Make ip6fw as loadable module.

1 files changed, 49 insertions, 0 deletions

diff --git a/sys/netinet6/ip6_fw.c b/sys/netinet6/ip6_fw.c
index 53c0cc7..f0f710f 100644
--- a/sys/netinet6/ip6_fw.c
+++ b/sys/netinet6/ip6_fw.c
@@ -20,9 +20,11 @@
  * Implement IPv6 packet firewall
  */
 
+#if !defined(KLD_MODULE)
 #include "opt_ip6fw.h"
 #include "opt_inet.h"
 #include "opt_inet6.h"
+#endif
 
 #ifdef IP6DIVERT
 #error "NOT SUPPORTED IPV6 DIVERT"
@@ -84,6 +86,8 @@ LIST_HEAD (ip6_fw_head, ip6_fw_chain) ip6_fw_chain;
 #ifdef SYSCTL_NODE
 SYSCTL_DECL(_net_inet6_ip6);
 SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
+SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, enable, CTLFLAG_RW,
+    &ip6_fw_enable, 0, "Enable ip6fw");
 SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, debug, CTLFLAG_RW, &fw6_debug, 0, "");
 SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose, CTLFLAG_RW, &fw6_verbose, 0, "");
 SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &fw6_verbose_limit, 0, "");
@@ -1184,3 +1188,48 @@ ip6_fw_init(void)
 		    fw6_verbose_limit);
 #endif
 }
+
+static ip6_fw_chk_t *old_chk_ptr;
+static ip6_fw_ctl_t *old_ctl_ptr;
+
+static int
+ip6fw_modevent(module_t mod, int type, void *unused)
+{
+	int s;
+	
+	switch (type) {
+	case MOD_LOAD:
+		s = splnet();
+
+		old_chk_ptr = ip6_fw_chk_ptr;
+		old_ctl_ptr = ip6_fw_ctl_ptr;
+
+		ip6_fw_init();
+		splx(s);
+		return 0;
+	case MOD_UNLOAD:
+		s = splnet();
+		ip6_fw_chk_ptr =  old_chk_ptr;
+		ip6_fw_ctl_ptr =  old_ctl_ptr;
+		while (LIST_FIRST(&ip6_fw_chain) != NULL) {
+			struct ip6_fw_chain *fcp = LIST_FIRST(&ip6_fw_chain);
+			LIST_REMOVE(LIST_FIRST(&ip6_fw_chain), chain);
+			free(fcp->rule, M_IP6FW);
+			free(fcp, M_IP6FW);
+		}
+	
+		splx(s);
+		printf("IPv6 firewall unloaded\n");
+		return 0;
+	default:
+		break;
+	}
+	return 0;
+}
+
+static moduledata_t ip6fwmod = {
+	"ip6fw",
+	ip6fw_modevent,
+	0
+};
+DECLARE_MODULE(ip6fw, ip6fwmod, SI_SUB_PSEUDO, SI_ORDER_ANY);