onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-06-18 04:12:18 +02:00
Code Issues Releases Wiki Activity

Initial import into v3 branch

Browse Source
This commit is contained in:
Vadim Kurland
2007-12-25 22:25:59 +00:00
commit fcfedad398
852 changed files with 319104 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

275
Doxyfile Normal file
View File

@@ -0,0 +1,275 @@
# Doxyfile 1.4.1-KDevelop
#---------------------------------------------------------------------------
# Project related configuration options
#---------------------------------------------------------------------------
PROJECT_NAME = someproj.kdevelop
PROJECT_NUMBER = 1
OUTPUT_DIRECTORY =
CREATE_SUBDIRS = NO
OUTPUT_LANGUAGE = English
USE_WINDOWS_ENCODING = NO
BRIEF_MEMBER_DESC = YES
REPEAT_BRIEF = YES
ABBREVIATE_BRIEF = "The $name class" \
"The $name widget" \
"The $name file" \
is \
provides \
specifies \
contains \
represents \
a \
an \
the
ALWAYS_DETAILED_SEC = NO
INLINE_INHERITED_MEMB = NO
FULL_PATH_NAMES = YES
STRIP_FROM_PATH = /home/krava/work/fwbuilder2/
STRIP_FROM_INC_PATH =
SHORT_NAMES = NO
JAVADOC_AUTOBRIEF = NO
MULTILINE_CPP_IS_BRIEF = NO
DETAILS_AT_TOP = NO
INHERIT_DOCS = YES
DISTRIBUTE_GROUP_DOC = NO
TAB_SIZE = 8
ALIASES =
OPTIMIZE_OUTPUT_FOR_C = NO
OPTIMIZE_OUTPUT_JAVA = NO
SUBGROUPING = YES
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
EXTRACT_ALL = NO
EXTRACT_PRIVATE = NO
EXTRACT_STATIC = NO
EXTRACT_LOCAL_CLASSES = YES
EXTRACT_LOCAL_METHODS = NO
HIDE_UNDOC_MEMBERS = NO
HIDE_UNDOC_CLASSES = NO
HIDE_FRIEND_COMPOUNDS = NO
HIDE_IN_BODY_DOCS = NO
INTERNAL_DOCS = NO
CASE_SENSE_NAMES = YES
HIDE_SCOPE_NAMES = NO
SHOW_INCLUDE_FILES = YES
INLINE_INFO = YES
SORT_MEMBER_DOCS = YES
SORT_BRIEF_DOCS = NO
SORT_BY_SCOPE_NAME = NO
GENERATE_TODOLIST = YES
GENERATE_TESTLIST = YES
GENERATE_BUGLIST = YES
GENERATE_DEPRECATEDLIST= YES
ENABLED_SECTIONS =
MAX_INITIALIZER_LINES = 30
SHOW_USED_FILES = YES
SHOW_DIRECTORIES = YES
FILE_VERSION_FILTER =
#---------------------------------------------------------------------------
# configuration options related to warning and progress messages
#---------------------------------------------------------------------------
QUIET = NO
WARNINGS = YES
WARN_IF_UNDOCUMENTED = YES
WARN_IF_DOC_ERROR = YES
WARN_NO_PARAMDOC = NO
WARN_FORMAT = "$file:$line: $text"
WARN_LOGFILE =
#---------------------------------------------------------------------------
# configuration options related to the input files
#---------------------------------------------------------------------------
INPUT = /home/krava/work/kdev/someproj
FILE_PATTERNS = *.c \
*.cc \
*.cxx \
*.cpp \
*.c++ \
*.java \
*.ii \
*.ixx \
*.ipp \
*.i++ \
*.inl \
*.h \
*.hh \
*.hxx \
*.hpp \
*.h++ \
*.idl \
*.odl \
*.cs \
*.php \
*.php3 \
*.inc \
*.m \
*.mm \
*.dox \
*.C \
*.CC \
*.C++ \
*.II \
*.I++ \
*.H \
*.HH \
*.H++ \
*.CS \
*.PHP \
*.PHP3 \
*.M \
*.MM \
*.C \
*.H \
*.tlh \
*.diff \
*.patch \
*.moc \
*.xpm \
*.dox
RECURSIVE = yes
EXCLUDE =
EXCLUDE_SYMLINKS = NO
EXCLUDE_PATTERNS =
EXAMPLE_PATH =
EXAMPLE_PATTERNS = *
EXAMPLE_RECURSIVE = NO
IMAGE_PATH =
INPUT_FILTER =
FILTER_PATTERNS =
FILTER_SOURCE_FILES = NO
#---------------------------------------------------------------------------
# configuration options related to source browsing
#---------------------------------------------------------------------------
SOURCE_BROWSER = NO
INLINE_SOURCES = NO
STRIP_CODE_COMMENTS = YES
REFERENCED_BY_RELATION = YES
REFERENCES_RELATION = YES
VERBATIM_HEADERS = YES
#---------------------------------------------------------------------------
# configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
ALPHABETICAL_INDEX = NO
COLS_IN_ALPHA_INDEX = 5
IGNORE_PREFIX =
#---------------------------------------------------------------------------
# configuration options related to the HTML output
#---------------------------------------------------------------------------
GENERATE_HTML = YES
HTML_OUTPUT = html
HTML_FILE_EXTENSION = .html
HTML_HEADER =
HTML_FOOTER =
HTML_STYLESHEET =
HTML_ALIGN_MEMBERS = YES
GENERATE_HTMLHELP = NO
CHM_FILE =
HHC_LOCATION =
GENERATE_CHI = NO
BINARY_TOC = NO
TOC_EXPAND = NO
DISABLE_INDEX = NO
ENUM_VALUES_PER_LINE = 4
GENERATE_TREEVIEW = NO
TREEVIEW_WIDTH = 250
#---------------------------------------------------------------------------
# configuration options related to the LaTeX output
#---------------------------------------------------------------------------
GENERATE_LATEX = YES
LATEX_OUTPUT = latex
LATEX_CMD_NAME = latex
MAKEINDEX_CMD_NAME = makeindex
COMPACT_LATEX = NO
PAPER_TYPE = a4wide
EXTRA_PACKAGES =
LATEX_HEADER =
PDF_HYPERLINKS = NO
USE_PDFLATEX = NO
LATEX_BATCHMODE = NO
LATEX_HIDE_INDICES = NO
#---------------------------------------------------------------------------
# configuration options related to the RTF output
#---------------------------------------------------------------------------
GENERATE_RTF = NO
RTF_OUTPUT = rtf
COMPACT_RTF = NO
RTF_HYPERLINKS = NO
RTF_STYLESHEET_FILE =
RTF_EXTENSIONS_FILE =
#---------------------------------------------------------------------------
# configuration options related to the man page output
#---------------------------------------------------------------------------
GENERATE_MAN = NO
MAN_OUTPUT = man
MAN_EXTENSION = .3
MAN_LINKS = NO
#---------------------------------------------------------------------------
# configuration options related to the XML output
#---------------------------------------------------------------------------
GENERATE_XML = yes
XML_OUTPUT = xml
XML_SCHEMA =
XML_DTD =
XML_PROGRAMLISTING = YES
#---------------------------------------------------------------------------
# configuration options for the AutoGen Definitions output
#---------------------------------------------------------------------------
GENERATE_AUTOGEN_DEF = NO
#---------------------------------------------------------------------------
# configuration options related to the Perl module output
#---------------------------------------------------------------------------
GENERATE_PERLMOD = NO
PERLMOD_LATEX = NO
PERLMOD_PRETTY = YES
PERLMOD_MAKEVAR_PREFIX =
#---------------------------------------------------------------------------
# Configuration options related to the preprocessor
#---------------------------------------------------------------------------
ENABLE_PREPROCESSING = YES
MACRO_EXPANSION = NO
EXPAND_ONLY_PREDEF = NO
SEARCH_INCLUDES = YES
INCLUDE_PATH =
INCLUDE_FILE_PATTERNS =
PREDEFINED =
EXPAND_AS_DEFINED =
SKIP_FUNCTION_MACROS = YES
#---------------------------------------------------------------------------
# Configuration::additions related to external references
#---------------------------------------------------------------------------
TAGFILES =
GENERATE_TAGFILE = someproj.tag
ALLEXTERNALS = NO
EXTERNAL_GROUPS = YES
PERL_PATH = /usr/bin/perl
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
#---------------------------------------------------------------------------
CLASS_DIAGRAMS = YES
HIDE_UNDOC_RELATIONS = YES
HAVE_DOT = NO
CLASS_GRAPH = YES
COLLABORATION_GRAPH = YES
GROUP_GRAPHS = YES
UML_LOOK = NO
TEMPLATE_RELATIONS = NO
INCLUDE_GRAPH = YES
INCLUDED_BY_GRAPH = YES
CALL_GRAPH = NO
GRAPHICAL_HIERARCHY = YES
DIRECTORY_GRAPH = YES
DOT_IMAGE_FORMAT = png
DOT_PATH =
DOTFILE_DIRS =
MAX_DOT_GRAPH_WIDTH = 1024
MAX_DOT_GRAPH_HEIGHT = 1024
MAX_DOT_GRAPH_DEPTH = 1000
DOT_TRANSPARENT = NO
DOT_MULTI_TARGETS = NO
GENERATE_LEGEND = YES
DOT_CLEANUP = YES
#---------------------------------------------------------------------------
# Configuration::additions related to the search engine
#---------------------------------------------------------------------------
SEARCHENGINE = NO

0
FWBMainWindow_q.h Normal file
View File

30
VERSION Normal file
View File

@@ -0,0 +1,30 @@
#-*- mode: shell-script; tab-width: 4; -*-
# $Id: VERSION,v 1.47 2007/07/21 23:44:19 vkurland Exp $
FWB_MAJOR_VERSION=2
FWB_MINOR_VERSION=1
FWB_MICRO_VERSION=99
VERSION=$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION
#
# release num. I use it to distinguish between pre-release builds and
# in rare situation when I need to produce replacement RPMs and do not
# want to change version number.
#
# Set it to "1" before publishing the release.
#
RELEASE_NUM="1"
# RELEASE_NUM="`date +%Y%m%d`cvs"
# RELEASE_NUM="RC1"
# RELEASE_NUM="b"
BETA="no"
REQUIRED_LIBFWBUILDER_VERSION="2.1.99"
# current (or major) version number of the library so file
#
LIBFWBUILDER_SOMAJOR=7

2
VERSION.h Normal file
View File

@@ -0,0 +1,2 @@
#define VERSION "2.1.99"
#define RELEASE_NUM "1"

33
autogen.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/sh
MAKE=`which gnumake 2>/dev/null`
if test ! -x "$MAKE" ; then MAKE=`which gmake` ; fi
if test ! -x "$MAKE" ; then MAKE=`which make` ; fi
HAVE_GNU_MAKE=`$MAKE --version|grep -c "Free Software Foundation"`
if test "$HAVE_GNU_MAKE" != "1"; then
echo Could not find GNU make on this system, can not proceed with build.
exit 1
else
echo Found GNU Make at $MAKE ... good.
fi
echo This script runs configure ...
echo You did remember necessary arguments for configure, right?
if test ! -x "`which aclocal`"
then echo you need autoconf to generate the configure script
fi
ACLOCALARG=""
test -d /sw/share/ && ACLOCALARG=" -I /sw/share/aclocal"
libtoolize --force --copy
acinclude
aclocal ${ACLOCALARG}
autoconf
./configure ${CFGARGS} $*

1
build_num Normal file
View File

@@ -0,0 +1 @@
#define BUILD_NUM 301

1388
config.guess vendored Normal file
View File

@@ -0,0 +1,1388 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
timestamp='2003-02-22'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Per Bothner <per@bothner.com>.
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
# The plan is that this can be called by configure scripts if you
# don't specify an explicit build system type.
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION]
Output the configuration name of the system \`$me' is run on.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help" >&2
exit 1 ;;
* )
break ;;
esac
done
if test $# != 0; then
echo "$me: too many arguments$help" >&2
exit 1
fi
trap 'exit 1' 1 2 15
# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
# compiler to aid in system detection is discouraged as it requires
# temporary files to be created and, as you can see below, it is a
# headache to deal with in a portable fashion.
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
# Portable tmp directory creation inspired by the Autoconf team.
set_cc_for_build='
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
: ${TMPDIR=/tmp} ;
{ tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
dummy=$tmp/dummy ;
tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int x;" > $dummy.c ;
for c in cc gcc c89 c99 ; do
if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
CC_FOR_BUILD="$c"; break ;
fi ;
done ;
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found ;
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
esac ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
# compatibility and a consistent mechanism for selecting the
# object file format.
#
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep __ELF__ >/dev/null
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
os=netbsd
else
os=netbsdelf
fi
;;
*)
os=netbsd
;;
esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
case "${UNAME_VERSION}" in
Debian*)
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
exit 0 ;;
amiga:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
arc:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
hp300:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mac68k:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
macppc:OpenBSD:*:*)
echo powerpc-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvme68k:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvme88k:OpenBSD:*:*)
echo m88k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvmeppc:OpenBSD:*:*)
echo powerpc-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
pmax:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
sgi:OpenBSD:*:*)
echo mipseb-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
sun3:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
wgrisc:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
*:OpenBSD:*:*)
echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
alpha:OSF1:*:*)
if test $UNAME_RELEASE = "V4.0"; then
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
fi
# According to Compaq, /usr/sbin/psrinfo has been available on
# OSF/1 and Tru64 systems produced since 1995. I hope that
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
esac
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit 0 ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
exit 0 ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
exit 0 ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
exit 0;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
exit 0 ;;
*:[Mm]orph[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-morphos
exit 0 ;;
*:OS/390:*:*)
echo i370-ibm-openedition
exit 0 ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit 0;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
exit 0;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
echo pyramid-pyramid-sysv3
else
echo pyramid-pyramid-bsd
fi
exit 0 ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
exit 0 ;;
DRS?6000:UNIX_SV:4.2*:7*)
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7 && exit 0 ;;
esac ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
i86pc:SunOS:5.*:*)
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
UNAME_RELEASE=`uname -v`
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
exit 0 ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
exit 0 ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
;;
sun4)
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
exit 0 ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
exit 0 ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
# > m68000). The system name ranges from "MiNT" over "FreeMiNT"
# to the lowercase version "mint" (or "freemint"). Finally
# the system name "TOS" denotes a system which is actually not
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
exit 0 ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
exit 0 ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#ifdef __cplusplus
#include <stdio.h> /* for printf() prototype */
int main (int argc, char *argv[]) {
#else
int main (argc, argv) int argc; char *argv[]; {
#endif
#if defined (host_mips) && defined (MIPSEB)
#if defined (SYSTYPE_SYSV)
printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_SVR4)
printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
#endif
#endif
exit (-1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c \
&& $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
&& exit 0
echo mips-mips-riscos${UNAME_RELEASE}
exit 0 ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
exit 0 ;;
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
exit 0 ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
exit 0 ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
exit 0 ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
[ ${TARGET_BINARY_INTERFACE}x = x ]
then
echo m88k-dg-dgux${UNAME_RELEASE}
else
echo m88k-dg-dguxbcs${UNAME_RELEASE}
fi
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
exit 0 ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
exit 0 ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
exit 0 ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
exit 0 ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
exit 0 ;;
ia64:AIX:*:*)
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
exit 0 ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <sys/systemcfg.h>
main()
{
if (!__power_pc())
exit(1);
puts("powerpc-ibm-aix3.2.5");
exit(0);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo rs6000-ibm-aix3.2.5
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
exit 0 ;;
*:AIX:*:[45])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
exit 0 ;;
*:AIX:*:*)
echo rs6000-ibm-aix
exit 0 ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
exit 0 ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
exit 0 ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
exit 0 ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
exit 0 ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
exit 0 ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
exit 0 ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
9000/31? ) HP_ARCH=m68000 ;;
9000/[34]?? ) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
esac ;;
esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#define _HPUX_SOURCE
#include <stdlib.h>
#include <unistd.h>
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
then
# avoid double evaluation of $set_cc_for_build
test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
then
HP_ARCH="hppa2.0w"
else
HP_ARCH="hppa64"
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit 0 ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ia64-hp-hpux${HPUX_REV}
exit 0 ;;
3050*:HI-UX:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <unistd.h>
int
main ()
{
long cpu = sysconf (_SC_CPU_VERSION);
/* The order matters, because CPU_IS_HP_MC68K erroneously returns
true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
results, however. */
if (CPU_IS_PA_RISC (cpu))
{
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
default: puts ("hppa-hitachi-hiuxwe2"); break;
}
}
else if (CPU_IS_HP_MC68K (cpu))
puts ("m68k-hitachi-hiuxwe2");
else puts ("unknown-hitachi-hiuxwe2");
exit (0);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo unknown-hitachi-hiuxwe2
exit 0 ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
exit 0 ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
exit 0 ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
exit 0 ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
exit 0 ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
exit 0 ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
exit 0 ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
*:UNICOS/mp:*:*)
echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:FreeBSD:*:*)
# Determine whether the default compiler uses glibc.
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <features.h>
#if __GLIBC__ >= 2
LIBC=gnu
#else
LIBC=
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
exit 0 ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit 0 ;;
i*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit 0 ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit 0 ;;
x86:Interix*:3*)
echo i586-pc-interix3
exit 0 ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit 0 ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
exit 0 ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
exit 0 ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
exit 0 ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
*:GNU:*:*)
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit 0 ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit 0 ;;
arm*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
mips:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
#undef mips
#undef mipsel
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
CPU=mipsel
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
CPU=mips
#else
CPU=
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
#undef mips64
#undef mips64el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
CPU=mips64el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
CPU=mips64
#else
CPU=
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
exit 0 ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-gnu
exit 0 ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
PCA57) UNAME_MACHINE=alphapca56 ;;
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
exit 0 ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA7*) echo hppa1.1-unknown-linux-gnu ;;
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
esac
exit 0 ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-gnu
exit 0 ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
exit 0 ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
exit 0 ;;
i*86:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
# problems with other programs or directories called `ld' in the path.
# Set LC_ALL=C to ensure ld outputs messages in English.
ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
| sed -ne '/supported targets:/!d
s/[ ][ ]*/ /g
s/.*supported targets: *//
s/ .*//
p'`
case "$ld_supported_targets" in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
a.out-i386-linux)
echo "${UNAME_MACHINE}-pc-linux-gnuaout"
exit 0 ;;
coff-i386)
echo "${UNAME_MACHINE}-pc-linux-gnucoff"
exit 0 ;;
"")
# Either a pre-BFD a.out linker (linux-gnuoldld) or
# one that does not give us useful --help.
echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
exit 0 ;;
esac
# Determine whether the default compiler is a.out or elf
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <features.h>
#ifdef __ELF__
# ifdef __GLIBC__
# if __GLIBC__ >= 2
LIBC=gnu
# else
LIBC=gnulibc1
# endif
# else
LIBC=gnulibc1
# endif
#else
#ifdef __INTEL_COMPILER
LIBC=gnu
#else
LIBC=gnuaout
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
echo i386-sequent-sysv4
exit 0 ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit 0 ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
exit 0 ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
exit 0 ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
exit 0 ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
exit 0 ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
exit 0 ;;
i*86:*:5:[78]*)
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
exit 0 ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
elif /bin/uname -X 2>/dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
&& UNAME_MACHINE=i586
(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
&& UNAME_MACHINE=i686
(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
&& UNAME_MACHINE=i686
echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit 0 ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
paragon:*:*:*)
echo i860-intel-osf1
exit 0 ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
exit 0 ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
exit 0 ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
exit 0 ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
exit 0 ;;
M68*:*:R3V[567]*:*)
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4.3${OS_REL} && exit 0
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit 0 ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
exit 0 ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
echo ${UNAME_MACHINE}-sni-sysv4
else
echo ns32k-sni-sysv
fi
exit 0 ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
exit 0 ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
exit 0 ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
exit 0 ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
exit 0 ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
exit 0 ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit 0 ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit 0 ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
exit 0 ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit 0 ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit 0 ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
exit 0 ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
exit 0 ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Darwin:*:*)
case `uname -p` in
*86) UNAME_PROCESSOR=i686 ;;
powerpc) UNAME_PROCESSOR=powerpc ;;
esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit 0 ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
exit 0 ;;
*:QNX:*:4*)
echo i386-pc-qnx
exit 0 ;;
NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit 0 ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
exit 0 ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
exit 0 ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
exit 0 ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
exit 0 ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
exit 0 ;;
*:TENEX:*:*)
echo pdp10-unknown-tenex
exit 0 ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
echo pdp10-dec-tops20
exit 0 ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
echo pdp10-xkl-tops20
exit 0 ;;
*:TOPS-20:*:*)
echo pdp10-unknown-tops20
exit 0 ;;
*:ITS:*:*)
echo pdp10-unknown-its
exit 0 ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
eval $set_cc_for_build
cat >$dummy.c <<EOF
#ifdef _SEQUENT_
# include <sys/types.h>
# include <sys/utsname.h>
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
I don't know.... */
printf ("mips-sony-bsd\n"); exit (0);
#else
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
#else
""
#endif
); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
printf ("arm-acorn-riscix"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
printf ("m68k-hp-bsd\n"); exit (0);
#endif
#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
if (version < 4)
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
else
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
exit (0);
#endif
#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
printf ("ns32k-encore-mach\n"); exit (0);
#else
printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif
#if defined (__386BSD__)
printf ("i386-pc-bsd\n"); exit (0);
#endif
#if defined (sequent)
#if defined (i386)
printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif
#if defined (_SEQUENT_)
struct utsname un;
uname(&un);
if (strncmp(un.version, "V2", 2) == 0) {
printf ("i386-sequent-ptx2\n"); exit (0);
}
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
printf ("i386-sequent-ptx1\n"); exit (0);
}
printf ("i386-sequent-ptx\n"); exit (0);
#endif
#if defined (vax)
# if !defined (ultrix)
# include <sys/param.h>
# if defined (BSD)
# if BSD == 43
printf ("vax-dec-bsd4.3\n"); exit (0);
# else
# if BSD == 199006
printf ("vax-dec-bsd4.3reno\n"); exit (0);
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# endif
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# else
printf ("vax-dec-ultrix\n"); exit (0);
# endif
#endif
#if defined (alliant) && defined (i860)
printf ("i860-alliant-bsd\n"); exit (0);
#endif
exit (1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
# Apollos put the system type in the environment.
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
# Convex versions that predate uname can use getsysinfo(1)
if [ -x /usr/convex/getsysinfo ]
then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
exit 0 ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
c34*)
echo c34-convex-bsd
exit 0 ;;
c38*)
echo c38-convex-bsd
exit 0 ;;
c4*)
echo c4-convex-bsd
exit 0 ;;
esac
fi
cat >&2 <<EOF
$0: unable to guess system type
This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
ftp://ftp.gnu.org/pub/gnu/config/
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
pertinent to <config-patches@gnu.org> in order to provide the needed
information to handle your system.
config.guess timestamp = $timestamp
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
hostinfo = `(hostinfo) 2>/dev/null`
/bin/universe = `(/bin/universe) 2>/dev/null`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
/bin/arch = `(/bin/arch) 2>/dev/null`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
UNAME_MACHINE = ${UNAME_MACHINE}
UNAME_RELEASE = ${UNAME_RELEASE}
UNAME_SYSTEM = ${UNAME_SYSTEM}
UNAME_VERSION = ${UNAME_VERSION}
EOF
exit 1
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:

121
config.h.in Normal file
View File

@@ -0,0 +1,121 @@
#include "VERSION.h"
#include "build_num"
#undef PACKAGE_LOCALE_DIR
#undef PACKAGE_DATA_DIR
#undef PACKAGE_SOURCE_DIR
#undef RCS_DIR
#undef RCS_FILE_NAME
#undef RCSDIFF_FILE_NAME
#undef RLOG_FILE_NAME
#undef CI_FILE_NAME
#undef CO_FILE_NAME
/* Where system-wide QT translations are installed */
#undef QTTRANSLATIONSDIR
/* Define if you have the <X11/SM/SMlib.h> header file. */
#undef HAVE_X11_SM_SMLIB_H
/* Name of package */
#undef PACKAGE
/* OS */
#undef OS
/* OS */
#undef OS_CYGWIN
#undef OS_MINGW
#undef OS_MACOSX
#undef OS_SOLARIS
#undef OS_FREEBSD
#undef OS_OPENBSD
#undef OS_LINUX
#undef OS_UNKNOWN
#if defined(OS_SOLARIS) || defined(OS_FREEBSD) || defined(OS_OPENBSD) || defined(OS_LINUX) || defined(OS_MACOSX)
#define OS_UNIX 1
#endif
#if defined(_WIN32)
#define OS_WIN32 1
#endif
/* distribution (for Linux) */
#undef DISTRO
/* prefix dir */
/* #undef PREFIX */
/* init dir */
#undef RES_DIR
#define MANIFEST_MARKER "# files: "
#undef HAVE_LOCALE_H
#undef HAVE_GETOPT_H
#undef HAVE_SETLOCALE
#undef HAVE_SETENV
#undef HAVE_PUTENV
#undef HAVE_SIGNAL
#undef HAVE_SIGNAL_H
#undef HAVE_PTY_H
#undef HAVE_LIBUTIL_H
#undef HAVE_UTIL_H
#ifdef HAVE_GETOPT_H
# define HAVE_DECL_GETOPT HAVE_GETOPT_H
#endif
#undef HAVE_STRUCT_TM_TM_ZONE
#undef TM_IN_SYS_TIME
#undef HAVE_FORKPTY
#undef HAVE_CFMAKERAW
/*
* This is needed for Solaris
*/
#undef __PRAGMA_REDEFINE_EXTNAME
#undef HAVE_CATGETS
#undef HAVE_GETTEXT
#undef HAVE_LC_MESSAGES
#undef HAVE_STPCPY
#undef HAVE_LIBSM
#undef HAVE_MEMPCPY
#undef HAVE_STRCHR
#undef HAVE_ANTLR_RUNTIME
/*
* on some platforms (OpenBSD) the second parameter to dlopen is different
*/
#undef DLOPEN_MODE
#if 0
#ifdef __cplusplus
using namespace std;
/*
#ifndef __STD
#define __STD std
#endif
*/
#endif
#endif
#ifndef _WIN32
# define SNPRINTF snprintf
# define VSNPRINTF vsnprintf
#else
# define SNPRINTF _snprintf
# define VSNPRINTF _vsnprintf
#endif
#define _(x) x

1489
config.sub vendored Normal file
View File

@@ -0,0 +1,1489 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
timestamp='2003-02-22'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed.
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software.
# Each package is responsible for reporting which valid configurations
# it does not support. The user should be able to distinguish
# a failure to support a valid configuration from a meaningless
# configuration.
# The goal of this file is to map all the various variations of a given
# machine specification into a single specification in the form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
# or in some cases, the newer four-part form:
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Canonicalize a configuration name.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help"
exit 1 ;;
*local*)
# First pass through any local machine types.
echo $1
exit 0;;
* )
break ;;
esac
done
case $# in
0) echo "$me: missing argument$help" >&2
exit 1;;
1) ;;
*) echo "$me: too many arguments$help" >&2
exit 1;;
esac
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
then os=`echo $1 | sed 's/.*-/-/'`
else os=; fi
;;
esac
### Let's recognize common machines as not being operating systems so
### that things like config.sub decstation-3100 work. We also
### recognize some manufacturers as not being operating systems, so we
### can provide default operating systems below.
case $os in
-sun*os*)
# Prevent following clause from handling this invalid input.
;;
-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis)
os=
basic_machine=$1
;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
;;
-scout)
;;
-wrs)
os=-vxworks
basic_machine=$1
;;
-chorusos*)
os=-chorusos
basic_machine=$1
;;
-chorusrdb)
os=-chorusrdb
basic_machine=$1
;;
-hiux*)
os=-hiuxwe2
;;
-sco5)
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco4)
os=-sco3.2v4
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2.[4-9]*)
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2v[4-9]*)
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco*)
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-udk*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-isc)
os=-isc2.2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-clix*)
basic_machine=clipper-intergraph
;;
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-lynx*)
os=-lynxos
;;
-ptx*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
;;
-windowsnt*)
os=`echo $os | sed -e 's/windowsnt/winnt/'`
;;
-psos*)
os=-psos
;;
-mint | -mint[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
esac
# Decode aliases for certain CPU-COMPANY combinations.
case $basic_machine in
# Recognize the basic CPU types without company name.
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
| clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k \
| m32r | m68000 | m68k | m88k | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
| mips64vr | mips64vrel \
| mips64orion | mips64orionel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| msp430 \
| ns16k | ns32k \
| openrisc | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic80 | tron \
| v850 | v850e \
| we32k \
| x86 | xscale | xstormy16 | xtensa \
| z8k)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
i*86 | x86_64)
basic_machine=$basic_machine-pc
;;
# Object if more than one company name word.
*-*-*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
;;
# Recognize the basic CPU types with company name.
580-* \
| a29k-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
| bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* \
| m32r-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
| mips64vr-* | mips64vrel-* \
| mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipstx39-* | mipstx39el-* \
| msp430-* \
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
| xtensa-* \
| ymp-* \
| z8k-*)
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
basic_machine=i386-unknown
os=-bsd
;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
basic_machine=m68000-att
;;
3b*)
basic_machine=we32k-att
;;
a29khif)
basic_machine=a29k-amd
os=-udi
;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
;;
alliant | fx80)
basic_machine=fx80-alliant
;;
altos | altos3068)
basic_machine=m68k-altos
;;
am29k)
basic_machine=a29k-none
os=-bsd
;;
amdahl)
basic_machine=580-amdahl
os=-sysv
;;
amiga | amiga-*)
basic_machine=m68k-unknown
;;
amigaos | amigados)
basic_machine=m68k-unknown
os=-amigaos
;;
amigaunix | amix)
basic_machine=m68k-unknown
os=-sysv4
;;
apollo68)
basic_machine=m68k-apollo
os=-sysv
;;
apollo68bsd)
basic_machine=m68k-apollo
os=-bsd
;;
aux)
basic_machine=m68k-apple
os=-aux
;;
balance)
basic_machine=ns32k-sequent
os=-dynix
;;
c90)
basic_machine=c90-cray
os=-unicos
;;
convex-c1)
basic_machine=c1-convex
os=-bsd
;;
convex-c2)
basic_machine=c2-convex
os=-bsd
;;
convex-c32)
basic_machine=c32-convex
os=-bsd
;;
convex-c34)
basic_machine=c34-convex
os=-bsd
;;
convex-c38)
basic_machine=c38-convex
os=-bsd
;;
cray | j90)
basic_machine=j90-cray
os=-unicos
;;
crds | unos)
basic_machine=m68k-crds
;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
da30 | da30-*)
basic_machine=m68k-da30
;;
decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
basic_machine=mips-dec
;;
decsystem10* | dec10*)
basic_machine=pdp10-dec
os=-tops10
;;
decsystem20* | dec20*)
basic_machine=pdp10-dec
os=-tops20
;;
delta | 3300 | motorola-3300 | motorola-delta \
| 3300-motorola | delta-motorola)
basic_machine=m68k-motorola
;;
delta88)
basic_machine=m88k-motorola
os=-sysv3
;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
;;
dpx2* | dpx2*-bull)
basic_machine=m68k-bull
os=-sysv3
;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
;;
elxsi)
basic_machine=elxsi-elxsi
os=-bsd
;;
encore | umax | mmax)
basic_machine=ns32k-encore
;;
es1800 | OSE68k | ose68k | ose | OSE)
basic_machine=m68k-ericsson
os=-ose
;;
fx2800)
basic_machine=i860-alliant
;;
genix)
basic_machine=ns32k-ns
;;
gmicro)
basic_machine=tron-gmicro
os=-sysv
;;
go32)
basic_machine=i386-pc
os=-go32
;;
h3050r* | hiux*)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
;;
h8300hms)
basic_machine=h8300-hitachi
os=-hms
;;
h8300xray)
basic_machine=h8300-hitachi
os=-xray
;;
h8500hms)
basic_machine=h8500-hitachi
os=-hms
;;
harris)
basic_machine=m88k-harris
os=-sysv3
;;
hp300-*)
basic_machine=m68k-hp
;;
hp300bsd)
basic_machine=m68k-hp
os=-bsd
;;
hp300hpux)
basic_machine=m68k-hp
os=-hpux
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
basic_machine=m68000-hp
;;
hp9k3[2-9][0-9])
basic_machine=m68k-hp
;;
hp9k6[0-9][0-9] | hp6[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
basic_machine=hppa1.1-hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hppa-next)
os=-nextstep3
;;
hppaosf)
basic_machine=hppa1.1-hp
os=-osf
;;
hppro)
basic_machine=hppa1.1-hp
os=-proelf
;;
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
;;
i*86v4*)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv4
;;
i*86v)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv
;;
i*86sol2)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-solaris2
;;
i386mach)
basic_machine=i386-mach
os=-mach
;;
i386-vsta | vsta)
basic_machine=i386-unknown
os=-vsta
;;
iris | iris4d)
basic_machine=mips-sgi
case $os in
-irix*)
;;
*)
os=-irix4
;;
esac
;;
isi68 | isi)
basic_machine=m68k-isi
os=-sysv
;;
m88k-omron*)
basic_machine=m88k-omron
;;
magnum | m3230)
basic_machine=mips-mips
os=-sysv
;;
merlin)
basic_machine=ns32k-utek
os=-sysv
;;
mingw32)
basic_machine=i386-pc
os=-mingw32
;;
miniframe)
basic_machine=m68000-convergent
;;
*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
mmix*)
basic_machine=mmix-knuth
os=-mmixware
;;
monitor)
basic_machine=m68k-rom68k
os=-coff
;;
morphos)
basic_machine=powerpc-unknown
os=-morphos
;;
msdos)
basic_machine=i386-pc
os=-msdos
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
;;
netbsd386)
basic_machine=i386-unknown
os=-netbsd
;;
netwinder)
basic_machine=armv4l-rebel
os=-linux
;;
news | news700 | news800 | news900)
basic_machine=m68k-sony
os=-newsos
;;
news1000)
basic_machine=m68030-sony
os=-newsos
;;
news-3600 | risc-news)
basic_machine=mips-sony
os=-newsos
;;
necv70)
basic_machine=v70-nec
os=-sysv
;;
next | m*-next )
basic_machine=m68k-next
case $os in
-nextstep* )
;;
-ns2*)
os=-nextstep2
;;
*)
os=-nextstep3
;;
esac
;;
nh3000)
basic_machine=m68k-harris
os=-cxux
;;
nh[45]000)
basic_machine=m88k-harris
os=-cxux
;;
nindy960)
basic_machine=i960-intel
os=-nindy
;;
mon960)
basic_machine=i960-intel
os=-mon960
;;
nonstopux)
basic_machine=mips-compaq
os=-nonstopux
;;
np1)
basic_machine=np1-gould
;;
nv1)
basic_machine=nv1-cray
os=-unicosmp
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
;;
or32 | or32-*)
basic_machine=or32-unknown
os=-coff
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
;;
os68k)
basic_machine=m68k-none
os=-os68k
;;
pa-hitachi)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
;;
paragon)
basic_machine=i860-intel
os=-osf
;;
pbd)
basic_machine=sparc-tti
;;
pbb)
basic_machine=m68k-tti
;;
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
pentiumpro | p6 | 6x86 | athlon | athlon_*)
basic_machine=i686-pc
;;
pentiumii | pentium2)
basic_machine=i686-pc
;;
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumii-* | pentium2-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pn)
basic_machine=pn-gould
;;
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
;;
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
;;
ppcle-* | powerpclittle-*)
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64) basic_machine=powerpc64-unknown
;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
basic_machine=powerpc64le-unknown
;;
ppc64le-* | powerpc64little-*)
basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ps2)
basic_machine=i386-ibm
;;
pw32)
basic_machine=i586-unknown
os=-pw32
;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
;;
rm[46]00)
basic_machine=mips-siemens
;;
rtpc | rtpc-*)
basic_machine=romp-ibm
;;
s390 | s390-*)
basic_machine=s390-ibm
;;
s390x | s390x-*)
basic_machine=s390x-ibm
;;
sa29200)
basic_machine=a29k-amd
os=-udi
;;
sb1)
basic_machine=mipsisa64sb1-unknown
;;
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
sequent)
basic_machine=i386-sequent
;;
sh)
basic_machine=sh-hitachi
os=-hms
;;
sparclite-wrs | simso-wrs)
basic_machine=sparclite-wrs
os=-vxworks
;;
sps7)
basic_machine=m68k-bull
os=-sysv2
;;
spur)
basic_machine=spur-unknown
;;
st2000)
basic_machine=m68k-tandem
;;
stratus)
basic_machine=i860-stratus
os=-sysv4
;;
sun2)
basic_machine=m68000-sun
;;
sun2os3)
basic_machine=m68000-sun
os=-sunos3
;;
sun2os4)
basic_machine=m68000-sun
os=-sunos4
;;
sun3os3)
basic_machine=m68k-sun
os=-sunos3
;;
sun3os4)
basic_machine=m68k-sun
os=-sunos4
;;
sun4os3)
basic_machine=sparc-sun
os=-sunos3
;;
sun4os4)
basic_machine=sparc-sun
os=-sunos4
;;
sun4sol2)
basic_machine=sparc-sun
os=-solaris2
;;
sun3 | sun3-*)
basic_machine=m68k-sun
;;
sun4)
basic_machine=sparc-sun
;;
sun386 | sun386i | roadrunner)
basic_machine=i386-sun
;;
sv1)
basic_machine=sv1-cray
os=-unicos
;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
t3e)
basic_machine=alphaev5-cray
os=-unicos
;;
t90)
basic_machine=t90-cray
os=-unicos
;;
tic4x | c4x*)
basic_machine=tic4x-unknown
os=-coff
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tic55x | c55x*)
basic_machine=tic55x-unknown
os=-coff
;;
tic6x | c6x*)
basic_machine=tic6x-unknown
os=-coff
;;
tx39)
basic_machine=mipstx39-unknown
;;
tx39el)
basic_machine=mipstx39el-unknown
;;
toad1)
basic_machine=pdp10-xkl
os=-tops20
;;
tower | tower-32)
basic_machine=m68k-ncr
;;
udi29k)
basic_machine=a29k-amd
os=-udi
;;
ultra3)
basic_machine=a29k-nyu
os=-sym1
;;
v810 | necv810)
basic_machine=v810-nec
os=-none
;;
vaxv)
basic_machine=vax-dec
os=-sysv
;;
vms)
basic_machine=vax-dec
os=-vms
;;
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
;;
vxworks68)
basic_machine=m68k-wrs
os=-vxworks
;;
vxworks29k)
basic_machine=a29k-wrs
os=-vxworks
;;
w65*)
basic_machine=w65-wdc
os=-none
;;
w89k-*)
basic_machine=hppa1.1-winbond
os=-proelf
;;
xps | xps100)
basic_machine=xps100-honeywell
;;
ymp)
basic_machine=ymp-cray
os=-unicos
;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
;;
none)
basic_machine=none-none
os=-none
;;
# Here we handle the default manufacturer of certain CPU types. It is in
# some cases the only manufacturer, in others, it is the most popular.
w89k)
basic_machine=hppa1.1-winbond
;;
op50n)
basic_machine=hppa1.1-oki
;;
op60c)
basic_machine=hppa1.1-oki
;;
romp)
basic_machine=romp-ibm
;;
rs6000)
basic_machine=rs6000-ibm
;;
vax)
basic_machine=vax-dec
;;
pdp10)
# there are many clones, so DEC is not a safe bet
basic_machine=pdp10-unknown
;;
pdp11)
basic_machine=pdp11-dec
;;
we32k)
basic_machine=we32k-att
;;
sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sh64)
basic_machine=sh64-unknown
;;
sparc | sparcv9 | sparcv9b)
basic_machine=sparc-sun
;;
cydra)
basic_machine=cydra-cydrome
;;
orion)
basic_machine=orion-highlevel
;;
orion105)
basic_machine=clipper-highlevel
;;
mac | mpw | mac-mpw)
basic_machine=m68k-apple
;;
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
*-unknown)
# Make sure to match an already-canonicalized machine name.
;;
*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
;;
esac
# Here we canonicalize certain aliases for manufacturers.
case $basic_machine in
*-digital*)
basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
;;
*-commodore*)
basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
;;
*)
;;
esac
# Decode manufacturer-specific aliases for certain operating systems.
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
-solaris)
os=-solaris2
;;
-svr4*)
os=-sysv4
;;
-unixware*)
os=-sysv4.2uw
;;
-gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
# First accept the basic system types.
# The portable systems comes first.
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
case $basic_machine in
x86-* | i*86-*)
;;
*)
os=-nto$os
;;
esac
;;
-nto-qnx*)
;;
-nto*)
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
-sunos5*)
os=`echo $os | sed -e 's|sunos5|solaris2|'`
;;
-sunos6*)
os=`echo $os | sed -e 's|sunos6|solaris3|'`
;;
-opened*)
os=-openedition
;;
-wince*)
os=-wince
;;
-osfrose*)
os=-osfrose
;;
-osf*)
os=-osf
;;
-utek*)
os=-bsd
;;
-dynix*)
os=-bsd
;;
-acis*)
os=-aos
;;
-atheos*)
os=-atheos
;;
-386bsd)
os=-bsd
;;
-ctix* | -uts*)
os=-sysv
;;
-nova*)
os=-rtmk-nova
;;
-ns2 )
os=-nextstep2
;;
-nsk*)
os=-nsk
;;
# Preserve the version number of sinix5.
-sinix5.*)
os=`echo $os | sed -e 's|sinix|sysv|'`
;;
-sinix*)
os=-sysv4
;;
-triton*)
os=-sysv3
;;
-oss*)
os=-sysv3
;;
-svr4)
os=-sysv4
;;
-svr3)
os=-sysv3
;;
-sysvr4)
os=-sysv4
;;
# This must come after -sysvr4.
-sysv*)
;;
-ose*)
os=-ose
;;
-es1800*)
os=-ose
;;
-xenix)
os=-xenix
;;
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
-aros*)
os=-aros
;;
-kaos*)
os=-kaos
;;
-none)
;;
*)
# Get rid of the `-' at the beginning of $os.
os=`echo $os | sed 's/[^-]*-//'`
echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
exit 1
;;
esac
else
# Here we handle the default operating systems that come with various machines.
# The value should be what the vendor currently ships out the door with their
# machine or put another way, the most popular os provided with the machine.
# Note that if you're going to try to match "-MANUFACTURER" here (say,
# "-sun"), then you have to tell the case statement up towards the top
# that MANUFACTURER isn't an operating system. Otherwise, code above
# will signal an error saying that MANUFACTURER isn't an operating
# system, and we'll never get to this point.
case $basic_machine in
*-acorn)
os=-riscix1.2
;;
arm*-rebel)
os=-linux
;;
arm*-semi)
os=-aout
;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
;;
pdp11-*)
os=-none
;;
*-dec | vax-*)
os=-ultrix4.2
;;
m68*-apollo)
os=-domain
;;
i386-sun)
os=-sunos4.0.2
;;
m68000-sun)
os=-sunos3
# This also exists in the configure program, but was not the
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout
;;
mips*-cisco)
os=-elf
;;
mips*-*)
os=-elf
;;
or32-*)
os=-coff
;;
*-tti) # must be before sparc entry or we get the wrong os.
os=-sysv3
;;
sparc-* | *-sun)
os=-sunos4.1.1
;;
*-be)
os=-beos
;;
*-ibm)
os=-aix
;;
*-wec)
os=-proelf
;;
*-winbond)
os=-proelf
;;
*-oki)
os=-proelf
;;
*-hp)
os=-hpux
;;
*-hitachi)
os=-hiux
;;
i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
os=-sysv
;;
*-cbm)
os=-amigaos
;;
*-dg)
os=-dgux
;;
*-dolphin)
os=-sysv3
;;
m68k-ccur)
os=-rtu
;;
m88k-omron*)
os=-luna
;;
*-next )
os=-nextstep
;;
*-sequent)
os=-ptx
;;
*-crds)
os=-unos
;;
*-ns)
os=-genix
;;
i370-*)
os=-mvs
;;
*-next)
os=-nextstep3
;;
*-gould)
os=-sysv
;;
*-highlevel)
os=-bsd
;;
*-encore)
os=-bsd
;;
*-sgi)
os=-irix
;;
*-siemens)
os=-sysv4
;;
*-masscomp)
os=-rtu
;;
f30[01]-fujitsu | f700-fujitsu)
os=-uxpv
;;
*-rom68k)
os=-coff
;;
*-*bug)
os=-coff
;;
*-apple)
os=-macos
;;
*-atari*)
os=-mint
;;
*)
os=-none
;;
esac
fi
# Here we handle the case where we know the os, and the CPU type, but not the
# manufacturer. We pick the logical manufacturer.
vendor=unknown
case $basic_machine in
*-unknown)
case $os in
-riscix*)
vendor=acorn
;;
-sunos*)
vendor=sun
;;
-aix*)
vendor=ibm
;;
-beos*)
vendor=be
;;
-hpux*)
vendor=hp
;;
-mpeix*)
vendor=hp
;;
-hiux*)
vendor=hitachi
;;
-unos*)
vendor=crds
;;
-dgux*)
vendor=dg
;;
-luna*)
vendor=omron
;;
-genix*)
vendor=ns
;;
-mvs* | -opened*)
vendor=ibm
;;
-ptx*)
vendor=sequent
;;
-vxsim* | -vxworks* | -windiss*)
vendor=wrs
;;
-aux*)
vendor=apple
;;
-hms*)
vendor=hitachi
;;
-mpw* | -macos*)
vendor=apple
;;
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
vendor=atari
;;
-vos*)
vendor=stratus
;;
esac
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
;;
esac
echo $basic_machine$os
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:

461
configure.in Normal file
View File

@@ -0,0 +1,461 @@
dnl $Id: configure.in,v 1.70 2007/06/07 02:33:53 vkurland Exp $
AC_INIT(src/gui/main.cpp)
AC_CANONICAL_SYSTEM
AC_CONFIG_HEADER(config.h)
PACKAGE=fwbuilder
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [package])
AC_SUBST(PACKAGE)
dnl
dnl all version numbers are defined in the file VERSION
dnl
. ./VERSION
BUILD_NUM=`cat build_num | cut -d' ' -f3`
AC_SUBST(FWB_MAJOR_VERSION)
AC_SUBST(FWB_MINOR_VERSION)
AC_SUBST(FWB_MICRO_VERSION)
AC_SUBST(FWB_VERSION)
SHORTVERSION=${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}${FWB_MICRO_VERSION}
AC_SUBST(SHORTVERSION)
AC_SUBST(RELEASE_NUM)
AC_DEFINE_UNQUOTED(RELEASE_NUM, "$RELEASE_NUM", [release_num])
AC_SUBST(REQUIRED_LIBFWBUILDER_VERSION)
AC_SUBST(LIBFWBUILDER_SOMAJOR)
echo "Creating VERSION.h file..."
echo "#define VERSION \"$VERSION\"" > VERSION.h
echo "#define RELEASE_NUM \"$RELEASE_NUM\"" >> VERSION.h
dnl try to find QT
dnl
AC_ARG_WITH(qtdir,[ --with-qtdir=DIR Specify directory path for QT ])
AC_MSG_CHECKING(looking for QT)
if test -n "$with_qtdir"; then
QTDIR="$with_qtdir";
elif test -z "$QTDIR"; then
test -f "/usr/local/lib/qt3/include/qstyle.h" && QTDIR="/usr/local/lib/qt3"
test -f "/opt/lib/qt3/include/qstyle.h" && QTDIR="/opt/lib/qt3"
test -f "/opt/qt3/include/qstyle.h" && QTDIR="/opt/qt3"
test -f "/usr/lib/qt3/include/qstyle.h" && QTDIR="/usr/lib/qt3"
test -f "/usr/lib/qt-3.1/include/qstyle.h" && QTDIR="/usr/lib/qt-3.1"
test -f "/usr/lib/qt-3.2/include/qstyle.h" && QTDIR="/usr/lib/qt-3.2"
test -f "/usr/lib/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib/qt-3.3"
test -f "/usr/local/include/qstyle.h" && QTDIR="/usr/local"
test -f "/usr/include/qstyle.h" && QTDIR="/usr"
test -f "/usr/lib64/qt-3.3/include/qstyle.h" && QTDIR="/usr/lib64/qt-3.3"
fi
export QTDIR
AC_MSG_RESULT($QTDIR)
echo $QTDIR > qtdir
QTTRANSLATIONSDIR="${QTDIR}/translations"
AC_DEFINE_UNQUOTED(QTTRANSLATIONSDIR, "$QTTRANSLATIONSDIR", [qttranslationsdir])
AC_SUBST(QTTRANSLATIONSDIR)
EXTENDED_PATH="${QTDIR}/bin:/usr/local/bin:$PATH"
AC_PATH_PROG(QMAKE, qmake, ,[$EXTENDED_PATH])
if test -z "$QMAKE"; then
AC_MSG_ERROR("Could not find qmake")
fi
AC_MSG_CHECKING(checking version of QT this qmake is part of)
qmake_version=`$QMAKE -v 2>&1 | awk '/Using Qt version/ { print $4;}'`
case $qmake_version in
4.*) AC_MSG_RESULT( $qmake_version ) ;;
*) AC_MSG_ERROR( "$qmake_version -- v4.x is required") ;;
esac
AC_ARG_WITH(templatedir, [ --with-templatedir=DIR Specify directory path for fwbuilder template files ])
AC_ARG_WITH(docdir, [ --with-docdir=DIR Specify directory path for fwbuilder
documentation files ])
dnl
dnl Determine init dir and add definition to config.h. Program
dnl determines prefix name of the directory it was started from
dnl and prepends it to the RES_DIR
dnl
PREFIX=$ac_default_prefix
if test "x$prefix" != "xNONE"; then
PREFIX=$prefix
fi
AC_DEFINE_UNQUOTED(PREFIX, "${PREFIX}", [prefix])
AC_SUBST(PREFIX)
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [version])
AC_SUBST(VERSION)
AC_PROG_INSTALL
AC_ISC_POSIX
AC_PROG_CC
dnl AM_PROG_CC_STDC
AC_HEADER_STDC
AC_PROG_CPP
AC_PROG_CXX
AC_PROG_CXXCPP
dnl need this for intl to compile on FreeBSD and may be other platforms
AC_CHECK_FUNCS(strchr memcpy)
dnl AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
dnl AC_CANONICAL_HOST
AC_PROG_MAKE_SET
dnl Check for GNU make
dnl
AC_MSG_CHECKING(whether make is GNU Make)
if ${MAKE-make} -q --version 2>/dev/null | grep '^GNU Make ' >/dev/null ; then
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
if test "$host_vendor" = "sun" ; then
AC_MSG_ERROR("SUN make does not work for building Firewall Builder. Please install GNU make")
fi
fi
dnl some platform-dependent flags
dnl
dnl e.g. we need to set -I/sw/include before check for GETTEXT
dnl
GUILINKFLAGS=
case "$build_os" in
*solaris*)
GUILINKFLAGS="-export-dynamic"
;;
*darwin*)
if test -d /sw/include; then
CXXFLAGS="-I/sw/include"
CPPFLAGS="-I/sw/include"
CFLAGS="-I/sw/include"
LDFLAGS="-flat_namespace"
fi
LIBS="$LIBS -L/sw/lib"
AC_CHECK_LIB(poll, poll, [LIBS="$LIBS -lpoll"],[
AC_MSG_ERROR([Could not link with libpoll: library is not installed on this system])
])
;;
esac
AC_SUBST(GUILINKFLAGS)
dnl
dnl forkpty is in libutil on Linux and BSD, while on Mac it is in libc
dnl
AC_CHECK_HEADERS( [pty.h libutil.h util.h],[],[],[#include <sys/types.h>])
AC_CHECK_LIB(c,forkpty,[
AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty])
],[
AC_CHECK_LIB(util,forkpty,[
AC_DEFINE_UNQUOTED(HAVE_FORKPTY, 1, [forkpty])
LIBS="-lutil $LIBS"
],[
AC_MSG_RESULT(["forkpty not found, will use emulation"])
],[])
],[])
AC_CHECK_LIB(c,cfmakeraw,[
AC_DEFINE_UNQUOTED(HAVE_CFMAKERAW, 1, [cfmakeraw])
])
dnl standard LIBTOOL fragment
dnl
dnl commented out 12/20 - we now use qmake and do not need libtool
dnl
dnl AC_LIBTOOL_DLOPEN
dnl AC_PROG_LIBTOOL
dnl AC_SUBST(LIBTOOL_DEPS)
dnl AM_PROG_LIBTOOL
dnl AC_PROG_RANLIB
AC_CHECK_HEADERS([getopt.h])
AC_CHECK_HEADERS([signal.h])
AC_CHECK_FUNCS(stat _stat signal)
AC_STRUCT_TM
AC_STRUCT_TIMEZONE
dnl do not insert spaces in these macros, even outside of []
AC_PATH_PROG(RCS_FILE_NAME,[rcs],[rcs],[$EXTENDED_PATH])
AC_PATH_PROG(RCSDIFF_FILE_NAME,[rcsdiff],[rcsdiff],[$EXTENDED_PATH])
AC_PATH_PROG(RLOG_FILE_NAME,[rlog],[rlog],[$EXTENDED_PATH])
AC_PATH_PROG(CI_FILE_NAME,[ci],[ci],[$EXTENDED_PATH])
AC_PATH_PROG(CO_FILE_NAME,[co],[co],[$EXTENDED_PATH])
AC_DEFINE_UNQUOTED(RCS_FILE_NAME, ["$RCS_FILE_NAME"], [rcs_file_name])
AC_DEFINE_UNQUOTED(RCSDIFF_FILE_NAME, ["$RCSDIFF_FILE_NAME"], [rcsdiff_file_name])
AC_DEFINE_UNQUOTED(RLOG_FILE_NAME, ["$RLOG_FILE_NAME"], [rlog_file_name])
AC_DEFINE_UNQUOTED(CI_FILE_NAME, ["$CI_FILE_NAME"], [ci_file_name])
AC_DEFINE_UNQUOTED(CO_FILE_NAME, ["$CO_FILE_NAME"], [co_file_name])
AC_PATH_PROG(LIBFWBUILDER_CONFIG, libfwbuilder-config-${FWB_MAJOR_VERSION}.${FWB_MINOR_VERSION}, ,[$EXTENDED_PATH])
if test x$LIBFWBUILDER_CONFIG = x ; then
AC_MSG_ERROR([*** libfwbuilder not installed, or libfwbuilder-config-2 is not in path])
else
LIBFWBUILDER_CFLAGS_FWBUILDER="`$LIBFWBUILDER_CONFIG --cflags fwbuilder`"
LIBFWBUILDER_CFLAGS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --cflags fwcompiler`"
LIBFWBUILDER_CFLAGS_FWBD="`$LIBFWBUILDER_CONFIG --cflags fwbd`"
LIBFWBUILDER_INCLUDEPATH="`$LIBFWBUILDER_CONFIG --includepath`"
LIBFWBUILDER_LIBPATH="`$LIBFWBUILDER_CONFIG --libpath`"
LIBFWBUILDER_LIBS_FWBUILDER="`$LIBFWBUILDER_CONFIG --libs fwbuilder`"
LIBFWBUILDER_LIBS_FWCOMPILER="`$LIBFWBUILDER_CONFIG --libs fwcompiler`"
LIBFWBUILDER_LIBS_FWBD="`$LIBFWBUILDER_CONFIG --libs fwbd`"
LIBFWBUILDER_STATICLIBS="`$LIBFWBUILDER_CONFIG --staticlibs`"
LIBFWBUILDER_VERSION="`$LIBFWBUILDER_CONFIG --version`"
AC_MSG_CHECKING(libfwbuilder version)
if test x${LIBFWBUILDER_VERSION} != x${REQUIRED_LIBFWBUILDER_VERSION} ; then
AC_MSG_ERROR([*** Need libfwbuilder version $REQUIRED_LIBFWBUILDER_VERSION, found $LIBFWBUILDER_VERSION ])
fi
AC_MSG_RESULT($LIBFWBUILDER_VERSION)
AC_SUBST(LIBFWBUILDER_CFLAGS_FWBUILDER)
AC_SUBST(LIBFWBUILDER_CFLAGS_FWCOMPILER)
AC_SUBST(LIBFWBUILDER_LIBS_FWBUILDER)
AC_SUBST(LIBFWBUILDER_LIBS_FWCOMPILER)
AC_SUBST(LIBFWBUILDER_LIBPATH)
AC_SUBST(LIBFWBUILDER_INCLUDEPATH)
AC_SUBST(LIBFWBUILDER_STATICLIBS)
AC_SUBST(LIBFWBUILDER_VERSION)
fi
AC_DEFINE_UNQUOTED(LIBFWBUILDER_VERSION, "$LIBFWBUILDER_VERSION", [libfwbuilder_version])
AC_SUBST(LIBS)
AC_LANG_CPLUSPLUS
AC_PATH_PROG(ANTLR_CONFIG, antlr-config, , [$EXTENDED_PATH])
AC_MSG_CHECKING(antlr)
HAVE_ANTLR_RUNTIME="1"
HAVE_EXTERNAL_ANTLR="0";
if test x$ANTLR_CONFIG = x; then
ANTLR_INCLUDEPATH="`pwd`/src/"
ANTLR_LIBS="`pwd`/src/antlr/libantlr.a"
AC_MSG_RESULT(using provided)
else
ANTLR_VERSION="`$ANTLR_CONFIG --version`"
if test x$ANTLR_VERSION != x2.7.7; then
ANTLR_INCLUDEPATH="`pwd`/src/"
ANTLR_LIBS="`pwd`/src/antlr/libantlr.a"
AC_MSG_RESULT(using provided)
else
ANTLR_INCLUDEPATH="`$ANTLR_CONFIG --cflags`"
ANTLR_LIBS="`$ANTLR_CONFIG --libs`"
HAVE_EXTERNAL_ANTLR="1"
AC_MSG_RESULT(using external version $ANTLR_VERSION)
fi
fi
AC_DEFINE_UNQUOTED(HAVE_ANTLR_RUNTIME, 1, [antlr_runtime])
AC_DEFINE_UNQUOTED(HAVE_EXTERNAL_ANTLR, $HAVE_EXTERNAL_ANTLR, [external_antlr])
AC_SUBST(HAVE_ANTLR_RUNTIME)
AC_SUBST(HAVE_EXTERNAL_ANTLR)
AC_SUBST(ANTLR_LIBS)
AC_SUBST(ANTLR_INCLUDEPATH)
dnl ********************************************************************
if test -z ${RELEASE_NUM}; then
RPMRELEASE="1"
else
RPMRELEASE="${RELEASE_NUM}";
fi
AC_SUBST(RPMRELEASE)
AC_MSG_CHECKING(what OS this is)
case ${host} in
*-*-cygwin*)
OS=cygwin
OS_CYGWIN=1
AC_MSG_RESULT(Win32 cygwin)
DEFAULT_RES_DIR="resources"
;;
*-*-mingw32*)
OS=mingw32
OS_MINGW=1
AC_MSG_RESULT(Win32 mingw)
DEFAULT_RES_DIR="resources"
;;
*-*-darwin*)
OS=MacOSX
OS_MACOSX=1
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT(MacOSX)
DEFAULT_RES_DIR="../Resources"
;;
*-*-solaris*)
OS=Solaris
OS_SOLARIS=1
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT(Solaris)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-freebsd*)
OS=FreeBSD
OS_FREEBSD=1
MANDIR="${PREFIX}/man/"
AC_MSG_RESULT(FreeBSD)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-openbsd*)
OS=OpenBSD
OS_OPENBSD=1
MANDIR="${PREFIX}/man/"
AC_MSG_RESULT(OpenBSD)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-kfreebsd*)
OS=FreeBSD
OS_FREEBSD=1
if test -f /etc/debian_version ; then
DISTRO=Debian
else
DISTRO="Unknown"
fi
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT($DISTRO GNU/kFreeBSD)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
*-*-linux*)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
OS=Linux
OS_LINUX=1
if test -f /etc/debian_version ; then
DISTRO=Debian
elif test -f /etc/mandrake-release ; then
DISTRO=Mandrake
elif test -f /etc/slackware-version ; then
DISTRO=Slackware
elif test -f /etc/SuSE-release ; then
DISTRO=SuSE
elif test -f /etc/redhat-release ; then
#
# Mandrake has symlink /etc/redhat-release -> /etc/manrake-release ,
# so this check must be the last
#
DISTRO=RedHat
else
DISTRO="Unknown"
fi
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT($DISTRO Linux)
;;
*)
OS=Unknown
OS_UNKNOWN=1
DISTRO=Unknown
MANDIR="${PREFIX}/share/man/"
AC_MSG_RESULT(Unknown)
DEFAULT_RES_DIR="${PREFIX}/share/fwbuilder${FWB_MAJOR_VERSION}${FWB_MINOR_VERSION}"
;;
esac
if test "x$with_templatedir" != "x"; then
RES_DIR="${with_templatedir}"
else
RES_DIR="$DEFAULT_RES_DIR"
fi
AC_DEFINE_UNQUOTED(RES_DIR, "$RES_DIR", [res_dir])
AC_SUBST(RES_DIR)
if test "x$with_docdir" != "x"; then
DOCDIR="${with_docdir}"
else
DOCDIR="${PREFIX}/share/doc/fwbuilder-${VERSION}"
fi
DOCDIRPATH=`dirname ${DOCDIR}`
AC_SUBST(OS)
AC_DEFINE_UNQUOTED(OS, "${OS}", [os])
test -n "$OS_CYGWIN" && AC_DEFINE_UNQUOTED(OS_CYGWIN, "${OS_CYGWIN}", [cygwin])
test -n "$OS_MINGW" && AC_DEFINE_UNQUOTED(OS_MINGW, "${OS_MINGW}", [mingw])
test -n "$OS_MACOSX" && AC_DEFINE_UNQUOTED(OS_MACOSX, "${OS_MACOSX}", [macosx])
test -n "$OS_SOLARIS" && AC_DEFINE_UNQUOTED(OS_SOLARIS, "${OS_SOLARIS}", [solaris])
test -n "$OS_FREEBSD" && AC_DEFINE_UNQUOTED(OS_FREEBSD, "${OS_FREEBSD}", [freebsd])
test -n "$OS_OPENBSD" && AC_DEFINE_UNQUOTED(OS_OPENBSD, "${OS_OPENBSD}", [openbsd])
test -n "$OS_LINUX" && AC_DEFINE_UNQUOTED(OS_LINUX, "${OS_LINUX}", [linux])
test -n "$OS_UNKNOWN" && AC_DEFINE_UNQUOTED(OS_UNKNOWN, "${OS_UNKNOWN}", [unknown])
AC_SUBST(DISTRO)
AC_DEFINE_UNQUOTED(DISTRO, "${DISTRO}", [distro])
AC_SUBST(DOCDIRPATH)
AC_DEFINE_UNQUOTED(DOCDIRPATH, "${DOCDIRPATH}", [docdirpath])
AC_SUBST(DOCDIR)
AC_DEFINE_UNQUOTED(DOCDIR, "${DOCDIR}", [docdir])
AC_SUBST(MANDIR)
AC_PATH_PROG(CCACHE, ccache, , )
dnl Support for the po directory.
AM_PO_SUBDIRS
dnl AC_CONFIG_FILES([ Main.make ])
AC_CONFIG_FILES([ qmake.inc ])
AC_CONFIG_FILES([ po/POmakefile ], [AM_POSTPROCESS_PO_MAKEFILE])
AC_CONFIG_FILES([ src/res/objects_init.xml ])
AC_CONFIG_FILES([ src/res/templates.xml ])
AC_CONFIG_FILES([ src/res/resources.xml ])
AC_CONFIG_FILES([ src/res/os/fwsm_os.xml ])
AC_CONFIG_FILES([ src/res/os/freebsd.xml ])
AC_CONFIG_FILES([ src/res/os/linux24.xml ])
AC_CONFIG_FILES([ src/res/os/linksys.xml ])
AC_CONFIG_FILES([ src/res/os/macosx.xml ])
AC_CONFIG_FILES([ src/res/os/openbsd.xml ])
AC_CONFIG_FILES([ src/res/os/pix_os.xml ])
AC_CONFIG_FILES([ src/res/os/ios.xml ])
AC_CONFIG_FILES([ src/res/os/solaris.xml ])
AC_CONFIG_FILES([ src/res/os/unknown_os.xml ])
AC_CONFIG_FILES([ src/res/platform/fwsm.xml ])
AC_CONFIG_FILES([ src/res/platform/ipf.xml ])
AC_CONFIG_FILES([ src/res/platform/ipfw.xml ])
AC_CONFIG_FILES([ src/res/platform/iptables.xml ])
AC_CONFIG_FILES([ src/res/platform/pf.xml ])
AC_CONFIG_FILES([ src/res/platform/pix.xml ])
AC_CONFIG_FILES([ src/res/platform/iosacl.xml ])
AC_CONFIG_FILES([ src/res/platform/unknown.xml ])
AC_OUTPUT
. ./runqmake.sh

39
definitions.h Normal file
View File

@@ -0,0 +1,39 @@
/*
Firewall Builder
Copyright (C) 2003 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
$Id$
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Define global macros and constants in this file if they are used in
the GUI, compilers and tools
*/
#ifndef __DEFINITIONS_
#define __DEFINITIONS_
#define DIVERTSOCKET 0
#define DUMMYNETPIPE 1
#define DUMMYNETQUEUE 2
#endif

44
description.txt Normal file
View File

@@ -0,0 +1,44 @@
This is the report of porting FWBuilder to the QT4 library.
Done at all:
1) AboutDialog_q.ui: form completelly ported; CREATED: FWBAboutDialog.h
2) FWObjectClipboard.h, .cpp: no work at most
3) ColorCheckViewItem.h, .cpp: I found that this module isn't used in the project so I didn't do anything with it.
4) definitions.h
5) platforms.h, .cpp
6) FWObjectPropertiesFactory.h, .cpp
7) FWBSettings.h, .cpp
8) listOfLibraries.h, .cpp
9) FWBTree.h, .cpp
10) utils.h, .cpp
11) utils_no_qt.h, .cpp
12) FWObjectDropArea.h, .cpp, .ui: not tested
13) ObjectTreeViewItem.h, .cpp
14) ObjectTreeView.h, .cpp
15) listOfLibraries.h, .cpp
16) upgradePredicate.h
17) ObjConflictResolutionDialog.h, .cpp, .ui
18) SimpleTextEditor.h, .cpp, .ui
19) SimpleTextView.h, .cpp, .ui
20) SimpleIntEditor.h, .cpp, .ui
21) inplaceComboBox.h, .cpp
22) ActionsDialog.h, .cpp, .ui
23) ColorLabelMenuItem.h, .cpp, .ui
24) findDialog.h, .cpp, .ui
25) FindObjectWidget.h, .cpp, .ui
26) RCSFileDialog.h, .cpp
Almost done:
1) FWBMainWindow.ui: form needs some attention in later porting but now it does work
2) RCS.h, .cpp: need some attention, may have problems with QProcess objects
3) DialogData.h, .cpp
In work:
1) FWWindow.h, .cpp: big part of code is commented.
2) main.cpp: some part of code is commented.
3) ObjectManipulator.h, .cpp, .ui: need to connect Object Editor.
4) RuleSetView.h, .cpp
Stopped files, files having problems:
1) FWObjectDrag.h, .cpp: problems with inheriting (QStoredDrag -> QMimeData, QDrag).
2) RCSFilePreview.h, .cpp, .ui: there is no such thing as file preview in Qt4 so I can't use these files for the RCSFileDialog dialog.

4
doc/.cvsignore Normal file
View File

@@ -0,0 +1,4 @@
Makefile
.moc
.ui
*.app

13
doc/AUTHORS Normal file
View File

@@ -0,0 +1,13 @@
Vadim Kurland <vadim@vk.crocodile.org.> Main author: GUI, iptables compiler
Vadim Zaliva <lord@crocodile.org> libfwbuilder API design;
XML DTD design;
XML data storage implementation;
implementation of printing

340
doc/COPYING Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

5553
doc/ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

99
doc/Credits Normal file
View File

@@ -0,0 +1,99 @@
$Id: Credits 899 2005-12-14 06:58:43Z vkurland $
We would like to thank the following people who helped us in various
ways to make this project happen:
Special thanks to Friedhelm Düsterhöft <fd@msdd.net> for help with XML
development and initial XSLT filters implementation.
For icons : Hector Rivera Falu <misha@phreaker.net>
For icons and a first web site: Tanya Soussokolova <ts@vk.crocodile.org>
For debugging on SuSE, building packages for SuSE and for help
with answering support requests:
Marc Pfefferkorn <marc.pfefferkorn@post.rwth-aachen.de>
For German translation for Firewall Builder v1.x:
Marc Pfefferkorn <marc.pfefferkorn@post.rwth-aachen.de>
Jens Hektor <hektor@RZ.RWTH-Aachen.DE>
Axel Stenkamp <axel.stenkamp@post.rwth-aachen.de>
For localization patch (gettext support) and French translation
for Firewall Builder v1.x:
Florent MANENS <manens@efrei.fr>
For French translation for Firewall Builder v2.x
Jean-Michel Pour̩ <jm@poure.com>
For Japanese translation for Firewall Builder v2.x
Tadashi Jokagi <elf@elf.no-ip.org>
For Swedish translation: Daniel Nylander <yeager@lidkoping.net>
For ideas, suggestions, patches and contributions:
-------------------------------------------------------------
Friedhelm Düsterhöft" <friedhelm.duesterhoeft@msdd.net>
- many suggestions and prototype for DTD.
Jeremy T. Bouse <jbouse@Debian.org>
- package maintainer for Debian
- libxml2 support.
- X.509 certificate generation druid assistance
- iptables/iproute2 patches
Carlo Wood <carlo@alinoe.com>
- many valuable patches and bug reports
- suggestions regarding rpm building process and changes to spec file
Jochen Friedrich <jochen+fwbuilder-dev@scram.de>
- ideas for future development
Vadim Fedukovich <vf@unity.net>
- help with OpenSSL and answering related questins.
David Gullasch <gullasch@secunet.de> and
stephan_r@users.sourceforge.net
- firewall policy installation script
Igor Morozov <igor@grad.kiev.ua>
- first attempt at Win32 porting and a prototype
Mark Vevers <mark@vevers.net>
- for an idea and a patch that fixes optimizer in fwb_ipt
Patch information:
Author: Mark Vevers
Copyright (c) 2004 Research Machines Plc
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

23
doc/FWBuilder-Routing-LICENSE.txt Normal file
View File

@@ -0,0 +1,23 @@
Firewall Builder Routing add-on
Copyright (C) 2004 Compal GmbH, Germany
Author: Tidei Maurizio <fwbuilder-routing at compal.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

36
doc/PatchAcceptancePolicy.txt Normal file
View File

@@ -0,0 +1,36 @@
$Id: PatchAcceptancePolicy.txt 152 2004-03-27 17:11:54Z vkurland $
Firewall Buider Project welcomes user contributions. Because we would
like not to be limited in future licensing options of the code,
authors of all submitted patches must agree that their contribution is
donated to our project under terms of following license (this is MIT
license):
-------------------------------------------------------------------------
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-------------------------------------------------------------------------
When submitting the patch please state that you agree with this
license.

73
doc/README.floppyfw Normal file
View File

@@ -0,0 +1,73 @@
How to generate firewall script for floppyfw
(http://www.zelow.no/floppyfw/index.html)
1. in Firewall dialog, tab "Firewall", set the following parameters:
- "Load modules" - OFF
- "Create virtual addresses for NAT rules" - ON
- "Use numeric log levels" - ON
2. download and install rpm "fwbuilder-floppyfw-0.9.7"
3. in "Compile/Install" tab configure full path and name of the
install script "/usr/bin/floppyfw_install.sh". Now you can compile
policy in a usual way using menu Rules->Compile and then install it
to floppyfw floppy using menu Rules->Install. Install script makes
certain checks to verify that floppy you use indeed contains floppyfw
code. Install script depends on mtools package.
4. some useful configuration parameters for floppyfw:
- activate serial console for kernel boot-time messages and shell:
in file "config" : SERIAL_CONSOLE=ttyS0
in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters:
------- file config ----------------------
# Choose the serial port for the console "n" for none.
SERIAL_CONSOLE=ttyS0
------------------------------------------
------- file syslinux.cfg ----------------
default floppyfw
display floppyfw.msg
label floppyfw
kernel vmlinuz
append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1
------------------------------------------
- logging via syslog:
in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost
------- file config ----------------------
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
#
USE_SYSLOG=y
# This SYSLOG does not use syslogd.conf so we have to set things here.
# Flags:
# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a
# good idea on a ramdisk.
# -O /dev/tty3
# Log to network. host:port
# -R 10.42.42.42:514
# Log to both network and file:
# -L
# --MARK-- 0 is no mark.
# -m 0
# SYSLOG_FLAGS="-m 360 -O /dev/tty3"
SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514"
------------------------------------------
- do not forget to add rule to the firewall policy to permit sending
syslog packets from firewall to your loghost

75
doc/README.iosacl Normal file
View File

@@ -0,0 +1,75 @@
Policy compiler for Cisco IOS Access lists has been implemented as
part of the Firewall Builder GUI as of version 2.1.12. The first
functional build were importer worked on all supported OS was build
270 (May 22, 2007)
Support for Cisco IOS access lists in Firewall Builder v2.1.12, build 270:
----------------------------------------------------------------
Features implemented in this version:
- The compiler generates extended ACLs using "ip access-list
extended" command. ACL names are automatically generated using
abbreviated interface names and direction symbols to make it easy
to figure out which ACL is which. Compiler uses rather minimal set
of options of the "ip access-list" command and should generate code
that will work for IOS 12.x. I did not test with 11.x but I am
pretty sure it will work, at least with the latest versions of
11.x.
- Compiler can also add commands to configure logging.
- The GUI includes built-in installer for routers which works just
like installer for PIX. Both installers were updated however to
improve support for the automatic roll-back feature in case you
lose connect with the firewall or the router because of an error in
the policy. Now you can make installer schedule reboot in a few
minutes, then upload new policy or ACLs and then cancel reboot if
upload was successful. While before auto-rollback option was only
available if you installed in the test mode, now you can always use
it. Test mode means that installer does not save configuration in
the permanent memory, as before.
- All three installation methods that were available for PIX are now
available for routers: you can make it clear all access lists and
then load new ones or just update access lists without
clearing. The last method (the "safety net" method) creates
temporary acl to permit communication with the management station,
assigns it to the interface marked as management interface, then
clears all access lists and loads new ones and in the end swaps
proper list on the management interface. This helps prevent
locking yourself out of the router in the middle of the
installation process in case of an error in the ACL and at the same
time does not leave the router with no acls for the time it takes
to install new policy. In combination with automatic roll-back,
installation process is pretty reliable.
- New option has been added to the interface object, called
"unprotected". This allows you to mark some interfaces to be
skipped by the compiler when it picks interfaces for ACL
rules. This should be useful when you have routers with many
interfaces and only want to add ACLs to some of them. Also, you can
explicitly put interface objects into policy rules and specify
direction if you want to do this manually.
- Since router ACLs have no state, all rules should be created in the
policy pretty much like you do it on the router, including rules
that permit reply packets. New option has been added to the TCP
Service object, called "established". This makes compiler use
option "established" in rules it generates if it is supported by
the firewall platform. Compilers for iptables, ipfilter, pf and PIX
can not use objects with this option and treat it as an error
because corresponding platforms do not support it. IPFW, on the
other hand, supports it so compiler fwb_ipfw can use it.
Shortcomings of this version:
- "tos", "precedence" and "time-range" options are not supported
- "igmp" access lists can no be generated

149
doc/README.ipf Normal file
View File

@@ -0,0 +1,149 @@
fwb_ipf(1) Firewall Builder fwb_ipf(1)
NNAAMMEE
fwb_ipf - Policy compiler for ipfilter
SSYYNNOOPPSSIISS
ffwwbb__iippff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__iippff is a firewall policy compiler component of Fire­
wall Builder (see fwbuilder(1)). This compiler generates
code for ipfilter. Compiler reads objects definitions and
firewall description from the data file specified with
"-f" option and generates ipfilter configuration files and
firewall activation script.
All generated files have names that start with the name of
the firewall object. Firewall activation script has exten­
sion ".fw" and is simple shell script that flushes current
policy, loads new filter and nat rules and then activates
ipfilter. IPFilter configuration file name starts with
the name of the firewall object, plus "-ipf.conf". NAT
configuration file name also starts with the name of the
firewall object, plus "-nat.conf". For example, if fire­
wall object has name "myfirewall", then compiler will cre­
ate three files: "myfirewall.fw", "myfirewall-pf.conf",
"myfirewall-nat.conf".
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates
firewall activation script and ipfilter configura­
tion files in this directory. If this parameter is
missing, then all files will be placed in the cur­
rent working directory.
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
-x Generate debugging information while working. This
option is intended for debugging only and may pro­
duce lots of cryptic messages.
NNOOTTEESS
Support for ipf returned in version 1.0.1 of Firewall
Builder
Supported features:
o both ipf.conf and nat.conf files are generated
o negation in policy rules
o stateful inspection in individual rule can be
turned off in rule options dialog. By default com­
piler adds "keep state" or "modulate state" to each
rule with action 'pass'
o rule options dialog provides a choice of icmp or
tcp rst replies for rules with action "Reject"
o compiler adds flag "allow-opts" if match on ip
options is needed
o compiler can generate rules matching on TCP flags
o compiler can generate script adding ip aliases for
NAT rules using addresses that do not belong to any
interface of the firewall
o compiler always adds rule "block quick all" at the
very bottom of the script to ensure "block all by
default" policy even if the policy is empty.
o Address ranges in both policy and NAT
Features that are not supported (yet)
o negation in NAT
o custom services
Features that won't be supported (at least not anytime
soon)
o policy routing
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11))
FWB fwb_ipf(1)

82
doc/README.ipfw Normal file
View File

@@ -0,0 +1,82 @@
fwb_ipfw(1) Firewall Builder fwb_ipfw(1)
NNAAMMEE
fwb_ipfw - Policy compiler for ipfw
SSYYNNOOPPSSIISS
ffwwbb__iippffww [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__iippffww is a firewall policy compiler component of Fire­
wall Builder (see fwbuilder(1)). This compiler generates
code for ipfw - a firewall and traffic shaper in FreeBSD
(see ipfw(8)). Compiler reads objects definitions and
firewall description from the data file specified with
"-f" option and generates firewall configuration and acti­
vation script.
The generated file has a name that starts with the name of
the firewall object, with an extension ".fw". It is a
shell script that flushes current policy, then loads new
filter and nat rules.
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates fire­
wall activation script in this directory. If this
parameter is missing, then all files will be placed
in the current working directory.
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
-x Generate debugging information while working. This
option is intended for debugging only and may pro­
duce lots of cryptic messages.
NNOOTTEESS
Support for ipfw was added in version 1.0.10 of Firewall
Builder
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__ppff((11)) ffwwbb__iippff((11))
FWB fwb_ipfw(1)

68
doc/README.ipt Normal file
View File

@@ -0,0 +1,68 @@
fwb_ipt(1) Firewall Builder fwb_ipt(1)
NNAAMMEE
fwb_ipt - Policy compiler for iptables
SSYYNNOOPPSSIISS
ffwwbb__iipptt [[--wwvvVV]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__iipptt is firewall policy compiler component of Firewall
Builder (see fwbuilder(1)). Compiler reads objects defini­
tions and firewall description from the data file speci­
fied with "-f" option and generates resultant iptables
script. The script is written to the file with the name
the same as the name of the firewall object, plus exten­
sion ".fw".
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates file
with iptables script in this directory. If this
parameter is missing, then iptables script will be
placed in the current working directory.
-w Supress compiler's warnings
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iippff((11)),, ffwwbb__ppff((11))
FWB fwb_ipt(1)

152
doc/README.pf Normal file
View File

@@ -0,0 +1,152 @@
fwb_pf(1) Firewall Builder fwb_pf(1)
NNAAMMEE
fwb_pf - Policy compiler for OpenBSD packet filter "pf"
SSYYNNOOPPSSIISS
ffwwbb__ppff [[--vvVVxx]] [[--dd wwddiirr]] --ff ddaattaa__ffiillee..xxmmll object_name
DDEESSCCRRIIPPTTIIOONN
ffwwbb__ppff is a firewall policy compiler component of Firewall
Builder (see fwbuilder(1)). This compiler generates code
for OpenBSD Packet Filter (pf). Compiler reads objects
definitions and firewall description from the data file
specified with "-f" option and generates pf configuration
files and firewall activation script.
All generated files have names that start with the name of
the firewall object. Firewall activation script has exten­
sion ".fw" and is simple shell script that flushes current
policy, loads new filter and nat rules and then activates
pf. PF configuration file name starts with the name of
the firewall object, plus "-pf.conf". NAT configuration
file name also starts with the name of the firewall
object, plus "-nat.conf". For example, if firewall object
has name "myfirewall", then compiler will create three
files: "myfirewall.fw", "myfirewall-pf.conf", "myfirewall-
nat.conf".
The data file and the name of the firewall objects must be
specified on the command line. Other command line parame­
ters are optional.
OOPPTTIIOONNSS
-f FILE
Specify the name of the data file to be processed.
-d wdir
Specify working directory. Compiler creates
firewall activation script and PF configuration
files in this directory. If this parameter is
missing, then all files will be placed in the cur­
rent working directory.
-v Be verbose: compiler prints diagnostic messages
when it works.
-V Print version number and quit.
-x Generate debugging information while working. This
option is intended for debugging only and may pro­
duce lots of cryptic messages.
NNOOTTEESS
Support for PF has been introduced in version 1.0.1 of
Firewall Builder
Supported features:
o both pf.conf and nat.conf files are generated
o negation in policy and NAT rules
o grouping in "from", "to" and ports using '{' '}'
syntax
o if checkbox "Scrub" is checked in the rule options
dialog, and rule's action is Accept, the compiler
generates two (almost) identical rules: first with
action 'scrub' and the second with action 'pass
quick'
o stateful inspection in individual rule can be
turned off in rule options dialog. By default com­
piler adds "keep state" or "modulate state" to each
rule with action 'pass'
o rule options dialog provides a choice of icmp or
tcp rst replies for rules with action "Reject"
o compiler adds flag "allow-opts" if match on ip
options is needed
o compiler can generate rules matching on TCP flags
o compiler can generate script adding ip aliases for
NAT rules using addresses that do not belong to any
interface of the firewall
o compiler always adds rule "block quick all" at the
very bottom of the script to ensure "block all by
default" policy even if the policy is empty.
o Address ranges in both policy and NAT
Features that are not supported (yet)
o custom services
What will not be supported (at least not anytime soon)
o policy routing
UURRLL
Firewall Builder home page is located at the following
URL: hhttttpp::////wwwwww..ffwwbbuuiillddeerr..oorrgg//
BBUUGGSS
Please report bugs using bug tracking system on Source­
Forge:
hhttttpp::////ssoouurrcceeffoorrggee..nneett//ttrraacckkeerr//??ggrroouupp__iidd==55331144&&aattiidd==110055331144
SSEEEE AALLSSOO
ffwwbbuuiillddeerr((11)),, ffwwbb__iipptt((11)),, ffwwbb__iippff((11))
FWB fwb_pf(1)

166
doc/README.policy_import Normal file
View File

@@ -0,0 +1,166 @@
Policy importer has been implemented as part of the Firewall Builder
GUI as of version 2.1.12. The first functional build were importer
worked on all supported OS was build 270 (May 22, 2007)
Policy importer uses ANTLR lexer and parser ( http://www.antlr.org/ )
Version 2.7.7 is used in Firewall Builder v2.1.12 ( http://www.antlr2.org/ )
Firewall Builder needs ANTLR C++ runtime header files and library and
include these in the source tree under src/antlr. Unless you want to
change the grammar (*.g files) you don't need to install ANTLR
separately. All relevant ANTLR files are included in the package. For
more information on ANTRL see: http://www.antlr2.org
Policy import iptables configurations (v2.1.12, build 281 and later)
----------------------------------------------------------------
Features implemented in this version :
- Importer can parse iptables config saved using iptables-save
utility. Because of the huge variety of iptables modules, Importer
can only interpret basic iptables configuration and a subset of
modules. Currently the following modules are supported:
* state
* multiport
* limit
* mark
- Importer creates firewall object with all interfaces. It can not
assign object name for the firewall object nor add IP and MAC
addresses to interfaces because this information is not present in
iptables-save file.
- option "Assume firewall is part of 'any'" is off in the created
firewall object. Import is done this way in order to preserve logic
of chains INPUT, OUTPUT and FORWARD in the recreated fwbuilder
rules. Rules that had chain INPUT in the imported script will have
firewall object in "destination" in the corresponding fwbuilder
rules. Firewall object is placed in "Source" for rules with chain
OUTPUT. For rules with chain FORWARD rule elements "Source" and
"Destination" are populated with objects created using options "-s"
and "-d" of the original rules or left empty ("any").
- all recognized iptables rules are imported and interface and
direction are set in all rules appropriately. Interface objects are
created as parser finds them in the script.
- targets ACCEPT, DROP, REJECT, MARK and others are converted to the
corresponding fwbuilder policy rule actions. Unrecognized targets
and converted to branching rules, where the name of the target
becomes the name of the branch.
- SNAT, DNAT, MASQUERADING, REDIRECT and NETMAP targets and their
parameters are recognized in the NAT rules.
- Address and service objects are created in the process for all
addresses and ports used in all rules.
- iptables rules can refer to tcp/udp ports both by name or by
number. Importer can properly interpret both formats using system
function getservbyname() to convert service name to the port
number. Since the result of this function depends on the OS, some
port names may not convert on some systems. For example, Windows
can convert more limited set of service names compared to Linux or
BSD.
- targets LOG and ULOG are converted to the "logging" option in
fwbuilder rules with action "Continue". This is an empty action
that does not affect packet flow through the firewall but can be
used in combination with "logging" option to log the packet. If
such empty (logging-only) rule is undesired, it must be manually
merged with some other rule in the policy.
- "--log-prefix", and "--log-level" options of the LOG target are
recognized
- "--ulog-prefix" option of the ULOG target is recognized. Other
options of the ULOG target are not.
- Address and service objects are reused in the process of import.
- in case when importer fails to parse some part of the iptables-save
file, corresponding policy rule is colored red and appropriate
diagnostic message added to its comment. The problem must be
corrected manually.
- comments ("#") found inside access lists are ignored.
Shortcomings of this version:
- user-defined chains in table "nat" are not supported
- no import of time intervals
- no MAC address matching import
Policy import of Cisco IOS access lists (v2.1.12, build 270)
----------------------------------------------------------------
Features implemented in this version :
- Importer can parse router config saved using "show run"
command. Although importer can only interpret a subset of IOS
configuration commands, other commands that it does not understand
will be ignored and should not affect operation. No manual editing
of the config is required prior to import.
- Importer creates firewall object with all interfaces
- firewall object name is assigned if "hostname" command is found in
the configuration. If this command is not present, the name remains
generic "New Firewall"
- interface addresses are assigned if command "ip address" is found
(multiple addresses per interface are supported). Interfaces
without "ip address" in the configuration are marked as
"unnumbered" in the firewall builder object tree.
- all access lists are imported and interface and direction are set
in all rules appropriately
- Address and service objects are created in the process for all
addresses and ports used in access lists
- IOS access lists can define ip protocol, icmp code and type, and
tcp/udp ports both by name or by number. Importer can properly
interpret both formats.
- "log", "log-input", "fragments", "established" keywords are
supported and translated into rule or object options as
appropriate.
- Address and service objects are reused in the process of import.
- in case when importer fails to parse some part of the access-list
command, corresponding policy rule is colored in red and
appropriate diagnostic message added to its comment. The problem
must be corrected manually.
- "remark" commands found inside access lists are translated into
rule comments
- comments ("!") found inside access lists are ignored.
Shortcomings of this version:
- importer does not use address and service objects that existed in
the tree before the operation has started, it creates new
ones. Deduplication only works for objects created in the process
of import.
- the following keywords available in extended access lists are not
supported at this time: tos, precedence, time-range.
- igmp access lists are not parsed.

206
doc/README.routing Normal file
View File

@@ -0,0 +1,206 @@
//=========================================================================\\
|| Firewall Builder Routing Add-On ||
|| ||
|| Copyright (c) 2004 Compal GmbH, Germany ||
|| Tidei Maurizio, fwbuilder-routing at compal.de ||
|| ||
\\=========================================================================//
Index
1 - Requirements
2 - Features
3 - Problems
4 - Future
(1) Requirements
================
The routing rules composed in the gui can be compiled using the ip
tables compiler, which now generates "ip route" commands, too. The
"ip" command is available since Linux 2.2. The other compilers (ipf,
ipfw, pf and cisco pix) simply ignore the routing rules.
If you want to use ECMP routing rules (Equal Cost Multi Path), make
sure your kernel is compiled with the CONFIG_IP_ROUTE_MULTIPATH
option.
(2) Features
============
The GUI's routing add-on offers object based definition of the routing
rules, exactly the same way as you define policy rules. This enables
you to use the same objects you already defined to build the firewall
policy in your routing rules. You won't have to update them
separately when you change something in your network.
In the GUI a routing rule is composed of a Destination, a Gateway, an
Interface, a Metric and the Comment. The following table shows what
can be inserted for this elements:
| | | | |
|Destination |Gateway |Interface |Metric |Comment
------------------------|-------------------------------|---------------|---------------|-------|--------
What can be inserted? |all Objects under the |- ip-adress |- interface |int |text
|library's "Objects" section: |- interface | | |
|- address ranges |- host | | |
|- addresses | | | |
|- groups | | | |
|- hosts | | | |
|- networks | | | |
------------------------|-------------------------------|---------------|---------------|-------|--------
Restrictions |none |Only one |The interface |0-255 |none
| |interface or |has to be a | |
| |host with ONE |child of the | |
| |ip adress can |current fire- | |
| |be inserted |wall | |
------------------------|-------------------------------|---------------|---------------|-------|--------
Default value |"Default" (0.0.0.0/0) |none |none |0 |""
| | | | |
To build a valid routing rule you have to insert at least one of the
two elements gateway and interface. More than one path can be
sprecified for one destination.
"This approach is called 'Equal-Cost Multi-Path Routing' and is used
for load balancing (Note that this does not provide failover). With
ECMP, a router potentially has several available next hops towards any
given destination. A new gateway is chosen for each new
source/destination IP pair. This means that, for example, one FTP
connection will use only one link, but new connection to a different
server will use another link. This also means that routes to
often-used sites will always be over the same provider. But on big
backbones this should distribute traffic fine. Also this has another
good feature - single connection packets do not get reordered and
therefore do not kill TCP performance." (The last Paragraph is a
quotation from
"http://www.mikrotik.com/Documentation/manual_2.7/IP/Route.html")
To create an ECMP rule simply specify several rules with different
paths, i.e. different combinations of Gateway and Interface, for the
same Destination and with the same metric.
Example:
Destination Gateway Interface Metric Comment
hostA hostB eth1 0 first possible route
hostA hostC 0 second possible route
hostA eth3 0 third possible route
If you try to insert a non-valid object in a field, it will be ignored
and a message box informs you of the mistake.
The "Default" route can be specified by inserting a new rule or
deleting all the destination of an existing rule.
Before compiling the rules, they traverse several checks, to make sure
that only complete, non-ambiguous and non-concurring rules are
translated into ip commands. Follow the instructions of the compiler
to correct the errors.
If no error was found, the rules are automatically classified in ECMP
rules and non-ECMP. The ECMP rules are written out in a separated
section of the firewall script after the "normal" routing rules.
(3) Problems
============
1.
Please note that when executing a firewall script all existing
routing rules previously set by user space processes will be
deleted.
To see which rules will be deleted, you can use the command "ip
route show". All lines not including "proto kernel" will be deleted
upon reload of the firewall script.
2.
*** NOTE FOR REDHAT 8.0 ***
Redhat seems to reset routing rules explicitly upon system
startup. Therefore its hard to distinguish interface rules from
rules setup by the user. On Redhat systems you need to include the
interface basic routing rules into your fwbuilder routing setup. IF
YOU DO NOT FOLLOW THIS HINT, YOUR MACHINE WILL FREEZE ANY NETWORK
TRAFFIC UPON START OF THE FIREWALL SCRIPT. This means e.g. if eth0
has network 192.168.3.0/24 attached to it, you need to add a route
with Destination=Network(192.168.3.0/24), Gateway empty and
Interface=eth0. We encountered this problem on redhat 8.0. Other
versions and distros might be affected too. Debian sarge and SuSE
Linux work fine without interface routing rules being included in
fwbuilders routing rules.
3.
If the firewall script states that the ECMP routes could not be
installed on your system, make sure your Kernel was compiled with
the CONFIG_IP_ROUTE_MULTIPATH option or renounce to ECMP rules.
4.
If you have interfaces with a dynamic address or a point-to-point
address and you try to insert a routing rule for the default
gateway, compilation might fail, stateing "gateway not reachable".
Typically this is the case for DSL dialup links. Solution: leave the
gateway field empty. Just specify the interface.
Example:
The firewall connects itself to the internet by a DSL link via
interface ppp0. During dialup pppd configures the default route:
default via 62.14.190.33 dev ppp
After specifying a routing rule in fwbuilder Destination=default,
Gateway empty, Interface=ppp0 and running the script on the
firewall, the route looks like:
default dev ppp0 scope link
Besides this, the kernel generates another route automaticelly upon
default gw setup:
62.14.190.33 dev ppp0 proto kernel scope link src 191.54.12.143
We tested this on Debian/sarge with kernel 2.4.27.
Technical explanation:
On compilation, fwbuilder checks if gateways are reachable through
any local network of the firewall. Otherwise setting up routing
rules will fail on the firewall upon install. In case of
point-to-point interfaces fwbuilder doesn't know the point-to-point
address of the interface. Therefore this check fails since for
fwbuilder it looks like the gateway is not from any local network.
The only workaround available so far is to leave the gateway empty
and to specify the interface only. Pakets will find their way to
the internet anyway, since they are traveling over a point-to-point
interface.
(4) Future
==========
Ideas, that could be implemented in the future, are:
- Multiple customizable routing tables
The idea is to add an option to the policy rules enabling the user
to mark matching packets with a color. For every used color a new
routing table would have to be built, that will be used only for
packets marked with the associated color.
- Load balancing
Another idea is to integrate more sophisticated load balancing
options in fwbuilder's GUI.

103
doc/ReleaseNotes_2.0.1.html Normal file
View File

@@ -0,0 +1,103 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
<title>Release Notes 2.0.1</title>
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.1 </h2>
<br>
<p>
Released 08/11/04
<br>
<b>GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1</b>
<br>
<h2>Summary </h2>
<p>
Firewall Builder GUI v2.0.1 is a maintenance release that includes
fixes for bugs discovered since 2.0 has been released.
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>bug #1001725: "object with empty name can not be
deleted". the problem was caused by the algorithm used in
FWObject::getPath. If object had had a blank name, the path
returned by this method would end with the name of its parent
without slash.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1001521: "Cant create ICMP service". ICMP Service
dialog did not save icmp code and type numbers in the object.
</li>
<li>bug #1001275: "object duplication fails w/ no action". GUI
used to not allow user to duplicate IP address object. Now any
object can be duplicated so that the copy is placed under the
same parent, including IP address.</li>
<li>bug #1000862: "Creating groups in Deleted Objects". Library
"Deleted objects" should not be offered as a choice for "group
objects" operation.</li>
<li>bug #1000485: "Firewalls in the drop-down box not
ordered". List of firewalls in the pull-down that controls
policy views is now alphabetically sorted on program
startup.</li>
<li>there were two TCP Service objects "linuxconf" in the
Standard objects library. Object with ID id3AED0D6D has been
removed. It seems this object has been duplicated long time ago
(at least it was like this in 1.1.2)</li>
<li>bug #1002388: "Clamp MSS to MTU" option was missing in
2.0</li>
<li>bug #1001833: fixed memory leak that appeared when autosave
option was used</li>
<li>bug #1003068: "object copy/paste not always working". IP
address object could not be placed under interface using
copy/paste operation. Now ip address object can be pasted to
interface as well as to Objects/Addresses folder.</li>
<li>Operation File/discard could not be used if the file was
upgraded. Changed the way operation File/Discard works: it now
closes the file, discards all the changes that have been made to
it and replaces it with a fresh copy of the head revision from
RCS. This works if user wants to abort file upgrade when they
switch to the new version of fwbuilder.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>bug #1004153 "limit-burst = 0 is not valid". Iptables does not
accept the rule using "limit-burst" option if it is set to
zero.</li>
</ul>
<hr>
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
<!-- hhmts start -->
Last modified: Wed Aug 11 20:54:38 PDT 2004
<!-- hhmts end -->
</body>
</html>

55
doc/ReleaseNotes_2.0.1.txt Normal file
View File

@@ -0,0 +1,55 @@
Firewall Builder Release Notes
Version 2.0.1
Released 08/11/04
GUI and compilers v2.0.1 require API library libfwbuilder version 2.0.1
Summary
Firewall Builder GUI v2.0.1 is a maintenance release that includes fixes for bugs discovered
since 2.0 has been released.
For those who wish to build from source, instructions are outlined in "Install and Build
instructions"
Bugs fixed in libfwbuilder API:
* bug #1001725: "object with empty name can not be deleted". the problem was caused by the
algorithm used in FWObject::getPath. If object had had a blank name, the path returned by
this method would end with the name of its parent without slash.
Bugs fixed in GUI:
* bug #1001521: "Cant create ICMP service". ICMP Service dialog did not save icmp code and
type numbers in the object.
* bug #1001275: "object duplication fails w/ no action". GUI used to not allow user to
duplicate IP address object. Now any object can be duplicated so that the copy is placed
under the same parent, including IP address.
* bug #1000862: "Creating groups in Deleted Objects". Library "Deleted objects" should not
be offered as a choice for "group objects" operation.
* bug #1000485: "Firewalls in the drop-down box not ordered". List of firewalls in the
pull-down that controls policy views is now alphabetically sorted on program startup.
* there were two TCP Service objects "linuxconf" in the Standard objects library. Object
with ID id3AED0D6D has been removed. It seems this object has been duplicated long time
ago (at least it was like this in 1.1.2)
* bug #1002388: "Clamp MSS to MTU" option was missing in 2.0
* bug #1001833: fixed memory leak that appeared when autosave option was used
* bug #1003068: "object copy/paste not always working". IP address object could not be
placed under interface using copy/paste operation. Now ip address object can be pasted to
interface as well as to Objects/Addresses folder.
* Operation File/discard could not be used if the file was upgraded. Changed the way
operation File/Discard works: it now closes the file, discards all the changes that have
been made to it and replaces it with a fresh copy of the head revision from RCS. This
works if user wants to abort file upgrade when they switch to the new version of
fwbuilder.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #1004153 "limit-burst = 0 is not valid". Iptables does not accept the rule using
"limit-burst" option if it is set to zero.
------------------------------------------------------------------------------------------
Last modified: Wed Aug 11 20:54:38 PDT 2004
6 PDT 2004

171
doc/ReleaseNotes_2.0.2.html Normal file
View File

@@ -0,0 +1,171 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
<title>Release Notes 2.0.2</title>
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.2 </h2>
<br>
<p>
Released 08/31/04
<br>
<b>GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2</b>
<br>
<h2>Summary </h2>
<p>
Firewall Builder GUI v2.0.2 is a maintenance release that includes
fixes for bugs discovered since 2.0.1 has been released.
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<h2>General</h2>
<ul>
<li>Updated FreeBSD ports, tested on 5.3-BETA</li>
</ul>
<p>
<br>
<br>
<h2>New standard objects</h2>
<ul>
<li>added new service objects to the Standard objects library:
"xmas scan" (old object renamed "xmas scan - full"), rsync,
distcc, cvspserver, cvsup, afp, whois, bgp, radius and radius
acct, SSDP and UPnP.</li>
</ul>
<p>
<br>
<br>
<h2>New template objects</h2>
<ul>
<li>added template firewall objects for Linksys firewall and a
web server.</li>
</ul>
<p>
<br>
<br>
<h2>New features in policy compiler for PF</h2>
<ul>
<li>Implemented support for all timeout settings in pf:
tcp.first,tcp.opening,tcp.established,
tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
icmp.first,icmp.error,other.first,other.single,other.multiple,
including adaptive timeout scaling options adaptive.start and
adaptive.end</li>
<li>Added support for options "max", "max-src-nodes" and
"max-src-states" in pf. These allow to limit number of
concurrent state table entries ("max"), number of source
addresses that can simultaneously have state table entries
("max-src-nodes") and number of simultaneous state entries per
source address ("max-src-states") per rule.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>: added element physAddress to list of child elements of
Library (bug #1011617)</li>
<li>bug #1012733: "configure --libdir=DIR will be ignored at
installation". Needed to use macro _libdir to specify target
directory for libraries. Used it in configure, qmake.in,
libfwbuilder-config-2 and a .spec file. Code should compile and
install in correct place on 64-bit systems.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1019691: "040829 nightly build doesn't add paths for
linksys"</li>
<li>bug #1013177: "deleting multiple hosts causes crash"
</li>
<li>bug #1009345: "Can only move one host object at a time
between libraries"</li>
<li>bug #1013018: "host OS settings" dialog is missing for
linksys. Added host OS settings dialog for
linksys/Sveasoft. Dialog provides entry fields for paths to
iptables, lsmod, modprobe, logger tools and two shell prompt
string patterns, this should help to work around changes in the
shell prompt on Linksys.</li>
<li>bug #1013022: "can not install policy script on linksts
Alchemy pre-5.2". Built-in installer uses shell prompt string
patterns configured in the host OS settings dialog for
linksys.</li>
<li>bug #1008956: "Existing .fwb file gets overwritten if has
wrong extension". If the GUI needs to rename a data file with
old extension .xml to .fwb, it checks if a file with new
extension exists and offers user a chance to choose a different
name. It also treats symlinks in a special way: if user creates
a symlink with extension .xml pointing at a file with extension
.fwb, the GUI simply follows the link and works with .fwb
file. This should work with Windows shortcuts, too. </li>
<li>bug #1013485: "File/Import should allow to import .fwb
file". Function File/Import offers a choice of .fwl, .fwb and
"all files" in the open file dialog.</li>
<li>bug #1011248: "need two xmas scan service objects". </li>
<li>bug #1013957: "incorrect NAT rule in firewall created from
template #3". The problem was caused by incorrect ip address of
interface "dmz" in the template object #3.</li>
<li>bug #1014725: "adding new ICMP types". If user created
service group with the name "ICMP", the GUI would place new ICMP
objects under this group instead of the standard folder
"ICMP". There was the same problem with other object types, too.</li>
<li>bug #1015884: "Export more than one library fails with 0
references". Export library operation failed if user exported
two libraries with groups or rules in one library referencing
objects in the other.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>bug #1005148: "MAC matching - space missing". Space was
missing between MAC address and custom service code.</li>
<li>avoiding grep in the script generated for Linksys/Sveasoft
firewall - Sveasoft Alchemy pre-5.2.3 does not have grep</li>
<li>bug #1019943: "Missing ip addresses in the rule using
interfaces"</li>
</ul>
<hr>
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
<!-- hhmts start -->
Last modified: Tue Aug 31 20:38:55 PDT 2004
<!-- hhmts end -->
</body>
</html>

100
doc/ReleaseNotes_2.0.2.txt Normal file
View File

@@ -0,0 +1,100 @@
Firewall Builder Release Notes
Version 2.0.2
Released 08/31/04
GUI and compilers v2.0.2 require API library libfwbuilder version 2.0.2
Summary
Firewall Builder GUI v2.0.2 is a maintenance release that includes fixes
for bugs discovered since 2.0.1 has been released.
For those who wish to build from source, instructions are outlined in
"Install and Build instructions"
General
* Updated FreeBSD ports, tested on 5.3-BETA
New standard objects
* added new service objects to the Standard objects library: "xmas scan"
(old object renamed "xmas scan - full"), rsync, distcc, cvspserver,
cvsup, afp, whois, bgp, radius and radius acct, SSDP and UPnP.
New template objects
* added template firewall objects for Linksys firewall and a web server.
New features in policy compiler for PF
* Implemented support for all timeout settings in pf:
tcp.first,tcp.opening,tcp.established,
tcp.closing,tcp.finwait,tcp.closed,udp.first,udp.single,udp.multiple,
icmp.first,icmp.error,other.first,other.single,other.multiple,
including adaptive timeout scaling options adaptive.start and
adaptive.end
* Added support for options "max", "max-src-nodes" and "max-src-states"
in pf. These allow to limit number of concurrent state table entries
("max"), number of source addresses that can simultaneously have state
table entries ("max-src-nodes") and number of simultaneous state
entries per source address ("max-src-states") per rule.
Bugs fixed in libfwbuilder API:
* : added element physAddress to list of child elements of Library (bug
#1011617)
* bug #1012733: "configure --libdir=DIR will be ignored at
installation". Needed to use macro _libdir to specify target directory
for libraries. Used it in configure, qmake.in, libfwbuilder-config-2
and a .spec file. Code should compile and install in correct place on
64-bit systems.
Bugs fixed in GUI:
* bug #1019691: "040829 nightly build doesn't add paths for linksys"
* bug #1013177: "deleting multiple hosts causes crash"
* bug #1009345: "Can only move one host object at a time between
libraries"
* bug #1013018: "host OS settings" dialog is missing for linksys. Added
host OS settings dialog for linksys/Sveasoft. Dialog provides entry
fields for paths to iptables, lsmod, modprobe, logger tools and two
shell prompt string patterns, this should help to work around changes
in the shell prompt on Linksys.
* bug #1013022: "can not install policy script on linksts Alchemy
pre-5.2". Built-in installer uses shell prompt string patterns
configured in the host OS settings dialog for linksys.
* bug #1008956: "Existing .fwb file gets overwritten if has wrong
extension". If the GUI needs to rename a data file with old extension
.xml to .fwb, it checks if a file with new extension exists and offers
user a chance to choose a different name. It also treats symlinks in a
special way: if user creates a symlink with extension .xml pointing at
a file with extension .fwb, the GUI simply follows the link and works
with .fwb file. This should work with Windows shortcuts, too.
* bug #1013485: "File/Import should allow to import .fwb file". Function
File/Import offers a choice of .fwl, .fwb and "all files" in the open
file dialog.
* bug #1011248: "need two xmas scan service objects".
* bug #1013957: "incorrect NAT rule in firewall created from template
#3". The problem was caused by incorrect ip address of interface "dmz"
in the template object #3.
* bug #1014725: "adding new ICMP types". If user created service group
with the name "ICMP", the GUI would place new ICMP objects under this
group instead of the standard folder "ICMP". There was the same
problem with other object types, too.
* bug #1015884: "Export more than one library fails with 0 references".
Export library operation failed if user exported two libraries with
groups or rules in one library referencing objects in the other.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #1005148: "MAC matching - space missing". Space was missing
between MAC address and custom service code.
* avoiding grep in the script generated for Linksys/Sveasoft firewall -
Sveasoft Alchemy pre-5.2.3 does not have grep
* bug #1019943: "Missing ip addresses in the rule using interfaces"
----------------------------------------------------------------------
Last modified: Tue Aug 31 20:38:55 PDT 2004

306
doc/ReleaseNotes_2.0.3.html Normal file
View File

@@ -0,0 +1,306 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
<title>Release Notes 2.0.3</title>
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.3 </h2>
<br>
<p>
Released 09/30/04
<br>
<b>GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3</b>
<br>
<h2>Summary </h2>
<p>
Firewall Builder GUI v2.0.3 is a maintenance release that includes
fixes for bugs discovered since 2.0.2 has been released.
<p>
<b>For those who wish to build from source, instructions are outlined
in <a
href="http://www.fwbuilder.org/archives/cat_installation.html">"Install
and Build instructions"</a></b>
<ul>
<li>This release improves support for the PF firewall by always
using tables in policy rules; it also uses syntax " !
&lt;tbl&gt;" for negation, assignes "rdr" rules to interfaces
and adds "flags S/SA" to policy rules that keep state. </li>
<li>This release significantly improves optimizer for iptables
and adds an automatically generated rule to block packets that
correspond to an INVALID state</li>
<li>Built-in policy installer can compress firewall policy
script before it is installed in flash memory on
Linksys/Sveasoft firewall; this allows for much larger policy to
be used on Linksys. Script compression is optional.</li>
<li>Built-in policy installer can be used to test new policy
rules with automatic roll-back to the previous version of the
policy after specified interval of time. This feature helps to
work around errors in the policy that block access to the
firewall from the management workstation.
</ul>
<p>
<h2>Caveats</h2>
<p>New version (as of build 421) completely changes the way it
loads and activates firewall script on linksys. Old version put
the whole script in variable rc_firewall. New one puts script in
variable fwb and puts a one-line command in rc_firewall to read
the script from fwb and execute it. This was done because of the
need to uncompress it when linksys executes command stored in
rc_firewall, in other words, rc_firewall needs to be a little
script that uncompresses and runs the main firewall script. This
is why scripts were separated and rc_firewall has changed compared
to the previous versions of fwbuilder.
<p>Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires
you to erase nvram variable "fwb" which holds the whole script in
the new builds.
<p>
<br>
<h2>New features in the built in policy installer</h2>
<ul>
<li>added an option for test run. When this option is activated,
policy script is pushed to the firewall and is executed but is
not stored there permanently. Firewall reverts to the last
working configuration after reboot.</li>
<li>implemented compression of the firewall script for
Linksys/Sveasoft combo. Using gzip and uuencode/uudecode to
compress the script and store it in flash variable
'fwb'. Installer prints flash memory stats after commiting
changes. Installer uses scp to copy firewall script to the
firewall and autogenerated prompt to detect when it logged in;
it does not depend on Linksys shell prompt anymore.</li>
<li>added an option to schedule automatic firewall reboot in
specified time (in minutes) after policy activation. <b>This
option is available for all firewall platforms but PIX</b>. This
option only works if user requested policy activation in a test
mode, in which case policy is copied and activated on the
firewall but not stored in the permanent location. After reboot
the firewall reverts to the previous version of the policy. To
cancel scheduled reboot, run installer again with "test run"
option turned off. Installer stores the policy in the permanent
location, activates it and cancels scheduled reboot. The
commands used to schedule reboot and cancel it depend on the
host os of the firewall. On Linux, it will use "shutdown -r +NN"
and "shutdown -c". On *BSD systems it uses "shutdown -r +NN" and
a combination of ps and awk to find and kill shutdown when
reboot is canceled. Installer uses "reboot" and kills it with
"killall" on linksys.</li>
<li>All manipulations that installer does on the firewall are
programmed in little one-line scripts stored in resource file
for each supported OS the firewall is running. These are in
/usr/share/fwbuilder/os on Linux/*BSD or in
C:\FWBuilder\resources\os on Windows. Users can hack commands
in these files to make installer work with host OS that is not
supported by default. Currently, the GUI only looks for the
OS-specific resource files in the system-wide directory. Future
versions will also look in a predefined directory in users'
home. Directory path to be defined later.</li>
<li>Added option "output file name" to firewall settings dialogs
for all platforms. User can specify the name for the output
file; this name is then used by built in installer in place of a
macro %FWSCRIPT%.</li>
</ul>
<p>
<br>
<br>
<h2>New features in policy compiler for iptables</h2>
<ul>
<li>implemented feature request #1023430: "add checkbox for
INVALID support in fw settings". Added two checkboxes to the
firewall settings dialog: one adds a rule to drop INVALID
packets and another adds logging to the rule.</li>
<li>rules that permit packets associated with
ESTABLISHED,RELATED states moved to the beginning of the script
before NAT rules.</li>
<li>bug #1022216: "negated time produces incorrect iptables
rule". Implemented negation for the "Time" rule element for
iptables</li>
<li>using abbreviated versions of "--dport", "--sport",
"--dports", "--sports" options to make generated iptables script
smaller. Also changed the name of the variables used to hold IP
address of dynamic interface from "interface_&lt;ifname&gt;" to
"i_&lt;ifname&gt;". All this should help to fit larger policies into
small flash on linksys. These changes shrunk my test script from
7964 bytes to 7430 bytes</li>
<li>Generated iptables script flushes only secondary ip
addresses on interfaces during initialization phase if option
"configure interfaces" is on. This should fix a bug that caused
linksys/sveasoft unit to lose default route upon reboot if
external interface has static IP address.</li>
<li>Generated script checks if /usr/sbin/ip exists on the
firewall before it tries to use it to verify interfaces and
configure IP addresses. This check is only performed if user
activated options that use this tool. An error message
"Interface eth0 does not exist" was generated if package
iproute2 was not installed on the firewall, which was
confusing.</li>
</ul>
<br>
<br>
<h2>New features in policy compiler for PF</h2>
<ul>
<li> A NAT rule of type DNAT (rdr rule) is assigned to an
interface of the firewall if interface object or its address
object is used in ODst. To get rdr rule without interface
assignment, use an Address or a Host object that has the same IP
address as that of firewall's interface but that is not a child
of an interface. This is the same approach that is used in
iptables.</li>
<li>Compiler for pf always uses tables; this breaks
compatibility with older OpenBSD systems (3.2 and 3.3)</li>
<li>Compiler for pf puts interface name in a table for rules
that use multiple objects in src or dst and one of these objects
is dynamic interface of the firewall that is being
processed. Using dynamic interface of another object in a rule
is still considered an error. Compiler puts the name of dynamic
interface in a table verbatim, without brackets '(' ')' since pf
does not replace dynamic interface with its address dynamically
if it is used in a table (pfctl issues an error if interface is
put in brackets)</li>
<li>added an option to permit tcp sessions opened prior to
firewall restart. This is needed now since compiler generates
"flags S/SA" for the "keep state" and "modulate state" rules
which means firewall won't permit TCP sessions unless it saw
opening SYN packet.</li>
<li>bug #1028973: fwb_pf: missing "flags S/SA" in front of
"modulate state". Compiler adds "flags S/SA" to policy rules
that use either "keep state" or "modulate state" options.</li>
<li>bug #1028980: "need an option to turn logging on on fallback
rule". Option has been added.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in libfwbuilder API:</h2>
<ul>
<li>bug #1022788: "GUI corrupts XML file after creating a second
firewall". Global object ID counter was getting reset every time
new FWObjectDatabase object was created. This lead to the ID
collision if user quickly created and deleted complex objects
(such as Firewall) and used database merge. This should also fix
bug #1022785: "GUI corrupts XML file after creating a host
entry"</li>
<li>fixed bug (no number): all references to the interfaces, as
well as their IP and MAC addresses, in policy and NAT rules
should be replaced when Firewall object is duplicated. Until now
only references to the firewall object itself and to its
interfaces were replaced with references to the newly created
copies of object. References to IP and MAC addresses still
pointed at the old objects.</li>
</ul>
<p>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug (no number): after deleting a library firewall objects
that belong to it were not removed from the pull-down list</li>
<li>bug #1026945: '"Save As" does not work if current file is in
RCS'</li>
<li>bug #1028078: "options.png is not displayed for "Assume
firewall is part..."</li>
<li>bug #1035132: "compile errors with default Linksys firewall
object". This bug has been introduced in build 435. When user
created a new firewall object using one of the template objects,
the GUI would add bunch of garbage to the firewall options. This
garbage violated XML DTD, so compilers and the GUI would not
accept the data file anymore.</li>
<li>bug #1035130: 'Persistent "Save" dialog box'. Certain
combination of actions on user's part used to lead to an
indefinite loop of "do you want to save the data" dialogs. The
problem was triggered if user skipped choosing a name for the
new file in startup dialog.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_ipt:</h2>
<ul>
<li>bug #1024861: "optimizer is broken in fwb_ipt". Used idea
and a patch by Mark Vevers <mark@vevers.net>. Fixed compiler
fwb_ipt generates more efficient iptables script for rules with
multiple objects in all rule elements. The script is smaller and
eliminates unnecessary comparisons for packet attributes. Every
attribute (i.e. source address, destination address, protocol
and port numbers) is checked by the script only once. This
should help reduce load on firewalls with lots of complex
rules.</mark>
<li>bug #1026509: "incorrect rules generated for dual negation
with time". Compiler generated incorrect iptables commands for
rules that had negation in two or more rule elements, one of
which was Time.</li>
<li>bug #1026794: multiple SRC ntwks --> "iptables: invalid
argument". Recent changes in optimizer introduced this
bug. Rules with multiple objects in src or dst, TCP service,
action Reject and option "reject with TCP RST" would generate
iptables command that used option "--reject-with tcp-reset"
without "-p tcp"</li>
</ul>
<br>
<br>
<h2>Bugs fixed in iptables policy compiler fwb_pf:</h2>
<ul>
<li>bug #1006906: "Negated network causes pass on
network". Compiler for pf uses native negation syntax that is
now available in pf</li>
<li>bug (no num): "firewall settings" dialog for OpenBSD pf did
not save option "Use tables". Since compiler is always using
tables, this option was removed from the dialog.</li>
</ul>
<hr>
<!-- Created: Fri Aug 6 21:40:42 PDT 2004 -->
<!-- hhmts start -->
Last modified: Thu Sep 30 20:16:23 PDT 2004
<!-- hhmts end -->
</body>
</html>

204
doc/ReleaseNotes_2.0.3.txt Normal file
View File

@@ -0,0 +1,204 @@
Firewall Builder Release Notes
Version 2.0.3
Released 09/30/04
GUI and compilers v2.0.3 require API library libfwbuilder version 2.0.3
Summary
Firewall Builder GUI v2.0.3 is a maintenance release that includes fixes
for bugs discovered since 2.0.2 has been released.
For those who wish to build from source, instructions are outlined in
"Install and Build instructions"
* This release improves support for the PF firewall by always using
tables in policy rules; it also uses syntax " ! <tbl>" for negation,
assignes "rdr" rules to interfaces and adds "flags S/SA" to policy
rules that keep state.
* This release significantly improves optimizer for iptables and adds an
automatically generated rule to block packets that correspond to an
INVALID state
* Built-in policy installer can compress firewall policy script before
it is installed in flash memory on Linksys/Sveasoft firewall; this
allows for much larger policy to be used on Linksys. Script
compression is optional.
* Built-in policy installer can be used to test new policy rules with
automatic roll-back to the previous version of the policy after
specified interval of time. This feature helps to work around errors
in the policy that block access to the firewall from the management
workstation.
Caveats
New version (as of build 421) completely changes the way it loads and
activates firewall script on linksys. Old version put the whole script in
variable rc_firewall. New one puts script in variable fwb and puts a
one-line command in rc_firewall to read the script from fwb and execute
it. This was done because of the need to uncompress it when linksys
executes command stored in rc_firewall, in other words, rc_firewall needs
to be a little script that uncompresses and runs the main firewall script.
This is why scripts were separated and rc_firewall has changed compared to
the previous versions of fwbuilder.
Reverting from v2.0.3 (build 421 and later) to v2.0.2 requires you to
erase nvram variable "fwb" which holds the whole script in the new builds.
New features in the built in policy installer
* added an option for test run. When this option is activated, policy
script is pushed to the firewall and is executed but is not stored
there permanently. Firewall reverts to the last working configuration
after reboot.
* implemented compression of the firewall script for Linksys/Sveasoft
combo. Using gzip and uuencode/uudecode to compress the script and
store it in flash variable 'fwb'. Installer prints flash memory stats
after commiting changes. Installer uses scp to copy firewall script to
the firewall and autogenerated prompt to detect when it logged in; it
does not depend on Linksys shell prompt anymore.
* added an option to schedule automatic firewall reboot in specified
time (in minutes) after policy activation. This option is available
for all firewall platforms but PIX. This option only works if user
requested policy activation in a test mode, in which case policy is
copied and activated on the firewall but not stored in the permanent
location. After reboot the firewall reverts to the previous version of
the policy. To cancel scheduled reboot, run installer again with "test
run" option turned off. Installer stores the policy in the permanent
location, activates it and cancels scheduled reboot. The commands used
to schedule reboot and cancel it depend on the host os of the
firewall. On Linux, it will use "shutdown -r +NN" and "shutdown -c".
On *BSD systems it uses "shutdown -r +NN" and a combination of ps and
awk to find and kill shutdown when reboot is canceled. Installer uses
"reboot" and kills it with "killall" on linksys.
* All manipulations that installer does on the firewall are programmed
in little one-line scripts stored in resource file for each supported
OS the firewall is running. These are in /usr/share/fwbuilder/os on
Linux/*BSD or in C:\FWBuilder\resources\os on Windows. Users can hack
commands in these files to make installer work with host OS that is
not supported by default. Currently, the GUI only looks for the
OS-specific resource files in the system-wide directory. Future
versions will also look in a predefined directory in users' home.
Directory path to be defined later.
* Added option "output file name" to firewall settings dialogs for all
platforms. User can specify the name for the output file; this name is
then used by built in installer in place of a macro %FWSCRIPT%.
New features in policy compiler for iptables
* implemented feature request #1023430: "add checkbox for INVALID
support in fw settings". Added two checkboxes to the firewall settings
dialog: one adds a rule to drop INVALID packets and another adds
logging to the rule.
* rules that permit packets associated with ESTABLISHED,RELATED states
moved to the beginning of the script before NAT rules.
* bug #1022216: "negated time produces incorrect iptables rule".
Implemented negation for the "Time" rule element for iptables
* using abbreviated versions of "--dport", "--sport", "--dports",
"--sports" options to make generated iptables script smaller. Also
changed the name of the variables used to hold IP address of dynamic
interface from "interface_<ifname>" to "i_<ifname>". All this should
help to fit larger policies into small flash on linksys. These changes
shrunk my test script from 7964 bytes to 7430 bytes
* Generated iptables script flushes only secondary ip addresses on
interfaces during initialization phase if option "configure
interfaces" is on. This should fix a bug that caused linksys/sveasoft
unit to lose default route upon reboot if external interface has
static IP address.
* Generated script checks if /usr/sbin/ip exists on the firewall before
it tries to use it to verify interfaces and configure IP addresses.
This check is only performed if user activated options that use this
tool. An error message "Interface eth0 does not exist" was generated
if package iproute2 was not installed on the firewall, which was
confusing.
New features in policy compiler for PF
* A NAT rule of type DNAT (rdr rule) is assigned to an interface of the
firewall if interface object or its address object is used in ODst. To
get rdr rule without interface assignment, use an Address or a Host
object that has the same IP address as that of firewall's interface
but that is not a child of an interface. This is the same approach
that is used in iptables.
* Compiler for pf always uses tables; this breaks compatibility with
older OpenBSD systems (3.2 and 3.3)
* Compiler for pf puts interface name in a table for rules that use
multiple objects in src or dst and one of these objects is dynamic
interface of the firewall that is being processed. Using dynamic
interface of another object in a rule is still considered an error.
Compiler puts the name of dynamic interface in a table verbatim,
without brackets '(' ')' since pf does not replace dynamic interface
with its address dynamically if it is used in a table (pfctl issues an
error if interface is put in brackets)
* added an option to permit tcp sessions opened prior to firewall
restart. This is needed now since compiler generates "flags S/SA" for
the "keep state" and "modulate state" rules which means firewall won't
permit TCP sessions unless it saw opening SYN packet.
* bug #1028973: fwb_pf: missing "flags S/SA" in front of "modulate
state". Compiler adds "flags S/SA" to policy rules that use either
"keep state" or "modulate state" options.
* bug #1028980: "need an option to turn logging on on fallback rule".
Option has been added.
Bugs fixed in libfwbuilder API:
* bug #1022788: "GUI corrupts XML file after creating a second
firewall". Global object ID counter was getting reset every time new
FWObjectDatabase object was created. This lead to the ID collision if
user quickly created and deleted complex objects (such as Firewall)
and used database merge. This should also fix bug #1022785: "GUI
corrupts XML file after creating a host entry"
* fixed bug (no number): all references to the interfaces, as well as
their IP and MAC addresses, in policy and NAT rules should be replaced
when Firewall object is duplicated. Until now only references to the
firewall object itself and to its interfaces were replaced with
references to the newly created copies of object. References to IP and
MAC addresses still pointed at the old objects.
Bugs fixed in GUI:
* bug (no number): after deleting a library firewall objects that belong
to it were not removed from the pull-down list
* bug #1026945: '"Save As" does not work if current file is in RCS'
* bug #1028078: "options.png is not displayed for "Assume firewall is
part..."
* bug #1035132: "compile errors with default Linksys firewall object".
This bug has been introduced in build 435. When user created a new
firewall object using one of the template objects, the GUI would add
bunch of garbage to the firewall options. This garbage violated XML
DTD, so compilers and the GUI would not accept the data file anymore.
* bug #1035130: 'Persistent "Save" dialog box'. Certain combination of
actions on user's part used to lead to an indefinite loop of "do you
want to save the data" dialogs. The problem was triggered if user
skipped choosing a name for the new file in startup dialog.
Bugs fixed in iptables policy compiler fwb_ipt:
* bug #1024861: "optimizer is broken in fwb_ipt". Used idea and a patch
by Mark Vevers <mark@vevers.net>. Fixed compiler fwb_ipt generates
more efficient iptables script for rules with multiple objects in all
rule elements. The script is smaller and eliminates unnecessary
comparisons for packet attributes. Every attribute (i.e. source
address, destination address, protocol and port numbers) is checked by
the script only once. This should help reduce load on firewalls with
lots of complex rules.
* bug #1026509: "incorrect rules generated for dual negation with time".
Compiler generated incorrect iptables commands for rules that had
negation in two or more rule elements, one of which was Time.
* bug #1026794: multiple SRC ntwks --> "iptables: invalid argument".
Recent changes in optimizer introduced this bug. Rules with multiple
objects in src or dst, TCP service, action Reject and option "reject
with TCP RST" would generate iptables command that used option
"--reject-with tcp-reset" without "-p tcp"
Bugs fixed in iptables policy compiler fwb_pf:
* bug #1006906: "Negated network causes pass on network". Compiler for
pf uses native negation syntax that is now available in pf
* bug (no num): "firewall settings" dialog for OpenBSD pf did not save
option "Use tables". Since compiler is always using tables, this
option was removed from the dialog.
----------------------------------------------------------------------
Last modified: Thu Sep 30 20:16:23 PDT 2004

381
doc/ReleaseNotes_2.0.4.html Normal file
View File

@@ -0,0 +1,381 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.4 </h2>
<br>
<p>
Released 12/02/04
<br>
<b>GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4</b>
<br>
<h2>Summary </h2>
<p>
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>improved error handling: if the GUI is started with a
file on the command line or is configured to open a file
automatically on startup and RCS can not check the file out,
the GUI will come up empty (with only standard objects
loaded). Previously in a situation when the GUI was
configured to open a file automatically, but the file could
not be checked out, there was no way to cancel this
automatic file open operation since the GUI would never come
up.</li>
<li>Added Japanese translation by Tadashi Jokagi
&lt;elf@elf.no-ip.org&gt;</li>
<li>Added Russian translation by RusBusinessSecurity Co. Ltd.,
Russia. This translation is fairly complete but is still
considered preliminary. Bug reports and suggestions are very
welcome.
</li>
</ul>
<li>Improvements in the built-in policy installer
<p>
<ul>
<li>Built-in installer checks exit status of the script it
runs on the firewall and aborts installation sequence if it
detects an error. OS resource files have been updated
accordingly so they return exit status '1' in case of error
and '0' when they succeed.</li>
<li>Added an option to push PIX configuration to a standby
firewall at the end of install.</li>
<li>Added support in installer for new configuration script
formats for PIX:
<p>
<ol>
<li>basic or old format when access lists are cleared
and added from scratch</li>
<li>Access lists have unique names each time policy is
recompiled, lists are added without clearing.</li>
<li>Access lists are added with temporary names and
assigned to interfaces, then the same lists are added
with permanent names, lists are swapped and temporary
lists cleared</li>
</ol>
<p>Last two methods provide for instantaneous access list
swap so that the firewall never runs with empty
lists. This helps maintain access to the firewall if
configuration is installed remotely.
</li>
</ul>
</li>
<li>Improvements in policy compiler for iptables:
<p>
<ul>
<li>implemented Feature Request #1021201: "output
iptables-restore compatible config from fwb_ipt". Policy
compiler for iptables can use iptables-restore to activate
firewall policy. Iptables-restore provides for atomic policy
load and allows to load large policy much faster. Atomic
load means the whole filter or nat table is activated at
once, and if there is an error, nothing is changed. Compiler
generates script in three possible formats:
<p>
<ol>
<li>the ususal shell script that adds rules one at a
time by executing iptables command with an "-A" flag to
add a rule;</li>
<li>commands are fed to iptables-restore, this format is
used when all interfaces of the firewall have static IP
addresses and script does not need to determine
addresses at run time;</li>
<li>script determines IP addresses of interfaces and
discovers dynamic interfaces that were defined as a
"wildcard" interface in fwbuilder (e.g. 'ppp*'); code
that is sent to iptables-restore is generated
dynamically by the script at run time.</li>
</ol>
<p>Using iptables-restore is optional and is controlled by
the checkbutton in the "Script options" tab of firewall
settings dialog. Path to iptables-restore utility can be
set in the "Paths" tab of the host settings dialog.
</p>
</li>
<li>policy installation via iptables-restore has been tested
with old versions of iptables (1.2.6a). Script need to
include "-m tcp", "-m udp" or "-m icmp", otherwise
iptables-restore does not understand options "--dport",
"--tcp-flags" and some others. Also had to use "--tcp-flags
SYN,RST,ACK SYN" instea dof "--syn" for better backwards
compatibility.</li>
<li>A change in the script generated by fwb_ipt: if
iptables-restore is not used to load policy, generated shell
script purges existing firewall policy (all tables and
chains) and sets default chain policies after it configures
interfaces of the firewall. Previously, it would flush
tables and set default policy before it configured
interfaces.</li>
<li>removed code that added iptables command to the "drop"
table to drop and log all dropped packets. This rule used
obsoleted patch-o-matic patch "drop" which is not available
anymore. </li>
<li>moved rule permitting backup ssh access from the
management station to the firewall to the top of the
script. This helps maintain ssh session, otherwise it may
stall or break because stdout buffer is filled with
diagnostic or progress output from the script that is
printed after all chains are flushed but before rule
permitting ssh to the firewall is added. If stdout buffer is
full, ssh stops and tries to send the text to the management
station but times out because firewall blocks it.</li>
</ul>
<br><br>
</li>
<li>Improvements in policy compiler for pf:
<p>
<ul>
<li>Activation script for PF flushes only information about
rules, nat, source and tables (it used to flush "all"). This
preserves queue entries and states. </li>
</ul>
<p>
</li>
<li>Improvements in policy compilers for all platforms:
<p>
<ul>
<li>added support for prolog and epilog scripts for all
firewall platforms. This was available for PIX for some
time, now it has been added for all
platforms. "Prolog/Epilog" tab of the firewall settings
dialog allows for editing of two blocks of commands that
will be added to the generated firewall script
verbatim. Prolog block is added on top, while epilog block
is added at the bottom. Both prolog and epilog are expected
to be shell scripts and are added to the generated shell
script that activates firewall. For iptables and ipfw all
compiler generates is this shell script and prolog and
epilog commands are inserted into it. These commands may
execute some actions, as well as add any policy or nat
commands. For ipf and pf prolog and epilog commands are
added to the activation shell script ( .fw file); prolog is
added immediately after the command that flushes all
rules. This way user may either execute shell commands or
add policy and/or nat rules by loading them from external
file. </li>
<li>all policy compilers properly detect an error when the
output file can not be created or overwritten and print
error message to warn the user.</li>
<li>Added element "Target/family" to all OS resource XML
files. Compilers use "family" resource element to determine
if host OS is supported. User may want to copy host OS
resource file to modify installer scriptlets; as long as the
family element is kept the same, compiler will accept new
resource file.</li>
</ul>
<p>
</li>
<br>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1077072: "CrossPlatform Firewall Builder Crash" -
pressing arrow down key on the keyboard right after the GUI
started with no firewall objects defined caused crash.</li>
<li>bug (no num): if a library was assigned a name with
non-ascii characters, it would appear distorted in the pull-down
list in object dialogs.</li>
<li>bug (no number) introduced in 2.0.3 when GUI crashed if user
tried to choose pull-down menu item in the firewall list after
the very first firewall object has been created. </li>
<li>bug (no number): group object dialog corrupted object names
if they contained non-ascii characters.</li>
<li>bug #1046345: "ipfw - no option to specify ipfw
executable". Added GUI control to let user specify alternative
path to "ipfw" on FreeBSD. Control like that was previously
available only for Mac OS X </li>
<li>bug #1028866: "incorrect order when several rules copied
using copy/paste". Pasting multiple rules into an empty policy
caused rules to be inserted in the wrong order.</li>
<li>bug (no number): Policy installer failed if the following
conditions were met: - it was running on Linux, FreeBSD or Mac
OS X - working directory configured in the "General" tab of the
Preferences dialog did not exist and could not be created or its
permissions did not allow user that runs the GUI to access
it</li>
<li>Added #include <errno.h> to make code compile with gcc 3.4.2
and glibc 2.3.3</li>
<li>bug (no number): GUI could not find names of the object
libraries in external library files that user added for
automatic load in the Preferences dialog on Windows. It would
find the name of the library in the first file, but failed to
find library names in subsequent files and used the name from
the first file. Since this library was only present in the first
file, object tree was getting corrupted when the program
attempted to load this library from every file configured for
automatic pre-load. This only happened on Windows.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>bug #1077496 ] Error compiling libfwbuilder in FreeBSD:
The problem was caused by changed major version number of libnetsnmp library
in the latest net-snmp port (v5.2)</li>
<li>bug #1055937: "Any->all_multicasts not in INPUT Chain". Need
to check if network objects are multicasts; assume that
multicast always matches firewall object (e.g fwb_ipt will put
rule with such network object in destination in INPUT
chain)</li>
<li>bug #1040773: need to match network address as well as
broadcast. Packets sent to the network address (192.168.1.0 for
net 192.168.1.0/24) go in the broadcast frame and behave just
like IP broadcast packets (sent to 192.168.1.1255 for the same
net)</li>
<li>bug (no number): rule shadowing algorithm now assumes that
IPService object with protocol number '0' shades any other
service just like 'any' does.</li>
<li>bug (no num): rule shadowing algorithm checks for IP flags
in IP service object. IP service object with protocol 0 shades
anything only if its flags are cleared. Two IP services shade
each other only if they are completely equal (protocols and all
flags settings are the same). However, IP service with protocol
0 shades other IP service with protocol !=0 if all flags
settings are the same.</li>
<li>change in the object database merge algorithm: when an
object database we are trying to merge has non-empty "Deleted
objects" library, deleted objects from this library should be
ignored (they used to be deleted from the current
tree). Likewise, when current tree has non-empty "Deleted
objects" library and objects in it match objects being merged
in, objects should be removed from "Deleted objects" library to
avoid creating duplicate IDs with objects being merged in.</li>
<li>bug (no number): program crashed on FreeBSD 5.3 when using
SNMP to obtain parameters for hosts and interfaces. Crash
occurred because of use of uninitialized mutex variables in
module dns.cpp</li>
<li>bug (no number): The API used to corrupt CustomService
object while saving data to the XML file if service code
included special characters such as '&'</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>bug #1073491: incorrect code for rules using two interfaces
with negation. If a rule had two (or more) interfaces of the
firewall in the destination, with negation, the code generated
by compiler would check one interface's address in INPUT chain
and another in FORWARD chain. It should check addresses of all
interfaces from the corresponding rule element in the INPUT
chain and also check addresses and possibly services from other
rule elements in the FORWARD chain. This bug affected rules with
two or more interfaces both in source and destination.</li>
<li>bug #1040788: fwb_ipt and user name. Compiler used to read
environment variable "USER" to find out user's name. Sometimes
this variable is not set, which caused compiler to abort. Using
env variable LOGNAME in addition to USER.</li>
<li>bug #1040599: "unnecessary FORWARD rules". If ip forwarding
is turned off in the host settings dialog of the linux-based
firewall, compiler should not generate rules in FORWARD
chain.</li>
<li>bug (no number): compiler placed extra quote '"' at the end
of each NAT command in the script using iptables-restore; this
happened only if all interfaces of the firewall had static
addresses.</li>
<li>bug (no number) in fwb_ipt that caused no-nat rules with
firewall in OSrc to be placed only in OUTPUT chain. Packets
originating on the firewall go into OUTPUT and POSTROUTING
chains, so no-nat rules must be placed in both. Other minor
improvements for NAT of the locally originated connections have
been done as well.</li>
<li>bug (no number) where compiler for iptables used option
"--destination-port" with module "multiport" for versions of
iptables that do not understand it (1.2.6 and later, as well as
default version setting 'any'). The option should be
"--destination-ports" or "--dports".</li>
<li>bug #1063953: "Wrong accept/multiport rule
generated". Compiler generated wrong code for rules using
multiple service objects of different types (TCP and UDP, or TCP
and ICMP etc), multiple addresses in src or dst with option that
requires using TCP RST for action REJECT. This bug was
introduced in build 453</li>
<li>bug (no number): policy compiler for iptables used "tail -1"
in the shell script that read actual IP addresses of interfaces
of the firewall. This shell code failed to determine correct
address of an interface that was configured with a secondary
address. Reverted to using grep (I switched to tail when ran
into limitations of one of the beta builds of Sveasoft Linksys
firmware that did not have grep)</li>
</ul>
</body>
</html>

254
doc/ReleaseNotes_2.0.4.txt Normal file
View File

@@ -0,0 +1,254 @@
Firewall Builder Release Notes
Version 2.0.4
Released 12/02/04
GUI and compilers v2.0.4 require API library libfwbuilder version 2.0.4
Summary
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* improved error handling: if the GUI is started with a file on the
command line or is configured to open a file automatically on
startup and RCS can not check the file out, the GUI will come up
empty (with only standard objects loaded). Previously in a
situation when the GUI was configured to open a file
automatically, but the file could not be checked out, there was
no way to cancel this automatic file open operation since the GUI
would never come up.
* Added Japanese translation by Tadashi Jokagi <elf@elf.no-ip.org>
* Added Russian translation by RusBusinessSecurity Co. Ltd.,
Russia. This translation is fairly complete but is still
considered preliminary. Bug reports and suggestions are very
welcome.
* Improvements in the built-in policy installer
* Built-in installer checks exit status of the script it runs on
the firewall and aborts installation sequence if it detects an
error. OS resource files have been updated accordingly so they
return exit status '1' in case of error and '0' when they
succeed.
* Added an option to push PIX configuration to a standby firewall
at the end of install.
* Added support in installer for new configuration script formats
for PIX:
1. basic or old format when access lists are cleared and added
from scratch
2. Access lists have unique names each time policy is
recompiled, lists are added without clearing.
3. Access lists are added with temporary names and assigned to
interfaces, then the same lists are added with permanent
names, lists are swapped and temporary lists cleared
Last two methods provide for instantaneous access list swap so
that the firewall never runs with empty lists. This helps
maintain access to the firewall if configuration is installed
remotely.
* Improvements in policy compiler for iptables:
* implemented Feature Request #1021201: "output iptables-restore
compatible config from fwb_ipt". Policy compiler for iptables can
use iptables-restore to activate firewall policy.
Iptables-restore provides for atomic policy load and allows to
load large policy much faster. Atomic load means the whole filter
or nat table is activated at once, and if there is an error,
nothing is changed. Compiler generates script in three possible
formats:
1. the ususal shell script that adds rules one at a time by
executing iptables command with an "-A" flag to add a rule;
2. commands are fed to iptables-restore, this format is used
when all interfaces of the firewall have static IP addresses
and script does not need to determine addresses at run time;
3. script determines IP addresses of interfaces and discovers
dynamic interfaces that were defined as a "wildcard"
interface in fwbuilder (e.g. 'ppp*'); code that is sent to
iptables-restore is generated dynamically by the script at
run time.
Using iptables-restore is optional and is controlled by the
checkbutton in the "Script options" tab of firewall settings
dialog. Path to iptables-restore utility can be set in the
"Paths" tab of the host settings dialog.
* policy installation via iptables-restore has been tested with old
versions of iptables (1.2.6a). Script need to include "-m tcp",
"-m udp" or "-m icmp", otherwise iptables-restore does not
understand options "--dport", "--tcp-flags" and some others. Also
had to use "--tcp-flags SYN,RST,ACK SYN" instea dof "--syn" for
better backwards compatibility.
* A change in the script generated by fwb_ipt: if iptables-restore
is not used to load policy, generated shell script purges
existing firewall policy (all tables and chains) and sets default
chain policies after it configures interfaces of the firewall.
Previously, it would flush tables and set default policy before
it configured interfaces.
* removed code that added iptables command to the "drop" table to
drop and log all dropped packets. This rule used obsoleted
patch-o-matic patch "drop" which is not available anymore.
* moved rule permitting backup ssh access from the management
station to the firewall to the top of the script. This helps
maintain ssh session, otherwise it may stall or break because
stdout buffer is filled with diagnostic or progress output from
the script that is printed after all chains are flushed but
before rule permitting ssh to the firewall is added. If stdout
buffer is full, ssh stops and tries to send the text to the
management station but times out because firewall blocks it.
* Improvements in policy compiler for pf:
* Activation script for PF flushes only information about rules,
nat, source and tables (it used to flush "all"). This preserves
queue entries and states.
* Improvements in policy compilers for all platforms:
* added support for prolog and epilog scripts for all firewall
platforms. This was available for PIX for some time, now it has
been added for all platforms. "Prolog/Epilog" tab of the firewall
settings dialog allows for editing of two blocks of commands that
will be added to the generated firewall script verbatim. Prolog
block is added on top, while epilog block is added at the bottom.
Both prolog and epilog are expected to be shell scripts and are
added to the generated shell script that activates firewall. For
iptables and ipfw all compiler generates is this shell script and
prolog and epilog commands are inserted into it. These commands
may execute some actions, as well as add any policy or nat
commands. For ipf and pf prolog and epilog commands are added to
the activation shell script ( .fw file); prolog is added
immediately after the command that flushes all rules. This way
user may either execute shell commands or add policy and/or nat
rules by loading them from external file.
* all policy compilers properly detect an error when the output
file can not be created or overwritten and print error message to
warn the user.
* Added element "Target/family" to all OS resource XML files.
Compilers use "family" resource element to determine if host OS
is supported. User may want to copy host OS resource file to
modify installer scriptlets; as long as the family element is
kept the same, compiler will accept new resource file.
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug #1077072: "CrossPlatform Firewall Builder Crash" - pressing arrow
down key on the keyboard right after the GUI started with no firewall
objects defined caused crash.
* bug (no num): if a library was assigned a name with non-ascii
characters, it would appear distorted in the pull-down list in object
dialogs.
* bug (no number) introduced in 2.0.3 when GUI crashed if user tried to
choose pull-down menu item in the firewall list after the very first
firewall object has been created.
* bug (no number): group object dialog corrupted object names if they
contained non-ascii characters.
* bug #1046345: "ipfw - no option to specify ipfw executable". Added GUI
control to let user specify alternative path to "ipfw" on FreeBSD.
Control like that was previously available only for Mac OS X
* bug #1028866: "incorrect order when several rules copied using
copy/paste". Pasting multiple rules into an empty policy caused rules
to be inserted in the wrong order.
* bug (no number): Policy installer failed if the following conditions
were met: - it was running on Linux, FreeBSD or Mac OS X - working
directory configured in the "General" tab of the Preferences dialog
did not exist and could not be created or its permissions did not
allow user that runs the GUI to access it
* Added #include <errno.h> to make code compile with gcc 3.4.2 and glibc
2.3.3
* bug (no number): GUI could not find names of the object libraries in
external library files that user added for automatic load in the
Preferences dialog on Windows. It would find the name of the library
in the first file, but failed to find library names in subsequent
files and used the name from the first file. Since this library was
only present in the first file, object tree was getting corrupted when
the program attempted to load this library from every file configured
for automatic pre-load. This only happened on Windows.
Bugs fixed in API:
* bug #1077496 ] Error compiling libfwbuilder in FreeBSD: The problem
was caused by changed major version number of libnetsnmp library in
the latest net-snmp port (v5.2)
* bug #1055937: "Any->all_multicasts not in INPUT Chain". Need to check
if network objects are multicasts; assume that multicast always
matches firewall object (e.g fwb_ipt will put rule with such network
object in destination in INPUT chain)
* bug #1040773: need to match network address as well as broadcast.
Packets sent to the network address (192.168.1.0 for net
192.168.1.0/24) go in the broadcast frame and behave just like IP
broadcast packets (sent to 192.168.1.1255 for the same net)
* bug (no number): rule shadowing algorithm now assumes that IPService
object with protocol number '0' shades any other service just like
'any' does.
* bug (no num): rule shadowing algorithm checks for IP flags in IP
service object. IP service object with protocol 0 shades anything only
if its flags are cleared. Two IP services shade each other only if
they are completely equal (protocols and all flags settings are the
same). However, IP service with protocol 0 shades other IP service
with protocol !=0 if all flags settings are the same.
* change in the object database merge algorithm: when an object database
we are trying to merge has non-empty "Deleted objects" library,
deleted objects from this library should be ignored (they used to be
deleted from the current tree). Likewise, when current tree has
non-empty "Deleted objects" library and objects in it match objects
being merged in, objects should be removed from "Deleted objects"
library to avoid creating duplicate IDs with objects being merged in.
* bug (no number): program crashed on FreeBSD 5.3 when using SNMP to
obtain parameters for hosts and interfaces. Crash occurred because of
use of uninitialized mutex variables in module dns.cpp
* bug (no number): The API used to corrupt CustomService object while
saving data to the XML file if service code included special
characters such as '&'
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1073491: incorrect code for rules using two interfaces with
negation. If a rule had two (or more) interfaces of the firewall in
the destination, with negation, the code generated by compiler would
check one interface's address in INPUT chain and another in FORWARD
chain. It should check addresses of all interfaces from the
corresponding rule element in the INPUT chain and also check addresses
and possibly services from other rule elements in the FORWARD chain.
This bug affected rules with two or more interfaces both in source and
destination.
* bug #1040788: fwb_ipt and user name. Compiler used to read environment
variable "USER" to find out user's name. Sometimes this variable is
not set, which caused compiler to abort. Using env variable LOGNAME in
addition to USER.
* bug #1040599: "unnecessary FORWARD rules". If ip forwarding is turned
off in the host settings dialog of the linux-based firewall, compiler
should not generate rules in FORWARD chain.
* bug (no number): compiler placed extra quote '"' at the end of each
NAT command in the script using iptables-restore; this happened only
if all interfaces of the firewall had static addresses.
* bug (no number) in fwb_ipt that caused no-nat rules with firewall in
OSrc to be placed only in OUTPUT chain. Packets originating on the
firewall go into OUTPUT and POSTROUTING chains, so no-nat rules must
be placed in both. Other minor improvements for NAT of the locally
originated connections have been done as well.
* bug (no number) where compiler for iptables used option
"--destination-port" with module "multiport" for versions of iptables
that do not understand it (1.2.6 and later, as well as default version
setting 'any'). The option should be "--destination-ports" or
"--dports".
* bug #1063953: "Wrong accept/multiport rule generated". Compiler
generated wrong code for rules using multiple service objects of
different types (TCP and UDP, or TCP and ICMP etc), multiple addresses
in src or dst with option that requires using TCP RST for action
REJECT. This bug was introduced in build 453
* bug (no number): policy compiler for iptables used "tail -1" in the
shell script that read actual IP addresses of interfaces of the
firewall. This shell code failed to determine correct address of an
interface that was configured with a secondary address. Reverted to
using grep (I switched to tail when ran into limitations of one of the
beta builds of Sveasoft Linksys firmware that did not have grep)

212
doc/ReleaseNotes_2.0.5.html Normal file
View File

@@ -0,0 +1,212 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.5 </h2>
<br>
<p>
Released 01/07/05
<br>
<b>GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5</b>
<br>
<h2>Summary </h2>
<p>
This is a bugfix release; its main focus is on internationalization and usability
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>Fixed lots of places were strings were not properly
marked for localization, this lead to GUI showing '????'
instead of a text in some menu items and dialogs in
non-english locales</li>
<li>properly synchronizing state of the items main menu with
state of corresponding items in the pop-up menu that appears
when user right-mouse-clicks on an object in the tree</li>
<li>fixes for non-localized text strings in dialogs (mostly
"Continue", "Yes"/"No" etc. in many places)</li>
<li>proper localization of the human-readable version number
text for iptables; also made info window print readable text
instead of "lt_1.2.6"</li>
<li>cosmetic changes in some dialogs layout to make the look
better when localized text makes strings much longer</li>
<li>firewall object dialog tab "Templates" has been hidden. It
is unlikely that this feature will be implemented in 2.0.X
series.</li>
<li>Streamlined logic in the object editor dialog. This improves
handling of the situation when user closes dialog by clicking on
[x] while 1) there are unsaved data and/or 2) some of the
object's parameters have illegal values. The dialog behavior
also depends on the setting of the global flag "Autosave" that
causes dialog to automatically save data when user switches
between objects.</li>
<li>when user opens data file in the old format (fwbuilder
v1.1.x, extension .xml) and after autoupgrade the program
discovers that the same file with extension .fwb already
exists, it offers the user a chance to choose different
name. If user clicks "Cancel" at this point, the program
cancel operation and reverts upgraded data file back to its
original name and version.</li>
<li>improved behavior of the main menu "Edit" as well as
pop-up menu that appears when user right mouse clicks on an
object in the tree. Menu item "Paste" should only be enabled
if the clipboard is not empty and objects that are stored in
it can be pasted into selected object in the tree.</li>
<li>when user clicks menu item "File/Open" to open a new
file, the GUI should save and close currently opened file
only after the user chooses new file. If user clicks Cancel
in the File/Open dialog, operation should be cancelled so
the user can continue working with currently opened
file. The same applies to operation File/New.</li>
<li>implemented feature request: colors that are used to
color rules can be changed in Preferences dialog.</li>
<li>main menu item "Object/New Object/Address" and
corresponding toolbar button always creates an Address
object under Objects/Addresses folder in the tree. Address
of an interface can be created using pop-up menu item "Add
IP Address"</li>
<li>Pull-down menu "On startup" in the "General" tab of the
preferences dialog now has three items: "Load standard
objects", "Load last edited file" and "Ask user what to
do". The last item is default.</li>
<li>Updated Japanese and Russian translations</li>
</ul>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug (no num): the GUI crashed when user tried to add a
library file for auto-load in Preferences/Libraries and the
first library object in that file had a name using non-ascii
characters</li>
<li>bug (internal #34) the program should issue a warning when
user tries to add a library file (.fwl) that contains object
library that already exists in the opened data file.</li>
<li>bugfixes for the behavior of the object editor
dialogs. Dialog should ask if user wants to save data and then
validate it when user clicks on [x] to close editor dialog. It
used to validate the data first, then ask if they want to close
dialog.</li>
<li>bug (localization): RCS log entries made using non-ascii
characters used to appear as '???' in Open File and
File/Properties dialogs.</li>
<li>localization was broken on win32 and mac os x because
translation files were not installed properly. Now fixed.</li>
<li>bug #1092810: "Multiline RCS comments are shown as a single
line on windows". As it turned out, this bug affected all
platforms.</li>
<li>bug (no num) that caused GUI crash when user created new
firewall object using template with three interfaces.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>bug #1068119: "additional whitespace for Rule comments in
.fw file". Added extra space between rule number and interface
spec in rule comments.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>bug #1089586: "default --icmp-type value is 0 in iptables &lt;
1.2.9". The problem concerns policy rules using service object
"any ICMP". A rule like this is supposed to match any ICMP
packet. Few versions ago I had to add option "-m icmp" (and "-m
udp", "-m tcp") because I've discovered that iptables-restore on
some systems (linksys sveasoft firmware, iptables v1.2.11)
refused to load rules without it. Now it turns out that iptables
v &lt; 1.2.9 (tested on 1.2.6a and 1.2.7a) implicitly adds
equivalent of "--icmp-type 0" to rules with "-p icmp -m icmp"
and without "--icmp-type" option. Since type 0 is actually icmp
echo reply, a rule like this does not match "any ICMP" as it was
supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255"
which matches any icmp type. Using "--icmp-type 255" on iptables
1.2.6 and 1.2.7 does not work (a rule does not match icmp
packets with type different from 255). The fix generates "-p
icmp -m icmp --icmp-type any" for iptables 1.2.9 and later, as
well as when iptables version is not specified in the firewall
object settings. It generates just "-p icmp" for versions &lt;
1.2.9.</li>
<li>bug #1092141: "irritating FORWARD rule for established
connections". Need rule in FORWARD chain only if ip forwarding
is on or set to "no change"</li>
<li>bug #1059393: "function getaddr failed for
eth1.0020". Generated script can now work with interfaces that
have a dot in their name (such as "eth1.0020" - vlan interface)</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for ipfw fwb_ipfw:</h2>
<ul>
<li>bug #1089866: "multiple services in one rule confuses ipfw
compiler". If several UDP or TCP objects were used in the same
policy rule and these service objects had source port ranges
defined, the compiler would produce incorrect code by combining
source port range specifications together in the same ipfw
command.</li>
<li>bug #1093461: "problem with 'established' in ipfw". Ipfw
requires protocol to be set to 'tcp' if option 'established' is
used in a rule.</li>
<li>bug #1093472: "ipfw port range(s) errors". There can only be
one port range in a single ipfw rule.</li>
<li>bug #1093620: "path (to ipfw) with spaces fails". Generated
script failed if path to ipfw contained space. I only worked
around this problem for ipfw; paths to sysctl and logger must be
standard and never contain spaces.</li>
</ul>
</body>
</html>

140
doc/ReleaseNotes_2.0.5.txt Normal file
View File

@@ -0,0 +1,140 @@
Firewall Builder Release Notes
Version 2.0.5
Released 01/07/05
GUI and compilers v2.0.5 require API library libfwbuilder version 2.0.5
Summary
This is a bugfix release; its main focus is on internationalization and
usability
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* Fixed lots of places were strings were not properly marked for
localization, this lead to GUI showing '????' instead of a text
in some menu items and dialogs in non-english locales
* properly synchronizing state of the items main menu with state of
corresponding items in the pop-up menu that appears when user
right-mouse-clicks on an object in the tree
* fixes for non-localized text strings in dialogs (mostly
"Continue", "Yes"/"No" etc. in many places)
* proper localization of the human-readable version number text for
iptables; also made info window print readable text instead of
"lt_1.2.6"
* cosmetic changes in some dialogs layout to make the look better
when localized text makes strings much longer
* firewall object dialog tab "Templates" has been hidden. It is
unlikely that this feature will be implemented in 2.0.X series.
* Streamlined logic in the object editor dialog. This improves
handling of the situation when user closes dialog by clicking on
[x] while 1) there are unsaved data and/or 2) some of the
object's parameters have illegal values. The dialog behavior also
depends on the setting of the global flag "Autosave" that causes
dialog to automatically save data when user switches between
objects.
* when user opens data file in the old format (fwbuilder v1.1.x,
extension .xml) and after autoupgrade the program discovers that
the same file with extension .fwb already exists, it offers the
user a chance to choose different name. If user clicks "Cancel"
at this point, the program cancel operation and reverts upgraded
data file back to its original name and version.
* improved behavior of the main menu "Edit" as well as pop-up menu
that appears when user right mouse clicks on an object in the
tree. Menu item "Paste" should only be enabled if the clipboard
is not empty and objects that are stored in it can be pasted into
selected object in the tree.
* when user clicks menu item "File/Open" to open a new file, the
GUI should save and close currently opened file only after the
user chooses new file. If user clicks Cancel in the File/Open
dialog, operation should be cancelled so the user can continue
working with currently opened file. The same applies to operation
File/New.
* implemented feature request: colors that are used to color rules
can be changed in Preferences dialog.
* main menu item "Object/New Object/Address" and corresponding
toolbar button always creates an Address object under
Objects/Addresses folder in the tree. Address of an interface can
be created using pop-up menu item "Add IP Address"
* Pull-down menu "On startup" in the "General" tab of the
preferences dialog now has three items: "Load standard objects",
"Load last edited file" and "Ask user what to do". The last item
is default.
* Updated Japanese and Russian translations
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug (no num): the GUI crashed when user tried to add a library file
for auto-load in Preferences/Libraries and the first library object in
that file had a name using non-ascii characters
* bug (internal #34) the program should issue a warning when user tries
to add a library file (.fwl) that contains object library that already
exists in the opened data file.
* bugfixes for the behavior of the object editor dialogs. Dialog should
ask if user wants to save data and then validate it when user clicks
on [x] to close editor dialog. It used to validate the data first,
then ask if they want to close dialog.
* bug (localization): RCS log entries made using non-ascii characters
used to appear as '???' in Open File and File/Properties dialogs.
* localization was broken on win32 and mac os x because translation
files were not installed properly. Now fixed.
* bug #1092810: "Multiline RCS comments are shown as a single line on
windows". As it turned out, this bug affected all platforms.
* bug (no num) that caused GUI crash when user created new firewall
object using template with three interfaces.
Bugs fixed in API:
* bug #1068119: "additional whitespace for Rule comments in .fw file".
Added extra space between rule number and interface spec in rule
comments.
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1089586: "default --icmp-type value is 0 in iptables < 1.2.9".
The problem concerns policy rules using service object "any ICMP". A
rule like this is supposed to match any ICMP packet. Few versions ago
I had to add option "-m icmp" (and "-m udp", "-m tcp") because I've
discovered that iptables-restore on some systems (linksys sveasoft
firmware, iptables v1.2.11) refused to load rules without it. Now it
turns out that iptables v < 1.2.9 (tested on 1.2.6a and 1.2.7a)
implicitly adds equivalent of "--icmp-type 0" to rules with "-p icmp
-m icmp" and without "--icmp-type" option. Since type 0 is actually
icmp echo reply, a rule like this does not match "any ICMP" as it was
supposed to do. Iptables 1.2.9 implicitly adds "--icmp-type 255" which
matches any icmp type. Using "--icmp-type 255" on iptables 1.2.6 and
1.2.7 does not work (a rule does not match icmp packets with type
different from 255). The fix generates "-p icmp -m icmp --icmp-type
any" for iptables 1.2.9 and later, as well as when iptables version is
not specified in the firewall object settings. It generates just "-p
icmp" for versions < 1.2.9.
* bug #1092141: "irritating FORWARD rule for established connections".
Need rule in FORWARD chain only if ip forwarding is on or set to "no
change"
* bug #1059393: "function getaddr failed for eth1.0020". Generated
script can now work with interfaces that have a dot in their name
(such as "eth1.0020" - vlan interface)
Bugs fixed in policy compiler for ipfw fwb_ipfw:
* bug #1089866: "multiple services in one rule confuses ipfw compiler".
If several UDP or TCP objects were used in the same policy rule and
these service objects had source port ranges defined, the compiler
would produce incorrect code by combining source port range
specifications together in the same ipfw command.
* bug #1093461: "problem with 'established' in ipfw". Ipfw requires
protocol to be set to 'tcp' if option 'established' is used in a rule.
* bug #1093472: "ipfw port range(s) errors". There can only be one port
range in a single ipfw rule.
* bug #1093620: "path (to ipfw) with spaces fails". Generated script
failed if path to ipfw contained space. I only worked around this
problem for ipfw; paths to sysctl and logger must be standard and
never contain spaces.

259
doc/ReleaseNotes_2.0.6.html Normal file
View File

@@ -0,0 +1,259 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.6 </h2>
<br>
<p>
Released 02/17/05
<br>
<b>GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6</b>
<br>
<h2>Summary </h2>
<p>
This release adds ability to print firewall rulesets
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>Support for printing of firewall rulesets:
<p>
<ul>
<li>prints policies and NAT rules for the currently
opened firewall object</li>
<li>can print a header on each page, header includes
file name, RCS revision number and page number. Header
can be turned off</li>
<li>can print a legend at the end of the
printout. Legend shows each icon and what object type it
corresponds to. Printing of the legend can be turned
off.</li>
<li>can print a list of objects used in all rules of the
firewall. Each object is accompanied with a brief
summary of its parameters. This can be turned off as
well.</li>
<li>While printing rule sets, the program will break the
table on the boundary of a rule when it reaches end of
the page</li>
<li>Rule sets are printed as screenshots of the same
table widget used in the GUI. The user can change
scaling factor for the tables to make them fit on the
page</li>
<li>Printing has been tested on Linux, Windows and Mac
OS X</li>
</ul>
</li>
<li>slightly changed logic with user warnings in the object
removal code. The program asks the user for confirmation if
they remove an ordinary object from a regular
library. Confirmation is not asked if object is removed from
"Deleted objects" library or when a library is being deleted
(in this case we ask a different quastion later
anyway). This helps avoid double warning when a library is
deleted.
<p>
</li>
<li>New service objects:
<ul>
<li>TCP service objects for regular VNC viewer (displays
0 and 1) and Java VNC viewer (displays 0 and 1)</li>
<li>UDP service object for OpenVPN</li>
</ul>
</li>
</ul>
</li>
<li>Improvements in compiler for iptables fwb_ipt
<p>
<ul>
<li>implemented feature req. #1112980: "Need unique names
for accounting rules". User can now specify a unique name
for rules with action 'Accounting'; this name will be
converted to a chain name. This simplifies accounting since
chain name for such rule won't change if the user adds or
removes rules above or below. </li>
</ul>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1107838: "bug in configure script in fwbuilder
2.0.6". Need to specify path "./" when calling runqmake.sh </li>
<li>bug #1109631: "can not copy firewall script to /etc on
Linksys". Added an option ot all OS resource files that
determines whether user is allowed to change installation
directory on the firewall. Currently it is allowed on all
supported OS except Linksys/Sveasoft because there /etc/ resides
on read-only filesystem</li>
<li>bug #1109174: "Cannot print rule base" - implemented
printing</li>
<li>bug #1111244 "GUI allows to add more than one MAC address to
an interface". There can only be one MAC address for each
interface.</li>
<li>bug #1112264: "Load last edited file" setting doesn't
work. This was broken only on Mac OS X.</li>
<li>bug #1112764: "some Objects are partially obscured in
printout". Parts of the "Objects" table were clipped. </li>
<li>bug #1112776: "some items touching seperator lines on
printouts". Rule elements "Action", "Direction", "Options" and
"Comment" were placed right at the top of the table cell which
led to their clipping when rule set was printed on Mac OS
X. Need more testing.</li>
<li>bug #1115412: "Problem installer FWbuilder 2.0.5 for
Windows". Switched to command line option "-l" to specify user
name for external ssh in installer. This was necessary because
Van Dyke SecureCRT on Windows does not support user@host syntax.</li>
<li>bug #1030538: "incorrect highlighting when selecting
multiple rules". This bug seems to be specific to Mac OS X</li>
<li>support request #1118039: "Error when Windows client calls
plink -ssh". The problem is that putty ignores protocol and port
specified in the session file if command line option -ssh is
given. On the other hand, the sign of session usage is an empty
user name, so we can check for that. If user name is empty, then
putty will use current Windows account name to log in to the
firewall and this is unlikely to work anyway. This seems to be a
decent workaround.</li>
<li>bug #1118717: "fwbuilder 206 on Windows XP SP2: error
checking out". Env variable USERNAME was not set in user's
profile, which triggered this bug. Now using getuid to get user
name on Unix and GetUserName on Windows. This should make the
program more resilient for situations when environment variable
LOGNAME or USERNAME is not set</li>
<li>bug #1120904: "GUI hangs when accessing RCS file". Improved
parsing of rlog output.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>bug #1108861: "two rules using MAC address matching shadow
each other". Need to check for MAC addresses while processing
rules for shadowing. </li>
<li>bug #1105167: "Crash when importing a library that has been
deleted".</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>bug #1106701: 'backup ssh access' and statefulness
interation. Need to add rules matching states ESTABLISHED and
RELATED for the backup ssh access to make sure it works even if
global rule matching these states is disabled. </li>
<li>bug #1101910: "Samba problem with Bridged Firewall". Need to
split rule to take care of broadcasts forwarded by the bridge
and broadcasts that are accepted by the firewall itself. Need to
do this only if the rule is not associated with any bridging
interface.</li>
<li>bug #1102629: "lost chain in accounting rules". Rules with
multiple objects in one of the rule elements and action
'Accounting' generated code that ignored objects in that rule
element</li>
<li>bug #1112976: "Accounting rule with logging produces looped
iptables command"</li>
<li>bug #1112470: "Problem with FW part of ANY in Bridged mode".
If fw is considered part of any, we should place rule in
INPUT/OUTPUT chains even if it is a bridging fw since fw itself
may send or receive packets.</li>
<li>bug #1123748 "busybox grep -E". Busybox does not support
option "-E" with grep, however it has "egrep".</li>
<li>bug #1123933 "iptables add_addr() expr binary not found". As
it turns out, /usr/bin/ is not in PATH during boot time on
Slackware. I added /usr/bin/ to PATH variable in generated
iptables script.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for pf fwb_pf:</h2>
<ul>
<li>bug #1105755 "Custom Service objects not working for PF
compiler".User tried to generate a nat rule like this using
CustomService object:
<p>
<blockquote>
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22
</blockquote>
<p>
Taken from the bug report:
<p>
as it turned out, I can not fix this. You are trying to use
Custom Service object to insert protocol list into a "nat"
rule. Normally, a service object such as TCP or UDP service
generates two components for any rule where it is used: a
protocol specification and port specification (type/ code spec
for ICMP). PF is sensitive to the order of parameters in the
rule, in particular, protocol must be defined after interface
but before src/dst addresses in the rule, while port numbers
go after addresses. Compiler easily retrieves this
information from IP, TCP, UDP and ICMP services and places it
in a proper slots in the rule it generates. CustomService
does not have a notion of protocol and parameters for it, so
compiler puts a string that is configured in the CustomService
in the place reserved for port numbers. This means you can not
use CustomService to specify protocols.
<p>
There still was a bug in fwb_pf where it would print
"custom_service" in place of protocol. This is fixed in 2.0.6
build 542. Protocols can not be inserted with Custom Service
though.
<p>
Feature request #1111267 "CustomService should specify protocol
and parameters for it" has been opened
</li>
</ul>
</body>
</html>

166
doc/ReleaseNotes_2.0.6.txt Normal file
View File

@@ -0,0 +1,166 @@
Firewall Builder Release Notes
Version 2.0.6
Released 02/17/05
GUI and compilers v2.0.6 require API library libfwbuilder version 2.0.6
Summary
This release adds ability to print firewall rulesets
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* Support for printing of firewall rulesets:
* prints policies and NAT rules for the currently opened
firewall object
* can print a header on each page, header includes file name,
RCS revision number and page number. Header can be turned
off
* can print a legend at the end of the printout. Legend shows
each icon and what object type it corresponds to. Printing
of the legend can be turned off.
* can print a list of objects used in all rules of the
firewall. Each object is accompanied with a brief summary of
its parameters. This can be turned off as well.
* While printing rule sets, the program will break the table
on the boundary of a rule when it reaches end of the page
* Rule sets are printed as screenshots of the same table
widget used in the GUI. The user can change scaling factor
for the tables to make them fit on the page
* Printing has been tested on Linux, Windows and Mac OS X
* slightly changed logic with user warnings in the object removal
code. The program asks the user for confirmation if they remove
an ordinary object from a regular library. Confirmation is not
asked if object is removed from "Deleted objects" library or when
a library is being deleted (in this case we ask a different
quastion later anyway). This helps avoid double warning when a
library is deleted.
* New service objects:
* TCP service objects for regular VNC viewer (displays 0 and
1) and Java VNC viewer (displays 0 and 1)
* UDP service object for OpenVPN
* Improvements in compiler for iptables fwb_ipt
* implemented feature req. #1112980: "Need unique names for
accounting rules". User can now specify a unique name for rules
with action 'Accounting'; this name will be converted to a chain
name. This simplifies accounting since chain name for such rule
won't change if the user adds or removes rules above or below.
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug #1107838: "bug in configure script in fwbuilder 2.0.6". Need to
specify path "./" when calling runqmake.sh
* bug #1109631: "can not copy firewall script to /etc on Linksys". Added
an option ot all OS resource files that determines whether user is
allowed to change installation directory on the firewall. Currently it
is allowed on all supported OS except Linksys/Sveasoft because there
/etc/ resides on read-only filesystem
* bug #1109174: "Cannot print rule base" - implemented printing
* bug #1111244 "GUI allows to add more than one MAC address to an
interface". There can only be one MAC address for each interface.
* bug #1112264: "Load last edited file" setting doesn't work. This was
broken only on Mac OS X.
* bug #1112764: "some Objects are partially obscured in printout". Parts
of the "Objects" table were clipped.
* bug #1112776: "some items touching seperator lines on printouts". Rule
elements "Action", "Direction", "Options" and "Comment" were placed
right at the top of the table cell which led to their clipping when
rule set was printed on Mac OS X. Need more testing.
* bug #1115412: "Problem installer FWbuilder 2.0.5 for Windows".
Switched to command line option "-l" to specify user name for external
ssh in installer. This was necessary because Van Dyke SecureCRT on
Windows does not support user@host syntax.
* bug #1030538: "incorrect highlighting when selecting multiple rules".
This bug seems to be specific to Mac OS X
* support request #1118039: "Error when Windows client calls plink
-ssh". The problem is that putty ignores protocol and port specified
in the session file if command line option -ssh is given. On the other
hand, the sign of session usage is an empty user name, so we can check
for that. If user name is empty, then putty will use current Windows
account name to log in to the firewall and this is unlikely to work
anyway. This seems to be a decent workaround.
* bug #1118717: "fwbuilder 206 on Windows XP SP2: error checking out".
Env variable USERNAME was not set in user's profile, which triggered
this bug. Now using getuid to get user name on Unix and GetUserName on
Windows. This should make the program more resilient for situations
when environment variable LOGNAME or USERNAME is not set
* bug #1120904: "GUI hangs when accessing RCS file". Improved parsing of
rlog output.
Bugs fixed in API:
* bug #1108861: "two rules using MAC address matching shadow each
other". Need to check for MAC addresses while processing rules for
shadowing.
* bug #1105167: "Crash when importing a library that has been deleted".
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1106701: 'backup ssh access' and statefulness interation. Need to
add rules matching states ESTABLISHED and RELATED for the backup ssh
access to make sure it works even if global rule matching these states
is disabled.
* bug #1101910: "Samba problem with Bridged Firewall". Need to split
rule to take care of broadcasts forwarded by the bridge and broadcasts
that are accepted by the firewall itself. Need to do this only if the
rule is not associated with any bridging interface.
* bug #1102629: "lost chain in accounting rules". Rules with multiple
objects in one of the rule elements and action 'Accounting' generated
code that ignored objects in that rule element
* bug #1112976: "Accounting rule with logging produces looped iptables
command"
* bug #1112470: "Problem with FW part of ANY in Bridged mode". If fw is
considered part of any, we should place rule in INPUT/OUTPUT chains
even if it is a bridging fw since fw itself may send or receive
packets.
* bug #1123748 "busybox grep -E". Busybox does not support option "-E"
with grep, however it has "egrep".
* bug #1123933 "iptables add_addr() expr binary not found". As it turns
out, /usr/bin/ is not in PATH during boot time on Slackware. I added
/usr/bin/ to PATH variable in generated iptables script.
Bugs fixed in policy compiler for pf fwb_pf:
* bug #1105755 "Custom Service objects not working for PF compiler".User
tried to generate a nat rule like this using CustomService object:
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any ->
22.22.22.22
Taken from the bug report:
as it turned out, I can not fix this. You are trying to use Custom
Service object to insert protocol list into a "nat" rule. Normally, a
service object such as TCP or UDP service generates two components for
any rule where it is used: a protocol specification and port
specification (type/ code spec for ICMP). PF is sensitive to the order
of parameters in the rule, in particular, protocol must be defined
after interface but before src/dst addresses in the rule, while port
numbers go after addresses. Compiler easily retrieves this information
from IP, TCP, UDP and ICMP services and places it in a proper slots in
the rule it generates. CustomService does not have a notion of
protocol and parameters for it, so compiler puts a string that is
configured in the CustomService in the place reserved for port
numbers. This means you can not use CustomService to specify
protocols.
There still was a bug in fwb_pf where it would print "custom_service"
in place of protocol. This is fixed in 2.0.6 build 542. Protocols can
not be inserted with Custom Service though.
Feature request #1111267 "CustomService should specify protocol and
parameters for it" has been opened

271
doc/ReleaseNotes_2.0.7.html Normal file
View File

@@ -0,0 +1,271 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.7 </h2>
<br>
<p>
Released 05/08/2005
<br>
<b>GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7</b>
<br>
<h2>Summary </h2>
<p>
This is a bug fix release
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>implemented feature req. #1151220: "Close" button should
change is caption/title to "Install". When user clicks
"Install" toolbar button or main menu item, the "Close"
button in the pop-up window that displays compiler progress
changes its text caption to "Install"</li>
<li>implemented feature request #1151206: "Search for IP
Addresses". "Find" dialog searches for objects by a
combination of name and one of the following attributes:
address, tcp/udp port, ip protocol number or icmp message
type. Regular expressions can be used for both name and
attribute.</li>
<li>Support for SNMP operations has been added in Windows
packages of Firewall Builder</li>
</ul>
</li>
<li>Improvements in built-in installer:
<p>
User can specify additional command line parameters for ssh
that built-in installer runs to access firewall. This allows
for alternative ssh port or alternative ssh identity to be
used when accessing firewall. Parameters can be added in the
"Installer" tab of firewall settings dialog for all
platforms.
</p>
</li>
<li>Improvements in compiler for ipfilter fwb_ipf
<p>
Added support for dynamic addresses in ipfilter. Actual
address of dynamic interface is now determined at run-time
in the policy activation script &lt;firewall_name&gt;.fw
generated by fwbuilder. If dynamic interface is used
somewhere in the policy or nat rules, it will be replaced
with its actual address by activation script before
configuration is sent to ipf or ipnat for activation. This
run-time substitution is done only if a checkbox is checked
in the "Script options" tab of firewall settings
dialog. Default behavior is to use "any". This is because
ipfilter configuration files &lt;firewall&gt;-ipf.conf and
&lt;firewall&gt;-nat.conf that rely on run-time substitution
of dynamic interface address can not be loaded using
standard activation scripts that come with FreeBSD.
</p>
<p>
Generated script uses function getaddr() to determine
address of dynamic interface. This function falls back to
0.0.0.0/32 if dynamic interface has not been assigned an
address yet or is down. Ipfilter policy using run-time
substitution of dynamic interface addresses will be
functional even if these interfaces are down or do not have
IP address.
</p>
</li>
<li>Improvements in compiler for iptables fwb_ipt
<p>
Generated iptables script sets default policies to DROP in
all ipv6 filter chains. More detailed control can be
implemented using prolog or epilog scripts.
<p>
Note that this changes behavior of the generated iptables
script with respect to IPv6. Until now, the script just
ignored IPv6 but some people felt this leaves a hole in the
firewall and asked me to make the script close it. Generated
shell code will check if ip6tables is installed on the
system and if it actually works before setting default
policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is
not compiled into the kernel (so ip6tables does not work and
generates errors).
</p>
</li>
</ul>
<br>
<br>
<hr>
<br>
<br>
<h2>Bugs fixed in GUI:</h2>
<ul>
<li>bug #1151052: "Not external interfaces marked as
external". Dialog for an interface object that belongs to a host
should not show checkbox "external (insecure) interface"</li>
<li>bug #1151212: "Collapsed sub-objects shouldn't be added if
they are hidden". When user selects multiple objects in the tree
some of which have child objects, those child objects used to be
also selected and added to groups in addition to their parent
objects via drag-and-drop operation.</li>
<li>bug #1151243: "Maintain format of description text". The GUI
ignored text formatting in object comment when displayed it in
the info panel (lower left corner of the main windows)</li>
<li>bug #1155163: "print does not print group contents". The
program printed only number of objects contaned in object or
service groups. Now it prints lists of member objects for all
groups used in rules. If groups contain other groups, they are
printed recursively.</li>
<li>bug #1172620: "Add tcp service object for icslap". Added
this object to the objects library "Standard".</li>
<li>bug #1184791: "can not copy/paste multiple objects into a
group"</li>
</ul>
<br>
<br>
<h2>Bugs fixed in API:</h2>
<ul>
<li>
bug #1158870: "mutexes are not properly created on
FreeBSD". Mutexes gethostbyname_mutex and gethostbyaddr_mutex
were never created but used on OS where thread-safe resolver
is not available.
</li>
<li>bug #1151219: "New Host creation window is not well
dimensioned". Fixed wrong dialog page layout in the new host
wizard.</li>
<li>bug #1157976: "patches to make fwbuilder compile under
NetBSD 1.6". Applied patches.</li>
<li>bug #1173801: '"&" character in prolog/epilog'. Needed to
call xmlEncodeSpecialChars to encode special characters in
firewall options</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for iptables fwb_ipt:</h2>
<ul>
<li>
bug #1123748: "busybox grep -E". Busybox in floppyfw is
compiled without support for egrep (or grep -E). Switched to
using "plain" grep.</li>
<li>bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16
or 31 ports were used in a single rule, compiler generated
command with conflicting options "-m multiport --dport"</li>
<li>
bug #1176890: "block IPv6". Generated iptables script sets
default policies to DROP in all ipv6 filter chains. More
detailed control can be implemented using prolog or epilog
scripts.
<p>
Note that this changes behavior of the generated iptables
script with respect to IPv6. Until now, the script just
ignored IPv6 but some people felt this leaves a hole in the
firewall and asked me to make the script close it. Generated
shell code will check if ip6tables is installed on the
system and if it actually works before setting default
policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is
not compiled into the kernel (so ip6tables does not work and
generates errors).
</li>
<li>bug #1176890: "block IPv6". Generated iptables script sets
default policies to DROP in all ipv6 filter chains. More
detailed control can be implemented using prolog or epilog
scripts.</li>
<li>bug #1179103: 'compiled rules can not be
installed'. Generated iptables script could not be used on
systems with non-English locale where timezone name used local
characters because these characters were printed as hex (
"&amp;#21488;" ) and '&amp;' caused problems with shell. Now using
single quotes to make shell ignore any characters in the
string. Will deal with proper printing of localazed timezone
later.</li>
<li>bug #1181359: "Missing traling space in "INVALID state"
syslog message"</li>
<li>bug #1195201: "getaddr function return error ip address". Yet
another change in the way we use grep to find IP addresses of an
interface on Linux. We can't use regex (bug #1123748) and need
to filter out secondary addresses from the "ip addr show"
output. It looks like "grep -v :" neatly solves the problem
without using regex.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for pf fwb_ipf:</h2>
<ul>
<li>bug #1173067: "support for port ranges in NAT rules
(ipfilter)" - policy compiler for ipfilter should split DNAT
rules (rdr) that use TCP or UDP objects with port ranges. A
warning is issued if more than 20 rules are created.
</li>
<li>bug
#1173064: "support for dynamic interfaces in ipfilter". Actual
address of dynamic interface is now determined at run-time in the
policy activation script &lt;firewall_name&gt;.fw generated by
fwbuilder. If dynamic interface is used somewhere in the policy or
nat rules, it will be replaced with its actual address by
activation script before configuration is sent to ipf or ipnat for
activation. This run-time substitution is done only if a checkbox
is checked in the "Script options" tab of firewall settings
dialog. Default behavior is to use "any". This is because ipfilter
configuration files &lt;firewall&gt;-ipf.conf and &lt;firewall&gt;-nat.conf
that rely on run-time substitution of dynamic interface address
can not be loaded using standard activation scripts that come with
FreeBSD.
<p>
This also fixes another problem in fwb_ipf where it generated rdr
and nat commands with address 0.0.0.0/32 if dynamic interface was
used in a NAT rule.</li>
</ul>
<br>
<br>
<h2>Bugs fixed in policy compiler for pf fwb_pf:</h2>
<ul>
<li>bug #1176051: "incorrect rule generated for TCP service
ftp-data". If a rule used several TCP or UDP service objects and
one of them has source port range configured, generated PF
filter rule incorrectly matched on a combiantion of that source
port range _and_ destination port ranges from all other service
objects. This bug affected compilers for OpenBSD PF and ipfilter</li>
</ul>
</body>
</html>

181
doc/ReleaseNotes_2.0.7.txt Normal file
View File

@@ -0,0 +1,181 @@
Firewall Builder Release Notes
Version 2.0.7
Released 05/08/2005
GUI and compilers v2.0.7 require API library libfwbuilder version 2.0.7
Summary
This is a bug fix release
For those who wish to build from source, instructions are outlined in the
document "Install and Build instructions" on our web site here
What's new
* Improvements in the GUI
* implemented feature req. #1151220: "Close" button should change
is caption/title to "Install". When user clicks "Install" toolbar
button or main menu item, the "Close" button in the pop-up window
that displays compiler progress changes its text caption to
"Install"
* implemented feature request #1151206: "Search for IP Addresses".
"Find" dialog searches for objects by a combination of name and
one of the following attributes: address, tcp/udp port, ip
protocol number or icmp message type. Regular expressions can be
used for both name and attribute.
* Support for SNMP operations has been added in Windows packages of
Firewall Builder
* Improvements in built-in installer:
User can specify additional command line parameters for ssh that
built-in installer runs to access firewall. This allows for
alternative ssh port or alternative ssh identity to be used when
accessing firewall. Parameters can be added in the "Installer" tab of
firewall settings dialog for all platforms.
* Improvements in compiler for ipfilter fwb_ipf
Added support for dynamic addresses in ipfilter. Actual address of
dynamic interface is now determined at run-time in the policy
activation script <firewall_name>.fw generated by fwbuilder. If
dynamic interface is used somewhere in the policy or nat rules, it
will be replaced with its actual address by activation script before
configuration is sent to ipf or ipnat for activation. This run-time
substitution is done only if a checkbox is checked in the "Script
options" tab of firewall settings dialog. Default behavior is to use
"any". This is because ipfilter configuration files
<firewall>-ipf.conf and <firewall>-nat.conf that rely on run-time
substitution of dynamic interface address can not be loaded using
standard activation scripts that come with FreeBSD.
Generated script uses function getaddr() to determine address of
dynamic interface. This function falls back to 0.0.0.0/32 if dynamic
interface has not been assigned an address yet or is down. Ipfilter
policy using run-time substitution of dynamic interface addresses will
be functional even if these interfaces are down or do not have IP
address.
* Improvements in compiler for iptables fwb_ipt
Generated iptables script sets default policies to DROP in all ipv6
filter chains. More detailed control can be implemented using prolog
or epilog scripts.
Note that this changes behavior of the generated iptables script with
respect to IPv6. Until now, the script just ignored IPv6 but some
people felt this leaves a hole in the firewall and asked me to make
the script close it. Generated shell code will check if ip6tables is
installed on the system and if it actually works before setting
default policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is not
compiled into the kernel (so ip6tables does not work and generates
errors).
----------------------------------------------------------------------
Bugs fixed in GUI:
* bug #1151052: "Not external interfaces marked as external". Dialog for
an interface object that belongs to a host should not show checkbox
"external (insecure) interface"
* bug #1151212: "Collapsed sub-objects shouldn't be added if they are
hidden". When user selects multiple objects in the tree some of which
have child objects, those child objects used to be also selected and
added to groups in addition to their parent objects via drag-and-drop
operation.
* bug #1151243: "Maintain format of description text". The GUI ignored
text formatting in object comment when displayed it in the info panel
(lower left corner of the main windows)
* bug #1155163: "print does not print group contents". The program
printed only number of objects contaned in object or service groups.
Now it prints lists of member objects for all groups used in rules. If
groups contain other groups, they are printed recursively.
* bug #1172620: "Add tcp service object for icslap". Added this object
to the objects library "Standard".
* bug #1184791: "can not copy/paste multiple objects into a group"
Bugs fixed in API:
* bug #1158870: "mutexes are not properly created on FreeBSD". Mutexes
gethostbyname_mutex and gethostbyaddr_mutex were never created but
used on OS where thread-safe resolver is not available.
* bug #1151219: "New Host creation window is not well dimensioned".
Fixed wrong dialog page layout in the new host wizard.
* bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6".
Applied patches.
* bug #1173801: '"&" character in prolog/epilog'. Needed to call
xmlEncodeSpecialChars to encode special characters in firewall options
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1123748: "busybox grep -E". Busybox in floppyfw is compiled
without support for egrep (or grep -E). Switched to using "plain"
grep.
* bug #1160186: 'IPTables Compiler - Multiport Issue'. When 16 or 31
ports were used in a single rule, compiler generated command with
conflicting options "-m multiport --dport"
* bug #1176890: "block IPv6". Generated iptables script sets default
policies to DROP in all ipv6 filter chains. More detailed control can
be implemented using prolog or epilog scripts.
Note that this changes behavior of the generated iptables script with
respect to IPv6. Until now, the script just ignored IPv6 but some
people felt this leaves a hole in the firewall and asked me to make
the script close it. Generated shell code will check if ip6tables is
installed on the system and if it actually works before setting
default policies to DROP. This means it won't try to do it if
ip6tables is not installed or if it is present, but IPv6 is not
compiled into the kernel (so ip6tables does not work and generates
errors).
* bug #1176890: "block IPv6". Generated iptables script sets default
policies to DROP in all ipv6 filter chains. More detailed control can
be implemented using prolog or epilog scripts.
* bug #1179103: 'compiled rules can not be installed'. Generated
iptables script could not be used on systems with non-English locale
where timezone name used local characters because these characters
were printed as hex ( "&#21488;" ) and '&' caused problems with shell.
Now using single quotes to make shell ignore any characters in the
string. Will deal with proper printing of localazed timezone later.
* bug #1181359: "Missing traling space in "INVALID state" syslog
message"
* bug #1195201: "getaddr function return error ip address". Yet another
change in the way we use grep to find IP addresses of an interface on
Linux. We can't use regex (bug #1123748) and need to filter out
secondary addresses from the "ip addr show" output. It looks like
"grep -v :" neatly solves the problem without using regex.
Bugs fixed in policy compiler for pf fwb_ipf:
* bug #1173067: "support for port ranges in NAT rules (ipfilter)" -
policy compiler for ipfilter should split DNAT rules (rdr) that use
TCP or UDP objects with port ranges. A warning is issued if more than
20 rules are created.
* bug #1173064: "support for dynamic interfaces in ipfilter". Actual
address of dynamic interface is now determined at run-time in the
policy activation script <firewall_name>.fw generated by fwbuilder. If
dynamic interface is used somewhere in the policy or nat rules, it
will be replaced with its actual address by activation script before
configuration is sent to ipf or ipnat for activation. This run-time
substitution is done only if a checkbox is checked in the "Script
options" tab of firewall settings dialog. Default behavior is to use
"any". This is because ipfilter configuration files
<firewall>-ipf.conf and <firewall>-nat.conf that rely on run-time
substitution of dynamic interface address can not be loaded using
standard activation scripts that come with FreeBSD.
This also fixes another problem in fwb_ipf where it generated rdr and
nat commands with address 0.0.0.0/32 if dynamic interface was used in
a NAT rule.
Bugs fixed in policy compiler for pf fwb_pf:
* bug #1176051: "incorrect rule generated for TCP service ftp-data". If
a rule used several TCP or UDP service objects and one of them has
source port range configured, generated PF filter rule incorrectly
matched on a combiantion of that source port range _and_ destination
port ranges from all other service objects. This bug affected
compilers for OpenBSD PF and ipfilter

203
doc/ReleaseNotes_2.0.8.html Normal file
View File

@@ -0,0 +1,203 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<link rel="stylesheet" type="text/css" href="http://www.fwbuilder.org/pages/fwbuilder.css">
</head>
<body>
<h1> Firewall Builder Release Notes </h1>
<br>
<h2> Version 2.0.8 </h2>
<br>
<p>
Released 07/08/2005
<br>
<b>GUI and compilers v2.0.8 require API library libfwbuilder version 2.0.8</b>
<br>
<h2>Summary </h2>
<p>
This is a bug fix release
<p>
<b>For those who wish to build from source, instructions are outlined
in the document "Install and Build instructions" on our web site <a
href="http://www.fwbuilder.org/archives/cat_installation.html">here</a></b>
<h2>What's new</h2>
<ul>
<li>Improvements in the GUI
<p>
<ul>
<li>Included updated German translation by Hans Peter
Dittler &lt;hpdittler at braintec-consult.de&gt;
</li>
<li>implemented Feature Request #1145666: "Print RCS
Log". File/Properties dialog can now print RCS log. Thanks
to "Ilya V. Yalovoy" &lt;yalovoy@pilot.aip.mk.ua&gt; for the
patch.</li>
<li>Some code changes were made to make the code comiple and
work on Solaris. In particular, tests and emulation for
forkpty and cfmakeraw functions were added. Currently this
still remains largely untested.</li>
</ul>
</li>
<li>Improvements in policy compilers for pf, ipf, ipfw