Big sweep over the IPFIREWALL and IPACCT code.

Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.

Code in -current & -stable is now the same.

1 files changed, 2 insertions, 22 deletions

diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 97c48e0..4d9916d 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)raw_ip.c	8.7 (Berkeley) 5/15/95
- *	$Id: raw_ip.c,v 1.24 1995/11/14 20:34:23 phk Exp $
+ *	$Id: raw_ip.c,v 1.25 1995/12/09 20:43:53 phk Exp $
  */
 
 #include <sys/param.h>
@@ -221,7 +221,7 @@ rip_ctloutput(op, so, level, optname, m)
 	case IP_FW_ADD:
 	case IP_FW_DEL:
 	case IP_FW_FLUSH:
-	case IP_FW_POLICY:
+	case IP_FW_ZERO:
 		if (ip_fw_ctl_ptr==NULL) {
 			if (*m)
 				(void)m_free(*m);
@@ -237,26 +237,6 @@ rip_ctloutput(op, so, level, optname, m)
 			error=EINVAL;
 		return(error);
 
-	case IP_ACCT_DEL:
-	case IP_ACCT_ADD:
-	case IP_ACCT_CLR:
-	case IP_ACCT_FLUSH:
-	case IP_ACCT_ZERO: 
-		if (ip_acct_ctl_ptr==NULL) {
-			if (*m)
-				(void)m_free(*m);
-			return(EINVAL);
-		}
-	
-		if (op == PRCO_SETOPT) {
-			error=(*ip_acct_ctl_ptr)(optname, *m);
-			if (*m)
-				(void)m_free(*m);
-		}
-		else
-			error=EINVAL;
-		return(error);
-
 	case IP_RSVP_ON:
 		return ip_rsvp_init(so);
 		break;