summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authormlaier <mlaier@FreeBSD.org>2004-02-26 03:53:54 +0000
committermlaier <mlaier@FreeBSD.org>2004-02-26 03:53:54 +0000
commit428f1c9a0fbaac94f9cce57cd846b2b6f82e17d1 (patch)
treeaa20382749ac1e97a0e00869aaa3a69abbc95a34 /sys
parent94f1c2c12e72d156571a8216199086ba2d775312 (diff)
downloadFreeBSD-src-428f1c9a0fbaac94f9cce57cd846b2b6f82e17d1.zip
FreeBSD-src-428f1c9a0fbaac94f9cce57cd846b2b6f82e17d1.tar.gz
Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
Diffstat (limited to 'sys')
-rw-r--r--sys/boot/forth/loader.conf3
-rw-r--r--sys/conf/files8
-rw-r--r--sys/conf/kern.pre.mk3
-rw-r--r--sys/conf/options3
-rw-r--r--sys/contrib/pf/net/pfvar.h5
-rw-r--r--sys/modules/pf/Makefile30
-rw-r--r--sys/modules/pflog/Makefile25
-rw-r--r--sys/modules/pfsync/Makefile25
-rw-r--r--sys/net/bpf.h1
-rw-r--r--sys/net/if_types.h2
-rw-r--r--sys/netinet/icmp_var.h1
-rw-r--r--sys/netinet/ip_icmp.c13
-rw-r--r--sys/netinet/ip_icmp.h17
-rw-r--r--sys/netinet/ip_id.c5
-rw-r--r--sys/netinet6/in6_ifattach.c4
-rw-r--r--sys/sys/limits.h3
-rw-r--r--sys/sys/mbuf.h5
17 files changed, 148 insertions, 5 deletions
diff --git a/sys/boot/forth/loader.conf b/sys/boot/forth/loader.conf
index 48791d7..c311d3c 100644
--- a/sys/boot/forth/loader.conf
+++ b/sys/boot/forth/loader.conf
@@ -171,6 +171,9 @@ if_tap_load="NO" # Ethernet tunnel software network interface
if_tun_load="NO" # Tunnel driver (user process ppp)
if_vlan_load="NO" # IEEE 802.1Q VLAN network interface
ipfw_load="NO" # Firewall
+pfsync_load="NO" # pfsync pseudo interface
+pflog_load="NO" # pflog pseudo interface
+pf_load="NO" # packet filter
##############################################################
diff --git a/sys/conf/files b/sys/conf/files
index a415e70..4dca7ed 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -206,6 +206,14 @@ contrib/ipfilter/netinet/ip_nat.c optional ipfilter inet
contrib/ipfilter/netinet/ip_proxy.c optional ipfilter inet
contrib/ipfilter/netinet/ip_state.c optional ipfilter inet
contrib/ipfilter/netinet/mlfk_ipl.c optional ipfilter inet
+contrib/pf/net/if_pflog.c optional pflog
+contrib/pf/net/if_pfsync.c optional pfsync
+contrib/pf/net/pf.c optional pf nowerror
+contrib/pf/net/pf_ioctl.c optional pf
+contrib/pf/net/pf_norm.c optional pf
+contrib/pf/net/pf_table.c optional pf
+contrib/pf/net/pf_osfp.c optional pf
+contrib/pf/netinet/in4_cksum.c optional pf inet
crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp
crypto/blowfish/bf_skey.c optional ipsec ipsec_esp
crypto/cast128/cast128.c optional ipsec ipsec_esp
diff --git a/sys/conf/kern.pre.mk b/sys/conf/kern.pre.mk
index daa64bd..9732ffb 100644
--- a/sys/conf/kern.pre.mk
+++ b/sys/conf/kern.pre.mk
@@ -32,6 +32,9 @@ INCLUDES+= -I$S/contrib/dev/acpica
# ... and the same for ipfilter
INCLUDES+= -I$S/contrib/ipfilter
+# ... and the same for pf
+INCLUDES+= -I$S/contrib/pf
+
# ... and the same for Atheros HAL
INCLUDES+= -I$S/contrib/dev/ath -I$S/contrib/dev/ath/freebsd
diff --git a/sys/conf/options b/sys/conf/options
index 699dfa7..e516767 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -322,6 +322,9 @@ BOOTP_NFSROOT opt_bootp.h
BOOTP_NFSV3 opt_bootp.h
BOOTP_WIRED_TO opt_bootp.h
BRIDGE opt_bdg.h
+DEV_PF opt_pf.h
+DEV_PFLOG opt_pf.h
+DEV_PFSYNC opt_pf.h
ETHER_II opt_ef.h
ETHER_8023 opt_ef.h
ETHER_8022 opt_ef.h
diff --git a/sys/contrib/pf/net/pfvar.h b/sys/contrib/pf/net/pfvar.h
index b90eb22..ffd4812 100644
--- a/sys/contrib/pf/net/pfvar.h
+++ b/sys/contrib/pf/net/pfvar.h
@@ -156,6 +156,11 @@ struct pf_addr_dyn {
#if defined(__FreeBSD__)
#define splsoftnet() splnet()
+#define HTONL(x) (x) = htonl((__uint32_t)(x))
+#define HTONS(x) (x) = htons((__uint16_t)(x))
+#define NTOHL(x) (x) = ntohl((__uint32_t)(x))
+#define NTOHS(x) (x) = ntohs((__uint16_t)(x))
+
#define PF_NAME "pf"
#define PR_NOWAIT M_NOWAIT
diff --git a/sys/modules/pf/Makefile b/sys/modules/pf/Makefile
new file mode 100644
index 0000000..3bceb08
--- /dev/null
+++ b/sys/modules/pf/Makefile
@@ -0,0 +1,30 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../contrib/pf/net
+.PATH: ${.CURDIR}/../../contrib/pf/netinet
+
+KMOD= pf
+SRCS = pf.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \
+ in4_cksum.c \
+ opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_random_ip_id.h
+
+CFLAGS+= -Wall -I${.CURDIR}/../../contrib/pf
+
+opt_pf.h:
+ echo "#define DEV_PF 1" > opt_pf.h
+ echo "#define DEV_PFLOG 1" >> opt_pf.h
+ echo "#define DEV_PFSYNC 1" >> opt_pf.h
+
+opt_inet.h:
+ echo "#define INET 1" > opt_inet.h
+
+opt_inet6.h:
+ echo "#define INET6 1" > opt_inet6.h
+
+opt_bpf.h:
+ echo "#define DEV_BPF 1" > opt_bpf.h
+
+opt_random_ip_id.h:
+ echo "#define RANDOM_IP_ID 1" > opt_random_ip_id.h
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/pflog/Makefile b/sys/modules/pflog/Makefile
new file mode 100644
index 0000000..f500846
--- /dev/null
+++ b/sys/modules/pflog/Makefile
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../contrib/pf/net
+
+KMOD= pflog
+SRCS = if_pflog.c \
+ opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h
+
+CFLAGS+= -Wall -I${.CURDIR}/../../contrib/pf
+
+opt_pf.h:
+ echo "#define DEV_PF 1" > opt_pf.h
+ echo "#define DEV_PFLOG 1" >> opt_pf.h
+ echo "#define DEV_PFSYNC 1" >> opt_pf.h
+
+opt_inet.h:
+ echo "#define INET 1" > opt_inet.h
+
+opt_inet6.h:
+ echo "#define INET6 1" > opt_inet6.h
+
+opt_bpf.h:
+ echo "#define DEV_BPF 1" > opt_bpf.h
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/pfsync/Makefile b/sys/modules/pfsync/Makefile
new file mode 100644
index 0000000..9cb7b18
--- /dev/null
+++ b/sys/modules/pfsync/Makefile
@@ -0,0 +1,25 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../contrib/pf/net
+
+KMOD= pfsync
+SRCS = if_pfsync.c \
+ opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h
+
+CFLAGS+= -Wall -I${.CURDIR}/../../contrib/pf
+
+opt_pf.h:
+ echo "#define DEV_PF 1" > opt_pf.h
+ echo "#define DEV_PFLOG 1" >> opt_pf.h
+ echo "#define DEV_PFSYNC 1" >> opt_pf.h
+
+opt_inet.h:
+ echo "#define INET 1" > opt_inet.h
+
+opt_inet6.h:
+ echo "#define INET6 1" > opt_inet6.h
+
+opt_bpf.h:
+ echo "#define DEV_BPF 1" > opt_bpf.h
+
+.include <bsd.kmod.mk>
diff --git a/sys/net/bpf.h b/sys/net/bpf.h
index c4b31d4..767d32a 100644
--- a/sys/net/bpf.h
+++ b/sys/net/bpf.h
@@ -250,6 +250,7 @@ struct bpf_hdr {
* in capture-file headers.
*/
#define DLT_PFLOG 117
+#define DLT_PFSYNC 121
/*
* Registered for Cisco-internal use.
diff --git a/sys/net/if_types.h b/sys/net/if_types.h
index 9b12ce2..ae05479 100644
--- a/sys/net/if_types.h
+++ b/sys/net/if_types.h
@@ -249,4 +249,6 @@
#define IFT_GIF 0xf0
#define IFT_PVC 0xf1
#define IFT_FAITH 0xf2
+#define IFT_PFLOG 0xf6
+#define IFT_PFSYNC 0xf7
#endif /* !_NET_IF_TYPES_H_ */
diff --git a/sys/netinet/icmp_var.h b/sys/netinet/icmp_var.h
index 92e23c4..be47039 100644
--- a/sys/netinet/icmp_var.h
+++ b/sys/netinet/icmp_var.h
@@ -78,6 +78,7 @@ struct icmpstat {
#ifdef _KERNEL
SYSCTL_DECL(_net_inet_icmp);
+extern struct icmpstat icmpstat; /* icmp statistics */
extern int badport_bandlim(int);
#define BANDLIM_UNLIMITED -1
#define BANDLIM_ICMP_UNREACH 0
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index a157dd5..ee4792c 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -82,7 +82,7 @@
* host table maintenance routines.
*/
-static struct icmpstat icmpstat;
+struct icmpstat icmpstat;
SYSCTL_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW,
&icmpstat, icmpstat, "");
@@ -148,6 +148,7 @@ icmp_error(n, type, code, dest, destifp)
register unsigned oiplen = oip->ip_hl << 2;
register struct icmp *icp;
register struct mbuf *m;
+ register struct m_tag *mtag;
unsigned icmplen;
#ifdef ICMPPRINTFS
@@ -235,6 +236,16 @@ icmp_error(n, type, code, dest, destifp)
nip->ip_hl = 5;
nip->ip_p = IPPROTO_ICMP;
nip->ip_tos = 0;
+ /*
+ * XXX: Move PF_GENERATED m_tag to new packet, if it exists.
+ * This should be replaced by unified flags/tags for
+ * pf/ipfw/ipf and future pfil_hook applications.
+ */
+ mtag = m_tag_find(n, PACKET_TAG_PF_GENERATED, NULL);
+ if (mtag != NULL) {
+ m_tag_unlink(n, mtag);
+ m_tag_prepend(m, mtag);
+ }
icmp_reflect(m);
freeit:
diff --git a/sys/netinet/ip_icmp.h b/sys/netinet/ip_icmp.h
index ba86502..c379324 100644
--- a/sys/netinet/ip_icmp.h
+++ b/sys/netinet/ip_icmp.h
@@ -153,8 +153,11 @@ struct icmp {
#define ICMP_REDIRECT_HOST 1 /* for host */
#define ICMP_REDIRECT_TOSNET 2 /* for tos and net */
#define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */
+#define ICMP_ALTHOSTADDR 6 /* alternate host address */
#define ICMP_ECHO 8 /* echo service */
#define ICMP_ROUTERADVERT 9 /* router advertisement */
+#define ICMP_ROUTERADVERT_NORMAL 0 /* normal advertisement */
+#define ICMP_ROUTERADVERT_NOROUTE_COMMON 16 /* selective routing */
#define ICMP_ROUTERSOLICIT 10 /* router solicitation */
#define ICMP_TIMXCEED 11 /* time exceeded, code: */
#define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */
@@ -169,8 +172,20 @@ struct icmp {
#define ICMP_IREQREPLY 16 /* information reply */
#define ICMP_MASKREQ 17 /* address mask request */
#define ICMP_MASKREPLY 18 /* address mask reply */
+#define ICMP_TRACEROUTE 30 /* traceroute */
+#define ICMP_DATACONVERR 31 /* data conversion error */
+#define ICMP_MOBILE_REDIRECT 32 /* mobile host redirect */
+#define ICMP_IPV6_WHEREAREYOU 33 /* IPv6 where-are-you */
+#define ICMP_IPV6_IAMHERE 34 /* IPv6 i-am-here */
+#define ICMP_MOBILE_REGREQUEST 35 /* mobile registration req */
+#define ICMP_MOBILE_REGREPLY 36 /* mobile registration reply */
+#define ICMP_SKIP 39 /* SKIP */
+#define ICMP_PHOTURIS 40 /* Photuris */
+#define ICMP_PHOTURIS_UNKNOWN_INDEX 1 /* unknown sec index */
+#define ICMP_PHOTURIS_AUTH_FAILED 2 /* auth failed */
+#define ICMP_PHOTURIS_DECRYPT_FAILED 3 /* decrypt failed */
-#define ICMP_MAXTYPE 18
+#define ICMP_MAXTYPE 40
#define ICMP_INFOTYPE(type) \
((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \
diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c
index d8be42b..700f731 100644
--- a/sys/netinet/ip_id.c
+++ b/sys/netinet/ip_id.c
@@ -58,12 +58,13 @@
*/
#include "opt_random_ip_id.h"
+#include "opt_pf.h"
#include <sys/param.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/random.h>
-#ifdef RANDOM_IP_ID
+#if defined(RANDOM_IP_ID) || defined(DEV_PF)
#define RU_OUT 180 /* Time after wich will be reseeded */
#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */
#define RU_GEN 2 /* Starting generator */
@@ -208,4 +209,4 @@ ip_randomid(void)
return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb;
}
-#endif /* RANDOM_IP_ID */
+#endif /* RANDOM_IP_ID || DEV_PF */
diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c
index 7f1788c..92f1ffa 100644
--- a/sys/netinet6/in6_ifattach.c
+++ b/sys/netinet6/in6_ifattach.c
@@ -668,8 +668,10 @@ in6_ifattach(ifp, altifp)
switch (ifp->if_type) {
#ifdef IFT_BRIDGE /* OpenBSD 2.8, NetBSD 1.6 */
case IFT_BRIDGE:
- return;
#endif
+ case IFT_PFLOG:
+ case IFT_PFSYNC:
+ return;
}
/*
diff --git a/sys/sys/limits.h b/sys/sys/limits.h
index 752ccb0..8b4be2e 100644
--- a/sys/sys/limits.h
+++ b/sys/sys/limits.h
@@ -66,6 +66,9 @@
#define LONG_MAX __LONG_MAX /* max for a long */
#define LONG_MIN __LONG_MIN /* min for a long */
+#define UID_MAX UINT_MAX /* max value for a uid_t */
+#define GID_MAX UINT_MAX /* max value for a gid_t */
+
#ifdef __LONG_LONG_SUPPORTED
#define ULLONG_MAX __ULLONG_MAX /* max for an unsigned long long */
#define LLONG_MAX __LLONG_MAX /* max for a long long */
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
index 84975ac..9e1a6df 100644
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -552,6 +552,11 @@ struct mbuf *
#define PACKET_TAG_DIVERT 17 /* divert info */
#define PACKET_TAG_IPFORWARD 18 /* ipforward info */
#define PACKET_TAG_MACLABEL (19 | MTAG_PERSISTENT) /* MAC label */
+#define PACKET_TAG_PF_GENERATED (20 | MTAG_PERSISTENT) /* PF, pass always */
+#define PACKET_TAG_PF_ROUTED 21 /* PF routed, avoid loops */
+#define PACKET_TAG_PF_FRAGCACHE 22 /* PF fragment cached */
+#define PACKET_TAG_PF_QID 23 /* PF ALTQ queue id */
+#define PACKET_TAG_PF_TAG 24 /* PF tagged */
/* Packet tag routines. */
struct m_tag *m_tag_alloc(u_int32_t, int, int, int);
OpenPOWER on IntegriCloud