mirror of
https://github.com/fwbuilder/fwbuilder
synced 2026-06-18 04:12:18 +02:00
Initial import into v3 branch
This commit is contained in:
275
Doxyfile
Normal file
275
Doxyfile
Normal file
@@ -0,0 +1,275 @@
|
||||
# Doxyfile 1.4.1-KDevelop
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Project related configuration options
|
||||
#---------------------------------------------------------------------------
|
||||
PROJECT_NAME = someproj.kdevelop
|
||||
PROJECT_NUMBER = 1
|
||||
OUTPUT_DIRECTORY =
|
||||
CREATE_SUBDIRS = NO
|
||||
OUTPUT_LANGUAGE = English
|
||||
USE_WINDOWS_ENCODING = NO
|
||||
BRIEF_MEMBER_DESC = YES
|
||||
REPEAT_BRIEF = YES
|
||||
ABBREVIATE_BRIEF = "The $name class" \
|
||||
"The $name widget" \
|
||||
"The $name file" \
|
||||
is \
|
||||
provides \
|
||||
specifies \
|
||||
contains \
|
||||
represents \
|
||||
a \
|
||||
an \
|
||||
the
|
||||
ALWAYS_DETAILED_SEC = NO
|
||||
INLINE_INHERITED_MEMB = NO
|
||||
FULL_PATH_NAMES = YES
|
||||
STRIP_FROM_PATH = /home/krava/work/fwbuilder2/
|
||||
STRIP_FROM_INC_PATH =
|
||||
SHORT_NAMES = NO
|
||||
JAVADOC_AUTOBRIEF = NO
|
||||
MULTILINE_CPP_IS_BRIEF = NO
|
||||
DETAILS_AT_TOP = NO
|
||||
INHERIT_DOCS = YES
|
||||
DISTRIBUTE_GROUP_DOC = NO
|
||||
TAB_SIZE = 8
|
||||
ALIASES =
|
||||
OPTIMIZE_OUTPUT_FOR_C = NO
|
||||
OPTIMIZE_OUTPUT_JAVA = NO
|
||||
SUBGROUPING = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# Build related configuration options
|
||||
#---------------------------------------------------------------------------
|
||||
EXTRACT_ALL = NO
|
||||
EXTRACT_PRIVATE = NO
|
||||
EXTRACT_STATIC = NO
|
||||
EXTRACT_LOCAL_CLASSES = YES
|
||||
EXTRACT_LOCAL_METHODS = NO
|
||||
HIDE_UNDOC_MEMBERS = NO
|
||||
HIDE_UNDOC_CLASSES = NO
|
||||
HIDE_FRIEND_COMPOUNDS = NO
|
||||
HIDE_IN_BODY_DOCS = NO
|
||||
INTERNAL_DOCS = NO
|
||||
CASE_SENSE_NAMES = YES
|
||||
HIDE_SCOPE_NAMES = NO
|
||||
SHOW_INCLUDE_FILES = YES
|
||||
INLINE_INFO = YES
|
||||
SORT_MEMBER_DOCS = YES
|
||||
SORT_BRIEF_DOCS = NO
|
||||
SORT_BY_SCOPE_NAME = NO
|
||||
GENERATE_TODOLIST = YES
|
||||
GENERATE_TESTLIST = YES
|
||||
GENERATE_BUGLIST = YES
|
||||
GENERATE_DEPRECATEDLIST= YES
|
||||
ENABLED_SECTIONS =
|
||||
MAX_INITIALIZER_LINES = 30
|
||||
SHOW_USED_FILES = YES
|
||||
SHOW_DIRECTORIES = YES
|
||||
FILE_VERSION_FILTER =
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to warning and progress messages
|
||||
#---------------------------------------------------------------------------
|
||||
QUIET = NO
|
||||
WARNINGS = YES
|
||||
WARN_IF_UNDOCUMENTED = YES
|
||||
WARN_IF_DOC_ERROR = YES
|
||||
WARN_NO_PARAMDOC = NO
|
||||
WARN_FORMAT = "$file:$line: $text"
|
||||
WARN_LOGFILE =
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the input files
|
||||
#---------------------------------------------------------------------------
|
||||
INPUT = /home/krava/work/kdev/someproj
|
||||
FILE_PATTERNS = *.c \
|
||||
*.cc \
|
||||
*.cxx \
|
||||
*.cpp \
|
||||
*.c++ \
|
||||
*.java \
|
||||
*.ii \
|
||||
*.ixx \
|
||||
*.ipp \
|
||||
*.i++ \
|
||||
*.inl \
|
||||
*.h \
|
||||
*.hh \
|
||||
*.hxx \
|
||||
*.hpp \
|
||||
*.h++ \
|
||||
*.idl \
|
||||
*.odl \
|
||||
*.cs \
|
||||
*.php \
|
||||
*.php3 \
|
||||
*.inc \
|
||||
*.m \
|
||||
*.mm \
|
||||
*.dox \
|
||||
*.C \
|
||||
*.CC \
|
||||
*.C++ \
|
||||
*.II \
|
||||
*.I++ \
|
||||
*.H \
|
||||
*.HH \
|
||||
*.H++ \
|
||||
*.CS \
|
||||
*.PHP \
|
||||
*.PHP3 \
|
||||
*.M \
|
||||
*.MM \
|
||||
*.C \
|
||||
*.H \
|
||||
*.tlh \
|
||||
*.diff \
|
||||
*.patch \
|
||||
*.moc \
|
||||
*.xpm \
|
||||
*.dox
|
||||
RECURSIVE = yes
|
||||
EXCLUDE =
|
||||
EXCLUDE_SYMLINKS = NO
|
||||
EXCLUDE_PATTERNS =
|
||||
EXAMPLE_PATH =
|
||||
EXAMPLE_PATTERNS = *
|
||||
EXAMPLE_RECURSIVE = NO
|
||||
IMAGE_PATH =
|
||||
INPUT_FILTER =
|
||||
FILTER_PATTERNS =
|
||||
FILTER_SOURCE_FILES = NO
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to source browsing
|
||||
#---------------------------------------------------------------------------
|
||||
SOURCE_BROWSER = NO
|
||||
INLINE_SOURCES = NO
|
||||
STRIP_CODE_COMMENTS = YES
|
||||
REFERENCED_BY_RELATION = YES
|
||||
REFERENCES_RELATION = YES
|
||||
VERBATIM_HEADERS = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the alphabetical class index
|
||||
#---------------------------------------------------------------------------
|
||||
ALPHABETICAL_INDEX = NO
|
||||
COLS_IN_ALPHA_INDEX = 5
|
||||
IGNORE_PREFIX =
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the HTML output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_HTML = YES
|
||||
HTML_OUTPUT = html
|
||||
HTML_FILE_EXTENSION = .html
|
||||
HTML_HEADER =
|
||||
HTML_FOOTER =
|
||||
HTML_STYLESHEET =
|
||||
HTML_ALIGN_MEMBERS = YES
|
||||
GENERATE_HTMLHELP = NO
|
||||
CHM_FILE =
|
||||
HHC_LOCATION =
|
||||
GENERATE_CHI = NO
|
||||
BINARY_TOC = NO
|
||||
TOC_EXPAND = NO
|
||||
DISABLE_INDEX = NO
|
||||
ENUM_VALUES_PER_LINE = 4
|
||||
GENERATE_TREEVIEW = NO
|
||||
TREEVIEW_WIDTH = 250
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the LaTeX output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_LATEX = YES
|
||||
LATEX_OUTPUT = latex
|
||||
LATEX_CMD_NAME = latex
|
||||
MAKEINDEX_CMD_NAME = makeindex
|
||||
COMPACT_LATEX = NO
|
||||
PAPER_TYPE = a4wide
|
||||
EXTRA_PACKAGES =
|
||||
LATEX_HEADER =
|
||||
PDF_HYPERLINKS = NO
|
||||
USE_PDFLATEX = NO
|
||||
LATEX_BATCHMODE = NO
|
||||
LATEX_HIDE_INDICES = NO
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the RTF output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_RTF = NO
|
||||
RTF_OUTPUT = rtf
|
||||
COMPACT_RTF = NO
|
||||
RTF_HYPERLINKS = NO
|
||||
RTF_STYLESHEET_FILE =
|
||||
RTF_EXTENSIONS_FILE =
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the man page output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_MAN = NO
|
||||
MAN_OUTPUT = man
|
||||
MAN_EXTENSION = .3
|
||||
MAN_LINKS = NO
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the XML output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_XML = yes
|
||||
XML_OUTPUT = xml
|
||||
XML_SCHEMA =
|
||||
XML_DTD =
|
||||
XML_PROGRAMLISTING = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options for the AutoGen Definitions output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_AUTOGEN_DEF = NO
|
||||
#---------------------------------------------------------------------------
|
||||
# configuration options related to the Perl module output
|
||||
#---------------------------------------------------------------------------
|
||||
GENERATE_PERLMOD = NO
|
||||
PERLMOD_LATEX = NO
|
||||
PERLMOD_PRETTY = YES
|
||||
PERLMOD_MAKEVAR_PREFIX =
|
||||
#---------------------------------------------------------------------------
|
||||
# Configuration options related to the preprocessor
|
||||
#---------------------------------------------------------------------------
|
||||
ENABLE_PREPROCESSING = YES
|
||||
MACRO_EXPANSION = NO
|
||||
EXPAND_ONLY_PREDEF = NO
|
||||
SEARCH_INCLUDES = YES
|
||||
INCLUDE_PATH =
|
||||
INCLUDE_FILE_PATTERNS =
|
||||
PREDEFINED =
|
||||
EXPAND_AS_DEFINED =
|
||||
SKIP_FUNCTION_MACROS = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# Configuration::additions related to external references
|
||||
#---------------------------------------------------------------------------
|
||||
TAGFILES =
|
||||
GENERATE_TAGFILE = someproj.tag
|
||||
ALLEXTERNALS = NO
|
||||
EXTERNAL_GROUPS = YES
|
||||
PERL_PATH = /usr/bin/perl
|
||||
#---------------------------------------------------------------------------
|
||||
# Configuration options related to the dot tool
|
||||
#---------------------------------------------------------------------------
|
||||
CLASS_DIAGRAMS = YES
|
||||
HIDE_UNDOC_RELATIONS = YES
|
||||
HAVE_DOT = NO
|
||||
CLASS_GRAPH = YES
|
||||
COLLABORATION_GRAPH = YES
|
||||
GROUP_GRAPHS = YES
|
||||
UML_LOOK = NO
|
||||
TEMPLATE_RELATIONS = NO
|
||||
INCLUDE_GRAPH = YES
|
||||
INCLUDED_BY_GRAPH = YES
|
||||
CALL_GRAPH = NO
|
||||
GRAPHICAL_HIERARCHY = YES
|
||||
DIRECTORY_GRAPH = YES
|
||||
DOT_IMAGE_FORMAT = png
|
||||
DOT_PATH =
|
||||
DOTFILE_DIRS =
|
||||
MAX_DOT_GRAPH_WIDTH = 1024
|
||||
MAX_DOT_GRAPH_HEIGHT = 1024
|
||||
MAX_DOT_GRAPH_DEPTH = 1000
|
||||
DOT_TRANSPARENT = NO
|
||||
DOT_MULTI_TARGETS = NO
|
||||
GENERATE_LEGEND = YES
|
||||
DOT_CLEANUP = YES
|
||||
#---------------------------------------------------------------------------
|
||||
# Configuration::additions related to the search engine
|
||||
#---------------------------------------------------------------------------
|
||||
SEARCHENGINE = NO
|
||||
0
FWBMainWindow_q.h
Normal file
0
FWBMainWindow_q.h
Normal file
30
VERSION
Normal file
30
VERSION
Normal file
@@ -0,0 +1,30 @@
|
||||
#-*- mode: shell-script; tab-width: 4; -*-
|
||||
# $Id: VERSION,v 1.47 2007/07/21 23:44:19 vkurland Exp $
|
||||
|
||||
|
||||
FWB_MAJOR_VERSION=2
|
||||
FWB_MINOR_VERSION=1
|
||||
FWB_MICRO_VERSION=99
|
||||
VERSION=$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION
|
||||
|
||||
#
|
||||
# release num. I use it to distinguish between pre-release builds and
|
||||
# in rare situation when I need to produce replacement RPMs and do not
|
||||
# want to change version number.
|
||||
#
|
||||
# Set it to "1" before publishing the release.
|
||||
#
|
||||
|
||||
RELEASE_NUM="1"
|
||||
# RELEASE_NUM="`date +%Y%m%d`cvs"
|
||||
# RELEASE_NUM="RC1"
|
||||
# RELEASE_NUM="b"
|
||||
|
||||
BETA="no"
|
||||
|
||||
REQUIRED_LIBFWBUILDER_VERSION="2.1.99"
|
||||
|
||||
# current (or major) version number of the library so file
|
||||
#
|
||||
LIBFWBUILDER_SOMAJOR=7
|
||||
|
||||
33
autogen.sh
Normal file
33
autogen.sh
Normal file
@@ -0,0 +1,33 @@
|
||||
#!/bin/sh
|
||||
|
||||
|
||||
MAKE=`which gnumake 2>/dev/null`
|
||||
if test ! -x "$MAKE" ; then MAKE=`which gmake` ; fi
|
||||
if test ! -x "$MAKE" ; then MAKE=`which make` ; fi
|
||||
HAVE_GNU_MAKE=`$MAKE --version|grep -c "Free Software Foundation"`
|
||||
|
||||
if test "$HAVE_GNU_MAKE" != "1"; then
|
||||
echo Could not find GNU make on this system, can not proceed with build.
|
||||
exit 1
|
||||
else
|
||||
echo Found GNU Make at $MAKE ... good.
|
||||
fi
|
||||
|
||||
echo This script runs configure ...
|
||||
echo You did remember necessary arguments for configure, right?
|
||||
|
||||
if test ! -x "`which aclocal`"
|
||||
then echo you need autoconf to generate the configure script
|
||||
fi
|
||||
|
||||
|
||||
ACLOCALARG=""
|
||||
test -d /sw/share/ && ACLOCALARG=" -I /sw/share/aclocal"
|
||||
|
||||
|
||||
libtoolize --force --copy
|
||||
acinclude
|
||||
aclocal ${ACLOCALARG}
|
||||
autoconf
|
||||
|
||||
./configure ${CFGARGS} $*
|
||||
1388
config.guess
vendored
Normal file
1388
config.guess
vendored
Normal file
@@ -0,0 +1,1388 @@
|
||||
#! /bin/sh
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2003-02-22'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
# Originally written by Per Bothner <per@bothner.com>.
|
||||
# Please send patches to <config-patches@gnu.org>. Submit a context
|
||||
# diff and a properly formatted ChangeLog entry.
|
||||
#
|
||||
# This script attempts to guess a canonical system name similar to
|
||||
# config.sub. If it succeeds, it prints the system name on stdout, and
|
||||
# exits with 0. Otherwise, it exits with 1.
|
||||
#
|
||||
# The plan is that this can be called by configure scripts if you
|
||||
# don't specify an explicit build system type.
|
||||
|
||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
|
||||
usage="\
|
||||
Usage: $0 [OPTION]
|
||||
|
||||
Output the configuration name of the system \`$me' is run on.
|
||||
|
||||
Operation modes:
|
||||
-h, --help print this help, then exit
|
||||
-t, --time-stamp print date of last modification, then exit
|
||||
-v, --version print version number, then exit
|
||||
|
||||
Report bugs and patches to <config-patches@gnu.org>."
|
||||
|
||||
version="\
|
||||
GNU config.guess ($timestamp)
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
|
||||
Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
|
||||
help="
|
||||
Try \`$me --help' for more information."
|
||||
|
||||
# Parse command line
|
||||
while test $# -gt 0 ; do
|
||||
case $1 in
|
||||
--time-stamp | --time* | -t )
|
||||
echo "$timestamp" ; exit 0 ;;
|
||||
--version | -v )
|
||||
echo "$version" ; exit 0 ;;
|
||||
--help | --h* | -h )
|
||||
echo "$usage"; exit 0 ;;
|
||||
-- ) # Stop option processing
|
||||
shift; break ;;
|
||||
- ) # Use stdin as input.
|
||||
break ;;
|
||||
-* )
|
||||
echo "$me: invalid option $1$help" >&2
|
||||
exit 1 ;;
|
||||
* )
|
||||
break ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test $# != 0; then
|
||||
echo "$me: too many arguments$help" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'exit 1' 1 2 15
|
||||
|
||||
# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
|
||||
# compiler to aid in system detection is discouraged as it requires
|
||||
# temporary files to be created and, as you can see below, it is a
|
||||
# headache to deal with in a portable fashion.
|
||||
|
||||
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
|
||||
# use `HOST_CC' if defined, but it is deprecated.
|
||||
|
||||
# Portable tmp directory creation inspired by the Autoconf team.
|
||||
|
||||
set_cc_for_build='
|
||||
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
|
||||
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
|
||||
: ${TMPDIR=/tmp} ;
|
||||
{ tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
|
||||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
|
||||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
|
||||
dummy=$tmp/dummy ;
|
||||
tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
|
||||
case $CC_FOR_BUILD,$HOST_CC,$CC in
|
||||
,,) echo "int x;" > $dummy.c ;
|
||||
for c in cc gcc c89 c99 ; do
|
||||
if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
|
||||
CC_FOR_BUILD="$c"; break ;
|
||||
fi ;
|
||||
done ;
|
||||
if test x"$CC_FOR_BUILD" = x ; then
|
||||
CC_FOR_BUILD=no_compiler_found ;
|
||||
fi
|
||||
;;
|
||||
,,*) CC_FOR_BUILD=$CC ;;
|
||||
,*,*) CC_FOR_BUILD=$HOST_CC ;;
|
||||
esac ;'
|
||||
|
||||
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
|
||||
# (ghazi@noc.rutgers.edu 1994-08-24)
|
||||
if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
|
||||
PATH=$PATH:/.attbin ; export PATH
|
||||
fi
|
||||
|
||||
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
|
||||
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
|
||||
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
|
||||
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
|
||||
|
||||
# Note: order is significant - the case branches are not exclusive.
|
||||
|
||||
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
*:NetBSD:*:*)
|
||||
# NetBSD (nbsd) targets should (where applicable) match one or
|
||||
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
|
||||
# switched to ELF, *-*-netbsd* would select the old
|
||||
# object file format. This provides both forward
|
||||
# compatibility and a consistent mechanism for selecting the
|
||||
# object file format.
|
||||
#
|
||||
# Note: NetBSD doesn't particularly care about the vendor
|
||||
# portion of the name. We always set it to "unknown".
|
||||
sysctl="sysctl -n hw.machine_arch"
|
||||
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
|
||||
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
|
||||
case "${UNAME_MACHINE_ARCH}" in
|
||||
armeb) machine=armeb-unknown ;;
|
||||
arm*) machine=arm-unknown ;;
|
||||
sh3el) machine=shl-unknown ;;
|
||||
sh3eb) machine=sh-unknown ;;
|
||||
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
|
||||
esac
|
||||
# The Operating System including object format, if it has switched
|
||||
# to ELF recently, or will in the future.
|
||||
case "${UNAME_MACHINE_ARCH}" in
|
||||
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
|
||||
eval $set_cc_for_build
|
||||
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep __ELF__ >/dev/null
|
||||
then
|
||||
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
|
||||
# Return netbsd for either. FIX?
|
||||
os=netbsd
|
||||
else
|
||||
os=netbsdelf
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
os=netbsd
|
||||
;;
|
||||
esac
|
||||
# The OS release
|
||||
# Debian GNU/NetBSD machines have a different userland, and
|
||||
# thus, need a distinct triplet. However, they do not need
|
||||
# kernel version information, so it can be replaced with a
|
||||
# suitable tag, in the style of linux-gnu.
|
||||
case "${UNAME_VERSION}" in
|
||||
Debian*)
|
||||
release='-gnu'
|
||||
;;
|
||||
*)
|
||||
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
|
||||
;;
|
||||
esac
|
||||
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
|
||||
# contains redundant information, the shorter form:
|
||||
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
|
||||
echo "${machine}-${os}${release}"
|
||||
exit 0 ;;
|
||||
amiga:OpenBSD:*:*)
|
||||
echo m68k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
arc:OpenBSD:*:*)
|
||||
echo mipsel-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
hp300:OpenBSD:*:*)
|
||||
echo m68k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
mac68k:OpenBSD:*:*)
|
||||
echo m68k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
macppc:OpenBSD:*:*)
|
||||
echo powerpc-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
mvme68k:OpenBSD:*:*)
|
||||
echo m68k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
mvme88k:OpenBSD:*:*)
|
||||
echo m88k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
mvmeppc:OpenBSD:*:*)
|
||||
echo powerpc-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
pmax:OpenBSD:*:*)
|
||||
echo mipsel-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
sgi:OpenBSD:*:*)
|
||||
echo mipseb-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
sun3:OpenBSD:*:*)
|
||||
echo m68k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
wgrisc:OpenBSD:*:*)
|
||||
echo mipsel-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:OpenBSD:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
alpha:OSF1:*:*)
|
||||
if test $UNAME_RELEASE = "V4.0"; then
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
|
||||
fi
|
||||
# According to Compaq, /usr/sbin/psrinfo has been available on
|
||||
# OSF/1 and Tru64 systems produced since 1995. I hope that
|
||||
# covers most systems running today. This code pipes the CPU
|
||||
# types through head -n 1, so we only detect the type of CPU 0.
|
||||
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
|
||||
case "$ALPHA_CPU_TYPE" in
|
||||
"EV4 (21064)")
|
||||
UNAME_MACHINE="alpha" ;;
|
||||
"EV4.5 (21064)")
|
||||
UNAME_MACHINE="alpha" ;;
|
||||
"LCA4 (21066/21068)")
|
||||
UNAME_MACHINE="alpha" ;;
|
||||
"EV5 (21164)")
|
||||
UNAME_MACHINE="alphaev5" ;;
|
||||
"EV5.6 (21164A)")
|
||||
UNAME_MACHINE="alphaev56" ;;
|
||||
"EV5.6 (21164PC)")
|
||||
UNAME_MACHINE="alphapca56" ;;
|
||||
"EV5.7 (21164PC)")
|
||||
UNAME_MACHINE="alphapca57" ;;
|
||||
"EV6 (21264)")
|
||||
UNAME_MACHINE="alphaev6" ;;
|
||||
"EV6.7 (21264A)")
|
||||
UNAME_MACHINE="alphaev67" ;;
|
||||
"EV6.8CB (21264C)")
|
||||
UNAME_MACHINE="alphaev68" ;;
|
||||
"EV6.8AL (21264B)")
|
||||
UNAME_MACHINE="alphaev68" ;;
|
||||
"EV6.8CX (21264D)")
|
||||
UNAME_MACHINE="alphaev68" ;;
|
||||
"EV6.9A (21264/EV69A)")
|
||||
UNAME_MACHINE="alphaev69" ;;
|
||||
"EV7 (21364)")
|
||||
UNAME_MACHINE="alphaev7" ;;
|
||||
"EV7.9 (21364A)")
|
||||
UNAME_MACHINE="alphaev79" ;;
|
||||
esac
|
||||
# A Vn.n version is a released version.
|
||||
# A Tn.n version is a released field test version.
|
||||
# A Xn.n version is an unreleased experimental baselevel.
|
||||
# 1.2 uses "1.2" for uname -r.
|
||||
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
exit 0 ;;
|
||||
Alpha\ *:Windows_NT*:*)
|
||||
# How do we know it's Interix rather than the generic POSIX subsystem?
|
||||
# Should we change UNAME_MACHINE based on the output of uname instead
|
||||
# of the specific Alpha model?
|
||||
echo alpha-pc-interix
|
||||
exit 0 ;;
|
||||
21064:Windows_NT:50:3)
|
||||
echo alpha-dec-winnt3.5
|
||||
exit 0 ;;
|
||||
Amiga*:UNIX_System_V:4.0:*)
|
||||
echo m68k-unknown-sysv4
|
||||
exit 0;;
|
||||
*:[Aa]miga[Oo][Ss]:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-amigaos
|
||||
exit 0 ;;
|
||||
*:[Mm]orph[Oo][Ss]:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-morphos
|
||||
exit 0 ;;
|
||||
*:OS/390:*:*)
|
||||
echo i370-ibm-openedition
|
||||
exit 0 ;;
|
||||
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
|
||||
echo arm-acorn-riscix${UNAME_RELEASE}
|
||||
exit 0;;
|
||||
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
|
||||
echo hppa1.1-hitachi-hiuxmpp
|
||||
exit 0;;
|
||||
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
|
||||
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
|
||||
if test "`(/bin/universe) 2>/dev/null`" = att ; then
|
||||
echo pyramid-pyramid-sysv3
|
||||
else
|
||||
echo pyramid-pyramid-bsd
|
||||
fi
|
||||
exit 0 ;;
|
||||
NILE*:*:*:dcosx)
|
||||
echo pyramid-pyramid-svr4
|
||||
exit 0 ;;
|
||||
DRS?6000:UNIX_SV:4.2*:7*)
|
||||
case `/usr/bin/uname -p` in
|
||||
sparc) echo sparc-icl-nx7 && exit 0 ;;
|
||||
esac ;;
|
||||
sun4H:SunOS:5.*:*)
|
||||
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||
exit 0 ;;
|
||||
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
|
||||
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||
exit 0 ;;
|
||||
i86pc:SunOS:5.*:*)
|
||||
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||
exit 0 ;;
|
||||
sun4*:SunOS:6*:*)
|
||||
# According to config.sub, this is the proper way to canonicalize
|
||||
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
|
||||
# it's likely to be more like Solaris than SunOS4.
|
||||
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||
exit 0 ;;
|
||||
sun4*:SunOS:*:*)
|
||||
case "`/usr/bin/arch -k`" in
|
||||
Series*|S4*)
|
||||
UNAME_RELEASE=`uname -v`
|
||||
;;
|
||||
esac
|
||||
# Japanese Language versions have a version number like `4.1.3-JL'.
|
||||
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
|
||||
exit 0 ;;
|
||||
sun3*:SunOS:*:*)
|
||||
echo m68k-sun-sunos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
sun*:*:4.2BSD:*)
|
||||
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
|
||||
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
|
||||
case "`/bin/arch`" in
|
||||
sun3)
|
||||
echo m68k-sun-sunos${UNAME_RELEASE}
|
||||
;;
|
||||
sun4)
|
||||
echo sparc-sun-sunos${UNAME_RELEASE}
|
||||
;;
|
||||
esac
|
||||
exit 0 ;;
|
||||
aushp:SunOS:*:*)
|
||||
echo sparc-auspex-sunos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
# The situation for MiNT is a little confusing. The machine name
|
||||
# can be virtually everything (everything which is not
|
||||
# "atarist" or "atariste" at least should have a processor
|
||||
# > m68000). The system name ranges from "MiNT" over "FreeMiNT"
|
||||
# to the lowercase version "mint" (or "freemint"). Finally
|
||||
# the system name "TOS" denotes a system which is actually not
|
||||
# MiNT. But MiNT is downward compatible to TOS, so this should
|
||||
# be no problem.
|
||||
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
powerpc:machten:*:*)
|
||||
echo powerpc-apple-machten${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
RISC*:Mach:*:*)
|
||||
echo mips-dec-mach_bsd4.3
|
||||
exit 0 ;;
|
||||
RISC*:ULTRIX:*:*)
|
||||
echo mips-dec-ultrix${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
VAX*:ULTRIX*:*:*)
|
||||
echo vax-dec-ultrix${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
2020:CLIX:*:* | 2430:CLIX:*:*)
|
||||
echo clipper-intergraph-clix${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
mips:*:*:UMIPS | mips:*:*:RISCos)
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#ifdef __cplusplus
|
||||
#include <stdio.h> /* for printf() prototype */
|
||||
int main (int argc, char *argv[]) {
|
||||
#else
|
||||
int main (argc, argv) int argc; char *argv[]; {
|
||||
#endif
|
||||
#if defined (host_mips) && defined (MIPSEB)
|
||||
#if defined (SYSTYPE_SYSV)
|
||||
printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
|
||||
#endif
|
||||
#if defined (SYSTYPE_SVR4)
|
||||
printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
|
||||
#endif
|
||||
#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
|
||||
printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
exit (-1);
|
||||
}
|
||||
EOF
|
||||
$CC_FOR_BUILD -o $dummy $dummy.c \
|
||||
&& $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
|
||||
&& exit 0
|
||||
echo mips-mips-riscos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
Motorola:PowerMAX_OS:*:*)
|
||||
echo powerpc-motorola-powermax
|
||||
exit 0 ;;
|
||||
Motorola:*:4.3:PL8-*)
|
||||
echo powerpc-harris-powermax
|
||||
exit 0 ;;
|
||||
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
|
||||
echo powerpc-harris-powermax
|
||||
exit 0 ;;
|
||||
Night_Hawk:Power_UNIX:*:*)
|
||||
echo powerpc-harris-powerunix
|
||||
exit 0 ;;
|
||||
m88k:CX/UX:7*:*)
|
||||
echo m88k-harris-cxux7
|
||||
exit 0 ;;
|
||||
m88k:*:4*:R4*)
|
||||
echo m88k-motorola-sysv4
|
||||
exit 0 ;;
|
||||
m88k:*:3*:R3*)
|
||||
echo m88k-motorola-sysv3
|
||||
exit 0 ;;
|
||||
AViiON:dgux:*:*)
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
|
||||
then
|
||||
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
|
||||
[ ${TARGET_BINARY_INTERFACE}x = x ]
|
||||
then
|
||||
echo m88k-dg-dgux${UNAME_RELEASE}
|
||||
else
|
||||
echo m88k-dg-dguxbcs${UNAME_RELEASE}
|
||||
fi
|
||||
else
|
||||
echo i586-dg-dgux${UNAME_RELEASE}
|
||||
fi
|
||||
exit 0 ;;
|
||||
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
|
||||
echo m88k-dolphin-sysv3
|
||||
exit 0 ;;
|
||||
M88*:*:R3*:*)
|
||||
# Delta 88k system running SVR3
|
||||
echo m88k-motorola-sysv3
|
||||
exit 0 ;;
|
||||
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
|
||||
echo m88k-tektronix-sysv3
|
||||
exit 0 ;;
|
||||
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
|
||||
echo m68k-tektronix-bsd
|
||||
exit 0 ;;
|
||||
*:IRIX*:*:*)
|
||||
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
|
||||
exit 0 ;;
|
||||
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
|
||||
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
|
||||
exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
|
||||
i*86:AIX:*:*)
|
||||
echo i386-ibm-aix
|
||||
exit 0 ;;
|
||||
ia64:AIX:*:*)
|
||||
if [ -x /usr/bin/oslevel ] ; then
|
||||
IBM_REV=`/usr/bin/oslevel`
|
||||
else
|
||||
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
|
||||
fi
|
||||
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
|
||||
exit 0 ;;
|
||||
*:AIX:2:3)
|
||||
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#include <sys/systemcfg.h>
|
||||
|
||||
main()
|
||||
{
|
||||
if (!__power_pc())
|
||||
exit(1);
|
||||
puts("powerpc-ibm-aix3.2.5");
|
||||
exit(0);
|
||||
}
|
||||
EOF
|
||||
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
|
||||
echo rs6000-ibm-aix3.2.5
|
||||
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
|
||||
echo rs6000-ibm-aix3.2.4
|
||||
else
|
||||
echo rs6000-ibm-aix3.2
|
||||
fi
|
||||
exit 0 ;;
|
||||
*:AIX:*:[45])
|
||||
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
|
||||
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
|
||||
IBM_ARCH=rs6000
|
||||
else
|
||||
IBM_ARCH=powerpc
|
||||
fi
|
||||
if [ -x /usr/bin/oslevel ] ; then
|
||||
IBM_REV=`/usr/bin/oslevel`
|
||||
else
|
||||
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
|
||||
fi
|
||||
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
|
||||
exit 0 ;;
|
||||
*:AIX:*:*)
|
||||
echo rs6000-ibm-aix
|
||||
exit 0 ;;
|
||||
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
|
||||
echo romp-ibm-bsd4.4
|
||||
exit 0 ;;
|
||||
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
|
||||
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
|
||||
exit 0 ;; # report: romp-ibm BSD 4.3
|
||||
*:BOSX:*:*)
|
||||
echo rs6000-bull-bosx
|
||||
exit 0 ;;
|
||||
DPX/2?00:B.O.S.:*:*)
|
||||
echo m68k-bull-sysv3
|
||||
exit 0 ;;
|
||||
9000/[34]??:4.3bsd:1.*:*)
|
||||
echo m68k-hp-bsd
|
||||
exit 0 ;;
|
||||
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
|
||||
echo m68k-hp-bsd4.4
|
||||
exit 0 ;;
|
||||
9000/[34678]??:HP-UX:*:*)
|
||||
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
|
||||
case "${UNAME_MACHINE}" in
|
||||
9000/31? ) HP_ARCH=m68000 ;;
|
||||
9000/[34]?? ) HP_ARCH=m68k ;;
|
||||
9000/[678][0-9][0-9])
|
||||
if [ -x /usr/bin/getconf ]; then
|
||||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
|
||||
esac ;;
|
||||
esac
|
||||
fi
|
||||
if [ "${HP_ARCH}" = "" ]; then
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
EOF
|
||||
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||
fi ;;
|
||||
esac
|
||||
if [ ${HP_ARCH} = "hppa2.0w" ]
|
||||
then
|
||||
# avoid double evaluation of $set_cc_for_build
|
||||
test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
|
||||
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
|
||||
then
|
||||
HP_ARCH="hppa2.0w"
|
||||
else
|
||||
HP_ARCH="hppa64"
|
||||
fi
|
||||
fi
|
||||
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
|
||||
exit 0 ;;
|
||||
ia64:HP-UX:*:*)
|
||||
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
|
||||
echo ia64-hp-hpux${HPUX_REV}
|
||||
exit 0 ;;
|
||||
3050*:HI-UX:*:*)
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#include <unistd.h>
|
||||
int
|
||||
main ()
|
||||
{
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
/* The order matters, because CPU_IS_HP_MC68K erroneously returns
|
||||
true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
|
||||
results, however. */
|
||||
if (CPU_IS_PA_RISC (cpu))
|
||||
{
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
|
||||
case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
|
||||
default: puts ("hppa-hitachi-hiuxwe2"); break;
|
||||
}
|
||||
}
|
||||
else if (CPU_IS_HP_MC68K (cpu))
|
||||
puts ("m68k-hitachi-hiuxwe2");
|
||||
else puts ("unknown-hitachi-hiuxwe2");
|
||||
exit (0);
|
||||
}
|
||||
EOF
|
||||
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
|
||||
echo unknown-hitachi-hiuxwe2
|
||||
exit 0 ;;
|
||||
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
|
||||
echo hppa1.1-hp-bsd
|
||||
exit 0 ;;
|
||||
9000/8??:4.3bsd:*:*)
|
||||
echo hppa1.0-hp-bsd
|
||||
exit 0 ;;
|
||||
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
|
||||
echo hppa1.0-hp-mpeix
|
||||
exit 0 ;;
|
||||
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
|
||||
echo hppa1.1-hp-osf
|
||||
exit 0 ;;
|
||||
hp8??:OSF1:*:*)
|
||||
echo hppa1.0-hp-osf
|
||||
exit 0 ;;
|
||||
i*86:OSF1:*:*)
|
||||
if [ -x /usr/sbin/sysversion ] ; then
|
||||
echo ${UNAME_MACHINE}-unknown-osf1mk
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-osf1
|
||||
fi
|
||||
exit 0 ;;
|
||||
parisc*:Lites*:*:*)
|
||||
echo hppa1.1-hp-lites
|
||||
exit 0 ;;
|
||||
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
|
||||
echo c1-convex-bsd
|
||||
exit 0 ;;
|
||||
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
|
||||
if getsysinfo -f scalar_acc
|
||||
then echo c32-convex-bsd
|
||||
else echo c2-convex-bsd
|
||||
fi
|
||||
exit 0 ;;
|
||||
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
|
||||
echo c34-convex-bsd
|
||||
exit 0 ;;
|
||||
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
|
||||
echo c38-convex-bsd
|
||||
exit 0 ;;
|
||||
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
|
||||
echo c4-convex-bsd
|
||||
exit 0 ;;
|
||||
CRAY*Y-MP:*:*:*)
|
||||
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit 0 ;;
|
||||
CRAY*[A-Z]90:*:*:*)
|
||||
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
|
||||
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
|
||||
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
|
||||
-e 's/\.[^.]*$/.X/'
|
||||
exit 0 ;;
|
||||
CRAY*TS:*:*:*)
|
||||
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit 0 ;;
|
||||
CRAY*T3E:*:*:*)
|
||||
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit 0 ;;
|
||||
CRAY*SV1:*:*:*)
|
||||
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit 0 ;;
|
||||
*:UNICOS/mp:*:*)
|
||||
echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit 0 ;;
|
||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit 0 ;;
|
||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
sparc*:BSD/OS:*:*)
|
||||
echo sparc-unknown-bsdi${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:BSD/OS:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:FreeBSD:*:*)
|
||||
# Determine whether the default compiler uses glibc.
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#include <features.h>
|
||||
#if __GLIBC__ >= 2
|
||||
LIBC=gnu
|
||||
#else
|
||||
LIBC=
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
|
||||
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
|
||||
exit 0 ;;
|
||||
i*:CYGWIN*:*)
|
||||
echo ${UNAME_MACHINE}-pc-cygwin
|
||||
exit 0 ;;
|
||||
i*:MINGW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw32
|
||||
exit 0 ;;
|
||||
i*:PW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-pw32
|
||||
exit 0 ;;
|
||||
x86:Interix*:3*)
|
||||
echo i586-pc-interix3
|
||||
exit 0 ;;
|
||||
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
|
||||
echo i${UNAME_MACHINE}-pc-mks
|
||||
exit 0 ;;
|
||||
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
|
||||
# How do we know it's Interix rather than the generic POSIX subsystem?
|
||||
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
|
||||
# UNAME_MACHINE based on the output of uname instead of i386?
|
||||
echo i586-pc-interix
|
||||
exit 0 ;;
|
||||
i*:UWIN*:*)
|
||||
echo ${UNAME_MACHINE}-pc-uwin
|
||||
exit 0 ;;
|
||||
p*:CYGWIN*:*)
|
||||
echo powerpcle-unknown-cygwin
|
||||
exit 0 ;;
|
||||
prep*:SunOS:5.*:*)
|
||||
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||
exit 0 ;;
|
||||
*:GNU:*:*)
|
||||
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
|
||||
exit 0 ;;
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
exit 0 ;;
|
||||
arm*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
ia64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
m68*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
mips:Linux:*:*)
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#undef CPU
|
||||
#undef mips
|
||||
#undef mipsel
|
||||
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
|
||||
CPU=mipsel
|
||||
#else
|
||||
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
|
||||
CPU=mips
|
||||
#else
|
||||
CPU=
|
||||
#endif
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
|
||||
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
|
||||
;;
|
||||
mips64:Linux:*:*)
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#undef CPU
|
||||
#undef mips64
|
||||
#undef mips64el
|
||||
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
|
||||
CPU=mips64el
|
||||
#else
|
||||
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
|
||||
CPU=mips64
|
||||
#else
|
||||
CPU=
|
||||
#endif
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
|
||||
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
|
||||
;;
|
||||
ppc:Linux:*:*)
|
||||
echo powerpc-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
ppc64:Linux:*:*)
|
||||
echo powerpc64-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
|
||||
EV5) UNAME_MACHINE=alphaev5 ;;
|
||||
EV56) UNAME_MACHINE=alphaev56 ;;
|
||||
PCA56) UNAME_MACHINE=alphapca56 ;;
|
||||
PCA57) UNAME_MACHINE=alphapca56 ;;
|
||||
EV6) UNAME_MACHINE=alphaev6 ;;
|
||||
EV67) UNAME_MACHINE=alphaev67 ;;
|
||||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||
esac
|
||||
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
|
||||
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
|
||||
exit 0 ;;
|
||||
parisc:Linux:*:* | hppa:Linux:*:*)
|
||||
# Look for CPU level
|
||||
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
|
||||
PA7*) echo hppa1.1-unknown-linux-gnu ;;
|
||||
PA8*) echo hppa2.0-unknown-linux-gnu ;;
|
||||
*) echo hppa-unknown-linux-gnu ;;
|
||||
esac
|
||||
exit 0 ;;
|
||||
parisc64:Linux:*:* | hppa64:Linux:*:*)
|
||||
echo hppa64-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
s390:Linux:*:* | s390x:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-ibm-linux
|
||||
exit 0 ;;
|
||||
sh*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
sparc:Linux:*:* | sparc64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
x86_64:Linux:*:*)
|
||||
echo x86_64-unknown-linux-gnu
|
||||
exit 0 ;;
|
||||
i*86:Linux:*:*)
|
||||
# The BFD linker knows what the default object file format is, so
|
||||
# first see if it will tell us. cd to the root directory to prevent
|
||||
# problems with other programs or directories called `ld' in the path.
|
||||
# Set LC_ALL=C to ensure ld outputs messages in English.
|
||||
ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
|
||||
| sed -ne '/supported targets:/!d
|
||||
s/[ ][ ]*/ /g
|
||||
s/.*supported targets: *//
|
||||
s/ .*//
|
||||
p'`
|
||||
case "$ld_supported_targets" in
|
||||
elf32-i386)
|
||||
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
|
||||
;;
|
||||
a.out-i386-linux)
|
||||
echo "${UNAME_MACHINE}-pc-linux-gnuaout"
|
||||
exit 0 ;;
|
||||
coff-i386)
|
||||
echo "${UNAME_MACHINE}-pc-linux-gnucoff"
|
||||
exit 0 ;;
|
||||
"")
|
||||
# Either a pre-BFD a.out linker (linux-gnuoldld) or
|
||||
# one that does not give us useful --help.
|
||||
echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
|
||||
exit 0 ;;
|
||||
esac
|
||||
# Determine whether the default compiler is a.out or elf
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#include <features.h>
|
||||
#ifdef __ELF__
|
||||
# ifdef __GLIBC__
|
||||
# if __GLIBC__ >= 2
|
||||
LIBC=gnu
|
||||
# else
|
||||
LIBC=gnulibc1
|
||||
# endif
|
||||
# else
|
||||
LIBC=gnulibc1
|
||||
# endif
|
||||
#else
|
||||
#ifdef __INTEL_COMPILER
|
||||
LIBC=gnu
|
||||
#else
|
||||
LIBC=gnuaout
|
||||
#endif
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
|
||||
test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
|
||||
test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
|
||||
;;
|
||||
i*86:DYNIX/ptx:4*:*)
|
||||
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
|
||||
# earlier versions are messed up and put the nodename in both
|
||||
# sysname and nodename.
|
||||
echo i386-sequent-sysv4
|
||||
exit 0 ;;
|
||||
i*86:UNIX_SV:4.2MP:2.*)
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# I just have to hope. -- rms.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
|
||||
exit 0 ;;
|
||||
i*86:OS/2:*:*)
|
||||
# If we were able to find `uname', then EMX Unix compatibility
|
||||
# is probably installed.
|
||||
echo ${UNAME_MACHINE}-pc-os2-emx
|
||||
exit 0 ;;
|
||||
i*86:XTS-300:*:STOP)
|
||||
echo ${UNAME_MACHINE}-unknown-stop
|
||||
exit 0 ;;
|
||||
i*86:atheos:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-atheos
|
||||
exit 0 ;;
|
||||
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
|
||||
echo i386-unknown-lynxos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
i*86:*DOS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-msdosdjgpp
|
||||
exit 0 ;;
|
||||
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
|
||||
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
|
||||
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
|
||||
echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
|
||||
else
|
||||
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
|
||||
fi
|
||||
exit 0 ;;
|
||||
i*86:*:5:[78]*)
|
||||
case `/bin/uname -X | grep "^Machine"` in
|
||||
*486*) UNAME_MACHINE=i486 ;;
|
||||
*Pentium) UNAME_MACHINE=i586 ;;
|
||||
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
|
||||
esac
|
||||
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
|
||||
exit 0 ;;
|
||||
i*86:*:3.2:*)
|
||||
if test -f /usr/options/cb.name; then
|
||||
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
|
||||
echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
|
||||
elif /bin/uname -X 2>/dev/null >/dev/null ; then
|
||||
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
|
||||
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
|
||||
(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
|
||||
&& UNAME_MACHINE=i586
|
||||
(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
|
||||
&& UNAME_MACHINE=i686
|
||||
(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
|
||||
&& UNAME_MACHINE=i686
|
||||
echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
|
||||
else
|
||||
echo ${UNAME_MACHINE}-pc-sysv32
|
||||
fi
|
||||
exit 0 ;;
|
||||
pc:*:*:*)
|
||||
# Left here for compatibility:
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i386.
|
||||
echo i386-pc-msdosdjgpp
|
||||
exit 0 ;;
|
||||
Intel:Mach:3*:*)
|
||||
echo i386-pc-mach3
|
||||
exit 0 ;;
|
||||
paragon:*:*:*)
|
||||
echo i860-intel-osf1
|
||||
exit 0 ;;
|
||||
i860:*:4.*:*) # i860-SVR4
|
||||
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
|
||||
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
|
||||
else # Add other i860-SVR4 vendors below as they are discovered.
|
||||
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
|
||||
fi
|
||||
exit 0 ;;
|
||||
mini*:CTIX:SYS*5:*)
|
||||
# "miniframe"
|
||||
echo m68010-convergent-sysv
|
||||
exit 0 ;;
|
||||
mc68k:UNIX:SYSTEM5:3.51m)
|
||||
echo m68k-convergent-sysv
|
||||
exit 0 ;;
|
||||
M680?0:D-NIX:5.3:*)
|
||||
echo m68k-diab-dnix
|
||||
exit 0 ;;
|
||||
M68*:*:R3V[567]*:*)
|
||||
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
|
||||
3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
|
||||
OS_REL=''
|
||||
test -r /etc/.relid \
|
||||
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& echo i486-ncr-sysv4.3${OS_REL} && exit 0
|
||||
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
|
||||
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
|
||||
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& echo i486-ncr-sysv4 && exit 0 ;;
|
||||
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
|
||||
echo m68k-unknown-lynxos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
mc68030:UNIX_System_V:4.*:*)
|
||||
echo m68k-atari-sysv4
|
||||
exit 0 ;;
|
||||
TSUNAMI:LynxOS:2.*:*)
|
||||
echo sparc-unknown-lynxos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
rs6000:LynxOS:2.*:*)
|
||||
echo rs6000-unknown-lynxos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
|
||||
echo powerpc-unknown-lynxos${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
SM[BE]S:UNIX_SV:*:*)
|
||||
echo mips-dde-sysv${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
RM*:ReliantUNIX-*:*:*)
|
||||
echo mips-sni-sysv4
|
||||
exit 0 ;;
|
||||
RM*:SINIX-*:*:*)
|
||||
echo mips-sni-sysv4
|
||||
exit 0 ;;
|
||||
*:SINIX-*:*:*)
|
||||
if uname -p 2>/dev/null >/dev/null ; then
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
echo ${UNAME_MACHINE}-sni-sysv4
|
||||
else
|
||||
echo ns32k-sni-sysv
|
||||
fi
|
||||
exit 0 ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit 0 ;;
|
||||
*:UNIX_System_V:4*:FTX*)
|
||||
# From Gerald Hewes <hewes@openmarket.com>.
|
||||
# How about differentiating between stratus architectures? -djm
|
||||
echo hppa1.1-stratus-sysv4
|
||||
exit 0 ;;
|
||||
*:*:*:FTX*)
|
||||
# From seanf@swdc.stratus.com.
|
||||
echo i860-stratus-sysv4
|
||||
exit 0 ;;
|
||||
*:VOS:*:*)
|
||||
# From Paul.Green@stratus.com.
|
||||
echo hppa1.1-stratus-vos
|
||||
exit 0 ;;
|
||||
mc68*:A/UX:*:*)
|
||||
echo m68k-apple-aux${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
news*:NEWS-OS:6*:*)
|
||||
echo mips-sony-newsos6
|
||||
exit 0 ;;
|
||||
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
|
||||
if [ -d /usr/nec ]; then
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
else
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
fi
|
||||
exit 0 ;;
|
||||
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
|
||||
echo powerpc-be-beos
|
||||
exit 0 ;;
|
||||
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
|
||||
echo powerpc-apple-beos
|
||||
exit 0 ;;
|
||||
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
|
||||
echo i586-pc-beos
|
||||
exit 0 ;;
|
||||
SX-4:SUPER-UX:*:*)
|
||||
echo sx4-nec-superux${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
SX-5:SUPER-UX:*:*)
|
||||
echo sx5-nec-superux${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
SX-6:SUPER-UX:*:*)
|
||||
echo sx6-nec-superux${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
Power*:Rhapsody:*:*)
|
||||
echo powerpc-apple-rhapsody${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:Rhapsody:*:*)
|
||||
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:Darwin:*:*)
|
||||
case `uname -p` in
|
||||
*86) UNAME_PROCESSOR=i686 ;;
|
||||
powerpc) UNAME_PROCESSOR=powerpc ;;
|
||||
esac
|
||||
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||
UNAME_PROCESSOR=`uname -p`
|
||||
if test "$UNAME_PROCESSOR" = "x86"; then
|
||||
UNAME_PROCESSOR=i386
|
||||
UNAME_MACHINE=pc
|
||||
fi
|
||||
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:QNX:*:4*)
|
||||
echo i386-pc-qnx
|
||||
exit 0 ;;
|
||||
NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
|
||||
echo nsr-tandem-nsk${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:NonStop-UX:*:*)
|
||||
echo mips-compaq-nonstopux
|
||||
exit 0 ;;
|
||||
BS2000:POSIX*:*:*)
|
||||
echo bs2000-siemens-sysv
|
||||
exit 0 ;;
|
||||
DS/*:UNIX_System_V:*:*)
|
||||
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
*:Plan9:*:*)
|
||||
# "uname -m" is not consistent, so use $cputype instead. 386
|
||||
# is converted to i386 for consistency with other x86
|
||||
# operating systems.
|
||||
if test "$cputype" = "386"; then
|
||||
UNAME_MACHINE=i386
|
||||
else
|
||||
UNAME_MACHINE="$cputype"
|
||||
fi
|
||||
echo ${UNAME_MACHINE}-unknown-plan9
|
||||
exit 0 ;;
|
||||
*:TOPS-10:*:*)
|
||||
echo pdp10-unknown-tops10
|
||||
exit 0 ;;
|
||||
*:TENEX:*:*)
|
||||
echo pdp10-unknown-tenex
|
||||
exit 0 ;;
|
||||
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
|
||||
echo pdp10-dec-tops20
|
||||
exit 0 ;;
|
||||
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
|
||||
echo pdp10-xkl-tops20
|
||||
exit 0 ;;
|
||||
*:TOPS-20:*:*)
|
||||
echo pdp10-unknown-tops20
|
||||
exit 0 ;;
|
||||
*:ITS:*:*)
|
||||
echo pdp10-unknown-its
|
||||
exit 0 ;;
|
||||
esac
|
||||
|
||||
#echo '(No uname command or uname output not recognized.)' 1>&2
|
||||
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
|
||||
|
||||
eval $set_cc_for_build
|
||||
cat >$dummy.c <<EOF
|
||||
#ifdef _SEQUENT_
|
||||
# include <sys/types.h>
|
||||
# include <sys/utsname.h>
|
||||
#endif
|
||||
main ()
|
||||
{
|
||||
#if defined (sony)
|
||||
#if defined (MIPSEB)
|
||||
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
|
||||
I don't know.... */
|
||||
printf ("mips-sony-bsd\n"); exit (0);
|
||||
#else
|
||||
#include <sys/param.h>
|
||||
printf ("m68k-sony-newsos%s\n",
|
||||
#ifdef NEWSOS4
|
||||
"4"
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined (__arm) && defined (__acorn) && defined (__unix)
|
||||
printf ("arm-acorn-riscix"); exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (hp300) && !defined (hpux)
|
||||
printf ("m68k-hp-bsd\n"); exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (NeXT)
|
||||
#if !defined (__ARCHITECTURE__)
|
||||
#define __ARCHITECTURE__ "m68k"
|
||||
#endif
|
||||
int version;
|
||||
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
|
||||
if (version < 4)
|
||||
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
|
||||
else
|
||||
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
|
||||
exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (MULTIMAX) || defined (n16)
|
||||
#if defined (UMAXV)
|
||||
printf ("ns32k-encore-sysv\n"); exit (0);
|
||||
#else
|
||||
#if defined (CMU)
|
||||
printf ("ns32k-encore-mach\n"); exit (0);
|
||||
#else
|
||||
printf ("ns32k-encore-bsd\n"); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined (__386BSD__)
|
||||
printf ("i386-pc-bsd\n"); exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (sequent)
|
||||
#if defined (i386)
|
||||
printf ("i386-sequent-dynix\n"); exit (0);
|
||||
#endif
|
||||
#if defined (ns32000)
|
||||
printf ("ns32k-sequent-dynix\n"); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined (_SEQUENT_)
|
||||
struct utsname un;
|
||||
|
||||
uname(&un);
|
||||
|
||||
if (strncmp(un.version, "V2", 2) == 0) {
|
||||
printf ("i386-sequent-ptx2\n"); exit (0);
|
||||
}
|
||||
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
|
||||
printf ("i386-sequent-ptx1\n"); exit (0);
|
||||
}
|
||||
printf ("i386-sequent-ptx\n"); exit (0);
|
||||
|
||||
#endif
|
||||
|
||||
#if defined (vax)
|
||||
# if !defined (ultrix)
|
||||
# include <sys/param.h>
|
||||
# if defined (BSD)
|
||||
# if BSD == 43
|
||||
printf ("vax-dec-bsd4.3\n"); exit (0);
|
||||
# else
|
||||
# if BSD == 199006
|
||||
printf ("vax-dec-bsd4.3reno\n"); exit (0);
|
||||
# else
|
||||
printf ("vax-dec-bsd\n"); exit (0);
|
||||
# endif
|
||||
# endif
|
||||
# else
|
||||
printf ("vax-dec-bsd\n"); exit (0);
|
||||
# endif
|
||||
# else
|
||||
printf ("vax-dec-ultrix\n"); exit (0);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined (alliant) && defined (i860)
|
||||
printf ("i860-alliant-bsd\n"); exit (0);
|
||||
#endif
|
||||
|
||||
exit (1);
|
||||
}
|
||||
EOF
|
||||
|
||||
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
|
||||
|
||||
# Apollos put the system type in the environment.
|
||||
|
||||
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
|
||||
|
||||
# Convex versions that predate uname can use getsysinfo(1)
|
||||
|
||||
if [ -x /usr/convex/getsysinfo ]
|
||||
then
|
||||
case `getsysinfo -f cpu_type` in
|
||||
c1*)
|
||||
echo c1-convex-bsd
|
||||
exit 0 ;;
|
||||
c2*)
|
||||
if getsysinfo -f scalar_acc
|
||||
then echo c32-convex-bsd
|
||||
else echo c2-convex-bsd
|
||||
fi
|
||||
exit 0 ;;
|
||||
c34*)
|
||||
echo c34-convex-bsd
|
||||
exit 0 ;;
|
||||
c38*)
|
||||
echo c38-convex-bsd
|
||||
exit 0 ;;
|
||||
c4*)
|
||||
echo c4-convex-bsd
|
||||
exit 0 ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
cat >&2 <<EOF
|
||||
$0: unable to guess system type
|
||||
|
||||
This script, last modified $timestamp, has failed to recognize
|
||||
the operating system you are using. It is advised that you
|
||||
download the most up to date version of the config scripts from
|
||||
|
||||
ftp://ftp.gnu.org/pub/gnu/config/
|
||||
|
||||
If the version you run ($0) is already up to date, please
|
||||
send the following data and any information you think might be
|
||||
pertinent to <config-patches@gnu.org> in order to provide the needed
|
||||
information to handle your system.
|
||||
|
||||
config.guess timestamp = $timestamp
|
||||
|
||||
uname -m = `(uname -m) 2>/dev/null || echo unknown`
|
||||
uname -r = `(uname -r) 2>/dev/null || echo unknown`
|
||||
uname -s = `(uname -s) 2>/dev/null || echo unknown`
|
||||
uname -v = `(uname -v) 2>/dev/null || echo unknown`
|
||||
|
||||
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
|
||||
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
|
||||
|
||||
hostinfo = `(hostinfo) 2>/dev/null`
|
||||
/bin/universe = `(/bin/universe) 2>/dev/null`
|
||||
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
|
||||
/bin/arch = `(/bin/arch) 2>/dev/null`
|
||||
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
|
||||
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
|
||||
|
||||
UNAME_MACHINE = ${UNAME_MACHINE}
|
||||
UNAME_RELEASE = ${UNAME_RELEASE}
|
||||
UNAME_SYSTEM = ${UNAME_SYSTEM}
|
||||
UNAME_VERSION = ${UNAME_VERSION}
|
||||
EOF
|
||||
|
||||
exit 1
|
||||
|
||||
# Local variables:
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "timestamp='"
|
||||
# time-stamp-format: "%:y-%02m-%02d"
|
||||
# time-stamp-end: "'"
|
||||
# End:
|
||||
121
config.h.in
Normal file
121
config.h.in
Normal file
@@ -0,0 +1,121 @@
|
||||
|
||||
#include "VERSION.h"
|
||||
#include "build_num"
|
||||
|
||||
#undef PACKAGE_LOCALE_DIR
|
||||
#undef PACKAGE_DATA_DIR
|
||||
#undef PACKAGE_SOURCE_DIR
|
||||
|
||||
#undef RCS_DIR
|
||||
#undef RCS_FILE_NAME
|
||||
#undef RCSDIFF_FILE_NAME
|
||||
#undef RLOG_FILE_NAME
|
||||
#undef CI_FILE_NAME
|
||||
#undef CO_FILE_NAME
|
||||
|
||||
/* Where system-wide QT translations are installed */
|
||||
#undef QTTRANSLATIONSDIR
|
||||
|
||||
/* Define if you have the <X11/SM/SMlib.h> header file. */
|
||||
#undef HAVE_X11_SM_SMLIB_H
|
||||
|
||||
/* Name of package */
|
||||
#undef PACKAGE
|
||||
|
||||
/* OS */
|
||||
#undef OS
|
||||
|
||||
/* OS */
|
||||
#undef OS_CYGWIN
|
||||
#undef OS_MINGW
|
||||
#undef OS_MACOSX
|
||||
#undef OS_SOLARIS
|
||||
#undef OS_FREEBSD
|
||||
#undef OS_OPENBSD
|
||||
#undef OS_LINUX
|
||||
#undef OS_UNKNOWN
|
||||
|
||||
#if defined(OS_SOLARIS) || defined(OS_FREEBSD) || defined(OS_OPENBSD) || defined(OS_LINUX) || defined(OS_MACOSX)
|
||||
#define OS_UNIX 1
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define OS_WIN32 1
|
||||
#endif
|
||||
|
||||
/* distribution (for Linux) */
|
||||
#undef DISTRO
|
||||
|
||||
/* prefix dir */
|
||||
/* #undef PREFIX */
|
||||
|
||||
/* init dir */
|
||||
#undef RES_DIR
|
||||
|
||||
#define MANIFEST_MARKER "# files: "
|
||||
|
||||
#undef HAVE_LOCALE_H
|
||||
#undef HAVE_GETOPT_H
|
||||
#undef HAVE_SETLOCALE
|
||||
#undef HAVE_SETENV
|
||||
#undef HAVE_PUTENV
|
||||
#undef HAVE_SIGNAL
|
||||
#undef HAVE_SIGNAL_H
|
||||
|
||||
#undef HAVE_PTY_H
|
||||
#undef HAVE_LIBUTIL_H
|
||||
#undef HAVE_UTIL_H
|
||||
|
||||
#ifdef HAVE_GETOPT_H
|
||||
# define HAVE_DECL_GETOPT HAVE_GETOPT_H
|
||||
#endif
|
||||
|
||||
#undef HAVE_STRUCT_TM_TM_ZONE
|
||||
#undef TM_IN_SYS_TIME
|
||||
|
||||
#undef HAVE_FORKPTY
|
||||
#undef HAVE_CFMAKERAW
|
||||
|
||||
/*
|
||||
* This is needed for Solaris
|
||||
*/
|
||||
#undef __PRAGMA_REDEFINE_EXTNAME
|
||||
|
||||
|
||||
|
||||
#undef HAVE_CATGETS
|
||||
#undef HAVE_GETTEXT
|
||||
#undef HAVE_LC_MESSAGES
|
||||
#undef HAVE_STPCPY
|
||||
#undef HAVE_LIBSM
|
||||
#undef HAVE_MEMPCPY
|
||||
#undef HAVE_STRCHR
|
||||
|
||||
#undef HAVE_ANTLR_RUNTIME
|
||||
|
||||
/*
|
||||
* on some platforms (OpenBSD) the second parameter to dlopen is different
|
||||
*/
|
||||
#undef DLOPEN_MODE
|
||||
|
||||
#if 0
|
||||
#ifdef __cplusplus
|
||||
using namespace std;
|
||||
/*
|
||||
#ifndef __STD
|
||||
#define __STD std
|
||||
#endif
|
||||
*/
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef _WIN32
|
||||
# define SNPRINTF snprintf
|
||||
# define VSNPRINTF vsnprintf
|
||||
#else
|
||||
# define SNPRINTF _snprintf
|
||||
# define VSNPRINTF _vsnprintf
|
||||
#endif
|
||||
|
||||
#define _(x) x
|
||||
|
||||
1489
config.sub
vendored
Normal file
1489
config.sub
vendored
Normal file
@@ -0,0 +1,1489 @@
|
||||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2003-02-22'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
# can handle that machine. It does not imply ALL GNU software can.
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
# Please send patches to <config-patches@gnu.org>. Submit a context
|
||||
# diff and a properly formatted ChangeLog entry.
|
||||
#
|
||||
# Configuration subroutine to validate and canonicalize a configuration type.
|
||||
# Supply the specified configuration type as an argument.
|
||||
# If it is invalid, we print an error message on stderr and exit with code 1.
|
||||
# Otherwise, we print the canonical config type on stdout and succeed.
|
||||
|
||||
# This file is supposed to be the same for all GNU packages
|
||||
# and recognize all the CPU types, system types and aliases
|
||||
# that are meaningful with *any* GNU software.
|
||||
# Each package is responsible for reporting which valid configurations
|
||||
# it does not support. The user should be able to distinguish
|
||||
# a failure to support a valid configuration from a meaningless
|
||||
# configuration.
|
||||
|
||||
# The goal of this file is to map all the various variations of a given
|
||||
# machine specification into a single specification in the form:
|
||||
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
|
||||
# or in some cases, the newer four-part form:
|
||||
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
|
||||
# It is wrong to echo any other type of specification.
|
||||
|
||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
|
||||
usage="\
|
||||
Usage: $0 [OPTION] CPU-MFR-OPSYS
|
||||
$0 [OPTION] ALIAS
|
||||
|
||||
Canonicalize a configuration name.
|
||||
|
||||
Operation modes:
|
||||
-h, --help print this help, then exit
|
||||
-t, --time-stamp print date of last modification, then exit
|
||||
-v, --version print version number, then exit
|
||||
|
||||
Report bugs and patches to <config-patches@gnu.org>."
|
||||
|
||||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
|
||||
Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
|
||||
help="
|
||||
Try \`$me --help' for more information."
|
||||
|
||||
# Parse command line
|
||||
while test $# -gt 0 ; do
|
||||
case $1 in
|
||||
--time-stamp | --time* | -t )
|
||||
echo "$timestamp" ; exit 0 ;;
|
||||
--version | -v )
|
||||
echo "$version" ; exit 0 ;;
|
||||
--help | --h* | -h )
|
||||
echo "$usage"; exit 0 ;;
|
||||
-- ) # Stop option processing
|
||||
shift; break ;;
|
||||
- ) # Use stdin as input.
|
||||
break ;;
|
||||
-* )
|
||||
echo "$me: invalid option $1$help"
|
||||
exit 1 ;;
|
||||
|
||||
*local*)
|
||||
# First pass through any local machine types.
|
||||
echo $1
|
||||
exit 0;;
|
||||
|
||||
* )
|
||||
break ;;
|
||||
esac
|
||||
done
|
||||
|
||||
case $# in
|
||||
0) echo "$me: missing argument$help" >&2
|
||||
exit 1;;
|
||||
1) ;;
|
||||
*) echo "$me: too many arguments$help" >&2
|
||||
exit 1;;
|
||||
esac
|
||||
|
||||
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
|
||||
# Here we must recognize all the valid KERNEL-OS combinations.
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
os=-$maybe_os
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
|
||||
;;
|
||||
*)
|
||||
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
|
||||
if [ $basic_machine != $1 ]
|
||||
then os=`echo $1 | sed 's/.*-/-/'`
|
||||
else os=; fi
|
||||
;;
|
||||
esac
|
||||
|
||||
### Let's recognize common machines as not being operating systems so
|
||||
### that things like config.sub decstation-3100 work. We also
|
||||
### recognize some manufacturers as not being operating systems, so we
|
||||
### can provide default operating systems below.
|
||||
case $os in
|
||||
-sun*os*)
|
||||
# Prevent following clause from handling this invalid input.
|
||||
;;
|
||||
-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
|
||||
-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
|
||||
-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
|
||||
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
|
||||
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
|
||||
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
|
||||
-apple | -axis)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
-sim | -cisco | -oki | -wec | -winbond)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
-scout)
|
||||
;;
|
||||
-wrs)
|
||||
os=-vxworks
|
||||
basic_machine=$1
|
||||
;;
|
||||
-chorusos*)
|
||||
os=-chorusos
|
||||
basic_machine=$1
|
||||
;;
|
||||
-chorusrdb)
|
||||
os=-chorusrdb
|
||||
basic_machine=$1
|
||||
;;
|
||||
-hiux*)
|
||||
os=-hiuxwe2
|
||||
;;
|
||||
-sco5)
|
||||
os=-sco3.2v5
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-sco4)
|
||||
os=-sco3.2v4
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-sco3.2.[4-9]*)
|
||||
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-sco3.2v[4-9]*)
|
||||
# Don't forget version if it is 3.2v4 or newer.
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-sco*)
|
||||
os=-sco3.2v2
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-udk*)
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-isc)
|
||||
os=-isc2.2
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-clix*)
|
||||
basic_machine=clipper-intergraph
|
||||
;;
|
||||
-isc*)
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-lynx*)
|
||||
os=-lynxos
|
||||
;;
|
||||
-ptx*)
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
|
||||
;;
|
||||
-windowsnt*)
|
||||
os=`echo $os | sed -e 's/windowsnt/winnt/'`
|
||||
;;
|
||||
-psos*)
|
||||
os=-psos
|
||||
;;
|
||||
-mint | -mint[0-9]*)
|
||||
basic_machine=m68k-atari
|
||||
os=-mint
|
||||
;;
|
||||
esac
|
||||
|
||||
# Decode aliases for certain CPU-COMPANY combinations.
|
||||
case $basic_machine in
|
||||
# Recognize the basic CPU types without company name.
|
||||
# Some are omitted here because they have special meanings below.
|
||||
1750a | 580 \
|
||||
| a29k \
|
||||
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
|
||||
| clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
| fr30 | frv \
|
||||
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
|
||||
| i370 | i860 | i960 | ia64 \
|
||||
| ip2k \
|
||||
| m32r | m68000 | m68k | m88k | mcore \
|
||||
| mips | mipsbe | mipseb | mipsel | mipsle \
|
||||
| mips16 \
|
||||
| mips64 | mips64el \
|
||||
| mips64vr | mips64vrel \
|
||||
| mips64orion | mips64orionel \
|
||||
| mips64vr4100 | mips64vr4100el \
|
||||
| mips64vr4300 | mips64vr4300el \
|
||||
| mips64vr5000 | mips64vr5000el \
|
||||
| mipsisa32 | mipsisa32el \
|
||||
| mipsisa32r2 | mipsisa32r2el \
|
||||
| mipsisa64 | mipsisa64el \
|
||||
| mipsisa64sb1 | mipsisa64sb1el \
|
||||
| mipsisa64sr71k | mipsisa64sr71kel \
|
||||
| mipstx39 | mipstx39el \
|
||||
| mn10200 | mn10300 \
|
||||
| msp430 \
|
||||
| ns16k | ns32k \
|
||||
| openrisc | or32 \
|
||||
| pdp10 | pdp11 | pj | pjl \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
|
||||
| pyramid \
|
||||
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh64 | sh64le \
|
||||
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
|
||||
| strongarm \
|
||||
| tahoe | thumb | tic80 | tron \
|
||||
| v850 | v850e \
|
||||
| we32k \
|
||||
| x86 | xscale | xstormy16 | xtensa \
|
||||
| z8k)
|
||||
basic_machine=$basic_machine-unknown
|
||||
;;
|
||||
m6811 | m68hc11 | m6812 | m68hc12)
|
||||
# Motorola 68HC11/12.
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-none
|
||||
;;
|
||||
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
|
||||
;;
|
||||
|
||||
# We use `pc' rather than `unknown'
|
||||
# because (1) that's what they normally are, and
|
||||
# (2) the word "unknown" tends to confuse beginning users.
|
||||
i*86 | x86_64)
|
||||
basic_machine=$basic_machine-pc
|
||||
;;
|
||||
# Object if more than one company name word.
|
||||
*-*-*)
|
||||
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
|
||||
exit 1
|
||||
;;
|
||||
# Recognize the basic CPU types with company name.
|
||||
580-* \
|
||||
| a29k-* \
|
||||
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
|
||||
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* \
|
||||
| bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
|
||||
| clipper-* | cydra-* \
|
||||
| d10v-* | d30v-* | dlx-* \
|
||||
| elxsi-* \
|
||||
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
|
||||
| h8300-* | h8500-* \
|
||||
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
|
||||
| i*86-* | i860-* | i960-* | ia64-* \
|
||||
| ip2k-* \
|
||||
| m32r-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
| m88110-* | m88k-* | mcore-* \
|
||||
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
|
||||
| mips16-* \
|
||||
| mips64-* | mips64el-* \
|
||||
| mips64vr-* | mips64vrel-* \
|
||||
| mips64orion-* | mips64orionel-* \
|
||||
| mips64vr4100-* | mips64vr4100el-* \
|
||||
| mips64vr4300-* | mips64vr4300el-* \
|
||||
| mips64vr5000-* | mips64vr5000el-* \
|
||||
| mipsisa32-* | mipsisa32el-* \
|
||||
| mipsisa32r2-* | mipsisa32r2el-* \
|
||||
| mipsisa64-* | mipsisa64el-* \
|
||||
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
||||
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
||||
| mipstx39-* | mipstx39el-* \
|
||||
| msp430-* \
|
||||
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
|
||||
| orion-* \
|
||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
|
||||
| pyramid-* \
|
||||
| romp-* | rs6000-* \
|
||||
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
|
||||
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
|
||||
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
|
||||
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
|
||||
| tahoe-* | thumb-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
|
||||
| tron-* \
|
||||
| v850-* | v850e-* | vax-* \
|
||||
| we32k-* \
|
||||
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
|
||||
| xtensa-* \
|
||||
| ymp-* \
|
||||
| z8k-*)
|
||||
;;
|
||||
# Recognize the various machine names and aliases which stand
|
||||
# for a CPU type and a company and sometimes even an OS.
|
||||
386bsd)
|
||||
basic_machine=i386-unknown
|
||||
os=-bsd
|
||||
;;
|
||||
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
|
||||
basic_machine=m68000-att
|
||||
;;
|
||||
3b*)
|
||||
basic_machine=we32k-att
|
||||
;;
|
||||
a29khif)
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
adobe68k)
|
||||
basic_machine=m68010-adobe
|
||||
os=-scout
|
||||
;;
|
||||
alliant | fx80)
|
||||
basic_machine=fx80-alliant
|
||||
;;
|
||||
altos | altos3068)
|
||||
basic_machine=m68k-altos
|
||||
;;
|
||||
am29k)
|
||||
basic_machine=a29k-none
|
||||
os=-bsd
|
||||
;;
|
||||
amdahl)
|
||||
basic_machine=580-amdahl
|
||||
os=-sysv
|
||||
;;
|
||||
amiga | amiga-*)
|
||||
basic_machine=m68k-unknown
|
||||
;;
|
||||
amigaos | amigados)
|
||||
basic_machine=m68k-unknown
|
||||
os=-amigaos
|
||||
;;
|
||||
amigaunix | amix)
|
||||
basic_machine=m68k-unknown
|
||||
os=-sysv4
|
||||
;;
|
||||
apollo68)
|
||||
basic_machine=m68k-apollo
|
||||
os=-sysv
|
||||
;;
|
||||
apollo68bsd)
|
||||
basic_machine=m68k-apollo
|
||||
os=-bsd
|
||||
;;
|
||||
aux)
|
||||
basic_machine=m68k-apple
|
||||
os=-aux
|
||||
;;
|
||||
balance)
|
||||
basic_machine=ns32k-sequent
|
||||
os=-dynix
|
||||
;;
|
||||
c90)
|
||||
basic_machine=c90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
convex-c1)
|
||||
basic_machine=c1-convex
|
||||
os=-bsd
|
||||
;;
|
||||
convex-c2)
|
||||
basic_machine=c2-convex
|
||||
os=-bsd
|
||||
;;
|
||||
convex-c32)
|
||||
basic_machine=c32-convex
|
||||
os=-bsd
|
||||
;;
|
||||
convex-c34)
|
||||
basic_machine=c34-convex
|
||||
os=-bsd
|
||||
;;
|
||||
convex-c38)
|
||||
basic_machine=c38-convex
|
||||
os=-bsd
|
||||
;;
|
||||
cray | j90)
|
||||
basic_machine=j90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
crds | unos)
|
||||
basic_machine=m68k-crds
|
||||
;;
|
||||
cris | cris-* | etrax*)
|
||||
basic_machine=cris-axis
|
||||
;;
|
||||
da30 | da30-*)
|
||||
basic_machine=m68k-da30
|
||||
;;
|
||||
decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
|
||||
basic_machine=mips-dec
|
||||
;;
|
||||
decsystem10* | dec10*)
|
||||
basic_machine=pdp10-dec
|
||||
os=-tops10
|
||||
;;
|
||||
decsystem20* | dec20*)
|
||||
basic_machine=pdp10-dec
|
||||
os=-tops20
|
||||
;;
|
||||
delta | 3300 | motorola-3300 | motorola-delta \
|
||||
| 3300-motorola | delta-motorola)
|
||||
basic_machine=m68k-motorola
|
||||
;;
|
||||
delta88)
|
||||
basic_machine=m88k-motorola
|
||||
os=-sysv3
|
||||
;;
|
||||
dpx20 | dpx20-*)
|
||||
basic_machine=rs6000-bull
|
||||
os=-bosx
|
||||
;;
|
||||
dpx2* | dpx2*-bull)
|
||||
basic_machine=m68k-bull
|
||||
os=-sysv3
|
||||
;;
|
||||
ebmon29k)
|
||||
basic_machine=a29k-amd
|
||||
os=-ebmon
|
||||
;;
|
||||
elxsi)
|
||||
basic_machine=elxsi-elxsi
|
||||
os=-bsd
|
||||
;;
|
||||
encore | umax | mmax)
|
||||
basic_machine=ns32k-encore
|
||||
;;
|
||||
es1800 | OSE68k | ose68k | ose | OSE)
|
||||
basic_machine=m68k-ericsson
|
||||
os=-ose
|
||||
;;
|
||||
fx2800)
|
||||
basic_machine=i860-alliant
|
||||
;;
|
||||
genix)
|
||||
basic_machine=ns32k-ns
|
||||
;;
|
||||
gmicro)
|
||||
basic_machine=tron-gmicro
|
||||
os=-sysv
|
||||
;;
|
||||
go32)
|
||||
basic_machine=i386-pc
|
||||
os=-go32
|
||||
;;
|
||||
h3050r* | hiux*)
|
||||
basic_machine=hppa1.1-hitachi
|
||||
os=-hiuxwe2
|
||||
;;
|
||||
h8300hms)
|
||||
basic_machine=h8300-hitachi
|
||||
os=-hms
|
||||
;;
|
||||
h8300xray)
|
||||
basic_machine=h8300-hitachi
|
||||
os=-xray
|
||||
;;
|
||||
h8500hms)
|
||||
basic_machine=h8500-hitachi
|
||||
os=-hms
|
||||
;;
|
||||
harris)
|
||||
basic_machine=m88k-harris
|
||||
os=-sysv3
|
||||
;;
|
||||
hp300-*)
|
||||
basic_machine=m68k-hp
|
||||
;;
|
||||
hp300bsd)
|
||||
basic_machine=m68k-hp
|
||||
os=-bsd
|
||||
;;
|
||||
hp300hpux)
|
||||
basic_machine=m68k-hp
|
||||
os=-hpux
|
||||
;;
|
||||
hp3k9[0-9][0-9] | hp9[0-9][0-9])
|
||||
basic_machine=hppa1.0-hp
|
||||
;;
|
||||
hp9k2[0-9][0-9] | hp9k31[0-9])
|
||||
basic_machine=m68000-hp
|
||||
;;
|
||||
hp9k3[2-9][0-9])
|
||||
basic_machine=m68k-hp
|
||||
;;
|
||||
hp9k6[0-9][0-9] | hp6[0-9][0-9])
|
||||
basic_machine=hppa1.0-hp
|
||||
;;
|
||||
hp9k7[0-79][0-9] | hp7[0-79][0-9])
|
||||
basic_machine=hppa1.1-hp
|
||||
;;
|
||||
hp9k78[0-9] | hp78[0-9])
|
||||
# FIXME: really hppa2.0-hp
|
||||
basic_machine=hppa1.1-hp
|
||||
;;
|
||||
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
|
||||
# FIXME: really hppa2.0-hp
|
||||
basic_machine=hppa1.1-hp
|
||||
;;
|
||||
hp9k8[0-9][13679] | hp8[0-9][13679])
|
||||
basic_machine=hppa1.1-hp
|
||||
;;
|
||||
hp9k8[0-9][0-9] | hp8[0-9][0-9])
|
||||
basic_machine=hppa1.0-hp
|
||||
;;
|
||||
hppa-next)
|
||||
os=-nextstep3
|
||||
;;
|
||||
hppaosf)
|
||||
basic_machine=hppa1.1-hp
|
||||
os=-osf
|
||||
;;
|
||||
hppro)
|
||||
basic_machine=hppa1.1-hp
|
||||
os=-proelf
|
||||
;;
|
||||
i370-ibm* | ibm*)
|
||||
basic_machine=i370-ibm
|
||||
;;
|
||||
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
|
||||
i*86v32)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-sysv32
|
||||
;;
|
||||
i*86v4*)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-sysv4
|
||||
;;
|
||||
i*86v)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-sysv
|
||||
;;
|
||||
i*86sol2)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-solaris2
|
||||
;;
|
||||
i386mach)
|
||||
basic_machine=i386-mach
|
||||
os=-mach
|
||||
;;
|
||||
i386-vsta | vsta)
|
||||
basic_machine=i386-unknown
|
||||
os=-vsta
|
||||
;;
|
||||
iris | iris4d)
|
||||
basic_machine=mips-sgi
|
||||
case $os in
|
||||
-irix*)
|
||||
;;
|
||||
*)
|
||||
os=-irix4
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
isi68 | isi)
|
||||
basic_machine=m68k-isi
|
||||
os=-sysv
|
||||
;;
|
||||
m88k-omron*)
|
||||
basic_machine=m88k-omron
|
||||
;;
|
||||
magnum | m3230)
|
||||
basic_machine=mips-mips
|
||||
os=-sysv
|
||||
;;
|
||||
merlin)
|
||||
basic_machine=ns32k-utek
|
||||
os=-sysv
|
||||
;;
|
||||
mingw32)
|
||||
basic_machine=i386-pc
|
||||
os=-mingw32
|
||||
;;
|
||||
miniframe)
|
||||
basic_machine=m68000-convergent
|
||||
;;
|
||||
*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
|
||||
basic_machine=m68k-atari
|
||||
os=-mint
|
||||
;;
|
||||
mips3*-*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
|
||||
;;
|
||||
mips3*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
|
||||
;;
|
||||
mmix*)
|
||||
basic_machine=mmix-knuth
|
||||
os=-mmixware
|
||||
;;
|
||||
monitor)
|
||||
basic_machine=m68k-rom68k
|
||||
os=-coff
|
||||
;;
|
||||
morphos)
|
||||
basic_machine=powerpc-unknown
|
||||
os=-morphos
|
||||
;;
|
||||
msdos)
|
||||
basic_machine=i386-pc
|
||||
os=-msdos
|
||||
;;
|
||||
mvs)
|
||||
basic_machine=i370-ibm
|
||||
os=-mvs
|
||||
;;
|
||||
ncr3000)
|
||||
basic_machine=i486-ncr
|
||||
os=-sysv4
|
||||
;;
|
||||
netbsd386)
|
||||
basic_machine=i386-unknown
|
||||
os=-netbsd
|
||||
;;
|
||||
netwinder)
|
||||
basic_machine=armv4l-rebel
|
||||
os=-linux
|
||||
;;
|
||||
news | news700 | news800 | news900)
|
||||
basic_machine=m68k-sony
|
||||
os=-newsos
|
||||
;;
|
||||
news1000)
|
||||
basic_machine=m68030-sony
|
||||
os=-newsos
|
||||
;;
|
||||
news-3600 | risc-news)
|
||||
basic_machine=mips-sony
|
||||
os=-newsos
|
||||
;;
|
||||
necv70)
|
||||
basic_machine=v70-nec
|
||||
os=-sysv
|
||||
;;
|
||||
next | m*-next )
|
||||
basic_machine=m68k-next
|
||||
case $os in
|
||||
-nextstep* )
|
||||
;;
|
||||
-ns2*)
|
||||
os=-nextstep2
|
||||
;;
|
||||
*)
|
||||
os=-nextstep3
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
nh3000)
|
||||
basic_machine=m68k-harris
|
||||
os=-cxux
|
||||
;;
|
||||
nh[45]000)
|
||||
basic_machine=m88k-harris
|
||||
os=-cxux
|
||||
;;
|
||||
nindy960)
|
||||
basic_machine=i960-intel
|
||||
os=-nindy
|
||||
;;
|
||||
mon960)
|
||||
basic_machine=i960-intel
|
||||
os=-mon960
|
||||
;;
|
||||
nonstopux)
|
||||
basic_machine=mips-compaq
|
||||
os=-nonstopux
|
||||
;;
|
||||
np1)
|
||||
basic_machine=np1-gould
|
||||
;;
|
||||
nv1)
|
||||
basic_machine=nv1-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
nsr-tandem)
|
||||
basic_machine=nsr-tandem
|
||||
;;
|
||||
op50n-* | op60c-*)
|
||||
basic_machine=hppa1.1-oki
|
||||
os=-proelf
|
||||
;;
|
||||
or32 | or32-*)
|
||||
basic_machine=or32-unknown
|
||||
os=-coff
|
||||
;;
|
||||
OSE68000 | ose68000)
|
||||
basic_machine=m68000-ericsson
|
||||
os=-ose
|
||||
;;
|
||||
os68k)
|
||||
basic_machine=m68k-none
|
||||
os=-os68k
|
||||
;;
|
||||
pa-hitachi)
|
||||
basic_machine=hppa1.1-hitachi
|
||||
os=-hiuxwe2
|
||||
;;
|
||||
paragon)
|
||||
basic_machine=i860-intel
|
||||
os=-osf
|
||||
;;
|
||||
pbd)
|
||||
basic_machine=sparc-tti
|
||||
;;
|
||||
pbb)
|
||||
basic_machine=m68k-tti
|
||||
;;
|
||||
pc532 | pc532-*)
|
||||
basic_machine=ns32k-pc532
|
||||
;;
|
||||
pentium | p5 | k5 | k6 | nexgen | viac3)
|
||||
basic_machine=i586-pc
|
||||
;;
|
||||
pentiumpro | p6 | 6x86 | athlon | athlon_*)
|
||||
basic_machine=i686-pc
|
||||
;;
|
||||
pentiumii | pentium2)
|
||||
basic_machine=i686-pc
|
||||
;;
|
||||
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
|
||||
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
pentiumpro-* | p6-* | 6x86-* | athlon-*)
|
||||
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
pentiumii-* | pentium2-*)
|
||||
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
pn)
|
||||
basic_machine=pn-gould
|
||||
;;
|
||||
power) basic_machine=power-ibm
|
||||
;;
|
||||
ppc) basic_machine=powerpc-unknown
|
||||
;;
|
||||
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppcle | powerpclittle | ppc-le | powerpc-little)
|
||||
basic_machine=powerpcle-unknown
|
||||
;;
|
||||
ppcle-* | powerpclittle-*)
|
||||
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppc64) basic_machine=powerpc64-unknown
|
||||
;;
|
||||
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
|
||||
basic_machine=powerpc64le-unknown
|
||||
;;
|
||||
ppc64le-* | powerpc64little-*)
|
||||
basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ps2)
|
||||
basic_machine=i386-ibm
|
||||
;;
|
||||
pw32)
|
||||
basic_machine=i586-unknown
|
||||
os=-pw32
|
||||
;;
|
||||
rom68k)
|
||||
basic_machine=m68k-rom68k
|
||||
os=-coff
|
||||
;;
|
||||
rm[46]00)
|
||||
basic_machine=mips-siemens
|
||||
;;
|
||||
rtpc | rtpc-*)
|
||||
basic_machine=romp-ibm
|
||||
;;
|
||||
s390 | s390-*)
|
||||
basic_machine=s390-ibm
|
||||
;;
|
||||
s390x | s390x-*)
|
||||
basic_machine=s390x-ibm
|
||||
;;
|
||||
sa29200)
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
sb1)
|
||||
basic_machine=mipsisa64sb1-unknown
|
||||
;;
|
||||
sb1el)
|
||||
basic_machine=mipsisa64sb1el-unknown
|
||||
;;
|
||||
sequent)
|
||||
basic_machine=i386-sequent
|
||||
;;
|
||||
sh)
|
||||
basic_machine=sh-hitachi
|
||||
os=-hms
|
||||
;;
|
||||
sparclite-wrs | simso-wrs)
|
||||
basic_machine=sparclite-wrs
|
||||
os=-vxworks
|
||||
;;
|
||||
sps7)
|
||||
basic_machine=m68k-bull
|
||||
os=-sysv2
|
||||
;;
|
||||
spur)
|
||||
basic_machine=spur-unknown
|
||||
;;
|
||||
st2000)
|
||||
basic_machine=m68k-tandem
|
||||
;;
|
||||
stratus)
|
||||
basic_machine=i860-stratus
|
||||
os=-sysv4
|
||||
;;
|
||||
sun2)
|
||||
basic_machine=m68000-sun
|
||||
;;
|
||||
sun2os3)
|
||||
basic_machine=m68000-sun
|
||||
os=-sunos3
|
||||
;;
|
||||
sun2os4)
|
||||
basic_machine=m68000-sun
|
||||
os=-sunos4
|
||||
;;
|
||||
sun3os3)
|
||||
basic_machine=m68k-sun
|
||||
os=-sunos3
|
||||
;;
|
||||
sun3os4)
|
||||
basic_machine=m68k-sun
|
||||
os=-sunos4
|
||||
;;
|
||||
sun4os3)
|
||||
basic_machine=sparc-sun
|
||||
os=-sunos3
|
||||
;;
|
||||
sun4os4)
|
||||
basic_machine=sparc-sun
|
||||
os=-sunos4
|
||||
;;
|
||||
sun4sol2)
|
||||
basic_machine=sparc-sun
|
||||
os=-solaris2
|
||||
;;
|
||||
sun3 | sun3-*)
|
||||
basic_machine=m68k-sun
|
||||
;;
|
||||
sun4)
|
||||
basic_machine=sparc-sun
|
||||
;;
|
||||
sun386 | sun386i | roadrunner)
|
||||
basic_machine=i386-sun
|
||||
;;
|
||||
sv1)
|
||||
basic_machine=sv1-cray
|
||||
os=-unicos
|
||||
;;
|
||||
symmetry)
|
||||
basic_machine=i386-sequent
|
||||
os=-dynix
|
||||
;;
|
||||
t3e)
|
||||
basic_machine=alphaev5-cray
|
||||
os=-unicos
|
||||
;;
|
||||
t90)
|
||||
basic_machine=t90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
tic4x | c4x*)
|
||||
basic_machine=tic4x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic54x | c54x*)
|
||||
basic_machine=tic54x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic55x | c55x*)
|
||||
basic_machine=tic55x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic6x | c6x*)
|
||||
basic_machine=tic6x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tx39)
|
||||
basic_machine=mipstx39-unknown
|
||||
;;
|
||||
tx39el)
|
||||
basic_machine=mipstx39el-unknown
|
||||
;;
|
||||
toad1)
|
||||
basic_machine=pdp10-xkl
|
||||
os=-tops20
|
||||
;;
|
||||
tower | tower-32)
|
||||
basic_machine=m68k-ncr
|
||||
;;
|
||||
udi29k)
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
ultra3)
|
||||
basic_machine=a29k-nyu
|
||||
os=-sym1
|
||||
;;
|
||||
v810 | necv810)
|
||||
basic_machine=v810-nec
|
||||
os=-none
|
||||
;;
|
||||
vaxv)
|
||||
basic_machine=vax-dec
|
||||
os=-sysv
|
||||
;;
|
||||
vms)
|
||||
basic_machine=vax-dec
|
||||
os=-vms
|
||||
;;
|
||||
vpp*|vx|vx-*)
|
||||
basic_machine=f301-fujitsu
|
||||
;;
|
||||
vxworks960)
|
||||
basic_machine=i960-wrs
|
||||
os=-vxworks
|
||||
;;
|
||||
vxworks68)
|
||||
basic_machine=m68k-wrs
|
||||
os=-vxworks
|
||||
;;
|
||||
vxworks29k)
|
||||
basic_machine=a29k-wrs
|
||||
os=-vxworks
|
||||
;;
|
||||
w65*)
|
||||
basic_machine=w65-wdc
|
||||
os=-none
|
||||
;;
|
||||
w89k-*)
|
||||
basic_machine=hppa1.1-winbond
|
||||
os=-proelf
|
||||
;;
|
||||
xps | xps100)
|
||||
basic_machine=xps100-honeywell
|
||||
;;
|
||||
ymp)
|
||||
basic_machine=ymp-cray
|
||||
os=-unicos
|
||||
;;
|
||||
z8k-*-coff)
|
||||
basic_machine=z8k-unknown
|
||||
os=-sim
|
||||
;;
|
||||
none)
|
||||
basic_machine=none-none
|
||||
os=-none
|
||||
;;
|
||||
|
||||
# Here we handle the default manufacturer of certain CPU types. It is in
|
||||
# some cases the only manufacturer, in others, it is the most popular.
|
||||
w89k)
|
||||
basic_machine=hppa1.1-winbond
|
||||
;;
|
||||
op50n)
|
||||
basic_machine=hppa1.1-oki
|
||||
;;
|
||||
op60c)
|
||||
basic_machine=hppa1.1-oki
|
||||
;;
|
||||
romp)
|
||||
basic_machine=romp-ibm
|
||||
;;
|
||||
rs6000)
|
||||
basic_machine=rs6000-ibm
|
||||
;;
|
||||
vax)
|
||||
basic_machine=vax-dec
|
||||
;;
|
||||
pdp10)
|
||||
# there are many clones, so DEC is not a safe bet
|
||||
basic_machine=pdp10-unknown
|
||||
;;
|
||||
pdp11)
|
||||
basic_machine=pdp11-dec
|
||||
;;
|
||||
we32k)
|
||||
basic_machine=we32k-att
|
||||
;;
|
||||
sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
|
||||
basic_machine=sh-unknown
|
||||
;;
|
||||
sh64)
|
||||
basic_machine=sh64-unknown
|
||||
;;
|
||||
sparc | sparcv9 | sparcv9b)
|
||||
basic_machine=sparc-sun
|
||||
;;
|
||||
cydra)
|
||||
basic_machine=cydra-cydrome
|
||||
;;
|
||||
orion)
|
||||
basic_machine=orion-highlevel
|
||||
;;
|
||||
orion105)
|
||||
basic_machine=clipper-highlevel
|
||||
;;
|
||||
mac | mpw | mac-mpw)
|
||||
basic_machine=m68k-apple
|
||||
;;
|
||||
pmac | pmac-mpw)
|
||||
basic_machine=powerpc-apple
|
||||
;;
|
||||
*-unknown)
|
||||
# Make sure to match an already-canonicalized machine name.
|
||||
;;
|
||||
*)
|
||||
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# Here we canonicalize certain aliases for manufacturers.
|
||||
case $basic_machine in
|
||||
*-digital*)
|
||||
basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
|
||||
;;
|
||||
*-commodore*)
|
||||
basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# Decode manufacturer-specific aliases for certain operating systems.
|
||||
|
||||
if [ x"$os" != x"" ]
|
||||
then
|
||||
case $os in
|
||||
# First match some system type aliases
|
||||
# that might get confused with valid system types.
|
||||
# -solaris* is a basic system type, with this one exception.
|
||||
-solaris1 | -solaris1.*)
|
||||
os=`echo $os | sed -e 's|solaris1|sunos4|'`
|
||||
;;
|
||||
-solaris)
|
||||
os=-solaris2
|
||||
;;
|
||||
-svr4*)
|
||||
os=-sysv4
|
||||
;;
|
||||
-unixware*)
|
||||
os=-sysv4.2uw
|
||||
;;
|
||||
-gnu/linux*)
|
||||
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
|
||||
;;
|
||||
# First accept the basic system types.
|
||||
# The portable systems comes first.
|
||||
# Each alternative MUST END IN A *, to match a version number.
|
||||
# -sysv* is not here because it comes later, after sysvr4.
|
||||
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
|
||||
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
|
||||
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
|
||||
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
|
||||
| -aos* \
|
||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
|
||||
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* \
|
||||
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
|
||||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||
| -powermax* | -dnix*)
|
||||
# Remember, each alternative MUST END IN *, to match a version number.
|
||||
;;
|
||||
-qnx*)
|
||||
case $basic_machine in
|
||||
x86-* | i*86-*)
|
||||
;;
|
||||
*)
|
||||
os=-nto$os
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
-nto-qnx*)
|
||||
;;
|
||||
-nto*)
|
||||
os=`echo $os | sed -e 's|nto|nto-qnx|'`
|
||||
;;
|
||||
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
|
||||
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
|
||||
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
|
||||
;;
|
||||
-mac*)
|
||||
os=`echo $os | sed -e 's|mac|macos|'`
|
||||
;;
|
||||
-linux*)
|
||||
os=`echo $os | sed -e 's|linux|linux-gnu|'`
|
||||
;;
|
||||
-sunos5*)
|
||||
os=`echo $os | sed -e 's|sunos5|solaris2|'`
|
||||
;;
|
||||
-sunos6*)
|
||||
os=`echo $os | sed -e 's|sunos6|solaris3|'`
|
||||
;;
|
||||
-opened*)
|
||||
os=-openedition
|
||||
;;
|
||||
-wince*)
|
||||
os=-wince
|
||||
;;
|
||||
-osfrose*)
|
||||
os=-osfrose
|
||||
;;
|
||||
-osf*)
|
||||
os=-osf
|
||||
;;
|
||||
-utek*)
|
||||
os=-bsd
|
||||
;;
|
||||
-dynix*)
|
||||
os=-bsd
|
||||
;;
|
||||
-acis*)
|
||||
os=-aos
|
||||
;;
|
||||
-atheos*)
|
||||
os=-atheos
|
||||
;;
|
||||
-386bsd)
|
||||
os=-bsd
|
||||
;;
|
||||
-ctix* | -uts*)
|
||||
os=-sysv
|
||||
;;
|
||||
-nova*)
|
||||
os=-rtmk-nova
|
||||
;;
|
||||
-ns2 )
|
||||
os=-nextstep2
|
||||
;;
|
||||
-nsk*)
|
||||
os=-nsk
|
||||
;;
|
||||
# Preserve the version number of sinix5.
|
||||
-sinix5.*)
|
||||
os=`echo $os | sed -e 's|sinix|sysv|'`
|
||||
;;
|
||||
-sinix*)
|
||||
os=-sysv4
|
||||
;;
|
||||
-triton*)
|
||||
os=-sysv3
|
||||
;;
|
||||
-oss*)
|
||||
os=-sysv3
|
||||
;;
|
||||
-svr4)
|
||||
os=-sysv4
|
||||
;;
|
||||
-svr3)
|
||||
os=-sysv3
|
||||
;;
|
||||
-sysvr4)
|
||||
os=-sysv4
|
||||
;;
|
||||
# This must come after -sysvr4.
|
||||
-sysv*)
|
||||
;;
|
||||
-ose*)
|
||||
os=-ose
|
||||
;;
|
||||
-es1800*)
|
||||
os=-ose
|
||||
;;
|
||||
-xenix)
|
||||
os=-xenix
|
||||
;;
|
||||
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
|
||||
os=-mint
|
||||
;;
|
||||
-aros*)
|
||||
os=-aros
|
||||
;;
|
||||
-kaos*)
|
||||
os=-kaos
|
||||
;;
|
||||
-none)
|
||||
;;
|
||||
*)
|
||||
# Get rid of the `-' at the beginning of $os.
|
||||
os=`echo $os | sed 's/[^-]*-//'`
|
||||
echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
else
|
||||
|
||||
# Here we handle the default operating systems that come with various machines.
|
||||
# The value should be what the vendor currently ships out the door with their
|
||||
# machine or put another way, the most popular os provided with the machine.
|
||||
|
||||
# Note that if you're going to try to match "-MANUFACTURER" here (say,
|
||||
# "-sun"), then you have to tell the case statement up towards the top
|
||||
# that MANUFACTURER isn't an operating system. Otherwise, code above
|
||||
# will signal an error saying that MANUFACTURER isn't an operating
|
||||
# system, and we'll never get to this point.
|
||||
|
||||
case $basic_machine in
|
||||
*-acorn)
|
||||
os=-riscix1.2
|
||||
;;
|
||||
arm*-rebel)
|
||||
os=-linux
|
||||
;;
|
||||
arm*-semi)
|
||||
os=-aout
|
||||
;;
|
||||
# This must come before the *-dec entry.
|
||||
pdp10-*)
|
||||
os=-tops20
|
||||
;;
|
||||
pdp11-*)
|
||||
os=-none
|
||||
;;
|
||||
*-dec | vax-*)
|
||||
os=-ultrix4.2
|
||||
;;
|
||||
m68*-apollo)
|
||||
os=-domain
|
||||
;;
|
||||
i386-sun)
|
||||
os=-sunos4.0.2
|
||||
;;
|
||||
m68000-sun)
|
||||
os=-sunos3
|
||||
# This also exists in the configure program, but was not the
|
||||
# default.
|
||||
# os=-sunos4
|
||||
;;
|
||||
m68*-cisco)
|
||||
os=-aout
|
||||
;;
|
||||
mips*-cisco)
|
||||
os=-elf
|
||||
;;
|
||||
mips*-*)
|
||||
os=-elf
|
||||
;;
|
||||
or32-*)
|
||||
os=-coff
|
||||
;;
|
||||
*-tti) # must be before sparc entry or we get the wrong os.
|
||||
os=-sysv3
|
||||
;;
|
||||
sparc-* | *-sun)
|
||||
os=-sunos4.1.1
|
||||
;;
|
||||
*-be)
|
||||
os=-beos
|
||||
;;
|
||||
*-ibm)
|
||||
os=-aix
|
||||
;;
|
||||
*-wec)
|
||||
os=-proelf
|
||||
;;
|
||||
*-winbond)
|
||||
os=-proelf
|
||||
;;
|
||||
*-oki)
|
||||
os=-proelf
|
||||
;;
|
||||
*-hp)
|
||||
os=-hpux
|
||||
;;
|
||||
*-hitachi)
|
||||
os=-hiux
|
||||
;;
|
||||
i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
|
||||
os=-sysv
|
||||
;;
|
||||
*-cbm)
|
||||
os=-amigaos
|
||||
;;
|
||||
*-dg)
|
||||
os=-dgux
|
||||
;;
|
||||
*-dolphin)
|
||||
os=-sysv3
|
||||
;;
|
||||
m68k-ccur)
|
||||
os=-rtu
|
||||
;;
|
||||
m88k-omron*)
|
||||
os=-luna
|
||||
;;
|
||||
*-next )
|
||||
os=-nextstep
|
||||
;;
|
||||
*-sequent)
|
||||
os=-ptx
|
||||
;;
|
||||
*-crds)
|
||||
os=-unos
|
||||
;;
|
||||
*-ns)
|
||||
os=-genix
|
||||
;;
|
||||
i370-*)
|
||||
os=-mvs
|
||||
;;
|
||||
*-next)
|
||||
os=-nextstep3
|
||||
;;
|
||||
*-gould)
|
||||
os=-sysv
|
||||
;;
|
||||
*-highlevel)
|
||||
os=-bsd
|
||||
;;
|
||||
*-encore)
|
||||
os=-bsd
|
||||
;;
|
||||
*-sgi)
|
||||
os=-irix
|
||||
;;
|
||||
*-siemens)
|
||||
os=-sysv4
|
||||
;;
|
||||
*-masscomp)
|
||||
os=-rtu
|
||||
;;
|
||||
f30[01]-fujitsu | f700-fujitsu)
|
||||
os=-uxpv
|
||||
;;
|
||||
*-rom68k)
|
||||
os=-coff
|
||||
;;
|
||||
*-*bug)
|
||||
os=-coff
|
||||
;;
|
||||
*-apple)
|
||||
os=-macos
|
||||
;;
|
||||
*-atari*)
|
||||
os=-mint
|
||||
;;
|
||||
*)
|
||||
os=-none
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Here we handle the case where we know the os, and the CPU type, but not the
|
||||
# manufacturer. We pick the logical manufacturer.
|
||||
vendor=unknown
|
||||
case $basic_machine in
|
||||
*-unknown)
|
||||
case $os in
|
||||
-riscix*)
|
||||
vendor=acorn
|
||||
;;
|
||||
-sunos*)
|
||||
vendor=sun
|
||||
;;
|
||||
-aix*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-beos*)
|
||||
vendor=be
|
||||
;;
|
||||
-hpux*)
|
||||
vendor=hp
|
||||
;;
|
||||
-mpeix*)
|
||||
vendor=hp
|
||||
;;
|
||||
-hiux*)
|
||||
vendor=hitachi
|
||||
;;
|
||||
-unos*)
|
||||
vendor=crds
|
||||
;;
|
||||
-dgux*)
|
||||
vendor=dg
|
||||
;;
|
||||
-luna*)
|
||||
vendor=omron
|
||||
;;
|
||||
-genix*)
|
||||
vendor=ns
|
||||
;;
|
||||
-mvs* | -opened*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-ptx*)
|
||||
vendor=sequent
|
||||
;;
|
||||
-vxsim* | -vxworks* | -windiss*)
|
||||
vendor=wrs
|
||||
;;
|
||||
-aux*)
|
||||
vendor=apple
|
||||
;;
|
||||
-hms*)
|
||||
vendor=hitachi
|
||||
;;
|
||||
-mpw* | -macos*)
|
||||
vendor=apple
|
||||
;;
|
||||
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
|
||||
vendor=atari
|
||||
;;
|
||||
-vos*)
|
||||
vendor=stratus
|
||||
;;
|
||||
esac
|
||||
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
|
||||
;;
|
||||
esac
|
||||
|
||||
echo $basic_machine$os
|
||||
exit 0
|
||||
|
||||
# Local variables:
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "timestamp='"
|
||||
# time-stamp-format: "%:y-%02m-%02d"
|
||||
# time-stamp-end: "'"
|
||||
# End:
|
||||
461
configure.in
Normal file
461
configure.in
Normal file
@@ -0,0 +1,461 @@
|
||||
dnl $Id: configure.in,v 1.70 2007/06/07 02:33:53 vkurland Exp $
|
||||
|
||||
AC_INIT(src/gui/main.cpp)
|
||||
AC_CANONICAL_SYSTEM
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
|
||||
PACKAGE=fwbuilder
|
||||
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [package])
|
||||
AC_SUBST(PACKAGE)
|
||||
|
||||
dnl
|
||||
dnl all version numbers are defined in the file VERSION
|
||||
dnl
|
||||
. ./VERSION
|
||||
|
||||
BUILD_NUM=`cat build_num | cut -d' ' -f3`
|
||||
|
||||
AC_SUBST(FWB_MAJOR_VERSION)
|
||||
AC_SUBST(FWB_MINOR_VERSION)
|
||||
AC_SUBST(FWB_MICRO_VERSION)
|
||||
AC_SUBST(FWB_VERSION)
|
||||
|
||||
SHORTVERSION=${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}${FWB_MICRO_VERSION}
|
||||
AC_SUBST(SHORTVERSION)
|
||||
|
||||
AC_SUBST(RELEASE_NUM)
|
||||
AC_DEFINE_UNQUOTED(RELEASE_NUM, "$RELEASE_NUM", [release_num])
|
||||
|
||||
AC_SUBST(REQUIRED_LIBFWBUILDER_VERSION)
|
||||
AC_SUBST(LIBFWBUILDER_SOMAJOR)
|
||||
|
||||
echo "Creating VERSION.h file..."
|
||||
|
||||
echo "#define VERSION \"$VERSION\"" > VERSION.h
|
||||
echo "#define RELEASE_NUM \"$RELEASE_NUM\"" >> VERSION.h
|
||||
|
||||
dnl try to find QT
|
||||
dnl
|
||||
AC_ARG_WITH(qtdir,[ --with-qtdir=DIR Specify directory path for QT ])
|
||||
|
||||
AC_MSG_CHECKING(looking for QT)
|
||||
if test -n "$with_qtdir"; then
|
||||
QTDIR="$with_qtdir";
|
||||
elif test -z "$QTDIR"; then
|
||||
test -f "/usr/local/lib/qt3/include/qstyle.h" && QTDIR="/usr/local/lib/qt3"
|
||||
test -f "/opt/lib/qt3/include/qstyle.h" && QTDIR="/opt/lib/qt3"
|
||||
test -f "/opt/qt3/include/qstyle.h" && QTDIR="/opt/qt3"
|
||||
test -f "/usr/lib/qt3/include/qstyle.h" && QTDIR="/usr/lib/qt3"
|
||||
test -f "/usr/lib/qt-3.1/include/qstyle.h" && QTDIR="/usr/lib/qt-3.1"
|
||||
test -f "/usr/lib/qt-3.2/include/qstyle.h" && QTDIR="/usr/lib/qt-3.2"
|
||||
test -f "/usr/lib/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib/qt-3.3"
|
||||
test -f "/usr/local/include/qstyle.h" && QTDIR="/usr/local"
|
||||
test -f "/usr/include/qstyle.h" && QTDIR="/usr"
|
||||
test -f "/usr/lib64/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib64/qt-3.3"
|
||||
fi
|
||||
export QTDIR
|
||||
AC_MSG_RESULT($QTDIR)
|
||||
|
||||
echo $QTDIR > qtdir
|
||||
|
||||
QTTRANSLATIONSDIR="${QTDIR}/translations"
|
||||
AC_DEFINE_UNQUOTED(QTTRANSLATIONSDIR, "$QTTRANSLATIONSDIR", [qttranslationsdir])
|
||||
AC_SUBST(QTTRANSLATIONSDIR)
|
||||
|
||||
EXTENDED_PATH="${QTDIR}/bin:/usr/local/bin:$PATH"
|
||||
|
||||
AC_PATH_PROG(QMAKE, qmake, ,[$EXTENDED_PATH])
|
||||
if test -z "$QMAKE"; then
|
||||
AC_MSG_ERROR("Could not find qmake")
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING(checking version of QT this qmake is part of)
|
||||
qmake_version=`$QMAKE -v 2>&1 | awk '/Using Qt version/ { print $4;}'`
|
||||
case $qmake_version in
|
||||
4.*) AC_MSG_RESULT( $qmake_version ) ;;
|
||||
*) AC_MSG_ERROR( "$qmake_version -- v4.x is required") ;;
|
||||
esac
|
||||
|
||||
|
||||
|
||||
AC_ARG_WITH(templatedir, [ --with-templatedir=DIR Specify directory path for fwbuilder template files ])
|
||||
AC_ARG_WITH(docdir, [ --with-docdir=DIR Specify directory path for fwbuilder
|
||||
documentation files ])
|
||||
|
||||
|
||||
|
||||
dnl
|
||||
dnl Determine init dir and add definition to config.h. Program
|
||||
dnl determines prefix name of the directory it was started from
|
||||
dnl and prepends it to the RES_DIR
|
||||
dnl
|
||||
|
||||
PREFIX=$ac_default_prefix
|
||||
|
||||
if test "x$prefix" != "xNONE"; then
|
||||
PREFIX=$prefix
|
||||
fi
|
||||
AC_DEFINE_UNQUOTED(PREFIX, "${PREFIX}", [prefix])
|
||||
AC_SUBST(PREFIX)
|
||||
|
||||
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [version])
|
||||
AC_SUBST(VERSION)
|
||||
|
||||
|
||||
AC_PROG_INSTALL
|
||||
|
||||
AC_ISC_POSIX
|
||||
AC_PROG_CC
|
||||
dnl AM_PROG_CC_STDC
|
||||
AC_HEADER_STDC
|
||||
AC_PROG_CPP
|
||||
AC_PROG_CXX
|
||||
AC_PROG_CXXCPP
|
||||
|
||||
dnl need this for intl to compile on FreeBSD and may be other platforms
|
||||
AC_CHECK_FUNCS(strchr memcpy)
|
||||
|
||||
|
||||
dnl AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
|
||||
dnl AC_CANONICAL_HOST
|
||||
|
||||
AC_PROG_MAKE_SET
|
||||
|
||||
|
||||
dnl Check for GNU make
|
||||
dnl
|
||||
AC_MSG_CHECKING(whether make is GNU Make)
|
||||
if ${MAKE-make} -q --version 2>/dev/null | grep '^GNU Make ' >/dev/null ; then
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
if test "$host_vendor" = "sun" ; then
|
||||
AC_MSG_ERROR("SUN make does not work for building Firewall Builder. Please install GNU make")
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl some platform-dependent flags
|
||||
dnl
|
||||
dnl e.g. we need to set -I/sw/include before check for GETTEXT
|
||||
dnl
|
||||
GUILINKFLAGS=
|
||||
case "$build_os" in
|
||||
*solaris*)
|
||||
GUILINKFLAGS="-export-dynamic"
|
||||
;;
|
||||
*darwin*)
|
||||
if test -d /sw/include; then
|
||||
CXXFLAGS="-I/sw/include"
|
||||
CPPFLAGS="-I/sw/include"
|
||||
CFLAGS="-I/sw/include"
|
||||
LDFLAGS="-flat_namespace"
|
||||
fi
|
||||
LIBS="$LIBS -L/sw/lib"
|
||||
AC_CHECK_LIB(poll, poll, [LIBS="$LIBS -lpoll"],[
|
||||
AC_MSG_ERROR([Could not link with libpoll: library is not installed on this system])
|
||||
])
|
||||
;;
|
||||
esac
|
||||
AC_SUBST(GUILINKFLAGS)
|
||||
|
||||
dnl
|
||||
dnl forkpty is in libutil on Linux and BSD, while on Mac it is in libc
|
||||
dnl
|
||||
AC_CHECK_HEADERS( [pty.h libutil.h util.h],[],[],[#include <sys/types.h>])
|
||||
AC_CHECK_LIB(c,forkpty,[
|
||||
AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty])
|
||||
],[
|
||||
AC_CHECK_LIB(util,forkpty,[
|
||||
AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty])
|
||||
LIBS="-lutil $LIBS"
|
||||
],[
|
||||
AC_MSG_RESULT(["forkpty not found, will use emulation"])
|
||||
],[])
|
||||
],[])
|
||||
|
||||
AC_CHECK_LIB(c,cfmakeraw,[
|
||||
AC_DEFINE_UNQUOTED(HAVE_CFMAKERAW, 1, [cfmakeraw])
|
||||
])
|
||||
|
||||
dnl standard LIBTOOL fragment
|
||||
dnl
|
||||
dnl commented out 12/20 - we now use qmake and do not need libtool
|
||||
dnl
|
||||
dnl AC_LIBTOOL_DLOPEN
|
||||
dnl AC_PROG_LIBTOOL
|
||||
dnl AC_SUBST(LIBTOOL_DEPS)
|
||||
dnl AM_PROG_LIBTOOL
|
||||
dnl AC_PROG_RANLIB
|
||||
|
||||
AC_CHECK_HEADERS([getopt.h])
|
||||
AC_CHECK_HEADERS([signal.h])
|
||||
|
||||
AC_CHECK_FUNCS(stat _stat signal)
|
||||
|
||||
AC_STRUCT_TM
|
||||
AC_STRUCT_TIMEZONE
|
||||
|
||||
dnl do not insert spaces in these macros, even outside of []
|
||||
AC_PATH_PROG(RCS_FILE_NAME,[rcs],[rcs],[$EXTENDED_PATH])
|
||||
AC_PATH_PROG(RCSDIFF_FILE_NAME,[rcsdiff],[rcsdiff],[$EXTENDED_PATH])
|
||||
AC_PATH_PROG(RLOG_FILE_NAME,[rlog],[rlog],[$EXTENDED_PATH])
|
||||
AC_PATH_PROG(CI_FILE_NAME,[ci],[ci],[$EXTENDED_PATH])
|
||||
AC_PATH_PROG(CO_FILE_NAME,[co],[co],[$EXTENDED_PATH])
|
||||
|
||||
AC_DEFINE_UNQUOTED(RCS_FILE_NAME, ["$RCS_FILE_NAME"], [rcs_file_name])
|
||||
AC_DEFINE_UNQUOTED(RCSDIFF_FILE_NAME, ["$RCSDIFF_FILE_NAME"], [rcsdiff_file_name])
|
||||
AC_DEFINE_UNQUOTED(RLOG_FILE_NAME, ["$RLOG_FILE_NAME"], [rlog_file_name])
|
||||
AC_DEFINE_UNQUOTED(CI_FILE_NAME, ["$CI_FILE_NAME"], [ci_file_name])
|
||||
AC_DEFINE_UNQUOTED(CO_FILE_NAME, ["$CO_FILE_NAME"], [co_file_name])
|
||||
|
||||
|
||||
AC_PATH_PROG(LIBFWBUILDER_CONFIG, libfwbuilder-config-${FWB_MAJOR_VERSION}.${FWB_MINOR_VERSION}, ,[$EXTENDED_PATH])
|
||||
|
||||
if test x$LIBFWBUILDER_CONFIG = x ; then
|
||||
AC_MSG_ERROR([*** libfwbuilder not installed, or libfwbuilder-config-2 is not in path])
|
||||
else
|
||||
LIBFWBUILDER_CFLAGS_FWBUILDER="`$LIBFWBUILDER_CONFIG --cflags fwbuilder`"
|
||||
LIBFWBUILDER_CFLAGS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --cflags fwcompiler`"
|
||||
LIBFWBUILDER_CFLAGS_FWBD="`$LIBFWBUILDER_CONFIG --cflags fwbd`"
|
||||
LIBFWBUILDER_INCLUDEPATH="`$LIBFWBUILDER_CONFIG --includepath`"
|
||||
LIBFWBUILDER_LIBPATH="`$LIBFWBUILDER_CONFIG --libpath`"
|
||||
LIBFWBUILDER_LIBS_FWBUILDER="`$LIBFWBUILDER_CONFIG --libs fwbuilder`"
|
||||
LIBFWBUILDER_LIBS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --libs fwcompiler`"
|
||||
LIBFWBUILDER_LIBS_FWBD="`$LIBFWBUILDER_CONFIG --libs fwbd`"
|
||||
LIBFWBUILDER_STATICLIBS="`$LIBFWBUILDER_CONFIG --staticlibs`"
|
||||
LIBFWBUILDER_VERSION="`$LIBFWBUILDER_CONFIG --version`"
|
||||
|
||||
AC_MSG_CHECKING(libfwbuilder version)
|
||||
if test x${LIBFWBUILDER_VERSION} != x${REQUIRED_LIBFWBUILDER_VERSION} ; then
|
||||
AC_MSG_ERROR([*** Need libfwbuilder version $REQUIRED_LIBFWBUILDER_VERSION, found $LIBFWBUILDER_VERSION ])
|
||||
fi
|
||||
AC_MSG_RESULT($LIBFWBUILDER_VERSION)
|
||||
|
||||
AC_SUBST(LIBFWBUILDER_CFLAGS_FWBUILDER)
|
||||
AC_SUBST(LIBFWBUILDER_CFLAGS_FWCOMPILER)
|
||||
AC_SUBST(LIBFWBUILDER_LIBS_FWBUILDER)
|
||||
AC_SUBST(LIBFWBUILDER_LIBS_FWCOMPILER)
|
||||
AC_SUBST(LIBFWBUILDER_LIBPATH)
|
||||
AC_SUBST(LIBFWBUILDER_INCLUDEPATH)
|
||||
AC_SUBST(LIBFWBUILDER_STATICLIBS)
|
||||
AC_SUBST(LIBFWBUILDER_VERSION)
|
||||
|
||||
fi
|
||||
|
||||
AC_DEFINE_UNQUOTED(LIBFWBUILDER_VERSION, "$LIBFWBUILDER_VERSION", [libfwbuilder_version])
|
||||
|
||||
AC_SUBST(LIBS)
|
||||
|
||||
AC_LANG_CPLUSPLUS
|
||||
|
||||
AC_PATH_PROG(ANTLR_CONFIG, antlr-config, , [$EXTENDED_PATH])
|
||||
AC_MSG_CHECKING(antlr)
|
||||
HAVE_ANTLR_RUNTIME="1"
|
||||
HAVE_EXTERNAL_ANTLR="0";
|
||||
if test x$ANTLR_CONFIG = x; then
|
||||
ANTLR_INCLUDEPATH="`pwd`/src/"
|
||||
ANTLR_LIBS="`pwd`/src/antlr/libantlr.a"
|
||||
AC_MSG_RESULT(using provided)
|
||||
else
|
||||
ANTLR_VERSION="`$ANTLR_CONFIG --version`"
|
||||
if test x$ANTLR_VERSION != x2.7.7; then
|
||||
ANTLR_INCLUDEPATH="`pwd`/src/"
|
||||
ANTLR_LIBS="`pwd`/src/antlr/libantlr.a"
|
||||
AC_MSG_RESULT(using provided)
|
||||
else
|
||||
ANTLR_INCLUDEPATH="`$ANTLR_CONFIG --cflags`"
|
||||
ANTLR_LIBS="`$ANTLR_CONFIG --libs`"
|
||||
HAVE_EXTERNAL_ANTLR="1"
|
||||
AC_MSG_RESULT(using external version $ANTLR_VERSION)
|
||||
fi
|
||||
fi
|
||||
AC_DEFINE_UNQUOTED(HAVE_ANTLR_RUNTIME, 1, [antlr_runtime])
|
||||
AC_DEFINE_UNQUOTED(HAVE_EXTERNAL_ANTLR, $HAVE_EXTERNAL_ANTLR, [external_antlr])
|
||||
AC_SUBST(HAVE_ANTLR_RUNTIME)
|
||||
AC_SUBST(HAVE_EXTERNAL_ANTLR)
|
||||
AC_SUBST(ANTLR_LIBS)
|
||||
AC_SUBST(ANTLR_INCLUDEPATH)
|
||||
|
||||
|
||||
|
||||
dnl ********************************************************************
|
||||
|
||||
if test -z ${RELEASE_NUM}; then
|
||||
RPMRELEASE="1"
|
||||
else
|
||||
RPMRELEASE="${RELEASE_NUM}";
|
||||
fi
|
||||
AC_SUBST(RPMRELEASE)
|
||||
|
||||
AC_MSG_CHECKING(what OS this is)
|
||||
|
||||
case ${host} in
|
||||
*-*-cygwin*)
|
||||
OS=cygwin
|
||||
OS_CYGWIN=1
|
||||
AC_MSG_RESULT(Win32 cygwin)
|
||||
DEFAULT_RES_DIR="resources"
|
||||
;;
|
||||
|
||||
*-*-mingw32*)
|
||||
OS=mingw32
|
||||
OS_MINGW=1
|
||||
AC_MSG_RESULT(Win32 mingw)
|
||||
DEFAULT_RES_DIR="resources"
|
||||
;;
|
||||
|
||||
*-*-darwin*)
|
||||
OS=MacOSX
|
||||
OS_MACOSX=1
|
||||
MANDIR="${PREFIX}/share/man/"
|
||||
AC_MSG_RESULT(MacOSX)
|
||||
DEFAULT_RES_DIR="../Resources"
|
||||
;;
|
||||
|
||||
*-*-solaris*)
|
||||
OS=Solaris
|
||||
OS_SOLARIS=1
|
||||
MANDIR="${PREFIX}/share/man/"
|
||||
AC_MSG_RESULT(Solaris)
|
||||
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
|
||||
;;
|
||||
|
||||
*-*-freebsd*)
|
||||
OS=FreeBSD
|
||||
OS_FREEBSD=1
|
||||
MANDIR="${PREFIX}/man/"
|
||||
AC_MSG_RESULT(FreeBSD)
|
||||
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
|
||||
;;
|
||||
|
||||
*-*-openbsd*)
|
||||
OS=OpenBSD
|
||||
OS_OPENBSD=1
|
||||
MANDIR="${PREFIX}/man/"
|
||||
AC_MSG_RESULT(OpenBSD)
|
||||
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
|
||||
;;
|
||||
|
||||
*-*-kfreebsd*)
|
||||
OS=FreeBSD
|
||||
OS_FREEBSD=1
|
||||
if test -f /etc/debian_version ; then
|
||||
DISTRO=Debian
|
||||
else
|
||||
DISTRO="Unknown"
|
||||
fi
|
||||
MANDIR="${PREFIX}/share/man/"
|
||||
AC_MSG_RESULT($DISTRO GNU/kFreeBSD)
|
||||
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
|
||||
;;
|
||||
|
||||
*-*-linux*)
|
||||
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
|
||||
OS=Linux
|
||||
OS_LINUX=1
|
||||
if test -f /etc/debian_version ; then
|
||||
DISTRO=Debian
|
||||
elif test -f /etc/mandrake-release ; then
|
||||
DISTRO=Mandrake
|
||||
elif test -f /etc/slackware-version ; then
|
||||
DISTRO=Slackware
|
||||
elif test -f /etc/SuSE-release ; then
|
||||
DISTRO=SuSE
|
||||
elif test -f /etc/redhat-release ; then
|
||||
#
|
||||
# Mandrake has symlink /etc/redhat-release -> /etc/manrake-release ,
|
||||
# so this check must be the last
|
||||
#
|
||||
DISTRO=RedHat
|
||||
else
|
||||
DISTRO="Unknown"
|
||||
fi
|
||||
MANDIR="${PREFIX}/share/man/"
|
||||
AC_MSG_RESULT($DISTRO Linux)
|
||||
;;
|
||||
|
||||
*)
|
||||
OS=Unknown
|
||||
OS_UNKNOWN=1
|
||||
DISTRO=Unknown
|
||||
MANDIR="${PREFIX}/share/man/"
|
||||
AC_MSG_RESULT(Unknown)
|
||||
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
|
||||
;;
|
||||
esac
|
||||
|
||||
if test "x$with_templatedir" != "x"; then
|
||||
RES_DIR="${with_templatedir}"
|
||||
else
|
||||
RES_DIR="$DEFAULT_RES_DIR"
|
||||
fi
|
||||
|
||||
AC_DEFINE_UNQUOTED(RES_DIR, "$RES_DIR", [res_dir])
|
||||
AC_SUBST(RES_DIR)
|
||||
|
||||
|
||||
if test "x$with_docdir" != "x"; then
|
||||
DOCDIR="${with_docdir}"
|
||||
else
|
||||
DOCDIR="${PREFIX}/share/doc/fwbuilder-${VERSION}"
|
||||
fi
|
||||
DOCDIRPATH=`dirname ${DOCDIR}`
|
||||
|
||||
AC_SUBST(OS)
|
||||
AC_DEFINE_UNQUOTED(OS, "${OS}", [os])
|
||||
test -n "$OS_CYGWIN" && AC_DEFINE_UNQUOTED(OS_CYGWIN, "${OS_CYGWIN}", [cygwin])
|
||||
test -n "$OS_MINGW" && AC_DEFINE_UNQUOTED(OS_MINGW, "${OS_MINGW}", [mingw])
|
||||
test -n "$OS_MACOSX" && AC_DEFINE_UNQUOTED(OS_MACOSX, "${OS_MACOSX}", [macosx])
|
||||
test -n "$OS_SOLARIS" && AC_DEFINE_UNQUOTED(OS_SOLARIS, "${OS_SOLARIS}", [solaris])
|
||||
test -n "$OS_FREEBSD" && AC_DEFINE_UNQUOTED(OS_FREEBSD, "${OS_FREEBSD}", [freebsd])
|
||||
test -n "$OS_OPENBSD" && AC_DEFINE_UNQUOTED(OS_OPENBSD, "${OS_OPENBSD}", [openbsd])
|
||||
test -n "$OS_LINUX" && AC_DEFINE_UNQUOTED(OS_LINUX, "${OS_LINUX}", [linux])
|
||||
test -n "$OS_UNKNOWN" && AC_DEFINE_UNQUOTED(OS_UNKNOWN, "${OS_UNKNOWN}", [unknown])
|
||||
|
||||
AC_SUBST(DISTRO)
|
||||
AC_DEFINE_UNQUOTED(DISTRO, "${DISTRO}", [distro])
|
||||
|
||||
AC_SUBST(DOCDIRPATH)
|
||||
AC_DEFINE_UNQUOTED(DOCDIRPATH, "${DOCDIRPATH}", [docdirpath])
|
||||
|
||||
AC_SUBST(DOCDIR)
|
||||
AC_DEFINE_UNQUOTED(DOCDIR, "${DOCDIR}", [docdir])
|
||||
|
||||
AC_SUBST(MANDIR)
|
||||
|
||||
AC_PATH_PROG(CCACHE, ccache, , )
|
||||
|
||||
dnl Support for the po directory.
|
||||
AM_PO_SUBDIRS
|
||||
|
||||
dnl AC_CONFIG_FILES([ Main.make ])
|
||||
AC_CONFIG_FILES([ qmake.inc ])
|
||||
AC_CONFIG_FILES([ po/POmakefile ], [AM_POSTPROCESS_PO_MAKEFILE])
|
||||
|
||||
AC_CONFIG_FILES([ src/res/objects_init.xml ])
|
||||
AC_CONFIG_FILES([ src/res/templates.xml ])
|
||||
AC_CONFIG_FILES([ src/res/resources.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/fwsm_os.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/freebsd.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/linux24.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/linksys.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/macosx.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/openbsd.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/pix_os.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/ios.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/solaris.xml ])
|
||||
AC_CONFIG_FILES([ src/res/os/unknown_os.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/fwsm.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/ipf.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/ipfw.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/iptables.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/pf.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/pix.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/iosacl.xml ])
|
||||
AC_CONFIG_FILES([ src/res/platform/unknown.xml ])
|
||||
|
||||
|
||||
AC_OUTPUT
|
||||
|
||||
. ./runqmake.sh
|
||||
|
||||
39
definitions.h
Normal file
39
definitions.h
Normal file
@@ -0,0 +1,39 @@
|
||||
/*
|
||||
|
||||
Firewall Builder
|
||||
|
||||
Copyright (C) 2003 NetCitadel, LLC
|
||||
|
||||
Author: Vadim Kurland vadim@fwbuilder.org
|
||||
|
||||
$Id$
|
||||
|
||||
This program is free software which we release under the GNU General Public
|
||||
License. You may redistribute and/or modify this program under the terms
|
||||
of that license as published by the Free Software Foundation; either
|
||||
version 2 of the License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
To get a copy of the GNU General Public License, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
||||
Define global macros and constants in this file if they are used in
|
||||
the GUI, compilers and tools
|
||||
|
||||
*/
|
||||
|
||||
#ifndef __DEFINITIONS_
|
||||
#define __DEFINITIONS_
|
||||
|
||||
|
||||
#define DIVERTSOCKET 0
|
||||
#define DUMMYNETPIPE 1
|
||||
#define DUMMYNETQUEUE 2
|
||||
|
||||
|
||||
#endif
|
||||
44
description.txt
Normal file
44
description.txt
Normal file
@@ -0,0 +1,44 @@
|
||||
This is the report of porting FWBuilder to the QT4 library.
|
||||
|
||||
Done at all:
|
||||
1) AboutDialog_q.ui: form completelly ported; CREATED: FWBAboutDialog.h
|
||||
2) FWObjectClipboard.h, .cpp: no work at most
|
||||
3) ColorCheckViewItem.h, .cpp: I found that this module isn't used in the project so I didn't do anything with it.
|
||||
4) definitions.h
|
||||
5) platforms.h, .cpp
|
||||
6) FWObjectPropertiesFactory.h, .cpp
|
||||
7) FWBSettings.h, .cpp
|
||||
8) listOfLibraries.h, .cpp
|
||||
9) FWBTree.h, .cpp
|
||||
10) utils.h, .cpp
|
||||
11) utils_no_qt.h, .cpp
|
||||
12) FWObjectDropArea.h, .cpp, .ui: not tested
|
||||
13) ObjectTreeViewItem.h, .cpp
|
||||
14) ObjectTreeView.h, .cpp
|
||||
15) listOfLibraries.h, .cpp
|
||||
16) upgradePredicate.h
|
||||
17) ObjConflictResolutionDialog.h, .cpp, .ui
|
||||
18) SimpleTextEditor.h, .cpp, .ui
|
||||
19) SimpleTextView.h, .cpp, .ui
|
||||
20) SimpleIntEditor.h, .cpp, .ui
|
||||
21) inplaceComboBox.h, .cpp
|
||||
22) ActionsDialog.h, .cpp, .ui
|
||||
23) ColorLabelMenuItem.h, .cpp, .ui
|
||||
24) findDialog.h, .cpp, .ui
|
||||
25) FindObjectWidget.h, .cpp, .ui
|
||||
26) RCSFileDialog.h, .cpp
|
||||
|
||||
Almost done:
|
||||
1) FWBMainWindow.ui: form needs some attention in later porting but now it does work
|
||||
2) RCS.h, .cpp: need some attention, may have problems with QProcess objects
|
||||
3) DialogData.h, .cpp
|
||||
|
||||
In work:
|
||||
1) FWWindow.h, .cpp: big part of code is commented.
|
||||
2) main.cpp: some part of code is commented.
|
||||
3) ObjectManipulator.h, .cpp, .ui: need to connect Object Editor.
|
||||
4) RuleSetView.h, .cpp
|
||||
|
||||
Stopped files, files having problems:
|
||||
1) FWObjectDrag.h, .cpp: problems with inheriting (QStoredDrag -> QMimeData, QDrag).
|
||||
2) RCSFilePreview.h, .cpp, .ui: there is no such thing as file preview in Qt4 so I can't use these files for the RCSFileDialog dialog.
|
||||
4
doc/.cvsignore
Normal file
4
doc/.cvsignore
Normal file
@@ -0,0 +1,4 @@
|
||||
Makefile
|
||||
.moc
|
||||
.ui
|
||||
*.app
|
||||
13
doc/AUTHORS
Normal file
13
doc/AUTHORS
Normal file
@@ -0,0 +1,13 @@
|
||||
|
||||
|
||||
Vadim Kurland <vadim@vk.crocodile.org.> Main author: GUI, iptables compiler
|
||||
|
||||
Vadim Zaliva <lord@crocodile.org> libfwbuilder API design;
|
||||
XML DTD design;
|
||||
XML data storage implementation;
|
||||
implementation of printing
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
340
doc/COPYING
Normal file
340
doc/COPYING
Normal file
@@ -0,0 +1,340 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Library General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
||||
5553
doc/ChangeLog
Normal file
5553
doc/ChangeLog
Normal file
File diff suppressed because it is too large
Load Diff
99
doc/Credits
Normal file
99
doc/Credits
Normal file
@@ -0,0 +1,99 @@
|
||||
$Id: Credits 899 2005-12-14 06:58:43Z vkurland $
|
||||
|
||||
We would like to thank the following people who helped us in various
|
||||
ways to make this project happen:
|
||||
|
||||
Special thanks to Friedhelm Düsterhöft <fd@msdd.net> for help with XML
|
||||
development and initial XSLT filters implementation.
|
||||
|
||||
For icons : Hector Rivera Falu <misha@phreaker.net>
|
||||
|
||||
For icons and a first web site: Tanya Soussokolova <ts@vk.crocodile.org>
|
||||
|
||||
For debugging on SuSE, building packages for SuSE and for help
|
||||
with answering support requests:
|
||||
Marc Pfefferkorn <marc.pfefferkorn@post.rwth-aachen.de>
|
||||
|
||||
For German translation for Firewall Builder v1.x:
|
||||
Marc Pfefferkorn <marc.pfefferkorn@post.rwth-aachen.de>
|
||||
Jens Hektor <hektor@RZ.RWTH-Aachen.DE>
|
||||
Axel Stenkamp <axel.stenkamp@post.rwth-aachen.de>
|
||||
|
||||
For localization patch (gettext support) and French translation
|
||||
for Firewall Builder v1.x:
|
||||
Florent MANENS <manens@efrei.fr>
|
||||
|
||||
For French translation for Firewall Builder v2.x
|
||||
Jean-Michel Pour̩ <jm@poure.com>
|
||||
|
||||
For Japanese translation for Firewall Builder v2.x
|
||||
Tadashi Jokagi <elf@elf.no-ip.org>
|
||||
|
||||
For Swedish translation: Daniel Nylander <yeager@lidkoping.net>
|
||||
|
||||
For ideas, suggestions, patches and contributions:
|
||||
-------------------------------------------------------------
|
||||
Friedhelm Düsterhöft" <friedhelm.duesterhoeft@msdd.net>
|
||||
- many suggestions and prototype for DTD.
|
||||
|
||||
|
||||
Jeremy T. Bouse <jbouse@Debian.org>
|
||||
- package maintainer for Debian
|
||||
- libxml2 support.
|
||||
- X.509 certificate generation druid assistance
|
||||
- iptables/iproute2 patches
|
||||
|
||||
|
||||
Carlo Wood <carlo@alinoe.com>
|
||||
- many valuable patches and bug reports
|
||||
- suggestions regarding rpm building process and changes to spec file
|
||||
|
||||
|
||||
Jochen Friedrich <jochen+fwbuilder-dev@scram.de>
|
||||
- ideas for future development
|
||||
|
||||
|
||||
Vadim Fedukovich <vf@unity.net>
|
||||
- help with OpenSSL and answering related questins.
|
||||
|
||||
|
||||
David Gullasch <gullasch@secunet.de> and
|
||||
stephan_r@users.sourceforge.net
|
||||
- firewall policy installation script
|
||||
|
||||
|
||||
Igor Morozov <igor@grad.kiev.ua>
|
||||
- first attempt at Win32 porting and a prototype
|
||||
|
||||
|
||||
Mark Vevers <mark@vevers.net>
|
||||
- for an idea and a patch that fixes optimizer in fwb_ipt
|
||||
Patch information:
|
||||
|
||||
Author: Mark Vevers
|
||||
Copyright (c) 2004 Research Machines Plc
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
23
doc/FWBuilder-Routing-LICENSE.txt
Normal file
23
doc/FWBuilder-Routing-LICENSE.txt
Normal file
@@ -0,0 +1,23 @@
|
||||
|
||||
Firewall Builder Routing add-on
|
||||
|
||||
Copyright (C) 2004 Compal GmbH, Germany
|
||||
|
||||
Author: Tidei Maurizio <fwbuilder-routing at compal.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||
of the Software, and to permit persons to whom the Software is furnished to do
|
||||
so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
|
||||
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
|
||||
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
||||
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
|
||||
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
36
doc/PatchAcceptancePolicy.txt
Normal file
36
doc/PatchAcceptancePolicy.txt
Normal file
@@ -0,0 +1,36 @@
|
||||
$Id: PatchAcceptancePolicy.txt 152 2004-03-27 17:11:54Z vkurland $
|
||||
|
||||
Firewall Buider Project welcomes user contributions. Because we would
|
||||
like not to be limited in future licensing options of the code,
|
||||
authors of all submitted patches must agree that their contribution is
|
||||
donated to our project under terms of following license (this is MIT
|
||||
license):
|
||||
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
Copyright (c) <year> <copyright holders>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
-------------------------------------------------------------------------
|
||||
|
||||
When submitting the patch please state that you agree with this
|
||||
license.
|
||||
|
||||
73
doc/README.floppyfw
Normal file
73
doc/README.floppyfw
Normal file
@@ -0,0 +1,73 @@
|
||||
|
||||
|
||||
How to generate firewall script for floppyfw
|
||||
(http://www.zelow.no/floppyfw/index.html)
|
||||
|
||||
|
||||
1. in Firewall dialog, tab "Firewall", set the following parameters:
|
||||
|
||||
- "Load modules" - OFF
|
||||
- "Create virtual addresses for NAT rules" - ON
|
||||
- "Use numeric log levels" - ON
|
||||
|
||||
|
||||
2. download and install rpm "fwbuilder-floppyfw-0.9.7"
|
||||
|
||||
|
||||
3. in "Compile/Install" tab configure full path and name of the
|
||||
install script "/usr/bin/floppyfw_install.sh". Now you can compile
|
||||
policy in a usual way using menu Rules->Compile and then install it
|
||||
to floppyfw floppy using menu Rules->Install. Install script makes
|
||||
certain checks to verify that floppy you use indeed contains floppyfw
|
||||
code. Install script depends on mtools package.
|
||||
|
||||
|
||||
4. some useful configuration parameters for floppyfw:
|
||||
|
||||
- activate serial console for kernel boot-time messages and shell:
|
||||
in file "config" : SERIAL_CONSOLE=ttyS0
|
||||
in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters:
|
||||
|
||||
------- file config ----------------------
|
||||
# Choose the serial port for the console "n" for none.
|
||||
SERIAL_CONSOLE=ttyS0
|
||||
------------------------------------------
|
||||
|
||||
------- file syslinux.cfg ----------------
|
||||
default floppyfw
|
||||
display floppyfw.msg
|
||||
label floppyfw
|
||||
kernel vmlinuz
|
||||
append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1
|
||||
------------------------------------------
|
||||
|
||||
|
||||
|
||||
- logging via syslog:
|
||||
in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost
|
||||
|
||||
------- file config ----------------------
|
||||
# Turning on syslogd and klogd.
|
||||
# This is a nice thing but will eat CPU which is why it is turned
|
||||
# off by default.
|
||||
#
|
||||
USE_SYSLOG=y
|
||||
|
||||
# This SYSLOG does not use syslogd.conf so we have to set things here.
|
||||
# Flags:
|
||||
# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a
|
||||
# good idea on a ramdisk.
|
||||
# -O /dev/tty3
|
||||
# Log to network. host:port
|
||||
# -R 10.42.42.42:514
|
||||
# Log to both network and file:
|
||||
# -L
|
||||
# --MARK-- 0 is no mark.
|
||||
# -m 0
|
||||
# SYSLOG_FLAGS="-m 360 -O /dev/tty3"
|
||||
SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514"
|
||||
------------------------------------------
|
||||
|
||||
- do not forget to add rule to the firewall policy to permit sending
|
||||
syslog packets from firewall to your loghost
|
||||
|
||||
75
doc/README.iosacl
Normal file
75
doc/README.iosacl
Normal file
@@ -0,0 +1,75 @@
|
||||
|
||||
|
||||
Policy compiler for Cisco IOS Access lists has been implemented as
|
||||
part of the Firewall Builder GUI as of version 2.1.12. The first
|
||||
functional build were importer worked on all supported OS was build
|
||||
270 (May 22, 2007)
|
||||
|
||||
|
||||
Support for Cisco IOS access lists in Firewall Builder v2.1.12, build 270:
|
||||
----------------------------------------------------------------
|
||||
|
||||
Features implemented in this version:
|
||||
|
||||
- The compiler generates extended ACLs using "ip access-list
|
||||
extended" command. ACL names are automatically generated using
|
||||
abbreviated interface names and direction symbols to make it easy
|
||||
to figure out which ACL is which. Compiler uses rather minimal set
|
||||
of options of the "ip access-list" command and should generate code
|
||||
that will work for IOS 12.x. I did not test with 11.x but I am
|
||||
pretty sure it will work, at least with the latest versions of
|
||||
11.x.
|
||||
|
||||
- Compiler can also add commands to configure logging.
|
||||
|
||||
- The GUI includes built-in installer for routers which works just
|
||||
like installer for PIX. Both installers were updated however to
|
||||
improve support for the automatic roll-back feature in case you
|
||||
lose connect with the firewall or the router because of an error in
|
||||
the policy. Now you can make installer schedule reboot in a few
|
||||
minutes, then upload new policy or ACLs and then cancel reboot if
|
||||
upload was successful. While before auto-rollback option was only
|
||||
available if you installed in the test mode, now you can always use
|
||||
it. Test mode means that installer does not save configuration in
|
||||
the permanent memory, as before.
|
||||
|
||||
- All three installation methods that were available for PIX are now
|
||||
available for routers: you can make it clear all access lists and
|
||||
then load new ones or just update access lists without
|
||||
clearing. The last method (the "safety net" method) creates
|
||||
temporary acl to permit communication with the management station,
|
||||
assigns it to the interface marked as management interface, then
|
||||
clears all access lists and loads new ones and in the end swaps
|
||||
proper list on the management interface. This helps prevent
|
||||
locking yourself out of the router in the middle of the
|
||||
installation process in case of an error in the ACL and at the same
|
||||
time does not leave the router with no acls for the time it takes
|
||||
to install new policy. In combination with automatic roll-back,
|
||||
installation process is pretty reliable.
|
||||
|
||||
- New option has been added to the interface object, called
|
||||
"unprotected". This allows you to mark some interfaces to be
|
||||
skipped by the compiler when it picks interfaces for ACL
|
||||
rules. This should be useful when you have routers with many
|
||||
interfaces and only want to add ACLs to some of them. Also, you can
|
||||
explicitly put interface objects into policy rules and specify
|
||||
direction if you want to do this manually.
|
||||
|
||||
- Since router ACLs have no state, all rules should be created in the
|
||||
policy pretty much like you do it on the router, including rules
|
||||
that permit reply packets. New option has been added to the TCP
|
||||
Service object, called "established". This makes compiler use
|
||||
option "established" in rules it generates if it is supported by
|
||||
the firewall platform. Compilers for iptables, ipfilter, pf and PIX
|
||||
can not use objects with this option and treat it as an error
|
||||
because corresponding platforms do not support it. IPFW, on the
|
||||
other hand, supports it so compiler fwb_ipfw can use it.
|
||||
|
||||
|
||||
Shortcomings of this version:
|
||||
|
||||
- "tos", "precedence" and "time-range" options are not supported
|
||||
|
||||
- "igmp" access lists can no be generated
|
||||
|
||||
|
||||
149
doc/README.ipf
Normal file
149
doc/README.ipf
Normal file
@@ -0,0 +1,149 @@
|
||||
fwb_ipf(1) Firewall Builder fwb_ipf(1)
|
||||
|
||||
|
||||
|
||||
NNAAMMEE
|
||||
fwb_ipf - Policy compiler for ipfilter
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ffwwbb__iippff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
|
||||
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ffwwbb__iippff is a firewall policy compiler component of Fire
|
||||
wall Builder (see fwbuilder(1)). This compiler generates
|
||||
code for ipfilter. Compiler reads objects definitions and
|
||||
firewall description from the data file specified with
|
||||
"-f" option and generates ipfilter configuration files and
|
||||
firewall activation script.
|
||||
|
||||
All generated files have names that start with the name of
|
||||
the firewall object. Firewall activation script has exten
|
||||
sion ".fw" and is simple shell script that flushes current
|
||||
policy, loads new filter and nat rules and then activates
|
||||
ipfilter. IPFilter configuration file name starts with
|
||||
the name of the firewall object, plus "-ipf.conf". NAT
|
||||
configuration file name also starts with the name of the
|
||||
firewall object, plus "-nat.conf". For example, if fire
|
||||
wall object has name "myfirewall", then compiler will cre
|
||||
ate three files: "myfirewall.fw", "myfirewall-pf.conf",
|
||||
"myfirewall-nat.conf".
|
||||
|
||||
The data file and the name of the firewall objects must be
|
||||
specified on the command line. Other command line parame
|
||||
ters are optional.
|
||||
|
||||
|
||||
|
||||
OOPPTTIIOONNSS
|
||||
-f FILE
|
||||
Specify the name of the data file to be processed.
|
||||
|
||||
|
||||
-d wdir
|
||||
Specify working directory. Compiler creates
|
||||
firewall activation script and ipfilter configura
|
||||
tion files in this directory. If this parameter is
|
||||
missing, then all files will be placed in the cur
|
||||
rent working directory.
|
||||
|
||||
|
||||
-v Be verbose: compiler prints diagnostic messages
|
||||
when it works.
|
||||
|
||||
|
||||
-V Print version number and quit.
|
||||
|
||||
|
||||
-x Generate debugging information while working. This
|
||||
option is intended for debugging only and may pro
|
||||
duce lots of cryptic messages.
|
||||
|
||||
|
||||
NNOOTTEESS
|
||||
Support for ipf returned in version 1.0.1 of Firewall
|
||||
Builder
|
||||
|
||||
Supported features:
|
||||
|
||||
|
||||
|
||||
o both ipf.conf and nat.conf files are generated
|
||||
|
||||
|
||||
o negation in policy rules
|
||||
|
||||
|
||||
o stateful inspection in individual rule can be
|
||||
turned off in rule options dialog. By default com
|
||||
piler adds "keep state" or "modulate state" to each
|
||||
rule with action 'pass'
|
||||
|
||||
|
||||
o rule options dialog provides a choice of icmp or
|
||||
tcp rst replies for rules with action "Reject"
|
||||
|
||||
|
||||
o compiler adds flag "allow-opts" if match on ip
|
||||
options is needed
|
||||
|
||||
|
||||
o compiler can generate rules matching on TCP flags
|
||||
|
||||
|
||||
o compiler can generate script adding ip aliases for
|
||||
NAT rules using addresses that do not belong to any
|
||||
interface of the firewall
|
||||
|
||||
|
||||
o compiler always adds rule "block quick all" at the
|
||||
very bottom of the script to ensure "block all by
|
||||
default" policy even if the policy is empty.
|
||||
|
||||
|
||||
o Address ranges in both policy and NAT
|
||||
|
||||
|
||||
|
||||
|
||||
Features that are not supported (yet)
|
||||
|
||||
|
||||
o negation in NAT
|
||||
|
||||
|
||||
o custom services
|
||||
|
||||
|
||||
|
||||
|
||||
Features that won't be supported (at least not anytime
|
||||
soon)
|
||||
|
||||
|
||||
o policy routing
|
||||
|
||||
|
||||
|
||||
|
||||
UURRLL
|
||||
Firewall Builder home page is located at the following
|
||||
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
|
||||
|
||||
|
||||
BBUUGGSS
|
||||
Please report bugs using bug tracking system on Source
|
||||
Forge:
|
||||
|
||||
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
|
||||
|
||||
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
FWB fwb_ipf(1)
|
||||
82
doc/README.ipfw
Normal file
82
doc/README.ipfw
Normal file
@@ -0,0 +1,82 @@
|
||||
fwb_ipfw(1) Firewall Builder fwb_ipfw(1)
|
||||
|
||||
|
||||
|
||||
NNAAMMEE
|
||||
fwb_ipfw - Policy compiler for ipfw
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ffwwbb__iippffww [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
|
||||
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ffwwbb__iippffww is a firewall policy compiler component of Fire
|
||||
wall Builder (see fwbuilder(1)). This compiler generates
|
||||
code for ipfw - a firewall and traffic shaper in FreeBSD
|
||||
(see ipfw(8)). Compiler reads objects definitions and
|
||||
firewall description from the data file specified with
|
||||
"-f" option and generates firewall configuration and acti
|
||||
vation script.
|
||||
|
||||
The generated file has a name that starts with the name of
|
||||
the firewall object, with an extension ".fw". It is a
|
||||
shell script that flushes current policy, then loads new
|
||||
filter and nat rules.
|
||||
|
||||
The data file and the name of the firewall objects must be
|
||||
specified on the command line. Other command line parame
|
||||
ters are optional.
|
||||
|
||||
|
||||
|
||||
OOPPTTIIOONNSS
|
||||
-f FILE
|
||||
Specify the name of the data file to be processed.
|
||||
|
||||
|
||||
-d wdir
|
||||
Specify working directory. Compiler creates fire
|
||||
wall activation script in this directory. If this
|
||||
parameter is missing, then all files will be placed
|
||||
in the current working directory.
|
||||
|
||||
|
||||
-v Be verbose: compiler prints diagnostic messages
|
||||
when it works.
|
||||
|
||||
|
||||
-V Print version number and quit.
|
||||
|
||||
|
||||
-x Generate debugging information while working. This
|
||||
option is intended for debugging only and may pro
|
||||
duce lots of cryptic messages.
|
||||
|
||||
|
||||
NNOOTTEESS
|
||||
Support for ipfw was added in version 1.0.10 of Firewall
|
||||
Builder
|
||||
|
||||
|
||||
|
||||
UURRLL
|
||||
Firewall Builder home page is located at the following
|
||||
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
|
||||
|
||||
|
||||
BBUUGGSS
|
||||
Please report bugs using bug tracking system on Source
|
||||
Forge:
|
||||
|
||||
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
|
||||
|
||||
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11)) ffwwbb__iippff((11))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
FWB fwb_ipfw(1)
|
||||
68
doc/README.ipt
Normal file
68
doc/README.ipt
Normal file
@@ -0,0 +1,68 @@
|
||||
fwb_ipt(1) Firewall Builder fwb_ipt(1)
|
||||
|
||||
|
||||
|
||||
NNAAMMEE
|
||||
fwb_ipt - Policy compiler for iptables
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ffwwbb__iipptt [[--wwvvVV]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
|
||||
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ffwwbb__iipptt is firewall policy compiler component of Firewall
|
||||
Builder (see fwbuilder(1)). Compiler reads objects defini
|
||||
tions and firewall description from the data file speci
|
||||
fied with "-f" option and generates resultant iptables
|
||||
script. The script is written to the file with the name
|
||||
the same as the name of the firewall object, plus exten
|
||||
sion ".fw".
|
||||
|
||||
The data file and the name of the firewall objects must be
|
||||
specified on the command line. Other command line parame
|
||||
ters are optional.
|
||||
|
||||
|
||||
OOPPTTIIOONNSS
|
||||
-f FILE
|
||||
Specify the name of the data file to be processed.
|
||||
|
||||
|
||||
-d wdir
|
||||
Specify working directory. Compiler creates file
|
||||
with iptables script in this directory. If this
|
||||
parameter is missing, then iptables script will be
|
||||
placed in the current working directory.
|
||||
|
||||
|
||||
-w Supress compiler's warnings
|
||||
|
||||
|
||||
-v Be verbose: compiler prints diagnostic messages
|
||||
when it works.
|
||||
|
||||
|
||||
-V Print version number and quit.
|
||||
|
||||
|
||||
UURRLL
|
||||
Firewall Builder home page is located at the following
|
||||
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
|
||||
|
||||
|
||||
BBUUGGSS
|
||||
Please report bugs using bug tracking system on Source
|
||||
Forge:
|
||||
|
||||
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
|
||||
|
||||
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ffwwbbuuiillddeerr((11)),, ffwwbb__iippff((11)),, ffwwbb__ppff((11))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
FWB fwb_ipt(1)
|
||||
152
doc/README.pf
Normal file
152
doc/README.pf
Normal file
@@ -0,0 +1,152 @@
|
||||
fwb_pf(1) Firewall Builder fwb_pf(1)
|
||||
|
||||
|
||||
|
||||
NNAAMMEE
|
||||
fwb_pf - Policy compiler for OpenBSD packet filter "pf"
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ffwwbb__ppff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
|
||||
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ffwwbb__ppff is a firewall policy compiler component of Firewall
|
||||
Builder (see fwbuilder(1)). This compiler generates code
|
||||
for OpenBSD Packet Filter (pf). Compiler reads objects
|
||||
definitions and firewall description from the data file
|
||||
specified with "-f" option and generates pf configuration
|
||||
files and firewall activation script.
|
||||
|
||||
All generated files have names that start with the name of
|
||||
the firewall object. Firewall activation script has exten
|
||||
sion ".fw" and is simple shell script that flushes current
|
||||
policy, loads new filter and nat rules and then activates
|
||||
pf. PF configuration file name starts with the name of
|
||||
the firewall object, plus "-pf.conf". NAT configuration
|
||||
file name also starts with the name of the firewall
|
||||
object, plus "-nat.conf". For example, if firewall object
|
||||
has name "myfirewall", then compiler will create three
|
||||
files: "myfirewall.fw", "myfirewall-pf.conf", "myfirewall-
|
||||
nat.conf".
|
||||
|
||||
The data file and the name of the firewall objects must be
|
||||
specified on the command line. Other command line parame
|
||||
ters are optional.
|
||||
|
||||
|
||||
|
||||
OOPPTTIIOONNSS
|
||||
-f FILE
|
||||
Specify the name of the data file to be processed.
|
||||
|
||||
|
||||
-d wdir
|
||||
Specify working directory. Compiler creates
|
||||
firewall activation script and PF configuration
|
||||
files in this directory. If this parameter is
|
||||
missing, then all files will be placed in the cur
|
||||
rent working directory.
|
||||
|
||||
|
||||
-v Be verbose: compiler prints diagnostic messages
|
||||
when it works.
|
||||
|
||||
|
||||
-V Print version number and quit.
|
||||
|
||||
|
||||
-x Generate debugging information while working. This
|
||||
option is intended for debugging only and may pro
|
||||
duce lots of cryptic messages.
|
||||
|
||||
|
||||
NNOOTTEESS
|
||||
Support for PF has been introduced in version 1.0.1 of
|
||||
Firewall Builder
|
||||
|
||||
|
||||
Supported features:
|
||||
|
||||
|
||||
o both pf.conf and nat.conf files are generated
|
||||
|
||||
|
||||
o negation in policy and NAT rules
|
||||
|
||||
|
||||
o grouping in "from", "to" and ports using '{' '}'
|
||||
syntax
|
||||
|
||||
|
||||
o if checkbox "Scrub" is checked in the rule options
|
||||
dialog, and rule's action is Accept, the compiler
|
||||
generates two (almost) identical rules: first with
|
||||
action 'scrub' and the second with action 'pass
|
||||
quick'
|
||||
|
||||
|
||||
o stateful inspection in individual rule can be
|
||||
turned off in rule options dialog. By default com
|
||||
piler adds "keep state" or "modulate state" to each
|
||||
rule with action 'pass'
|
||||
|
||||
|
||||
o rule options dialog provides a choice of icmp or
|
||||
tcp rst replies for rules with action "Reject"
|
||||
|
||||
|
||||
o compiler adds flag "allow-opts" if match on ip
|
||||
options is needed
|
||||
|
||||
|
||||
o compiler can generate rules matching on TCP flags
|
||||
|
||||
|
||||
o compiler can generate script adding ip aliases for
|
||||
NAT rules using addresses that do not belong to any
|
||||
interface of the firewall
|
||||
|
||||
|
||||
o compiler always adds rule "block quick all" at the
|
||||
very bottom of the script to ensure "block all by
|
||||
default" policy even if the policy is empty.
|
||||
|
||||
|
||||
o Address ranges in both policy and NAT
|
||||
|
||||
|
||||
|
||||
Features that are not supported (yet)
|
||||
|
||||
|
||||
o custom services
|
||||
|
||||
|
||||
|
||||
What will not be supported (at least not anytime soon)
|
||||
|
||||
|
||||
o policy routing
|
||||
|
||||
|
||||
UURRLL
|
||||
Firewall Builder home page is located at the following
|
||||
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
|
||||
|
||||
|
||||
BBUUGGSS
|
||||
Please report bugs using bug tracking system on Source
|
||||
Forge:
|
||||
|
||||
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
|
||||
|
||||
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__iippff((11))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
FWB fwb_pf(1)
|
||||
166
doc/README.policy_import
Normal file
166
doc/README.policy_import
Normal file
@@ -0,0 +1,166 @@
|
||||
|
||||
|
||||
Policy importer has been implemented as part of the Firewall Builder
|
||||
GUI as of version 2.1.12. The first functional build were importer
|
||||
worked on all supported OS was build 270 (May 22, 2007)
|
||||
|
||||
Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ )
|
||||
Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ )
|
||||
|
||||
Firewall Builder needs ANTLR C++ runtime header files and library and
|
||||
include these in the source tree under src/antlr. Unless you want to
|
||||
change the grammar (*.g files) you don't need to install ANTLR
|
||||
separately. All relevant ANTLR files are included in the package. For
|
||||
more information on ANTRL see: http://www.antlr2.org
|
||||
|
||||
|
||||
|
||||
Policy import iptables configurations (v2.1.12, build 281 and later)
|
||||
----------------------------------------------------------------
|
||||
|
||||
Features implemented in this version :
|
||||
|
||||
- Importer can parse iptables config saved using iptables-save
|
||||
utility. Because of the huge variety of iptables modules, Importer
|
||||
can only interpret basic iptables configuration and a subset of
|
||||
modules. Currently the following modules are supported:
|
||||
|
||||
* state
|
||||
* multiport
|
||||
* limit
|
||||
* mark
|
||||
|
||||
- Importer creates firewall object with all interfaces. It can not
|
||||
assign object name for the firewall object nor add IP and MAC
|
||||
addresses to interfaces because this information is not present in
|
||||
iptables-save file.
|
||||
|
||||
- option "Assume firewall is part of 'any'" is off in the created
|
||||
firewall object. Import is done this way in order to preserve logic
|
||||
of chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder
|
||||
rules. Rules that had chain INPUT in the imported script will have
|
||||
firewall object in "destination" in the corresponding fwbuilder
|
||||
rules. Firewall object is placed in "Source" for rules with chain
|
||||
OUTPUT. For rules with chain FORWARD rule elements "Source" and
|
||||
"Destination" are populated with objects created using options "-s"
|
||||
and "-d" of the original rules or left empty ("any").
|
||||
|
||||
- all recognized iptables rules are imported and interface and
|
||||
direction are set in all rules appropriately. Interface objects are
|
||||
created as parser finds them in the script.
|
||||
|
||||
- targets ACCEPT, DROP, REJECT, MARK and others are converted to the
|
||||
corresponding fwbuilder policy rule actions. Unrecognized targets
|
||||
and converted to branching rules, where the name of the target
|
||||
becomes the name of the branch.
|
||||
|
||||
- SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their
|
||||
parameters are recognized in the NAT rules.
|
||||
|
||||
- Address and service objects are created in the process for all
|
||||
addresses and ports used in all rules.
|
||||
|
||||
- iptables rules can refer to tcp/udp ports both by name or by
|
||||
number. Importer can properly interpret both formats using system
|
||||
function getservbyname() to convert service name to the port
|
||||
number. Since the result of this function depends on the OS, some
|
||||
port names may not convert on some systems. For example, Windows
|
||||
can convert more limited set of service names compared to Linux or
|
||||
BSD.
|
||||
|
||||
- targets LOG and ULOG are converted to the "logging" option in
|
||||
fwbuilder rules with action "Continue". This is an empty action
|
||||
that does not affect packet flow through the firewall but can be
|
||||
used in combination with "logging" option to log the packet. If
|
||||
such empty (logging-only) rule is undesired, it must be manually
|
||||
merged with some other rule in the policy.
|
||||
|
||||
- "--log-prefix", and "--log-level" options of the LOG target are
|
||||
recognized
|
||||
|
||||
- "--ulog-prefix" option of the ULOG target is recognized. Other
|
||||
options of the ULOG target are not.
|
||||
|
||||
- Address and service objects are reused in the process of import.
|
||||
|
||||
- in case when importer fails to parse some part of the iptables-save
|
||||
file, corresponding policy rule is colored red and appropriate
|
||||
diagnostic message added to its comment. The problem must be
|
||||
corrected manually.
|
||||
|
||||
- comments ("#") found inside access lists are ignored.
|
||||
|
||||
|
||||
Shortcomings of this version:
|
||||
|
||||
- user-defined chains in table "nat" are not supported
|
||||
|
||||
- no import of time intervals
|
||||
|
||||
- no MAC address matching import
|
||||
|
||||
|
||||
|
||||
|
||||
Policy import of Cisco IOS access lists (v2.1.12, build 270)
|
||||
----------------------------------------------------------------
|
||||
|
||||
Features implemented in this version :
|
||||
|
||||
- Importer can parse router config saved using "show run"
|
||||
command. Although importer can only interpret a subset of IOS
|
||||
configuration commands, other commands that it does not understand
|
||||
will be ignored and should not affect operation. No manual editing
|
||||
of the config is required prior to import.
|
||||
|
||||
- Importer creates firewall object with all interfaces
|
||||
|
||||
- firewall object name is assigned if "hostname" command is found in
|
||||
the configuration. If this command is not present, the name remains
|
||||
generic "New Firewall"
|
||||
|
||||
- interface addresses are assigned if command "ip address" is found
|
||||
(multiple addresses per interface are supported). Interfaces
|
||||
without "ip address" in the configuration are marked as
|
||||
"unnumbered" in the firewall builder object tree.
|
||||
|
||||
- all access lists are imported and interface and direction are set
|
||||
in all rules appropriately
|
||||
|
||||
- Address and service objects are created in the process for all
|
||||
addresses and ports used in access lists
|
||||
|
||||
- IOS access lists can define ip protocol, icmp code and type, and
|
||||
tcp/udp ports both by name or by number. Importer can properly
|
||||
interpret both formats.
|
||||
|
||||
- "log", "log-input", "fragments", "established" keywords are
|
||||
supported and translated into rule or object options as
|
||||
appropriate.
|
||||
|
||||
- Address and service objects are reused in the process of import.
|
||||
|
||||
- in case when importer fails to parse some part of the access-list
|
||||
command, corresponding policy rule is colored in red and
|
||||
appropriate diagnostic message added to its comment. The problem
|
||||
must be corrected manually.
|
||||
|
||||
- "remark" commands found inside access lists are translated into
|
||||
rule comments
|
||||
|
||||
- comments ("!") found inside access lists are ignored.
|
||||
|
||||
|
||||
Shortcomings of this version:
|
||||
|
||||
- importer does not use address and service objects that existed in
|
||||
the tree before the operation has started, it creates new
|
||||
ones. Deduplication only works for objects created in the process
|
||||
of import.
|
||||
|
||||
- the following keywords available in extended access lists are not
|
||||
supported at this time: tos, precedence, time-range.
|
||||
|
||||
- igmp access lists are not parsed.
|
||||
|
||||
|
||||
206
doc/README.routing
Normal file
206
doc/README.routing
Normal file
@@ -0,0 +1,206 @@
|
||||
|
||||
//=========================================================================\\
|
||||
|| Firewall Builder Routing Add-On ||
|
||||
|| ||
|
||||
|| Copyright (c) 2004 Compal GmbH, Germany ||
|
||||
|| Tidei Maurizio, fwbuilder-routing at compal.de ||
|
||||
|| ||
|
||||
\\=========================================================================//
|
||||
|
||||
|
||||
|
||||
Index
|
||||
|
||||
1 - Requirements
|
||||
2 - Features
|
||||
3 - Problems
|
||||
4 - Future
|
||||
|
||||
|
||||
|
||||
(1) Requirements
|
||||
================
|
||||
|
||||
The routing rules composed in the gui can be compiled using the ip
|
||||
tables compiler, which now generates "ip route" commands, too. The
|
||||
"ip" command is available since Linux 2.2. The other compilers (ipf,
|
||||
ipfw, pf and cisco pix) simply ignore the routing rules.
|
||||
|
||||
If you want to use ECMP routing rules (Equal Cost Multi Path), make
|
||||
sure your kernel is compiled with the CONFIG_IP_ROUTE_MULTIPATH
|
||||
option.
|
||||
|
||||
|
||||
|
||||
(2) Features
|
||||
============
|
||||
|
||||
The GUI's routing add-on offers object based definition of the routing
|
||||
rules, exactly the same way as you define policy rules. This enables
|
||||
you to use the same objects you already defined to build the firewall
|
||||
policy in your routing rules. You won't have to update them
|
||||
separately when you change something in your network.
|
||||
|
||||
In the GUI a routing rule is composed of a Destination, a Gateway, an
|
||||
Interface, a Metric and the Comment. The following table shows what
|
||||
can be inserted for this elements:
|
||||
|
||||
| | | | |
|
||||
|Destination |Gateway |Interface |Metric |Comment
|
||||
------------------------|-------------------------------|---------------|---------------|-------|--------
|
||||
What can be inserted? |all Objects under the |- ip-adress |- interface |int |text
|
||||
|library's "Objects" section: |- interface | | |
|
||||
|- address ranges |- host | | |
|
||||
|- addresses | | | |
|
||||
|- groups | | | |
|
||||
|- hosts | | | |
|
||||
|- networks | | | |
|
||||
------------------------|-------------------------------|---------------|---------------|-------|--------
|
||||
Restrictions |none |Only one |The interface |0-255 |none
|
||||
| |interface or |has to be a | |
|
||||
| |host with ONE |child of the | |
|
||||
| |ip adress can |current fire- | |
|
||||
| |be inserted |wall | |
|
||||
------------------------|-------------------------------|---------------|---------------|-------|--------
|
||||
Default value |"Default" (0.0.0.0/0) |none |none |0 |""
|
||||
| | | | |
|
||||
|
||||
To build a valid routing rule you have to insert at least one of the
|
||||
two elements gateway and interface. More than one path can be
|
||||
sprecified for one destination.
|
||||
|
||||
"This approach is called 'Equal-Cost Multi-Path Routing' and is used
|
||||
for load balancing (Note that this does not provide failover). With
|
||||
ECMP, a router potentially has several available next hops towards any
|
||||
given destination. A new gateway is chosen for each new
|
||||
source/destination IP pair. This means that, for example, one FTP
|
||||
connection will use only one link, but new connection to a different
|
||||
server will use another link. This also means that routes to
|
||||
often-used sites will always be over the same provider. But on big
|
||||
backbones this should distribute traffic fine. Also this has another
|
||||
good feature - single connection packets do not get reordered and
|
||||
therefore do not kill TCP performance." (The last Paragraph is a
|
||||
quotation from
|
||||
"http://www.mikrotik.com/Documentation/manual_2.7/IP/Route.html")
|
||||
|
||||
To create an ECMP rule simply specify several rules with different
|
||||
paths, i.e. different combinations of Gateway and Interface, for the
|
||||
same Destination and with the same metric.
|
||||
|
||||
Example:
|
||||
|
||||
Destination Gateway Interface Metric Comment
|
||||
|
||||
hostA hostB eth1 0 first possible route
|
||||
hostA hostC 0 second possible route
|
||||
hostA eth3 0 third possible route
|
||||
|
||||
If you try to insert a non-valid object in a field, it will be ignored
|
||||
and a message box informs you of the mistake.
|
||||
|
||||
The "Default" route can be specified by inserting a new rule or
|
||||
deleting all the destination of an existing rule.
|
||||
|
||||
Before compiling the rules, they traverse several checks, to make sure
|
||||
that only complete, non-ambiguous and non-concurring rules are
|
||||
translated into ip commands. Follow the instructions of the compiler
|
||||
to correct the errors.
|
||||
|
||||
If no error was found, the rules are automatically classified in ECMP
|
||||
rules and non-ECMP. The ECMP rules are written out in a separated
|
||||
section of the firewall script after the "normal" routing rules.
|
||||
|
||||
|
||||
|
||||
(3) Problems
|
||||
============
|
||||
|
||||
1.
|
||||
Please note that when executing a firewall script all existing
|
||||
routing rules previously set by user space processes will be
|
||||
deleted.
|
||||
|
||||
To see which rules will be deleted, you can use the command "ip
|
||||
route show". All lines not including "proto kernel" will be deleted
|
||||
upon reload of the firewall script.
|
||||
|
||||
2.
|
||||
*** NOTE FOR REDHAT 8.0 ***
|
||||
|
||||
Redhat seems to reset routing rules explicitly upon system
|
||||
startup. Therefore its hard to distinguish interface rules from
|
||||
rules setup by the user. On Redhat systems you need to include the
|
||||
interface basic routing rules into your fwbuilder routing setup. IF
|
||||
YOU DO NOT FOLLOW THIS HINT, YOUR MACHINE WILL FREEZE ANY NETWORK
|
||||
TRAFFIC UPON START OF THE FIREWALL SCRIPT. This means e.g. if eth0
|
||||
has network 192.168.3.0/24 attached to it, you need to add a route
|
||||
with Destination=Network(192.168.3.0/24), Gateway empty and
|
||||
Interface=eth0. We encountered this problem on redhat 8.0. Other
|
||||
versions and distros might be affected too. Debian sarge and SuSE
|
||||
Linux work fine without interface routing rules being included in
|
||||
fwbuilders routing rules.
|
||||
|
||||
3.
|
||||
If the firewall script states that the ECMP routes could not be
|
||||
installed on your system, make sure your Kernel was compiled with
|
||||
the CONFIG_IP_ROUTE_MULTIPATH option or renounce to ECMP rules.
|
||||
|
||||
4.
|
||||
If you have interfaces with a dynamic address or a point-to-point
|
||||
address and you try to insert a routing rule for the default
|
||||
gateway, compilation might fail, stateing "gateway not reachable".
|
||||
Typically this is the case for DSL dialup links. Solution: leave the
|
||||
gateway field empty. Just specify the interface.
|
||||
|
||||
Example:
|
||||
|
||||
The firewall connects itself to the internet by a DSL link via
|
||||
interface ppp0. During dialup pppd configures the default route:
|
||||
|
||||
default via 62.14.190.33 dev ppp
|
||||
|
||||
After specifying a routing rule in fwbuilder Destination=default,
|
||||
Gateway empty, Interface=ppp0 and running the script on the
|
||||
firewall, the route looks like:
|
||||
|
||||
default dev ppp0 scope link
|
||||
|
||||
Besides this, the kernel generates another route automaticelly upon
|
||||
default gw setup:
|
||||
|
||||
62.14.190.33 dev ppp0 proto kernel scope link src 191.54.12.143
|
||||
|
||||
We tested this on Debian/sarge with kernel 2.4.27.
|
||||
|
||||
Technical explanation:
|
||||
|
||||
On compilation, fwbuilder checks if gateways are reachable through
|
||||
any local network of the firewall. Otherwise setting up routing
|
||||
rules will fail on the firewall upon install. In case of
|
||||
point-to-point interfaces fwbuilder doesn't know the point-to-point
|
||||
address of the interface. Therefore this check fails since for
|
||||
fwbuilder it looks like the gateway is not from any local network.
|
||||
The only workaround available so far is to leave the gateway empty
|
||||
and to specify the interface only. Pakets will find their way to
|
||||
the internet anyway, since they are traveling over a point-to-point
|
||||
interface.
|
||||
|
||||
|
||||
(4) Future
|
||||
==========
|
||||
|
||||
Ideas, that could be implemented in the future, are:
|
||||
|
||||
- Multiple customizable routing tables
|
||||
|
||||
The idea is to add an option to the policy rules enabling the user
|
||||
to mark matching packets with a color. For every used color a new
|
||||
routing table would have to be built, that will be used only for
|
||||
packets marked with the associated color.
|
||||
|
||||
|
||||
- Load balancing
|
||||
|
||||
Another idea is to integrate more sophisticated load balancing
|
||||
options in fwbuilder's GUI.
|
||||
|
||||
103
doc/ReleaseNotes_2.0.1.html
Normal file
103
doc/ReleaseNotes_2.0.1.html
Normal file
@@ -0,0 +1,103 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
<title>Release Notes 2.0.1</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.1 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 08/11/04
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
Firewall Builder GUI v2.0.1 is a maintenance release that includes
|
||||
fixes for bugs discovered since 2.0 has been released.
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
|
||||
and Build instructions"</a></b>
|
||||
|
||||
|
||||
<h2>Bugs fixed in libfwbuilder API:</h2>
|
||||
<ul>
|
||||
<li>bug #1001725: "object with empty name can not be
|
||||
deleted". the problem was caused by the algorithm used in
|
||||
FWObject::getPath. If object had had a blank name, the path
|
||||
returned by this method would end with the name of its parent
|
||||
without slash.</li>
|
||||
|
||||
</ul>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug #1001521: "Cant create ICMP service". ICMP Service
|
||||
dialog did not save icmp code and type numbers in the object.
|
||||
</li>
|
||||
|
||||
<li>bug #1001275: "object duplication fails w/ no action". GUI
|
||||
used to not allow user to duplicate IP address object. Now any
|
||||
object can be duplicated so that the copy is placed under the
|
||||
same parent, including IP address.</li>
|
||||
|
||||
<li>bug #1000862: "Creating groups in Deleted Objects". Library
|
||||
"Deleted objects" should not be offered as a choice for "group
|
||||
objects" operation.</li>
|
||||
|
||||
<li>bug #1000485: "Firewalls in the drop-down box not
|
||||
ordered". List of firewalls in the pull-down that controls
|
||||
policy views is now alphabetically sorted on program
|
||||
startup.</li>
|
||||
|
||||
<li>there were two TCP Service objects "linuxconf" in the
|
||||
Standard objects library. Object with ID id3AED0D6D has been
|
||||
removed. It seems this object has been duplicated long time ago
|
||||
(at least it was like this in 1.1.2)</li>
|
||||
|
||||
<li>bug #1002388: "Clamp MSS to MTU" option was missing in
|
||||
2.0</li>
|
||||
|
||||
<li>bug #1001833: fixed memory leak that appeared when autosave
|
||||
option was used</li>
|
||||
|
||||
<li>bug #1003068: "object copy/paste not always working". IP
|
||||
address object could not be placed under interface using
|
||||
copy/paste operation. Now ip address object can be pasted to
|
||||
interface as well as to Objects/Addresses folder.</li>
|
||||
|
||||
<li>Operation File/discard could not be used if the file was
|
||||
upgraded. Changed the way operation File/Discard works: it now
|
||||
closes the file, discards all the changes that have been made to
|
||||
it and replaces it with a fresh copy of the head revision from
|
||||
RCS. This works if user wants to abort file upgrade when they
|
||||
switch to the new version of fwbuilder.</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>bug #1004153 "limit-burst = 0 is not valid". Iptables does not
|
||||
accept the rule using "limit-burst" option if it is set to
|
||||
zero.</li>
|
||||
</ul>
|
||||
|
||||
|
||||
<hr>
|
||||
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Wed Aug 11 20:54:38 PDT 2004
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
||||
55
doc/ReleaseNotes_2.0.1.txt
Normal file
55
doc/ReleaseNotes_2.0.1.txt
Normal file
@@ -0,0 +1,55 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.1
|
||||
|
||||
Released 08/11/04
|
||||
GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1
|
||||
|
||||
Summary
|
||||
|
||||
Firewall Builder GUI v2.0.1 is a maintenance release that includes fixes for bugs discovered
|
||||
since 2.0 has been released.
|
||||
|
||||
For those who wish to build from source, instructions are outlined in "Install and Build
|
||||
instructions"
|
||||
|
||||
Bugs fixed in libfwbuilder API:
|
||||
|
||||
* bug #1001725: "object with empty name can not be deleted". the problem was caused by the
|
||||
algorithm used in FWObject::getPath. If object had had a blank name, the path returned by
|
||||
this method would end with the name of its parent without slash.
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug #1001521: "Cant create ICMP service". ICMP Service dialog did not save icmp code and
|
||||
type numbers in the object.
|
||||
* bug #1001275: "object duplication fails w/ no action". GUI used to not allow user to
|
||||
duplicate IP address object. Now any object can be duplicated so that the copy is placed
|
||||
under the same parent, including IP address.
|
||||
* bug #1000862: "Creating groups in Deleted Objects". Library "Deleted objects" should not
|
||||
be offered as a choice for "group objects" operation.
|
||||
* bug #1000485: "Firewalls in the drop-down box not ordered". List of firewalls in the
|
||||
pull-down that controls policy views is now alphabetically sorted on program startup.
|
||||
* there were two TCP Service objects "linuxconf" in the Standard objects library. Object
|
||||
with ID id3AED0D6D has been removed. It seems this object has been duplicated long time
|
||||
ago (at least it was like this in 1.1.2)
|
||||
* bug #1002388: "Clamp MSS to MTU" option was missing in 2.0
|
||||
* bug #1001833: fixed memory leak that appeared when autosave option was used
|
||||
* bug #1003068: "object copy/paste not always working". IP address object could not be
|
||||
placed under interface using copy/paste operation. Now ip address object can be pasted to
|
||||
interface as well as to Objects/Addresses folder.
|
||||
* Operation File/discard could not be used if the file was upgraded. Changed the way
|
||||
operation File/Discard works: it now closes the file, discards all the changes that have
|
||||
been made to it and replaces it with a fresh copy of the head revision from RCS. This
|
||||
works if user wants to abort file upgrade when they switch to the new version of
|
||||
fwbuilder.
|
||||
|
||||
Bugs fixed in iptables policy compiler fwb_ipt:
|
||||
|
||||
* bug #1004153 "limit-burst = 0 is not valid". Iptables does not accept the rule using
|
||||
"limit-burst" option if it is set to zero.
|
||||
|
||||
------------------------------------------------------------------------------------------
|
||||
|
||||
Last modified: Wed Aug 11 20:54:38 PDT 2004
|
||||
6 PDT 2004
|
||||
171
doc/ReleaseNotes_2.0.2.html
Normal file
171
doc/ReleaseNotes_2.0.2.html
Normal file
@@ -0,0 +1,171 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
<title>Release Notes 2.0.2</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.2 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 08/31/04
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
Firewall Builder GUI v2.0.2 is a maintenance release that includes
|
||||
fixes for bugs discovered since 2.0.1 has been released.
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
|
||||
and Build instructions"</a></b>
|
||||
|
||||
|
||||
<h2>General</h2>
|
||||
<ul>
|
||||
<li>Updated FreeBSD ports, tested on 5.3-BETA</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>New standard objects</h2>
|
||||
<ul>
|
||||
<li>added new service objects to the Standard objects library:
|
||||
"xmas scan" (old object renamed "xmas scan - full"), rsync,
|
||||
distcc, cvspserver, cvsup, afp, whois, bgp, radius and radius
|
||||
acct, SSDP and UPnP.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>New template objects</h2>
|
||||
<ul>
|
||||
<li>added template firewall objects for Linksys firewall and a
|
||||
web server.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>New features in policy compiler for PF</h2>
|
||||
<ul>
|
||||
<li>Implemented support for all timeout settings in pf:
|
||||
tcp.first,tcp.opening,tcp.established,
|
||||
tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
|
||||
icmp.first,icmp.error,other.first,other.single,other.multiple,
|
||||
including adaptive timeout scaling options adaptive.start and
|
||||
adaptive.end</li>
|
||||
|
||||
<li>Added support for options "max", "max-src-nodes" and
|
||||
"max-src-states" in pf. These allow to limit number of
|
||||
concurrent state table entries ("max"), number of source
|
||||
addresses that can simultaneously have state table entries
|
||||
("max-src-nodes") and number of simultaneous state entries per
|
||||
source address ("max-src-states") per rule.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in libfwbuilder API:</h2>
|
||||
<ul>
|
||||
<li>: added element physAddress to list of child elements of
|
||||
Library (bug #1011617)</li>
|
||||
|
||||
<li>bug #1012733: "configure --libdir=DIR will be ignored at
|
||||
installation". Needed to use macro _libdir to specify target
|
||||
directory for libraries. Used it in configure, qmake.in,
|
||||
libfwbuilder-config-2 and a .spec file. Code should compile and
|
||||
install in correct place on 64-bit systems.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug #1019691: "040829 nightly build doesn't add paths for
|
||||
linksys"</li>
|
||||
|
||||
<li>bug #1013177: "deleting multiple hosts causes crash"
|
||||
</li>
|
||||
|
||||
<li>bug #1009345: "Can only move one host object at a time
|
||||
between libraries"</li>
|
||||
|
||||
<li>bug #1013018: "host OS settings" dialog is missing for
|
||||
linksys. Added host OS settings dialog for
|
||||
linksys/Sveasoft. Dialog provides entry fields for paths to
|
||||
iptables, lsmod, modprobe, logger tools and two shell prompt
|
||||
string patterns, this should help to work around changes in the
|
||||
shell prompt on Linksys.</li>
|
||||
|
||||
<li>bug #1013022: "can not install policy script on linksts
|
||||
Alchemy pre-5.2". Built-in installer uses shell prompt string
|
||||
patterns configured in the host OS settings dialog for
|
||||
linksys.</li>
|
||||
|
||||
<li>bug #1008956: "Existing .fwb file gets overwritten if has
|
||||
wrong extension". If the GUI needs to rename a data file with
|
||||
old extension .xml to .fwb, it checks if a file with new
|
||||
extension exists and offers user a chance to choose a different
|
||||
name. It also treats symlinks in a special way: if user creates
|
||||
a symlink with extension .xml pointing at a file with extension
|
||||
.fwb, the GUI simply follows the link and works with .fwb
|
||||
file. This should work with Windows shortcuts, too. </li>
|
||||
|
||||
<li>bug #1013485: "File/Import should allow to import .fwb
|
||||
file". Function File/Import offers a choice of .fwl, .fwb and
|
||||
"all files" in the open file dialog.</li>
|
||||
|
||||
<li>bug #1011248: "need two xmas scan service objects". </li>
|
||||
|
||||
<li>bug #1013957: "incorrect NAT rule in firewall created from
|
||||
template #3". The problem was caused by incorrect ip address of
|
||||
interface "dmz" in the template object #3.</li>
|
||||
|
||||
<li>bug #1014725: "adding new ICMP types". If user created
|
||||
service group with the name "ICMP", the GUI would place new ICMP
|
||||
objects under this group instead of the standard folder
|
||||
"ICMP". There was the same problem with other object types, too.</li>
|
||||
|
||||
<li>bug #1015884: "Export more than one library fails with 0
|
||||
references". Export library operation failed if user exported
|
||||
two libraries with groups or rules in one library referencing
|
||||
objects in the other.</li>
|
||||
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>bug #1005148: "MAC matching - space missing". Space was
|
||||
missing between MAC address and custom service code.</li>
|
||||
|
||||
<li>avoiding grep in the script generated for Linksys/Sveasoft
|
||||
firewall - Sveasoft Alchemy pre-5.2.3 does not have grep</li>
|
||||
|
||||
<li>bug #1019943: "Missing ip addresses in the rule using
|
||||
interfaces"</li>
|
||||
</ul>
|
||||
|
||||
|
||||
<hr>
|
||||
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Tue Aug 31 20:38:55 PDT 2004
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
||||
100
doc/ReleaseNotes_2.0.2.txt
Normal file
100
doc/ReleaseNotes_2.0.2.txt
Normal file
@@ -0,0 +1,100 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.2
|
||||
|
||||
Released 08/31/04
|
||||
GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2
|
||||
|
||||
Summary
|
||||
|
||||
Firewall Builder GUI v2.0.2 is a maintenance release that includes fixes
|
||||
for bugs discovered since 2.0.1 has been released.
|
||||
|
||||
For those who wish to build from source, instructions are outlined in
|
||||
"Install and Build instructions"
|
||||
|
||||
General
|
||||
|
||||
* Updated FreeBSD ports, tested on 5.3-BETA
|
||||
|
||||
New standard objects
|
||||
|
||||
* added new service objects to the Standard objects library: "xmas scan"
|
||||
(old object renamed "xmas scan - full"), rsync, distcc, cvspserver,
|
||||
cvsup, afp, whois, bgp, radius and radius acct, SSDP and UPnP.
|
||||
|
||||
New template objects
|
||||
|
||||
* added template firewall objects for Linksys firewall and a web server.
|
||||
|
||||
New features in policy compiler for PF
|
||||
|
||||
* Implemented support for all timeout settings in pf:
|
||||
tcp.first,tcp.opening,tcp.established,
|
||||
tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
|
||||
icmp.first,icmp.error,other.first,other.single,other.multiple,
|
||||
including adaptive timeout scaling options adaptive.start and
|
||||
adaptive.end
|
||||
* Added support for options "max", "max-src-nodes" and "max-src-states"
|
||||
in pf. These allow to limit number of concurrent state table entries
|
||||
("max"), number of source addresses that can simultaneously have state
|
||||
table entries ("max-src-nodes") and number of simultaneous state
|
||||
entries per source address ("max-src-states") per rule.
|
||||
|
||||
Bugs fixed in libfwbuilder API:
|
||||
|
||||
* : added element physAddress to list of child elements of Library (bug
|
||||
#1011617)
|
||||
* bug #1012733: "configure --libdir=DIR will be ignored at
|
||||
installation". Needed to use macro _libdir to specify target directory
|
||||
for libraries. Used it in configure, qmake.in, libfwbuilder-config-2
|
||||
and a .spec file. Code should compile and install in correct place on
|
||||
64-bit systems.
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug #1019691: "040829 nightly build doesn't add paths for linksys"
|
||||
* bug #1013177: "deleting multiple hosts causes crash"
|
||||
* bug #1009345: "Can only move one host object at a time between
|
||||
libraries"
|
||||
* bug #1013018: "host OS settings" dialog is missing for linksys. Added
|
||||
host OS settings dialog for linksys/Sveasoft. Dialog provides entry
|
||||
fields for paths to iptables, lsmod, modprobe, logger tools and two
|
||||
shell prompt string patterns, this should help to work around changes
|
||||
in the shell prompt on Linksys.
|
||||
* bug #1013022: "can not install policy script on linksts Alchemy
|
||||
pre-5.2". Built-in installer uses shell prompt string patterns
|
||||
configured in the host OS settings dialog for linksys.
|
||||
* bug #1008956: "Existing .fwb file gets overwritten if has wrong
|
||||
extension". If the GUI needs to rename a data file with old extension
|
||||
.xml to .fwb, it checks if a file with new extension exists and offers
|
||||
user a chance to choose a different name. It also treats symlinks in a
|
||||
special way: if user creates a symlink with extension .xml pointing at
|
||||
a file with extension .fwb, the GUI simply follows the link and works
|
||||
with .fwb file. This should work with Windows shortcuts, too.
|
||||
* bug #1013485: "File/Import should allow to import .fwb file". Function
|
||||
File/Import offers a choice of .fwl, .fwb and "all files" in the open
|
||||
file dialog.
|
||||
* bug #1011248: "need two xmas scan service objects".
|
||||
* bug #1013957: "incorrect NAT rule in firewall created from template
|
||||
#3". The problem was caused by incorrect ip address of interface "dmz"
|
||||
in the template object #3.
|
||||
* bug #1014725: "adding new ICMP types". If user created service group
|
||||
with the name "ICMP", the GUI would place new ICMP objects under this
|
||||
group instead of the standard folder "ICMP". There was the same
|
||||
problem with other object types, too.
|
||||
* bug #1015884: "Export more than one library fails with 0 references".
|
||||
Export library operation failed if user exported two libraries with
|
||||
groups or rules in one library referencing objects in the other.
|
||||
|
||||
Bugs fixed in iptables policy compiler fwb_ipt:
|
||||
|
||||
* bug #1005148: "MAC matching - space missing". Space was missing
|
||||
between MAC address and custom service code.
|
||||
* avoiding grep in the script generated for Linksys/Sveasoft firewall -
|
||||
Sveasoft Alchemy pre-5.2.3 does not have grep
|
||||
* bug #1019943: "Missing ip addresses in the rule using interfaces"
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Last modified: Tue Aug 31 20:38:55 PDT 2004
|
||||
306
doc/ReleaseNotes_2.0.3.html
Normal file
306
doc/ReleaseNotes_2.0.3.html
Normal file
@@ -0,0 +1,306 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
<title>Release Notes 2.0.3</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.3 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 09/30/04
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
Firewall Builder GUI v2.0.3 is a maintenance release that includes
|
||||
fixes for bugs discovered since 2.0.2 has been released.
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
|
||||
and Build instructions"</a></b>
|
||||
|
||||
<ul>
|
||||
<li>This release improves support for the PF firewall by always
|
||||
using tables in policy rules; it also uses syntax " !
|
||||
<tbl>" for negation, assignes "rdr" rules to interfaces
|
||||
and adds "flags S/SA" to policy rules that keep state. </li>
|
||||
|
||||
<li>This release significantly improves optimizer for iptables
|
||||
and adds an automatically generated rule to block packets that
|
||||
correspond to an INVALID state</li>
|
||||
|
||||
<li>Built-in policy installer can compress firewall policy
|
||||
script before it is installed in flash memory on
|
||||
Linksys/Sveasoft firewall; this allows for much larger policy to
|
||||
be used on Linksys. Script compression is optional.</li>
|
||||
|
||||
<li>Built-in policy installer can be used to test new policy
|
||||
rules with automatic roll-back to the previous version of the
|
||||
policy after specified interval of time. This feature helps to
|
||||
work around errors in the policy that block access to the
|
||||
firewall from the management workstation.
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
|
||||
<h2>Caveats</h2>
|
||||
|
||||
<p>New version (as of build 421) completely changes the way it
|
||||
loads and activates firewall script on linksys. Old version put
|
||||
the whole script in variable rc_firewall. New one puts script in
|
||||
variable fwb and puts a one-line command in rc_firewall to read
|
||||
the script from fwb and execute it. This was done because of the
|
||||
need to uncompress it when linksys executes command stored in
|
||||
rc_firewall, in other words, rc_firewall needs to be a little
|
||||
script that uncompresses and runs the main firewall script. This
|
||||
is why scripts were separated and rc_firewall has changed compared
|
||||
to the previous versions of fwbuilder.
|
||||
|
||||
<p>Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires
|
||||
you to erase nvram variable "fwb" which holds the whole script in
|
||||
the new builds.
|
||||
|
||||
<p>
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<h2>New features in the built in policy installer</h2>
|
||||
<ul>
|
||||
<li>added an option for test run. When this option is activated,
|
||||
policy script is pushed to the firewall and is executed but is
|
||||
not stored there permanently. Firewall reverts to the last
|
||||
working configuration after reboot.</li>
|
||||
|
||||
<li>implemented compression of the firewall script for
|
||||
Linksys/Sveasoft combo. Using gzip and uuencode/uudecode to
|
||||
compress the script and store it in flash variable
|
||||
'fwb'. Installer prints flash memory stats after commiting
|
||||
changes. Installer uses scp to copy firewall script to the
|
||||
firewall and autogenerated prompt to detect when it logged in;
|
||||
it does not depend on Linksys shell prompt anymore.</li>
|
||||
|
||||
<li>added an option to schedule automatic firewall reboot in
|
||||
specified time (in minutes) after policy activation. <b>This
|
||||
option is available for all firewall platforms but PIX</b>. This
|
||||
option only works if user requested policy activation in a test
|
||||
mode, in which case policy is copied and activated on the
|
||||
firewall but not stored in the permanent location. After reboot
|
||||
the firewall reverts to the previous version of the policy. To
|
||||
cancel scheduled reboot, run installer again with "test run"
|
||||
option turned off. Installer stores the policy in the permanent
|
||||
location, activates it and cancels scheduled reboot. The
|
||||
commands used to schedule reboot and cancel it depend on the
|
||||
host os of the firewall. On Linux, it will use "shutdown -r +NN"
|
||||
and "shutdown -c". On *BSD systems it uses "shutdown -r +NN" and
|
||||
a combination of ps and awk to find and kill shutdown when
|
||||
reboot is canceled. Installer uses "reboot" and kills it with
|
||||
"killall" on linksys.</li>
|
||||
|
||||
<li>All manipulations that installer does on the firewall are
|
||||
programmed in little one-line scripts stored in resource file
|
||||
for each supported OS the firewall is running. These are in
|
||||
/usr/share/fwbuilder/os on Linux/*BSD or in
|
||||
C:\FWBuilder\resources\os on Windows. Users can hack commands
|
||||
in these files to make installer work with host OS that is not
|
||||
supported by default. Currently, the GUI only looks for the
|
||||
OS-specific resource files in the system-wide directory. Future
|
||||
versions will also look in a predefined directory in users'
|
||||
home. Directory path to be defined later.</li>
|
||||
|
||||
<li>Added option "output file name" to firewall settings dialogs
|
||||
for all platforms. User can specify the name for the output
|
||||
file; this name is then used by built in installer in place of a
|
||||
macro %FWSCRIPT%.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>New features in policy compiler for iptables</h2>
|
||||
<ul>
|
||||
<li>implemented feature request #1023430: "add checkbox for
|
||||
INVALID support in fw settings". Added two checkboxes to the
|
||||
firewall settings dialog: one adds a rule to drop INVALID
|
||||
packets and another adds logging to the rule.</li>
|
||||
|
||||
<li>rules that permit packets associated with
|
||||
ESTABLISHED,RELATED states moved to the beginning of the script
|
||||
before NAT rules.</li>
|
||||
|
||||
<li>bug #1022216: "negated time produces incorrect iptables
|
||||
rule". Implemented negation for the "Time" rule element for
|
||||
iptables</li>
|
||||
|
||||
<li>using abbreviated versions of "--dport", "--sport",
|
||||
"--dports", "--sports" options to make generated iptables script
|
||||
smaller. Also changed the name of the variables used to hold IP
|
||||
address of dynamic interface from "interface_<ifname>" to
|
||||
"i_<ifname>". All this should help to fit larger policies into
|
||||
small flash on linksys. These changes shrunk my test script from
|
||||
7964 bytes to 7430 bytes</li>
|
||||
|
||||
<li>Generated iptables script flushes only secondary ip
|
||||
addresses on interfaces during initialization phase if option
|
||||
"configure interfaces" is on. This should fix a bug that caused
|
||||
linksys/sveasoft unit to lose default route upon reboot if
|
||||
external interface has static IP address.</li>
|
||||
|
||||
<li>Generated script checks if /usr/sbin/ip exists on the
|
||||
firewall before it tries to use it to verify interfaces and
|
||||
configure IP addresses. This check is only performed if user
|
||||
activated options that use this tool. An error message
|
||||
"Interface eth0 does not exist" was generated if package
|
||||
iproute2 was not installed on the firewall, which was
|
||||
confusing.</li>
|
||||
</ul>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>New features in policy compiler for PF</h2>
|
||||
<ul>
|
||||
<li> A NAT rule of type DNAT (rdr rule) is assigned to an
|
||||
interface of the firewall if interface object or its address
|
||||
object is used in ODst. To get rdr rule without interface
|
||||
assignment, use an Address or a Host object that has the same IP
|
||||
address as that of firewall's interface but that is not a child
|
||||
of an interface. This is the same approach that is used in
|
||||
iptables.</li>
|
||||
|
||||
<li>Compiler for pf always uses tables; this breaks
|
||||
compatibility with older OpenBSD systems (3.2 and 3.3)</li>
|
||||
|
||||
<li>Compiler for pf puts interface name in a table for rules
|
||||
that use multiple objects in src or dst and one of these objects
|
||||
is dynamic interface of the firewall that is being
|
||||
processed. Using dynamic interface of another object in a rule
|
||||
is still considered an error. Compiler puts the name of dynamic
|
||||
interface in a table verbatim, without brackets '(' ')' since pf
|
||||
does not replace dynamic interface with its address dynamically
|
||||
if it is used in a table (pfctl issues an error if interface is
|
||||
put in brackets)</li>
|
||||
|
||||
<li>added an option to permit tcp sessions opened prior to
|
||||
firewall restart. This is needed now since compiler generates
|
||||
"flags S/SA" for the "keep state" and "modulate state" rules
|
||||
which means firewall won't permit TCP sessions unless it saw
|
||||
opening SYN packet.</li>
|
||||
|
||||
<li>bug #1028973: fwb_pf: missing "flags S/SA" in front of
|
||||
"modulate state". Compiler adds "flags S/SA" to policy rules
|
||||
that use either "keep state" or "modulate state" options.</li>
|
||||
|
||||
<li>bug #1028980: "need an option to turn logging on on fallback
|
||||
rule". Option has been added.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in libfwbuilder API:</h2>
|
||||
<ul>
|
||||
<li>bug #1022788: "GUI corrupts XML file after creating a second
|
||||
firewall". Global object ID counter was getting reset every time
|
||||
new FWObjectDatabase object was created. This lead to the ID
|
||||
collision if user quickly created and deleted complex objects
|
||||
(such as Firewall) and used database merge. This should also fix
|
||||
bug #1022785: "GUI corrupts XML file after creating a host
|
||||
entry"</li>
|
||||
|
||||
<li>fixed bug (no number): all references to the interfaces, as
|
||||
well as their IP and MAC addresses, in policy and NAT rules
|
||||
should be replaced when Firewall object is duplicated. Until now
|
||||
only references to the firewall object itself and to its
|
||||
interfaces were replaced with references to the newly created
|
||||
copies of object. References to IP and MAC addresses still
|
||||
pointed at the old objects.</li>
|
||||
</ul>
|
||||
<p>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug (no number): after deleting a library firewall objects
|
||||
that belong to it were not removed from the pull-down list</li>
|
||||
|
||||
<li>bug #1026945: '"Save As" does not work if current file is in
|
||||
RCS'</li>
|
||||
|
||||
<li>bug #1028078: "options.png is not displayed for "Assume
|
||||
firewall is part..."</li>
|
||||
|
||||
<li>bug #1035132: "compile errors with default Linksys firewall
|
||||
object". This bug has been introduced in build 435. When user
|
||||
created a new firewall object using one of the template objects,
|
||||
the GUI would add bunch of garbage to the firewall options. This
|
||||
garbage violated XML DTD, so compilers and the GUI would not
|
||||
accept the data file anymore.</li>
|
||||
|
||||
<li>bug #1035130: 'Persistent "Save" dialog box'. Certain
|
||||
combination of actions on user's part used to lead to an
|
||||
indefinite loop of "do you want to save the data" dialogs. The
|
||||
problem was triggered if user skipped choosing a name for the
|
||||
new file in startup dialog.</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>bug #1024861: "optimizer is broken in fwb_ipt". Used idea
|
||||
and a patch by Mark Vevers <mark@vevers.net>. Fixed compiler
|
||||
fwb_ipt generates more efficient iptables script for rules with
|
||||
multiple objects in all rule elements. The script is smaller and
|
||||
eliminates unnecessary comparisons for packet attributes. Every
|
||||
attribute (i.e. source address, destination address, protocol
|
||||
and port numbers) is checked by the script only once. This
|
||||
should help reduce load on firewalls with lots of complex
|
||||
rules.</mark>
|
||||
|
||||
<li>bug #1026509: "incorrect rules generated for dual negation
|
||||
with time". Compiler generated incorrect iptables commands for
|
||||
rules that had negation in two or more rule elements, one of
|
||||
which was Time.</li>
|
||||
|
||||
<li>bug #1026794: multiple SRC ntwks --> "iptables: invalid
|
||||
argument". Recent changes in optimizer introduced this
|
||||
bug. Rules with multiple objects in src or dst, TCP service,
|
||||
action Reject and option "reject with TCP RST" would generate
|
||||
iptables command that used option "--reject-with tcp-reset"
|
||||
without "-p tcp"</li>
|
||||
</ul>
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in iptables policy compiler fwb_pf:</h2>
|
||||
<ul>
|
||||
<li>bug #1006906: "Negated network causes pass on
|
||||
network". Compiler for pf uses native negation syntax that is
|
||||
now available in pf</li>
|
||||
|
||||
<li>bug (no num): "firewall settings" dialog for OpenBSD pf did
|
||||
not save option "Use tables". Since compiler is always using
|
||||
tables, this option was removed from the dialog.</li>
|
||||
|
||||
</ul>
|
||||
|
||||
<hr>
|
||||
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Thu Sep 30 20:16:23 PDT 2004
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
||||
204
doc/ReleaseNotes_2.0.3.txt
Normal file
204
doc/ReleaseNotes_2.0.3.txt
Normal file
@@ -0,0 +1,204 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.3
|
||||
|
||||
Released 09/30/04
|
||||
GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3
|
||||
|
||||
Summary
|
||||
|
||||
Firewall Builder GUI v2.0.3 is a maintenance release that includes fixes
|
||||
for bugs discovered since 2.0.2 has been released.
|
||||
|
||||
For those who wish to build from source, instructions are outlined in
|
||||
"Install and Build instructions"
|
||||
|
||||
* This release improves support for the PF firewall by always using
|
||||
tables in policy rules; it also uses syntax " ! <tbl>" for negation,
|
||||
assignes "rdr" rules to interfaces and adds "flags S/SA" to policy
|
||||
rules that keep state.
|
||||
* This release significantly improves optimizer for iptables and adds an
|
||||
automatically generated rule to block packets that correspond to an
|
||||
INVALID state
|
||||
* Built-in policy installer can compress firewall policy script before
|
||||
it is installed in flash memory on Linksys/Sveasoft firewall; this
|
||||
allows for much larger policy to be used on Linksys. Script
|
||||
compression is optional.
|
||||
* Built-in policy installer can be used to test new policy rules with
|
||||
automatic roll-back to the previous version of the policy after
|
||||
specified interval of time. This feature helps to work around errors
|
||||
in the policy that block access to the firewall from the management
|
||||
workstation.
|
||||
|
||||
Caveats
|
||||
|
||||
New version (as of build 421) completely changes the way it loads and
|
||||
activates firewall script on linksys. Old version put the whole script in
|
||||
variable rc_firewall. New one puts script in variable fwb and puts a
|
||||
one-line command in rc_firewall to read the script from fwb and execute
|
||||
it. This was done because of the need to uncompress it when linksys
|
||||
executes command stored in rc_firewall, in other words, rc_firewall needs
|
||||
to be a little script that uncompresses and runs the main firewall script.
|
||||
This is why scripts were separated and rc_firewall has changed compared to
|
||||
the previous versions of fwbuilder.
|
||||
|
||||
Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires you to
|
||||
erase nvram variable "fwb" which holds the whole script in the new builds.
|
||||
|
||||
New features in the built in policy installer
|
||||
|
||||
* added an option for test run. When this option is activated, policy
|
||||
script is pushed to the firewall and is executed but is not stored
|
||||
there permanently. Firewall reverts to the last working configuration
|
||||
after reboot.
|
||||
* implemented compression of the firewall script for Linksys/Sveasoft
|
||||
combo. Using gzip and uuencode/uudecode to compress the script and
|
||||
store it in flash variable 'fwb'. Installer prints flash memory stats
|
||||
after commiting changes. Installer uses scp to copy firewall script to
|
||||
the firewall and autogenerated prompt to detect when it logged in; it
|
||||
does not depend on Linksys shell prompt anymore.
|
||||
* added an option to schedule automatic firewall reboot in specified
|
||||
time (in minutes) after policy activation. This option is available
|
||||
for all firewall platforms but PIX. This option only works if user
|
||||
requested policy activation in a test mode, in which case policy is
|
||||
copied and activated on the firewall but not stored in the permanent
|
||||
location. After reboot the firewall reverts to the previous version of
|
||||
the policy. To cancel scheduled reboot, run installer again with "test
|
||||
run" option turned off. Installer stores the policy in the permanent
|
||||
location, activates it and cancels scheduled reboot. The commands used
|
||||
to schedule reboot and cancel it depend on the host os of the
|
||||
firewall. On Linux, it will use "shutdown -r +NN" and "shutdown -c".
|
||||
On *BSD systems it uses "shutdown -r +NN" and a combination of ps and
|
||||
awk to find and kill shutdown when reboot is canceled. Installer uses
|
||||
"reboot" and kills it with "killall" on linksys.
|
||||
* All manipulations that installer does on the firewall are programmed
|
||||
in little one-line scripts stored in resource file for each supported
|
||||
OS the firewall is running. These are in /usr/share/fwbuilder/os on
|
||||
Linux/*BSD or in C:\FWBuilder\resources\os on Windows. Users can hack
|
||||
commands in these files to make installer work with host OS that is
|
||||
not supported by default. Currently, the GUI only looks for the
|
||||
OS-specific resource files in the system-wide directory. Future
|
||||
versions will also look in a predefined directory in users' home.
|
||||
Directory path to be defined later.
|
||||
* Added option "output file name" to firewall settings dialogs for all
|
||||
platforms. User can specify the name for the output file; this name is
|
||||
then used by built in installer in place of a macro %FWSCRIPT%.
|
||||
|
||||
New features in policy compiler for iptables
|
||||
|
||||
* implemented feature request #1023430: "add checkbox for INVALID
|
||||
support in fw settings". Added two checkboxes to the firewall settings
|
||||
dialog: one adds a rule to drop INVALID packets and another adds
|
||||
logging to the rule.
|
||||
* rules that permit packets associated with ESTABLISHED,RELATED states
|
||||
moved to the beginning of the script before NAT rules.
|
||||
* bug #1022216: "negated time produces incorrect iptables rule".
|
||||
Implemented negation for the "Time" rule element for iptables
|
||||
* using abbreviated versions of "--dport", "--sport", "--dports",
|
||||
"--sports" options to make generated iptables script smaller. Also
|
||||
changed the name of the variables used to hold IP address of dynamic
|
||||
interface from "interface_<ifname>" to "i_<ifname>". All this should
|
||||
help to fit larger policies into small flash on linksys. These changes
|
||||
shrunk my test script from 7964 bytes to 7430 bytes
|
||||
* Generated iptables script flushes only secondary ip addresses on
|
||||
interfaces during initialization phase if option "configure
|
||||
interfaces" is on. This should fix a bug that caused linksys/sveasoft
|
||||
unit to lose default route upon reboot if external interface has
|
||||
static IP address.
|
||||
* Generated script checks if /usr/sbin/ip exists on the firewall before
|
||||
it tries to use it to verify interfaces and configure IP addresses.
|
||||
This check is only performed if user activated options that use this
|
||||
tool. An error message "Interface eth0 does not exist" was generated
|
||||
if package iproute2 was not installed on the firewall, which was
|
||||
confusing.
|
||||
|
||||
New features in policy compiler for PF
|
||||
|
||||
* A NAT rule of type DNAT (rdr rule) is assigned to an interface of the
|
||||
firewall if interface object or its address object is used in ODst. To
|
||||
get rdr rule without interface assignment, use an Address or a Host
|
||||
object that has the same IP address as that of firewall's interface
|
||||
but that is not a child of an interface. This is the same approach
|
||||
that is used in iptables.
|
||||
* Compiler for pf always uses tables; this breaks compatibility with
|
||||
older OpenBSD systems (3.2 and 3.3)
|
||||
* Compiler for pf puts interface name in a table for rules that use
|
||||
multiple objects in src or dst and one of these objects is dynamic
|
||||
interface of the firewall that is being processed. Using dynamic
|
||||
interface of another object in a rule is still considered an error.
|
||||
Compiler puts the name of dynamic interface in a table verbatim,
|
||||
without brackets '(' ')' since pf does not replace dynamic interface
|
||||
with its address dynamically if it is used in a table (pfctl issues an
|
||||
error if interface is put in brackets)
|
||||
* added an option to permit tcp sessions opened prior to firewall
|
||||
restart. This is needed now since compiler generates "flags S/SA" for
|
||||
the "keep state" and "modulate state" rules which means firewall won't
|
||||
permit TCP sessions unless it saw opening SYN packet.
|
||||
* bug #1028973: fwb_pf: missing "flags S/SA" in front of "modulate
|
||||
state". Compiler adds "flags S/SA" to policy rules that use either
|
||||
"keep state" or "modulate state" options.
|
||||
* bug #1028980: "need an option to turn logging on on fallback rule".
|
||||
Option has been added.
|
||||
|
||||
Bugs fixed in libfwbuilder API:
|
||||
|
||||
* bug #1022788: "GUI corrupts XML file after creating a second
|
||||
firewall". Global object ID counter was getting reset every time new
|
||||
FWObjectDatabase object was created. This lead to the ID collision if
|
||||
user quickly created and deleted complex objects (such as Firewall)
|
||||
and used database merge. This should also fix bug #1022785: "GUI
|
||||
corrupts XML file after creating a host entry"
|
||||
* fixed bug (no number): all references to the interfaces, as well as
|
||||
their IP and MAC addresses, in policy and NAT rules should be replaced
|
||||
when Firewall object is duplicated. Until now only references to the
|
||||
firewall object itself and to its interfaces were replaced with
|
||||
references to the newly created copies of object. References to IP and
|
||||
MAC addresses still pointed at the old objects.
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug (no number): after deleting a library firewall objects that belong
|
||||
to it were not removed from the pull-down list
|
||||
* bug #1026945: '"Save As" does not work if current file is in RCS'
|
||||
* bug #1028078: "options.png is not displayed for "Assume firewall is
|
||||
part..."
|
||||
* bug #1035132: "compile errors with default Linksys firewall object".
|
||||
This bug has been introduced in build 435. When user created a new
|
||||
firewall object using one of the template objects, the GUI would add
|
||||
bunch of garbage to the firewall options. This garbage violated XML
|
||||
DTD, so compilers and the GUI would not accept the data file anymore.
|
||||
* bug #1035130: 'Persistent "Save" dialog box'. Certain combination of
|
||||
actions on user's part used to lead to an indefinite loop of "do you
|
||||
want to save the data" dialogs. The problem was triggered if user
|
||||
skipped choosing a name for the new file in startup dialog.
|
||||
|
||||
Bugs fixed in iptables policy compiler fwb_ipt:
|
||||
|
||||
* bug #1024861: "optimizer is broken in fwb_ipt". Used idea and a patch
|
||||
by Mark Vevers <mark@vevers.net>. Fixed compiler fwb_ipt generates
|
||||
more efficient iptables script for rules with multiple objects in all
|
||||
rule elements. The script is smaller and eliminates unnecessary
|
||||
comparisons for packet attributes. Every attribute (i.e. source
|
||||
address, destination address, protocol and port numbers) is checked by
|
||||
the script only once. This should help reduce load on firewalls with
|
||||
lots of complex rules.
|
||||
* bug #1026509: "incorrect rules generated for dual negation with time".
|
||||
Compiler generated incorrect iptables commands for rules that had
|
||||
negation in two or more rule elements, one of which was Time.
|
||||
* bug #1026794: multiple SRC ntwks --> "iptables: invalid argument".
|
||||
Recent changes in optimizer introduced this bug. Rules with multiple
|
||||
objects in src or dst, TCP service, action Reject and option "reject
|
||||
with TCP RST" would generate iptables command that used option
|
||||
"--reject-with tcp-reset" without "-p tcp"
|
||||
|
||||
Bugs fixed in iptables policy compiler fwb_pf:
|
||||
|
||||
* bug #1006906: "Negated network causes pass on network". Compiler for
|
||||
pf uses native negation syntax that is now available in pf
|
||||
* bug (no num): "firewall settings" dialog for OpenBSD pf did not save
|
||||
option "Use tables". Since compiler is always using tables, this
|
||||
option was removed from the dialog.
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Last modified: Thu Sep 30 20:16:23 PDT 2004
|
||||
381
doc/ReleaseNotes_2.0.4.html
Normal file
381
doc/ReleaseNotes_2.0.4.html
Normal file
@@ -0,0 +1,381 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
</head>
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.4 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 12/02/04
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in the document "Install and Build instructions" on our web site <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
|
||||
|
||||
<h2>What's new</h2>
|
||||
<ul>
|
||||
|
||||
<li>Improvements in the GUI
|
||||
<p>
|
||||
<ul>
|
||||
<li>improved error handling: if the GUI is started with a
|
||||
file on the command line or is configured to open a file
|
||||
automatically on startup and RCS can not check the file out,
|
||||
the GUI will come up empty (with only standard objects
|
||||
loaded). Previously in a situation when the GUI was
|
||||
configured to open a file automatically, but the file could
|
||||
not be checked out, there was no way to cancel this
|
||||
automatic file open operation since the GUI would never come
|
||||
up.</li>
|
||||
|
||||
<li>Added Japanese translation by Tadashi Jokagi
|
||||
<elf@elf.no-ip.org></li>
|
||||
|
||||
<li>Added Russian translation by RusBusinessSecurity Co. Ltd.,
|
||||
Russia. This translation is fairly complete but is still
|
||||
considered preliminary. Bug reports and suggestions are very
|
||||
welcome.
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
|
||||
|
||||
<li>Improvements in the built-in policy installer
|
||||
<p>
|
||||
<ul>
|
||||
<li>Built-in installer checks exit status of the script it
|
||||
runs on the firewall and aborts installation sequence if it
|
||||
detects an error. OS resource files have been updated
|
||||
accordingly so they return exit status '1' in case of error
|
||||
and '0' when they succeed.</li>
|
||||
|
||||
<li>Added an option to push PIX configuration to a standby
|
||||
firewall at the end of install.</li>
|
||||
|
||||
<li>Added support in installer for new configuration script
|
||||
formats for PIX:
|
||||
<p>
|
||||
<ol>
|
||||
<li>basic or old format when access lists are cleared
|
||||
and added from scratch</li>
|
||||
|
||||
<li>Access lists have unique names each time policy is
|
||||
recompiled, lists are added without clearing.</li>
|
||||
|
||||
<li>Access lists are added with temporary names and
|
||||
assigned to interfaces, then the same lists are added
|
||||
with permanent names, lists are swapped and temporary
|
||||
lists cleared</li>
|
||||
</ol>
|
||||
|
||||
<p>Last two methods provide for instantaneous access list
|
||||
swap so that the firewall never runs with empty
|
||||
lists. This helps maintain access to the firewall if
|
||||
configuration is installed remotely.
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Improvements in policy compiler for iptables:
|
||||
<p>
|
||||
<ul>
|
||||
<li>implemented Feature Request #1021201: "output
|
||||
iptables-restore compatible config from fwb_ipt". Policy
|
||||
compiler for iptables can use iptables-restore to activate
|
||||
firewall policy. Iptables-restore provides for atomic policy
|
||||
load and allows to load large policy much faster. Atomic
|
||||
load means the whole filter or nat table is activated at
|
||||
once, and if there is an error, nothing is changed. Compiler
|
||||
generates script in three possible formats:
|
||||
<p>
|
||||
<ol>
|
||||
<li>the ususal shell script that adds rules one at a
|
||||
time by executing iptables command with an "-A" flag to
|
||||
add a rule;</li>
|
||||
|
||||
<li>commands are fed to iptables-restore, this format is
|
||||
used when all interfaces of the firewall have static IP
|
||||
addresses and script does not need to determine
|
||||
addresses at run time;</li>
|
||||
|
||||
<li>script determines IP addresses of interfaces and
|
||||
discovers dynamic interfaces that were defined as a
|
||||
"wildcard" interface in fwbuilder (e.g. 'ppp*'); code
|
||||
that is sent to iptables-restore is generated
|
||||
dynamically by the script at run time.</li>
|
||||
</ol>
|
||||
|
||||
<p>Using iptables-restore is optional and is controlled by
|
||||
the checkbutton in the "Script options" tab of firewall
|
||||
settings dialog. Path to iptables-restore utility can be
|
||||
set in the "Paths" tab of the host settings dialog.
|
||||
</p>
|
||||
</li>
|
||||
|
||||
<li>policy installation via iptables-restore has been tested
|
||||
with old versions of iptables (1.2.6a). Script need to
|
||||
include "-m tcp", "-m udp" or "-m icmp", otherwise
|
||||
iptables-restore does not understand options "--dport",
|
||||
"--tcp-flags" and some others. Also had to use "--tcp-flags
|
||||
SYN,RST,ACK SYN" instea dof "--syn" for better backwards
|
||||
compatibility.</li>
|
||||
|
||||
<li>A change in the script generated by fwb_ipt: if
|
||||
iptables-restore is not used to load policy, generated shell
|
||||
script purges existing firewall policy (all tables and
|
||||
chains) and sets default chain policies after it configures
|
||||
interfaces of the firewall. Previously, it would flush
|
||||
tables and set default policy before it configured
|
||||
interfaces.</li>
|
||||
|
||||
|
||||
<li>removed code that added iptables command to the "drop"
|
||||
table to drop and log all dropped packets. This rule used
|
||||
obsoleted patch-o-matic patch "drop" which is not available
|
||||
anymore. </li>
|
||||
|
||||
<li>moved rule permitting backup ssh access from the
|
||||
management station to the firewall to the top of the
|
||||
script. This helps maintain ssh session, otherwise it may
|
||||
stall or break because stdout buffer is filled with
|
||||
diagnostic or progress output from the script that is
|
||||
printed after all chains are flushed but before rule
|
||||
permitting ssh to the firewall is added. If stdout buffer is
|
||||
full, ssh stops and tries to send the text to the management
|
||||
station but times out because firewall blocks it.</li>
|
||||
|
||||
|
||||
</ul>
|
||||
<br><br>
|
||||
</li>
|
||||
|
||||
<li>Improvements in policy compiler for pf:
|
||||
<p>
|
||||
<ul>
|
||||
<li>Activation script for PF flushes only information about
|
||||
rules, nat, source and tables (it used to flush "all"). This
|
||||
preserves queue entries and states. </li>
|
||||
|
||||
</ul>
|
||||
<p>
|
||||
</li>
|
||||
|
||||
<li>Improvements in policy compilers for all platforms:
|
||||
<p>
|
||||
<ul>
|
||||
<li>added support for prolog and epilog scripts for all
|
||||
firewall platforms. This was available for PIX for some
|
||||
time, now it has been added for all
|
||||
platforms. "Prolog/Epilog" tab of the firewall settings
|
||||
dialog allows for editing of two blocks of commands that
|
||||
will be added to the generated firewall script
|
||||
verbatim. Prolog block is added on top, while epilog block
|
||||
is added at the bottom. Both prolog and epilog are expected
|
||||
to be shell scripts and are added to the generated shell
|
||||
script that activates firewall. For iptables and ipfw all
|
||||
compiler generates is this shell script and prolog and
|
||||
epilog commands are inserted into it. These commands may
|
||||
execute some actions, as well as add any policy or nat
|
||||
commands. For ipf and pf prolog and epilog commands are
|
||||
added to the activation shell script ( .fw file); prolog is
|
||||
added immediately after the command that flushes all
|
||||
rules. This way user may either execute shell commands or
|
||||
add policy and/or nat rules by loading them from external
|
||||
file. </li>
|
||||
|
||||
<li>all policy compilers properly detect an error when the
|
||||
output file can not be created or overwritten and print
|
||||
error message to warn the user.</li>
|
||||
|
||||
|
||||
<li>Added element "Target/family" to all OS resource XML
|
||||
files. Compilers use "family" resource element to determine
|
||||
if host OS is supported. User may want to copy host OS
|
||||
resource file to modify installer scriptlets; as long as the
|
||||
family element is kept the same, compiler will accept new
|
||||
resource file.</li>
|
||||
</ul>
|
||||
<p>
|
||||
</li>
|
||||
|
||||
<br>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<hr>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug #1077072: "CrossPlatform Firewall Builder Crash" -
|
||||
pressing arrow down key on the keyboard right after the GUI
|
||||
started with no firewall objects defined caused crash.</li>
|
||||
|
||||
<li>bug (no num): if a library was assigned a name with
|
||||
non-ascii characters, it would appear distorted in the pull-down
|
||||
list in object dialogs.</li>
|
||||
|
||||
<li>bug (no number) introduced in 2.0.3 when GUI crashed if user
|
||||
tried to choose pull-down menu item in the firewall list after
|
||||
the very first firewall object has been created. </li>
|
||||
|
||||
<li>bug (no number): group object dialog corrupted object names
|
||||
if they contained non-ascii characters.</li>
|
||||
|
||||
<li>bug #1046345: "ipfw - no option to specify ipfw
|
||||
executable". Added GUI control to let user specify alternative
|
||||
path to "ipfw" on FreeBSD. Control like that was previously
|
||||
available only for Mac OS X </li>
|
||||
|
||||
<li>bug #1028866: "incorrect order when several rules copied
|
||||
using copy/paste". Pasting multiple rules into an empty policy
|
||||
caused rules to be inserted in the wrong order.</li>
|
||||
|
||||
<li>bug (no number): Policy installer failed if the following
|
||||
conditions were met: - it was running on Linux, FreeBSD or Mac
|
||||
OS X - working directory configured in the "General" tab of the
|
||||
Preferences dialog did not exist and could not be created or its
|
||||
permissions did not allow user that runs the GUI to access
|
||||
it</li>
|
||||
|
||||
<li>Added #include <errno.h> to make code compile with gcc 3.4.2
|
||||
and glibc 2.3.3</li>
|
||||
|
||||
<li>bug (no number): GUI could not find names of the object
|
||||
libraries in external library files that user added for
|
||||
automatic load in the Preferences dialog on Windows. It would
|
||||
find the name of the library in the first file, but failed to
|
||||
find library names in subsequent files and used the name from
|
||||
the first file. Since this library was only present in the first
|
||||
file, object tree was getting corrupted when the program
|
||||
attempted to load this library from every file configured for
|
||||
automatic pre-load. This only happened on Windows.</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in API:</h2>
|
||||
<ul>
|
||||
<li>bug #1077496 ] Error compiling libfwbuilder in FreeBSD:
|
||||
The problem was caused by changed major version number of libnetsnmp library
|
||||
in the latest net-snmp port (v5.2)</li>
|
||||
|
||||
<li>bug #1055937: "Any->all_multicasts not in INPUT Chain". Need
|
||||
to check if network objects are multicasts; assume that
|
||||
multicast always matches firewall object (e.g fwb_ipt will put
|
||||
rule with such network object in destination in INPUT
|
||||
chain)</li>
|
||||
|
||||
<li>bug #1040773: need to match network address as well as
|
||||
broadcast. Packets sent to the network address (192.168.1.0 for
|
||||
net 192.168.1.0/24) go in the broadcast frame and behave just
|
||||
like IP broadcast packets (sent to 192.168.1.1255 for the same
|
||||
net)</li>
|
||||
|
||||
<li>bug (no number): rule shadowing algorithm now assumes that
|
||||
IPService object with protocol number '0' shades any other
|
||||
service just like 'any' does.</li>
|
||||
|
||||
<li>bug (no num): rule shadowing algorithm checks for IP flags
|
||||
in IP service object. IP service object with protocol 0 shades
|
||||
anything only if its flags are cleared. Two IP services shade
|
||||
each other only if they are completely equal (protocols and all
|
||||
flags settings are the same). However, IP service with protocol
|
||||
0 shades other IP service with protocol !=0 if all flags
|
||||
settings are the same.</li>
|
||||
|
||||
<li>change in the object database merge algorithm: when an
|
||||
object database we are trying to merge has non-empty "Deleted
|
||||
objects" library, deleted objects from this library should be
|
||||
ignored (they used to be deleted from the current
|
||||
tree). Likewise, when current tree has non-empty "Deleted
|
||||
objects" library and objects in it match objects being merged
|
||||
in, objects should be removed from "Deleted objects" library to
|
||||
avoid creating duplicate IDs with objects being merged in.</li>
|
||||
|
||||
<li>bug (no number): program crashed on FreeBSD 5.3 when using
|
||||
SNMP to obtain parameters for hosts and interfaces. Crash
|
||||
occurred because of use of uninitialized mutex variables in
|
||||
module dns.cpp</li>
|
||||
|
||||
<li>bug (no number): The API used to corrupt CustomService
|
||||
object while saving data to the XML file if service code
|
||||
included special characters such as '&'</li>
|
||||
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>bug #1073491: incorrect code for rules using two interfaces
|
||||
with negation. If a rule had two (or more) interfaces of the
|
||||
firewall in the destination, with negation, the code generated
|
||||
by compiler would check one interface's address in INPUT chain
|
||||
and another in FORWARD chain. It should check addresses of all
|
||||
interfaces from the corresponding rule element in the INPUT
|
||||
chain and also check addresses and possibly services from other
|
||||
rule elements in the FORWARD chain. This bug affected rules with
|
||||
two or more interfaces both in source and destination.</li>
|
||||
|
||||
<li>bug #1040788: fwb_ipt and user name. Compiler used to read
|
||||
environment variable "USER" to find out user's name. Sometimes
|
||||
this variable is not set, which caused compiler to abort. Using
|
||||
env variable LOGNAME in addition to USER.</li>
|
||||
|
||||
<li>bug #1040599: "unnecessary FORWARD rules". If ip forwarding
|
||||
is turned off in the host settings dialog of the linux-based
|
||||
firewall, compiler should not generate rules in FORWARD
|
||||
chain.</li>
|
||||
|
||||
<li>bug (no number): compiler placed extra quote '"' at the end
|
||||
of each NAT command in the script using iptables-restore; this
|
||||
happened only if all interfaces of the firewall had static
|
||||
addresses.</li>
|
||||
|
||||
<li>bug (no number) in fwb_ipt that caused no-nat rules with
|
||||
firewall in OSrc to be placed only in OUTPUT chain. Packets
|
||||
originating on the firewall go into OUTPUT and POSTROUTING
|
||||
chains, so no-nat rules must be placed in both. Other minor
|
||||
improvements for NAT of the locally originated connections have
|
||||
been done as well.</li>
|
||||
|
||||
<li>bug (no number) where compiler for iptables used option
|
||||
"--destination-port" with module "multiport" for versions of
|
||||
iptables that do not understand it (1.2.6 and later, as well as
|
||||
default version setting 'any'). The option should be
|
||||
"--destination-ports" or "--dports".</li>
|
||||
|
||||
<li>bug #1063953: "Wrong accept/multiport rule
|
||||
generated". Compiler generated wrong code for rules using
|
||||
multiple service objects of different types (TCP and UDP, or TCP
|
||||
and ICMP etc), multiple addresses in src or dst with option that
|
||||
requires using TCP RST for action REJECT. This bug was
|
||||
introduced in build 453</li>
|
||||
|
||||
<li>bug (no number): policy compiler for iptables used "tail -1"
|
||||
in the shell script that read actual IP addresses of interfaces
|
||||
of the firewall. This shell code failed to determine correct
|
||||
address of an interface that was configured with a secondary
|
||||
address. Reverted to using grep (I switched to tail when ran
|
||||
into limitations of one of the beta builds of Sveasoft Linksys
|
||||
firmware that did not have grep)</li>
|
||||
</ul>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
||||
254
doc/ReleaseNotes_2.0.4.txt
Normal file
254
doc/ReleaseNotes_2.0.4.txt
Normal file
@@ -0,0 +1,254 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.4
|
||||
|
||||
Released 12/02/04
|
||||
GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4
|
||||
|
||||
Summary
|
||||
|
||||
For those who wish to build from source, instructions are outlined in the
|
||||
document "Install and Build instructions" on our web site here
|
||||
|
||||
What's new
|
||||
|
||||
* Improvements in the GUI
|
||||
|
||||
* improved error handling: if the GUI is started with a file on the
|
||||
command line or is configured to open a file automatically on
|
||||
startup and RCS can not check the file out, the GUI will come up
|
||||
empty (with only standard objects loaded). Previously in a
|
||||
situation when the GUI was configured to open a file
|
||||
automatically, but the file could not be checked out, there was
|
||||
no way to cancel this automatic file open operation since the GUI
|
||||
would never come up.
|
||||
* Added Japanese translation by Tadashi Jokagi <elf@elf.no-ip.org>
|
||||
* Added Russian translation by RusBusinessSecurity Co. Ltd.,
|
||||
Russia. This translation is fairly complete but is still
|
||||
considered preliminary. Bug reports and suggestions are very
|
||||
welcome.
|
||||
|
||||
* Improvements in the built-in policy installer
|
||||
|
||||
* Built-in installer checks exit status of the script it runs on
|
||||
the firewall and aborts installation sequence if it detects an
|
||||
error. OS resource files have been updated accordingly so they
|
||||
return exit status '1' in case of error and '0' when they
|
||||
succeed.
|
||||
* Added an option to push PIX configuration to a standby firewall
|
||||
at the end of install.
|
||||
* Added support in installer for new configuration script formats
|
||||
for PIX:
|
||||
|
||||
1. basic or old format when access lists are cleared and added
|
||||
from scratch
|
||||
2. Access lists have unique names each time policy is
|
||||
recompiled, lists are added without clearing.
|
||||
3. Access lists are added with temporary names and assigned to
|
||||
interfaces, then the same lists are added with permanent
|
||||
names, lists are swapped and temporary lists cleared
|
||||
|
||||
Last two methods provide for instantaneous access list swap so
|
||||
that the firewall never runs with empty lists. This helps
|
||||
maintain access to the firewall if configuration is installed
|
||||
remotely.
|
||||
|
||||
* Improvements in policy compiler for iptables:
|
||||
|
||||
* implemented Feature Request #1021201: "output iptables-restore
|
||||
compatible config from fwb_ipt". Policy compiler for iptables can
|
||||
use iptables-restore to activate firewall policy.
|
||||
Iptables-restore provides for atomic policy load and allows to
|
||||
load large policy much faster. Atomic load means the whole filter
|
||||
or nat table is activated at once, and if there is an error,
|
||||
nothing is changed. Compiler generates script in three possible
|
||||
formats:
|
||||
|
||||
1. the ususal shell script that adds rules one at a time by
|
||||
executing iptables command with an "-A" flag to add a rule;
|
||||
2. commands are fed to iptables-restore, this format is used
|
||||
when all interfaces of the firewall have static IP addresses
|
||||
and script does not need to determine addresses at run time;
|
||||
3. script determines IP addresses of interfaces and discovers
|
||||
dynamic interfaces that were defined as a "wildcard"
|
||||
interface in fwbuilder (e.g. 'ppp*'); code that is sent to
|
||||
iptables-restore is generated dynamically by the script at
|
||||
run time.
|
||||
|
||||
Using iptables-restore is optional and is controlled by the
|
||||
checkbutton in the "Script options" tab of firewall settings
|
||||
dialog. Path to iptables-restore utility can be set in the
|
||||
"Paths" tab of the host settings dialog.
|
||||
|
||||
* policy installation via iptables-restore has been tested with old
|
||||
versions of iptables (1.2.6a). Script need to include "-m tcp",
|
||||
"-m udp" or "-m icmp", otherwise iptables-restore does not
|
||||
understand options "--dport", "--tcp-flags" and some others. Also
|
||||
had to use "--tcp-flags SYN,RST,ACK SYN" instea dof "--syn" for
|
||||
better backwards compatibility.
|
||||
* A change in the script generated by fwb_ipt: if iptables-restore
|
||||
is not used to load policy, generated shell script purges
|
||||
existing firewall policy (all tables and chains) and sets default
|
||||
chain policies after it configures interfaces of the firewall.
|
||||
Previously, it would flush tables and set default policy before
|
||||
it configured interfaces.
|
||||
* removed code that added iptables command to the "drop" table to
|
||||
drop and log all dropped packets. This rule used obsoleted
|
||||
patch-o-matic patch "drop" which is not available anymore.
|
||||
* moved rule permitting backup ssh access from the management
|
||||
station to the firewall to the top of the script. This helps
|
||||
maintain ssh session, otherwise it may stall or break because
|
||||
stdout buffer is filled with diagnostic or progress output from
|
||||
the script that is printed after all chains are flushed but
|
||||
before rule permitting ssh to the firewall is added. If stdout
|
||||
buffer is full, ssh stops and tries to send the text to the
|
||||
management station but times out because firewall blocks it.
|
||||
|
||||
* Improvements in policy compiler for pf:
|
||||
|
||||
* Activation script for PF flushes only information about rules,
|
||||
nat, source and tables (it used to flush "all"). This preserves
|
||||
queue entries and states.
|
||||
|
||||
* Improvements in policy compilers for all platforms:
|
||||
|
||||
* added support for prolog and epilog scripts for all firewall
|
||||
platforms. This was available for PIX for some time, now it has
|
||||
been added for all platforms. "Prolog/Epilog" tab of the firewall
|
||||
settings dialog allows for editing of two blocks of commands that
|
||||
will be added to the generated firewall script verbatim. Prolog
|
||||
block is added on top, while epilog block is added at the bottom.
|
||||
Both prolog and epilog are expected to be shell scripts and are
|
||||
added to the generated shell script that activates firewall. For
|
||||
iptables and ipfw all compiler generates is this shell script and
|
||||
prolog and epilog commands are inserted into it. These commands
|
||||
may execute some actions, as well as add any policy or nat
|
||||
commands. For ipf and pf prolog and epilog commands are added to
|
||||
the activation shell script ( .fw file); prolog is added
|
||||
immediately after the command that flushes all rules. This way
|
||||
user may either execute shell commands or add policy and/or nat
|
||||
rules by loading them from external file.
|
||||
* all policy compilers properly detect an error when the output
|
||||
file can not be created or overwritten and print error message to
|
||||
warn the user.
|
||||
* Added element "Target/family" to all OS resource XML files.
|
||||
Compilers use "family" resource element to determine if host OS
|
||||
is supported. User may want to copy host OS resource file to
|
||||
modify installer scriptlets; as long as the family element is
|
||||
kept the same, compiler will accept new resource file.
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug #1077072: "CrossPlatform Firewall Builder Crash" - pressing arrow
|
||||
down key on the keyboard right after the GUI started with no firewall
|
||||
objects defined caused crash.
|
||||
* bug (no num): if a library was assigned a name with non-ascii
|
||||
characters, it would appear distorted in the pull-down list in object
|
||||
dialogs.
|
||||
* bug (no number) introduced in 2.0.3 when GUI crashed if user tried to
|
||||
choose pull-down menu item in the firewall list after the very first
|
||||
firewall object has been created.
|
||||
* bug (no number): group object dialog corrupted object names if they
|
||||
contained non-ascii characters.
|
||||
* bug #1046345: "ipfw - no option to specify ipfw executable". Added GUI
|
||||
control to let user specify alternative path to "ipfw" on FreeBSD.
|
||||
Control like that was previously available only for Mac OS X
|
||||
* bug #1028866: "incorrect order when several rules copied using
|
||||
copy/paste". Pasting multiple rules into an empty policy caused rules
|
||||
to be inserted in the wrong order.
|
||||
* bug (no number): Policy installer failed if the following conditions
|
||||
were met: - it was running on Linux, FreeBSD or Mac OS X - working
|
||||
directory configured in the "General" tab of the Preferences dialog
|
||||
did not exist and could not be created or its permissions did not
|
||||
allow user that runs the GUI to access it
|
||||
* Added #include <errno.h> to make code compile with gcc 3.4.2 and glibc
|
||||
2.3.3
|
||||
* bug (no number): GUI could not find names of the object libraries in
|
||||
external library files that user added for automatic load in the
|
||||
Preferences dialog on Windows. It would find the name of the library
|
||||
in the first file, but failed to find library names in subsequent
|
||||
files and used the name from the first file. Since this library was
|
||||
only present in the first file, object tree was getting corrupted when
|
||||
the program attempted to load this library from every file configured
|
||||
for automatic pre-load. This only happened on Windows.
|
||||
|
||||
Bugs fixed in API:
|
||||
|
||||
* bug #1077496 ] Error compiling libfwbuilder in FreeBSD: The problem
|
||||
was caused by changed major version number of libnetsnmp library in
|
||||
the latest net-snmp port (v5.2)
|
||||
* bug #1055937: "Any->all_multicasts not in INPUT Chain". Need to check
|
||||
if network objects are multicasts; assume that multicast always
|
||||
matches firewall object (e.g fwb_ipt will put rule with such network
|
||||
object in destination in INPUT chain)
|
||||
* bug #1040773: need to match network address as well as broadcast.
|
||||
Packets sent to the network address (192.168.1.0 for net
|
||||
192.168.1.0/24) go in the broadcast frame and behave just like IP
|
||||
broadcast packets (sent to 192.168.1.1255 for the same net)
|
||||
* bug (no number): rule shadowing algorithm now assumes that IPService
|
||||
object with protocol number '0' shades any other service just like
|
||||
'any' does.
|
||||
* bug (no num): rule shadowing algorithm checks for IP flags in IP
|
||||
service object. IP service object with protocol 0 shades anything only
|
||||
if its flags are cleared. Two IP services shade each other only if
|
||||
they are completely equal (protocols and all flags settings are the
|
||||
same). However, IP service with protocol 0 shades other IP service
|
||||
with protocol !=0 if all flags settings are the same.
|
||||
* change in the object database merge algorithm: when an object database
|
||||
we are trying to merge has non-empty "Deleted objects" library,
|
||||
deleted objects from this library should be ignored (they used to be
|
||||
deleted from the current tree). Likewise, when current tree has
|
||||
non-empty "Deleted objects" library and objects in it match objects
|
||||
being merged in, objects should be removed from "Deleted objects"
|
||||
library to avoid creating duplicate IDs with objects being merged in.
|
||||
* bug (no number): program crashed on FreeBSD 5.3 when using SNMP to
|
||||
obtain parameters for hosts and interfaces. Crash occurred because of
|
||||
use of uninitialized mutex variables in module dns.cpp
|
||||
* bug (no number): The API used to corrupt CustomService object while
|
||||
saving data to the XML file if service code included special
|
||||
characters such as '&'
|
||||
|
||||
Bugs fixed in policy compiler for iptables fwb_ipt:
|
||||
|
||||
* bug #1073491: incorrect code for rules using two interfaces with
|
||||
negation. If a rule had two (or more) interfaces of the firewall in
|
||||
the destination, with negation, the code generated by compiler would
|
||||
check one interface's address in INPUT chain and another in FORWARD
|
||||
chain. It should check addresses of all interfaces from the
|
||||
corresponding rule element in the INPUT chain and also check addresses
|
||||
and possibly services from other rule elements in the FORWARD chain.
|
||||
This bug affected rules with two or more interfaces both in source and
|
||||
destination.
|
||||
* bug #1040788: fwb_ipt and user name. Compiler used to read environment
|
||||
variable "USER" to find out user's name. Sometimes this variable is
|
||||
not set, which caused compiler to abort. Using env variable LOGNAME in
|
||||
addition to USER.
|
||||
* bug #1040599: "unnecessary FORWARD rules". If ip forwarding is turned
|
||||
off in the host settings dialog of the linux-based firewall, compiler
|
||||
should not generate rules in FORWARD chain.
|
||||
* bug (no number): compiler placed extra quote '"' at the end of each
|
||||
NAT command in the script using iptables-restore; this happened only
|
||||
if all interfaces of the firewall had static addresses.
|
||||
* bug (no number) in fwb_ipt that caused no-nat rules with firewall in
|
||||
OSrc to be placed only in OUTPUT chain. Packets originating on the
|
||||
firewall go into OUTPUT and POSTROUTING chains, so no-nat rules must
|
||||
be placed in both. Other minor improvements for NAT of the locally
|
||||
originated connections have been done as well.
|
||||
* bug (no number) where compiler for iptables used option
|
||||
"--destination-port" with module "multiport" for versions of iptables
|
||||
that do not understand it (1.2.6 and later, as well as default version
|
||||
setting 'any'). The option should be "--destination-ports" or
|
||||
"--dports".
|
||||
* bug #1063953: "Wrong accept/multiport rule generated". Compiler
|
||||
generated wrong code for rules using multiple service objects of
|
||||
different types (TCP and UDP, or TCP and ICMP etc), multiple addresses
|
||||
in src or dst with option that requires using TCP RST for action
|
||||
REJECT. This bug was introduced in build 453
|
||||
* bug (no number): policy compiler for iptables used "tail -1" in the
|
||||
shell script that read actual IP addresses of interfaces of the
|
||||
firewall. This shell code failed to determine correct address of an
|
||||
interface that was configured with a secondary address. Reverted to
|
||||
using grep (I switched to tail when ran into limitations of one of the
|
||||
beta builds of Sveasoft Linksys firmware that did not have grep)
|
||||
212
doc/ReleaseNotes_2.0.5.html
Normal file
212
doc/ReleaseNotes_2.0.5.html
Normal file
@@ -0,0 +1,212 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
</head>
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.5 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 01/07/05
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
This is a bugfix release; its main focus is on internationalization and usability
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in the document "Install and Build instructions" on our web site <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
|
||||
|
||||
<h2>What's new</h2>
|
||||
<ul>
|
||||
|
||||
<li>Improvements in the GUI
|
||||
<p>
|
||||
<ul>
|
||||
<li>Fixed lots of places were strings were not properly
|
||||
marked for localization, this lead to GUI showing '????'
|
||||
instead of a text in some menu items and dialogs in
|
||||
non-english locales</li>
|
||||
|
||||
<li>properly synchronizing state of the items main menu with
|
||||
state of corresponding items in the pop-up menu that appears
|
||||
when user right-mouse-clicks on an object in the tree</li>
|
||||
|
||||
<li>fixes for non-localized text strings in dialogs (mostly
|
||||
"Continue", "Yes"/"No" etc. in many places)</li>
|
||||
|
||||
<li>proper localization of the human-readable version number
|
||||
text for iptables; also made info window print readable text
|
||||
instead of "lt_1.2.6"</li>
|
||||
|
||||
<li>cosmetic changes in some dialogs layout to make the look
|
||||
better when localized text makes strings much longer</li>
|
||||
|
||||
<li>firewall object dialog tab "Templates" has been hidden. It
|
||||
is unlikely that this feature will be implemented in 2.0.X
|
||||
series.</li>
|
||||
|
||||
<li>Streamlined logic in the object editor dialog. This improves
|
||||
handling of the situation when user closes dialog by clicking on
|
||||
[x] while 1) there are unsaved data and/or 2) some of the
|
||||
object's parameters have illegal values. The dialog behavior
|
||||
also depends on the setting of the global flag "Autosave" that
|
||||
causes dialog to automatically save data when user switches
|
||||
between objects.</li>
|
||||
|
||||
<li>when user opens data file in the old format (fwbuilder
|
||||
v1.1.x, extension .xml) and after autoupgrade the program
|
||||
discovers that the same file with extension .fwb already
|
||||
exists, it offers the user a chance to choose different
|
||||
name. If user clicks "Cancel" at this point, the program
|
||||
cancel operation and reverts upgraded data file back to its
|
||||
original name and version.</li>
|
||||
|
||||
<li>improved behavior of the main menu "Edit" as well as
|
||||
pop-up menu that appears when user right mouse clicks on an
|
||||
object in the tree. Menu item "Paste" should only be enabled
|
||||
if the clipboard is not empty and objects that are stored in
|
||||
it can be pasted into selected object in the tree.</li>
|
||||
|
||||
<li>when user clicks menu item "File/Open" to open a new
|
||||
file, the GUI should save and close currently opened file
|
||||
only after the user chooses new file. If user clicks Cancel
|
||||
in the File/Open dialog, operation should be cancelled so
|
||||
the user can continue working with currently opened
|
||||
file. The same applies to operation File/New.</li>
|
||||
|
||||
<li>implemented feature request: colors that are used to
|
||||
color rules can be changed in Preferences dialog.</li>
|
||||
|
||||
<li>main menu item "Object/New Object/Address" and
|
||||
corresponding toolbar button always creates an Address
|
||||
object under Objects/Addresses folder in the tree. Address
|
||||
of an interface can be created using pop-up menu item "Add
|
||||
IP Address"</li>
|
||||
|
||||
<li>Pull-down menu "On startup" in the "General" tab of the
|
||||
preferences dialog now has three items: "Load standard
|
||||
objects", "Load last edited file" and "Ask user what to
|
||||
do". The last item is default.</li>
|
||||
|
||||
<li>Updated Japanese and Russian translations</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<hr>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug (no num): the GUI crashed when user tried to add a
|
||||
library file for auto-load in Preferences/Libraries and the
|
||||
first library object in that file had a name using non-ascii
|
||||
characters</li>
|
||||
|
||||
<li>bug (internal #34) the program should issue a warning when
|
||||
user tries to add a library file (.fwl) that contains object
|
||||
library that already exists in the opened data file.</li>
|
||||
|
||||
<li>bugfixes for the behavior of the object editor
|
||||
dialogs. Dialog should ask if user wants to save data and then
|
||||
validate it when user clicks on [x] to close editor dialog. It
|
||||
used to validate the data first, then ask if they want to close
|
||||
dialog.</li>
|
||||
|
||||
<li>bug (localization): RCS log entries made using non-ascii
|
||||
characters used to appear as '???' in Open File and
|
||||
File/Properties dialogs.</li>
|
||||
|
||||
<li>localization was broken on win32 and mac os x because
|
||||
translation files were not installed properly. Now fixed.</li>
|
||||
|
||||
<li>bug #1092810: "Multiline RCS comments are shown as a single
|
||||
line on windows". As it turned out, this bug affected all
|
||||
platforms.</li>
|
||||
|
||||
<li>bug (no num) that caused GUI crash when user created new
|
||||
firewall object using template with three interfaces.</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in API:</h2>
|
||||
<ul>
|
||||
<li>bug #1068119: "additional whitespace for Rule comments in
|
||||
.fw file". Added extra space between rule number and interface
|
||||
spec in rule comments.</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>bug #1089586: "default --icmp-type value is 0 in iptables <
|
||||
1.2.9". The problem concerns policy rules using service object
|
||||
"any ICMP". A rule like this is supposed to match any ICMP
|
||||
packet. Few versions ago I had to add option "-m icmp" (and "-m
|
||||
udp", "-m tcp") because I've discovered that iptables-restore on
|
||||
some systems (linksys sveasoft firmware, iptables v1.2.11)
|
||||
refused to load rules without it. Now it turns out that iptables
|
||||
v < 1.2.9 (tested on 1.2.6a and 1.2.7a) implicitly adds
|
||||
equivalent of "--icmp-type 0" to rules with "-p icmp -m icmp"
|
||||
and without "--icmp-type" option. Since type 0 is actually icmp
|
||||
echo reply, a rule like this does not match "any ICMP" as it was
|
||||
supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255"
|
||||
which matches any icmp type. Using "--icmp-type 255" on iptables
|
||||
1.2.6 and 1.2.7 does not work (a rule does not match icmp
|
||||
packets with type different from 255). The fix generates "-p
|
||||
icmp -m icmp --icmp-type any" for iptables 1.2.9 and later, as
|
||||
well as when iptables version is not specified in the firewall
|
||||
object settings. It generates just "-p icmp" for versions <
|
||||
1.2.9.</li>
|
||||
|
||||
<li>bug #1092141: "irritating FORWARD rule for established
|
||||
connections". Need rule in FORWARD chain only if ip forwarding
|
||||
is on or set to "no change"</li>
|
||||
|
||||
<li>bug #1059393: "function getaddr failed for
|
||||
eth1.0020". Generated script can now work with interfaces that
|
||||
have a dot in their name (such as "eth1.0020" - vlan interface)</li>
|
||||
|
||||
</ul>
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for ipfw fwb_ipfw:</h2>
|
||||
<ul>
|
||||
<li>bug #1089866: "multiple services in one rule confuses ipfw
|
||||
compiler". If several UDP or TCP objects were used in the same
|
||||
policy rule and these service objects had source port ranges
|
||||
defined, the compiler would produce incorrect code by combining
|
||||
source port range specifications together in the same ipfw
|
||||
command.</li>
|
||||
|
||||
<li>bug #1093461: "problem with 'established' in ipfw". Ipfw
|
||||
requires protocol to be set to 'tcp' if option 'established' is
|
||||
used in a rule.</li>
|
||||
|
||||
<li>bug #1093472: "ipfw port range(s) errors". There can only be
|
||||
one port range in a single ipfw rule.</li>
|
||||
|
||||
<li>bug #1093620: "path (to ipfw) with spaces fails". Generated
|
||||
script failed if path to ipfw contained space. I only worked
|
||||
around this problem for ipfw; paths to sysctl and logger must be
|
||||
standard and never contain spaces.</li>
|
||||
|
||||
</ul>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
140
doc/ReleaseNotes_2.0.5.txt
Normal file
140
doc/ReleaseNotes_2.0.5.txt
Normal file
@@ -0,0 +1,140 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.5
|
||||
|
||||
Released 01/07/05
|
||||
GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5
|
||||
|
||||
Summary
|
||||
|
||||
This is a bugfix release; its main focus is on internationalization and
|
||||
usability
|
||||
|
||||
For those who wish to build from source, instructions are outlined in the
|
||||
document "Install and Build instructions" on our web site here
|
||||
|
||||
What's new
|
||||
|
||||
* Improvements in the GUI
|
||||
|
||||
* Fixed lots of places were strings were not properly marked for
|
||||
localization, this lead to GUI showing '????' instead of a text
|
||||
in some menu items and dialogs in non-english locales
|
||||
* properly synchronizing state of the items main menu with state of
|
||||
corresponding items in the pop-up menu that appears when user
|
||||
right-mouse-clicks on an object in the tree
|
||||
* fixes for non-localized text strings in dialogs (mostly
|
||||
"Continue", "Yes"/"No" etc. in many places)
|
||||
* proper localization of the human-readable version number text for
|
||||
iptables; also made info window print readable text instead of
|
||||
"lt_1.2.6"
|
||||
* cosmetic changes in some dialogs layout to make the look better
|
||||
when localized text makes strings much longer
|
||||
* firewall object dialog tab "Templates" has been hidden. It is
|
||||
unlikely that this feature will be implemented in 2.0.X series.
|
||||
* Streamlined logic in the object editor dialog. This improves
|
||||
handling of the situation when user closes dialog by clicking on
|
||||
[x] while 1) there are unsaved data and/or 2) some of the
|
||||
object's parameters have illegal values. The dialog behavior also
|
||||
depends on the setting of the global flag "Autosave" that causes
|
||||
dialog to automatically save data when user switches between
|
||||
objects.
|
||||
* when user opens data file in the old format (fwbuilder v1.1.x,
|
||||
extension .xml) and after autoupgrade the program discovers that
|
||||
the same file with extension .fwb already exists, it offers the
|
||||
user a chance to choose different name. If user clicks "Cancel"
|
||||
at this point, the program cancel operation and reverts upgraded
|
||||
data file back to its original name and version.
|
||||
* improved behavior of the main menu "Edit" as well as pop-up menu
|
||||
that appears when user right mouse clicks on an object in the
|
||||
tree. Menu item "Paste" should only be enabled if the clipboard
|
||||
is not empty and objects that are stored in it can be pasted into
|
||||
selected object in the tree.
|
||||
* when user clicks menu item "File/Open" to open a new file, the
|
||||
GUI should save and close currently opened file only after the
|
||||
user chooses new file. If user clicks Cancel in the File/Open
|
||||
dialog, operation should be cancelled so the user can continue
|
||||
working with currently opened file. The same applies to operation
|
||||
File/New.
|
||||
* implemented feature request: colors that are used to color rules
|
||||
can be changed in Preferences dialog.
|
||||
* main menu item "Object/New Object/Address" and corresponding
|
||||
toolbar button always creates an Address object under
|
||||
Objects/Addresses folder in the tree. Address of an interface can
|
||||
be created using pop-up menu item "Add IP Address"
|
||||
* Pull-down menu "On startup" in the "General" tab of the
|
||||
preferences dialog now has three items: "Load standard objects",
|
||||
"Load last edited file" and "Ask user what to do". The last item
|
||||
is default.
|
||||
* Updated Japanese and Russian translations
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug (no num): the GUI crashed when user tried to add a library file
|
||||
for auto-load in Preferences/Libraries and the first library object in
|
||||
that file had a name using non-ascii characters
|
||||
* bug (internal #34) the program should issue a warning when user tries
|
||||
to add a library file (.fwl) that contains object library that already
|
||||
exists in the opened data file.
|
||||
* bugfixes for the behavior of the object editor dialogs. Dialog should
|
||||
ask if user wants to save data and then validate it when user clicks
|
||||
on [x] to close editor dialog. It used to validate the data first,
|
||||
then ask if they want to close dialog.
|
||||
* bug (localization): RCS log entries made using non-ascii characters
|
||||
used to appear as '???' in Open File and File/Properties dialogs.
|
||||
* localization was broken on win32 and mac os x because translation
|
||||
files were not installed properly. Now fixed.
|
||||
* bug #1092810: "Multiline RCS comments are shown as a single line on
|
||||
windows". As it turned out, this bug affected all platforms.
|
||||
* bug (no num) that caused GUI crash when user created new firewall
|
||||
object using template with three interfaces.
|
||||
|
||||
Bugs fixed in API:
|
||||
|
||||
* bug #1068119: "additional whitespace for Rule comments in .fw file".
|
||||
Added extra space between rule number and interface spec in rule
|
||||
comments.
|
||||
|
||||
Bugs fixed in policy compiler for iptables fwb_ipt:
|
||||
|
||||
* bug #1089586: "default --icmp-type value is 0 in iptables < 1.2.9".
|
||||
The problem concerns policy rules using service object "any ICMP". A
|
||||
rule like this is supposed to match any ICMP packet. Few versions ago
|
||||
I had to add option "-m icmp" (and "-m udp", "-m tcp") because I've
|
||||
discovered that iptables-restore on some systems (linksys sveasoft
|
||||
firmware, iptables v1.2.11) refused to load rules without it. Now it
|
||||
turns out that iptables v < 1.2.9 (tested on 1.2.6a and 1.2.7a)
|
||||
implicitly adds equivalent of "--icmp-type 0" to rules with "-p icmp
|
||||
-m icmp" and without "--icmp-type" option. Since type 0 is actually
|
||||
icmp echo reply, a rule like this does not match "any ICMP" as it was
|
||||
supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255" which
|
||||
matches any icmp type. Using "--icmp-type 255" on iptables 1.2.6 and
|
||||
1.2.7 does not work (a rule does not match icmp packets with type
|
||||
different from 255). The fix generates "-p icmp -m icmp --icmp-type
|
||||
any" for iptables 1.2.9 and later, as well as when iptables version is
|
||||
not specified in the firewall object settings. It generates just "-p
|
||||
icmp" for versions < 1.2.9.
|
||||
* bug #1092141: "irritating FORWARD rule for established connections".
|
||||
Need rule in FORWARD chain only if ip forwarding is on or set to "no
|
||||
change"
|
||||
* bug #1059393: "function getaddr failed for eth1.0020". Generated
|
||||
script can now work with interfaces that have a dot in their name
|
||||
(such as "eth1.0020" - vlan interface)
|
||||
|
||||
Bugs fixed in policy compiler for ipfw fwb_ipfw:
|
||||
|
||||
* bug #1089866: "multiple services in one rule confuses ipfw compiler".
|
||||
If several UDP or TCP objects were used in the same policy rule and
|
||||
these service objects had source port ranges defined, the compiler
|
||||
would produce incorrect code by combining source port range
|
||||
specifications together in the same ipfw command.
|
||||
* bug #1093461: "problem with 'established' in ipfw". Ipfw requires
|
||||
protocol to be set to 'tcp' if option 'established' is used in a rule.
|
||||
* bug #1093472: "ipfw port range(s) errors". There can only be one port
|
||||
range in a single ipfw rule.
|
||||
* bug #1093620: "path (to ipfw) with spaces fails". Generated script
|
||||
failed if path to ipfw contained space. I only worked around this
|
||||
problem for ipfw; paths to sysctl and logger must be standard and
|
||||
never contain spaces.
|
||||
259
doc/ReleaseNotes_2.0.6.html
Normal file
259
doc/ReleaseNotes_2.0.6.html
Normal file
@@ -0,0 +1,259 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
</head>
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.6 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 02/17/05
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
This release adds ability to print firewall rulesets
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in the document "Install and Build instructions" on our web site <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
|
||||
|
||||
<h2>What's new</h2>
|
||||
<ul>
|
||||
|
||||
<li>Improvements in the GUI
|
||||
<p>
|
||||
<ul>
|
||||
<li>Support for printing of firewall rulesets:
|
||||
<p>
|
||||
<ul>
|
||||
<li>prints policies and NAT rules for the currently
|
||||
opened firewall object</li>
|
||||
|
||||
<li>can print a header on each page, header includes
|
||||
file name, RCS revision number and page number. Header
|
||||
can be turned off</li>
|
||||
|
||||
<li>can print a legend at the end of the
|
||||
printout. Legend shows each icon and what object type it
|
||||
corresponds to. Printing of the legend can be turned
|
||||
off.</li>
|
||||
|
||||
<li>can print a list of objects used in all rules of the
|
||||
firewall. Each object is accompanied with a brief
|
||||
summary of its parameters. This can be turned off as
|
||||
well.</li>
|
||||
|
||||
<li>While printing rule sets, the program will break the
|
||||
table on the boundary of a rule when it reaches end of
|
||||
the page</li>
|
||||
|
||||
<li>Rule sets are printed as screenshots of the same
|
||||
table widget used in the GUI. The user can change
|
||||
scaling factor for the tables to make them fit on the
|
||||
page</li>
|
||||
|
||||
<li>Printing has been tested on Linux, Windows and Mac
|
||||
OS X</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>slightly changed logic with user warnings in the object
|
||||
removal code. The program asks the user for confirmation if
|
||||
they remove an ordinary object from a regular
|
||||
library. Confirmation is not asked if object is removed from
|
||||
"Deleted objects" library or when a library is being deleted
|
||||
(in this case we ask a different quastion later
|
||||
anyway). This helps avoid double warning when a library is
|
||||
deleted.
|
||||
<p>
|
||||
</li>
|
||||
|
||||
<li>New service objects:
|
||||
<ul>
|
||||
<li>TCP service objects for regular VNC viewer (displays
|
||||
0 and 1) and Java VNC viewer (displays 0 and 1)</li>
|
||||
<li>UDP service object for OpenVPN</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Improvements in compiler for iptables fwb_ipt
|
||||
<p>
|
||||
<ul>
|
||||
<li>implemented feature req. #1112980: "Need unique names
|
||||
for accounting rules". User can now specify a unique name
|
||||
for rules with action 'Accounting'; this name will be
|
||||
converted to a chain name. This simplifies accounting since
|
||||
chain name for such rule won't change if the user adds or
|
||||
removes rules above or below. </li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<hr>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug #1107838: "bug in configure script in fwbuilder
|
||||
2.0.6". Need to specify path "./" when calling runqmake.sh </li>
|
||||
|
||||
<li>bug #1109631: "can not copy firewall script to /etc on
|
||||
Linksys". Added an option ot all OS resource files that
|
||||
determines whether user is allowed to change installation
|
||||
directory on the firewall. Currently it is allowed on all
|
||||
supported OS except Linksys/Sveasoft because there /etc/ resides
|
||||
on read-only filesystem</li>
|
||||
|
||||
<li>bug #1109174: "Cannot print rule base" - implemented
|
||||
printing</li>
|
||||
|
||||
<li>bug #1111244 "GUI allows to add more than one MAC address to
|
||||
an interface". There can only be one MAC address for each
|
||||
interface.</li>
|
||||
|
||||
<li>bug #1112264: "Load last edited file" setting doesn't
|
||||
work. This was broken only on Mac OS X.</li>
|
||||
|
||||
<li>bug #1112764: "some Objects are partially obscured in
|
||||
printout". Parts of the "Objects" table were clipped. </li>
|
||||
|
||||
<li>bug #1112776: "some items touching seperator lines on
|
||||
printouts". Rule elements "Action", "Direction", "Options" and
|
||||
"Comment" were placed right at the top of the table cell which
|
||||
led to their clipping when rule set was printed on Mac OS
|
||||
X. Need more testing.</li>
|
||||
|
||||
<li>bug #1115412: "Problem installer FWbuilder 2.0.5 for
|
||||
Windows". Switched to command line option "-l" to specify user
|
||||
name for external ssh in installer. This was necessary because
|
||||
Van Dyke SecureCRT on Windows does not support user@host syntax.</li>
|
||||
|
||||
<li>bug #1030538: "incorrect highlighting when selecting
|
||||
multiple rules". This bug seems to be specific to Mac OS X</li>
|
||||
|
||||
<li>support request #1118039: "Error when Windows client calls
|
||||
plink -ssh". The problem is that putty ignores protocol and port
|
||||
specified in the session file if command line option -ssh is
|
||||
given. On the other hand, the sign of session usage is an empty
|
||||
user name, so we can check for that. If user name is empty, then
|
||||
putty will use current Windows account name to log in to the
|
||||
firewall and this is unlikely to work anyway. This seems to be a
|
||||
decent workaround.</li>
|
||||
|
||||
<li>bug #1118717: "fwbuilder 206 on Windows XP SP2: error
|
||||
checking out". Env variable USERNAME was not set in user's
|
||||
profile, which triggered this bug. Now using getuid to get user
|
||||
name on Unix and GetUserName on Windows. This should make the
|
||||
program more resilient for situations when environment variable
|
||||
LOGNAME or USERNAME is not set</li>
|
||||
|
||||
<li>bug #1120904: "GUI hangs when accessing RCS file". Improved
|
||||
parsing of rlog output.</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in API:</h2>
|
||||
<ul>
|
||||
<li>bug #1108861: "two rules using MAC address matching shadow
|
||||
each other". Need to check for MAC addresses while processing
|
||||
rules for shadowing. </li>
|
||||
|
||||
<li>bug #1105167: "Crash when importing a library that has been
|
||||
deleted".</li>
|
||||
|
||||
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>bug #1106701: 'backup ssh access' and statefulness
|
||||
interation. Need to add rules matching states ESTABLISHED and
|
||||
RELATED for the backup ssh access to make sure it works even if
|
||||
global rule matching these states is disabled. </li>
|
||||
|
||||
<li>bug #1101910: "Samba problem with Bridged Firewall". Need to
|
||||
split rule to take care of broadcasts forwarded by the bridge
|
||||
and broadcasts that are accepted by the firewall itself. Need to
|
||||
do this only if the rule is not associated with any bridging
|
||||
interface.</li>
|
||||
|
||||
<li>bug #1102629: "lost chain in accounting rules". Rules with
|
||||
multiple objects in one of the rule elements and action
|
||||
'Accounting' generated code that ignored objects in that rule
|
||||
element</li>
|
||||
|
||||
<li>bug #1112976: "Accounting rule with logging produces looped
|
||||
iptables command"</li>
|
||||
|
||||
<li>bug #1112470: "Problem with FW part of ANY in Bridged mode".
|
||||
If fw is considered part of any, we should place rule in
|
||||
INPUT/OUTPUT chains even if it is a bridging fw since fw itself
|
||||
may send or receive packets.</li>
|
||||
|
||||
<li>bug #1123748 "busybox grep -E". Busybox does not support
|
||||
option "-E" with grep, however it has "egrep".</li>
|
||||
|
||||
<li>bug #1123933 "iptables add_addr() expr binary not found". As
|
||||
it turns out, /usr/bin/ is not in PATH during boot time on
|
||||
Slackware. I added /usr/bin/ to PATH variable in generated
|
||||
iptables script.</li>
|
||||
</ul>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for pf fwb_pf:</h2>
|
||||
<ul>
|
||||
<li>bug #1105755 "Custom Service objects not working for PF
|
||||
compiler".User tried to generate a nat rule like this using
|
||||
CustomService object:
|
||||
<p>
|
||||
<blockquote>
|
||||
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22
|
||||
</blockquote>
|
||||
<p>
|
||||
Taken from the bug report:
|
||||
<p>
|
||||
as it turned out, I can not fix this. You are trying to use
|
||||
Custom Service object to insert protocol list into a "nat"
|
||||
rule. Normally, a service object such as TCP or UDP service
|
||||
generates two components for any rule where it is used: a
|
||||
protocol specification and port specification (type/ code spec
|
||||
for ICMP). PF is sensitive to the order of parameters in the
|
||||
rule, in particular, protocol must be defined after interface
|
||||
but before src/dst addresses in the rule, while port numbers
|
||||
go after addresses. Compiler easily retrieves this
|
||||
information from IP, TCP, UDP and ICMP services and places it
|
||||
in a proper slots in the rule it generates. CustomService
|
||||
does not have a notion of protocol and parameters for it, so
|
||||
compiler puts a string that is configured in the CustomService
|
||||
in the place reserved for port numbers. This means you can not
|
||||
use CustomService to specify protocols.
|
||||
<p>
|
||||
There still was a bug in fwb_pf where it would print
|
||||
"custom_service" in place of protocol. This is fixed in 2.0.6
|
||||
build 542. Protocols can not be inserted with Custom Service
|
||||
though.
|
||||
<p>
|
||||
Feature request #1111267 "CustomService should specify protocol
|
||||
and parameters for it" has been opened
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
||||
166
doc/ReleaseNotes_2.0.6.txt
Normal file
166
doc/ReleaseNotes_2.0.6.txt
Normal file
@@ -0,0 +1,166 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.6
|
||||
|
||||
Released 02/17/05
|
||||
GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6
|
||||
|
||||
Summary
|
||||
|
||||
This release adds ability to print firewall rulesets
|
||||
|
||||
For those who wish to build from source, instructions are outlined in the
|
||||
document "Install and Build instructions" on our web site here
|
||||
|
||||
What's new
|
||||
|
||||
* Improvements in the GUI
|
||||
|
||||
* Support for printing of firewall rulesets:
|
||||
|
||||
* prints policies and NAT rules for the currently opened
|
||||
firewall object
|
||||
* can print a header on each page, header includes file name,
|
||||
RCS revision number and page number. Header can be turned
|
||||
off
|
||||
* can print a legend at the end of the printout. Legend shows
|
||||
each icon and what object type it corresponds to. Printing
|
||||
of the legend can be turned off.
|
||||
* can print a list of objects used in all rules of the
|
||||
firewall. Each object is accompanied with a brief summary of
|
||||
its parameters. This can be turned off as well.
|
||||
* While printing rule sets, the program will break the table
|
||||
on the boundary of a rule when it reaches end of the page
|
||||
* Rule sets are printed as screenshots of the same table
|
||||
widget used in the GUI. The user can change scaling factor
|
||||
for the tables to make them fit on the page
|
||||
* Printing has been tested on Linux, Windows and Mac OS X
|
||||
|
||||
* slightly changed logic with user warnings in the object removal
|
||||
code. The program asks the user for confirmation if they remove
|
||||
an ordinary object from a regular library. Confirmation is not
|
||||
asked if object is removed from "Deleted objects" library or when
|
||||
a library is being deleted (in this case we ask a different
|
||||
quastion later anyway). This helps avoid double warning when a
|
||||
library is deleted.
|
||||
|
||||
* New service objects:
|
||||
|
||||
* TCP service objects for regular VNC viewer (displays 0 and
|
||||
1) and Java VNC viewer (displays 0 and 1)
|
||||
* UDP service object for OpenVPN
|
||||
|
||||
* Improvements in compiler for iptables fwb_ipt
|
||||
|
||||
* implemented feature req. #1112980: "Need unique names for
|
||||
accounting rules". User can now specify a unique name for rules
|
||||
with action 'Accounting'; this name will be converted to a chain
|
||||
name. This simplifies accounting since chain name for such rule
|
||||
won't change if the user adds or removes rules above or below.
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug #1107838: "bug in configure script in fwbuilder 2.0.6". Need to
|
||||
specify path "./" when calling runqmake.sh
|
||||
* bug #1109631: "can not copy firewall script to /etc on Linksys". Added
|
||||
an option ot all OS resource files that determines whether user is
|
||||
allowed to change installation directory on the firewall. Currently it
|
||||
is allowed on all supported OS except Linksys/Sveasoft because there
|
||||
/etc/ resides on read-only filesystem
|
||||
* bug #1109174: "Cannot print rule base" - implemented printing
|
||||
* bug #1111244 "GUI allows to add more than one MAC address to an
|
||||
interface". There can only be one MAC address for each interface.
|
||||
* bug #1112264: "Load last edited file" setting doesn't work. This was
|
||||
broken only on Mac OS X.
|
||||
* bug #1112764: "some Objects are partially obscured in printout". Parts
|
||||
of the "Objects" table were clipped.
|
||||
* bug #1112776: "some items touching seperator lines on printouts". Rule
|
||||
elements "Action", "Direction", "Options" and "Comment" were placed
|
||||
right at the top of the table cell which led to their clipping when
|
||||
rule set was printed on Mac OS X. Need more testing.
|
||||
* bug #1115412: "Problem installer FWbuilder 2.0.5 for Windows".
|
||||
Switched to command line option "-l" to specify user name for external
|
||||
ssh in installer. This was necessary because Van Dyke SecureCRT on
|
||||
Windows does not support user@host syntax.
|
||||
* bug #1030538: "incorrect highlighting when selecting multiple rules".
|
||||
This bug seems to be specific to Mac OS X
|
||||
* support request #1118039: "Error when Windows client calls plink
|
||||
-ssh". The problem is that putty ignores protocol and port specified
|
||||
in the session file if command line option -ssh is given. On the other
|
||||
hand, the sign of session usage is an empty user name, so we can check
|
||||
for that. If user name is empty, then putty will use current Windows
|
||||
account name to log in to the firewall and this is unlikely to work
|
||||
anyway. This seems to be a decent workaround.
|
||||
* bug #1118717: "fwbuilder 206 on Windows XP SP2: error checking out".
|
||||
Env variable USERNAME was not set in user's profile, which triggered
|
||||
this bug. Now using getuid to get user name on Unix and GetUserName on
|
||||
Windows. This should make the program more resilient for situations
|
||||
when environment variable LOGNAME or USERNAME is not set
|
||||
* bug #1120904: "GUI hangs when accessing RCS file". Improved parsing of
|
||||
rlog output.
|
||||
|
||||
Bugs fixed in API:
|
||||
|
||||
* bug #1108861: "two rules using MAC address matching shadow each
|
||||
other". Need to check for MAC addresses while processing rules for
|
||||
shadowing.
|
||||
* bug #1105167: "Crash when importing a library that has been deleted".
|
||||
|
||||
Bugs fixed in policy compiler for iptables fwb_ipt:
|
||||
|
||||
* bug #1106701: 'backup ssh access' and statefulness interation. Need to
|
||||
add rules matching states ESTABLISHED and RELATED for the backup ssh
|
||||
access to make sure it works even if global rule matching these states
|
||||
is disabled.
|
||||
* bug #1101910: "Samba problem with Bridged Firewall". Need to split
|
||||
rule to take care of broadcasts forwarded by the bridge and broadcasts
|
||||
that are accepted by the firewall itself. Need to do this only if the
|
||||
rule is not associated with any bridging interface.
|
||||
* bug #1102629: "lost chain in accounting rules". Rules with multiple
|
||||
objects in one of the rule elements and action 'Accounting' generated
|
||||
code that ignored objects in that rule element
|
||||
* bug #1112976: "Accounting rule with logging produces looped iptables
|
||||
command"
|
||||
* bug #1112470: "Problem with FW part of ANY in Bridged mode". If fw is
|
||||
considered part of any, we should place rule in INPUT/OUTPUT chains
|
||||
even if it is a bridging fw since fw itself may send or receive
|
||||
packets.
|
||||
* bug #1123748 "busybox grep -E". Busybox does not support option "-E"
|
||||
with grep, however it has "egrep".
|
||||
* bug #1123933 "iptables add_addr() expr binary not found". As it turns
|
||||
out, /usr/bin/ is not in PATH during boot time on Slackware. I added
|
||||
/usr/bin/ to PATH variable in generated iptables script.
|
||||
|
||||
Bugs fixed in policy compiler for pf fwb_pf:
|
||||
|
||||
* bug #1105755 "Custom Service objects not working for PF compiler".User
|
||||
tried to generate a nat rule like this using CustomService object:
|
||||
|
||||
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any ->
|
||||
22.22.22.22
|
||||
|
||||
Taken from the bug report:
|
||||
|
||||
as it turned out, I can not fix this. You are trying to use Custom
|
||||
Service object to insert protocol list into a "nat" rule. Normally, a
|
||||
service object such as TCP or UDP service generates two components for
|
||||
any rule where it is used: a protocol specification and port
|
||||
specification (type/ code spec for ICMP). PF is sensitive to the order
|
||||
of parameters in the rule, in particular, protocol must be defined
|
||||
after interface but before src/dst addresses in the rule, while port
|
||||
numbers go after addresses. Compiler easily retrieves this information
|
||||
from IP, TCP, UDP and ICMP services and places it in a proper slots in
|
||||
the rule it generates. CustomService does not have a notion of
|
||||
protocol and parameters for it, so compiler puts a string that is
|
||||
configured in the CustomService in the place reserved for port
|
||||
numbers. This means you can not use CustomService to specify
|
||||
protocols.
|
||||
|
||||
There still was a bug in fwb_pf where it would print "custom_service"
|
||||
in place of protocol. This is fixed in 2.0.6 build 542. Protocols can
|
||||
not be inserted with Custom Service though.
|
||||
|
||||
Feature request #1111267 "CustomService should specify protocol and
|
||||
parameters for it" has been opened
|
||||
271
doc/ReleaseNotes_2.0.7.html
Normal file
271
doc/ReleaseNotes_2.0.7.html
Normal file
@@ -0,0 +1,271 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
</head>
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.7 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 05/08/2005
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
This is a bug fix release
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in the document "Install and Build instructions" on our web site <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
|
||||
|
||||
<h2>What's new</h2>
|
||||
<ul>
|
||||
<li>Improvements in the GUI
|
||||
<p>
|
||||
<ul>
|
||||
<li>implemented feature req. #1151220: "Close" button should
|
||||
change is caption/title to "Install". When user clicks
|
||||
"Install" toolbar button or main menu item, the "Close"
|
||||
button in the pop-up window that displays compiler progress
|
||||
changes its text caption to "Install"</li>
|
||||
|
||||
<li>implemented feature request #1151206: "Search for IP
|
||||
Addresses". "Find" dialog searches for objects by a
|
||||
combination of name and one of the following attributes:
|
||||
address, tcp/udp port, ip protocol number or icmp message
|
||||
type. Regular expressions can be used for both name and
|
||||
attribute.</li>
|
||||
|
||||
<li>Support for SNMP operations has been added in Windows
|
||||
packages of Firewall Builder</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Improvements in built-in installer:
|
||||
<p>
|
||||
User can specify additional command line parameters for ssh
|
||||
that built-in installer runs to access firewall. This allows
|
||||
for alternative ssh port or alternative ssh identity to be
|
||||
used when accessing firewall. Parameters can be added in the
|
||||
"Installer" tab of firewall settings dialog for all
|
||||
platforms.
|
||||
</p>
|
||||
</li>
|
||||
|
||||
<li>Improvements in compiler for ipfilter fwb_ipf
|
||||
<p>
|
||||
Added support for dynamic addresses in ipfilter. Actual
|
||||
address of dynamic interface is now determined at run-time
|
||||
in the policy activation script <firewall_name>.fw
|
||||
generated by fwbuilder. If dynamic interface is used
|
||||
somewhere in the policy or nat rules, it will be replaced
|
||||
with its actual address by activation script before
|
||||
configuration is sent to ipf or ipnat for activation. This
|
||||
run-time substitution is done only if a checkbox is checked
|
||||
in the "Script options" tab of firewall settings
|
||||
dialog. Default behavior is to use "any". This is because
|
||||
ipfilter configuration files <firewall>-ipf.conf and
|
||||
<firewall>-nat.conf that rely on run-time substitution
|
||||
of dynamic interface address can not be loaded using
|
||||
standard activation scripts that come with FreeBSD.
|
||||
</p>
|
||||
<p>
|
||||
Generated script uses function getaddr() to determine
|
||||
address of dynamic interface. This function falls back to
|
||||
0.0.0.0/32 if dynamic interface has not been assigned an
|
||||
address yet or is down. Ipfilter policy using run-time
|
||||
substitution of dynamic interface addresses will be
|
||||
functional even if these interfaces are down or do not have
|
||||
IP address.
|
||||
</p>
|
||||
</li>
|
||||
|
||||
<li>Improvements in compiler for iptables fwb_ipt
|
||||
<p>
|
||||
Generated iptables script sets default policies to DROP in
|
||||
all ipv6 filter chains. More detailed control can be
|
||||
implemented using prolog or epilog scripts.
|
||||
<p>
|
||||
Note that this changes behavior of the generated iptables
|
||||
script with respect to IPv6. Until now, the script just
|
||||
ignored IPv6 but some people felt this leaves a hole in the
|
||||
firewall and asked me to make the script close it. Generated
|
||||
shell code will check if ip6tables is installed on the
|
||||
system and if it actually works before setting default
|
||||
policies to DROP. This means it won't try to do it if
|
||||
ip6tables is not installed or if it is present, but IPv6 is
|
||||
not compiled into the kernel (so ip6tables does not work and
|
||||
generates errors).
|
||||
</p>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<hr>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in GUI:</h2>
|
||||
<ul>
|
||||
<li>bug #1151052: "Not external interfaces marked as
|
||||
external". Dialog for an interface object that belongs to a host
|
||||
should not show checkbox "external (insecure) interface"</li>
|
||||
|
||||
<li>bug #1151212: "Collapsed sub-objects shouldn't be added if
|
||||
they are hidden". When user selects multiple objects in the tree
|
||||
some of which have child objects, those child objects used to be
|
||||
also selected and added to groups in addition to their parent
|
||||
objects via drag-and-drop operation.</li>
|
||||
|
||||
<li>bug #1151243: "Maintain format of description text". The GUI
|
||||
ignored text formatting in object comment when displayed it in
|
||||
the info panel (lower left corner of the main windows)</li>
|
||||
|
||||
<li>bug #1155163: "print does not print group contents". The
|
||||
program printed only number of objects contaned in object or
|
||||
service groups. Now it prints lists of member objects for all
|
||||
groups used in rules. If groups contain other groups, they are
|
||||
printed recursively.</li>
|
||||
|
||||
<li>bug #1172620: "Add tcp service object for icslap". Added
|
||||
this object to the objects library "Standard".</li>
|
||||
|
||||
<li>bug #1184791: "can not copy/paste multiple objects into a
|
||||
group"</li>
|
||||
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in API:</h2>
|
||||
<ul>
|
||||
<li>
|
||||
bug #1158870: "mutexes are not properly created on
|
||||
FreeBSD". Mutexes gethostbyname_mutex and gethostbyaddr_mutex
|
||||
were never created but used on OS where thread-safe resolver
|
||||
is not available.
|
||||
</li>
|
||||
|
||||
<li>bug #1151219: "New Host creation window is not well
|
||||
dimensioned". Fixed wrong dialog page layout in the new host
|
||||
wizard.</li>
|
||||
|
||||
<li>bug #1157976: "patches to make fwbuilder compile under
|
||||
NetBSD 1.6". Applied patches.</li>
|
||||
|
||||
<li>bug #1173801: '"&" character in prolog/epilog'. Needed to
|
||||
call xmlEncodeSpecialChars to encode special characters in
|
||||
firewall options</li>
|
||||
</ul>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
|
||||
<ul>
|
||||
<li>
|
||||
bug #1123748: "busybox grep -E". Busybox in floppyfw is
|
||||
compiled without support for egrep (or grep -E). Switched to
|
||||
using "plain" grep.</li>
|
||||
|
||||
<li>bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16
|
||||
or 31 ports were used in a single rule, compiler generated
|
||||
command with conflicting options "-m multiport --dport"</li>
|
||||
|
||||
<li>
|
||||
bug #1176890: "block IPv6". Generated iptables script sets
|
||||
default policies to DROP in all ipv6 filter chains. More
|
||||
detailed control can be implemented using prolog or epilog
|
||||
scripts.
|
||||
<p>
|
||||
Note that this changes behavior of the generated iptables
|
||||
script with respect to IPv6. Until now, the script just
|
||||
ignored IPv6 but some people felt this leaves a hole in the
|
||||
firewall and asked me to make the script close it. Generated
|
||||
shell code will check if ip6tables is installed on the
|
||||
system and if it actually works before setting default
|
||||
policies to DROP. This means it won't try to do it if
|
||||
ip6tables is not installed or if it is present, but IPv6 is
|
||||
not compiled into the kernel (so ip6tables does not work and
|
||||
generates errors).
|
||||
</li>
|
||||
|
||||
<li>bug #1176890: "block IPv6". Generated iptables script sets
|
||||
default policies to DROP in all ipv6 filter chains. More
|
||||
detailed control can be implemented using prolog or epilog
|
||||
scripts.</li>
|
||||
|
||||
<li>bug #1179103: 'compiled rules can not be
|
||||
installed'. Generated iptables script could not be used on
|
||||
systems with non-English locale where timezone name used local
|
||||
characters because these characters were printed as hex (
|
||||
"&#21488;" ) and '&' caused problems with shell. Now using
|
||||
single quotes to make shell ignore any characters in the
|
||||
string. Will deal with proper printing of localazed timezone
|
||||
later.</li>
|
||||
|
||||
<li>bug #1181359: "Missing traling space in "INVALID state"
|
||||
syslog message"</li>
|
||||
|
||||
<li>bug #1195201: "getaddr function return error ip address". Yet
|
||||
another change in the way we use grep to find IP addresses of an
|
||||
interface on Linux. We can't use regex (bug #1123748) and need
|
||||
to filter out secondary addresses from the "ip addr show"
|
||||
output. It looks like "grep -v :" neatly solves the problem
|
||||
without using regex.</li>
|
||||
|
||||
</ul>
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for pf fwb_ipf:</h2>
|
||||
<ul>
|
||||
<li>bug #1173067: "support for port ranges in NAT rules
|
||||
(ipfilter)" - policy compiler for ipfilter should split DNAT
|
||||
rules (rdr) that use TCP or UDP objects with port ranges. A
|
||||
warning is issued if more than 20 rules are created.
|
||||
</li>
|
||||
|
||||
<li>bug
|
||||
#1173064: "support for dynamic interfaces in ipfilter". Actual
|
||||
address of dynamic interface is now determined at run-time in the
|
||||
policy activation script <firewall_name>.fw generated by
|
||||
fwbuilder. If dynamic interface is used somewhere in the policy or
|
||||
nat rules, it will be replaced with its actual address by
|
||||
activation script before configuration is sent to ipf or ipnat for
|
||||
activation. This run-time substitution is done only if a checkbox
|
||||
is checked in the "Script options" tab of firewall settings
|
||||
dialog. Default behavior is to use "any". This is because ipfilter
|
||||
configuration files <firewall>-ipf.conf and <firewall>-nat.conf
|
||||
that rely on run-time substitution of dynamic interface address
|
||||
can not be loaded using standard activation scripts that come with
|
||||
FreeBSD.
|
||||
<p>
|
||||
This also fixes another problem in fwb_ipf where it generated rdr
|
||||
and nat commands with address 0.0.0.0/32 if dynamic interface was
|
||||
used in a NAT rule.</li>
|
||||
|
||||
</ul>
|
||||
|
||||
|
||||
|
||||
<br>
|
||||
<br>
|
||||
<h2>Bugs fixed in policy compiler for pf fwb_pf:</h2>
|
||||
<ul>
|
||||
<li>bug #1176051: "incorrect rule generated for TCP service
|
||||
ftp-data". If a rule used several TCP or UDP service objects and
|
||||
one of them has source port range configured, generated PF
|
||||
filter rule incorrectly matched on a combiantion of that source
|
||||
port range _and_ destination port ranges from all other service
|
||||
objects. This bug affected compilers for OpenBSD PF and ipfilter</li>
|
||||
</ul>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
181
doc/ReleaseNotes_2.0.7.txt
Normal file
181
doc/ReleaseNotes_2.0.7.txt
Normal file
@@ -0,0 +1,181 @@
|
||||
Firewall Builder Release Notes
|
||||
|
||||
Version 2.0.7
|
||||
|
||||
Released 05/08/2005
|
||||
GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7
|
||||
|
||||
Summary
|
||||
|
||||
This is a bug fix release
|
||||
|
||||
For those who wish to build from source, instructions are outlined in the
|
||||
document "Install and Build instructions" on our web site here
|
||||
|
||||
What's new
|
||||
|
||||
* Improvements in the GUI
|
||||
|
||||
* implemented feature req. #1151220: "Close" button should change
|
||||
is caption/title to "Install". When user clicks "Install" toolbar
|
||||
button or main menu item, the "Close" button in the pop-up window
|
||||
that displays compiler progress changes its text caption to
|
||||
"Install"
|
||||
* implemented feature request #1151206: "Search for IP Addresses".
|
||||
"Find" dialog searches for objects by a combination of name and
|
||||
one of the following attributes: address, tcp/udp port, ip
|
||||
protocol number or icmp message type. Regular expressions can be
|
||||
used for both name and attribute.
|
||||
* Support for SNMP operations has been added in Windows packages of
|
||||
Firewall Builder
|
||||
|
||||
* Improvements in built-in installer:
|
||||
|
||||
User can specify additional command line parameters for ssh that
|
||||
built-in installer runs to access firewall. This allows for
|
||||
alternative ssh port or alternative ssh identity to be used when
|
||||
accessing firewall. Parameters can be added in the "Installer" tab of
|
||||
firewall settings dialog for all platforms.
|
||||
|
||||
* Improvements in compiler for ipfilter fwb_ipf
|
||||
|
||||
Added support for dynamic addresses in ipfilter. Actual address of
|
||||
dynamic interface is now determined at run-time in the policy
|
||||
activation script <firewall_name>.fw generated by fwbuilder. If
|
||||
dynamic interface is used somewhere in the policy or nat rules, it
|
||||
will be replaced with its actual address by activation script before
|
||||
configuration is sent to ipf or ipnat for activation. This run-time
|
||||
substitution is done only if a checkbox is checked in the "Script
|
||||
options" tab of firewall settings dialog. Default behavior is to use
|
||||
"any". This is because ipfilter configuration files
|
||||
<firewall>-ipf.conf and <firewall>-nat.conf that rely on run-time
|
||||
substitution of dynamic interface address can not be loaded using
|
||||
standard activation scripts that come with FreeBSD.
|
||||
|
||||
Generated script uses function getaddr() to determine address of
|
||||
dynamic interface. This function falls back to 0.0.0.0/32 if dynamic
|
||||
interface has not been assigned an address yet or is down. Ipfilter
|
||||
policy using run-time substitution of dynamic interface addresses will
|
||||
be functional even if these interfaces are down or do not have IP
|
||||
address.
|
||||
|
||||
* Improvements in compiler for iptables fwb_ipt
|
||||
|
||||
Generated iptables script sets default policies to DROP in all ipv6
|
||||
filter chains. More detailed control can be implemented using prolog
|
||||
or epilog scripts.
|
||||
|
||||
Note that this changes behavior of the generated iptables script with
|
||||
respect to IPv6. Until now, the script just ignored IPv6 but some
|
||||
people felt this leaves a hole in the firewall and asked me to make
|
||||
the script close it. Generated shell code will check if ip6tables is
|
||||
installed on the system and if it actually works before setting
|
||||
default policies to DROP. This means it won't try to do it if
|
||||
ip6tables is not installed or if it is present, but IPv6 is not
|
||||
compiled into the kernel (so ip6tables does not work and generates
|
||||
errors).
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Bugs fixed in GUI:
|
||||
|
||||
* bug #1151052: "Not external interfaces marked as external". Dialog for
|
||||
an interface object that belongs to a host should not show checkbox
|
||||
"external (insecure) interface"
|
||||
* bug #1151212: "Collapsed sub-objects shouldn't be added if they are
|
||||
hidden". When user selects multiple objects in the tree some of which
|
||||
have child objects, those child objects used to be also selected and
|
||||
added to groups in addition to their parent objects via drag-and-drop
|
||||
operation.
|
||||
* bug #1151243: "Maintain format of description text". The GUI ignored
|
||||
text formatting in object comment when displayed it in the info panel
|
||||
(lower left corner of the main windows)
|
||||
* bug #1155163: "print does not print group contents". The program
|
||||
printed only number of objects contaned in object or service groups.
|
||||
Now it prints lists of member objects for all groups used in rules. If
|
||||
groups contain other groups, they are printed recursively.
|
||||
* bug #1172620: "Add tcp service object for icslap". Added this object
|
||||
to the objects library "Standard".
|
||||
* bug #1184791: "can not copy/paste multiple objects into a group"
|
||||
|
||||
Bugs fixed in API:
|
||||
|
||||
* bug #1158870: "mutexes are not properly created on FreeBSD". Mutexes
|
||||
gethostbyname_mutex and gethostbyaddr_mutex were never created but
|
||||
used on OS where thread-safe resolver is not available.
|
||||
* bug #1151219: "New Host creation window is not well dimensioned".
|
||||
Fixed wrong dialog page layout in the new host wizard.
|
||||
* bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6".
|
||||
Applied patches.
|
||||
* bug #1173801: '"&" character in prolog/epilog'. Needed to call
|
||||
xmlEncodeSpecialChars to encode special characters in firewall options
|
||||
|
||||
Bugs fixed in policy compiler for iptables fwb_ipt:
|
||||
|
||||
* bug #1123748: "busybox grep -E". Busybox in floppyfw is compiled
|
||||
without support for egrep (or grep -E). Switched to using "plain"
|
||||
grep.
|
||||
* bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16 or 31
|
||||
ports were used in a single rule, compiler generated command with
|
||||
conflicting options "-m multiport --dport"
|
||||
* bug #1176890: "block IPv6". Generated iptables script sets default
|
||||
policies to DROP in all ipv6 filter chains. More detailed control can
|
||||
be implemented using prolog or epilog scripts.
|
||||
|
||||
Note that this changes behavior of the generated iptables script with
|
||||
respect to IPv6. Until now, the script just ignored IPv6 but some
|
||||
people felt this leaves a hole in the firewall and asked me to make
|
||||
the script close it. Generated shell code will check if ip6tables is
|
||||
installed on the system and if it actually works before setting
|
||||
default policies to DROP. This means it won't try to do it if
|
||||
ip6tables is not installed or if it is present, but IPv6 is not
|
||||
compiled into the kernel (so ip6tables does not work and generates
|
||||
errors).
|
||||
* bug #1176890: "block IPv6". Generated iptables script sets default
|
||||
policies to DROP in all ipv6 filter chains. More detailed control can
|
||||
be implemented using prolog or epilog scripts.
|
||||
* bug #1179103: 'compiled rules can not be installed'. Generated
|
||||
iptables script could not be used on systems with non-English locale
|
||||
where timezone name used local characters because these characters
|
||||
were printed as hex ( "台" ) and '&' caused problems with shell.
|
||||
Now using single quotes to make shell ignore any characters in the
|
||||
string. Will deal with proper printing of localazed timezone later.
|
||||
* bug #1181359: "Missing traling space in "INVALID state" syslog
|
||||
message"
|
||||
* bug #1195201: "getaddr function return error ip address". Yet another
|
||||
change in the way we use grep to find IP addresses of an interface on
|
||||
Linux. We can't use regex (bug #1123748) and need to filter out
|
||||
secondary addresses from the "ip addr show" output. It looks like
|
||||
"grep -v :" neatly solves the problem without using regex.
|
||||
|
||||
Bugs fixed in policy compiler for pf fwb_ipf:
|
||||
|
||||
* bug #1173067: "support for port ranges in NAT rules (ipfilter)" -
|
||||
policy compiler for ipfilter should split DNAT rules (rdr) that use
|
||||
TCP or UDP objects with port ranges. A warning is issued if more than
|
||||
20 rules are created.
|
||||
* bug #1173064: "support for dynamic interfaces in ipfilter". Actual
|
||||
address of dynamic interface is now determined at run-time in the
|
||||
policy activation script <firewall_name>.fw generated by fwbuilder. If
|
||||
dynamic interface is used somewhere in the policy or nat rules, it
|
||||
will be replaced with its actual address by activation script before
|
||||
configuration is sent to ipf or ipnat for activation. This run-time
|
||||
substitution is done only if a checkbox is checked in the "Script
|
||||
options" tab of firewall settings dialog. Default behavior is to use
|
||||
"any". This is because ipfilter configuration files
|
||||
<firewall>-ipf.conf and <firewall>-nat.conf that rely on run-time
|
||||
substitution of dynamic interface address can not be loaded using
|
||||
standard activation scripts that come with FreeBSD.
|
||||
|
||||
This also fixes another problem in fwb_ipf where it generated rdr and
|
||||
nat commands with address 0.0.0.0/32 if dynamic interface was used in
|
||||
a NAT rule.
|
||||
|
||||
Bugs fixed in policy compiler for pf fwb_pf:
|
||||
|
||||
* bug #1176051: "incorrect rule generated for TCP service ftp-data". If
|
||||
a rule used several TCP or UDP service objects and one of them has
|
||||
source port range configured, generated PF filter rule incorrectly
|
||||
matched on a combiantion of that source port range _and_ destination
|
||||
port ranges from all other service objects. This bug affected
|
||||
compilers for OpenBSD PF and ipfilter
|
||||
203
doc/ReleaseNotes_2.0.8.html
Normal file
203
doc/ReleaseNotes_2.0.8.html
Normal file
@@ -0,0 +1,203 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
|
||||
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
|
||||
</head>
|
||||
<body>
|
||||
<h1> Firewall Builder Release Notes </h1>
|
||||
<br>
|
||||
<h2> Version 2.0.8 </h2>
|
||||
<br>
|
||||
<p>
|
||||
Released 07/08/2005
|
||||
<br>
|
||||
<b>GUI and compilers v2.0.8 require API library libfwbuilder version 2.0.8</b>
|
||||
<br>
|
||||
<h2>Summary </h2>
|
||||
<p>
|
||||
This is a bug fix release
|
||||
<p>
|
||||
<b>For those who wish to build from source, instructions are outlined
|
||||
in the document "Install and Build instructions" on our web site <a
|
||||
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
|
||||
|
||||
<h2>What's new</h2>
|
||||
<ul>
|
||||
<li>Improvements in the GUI
|
||||
<p>
|
||||
<ul>
|
||||
<li>Included updated German translation by Hans Peter
|
||||
Dittler <hpdittler at braintec-consult.de>
|
||||
</li>
|
||||
|
||||
<li>implemented Feature Request #1145666: "Print RCS
|
||||
Log". File/Properties dialog can now print RCS log. Thanks
|
||||
to "Ilya V. Yalovoy" <yalovoy@pilot.aip.mk.ua> for the
|
||||
patch.</li>
|
||||
|
||||
<li>Some code changes were made to make the code comiple and
|
||||
work on Solaris. In particular, tests and emulation for
|
||||
forkpty and cfmakeraw functions were added. Currently this
|
||||
still remains largely untested.</li>
|
||||
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li>Improvements in policy compilers for pf, ipf, ipfw
|
||||