summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter/mln_ipl.c
diff options
context:
space:
mode:
authorpeter <peter@FreeBSD.org>1997-11-16 04:52:19 +0000
committerpeter <peter@FreeBSD.org>1997-11-16 04:52:19 +0000
commit594e73c3109178aa1c5317785aaa284a0c135ff4 (patch)
tree1abde20e1d717a2bf3509de2189cbe7fa3c9f91e /contrib/ipfilter/mln_ipl.c
parentc4dc16ff2222e864e5ab4d236e0de3a2cb5b54da (diff)
downloadFreeBSD-src-594e73c3109178aa1c5317785aaa284a0c135ff4.zip
FreeBSD-src-594e73c3109178aa1c5317785aaa284a0c135ff4.tar.gz
Import ipfilter 3.2.1 (update from 3.1.8)
Diffstat (limited to 'contrib/ipfilter/mln_ipl.c')
-rw-r--r--contrib/ipfilter/mln_ipl.c340
1 files changed, 105 insertions, 235 deletions
diff --git a/contrib/ipfilter/mln_ipl.c b/contrib/ipfilter/mln_ipl.c
index fe035da..3d70831 100644
--- a/contrib/ipfilter/mln_ipl.c
+++ b/contrib/ipfilter/mln_ipl.c
@@ -1,5 +1,5 @@
/*
- * (C)opyright 1993,1994,1995 by Darren Reed.
+ * Copyright (C) 1993-1997 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
@@ -13,22 +13,16 @@
#include <sys/param.h>
-#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
-# ifdef IPFILTER_LKM
-# include <osreldate.h>
-# define ACTUALLY_LKM_NOT_KERNEL
-# else
-# include <sys/osreldate.h>
-# endif
+/*
+ * Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
+ * on those hooks. We don't need any special mods with this!
+ */
+#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
+ (defined(NetBSD1_2) && NetBSD1_2 > 1)
+# define NETBSD_PF
#endif
+
#include <sys/systm.h>
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
-# include <sys/conf.h>
-# include <sys/kernel.h>
-# ifdef DEVFS
-# include <sys/devfsext.h>
-# endif /*DEVFS*/
-#endif
#include <sys/conf.h>
#include <sys/file.h>
#include <sys/stat.h>
@@ -41,10 +35,6 @@
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
-#if BSD >= 199506
-# include <sys/sysctl.h>
-#endif
-#if (__FreeBSD_version >= 199511)
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@@ -53,20 +43,11 @@
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
-#endif
-#if (__FreeBSD__ > 1)
-# include <sys/sysent.h>
-#endif
#include <sys/lkm.h>
-#include "netinet/ipl.h"
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
+#include "ipl.h"
+#include "ip_compat.h"
+#include "ip_fil.h"
-#ifndef IPL_NAME
-#define IPL_NAME "/dev/ipl"
-#endif
-#define IPL_NAT "/dev/ipnat"
-#define IPL_STATE "/dev/ipstate"
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
@@ -76,15 +57,38 @@
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
-extern int lkmenodev __P((void));
+extern int lkmenodev __P((void));
+#if NetBSD >= 199706
+int if_ipl_lkmentry __P((struct lkm_table *, int, int));
+#else
+int xxxinit __P((struct lkm_table *, int, int));
+#endif
static int ipl_unload __P((void));
static int ipl_load __P((void));
static int ipl_remove __P((void));
-int xxxinit __P((struct lkm_table *, int, int));
+static int iplaction __P((struct lkm_table *, int));
+static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
+ NULL };
+#if (defined(NetBSD1_0) && (NetBSD1_0 > 1)) || \
+ (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199511))
+struct cdevsw ipldevsw =
+{
+ iplopen, /* open */
+ iplclose, /* close */
+ iplread, /* read */
+ 0, /* write */
+ iplioctl, /* ioctl */
+ 0, /* stop */
+ 0, /* tty */
+ 0, /* select */
+ 0, /* mmap */
+ NULL /* strategy */
+};
+#else
struct cdevsw ipldevsw =
{
iplopen, /* open */
@@ -99,46 +103,33 @@ struct cdevsw ipldevsw =
(void *)nullop, /* mmap */
NULL /* strategy */
};
-
-#ifdef SYSCTL_INT
-SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
- &ipl_unreach, 0, "");
-SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_inited, CTLFLAG_RD,
- &ipl_inited, 0, "");
#endif
-
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
int ipl_major = 0;
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
-extern struct cdevsw cdevsw[];
extern int vd_unuseddev __P((void));
+extern struct cdevsw cdevsw[];
extern int nchrdev;
-#else
-int ipl_major = CDEV_MAJOR;
-
-static struct cdevsw ipl_cdevsw = {
- iplopen, iplclose, iplread, nowrite, /* 79 */
- iplioctl, nostop, noreset, nodevtotty,
- noselect, nommap, nostrategy, "ipl",
- NULL, -1
-};
-#endif
-static int iplaction __P((struct lkm_table *, int));
+#if NetBSD >= 199706
+int if_ipl_lkmentry(lkmtp, cmd, ver)
+#else
+int xxxinit(lkmtp, cmd, ver)
+#endif
+struct lkm_table *lkmtp;
+int cmd, ver;
+{
+ DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
+}
static int iplaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
- int i = ipl_major;
+ int i;
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
@@ -148,9 +139,8 @@ int cmd;
if (lkmexists(lkmtp))
return EEXIST;
-#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
for (i = 0; i < nchrdev; i++)
- if (cdevsw[i].d_open == lkmenodev ||
+ if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
cdevsw[i].d_open == iplopen)
break;
if (i == nchrdev) {
@@ -160,51 +150,39 @@ int cmd;
ipl_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
-#endif
printf("IP Filter: loaded into slot %d\n", ipl_major);
return ipl_load();
- break;
case LKM_E_UNLOAD :
- printf("IP Filter: unloaded from slot %d\n", ipl_major);
- return ipl_unload();
+ err = ipl_unload();
+ if (!err)
+ printf("IP Filter: unloaded from slot %d\n",
+ ipl_major);
+ break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
- return 0;
+ return err;
}
-static int ipl_remove __P((void))
+static int ipl_remove()
{
+ char *name;
struct nameidata nd;
- int error;
-
- NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_NAME, curproc);
- if ((error = namei(&nd)))
- return (error);
- VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
- VOP_LOCK(nd.ni_vp);
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
- (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-
- NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_NAT, curproc);
- if ((error = namei(&nd)))
- return (error);
- VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
- VOP_LOCK(nd.ni_vp);
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
- (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
-
- NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, IPL_STATE, curproc);
- if ((error = namei(&nd)))
- return (error);
- VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
- VOP_LOCK(nd.ni_vp);
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
- (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
+ int error, i;
+
+ for (i = 0; (name = ipf_devfiles[i]); i++) {
+ NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
+ if ((error = namei(&nd)))
+ return (error);
+ VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
+ VOP_LOCK(nd.ni_vp);
+ VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
+ (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
+ }
return 0;
}
@@ -213,7 +191,12 @@ static int ipl_unload()
{
int error = 0;
+ /*
+ * Unloading - remove the filter rule check from the IP
+ * input/output stream.
+ */
error = ipldetach();
+
if (!error)
error = ipl_remove();
return error;
@@ -224,154 +207,41 @@ static int ipl_load()
{
struct nameidata nd;
struct vattr vattr;
- int error = 0, fmode = S_IFCHR|0600;
+ int error = 0, fmode = S_IFCHR|0600, i;
+ char *name;
- error = iplattach();
- if (error)
- return error;
- (void) ipl_remove();
+ /*
+ * XXX Remove existing device nodes prior to creating new ones
+ * XXX using the assigned LKM device slot's major number. In a
+ * XXX perfect world we could use the ones specified by cdevsw[].
+ */
+ (void)ipl_remove();
- NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_NAME, curproc);
- if (error = namei(&nd))
- return error;
- if (nd.ni_vp != NULL) {
- VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
- if (nd.ni_dvp == nd.ni_vp)
- vrele(nd.ni_dvp);
- else
- vput(nd.ni_dvp);
- vrele(nd.ni_vp);
- return (EEXIST);
- }
- VATTR_NULL(&vattr);
- vattr.va_type = VCHR;
- vattr.va_mode = (fmode & 07777);
- vattr.va_rdev = ipl_major<<8;
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
- error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
- if (error)
- return error;
-
- NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_NAT, curproc);
- if (error = namei(&nd))
- return error;
- if (nd.ni_vp != NULL) {
- VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
- if (nd.ni_dvp == nd.ni_vp)
- vrele(nd.ni_dvp);
- else
- vput(nd.ni_dvp);
- vrele(nd.ni_vp);
- return (EEXIST);
- }
- VATTR_NULL(&vattr);
- vattr.va_type = VCHR;
- vattr.va_mode = (fmode & 07777);
- vattr.va_rdev = (ipl_major<<8)|1;
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
- error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
- if (error)
- return error;
-
- NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, IPL_STATE, curproc);
- if (error = namei(&nd))
- return error;
- if (nd.ni_vp != NULL) {
- VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
- if (nd.ni_dvp == nd.ni_vp)
- vrele(nd.ni_dvp);
- else
- vput(nd.ni_dvp);
- vrele(nd.ni_vp);
- return (EEXIST);
- }
- VATTR_NULL(&vattr);
- vattr.va_type = VCHR;
- vattr.va_mode = (fmode & 07777);
- vattr.va_rdev = (ipl_major<<8)|2;
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
- error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
+ error = iplattach();
if (error)
return error;
- return 0;
-}
-
-
-#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
-/*
- * strlen isn't present in 2.1.* kernels.
- */
-size_t strlen(string)
-char *string;
-{
- register char *s;
-
- for (s = string; *s; s++)
- ;
- return (size_t)(s - string);
-}
-
-int xxxinit(lkmtp, cmd, ver)
-struct lkm_table *lkmtp;
-int cmd, ver;
-{
- DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
-}
-#else
-# ifdef IPFILTER_LKM
-# include <sys/exec.h>
-
-MOD_DECL(if_ipl);
-
-static struct lkm_dev _module = {
- LM_DEV,
- LKM_VERSION,
- IPL_VERSION,
- CDEV_MAJOR,
- LM_DT_CHAR,
- (void *)&ipl_cdevsw
-};
-
-int if_ipl(lkmtp, cmd, ver)
-struct lkm_table *lkmtp;
-int cmd, ver;
-{
- DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
-}
-# else
-
-#ifdef DEVFS
-static void *ipf_devfs_token[3];
-#endif
-static ipl_devsw_installed = 0;
-
-static void ipl_drvinit __P((void *unused))
-{
- dev_t dev;
-#ifdef DEVFS
- void **tp = ipf_devfs_token;
-#endif
-
- if (!ipl_devsw_installed ) {
- dev = makedev(CDEV_MAJOR, 0);
- cdevsw_add(&dev, &ipl_cdevsw, NULL);
- ipl_devsw_installed = 1;
-
-#ifdef DEVFS
- tp[IPL_LOGIPF] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGIPF,
- DV_CHR, 0, 0, 0600,
- "ipf", IPL_LOGIPF);
- tp[IPL_LOGNAT] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGNAT,
- DV_CHR, 0, 0, 0600,
- "ipnat", IPL_LOGNAT);
- tp[IPL_LOGSTATE] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGSTATE,
- DV_CHR, 0, 0, 0600,
- "ipstate", IPL_LOGSTATE);
-#endif
+ for (i = 0; (name = ipf_devfiles[i]); i++) {
+ NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
+ if ((error = namei(&nd)))
+ return error;
+ if (nd.ni_vp != NULL) {
+ VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
+ if (nd.ni_dvp == nd.ni_vp)
+ vrele(nd.ni_dvp);
+ else
+ vput(nd.ni_dvp);
+ vrele(nd.ni_vp);
+ return (EEXIST);
+ }
+ VATTR_NULL(&vattr);
+ vattr.va_type = VCHR;
+ vattr.va_mode = (fmode & 07777);
+ vattr.va_rdev = (ipl_major << 8) | i;
+ VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
+ error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
+ if (error)
+ return error;
}
+ return error;
}
-
-SYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL)
-# endif /* IPFILTER_LKM */
-#endif /* _FreeBSD_version */
OpenPOWER on IntegriCloud