Cross Reference: /freebsd-10.0-release/sys/contrib/ipfilter/netinet/ip

Deleted Added

sdiff udiff text old ( 139255 ) new ( 145522 )

full compact

ip_proxy.c (139255)	ip_proxy.c (145522)
	1/* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.c 145522 2005-04-25 18:43:14Z darrenr $ */ 2
1/*	3/*
2 * Copyright (C) 1997-2002 by Darren Reed.	4 * Copyright (C) 1997-2003 by Darren Reed.
3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 */	5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 */
6 7#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) 8# define _KERNEL	8#if defined(KERNEL) \|\| defined(_KERNEL) 9# undef KERNEL 10# undef _KERNEL 11# define KERNEL 1 12# define _KERNEL 1
9#endif	13#endif
10 11#if defined(__sgi) && (IRIX > 602) 12# include <sys/ptimers.h> 13#endif
14#include <sys/errno.h> 15#include <sys/types.h> 16#include <sys/param.h> 17#include <sys/time.h> 18#include <sys/file.h>	14#include <sys/errno.h> 15#include <sys/types.h> 16#include <sys/param.h> 17#include <sys/time.h> 18#include <sys/file.h>
19#if !defined(__FreeBSD_version) 20# include <sys/ioctl.h> 21#endif
22#include <sys/fcntl.h>	19#include <sys/fcntl.h>
23#if !defined(_KERNEL) && !defined(KERNEL)	20#if !defined(_KERNEL) && !defined(__KERNEL__)
24# include <stdio.h> 25# include <string.h> 26# include <stdlib.h>	21# include <stdio.h> 22# include <string.h> 23# include <stdlib.h>
	24# include <ctype.h> 25# define _KERNEL 26# ifdef __OpenBSD__ 27struct file; 28# endif 29# include <sys/uio.h> 30# undef _KERNEL
27#endif	31#endif
28#ifndef linux	32#if !defined(linux)
29# include <sys/protosw.h> 30#endif 31#include <sys/socket.h> 32#if defined(_KERNEL)	33# include <sys/protosw.h> 34#endif 35#include <sys/socket.h> 36#if defined(_KERNEL)
33# if !defined(linux) 34# include <sys/systm.h> 35# else 36# include <linux/string.h>	37# if !defined(__NetBSD__) && !defined(sun) && !defined(__osf__) && \ 38 !defined(__OpenBSD__) && !defined(__hpux) && !defined(__sgi) 39# include <sys/ctype.h>
37# endif	40# endif
38#endif 39#if !defined(__SVR4) && !defined(__svr4__) 40# ifndef linux	41# include <sys/systm.h> 42# if !defined(__SVR4) && !defined(__svr4__)
41# include <sys/mbuf.h> 42# endif	43# include <sys/mbuf.h> 44# endif
	45#endif 46#if defined(_KERNEL) && (__FreeBSD_version >= 220000) 47# include <sys/filio.h> 48# include <sys/fcntl.h> 49# if (__FreeBSD_version >= 300000) && !defined(IPFILTER_LKM) 50# include "opt_ipfilter.h" 51# endif
43#else	52#else
	53# include <sys/ioctl.h> 54#endif 55#if defined(__SVR4) \|\| defined(__svr4__)
44# include <sys/byteorder.h> 45# ifdef _KERNEL 46# include <sys/dditypes.h> 47# endif 48# include <sys/stream.h> 49# include <sys/kmem.h> 50#endif 51#if __FreeBSD__ > 2 --- 18 unchanged lines hidden (view full) --- 70#include "netinet/ip_fil.h" 71#include "netinet/ip_nat.h" 72#include "netinet/ip_state.h" 73#include "netinet/ip_proxy.h" 74#if (__FreeBSD_version >= 300000) 75# include <sys/malloc.h> 76#endif 77	56# include <sys/byteorder.h> 57# ifdef _KERNEL 58# include <sys/dditypes.h> 59# endif 60# include <sys/stream.h> 61# include <sys/kmem.h> 62#endif 63#if __FreeBSD__ > 2 --- 18 unchanged lines hidden (view full) --- 82#include "netinet/ip_fil.h" 83#include "netinet/ip_nat.h" 84#include "netinet/ip_state.h" 85#include "netinet/ip_proxy.h" 86#if (__FreeBSD_version >= 300000) 87# include <sys/malloc.h> 88#endif 89
78#if !defined(lint) 79/* static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.6 2001/07/15 22:06:15 darrenr Exp $"; */ 80static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.c 139255 2004-12-24 09:14:26Z darrenr $";	90#include "netinet/ip_ftp_pxy.c" 91#include "netinet/ip_rcmd_pxy.c" 92# include "netinet/ip_pptp_pxy.c" 93#if defined(_KERNEL) 94# include "netinet/ip_irc_pxy.c" 95# include "netinet/ip_raudio_pxy.c" 96# include "netinet/ip_h323_pxy.c" 97# ifdef IPFILTER_PRO 98# include "netinet/ip_msnrpc_pxy.c" 99# endif 100# include "netinet/ip_netbios_pxy.c"
81#endif	101#endif
	102#include "netinet/ip_ipsec_pxy.c" 103#include "netinet/ip_rpcb_pxy.c"
82	104
83#ifdef USE_MUTEX 84extern KRWLOCK_T ipf_nat, ipf_state;	105/* END OF INCLUDES / 106* 107#if !defined(lint) 108static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.62.2.12 2005/03/03 14:28:24 darrenr Exp";
85#endif 86 87static int appr_fixseqack __P((fr_info_t , ip_t , ap_session_t *, int )); 88	109#endif 110 111static int appr_fixseqack __P((fr_info_t , ip_t , ap_session_t , int )); 112*
89 90#define PROXY_DEBUG 0 91
92#define AP_SESS_SIZE 53 93	113#define AP_SESS_SIZE 53 114
94#include "netinet/ip_ftp_pxy.c"
95#if defined(_KERNEL)	115#if defined(_KERNEL)
96#include "netinet/ip_rcmd_pxy.c" 97#include "netinet/ip_raudio_pxy.c" 98#include "netinet/ip_netbios_pxy.c" 99#include "netinet/ip_ipsec_pxy.c"	116int ipf_proxy_debug = 0; 117#else 118int ipf_proxy_debug = 2;
100#endif	119#endif
101
102ap_session_t ap_sess_tab[AP_SESS_SIZE]; 103ap_session_t ap_sess_list = NULL; 104aproxy_t ap_proxylist = NULL; 105aproxy_t ap_proxies[] = { 106*#ifdef IPF_FTP_PROXY	120ap_session_t ap_sess_tab[AP_SESS_SIZE]; 121ap_session_t ap_sess_list = NULL; 122aproxy_t ap_proxylist = NULL; 123aproxy_t ap_proxies[] = { 124*#ifdef IPF_FTP_PROXY
107 { NULL, "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL,	125 { NULL, "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, ippr_ftp_fini,
108 ippr_ftp_new, NULL, ippr_ftp_in, ippr_ftp_out, NULL }, 109#endif	126 ippr_ftp_new, NULL, ippr_ftp_in, ippr_ftp_out, NULL }, 127#endif
	128#ifdef IPF_IRC_PROXY 129 { NULL, "irc", (char)IPPROTO_TCP, 0, 0, ippr_irc_init, ippr_irc_fini, 130 ippr_irc_new, NULL, NULL, ippr_irc_out, NULL, NULL }, 131#endif
110#ifdef IPF_RCMD_PROXY	132#ifdef IPF_RCMD_PROXY
111 { NULL, "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, NULL, 112 ippr_rcmd_new, NULL, NULL, ippr_rcmd_out, NULL },	133 { NULL, "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, ippr_rcmd_fini, 134 ippr_rcmd_new, NULL, ippr_rcmd_in, ippr_rcmd_out, NULL, NULL },
113#endif 114#ifdef IPF_RAUDIO_PROXY	135#endif 136#ifdef IPF_RAUDIO_PROXY
115 { NULL, "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, NULL, 116 ippr_raudio_new, NULL, ippr_raudio_in, ippr_raudio_out, NULL },	137 { NULL, "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, ippr_raudio_fini, 138 ippr_raudio_new, NULL, ippr_raudio_in, ippr_raudio_out, NULL, NULL },
117#endif	139#endif
118#ifdef IPF_IPSEC_PROXY 119 { NULL, "ipsec", (char)IPPROTO_UDP, 0, 0, ippr_ipsec_init, NULL, 120 ippr_ipsec_new, ippr_ipsec_del, NULL, ippr_ipsec_out, 121 ippr_ipsec_match },	140#ifdef IPF_MSNRPC_PROXY 141 { NULL, "msnrpc", (char)IPPROTO_TCP, 0, 0, ippr_msnrpc_init, ippr_msnrpc_fini, 142 ippr_msnrpc_new, NULL, ippr_msnrpc_in, ippr_msnrpc_out, NULL, NULL },
122#endif 123#ifdef IPF_NETBIOS_PROXY	143#endif 144#ifdef IPF_NETBIOS_PROXY
124 { NULL, "netbios", (char)IPPROTO_UDP, 0, 0, ippr_netbios_init, NULL, 125 NULL, NULL, NULL, ippr_netbios_out, NULL },	145 { NULL, "netbios", (char)IPPROTO_UDP, 0, 0, ippr_netbios_init, ippr_netbios_fini, 146 NULL, NULL, NULL, ippr_netbios_out, NULL, NULL },
126#endif	147#endif
	148#ifdef IPF_IPSEC_PROXY 149 { NULL, "ipsec", (char)IPPROTO_UDP, 0, 0, 150 ippr_ipsec_init, ippr_ipsec_fini, ippr_ipsec_new, ippr_ipsec_del, 151 ippr_ipsec_inout, ippr_ipsec_inout, ippr_ipsec_match, NULL }, 152#endif 153#ifdef IPF_PPTP_PROXY 154 { NULL, "pptp", (char)IPPROTO_TCP, 0, 0, 155 ippr_pptp_init, ippr_pptp_fini, ippr_pptp_new, ippr_pptp_del, 156 ippr_pptp_inout, ippr_pptp_inout, NULL, NULL }, 157#endif
127#ifdef IPF_H323_PROXY	158#ifdef IPF_H323_PROXY
128 { NULL, "h323", (char)IPPROTO_TCP, 0, 0, ippr_h323_init, NULL, 129 ippr_h323_new, ippr_h323_del, ippr_h323_in, ippr_h323_out, NULL }, 130 { NULL, "h245", (char)IPPROTO_TCP, 0, 0, ippr_h245_init, NULL, 131 ippr_h245_new, NULL, NULL, ippr_h245_out, NULL }, 132#endif 133 { NULL, "", '\0', 0, 0, NULL, NULL, NULL }	159 { NULL, "h323", (char)IPPROTO_TCP, 0, 0, ippr_h323_init, ippr_h323_fini, 160 ippr_h323_new, ippr_h323_del, ippr_h323_in, NULL, NULL }, 161 { NULL, "h245", (char)IPPROTO_TCP, 0, 0, NULL, NULL, 162 ippr_h245_new, NULL, NULL, ippr_h245_out, NULL }, 163#endif 164#ifdef IPF_RPCB_PROXY 165# if 0 166 { NULL, "rpcbt", (char)IPPROTO_TCP, 0, 0, 167 ippr_rpcb_init, ippr_rpcb_fini, ippr_rpcb_new, ippr_rpcb_del, 168 ippr_rpcb_in, ippr_rpcb_out, NULL, NULL }, 169# endif 170 { NULL, "rpcbu", (char)IPPROTO_UDP, 0, 0, 171 ippr_rpcb_init, ippr_rpcb_fini, ippr_rpcb_new, ippr_rpcb_del, 172 ippr_rpcb_in, ippr_rpcb_out, NULL, NULL }, 173#endif 174 { NULL, "", '\0', 0, 0, NULL, NULL, NULL, NULL }
134}; 135	175}; 176
136
137/* 138 * Dynamically add a new kernel proxy. Ensure that it is unique in the 139 * collection compiled in and dynamically added. 140 / 141int appr_add(ap) 142aproxy_t ap; 143{ 144 aproxy_t a; 145* 146 for (a = ap_proxies; a->apr_p; a++) 147 if ((a->apr_p == ap->apr_p) && 148 !strncmp(a->apr_label, ap->apr_label,	177/* 178 * Dynamically add a new kernel proxy. Ensure that it is unique in the 179 * collection compiled in and dynamically added. 180 / 181int appr_add(ap) 182aproxy_t ap; 183{ 184 aproxy_t a; 185* 186 for (a = ap_proxies; a->apr_p; a++) 187 if ((a->apr_p == ap->apr_p) && 188 !strncmp(a->apr_label, ap->apr_label,
149 sizeof(ap->apr_label)))	189 sizeof(ap->apr_label))) { 190 if (ipf_proxy_debug > 1) 191 printf("appr_add: %s/%d already present (B)\n", 192 a->apr_label, a->apr_p);
150 return -1;	193 return -1;
	194 }
151	195
152 for (a = ap_proxylist; a && a->apr_p; a = a->apr_next)	196 for (a = ap_proxylist; a->apr_p; a = a->apr_next)
153 if ((a->apr_p == ap->apr_p) && 154 !strncmp(a->apr_label, ap->apr_label,	197 if ((a->apr_p == ap->apr_p) && 198 !strncmp(a->apr_label, ap->apr_label,
155 sizeof(ap->apr_label)))	199 sizeof(ap->apr_label))) { 200 if (ipf_proxy_debug > 1) 201 printf("appr_add: %s/%d already present (D)\n", 202 a->apr_label, a->apr_p);
156 return -1;	203 return -1;
	204 }
157 ap->apr_next = ap_proxylist; 158 ap_proxylist = ap;	205 ap->apr_next = ap_proxylist; 206 ap_proxylist = ap;
159 return (*ap->apr_init)();	207 if (ap->apr_init != NULL) 208 return (ap->apr_init)(); 209* return 0;
160} 161 162 163/*	210} 211 212 213/*
	214 * Check to see if the proxy this control request has come through for 215 * exists, and if it does and it has a control function then invoke that 216 * control function. 217 / 218int appr_ctl(ctl) 219ap_ctl_t ctl; 220{ 221 aproxy_t a; 222* int error; 223 224 a = appr_lookup(ctl->apc_p, ctl->apc_label); 225 if (a == NULL) { 226 if (ipf_proxy_debug > 1) 227 printf("appr_ctl: can't find %s/%d\n", 228 ctl->apc_label, ctl->apc_p); 229 error = ESRCH; 230 } else if (a->apr_ctl == NULL) { 231 if (ipf_proxy_debug > 1) 232 printf("appr_ctl: no ctl function for %s/%d\n", 233 ctl->apc_label, ctl->apc_p); 234 error = ENXIO; 235 } else { 236 error = (a->apr_ctl)(a, ctl); 237* if ((error != 0) && (ipf_proxy_debug > 1)) 238 printf("appr_ctl: %s/%d ctl error %d\n", 239 a->apr_label, a->apr_p, error); 240 } 241 return error; 242} 243 244 245/*
164 * Delete a proxy that has been added dynamically from those available. 165 * If it is in use, return 1 (do not destroy NOW), not in use 0 or -1 166 * if it cannot be matched. 167 / 168int appr_del(ap) 169aproxy_t ap; 170{ 171 aproxy_t a, app; 172*	246 * Delete a proxy that has been added dynamically from those available. 247 * If it is in use, return 1 (do not destroy NOW), not in use 0 or -1 248 * if it cannot be matched. 249 / 250int appr_del(ap) 251aproxy_t ap; 252{ 253 aproxy_t a, app; 254*
173 for (app = &ap_proxylist; (a = *app); app = &a->apr_next)	255 for (app = &ap_proxylist; ((a = *app) != NULL); app = &a->apr_next)
174 if (a == ap) { 175 a->apr_flags \|= APR_DELETE; 176 *app = a->apr_next;	256 if (a == ap) { 257 a->apr_flags \|= APR_DELETE; 258 *app = a->apr_next;
177 if (ap->apr_ref != 0)	259 if (ap->apr_ref != 0) { 260 if (ipf_proxy_debug > 2) 261 printf("appr_del: orphaning %s/%d\n", 262 ap->apr_label, ap->apr_p);
178 return 1;	263 return 1;
	264 }
179 return 0; 180 }	265 return 0; 266 }
	267 if (ipf_proxy_debug > 1) 268 printf("appr_del: proxy %lx not found\n", (u_long)ap);
181 return -1; 182} 183 184 185/* 186 * Return 1 if the packet is a good match against a proxy, else 0. 187 */	269 return -1; 270} 271 272 273/* 274 * Return 1 if the packet is a good match against a proxy, else 0. 275 */
188int appr_ok(ip, tcp, nat) 189ip_t *ip;	276int appr_ok(fin, tcp, nat) 277fr_info_t *fin;
190tcphdr_t tcp; 191ipnat_t nat; 192{ 193 aproxy_t apr = nat->in_apr; 194* u_short dport = nat->in_dport; 195 196 if ((apr == NULL) \|\| (apr->apr_flags & APR_DELETE) \|\|	278tcphdr_t tcp; 279ipnat_t nat; 280{ 281 aproxy_t apr = nat->in_apr; 282* u_short dport = nat->in_dport; 283 284 if ((apr == NULL) \|\| (apr->apr_flags & APR_DELETE) \|\|
197 (ip->ip_p != apr->apr_p))	285 (fin->fin_p != apr->apr_p))
198 return 0;	286 return 0;
199 if (((tcp != NULL) && (tcp->th_dport != dport)) \|\| (!tcp && dport))	287 if ((tcp == NULL) && dport)
200 return 0; 201 return 1; 202} 203 204	288 return 0; 289 return 1; 290} 291 292
	293int appr_ioctl(data, cmd, mode) 294caddr_t data; 295ioctlcmd_t cmd; 296int mode; 297{ 298 ap_ctl_t ctl; 299 caddr_t ptr; 300 int error; 301 302 mode = mode; /* LINT / 303* 304 switch (cmd) 305 { 306 case SIOCPROXY : 307 BCOPYIN(data, &ctl, sizeof(ctl)); 308 ptr = NULL; 309 310 if (ctl.apc_dsize > 0) { 311 KMALLOCS(ptr, caddr_t, ctl.apc_dsize); 312 if (ptr == NULL) 313 error = ENOMEM; 314 else { 315 error = copyinptr(ctl.apc_data, ptr, 316 ctl.apc_dsize); 317 if (error == 0) 318 ctl.apc_data = ptr; 319 } 320 } else { 321 ctl.apc_data = NULL; 322 error = 0; 323 } 324 325 if (error == 0) 326 error = appr_ctl(&ctl); 327 328 if ((ctl.apc_dsize > 0) && (ptr != NULL) && 329 (ctl.apc_data == ptr)) { 330 KFREES(ptr, ctl.apc_dsize); 331 } 332 break; 333 334 default : 335 error = EINVAL; 336 } 337 return error; 338} 339 340
205/* 206 * If a proxy has a match function, call that to do extended packet 207 * matching. 208 / 209int appr_match(fin, nat) 210fr_info_t fin; 211nat_t nat; 212{ 213* aproxy_t apr; 214* ipnat_t *ipn;	341/* 342 * If a proxy has a match function, call that to do extended packet 343 * matching. 344 / 345int appr_match(fin, nat) 346fr_info_t fin; 347nat_t nat; 348{ 349* aproxy_t apr; 350* ipnat_t *ipn;
	351 int result;
215 216 ipn = nat->nat_ptr;	352 353 ipn = nat->nat_ptr;
217 if (ipn == NULL)	354 if (ipf_proxy_debug > 8) 355 printf("appr_match(%lx,%lx) aps %lx ptr %lx\n", 356 (u_long)fin, (u_long)nat, (u_long)nat->nat_aps, 357 (u_long)ipn); 358 359 if ((fin->fin_flx & (FI_SHORT\|FI_BAD)) != 0) { 360 if (ipf_proxy_debug > 0) 361 printf("appr_match: flx 0x%x (BAD\|SHORT)\n", 362 fin->fin_flx);
218 return -1;	363 return -1;
	364 } 365
219 apr = ipn->in_apr;	366 apr = ipn->in_apr;
220 if ((apr == NULL) \|\| (apr->apr_flags & APR_DELETE) \|\| 221 (nat->nat_aps == NULL))	367 if ((apr == NULL) \|\| (apr->apr_flags & APR_DELETE)) { 368 if (ipf_proxy_debug > 0) 369 printf("appr_match:apr %lx apr_flags 0x%x\n", 370 (u_long)apr, apr ? apr->apr_flags : 0);
222 return -1;	371 return -1;
223 if (apr->apr_match != NULL) 224 if ((*apr->apr_match)(fin, nat->nat_aps, nat) != 0)	372 } 373 374 if (apr->apr_match != NULL) { 375 result = (apr->apr_match)(fin, nat->nat_aps, nat); 376* if (result != 0) { 377 if (ipf_proxy_debug > 4) 378 printf("appr_match: result %d\n", result);
225 return -1;	379 return -1;
	380 } 381 }
226 return 0; 227} 228 229 230/* 231 * Allocate a new application proxy structure and fill it in with the 232 * relevant details. call the init function once complete, prior to 233 * returning. 234 */	382 return 0; 383} 384 385 386/* 387 * Allocate a new application proxy structure and fill it in with the 388 * relevant details. call the init function once complete, prior to 389 * returning. 390 */
235int appr_new(fin, ip, nat)	391int appr_new(fin, nat)
236fr_info_t *fin;	392fr_info_t *fin;
237ip_t *ip;
238nat_t nat; 239{ 240* register ap_session_t aps; 241* aproxy_t apr; 242*	393nat_t nat; 394{ 395* register ap_session_t aps; 396* aproxy_t apr; 397*
243 if ((nat->nat_ptr == NULL) \|\| (nat->nat_aps != NULL))	398 if (ipf_proxy_debug > 8) 399 printf("appr_new(%lx,%lx) \n", (u_long)fin, (u_long)nat); 400 401 if ((nat->nat_ptr == NULL) \|\| (nat->nat_aps != NULL)) { 402 if (ipf_proxy_debug > 0) 403 printf("appr_new: nat_ptr %lx nat_aps %lx\n", 404 (u_long)nat->nat_ptr, (u_long)nat->nat_aps);
244 return -1;	405 return -1;
	406 }
245 246 apr = nat->nat_ptr->in_apr; 247	407 408 apr = nat->nat_ptr->in_apr; 409
248 if (!apr \|\| (apr->apr_flags & APR_DELETE) \|\| (ip->ip_p != apr->apr_p))	410 if ((apr->apr_flags & APR_DELETE) \|\| 411 (fin->fin_p != apr->apr_p)) { 412 if (ipf_proxy_debug > 2) 413 printf("appr_new: apr_flags 0x%x p %d/%d\n", 414 apr->apr_flags, fin->fin_p, apr->apr_p);
249 return -1;	415 return -1;
	416 }
250 251 KMALLOC(aps, ap_session_t *);	417 418 KMALLOC(aps, ap_session_t *);
252 if (!aps)	419 if (!aps) { 420 if (ipf_proxy_debug > 0) 421 printf("appr_new: malloc failed (%lu)\n", 422 (u_long)sizeof(ap_session_t));
253 return -1;	423 return -1;
	424 } 425
254 bzero((char )aps, sizeof(aps));	426 bzero((char )aps, sizeof(aps));
255 aps->aps_p = ip->ip_p;	427 aps->aps_p = fin->fin_p;
256 aps->aps_data = NULL; 257 aps->aps_apr = apr; 258 aps->aps_psiz = 0; 259 if (apr->apr_new != NULL)	428 aps->aps_data = NULL; 429 aps->aps_apr = apr; 430 aps->aps_psiz = 0; 431 if (apr->apr_new != NULL)
260 if ((*apr->apr_new)(fin, ip, aps, nat) == -1) {	432 if ((*apr->apr_new)(fin, aps, nat) == -1) {
261 if ((aps->aps_data != NULL) && (aps->aps_psiz != 0)) { 262 KFREES(aps->aps_data, aps->aps_psiz); 263 } 264 KFREE(aps);	433 if ((aps->aps_data != NULL) && (aps->aps_psiz != 0)) { 434 KFREES(aps->aps_data, aps->aps_psiz); 435 } 436 KFREE(aps);
	437 if (ipf_proxy_debug > 2) 438 printf("appr_new: new(%lx) failed\n", 439 (u_long)apr->apr_new);
265 return -1; 266 } 267 aps->aps_nat = nat; 268 aps->aps_next = ap_sess_list; 269 ap_sess_list = aps; 270 nat->nat_aps = aps; 271 272 return 0; 273} 274 275 276/*	440 return -1; 441 } 442 aps->aps_nat = nat; 443 aps->aps_next = ap_sess_list; 444 ap_sess_list = aps; 445 nat->nat_aps = aps; 446 447 return 0; 448} 449 450 451/*
277 * check to see if a packet should be passed through an active proxy routine 278 * if one has been setup for it.	452 * Check to see if a packet should be passed through an active proxy routine 453 * if one has been setup for it. We don't need to check the checksum here if 454 * IPFILTER_CKSUM is defined because if it is, a failed check causes FI_BAD 455 * to be set.
279 */	456 */
280int appr_check(ip, fin, nat) 281ip_t *ip;	457int appr_check(fin, nat)
282fr_info_t fin; 283nat_t nat; 284{ 285#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6)	458fr_info_t fin; 459nat_t nat; 460{ 461#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6)
286 mb_t *m = fin->fin_qfm;	462# if defined(ICK_VALID) 463 mb_t m; 464*# endif
287 int dosum = 1; 288#endif 289 tcphdr_t *tcp = NULL;	465 int dosum = 1; 466#endif 467 tcphdr_t *tcp = NULL;
	468 udphdr_t *udp = NULL;
290 ap_session_t aps; 291* aproxy_t *apr;	469 ap_session_t aps; 470* aproxy_t *apr;
292 u_32_t sum;	471 ip_t *ip;
293 short rv; 294 int err;	472 short rv; 473 int err;
	474#if !defined(_KERNEL) \|\| defined(MENTAT) \|\| defined(__sgi) 475 u_32_t s1, s2, sd; 476#endif
295	477
296 aps = nat->nat_aps; 297 if ((aps != NULL) && (aps->aps_p == ip->ip_p)) { 298 if (ip->ip_p == IPPROTO_TCP) { 299 tcp = (tcphdr_t )fin->fin_dp; 300* /* 301 * verify that the checksum is correct. If not, then 302 * don't do anything with this packet. 303 / 304#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 305* if (dohwcksum && (m->b_ick_flag == ICK_VALID)) { 306 sum = tcp->th_sum; 307 dosum = 0; 308 } 309 if (dosum) 310 sum = fr_tcpsum(fin->fin_qfm, ip, tcp); 311#else 312 sum = fr_tcpsum((mb_t *)fin->fin_mp, ip, tcp);	478 if (fin->fin_flx & FI_BAD) { 479 if (ipf_proxy_debug > 0) 480 printf("appr_check: flx 0x%x (BAD)\n", fin->fin_flx); 481 return -1; 482 } 483 484#ifndef IPFILTER_CKSUM 485 if ((fin->fin_out == 0) && (fr_checkl4sum(fin) == -1)) { 486 if (ipf_proxy_debug > 0) 487 printf("appr_check: l4 checksum failure %d\n", 488 fin->fin_p); 489 if (fin->fin_p == IPPROTO_TCP) 490 frstats[fin->fin_out].fr_tcpbad++; 491 return -1; 492 }
313#endif	493#endif
314 if (sum != tcp->th_sum) { 315#if PROXY_DEBUG \|\| (!defined(_KERNEL) && !defined(KERNEL)) 316 printf("proxy tcp checksum failure\n"); 317#endif 318 frstats[fin->fin_out].fr_tcpbad++;	494 495 aps = nat->nat_aps; 496 if ((aps != NULL) && (aps->aps_p == fin->fin_p)) { 497 /* 498 * If there is data in this packet to be proxied then try and 499 * get it all into the one buffer, else drop it. 500 / 501#if defined(MENTAT) \|\| defined(HAVE_M_PULLDOWN) 502* if ((fin->fin_dlen > 0) && !(fin->fin_flx & FI_COALESCE)) 503 if (fr_coalesce(fin) == -1) { 504 if (ipf_proxy_debug > 0) 505 printf("appr_check: fr_coalesce failed %x\n", fin->fin_flx);
319 return -1; 320 }	506 return -1; 507 }
	508#endif 509 ip = fin->fin_ip;
321	510
	511 switch (fin->fin_p) 512 { 513 case IPPROTO_TCP : 514 tcp = (tcphdr_t )fin->fin_dp; 515* 516#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) && defined(ICK_VALID) 517 m = fin->fin_qfm; 518 if (dohwcksum && (m->b_ick_flag == ICK_VALID)) 519 dosum = 0; 520#endif
322 /* 323 * Don't bother the proxy with these...or in fact, 324 * should we free up proxy stuff when seen? 325 */	521 /* 522 * Don't bother the proxy with these...or in fact, 523 * should we free up proxy stuff when seen? 524 */
326 if ((tcp->th_flags & TH_RST) != 0) 327 return 0;	525 if ((fin->fin_tcpf & TH_RST) != 0) 526 break; 527 /FALLTHROUGH/ 528 case IPPROTO_UDP : 529 udp = (udphdr_t )fin->fin_dp; 530* break; 531 default : 532 break;
328 } 329 330 apr = aps->aps_apr; 331 err = 0; 332 if (fin->fin_out != 0) { 333 if (apr->apr_outpkt != NULL)	533 } 534 535 apr = aps->aps_apr; 536 err = 0; 537 if (fin->fin_out != 0) { 538 if (apr->apr_outpkt != NULL)
334 err = (*apr->apr_outpkt)(fin, ip, aps, nat);	539 err = (*apr->apr_outpkt)(fin, aps, nat);
335 } else { 336 if (apr->apr_inpkt != NULL)	540 } else { 541 if (apr->apr_inpkt != NULL)
337 err = (*apr->apr_inpkt)(fin, ip, aps, nat);	542 err = (*apr->apr_inpkt)(fin, aps, nat);
338 } 339 340 rv = APR_EXIT(err);	543 } 544 545 rv = APR_EXIT(err);
341 if (rv == 1) { 342#if PROXY_DEBUG \|\| (!defined(_KERNEL) && !defined(KERNEL)) 343 printf("proxy says bad packet received\n"); 344#endif	546 if (((ipf_proxy_debug > 0) && (rv != 0)) \|\| 547 (ipf_proxy_debug > 8)) 548 printf("appr_check: out %d err %x rv %d\n", 549 fin->fin_out, err, rv); 550 if (rv == 1)
345 return -1;	551 return -1;
346 }	552
347 if (rv == 2) {	553 if (rv == 2) {
348#if PROXY_DEBUG \|\| (!defined(_KERNEL) && !defined(KERNEL)) 349 printf("proxy says free app proxy data\n"); 350#endif
351 appr_free(apr); 352 nat->nat_aps = NULL; 353 return -1; 354 } 355	554 appr_free(apr); 555 nat->nat_aps = NULL; 556 return -1; 557 } 558
	559 /* 560 * If err != 0 then the data size of the packet has changed 561 * so we need to recalculate the header checksums for the 562 * packet. 563 / 564#if !defined(_KERNEL) \|\| defined(MENTAT) \|\| defined(__sgi) 565* if (err != 0) { 566 short adjlen = err & 0xffff; 567 568 s1 = LONG_SUM(ip->ip_len - adjlen); 569 s2 = LONG_SUM(ip->ip_len); 570 CALC_SUMD(s1, s2, sd); 571 fix_outcksum(fin, &ip->ip_sum, sd); 572 } 573#endif 574 575 /* 576 * For TCP packets, we may need to adjust the sequence and 577 * acknowledgement numbers to reflect changes in size of the 578 * data stream. 579 * 580 * For both TCP and UDP, recalculate the layer 4 checksum, 581 * regardless, as we can't tell (here) if data has been 582 * changed or not. 583 */
356 if (tcp != NULL) { 357 err = appr_fixseqack(fin, ip, aps, APR_INC(err)); 358#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 359 if (dosum)	584 if (tcp != NULL) { 585 err = appr_fixseqack(fin, ip, aps, APR_INC(err)); 586#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 587 if (dosum)
360 tcp->th_sum = fr_tcpsum(fin->fin_qfm, ip, tcp);	588 tcp->th_sum = fr_cksum(fin->fin_qfm, ip, 589 IPPROTO_TCP, tcp);
361#else	590#else
362 tcp->th_sum = fr_tcpsum((mb_t *)fin->fin_mp, ip, tcp);	591 tcp->th_sum = fr_cksum(fin->fin_m, ip, 592 IPPROTO_TCP, tcp);
363#endif	593#endif
	594 } else if ((udp != NULL) && (udp->uh_sum != 0)) { 595#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 596 if (dosum) 597 udp->uh_sum = fr_cksum(fin->fin_qfm, ip, 598 IPPROTO_UDP, udp); 599#else 600 udp->uh_sum = fr_cksum(fin->fin_m, ip, 601 IPPROTO_UDP, udp); 602#endif
364 }	603 }
365 aps->aps_bytes += ip->ip_len;	604 aps->aps_bytes += fin->fin_plen;
366 aps->aps_pkts++; 367 return 1; 368 } 369 return 0; 370} 371 372 373/* 374 * Search for an proxy by the protocol it is being used with and its name. 375 / 376aproxy_t appr_lookup(pr, name) 377u_int pr; 378char name; 379{ 380* aproxy_t ap; 381*	605 aps->aps_pkts++; 606 return 1; 607 } 608 return 0; 609} 610 611 612/* 613 * Search for an proxy by the protocol it is being used with and its name. 614 / 615aproxy_t appr_lookup(pr, name) 616u_int pr; 617char name; 618{ 619* aproxy_t ap; 620*
	621 if (ipf_proxy_debug > 8) 622 printf("appr_lookup(%d,%s)\n", pr, name); 623
382 for (ap = ap_proxies; ap->apr_p; ap++) 383 if ((ap->apr_p == pr) && 384 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 385 ap->apr_ref++; 386 return ap; 387 } 388 389 for (ap = ap_proxylist; ap; ap = ap->apr_next) 390 if ((ap->apr_p == pr) && 391 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 392 ap->apr_ref++; 393 return ap; 394 }	624 for (ap = ap_proxies; ap->apr_p; ap++) 625 if ((ap->apr_p == pr) && 626 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 627 ap->apr_ref++; 628 return ap; 629 } 630 631 for (ap = ap_proxylist; ap; ap = ap->apr_next) 632 if ((ap->apr_p == pr) && 633 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 634 ap->apr_ref++; 635 return ap; 636 }
	637 if (ipf_proxy_debug > 2) 638 printf("appr_lookup: failed for %d/%s\n", pr, name);
395 return NULL; 396} 397 398 399void appr_free(ap) 400aproxy_t ap; 401{ 402* ap->apr_ref--; --- 4 unchanged lines hidden (view full) --- 407ap_session_t aps; 408{ 409* ap_session_t a, ap; 410* aproxy_t apr; 411* 412 if (!aps) 413 return; 414	639 return NULL; 640} 641 642 643void appr_free(ap) 644aproxy_t ap; 645{ 646* ap->apr_ref--; --- 4 unchanged lines hidden (view full) --- 651ap_session_t aps; 652{ 653* ap_session_t a, ap; 654* aproxy_t apr; 655* 656 if (!aps) 657 return; 658
415 for (ap = &ap_sess_list; (a = *ap); ap = &a->aps_next)	659 for (ap = &ap_sess_list; ((a = *ap) != NULL); ap = &a->aps_next)
416 if (a == aps) { 417 ap = a->aps_next; 418* break; 419 } 420 421 apr = aps->aps_apr; 422 if ((apr != NULL) && (apr->apr_del != NULL)) 423 (apr->apr_del)(aps); --- 19 unchanged lines hidden* (view full) --- 443 short inc2; 444 445 tcp = (tcphdr_t )fin->fin_dp; 446* out = fin->fin_out; 447 /* 448 * ip_len has already been adjusted by 'inc'. 449 / 450* nlen = ip->ip_len;	660 if (a == aps) { 661 ap = a->aps_next; 662* break; 663 } 664 665 apr = aps->aps_apr; 666 if ((apr != NULL) && (apr->apr_del != NULL)) 667 (apr->apr_del)(aps); --- 19 unchanged lines hidden* (view full) --- 687 short inc2; 688 689 tcp = (tcphdr_t )fin->fin_dp; 690* out = fin->fin_out; 691 /* 692 * ip_len has already been adjusted by 'inc'. 693 / 694* nlen = ip->ip_len;
451 nlen -= (ip->ip_hl << 2) + (tcp->th_off << 2);	695 nlen -= (IP_HL(ip) << 2) + (TCP_OFF(tcp) << 2);
452 453 inc2 = inc; 454 inc = (int)inc2; 455 456 if (out != 0) { 457 seq1 = (u_32_t)ntohl(tcp->th_seq); 458 sel = aps->aps_sel[out]; 459 460 /* switch to other set ? / 461* if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 462 (seq1 > aps->aps_seqmin[!sel])) {	696 697 inc2 = inc; 698 inc = (int)inc2; 699 700 if (out != 0) { 701 seq1 = (u_32_t)ntohl(tcp->th_seq); 702 sel = aps->aps_sel[out]; 703 704 /* switch to other set ? / 705* if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 706 (seq1 > aps->aps_seqmin[!sel])) {
463#if PROXY_DEBUG 464 printf("proxy out switch set seq %d -> %d %x > %x\n", 465 sel, !sel, seq1, aps->aps_seqmin[!sel]); 466#endif	707 if (ipf_proxy_debug > 7) 708 printf("proxy out switch set seq %d -> %d %x > %x\n", 709 sel, !sel, seq1, 710 aps->aps_seqmin[!sel]);
467 sel = aps->aps_sel[out] = !sel; 468 } 469 470 if (aps->aps_seqoff[sel]) { 471 seq2 = aps->aps_seqmin[sel] - aps->aps_seqoff[sel]; 472 if (seq1 > seq2) { 473 seq2 = aps->aps_seqoff[sel]; 474 seq1 += seq2; 475 tcp->th_seq = htonl(seq1); 476 ch = 1; 477 } 478 } 479 480 if (inc && (seq1 > aps->aps_seqmin[!sel])) { 481 aps->aps_seqmin[sel] = seq1 + nlen - 1; 482 aps->aps_seqoff[sel] = aps->aps_seqoff[sel] + inc;	711 sel = aps->aps_sel[out] = !sel; 712 } 713 714 if (aps->aps_seqoff[sel]) { 715 seq2 = aps->aps_seqmin[sel] - aps->aps_seqoff[sel]; 716 if (seq1 > seq2) { 717 seq2 = aps->aps_seqoff[sel]; 718 seq1 += seq2; 719 tcp->th_seq = htonl(seq1); 720 ch = 1; 721 } 722 } 723 724 if (inc && (seq1 > aps->aps_seqmin[!sel])) { 725 aps->aps_seqmin[sel] = seq1 + nlen - 1; 726 aps->aps_seqoff[sel] = aps->aps_seqoff[sel] + inc;
483#if PROXY_DEBUG 484 printf("proxy seq set %d at %x to %d + %d\n", sel, 485 aps->aps_seqmin[sel], aps->aps_seqoff[sel], 486 inc); 487#endif	727 if (ipf_proxy_debug > 7) 728 printf("proxy seq set %d at %x to %d + %d\n", 729 sel, aps->aps_seqmin[sel], 730 aps->aps_seqoff[sel], inc);
488 } 489 490 /**/ 491* 492 seq1 = ntohl(tcp->th_ack); 493 sel = aps->aps_sel[1 - out]; 494 495 /* switch to other set ? / 496* if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 497 (seq1 > aps->aps_ackmin[!sel])) {	731 } 732 733 /**/ 734* 735 seq1 = ntohl(tcp->th_ack); 736 sel = aps->aps_sel[1 - out]; 737 738 /* switch to other set ? / 739* if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 740 (seq1 > aps->aps_ackmin[!sel])) {
498#if PROXY_DEBUG 499 printf("proxy out switch set ack %d -> %d %x > %x\n", 500 sel, !sel, seq1, aps->aps_ackmin[!sel]); 501#endif	741 if (ipf_proxy_debug > 7) 742 printf("proxy out switch set ack %d -> %d %x > %x\n", 743 sel, !sel, seq1, 744 aps->aps_ackmin[!sel]);
502 sel = aps->aps_sel[1 - out] = !sel; 503 } 504 505 if (aps->aps_ackoff[sel] && (seq1 > aps->aps_ackmin[sel])) { 506 seq2 = aps->aps_ackoff[sel]; 507 tcp->th_ack = htonl(seq1 - seq2); 508 ch = 1; 509 } 510 } else { 511 seq1 = ntohl(tcp->th_seq); 512 sel = aps->aps_sel[out]; 513 514 /* switch to other set ? / 515* if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 516 (seq1 > aps->aps_ackmin[!sel])) {	745 sel = aps->aps_sel[1 - out] = !sel; 746 } 747 748 if (aps->aps_ackoff[sel] && (seq1 > aps->aps_ackmin[sel])) { 749 seq2 = aps->aps_ackoff[sel]; 750 tcp->th_ack = htonl(seq1 - seq2); 751 ch = 1; 752 } 753 } else { 754 seq1 = ntohl(tcp->th_seq); 755 sel = aps->aps_sel[out]; 756 757 /* switch to other set ? / 758* if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 759 (seq1 > aps->aps_ackmin[!sel])) {
517#if PROXY_DEBUG 518 printf("proxy in switch set ack %d -> %d %x > %x\n", 519 sel, !sel, seq1, aps->aps_ackmin[!sel]); 520#endif	760 if (ipf_proxy_debug > 7) 761 printf("proxy in switch set ack %d -> %d %x > %x\n", 762 sel, !sel, seq1, aps->aps_ackmin[!sel]);
521 sel = aps->aps_sel[out] = !sel; 522 } 523 524 if (aps->aps_ackoff[sel]) { 525 seq2 = aps->aps_ackmin[sel] - aps->aps_ackoff[sel]; 526 if (seq1 > seq2) { 527 seq2 = aps->aps_ackoff[sel]; 528 seq1 += seq2; 529 tcp->th_seq = htonl(seq1); 530 ch = 1; 531 } 532 } 533 534 if (inc && (seq1 > aps->aps_ackmin[!sel])) { 535 aps->aps_ackmin[!sel] = seq1 + nlen - 1; 536 aps->aps_ackoff[!sel] = aps->aps_ackoff[sel] + inc;	763 sel = aps->aps_sel[out] = !sel; 764 } 765 766 if (aps->aps_ackoff[sel]) { 767 seq2 = aps->aps_ackmin[sel] - aps->aps_ackoff[sel]; 768 if (seq1 > seq2) { 769 seq2 = aps->aps_ackoff[sel]; 770 seq1 += seq2; 771 tcp->th_seq = htonl(seq1); 772 ch = 1; 773 } 774 } 775 776 if (inc && (seq1 > aps->aps_ackmin[!sel])) { 777 aps->aps_ackmin[!sel] = seq1 + nlen - 1; 778 aps->aps_ackoff[!sel] = aps->aps_ackoff[sel] + inc;
537#if PROXY_DEBUG 538 printf("proxy ack set %d at %x to %d + %d\n", !sel, 539 aps->aps_seqmin[!sel], aps->aps_seqoff[sel], 540 inc); 541#endif	779 780 if (ipf_proxy_debug > 7) 781 printf("proxy ack set %d at %x to %d + %d\n", 782 !sel, aps->aps_seqmin[!sel], 783 aps->aps_seqoff[sel], inc);
542 } 543 544 /**/ 545* 546 seq1 = ntohl(tcp->th_ack); 547 sel = aps->aps_sel[1 - out]; 548 549 /* switch to other set ? / 550* if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 551 (seq1 > aps->aps_seqmin[!sel])) {	784 } 785 786 /**/ 787* 788 seq1 = ntohl(tcp->th_ack); 789 sel = aps->aps_sel[1 - out]; 790 791 /* switch to other set ? / 792* if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 793 (seq1 > aps->aps_seqmin[!sel])) {
552#if PROXY_DEBUG 553 printf("proxy in switch set seq %d -> %d %x > %x\n", 554 sel, !sel, seq1, aps->aps_seqmin[!sel]); 555#endif	794 if (ipf_proxy_debug > 7) 795 printf("proxy in switch set seq %d -> %d %x > %x\n", 796 sel, !sel, seq1, aps->aps_seqmin[!sel]);
556 sel = aps->aps_sel[1 - out] = !sel; 557 } 558 559 if (aps->aps_seqoff[sel] != 0) {	797 sel = aps->aps_sel[1 - out] = !sel; 798 } 799 800 if (aps->aps_seqoff[sel] != 0) {
560#if PROXY_DEBUG 561 printf("sel %d seqoff %d seq1 %x seqmin %x\n", sel, 562 aps->aps_seqoff[sel], seq1, 563 aps->aps_seqmin[sel]); 564#endif	801 if (ipf_proxy_debug > 7) 802 printf("sel %d seqoff %d seq1 %x seqmin %x\n", 803 sel, aps->aps_seqoff[sel], seq1, 804 aps->aps_seqmin[sel]);
565 if (seq1 > aps->aps_seqmin[sel]) { 566 seq2 = aps->aps_seqoff[sel]; 567 tcp->th_ack = htonl(seq1 - seq2); 568 ch = 1; 569 } 570 } 571 }	805 if (seq1 > aps->aps_seqmin[sel]) { 806 seq2 = aps->aps_seqoff[sel]; 807 tcp->th_ack = htonl(seq1 - seq2); 808 ch = 1; 809 } 810 } 811 }
572#if PROXY_DEBUG 573 printf("appr_fixseqack: seq %x ack %x\n", ntohl(tcp->th_seq), 574 ntohl(tcp->th_ack)); 575#endif	812 813 if (ipf_proxy_debug > 8) 814 printf("appr_fixseqack: seq %x ack %x\n", 815 ntohl(tcp->th_seq), ntohl(tcp->th_ack));
576 return ch ? 2 : 0; 577} 578 579 580/* 581 * Initialise hook for kernel application proxies. 582 * Call the initialise routine for all the compiled in kernel proxies. 583 / 584int appr_init() 585{ 586* aproxy_t ap; 587* int err = 0; 588 589 for (ap = ap_proxies; ap->apr_p; ap++) {	816 return ch ? 2 : 0; 817} 818 819 820/* 821 * Initialise hook for kernel application proxies. 822 * Call the initialise routine for all the compiled in kernel proxies. 823 / 824int appr_init() 825{ 826* aproxy_t ap; 827* int err = 0; 828 829 for (ap = ap_proxies; ap->apr_p; ap++) {
590 err = (ap->apr_init)(); 591* if (err != 0) 592 break;	830 if (ap->apr_init != NULL) { 831 err = (ap->apr_init)(); 832* if (err != 0) 833 break; 834 }
593 } 594 return err; 595} 596 597 598/* 599 * Unload hook for kernel application proxies. 600 * Call the finialise routine for all the compiled in kernel proxies. 601 / 602void appr_unload() 603{ 604* aproxy_t ap; 605* 606 for (ap = ap_proxies; ap->apr_p; ap++)	835 } 836 return err; 837} 838 839 840/* 841 * Unload hook for kernel application proxies. 842 * Call the finialise routine for all the compiled in kernel proxies. 843 / 844void appr_unload() 845{ 846* aproxy_t ap; 847* 848 for (ap = ap_proxies; ap->apr_p; ap++)
607 if (ap->apr_fini)	849 if (ap->apr_fini != NULL)
608 (ap->apr_fini)(); 609* for (ap = ap_proxylist; ap; ap = ap->apr_next)	850 (ap->apr_fini)(); 851* for (ap = ap_proxylist; ap; ap = ap->apr_next)
610 if (ap->apr_fini)	852 if (ap->apr_fini != NULL)
611 (ap->apr_fini)(); 612*}	853 (ap->apr_fini)(); 854*}