diff options
Diffstat (limited to 'sys/netinet/ip_fw.c')
-rw-r--r-- | sys/netinet/ip_fw.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index d9069dc..950be6b 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -12,14 +12,14 @@ * * This software is provided ``AS IS'' without any warranties of any kind. * - * $Id: ip_fw.c,v 1.96 1998/08/23 03:07:14 wollman Exp $ + * $Id: ip_fw.c,v 1.100 1998/12/14 18:09:13 luigi Exp $ */ /* * Implement IP packet firewall */ -#ifndef IPFIREWALL_MODULE +#if !defined(KLD_MODULE) && !defined(IPFIREWALL_MODULE) #include "opt_ipfw.h" #include "opt_ipdn.h" #include "opt_ipdivert.h" @@ -71,9 +71,9 @@ static int fw_verbose_limit = 0; #define IPFW_DEFAULT_RULE ((u_int)(u_short)~0) -LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain; +static LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain; -MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's"); +static MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's"); #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); @@ -111,11 +111,6 @@ static void ipfw_report __P((struct ip_fw *f, struct ip *ip, static void flush_rule_ptrs(void); -#ifdef IPFIREWALL_MODULE -static ip_fw_chk_t *old_chk_ptr; -static ip_fw_ctl_t *old_ctl_ptr; -#endif - static int ip_fw_chk __P((struct ip **pip, int hlen, struct ifnet *oif, u_int16_t *cookie, struct mbuf **m, struct ip_fw_chain **flow_id, @@ -1275,7 +1270,10 @@ ip_fw_init(void) #endif } -#ifdef IPFIREWALL_MODULE +static ip_fw_chk_t *old_chk_ptr; +static ip_fw_ctl_t *old_ctl_ptr; + +#if defined(IPFIREWALL_MODULE) && !defined(KLD_MODULE) #include <sys/exec.h> #include <sys/sysent.h> @@ -1322,4 +1320,48 @@ ipfw_mod(struct lkm_table *lkmtp, int cmd, int ver) MOD_DISPATCH(ipfw, lkmtp, cmd, ver, ipfw_load, ipfw_unload, lkm_nullcmd); } +#else +static int +ipfw_modevent(module_t mod, int type, void *unused) +{ + int s; + + switch (type) { + case MOD_LOAD: + s = splnet(); + + old_chk_ptr = ip_fw_chk_ptr; + old_ctl_ptr = ip_fw_ctl_ptr; + + ip_fw_init(); + splx(s); + return 0; + case MOD_UNLOAD: + s = splnet(); + + ip_fw_chk_ptr = old_chk_ptr; + ip_fw_ctl_ptr = old_ctl_ptr; + + while (LIST_FIRST(&ip_fw_chain) != NULL) { + struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain); + LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain); + free(fcp->rule, M_IPFW); + free(fcp, M_IPFW); + } + + splx(s); + printf("IP firewall unloaded\n"); + return 0; + default: + break; + } + return 0; +} + +static moduledata_t ipfwmod = { + "ipfw", + ipfw_modevent, + 0 +}; +DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY); #endif |