quickly skip tapes that\n",
 			    "have no further files to extract.",
 			    " Otherwise, begin with volume 1.\n");
 		} else {
 			fprintf(stderr, "You have read volumes");
 			strcpy(buf, ": ");
 			for (i = 0; i < 32; i++)
 				if (tapesread & (1 << i)) {
 					fprintf(stderr, "%s%ld", buf, i + 1);
 					strcpy(buf, ", ");
 				}
 			fprintf(stderr, "\n");
 		}
 		do	{
 			fprintf(stderr, "Specify next volume #: ");
 			(void) fflush(stderr);
 			if (fgets(buf, BUFSIZ, terminal) == NULL)
 				done(1);
 		} while (buf[0] == '\n');
 		newvol = atoi(buf);
 		if (newvol <= 0) {
 			fprintf(stderr,
 			    "Volume numbers are positive numerics\n");
 		}
 	}
 	if (newvol == volno) {
 		tapesread |= 1 << (volno - 1);
 		return;
 	}
 	closemt();
 	fprintf(stderr, "Mount tape volume %ld\n", newvol);
 	fprintf(stderr, "Enter ``none'' if there are no more tapes\n");
 	fprintf(stderr, "otherwise enter tape name (default: %s) ", magtape);
 	(void) fflush(stderr);
 	if (fgets(buf, BUFSIZ, terminal) == NULL)
 		done(1);
 	if (!strcmp(buf, "none\n")) {
 		terminateinput();
 		return;
 	}
 	if (buf[0] != '\n') {
 		(void) strcpy(magtape, buf);
 		magtape[strlen(magtape) - 1] = '\0';
 	}
 	if (pipecmdin) {
 		char volno[sizeof("2147483647")];
 
 		(void)sprintf(volno, "%ld", newvol);
 		if (setenv("RESTORE_VOLUME", volno, 1) == -1) {
 			fprintf(stderr, "Cannot set $RESTORE_VOLUME: %s\n",
 			    strerror(errno));
 			done(1);
 		}
 		popenfp = popen(magtape, "r");
 		mt = popenfp ? fileno(popenfp) : -1;
 	} else
 #ifdef RRESTORE
 	if (host)
 		mt = rmtopen(magtape, 0);
 	else
 #endif
 		mt = open(magtape, O_RDONLY, 0);
 
 	if (mt == -1) {
 		fprintf(stderr, "Cannot open %s\n", magtape);
 		volno = -1;
 		goto again;
 	}
 gethdr:
 	volno = newvol;
 	setdumpnum();
 	FLUSHTAPEBUF();
 	if (gethead(&tmpbuf) == FAIL) {
 		dprintf(stdout, "header read failed at %ld blocks\n", blksread);
 		fprintf(stderr, "tape is not dump tape\n");
 		volno = 0;
 		goto again;
 	}
 	if (tmpbuf.c_volume != volno) {
 		fprintf(stderr, "Wrong volume (%jd)\n",
 		    (intmax_t)tmpbuf.c_volume);
 		volno = 0;
 		goto again;
 	}
 	if (_time64_to_time(tmpbuf.c_date) != dumpdate ||
 	    _time64_to_time(tmpbuf.c_ddate) != dumptime) {
 		time_t t = _time64_to_time(tmpbuf.c_date);
 		fprintf(stderr, "Wrong dump date\n\tgot: %s", ctime(&t));
 		fprintf(stderr, "\twanted: %s", ctime(&dumpdate));
 		volno = 0;
 		goto again;
 	}
 	tapesread |= 1 << (volno - 1);
 	blksread = savecnt;
  	/*
  	 * If continuing from the previous volume, skip over any
  	 * blocks read already at the end of the previous volume.
  	 *
  	 * If coming to this volume at random, skip to the beginning
  	 * of the next record.
  	 */
 	dprintf(stdout, "last rec %jd, tape starts with %jd\n",
 	    (intmax_t)prevtapea, (intmax_t)tmpbuf.c_tapea);
  	if (tmpbuf.c_type == TS_TAPE) {
  		if (curfile.action != USING) {
 			/*
 			 * XXX Dump incorrectly sets c_count to 1 in the
 			 * volume header of the first tape, so ignore
 			 * c_count when volno == 1.
 			 */
 			if (volno != 1)
 				for (i = tmpbuf.c_count; i > 0; i--)
 					readtape(buf);
  		} else if (tmpbuf.c_tapea <= prevtapea) {
 			/*
 			 * Normally the value of c_tapea in the volume
 			 * header is the record number of the header itself.
 			 * However in the volume header following an EOT-
 			 * terminated tape, it is the record number of the
 			 * first continuation data block (dump bug?).
 			 *
 			 * The next record we want is `prevtapea + 1'.
 			 */
  			i = prevtapea + 1 - tmpbuf.c_tapea;
 			dprintf(stderr, "Skipping %ld duplicate record%s.\n",
 				i, i > 1 ? "s" : "");
  			while (--i >= 0)
  				readtape(buf);
  		}
  	}
 	if (curfile.action == USING) {
 		if (volno == 1)
 			panic("active file into volume 1\n");
 		return;
 	}
 	(void) gethead(&spcl);
 	findinode(&spcl);
 	if (gettingfile) {
 		gettingfile = 0;
 		longjmp(restart, 1);
 	}
 }
 
 /*
  * Handle unexpected EOF.
  */
 static void
 terminateinput(void)
 {
 
 	if (gettingfile && curfile.action == USING) {
 		printf("Warning: %s %s\n",
 		    "End-of-input encountered while extracting", curfile.name);
 	}
 	curfile.name = "<name unknown>";
 	curfile.action = UNKNOWN;
 	curfile.mode = 0;
 	curfile.ino = maxino;
 	if (gettingfile) {
 		gettingfile = 0;
 		longjmp(restart, 1);
 	}
 }
 
 /*
  * handle multiple dumps per tape by skipping forward to the
  * appropriate one.
  */
 static void
 setdumpnum(void)
 {
 	struct mtop tcom;
 
 	if (dumpnum == 1 || volno != 1)
 		return;
 	if (pipein) {
 		fprintf(stderr, "Cannot have multiple dumps on pipe input\n");
 		done(1);
 	}
 	tcom.mt_op = MTFSF;
 	tcom.mt_count = dumpnum - 1;
 #ifdef RRESTORE
 	if (host)
 		rmtioctl(MTFSF, dumpnum - 1);
 	else
 #endif
 		if (!pipecmdin && ioctl(mt, MTIOCTOP, (char *)&tcom) < 0)
 			fprintf(stderr, "ioctl MTFSF: %s\n", strerror(errno));
 }
 
 void
 printdumpinfo(void)
 {
 	time_t t;
 	t = _time64_to_time(spcl.c_date);
 	fprintf(stdout, "Dump   date: %s", ctime(&t));
 	t = _time64_to_time(spcl.c_ddate);
 	fprintf(stdout, "Dumped from: %s",
 	    (spcl.c_ddate == 0) ? "the epoch\n" : ctime(&t));
 	if (spcl.c_host[0] == '\0')
 		return;
 	fprintf(stderr, "Level %jd dump of %s on %s:%s\n",
 	    (intmax_t)spcl.c_level, spcl.c_filesys, spcl.c_host, spcl.c_dev);
 	fprintf(stderr, "Label: %s\n", spcl.c_label);
 }
 
 int
 extractfile(char *name)
 {
 	u_int flags;
 	uid_t uid;
 	gid_t gid;
 	mode_t mode;
 	int extsize;
 	struct timespec mtimep[2], ctimep[2];
 	struct entry *ep;
 	char *buf;
 
 	curfile.name = name;
 	curfile.action = USING;
 	mtimep[0].tv_sec = curfile.atime_sec;
 	mtimep[0].tv_nsec = curfile.atime_nsec;
 	mtimep[1].tv_sec = curfile.mtime_sec;
 	mtimep[1].tv_nsec = curfile.mtime_nsec;
 	ctimep[0].tv_sec = curfile.atime_sec;
 	ctimep[0].tv_nsec = curfile.atime_nsec;
 	ctimep[1].tv_sec = curfile.birthtime_sec;
 	ctimep[1].tv_nsec = curfile.birthtime_nsec;
 	extsize = curfile.extsize;
 	uid = getuid();
 	if (uid == 0)
 		uid = curfile.uid;
 	gid = curfile.gid;
 	mode = curfile.mode;
 	flags = curfile.file_flags;
 	switch (mode & IFMT) {
 
 	default:
 		fprintf(stderr, "%s: unknown file mode 0%o\n", name, mode);
 		skipfile();
 		return (FAIL);
 
 	case IFSOCK:
 		vprintf(stdout, "skipped socket %s\n", name);
 		skipfile();
 		return (GOOD);
 
 	case IFDIR:
 		if (mflag) {
 			ep = lookupname(name);
 			if (ep == NULL || ep->e_flags & EXTRACT)
 				panic("unextracted directory %s\n", name);
 			skipfile();
 			return (GOOD);
 		}
 		vprintf(stdout, "extract file %s\n", name);
 		return (genliteraldir(name, curfile.ino));
 
 	case IFLNK:
 		lnkbuf[0] = '\0';
 		pathlen = 0;
 		buf = setupextattr(extsize);
 		getfile(xtrlnkfile, xtrattr, xtrlnkskip);
 		if (pathlen == 0) {
 			vprintf(stdout,
 			    "%s: zero length symbolic link (ignored)\n", name);
 			return (GOOD);
 		}
 		if (linkit(lnkbuf, name, SYMLINK) == GOOD) {
 			if (extsize > 0)
 				set_extattr(-1, name, buf, extsize, SXA_LINK);
 			(void) lchown(name, uid, gid);
 			(void) lchmod(name, mode);
 			(void) utimensat(AT_FDCWD, name, ctimep,
 			    AT_SYMLINK_NOFOLLOW);
 			(void) utimensat(AT_FDCWD, name, mtimep,
 			    AT_SYMLINK_NOFOLLOW);
 			(void) lchflags(name, flags);
 			return (GOOD);
 		}
 		return (FAIL);
 
 	case IFIFO:
 		vprintf(stdout, "extract fifo %s\n", name);
 		if (Nflag) {
 			skipfile();
 			return (GOOD);
 		}
 		if (uflag)
 			(void) unlink(name);
 		if (mkfifo(name, 0600) < 0) {
 			fprintf(stderr, "%s: cannot create fifo: %s\n",
 			    name, strerror(errno));
 			skipfile();
 			return (FAIL);
 		}
 		if (extsize == 0) {
 			skipfile();
 		} else {
 			buf = setupextattr(extsize);
 			getfile(xtrnull, xtrattr, xtrnull);
 			set_extattr(-1, name, buf, extsize, SXA_FILE);
 		}
 		(void) chown(name, uid, gid);
 		(void) chmod(name, mode);
 		(void) utimensat(AT_FDCWD, name, ctimep, 0);
 		(void) utimensat(AT_FDCWD, name, mtimep, 0);
 		(void) chflags(name, flags);
 		return (GOOD);
 
 	case IFCHR:
 	case IFBLK:
 		vprintf(stdout, "extract special file %s\n", name);
 		if (Nflag) {
 			skipfile();
 			return (GOOD);
 		}
 		if (uflag)
 			(void) unlink(name);
 		if (mknod(name, (mode & (IFCHR | IFBLK)) | 0600,
 		    (int)curfile.rdev) < 0) {
 			fprintf(stderr, "%s: cannot create special file: %s\n",
 			    name, strerror(errno));
 			skipfile();
 			return (FAIL);
 		}
 		if (extsize == 0) {
 			skipfile();
 		} else {
 			buf = setupextattr(extsize);
 			getfile(xtrnull, xtrattr, xtrnull);
 			set_extattr(-1, name, buf, extsize, SXA_FILE);
 		}
 		(void) chown(name, uid, gid);
 		(void) chmod(name, mode);
 		(void) utimensat(AT_FDCWD, name, ctimep, 0);
 		(void) utimensat(AT_FDCWD, name, mtimep, 0);
 		(void) chflags(name, flags);
 		return (GOOD);
 
 	case IFREG:
 		vprintf(stdout, "extract file %s\n", name);
 		if (Nflag) {
 			skipfile();
 			return (GOOD);
 		}
 		if (uflag)
 			(void) unlink(name);
 		if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC,
 		    0600)) < 0) {
 			fprintf(stderr, "%s: cannot create file: %s\n",
 			    name, strerror(errno));
 			skipfile();
 			return (FAIL);
 		}
 		buf = setupextattr(extsize);
 		getfile(xtrfile, xtrattr, xtrskip);
 		if (extsize > 0)
 			set_extattr(ofile, name, buf, extsize, SXA_FD);
 		(void) fchown(ofile, uid, gid);
 		(void) fchmod(ofile, mode);
 		(void) futimens(ofile, ctimep);
 		(void) futimens(ofile, mtimep);
 		(void) fchflags(ofile, flags);
 		(void) close(ofile);
 		return (GOOD);
 	}
 	/* NOTREACHED */
 }
 
 /*
  * Set attributes on a file descriptor, link, or file.
  */
 void
 set_extattr(int fd, char *name, void *buf, int size, enum set_extattr_mode mode)
 {
 	struct extattr *eap, *eaend;
 	const char *method;
 	ssize_t res;
 	int error;
 	char eaname[EXTATTR_MAXNAMELEN + 1];
 
 	vprintf(stdout, "Set attributes for %s:", name);
 	eaend = buf + size;
 	for (eap = buf; eap < eaend; eap = EXTATTR_NEXT(eap)) {
 		/*
 		 * Make sure this entry is complete.
 		 */
 		if (EXTATTR_NEXT(eap) > eaend || eap->ea_length <= 0) {
 			dprintf(stdout, "\n\t%scorrupted",
 				eap == buf ? "" : "remainder ");
 			break;
 		}
 		if (eap->ea_namespace == EXTATTR_NAMESPACE_EMPTY)
 			continue;
 		snprintf(eaname, sizeof(eaname), "%.*s",
 		    (int)eap->ea_namelength, eap->ea_name);
 		vprintf(stdout, "\n\t%s, (%d bytes), %s",
 			namespace_names[eap->ea_namespace], eap->ea_length,
 			eaname);
 		/*
 		 * First we try the general attribute setting interface.
 		 * However, some attributes can only be set by root or
 		 * by using special interfaces (for example, ACLs).
 		 */
 		if (mode == SXA_FD) {
 			res = extattr_set_fd(fd, eap->ea_namespace,
 			    eaname, EXTATTR_CONTENT(eap),
 			    EXTATTR_CONTENT_SIZE(eap));
 			method = "extattr_set_fd";
 		} else if (mode == SXA_LINK) {
 			res = extattr_set_link(name, eap->ea_namespace,
 			    eaname, EXTATTR_CONTENT(eap),
 			    EXTATTR_CONTENT_SIZE(eap));
 			method = "extattr_set_link";
 		} else if (mode == SXA_FILE) {
 			res = extattr_set_file(name, eap->ea_namespace,
 			    eaname, EXTATTR_CONTENT(eap),
 			    EXTATTR_CONTENT_SIZE(eap));
 			method = "extattr_set_file";
 		}
 		if (res != -1) {
 			dprintf(stdout, " (set using %s)", method);
 			continue;
 		}
 		/*
 		 * If the general interface refuses to set the attribute,
 		 * then we try all the specialized interfaces that we
 		 * know about.
 		 */
 		if (eap->ea_namespace == EXTATTR_NAMESPACE_SYSTEM &&
 		    strcmp(eaname, POSIX1E_ACL_ACCESS_EXTATTR_NAME) == 0) {
 			if (mode == SXA_FD) {
 				error = acl_set_fd(fd, EXTATTR_CONTENT(eap));
 				method = "acl_set_fd";
 			} else if (mode == SXA_LINK) {
 				error = acl_set_link_np(name, ACL_TYPE_ACCESS,
 				    EXTATTR_CONTENT(eap));
 				method = "acl_set_link_np";
 			} else if (mode == SXA_FILE) {
 				error = acl_set_file(name, ACL_TYPE_ACCESS,
 				    EXTATTR_CONTENT(eap));
 				method = "acl_set_file";
 			}
 			if (error != -1) {
 				dprintf(stdout, " (set using %s)", method);
 				continue;
 			}
 		}
 		if (eap->ea_namespace == EXTATTR_NAMESPACE_SYSTEM &&
 		    strcmp(eaname, POSIX1E_ACL_DEFAULT_EXTATTR_NAME) == 0) {
 			if (mode == SXA_LINK) {
 				error = acl_set_link_np(name, ACL_TYPE_DEFAULT,
 				    EXTATTR_CONTENT(eap));
 				method = "acl_set_link_np";
 			} else {
 				error = acl_set_file(name, ACL_TYPE_DEFAULT,
 				    EXTATTR_CONTENT(eap));
 				method = "acl_set_file";
 			}
 			if (error != -1) {
 				dprintf(stdout, " (set using %s)", method);
 				continue;
 			}
 		}
 		vprintf(stdout, " (unable to set)");
 	}
 	vprintf(stdout, "\n");
 }
 
 /*
  * skip over bit maps on the tape
  */
 void
 skipmaps(void)
 {
 
 	while (spcl.c_type == TS_BITS || spcl.c_type == TS_CLRI)
 		skipfile();
 }
 
 /*
  * skip over a file on the tape
  */
 void
 skipfile(void)
 {
 
 	curfile.action = SKIP;
 	getfile(xtrnull, xtrnull, xtrnull);
 }
 
 /*
  * Skip a hole in an output file
  */
 static void
 skiphole(void (*skip)(char *, size_t), size_t *seekpos)
 {
 	char buf[MAXBSIZE];
 
 	if (*seekpos > 0) {
 		(*skip)(buf, *seekpos);
 		*seekpos = 0;
 	}
 }
 
 /*
  * Extract a file from the tape.
  * When an allocated block is found it is passed to the fill function;
  * when an unallocated block (hole) is found, a zeroed buffer is passed
  * to the skip function.
  */
 void
 getfile(void (*datafill)(char *, size_t), void (*attrfill)(char *, size_t),
 	void (*skip)(char *, size_t))
 {
 	int i;
 	volatile off_t size;
 	size_t seekpos;
 	int curblk, attrsize;
 	void (*fillit)(char *, size_t);
 	char buf[MAXBSIZE / TP_BSIZE][TP_BSIZE];
 	char junk[TP_BSIZE];
 
 	curblk = 0;
 	size = spcl.c_size;
 	seekpos = 0;
 	attrsize = spcl.c_extsize;
 	if (spcl.c_type == TS_END)
 		panic("ran off end of tape\n");
 	if (spcl.c_magic != FS_UFS2_MAGIC)
 		panic("not at beginning of a file\n");
 	if (!gettingfile && setjmp(restart) != 0)
 		return;
 	gettingfile++;
 	fillit = datafill;
 	if (size == 0 && attrsize > 0) {
 		fillit = attrfill;
 		size = attrsize;
 		attrsize = 0;
 	}
 loop:
 	for (i = 0; i < spcl.c_count; i++) {
 		if (!readmapflag && i > TP_NINDIR) {
 			if (Dflag) {
 				fprintf(stderr, "spcl.c_count = %jd\n",
 				    (intmax_t)spcl.c_count);
 				break;
 			} else
 				panic("spcl.c_count = %jd\n",
 				    (intmax_t)spcl.c_count);
 		}
 		if (readmapflag || spcl.c_addr[i]) {
 			readtape(&buf[curblk++][0]);
 			if (curblk == fssize / TP_BSIZE) {
 				skiphole(skip, &seekpos);
 				(*fillit)((char *)buf, (long)(size > TP_BSIZE ?
 				     fssize : (curblk - 1) * TP_BSIZE + size));
 				curblk = 0;
 			}
 		} else {
 			if (curblk > 0) {
 				skiphole(skip, &seekpos);
 				(*fillit)((char *)buf, (long)(size > TP_BSIZE ?
 				     curblk * TP_BSIZE :
 				     (curblk - 1) * TP_BSIZE + size));
 				curblk = 0;
 			}
 			/*
 			 * We have a block of a hole. Don't skip it
 			 * now, because there may be next adjacent
 			 * block of the hole in the file. Postpone the
 			 * seek until next file write.
 			 */
 			seekpos += (long)MIN(TP_BSIZE, size);
 		}
 		if ((size -= TP_BSIZE) <= 0) {
 			if (size > -TP_BSIZE && curblk > 0) {
 				skiphole(skip, &seekpos);
 				(*fillit)((char *)buf,
 					(long)((curblk * TP_BSIZE) + size));
 				curblk = 0;
 			}
 			if (attrsize > 0) {
 				fillit = attrfill;
 				size = attrsize;
 				attrsize = 0;
 				continue;
 			}
 			if (spcl.c_count - i > 1)
 				dprintf(stdout, "skipping %d junk block(s)\n",
 					spcl.c_count - i - 1);
 			for (i++; i < spcl.c_count; i++) {
 				if (!readmapflag && i > TP_NINDIR) {
 					if (Dflag) {
 						fprintf(stderr,
 						    "spcl.c_count = %jd\n",
 						    (intmax_t)spcl.c_count);
 						break;
 					} else 
 						panic("spcl.c_count = %jd\n",
 						    (intmax_t)spcl.c_count);
 				}
 				if (readmapflag || spcl.c_addr[i])
 					readtape(junk);
 			}
 			break;
 		}
 	}
 	if (gethead(&spcl) == GOOD && size > 0) {
 		if (spcl.c_type == TS_ADDR)
 			goto loop;
 		dprintf(stdout,
 			"Missing address (header) block for %s at %ld blocks\n",
 			curfile.name, blksread);
 	}
 	if (curblk > 0)
 		panic("getfile: lost data\n");
 	findinode(&spcl);
 	gettingfile = 0;
 }
 
 /*
  * These variables are shared between the next two functions.
  */
 static int extbufsize = 0;
 static char *extbuf;
 static int extloc;
 
 /*
  * Allocate a buffer into which to extract extended attributes.
  */
 static char *
 setupextattr(int extsize)
 {
 
 	extloc = 0;
 	if (extsize <= extbufsize)
 		return (extbuf);
 	if (extbufsize > 0)
 		free(extbuf);
 	if ((extbuf = malloc(extsize)) != NULL) {
 		extbufsize = extsize;
 		return (extbuf);
 	}
 	extbufsize = 0;
 	extbuf = NULL;
 	fprintf(stderr, "Cannot extract %d bytes %s for inode %ju, name %s\n",
 	    extsize, "of extended attributes", (uintmax_t)curfile.ino,
 	    curfile.name);
 	return (NULL);
 }
 
 /*
  * Extract the next block of extended attributes.
  */
 static void
 xtrattr(char *buf, size_t size)
 {
 
 	if (extloc + size > extbufsize)
 		panic("overrun attribute buffer\n");
 	memmove(&extbuf[extloc], buf, size);
 	extloc += size;
 }
 
 /*
  * Write out the next block of a file.
  */
 static void
 xtrfile(char *buf, size_t size)
 {
 
 	if (Nflag)
 		return;
 	if (write(ofile, buf, (int) size) == -1) {
 		fprintf(stderr,
 		    "write error extracting inode %ju, name %s\nwrite: %s\n",
 		    (uintmax_t)curfile.ino, curfile.name, strerror(errno));
 	}
 }
 
 /*
  * Skip over a hole in a file.
  */
 /* ARGSUSED */
 static void
 xtrskip(char *buf, size_t size)
 {
 
 	if (lseek(ofile, size, SEEK_CUR) == -1) {
 		fprintf(stderr,
 		    "seek error extracting inode %ju, name %s\nlseek: %s\n",
 		    (uintmax_t)curfile.ino, curfile.name, strerror(errno));
 		done(1);
 	}
 }
 
 /*
  * Collect the next block of a symbolic link.
  */
 static void
 xtrlnkfile(char *buf, size_t size)
 {
 
 	pathlen += size;
 	if (pathlen > MAXPATHLEN) {
 		fprintf(stderr, "symbolic link name: %s->%s%s; too long %d\n",
 		    curfile.name, lnkbuf, buf, pathlen);
 		done(1);
 	}
 	(void) strcat(lnkbuf, buf);
 }
 
 /*
  * Skip over a hole in a symbolic link (should never happen).
  */
 /* ARGSUSED */
 static void
 xtrlnkskip(char *buf, size_t size)
 {
 
 	fprintf(stderr, "unallocated block in symbolic link %s\n",
 		curfile.name);
 	done(1);
 }
 
 /*
  * Collect the next block of a bit map.
  */
 static void
 xtrmap(char *buf, size_t size)
 {
 
 	memmove(map, buf, size);
 	map += size;
 }
 
 /*
  * Skip over a hole in a bit map (should never happen).
  */
 /* ARGSUSED */
 static void
 xtrmapskip(char *buf, size_t size)
 {
 
 	panic("hole in map\n");
 	map += size;
 }
 
 /*
  * Noop, when an extraction function is not needed.
  */
 /* ARGSUSED */
 void
 xtrnull(char *buf, size_t size)
 {
 
 	return;
 }
 
 /*
  * Read TP_BSIZE blocks from the input.
  * Handle read errors, and end of media.
  */
 static void
 readtape(char *buf)
 {
 	long rd, newvol, i, oldnumtrec;
 	int cnt, seek_failed;
 
 	if (blkcnt + (byteslide > 0) < numtrec) {
 		memmove(buf, &tapebuf[(blkcnt++ * TP_BSIZE) + byteslide], (long)TP_BSIZE);
 		blksread++;
 		tapeaddr++;
 		return;
 	}
 	if (numtrec > 0)
 		memmove(&tapebuf[-TP_BSIZE],
 		    &tapebuf[(numtrec-1) * TP_BSIZE], (long)TP_BSIZE);
 	oldnumtrec = numtrec;
 	for (i = 0; i < ntrec; i++)
 		((struct s_spcl *)&tapebuf[i * TP_BSIZE])->c_magic = 0;
 	if (numtrec == 0)
 		numtrec = ntrec;
 	cnt = ntrec * TP_BSIZE;
 	rd = 0;
 getmore:
 #ifdef RRESTORE
 	if (host)
 		i = rmtread(&tapebuf[rd], cnt);
 	else
 #endif
 		i = read(mt, &tapebuf[rd], cnt);
 	/*
 	 * Check for mid-tape short read error.
 	 * If found, skip rest of buffer and start with the next.
 	 */
 	if (!pipein && !pipecmdin && numtrec < ntrec && i > 0) {
 		dprintf(stdout, "mid-media short read error.\n");
 		numtrec = ntrec;
 	}
 	/*
 	 * Handle partial block read.
 	 */
 	if ((pipein || pipecmdin) && i == 0 && rd > 0)
 		i = rd;
 	else if (i > 0 && i != ntrec * TP_BSIZE) {
 		if (pipein || pipecmdin) {
 			rd += i;
 			cnt -= i;
 			if (cnt > 0)
 				goto getmore;
 			i = rd;
 		} else {
 			/*
 			 * Short read. Process the blocks read.
 			 */
 			if (i % TP_BSIZE != 0)
 				vprintf(stdout,
 				    "partial block read: %ld should be %ld\n",
 				    i, ntrec * TP_BSIZE);
 			numtrec = i / TP_BSIZE;
 		}
 	}
 	/*
 	 * Handle read error.
 	 */
 	if (i < 0) {
 		fprintf(stderr, "Tape read error while ");
 		switch (curfile.action) {
 		default:
 			fprintf(stderr, "trying to set up tape\n");
 			break;
 		case UNKNOWN:
 			fprintf(stderr, "trying to resynchronize\n");
 			break;
 		case USING:
 			fprintf(stderr, "restoring %s\n", curfile.name);
 			break;
 		case SKIP:
 			fprintf(stderr, "skipping over inode %ju\n",
 			    (uintmax_t)curfile.ino);
 			break;
 		}
 		if (!yflag && !reply("continue"))
 			done(1);
 		i = ntrec * TP_BSIZE;
 		memset(tapebuf, 0, i);
 #ifdef RRESTORE
 		if (host)
 			seek_failed = (rmtseek(i, 1) < 0);
 		else
 #endif
 			seek_failed = (lseek(mt, i, SEEK_CUR) == (off_t)-1);
 
 		if (seek_failed) {
 			fprintf(stderr,
 			    "continuation failed: %s\n", strerror(errno));
 			done(1);
 		}
 	}
 	/*
 	 * Handle end of tape.
 	 */
 	if (i == 0) {
 		vprintf(stdout, "End-of-tape encountered\n");
 		if (!pipein) {
 			newvol = volno + 1;
 			volno = 0;
 			numtrec = 0;
 			getvol(newvol);
 			readtape(buf);
 			return;
 		}
 		if (rd % TP_BSIZE != 0)
 			panic("partial block read: %ld should be %ld\n",
 				rd, ntrec * TP_BSIZE);
 		terminateinput();
 		memmove(&tapebuf[rd], &endoftapemark, (long)TP_BSIZE);
 	}
 	if (oldnumtrec == 0)
 		blkcnt = 0;
 	else
 		blkcnt -= oldnumtrec;
 	memmove(buf,
 	    &tapebuf[(blkcnt++ * TP_BSIZE) + byteslide], (long)TP_BSIZE);
 	blksread++;
 	tapeaddr++;
 }
 
 static void
 findtapeblksize(void)
 {
 	long i;
 
 	for (i = 0; i < ntrec; i++)
 		((struct s_spcl *)&tapebuf[i * TP_BSIZE])->c_magic = 0;
 	blkcnt = 0;
 #ifdef RRESTORE
 	if (host)
 		i = rmtread(tapebuf, ntrec * TP_BSIZE);
 	else
 #endif
 		i = read(mt, tapebuf, ntrec * TP_BSIZE);
 
 	if (i <= 0) {
 		fprintf(stderr, "tape read error: %s\n", strerror(errno));
 		done(1);
 	}
 	if (i % TP_BSIZE != 0) {
 		fprintf(stderr, "Tape block size (%ld) %s (%d)\n",
 			i, "is not a multiple of dump block size", TP_BSIZE);
 		done(1);
 	}
 	ntrec = i / TP_BSIZE;
 	numtrec = ntrec;
 	vprintf(stdout, "Tape block size is %ld\n", ntrec);
 }
 
 void
 closemt(void)
 {
 
 	if (mt < 0)
 		return;
 	if (pipecmdin) {
 		pclose(popenfp);
 		popenfp = NULL;
 	} else
 #ifdef RRESTORE
 	if (host)
 		rmtclose();
 	else
 #endif
 		(void) close(mt);
 }
 
 /*
  * Read the next block from the tape.
  * If it is not any valid header, return an error.
  */
 static int
 gethead(struct s_spcl *buf)
 {
 	long i;
 
 	readtape((char *)buf);
 	if (buf->c_magic != FS_UFS2_MAGIC && buf->c_magic != NFS_MAGIC) {
 		if (buf->c_magic == OFS_MAGIC) {
 			fprintf(stderr,
 			    "Format of dump tape is too old. Must use\n");
 			fprintf(stderr,
 			    "a version of restore from before 2002.\n");
 			return (FAIL);
 		}
 		if (swabl(buf->c_magic) != FS_UFS2_MAGIC &&
-		    buf->c_magic != NFS_MAGIC) {
-			if (buf->c_magic == OFS_MAGIC) {
+		    swabl(buf->c_magic) != NFS_MAGIC) {
+			if (swabl(buf->c_magic) == OFS_MAGIC) {
 				fprintf(stderr,
 				  "Format of dump tape is too old. Must use\n");
 				fprintf(stderr,
 				  "a version of restore from before 2002.\n");
 			}
 			return (FAIL);
 		}
 		if (!Bcvt) {
 			vprintf(stdout, "Note: Doing Byte swapping\n");
 			Bcvt = 1;
 		}
 	}
 	if (checksum((int *)buf) == FAIL)
 		return (FAIL);
 	if (Bcvt) {
 		swabst((u_char *)"8l4s1q8l2q17l", (u_char *)buf);
 		swabst((u_char *)"l",(u_char *) &buf->c_level);
 		swabst((u_char *)"2l4q",(u_char *) &buf->c_flags);
 	}
 	readmapflag = 0;
 
 	switch (buf->c_type) {
 
 	case TS_CLRI:
 	case TS_BITS:
 		/*
 		 * Have to patch up missing information in bit map headers
 		 */
 		buf->c_size = buf->c_count * TP_BSIZE;
 		if (buf->c_count > TP_NINDIR)
 			readmapflag = 1;
 		else 
 			for (i = 0; i < buf->c_count; i++)
 				buf->c_addr[i]++;
 		/* FALL THROUGH */
 
 	case TS_TAPE:
 		if (buf->c_magic == NFS_MAGIC &&
 		    (buf->c_flags & NFS_DR_NEWINODEFMT) == 0)
 			oldinofmt = 1;
 		/* FALL THROUGH */
 
 	case TS_END:
 		buf->c_inumber = 0;
 		/* FALL THROUGH */
 
 	case TS_ADDR:
 	case TS_INODE:
 		/*
 		 * For old dump tapes, have to copy up old fields to
 		 * new locations.
 		 */
 		if (buf->c_magic == NFS_MAGIC) {
 			buf->c_tapea = buf->c_old_tapea;
 			buf->c_firstrec = buf->c_old_firstrec;
 			buf->c_date = _time32_to_time(buf->c_old_date);
 			buf->c_ddate = _time32_to_time(buf->c_old_ddate);
 			buf->c_atime = _time32_to_time(buf->c_old_atime);
 			buf->c_mtime = _time32_to_time(buf->c_old_mtime);
 			buf->c_birthtime = 0;
 			buf->c_birthtimensec = 0;
 			buf->c_extsize = 0;
 		}
 		break;
 
 	default:
 		panic("gethead: unknown inode type %d\n", buf->c_type);
 		break;
 	}
 	if (dumpdate != 0 && _time64_to_time(buf->c_date) != dumpdate)
 		fprintf(stderr, "Header with wrong dumpdate.\n");
 	/*
 	 * If we're restoring a filesystem with the old (FreeBSD 1)
 	 * format inodes, copy the uid/gid to the new location
 	 */
 	if (oldinofmt) {
 		buf->c_uid = buf->c_spare1[1];
 		buf->c_gid = buf->c_spare1[2];
 	}
 	buf->c_magic = FS_UFS2_MAGIC;
 	tapeaddr = buf->c_tapea;
 	if (dflag)
 		accthdr(buf);
 	return(GOOD);
 }
 
 /*
  * Check that a header is where it belongs and predict the next header
  */
 static void
 accthdr(struct s_spcl *header)
 {
 	static ino_t previno = 0x7fffffff;
 	static int prevtype;
 	static long predict;
 	long blks, i;
 
 	if (header->c_type == TS_TAPE) {
 		fprintf(stderr, "Volume header ");
  		if (header->c_firstrec)
  			fprintf(stderr, "begins with record %jd",
 			    (intmax_t)header->c_firstrec);
  		fprintf(stderr, "\n");
 		previno = 0x7fffffff;
 		return;
 	}
 	if (previno == 0x7fffffff)
 		goto newcalc;
 	switch (prevtype) {
 	case TS_BITS:
 		fprintf(stderr, "Dumped inodes map header");
 		break;
 	case TS_CLRI:
 		fprintf(stderr, "Used inodes map header");
 		break;
 	case TS_INODE:
 		fprintf(stderr, "File header, ino %ju", (uintmax_t)previno);
 		break;
 	case TS_ADDR:
 		fprintf(stderr, "File continuation header, ino %ju",
 		    (uintmax_t)previno);
 		break;
 	case TS_END:
 		fprintf(stderr, "End of tape header");
 		break;
 	}
 	if (predict != blksread - 1)
 		fprintf(stderr, "; predicted %ld blocks, got %ld blocks",
 			predict, blksread - 1);
 	fprintf(stderr, "\n");
 newcalc:
 	blks = 0;
 	if (header->c_type != TS_END)
 		for (i = 0; i < header->c_count; i++)
 			if (readmapflag || header->c_addr[i] != 0)
 				blks++;
 	predict = blks;
 	blksread = 0;
 	prevtype = header->c_type;
 	previno = header->c_inumber;
 }
 
 /*
  * Find an inode header.
  * Complain if had to skip.
  */
 static void
 findinode(struct s_spcl *header)
 {
 	static long skipcnt = 0;
 	long i;
 	char buf[TP_BSIZE];
 	int htype;
 
 	curfile.name = "<name unknown>";
 	curfile.action = UNKNOWN;
 	curfile.mode = 0;
 	curfile.ino = 0;
 	do {
 		htype = header->c_type;
 		switch (htype) {
 
 		case TS_ADDR:
 			/*
 			 * Skip up to the beginning of the next record
 			 */
 			for (i = 0; i < header->c_count; i++)
 				if (header->c_addr[i])
 					readtape(buf);
 			while (gethead(header) == FAIL ||
 			    _time64_to_time(header->c_date) != dumpdate) {
 				skipcnt++;
 				if (Dflag) {
 					byteslide++;
 					if (byteslide < TP_BSIZE) {
 						blkcnt--;
 						blksread--;
 					} else 
 						byteslide = 0;
 				}
 			}
 			break;
 
 		case TS_INODE:
 			curfile.mode = header->c_mode;
 			curfile.uid = header->c_uid;
 			curfile.gid = header->c_gid;
 			curfile.file_flags = header->c_file_flags;
 			curfile.rdev = header->c_rdev;
 			curfile.atime_sec = header->c_atime;
 			curfile.atime_nsec = header->c_atimensec;
 			curfile.mtime_sec = header->c_mtime;
 			curfile.mtime_nsec = header->c_mtimensec;
 			curfile.birthtime_sec = header->c_birthtime;
 			curfile.birthtime_nsec = header->c_birthtimensec;
 			curfile.extsize = header->c_extsize;
 			curfile.size = header->c_size;
 			curfile.ino = header->c_inumber;
 			break;
 
 		case TS_END:
 			/* If we missed some tapes, get another volume. */
 			if (tapesread & (tapesread + 1)) {
 				getvol(0);
 				continue;
 			}
 			curfile.ino = maxino;
 			break;
 
 		case TS_CLRI:
 			curfile.name = "<file removal list>";
 			break;
 
 		case TS_BITS:
 			curfile.name = "<file dump list>";
 			break;
 
 		case TS_TAPE:
 			if (Dflag)
 				fprintf(stderr, "unexpected tape header\n");
 			else
 				panic("unexpected tape header\n");
 
 		default:
 			if (Dflag)
 				fprintf(stderr, "unknown tape header type %d\n",
 				    spcl.c_type);
 			else
 				panic("unknown tape header type %d\n",
 				    spcl.c_type);
 			while (gethead(header) == FAIL ||
 			    _time64_to_time(header->c_date) != dumpdate) {
 				skipcnt++;
 				if (Dflag) {
 					byteslide++;
 					if (byteslide < TP_BSIZE) {
 						blkcnt--;
 						blksread--;
 					} else 
 						byteslide = 0;
 				}
 			}
 
 		}
 	} while (htype == TS_ADDR);
 	if (skipcnt > 0)
 		fprintf(stderr, "resync restore, skipped %ld %s\n",
 		    skipcnt, Dflag ? "bytes" : "blocks");
 	skipcnt = 0;
 }
 
 static int
 checksum(int *buf)
 {
 	int i, j;
 
 	j = sizeof(union u_spcl) / sizeof(int);
 	i = 0;
 	if (!Bcvt) {
 		do
 			i += *buf++;
 		while (--j);
 	} else {
 		/* What happens if we want to read restore tapes
 			for a 16bit int machine??? */
 		do
 			i += swabl(*buf++);
 		while (--j);
 	}
 
 	if (i != CHECKSUM) {
 		fprintf(stderr, "Checksum error %o, inode %ju file %s\n", i,
 		    (uintmax_t)curfile.ino, curfile.name);
 		return(FAIL);
 	}
 	return(GOOD);
 }
 
 #ifdef RRESTORE
 #include <stdarg.h>
 
 void
 msg(const char *fmt, ...)
 {
 	va_list ap;
 	va_start(ap, fmt);
 	(void)vfprintf(stderr, fmt, ap);
 	va_end(ap);
 }
 #endif /* RRESTORE */
 
 static u_char *
 swabshort(u_char *sp, int n)
 {
 	char c;
 
 	while (--n >= 0) {
 		c = sp[0]; sp[0] = sp[1]; sp[1] = c;
 		sp += 2;
 	}
 	return (sp);
 }
 
 static u_char *
 swablong(u_char *sp, int n)
 {
 	char c;
 
 	while (--n >= 0) {
 		c = sp[0]; sp[0] = sp[3]; sp[3] = c;
 		c = sp[2]; sp[2] = sp[1]; sp[1] = c;
 		sp += 4;
 	}
 	return (sp);
 }
 
 static u_char *
 swabquad(u_char *sp, int n)
 {
 	char c;
 
 	while (--n >= 0) {
 		c = sp[0]; sp[0] = sp[7]; sp[7] = c;
 		c = sp[1]; sp[1] = sp[6]; sp[6] = c;
 		c = sp[2]; sp[2] = sp[5]; sp[5] = c;
 		c = sp[3]; sp[3] = sp[4]; sp[4] = c;
 		sp += 8;
 	}
 	return (sp);
 }
 
 void
 swabst(u_char *cp, u_char *sp)
 {
 	int n = 0;
 
 	while (*cp) {
 		switch (*cp) {
 		case '0': case '1': case '2': case '3': case '4':
 		case '5': case '6': case '7': case '8': case '9':
 			n = (n * 10) + (*cp++ - '0');
 			continue;
 
 		case 's': case 'w': case 'h':
 			if (n == 0)
 				n = 1;
 			sp = swabshort(sp, n);
 			break;
 
 		case 'l':
 			if (n == 0)
 				n = 1;
 			sp = swablong(sp, n);
 			break;
 
 		case 'q':
 			if (n == 0)
 				n = 1;
 			sp = swabquad(sp, n);
 			break;
 
 		case 'b':
 			if (n == 0)
 				n = 1;
 			sp += n;
 			break;
 
 		default:
 			fprintf(stderr, "Unknown conversion character: %c\n",
 			    *cp);
 			done(0);
 			break;
 		}
 		cp++;
 		n = 0;
 	}
 }
 
 static u_long
 swabl(u_long x)
 {
 	swabst((u_char *)"l", (u_char *)&x);
 	return (x);
 }
Index: projects/clang700-import/sbin/sysctl/Makefile
===================================================================
--- projects/clang700-import/sbin/sysctl/Makefile	(revision 337646)
+++ projects/clang700-import/sbin/sysctl/Makefile	(revision 337647)
@@ -1,9 +1,10 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/6/93
 # $FreeBSD$
 
 PACKAGE=runtime
+CONFS=	sysctl.conf
 PROG=	sysctl
 WARNS?=	3
 MAN=	sysctl.8
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/sbin/sysctl/sysctl.conf
===================================================================
--- projects/clang700-import/sbin/sysctl/sysctl.conf	(nonexistent)
+++ projects/clang700-import/sbin/sysctl/sysctl.conf	(revision 337647)
@@ -0,0 +1,9 @@
+# $FreeBSD$
+#
+#  This file is read when going to multi-user and its contents piped thru
+#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
+#
+
+# Uncomment this to prevent users from seeing information about processes that
+# are being run under another UID.
+#security.bsd.see_other_uids=0

Property changes on: projects/clang700-import/sbin/sysctl/sysctl.conf
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import/share/man/man4/snd_envy24ht.4
===================================================================
--- projects/clang700-import/share/man/man4/snd_envy24ht.4	(revision 337646)
+++ projects/clang700-import/share/man/man4/snd_envy24ht.4	(revision 337647)
@@ -1,107 +1,109 @@
 .\" Copyright (c) 2006 Alexander Leidinger
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
 .\"
-.Dd June 1, 2014
+.Dd August 11, 2018
 .Dt SND_ENVY24HT 4
 .Os
 .Sh NAME
 .Nm snd_envy24ht
 .Nd "VIA Envy24HT and compatible bridge device driver"
 .Sh SYNOPSIS
 To compile this driver into the kernel, place the following lines in your
 kernel configuration file:
 .Bd -ragged -offset indent
 .Cd "device sound"
 .Cd "device snd_envy24ht"
 .Cd "device snd_spicds"
 .Ed
 .Pp
 Alternatively, to load the driver as a module at boot time, place the
 following line in
 .Xr loader.conf 5 :
 .Bd -literal -offset indent
 snd_envy24ht_load="YES"
 .Ed
 .Sh DESCRIPTION
 The
 .Nm
 bridge driver allows the generic audio driver
 .Xr sound 4
 to attach to VIA Envy24HT (ICE1724 or VT1724 chipset) and compatible audio
 devices.
 .Sh HARDWARE
 The
 .Nm
 driver supports the following audio devices:
 .Pp
 .Bl -bullet -compact
 .It
 Audiotrak Prodigy 7.1
 .It
 Audiotrak Prodigy 7.1 LT
 .It
 Audiotrak Prodigy 7.1 XT
 .It
 Audiotrak Prodigy HD2
 .It
 ESI Juli@
+.It
+ESI Juli@ XTe
 .It
 M-Audio Audiophile 192
 .It
 M-Audio Revolution 5.1
 .It
 M-Audio Revolution 7.1
 .It
 Terratec Aureon 5.1 Sky
 .It
 Terratec Aureon 7.1 Space
 .It
 Terratec Aureon 7.1 Universe
 .It
 Terratec PHASE 22
 .It
 Terratec PHASE 28
 .El
 Only analog playback is supported.
 Recording and other features of these cards are not supported.
 .Sh SEE ALSO
 .Xr sound 4
 .Sh HISTORY
 The
 .Nm
 device driver first appeared in
 .Fx 6.3 .
 .Sh AUTHORS
 .An -nosplit
 The
 .Nm
 driver was written by
 .An Konstantin Dimitrov
 based upon the
 .Xr snd_envy24 4
 driver.
 This manual page was written by
 .An Alexander Leidinger Aq Mt netchild@FreeBSD.org .
Index: projects/clang700-import/share/man/man5/make.conf.5
===================================================================
--- projects/clang700-import/share/man/man5/make.conf.5	(revision 337646)
+++ projects/clang700-import/share/man/man5/make.conf.5	(revision 337647)
@@ -1,699 +1,700 @@
 .\" Copyright (c) 2000
 .\"	Mike W. Meyer
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 20, 2018
+.Dd August 11, 2018
 .Dt MAKE.CONF 5
 .Os
 .Sh NAME
 .Nm make.conf
 .Nd system build information
 .Sh DESCRIPTION
 The file
 .Nm
 contains system-wide settings that will apply to every build using
 .Xr make 1
 and the standard
 .Pa sys.mk
 file.
 This is achieved as follows:
 .Xr make 1
 processes the system makefile
 .Pa sys.mk
 before any other file by default, and
 .Pa sys.mk
 includes
 .Nm .
 .Pp
 The file
 .Nm
 uses the standard makefile syntax.
 However,
 .Nm
 should not specify any dependencies to
 .Xr make 1 .
 Instead,
 .Nm
 is to set
 .Xr make 1
 variables that control the actions of other makefiles.
 .Pp
 The default location of
 .Nm
 is
 .Pa /etc/make.conf ,
 though an alternative location can be specified in the
 .Xr make 1
 variable
 .Va __MAKE_CONF .
 You may need to override the location of
 .Nm
 if the system-wide settings are not suitable for a particular build.
 For instance, setting
 .Va __MAKE_CONF
 to
 .Pa /dev/null
 effectively resets all build controls to their defaults.
 .Pp
 The primary purpose of
 .Nm
 is to control the compilation of the
 .Fx
 sources, documentation, and ported applications,
 which are usually found in
 .Pa /usr/src ,
 .Pa /usr/doc ,
 and
 .Pa /usr/ports .
 As a rule, the system administrator creates
 .Nm
 when the values of certain control variables need to be changed
 from their defaults.
 .Pp
 The system build procedures occur in four broad areas:
 the world, the kernel, documentation and ports.
 Variables set in
 .Nm
 may be applicable in one, two, or all four of these areas.
 In addition, control variables can be specified
 for a particular build via the
 .Fl D
 option of
 .Xr make 1
 or in
 .Xr environ 7 .
 .Pp
 The following lists provide a name and short description for each
 variable you can use during the indicated builds.
 The values of
 variables flagged as
 .Vt bool
 are ignored; the variable being
 set at all (even to
 .Dq Li FALSE
 or
 .Dq Li NO )
 causes it to
 be treated as if it were set.
 .Pp
 The following list provides a name and short description for variables
 that are used for all builds, or are used by the
 .Pa makefiles
 for things other than builds.
 .Bl -tag -width Ar
 .It Va ALWAYS_CHECK_MAKE
 .Pq Vt bool
 Instructs the top-level makefile in the source tree (normally
 .Pa /usr/src )
 to always check if
 .Xr make 1
 is up-to-date.
 Normally this is only done for the world and buildworld targets to handle
 upgrades from older versions of
 .Fx .
 .It Va CFLAGS
 .Pq Vt str
 Controls the compiler setting when compiling C code.
 Optimization levels other than
 .Fl O
 and
 .Fl O2
 are not supported.
 .It Va CPUTYPE
 .Pq Vt str
 Controls which processor should be targeted for generated
 code.
 This controls processor-specific optimizations in
 certain code (currently only OpenSSL) as well as modifying
 the value of
 .Va CFLAGS
 and
 .Va COPTFLAGS
 to contain the appropriate optimization directive to
 .Xr cc 1 .
 The automatic setting of
 .Va CFLAGS
 may be overridden using the
 .Va NO_CPU_CFLAGS
 variable.
 Refer to
 .Pa /usr/share/examples/etc/make.conf
 for a list of recognized
 .Va CPUTYPE
 options.
 .It Va CXXFLAGS
 .Pq Vt str
 Controls the compiler settings when compiling C++ code.
 .Va CXXFLAGS
 is initially set to the value of
 .Va CFLAGS .
 If you want to
 add to the
 .Va CXXFLAGS
 value, use
 .Dq Li +=
 instead of
 .Dq Li = .
 .It Va DTC
 .Pq Vt str
 Select the compiler for DTS (Device Tree Syntax) file.
 .Va DTC
 is initially set to the value of dtc
 .It Va INSTALL
 .Pq Vt str
 the default install command.
 To install only files for which the target differs or does not exist, use
 .Bd -literal -offset indent
 INSTALL+= -C
 .Ed
 Note that some makefiles (including those in
 .Pa /usr/share/mk )
 may hardcode options for the supplied install command.
 .It Va LOCAL_DIRS
 .Pq Vt str
 List any directories that should be entered when doing
 make's in
 .Pa /usr/src
 in this variable.
 .It Va MAKE_SHELL
 .Pq Vt str
 Controls the shell used internally by
 .Xr make 1
 to process the command scripts in makefiles.
 .Xr sh 1 ,
 .Xr ksh 1 ,
 and
 .Xr csh 1
 all currently supported.
 .Pp
 .Dl "MAKE_SHELL?=sh"
 .It Va MTREE_FOLLOWS_SYMLINKS
 .Pq Vt str
 Set this to
 .Dq Fl L
 to cause
 .Xr mtree 8
 to follow symlinks.
 .It Va NO_CPU_CFLAGS
 .Pq Vt str
 Setting this variable will prevent CPU specific compiler flags
 from being automatically added to
 .Va CFLAGS
 during compile time.
 .It Va NO_DOCUPDATE
 .Pq Vt bool
 Set this to not update the doc tree during
 .Dq Li "make update" .
 .It Va NO_PORTSUPDATE
 .Pq Vt bool
 Set this to not update the ports tree during
 .Dq Li "make update" .
 .It Va SVN_UPDATE
 .Pq Vt bool
 Set this to use
 .Xr svn 1
+or
+.Xr svnlite 1
 to update your
 .Pa src
 tree with
 .Dq Li "make update" .
-Note that since a subversion client is not included in the base system,
-you will need to set
+Note that you can set
 .Va SVN
 to the full path of a
 .Xr svn 1
 binary.
 .El
 .Ss "BUILDING THE KERNEL"
 The following list provides a name and short description for variables
 that are only used doing a kernel build:
 .Bl -tag -width Ar
 .It Va BOOTWAIT
 .Pq Vt int
 Controls the amount of time the kernel waits for a console keypress
 before booting the default kernel.
 The value is approximately milliseconds.
 Keypresses are accepted by the BIOS before booting from disk,
 making it possible to give custom boot parameters even when this is
 set to 0.
 .It Va COPTFLAGS
 .Pq Vt str
 Controls the compiler settings when building the
 kernel.
 Optimization levels above
 .Oo Fl O ( O2 , No ...\& ) Oc
 are not guaranteed to work.
 .It Va KERNCONF
 .Pq Vt str
 Controls which kernel configurations will be
 built by
 .Dq Li "${MAKE} buildkernel"
 and installed by
 .Dq Li "${MAKE} installkernel" .
 For example,
 .Bd -literal -offset indent
 KERNCONF=MINE DEBUG GENERIC OTHERMACHINE
 .Ed
 .Pp
 will build the kernels specified by the config files
 .Pa MINE , DEBUG , GENERIC ,
 and
 .Pa OTHERMACHINE ,
 and install the kernel specified by the config file
 .Pa MINE .
 It defaults to
 .Pa GENERIC .
 .It Va MODULES_OVERRIDE
 .Pq Vt str
 Set to a list of modules to build instead of all of them.
 .It Va NO_KERNELCLEAN
 .Pq Vt bool
 Set this to skip running
 .Dq Li "${MAKE} clean"
 during
 .Dq Li "${MAKE} buildkernel" .
 .It Va NO_KERNELCONFIG
 .Pq Vt bool
 Set this to skip running
 .Xr config 8
 during
 .Dq Li "${MAKE} buildkernel" .
 .It Va NO_KERNELOBJ
 .Pq Vt bool
 Set this to skip running
 .Dq Li "${MAKE} obj"
 during
 .Dq Li "${MAKE} buildkernel" .
 .It Va NO_MODULES
 .Pq Vt bool
 Set to not build modules with the kernel.
 .It Va PORTS_MODULES
 Set this to the list of ports you wish to rebuild every time the kernel
 is built.
 .It Va WITHOUT_MODULES
 .Pq Vt str
 Set to a list of modules to exclude from the build.
 This provides a
 somewhat easier way to exclude modules you are certain you will never
 need than specifying
 .Va MODULES_OVERRIDE .
 This is applied
 .Em after
 .Va MODULES_OVERRIDE .
 .El
 .Ss "BUILDING THE WORLD"
 The following list provides a name and short description for variables
 that are used during the world build:
 .Bl -tag -width Ar
 .It Va BOOT_COMCONSOLE_PORT
 .Pq Vt str
 The port address to use for the console if the boot blocks have
 been configured to use a serial console instead of the keyboard/video card.
 .It Va BOOT_COMCONSOLE_SPEED
 .Pq Vt int
 The baud rate to use for the console if the boot blocks have
 been configured to use a serial console instead of the keyboard/video card.
 .It Va BOOT_PXELDR_ALWAYS_SERIAL
 .Pq Vt bool
 Compile in the code into
 .Xr pxeboot 8
 that forces the use of a serial console.
 This is analogous to the
 .Fl h
 option in
 .Xr boot 8
 blocks.
 .It Va BOOT_PXELDR_PROBE_KEYBOARD
 .Pq Vt bool
 Compile in the code into
 .Xr pxeboot 8
 that probes the keyboard.
 If no keyboard is found, boot with the dual console configuration.
 This is analogous to the
 .Fl D
 option in
 .Xr boot 8
 blocks.
 .It Va ENABLE_SUID_K5SU
 .Pq Vt bool
 Set this if you wish to use the ksu utility.
 Otherwise, it will be
 installed without the set-user-ID bit set.
 .It Va ENABLE_SUID_NEWGRP
 .Pq Vt bool
 Set this to install
 .Xr newgrp 1
 with the set-user-ID bit set.
 Otherwise,
 .Xr newgrp 1
 will not be able to change users' groups.
 .It Va LOADER_TFTP_SUPPORT
 .Pq Vt bool
 By default the
 .Xr pxeboot 8
 loader retrieves the kernel via NFS.
 Defining this and recompiling
 .Pa /usr/src/stand
 will cause it to retrieve the kernel via TFTP.
 This allows
 .Xr pxeboot 8
 to load a custom BOOTP diskless kernel yet
 still mount the server's
 .Pa /
 rather than load the server's kernel.
 .It Va LOADER_FIREWIRE_SUPPORT
 .Pq Vt bool
 Defining this and recompiling
 .Pa /usr/src/stand/i386
 will add
 .Xr dcons 4
 console driver to
 .Xr loader 8
 and allow access over FireWire(IEEE1394) using
 .Xr dconschat 8 .
 Currently, only i386 and amd64 are supported.
 .It Va MALLOC_PRODUCTION
 .Pq Vt bool
 Set this to disable assertions and statistics gathering in
 .Xr malloc 3 .
 It also defaults the A and J runtime options to off.
 Disabled by default on -CURRENT.
 .It Va MAN_ARCH
 .Pq Vt str
 Space-delimited list of one or more MACHINE and/or MACHINE_ARCH values
 for which section 4 man pages will be installed.
 The special value
 .Sq all
 installs all available architectures.
 The default is the MACHINE and MACHINE_ARCH being built.
 .It Va MODULES_WITH_WORLD
 .Pq Vt bool
 Set to build modules with the system instead of the kernel.
 .It Va NO_CLEAN
 .Pq Vt bool
 Set this to disable cleaning during
 .Dq Li "make buildworld" .
 This should not be set unless you know what you are doing.
 .It Va NO_CLEANDIR
 .Pq Vt bool
 Set this to run
 .Dq Li "${MAKE} clean"
 instead of
 .Dq Li "${MAKE} cleandir" .
 .It Va WITH_MANCOMPRESS
 .Pq Vt defined
 Set to install manual pages compressed.
 .It Va WITHOUT_MANCOMPRESS
 .Pq Vt defined
 Set to install manual pages uncompressed.
 .It Va NO_SHARE
 .Pq Vt bool
 Set to not build in the
 .Pa share
 subdir.
 .It Va NO_SHARED
 .Pq Vt bool
 Set to build
 .Pa /bin
 and
 .Pa /sbin
 statically linked, this can be bad.
 If set, every utility that uses
 .Pa bsd.prog.mk
 will be linked statically.
 .It Va PPP_NO_NAT
 .Pq Vt bool
 Build
 .Xr ppp 8
 without support for network address translation (NAT).
 .It Va PPP_NO_NETGRAPH
 .Pq Vt bool
 Set to build
 .Xr ppp 8
 without support for Netgraph.
 .It Va PPP_NO_RADIUS
 .Pq Vt bool
 Set to build
 .Xr ppp 8
 without support for RADIUS.
 .It Va PPP_NO_SUID
 .Pq Vt bool
 Set to disable the installation of
 .Xr ppp 8
 as a set-user-ID root program.
 .It Va SENDMAIL_ADDITIONAL_MC
 .Pq Vt str
 Additional
 .Pa .mc
 files which should be built into
 .Pa .cf
 files at build time.
 The value should include the full path to the
 .Pa .mc
 file(s), e.g.,
 .Pa /etc/mail/foo.mc ,
 .Pa /etc/mail/bar.mc .
 .It Va SENDMAIL_ALIASES
 .Pq Vt str
 List of
 .Xr aliases 5
 files to rebuild when using
 .Pa /etc/mail/Makefile .
 The default value is
 .Pa /etc/mail/aliases .
 .It Va SENDMAIL_CFLAGS
 .Pq Vt str
 Flags to pass to the compile command when building
 .Xr sendmail 8 .
 The
 .Va SENDMAIL_*
 flags can be used to provide SASL support with setting such as:
 .Bd -literal -offset indent
 SENDMAIL_CFLAGS=-I/usr/local/include -DSASL
 SENDMAIL_LDFLAGS=-L/usr/local/lib
 SENDMAIL_LDADD=-lsasl
 .Ed
 .It Va SENDMAIL_CF_DIR
 .Pq Vt str
 Override the default location for the
 .Xr m4 1
 configuration files used to build a
 .Pa .cf
 file from a
 .Pa .mc
 file.
 .It Va SENDMAIL_DPADD
 .Pq Vt str
 Extra dependencies to add when building
 .Xr sendmail 8 .
 .It Va SENDMAIL_LDADD
 .Pq Vt str
 Flags to add to the end of the
 .Xr ld 1
 command when building
 .Xr sendmail 8 .
 .It Va SENDMAIL_LDFLAGS
 .Pq Vt str
 Flags to pass to the
 .Xr ld 1
 command when building
 .Xr sendmail 8 .
 .It Va SENDMAIL_M4_FLAGS
 .Pq Vt str
 Flags passed to
 .Xr m4 1
 when building a
 .Pa .cf
 file from a
 .Pa .mc
 file.
 .It Va SENDMAIL_MAP_PERMS
 .Pq Vt str
 Mode to use when generating alias and map database files using
 .Pa /etc/mail/Makefile .
 The default value is 0640.
 .It Va SENDMAIL_MAP_SRC
 .Pq Vt str
 Additional maps to rebuild when using
 .Pa /etc/mail/Makefile .
 The
 .Pa access ,
 .Pa bitdomain ,
 .Pa domaintable ,
 .Pa genericstable ,
 .Pa mailertable ,
 .Pa uucpdomain ,
 and
 .Pa virtusertable
 maps are always rebuilt if they exist.
 .It Va SENDMAIL_MAP_TYPE
 .Pq Vt str
 Database map type to use when generating map database files using
 .Pa /etc/mail/Makefile .
 The default value is hash.
 The alternative is btree.
 .It Va SENDMAIL_MC
 .Pq Vt str
 The default
 .Xr m4 1
 configuration file to use at install time.
 The value should include the full path to the
 .Pa .mc
 file, e.g.,
 .Pa /etc/mail/myconfig.mc .
 Use with caution as a make install will overwrite any existing
 .Pa /etc/mail/sendmail.cf .
 Note that
 .Va SENDMAIL_CF
 is now deprecated.
 .It Va SENDMAIL_SET_USER_ID
 .Pq Vt bool
 If set, install
 .Xr sendmail 8
 as a set-user-ID root binary instead of a set-group-ID binary
 and do not install
 .Pa /etc/mail/submit.{cf,mc} .
 Use of this flag is not recommended and the alternative advice in
 .Pa /etc/mail/README
 should be followed instead if at all possible.
 .It Va SENDMAIL_START_SCRIPT
 .Pq Vt str
 The script used by
 .Pa /etc/mail/Makefile
 to start, stop, and restart
 .Xr sendmail 8 .
 The default value is
 .Pa /etc/rc.sendmail .
 This value should match the
 .Dq Li mta_start_script
 setting in
 .Xr rc.conf 5 .
 .It Va SENDMAIL_SUBMIT_MC
 .Pq Vt str
 The default
 .Xr m4 1
 configuration file for mail submission
 to use at install time.
 The value should include the full path to the
 .Pa .mc
 file, e.g.,
 .Pa /etc/mail/mysubmit.mc .
 Use with caution as a make install will overwrite any existing
 .Pa /etc/mail/submit.cf .
 .It Va TOP_TABLE_SIZE
 .Pq Vt int
 .Xr top 1
 uses a hash table for the user names.
 The size of this hash can be tuned to match the number of local users.
 The table size should be a prime number
 approximately twice as large as the number of lines in
 .Pa /etc/passwd .
 The default number is 20011.
 .It Va WANT_FORCE_OPTIMIZATION_DOWNGRADE
 .Pq Vt int
 Causes the system compiler to be built such that it forces high optimization
 levels to a lower one.
 .Xr cc 1
 .Fl O2
 and above is known to trigger known optimizer bugs at various
 times.
 The value assigned is the highest optimization value used.
 .El
 .Ss "BUILDING DOCUMENTATION"
 The following list provides a name and short description for variables
 that are used when building documentation.
 .Bl -tag -width ".Va PRINTERDEVICE"
 .It Va DISTDIR
 .Pq Vt str
 Where distfiles are kept.
 Normally, this is
 .Pa distfiles
 in
 .Va PORTSDIR .
 .It Va DOC_LANG
 .Pq Vt str
 The list of languages and encodings to build and install.
 .It Va PRINTERDEVICE
 .Pq Vt str
 The default format for system documentation, depends on your
 printer.
 This can be set to
 .Dq Li ascii
 for simple printers, or
 .Dq Li ps
 for postscript or graphics printers with a ghostscript
 filter, or both.
 .El
 .Ss "BUILDING PORTS"
 Several make variables can be set that affect the building of ports.
 These variables and their effects are documented in
 .Xr ports 7 ,
 .Pa ${PORTSDIR}/Mk/*
 and the
 .Fx
 Porter's Handbook.
 .Sh FILES
 .Bl -tag -width ".Pa /usr/share/examples/etc/make.conf" -compact
 .It Pa /etc/make.conf
 .It Pa /usr/doc/Makefile
 .It Pa /usr/ports/Makefile
 .It Pa /usr/share/examples/etc/make.conf
 .It Pa /usr/share/mk/sys.mk
 .It Pa /usr/src/Makefile
 .It Pa /usr/src/Makefile.inc1
 .El
 .Sh SEE ALSO
 .Xr cc 1 ,
 .Xr install 1 ,
 .Xr make 1 ,
 .Xr src.conf 5 ,
 .Xr environ 7 ,
 .Xr ports 7 ,
 .Xr sendmail 8
 .Sh HISTORY
 The
 .Nm
 file appeared sometime before
 .Fx 4.0 .
 .Sh AUTHORS
 This
 manual page was written by
 .An Mike W. Meyer Aq Mt mwm@mired.org .
 .Sh CAVEATS
 Note, that
 .Ev MAKEOBJDIRPREFIX
 and
 .Ev MAKEOBJDIR
 are environment variables and should not be set in
 .Nm
 or as command line arguments to
 .Xr make 1 ,
 but in make's environment.
 .Sh BUGS
 This manual page may occasionally be out of date with respect to
 the options currently available for use in
 .Nm .
 Please check the
 .Pa /usr/share/examples/etc/make.conf
 file for the latest options which are available.
Index: projects/clang700-import/share/man/man7/build.7
===================================================================
--- projects/clang700-import/share/man/man7/build.7	(revision 337646)
+++ projects/clang700-import/share/man/man7/build.7	(revision 337647)
@@ -1,804 +1,807 @@
 .\" Copyright (c) 2000
 .\"	Mike W. Meyer
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 24, 2017
+.Dd August 11, 2018
 .Dt BUILD 7
 .Os
 .Sh NAME
 .Nm build
 .Nd information on how to build the system
 .Sh DESCRIPTION
 The sources for the
 .Fx
 system and its applications are contained in three different directories,
 normally
 .Pa /usr/src ,
 .Pa /usr/doc ,
 and
 .Pa /usr/ports .
 These directories may be initially empty or non-existent until updated with
 .Xr svn 1
 or
+.Xr svnlite 1
+or
 .Xr portsnap 8 .
 Directory
 .Pa /usr/src
 contains the
 .Dq "base system"
 sources, which is loosely defined as the things required to rebuild
 the system to a useful state.
 Directory
 .Pa /usr/doc
 contains the source for the system documentation, excluding the manual
 pages.
 Directory
 .Pa /usr/ports
 contains a tree that provides a consistent interface for building and
 installing third party applications.
 For more information about the ports build process, see
 .Xr ports 7 .
 .Pp
 The
 .Xr make 1
 command is used in each of these directories to build and install the
 things in that directory.
 Issuing the
 .Xr make 1
 command in any directory or
 subdirectory of those directories has the same effect as issuing the
 same command in all subdirectories of that directory.
 With no target specified, the things in that directory are just built.
 .Pp
 A source tree is allowed to be read-only.
 As described in
 .Xr make 1 ,
 objects are usually built in a separate object directory hierarchy
 specified by the environment variable
 .Va MAKEOBJDIRPREFIX ,
 or under
 .Pa /usr/obj
 if variable
 .Va MAKEOBJDIRPREFIX
 is not set.
 The canonical object directory is described in the documentation for the
 .Cm buildworld
 target below.
 .Pp
 The build may be controlled by defining
 .Xr make 1
 variables described in the
 .Sx ENVIRONMENT
 section below, and by the variables documented in
 .Xr make.conf 5 .
 .Pp
 The following list provides the names and actions for the targets
 supported by the build system:
 .Bl -tag -width ".Cm cleandepend"
 .It Cm analyze
 Run Clang static analyzer against all objects and present output on stdout.
 .It Cm check
 Run tests for a given subdirectory.
 The default directory used is
 .Pa ${.OBJDIR} ,
 but the check directory can be changed with
 .Pa ${CHECKDIR} .
 .It Cm checkworld
 Run the
 .Fx
 test suite on installed world.
 .It Cm clean
 Remove any files created during the build process.
 .It Cm cleandepend
 Remove the
 .Pa ${.OBJDIR}/${DEPENDFILE}*
 files generated by prior
 .Dq Li "make"
 and
 .Dq Li "make depend"
 steps.
 .It Cm cleandir
 Remove the canonical object directory if it exists, or perform
 actions equivalent to
 .Dq Li "make clean cleandepend"
 if it does not.
 This target will also remove an
 .Pa obj
 link in
 .Pa ${.CURDIR}
 if that exists.
 .Pp
 It is advisable to run
 .Dq Li "make cleandir"
 twice: the first invocation will remove the canonical object directory
 and the second one will clean up
 .Pa ${.CURDIR} .
 .It Cm depend
 Generate a list of build dependencies in file
 .Pa ${.OBJDIR}/${DEPENDFILE} .
 Per-object dependencies are generated at build time and stored in
 .Pa ${.OBJDIR}/${DEPENDFILE}.${OBJ} .
 .It Cm install
 Install the results of the build to the appropriate location in the
 installation directory hierarchy specified in variable
 .Va DESTDIR .
 .It Cm obj
 Create the canonical object directory associated with the current
 directory.
 .It Cm objlink
 Create a symbolic link to the canonical object directory in
 .Pa ${.CURDIR} .
 .It Cm tags
 Generate a tags file using the program specified in the
 .Xr make 1
 variable
 .Va CTAGS .
 The build system supports
 .Xr ctags 1
 and
 .Nm "GNU Global" .
 .El
 .Pp
 The other supported targets under directory
 .Pa /usr/src
 are:
 .Bl -tag -width ".Cm distributeworld"
 .It Cm buildenv
 Spawn an interactive shell with environment variables set up for
 cross-building the system.
 The target architecture needs to be specified with
 .Xr make 1
 variables
 .Va TARGET_ARCH
 and
 .Va TARGET .
 .Pp
 This target is only useful after a complete cross-toolchain including
 the compiler, linker, assembler, headers and libraries has been
 built; see the
 .Cm toolchain
 target below.
 .It Cm buildworld
 Build everything but the kernel, configure files in
 .Pa etc ,
 and
 .Pa release .
 The object directory can be changed from the default
 .Pa /usr/obj
 by setting the
 .Pa MAKEOBJDIRPREFIX
 .Xr make 1
 variable.
 The actual build location prefix used
 depends on the
 .Va WITH_UNIFIED_OBJDIR
 option from
 .Xr src.conf 5 .
 If enabled it is
 .Pa ${MAKEOBJDIRPREFIX}${.CURDIR}/${TARGET}.${TARGET_ARCH}
 for all builds.
 If disabled it is
 .Pa ${MAKEOBJDIRPREFIX}${.CURDIR}
 for native builds, and
 .Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}${.CURDIR}
 for cross builds and native builds with variable
 .Va CROSS_BUILD_TESTING
 set.
 .It Cm cleanworld
 Attempt to clean up targets built by a preceding
 .Cm buildworld ,
 or similar step built from this source directory.
 .It Cm cleanuniverse
 When
 .Va WITH_UNIFIED_OBJDIR
 is enabled, attempt to clean up targets built by a preceding
 .Cm buildworld ,
 .Cm universe ,
 or similar step, for any architecture built from this source directory.
 .It Cm distributeworld
 Distribute everything compiled by a preceding
 .Cm buildworld
 step.
 Files are placed in the directory hierarchy specified by
 .Xr make 1
 variable
 .Va DISTDIR .
 This target is used while building a release; see
 .Xr release 7 .
 .It Cm native-xtools
 This target builds a cross-toolchain for the given
 .Sy TARGET
 and
 .Sy TARGET_ARCH ,
 as well as a select list of static userland tools for the host system.
 This is intended to be used in a jail where QEMU is used to improve
 performance by avoiding emulating binaries that do not need to be emulated.
 .Sy TARGET
 and
 .Sy TARGET_ARCH
 should be defined.
 .It Cm native-xtools-install
 Installs the results to
 .Pa ${DESTDIR}/${NXTP}
 where
 .Va NXTP
 defaults to
 .Pa nxb-bin .
 .Sy TARGET
 and
 .Sy TARGET_ARCH
 must be defined.
 .It Cm packageworld
 Archive the results of
 .Cm distributeworld ,
 placing the results in
 .Va DISTDIR .
 This target is used while building a release; see
 .Xr release 7 .
 .It Cm installworld
 Install everything built by a preceding
 .Cm buildworld
 step into the directory hierarchy pointed to by
 .Xr make 1
 variable
 .Va DESTDIR .
 .Pp
 If installing onto an NFS file system and running
 .Xr make 1
 with the
 .Fl j
 option, make sure that
 .Xr rpc.lockd 8
 is running on both client and server.
 See
 .Xr rc.conf 5
 on how to make it start at boot time.
 .It Cm toolchain
 Create the build toolchain needed to build the rest of the system.
 For cross-architecture builds, this step creates a cross-toolchain.
 .It Cm universe
 For each architecture,
 execute a
 .Cm buildworld
 followed by a
 .Cm buildkernel
 for all kernels for that architecture,
 including
 .Pa LINT .
 This command takes a long time.
 .It Cm update
 Get updated sources as configured in
 .Xr make.conf 5 .
 .It Cm targets
 Print a list of supported
 .Va TARGET
 /
 .Va TARGET_ARCH
 pairs for world and kernel targets.
 .It Cm tinderbox
 Execute the same targets as
 .Cm universe .
 In addition print a summary of all failed targets at the end and
 exit with an error if there were any.
 .It Cm toolchains
 Create a build toolchain for each architecture supported by the build system.
 .It Cm xdev
 Builds and installs a cross-toolchain and sysroot for the given
 .Sy TARGET
 and
 .Sy TARGET_ARCH .
 The sysroot contains target library and headers.
 The target is an alias for
 .Cm xdev-build
 and
 .Cm xdev-install .
 The location of the files installed can be controlled with
 .Va DESTDIR .
 The target location in
 .Va DESTDIR
 is
 .Pa ${DESTDIR}/${XDTP}
 where
 .Va XDTP
 defaults to
 .Pa /usr/${XDDIR}
 and
 .Va XDDIR
 defaults to
 .Pa ${TARGET_ARCH}-freebsd .
 .It Cm xdev-build
 Builds for the
 .Cm xdev
 target.
 .It Cm xdev-install
 Installs the files for the
 .Cm xdev
 target.
 .It Cm xdev-links
 Installs autoconf-style symlinks to
 .Pa ${DESTDIR}/usr/bin
 pointing into the xdev toolchain in
 .Pa ${DESTDIR}/${XDTP} .
 .El
 .Pp
 Kernel specific build targets in
 .Pa /usr/src
 are:
 .Bl -tag -width ".Cm distributekernel"
 .It Cm buildkernel
 Rebuild the kernel and the kernel modules.
 The object directory can be changed from the default
 .Pa /usr/obj
 by setting the
 .Pa MAKEOBJDIRPREFIX
 .Xr make 1
 variable.
 .It Cm installkernel
 Install the kernel and the kernel modules to directory
 .Pa ${DESTDIR}/boot/kernel ,
 renaming any pre-existing directory with this name to
 .Pa kernel.old
 if it contained the currently running kernel.
 The target directory under
 .Pa ${DESTDIR}
 may be modified using the
 .Va INSTKERNNAME
 and
 .Va KODIR
 .Xr make 1
 variables.
 .It Cm distributekernel
 Install the kernel to the directory
 .Pa ${DISTDIR}/kernel/boot/kernel .
 This target is used while building a release; see
 .Xr release 7 .
 .It Cm packagekernel
 Archive the results of
 .Cm distributekernel ,
 placing the results in
 .Va DISTDIR .
 This target is used while building a release; see
 .Xr release 7 .
 .It Cm kernel
 Equivalent to
 .Cm buildkernel
 followed by
 .Cm installkernel
 .It Cm kernel-toolchain
 Rebuild the tools needed for kernel compilation.
 Use this if you did not do a
 .Cm buildworld
 first.
 .It Cm reinstallkernel
 Reinstall the kernel and the kernel modules, overwriting the contents
 of the target directory.
 As with the
 .Cm installkernel
 target, the target directory can be specified using the
 .Xr make 1
 variable
 .Va INSTKERNNAME .
 .El
 .Pp
 Convenience targets for cleaning up the install destination directory
 denoted by variable
 .Va DESTDIR
 include:
 .Bl -tag -width ".Cm delete-old-libs"
 .It Cm check-old
 Print a list of old files and directories in the system.
 .It Cm delete-old
 Delete obsolete base system files and directories interactively.
 When
 .Li -DBATCH_DELETE_OLD_FILES
 is specified at the command line, the delete operation will be
 non-interactive.
 The variables
 .Va DESTDIR ,
 .Va TARGET_ARCH
 and
 .Va TARGET
 should be set as with
 .Dq Li "make installworld" .
 .It Cm delete-old-libs
 Delete obsolete base system libraries interactively.
 This target should only be used if no third party software uses these
 libraries.
 When
 .Li -DBATCH_DELETE_OLD_FILES
 is specified at the command line, the delete operation will be
 non-interactive.
 The variables
 .Va DESTDIR ,
 .Va TARGET_ARCH
 and
 .Va TARGET
 should be set as with
 .Dq Li "make installworld" .
 .El
 .Sh ENVIRONMENT
 Variables that influence all builds include:
 .Bl -tag -width ".Va MAKEOBJDIRPREFIX"
 .It Va DEBUG_FLAGS
 Defines a set of debugging flags that will be used to build all userland
 binaries under
 .Pa /usr/src .
 When
 .Va DEBUG_FLAGS
 is defined, the
 .Cm install
 and
 .Cm installworld
 targets install binaries from the current
 .Va MAKEOBJDIRPREFIX
 without stripping,
 so that debugging information is retained in the installed binaries.
 .It Va DESTDIR
 The directory hierarchy prefix where built objects will be installed.
 If not set,
 .Va DESTDIR
 defaults to the empty string.
 .It Va MAKEOBJDIRPREFIX
 Defines the prefix for directory names in the tree of built objects.
 Defaults to
 .Pa /usr/obj
 if not defined.
 This variable should only be set in the environment or
 .Pa /etc/src-env.conf
 and not via
 .Pa /etc/make.conf
 or
 .Pa /etc/src.conf
 or the command line.
 .It Va NO_WERROR
 If defined, compiler warnings will not cause the build to halt,
 even if the makefile says otherwise.
 .It Va WITH_CTF
 If defined, the build process will run the DTrace CTF conversion
 tools on built objects.
 .El
 .Pp
 Additionally, builds in
 .Pa /usr/src
 are influenced by the following
 .Xr make 1
 variables:
 .Bl -tag -width ".Va SUBDIR_OVERRIDE"
 .It Va KERNCONF
 Overrides which kernel to build and install for the various kernel
 make targets.
 It defaults to
 .Cm GENERIC .
 .It Va KERNFAST
 If set, the build target
 .Cm buildkernel
 defaults to setting
 .Va NO_KERNELCLEAN ,
 .Va NO_KERNELCONFIG ,
 and
 .Va NO_KERNELOBJ .
 When set to a value other than
 .Cm 1
 then
 .Va KERNCONF
 is set to the value of
 .Va KERNFAST .
 .It Va LOCAL_DIRS
 If set, this variable supplies a list of additional directories relative to
 the root of the source tree to build as part of the
 .Cm everything
 target.
 The directories are built in parallel with each other,
 and with the base system directories.
 Insert a
 .Va .WAIT
 directive at the beginning of the
 .Va LOCAL_DIRS
 list to ensure all base system directories are built first.
 .Va .WAIT
 may also be used as needed elsewhere within the list.
 .It Va LOCAL_ITOOLS
 If set, this variable supplies a list of additional tools that are used by the
 .Cm installworld
 and
 .Cm distributeworld
 targets.
 .It Va LOCAL_LIB_DIRS
 If set, this variable supplies a list of additional directories relative to
 the root of the source tree to build as part of the
 .Cm libraries
 target.
 The directories are built in parallel with each other,
 and with the base system libraries.
 Insert a
 .Va .WAIT
 directive at the beginning of the
 .Va LOCAL_DIRS
 list to ensure all base system libraries are built first.
 .Va .WAIT
 may also be used as needed elsewhere within the list.
 .It Va LOCAL_MTREE
 If set, this variable supplies a list of additional mtrees relative to the
 root of the source tree to use as part of the
 .Cm hierarchy
 target.
 .It Va LOCAL_TOOL_DIRS
 If set, this variable supplies a list of additional directories relative to
 the root of the source tree to build as part of the
 .Cm build-tools
 target.
 .It Va LOCAL_XTOOL_DIRS
 If set, this variable supplies a list of additional directories relative to
 the root of the source tree to build as part of the
 .Cm cross-tools
 target.
 .It Va PORTS_MODULES
 A list of ports with kernel modules that should be built and installed
 as part of the
 .Cm buildkernel
 and
 .Cm installkernel
 process.
 .Bd -literal -offset indent
 make PORTS_MODULES=emulators/kqemu-kmod kernel
 .Ed
 .It Va STRIPBIN
 Command to use at install time when stripping binaries.
 Be sure to add any additional tools required to run
 .Va STRIPBIN
 to the
 .Va LOCAL_ITOOLS
 .Xr make 1
 variable before running the
 .Cm distributeworld
 or
 .Cm installworld
 targets.
 See
 .Xr install 1
 for more details.
 .It Va SUBDIR_OVERRIDE
 Override the default list of sub-directories and only build the
 sub-directory named in this variable.
 If combined with
 .Cm buildworld
 then all libraries and includes, and some of the build tools will still build
 as well.
 Specifying
 .Cm -DNO_LIBS ,
 and
 .Cm -DWORLDFAST
 will only build the specified directory as was done historically.
 When combined with
 .Cm buildworld
 it is necesarry to override
 .Va LOCAL_LIB_DIRS
 with any custom directories containing libraries.
 This allows building a subset of the system in the same way as
 .Cm buildworld
 does using its sysroot handling.
 This variable can also be useful when debugging failed builds.
 .Bd -literal -offset indent
 make some-target SUBDIR_OVERRIDE=foo/bar
 .Ed
 .It Va TARGET
 The target hardware platform.
 This is analogous to the
 .Dq Nm uname Fl m
 output.
 This is necessary to cross-build some target architectures.
 For example, cross-building for ARM64 machines requires
 .Va TARGET_ARCH Ns = Ns Li aarch64
 and
 .Va TARGET Ns = Ns Li arm64 .
 If not set,
 .Va TARGET
 defaults to the current hardware platform, unless
 .Va TARGET_ARCH
 is also set, in which case it defaults to the appropriate
 value for that architecture.
 .It Va TARGET_ARCH
 The target machine processor architecture.
 This is analogous to the
 .Dq Nm uname Fl p
 output.
 Set this to cross-build for a different architecture.
 If not set,
 .Va TARGET_ARCH
 defaults to the current machine architecture, unless
 .Va TARGET
 is also set, in which case it defaults to the appropriate
 value for that platform.
 Typically, one only needs to set
 .Va TARGET .
 .El
 .Pp
 Builds under directory
 .Pa /usr/src
 are also influenced by defining one or more of the following symbols,
 using the
 .Fl D
 option of
 .Xr make 1 :
 .Bl -tag -width ".Va -DNO_KERNELCONFIG"
 .It Va NO_CLEANDIR
 If set, the build targets that clean parts of the object tree use the
 equivalent of
 .Dq make clean
 instead of
 .Dq make cleandir .
 .It Va NO_CLEAN
 If set, no object tree files are cleaned at all.
 This is the default when
 .Va WITH_META_MODE
 is used with
 .Xr filemon 4
 loaded.
 See
 .Xr src.conf 5
 for more details.
 Setting
 .Va NO_CLEAN
 implies
 .Va NO_KERNELCLEAN ,
 so when
 .Va NO_CLEAN
 is set no kernel objects are cleaned either.
 .It Va NO_CTF
 If set, the build process does not run the DTrace CTF conversion tools
 on built objects.
 .It Va NO_SHARE
 If set, the build does not descend into the
 .Pa /usr/src/share
 subdirectory (i.e., manual pages, locale data files, timezone data files and
 other
 .Pa /usr/src/share
 files will not be rebuild from their sources).
 .It Va NO_KERNELCLEAN
 If set, the build process does not run
 .Dq make clean
 as part of the
 .Cm buildkernel
 target.
 .It Va NO_KERNELCONFIG
 If set, the build process does not run
 .Xr config 8
 as part of the
 .Cm buildkernel
 target.
 .It Va NO_KERNELOBJ
 If set, the build process does not run
 .Dq make obj
 as part of the
 .Cm buildkernel
 target.
 .It Va NO_DOCUPDATE
 If set, the update process does not update the source of the
 .Fx
 documentation as part of the
 .Dq make update
 target.
 .It Va NO_LIBS
 If set, the libraries phase will be skipped.
 .It Va NO_OBJWALK
 If set, no object directories will be created.
 This should only be used if object directories were created in a
 previous build and no new directories are connected.
 .It Va NO_PORTSUPDATE
 If set, the update process does not update the Ports tree as part of the
 .Dq make update
 target.
 .It Va NO_WWWUPDATE
 If set, the update process does not update the www tree as part of the
 .Dq make update
 target.
 .It Va WORLDFAST
 If set, the build target
 .Cm buildworld
 defaults to setting
 .Va NO_CLEAN ,
 .Va NO_OBJWALK ,
 and will skip most bootstrap phases.
 It will only bootstrap libraries and build all of userland.
 This option should be used only when it is known that none of the bootstrap
 needs changed and that no new directories have been connected to the build.
 .El
 .Pp
 Builds under directory
 .Pa /usr/doc
 are influenced by the following
 .Xr make 1
 variables:
 .Bl -tag -width ".Va DOC_LANG"
 .It Va DOC_LANG
 If set, restricts the documentation build to the language subdirectories
 specified as its content.
 The default action is to build documentation for all languages.
 .El
 .Pp
 Builds using the
 .Cm universe
 target are influenced by the following
 .Xr make 1
 variables:
 .Bl -tag -width ".Va MAKE_JUST_KERNELS"
 .It Va JFLAG
 Pass the value of this variable to each
 .Xr make 1
 invocation used to build worlds and kernels.
 This can be used to enable multiple jobs within a single architecture's build
 while still building each architecture serially.
 .It Va MAKE_JUST_KERNELS
 Only build kernels for each supported architecture.
 .It Va MAKE_JUST_WORLDS
 Only build worlds for each supported architecture.
 .It Va UNIVERSE_TARGET
 Execute the specified
 .Xr make 1
 target for each supported architecture instead of the default action of
 building a world and one or more kernels.
 .El
 .Sh FILES
 .Bl -tag -width ".Pa /usr/share/examples/etc/make.conf" -compact
 .It Pa /usr/doc/Makefile
 .It Pa /usr/doc/share/mk/doc.project.mk
 .It Pa /usr/ports/Mk/bsd.port.mk
 .It Pa /usr/ports/Mk/bsd.sites.mk
 .It Pa /usr/share/examples/etc/make.conf
 .It Pa /usr/src/Makefile
 .It Pa /usr/src/Makefile.inc1
 .El
 .Sh EXAMPLES
 For an
 .Dq approved
 method of updating your system from the latest sources, please see the
 .Sx COMMON ITEMS
 section in
 .Pa src/UPDATING .
 .Pp
 The following sequence of commands can be used to cross-build the
 system for the armv6 architecture on an amd64 host:
 .Bd -literal -offset indent
 cd /usr/src
 make TARGET_ARCH=armv6 buildworld buildkernel
 make TARGET_ARCH=armv6 DESTDIR=/clients/arm64 installworld installkernel
 .Ed
 .Sh SEE ALSO
 .Xr cc 1 ,
 .Xr install 1 ,
 .Xr make 1 ,
 .Xr svn 1 ,
+.Xr svnlite 1 ,
 .Xr make.conf 5 ,
 .Xr src.conf 5 ,
 .Xr arch 7 ,
 .Xr ports 7 ,
 .Xr release 7 ,
 .Xr tests 7 ,
 .Xr config 8 ,
 .Xr mergemaster 8 ,
 .Xr portsnap 8 ,
 .Xr reboot 8 ,
 .Xr shutdown 8
 .Sh AUTHORS
 .An Mike W. Meyer Aq Mt mwm@mired.org
Index: projects/clang700-import/sys/netpfil/pf/pf_if.c
===================================================================
--- projects/clang700-import/sys/netpfil/pf/pf_if.c	(revision 337646)
+++ projects/clang700-import/sys/netpfil/pf/pf_if.c	(revision 337647)
@@ -1,905 +1,920 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
  * Copyright (c) 2001 Daniel Hartmeier
  * Copyright (c) 2003 Cedric Berger
  * Copyright (c) 2005 Henning Brauer <henning@openbsd.org>
  * Copyright (c) 2005 Ryan McBride <mcbride@openbsd.org>
  * Copyright (c) 2012 Gleb Smirnoff <glebius@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  *    - Redistributions of source code must retain the above copyright
  *      notice, this list of conditions and the following disclaimer.
  *    - Redistributions in binary form must reproduce the above
  *      copyright notice, this list of conditions and the following
  *      disclaimer in the documentation and/or other materials provided
  *      with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
  *	$OpenBSD: pf_if.c,v 1.54 2008/06/14 16:55:28 mk Exp $
  */
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
 #include "opt_inet.h"
 #include "opt_inet6.h"
 
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/eventhandler.h>
 #include <sys/lock.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
 
 #include <net/if.h>
 #include <net/if_var.h>
 #include <net/vnet.h>
 #include <net/pfvar.h>
 #include <net/route.h>
 
 VNET_DEFINE(struct pfi_kif *,	 pfi_all);
 VNET_DEFINE_STATIC(long, pfi_update);
 #define	V_pfi_update	VNET(pfi_update)
 #define PFI_BUFFER_MAX	0x10000
 
 VNET_DECLARE(int, pf_vnet_active);
 #define V_pf_vnet_active	VNET(pf_vnet_active)
 
 VNET_DEFINE_STATIC(struct pfr_addr *, pfi_buffer);
 VNET_DEFINE_STATIC(int, pfi_buffer_cnt);
 VNET_DEFINE_STATIC(int,	pfi_buffer_max);
 #define	V_pfi_buffer		 VNET(pfi_buffer)
 #define	V_pfi_buffer_cnt	 VNET(pfi_buffer_cnt)
 #define	V_pfi_buffer_max	 VNET(pfi_buffer_max)
 
 eventhandler_tag	 pfi_attach_cookie;
 eventhandler_tag	 pfi_detach_cookie;
 eventhandler_tag	 pfi_attach_group_cookie;
 eventhandler_tag	 pfi_change_group_cookie;
 eventhandler_tag	 pfi_detach_group_cookie;
 eventhandler_tag	 pfi_ifaddr_event_cookie;
 
 static void	 pfi_attach_ifnet(struct ifnet *);
 static void	 pfi_attach_ifgroup(struct ifg_group *);
 
 static void	 pfi_kif_update(struct pfi_kif *);
 static void	 pfi_dynaddr_update(struct pfi_dynaddr *dyn);
 static void	 pfi_table_update(struct pfr_ktable *, struct pfi_kif *, int,
 		    int);
 static void	 pfi_instance_add(struct ifnet *, int, int);
 static void	 pfi_address_add(struct sockaddr *, int, int);
 static int	 pfi_if_compare(struct pfi_kif *, struct pfi_kif *);
 static int	 pfi_skip_if(const char *, struct pfi_kif *);
 static int	 pfi_unmask(void *);
 static void	 pfi_attach_ifnet_event(void * __unused, struct ifnet *);
 static void	 pfi_detach_ifnet_event(void * __unused, struct ifnet *);
 static void	 pfi_attach_group_event(void * __unused, struct ifg_group *);
 static void	 pfi_change_group_event(void * __unused, char *);
 static void	 pfi_detach_group_event(void * __unused, struct ifg_group *);
 static void	 pfi_ifaddr_event(void * __unused, struct ifnet *);
 
 RB_HEAD(pfi_ifhead, pfi_kif);
 static RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
 static RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
 VNET_DEFINE_STATIC(struct pfi_ifhead, pfi_ifs);
 #define	V_pfi_ifs	VNET(pfi_ifs)
 
 #define	PFI_BUFFER_MAX		0x10000
 MALLOC_DEFINE(PFI_MTYPE, "pf_ifnet", "pf(4) interface database");
 
 LIST_HEAD(pfi_list, pfi_kif);
 VNET_DEFINE_STATIC(struct pfi_list, pfi_unlinked_kifs);
 #define	V_pfi_unlinked_kifs	VNET(pfi_unlinked_kifs)
 static struct mtx pfi_unlnkdkifs_mtx;
 MTX_SYSINIT(pfi_unlnkdkifs_mtx, &pfi_unlnkdkifs_mtx, "pf unlinked interfaces",
     MTX_DEF);
 
 void
 pfi_initialize_vnet(void)
 {
 	struct ifg_group *ifg;
 	struct ifnet *ifp;
 	struct pfi_kif *kif;
 
 	V_pfi_buffer_max = 64;
 	V_pfi_buffer = malloc(V_pfi_buffer_max * sizeof(*V_pfi_buffer),
 	    PFI_MTYPE, M_WAITOK);
 
 	kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
 	PF_RULES_WLOCK();
 	V_pfi_all = pfi_kif_attach(kif, IFG_ALL);
 	PF_RULES_WUNLOCK();
 
 	IFNET_RLOCK();
 	CK_STAILQ_FOREACH(ifg, &V_ifg_head, ifg_next)
 		pfi_attach_ifgroup(ifg);
 	CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link)
 		pfi_attach_ifnet(ifp);
 	IFNET_RUNLOCK();
 }
 
 void
 pfi_initialize(void)
 {
 
 	pfi_attach_cookie = EVENTHANDLER_REGISTER(ifnet_arrival_event,
 	    pfi_attach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
 	pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_departure_event,
 	    pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
 	pfi_attach_group_cookie = EVENTHANDLER_REGISTER(group_attach_event,
 	    pfi_attach_group_event, NULL, EVENTHANDLER_PRI_ANY);
 	pfi_change_group_cookie = EVENTHANDLER_REGISTER(group_change_event,
 	    pfi_change_group_event, NULL, EVENTHANDLER_PRI_ANY);
 	pfi_detach_group_cookie = EVENTHANDLER_REGISTER(group_detach_event,
 	    pfi_detach_group_event, NULL, EVENTHANDLER_PRI_ANY);
 	pfi_ifaddr_event_cookie = EVENTHANDLER_REGISTER(ifaddr_event,
 	    pfi_ifaddr_event, NULL, EVENTHANDLER_PRI_ANY);
 }
 
 void
 pfi_cleanup_vnet(void)
 {
 	struct pfi_kif *kif;
 
 	PF_RULES_WASSERT();
 
 	V_pfi_all = NULL;
 	while ((kif = RB_MIN(pfi_ifhead, &V_pfi_ifs))) {
 		RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif);
 		if (kif->pfik_group)
 			kif->pfik_group->ifg_pf_kif = NULL;
 		if (kif->pfik_ifp)
 			kif->pfik_ifp->if_pf_kif = NULL;
 		free(kif, PFI_MTYPE);
 	}
 
 	mtx_lock(&pfi_unlnkdkifs_mtx);
 	while ((kif = LIST_FIRST(&V_pfi_unlinked_kifs))) {
 		LIST_REMOVE(kif, pfik_list);
 		free(kif, PFI_MTYPE);
 	}
 	mtx_unlock(&pfi_unlnkdkifs_mtx);
 
 	free(V_pfi_buffer, PFI_MTYPE);
 }
 
 void
 pfi_cleanup(void)
 {
 
 	EVENTHANDLER_DEREGISTER(ifnet_arrival_event, pfi_attach_cookie);
 	EVENTHANDLER_DEREGISTER(ifnet_departure_event, pfi_detach_cookie);
 	EVENTHANDLER_DEREGISTER(group_attach_event, pfi_attach_group_cookie);
 	EVENTHANDLER_DEREGISTER(group_change_event, pfi_change_group_cookie);
 	EVENTHANDLER_DEREGISTER(group_detach_event, pfi_detach_group_cookie);
 	EVENTHANDLER_DEREGISTER(ifaddr_event, pfi_ifaddr_event_cookie);
 }
 
 struct pfi_kif *
 pfi_kif_find(const char *kif_name)
 {
 	struct pfi_kif_cmp s;
 
 	PF_RULES_ASSERT();
 
 	bzero(&s, sizeof(s));
 	strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name));
 
 	return (RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&s));
 }
 
 struct pfi_kif *
 pfi_kif_attach(struct pfi_kif *kif, const char *kif_name)
 {
 	struct pfi_kif *kif1;
 
 	PF_RULES_WASSERT();
 	KASSERT(kif != NULL, ("%s: null kif", __func__));
 
 	kif1 = pfi_kif_find(kif_name);
 	if (kif1 != NULL) {
 		free(kif, PFI_MTYPE);
 		return (kif1);
 	}
 
 	bzero(kif, sizeof(*kif));
 	strlcpy(kif->pfik_name, kif_name, sizeof(kif->pfik_name));
 	/*
 	 * It seems that the value of time_second is in unintialzied state
 	 * when pf sets interface statistics clear time in boot phase if pf
 	 * was statically linked to kernel. Instead of setting the bogus
 	 * time value have pfi_get_ifaces handle this case. In
 	 * pfi_get_ifaces it uses time_second if it sees the time is 0.
 	 */
 	kif->pfik_tzero = time_second > 1 ? time_second : 0;
 	TAILQ_INIT(&kif->pfik_dynaddrs);
 
 	RB_INSERT(pfi_ifhead, &V_pfi_ifs, kif);
 
 	return (kif);
 }
 
 void
 pfi_kif_ref(struct pfi_kif *kif)
 {
 
 	PF_RULES_WASSERT();
 	kif->pfik_rulerefs++;
 }
 
 void
 pfi_kif_unref(struct pfi_kif *kif)
 {
 
 	PF_RULES_WASSERT();
 	KASSERT(kif->pfik_rulerefs > 0, ("%s: %p has zero refs", __func__, kif));
 
 	kif->pfik_rulerefs--;
 
 	if (kif->pfik_rulerefs > 0)
 		return;
 
 	/* kif referencing an existing ifnet or group should exist. */
 	if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == V_pfi_all)
 		return;
 
 	RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif);
 
 	kif->pfik_flags |= PFI_IFLAG_REFS;
 
 	mtx_lock(&pfi_unlnkdkifs_mtx);
 	LIST_INSERT_HEAD(&V_pfi_unlinked_kifs, kif, pfik_list);
 	mtx_unlock(&pfi_unlnkdkifs_mtx);
 }
 
 void
 pfi_kif_purge(void)
 {
 	struct pfi_kif *kif, *kif1;
 
 	/*
 	 * Do naive mark-and-sweep garbage collecting of old kifs.
 	 * Reference flag is raised by pf_purge_expired_states().
 	 */
 	mtx_lock(&pfi_unlnkdkifs_mtx);
 	LIST_FOREACH_SAFE(kif, &V_pfi_unlinked_kifs, pfik_list, kif1) {
 		if (!(kif->pfik_flags & PFI_IFLAG_REFS)) {
 			LIST_REMOVE(kif, pfik_list);
 			free(kif, PFI_MTYPE);
 		} else
 			kif->pfik_flags &= ~PFI_IFLAG_REFS;
 	}
 	mtx_unlock(&pfi_unlnkdkifs_mtx);
 }
 
 int
 pfi_kif_match(struct pfi_kif *rule_kif, struct pfi_kif *packet_kif)
 {
 	struct ifg_list	*p;
 
 	if (rule_kif == NULL || rule_kif == packet_kif)
 		return (1);
 
-	if (rule_kif->pfik_group != NULL)
-		/* XXXGL: locking? */
+	if (rule_kif->pfik_group != NULL) {
+		IF_ADDR_RLOCK(packet_kif->pfik_ifp);
 		CK_STAILQ_FOREACH(p, &packet_kif->pfik_ifp->if_groups, ifgl_next)
-			if (p->ifgl_group == rule_kif->pfik_group)
+			if (p->ifgl_group == rule_kif->pfik_group) {
+				IF_ADDR_RUNLOCK(packet_kif->pfik_ifp);
 				return (1);
+			}
+		IF_ADDR_RUNLOCK(packet_kif->pfik_ifp);
+	}
 
+
 	return (0);
 }
 
 static void
 pfi_attach_ifnet(struct ifnet *ifp)
 {
 	struct pfi_kif *kif;
 
 	kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
 
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	kif = pfi_kif_attach(kif, ifp->if_xname);
 
 	kif->pfik_ifp = ifp;
 	ifp->if_pf_kif = kif;
 
 	pfi_kif_update(kif);
 	PF_RULES_WUNLOCK();
 }
 
 static void
 pfi_attach_ifgroup(struct ifg_group *ifg)
 {
 	struct pfi_kif *kif;
 
 	kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
 
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	kif = pfi_kif_attach(kif, ifg->ifg_group);
 
 	kif->pfik_group = ifg;
 	ifg->ifg_pf_kif = kif;
 	PF_RULES_WUNLOCK();
 }
 
 int
 pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af)
 {
 	switch (af) {
 #ifdef INET
 	case AF_INET:
 		switch (dyn->pfid_acnt4) {
 		case 0:
 			return (0);
 		case 1:
 			return (PF_MATCHA(0, &dyn->pfid_addr4,
 			    &dyn->pfid_mask4, a, AF_INET));
 		default:
 			return (pfr_match_addr(dyn->pfid_kt, a, AF_INET));
 		}
 		break;
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
 		switch (dyn->pfid_acnt6) {
 		case 0:
 			return (0);
 		case 1:
 			return (PF_MATCHA(0, &dyn->pfid_addr6,
 			    &dyn->pfid_mask6, a, AF_INET6));
 		default:
 			return (pfr_match_addr(dyn->pfid_kt, a, AF_INET6));
 		}
 		break;
 #endif /* INET6 */
 	default:
 		return (0);
 	}
 }
 
 int
 pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 {
 	struct pfi_dynaddr	*dyn;
 	char			 tblname[PF_TABLE_NAME_SIZE];
 	struct pf_ruleset	*ruleset = NULL;
 	struct pfi_kif		*kif;
 	int			 rv = 0;
 
 	PF_RULES_WASSERT();
 	KASSERT(aw->type == PF_ADDR_DYNIFTL, ("%s: type %u",
 	    __func__, aw->type));
 	KASSERT(aw->p.dyn == NULL, ("%s: dyn is %p", __func__, aw->p.dyn));
 
 	if ((dyn = malloc(sizeof(*dyn), PFI_MTYPE, M_NOWAIT | M_ZERO)) == NULL)
 		return (ENOMEM);
 
 	if ((kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT)) == NULL) {
 		free(dyn, PFI_MTYPE);
 		return (ENOMEM);
 	}
 
 	if (!strcmp(aw->v.ifname, "self"))
 		dyn->pfid_kif = pfi_kif_attach(kif, IFG_ALL);
 	else
 		dyn->pfid_kif = pfi_kif_attach(kif, aw->v.ifname);
 	pfi_kif_ref(dyn->pfid_kif);
 
 	dyn->pfid_net = pfi_unmask(&aw->v.a.mask);
 	if (af == AF_INET && dyn->pfid_net == 32)
 		dyn->pfid_net = 128;
 	strlcpy(tblname, aw->v.ifname, sizeof(tblname));
 	if (aw->iflags & PFI_AFLAG_NETWORK)
 		strlcat(tblname, ":network", sizeof(tblname));
 	if (aw->iflags & PFI_AFLAG_BROADCAST)
 		strlcat(tblname, ":broadcast", sizeof(tblname));
 	if (aw->iflags & PFI_AFLAG_PEER)
 		strlcat(tblname, ":peer", sizeof(tblname));
 	if (aw->iflags & PFI_AFLAG_NOALIAS)
 		strlcat(tblname, ":0", sizeof(tblname));
 	if (dyn->pfid_net != 128)
 		snprintf(tblname + strlen(tblname),
 		    sizeof(tblname) - strlen(tblname), "/%d", dyn->pfid_net);
 	if ((ruleset = pf_find_or_create_ruleset(PF_RESERVED_ANCHOR)) == NULL) {
 		rv = ENOMEM;
 		goto _bad;
 	}
 
 	if ((dyn->pfid_kt = pfr_attach_table(ruleset, tblname)) == NULL) {
 		rv = ENOMEM;
 		goto _bad;
 	}
 
 	dyn->pfid_kt->pfrkt_flags |= PFR_TFLAG_ACTIVE;
 	dyn->pfid_iflags = aw->iflags;
 	dyn->pfid_af = af;
 
 	TAILQ_INSERT_TAIL(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry);
 	aw->p.dyn = dyn;
 	pfi_kif_update(dyn->pfid_kif);
 
 	return (0);
 
 _bad:
 	if (dyn->pfid_kt != NULL)
 		pfr_detach_table(dyn->pfid_kt);
 	if (ruleset != NULL)
 		pf_remove_if_empty_ruleset(ruleset);
 	if (dyn->pfid_kif != NULL)
 		pfi_kif_unref(dyn->pfid_kif);
 	free(dyn, PFI_MTYPE);
 
 	return (rv);
 }
 
 static void
 pfi_kif_update(struct pfi_kif *kif)
 {
 	struct ifg_list		*ifgl;
 	struct pfi_dynaddr	*p;
 
 	PF_RULES_WASSERT();
 
 	/* update all dynaddr */
 	TAILQ_FOREACH(p, &kif->pfik_dynaddrs, entry)
 		pfi_dynaddr_update(p);
 
 	/* again for all groups kif is member of */
 	if (kif->pfik_ifp != NULL) {
 		IF_ADDR_RLOCK(kif->pfik_ifp);
 		CK_STAILQ_FOREACH(ifgl, &kif->pfik_ifp->if_groups, ifgl_next)
 			pfi_kif_update((struct pfi_kif *)
 			    ifgl->ifgl_group->ifg_pf_kif);
 		IF_ADDR_RUNLOCK(kif->pfik_ifp);
 	}
 }
 
 static void
 pfi_dynaddr_update(struct pfi_dynaddr *dyn)
 {
 	struct pfi_kif		*kif;
 	struct pfr_ktable	*kt;
 
 	PF_RULES_WASSERT();
 	KASSERT(dyn && dyn->pfid_kif && dyn->pfid_kt,
 	    ("%s: bad argument", __func__));
 
 	kif = dyn->pfid_kif;
 	kt = dyn->pfid_kt;
 
 	if (kt->pfrkt_larg != V_pfi_update) {
 		/* this table needs to be brought up-to-date */
 		pfi_table_update(kt, kif, dyn->pfid_net, dyn->pfid_iflags);
 		kt->pfrkt_larg = V_pfi_update;
 	}
 	pfr_dynaddr_update(kt, dyn);
 }
 
 static void
 pfi_table_update(struct pfr_ktable *kt, struct pfi_kif *kif, int net, int flags)
 {
 	int			 e, size2 = 0;
 	struct ifg_member	*ifgm;
 
 	V_pfi_buffer_cnt = 0;
 
 	if (kif->pfik_ifp != NULL)
 		pfi_instance_add(kif->pfik_ifp, net, flags);
 	else if (kif->pfik_group != NULL) {
 		IFNET_RLOCK_NOSLEEP();
 		CK_STAILQ_FOREACH(ifgm, &kif->pfik_group->ifg_members, ifgm_next)
 			pfi_instance_add(ifgm->ifgm_ifp, net, flags);
 		IFNET_RUNLOCK_NOSLEEP();
 	}
 
 	if ((e = pfr_set_addrs(&kt->pfrkt_t, V_pfi_buffer, V_pfi_buffer_cnt, &size2,
 	    NULL, NULL, NULL, 0, PFR_TFLAG_ALLMASK)))
 		printf("%s: cannot set %d new addresses into table %s: %d\n",
 		    __func__, V_pfi_buffer_cnt, kt->pfrkt_name, e);
 }
 
 static void
 pfi_instance_add(struct ifnet *ifp, int net, int flags)
 {
 	struct ifaddr	*ia;
 	int		 got4 = 0, got6 = 0;
 	int		 net2, af;
 
 	IF_ADDR_RLOCK(ifp);
 	CK_STAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) {
 		if (ia->ifa_addr == NULL)
 			continue;
 		af = ia->ifa_addr->sa_family;
 		if (af != AF_INET && af != AF_INET6)
 			continue;
 		/*
 		 * XXX: For point-to-point interfaces, (ifname:0) and IPv4,
 		 *      jump over addresses without a proper route to work
 		 *      around a problem with ppp not fully removing the
 		 *      address used during IPCP.
 		 */
 		if ((ifp->if_flags & IFF_POINTOPOINT) &&
 		    !(ia->ifa_flags & IFA_ROUTE) &&
 		    (flags & PFI_AFLAG_NOALIAS) && (af == AF_INET))
 			continue;
 		if ((flags & PFI_AFLAG_BROADCAST) && af == AF_INET6)
 			continue;
 		if ((flags & PFI_AFLAG_BROADCAST) &&
 		    !(ifp->if_flags & IFF_BROADCAST))
 			continue;
 		if ((flags & PFI_AFLAG_PEER) &&
 		    !(ifp->if_flags & IFF_POINTOPOINT))
 			continue;
 		if ((flags & PFI_AFLAG_NETWORK) && af == AF_INET6 &&
 		    IN6_IS_ADDR_LINKLOCAL(
 		    &((struct sockaddr_in6 *)ia->ifa_addr)->sin6_addr))
 			continue;
 		if (flags & PFI_AFLAG_NOALIAS) {
 			if (af == AF_INET && got4)
 				continue;
 			if (af == AF_INET6 && got6)
 				continue;
 		}
 		if (af == AF_INET)
 			got4 = 1;
 		else if (af == AF_INET6)
 			got6 = 1;
 		net2 = net;
 		if (net2 == 128 && (flags & PFI_AFLAG_NETWORK)) {
 			if (af == AF_INET)
 				net2 = pfi_unmask(&((struct sockaddr_in *)
 				    ia->ifa_netmask)->sin_addr);
 			else if (af == AF_INET6)
 				net2 = pfi_unmask(&((struct sockaddr_in6 *)
 				    ia->ifa_netmask)->sin6_addr);
 		}
 		if (af == AF_INET && net2 > 32)
 			net2 = 32;
 		if (flags & PFI_AFLAG_BROADCAST)
 			pfi_address_add(ia->ifa_broadaddr, af, net2);
 		else if (flags & PFI_AFLAG_PEER)
 			pfi_address_add(ia->ifa_dstaddr, af, net2);
 		else
 			pfi_address_add(ia->ifa_addr, af, net2);
 	}
 	IF_ADDR_RUNLOCK(ifp);
 }
 
 static void
 pfi_address_add(struct sockaddr *sa, int af, int net)
 {
 	struct pfr_addr	*p;
 	int		 i;
 
 	if (V_pfi_buffer_cnt >= V_pfi_buffer_max) {
 		int		 new_max = V_pfi_buffer_max * 2;
 
 		if (new_max > PFI_BUFFER_MAX) {
 			printf("%s: address buffer full (%d/%d)\n", __func__,
 			    V_pfi_buffer_cnt, PFI_BUFFER_MAX);
 			return;
 		}
 		p = malloc(new_max * sizeof(*V_pfi_buffer), PFI_MTYPE,
 		    M_NOWAIT);
 		if (p == NULL) {
 			printf("%s: no memory to grow buffer (%d/%d)\n",
 			    __func__, V_pfi_buffer_cnt, PFI_BUFFER_MAX);
 			return;
 		}
 		memcpy(p, V_pfi_buffer, V_pfi_buffer_max * sizeof(*V_pfi_buffer));
 		/* no need to zero buffer */
 		free(V_pfi_buffer, PFI_MTYPE);
 		V_pfi_buffer = p;
 		V_pfi_buffer_max = new_max;
 	}
 	if (af == AF_INET && net > 32)
 		net = 128;
 	p = V_pfi_buffer + V_pfi_buffer_cnt++;
 	bzero(p, sizeof(*p));
 	p->pfra_af = af;
 	p->pfra_net = net;
 	if (af == AF_INET)
 		p->pfra_ip4addr = ((struct sockaddr_in *)sa)->sin_addr;
 	else if (af == AF_INET6) {
 		p->pfra_ip6addr = ((struct sockaddr_in6 *)sa)->sin6_addr;
 		if (IN6_IS_SCOPE_EMBED(&p->pfra_ip6addr))
 			p->pfra_ip6addr.s6_addr16[1] = 0;
 	}
 	/* mask network address bits */
 	if (net < 128)
 		((caddr_t)p)[p->pfra_net/8] &= ~(0xFF >> (p->pfra_net%8));
 	for (i = (p->pfra_net+7)/8; i < sizeof(p->pfra_u); i++)
 		((caddr_t)p)[i] = 0;
 }
 
 void
 pfi_dynaddr_remove(struct pfi_dynaddr *dyn)
 {
 
 	KASSERT(dyn->pfid_kif != NULL, ("%s: null pfid_kif", __func__));
 	KASSERT(dyn->pfid_kt != NULL, ("%s: null pfid_kt", __func__));
 
 	TAILQ_REMOVE(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry);
 	pfi_kif_unref(dyn->pfid_kif);
 	pfr_detach_table(dyn->pfid_kt);
 	free(dyn, PFI_MTYPE);
 }
 
 void
 pfi_dynaddr_copyout(struct pf_addr_wrap *aw)
 {
 
 	KASSERT(aw->type == PF_ADDR_DYNIFTL,
 	    ("%s: type %u", __func__, aw->type));
 
 	if (aw->p.dyn == NULL || aw->p.dyn->pfid_kif == NULL)
 		return;
 	aw->p.dyncnt = aw->p.dyn->pfid_acnt4 + aw->p.dyn->pfid_acnt6;
 }
 
 static int
 pfi_if_compare(struct pfi_kif *p, struct pfi_kif *q)
 {
 	return (strncmp(p->pfik_name, q->pfik_name, IFNAMSIZ));
 }
 
 void
 pfi_update_status(const char *name, struct pf_status *pfs)
 {
 	struct pfi_kif		*p;
 	struct pfi_kif_cmp	 key;
 	struct ifg_member	 p_member, *ifgm;
 	CK_STAILQ_HEAD(, ifg_member) ifg_members;
 	int			 i, j, k;
 
 	strlcpy(key.pfik_name, name, sizeof(key.pfik_name));
 	p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&key);
 	if (p == NULL)
 		return;
 
 	if (p->pfik_group != NULL) {
 		bcopy(&p->pfik_group->ifg_members, &ifg_members,
 		    sizeof(ifg_members));
 	} else {
 		/* build a temporary list for p only */
 		bzero(&p_member, sizeof(p_member));
 		p_member.ifgm_ifp = p->pfik_ifp;
 		CK_STAILQ_INIT(&ifg_members);
 		CK_STAILQ_INSERT_TAIL(&ifg_members, &p_member, ifgm_next);
 	}
 	if (pfs) {
 		bzero(pfs->pcounters, sizeof(pfs->pcounters));
 		bzero(pfs->bcounters, sizeof(pfs->bcounters));
 	}
 	CK_STAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) {
 		if (ifgm->ifgm_ifp == NULL || ifgm->ifgm_ifp->if_pf_kif == NULL)
 			continue;
 		p = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif;
 
 		/* just clear statistics */
 		if (pfs == NULL) {
 			bzero(p->pfik_packets, sizeof(p->pfik_packets));
 			bzero(p->pfik_bytes, sizeof(p->pfik_bytes));
 			p->pfik_tzero = time_second;
 			continue;
 		}
 		for (i = 0; i < 2; i++)
 			for (j = 0; j < 2; j++)
 				for (k = 0; k < 2; k++) {
 					pfs->pcounters[i][j][k] +=
 						p->pfik_packets[i][j][k];
 					pfs->bcounters[i][j] +=
 						p->pfik_bytes[i][j][k];
 				}
 	}
 }
 
 void
 pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size)
 {
 	struct pfi_kif	*p, *nextp;
 	int		 n = 0;
 
 	for (p = RB_MIN(pfi_ifhead, &V_pfi_ifs); p; p = nextp) {
 		nextp = RB_NEXT(pfi_ifhead, &V_pfi_ifs, p);
 		if (pfi_skip_if(name, p))
 			continue;
 		if (*size <= n++)
 			break;
 		if (!p->pfik_tzero)
 			p->pfik_tzero = time_second;
 		bcopy(p, buf++, sizeof(*buf));
 		nextp = RB_NEXT(pfi_ifhead, &V_pfi_ifs, p);
 	}
 	*size = n;
 }
 
 static int
 pfi_skip_if(const char *filter, struct pfi_kif *p)
 {
+	struct ifg_list *i;
 	int	n;
 
 	if (filter == NULL || !*filter)
 		return (0);
 	if (!strcmp(p->pfik_name, filter))
 		return (0);	/* exact match */
 	n = strlen(filter);
 	if (n < 1 || n >= IFNAMSIZ)
 		return (1);	/* sanity check */
 	if (filter[n-1] >= '0' && filter[n-1] <= '9')
-		return (1);	/* only do exact match in that case */
-	if (strncmp(p->pfik_name, filter, n))
-		return (1);	/* prefix doesn't match */
-	return (p->pfik_name[n] < '0' || p->pfik_name[n] > '9');
+		return (1);	/* group names may not end in a digit */
+	if (p->pfik_ifp != NULL) {
+		IF_ADDR_RLOCK(p->pfik_ifp);
+		CK_STAILQ_FOREACH(i, &p->pfik_ifp->if_groups, ifgl_next) {
+			if (!strncmp(i->ifgl_group->ifg_group, filter,
+			      IFNAMSIZ)) {
+				IF_ADDR_RUNLOCK(p->pfik_ifp);
+				return (0); /* iface is in group "filter" */
+			}
+		}
+		IF_ADDR_RUNLOCK(p->pfik_ifp);
+	}
+	return (1);
 }
 
 int
 pfi_set_flags(const char *name, int flags)
 {
 	struct pfi_kif	*p;
 
 	RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
 		if (pfi_skip_if(name, p))
 			continue;
 		p->pfik_flags |= flags;
 	}
 	return (0);
 }
 
 int
 pfi_clear_flags(const char *name, int flags)
 {
 	struct pfi_kif	*p;
 
 	RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
 		if (pfi_skip_if(name, p))
 			continue;
 		p->pfik_flags &= ~flags;
 	}
 	return (0);
 }
 
 /* from pf_print_state.c */
 static int
 pfi_unmask(void *addr)
 {
 	struct pf_addr *m = addr;
 	int i = 31, j = 0, b = 0;
 	u_int32_t tmp;
 
 	while (j < 4 && m->addr32[j] == 0xffffffff) {
 		b += 32;
 		j++;
 	}
 	if (j < 4) {
 		tmp = ntohl(m->addr32[j]);
 		for (i = 31; tmp & (1 << i); --i)
 			b++;
 	}
 	return (b);
 }
 
 static void
 pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp)
 {
 
 	if (V_pf_vnet_active == 0) {
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
 	pfi_attach_ifnet(ifp);
 #ifdef ALTQ
 	PF_RULES_WLOCK();
 	pf_altq_ifnet_event(ifp, 0);
 	PF_RULES_WUNLOCK();
 #endif
 }
 
 static void
 pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp)
 {
 	struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif;
 
 	if (kif == NULL)
 		return;
 
 	if (V_pf_vnet_active == 0) {
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	pfi_kif_update(kif);
 
 	kif->pfik_ifp = NULL;
 	ifp->if_pf_kif = NULL;
 #ifdef ALTQ
 	pf_altq_ifnet_event(ifp, 1);
 #endif
 	PF_RULES_WUNLOCK();
 }
 
 static void
 pfi_attach_group_event(void *arg __unused, struct ifg_group *ifg)
 {
 
 	if (V_pf_vnet_active == 0) {
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
 	pfi_attach_ifgroup(ifg);
 }
 
 static void
 pfi_change_group_event(void *arg __unused, char *gname)
 {
 	struct pfi_kif *kif;
 
 	if (V_pf_vnet_active == 0) {
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
 
 	kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	kif = pfi_kif_attach(kif, gname);
 	pfi_kif_update(kif);
 	PF_RULES_WUNLOCK();
 }
 
 static void
 pfi_detach_group_event(void *arg __unused, struct ifg_group *ifg)
 {
 	struct pfi_kif *kif = (struct pfi_kif *)ifg->ifg_pf_kif;
 
 	if (kif == NULL)
 		return;
 
 	if (V_pf_vnet_active == 0) {
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 
 	kif->pfik_group = NULL;
 	ifg->ifg_pf_kif = NULL;
 	PF_RULES_WUNLOCK();
 }
 
 static void
 pfi_ifaddr_event(void *arg __unused, struct ifnet *ifp)
 {
 	if (ifp->if_pf_kif == NULL)
 		return;
 
 	if (V_pf_vnet_active == 0) {
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
 	PF_RULES_WLOCK();
 	if (ifp && ifp->if_pf_kif) {
 		V_pfi_update++;
 		pfi_kif_update(ifp->if_pf_kif);
 	}
 	PF_RULES_WUNLOCK();
 }
Index: projects/clang700-import/usr.bin/at/Makefile
===================================================================
--- projects/clang700-import/usr.bin/at/Makefile	(revision 337646)
+++ projects/clang700-import/usr.bin/at/Makefile	(revision 337647)
@@ -1,32 +1,35 @@
 # $FreeBSD$
 
 .include "${.CURDIR}/Makefile.inc"
 
+CONFS=	atrun
+CONFSDIR=	/etc/cron.d
+CONFSNAME=	at
 PROG=	at
 SRCS=	at.c panic.c parsetime.c perm.c
 LINKS=	${BINDIR}/at ${BINDIR}/atq \
 	${BINDIR}/at ${BINDIR}/atrm \
 	${BINDIR}/at ${BINDIR}/batch
 MLINKS=	at.1 batch.1 \
 	at.1 atq.1 \
 	at.1 atrm.1
 
 NO_WFORMAT=
 
 BINOWN=	root
 BINMODE= 4555
 CLEANFILES+= at.1
 
 at.1: at.man
 	@${ECHO} Making ${.TARGET:T} from ${.ALLSRC:T}; \
 	sed -e \
 		"s@_ATSPOOL_DIR@$(ATSPOOL_DIR)@g; \
 		s@_ATJOB_DIR@$(ATJOB_DIR)@g; \
 		s@_DEFAULT_BATCH_QUEUE@$(DEFAULT_BATCH_QUEUE)@g; \
 		s@_DEFAULT_AT_QUEUE@$(DEFAULT_AT_QUEUE)@g; \
 		s@_LOADAVG_MX@$(LOADAVG_MX)@g; \
 		s@_PERM_PATH@$(PERM_PATH)@g; \
 		s@_LOCKFILE@$(LOCKFILE)@g" \
 		< ${.ALLSRC} > ${.TARGET}
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/usr.bin/at/at.man
===================================================================
--- projects/clang700-import/usr.bin/at/at.man	(revision 337646)
+++ projects/clang700-import/usr.bin/at/at.man	(revision 337647)
@@ -1,362 +1,363 @@
 .\" $FreeBSD$
-.Dd June 1, 2018
+.Dd August 11, 2018
 .Dt "AT" 1
 .Os
 .Sh NAME
 .Nm at ,
 .Nm batch ,
 .Nm atq ,
 .Nm atrm
 .Nd queue, examine or delete jobs for later execution
 .Sh SYNOPSIS
 .Nm at
 .Op Fl q Ar queue
 .Op Fl f Ar file
 .Op Fl mldbv
 .Ar time
 .Nm at
 .Op Fl q Ar queue
 .Op Fl f Ar file
 .Op Fl mldbv
 .Fl t
 .Sm off
 .Op Oo Ar CC Oc Ar YY
 .Ar MM DD hh mm Op . Ar SS
 .Sm on
 .Nm at
 .Fl c Ar job Op Ar job ...
 .Nm at
 .Fl l Op Ar job ...
 .Nm at
 .Fl l
 .Fl q Ar queue
 .Nm at
 .Fl r Ar job Op Ar job ...
 .Pp
 .Nm atq
 .Op Fl q Ar queue
 .Op Fl v
 .Pp
 .Nm atrm
 .Ar job
 .Op Ar job ...
 .Pp
 .Nm batch
 .Op Fl q Ar queue
 .Op Fl f Ar file
 .Op Fl mv
 .Op Ar time
 .Sh DESCRIPTION
 The
 .Nm at
 and
 .Nm batch
 utilities
 read commands from standard input or a specified file which are to
 be executed at a later time, using
 .Xr sh 1 .
 .Bl -tag -width indent
 .It Nm at
 executes commands at a specified time;
 .It Nm atq
 lists the user's pending jobs, unless the user is the superuser; in that
 case, everybody's jobs are listed;
 .It Nm atrm
 deletes jobs;
 .It Nm batch
-executes commands when system load levels permit; in other words, when the load average
-drops below _LOADAVG_MX, or the value specified in the invocation of
+executes commands when system load levels permit; in other words, when
+the load average drops below _LOADAVG_MX times number of active CPUs,
+or the value specified in the invocation of
 .Nm atrun .
 .El
 .Pp
 The
 .Nm at
 utility allows some moderately complex
 .Ar time
 specifications.
 It accepts times of the form
 .Ar HHMM
 or
 .Ar HH:MM
 to run a job at a specific time of day.
 (If that time is already past, the next day is assumed.)
 As an alternative, the following keywords may be specified:
 .Em midnight ,
 .Em noon ,
 or
 .Em teatime
 (4pm)
 and time-of-day may be suffixed with
 .Em AM
 or
 .Em PM
 for running in the morning or the evening.
 The day on which the job is to be run may also be specified
 by giving a date in the form
 .Ar \%month-name day
 with an optional
 .Ar year ,
 or giving a date of the forms
 .Ar DD.MM.YYYY ,
 .Ar DD.MM.YY ,
 .Ar MM/DD/YYYY ,
 .Ar MM/DD/YY ,
 .Ar MMDDYYYY , or
 .Ar MMDDYY .
 The specification of a date must follow the specification of
 the time of day.
 Time can also be specified as:
 .Op Em now
 .Em + Ar count \%time-units ,
 where the time-units can be
 .Em minutes ,
 .Em hours ,
 .Em days ,
 .Em weeks ,
 .Em months
 or
 .Em years
 and
 .Nm
 may be told to run the job today by suffixing the time with
 .Em today
 and to run the job tomorrow by suffixing the time with
 .Em tomorrow .
 .Pp
 For example, to run a job at 4pm three days from now, use
 .Nm at Ar 4pm + 3 days ,
 to run a job at 10:00am on July 31, use
 .Nm at Ar 10am Jul 31
 and to run a job at 1am tomorrow, use
 .Nm at Ar 1am tomorrow .
 .Pp
 The
 .Nm at
 utility also supports the
 .Tn POSIX
 time format (see
 .Fl t
 option).
 .Pp
 For both
 .Nm
 and
 .Nm batch ,
 commands are read from standard input or the file specified
 with the
 .Fl f
 option and executed.
 The working directory, the environment (except for the variables
 .Ev TERM ,
 .Ev TERMCAP ,
 .Ev DISPLAY
 and
 .Em _ )
 and the
 .Ar umask
 are retained from the time of invocation.
 An
 .Nm
 or
 .Nm batch
 command invoked from a
 .Xr su 1
 shell will retain the current userid.
 The user will be mailed standard error and standard output from his
 commands, if any.
 Mail will be sent using the command
 .Xr sendmail 8 .
 If
 .Nm
 is executed from a
 .Xr su 1
 shell, the owner of the login shell will receive the mail.
 .Pp
 The superuser may use these commands in any case.
 For other users, permission to use
 .Nm
 is determined by the files
 .Pa _PERM_PATH/at.allow
 and
 .Pa _PERM_PATH/at.deny .
 .Pp
 If the file
 .Pa _PERM_PATH/at.allow
 exists, only usernames mentioned in it are allowed to use
 .Nm .
 In these two files, a user is considered to be listed only if the user
 name has no blank or other characters before it on its line and a
 newline character immediately after the name, even at the end of
 the file.
 Other lines are ignored and may be used for comments.
 .Pp
 If
 .Pa _PERM_PATH/at.allow
 does not exist,
 .Pa _PERM_PATH/at.deny
 is checked, every username not mentioned in it is then allowed
 to use
 .Nm .
 .Pp
 If neither exists, only the superuser is allowed use of
 .Nm .
 This is the default configuration.
 .Sh IMPLEMENTATION NOTES
 Note that
 .Nm
 is implemented through the
 .Xr cron 8
 daemon by calling
 .Xr atrun 8
 every five minutes.
 This implies that the granularity of
 .Nm
 might not be optimal for every deployment.
 If a finer granularity is needed, the system crontab at
 .Pa /etc/crontab
 needs to be changed.
 .Sh OPTIONS
 .Bl -tag -width indent
 .It Fl q Ar queue
 Use the specified queue.
 A queue designation consists of a single letter; valid queue designations
 range from
 .Ar a
 to
 .Ar z
 and
 .Ar A
 to
 .Ar Z .
 The
 .Ar _DEFAULT_AT_QUEUE
 queue is the default for
 .Nm
 and the
 .Ar _DEFAULT_BATCH_QUEUE
 queue for
 .Nm batch .
 Queues with higher letters run with increased niceness.
 If a job is submitted to a queue designated with an uppercase letter, it
 is treated as if it had been submitted to batch at that time.
 If
 .Nm atq
 is given a specific queue, it will only show jobs pending in that queue.
 .It Fl m
 Send mail to the user when the job has completed even if there was no
 output.
 .It Fl f Ar file
 Read the job from
 .Ar file
 rather than standard input.
 .It Fl l
 With no arguments, list all jobs for the invoking user.
 If one or more
 job numbers are given, list only those jobs.
 .It Fl d
 Is an alias for
 .Nm atrm
 (this option is deprecated; use
 .Fl r
 instead).
 .It Fl b
 Is an alias for
 .Nm batch .
 .It Fl v
 For
 .Nm atq ,
 shows completed but not yet deleted jobs in the queue; otherwise
 shows the time the job will be executed.
 .It Fl c
 Cat the jobs listed on the command line to standard output.
 .It Fl r
 Remove the specified jobs.
 .It Fl t
 Specify the job time using the \*[Px] time format.
 The argument should be in the form
 .Sm off
 .Op Oo Ar CC Oc Ar YY
 .Ar MM DD hh mm Op . Ar SS
 .Sm on
 where each pair of letters represents the following:
 .Pp
 .Bl -tag -width indent -compact -offset indent
 .It Ar CC
 The first two digits of the year (the century).
 .It Ar YY
 The second two digits of the year.
 .It Ar MM
 The month of the year, from 1 to 12.
 .It Ar DD
 the day of the month, from 1 to 31.
 .It Ar hh
 The hour of the day, from 0 to 23.
 .It Ar mm
 The minute of the hour, from 0 to 59.
 .It Ar SS
 The second of the minute, from 0 to 60.
 .El
 .Pp
 If the
 .Ar CC
 and
 .Ar YY
 letter pairs are not specified, the values default to the current
 year.
 If the
 .Ar SS
 letter pair is not specified, the value defaults to 0.
 .El
 .Sh FILES
 .Bl -tag -width _ATJOB_DIR/_LOCKFILE -compact
 .It Pa _ATJOB_DIR
 directory containing job files
 .It Pa _ATSPOOL_DIR
 directory containing output spool files
 .It Pa /var/run/utx.active
 login records
 .It Pa _PERM_PATH/at.allow
 allow permission control
 .It Pa _PERM_PATH/at.deny
 deny permission control
 .It Pa _ATJOB_DIR/_LOCKFILE
 job-creation lock file
 .El
 .Sh SEE ALSO
 .Xr nice 1 ,
 .Xr sh 1 ,
 .Xr umask 2 ,
 .Xr atrun 8 ,
 .Xr cron 8 ,
 .Xr sendmail 8
 .Sh AUTHORS
 .An -nosplit
 At was mostly written by
 .An Thomas Koenig Aq Mt ig25@rz.uni-karlsruhe.de .
 The time parsing routines are by
 .An David Parsons Aq Mt orc@pell.chi.il.us ,
 with minor enhancements by
 .An Joe Halpin Aq Mt joe.halpin@attbi.com .
 .Sh BUGS
 If the file
 .Pa /var/run/utx.active
 is not available or corrupted, or if the user is not logged on at the
 time
 .Nm
 is invoked, the mail is sent to the userid found
 in the environment variable
 .Ev LOGNAME .
 If that is undefined or empty, the current userid is assumed.
 .Pp
 The
 .Nm at
 and
 .Nm batch
 utilities
 as presently implemented are not suitable when users are competing for
 resources.
 If this is the case, another batch system such as
 .Em nqs
 may be more suitable.
 .Pp
 Specifying a date past 2038 may not work on some systems.
Index: projects/clang700-import/usr.bin/at/atrun
===================================================================
--- projects/clang700-import/usr.bin/at/atrun	(nonexistent)
+++ projects/clang700-import/usr.bin/at/atrun	(revision 337647)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+#
+SHELL=/bin/sh
+PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
+
+# See crontab(5) for field format.
+*/5	*	*	*	*	root	/usr/libexec/atrun

Property changes on: projects/clang700-import/usr.bin/at/atrun
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: projects/clang700-import/usr.sbin/auditd/Makefile
===================================================================
--- projects/clang700-import/usr.sbin/auditd/Makefile	(revision 337646)
+++ projects/clang700-import/usr.sbin/auditd/Makefile	(revision 337647)
@@ -1,18 +1,30 @@
 #
 # $FreeBSD$
 #
 
 OPENBSMDIR=${SRCTOP}/contrib/openbsm
 .PATH: ${OPENBSMDIR}/bin/auditd
 
 CFLAGS+=	-I${OPENBSMDIR}
 
+OPENBSMETCDIR=  ${OPENBSMDIR}/etc
+CONFS=  ${OPENBSMETCDIR}/audit_class
+CONFSMODE_${OPENBSMETCDIR}/audit_class= 444
+CONFS+= ${OPENBSMETCDIR}/audit_control
+CONFSMODE_${OPENBSMETCDIR}/audit_control=       600
+CONFS+= ${OPENBSMETCDIR}/audit_event
+CONFSMODE_${OPENBSMETCDIR}/audit_event= 444
+CONFS+= ${OPENBSMETCDIR}/audit_user
+CONFSMODE_${OPENBSMETCDIR}/audit_user=  600
+CONFS+= ${OPENBSMETCDIR}/audit_warn
+CONFSMODE_${OPENBSMETCDIR}/audit_warn=  500
+CONFSDIR=       /etc/security
 PROG=	auditd
 SRCS=	auditd.c audit_warn.c auditd_fbsd.c
 MAN=	auditd.8
 
 LIBADD=	auditd bsm
 
 WARNS?=	3
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/usr.sbin/bsdinstall/scripts/keymap
===================================================================
--- projects/clang700-import/usr.sbin/bsdinstall/scripts/keymap	(revision 337646)
+++ projects/clang700-import/usr.sbin/bsdinstall/scripts/keymap	(revision 337647)
@@ -1,238 +1,233 @@
 #!/bin/sh
 #-
 # Copyright (c) 2011 Nathan Whitehorn
 # Copyright (c) 2013-2015 Devin Teske
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 #
 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
 # $FreeBSD$
 #
 ############################################################ INCLUDES
 
 BSDCFG_SHARE="/usr/share/bsdconfig"
 . $BSDCFG_SHARE/common.subr || exit 1
 f_dprintf "%s: loading includes..." "$0"
 f_include $BSDCFG_SHARE/dialog.subr
 f_include $BSDCFG_SHARE/keymap.subr
 f_include $BSDCFG_SHARE/sysrc.subr
 
 ############################################################ CONFIGURATION
 
 #
 # Default file to store keymap selection in
 #
 : ${KEYMAPFILE:=$BSDINSTALL_TMPETC/rc.conf.keymap}
 
-#
-# Default path to keymap INDEX containing descriptions
-#
-: ${MAPDESCFILE:=/usr/share/syscons/keymaps/INDEX.keymaps}
-
 ############################################################ GLOBALS
 
 #
 # Strings that should be moved to an i18n file and loaded with f_include_lang()
 #
 hline_arrows_tab_enter="Press arrows, TAB or ENTER"
 msg_continue_with_keymap="Continue with %s keymap"
 msg_default="default"
 msg_error="Error"
 msg_freebsd_installer="FreeBSD Installer"
 msg_keymap_menu_text="The system console driver for FreeBSD defaults to standard \"US\"\nkeyboard map. Other keymaps can be chosen below."
 msg_keymap_selection="Keymap Selection"
 msg_ok="OK"
 msg_select="Select"
 msg_test_keymap="Test %s keymap"
 msg_test_the_currently_selected_keymap="Test the currently selected keymap"
 msg_test_the_keymap_by_typing="Test the keymap by typing letters, numbers, and symbols. Characters\nshould match labels on the keyboard keys. Press Enter to stop testing."
 
 ############################################################ FUNCTIONS
 
 # dialog_keymap_test $keymap
 #
 # Activate $keymap and display an input box (without cancel button) for the
 # user to test keyboard input and return. Always returns success.
 #
 dialog_keymap_test()
 {
 	local keym="$1"
 	local title= # Calculated below
 	local btitle= # Calculated below
 	local prompt="$msg_test_the_keymap_by_typing"
 	local hline=
 
 	# Attempt to activate the keymap
 	if [ "$keym" ]; then
 		local err
 		err=$( f_keymap_kbdcontrol "$keym" 2>&1 > /dev/null )
 		if [ "$err" ]; then
 			f_dialog_title "$msg_error"
 			f_dialog_msgbox "$err"
 			f_dialog_title_restore
 			return $FAILURE
 		fi
 	fi
 
 	f_dialog_title "$( printf "$msg_test_keymap" "${keym:-$msg_default}" )"
 	title="$DIALOG_TITLE"
 	btitle="$DIALOG_BACKTITLE"
 	f_dialog_title_restore
 
 	local height width
 	f_dialog_inputbox_size height width \
 		"$title" "$btitle" "$prompt" "" "$hline"
 
 	$DIALOG \
 		--title "$title"      \
 		--backtitle "$btitle" \
 		--hline "$hline"      \
 		--ok-label "$msg_ok"  \
 		--no-cancel           \
 		--inputbox "$prompt"  \
 		$height $width        \
 		2>/dev/null >&$DIALOG_TERMINAL_PASSTHRU_FD
 
 	return $DIALOG_OK
 }
 
 ############################################################ MAIN
 
 #
 # Initialize
 #
 f_dialog_title "$msg_keymap_selection"
 f_dialog_backtitle "$msg_freebsd_installer"
 
 #
 # Die immediately if we can't dump the current keyboard map
 #
 #error=$( kbdcontrol -d 2>&1 > /dev/null ) || f_die $FAILURE "%s" "$error"
 
 # Capture Ctrl-C for clean-up
 trap 'rm -f $KEYMAPFILE; exit $FAILURE' SIGINT
 
 # Get a value from rc.conf(5) as initial value (if not being scripted)
 f_getvar $VAR_KEYMAP keymap
 if [ ! "$keymap" ]; then
 	keymap=$( f_sysrc_get keymap )
 	case "$keymap" in [Nn][Oo]) keymap="";; esac
 fi
 
 #
 # Loop until the user has finalized their selection (by clicking the
 # [relabeled] Cancel button).
 #
 width=67 first_pass=1 back_from_testing=
 [ "$USE_XDIALOG" ] && width=70
 prompt="$msg_keymap_menu_text"
 hline="$hline_arrows_tab_enter"
 while :; do
 	#
 	# Re/Build list of keymaps
 	#
 	cont_msg=$( printf "$msg_continue_with_keymap" \
 	                   "${keymap:-$msg_default}" )
 	test_msg=$( printf "$msg_test_keymap" "${keymap:-$msg_default}" )
 	menu_list="
 		'>>> $cont_msg' '' '$msg_continue_with_current_keymap'
 		'->- $test_msg' '' '$msg_test_the_currently_selected_keymap'
 	" # END-QUOTE
 	if [ "$first_pass" ]; then
 		defaultitem=
 		first_pass=
 	else
 		defaultitem="->- $test_msg"
 	fi
 	for k in $KEYMAPS; do
 		keymap_$k get keym keym
 		keymap_$k get desc desc
 		radio=" "
 		if [ "$keym" = "$keymap" ]; then
 			radio="*"
 			if [ "$back_from_testing" ]; then
 				defaultitem="(*) $desc"
 				back_from_testing=
 			fi
 		fi
 		f_shell_escape "$desc" desc
 		menu_list="$menu_list
 			'($radio) $desc' '' '$keym: $desc'
 		" # END-QUOTE
 	done
 	back_from_testing=
 
 	#
 	# Display keymap configuration menu
 	#
 	eval f_dialog_menu_with_help_size height \"\" rows \
 		\"\$DIALOG_TITLE\"     \
 		\"\$DIALOG_BACKTITLE\" \
 		\"\$prompt\"           \
 		\"\$hline\"            \
 		$menu_list
 	menu_choice=$( eval $DIALOG \
 		--title \"\$DIALOG_TITLE\"         \
 		--backtitle \"\$DIALOG_BACKTITLE\" \
 		--hline \"\$hline\"                \
 		--keep-tite                        \
 		--item-help                        \
 		--ok-label \"\$msg_select\"        \
 		--cancel-label \"\$msg_cancel\"    \
 		--default-item \"\$defaultitem\"   \
 		--menu \"\$prompt\"                \
 		$height $width $rows               \
 		$menu_list                         \
 		2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
 	) || {
 		f_quietly rm -f "$KEYMAPFILE"
 		exit $FAILURE # Exit with an error so bsdinstall restarts
 	}
 	f_dialog_data_sanitize menu_choice
 
 	case "$menu_choice" in
 	">>> "*) # Continue with keymap
 		break ;;
 	"->-"*) # Test keymap
 		dialog_keymap_test "$keymap"
 		back_from_testing=1
 		continue ;;
 	esac
 
 	# Turn the user's choice into a number
 	n=$( eval f_dialog_menutag2index_with_help \
 		\"\$menu_choice\" $menu_list )
 
 	# Turn that number ithe name of the keymap struct
 	k=$( set -- $KEYMAPS; eval echo \"\${$(( $n - 2))}\" )
 
 	# Get actual keymap setting while we update $keymap and $KEYMAPFILE
 	keymap_$k get keym keymap
 	echo "keymap=\"$keymap\"" > "$KEYMAPFILE"
 done
 
 f_quietly f_keymap_kbdcontrol "$keymap"
 exit $SUCCESS
 
 ################################################################################
 # END
 ################################################################################
Index: projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/Makefile
===================================================================
--- projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/Makefile	(revision 337646)
+++ projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/Makefile	(revision 337647)
@@ -1,153 +1,155 @@
 # $FreeBSD$
 #
 # Author: Harti Brandt <harti@freebsd.org>
 
 .include <src.opts.mk>
 
 CONTRIB=${SRCTOP}/contrib/bsnmp
 .PATH: ${CONTRIB}/snmpd
 
+CONFS=	snmpd.config
+CONFSMODE=	600
 PROG=	bsnmpd
 SRCS=	main.c action.c config.c export.c trap.c trans_udp.c trans_lsock.c
 SRCS+=	oid.h tree.c tree.h
 XSYM=	snmpMIB begemotSnmpdModuleTable begemotSnmpd begemotTrapSinkTable \
 	sysUpTime snmpTrapOID coldStart authenticationFailure \
 	begemotSnmpdTransUdp begemotSnmpdTransLsock begemotSnmpdLocalPortTable \
 	freeBSD freeBSDVersion
 CLEANFILES= oid.h tree.c tree.h
 
 MAN=	bsnmpd.1 snmpmod.3
 
 MLINKS+=	snmpmod.3 FIND_OBJECT_INT.3
 MLINKS+=	snmpmod.3 FIND_OBJECT_INT_LINK.3
 MLINKS+=	snmpmod.3 FIND_OBJECT_INT_LINK_INDEX.3
 MLINKS+=	snmpmod.3 FIND_OBJECT_OID.3
 MLINKS+=	snmpmod.3 FIND_OBJECT_OID_LINK.3
 MLINKS+=	snmpmod.3 FIND_OBJECT_OID_LINK_INDEX.3
 MLINKS+=	snmpmod.3 INSERT_OBJECT_INT.3
 MLINKS+=	snmpmod.3 INSERT_OBJECT_INT_LINK.3
 MLINKS+=	snmpmod.3 INSERT_OBJECT_INT_LINK_INDEX.3
 MLINKS+=	snmpmod.3 INSERT_OBJECT_OID.3
 MLINKS+=	snmpmod.3 INSERT_OBJECT_OID_LINK.3
 MLINKS+=	snmpmod.3 INSERT_OBJECT_OID_LINK_INDEX.3
 MLINKS+=	snmpmod.3 NEXT_OBJECT_INT.3
 MLINKS+=	snmpmod.3 NEXT_OBJECT_INT_LINK.3
 MLINKS+=	snmpmod.3 NEXT_OBJECT_INT_LINK_INDEX.3
 MLINKS+=	snmpmod.3 NEXT_OBJECT_OID.3
 MLINKS+=	snmpmod.3 NEXT_OBJECT_OID_LINK.3
 MLINKS+=	snmpmod.3 NEXT_OBJECT_OID_LINK_INDEX.3
 MLINKS+=	snmpmod.3 bsnmpd_get_target_stats.3
 MLINKS+=	snmpmod.3 bsnmpd_get_usm_stats.3
 MLINKS+=	snmpmod.3 bsnmpd_reset_usm_stats.3
 MLINKS+=	snmpmod.3 buf_alloc.3
 MLINKS+=	snmpmod.3 buf_size.3
 MLINKS+=	snmpmod.3 comm_define.3
 MLINKS+=	snmpmod.3 community.3
 MLINKS+=	snmpmod.3 fd_deselect.3
 MLINKS+=	snmpmod.3 fd_resume.3
 MLINKS+=	snmpmod.3 fd_select.3
 MLINKS+=	snmpmod.3 fd_suspend.3
 MLINKS+=	snmpmod.3 get_ticks.3
 MLINKS+=	snmpmod.3 index_append.3
 MLINKS+=	snmpmod.3 index_append_off.3
 MLINKS+=	snmpmod.3 index_compare.3
 MLINKS+=	snmpmod.3 index_compare_off.3
 MLINKS+=	snmpmod.3 index_decode.3
 MLINKS+=	snmpmod.3 ip_commit.3
 MLINKS+=	snmpmod.3 ip_get.3
 MLINKS+=	snmpmod.3 ip_rollback.3
 MLINKS+=	snmpmod.3 ip_save.3
 MLINKS+=	snmpmod.3 or_register.3
 MLINKS+=	snmpmod.3 or_unregister.3
 MLINKS+=	snmpmod.3 oid_commit.3
 MLINKS+=	snmpmod.3 oid_get.3
 MLINKS+=	snmpmod.3 oid_rollback.3
 MLINKS+=	snmpmod.3 oid_save.3
 MLINKS+=	snmpmod.3 oid_usmNotInTimeWindows.3
 MLINKS+=	snmpmod.3 oid_usmUnknownEngineIDs.3
 MLINKS+=	snmpmod.3 oid_zeroDotZero.3
 MLINKS+=	snmpmod.3 reqid_allocate.3
 MLINKS+=	snmpmod.3 reqid_base.3
 MLINKS+=	snmpmod.3 reqid_istype.3
 MLINKS+=	snmpmod.3 reqid_next.3
 MLINKS+=	snmpmod.3 reqid_type.3
 MLINKS+=	snmpmod.3 snmp_input_finish.3
 MLINKS+=	snmpmod.3 snmp_input_start.3
 MLINKS+=	snmpmod.3 snmp_output.3
 MLINKS+=	snmpmod.3 snmp_pdu_auth_access.3
 MLINKS+=	snmpmod.3 snmp_send_port.3
 MLINKS+=	snmpmod.3 snmp_send_trap.3
 MLINKS+=	snmpmod.3 snmpd_target_stat.3
 MLINKS+=	snmpmod.3 snmpd_usmstats.3
 MLINKS+=	snmpmod.3 start_tick.3
 MLINKS+=	snmpmod.3 string_commit.3
 MLINKS+=	snmpmod.3 string_free.3
 MLINKS+=	snmpmod.3 string_get.3
 MLINKS+=	snmpmod.3 string_get_max.3
 MLINKS+=	snmpmod.3 string_rollback.3
 MLINKS+=	snmpmod.3 string_save.3
 MLINKS+=	snmpmod.3 systemg.3
 MLINKS+=	snmpmod.3 this_tick.3
 MLINKS+=	snmpmod.3 timer_start.3
 MLINKS+=	snmpmod.3 timer_start_repeat.3
 MLINKS+=	snmpmod.3 timer_stop.3
 MLINKS+=	snmpmod.3 target_activate_address.3
 MLINKS+=	snmpmod.3 target_address.3
 MLINKS+=	snmpmod.3 target_delete_address.3
 MLINKS+=	snmpmod.3 target_delete_notify.3
 MLINKS+=	snmpmod.3 target_delete_param.3
 MLINKS+=	snmpmod.3 target_first_address.3
 MLINKS+=	snmpmod.3 target_first_notify.3
 MLINKS+=	snmpmod.3 target_first_param.3
 MLINKS+=	snmpmod.3 target_flush_all.3
 MLINKS+=	snmpmod.3 target_next_address.3
 MLINKS+=	snmpmod.3 target_next_notify.3
 MLINKS+=	snmpmod.3 target_next_param.3
 MLINKS+=	snmpmod.3 target_new_address.3
 MLINKS+=	snmpmod.3 target_new_notify.3
 MLINKS+=	snmpmod.3 target_new_param.3
 MLINKS+=	snmpmod.3 target_notify.3
 MLINKS+=	snmpmod.3 target_param.3
 MLINKS+=	snmpmod.3 usm_delete_user.3
 MLINKS+=	snmpmod.3 usm_find_user.3
 MLINKS+=	snmpmod.3 usm_first_user.3
 MLINKS+=	snmpmod.3 usm_flush_users.3
 MLINKS+=	snmpmod.3 usm_next_user.3
 MLINKS+=	snmpmod.3 usm_new_user.3
 MLINKS+=	snmpmod.3 usm_user.3
 
 FILESGROUPS= BMIBS DEFS
 
 BMIBS=	FOKUS-MIB.txt BEGEMOT-MIB.txt BEGEMOT-SNMPD.txt
 BMIBSDIR= ${SHAREDIR}/snmp/mibs
 DEFS=	tree.def
 DEFSDIR= ${SHAREDIR}/snmp/defs
 
 CFLAGS+= -I${CONTRIB}/lib -I${CONTRIB}/snmpd -I. -DUSE_LIBBEGEMOT
 CFLAGS+= -DHAVE_STDINT_H -DHAVE_INTTYPES_H -DHAVE_ERR_H -DHAVE_STRLCPY
 LIBADD=	begemot bsnmp
 
 LDFLAGS= -Wl,-export-dynamic
 
 .if ${MK_OPENSSL} != "no"
 CFLAGS+= -DHAVE_LIBCRYPTO
 .endif
 
 .if ${MK_TCP_WRAPPERS} != "no"
 CFLAGS+=	-DUSE_TCPWRAPPERS
 LIBADD+=	wrap
 .endif
 
 oid.h: tree.def Makefile
 	gensnmptree -I${CONTRIB}/lib -e ${XSYM} < ${.ALLSRC:M*.def} > ${.TARGET}
 
 .ORDER: tree.c tree.h
 tree.h: .NOMETA
 tree.c tree.h: tree.def
 	gensnmptree -I${CONTRIB}/lib -l -f < ${.ALLSRC}
 
 MANFILTER=	sed -e 's%@MODPATH@%${LIBDIR}/%g'		\
 		    -e 's%@DEFPATH@%${DEFSDIR}/%g'		\
 		    -e 's%@MIBSPATH@%${BMIBSDIR}/%g'
 
 .include <bsd.prog.mk>
Index: projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config
===================================================================
--- projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config	(nonexistent)
+++ projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config	(revision 337647)
@@ -0,0 +1,322 @@
+# $FreeBSD$
+#
+# Example configuration file for bsnmpd(1).
+#
+
+#
+# Set some common variables
+#
+location := "Room 200"
+contact := "sysmeister@example.com"
+system := 1	# FreeBSD
+traphost := localhost
+trapport := 162
+
+#
+# Set the SNMP engine ID.
+#
+# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
+# this configuration file, an ID is assigned based on the value of the
+# kern.hostid variable
+# engine := 0x80:0x10:0x08:0x10:0x80:0x25
+# snmpEngineID = $(engine)
+
+# Change this!
+read := "public"
+# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
+# string to enable write access.
+write := "geheim"
+trap := "mytrap"
+
+#
+# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
+#
+
+NoAuthProtocol		:= 1.3.6.1.6.3.10.1.1.1
+HMACMD5AuthProtocol	:= 1.3.6.1.6.3.10.1.1.2
+HMACSHAAuthProtocol	:= 1.3.6.1.6.3.10.1.1.3
+NoPrivProtocol		:= 1.3.6.1.6.3.10.1.2.1
+DESPrivProtocol		:= 1.3.6.1.6.3.10.1.2.2
+AesCfb128Protocol	:= 1.3.6.1.6.3.10.1.2.4
+
+#
+# Enumerations from SNMP-FRAMEWORK-MIB
+#
+
+# Security models
+securityModelAny	:= 0
+securityModelSNMPv1	:= 1
+securityModelSNMPv2c	:= 2
+securityModelUSM	:= 3
+
+# Message Processing models
+MPmodelSNMPv1		:= 0
+MPmodelSNMPv2c		:= 1
+MPmodelSNMPv3		:= 3
+
+# Security levels
+noAuthNoPriv := 1
+authNoPriv := 2
+authPriv := 3
+
+
+# SNMPv3 USM User definition
+#
+# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
+# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
+# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
+# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
+# with a private password "bsnmptest", localized for the above engine ID.
+#
+#user1 := "bsnmp"
+#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
+
+#
+# Configuration
+#
+%snmpd
+begemotSnmpdDebugDumpPdus	= 2
+begemotSnmpdDebugSyslogPri	= 7
+
+#
+# Set the read and write communities.
+#
+# The default value of the community strings is NULL (note, that this is
+# different from the empty string). This disables both read and write access.
+# To enable read access only the read community string must be set. Setting
+# the write community string enables both read and write access with that
+# string.
+#
+# Be sure to understand the security implications of SNMPv2 - the community
+# strings are readable on the wire!
+#
+begemotSnmpdCommunityString.0.1	= $(read)
+# begemotSnmpdCommunityString.0.2	= $(write)
+begemotSnmpdCommunityDisable	= 1
+
+# open standard SNMP ports
+begemotSnmpdPortStatus.0.0.0.0.161 = 1
+
+# open a unix domain socket
+begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
+begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
+
+# send traps to the traphost
+begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
+begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
+begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
+
+sysContact	= $(contact)
+sysLocation	= $(location)
+sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)
+
+snmpEnableAuthenTraps = 2
+
+# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable
+# modules
+
+#
+# Control configuration for the modules in the module specific sections, e.g.
+# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the
+# %usm specific section. You must uncomment the section specific header in
+# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)`
+# can only be used if %usm is uncommented.
+#
+# Modules are loaded in the order listed, so they must be before any
+# dependent modules, e.g. "mibII" vs "bridge".
+#
+
+#
+# MIB-2 module
+#
+begemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
+
+#
+# Bridge module
+#  This requires the mibII module.
+#
+#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
+
+#
+# Host resources module
+#  This requires the mibII module.
+#
+#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
+
+#
+# LM75 Sensor module
+#
+#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"
+
+#
+# Netgraph module
+#
+#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
+
+#
+# pf(4) module
+#
+#begemotSnmpdModulePath."pf"	= "/usr/lib/snmp_pf.so"
+
+#
+# SNMPv3 Notification Targets
+#
+# begemotSnmpdModulePath."target"	= "/usr/lib/snmp_target.so"
+
+#
+# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
+#
+#begemotSnmpdModulePath."usm"	= "/usr/lib/snmp_usm.so"
+
+#
+# SNMPv3 View-based Access Control module
+#
+#begemotSnmpdModulePath."vacm"	= "/usr/lib/snmp_vacm.so"
+
+#
+# Wireless module
+#  This requires the mibII module.
+#
+#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
+
+#
+# SNMPv3 USM User definition.
+#
+
+#%usm
+
+#
+# The following block creates a user with name "bsnmp" and sets privacy
+# and encryption options to SHA256 message digests and AES encryption
+# for this user.
+#
+# usmUserStatus.$(engine).$(user1) = 5
+# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
+# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
+# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
+# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
+# usmUserStatus.$(engine).$(user1) = 1
+#
+
+#
+# The following block creates a user with name "public" with no authentication
+# or encryption options.
+#
+# usmUserStatus.$(engine).$(read) = 5
+# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
+# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
+# usmUserStatus.$(engine).$(read) = 1
+#
+
+#
+# Definition of view-based access control entries.
+#
+#%vacm
+
+# Definition of a SNMPv1 group
+# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
+# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
+
+# Definition of SNMPv2 group
+# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
+# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
+
+# Definition of SNMPv3 group with users "bsnmp" and "public"
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
+# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
+# vacmGroupName.$(securityModelUSM).$(read) = $(write)
+
+#
+# The OID of the .iso.org.dod.internet subtree
+#
+# internetoid := 1.3.6.1
+# internetoidlen := 4
+
+#
+# Definitions of two views
+#
+# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
+# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
+
+#
+# Access control
+#
+
+#
+# Read-only access for SNMPv1 users
+#
+# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
+
+#
+# Read-write access for SNMPv2 users
+#
+# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+
+#
+# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
+#
+# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+
+#
+#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
+#
+# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
+# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
+# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted"
+
+#%target
+# Send notifications to target tag "test"
+# tag		:= "test"
+# snmpNotifyRowStatus.$(tag) = 4
+# snmpNotifyTag.$(tag) = $(tag)
+
+# tagremote		:= "testremote"
+# snmpNotifyRowStatus.$(tagremote) = 4
+# snmpNotifyTag.$(tagremote) = $(tagremote)
+
+#
+# Specify the target parameters for the notifications - send with the credentials
+# of user "bsnmp"
+#
+# snmpTargetParamsRowStatus.$(tag) = 5
+# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
+# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
+# snmpTargetParamsSecurityName.$(tag) = $(user1)
+# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
+# snmpTargetParamsRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on localhost
+#
+# snmpTargetAddrRowStatus.$(tag) = 5
+# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tag) = "test notification"
+# snmpTargetAddrParams.$(tag) = $(tag)
+# snmpTargetAddrRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on 10.0.0.1
+#
+# snmpTargetAddrRowStatus.$(tagremote) = 5
+# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
+# snmpTargetAddrParams.$(tagremote) = $(tag)
+# snmpTargetAddrRowStatus.$(tagremote) = 1
+
+# Force a polling rate for the 64-bit interface counters in case
+# the automatic computation is wrong (which may be the case if an interface
+# announces the wrong bit rate via its MIB).
+#%mibII
+#begemotIfForcePoll = 2000
+
+#%netgraph
+#begemotNgControlNodeName = "snmpd"
+

Property changes on: projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Index: projects/clang700-import
===================================================================
--- projects/clang700-import	(revision 337646)
+++ projects/clang700-import	(revision 337647)

Property changes on: projects/clang700-import
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head:r337619-337645