Kernel module shim sources have no business being in the userland
build directory, especially those for other operating systems. The kernel module shims for other operating systems are hereby removed. The kernel module shim for FreeBSD, mlfk_ipl.c, is already in sys/contrib/ipfilter/netinet. The one here is never used and should not be in the userland build directory either. mlfk_rule.c isn't used either however we will keep it in case someone wishes to use this shim to load rules via a kernel module, handy for embedded. In that case it should be copied to sys/contrib/ipfilter/netinet and a Makefile created to employ it. (Probably a useful documentation project when time permits.) MFC after: 1 month
This commit is contained in:
parent
32ba38dcee
commit
45ec1f2cfb
@ -1,164 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
/*
|
||||
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
|
||||
* its own major char number! Way cool patch!
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sundev/mbvar.h>
|
||||
#include <sun/autoconf.h>
|
||||
#include <sun/vddrv.h>
|
||||
#if defined(sun4c) || defined(sun4m)
|
||||
#include <sun/openprom.h>
|
||||
#endif
|
||||
|
||||
#ifndef IPL_NAME
|
||||
#define IPL_NAME "/dev/ipf"
|
||||
#endif
|
||||
|
||||
extern int ipfattach(), ipfopen(), ipfclose(), ipfioctl(), ipfread();
|
||||
extern int nulldev(), ipfidentify(), errno;
|
||||
|
||||
struct cdevsw ipfdevsw =
|
||||
{
|
||||
ipfopen, ipfclose, ipfread, nulldev,
|
||||
ipfioctl, nulldev, nulldev, nulldev,
|
||||
0, nulldev,
|
||||
};
|
||||
|
||||
|
||||
struct dev_ops ipf_ops =
|
||||
{
|
||||
1,
|
||||
ipfidentify,
|
||||
ipfattach,
|
||||
ipfopen,
|
||||
ipfclose,
|
||||
ipfread,
|
||||
NULL, /* write */
|
||||
NULL, /* strategy */
|
||||
NULL, /* dump */
|
||||
0, /* psize */
|
||||
ipfioctl,
|
||||
NULL, /* reset */
|
||||
NULL /* mmap */
|
||||
};
|
||||
|
||||
int ipf_major = 0;
|
||||
|
||||
#ifdef sun4m
|
||||
struct vdldrv vd =
|
||||
{
|
||||
VDMAGIC_PSEUDO,
|
||||
"ipf",
|
||||
&ipf_ops,
|
||||
NULL,
|
||||
&ipfdevsw,
|
||||
0,
|
||||
0,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
0,
|
||||
1,
|
||||
};
|
||||
#else /* sun4m */
|
||||
struct vdldrv vd =
|
||||
{
|
||||
VDMAGIC_PSEUDO, /* magic */
|
||||
"ipf", /* name */
|
||||
#ifdef sun4c
|
||||
&ipf_ops, /* dev_ops */
|
||||
#else
|
||||
NULL, /* struct mb_ctlr *mb_ctlr */
|
||||
NULL, /* struct mb_driver *mb_driver */
|
||||
NULL, /* struct mb_device *mb_device */
|
||||
0, /* num ctlrs */
|
||||
1, /* numdevs */
|
||||
#endif /* sun4c */
|
||||
NULL, /* bdevsw */
|
||||
&ipfdevsw, /* cdevsw */
|
||||
0, /* block major */
|
||||
0, /* char major */
|
||||
};
|
||||
#endif /* sun4m */
|
||||
|
||||
extern int vd_unuseddev();
|
||||
extern struct cdevsw cdevsw[];
|
||||
extern int nchrdev;
|
||||
|
||||
xxxinit(fc, vdp, vdi, vds)
|
||||
u_int fc;
|
||||
struct vddrv *vdp;
|
||||
caddr_t vdi;
|
||||
struct vdstat *vds;
|
||||
{
|
||||
struct vdlinkage *v;
|
||||
int i;
|
||||
|
||||
switch (fc)
|
||||
{
|
||||
case VDLOAD:
|
||||
while (ipf_major < nchrdev &&
|
||||
cdevsw[ipf_major].d_open != vd_unuseddev)
|
||||
ipf_major++;
|
||||
if (ipf_major == nchrdev)
|
||||
return ENODEV;
|
||||
vd.Drv_charmajor = ipf_major;
|
||||
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
|
||||
return ipf_attach(vdi);
|
||||
case VDUNLOAD:
|
||||
return unload(vdp, vdi);
|
||||
|
||||
case VDSTAT:
|
||||
return 0;
|
||||
|
||||
default:
|
||||
return EIO;
|
||||
}
|
||||
}
|
||||
|
||||
static unload(vdp, vdi)
|
||||
struct vddrv *vdp;
|
||||
struct vdioctl_unload *vdi;
|
||||
{
|
||||
int i;
|
||||
|
||||
(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
|
||||
return ipfdetach();
|
||||
}
|
||||
|
||||
|
||||
static int ipf_attach(vdi)
|
||||
struct vdioctl_load *vdi;
|
||||
{
|
||||
struct vnode *vp;
|
||||
struct vattr vattr;
|
||||
int error = 0, fmode = S_IFCHR|0600;
|
||||
|
||||
(void) vn_remove(IPL_NAME, UIO_SYSSPACE, FILE);
|
||||
vattr_null(&vattr);
|
||||
vattr.va_type = MFTOVT(fmode);
|
||||
vattr.va_mode = (fmode & 07777);
|
||||
vattr.va_rdev = ipf_major<<8;
|
||||
|
||||
error = vn_create(IPL_NAME, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
|
||||
if (error == 0)
|
||||
VN_RELE(vp);
|
||||
return ipfattach(0);
|
||||
}
|
@ -1,596 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
/*
|
||||
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
|
||||
* its own major char number! Way cool patch!
|
||||
*/
|
||||
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#ifdef IPFILTER_LKM
|
||||
# ifndef __FreeBSD_cc_version
|
||||
# include <osreldate.h>
|
||||
# else
|
||||
# if __FreeBSD_cc_version < 430000
|
||||
# include <osreldate.h>
|
||||
# endif
|
||||
# endif
|
||||
# define ACTUALLY_LKM_NOT_KERNEL
|
||||
#else
|
||||
# ifndef __FreeBSD_cc_version
|
||||
# include <sys/osreldate.h>
|
||||
# else
|
||||
# if __FreeBSD_cc_version < 430000
|
||||
# include <sys/osreldate.h>
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
#include <sys/systm.h>
|
||||
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
|
||||
# ifndef ACTUALLY_LKM_NOT_KERNEL
|
||||
# include "opt_devfs.h"
|
||||
# endif
|
||||
# include <sys/conf.h>
|
||||
# include <sys/kernel.h>
|
||||
# ifdef DEVFS
|
||||
# include <sys/devfsext.h>
|
||||
# endif /*DEVFS*/
|
||||
#endif
|
||||
#include <sys/conf.h>
|
||||
#include <sys/file.h>
|
||||
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
|
||||
# include <sys/lock.h>
|
||||
#endif
|
||||
#include <sys/stat.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/exec.h>
|
||||
#include <sys/mbuf.h>
|
||||
#if BSD >= 199506
|
||||
# include <sys/sysctl.h>
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 300000)
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <sys/sysent.h>
|
||||
#include <sys/lkm.h>
|
||||
#include "netinet/ipl.h"
|
||||
#include "netinet/ip_compat.h"
|
||||
#include "netinet/ip_fil.h"
|
||||
#include "netinet/ip_state.h"
|
||||
#include "netinet/ip_nat.h"
|
||||
#include "netinet/ip_auth.h"
|
||||
#include "netinet/ip_frag.h"
|
||||
|
||||
|
||||
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
|
||||
#define VOP_LEASE LEASE_CHECK
|
||||
#endif
|
||||
|
||||
int xxxinit __P((struct lkm_table *, int, int));
|
||||
|
||||
#ifdef SYSCTL_OID
|
||||
int sysctl_ipf_int SYSCTL_HANDLER_ARGS;
|
||||
# define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
|
||||
SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
|
||||
ptr, val, sysctl_ipf_int, "I", descr);
|
||||
# define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
|
||||
# define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
|
||||
SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
|
||||
&ipf_tcpidletimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
|
||||
&ipf_tcphalfclosed, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
|
||||
&ipf_tcpclosewait, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
|
||||
&ipf_tcplastack, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
|
||||
&ipf_tcptimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
|
||||
&ipf_tcpclosed, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
|
||||
&ipf_udptimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
|
||||
&ipf_icmptimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
|
||||
&ipf_defnatage, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
|
||||
&ipf_ipfrttl, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
|
||||
&ipf_running, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
|
||||
&ipf_statesize, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
|
||||
&ipf_statemax, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
|
||||
&ipf_authsize, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
|
||||
&ipf_authused, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
|
||||
&ipf_defaultauthage, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
|
||||
&ippr_ftp_pasvonly, 0, "");
|
||||
#endif
|
||||
|
||||
#ifdef DEVFS
|
||||
static void *ipf_devfs[IPL_LOGSIZE];
|
||||
#endif
|
||||
|
||||
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
|
||||
int ipf_major = 0;
|
||||
|
||||
static struct cdevsw ipfdevsw =
|
||||
{
|
||||
ipfopen, /* open */
|
||||
ipfclose, /* close */
|
||||
ipfread, /* read */
|
||||
(void *)nullop, /* write */
|
||||
ipfioctl, /* ioctl */
|
||||
(void *)nullop, /* stop */
|
||||
(void *)nullop, /* reset */
|
||||
(void *)NULL, /* tty */
|
||||
(void *)nullop, /* select */
|
||||
(void *)nullop, /* mmap */
|
||||
NULL /* strategy */
|
||||
};
|
||||
|
||||
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
|
||||
|
||||
extern struct cdevsw cdevsw[];
|
||||
extern int vd_unuseddev __P((void));
|
||||
extern int nchrdev;
|
||||
#else
|
||||
|
||||
static struct cdevsw ipf_cdevsw = {
|
||||
ipfopen, ipfclose, ipfread, nowrite, /* 79 */
|
||||
ipfioctl, nostop, noreset, nodevtotty,
|
||||
#if (__FreeBSD_version >= 300000)
|
||||
seltrue, nommap, nostrategy, "ipf",
|
||||
#else
|
||||
noselect, nommap, nostrategy, "ipf",
|
||||
#endif
|
||||
NULL, -1
|
||||
};
|
||||
#endif
|
||||
|
||||
static void ipf_drvinit __P((void *));
|
||||
|
||||
#ifdef ACTUALLY_LKM_NOT_KERNEL
|
||||
static int if_ipf_unload __P((struct lkm_table *, int));
|
||||
static int if_ipf_load __P((struct lkm_table *, int));
|
||||
static int if_ipf_remove __P((void));
|
||||
static int ipf_major = CDEV_MAJOR;
|
||||
|
||||
static int ipfaction __P((struct lkm_table *, int));
|
||||
static char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH,
|
||||
IPL_SCAN, IPL_SYNC, IPL_POOL, NULL };
|
||||
|
||||
extern int lkmenodev __P((void));
|
||||
|
||||
static int ipfaction(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
|
||||
int i = ipf_major;
|
||||
struct lkm_dev *args = lkmtp->private.lkm_dev;
|
||||
#endif
|
||||
int err = 0;
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case LKM_E_LOAD :
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
|
||||
for (i = 0; i < nchrdev; i++)
|
||||
if (cdevsw[i].d_open == lkmenodev ||
|
||||
cdevsw[i].d_open == ipfopen)
|
||||
break;
|
||||
if (i == nchrdev) {
|
||||
printf("IP Filter: No free cdevsw slots\n");
|
||||
return ENODEV;
|
||||
}
|
||||
|
||||
ipf_major = i;
|
||||
args->lkm_offset = i; /* slot in cdevsw[] */
|
||||
#endif
|
||||
printf("IP Filter: loaded into slot %d\n", ipf_major);
|
||||
err = if_ipf_load(lkmtp, cmd);
|
||||
if (!err)
|
||||
ipf_drvinit((void *)NULL);
|
||||
return err;
|
||||
break;
|
||||
case LKM_E_UNLOAD :
|
||||
err = if_ipf_unload(lkmtp, cmd);
|
||||
if (!err) {
|
||||
printf("IP Filter: unloaded from slot %d\n",
|
||||
ipf_major);
|
||||
#ifdef DEVFS
|
||||
if (ipf_devfs[IPL_LOGIPF])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGIPF]);
|
||||
if (ipf_devfs[IPL_LOGNAT])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGNAT]);
|
||||
if (ipf_devfs[IPL_LOGSTATE])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGSTATE]);
|
||||
if (ipf_devfs[IPL_LOGAUTH])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGAUTH]);
|
||||
if (ipf_devfs[IPL_LOGSCAN])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGSCAN]);
|
||||
if (ipf_devfs[IPL_LOGSYNC])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGSYNC]);
|
||||
if (ipf_devfs[IPL_LOGLOOKUP])
|
||||
devfs_remove_dev(ipf_devfs[IPL_LOGLOOKUP]);
|
||||
#endif
|
||||
}
|
||||
return err;
|
||||
case LKM_E_STAT :
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int if_ipf_remove __P((void))
|
||||
{
|
||||
char *name;
|
||||
struct nameidata nd;
|
||||
int error, i;
|
||||
|
||||
for (i = 0; (name = ipf_devfiles[i]); i++) {
|
||||
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
|
||||
if ((error = namei(&nd)))
|
||||
return (error);
|
||||
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
#if (__FreeBSD_version >= 300000)
|
||||
VOP_LOCK(nd.ni_vp, LK_RETRY | LK_EXCLUSIVE, curproc);
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
||||
|
||||
if (nd.ni_dvp == nd.ni_vp)
|
||||
vrele(nd.ni_dvp);
|
||||
else
|
||||
vput(nd.ni_dvp);
|
||||
if (nd.ni_vp != NULLVP)
|
||||
vput(nd.ni_vp);
|
||||
#else
|
||||
VOP_LOCK(nd.ni_vp);
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
||||
#endif
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int if_ipf_unload(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
error = ipfdetach();
|
||||
if (!error)
|
||||
error = if_ipf_remove();
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static int if_ipf_load(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
struct nameidata nd;
|
||||
struct vattr vattr;
|
||||
int error = 0, fmode = S_IFCHR|0600, i;
|
||||
char *name;
|
||||
|
||||
error = ipfattach();
|
||||
if (error)
|
||||
return error;
|
||||
(void) if_ipf_remove();
|
||||
|
||||
for (i = 0; (name = ipf_devfiles[i]); i++) {
|
||||
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
|
||||
if ((error = namei(&nd)))
|
||||
return error;
|
||||
if (nd.ni_vp != NULL) {
|
||||
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
||||
if (nd.ni_dvp == nd.ni_vp)
|
||||
vrele(nd.ni_dvp);
|
||||
else
|
||||
vput(nd.ni_dvp);
|
||||
vrele(nd.ni_vp);
|
||||
return (EEXIST);
|
||||
}
|
||||
VATTR_NULL(&vattr);
|
||||
vattr.va_type = VCHR;
|
||||
vattr.va_mode = (fmode & 07777);
|
||||
vattr.va_rdev = (ipf_major << 8) | i;
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
||||
#if (__FreeBSD_version >= 300000)
|
||||
vput(nd.ni_dvp);
|
||||
#endif
|
||||
if (error)
|
||||
return error;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* actually LKM */
|
||||
|
||||
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
|
||||
/*
|
||||
* strlen isn't present in 2.1.* kernels.
|
||||
*/
|
||||
size_t strlen(string)
|
||||
char *string;
|
||||
{
|
||||
register char *s;
|
||||
|
||||
for (s = string; *s; s++)
|
||||
;
|
||||
return (size_t)(s - string);
|
||||
}
|
||||
|
||||
|
||||
int xxxinit(lkmtp, cmd, ver)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
|
||||
}
|
||||
#else /* __FREEBSD_version >= 220000 */
|
||||
# ifdef IPFILTER_LKM
|
||||
# include <sys/exec.h>
|
||||
|
||||
# if (__FreeBSD_version >= 300000)
|
||||
MOD_DEV(if_ipf, LM_DT_CHAR, CDEV_MAJOR, &ipf_cdevsw);
|
||||
# else
|
||||
MOD_DECL(if_ipf);
|
||||
|
||||
|
||||
static struct lkm_dev _module = {
|
||||
LM_DEV,
|
||||
LKM_VERSION,
|
||||
IPL_VERSION,
|
||||
CDEV_MAJOR,
|
||||
LM_DT_CHAR,
|
||||
{ (void *)&ipf_cdevsw }
|
||||
};
|
||||
# endif
|
||||
|
||||
|
||||
int if_ipf __P((struct lkm_table *, int, int));
|
||||
|
||||
|
||||
int if_ipf(lkmtp, cmd, ver)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
# if (__FreeBSD_version >= 300000)
|
||||
MOD_DISPATCH(if_ipf, lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
|
||||
# else
|
||||
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
|
||||
# endif
|
||||
}
|
||||
# endif /* IPFILTER_LKM */
|
||||
static ipf_devsw_installed = 0;
|
||||
|
||||
static void ipf_drvinit __P((void *unused))
|
||||
{
|
||||
dev_t dev;
|
||||
# ifdef DEVFS
|
||||
void **tp = ipf_devfs;
|
||||
# endif
|
||||
|
||||
if (!ipf_devsw_installed ) {
|
||||
dev = makedev(CDEV_MAJOR, 0);
|
||||
cdevsw_add(&dev, &ipf_cdevsw, NULL);
|
||||
ipf_devsw_installed = 1;
|
||||
|
||||
# ifdef DEVFS
|
||||
tp[IPL_LOGIPF] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGIPF,
|
||||
DV_CHR, 0, 0, 0600, "ipf");
|
||||
tp[IPL_LOGNAT] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGNAT,
|
||||
DV_CHR, 0, 0, 0600, "ipnat");
|
||||
tp[IPL_LOGSTATE] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGSTATE,
|
||||
DV_CHR, 0, 0, 0600,
|
||||
"ipstate");
|
||||
tp[IPL_LOGAUTH] = devfs_add_devswf(&ipf_cdevsw, IPL_LOGAUTH,
|
||||
DV_CHR, 0, 0, 0600,
|
||||
"ipauth");
|
||||
# endif
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#ifdef SYSCTL_IPF
|
||||
int
|
||||
sysctl_ipf_int SYSCTL_HANDLER_ARGS
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
if (arg1)
|
||||
error = SYSCTL_OUT(req, arg1, sizeof(int));
|
||||
else
|
||||
error = SYSCTL_OUT(req, &arg2, sizeof(int));
|
||||
|
||||
if (error || !req->newptr)
|
||||
return (error);
|
||||
|
||||
if (!arg1)
|
||||
error = EPERM;
|
||||
else {
|
||||
if ((oidp->oid_kind & CTLFLAG_OFF) && (ipf_running > 0))
|
||||
error = EBUSY;
|
||||
else
|
||||
error = SYSCTL_IN(req, arg1, sizeof(int));
|
||||
}
|
||||
return (error);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
# if defined(IPFILTER_LKM) || \
|
||||
defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
|
||||
SYSINIT(ipfdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipf_drvinit,NULL)
|
||||
# endif /* IPFILTER_LKM */
|
||||
#endif /* _FreeBSD_version */
|
||||
|
||||
|
||||
/*
|
||||
* routines below for saving IP headers to buffer
|
||||
*/
|
||||
int ipfopen(dev, flags
|
||||
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
|
||||
, devtype, p)
|
||||
int devtype;
|
||||
# if (__FreeBSD_version >= 500024)
|
||||
struct thread *p;
|
||||
# else
|
||||
struct proc *p;
|
||||
# endif /* __FreeBSD_version >= 500024 */
|
||||
#else
|
||||
)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
int flags;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
|
||||
if (IPL_LOGMAX < unit)
|
||||
unit = ENXIO;
|
||||
else
|
||||
unit = 0;
|
||||
return unit;
|
||||
}
|
||||
|
||||
|
||||
int ipfclose(dev, flags
|
||||
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
|
||||
, devtype, p)
|
||||
int devtype;
|
||||
# if (__FreeBSD_version >= 500024)
|
||||
struct thread *p;
|
||||
# else
|
||||
struct proc *p;
|
||||
# endif /* __FreeBSD_version >= 500024 */
|
||||
#else
|
||||
)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
int flags;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
|
||||
if (IPL_LOGMAX < unit)
|
||||
unit = ENXIO;
|
||||
else
|
||||
unit = 0;
|
||||
return unit;
|
||||
}
|
||||
|
||||
/*
|
||||
* ipfread/ipflog
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
#if (BSD >= 199306)
|
||||
int ipfread(dev, uio, ioflag)
|
||||
int ioflag;
|
||||
#else
|
||||
int ipfread(dev, uio)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
register struct uio *uio;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
|
||||
if (unit < 0)
|
||||
return ENXIO;
|
||||
|
||||
if (ipf_running < 1)
|
||||
return EIO;
|
||||
|
||||
if (unit == IPL_LOGSYNC)
|
||||
return ipfsync_read(uio);
|
||||
|
||||
#ifdef IPFILTER_LOG
|
||||
return ipflog_read(unit, uio);
|
||||
#else
|
||||
return ENXIO;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ipfwrite
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
#if (BSD >= 199306)
|
||||
int ipfwrite(dev, uio, ioflag)
|
||||
int ioflag;
|
||||
#else
|
||||
int ipfwrite(dev, uio)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
register struct uio *uio;
|
||||
{
|
||||
|
||||
if (ipf_running < 1)
|
||||
return EIO;
|
||||
|
||||
if (GET_MINOR(dev) == IPL_LOGSYNC)
|
||||
return ipfsync_write(uio);
|
||||
return ENXIO;
|
||||
}
|
@ -1,168 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
/*
|
||||
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
|
||||
* its own major char number! Way cool patch!
|
||||
*/
|
||||
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#if defined(__FreeBSD__) && (__FreeBSD__ > 1)
|
||||
# ifdef IPFILTER_LKM
|
||||
# include <osreldate.h>
|
||||
# define ACTUALLY_LKM_NOT_KERNEL
|
||||
# else
|
||||
# include <sys/osreldate.h>
|
||||
# endif
|
||||
#endif
|
||||
#include <sys/systm.h>
|
||||
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
|
||||
# include <sys/conf.h>
|
||||
# include <sys/kernel.h>
|
||||
# ifdef DEVFS
|
||||
# include <sys/devfsext.h>
|
||||
# endif /*DEVFS*/
|
||||
#endif
|
||||
#include <sys/conf.h>
|
||||
#include <sys/file.h>
|
||||
#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
|
||||
# include <sys/lock.h>
|
||||
#endif
|
||||
#include <sys/stat.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/exec.h>
|
||||
#include <sys/mbuf.h>
|
||||
#if BSD >= 199506
|
||||
# include <sys/sysctl.h>
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 300000)
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 199511)
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#endif
|
||||
#if (__FreeBSD__ > 1)
|
||||
# include <sys/sysent.h>
|
||||
#endif
|
||||
#include <sys/lkm.h>
|
||||
#include "netinet/ip_compat.h"
|
||||
#include "netinet/ip_fil.h"
|
||||
#include "netinet/ip_rules.h"
|
||||
|
||||
|
||||
int xxxinit __P((struct lkm_table *, int, int));
|
||||
|
||||
#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000)
|
||||
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
|
||||
#endif
|
||||
|
||||
static int ipfrule_ioctl __P((struct lkm_table *, int));
|
||||
|
||||
#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000)
|
||||
|
||||
int xxxinit(lkmtp, cmd, ver)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
|
||||
}
|
||||
#else /* __FREEBSD_version >= 220000 */
|
||||
# ifdef IPFILTER_LKM
|
||||
# include <sys/exec.h>
|
||||
|
||||
# if (__FreeBSD_version >= 300000)
|
||||
MOD_MISC(ipfrule);
|
||||
# else
|
||||
MOD_DECL(ipfrule);
|
||||
|
||||
|
||||
static struct lkm_misc _module = {
|
||||
LM_MISC,
|
||||
LKM_VERSION,
|
||||
"IP Filter rules",
|
||||
0,
|
||||
};
|
||||
# endif
|
||||
|
||||
|
||||
int ipfrule __P((struct lkm_table *, int, int));
|
||||
|
||||
|
||||
int ipfrule(lkmtp, cmd, ver)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
# if (__FreeBSD_version >= 300000)
|
||||
MOD_DISPATCH(ipfrule, lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl,
|
||||
ipfrule_ioctl);
|
||||
# else
|
||||
DISPATCH(lkmtp, cmd, ver, ipfrule_ioctl, ipfrule_ioctl, ipfrule_ioctl);
|
||||
# endif
|
||||
}
|
||||
# endif /* IPFILTER_LKM */
|
||||
|
||||
|
||||
int ipfrule_load(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
return ipfrule_add();
|
||||
}
|
||||
|
||||
|
||||
int ipfrule_unload(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
return ipfrule_remove();
|
||||
}
|
||||
|
||||
|
||||
static int ipfrule_ioctl(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
int err = 0;
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case LKM_E_LOAD :
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
err = ipfrule_load(lkmtp, cmd);
|
||||
if (!err)
|
||||
ipf_refcnt++;
|
||||
break;
|
||||
case LKM_E_UNLOAD :
|
||||
err = ipfrule_unload(lkmtp, cmd);
|
||||
if (!err)
|
||||
ipf_refcnt--;
|
||||
break;
|
||||
case LKM_E_STAT :
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
return err;
|
||||
}
|
||||
#endif /* _FreeBSD_version */
|
@ -1,529 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/module.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/select.h>
|
||||
#if __FreeBSD_version >= 500000
|
||||
# include <sys/selinfo.h>
|
||||
#endif
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
|
||||
#include "netinet/ipl.h"
|
||||
#include "netinet/ip_compat.h"
|
||||
#include "netinet/ip_fil.h"
|
||||
#include "netinet/ip_state.h"
|
||||
#include "netinet/ip_nat.h"
|
||||
#include "netinet/ip_auth.h"
|
||||
#include "netinet/ip_frag.h"
|
||||
#include "netinet/ip_sync.h"
|
||||
|
||||
extern ipf_main_softc_t ipfmain;
|
||||
|
||||
#if __FreeBSD_version >= 502116
|
||||
static struct cdev *ipf_devs[IPL_LOGSIZE];
|
||||
#else
|
||||
static dev_t ipf_devs[IPL_LOGSIZE];
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
static int sysctl_ipf_int ( SYSCTL_HANDLER_ARGS );
|
||||
#endif
|
||||
static int ipf_modload(void);
|
||||
static int ipf_modunload(void);
|
||||
|
||||
#if (__FreeBSD_version >= 500024)
|
||||
# if (__FreeBSD_version >= 502116)
|
||||
static int ipfopen __P((struct cdev*, int, int, struct thread *));
|
||||
static int ipfclose __P((struct cdev*, int, int, struct thread *));
|
||||
# else
|
||||
static int ipfopen __P((dev_t, int, int, struct thread *));
|
||||
static int ipfclose __P((dev_t, int, int, struct thread *));
|
||||
# endif /* __FreeBSD_version >= 502116 */
|
||||
#else
|
||||
static int ipfopen __P((dev_t, int, int, struct proc *));
|
||||
static int ipfclose __P((dev_t, int, int, struct proc *));
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
static int ipfread __P((struct cdev*, struct uio *, int));
|
||||
static int ipfwrite __P((struct cdev*, struct uio *, int));
|
||||
#else
|
||||
static int ipfread __P((dev_t, struct uio *, int));
|
||||
static int ipfwrite __P((dev_t, struct uio *, int));
|
||||
#endif /* __FreeBSD_version >= 502116 */
|
||||
|
||||
|
||||
|
||||
SYSCTL_DECL(_net_inet);
|
||||
#define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
|
||||
SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
|
||||
ptr, val, sysctl_ipf_int, "I", descr);
|
||||
#define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
|
||||
#define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
|
||||
SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
|
||||
#if 0
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &ipf_flags, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_pass, CTLFLAG_RW, &ipf_pass, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &ipf_active, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
|
||||
&ipf_tcpidletimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
|
||||
&ipf_tcphalfclosed, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
|
||||
&ipf_tcpclosewait, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
|
||||
&ipf_tcplastack, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
|
||||
&ipf_tcptimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
|
||||
&ipf_tcpclosed, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
|
||||
&ipf_udptimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RWO,
|
||||
&ipf_udpacktimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
|
||||
&ipf_icmptimeout, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
|
||||
&ipf_nat_defage, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
|
||||
&ipf_ipfrttl, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_running, CTLFLAG_RD,
|
||||
&ipf_running, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
|
||||
&ipf_state_size, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
|
||||
&ipf_state_max, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_nattable_sz, CTLFLAG_RWO,
|
||||
&ipf_nat_table_sz, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_natrules_sz, CTLFLAG_RWO,
|
||||
&ipf_nat_maprules_sz, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_rdrrules_sz, CTLFLAG_RWO,
|
||||
&ipf_nat_rdrrules_sz, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_hostmap_sz, CTLFLAG_RWO,
|
||||
&ipf_nat_hostmap_sz, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
|
||||
&ipf_auth_size, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
|
||||
&ipf_auth_used, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
|
||||
&ipf_auth_defaultage, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &ipf_chksrc, 0, "");
|
||||
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &ipf_minttl, 0, "");
|
||||
#endif
|
||||
|
||||
#define CDEV_MAJOR 79
|
||||
#include <sys/poll.h>
|
||||
#if __FreeBSD_version >= 500043
|
||||
# include <sys/select.h>
|
||||
static int ipfpoll(struct cdev *dev, int events, struct thread *td);
|
||||
|
||||
static struct cdevsw ipf_cdevsw = {
|
||||
#if __FreeBSD_version >= 502103
|
||||
.d_version = D_VERSION,
|
||||
.d_flags = 0, /* D_NEEDGIANT - Should be SMP safe */
|
||||
#endif
|
||||
.d_open = ipfopen,
|
||||
.d_close = ipfclose,
|
||||
.d_read = ipfread,
|
||||
.d_write = ipfwrite,
|
||||
.d_ioctl = ipfioctl,
|
||||
.d_poll = ipfpoll,
|
||||
.d_name = "ipf",
|
||||
#if __FreeBSD_version < 600000
|
||||
.d_maj = CDEV_MAJOR,
|
||||
#endif
|
||||
};
|
||||
#else
|
||||
static int ipfpoll(dev_t dev, int events, struct proc *td);
|
||||
|
||||
static struct cdevsw ipf_cdevsw = {
|
||||
/* open */ ipfopen,
|
||||
/* close */ ipfclose,
|
||||
/* read */ ipfread,
|
||||
/* write */ ipfwrite,
|
||||
/* ioctl */ ipfioctl,
|
||||
/* poll */ ipfpoll,
|
||||
/* mmap */ nommap,
|
||||
/* strategy */ nostrategy,
|
||||
/* name */ "ipf",
|
||||
/* maj */ CDEV_MAJOR,
|
||||
/* dump */ nodump,
|
||||
/* psize */ nopsize,
|
||||
/* flags */ 0,
|
||||
# if (__FreeBSD_version < 500043)
|
||||
/* bmaj */ -1,
|
||||
# endif
|
||||
# if (__FreeBSD_version >= 430000)
|
||||
/* kqfilter */ NULL
|
||||
# endif
|
||||
};
|
||||
#endif
|
||||
|
||||
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME, IPAUTH_NAME,
|
||||
IPSYNC_NAME, IPSCAN_NAME, IPLOOKUP_NAME, NULL };
|
||||
|
||||
|
||||
static int
|
||||
ipfilter_modevent(module_t mod, int type, void *unused)
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case MOD_LOAD :
|
||||
error = ipf_modload();
|
||||
break;
|
||||
|
||||
case MOD_UNLOAD :
|
||||
error = ipf_modunload();
|
||||
break;
|
||||
default:
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipf_modload()
|
||||
{
|
||||
char *defpass, *c, *str;
|
||||
int i, j, error;
|
||||
|
||||
if (ipf_load_all() != 0)
|
||||
return EIO;
|
||||
|
||||
if (ipf_create_all(&ipfmain) == NULL)
|
||||
return EIO;
|
||||
|
||||
error = ipfattach(&ipfmain);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
for (i = 0; i < IPL_LOGSIZE; i++)
|
||||
ipf_devs[i] = NULL;
|
||||
|
||||
for (i = 0; (str = ipf_devfiles[i]); i++) {
|
||||
c = NULL;
|
||||
for(j = strlen(str); j > 0; j--)
|
||||
if (str[j] == '/') {
|
||||
c = str + j + 1;
|
||||
break;
|
||||
}
|
||||
if (!c)
|
||||
c = str;
|
||||
ipf_devs[i] = make_dev(&ipf_cdevsw, i, 0, 0, 0600, c);
|
||||
}
|
||||
|
||||
error = ipf_pfil_hook();
|
||||
if (error != 0)
|
||||
return error;
|
||||
ipf_event_reg();
|
||||
|
||||
if (FR_ISPASS(ipfmain.ipf_pass))
|
||||
defpass = "pass";
|
||||
else if (FR_ISBLOCK(ipfmain.ipf_pass))
|
||||
defpass = "block";
|
||||
else
|
||||
defpass = "no-match -> block";
|
||||
|
||||
printf("%s initialized. Default = %s all, Logging = %s%s\n",
|
||||
ipfilter_version, defpass,
|
||||
#ifdef IPFILTER_LOG
|
||||
"enabled",
|
||||
#else
|
||||
"disabled",
|
||||
#endif
|
||||
#ifdef IPFILTER_COMPILED
|
||||
" (COMPILED)"
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipf_modunload()
|
||||
{
|
||||
int error, i;
|
||||
|
||||
if (ipfmain.ipf_refcnt)
|
||||
return EBUSY;
|
||||
|
||||
error = ipf_pfil_unhook();
|
||||
if (error != 0)
|
||||
return error;
|
||||
|
||||
if (ipfmain.ipf_running >= 0) {
|
||||
error = ipfdetach(&ipfmain);
|
||||
if (error != 0)
|
||||
return error;
|
||||
|
||||
ipf_destroy_all(&ipfmain);
|
||||
ipf_unload_all();
|
||||
} else
|
||||
error = 0;
|
||||
|
||||
ipfmain.ipf_running = -2;
|
||||
|
||||
for (i = 0; ipf_devfiles[i]; i++) {
|
||||
if (ipf_devs[i] != NULL)
|
||||
destroy_dev(ipf_devs[i]);
|
||||
}
|
||||
|
||||
printf("%s unloaded\n", ipfilter_version);
|
||||
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static moduledata_t ipfiltermod = {
|
||||
"ipfilter",
|
||||
ipfilter_modevent,
|
||||
0
|
||||
};
|
||||
|
||||
|
||||
DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
|
||||
#ifdef MODULE_VERSION
|
||||
MODULE_VERSION(ipfilter, 1);
|
||||
#endif
|
||||
|
||||
|
||||
#if 0
|
||||
#ifdef SYSCTL_IPF
|
||||
int
|
||||
sysctl_ipf_int ( SYSCTL_HANDLER_ARGS )
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
if (arg1)
|
||||
error = SYSCTL_OUT(req, arg1, sizeof(int));
|
||||
else
|
||||
error = SYSCTL_OUT(req, &arg2, sizeof(int));
|
||||
|
||||
if (error || !req->newptr)
|
||||
return (error);
|
||||
|
||||
if (!arg1)
|
||||
error = EPERM;
|
||||
else {
|
||||
if ((oidp->oid_kind & CTLFLAG_OFF) && (ipfmain.ipf_running > 0))
|
||||
error = EBUSY;
|
||||
else
|
||||
error = SYSCTL_IN(req, arg1, sizeof(int));
|
||||
}
|
||||
return (error);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
static int
|
||||
#if __FreeBSD_version >= 500043
|
||||
ipfpoll(struct cdev *dev, int events, struct thread *td)
|
||||
#else
|
||||
ipfpoll(dev_t dev, int events, struct proc *td)
|
||||
#endif
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
int revents;
|
||||
|
||||
if (unit < 0 || unit > IPL_LOGMAX)
|
||||
return 0;
|
||||
|
||||
revents = 0;
|
||||
|
||||
switch (unit)
|
||||
{
|
||||
case IPL_LOGIPF :
|
||||
case IPL_LOGNAT :
|
||||
case IPL_LOGSTATE :
|
||||
#ifdef IPFILTER_LOG
|
||||
if ((events & (POLLIN | POLLRDNORM)) && ipf_log_canread(&ipfmain, unit))
|
||||
revents |= events & (POLLIN | POLLRDNORM);
|
||||
#endif
|
||||
break;
|
||||
case IPL_LOGAUTH :
|
||||
if ((events & (POLLIN | POLLRDNORM)) && ipf_auth_waiting(&ipfmain))
|
||||
revents |= events & (POLLIN | POLLRDNORM);
|
||||
break;
|
||||
case IPL_LOGSYNC :
|
||||
if ((events & (POLLIN | POLLRDNORM)) && ipf_sync_canread(&ipfmain))
|
||||
revents |= events & (POLLIN | POLLRDNORM);
|
||||
if ((events & (POLLOUT | POLLWRNORM)) && ipf_sync_canwrite(&ipfmain))
|
||||
revents |= events & (POLLOUT | POLLWRNORM);
|
||||
break;
|
||||
case IPL_LOGSCAN :
|
||||
case IPL_LOGLOOKUP :
|
||||
default :
|
||||
break;
|
||||
}
|
||||
|
||||
if ((revents == 0) && ((events & (POLLIN|POLLRDNORM)) != 0))
|
||||
selrecord(td, &ipfmain.ipf_selwait[unit]);
|
||||
|
||||
return revents;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* routines below for saving IP headers to buffer
|
||||
*/
|
||||
static int ipfopen(dev, flags
|
||||
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
|
||||
, devtype, p)
|
||||
int devtype;
|
||||
# if (__FreeBSD_version >= 500024)
|
||||
struct thread *p;
|
||||
# else
|
||||
struct proc *p;
|
||||
# endif /* __FreeBSD_version >= 500024 */
|
||||
#else
|
||||
)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
int flags;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
int error;
|
||||
|
||||
if (IPL_LOGMAX < unit)
|
||||
error = ENXIO;
|
||||
else {
|
||||
switch (unit)
|
||||
{
|
||||
case IPL_LOGIPF :
|
||||
case IPL_LOGNAT :
|
||||
case IPL_LOGSTATE :
|
||||
case IPL_LOGAUTH :
|
||||
case IPL_LOGLOOKUP :
|
||||
case IPL_LOGSYNC :
|
||||
#ifdef IPFILTER_SCAN
|
||||
case IPL_LOGSCAN :
|
||||
#endif
|
||||
error = 0;
|
||||
break;
|
||||
default :
|
||||
error = ENXIO;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static int ipfclose(dev, flags
|
||||
#if ((BSD >= 199506) || (__FreeBSD_version >= 220000))
|
||||
, devtype, p)
|
||||
int devtype;
|
||||
# if (__FreeBSD_version >= 500024)
|
||||
struct thread *p;
|
||||
# else
|
||||
struct proc *p;
|
||||
# endif /* __FreeBSD_version >= 500024 */
|
||||
#else
|
||||
)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
int flags;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
|
||||
if (IPL_LOGMAX < unit)
|
||||
unit = ENXIO;
|
||||
else
|
||||
unit = 0;
|
||||
return unit;
|
||||
}
|
||||
|
||||
/*
|
||||
* ipfread/ipflog
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
#if (BSD >= 199306)
|
||||
static int ipfread(dev, uio, ioflag)
|
||||
int ioflag;
|
||||
#else
|
||||
static int ipfread(dev, uio)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
struct uio *uio;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
|
||||
if (unit < 0)
|
||||
return ENXIO;
|
||||
|
||||
if (ipfmain.ipf_running < 1)
|
||||
return EIO;
|
||||
|
||||
if (unit == IPL_LOGSYNC)
|
||||
return ipf_sync_read(&ipfmain, uio);
|
||||
|
||||
#ifdef IPFILTER_LOG
|
||||
return ipf_log_read(&ipfmain, unit, uio);
|
||||
#else
|
||||
return ENXIO;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ipfwrite
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
#if (BSD >= 199306)
|
||||
static int ipfwrite(dev, uio, ioflag)
|
||||
int ioflag;
|
||||
#else
|
||||
static int ipfwrite(dev, uio)
|
||||
#endif
|
||||
#if (__FreeBSD_version >= 502116)
|
||||
struct cdev *dev;
|
||||
#else
|
||||
dev_t dev;
|
||||
#endif
|
||||
struct uio *uio;
|
||||
{
|
||||
|
||||
if (ipfmain.ipf_running < 1)
|
||||
return EIO;
|
||||
|
||||
if (GET_MINOR(dev) == IPL_LOGSYNC)
|
||||
return ipf_sync_write(&ipfmain, uio);
|
||||
return ENXIO;
|
||||
}
|
@ -1,114 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
|
||||
|
||||
/*typedef unsigned int spustate_t;*/
|
||||
struct uio;
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/cmn_err.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/callout.h>
|
||||
#include <sys/moddefs.h>
|
||||
#include <sys/io.h>
|
||||
#include <sys/wsio.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/byteorder.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stropts.h>
|
||||
#include <net/if.h>
|
||||
#include <net/af.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
#include "ip_rules.h"
|
||||
|
||||
|
||||
/*
|
||||
* Driver Header
|
||||
*/
|
||||
static drv_info_t ipf_drv_info = {
|
||||
"IP Filter Rules", /* type */
|
||||
"pseudo", /* class */
|
||||
DRV_PSEUDO|DRV_SAVE_CONF|DRV_MP_SAFE, /* flags */
|
||||
-1, /* b_major */
|
||||
-1, /* c_major */
|
||||
NULL, /* cdio */
|
||||
NULL, /* gio_private */
|
||||
NULL, /* cdio_private */
|
||||
};
|
||||
|
||||
|
||||
extern struct mod_operations gio_mod_ops;
|
||||
static drv_info_t ipf_drv_info;
|
||||
extern struct mod_conf_data ipf_conf_data;
|
||||
|
||||
static struct mod_type_data ipf_drv_link = {
|
||||
IPL_VERSION, (void *)NULL
|
||||
};
|
||||
|
||||
static struct modlink ipf_mod_link[] = {
|
||||
{ &gio_mod_ops, (void *)&ipf_drv_link },
|
||||
{ NULL, (void *)NULL }
|
||||
};
|
||||
|
||||
struct modwrapper ipf_wrapper = {
|
||||
MODREV,
|
||||
ipf_load,
|
||||
ipf_unload,
|
||||
(void (*)())NULL,
|
||||
(void *)&ipf_conf_data,
|
||||
ipf_mod_link
|
||||
};
|
||||
|
||||
|
||||
static int ipf_load(void *arg)
|
||||
{
|
||||
int i;
|
||||
|
||||
i = ipfrule_add();
|
||||
if (!i)
|
||||
ipf_refcnt--;
|
||||
#ifdef IPFDEBUG
|
||||
printf("IP Filter Rules: ipfrule_add() = %d\n", i);
|
||||
#endif
|
||||
if (!i)
|
||||
cmn_err(CE_CONT, "IP Filter Rules: Loaded\n");
|
||||
return i;
|
||||
}
|
||||
|
||||
|
||||
static int ipf_unload(void *arg)
|
||||
{
|
||||
int i;
|
||||
|
||||
i = ipfrule_remove();
|
||||
if (!i)
|
||||
ipf_refcnt--;
|
||||
#ifdef IPFDEBUG
|
||||
printf("IP Filter Rules: ipfrule_remove() = %d\n", i);
|
||||
#endif
|
||||
if (!i)
|
||||
cmn_err(CE_CONT, "IP Filter Rules: Unloaded\n");
|
||||
return i;
|
||||
}
|
@ -1,355 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
|
||||
* its own major char number! Way cool patch!
|
||||
*/
|
||||
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
/*
|
||||
* Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
|
||||
* on those hooks. We don't need any special mods with this!
|
||||
*/
|
||||
#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
|
||||
(defined(NetBSD1_2) && NetBSD1_2 > 1)
|
||||
# define NETBSD_PF
|
||||
#endif
|
||||
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/exec.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <sys/lkm.h>
|
||||
#include <sys/poll.h>
|
||||
#include <sys/select.h>
|
||||
#include "ipl.h"
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
#include "ip_auth.h"
|
||||
#include "ip_state.h"
|
||||
#include "ip_nat.h"
|
||||
#include "ip_sync.h"
|
||||
|
||||
#if !defined(__NetBSD_Version__) || __NetBSD_Version__ < 103050000
|
||||
#define vn_lock(v,f) VOP_LOCK(v)
|
||||
#endif
|
||||
|
||||
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
|
||||
#define VOP_LEASE LEASE_CHECK
|
||||
#endif
|
||||
|
||||
|
||||
extern int lkmenodev __P((void));
|
||||
|
||||
#if NetBSD >= 199706
|
||||
int ipflkm_lkmentry __P((struct lkm_table *, int, int));
|
||||
#else
|
||||
int xxxinit __P((struct lkm_table *, int, int));
|
||||
#endif
|
||||
static int ipf_unload __P((void));
|
||||
static int ipf_load __P((void));
|
||||
static int ipf_remove __P((void));
|
||||
static int ipfaction __P((struct lkm_table *, int));
|
||||
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
|
||||
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
|
||||
IPLOOKUP_NAME, NULL };
|
||||
|
||||
int ipf_major = 0;
|
||||
extern ipf_main_softc_t ipfmain;
|
||||
extern const struct cdevsw ipl_cdevsw;
|
||||
|
||||
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
|
||||
MOD_DEV(IPL_VERSION, "ipf", NULL, -1, &ipl_cdevsw, -1);
|
||||
#else
|
||||
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
|
||||
#endif
|
||||
|
||||
extern int vd_unuseddev __P((void));
|
||||
extern struct cdevsw cdevsw[];
|
||||
extern int nchrdev;
|
||||
|
||||
|
||||
int
|
||||
#if NetBSD >= 199706
|
||||
ipflkm_lkmentry(lkmtp, cmd, ver)
|
||||
#else
|
||||
xxxinit(lkmtp, cmd, ver)
|
||||
#endif
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipfaction(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
|
||||
int i;
|
||||
#endif
|
||||
struct lkm_dev *args = lkmtp->private.lkm_dev;
|
||||
int err = 0;
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case LKM_E_LOAD :
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
|
||||
# if (__NetBSD_Version__ < 200000000)
|
||||
err = devsw_attach(args->lkm_devname,
|
||||
args->lkm_bdev, &args->lkm_bdevmaj,
|
||||
args->lkm_cdev, &args->lkm_cdevmaj);
|
||||
if (err != 0)
|
||||
return (err);
|
||||
# endif
|
||||
ipf_major = args->lkm_cdevmaj;
|
||||
#else
|
||||
for (i = 0; i < nchrdev; i++)
|
||||
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
|
||||
cdevsw[i].d_open == ipfopen)
|
||||
break;
|
||||
if (i == nchrdev) {
|
||||
printf("IP Filter: No free cdevsw slots\n");
|
||||
return ENODEV;
|
||||
}
|
||||
|
||||
ipf_major = i;
|
||||
args->lkm_offset = i; /* slot in cdevsw[] */
|
||||
#endif
|
||||
printf("IP Filter: loaded into slot %d\n", ipf_major);
|
||||
return ipf_load();
|
||||
case LKM_E_UNLOAD :
|
||||
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
|
||||
devsw_detach(args->lkm_bdev, args->lkm_cdev);
|
||||
args->lkm_bdevmaj = -1;
|
||||
args->lkm_cdevmaj = -1;
|
||||
#endif
|
||||
err = ipf_unload();
|
||||
if (!err)
|
||||
printf("IP Filter: unloaded from slot %d\n",
|
||||
ipf_major);
|
||||
break;
|
||||
case LKM_E_STAT :
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipf_remove()
|
||||
{
|
||||
char *name;
|
||||
struct nameidata nd;
|
||||
int error, i;
|
||||
|
||||
for (i = 0; (name = ipf_devfiles[i]); i++) {
|
||||
#if (__NetBSD_Version__ > 106009999)
|
||||
# if (__NetBSD_Version__ > 399001400)
|
||||
# if (__NetBSD_Version__ > 499001400)
|
||||
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
|
||||
name);
|
||||
# else
|
||||
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
|
||||
name, curlwp);
|
||||
# endif
|
||||
# else
|
||||
NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
|
||||
name, curproc);
|
||||
# endif
|
||||
#else
|
||||
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
|
||||
#endif
|
||||
if ((error = namei(&nd)))
|
||||
return (error);
|
||||
#if (__NetBSD_Version__ > 399001400)
|
||||
# if (__NetBSD_Version__ > 399002000)
|
||||
# if (__NetBSD_Version__ < 499001400)
|
||||
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
|
||||
# endif
|
||||
# else
|
||||
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
|
||||
# endif
|
||||
#else
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
#endif
|
||||
#if !defined(__NetBSD_Version__) || (__NetBSD_Version__ < 106000000)
|
||||
vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
|
||||
#endif
|
||||
#if (__NetBSD_Version__ >= 399002000)
|
||||
# if (__NetBSD_Version__ < 499001400)
|
||||
VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_cred, LEASE_WRITE);
|
||||
# endif
|
||||
#else
|
||||
# if (__NetBSD_Version__ > 399001400)
|
||||
VOP_LEASE(nd.ni_vp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
|
||||
# else
|
||||
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
# endif
|
||||
#endif
|
||||
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipf_unload()
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
/*
|
||||
* Unloading - remove the filter rule check from the IP
|
||||
* input/output stream.
|
||||
*/
|
||||
if (ipfmain.ipf_refcnt)
|
||||
error = EBUSY;
|
||||
else if (ipfmain.ipf_running >= 0) {
|
||||
error = ipfdetach(&ipfmain);
|
||||
if (error == 0) {
|
||||
ipf_destroy_all(&ipfmain);
|
||||
ipf_unload_all();
|
||||
}
|
||||
}
|
||||
|
||||
if (error == 0) {
|
||||
ipfmain.ipf_running = -2;
|
||||
error = ipf_remove();
|
||||
printf("%s unloaded\n", ipfilter_version);
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipf_load()
|
||||
{
|
||||
struct nameidata nd;
|
||||
struct vattr vattr;
|
||||
int error = 0, fmode = S_IFCHR|0600, i;
|
||||
char *name;
|
||||
|
||||
/*
|
||||
* XXX Remove existing device nodes prior to creating new ones
|
||||
* XXX using the assigned LKM device slot's major number. In a
|
||||
* XXX perfect world we could use the ones specified by cdevsw[].
|
||||
*/
|
||||
(void)ipf_remove();
|
||||
|
||||
bzero((char *)&ipfmain, sizeof(ipfmain));
|
||||
error = ipf_load_all();
|
||||
if (error != 0)
|
||||
return error;
|
||||
if (ipf_create_all(&ipfmain) == NULL) {
|
||||
ipf_unload_all();
|
||||
return EIO;
|
||||
}
|
||||
|
||||
error = ipfattach(&ipfmain);
|
||||
if (error != 0) {
|
||||
(void) ipf_unload();
|
||||
return error;
|
||||
}
|
||||
|
||||
for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
|
||||
#if (__NetBSD_Version__ > 399001400)
|
||||
# if (__NetBSD_Version__ > 499001400)
|
||||
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name);
|
||||
# else
|
||||
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curlwp);
|
||||
# endif
|
||||
#else
|
||||
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
|
||||
#endif
|
||||
if ((error = namei(&nd)))
|
||||
break;
|
||||
if (nd.ni_vp != NULL) {
|
||||
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
||||
if (nd.ni_dvp == nd.ni_vp)
|
||||
vrele(nd.ni_dvp);
|
||||
else
|
||||
vput(nd.ni_dvp);
|
||||
vrele(nd.ni_vp);
|
||||
error = EEXIST;
|
||||
break;
|
||||
}
|
||||
VATTR_NULL(&vattr);
|
||||
vattr.va_type = VCHR;
|
||||
vattr.va_mode = (fmode & 07777);
|
||||
vattr.va_rdev = (ipf_major << 8) | i;
|
||||
#if (__NetBSD_Version__ > 399001400)
|
||||
# if (__NetBSD_Version__ >= 399002000)
|
||||
# if (__NetBSD_Version__ < 499001400)
|
||||
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_cred, LEASE_WRITE);
|
||||
# endif
|
||||
# else
|
||||
VOP_LEASE(nd.ni_dvp, curlwp, curlwp->l_proc->p_ucred, LEASE_WRITE);
|
||||
# endif
|
||||
#else
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
#endif
|
||||
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
||||
if (error == 0)
|
||||
vput(nd.ni_vp);
|
||||
}
|
||||
|
||||
if (error == 0) {
|
||||
char *defpass;
|
||||
|
||||
if (FR_ISPASS(ipfmain.ipf_pass))
|
||||
defpass = "pass";
|
||||
else if (FR_ISBLOCK(ipfmain.ipf_pass))
|
||||
defpass = "block";
|
||||
else
|
||||
defpass = "no-match -> block";
|
||||
|
||||
printf("%s initialized. Default = %s all, Logging = %s%s\n",
|
||||
ipfilter_version, defpass,
|
||||
#ifdef IPFILTER_LOG
|
||||
"enabled",
|
||||
#else
|
||||
"disabled",
|
||||
#endif
|
||||
#ifdef IPFILTER_COMPILED
|
||||
" (COMPILED)"
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
);
|
||||
ipfmain.ipf_running = 1;
|
||||
}
|
||||
return error;
|
||||
}
|
@ -1,83 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/exec.h>
|
||||
#include <sys/socket.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <sys/lkm.h>
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
#include "ip_rules.h"
|
||||
|
||||
|
||||
static int ipfruleaction __P((struct lkm_table *, int));
|
||||
|
||||
#ifdef IPFILTER_LKM
|
||||
# if NetBSD >= 199706
|
||||
int ipfrule_lkmentry __P((struct lkm_table *, int, int));
|
||||
# else
|
||||
int xxxinit __P((struct lkm_table *, int, int));
|
||||
# endif
|
||||
|
||||
|
||||
MOD_MISC("IPFilter Rules");
|
||||
|
||||
# if NetBSD >= 199706
|
||||
int ipfrule_lkmentry(lkmtp, cmd, ver)
|
||||
# else
|
||||
int xxxinit(lkmtp, cmd, ver)
|
||||
# endif
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
|
||||
}
|
||||
|
||||
static int ipfruleaction(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
int err = 0;
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case LKM_E_LOAD :
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
err = ipfrule_add();
|
||||
if (!err)
|
||||
ipf_refcnt++;
|
||||
break;
|
||||
case LKM_E_UNLOAD :
|
||||
err = ipfrule_remove();
|
||||
if (!err)
|
||||
ipf_refcnt--;
|
||||
break;
|
||||
case LKM_E_STAT :
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
return err;
|
||||
}
|
||||
#endif /* IPFILTER_LKM */
|
@ -1,364 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sys/namei.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/exec.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <sys/lkm.h>
|
||||
#include "ipl.h"
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
|
||||
#define vn_lock(v,f) VOP_LOCK(v)
|
||||
|
||||
#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
|
||||
#define VOP_LEASE LEASE_CHECK
|
||||
#endif
|
||||
|
||||
|
||||
extern int lkmenodev __P((void));
|
||||
|
||||
#if OpenBSD >= 200311
|
||||
int if_ipf_lkmentry __P((struct lkm_table *, int, int));
|
||||
#else
|
||||
int if_ipf __P((struct lkm_table *, int, int));
|
||||
#endif
|
||||
static int ipf_unload __P((void));
|
||||
static int ipf_load __P((void));
|
||||
static int ipf_remove __P((void));
|
||||
static int ipfaction __P((struct lkm_table *, int));
|
||||
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
|
||||
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
|
||||
IPLOOKUP_NAME, NULL };
|
||||
|
||||
|
||||
struct cdevsw ipfdevsw =
|
||||
{
|
||||
ipfopen, /* open */
|
||||
ipfclose, /* close */
|
||||
ipfread, /* read */
|
||||
(void *)nullop, /* write */
|
||||
ipfioctl, /* ioctl */
|
||||
(void *)nullop, /* stop */
|
||||
(void *)NULL, /* tty */
|
||||
(void *)nullop, /* select */
|
||||
(void *)nullop, /* mmap */
|
||||
NULL /* strategy */
|
||||
};
|
||||
|
||||
int ipf_major = 0;
|
||||
|
||||
MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipfdevsw);
|
||||
|
||||
extern int vd_unuseddev __P((void));
|
||||
extern struct cdevsw cdevsw[];
|
||||
extern int nchrdev;
|
||||
|
||||
|
||||
#if OpenBSD >= 200311
|
||||
int if_ipf_lkmentry (lkmtp, cmd, ver)
|
||||
#else
|
||||
int if_ipf(lkmtp, cmd, ver)
|
||||
#endif
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
DISPATCH(lkmtp, cmd, ver, ipfaction, ipfaction, ipfaction);
|
||||
}
|
||||
|
||||
int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
|
||||
|
||||
static int ipfaction(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
int i;
|
||||
struct lkm_dev *args = lkmtp->private.lkm_dev;
|
||||
int err = 0;
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case LKM_E_LOAD :
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
for (i = 0; i < nchrdev; i++)
|
||||
if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
|
||||
cdevsw[i].d_open == ipfopen)
|
||||
break;
|
||||
if (i == nchrdev) {
|
||||
printf("IP Filter: No free cdevsw slots\n");
|
||||
return ENODEV;
|
||||
}
|
||||
|
||||
ipf_major = i;
|
||||
args->lkm_offset = i; /* slot in cdevsw[] */
|
||||
printf("IP Filter: loaded into slot %d\n", ipf_major);
|
||||
return ipf_load();
|
||||
case LKM_E_UNLOAD :
|
||||
err = ipf_unload();
|
||||
if (!err)
|
||||
printf("IP Filter: unloaded from slot %d\n",
|
||||
ipf_major);
|
||||
break;
|
||||
case LKM_E_STAT :
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
static int ipf_remove()
|
||||
{
|
||||
struct nameidata nd;
|
||||
int error, i;
|
||||
char *name;
|
||||
|
||||
for (i = 0; (name = ipf_devfiles[i]); i++) {
|
||||
#if OpenBSD >= 200311
|
||||
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF, UIO_SYSSPACE,
|
||||
name, curproc);
|
||||
#else
|
||||
NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
|
||||
#endif
|
||||
if ((error = namei(&nd)))
|
||||
return (error);
|
||||
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
#if OpenBSD < 200311
|
||||
VOP_LOCK(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY, curproc);
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
#else
|
||||
(void)uvm_vnp_uncache(nd.ni_vp);
|
||||
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
#endif
|
||||
(void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int ipf_unload()
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
/*
|
||||
* Unloading - remove the filter rule check from the IP
|
||||
* input/output stream.
|
||||
*/
|
||||
if (ipf_refcnt)
|
||||
error = EBUSY;
|
||||
else if (ipf_running >= 0)
|
||||
error = ipfdetach();
|
||||
|
||||
if (error == 0) {
|
||||
ipf_running = -2;
|
||||
error = ipf_remove();
|
||||
printf("%s unloaded\n", ipfilter_version);
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static int ipf_load()
|
||||
{
|
||||
struct nameidata nd;
|
||||
struct vattr vattr;
|
||||
int error = 0, fmode = S_IFCHR|0600, i;
|
||||
char *name;
|
||||
|
||||
/*
|
||||
* XXX Remove existing device nodes prior to creating new ones
|
||||
* XXX using the assigned LKM device slot's major number. In a
|
||||
* XXX perfect world we could use the ones specified by cdevsw[].
|
||||
*/
|
||||
(void)ipf_remove();
|
||||
|
||||
error = ipfattach();
|
||||
|
||||
for (i = 0; (error == 0) && (name = ipf_devfiles[i]); i++) {
|
||||
NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
|
||||
if ((error = namei(&nd)))
|
||||
break;
|
||||
if (nd.ni_vp != NULL) {
|
||||
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
||||
if (nd.ni_dvp == nd.ni_vp)
|
||||
vrele(nd.ni_dvp);
|
||||
else
|
||||
vput(nd.ni_dvp);
|
||||
vrele(nd.ni_vp);
|
||||
error = EEXIST;
|
||||
break;
|
||||
}
|
||||
VATTR_NULL(&vattr);
|
||||
vattr.va_type = VCHR;
|
||||
vattr.va_mode = (fmode & 07777);
|
||||
vattr.va_rdev = (ipf_major << 8) | i;
|
||||
VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
|
||||
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
||||
}
|
||||
|
||||
if (error == 0) {
|
||||
char *defpass;
|
||||
|
||||
if (FR_ISPASS(ipf_pass))
|
||||
defpass = "pass";
|
||||
else if (FR_ISBLOCK(ipf_pass))
|
||||
defpass = "block";
|
||||
else
|
||||
defpass = "no-match -> block";
|
||||
|
||||
printf("%s initialized. Default = %s all, Logging = %s%s\n",
|
||||
ipfilter_version, defpass,
|
||||
#ifdef IPFILTER_LOG
|
||||
"enabled",
|
||||
#else
|
||||
"disabled",
|
||||
#endif
|
||||
#ifdef IPFILTER_COMPILED
|
||||
" (COMPILED)"
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
);
|
||||
ipf_running = 1;
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* routines below for saving IP headers to buffer
|
||||
*/
|
||||
int
|
||||
ipfopen(dev, flags, devtype, p)
|
||||
dev_t dev;
|
||||
int flags;
|
||||
int devtype;
|
||||
struct proc *p;
|
||||
{
|
||||
u_int min = GET_MINOR(dev);
|
||||
int error;
|
||||
|
||||
if (IPL_LOGMAX < min) {
|
||||
error = ENXIO;
|
||||
} else {
|
||||
switch (unit)
|
||||
{
|
||||
case IPL_LOGIPF :
|
||||
case IPL_LOGNAT :
|
||||
case IPL_LOGSTATE :
|
||||
case IPL_LOGAUTH :
|
||||
case IPL_LOGLOOKUP :
|
||||
case IPL_LOGSYNC :
|
||||
#ifdef IPFILTER_SCAN
|
||||
case IPL_LOGSCAN :
|
||||
#endif
|
||||
error = 0;
|
||||
break;
|
||||
default :
|
||||
error = ENXIO;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ipfclose(dev, flags, devtype, p)
|
||||
dev_t dev;
|
||||
int flags;
|
||||
int devtype;
|
||||
struct proc *p;
|
||||
{
|
||||
u_int min = GET_MINOR(dev);
|
||||
|
||||
if (IPL_LOGMAX < min)
|
||||
min = ENXIO;
|
||||
else
|
||||
min = 0;
|
||||
return min;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ipfread/ipflog
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
int
|
||||
ipfread(dev, uio, ioflag)
|
||||
dev_t dev;
|
||||
register struct uio *uio;
|
||||
int ioflag;
|
||||
{
|
||||
|
||||
if (ipf_running < 1)
|
||||
return EIO;
|
||||
|
||||
if (GET_MINOR(dev) == IPL_LOGSYNC)
|
||||
return ipfsync_read(uio);
|
||||
|
||||
#ifdef IPFILTER_LOG
|
||||
return ipflog_read(GET_MINOR(dev), uio);
|
||||
#else
|
||||
return ENXIO;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ipfwrite
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
int
|
||||
#if (BSD >= 199306)
|
||||
ipfwrite(dev, uio, ioflag)
|
||||
int ioflag;
|
||||
#else
|
||||
ipfwrite(dev, uio)
|
||||
#endif
|
||||
dev_t dev;
|
||||
register struct uio *uio;
|
||||
{
|
||||
|
||||
if (ipf_running < 1)
|
||||
return EIO;
|
||||
|
||||
if (GET_MINOR(dev) == IPL_LOGSYNC)
|
||||
return ipfsync_write(uio);
|
||||
return ENXIO;
|
||||
}
|
@ -1,80 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/proc.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/exec.h>
|
||||
#include <sys/socket.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <sys/lkm.h>
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
#include "ip_rules.h"
|
||||
|
||||
|
||||
#ifdef IPFILTER_LKM
|
||||
|
||||
static int ipfruleaction __P((struct lkm_table *, int));
|
||||
|
||||
int ipfrule __P((struct lkm_table *, int, int));
|
||||
|
||||
|
||||
MOD_MISC("IPFilter Rules");
|
||||
|
||||
int ipfrule(lkmtp, cmd, ver)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd, ver;
|
||||
{
|
||||
DISPATCH(lkmtp, cmd, ver, ipfruleaction, ipfruleaction, ipfruleaction);
|
||||
}
|
||||
|
||||
int lkmexists __P((struct lkm_table *)); /* defined in /sys/kern/kern_lkm.c */
|
||||
|
||||
static int ipfruleaction(lkmtp, cmd)
|
||||
struct lkm_table *lkmtp;
|
||||
int cmd;
|
||||
{
|
||||
int err = 0;
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case LKM_E_LOAD :
|
||||
if (lkmexists(lkmtp))
|
||||
return EEXIST;
|
||||
|
||||
err = ipfrule_add();
|
||||
if (!err)
|
||||
ipf_refcnt++;
|
||||
break;
|
||||
case LKM_E_UNLOAD :
|
||||
err = ipfrule_remove();
|
||||
if (!err)
|
||||
ipf_refcnt--;
|
||||
break;
|
||||
case LKM_E_STAT :
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
return err;
|
||||
}
|
||||
#endif /* IPFILTER_LKM */
|
@ -1,351 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
/*
|
||||
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
|
||||
* its own major char number! Way cool patch!
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sundev/mbvar.h>
|
||||
#include <sun/autoconf.h>
|
||||
#include <sun/vddrv.h>
|
||||
#if defined(sun4c) || defined(sun4m)
|
||||
# include <sun/openprom.h>
|
||||
#endif
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <net/if.h>
|
||||
#include "ipl.h"
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
|
||||
|
||||
#if !defined(lint)
|
||||
static const char sccsid[] = "@(#)mls_ipl.c 2.6 10/15/95 (C) 1993-2000 Darren Reed";
|
||||
static const char rcsid[] = "@(#)$Id$";
|
||||
#endif
|
||||
|
||||
extern int ipfdetach __P((void));
|
||||
#ifndef IPFILTER_LOG
|
||||
#define ipfread nulldev
|
||||
#endif
|
||||
extern int nulldev __P((void));
|
||||
extern int errno;
|
||||
|
||||
extern int nodev __P((void));
|
||||
|
||||
static int unload __P((void));
|
||||
static int ipf_attach __P((void));
|
||||
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
|
||||
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
|
||||
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
|
||||
IPLOOKUP_NAME, NULL };
|
||||
static int ipfopen __P((dev_t, int));
|
||||
static int ipfclose __P((dev_t, int));
|
||||
static int ipfread __P((dev_t, struct uio *));
|
||||
static int ipfwrite __P((dev_t, struct uio *));
|
||||
|
||||
|
||||
struct cdevsw ipfdevsw =
|
||||
{
|
||||
ipfopen, ipfclose, ipfread, nulldev,
|
||||
ipfioctl, nulldev, nulldev, nulldev,
|
||||
0, nulldev,
|
||||
};
|
||||
|
||||
|
||||
struct dev_ops ipf_ops =
|
||||
{
|
||||
1,
|
||||
ipfidentify,
|
||||
ipfattach,
|
||||
ipfopen,
|
||||
ipfclose,
|
||||
ipfread,
|
||||
ipfwrite,
|
||||
NULL, /* strategy */
|
||||
NULL, /* dump */
|
||||
0, /* psize */
|
||||
ipfioctl,
|
||||
NULL, /* reset */
|
||||
NULL /* mmap */
|
||||
};
|
||||
|
||||
int ipf_major = 0;
|
||||
|
||||
#ifdef sun4m
|
||||
struct vdldrv vd =
|
||||
{
|
||||
VDMAGIC_PSEUDO,
|
||||
IPL_VERSION,
|
||||
&ipf_ops,
|
||||
NULL,
|
||||
&ipfdevsw,
|
||||
0,
|
||||
0,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
0,
|
||||
1,
|
||||
};
|
||||
#else /* sun4m */
|
||||
struct vdldrv vd =
|
||||
{
|
||||
VDMAGIC_PSEUDO, /* magic */
|
||||
IPL_VERSION,
|
||||
#ifdef sun4c
|
||||
&ipf_ops, /* dev_ops */
|
||||
#else
|
||||
NULL, /* struct mb_ctlr *mb_ctlr */
|
||||
NULL, /* struct mb_driver *mb_driver */
|
||||
NULL, /* struct mb_device *mb_device */
|
||||
0, /* num ctlrs */
|
||||
1, /* numdevs */
|
||||
#endif /* sun4c */
|
||||
NULL, /* bdevsw */
|
||||
&ipfdevsw, /* cdevsw */
|
||||
0, /* block major */
|
||||
0, /* char major */
|
||||
};
|
||||
#endif /* sun4m */
|
||||
|
||||
extern int vd_unuseddev __P((void));
|
||||
extern struct cdevsw cdevsw[];
|
||||
extern int nchrdev;
|
||||
|
||||
xxxinit(fc, vdp, data, vds)
|
||||
u_int fc;
|
||||
struct vddrv *vdp;
|
||||
caddr_t data;
|
||||
struct vdstat *vds;
|
||||
{
|
||||
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
|
||||
|
||||
switch (fc)
|
||||
{
|
||||
case VDLOAD:
|
||||
{
|
||||
struct vdconf *vdc;
|
||||
if (vdi && vdi->vdi_userconf)
|
||||
for (vdc = vdi->vdi_userconf; vdc->vdc_type; vdc++)
|
||||
if (vdc->vdc_type == VDCCHARMAJOR) {
|
||||
ipf_major = vdc->vdc_data;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!ipf_major) {
|
||||
while (ipf_major < nchrdev &&
|
||||
cdevsw[ipf_major].d_open != vd_unuseddev)
|
||||
ipf_major++;
|
||||
if (ipf_major == nchrdev)
|
||||
return ENODEV;
|
||||
}
|
||||
vdp->vdd_vdtab = (struct vdlinkage *)&vd;
|
||||
vd.Drv_charmajor = ipf_major;
|
||||
return ipf_attach();
|
||||
}
|
||||
case VDUNLOAD:
|
||||
return unload();
|
||||
case VDSTAT:
|
||||
return 0;
|
||||
default:
|
||||
return EIO;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
unload()
|
||||
{
|
||||
int err = 0, i;
|
||||
char *name;
|
||||
|
||||
if (ipf_refcnt != 0)
|
||||
err = EBUSY;
|
||||
else if (ipf_running >= 0)
|
||||
err = ipfdetach();
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
ipf_running = -2;
|
||||
for (i = 0; (name = ipf_devfiles[i]); i++)
|
||||
(void) vn_remove(name, UIO_SYSSPACE, FILE);
|
||||
printf("%s unloaded\n", ipfilter_version);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipf_attach()
|
||||
{
|
||||
struct vnode *vp;
|
||||
struct vattr vattr;
|
||||
int error = 0, fmode = S_IFCHR|0600, i;
|
||||
char *name;
|
||||
|
||||
error = ipfattach();
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
for (i = 0; (name = ipf_devfiles[i]); i++) {
|
||||
(void) vn_remove(name, UIO_SYSSPACE, FILE);
|
||||
vattr_null(&vattr);
|
||||
vattr.va_type = MFTOVT(fmode);
|
||||
vattr.va_mode = (fmode & 07777);
|
||||
vattr.va_rdev = (ipf_major << 8) | i;
|
||||
|
||||
error = vn_create(name, UIO_SYSSPACE, &vattr, EXCL, 0, &vp);
|
||||
if (error) {
|
||||
printf("IP Filter: vn_create(%s) = %d\n", name, error);
|
||||
break;
|
||||
} else {
|
||||
VN_RELE(vp);
|
||||
}
|
||||
}
|
||||
|
||||
if (error == 0) {
|
||||
char *defpass;
|
||||
|
||||
if (FR_ISPASS(ipf_pass))
|
||||
defpass = "pass";
|
||||
else if (FR_ISBLOCK(ipf_pass))
|
||||
defpass = "block";
|
||||
else
|
||||
defpass = "no-match -> block";
|
||||
|
||||
printf("%s initialized. Default = %s all, Logging = %s%s\n",
|
||||
ipfilter_version, defpass,
|
||||
#ifdef IPFILTER_LOG
|
||||
"enabled",
|
||||
#else
|
||||
"disabled",
|
||||
#endif
|
||||
#ifdef IPFILTER_COMPILED
|
||||
" (COMPILED)"
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
);
|
||||
ipf_running = 1;
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* routines below for saving IP headers to buffer
|
||||
*/
|
||||
static int
|
||||
ipfopen(dev, flags)
|
||||
dev_t dev;
|
||||
int flags;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
int error;
|
||||
|
||||
if (IPL_LOGMAX < unit) {
|
||||
error = ENXIO;
|
||||
} else {
|
||||
switch (unit)
|
||||
{
|
||||
case IPL_LOGIPF :
|
||||
case IPL_LOGNAT :
|
||||
case IPL_LOGSTATE :
|
||||
case IPL_LOGAUTH :
|
||||
case IPL_LOGLOOKUP :
|
||||
case IPL_LOGSYNC :
|
||||
#ifdef IPFILTER_SCAN
|
||||
case IPL_LOGSCAN :
|
||||
#endif
|
||||
error = 0;
|
||||
break;
|
||||
default :
|
||||
error = ENXIO;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ipfclose(dev, flags)
|
||||
dev_t dev;
|
||||
int flags;
|
||||
{
|
||||
u_int unit = GET_MINOR(dev);
|
||||
|
||||
if (IPL_LOGMAX < unit)
|
||||
unit = ENXIO;
|
||||
else
|
||||
unit = 0;
|
||||
return unit;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ipfread/ipflog
|
||||
* both of these must operate with at least splnet() lest they be
|
||||
* called during packet processing and cause an inconsistancy to appear in
|
||||
* the filter lists.
|
||||
*/
|
||||
static int
|
||||
ipfread(dev, uio)
|
||||
dev_t dev;
|
||||
register struct uio *uio;
|
||||
{
|
||||
|
||||
if (ipf_running < 1) {
|
||||
ipfmain.ipf_interror = 130006;
|
||||
return EIO;
|
||||
}
|
||||
|
||||
#ifdef IPFILTER_LOG
|
||||
return ipflog_read(GET_MINOR(dev), uio);
|
||||
#else
|
||||
ipfmain.ipf_interror = 130007;
|
||||
return ENXIO;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ipfwrite
|
||||
*/
|
||||
static int
|
||||
ipfwrite(dev, uio)
|
||||
dev_t dev;
|
||||
register struct uio *uio;
|
||||
{
|
||||
|
||||
if (ipf_running < 1) {
|
||||
ipfmain.ipf_interror = 130008;
|
||||
return EIO;
|
||||
}
|
||||
|
||||
if (getminor(dev) == IPL_LOGSYNC)
|
||||
return ipfsync_write(uio);
|
||||
ipfmain.ipf_interror = 130009;
|
||||
return ENXIO;
|
||||
}
|
@ -1,116 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
/*
|
||||
* 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate
|
||||
* its own major char number! Way cool patch!
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/file.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/syslog.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/mbuf.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/vnode.h>
|
||||
#include <sundev/mbvar.h>
|
||||
#include <sun/autoconf.h>
|
||||
#include <sun/vddrv.h>
|
||||
#if defined(sun4c) || defined(sun4m)
|
||||
# include <sun/openprom.h>
|
||||
#endif
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <net/if.h>
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
#include "ip_rules.h"
|
||||
|
||||
|
||||
extern int errno;
|
||||
|
||||
|
||||
int xxxinit __P((u_int, struct vddrv *, caddr_t, struct vdstat *));
|
||||
|
||||
int ipl_major = 0;
|
||||
|
||||
#ifdef sun4m
|
||||
struct vdldrv vd =
|
||||
{
|
||||
VDMAGIC_USER,
|
||||
"IP Filter rules",
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
0,
|
||||
0,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
0,
|
||||
1,
|
||||
};
|
||||
#else /* sun4m */
|
||||
struct vdldrv vd =
|
||||
{
|
||||
VDMAGIC_USER, /* magic */
|
||||
"IP Filter rules",
|
||||
#ifdef sun4c
|
||||
NULL, /* dev_ops */
|
||||
#else
|
||||
NULL, /* struct mb_ctlr *mb_ctlr */
|
||||
NULL, /* struct mb_driver *mb_driver */
|
||||
NULL, /* struct mb_device *mb_device */
|
||||
0, /* num ctlrs */
|
||||
1, /* numdevs */
|
||||
#endif /* sun4c */
|
||||
NULL, /* bdevsw */
|
||||
NULL, /* cdevsw */
|
||||
0, /* block major */
|
||||
0, /* char major */
|
||||
};
|
||||
#endif /* sun4m */
|
||||
|
||||
|
||||
xxxinit(fc, vdp, data, vds)
|
||||
u_int fc;
|
||||
struct vddrv *vdp;
|
||||
caddr_t data;
|
||||
struct vdstat *vds;
|
||||
{
|
||||
struct vdioctl_load *vdi = (struct vdioctl_load *)data;
|
||||
int err;
|
||||
|
||||
switch (fc)
|
||||
{
|
||||
case VDLOAD:
|
||||
err = ipfrule_add();
|
||||
if (!err)
|
||||
ipf_refcnt++;
|
||||
break;
|
||||
case VDUNLOAD:
|
||||
err = ipfrule_remove();
|
||||
if (!err)
|
||||
ipf_refcnt--;
|
||||
break;
|
||||
case VDSTAT:
|
||||
err = 0;
|
||||
break;
|
||||
default:
|
||||
err = EIO;
|
||||
break;
|
||||
}
|
||||
}
|
@ -1,130 +0,0 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2012 by Darren Reed.
|
||||
*
|
||||
* See the IPFILTER.LICENCE file for details on licencing.
|
||||
*/
|
||||
#pragma ident "@(#)$Id$"
|
||||
|
||||
#include <sys/systm.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/buf.h>
|
||||
#include <sys/modctl.h>
|
||||
#include <sys/open.h>
|
||||
#include <sys/kmem.h>
|
||||
#include <sys/conf.h>
|
||||
#include <sys/cmn_err.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/cred.h>
|
||||
#include <sys/dditypes.h>
|
||||
#include <sys/stream.h>
|
||||
#include <sys/poll.h>
|
||||
#include <sys/autoconf.h>
|
||||
#include <sys/byteorder.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/dlpi.h>
|
||||
#include <sys/stropts.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <net/if.h>
|
||||
#if SOLARIS2 >= 6
|
||||
# include <net/if_types.h>
|
||||
#endif
|
||||
#include <net/af.h>
|
||||
#include <net/route.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/tcpip.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
#include <sys/ddi.h>
|
||||
#include <sys/sunddi.h>
|
||||
#include "ip_compat.h"
|
||||
#include "ip_fil.h"
|
||||
#include "ip_rules.h"
|
||||
|
||||
char _depends_on[] = "drv/ipf";
|
||||
|
||||
|
||||
extern ipf_main_softc_t ipfmain;
|
||||
extern struct mod_ops mod_miscops;
|
||||
static struct modlmisc ipfrulemod = {
|
||||
&mod_miscops,
|
||||
"IP Filter rules"
|
||||
};
|
||||
|
||||
static struct modlinkage modlink1 = {
|
||||
MODREV_1,
|
||||
&ipfrulemod,
|
||||
NULL
|
||||
};
|
||||
|
||||
|
||||
int _init()
|
||||
{
|
||||
int ipfruleinst;
|
||||
|
||||
ipfruleinst = mod_install(&modlink1);
|
||||
#ifdef IPFRULEDEBUG
|
||||
cmn_err(CE_NOTE, "IP Filter Rules: _init() = %d", ipfruleinst);
|
||||
#endif
|
||||
|
||||
if (ipfruleinst == 0) {
|
||||
if (ipfmain.ipf_running >= 0) {
|
||||
ipfruleinst = ipfrule_add();
|
||||
if (!ipfruleinst)
|
||||
ipfmain.ipf_refcnt++;
|
||||
else {
|
||||
cmn_err(CE_NOTE,
|
||||
"IP Filter Rules: ipfrule_add failed");
|
||||
ipfruleinst = -1;
|
||||
}
|
||||
} else
|
||||
ipfruleinst = -1;
|
||||
}
|
||||
if (ipfruleinst == 0)
|
||||
cmn_err(CE_CONT, "IP Filter Rules: loaded\n");
|
||||
return ipfruleinst;
|
||||
}
|
||||
|
||||
|
||||
int _fini(void)
|
||||
{
|
||||
int ipfruleinst;
|
||||
|
||||
ipfruleinst = mod_remove(&modlink1);
|
||||
#ifdef IPFRULEDEBUG
|
||||
cmn_err(CE_NOTE, "IP Filter Rules: _fini() = %d", ipfruleinst);
|
||||
#endif
|
||||
if (ipfruleinst == 0) {
|
||||
ipfruleinst = ipfrule_remove();
|
||||
if (!ipfruleinst)
|
||||
ipfmain.ipf_refcnt--;
|
||||
else
|
||||
ipfruleinst = -1;
|
||||
}
|
||||
if (ipfruleinst == 0)
|
||||
cmn_err(CE_CONT, "IP Filter Rules: unloaded\n");
|
||||
return ipfruleinst;
|
||||
}
|
||||
|
||||
|
||||
int _info(modinfop)
|
||||
struct modinfo *modinfop;
|
||||
{
|
||||
int ipfruleinst;
|
||||
|
||||
ipfruleinst = mod_info(&modlink1, modinfop);
|
||||
#ifdef IPFRULEDEBUG
|
||||
cmn_err(CE_NOTE, "IP Filter Rules: _info(%x) = %x",
|
||||
modinfop, ipfruleinst);
|
||||
#endif
|
||||
return ipfruleinst;
|
||||
}
|
Loading…
Reference in New Issue
Block a user