Cross Reference: /freebsd-10-stable/contrib/ipfilter/ip

Deleted Added

sdiff udiff text old ( 181313 ) new ( 255332 )

full compact

ip_fil.c (181313)	ip_fil.c (255332)
1/* $FreeBSD: head/contrib/ipfilter/ip_fil.c 181313 2008-08-04 22:45:27Z mlaier $ */	1/* $FreeBSD: head/contrib/ipfilter/ip_fil.c 255332 2013-09-06 23:11:19Z cy $ */
2 3/*	2 3/*
4 * Copyright (C) 1993-2001 by Darren Reed.	4 * Copyright (C) 2012 by Darren Reed.
5 * 6 * See the IPFILTER.LICENCE file for details on licencing.	5 * 6 * See the IPFILTER.LICENCE file for details on licencing.
	7 * 8 * $Id$
7 */ 8#if !defined(lint) 9static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";	9 */ 10#if !defined(lint) 11static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
10static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.18 2007/09/09 11:32:05 darrenr Exp $";	12static const char rcsid[] = "@(#)$Id$";
11#endif 12	13#endif 14
13#ifndef SOLARIS 14#define SOLARIS (defined(sun) && (defined(__svr4__) \|\| defined(__SVR4))) 15#endif 16 17#include <sys/param.h> 18#if defined(__FreeBSD__) && !defined(__FreeBSD_version) 19# if defined(IPFILTER_LKM) 20# ifndef __FreeBSD_cc_version 21# include <osreldate.h> 22# else 23# if __FreeBSD_cc_version < 430000 24# include <osreldate.h> 25# endif 26# endif 27# endif 28#endif 29#include <sys/errno.h> 30#if defined(__hpux) && (HPUXREV >= 1111) && !defined(_KERNEL) 31# include <sys/kern_svcs.h> 32#endif 33#include <sys/types.h> 34#define _KERNEL 35#define KERNEL 36#ifdef __OpenBSD__ 37struct file; 38#endif 39#include <sys/uio.h> 40#undef _KERNEL 41#undef KERNEL 42#include <sys/file.h> 43#include <sys/ioctl.h> 44#ifdef __sgi 45# include <sys/ptimers.h> 46#endif 47#include <sys/time.h> 48#if !SOLARIS 49# if (NetBSD > 199609) \|\| (OpenBSD > 199603) \|\| (__FreeBSD_version >= 300000) 50# include <sys/dirent.h> 51# else 52# include <sys/dir.h> 53# endif 54#else 55# include <sys/filio.h> 56#endif 57#ifndef linux 58# include <sys/protosw.h> 59#endif 60#include <sys/socket.h> 61 62#include <stdio.h> 63#include <string.h> 64#include <stdlib.h> 65#include <ctype.h> 66#include <fcntl.h> 67 68#ifdef __hpux 69# define _NET_ROUTE_INCLUDED 70#endif 71#include <net/if.h> 72#ifdef sun 73# include <net/af.h> 74#endif 75#if __FreeBSD_version >= 300000 76# include <net/if_var.h> 77#endif 78#ifdef __sgi 79#include <sys/debug.h> 80# ifdef IFF_DRVRLOCK /* IRIX6 / 81#include <sys/hashing.h> 82# endif 83#endif 84#if defined(__FreeBSD__) \|\| defined(SOLARIS2) 85# include "radix_ipf.h" 86#endif 87#ifndef __osf__ 88# include <net/route.h> 89#endif 90#include <netinet/in.h> 91#if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) / IRIX < 6 / && \ 92 !defined(__hpux) && !defined(linux) 93# include <netinet/in_var.h> 94#endif 95#include <netinet/in_systm.h> 96#include <netinet/ip.h> 97#if !defined(linux) 98# include <netinet/ip_var.h> 99#endif 100#include <netinet/tcp.h> 101#if defined(__osf__) 102# include <netinet/tcp_timer.h> 103#endif 104#if defined(__osf__) \|\| defined(__hpux) \|\| defined(__sgi) 105# include "radix_ipf_local.h" 106# define _RADIX_H_ 107#endif 108#include <netinet/udp.h> 109#include <netinet/tcpip.h> 110#include <netinet/ip_icmp.h> 111#include <unistd.h> 112#include <syslog.h> 113#include <arpa/inet.h> 114#ifdef __hpux 115# undef _NET_ROUTE_INCLUDED 116#endif 117#include "netinet/ip_compat.h" 118#include "netinet/ip_fil.h" 119#include "netinet/ip_nat.h" 120#include "netinet/ip_frag.h" 121#include "netinet/ip_state.h" 122#include "netinet/ip_proxy.h" 123#include "netinet/ip_auth.h" 124#ifdef IPFILTER_SYNC 125#include "netinet/ip_sync.h" 126#endif 127#ifdef IPFILTER_SCAN 128#include "netinet/ip_scan.h" 129#endif 130#include "netinet/ip_pool.h" 131#ifdef IPFILTER_COMPILED 132# include "netinet/ip_rules.h" 133#endif 134#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) 135# include <sys/malloc.h> 136#endif 137#ifdef __hpux 138struct rtentry; 139*#endif	15#include "ipf.h"
140#include "md5.h"	16#include "md5.h"
	17#include "ipt.h"
141	18
	19ipf_main_softc_t ipfmain;
142	20
143#if !defined(__osf__) && !defined(__linux__) 144extern struct protosw inetsw[]; 145#endif 146 147#include "ipt.h"
148static struct ifnet *ifneta = NULL; 149static int nifs = 0; 150*	21static struct ifnet **ifneta = NULL; 22static int nifs = 0; 23
151static void fr_setifpaddr __P((struct ifnet , char ));	24struct rtentry; 25 26static void ipf_setifpaddr __P((struct ifnet , char ));
152void init_ifp __P((void)); 153#if defined(__sgi) && (IRIX < 60500) 154static int no_output __P((struct ifnet , struct mbuf , 155 struct sockaddr )); 156static int write_output __P((struct ifnet , struct mbuf , 157* struct sockaddr )); 158#else 159# if TRU64 >= 1885 --- 5 unchanged lines hidden* (view full) --- 165static int no_output __P((struct ifnet , struct mbuf , 166 struct sockaddr , struct rtentry )); 167static int write_output __P((struct ifnet , struct mbuf , 168 struct sockaddr , struct rtentry )); 169# endif 170#endif 171 172	27void init_ifp __P((void)); 28#if defined(__sgi) && (IRIX < 60500) 29static int no_output __P((struct ifnet , struct mbuf , 30 struct sockaddr )); 31static int write_output __P((struct ifnet , struct mbuf , 32 struct sockaddr )); 33#else 34# if TRU64 >= 1885 --- 5 unchanged lines hidden (view full) --- 40static int no_output __P((struct ifnet , struct mbuf , 41 struct sockaddr , struct rtentry )); 42static int write_output __P((struct ifnet , struct mbuf , 43 struct sockaddr , struct rtentry )); 44# endif 45#endif 46 47
173int ipfattach()	48int 49ipfattach(softc) 50 ipf_main_softc_t *softc;
174{	51{
175 fr_running = 1;
176 return 0; 177} 178 179	52 return 0; 53} 54 55
180int ipfdetach()	56int 57ipfdetach(softc) 58 ipf_main_softc_t *softc;
181{	59{
182 fr_running = -1;
183 return 0; 184} 185 186 187/* 188 * Filter ioctl interface. 189 */	60 return 0; 61} 62 63 64/* 65 * Filter ioctl interface. 66 */
190int iplioctl(dev, cmd, data, mode) 191int dev; 192ioctlcmd_t cmd; 193caddr_t data; 194int mode;	67int 68ipfioctl(softc, dev, cmd, data, mode) 69 ipf_main_softc_t *softc; 70 int dev; 71 ioctlcmd_t cmd; 72 caddr_t data; 73 int mode;
195{ 196 int error = 0, unit = 0, uid;	74{ 75 int error = 0, unit = 0, uid;
197 SPL_INT(s);
198 199 uid = getuid(); 200 unit = dev; 201 202 SPL_NET(s); 203	76 77 uid = getuid(); 78 unit = dev; 79 80 SPL_NET(s); 81
204 error = fr_ioctlswitch(unit, data, cmd, mode, uid, NULL);	82 error = ipf_ioctlswitch(softc, unit, data, cmd, mode, uid, NULL);
205 if (error != -1) { 206 SPL_X(s); 207 return error; 208 }	83 if (error != -1) { 84 SPL_X(s); 85 return error; 86 }
209
210 SPL_X(s); 211 return error; 212} 213 214	87 SPL_X(s); 88 return error; 89} 90 91
215void fr_forgetifp(ifp) 216void *ifp;	92void 93ipf_forgetifp(softc, ifp) 94 ipf_main_softc_t softc; 95 void ifp;
217{ 218 register frentry_t f; 219*	96{ 97 register frentry_t *f; 98
220 WRITE_ENTER(&ipf_mutex); 221 for (f = ipacct[0][fr_active]; (f != NULL); f = f->fr_next)	99 WRITE_ENTER(&softc->ipf_mutex); 100 for (f = softc->ipf_acct[0][softc->ipf_active]; (f != NULL); 101 f = f->fr_next)
222 if (f->fr_ifa == ifp) 223 f->fr_ifa = (void *)-1;	102 if (f->fr_ifa == ifp) 103 f->fr_ifa = (void *)-1;
224 for (f = ipacct[1][fr_active]; (f != NULL); f = f->fr_next)	104 for (f = softc->ipf_acct[1][softc->ipf_active]; (f != NULL); 105 f = f->fr_next)
225 if (f->fr_ifa == ifp) 226 f->fr_ifa = (void *)-1;	106 if (f->fr_ifa == ifp) 107 f->fr_ifa = (void *)-1;
227 for (f = ipfilter[0][fr_active]; (f != NULL); f = f->fr_next)	108 for (f = softc->ipf_rules[0][softc->ipf_active]; (f != NULL); 109 f = f->fr_next)
228 if (f->fr_ifa == ifp) 229 f->fr_ifa = (void *)-1;	110 if (f->fr_ifa == ifp) 111 f->fr_ifa = (void *)-1;
230 for (f = ipfilter[1][fr_active]; (f != NULL); f = f->fr_next)	112 for (f = softc->ipf_rules[1][softc->ipf_active]; (f != NULL); 113 f = f->fr_next)
231 if (f->fr_ifa == ifp) 232 f->fr_ifa = (void *)-1;	114 if (f->fr_ifa == ifp) 115 f->fr_ifa = (void *)-1;
233#ifdef USE_INET6 234 for (f = ipacct6[0][fr_active]; (f != NULL); f = f->fr_next) 235 if (f->fr_ifa == ifp) 236 f->fr_ifa = (void )-1; 237* for (f = ipacct6[1][fr_active]; (f != NULL); f = f->fr_next) 238 if (f->fr_ifa == ifp) 239 f->fr_ifa = (void )-1; 240* for (f = ipfilter6[0][fr_active]; (f != NULL); f = f->fr_next) 241 if (f->fr_ifa == ifp) 242 f->fr_ifa = (void )-1; 243* for (f = ipfilter6[1][fr_active]; (f != NULL); f = f->fr_next) 244 if (f->fr_ifa == ifp) 245 f->fr_ifa = (void )-1; 246#endif 247* RWLOCK_EXIT(&ipf_mutex); 248 fr_natsync(ifp);	116 RWLOCK_EXIT(&softc->ipf_mutex); 117 ipf_nat_sync(softc, ifp); 118 ipf_lookup_sync(softc, ifp);
249} 250 251	119} 120 121
	122static int
252#if defined(__sgi) && (IRIX < 60500)	123#if defined(__sgi) && (IRIX < 60500)
253static int no_output(ifp, m, s)	124no_output(ifp, m, s)
254#else 255# if TRU64 >= 1885	125#else 126# if TRU64 >= 1885
256static int no_output (ifp, m, s, rt, cp) 257char *cp;	127no_output (ifp, m, s, rt, cp) 128 char *cp;
258# else	129# else
259static int no_output(ifp, m, s, rt)	130no_output(ifp, m, s, rt)
260# endif	131# endif
261struct rtentry *rt;	132 struct rtentry *rt;
262#endif	133#endif
263struct ifnet ifp; 264struct mbuf m; 265struct sockaddr *s;	134 struct ifnet ifp; 135* struct mbuf m; 136* struct sockaddr *s;
266{ 267 return 0; 268} 269 270	137{ 138 return 0; 139} 140 141
	142static int
271#if defined(__sgi) && (IRIX < 60500)	143#if defined(__sgi) && (IRIX < 60500)
272static int write_output(ifp, m, s)	144write_output(ifp, m, s)
273#else 274# if TRU64 >= 1885	145#else 146# if TRU64 >= 1885
275static int write_output (ifp, m, s, rt, cp) 276char *cp;	147write_output (ifp, m, s, rt, cp) 148 char *cp;
277# else	149# else
278static int write_output(ifp, m, s, rt)	150write_output(ifp, m, s, rt)
279# endif	151# endif
280struct rtentry *rt;	152 struct rtentry *rt;
281#endif	153#endif
282struct ifnet ifp; 283struct mbuf m; 284struct sockaddr *s;	154 struct ifnet ifp; 155* struct mbuf m; 156* struct sockaddr *s;
285{ 286 char fname[32]; 287 mb_t mb; 288* ip_t ip; 289* int fd; 290 291 mb = (mb_t )m; 292* ip = MTOD(mb, ip_t ); --- 11 unchanged lines hidden* (view full) --- 304 return -1; 305 } 306 write(fd, (char )ip, ntohs(ip->ip_len)); 307* close(fd); 308 return 0; 309} 310 311	157{ 158 char fname[32]; 159 mb_t mb; 160* ip_t ip; 161* int fd; 162 163 mb = (mb_t )m; 164* ip = MTOD(mb, ip_t ); --- 11 unchanged lines hidden* (view full) --- 176 return -1; 177 } 178 write(fd, (char )ip, ntohs(ip->ip_len)); 179* close(fd); 180 return 0; 181} 182 183
312static void fr_setifpaddr(ifp, addr) 313struct ifnet ifp; 314char addr;	184static void 185ipf_setifpaddr(ifp, addr) 186 struct ifnet ifp; 187* char *addr;
315{ 316#ifdef __sgi 317 struct in_ifaddr ifa; 318#else 319* struct ifaddr ifa; 320#endif 321* 322#if defined(__NetBSD__) \|\| defined(__OpenBSD__) \|\| defined(__FreeBSD__) --- 21 unchanged lines hidden (view full) --- 344 if (ifa != NULL) { 345 struct sockaddr_in sin; 346* 347#ifdef __sgi 348 sin = (struct sockaddr_in )&ifa->ia_addr; 349#else 350* sin = (struct sockaddr_in )&ifa->ifa_addr; 351*#endif	188{ 189#ifdef __sgi 190 struct in_ifaddr ifa; 191#else 192* struct ifaddr ifa; 193#endif 194* 195#if defined(__NetBSD__) \|\| defined(__OpenBSD__) \|\| defined(__FreeBSD__) --- 21 unchanged lines hidden (view full) --- 217 if (ifa != NULL) { 218 struct sockaddr_in sin; 219* 220#ifdef __sgi 221 sin = (struct sockaddr_in )&ifa->ia_addr; 222#else 223* sin = (struct sockaddr_in )&ifa->ifa_addr; 224*#endif
352 sin->sin_addr.s_addr = inet_addr(addr); 353 if (sin->sin_addr.s_addr == 0) 354 abort();	225#ifdef USE_INET6 226 if (index(addr, ':') != NULL) { 227 struct sockaddr_in6 sin6; 228* 229 sin6 = (struct sockaddr_in6 )&ifa->ifa_addr; 230* sin6->sin6_family = AF_INET6; 231 inet_pton(AF_INET6, addr, &sin6->sin6_addr); 232 } else 233#endif 234 { 235 sin->sin_family = AF_INET; 236 sin->sin_addr.s_addr = inet_addr(addr); 237 if (sin->sin_addr.s_addr == 0) 238 abort(); 239 }
355 } 356} 357	240 } 241} 242
358struct ifnet get_unit(name, v) 359char name; 360int v;	243struct ifnet * 244get_unit(name, family) 245 char name; 246* int family;
361{ 362 struct ifnet ifp, ifpp, old_ifneta; 363* char addr; 364#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) \|\| \ 365* (defined(OpenBSD) && (OpenBSD >= 199603)) \|\| defined(linux) \|\| \ 366 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 367	247{ 248 struct ifnet ifp, ifpp, old_ifneta; 249* char addr; 250#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) \|\| \ 251* (defined(OpenBSD) && (OpenBSD >= 199603)) \|\| defined(linux) \|\| \ 252 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 253
	254 if (!name) 255* return NULL; 256
368 if (name == NULL) 369 name = "anon0"; 370 371 addr = strchr(name, '='); 372 if (addr != NULL) 373 addr++ = '\0'; 374* 375 for (ifpp = ifneta; ifpp && (ifp = ifpp); ifpp++) { 376* if (!strcmp(name, ifp->if_xname)) { 377 if (addr != NULL)	257 if (name == NULL) 258 name = "anon0"; 259 260 addr = strchr(name, '='); 261 if (addr != NULL) 262 addr++ = '\0'; 263* 264 for (ifpp = ifneta; ifpp && (ifp = ifpp); ifpp++) { 265* if (!strcmp(name, ifp->if_xname)) { 266 if (addr != NULL)
378 fr_setifpaddr(ifp, addr);	267 ipf_setifpaddr(ifp, addr);
379 return ifp; 380 } 381 } 382#else 383 char s, ifname[LIFNAMSIZ+1]; 384* 385 if (name == NULL) 386 name = "anon0"; 387 388 addr = strchr(name, '='); 389 if (addr != NULL) 390 addr++ = '\0'; 391* 392 for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {	268 return ifp; 269 } 270 } 271#else 272 char s, ifname[LIFNAMSIZ+1]; 273* 274 if (name == NULL) 275 name = "anon0"; 276 277 addr = strchr(name, '='); 278 if (addr != NULL) 279 addr++ = '\0'; 280* 281 for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
393 COPYIFNAME(v, ifp, ifname);	282 COPYIFNAME(family, ifp, ifname);
394 if (!strcmp(name, ifname)) { 395 if (addr != NULL)	283 if (!strcmp(name, ifname)) { 284 if (addr != NULL)
396 fr_setifpaddr(ifp, addr);	285 ipf_setifpaddr(ifp, addr);
397 return ifp; 398 } 399 } 400#endif 401 402 if (!ifneta) { 403 ifneta = (struct ifnet *)malloc(sizeof(ifp) 2); 404 if (!ifneta) --- 27 unchanged lines hidden (view full) --- 432#if defined(__NetBSD__) \|\| defined(__OpenBSD__) \|\| defined(__FreeBSD__) 433 TAILQ_INIT(&ifp->if_addrlist); 434#endif 435#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) \|\| \ 436 (defined(OpenBSD) && (OpenBSD >= 199603)) \|\| defined(linux) \|\| \ 437 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 438 (void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname)); 439#else	286 return ifp; 287 } 288 } 289#endif 290 291 if (!ifneta) { 292 ifneta = (struct ifnet *)malloc(sizeof(ifp) 2); 293 if (!ifneta) --- 27 unchanged lines hidden (view full) --- 321#if defined(__NetBSD__) \|\| defined(__OpenBSD__) \|\| defined(__FreeBSD__) 322 TAILQ_INIT(&ifp->if_addrlist); 323#endif 324#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) \|\| \ 325 (defined(OpenBSD) && (OpenBSD >= 199603)) \|\| defined(linux) \|\| \ 326 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 327 (void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname)); 328#else
440 for (s = name; s && !ISDIGIT(s); s++) 441 ; 442 if (s && ISDIGIT(s)) {	329 s = name + strlen(name) - 1; 330 for (; s > name; s--) { 331 if (!ISDIGIT(s)) { 332* s++; 333 break; 334 } 335 } 336 337 if ((s > name) && (s != 0) && ISDIGIT(s)) {
443 ifp->if_unit = atoi(s); 444 ifp->if_name = (char )malloc(s - name + 1); 445* (void) strncpy(ifp->if_name, name, s - name); 446 ifp->if_name[s - name] = '\0'; 447 } else { 448 ifp->if_name = strdup(name); 449 ifp->if_unit = -1; 450 } 451#endif 452 ifp->if_output = (void )no_output; 453* 454 if (addr != NULL) {	338 ifp->if_unit = atoi(s); 339 ifp->if_name = (char )malloc(s - name + 1); 340* (void) strncpy(ifp->if_name, name, s - name); 341 ifp->if_name[s - name] = '\0'; 342 } else { 343 ifp->if_name = strdup(name); 344 ifp->if_unit = -1; 345 } 346#endif 347 ifp->if_output = (void )no_output; 348* 349 if (addr != NULL) {
455 fr_setifpaddr(ifp, addr);	350 ipf_setifpaddr(ifp, addr);
456 } 457 458 return ifp; 459} 460 461	351 } 352 353 return ifp; 354} 355 356
462char get_ifname(ifp) 463struct ifnet ifp;	357char * 358get_ifname(ifp) 359 struct ifnet *ifp;
464{ 465 static char ifname[LIFNAMSIZ]; 466 467#if defined(__OpenBSD__) \|\| defined(__NetBSD__) \|\| defined(linux) \|\| \ 468 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 469 sprintf(ifname, "%s", ifp->if_xname); 470#else	360{ 361 static char ifname[LIFNAMSIZ]; 362 363#if defined(__OpenBSD__) \|\| defined(__NetBSD__) \|\| defined(linux) \|\| \ 364 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 365 sprintf(ifname, "%s", ifp->if_xname); 366#else
471 sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);	367 if (ifp->if_unit != -1) 368 sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit); 369 else 370 strcpy(ifname, ifp->if_name);
472#endif 473 return ifname; 474} 475 476 477	371#endif 372 return ifname; 373} 374 375 376
478void init_ifp()	377void 378init_ifp()
479{ 480 struct ifnet ifp, ifpp; 481* char fname[32]; 482 int fd; 483 484#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) \|\| \ 485 (defined(OpenBSD) && (OpenBSD >= 199603)) \|\| defined(linux) \|\| \ 486 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) --- 4 unchanged lines hidden (view full) --- 491 if (fd == -1) 492 perror("open"); 493 else 494 close(fd); 495 } 496#else 497 498 for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {	379{ 380 struct ifnet ifp, ifpp; 381* char fname[32]; 382 int fd; 383 384#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) \|\| \ 385 (defined(OpenBSD) && (OpenBSD >= 199603)) \|\| defined(linux) \|\| \ 386 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) --- 4 unchanged lines hidden (view full) --- 391 if (fd == -1) 392 perror("open"); 393 else 394 close(fd); 395 } 396#else 397 398 for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) {
499 ifp->if_output = write_output;	399 ifp->if_output = (void *)write_output;
500 sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit); 501 fd = open(fname, O_WRONLY\|O_CREAT\|O_EXCL\|O_TRUNC, 0600); 502 if (fd == -1) 503 perror("open"); 504 else 505 close(fd); 506 } 507#endif 508} 509 510	400 sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit); 401 fd = open(fname, O_WRONLY\|O_CREAT\|O_EXCL\|O_TRUNC, 0600); 402 if (fd == -1) 403 perror("open"); 404 else 405 close(fd); 406 } 407#endif 408} 409 410
511int fr_fastroute(m, mpp, fin, fdp) 512mb_t m, mpp; 513fr_info_t fin; 514frdest_t *fdp;	411int 412ipf_fastroute(m, mpp, fin, fdp) 413 mb_t m, mpp; 414* fr_info_t fin; 415* frdest_t *fdp;
515{	416{
516 struct ifnet *ifp = fdp->fd_ifp;	417 struct ifnet *ifp;
517 ip_t *ip = fin->fin_ip;	418 ip_t *ip = fin->fin_ip;
	419 frdest_t node;
518 int error = 0; 519 frentry_t fr; 520* void *sifp;	420 int error = 0; 421 frentry_t fr; 422* void *sifp;
	423 int sout;
521	424
522 if (!ifp) 523 return 0; /* no routing table out here / 524*	425 sifp = fin->fin_ifp; 426 sout = fin->fin_out;
525 fr = fin->fin_fr; 526 ip->ip_sum = 0; 527	427 fr = fin->fin_fr; 428 ip->ip_sum = 0; 429
	430 if (!(fr->fr_flags & FR_KEEPSTATE) && (fdp != NULL) && 431 (fdp->fd_type == FRD_DSTLIST)) { 432 bzero(&node, sizeof(node)); 433 ipf_dstlist_select_node(fin, fdp->fd_ptr, NULL, &node); 434 fdp = &node; 435 } 436 ifp = fdp->fd_ptr; 437 438 if (ifp == NULL) 439 return 0; /* no routing table out here / 440*
528 if (fin->fin_out == 0) {	441 if (fin->fin_out == 0) {
529 sifp = fin->fin_ifp;
530 fin->fin_ifp = ifp; 531 fin->fin_out = 1;	442 fin->fin_ifp = ifp; 443 fin->fin_out = 1;
532 (void) fr_acctpkt(fin, NULL);	444 (void) ipf_acctpkt(fin, NULL);
533 fin->fin_fr = NULL; 534 if (!fr \|\| !(fr->fr_flags & FR_RETMASK)) { 535 u_32_t pass; 536	445 fin->fin_fr = NULL; 446 if (!fr \|\| !(fr->fr_flags & FR_RETMASK)) { 447 u_32_t pass; 448
537 (void) fr_checkstate(fin, &pass);	449 (void) ipf_state_check(fin, &pass);
538 } 539	450 } 451
540 switch (fr_checknatout(fin, NULL))	452 switch (ipf_nat_checkout(fin, NULL))
541 { 542 case 0 : 543 break; 544 case 1 : 545 ip->ip_sum = 0; 546 break; 547 case -1 : 548 error = -1; 549 goto done; 550 break; 551 } 552	453 { 454 case 0 : 455 break; 456 case 1 : 457 ip->ip_sum = 0; 458 break; 459 case -1 : 460 error = -1; 461 goto done; 462 break; 463 } 464
553 fin->fin_ifp = sifp; 554 fin->fin_out = 0;
555 } 556	465 } 466
	467 m->mb_ifp = ifp; 468 printpacket(fin->fin_out, m); 469
557#if defined(__sgi) && (IRIX < 60500) 558 (ifp->if_output)(ifp, (void )ip, NULL); 559# if TRU64 >= 1885 560 (ifp->if_output)(ifp, (void )m, NULL, 0, 0); 561# else 562 (ifp->if_output)(ifp, (void )m, NULL, 0); 563# endif 564#endif 565done:	470#if defined(__sgi) && (IRIX < 60500) 471 (ifp->if_output)(ifp, (void )ip, NULL); 472# if TRU64 >= 1885 473 (ifp->if_output)(ifp, (void )m, NULL, 0, 0); 474# else 475 (ifp->if_output)(ifp, (void )m, NULL, 0); 476# endif 477#endif 478done:
	479 fin->fin_ifp = sifp; 480 fin->fin_out = sout;
566 return error; 567} 568 569	481 return error; 482} 483 484
570int fr_send_reset(fin) 571fr_info_t *fin;	485int 486ipf_send_reset(fin) 487 fr_info_t *fin;
572{	488{
573 verbose("- TCP RST sent\n");	489 ipfkverbose("- TCP RST sent\n");
574 return 0; 575} 576 577	490 return 0; 491} 492 493
578int fr_send_icmp_err(type, fin, dst) 579int type; 580fr_info_t fin; 581*int dst;	494int 495ipf_send_icmp_err(type, fin, dst) 496 int type; 497 fr_info_t fin; 498* int dst;
582{	499{
583 verbose("- ICMP unreachable sent\n");	500 ipfkverbose("- ICMP unreachable sent\n");
584 return 0; 585} 586 587	501 return 0; 502} 503 504
588void frsync(ifp) 589void *ifp;	505void 506m_freem(m) 507 mb_t *m;
590{ 591 return; 592} 593 594	508{ 509 return; 510} 511 512
595void m_freem(m) 596mb_t *m;	513void 514m_copydata(m, off, len, cp) 515 mb_t m; 516* int off, len; 517 caddr_t cp;
597{	518{
598 return; 599} 600 601 602void m_copydata(m, off, len, cp) 603mb_t m; 604int off, len; 605caddr_t cp; 606*{
607 bcopy((char )m + off, cp, len); 608} 609* 610	519 bcopy((char )m + off, cp, len); 520} 521* 522
611int ipfuiomove(buf, len, rwflag, uio) 612caddr_t buf; 613int len, rwflag; 614struct uio *uio;	523int 524ipfuiomove(buf, len, rwflag, uio) 525 caddr_t buf; 526 int len, rwflag; 527 struct uio *uio;
615{ 616 int left, ioc, num, offset; 617 struct iovec io; 618* char start; 619* 620 if (rwflag == UIO_READ) { 621 left = len; 622 ioc = 0; --- 20 unchanged lines hidden (view full) --- 643 } 644 if (left > 0) 645 return EFAULT; 646 } 647 return 0; 648} 649 650	528{ 529 int left, ioc, num, offset; 530 struct iovec io; 531* char start; 532* 533 if (rwflag == UIO_READ) { 534 left = len; 535 ioc = 0; --- 20 unchanged lines hidden (view full) --- 556 } 557 if (left > 0) 558 return EFAULT; 559 } 560 return 0; 561} 562 563
651u_32_t fr_newisn(fin) 652fr_info_t *fin;	564u_32_t 565ipf_newisn(fin) 566 fr_info_t *fin;
653{ 654 static int iss_seq_off = 0; 655 u_char hash[16]; 656 u_32_t newiss; 657 MD5_CTX ctx; 658 659 /* 660 * Compute the base value of the ISS. It is a hash --- 22 unchanged lines hidden (view full) --- 683 / 684* iss_seq_off += 0x00010000; 685 newiss += iss_seq_off; 686 return newiss; 687} 688 689 690/* ------------------------------------------------------------------------ */	567{ 568 static int iss_seq_off = 0; 569 u_char hash[16]; 570 u_32_t newiss; 571 MD5_CTX ctx; 572 573 /* 574 * Compute the base value of the ISS. It is a hash --- 22 unchanged lines hidden (view full) --- 597 / 598* iss_seq_off += 0x00010000; 599 newiss += iss_seq_off; 600 return newiss; 601} 602 603 604/* ------------------------------------------------------------------------ */
691/* Function: fr_nextipid */	605/* Function: ipf_nextipid */
692/* Returns: int - 0 == success, -1 == error (packet should be droppped) / 693/ Parameters: fin(I) - pointer to packet information / 694/ / 695/ Returns the next IPv4 ID to use for this packet. / 696/ ------------------------------------------------------------------------ */	606/* Returns: int - 0 == success, -1 == error (packet should be droppped) / 607/ Parameters: fin(I) - pointer to packet information / 608/ / 609/ Returns the next IPv4 ID to use for this packet. / 610/ ------------------------------------------------------------------------ */
697INLINE u_short fr_nextipid(fin) 698fr_info_t *fin;	611INLINE u_short 612ipf_nextipid(fin) 613 fr_info_t *fin;
699{ 700 static u_short ipid = 0;	614{ 615 static u_short ipid = 0;
	616 ipf_main_softc_t *softc = fin->fin_main_soft;
701 u_short id; 702	617 u_short id; 618
703 MUTEX_ENTER(&ipf_rw); 704 id = ipid++; 705 MUTEX_EXIT(&ipf_rw);	619 MUTEX_ENTER(&softc->ipf_rw); 620 if (fin->fin_pktnum != 0) { 621 /* 622 * The -1 is for aligned test results. 623 / 624* id = (fin->fin_pktnum - 1) & 0xffff; 625 } else { 626 } 627 id = ipid++; 628 MUTEX_EXIT(&softc->ipf_rw);
706 707 return id; 708} 709 710	629 630 return id; 631} 632 633
711INLINE void fr_checkv4sum(fin) 712fr_info_t *fin;	634INLINE int 635ipf_checkv4sum(fin) 636 fr_info_t *fin;
713{	637{
714 if (fr_checkl4sum(fin) == -1)	638 639 if (fin->fin_flx & FI_SHORT) 640 return 1; 641 642 if (ipf_checkl4sum(fin) == -1) {
715 fin->fin_flx \|= FI_BAD;	643 fin->fin_flx \|= FI_BAD;
	644 return -1; 645 } 646 return 0;
716} 717 718 719#ifdef USE_INET6	647} 648 649 650#ifdef USE_INET6
720INLINE void fr_checkv6sum(fin) 721fr_info_t *fin;	651INLINE int 652ipf_checkv6sum(fin) 653 fr_info_t *fin;
722{	654{
723 if (fr_checkl4sum(fin) == -1)	655 if (fin->fin_flx & FI_SHORT) 656 return 1; 657 658 if (ipf_checkl4sum(fin) == -1) {
724 fin->fin_flx \|= FI_BAD;	659 fin->fin_flx \|= FI_BAD;
	660 return -1; 661 } 662 return 0;
725} 726#endif 727 728	663} 664#endif 665 666
	667#if 0
729/* 730 * See above for description, except that all addressing is in user space. 731 */	668/* 669 * See above for description, except that all addressing is in user space. 670 */
732int copyoutptr(src, dst, size) 733void src, dst; 734size_t size;	671int 672copyoutptr(softc, src, dst, size) 673 void src, dst; 674 size_t size;
735{ 736 caddr_t ca; 737 738 bcopy(dst, (char )&ca, sizeof(ca)); 739* bcopy(src, ca, size); 740 return 0; 741} 742 743 744/* 745 * See above for description, except that all addressing is in user space. 746 */	675{ 676 caddr_t ca; 677 678 bcopy(dst, (char )&ca, sizeof(ca)); 679* bcopy(src, ca, size); 680 return 0; 681} 682 683 684/* 685 * See above for description, except that all addressing is in user space. 686 */
747int copyinptr(src, dst, size) 748void src, dst; 749size_t size;	687int 688copyinptr(src, dst, size) 689 void src, dst; 690 size_t size;
750{ 751 caddr_t ca; 752 753 bcopy(src, (char )&ca, sizeof(ca)); 754* bcopy(ca, dst, size); 755 return 0; 756}	691{ 692 caddr_t ca; 693 694 bcopy(src, (char )&ca, sizeof(ca)); 695* bcopy(ca, dst, size); 696 return 0; 697}
	698#endif
757 758 759/* 760 * return the first IP Address associated with an interface 761 */	699 700 701/* 702 * return the first IP Address associated with an interface 703 */
762int fr_ifpaddr(v, atype, ifptr, inp, inpmask) 763int v, atype; 764void ifptr; 765struct in_addr inp, *inpmask;	704int 705ipf_ifpaddr(softc, v, atype, ifptr, inp, inpmask) 706 ipf_main_softc_t softc; 707* int v, atype; 708 void ifptr; 709* i6addr_t inp, inpmask;
766{ 767 struct ifnet ifp = ifptr; 768#ifdef __sgi 769* struct in_ifaddr ifa; 770#else 771* struct ifaddr ifa; 772#endif 773* 774#if defined(__NetBSD__) \|\| defined(__OpenBSD__) \|\| defined(__FreeBSD__) 775 ifa = ifp->if_addrlist.tqh_first; 776#else 777# ifdef __sgi 778 ifa = (struct in_ifaddr )ifp->in_ifaddr; 779# else 780* ifa = ifp->if_addrlist; 781# endif 782#endif 783 if (ifa != NULL) {	710{ 711 struct ifnet ifp = ifptr; 712#ifdef __sgi 713* struct in_ifaddr ifa; 714#else 715* struct ifaddr ifa; 716#endif 717* 718#if defined(__NetBSD__) \|\| defined(__OpenBSD__) \|\| defined(__FreeBSD__) 719 ifa = ifp->if_addrlist.tqh_first; 720#else 721# ifdef __sgi 722 ifa = (struct in_ifaddr )ifp->in_ifaddr; 723# else 724* ifa = ifp->if_addrlist; 725# endif 726#endif 727 if (ifa != NULL) {
784 struct sockaddr_in *sin, mask;	728 if (v == 4) { 729 struct sockaddr_in *sin, mask;
785	730
786 mask.sin_addr.s_addr = 0xffffffff;	731 mask.sin_addr.s_addr = 0xffffffff;
787 788#ifdef __sgi	732 733#ifdef __sgi
789 sin = (struct sockaddr_in *)&ifa->ia_addr;	734 sin = (struct sockaddr_in *)&ifa->ia_addr;
790#else	735#else
791 sin = (struct sockaddr_in *)&ifa->ifa_addr;	736 sin = (struct sockaddr_in *)&ifa->ifa_addr;
792#endif 793	737#endif 738
794 return fr_ifpfillv4addr(atype, sin, &mask, inp, inpmask);	739 return ipf_ifpfillv4addr(atype, sin, &mask, 740 &inp->in4, &inpmask->in4); 741 } 742#ifdef USE_INET6 743 if (v == 6) { 744 struct sockaddr_in6 sin6, mask; 745* 746 sin6 = (struct sockaddr_in6 )&ifa->ifa_addr; 747* ((i6addr_t )&mask.sin6_addr)->i6[0] = 0xffffffff; 748* ((i6addr_t )&mask.sin6_addr)->i6[1] = 0xffffffff; 749* ((i6addr_t )&mask.sin6_addr)->i6[2] = 0xffffffff; 750* ((i6addr_t )&mask.sin6_addr)->i6[3] = 0xffffffff; 751* return ipf_ifpfillv6addr(atype, sin6, &mask, 752 inp, inpmask); 753 } 754#endif
795 } 796 return 0; 797} 798 799	755 } 756 return 0; 757} 758 759
800int ipfsync()	760/* 761 * This function is not meant to be random, rather just produce a 762 * sequence of numbers that isn't linear to show "randomness". 763 / 764u_32_t 765*ipf_random()
801{	766{
	767 static unsigned int last = 0xa5a5a5a5; 768 static int calls = 0; 769 int number; 770 771 calls++; 772 773 /* 774 * These are deliberately chosen to ensure that there is some 775 * attempt to test whether the output covers the range in test n18. 776 / 777* switch (calls) 778 { 779 case 1 : 780 number = 0; 781 break; 782 case 2 : 783 number = 4; 784 break; 785 case 3 : 786 number = 3999; 787 break; 788 case 4 : 789 number = 4000; 790 break; 791 case 5 : 792 number = 48999; 793 break; 794 case 6 : 795 number = 49000; 796 break; 797 default : 798 number = last; 799 last = calls; 800* last++; 801 number ^= last; 802 break; 803 } 804 return number; 805} 806 807 808int 809ipf_verifysrc(fin) 810 fr_info_t fin; 811{ 812* return 1; 813} 814 815 816int 817ipf_inject(fin, m) 818 fr_info_t fin; 819* mb_t m; 820{ 821* FREE_MB_T(m); 822
802 return 0; 803} 804 805	823 return 0; 824} 825 826
806#ifndef ipf_random 807u_32_t ipf_random()	827u_int 828ipf_pcksum(fin, hlen, sum) 829 fr_info_t fin; 830* int hlen; 831 u_int sum;
808{	832{
809 static int seeded = 0;	833 u_short sp; 834* u_int sum2; 835 int slen;
810	836
	837 slen = fin->fin_plen - hlen; 838 sp = (u_short )((u_char )fin->fin_ip + hlen); 839 840 for (; slen > 1; slen -= 2) 841 sum += sp++; 842* if (slen) 843 sum += ntohs((u_char )sp << 8); 844 while (sum > 0xffff) 845 sum = (sum & 0xffff) + (sum >> 16); 846 sum2 = (u_short)(~sum & 0xffff); 847 848 return sum2; 849} 850 851 852void * 853ipf_pullup(m, fin, plen) 854 mb_t m; 855* fr_info_t fin; 856* int plen; 857{ 858 if (M_LEN(m) >= plen) 859 return fin->fin_ip; 860
811 /*	861 /*
812 * Choose a non-random seed so that "randomness" can be "tested."	862 * Fake ipf_pullup failing
813 */	863 */
814 if (seeded == 0) { 815 srand(0); 816 seeded = 1; 817 } 818 return rand();	864 fin->fin_reason = FRB_PULLUP; 865 fin->fin_mp = NULL; 866* fin->fin_m = NULL; 867 fin->fin_ip = NULL; 868 return NULL;
819}	869}
820#endif