d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add IP Filter hooks (from patches).

Browse Source
This commit is contained in:
Darren Reed 1997-02-10 11:45:37 +00:00
parent 97daf05001
commit afed1b4988
3 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/netinet/in_proto.c
View File

@ -89,6 +89,12 @@ int tp_ctloutput(), tp_usrreq();
void eoninput(), eonctlinput(), eonprotoinit();
#endif /* EON */
#ifdef IPFILTER
void iplinit();
#define ip_init iplinit
#endif
extern struct domain inetdomain;
struct protosw inetsw[] = {

19
sys/netinet/ip_input.c
View File

@ -134,6 +134,12 @@ ip_nat_t *ip_nat_ptr;
ip_nat_ctl_t *ip_nat_ctl_ptr;
#endif
#if defined(IPFILTER_LKM) || defined(IPFILTER)
int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL;
#endif
/*
* We need to save the IP options in case a protocol wants to respond
* to an incoming packet over the same route if the packet got here
@ -341,6 +347,19 @@ tooshort:
return;
#endif
#if defined(IPFILTER) || defined(IPFILTER_LKM)
{
struct mbuf *m0 = m;
/*
* Check if we want to allow this packet to be processed.
* Consider it to be bad if not.
*/
if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
goto next;
ip = mtod(m = m0, struct ip *);
}
#endif
/*
* Process options and, if not destined for us,
* ship it on. ip_dooptions returns 1 when an

20
sys/netinet/ip_output.c
View File

@ -80,6 +80,12 @@ static int ip_pcbopts __P((struct mbuf **, struct mbuf *));
static int ip_setmoptions
__P((int, struct ip_moptions **, struct mbuf *));
#if defined(IPFILTER_LKM) || defined(IPFILTER)
extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
#endif
extern struct protosw inetsw[];
/*
@ -331,6 +337,20 @@ ip_output(m0, opt, ro, flags, imo)
m->m_flags &= ~M_BCAST;
}
#if defined(IPFILTER) || defined(IPFILTER_LKM)
{
struct mbuf *m0 = m;
/*
* looks like most checking has been done now...do a filter check
*/
if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m0))
{
error = EHOSTUNREACH;
goto done;
}
ip = mtod(m = m0, struct ip *);
}
#endif
sendit:
/*
* IpHack's section.