diff options
author | mlaier <mlaier@FreeBSD.org> | 2004-02-26 02:34:12 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2004-02-26 02:34:12 +0000 |
commit | 4733577ea0d69a039bfa9c7353c6ec303e191f11 (patch) | |
tree | 93a5df3113f8f9cf3fd0b519d7ad89db6831f1fc /sys/contrib/pf/net/pf_osfp.c | |
parent | daa7c375df116533073df6c502f2e92ff5e43bbb (diff) | |
download | FreeBSD-src-4733577ea0d69a039bfa9c7353c6ec303e191f11.zip FreeBSD-src-4733577ea0d69a039bfa9c7353c6ec303e191f11.tar.gz |
Bring diff from the security/pf port. This has code been tested as a port
for a long time and is run in production use. This is the code present in
portversion 2.03 with some additional tweaks.
The rather extensive diff accounts for:
- locking (to enable pf to work with a giant-free netstack)
- byte order difference between OpenBSD and FreeBSD for ip_len/ip_off
- conversion from pool(9) to zone(9)
- api differences etc.
Approved by: bms(mentor) (in general)
Diffstat (limited to 'sys/contrib/pf/net/pf_osfp.c')
-rw-r--r-- | sys/contrib/pf/net/pf_osfp.c | 45 |
1 files changed, 42 insertions, 3 deletions
diff --git a/sys/contrib/pf/net/pf_osfp.c b/sys/contrib/pf/net/pf_osfp.c index c01d6de..45d0c10 100644 --- a/sys/contrib/pf/net/pf_osfp.c +++ b/sys/contrib/pf/net/pf_osfp.c @@ -1,3 +1,4 @@ +/* $FreeBSD$ */ /* $OpenBSD: pf_osfp.c,v 1.3 2003/08/27 18:23:36 frantzen Exp $ */ /* @@ -36,12 +37,15 @@ #include <netinet/ip6.h> #endif /* INET6 */ - #ifdef _KERNEL # define DPFPRINTF(format, x...) \ if (pf_status.debug >= PF_DEBUG_NOISY) \ printf(format , ##x) +#if defined(__FreeBSD__) +typedef uma_zone_t pool_t; +#else typedef struct pool pool_t; +#endif #else /* Userland equivalents so we can lend code to tcpdump et al. */ @@ -55,6 +59,10 @@ typedef struct pool pool_t; # define pool_put(pool, item) free(item) # define pool_init(pool, size, a, ao, f, m, p) (*(pool)) = (size) +# if defined(__FreeBSD__) +# define NTOHS(x) (x) = ntohs((u_int16_t)(x)) +# endif + # ifdef PFDEBUG # include <stdarg.h> # define DPFPRINTF(format, x...) fprintf(stderr, format , ##x) @@ -106,7 +114,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct tcphdr *tcp) { struct pf_os_fingerprint fp, *fpresult; int cnt, optlen = 0; - u_int8_t *optp; + const u_int8_t *optp; if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN || (ip->ip_off & htons(IP_OFFMASK))) @@ -122,7 +130,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct tcphdr *tcp) cnt = (tcp->th_off << 2) - sizeof(*tcp); - optp = (caddr_t)tcp + sizeof(*tcp); + optp = (const u_int8_t *)((const char *)tcp + sizeof(*tcp)); for (; cnt > 0; cnt -= optlen, optp += optlen) { if (*optp == TCPOPT_EOL) break; @@ -228,15 +236,46 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) } /* Initialize the OS fingerprint system */ +#if defined(__FreeBSD__) +int +#else void +#endif pf_osfp_initialize(void) { +#if defined(__FreeBSD__) && defined(_KERNEL) + int error = ENOMEM; + + do { + pf_osfp_entry_pl = pf_osfp_pl = NULL; + UMA_CREATE(pf_osfp_entry_pl, struct pf_osfp_entry, "pfospfen"); + UMA_CREATE(pf_osfp_pl, struct pf_os_fingerprint, "pfosfp"); + error = 0; + } while(0); +#else pool_init(&pf_osfp_entry_pl, sizeof(struct pf_osfp_entry), 0, 0, 0, "pfosfpen", NULL); pool_init(&pf_osfp_pl, sizeof(struct pf_os_fingerprint), 0, 0, 0, "pfosfp", NULL); +#endif SLIST_INIT(&pf_osfp_list); +#if defined(__FreeBSD__) +#if defined(_KERNEL) + return (error); +#else + return (0); +#endif +#endif +} + +#if defined(__FreeBSD__) && (_KERNEL) +void +pf_osfp_cleanup(void) +{ + UMA_DESTROY(pf_osfp_entry_pl); + UMA_DESTROY(pf_osfp_pl); } +#endif /* Flush the fingerprint list */ void |