summaryrefslogtreecommitdiffstats
path: root/sys/netinet
diff options
context:
space:
mode:
authorsam <sam@FreeBSD.org>2003-09-23 17:54:04 +0000
committersam <sam@FreeBSD.org>2003-09-23 17:54:04 +0000
commitcd738e85741205de9f360fdbeaa49f30ce2038d9 (patch)
treec61b991702ec6f77c0e1b96cda74ae091fa2e749 /sys/netinet
parent655247e0f5d689da4bda90e946a5227f58670ef2 (diff)
downloadFreeBSD-src-cd738e85741205de9f360fdbeaa49f30ce2038d9.zip
FreeBSD-src-cd738e85741205de9f360fdbeaa49f30ce2038d9.tar.gz
o update PFIL_HOOKS support to current API used by netbsd
o revamp IPv4+IPv6+bridge usage to match API changes o remove pfil_head instances from protosw entries (no longer used) o add locking o bump FreeBSD version for 3rd party modules Heavy lifting by: "Max Laier" <max@love2party.net> Supported by: FreeBSD Foundation Obtained from: NetBSD (bits of pfil.h and pfil.c)
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_input.c41
-rw-r--r--sys/netinet/ip_output.c27
-rw-r--r--sys/netinet/ip_var.h4
3 files changed, 30 insertions, 42 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index eefe26f..38b26e0 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -154,6 +154,9 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
#ifdef DIAGNOSTIC
static int ipprintfs = 0;
#endif
+#ifdef PFIL_HOOKS
+struct pfil_head inet_pfil_hook;
+#endif
static struct ifqueue ipintrq;
static int ipqmaxlen = IFQ_MAXLEN;
@@ -263,6 +266,14 @@ ip_init()
pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
ip_protox[pr->pr_protocol] = pr - inetsw;
+#ifdef PFIL_HOOKS
+ inet_pfil_hook.ph_type = PFIL_TYPE_AF;
+ inet_pfil_hook.ph_af = AF_INET;
+ if ((i = pfil_head_register(&inet_pfil_hook)) != 0)
+ printf("%s: WARNING: unable to register pfil hook, "
+ "error %d\n", __func__, i);
+#endif /* PFIL_HOOKS */
+
IPQ_LOCK_INIT();
for (i = 0; i < IPREASS_NHASH; i++)
TAILQ_INIT(&ipq[i]);
@@ -301,11 +312,6 @@ ip_input(struct mbuf *m)
struct in_addr pkt_dst;
u_int32_t divert_info = 0; /* packet divert/tee info */
struct ip_fw_args args;
-#ifdef PFIL_HOOKS
- struct packet_filter_hook *pfh;
- struct mbuf *m0;
- int rv;
-#endif /* PFIL_HOOKS */
#ifdef FAST_IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
@@ -461,25 +467,14 @@ iphack:
#ifdef PFIL_HOOKS
/*
- * Run through list of hooks for input packets. If there are any
- * filters which require that additional packets in the flow are
- * not fast-forwarded, they must clear the M_CANFASTFWD flag.
- * Note that filters must _never_ set this flag, as another filter
- * in the list may have previously cleared it.
+ * Run through list of hooks for input packets.
*/
- m0 = m;
- pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
- for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link))
- if (pfh->pfil_func) {
- rv = pfh->pfil_func(ip, hlen,
- m->m_pkthdr.rcvif, 0, &m0);
- if (rv)
- return;
- m = m0;
- if (m == NULL)
- return;
- ip = mtod(m, struct ip *);
- }
+ if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif,
+ PFIL_IN) != 0)
+ return;
+ if (m == NULL) /* consumed by filter */
+ return;
+ ip = mtod(m, struct ip *);
#endif /* PFIL_HOOKS */
if (fw_enable && IPFW_LOADED) {
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index f6a70ef..41e0cc0 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -65,6 +65,10 @@
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
+#ifdef PFIL_HOOKS
+#include <net/pfil.h>
+#endif
+
#include <machine/in_cksum.h>
static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options");
@@ -149,11 +153,6 @@ ip_output(struct mbuf *m0, struct mbuf *opt, struct route *ro,
#endif /* FAST_IPSEC */
struct ip_fw_args args;
int src_was_INADDR_ANY = 0; /* as the name says... */
-#ifdef PFIL_HOOKS
- struct packet_filter_hook *pfh;
- struct mbuf *m1;
- int rv;
-#endif /* PFIL_HOOKS */
args.eh = NULL;
args.rule = NULL;
@@ -741,20 +740,10 @@ spd_done:
/*
* Run through list of hooks for output packets.
*/
- m1 = m;
- pfh = pfil_hook_get(PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
- for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link))
- if (pfh->pfil_func) {
- rv = pfh->pfil_func(ip, hlen, ifp, 1, &m1);
- if (rv) {
- error = EHOSTUNREACH;
- goto done;
- }
- m = m1;
- if (m == NULL)
- goto done;
- ip = mtod(m, struct ip *);
- }
+ error = pfil_run_hooks(&inet_pfil_hook, &m, ifp, PFIL_OUT);
+ if (error != 0 || m == NULL)
+ goto done;
+ ip = mtod(m, struct ip *);
#endif /* PFIL_HOOKS */
/*
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index d0fde8e..40f36c1 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -207,6 +207,10 @@ void divert_packet(struct mbuf *m, int incoming, int port, int rule);
extern struct pr_usrreqs div_usrreqs;
#endif
+#ifdef PFIL_HOOKS
+extern struct pfil_head inet_pfil_hook;
+#endif
+
void in_delayed_cksum(struct mbuf *m);
#endif /* _KERNEL */
OpenPOWER on IntegriCloud