summaryrefslogtreecommitdiffstats
path: root/sys/contrib/ipfilter/netinet/ip_lookup.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_lookup.c')
-rw-r--r--sys/contrib/ipfilter/netinet/ip_lookup.c695
1 files changed, 0 insertions, 695 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_lookup.c b/sys/contrib/ipfilter/netinet/ip_lookup.c
deleted file mode 100644
index e33a6fe..0000000
--- a/sys/contrib/ipfilter/netinet/ip_lookup.c
+++ /dev/null
@@ -1,695 +0,0 @@
-/*
- * Copyright (C) 2002-2003 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
- */
-#if defined(KERNEL) || defined(_KERNEL)
-# undef KERNEL
-# undef _KERNEL
-# define KERNEL 1
-# define _KERNEL 1
-#endif
-#if defined(__osf__)
-# define _PROTO_NET_H_
-#endif
-#include <sys/param.h>
-#include <sys/errno.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/file.h>
-#if __FreeBSD_version >= 220000 && defined(_KERNEL)
-# include <sys/fcntl.h>
-# include <sys/filio.h>
-#else
-# include <sys/ioctl.h>
-#endif
-#if !defined(_KERNEL)
-# include <string.h>
-# define _KERNEL
-# ifdef __OpenBSD__
-struct file;
-# endif
-# include <sys/uio.h>
-# undef _KERNEL
-#endif
-#include <sys/socket.h>
-#if (defined(__osf__) || defined(AIX) || defined(__hpux) || defined(__sgi)) && defined(_KERNEL)
-# include "radix_ipf_local.h"
-# define _RADIX_H_
-#endif
-#include <net/if.h>
-#if defined(__FreeBSD__)
-# include <sys/cdefs.h>
-# include <sys/proc.h>
-#endif
-#if defined(_KERNEL)
-# include <sys/systm.h>
-# if !defined(__SVR4) && !defined(__svr4__)
-# include <sys/mbuf.h>
-# endif
-#endif
-#include <netinet/in.h>
-
-#include "netinet/ip_compat.h"
-#include "netinet/ip_fil.h"
-#include "netinet/ip_pool.h"
-#include "netinet/ip_htable.h"
-#include "netinet/ip_lookup.h"
-/* END OF INCLUDES */
-
-#if !defined(lint)
-static const char rcsid[] = "@(#)$Id: ip_lookup.c,v 2.35.2.19 2007/10/11 09:05:51 darrenr Exp $";
-#endif
-
-#ifdef IPFILTER_LOOKUP
-int ip_lookup_inited = 0;
-
-static int iplookup_addnode __P((caddr_t));
-static int iplookup_delnode __P((caddr_t data));
-static int iplookup_addtable __P((caddr_t));
-static int iplookup_deltable __P((caddr_t));
-static int iplookup_stats __P((caddr_t));
-static int iplookup_flush __P((caddr_t));
-static int iplookup_iterate __P((void *, int, void *));
-static int iplookup_deltok __P((void *, int, void *));
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_init */
-/* Returns: int - 0 = success, else error */
-/* Parameters: Nil */
-/* */
-/* Initialise all of the subcomponents of the lookup infrstructure. */
-/* ------------------------------------------------------------------------ */
-int ip_lookup_init()
-{
-
- if (ip_pool_init() == -1)
- return -1;
-
- RWLOCK_INIT(&ip_poolrw, "ip pool rwlock");
-
- ip_lookup_inited = 1;
-
- return 0;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_unload */
-/* Returns: int - 0 = success, else error */
-/* Parameters: Nil */
-/* */
-/* Free up all pool related memory that has been allocated whilst IPFilter */
-/* has been running. Also, do any other deinitialisation required such */
-/* ip_lookup_init() can be called again, safely. */
-/* ------------------------------------------------------------------------ */
-void ip_lookup_unload()
-{
- ip_pool_fini();
- fr_htable_unload();
-
- if (ip_lookup_inited == 1) {
- RW_DESTROY(&ip_poolrw);
- ip_lookup_inited = 0;
- }
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_ioctl */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(IO) - pointer to ioctl data to be copied to/from user */
-/* space. */
-/* cmd(I) - ioctl command number */
-/* mode(I) - file mode bits used with open */
-/* */
-/* Handle ioctl commands sent to the ioctl device. For the most part, this */
-/* involves just calling another function to handle the specifics of each */
-/* command. */
-/* ------------------------------------------------------------------------ */
-int ip_lookup_ioctl(data, cmd, mode, uid, ctx)
-caddr_t data;
-ioctlcmd_t cmd;
-int mode, uid;
-void *ctx;
-{
- int err;
- SPL_INT(s);
-
- mode = mode; /* LINT */
-
- SPL_NET(s);
-
- switch (cmd)
- {
- case SIOCLOOKUPADDNODE :
- case SIOCLOOKUPADDNODEW :
- WRITE_ENTER(&ip_poolrw);
- err = iplookup_addnode(data);
- RWLOCK_EXIT(&ip_poolrw);
- break;
-
- case SIOCLOOKUPDELNODE :
- case SIOCLOOKUPDELNODEW :
- WRITE_ENTER(&ip_poolrw);
- err = iplookup_delnode(data);
- RWLOCK_EXIT(&ip_poolrw);
- break;
-
- case SIOCLOOKUPADDTABLE :
- WRITE_ENTER(&ip_poolrw);
- err = iplookup_addtable(data);
- RWLOCK_EXIT(&ip_poolrw);
- break;
-
- case SIOCLOOKUPDELTABLE :
- WRITE_ENTER(&ip_poolrw);
- err = iplookup_deltable(data);
- RWLOCK_EXIT(&ip_poolrw);
- break;
-
- case SIOCLOOKUPSTAT :
- case SIOCLOOKUPSTATW :
- WRITE_ENTER(&ip_poolrw);
- err = iplookup_stats(data);
- RWLOCK_EXIT(&ip_poolrw);
- break;
-
- case SIOCLOOKUPFLUSH :
- WRITE_ENTER(&ip_poolrw);
- err = iplookup_flush(data);
- RWLOCK_EXIT(&ip_poolrw);
- break;
-
- case SIOCLOOKUPITER :
- err = iplookup_iterate(data, uid, ctx);
- break;
-
- case SIOCIPFDELTOK :
- err = iplookup_deltok(data, uid, ctx);
- break;
-
- default :
- err = EINVAL;
- break;
- }
- SPL_X(s);
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_addnode */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* Add a new data node to a lookup structure. First, check to see if the */
-/* parent structure refered to by name exists and if it does, then go on to */
-/* add a node to it. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_addnode(data)
-caddr_t data;
-{
- ip_pool_node_t node, *m;
- iplookupop_t op;
- iphtable_t *iph;
- iphtent_t hte;
- ip_pool_t *p;
- int err;
-
- err = BCOPYIN(data, &op, sizeof(op));
- if (err != 0)
- return EFAULT;
-
- if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX)
- return EINVAL;
-
- op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
-
- switch (op.iplo_type)
- {
- case IPLT_POOL :
- if (op.iplo_size != sizeof(node))
- return EINVAL;
-
- err = COPYIN(op.iplo_struct, &node, sizeof(node));
- if (err != 0)
- return EFAULT;
-
- p = ip_pool_find(op.iplo_unit, op.iplo_name);
- if (p == NULL)
- return ESRCH;
-
- /*
- * add an entry to a pool - return an error if it already
- * exists remove an entry from a pool - if it exists
- * - in both cases, the pool *must* exist!
- */
- m = ip_pool_findeq(p, &node.ipn_addr, &node.ipn_mask);
- if (m)
- return EEXIST;
- err = ip_pool_insert(p, &node.ipn_addr.adf_addr,
- &node.ipn_mask.adf_addr, node.ipn_info);
- break;
-
- case IPLT_HASH :
- if (op.iplo_size != sizeof(hte))
- return EINVAL;
-
- err = COPYIN(op.iplo_struct, &hte, sizeof(hte));
- if (err != 0)
- return EFAULT;
-
- iph = fr_findhtable(op.iplo_unit, op.iplo_name);
- if (iph == NULL)
- return ESRCH;
- err = fr_addhtent(iph, &hte);
- break;
-
- default :
- err = EINVAL;
- break;
- }
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_delnode */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* Delete a node from a lookup table by first looking for the table it is */
-/* in and then deleting the entry that gets found. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_delnode(data)
-caddr_t data;
-{
- ip_pool_node_t node, *m;
- iplookupop_t op;
- iphtable_t *iph;
- iphtent_t hte;
- ip_pool_t *p;
- int err;
-
- err = BCOPYIN(data, &op, sizeof(op));
- if (err != 0)
- return EFAULT;
-
- if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX)
- return EINVAL;
-
- op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
-
- switch (op.iplo_type)
- {
- case IPLT_POOL :
- if (op.iplo_size != sizeof(node))
- return EINVAL;
-
- err = COPYIN(op.iplo_struct, &node, sizeof(node));
- if (err != 0)
- return EFAULT;
-
- p = ip_pool_find(op.iplo_unit, op.iplo_name);
- if (!p)
- return ESRCH;
-
- m = ip_pool_findeq(p, &node.ipn_addr, &node.ipn_mask);
- if (m == NULL)
- return ENOENT;
- err = ip_pool_remove(p, m);
- break;
-
- case IPLT_HASH :
- if (op.iplo_size != sizeof(hte))
- return EINVAL;
-
- err = COPYIN(op.iplo_struct, &hte, sizeof(hte));
- if (err != 0)
- return EFAULT;
-
- iph = fr_findhtable(op.iplo_unit, op.iplo_name);
- if (iph == NULL)
- return ESRCH;
- err = fr_delhtent(iph, &hte);
- break;
-
- default :
- err = EINVAL;
- break;
- }
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_addtable */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* Create a new lookup table, if one doesn't already exist using the name */
-/* for this one. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_addtable(data)
-caddr_t data;
-{
- iplookupop_t op;
- int err;
-
- err = BCOPYIN(data, &op, sizeof(op));
- if (err != 0)
- return EFAULT;
-
- if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX)
- return EINVAL;
-
- op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
-
- switch (op.iplo_type)
- {
- case IPLT_POOL :
- if (ip_pool_find(op.iplo_unit, op.iplo_name) != NULL)
- err = EEXIST;
- else
- err = ip_pool_create(&op);
- break;
-
- case IPLT_HASH :
- if (fr_findhtable(op.iplo_unit, op.iplo_name) != NULL)
- err = EEXIST;
- else
- err = fr_newhtable(&op);
- break;
-
- default :
- err = EINVAL;
- break;
- }
-
- /*
- * For anonymous pools, copy back the operation struct because in the
- * case of success it will contain the new table's name.
- */
- if ((err == 0) && ((op.iplo_arg & LOOKUP_ANON) != 0)) {
- err = BCOPYOUT(&op, data, sizeof(op));
- if (err != 0)
- err = EFAULT;
- }
-
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_deltable */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* Decodes ioctl request to remove a particular hash table or pool and */
-/* calls the relevant function to do the cleanup. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_deltable(data)
-caddr_t data;
-{
- iplookupop_t op;
- int err;
-
- err = BCOPYIN(data, &op, sizeof(op));
- if (err != 0)
- return EFAULT;
-
- if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX)
- return EINVAL;
-
- op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
-
- /*
- * create a new pool - fail if one already exists with
- * the same #
- */
- switch (op.iplo_type)
- {
- case IPLT_POOL :
- err = ip_pool_destroy(op.iplo_unit, op.iplo_name);
- break;
-
- case IPLT_HASH :
- err = fr_removehtable(op.iplo_unit, op.iplo_name);
- break;
-
- default :
- err = EINVAL;
- break;
- }
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_stats */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* Copy statistical information from inside the kernel back to user space. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_stats(data)
-caddr_t data;
-{
- iplookupop_t op;
- int err;
-
- err = BCOPYIN(data, &op, sizeof(op));
- if (err != 0)
- return EFAULT;
-
- if (op.iplo_unit < 0 || op.iplo_unit > IPL_LOGMAX)
- return EINVAL;
-
- switch (op.iplo_type)
- {
- case IPLT_POOL :
- err = ip_pool_statistics(&op);
- break;
-
- case IPLT_HASH :
- err = fr_gethtablestat(&op);
- break;
-
- default :
- err = EINVAL;
- break;
- }
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_flush */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* A flush is called when we want to flush all the nodes from a particular */
-/* entry in the hash table/pool or want to remove all groups from those. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_flush(data)
-caddr_t data;
-{
- int err, unit, num, type;
- iplookupflush_t flush;
-
- err = BCOPYIN(data, &flush, sizeof(flush));
- if (err != 0)
- return EFAULT;
-
- unit = flush.iplf_unit;
- if ((unit < 0 || unit > IPL_LOGMAX) && (unit != IPLT_ALL))
- return EINVAL;
-
- flush.iplf_name[sizeof(flush.iplf_name) - 1] = '\0';
-
- type = flush.iplf_type;
- err = EINVAL;
- num = 0;
-
- if (type == IPLT_POOL || type == IPLT_ALL) {
- err = 0;
- num = ip_pool_flush(&flush);
- }
-
- if (type == IPLT_HASH || type == IPLT_ALL) {
- err = 0;
- num += fr_flushhtable(&flush);
- }
-
- if (err == 0) {
- flush.iplf_count = num;
- err = BCOPYOUT(&flush, data, sizeof(flush));
- if (err != 0)
- err = EFAULT;
- }
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: ip_lookup_delref */
-/* Returns: void */
-/* Parameters: type(I) - table type to operate on */
-/* ptr(I) - pointer to object to remove reference for */
-/* */
-/* This function organises calling the correct deref function for a given */
-/* type of object being passed into it. */
-/* ------------------------------------------------------------------------ */
-void ip_lookup_deref(type, ptr)
-int type;
-void *ptr;
-{
- if (ptr == NULL)
- return;
-
- WRITE_ENTER(&ip_poolrw);
- switch (type)
- {
- case IPLT_POOL :
- ip_pool_deref(ptr);
- break;
-
- case IPLT_HASH :
- fr_derefhtable(ptr);
- break;
- }
- RWLOCK_EXIT(&ip_poolrw);
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_iterate */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* uid(I) - uid of caller */
-/* ctx(I) - pointer to give the uid context */
-/* */
-/* Decodes ioctl request to step through either hash tables or pools. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_iterate(data, uid, ctx)
-void *data;
-int uid;
-void *ctx;
-{
- ipflookupiter_t iter;
- ipftoken_t *token;
- int err;
- SPL_INT(s);
-
- err = fr_inobj(data, &iter, IPFOBJ_LOOKUPITER);
- if (err != 0)
- return err;
-
- if (iter.ili_unit > IPL_LOGMAX)
- return EINVAL;
-
- if (iter.ili_ival != IPFGENITER_LOOKUP)
- return EINVAL;
-
- SPL_SCHED(s);
- token = ipf_findtoken(iter.ili_key, uid, ctx);
- if (token == NULL) {
- RWLOCK_EXIT(&ipf_tokens);
- SPL_X(s);
- return ESRCH;
- }
-
- switch (iter.ili_type)
- {
- case IPLT_POOL :
- err = ip_pool_getnext(token, &iter);
- break;
- case IPLT_HASH :
- err = fr_htable_getnext(token, &iter);
- break;
- default :
- err = EINVAL;
- break;
- }
- RWLOCK_EXIT(&ipf_tokens);
- SPL_X(s);
-
- return err;
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_iterderef */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* */
-/* Decodes ioctl request to remove a particular hash table or pool and */
-/* calls the relevant function to do the cleanup. */
-/* ------------------------------------------------------------------------ */
-void ip_lookup_iterderef(type, data)
-u_32_t type;
-void *data;
-{
- iplookupiterkey_t key;
-
- key.ilik_key = type;
-
- if (key.ilik_unstr.ilik_ival != IPFGENITER_LOOKUP)
- return;
-
- switch (key.ilik_unstr.ilik_type)
- {
- case IPLT_HASH :
- fr_htable_iterderef((u_int)key.ilik_unstr.ilik_otype,
- (int)key.ilik_unstr.ilik_unit, data);
- break;
- case IPLT_POOL :
- ip_pool_iterderef((u_int)key.ilik_unstr.ilik_otype,
- (int)key.ilik_unstr.ilik_unit, data);
- break;
- }
-}
-
-
-/* ------------------------------------------------------------------------ */
-/* Function: iplookup_deltok */
-/* Returns: int - 0 = success, else error */
-/* Parameters: data(I) - pointer to data from ioctl call */
-/* uid(I) - uid of caller */
-/* ctx(I) - pointer to give the uid context */
-/* */
-/* Deletes the token identified by the combination of (type,uid,ctx) */
-/* "key" is a combination of the table type, iterator type and the unit for */
-/* which the token was being used. */
-/* ------------------------------------------------------------------------ */
-static int iplookup_deltok(data, uid, ctx)
-void *data;
-int uid;
-void *ctx;
-{
- int error, key;
- SPL_INT(s);
-
- SPL_SCHED(s);
- error = BCOPYIN(data, &key, sizeof(key));
- if (error == 0)
- error = ipf_deltoken(key, uid, ctx);
- SPL_X(s);
- return error;
-}
-
-
-#else /* IPFILTER_LOOKUP */
-
-/*ARGSUSED*/
-int ip_lookup_ioctl(data, cmd, mode, uid, ctx)
-caddr_t data;
-ioctlcmd_t cmd;
-int mode, uid;
-void *ctx;
-{
- return EIO;
-}
-#endif /* IPFILTER_LOOKUP */
OpenPOWER on IntegriCloud