diff options
Diffstat (limited to 'ip_lfil.c')
-rw-r--r-- | ip_lfil.c | 975 |
1 files changed, 975 insertions, 0 deletions
diff --git a/ip_lfil.c b/ip_lfil.c new file mode 100644 index 0000000..196d64e --- /dev/null +++ b/ip_lfil.c @@ -0,0 +1,975 @@ +/* + * Copyright (C) 1993-2001 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + */ +#if !defined(lint) +static const char rcsid[] = "@(#)$Id: ip_lfil.c,v 2.6.2.5 2002/10/03 13:47:19 darrenr Exp $"; +#endif + +#if defined(KERNEL) && !defined(_KERNEL) +# define _KERNEL +#endif +#include <sys/errno.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/file.h> +#include <sys/ioctl.h> +#include <sys/time.h> +#include <sys/dir.h> +#include <sys/socket.h> +#ifndef _KERNEL +# include <stdio.h> +# include <string.h> +# include <stdlib.h> +# include <ctype.h> +#else +# include <linux/module.h> +#endif + +#include <net/if.h> +#include <net/route.h> +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/ip.h> +#include <netinet/tcp.h> +#include <netinet/udp.h> +#include <netinet/ip_icmp.h> +#ifndef _KERNEL +# include <syslog.h> +#endif +#include "netinet/ip_compat.h" +#include <netinet/tcpip.h> +#include "netinet/ip_fil.h" +#include "netinet/ip_nat.h" +#include "netinet/ip_proxy.h" +#include "netinet/ip_frag.h" +#include "netinet/ip_state.h" +#include "netinet/ip_auth.h" +#ifdef _KERNEL +#include <net/ip_forward.h> +#endif +#ifndef MIN +#define MIN(a,b) (((a)<(b))?(a):(b)) +#endif + + +#ifndef _KERNEL +# include "ipt.h" +static struct ifnet **ifneta = NULL; +static int nifs = 0; +#endif + +int fr_running = 0; +int ipl_unreach = ICMP_UNREACH_FILTER; +u_long ipl_frouteok[2] = {0, 0}; + +static int frzerostats __P((caddr_t)); +static void frsync __P((void)); +#if defined(__NetBSD__) || defined(__OpenBSD__) +static int frrequest __P((int, u_long, caddr_t, int)); +#else +static int frrequest __P((int, u_long, caddr_t, int)); +#endif +#ifdef _KERNEL +static int (*fr_savep) __P((ip_t *, int, void *, int, mb_t **)); +#else +int ipllog __P((void)); +void init_ifp __P((void)); +static int no_output __P((mb_t *, struct ifnet *)); +static int write_output __P((mb_t *, struct ifnet *)); +#endif + +#ifdef _KERNEL + +int fr_precheck(struct iphdr *ip, struct device *dev, int out, struct device **ifp) +{ + int hlen = ip->ihl << 2; + + return fr_check((ip_t *)ip, hlen, dev, out, (mb_t **)ifp); +} + + +int iplattach() +{ + char *defpass; + int s; + + if (fr_running || (fr_checkp == fr_precheck)) { + printk("IP Filter: already initialized\n"); + return EBUSY; + } + + fr_running = 1; + bzero((char *)frcache, sizeof(frcache)); + bzero((char *)nat_table, sizeof(nat_table)); + fr_savep = fr_checkp; + fr_checkp = fr_precheck; + +# ifdef IPFILTER_LOG + ipflog_init(); +# endif + if (fr_pass & FR_PASS) + defpass = "pass"; + else if (fr_pass & FR_BLOCK) + defpass = "block"; + else + defpass = "no-match -> block"; + + printk("IP Filter: initialized. Default = %s all, Logging = %s\n", + defpass, +# ifdef IPFILTER_LOG + "enabled"); +# else + "disabled"); +# endif + return 0; +} + + +/* + * Disable the filter by removing the hooks from the IP input/output + * stream. + */ +int ipldetach() +{ + int s, i = FR_INQUE|FR_OUTQUE; + + if (!fr_running) + { + printk("IP Filter: not initialized\n"); + return 0; + } + + fr_checkp = fr_savep; + i = frflush(IPL_LOGIPF, i); + fr_running = 0; + + ipfr_unload(); + ip_natunload(); + fr_stateunload(); + fr_authunload(); + + printk("IP Filter: unloaded\n"); + + return 0; +} +#endif /* _KERNEL */ + + +static int frzerostats(data) +caddr_t data; +{ + struct friostat fio; + int error; + + bcopy((char *)frstats, (char *)fio.f_st, + sizeof(struct filterstats) * 2); + fio.f_fin[0] = ipfilter[0][0]; + fio.f_fin[1] = ipfilter[0][1]; + fio.f_fout[0] = ipfilter[1][0]; + fio.f_fout[1] = ipfilter[1][1]; + fio.f_acctin[0] = ipacct[0][0]; + fio.f_acctin[1] = ipacct[0][1]; + fio.f_acctout[0] = ipacct[1][0]; + fio.f_acctout[1] = ipacct[1][1]; + fio.f_active = fr_active; + fio.f_froute[0] = ipl_frouteok[0]; + fio.f_froute[1] = ipl_frouteok[1]; + error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); + if (!error) + bzero((char *)frstats, sizeof(*frstats) * 2); + return error; +} + + +/* + * Filter ioctl interface. + */ +#if defined(_KERNEL) +int iplioctl(struct inode *inode, struct file *file, u_int cmd, u_long arg) +{ + int s; + caddr_t data = (caddr_t)arg; + + int mode = file->f_mode; +#else +int iplioctl(dev_t dev, int cmd, caddr_t data, int mode) +{ +#endif + int error = 0, unit = 0, tmp; + +#ifdef _KERNEL + unit = GET_MINOR(inode->i_rdev); + if ((IPL_LOGMAX < unit) || (unit < 0)) + return ENXIO; +#endif + + if (unit == IPL_LOGNAT) { + error = nat_ioctl(data, cmd, mode); + return error; + } + if (unit == IPL_LOGSTATE) { + error = fr_state_ioctl(data, cmd, mode); + return error; + } + + switch (cmd) { + case FIONREAD : +#ifdef IPFILTER_LOG + error = IWCOPY((caddr_t)&iplused[IPL_LOGIPF], data, + sizeof(iplused[IPL_LOGIPF])); +#endif + break; +#if !defined(IPFILTER_LKM) && defined(_KERNEL) + case SIOCFRENB : + { + u_int enable; + + if (!(mode & FWRITE)) + error = EPERM; + else { + error = IRCOPY(data, (caddr_t)&enable, sizeof(enable)); + if (error) + break; + if (enable) + error = iplattach(); + else + error = ipldetach(); + } + break; + } +#endif + case SIOCSETFF : + if (!(mode & FWRITE)) + error = EPERM; + else + error = IRCOPY(data, (caddr_t)&fr_flags, + sizeof(fr_flags)); + break; + case SIOCGETFF : + error = IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags)); + break; + case SIOCINAFR : + case SIOCRMAFR : + case SIOCADAFR : + case SIOCZRLST : + if (!(mode & FWRITE)) + error = EPERM; + else + error = frrequest(unit, cmd, data, fr_active); + break; + case SIOCINIFR : + case SIOCRMIFR : + case SIOCADIFR : + if (!(mode & FWRITE)) + error = EPERM; + else + error = frrequest(unit, cmd, data, 1 - fr_active); + break; + case SIOCSWAPA : + if (!(mode & FWRITE)) + error = EPERM; + else { + bzero((char *)frcache, sizeof(frcache[0]) * 2); + *(u_int *)data = fr_active; + fr_active = 1 - fr_active; + } + break; + case SIOCGETFS : + { + struct friostat fio; + + bcopy((char *)frstats, (char *)fio.f_st, + sizeof(struct filterstats) * 2); + fio.f_fin[0] = ipfilter[0][0]; + fio.f_fin[1] = ipfilter[0][1]; + fio.f_fout[0] = ipfilter[1][0]; + fio.f_fout[1] = ipfilter[1][1]; + fio.f_acctin[0] = ipacct[0][0]; + fio.f_acctin[1] = ipacct[0][1]; + fio.f_acctout[0] = ipacct[1][0]; + fio.f_acctout[1] = ipacct[1][1]; + fio.f_auth = ipauth; + fio.f_active = fr_active; + fio.f_froute[0] = ipl_frouteok[0]; + fio.f_froute[1] = ipl_frouteok[1]; + error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio)); + break; + } + case SIOCFRZST : + if (!(mode & FWRITE)) + error = EPERM; + else + error = frzerostats(data); + break; + case SIOCIPFFL : + if (!(mode & FWRITE)) + error = EPERM; + else { + error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp)); + if (!error) { + tmp = frflush(unit, tmp); + error = IWCOPY((caddr_t)&tmp, data, + sizeof(tmp)); + } + } + break; +#ifdef IPFILTER_LOG + case SIOCIPFFB : + if (!(mode & FWRITE)) + error = EPERM; + else + *(int *)data = ipflog_clear(unit); + break; +#endif /* IPFILTER_LOG */ + case SIOCGFRST : + error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data, + sizeof(ipfrstat_t)); + break; + case SIOCFRSYN : + if (!(mode & FWRITE)) + error = EPERM; + else { +#if defined(_KERNEL) && defined(__sgi) + ipfsync(); +#endif + frsync(); + } + break; + default : + error = EINVAL; + break; + } + return error; +} + + +static void frsync() +{ +#ifdef _KERNEL + struct device *dev; + + for (dev = dev_base; dev; dev = dev->next) + ip_natsync(dev); +#endif +} + + +static int frrequest(unit, req, data, set) +int unit; +u_long req; +int set; +caddr_t data; +{ + register frentry_t *fp, *f, **fprev; + register frentry_t **ftail; + frentry_t frd; + frdest_t *fdp; + frgroup_t *fg = NULL; + int error = 0, in; + u_int group; + + fp = &frd; + error = IRCOPYPTR(data, (caddr_t)fp, sizeof(*fp)); + if (error) + return error; + + /* + * Check that the group number does exist and that if a head group + * has been specified, doesn't exist. + */ + if (fp->fr_grhead && + fr_findgroup((u_int)fp->fr_grhead, fp->fr_flags, unit, set, NULL)) + return EEXIST; + if (fp->fr_group && + !fr_findgroup((u_int)fp->fr_group, fp->fr_flags, unit, set, NULL)) + return ESRCH; + + in = (fp->fr_flags & FR_INQUE) ? 0 : 1; + + if (unit == IPL_LOGAUTH) + ftail = fprev = &ipauth; + else if (fp->fr_flags & FR_ACCOUNT) + ftail = fprev = &ipacct[in][set]; + else if (fp->fr_flags & (FR_OUTQUE|FR_INQUE)) + ftail = fprev = &ipfilter[in][set]; + else + return ESRCH; + + if ((group = fp->fr_group)) { + if (!(fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL))) + return ESRCH; + ftail = fprev = fg->fg_start; + } + + bzero((char *)frcache, sizeof(frcache[0]) * 2); + + if (*fp->fr_ifname) { + fp->fr_ifa = GETUNIT(fp->fr_ifname, fp->fr_ip.fi_v); + if (!fp->fr_ifa) + fp->fr_ifa = (void *)-1; + } + + fdp = &fp->fr_dif; + fp->fr_flags &= ~FR_DUP; + if (*fdp->fd_ifname) { + fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_ip.fi_v); + if (!fdp->fd_ifp) + fdp->fd_ifp = (struct ifnet *)-1; + else + fp->fr_flags |= FR_DUP; + } + + fdp = &fp->fr_tif; + if (*fdp->fd_ifname) { + fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_ip.fi_v); + if (!fdp->fd_ifp) + fdp->fd_ifp = (struct ifnet *)-1; + } + + /* + * Look for a matching filter rule, but don't include the next or + * interface pointer in the comparison (fr_next, fr_ifa). + */ + for (; (f = *ftail); ftail = &f->fr_next) + if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip, + FR_CMPSIZ) == 0) + break; + + /* + * If zero'ing statistics, copy current to caller and zero. + */ + if (req == SIOCZRLST) { + if (!f) + return ESRCH; + error = IWCOPYPTR((caddr_t)f, data, sizeof(*f)); + if (error) + return error; + f->fr_hits = 0; + f->fr_bytes = 0; + return 0; + } + + if (!f) { + if (req == SIOCINAFR || req == SIOCINIFR) { + ftail = fprev; + if (fp->fr_hits) { + while (--fp->fr_hits && (f = *ftail)) { + ftail = &f->fr_next; + } + } + } + f = NULL; + } + + if (req == SIOCRMAFR || req == SIOCRMIFR) { + if (!f) + error = ESRCH; + else { + if (f->fr_ref > 1) + return EBUSY; + if (fg && fg->fg_head) + fg->fg_head->fr_ref--; + if (unit == IPL_LOGAUTH) + return fr_auth_ioctl(data, mode, req, f, ftail); + if (f->fr_grhead) + fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, + unit, set); + fixskip(fprev, f, -1); + *ftail = f->fr_next; + KFREE(f); + } + } else { + if (f) + error = EEXIST; + else { + if (unit == IPL_LOGAUTH) + return fr_auth_ioctl(data, mode, req, f, ftail); + KMALLOC(f, frentry_t *); + if (f != NULL) { + if (fg && fg->fg_head) + fg->fg_head->fr_ref++; + bcopy((char *)fp, (char *)f, sizeof(*f)); + f->fr_ref = 1; + f->fr_hits = 0; + f->fr_next = *ftail; + *ftail = f; + if (req == SIOCINIFR || req == SIOCINAFR) + fixskip(fprev, f, 1); + f->fr_grp = NULL; + if ((group = f->fr_grhead)) + fg = fr_addgroup(group, f, unit, set); + } else + error = ENOMEM; + } + } + return (error); +} + + +#ifdef _KERNEL +/* + * routines below for saving IP headers to buffer + */ +int iplopen(struct inode *inode, struct file *file) +{ + u_int min = GET_MINOR(inode->i_rdev); + + if (IPL_LOGMAX < min) + min = ENXIO; + else { + MOD_INC_USE_COUNT; + min = 0; + } + return min; +} + + +void iplclose(struct inode *inode, struct file *file) +{ + u_int min = GET_MINOR(inode->i_rdev); + + if (IPL_LOGMAX >= min) { + MOD_DEC_USE_COUNT; + } +} + +/* + * iplread/ipllog + * both of these must operate with at least splnet() lest they be + * called during packet processing and cause an inconsistancy to appear in + * the filter lists. + */ +int iplread(struct inode *inode, struct file *file, char *buf, int nbytes) +{ + struct uio uiob, *uio = &uiob; + + uio->uio_buf = buf; + uio->uio_resid = nbytes; +# ifdef IPFILTER_LOG + return ipflog_read(GET_MINOR(inode->i_rdev), uio); +# else + return ENXIO; +# endif +} + + +/* + * send_reset - this could conceivably be a call to tcp_respond(), but that + * requires a large amount of setting up and isn't any more efficient. + */ +int send_reset(ti, ifp) +struct tcpiphdr *ti; +struct ifnet *ifp; +{ + tcphdr_t *tcp; + int tlen = 0; + ip_t *ip; + mb_t *m; + + if (ti->ti_flags & TH_RST) + return -1; /* feedback loop */ + + m = alloc_skb(sizeof(tcpiphdr_t), GFP_ATOMIC); + if (m == NULL) + return -1; + + if (ti->ti_flags & TH_SYN) + tlen = 1; + + m->dev = ifp; + m->csum = 0; + ip = mtod(m, ip_t *); + m->h.iph = ip; + m->ip_hdr = NULL; + m->m_len = sizeof(tcpiphdr_t); + tcp = (tcphdr_t *)((char *)ip + sizeof(ip_t)); + bzero((char *)ip, sizeof(tcpiphdr_t)); + + ip->ip_v = IPVERSION; + ip->ip_hl = sizeof(ip_t) >> 2; + ip->ip_tos = ((ip_t *)ti)->ip_tos; + ip->ip_p = ((ip_t *)ti)->ip_p; + ip->ip_id = ((ip_t *)ti)->ip_id; + ip->ip_len = htons(sizeof(tcpiphdr_t)); + ip->ip_ttl = 127; + ip->ip_src.s_addr = ti->ti_dst.s_addr; + ip->ip_dst.s_addr = ti->ti_src.s_addr; + tcp->th_dport = ti->ti_sport; + tcp->th_sport = ti->ti_dport; + tcp->th_ack = htonl(ntohl(ti->ti_seq) + tlen); + tcp->th_off = sizeof(tcphdr_t) >> 2; + tcp->th_flags = TH_RST|TH_ACK; + + ip->ip_sum = 0; + ip->ip_sum = ipf_cksum((u_short *)ip, sizeof(ip_t)); + tcp->th_sum = fr_tcpsum(m, ip, tcp); + return ip_forward(m, NULL, IPFWD_NOTTLDEC, ip->ip_dst.s_addr); +} + + +size_t mbufchainlen(m0) +register mb_t *m0; +{ + register size_t len = 0; + + for (; m0; m0 = m0->m_next) + len += m0->m_len; + return len; +} + + +void ipfr_fastroute(m0, fin, fdp) +mb_t *m0; +fr_info_t *fin; +frdest_t *fdp; +{ +#if notyet + register ip_t *ip, *mhip; + register mb_t *m = m0; + register struct route *ro; + struct ifnet *ifp = fdp->fd_ifp; + int len, off, error = 0; + int hlen = fin->fin_hlen; + struct route iproute; + struct sockaddr_in *dst; + + ip = mtod(m0, ip_t *); + /* + * Route packet. + */ + ro = &iproute; + bzero((caddr_t)ro, sizeof (*ro)); + dst = (struct sockaddr_in *)&ro->ro_dst; + dst->sin_family = AF_INET; + dst->sin_addr = fdp->fd_ip.s_addr ? fdp->fd_ip : ip->ip_dst; + /* + * XXX -allocate route here + */ + if (!ifp) { + if (!(fin->fin_fr->fr_flags & FR_FASTROUTE)) { + error = -2; + goto bad; + } + if (ro->ro_rt == 0 || (ifp = ro->ro_rt->rt_ifp) == 0) { + if (in_localaddr(ip->ip_dst)) + error = EHOSTUNREACH; + else + error = ENETUNREACH; + goto bad; + } + if (ro->ro_rt->rt_flags & RTF_GATEWAY) + dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway; + } + ro->ro_rt->rt_use++; + + /* + * For input packets which are being "fastrouted", they won't + * go back through output filtering and miss their chance to get + * NAT'd. + */ + (void) ip_natout(ip, hlen, fin); + if (fin->fin_out) + ip->ip_sum = 0; + /* + * If small enough for interface, can just send directly. + */ + if (ip->ip_len <= ifp->if_mtu) { +# ifndef sparc + ip->ip_id = htons(ip->ip_id); + ip->ip_len = htons(ip->ip_len); + ip->ip_off = htons(ip->ip_off); +# endif + if (!ip->ip_sum) + ip->ip_sum = in_cksum(m, hlen); + error = (*ifp->hard_start_xmit)(m, ifp, m); + goto done; + } + /* + * Too large for interface; fragment if possible. + * Must be able to put at least 8 bytes per fragment. + */ + if (ip->ip_off & IP_DF) { + error = EMSGSIZE; + goto bad; + } + len = (ifp->if_mtu - hlen) &~ 7; + if (len < 8) { + error = EMSGSIZE; + goto bad; + } + + { + int mhlen, firstlen = len; + mb_t **mnext = &m->m_act; + + /* + * Loop through length of segment after first fragment, + * make new header and copy data of each part and link onto chain. + */ + m0 = m; + mhlen = sizeof (struct ip); + for (off = hlen + len; off < ip->ip_len; off += len) { + MGET(m, M_DONTWAIT, MT_HEADER); + if (m == 0) { + error = ENOBUFS; + goto bad; + } + m->m_data += max_linkhdr; + mhip = mtod(m, struct ip *); + bcopy((char *)ip, (char *)mhip, sizeof(*ip)); + if (hlen > sizeof (struct ip)) { + mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip); + mhip->ip_hl = mhlen >> 2; + } + m->m_len = mhlen; + mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF); + if (ip->ip_off & IP_MF) + mhip->ip_off |= IP_MF; + if (off + len >= ip->ip_len) + len = ip->ip_len - off; + else + mhip->ip_off |= IP_MF; + mhip->ip_len = htons((u_short)(len + mhlen)); + m->m_next = m_copy(m0, off, len); + if (m->m_next == 0) { + error = ENOBUFS; /* ??? */ + goto sendorfree; + } +# ifndef sparc + mhip->ip_off = htons((u_short)mhip->ip_off); +# endif + mhip->ip_sum = 0; + mhip->ip_sum = in_cksum(m, mhlen); + *mnext = m; + mnext = &m->m_act; + } + /* + * Update first fragment by trimming what's been copied out + * and updating header, then send each fragment (in order). + */ + m_adj(m0, hlen + firstlen - ip->ip_len); + ip->ip_len = htons((u_short)(hlen + firstlen)); + ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); + ip->ip_sum = 0; + ip->ip_sum = in_cksum(m0, hlen); +sendorfree: + for (m = m0; m; m = m0) { + m0 = m->m_act; + m->m_act = 0; + if (error == 0) + error = (*ifp->if_output)(ifp, m, + (struct sockaddr *)dst); + else + m_freem(m); + } + } +done: + if (!error) + ipl_frouteok[0]++; + else + ipl_frouteok[1]++; + + if (ro->ro_rt) { + RTFREE(ro->ro_rt); + } + return; +bad: + m_freem(m); + goto done; +# endif +} + + +/* + * Fake BSD uiomove() call. + */ +int uiomove(caddr_t src, size_t ssize, int rw, struct uio *uio) +{ + int error; + size_t mv = MIN(ssize, uio->uio_resid); + + if (rw == UIO_READ) { + error = IWCOPY(src, (caddr_t)uio->uio_buf, mv); + } else if (rw == UIO_WRITE) { + error = IRCOPY((caddr_t)uio->uio_buf, src, mv); + } else + error = EINVAL; + if (!error) { + uio->uio_resid -= mv; + uio->uio_buf += mv; + } + return error; +} + +# ifdef IPFILTER_LKM +# ifndef IPL_MAJOR +# define IPL_MAJOR 95 +# endif + +# ifndef IPL_NAME +# define IPL_NAME "/dev/ipl" +# endif + +static struct file_operations ipl_fops = { + NULL, /* lseek */ + iplread, /* read */ + NULL, /* write */ + NULL, /* readdir */ + NULL, /* select */ + iplioctl, /* ioctl */ + NULL, /* mmap */ + iplopen, /* open */ + iplclose, /* release */ + NULL, /* fsync */ + NULL, /* fasync */ + NULL, /* check_media_change */ + NULL, /* revalidate */ +}; + + +int init_module(void) +{ + int error = 0, major; + + if (register_chrdev(IPL_MAJOR, "ipf", &ipl_fops)) { + printk("ipf: unable to get major number: %d\n", IPL_MAJOR); + return -EIO; + } + + error = iplattach(); + if (!error) + register_symtab(0); + return -error; +} + +void cleanup_module(void) +{ + unregister_chrdev(IPL_MAJOR, "ipf"); + (void) ipldetach(); +} +# endif /* IPFILTER_LKM */ +#else /* #ifdef _KERNEL */ + + +static int no_output __P((mb_t *m, struct ifnet *ifp)) +{ + return 0; +} + + +static int write_output __P((mb_t *m, struct ifnet *ifp)) +{ + FILE *fp; + char fname[32]; + ip_t *ip; + + ip = mtod(m, ip_t *); + sprintf(fname, "/tmp/%s", ifp->name); + if ((fp = fopen(fname, "a"))) { + fwrite((char *)ip, ntohs(ip->ip_len), 1, fp); + fclose(fp); + } + return 0; +} + + +struct ifnet *get_unit(name, v) +char *name; +int v; +{ + struct ifnet *ifp, **ifa; + char ifname[32], *s; + + for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) { + (void) sprintf(ifname, "%s", ifp->name); + if (!strcmp(name, ifname)) + return ifp; + } + + if (!ifneta) { + ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2); + ifneta[1] = NULL; + ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp)); + nifs = 1; + } else { + nifs++; + ifneta = (struct ifnet **)realloc(ifneta, + (nifs + 1) * sizeof(*ifa)); + ifneta[nifs] = NULL; + ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp)); + } + ifp = ifneta[nifs - 1]; + + for (s = name; *s && !isdigit(*s); s++) + ; + if (*s && isdigit(*s)) { + ifp->name = (char *)malloc(s - name + 1); + strncpy(ifp->name, name, s - name); + ifp->name[s - name] = '\0'; + } else { + ifp->name = strdup(name); + } + ifp->hard_start_xmit = no_output; + return ifp; +} + + + +void init_ifp() +{ + FILE *fp; + struct ifnet *ifp, **ifa; + char fname[32]; + + for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) { + ifp->hard_start_xmit = write_output; + sprintf(fname, "/tmp/%s", ifp->name); + if ((fp = fopen(fname, "w"))) + fclose(fp); + } +} + + +void ipfr_fastroute(ip, fin, fdp) +ip_t *ip; +fr_info_t *fin; +frdest_t *fdp; +{ + struct ifnet *ifp = fdp->fd_ifp; + + if (!ifp) + return; /* no routing table out here */ + + ip->ip_len = htons((u_short)ip->ip_len); + ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); + ip->ip_sum = 0; + (*ifp->hard_start_xmit)((mb_t *)ip, ifp); +} + + +int ipllog __P((void)) +{ + verbose("l"); + return 0; +} + + +int send_reset(ip, ifp) +ip_t *ip; +struct ifnet *ifp; +{ + verbose("- TCP RST sent\n"); + return 0; +} + + +int icmp_error(ip, ifp) +ip_t *ip; +struct ifnet *ifp; +{ + verbose("- TCP RST sent\n"); + return 0; +} +#endif /* _KERNEL */ |