diff options
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_fil.c')
| -rw-r--r-- | sys/contrib/ipfilter/netinet/ip_fil.c | 157 |
1 files changed, 52 insertions, 105 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_fil.c b/sys/contrib/ipfilter/netinet/ip_fil.c index 8fcd05d..da64a49 100644 --- a/sys/contrib/ipfilter/netinet/ip_fil.c +++ b/sys/contrib/ipfilter/netinet/ip_fil.c @@ -3,6 +3,7 @@ * * See the IPFILTER.LICENCE file for details on licencing. */ + #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif @@ -24,7 +25,7 @@ # include <osreldate.h> # endif #endif -#if defined(__sgi) && (IRIX > 602) +#ifdef __sgi # define _KMEMUSER # include <sys/ptimers.h> #endif @@ -117,17 +118,15 @@ # include <sys/kernel.h> extern int ip_optcopy __P((struct ip *, struct ip *)); #endif -#if defined(OpenBSD) && (OpenBSD >= 200211) && defined(_KERNEL) -extern int ip6_getpmtu(struct route_in6 *, struct route_in6 *, - struct ifnet *, struct in6_addr *, u_long *); -#endif + +#include <machine/in_cksum.h> #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.64 2002/12/06 11:45:45 darrenr Exp $"; +/* static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.34 2001/07/23 13:49:57 darrenr Exp $"; */ +static const char rcsid[] = "@(#)$FreeBSD$"; #endif - extern struct protosw inetsw[]; #ifndef _KERNEL @@ -196,15 +195,6 @@ struct timeout ipfr_slowtimer_ch; toid_t ipfr_slowtimer_ch; #endif -#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000) && \ - defined(_KERNEL) -# include <sys/conf.h> -const struct cdevsw ipl_cdevsw = { - iplopen, iplclose, iplread, nowrite, iplioctl, - nostop, notty, nopoll, nommap, -}; -#endif - #if (_BSDI_VERSION >= 199510) && defined(_KERNEL) # include <sys/device.h> # include <sys/conf.h> @@ -221,7 +211,8 @@ struct devsw iplsw = { }; #endif /* _BSDI_VERSION >= 199510 && _KERNEL */ -#if defined(__NetBSD__) || defined(__OpenBSD__) || (_BSDI_VERSION >= 199701) +#if defined(__NetBSD__) || defined(__OpenBSD__) || \ + (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 500011) # include <sys/conf.h> # if defined(NETBSD_PF) # include <net/pfil.h> @@ -332,7 +323,7 @@ int count; # endif -# if defined(__NetBSD__) || defined(__OpenBSD__) +# if defined(__NetBSD__) int ipl_enable() # else int iplattach() @@ -340,7 +331,8 @@ int iplattach() { char *defpass; int s; -# if defined(__sgi) || (defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000)) +# if defined(__sgi) || (defined(NETBSD_PF) && \ + ((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011))) int error = 0; # endif #if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105110000) @@ -376,13 +368,10 @@ int iplattach() # ifdef NETBSD_PF # if (__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011) # if __NetBSD_Version__ >= 105110000 - ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); -# ifdef USE_INET6 - ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); -# endif - if (ph_inet == NULL + if ( + !(ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET)) # ifdef USE_INET6 - && ph_inet6 == NULL + && !(ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6)) # endif ) return ENODEV; @@ -499,7 +488,7 @@ int ipl_disable() int ipldetach() # endif { - int s, i; + int s, i = FR_INQUE|FR_OUTQUE; #if defined(NETBSD_PF) && \ ((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011)) int error = 0; @@ -541,8 +530,8 @@ int ipldetach() printf("%s unloaded\n", ipfilter_version); fr_checkp = fr_savep; - i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE); - i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE); + i = frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE|FR_INACTIVE); + i += frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE); fr_running = 0; # ifdef NETBSD_PF @@ -629,8 +618,8 @@ int IPL_EXTERN(ioctl)(dev, cmd, data, mode # if (defined(_KERNEL) && ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || \ (NetBSD >= 199511) || (__FreeBSD_version >= 220000) || \ defined(__OpenBSD__))) -, p) -struct proc *p; +, td) +struct thread *td; # else ) # endif @@ -651,7 +640,7 @@ int mode; int error = 0, unit = 0, tmp; #if (BSD >= 199306) && defined(_KERNEL) - if ((securelevel >= 2) && (mode & FWRITE)) + if ((securelevel >= 3) && (mode & FWRITE)) return EPERM; #endif #ifdef _KERNEL @@ -687,16 +676,7 @@ int mode; if (!fr_running) error = EIO; else - if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) { - if (!(mode & FWRITE)) { - error = EPERM; - } else { - error = frrequest(unit, cmd, data, - fr_active); - } - } else { - error = fr_auth_ioctl(data, mode, cmd); - } + error = fr_auth_ioctl(data, mode, cmd, NULL, NULL); SPL_X(s); return error; } @@ -720,7 +700,7 @@ int mode; if (error) break; if (enable) -# if defined(__NetBSD__) || defined(__OpenBSD__) +# if defined(__NetBSD__) error = ipl_enable(); # else error = iplattach(); @@ -793,26 +773,12 @@ int mode; else { error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp)); if (!error) { - tmp = frflush(unit, 4, tmp); - error = IWCOPY((caddr_t)&tmp, data, - sizeof(tmp)); - } - } - break; -#ifdef USE_INET6 - case SIOCIPFL6 : - if (!(mode & FWRITE)) - error = EPERM; - else { - error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp)); - if (!error) { - tmp = frflush(unit, 6, tmp); + tmp = frflush(unit, tmp); error = IWCOPY((caddr_t)&tmp, data, sizeof(tmp)); } } break; -#endif case SIOCSTLCK : error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp)); if (!error) { @@ -837,6 +803,12 @@ int mode; if (error) error = EFAULT; break; + case SIOCAUTHW : + case SIOCAUTHR : + if (!(mode & FWRITE)) { + error = EPERM; + break; + } case SIOCFRSYN : if (!(mode & FWRITE)) error = EPERM; @@ -1042,9 +1014,6 @@ caddr_t data; return EBUSY; if (fg && fg->fg_head) fg->fg_head->fr_ref--; - if (unit == IPL_LOGAUTH) { - return fr_preauthcmd(req, f, ftail); - } if (f->fr_grhead) fr_delgroup((u_int)f->fr_grhead, fp->fr_flags, unit, set); @@ -1059,9 +1028,6 @@ caddr_t data; if (f) error = EEXIST; else { - if (unit == IPL_LOGAUTH) { - return fr_preauthcmd(req, fp, ftail); - } KMALLOC(f, frentry_t *); if (f != NULL) { if (fg && fg->fg_head) @@ -1098,9 +1064,9 @@ int IPL_EXTERN(open)(dev_t dev, int flags) int IPL_EXTERN(open)(dev, flags # if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \ (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL) -, devtype, p) +, devtype, td) int devtype; -struct proc *p; +struct thread *td; # else ) # endif @@ -1128,9 +1094,9 @@ int IPL_EXTERN(close)(dev_t dev, int flags, int devtype, cred_t *cp) int IPL_EXTERN(close)(dev, flags # if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \ (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL) -, devtype, p) +, devtype, td) int devtype; -struct proc *p; +struct thread *td; # else ) # endif @@ -1194,9 +1160,9 @@ fr_info_t *fin; if (tcp->th_flags & TH_RST) return -1; /* feedback loop */ # if (BSD < 199306) || defined(__sgi) - m = m_get(M_DONTWAIT, MT_HEADER); + m = m_get(M_NOWAIT, MT_HEADER); # else - m = m_gethdr(M_DONTWAIT, MT_HEADER); + m = m_gethdr(M_NOWAIT, MT_HEADER); # endif if (m == NULL) return ENOBUFS; @@ -1287,8 +1253,7 @@ struct mbuf **mp; ip->ip_tos = oip->ip_tos; ip->ip_id = oip->ip_id; -# if defined(__NetBSD__) || \ - (defined(__OpenBSD__) && (OpenBSD >= 200012)) +# if defined(__NetBSD__) || defined(__OpenBSD__) if (ip_mtudisc != 0) ip->ip_off = IP_DF; # else @@ -1372,10 +1337,10 @@ int dst; # if (BSD < 199306) || defined(__sgi) avail = MLEN; - m = m_get(M_DONTWAIT, MT_HEADER); + m = m_get(M_NOWAIT, MT_HEADER); # else avail = MHLEN; - m = m_gethdr(M_DONTWAIT, MT_HEADER); + m = m_gethdr(M_NOWAIT, MT_HEADER); # endif if (m == NULL) return ENOBUFS; @@ -1399,11 +1364,11 @@ int dst; if (type == ICMP6_DST_UNREACH) code = icmptoicmp6unreach[code]; - MGETHDR(m, M_DONTWAIT, MT_HEADER); + MGETHDR(m, M_NOWAIT, MT_HEADER); if (!m) return ENOBUFS; - MCLGET(m, M_DONTWAIT); + MCLGET(m, M_NOWAIT); if ((m->m_flags & M_EXT) == 0) { m_freem(m); return ENOBUFS; @@ -1412,7 +1377,7 @@ int dst; m->m_len = 0; avail = M_TRAILINGSPACE(m); # else - avail = (m->m_flags & M_EXT) ? MCLBYTES : MHLEN; + avail = MCLBYTES; # endif xtra = MIN(ntohs(oip6->ip6_plen) + sizeof(ip6_t), avail - hlen - sizeof(*icmp) - max_linkhdr); @@ -1523,7 +1488,7 @@ void iplinit() { -# if defined(__NetBSD__) || defined(__OpenBSD__) +# if defined(__NetBSD__) if (ipl_enable() != 0) # else if (iplattach() != 0) @@ -1599,7 +1564,7 @@ frdest_t *fdp; * problem. */ if (M_WRITABLE(m) == 0) { - if ((m0 = m_dup(m, M_DONTWAIT)) != NULL) { + if ((m0 = m_dup(m, M_NOWAIT)) != NULL) { m_freem(*mpp); *mpp = m0; m = m0; @@ -1628,7 +1593,7 @@ frdest_t *fdp; /* * Route packet. */ -#if defined(__sgi) && (IRIX >= 605) +#ifdef __sgi ROUTE_RDLOCK(); #endif bzero((caddr_t)ro, sizeof (*ro)); @@ -1668,7 +1633,7 @@ frdest_t *fdp; rtalloc(ro); # endif -#if defined(__sgi) && (IRIX > 602) +#ifdef __sgi ROUTE_UNLOCK(); #endif @@ -1782,9 +1747,9 @@ frdest_t *fdp; mhlen = sizeof (struct ip); for (off = hlen + len; off < ip->ip_len; off += len) { # ifdef MGETHDR - MGETHDR(m, M_DONTWAIT, MT_HEADER); + MGETHDR(m, M_NOWAIT, MT_HEADER); # else - MGET(m, M_DONTWAIT, MT_HEADER); + MGET(m, M_NOWAIT, MT_HEADER); # endif if (m == 0) { error = ENOBUFS; @@ -1939,12 +1904,6 @@ frdest_t *fdp; struct route_in6 *ro; struct ifnet *ifp; frentry_t *fr; -#if defined(OpenBSD) && (OpenBSD >= 200211) - struct route_in6 *ro_pmtu = NULL; - struct in6_addr finaldst; - ip6_t *ip6; -#endif - u_long mtu; int error; ifp = NULL; @@ -1982,23 +1941,11 @@ frdest_t *fdp; dst6 = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway; ro->ro_rt->rt_use++; -#if defined(OpenBSD) && (OpenBSD >= 200211) - ip6 = mtod(m0, ip6_t *); - ro_pmtu = ro; - finaldst = ip6->ip6_dst; - error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu); - if (error == 0) { -#else - mtu = nd_ifinfo[ifp->if_index].linkmtu; -#endif - if (m0->m_pkthdr.len <= mtu) - error = nd6_output(ifp, fin->fin_ifp, m0, - dst6, ro->ro_rt); - else - error = EMSGSIZE; -#if defined(OpenBSD) && (OpenBSD >= 200211) - } -#endif + if (m0->m_pkthdr.len <= nd_ifinfo[ifp->if_index].linkmtu) + error = nd6_output(ifp, fin->fin_ifp, m0, dst6, + ro->ro_rt); + else + error = EMSGSIZE; } if (ro->ro_rt != NULL) { |
