As per the developers handbook (5.3.1 step 1), prepare the vendor trees for

import of new ipfilter vendor sources by flattening them.

To keep the tags consistent with dist, the tags are also flattened.

Approved by:	glebius (Mentor)

1 files changed, 0 insertions, 2131 deletions

diff --git a/contrib/ipfilter/solaris.c b/contrib/ipfilter/solaris.c
deleted file mode 100644
index aa139d3..0000000
--- a/contrib/ipfilter/solaris.c
+++ /dev/null
@@ -1,2131 +0,0 @@
-/*
- * Copyright (C) 1993-2002 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/* #pragma ident   "@(#)solaris.c	1.12 6/5/96 (C) 1995 Darren Reed"*/
-#pragma ident "@(#)$Id: solaris.c,v 2.15.2.30 2002/04/23 14:57:51 darrenr Exp $"
-
-#include <sys/systm.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/uio.h>
-#include <sys/buf.h>
-#include <sys/modctl.h>
-#include <sys/open.h>
-#include <sys/kmem.h>
-#include <sys/conf.h>
-#include <sys/cmn_err.h>
-#include <sys/stat.h>
-#include <sys/cred.h>
-#include <sys/dditypes.h>
-#include <sys/stream.h>
-#include <sys/poll.h>
-#include <sys/autoconf.h>
-#include <sys/byteorder.h>
-#include <sys/socket.h>
-#include <sys/dlpi.h>
-#include <sys/stropts.h>
-#include <sys/sockio.h>
-#include <net/if.h>
-#if SOLARIS2 >= 6
-# include <net/if_types.h>
-#endif
-#include <net/af.h>
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/if_ether.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/tcpip.h>
-#include <netinet/ip_icmp.h>
-#include <sys/ddi.h>
-#include <sys/sunddi.h>
-#include "ip_compat.h"
-#include "ipl.h"
-#include "ip_fil.h"
-#include "ip_nat.h"
-#include "ip_state.h"
-
-
-char	_depends_on[] = "drv/ip";
-
-
-void	solipdrvattach __P((void));
-int	solipdrvdetach __P((void));
-
-void	solattach __P((void));
-int	soldetach __P((void));
-
-extern	struct	filterstats	frstats[];
-extern	KRWLOCK_T	ipf_mutex, ipfs_mutex, ipf_nat, ipf_solaris;
-extern	kmutex_t	ipf_rw;
-extern	int	fr_running;
-extern	int	fr_flags;
-
-extern ipnat_t *nat_list;
-
-static	qif_t	*qif_head = NULL;
-static	int	ipf_getinfo __P((dev_info_t *, ddi_info_cmd_t,
-				 void *, void **));
-static	int	ipf_probe __P((dev_info_t *));
-static	int	ipf_identify __P((dev_info_t *));
-static	int	ipf_attach __P((dev_info_t *, ddi_attach_cmd_t));
-static	int	ipf_detach __P((dev_info_t *, ddi_detach_cmd_t));
-static	qif_t	*qif_from_queue __P((queue_t *));
-static	void	fr_donotip __P((int, qif_t *, queue_t *, mblk_t *,
-				mblk_t *, ip_t *, size_t));
-static	char	*ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
-				    NULL };
-static	int	(*ipf_ip_inp) __P((queue_t *, mblk_t *)) = NULL;
-
-
-#if SOLARIS2 >= 7
-extern	void	ipfr_slowtimer __P((void *));
-timeout_id_t	ipfr_timer_id;
-static	timeout_id_t	synctimeoutid = 0;
-#else
-extern	void	ipfr_slowtimer __P((void));
-int	ipfr_timer_id;
-static	int	synctimeoutid = 0;
-#endif
-int	ipf_debug = 0;
-int	ipf_debug_verbose = 0;
-
-/* #undef	IPFDEBUG	1 */
-/* #undef	IPFDEBUG_VERBOSE	1 */
-#ifdef	IPFDEBUG
-void	printire __P((ire_t *));
-#endif
-#define	isdigit(x)	((x) >= '0' && (x) <= '9')
-
-static int	fr_precheck __P((mblk_t **, queue_t *, qif_t *, int));
-
-
-static struct cb_ops ipf_cb_ops = {
-	iplopen,
-	iplclose,
-	nodev,		/* strategy */
-	nodev,		/* print */
-	nodev,		/* dump */
-	iplread,
-	nodev,		/* write */
-	iplioctl,	/* ioctl */
-	nodev,		/* devmap */
-	nodev,		/* mmap */
-	nodev,		/* segmap */
-	nochpoll,	/* poll */
-	ddi_prop_op,
-	NULL,
-	D_MTSAFE,
-#if SOLARIS2 > 4
-	CB_REV,
-	nodev,		/* aread */
-	nodev,		/* awrite */
-#endif
-};
-
-static struct dev_ops ipf_ops = {
-	DEVO_REV,
-	0,
-	ipf_getinfo,
-	ipf_identify,
-	ipf_probe,
-	ipf_attach,
-	ipf_detach,
-	nodev,		/* reset */
-	&ipf_cb_ops,
-	(struct bus_ops *)0
-};
-
-extern struct mod_ops mod_driverops;
-static struct modldrv iplmod = {
-	&mod_driverops, IPL_VERSION, &ipf_ops };
-static struct modlinkage modlink1 = { MODREV_1, &iplmod, NULL };
-
-#if SOLARIS2 >= 6
-static	size_t	hdrsizes[57][2] = {
-	{ 0, 0 },
-	{ IFT_OTHER, 0 },
-	{ IFT_1822, 14 },	/* 14 for ire0 ?? */
-	{ IFT_HDH1822, 0 },
-	{ IFT_X25DDN, 0 },
-	{ IFT_X25, 0 },
-	{ IFT_ETHER, 14 },
-	{ IFT_ISO88023, 14 },
-	{ IFT_ISO88024, 0 },
-	{ IFT_ISO88025, 0 },
-	{ IFT_ISO88026, 0 },
-	{ IFT_STARLAN, 0 },
-	{ IFT_P10, 0 },
-	{ IFT_P80, 0 },
-	{ IFT_HY, 0 },
-	{ IFT_FDDI, 24 },
-	{ IFT_LAPB, 0 },
-	{ IFT_SDLC, 0 },
-	{ IFT_T1, 0 },
-	{ IFT_CEPT, 0 },
-	{ IFT_ISDNBASIC, 0 },
-	{ IFT_ISDNPRIMARY, 0 },
-	{ IFT_PTPSERIAL, 0 },
-	{ IFT_PPP, 0 },
-	{ IFT_LOOP, 0 },
-	{ IFT_EON, 0 },
-	{ IFT_XETHER, 0 },
-	{ IFT_NSIP, 0 },
-	{ IFT_SLIP, 0 },
-	{ IFT_ULTRA, 0 },
-	{ IFT_DS3, 0 },
-	{ IFT_SIP, 0 },
-	{ IFT_FRELAY, 0 },
-	{ IFT_RS232, 0 },
-	{ IFT_PARA, 0 },
-	{ IFT_ARCNET, 0 },
-	{ IFT_ARCNETPLUS, 0 },
-	{ IFT_ATM, 0 },
-	{ IFT_MIOX25, 0 },
-	{ IFT_SONET, 0 },
-	{ IFT_X25PLE, 0 },
-	{ IFT_ISO88022LLC, 0 },
-	{ IFT_LOCALTALK, 0 },
-	{ IFT_SMDSDXI, 0 },
-	{ IFT_FRELAYDCE, 0 },
-	{ IFT_V35, 0 },
-	{ IFT_HSSI, 0 },
-	{ IFT_HIPPI, 0 },
-	{ IFT_MODEM, 0 },
-	{ IFT_AAL5, 0 },
-	{ IFT_SONETPATH, 0 },
-	{ IFT_SONETVT, 0 },
-	{ IFT_SMDSICIP, 0 },
-	{ IFT_PROPVIRTUAL, 0 },
-	{ IFT_PROPMUX, 0 },
-};
-#endif /* SOLARIS2 >= 6 */
-
-static dev_info_t *ipf_dev_info = NULL;
-
-
-int _init()
-{
-	int ipfinst;
-
-	ipfinst = mod_install(&modlink1);
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: _init() = %d", ipfinst);
-#endif
-	return ipfinst;
-}
-
-
-int _fini(void)
-{
-	int ipfinst;
-
-	ipfinst = mod_remove(&modlink1);
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: _fini() = %d", ipfinst);
-#endif
-	return ipfinst;
-}
-
-
-int _info(modinfop)
-struct modinfo *modinfop;
-{
-	int ipfinst;
-
-	ipfinst = mod_info(&modlink1, modinfop);
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: _info(%x) = %x",
-			modinfop, ipfinst);
-#endif
-	if (fr_running > 0)
-		ipfsync();
-	return ipfinst;
-}
-
-
-static int ipf_probe(dip)
-dev_info_t *dip;
-{
-	if (fr_running < 0)
-		return DDI_PROBE_FAILURE;
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_probe(%x)", dip);
-#endif
-	return DDI_PROBE_SUCCESS;
-}
-
-
-static int ipf_identify(dip)
-dev_info_t *dip;
-{
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_identify(%x)", dip);
-#endif
-	if (strcmp(ddi_get_name(dip), "ipf") == 0)
-		return (DDI_IDENTIFIED);
-	return (DDI_NOT_IDENTIFIED);
-}
-
-
-static void ipf_ire_walk(ire, arg)
-ire_t *ire;
-void *arg;
-{
-	qif_t *qif = arg;
-
-	if ((ire->ire_type == IRE_CACHE) &&
-#if SOLARIS2 >= 6
-	    (ire->ire_ipif != NULL) &&
-	    (ire->ire_ipif->ipif_ill == qif->qf_ill)
-#else
-	    (ire_to_ill(ire) == qif->qf_ill)
-#endif
-	    ) {
-#if SOLARIS2 >= 8
-		mblk_t *m = ire->ire_fp_mp;
-#else
-		mblk_t *m = ire->ire_ll_hdr_mp;
-#endif
-		if (m != NULL)
-			qif->qf_hl = m->b_wptr - m->b_rptr;
-	}
-}
-
-
-static int ipf_attach(dip, cmd)
-dev_info_t *dip;
-ddi_attach_cmd_t cmd;
-{
-#ifdef	IPFDEBUG
-	int instance;
-
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_attach(%x,%x)", dip, cmd);
-#endif
-	switch (cmd) {
-	case DDI_ATTACH:
-		if (fr_running < 0)
-			break;
-#ifdef	IPFDEBUG
-		instance = ddi_get_instance(dip);
-
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: attach ipf instance %d", instance);
-#endif
-		if (ddi_create_minor_node(dip, "ipf", S_IFCHR, IPL_LOGIPF,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		if (ddi_create_minor_node(dip, "ipnat", S_IFCHR, IPL_LOGNAT,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		if (ddi_create_minor_node(dip, "ipstate", S_IFCHR,IPL_LOGSTATE,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		if (ddi_create_minor_node(dip, "ipauth", S_IFCHR, IPL_LOGAUTH,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		ipf_dev_info = dip;
-		sync();
-		/*
-		 * Initialize mutex's
-		 */
-		if (iplattach() == -1)
-			goto attach_failed;
-		/*
-		 * Lock people out while we set things up.
-		 */
-		WRITE_ENTER(&ipf_solaris);
-		solattach();
-		solipdrvattach();
-		RWLOCK_EXIT(&ipf_solaris);
-		cmn_err(CE_CONT, "%s, attaching complete.\n",
-			ipfilter_version);
-		sync();
-		if (fr_running == 0)
-			fr_running = 1;
-		if (ipfr_timer_id == 0)
-			ipfr_timer_id = timeout(ipfr_slowtimer, NULL,
-						drv_usectohz(500000));
-		if (fr_running == 1)
-			return DDI_SUCCESS;
-#if SOLARIS2 >= 8
-	case DDI_RESUME :
-	case DDI_PM_RESUME :
-		if (ipfr_timer_id == 0)
-			ipfr_timer_id = timeout(ipfr_slowtimer, NULL,
-						drv_usectohz(500000));
-		return DDI_SUCCESS;
-#endif
-	default:
-		return DDI_FAILURE;
-	}
-
-attach_failed:
-	cmn_err(CE_NOTE, "IP Filter: failed to attach\n");
-	/*
-	 * Use our own detach routine to toss
-	 * away any stuff we allocated above.
-	 */
-	(void) ipf_detach(dip, DDI_DETACH);
-	return DDI_FAILURE;
-}
-
-
-static int ipf_detach(dip, cmd)
-dev_info_t *dip;
-ddi_detach_cmd_t cmd;
-{
-	int i;
-
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_detach(%x,%x)", dip, cmd);
-#endif
-	switch (cmd) {
-	case DDI_DETACH:
-		if (fr_running <= 0)
-			break;
-		/*
-		 * Make sure we're the only one's modifying things.  With
-		 * this lock others should just fall out of the loop.
-		 */
-		mutex_enter(&ipf_rw);
-		if (ipfr_timer_id != 0) {
-			untimeout(ipfr_timer_id);
-			ipfr_timer_id = 0;
-		}
-		mutex_exit(&ipf_rw);
-		WRITE_ENTER(&ipf_solaris);
-		mutex_enter(&ipf_rw);
-		if (fr_running <= 0) {
-			mutex_exit(&ipf_rw);
-			return DDI_FAILURE;
-		}
-		fr_running = -1;
-		mutex_exit(&ipf_rw);
-		/* NOTE: ipf_solaris rwlock is released in ipldetach */
-
-		/*
-		 * Undo what we did in ipf_attach, freeing resources
-		 * and removing things we installed.  The system
-		 * framework guarantees we are not active with this devinfo
-		 * node in any other entry points at this time.
-		 */
-		ddi_prop_remove_all(dip);
-		i = ddi_get_instance(dip);
-		ddi_remove_minor_node(dip, NULL);
-		sync();
-		i = solipdrvdetach();
-		if (i > 0) {
-			cmn_err(CE_CONT, "IP Filter: still attached (%d)\n", i);
-			return DDI_FAILURE;
-		}
-		if (!soldetach()) {
-			cmn_err(CE_CONT, "%s detached\n", ipfilter_version);
-			return (DDI_SUCCESS);
-		}
-#if SOLARIS2 >= 8
-	case DDI_SUSPEND :
-	case DDI_PM_SUSPEND :
-		if (ipfr_timer_id != 0) {
-			untimeout(ipfr_timer_id);
-			ipfr_timer_id = 0;
-		}
-		if (synctimeoutid) {
-			untimeout(synctimeoutid);
-			synctimeoutid = 0;
-		}
-		return DDI_SUCCESS;
-#endif
-	default:
-		return (DDI_FAILURE);
-	}
-	return DDI_FAILURE;
-}
-
-
-static int ipf_getinfo(dip, infocmd, arg, result)
-dev_info_t *dip;
-ddi_info_cmd_t infocmd;
-void *arg, **result;
-{
-	int error;
-
-	if (fr_running <= 0)
-		return DDI_FAILURE;
-	error = DDI_FAILURE;
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_getinfo(%x,%x,%x)",
-			dip, infocmd, arg);
-#endif
-	switch (infocmd) {
-	case DDI_INFO_DEVT2DEVINFO:
-		*result = ipf_dev_info;
-		error = DDI_SUCCESS;
-		break;
-	case DDI_INFO_DEVT2INSTANCE:
-		*result = (void *)getminor((dev_t) arg);
-		error = DDI_SUCCESS;
-		break;
-	default:
-		break;
-	}
-	return (error);
-}
-
-/*
- * find the filter structure setup for this queue
- */
-static qif_t *qif_from_queue(q)
-queue_t *q;
-{
-	qif_t *qif;
-
-	for (qif = qif_head; qif; qif = qif->qf_next)
-		if ((qif->qf_iptr == q->q_ptr) || (qif->qf_optr == q->q_ptr))
-			break;
-	return qif;
-}
-
-
-/*
- * OK, this is pretty scrappy code, but then it's essentially just here for
- * debug purposes and that's it.  Packets should not normally come through
- * here, and if they do, well, we would like to see as much information as
- * possible about them and what they claim to hold.
- */
-void fr_donotip(out, qif, q, m, mt, ip, off)
-int out;
-qif_t *qif;
-queue_t *q;
-mblk_t *m, *mt;
-ip_t *ip;
-size_t off;
-{
-	u_char *s, outb[256], *t;
-	int i;
-
-	outb[0] = '\0';
-	outb[1] = '\0';
-	outb[2] = '\0';
-	outb[3] = '\0';
-	s = ip ? (u_char *)ip : outb;
-	if (!ip && (m == mt) && m->b_cont && (MTYPE(m) != M_DATA))
-		m = m->b_cont;
-
-	cmn_err(CE_CONT, " !IP %s:%d %d %p %p %p %d %p/%d %p/%d %p %d %d %p\n",
-		qif ? qif->qf_name : "?", out, qif ? qif->qf_hl : -1, q,
-		q ? q->q_ptr : NULL, q ? q->q_qinfo : NULL,
-		mt->b_wptr - mt->b_rptr, m, MTYPE(m), mt, MTYPE(mt), m->b_rptr,
-		m->b_wptr - m->b_rptr, off, ip);
-	cmn_err(CE_CONT, "%02x%02x%02x%02x\n", *s, *(s+1), *(s+2), *(s+3));
-	while (m != mt) {
-		i = 0;
-		t = outb;
-		s = mt->b_rptr;
-		sprintf((char *)t, "%d:", MTYPE(mt));
-		t += strlen((char *)t);
-		for (; (i < 100) && (s < mt->b_wptr); i++) {
-			sprintf((char *)t, "%02x%s", *s++,
-				((i & 3) == 3) ? " " : "");
-			t += ((i & 3) == 3) ? 3 : 2;
-		}
-		*t++ = '\n';
-		*t = '\0';
-		cmn_err(CE_CONT, "%s", outb);
-		mt = mt->b_cont;
-	}
-	i = 0;
-	t = outb;
-	s = m->b_rptr;
-	sprintf((char *)t, "%d:", MTYPE(m));
-	t += strlen((char *)t);
-	for (; (i < 100) && (s < m->b_wptr); i++) {
-		sprintf((char *)t, "%02x%s", *s++, ((i & 3) == 3) ? " " : "");
-		t += ((i & 3) == 3) ? 3 : 2;
-	}
-	*t++ = '\n';
-	*t = '\0';
-	cmn_err(CE_CONT, "%s", outb);
-}
-
-
-/*
- * find the first data mblk, if present, in the chain we're processing.  Also
- * make a few sanity checks to try prevent the filter from causing a panic -
- * none of the nice IP sanity checks (including checksumming) should have been
- * done yet (for incoming packets) - dangerous!
- */
-static int fr_precheck(mp, q, qif, out)
-mblk_t **mp;
-queue_t *q;
-qif_t *qif;
-int out;
-{
-	register mblk_t *m, *mt = *mp;
-	register ip_t *ip;
-	size_t hlen, len, off, off2, mlen, iphlen, plen, woff;
-	int err, synced = 0, sap, p, realigned = 0, multi = 0;
-	u_char *bp;
-#if SOLARIS2 >= 8
-	ip6_t *ip6;
-#endif
-#ifndef	sparc
-	u_short __ipoff;
-#endif
-tryagain:
-	ip = NULL;
-	m = NULL;
-	/*
-	 * If there is only M_DATA for a packet going out, then any header
-	 * information (which would otherwise appear in an M_PROTO mblk before
-	 * the M_DATA) is prepended before the IP header.  We need to set the
-	 * offset to account for this. - see MMM
-	 */
-	off = (out) ? qif->qf_hl : 0;
-
-	/*
-	 * If the message protocol block indicates that there isn't a data
-	 * block following it, just return back.
-	 */
-	bp = (u_char *)ALIGN32(mt->b_rptr);
-	if (MTYPE(mt) == M_PROTO || MTYPE(mt) == M_PCPROTO) {
-		dl_unitdata_ind_t *dl = (dl_unitdata_ind_t *)bp;
-		if (dl->dl_primitive == DL_UNITDATA_IND) {
-			multi = dl->dl_group_address;
-			m = mt->b_cont;
-			/*
-			 * This is a complete kludge to try and work around
-			 * some bizarre packets which drop through into
-			 * fr_donotip.
-			 */
-			if (m && multi && ((*((u_char *)m->b_rptr) == 0x0) &&
-			    ((*((u_char *)m->b_rptr + 2) == 0x45)))) {
-				ip = (ip_t *)(m->b_rptr + 2);
-				off = 2;
-			} else
-				off = 0;
-		} else if (dl->dl_primitive != DL_UNITDATA_REQ) {
-			ip = (ip_t *)dl;
-			if ((ip->ip_v == IPVERSION) &&
-			    (ip->ip_hl == (sizeof(*ip) >> 2)) &&
-			    (ntohs(ip->ip_len) == mt->b_wptr - mt->b_rptr)) {
-				off = 0;
-				m = mt;
-			} else {
-				frstats[out].fr_notdata++;
-				return 0;
-			}
-		}
-	}
-
-	/*
-	 * Find the first data block, count the data blocks in this chain and
-	 * the total amount of data.
-	 */
-	if (ip == NULL)
-		for (m = mt; m && (MTYPE(m) != M_DATA); m = m->b_cont)
-			off = 0;	/* Any non-M_DATA cancels the offset */
-
-	if (!m) {
-		frstats[out].fr_nodata++;
-		return 0;	/* No data blocks */
-	}
-
-	ip = (ip_t *)(m->b_rptr + off);		/* MMM */
-
-	/*
-	 * We might have a 1st data block which is really M_PROTO, i.e. it is
-	 * only big enough for the link layer header
-	 */
-	while ((u_char *)ip >= m->b_wptr) {
-		len = (u_char *)ip - m->b_wptr;
-		m = m->b_cont;
-		if (m == NULL)
-			return 0;	/* not enough data for IP */
-		ip = (ip_t *)(m->b_rptr + len);
-	}
-	off = (u_char *)ip - m->b_rptr;
-	if (off != 0)
-		m->b_rptr = (u_char *)ip;
-
-	len = m->b_wptr - m->b_rptr;
-	if (m->b_wptr < m->b_rptr) {
-		cmn_err(CE_NOTE, "!IP Filter: Bad packet: wptr %p < rptr %p",
-			m->b_wptr, m->b_rptr);
-		frstats[out].fr_bad++;
-		return -1;
-	}
-
-	mlen = msgdsize(m);
-	sap = qif->qf_ill->ill_sap;
-
-	if (sap == 0x800) {
-		u_short tlen;
-
-		hlen = sizeof(*ip);
-
-		/* XXX - might not be aligned (from ppp?) */
-		((char *)&tlen)[0] = ((char *)&ip->ip_len)[0];
-		((char *)&tlen)[1] = ((char *)&ip->ip_len)[1];
-
-		plen = ntohs(tlen);
-
-		sap = 0;
-	}
-#if SOLARIS2 >= 8
-	else if (sap == IP6_DL_SAP) {
-		u_short tlen;
-
-		hlen = sizeof(ip6_t);
-		ip6 = (ip6_t *)ip;
-		/* XXX - might not be aligned (from ppp?) */
-		((char *)&tlen)[0] = ((char *)&ip6->ip6_plen)[0];
-		((char *)&tlen)[1] = ((char *)&ip6->ip6_plen)[1];
-		plen = ntohs(tlen);
-		if (!plen)
-			return -1;	/* Jumbo gram */
-		plen += sizeof(*ip6);
-	}
-#endif
-	else {
-		plen = 0;
-		hlen = 0;
-		sap = -1;
-	}
-
-	/*
-	 * Ok, the IP header isn't on a 32bit aligned address so junk it.
-	 */
-	if (((u_long)ip & 0x3) || (plen > mlen) || (len < hlen) ||
-	    (sap == -1)) {
-		mblk_t *m1, *m2;
-		u_char *s, c;
-		int v;
-
-		/*
-		 * Junk using pullupmsg - it's next to useless.
-		 */
-fixalign:
-		if (off)
-			m->b_rptr -= off;
-		c = *(u_char *)ip;
-		c >>= 4;
-		if (c != 4
-#if SOLARIS2 >= 8
-		    && c != 6
-#endif
-		) {
-			frstats[out].fr_notip++;
-			return (fr_flags & FF_BLOCKNONIP) ? -1 : 0;
-		}
-
-		if (realigned)
-			return -1;
-		realigned = 1;
-		off2 = (size_t)((u_long)ip & 0x3);
-		if (off2)
-			off2 = 4 - off2;
-		len = msgdsize(m);
-		m2 = allocb(len + off2, BPRI_HI);
-		if (m2 == NULL) {
-			frstats[out].fr_pull[1]++;
-			return -1;
-		}
-
-		MTYPE(m2) = M_DATA;
-		if (m->b_rptr != (u_char *)ip)
-			m2->b_rptr += off2;
-		m2->b_wptr = m2->b_rptr + len;
-		m1 = m;
-		s = (u_char *)m->b_rptr;
-		for (bp = m2->b_rptr; m1 && (bp < m2->b_wptr); bp += len) {
-			len = MIN(m1->b_wptr - s, m2->b_wptr - bp);
-			bcopy(s, bp, len);
-			m1 = m1->b_cont;
-			if (m1)
-				s = m1->b_rptr;
-		}
-
-		if (mt != m && mt->b_cont == m && !off) {
-			/*
-			 * check if the buffer we're changing is chained in-
-			 * between other buffers and unlink/relink as required.
-			 */
-			(void) unlinkb(mt);	/* should return 'm' */
-			m1 = unlinkb(m);
-			if (m1)
-				linkb(m2, m1);
-			freemsg(m);
-			linkb(mt, m2);
-		} else {
-			if (m == mt) {
-				m1 = unlinkb(mt);
-				if (m1)
-					linkb(m2, m1);
-			}
-			freemsg(mt);
-			*mp = m2;
-			mt = m2;
-		}
-
-		frstats[out].fr_pull[0]++;
-		synced = 1;
-		off = 0;
-		goto tryagain;
-	}
-
-	if (((sap == 0) && (ip->ip_v != IP_VERSION))
-#if SOLARIS2 >= 8
-	    || ((sap == IP6_DL_SAP) && ((ip6->ip6_vfc >> 4) != 6))
-#endif
-	) {
-		m->b_rptr -= off;
-		return -2;
-	}
-
-#ifndef	sparc
-# if SOLARIS2 >= 8
-	if (sap == IP6_DL_SAP) {
-		ip6->ip6_plen = plen - sizeof(*ip6);
-	} else {
-# endif
-		__ipoff = (u_short)ip->ip_off;
-
-		ip->ip_len = plen;
-		ip->ip_off = ntohs(__ipoff);
-# if SOLARIS2 >= 8
-	}
-# endif
-#endif
-	if (sap == 0)
-		iphlen = ip->ip_hl << 2;
-#if SOLARIS2 >= 8
-	else if (sap == IP6_DL_SAP)
-		iphlen = sizeof(ip6_t);
-#endif
-
-	if ((
-#if SOLARIS2 >= 8
-	     (sap == IP6_DL_SAP) && (mlen < plen)) ||
-	    ((sap == 0) &&
-#endif
-	     ((iphlen < hlen) || (iphlen > plen) || (mlen < plen)))) {
-		/*
-		 * Bad IP packet or not enough data/data length mismatches
-		 */
-#ifndef	sparc
-# if SOLARIS2 >= 8
-		if (sap == IP6_DL_SAP) {
-			ip6->ip6_plen = htons(plen - sizeof(*ip6));
-		} else {
-# endif
-			__ipoff = (u_short)ip->ip_off;
-
-			ip->ip_len = htons(plen);
-			ip->ip_off = htons(__ipoff);
-# if SOLARIS2 >= 8
-		}
-# endif
-#endif
-		m->b_rptr -= off;
-		frstats[out].fr_bad++;
-		return -1;
-	}
-
-	/*
-	 * Make hlen the total size of the IP header plus TCP/UDP/ICMP header
-	 * (if it is one of these three).
-	 */
-	if (sap == 0)
-		p = ip->ip_p;
-#if SOLARIS2 >= 8
-	else if (sap == IP6_DL_SAP)
-		p = ip6->ip6_nxt;
-
-	if ((sap == IP6_DL_SAP) || ((ip->ip_off & IP_OFFMASK) == 0))
-#else
-	if ((ip->ip_off & IP_OFFMASK) == 0)
-#endif
-		switch (p)
-		{
-		case IPPROTO_TCP :
-			hlen += sizeof(tcphdr_t);
-			break;
-		case IPPROTO_UDP :
-			hlen += sizeof(udphdr_t);
-			break;
-		case IPPROTO_ICMP :
-			/* 76 bytes is enough for a complete ICMP error. */
-			hlen += 76 + sizeof(icmphdr_t);
-			break;
-		default :
-			break;
-		}
-
-	woff = 0;
-	if (hlen > mlen) {
-		hlen = mlen;
-	} else if (m->b_wptr - m->b_rptr > plen) {
-		woff = m->b_wptr - m->b_rptr - plen;
-		m->b_wptr -= woff;
-	}
-
-	/*
-	 * If we don't have enough data in the mblk or we haven't yet copied
-	 * enough (above), then copy some more.
-	 */
-	if ((hlen > len)) {
-		if (!pullupmsg(m, (int)hlen)) {
-			cmn_err(CE_NOTE, "pullupmsg failed");
-			frstats[out].fr_pull[1]++;
-			return -1;
-		}
-		frstats[out].fr_pull[0]++;
-		ip = (ip_t *)ALIGN32(m->b_rptr);
-	}
-	qif->qf_m = m;
-	qif->qf_q = q;
-	qif->qf_off = off;
-	qif->qf_len = len;
-	err = fr_check(ip, iphlen, qif->qf_ill, out, qif, mp);
-	if (err == 2) {
-		goto fixalign;
-	}
-	/*
-	 * Copy back the ip header data if it was changed, we haven't yet
-	 * freed the message and we aren't going to drop the packet.
-	 * BUT only do this if there were no changes to the buffer, else
-	 * we can't be sure that the ip pointer is still correct!
-	 */
-	if (*mp != NULL) {
-		if (*mp == mt) {
-			m->b_wptr += woff;
-			m->b_rptr -= off;
-#ifndef	sparc
-# if SOLARIS2 >= 8
-			if (sap == IP6_DL_SAP) {
-				ip6->ip6_plen = htons(plen - sizeof(*ip6));
-			} else {
-# endif
-				__ipoff = (u_short)ip->ip_off;
-				/*
-				 * plen is useless because of NAT.
-				 */
-				ip->ip_len = htons(ip->ip_len);
-				ip->ip_off = htons(__ipoff);
-# if SOLARIS2 >= 8
-			}
-# endif
-#endif
-		} else
-			cmn_err(CE_NOTE,
-				"!IP Filter: *mp %p mt %p %s", *mp, mt,
-				"mblk changed, cannot revert ip_len, ip_off");
-	}
-	return err;
-}
-
-
-/*
- * Only called for M_IOCACK messages
- */
-void fr_qif_update(qif, mp)
-qif_t *qif;
-mblk_t *mp;
-{
-	struct iocblk *iocp;
-
-	if (!qif || !mp)
-		return;
-	iocp = (struct iocblk *)mp->b_rptr;
-	if (mp->b_cont && (iocp->ioc_cmd == DL_IOC_HDR_INFO)) {
-		mp = mp->b_cont;
-		if (MTYPE(mp) == M_PROTO && mp->b_cont) {
-			mp = mp->b_cont;
-			if (MTYPE(mp) == M_DATA) {
-				qif->qf_hl = mp->b_wptr - mp->b_rptr;
-			}
-		}
-	}
-}
-
-
-int fr_qin(q, mb)
-queue_t *q;
-mblk_t *mb;
-{
-	int (*pnext) __P((queue_t *, mblk_t *)), type, synced = 0, err = 0;
-	qif_t qf, *qif;
-
-#ifdef	IPFDEBUG_VERBOSE
-	if (ipf_debug_verbose)
-		cmn_err(CE_CONT,
-			"fr_qin(%lx,%lx) ptr %lx type 0x%x ref %d len %d\n",
-			q, q->q_ptr, mb, MTYPE(mb), mb->b_datap->db_ref,
-			msgdsize(mb));
-#endif
-
-	/*
-	 * IPFilter is still in the packet path but not enabled.  Drop whatever
-	 * it is that has come through.
-	 */
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-
-	type = MTYPE(mb);
-
-	/*
-	 * If a mblk has more than one reference, make a copy, filter that and
-	 * free a reference to the original.
-	 */
-	if (mb->b_datap->db_ref > 1) {
-		mblk_t *m1;
-
-		m1 = copymsg(mb);
-		if (!m1) {
-			frstats[0].fr_drop++;
-			mb->b_prev = NULL;
-			freemsg(mb);
-			return 0;
-		}
-		mb->b_prev = NULL;
-		freemsg(mb);
-		mb = m1;
-		frstats[0].fr_copy++;
-	}
-
-	READ_ENTER(&ipf_solaris);
-again:
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-	READ_ENTER(&ipfs_mutex);
-	if (!(qif = qif_from_queue(q))) {
-		for (qif = qif_head; qif; qif = qif->qf_next)
-			if (&qif->qf_rqinit == q->q_qinfo && qif->qf_rqinfo &&
-					qif->qf_rqinfo->qi_putp) {
-				pnext = qif->qf_rqinfo->qi_putp;
-				frstats[0].fr_notip++;
-				RWLOCK_EXIT(&ipfs_mutex);
-				if (!synced) {
-					ipfsync();
-					synced = 1;
-					goto again;
-				}
-				RWLOCK_EXIT(&ipf_solaris);
-				/* fr_donotip(0, NULL, q, mb, mb, NULL, 0); */
-				return (*pnext)(q, mb);
-			}
-		RWLOCK_EXIT(&ipfs_mutex);
-		if (!synced) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		cmn_err(CE_WARN,
-			"!IP Filter: dropped: fr_qin(%x,%x): type %x qif %x",
-			q, mb, type, qif);
-		cmn_err(CE_CONT,
-			"!IP Filter: info %x next %x ptr %x fsrv %x bsrv %x\n",
-			q->q_qinfo, q->q_next, q->q_ptr, q->q_nfsrv,
-			q->q_nbsrv);
-		cmn_err(CE_CONT, "!IP Filter: info: putp %x srvp %x info %x\n",
-			q->q_qinfo->qi_putp, q->q_qinfo->qi_srvp,
-#if SOLARIS > 3
-			q->q_qinfo->qi_infop
-#else
-			0
-#endif
-			);
-		frstats[0].fr_drop++;
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-
-	qif->qf_incnt++;
-	pnext = qif->qf_rqinfo->qi_putp;
-	if (type == M_IOCACK)
-		fr_qif_update(qif, mb);
-	bcopy((char *)qif, (char *)&qf, sizeof(qf));
-	if (datamsg(type) || (type == M_BREAK))
-		err = fr_precheck(&mb, q, &qf, 0);
-
-	RWLOCK_EXIT(&ipfs_mutex);
-
-	if ((err == 0) && (mb != NULL)) {
-		if (pnext) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-
-		cmn_err(CE_WARN,
-			"!IP Filter: inp NULL: qif %x %s q %x info %x",
-			qif, qf.qf_name, q, q->q_qinfo);
-	}
-
-	if (err == -2) {
-		if (synced == 0) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		frstats[0].fr_notip++;
-		if (!(fr_flags & FF_BLOCKNONIP) && (pnext != NULL)) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-	}
-	
-
-	if (mb) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-	}
-	RWLOCK_EXIT(&ipf_solaris);
-	return 1;
-}
-
-
-int fr_qout(q, mb)
-queue_t *q;
-mblk_t *mb;
-{
-	int (*pnext) __P((queue_t *, mblk_t *)), type, synced = 0, err = 0;
-	qif_t qf, *qif;
-
-#ifdef	IPFDEBUG_VERBOSE
-	if (ipf_debug_verbose)
-		cmn_err(CE_CONT,
-			"fr_qout(%lx,%lx) ptr %lx type 0x%x ref %d len %d\n",
-			q, q->q_ptr, mb, MTYPE(mb), mb->b_datap->db_ref,
-			msgdsize(mb));
-#endif
-
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-
-	type = MTYPE(mb);
-
-#if SOLARIS2 >= 6
-	if ((!dohwcksum || mb->b_ick_flag != ICK_VALID) &&
-	    (mb->b_datap->db_ref > 1))
-#else
-	if (mb->b_datap->db_ref > 1)
-#endif
-	{
-		mblk_t *m1;
-
-		m1 = copymsg(mb);
-		if (!m1) {
-			frstats[1].fr_drop++;
-			mb->b_prev = NULL;
-			freemsg(mb);
-			return 0;
-		}
-		mb->b_prev = NULL;
-		freemsg(mb);
-		mb = m1;
-		frstats[1].fr_copy++;
-	}
-
-	READ_ENTER(&ipf_solaris);
-again:
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-	READ_ENTER(&ipfs_mutex);
-	if (!(qif = qif_from_queue(q))) {
-		for (qif = qif_head; qif; qif = qif->qf_next)
-			if (&qif->qf_wqinit == q->q_qinfo && qif->qf_wqinfo &&
-					qif->qf_wqinfo->qi_putp) {
-				pnext = qif->qf_wqinfo->qi_putp;
-				RWLOCK_EXIT(&ipfs_mutex);
-				frstats[1].fr_notip++;
-				if (!synced) {
-					ipfsync();
-					synced = 1;
-					goto again;
-				}
-				/* fr_donotip(1, NULL, q, mb, mb, NULL, 0); */
-				RWLOCK_EXIT(&ipf_solaris);
-				return (*pnext)(q, mb);
-			}
-		RWLOCK_EXIT(&ipfs_mutex);
-		if (!synced) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		cmn_err(CE_WARN,
-			"!IP Filter: dropped: fr_qout(%x,%x): type %x: qif %x",
-			q, mb, type, qif);
-		cmn_err(CE_CONT,
-			"!IP Filter: info %x next %x ptr %x fsrv %x bsrv %x\n",
-			q->q_qinfo, q->q_next, q->q_ptr, q->q_nfsrv,
-			q->q_nbsrv);
-		cmn_err(CE_CONT, "!IP Filter: info: putp %x srvp %x info %x\n",
-			q->q_qinfo->qi_putp, q->q_qinfo->qi_srvp,
-#if SOLARIS > 3
-			q->q_qinfo->qi_infop
-#else
-			0
-#endif
-			);
-		if (q->q_nfsrv)
-			cmn_err(CE_CONT,
-				"!IP Filter: nfsrv: info %x next %x ptr %x\n",
-				q->q_nfsrv->q_qinfo, q->q_nfsrv->q_next,
-				q->q_nfsrv->q_ptr);
-		if (q->q_nbsrv)
-			cmn_err(CE_CONT,
-				"!IP Filter: nbsrv: info %x next %x ptr %x\n",
-				q->q_nbsrv->q_qinfo, q->q_nbsrv->q_next,
-				q->q_nbsrv->q_ptr);
-		frstats[1].fr_drop++;
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-
-	qif->qf_outcnt++;
-	pnext = qif->qf_wqinfo->qi_putp;
-	if (type == M_IOCACK)
-		fr_qif_update(qif, mb);
-	bcopy((char *)qif, (char *)&qf, sizeof(qf));
-	if (datamsg(type) || (type == M_BREAK))
-		err = fr_precheck(&mb, q, &qf, 1);
-
-	RWLOCK_EXIT(&ipfs_mutex);
-
-	if ((err == 0) && (mb != NULL)) {
-		if (pnext) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-
-		cmn_err(CE_WARN,
-			"!IP Filter: outp NULL: qif %x %s q %x info %x",
-			qif, qf.qf_name, q, q->q_qinfo);
-	}
-
-	if (err == -2) {
-		if (synced == 0) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		frstats[1].fr_notip++;
-		if (!(fr_flags & FF_BLOCKNONIP) && (pnext != NULL)) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-	}
-
-	if (mb) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-	}
-	RWLOCK_EXIT(&ipf_solaris);
-	return 1;
-}
-
-
-void ipf_synctimeout(arg)
-void *arg;
-{
-	if (fr_running < 0)
-		return;
-	READ_ENTER(&ipf_solaris);
-	ipfsync();
-	WRITE_ENTER(&ipfs_mutex);
-	synctimeoutid = 0;
-	RWLOCK_EXIT(&ipfs_mutex);
-	RWLOCK_EXIT(&ipf_solaris);
-}
-
-
-static int ipf_ip_qin(q, mb)
-queue_t *q;
-mblk_t *mb;
-{
-	struct iocblk *ioc;
-	int ret;
-
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-
-	if (MTYPE(mb) != M_IOCTL)
-		return (*ipf_ip_inp)(q, mb);
-
-	READ_ENTER(&ipf_solaris);
-	if (fr_running <= 0) {
-		RWLOCK_EXIT(&ipf_solaris);
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-	ioc = (struct iocblk *)mb->b_rptr;
-
-	switch (ioc->ioc_cmd)
-	{
-	case DL_IOC_HDR_INFO:
-		fr_qif_update(qif_from_queue(q), mb);
-		break;
-	case I_LINK:
-	case I_UNLINK:
-	case SIOCSIFADDR:
-	case SIOCSIFFLAGS:
-#ifdef	IPFDEBUG
-		if (ipf_debug)
-			cmn_err(CE_NOTE,
-				"IP Filter: ipf_ip_qin() M_IOCTL type=0x%x",
-				ioc->ioc_cmd);
-#endif
-		WRITE_ENTER(&ipfs_mutex);
-		if (synctimeoutid == 0) {
-			synctimeoutid = timeout(ipf_synctimeout,
-						NULL,
-						drv_usectohz(1000000) /*1 sec*/
-					);
-		}
-		RWLOCK_EXIT(&ipfs_mutex);
-		break;
-	default:
-		break;
-	}
-	RWLOCK_EXIT(&ipf_solaris);
-	return (*ipf_ip_inp)(q, mb);
-}
-
-static int ipdrvattcnt = 0;
-extern struct streamtab ipinfo;
-
-void solipdrvattach()
-{
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: solipdrvattach() %d ipinfo=0x%lx",
-			ipdrvattcnt, &ipinfo);
-#endif
-
-	if (++ipdrvattcnt == 1) {
-		if (ipf_ip_inp == NULL) {
-			ipf_ip_inp = ipinfo.st_wrinit->qi_putp;
-			ipinfo.st_wrinit->qi_putp = ipf_ip_qin;
-		}
-	}
-}
-
-int solipdrvdetach()
-{
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: solipdrvdetach() %d ipinfo=0x%lx",
-			ipdrvattcnt, &ipinfo);
-#endif
-
-	WRITE_ENTER(&ipfs_mutex);
-	if (--ipdrvattcnt <= 0) {
-		if (ipf_ip_inp && (ipinfo.st_wrinit->qi_putp == ipf_ip_qin)) {
-			ipinfo.st_wrinit->qi_putp = ipf_ip_inp;
-			ipf_ip_inp = NULL;
-		}
-		if (synctimeoutid) {
-			untimeout(synctimeoutid);
-			synctimeoutid = 0;
-		}
-	}
-	RWLOCK_EXIT(&ipfs_mutex);
-	return ipdrvattcnt;
-}
-
-/*
- * attach the packet filter to each interface that is defined as having an
- * IP address associated with it and save some of the info. for that struct
- * so we're not out of date as soon as the ill disappears - but we must sync
- * to be correct!
- */
-void solattach()
-{
-	queue_t *in, *out;
-	struct frentry *f;
-	qif_t *qif, *qf2;
-	ipnat_t *np;
-	size_t len;
-	ill_t *il;
-
-	for (il = ill_g_head; il; il = il->ill_next) {
-		in = il->ill_rq;
-		if (!in || !il->ill_wq)
-			continue;
-
-		out = il->ill_wq->q_next;
-
-		WRITE_ENTER(&ipfs_mutex);
-		/*
-		 * Look for entry already setup for this device
-		 */
-		for (qif = qif_head; qif; qif = qif->qf_next)
-			if (qif->qf_iptr == in->q_ptr &&
-			    qif->qf_optr == out->q_ptr)
-				break;
-		if (qif) {
-			RWLOCK_EXIT(&ipfs_mutex);
-			continue;
-		}
-#ifdef	IPFDEBUGX
-		if (ipf_debug)
-		cmn_err(CE_NOTE,
-			"IP Filter: il %x ipt %x opt %x ipu %x opu %x i %x/%x",
-			il, in->q_ptr,  out->q_ptr, in->q_qinfo->qi_putp,
-			out->q_qinfo->qi_putp, out->q_qinfo, in->q_qinfo);
-#endif
-		KMALLOC(qif, qif_t *);
-		if (!qif) {
-			cmn_err(CE_WARN,
-				"IP Filter: malloc(%d) for qif_t failed",
-				sizeof(qif_t));
-			RWLOCK_EXIT(&ipfs_mutex);
-			continue;
-		}
-
-		if (in->q_qinfo->qi_putp == fr_qin) {
-			for (qf2 = qif_head; qf2; qf2 = qf2->qf_next)
-				if (&qf2->qf_rqinit == in->q_qinfo) {
-					qif->qf_rqinfo = qf2->qf_rqinfo;
-					break;
-				}
-			if (!qf2) {
-#ifdef	IPFDEBUGX
-				if (ipf_debug)
-				cmn_err(CE_WARN,
-					"IP Filter: rq:%s put %x qi %x",
-					il->ill_name, in->q_qinfo->qi_putp,
-					in->q_qinfo);
-#endif
-				RWLOCK_EXIT(&ipfs_mutex);
-				KFREE(qif);
-				continue;
-			}
-		} else
-			qif->qf_rqinfo = in->q_qinfo;
-
-		if (out->q_qinfo->qi_putp == fr_qout) {
-			for (qf2 = qif_head; qf2; qf2 = qf2->qf_next)
-				if (&qf2->qf_wqinit == out->q_qinfo) {
-					qif->qf_wqinfo = qf2->qf_wqinfo;
-					break;
-				}
-			if (!qf2) {
-#ifdef	IPFDEBUGX
-				if (ipf_debug)
-				cmn_err(CE_WARN,
-					"IP Filter: wq:%s put %x qi %x",
-					il->ill_name, out->q_qinfo->qi_putp,
-					out->q_qinfo);
-#endif
-				RWLOCK_EXIT(&ipfs_mutex);
-				KFREE(qif);
-				continue;
-			}
-		} else
-			qif->qf_wqinfo = out->q_qinfo;
-
-		qif->qf_ill = il;
-		qif->qf_in = in;
-		qif->qf_out = out;
-		qif->qf_iptr = in->q_ptr;
-		qif->qf_optr = out->q_ptr;
-#if SOLARIS2 < 8
-		qif->qf_hl = il->ill_hdr_length;
-#else
-		{
-		ire_t *ire;
-		mblk_t *m;
-
-		qif->qf_hl = 0;
-		qif->qf_sap = il->ill_sap;
-# if 0
-		/*
-		 * Can't seem to lookup a route for the IP address on the
-		 * interface itself.
-		 */
-		ire = ire_route_lookup(il->ill_ipif->ipif_lcl_addr, 0xffffffff,
-					0, 0, NULL, NULL, NULL,
-					MATCH_IRE_DSTONLY|MATCH_IRE_RECURSIVE);
-		if ((ire != NULL) && (m = ire->ire_fp_mp))
-			qif->qf_hl = m->b_wptr - m->b_rptr;
-# endif
-		if ((qif->qf_hl == 0) && (il->ill_type > 0) &&
-		    (il->ill_type < 0x37) &&
-		    (hdrsizes[il->ill_type][0] == il->ill_type))
-			qif->qf_hl = hdrsizes[il->ill_type][1];
-
-		/* DREADFUL VLAN HACK - JUST HERE TO CHECK IT WORKS */
-		if (il->ill_type == IFT_ETHER &&
-		    il->ill_name[0] == 'c' && il->ill_name[1] == 'e' &&
-		    isdigit(il->ill_name[2]) && il->ill_name_length >= 6) {
-			cmn_err(CE_NOTE, "VLAN HACK ENABLED");
-			qif->qf_hl += 4;
-		}
-		/* DREADFUL VLAN HACK - JUST HERE TO CHECK IT WORKS */
-
-		if (qif->qf_hl == 0 && il->ill_type != IFT_OTHER)
-			cmn_err(CE_WARN,
-				"Unknown layer 2 header size for %s type %d",
-				il->ill_name, il->ill_type);
-		}
-
-		/*
-		 * XXX Awful hack for PPP; fix when PPP/snoop fixed.
-		 */
-		if (il->ill_type == IFT_ETHER && !il->ill_bcast_addr_length)
-			qif->qf_hl = 0;
-#endif
-		strncpy(qif->qf_name, il->ill_name, sizeof(qif->qf_name));
-		qif->qf_name[sizeof(qif->qf_name) - 1] = '\0';
-
-		qif->qf_next = qif_head;
-		qif_head = qif;
-
-		/*
-		 * Activate any rules directly associated with this interface
-		 */
-		WRITE_ENTER(&ipf_mutex);
-		for (f = ipfilter[0][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-		for (f = ipfilter[1][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-#if SOLARIS2 >= 8
-		for (f = ipfilter6[0][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-		for (f = ipfilter6[1][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-#endif
-		RWLOCK_EXIT(&ipf_mutex);
-		WRITE_ENTER(&ipf_nat);
-		for (np = nat_list; np; np = np->in_next) {
-			if ((np->in_ifp == (struct ifnet *)-1)) {
-				len = strlen(np->in_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, np->in_ifname, len))
-					np->in_ifp = il;
-			}
-		}
-		RWLOCK_EXIT(&ipf_nat);
-
-		bcopy((caddr_t)qif->qf_rqinfo, (caddr_t)&qif->qf_rqinit,
-		      sizeof(struct qinit));
-		qif->qf_rqinit.qi_putp = fr_qin;
-#ifdef	IPFDEBUG
-		if (ipf_debug)
-			cmn_err(CE_NOTE,
-				"IP Filter: solattach: in queue(%lx)->q_qinfo FROM %lx TO %lx",
-				in, in->q_qinfo, &qif->qf_rqinit);
-#endif
-		in->q_qinfo = &qif->qf_rqinit;
-
-		bcopy((caddr_t)qif->qf_wqinfo, (caddr_t)&qif->qf_wqinit,
-		      sizeof(struct qinit));
-		qif->qf_wqinit.qi_putp = fr_qout;
-#ifdef	IPFDEBUG
-		if (ipf_debug)
-			cmn_err(CE_NOTE,
-				"IP Filter: solattach: out queue(%lx)->q_qinfo FROM %lx TO %lx",
-				out, out->q_qinfo, &qif->qf_wqinit);
-#endif
-		out->q_qinfo = &qif->qf_wqinit;
-
-		ire_walk(ipf_ire_walk, (char *)qif);
-		RWLOCK_EXIT(&ipfs_mutex);
-		cmn_err(CE_CONT, "IP Filter: attach to [%s,%d] - %s\n",
-			qif->qf_name, il->ill_ppa,
-#if SOLARIS2 >= 8
-			il->ill_isv6 ? "IPv6" : "IPv4"
-#else
-			"IPv4"
-#endif
-			);
-	}
-	if (!qif_head)
-		cmn_err(CE_CONT, "IP Filter: not attached to any interfaces\n");
-	return;
-}
-
-
-/*
- * look for bad consistancies between the list of interfaces the filter knows
- * about and those which are currently configured.
- */
-int ipfsync()
-{
-	register struct frentry *f;
-	register ipnat_t *np;
-	register qif_t *qif, **qp;
-	register ill_t *il;
-	queue_t *in, *out;
-
-	WRITE_ENTER(&ipfs_mutex);
-	for (qp = &qif_head; (qif = *qp); ) {
-		for (il = ill_g_head; il; il = il->ill_next)
-			if ((qif->qf_ill == il) &&
-			    !strcmp(qif->qf_name, il->ill_name)) {
-#if SOLARIS2 < 8
-				mblk_t	*m = il->ill_hdr_mp;
-
-				qif->qf_hl = il->ill_hdr_length;
-				if (m && qif->qf_hl != (m->b_wptr - m->b_rptr))
-					cmn_err(CE_NOTE,
-						"IP Filter: ILL Header Length Mismatch\n");
-#endif
-				break;
-			}
-		if (il) {
-			qp = &qif->qf_next;
-			continue;
-		}
-		cmn_err(CE_CONT, "IP Filter: detaching [%s] - %s\n",
-			qif->qf_name,
-#if SOLARIS2 >= 8
-			(qif->qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4"
-#else
-			"IPv4"
-#endif
-			);
-		*qp = qif->qf_next;
-
-		/*
-		 * Disable any rules directly associated with this interface
-		 */
-		WRITE_ENTER(&ipf_nat);
-		for (np = nat_list; np; np = np->in_next)
-			if (np->in_ifp == (void *)qif->qf_ill)
-				np->in_ifp = (struct ifnet *)-1;
-		RWLOCK_EXIT(&ipf_nat);
-		WRITE_ENTER(&ipf_mutex);
-		for (f = ipfilter[0][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-		for (f = ipfilter[1][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-#if SOLARIS2 >= 8
-		for (f = ipfilter6[0][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-		for (f = ipfilter6[1][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-#endif
-
-#if 0 /* XXX */
-		/*
-		 * As well as the ill disappearing when a device is unplumb'd,
-		 * it also appears that the associated queue structures also
-		 * disappear - at least in the case of ppp, which is the most
-		 * volatile here.  Thanks to Greg for finding this problem.
-		 */
-		/*
-		 * Restore q_qinfo pointers in interface queues
-		 */
-		out = qif->qf_out;
-		in = qif->qf_in;
-		if (in) {
-# ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: ipfsync: in queue(%lx)->q_qinfo FROM %lx TO %lx",
-					in, in->q_qinfo, qif->qf_rqinfo);
-# endif
-			in->q_qinfo = qif->qf_rqinfo;
-		}
-		if (out) {
-# ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: ipfsync: out queue(%lx)->q_qinfo FROM %lx TO %lx",
-					out, out->q_qinfo, qif->qf_wqinfo);
-# endif
-			out->q_qinfo = qif->qf_wqinfo;
-		}
-#endif /* XXX */
-		RWLOCK_EXIT(&ipf_mutex);
-		KFREE(qif);
-		qif = *qp;
-	}
-	RWLOCK_EXIT(&ipfs_mutex);
-	solattach();
-
-	frsync();
-	/*
-	 * Resync. any NAT `connections' using this interface and its IP #.
-	 */
-	for (il = ill_g_head; il; il = il->ill_next) {
-		ip_natsync((void *)il);
-		ip_statesync((void *)il);
-	}
-	return 0;
-}
-
-
-/*
- * unhook the IP filter from all defined interfaces with IP addresses
- */
-int soldetach()
-{
-	queue_t *in, *out;
-	qif_t *qif, **qp;
-	ill_t *il;
-
-	WRITE_ENTER(&ipfs_mutex);
-	/*
-	 * Make two passes, first get rid of all the unknown devices, next
-	 * unlink known devices.
-	 */
-	for (qp = &qif_head; (qif = *qp); ) {
-		for (il = ill_g_head; il; il = il->ill_next)
-			if (qif->qf_ill == il)
-				break;
-		if (il) {
-			qp = &qif->qf_next;
-			continue;
-		}
-		cmn_err(CE_CONT, "IP Filter: removing [%s]\n", qif->qf_name);
-		*qp = qif->qf_next;
-		KFREE(qif);
-	}
-
-	while ((qif = qif_head)) {
-		qif_head = qif->qf_next;
-		for (il = ill_g_head; il; il = il->ill_next)
-			if (qif->qf_ill == il)
-				break;
-		if (il) {
-			in = qif->qf_in;
-			out = qif->qf_out;
-			cmn_err(CE_CONT, "IP Filter: detaching [%s,%d] - %s\n",
-				qif->qf_name, il->ill_ppa,
-#if SOLARIS2 >= 8
-			(qif->qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4"
-#else
-			"IPv4"
-#endif
-			);
-
-#ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: soldetach: in queue(%lx)->q_qinfo FROM %lx TO %lx",
-					in, in->q_qinfo, qif->qf_rqinfo);
-#endif
-			in->q_qinfo = qif->qf_rqinfo;
-
-			/*
-			 * and the write queue...
-			 */
-#ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: soldetach: out queue(%lx)->q_qinfo FROM %lx TO %lx",
-					out, out->q_qinfo, qif->qf_wqinfo);
-#endif
-			out->q_qinfo = qif->qf_wqinfo;
-		}
-		KFREE(qif);
-	}
-	RWLOCK_EXIT(&ipfs_mutex);
-	return ipldetach();
-}
-
-
-#ifdef	IPFDEBUG
-void printire(ire)
-ire_t *ire;
-{
-	if (!ipf_debug)
-		return;
-	printf("ire: ll_hdr_mp %p rfq %p stq %p src_addr %x max_frag %d\n",
-# if SOLARIS2 >= 8
-		NULL,
-# else
-		ire->ire_ll_hdr_mp,
-# endif
-		ire->ire_rfq, ire->ire_stq,
-		ire->ire_src_addr, ire->ire_max_frag);
-	printf("ire: mask %x addr %x gateway_addr %x type %d\n",
-		ire->ire_mask, ire->ire_addr, ire->ire_gateway_addr,
-		ire->ire_type);
-	printf("ire: ll_hdr_length %d ll_hdr_saved_mp %p\n",
-		ire->ire_ll_hdr_length,
-# if SOLARIS2 >= 8
-		NULL
-# else
-		ire->ire_ll_hdr_saved_mp
-# endif
-		);
-}
-#endif
-
-
-int ipfr_fastroute(ip, mb, mpp, fin, fdp)
-ip_t *ip;
-mblk_t *mb, **mpp;
-fr_info_t *fin;
-frdest_t *fdp;
-{
-#ifdef	USE_INET6
-	ip6_t *ip6 = (ip6_t *)ip;
-#endif
-	ire_t *ir, *dir, *gw;
-	struct in_addr dst;
-	queue_t *q = NULL;
-	mblk_t *mp = NULL;
-	size_t hlen = 0;
-	frentry_t *fr;
-	frdest_t fd;
-	ill_t *ifp;
-	u_char *s;
-	qif_t *qf;
-	int p;
-
-#ifndef	sparc
-	u_short __iplen, __ipoff;
-#endif
-	qf = fin->fin_qif;
-
-	/*
-	 * If this is a duplicate mblk then we want ip to point at that
-	 * data, not the original, if and only if it is already pointing at
-	 * the current mblk data.
-	 */
-	if ((ip == (ip_t *)qf->qf_m->b_rptr) && (qf->qf_m != mb))
-		ip = (ip_t *)mb->b_rptr;
-
-	/*
-	 * If there is another M_PROTO, we don't want it
-	 */
-	if (*mpp != mb) {
-		mp = *mpp;
-		(void) unlinkb(mp);
-		mp = (*mpp)->b_cont;
-		(*mpp)->b_cont = NULL;
-		(*mpp)->b_prev = NULL;
-		freemsg(*mpp);
-		*mpp = mp;
-	}
-
-	if (!fdp) {
-		ipif_t *ipif;
-
-		ifp = fin->fin_ifp;
-		ipif = ifp->ill_ipif;
-		if (!ipif)
-			goto bad_fastroute;
-#if SOLARIS2 > 5
-		ir = ire_ctable_lookup(ipif->ipif_local_addr, 0, IRE_LOCAL,
-				       NULL, NULL, MATCH_IRE_TYPE);
-#else
-		ir = ire_lookup_myaddr(ipif->ipif_local_addr);
-#endif
-		if (!ir)
-			ir = (ire_t *)-1;
-
-		fd.fd_ifp = (struct ifnet *)ir;
-		fd.fd_ip = ip->ip_dst;
-		fdp = &fd;
-	}
-
-	ir = (ire_t *)fdp->fd_ifp;
-
-	if (fdp->fd_ip.s_addr)
-		dst = fdp->fd_ip;
-	else
-		dst.s_addr = fin->fin_fi.fi_daddr;
-
-#if SOLARIS2 >= 6
-	gw = NULL;
-	if (fin->fin_v == 4) {
-		p = ip->ip_p;
-		dir = ire_route_lookup(dst.s_addr, 0xffffffff, 0, 0, NULL,
-					&gw, NULL, MATCH_IRE_DSTONLY|
-					MATCH_IRE_DEFAULT|MATCH_IRE_RECURSIVE);
-	}
-# ifdef	USE_INET6
-	else if (fin->fin_v == 6) {
-		p = ip6->ip6_nxt;
-		dir = ire_route_lookup_v6(&ip6->ip6_dst, NULL, 0, 0,
-					NULL, &gw, NULL, MATCH_IRE_DSTONLY|
-					MATCH_IRE_DEFAULT|MATCH_IRE_RECURSIVE);
-	}
-# endif
-#else
-	dir = ire_lookup(dst.s_addr);
-#endif
-#if SOLARIS2 < 8
-	if (dir)
-		if (!dir->ire_ll_hdr_mp || !dir->ire_ll_hdr_length)
-			dir = NULL;
-#else
-	if (dir)
-		if (!dir->ire_fp_mp || !dir->ire_dlureq_mp)
-			dir = NULL;
-#endif
-
-	if (!ir)
-		ir = dir;
-
-	if (ir && dir) {
-		ifp = ire_to_ill(ir);
-		if (ifp == NULL)
-			goto bad_fastroute;
-		fr = fin->fin_fr;
-
-		/*
-		 * In case we're here due to "to <if>" being used with
-		 * "keep state", check that we're going in the correct
-		 * direction.
-		 */
-		if ((fr != NULL) && (fdp->fd_ifp != NULL) &&
-		    (fin->fin_rev != 0) && (fdp == &fr->fr_tif))
-			return 1;
-
-		fin->fin_ifp = ifp;
-		if (fin->fin_out == 0) {
-			fin->fin_fr = ipacct[1][fr_active];
-			if ((fin->fin_fr != NULL) &&
-			    (fr_scanlist(FR_NOMATCH, ip, fin, mb)&FR_ACCOUNT)){
-				ATOMIC_INCL(frstats[1].fr_acct);
-			}
-			fin->fin_fr = NULL;
-			if (!fr || !(fr->fr_flags & FR_RETMASK))
-				(void) fr_checkstate(ip, fin);
-			(void) ip_natout(ip, fin);
-		}
-#ifndef	sparc
-		if (fin->fin_v == 4) {
-			__iplen = (u_short)ip->ip_len,
-			__ipoff = (u_short)ip->ip_off;
-
-			ip->ip_len = htons(__iplen);
-			ip->ip_off = htons(__ipoff);
-		}
-#endif
-
-#if SOLARIS2 < 8
-		mp = dir->ire_ll_hdr_mp;
-		hlen = dir->ire_ll_hdr_length;
-#else
-		mp = dir->ire_fp_mp;
-		hlen = mp ? mp->b_wptr - mp->b_rptr : 0;
-		mp = dir->ire_dlureq_mp;
-#endif
-		if (mp != NULL) {
-			s = mb->b_rptr;
-			if (
-#if SOLARIS2 >= 6
-			    (dohwcksum &&
-			     ifp->ill_ick.ick_magic == ICK_M_CTL_MAGIC) ||
-#endif
-			    (hlen && (s - mb->b_datap->db_base) >= hlen)) {
-				s -= hlen;
-				mb->b_rptr = (u_char *)s;
-				bcopy((char *)mp->b_rptr, (char *)s, hlen);
-			} else {
-				mblk_t	*mp2;
-
-				mp2 = copyb(mp);
-				if (!mp2)
-					goto bad_fastroute;
-				linkb(mp2, mb);
-				mb = mp2;
-			}
-		}
-		*mpp = mb;
-
-		if (ir->ire_stq)
-			q = ir->ire_stq;
-		else if (ir->ire_rfq)
-			q = WR(ir->ire_rfq);
-		if (q) {
-			mb->b_prev = NULL;
-			mb->b_queue = q;
-			RWLOCK_EXIT(&ipfs_mutex);
-			RWLOCK_EXIT(&ipf_solaris);
-#if SOLARIS2 >= 6
-			if ((p == IPPROTO_TCP) && dohwcksum &&
-			    (ifp->ill_ick.ick_magic == ICK_M_CTL_MAGIC)) {
-				tcphdr_t *tcp;
-				u_32_t t;
-
-				tcp = (tcphdr_t *)((char *)ip + fin->fin_hlen);
-				t = ip->ip_src.s_addr;
-				t += ip->ip_dst.s_addr;
-				t += 30;
-				t = (t & 0xffff) + (t >> 16);
-				tcp->th_sum = t & 0xffff;
-			}
-#endif
-			putnext(q, mb);
-			READ_ENTER(&ipf_solaris);
-			READ_ENTER(&ipfs_mutex);
-			ipl_frouteok[0]++;
-			*mpp = NULL;
-			return 0;
-		}
-	}
-bad_fastroute:
-	mb->b_prev = NULL;
-	freemsg(mb);
-	ipl_frouteok[1]++;
-	*mpp = NULL;
-	return -1;
-}
-
-
-void copyout_mblk(m, off, len, buf)
-mblk_t *m;
-size_t off, len;
-char *buf;
-{
-	u_char *s, *bp = (u_char *)buf;
-	size_t mlen, olen, clen;
-
-	for (; m && len; m = m->b_cont) {
-		if (MTYPE(m) != M_DATA)
-			continue;
-		s = m->b_rptr;
-		mlen = m->b_wptr - s;
-		olen = MIN(off, mlen);
-		if ((olen == mlen) || (olen < off)) {
-			off -= olen;
-			continue;
-		} else if (olen) {
-			off -= olen;
-			s += olen;
-			mlen -= olen;
-		}
-		clen = MIN(mlen, len);
-		bcopy(s, bp, clen);
-		len -= clen;
-		bp += clen;
-	}
-}
-
-
-void copyin_mblk(m, off, len, buf)
-mblk_t *m;
-size_t off, len;
-char *buf;
-{
-	u_char *s, *bp = (u_char *)buf;
-	size_t mlen, olen, clen;
-
-	for (; m && len; m = m->b_cont) {
-		if (MTYPE(m) != M_DATA)
-			continue;
-		s = m->b_rptr;
-		mlen = m->b_wptr - s;
-		olen = MIN(off, mlen);
-		if ((olen == mlen) || (olen < off)) {
-			off -= olen;
-			continue;
-		} else if (olen) {
-			off -= olen;
-			s += olen;
-			mlen -= olen;
-		}
-		clen = MIN(mlen, len);
-		bcopy(bp, s, clen);
-		len -= clen;
-		bp += clen;
-	}
-}
-
-
-int fr_verifysrc(ipa, ifp)
-struct in_addr ipa;
-void *ifp;
-{
-	ire_t *ir, *dir, *gw;
-
-#if SOLARIS2 >= 6
-	dir = ire_route_lookup(ipa.s_addr, 0xffffffff, 0, 0, NULL, &gw, NULL,
-				MATCH_IRE_DSTONLY|MATCH_IRE_DEFAULT|
-				MATCH_IRE_RECURSIVE);
-#else
-	dir = ire_lookup(ipa.s_addr);
-#endif
-
-	if (!dir)
-		return 0;
-	return (ire_to_ill(dir) == ifp);
-}