summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_fw_nat.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_fw_nat.c')
-rw-r--r--sys/netinet/ip_fw_nat.c71
1 files changed, 36 insertions, 35 deletions
diff --git a/sys/netinet/ip_fw_nat.c b/sys/netinet/ip_fw_nat.c
index 3a4f4a1..688a181 100644
--- a/sys/netinet/ip_fw_nat.c
+++ b/sys/netinet/ip_fw_nat.c
@@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$");
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <sys/ucred.h>
+#include <sys/vimage.h>
#include <netinet/libalias/alias.h>
#include <netinet/libalias/alias_local.h>
@@ -84,9 +85,9 @@ ifaddr_change(void *arg __unused, struct ifnet *ifp)
struct cfg_nat *ptr;
struct ifaddr *ifa;
- IPFW_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&V_layer3_chain);
/* Check every nat entry... */
- LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
+ LIST_FOREACH(ptr, &V_layer3_chain.nat, _next) {
/* ...using nic 'ifp->if_xname' as dynamic alias address. */
if (strncmp(ptr->if_name, ifp->if_xname, IF_NAMESIZE) == 0) {
mtx_lock(&ifp->if_addr_mtx);
@@ -102,7 +103,7 @@ ifaddr_change(void *arg __unused, struct ifnet *ifp)
mtx_unlock(&ifp->if_addr_mtx);
}
}
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
}
static void
@@ -110,8 +111,8 @@ flush_nat_ptrs(const int i)
{
struct ip_fw *rule;
- IPFW_WLOCK_ASSERT(&layer3_chain);
- for (rule = layer3_chain.rules; rule; rule = rule->next) {
+ IPFW_WLOCK_ASSERT(&V_layer3_chain);
+ for (rule = V_layer3_chain.rules; rule; rule = rule->next) {
ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
if (cmd->o.opcode != O_NAT)
continue;
@@ -121,12 +122,12 @@ flush_nat_ptrs(const int i)
}
#define HOOK_NAT(b, p) do { \
- IPFW_WLOCK_ASSERT(&layer3_chain); \
+ IPFW_WLOCK_ASSERT(&V_layer3_chain); \
LIST_INSERT_HEAD(b, p, _next); \
} while (0)
#define UNHOOK_NAT(p) do { \
- IPFW_WLOCK_ASSERT(&layer3_chain); \
+ IPFW_WLOCK_ASSERT(&V_layer3_chain); \
LIST_REMOVE(p, _next); \
} while (0)
@@ -414,20 +415,20 @@ ipfw_nat_cfg(struct sockopt *sopt)
/*
* Find/create nat rule.
*/
- IPFW_WLOCK(&layer3_chain);
- LOOKUP_NAT(layer3_chain, ser_n->id, ptr);
+ IPFW_WLOCK(&V_layer3_chain);
+ LOOKUP_NAT(V_layer3_chain, ser_n->id, ptr);
if (ptr == NULL) {
/* New rule: allocate and init new instance. */
ptr = malloc(sizeof(struct cfg_nat),
M_IPFW, M_NOWAIT | M_ZERO);
if (ptr == NULL) {
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
free(buf, M_IPFW);
return (ENOSPC);
}
ptr->lib = LibAliasInit(NULL);
if (ptr->lib == NULL) {
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
free(ptr, M_IPFW);
free(buf, M_IPFW);
return (EINVAL);
@@ -438,7 +439,7 @@ ipfw_nat_cfg(struct sockopt *sopt)
UNHOOK_NAT(ptr);
flush_nat_ptrs(ser_n->id);
}
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
/*
* Basic nat configuration.
@@ -464,9 +465,9 @@ ipfw_nat_cfg(struct sockopt *sopt)
/* Add new entries. */
add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr);
free(buf, M_IPFW);
- IPFW_WLOCK(&layer3_chain);
- HOOK_NAT(&layer3_chain.nat, ptr);
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WLOCK(&V_layer3_chain);
+ HOOK_NAT(&V_layer3_chain.nat, ptr);
+ IPFW_WUNLOCK(&V_layer3_chain);
return (0);
}
@@ -477,15 +478,15 @@ ipfw_nat_del(struct sockopt *sopt)
int i;
sooptcopyin(sopt, &i, sizeof i, sizeof i);
- IPFW_WLOCK(&layer3_chain);
- LOOKUP_NAT(layer3_chain, i, ptr);
+ IPFW_WLOCK(&V_layer3_chain);
+ LOOKUP_NAT(V_layer3_chain, i, ptr);
if (ptr == NULL) {
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
return (EINVAL);
}
UNHOOK_NAT(ptr);
flush_nat_ptrs(i);
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
@@ -505,9 +506,9 @@ ipfw_nat_get_cfg(struct sockopt *sopt)
off = sizeof(nat_cnt);
data = malloc(NAT_BUF_LEN, M_IPFW, M_WAITOK | M_ZERO);
- IPFW_RLOCK(&layer3_chain);
+ IPFW_RLOCK(&V_layer3_chain);
/* Serialize all the data. */
- LIST_FOREACH(n, &layer3_chain.nat, _next) {
+ LIST_FOREACH(n, &V_layer3_chain.nat, _next) {
nat_cnt++;
if (off + SOF_NAT < NAT_BUF_LEN) {
bcopy(n, &data[off], SOF_NAT);
@@ -534,12 +535,12 @@ ipfw_nat_get_cfg(struct sockopt *sopt)
goto nospace;
}
bcopy(&nat_cnt, data, sizeof(nat_cnt));
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
sooptcopyout(sopt, data, NAT_BUF_LEN);
free(data, M_IPFW);
return (0);
nospace:
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
printf("serialized data buffer not big enough:"
"please increase NAT_BUF_LEN\n");
free(data, M_IPFW);
@@ -557,16 +558,16 @@ ipfw_nat_get_log(struct sockopt *sopt)
sof = LIBALIAS_BUF_SIZE;
cnt = 0;
- IPFW_RLOCK(&layer3_chain);
+ IPFW_RLOCK(&V_layer3_chain);
size = i = 0;
- LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
+ LIST_FOREACH(ptr, &V_layer3_chain.nat, _next) {
if (ptr->lib->logDesc == NULL)
continue;
cnt++;
size = cnt * (sof + sizeof(int));
data = realloc(data, size, M_IPFW, M_NOWAIT | M_ZERO);
if (data == NULL) {
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
return (ENOSPC);
}
bcopy(&ptr->id, &data[i], sizeof(int));
@@ -574,7 +575,7 @@ ipfw_nat_get_log(struct sockopt *sopt)
bcopy(ptr->lib->logDesc, &data[i], sof);
i += sof;
}
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
sooptcopyout(sopt, data, size);
free(data, M_IPFW);
return(0);
@@ -584,15 +585,15 @@ static void
ipfw_nat_init(void)
{
- IPFW_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&V_layer3_chain);
/* init ipfw hooks */
ipfw_nat_ptr = ipfw_nat;
ipfw_nat_cfg_ptr = ipfw_nat_cfg;
ipfw_nat_del_ptr = ipfw_nat_del;
ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg;
ipfw_nat_get_log_ptr = ipfw_nat_get_log;
- IPFW_WUNLOCK(&layer3_chain);
- ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change,
+ IPFW_WUNLOCK(&V_layer3_chain);
+ V_ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change,
NULL, EVENTHANDLER_PRI_ANY);
}
@@ -602,23 +603,23 @@ ipfw_nat_destroy(void)
struct ip_fw *rule;
struct cfg_nat *ptr, *ptr_temp;
- IPFW_WLOCK(&layer3_chain);
- LIST_FOREACH_SAFE(ptr, &layer3_chain.nat, _next, ptr_temp) {
+ IPFW_WLOCK(&V_layer3_chain);
+ LIST_FOREACH_SAFE(ptr, &V_layer3_chain.nat, _next, ptr_temp) {
LIST_REMOVE(ptr, _next);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
}
- EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag);
+ EVENTHANDLER_DEREGISTER(ifaddr_event, V_ifaddr_event_tag);
/* flush all nat ptrs */
- for (rule = layer3_chain.rules; rule; rule = rule->next) {
+ for (rule = V_layer3_chain.rules; rule; rule = rule->next) {
ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
if (cmd->o.opcode == O_NAT)
cmd->nat = NULL;
}
/* deregister ipfw_nat */
ipfw_nat_ptr = NULL;
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
}
static int
OpenPOWER on IntegriCloud