summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorluigi <luigi@FreeBSD.org>1998-12-21 22:40:54 +0000
committerluigi <luigi@FreeBSD.org>1998-12-21 22:40:54 +0000
commitc797b9a57dd74e6096b682ad9e93154038f54e9a (patch)
treeacc447635864494d5f4e12d424eac2d181a0183c /sys
parent2a1314ea52b1d8bc3b4727f4910db0b885a00922 (diff)
downloadFreeBSD-src-c797b9a57dd74e6096b682ad9e93154038f54e9a.zip
FreeBSD-src-c797b9a57dd74e6096b682ad9e93154038f54e9a.tar.gz
Recover from previous dummynet screwup
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_fw.c62
-rw-r--r--sys/netinet/ip_input.c47
2 files changed, 71 insertions, 38 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index d9069dc..950be6b 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -12,14 +12,14 @@
*
* This software is provided ``AS IS'' without any warranties of any kind.
*
- * $Id: ip_fw.c,v 1.96 1998/08/23 03:07:14 wollman Exp $
+ * $Id: ip_fw.c,v 1.100 1998/12/14 18:09:13 luigi Exp $
*/
/*
* Implement IP packet firewall
*/
-#ifndef IPFIREWALL_MODULE
+#if !defined(KLD_MODULE) && !defined(IPFIREWALL_MODULE)
#include "opt_ipfw.h"
#include "opt_ipdn.h"
#include "opt_ipdivert.h"
@@ -71,9 +71,9 @@ static int fw_verbose_limit = 0;
#define IPFW_DEFAULT_RULE ((u_int)(u_short)~0)
-LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
+static LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
-MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
+static MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
#ifdef SYSCTL_NODE
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
@@ -111,11 +111,6 @@ static void ipfw_report __P((struct ip_fw *f, struct ip *ip,
static void flush_rule_ptrs(void);
-#ifdef IPFIREWALL_MODULE
-static ip_fw_chk_t *old_chk_ptr;
-static ip_fw_ctl_t *old_ctl_ptr;
-#endif
-
static int ip_fw_chk __P((struct ip **pip, int hlen,
struct ifnet *oif, u_int16_t *cookie, struct mbuf **m,
struct ip_fw_chain **flow_id,
@@ -1275,7 +1270,10 @@ ip_fw_init(void)
#endif
}
-#ifdef IPFIREWALL_MODULE
+static ip_fw_chk_t *old_chk_ptr;
+static ip_fw_ctl_t *old_ctl_ptr;
+
+#if defined(IPFIREWALL_MODULE) && !defined(KLD_MODULE)
#include <sys/exec.h>
#include <sys/sysent.h>
@@ -1322,4 +1320,48 @@ ipfw_mod(struct lkm_table *lkmtp, int cmd, int ver)
MOD_DISPATCH(ipfw, lkmtp, cmd, ver,
ipfw_load, ipfw_unload, lkm_nullcmd);
}
+#else
+static int
+ipfw_modevent(module_t mod, int type, void *unused)
+{
+ int s;
+
+ switch (type) {
+ case MOD_LOAD:
+ s = splnet();
+
+ old_chk_ptr = ip_fw_chk_ptr;
+ old_ctl_ptr = ip_fw_ctl_ptr;
+
+ ip_fw_init();
+ splx(s);
+ return 0;
+ case MOD_UNLOAD:
+ s = splnet();
+
+ ip_fw_chk_ptr = old_chk_ptr;
+ ip_fw_ctl_ptr = old_ctl_ptr;
+
+ while (LIST_FIRST(&ip_fw_chain) != NULL) {
+ struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain);
+ LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain);
+ free(fcp->rule, M_IPFW);
+ free(fcp, M_IPFW);
+ }
+
+ splx(s);
+ printf("IP firewall unloaded\n");
+ return 0;
+ default:
+ break;
+ }
+ return 0;
+}
+
+static moduledata_t ipfwmod = {
+ "ipfw",
+ ipfw_modevent,
+ 0
+};
+DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY);
#endif
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 839c5b7..6739cb9 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
- * $Id: ip_input.c,v 1.101 1998/09/10 08:56:40 dfr Exp $
+ * $Id: ip_input.c,v 1.109 1998/12/14 18:09:13 luigi Exp $
* $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
*/
@@ -234,9 +234,6 @@ ip_init()
ip_id = time_second & 0xffff;
ipintrq.ifq_maxlen = ipqmaxlen;
-#ifdef IPFIREWALL
- ip_fw_init();
-#endif
#ifdef DUMMYNET
ip_dn_init();
#endif
@@ -261,7 +258,6 @@ ip_input(struct mbuf *m)
{
struct ip *ip;
struct ipq *fp;
- struct ipqent *ipqe;
struct in_ifaddr *ia;
int i, hlen, mff;
u_short sum;
@@ -566,7 +562,7 @@ ours:
*/
if (ip->ip_off & (IP_MF | IP_OFFMASK | IP_RF)) {
if (m->m_flags & M_EXT) { /* XXX */
- if ((m = m_pullup(m, sizeof (struct ip))) == 0) {
+ if ((m = m_pullup(m, hlen)) == 0) {
ipstat.ips_toosmall++;
#ifdef IPDIVERT
frag_divert_port = 0;
@@ -764,13 +760,13 @@ ip_reass(m, fp, where)
fp->ipq_id = ip->ip_id;
fp->ipq_src = ip->ip_src;
fp->ipq_dst = ip->ip_dst;
- fp->ipq_frags = 0;
+ fp->ipq_frags = m;
+ m->m_nextpkt = NULL;
#ifdef IPDIVERT
fp->ipq_divert = 0;
fp->ipq_div_cookie = 0;
#endif
- q = 0;
- goto insert;
+ goto inserted;
}
#define GETIP(m) ((struct ip*)((m)->m_pkthdr.header))
@@ -785,7 +781,8 @@ ip_reass(m, fp, where)
/*
* If there is a preceding segment, it may provide some of
* our data already. If so, drop the data from the incoming
- * segment. If it provides all of our data, drop us.
+ * segment. If it provides all of our data, drop us, otherwise
+ * stick new segment in the proper place.
*/
if (p) {
i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off;
@@ -796,6 +793,11 @@ ip_reass(m, fp, where)
ip->ip_off += i;
ip->ip_len -= i;
}
+ m->m_nextpkt = p->m_nextpkt;
+ p->m_nextpkt = m;
+ } else {
+ m->m_nextpkt = fp->ipq_frags;
+ fp->ipq_frags = m;
}
/*
@@ -803,7 +805,7 @@ ip_reass(m, fp, where)
* if they are completely covered, dequeue them.
*/
for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off;
- p = q, q = nq) {
+ q = nq) {
i = (ip->ip_off + ip->ip_len) -
GETIP(q)->ip_off;
if (i < GETIP(q)->ip_len) {
@@ -813,14 +815,11 @@ ip_reass(m, fp, where)
break;
}
nq = q->m_nextpkt;
- if (p)
- p->m_nextpkt = nq;
- else
- fp->ipq_frags = nq;
+ m->m_nextpkt = nq;
m_freem(q);
}
-insert:
+inserted:
#ifdef IPDIVERT
/*
@@ -835,16 +834,8 @@ insert:
#endif
/*
- * Stick new segment in its place;
- * check for complete reassembly.
+ * Check for complete reassembly.
*/
- if (p == NULL) {
- m->m_nextpkt = fp->ipq_frags;
- fp->ipq_frags = m;
- } else {
- m->m_nextpkt = p->m_nextpkt;
- p->m_nextpkt = m;
- }
next = 0;
for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) {
if (GETIP(q)->ip_off != next)
@@ -1300,7 +1291,7 @@ ip_srcroute()
*(mtod(m, struct in_addr *)) = *p--;
#ifdef DIAGNOSTIC
if (ipprintfs)
- printf(" hops %lx", ntohl(mtod(m, struct in_addr *)->s_addr));
+ printf(" hops %lx", (u_long)ntohl(mtod(m, struct in_addr *)->s_addr));
#endif
/*
@@ -1320,7 +1311,7 @@ ip_srcroute()
while (p >= ip_srcrt.route) {
#ifdef DIAGNOSTIC
if (ipprintfs)
- printf(" %lx", ntohl(q->s_addr));
+ printf(" %lx", (u_long)ntohl(q->s_addr));
#endif
*q++ = *p--;
}
@@ -1330,7 +1321,7 @@ ip_srcroute()
*q = ip_srcrt.dst;
#ifdef DIAGNOSTIC
if (ipprintfs)
- printf(" %lx\n", ntohl(q->s_addr));
+ printf(" %lx\n", (u_long)ntohl(q->s_addr));
#endif
return (m);
}
OpenPOWER on IntegriCloud