diff options
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_rules.c')
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_rules.c | 77 |
1 files changed, 56 insertions, 21 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_rules.c b/sys/contrib/ipfilter/netinet/ip_rules.c index f080ec5b..434b9de 100644 --- a/sys/contrib/ipfilter/netinet/ip_rules.c +++ b/sys/contrib/ipfilter/netinet/ip_rules.c @@ -1,18 +1,29 @@ /* $FreeBSD$ */ /* -* Copyright (C) 1993-2000 by Darren Reed. +* Copyright (C) 2012 by Darren Reed. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. */ +#include <sys/param.h> #include <sys/types.h> #include <sys/time.h> #include <sys/socket.h> -#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi) -# include <sys/systm.h> +#if defined(__FreeBSD_version) && (__FreeBSD_version >= 40000) +# if defined(_KERNEL) +# include <sys/libkern.h> +# else +# include <sys/unistd.h> +# endif +#endif +#if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 399000000) +#else +# if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi) +# include <sys/systm.h> +# endif #endif #include <sys/errno.h> #include <sys/param.h> @@ -40,18 +51,32 @@ #ifdef IPFILTER_COMPILED +extern ipf_main_softc_t ipfmain; + + static u_long in_rule__0[] = { -0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x80000000, 0x8002, 0, 0, 0, 0xffff, 0, 0, 0x4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +0, 0, 0, 0, 0, 0, 0, 0x8070d88, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0x1b0, 0x1, 0, 0, 0, 0x2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40000000, 0x8002, 0, 0, 0, 0xffff, 0, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0 }; static u_long out_rule__0[] = { -0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x80000000, 0x4002, 0, 0, 0, 0xffff, 0, 0, 0x4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +0, 0, 0, 0, 0, 0, 0, 0x8070d88, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0x1b0, 0x1, 0, 0, 0, 0x3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x40000000, 0x4002, 0, 0, 0, 0xffff, 0, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0 }; frentry_t *ipf_rules_in_[1] = { (frentry_t *)&in_rule__0 }; +/* XXX This file (ip_rules.c) is not part of the ipfilter tarball, it is + XXX generated by the ipfilter build process. Unfortunately the build + XXX process did not generate the following lines so they are added + XXX by hand here. This is a bit of a hack but it works for now. Future + XXX imports/merges of ipfilter may generate this so the following will + XXX need to be removed following some future merge. + XXX */ +frentry_t *ipf_rules_out_[1] = { + (frentry_t *)&out_rule__0 +}; + frentry_t *ipfrule_match_in_(fin, passp) fr_info_t *fin; u_32_t *passp; @@ -62,10 +87,6 @@ u_32_t *passp; return fr; } -frentry_t *ipf_rules_out_[1] = { - (frentry_t *)&out_rule__0 -}; - frentry_t *ipfrule_match_out_(fin, passp) fr_info_t *fin; u_32_t *passp; @@ -87,9 +108,14 @@ int ipfrule_add_out_() fp = ipf_rules_out_[i]; fp->fr_next = NULL; for (j = i + 1; j < max; j++) - if (strncmp(fp->fr_group, + if (strncmp(fp->fr_names + fp->fr_group, + ipf_rules_out_[j]->fr_names + ipf_rules_out_[j]->fr_group, FR_GROUPLEN) == 0) { + if (ipf_rules_out_[j] != NULL) + ipf_rules_out_[j]->fr_pnext = + &fp->fr_next; + fp->fr_pnext = &ipf_rules_out_[j]; fp->fr_next = ipf_rules_out_[j]; break; } @@ -97,13 +123,14 @@ int ipfrule_add_out_() fp = &ipfrule_out_; bzero((char *)fp, sizeof(*fp)); - fp->fr_type = FR_T_CALLFUNC|FR_T_BUILTIN; + fp->fr_type = FR_T_CALLFUNC_BUILTIN; fp->fr_flags = FR_OUTQUE|FR_NOMATCH; fp->fr_data = (void *)ipf_rules_out_[0]; fp->fr_dsize = sizeof(ipf_rules_out_[0]); - fp->fr_v = 4; + fp->fr_family = AF_INET; fp->fr_func = (ipfunc_t)ipfrule_match_out_; - err = frrequest(IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, fr_active, 0); + err = frrequest(&ipfmain, IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, + ipfmain.ipf_active, 0); return err; } @@ -129,8 +156,9 @@ int ipfrule_remove_out_() } } if (err == 0) - err = frrequest(IPL_LOGIPF, SIOCDELFR, - (caddr_t)&ipfrule_out_, fr_active, 0); + err = frrequest(&ipfmain, IPL_LOGIPF, SIOCDELFR, + (caddr_t)&ipfrule_out_, + ipfmain.ipf_active, 0); if (err) return err; @@ -149,9 +177,14 @@ int ipfrule_add_in_() fp = ipf_rules_in_[i]; fp->fr_next = NULL; for (j = i + 1; j < max; j++) - if (strncmp(fp->fr_group, + if (strncmp(fp->fr_names + fp->fr_group, + ipf_rules_in_[j]->fr_names + ipf_rules_in_[j]->fr_group, FR_GROUPLEN) == 0) { + if (ipf_rules_in_[j] != NULL) + ipf_rules_in_[j]->fr_pnext = + &fp->fr_next; + fp->fr_pnext = &ipf_rules_in_[j]; fp->fr_next = ipf_rules_in_[j]; break; } @@ -159,13 +192,14 @@ int ipfrule_add_in_() fp = &ipfrule_in_; bzero((char *)fp, sizeof(*fp)); - fp->fr_type = FR_T_CALLFUNC|FR_T_BUILTIN; + fp->fr_type = FR_T_CALLFUNC_BUILTIN; fp->fr_flags = FR_INQUE|FR_NOMATCH; fp->fr_data = (void *)ipf_rules_in_[0]; fp->fr_dsize = sizeof(ipf_rules_in_[0]); - fp->fr_v = 4; + fp->fr_family = AF_INET; fp->fr_func = (ipfunc_t)ipfrule_match_in_; - err = frrequest(IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, fr_active, 0); + err = frrequest(&ipfmain, IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, + ipfmain.ipf_active, 0); return err; } @@ -191,8 +225,9 @@ int ipfrule_remove_in_() } } if (err == 0) - err = frrequest(IPL_LOGIPF, SIOCDELFR, - (caddr_t)&ipfrule_in_, fr_active, 0); + err = frrequest(&ipfmain, IPL_LOGIPF, SIOCDELFR, + (caddr_t)&ipfrule_in_, + ipfmain.ipf_active, 0); if (err) return err; |