This commit was manufactured by cvs2svn to create branch

'VENDOR-sys-ipfilter'.

3 files changed, 612 insertions, 0 deletions

diff --git a/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c b/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c
new file mode 100644
index 0000000..b76eea5
--- /dev/null
+++ b/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c
@@ -0,0 +1,274 @@
+/*
+ * $Id$
+ * $FreeBSD$
+ */
+#if SOLARIS && defined(_KERNEL)
+extern	kmutex_t	ipf_rw;
+#endif
+
+#define	IPF_RAUDIO_PROXY
+
+
+int ippr_raudio_init __P((void));
+int ippr_raudio_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_raudio_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_raudio_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+
+static	frentry_t	raudiofr;
+
+
+/*
+ * Real Audio application proxy initialization.
+ */
+int ippr_raudio_init()
+{
+	bzero((char *)&raudiofr, sizeof(raudiofr));
+	raudiofr.fr_ref = 1;
+	raudiofr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
+	return 0;
+}
+
+
+/*
+ * Setup for a new proxy to handle Real Audio.
+ */
+int ippr_raudio_new(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+	raudio_t *rap;
+
+
+	KMALLOCS(aps->aps_data, void *, sizeof(raudio_t));
+	if (aps->aps_data != NULL) {
+		bzero(aps->aps_data, sizeof(raudio_t));
+		rap = aps->aps_data;
+		aps->aps_psiz = sizeof(raudio_t);
+		rap->rap_mode = RAP_M_TCP;	/* default is for TCP */
+	}
+	return 0;
+}
+
+
+
+int ippr_raudio_out(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+	char membuf[512 + 1], *s;
+	int off, dlen, inc = 0;
+	tcphdr_t *tcp, tcph, *tcp2 = &tcph;
+	raudio_t *rap = aps->aps_data;
+	u_short sp, dp, id = 0;
+	struct in_addr swip;
+	fr_info_t fi;
+	int len = 0;
+	nat_t *ipn;
+	mb_t *m;
+#if	SOLARIS
+	mb_t *m1;
+#endif
+
+	/*
+	 * If we've already processed the start messages, then nothing left
+	 * for the proxy to do.
+	 */
+	if (rap->rap_eos == 1)
+		return 0;
+
+	tcp = (tcphdr_t *)fin->fin_dp;
+	off = (ip->ip_hl << 2) + (tcp->th_off << 2);
+	bzero(membuf, sizeof(membuf));
+#if	SOLARIS
+	m = fin->fin_qfm;
+
+	dlen = msgdsize(m) - off;
+	if (dlen <= 0)
+		return 0;
+	copyout_mblk(m, off, MIN(sizeof(membuf), dlen), membuf);
+#else
+	m = *(mb_t **)fin->fin_mp;
+
+	dlen = mbufchainlen(m) - off;
+	if (dlen <= 0)
+		return 0;
+	m_copydata(m, off, MIN(sizeof(membuf), dlen), membuf);
+#endif
+	/*
+	 * In all the startup parsing, ensure that we don't go outside
+	 * the packet buffer boundary.
+	 */
+	/*
+	 * Look for the start of connection "PNA" string if not seen yet.
+	 */
+	if (rap->rap_seenpna == 0) {
+		s = memstr("PNA", membuf, 3, dlen);
+		if (s == NULL)
+			return 0;
+		s += 3;
+		rap->rap_seenpna = 1;
+	} else
+		s = membuf;
+
+	/*
+	 * Directly after the PNA will be the version number of this
+	 * connection.
+	 */
+	if (rap->rap_seenpna == 1 && rap->rap_seenver == 0) {
+		if ((s + 1) - membuf < dlen) {
+			rap->rap_version = (*s << 8) | *(s + 1);
+			s += 2;
+			rap->rap_seenver = 1;
+		} else
+			return 0;
+	}
+
+	/*
+	 * Now that we've been past the PNA and version number, we're into the
+	 * startup messages block.  This ends when a message with an ID of 0.
+	 */
+	while ((rap->rap_eos == 0) && ((s + 1) - membuf < dlen)) {
+		if (rap->rap_gotid == 0) {
+			id = (*s << 8) | *(s + 1);
+			s += 2;
+			rap->rap_gotid = 1;
+			if (id == RA_ID_END) {
+				rap->rap_eos = 1;
+				break;
+			}
+		} else if (rap->rap_gotlen == 0) {
+			len = (*s << 8) | *(s + 1);
+			s += 2;
+			rap->rap_gotlen = 1;
+		}
+
+		if (rap->rap_gotid == 1 && rap->rap_gotlen == 1) {
+			if (id == RA_ID_UDP) {
+				rap->rap_mode &= ~RAP_M_TCP;
+				rap->rap_mode |= RAP_M_UDP;
+				rap->rap_plport = (*s << 8) | *(s + 1);
+			} else if (id == RA_ID_ROBUST) {
+				rap->rap_mode |= RAP_M_ROBUST;
+				rap->rap_prport = (*s << 8) | *(s + 1);
+			}
+			s += len;
+			rap->rap_gotlen = 0;
+			rap->rap_gotid = 0;
+		}
+	}
+
+	/*
+	 * Wait until we've seen the end of the start messages and even then
+	 * only proceed further if we're using UDP.
+	 */
+	if ((rap->rap_eos == 0) || ((rap->rap_mode & RAP_M_UDP) != RAP_M_UDP))
+		return 0;
+	sp = rap->rap_plport;
+	dp = 0;
+
+	bcopy((char *)fin, (char *)&fi, sizeof(fi));
+	bzero((char *)tcp2, sizeof(*tcp2));
+	tcp2->th_sport = htons(sp);
+	tcp2->th_dport = 0; /* XXX - don't specify remote port */
+	tcp2->th_win = htons(8192);
+	fi.fin_dp = (char *)tcp2;
+	fi.fin_data[0] = sp;
+	fi.fin_data[1] = 0;
+	fi.fin_fr = &raudiofr;
+	swip = ip->ip_src;
+	ip->ip_src = nat->nat_inip;
+	ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT, NAT_OUTBOUND);
+	if (ipn != NULL) {
+		ipn->nat_age = fr_defnatage;
+		(void) fr_addstate(ip, &fi, FI_W_DPORT);
+	}
+	ip->ip_src = swip;
+
+	if ((rap->rap_mode & RAP_M_UDP_ROBUST) == RAP_M_UDP_ROBUST) {
+		sp = rap->rap_prport;
+	}
+	return inc;
+}
+
+
+int ippr_raudio_in(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+	char membuf[IPF_MAXPORTLEN + 1], *s;
+	int off, dlen;
+	raudio_t *rap = aps->aps_data;
+	u_int a1, a2, a3, a4;
+	tcphdr_t *tcp;
+	tcp_seq seq;
+	mb_t *m;
+#if	SOLARIS
+	mb_t *m1;
+#endif
+
+	if ((rap->rap_sdone != 0) ||
+	    ((rap->rap_mode & RAP_M_UDP_ROBUST) != RAP_M_UDP_ROBUST))
+		return 0;
+
+	tcp = (tcphdr_t *)fin->fin_dp;
+	off = (ip->ip_hl << 2) + (tcp->th_off << 2);
+	m = *(mb_t **)fin->fin_mp;
+
+#if	SOLARIS
+	m = fin->fin_qfm;
+
+	dlen = msgdsize(m) - off;
+	if (dlen <= 0)
+		return 0;
+	bzero(membuf, sizeof(membuf));
+	copyout_mblk(m, off, MIN(sizeof(membuf), dlen), membuf);
+#else
+	dlen = mbufchainlen(m) - off;
+	if (dlen <= 0)
+		return 0;
+	bzero(membuf, sizeof(membuf));
+	m_copydata(m, off, MIN(sizeof(membuf), dlen), membuf);
+#endif
+
+	seq = ntohl(tcp->th_seq);
+	/*
+	 * Check to see if the data in this packet is of interest to us.
+	 * We only care for the first 19 bytes coming back from the server.
+	 */
+	if (rap->rap_sseq == 0) {
+		s = memstr("PNA", membuf, 3, dlen);
+		if (s == NULL)
+			return 0;
+		a1 = s - membuf;
+		dlen -= a1;
+		a1 = 0;
+		rap->rap_sseq = seq;
+		a2 = MIN(dlen, sizeof(rap->rap_svr));
+	} else if (seq <= rap->rap_sseq + sizeof(rap->rap_svr)) {
+		/*
+		 * seq # which is the start of data and from that the offset
+		 * into the buffer array.
+		 */
+		a1 = seq - rap->rap_sseq;
+		a2 = MIN(dlen, sizeof(rap->rap_svr));
+		a2 -= a1;
+		s = membuf;
+	} else
+		return 0;
+
+	for (a3 = a1, a4 = a2; a4 > 0; a4--, a3++) {
+		rap->rap_sbf |= (1 << a3);
+		rap->rap_svr[a3] = *s++;
+	}
+	if (rap->rap_sbf == 0x7ffff) {		/* 19 bits */
+		s = rap->rap_svr + 13;
+		rap->rap_srport = (*s << 8) | *(s + 1);
+	}
+	return 0;
+}
diff --git a/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c b/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c
new file mode 100644
index 0000000..f9dc5b3
--- /dev/null
+++ b/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c
@@ -0,0 +1,160 @@
+/*
+ * $Id$
+ * $FreeBSD$
+ */
+/*
+ * Simple RCMD transparent proxy for in-kernel use.  For use with the NAT
+ * code.
+ */
+#if SOLARIS && defined(_KERNEL)
+extern	kmutex_t	ipf_rw;
+#endif
+
+#define	isdigit(x)	((x) >= '0' && (x) <= '9')
+
+#define	IPF_RCMD_PROXY
+
+
+int ippr_rcmd_init __P((void));
+int ippr_rcmd_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+int ippr_rcmd_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+u_short ipf_rcmd_atoi __P((char *));
+int ippr_rcmd_portmsg __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
+
+static	frentry_t	rcmdfr;
+
+
+/*
+ * RCMD application proxy initialization.
+ */
+int ippr_rcmd_init()
+{
+	bzero((char *)&rcmdfr, sizeof(rcmdfr));
+	rcmdfr.fr_ref = 1;
+	rcmdfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
+	return 0;
+}
+
+
+/*
+ * Setup for a new RCMD proxy.
+ */
+int ippr_rcmd_new(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+	tcphdr_t *tcp = (tcphdr_t *)fin->fin_dp;
+
+	aps->aps_psiz = sizeof(u_32_t);
+	KMALLOCS(aps->aps_data, u_32_t *, sizeof(u_32_t));
+	if (aps->aps_data == NULL)
+		return -1;
+	*(u_32_t *)aps->aps_data = 0;
+	aps->aps_sport = tcp->th_sport;
+	aps->aps_dport = tcp->th_dport;
+	return 0;
+}
+
+
+/*
+ * ipf_rcmd_atoi - implement a simple version of atoi
+ */
+u_short ipf_rcmd_atoi(ptr)
+char *ptr;
+{
+	register char *s = ptr, c;
+	register u_short i = 0;
+
+	while ((c = *s++) && isdigit(c)) {
+		i *= 10;
+		i += c - '0';
+	}
+	return i;
+}
+
+
+int ippr_rcmd_portmsg(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+	char portbuf[8], *s;
+	struct in_addr swip;
+	u_short sp, dp;
+	int off, dlen;
+	tcphdr_t *tcp, tcph, *tcp2 = &tcph;
+	fr_info_t fi;
+	nat_t *ipn;
+	mb_t *m;
+#if	SOLARIS
+	mb_t *m1;
+#endif
+
+	tcp = (tcphdr_t *)fin->fin_dp;
+	off = (ip->ip_hl << 2) + (tcp->th_off << 2);
+	m = *(mb_t **)fin->fin_mp;
+
+#if	SOLARIS
+	m = fin->fin_qfm;
+
+	dlen = msgdsize(m) - off;
+	bzero(portbuf, sizeof(portbuf));
+	copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
+#else
+	dlen = mbufchainlen(m) - off;
+	bzero(portbuf, sizeof(portbuf));
+	m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
+#endif
+	if ((*(u_32_t *)aps->aps_data != 0) &&
+	    (tcp->th_seq != *(u_32_t *)aps->aps_data))
+		return 0;
+
+	portbuf[sizeof(portbuf) - 1] = '\0';
+	s = portbuf;
+	sp = ipf_rcmd_atoi(s);
+	if (!sp)
+		return 0;
+
+	/*
+	 * Add skeleton NAT entry for connection which will come back the
+	 * other way.
+	 */
+	sp = htons(sp);
+	dp = htons(fin->fin_data[1]);
+	ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
+			    ip->ip_dst, (dp << 16) | sp);
+	if (ipn == NULL) {
+		bcopy((char *)fin, (char *)&fi, sizeof(fi));
+		bzero((char *)tcp2, sizeof(*tcp2));
+		tcp2->th_win = htons(8192);
+		tcp2->th_sport = sp;
+		tcp2->th_dport = 0; /* XXX - don't specify remote port */
+		fi.fin_data[0] = ntohs(sp);
+		fi.fin_data[1] = 0;
+		fi.fin_dp = (char *)tcp2;
+		swip = ip->ip_src;
+		ip->ip_src = nat->nat_inip;
+		ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT,
+			      NAT_OUTBOUND);
+		if (ipn != NULL) {
+			ipn->nat_age = fr_defnatage;
+			fi.fin_fr = &rcmdfr;
+			(void) fr_addstate(ip, &fi, FI_W_DPORT);
+		}
+		ip->ip_src = swip;
+	}
+	return 0;
+}
+
+
+int ippr_rcmd_out(fin, ip, aps, nat)
+fr_info_t *fin;
+ip_t *ip;
+ap_session_t *aps;
+nat_t *nat;
+{
+	return ippr_rcmd_portmsg(fin, ip, aps, nat);
+}
diff --git a/sys/contrib/ipfilter/netinet/mlfk_ipl.c b/sys/contrib/ipfilter/netinet/mlfk_ipl.c
new file mode 100644
index 0000000..28e7c5d
--- /dev/null
+++ b/sys/contrib/ipfilter/netinet/mlfk_ipl.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1999 Guido van Rooij.  All rights reserved.
+ * 
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *  1. Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *  2. Redistributions in binary form must reproduce the above copyright notice,
+ *     this list of conditions and the following disclaimer in the documentation
+ *     and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/kernel.h>
+#include <sys/module.h>
+#include <sys/conf.h>
+#include <sys/socket.h>
+#include <sys/sysctl.h>
+#include <net/if.h>
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+
+
+#include <netinet/ipl.h>
+#include <netinet/ip_compat.h>
+#include <netinet/ip_fil.h>
+#include <netinet/ip_state.h>
+#include <netinet/ip_nat.h>
+#include <netinet/ip_auth.h>
+#include <netinet/ip_frag.h>
+
+static dev_t ipf_devs[IPL_LOGMAX + 1];
+
+SYSCTL_DECL(_net_inet);
+SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
+	   &fr_tcpidletimeout, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
+	   &fr_tcpclosewait, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
+	   &fr_tcplastack, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
+	   &fr_tcptimeout, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
+	   &fr_tcpclosed, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
+	   &fr_udptimeout, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
+	   &fr_icmptimeout, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
+	   &fr_defnatage, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
+	   &fr_ipfrttl, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
+	   &ipl_unreach, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_inited, CTLFLAG_RD,
+	   &ipl_inited, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
+	   &fr_authsize, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
+	   &fr_authused, 0, "");
+SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
+	   &fr_defaultauthage, 0, "");
+
+#define CDEV_MAJOR 79
+static struct cdevsw ipl_cdevsw = {
+	/* open */	iplopen,
+	/* close */	iplclose,
+	/* read */	iplread,
+	/* write */	nowrite,
+	/* ioctl */	iplioctl,
+	/* poll */	nopoll,
+	/* mmap */	nommap,
+	/* strategy */	nostrategy,
+	/* name */	"ipl",
+	/* maj */	CDEV_MAJOR,
+	/* dump */	nodump,
+	/* psize */	nopsize,
+	/* flags */	0,
+	/* bmaj */	-1
+};
+
+static int
+ipfilter_modevent(module_t mod, int type, void *unused)
+{
+	char	*c;
+	int	i, error = 0;
+
+	switch (type) {
+	case MOD_LOAD :
+		error = iplattach();
+
+		c = NULL;
+		for(i=strlen(IPL_NAME); i>0; i--)
+			if (IPL_NAME[i] == '/') {
+				c = &IPL_NAME[i+1];
+				break;
+			}
+		if (!c)
+			c = IPL_NAME;
+		ipf_devs[IPL_LOGIPF] =
+		    make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
+
+		c = NULL;
+		for(i=strlen(IPL_NAT); i>0; i--)
+			if (IPL_NAT[i] == '/') {
+				c = &IPL_NAT[i+1];
+				break;
+			}
+		if (!c)
+			c = IPL_NAT;
+		ipf_devs[IPL_LOGNAT] =
+		    make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
+
+		c = NULL;
+		for(i=strlen(IPL_STATE); i>0; i--)
+			if (IPL_STATE[i] == '/') {
+				c = &IPL_STATE[i+1];
+				break;
+			}
+		if (!c)
+			c = IPL_STATE;
+		ipf_devs[IPL_LOGSTATE] =
+		    make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
+
+		c = NULL;
+		for(i=strlen(IPL_AUTH); i>0; i--)
+			if (IPL_AUTH[i] == '/') {
+				c = &IPL_AUTH[i+1];
+				break;
+			}
+		if (!c)
+			c = IPL_AUTH;
+		ipf_devs[IPL_LOGAUTH] =
+		    make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
+
+		break;
+	case MOD_UNLOAD :
+		destroy_dev(ipf_devs[IPL_LOGIPF]);
+		destroy_dev(ipf_devs[IPL_LOGNAT]);
+		destroy_dev(ipf_devs[IPL_LOGSTATE]);
+		destroy_dev(ipf_devs[IPL_LOGAUTH]);
+		cdevsw_remove(&ipl_cdevsw);
+		error = ipldetach();
+		break;
+	default:
+		error = EINVAL;
+		break;
+	}
+	return error;
+}
+
+static moduledata_t ipfiltermod = {
+	IPL_VERSION,
+	ipfilter_modevent,
+        0
+};
+DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);