$Id: README,v 2.6 1998/01/20 21:33:50 vixie Exp $ Please read the LICENSE file before you use this software. Note that all original sources in this package are covered by the license; however, the small kernel patch files are license-free. This freedom is intended to allow system vendors to include the "hooks" for screend in their systems, even products which are sold for money. Only the screening logic in the original source files (both kernel mode and user mode) are have a restricted distrib- ution (see LICENSE for details). 20 January 1998 There's a way to sneak IP options through older firewalls by doing wierd things to the IP "offset" field. This release of screend blocks that hack. There's also a bunch of minor lint and portability changes in here. 31 March 1995 4.4BSD has come, the kernel interfaces screend hangs under have changed. We are indebted to some kind folks from bsdi.com for the patches to make this code fly on BSD/OS 2.0 or most any other 4.4BSD-Lite based system. See the CHANGES file for other details. A note for BSD/OS users: The screend driver has been tested against BSD/OS 1.1 and 2.0. To install for BSDI, simply install the new files and rebuild the kernel with `options GWSCREEN' and `pseudo-device gwscreen' uncommented in the kernel config file. No additional changes are necessary. NEW FILES: ./net/gw_screen.c ./net/gw_screen.h Protocol-independent code ./netinet/ip_screen.c Protocol-specific interface 28 March 1994 After a long and fruitful private Alpha, this software is escaping. It is functionally a bit more evolved than the current Ultrix and DEC AXP OSF/1 versions, and should compile on those systems for those who want the new functionality (a bug was fixed, and TCP flag screening has been added -- but please note that the TCP flag screening has not been rigorously tested, so don't use that feature unless you're prepared to fix bugs in it). This software should "just drop in" to a BSD/386 1.1 (or later); the kernel patches, being license-free, are distributed as part of BSD/386's kernel sources. (Note that binary-only customers may need help from BSDi's customer service to get this package installed.) Any other BNR2-derived system will need the small patches in sys/ applied, plus a small change to the "files" file that controls kernel builds. Any BNR2-system, including BSD/386 1.1, will need new kernel source files installed. All of this is explained in the INSTALL file, which you should read as soon as you are done here. One of Vixie Enterprises' consulting customers is running screend on SunOS, but we had to use some SunOS kernel sources to get it to work, and it's not yet clear to us how we're going to be able to distribute those files. Please do not ask when this will be available -- it is likely that BSDi will release a SPARC version of BSD with complete source code, long before Sun gives us permission to distribute modified versions of their proprietary sources. In the mean time you are better off buying an Intel machine and running BSD/386, or buying an ULTRIX or DEC OSF/1 machine (which both include screend as part of the base operating system). If you really want to run screend on SPARC __today__, get NetBSD/SPARC. In any case we do not welcome questions about SunOS or SPARC versions of screend; you are completely, totally on your own. 21 September 1993 The current state of this software is "used in production gateways"; there have been only minor changes made in several years. Useful programs screend daemon screenmode turns screening on and off screenstat prints kernel stats Not so useful programs screenmini used for timing tests screentest used for testing kernel code ckscreentab now obviated by "screend -c" Program documentation (useful programs only) in the "man" subdirectory. Concept documentation (paper in Summer 1989 USENIX conference) in the "doc" subdirectory; PostScript format only. Kernel code (tested but no guarantees) in "sys" subdirectory. How to obtain the software: ftp ftp.vix.com user anonymous cd pub/vixie type binary get screend.tar.Z (or screend.tar.gz) then "uncompress screend.tar.Z", cd to an emptry directory where you want to put the sources, and "tar xf screend.tar". Please send comments to , which is a mailing list made up of people who port, fix, maintain, or modify this package. Send to if you want to be added. Jeffrey Mogul BSD/386 1.0/1.1 port by: Tim Guarnieri (did the bulk of the work) Paul Vixie (did wierd stuff and packaging) (known to run on BSD/386 1.0/1.1, and should work on other BNR2-derived systems including BSD 4.4, NetBSD, FreeBSD, and 386BSD, as well as vendor platforms incorporating newer BSD networking code including Sony NEWSOS.) Our changes are enabled by #ifdef's which key off of the BSD macro, specifically #if defined(BSD) && (BSD >= 199103) we do not use "#ifdef __bsdi__" or any such thing. Thus, any late-model BSD system should be able to take these diffs and new files without modifications. We heartily wish that other well-intentioned software porting artists would be as generic in their efforts. Problems or questions regarding this software when running on BSD/386 or other BNR2-derived systems should be directed to your vendor if you have one, or as a last resort to the above-named individuals. Do not bother Jeff Mogul about these bits.