This commit was manufactured by cvs2svn to create tagvendor/ipfilter/3.4.28

'ipfilter-vendor-v3-4-28'.

74 files changed, 0 insertions, 7091 deletions

diff --git a/contrib/ipfilter/COMPILE.2.5 b/contrib/ipfilter/COMPILE.2.5
deleted file mode 100644
index ae550f896e49..000000000000
--- a/contrib/ipfilter/COMPILE.2.5
+++ /dev/null
@@ -1,11 +0,0 @@
-
-If you get the following error whilst compiling:
-
-In file included from /usr/local/lib/gcc-lib/sparc-sun-solaris2.3/2.6.3/include/sys/user.h:48,
-                 from /usr/include/sys/file.h:15,
-                 from ../ip_nat.c:15:
-/usr/include/sys/psw.h:19: #error Kernel include of psw.h
-
-Remove (comment out) the line in
-/usr/local/lib/gcc-lib/sparc-sun-solaris2.3/2.6.3include/sys/user.h
-which includes psw.h
diff --git a/contrib/ipfilter/COMPILE.Solaris2 b/contrib/ipfilter/COMPILE.Solaris2
deleted file mode 100644
index 45442c5a4051..000000000000
--- a/contrib/ipfilter/COMPILE.Solaris2
+++ /dev/null
@@ -1,19 +0,0 @@
-If you have BOTH GNU make and the normal make shipped with your system,
-DO NOT use the GNU make to build this package.  If you have any errors
-relating to "(" or "TOP", check that you are using /usr/ccs/bin/make as
-shipped with Solaris 2.
-
-If you get the following error whilst compiling:
-
-In file included from /usr/local/lib/gcc-lib/sparc-sun-solaris2.3/2.6.3/include/sys/user.h:48,
-                 from /usr/include/sys/file.h:15,
-                 from ../ip_nat.c:15:
-/usr/include/sys/psw.h:19: #error Kernel include of psw.h
-
-That means that you have a version of gcc build under on older release
-of Solaris 2.x
-
-You need to reinstall gcc after each Solaris upgrade; gcc creates its own
-set of modified system include files which are only valid for the exact
-release on which gcc was build.
-
diff --git a/contrib/ipfilter/FWTK/FWTK.sed b/contrib/ipfilter/FWTK/FWTK.sed
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/contrib/ipfilter/FWTK/FWTK.sed
+++ /dev/null
diff --git a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch b/contrib/ipfilter/FreeBSD-4.0/ipv6-patch
deleted file mode 100755
index c232b2c15972..000000000000
--- a/contrib/ipfilter/FreeBSD-4.0/ipv6-patch
+++ /dev/null
@@ -1,61 +0,0 @@
-*** ip6_input.c.orig	Sun Feb 13 14:32:01 2000
---- ip6_input.c	Wed Apr 26 22:31:34 2000
-***************
-*** 121,126 ****
---- 121,127 ----
-  
-  extern struct	domain inet6domain;
-  extern struct	ip6protosw inet6sw[];
-+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
-  
-  u_char	ip6_protox[IPPROTO_MAX];
-  static int	ip6qmaxlen = IFQ_MAXLEN;
-***************
-*** 302,307 ****
---- 303,317 ----
-  		ip6stat.ip6s_badvers++;
-  		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
-  		goto bad;
-+ 	}
-+ 
-+ 	if (fr_checkp) {
-+ 		struct	mbuf	*m1 = m;
-+ 
-+ 		if ((*fr_checkp)(ip6, sizeof(*ip6), m->m_pkthdr.rcvif,
-+ 				 0, &m1) || !m1)
-+ 			return;
-+ 		ip6 = mtod(m = m1, struct ip6_hdr *);
-  	}
-  
-  	ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
-*** ip6_output.c.orig	Fri Mar 10 01:57:16 2000
---- ip6_output.c	Wed Apr 26 22:34:34 2000
-***************
-*** 108,113 ****
---- 108,115 ----
-  #include <netinet6/ip6_fw.h>
-  #endif
-  
-+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
-+ 
-  static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
-  
-  struct ip6_exthdrs {
-***************
-*** 754,759 ****
---- 756,770 ----
-  			ip6->ip6_src.s6_addr16[1] = 0;
-  		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
-  			ip6->ip6_dst.s6_addr16[1] = 0;
-+ 	}
-+ 
-+ 	if (fr_checkp) {
-+ 		struct  mbuf    *m1 = m;
-+ 
-+ 		if ((error = (*fr_checkp)(ip6, sizeof(*ip6), ifp, 1, &m1)) ||
-+ 		    !m1)
-+ 			goto done;
-+ 		ip6 = mtod(m = m1, struct ip6_hdr *);
-  	}
-  
-  #ifdef IPV6FIREWALL
diff --git a/contrib/ipfilter/INSTALL.BSDOS b/contrib/ipfilter/INSTALL.BSDOS
deleted file mode 100644
index 17d9602ef8ab..000000000000
--- a/contrib/ipfilter/INSTALL.BSDOS
+++ /dev/null
@@ -1,35 +0,0 @@
-
-BSD/OS users.
--------------
-
-First, you need to build IP Filter.  Do this from the "ip_fil3.2.x"
-directory with the command "make bsdos".  If this completes successfully,
-install the various bits and pieces with "make install-bsd".
-
-Prior to starting, it is a good idea for you to know what your kernel config
-file is (it appears that the script guesses incorrectly at present).
-
-Once you have that in mind, run the 'kinstall' script in the correct
-BSDOS3 or BSDOS4 directory.  This will attempt to patch a bunch of files
-or install the relevant .o files if you don't have kernel source.
-It will also go and install all the IP Filter .c and .h files where they
-can be find when it comes time to build the kernel.
-
-The script will then pause and ask you for your kernel configuration
-file.  After you enter this, it will add "options IPFILTER" to your
-kernel configuration file.  IF YOU WANT TO DO LOGGING, ADD
-"options IPFILTER_LOG" to your kernel configuration file NOW!
-
-Now that you've got your kernel configuration file done, use config
-to setup a new kernel build and complete with make.
-
-When the kernel rebuilt is complete, put it into / and reboot with
-your new kernel.  If IP Filter has been configured into your kernel
-correctly, you will see a message like this when your system boots:
-
-IP Filter: initialized.  Default = pass all, Logging = enabled
-
-Upon logging in, the IP Filter commands ipfstat, et al, should all
-function properly.
-
-Darren
diff --git a/contrib/ipfilter/INSTALL.BSDOS3 b/contrib/ipfilter/INSTALL.BSDOS3
deleted file mode 100644
index 8842b981911c..000000000000
--- a/contrib/ipfilter/INSTALL.BSDOS3
+++ /dev/null
@@ -1,44 +0,0 @@
-
-BSD/OS 3.x users.
------------------
-
-First, you will need to either:
-(a) have a source license for the kernel so you can patch some files or
-(b) obtain the relevant pre-compiled .o files (I can't supply these yet).
-
-The files which you will need patched are:
-ip_input.c, ip_output.c (maybe in_proto.c and ioconf.c.i386 too - NOT sure).
-
-First, you need to build IP Filter.  Do this from the "ip_fil3.2.x"
-directory with the command "make bsdos".  If this completes successfully,
-install the various bits and pieces with "make install-bsd".
-
-Prior to starting, it is a good idea for you to know what your kernel config
-file is (it appears that the script guesses incorrectly at present).
-
-Once you have that in mind, run the 'kinstall' script in the BSDOS3
-directory.  This will attempt to patch a bunch of files.  If you've
-obtained the relevant .o files, ignore the errors, otherwise please
-report them to me and mention which version of BSD/OS you are using
-and on what platform (Sparc, i386, etc).  It will also go and install
-all the IP Filter .c and .h files where they can be find when it comes
-time to build the kernel.
-
-The script will then pause and ask you for your kernel configuration
-file.  After you enter this, it will add "options IPFILTER" to your
-kernel configuration file.  IF YOU WANT TO DO LOGGING, ADD
-"options IPFILTER_LOG" to your kernel configuration file NOW!
-
-Now that you've got your kernel configuration file done, use config
-to setup a new kernel build and complete with make.
-
-When the kernel rebuilt is complete, put it into / and reboot with
-your new kernel.  If IP Filter has been configured into your kernel
-correctly, you will see a message like this when your system boots:
-
-IP Filter: initialized.  Default = pass all, Logging = enabled
-
-Upon logging in, the IP Filter commands ipfstat, et al, should all
-function properly.
-
-Darren
diff --git a/contrib/ipfilter/INSTALL.IRIX b/contrib/ipfilter/INSTALL.IRIX
deleted file mode 100644
index b64d4349879b..000000000000
--- a/contrib/ipfilter/INSTALL.IRIX
+++ /dev/null
@@ -1,108 +0,0 @@
-
-IP Filter has been mostly tested under IRIX 6.2. It should work under IRIX 6.3
-as well. Under IRIX 5.3, it has been successfully compiled and linked in the
-kernel, but not tested. Compilation under IRIX >= 6.4 is not yet supported.
-
-To build a kernel with the IP filter and install it on your system,
-follow these steps:
-
-	1. edit the top-level Makefile to
-		a) comment-out the IPFLKM definition.
-			This means changing the line reading:
-				IPFLKM=-DIPFILTER_LKM
-			to
-				#IPFLKM=-DIPFILTER_LKM
-		b) select the system's compiler (cc)
-			This means changing the line reading:
-				CC=gcc
-			to
-				CC=cc
-		b) enable full optimization
-			This means changing the lines reading:
-				DEBUG=-g
-				CFLAGS=-I$$(TOP)
-			to
-				DEBUG=
-				CFLAGS=-O2 -I$$(TOP)
-
-        1. do "make irix" (Warning: GNU make is not supported, so if it has
-	been installed on your system, verify your path and/or do "which make"
-	to guarantee that IRIX's /sbin/make has precedence)
-
-        2. do "make install-irix" as root
-	   (a new kernel will be automatically built)
-
-	3. determine the filtering rules and place them in /etc/ipf.conf
-	   and /etc/ipnat.conf
-
-        4. do "init 6" as root to reboot with the new kernel
-
-	After restarting, the filter should be active and behaving according to
-	the rules loaded from /etc/ipf.conf and /etc/ipfnat.conf.
-
-	These files can be changed at any time, and reloaded using the
-	following command sequence:
-
-	# sh /etc/init.d/ipf stop; sh /etc/init.d/ipf start
-
-
-To remove the IP Filter from your kernel, follow these steps:
-
-	1. Delete the /var/sysgen/boot/ipfilter.o file
-
-	# rm /var/sysgen/boot/ipfilter.o
-
-	2. If SGI's ipfilter.o had been previously installed, restore it
-	back to its original location
-
-	# mv /var/sysgen/boot/ipfilter.o.DIST /var/sysgen/boot/ipfilter.o
-
-	3. Build a new kernel
-
-	# /etc/autoconfig
-
-	4. Delete the /etc/rc2.d/S33ipf symbolic link
-
-	# rm /etc/rc2.d/S33ipf
-
-	5. Reboot
-
-	# init 6
-
-
-ADDITIONAL NOTES:
-
-	- The IP filter uses the same kernel interface to the IP driver as
-	SGI's ipfilter. In fact, it is installed in place of SGI's
-	/var/sysgen/boot/ipfilter.o module, after renaming it (if installed)
-	to /var/sysgen/boot/ipfilter.o.DIST. You should ensure that SGI's
-	ipfilterd daemon is not running simultaneously, since this package uses
-	the same major device number.
-
-	- We have not tested IP Filter on a multiprocessor machine yet.
-	However, feel free to try it and send your experiences/patches
-	back to marc@CAM.ORG. SGI prescribes that kernel code be built on such
-	systems with -D_MP_NETLOCKS -DMP. Therefore, these flags should
-	probably be uncommented on the DFLAGS line of IRIX/Makefile if your
-	machine has more than one processor.
-
-	- It is also possible to build IP Filter as a dynamically loadable
-	kernel module (by retaining the IPFLKM=-DIPFILTER_LKM definition in the
-	top-level Makefile), but this is not recommended other than for testing
-	and debugging purposes, because the only possible method for dynamic
-	attachment to the IP stack (instruction patching) is highly dependent
-	on the processor architecture. The code provided has only been tested
-	with IP22 CPU boards and can sometime cause panics during loading due
-	to a potential race condition.
-
-
-CREDITS:
-
-	IP Filter was ported to IRIX by Marc Boucher <marc@CAM.ORG>
-
-	Marc Boucher wishes to thank the
-		ICARI Institute (http://www.icari.qc.ca)
-	and
-		Aurelio Cascio <aurelio@toonboom.com>
-	for their financial support and testing facilities, respectively.
-
diff --git a/contrib/ipfilter/INSTALL.Linux b/contrib/ipfilter/INSTALL.Linux
deleted file mode 100644
index 1a5d15b59f02..000000000000
--- a/contrib/ipfilter/INSTALL.Linux
+++ /dev/null
@@ -1,50 +0,0 @@
-IP-Filter on Linux 2.0.31
--------------------------
-
-NOTE: I have *ONLY* compiled and created patches for using IP Filter on
-      Linux 2.0.31.  Any other kernel revision may need seprate patches.
-      Also, I've only tested on a x86 CPU so I can't make any guarantees
-      about it working on Sparc/Mac/Amiga.
-
-First, you should do a sanity check of your system to make sure it will
-compile IP Filter.  You will need a "libfl" and a "libelf".  If you don't
-have these, install them before proceeding.
-
-The installation and compiliation process assumes that Linux 2.0.31
-will be in the /usr/src/linux directory and that all the symbolic links
-in /usr/include match.  /usr/src/linux may be a symbolic link too, but
-it must point to a 2.0.31 kernel source tree.
-
-The first step is to make the IP Filter binaries.  Do this with a
-"make linux" from the ip_fil3.2.x directory.  If this completes with
-no errors, install IP Filter with a "make install-linux".
-
-Now that the user part of it is complete, it is time to work on the kernel.
-To start this off, run "Linux/minstall".  This will configure the devices
-you will need for the IP Filter.  Then run "Linux/kinstall".  This will
-patch your kernel source code and configuration files so you can enabled IP
-Filter.  You must now go to /usr/src/linux and configure your kernel using one
-of the available interfaces to enable IP Filter.  IP Filter will be presented
-as a three way choice "y/m/n" - select "m" to enable it.  Save your kernel
-configuration file, rebuild, install and reboot with the new kernel.
-
-When you've rebooted with the new kernel, you should be able to load
-IP Filter with the command "insmod if_ipl".  All going will, you will
-see a message like this on your console:
-
-IP Filter: initialized.  Default = pass all, Logging = enabled
-
-indicating that IP Filter has successfully been loaded into the kernel
-and is awaiting.
-
-Darren
-
-Features Not Available on Linux, yet:
-
-- compiled into the kernel
-"<action> in on <if> to <if> ..."
-"<action> in on <if> dup-to <if> ..."
-"<action> in on <if> fastroute ..."
-"block return-rst ..."
-"map ... proxy ..." (Linux's masquerading is better at present)
-
diff --git a/contrib/ipfilter/INSTALL.NetBSD b/contrib/ipfilter/INSTALL.NetBSD
deleted file mode 100644
index 012d6d7f8d2d..000000000000
--- a/contrib/ipfilter/INSTALL.NetBSD
+++ /dev/null
@@ -1,59 +0,0 @@
-
-To build a kernel for use with the loadable kernel module, follow these
-steps:
-	1. do "make netbsd"
-
-	2. do "make install-bsd"
-	   (probably has to be done as root)
-
-	3(a) NetBSD systems prior to 1.2:
-		run "NetBSD/minstall" as root
-	3(b) NetBSD 1.2 systems or later:
-		run "NetBSD-1.2/minstall" as root
-
-	4. build a new kernel
-
-	5. install and reboot with the new kernel
-
-	6. use modload(8) to load the packet filter with:
-		modload if_ipl.o
-
-	7. do "modstat" to confirm that it has been loaded successfully.
-
-There is no need to use mknod to create the device in /dev;
-- upon loading the module, it will create itself with the correct values,
-  under the name (IPL_NAME) from the Makefile.  It will also remove itself
-  from /dev when it is modunload'd.
-
-To build a kernel with the IP filter, follow these steps:
-
-	1. do "make netbsd"
-
-	2. do "make install-bsd"
-	   (probably has to be done as root)
-
-	3(a) NetBSD systems prior to 1.2:
-		run "NetBSD/kinstall" as root
-	3(b) NetBSD 1.2 systems or later:
-		run "NetBSD-1.2/kinstall" as root
-	3(c) If conf.c fails on the 2nd hunk of the patch, you will have to
-	     manually apply the patch.
-
-	4. build a new kernel
-
-	5. Create device files.  For NetBSD-1.2 (or later), use 49 as the
-	   major number. For NetBSD-1.1 or earlier, use 59.  Run these
-	   commands as root, substituting <major> for the appropriate number:
-
-		mknod /dev/ipl c <major> 0
-		mknod /dev/ipnat c <major> 1
-		mknod /dev/ipstate c <major> 2
-		mknod /dev/ipauth c <major> 3
-
-	   ** NOTE: both the numbers 49 and 59 should be substituted with
-		    whatever number you inserted it into conf.c as.
-
-	6. install and reboot with the new kernel
-
-Darren Reed
-darrenr@pobox.com
diff --git a/contrib/ipfilter/INSTALL.Sol2 b/contrib/ipfilter/INSTALL.Sol2
deleted file mode 100644
index 5ba84b931985..000000000000
--- a/contrib/ipfilter/INSTALL.Sol2
+++ /dev/null
@@ -1,28 +0,0 @@
-
-For those running Solaris 2.5 or later, please read COMPILE.2.5 before
-building IP Filter.
-
-Type "make solaris" to build all the required binaries.  DO NOT USE THE
-GNU make!!!
-
-Once IP Filter has been successfully compiled, you may then install it using
-the usual package method (using pkgadd), however, the package needs to be
-created, prior to pkgadd'ing.  To create the package in /var/spool/pkg, change
-directory to SunOS5 and enter the following command:
-
-make package
-
-This will build the package into SunOS5/<arch>/root, copy that to
-/var/spool/pkg as a package and then start the installation using
-pkgadd.
-
-As part of the postinstall script, it will install loadable kernel module
-as part of Solaris 2 (using add_drv) making it available for immeadiate use.
-
-IP Filter will be installed into /opt/CYBSipf (programs, manual pages and
-examples) and create a directory /etc/opt/CYBSipf with a null body file
-called "ipf.conf" using touch.  The rc scripts have been written to look
-for the configuration file here, using the installed binaries in /sbin.
-
-Darren Reed
-darrenr@pobox.com
diff --git a/contrib/ipfilter/INSTALL.SunOS b/contrib/ipfilter/INSTALL.SunOS
deleted file mode 100644
index 0d4dd8c5e07a..000000000000
--- a/contrib/ipfilter/INSTALL.SunOS
+++ /dev/null
@@ -1,40 +0,0 @@
-
-To install as a Loadable Kernel Module (LKM):
-
-	1. do a "make solaris" in this directory
-
-	2. Run the script "SunOS4/minstall" as root.
-
-	3. change directory to SunOS4 and run "make install"
-
-	4. Reboot using the new kernel
-
-	5. use modload(8) to load the packet filter with:
-		modload if_ipl.o
-
-	6. do "modstat" to confirm that it has been loaded successfully.
-
-	There is no need to use mknod to create the device in /dev;
-	- upon loading the module, it will create itself with the correct
-	  values, under the name (IPL_NAME) from the Makefile.  It will
-	  also remove itself from /dev when it is modunload'd.
-
-
-To install as part of a SunOS 4.1.x kernel:
-
-	1. do a "make solaris" in this directory
-
-	2. Run the script "SunOS4/kinstall" as root.
-		NOTE: This script sets up /dev/ipl as char. device 59,0
-			in /sys/sun/conf.c
-
-	3. Run the following commands as root:
-		mknod /dev/ipl c 59 0
-		mknod /dev/ipnat c 59 1
-		mknod /dev/ipstate c 59 2
-		mknod /dev/ipauth c 59 3
-
-	4. Reboot using the new kernel
-
-Darren Reed
-darrenr@pobox.com
diff --git a/contrib/ipfilter/LICENCE b/contrib/ipfilter/LICENCE
deleted file mode 100644
index f4cc8ee76bfa..000000000000
--- a/contrib/ipfilter/LICENCE
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
- * Copyright (C) 1993-2000 by Darren Reed.
- *
- * The author accepts no responsibility for the use of this software and
- * provides it on an ``as is'' basis without express or implied warranty.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * I hate legaleese, don't you ?
- */
diff --git a/contrib/ipfilter/buildlinux b/contrib/ipfilter/buildlinux
deleted file mode 100755
index 7ce043fc6e6a..000000000000
--- a/contrib/ipfilter/buildlinux
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-LINUX=`uname -r | perl -e '$_=<>;@F=split(/\./);printf "%02d%02d\n",$F[0],$F[1];';`
-
-case ${LINUX} in
-	0200)
-		make linuxrev "LINUXK=-DLINUX=${LINUX}"
-		;;
-	0201)
-		make linuxrev "LINUXK=-DLINUX=${LINUX}"
-		;;
-	*)
-		echo "invalid linux version $LINUX"
-		exit 1;
-		;;
-esac
-exit 0
diff --git a/contrib/ipfilter/buildsunos b/contrib/ipfilter/buildsunos
deleted file mode 100755
index fa2474e8b356..000000000000
--- a/contrib/ipfilter/buildsunos
+++ /dev/null
@@ -1,49 +0,0 @@
-#! /bin/sh
-if [ ! -f netinet/done ] ; then
-	echo "Do NOT run this script directly, do 'make solaris'!"
-	exit 1
-fi
-# $Id: buildsunos,v 2.1.2.1 1999/08/08 13:55:20 darrenr Exp $
-:
-rev=`uname -r | sed -e 's/^\([^\.]*\)\..*/\1/'`
-if [ -d /usr/ccs/bin ] ; then
-	PATH=/usr/ccs/bin:${PATH}
-fi
-if [ $rev = 5 ] ; then
-	cpu=`uname -p`
-	cpudir=${cpu}-`uname -r`
-	solrev=`uname -r | sh -c 'IFS=. read j n x; echo $n'`
-	if [ ! -d SunOS5/${cpudir} -a ! -h  SunOS5/${cpudir} ] ; then
-		mkdir -p SunOS5/${cpudir}
-	fi
-	/bin/rm -f SunOS5/${cpudir}/Makefile
-	/bin/rm -f SunOS5/${cpudir}/Makefile.ipsend
-	ln -s `pwd`/SunOS5/Makefile SunOS5/${cpudir}/Makefile
-	ln -s `pwd`/SunOS5/Makefile.ipsend SunOS5/${cpudir}/Makefile.ipsend
-	ARCHINC=
-	XARCH=
-	if [ -d /opt/SUNWspro/bin ] ; then
-		CC="/opt/SUNWspro/bin/cc  ${CFL}"
-		export CC
-		/bin/optisa sparcv9 >/dev/null 2>&1
-		if [ $? -eq 0 ] ; then
-			ARCHINC="-I/usr/include/v9"
-			XARCH="-xarch=v9 -xchip=ultra -dalign -xcode=abs32"
-		fi
-	else
-		CC=gcc
-	fi
-else
-	cpu=`uname -m`
-	cpudir=${cpu}-`uname -r`
-fi
-if [ $cpu = i386 ] ; then
-	make ${1+"$@"} sunos5x86 SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC"
-	exit $?
-fi
-if [ x$solrev = x ] ; then
-	make ${1+"$@"} sunos$rev "ARCH=`uname -m`"
-	exit $?
-fi
-make ${1+"$@"} sunos$rev SOLARIS2="-DSOLARIS2=$solrev" CPU= CPUDIR=${cpudir} CC="$CC $XARCH" XARCH="$XARCH" ARCHINC="$ARCHINC"
-exit $?
diff --git a/contrib/ipfilter/etc/etc.sed b/contrib/ipfilter/etc/etc.sed
deleted file mode 100644
index b14fc74851d7..000000000000
--- a/contrib/ipfilter/etc/etc.sed
+++ /dev/null
@@ -1,2 +0,0 @@
-	Æ
.	Ä..'!CVS
-	protocols
diff --git a/contrib/ipfilter/ipl_ldev.c b/contrib/ipfilter/ipl_ldev.c
deleted file mode 100644
index a2893257e72e..000000000000
--- a/contrib/ipfilter/ipl_ldev.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * (C)opyright 1993,1994,1995 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
- */
-
-/*
- * routines below for saving IP headers to buffer
- */
-int iplopen(struct inode * inode, struct file * filp)
-{
-	u_int	min = MINOR(inode->i_rdev);
-
-	if (flags & FWRITE)
-		return ENXIO;
-	if (min)
-		return ENXIO;
-	iplbusy++;
-	return 0;
-}
-
-
-int iplclose(struct inode * inode, struct file * filp)
-{
-	u_int	min = MINOR(inode->i_rdev);
-
-	if (min)
-		return ENXIO;
-	iplbusy--;
-	return 0;
-}
-
-
-/*
- * iplread/ipllog
- * all three of these must operate with at least splnet() lest they be
- * called during packet processing and cause an inconsistancy to appear in
- * the filter lists.
- */
-int iplread(struct inode *inode, struct file *file, char *buf, int count)
-{
-	register int	ret, s;
-	register size_t	sz, sx;
-	int error;
-
-	if (!uio->uio_resid)
-		return 0;
-	while (!iplused) {
-		error = SLEEP(iplbuf, "ipl sleep");
-		if (error)
-			return error;
-	}
-
-	SPLNET(s);
-
-	ret = sx = sz = MIN(count, iplused);
-	if (iplh < iplt)
-		sz = MIN(sz, LOGSIZE - (iplt - iplbuf));
-	sx -= sz;
-
-	memcpy_tofs(buf, iplt, sz);
-	buf += sz;
-	iplt += sz;
-	iplused -= sz;
-	if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
-		iplt = iplbuf;
-
-	if (sx) {
-		memcpy_tofs(buf, iplt, sx);
-		ret += sx;
-		iplt += sx;
-		iplused -= sx;
-		if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
-			iplt = iplbuf;
-	}
-	if (!iplused)	/* minimise wrapping around the end */
-		iplh = iplt = iplbuf;
-
-	SPLX(s);
-	return ret;
-}
diff --git a/contrib/ipfilter/ipsd/ip_compat.h b/contrib/ipfilter/ipsd/ip_compat.h
deleted file mode 100644
index a911fd83c3f3..000000000000
--- a/contrib/ipfilter/ipsd/ip_compat.h
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * (C)opyright 1995 by Darren Reed.
- *
- * This code may be freely distributed as long as it retains this notice
- * and is not changed in any way.  The author accepts no responsibility
- * for the use of this software.  I hate legaleese, don't you ?
- *
- * @(#)ip_compat.h	1.1 9/14/95
- */
-
-/*
- * These #ifdef's are here mainly for linux, but who knows, they may
- * not be in other places or maybe one day linux will grow up and some
- * of these will turn up there too.
- */
-#ifndef	ICMP_UNREACH
-# define	ICMP_UNREACH	ICMP_DEST_UNREACH
-#endif
-#ifndef	ICMP_SOURCEQUENCH
-# define	ICMP_SOURCEQUENCH	ICMP_SOURCE_QUENCH
-#endif
-#ifndef	ICMP_TIMXCEED
-# define	ICMP_TIMXCEED	ICMP_TIME_EXCEEDED
-#endif
-#ifndef	ICMP_PARAMPROB
-# define	ICMP_PARAMPROB	ICMP_PARAMETERPROB
-#endif
-#ifndef	IPVERSION
-# define	IPVERSION	4
-#endif
-#ifndef	IPOPT_MINOFF
-# define	IPOPT_MINOFF	4
-#endif
-#ifndef	IPOPT_COPIED
-# define	IPOPT_COPIED(x)	((x)&0x80)
-#endif
-#ifndef	IPOPT_EOL
-# define	IPOPT_EOL	0
-#endif
-#ifndef	IPOPT_NOP
-# define	IPOPT_NOP	1
-#endif
-#ifndef	IP_MF
-# define	IP_MF	((u_short)0x2000)
-#endif
-#ifndef	ETHERTYPE_IP
-# define	ETHERTYPE_IP	((u_short)0x0800)
-#endif
-#ifndef	TH_FIN
-# define	TH_FIN	0x01
-#endif
-#ifndef	TH_SYN
-# define	TH_SYN	0x02
-#endif
-#ifndef	TH_RST
-# define	TH_RST	0x04
-#endif
-#ifndef	TH_PUSH
-# define	TH_PUSH	0x08
-#endif
-#ifndef	TH_ACK
-# define	TH_ACK	0x10
-#endif
-#ifndef	TH_URG
-# define	TH_URG	0x20
-#endif
-#ifndef	IPOPT_EOL
-# define	IPOPT_EOL	0
-#endif
-#ifndef	IPOPT_NOP
-# define	IPOPT_NOP	1
-#endif
-#ifndef	IPOPT_RR
-# define	IPOPT_RR	7
-#endif
-#ifndef	IPOPT_TS
-# define	IPOPT_TS	68
-#endif
-#ifndef	IPOPT_SECURITY
-# define	IPOPT_SECURITY	130
-#endif
-#ifndef	IPOPT_LSRR
-# define	IPOPT_LSRR	131
-#endif
-#ifndef	IPOPT_SATID
-# define	IPOPT_SATID	136
-#endif
-#ifndef	IPOPT_SSRR
-# define	IPOPT_SSRR	137
-#endif
-#ifndef	IPOPT_SECUR_UNCLASS
-# define	IPOPT_SECUR_UNCLASS	((u_short)0x0000)
-#endif
-#ifndef	IPOPT_SECUR_CONFID
-# define	IPOPT_SECUR_CONFID	((u_short)0xf135)
-#endif
-#ifndef	IPOPT_SECUR_EFTO
-# define	IPOPT_SECUR_EFTO	((u_short)0x789a)
-#endif
-#ifndef	IPOPT_SECUR_MMMM
-# define	IPOPT_SECUR_MMMM	((u_short)0xbc4d)
-#endif
-#ifndef	IPOPT_SECUR_RESTR
-# define	IPOPT_SECUR_RESTR	((u_short)0xaf13)
-#endif
-#ifndef	IPOPT_SECUR_SECRET
-# define	IPOPT_SECUR_SECRET	((u_short)0xd788)
-#endif
-#ifndef IPOPT_SECUR_TOPSECRET
-# define	IPOPT_SECUR_TOPSECRET	((u_short)0x6bc5)
-#endif
-
-#ifdef linux
-# define	icmp	icmphdr
-# define	icmp_type	type
-# define	icmp_code	code
-
-/*
- * From /usr/include/netinet/ip_var.h
- * !%@#!$@# linux...
- */
-struct ipovly {
-	caddr_t	ih_next, ih_prev;	/* for protocol sequence q's */
-	u_char	ih_x1;			/* (unused) */
-	u_char	ih_pr;			/* protocol */
-	short	ih_len;			/* protocol length */
-	struct	in_addr ih_src;		/* source internet address */
-	struct	in_addr ih_dst;		/* destination internet address */
-};
-
-typedef	struct	{
-	__u16	th_sport;
-	__u16	th_dport;
-	__u32	th_seq;
-	__u32	th_ack;
-# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
-    defined(vax)
-	__u8	th_res:4;
-	__u8	th_off:4;
-#else
-	__u8	th_off:4;
-	__u8	th_res:4;
-#endif
-	__u8	th_flags;
-	__u16	th_win;
-	__u16	th_sum;
-	__u16	th_urp;
-} tcphdr_t;
-
-typedef	struct	{
-	__u16	uh_sport;
-	__u16	uh_dport;
-	__s16	uh_ulen;
-	__u16	uh_sum;
-} udphdr_t;
-
-typedef	struct	{
-# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
-    defined(vax)
-	__u8	ip_hl:4;
-	__u8	ip_v:4;
-# else
-	__u8	ip_hl:4;
-	__u8	ip_v:4;
-# endif
-	__u8	ip_tos;
-	__u16	ip_len;
-	__u16	ip_id;
-	__u16	ip_off;
-	__u8	ip_ttl;
-	__u8	ip_p;
-	__u16	ip_sum;
-	struct	in_addr	ip_src;
-	struct	in_addr	ip_dst;
-} ip_t;
-
-typedef	struct	{
-	__u8	ether_dhost[6];
-	__u8	ether_shost[6];
-	__u16	ether_type;
-} ether_header_t;
-
-# define	bcopy(a,b,c)	memmove(b,a,c)
-# define	bcmp(a,b,c)	memcmp(a,b,c)
-
-# define	ifnet	device
-
-#else
-
-typedef	struct	udphdr	udphdr_t;
-typedef	struct	tcphdr	tcphdr_t;
-typedef	struct	ip	ip_t;
-typedef	struct	ether_header	ether_header_t;
-
-#endif
-
-#ifdef	solaris
-# define	bcopy(a,b,c)	memmove(b,a,c)
-# define	bcmp(a,b,c)	memcmp(a,b,c)
-# define	bzero(a,b)	memset(a,0,b)
-#endif
diff --git a/contrib/ipfilter/ipsd/ipsd.sed b/contrib/ipfilter/ipsd/ipsd.sed
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/contrib/ipfilter/ipsd/ipsd.sed
+++ /dev/null
diff --git a/contrib/ipfilter/ipsend/ip_compat.h b/contrib/ipfilter/ipsend/ip_compat.h
deleted file mode 100644
index c38fa59ed3c7..000000000000
--- a/contrib/ipfilter/ipsend/ip_compat.h
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * (C)opyright 1995 by Darren Reed.
- *
- * This code may be freely distributed as long as it retains this notice
- * and is not changed in any way.  The author accepts no responsibility
- * for the use of this software.  I hate legaleese, don't you ?
- *
- * @(#)ip_compat.h	1.2 12/7/95
- */
-
-/*
- * These #ifdef's are here mainly for linux, but who knows, they may
- * not be in other places or maybe one day linux will grow up and some
- * of these will turn up there too.
- */
-#ifndef	ICMP_UNREACH
-# define	ICMP_UNREACH	ICMP_DEST_UNREACH
-#endif
-#ifndef	ICMP_SOURCEQUENCH
-# define	ICMP_SOURCEQUENCH	ICMP_SOURCE_QUENCH
-#endif
-#ifndef	ICMP_TIMXCEED
-# define	ICMP_TIMXCEED	ICMP_TIME_EXCEEDED
-#endif
-#ifndef	ICMP_PARAMPROB
-# define	ICMP_PARAMPROB	ICMP_PARAMETERPROB
-#endif
-#ifndef	IPVERSION
-# define	IPVERSION	4
-#endif
-#ifndef	IPOPT_MINOFF
-# define	IPOPT_MINOFF	4
-#endif
-#ifndef	IPOPT_COPIED
-# define	IPOPT_COPIED(x)	((x)&0x80)
-#endif
-#ifndef	IPOPT_EOL
-# define	IPOPT_EOL	0
-#endif
-#ifndef	IPOPT_NOP
-# define	IPOPT_NOP	1
-#endif
-#ifndef	IP_MF
-# define	IP_MF	((u_short)0x2000)
-#endif
-#ifndef	ETHERTYPE_IP
-# define	ETHERTYPE_IP	((u_short)0x0800)
-#endif
-#ifndef	TH_FIN
-# define	TH_FIN	0x01
-#endif
-#ifndef	TH_SYN
-# define	TH_SYN	0x02
-#endif
-#ifndef	TH_RST
-# define	TH_RST	0x04
-#endif
-#ifndef	TH_PUSH
-# define	TH_PUSH	0x08
-#endif
-#ifndef	TH_ACK
-# define	TH_ACK	0x10
-#endif
-#ifndef	TH_URG
-# define	TH_URG	0x20
-#endif
-#ifndef	IPOPT_EOL
-# define	IPOPT_EOL	0
-#endif
-#ifndef	IPOPT_NOP
-# define	IPOPT_NOP	1
-#endif
-#ifndef	IPOPT_RR
-# define	IPOPT_RR	7
-#endif
-#ifndef	IPOPT_TS
-# define	IPOPT_TS	68
-#endif
-#ifndef	IPOPT_SECURITY
-# define	IPOPT_SECURITY	130
-#endif
-#ifndef	IPOPT_LSRR
-# define	IPOPT_LSRR	131
-#endif
-#ifndef	IPOPT_SATID
-# define	IPOPT_SATID	136
-#endif
-#ifndef	IPOPT_SSRR
-# define	IPOPT_SSRR	137
-#endif
-#ifndef	IPOPT_SECUR_UNCLASS
-# define	IPOPT_SECUR_UNCLASS	((u_short)0x0000)
-#endif
-#ifndef	IPOPT_SECUR_CONFID
-# define	IPOPT_SECUR_CONFID	((u_short)0xf135)
-#endif
-#ifndef	IPOPT_SECUR_EFTO
-# define	IPOPT_SECUR_EFTO	((u_short)0x789a)
-#endif
-#ifndef	IPOPT_SECUR_MMMM
-# define	IPOPT_SECUR_MMMM	((u_short)0xbc4d)
-#endif
-#ifndef	IPOPT_SECUR_RESTR
-# define	IPOPT_SECUR_RESTR	((u_short)0xaf13)
-#endif
-#ifndef	IPOPT_SECUR_SECRET
-# define	IPOPT_SECUR_SECRET	((u_short)0xd788)
-#endif
-#ifndef IPOPT_SECUR_TOPSECRET
-# define	IPOPT_SECUR_TOPSECRET	((u_short)0x6bc5)
-#endif
-
-#ifdef linux
-# if LINUX < 0200
-#  define	icmp	icmphdr
-#  define	icmp_type	type
-#  define	icmp_code	code
-# endif
-
-/*
- * From /usr/include/netinet/ip_var.h
- * !%@#!$@# linux...
- */
-struct ipovly {
-	caddr_t	ih_next, ih_prev;	/* for protocol sequence q's */
-	u_char	ih_x1;			/* (unused) */
-	u_char	ih_pr;			/* protocol */
-	short	ih_len;			/* protocol length */
-	struct	in_addr ih_src;		/* source internet address */
-	struct	in_addr ih_dst;		/* destination internet address */
-};
-
-typedef	struct	{
-	__u16	th_sport;
-	__u16	th_dport;
-	__u32	th_seq;
-	__u32	th_ack;
-# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
-    defined(vax)
-	__u8	th_res:4;
-	__u8	th_off:4;
-#else
-	__u8	th_off:4;
-	__u8	th_res:4;
-#endif
-	__u8	th_flags;
-	__u16	th_win;
-	__u16	th_sum;
-	__u16	th_urp;
-} tcphdr_t;
-
-typedef	struct	{
-	__u16	uh_sport;
-	__u16	uh_dport;
-	__s16	uh_ulen;
-	__u16	uh_sum;
-} udphdr_t;
-
-typedef	struct	{
-# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
-    defined(vax)
-	__u8	ip_hl:4;
-	__u8	ip_v:4;
-# else
-	__u8	ip_hl:4;
-	__u8	ip_v:4;
-# endif
-	__u8	ip_tos;
-	__u16	ip_len;
-	__u16	ip_id;
-	__u16	ip_off;
-	__u8	ip_ttl;
-	__u8	ip_p;
-	__u16	ip_sum;
-	struct	in_addr	ip_src;
-	struct	in_addr	ip_dst;
-} ip_t;
-
-typedef	struct	{
-	__u8	ether_dhost[6];
-	__u8	ether_shost[6];
-	__u16	ether_type;
-} ether_header_t;
-
-typedef struct icmp {
-	u_char	icmp_type;		/* type of message, see below */
-	u_char	icmp_code;		/* type sub code */
-	u_short	icmp_cksum;		/* ones complement cksum of struct */
-	union {
-		u_char ih_pptr;			/* ICMP_PARAMPROB */
-		struct in_addr ih_gwaddr;	/* ICMP_REDIRECT */
-		struct ih_idseq {
-			n_short	icd_id;
-			n_short	icd_seq;
-		} ih_idseq;
-		int ih_void;
-	} icmp_hun;
-#define	icmp_pptr	icmp_hun.ih_pptr
-#define	icmp_gwaddr	icmp_hun.ih_gwaddr
-#define	icmp_id		icmp_hun.ih_idseq.icd_id
-#define	icmp_seq	icmp_hun.ih_idseq.icd_seq
-#define	icmp_void	icmp_hun.ih_void
-	union {
-		struct id_ts {
-			n_time its_otime;
-			n_time its_rtime;
-			n_time its_ttime;
-		} id_ts;
-		struct id_ip  {
-			ip_t idi_ip;
-			/* options and then 64 bits of data */
-		} id_ip;
-		u_long	id_mask;
-		char	id_data[1];
-	} icmp_dun;
-#define	icmp_otime	icmp_dun.id_ts.its_otime
-#define	icmp_rtime	icmp_dun.id_ts.its_rtime
-#define	icmp_ttime	icmp_dun.id_ts.its_ttime
-#define	icmp_ip		icmp_dun.id_ip.idi_ip
-#define	icmp_mask	icmp_dun.id_mask
-#define	icmp_data	icmp_dun.id_data
-} icmphdr_t;
-
-# define	bcopy(a,b,c)	memmove(b,a,c)
-# define	bcmp(a,b,c)	memcmp(a,b,c)
-
-# define	ifnet	device
-
-#else
-
-typedef	struct	udphdr	udphdr_t;
-typedef	struct	tcphdr	tcphdr_t;
-typedef	struct	ip	ip_t;
-typedef	struct	ether_header	ether_header_t;
-
-#endif
-
-#if defined(__SVR4) || defined(__svr4__)
-# define	bcopy(a,b,c)	memmove(b,a,c)
-# define	bcmp(a,b,c)	memcmp(a,b,c)
-# define	bzero(a,b)	memset(a,0,b)
-#endif
diff --git a/contrib/ipfilter/ipsend/ipsend.sed b/contrib/ipfilter/ipsend/ipsend.sed
deleted file mode 100644
index 774c0e24e3df..000000000000
--- a/contrib/ipfilter/ipsend/ipsend.sed
+++ /dev/null
@@ -1,3 +0,0 @@
-0Æ
.	Ä,..+CVS0Í
-.cvsignore0Î44arp.c0Ï	Crashable0ÐMakefile0Ñarp.c0Ò
-dlcommon.c0Ódltest.h0Ôin_var.h0Õip.c0Öip_compat.h0×ip_var.h0Ø
diff --git a/contrib/ipfilter/linux.h b/contrib/ipfilter/linux.h
deleted file mode 100644
index 61fd821c2adb..000000000000
--- a/contrib/ipfilter/linux.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright (C) 1993-1998 by Darren Reed.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.  The author accepts no
- * responsibility and is not changed in any way.
- *
- * I hate legaleese, don't you ?
- * $Id: linux.h,v 2.1 1999/08/04 17:30:10 darrenr Exp $
- */
-
-#include <linux/config.h>
-#ifdef MODULE
-#include <linux/module.h>
-#include <linux/version.h>
-#endif /* MODULE */
-
-#include "ip_compat.h"
diff --git a/contrib/ipfilter/man/ipf.1 b/contrib/ipfilter/man/ipf.1
deleted file mode 100644
index 5ea06fa74c35..000000000000
--- a/contrib/ipfilter/man/ipf.1
+++ /dev/null
@@ -1,109 +0,0 @@
-.TH IPF 1
-.SH NAME
-ipf \- alters packet filtering lists for IP packet input and ouput
-.SH SYNOPSIS
-.B ipf
-[
-.B \-AdDEInorsUvyzZ
-] [
-.B \-l
-<block|pass|nomatch>
-] [
-.B \-F
-<i|o|a>
-]
-.B \-f
-<\fIfilename\fP>
-[
-.B \-f
-<\fIfilename\fP>
-[...]]
-.SH DESCRIPTION
-.PP
-\fBipf\fP opens the filenames listed (treating "\-" as stdin) and parses the
-file for a set of rules which are to be added or removed from the packet
-filter rule set.
-.PP
-Each rule processed by \fBipf\fP
-is added to the kernel's internal lists if there are no parsing problems.
-Rules are added to the end of the internal lists, matching the order in
-which they appear when given to \fBipf\fP.
-.SH OPTIONS
-.TP
-.B \-A
-Set the list to make changes to the active list (default).
-.TP
-.B \-d
-Turn debug mode on.  Causes a hexdump of filter rules to be generated as
-it processes each one.
-.TP
-.B \-D
-Disable the filter (if enabled).  Not effective for loadable kernel versions.
-.TP
-.B \-E
-Enable the filter (if disabled).  Not effective for loadable kernel versions.
-.TP
-.BR \-F \0<param>
-This option specifies which filter list to flush.  The parameter should
-either be "i" (input), "o" (output) or "a" (remove all filter rules).
-Either a single letter or an entire word starting with the appropriate
-letter maybe used.  This option maybe before, or after, any other with
-the order on the command line being that used to execute options.
-.TP
-.BR \-f \0<filename>
-This option specifies which files
-\fBipf\fP should use to get input from for modifying the packet filter rule
-lists.
-.TP
-.B \-I
-Set the list to make changes to the inactive list.
-.TP
-.B \-l \0<param>
-Use of the \fB-l\fP flag toggles default logging of packets.  Valid
-arguments to this option are \fBpass\fP, \fBblock\fP and \fBnomatch\fP.
-When an option is set, any packet which exits filtering and matches the
-set category is logged.  This is most useful for causing all packets
-which don't match any of the loaded rules to be logged.
-.TP
-.B \-n
-This flag (no-change) prevents \fBipf\fP from actually making any ioctl
-calls or doing anything which would alter the currently running kernel.
-.TP
-.B \-o
-Force rules by default to be added/deleted to/from the output list, rather
-than the (default) input list.
-.TP
-.B \-r
-Remove matching filter rules rather than add them to the internal lists
-.TP
-.B \-s
-Swap the active filter list in use to be the "other" one.
-.TP
-.B \-U
-(SOLARIS 2 ONLY) Block packets travelling along the data stream which aren't
-recognised as IP packets.  They will be printed out on the console.
-.TP
-.B \-v
-Turn verbose mode on.  Displays information relating to rule processing.
-.TP
-.B \-y
-(SOLARIS 2 ONLY) Manually resync the in-kernel interface list maintained
-by IP Filter with the current interface status list.
-.TP
-.B \-z
-For each rule in the input file, reset the statistics for it to zero and
-display the statistics prior to them being zero'd.
-.TP
-.B \-Z
-Zero global statistics held in the kernel for filtering only (this doesn't
-affect fragment or state statistics).
-.DT
-.SH SEE ALSO
-ipfstat(1), ipftest(1), ipf(5), mkfilters(1)
-.SH DIAGNOSTICS
-.PP
-Needs to be run as root for the packet filtering lists to actually
-be affected inside the kernel.
-.SH BUGS
-.PP
-If you find any, please send email to me at darrenr@cyber.com.au
diff --git a/contrib/ipfilter/man/ipnat.1 b/contrib/ipfilter/man/ipnat.1
deleted file mode 100644
index f24141546171..000000000000
--- a/contrib/ipfilter/man/ipnat.1
+++ /dev/null
@@ -1,48 +0,0 @@
-.TH IPNAT 1
-.SH NAME
-ipnat \- user interface to the NAT
-.SH SYNOPSIS
-.B ipnat
-[
-.B \-lnrsvCF
-]
-.B \-f <\fIfilename\fP>
-.SH DESCRIPTION
-.PP
-\fBipnat\fP opens the filename given (treating "\-" as stdin) and parses the
-file for a set of rules which are to be added or removed from the IP NAT.
-.PP
-Each rule processed by \fBipnat\fP
-is added to the kernels internal lists if there are no parsing problems.
-Rules are added to the end of the internal lists, matching the order in
-which they appear when given to \fBipnat\fP.
-.SH OPTIONS
-.TP
-.B \-C
-delete all entries in the current NAT rule listing (NAT rules)
-.TP
-.B \-F
-delete all active entries in the current NAT translation table (currently
-active NAT mappings)
-.TP
-.B \-l
-Show the list of current NAT table entry mappings.
-.TP
-.B \-n
-This flag (no-change) prevents \fBipf\fP from actually making any ioctl
-calls or doing anything which would alter the currently running kernel.
-.TP
-.B \-s
-Retrieve and display NAT statistics
-.TP
-.B \-r
-Remove matching NAT rules rather than add them to the internal lists
-.TP
-.B \-v
-Turn verbose mode on.  Displays information relating to rule processing
-and active rules/table entries.
-.DT
-.SH FILES
-/dev/ipnat
-.SH SEE ALSO
-ipnat(5), ipf(8), ipfstat(8)
diff --git a/contrib/ipfilter/man/man.sed b/contrib/ipfilter/man/man.sed
deleted file mode 100644
index 0be8dab0dc7b..000000000000
--- a/contrib/ipfilter/man/man.sed
+++ /dev/null
@@ -1 +0,0 @@
-DF
.	Ä..–CVSD~MakefileDipf.1D€ipf.4D�ipf.5D‚
diff --git a/contrib/ipfilter/opt_inet6.h b/contrib/ipfilter/opt_inet6.h
deleted file mode 100644
index 43e7657e1ae3..000000000000
--- a/contrib/ipfilter/opt_inet6.h
+++ /dev/null
@@ -1 +0,0 @@
-#define INET6
diff --git a/contrib/ipfilter/rules/rules.sed b/contrib/ipfilter/rules/rules.sed
deleted file mode 100644
index 050d9b6ab710..000000000000
--- a/contrib/ipfilter/rules/rules.sed
+++ /dev/null
@@ -1,5 +0,0 @@
-WÆ
.	Ä..'&CVSWÜ	example.1WÝ
-example.10WÞ
-example.11Wß
-example.12Wà
-example.13Wá	example.2Wâ	example.3Wã	example.4Wä	example.5Wå	example.6Wæ	example.7Wç	example.8Wè	example.9Wé
diff --git a/contrib/ipfilter/solaris.c b/contrib/ipfilter/solaris.c
deleted file mode 100644
index aa139d3b042a..000000000000
--- a/contrib/ipfilter/solaris.c
+++ /dev/null
@@ -1,2131 +0,0 @@
-/*
- * Copyright (C) 1993-2002 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-/* #pragma ident   "@(#)solaris.c	1.12 6/5/96 (C) 1995 Darren Reed"*/
-#pragma ident "@(#)$Id: solaris.c,v 2.15.2.30 2002/04/23 14:57:51 darrenr Exp $"
-
-#include <sys/systm.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/uio.h>
-#include <sys/buf.h>
-#include <sys/modctl.h>
-#include <sys/open.h>
-#include <sys/kmem.h>
-#include <sys/conf.h>
-#include <sys/cmn_err.h>
-#include <sys/stat.h>
-#include <sys/cred.h>
-#include <sys/dditypes.h>
-#include <sys/stream.h>
-#include <sys/poll.h>
-#include <sys/autoconf.h>
-#include <sys/byteorder.h>
-#include <sys/socket.h>
-#include <sys/dlpi.h>
-#include <sys/stropts.h>
-#include <sys/sockio.h>
-#include <net/if.h>
-#if SOLARIS2 >= 6
-# include <net/if_types.h>
-#endif
-#include <net/af.h>
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/if_ether.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/tcpip.h>
-#include <netinet/ip_icmp.h>
-#include <sys/ddi.h>
-#include <sys/sunddi.h>
-#include "ip_compat.h"
-#include "ipl.h"
-#include "ip_fil.h"
-#include "ip_nat.h"
-#include "ip_state.h"
-
-
-char	_depends_on[] = "drv/ip";
-
-
-void	solipdrvattach __P((void));
-int	solipdrvdetach __P((void));
-
-void	solattach __P((void));
-int	soldetach __P((void));
-
-extern	struct	filterstats	frstats[];
-extern	KRWLOCK_T	ipf_mutex, ipfs_mutex, ipf_nat, ipf_solaris;
-extern	kmutex_t	ipf_rw;
-extern	int	fr_running;
-extern	int	fr_flags;
-
-extern ipnat_t *nat_list;
-
-static	qif_t	*qif_head = NULL;
-static	int	ipf_getinfo __P((dev_info_t *, ddi_info_cmd_t,
-				 void *, void **));
-static	int	ipf_probe __P((dev_info_t *));
-static	int	ipf_identify __P((dev_info_t *));
-static	int	ipf_attach __P((dev_info_t *, ddi_attach_cmd_t));
-static	int	ipf_detach __P((dev_info_t *, ddi_detach_cmd_t));
-static	qif_t	*qif_from_queue __P((queue_t *));
-static	void	fr_donotip __P((int, qif_t *, queue_t *, mblk_t *,
-				mblk_t *, ip_t *, size_t));
-static	char	*ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
-				    NULL };
-static	int	(*ipf_ip_inp) __P((queue_t *, mblk_t *)) = NULL;
-
-
-#if SOLARIS2 >= 7
-extern	void	ipfr_slowtimer __P((void *));
-timeout_id_t	ipfr_timer_id;
-static	timeout_id_t	synctimeoutid = 0;
-#else
-extern	void	ipfr_slowtimer __P((void));
-int	ipfr_timer_id;
-static	int	synctimeoutid = 0;
-#endif
-int	ipf_debug = 0;
-int	ipf_debug_verbose = 0;
-
-/* #undef	IPFDEBUG	1 */
-/* #undef	IPFDEBUG_VERBOSE	1 */
-#ifdef	IPFDEBUG
-void	printire __P((ire_t *));
-#endif
-#define	isdigit(x)	((x) >= '0' && (x) <= '9')
-
-static int	fr_precheck __P((mblk_t **, queue_t *, qif_t *, int));
-
-
-static struct cb_ops ipf_cb_ops = {
-	iplopen,
-	iplclose,
-	nodev,		/* strategy */
-	nodev,		/* print */
-	nodev,		/* dump */
-	iplread,
-	nodev,		/* write */
-	iplioctl,	/* ioctl */
-	nodev,		/* devmap */
-	nodev,		/* mmap */
-	nodev,		/* segmap */
-	nochpoll,	/* poll */
-	ddi_prop_op,
-	NULL,
-	D_MTSAFE,
-#if SOLARIS2 > 4
-	CB_REV,
-	nodev,		/* aread */
-	nodev,		/* awrite */
-#endif
-};
-
-static struct dev_ops ipf_ops = {
-	DEVO_REV,
-	0,
-	ipf_getinfo,
-	ipf_identify,
-	ipf_probe,
-	ipf_attach,
-	ipf_detach,
-	nodev,		/* reset */
-	&ipf_cb_ops,
-	(struct bus_ops *)0
-};
-
-extern struct mod_ops mod_driverops;
-static struct modldrv iplmod = {
-	&mod_driverops, IPL_VERSION, &ipf_ops };
-static struct modlinkage modlink1 = { MODREV_1, &iplmod, NULL };
-
-#if SOLARIS2 >= 6
-static	size_t	hdrsizes[57][2] = {
-	{ 0, 0 },
-	{ IFT_OTHER, 0 },
-	{ IFT_1822, 14 },	/* 14 for ire0 ?? */
-	{ IFT_HDH1822, 0 },
-	{ IFT_X25DDN, 0 },
-	{ IFT_X25, 0 },
-	{ IFT_ETHER, 14 },
-	{ IFT_ISO88023, 14 },
-	{ IFT_ISO88024, 0 },
-	{ IFT_ISO88025, 0 },
-	{ IFT_ISO88026, 0 },
-	{ IFT_STARLAN, 0 },
-	{ IFT_P10, 0 },
-	{ IFT_P80, 0 },
-	{ IFT_HY, 0 },
-	{ IFT_FDDI, 24 },
-	{ IFT_LAPB, 0 },
-	{ IFT_SDLC, 0 },
-	{ IFT_T1, 0 },
-	{ IFT_CEPT, 0 },
-	{ IFT_ISDNBASIC, 0 },
-	{ IFT_ISDNPRIMARY, 0 },
-	{ IFT_PTPSERIAL, 0 },
-	{ IFT_PPP, 0 },
-	{ IFT_LOOP, 0 },
-	{ IFT_EON, 0 },
-	{ IFT_XETHER, 0 },
-	{ IFT_NSIP, 0 },
-	{ IFT_SLIP, 0 },
-	{ IFT_ULTRA, 0 },
-	{ IFT_DS3, 0 },
-	{ IFT_SIP, 0 },
-	{ IFT_FRELAY, 0 },
-	{ IFT_RS232, 0 },
-	{ IFT_PARA, 0 },
-	{ IFT_ARCNET, 0 },
-	{ IFT_ARCNETPLUS, 0 },
-	{ IFT_ATM, 0 },
-	{ IFT_MIOX25, 0 },
-	{ IFT_SONET, 0 },
-	{ IFT_X25PLE, 0 },
-	{ IFT_ISO88022LLC, 0 },
-	{ IFT_LOCALTALK, 0 },
-	{ IFT_SMDSDXI, 0 },
-	{ IFT_FRELAYDCE, 0 },
-	{ IFT_V35, 0 },
-	{ IFT_HSSI, 0 },
-	{ IFT_HIPPI, 0 },
-	{ IFT_MODEM, 0 },
-	{ IFT_AAL5, 0 },
-	{ IFT_SONETPATH, 0 },
-	{ IFT_SONETVT, 0 },
-	{ IFT_SMDSICIP, 0 },
-	{ IFT_PROPVIRTUAL, 0 },
-	{ IFT_PROPMUX, 0 },
-};
-#endif /* SOLARIS2 >= 6 */
-
-static dev_info_t *ipf_dev_info = NULL;
-
-
-int _init()
-{
-	int ipfinst;
-
-	ipfinst = mod_install(&modlink1);
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: _init() = %d", ipfinst);
-#endif
-	return ipfinst;
-}
-
-
-int _fini(void)
-{
-	int ipfinst;
-
-	ipfinst = mod_remove(&modlink1);
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: _fini() = %d", ipfinst);
-#endif
-	return ipfinst;
-}
-
-
-int _info(modinfop)
-struct modinfo *modinfop;
-{
-	int ipfinst;
-
-	ipfinst = mod_info(&modlink1, modinfop);
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: _info(%x) = %x",
-			modinfop, ipfinst);
-#endif
-	if (fr_running > 0)
-		ipfsync();
-	return ipfinst;
-}
-
-
-static int ipf_probe(dip)
-dev_info_t *dip;
-{
-	if (fr_running < 0)
-		return DDI_PROBE_FAILURE;
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_probe(%x)", dip);
-#endif
-	return DDI_PROBE_SUCCESS;
-}
-
-
-static int ipf_identify(dip)
-dev_info_t *dip;
-{
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_identify(%x)", dip);
-#endif
-	if (strcmp(ddi_get_name(dip), "ipf") == 0)
-		return (DDI_IDENTIFIED);
-	return (DDI_NOT_IDENTIFIED);
-}
-
-
-static void ipf_ire_walk(ire, arg)
-ire_t *ire;
-void *arg;
-{
-	qif_t *qif = arg;
-
-	if ((ire->ire_type == IRE_CACHE) &&
-#if SOLARIS2 >= 6
-	    (ire->ire_ipif != NULL) &&
-	    (ire->ire_ipif->ipif_ill == qif->qf_ill)
-#else
-	    (ire_to_ill(ire) == qif->qf_ill)
-#endif
-	    ) {
-#if SOLARIS2 >= 8
-		mblk_t *m = ire->ire_fp_mp;
-#else
-		mblk_t *m = ire->ire_ll_hdr_mp;
-#endif
-		if (m != NULL)
-			qif->qf_hl = m->b_wptr - m->b_rptr;
-	}
-}
-
-
-static int ipf_attach(dip, cmd)
-dev_info_t *dip;
-ddi_attach_cmd_t cmd;
-{
-#ifdef	IPFDEBUG
-	int instance;
-
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_attach(%x,%x)", dip, cmd);
-#endif
-	switch (cmd) {
-	case DDI_ATTACH:
-		if (fr_running < 0)
-			break;
-#ifdef	IPFDEBUG
-		instance = ddi_get_instance(dip);
-
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: attach ipf instance %d", instance);
-#endif
-		if (ddi_create_minor_node(dip, "ipf", S_IFCHR, IPL_LOGIPF,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		if (ddi_create_minor_node(dip, "ipnat", S_IFCHR, IPL_LOGNAT,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		if (ddi_create_minor_node(dip, "ipstate", S_IFCHR,IPL_LOGSTATE,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		if (ddi_create_minor_node(dip, "ipauth", S_IFCHR, IPL_LOGAUTH,
-					  DDI_PSEUDO, 0) == DDI_FAILURE) {
-			ddi_remove_minor_node(dip, NULL);
-			goto attach_failed;
-		}
-		ipf_dev_info = dip;
-		sync();
-		/*
-		 * Initialize mutex's
-		 */
-		if (iplattach() == -1)
-			goto attach_failed;
-		/*
-		 * Lock people out while we set things up.
-		 */
-		WRITE_ENTER(&ipf_solaris);
-		solattach();
-		solipdrvattach();
-		RWLOCK_EXIT(&ipf_solaris);
-		cmn_err(CE_CONT, "%s, attaching complete.\n",
-			ipfilter_version);
-		sync();
-		if (fr_running == 0)
-			fr_running = 1;
-		if (ipfr_timer_id == 0)
-			ipfr_timer_id = timeout(ipfr_slowtimer, NULL,
-						drv_usectohz(500000));
-		if (fr_running == 1)
-			return DDI_SUCCESS;
-#if SOLARIS2 >= 8
-	case DDI_RESUME :
-	case DDI_PM_RESUME :
-		if (ipfr_timer_id == 0)
-			ipfr_timer_id = timeout(ipfr_slowtimer, NULL,
-						drv_usectohz(500000));
-		return DDI_SUCCESS;
-#endif
-	default:
-		return DDI_FAILURE;
-	}
-
-attach_failed:
-	cmn_err(CE_NOTE, "IP Filter: failed to attach\n");
-	/*
-	 * Use our own detach routine to toss
-	 * away any stuff we allocated above.
-	 */
-	(void) ipf_detach(dip, DDI_DETACH);
-	return DDI_FAILURE;
-}
-
-
-static int ipf_detach(dip, cmd)
-dev_info_t *dip;
-ddi_detach_cmd_t cmd;
-{
-	int i;
-
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_detach(%x,%x)", dip, cmd);
-#endif
-	switch (cmd) {
-	case DDI_DETACH:
-		if (fr_running <= 0)
-			break;
-		/*
-		 * Make sure we're the only one's modifying things.  With
-		 * this lock others should just fall out of the loop.
-		 */
-		mutex_enter(&ipf_rw);
-		if (ipfr_timer_id != 0) {
-			untimeout(ipfr_timer_id);
-			ipfr_timer_id = 0;
-		}
-		mutex_exit(&ipf_rw);
-		WRITE_ENTER(&ipf_solaris);
-		mutex_enter(&ipf_rw);
-		if (fr_running <= 0) {
-			mutex_exit(&ipf_rw);
-			return DDI_FAILURE;
-		}
-		fr_running = -1;
-		mutex_exit(&ipf_rw);
-		/* NOTE: ipf_solaris rwlock is released in ipldetach */
-
-		/*
-		 * Undo what we did in ipf_attach, freeing resources
-		 * and removing things we installed.  The system
-		 * framework guarantees we are not active with this devinfo
-		 * node in any other entry points at this time.
-		 */
-		ddi_prop_remove_all(dip);
-		i = ddi_get_instance(dip);
-		ddi_remove_minor_node(dip, NULL);
-		sync();
-		i = solipdrvdetach();
-		if (i > 0) {
-			cmn_err(CE_CONT, "IP Filter: still attached (%d)\n", i);
-			return DDI_FAILURE;
-		}
-		if (!soldetach()) {
-			cmn_err(CE_CONT, "%s detached\n", ipfilter_version);
-			return (DDI_SUCCESS);
-		}
-#if SOLARIS2 >= 8
-	case DDI_SUSPEND :
-	case DDI_PM_SUSPEND :
-		if (ipfr_timer_id != 0) {
-			untimeout(ipfr_timer_id);
-			ipfr_timer_id = 0;
-		}
-		if (synctimeoutid) {
-			untimeout(synctimeoutid);
-			synctimeoutid = 0;
-		}
-		return DDI_SUCCESS;
-#endif
-	default:
-		return (DDI_FAILURE);
-	}
-	return DDI_FAILURE;
-}
-
-
-static int ipf_getinfo(dip, infocmd, arg, result)
-dev_info_t *dip;
-ddi_info_cmd_t infocmd;
-void *arg, **result;
-{
-	int error;
-
-	if (fr_running <= 0)
-		return DDI_FAILURE;
-	error = DDI_FAILURE;
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: ipf_getinfo(%x,%x,%x)",
-			dip, infocmd, arg);
-#endif
-	switch (infocmd) {
-	case DDI_INFO_DEVT2DEVINFO:
-		*result = ipf_dev_info;
-		error = DDI_SUCCESS;
-		break;
-	case DDI_INFO_DEVT2INSTANCE:
-		*result = (void *)getminor((dev_t) arg);
-		error = DDI_SUCCESS;
-		break;
-	default:
-		break;
-	}
-	return (error);
-}
-
-/*
- * find the filter structure setup for this queue
- */
-static qif_t *qif_from_queue(q)
-queue_t *q;
-{
-	qif_t *qif;
-
-	for (qif = qif_head; qif; qif = qif->qf_next)
-		if ((qif->qf_iptr == q->q_ptr) || (qif->qf_optr == q->q_ptr))
-			break;
-	return qif;
-}
-
-
-/*
- * OK, this is pretty scrappy code, but then it's essentially just here for
- * debug purposes and that's it.  Packets should not normally come through
- * here, and if they do, well, we would like to see as much information as
- * possible about them and what they claim to hold.
- */
-void fr_donotip(out, qif, q, m, mt, ip, off)
-int out;
-qif_t *qif;
-queue_t *q;
-mblk_t *m, *mt;
-ip_t *ip;
-size_t off;
-{
-	u_char *s, outb[256], *t;
-	int i;
-
-	outb[0] = '\0';
-	outb[1] = '\0';
-	outb[2] = '\0';
-	outb[3] = '\0';
-	s = ip ? (u_char *)ip : outb;
-	if (!ip && (m == mt) && m->b_cont && (MTYPE(m) != M_DATA))
-		m = m->b_cont;
-
-	cmn_err(CE_CONT, " !IP %s:%d %d %p %p %p %d %p/%d %p/%d %p %d %d %p\n",
-		qif ? qif->qf_name : "?", out, qif ? qif->qf_hl : -1, q,
-		q ? q->q_ptr : NULL, q ? q->q_qinfo : NULL,
-		mt->b_wptr - mt->b_rptr, m, MTYPE(m), mt, MTYPE(mt), m->b_rptr,
-		m->b_wptr - m->b_rptr, off, ip);
-	cmn_err(CE_CONT, "%02x%02x%02x%02x\n", *s, *(s+1), *(s+2), *(s+3));
-	while (m != mt) {
-		i = 0;
-		t = outb;
-		s = mt->b_rptr;
-		sprintf((char *)t, "%d:", MTYPE(mt));
-		t += strlen((char *)t);
-		for (; (i < 100) && (s < mt->b_wptr); i++) {
-			sprintf((char *)t, "%02x%s", *s++,
-				((i & 3) == 3) ? " " : "");
-			t += ((i & 3) == 3) ? 3 : 2;
-		}
-		*t++ = '\n';
-		*t = '\0';
-		cmn_err(CE_CONT, "%s", outb);
-		mt = mt->b_cont;
-	}
-	i = 0;
-	t = outb;
-	s = m->b_rptr;
-	sprintf((char *)t, "%d:", MTYPE(m));
-	t += strlen((char *)t);
-	for (; (i < 100) && (s < m->b_wptr); i++) {
-		sprintf((char *)t, "%02x%s", *s++, ((i & 3) == 3) ? " " : "");
-		t += ((i & 3) == 3) ? 3 : 2;
-	}
-	*t++ = '\n';
-	*t = '\0';
-	cmn_err(CE_CONT, "%s", outb);
-}
-
-
-/*
- * find the first data mblk, if present, in the chain we're processing.  Also
- * make a few sanity checks to try prevent the filter from causing a panic -
- * none of the nice IP sanity checks (including checksumming) should have been
- * done yet (for incoming packets) - dangerous!
- */
-static int fr_precheck(mp, q, qif, out)
-mblk_t **mp;
-queue_t *q;
-qif_t *qif;
-int out;
-{
-	register mblk_t *m, *mt = *mp;
-	register ip_t *ip;
-	size_t hlen, len, off, off2, mlen, iphlen, plen, woff;
-	int err, synced = 0, sap, p, realigned = 0, multi = 0;
-	u_char *bp;
-#if SOLARIS2 >= 8
-	ip6_t *ip6;
-#endif
-#ifndef	sparc
-	u_short __ipoff;
-#endif
-tryagain:
-	ip = NULL;
-	m = NULL;
-	/*
-	 * If there is only M_DATA for a packet going out, then any header
-	 * information (which would otherwise appear in an M_PROTO mblk before
-	 * the M_DATA) is prepended before the IP header.  We need to set the
-	 * offset to account for this. - see MMM
-	 */
-	off = (out) ? qif->qf_hl : 0;
-
-	/*
-	 * If the message protocol block indicates that there isn't a data
-	 * block following it, just return back.
-	 */
-	bp = (u_char *)ALIGN32(mt->b_rptr);
-	if (MTYPE(mt) == M_PROTO || MTYPE(mt) == M_PCPROTO) {
-		dl_unitdata_ind_t *dl = (dl_unitdata_ind_t *)bp;
-		if (dl->dl_primitive == DL_UNITDATA_IND) {
-			multi = dl->dl_group_address;
-			m = mt->b_cont;
-			/*
-			 * This is a complete kludge to try and work around
-			 * some bizarre packets which drop through into
-			 * fr_donotip.
-			 */
-			if (m && multi && ((*((u_char *)m->b_rptr) == 0x0) &&
-			    ((*((u_char *)m->b_rptr + 2) == 0x45)))) {
-				ip = (ip_t *)(m->b_rptr + 2);
-				off = 2;
-			} else
-				off = 0;
-		} else if (dl->dl_primitive != DL_UNITDATA_REQ) {
-			ip = (ip_t *)dl;
-			if ((ip->ip_v == IPVERSION) &&
-			    (ip->ip_hl == (sizeof(*ip) >> 2)) &&
-			    (ntohs(ip->ip_len) == mt->b_wptr - mt->b_rptr)) {
-				off = 0;
-				m = mt;
-			} else {
-				frstats[out].fr_notdata++;
-				return 0;
-			}
-		}
-	}
-
-	/*
-	 * Find the first data block, count the data blocks in this chain and
-	 * the total amount of data.
-	 */
-	if (ip == NULL)
-		for (m = mt; m && (MTYPE(m) != M_DATA); m = m->b_cont)
-			off = 0;	/* Any non-M_DATA cancels the offset */
-
-	if (!m) {
-		frstats[out].fr_nodata++;
-		return 0;	/* No data blocks */
-	}
-
-	ip = (ip_t *)(m->b_rptr + off);		/* MMM */
-
-	/*
-	 * We might have a 1st data block which is really M_PROTO, i.e. it is
-	 * only big enough for the link layer header
-	 */
-	while ((u_char *)ip >= m->b_wptr) {
-		len = (u_char *)ip - m->b_wptr;
-		m = m->b_cont;
-		if (m == NULL)
-			return 0;	/* not enough data for IP */
-		ip = (ip_t *)(m->b_rptr + len);
-	}
-	off = (u_char *)ip - m->b_rptr;
-	if (off != 0)
-		m->b_rptr = (u_char *)ip;
-
-	len = m->b_wptr - m->b_rptr;
-	if (m->b_wptr < m->b_rptr) {
-		cmn_err(CE_NOTE, "!IP Filter: Bad packet: wptr %p < rptr %p",
-			m->b_wptr, m->b_rptr);
-		frstats[out].fr_bad++;
-		return -1;
-	}
-
-	mlen = msgdsize(m);
-	sap = qif->qf_ill->ill_sap;
-
-	if (sap == 0x800) {
-		u_short tlen;
-
-		hlen = sizeof(*ip);
-
-		/* XXX - might not be aligned (from ppp?) */
-		((char *)&tlen)[0] = ((char *)&ip->ip_len)[0];
-		((char *)&tlen)[1] = ((char *)&ip->ip_len)[1];
-
-		plen = ntohs(tlen);
-
-		sap = 0;
-	}
-#if SOLARIS2 >= 8
-	else if (sap == IP6_DL_SAP) {
-		u_short tlen;
-
-		hlen = sizeof(ip6_t);
-		ip6 = (ip6_t *)ip;
-		/* XXX - might not be aligned (from ppp?) */
-		((char *)&tlen)[0] = ((char *)&ip6->ip6_plen)[0];
-		((char *)&tlen)[1] = ((char *)&ip6->ip6_plen)[1];
-		plen = ntohs(tlen);
-		if (!plen)
-			return -1;	/* Jumbo gram */
-		plen += sizeof(*ip6);
-	}
-#endif
-	else {
-		plen = 0;
-		hlen = 0;
-		sap = -1;
-	}
-
-	/*
-	 * Ok, the IP header isn't on a 32bit aligned address so junk it.
-	 */
-	if (((u_long)ip & 0x3) || (plen > mlen) || (len < hlen) ||
-	    (sap == -1)) {
-		mblk_t *m1, *m2;
-		u_char *s, c;
-		int v;
-
-		/*
-		 * Junk using pullupmsg - it's next to useless.
-		 */
-fixalign:
-		if (off)
-			m->b_rptr -= off;
-		c = *(u_char *)ip;
-		c >>= 4;
-		if (c != 4
-#if SOLARIS2 >= 8
-		    && c != 6
-#endif
-		) {
-			frstats[out].fr_notip++;
-			return (fr_flags & FF_BLOCKNONIP) ? -1 : 0;
-		}
-
-		if (realigned)
-			return -1;
-		realigned = 1;
-		off2 = (size_t)((u_long)ip & 0x3);
-		if (off2)
-			off2 = 4 - off2;
-		len = msgdsize(m);
-		m2 = allocb(len + off2, BPRI_HI);
-		if (m2 == NULL) {
-			frstats[out].fr_pull[1]++;
-			return -1;
-		}
-
-		MTYPE(m2) = M_DATA;
-		if (m->b_rptr != (u_char *)ip)
-			m2->b_rptr += off2;
-		m2->b_wptr = m2->b_rptr + len;
-		m1 = m;
-		s = (u_char *)m->b_rptr;
-		for (bp = m2->b_rptr; m1 && (bp < m2->b_wptr); bp += len) {
-			len = MIN(m1->b_wptr - s, m2->b_wptr - bp);
-			bcopy(s, bp, len);
-			m1 = m1->b_cont;
-			if (m1)
-				s = m1->b_rptr;
-		}
-
-		if (mt != m && mt->b_cont == m && !off) {
-			/*
-			 * check if the buffer we're changing is chained in-
-			 * between other buffers and unlink/relink as required.
-			 */
-			(void) unlinkb(mt);	/* should return 'm' */
-			m1 = unlinkb(m);
-			if (m1)
-				linkb(m2, m1);
-			freemsg(m);
-			linkb(mt, m2);
-		} else {
-			if (m == mt) {
-				m1 = unlinkb(mt);
-				if (m1)
-					linkb(m2, m1);
-			}
-			freemsg(mt);
-			*mp = m2;
-			mt = m2;
-		}
-
-		frstats[out].fr_pull[0]++;
-		synced = 1;
-		off = 0;
-		goto tryagain;
-	}
-
-	if (((sap == 0) && (ip->ip_v != IP_VERSION))
-#if SOLARIS2 >= 8
-	    || ((sap == IP6_DL_SAP) && ((ip6->ip6_vfc >> 4) != 6))
-#endif
-	) {
-		m->b_rptr -= off;
-		return -2;
-	}
-
-#ifndef	sparc
-# if SOLARIS2 >= 8
-	if (sap == IP6_DL_SAP) {
-		ip6->ip6_plen = plen - sizeof(*ip6);
-	} else {
-# endif
-		__ipoff = (u_short)ip->ip_off;
-
-		ip->ip_len = plen;
-		ip->ip_off = ntohs(__ipoff);
-# if SOLARIS2 >= 8
-	}
-# endif
-#endif
-	if (sap == 0)
-		iphlen = ip->ip_hl << 2;
-#if SOLARIS2 >= 8
-	else if (sap == IP6_DL_SAP)
-		iphlen = sizeof(ip6_t);
-#endif
-
-	if ((
-#if SOLARIS2 >= 8
-	     (sap == IP6_DL_SAP) && (mlen < plen)) ||
-	    ((sap == 0) &&
-#endif
-	     ((iphlen < hlen) || (iphlen > plen) || (mlen < plen)))) {
-		/*
-		 * Bad IP packet or not enough data/data length mismatches
-		 */
-#ifndef	sparc
-# if SOLARIS2 >= 8
-		if (sap == IP6_DL_SAP) {
-			ip6->ip6_plen = htons(plen - sizeof(*ip6));
-		} else {
-# endif
-			__ipoff = (u_short)ip->ip_off;
-
-			ip->ip_len = htons(plen);
-			ip->ip_off = htons(__ipoff);
-# if SOLARIS2 >= 8
-		}
-# endif
-#endif
-		m->b_rptr -= off;
-		frstats[out].fr_bad++;
-		return -1;
-	}
-
-	/*
-	 * Make hlen the total size of the IP header plus TCP/UDP/ICMP header
-	 * (if it is one of these three).
-	 */
-	if (sap == 0)
-		p = ip->ip_p;
-#if SOLARIS2 >= 8
-	else if (sap == IP6_DL_SAP)
-		p = ip6->ip6_nxt;
-
-	if ((sap == IP6_DL_SAP) || ((ip->ip_off & IP_OFFMASK) == 0))
-#else
-	if ((ip->ip_off & IP_OFFMASK) == 0)
-#endif
-		switch (p)
-		{
-		case IPPROTO_TCP :
-			hlen += sizeof(tcphdr_t);
-			break;
-		case IPPROTO_UDP :
-			hlen += sizeof(udphdr_t);
-			break;
-		case IPPROTO_ICMP :
-			/* 76 bytes is enough for a complete ICMP error. */
-			hlen += 76 + sizeof(icmphdr_t);
-			break;
-		default :
-			break;
-		}
-
-	woff = 0;
-	if (hlen > mlen) {
-		hlen = mlen;
-	} else if (m->b_wptr - m->b_rptr > plen) {
-		woff = m->b_wptr - m->b_rptr - plen;
-		m->b_wptr -= woff;
-	}
-
-	/*
-	 * If we don't have enough data in the mblk or we haven't yet copied
-	 * enough (above), then copy some more.
-	 */
-	if ((hlen > len)) {
-		if (!pullupmsg(m, (int)hlen)) {
-			cmn_err(CE_NOTE, "pullupmsg failed");
-			frstats[out].fr_pull[1]++;
-			return -1;
-		}
-		frstats[out].fr_pull[0]++;
-		ip = (ip_t *)ALIGN32(m->b_rptr);
-	}
-	qif->qf_m = m;
-	qif->qf_q = q;
-	qif->qf_off = off;
-	qif->qf_len = len;
-	err = fr_check(ip, iphlen, qif->qf_ill, out, qif, mp);
-	if (err == 2) {
-		goto fixalign;
-	}
-	/*
-	 * Copy back the ip header data if it was changed, we haven't yet
-	 * freed the message and we aren't going to drop the packet.
-	 * BUT only do this if there were no changes to the buffer, else
-	 * we can't be sure that the ip pointer is still correct!
-	 */
-	if (*mp != NULL) {
-		if (*mp == mt) {
-			m->b_wptr += woff;
-			m->b_rptr -= off;
-#ifndef	sparc
-# if SOLARIS2 >= 8
-			if (sap == IP6_DL_SAP) {
-				ip6->ip6_plen = htons(plen - sizeof(*ip6));
-			} else {
-# endif
-				__ipoff = (u_short)ip->ip_off;
-				/*
-				 * plen is useless because of NAT.
-				 */
-				ip->ip_len = htons(ip->ip_len);
-				ip->ip_off = htons(__ipoff);
-# if SOLARIS2 >= 8
-			}
-# endif
-#endif
-		} else
-			cmn_err(CE_NOTE,
-				"!IP Filter: *mp %p mt %p %s", *mp, mt,
-				"mblk changed, cannot revert ip_len, ip_off");
-	}
-	return err;
-}
-
-
-/*
- * Only called for M_IOCACK messages
- */
-void fr_qif_update(qif, mp)
-qif_t *qif;
-mblk_t *mp;
-{
-	struct iocblk *iocp;
-
-	if (!qif || !mp)
-		return;
-	iocp = (struct iocblk *)mp->b_rptr;
-	if (mp->b_cont && (iocp->ioc_cmd == DL_IOC_HDR_INFO)) {
-		mp = mp->b_cont;
-		if (MTYPE(mp) == M_PROTO && mp->b_cont) {
-			mp = mp->b_cont;
-			if (MTYPE(mp) == M_DATA) {
-				qif->qf_hl = mp->b_wptr - mp->b_rptr;
-			}
-		}
-	}
-}
-
-
-int fr_qin(q, mb)
-queue_t *q;
-mblk_t *mb;
-{
-	int (*pnext) __P((queue_t *, mblk_t *)), type, synced = 0, err = 0;
-	qif_t qf, *qif;
-
-#ifdef	IPFDEBUG_VERBOSE
-	if (ipf_debug_verbose)
-		cmn_err(CE_CONT,
-			"fr_qin(%lx,%lx) ptr %lx type 0x%x ref %d len %d\n",
-			q, q->q_ptr, mb, MTYPE(mb), mb->b_datap->db_ref,
-			msgdsize(mb));
-#endif
-
-	/*
-	 * IPFilter is still in the packet path but not enabled.  Drop whatever
-	 * it is that has come through.
-	 */
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-
-	type = MTYPE(mb);
-
-	/*
-	 * If a mblk has more than one reference, make a copy, filter that and
-	 * free a reference to the original.
-	 */
-	if (mb->b_datap->db_ref > 1) {
-		mblk_t *m1;
-
-		m1 = copymsg(mb);
-		if (!m1) {
-			frstats[0].fr_drop++;
-			mb->b_prev = NULL;
-			freemsg(mb);
-			return 0;
-		}
-		mb->b_prev = NULL;
-		freemsg(mb);
-		mb = m1;
-		frstats[0].fr_copy++;
-	}
-
-	READ_ENTER(&ipf_solaris);
-again:
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-	READ_ENTER(&ipfs_mutex);
-	if (!(qif = qif_from_queue(q))) {
-		for (qif = qif_head; qif; qif = qif->qf_next)
-			if (&qif->qf_rqinit == q->q_qinfo && qif->qf_rqinfo &&
-					qif->qf_rqinfo->qi_putp) {
-				pnext = qif->qf_rqinfo->qi_putp;
-				frstats[0].fr_notip++;
-				RWLOCK_EXIT(&ipfs_mutex);
-				if (!synced) {
-					ipfsync();
-					synced = 1;
-					goto again;
-				}
-				RWLOCK_EXIT(&ipf_solaris);
-				/* fr_donotip(0, NULL, q, mb, mb, NULL, 0); */
-				return (*pnext)(q, mb);
-			}
-		RWLOCK_EXIT(&ipfs_mutex);
-		if (!synced) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		cmn_err(CE_WARN,
-			"!IP Filter: dropped: fr_qin(%x,%x): type %x qif %x",
-			q, mb, type, qif);
-		cmn_err(CE_CONT,
-			"!IP Filter: info %x next %x ptr %x fsrv %x bsrv %x\n",
-			q->q_qinfo, q->q_next, q->q_ptr, q->q_nfsrv,
-			q->q_nbsrv);
-		cmn_err(CE_CONT, "!IP Filter: info: putp %x srvp %x info %x\n",
-			q->q_qinfo->qi_putp, q->q_qinfo->qi_srvp,
-#if SOLARIS > 3
-			q->q_qinfo->qi_infop
-#else
-			0
-#endif
-			);
-		frstats[0].fr_drop++;
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-
-	qif->qf_incnt++;
-	pnext = qif->qf_rqinfo->qi_putp;
-	if (type == M_IOCACK)
-		fr_qif_update(qif, mb);
-	bcopy((char *)qif, (char *)&qf, sizeof(qf));
-	if (datamsg(type) || (type == M_BREAK))
-		err = fr_precheck(&mb, q, &qf, 0);
-
-	RWLOCK_EXIT(&ipfs_mutex);
-
-	if ((err == 0) && (mb != NULL)) {
-		if (pnext) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-
-		cmn_err(CE_WARN,
-			"!IP Filter: inp NULL: qif %x %s q %x info %x",
-			qif, qf.qf_name, q, q->q_qinfo);
-	}
-
-	if (err == -2) {
-		if (synced == 0) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		frstats[0].fr_notip++;
-		if (!(fr_flags & FF_BLOCKNONIP) && (pnext != NULL)) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-	}
-	
-
-	if (mb) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-	}
-	RWLOCK_EXIT(&ipf_solaris);
-	return 1;
-}
-
-
-int fr_qout(q, mb)
-queue_t *q;
-mblk_t *mb;
-{
-	int (*pnext) __P((queue_t *, mblk_t *)), type, synced = 0, err = 0;
-	qif_t qf, *qif;
-
-#ifdef	IPFDEBUG_VERBOSE
-	if (ipf_debug_verbose)
-		cmn_err(CE_CONT,
-			"fr_qout(%lx,%lx) ptr %lx type 0x%x ref %d len %d\n",
-			q, q->q_ptr, mb, MTYPE(mb), mb->b_datap->db_ref,
-			msgdsize(mb));
-#endif
-
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-
-	type = MTYPE(mb);
-
-#if SOLARIS2 >= 6
-	if ((!dohwcksum || mb->b_ick_flag != ICK_VALID) &&
-	    (mb->b_datap->db_ref > 1))
-#else
-	if (mb->b_datap->db_ref > 1)
-#endif
-	{
-		mblk_t *m1;
-
-		m1 = copymsg(mb);
-		if (!m1) {
-			frstats[1].fr_drop++;
-			mb->b_prev = NULL;
-			freemsg(mb);
-			return 0;
-		}
-		mb->b_prev = NULL;
-		freemsg(mb);
-		mb = m1;
-		frstats[1].fr_copy++;
-	}
-
-	READ_ENTER(&ipf_solaris);
-again:
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-	READ_ENTER(&ipfs_mutex);
-	if (!(qif = qif_from_queue(q))) {
-		for (qif = qif_head; qif; qif = qif->qf_next)
-			if (&qif->qf_wqinit == q->q_qinfo && qif->qf_wqinfo &&
-					qif->qf_wqinfo->qi_putp) {
-				pnext = qif->qf_wqinfo->qi_putp;
-				RWLOCK_EXIT(&ipfs_mutex);
-				frstats[1].fr_notip++;
-				if (!synced) {
-					ipfsync();
-					synced = 1;
-					goto again;
-				}
-				/* fr_donotip(1, NULL, q, mb, mb, NULL, 0); */
-				RWLOCK_EXIT(&ipf_solaris);
-				return (*pnext)(q, mb);
-			}
-		RWLOCK_EXIT(&ipfs_mutex);
-		if (!synced) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		cmn_err(CE_WARN,
-			"!IP Filter: dropped: fr_qout(%x,%x): type %x: qif %x",
-			q, mb, type, qif);
-		cmn_err(CE_CONT,
-			"!IP Filter: info %x next %x ptr %x fsrv %x bsrv %x\n",
-			q->q_qinfo, q->q_next, q->q_ptr, q->q_nfsrv,
-			q->q_nbsrv);
-		cmn_err(CE_CONT, "!IP Filter: info: putp %x srvp %x info %x\n",
-			q->q_qinfo->qi_putp, q->q_qinfo->qi_srvp,
-#if SOLARIS > 3
-			q->q_qinfo->qi_infop
-#else
-			0
-#endif
-			);
-		if (q->q_nfsrv)
-			cmn_err(CE_CONT,
-				"!IP Filter: nfsrv: info %x next %x ptr %x\n",
-				q->q_nfsrv->q_qinfo, q->q_nfsrv->q_next,
-				q->q_nfsrv->q_ptr);
-		if (q->q_nbsrv)
-			cmn_err(CE_CONT,
-				"!IP Filter: nbsrv: info %x next %x ptr %x\n",
-				q->q_nbsrv->q_qinfo, q->q_nbsrv->q_next,
-				q->q_nbsrv->q_ptr);
-		frstats[1].fr_drop++;
-		mb->b_prev = NULL;
-		freemsg(mb);
-		RWLOCK_EXIT(&ipf_solaris);
-		return 0;
-	}
-
-	qif->qf_outcnt++;
-	pnext = qif->qf_wqinfo->qi_putp;
-	if (type == M_IOCACK)
-		fr_qif_update(qif, mb);
-	bcopy((char *)qif, (char *)&qf, sizeof(qf));
-	if (datamsg(type) || (type == M_BREAK))
-		err = fr_precheck(&mb, q, &qf, 1);
-
-	RWLOCK_EXIT(&ipfs_mutex);
-
-	if ((err == 0) && (mb != NULL)) {
-		if (pnext) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-
-		cmn_err(CE_WARN,
-			"!IP Filter: outp NULL: qif %x %s q %x info %x",
-			qif, qf.qf_name, q, q->q_qinfo);
-	}
-
-	if (err == -2) {
-		if (synced == 0) {
-			ipfsync();
-			synced = 1;
-			goto again;
-		}
-		frstats[1].fr_notip++;
-		if (!(fr_flags & FF_BLOCKNONIP) && (pnext != NULL)) {
-			RWLOCK_EXIT(&ipf_solaris);
-			return (*pnext)(q, mb);
-		}
-	}
-
-	if (mb) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-	}
-	RWLOCK_EXIT(&ipf_solaris);
-	return 1;
-}
-
-
-void ipf_synctimeout(arg)
-void *arg;
-{
-	if (fr_running < 0)
-		return;
-	READ_ENTER(&ipf_solaris);
-	ipfsync();
-	WRITE_ENTER(&ipfs_mutex);
-	synctimeoutid = 0;
-	RWLOCK_EXIT(&ipfs_mutex);
-	RWLOCK_EXIT(&ipf_solaris);
-}
-
-
-static int ipf_ip_qin(q, mb)
-queue_t *q;
-mblk_t *mb;
-{
-	struct iocblk *ioc;
-	int ret;
-
-	if (fr_running <= 0) {
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-
-	if (MTYPE(mb) != M_IOCTL)
-		return (*ipf_ip_inp)(q, mb);
-
-	READ_ENTER(&ipf_solaris);
-	if (fr_running <= 0) {
-		RWLOCK_EXIT(&ipf_solaris);
-		mb->b_prev = NULL;
-		freemsg(mb);
-		return 0;
-	}
-	ioc = (struct iocblk *)mb->b_rptr;
-
-	switch (ioc->ioc_cmd)
-	{
-	case DL_IOC_HDR_INFO:
-		fr_qif_update(qif_from_queue(q), mb);
-		break;
-	case I_LINK:
-	case I_UNLINK:
-	case SIOCSIFADDR:
-	case SIOCSIFFLAGS:
-#ifdef	IPFDEBUG
-		if (ipf_debug)
-			cmn_err(CE_NOTE,
-				"IP Filter: ipf_ip_qin() M_IOCTL type=0x%x",
-				ioc->ioc_cmd);
-#endif
-		WRITE_ENTER(&ipfs_mutex);
-		if (synctimeoutid == 0) {
-			synctimeoutid = timeout(ipf_synctimeout,
-						NULL,
-						drv_usectohz(1000000) /*1 sec*/
-					);
-		}
-		RWLOCK_EXIT(&ipfs_mutex);
-		break;
-	default:
-		break;
-	}
-	RWLOCK_EXIT(&ipf_solaris);
-	return (*ipf_ip_inp)(q, mb);
-}
-
-static int ipdrvattcnt = 0;
-extern struct streamtab ipinfo;
-
-void solipdrvattach()
-{
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: solipdrvattach() %d ipinfo=0x%lx",
-			ipdrvattcnt, &ipinfo);
-#endif
-
-	if (++ipdrvattcnt == 1) {
-		if (ipf_ip_inp == NULL) {
-			ipf_ip_inp = ipinfo.st_wrinit->qi_putp;
-			ipinfo.st_wrinit->qi_putp = ipf_ip_qin;
-		}
-	}
-}
-
-int solipdrvdetach()
-{
-#ifdef	IPFDEBUG
-	if (ipf_debug)
-		cmn_err(CE_NOTE, "IP Filter: solipdrvdetach() %d ipinfo=0x%lx",
-			ipdrvattcnt, &ipinfo);
-#endif
-
-	WRITE_ENTER(&ipfs_mutex);
-	if (--ipdrvattcnt <= 0) {
-		if (ipf_ip_inp && (ipinfo.st_wrinit->qi_putp == ipf_ip_qin)) {
-			ipinfo.st_wrinit->qi_putp = ipf_ip_inp;
-			ipf_ip_inp = NULL;
-		}
-		if (synctimeoutid) {
-			untimeout(synctimeoutid);
-			synctimeoutid = 0;
-		}
-	}
-	RWLOCK_EXIT(&ipfs_mutex);
-	return ipdrvattcnt;
-}
-
-/*
- * attach the packet filter to each interface that is defined as having an
- * IP address associated with it and save some of the info. for that struct
- * so we're not out of date as soon as the ill disappears - but we must sync
- * to be correct!
- */
-void solattach()
-{
-	queue_t *in, *out;
-	struct frentry *f;
-	qif_t *qif, *qf2;
-	ipnat_t *np;
-	size_t len;
-	ill_t *il;
-
-	for (il = ill_g_head; il; il = il->ill_next) {
-		in = il->ill_rq;
-		if (!in || !il->ill_wq)
-			continue;
-
-		out = il->ill_wq->q_next;
-
-		WRITE_ENTER(&ipfs_mutex);
-		/*
-		 * Look for entry already setup for this device
-		 */
-		for (qif = qif_head; qif; qif = qif->qf_next)
-			if (qif->qf_iptr == in->q_ptr &&
-			    qif->qf_optr == out->q_ptr)
-				break;
-		if (qif) {
-			RWLOCK_EXIT(&ipfs_mutex);
-			continue;
-		}
-#ifdef	IPFDEBUGX
-		if (ipf_debug)
-		cmn_err(CE_NOTE,
-			"IP Filter: il %x ipt %x opt %x ipu %x opu %x i %x/%x",
-			il, in->q_ptr,  out->q_ptr, in->q_qinfo->qi_putp,
-			out->q_qinfo->qi_putp, out->q_qinfo, in->q_qinfo);
-#endif
-		KMALLOC(qif, qif_t *);
-		if (!qif) {
-			cmn_err(CE_WARN,
-				"IP Filter: malloc(%d) for qif_t failed",
-				sizeof(qif_t));
-			RWLOCK_EXIT(&ipfs_mutex);
-			continue;
-		}
-
-		if (in->q_qinfo->qi_putp == fr_qin) {
-			for (qf2 = qif_head; qf2; qf2 = qf2->qf_next)
-				if (&qf2->qf_rqinit == in->q_qinfo) {
-					qif->qf_rqinfo = qf2->qf_rqinfo;
-					break;
-				}
-			if (!qf2) {
-#ifdef	IPFDEBUGX
-				if (ipf_debug)
-				cmn_err(CE_WARN,
-					"IP Filter: rq:%s put %x qi %x",
-					il->ill_name, in->q_qinfo->qi_putp,
-					in->q_qinfo);
-#endif
-				RWLOCK_EXIT(&ipfs_mutex);
-				KFREE(qif);
-				continue;
-			}
-		} else
-			qif->qf_rqinfo = in->q_qinfo;
-
-		if (out->q_qinfo->qi_putp == fr_qout) {
-			for (qf2 = qif_head; qf2; qf2 = qf2->qf_next)
-				if (&qf2->qf_wqinit == out->q_qinfo) {
-					qif->qf_wqinfo = qf2->qf_wqinfo;
-					break;
-				}
-			if (!qf2) {
-#ifdef	IPFDEBUGX
-				if (ipf_debug)
-				cmn_err(CE_WARN,
-					"IP Filter: wq:%s put %x qi %x",
-					il->ill_name, out->q_qinfo->qi_putp,
-					out->q_qinfo);
-#endif
-				RWLOCK_EXIT(&ipfs_mutex);
-				KFREE(qif);
-				continue;
-			}
-		} else
-			qif->qf_wqinfo = out->q_qinfo;
-
-		qif->qf_ill = il;
-		qif->qf_in = in;
-		qif->qf_out = out;
-		qif->qf_iptr = in->q_ptr;
-		qif->qf_optr = out->q_ptr;
-#if SOLARIS2 < 8
-		qif->qf_hl = il->ill_hdr_length;
-#else
-		{
-		ire_t *ire;
-		mblk_t *m;
-
-		qif->qf_hl = 0;
-		qif->qf_sap = il->ill_sap;
-# if 0
-		/*
-		 * Can't seem to lookup a route for the IP address on the
-		 * interface itself.
-		 */
-		ire = ire_route_lookup(il->ill_ipif->ipif_lcl_addr, 0xffffffff,
-					0, 0, NULL, NULL, NULL,
-					MATCH_IRE_DSTONLY|MATCH_IRE_RECURSIVE);
-		if ((ire != NULL) && (m = ire->ire_fp_mp))
-			qif->qf_hl = m->b_wptr - m->b_rptr;
-# endif
-		if ((qif->qf_hl == 0) && (il->ill_type > 0) &&
-		    (il->ill_type < 0x37) &&
-		    (hdrsizes[il->ill_type][0] == il->ill_type))
-			qif->qf_hl = hdrsizes[il->ill_type][1];
-
-		/* DREADFUL VLAN HACK - JUST HERE TO CHECK IT WORKS */
-		if (il->ill_type == IFT_ETHER &&
-		    il->ill_name[0] == 'c' && il->ill_name[1] == 'e' &&
-		    isdigit(il->ill_name[2]) && il->ill_name_length >= 6) {
-			cmn_err(CE_NOTE, "VLAN HACK ENABLED");
-			qif->qf_hl += 4;
-		}
-		/* DREADFUL VLAN HACK - JUST HERE TO CHECK IT WORKS */
-
-		if (qif->qf_hl == 0 && il->ill_type != IFT_OTHER)
-			cmn_err(CE_WARN,
-				"Unknown layer 2 header size for %s type %d",
-				il->ill_name, il->ill_type);
-		}
-
-		/*
-		 * XXX Awful hack for PPP; fix when PPP/snoop fixed.
-		 */
-		if (il->ill_type == IFT_ETHER && !il->ill_bcast_addr_length)
-			qif->qf_hl = 0;
-#endif
-		strncpy(qif->qf_name, il->ill_name, sizeof(qif->qf_name));
-		qif->qf_name[sizeof(qif->qf_name) - 1] = '\0';
-
-		qif->qf_next = qif_head;
-		qif_head = qif;
-
-		/*
-		 * Activate any rules directly associated with this interface
-		 */
-		WRITE_ENTER(&ipf_mutex);
-		for (f = ipfilter[0][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-		for (f = ipfilter[1][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-#if SOLARIS2 >= 8
-		for (f = ipfilter6[0][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-		for (f = ipfilter6[1][fr_active]; f; f = f->fr_next) {
-			if ((f->fr_ifa == (struct ifnet *)-1)) {
-				len = strlen(f->fr_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, f->fr_ifname, len))
-					f->fr_ifa = il;
-			}
-		}
-#endif
-		RWLOCK_EXIT(&ipf_mutex);
-		WRITE_ENTER(&ipf_nat);
-		for (np = nat_list; np; np = np->in_next) {
-			if ((np->in_ifp == (struct ifnet *)-1)) {
-				len = strlen(np->in_ifname) + 1;
-				if ((len != 0) &&
-				    (len == (size_t)il->ill_name_length) &&
-				    !strncmp(il->ill_name, np->in_ifname, len))
-					np->in_ifp = il;
-			}
-		}
-		RWLOCK_EXIT(&ipf_nat);
-
-		bcopy((caddr_t)qif->qf_rqinfo, (caddr_t)&qif->qf_rqinit,
-		      sizeof(struct qinit));
-		qif->qf_rqinit.qi_putp = fr_qin;
-#ifdef	IPFDEBUG
-		if (ipf_debug)
-			cmn_err(CE_NOTE,
-				"IP Filter: solattach: in queue(%lx)->q_qinfo FROM %lx TO %lx",
-				in, in->q_qinfo, &qif->qf_rqinit);
-#endif
-		in->q_qinfo = &qif->qf_rqinit;
-
-		bcopy((caddr_t)qif->qf_wqinfo, (caddr_t)&qif->qf_wqinit,
-		      sizeof(struct qinit));
-		qif->qf_wqinit.qi_putp = fr_qout;
-#ifdef	IPFDEBUG
-		if (ipf_debug)
-			cmn_err(CE_NOTE,
-				"IP Filter: solattach: out queue(%lx)->q_qinfo FROM %lx TO %lx",
-				out, out->q_qinfo, &qif->qf_wqinit);
-#endif
-		out->q_qinfo = &qif->qf_wqinit;
-
-		ire_walk(ipf_ire_walk, (char *)qif);
-		RWLOCK_EXIT(&ipfs_mutex);
-		cmn_err(CE_CONT, "IP Filter: attach to [%s,%d] - %s\n",
-			qif->qf_name, il->ill_ppa,
-#if SOLARIS2 >= 8
-			il->ill_isv6 ? "IPv6" : "IPv4"
-#else
-			"IPv4"
-#endif
-			);
-	}
-	if (!qif_head)
-		cmn_err(CE_CONT, "IP Filter: not attached to any interfaces\n");
-	return;
-}
-
-
-/*
- * look for bad consistancies between the list of interfaces the filter knows
- * about and those which are currently configured.
- */
-int ipfsync()
-{
-	register struct frentry *f;
-	register ipnat_t *np;
-	register qif_t *qif, **qp;
-	register ill_t *il;
-	queue_t *in, *out;
-
-	WRITE_ENTER(&ipfs_mutex);
-	for (qp = &qif_head; (qif = *qp); ) {
-		for (il = ill_g_head; il; il = il->ill_next)
-			if ((qif->qf_ill == il) &&
-			    !strcmp(qif->qf_name, il->ill_name)) {
-#if SOLARIS2 < 8
-				mblk_t	*m = il->ill_hdr_mp;
-
-				qif->qf_hl = il->ill_hdr_length;
-				if (m && qif->qf_hl != (m->b_wptr - m->b_rptr))
-					cmn_err(CE_NOTE,
-						"IP Filter: ILL Header Length Mismatch\n");
-#endif
-				break;
-			}
-		if (il) {
-			qp = &qif->qf_next;
-			continue;
-		}
-		cmn_err(CE_CONT, "IP Filter: detaching [%s] - %s\n",
-			qif->qf_name,
-#if SOLARIS2 >= 8
-			(qif->qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4"
-#else
-			"IPv4"
-#endif
-			);
-		*qp = qif->qf_next;
-
-		/*
-		 * Disable any rules directly associated with this interface
-		 */
-		WRITE_ENTER(&ipf_nat);
-		for (np = nat_list; np; np = np->in_next)
-			if (np->in_ifp == (void *)qif->qf_ill)
-				np->in_ifp = (struct ifnet *)-1;
-		RWLOCK_EXIT(&ipf_nat);
-		WRITE_ENTER(&ipf_mutex);
-		for (f = ipfilter[0][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-		for (f = ipfilter[1][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-#if SOLARIS2 >= 8
-		for (f = ipfilter6[0][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-		for (f = ipfilter6[1][fr_active]; f; f = f->fr_next)
-			if (f->fr_ifa == (void *)qif->qf_ill)
-				f->fr_ifa = (struct ifnet *)-1;
-#endif
-
-#if 0 /* XXX */
-		/*
-		 * As well as the ill disappearing when a device is unplumb'd,
-		 * it also appears that the associated queue structures also
-		 * disappear - at least in the case of ppp, which is the most
-		 * volatile here.  Thanks to Greg for finding this problem.
-		 */
-		/*
-		 * Restore q_qinfo pointers in interface queues
-		 */
-		out = qif->qf_out;
-		in = qif->qf_in;
-		if (in) {
-# ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: ipfsync: in queue(%lx)->q_qinfo FROM %lx TO %lx",
-					in, in->q_qinfo, qif->qf_rqinfo);
-# endif
-			in->q_qinfo = qif->qf_rqinfo;
-		}
-		if (out) {
-# ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: ipfsync: out queue(%lx)->q_qinfo FROM %lx TO %lx",
-					out, out->q_qinfo, qif->qf_wqinfo);
-# endif
-			out->q_qinfo = qif->qf_wqinfo;
-		}
-#endif /* XXX */
-		RWLOCK_EXIT(&ipf_mutex);
-		KFREE(qif);
-		qif = *qp;
-	}
-	RWLOCK_EXIT(&ipfs_mutex);
-	solattach();
-
-	frsync();
-	/*
-	 * Resync. any NAT `connections' using this interface and its IP #.
-	 */
-	for (il = ill_g_head; il; il = il->ill_next) {
-		ip_natsync((void *)il);
-		ip_statesync((void *)il);
-	}
-	return 0;
-}
-
-
-/*
- * unhook the IP filter from all defined interfaces with IP addresses
- */
-int soldetach()
-{
-	queue_t *in, *out;
-	qif_t *qif, **qp;
-	ill_t *il;
-
-	WRITE_ENTER(&ipfs_mutex);
-	/*
-	 * Make two passes, first get rid of all the unknown devices, next
-	 * unlink known devices.
-	 */
-	for (qp = &qif_head; (qif = *qp); ) {
-		for (il = ill_g_head; il; il = il->ill_next)
-			if (qif->qf_ill == il)
-				break;
-		if (il) {
-			qp = &qif->qf_next;
-			continue;
-		}
-		cmn_err(CE_CONT, "IP Filter: removing [%s]\n", qif->qf_name);
-		*qp = qif->qf_next;
-		KFREE(qif);
-	}
-
-	while ((qif = qif_head)) {
-		qif_head = qif->qf_next;
-		for (il = ill_g_head; il; il = il->ill_next)
-			if (qif->qf_ill == il)
-				break;
-		if (il) {
-			in = qif->qf_in;
-			out = qif->qf_out;
-			cmn_err(CE_CONT, "IP Filter: detaching [%s,%d] - %s\n",
-				qif->qf_name, il->ill_ppa,
-#if SOLARIS2 >= 8
-			(qif->qf_sap == IP6_DL_SAP) ? "IPv6" : "IPv4"
-#else
-			"IPv4"
-#endif
-			);
-
-#ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: soldetach: in queue(%lx)->q_qinfo FROM %lx TO %lx",
-					in, in->q_qinfo, qif->qf_rqinfo);
-#endif
-			in->q_qinfo = qif->qf_rqinfo;
-
-			/*
-			 * and the write queue...
-			 */
-#ifdef	IPFDEBUG
-			if (ipf_debug)
-				cmn_err(CE_NOTE,
-					"IP Filter: soldetach: out queue(%lx)->q_qinfo FROM %lx TO %lx",
-					out, out->q_qinfo, qif->qf_wqinfo);
-#endif
-			out->q_qinfo = qif->qf_wqinfo;
-		}
-		KFREE(qif);
-	}
-	RWLOCK_EXIT(&ipfs_mutex);
-	return ipldetach();
-}
-
-
-#ifdef	IPFDEBUG
-void printire(ire)
-ire_t *ire;
-{
-	if (!ipf_debug)
-		return;
-	printf("ire: ll_hdr_mp %p rfq %p stq %p src_addr %x max_frag %d\n",
-# if SOLARIS2 >= 8
-		NULL,
-# else
-		ire->ire_ll_hdr_mp,
-# endif
-		ire->ire_rfq, ire->ire_stq,
-		ire->ire_src_addr, ire->ire_max_frag);
-	printf("ire: mask %x addr %x gateway_addr %x type %d\n",
-		ire->ire_mask, ire->ire_addr, ire->ire_gateway_addr,
-		ire->ire_type);
-	printf("ire: ll_hdr_length %d ll_hdr_saved_mp %p\n",
-		ire->ire_ll_hdr_length,
-# if SOLARIS2 >= 8
-		NULL
-# else
-		ire->ire_ll_hdr_saved_mp
-# endif
-		);
-}
-#endif
-
-
-int ipfr_fastroute(ip, mb, mpp, fin, fdp)
-ip_t *ip;
-mblk_t *mb, **mpp;
-fr_info_t *fin;
-frdest_t *fdp;
-{
-#ifdef	USE_INET6
-	ip6_t *ip6 = (ip6_t *)ip;
-#endif
-	ire_t *ir, *dir, *gw;
-	struct in_addr dst;
-	queue_t *q = NULL;
-	mblk_t *mp = NULL;
-	size_t hlen = 0;
-	frentry_t *fr;
-	frdest_t fd;
-	ill_t *ifp;
-	u_char *s;
-	qif_t *qf;
-	int p;
-
-#ifndef	sparc
-	u_short __iplen, __ipoff;
-#endif
-	qf = fin->fin_qif;
-
-	/*
-	 * If this is a duplicate mblk then we want ip to point at that
-	 * data, not the original, if and only if it is already pointing at
-	 * the current mblk data.
-	 */
-	if ((ip == (ip_t *)qf->qf_m->b_rptr) && (qf->qf_m != mb))
-		ip = (ip_t *)mb->b_rptr;
-
-	/*
-	 * If there is another M_PROTO, we don't want it
-	 */
-	if (*mpp != mb) {
-		mp = *mpp;
-		(void) unlinkb(mp);
-		mp = (*mpp)->b_cont;
-		(*mpp)->b_cont = NULL;
-		(*mpp)->b_prev = NULL;
-		freemsg(*mpp);
-		*mpp = mp;
-	}
-
-	if (!fdp) {
-		ipif_t *ipif;
-
-		ifp = fin->fin_ifp;
-		ipif = ifp->ill_ipif;
-		if (!ipif)
-			goto bad_fastroute;
-#if SOLARIS2 > 5
-		ir = ire_ctable_lookup(ipif->ipif_local_addr, 0, IRE_LOCAL,
-				       NULL, NULL, MATCH_IRE_TYPE);
-#else
-		ir = ire_lookup_myaddr(ipif->ipif_local_addr);
-#endif
-		if (!ir)
-			ir = (ire_t *)-1;
-
-		fd.fd_ifp = (struct ifnet *)ir;
-		fd.fd_ip = ip->ip_dst;
-		fdp = &fd;
-	}
-
-	ir = (ire_t *)fdp->fd_ifp;
-
-	if (fdp->fd_ip.s_addr)
-		dst = fdp->fd_ip;
-	else
-		dst.s_addr = fin->fin_fi.fi_daddr;
-
-#if SOLARIS2 >= 6
-	gw = NULL;
-	if (fin->fin_v == 4) {
-		p = ip->ip_p;
-		dir = ire_route_lookup(dst.s_addr, 0xffffffff, 0, 0, NULL,
-					&gw, NULL, MATCH_IRE_DSTONLY|
-					MATCH_IRE_DEFAULT|MATCH_IRE_RECURSIVE);
-	}
-# ifdef	USE_INET6
-	else if (fin->fin_v == 6) {
-		p = ip6->ip6_nxt;
-		dir = ire_route_lookup_v6(&ip6->ip6_dst, NULL, 0, 0,
-					NULL, &gw, NULL, MATCH_IRE_DSTONLY|
-					MATCH_IRE_DEFAULT|MATCH_IRE_RECURSIVE);
-	}
-# endif
-#else
-	dir = ire_lookup(dst.s_addr);
-#endif
-#if SOLARIS2 < 8
-	if (dir)
-		if (!dir->ire_ll_hdr_mp || !dir->ire_ll_hdr_length)
-			dir = NULL;
-#else
-	if (dir)
-		if (!dir->ire_fp_mp || !dir->ire_dlureq_mp)
-			dir = NULL;
-#endif
-
-	if (!ir)
-		ir = dir;
-
-	if (ir && dir) {
-		ifp = ire_to_ill(ir);
-		if (ifp == NULL)
-			goto bad_fastroute;
-		fr = fin->fin_fr;
-
-		/*
-		 * In case we're here due to "to <if>" being used with
-		 * "keep state", check that we're going in the correct
-		 * direction.
-		 */
-		if ((fr != NULL) && (fdp->fd_ifp != NULL) &&
-		    (fin->fin_rev != 0) && (fdp == &fr->fr_tif))
-			return 1;
-
-		fin->fin_ifp = ifp;
-		if (fin->fin_out == 0) {
-			fin->fin_fr = ipacct[1][fr_active];
-			if ((fin->fin_fr != NULL) &&
-			    (fr_scanlist(FR_NOMATCH, ip, fin, mb)&FR_ACCOUNT)){
-				ATOMIC_INCL(frstats[1].fr_acct);
-			}
-			fin->fin_fr = NULL;
-			if (!fr || !(fr->fr_flags & FR_RETMASK))
-				(void) fr_checkstate(ip, fin);
-			(void) ip_natout(ip, fin);
-		}
-#ifndef	sparc
-		if (fin->fin_v == 4) {
-			__iplen = (u_short)ip->ip_len,
-			__ipoff = (u_short)ip->ip_off;
-
-			ip->ip_len = htons(__iplen);
-			ip->ip_off = htons(__ipoff);
-		}
-#endif
-
-#if SOLARIS2 < 8
-		mp = dir->ire_ll_hdr_mp;
-		hlen = dir->ire_ll_hdr_length;
-#else
-		mp = dir->ire_fp_mp;
-		hlen = mp ? mp->b_wptr - mp->b_rptr : 0;
-		mp = dir->ire_dlureq_mp;
-#endif
-		if (mp != NULL) {
-			s = mb->b_rptr;
-			if (
-#if SOLARIS2 >= 6
-			    (dohwcksum &&
-			     ifp->ill_ick.ick_magic == ICK_M_CTL_MAGIC) ||
-#endif
-			    (hlen && (s - mb->b_datap->db_base) >= hlen)) {
-				s -= hlen;
-				mb->b_rptr = (u_char *)s;
-				bcopy((char *)mp->b_rptr, (char *)s, hlen);
-			} else {
-				mblk_t	*mp2;
-
-				mp2 = copyb(mp);
-				if (!mp2)
-					goto bad_fastroute;
-				linkb(mp2, mb);
-				mb = mp2;
-			}
-		}
-		*mpp = mb;
-
-		if (ir->ire_stq)
-			q = ir->ire_stq;
-		else if (ir->ire_rfq)
-			q = WR(ir->ire_rfq);
-		if (q) {
-			mb->b_prev = NULL;
-			mb->b_queue = q;
-			RWLOCK_EXIT(&ipfs_mutex);
-			RWLOCK_EXIT(&ipf_solaris);
-#if SOLARIS2 >= 6
-			if ((p == IPPROTO_TCP) && dohwcksum &&
-			    (ifp->ill_ick.ick_magic == ICK_M_CTL_MAGIC)) {
-				tcphdr_t *tcp;
-				u_32_t t;
-
-				tcp = (tcphdr_t *)((char *)ip + fin->fin_hlen);
-				t = ip->ip_src.s_addr;
-				t += ip->ip_dst.s_addr;
-				t += 30;
-				t = (t & 0xffff) + (t >> 16);
-				tcp->th_sum = t & 0xffff;
-			}
-#endif
-			putnext(q, mb);
-			READ_ENTER(&ipf_solaris);
-			READ_ENTER(&ipfs_mutex);
-			ipl_frouteok[0]++;
-			*mpp = NULL;
-			return 0;
-		}
-	}
-bad_fastroute:
-	mb->b_prev = NULL;
-	freemsg(mb);
-	ipl_frouteok[1]++;
-	*mpp = NULL;
-	return -1;
-}
-
-
-void copyout_mblk(m, off, len, buf)
-mblk_t *m;
-size_t off, len;
-char *buf;
-{
-	u_char *s, *bp = (u_char *)buf;
-	size_t mlen, olen, clen;
-
-	for (; m && len; m = m->b_cont) {
-		if (MTYPE(m) != M_DATA)
-			continue;
-		s = m->b_rptr;
-		mlen = m->b_wptr - s;
-		olen = MIN(off, mlen);
-		if ((olen == mlen) || (olen < off)) {
-			off -= olen;
-			continue;
-		} else if (olen) {
-			off -= olen;
-			s += olen;
-			mlen -= olen;
-		}
-		clen = MIN(mlen, len);
-		bcopy(s, bp, clen);
-		len -= clen;
-		bp += clen;
-	}
-}
-
-
-void copyin_mblk(m, off, len, buf)
-mblk_t *m;
-size_t off, len;
-char *buf;
-{
-	u_char *s, *bp = (u_char *)buf;
-	size_t mlen, olen, clen;
-
-	for (; m && len; m = m->b_cont) {
-		if (MTYPE(m) != M_DATA)
-			continue;
-		s = m->b_rptr;
-		mlen = m->b_wptr - s;
-		olen = MIN(off, mlen);
-		if ((olen == mlen) || (olen < off)) {
-			off -= olen;
-			continue;
-		} else if (olen) {
-			off -= olen;
-			s += olen;
-			mlen -= olen;
-		}
-		clen = MIN(mlen, len);
-		bcopy(bp, s, clen);
-		len -= clen;
-		bp += clen;
-	}
-}
-
-
-int fr_verifysrc(ipa, ifp)
-struct in_addr ipa;
-void *ifp;
-{
-	ire_t *ir, *dir, *gw;
-
-#if SOLARIS2 >= 6
-	dir = ire_route_lookup(ipa.s_addr, 0xffffffff, 0, 0, NULL, &gw, NULL,
-				MATCH_IRE_DSTONLY|MATCH_IRE_DEFAULT|
-				MATCH_IRE_RECURSIVE);
-#else
-	dir = ire_lookup(ipa.s_addr);
-#endif
-
-	if (!dir)
-		return 0;
-	return (ire_to_ill(dir) == ifp);
-}
diff --git a/contrib/ipfilter/test/expected/1 b/contrib/ipfilter/test/expected/1
deleted file mode 100644
index 93b733336d39..000000000000
--- a/contrib/ipfilter/test/expected/1
+++ /dev/null
@@ -1,16 +0,0 @@
-block
-block
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-pass
-pass
diff --git a/contrib/ipfilter/test/expected/10 b/contrib/ipfilter/test/expected/10
deleted file mode 100644
index bc0d83ec88f2..000000000000
--- a/contrib/ipfilter/test/expected/10
+++ /dev/null
@@ -1,108 +0,0 @@
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-block
-block
-block
-nomatch
-nomatch
-block
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-block
-block
-nomatch
-nomatch
-nomatch
-block
-pass
-pass
-nomatch
-nomatch
-nomatch
-pass
-block
-block
-block
-block
-block
-block
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-block
-block
-block
-nomatch
-block
-nomatch
-pass
-pass
-pass
-nomatch
-pass
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-pass
-pass
-pass
-pass
-pass
-block
-block
-nomatch
-block
-nomatch
-block
-pass
-pass
-nomatch
-pass
-nomatch
-pass
-block
-block
-block
-block
-block
-block
-pass
-pass
-pass
-pass
-pass
-pass
-block
-block
-block
-nomatch
-nomatch
-block
diff --git a/contrib/ipfilter/test/expected/11 b/contrib/ipfilter/test/expected/11
deleted file mode 100644
index eb00875e01a9..000000000000
--- a/contrib/ipfilter/test/expected/11
+++ /dev/null
@@ -1,66 +0,0 @@
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
diff --git a/contrib/ipfilter/test/expected/12 b/contrib/ipfilter/test/expected/12
deleted file mode 100644
index f94cf768273a..000000000000
--- a/contrib/ipfilter/test/expected/12
+++ /dev/null
@@ -1,54 +0,0 @@
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
diff --git a/contrib/ipfilter/test/expected/14 b/contrib/ipfilter/test/expected/14
deleted file mode 100644
index d06d92b3e02a..000000000000
--- a/contrib/ipfilter/test/expected/14
+++ /dev/null
@@ -1,40 +0,0 @@
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-block
-block
-block
-block
-block
-pass
-pass
-pass
-pass
-pass
diff --git a/contrib/ipfilter/test/expected/2 b/contrib/ipfilter/test/expected/2
deleted file mode 100644
index 03b71cdb9ea9..000000000000
--- a/contrib/ipfilter/test/expected/2
+++ /dev/null
@@ -1,36 +0,0 @@
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
diff --git a/contrib/ipfilter/test/expected/3 b/contrib/ipfilter/test/expected/3
deleted file mode 100644
index d06d92b3e02a..000000000000
--- a/contrib/ipfilter/test/expected/3
+++ /dev/null
@@ -1,40 +0,0 @@
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-block
-block
-block
-block
-block
-pass
-pass
-pass
-pass
-pass
diff --git a/contrib/ipfilter/test/expected/4 b/contrib/ipfilter/test/expected/4
deleted file mode 100644
index d06d92b3e02a..000000000000
--- a/contrib/ipfilter/test/expected/4
+++ /dev/null
@@ -1,40 +0,0 @@
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-block
-block
-block
-block
-block
-pass
-pass
-pass
-pass
-pass
diff --git a/contrib/ipfilter/test/expected/5 b/contrib/ipfilter/test/expected/5
deleted file mode 100644
index bc805805f136..000000000000
--- a/contrib/ipfilter/test/expected/5
+++ /dev/null
@@ -1,1344 +0,0 @@
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
diff --git a/contrib/ipfilter/test/expected/6 b/contrib/ipfilter/test/expected/6
deleted file mode 100644
index bc805805f136..000000000000
--- a/contrib/ipfilter/test/expected/6
+++ /dev/null
@@ -1,1344 +0,0 @@
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-block
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-block
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-pass
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
diff --git a/contrib/ipfilter/test/expected/7 b/contrib/ipfilter/test/expected/7
deleted file mode 100644
index c53d6eaa0cb9..000000000000
--- a/contrib/ipfilter/test/expected/7
+++ /dev/null
@@ -1,54 +0,0 @@
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
diff --git a/contrib/ipfilter/test/expected/8 b/contrib/ipfilter/test/expected/8
deleted file mode 100644
index 398058a5ec52..000000000000
--- a/contrib/ipfilter/test/expected/8
+++ /dev/null
@@ -1,36 +0,0 @@
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-block
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
diff --git a/contrib/ipfilter/test/expected/9 b/contrib/ipfilter/test/expected/9
deleted file mode 100644
index a4572e6e94e0..000000000000
--- a/contrib/ipfilter/test/expected/9
+++ /dev/null
@@ -1,108 +0,0 @@
-block
-block
-block
-block
-block
-block
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-pass
-pass
-pass
-pass
-block
-block
-nomatch
-nomatch
-nomatch
-nomatch
-pass
-pass
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-nomatch
-block
-block
-nomatch
diff --git a/contrib/ipfilter/test/expected/expected.sed b/contrib/ipfilter/test/expected/expected.sed
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/contrib/ipfilter/test/expected/expected.sed
+++ /dev/null
diff --git a/contrib/ipfilter/test/input/1 b/contrib/ipfilter/test/input/1
deleted file mode 100644
index 7c3ae8a3a3db..000000000000
--- a/contrib/ipfilter/test/input/1
+++ /dev/null
@@ -1,4 +0,0 @@
-in 127.0.0.1 127.0.0.1
-in 1.1.1.1 1.2.1.1
-out 127.0.0.1 127.0.0.1
-out 1.1.1.1 1.2.1.1
diff --git a/contrib/ipfilter/test/input/10 b/contrib/ipfilter/test/input/10
deleted file mode 100644
index 254cee7316ff..000000000000
--- a/contrib/ipfilter/test/input/10
+++ /dev/null
@@ -1,6 +0,0 @@
-in 1.1.1.1 2.1.1.1 opt lsrr
-in 1.1.1.1 2.1.1.1
-in 1.1.1.1 2.1.1.1 opt ts
-in 1.1.1.1 2.1.1.1 opt sec-class=topsecret
-in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret
-in 1.1.1.1 2.1.1.1 opt sec
diff --git a/contrib/ipfilter/test/input/11 b/contrib/ipfilter/test/input/11
deleted file mode 100644
index 4eda58eac04e..000000000000
--- a/contrib/ipfilter/test/input/11
+++ /dev/null
@@ -1,11 +0,0 @@
-in on e0 tcp 1.1.1.1,1 2.1.2.2,23 S
-in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
-in on e1 tcp 2.1.2.2,23 1.1.1.1,1 A
-in on e0 tcp 1.1.1.1,1 2.1.2.2,23 F
-in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
-in on e0 tcp 1.1.1.1,2 2.1.2.2,23 A
-in on e1 udp 1.1.1.1,1 4.4.4.4,53
-in on e1 udp 2.2.2.2,2 4.4.4.4,53
-in on e0 udp 4.4.4.4,53 1.1.1.1,1
-in on e0 udp 4.4.4.4,1023 1.1.1.1,2049
-in on e0 udp 4.4.4.4,2049 1.1.1.1,1023
diff --git a/contrib/ipfilter/test/input/12 b/contrib/ipfilter/test/input/12
deleted file mode 100644
index 5d9c1de3590d..000000000000
--- a/contrib/ipfilter/test/input/12
+++ /dev/null
@@ -1,35 +0,0 @@
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF  SYN
-45 00 0028 0000 4000 3f 06 0000 01010101 02010101
-0401 0019 00000000 00000000 50 02 2000 0000 0000
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF  ACK
-45 00 0028 0000 4000 3f 06 0000 01010101 02010101
-0401 0019 00000000 00000000 50 10 2000 0000 0000
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 ACK
-45 00 0028 0000 6000 3f 06 0000 01010101 02010101
-0401 0019 00000000 00000000 50 10 2000 0000 0000
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
-45 00 001c 0000 6000 3f 06 0000 01010101 02010101
-0401 0019 00000000
-
-# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 ACK
-45 00 001c 0000 6001 3f 06 0000 01010101 02010101
-00000000 50 10 2000
-
-# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
-45 00 0014 0000 6000 3f 11 0000 01010101 02010101
-
-# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
-45 00 0018 0000 2000 3f 11 0000 01010101 02010101
-0035 0035
-
-# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
-45 00 001c 0000 2000 3f 11 0000 01010101 02010101
-0001 0001 0004 0000
-
-# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
-45 00 001c 0000 2000 3f 11 0000 01010101 02010101
-0035 0035 0004 0000
-
diff --git a/contrib/ipfilter/test/input/13 b/contrib/ipfilter/test/input/13
deleted file mode 100644
index 56ec16d99b83..000000000000
--- a/contrib/ipfilter/test/input/13
+++ /dev/null
@@ -1,39 +0,0 @@
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0  SYN
-45 00 0028 0001 4000 3f 06 0000 01010101 02010101
-0401 0019 00000000 00000000 50 02 2000 0000 0000
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF  ACK
-45 00 0024 0002 2000 3f 06 0000 01010101 02010101
-0401001900000000 0000000050102000
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2  ACK
-45 00 002c 0002 0002 3f 06 0000 01010101 02010101
-0000000000010203 0405060708090a0b 0c0d0e0f10111213
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN
-45 00 0028 0003 6000 3f 06 0000 01010101 02010101
-0401 0019 00000000 00000000 50 10 2000 0000 0000
-
-# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
-45 00 001c 0004 6000 3f 06 0000 01010101 02010101
-0401 0019 00000000
-
-# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN
-45 00 001c 0005 6001 3f 06 0000 01010101 02010101
-00000000 50 10 2000
-
-# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
-45 00 0014 0006 6000 3f 11 0000 01010101 02010101
-
-# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
-45 00 0018 0007 2000 3f 11 0000 01010101 02010101
-0035 0035
-
-# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
-45 00 001c 0008 2000 3f 11 0000 01010101 02010101
-0035003500040000
-
-# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP FO=1
-45 00 001c 0008 0001 3f 11 0000 01010101 02010101
-0000000000000000
-
diff --git a/contrib/ipfilter/test/input/14 b/contrib/ipfilter/test/input/14
deleted file mode 100644
index 16a806ffec7b..000000000000
--- a/contrib/ipfilter/test/input/14
+++ /dev/null
@@ -1,5 +0,0 @@
-in 127.0.0.1 127.0.0.1
-in 1.1.1.1 1.2.1.1
-in 1.1.1.2 1.2.1.1
-in 1.1.2.2 1.2.1.1
-in 1.2.2.2 1.2.1.1
diff --git a/contrib/ipfilter/test/input/2 b/contrib/ipfilter/test/input/2
deleted file mode 100644
index d168af0c716a..000000000000
--- a/contrib/ipfilter/test/input/2
+++ /dev/null
@@ -1,6 +0,0 @@
-in tcp 127.0.0.1,1 127.0.0.1,21
-in tcp 1.1.1.1,1 1.2.1.1,21
-in udp 127.0.0.1,1 127.0.0.1,21
-in udp 1.1.1.1,1 1.2.1.1,21
-in icmp 127.0.0.1 127.0.0.1
-in icmp 1.1.1.1 1.2.1.1
diff --git a/contrib/ipfilter/test/input/3 b/contrib/ipfilter/test/input/3
deleted file mode 100644
index 16a806ffec7b..000000000000
--- a/contrib/ipfilter/test/input/3
+++ /dev/null
@@ -1,5 +0,0 @@
-in 127.0.0.1 127.0.0.1
-in 1.1.1.1 1.2.1.1
-in 1.1.1.2 1.2.1.1
-in 1.1.2.2 1.2.1.1
-in 1.2.2.2 1.2.1.1
diff --git a/contrib/ipfilter/test/input/4 b/contrib/ipfilter/test/input/4
deleted file mode 100644
index 2956d1b15454..000000000000
--- a/contrib/ipfilter/test/input/4
+++ /dev/null
@@ -1,5 +0,0 @@
-in 127.0.0.1 127.0.0.1
-in 1.1.1.1 1.1.1.1
-in 1.1.1.1 1.1.1.2
-in 1.1.1.1 1.1.2.2
-in 1.1.1.1 1.2.2.2
diff --git a/contrib/ipfilter/test/input/5 b/contrib/ipfilter/test/input/5
deleted file mode 100644
index 41600c10763b..000000000000
--- a/contrib/ipfilter/test/input/5
+++ /dev/null
@@ -1,28 +0,0 @@
-in tcp 1.1.1.1,0 2.2.2.2,2222
-in tcp 1.1.1.1,1 2.2.2.2,2222
-in tcp 1.1.1.1,23 2.2.2.2,2222
-in tcp 1.1.1.1,21 2.2.2.2,2222
-in tcp 1.1.1.1,1023 2.2.2.2,2222
-in tcp 1.1.1.1,1024 2.2.2.2,2222
-in tcp 1.1.1.1,1025 2.2.2.2,2222
-in tcp 1.1.1.1,32767 2.2.2.2,2222
-in tcp 1.1.1.1,32768 2.2.2.2,2222
-in tcp 1.1.1.1,65535 2.2.2.2,2222
-in tcp 1.1.1.1,5999 2.2.2.2,2222
-in tcp 1.1.1.1,6000 2.2.2.2,2222
-in tcp 1.1.1.1,6009 2.2.2.2,2222
-in tcp 1.1.1.1,6010 2.2.2.2,2222
-in udp 1.1.1.1,0 2.2.2.2,2222
-in udp 1.1.1.1,1 2.2.2.2,2222
-in udp 1.1.1.1,23 2.2.2.2,2222
-in udp 1.1.1.1,21 2.2.2.2,2222
-in udp 1.1.1.1,1023 2.2.2.2,2222
-in udp 1.1.1.1,1024 2.2.2.2,2222
-in udp 1.1.1.1,1025 2.2.2.2,2222
-in udp 1.1.1.1,32767 2.2.2.2,2222
-in udp 1.1.1.1,32768 2.2.2.2,2222
-in udp 1.1.1.1,65535 2.2.2.2,2222
-in udp 1.1.1.1,5999 2.2.2.2,2222
-in udp 1.1.1.1,6000 2.2.2.2,2222
-in udp 1.1.1.1,6009 2.2.2.2,2222
-in udp 1.1.1.1,6010 2.2.2.2,2222
diff --git a/contrib/ipfilter/test/input/6 b/contrib/ipfilter/test/input/6
deleted file mode 100644
index 21f0be3336c5..000000000000
--- a/contrib/ipfilter/test/input/6
+++ /dev/null
@@ -1,28 +0,0 @@
-in tcp 2.2.2.2,2222 1.1.1.1,0
-in tcp 2.2.2.2,2222 1.1.1.1,1
-in tcp 2.2.2.2,2222 1.1.1.1,23
-in tcp 2.2.2.2,2222 1.1.1.1,21
-in tcp 2.2.2.2,2222 1.1.1.1,1023
-in tcp 2.2.2.2,2222 1.1.1.1,1024
-in tcp 2.2.2.2,2222 1.1.1.1,1025
-in tcp 2.2.2.2,2222 1.1.1.1,32767
-in tcp 2.2.2.2,2222 1.1.1.1,32768
-in tcp 2.2.2.2,2222 1.1.1.1,65535
-in tcp 2.2.2.2,2222 1.1.1.1,5999
-in tcp 2.2.2.2,2222 1.1.1.1,6000
-in tcp 2.2.2.2,2222 1.1.1.1,6009
-in tcp 2.2.2.2,2222 1.1.1.1,6010
-in udp 2.2.2.2,2222 1.1.1.1,0
-in udp 2.2.2.2,2222 1.1.1.1,1
-in udp 2.2.2.2,2222 1.1.1.1,23
-in udp 2.2.2.2,2222 1.1.1.1,21
-in udp 2.2.2.2,2222 1.1.1.1,1023
-in udp 2.2.2.2,2222 1.1.1.1,1024
-in udp 2.2.2.2,2222 1.1.1.1,1025
-in udp 2.2.2.2,2222 1.1.1.1,32767
-in udp 2.2.2.2,2222 1.1.1.1,32768
-in udp 2.2.2.2,2222 1.1.1.1,65535
-in udp 2.2.2.2,2222 1.1.1.1,5999
-in udp 2.2.2.2,2222 1.1.1.1,6000
-in udp 2.2.2.2,2222 1.1.1.1,6009
-in udp 2.2.2.2,2222 1.1.1.1,6010
diff --git a/contrib/ipfilter/test/input/7 b/contrib/ipfilter/test/input/7
deleted file mode 100644
index 2721af2fb71e..000000000000
--- a/contrib/ipfilter/test/input/7
+++ /dev/null
@@ -1,9 +0,0 @@
-in icmp 1.1.1.1 2.1.1.1 echo
-in icmp 1.1.1.1 2.1.1.1 echo,1
-in icmp 1.1.1.1 2.1.1.1 echo,3
-in icmp 1.1.1.1 2.1.1.1 unreach
-in icmp 1.1.1.1 2.1.1.1 unreach,1
-in icmp 1.1.1.1 2.1.1.1 unreach,3
-in icmp 1.1.1.1 2.1.1.1 echorep
-in icmp 1.1.1.1 2.1.1.1 echorep,1
-in icmp 1.1.1.1 2.1.1.1 echorep,3
diff --git a/contrib/ipfilter/test/input/8 b/contrib/ipfilter/test/input/8
deleted file mode 100644
index cace511fbeb8..000000000000
--- a/contrib/ipfilter/test/input/8
+++ /dev/null
@@ -1,6 +0,0 @@
-in tcp 1.1.1.1,1 2.1.2.2,1 S
-in tcp 1.1.1.1,1 2.1.2.2,1 SA
-in tcp 1.1.1.1,1 2.1.2.2,1 SF
-in tcp 1.1.1.1,1 2.1.2.2,1 SFPAUR
-in tcp 1.1.1.1,1 2.1.2.2,1 PAU
-in tcp 1.1.1.1,1 2.1.2.2,1 A
diff --git a/contrib/ipfilter/test/input/9 b/contrib/ipfilter/test/input/9
deleted file mode 100644
index 33f3be392a7d..000000000000
--- a/contrib/ipfilter/test/input/9
+++ /dev/null
@@ -1,6 +0,0 @@
-in 1.1.1.1 2.1.1.1 opt lsrr
-in 1.1.1.1 2.1.1.1 opt lsrr,ssrr
-in 1.1.1.1 2.1.1.1 opt ts
-in 1.1.1.1 2.1.1.1 opt sec-class=topsecret
-in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret
-in 1.1.1.1 2.1.1.1 opt sec
diff --git a/contrib/ipfilter/test/input/input.sed b/contrib/ipfilter/test/input/input.sed
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/contrib/ipfilter/test/input/input.sed
+++ /dev/null
diff --git a/contrib/ipfilter/test/input/ipf6-1 b/contrib/ipfilter/test/input/ipf6-1
deleted file mode 100644
index 8cc2d175dc24..000000000000
--- a/contrib/ipfilter/test/input/ipf6-1
+++ /dev/null
@@ -1,26 +0,0 @@
-[out,de0]
-6000 0000 0020 3aff ef00 0000 0000 0000
-0000 0000 0001 0013 ff02 0000 0000 0000
-0000 0001 ff01 000b 8700 ea32 0000 0000
-ef00 0000 0000 0000 0000 0000 0001 000b
-0101 0048 5487 5c6f
-
-[in,de0]
-6000 0000 0020 3aff ef00 0000 0000 0000
-0000 0000 0001 000b ef00 0000 0000 0000
-0000 0000 0001 0013 8800 5322 6000 0000
-ef00 0000 0000 0000 0000 0000 0001 000b
-0201 0800 2071 cce1
-
-[out,de0]
-6000 0000 0010 3a40 ef00 0000 0000 0000
-0000 0000 0001 0013 ef00 0000 0000 0000
-0000 0000 0001 000b 8000 3210 06ff 0002
-9ec3 3c3c 8a82 0300
-
-[in,de0]
-6000 0000 0010 3aff ef00 0000 0000 0000
-0000 0000 0001 000b ef00 0000 0000 0000
-0000 0000 0001 0013 8100 3110 06ff 0002
-9ec3 3c3c 8a82 0300
-
diff --git a/contrib/ipfilter/test/regress/1 b/contrib/ipfilter/test/regress/1
deleted file mode 100644
index 6a2ede9e31c0..000000000000
--- a/contrib/ipfilter/test/regress/1
+++ /dev/null
@@ -1,4 +0,0 @@
-block in all
-pass in all
-block out all
-pass out all
diff --git a/contrib/ipfilter/test/regress/10 b/contrib/ipfilter/test/regress/10
deleted file mode 100644
index 355298308e72..000000000000
--- a/contrib/ipfilter/test/regress/10
+++ /dev/null
@@ -1,18 +0,0 @@
-block in from any to any with not ipopts
-pass in from any to any with not opt sec-class topsecret
-block in from any to any with not opt ssrr,sec-class topsecret
-pass in from any to any with not opt ssrr,sec-class topsecret
-block in from any to any with not opt ts,sec-class topsecret
-pass in from any to any with not opt ts,sec-class topsecret
-block in from any to any with not opt sec-class secret
-pass in from any to any with not opt sec-class secret
-block in from any to any with not opt lsrr,ssrr
-pass in from any to any with not opt lsrr,ssrr
-pass in from any to any with not ipopts
-block in from any to any with not opt lsrr
-pass in from any to any with not opt lsrr
-block in from any to any with not opt ssrr,ts
-pass in from any to any with not opt ssrr,ts
-block in from any to any with not opt rr
-pass in from any to any with not opt rr
-block in from any to any with not opt sec-class topsecret
diff --git a/contrib/ipfilter/test/regress/11 b/contrib/ipfilter/test/regress/11
deleted file mode 100644
index 0bf0a2a7322d..000000000000
--- a/contrib/ipfilter/test/regress/11
+++ /dev/null
@@ -1,6 +0,0 @@
-pass in proto tcp from any to any port = 23 flags S/SA keep state
-block in proto tcp from any to any port = 23 flags S/SA keep state
-pass in proto udp from any to any port = 53 keep frags
-block in proto udp from any to any port = 53 keep frags
-pass in proto udp from any to any port = 53 keep state
-block in proto udp from any to any port = 53 keep state
diff --git a/contrib/ipfilter/test/regress/12 b/contrib/ipfilter/test/regress/12
deleted file mode 100644
index c29f839aa502..000000000000
--- a/contrib/ipfilter/test/regress/12
+++ /dev/null
@@ -1,6 +0,0 @@
-pass in proto tcp from any port > 1024 to any port = 25 with not short
-pass in proto tcp from any port > 1024 to any port = 25
-block in proto tcp from any to any with short
-block in proto tcp from any to any with frag
-pass in proto udp from any port = 53 to any port = 53
-block in proto udp from any port = 53 to any port = 53 with not short
diff --git a/contrib/ipfilter/test/regress/13 b/contrib/ipfilter/test/regress/13
deleted file mode 100644
index f123e4781c86..000000000000
--- a/contrib/ipfilter/test/regress/13
+++ /dev/null
@@ -1,6 +0,0 @@
-pass in proto tcp from any to any port = 25 flags S/SA keep frags
-block in proto tcp from any to any port = 25 flags S/SA keep frags
-pass in proto udp from any to any port = 53 keep frags
-block in proto udp from any to any port = 53 keep frags
-pass in proto tcp from any to any port = 25 flags S/SA keep state keep frags
-block in proto tcp from any to any port = 25 flags S/SA keep state keep frags
diff --git a/contrib/ipfilter/test/regress/14 b/contrib/ipfilter/test/regress/14
deleted file mode 100644
index aa54af8df11d..000000000000
--- a/contrib/ipfilter/test/regress/14
+++ /dev/null
@@ -1,8 +0,0 @@
-block in from !1.1.1.1 to any
-pass in from 1.1.1.1 to !any
-block in from 1.1.1.1/24 to !any
-pass in from !1.1.1.1/24 to any
-block in from !1.1.1.1/16 to any
-pass in from 1.1.1.1/16 to !any
-block in from 1.1.1.1/0 to !any
-pass in from !1.1.1.1/0 to any
diff --git a/contrib/ipfilter/test/regress/2 b/contrib/ipfilter/test/regress/2
deleted file mode 100644
index e2f02a46e283..000000000000
--- a/contrib/ipfilter/test/regress/2
+++ /dev/null
@@ -1,6 +0,0 @@
-block in proto tcp from any to any
-pass in proto tcp from any to any
-block in proto udp from any to any
-pass in proto udp from any to any
-block in proto icmp from any to any
-pass in proto icmp from any to any
diff --git a/contrib/ipfilter/test/regress/3 b/contrib/ipfilter/test/regress/3
deleted file mode 100644
index ee80729cfc9b..000000000000
--- a/contrib/ipfilter/test/regress/3
+++ /dev/null
@@ -1,8 +0,0 @@
-block in from 1.1.1.1 to any
-pass in from 1.1.1.1 to any
-block in from 1.1.1.1/24 to any
-pass in from 1.1.1.1/24 to any
-block in from 1.1.1.1/16 to any
-pass in from 1.1.1.1/16 to any
-block in from 1.1.1.1/0 to any
-pass in from 1.1.1.1/0 to any
diff --git a/contrib/ipfilter/test/regress/4 b/contrib/ipfilter/test/regress/4
deleted file mode 100644
index bc8af2f0cae2..000000000000
--- a/contrib/ipfilter/test/regress/4
+++ /dev/null
@@ -1,8 +0,0 @@
-block in from any to 1.1.1.1
-pass in from any to 1.1.1.1
-block in from any to 1.1.1.1/24
-pass in from any to 1.1.1.1/24
-block in from any to 1.1.1.1/16
-pass in from any to 1.1.1.1/16
-block in from any to 1.1.1.1/0
-pass in from any to 1.1.1.1/0
diff --git a/contrib/ipfilter/test/regress/5 b/contrib/ipfilter/test/regress/5
deleted file mode 100644
index 998eabd4b10b..000000000000
--- a/contrib/ipfilter/test/regress/5
+++ /dev/null
@@ -1,48 +0,0 @@
-block in proto tcp from any port = 23 to any
-block in proto udp from any port = 23 to any
-block in proto tcp/udp from any port = 23 to any
-pass in proto tcp from any port <= 1023 to any
-pass in proto udp from any port <= 1023 to any
-pass in proto tcp/udp from any port <= 1023 to any
-block in proto tcp from any port >= 1024 to any
-block in proto udp from any port >= 1024 to any
-block in proto tcp/udp from any port >= 1024 to any
-pass in proto tcp from any port >= 1024 to any
-pass in proto udp from any port >= 1024 to any
-pass in proto tcp/udp from any port >= 1024 to any
-block in proto tcp from any port 0 >< 512 to any
-block in proto udp from any port 0 >< 512 to any
-block in proto tcp/udp from any port 0 >< 512 to any
-pass in proto tcp from any port 0 >< 512 to any
-pass in proto udp from any port 0 >< 512 to any
-pass in proto tcp/udp from any port 0 >< 512 to any
-block in proto tcp from any port 6000 <> 6009 to any
-block in proto udp from any port 6000 <> 6009 to any
-block in proto tcp/udp from any port 6000 <> 6009 to any
-pass in proto tcp from any port 6000 <> 6009 to any
-pass in proto udp from any port 6000 <> 6009 to any
-pass in proto tcp/udp from any port 6000 <> 6009 to any
-pass in proto tcp from any port = 23 to any
-pass in proto udp from any port = 23 to any
-pass in proto tcp/udp from any port = 23 to any
-block in proto tcp from any port != 21 to any
-block in proto udp from any port != 21 to any
-block in proto tcp/udp from any port != 21 to any
-pass in proto tcp from any port != 21 to any
-pass in proto udp from any port != 21 to any
-pass in proto tcp/udp from any port != 21 to any
-block in proto tcp from any port < 1024 to any
-block in proto udp from any port < 1024 to any
-block in proto tcp/udp from any port < 1024 to any
-pass in proto tcp from any port < 1024 to any
-pass in proto udp from any port < 1024 to any
-pass in proto tcp/udp from any port < 1024 to any
-block in proto tcp from any port > 1023 to any
-block in proto udp from any port > 1023 to any
-block in proto tcp/udp from any port > 1023 to any
-pass in proto tcp from any port > 1023 to any
-pass in proto udp from any port > 1023 to any
-pass in proto tcp/udp from any port > 1023 to any
-block in proto tcp from any port <= 1023 to any
-block in proto udp from any port <= 1023 to any
-block in proto tcp/udp from any port <= 1023 to any
diff --git a/contrib/ipfilter/test/regress/6 b/contrib/ipfilter/test/regress/6
deleted file mode 100644
index 291f09adcdbc..000000000000
--- a/contrib/ipfilter/test/regress/6
+++ /dev/null
@@ -1,48 +0,0 @@
-block in proto tcp from any to any port = 23
-block in proto udp from any to any port = 23
-block in proto tcp/udp from any to any port = 23
-pass in proto tcp from any to any port <= 1023
-pass in proto udp from any to any port <= 1023
-pass in proto tcp/udp from any to any port <= 1023
-block in proto tcp from any to any port >= 1024
-block in proto udp from any to any port >= 1024
-block in proto tcp/udp from any to any port >= 1024
-pass in proto tcp from any to any port >= 1024
-pass in proto udp from any to any port >= 1024
-pass in proto tcp/udp from any to any port >= 1024
-block in proto tcp from any to any port 0 >< 512
-block in proto udp from any to any port 0 >< 512
-block in proto tcp/udp from any to any port 0 >< 512
-pass in proto tcp from any to any port 0 >< 512
-pass in proto udp from any to any port 0 >< 512
-pass in proto tcp/udp from any to any port 0 >< 512
-block in proto tcp from any to any port 6000 <> 6009
-block in proto udp from any to any port 6000 <> 6009
-block in proto tcp/udp from any to any port 6000 <> 6009
-pass in proto tcp from any to any port 6000 <> 6009
-pass in proto udp from any to any port 6000 <> 6009
-pass in proto tcp/udp from any to any port 6000 <> 6009
-pass in proto tcp from any to any port = 23
-pass in proto udp from any to any port = 23
-pass in proto tcp/udp from any to any port = 23
-block in proto tcp from any to any port != 21
-block in proto udp from any to any port != 21
-block in proto tcp/udp from any to any port != 21
-pass in proto tcp from any to any port != 21
-pass in proto udp from any to any port != 21
-pass in proto tcp/udp from any to any port != 21
-block in proto tcp from any to any port < 1024
-block in proto udp from any to any port < 1024
-block in proto tcp/udp from any to any port < 1024
-pass in proto tcp from any to any port < 1024
-pass in proto udp from any to any port < 1024
-pass in proto tcp/udp from any to any port < 1024
-block in proto tcp from any to any port > 1023
-block in proto udp from any to any port > 1023
-block in proto tcp/udp from any to any port > 1023
-pass in proto tcp from any to any port > 1023
-pass in proto udp from any to any port > 1023
-pass in proto tcp/udp from any to any port > 1023
-block in proto tcp from any to any port <= 1023
-block in proto udp from any to any port <= 1023
-block in proto tcp/udp from any to any port <= 1023
diff --git a/contrib/ipfilter/test/regress/7 b/contrib/ipfilter/test/regress/7
deleted file mode 100644
index 6848a688a374..000000000000
--- a/contrib/ipfilter/test/regress/7
+++ /dev/null
@@ -1,6 +0,0 @@
-block in proto icmp from any to any icmp-type echo
-pass in proto icmp from any to any icmp-type echo
-block in proto icmp from any to any icmp-type unreach code 3
-pass in proto icmp from any to any icmp-type unreach code 3
-block in proto icmp from any to any icmp-type echorep
-pass in proto icmp from any to any icmp-type echorep
diff --git a/contrib/ipfilter/test/regress/8 b/contrib/ipfilter/test/regress/8
deleted file mode 100644
index 0f28fd261148..000000000000
--- a/contrib/ipfilter/test/regress/8
+++ /dev/null
@@ -1,6 +0,0 @@
-block in proto tcp from any to any flags S
-pass in proto tcp from any to any flags S
-block in proto tcp from any to any flags S/SA
-pass in proto tcp from any to any flags S/SA
-block in proto tcp from any to any flags S/APU
-pass in proto tcp from any to any flags S/APU
diff --git a/contrib/ipfilter/test/regress/9 b/contrib/ipfilter/test/regress/9
deleted file mode 100644
index 17bc96737877..000000000000
--- a/contrib/ipfilter/test/regress/9
+++ /dev/null
@@ -1,18 +0,0 @@
-block in from any to any with ipopts
-pass in from any to any with opt sec-class topsecret
-block in from any to any with opt ssrr,sec-class topsecret
-pass in from any to any with opt ssrr,sec-class topsecret
-block in from any to any with opt ts,sec-class topsecret
-pass in from any to any with opt ts,sec-class topsecret
-block in from any to any with opt sec-class secret
-pass in from any to any with opt sec-class secret
-block in from any to any with opt lsrr,ssrr
-pass in from any to any with opt lsrr,ssrr
-pass in from any to any with ipopts
-block in from any to any with opt lsrr
-pass in from any to any with opt lsrr
-block in from any to any with opt ssrr,ts
-pass in from any to any with opt ssrr,ts
-block in from any to any with opt rr
-pass in from any to any with opt rr
-block in from any to any with opt sec-class topsecret
diff --git a/contrib/ipfilter/test/regress/ipf6-1 b/contrib/ipfilter/test/regress/ipf6-1
deleted file mode 100644
index 814dfd6cd664..000000000000
--- a/contrib/ipfilter/test/regress/ipf6-1
+++ /dev/null
@@ -1,3 +0,0 @@
-block in all
-block out all
-pass out proto 58 all keep state
diff --git a/contrib/ipfilter/test/regress/regress.sed b/contrib/ipfilter/test/regress/regress.sed
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/contrib/ipfilter/test/regress/regress.sed
+++ /dev/null
diff --git a/contrib/ipfilter/test/test.sed b/contrib/ipfilter/test/test.sed
deleted file mode 100644
index 3ce0cb16415e..000000000000
--- a/contrib/ipfilter/test/test.sed
+++ /dev/null
@@ -1,6 +0,0 @@
-	Ç
.	Ä..0þCVSGexpected0ÇinputDG$regress
- 
-.cvsignore
-!Makefile
-"dotest
-#hextest