summaryrefslogtreecommitdiffstats
path: root/sys/contrib/ipfilter/netinet/ip_fil.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_fil.c')
-rw-r--r--sys/contrib/ipfilter/netinet/ip_fil.c113
1 files changed, 86 insertions, 27 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_fil.c b/sys/contrib/ipfilter/netinet/ip_fil.c
index 90bcb82..8fcd05d 100644
--- a/sys/contrib/ipfilter/netinet/ip_fil.c
+++ b/sys/contrib/ipfilter/netinet/ip_fil.c
@@ -24,7 +24,7 @@
# include <osreldate.h>
# endif
#endif
-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
# define _KMEMUSER
# include <sys/ptimers.h>
#endif
@@ -117,10 +117,14 @@
# include <sys/kernel.h>
extern int ip_optcopy __P((struct ip *, struct ip *));
#endif
+#if defined(OpenBSD) && (OpenBSD >= 200211) && defined(_KERNEL)
+extern int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
+ struct ifnet *, struct in6_addr *, u_long *);
+#endif
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.60 2002/08/28 12:40:39 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.64 2002/12/06 11:45:45 darrenr Exp $";
#endif
@@ -192,6 +196,15 @@ struct timeout ipfr_slowtimer_ch;
toid_t ipfr_slowtimer_ch;
#endif
+#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000) && \
+ defined(_KERNEL)
+# include <sys/conf.h>
+const struct cdevsw ipl_cdevsw = {
+ iplopen, iplclose, iplread, nowrite, iplioctl,
+ nostop, notty, nopoll, nommap,
+};
+#endif
+
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
# include <sys/device.h>
# include <sys/conf.h>
@@ -319,7 +332,7 @@ int count;
# endif
-# if defined(__NetBSD__)
+# if defined(__NetBSD__) || defined(__OpenBSD__)
int ipl_enable()
# else
int iplattach()
@@ -363,10 +376,13 @@ int iplattach()
# ifdef NETBSD_PF
# if (__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011)
# if __NetBSD_Version__ >= 105110000
- if (
- !(ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET))
+ ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
+# ifdef USE_INET6
+ ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
+# endif
+ if (ph_inet == NULL
# ifdef USE_INET6
- && !(ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6))
+ && ph_inet6 == NULL
# endif
)
return ENODEV;
@@ -484,7 +500,8 @@ int ipldetach()
# endif
{
int s, i;
-#if defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000)
+#if defined(NETBSD_PF) && \
+ ((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011))
int error = 0;
# if __NetBSD_Version__ >= 105150000
struct pfil_head *ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
@@ -524,8 +541,8 @@ int ipldetach()
printf("%s unloaded\n", ipfilter_version);
fr_checkp = fr_savep;
- i = frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
- i += frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE);
+ i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
+ i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE);
fr_running = 0;
# ifdef NETBSD_PF
@@ -670,7 +687,16 @@ int mode;
if (!fr_running)
error = EIO;
else
- error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
+ if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) {
+ if (!(mode & FWRITE)) {
+ error = EPERM;
+ } else {
+ error = frrequest(unit, cmd, data,
+ fr_active);
+ }
+ } else {
+ error = fr_auth_ioctl(data, mode, cmd);
+ }
SPL_X(s);
return error;
}
@@ -694,7 +720,7 @@ int mode;
if (error)
break;
if (enable)
-# if defined(__NetBSD__)
+# if defined(__NetBSD__) || defined(__OpenBSD__)
error = ipl_enable();
# else
error = iplattach();
@@ -767,12 +793,26 @@ int mode;
else {
error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
- tmp = frflush(unit, tmp);
+ tmp = frflush(unit, 4, tmp);
error = IWCOPY((caddr_t)&tmp, data,
sizeof(tmp));
}
}
break;
+#ifdef USE_INET6
+ case SIOCIPFL6 :
+ if (!(mode & FWRITE))
+ error = EPERM;
+ else {
+ error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
+ if (!error) {
+ tmp = frflush(unit, 6, tmp);
+ error = IWCOPY((caddr_t)&tmp, data,
+ sizeof(tmp));
+ }
+ }
+ break;
+#endif
case SIOCSTLCK :
error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
@@ -797,12 +837,6 @@ int mode;
if (error)
error = EFAULT;
break;
- case SIOCAUTHW :
- case SIOCAUTHR :
- if (!(mode & FWRITE)) {
- error = EPERM;
- break;
- }
case SIOCFRSYN :
if (!(mode & FWRITE))
error = EPERM;
@@ -1008,6 +1042,9 @@ caddr_t data;
return EBUSY;
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
+ if (unit == IPL_LOGAUTH) {
+ return fr_preauthcmd(req, f, ftail);
+ }
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
@@ -1022,6 +1059,9 @@ caddr_t data;
if (f)
error = EEXIST;
else {
+ if (unit == IPL_LOGAUTH) {
+ return fr_preauthcmd(req, fp, ftail);
+ }
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
@@ -1247,7 +1287,8 @@ struct mbuf **mp;
ip->ip_tos = oip->ip_tos;
ip->ip_id = oip->ip_id;
-# if defined(__NetBSD__) || defined(__OpenBSD__)
+# if defined(__NetBSD__) || \
+ (defined(__OpenBSD__) && (OpenBSD >= 200012))
if (ip_mtudisc != 0)
ip->ip_off = IP_DF;
# else
@@ -1482,7 +1523,7 @@ void
iplinit()
{
-# if defined(__NetBSD__)
+# if defined(__NetBSD__) || defined(__OpenBSD__)
if (ipl_enable() != 0)
# else
if (iplattach() != 0)
@@ -1587,7 +1628,7 @@ frdest_t *fdp;
/*
* Route packet.
*/
-#ifdef __sgi
+#if defined(__sgi) && (IRIX >= 605)
ROUTE_RDLOCK();
#endif
bzero((caddr_t)ro, sizeof (*ro));
@@ -1627,7 +1668,7 @@ frdest_t *fdp;
rtalloc(ro);
# endif
-#ifdef __sgi
+#if defined(__sgi) && (IRIX > 602)
ROUTE_UNLOCK();
#endif
@@ -1898,6 +1939,12 @@ frdest_t *fdp;
struct route_in6 *ro;
struct ifnet *ifp;
frentry_t *fr;
+#if defined(OpenBSD) && (OpenBSD >= 200211)
+ struct route_in6 *ro_pmtu = NULL;
+ struct in6_addr finaldst;
+ ip6_t *ip6;
+#endif
+ u_long mtu;
int error;
ifp = NULL;
@@ -1935,11 +1982,23 @@ frdest_t *fdp;
dst6 = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
ro->ro_rt->rt_use++;
- if (m0->m_pkthdr.len <= nd_ifinfo[ifp->if_index].linkmtu)
- error = nd6_output(ifp, fin->fin_ifp, m0, dst6,
- ro->ro_rt);
- else
- error = EMSGSIZE;
+#if defined(OpenBSD) && (OpenBSD >= 200211)
+ ip6 = mtod(m0, ip6_t *);
+ ro_pmtu = ro;
+ finaldst = ip6->ip6_dst;
+ error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu);
+ if (error == 0) {
+#else
+ mtu = nd_ifinfo[ifp->if_index].linkmtu;
+#endif
+ if (m0->m_pkthdr.len <= mtu)
+ error = nd6_output(ifp, fin->fin_ifp, m0,
+ dst6, ro->ro_rt);
+ else
+ error = EMSGSIZE;
+#if defined(OpenBSD) && (OpenBSD >= 200211)
+ }
+#endif
}
if (ro->ro_rt != NULL) {
OpenPOWER on IntegriCloud