summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_fw.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_fw.c')
-rw-r--r--sys/netinet/ip_fw.c62
1 files changed, 52 insertions, 10 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index d9069dc..950be6b 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -12,14 +12,14 @@
*
* This software is provided ``AS IS'' without any warranties of any kind.
*
- * $Id: ip_fw.c,v 1.96 1998/08/23 03:07:14 wollman Exp $
+ * $Id: ip_fw.c,v 1.100 1998/12/14 18:09:13 luigi Exp $
*/
/*
* Implement IP packet firewall
*/
-#ifndef IPFIREWALL_MODULE
+#if !defined(KLD_MODULE) && !defined(IPFIREWALL_MODULE)
#include "opt_ipfw.h"
#include "opt_ipdn.h"
#include "opt_ipdivert.h"
@@ -71,9 +71,9 @@ static int fw_verbose_limit = 0;
#define IPFW_DEFAULT_RULE ((u_int)(u_short)~0)
-LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
+static LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
-MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
+static MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
#ifdef SYSCTL_NODE
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
@@ -111,11 +111,6 @@ static void ipfw_report __P((struct ip_fw *f, struct ip *ip,
static void flush_rule_ptrs(void);
-#ifdef IPFIREWALL_MODULE
-static ip_fw_chk_t *old_chk_ptr;
-static ip_fw_ctl_t *old_ctl_ptr;
-#endif
-
static int ip_fw_chk __P((struct ip **pip, int hlen,
struct ifnet *oif, u_int16_t *cookie, struct mbuf **m,
struct ip_fw_chain **flow_id,
@@ -1275,7 +1270,10 @@ ip_fw_init(void)
#endif
}
-#ifdef IPFIREWALL_MODULE
+static ip_fw_chk_t *old_chk_ptr;
+static ip_fw_ctl_t *old_ctl_ptr;
+
+#if defined(IPFIREWALL_MODULE) && !defined(KLD_MODULE)
#include <sys/exec.h>
#include <sys/sysent.h>
@@ -1322,4 +1320,48 @@ ipfw_mod(struct lkm_table *lkmtp, int cmd, int ver)
MOD_DISPATCH(ipfw, lkmtp, cmd, ver,
ipfw_load, ipfw_unload, lkm_nullcmd);
}
+#else
+static int
+ipfw_modevent(module_t mod, int type, void *unused)
+{
+ int s;
+
+ switch (type) {
+ case MOD_LOAD:
+ s = splnet();
+
+ old_chk_ptr = ip_fw_chk_ptr;
+ old_ctl_ptr = ip_fw_ctl_ptr;
+
+ ip_fw_init();
+ splx(s);
+ return 0;
+ case MOD_UNLOAD:
+ s = splnet();
+
+ ip_fw_chk_ptr = old_chk_ptr;
+ ip_fw_ctl_ptr = old_ctl_ptr;
+
+ while (LIST_FIRST(&ip_fw_chain) != NULL) {
+ struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain);
+ LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain);
+ free(fcp->rule, M_IPFW);
+ free(fcp, M_IPFW);
+ }
+
+ splx(s);
+ printf("IP firewall unloaded\n");
+ return 0;
+ default:
+ break;
+ }
+ return 0;
+}
+
+static moduledata_t ipfwmod = {
+ "ipfw",
+ ipfw_modevent,
+ 0
+};
+DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY);
#endif
OpenPOWER on IntegriCloud