d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Kernel module shim sources have no business being in the userland

Browse Source 
build directory, especially those for other operating systems.
The kernel module shims for other operating systems are hereby removed.
The kernel module shim for FreeBSD, mlfk_ipl.c, is already in
sys/contrib/ipfilter/netinet. The one here is never used and should
not be in the userland build directory either.

mlfk_rule.c isn't used either however we will keep it in case someone
wishes to use this shim to load rules via a kernel module, handy for
embedded. In that case it should be copied to
sys/contrib/ipfilter/netinet and a Makefile created to employ it.
(Probably a useful documentation project when time permits.)

MFC after:	1 month
This commit is contained in:
Cy Schubert 2019-02-03 05:26:07 +00:00
parent e82e8246fc
commit e9a5006bff
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=343704
12 changed files with 0 additions and 3050 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
contrib/ipfilter/ml_ipl.c
View File

@ -1,164 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/conf.h>
#include <sys/syslog.h>
#include <sys/buf.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/vnode.h>
#include <sundev/mbvar.h>
#include <sun/autoconf.h>
#include <sun/vddrv.h>
#if defined(sun4c) || defined(sun4m)
#include <sun/openprom.h>
#endif
#ifndef IPL_NAME
#define IPL_NAME "/dev/ipf"
#endif
extern int ipfattach(), ipfopen(), ipfclose(), ipfioctl(), ipfread();
extern int nulldev(), ipfidentify(), errno;
struct cdevsw ipfdevsw =
{
ipfopen, ipfclose, ipfread, nulldev,
ipfioctl, nulldev, nulldev, nulldev,
0, nulldev,
};
struct dev_ops ipf_ops =
{
1,
ipfidentify,
ipfattach,
ipfopen,
ipfclose,
ipfread,
NULL, /* write */
NULL, /* strategy */
NULL, /* dump */
0, /* psize */
ipfioctl,
NULL, /* reset */
NULL /* mmap */
};
int ipf_major = 0;
#ifdef sun4m
struct vdldrv vd =
{
VDMAGIC_PSEUDO,
"ipf",
&ipf_ops,
NULL,
&ipfdevsw,
0,
0,
NULL,
NULL,
NULL,
0,
1,
};
#else /* sun4m */
struct vdldrv vd =
{
VDMAGIC_PSEUDO, /* magic */
"ipf", /* name */
#ifdef sun4c
&ipf_ops, /* dev_ops */
#else
NULL, /* struct mb_ctlr *mb_ctlr */
NULL, /* struct mb_driver *mb_driver */
NULL, /* struct mb_device *mb_device */
0, /* num ctlrs */
1, /* numdevs */
#endif /* sun4c */
NULL, /* bdevsw */
&ipfdevsw, /* cdevsw */
0, /* block major */
0, /* char major */
};
#endif /* sun4m */
extern int vd_unuseddev();
extern struct cdevsw cdevsw[];
extern int nchrdev;
xxxinit(fc, vdp, vdi, vds)
u_int fc;
struct vddrv *vdp;
caddr_t vdi;
struct vdstat *vds;
{
struct vdlinkage *v;
int i;
switch (fc)
{
case VDLOAD:
while (ipf_major < nchrdev &&
cdevsw[ipf_major].d_open != vd_unuseddev)
ipf_major++;
if (ipf_major == nchrdev)
return ENODEV;
vd.Drv_charmajor = ipf_major;
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
return ipf_attach(vdi);
case VDUNLOAD:
return unload(vdp, vdi);
case VDSTAT:
return 0;
default:
return EIO;
}
}
static unload(vdp, vdi)
struct vddrv *vdp;
struct vdioctl_unload *vdi;
{
int i;
(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
return ipfdetach();
}
static int ipf_attach(vdi)
struct vdioctl_load *vdi;
{
struct vnode *vp;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600;
(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
vattr_null(&vattr);
vattr.va_type = MFTOVT(fmode);
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = ipf_major<<8;
error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error == 0)
VN_RELE(vp);
return ipfattach(0);
}

596
contrib/ipfilter/mlf_ipl.c
View File

@ -1,596 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/param.h>
#ifdef IPFILTER_LKM
# ifndef __FreeBSD_cc_version
# include <osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <osreldate.h>
# endif
# endif
# define ACTUALLY_LKM_NOT_KERNEL
#else
# ifndef __FreeBSD_cc_version
# include <sys/osreldate.h>
# else
# if __FreeBSD_cc_version < 430000
# include <sys/osreldate.h>
# endif
# endif
#endif
#include <sys/systm.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
# ifndef ACTUALLY_LKM_NOT_KERNEL
# include "opt_devfs.h"
# endif
# include <sys/conf.h>
# include <sys/kernel.h>
# ifdef DEVFS
# include <sys/devfsext.h>
# endif /*DEVFS*/
#endif
#include <sys/conf.h>
#include <sys/file.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
# include <sys/lock.h>
#endif
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#if BSD >= 199506
# include <sys/sysctl.h>
#endif
#if (__FreeBSD_version >= 300000)
# include <sys/socket.h>
#endif
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/sysent.h>
#include <sys/lkm.h>
#include "netinet/ipl.h"
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_state.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_auth.h"
#include "netinet/ip_frag.h"
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
int xxxinit __P((struct lkm_table *, int, int));
#ifdef SYSCTL_OID
int sysctl_ipf_int SYSCTL_HANDLER_ARGS;
# define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
ptr, val, sysctl_ipf_int, "I", descr);
# define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
# define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
&ipf_tcpidletimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
&ipf_tcphalfclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
&ipf_tcpclosewait, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
&ipf_tcplastack, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
&ipf_tcptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
&ipf_tcpclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
&ipf_udptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
&ipf_icmptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
&ipf_defnatage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
&ipf_ipfrttl, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
&ipf_running, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
&ipf_statesize, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
&ipf_statemax, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
&ipf_authsize, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
&ipf_authused, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
&ipf_defaultauthage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
&ippr_ftp_pasvonly, 0, "");
#endif
#ifdef DEVFS
static void *ipf_devfs[IPL_LOGSIZE];
#endif
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
int ipf_major = 0;
static struct cdevsw ipfdevsw =
{
ipfopen, /* open */
ipfclose, /* close */
ipfread, /* read */
(void *)nullop, /* write */
ipfioctl, /* ioctl */
(void *)nullop, /* stop */
(void *)nullop, /* reset */
(void *)NULL, /* tty */
(void *)nullop, /* select */
(void *)nullop, /* mmap */
NULL /* strategy */
};
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
extern struct cdevsw cdevsw[];
extern int vd_unuseddev __P((void));
extern int nchrdev;
#else
static struct cdevsw ipf_cdevsw = {
ipfopen, ipfclose, ipfread, nowrite, /* 79 */
ipfioctl, nostop, noreset, nodevtotty,
#if (__FreeBSD_version >= 300000)
seltrue, nommap, nostrategy, "ipf",
#else
noselect, nommap, nostrategy, "ipf",
#endif
NULL, -1
};
#endif
static void ipf_drvinit __P((void *));
#ifdef ACTUALLY_LKM_NOT_KERNEL
static int if_ipf_unload __P((struct lkm_table *, int));
static int if_ipf_load __P((struct lkm_table *, int));
static int if_ipf_remove __P((void));
static int ipf_major = CDEV_MAJOR;
static int ipfaction __P((struct lkm_table *, int));
static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
IPL_SCAN, IPL_SYNC, IPL_POOL, NULL };
extern int lkmenodev __P((void));
static int ipfaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
int i = ipf_major;
struct lkm_dev *args = lkmtp->private.lkm_dev;
#endif
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == lkmenodev ||
cdevsw[i].d_open == ipfopen)
break;
if (i == nchrdev) {
printf("IP Filter: No free cdevsw slots\n");
return ENODEV;
}
ipf_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
#endif
printf("IP Filter: loaded into slot %d\n", ipf_major);
err = if_ipf_load(lkmtp, cmd);
if (!err)
ipf_drvinit((void *)NULL);
return err;
break;
case LKM_E_UNLOAD :
err = if_ipf_unload(lkmtp, cmd);
if (!err) {
printf("IP Filter: unloaded from slot %d\n",
ipf_major);
#ifdef DEVFS
if (ipf_devfs[IPL_LOGIPF])
devfs_remove_dev(ipf_devfs[IPL_LOGIPF]);
if (ipf_devfs[IPL_LOGNAT])
devfs_remove_dev(ipf_devfs[IPL_LOGNAT]);
if (ipf_devfs[IPL_LOGSTATE])
devfs_remove_dev(ipf_devfs[IPL_LOGSTATE]);
if (ipf_devfs[IPL_LOGAUTH])
devfs_remove_dev(ipf_devfs[IPL_LOGAUTH]);
if (ipf_devfs[IPL_LOGSCAN])
devfs_remove_dev(ipf_devfs[IPL_LOGSCAN]);
if (ipf_devfs[IPL_LOGSYNC])
devfs_remove_dev(ipf_devfs[IPL_LOGSYNC]);
if (ipf_devfs[IPL_LOGLOOKUP])
devfs_remove_dev(ipf_devfs[IPL_LOGLOOKUP]);
#endif
}
return err;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return 0;
}
static int if_ipf_remove __P((void))
{
char *name;
struct nameidata nd;
int error, i;
for (i = 0; (name = ipf_devfiles[i]); i++) {
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
if ((error = namei(&nd)))
return (error);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
#if (__FreeBSD_version >= 300000)
VOP_LOCK(nd.ni_vp, LK_RETRY | LK_EXCLUSIVE, curproc);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
if (nd.ni_vp != NULLVP)
vput(nd.ni_vp);
#else
VOP_LOCK(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
#endif
}
return 0;
}
static int if_ipf_unload(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int error = 0;
error = ipfdetach();
if (!error)
error = if_ipf_remove();
return error;
}
static int if_ipf_load(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
struct nameidata nd;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
error = ipfattach();
if (error)
return error;
(void) if_ipf_remove();
for (i = 0; (name = ipf_devfiles[i]); i++) {
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
if ((error = namei(&nd)))
return error;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
return (EEXIST);
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
#if (__FreeBSD_version >= 300000)
vput(nd.ni_dvp);
#endif
if (error)
return error;
}
return 0;
}
#endif /* actually LKM */
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
/*
* strlen isn't present in 2.1.* kernels.
*/
size_t strlen(string)
char *string;
{
register char *s;
for (s = string; *s; s++)
;
return (size_t)(s - string);
}
int xxxinit(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
}
#else /* __FREEBSD_version >= 220000 */
# ifdef IPFILTER_LKM
# include <sys/exec.h>
# if (__FreeBSD_version >= 300000)
MOD_DEV(if_ipf, LM_DT_CHAR, CDEV_MAJOR, &ipf_cdevsw);
# else
MOD_DECL(if_ipf);
static struct lkm_dev _module = {
LM_DEV,
LKM_VERSION,
IPL_VERSION,
CDEV_MAJOR,
LM_DT_CHAR,
{ (void *)&ipf_cdevsw }
};
# endif
int if_ipf __P((struct lkm_table *, int, int));
int if_ipf(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
# if (__FreeBSD_version >= 300000)
MOD_DISPATCH(if_ipf, lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
# else
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
# endif
}
# endif /* IPFILTER_LKM */
static ipf_devsw_installed = 0;
static void ipf_drvinit __P((void *unused))
{
dev_t dev;
# ifdef DEVFS
void **tp = ipf_devfs;
# endif
if (!ipf_devsw_installed ) {
dev = makedev(CDEV_MAJOR, 0);
cdevsw_add(&dev, &ipf_cdevsw, NULL);
ipf_devsw_installed = 1;
# ifdef DEVFS
tp[IPL_LOGIPF] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGIPF,
DV_CHR, 0, 0, 0600, "ipf");
tp[IPL_LOGNAT] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGNAT,
DV_CHR, 0, 0, 0600, "ipnat");
tp[IPL_LOGSTATE] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGSTATE,
DV_CHR, 0, 0, 0600,
"ipstate");
tp[IPL_LOGAUTH] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGAUTH,
DV_CHR, 0, 0, 0600,
"ipauth");
# endif
}
}
#ifdef SYSCTL_IPF
int
sysctl_ipf_int SYSCTL_HANDLER_ARGS
{
int error = 0;
if (arg1)
error = SYSCTL_OUT(req, arg1, sizeof(int));
else
error = SYSCTL_OUT(req, &arg2, sizeof(int));
if (error || !req->newptr)
return (error);
if (!arg1)
error = EPERM;
else {
if ((oidp->oid_kind & CTLFLAG_OFF) && (ipf_running > 0))
error = EBUSY;
else
error = SYSCTL_IN(req, arg1, sizeof(int));
}
return (error);
}
#endif
# if defined(IPFILTER_LKM) || \
defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
SYSINIT(ipfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipf_drvinit,NULL)
# endif /* IPFILTER_LKM */
#endif /* _FreeBSD_version */
/*
* routines below for saving IP headers to buffer
*/
int ipfopen(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
int ipfclose(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
int ipfread(dev, uio, ioflag)
int ioflag;
#else
int ipfread(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
register struct uio *uio;
{
u_int unit = GET_MINOR(dev);
if (unit < 0)
return ENXIO;
if (ipf_running < 1)
return EIO;
if (unit == IPL_LOGSYNC)
return ipfsync_read(uio);
#ifdef IPFILTER_LOG
return ipflog_read(unit, uio);
#else
return ENXIO;
#endif
}
/*
* ipfwrite
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
int ipfwrite(dev, uio, ioflag)
int ioflag;
#else
int ipfwrite(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
register struct uio *uio;
{
if (ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipfsync_write(uio);
return ENXIO;
}

168
contrib/ipfilter/mlf_rule.c
View File

@ -1,168 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/param.h>
#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
# ifdef IPFILTER_LKM
# include <osreldate.h>
# define ACTUALLY_LKM_NOT_KERNEL
# else
# include <sys/osreldate.h>
# endif
#endif
#include <sys/systm.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
# include <sys/conf.h>
# include <sys/kernel.h>
# ifdef DEVFS
# include <sys/devfsext.h>
# endif /*DEVFS*/
#endif
#include <sys/conf.h>
#include <sys/file.h>
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
# include <sys/lock.h>
#endif
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#if BSD >= 199506
# include <sys/sysctl.h>
#endif
#if (__FreeBSD_version >= 300000)
# include <sys/socket.h>
#endif
#if (__FreeBSD_version >= 199511)
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#endif
#if (__FreeBSD__ > 1)
# include <sys/sysent.h>
#endif
#include <sys/lkm.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_rules.h"
int xxxinit __P((struct lkm_table *, int, int));
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
#endif
static int ipfrule_ioctl __P((struct lkm_table *, int));
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
int xxxinit(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
}
#else /* __FREEBSD_version >= 220000 */
# ifdef IPFILTER_LKM
# include <sys/exec.h>
# if (__FreeBSD_version >= 300000)
MOD_MISC(ipfrule);
# else
MOD_DECL(ipfrule);
static struct lkm_misc _module = {
LM_MISC,
LKM_VERSION,
"IP Filter rules",
0,
};
# endif
int ipfrule __P((struct lkm_table *, int, int));
int ipfrule(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
# if (__FreeBSD_version >= 300000)
MOD_DISPATCH(ipfrule, lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl,
ipfrule_ioctl);
# else
DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
# endif
}
# endif /* IPFILTER_LKM */
int ipfrule_load(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
return ipfrule_add();
}
int ipfrule_unload(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
return ipfrule_remove();
}
static int ipfrule_ioctl(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
err = ipfrule_load(lkmtp, cmd);
if (!err)
ipf_refcnt++;
break;
case LKM_E_UNLOAD :
err = ipfrule_unload(lkmtp, cmd);
if (!err)
ipf_refcnt--;
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
#endif /* _FreeBSD_version */

529
contrib/ipfilter/mlfk_ipl.c
View File

@ -1,529 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/select.h>
#if __FreeBSD_version >= 500000
# include <sys/selinfo.h>
#endif
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include "netinet/ipl.h"
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_state.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_auth.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_sync.h"
extern ipf_main_softc_t ipfmain;
#if __FreeBSD_version >= 502116
static struct cdev *ipf_devs[IPL_LOGSIZE];
#else
static dev_t ipf_devs[IPL_LOGSIZE];
#endif
#if 0
static int sysctl_ipf_int ( SYSCTL_HANDLER_ARGS );
#endif
static int ipf_modload(void);
static int ipf_modunload(void);
#if (__FreeBSD_version >= 500024)
# if (__FreeBSD_version >= 502116)
static int ipfopen __P((struct cdev*, int, int, struct thread *));
static int ipfclose __P((struct cdev*, int, int, struct thread *));
# else
static int ipfopen __P((dev_t, int, int, struct thread *));
static int ipfclose __P((dev_t, int, int, struct thread *));
# endif /* __FreeBSD_version >= 502116 */
#else
static int ipfopen __P((dev_t, int, int, struct proc *));
static int ipfclose __P((dev_t, int, int, struct proc *));
#endif
#if (__FreeBSD_version >= 502116)
static int ipfread __P((struct cdev*, struct uio *, int));
static int ipfwrite __P((struct cdev*, struct uio *, int));
#else
static int ipfread __P((dev_t, struct uio *, int));
static int ipfwrite __P((dev_t, struct uio *, int));
#endif /* __FreeBSD_version >= 502116 */
SYSCTL_DECL(_net_inet);
#define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
ptr, val, sysctl_ipf_int, "I", descr);
#define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
#define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
#if 0
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
&ipf_tcpidletimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
&ipf_tcphalfclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
&ipf_tcpclosewait, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
&ipf_tcplastack, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
&ipf_tcptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
&ipf_tcpclosed, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
&ipf_udptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RWO,
&ipf_udpacktimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
&ipf_icmptimeout, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
&ipf_nat_defage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
&ipf_ipfrttl, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
&ipf_running, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
&ipf_state_size, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
&ipf_state_max, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_nattable_sz, CTLFLAG_RWO,
&ipf_nat_table_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_natrules_sz, CTLFLAG_RWO,
&ipf_nat_maprules_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_rdrrules_sz, CTLFLAG_RWO,
&ipf_nat_rdrrules_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_hostmap_sz, CTLFLAG_RWO,
&ipf_nat_hostmap_sz, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
&ipf_auth_size, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
&ipf_auth_used, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
&ipf_auth_defaultage, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
#endif
#define CDEV_MAJOR 79
#include <sys/poll.h>
#if __FreeBSD_version >= 500043
# include <sys/select.h>
static int ipfpoll(struct cdev *dev, int events, struct thread *td);
static struct cdevsw ipf_cdevsw = {
#if __FreeBSD_version >= 502103
.d_version = D_VERSION,
.d_flags = 0, /* D_NEEDGIANT - Should be SMP safe */
#endif
.d_open = ipfopen,
.d_close = ipfclose,
.d_read = ipfread,
.d_write = ipfwrite,
.d_ioctl = ipfioctl,
.d_poll = ipfpoll,
.d_name = "ipf",
#if __FreeBSD_version < 600000
.d_maj = CDEV_MAJOR,
#endif
};
#else
static int ipfpoll(dev_t dev, int events, struct proc *td);
static struct cdevsw ipf_cdevsw = {
/* open */ ipfopen,
/* close */ ipfclose,
/* read */ ipfread,
/* write */ ipfwrite,
/* ioctl */ ipfioctl,
/* poll */ ipfpoll,
/* mmap */ nommap,
/* strategy */ nostrategy,
/* name */ "ipf",
/* maj */ CDEV_MAJOR,
/* dump */ nodump,
/* psize */ nopsize,
/* flags */ 0,
# if (__FreeBSD_version < 500043)
/* bmaj */ -1,
# endif
# if (__FreeBSD_version >= 430000)
/* kqfilter */ NULL
# endif
};
#endif
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME, IPAUTH_NAME,
IPSYNC_NAME, IPSCAN_NAME, IPLOOKUP_NAME, NULL };
static int
ipfilter_modevent(module_t mod, int type, void *unused)
{
int error = 0;
switch (type)
{
case MOD_LOAD :
error = ipf_modload();
break;
case MOD_UNLOAD :
error = ipf_modunload();
break;
default:
error = EINVAL;
break;
}
return error;
}
static int
ipf_modload()
{
char *defpass, *c, *str;
int i, j, error;
if (ipf_load_all() != 0)
return EIO;
if (ipf_create_all(&ipfmain) == NULL)
return EIO;
error = ipfattach(&ipfmain);
if (error)
return error;
for (i = 0; i < IPL_LOGSIZE; i++)
ipf_devs[i] = NULL;
for (i = 0; (str = ipf_devfiles[i]); i++) {
c = NULL;
for(j = strlen(str); j > 0; j--)
if (str[j] == '/') {
c = str + j + 1;
break;
}
if (!c)
c = str;
ipf_devs[i] = make_dev(&ipf_cdevsw, i, 0, 0, 0600, c);
}
error = ipf_pfil_hook();
if (error != 0)
return error;
ipf_event_reg();
if (FR_ISPASS(ipfmain.ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipfmain.ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
return 0;
}
static int
ipf_modunload()
{
int error, i;
if (ipfmain.ipf_refcnt)
return EBUSY;
error = ipf_pfil_unhook();
if (error != 0)
return error;
if (ipfmain.ipf_running >= 0) {
error = ipfdetach(&ipfmain);
if (error != 0)
return error;
ipf_destroy_all(&ipfmain);
ipf_unload_all();
} else
error = 0;
ipfmain.ipf_running = -2;
for (i = 0; ipf_devfiles[i]; i++) {
if (ipf_devs[i] != NULL)
destroy_dev(ipf_devs[i]);
}
printf("%s unloaded\n", ipfilter_version);
return error;
}
static moduledata_t ipfiltermod = {
"ipfilter",
ipfilter_modevent,
0
};
DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
#ifdef MODULE_VERSION
MODULE_VERSION(ipfilter, 1);
#endif
#if 0
#ifdef SYSCTL_IPF
int
sysctl_ipf_int ( SYSCTL_HANDLER_ARGS )
{
int error = 0;
if (arg1)
error = SYSCTL_OUT(req, arg1, sizeof(int));
else
error = SYSCTL_OUT(req, &arg2, sizeof(int));
if (error || !req->newptr)
return (error);
if (!arg1)
error = EPERM;
else {
if ((oidp->oid_kind & CTLFLAG_OFF) && (ipfmain.ipf_running > 0))
error = EBUSY;
else
error = SYSCTL_IN(req, arg1, sizeof(int));
}
return (error);
}
#endif
#endif
static int
#if __FreeBSD_version >= 500043
ipfpoll(struct cdev *dev, int events, struct thread *td)
#else
ipfpoll(dev_t dev, int events, struct proc *td)
#endif
{
u_int unit = GET_MINOR(dev);
int revents;
if (unit < 0 || unit > IPL_LOGMAX)
return 0;
revents = 0;
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
#ifdef IPFILTER_LOG
if ((events & (POLLIN | POLLRDNORM)) && ipf_log_canread(&ipfmain, unit))
revents |= events & (POLLIN | POLLRDNORM);
#endif
break;
case IPL_LOGAUTH :
if ((events & (POLLIN | POLLRDNORM)) && ipf_auth_waiting(&ipfmain))
revents |= events & (POLLIN | POLLRDNORM);
break;
case IPL_LOGSYNC :
if ((events & (POLLIN | POLLRDNORM)) && ipf_sync_canread(&ipfmain))
revents |= events & (POLLIN | POLLRDNORM);
if ((events & (POLLOUT | POLLWRNORM)) && ipf_sync_canwrite(&ipfmain))
revents |= events & (POLLOUT | POLLWRNORM);
break;
case IPL_LOGSCAN :
case IPL_LOGLOOKUP :
default :
break;
}
if ((revents == 0) && ((events & (POLLIN|POLLRDNORM)) != 0))
selrecord(td, &ipfmain.ipf_selwait[unit]);
return revents;
}
/*
* routines below for saving IP headers to buffer
*/
static int ipfopen(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
int error;
if (IPL_LOGMAX < unit)
error = ENXIO;
else {
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
case IPL_LOGAUTH :
case IPL_LOGLOOKUP :
case IPL_LOGSYNC :
#ifdef IPFILTER_SCAN
case IPL_LOGSCAN :
#endif
error = 0;
break;
default :
error = ENXIO;
break;
}
}
return error;
}
static int ipfclose(dev, flags
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
, devtype, p)
int devtype;
# if (__FreeBSD_version >= 500024)
struct thread *p;
# else
struct proc *p;
# endif /* __FreeBSD_version >= 500024 */
#else
)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
static int ipfread(dev, uio, ioflag)
int ioflag;
#else
static int ipfread(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
struct uio *uio;
{
u_int unit = GET_MINOR(dev);
if (unit < 0)
return ENXIO;
if (ipfmain.ipf_running < 1)
return EIO;
if (unit == IPL_LOGSYNC)
return ipf_sync_read(&ipfmain, uio);
#ifdef IPFILTER_LOG
return ipf_log_read(&ipfmain, unit, uio);
#else
return ENXIO;
#endif
}
/*
* ipfwrite
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
#if (BSD >= 199306)
static int ipfwrite(dev, uio, ioflag)
int ioflag;
#else
static int ipfwrite(dev, uio)
#endif
#if (__FreeBSD_version >= 502116)
struct cdev *dev;
#else
dev_t dev;
#endif
struct uio *uio;
{
if (ipfmain.ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipf_sync_write(&ipfmain, uio);
return ENXIO;
}

114
contrib/ipfilter/mlh_rule.c
View File

@ -1,114 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
/*typedef unsigned int spustate_t;*/
struct uio;
#include <sys/types.h>
#include <sys/cmn_err.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/conf.h>
#include <sys/callout.h>
#include <sys/moddefs.h>
#include <sys/io.h>
#include <sys/wsio.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/byteorder.h>
#include <sys/socket.h>
#include <sys/stropts.h>
#include <net/if.h>
#include <net/af.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
/*
* Driver Header
*/
static drv_info_t ipf_drv_info = {
"IP Filter Rules", /* type */
"pseudo", /* class */
DRV_PSEUDO|DRV_SAVE_CONF|DRV_MP_SAFE, /* flags */
-1, /* b_major */
-1, /* c_major */
NULL, /* cdio */
NULL, /* gio_private */
NULL, /* cdio_private */
};
extern struct mod_operations gio_mod_ops;
static drv_info_t ipf_drv_info;
extern struct mod_conf_data ipf_conf_data;
static struct mod_type_data ipf_drv_link = {
IPL_VERSION, (void *)NULL
};
static struct modlink ipf_mod_link[] = {
{ &gio_mod_ops, (void *)&ipf_drv_link },
{ NULL, (void *)NULL }
};
struct modwrapper ipf_wrapper = {
MODREV,
ipf_load,
ipf_unload,
(void (*)())NULL,
(void *)&ipf_conf_data,
ipf_mod_link
};
static int ipf_load(void *arg)
{
int i;
i = ipfrule_add();
if (!i)
ipf_refcnt--;
#ifdef IPFDEBUG
printf("IP Filter Rules: ipfrule_add() = %d\n", i);
#endif
if (!i)
cmn_err(CE_CONT, "IP Filter Rules: Loaded\n");
return i;
}
static int ipf_unload(void *arg)
{
int i;
i = ipfrule_remove();
if (!i)
ipf_refcnt--;
#ifdef IPFDEBUG
printf("IP Filter Rules: ipfrule_remove() = %d\n", i);
#endif
if (!i)
cmn_err(CE_CONT, "IP Filter Rules: Unloaded\n");
return i;
}

355
contrib/ipfilter/mln_ipl.c
View File

@ -1,355 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/param.h>
/*
* Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
* on those hooks. We don't need any special mods with this!
*/
#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
(defined(NetBSD1_2) && NetBSD1_2 > 1)
# define NETBSD_PF
#endif
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/uio.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include <sys/poll.h>
#include <sys/select.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_auth.h"
#include "ip_state.h"
#include "ip_nat.h"
#include "ip_sync.h"
#if !defined(__NetBSD_Version__) || __NetBSD_Version__ < 103050000
#define vn_lock(v,f) VOP_LOCK(v)
#endif
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
extern int lkmenodev __P((void));
#if NetBSD >= 199706
int ipflkm_lkmentry __P((struct lkm_table *, int, int));
#else
int xxxinit __P((struct lkm_table *, int, int));
#endif
static int ipf_unload __P((void));
static int ipf_load __P((void));
static int ipf_remove __P((void));
static int ipfaction __P((struct lkm_table *, int));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
IPLOOKUP_NAME, NULL };
int ipf_major = 0;
extern ipf_main_softc_t ipfmain;
extern const struct cdevsw ipl_cdevsw;
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
MOD_DEV(IPL_VERSION, "ipf", NULL, -1, &ipl_cdevsw, -1);
#else
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
#endif
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
int
#if NetBSD >= 199706
ipflkm_lkmentry(lkmtp, cmd, ver)
#else
xxxinit(lkmtp, cmd, ver)
#endif
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
}
static int
ipfaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
int i;
#endif
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
# if (__NetBSD_Version__ < 200000000)
err = devsw_attach(args->lkm_devname,
args->lkm_bdev, &args->lkm_bdevmaj,
args->lkm_cdev, &args->lkm_cdevmaj);
if (err != 0)
return (err);
# endif
ipf_major = args->lkm_cdevmaj;
#else
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
cdevsw[i].d_open == ipfopen)
break;
if (i == nchrdev) {
printf("IP Filter: No free cdevsw slots\n");
return ENODEV;
}
ipf_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
#endif
printf("IP Filter: loaded into slot %d\n", ipf_major);
return ipf_load();
case LKM_E_UNLOAD :
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
devsw_detach(args->lkm_bdev, args->lkm_cdev);
args->lkm_bdevmaj = -1;
args->lkm_cdevmaj = -1;
#endif
err = ipf_unload();
if (!err)
printf("IP Filter: unloaded from slot %d\n",
ipf_major);
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
static int
ipf_remove()
{
char *name;
struct nameidata nd;
int error, i;
for (i = 0; (name = ipf_devfiles[i]); i++) {
#if (__NetBSD_Version__ > 106009999)
# if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ > 499001400)
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
name);
# else
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
name, curlwp);
# endif
# else
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
name, curproc);
# endif
#else
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
#endif
if ((error = namei(&nd)))
return (error);
#if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ > 399002000)
# if (__NetBSD_Version__ < 499001400)
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
# endif
# else
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
# endif
#else
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
#endif
#if !defined(__NetBSD_Version__) || (__NetBSD_Version__ < 106000000)
vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
#endif
#if (__NetBSD_Version__ >= 399002000)
# if (__NetBSD_Version__ < 499001400)
VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_cred, LEASE_WRITE);
# endif
#else
# if (__NetBSD_Version__ > 399001400)
VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
# else
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
# endif
#endif
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
}
return 0;
}
static int
ipf_unload()
{
int error = 0;
/*
* Unloading - remove the filter rule check from the IP
* input/output stream.
*/
if (ipfmain.ipf_refcnt)
error = EBUSY;
else if (ipfmain.ipf_running >= 0) {
error = ipfdetach(&ipfmain);
if (error == 0) {
ipf_destroy_all(&ipfmain);
ipf_unload_all();
}
}
if (error == 0) {
ipfmain.ipf_running = -2;
error = ipf_remove();
printf("%s unloaded\n", ipfilter_version);
}
return error;
}
static int
ipf_load()
{
struct nameidata nd;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
/*
* XXX Remove existing device nodes prior to creating new ones
* XXX using the assigned LKM device slot's major number. In a
* XXX perfect world we could use the ones specified by cdevsw[].
*/
(void)ipf_remove();
bzero((char *)&ipfmain, sizeof(ipfmain));
error = ipf_load_all();
if (error != 0)
return error;
if (ipf_create_all(&ipfmain) == NULL) {
ipf_unload_all();
return EIO;
}
error = ipfattach(&ipfmain);
if (error != 0) {
(void) ipf_unload();
return error;
}
for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
#if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ > 499001400)
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name);
# else
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curlwp);
# endif
#else
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
#endif
if ((error = namei(&nd)))
break;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
error = EEXIST;
break;
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
#if (__NetBSD_Version__ > 399001400)
# if (__NetBSD_Version__ >= 399002000)
# if (__NetBSD_Version__ < 499001400)
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
# endif
# else
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
# endif
#else
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
#endif
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
if (error == 0)
vput(nd.ni_vp);
}
if (error == 0) {
char *defpass;
if (FR_ISPASS(ipfmain.ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipfmain.ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
ipfmain.ipf_running = 1;
}
return error;
}

83
contrib/ipfilter/mln_rule.c
View File

@ -1,83 +0,0 @@
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/ioctl.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/exec.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
static int ipfruleaction __P((struct lkm_table *, int));
#ifdef IPFILTER_LKM
# if NetBSD >= 199706
int ipfrule_lkmentry __P((struct lkm_table *, int, int));
# else
int xxxinit __P((struct lkm_table *, int, int));
# endif
MOD_MISC("IPFilter Rules");
# if NetBSD >= 199706
int ipfrule_lkmentry(lkmtp, cmd, ver)
# else
int xxxinit(lkmtp, cmd, ver)
# endif
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
}
static int ipfruleaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
err = ipfrule_add();
if (!err)
ipf_refcnt++;
break;
case LKM_E_UNLOAD :
err = ipfrule_remove();
if (!err)
ipf_refcnt--;
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
#endif /* IPFILTER_LKM */

364
contrib/ipfilter/mlo_ipl.c
View File

@ -1,364 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/uio.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/exec.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#define vn_lock(v,f) VOP_LOCK(v)
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
#define VOP_LEASE LEASE_CHECK
#endif
extern int lkmenodev __P((void));
#if OpenBSD >= 200311
int if_ipf_lkmentry __P((struct lkm_table *, int, int));
#else
int if_ipf __P((struct lkm_table *, int, int));
#endif
static int ipf_unload __P((void));
static int ipf_load __P((void));
static int ipf_remove __P((void));
static int ipfaction __P((struct lkm_table *, int));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
IPLOOKUP_NAME, NULL };
struct cdevsw ipfdevsw =
{
ipfopen, /* open */
ipfclose, /* close */
ipfread, /* read */
(void *)nullop, /* write */
ipfioctl, /* ioctl */
(void *)nullop, /* stop */
(void *)NULL, /* tty */
(void *)nullop, /* select */
(void *)nullop, /* mmap */
NULL /* strategy */
};
int ipf_major = 0;
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
#if OpenBSD >= 200311
int if_ipf_lkmentry (lkmtp, cmd, ver)
#else
int if_ipf(lkmtp, cmd, ver)
#endif
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
}
int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
static int ipfaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int i;
struct lkm_dev *args = lkmtp->private.lkm_dev;
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
for (i = 0; i < nchrdev; i++)
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
cdevsw[i].d_open == ipfopen)
break;
if (i == nchrdev) {
printf("IP Filter: No free cdevsw slots\n");
return ENODEV;
}
ipf_major = i;
args->lkm_offset = i; /* slot in cdevsw[] */
printf("IP Filter: loaded into slot %d\n", ipf_major);
return ipf_load();
case LKM_E_UNLOAD :
err = ipf_unload();
if (!err)
printf("IP Filter: unloaded from slot %d\n",
ipf_major);
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
static int ipf_remove()
{
struct nameidata nd;
int error, i;
char *name;
for (i = 0; (name = ipf_devfiles[i]); i++) {
#if OpenBSD >= 200311
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF, UIO_SYSSPACE,
name, curproc);
#else
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
#endif
if ((error = namei(&nd)))
return (error);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
#if OpenBSD < 200311
VOP_LOCK(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY, curproc);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
#else
(void)uvm_vnp_uncache(nd.ni_vp);
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
#endif
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
}
return 0;
}
static int ipf_unload()
{
int error = 0;
/*
* Unloading - remove the filter rule check from the IP
* input/output stream.
*/
if (ipf_refcnt)
error = EBUSY;
else if (ipf_running >= 0)
error = ipfdetach();
if (error == 0) {
ipf_running = -2;
error = ipf_remove();
printf("%s unloaded\n", ipfilter_version);
}
return error;
}
static int ipf_load()
{
struct nameidata nd;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
/*
* XXX Remove existing device nodes prior to creating new ones
* XXX using the assigned LKM device slot's major number. In a
* XXX perfect world we could use the ones specified by cdevsw[].
*/
(void)ipf_remove();
error = ipfattach();
for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
if ((error = namei(&nd)))
break;
if (nd.ni_vp != NULL) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == nd.ni_vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vrele(nd.ni_vp);
error = EEXIST;
break;
}
VATTR_NULL(&vattr);
vattr.va_type = VCHR;
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
}
if (error == 0) {
char *defpass;
if (FR_ISPASS(ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
ipf_running = 1;
}
return error;
}
/*
* routines below for saving IP headers to buffer
*/
int
ipfopen(dev, flags, devtype, p)
dev_t dev;
int flags;
int devtype;
struct proc *p;
{
u_int min = GET_MINOR(dev);
int error;
if (IPL_LOGMAX < min) {
error = ENXIO;
} else {
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
case IPL_LOGAUTH :
case IPL_LOGLOOKUP :
case IPL_LOGSYNC :
#ifdef IPFILTER_SCAN
case IPL_LOGSCAN :
#endif
error = 0;
break;
default :
error = ENXIO;
break;
}
}
return error;
}
int
ipfclose(dev, flags, devtype, p)
dev_t dev;
int flags;
int devtype;
struct proc *p;
{
u_int min = GET_MINOR(dev);
if (IPL_LOGMAX < min)
min = ENXIO;
else
min = 0;
return min;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int
ipfread(dev, uio, ioflag)
dev_t dev;
register struct uio *uio;
int ioflag;
{
if (ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipfsync_read(uio);
#ifdef IPFILTER_LOG
return ipflog_read(GET_MINOR(dev), uio);
#else
return ENXIO;
#endif
}
/*
* ipfwrite
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
int
#if (BSD >= 199306)
ipfwrite(dev, uio, ioflag)
int ioflag;
#else
ipfwrite(dev, uio)
#endif
dev_t dev;
register struct uio *uio;
{
if (ipf_running < 1)
return EIO;
if (GET_MINOR(dev) == IPL_LOGSYNC)
return ipfsync_write(uio);
return ENXIO;
}

80
contrib/ipfilter/mlo_rule.c
View File

@ -1,80 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/ioctl.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/exec.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <net/route.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <sys/lkm.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
#ifdef IPFILTER_LKM
static int ipfruleaction __P((struct lkm_table *, int));
int ipfrule __P((struct lkm_table *, int, int));
MOD_MISC("IPFilter Rules");
int ipfrule(lkmtp, cmd, ver)
struct lkm_table *lkmtp;
int cmd, ver;
{
DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
}
int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
static int ipfruleaction(lkmtp, cmd)
struct lkm_table *lkmtp;
int cmd;
{
int err = 0;
switch (cmd)
{
case LKM_E_LOAD :
if (lkmexists(lkmtp))
return EEXIST;
err = ipfrule_add();
if (!err)
ipf_refcnt++;
break;
case LKM_E_UNLOAD :
err = ipfrule_remove();
if (!err)
ipf_refcnt--;
break;
case LKM_E_STAT :
break;
default:
err = EIO;
break;
}
return err;
}
#endif /* IPFILTER_LKM */

351
contrib/ipfilter/mls_ipl.c
View File

@ -1,351 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/conf.h>
#include <sys/syslog.h>
#include <sys/buf.h>
#include <sys/mbuf.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/vnode.h>
#include <sundev/mbvar.h>
#include <sun/autoconf.h>
#include <sun/vddrv.h>
#if defined(sun4c) || defined(sun4m)
# include <sun/openprom.h>
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
#if !defined(lint)
static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)$Id$";
#endif
extern int ipfdetach __P((void));
#ifndef IPFILTER_LOG
#define ipfread nulldev
#endif
extern int nulldev __P((void));
extern int errno;
extern int nodev __P((void));
static int unload __P((void));
static int ipf_attach __P((void));
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
IPLOOKUP_NAME, NULL };
static int ipfopen __P((dev_t, int));
static int ipfclose __P((dev_t, int));
static int ipfread __P((dev_t, struct uio *));
static int ipfwrite __P((dev_t, struct uio *));
struct cdevsw ipfdevsw =
{
ipfopen, ipfclose, ipfread, nulldev,
ipfioctl, nulldev, nulldev, nulldev,
0, nulldev,
};
struct dev_ops ipf_ops =
{
1,
ipfidentify,
ipfattach,
ipfopen,
ipfclose,
ipfread,
ipfwrite,
NULL, /* strategy */
NULL, /* dump */
0, /* psize */
ipfioctl,
NULL, /* reset */
NULL /* mmap */
};
int ipf_major = 0;
#ifdef sun4m
struct vdldrv vd =
{
VDMAGIC_PSEUDO,
IPL_VERSION,
&ipf_ops,
NULL,
&ipfdevsw,
0,
0,
NULL,
NULL,
NULL,
0,
1,
};
#else /* sun4m */
struct vdldrv vd =
{
VDMAGIC_PSEUDO, /* magic */
IPL_VERSION,
#ifdef sun4c
&ipf_ops, /* dev_ops */
#else
NULL, /* struct mb_ctlr *mb_ctlr */
NULL, /* struct mb_driver *mb_driver */
NULL, /* struct mb_device *mb_device */
0, /* num ctlrs */
1, /* numdevs */
#endif /* sun4c */
NULL, /* bdevsw */
&ipfdevsw, /* cdevsw */
0, /* block major */
0, /* char major */
};
#endif /* sun4m */
extern int vd_unuseddev __P((void));
extern struct cdevsw cdevsw[];
extern int nchrdev;
xxxinit(fc, vdp, data, vds)
u_int fc;
struct vddrv *vdp;
caddr_t data;
struct vdstat *vds;
{
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
switch (fc)
{
case VDLOAD:
{
struct vdconf *vdc;
if (vdi && vdi->vdi_userconf)
for (vdc = vdi->vdi_userconf; vdc->vdc_type; vdc++)
if (vdc->vdc_type == VDCCHARMAJOR) {
ipf_major = vdc->vdc_data;
break;
}
if (!ipf_major) {
while (ipf_major < nchrdev &&
cdevsw[ipf_major].d_open != vd_unuseddev)
ipf_major++;
if (ipf_major == nchrdev)
return ENODEV;
}
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
vd.Drv_charmajor = ipf_major;
return ipf_attach();
}
case VDUNLOAD:
return unload();
case VDSTAT:
return 0;
default:
return EIO;
}
}
static int
unload()
{
int err = 0, i;
char *name;
if (ipf_refcnt != 0)
err = EBUSY;
else if (ipf_running >= 0)
err = ipfdetach();
if (err)
return err;
ipf_running = -2;
for (i = 0; (name = ipf_devfiles[i]); i++)
(void) vn_remove(name, UIO_SYSSPACE, FILE);
printf("%s unloaded\n", ipfilter_version);
return 0;
}
static int
ipf_attach()
{
struct vnode *vp;
struct vattr vattr;
int error = 0, fmode = S_IFCHR|0600, i;
char *name;
error = ipfattach();
if (error)
return error;
for (i = 0; (name = ipf_devfiles[i]); i++) {
(void) vn_remove(name, UIO_SYSSPACE, FILE);
vattr_null(&vattr);
vattr.va_type = MFTOVT(fmode);
vattr.va_mode = (fmode & 07777);
vattr.va_rdev = (ipf_major << 8) | i;
error = vn_create(name, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
if (error) {
printf("IP Filter: vn_create(%s) = %d\n", name, error);
break;
} else {
VN_RELE(vp);
}
}
if (error == 0) {
char *defpass;
if (FR_ISPASS(ipf_pass))
defpass = "pass";
else if (FR_ISBLOCK(ipf_pass))
defpass = "block";
else
defpass = "no-match -> block";
printf("%s initialized. Default = %s all, Logging = %s%s\n",
ipfilter_version, defpass,
#ifdef IPFILTER_LOG
"enabled",
#else
"disabled",
#endif
#ifdef IPFILTER_COMPILED
" (COMPILED)"
#else
""
#endif
);
ipf_running = 1;
}
return error;
}
/*
* routines below for saving IP headers to buffer
*/
static int
ipfopen(dev, flags)
dev_t dev;
int flags;
{
u_int unit = GET_MINOR(dev);
int error;
if (IPL_LOGMAX < unit) {
error = ENXIO;
} else {
switch (unit)
{
case IPL_LOGIPF :
case IPL_LOGNAT :
case IPL_LOGSTATE :
case IPL_LOGAUTH :
case IPL_LOGLOOKUP :
case IPL_LOGSYNC :
#ifdef IPFILTER_SCAN
case IPL_LOGSCAN :
#endif
error = 0;
break;
default :
error = ENXIO;
break;
}
}
return error;
}
static int
ipfclose(dev, flags)
dev_t dev;
int flags;
{
u_int unit = GET_MINOR(dev);
if (IPL_LOGMAX < unit)
unit = ENXIO;
else
unit = 0;
return unit;
}
/*
* ipfread/ipflog
* both of these must operate with at least splnet() lest they be
* called during packet processing and cause an inconsistancy to appear in
* the filter lists.
*/
static int
ipfread(dev, uio)
dev_t dev;
register struct uio *uio;
{
if (ipf_running < 1) {
ipfmain.ipf_interror = 130006;
return EIO;
}
#ifdef IPFILTER_LOG
return ipflog_read(GET_MINOR(dev), uio);
#else
ipfmain.ipf_interror = 130007;
return ENXIO;
#endif
}
/*
* ipfwrite
*/
static int
ipfwrite(dev, uio)
dev_t dev;
register struct uio *uio;
{
if (ipf_running < 1) {
ipfmain.ipf_interror = 130008;
return EIO;
}
if (getminor(dev) == IPL_LOGSYNC)
return ipfsync_write(uio);
ipfmain.ipf_interror = 130009;
return ENXIO;
}

116
contrib/ipfilter/mls_rule.c
View File

@ -1,116 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
/*
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
* its own major char number! Way cool patch!
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/conf.h>
#include <sys/syslog.h>
#include <sys/buf.h>
#include <sys/mbuf.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/vnode.h>
#include <sundev/mbvar.h>
#include <sun/autoconf.h>
#include <sun/vddrv.h>
#if defined(sun4c) || defined(sun4m)
# include <sun/openprom.h>
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/tcpip.h>
#include <net/if.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
extern int errno;
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
int ipl_major = 0;
#ifdef sun4m
struct vdldrv vd =
{
VDMAGIC_USER,
"IP Filter rules",
NULL,
NULL,
NULL,
0,
0,
NULL,
NULL,
NULL,
0,
1,
};
#else /* sun4m */
struct vdldrv vd =
{
VDMAGIC_USER, /* magic */
"IP Filter rules",
#ifdef sun4c
NULL, /* dev_ops */
#else
NULL, /* struct mb_ctlr *mb_ctlr */
NULL, /* struct mb_driver *mb_driver */
NULL, /* struct mb_device *mb_device */
0, /* num ctlrs */
1, /* numdevs */
#endif /* sun4c */
NULL, /* bdevsw */
NULL, /* cdevsw */
0, /* block major */
0, /* char major */
};
#endif /* sun4m */
xxxinit(fc, vdp, data, vds)
u_int fc;
struct vddrv *vdp;
caddr_t data;
struct vdstat *vds;
{
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
int err;
switch (fc)
{
case VDLOAD:
err = ipfrule_add();
if (!err)
ipf_refcnt++;
break;
case VDUNLOAD:
err = ipfrule_remove();
if (!err)
ipf_refcnt--;
break;
case VDSTAT:
err = 0;
break;
default:
err = EIO;
break;
}
}

130
contrib/ipfilter/mlso_rule.c
View File

@ -1,130 +0,0 @@
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*/
#pragma ident "@(#)$Id$"
#include <sys/systm.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/uio.h>
#include <sys/buf.h>
#include <sys/modctl.h>
#include <sys/open.h>
#include <sys/kmem.h>
#include <sys/conf.h>
#include <sys/cmn_err.h>
#include <sys/stat.h>
#include <sys/cred.h>
#include <sys/dditypes.h>
#include <sys/stream.h>
#include <sys/poll.h>
#include <sys/autoconf.h>
#include <sys/byteorder.h>
#include <sys/socket.h>
#include <sys/dlpi.h>
#include <sys/stropts.h>
#include <sys/sockio.h>
#include <net/if.h>
#if SOLARIS2 >= 6
# include <net/if_types.h>
#endif
#include <net/af.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <sys/ddi.h>
#include <sys/sunddi.h>
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_rules.h"
char _depends_on[] = "drv/ipf";
extern ipf_main_softc_t ipfmain;
extern struct mod_ops mod_miscops;
static struct modlmisc ipfrulemod = {
&mod_miscops,
"IP Filter rules"
};
static struct modlinkage modlink1 = {
MODREV_1,
&ipfrulemod,
NULL
};
int _init()
{
int ipfruleinst;
ipfruleinst = mod_install(&modlink1);
#ifdef IPFRULEDEBUG
cmn_err(CE_NOTE, "IP Filter Rules: _init() = %d", ipfruleinst);
#endif
if (ipfruleinst == 0) {
if (ipfmain.ipf_running >= 0) {
ipfruleinst = ipfrule_add();
if (!ipfruleinst)
ipfmain.ipf_refcnt++;
else {
cmn_err(CE_NOTE,
"IP Filter Rules: ipfrule_add failed");
ipfruleinst = -1;
}
} else
ipfruleinst = -1;
}
if (ipfruleinst == 0)
cmn_err(CE_CONT, "IP Filter Rules: loaded\n");
return ipfruleinst;
}
int _fini(void)
{
int ipfruleinst;
ipfruleinst = mod_remove(&modlink1);
#ifdef IPFRULEDEBUG
cmn_err(CE_NOTE, "IP Filter Rules: _fini() = %d", ipfruleinst);
#endif
if (ipfruleinst == 0) {
ipfruleinst = ipfrule_remove();
if (!ipfruleinst)
ipfmain.ipf_refcnt--;
else
ipfruleinst = -1;
}
if (ipfruleinst == 0)
cmn_err(CE_CONT, "IP Filter Rules: unloaded\n");
return ipfruleinst;
}
int _info(modinfop)
struct modinfo *modinfop;
{
int ipfruleinst;
ipfruleinst = mod_info(&modlink1, modinfop);
#ifdef IPFRULEDEBUG
cmn_err(CE_NOTE, "IP Filter Rules: _info(%x) = %x",
modinfop, ipfruleinst);
#endif
return ipfruleinst;
}