diff options
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_fil_freebsd.c')
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_fil_freebsd.c | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c index 760122e..d361bea 100644 --- a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c +++ b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c @@ -5,7 +5,7 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_fil_freebsd.c,v 2.53.2.27 2005/08/20 13:48:19 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_fil_freebsd.c,v 2.53.2.32 2006/03/25 13:03:01 darrenr Exp $"; #endif #if defined(KERNEL) || defined(_KERNEL) @@ -55,6 +55,7 @@ static const char rcsid[] = "@(#)$Id: ip_fil_freebsd.c,v 2.53.2.27 2005/08/20 13 #endif #include <sys/protosw.h> #include <sys/socket.h> +#include <sys/selinfo.h> #include <net/if.h> #if __FreeBSD_version >= 300000 @@ -131,6 +132,7 @@ int ipf_locks_done = 0; #if (__FreeBSD_version >= 300000) struct callout_handle fr_slowtimer_ch; #endif +struct selinfo ipfselwait[IPL_LOGSIZE]; #if (__FreeBSD_version >= 500011) # include <sys/conf.h> @@ -300,6 +302,7 @@ pfil_error: fr_checkp = fr_check; } + bzero((char *)ipfselwait, sizeof(ipfselwait)); bzero((char *)frcache, sizeof(frcache)); fr_running = 1; @@ -476,9 +479,11 @@ int mode; } SPL_NET(s); + READ_ENTER(&ipf_global); error = fr_ioctlswitch(unit, data, cmd, mode); if (error != -1) { + RWLOCK_EXIT(&ipf_global); SPL_X(s); return error; } @@ -619,7 +624,10 @@ int mode; error = EINVAL; break; } + + RWLOCK_EXIT(&ipf_global); SPL_X(s); + return error; } @@ -742,14 +750,18 @@ dev_t dev; #endif register struct uio *uio; { + u_int xmin = GET_MINOR(dev); + + if (xmin < 0) + return ENXIO; # ifdef IPFILTER_SYNC - if (GET_MINOR(dev) == IPL_LOGSYNC) + if (xmin == IPL_LOGSYNC) return ipfsync_read(uio); # endif #ifdef IPFILTER_LOG - return ipflog_read(GET_MINOR(dev), uio); + return ipflog_read(xmin, uio); #else return ENXIO; #endif @@ -1155,6 +1167,8 @@ frdest_t *fdp; u_short ip_off; frentry_t *fr; + ro = NULL; + #ifdef M_WRITABLE /* * HOT FIX/KLUDGE: @@ -1168,15 +1182,15 @@ frdest_t *fdp; * problem. */ if (M_WRITABLE(m) == 0) { - if ((m0 = m_dup(m, M_DONTWAIT)) != 0) { + m0 = m_dup(m, M_DONTWAIT); + if (m0 != 0) { FREE_MB_T(m); m = m0; *mpp = m; } else { error = ENOBUFS; FREE_MB_T(m); - *mpp = NULL; - fr_frouteok[1]++; + goto done; } } #endif @@ -1218,18 +1232,8 @@ frdest_t *fdp; goto bad; } - /* - * In case we're here due to "to <if>" being used with "keep state", - * check that we're going in the correct direction. - */ - if ((fr != NULL) && (fin->fin_rev != 0)) { - if ((ifp != NULL) && (fdp == &fr->fr_tif)) - return -1; - } - if (fdp != NULL) { - if (fdp->fd_ip.s_addr != 0) - dst->sin_addr = fdp->fd_ip; - } + if ((fdp != NULL) && (fdp->fd_ip.s_addr != 0)) + dst->sin_addr = fdp->fd_ip; dst->sin_len = sizeof(*dst); rtalloc(ro); @@ -1346,6 +1350,7 @@ frdest_t *fdp; else mhip->ip_off |= IP_MF; mhip->ip_len = htons((u_short)(len + mhlen)); + *mnext = m; m->m_next = m_copy(m0, off, len); if (m->m_next == 0) { error = ENOBUFS; /* ??? */ @@ -1356,7 +1361,6 @@ frdest_t *fdp; mhip->ip_off = htons((u_short)mhip->ip_off); mhip->ip_sum = 0; mhip->ip_sum = in_cksum(m, mhlen); - *mnext = m; mnext = &m->m_act; } /* @@ -1385,7 +1389,7 @@ done: else fr_frouteok[1]++; - if (ro->ro_rt) { + if ((ro != NULL) && (ro->ro_rt != NULL)) { RTFREE(ro->ro_rt); } *mpp = NULL; @@ -1488,6 +1492,9 @@ struct in_addr *inp, *inpmask; else if (atype == FRI_PEERADDR) sock = ifa->ifa_dstaddr; + if (sock == NULL) + return -1; + #ifdef USE_INET6 if (v == 6) { return fr_ifpfillv6addr(atype, (struct sockaddr_in6 *)sock, |