diff options
author | sam <sam@FreeBSD.org> | 2003-09-23 17:54:04 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2003-09-23 17:54:04 +0000 |
commit | cd738e85741205de9f360fdbeaa49f30ce2038d9 (patch) | |
tree | c61b991702ec6f77c0e1b96cda74ae091fa2e749 /sys/netinet | |
parent | 655247e0f5d689da4bda90e946a5227f58670ef2 (diff) | |
download | FreeBSD-src-cd738e85741205de9f360fdbeaa49f30ce2038d9.zip FreeBSD-src-cd738e85741205de9f360fdbeaa49f30ce2038d9.tar.gz |
o update PFIL_HOOKS support to current API used by netbsd
o revamp IPv4+IPv6+bridge usage to match API changes
o remove pfil_head instances from protosw entries (no longer used)
o add locking
o bump FreeBSD version for 3rd party modules
Heavy lifting by: "Max Laier" <max@love2party.net>
Supported by: FreeBSD Foundation
Obtained from: NetBSD (bits of pfil.h and pfil.c)
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_input.c | 41 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 27 | ||||
-rw-r--r-- | sys/netinet/ip_var.h | 4 |
3 files changed, 30 insertions, 42 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index eefe26f..38b26e0 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -154,6 +154,9 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, #ifdef DIAGNOSTIC static int ipprintfs = 0; #endif +#ifdef PFIL_HOOKS +struct pfil_head inet_pfil_hook; +#endif static struct ifqueue ipintrq; static int ipqmaxlen = IFQ_MAXLEN; @@ -263,6 +266,14 @@ ip_init() pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) ip_protox[pr->pr_protocol] = pr - inetsw; +#ifdef PFIL_HOOKS + inet_pfil_hook.ph_type = PFIL_TYPE_AF; + inet_pfil_hook.ph_af = AF_INET; + if ((i = pfil_head_register(&inet_pfil_hook)) != 0) + printf("%s: WARNING: unable to register pfil hook, " + "error %d\n", __func__, i); +#endif /* PFIL_HOOKS */ + IPQ_LOCK_INIT(); for (i = 0; i < IPREASS_NHASH; i++) TAILQ_INIT(&ipq[i]); @@ -301,11 +312,6 @@ ip_input(struct mbuf *m) struct in_addr pkt_dst; u_int32_t divert_info = 0; /* packet divert/tee info */ struct ip_fw_args args; -#ifdef PFIL_HOOKS - struct packet_filter_hook *pfh; - struct mbuf *m0; - int rv; -#endif /* PFIL_HOOKS */ #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; @@ -461,25 +467,14 @@ iphack: #ifdef PFIL_HOOKS /* - * Run through list of hooks for input packets. If there are any - * filters which require that additional packets in the flow are - * not fast-forwarded, they must clear the M_CANFASTFWD flag. - * Note that filters must _never_ set this flag, as another filter - * in the list may have previously cleared it. + * Run through list of hooks for input packets. */ - m0 = m; - pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); - for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link)) - if (pfh->pfil_func) { - rv = pfh->pfil_func(ip, hlen, - m->m_pkthdr.rcvif, 0, &m0); - if (rv) - return; - m = m0; - if (m == NULL) - return; - ip = mtod(m, struct ip *); - } + if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, + PFIL_IN) != 0) + return; + if (m == NULL) /* consumed by filter */ + return; + ip = mtod(m, struct ip *); #endif /* PFIL_HOOKS */ if (fw_enable && IPFW_LOADED) { diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index f6a70ef..41e0cc0 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -65,6 +65,10 @@ #include <netinet/in_var.h> #include <netinet/ip_var.h> +#ifdef PFIL_HOOKS +#include <net/pfil.h> +#endif + #include <machine/in_cksum.h> static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options"); @@ -149,11 +153,6 @@ ip_output(struct mbuf *m0, struct mbuf *opt, struct route *ro, #endif /* FAST_IPSEC */ struct ip_fw_args args; int src_was_INADDR_ANY = 0; /* as the name says... */ -#ifdef PFIL_HOOKS - struct packet_filter_hook *pfh; - struct mbuf *m1; - int rv; -#endif /* PFIL_HOOKS */ args.eh = NULL; args.rule = NULL; @@ -741,20 +740,10 @@ spd_done: /* * Run through list of hooks for output packets. */ - m1 = m; - pfh = pfil_hook_get(PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); - for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link)) - if (pfh->pfil_func) { - rv = pfh->pfil_func(ip, hlen, ifp, 1, &m1); - if (rv) { - error = EHOSTUNREACH; - goto done; - } - m = m1; - if (m == NULL) - goto done; - ip = mtod(m, struct ip *); - } + error = pfil_run_hooks(&inet_pfil_hook, &m, ifp, PFIL_OUT); + if (error != 0 || m == NULL) + goto done; + ip = mtod(m, struct ip *); #endif /* PFIL_HOOKS */ /* diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index d0fde8e..40f36c1 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -207,6 +207,10 @@ void divert_packet(struct mbuf *m, int incoming, int port, int rule); extern struct pr_usrreqs div_usrreqs; #endif +#ifdef PFIL_HOOKS +extern struct pfil_head inet_pfil_hook; +#endif + void in_delayed_cksum(struct mbuf *m); #endif /* _KERNEL */ |