diff options
author | julian <julian@FreeBSD.org> | 1998-06-06 19:39:10 +0000 |
---|---|---|
committer | julian <julian@FreeBSD.org> | 1998-06-06 19:39:10 +0000 |
commit | 2cda12b561a47f469b0a05b3854a548c841356a9 (patch) | |
tree | d006668f700da058a6b87c5276f9f53f0b7c2332 | |
parent | e6bc8c123a9561a257efb1124bedb4eabaf2457c (diff) | |
download | FreeBSD-src-2cda12b561a47f469b0a05b3854a548c841356a9.zip FreeBSD-src-2cda12b561a47f469b0a05b3854a548c841356a9.tar.gz |
clean up the changes made to ipfw over the last weeks
(should make the ipfw lkm work again)
-rw-r--r-- | sys/netinet/in.h | 4 | ||||
-rw-r--r-- | sys/netinet/ip_divert.c | 44 | ||||
-rw-r--r-- | sys/netinet/ip_fw.c | 44 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 34 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 15 | ||||
-rw-r--r-- | sys/netinet/ip_var.h | 12 |
6 files changed, 52 insertions, 101 deletions
diff --git a/sys/netinet/in.h b/sys/netinet/in.h index e5c68af..a5422cf 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)in.h 8.3 (Berkeley) 1/3/94 - * $Id: in.h,v 1.32 1998/05/10 20:51:46 jb Exp $ + * $Id: in.h,v 1.33 1998/05/19 14:04:18 dg Exp $ */ #ifndef _NETINET_IN_H_ @@ -431,7 +431,7 @@ char *inet_ntoa __P((struct in_addr)); /* in libkern */ /* Firewall hooks */ struct ip; -typedef int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int, struct mbuf**)); +typedef int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int*, struct mbuf**)); typedef int ip_fw_ctl_t __P((int, struct mbuf**)); extern ip_fw_chk_t *ip_fw_chk_ptr; extern ip_fw_ctl_t *ip_fw_ctl_ptr; diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 9b32f6d..62be4df 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: ip_divert.c,v 1.26 1998/05/25 10:37:43 julian Exp $ + * $Id: ip_divert.c,v 1.27 1998/06/05 22:39:52 julian Exp $ */ #include "opt_inet.h" @@ -91,20 +91,14 @@ u_short ip_divert_port; * The user process can send it back to help the caller know something * about where the packet came from. * - * If IPFW is the caller then the IN cookie is the rule that sent - * us here and the OUT cookie is the rule after which processing + * If IPFW is the caller then the cookie is the rule that sent + * us here. On reinjection is is the rule after which processing * should continue. Leaving it the same will make processing start * at the rule number after that which sent it here. Setting it to * 0 will restart processing at the beginning. * #endif */ -#ifdef IPFW_DIVERT_OLDRESTART -u_short ip_divert_ignore; -#else - -u_short ip_divert_in_cookie; -u_short ip_divert_out_cookie; -#endif /* IPFW_DIVERT_OLDRESTART */ +u_short ip_divert_cookie; /* Internal variables */ @@ -171,8 +165,8 @@ div_input(struct mbuf *m, int hlen) #ifdef IPFW_DIVERT_OLDRESTART divsrc.sin_port = htons(ip_divert_port); #else - divsrc.sin_port = ip_divert_in_cookie; - ip_divert_in_cookie = 0; + divsrc.sin_port = ip_divert_cookie; + ip_divert_cookie = 0; #endif /* IPFW_DIVERT_OLDRESTART */ /* Restore packet header fields */ @@ -274,19 +268,15 @@ div_output(so, m, addr, control) m_freem(control); /* XXX */ /* Loopback avoidance */ -#ifdef IPFW_DIVERT_OLDRESTART if (sin) { - ip_divert_ignore = ntohs(sin->sin_port); - } else { - ip_divert_ignore = 0; - } +#ifdef IPFW_DIVERT_OLDRESTART + ip_divert_cookie = ntohs(sin->sin_port); #else - if (sin) { - ip_divert_out_cookie = sin->sin_port; + ip_divert_cookie = sin->sin_port; +#endif /* IPFW_DIVERT_OLDRESTART */ } else { - ip_divert_out_cookie = 0; + ip_divert_cookie = 0; } -#endif /* IPFW_DIVERT_OLDRESTART */ /* Reinject packet into the system as incoming or outgoing */ if (!sin || sin->sin_addr.s_addr == 0) { @@ -344,19 +334,11 @@ div_output(so, m, addr, control) } /* Reset for next time (and other packets) */ -#ifdef IPFW_DIVERT_OLDRESTART - ip_divert_ignore = 0; -#else - ip_divert_out_cookie = 0; -#endif /* IPFW_DIVERT_OLDRESTART */ + ip_divert_cookie = 0; return error; cantsend: -#ifdef IPFW_DIVERT_OLDRESTART - ip_divert_ignore = 0; -#else - ip_divert_out_cookie = 0; -#endif /* IPFW_DIVERT_OLDRESTART */ + ip_divert_cookie = 0; m_freem(m); return error; } diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 53f2856..0d978b4 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,7 +12,7 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.85 1998/06/05 22:39:53 julian Exp $ + * $Id: ip_fw.c,v 1.86 1998/06/05 23:33:26 julian Exp $ */ /* @@ -103,13 +103,8 @@ static ip_fw_chk_t *old_chk_ptr; static ip_fw_ctl_t *old_ctl_ptr; #endif -#ifdef IPFW_DIVERT_OLDRESTART -static int ip_fw_chk __P((struct ip **pip, int hlen, - struct ifnet *oif, int ignport, struct mbuf **m)); -#else static int ip_fw_chk __P((struct ip **pip, int hlen, - struct ifnet *oif, int pastrule, struct mbuf **m)); -#endif /* IPFW_DIVERT_OLDRESTART */ + struct ifnet *oif, int *cookie, struct mbuf **m)); static int ip_fw_ctl __P((int stage, struct mbuf **mm)); static char err_prefix[] = "ip_fw_ctl:"; @@ -387,9 +382,9 @@ ipfw_report(struct ip_fw *f, struct ip *ip, * hlen Packet header length * oif Outgoing interface, or NULL if packet is incoming * #ifdef IPFW_DIVERT_OLDRESTART - * ignport Ignore all divert/tee rules to this port (if non-zero) + * *ignport Ignore all divert/tee rules to this port (if non-zero) * #else - * pastrule Skip up to the first rule past this rule number; + * *cookie Skip up to the first rule past this rule number; * #endif * *m The packet; we set to NULL when/if we nuke it. * @@ -402,13 +397,8 @@ ipfw_report(struct ip_fw *f, struct ip *ip, */ static int -#ifdef IPFW_DIVERT_OLDRESTART -ip_fw_chk(struct ip **pip, int hlen, - struct ifnet *oif, int ignport, struct mbuf **m) -#else ip_fw_chk(struct ip **pip, int hlen, - struct ifnet *oif, int pastrule, struct mbuf **m) -#endif /* IPFW_DIVERT_OLDRESTART */ + struct ifnet *oif, int *cookie, struct mbuf **m) { struct ip_fw_chain *chain; struct ip_fw *rule = NULL; @@ -416,7 +406,13 @@ ip_fw_chk(struct ip **pip, int hlen, struct ifnet *const rif = (*m)->m_pkthdr.rcvif; u_short offset = (ip->ip_off & IP_OFFMASK); u_short src_port, dst_port; +#ifdef IPFW_DIVERT_OLDRESTART + int ignport = *cookie; +#else + int skipto = *cookie; +#endif /* IPFW_DIVERT_OLDRESTART */ + *cookie = 0; /* * Go down the chain, looking for enlightment * #ifndef IPFW_DIVERT_OLDRESTART @@ -424,13 +420,14 @@ ip_fw_chk(struct ip **pip, int hlen, * #endif */ #ifdef IPFW_DIVERT_OLDRESTART - for (chain=LIST_FIRST(&ip_fw_chain); chain; chain = LIST_NEXT(chain, chain)) { + for (chain=LIST_FIRST(&ip_fw_chain); chain; + chain = LIST_NEXT(chain, chain)) { #else - chain=LIST_FIRST(&ip_fw_chain); - if ( pastrule ) { - if (pastrule >= 65535) + chain = LIST_FIRST(&ip_fw_chain); + if ( skipto ) { + if (skipto >= 65535) goto dropit; - while (chain && (chain->rule->fw_number <= pastrule)) { + while (chain && (chain->rule->fw_number <= skipto)) { chain = LIST_NEXT(chain, chain); } if (! chain) goto dropit; @@ -613,8 +610,10 @@ got_match: case IP_FW_F_COUNT: continue; case IP_FW_F_DIVERT: -#ifndef IPFW_DIVERT_OLDRESTART - ip_divert_in_cookie = f->fw_number; +#ifdef IPFW_DIVERT_OLDRESTART + *cookie = f->fw_divert_port; +#else + *cookie = f->fw_number; #endif /* IPFW_DIVERT_OLDRESTART */ return(f->fw_divert_port); case IP_FW_F_TEE: @@ -702,6 +701,7 @@ dropit: /* * Finally, drop the packet. */ + *cookie = 0; if (*m) { m_freem(*m); *m = NULL; diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 6280050..5f43a95 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.85 1998/05/25 10:37:45 julian Exp $ + * $Id: ip_input.c,v 1.86 1998/06/05 22:39:55 julian Exp $ * $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $ */ @@ -362,22 +362,15 @@ tooshort: #ifdef IPDIVERT u_short port; -#ifdef IPFW_DIVERT_OLDRESTART - port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, ip_divert_ignore, &m); - ip_divert_ignore = 0; -#else - ip_divert_in_cookie = 0; - port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, - ip_divert_out_cookie, &m); - ip_divert_out_cookie = 0; -#endif /* IPFW_DIVERT_OLDRESTART */ + port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &ip_divert_cookie, &m); if (port) { /* Divert packet */ frag_divert_port = port; goto ours; } #else + int dummy; /* If ipfw says divert, we have to just drop packet */ - if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, 0, &m)) { + if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &dummy, &m)) { m_freem(m); m = NULL; } @@ -503,6 +496,7 @@ ours: ipstat.ips_toosmall++; #ifdef IPDIVERT frag_divert_port = 0; + ip_divert_cookie = 0; #endif return; } @@ -602,11 +596,6 @@ found: goto bad; } - /* Don't let packets divert themselves */ - if (ip->ip_p == IPPROTO_DIVERT) { - ipstat.ips_noproto++; - goto bad; - } #endif /* @@ -682,9 +671,7 @@ ip_reass(ip, fp, where) fp->ipq_dst = ((struct ip *)ip)->ip_dst; #ifdef IPDIVERT fp->ipq_divert = 0; -#ifndef IPFW_DIVERT_OLDRESTART fp->ipq_div_cookie = 0; -#endif /* IPFW_DIVERT_OLDRESTART */ #endif q = (struct ipasfrag *)fp; goto insert; @@ -741,11 +728,10 @@ insert: */ if (frag_divert_port != 0) { fp->ipq_divert = frag_divert_port; -#ifndef IPFW_DIVERT_OLDRESTART - fp->ipq_div_cookie = ip_divert_in_cookie; -#endif /* IPFW_DIVERT_OLDRESTART */ + fp->ipq_div_cookie = ip_divert_cookie; } frag_divert_port = 0; + ip_divert_cookie = 0; #endif /* @@ -789,12 +775,10 @@ insert: #ifdef IPDIVERT /* - * Record divert port for packet, if any + * extract divert port for packet, if any */ frag_divert_port = fp->ipq_divert; -#ifndef IPFW_DIVERT_OLDRESTART - ip_divert_in_cookie = fp->ipq_div_cookie; -#endif /* IPFW_DIVERT_OLDRESTART */ + ip_divert_cookie = fp->ipq_div_cookie; #endif /* diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 5089b5c..9e28ffe 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 - * $Id: ip_output.c,v 1.67 1998/05/25 10:37:47 julian Exp $ + * $Id: ip_output.c,v 1.68 1998/06/05 22:40:00 julian Exp $ */ #define _IP_VHL @@ -371,23 +371,16 @@ sendit: */ if (ip_fw_chk_ptr) { #ifdef IPDIVERT -#ifdef IPFW_DIVERT_OLDRESTART ip_divert_port = (*ip_fw_chk_ptr)(&ip, - hlen, ifp, ip_divert_ignore, &m); - ip_divert_ignore = 0; -#else - ip_divert_in_cookie = 0; - ip_divert_port = (*ip_fw_chk_ptr)(&ip, - hlen, ifp, ip_divert_out_cookie, &m); - ip_divert_out_cookie = 0; -#endif /* IPFW_DIVERT_OLDRESTART */ + hlen, ifp, &ip_divert_cookie, &m); if (ip_divert_port) { /* Divert packet */ (*inetsw[ip_protox[IPPROTO_DIVERT]].pr_input)(m, 0); goto done; } #else + int dummy; /* If ipfw says divert, we have to just drop packet */ - if ((*ip_fw_chk_ptr)(&ip, hlen, ifp, 0, &m)) { + if ((*ip_fw_chk_ptr)(&ip, hlen, ifp, &dummy, &m)) { m_freem(m); goto done; } diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index ba3e8cc0..d68d2cf 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_var.h 8.2 (Berkeley) 1/9/95 - * $Id: ip_var.h,v 1.38 1998/05/25 10:37:48 julian Exp $ + * $Id: ip_var.h,v 1.39 1998/06/05 22:40:01 julian Exp $ */ #ifndef _NETINET_IP_VAR_H_ @@ -65,9 +65,7 @@ struct ipq { struct in_addr ipq_src,ipq_dst; #ifdef IPDIVERT u_short ipq_divert; /* divert protocol port */ -#ifndef IPFW_DIVERT_OLDRESTART u_short ipq_div_cookie; /* divert protocol cookie */ -#endif /* IPFW_DIVERT_OLDRESTART */ #endif }; @@ -210,13 +208,7 @@ void div_init __P((void)); void div_input __P((struct mbuf *, int)); extern struct pr_usrreqs div_usrreqs; extern u_short ip_divert_port; -#ifdef IPFW_DIVERT_OLDRESTART -extern u_short ip_divert_ignore; -#else -extern u_short ip_divert_in_cookie; -extern u_short ip_divert_out_cookie; - -#endif /* IPFW_DIVERT_OLDRESTART */ +extern u_short ip_divert_cookie; #endif /* IPDIVERT */ #endif /* KERNEL */ |