diff options
| author | peter <peter@FreeBSD.org> | 1998-10-16 03:55:01 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1998-10-16 03:55:01 +0000 |
| commit | 464de37ce6099f409aa233200a94ac38216aa211 (patch) | |
| tree | 59ed738c6bca93117593ea63241912064597c130 /sys/netinet/ip_fw.c | |
| parent | ad0030e392049cd4f887968f40988dd6cf5e5ee0 (diff) | |
| download | FreeBSD-src-464de37ce6099f409aa233200a94ac38216aa211.zip FreeBSD-src-464de37ce6099f409aa233200a94ac38216aa211.tar.gz | |
*gulp*. Jordan specifically OK'ed this..
This is the bulk of the support for doing kld modules. Two linker_sets
were replaced by SYSINIT()'s. VFS's and exec handlers are self registered.
kld is now a superset of lkm. I have converted most of them, they will
follow as a seperate commit as samples.
This all still works as a static a.out kernel using LKM's.
Diffstat (limited to 'sys/netinet/ip_fw.c')
| -rw-r--r-- | sys/netinet/ip_fw.c | 58 |
1 files changed, 50 insertions, 8 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 6376389..bf4beb4 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,14 +12,14 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.95 1998/08/11 19:08:42 bde Exp $ + * $Id: ip_fw.c,v 1.96 1998/08/23 03:07:14 wollman Exp $ */ /* * Implement IP packet firewall */ -#ifndef IPFIREWALL_MODULE +#if !defined(KLD_MODULE) && !defined(IPFIREWALL_MODULE) #include "opt_ipfw.h" #include "opt_ipdivert.h" #include "opt_inet.h" @@ -100,11 +100,6 @@ static int icmptype_match __P((struct icmp * icmp, struct ip_fw * f)); static void ipfw_report __P((struct ip_fw *f, struct ip *ip, struct ifnet *rif, struct ifnet *oif)); -#ifdef IPFIREWALL_MODULE -static ip_fw_chk_t *old_chk_ptr; -static ip_fw_ctl_t *old_ctl_ptr; -#endif - static int ip_fw_chk __P((struct ip **pip, int hlen, struct ifnet *oif, u_int16_t *cookie, struct mbuf **m, struct sockaddr_in **next_hop)); @@ -1107,7 +1102,10 @@ ip_fw_init(void) #endif } -#ifdef IPFIREWALL_MODULE +static ip_fw_chk_t *old_chk_ptr; +static ip_fw_ctl_t *old_ctl_ptr; + +#if defined(IPFIREWALL_MODULE) && !defined(KLD_MODULE) #include <sys/exec.h> #include <sys/sysent.h> @@ -1154,4 +1152,48 @@ ipfw_mod(struct lkm_table *lkmtp, int cmd, int ver) MOD_DISPATCH(ipfw, lkmtp, cmd, ver, ipfw_load, ipfw_unload, lkm_nullcmd); } +#else +static int +ipfw_modevent(module_t mod, modeventtype_t type, void *unused) +{ + int s; + + switch (type) { + case MOD_LOAD: + s = splnet(); + + old_chk_ptr = ip_fw_chk_ptr; + old_ctl_ptr = ip_fw_ctl_ptr; + + ip_fw_init(); + splx(s); + return 0; + case MOD_UNLOAD: + s = splnet(); + + ip_fw_chk_ptr = old_chk_ptr; + ip_fw_ctl_ptr = old_ctl_ptr; + + while (LIST_FIRST(&ip_fw_chain) != NULL) { + struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain); + LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain); + free(fcp->rule, M_IPFW); + free(fcp, M_IPFW); + } + + splx(s); + printf("IP firewall unloaded\n"); + return 0; + default: + break; + } + return 0; +} + +moduledata_t ipfwmod = { + "ipfw", + ipfw_modevent, + 0 +}; +DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY); #endif |
