From 9f43dad9fc6c03f7de0b8524d64fa3cdac16bd58 Mon Sep 17 00:00:00 2001 From: andre Date: Tue, 19 Oct 2004 21:14:57 +0000 Subject: Convert IPDIVERT into a loadable module. This makes use of the dynamic loadability of protocols. The call to divert_packet() is done through a function pointer. All semantics of IPDIVERT remain intact. If IPDIVERT is not loaded ipfw will refuse to install divert rules and natd will complain about 'protocol not supported'. Once it is loaded both will work and accept rules and open the divert socket. The module can only be unloaded if no divert sockets are open. It does not close any divert sockets when an unload is requested but will return EBUSY instead. --- sys/netinet/ip_fw_pfil.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'sys/netinet/ip_fw_pfil.c') diff --git a/sys/netinet/ip_fw_pfil.c b/sys/netinet/ip_fw_pfil.c index 3b08f69..80c7d05 100644 --- a/sys/netinet/ip_fw_pfil.c +++ b/sys/netinet/ip_fw_pfil.c @@ -29,7 +29,6 @@ #if !defined(KLD_MODULE) #include "opt_ipfw.h" #include "opt_ipdn.h" -#include "opt_ipdivert.h" #include "opt_inet.h" #ifndef INET #error IPFIREWALL requires INET. @@ -67,10 +66,13 @@ static int ipfw_pfil_hooked = 0; /* Dummynet hooks. */ ip_dn_ruledel_t *ip_dn_ruledel_ptr = NULL; -#define DIV_DIR_IN 1 -#define DIV_DIR_OUT 0 +/* Divert hooks. */ +ip_divert_packet_t *ip_divert_ptr = NULL; +/* Forward declarations. */ static int ipfw_divert(struct mbuf **, int, int); +#define DIV_DIR_IN 1 +#define DIV_DIR_OUT 0 int ipfw_check_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, @@ -255,13 +257,16 @@ ipfw_divert(struct mbuf **m, int incoming, int tee) * If tee is set, copy packet and return original. * If not tee, consume packet and send it to divert socket. */ -#ifdef IPDIVERT struct mbuf *clone, *reass; struct ip *ip; int hlen; reass = NULL; + /* Is divert module loaded? */ + if (ip_divert_ptr == NULL) + goto nodivert; + /* Cloning needed for tee? */ if (tee) clone = m_dup(*m, M_DONTWAIT); @@ -309,8 +314,8 @@ ipfw_divert(struct mbuf **m, int incoming, int tee) } /* Do the dirty job... */ - if (clone) - divert_packet(clone, incoming); + if (clone && ip_divert_ptr != NULL) + ip_divert_ptr(clone, incoming); teeout: /* @@ -322,10 +327,10 @@ teeout: /* Packet diverted and consumed */ return 1; -#else + +nodivert: m_freem(*m); return 1; -#endif /* ipdivert */ } static int -- cgit v1.1