system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-06 00:20:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit import changed from vendor branch of ipfilter to -current head

Browse source
This commit is contained in:
Darren Reed 2003-02-15 06:23:45 +00:00
parent d2c988ba46
commit 32c7da78f7
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=110915
5 changed files with 222 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
sys/contrib/ipfilter/netinet/fil.c
View file

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/errno.h>
@ -701,7 +701,8 @@ void *m;
if (!fr_tcpudpchk(&fr->fr_tuc, fin))
continue;
} else if (fr->fr_icmpm || fr->fr_icmp) {
if ((fi->fi_p != IPPROTO_ICMP) || off ||
if (((fi->fi_p != IPPROTO_ICMP) &&
(fi->fi_p != IPPROTO_ICMPV6)) || off ||
(fin->fin_dlen < 2))
continue;
if ((fin->fin_data[0] & fr->fr_icmpm) != fr->fr_icmp) {
@ -816,6 +817,26 @@ int out;
# endif
int up;
# if !SOLARIS && !defined(NETBSD_PF) && \
((defined(__FreeBSD__) && (__FreeBSD_version < 500011)) || \
defined(__OpenBSD__) || defined(_BSDI_VERSION))
if (fr_checkp != fr_check && fr_running > 0) {
static int counter = 0;
if (counter == 0) {
printf("WARNING: fr_checkp corrupt: value %lx\n",
(u_long)fr_checkp);
printf("WARNING: fr_checkp should be %lx\n",
(u_long)fr_check);
printf("WARNING: fixing fr_checkp\n");
}
fr_checkp = fr_check;
counter++;
if (counter == 10000)
counter = 0;
}
# endif
# ifdef M_CANFASTFWD
/*
* XXX For now, IP Filter and fast-forwarding of cached flows
@ -1526,7 +1547,7 @@ tcphdr_t *tcp;
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
* $Id: fil.c,v 2.35.2.63 2002/08/28 12:40:08 darrenr Exp $
* $Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@ -1732,9 +1753,9 @@ frentry_t **listp;
}
int frflush(unit, flags)
int frflush(unit, proto, flags)
minor_t unit;
int flags;
int proto, flags;
{
int flushed = 0, set;
@ -1749,19 +1770,35 @@ int flags;
if (flags & FR_OUTQUE) {
#ifdef USE_INET6
(void) frflushlist(set, unit, &flushed, &ipfilter6[1][set]);
(void) frflushlist(set, unit, &flushed, &ipacct6[1][set]);
if (proto == 0 || proto == 6) {
(void) frflushlist(set, unit,
&flushed, &ipfilter6[1][set]);
(void) frflushlist(set, unit,
&flushed, &ipacct6[1][set]);
}
#endif
(void) frflushlist(set, unit, &flushed, &ipfilter[1][set]);
(void) frflushlist(set, unit, &flushed, &ipacct[1][set]);
if (proto == 0 || proto == 4) {
(void) frflushlist(set, unit,
&flushed, &ipfilter[1][set]);
(void) frflushlist(set, unit,
&flushed, &ipacct[1][set]);
}
}
if (flags & FR_INQUE) {
#ifdef USE_INET6
(void) frflushlist(set, unit, &flushed, &ipfilter6[0][set]);
(void) frflushlist(set, unit, &flushed, &ipacct6[0][set]);
if (proto == 0 || proto == 6) {
(void) frflushlist(set, unit,
&flushed, &ipfilter6[0][set]);
(void) frflushlist(set, unit,
&flushed, &ipacct6[0][set]);
}
#endif
(void) frflushlist(set, unit, &flushed, &ipfilter[0][set]);
(void) frflushlist(set, unit, &flushed, &ipacct[0][set]);
if (proto == 0 || proto == 4) {
(void) frflushlist(set, unit,
&flushed, &ipfilter[0][set]);
(void) frflushlist(set, unit,
&flushed, &ipacct[0][set]);
}
}
RWLOCK_EXIT(&ipf_mutex);
return flushed;

120
sys/contrib/ipfilter/netinet/ip_auth.c
View file

@ -3,7 +3,7 @@
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# include <sys/ptimers.h>
#endif
#include <sys/errno.h>
@ -298,9 +298,15 @@ ip_t *ip;
cv_signal(&ipfauthwait);
#else
# if defined(BSD) && !defined(sparc) && (BSD >= 199306)
<<<<<<< ip_auth.c
if (!fin->fin_out) {
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
=======
if (fin->fin_out == 0) {
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
>>>>>>> 1.1.1.11
}
# endif
fr_authpkts[i] = m;
@ -310,7 +316,7 @@ ip_t *ip;
}
int fr_auth_ioctl(data, mode, cmd, fr, frptr)
int fr_auth_ioctl(data, mode, cmd)
caddr_t data;
int mode;
#if defined(__NetBSD__) || defined(__OpenBSD__) || (__FreeBSD_version >= 300003)
@ -318,19 +324,21 @@ u_long cmd;
#else
int cmd;
#endif
frentry_t *fr, **frptr;
{
mb_t *m;
#if defined(_KERNEL) && !SOLARIS
int s;
#endif
frauth_t auth, *au = &auth, *fra;
frauthent_t *fae, **faep;
int i, error = 0;
switch (cmd)
{
case SIOCSTLCK :
if (!(mode & FWRITE)) {
error = EPERM;
break;
}
error = fr_lock(data, &fr_auth_lock);
break;
case SIOCINIFR :
@ -343,45 +351,8 @@ frentry_t *fr, **frptr;
break;
case SIOCRMAFR :
case SIOCADAFR :
for (faep = &fae_list; (fae = *faep); )
if (&fae->fae_fr == fr)
break;
else
faep = &fae->fae_next;
if (cmd == SIOCRMAFR) {
if (!fr || !frptr)
error = EINVAL;
else if (!fae)
error = ESRCH;
else {
WRITE_ENTER(&ipf_auth);
SPL_NET(s);
*faep = fae->fae_next;
*frptr = fr->fr_next;
SPL_X(s);
RWLOCK_EXIT(&ipf_auth);
KFREE(fae);
}
} else if (fr && frptr) {
KMALLOC(fae, frauthent_t *);
if (fae != NULL) {
bcopy((char *)fr, (char *)&fae->fae_fr,
sizeof(*fr));
WRITE_ENTER(&ipf_auth);
SPL_NET(s);
fae->fae_age = fr_defaultauthage;
fae->fae_fr.fr_hits = 0;
fae->fae_fr.fr_next = *frptr;
*frptr = &fae->fae_fr;
fae->fae_next = *faep;
*faep = fae;
ipauth = &fae_list->fae_fr;
SPL_X(s);
RWLOCK_EXIT(&ipf_auth);
} else
error = ENOMEM;
} else
error = EINVAL;
/* These commands go via request to fr_preauthcmd */
error = EINVAL;
break;
case SIOCATHST:
fr_authstats.fas_faelist = fae_list;
@ -629,3 +600,66 @@ void fr_authexpire()
RWLOCK_EXIT(&ipf_auth);
SPL_X(s);
}
int fr_preauthcmd(cmd, fr, frptr)
#if defined(__NetBSD__) || defined(__OpenBSD__) || \
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
u_long cmd;
#else
int cmd;
#endif
frentry_t *fr, **frptr;
{
frauthent_t *fae, **faep;
int error = 0;
#if defined(KERNEL) && !SOLARIS
int s;
#endif
if ((cmd != SIOCADAFR) && (cmd != SIOCRMAFR)) {
/* Should not happen */
printf("fr_preauthcmd called with bad cmd 0x%lx", (u_long)cmd);
return EIO;
}
for (faep = &fae_list; (fae = *faep); )
if (&fae->fae_fr == fr)
break;
else
faep = &fae->fae_next;
if (cmd == SIOCRMAFR) {
if (!fr || !frptr)
error = EINVAL;
else if (!fae)
error = ESRCH;
else {
WRITE_ENTER(&ipf_auth);
SPL_NET(s);
*faep = fae->fae_next;
*frptr = fr->fr_next;
SPL_X(s);
RWLOCK_EXIT(&ipf_auth);
KFREE(fae);
}
} else if (fr && frptr) {
KMALLOC(fae, frauthent_t *);
if (fae != NULL) {
bcopy((char *)fr, (char *)&fae->fae_fr,
sizeof(*fr));
WRITE_ENTER(&ipf_auth);
SPL_NET(s);
fae->fae_age = fr_defaultauthage;
fae->fae_fr.fr_hits = 0;
fae->fae_fr.fr_next = *frptr;
*frptr = &fae->fae_fr;
fae->fae_next = *faep;
*faep = fae;
ipauth = &fae_list->fae_fr;
SPL_X(s);
RWLOCK_EXIT(&ipf_auth);
} else
error = ENOMEM;
} else
error = EINVAL;
return error;
}

6
sys/contrib/ipfilter/netinet/ip_auth.h
View file

@ -54,8 +54,10 @@ extern mb_t *fr_authpkts[];
extern int fr_newauth __P((mb_t *, fr_info_t *, ip_t *));
#if defined(__NetBSD__) || defined(__OpenBSD__) || \
(__FreeBSD_version >= 300003)
extern int fr_auth_ioctl __P((caddr_t, int, u_long, frentry_t *, frentry_t **));
extern int fr_preauthcmd __P((u_long, frentry_t *, frentry_t **));
extern int fr_auth_ioctl __P((caddr_t, int, u_long));
#else
extern int fr_auth_ioctl __P((caddr_t, int, int, frentry_t *, frentry_t **));
extern int fr_preauthcmd __P((int, frentry_t *, frentry_t **));
extern int fr_auth_ioctl __P((caddr_t, int, int));
#endif
#endif /* __IP_AUTH_H__ */

2
sys/contrib/ipfilter/netinet/ip_compat.h
View file

@ -533,6 +533,7 @@ extern ill_t *get_unit __P((char *, int));
# ifdef sun
# if !SOLARIS
# include <sys/time.h>
# include <sys/kmem_alloc.h>
# define GETUNIT(n, v) ifunit(n, IFNAMSIZ)
# define IFNAME(x) ((struct ifnet *)x)->if_name
@ -655,6 +656,7 @@ extern vm_map_t kmem_map;
# define IWCOPYPTR iwcopyptr
# define IFNAME(x) get_ifname((struct ifnet *)x)
# define UIOMOVE(a,b,c,d) ipfuiomove(a,b,c,d)
# include <sys/time.h>
extern void m_copydata __P((mb_t *, int, int, caddr_t));
extern int ipfuiomove __P((caddr_t, int, int, struct uio *));
#endif /* KERNEL */

114
sys/contrib/ipfilter/netinet/ip_fil.c
View file

@ -25,7 +25,7 @@
# include <osreldate.h>
# endif
#endif
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
# define _KMEMUSER
# include <sys/ptimers.h>
#endif
@ -118,6 +118,10 @@
# include <sys/kernel.h>
extern int ip_optcopy __P((struct ip *, struct ip *));
#endif
#if defined(OpenBSD) && (OpenBSD >= 200211) && defined(_KERNEL)
extern int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
struct ifnet *, struct in6_addr *, u_long *);
#endif
#include <machine/in_cksum.h>
@ -195,6 +199,15 @@ struct timeout ipfr_slowtimer_ch;
toid_t ipfr_slowtimer_ch;
#endif
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000) && \
defined(_KERNEL)
# include <sys/conf.h>
const struct cdevsw ipl_cdevsw = {
iplopen, iplclose, iplread, nowrite, iplioctl,
nostop, notty, nopoll, nommap,
};
#endif
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
# include <sys/device.h>
# include <sys/conf.h>
@ -323,7 +336,7 @@ int count;
# endif
# if defined(__NetBSD__)
# if defined(__NetBSD__) || defined(__OpenBSD__)
int ipl_enable()
# else
int iplattach()
@ -368,10 +381,13 @@ int iplattach()
# ifdef NETBSD_PF
# if (__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011)
# if __NetBSD_Version__ >= 105110000
if (
!(ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET))
ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
# ifdef USE_INET6
&& !(ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6))
ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
# endif
if (ph_inet == NULL
# ifdef USE_INET6
&& ph_inet6 == NULL
# endif
)
return ENODEV;
@ -488,9 +504,15 @@ int ipl_disable()
int ipldetach()
# endif
{
<<<<<<< ip_fil.c
int s, i = FR_INQUE|FR_OUTQUE;
#if defined(NETBSD_PF) && \
((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011))
=======
int s, i;
#if defined(NETBSD_PF) && \
((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011))
>>>>>>> 1.1.1.17
int error = 0;
# if __NetBSD_Version__ >= 105150000
struct pfil_head *ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
@ -530,8 +552,8 @@ int ipldetach()
printf("%s unloaded\n", ipfilter_version);
fr_checkp = fr_savep;
i = frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
i += frflush(IPL_LOGIPF, FR_INQUE|FR_OUTQUE);
i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE);
fr_running = 0;
# ifdef NETBSD_PF
@ -676,7 +698,16 @@ int mode;
if (!fr_running)
error = EIO;
else
error = fr_auth_ioctl(data, mode, cmd, NULL, NULL);
if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) {
if (!(mode & FWRITE)) {
error = EPERM;
} else {
error = frrequest(unit, cmd, data,
fr_active);
}
} else {
error = fr_auth_ioctl(data, mode, cmd);
}
SPL_X(s);
return error;
}
@ -700,7 +731,7 @@ int mode;
if (error)
break;
if (enable)
# if defined(__NetBSD__)
# if defined(__NetBSD__) || defined(__OpenBSD__)
error = ipl_enable();
# else
error = iplattach();
@ -773,12 +804,26 @@ int mode;
else {
error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
tmp = frflush(unit, tmp);
tmp = frflush(unit, 4, tmp);
error = IWCOPY((caddr_t)&tmp, data,
sizeof(tmp));
}
}
break;
#ifdef USE_INET6
case SIOCIPFL6 :
if (!(mode & FWRITE))
error = EPERM;
else {
error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
tmp = frflush(unit, 6, tmp);
error = IWCOPY((caddr_t)&tmp, data,
sizeof(tmp));
}
}
break;
#endif
case SIOCSTLCK :
error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
if (!error) {
@ -803,12 +848,6 @@ int mode;
if (error)
error = EFAULT;
break;
case SIOCAUTHW :
case SIOCAUTHR :
if (!(mode & FWRITE)) {
error = EPERM;
break;
}
case SIOCFRSYN :
if (!(mode & FWRITE))
error = EPERM;
@ -1014,6 +1053,9 @@ caddr_t data;
return EBUSY;
if (fg && fg->fg_head)
fg->fg_head->fr_ref--;
if (unit == IPL_LOGAUTH) {
return fr_preauthcmd(req, f, ftail);
}
if (f->fr_grhead)
fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
unit, set);
@ -1028,6 +1070,9 @@ caddr_t data;
if (f)
error = EEXIST;
else {
if (unit == IPL_LOGAUTH) {
return fr_preauthcmd(req, fp, ftail);
}
KMALLOC(f, frentry_t *);
if (f != NULL) {
if (fg && fg->fg_head)
@ -1253,7 +1298,8 @@ struct mbuf **mp;
ip->ip_tos = oip->ip_tos;
ip->ip_id = oip->ip_id;
# if defined(__NetBSD__) || defined(__OpenBSD__)
# if defined(__NetBSD__) || \
(defined(__OpenBSD__) && (OpenBSD >= 200012))
if (ip_mtudisc != 0)
ip->ip_off = IP_DF;
# else
@ -1488,7 +1534,7 @@ void
iplinit()
{
# if defined(__NetBSD__)
# if defined(__NetBSD__) || defined(__OpenBSD__)
if (ipl_enable() != 0)
# else
if (iplattach() != 0)
@ -1593,7 +1639,7 @@ frdest_t *fdp;
/*
* Route packet.
*/
#ifdef __sgi
#if defined(__sgi) && (IRIX >= 605)
ROUTE_RDLOCK();
#endif
bzero((caddr_t)ro, sizeof (*ro));
@ -1633,7 +1679,7 @@ frdest_t *fdp;
rtalloc(ro);
# endif
#ifdef __sgi
#if defined(__sgi) && (IRIX > 602)
ROUTE_UNLOCK();
#endif
@ -1904,6 +1950,12 @@ frdest_t *fdp;
struct route_in6 *ro;
struct ifnet *ifp;
frentry_t *fr;
#if defined(OpenBSD) && (OpenBSD >= 200211)
struct route_in6 *ro_pmtu = NULL;
struct in6_addr finaldst;
ip6_t *ip6;
#endif
u_long mtu;
int error;
ifp = NULL;
@ -1941,11 +1993,23 @@ frdest_t *fdp;
dst6 = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
ro->ro_rt->rt_use++;
if (m0->m_pkthdr.len <= nd_ifinfo[ifp->if_index].linkmtu)
error = nd6_output(ifp, fin->fin_ifp, m0, dst6,
ro->ro_rt);
else
error = EMSGSIZE;
#if defined(OpenBSD) && (OpenBSD >= 200211)
ip6 = mtod(m0, ip6_t *);
ro_pmtu = ro;
finaldst = ip6->ip6_dst;
error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu);
if (error == 0) {
#else
mtu = nd_ifinfo[ifp->if_index].linkmtu;
#endif
if (m0->m_pkthdr.len <= mtu)
error = nd6_output(ifp, fin->fin_ifp, m0,
dst6, ro->ro_rt);
else
error = EMSGSIZE;
#if defined(OpenBSD) && (OpenBSD >= 200211)
}
#endif
}
if (ro->ro_rt != NULL) {