Firewall can be used as lkm module.To use it

firewall should *NOT* be compiled into kernel.
Then it can  be loaded.This is misc module but i'v
got no problemms with it,so shouldn't you i suppose..
BTW this is very stupid to have one module in CVS
for ALL lkm's...

2 files changed, 104 insertions, 0 deletions

diff --git a/lkm/ipfw/Makefile b/lkm/ipfw/Makefile
new file mode 100644
index 0000000..306055c
--- /dev/null
+++ b/lkm/ipfw/Makefile
@@ -0,0 +1,13 @@
+#	$Id: Makefile,v 1.1 1994/09/21 23:27:09 wollman Exp $
+
+.PATH:	${.CURDIR}/../../sys/netinet
+KMOD=	ipfw_mod
+SRCS=	ipfw_lkm.c ip_fw.c 
+NOMAN=
+CFLAGS+= -DIPFIREWALL  -DIPACCT
+#
+# If you want it verbose
+#CFLAGS+= -DIPFIREWALL_VERBOSE
+#
+
+.include <bsd.kmod.mk>
diff --git a/lkm/ipfw/ipfw_lkm.c b/lkm/ipfw/ipfw_lkm.c
new file mode 100644
index 0000000..cf8e081
--- /dev/null
+++ b/lkm/ipfw/ipfw_lkm.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1994 Ugen J.S.Antsilevich
+ *
+ * Redistribution and use in source forms, with and without modification,
+ * are permitted provided that this entire comment appears intact.
+ *
+ * Redistribution in binary form may occur without any restrictions.
+ * Obviously, it would be nice if you gave credit where credit is due
+ * but requiring it would be too onerous.
+ *
+ * This software is provided ``AS IS'' without any warranties of any kind.
+ */
+
+/*
+ * LKM init functions and stuff.
+ */
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/malloc.h>
+#include <sys/mbuf.h>
+#include <sys/domain.h>
+#include <sys/protosw.h>
+#include <sys/socket.h>
+#include <sys/errno.h>
+#include <sys/time.h> 
+#include <sys/kernel.h>
+#include <sys/conf.h>
+#include <sys/exec.h>
+#include <sys/sysent.h>
+#include <sys/lkm.h>
+
+#include <net/if.h>
+#include <net/route.h>
+
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/ip_fw.h>
+
+MOD_MISC("ipfw_mod")
+
+ipfw_load(struct lkm_table *lkmtp, int cmd)
+{
+int s=splnet();
+#ifdef IPFIREWALL
+	if (ip_fw_chk_ptr!=NULL || ip_fw_ctl_ptr!=NULL) {
+		uprintf("IpFw/IpAcct already loaded.\n");
+		return 1;
+	}
+#endif
+#ifdef IPACCT
+	if (ip_acct_cnt_ptr!=NULL || ip_acct_ctl_ptr!=NULL) {
+		uprintf("IpFw/IpAcct already loaded.\n");
+		return 1;
+	}
+#endif
+#ifdef IPFIREWALL
+	ip_fw_chk_ptr=&ip_fw_chk;
+	ip_fw_ctl_ptr=&ip_fw_ctl;
+#endif
+#ifdef IPACCT
+	ip_acct_cnt_ptr=&ip_acct_cnt;
+	ip_acct_ctl_ptr=&ip_acct_ctl;
+#endif
+	uprintf("IpFw/IpAcct 1994(c) Ugen J.S.Antsilevich\n");
+	splx(s);
+	return 0;
+}
+
+ipfw_unload(struct lkm_table *lkmtp, int cmd)
+{
+int s=splnet();
+#ifdef IPFIREWALL
+	ip_fw_ctl_ptr=NULL;
+ 	ip_fw_chk_ptr=NULL;	
+#endif
+#ifdef IPACCT
+	ip_acct_ctl_ptr=NULL;
+	ip_acct_cnt_ptr=NULL;
+#endif
+	uprintf("IpFw/IpAcct removed.\n");
+	splx(s);
+	return 0;
+}
+
+ipfw_init(struct lkm_table *lkmtp, int cmd, int ver)
+{
+	DISPATCH(lkmtp, cmd, ver, ipfw_load, ipfw_unload, nosys);
+}
+