Index: projects/clang700-import/cddl/usr.sbin/dwatch/libexec/Makefile =================================================================== --- projects/clang700-import/cddl/usr.sbin/dwatch/libexec/Makefile (revision 337646) +++ projects/clang700-import/cddl/usr.sbin/dwatch/libexec/Makefile (revision 337647) @@ -1,91 +1,91 @@ # $FreeBSD$ FILESDIR= ${LIBEXECDIR}/dwatch FILES= chmod \ errno \ io \ ip \ kill \ nanosleep \ open \ proc \ rw \ sched \ sendrecv \ + systop \ tcp \ udp \ udplite \ vop_create \ vop_readdir \ vop_rename \ vop_symlink LINKS= ${LIBEXECDIR}/dwatch/chmod ${LIBEXECDIR}/dwatch/fchmodat LINKS+= ${LIBEXECDIR}/dwatch/chmod ${LIBEXECDIR}/dwatch/lchmod LINKS+= ${LIBEXECDIR}/dwatch/io ${LIBEXECDIR}/dwatch/io-done LINKS+= ${LIBEXECDIR}/dwatch/io ${LIBEXECDIR}/dwatch/io-start LINKS+= ${LIBEXECDIR}/dwatch/ip ${LIBEXECDIR}/dwatch/ip-receive LINKS+= ${LIBEXECDIR}/dwatch/ip ${LIBEXECDIR}/dwatch/ip-send LINKS+= ${LIBEXECDIR}/dwatch/open ${LIBEXECDIR}/dwatch/openat LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-create LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exec LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exec-failure LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exec-success LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-exit LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal-clear LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal-discard LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-signal-send LINKS+= ${LIBEXECDIR}/dwatch/proc ${LIBEXECDIR}/dwatch/proc-status LINKS+= ${LIBEXECDIR}/dwatch/rw ${LIBEXECDIR}/dwatch/read LINKS+= ${LIBEXECDIR}/dwatch/rw ${LIBEXECDIR}/dwatch/write LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-change-pri LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-cpu LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-dequeue LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-enqueue LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-exec LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-lend-pri LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-load-change LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-off-cpu LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-on-cpu LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-preempt LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-pri LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-queue LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-remain-cpu LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-sleep LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-surrender LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-tick LINKS+= ${LIBEXECDIR}/dwatch/sched ${LIBEXECDIR}/dwatch/sched-wakeup LINKS+= ${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/recv LINKS+= ${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/recvfrom LINKS+= ${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/recvmsg LINKS+= ${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/send LINKS+= ${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/sendmsg LINKS+= ${LIBEXECDIR}/dwatch/sendrecv ${LIBEXECDIR}/dwatch/sendto -LINKS+= ${LIBEXECDIR}/dwatch/systop ${LIBEXECDIR}/dwatch/systop LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-accept LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-accept-established LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-accept-refused LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect-established LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect-refused LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-connect-request LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-established LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-init LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-io LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-receive LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-refused LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-send LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-state-change LINKS+= ${LIBEXECDIR}/dwatch/tcp ${LIBEXECDIR}/dwatch/tcp-status LINKS+= ${LIBEXECDIR}/dwatch/udp ${LIBEXECDIR}/dwatch/udp-receive LINKS+= ${LIBEXECDIR}/dwatch/udp ${LIBEXECDIR}/dwatch/udp-send LINKS+= ${LIBEXECDIR}/dwatch/udplite ${LIBEXECDIR}/dwatch/udplite-receive LINKS+= ${LIBEXECDIR}/dwatch/udplite ${LIBEXECDIR}/dwatch/udplite-send LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_lookup LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_mkdir LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_mknod LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_remove LINKS+= ${LIBEXECDIR}/dwatch/vop_create ${LIBEXECDIR}/dwatch/vop_rmdir .include Index: projects/clang700-import/cddl =================================================================== --- projects/clang700-import/cddl (revision 337646) +++ projects/clang700-import/cddl (revision 337647) Property changes on: projects/clang700-import/cddl ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head/cddl:r337616-337645 Index: projects/clang700-import/etc/sysctl.conf =================================================================== --- projects/clang700-import/etc/sysctl.conf (revision 337646) +++ projects/clang700-import/etc/sysctl.conf (nonexistent) @@ -1,9 +0,0 @@ -# $FreeBSD$ -# -# This file is read when going to multi-user and its contents piped thru -# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. -# - -# Uncomment this to prevent users from seeing information about processes that -# are being run under another UID. -#security.bsd.see_other_uids=0 Property changes on: projects/clang700-import/etc/sysctl.conf ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/etc/ddb.conf =================================================================== --- projects/clang700-import/etc/ddb.conf (revision 337646) +++ projects/clang700-import/etc/ddb.conf (nonexistent) @@ -1,15 +0,0 @@ -# $FreeBSD$ -# -# This file is read when going to multi-user and its contents piped thru -# ``ddb'' to define debugging scripts. -# -# see ``man 4 ddb'' and ``man 8 ddb'' for details. -# - -script lockinfo=show locks; show alllocks; show lockedvnods - -# kdb.enter.panic panic(9) was called. -script kdb.enter.panic=textdump set; capture on; run lockinfo; show pcpu; bt; ps; alltrace; capture off; call doadump; reset - -# kdb.enter.witness witness(4) detected a locking error. -script kdb.enter.witness=run lockinfo Property changes on: projects/clang700-import/etc/ddb.conf ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/etc/pf.os =================================================================== --- projects/clang700-import/etc/pf.os (revision 337646) +++ projects/clang700-import/etc/pf.os (nonexistent) @@ -1,709 +0,0 @@ -# $FreeBSD$ -# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $ -# passive OS fingerprinting -# ------------------------- -# -# SYN signatures. Those signatures work for SYN packets only (duh!). -# -# (C) Copyright 2000-2003 by Michal Zalewski -# (C) Copyright 2003 by Mike Frantzen -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# -# -# This fingerprint database is adapted from Michal Zalewski's p0f passive -# operating system package. The last database sync was from a Nov 3 2003 -# p0f.fp. -# -# -# Each line in this file specifies a single fingerprint. Please read the -# information below carefully before attempting to append any signatures -# reported as UNKNOWN to this file to avoid mistakes. -# -# We use the following set metrics for fingerprinting: -# -# - Window size (WSS) - a highly OS dependent setting used for TCP/IP -# performance control (max. amount of data to be sent without ACK). -# Some systems use a fixed value for initial packets. On other -# systems, it is a multiple of MSS or MTU (MSS+40). In some rare -# cases, the value is just arbitrary. -# -# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number -# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn' -# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the -# value of nn is not fixed (unlikely), just copy the Snn or Tnn token -# literally. If you know this device has a simple stack and a fixed -# MTU, you can however multiply S value by MSS, or T value by MSS+40, -# and put it instead of Snn or Tnn. -# -# If WSS otherwise looks like a fixed value (for example a multiple -# of two), or if you can confirm the value is fixed, please quote -# it literally. If there's no apparent pattern in WSS chosen, you -# should consider wildcarding this value. -# -# - Overall packet size - a function of all IP and TCP options and bugs. -# -# NEW SIGNATURE: Copy this value literally. -# -# - Initial TTL - We check the actual TTL of a received packet. It can't -# be higher than the initial TTL, and also shouldn't be dramatically -# lower (maximum distance is defined as 40 hops). -# -# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally. -# You need to determine the initial TTL. The best way to do it is to -# check the documentation for a remote system, or check its settings. -# A fairly good method is to simply round the observed TTL up to -# 32, 64, 128, or 255, but it should be noted that some obscure devices -# might not use round TTLs (in particular, some shoddy appliances use -# "original" initial TTL settings). If not sure, you can see how many -# hops you're away from the remote party with traceroute or mtr. -# -# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU -# discovery. Others do not bother. -# -# NEW SIGNATURE: Copy this value literally. -# -# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f -# uses it to determine link type of the remote host. -# -# NEW SIGNATURE: Always wildcard this value, except for rare cases when -# you have an appliance with a fixed value, know the system supports only -# a very limited number of network interface types, or know the system -# is using a value it pulled out of nowhere. Specific unique MSS -# can be used to tell Google crawlbots from the rest of the population. -# -# - Window scaling (WSCALE) - this feature is used to scale WSS. -# It extends the size of a TCP/IP window to 32 bits. Some modern -# systems implement this feature. -# -# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set -# to zero or other low value. There's usually no need to wildcard this -# parameter. -# -# - Timestamp - some systems that implement timestamps set them to -# zero in the initial SYN. This case is detected and handled appropriately. -# -# - Selective ACK permitted - a flag set by systems that implement -# selective ACK functionality. -# -# - The sequence of TCP all options (MSS, window scaling, selective ACK -# permitted, timestamp, NOP). Other than the options previously -# discussed, p0f also checks for timestamp option (a silly -# extension to broadcast your uptime ;-), NOP options (used for -# header padding) and sackOK option (selective ACK feature). -# -# NEW SIGNATURE: Copy the sequence literally. -# -# To wildcard any value (except for initial TTL or TCP options), replace -# it with '*'. You can also use a modulo operator to match any values -# that divide by nnn - '%nnn'. -# -# Fingerprint entry format: -# -# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details -# -# wwww - window size (can be *, %nnn, Snn or Tnn). The special values -# "S" and "T" which are a multiple of MSS or a multiple of MTU -# respectively. -# ttt - initial TTL -# D - don't fragment bit (0 - not set, 1 - set) -# ss - overall SYN packet size -# OOO - option value and order specification (see below) -# OS - OS genre (Linux, Solaris, Windows) -# Version - OS Version (2.0.27 on x86, etc) -# Subtype - OS subtype or patchlevel (SP3, lo0) -# details - Generic OS details -# -# If OS genre starts with '*', p0f will not show distance, link type -# and timestamp data. It is useful for userland TCP/IP stacks of -# network scanners and so on, where many settings are randomized or -# bogus. -# -# If OS genre starts with @, it denotes an approximate hit for a group -# of operating systems (signature reporting still enabled in this case). -# Use this feature at the end of this file to catch cases for which -# you don't have a precise match, but can tell it's Windows or FreeBSD -# or whatnot by looking at, say, flag layout alone. -# -# Option block description is a list of comma or space separated -# options in the order they appear in the packet: -# -# N - NOP option -# Wnnn - window scaling option, value nnn (or * or %nnn) -# Mnnn - maximum segment size option, value nnn (or * or %nnn) -# S - selective ACK OK -# T - timestamp -# T0 - timestamp with a zero value -# -# To denote no TCP options, use a single '.'. -# -# Please report any additions to this file, or any inaccuracies or -# problems spotted, to the maintainers: lcamtuf@coredump.cx, -# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet -# capture of the relevant SYN packet(s) -# -# A test and submission page is available at -# http://lcamtuf.coredump.cx/p0f-help/ -# -# -# WARNING WARNING WARNING -# ----------------------- -# -# Do not add a system X as OS Y just because NMAP says so. It is often -# the case that X is a NAT firewall. While nmap is talking to the -# device itself, p0f is fingerprinting the guy behind the firewall -# instead. -# -# When in doubt, use common sense, don't add something that looks like -# a completely different system as Linux or FreeBSD or LinkSys router. -# Check DNS name, establish a connection to the remote host and look -# at SYN+ACK - does it look similar? -# -# Some users tweak their TCP/IP settings - enable or disable RFC1323 -# functionality, enable or disable timestamps or selective ACK, -# disable PMTU discovery, change MTU and so on. Always compare a new rule -# to other fingerprints for this system, and verify the system isn't -# "customized" before adding it. It is OK to add signature variants -# caused by a commonly used software (personal firewalls, security -# packages, etc), but it makes no sense to try to add every single -# possible /proc/sys/net/ipv4 tweak on Linux or so. -# -# KEEP IN MIND: Some packet firewalls configured to normalize outgoing -# traffic (OpenBSD pf with "scrub" enabled, for example) will, well, -# normalize packets. Signatures will not correspond to the originating -# system (and probably not quite to the firewall either). -# -# NOTE: Try to keep this file in some reasonable order, from most to -# least likely systems. This will speed up operation. Also keep most -# generic and broad rules near the end. -# - -########################## -# Standard OS signatures # -########################## - -# ----------------- AIX --------------------- - -# AIX is first because its signatures are close to NetBSD, MacOS X and -# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes... -# This is a shoddy hack, though. - -45046:64:0:44:M*: AIX:4.3::AIX 4.3 -16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier - -16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 -16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 -32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 -32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 -65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 -65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 -65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1 - -# ----------------- Linux ------------------- - -# S1:64:0:44:M*:A: Linux:1.2::Linux 1.2.x (XXX quirks support) -512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x -16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x - -# Endian snafu! Nelson says "ha-ha": -2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac -64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac - - -S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) - -S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) -S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer -S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7 -S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7 - -S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1) -S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2) -S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3) -T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4) - -S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0 - -S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4) -S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 -S3:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4) -S4:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4) - -S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer -S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 -S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 - -# Popular cluster config scripts disable timestamps and -# selective ACK: -S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster - -# This needs to be investigated. On some systems, WSS -# is selected as a multiple of MTU instead of MSS. I got -# many submissions for this for many late versions of 2.4: -T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon) - -# This happens only over loopback, but let's make folks happy: -32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local) -S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local) - -# Opera visitors: -16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?) -32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?) - -# Some fairly common mods: -S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps -S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps - - -# ----------------- FreeBSD ----------------- - -16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2 -16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2 -16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2 -16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 - -1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 - -57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) -57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9 - -32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X) -32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) -65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X) -65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X) -65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2 -65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2 - -# XXX need quirks support -# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1) -# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2) -# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3) -# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323) - -# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) - -# ----------------- NetBSD ------------------ - -16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3 -65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera) -16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6 -16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) -65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) -65535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF) -32768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization) - -# ----------------- OpenBSD ----------------- - -16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) -16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8 -16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df) -57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 -57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) - -65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) - -16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9 -16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df) - -16384:64:1:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1::OpenBSD 6.1 -16384:64:0:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df) - -# ----------------- DragonFly BSD ----------------- - -57344:64:1:60:M*,N,W0,N,N,T: DragonFly:1.0:A:DragonFly 1.0A -57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:1.2-1.12::DragonFly 1.2-1.12 -5840:64:1:60:M*,S,T,N,W4: DragonFly:2.0-2.1::DragonFly 2.0-2.1 -57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:2.2-2.3::DragonFly 2.2-2.3 -57344:64:0:64:M*,N,W5,N,N,S,N,N,T: DragonFly:2.4-2.7::DragonFly 2.4-2.7 - -# ----------------- Solaris ----------------- - -S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 -S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 -S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 - -S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 -S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 -S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9 -S44:255:1:44:M*: Solaris:2.7::Solaris 7 - -4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x - -S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta) -32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203 - -# ----------------- IRIX -------------------- - -49152:64:0:44:M*: IRIX:6.4::IRIX 6.4 -61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5 -49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) -49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) - -61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 -49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 - -49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27 - - -# ----------------- Tru64 ------------------- - -32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4) -32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0 -8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6) -61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack) - -# ----------------- OpenVMS ----------------- - -6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack) - -# ----------------- MacOS ------------------- - -# XXX Need EOL tcp opt support -# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic - -# XXX some of these use EOL too -16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP) -16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP) -16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP) -32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2 -65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4) - - -# ----------------- Windows ----------------- - -# Windows TCP/IP stack is a mess. For most recent XP, 2000 and -# even 98, the patchlevel, not the actual OS version, is more -# relevant to the signature. They share the same code, so it would -# seem. Luckily for us, almost all Windows 9x boxes have an -# awkward MSS of 536, which I use to tell one from another -# in most difficult cases. - -8192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows) -S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95 -8192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b - -# There were so many tweaking tools and so many stack versions for -# Windows 98 it is no longer possible to tell them from each other -# without some very serious research. Until then, there's an insane -# number of signatures, for your amusement: - -S44:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL) -8192:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL) -%8192:64:1:48:M536,N,N,S: Windows:98::Windows 98 -%8192:128:1:48:M536,N,N,S: Windows:98::Windows 98 -S4:64:1:48:M*,N,N,S: Windows:98::Windows 98 -S6:64:1:48:M*,N,N,S: Windows:98::Windows 98 -S12:64:1:48:M*,N,N,S: Windows:98::Windows 98 -T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 -32767:64:1:48:M*,N,N,S: Windows:98::Windows 98 -37300:64:1:48:M*,N,N,S: Windows:98::Windows 98 -46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323) -65535:64:1:44:M*: Windows:98:noSack:Windows 98 (no sack) -S16:128:1:48:M*,N,N,S: Windows:98::Windows 98 -S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 -S26:128:1:48:M*,N,N,S: Windows:98::Windows 98 -T30:128:1:48:M*,N,N,S: Windows:98::Windows 98 -32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98 -60352:128:1:48:M*,N,N,S: Windows:98::Windows 98 -60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98 - -# What's with 1414 on NT? -T31:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a -64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a -8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older) - -# Windows XP and 2000. Most of the signatures that were -# either dubious or non-specific (no service pack data) -# were deleted and replaced with generics at the end. - -65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 -65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 -%8192:128:1:48:M*,N,N,S: Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222) -%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222) -S20:128:1:48:M*,N,N,S: Windows:2000::Windows 2000/XP SP3 -S20:128:1:48:M*,N,N,S: Windows:XP:SP3:Windows 2000/XP SP3 -S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP 1 -S45:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP 1 -40320:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4 - -S6:128:1:48:M*,N,N,S: Windows:2000:SP2:Windows XP, 2000 SP2+ -S6:128:1:48:M*,N,N,S: Windows:XP::Windows XP, 2000 SP2+ -S12:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1 -S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows Pro SP1, 2000 SP3 -S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3 -64512:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows SP1, 2000 SP3 -64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP3 -32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4 -32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4 - -8192:128:1:52:M*,N,W2,N,N,S: Windows:Vista::Windows Vista/7 - -# Odds, ends, mods: - -S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco -S52:128:1:48:M1260,N,N,S: Windows:XP:cisco:Windows XP/2000 via Cisco -65520:128:1:48:M*,N,N,S: Windows:XP::Windows XP bare-bone -16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm? -2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server - -44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?) -S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2 -32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS - - -# No need to be more specific, it passes: -# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk -# there is an equiv similar generic sig w/o the quirk - -# ----------------- HP/UX ------------------- - -32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20 -32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0 -32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11 -32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11 - -# Whoa. Hardcore WSS. -0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) - -# ----------------- RiscOS ------------------ - -# We don't yet support the ?12 TCP option -#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36 -12288:32:0:44:M536: RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10 - -# XXX quirk -# 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00 - - - -# ----------------- BSD/OS ------------------ - -# Once again, power of two WSS is also shared by MacOS X with DF set -8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF) -8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2) - - -# ---------------- NewtonOS ----------------- - -4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1 - -# ---------------- NeXTSTEP ----------------- - -S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3 -S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 - -# ------------------ BeOS ------------------- - -1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1 -12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x - -# ------------------ OS/400 ----------------- - -8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5 -8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5 -4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032 - -# XXX quirk -# 28672:64:0:44:M1460:A:OS/390:? - -# ------------------ ULTRIX ----------------- - -16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5 - -# ------------------- QNX ------------------- - -S16:64:0:44:M512: QNX:::QNX demodisk - -# ------------------ Novell ----------------- - -16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0 -6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11 -6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ? - -6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3 - - -# ----------------- SCO ------------------ -S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 -S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3 -S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0 - -# ------------------- DOS ------------------- - -2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 -T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro) - -# ------------------ OS/2 ------------------- - -S56:64:0:44:M512: OS/2:4::OS/2 4 -28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0 - -# ----------------- TOPS-20 ----------------- - -# Another hardcore MSS, one of the ACK leakers hunted down. -# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7 -0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7 - -# ----------------- FreeMiNT ---------------- - -S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari) - -# ------------------ AMIGA ------------------ - -# XXX TCP option 12 -# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack - -# ------------------ Plan9 ------------------ - -65535:255:0:48:M1460,W0,N: Plan9:4::Plan9 edition 4 - -# ----------------- AMIGAOS ----------------- - -16384:64:1:48:M1560,N,N,S: AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX - -########################################### -# Appliance / embedded / other signatures # -########################################### - -# ---------- Firewalls / routers ------------ - -S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) -S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) -4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x - -# XXX TCP option 12 -# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3 -# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026 - -S4:64:1:60:W0,N,S,T,M1460: FortiNet:FortiGate:50:FortiNet FortiGate 50 - -8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway - -S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router - - - -# ------- Switches and other stuff ---------- - -4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc -S8:255:0:44:M*: Cisco:12008::Cisco 12008 -60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch -64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client - - -# ---------- Caches and whatnots ------------ - -S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache - -32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x -16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1 -65535:64:0:64:M1460,N,N,S,N,W*,N,N,T: NetApp:5.3-5.5::NetApp 5.3-5.5 -65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow -8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1 -20480:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:4.1::NetApp NetCache4.1 - -65535:64:0:60:M1460,N,W0,N,N,T: CacheFlow:4.1::CacheFlow CacheOS 4.1 -8192:64:0:60:M1380,N,N,N,N,N,N,T: CacheFlow:1.1::CacheFlow CacheOS 1.1 - -S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine - -27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based) - -65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler -S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg - -16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) - -65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200 - -32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine - -# ----------- Embedded systems -------------- - -S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C -S5:255:0:44:M536: PalmOS:3::PalmOS 3/4 -S5:255:0:44:M536: PalmOS:4::PalmOS 3/4 -S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 -2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) -S29:255:0:44:M536: PalmOS:5::PalmOS 5.0 -16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie) -S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo) - -S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 - -8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?) -8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?) -S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?) -S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?) - - -# Perhaps S4? -5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10 - -32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 - -S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0 - -4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0 -T5:64:0:44:M536: Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027) -S22:64:1:44:M1460: Sony:PS2::Sony Playstation 2 (SOCOM?) - -S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 - -3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0 - -#################### -# Fancy signatures # -#################### - -1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1) -2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2) -3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) -4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) - -# Requires quirks support -# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1) -# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2) -# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3) -# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4) - -1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) -2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) -3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) -4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) - -32767:64:0:40:.: *NAST:::NASTsyn scan - -# Requires quirks support -# 12345:255:0:40:.:A:-p0f:sendsyn utility - - -##################################### -# Generic signatures - just in case # -##################################### - -#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x -#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x - -*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) -*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) -*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) -*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) -*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) -*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) -*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) -*:128:1:48:M536,N,N,S: @Windows:98::Windows 98 -*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000 -*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000 - - Property changes on: projects/clang700-import/etc/pf.os ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/etc/snmpd.config =================================================================== --- projects/clang700-import/etc/snmpd.config (revision 337646) +++ projects/clang700-import/etc/snmpd.config (nonexistent) @@ -1,322 +0,0 @@ -# $FreeBSD$ -# -# Example configuration file for bsnmpd(1). -# - -# -# Set some common variables -# -location := "Room 200" -contact := "sysmeister@example.com" -system := 1 # FreeBSD -traphost := localhost -trapport := 162 - -# -# Set the SNMP engine ID. -# -# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via -# this configuration file, an ID is assigned based on the value of the -# kern.hostid variable -# engine := 0x80:0x10:0x08:0x10:0x80:0x25 -# snmpEngineID = $(engine) - -# Change this! -read := "public" -# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community -# string to enable write access. -write := "geheim" -trap := "mytrap" - -# -# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options -# - -NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 -HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 -HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 -NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 -DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 -AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 - -# -# Enumerations from SNMP-FRAMEWORK-MIB -# - -# Security models -securityModelAny := 0 -securityModelSNMPv1 := 1 -securityModelSNMPv2c := 2 -securityModelUSM := 3 - -# Message Processing models -MPmodelSNMPv1 := 0 -MPmodelSNMPv2c := 1 -MPmodelSNMPv3 := 3 - -# Security levels -noAuthNoPriv := 1 -authNoPriv := 2 -authPriv := 3 - - -# SNMPv3 USM User definition -# -# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, -# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking -# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other -# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" -# with a private password "bsnmptest", localized for the above engine ID. -# -#user1 := "bsnmp" -#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 - -# -# Configuration -# -%snmpd -begemotSnmpdDebugDumpPdus = 2 -begemotSnmpdDebugSyslogPri = 7 - -# -# Set the read and write communities. -# -# The default value of the community strings is NULL (note, that this is -# different from the empty string). This disables both read and write access. -# To enable read access only the read community string must be set. Setting -# the write community string enables both read and write access with that -# string. -# -# Be sure to understand the security implications of SNMPv2 - the community -# strings are readable on the wire! -# -begemotSnmpdCommunityString.0.1 = $(read) -# begemotSnmpdCommunityString.0.2 = $(write) -begemotSnmpdCommunityDisable = 1 - -# open standard SNMP ports -begemotSnmpdPortStatus.0.0.0.0.161 = 1 - -# open a unix domain socket -begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 -begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 - -# send traps to the traphost -begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 -begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 -begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) - -sysContact = $(contact) -sysLocation = $(location) -sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) - -snmpEnableAuthenTraps = 2 - -# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable -# modules - -# -# Control configuration for the modules in the module specific sections, e.g. -# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the -# %usm specific section. You must uncomment the section specific header in -# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)` -# can only be used if %usm is uncommented. -# -# Modules are loaded in the order listed, so they must be before any -# dependent modules, e.g. "mibII" vs "bridge". -# - -# -# MIB-2 module -# -begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" - -# -# Bridge module -# This requires the mibII module. -# -#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" - -# -# Host resources module -# This requires the mibII module. -# -#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" - -# -# LM75 Sensor module -# -#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so" - -# -# Netgraph module -# -#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" - -# -# pf(4) module -# -#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" - -# -# SNMPv3 Notification Targets -# -# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" - -# -# SNMPv3 User-based security module - must be loaded for SNMPv3 USM -# -#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" - -# -# SNMPv3 View-based Access Control module -# -#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" - -# -# Wireless module -# This requires the mibII module. -# -#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" - -# -# SNMPv3 USM User definition. -# - -#%usm - -# -# The following block creates a user with name "bsnmp" and sets privacy -# and encryption options to SHA256 message digests and AES encryption -# for this user. -# -# usmUserStatus.$(engine).$(user1) = 5 -# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) -# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) -# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) -# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) -# usmUserStatus.$(engine).$(user1) = 1 -# - -# -# The following block creates a user with name "public" with no authentication -# or encryption options. -# -# usmUserStatus.$(engine).$(read) = 5 -# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) -# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) -# usmUserStatus.$(engine).$(read) = 1 -# - -# -# Definition of view-based access control entries. -# -#%vacm - -# Definition of a SNMPv1 group -# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 -# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) - -# Definition of SNMPv2 group -# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 -# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) - -# Definition of SNMPv3 group with users "bsnmp" and "public" -# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 -# vacmGroupName.$(securityModelUSM).$(user1) = $(write) -# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 -# vacmGroupName.$(securityModelUSM).$(read) = $(write) - -# -# The OID of the .iso.org.dod.internet subtree -# -# internetoid := 1.3.6.1 -# internetoidlen := 4 - -# -# Definitions of two views -# -# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 -# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 - -# -# Access control -# - -# -# Read-only access for SNMPv1 users -# -# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" - -# -# Read-write access for SNMPv2 users -# -# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" -# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" - -# -# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv -# -# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 -# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" -# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" -# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" - -# -#Read-write-notify access to restricted for SNMPv3 USM users with authPriv -# -# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4 -# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" -# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" -# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" - -#%target -# Send notifications to target tag "test" -# tag := "test" -# snmpNotifyRowStatus.$(tag) = 4 -# snmpNotifyTag.$(tag) = $(tag) - -# tagremote := "testremote" -# snmpNotifyRowStatus.$(tagremote) = 4 -# snmpNotifyTag.$(tagremote) = $(tagremote) - -# -# Specify the target parameters for the notifications - send with the credentials -# of user "bsnmp" -# -# snmpTargetParamsRowStatus.$(tag) = 5 -# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) -# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) -# snmpTargetParamsSecurityName.$(tag) = $(user1) -# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) -# snmpTargetParamsRowStatus.$(tag) = 1 - -# -# Define the notifications' target address - port 162 on localhost -# -# snmpTargetAddrRowStatus.$(tag) = 5 -# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 -# snmpTargetAddrTagList.$(tag) = "test notification" -# snmpTargetAddrParams.$(tag) = $(tag) -# snmpTargetAddrRowStatus.$(tag) = 1 - -# -# Define the notifications' target address - port 162 on 10.0.0.1 -# -# snmpTargetAddrRowStatus.$(tagremote) = 5 -# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 -# snmpTargetAddrTagList.$(tagremote) = $(tagremote) -# snmpTargetAddrParams.$(tagremote) = $(tag) -# snmpTargetAddrRowStatus.$(tagremote) = 1 - -# Force a polling rate for the 64-bit interface counters in case -# the automatic computation is wrong (which may be the case if an interface -# announces the wrong bit rate via its MIB). -#%mibII -#begemotIfForcePoll = 2000 - -#%netgraph -#begemotNgControlNodeName = "snmpd" - Property changes on: projects/clang700-import/etc/snmpd.config ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/etc/cron.d/at =================================================================== --- projects/clang700-import/etc/cron.d/at (revision 337646) +++ projects/clang700-import/etc/cron.d/at (nonexistent) @@ -1,7 +0,0 @@ -# $FreeBSD$ -# -SHELL=/bin/sh -PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin - -# See crontab(5) for field format. -*/5 * * * * root /usr/libexec/atrun Property changes on: projects/clang700-import/etc/cron.d/at ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: projects/clang700-import/etc/cron.d/Makefile =================================================================== --- projects/clang700-import/etc/cron.d/Makefile (revision 337646) +++ projects/clang700-import/etc/cron.d/Makefile (nonexistent) @@ -1,11 +0,0 @@ -# $FreeBSD$ - -.include - -.if ${MK_AT} != "no" -FILES+= at -.endif - -BINDIR= /etc/cron.d - -.include Property changes on: projects/clang700-import/etc/cron.d/Makefile ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: projects/clang700-import/etc/Makefile =================================================================== --- projects/clang700-import/etc/Makefile (revision 337646) +++ projects/clang700-import/etc/Makefile (revision 337647) @@ -1,373 +1,347 @@ # from: @(#)Makefile 5.11 (Berkeley) 5/21/91 # $FreeBSD$ .include FILESGROUPS= FILES # No need as it is empty and just causes rebuilds since this file does so much. UPDATE_DEPENDFILE= no .if ${MK_SENDMAIL} != "no" SUBDIR+=sendmail .endif BIN1= crontab \ devd.conf \ devfs.conf \ - ddb.conf \ dhclient.conf \ disktab \ fbtab \ gettytab \ group \ hosts \ hosts.allow \ hosts.equiv \ libalias.conf \ libmap.conf \ login.access \ login.conf \ mac.conf \ motd \ netconfig \ networks \ newsyslog.conf \ nsswitch.conf \ phones \ profile \ protocols \ rc.bsdextended \ rc.firewall \ remote \ rpc \ services \ - sysctl.conf \ syslog.conf \ termcap.small .if exists(${.CURDIR}/etc.${MACHINE}/ttys) BIN1+= etc.${MACHINE}/ttys .elif exists(${.CURDIR}/etc.${MACHINE_ARCH}/ttys) BIN1+= etc.${MACHINE_ARCH}/ttys .elif exists(${.CURDIR}/etc.${MACHINE_CPUARCH}/ttys) BIN1+= etc.${MACHINE_CPUARCH}/ttys .else .error etc.MACHINE/ttys missing .endif -OPENBSMDIR= ${SRCTOP}/contrib/openbsm -BSM_ETC_OPEN_FILES= ${OPENBSMDIR}/etc/audit_class \ - ${OPENBSMDIR}/etc/audit_event -BSM_ETC_RESTRICTED_FILES= ${OPENBSMDIR}/etc/audit_control \ - ${OPENBSMDIR}/etc/audit_user -BSM_ETC_EXEC_FILES= ${OPENBSMDIR}/etc/audit_warn -BSM_ETC_DIR= ${DESTDIR}/etc/security - # NB: keep these sorted by MK_* knobs .if ${MK_AMD} != "no" BIN1+= amd.map .endif .if ${MK_FTP} != "no" BIN1+= ftpusers .endif .if ${MK_INETD} != "no" BIN1+= inetd.conf .endif .if ${MK_LOCATE} != "no" BIN1+= ${SRCTOP}/usr.bin/locate/locate/locate.rc .endif .if ${MK_LPR} != "no" BIN1+= hosts.lpd printcap .endif .if ${MK_MAIL} != "no" BIN1+= ${SRCTOP}/usr.bin/mail/misc/mail.rc .endif .if ${MK_NTP} != "no" BIN1+= ntp.conf .endif .if ${MK_OPENSSH} != "no" SSH= ${SRCTOP}/crypto/openssh/ssh_config \ ${SRCTOP}/crypto/openssh/sshd_config \ ${SRCTOP}/crypto/openssh/moduli .endif .if ${MK_OPENSSL} != "no" SSL= ${SRCTOP}/crypto/openssl/apps/openssl.cnf .endif -.if ${MK_PF} != "no" -BIN1+= pf.os -.endif - .if ${MK_SENDMAIL} != "no" BIN1+= rc.sendmail .endif .if ${MK_TCSH} != "no" BIN1+= csh.cshrc csh.login csh.logout .endif .if ${MK_WIRELESS} != "no" BIN1+= regdomain.xml .endif .if ${MK_SENDMAIL} == "no" ETCMAIL=mailer.conf aliases .else ETCMAIL=Makefile README mailer.conf access.sample virtusertable.sample \ mailertable.sample aliases .endif # Special top level files for FreeBSD FREEBSD=COPYRIGHT # Sanitize DESTDIR DESTDIR:= ${DESTDIR:C://*:/:g} afterinstall: .if ${MK_MAN} != "no" ${_+_}cd ${SRCTOP}/share/man; ${MAKE} makedb .endif distribute: # Avoid installing tests here; "make distribution" will do this and # correctly place them in the right location. ${_+_}cd ${.CURDIR} ; ${MAKE} MK_TESTS=no install \ DESTDIR=${DISTDIR}/${DISTRIBUTION} ${_+_}cd ${.CURDIR} ; ${MAKE} distribution DESTDIR=${DISTDIR}/${DISTRIBUTION} .include .if defined(NO_ROOT) METALOG.add?= cat -l >> ${METALOG} .endif distribution: .if !defined(DESTDIR) @echo "set DESTDIR before running \"make ${.TARGET}\"" @false .endif cd ${.CURDIR}; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${BIN1} ${DESTDIR}/etc; \ cap_mkdb ${CAP_MKDB_ENDIAN} ${DESTDIR}/etc/login.conf; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ master.passwd nsmb.conf opieaccess ${DESTDIR}/etc; .if ${MK_SERVICESDB} != "no" cd ${.CURDIR}; \ services_mkdb ${CAP_MKDB_ENDIAN} -q -o ${DESTDIR}/var/db/services.db \ ${DESTDIR}/etc/services; .endif -.if ${MK_BSNMP} != "no" - cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ - snmpd.config ${DESTDIR}/etc; -.endif .if ${MK_TCSH} == "no" sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd .endif pwd_mkdb -i -p -d ${DESTDIR}/etc ${DESTDIR}/etc/master.passwd .if defined(NO_ROOT) ( \ echo "./etc/login.conf.db type=file mode=0644 uname=root gname=wheel"; \ echo "./etc/passwd type=file mode=0644 uname=root gname=wheel"; \ echo "./etc/pwd.db type=file mode=0644 uname=root gname=wheel"; \ echo "./etc/spwd.db type=file mode=0600 uname=root gname=wheel"; \ echo "./var/db/services.db type=file mode=0644 uname=root gname=wheel"; \ ) | ${METALOG.add} .endif .if ${MK_BLUETOOTH} != "no" ${_+_}cd ${.CURDIR}/bluetooth; ${MAKE} install .endif - ${_+_}cd ${.CURDIR}/cron.d; ${MAKE} install ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install ${_+_}cd ${.CURDIR}/devd; ${MAKE} install ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/mtree; ${MAKE} install ${_+_}cd ${.CURDIR}/newsyslog.conf.d; ${MAKE} install .if ${MK_NTP} != "no" ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install .endif ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install ${_+_}cd ${SRCTOP}/share/termcap; ${MAKE} etc-termcap ${_+_}cd ${.CURDIR}/syslog.d; ${MAKE} install ${_+_}cd ${SRCTOP}/usr.sbin/rmt; ${MAKE} etc-rmt ${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install - cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0444 \ - ${BSM_ETC_OPEN_FILES} ${BSM_ETC_DIR} - cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0600 \ - ${BSM_ETC_RESTRICTED_FILES} ${BSM_ETC_DIR} - cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0500 \ - ${BSM_ETC_EXEC_FILES} ${BSM_ETC_DIR} .if ${MK_UNBOUND} != "no" if [ ! -e ${DESTDIR}/etc/unbound ]; then \ ${INSTALL_SYMLINK} ../var/unbound ${DESTDIR}/etc/unbound; \ fi .endif .if ${MK_SENDMAIL} != "no" ${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution .endif .if ${MK_OPENSSH} != "no" cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${SSH} ${DESTDIR}/etc/ssh .endif .if ${MK_OPENSSL} != "no" cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${SSL} ${DESTDIR}/etc/ssl .endif .if ${MK_KERBEROS} != "no" cd ${.CURDIR}/root; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ dot.k5login ${DESTDIR}/root/.k5login; .endif cd ${.CURDIR}/root; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ dot.profile ${DESTDIR}/root/.profile; \ rm -f ${DESTDIR}/.profile; \ ${INSTALL_LINK} ${DESTDIR}/root/.profile ${DESTDIR}/.profile .if ${MK_TCSH} != "no" cd ${.CURDIR}/root; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ dot.cshrc ${DESTDIR}/root/.cshrc; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ dot.login ${DESTDIR}/root/.login; \ rm -f ${DESTDIR}/.cshrc; \ ${INSTALL_LINK} ${DESTDIR}/root/.cshrc ${DESTDIR}/.cshrc .endif .if ${MK_MAIL} != "no" cd ${.CURDIR}/mail; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${ETCMAIL} ${DESTDIR}/etc/mail if [ -d ${DESTDIR}/etc/mail -a -f ${DESTDIR}/etc/mail/aliases -a \ ! -f ${DESTDIR}/etc/aliases ]; then \ ${INSTALL_SYMLINK} mail/aliases ${DESTDIR}/etc/aliases; \ fi .endif .if ${MK_LOCATE} != "no" ${INSTALL} -o nobody -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/db/locate.database .endif cd ${.CURDIR}/..; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${FREEBSD} ${DESTDIR}/ .if ${MK_BOOT} != "no" .if exists(${SRCTOP}/sys/${MACHINE}/conf/GENERIC.hints) ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${SRCTOP}/sys/${MACHINE}/conf/GENERIC.hints \ ${DESTDIR}/boot/device.hints .endif .endif .if ${MK_NIS} == "no" sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \ ${DESTDIR}/etc/nsswitch.conf .endif MTREE_CMD?= mtree MTREES= mtree/BSD.root.dist / \ mtree/BSD.var.dist /var \ mtree/BSD.usr.dist /usr \ mtree/BSD.include.dist /usr/include \ mtree/BSD.debug.dist /usr/lib .if ${MK_LIB32} != "no" MTREES+= mtree/BSD.lib32.dist /usr MTREES+= mtree/BSD.lib32.dist /usr/lib/debug/usr .endif .if ${MK_LIBSOFT} != "no" MTREES+= mtree/BSD.libsoft.dist /usr MTREES+= mtree/BSD.libsoft.dist /usr/lib/debug/usr .endif .if ${MK_TESTS} != "no" MTREES+= mtree/BSD.tests.dist ${TESTSBASE} MTREES+= mtree/BSD.tests.dist /usr/lib/debug/${TESTSBASE} .endif .if ${MK_SENDMAIL} != "no" MTREES+= mtree/BSD.sendmail.dist / .endif .for mtree in ${LOCAL_MTREE} MTREES+= ../${mtree} / .endfor # Clean up some directories that where mistakenly created as files that # should not have been as part of the nvi update in r281994. # This should be removed after 11.0-RELEASE. DISTRIB_CLEANUP_SHARE_FILES= ${SHAREDIR}/doc/usd/10.exref ${SHAREDIR}/doc/usd/11.edit DISTRIB_CLEANUP_SHARE_FILES+= ${SHAREDIR}/doc/usd/12.vi ${SHAREDIR}/doc/usd/13.viref distrib-cleanup: .PHONY for file in ${DISTRIB_CLEANUP_SHARE_FILES}; do \ if [ -f ${DESTDIR}/$${file} ]; then \ rm -f ${DESTDIR}/$${file}; \ fi; \ done distrib-dirs: ${MTREES:N/*} distrib-cleanup .PHONY @set ${MTREES}; \ while test $$# -ge 2; do \ m=${.CURDIR}/$$1; \ shift; \ d=${DESTDIR}$$1; \ shift; \ test -d $$d || mkdir -p $$d; \ ${ECHO} ${MTREE_CMD} -deU ${MTREE_FSCHG} \ ${MTREE_FOLLOWS_SYMLINKS} -f $$m -p $$d; \ ${MTREE_FILTER} $$m | \ ${MTREE_CMD} -deU ${MTREE_FSCHG} ${MTREE_FOLLOWS_SYMLINKS} \ -p $$d; \ done; true .if defined(NO_ROOT) @set ${MTREES}; \ while test $$# -ge 2; do \ m=${.CURDIR}/$$1; \ shift; \ d=$$1; \ test "$$d" == "/" && d=""; \ d=${DISTBASE}$$d; \ shift; \ test -d ${DESTDIR}/$$d || mkdir -p ${DESTDIR}/$$d; \ ${ECHO} "${MTREE_CMD:N-W} -C -f $$m -K all | " \ "sed s#^\.#.$$d# | ${METALOG.add}" ; \ ${MTREE_FILTER} $$m | \ ${MTREE_CMD:N-W} -C -K all | sed s#^\.#.$$d# | \ ${METALOG.add} ; \ done; true .endif .if ${MK_NLS} != "no" set - `grep "^[a-zA-Z]" ${.CURDIR}/nls.alias`; \ while [ $$# -gt 0 ] ; do \ ${INSTALL_SYMLINK} "$$2" "${DESTDIR}${SHAREDIR}/nls/$$1"; \ shift; shift; \ done .endif etc-examples-install: ${META_DEPS} cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${BIN1} ${BIN2} nsmb.conf opieaccess \ ${DESTDIR}${SHAREDIR}/examples/etc etc-examples: etc-examples-install ${_+_}cd ${.CURDIR}/defaults; \ ${MAKE} ${${MK_STAGING} == "yes":?all:install} \ DESTDIR=${DESTDIR}${SHAREDIR}/examples .include .if ${MK_INSTALL_AS_USER} == "yes" && ${_uid} != 0 MTREE_FILTER= sed -e 's,\([gu]\)name=,\1id=,g' \ -e 's,\(uid=\)[^ ]* ,\1${_uid} ,' \ -e 's,\(gid=\)[^ ]* ,\1${_gid} ,' \ -e 's,\(uid=\)[^ ]*$$,\1${_uid},' \ -e 's,\(gid=\)[^ ]*$$,\1${_gid},' .else MTREE_FILTER= cat .if !defined(NO_FSCHG) MTREE_FSCHG= -i .endif .endif Index: projects/clang700-import/sbin/ddb/Makefile =================================================================== --- projects/clang700-import/sbin/ddb/Makefile (revision 337646) +++ projects/clang700-import/sbin/ddb/Makefile (revision 337647) @@ -1,10 +1,11 @@ # $FreeBSD$ +CONFS= ddb.conf PACKAGE=runtime PROG= ddb SRCS= ddb.c ddb_capture.c ddb_script.c MAN= ddb.8 LIBADD= kvm .include Index: projects/clang700-import/sbin/ddb/ddb.conf =================================================================== --- projects/clang700-import/sbin/ddb/ddb.conf (nonexistent) +++ projects/clang700-import/sbin/ddb/ddb.conf (revision 337647) @@ -0,0 +1,15 @@ +# $FreeBSD$ +# +# This file is read when going to multi-user and its contents piped thru +# ``ddb'' to define debugging scripts. +# +# see ``man 4 ddb'' and ``man 8 ddb'' for details. +# + +script lockinfo=show locks; show alllocks; show lockedvnods + +# kdb.enter.panic panic(9) was called. +script kdb.enter.panic=textdump set; capture on; run lockinfo; show pcpu; bt; ps; alltrace; capture off; call doadump; reset + +# kdb.enter.witness witness(4) detected a locking error. +script kdb.enter.witness=run lockinfo Property changes on: projects/clang700-import/sbin/ddb/ddb.conf ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/sbin/pfctl/Makefile =================================================================== --- projects/clang700-import/sbin/pfctl/Makefile (revision 337646) +++ projects/clang700-import/sbin/pfctl/Makefile (revision 337647) @@ -1,37 +1,38 @@ # $FreeBSD$ .include # pf_ruleset.c is shared between kernel and pfctl .PATH: ${SRCTOP}/sys/netpfil/pf PACKAGE=pf +CONFS= pf.os PROG= pfctl MAN= pfctl.8 SRCS = pfctl.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c SRCS+= pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c SRCS+= pfctl_optimize.c SRCS+= pf_ruleset.c WARNS?= 2 CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized CFLAGS+= -Wstrict-prototypes CFLAGS+= -DENABLE_ALTQ -I${.CURDIR} # Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords .if ${MK_INET6_SUPPORT} != "no" CFLAGS+= -DWITH_INET6 .endif .if ${MK_INET_SUPPORT} != "no" CFLAGS+= -DWITH_INET .endif YFLAGS= LIBADD= m md HAS_TESTS= SUBDIR.${MK_TESTS}+= tests .include Index: projects/clang700-import/sbin/pfctl/pf.os =================================================================== --- projects/clang700-import/sbin/pfctl/pf.os (nonexistent) +++ projects/clang700-import/sbin/pfctl/pf.os (revision 337647) @@ -0,0 +1,709 @@ +# $FreeBSD$ +# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $ +# passive OS fingerprinting +# ------------------------- +# +# SYN signatures. Those signatures work for SYN packets only (duh!). +# +# (C) Copyright 2000-2003 by Michal Zalewski +# (C) Copyright 2003 by Mike Frantzen +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# +# This fingerprint database is adapted from Michal Zalewski's p0f passive +# operating system package. The last database sync was from a Nov 3 2003 +# p0f.fp. +# +# +# Each line in this file specifies a single fingerprint. Please read the +# information below carefully before attempting to append any signatures +# reported as UNKNOWN to this file to avoid mistakes. +# +# We use the following set metrics for fingerprinting: +# +# - Window size (WSS) - a highly OS dependent setting used for TCP/IP +# performance control (max. amount of data to be sent without ACK). +# Some systems use a fixed value for initial packets. On other +# systems, it is a multiple of MSS or MTU (MSS+40). In some rare +# cases, the value is just arbitrary. +# +# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number +# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn' +# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the +# value of nn is not fixed (unlikely), just copy the Snn or Tnn token +# literally. If you know this device has a simple stack and a fixed +# MTU, you can however multiply S value by MSS, or T value by MSS+40, +# and put it instead of Snn or Tnn. +# +# If WSS otherwise looks like a fixed value (for example a multiple +# of two), or if you can confirm the value is fixed, please quote +# it literally. If there's no apparent pattern in WSS chosen, you +# should consider wildcarding this value. +# +# - Overall packet size - a function of all IP and TCP options and bugs. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Initial TTL - We check the actual TTL of a received packet. It can't +# be higher than the initial TTL, and also shouldn't be dramatically +# lower (maximum distance is defined as 40 hops). +# +# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally. +# You need to determine the initial TTL. The best way to do it is to +# check the documentation for a remote system, or check its settings. +# A fairly good method is to simply round the observed TTL up to +# 32, 64, 128, or 255, but it should be noted that some obscure devices +# might not use round TTLs (in particular, some shoddy appliances use +# "original" initial TTL settings). If not sure, you can see how many +# hops you're away from the remote party with traceroute or mtr. +# +# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU +# discovery. Others do not bother. +# +# NEW SIGNATURE: Copy this value literally. +# +# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f +# uses it to determine link type of the remote host. +# +# NEW SIGNATURE: Always wildcard this value, except for rare cases when +# you have an appliance with a fixed value, know the system supports only +# a very limited number of network interface types, or know the system +# is using a value it pulled out of nowhere. Specific unique MSS +# can be used to tell Google crawlbots from the rest of the population. +# +# - Window scaling (WSCALE) - this feature is used to scale WSS. +# It extends the size of a TCP/IP window to 32 bits. Some modern +# systems implement this feature. +# +# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set +# to zero or other low value. There's usually no need to wildcard this +# parameter. +# +# - Timestamp - some systems that implement timestamps set them to +# zero in the initial SYN. This case is detected and handled appropriately. +# +# - Selective ACK permitted - a flag set by systems that implement +# selective ACK functionality. +# +# - The sequence of TCP all options (MSS, window scaling, selective ACK +# permitted, timestamp, NOP). Other than the options previously +# discussed, p0f also checks for timestamp option (a silly +# extension to broadcast your uptime ;-), NOP options (used for +# header padding) and sackOK option (selective ACK feature). +# +# NEW SIGNATURE: Copy the sequence literally. +# +# To wildcard any value (except for initial TTL or TCP options), replace +# it with '*'. You can also use a modulo operator to match any values +# that divide by nnn - '%nnn'. +# +# Fingerprint entry format: +# +# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details +# +# wwww - window size (can be *, %nnn, Snn or Tnn). The special values +# "S" and "T" which are a multiple of MSS or a multiple of MTU +# respectively. +# ttt - initial TTL +# D - don't fragment bit (0 - not set, 1 - set) +# ss - overall SYN packet size +# OOO - option value and order specification (see below) +# OS - OS genre (Linux, Solaris, Windows) +# Version - OS Version (2.0.27 on x86, etc) +# Subtype - OS subtype or patchlevel (SP3, lo0) +# details - Generic OS details +# +# If OS genre starts with '*', p0f will not show distance, link type +# and timestamp data. It is useful for userland TCP/IP stacks of +# network scanners and so on, where many settings are randomized or +# bogus. +# +# If OS genre starts with @, it denotes an approximate hit for a group +# of operating systems (signature reporting still enabled in this case). +# Use this feature at the end of this file to catch cases for which +# you don't have a precise match, but can tell it's Windows or FreeBSD +# or whatnot by looking at, say, flag layout alone. +# +# Option block description is a list of comma or space separated +# options in the order they appear in the packet: +# +# N - NOP option +# Wnnn - window scaling option, value nnn (or * or %nnn) +# Mnnn - maximum segment size option, value nnn (or * or %nnn) +# S - selective ACK OK +# T - timestamp +# T0 - timestamp with a zero value +# +# To denote no TCP options, use a single '.'. +# +# Please report any additions to this file, or any inaccuracies or +# problems spotted, to the maintainers: lcamtuf@coredump.cx, +# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet +# capture of the relevant SYN packet(s) +# +# A test and submission page is available at +# http://lcamtuf.coredump.cx/p0f-help/ +# +# +# WARNING WARNING WARNING +# ----------------------- +# +# Do not add a system X as OS Y just because NMAP says so. It is often +# the case that X is a NAT firewall. While nmap is talking to the +# device itself, p0f is fingerprinting the guy behind the firewall +# instead. +# +# When in doubt, use common sense, don't add something that looks like +# a completely different system as Linux or FreeBSD or LinkSys router. +# Check DNS name, establish a connection to the remote host and look +# at SYN+ACK - does it look similar? +# +# Some users tweak their TCP/IP settings - enable or disable RFC1323 +# functionality, enable or disable timestamps or selective ACK, +# disable PMTU discovery, change MTU and so on. Always compare a new rule +# to other fingerprints for this system, and verify the system isn't +# "customized" before adding it. It is OK to add signature variants +# caused by a commonly used software (personal firewalls, security +# packages, etc), but it makes no sense to try to add every single +# possible /proc/sys/net/ipv4 tweak on Linux or so. +# +# KEEP IN MIND: Some packet firewalls configured to normalize outgoing +# traffic (OpenBSD pf with "scrub" enabled, for example) will, well, +# normalize packets. Signatures will not correspond to the originating +# system (and probably not quite to the firewall either). +# +# NOTE: Try to keep this file in some reasonable order, from most to +# least likely systems. This will speed up operation. Also keep most +# generic and broad rules near the end. +# + +########################## +# Standard OS signatures # +########################## + +# ----------------- AIX --------------------- + +# AIX is first because its signatures are close to NetBSD, MacOS X and +# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes... +# This is a shoddy hack, though. + +45046:64:0:44:M*: AIX:4.3::AIX 4.3 +16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier + +16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 +65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 +65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1 + +# ----------------- Linux ------------------- + +# S1:64:0:44:M*:A: Linux:1.2::Linux 1.2.x (XXX quirks support) +512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x +16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x + +# Endian snafu! Nelson says "ha-ha": +2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac +64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac + + +S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) + +S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) +S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer +S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7 +S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7 + +S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1) +S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2) +S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3) +T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4) + +S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0 + +S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4) +S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 +S3:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4) +S4:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4) + +S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer +S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 +S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2 + +# Popular cluster config scripts disable timestamps and +# selective ACK: +S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster + +# This needs to be investigated. On some systems, WSS +# is selected as a multiple of MTU instead of MSS. I got +# many submissions for this for many late versions of 2.4: +T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon) + +# This happens only over loopback, but let's make folks happy: +32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local) +S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local) + +# Opera visitors: +16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?) +32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?) + +# Some fairly common mods: +S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps +S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps + + +# ----------------- FreeBSD ----------------- + +16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2 +16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2 +16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2 +16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 + +57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) +57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9 + +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X) +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X) +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2 +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2 + +# XXX need quirks support +# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1) +# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2) +# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3) +# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323) + +# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) + +# ----------------- NetBSD ------------------ + +16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3 +65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera) +16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6 +16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF) +65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF) +65535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF) +32768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization) + +# ----------------- OpenBSD ----------------- + +16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) +16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8 +16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df) +57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 +57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) + +65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) + +16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9 +16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df) + +16384:64:1:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1::OpenBSD 6.1 +16384:64:0:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df) + +# ----------------- DragonFly BSD ----------------- + +57344:64:1:60:M*,N,W0,N,N,T: DragonFly:1.0:A:DragonFly 1.0A +57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:1.2-1.12::DragonFly 1.2-1.12 +5840:64:1:60:M*,S,T,N,W4: DragonFly:2.0-2.1::DragonFly 2.0-2.1 +57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:2.2-2.3::DragonFly 2.2-2.3 +57344:64:0:64:M*,N,W5,N,N,S,N,N,T: DragonFly:2.4-2.7::DragonFly 2.4-2.7 + +# ----------------- Solaris ----------------- + +S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 +S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8 +S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7 + +S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7 +S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1 +S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9 +S44:255:1:44:M*: Solaris:2.7::Solaris 7 + +4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x + +S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta) +32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203 + +# ----------------- IRIX -------------------- + +49152:64:0:44:M*: IRIX:6.4::IRIX 6.4 +61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5 +49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) +49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323) + +61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 +49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 + +49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27 + + +# ----------------- Tru64 ------------------- + +32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4) +32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0 +8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6) +61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack) + +# ----------------- OpenVMS ----------------- + +6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack) + +# ----------------- MacOS ------------------- + +# XXX Need EOL tcp opt support +# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic + +# XXX some of these use EOL too +16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP) +16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP) +32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2 +65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4) + + +# ----------------- Windows ----------------- + +# Windows TCP/IP stack is a mess. For most recent XP, 2000 and +# even 98, the patchlevel, not the actual OS version, is more +# relevant to the signature. They share the same code, so it would +# seem. Luckily for us, almost all Windows 9x boxes have an +# awkward MSS of 536, which I use to tell one from another +# in most difficult cases. + +8192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows) +S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95 +8192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b + +# There were so many tweaking tools and so many stack versions for +# Windows 98 it is no longer possible to tell them from each other +# without some very serious research. Until then, there's an insane +# number of signatures, for your amusement: + +S44:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL) +8192:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL) +%8192:64:1:48:M536,N,N,S: Windows:98::Windows 98 +%8192:128:1:48:M536,N,N,S: Windows:98::Windows 98 +S4:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S6:64:1:48:M*,N,N,S: Windows:98::Windows 98 +S12:64:1:48:M*,N,N,S: Windows:98::Windows 98 +T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 +32767:64:1:48:M*,N,N,S: Windows:98::Windows 98 +37300:64:1:48:M*,N,N,S: Windows:98::Windows 98 +46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323) +65535:64:1:44:M*: Windows:98:noSack:Windows 98 (no sack) +S16:128:1:48:M*,N,N,S: Windows:98::Windows 98 +S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98 +S26:128:1:48:M*,N,N,S: Windows:98::Windows 98 +T30:128:1:48:M*,N,N,S: Windows:98::Windows 98 +32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98 +60352:128:1:48:M*,N,N,S: Windows:98::Windows 98 +60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98 + +# What's with 1414 on NT? +T31:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a +64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a +8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older) + +# Windows XP and 2000. Most of the signatures that were +# either dubious or non-specific (no service pack data) +# were deleted and replaced with generics at the end. + +65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1 +65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1 +%8192:128:1:48:M*,N,N,S: Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222) +%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222) +S20:128:1:48:M*,N,N,S: Windows:2000::Windows 2000/XP SP3 +S20:128:1:48:M*,N,N,S: Windows:XP:SP3:Windows 2000/XP SP3 +S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP 1 +S45:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP 1 +40320:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4 + +S6:128:1:48:M*,N,N,S: Windows:2000:SP2:Windows XP, 2000 SP2+ +S6:128:1:48:M*,N,N,S: Windows:XP::Windows XP, 2000 SP2+ +S12:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1 +S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows Pro SP1, 2000 SP3 +S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3 +64512:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows SP1, 2000 SP3 +64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP3 +32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4 +32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4 + +8192:128:1:52:M*,N,W2,N,N,S: Windows:Vista::Windows Vista/7 + +# Odds, ends, mods: + +S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco +S52:128:1:48:M1260,N,N,S: Windows:XP:cisco:Windows XP/2000 via Cisco +65520:128:1:48:M*,N,N,S: Windows:XP::Windows XP bare-bone +16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm? +2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server + +44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?) +S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2 +32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS + + +# No need to be more specific, it passes: +# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk +# there is an equiv similar generic sig w/o the quirk + +# ----------------- HP/UX ------------------- + +32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20 +32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0 +32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11 +32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11 + +# Whoa. Hardcore WSS. +0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) + +# ----------------- RiscOS ------------------ + +# We don't yet support the ?12 TCP option +#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36 +12288:32:0:44:M536: RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10 + +# XXX quirk +# 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00 + + + +# ----------------- BSD/OS ------------------ + +# Once again, power of two WSS is also shared by MacOS X with DF set +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF) +8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2) + + +# ---------------- NewtonOS ----------------- + +4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1 + +# ---------------- NeXTSTEP ----------------- + +S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3 +S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 + +# ------------------ BeOS ------------------- + +1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1 +12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x + +# ------------------ OS/400 ----------------- + +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5 +8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5 +4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032 + +# XXX quirk +# 28672:64:0:44:M1460:A:OS/390:? + +# ------------------ ULTRIX ----------------- + +16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5 + +# ------------------- QNX ------------------- + +S16:64:0:44:M512: QNX:::QNX demodisk + +# ------------------ Novell ----------------- + +16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0 +6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11 +6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ? + +6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3 + + +# ----------------- SCO ------------------ +S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 +S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3 +S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0 + +# ------------------- DOS ------------------- + +2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 +T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro) + +# ------------------ OS/2 ------------------- + +S56:64:0:44:M512: OS/2:4::OS/2 4 +28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0 + +# ----------------- TOPS-20 ----------------- + +# Another hardcore MSS, one of the ACK leakers hunted down. +# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7 +0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7 + +# ----------------- FreeMiNT ---------------- + +S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari) + +# ------------------ AMIGA ------------------ + +# XXX TCP option 12 +# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack + +# ------------------ Plan9 ------------------ + +65535:255:0:48:M1460,W0,N: Plan9:4::Plan9 edition 4 + +# ----------------- AMIGAOS ----------------- + +16384:64:1:48:M1560,N,N,S: AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX + +########################################### +# Appliance / embedded / other signatures # +########################################### + +# ---------- Firewalls / routers ------------ + +S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) +S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) +4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x + +# XXX TCP option 12 +# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3 +# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026 + +S4:64:1:60:W0,N,S,T,M1460: FortiNet:FortiGate:50:FortiNet FortiGate 50 + +8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway + +S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router + + + +# ------- Switches and other stuff ---------- + +4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc +S8:255:0:44:M*: Cisco:12008::Cisco 12008 +60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch +64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client + + +# ---------- Caches and whatnots ------------ + +S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache + +32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x +16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1 +65535:64:0:64:M1460,N,N,S,N,W*,N,N,T: NetApp:5.3-5.5::NetApp 5.3-5.5 +65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow +8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1 +20480:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:4.1::NetApp NetCache4.1 + +65535:64:0:60:M1460,N,W0,N,N,T: CacheFlow:4.1::CacheFlow CacheOS 4.1 +8192:64:0:60:M1380,N,N,N,N,N,N,T: CacheFlow:1.1::CacheFlow CacheOS 1.1 + +S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine + +27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based) + +65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler +S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg + +16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) + +65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200 + +32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine + +# ----------- Embedded systems -------------- + +S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C +S5:255:0:44:M536: PalmOS:3::PalmOS 3/4 +S5:255:0:44:M536: PalmOS:4::PalmOS 3/4 +S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 +2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) +S29:255:0:44:M536: PalmOS:5::PalmOS 5.0 +16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie) +S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo) + +S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 + +8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?) +8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?) +S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?) +S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?) + + +# Perhaps S4? +5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10 + +32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002 + +S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0 + +4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0 +T5:64:0:44:M536: Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027) +S22:64:1:44:M1460: Sony:PS2::Sony Playstation 2 (SOCOM?) + +S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 + +3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0 + +#################### +# Fancy signatures # +#################### + +1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1) +2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2) +3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) +4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) + +# Requires quirks support +# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1) +# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2) +# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3) +# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4) + +1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) +2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) +3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) +4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) + +32767:64:0:40:.: *NAST:::NASTsyn scan + +# Requires quirks support +# 12345:255:0:40:.:A:-p0f:sendsyn utility + + +##################################### +# Generic signatures - just in case # +##################################### + +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x +#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x + +*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) +*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) +*:128:1:48:M536,N,N,S: @Windows:98::Windows 98 +*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000 +*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000 + + Property changes on: projects/clang700-import/sbin/pfctl/pf.os ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/sbin/restore/tape.c =================================================================== --- projects/clang700-import/sbin/restore/tape.c (revision 337646) +++ projects/clang700-import/sbin/restore/tape.c (revision 337647) @@ -1,1702 +1,1702 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. * (c) UNIX System Laboratories, Inc. * All or some portions of this file are derived from material licensed * to the University of California by American Telephone and Telegraph * Co. or Unix System Laboratories, Inc. and are reproduced herein with * the permission of UNIX System Laboratories, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint #if 0 static char sccsid[] = "@(#)tape.c 8.9 (Berkeley) 5/1/95"; #endif #endif /* not lint */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "restore.h" #include "extern.h" static long fssize = MAXBSIZE; static int mt = -1; static int pipein = 0; static int pipecmdin = 0; static FILE *popenfp = NULL; static char *magtape; static int blkcnt; static int numtrec; static char *tapebuf; static union u_spcl endoftapemark; static long byteslide = 0; static long blksread; /* blocks read since last header */ static int64_t tapeaddr = 0; /* current TP_BSIZE tape record */ static long tapesread; static jmp_buf restart; static int gettingfile = 0; /* restart has a valid frame */ static char *host = NULL; static int readmapflag; static int ofile; static char *map; static char lnkbuf[MAXPATHLEN + 1]; static int pathlen; int Bcvt; /* Swap Bytes */ int oldinofmt; /* FreeBSD 1 inode format needs cvt */ #define FLUSHTAPEBUF() blkcnt = ntrec + 1 char *namespace_names[] = EXTATTR_NAMESPACE_NAMES; static void accthdr(struct s_spcl *); static int checksum(int *); static void findinode(struct s_spcl *); static void findtapeblksize(void); static char *setupextattr(int); static void xtrattr(char *, size_t); static void skiphole(void (*)(char *, size_t), size_t *); static int gethead(struct s_spcl *); static void readtape(char *); static void setdumpnum(void); static u_long swabl(u_long); static u_char *swablong(u_char *, int); static u_char *swabshort(u_char *, int); static void terminateinput(void); static void xtrfile(char *, size_t); static void xtrlnkfile(char *, size_t); static void xtrlnkskip(char *, size_t); static void xtrmap(char *, size_t); static void xtrmapskip(char *, size_t); static void xtrskip(char *, size_t); /* * Set up an input source */ void setinput(char *source, int ispipecommand) { FLUSHTAPEBUF(); if (bflag) newtapebuf(ntrec); else newtapebuf(MAX(NTREC, HIGHDENSITYTREC)); terminal = stdin; if (ispipecommand) pipecmdin++; else #ifdef RRESTORE if (strchr(source, ':')) { host = source; source = strchr(host, ':'); *source++ = '\0'; if (rmthost(host) == 0) done(1); } else #endif if (strcmp(source, "-") == 0) { /* * Since input is coming from a pipe we must establish * our own connection to the terminal. */ terminal = fopen(_PATH_TTY, "r"); if (terminal == NULL) { (void)fprintf(stderr, "cannot open %s: %s\n", _PATH_TTY, strerror(errno)); terminal = fopen(_PATH_DEVNULL, "r"); if (terminal == NULL) { (void)fprintf(stderr, "cannot open %s: %s\n", _PATH_DEVNULL, strerror(errno)); done(1); } } pipein++; } /* no longer need or want root privileges */ if (setuid(getuid()) != 0) { fprintf(stderr, "setuid failed\n"); done(1); } magtape = strdup(source); if (magtape == NULL) { fprintf(stderr, "Cannot allocate space for magtape buffer\n"); done(1); } } void newtapebuf(long size) { static int tapebufsize = -1; ntrec = size; if (size <= tapebufsize) return; if (tapebuf != NULL) free(tapebuf - TP_BSIZE); tapebuf = malloc((size+1) * TP_BSIZE); if (tapebuf == NULL) { fprintf(stderr, "Cannot allocate space for tape buffer\n"); done(1); } tapebuf += TP_BSIZE; tapebufsize = size; } /* * Verify that the tape drive can be accessed and * that it actually is a dump tape. */ void setup(void) { int i, j, *ip; struct stat stbuf; vprintf(stdout, "Verify tape and initialize maps\n"); if (pipecmdin) { if (setenv("RESTORE_VOLUME", "1", 1) == -1) { fprintf(stderr, "Cannot set $RESTORE_VOLUME: %s\n", strerror(errno)); done(1); } popenfp = popen(magtape, "r"); mt = popenfp ? fileno(popenfp) : -1; } else #ifdef RRESTORE if (host) mt = rmtopen(magtape, 0); else #endif if (pipein) mt = 0; else mt = open(magtape, O_RDONLY, 0); if (mt < 0) { fprintf(stderr, "%s: %s\n", magtape, strerror(errno)); done(1); } volno = 1; setdumpnum(); FLUSHTAPEBUF(); if (!pipein && !pipecmdin && !bflag) findtapeblksize(); if (gethead(&spcl) == FAIL) { fprintf(stderr, "Tape is not a dump tape\n"); done(1); } if (pipein) { endoftapemark.s_spcl.c_magic = FS_UFS2_MAGIC; endoftapemark.s_spcl.c_type = TS_END; ip = (int *)&endoftapemark; j = sizeof(union u_spcl) / sizeof(int); i = 0; do i += *ip++; while (--j); endoftapemark.s_spcl.c_checksum = CHECKSUM - i; } if (vflag || command == 't') printdumpinfo(); dumptime = _time64_to_time(spcl.c_ddate); dumpdate = _time64_to_time(spcl.c_date); if (stat(".", &stbuf) < 0) { fprintf(stderr, "cannot stat .: %s\n", strerror(errno)); done(1); } if (stbuf.st_blksize > 0 && stbuf.st_blksize < TP_BSIZE ) fssize = TP_BSIZE; if (stbuf.st_blksize >= TP_BSIZE && stbuf.st_blksize <= MAXBSIZE) fssize = stbuf.st_blksize; if (((TP_BSIZE - 1) & stbuf.st_blksize) != 0) { fprintf(stderr, "Warning: filesystem with non-multiple-of-%d " "blocksize (%d);\n", TP_BSIZE, stbuf.st_blksize); fssize = roundup(fssize, TP_BSIZE); fprintf(stderr, "\twriting using blocksize %ld\n", fssize); } if (spcl.c_volume != 1) { fprintf(stderr, "Tape is not volume 1 of the dump\n"); done(1); } if (gethead(&spcl) == FAIL) { dprintf(stdout, "header read failed at %ld blocks\n", blksread); panic("no header after volume mark!\n"); } findinode(&spcl); if (spcl.c_type != TS_CLRI) { fprintf(stderr, "Cannot find file removal list\n"); done(1); } maxino = (spcl.c_count * TP_BSIZE * NBBY) + 1; dprintf(stdout, "maxino = %ju\n", (uintmax_t)maxino); map = calloc((unsigned)1, (unsigned)howmany(maxino, NBBY)); if (map == NULL) panic("no memory for active inode map\n"); usedinomap = map; curfile.action = USING; getfile(xtrmap, xtrmapskip, xtrmapskip); if (spcl.c_type != TS_BITS) { fprintf(stderr, "Cannot find file dump list\n"); done(1); } map = calloc((unsigned)1, (unsigned)howmany(maxino, NBBY)); if (map == (char *)NULL) panic("no memory for file dump list\n"); dumpmap = map; curfile.action = USING; getfile(xtrmap, xtrmapskip, xtrmapskip); /* * If there may be whiteout entries on the tape, pretend that the * whiteout inode exists, so that the whiteout entries can be * extracted. */ SETINO(UFS_WINO, dumpmap); /* 'r' restores don't call getvol() for tape 1, so mark it as read. */ if (command == 'r') tapesread = 1; } /* * Prompt user to load a new dump volume. * "Nextvol" is the next suggested volume to use. * This suggested volume is enforced when doing full * or incremental restores, but can be overridden by * the user when only extracting a subset of the files. */ void getvol(long nextvol) { int64_t prevtapea; long i, newvol, savecnt; union u_spcl tmpspcl; # define tmpbuf tmpspcl.s_spcl char buf[TP_BSIZE]; if (nextvol == 1) { tapesread = 0; gettingfile = 0; } prevtapea = tapeaddr; savecnt = blksread; if (pipein) { if (nextvol != 1) { panic("Changing volumes on pipe input?\n"); /* Avoid looping if we couldn't ask the user. */ if (yflag || ferror(terminal) || feof(terminal)) done(1); } if (volno == 1) return; newvol = 0; goto gethdr; } again: if (pipein) done(1); /* pipes do not get a second chance */ if (command == 'R' || command == 'r' || curfile.action != SKIP) newvol = nextvol; else newvol = 0; while (newvol <= 0) { if (tapesread == 0) { fprintf(stderr, "%s%s%s%s%s%s%s", "You have not read any tapes yet.\n", "If you are extracting just a few files,", " start with the last volume\n", "and work towards the first; restore", " can quickly skip tapes that\n", "have no further files to extract.", " Otherwise, begin with volume 1.\n"); } else { fprintf(stderr, "You have read volumes"); strcpy(buf, ": "); for (i = 0; i < 32; i++) if (tapesread & (1 << i)) { fprintf(stderr, "%s%ld", buf, i + 1); strcpy(buf, ", "); } fprintf(stderr, "\n"); } do { fprintf(stderr, "Specify next volume #: "); (void) fflush(stderr); if (fgets(buf, BUFSIZ, terminal) == NULL) done(1); } while (buf[0] == '\n'); newvol = atoi(buf); if (newvol <= 0) { fprintf(stderr, "Volume numbers are positive numerics\n"); } } if (newvol == volno) { tapesread |= 1 << (volno - 1); return; } closemt(); fprintf(stderr, "Mount tape volume %ld\n", newvol); fprintf(stderr, "Enter ``none'' if there are no more tapes\n"); fprintf(stderr, "otherwise enter tape name (default: %s) ", magtape); (void) fflush(stderr); if (fgets(buf, BUFSIZ, terminal) == NULL) done(1); if (!strcmp(buf, "none\n")) { terminateinput(); return; } if (buf[0] != '\n') { (void) strcpy(magtape, buf); magtape[strlen(magtape) - 1] = '\0'; } if (pipecmdin) { char volno[sizeof("2147483647")]; (void)sprintf(volno, "%ld", newvol); if (setenv("RESTORE_VOLUME", volno, 1) == -1) { fprintf(stderr, "Cannot set $RESTORE_VOLUME: %s\n", strerror(errno)); done(1); } popenfp = popen(magtape, "r"); mt = popenfp ? fileno(popenfp) : -1; } else #ifdef RRESTORE if (host) mt = rmtopen(magtape, 0); else #endif mt = open(magtape, O_RDONLY, 0); if (mt == -1) { fprintf(stderr, "Cannot open %s\n", magtape); volno = -1; goto again; } gethdr: volno = newvol; setdumpnum(); FLUSHTAPEBUF(); if (gethead(&tmpbuf) == FAIL) { dprintf(stdout, "header read failed at %ld blocks\n", blksread); fprintf(stderr, "tape is not dump tape\n"); volno = 0; goto again; } if (tmpbuf.c_volume != volno) { fprintf(stderr, "Wrong volume (%jd)\n", (intmax_t)tmpbuf.c_volume); volno = 0; goto again; } if (_time64_to_time(tmpbuf.c_date) != dumpdate || _time64_to_time(tmpbuf.c_ddate) != dumptime) { time_t t = _time64_to_time(tmpbuf.c_date); fprintf(stderr, "Wrong dump date\n\tgot: %s", ctime(&t)); fprintf(stderr, "\twanted: %s", ctime(&dumpdate)); volno = 0; goto again; } tapesread |= 1 << (volno - 1); blksread = savecnt; /* * If continuing from the previous volume, skip over any * blocks read already at the end of the previous volume. * * If coming to this volume at random, skip to the beginning * of the next record. */ dprintf(stdout, "last rec %jd, tape starts with %jd\n", (intmax_t)prevtapea, (intmax_t)tmpbuf.c_tapea); if (tmpbuf.c_type == TS_TAPE) { if (curfile.action != USING) { /* * XXX Dump incorrectly sets c_count to 1 in the * volume header of the first tape, so ignore * c_count when volno == 1. */ if (volno != 1) for (i = tmpbuf.c_count; i > 0; i--) readtape(buf); } else if (tmpbuf.c_tapea <= prevtapea) { /* * Normally the value of c_tapea in the volume * header is the record number of the header itself. * However in the volume header following an EOT- * terminated tape, it is the record number of the * first continuation data block (dump bug?). * * The next record we want is `prevtapea + 1'. */ i = prevtapea + 1 - tmpbuf.c_tapea; dprintf(stderr, "Skipping %ld duplicate record%s.\n", i, i > 1 ? "s" : ""); while (--i >= 0) readtape(buf); } } if (curfile.action == USING) { if (volno == 1) panic("active file into volume 1\n"); return; } (void) gethead(&spcl); findinode(&spcl); if (gettingfile) { gettingfile = 0; longjmp(restart, 1); } } /* * Handle unexpected EOF. */ static void terminateinput(void) { if (gettingfile && curfile.action == USING) { printf("Warning: %s %s\n", "End-of-input encountered while extracting", curfile.name); } curfile.name = ""; curfile.action = UNKNOWN; curfile.mode = 0; curfile.ino = maxino; if (gettingfile) { gettingfile = 0; longjmp(restart, 1); } } /* * handle multiple dumps per tape by skipping forward to the * appropriate one. */ static void setdumpnum(void) { struct mtop tcom; if (dumpnum == 1 || volno != 1) return; if (pipein) { fprintf(stderr, "Cannot have multiple dumps on pipe input\n"); done(1); } tcom.mt_op = MTFSF; tcom.mt_count = dumpnum - 1; #ifdef RRESTORE if (host) rmtioctl(MTFSF, dumpnum - 1); else #endif if (!pipecmdin && ioctl(mt, MTIOCTOP, (char *)&tcom) < 0) fprintf(stderr, "ioctl MTFSF: %s\n", strerror(errno)); } void printdumpinfo(void) { time_t t; t = _time64_to_time(spcl.c_date); fprintf(stdout, "Dump date: %s", ctime(&t)); t = _time64_to_time(spcl.c_ddate); fprintf(stdout, "Dumped from: %s", (spcl.c_ddate == 0) ? "the epoch\n" : ctime(&t)); if (spcl.c_host[0] == '\0') return; fprintf(stderr, "Level %jd dump of %s on %s:%s\n", (intmax_t)spcl.c_level, spcl.c_filesys, spcl.c_host, spcl.c_dev); fprintf(stderr, "Label: %s\n", spcl.c_label); } int extractfile(char *name) { u_int flags; uid_t uid; gid_t gid; mode_t mode; int extsize; struct timespec mtimep[2], ctimep[2]; struct entry *ep; char *buf; curfile.name = name; curfile.action = USING; mtimep[0].tv_sec = curfile.atime_sec; mtimep[0].tv_nsec = curfile.atime_nsec; mtimep[1].tv_sec = curfile.mtime_sec; mtimep[1].tv_nsec = curfile.mtime_nsec; ctimep[0].tv_sec = curfile.atime_sec; ctimep[0].tv_nsec = curfile.atime_nsec; ctimep[1].tv_sec = curfile.birthtime_sec; ctimep[1].tv_nsec = curfile.birthtime_nsec; extsize = curfile.extsize; uid = getuid(); if (uid == 0) uid = curfile.uid; gid = curfile.gid; mode = curfile.mode; flags = curfile.file_flags; switch (mode & IFMT) { default: fprintf(stderr, "%s: unknown file mode 0%o\n", name, mode); skipfile(); return (FAIL); case IFSOCK: vprintf(stdout, "skipped socket %s\n", name); skipfile(); return (GOOD); case IFDIR: if (mflag) { ep = lookupname(name); if (ep == NULL || ep->e_flags & EXTRACT) panic("unextracted directory %s\n", name); skipfile(); return (GOOD); } vprintf(stdout, "extract file %s\n", name); return (genliteraldir(name, curfile.ino)); case IFLNK: lnkbuf[0] = '\0'; pathlen = 0; buf = setupextattr(extsize); getfile(xtrlnkfile, xtrattr, xtrlnkskip); if (pathlen == 0) { vprintf(stdout, "%s: zero length symbolic link (ignored)\n", name); return (GOOD); } if (linkit(lnkbuf, name, SYMLINK) == GOOD) { if (extsize > 0) set_extattr(-1, name, buf, extsize, SXA_LINK); (void) lchown(name, uid, gid); (void) lchmod(name, mode); (void) utimensat(AT_FDCWD, name, ctimep, AT_SYMLINK_NOFOLLOW); (void) utimensat(AT_FDCWD, name, mtimep, AT_SYMLINK_NOFOLLOW); (void) lchflags(name, flags); return (GOOD); } return (FAIL); case IFIFO: vprintf(stdout, "extract fifo %s\n", name); if (Nflag) { skipfile(); return (GOOD); } if (uflag) (void) unlink(name); if (mkfifo(name, 0600) < 0) { fprintf(stderr, "%s: cannot create fifo: %s\n", name, strerror(errno)); skipfile(); return (FAIL); } if (extsize == 0) { skipfile(); } else { buf = setupextattr(extsize); getfile(xtrnull, xtrattr, xtrnull); set_extattr(-1, name, buf, extsize, SXA_FILE); } (void) chown(name, uid, gid); (void) chmod(name, mode); (void) utimensat(AT_FDCWD, name, ctimep, 0); (void) utimensat(AT_FDCWD, name, mtimep, 0); (void) chflags(name, flags); return (GOOD); case IFCHR: case IFBLK: vprintf(stdout, "extract special file %s\n", name); if (Nflag) { skipfile(); return (GOOD); } if (uflag) (void) unlink(name); if (mknod(name, (mode & (IFCHR | IFBLK)) | 0600, (int)curfile.rdev) < 0) { fprintf(stderr, "%s: cannot create special file: %s\n", name, strerror(errno)); skipfile(); return (FAIL); } if (extsize == 0) { skipfile(); } else { buf = setupextattr(extsize); getfile(xtrnull, xtrattr, xtrnull); set_extattr(-1, name, buf, extsize, SXA_FILE); } (void) chown(name, uid, gid); (void) chmod(name, mode); (void) utimensat(AT_FDCWD, name, ctimep, 0); (void) utimensat(AT_FDCWD, name, mtimep, 0); (void) chflags(name, flags); return (GOOD); case IFREG: vprintf(stdout, "extract file %s\n", name); if (Nflag) { skipfile(); return (GOOD); } if (uflag) (void) unlink(name); if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) { fprintf(stderr, "%s: cannot create file: %s\n", name, strerror(errno)); skipfile(); return (FAIL); } buf = setupextattr(extsize); getfile(xtrfile, xtrattr, xtrskip); if (extsize > 0) set_extattr(ofile, name, buf, extsize, SXA_FD); (void) fchown(ofile, uid, gid); (void) fchmod(ofile, mode); (void) futimens(ofile, ctimep); (void) futimens(ofile, mtimep); (void) fchflags(ofile, flags); (void) close(ofile); return (GOOD); } /* NOTREACHED */ } /* * Set attributes on a file descriptor, link, or file. */ void set_extattr(int fd, char *name, void *buf, int size, enum set_extattr_mode mode) { struct extattr *eap, *eaend; const char *method; ssize_t res; int error; char eaname[EXTATTR_MAXNAMELEN + 1]; vprintf(stdout, "Set attributes for %s:", name); eaend = buf + size; for (eap = buf; eap < eaend; eap = EXTATTR_NEXT(eap)) { /* * Make sure this entry is complete. */ if (EXTATTR_NEXT(eap) > eaend || eap->ea_length <= 0) { dprintf(stdout, "\n\t%scorrupted", eap == buf ? "" : "remainder "); break; } if (eap->ea_namespace == EXTATTR_NAMESPACE_EMPTY) continue; snprintf(eaname, sizeof(eaname), "%.*s", (int)eap->ea_namelength, eap->ea_name); vprintf(stdout, "\n\t%s, (%d bytes), %s", namespace_names[eap->ea_namespace], eap->ea_length, eaname); /* * First we try the general attribute setting interface. * However, some attributes can only be set by root or * by using special interfaces (for example, ACLs). */ if (mode == SXA_FD) { res = extattr_set_fd(fd, eap->ea_namespace, eaname, EXTATTR_CONTENT(eap), EXTATTR_CONTENT_SIZE(eap)); method = "extattr_set_fd"; } else if (mode == SXA_LINK) { res = extattr_set_link(name, eap->ea_namespace, eaname, EXTATTR_CONTENT(eap), EXTATTR_CONTENT_SIZE(eap)); method = "extattr_set_link"; } else if (mode == SXA_FILE) { res = extattr_set_file(name, eap->ea_namespace, eaname, EXTATTR_CONTENT(eap), EXTATTR_CONTENT_SIZE(eap)); method = "extattr_set_file"; } if (res != -1) { dprintf(stdout, " (set using %s)", method); continue; } /* * If the general interface refuses to set the attribute, * then we try all the specialized interfaces that we * know about. */ if (eap->ea_namespace == EXTATTR_NAMESPACE_SYSTEM && strcmp(eaname, POSIX1E_ACL_ACCESS_EXTATTR_NAME) == 0) { if (mode == SXA_FD) { error = acl_set_fd(fd, EXTATTR_CONTENT(eap)); method = "acl_set_fd"; } else if (mode == SXA_LINK) { error = acl_set_link_np(name, ACL_TYPE_ACCESS, EXTATTR_CONTENT(eap)); method = "acl_set_link_np"; } else if (mode == SXA_FILE) { error = acl_set_file(name, ACL_TYPE_ACCESS, EXTATTR_CONTENT(eap)); method = "acl_set_file"; } if (error != -1) { dprintf(stdout, " (set using %s)", method); continue; } } if (eap->ea_namespace == EXTATTR_NAMESPACE_SYSTEM && strcmp(eaname, POSIX1E_ACL_DEFAULT_EXTATTR_NAME) == 0) { if (mode == SXA_LINK) { error = acl_set_link_np(name, ACL_TYPE_DEFAULT, EXTATTR_CONTENT(eap)); method = "acl_set_link_np"; } else { error = acl_set_file(name, ACL_TYPE_DEFAULT, EXTATTR_CONTENT(eap)); method = "acl_set_file"; } if (error != -1) { dprintf(stdout, " (set using %s)", method); continue; } } vprintf(stdout, " (unable to set)"); } vprintf(stdout, "\n"); } /* * skip over bit maps on the tape */ void skipmaps(void) { while (spcl.c_type == TS_BITS || spcl.c_type == TS_CLRI) skipfile(); } /* * skip over a file on the tape */ void skipfile(void) { curfile.action = SKIP; getfile(xtrnull, xtrnull, xtrnull); } /* * Skip a hole in an output file */ static void skiphole(void (*skip)(char *, size_t), size_t *seekpos) { char buf[MAXBSIZE]; if (*seekpos > 0) { (*skip)(buf, *seekpos); *seekpos = 0; } } /* * Extract a file from the tape. * When an allocated block is found it is passed to the fill function; * when an unallocated block (hole) is found, a zeroed buffer is passed * to the skip function. */ void getfile(void (*datafill)(char *, size_t), void (*attrfill)(char *, size_t), void (*skip)(char *, size_t)) { int i; volatile off_t size; size_t seekpos; int curblk, attrsize; void (*fillit)(char *, size_t); char buf[MAXBSIZE / TP_BSIZE][TP_BSIZE]; char junk[TP_BSIZE]; curblk = 0; size = spcl.c_size; seekpos = 0; attrsize = spcl.c_extsize; if (spcl.c_type == TS_END) panic("ran off end of tape\n"); if (spcl.c_magic != FS_UFS2_MAGIC) panic("not at beginning of a file\n"); if (!gettingfile && setjmp(restart) != 0) return; gettingfile++; fillit = datafill; if (size == 0 && attrsize > 0) { fillit = attrfill; size = attrsize; attrsize = 0; } loop: for (i = 0; i < spcl.c_count; i++) { if (!readmapflag && i > TP_NINDIR) { if (Dflag) { fprintf(stderr, "spcl.c_count = %jd\n", (intmax_t)spcl.c_count); break; } else panic("spcl.c_count = %jd\n", (intmax_t)spcl.c_count); } if (readmapflag || spcl.c_addr[i]) { readtape(&buf[curblk++][0]); if (curblk == fssize / TP_BSIZE) { skiphole(skip, &seekpos); (*fillit)((char *)buf, (long)(size > TP_BSIZE ? fssize : (curblk - 1) * TP_BSIZE + size)); curblk = 0; } } else { if (curblk > 0) { skiphole(skip, &seekpos); (*fillit)((char *)buf, (long)(size > TP_BSIZE ? curblk * TP_BSIZE : (curblk - 1) * TP_BSIZE + size)); curblk = 0; } /* * We have a block of a hole. Don't skip it * now, because there may be next adjacent * block of the hole in the file. Postpone the * seek until next file write. */ seekpos += (long)MIN(TP_BSIZE, size); } if ((size -= TP_BSIZE) <= 0) { if (size > -TP_BSIZE && curblk > 0) { skiphole(skip, &seekpos); (*fillit)((char *)buf, (long)((curblk * TP_BSIZE) + size)); curblk = 0; } if (attrsize > 0) { fillit = attrfill; size = attrsize; attrsize = 0; continue; } if (spcl.c_count - i > 1) dprintf(stdout, "skipping %d junk block(s)\n", spcl.c_count - i - 1); for (i++; i < spcl.c_count; i++) { if (!readmapflag && i > TP_NINDIR) { if (Dflag) { fprintf(stderr, "spcl.c_count = %jd\n", (intmax_t)spcl.c_count); break; } else panic("spcl.c_count = %jd\n", (intmax_t)spcl.c_count); } if (readmapflag || spcl.c_addr[i]) readtape(junk); } break; } } if (gethead(&spcl) == GOOD && size > 0) { if (spcl.c_type == TS_ADDR) goto loop; dprintf(stdout, "Missing address (header) block for %s at %ld blocks\n", curfile.name, blksread); } if (curblk > 0) panic("getfile: lost data\n"); findinode(&spcl); gettingfile = 0; } /* * These variables are shared between the next two functions. */ static int extbufsize = 0; static char *extbuf; static int extloc; /* * Allocate a buffer into which to extract extended attributes. */ static char * setupextattr(int extsize) { extloc = 0; if (extsize <= extbufsize) return (extbuf); if (extbufsize > 0) free(extbuf); if ((extbuf = malloc(extsize)) != NULL) { extbufsize = extsize; return (extbuf); } extbufsize = 0; extbuf = NULL; fprintf(stderr, "Cannot extract %d bytes %s for inode %ju, name %s\n", extsize, "of extended attributes", (uintmax_t)curfile.ino, curfile.name); return (NULL); } /* * Extract the next block of extended attributes. */ static void xtrattr(char *buf, size_t size) { if (extloc + size > extbufsize) panic("overrun attribute buffer\n"); memmove(&extbuf[extloc], buf, size); extloc += size; } /* * Write out the next block of a file. */ static void xtrfile(char *buf, size_t size) { if (Nflag) return; if (write(ofile, buf, (int) size) == -1) { fprintf(stderr, "write error extracting inode %ju, name %s\nwrite: %s\n", (uintmax_t)curfile.ino, curfile.name, strerror(errno)); } } /* * Skip over a hole in a file. */ /* ARGSUSED */ static void xtrskip(char *buf, size_t size) { if (lseek(ofile, size, SEEK_CUR) == -1) { fprintf(stderr, "seek error extracting inode %ju, name %s\nlseek: %s\n", (uintmax_t)curfile.ino, curfile.name, strerror(errno)); done(1); } } /* * Collect the next block of a symbolic link. */ static void xtrlnkfile(char *buf, size_t size) { pathlen += size; if (pathlen > MAXPATHLEN) { fprintf(stderr, "symbolic link name: %s->%s%s; too long %d\n", curfile.name, lnkbuf, buf, pathlen); done(1); } (void) strcat(lnkbuf, buf); } /* * Skip over a hole in a symbolic link (should never happen). */ /* ARGSUSED */ static void xtrlnkskip(char *buf, size_t size) { fprintf(stderr, "unallocated block in symbolic link %s\n", curfile.name); done(1); } /* * Collect the next block of a bit map. */ static void xtrmap(char *buf, size_t size) { memmove(map, buf, size); map += size; } /* * Skip over a hole in a bit map (should never happen). */ /* ARGSUSED */ static void xtrmapskip(char *buf, size_t size) { panic("hole in map\n"); map += size; } /* * Noop, when an extraction function is not needed. */ /* ARGSUSED */ void xtrnull(char *buf, size_t size) { return; } /* * Read TP_BSIZE blocks from the input. * Handle read errors, and end of media. */ static void readtape(char *buf) { long rd, newvol, i, oldnumtrec; int cnt, seek_failed; if (blkcnt + (byteslide > 0) < numtrec) { memmove(buf, &tapebuf[(blkcnt++ * TP_BSIZE) + byteslide], (long)TP_BSIZE); blksread++; tapeaddr++; return; } if (numtrec > 0) memmove(&tapebuf[-TP_BSIZE], &tapebuf[(numtrec-1) * TP_BSIZE], (long)TP_BSIZE); oldnumtrec = numtrec; for (i = 0; i < ntrec; i++) ((struct s_spcl *)&tapebuf[i * TP_BSIZE])->c_magic = 0; if (numtrec == 0) numtrec = ntrec; cnt = ntrec * TP_BSIZE; rd = 0; getmore: #ifdef RRESTORE if (host) i = rmtread(&tapebuf[rd], cnt); else #endif i = read(mt, &tapebuf[rd], cnt); /* * Check for mid-tape short read error. * If found, skip rest of buffer and start with the next. */ if (!pipein && !pipecmdin && numtrec < ntrec && i > 0) { dprintf(stdout, "mid-media short read error.\n"); numtrec = ntrec; } /* * Handle partial block read. */ if ((pipein || pipecmdin) && i == 0 && rd > 0) i = rd; else if (i > 0 && i != ntrec * TP_BSIZE) { if (pipein || pipecmdin) { rd += i; cnt -= i; if (cnt > 0) goto getmore; i = rd; } else { /* * Short read. Process the blocks read. */ if (i % TP_BSIZE != 0) vprintf(stdout, "partial block read: %ld should be %ld\n", i, ntrec * TP_BSIZE); numtrec = i / TP_BSIZE; } } /* * Handle read error. */ if (i < 0) { fprintf(stderr, "Tape read error while "); switch (curfile.action) { default: fprintf(stderr, "trying to set up tape\n"); break; case UNKNOWN: fprintf(stderr, "trying to resynchronize\n"); break; case USING: fprintf(stderr, "restoring %s\n", curfile.name); break; case SKIP: fprintf(stderr, "skipping over inode %ju\n", (uintmax_t)curfile.ino); break; } if (!yflag && !reply("continue")) done(1); i = ntrec * TP_BSIZE; memset(tapebuf, 0, i); #ifdef RRESTORE if (host) seek_failed = (rmtseek(i, 1) < 0); else #endif seek_failed = (lseek(mt, i, SEEK_CUR) == (off_t)-1); if (seek_failed) { fprintf(stderr, "continuation failed: %s\n", strerror(errno)); done(1); } } /* * Handle end of tape. */ if (i == 0) { vprintf(stdout, "End-of-tape encountered\n"); if (!pipein) { newvol = volno + 1; volno = 0; numtrec = 0; getvol(newvol); readtape(buf); return; } if (rd % TP_BSIZE != 0) panic("partial block read: %ld should be %ld\n", rd, ntrec * TP_BSIZE); terminateinput(); memmove(&tapebuf[rd], &endoftapemark, (long)TP_BSIZE); } if (oldnumtrec == 0) blkcnt = 0; else blkcnt -= oldnumtrec; memmove(buf, &tapebuf[(blkcnt++ * TP_BSIZE) + byteslide], (long)TP_BSIZE); blksread++; tapeaddr++; } static void findtapeblksize(void) { long i; for (i = 0; i < ntrec; i++) ((struct s_spcl *)&tapebuf[i * TP_BSIZE])->c_magic = 0; blkcnt = 0; #ifdef RRESTORE if (host) i = rmtread(tapebuf, ntrec * TP_BSIZE); else #endif i = read(mt, tapebuf, ntrec * TP_BSIZE); if (i <= 0) { fprintf(stderr, "tape read error: %s\n", strerror(errno)); done(1); } if (i % TP_BSIZE != 0) { fprintf(stderr, "Tape block size (%ld) %s (%d)\n", i, "is not a multiple of dump block size", TP_BSIZE); done(1); } ntrec = i / TP_BSIZE; numtrec = ntrec; vprintf(stdout, "Tape block size is %ld\n", ntrec); } void closemt(void) { if (mt < 0) return; if (pipecmdin) { pclose(popenfp); popenfp = NULL; } else #ifdef RRESTORE if (host) rmtclose(); else #endif (void) close(mt); } /* * Read the next block from the tape. * If it is not any valid header, return an error. */ static int gethead(struct s_spcl *buf) { long i; readtape((char *)buf); if (buf->c_magic != FS_UFS2_MAGIC && buf->c_magic != NFS_MAGIC) { if (buf->c_magic == OFS_MAGIC) { fprintf(stderr, "Format of dump tape is too old. Must use\n"); fprintf(stderr, "a version of restore from before 2002.\n"); return (FAIL); } if (swabl(buf->c_magic) != FS_UFS2_MAGIC && - buf->c_magic != NFS_MAGIC) { - if (buf->c_magic == OFS_MAGIC) { + swabl(buf->c_magic) != NFS_MAGIC) { + if (swabl(buf->c_magic) == OFS_MAGIC) { fprintf(stderr, "Format of dump tape is too old. Must use\n"); fprintf(stderr, "a version of restore from before 2002.\n"); } return (FAIL); } if (!Bcvt) { vprintf(stdout, "Note: Doing Byte swapping\n"); Bcvt = 1; } } if (checksum((int *)buf) == FAIL) return (FAIL); if (Bcvt) { swabst((u_char *)"8l4s1q8l2q17l", (u_char *)buf); swabst((u_char *)"l",(u_char *) &buf->c_level); swabst((u_char *)"2l4q",(u_char *) &buf->c_flags); } readmapflag = 0; switch (buf->c_type) { case TS_CLRI: case TS_BITS: /* * Have to patch up missing information in bit map headers */ buf->c_size = buf->c_count * TP_BSIZE; if (buf->c_count > TP_NINDIR) readmapflag = 1; else for (i = 0; i < buf->c_count; i++) buf->c_addr[i]++; /* FALL THROUGH */ case TS_TAPE: if (buf->c_magic == NFS_MAGIC && (buf->c_flags & NFS_DR_NEWINODEFMT) == 0) oldinofmt = 1; /* FALL THROUGH */ case TS_END: buf->c_inumber = 0; /* FALL THROUGH */ case TS_ADDR: case TS_INODE: /* * For old dump tapes, have to copy up old fields to * new locations. */ if (buf->c_magic == NFS_MAGIC) { buf->c_tapea = buf->c_old_tapea; buf->c_firstrec = buf->c_old_firstrec; buf->c_date = _time32_to_time(buf->c_old_date); buf->c_ddate = _time32_to_time(buf->c_old_ddate); buf->c_atime = _time32_to_time(buf->c_old_atime); buf->c_mtime = _time32_to_time(buf->c_old_mtime); buf->c_birthtime = 0; buf->c_birthtimensec = 0; buf->c_extsize = 0; } break; default: panic("gethead: unknown inode type %d\n", buf->c_type); break; } if (dumpdate != 0 && _time64_to_time(buf->c_date) != dumpdate) fprintf(stderr, "Header with wrong dumpdate.\n"); /* * If we're restoring a filesystem with the old (FreeBSD 1) * format inodes, copy the uid/gid to the new location */ if (oldinofmt) { buf->c_uid = buf->c_spare1[1]; buf->c_gid = buf->c_spare1[2]; } buf->c_magic = FS_UFS2_MAGIC; tapeaddr = buf->c_tapea; if (dflag) accthdr(buf); return(GOOD); } /* * Check that a header is where it belongs and predict the next header */ static void accthdr(struct s_spcl *header) { static ino_t previno = 0x7fffffff; static int prevtype; static long predict; long blks, i; if (header->c_type == TS_TAPE) { fprintf(stderr, "Volume header "); if (header->c_firstrec) fprintf(stderr, "begins with record %jd", (intmax_t)header->c_firstrec); fprintf(stderr, "\n"); previno = 0x7fffffff; return; } if (previno == 0x7fffffff) goto newcalc; switch (prevtype) { case TS_BITS: fprintf(stderr, "Dumped inodes map header"); break; case TS_CLRI: fprintf(stderr, "Used inodes map header"); break; case TS_INODE: fprintf(stderr, "File header, ino %ju", (uintmax_t)previno); break; case TS_ADDR: fprintf(stderr, "File continuation header, ino %ju", (uintmax_t)previno); break; case TS_END: fprintf(stderr, "End of tape header"); break; } if (predict != blksread - 1) fprintf(stderr, "; predicted %ld blocks, got %ld blocks", predict, blksread - 1); fprintf(stderr, "\n"); newcalc: blks = 0; if (header->c_type != TS_END) for (i = 0; i < header->c_count; i++) if (readmapflag || header->c_addr[i] != 0) blks++; predict = blks; blksread = 0; prevtype = header->c_type; previno = header->c_inumber; } /* * Find an inode header. * Complain if had to skip. */ static void findinode(struct s_spcl *header) { static long skipcnt = 0; long i; char buf[TP_BSIZE]; int htype; curfile.name = ""; curfile.action = UNKNOWN; curfile.mode = 0; curfile.ino = 0; do { htype = header->c_type; switch (htype) { case TS_ADDR: /* * Skip up to the beginning of the next record */ for (i = 0; i < header->c_count; i++) if (header->c_addr[i]) readtape(buf); while (gethead(header) == FAIL || _time64_to_time(header->c_date) != dumpdate) { skipcnt++; if (Dflag) { byteslide++; if (byteslide < TP_BSIZE) { blkcnt--; blksread--; } else byteslide = 0; } } break; case TS_INODE: curfile.mode = header->c_mode; curfile.uid = header->c_uid; curfile.gid = header->c_gid; curfile.file_flags = header->c_file_flags; curfile.rdev = header->c_rdev; curfile.atime_sec = header->c_atime; curfile.atime_nsec = header->c_atimensec; curfile.mtime_sec = header->c_mtime; curfile.mtime_nsec = header->c_mtimensec; curfile.birthtime_sec = header->c_birthtime; curfile.birthtime_nsec = header->c_birthtimensec; curfile.extsize = header->c_extsize; curfile.size = header->c_size; curfile.ino = header->c_inumber; break; case TS_END: /* If we missed some tapes, get another volume. */ if (tapesread & (tapesread + 1)) { getvol(0); continue; } curfile.ino = maxino; break; case TS_CLRI: curfile.name = ""; break; case TS_BITS: curfile.name = ""; break; case TS_TAPE: if (Dflag) fprintf(stderr, "unexpected tape header\n"); else panic("unexpected tape header\n"); default: if (Dflag) fprintf(stderr, "unknown tape header type %d\n", spcl.c_type); else panic("unknown tape header type %d\n", spcl.c_type); while (gethead(header) == FAIL || _time64_to_time(header->c_date) != dumpdate) { skipcnt++; if (Dflag) { byteslide++; if (byteslide < TP_BSIZE) { blkcnt--; blksread--; } else byteslide = 0; } } } } while (htype == TS_ADDR); if (skipcnt > 0) fprintf(stderr, "resync restore, skipped %ld %s\n", skipcnt, Dflag ? "bytes" : "blocks"); skipcnt = 0; } static int checksum(int *buf) { int i, j; j = sizeof(union u_spcl) / sizeof(int); i = 0; if (!Bcvt) { do i += *buf++; while (--j); } else { /* What happens if we want to read restore tapes for a 16bit int machine??? */ do i += swabl(*buf++); while (--j); } if (i != CHECKSUM) { fprintf(stderr, "Checksum error %o, inode %ju file %s\n", i, (uintmax_t)curfile.ino, curfile.name); return(FAIL); } return(GOOD); } #ifdef RRESTORE #include void msg(const char *fmt, ...) { va_list ap; va_start(ap, fmt); (void)vfprintf(stderr, fmt, ap); va_end(ap); } #endif /* RRESTORE */ static u_char * swabshort(u_char *sp, int n) { char c; while (--n >= 0) { c = sp[0]; sp[0] = sp[1]; sp[1] = c; sp += 2; } return (sp); } static u_char * swablong(u_char *sp, int n) { char c; while (--n >= 0) { c = sp[0]; sp[0] = sp[3]; sp[3] = c; c = sp[2]; sp[2] = sp[1]; sp[1] = c; sp += 4; } return (sp); } static u_char * swabquad(u_char *sp, int n) { char c; while (--n >= 0) { c = sp[0]; sp[0] = sp[7]; sp[7] = c; c = sp[1]; sp[1] = sp[6]; sp[6] = c; c = sp[2]; sp[2] = sp[5]; sp[5] = c; c = sp[3]; sp[3] = sp[4]; sp[4] = c; sp += 8; } return (sp); } void swabst(u_char *cp, u_char *sp) { int n = 0; while (*cp) { switch (*cp) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': n = (n * 10) + (*cp++ - '0'); continue; case 's': case 'w': case 'h': if (n == 0) n = 1; sp = swabshort(sp, n); break; case 'l': if (n == 0) n = 1; sp = swablong(sp, n); break; case 'q': if (n == 0) n = 1; sp = swabquad(sp, n); break; case 'b': if (n == 0) n = 1; sp += n; break; default: fprintf(stderr, "Unknown conversion character: %c\n", *cp); done(0); break; } cp++; n = 0; } } static u_long swabl(u_long x) { swabst((u_char *)"l", (u_char *)&x); return (x); } Index: projects/clang700-import/sbin/sysctl/Makefile =================================================================== --- projects/clang700-import/sbin/sysctl/Makefile (revision 337646) +++ projects/clang700-import/sbin/sysctl/Makefile (revision 337647) @@ -1,9 +1,10 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 # $FreeBSD$ PACKAGE=runtime +CONFS= sysctl.conf PROG= sysctl WARNS?= 3 MAN= sysctl.8 .include Index: projects/clang700-import/sbin/sysctl/sysctl.conf =================================================================== --- projects/clang700-import/sbin/sysctl/sysctl.conf (nonexistent) +++ projects/clang700-import/sbin/sysctl/sysctl.conf (revision 337647) @@ -0,0 +1,9 @@ +# $FreeBSD$ +# +# This file is read when going to multi-user and its contents piped thru +# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. +# + +# Uncomment this to prevent users from seeing information about processes that +# are being run under another UID. +#security.bsd.see_other_uids=0 Property changes on: projects/clang700-import/sbin/sysctl/sysctl.conf ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: projects/clang700-import/share/man/man4/snd_envy24ht.4 =================================================================== --- projects/clang700-import/share/man/man4/snd_envy24ht.4 (revision 337646) +++ projects/clang700-import/share/man/man4/snd_envy24ht.4 (revision 337647) @@ -1,107 +1,109 @@ .\" Copyright (c) 2006 Alexander Leidinger .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd June 1, 2014 +.Dd August 11, 2018 .Dt SND_ENVY24HT 4 .Os .Sh NAME .Nm snd_envy24ht .Nd "VIA Envy24HT and compatible bridge device driver" .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device sound" .Cd "device snd_envy24ht" .Cd "device snd_spicds" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent snd_envy24ht_load="YES" .Ed .Sh DESCRIPTION The .Nm bridge driver allows the generic audio driver .Xr sound 4 to attach to VIA Envy24HT (ICE1724 or VT1724 chipset) and compatible audio devices. .Sh HARDWARE The .Nm driver supports the following audio devices: .Pp .Bl -bullet -compact .It Audiotrak Prodigy 7.1 .It Audiotrak Prodigy 7.1 LT .It Audiotrak Prodigy 7.1 XT .It Audiotrak Prodigy HD2 .It ESI Juli@ +.It +ESI Juli@ XTe .It M-Audio Audiophile 192 .It M-Audio Revolution 5.1 .It M-Audio Revolution 7.1 .It Terratec Aureon 5.1 Sky .It Terratec Aureon 7.1 Space .It Terratec Aureon 7.1 Universe .It Terratec PHASE 22 .It Terratec PHASE 28 .El Only analog playback is supported. Recording and other features of these cards are not supported. .Sh SEE ALSO .Xr sound 4 .Sh HISTORY The .Nm device driver first appeared in .Fx 6.3 . .Sh AUTHORS .An -nosplit The .Nm driver was written by .An Konstantin Dimitrov based upon the .Xr snd_envy24 4 driver. This manual page was written by .An Alexander Leidinger Aq Mt netchild@FreeBSD.org . Index: projects/clang700-import/share/man/man5/make.conf.5 =================================================================== --- projects/clang700-import/share/man/man5/make.conf.5 (revision 337646) +++ projects/clang700-import/share/man/man5/make.conf.5 (revision 337647) @@ -1,699 +1,700 @@ .\" Copyright (c) 2000 .\" Mike W. Meyer .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd July 20, 2018 +.Dd August 11, 2018 .Dt MAKE.CONF 5 .Os .Sh NAME .Nm make.conf .Nd system build information .Sh DESCRIPTION The file .Nm contains system-wide settings that will apply to every build using .Xr make 1 and the standard .Pa sys.mk file. This is achieved as follows: .Xr make 1 processes the system makefile .Pa sys.mk before any other file by default, and .Pa sys.mk includes .Nm . .Pp The file .Nm uses the standard makefile syntax. However, .Nm should not specify any dependencies to .Xr make 1 . Instead, .Nm is to set .Xr make 1 variables that control the actions of other makefiles. .Pp The default location of .Nm is .Pa /etc/make.conf , though an alternative location can be specified in the .Xr make 1 variable .Va __MAKE_CONF . You may need to override the location of .Nm if the system-wide settings are not suitable for a particular build. For instance, setting .Va __MAKE_CONF to .Pa /dev/null effectively resets all build controls to their defaults. .Pp The primary purpose of .Nm is to control the compilation of the .Fx sources, documentation, and ported applications, which are usually found in .Pa /usr/src , .Pa /usr/doc , and .Pa /usr/ports . As a rule, the system administrator creates .Nm when the values of certain control variables need to be changed from their defaults. .Pp The system build procedures occur in four broad areas: the world, the kernel, documentation and ports. Variables set in .Nm may be applicable in one, two, or all four of these areas. In addition, control variables can be specified for a particular build via the .Fl D option of .Xr make 1 or in .Xr environ 7 . .Pp The following lists provide a name and short description for each variable you can use during the indicated builds. The values of variables flagged as .Vt bool are ignored; the variable being set at all (even to .Dq Li FALSE or .Dq Li NO ) causes it to be treated as if it were set. .Pp The following list provides a name and short description for variables that are used for all builds, or are used by the .Pa makefiles for things other than builds. .Bl -tag -width Ar .It Va ALWAYS_CHECK_MAKE .Pq Vt bool Instructs the top-level makefile in the source tree (normally .Pa /usr/src ) to always check if .Xr make 1 is up-to-date. Normally this is only done for the world and buildworld targets to handle upgrades from older versions of .Fx . .It Va CFLAGS .Pq Vt str Controls the compiler setting when compiling C code. Optimization levels other than .Fl O and .Fl O2 are not supported. .It Va CPUTYPE .Pq Vt str Controls which processor should be targeted for generated code. This controls processor-specific optimizations in certain code (currently only OpenSSL) as well as modifying the value of .Va CFLAGS and .Va COPTFLAGS to contain the appropriate optimization directive to .Xr cc 1 . The automatic setting of .Va CFLAGS may be overridden using the .Va NO_CPU_CFLAGS variable. Refer to .Pa /usr/share/examples/etc/make.conf for a list of recognized .Va CPUTYPE options. .It Va CXXFLAGS .Pq Vt str Controls the compiler settings when compiling C++ code. .Va CXXFLAGS is initially set to the value of .Va CFLAGS . If you want to add to the .Va CXXFLAGS value, use .Dq Li += instead of .Dq Li = . .It Va DTC .Pq Vt str Select the compiler for DTS (Device Tree Syntax) file. .Va DTC is initially set to the value of dtc .It Va INSTALL .Pq Vt str the default install command. To install only files for which the target differs or does not exist, use .Bd -literal -offset indent INSTALL+= -C .Ed Note that some makefiles (including those in .Pa /usr/share/mk ) may hardcode options for the supplied install command. .It Va LOCAL_DIRS .Pq Vt str List any directories that should be entered when doing make's in .Pa /usr/src in this variable. .It Va MAKE_SHELL .Pq Vt str Controls the shell used internally by .Xr make 1 to process the command scripts in makefiles. .Xr sh 1 , .Xr ksh 1 , and .Xr csh 1 all currently supported. .Pp .Dl "MAKE_SHELL?=sh" .It Va MTREE_FOLLOWS_SYMLINKS .Pq Vt str Set this to .Dq Fl L to cause .Xr mtree 8 to follow symlinks. .It Va NO_CPU_CFLAGS .Pq Vt str Setting this variable will prevent CPU specific compiler flags from being automatically added to .Va CFLAGS during compile time. .It Va NO_DOCUPDATE .Pq Vt bool Set this to not update the doc tree during .Dq Li "make update" . .It Va NO_PORTSUPDATE .Pq Vt bool Set this to not update the ports tree during .Dq Li "make update" . .It Va SVN_UPDATE .Pq Vt bool Set this to use .Xr svn 1 +or +.Xr svnlite 1 to update your .Pa src tree with .Dq Li "make update" . -Note that since a subversion client is not included in the base system, -you will need to set +Note that you can set .Va SVN to the full path of a .Xr svn 1 binary. .El .Ss "BUILDING THE KERNEL" The following list provides a name and short description for variables that are only used doing a kernel build: .Bl -tag -width Ar .It Va BOOTWAIT .Pq Vt int Controls the amount of time the kernel waits for a console keypress before booting the default kernel. The value is approximately milliseconds. Keypresses are accepted by the BIOS before booting from disk, making it possible to give custom boot parameters even when this is set to 0. .It Va COPTFLAGS .Pq Vt str Controls the compiler settings when building the kernel. Optimization levels above .Oo Fl O ( O2 , No ...\& ) Oc are not guaranteed to work. .It Va KERNCONF .Pq Vt str Controls which kernel configurations will be built by .Dq Li "${MAKE} buildkernel" and installed by .Dq Li "${MAKE} installkernel" . For example, .Bd -literal -offset indent KERNCONF=MINE DEBUG GENERIC OTHERMACHINE .Ed .Pp will build the kernels specified by the config files .Pa MINE , DEBUG , GENERIC , and .Pa OTHERMACHINE , and install the kernel specified by the config file .Pa MINE . It defaults to .Pa GENERIC . .It Va MODULES_OVERRIDE .Pq Vt str Set to a list of modules to build instead of all of them. .It Va NO_KERNELCLEAN .Pq Vt bool Set this to skip running .Dq Li "${MAKE} clean" during .Dq Li "${MAKE} buildkernel" . .It Va NO_KERNELCONFIG .Pq Vt bool Set this to skip running .Xr config 8 during .Dq Li "${MAKE} buildkernel" . .It Va NO_KERNELOBJ .Pq Vt bool Set this to skip running .Dq Li "${MAKE} obj" during .Dq Li "${MAKE} buildkernel" . .It Va NO_MODULES .Pq Vt bool Set to not build modules with the kernel. .It Va PORTS_MODULES Set this to the list of ports you wish to rebuild every time the kernel is built. .It Va WITHOUT_MODULES .Pq Vt str Set to a list of modules to exclude from the build. This provides a somewhat easier way to exclude modules you are certain you will never need than specifying .Va MODULES_OVERRIDE . This is applied .Em after .Va MODULES_OVERRIDE . .El .Ss "BUILDING THE WORLD" The following list provides a name and short description for variables that are used during the world build: .Bl -tag -width Ar .It Va BOOT_COMCONSOLE_PORT .Pq Vt str The port address to use for the console if the boot blocks have been configured to use a serial console instead of the keyboard/video card. .It Va BOOT_COMCONSOLE_SPEED .Pq Vt int The baud rate to use for the console if the boot blocks have been configured to use a serial console instead of the keyboard/video card. .It Va BOOT_PXELDR_ALWAYS_SERIAL .Pq Vt bool Compile in the code into .Xr pxeboot 8 that forces the use of a serial console. This is analogous to the .Fl h option in .Xr boot 8 blocks. .It Va BOOT_PXELDR_PROBE_KEYBOARD .Pq Vt bool Compile in the code into .Xr pxeboot 8 that probes the keyboard. If no keyboard is found, boot with the dual console configuration. This is analogous to the .Fl D option in .Xr boot 8 blocks. .It Va ENABLE_SUID_K5SU .Pq Vt bool Set this if you wish to use the ksu utility. Otherwise, it will be installed without the set-user-ID bit set. .It Va ENABLE_SUID_NEWGRP .Pq Vt bool Set this to install .Xr newgrp 1 with the set-user-ID bit set. Otherwise, .Xr newgrp 1 will not be able to change users' groups. .It Va LOADER_TFTP_SUPPORT .Pq Vt bool By default the .Xr pxeboot 8 loader retrieves the kernel via NFS. Defining this and recompiling .Pa /usr/src/stand will cause it to retrieve the kernel via TFTP. This allows .Xr pxeboot 8 to load a custom BOOTP diskless kernel yet still mount the server's .Pa / rather than load the server's kernel. .It Va LOADER_FIREWIRE_SUPPORT .Pq Vt bool Defining this and recompiling .Pa /usr/src/stand/i386 will add .Xr dcons 4 console driver to .Xr loader 8 and allow access over FireWire(IEEE1394) using .Xr dconschat 8 . Currently, only i386 and amd64 are supported. .It Va MALLOC_PRODUCTION .Pq Vt bool Set this to disable assertions and statistics gathering in .Xr malloc 3 . It also defaults the A and J runtime options to off. Disabled by default on -CURRENT. .It Va MAN_ARCH .Pq Vt str Space-delimited list of one or more MACHINE and/or MACHINE_ARCH values for which section 4 man pages will be installed. The special value .Sq all installs all available architectures. The default is the MACHINE and MACHINE_ARCH being built. .It Va MODULES_WITH_WORLD .Pq Vt bool Set to build modules with the system instead of the kernel. .It Va NO_CLEAN .Pq Vt bool Set this to disable cleaning during .Dq Li "make buildworld" . This should not be set unless you know what you are doing. .It Va NO_CLEANDIR .Pq Vt bool Set this to run .Dq Li "${MAKE} clean" instead of .Dq Li "${MAKE} cleandir" . .It Va WITH_MANCOMPRESS .Pq Vt defined Set to install manual pages compressed. .It Va WITHOUT_MANCOMPRESS .Pq Vt defined Set to install manual pages uncompressed. .It Va NO_SHARE .Pq Vt bool Set to not build in the .Pa share subdir. .It Va NO_SHARED .Pq Vt bool Set to build .Pa /bin and .Pa /sbin statically linked, this can be bad. If set, every utility that uses .Pa bsd.prog.mk will be linked statically. .It Va PPP_NO_NAT .Pq Vt bool Build .Xr ppp 8 without support for network address translation (NAT). .It Va PPP_NO_NETGRAPH .Pq Vt bool Set to build .Xr ppp 8 without support for Netgraph. .It Va PPP_NO_RADIUS .Pq Vt bool Set to build .Xr ppp 8 without support for RADIUS. .It Va PPP_NO_SUID .Pq Vt bool Set to disable the installation of .Xr ppp 8 as a set-user-ID root program. .It Va SENDMAIL_ADDITIONAL_MC .Pq Vt str Additional .Pa .mc files which should be built into .Pa .cf files at build time. The value should include the full path to the .Pa .mc file(s), e.g., .Pa /etc/mail/foo.mc , .Pa /etc/mail/bar.mc . .It Va SENDMAIL_ALIASES .Pq Vt str List of .Xr aliases 5 files to rebuild when using .Pa /etc/mail/Makefile . The default value is .Pa /etc/mail/aliases . .It Va SENDMAIL_CFLAGS .Pq Vt str Flags to pass to the compile command when building .Xr sendmail 8 . The .Va SENDMAIL_* flags can be used to provide SASL support with setting such as: .Bd -literal -offset indent SENDMAIL_CFLAGS=-I/usr/local/include -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl .Ed .It Va SENDMAIL_CF_DIR .Pq Vt str Override the default location for the .Xr m4 1 configuration files used to build a .Pa .cf file from a .Pa .mc file. .It Va SENDMAIL_DPADD .Pq Vt str Extra dependencies to add when building .Xr sendmail 8 . .It Va SENDMAIL_LDADD .Pq Vt str Flags to add to the end of the .Xr ld 1 command when building .Xr sendmail 8 . .It Va SENDMAIL_LDFLAGS .Pq Vt str Flags to pass to the .Xr ld 1 command when building .Xr sendmail 8 . .It Va SENDMAIL_M4_FLAGS .Pq Vt str Flags passed to .Xr m4 1 when building a .Pa .cf file from a .Pa .mc file. .It Va SENDMAIL_MAP_PERMS .Pq Vt str Mode to use when generating alias and map database files using .Pa /etc/mail/Makefile . The default value is 0640. .It Va SENDMAIL_MAP_SRC .Pq Vt str Additional maps to rebuild when using .Pa /etc/mail/Makefile . The .Pa access , .Pa bitdomain , .Pa domaintable , .Pa genericstable , .Pa mailertable , .Pa uucpdomain , and .Pa virtusertable maps are always rebuilt if they exist. .It Va SENDMAIL_MAP_TYPE .Pq Vt str Database map type to use when generating map database files using .Pa /etc/mail/Makefile . The default value is hash. The alternative is btree. .It Va SENDMAIL_MC .Pq Vt str The default .Xr m4 1 configuration file to use at install time. The value should include the full path to the .Pa .mc file, e.g., .Pa /etc/mail/myconfig.mc . Use with caution as a make install will overwrite any existing .Pa /etc/mail/sendmail.cf . Note that .Va SENDMAIL_CF is now deprecated. .It Va SENDMAIL_SET_USER_ID .Pq Vt bool If set, install .Xr sendmail 8 as a set-user-ID root binary instead of a set-group-ID binary and do not install .Pa /etc/mail/submit.{cf,mc} . Use of this flag is not recommended and the alternative advice in .Pa /etc/mail/README should be followed instead if at all possible. .It Va SENDMAIL_START_SCRIPT .Pq Vt str The script used by .Pa /etc/mail/Makefile to start, stop, and restart .Xr sendmail 8 . The default value is .Pa /etc/rc.sendmail . This value should match the .Dq Li mta_start_script setting in .Xr rc.conf 5 . .It Va SENDMAIL_SUBMIT_MC .Pq Vt str The default .Xr m4 1 configuration file for mail submission to use at install time. The value should include the full path to the .Pa .mc file, e.g., .Pa /etc/mail/mysubmit.mc . Use with caution as a make install will overwrite any existing .Pa /etc/mail/submit.cf . .It Va TOP_TABLE_SIZE .Pq Vt int .Xr top 1 uses a hash table for the user names. The size of this hash can be tuned to match the number of local users. The table size should be a prime number approximately twice as large as the number of lines in .Pa /etc/passwd . The default number is 20011. .It Va WANT_FORCE_OPTIMIZATION_DOWNGRADE .Pq Vt int Causes the system compiler to be built such that it forces high optimization levels to a lower one. .Xr cc 1 .Fl O2 and above is known to trigger known optimizer bugs at various times. The value assigned is the highest optimization value used. .El .Ss "BUILDING DOCUMENTATION" The following list provides a name and short description for variables that are used when building documentation. .Bl -tag -width ".Va PRINTERDEVICE" .It Va DISTDIR .Pq Vt str Where distfiles are kept. Normally, this is .Pa distfiles in .Va PORTSDIR . .It Va DOC_LANG .Pq Vt str The list of languages and encodings to build and install. .It Va PRINTERDEVICE .Pq Vt str The default format for system documentation, depends on your printer. This can be set to .Dq Li ascii for simple printers, or .Dq Li ps for postscript or graphics printers with a ghostscript filter, or both. .El .Ss "BUILDING PORTS" Several make variables can be set that affect the building of ports. These variables and their effects are documented in .Xr ports 7 , .Pa ${PORTSDIR}/Mk/* and the .Fx Porter's Handbook. .Sh FILES .Bl -tag -width ".Pa /usr/share/examples/etc/make.conf" -compact .It Pa /etc/make.conf .It Pa /usr/doc/Makefile .It Pa /usr/ports/Makefile .It Pa /usr/share/examples/etc/make.conf .It Pa /usr/share/mk/sys.mk .It Pa /usr/src/Makefile .It Pa /usr/src/Makefile.inc1 .El .Sh SEE ALSO .Xr cc 1 , .Xr install 1 , .Xr make 1 , .Xr src.conf 5 , .Xr environ 7 , .Xr ports 7 , .Xr sendmail 8 .Sh HISTORY The .Nm file appeared sometime before .Fx 4.0 . .Sh AUTHORS This manual page was written by .An Mike W. Meyer Aq Mt mwm@mired.org . .Sh CAVEATS Note, that .Ev MAKEOBJDIRPREFIX and .Ev MAKEOBJDIR are environment variables and should not be set in .Nm or as command line arguments to .Xr make 1 , but in make's environment. .Sh BUGS This manual page may occasionally be out of date with respect to the options currently available for use in .Nm . Please check the .Pa /usr/share/examples/etc/make.conf file for the latest options which are available. Index: projects/clang700-import/share/man/man7/build.7 =================================================================== --- projects/clang700-import/share/man/man7/build.7 (revision 337646) +++ projects/clang700-import/share/man/man7/build.7 (revision 337647) @@ -1,804 +1,807 @@ .\" Copyright (c) 2000 .\" Mike W. Meyer .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd December 24, 2017 +.Dd August 11, 2018 .Dt BUILD 7 .Os .Sh NAME .Nm build .Nd information on how to build the system .Sh DESCRIPTION The sources for the .Fx system and its applications are contained in three different directories, normally .Pa /usr/src , .Pa /usr/doc , and .Pa /usr/ports . These directories may be initially empty or non-existent until updated with .Xr svn 1 or +.Xr svnlite 1 +or .Xr portsnap 8 . Directory .Pa /usr/src contains the .Dq "base system" sources, which is loosely defined as the things required to rebuild the system to a useful state. Directory .Pa /usr/doc contains the source for the system documentation, excluding the manual pages. Directory .Pa /usr/ports contains a tree that provides a consistent interface for building and installing third party applications. For more information about the ports build process, see .Xr ports 7 . .Pp The .Xr make 1 command is used in each of these directories to build and install the things in that directory. Issuing the .Xr make 1 command in any directory or subdirectory of those directories has the same effect as issuing the same command in all subdirectories of that directory. With no target specified, the things in that directory are just built. .Pp A source tree is allowed to be read-only. As described in .Xr make 1 , objects are usually built in a separate object directory hierarchy specified by the environment variable .Va MAKEOBJDIRPREFIX , or under .Pa /usr/obj if variable .Va MAKEOBJDIRPREFIX is not set. The canonical object directory is described in the documentation for the .Cm buildworld target below. .Pp The build may be controlled by defining .Xr make 1 variables described in the .Sx ENVIRONMENT section below, and by the variables documented in .Xr make.conf 5 . .Pp The following list provides the names and actions for the targets supported by the build system: .Bl -tag -width ".Cm cleandepend" .It Cm analyze Run Clang static analyzer against all objects and present output on stdout. .It Cm check Run tests for a given subdirectory. The default directory used is .Pa ${.OBJDIR} , but the check directory can be changed with .Pa ${CHECKDIR} . .It Cm checkworld Run the .Fx test suite on installed world. .It Cm clean Remove any files created during the build process. .It Cm cleandepend Remove the .Pa ${.OBJDIR}/${DEPENDFILE}* files generated by prior .Dq Li "make" and .Dq Li "make depend" steps. .It Cm cleandir Remove the canonical object directory if it exists, or perform actions equivalent to .Dq Li "make clean cleandepend" if it does not. This target will also remove an .Pa obj link in .Pa ${.CURDIR} if that exists. .Pp It is advisable to run .Dq Li "make cleandir" twice: the first invocation will remove the canonical object directory and the second one will clean up .Pa ${.CURDIR} . .It Cm depend Generate a list of build dependencies in file .Pa ${.OBJDIR}/${DEPENDFILE} . Per-object dependencies are generated at build time and stored in .Pa ${.OBJDIR}/${DEPENDFILE}.${OBJ} . .It Cm install Install the results of the build to the appropriate location in the installation directory hierarchy specified in variable .Va DESTDIR . .It Cm obj Create the canonical object directory associated with the current directory. .It Cm objlink Create a symbolic link to the canonical object directory in .Pa ${.CURDIR} . .It Cm tags Generate a tags file using the program specified in the .Xr make 1 variable .Va CTAGS . The build system supports .Xr ctags 1 and .Nm "GNU Global" . .El .Pp The other supported targets under directory .Pa /usr/src are: .Bl -tag -width ".Cm distributeworld" .It Cm buildenv Spawn an interactive shell with environment variables set up for cross-building the system. The target architecture needs to be specified with .Xr make 1 variables .Va TARGET_ARCH and .Va TARGET . .Pp This target is only useful after a complete cross-toolchain including the compiler, linker, assembler, headers and libraries has been built; see the .Cm toolchain target below. .It Cm buildworld Build everything but the kernel, configure files in .Pa etc , and .Pa release . The object directory can be changed from the default .Pa /usr/obj by setting the .Pa MAKEOBJDIRPREFIX .Xr make 1 variable. The actual build location prefix used depends on the .Va WITH_UNIFIED_OBJDIR option from .Xr src.conf 5 . If enabled it is .Pa ${MAKEOBJDIRPREFIX}${.CURDIR}/${TARGET}.${TARGET_ARCH} for all builds. If disabled it is .Pa ${MAKEOBJDIRPREFIX}${.CURDIR} for native builds, and .Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}${.CURDIR} for cross builds and native builds with variable .Va CROSS_BUILD_TESTING set. .It Cm cleanworld Attempt to clean up targets built by a preceding .Cm buildworld , or similar step built from this source directory. .It Cm cleanuniverse When .Va WITH_UNIFIED_OBJDIR is enabled, attempt to clean up targets built by a preceding .Cm buildworld , .Cm universe , or similar step, for any architecture built from this source directory. .It Cm distributeworld Distribute everything compiled by a preceding .Cm buildworld step. Files are placed in the directory hierarchy specified by .Xr make 1 variable .Va DISTDIR . This target is used while building a release; see .Xr release 7 . .It Cm native-xtools This target builds a cross-toolchain for the given .Sy TARGET and .Sy TARGET_ARCH , as well as a select list of static userland tools for the host system. This is intended to be used in a jail where QEMU is used to improve performance by avoiding emulating binaries that do not need to be emulated. .Sy TARGET and .Sy TARGET_ARCH should be defined. .It Cm native-xtools-install Installs the results to .Pa ${DESTDIR}/${NXTP} where .Va NXTP defaults to .Pa nxb-bin . .Sy TARGET and .Sy TARGET_ARCH must be defined. .It Cm packageworld Archive the results of .Cm distributeworld , placing the results in .Va DISTDIR . This target is used while building a release; see .Xr release 7 . .It Cm installworld Install everything built by a preceding .Cm buildworld step into the directory hierarchy pointed to by .Xr make 1 variable .Va DESTDIR . .Pp If installing onto an NFS file system and running .Xr make 1 with the .Fl j option, make sure that .Xr rpc.lockd 8 is running on both client and server. See .Xr rc.conf 5 on how to make it start at boot time. .It Cm toolchain Create the build toolchain needed to build the rest of the system. For cross-architecture builds, this step creates a cross-toolchain. .It Cm universe For each architecture, execute a .Cm buildworld followed by a .Cm buildkernel for all kernels for that architecture, including .Pa LINT . This command takes a long time. .It Cm update Get updated sources as configured in .Xr make.conf 5 . .It Cm targets Print a list of supported .Va TARGET / .Va TARGET_ARCH pairs for world and kernel targets. .It Cm tinderbox Execute the same targets as .Cm universe . In addition print a summary of all failed targets at the end and exit with an error if there were any. .It Cm toolchains Create a build toolchain for each architecture supported by the build system. .It Cm xdev Builds and installs a cross-toolchain and sysroot for the given .Sy TARGET and .Sy TARGET_ARCH . The sysroot contains target library and headers. The target is an alias for .Cm xdev-build and .Cm xdev-install . The location of the files installed can be controlled with .Va DESTDIR . The target location in .Va DESTDIR is .Pa ${DESTDIR}/${XDTP} where .Va XDTP defaults to .Pa /usr/${XDDIR} and .Va XDDIR defaults to .Pa ${TARGET_ARCH}-freebsd . .It Cm xdev-build Builds for the .Cm xdev target. .It Cm xdev-install Installs the files for the .Cm xdev target. .It Cm xdev-links Installs autoconf-style symlinks to .Pa ${DESTDIR}/usr/bin pointing into the xdev toolchain in .Pa ${DESTDIR}/${XDTP} . .El .Pp Kernel specific build targets in .Pa /usr/src are: .Bl -tag -width ".Cm distributekernel" .It Cm buildkernel Rebuild the kernel and the kernel modules. The object directory can be changed from the default .Pa /usr/obj by setting the .Pa MAKEOBJDIRPREFIX .Xr make 1 variable. .It Cm installkernel Install the kernel and the kernel modules to directory .Pa ${DESTDIR}/boot/kernel , renaming any pre-existing directory with this name to .Pa kernel.old if it contained the currently running kernel. The target directory under .Pa ${DESTDIR} may be modified using the .Va INSTKERNNAME and .Va KODIR .Xr make 1 variables. .It Cm distributekernel Install the kernel to the directory .Pa ${DISTDIR}/kernel/boot/kernel . This target is used while building a release; see .Xr release 7 . .It Cm packagekernel Archive the results of .Cm distributekernel , placing the results in .Va DISTDIR . This target is used while building a release; see .Xr release 7 . .It Cm kernel Equivalent to .Cm buildkernel followed by .Cm installkernel .It Cm kernel-toolchain Rebuild the tools needed for kernel compilation. Use this if you did not do a .Cm buildworld first. .It Cm reinstallkernel Reinstall the kernel and the kernel modules, overwriting the contents of the target directory. As with the .Cm installkernel target, the target directory can be specified using the .Xr make 1 variable .Va INSTKERNNAME . .El .Pp Convenience targets for cleaning up the install destination directory denoted by variable .Va DESTDIR include: .Bl -tag -width ".Cm delete-old-libs" .It Cm check-old Print a list of old files and directories in the system. .It Cm delete-old Delete obsolete base system files and directories interactively. When .Li -DBATCH_DELETE_OLD_FILES is specified at the command line, the delete operation will be non-interactive. The variables .Va DESTDIR , .Va TARGET_ARCH and .Va TARGET should be set as with .Dq Li "make installworld" . .It Cm delete-old-libs Delete obsolete base system libraries interactively. This target should only be used if no third party software uses these libraries. When .Li -DBATCH_DELETE_OLD_FILES is specified at the command line, the delete operation will be non-interactive. The variables .Va DESTDIR , .Va TARGET_ARCH and .Va TARGET should be set as with .Dq Li "make installworld" . .El .Sh ENVIRONMENT Variables that influence all builds include: .Bl -tag -width ".Va MAKEOBJDIRPREFIX" .It Va DEBUG_FLAGS Defines a set of debugging flags that will be used to build all userland binaries under .Pa /usr/src . When .Va DEBUG_FLAGS is defined, the .Cm install and .Cm installworld targets install binaries from the current .Va MAKEOBJDIRPREFIX without stripping, so that debugging information is retained in the installed binaries. .It Va DESTDIR The directory hierarchy prefix where built objects will be installed. If not set, .Va DESTDIR defaults to the empty string. .It Va MAKEOBJDIRPREFIX Defines the prefix for directory names in the tree of built objects. Defaults to .Pa /usr/obj if not defined. This variable should only be set in the environment or .Pa /etc/src-env.conf and not via .Pa /etc/make.conf or .Pa /etc/src.conf or the command line. .It Va NO_WERROR If defined, compiler warnings will not cause the build to halt, even if the makefile says otherwise. .It Va WITH_CTF If defined, the build process will run the DTrace CTF conversion tools on built objects. .El .Pp Additionally, builds in .Pa /usr/src are influenced by the following .Xr make 1 variables: .Bl -tag -width ".Va SUBDIR_OVERRIDE" .It Va KERNCONF Overrides which kernel to build and install for the various kernel make targets. It defaults to .Cm GENERIC . .It Va KERNFAST If set, the build target .Cm buildkernel defaults to setting .Va NO_KERNELCLEAN , .Va NO_KERNELCONFIG , and .Va NO_KERNELOBJ . When set to a value other than .Cm 1 then .Va KERNCONF is set to the value of .Va KERNFAST . .It Va LOCAL_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm everything target. The directories are built in parallel with each other, and with the base system directories. Insert a .Va .WAIT directive at the beginning of the .Va LOCAL_DIRS list to ensure all base system directories are built first. .Va .WAIT may also be used as needed elsewhere within the list. .It Va LOCAL_ITOOLS If set, this variable supplies a list of additional tools that are used by the .Cm installworld and .Cm distributeworld targets. .It Va LOCAL_LIB_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm libraries target. The directories are built in parallel with each other, and with the base system libraries. Insert a .Va .WAIT directive at the beginning of the .Va LOCAL_DIRS list to ensure all base system libraries are built first. .Va .WAIT may also be used as needed elsewhere within the list. .It Va LOCAL_MTREE If set, this variable supplies a list of additional mtrees relative to the root of the source tree to use as part of the .Cm hierarchy target. .It Va LOCAL_TOOL_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm build-tools target. .It Va LOCAL_XTOOL_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm cross-tools target. .It Va PORTS_MODULES A list of ports with kernel modules that should be built and installed as part of the .Cm buildkernel and .Cm installkernel process. .Bd -literal -offset indent make PORTS_MODULES=emulators/kqemu-kmod kernel .Ed .It Va STRIPBIN Command to use at install time when stripping binaries. Be sure to add any additional tools required to run .Va STRIPBIN to the .Va LOCAL_ITOOLS .Xr make 1 variable before running the .Cm distributeworld or .Cm installworld targets. See .Xr install 1 for more details. .It Va SUBDIR_OVERRIDE Override the default list of sub-directories and only build the sub-directory named in this variable. If combined with .Cm buildworld then all libraries and includes, and some of the build tools will still build as well. Specifying .Cm -DNO_LIBS , and .Cm -DWORLDFAST will only build the specified directory as was done historically. When combined with .Cm buildworld it is necesarry to override .Va LOCAL_LIB_DIRS with any custom directories containing libraries. This allows building a subset of the system in the same way as .Cm buildworld does using its sysroot handling. This variable can also be useful when debugging failed builds. .Bd -literal -offset indent make some-target SUBDIR_OVERRIDE=foo/bar .Ed .It Va TARGET The target hardware platform. This is analogous to the .Dq Nm uname Fl m output. This is necessary to cross-build some target architectures. For example, cross-building for ARM64 machines requires .Va TARGET_ARCH Ns = Ns Li aarch64 and .Va TARGET Ns = Ns Li arm64 . If not set, .Va TARGET defaults to the current hardware platform, unless .Va TARGET_ARCH is also set, in which case it defaults to the appropriate value for that architecture. .It Va TARGET_ARCH The target machine processor architecture. This is analogous to the .Dq Nm uname Fl p output. Set this to cross-build for a different architecture. If not set, .Va TARGET_ARCH defaults to the current machine architecture, unless .Va TARGET is also set, in which case it defaults to the appropriate value for that platform. Typically, one only needs to set .Va TARGET . .El .Pp Builds under directory .Pa /usr/src are also influenced by defining one or more of the following symbols, using the .Fl D option of .Xr make 1 : .Bl -tag -width ".Va -DNO_KERNELCONFIG" .It Va NO_CLEANDIR If set, the build targets that clean parts of the object tree use the equivalent of .Dq make clean instead of .Dq make cleandir . .It Va NO_CLEAN If set, no object tree files are cleaned at all. This is the default when .Va WITH_META_MODE is used with .Xr filemon 4 loaded. See .Xr src.conf 5 for more details. Setting .Va NO_CLEAN implies .Va NO_KERNELCLEAN , so when .Va NO_CLEAN is set no kernel objects are cleaned either. .It Va NO_CTF If set, the build process does not run the DTrace CTF conversion tools on built objects. .It Va NO_SHARE If set, the build does not descend into the .Pa /usr/src/share subdirectory (i.e., manual pages, locale data files, timezone data files and other .Pa /usr/src/share files will not be rebuild from their sources). .It Va NO_KERNELCLEAN If set, the build process does not run .Dq make clean as part of the .Cm buildkernel target. .It Va NO_KERNELCONFIG If set, the build process does not run .Xr config 8 as part of the .Cm buildkernel target. .It Va NO_KERNELOBJ If set, the build process does not run .Dq make obj as part of the .Cm buildkernel target. .It Va NO_DOCUPDATE If set, the update process does not update the source of the .Fx documentation as part of the .Dq make update target. .It Va NO_LIBS If set, the libraries phase will be skipped. .It Va NO_OBJWALK If set, no object directories will be created. This should only be used if object directories were created in a previous build and no new directories are connected. .It Va NO_PORTSUPDATE If set, the update process does not update the Ports tree as part of the .Dq make update target. .It Va NO_WWWUPDATE If set, the update process does not update the www tree as part of the .Dq make update target. .It Va WORLDFAST If set, the build target .Cm buildworld defaults to setting .Va NO_CLEAN , .Va NO_OBJWALK , and will skip most bootstrap phases. It will only bootstrap libraries and build all of userland. This option should be used only when it is known that none of the bootstrap needs changed and that no new directories have been connected to the build. .El .Pp Builds under directory .Pa /usr/doc are influenced by the following .Xr make 1 variables: .Bl -tag -width ".Va DOC_LANG" .It Va DOC_LANG If set, restricts the documentation build to the language subdirectories specified as its content. The default action is to build documentation for all languages. .El .Pp Builds using the .Cm universe target are influenced by the following .Xr make 1 variables: .Bl -tag -width ".Va MAKE_JUST_KERNELS" .It Va JFLAG Pass the value of this variable to each .Xr make 1 invocation used to build worlds and kernels. This can be used to enable multiple jobs within a single architecture's build while still building each architecture serially. .It Va MAKE_JUST_KERNELS Only build kernels for each supported architecture. .It Va MAKE_JUST_WORLDS Only build worlds for each supported architecture. .It Va UNIVERSE_TARGET Execute the specified .Xr make 1 target for each supported architecture instead of the default action of building a world and one or more kernels. .El .Sh FILES .Bl -tag -width ".Pa /usr/share/examples/etc/make.conf" -compact .It Pa /usr/doc/Makefile .It Pa /usr/doc/share/mk/doc.project.mk .It Pa /usr/ports/Mk/bsd.port.mk .It Pa /usr/ports/Mk/bsd.sites.mk .It Pa /usr/share/examples/etc/make.conf .It Pa /usr/src/Makefile .It Pa /usr/src/Makefile.inc1 .El .Sh EXAMPLES For an .Dq approved method of updating your system from the latest sources, please see the .Sx COMMON ITEMS section in .Pa src/UPDATING . .Pp The following sequence of commands can be used to cross-build the system for the armv6 architecture on an amd64 host: .Bd -literal -offset indent cd /usr/src make TARGET_ARCH=armv6 buildworld buildkernel make TARGET_ARCH=armv6 DESTDIR=/clients/arm64 installworld installkernel .Ed .Sh SEE ALSO .Xr cc 1 , .Xr install 1 , .Xr make 1 , .Xr svn 1 , +.Xr svnlite 1 , .Xr make.conf 5 , .Xr src.conf 5 , .Xr arch 7 , .Xr ports 7 , .Xr release 7 , .Xr tests 7 , .Xr config 8 , .Xr mergemaster 8 , .Xr portsnap 8 , .Xr reboot 8 , .Xr shutdown 8 .Sh AUTHORS .An Mike W. Meyer Aq Mt mwm@mired.org Index: projects/clang700-import/sys/netpfil/pf/pf_if.c =================================================================== --- projects/clang700-import/sys/netpfil/pf/pf_if.c (revision 337646) +++ projects/clang700-import/sys/netpfil/pf/pf_if.c (revision 337647) @@ -1,905 +1,920 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2001 Daniel Hartmeier * Copyright (c) 2003 Cedric Berger * Copyright (c) 2005 Henning Brauer * Copyright (c) 2005 Ryan McBride * Copyright (c) 2012 Gleb Smirnoff * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * - Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * $OpenBSD: pf_if.c,v 1.54 2008/06/14 16:55:28 mk Exp $ */ #include __FBSDID("$FreeBSD$"); #include "opt_inet.h" #include "opt_inet6.h" #include #include #include #include #include #include #include #include #include #include #include VNET_DEFINE(struct pfi_kif *, pfi_all); VNET_DEFINE_STATIC(long, pfi_update); #define V_pfi_update VNET(pfi_update) #define PFI_BUFFER_MAX 0x10000 VNET_DECLARE(int, pf_vnet_active); #define V_pf_vnet_active VNET(pf_vnet_active) VNET_DEFINE_STATIC(struct pfr_addr *, pfi_buffer); VNET_DEFINE_STATIC(int, pfi_buffer_cnt); VNET_DEFINE_STATIC(int, pfi_buffer_max); #define V_pfi_buffer VNET(pfi_buffer) #define V_pfi_buffer_cnt VNET(pfi_buffer_cnt) #define V_pfi_buffer_max VNET(pfi_buffer_max) eventhandler_tag pfi_attach_cookie; eventhandler_tag pfi_detach_cookie; eventhandler_tag pfi_attach_group_cookie; eventhandler_tag pfi_change_group_cookie; eventhandler_tag pfi_detach_group_cookie; eventhandler_tag pfi_ifaddr_event_cookie; static void pfi_attach_ifnet(struct ifnet *); static void pfi_attach_ifgroup(struct ifg_group *); static void pfi_kif_update(struct pfi_kif *); static void pfi_dynaddr_update(struct pfi_dynaddr *dyn); static void pfi_table_update(struct pfr_ktable *, struct pfi_kif *, int, int); static void pfi_instance_add(struct ifnet *, int, int); static void pfi_address_add(struct sockaddr *, int, int); static int pfi_if_compare(struct pfi_kif *, struct pfi_kif *); static int pfi_skip_if(const char *, struct pfi_kif *); static int pfi_unmask(void *); static void pfi_attach_ifnet_event(void * __unused, struct ifnet *); static void pfi_detach_ifnet_event(void * __unused, struct ifnet *); static void pfi_attach_group_event(void * __unused, struct ifg_group *); static void pfi_change_group_event(void * __unused, char *); static void pfi_detach_group_event(void * __unused, struct ifg_group *); static void pfi_ifaddr_event(void * __unused, struct ifnet *); RB_HEAD(pfi_ifhead, pfi_kif); static RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); static RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); VNET_DEFINE_STATIC(struct pfi_ifhead, pfi_ifs); #define V_pfi_ifs VNET(pfi_ifs) #define PFI_BUFFER_MAX 0x10000 MALLOC_DEFINE(PFI_MTYPE, "pf_ifnet", "pf(4) interface database"); LIST_HEAD(pfi_list, pfi_kif); VNET_DEFINE_STATIC(struct pfi_list, pfi_unlinked_kifs); #define V_pfi_unlinked_kifs VNET(pfi_unlinked_kifs) static struct mtx pfi_unlnkdkifs_mtx; MTX_SYSINIT(pfi_unlnkdkifs_mtx, &pfi_unlnkdkifs_mtx, "pf unlinked interfaces", MTX_DEF); void pfi_initialize_vnet(void) { struct ifg_group *ifg; struct ifnet *ifp; struct pfi_kif *kif; V_pfi_buffer_max = 64; V_pfi_buffer = malloc(V_pfi_buffer_max * sizeof(*V_pfi_buffer), PFI_MTYPE, M_WAITOK); kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); PF_RULES_WLOCK(); V_pfi_all = pfi_kif_attach(kif, IFG_ALL); PF_RULES_WUNLOCK(); IFNET_RLOCK(); CK_STAILQ_FOREACH(ifg, &V_ifg_head, ifg_next) pfi_attach_ifgroup(ifg); CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) pfi_attach_ifnet(ifp); IFNET_RUNLOCK(); } void pfi_initialize(void) { pfi_attach_cookie = EVENTHANDLER_REGISTER(ifnet_arrival_event, pfi_attach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY); pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_departure_event, pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY); pfi_attach_group_cookie = EVENTHANDLER_REGISTER(group_attach_event, pfi_attach_group_event, NULL, EVENTHANDLER_PRI_ANY); pfi_change_group_cookie = EVENTHANDLER_REGISTER(group_change_event, pfi_change_group_event, NULL, EVENTHANDLER_PRI_ANY); pfi_detach_group_cookie = EVENTHANDLER_REGISTER(group_detach_event, pfi_detach_group_event, NULL, EVENTHANDLER_PRI_ANY); pfi_ifaddr_event_cookie = EVENTHANDLER_REGISTER(ifaddr_event, pfi_ifaddr_event, NULL, EVENTHANDLER_PRI_ANY); } void pfi_cleanup_vnet(void) { struct pfi_kif *kif; PF_RULES_WASSERT(); V_pfi_all = NULL; while ((kif = RB_MIN(pfi_ifhead, &V_pfi_ifs))) { RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif); if (kif->pfik_group) kif->pfik_group->ifg_pf_kif = NULL; if (kif->pfik_ifp) kif->pfik_ifp->if_pf_kif = NULL; free(kif, PFI_MTYPE); } mtx_lock(&pfi_unlnkdkifs_mtx); while ((kif = LIST_FIRST(&V_pfi_unlinked_kifs))) { LIST_REMOVE(kif, pfik_list); free(kif, PFI_MTYPE); } mtx_unlock(&pfi_unlnkdkifs_mtx); free(V_pfi_buffer, PFI_MTYPE); } void pfi_cleanup(void) { EVENTHANDLER_DEREGISTER(ifnet_arrival_event, pfi_attach_cookie); EVENTHANDLER_DEREGISTER(ifnet_departure_event, pfi_detach_cookie); EVENTHANDLER_DEREGISTER(group_attach_event, pfi_attach_group_cookie); EVENTHANDLER_DEREGISTER(group_change_event, pfi_change_group_cookie); EVENTHANDLER_DEREGISTER(group_detach_event, pfi_detach_group_cookie); EVENTHANDLER_DEREGISTER(ifaddr_event, pfi_ifaddr_event_cookie); } struct pfi_kif * pfi_kif_find(const char *kif_name) { struct pfi_kif_cmp s; PF_RULES_ASSERT(); bzero(&s, sizeof(s)); strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name)); return (RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&s)); } struct pfi_kif * pfi_kif_attach(struct pfi_kif *kif, const char *kif_name) { struct pfi_kif *kif1; PF_RULES_WASSERT(); KASSERT(kif != NULL, ("%s: null kif", __func__)); kif1 = pfi_kif_find(kif_name); if (kif1 != NULL) { free(kif, PFI_MTYPE); return (kif1); } bzero(kif, sizeof(*kif)); strlcpy(kif->pfik_name, kif_name, sizeof(kif->pfik_name)); /* * It seems that the value of time_second is in unintialzied state * when pf sets interface statistics clear time in boot phase if pf * was statically linked to kernel. Instead of setting the bogus * time value have pfi_get_ifaces handle this case. In * pfi_get_ifaces it uses time_second if it sees the time is 0. */ kif->pfik_tzero = time_second > 1 ? time_second : 0; TAILQ_INIT(&kif->pfik_dynaddrs); RB_INSERT(pfi_ifhead, &V_pfi_ifs, kif); return (kif); } void pfi_kif_ref(struct pfi_kif *kif) { PF_RULES_WASSERT(); kif->pfik_rulerefs++; } void pfi_kif_unref(struct pfi_kif *kif) { PF_RULES_WASSERT(); KASSERT(kif->pfik_rulerefs > 0, ("%s: %p has zero refs", __func__, kif)); kif->pfik_rulerefs--; if (kif->pfik_rulerefs > 0) return; /* kif referencing an existing ifnet or group should exist. */ if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == V_pfi_all) return; RB_REMOVE(pfi_ifhead, &V_pfi_ifs, kif); kif->pfik_flags |= PFI_IFLAG_REFS; mtx_lock(&pfi_unlnkdkifs_mtx); LIST_INSERT_HEAD(&V_pfi_unlinked_kifs, kif, pfik_list); mtx_unlock(&pfi_unlnkdkifs_mtx); } void pfi_kif_purge(void) { struct pfi_kif *kif, *kif1; /* * Do naive mark-and-sweep garbage collecting of old kifs. * Reference flag is raised by pf_purge_expired_states(). */ mtx_lock(&pfi_unlnkdkifs_mtx); LIST_FOREACH_SAFE(kif, &V_pfi_unlinked_kifs, pfik_list, kif1) { if (!(kif->pfik_flags & PFI_IFLAG_REFS)) { LIST_REMOVE(kif, pfik_list); free(kif, PFI_MTYPE); } else kif->pfik_flags &= ~PFI_IFLAG_REFS; } mtx_unlock(&pfi_unlnkdkifs_mtx); } int pfi_kif_match(struct pfi_kif *rule_kif, struct pfi_kif *packet_kif) { struct ifg_list *p; if (rule_kif == NULL || rule_kif == packet_kif) return (1); - if (rule_kif->pfik_group != NULL) - /* XXXGL: locking? */ + if (rule_kif->pfik_group != NULL) { + IF_ADDR_RLOCK(packet_kif->pfik_ifp); CK_STAILQ_FOREACH(p, &packet_kif->pfik_ifp->if_groups, ifgl_next) - if (p->ifgl_group == rule_kif->pfik_group) + if (p->ifgl_group == rule_kif->pfik_group) { + IF_ADDR_RUNLOCK(packet_kif->pfik_ifp); return (1); + } + IF_ADDR_RUNLOCK(packet_kif->pfik_ifp); + } + return (0); } static void pfi_attach_ifnet(struct ifnet *ifp) { struct pfi_kif *kif; kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); PF_RULES_WLOCK(); V_pfi_update++; kif = pfi_kif_attach(kif, ifp->if_xname); kif->pfik_ifp = ifp; ifp->if_pf_kif = kif; pfi_kif_update(kif); PF_RULES_WUNLOCK(); } static void pfi_attach_ifgroup(struct ifg_group *ifg) { struct pfi_kif *kif; kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); PF_RULES_WLOCK(); V_pfi_update++; kif = pfi_kif_attach(kif, ifg->ifg_group); kif->pfik_group = ifg; ifg->ifg_pf_kif = kif; PF_RULES_WUNLOCK(); } int pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af) { switch (af) { #ifdef INET case AF_INET: switch (dyn->pfid_acnt4) { case 0: return (0); case 1: return (PF_MATCHA(0, &dyn->pfid_addr4, &dyn->pfid_mask4, a, AF_INET)); default: return (pfr_match_addr(dyn->pfid_kt, a, AF_INET)); } break; #endif /* INET */ #ifdef INET6 case AF_INET6: switch (dyn->pfid_acnt6) { case 0: return (0); case 1: return (PF_MATCHA(0, &dyn->pfid_addr6, &dyn->pfid_mask6, a, AF_INET6)); default: return (pfr_match_addr(dyn->pfid_kt, a, AF_INET6)); } break; #endif /* INET6 */ default: return (0); } } int pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af) { struct pfi_dynaddr *dyn; char tblname[PF_TABLE_NAME_SIZE]; struct pf_ruleset *ruleset = NULL; struct pfi_kif *kif; int rv = 0; PF_RULES_WASSERT(); KASSERT(aw->type == PF_ADDR_DYNIFTL, ("%s: type %u", __func__, aw->type)); KASSERT(aw->p.dyn == NULL, ("%s: dyn is %p", __func__, aw->p.dyn)); if ((dyn = malloc(sizeof(*dyn), PFI_MTYPE, M_NOWAIT | M_ZERO)) == NULL) return (ENOMEM); if ((kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT)) == NULL) { free(dyn, PFI_MTYPE); return (ENOMEM); } if (!strcmp(aw->v.ifname, "self")) dyn->pfid_kif = pfi_kif_attach(kif, IFG_ALL); else dyn->pfid_kif = pfi_kif_attach(kif, aw->v.ifname); pfi_kif_ref(dyn->pfid_kif); dyn->pfid_net = pfi_unmask(&aw->v.a.mask); if (af == AF_INET && dyn->pfid_net == 32) dyn->pfid_net = 128; strlcpy(tblname, aw->v.ifname, sizeof(tblname)); if (aw->iflags & PFI_AFLAG_NETWORK) strlcat(tblname, ":network", sizeof(tblname)); if (aw->iflags & PFI_AFLAG_BROADCAST) strlcat(tblname, ":broadcast", sizeof(tblname)); if (aw->iflags & PFI_AFLAG_PEER) strlcat(tblname, ":peer", sizeof(tblname)); if (aw->iflags & PFI_AFLAG_NOALIAS) strlcat(tblname, ":0", sizeof(tblname)); if (dyn->pfid_net != 128) snprintf(tblname + strlen(tblname), sizeof(tblname) - strlen(tblname), "/%d", dyn->pfid_net); if ((ruleset = pf_find_or_create_ruleset(PF_RESERVED_ANCHOR)) == NULL) { rv = ENOMEM; goto _bad; } if ((dyn->pfid_kt = pfr_attach_table(ruleset, tblname)) == NULL) { rv = ENOMEM; goto _bad; } dyn->pfid_kt->pfrkt_flags |= PFR_TFLAG_ACTIVE; dyn->pfid_iflags = aw->iflags; dyn->pfid_af = af; TAILQ_INSERT_TAIL(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry); aw->p.dyn = dyn; pfi_kif_update(dyn->pfid_kif); return (0); _bad: if (dyn->pfid_kt != NULL) pfr_detach_table(dyn->pfid_kt); if (ruleset != NULL) pf_remove_if_empty_ruleset(ruleset); if (dyn->pfid_kif != NULL) pfi_kif_unref(dyn->pfid_kif); free(dyn, PFI_MTYPE); return (rv); } static void pfi_kif_update(struct pfi_kif *kif) { struct ifg_list *ifgl; struct pfi_dynaddr *p; PF_RULES_WASSERT(); /* update all dynaddr */ TAILQ_FOREACH(p, &kif->pfik_dynaddrs, entry) pfi_dynaddr_update(p); /* again for all groups kif is member of */ if (kif->pfik_ifp != NULL) { IF_ADDR_RLOCK(kif->pfik_ifp); CK_STAILQ_FOREACH(ifgl, &kif->pfik_ifp->if_groups, ifgl_next) pfi_kif_update((struct pfi_kif *) ifgl->ifgl_group->ifg_pf_kif); IF_ADDR_RUNLOCK(kif->pfik_ifp); } } static void pfi_dynaddr_update(struct pfi_dynaddr *dyn) { struct pfi_kif *kif; struct pfr_ktable *kt; PF_RULES_WASSERT(); KASSERT(dyn && dyn->pfid_kif && dyn->pfid_kt, ("%s: bad argument", __func__)); kif = dyn->pfid_kif; kt = dyn->pfid_kt; if (kt->pfrkt_larg != V_pfi_update) { /* this table needs to be brought up-to-date */ pfi_table_update(kt, kif, dyn->pfid_net, dyn->pfid_iflags); kt->pfrkt_larg = V_pfi_update; } pfr_dynaddr_update(kt, dyn); } static void pfi_table_update(struct pfr_ktable *kt, struct pfi_kif *kif, int net, int flags) { int e, size2 = 0; struct ifg_member *ifgm; V_pfi_buffer_cnt = 0; if (kif->pfik_ifp != NULL) pfi_instance_add(kif->pfik_ifp, net, flags); else if (kif->pfik_group != NULL) { IFNET_RLOCK_NOSLEEP(); CK_STAILQ_FOREACH(ifgm, &kif->pfik_group->ifg_members, ifgm_next) pfi_instance_add(ifgm->ifgm_ifp, net, flags); IFNET_RUNLOCK_NOSLEEP(); } if ((e = pfr_set_addrs(&kt->pfrkt_t, V_pfi_buffer, V_pfi_buffer_cnt, &size2, NULL, NULL, NULL, 0, PFR_TFLAG_ALLMASK))) printf("%s: cannot set %d new addresses into table %s: %d\n", __func__, V_pfi_buffer_cnt, kt->pfrkt_name, e); } static void pfi_instance_add(struct ifnet *ifp, int net, int flags) { struct ifaddr *ia; int got4 = 0, got6 = 0; int net2, af; IF_ADDR_RLOCK(ifp); CK_STAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { if (ia->ifa_addr == NULL) continue; af = ia->ifa_addr->sa_family; if (af != AF_INET && af != AF_INET6) continue; /* * XXX: For point-to-point interfaces, (ifname:0) and IPv4, * jump over addresses without a proper route to work * around a problem with ppp not fully removing the * address used during IPCP. */ if ((ifp->if_flags & IFF_POINTOPOINT) && !(ia->ifa_flags & IFA_ROUTE) && (flags & PFI_AFLAG_NOALIAS) && (af == AF_INET)) continue; if ((flags & PFI_AFLAG_BROADCAST) && af == AF_INET6) continue; if ((flags & PFI_AFLAG_BROADCAST) && !(ifp->if_flags & IFF_BROADCAST)) continue; if ((flags & PFI_AFLAG_PEER) && !(ifp->if_flags & IFF_POINTOPOINT)) continue; if ((flags & PFI_AFLAG_NETWORK) && af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL( &((struct sockaddr_in6 *)ia->ifa_addr)->sin6_addr)) continue; if (flags & PFI_AFLAG_NOALIAS) { if (af == AF_INET && got4) continue; if (af == AF_INET6 && got6) continue; } if (af == AF_INET) got4 = 1; else if (af == AF_INET6) got6 = 1; net2 = net; if (net2 == 128 && (flags & PFI_AFLAG_NETWORK)) { if (af == AF_INET) net2 = pfi_unmask(&((struct sockaddr_in *) ia->ifa_netmask)->sin_addr); else if (af == AF_INET6) net2 = pfi_unmask(&((struct sockaddr_in6 *) ia->ifa_netmask)->sin6_addr); } if (af == AF_INET && net2 > 32) net2 = 32; if (flags & PFI_AFLAG_BROADCAST) pfi_address_add(ia->ifa_broadaddr, af, net2); else if (flags & PFI_AFLAG_PEER) pfi_address_add(ia->ifa_dstaddr, af, net2); else pfi_address_add(ia->ifa_addr, af, net2); } IF_ADDR_RUNLOCK(ifp); } static void pfi_address_add(struct sockaddr *sa, int af, int net) { struct pfr_addr *p; int i; if (V_pfi_buffer_cnt >= V_pfi_buffer_max) { int new_max = V_pfi_buffer_max * 2; if (new_max > PFI_BUFFER_MAX) { printf("%s: address buffer full (%d/%d)\n", __func__, V_pfi_buffer_cnt, PFI_BUFFER_MAX); return; } p = malloc(new_max * sizeof(*V_pfi_buffer), PFI_MTYPE, M_NOWAIT); if (p == NULL) { printf("%s: no memory to grow buffer (%d/%d)\n", __func__, V_pfi_buffer_cnt, PFI_BUFFER_MAX); return; } memcpy(p, V_pfi_buffer, V_pfi_buffer_max * sizeof(*V_pfi_buffer)); /* no need to zero buffer */ free(V_pfi_buffer, PFI_MTYPE); V_pfi_buffer = p; V_pfi_buffer_max = new_max; } if (af == AF_INET && net > 32) net = 128; p = V_pfi_buffer + V_pfi_buffer_cnt++; bzero(p, sizeof(*p)); p->pfra_af = af; p->pfra_net = net; if (af == AF_INET) p->pfra_ip4addr = ((struct sockaddr_in *)sa)->sin_addr; else if (af == AF_INET6) { p->pfra_ip6addr = ((struct sockaddr_in6 *)sa)->sin6_addr; if (IN6_IS_SCOPE_EMBED(&p->pfra_ip6addr)) p->pfra_ip6addr.s6_addr16[1] = 0; } /* mask network address bits */ if (net < 128) ((caddr_t)p)[p->pfra_net/8] &= ~(0xFF >> (p->pfra_net%8)); for (i = (p->pfra_net+7)/8; i < sizeof(p->pfra_u); i++) ((caddr_t)p)[i] = 0; } void pfi_dynaddr_remove(struct pfi_dynaddr *dyn) { KASSERT(dyn->pfid_kif != NULL, ("%s: null pfid_kif", __func__)); KASSERT(dyn->pfid_kt != NULL, ("%s: null pfid_kt", __func__)); TAILQ_REMOVE(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry); pfi_kif_unref(dyn->pfid_kif); pfr_detach_table(dyn->pfid_kt); free(dyn, PFI_MTYPE); } void pfi_dynaddr_copyout(struct pf_addr_wrap *aw) { KASSERT(aw->type == PF_ADDR_DYNIFTL, ("%s: type %u", __func__, aw->type)); if (aw->p.dyn == NULL || aw->p.dyn->pfid_kif == NULL) return; aw->p.dyncnt = aw->p.dyn->pfid_acnt4 + aw->p.dyn->pfid_acnt6; } static int pfi_if_compare(struct pfi_kif *p, struct pfi_kif *q) { return (strncmp(p->pfik_name, q->pfik_name, IFNAMSIZ)); } void pfi_update_status(const char *name, struct pf_status *pfs) { struct pfi_kif *p; struct pfi_kif_cmp key; struct ifg_member p_member, *ifgm; CK_STAILQ_HEAD(, ifg_member) ifg_members; int i, j, k; strlcpy(key.pfik_name, name, sizeof(key.pfik_name)); p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&key); if (p == NULL) return; if (p->pfik_group != NULL) { bcopy(&p->pfik_group->ifg_members, &ifg_members, sizeof(ifg_members)); } else { /* build a temporary list for p only */ bzero(&p_member, sizeof(p_member)); p_member.ifgm_ifp = p->pfik_ifp; CK_STAILQ_INIT(&ifg_members); CK_STAILQ_INSERT_TAIL(&ifg_members, &p_member, ifgm_next); } if (pfs) { bzero(pfs->pcounters, sizeof(pfs->pcounters)); bzero(pfs->bcounters, sizeof(pfs->bcounters)); } CK_STAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) { if (ifgm->ifgm_ifp == NULL || ifgm->ifgm_ifp->if_pf_kif == NULL) continue; p = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; /* just clear statistics */ if (pfs == NULL) { bzero(p->pfik_packets, sizeof(p->pfik_packets)); bzero(p->pfik_bytes, sizeof(p->pfik_bytes)); p->pfik_tzero = time_second; continue; } for (i = 0; i < 2; i++) for (j = 0; j < 2; j++) for (k = 0; k < 2; k++) { pfs->pcounters[i][j][k] += p->pfik_packets[i][j][k]; pfs->bcounters[i][j] += p->pfik_bytes[i][j][k]; } } } void pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size) { struct pfi_kif *p, *nextp; int n = 0; for (p = RB_MIN(pfi_ifhead, &V_pfi_ifs); p; p = nextp) { nextp = RB_NEXT(pfi_ifhead, &V_pfi_ifs, p); if (pfi_skip_if(name, p)) continue; if (*size <= n++) break; if (!p->pfik_tzero) p->pfik_tzero = time_second; bcopy(p, buf++, sizeof(*buf)); nextp = RB_NEXT(pfi_ifhead, &V_pfi_ifs, p); } *size = n; } static int pfi_skip_if(const char *filter, struct pfi_kif *p) { + struct ifg_list *i; int n; if (filter == NULL || !*filter) return (0); if (!strcmp(p->pfik_name, filter)) return (0); /* exact match */ n = strlen(filter); if (n < 1 || n >= IFNAMSIZ) return (1); /* sanity check */ if (filter[n-1] >= '0' && filter[n-1] <= '9') - return (1); /* only do exact match in that case */ - if (strncmp(p->pfik_name, filter, n)) - return (1); /* prefix doesn't match */ - return (p->pfik_name[n] < '0' || p->pfik_name[n] > '9'); + return (1); /* group names may not end in a digit */ + if (p->pfik_ifp != NULL) { + IF_ADDR_RLOCK(p->pfik_ifp); + CK_STAILQ_FOREACH(i, &p->pfik_ifp->if_groups, ifgl_next) { + if (!strncmp(i->ifgl_group->ifg_group, filter, + IFNAMSIZ)) { + IF_ADDR_RUNLOCK(p->pfik_ifp); + return (0); /* iface is in group "filter" */ + } + } + IF_ADDR_RUNLOCK(p->pfik_ifp); + } + return (1); } int pfi_set_flags(const char *name, int flags) { struct pfi_kif *p; RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) { if (pfi_skip_if(name, p)) continue; p->pfik_flags |= flags; } return (0); } int pfi_clear_flags(const char *name, int flags) { struct pfi_kif *p; RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) { if (pfi_skip_if(name, p)) continue; p->pfik_flags &= ~flags; } return (0); } /* from pf_print_state.c */ static int pfi_unmask(void *addr) { struct pf_addr *m = addr; int i = 31, j = 0, b = 0; u_int32_t tmp; while (j < 4 && m->addr32[j] == 0xffffffff) { b += 32; j++; } if (j < 4) { tmp = ntohl(m->addr32[j]); for (i = 31; tmp & (1 << i); --i) b++; } return (b); } static void pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp) { if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ return; } pfi_attach_ifnet(ifp); #ifdef ALTQ PF_RULES_WLOCK(); pf_altq_ifnet_event(ifp, 0); PF_RULES_WUNLOCK(); #endif } static void pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp) { struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif; if (kif == NULL) return; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ return; } PF_RULES_WLOCK(); V_pfi_update++; pfi_kif_update(kif); kif->pfik_ifp = NULL; ifp->if_pf_kif = NULL; #ifdef ALTQ pf_altq_ifnet_event(ifp, 1); #endif PF_RULES_WUNLOCK(); } static void pfi_attach_group_event(void *arg __unused, struct ifg_group *ifg) { if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ return; } pfi_attach_ifgroup(ifg); } static void pfi_change_group_event(void *arg __unused, char *gname) { struct pfi_kif *kif; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ return; } kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); PF_RULES_WLOCK(); V_pfi_update++; kif = pfi_kif_attach(kif, gname); pfi_kif_update(kif); PF_RULES_WUNLOCK(); } static void pfi_detach_group_event(void *arg __unused, struct ifg_group *ifg) { struct pfi_kif *kif = (struct pfi_kif *)ifg->ifg_pf_kif; if (kif == NULL) return; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ return; } PF_RULES_WLOCK(); V_pfi_update++; kif->pfik_group = NULL; ifg->ifg_pf_kif = NULL; PF_RULES_WUNLOCK(); } static void pfi_ifaddr_event(void *arg __unused, struct ifnet *ifp) { if (ifp->if_pf_kif == NULL) return; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ return; } PF_RULES_WLOCK(); if (ifp && ifp->if_pf_kif) { V_pfi_update++; pfi_kif_update(ifp->if_pf_kif); } PF_RULES_WUNLOCK(); } Index: projects/clang700-import/usr.bin/at/Makefile =================================================================== --- projects/clang700-import/usr.bin/at/Makefile (revision 337646) +++ projects/clang700-import/usr.bin/at/Makefile (revision 337647) @@ -1,32 +1,35 @@ # $FreeBSD$ .include "${.CURDIR}/Makefile.inc" +CONFS= atrun +CONFSDIR= /etc/cron.d +CONFSNAME= at PROG= at SRCS= at.c panic.c parsetime.c perm.c LINKS= ${BINDIR}/at ${BINDIR}/atq \ ${BINDIR}/at ${BINDIR}/atrm \ ${BINDIR}/at ${BINDIR}/batch MLINKS= at.1 batch.1 \ at.1 atq.1 \ at.1 atrm.1 NO_WFORMAT= BINOWN= root BINMODE= 4555 CLEANFILES+= at.1 at.1: at.man @${ECHO} Making ${.TARGET:T} from ${.ALLSRC:T}; \ sed -e \ "s@_ATSPOOL_DIR@$(ATSPOOL_DIR)@g; \ s@_ATJOB_DIR@$(ATJOB_DIR)@g; \ s@_DEFAULT_BATCH_QUEUE@$(DEFAULT_BATCH_QUEUE)@g; \ s@_DEFAULT_AT_QUEUE@$(DEFAULT_AT_QUEUE)@g; \ s@_LOADAVG_MX@$(LOADAVG_MX)@g; \ s@_PERM_PATH@$(PERM_PATH)@g; \ s@_LOCKFILE@$(LOCKFILE)@g" \ < ${.ALLSRC} > ${.TARGET} .include Index: projects/clang700-import/usr.bin/at/at.man =================================================================== --- projects/clang700-import/usr.bin/at/at.man (revision 337646) +++ projects/clang700-import/usr.bin/at/at.man (revision 337647) @@ -1,362 +1,363 @@ .\" $FreeBSD$ -.Dd June 1, 2018 +.Dd August 11, 2018 .Dt "AT" 1 .Os .Sh NAME .Nm at , .Nm batch , .Nm atq , .Nm atrm .Nd queue, examine or delete jobs for later execution .Sh SYNOPSIS .Nm at .Op Fl q Ar queue .Op Fl f Ar file .Op Fl mldbv .Ar time .Nm at .Op Fl q Ar queue .Op Fl f Ar file .Op Fl mldbv .Fl t .Sm off .Op Oo Ar CC Oc Ar YY .Ar MM DD hh mm Op . Ar SS .Sm on .Nm at .Fl c Ar job Op Ar job ... .Nm at .Fl l Op Ar job ... .Nm at .Fl l .Fl q Ar queue .Nm at .Fl r Ar job Op Ar job ... .Pp .Nm atq .Op Fl q Ar queue .Op Fl v .Pp .Nm atrm .Ar job .Op Ar job ... .Pp .Nm batch .Op Fl q Ar queue .Op Fl f Ar file .Op Fl mv .Op Ar time .Sh DESCRIPTION The .Nm at and .Nm batch utilities read commands from standard input or a specified file which are to be executed at a later time, using .Xr sh 1 . .Bl -tag -width indent .It Nm at executes commands at a specified time; .It Nm atq lists the user's pending jobs, unless the user is the superuser; in that case, everybody's jobs are listed; .It Nm atrm deletes jobs; .It Nm batch -executes commands when system load levels permit; in other words, when the load average -drops below _LOADAVG_MX, or the value specified in the invocation of +executes commands when system load levels permit; in other words, when +the load average drops below _LOADAVG_MX times number of active CPUs, +or the value specified in the invocation of .Nm atrun . .El .Pp The .Nm at utility allows some moderately complex .Ar time specifications. It accepts times of the form .Ar HHMM or .Ar HH:MM to run a job at a specific time of day. (If that time is already past, the next day is assumed.) As an alternative, the following keywords may be specified: .Em midnight , .Em noon , or .Em teatime (4pm) and time-of-day may be suffixed with .Em AM or .Em PM for running in the morning or the evening. The day on which the job is to be run may also be specified by giving a date in the form .Ar \%month-name day with an optional .Ar year , or giving a date of the forms .Ar DD.MM.YYYY , .Ar DD.MM.YY , .Ar MM/DD/YYYY , .Ar MM/DD/YY , .Ar MMDDYYYY , or .Ar MMDDYY . The specification of a date must follow the specification of the time of day. Time can also be specified as: .Op Em now .Em + Ar count \%time-units , where the time-units can be .Em minutes , .Em hours , .Em days , .Em weeks , .Em months or .Em years and .Nm may be told to run the job today by suffixing the time with .Em today and to run the job tomorrow by suffixing the time with .Em tomorrow . .Pp For example, to run a job at 4pm three days from now, use .Nm at Ar 4pm + 3 days , to run a job at 10:00am on July 31, use .Nm at Ar 10am Jul 31 and to run a job at 1am tomorrow, use .Nm at Ar 1am tomorrow . .Pp The .Nm at utility also supports the .Tn POSIX time format (see .Fl t option). .Pp For both .Nm and .Nm batch , commands are read from standard input or the file specified with the .Fl f option and executed. The working directory, the environment (except for the variables .Ev TERM , .Ev TERMCAP , .Ev DISPLAY and .Em _ ) and the .Ar umask are retained from the time of invocation. An .Nm or .Nm batch command invoked from a .Xr su 1 shell will retain the current userid. The user will be mailed standard error and standard output from his commands, if any. Mail will be sent using the command .Xr sendmail 8 . If .Nm is executed from a .Xr su 1 shell, the owner of the login shell will receive the mail. .Pp The superuser may use these commands in any case. For other users, permission to use .Nm is determined by the files .Pa _PERM_PATH/at.allow and .Pa _PERM_PATH/at.deny . .Pp If the file .Pa _PERM_PATH/at.allow exists, only usernames mentioned in it are allowed to use .Nm . In these two files, a user is considered to be listed only if the user name has no blank or other characters before it on its line and a newline character immediately after the name, even at the end of the file. Other lines are ignored and may be used for comments. .Pp If .Pa _PERM_PATH/at.allow does not exist, .Pa _PERM_PATH/at.deny is checked, every username not mentioned in it is then allowed to use .Nm . .Pp If neither exists, only the superuser is allowed use of .Nm . This is the default configuration. .Sh IMPLEMENTATION NOTES Note that .Nm is implemented through the .Xr cron 8 daemon by calling .Xr atrun 8 every five minutes. This implies that the granularity of .Nm might not be optimal for every deployment. If a finer granularity is needed, the system crontab at .Pa /etc/crontab needs to be changed. .Sh OPTIONS .Bl -tag -width indent .It Fl q Ar queue Use the specified queue. A queue designation consists of a single letter; valid queue designations range from .Ar a to .Ar z and .Ar A to .Ar Z . The .Ar _DEFAULT_AT_QUEUE queue is the default for .Nm and the .Ar _DEFAULT_BATCH_QUEUE queue for .Nm batch . Queues with higher letters run with increased niceness. If a job is submitted to a queue designated with an uppercase letter, it is treated as if it had been submitted to batch at that time. If .Nm atq is given a specific queue, it will only show jobs pending in that queue. .It Fl m Send mail to the user when the job has completed even if there was no output. .It Fl f Ar file Read the job from .Ar file rather than standard input. .It Fl l With no arguments, list all jobs for the invoking user. If one or more job numbers are given, list only those jobs. .It Fl d Is an alias for .Nm atrm (this option is deprecated; use .Fl r instead). .It Fl b Is an alias for .Nm batch . .It Fl v For .Nm atq , shows completed but not yet deleted jobs in the queue; otherwise shows the time the job will be executed. .It Fl c Cat the jobs listed on the command line to standard output. .It Fl r Remove the specified jobs. .It Fl t Specify the job time using the \*[Px] time format. The argument should be in the form .Sm off .Op Oo Ar CC Oc Ar YY .Ar MM DD hh mm Op . Ar SS .Sm on where each pair of letters represents the following: .Pp .Bl -tag -width indent -compact -offset indent .It Ar CC The first two digits of the year (the century). .It Ar YY The second two digits of the year. .It Ar MM The month of the year, from 1 to 12. .It Ar DD the day of the month, from 1 to 31. .It Ar hh The hour of the day, from 0 to 23. .It Ar mm The minute of the hour, from 0 to 59. .It Ar SS The second of the minute, from 0 to 60. .El .Pp If the .Ar CC and .Ar YY letter pairs are not specified, the values default to the current year. If the .Ar SS letter pair is not specified, the value defaults to 0. .El .Sh FILES .Bl -tag -width _ATJOB_DIR/_LOCKFILE -compact .It Pa _ATJOB_DIR directory containing job files .It Pa _ATSPOOL_DIR directory containing output spool files .It Pa /var/run/utx.active login records .It Pa _PERM_PATH/at.allow allow permission control .It Pa _PERM_PATH/at.deny deny permission control .It Pa _ATJOB_DIR/_LOCKFILE job-creation lock file .El .Sh SEE ALSO .Xr nice 1 , .Xr sh 1 , .Xr umask 2 , .Xr atrun 8 , .Xr cron 8 , .Xr sendmail 8 .Sh AUTHORS .An -nosplit At was mostly written by .An Thomas Koenig Aq Mt ig25@rz.uni-karlsruhe.de . The time parsing routines are by .An David Parsons Aq Mt orc@pell.chi.il.us , with minor enhancements by .An Joe Halpin Aq Mt joe.halpin@attbi.com . .Sh BUGS If the file .Pa /var/run/utx.active is not available or corrupted, or if the user is not logged on at the time .Nm is invoked, the mail is sent to the userid found in the environment variable .Ev LOGNAME . If that is undefined or empty, the current userid is assumed. .Pp The .Nm at and .Nm batch utilities as presently implemented are not suitable when users are competing for resources. If this is the case, another batch system such as .Em nqs may be more suitable. .Pp Specifying a date past 2038 may not work on some systems. Index: projects/clang700-import/usr.bin/at/atrun =================================================================== --- projects/clang700-import/usr.bin/at/atrun (nonexistent) +++ projects/clang700-import/usr.bin/at/atrun (revision 337647) @@ -0,0 +1,7 @@ +# $FreeBSD$ +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin + +# See crontab(5) for field format. +*/5 * * * * root /usr/libexec/atrun Property changes on: projects/clang700-import/usr.bin/at/atrun ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: projects/clang700-import/usr.sbin/auditd/Makefile =================================================================== --- projects/clang700-import/usr.sbin/auditd/Makefile (revision 337646) +++ projects/clang700-import/usr.sbin/auditd/Makefile (revision 337647) @@ -1,18 +1,30 @@ # # $FreeBSD$ # OPENBSMDIR=${SRCTOP}/contrib/openbsm .PATH: ${OPENBSMDIR}/bin/auditd CFLAGS+= -I${OPENBSMDIR} +OPENBSMETCDIR= ${OPENBSMDIR}/etc +CONFS= ${OPENBSMETCDIR}/audit_class +CONFSMODE_${OPENBSMETCDIR}/audit_class= 444 +CONFS+= ${OPENBSMETCDIR}/audit_control +CONFSMODE_${OPENBSMETCDIR}/audit_control= 600 +CONFS+= ${OPENBSMETCDIR}/audit_event +CONFSMODE_${OPENBSMETCDIR}/audit_event= 444 +CONFS+= ${OPENBSMETCDIR}/audit_user +CONFSMODE_${OPENBSMETCDIR}/audit_user= 600 +CONFS+= ${OPENBSMETCDIR}/audit_warn +CONFSMODE_${OPENBSMETCDIR}/audit_warn= 500 +CONFSDIR= /etc/security PROG= auditd SRCS= auditd.c audit_warn.c auditd_fbsd.c MAN= auditd.8 LIBADD= auditd bsm WARNS?= 3 .include Index: projects/clang700-import/usr.sbin/bsdinstall/scripts/keymap =================================================================== --- projects/clang700-import/usr.sbin/bsdinstall/scripts/keymap (revision 337646) +++ projects/clang700-import/usr.sbin/bsdinstall/scripts/keymap (revision 337647) @@ -1,238 +1,233 @@ #!/bin/sh #- # Copyright (c) 2011 Nathan Whitehorn # Copyright (c) 2013-2015 Devin Teske # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # ############################################################ INCLUDES BSDCFG_SHARE="/usr/share/bsdconfig" . $BSDCFG_SHARE/common.subr || exit 1 f_dprintf "%s: loading includes..." "$0" f_include $BSDCFG_SHARE/dialog.subr f_include $BSDCFG_SHARE/keymap.subr f_include $BSDCFG_SHARE/sysrc.subr ############################################################ CONFIGURATION # # Default file to store keymap selection in # : ${KEYMAPFILE:=$BSDINSTALL_TMPETC/rc.conf.keymap} -# -# Default path to keymap INDEX containing descriptions -# -: ${MAPDESCFILE:=/usr/share/syscons/keymaps/INDEX.keymaps} - ############################################################ GLOBALS # # Strings that should be moved to an i18n file and loaded with f_include_lang() # hline_arrows_tab_enter="Press arrows, TAB or ENTER" msg_continue_with_keymap="Continue with %s keymap" msg_default="default" msg_error="Error" msg_freebsd_installer="FreeBSD Installer" msg_keymap_menu_text="The system console driver for FreeBSD defaults to standard \"US\"\nkeyboard map. Other keymaps can be chosen below." msg_keymap_selection="Keymap Selection" msg_ok="OK" msg_select="Select" msg_test_keymap="Test %s keymap" msg_test_the_currently_selected_keymap="Test the currently selected keymap" msg_test_the_keymap_by_typing="Test the keymap by typing letters, numbers, and symbols. Characters\nshould match labels on the keyboard keys. Press Enter to stop testing." ############################################################ FUNCTIONS # dialog_keymap_test $keymap # # Activate $keymap and display an input box (without cancel button) for the # user to test keyboard input and return. Always returns success. # dialog_keymap_test() { local keym="$1" local title= # Calculated below local btitle= # Calculated below local prompt="$msg_test_the_keymap_by_typing" local hline= # Attempt to activate the keymap if [ "$keym" ]; then local err err=$( f_keymap_kbdcontrol "$keym" 2>&1 > /dev/null ) if [ "$err" ]; then f_dialog_title "$msg_error" f_dialog_msgbox "$err" f_dialog_title_restore return $FAILURE fi fi f_dialog_title "$( printf "$msg_test_keymap" "${keym:-$msg_default}" )" title="$DIALOG_TITLE" btitle="$DIALOG_BACKTITLE" f_dialog_title_restore local height width f_dialog_inputbox_size height width \ "$title" "$btitle" "$prompt" "" "$hline" $DIALOG \ --title "$title" \ --backtitle "$btitle" \ --hline "$hline" \ --ok-label "$msg_ok" \ --no-cancel \ --inputbox "$prompt" \ $height $width \ 2>/dev/null >&$DIALOG_TERMINAL_PASSTHRU_FD return $DIALOG_OK } ############################################################ MAIN # # Initialize # f_dialog_title "$msg_keymap_selection" f_dialog_backtitle "$msg_freebsd_installer" # # Die immediately if we can't dump the current keyboard map # #error=$( kbdcontrol -d 2>&1 > /dev/null ) || f_die $FAILURE "%s" "$error" # Capture Ctrl-C for clean-up trap 'rm -f $KEYMAPFILE; exit $FAILURE' SIGINT # Get a value from rc.conf(5) as initial value (if not being scripted) f_getvar $VAR_KEYMAP keymap if [ ! "$keymap" ]; then keymap=$( f_sysrc_get keymap ) case "$keymap" in [Nn][Oo]) keymap="";; esac fi # # Loop until the user has finalized their selection (by clicking the # [relabeled] Cancel button). # width=67 first_pass=1 back_from_testing= [ "$USE_XDIALOG" ] && width=70 prompt="$msg_keymap_menu_text" hline="$hline_arrows_tab_enter" while :; do # # Re/Build list of keymaps # cont_msg=$( printf "$msg_continue_with_keymap" \ "${keymap:-$msg_default}" ) test_msg=$( printf "$msg_test_keymap" "${keymap:-$msg_default}" ) menu_list=" '>>> $cont_msg' '' '$msg_continue_with_current_keymap' '->- $test_msg' '' '$msg_test_the_currently_selected_keymap' " # END-QUOTE if [ "$first_pass" ]; then defaultitem= first_pass= else defaultitem="->- $test_msg" fi for k in $KEYMAPS; do keymap_$k get keym keym keymap_$k get desc desc radio=" " if [ "$keym" = "$keymap" ]; then radio="*" if [ "$back_from_testing" ]; then defaultitem="(*) $desc" back_from_testing= fi fi f_shell_escape "$desc" desc menu_list="$menu_list '($radio) $desc' '' '$keym: $desc' " # END-QUOTE done back_from_testing= # # Display keymap configuration menu # eval f_dialog_menu_with_help_size height \"\" rows \ \"\$DIALOG_TITLE\" \ \"\$DIALOG_BACKTITLE\" \ \"\$prompt\" \ \"\$hline\" \ $menu_list menu_choice=$( eval $DIALOG \ --title \"\$DIALOG_TITLE\" \ --backtitle \"\$DIALOG_BACKTITLE\" \ --hline \"\$hline\" \ --keep-tite \ --item-help \ --ok-label \"\$msg_select\" \ --cancel-label \"\$msg_cancel\" \ --default-item \"\$defaultitem\" \ --menu \"\$prompt\" \ $height $width $rows \ $menu_list \ 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD ) || { f_quietly rm -f "$KEYMAPFILE" exit $FAILURE # Exit with an error so bsdinstall restarts } f_dialog_data_sanitize menu_choice case "$menu_choice" in ">>> "*) # Continue with keymap break ;; "->-"*) # Test keymap dialog_keymap_test "$keymap" back_from_testing=1 continue ;; esac # Turn the user's choice into a number n=$( eval f_dialog_menutag2index_with_help \ \"\$menu_choice\" $menu_list ) # Turn that number ithe name of the keymap struct k=$( set -- $KEYMAPS; eval echo \"\${$(( $n - 2))}\" ) # Get actual keymap setting while we update $keymap and $KEYMAPFILE keymap_$k get keym keymap echo "keymap=\"$keymap\"" > "$KEYMAPFILE" done f_quietly f_keymap_kbdcontrol "$keymap" exit $SUCCESS ################################################################################ # END ################################################################################ Index: projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/Makefile =================================================================== --- projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/Makefile (revision 337646) +++ projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/Makefile (revision 337647) @@ -1,153 +1,155 @@ # $FreeBSD$ # # Author: Harti Brandt .include CONTRIB=${SRCTOP}/contrib/bsnmp .PATH: ${CONTRIB}/snmpd +CONFS= snmpd.config +CONFSMODE= 600 PROG= bsnmpd SRCS= main.c action.c config.c export.c trap.c trans_udp.c trans_lsock.c SRCS+= oid.h tree.c tree.h XSYM= snmpMIB begemotSnmpdModuleTable begemotSnmpd begemotTrapSinkTable \ sysUpTime snmpTrapOID coldStart authenticationFailure \ begemotSnmpdTransUdp begemotSnmpdTransLsock begemotSnmpdLocalPortTable \ freeBSD freeBSDVersion CLEANFILES= oid.h tree.c tree.h MAN= bsnmpd.1 snmpmod.3 MLINKS+= snmpmod.3 FIND_OBJECT_INT.3 MLINKS+= snmpmod.3 FIND_OBJECT_INT_LINK.3 MLINKS+= snmpmod.3 FIND_OBJECT_INT_LINK_INDEX.3 MLINKS+= snmpmod.3 FIND_OBJECT_OID.3 MLINKS+= snmpmod.3 FIND_OBJECT_OID_LINK.3 MLINKS+= snmpmod.3 FIND_OBJECT_OID_LINK_INDEX.3 MLINKS+= snmpmod.3 INSERT_OBJECT_INT.3 MLINKS+= snmpmod.3 INSERT_OBJECT_INT_LINK.3 MLINKS+= snmpmod.3 INSERT_OBJECT_INT_LINK_INDEX.3 MLINKS+= snmpmod.3 INSERT_OBJECT_OID.3 MLINKS+= snmpmod.3 INSERT_OBJECT_OID_LINK.3 MLINKS+= snmpmod.3 INSERT_OBJECT_OID_LINK_INDEX.3 MLINKS+= snmpmod.3 NEXT_OBJECT_INT.3 MLINKS+= snmpmod.3 NEXT_OBJECT_INT_LINK.3 MLINKS+= snmpmod.3 NEXT_OBJECT_INT_LINK_INDEX.3 MLINKS+= snmpmod.3 NEXT_OBJECT_OID.3 MLINKS+= snmpmod.3 NEXT_OBJECT_OID_LINK.3 MLINKS+= snmpmod.3 NEXT_OBJECT_OID_LINK_INDEX.3 MLINKS+= snmpmod.3 bsnmpd_get_target_stats.3 MLINKS+= snmpmod.3 bsnmpd_get_usm_stats.3 MLINKS+= snmpmod.3 bsnmpd_reset_usm_stats.3 MLINKS+= snmpmod.3 buf_alloc.3 MLINKS+= snmpmod.3 buf_size.3 MLINKS+= snmpmod.3 comm_define.3 MLINKS+= snmpmod.3 community.3 MLINKS+= snmpmod.3 fd_deselect.3 MLINKS+= snmpmod.3 fd_resume.3 MLINKS+= snmpmod.3 fd_select.3 MLINKS+= snmpmod.3 fd_suspend.3 MLINKS+= snmpmod.3 get_ticks.3 MLINKS+= snmpmod.3 index_append.3 MLINKS+= snmpmod.3 index_append_off.3 MLINKS+= snmpmod.3 index_compare.3 MLINKS+= snmpmod.3 index_compare_off.3 MLINKS+= snmpmod.3 index_decode.3 MLINKS+= snmpmod.3 ip_commit.3 MLINKS+= snmpmod.3 ip_get.3 MLINKS+= snmpmod.3 ip_rollback.3 MLINKS+= snmpmod.3 ip_save.3 MLINKS+= snmpmod.3 or_register.3 MLINKS+= snmpmod.3 or_unregister.3 MLINKS+= snmpmod.3 oid_commit.3 MLINKS+= snmpmod.3 oid_get.3 MLINKS+= snmpmod.3 oid_rollback.3 MLINKS+= snmpmod.3 oid_save.3 MLINKS+= snmpmod.3 oid_usmNotInTimeWindows.3 MLINKS+= snmpmod.3 oid_usmUnknownEngineIDs.3 MLINKS+= snmpmod.3 oid_zeroDotZero.3 MLINKS+= snmpmod.3 reqid_allocate.3 MLINKS+= snmpmod.3 reqid_base.3 MLINKS+= snmpmod.3 reqid_istype.3 MLINKS+= snmpmod.3 reqid_next.3 MLINKS+= snmpmod.3 reqid_type.3 MLINKS+= snmpmod.3 snmp_input_finish.3 MLINKS+= snmpmod.3 snmp_input_start.3 MLINKS+= snmpmod.3 snmp_output.3 MLINKS+= snmpmod.3 snmp_pdu_auth_access.3 MLINKS+= snmpmod.3 snmp_send_port.3 MLINKS+= snmpmod.3 snmp_send_trap.3 MLINKS+= snmpmod.3 snmpd_target_stat.3 MLINKS+= snmpmod.3 snmpd_usmstats.3 MLINKS+= snmpmod.3 start_tick.3 MLINKS+= snmpmod.3 string_commit.3 MLINKS+= snmpmod.3 string_free.3 MLINKS+= snmpmod.3 string_get.3 MLINKS+= snmpmod.3 string_get_max.3 MLINKS+= snmpmod.3 string_rollback.3 MLINKS+= snmpmod.3 string_save.3 MLINKS+= snmpmod.3 systemg.3 MLINKS+= snmpmod.3 this_tick.3 MLINKS+= snmpmod.3 timer_start.3 MLINKS+= snmpmod.3 timer_start_repeat.3 MLINKS+= snmpmod.3 timer_stop.3 MLINKS+= snmpmod.3 target_activate_address.3 MLINKS+= snmpmod.3 target_address.3 MLINKS+= snmpmod.3 target_delete_address.3 MLINKS+= snmpmod.3 target_delete_notify.3 MLINKS+= snmpmod.3 target_delete_param.3 MLINKS+= snmpmod.3 target_first_address.3 MLINKS+= snmpmod.3 target_first_notify.3 MLINKS+= snmpmod.3 target_first_param.3 MLINKS+= snmpmod.3 target_flush_all.3 MLINKS+= snmpmod.3 target_next_address.3 MLINKS+= snmpmod.3 target_next_notify.3 MLINKS+= snmpmod.3 target_next_param.3 MLINKS+= snmpmod.3 target_new_address.3 MLINKS+= snmpmod.3 target_new_notify.3 MLINKS+= snmpmod.3 target_new_param.3 MLINKS+= snmpmod.3 target_notify.3 MLINKS+= snmpmod.3 target_param.3 MLINKS+= snmpmod.3 usm_delete_user.3 MLINKS+= snmpmod.3 usm_find_user.3 MLINKS+= snmpmod.3 usm_first_user.3 MLINKS+= snmpmod.3 usm_flush_users.3 MLINKS+= snmpmod.3 usm_next_user.3 MLINKS+= snmpmod.3 usm_new_user.3 MLINKS+= snmpmod.3 usm_user.3 FILESGROUPS= BMIBS DEFS BMIBS= FOKUS-MIB.txt BEGEMOT-MIB.txt BEGEMOT-SNMPD.txt BMIBSDIR= ${SHAREDIR}/snmp/mibs DEFS= tree.def DEFSDIR= ${SHAREDIR}/snmp/defs CFLAGS+= -I${CONTRIB}/lib -I${CONTRIB}/snmpd -I. -DUSE_LIBBEGEMOT CFLAGS+= -DHAVE_STDINT_H -DHAVE_INTTYPES_H -DHAVE_ERR_H -DHAVE_STRLCPY LIBADD= begemot bsnmp LDFLAGS= -Wl,-export-dynamic .if ${MK_OPENSSL} != "no" CFLAGS+= -DHAVE_LIBCRYPTO .endif .if ${MK_TCP_WRAPPERS} != "no" CFLAGS+= -DUSE_TCPWRAPPERS LIBADD+= wrap .endif oid.h: tree.def Makefile gensnmptree -I${CONTRIB}/lib -e ${XSYM} < ${.ALLSRC:M*.def} > ${.TARGET} .ORDER: tree.c tree.h tree.h: .NOMETA tree.c tree.h: tree.def gensnmptree -I${CONTRIB}/lib -l -f < ${.ALLSRC} MANFILTER= sed -e 's%@MODPATH@%${LIBDIR}/%g' \ -e 's%@DEFPATH@%${DEFSDIR}/%g' \ -e 's%@MIBSPATH@%${BMIBSDIR}/%g' .include Index: projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config =================================================================== --- projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config (nonexistent) +++ projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config (revision 337647) @@ -0,0 +1,322 @@ +# $FreeBSD$ +# +# Example configuration file for bsnmpd(1). +# + +# +# Set some common variables +# +location := "Room 200" +contact := "sysmeister@example.com" +system := 1 # FreeBSD +traphost := localhost +trapport := 162 + +# +# Set the SNMP engine ID. +# +# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via +# this configuration file, an ID is assigned based on the value of the +# kern.hostid variable +# engine := 0x80:0x10:0x08:0x10:0x80:0x25 +# snmpEngineID = $(engine) + +# Change this! +read := "public" +# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community +# string to enable write access. +write := "geheim" +trap := "mytrap" + +# +# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options +# + +NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 +HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 +HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 +NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 +DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 +AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 + +# +# Enumerations from SNMP-FRAMEWORK-MIB +# + +# Security models +securityModelAny := 0 +securityModelSNMPv1 := 1 +securityModelSNMPv2c := 2 +securityModelUSM := 3 + +# Message Processing models +MPmodelSNMPv1 := 0 +MPmodelSNMPv2c := 1 +MPmodelSNMPv3 := 3 + +# Security levels +noAuthNoPriv := 1 +authNoPriv := 2 +authPriv := 3 + + +# SNMPv3 USM User definition +# +# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, +# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking +# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other +# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" +# with a private password "bsnmptest", localized for the above engine ID. +# +#user1 := "bsnmp" +#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 + +# +# Configuration +# +%snmpd +begemotSnmpdDebugDumpPdus = 2 +begemotSnmpdDebugSyslogPri = 7 + +# +# Set the read and write communities. +# +# The default value of the community strings is NULL (note, that this is +# different from the empty string). This disables both read and write access. +# To enable read access only the read community string must be set. Setting +# the write community string enables both read and write access with that +# string. +# +# Be sure to understand the security implications of SNMPv2 - the community +# strings are readable on the wire! +# +begemotSnmpdCommunityString.0.1 = $(read) +# begemotSnmpdCommunityString.0.2 = $(write) +begemotSnmpdCommunityDisable = 1 + +# open standard SNMP ports +begemotSnmpdPortStatus.0.0.0.0.161 = 1 + +# open a unix domain socket +begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 +begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 + +# send traps to the traphost +begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 +begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 +begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) + +sysContact = $(contact) +sysLocation = $(location) +sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) + +snmpEnableAuthenTraps = 2 + +# Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable +# modules + +# +# Control configuration for the modules in the module specific sections, e.g. +# the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the +# %usm specific section. You must uncomment the section specific header in +# order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)` +# can only be used if %usm is uncommented. +# +# Modules are loaded in the order listed, so they must be before any +# dependent modules, e.g. "mibII" vs "bridge". +# + +# +# MIB-2 module +# +begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" + +# +# Bridge module +# This requires the mibII module. +# +#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" + +# +# Host resources module +# This requires the mibII module. +# +#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" + +# +# LM75 Sensor module +# +#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so" + +# +# Netgraph module +# +#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" + +# +# pf(4) module +# +#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" + +# +# SNMPv3 Notification Targets +# +# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" + +# +# SNMPv3 User-based security module - must be loaded for SNMPv3 USM +# +#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" + +# +# SNMPv3 View-based Access Control module +# +#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" + +# +# Wireless module +# This requires the mibII module. +# +#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" + +# +# SNMPv3 USM User definition. +# + +#%usm + +# +# The following block creates a user with name "bsnmp" and sets privacy +# and encryption options to SHA256 message digests and AES encryption +# for this user. +# +# usmUserStatus.$(engine).$(user1) = 5 +# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) +# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) +# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) +# usmUserStatus.$(engine).$(user1) = 1 +# + +# +# The following block creates a user with name "public" with no authentication +# or encryption options. +# +# usmUserStatus.$(engine).$(read) = 5 +# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) +# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) +# usmUserStatus.$(engine).$(read) = 1 +# + +# +# Definition of view-based access control entries. +# +#%vacm + +# Definition of a SNMPv1 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 +# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) + +# Definition of SNMPv2 group +# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 +# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) + +# Definition of SNMPv3 group with users "bsnmp" and "public" +# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 +# vacmGroupName.$(securityModelUSM).$(user1) = $(write) +# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 +# vacmGroupName.$(securityModelUSM).$(read) = $(write) + +# +# The OID of the .iso.org.dod.internet subtree +# +# internetoid := 1.3.6.1 +# internetoidlen := 4 + +# +# Definitions of two views +# +# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 +# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 + +# +# Access control +# + +# +# Read-only access for SNMPv1 users +# +# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" + +# +# Read-write access for SNMPv2 users +# +# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" + +# +# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv +# +# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" + +# +#Read-write-notify access to restricted for SNMPv3 USM users with authPriv +# +# vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4 +# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" +# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" +# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" + +#%target +# Send notifications to target tag "test" +# tag := "test" +# snmpNotifyRowStatus.$(tag) = 4 +# snmpNotifyTag.$(tag) = $(tag) + +# tagremote := "testremote" +# snmpNotifyRowStatus.$(tagremote) = 4 +# snmpNotifyTag.$(tagremote) = $(tagremote) + +# +# Specify the target parameters for the notifications - send with the credentials +# of user "bsnmp" +# +# snmpTargetParamsRowStatus.$(tag) = 5 +# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) +# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) +# snmpTargetParamsSecurityName.$(tag) = $(user1) +# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) +# snmpTargetParamsRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on localhost +# +# snmpTargetAddrRowStatus.$(tag) = 5 +# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tag) = "test notification" +# snmpTargetAddrParams.$(tag) = $(tag) +# snmpTargetAddrRowStatus.$(tag) = 1 + +# +# Define the notifications' target address - port 162 on 10.0.0.1 +# +# snmpTargetAddrRowStatus.$(tagremote) = 5 +# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 +# snmpTargetAddrTagList.$(tagremote) = $(tagremote) +# snmpTargetAddrParams.$(tagremote) = $(tag) +# snmpTargetAddrRowStatus.$(tagremote) = 1 + +# Force a polling rate for the 64-bit interface counters in case +# the automatic computation is wrong (which may be the case if an interface +# announces the wrong bit rate via its MIB). +#%mibII +#begemotIfForcePoll = 2000 + +#%netgraph +#begemotNgControlNodeName = "snmpd" + Property changes on: projects/clang700-import/usr.sbin/bsnmpd/bsnmpd/snmpd.config ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: projects/clang700-import =================================================================== --- projects/clang700-import (revision 337646) +++ projects/clang700-import (revision 337647) Property changes on: projects/clang700-import ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r337619-337645