ip_proxy.c (139255) | ip_proxy.c (145522) |
---|---|
1/* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.c 145522 2005-04-25 18:43:14Z darrenr $ */ 2 |
|
1/* | 3/* |
2 * Copyright (C) 1997-2002 by Darren Reed. | 4 * Copyright (C) 1997-2003 by Darren Reed. |
3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 */ | 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 */ |
6 7#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) 8# define _KERNEL | 8#if defined(KERNEL) || defined(_KERNEL) 9# undef KERNEL 10# undef _KERNEL 11# define KERNEL 1 12# define _KERNEL 1 |
9#endif | 13#endif |
10 11#if defined(__sgi) && (IRIX > 602) 12# include <sys/ptimers.h> 13#endif | |
14#include <sys/errno.h> 15#include <sys/types.h> 16#include <sys/param.h> 17#include <sys/time.h> 18#include <sys/file.h> | 14#include <sys/errno.h> 15#include <sys/types.h> 16#include <sys/param.h> 17#include <sys/time.h> 18#include <sys/file.h> |
19#if !defined(__FreeBSD_version) 20# include <sys/ioctl.h> 21#endif | |
22#include <sys/fcntl.h> | 19#include <sys/fcntl.h> |
23#if !defined(_KERNEL) && !defined(KERNEL) | 20#if !defined(_KERNEL) && !defined(__KERNEL__) |
24# include <stdio.h> 25# include <string.h> 26# include <stdlib.h> | 21# include <stdio.h> 22# include <string.h> 23# include <stdlib.h> |
24# include <ctype.h> 25# define _KERNEL 26# ifdef __OpenBSD__ 27struct file; 28# endif 29# include <sys/uio.h> 30# undef _KERNEL |
|
27#endif | 31#endif |
28#ifndef linux | 32#if !defined(linux) |
29# include <sys/protosw.h> 30#endif 31#include <sys/socket.h> 32#if defined(_KERNEL) | 33# include <sys/protosw.h> 34#endif 35#include <sys/socket.h> 36#if defined(_KERNEL) |
33# if !defined(linux) 34# include <sys/systm.h> 35# else 36# include <linux/string.h> | 37# if !defined(__NetBSD__) && !defined(sun) && !defined(__osf__) && \ 38 !defined(__OpenBSD__) && !defined(__hpux) && !defined(__sgi) 39# include <sys/ctype.h> |
37# endif | 40# endif |
38#endif 39#if !defined(__SVR4) && !defined(__svr4__) 40# ifndef linux | 41# include <sys/systm.h> 42# if !defined(__SVR4) && !defined(__svr4__) |
41# include <sys/mbuf.h> 42# endif | 43# include <sys/mbuf.h> 44# endif |
45#endif 46#if defined(_KERNEL) && (__FreeBSD_version >= 220000) 47# include <sys/filio.h> 48# include <sys/fcntl.h> 49# if (__FreeBSD_version >= 300000) && !defined(IPFILTER_LKM) 50# include "opt_ipfilter.h" 51# endif |
|
43#else | 52#else |
53# include <sys/ioctl.h> 54#endif 55#if defined(__SVR4) || defined(__svr4__) |
|
44# include <sys/byteorder.h> 45# ifdef _KERNEL 46# include <sys/dditypes.h> 47# endif 48# include <sys/stream.h> 49# include <sys/kmem.h> 50#endif 51#if __FreeBSD__ > 2 --- 18 unchanged lines hidden (view full) --- 70#include "netinet/ip_fil.h" 71#include "netinet/ip_nat.h" 72#include "netinet/ip_state.h" 73#include "netinet/ip_proxy.h" 74#if (__FreeBSD_version >= 300000) 75# include <sys/malloc.h> 76#endif 77 | 56# include <sys/byteorder.h> 57# ifdef _KERNEL 58# include <sys/dditypes.h> 59# endif 60# include <sys/stream.h> 61# include <sys/kmem.h> 62#endif 63#if __FreeBSD__ > 2 --- 18 unchanged lines hidden (view full) --- 82#include "netinet/ip_fil.h" 83#include "netinet/ip_nat.h" 84#include "netinet/ip_state.h" 85#include "netinet/ip_proxy.h" 86#if (__FreeBSD_version >= 300000) 87# include <sys/malloc.h> 88#endif 89 |
78#if !defined(lint) 79/* static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.9.2.6 2001/07/15 22:06:15 darrenr Exp $"; */ 80static const char rcsid[] = "@(#)$FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.c 139255 2004-12-24 09:14:26Z darrenr $"; | 90#include "netinet/ip_ftp_pxy.c" 91#include "netinet/ip_rcmd_pxy.c" 92# include "netinet/ip_pptp_pxy.c" 93#if defined(_KERNEL) 94# include "netinet/ip_irc_pxy.c" 95# include "netinet/ip_raudio_pxy.c" 96# include "netinet/ip_h323_pxy.c" 97# ifdef IPFILTER_PRO 98# include "netinet/ip_msnrpc_pxy.c" 99# endif 100# include "netinet/ip_netbios_pxy.c" |
81#endif | 101#endif |
102#include "netinet/ip_ipsec_pxy.c" 103#include "netinet/ip_rpcb_pxy.c" |
|
82 | 104 |
83#ifdef USE_MUTEX 84extern KRWLOCK_T ipf_nat, ipf_state; | 105/* END OF INCLUDES */ 106 107#if !defined(lint) 108static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.62.2.12 2005/03/03 14:28:24 darrenr Exp"; |
85#endif 86 87static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int )); 88 | 109#endif 110 111static int appr_fixseqack __P((fr_info_t *, ip_t *, ap_session_t *, int )); 112 |
89 90#define PROXY_DEBUG 0 91 | |
92#define AP_SESS_SIZE 53 93 | 113#define AP_SESS_SIZE 53 114 |
94#include "netinet/ip_ftp_pxy.c" | |
95#if defined(_KERNEL) | 115#if defined(_KERNEL) |
96#include "netinet/ip_rcmd_pxy.c" 97#include "netinet/ip_raudio_pxy.c" 98#include "netinet/ip_netbios_pxy.c" 99#include "netinet/ip_ipsec_pxy.c" | 116int ipf_proxy_debug = 0; 117#else 118int ipf_proxy_debug = 2; |
100#endif | 119#endif |
101 | |
102ap_session_t *ap_sess_tab[AP_SESS_SIZE]; 103ap_session_t *ap_sess_list = NULL; 104aproxy_t *ap_proxylist = NULL; 105aproxy_t ap_proxies[] = { 106#ifdef IPF_FTP_PROXY | 120ap_session_t *ap_sess_tab[AP_SESS_SIZE]; 121ap_session_t *ap_sess_list = NULL; 122aproxy_t *ap_proxylist = NULL; 123aproxy_t ap_proxies[] = { 124#ifdef IPF_FTP_PROXY |
107 { NULL, "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, NULL, | 125 { NULL, "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, ippr_ftp_fini, |
108 ippr_ftp_new, NULL, ippr_ftp_in, ippr_ftp_out, NULL }, 109#endif | 126 ippr_ftp_new, NULL, ippr_ftp_in, ippr_ftp_out, NULL }, 127#endif |
128#ifdef IPF_IRC_PROXY 129 { NULL, "irc", (char)IPPROTO_TCP, 0, 0, ippr_irc_init, ippr_irc_fini, 130 ippr_irc_new, NULL, NULL, ippr_irc_out, NULL, NULL }, 131#endif |
|
110#ifdef IPF_RCMD_PROXY | 132#ifdef IPF_RCMD_PROXY |
111 { NULL, "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, NULL, 112 ippr_rcmd_new, NULL, NULL, ippr_rcmd_out, NULL }, | 133 { NULL, "rcmd", (char)IPPROTO_TCP, 0, 0, ippr_rcmd_init, ippr_rcmd_fini, 134 ippr_rcmd_new, NULL, ippr_rcmd_in, ippr_rcmd_out, NULL, NULL }, |
113#endif 114#ifdef IPF_RAUDIO_PROXY | 135#endif 136#ifdef IPF_RAUDIO_PROXY |
115 { NULL, "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, NULL, 116 ippr_raudio_new, NULL, ippr_raudio_in, ippr_raudio_out, NULL }, | 137 { NULL, "raudio", (char)IPPROTO_TCP, 0, 0, ippr_raudio_init, ippr_raudio_fini, 138 ippr_raudio_new, NULL, ippr_raudio_in, ippr_raudio_out, NULL, NULL }, |
117#endif | 139#endif |
118#ifdef IPF_IPSEC_PROXY 119 { NULL, "ipsec", (char)IPPROTO_UDP, 0, 0, ippr_ipsec_init, NULL, 120 ippr_ipsec_new, ippr_ipsec_del, NULL, ippr_ipsec_out, 121 ippr_ipsec_match }, | 140#ifdef IPF_MSNRPC_PROXY 141 { NULL, "msnrpc", (char)IPPROTO_TCP, 0, 0, ippr_msnrpc_init, ippr_msnrpc_fini, 142 ippr_msnrpc_new, NULL, ippr_msnrpc_in, ippr_msnrpc_out, NULL, NULL }, |
122#endif 123#ifdef IPF_NETBIOS_PROXY | 143#endif 144#ifdef IPF_NETBIOS_PROXY |
124 { NULL, "netbios", (char)IPPROTO_UDP, 0, 0, ippr_netbios_init, NULL, 125 NULL, NULL, NULL, ippr_netbios_out, NULL }, | 145 { NULL, "netbios", (char)IPPROTO_UDP, 0, 0, ippr_netbios_init, ippr_netbios_fini, 146 NULL, NULL, NULL, ippr_netbios_out, NULL, NULL }, |
126#endif | 147#endif |
148#ifdef IPF_IPSEC_PROXY 149 { NULL, "ipsec", (char)IPPROTO_UDP, 0, 0, 150 ippr_ipsec_init, ippr_ipsec_fini, ippr_ipsec_new, ippr_ipsec_del, 151 ippr_ipsec_inout, ippr_ipsec_inout, ippr_ipsec_match, NULL }, 152#endif 153#ifdef IPF_PPTP_PROXY 154 { NULL, "pptp", (char)IPPROTO_TCP, 0, 0, 155 ippr_pptp_init, ippr_pptp_fini, ippr_pptp_new, ippr_pptp_del, 156 ippr_pptp_inout, ippr_pptp_inout, NULL, NULL }, 157#endif |
|
127#ifdef IPF_H323_PROXY | 158#ifdef IPF_H323_PROXY |
128 { NULL, "h323", (char)IPPROTO_TCP, 0, 0, ippr_h323_init, NULL, 129 ippr_h323_new, ippr_h323_del, ippr_h323_in, ippr_h323_out, NULL }, 130 { NULL, "h245", (char)IPPROTO_TCP, 0, 0, ippr_h245_init, NULL, 131 ippr_h245_new, NULL, NULL, ippr_h245_out, NULL }, 132#endif 133 { NULL, "", '\0', 0, 0, NULL, NULL, NULL } | 159 { NULL, "h323", (char)IPPROTO_TCP, 0, 0, ippr_h323_init, ippr_h323_fini, 160 ippr_h323_new, ippr_h323_del, ippr_h323_in, NULL, NULL }, 161 { NULL, "h245", (char)IPPROTO_TCP, 0, 0, NULL, NULL, 162 ippr_h245_new, NULL, NULL, ippr_h245_out, NULL }, 163#endif 164#ifdef IPF_RPCB_PROXY 165# if 0 166 { NULL, "rpcbt", (char)IPPROTO_TCP, 0, 0, 167 ippr_rpcb_init, ippr_rpcb_fini, ippr_rpcb_new, ippr_rpcb_del, 168 ippr_rpcb_in, ippr_rpcb_out, NULL, NULL }, 169# endif 170 { NULL, "rpcbu", (char)IPPROTO_UDP, 0, 0, 171 ippr_rpcb_init, ippr_rpcb_fini, ippr_rpcb_new, ippr_rpcb_del, 172 ippr_rpcb_in, ippr_rpcb_out, NULL, NULL }, 173#endif 174 { NULL, "", '\0', 0, 0, NULL, NULL, NULL, NULL } |
134}; 135 | 175}; 176 |
136 | |
137/* 138 * Dynamically add a new kernel proxy. Ensure that it is unique in the 139 * collection compiled in and dynamically added. 140 */ 141int appr_add(ap) 142aproxy_t *ap; 143{ 144 aproxy_t *a; 145 146 for (a = ap_proxies; a->apr_p; a++) 147 if ((a->apr_p == ap->apr_p) && 148 !strncmp(a->apr_label, ap->apr_label, | 177/* 178 * Dynamically add a new kernel proxy. Ensure that it is unique in the 179 * collection compiled in and dynamically added. 180 */ 181int appr_add(ap) 182aproxy_t *ap; 183{ 184 aproxy_t *a; 185 186 for (a = ap_proxies; a->apr_p; a++) 187 if ((a->apr_p == ap->apr_p) && 188 !strncmp(a->apr_label, ap->apr_label, |
149 sizeof(ap->apr_label))) | 189 sizeof(ap->apr_label))) { 190 if (ipf_proxy_debug > 1) 191 printf("appr_add: %s/%d already present (B)\n", 192 a->apr_label, a->apr_p); |
150 return -1; | 193 return -1; |
194 } |
|
151 | 195 |
152 for (a = ap_proxylist; a && a->apr_p; a = a->apr_next) | 196 for (a = ap_proxylist; a->apr_p; a = a->apr_next) |
153 if ((a->apr_p == ap->apr_p) && 154 !strncmp(a->apr_label, ap->apr_label, | 197 if ((a->apr_p == ap->apr_p) && 198 !strncmp(a->apr_label, ap->apr_label, |
155 sizeof(ap->apr_label))) | 199 sizeof(ap->apr_label))) { 200 if (ipf_proxy_debug > 1) 201 printf("appr_add: %s/%d already present (D)\n", 202 a->apr_label, a->apr_p); |
156 return -1; | 203 return -1; |
204 } |
|
157 ap->apr_next = ap_proxylist; 158 ap_proxylist = ap; | 205 ap->apr_next = ap_proxylist; 206 ap_proxylist = ap; |
159 return (*ap->apr_init)(); | 207 if (ap->apr_init != NULL) 208 return (*ap->apr_init)(); 209 return 0; |
160} 161 162 163/* | 210} 211 212 213/* |
214 * Check to see if the proxy this control request has come through for 215 * exists, and if it does and it has a control function then invoke that 216 * control function. 217 */ 218int appr_ctl(ctl) 219ap_ctl_t *ctl; 220{ 221 aproxy_t *a; 222 int error; 223 224 a = appr_lookup(ctl->apc_p, ctl->apc_label); 225 if (a == NULL) { 226 if (ipf_proxy_debug > 1) 227 printf("appr_ctl: can't find %s/%d\n", 228 ctl->apc_label, ctl->apc_p); 229 error = ESRCH; 230 } else if (a->apr_ctl == NULL) { 231 if (ipf_proxy_debug > 1) 232 printf("appr_ctl: no ctl function for %s/%d\n", 233 ctl->apc_label, ctl->apc_p); 234 error = ENXIO; 235 } else { 236 error = (*a->apr_ctl)(a, ctl); 237 if ((error != 0) && (ipf_proxy_debug > 1)) 238 printf("appr_ctl: %s/%d ctl error %d\n", 239 a->apr_label, a->apr_p, error); 240 } 241 return error; 242} 243 244 245/* |
|
164 * Delete a proxy that has been added dynamically from those available. 165 * If it is in use, return 1 (do not destroy NOW), not in use 0 or -1 166 * if it cannot be matched. 167 */ 168int appr_del(ap) 169aproxy_t *ap; 170{ 171 aproxy_t *a, **app; 172 | 246 * Delete a proxy that has been added dynamically from those available. 247 * If it is in use, return 1 (do not destroy NOW), not in use 0 or -1 248 * if it cannot be matched. 249 */ 250int appr_del(ap) 251aproxy_t *ap; 252{ 253 aproxy_t *a, **app; 254 |
173 for (app = &ap_proxylist; (a = *app); app = &a->apr_next) | 255 for (app = &ap_proxylist; ((a = *app) != NULL); app = &a->apr_next) |
174 if (a == ap) { 175 a->apr_flags |= APR_DELETE; 176 *app = a->apr_next; | 256 if (a == ap) { 257 a->apr_flags |= APR_DELETE; 258 *app = a->apr_next; |
177 if (ap->apr_ref != 0) | 259 if (ap->apr_ref != 0) { 260 if (ipf_proxy_debug > 2) 261 printf("appr_del: orphaning %s/%d\n", 262 ap->apr_label, ap->apr_p); |
178 return 1; | 263 return 1; |
264 } |
|
179 return 0; 180 } | 265 return 0; 266 } |
267 if (ipf_proxy_debug > 1) 268 printf("appr_del: proxy %lx not found\n", (u_long)ap); |
|
181 return -1; 182} 183 184 185/* 186 * Return 1 if the packet is a good match against a proxy, else 0. 187 */ | 269 return -1; 270} 271 272 273/* 274 * Return 1 if the packet is a good match against a proxy, else 0. 275 */ |
188int appr_ok(ip, tcp, nat) 189ip_t *ip; | 276int appr_ok(fin, tcp, nat) 277fr_info_t *fin; |
190tcphdr_t *tcp; 191ipnat_t *nat; 192{ 193 aproxy_t *apr = nat->in_apr; 194 u_short dport = nat->in_dport; 195 196 if ((apr == NULL) || (apr->apr_flags & APR_DELETE) || | 278tcphdr_t *tcp; 279ipnat_t *nat; 280{ 281 aproxy_t *apr = nat->in_apr; 282 u_short dport = nat->in_dport; 283 284 if ((apr == NULL) || (apr->apr_flags & APR_DELETE) || |
197 (ip->ip_p != apr->apr_p)) | 285 (fin->fin_p != apr->apr_p)) |
198 return 0; | 286 return 0; |
199 if (((tcp != NULL) && (tcp->th_dport != dport)) || (!tcp && dport)) | 287 if ((tcp == NULL) && dport) |
200 return 0; 201 return 1; 202} 203 204 | 288 return 0; 289 return 1; 290} 291 292 |
293int appr_ioctl(data, cmd, mode) 294caddr_t data; 295ioctlcmd_t cmd; 296int mode; 297{ 298 ap_ctl_t ctl; 299 caddr_t ptr; 300 int error; 301 302 mode = mode; /* LINT */ 303 304 switch (cmd) 305 { 306 case SIOCPROXY : 307 BCOPYIN(data, &ctl, sizeof(ctl)); 308 ptr = NULL; 309 310 if (ctl.apc_dsize > 0) { 311 KMALLOCS(ptr, caddr_t, ctl.apc_dsize); 312 if (ptr == NULL) 313 error = ENOMEM; 314 else { 315 error = copyinptr(ctl.apc_data, ptr, 316 ctl.apc_dsize); 317 if (error == 0) 318 ctl.apc_data = ptr; 319 } 320 } else { 321 ctl.apc_data = NULL; 322 error = 0; 323 } 324 325 if (error == 0) 326 error = appr_ctl(&ctl); 327 328 if ((ctl.apc_dsize > 0) && (ptr != NULL) && 329 (ctl.apc_data == ptr)) { 330 KFREES(ptr, ctl.apc_dsize); 331 } 332 break; 333 334 default : 335 error = EINVAL; 336 } 337 return error; 338} 339 340 |
|
205/* 206 * If a proxy has a match function, call that to do extended packet 207 * matching. 208 */ 209int appr_match(fin, nat) 210fr_info_t *fin; 211nat_t *nat; 212{ 213 aproxy_t *apr; 214 ipnat_t *ipn; | 341/* 342 * If a proxy has a match function, call that to do extended packet 343 * matching. 344 */ 345int appr_match(fin, nat) 346fr_info_t *fin; 347nat_t *nat; 348{ 349 aproxy_t *apr; 350 ipnat_t *ipn; |
351 int result; |
|
215 216 ipn = nat->nat_ptr; | 352 353 ipn = nat->nat_ptr; |
217 if (ipn == NULL) | 354 if (ipf_proxy_debug > 8) 355 printf("appr_match(%lx,%lx) aps %lx ptr %lx\n", 356 (u_long)fin, (u_long)nat, (u_long)nat->nat_aps, 357 (u_long)ipn); 358 359 if ((fin->fin_flx & (FI_SHORT|FI_BAD)) != 0) { 360 if (ipf_proxy_debug > 0) 361 printf("appr_match: flx 0x%x (BAD|SHORT)\n", 362 fin->fin_flx); |
218 return -1; | 363 return -1; |
364 } 365 |
|
219 apr = ipn->in_apr; | 366 apr = ipn->in_apr; |
220 if ((apr == NULL) || (apr->apr_flags & APR_DELETE) || 221 (nat->nat_aps == NULL)) | 367 if ((apr == NULL) || (apr->apr_flags & APR_DELETE)) { 368 if (ipf_proxy_debug > 0) 369 printf("appr_match:apr %lx apr_flags 0x%x\n", 370 (u_long)apr, apr ? apr->apr_flags : 0); |
222 return -1; | 371 return -1; |
223 if (apr->apr_match != NULL) 224 if ((*apr->apr_match)(fin, nat->nat_aps, nat) != 0) | 372 } 373 374 if (apr->apr_match != NULL) { 375 result = (*apr->apr_match)(fin, nat->nat_aps, nat); 376 if (result != 0) { 377 if (ipf_proxy_debug > 4) 378 printf("appr_match: result %d\n", result); |
225 return -1; | 379 return -1; |
380 } 381 } |
|
226 return 0; 227} 228 229 230/* 231 * Allocate a new application proxy structure and fill it in with the 232 * relevant details. call the init function once complete, prior to 233 * returning. 234 */ | 382 return 0; 383} 384 385 386/* 387 * Allocate a new application proxy structure and fill it in with the 388 * relevant details. call the init function once complete, prior to 389 * returning. 390 */ |
235int appr_new(fin, ip, nat) | 391int appr_new(fin, nat) |
236fr_info_t *fin; | 392fr_info_t *fin; |
237ip_t *ip; | |
238nat_t *nat; 239{ 240 register ap_session_t *aps; 241 aproxy_t *apr; 242 | 393nat_t *nat; 394{ 395 register ap_session_t *aps; 396 aproxy_t *apr; 397 |
243 if ((nat->nat_ptr == NULL) || (nat->nat_aps != NULL)) | 398 if (ipf_proxy_debug > 8) 399 printf("appr_new(%lx,%lx) \n", (u_long)fin, (u_long)nat); 400 401 if ((nat->nat_ptr == NULL) || (nat->nat_aps != NULL)) { 402 if (ipf_proxy_debug > 0) 403 printf("appr_new: nat_ptr %lx nat_aps %lx\n", 404 (u_long)nat->nat_ptr, (u_long)nat->nat_aps); |
244 return -1; | 405 return -1; |
406 } |
|
245 246 apr = nat->nat_ptr->in_apr; 247 | 407 408 apr = nat->nat_ptr->in_apr; 409 |
248 if (!apr || (apr->apr_flags & APR_DELETE) || (ip->ip_p != apr->apr_p)) | 410 if ((apr->apr_flags & APR_DELETE) || 411 (fin->fin_p != apr->apr_p)) { 412 if (ipf_proxy_debug > 2) 413 printf("appr_new: apr_flags 0x%x p %d/%d\n", 414 apr->apr_flags, fin->fin_p, apr->apr_p); |
249 return -1; | 415 return -1; |
416 } |
|
250 251 KMALLOC(aps, ap_session_t *); | 417 418 KMALLOC(aps, ap_session_t *); |
252 if (!aps) | 419 if (!aps) { 420 if (ipf_proxy_debug > 0) 421 printf("appr_new: malloc failed (%lu)\n", 422 (u_long)sizeof(ap_session_t)); |
253 return -1; | 423 return -1; |
424 } 425 |
|
254 bzero((char *)aps, sizeof(*aps)); | 426 bzero((char *)aps, sizeof(*aps)); |
255 aps->aps_p = ip->ip_p; | 427 aps->aps_p = fin->fin_p; |
256 aps->aps_data = NULL; 257 aps->aps_apr = apr; 258 aps->aps_psiz = 0; 259 if (apr->apr_new != NULL) | 428 aps->aps_data = NULL; 429 aps->aps_apr = apr; 430 aps->aps_psiz = 0; 431 if (apr->apr_new != NULL) |
260 if ((*apr->apr_new)(fin, ip, aps, nat) == -1) { | 432 if ((*apr->apr_new)(fin, aps, nat) == -1) { |
261 if ((aps->aps_data != NULL) && (aps->aps_psiz != 0)) { 262 KFREES(aps->aps_data, aps->aps_psiz); 263 } 264 KFREE(aps); | 433 if ((aps->aps_data != NULL) && (aps->aps_psiz != 0)) { 434 KFREES(aps->aps_data, aps->aps_psiz); 435 } 436 KFREE(aps); |
437 if (ipf_proxy_debug > 2) 438 printf("appr_new: new(%lx) failed\n", 439 (u_long)apr->apr_new); |
|
265 return -1; 266 } 267 aps->aps_nat = nat; 268 aps->aps_next = ap_sess_list; 269 ap_sess_list = aps; 270 nat->nat_aps = aps; 271 272 return 0; 273} 274 275 276/* | 440 return -1; 441 } 442 aps->aps_nat = nat; 443 aps->aps_next = ap_sess_list; 444 ap_sess_list = aps; 445 nat->nat_aps = aps; 446 447 return 0; 448} 449 450 451/* |
277 * check to see if a packet should be passed through an active proxy routine 278 * if one has been setup for it. | 452 * Check to see if a packet should be passed through an active proxy routine 453 * if one has been setup for it. We don't need to check the checksum here if 454 * IPFILTER_CKSUM is defined because if it is, a failed check causes FI_BAD 455 * to be set. |
279 */ | 456 */ |
280int appr_check(ip, fin, nat) 281ip_t *ip; | 457int appr_check(fin, nat) |
282fr_info_t *fin; 283nat_t *nat; 284{ 285#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) | 458fr_info_t *fin; 459nat_t *nat; 460{ 461#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) |
286 mb_t *m = fin->fin_qfm; | 462# if defined(ICK_VALID) 463 mb_t *m; 464# endif |
287 int dosum = 1; 288#endif 289 tcphdr_t *tcp = NULL; | 465 int dosum = 1; 466#endif 467 tcphdr_t *tcp = NULL; |
468 udphdr_t *udp = NULL; |
|
290 ap_session_t *aps; 291 aproxy_t *apr; | 469 ap_session_t *aps; 470 aproxy_t *apr; |
292 u_32_t sum; | 471 ip_t *ip; |
293 short rv; 294 int err; | 472 short rv; 473 int err; |
474#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) 475 u_32_t s1, s2, sd; 476#endif |
|
295 | 477 |
296 aps = nat->nat_aps; 297 if ((aps != NULL) && (aps->aps_p == ip->ip_p)) { 298 if (ip->ip_p == IPPROTO_TCP) { 299 tcp = (tcphdr_t *)fin->fin_dp; 300 /* 301 * verify that the checksum is correct. If not, then 302 * don't do anything with this packet. 303 */ 304#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 305 if (dohwcksum && (m->b_ick_flag == ICK_VALID)) { 306 sum = tcp->th_sum; 307 dosum = 0; 308 } 309 if (dosum) 310 sum = fr_tcpsum(fin->fin_qfm, ip, tcp); 311#else 312 sum = fr_tcpsum(*(mb_t **)fin->fin_mp, ip, tcp); | 478 if (fin->fin_flx & FI_BAD) { 479 if (ipf_proxy_debug > 0) 480 printf("appr_check: flx 0x%x (BAD)\n", fin->fin_flx); 481 return -1; 482 } 483 484#ifndef IPFILTER_CKSUM 485 if ((fin->fin_out == 0) && (fr_checkl4sum(fin) == -1)) { 486 if (ipf_proxy_debug > 0) 487 printf("appr_check: l4 checksum failure %d\n", 488 fin->fin_p); 489 if (fin->fin_p == IPPROTO_TCP) 490 frstats[fin->fin_out].fr_tcpbad++; 491 return -1; 492 } |
313#endif | 493#endif |
314 if (sum != tcp->th_sum) { 315#if PROXY_DEBUG || (!defined(_KERNEL) && !defined(KERNEL)) 316 printf("proxy tcp checksum failure\n"); 317#endif 318 frstats[fin->fin_out].fr_tcpbad++; | 494 495 aps = nat->nat_aps; 496 if ((aps != NULL) && (aps->aps_p == fin->fin_p)) { 497 /* 498 * If there is data in this packet to be proxied then try and 499 * get it all into the one buffer, else drop it. 500 */ 501#if defined(MENTAT) || defined(HAVE_M_PULLDOWN) 502 if ((fin->fin_dlen > 0) && !(fin->fin_flx & FI_COALESCE)) 503 if (fr_coalesce(fin) == -1) { 504 if (ipf_proxy_debug > 0) 505 printf("appr_check: fr_coalesce failed %x\n", fin->fin_flx); |
319 return -1; 320 } | 506 return -1; 507 } |
508#endif 509 ip = fin->fin_ip; |
|
321 | 510 |
511 switch (fin->fin_p) 512 { 513 case IPPROTO_TCP : 514 tcp = (tcphdr_t *)fin->fin_dp; 515 516#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) && defined(ICK_VALID) 517 m = fin->fin_qfm; 518 if (dohwcksum && (m->b_ick_flag == ICK_VALID)) 519 dosum = 0; 520#endif |
|
322 /* 323 * Don't bother the proxy with these...or in fact, 324 * should we free up proxy stuff when seen? 325 */ | 521 /* 522 * Don't bother the proxy with these...or in fact, 523 * should we free up proxy stuff when seen? 524 */ |
326 if ((tcp->th_flags & TH_RST) != 0) 327 return 0; | 525 if ((fin->fin_tcpf & TH_RST) != 0) 526 break; 527 /*FALLTHROUGH*/ 528 case IPPROTO_UDP : 529 udp = (udphdr_t *)fin->fin_dp; 530 break; 531 default : 532 break; |
328 } 329 330 apr = aps->aps_apr; 331 err = 0; 332 if (fin->fin_out != 0) { 333 if (apr->apr_outpkt != NULL) | 533 } 534 535 apr = aps->aps_apr; 536 err = 0; 537 if (fin->fin_out != 0) { 538 if (apr->apr_outpkt != NULL) |
334 err = (*apr->apr_outpkt)(fin, ip, aps, nat); | 539 err = (*apr->apr_outpkt)(fin, aps, nat); |
335 } else { 336 if (apr->apr_inpkt != NULL) | 540 } else { 541 if (apr->apr_inpkt != NULL) |
337 err = (*apr->apr_inpkt)(fin, ip, aps, nat); | 542 err = (*apr->apr_inpkt)(fin, aps, nat); |
338 } 339 340 rv = APR_EXIT(err); | 543 } 544 545 rv = APR_EXIT(err); |
341 if (rv == 1) { 342#if PROXY_DEBUG || (!defined(_KERNEL) && !defined(KERNEL)) 343 printf("proxy says bad packet received\n"); 344#endif | 546 if (((ipf_proxy_debug > 0) && (rv != 0)) || 547 (ipf_proxy_debug > 8)) 548 printf("appr_check: out %d err %x rv %d\n", 549 fin->fin_out, err, rv); 550 if (rv == 1) |
345 return -1; | 551 return -1; |
346 } | 552 |
347 if (rv == 2) { | 553 if (rv == 2) { |
348#if PROXY_DEBUG || (!defined(_KERNEL) && !defined(KERNEL)) 349 printf("proxy says free app proxy data\n"); 350#endif | |
351 appr_free(apr); 352 nat->nat_aps = NULL; 353 return -1; 354 } 355 | 554 appr_free(apr); 555 nat->nat_aps = NULL; 556 return -1; 557 } 558 |
559 /* 560 * If err != 0 then the data size of the packet has changed 561 * so we need to recalculate the header checksums for the 562 * packet. 563 */ 564#if !defined(_KERNEL) || defined(MENTAT) || defined(__sgi) 565 if (err != 0) { 566 short adjlen = err & 0xffff; 567 568 s1 = LONG_SUM(ip->ip_len - adjlen); 569 s2 = LONG_SUM(ip->ip_len); 570 CALC_SUMD(s1, s2, sd); 571 fix_outcksum(fin, &ip->ip_sum, sd); 572 } 573#endif 574 575 /* 576 * For TCP packets, we may need to adjust the sequence and 577 * acknowledgement numbers to reflect changes in size of the 578 * data stream. 579 * 580 * For both TCP and UDP, recalculate the layer 4 checksum, 581 * regardless, as we can't tell (here) if data has been 582 * changed or not. 583 */ |
|
356 if (tcp != NULL) { 357 err = appr_fixseqack(fin, ip, aps, APR_INC(err)); 358#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 359 if (dosum) | 584 if (tcp != NULL) { 585 err = appr_fixseqack(fin, ip, aps, APR_INC(err)); 586#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 587 if (dosum) |
360 tcp->th_sum = fr_tcpsum(fin->fin_qfm, ip, tcp); | 588 tcp->th_sum = fr_cksum(fin->fin_qfm, ip, 589 IPPROTO_TCP, tcp); |
361#else | 590#else |
362 tcp->th_sum = fr_tcpsum(*(mb_t **)fin->fin_mp, ip, tcp); | 591 tcp->th_sum = fr_cksum(fin->fin_m, ip, 592 IPPROTO_TCP, tcp); |
363#endif | 593#endif |
594 } else if ((udp != NULL) && (udp->uh_sum != 0)) { 595#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6) 596 if (dosum) 597 udp->uh_sum = fr_cksum(fin->fin_qfm, ip, 598 IPPROTO_UDP, udp); 599#else 600 udp->uh_sum = fr_cksum(fin->fin_m, ip, 601 IPPROTO_UDP, udp); 602#endif |
|
364 } | 603 } |
365 aps->aps_bytes += ip->ip_len; | 604 aps->aps_bytes += fin->fin_plen; |
366 aps->aps_pkts++; 367 return 1; 368 } 369 return 0; 370} 371 372 373/* 374 * Search for an proxy by the protocol it is being used with and its name. 375 */ 376aproxy_t *appr_lookup(pr, name) 377u_int pr; 378char *name; 379{ 380 aproxy_t *ap; 381 | 605 aps->aps_pkts++; 606 return 1; 607 } 608 return 0; 609} 610 611 612/* 613 * Search for an proxy by the protocol it is being used with and its name. 614 */ 615aproxy_t *appr_lookup(pr, name) 616u_int pr; 617char *name; 618{ 619 aproxy_t *ap; 620 |
621 if (ipf_proxy_debug > 8) 622 printf("appr_lookup(%d,%s)\n", pr, name); 623 |
|
382 for (ap = ap_proxies; ap->apr_p; ap++) 383 if ((ap->apr_p == pr) && 384 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 385 ap->apr_ref++; 386 return ap; 387 } 388 389 for (ap = ap_proxylist; ap; ap = ap->apr_next) 390 if ((ap->apr_p == pr) && 391 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 392 ap->apr_ref++; 393 return ap; 394 } | 624 for (ap = ap_proxies; ap->apr_p; ap++) 625 if ((ap->apr_p == pr) && 626 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 627 ap->apr_ref++; 628 return ap; 629 } 630 631 for (ap = ap_proxylist; ap; ap = ap->apr_next) 632 if ((ap->apr_p == pr) && 633 !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) { 634 ap->apr_ref++; 635 return ap; 636 } |
637 if (ipf_proxy_debug > 2) 638 printf("appr_lookup: failed for %d/%s\n", pr, name); |
|
395 return NULL; 396} 397 398 399void appr_free(ap) 400aproxy_t *ap; 401{ 402 ap->apr_ref--; --- 4 unchanged lines hidden (view full) --- 407ap_session_t *aps; 408{ 409 ap_session_t *a, **ap; 410 aproxy_t *apr; 411 412 if (!aps) 413 return; 414 | 639 return NULL; 640} 641 642 643void appr_free(ap) 644aproxy_t *ap; 645{ 646 ap->apr_ref--; --- 4 unchanged lines hidden (view full) --- 651ap_session_t *aps; 652{ 653 ap_session_t *a, **ap; 654 aproxy_t *apr; 655 656 if (!aps) 657 return; 658 |
415 for (ap = &ap_sess_list; (a = *ap); ap = &a->aps_next) | 659 for (ap = &ap_sess_list; ((a = *ap) != NULL); ap = &a->aps_next) |
416 if (a == aps) { 417 *ap = a->aps_next; 418 break; 419 } 420 421 apr = aps->aps_apr; 422 if ((apr != NULL) && (apr->apr_del != NULL)) 423 (*apr->apr_del)(aps); --- 19 unchanged lines hidden (view full) --- 443 short inc2; 444 445 tcp = (tcphdr_t *)fin->fin_dp; 446 out = fin->fin_out; 447 /* 448 * ip_len has already been adjusted by 'inc'. 449 */ 450 nlen = ip->ip_len; | 660 if (a == aps) { 661 *ap = a->aps_next; 662 break; 663 } 664 665 apr = aps->aps_apr; 666 if ((apr != NULL) && (apr->apr_del != NULL)) 667 (*apr->apr_del)(aps); --- 19 unchanged lines hidden (view full) --- 687 short inc2; 688 689 tcp = (tcphdr_t *)fin->fin_dp; 690 out = fin->fin_out; 691 /* 692 * ip_len has already been adjusted by 'inc'. 693 */ 694 nlen = ip->ip_len; |
451 nlen -= (ip->ip_hl << 2) + (tcp->th_off << 2); | 695 nlen -= (IP_HL(ip) << 2) + (TCP_OFF(tcp) << 2); |
452 453 inc2 = inc; 454 inc = (int)inc2; 455 456 if (out != 0) { 457 seq1 = (u_32_t)ntohl(tcp->th_seq); 458 sel = aps->aps_sel[out]; 459 460 /* switch to other set ? */ 461 if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 462 (seq1 > aps->aps_seqmin[!sel])) { | 696 697 inc2 = inc; 698 inc = (int)inc2; 699 700 if (out != 0) { 701 seq1 = (u_32_t)ntohl(tcp->th_seq); 702 sel = aps->aps_sel[out]; 703 704 /* switch to other set ? */ 705 if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 706 (seq1 > aps->aps_seqmin[!sel])) { |
463#if PROXY_DEBUG 464 printf("proxy out switch set seq %d -> %d %x > %x\n", 465 sel, !sel, seq1, aps->aps_seqmin[!sel]); 466#endif | 707 if (ipf_proxy_debug > 7) 708 printf("proxy out switch set seq %d -> %d %x > %x\n", 709 sel, !sel, seq1, 710 aps->aps_seqmin[!sel]); |
467 sel = aps->aps_sel[out] = !sel; 468 } 469 470 if (aps->aps_seqoff[sel]) { 471 seq2 = aps->aps_seqmin[sel] - aps->aps_seqoff[sel]; 472 if (seq1 > seq2) { 473 seq2 = aps->aps_seqoff[sel]; 474 seq1 += seq2; 475 tcp->th_seq = htonl(seq1); 476 ch = 1; 477 } 478 } 479 480 if (inc && (seq1 > aps->aps_seqmin[!sel])) { 481 aps->aps_seqmin[sel] = seq1 + nlen - 1; 482 aps->aps_seqoff[sel] = aps->aps_seqoff[sel] + inc; | 711 sel = aps->aps_sel[out] = !sel; 712 } 713 714 if (aps->aps_seqoff[sel]) { 715 seq2 = aps->aps_seqmin[sel] - aps->aps_seqoff[sel]; 716 if (seq1 > seq2) { 717 seq2 = aps->aps_seqoff[sel]; 718 seq1 += seq2; 719 tcp->th_seq = htonl(seq1); 720 ch = 1; 721 } 722 } 723 724 if (inc && (seq1 > aps->aps_seqmin[!sel])) { 725 aps->aps_seqmin[sel] = seq1 + nlen - 1; 726 aps->aps_seqoff[sel] = aps->aps_seqoff[sel] + inc; |
483#if PROXY_DEBUG 484 printf("proxy seq set %d at %x to %d + %d\n", sel, 485 aps->aps_seqmin[sel], aps->aps_seqoff[sel], 486 inc); 487#endif | 727 if (ipf_proxy_debug > 7) 728 printf("proxy seq set %d at %x to %d + %d\n", 729 sel, aps->aps_seqmin[sel], 730 aps->aps_seqoff[sel], inc); |
488 } 489 490 /***/ 491 492 seq1 = ntohl(tcp->th_ack); 493 sel = aps->aps_sel[1 - out]; 494 495 /* switch to other set ? */ 496 if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 497 (seq1 > aps->aps_ackmin[!sel])) { | 731 } 732 733 /***/ 734 735 seq1 = ntohl(tcp->th_ack); 736 sel = aps->aps_sel[1 - out]; 737 738 /* switch to other set ? */ 739 if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 740 (seq1 > aps->aps_ackmin[!sel])) { |
498#if PROXY_DEBUG 499 printf("proxy out switch set ack %d -> %d %x > %x\n", 500 sel, !sel, seq1, aps->aps_ackmin[!sel]); 501#endif | 741 if (ipf_proxy_debug > 7) 742 printf("proxy out switch set ack %d -> %d %x > %x\n", 743 sel, !sel, seq1, 744 aps->aps_ackmin[!sel]); |
502 sel = aps->aps_sel[1 - out] = !sel; 503 } 504 505 if (aps->aps_ackoff[sel] && (seq1 > aps->aps_ackmin[sel])) { 506 seq2 = aps->aps_ackoff[sel]; 507 tcp->th_ack = htonl(seq1 - seq2); 508 ch = 1; 509 } 510 } else { 511 seq1 = ntohl(tcp->th_seq); 512 sel = aps->aps_sel[out]; 513 514 /* switch to other set ? */ 515 if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 516 (seq1 > aps->aps_ackmin[!sel])) { | 745 sel = aps->aps_sel[1 - out] = !sel; 746 } 747 748 if (aps->aps_ackoff[sel] && (seq1 > aps->aps_ackmin[sel])) { 749 seq2 = aps->aps_ackoff[sel]; 750 tcp->th_ack = htonl(seq1 - seq2); 751 ch = 1; 752 } 753 } else { 754 seq1 = ntohl(tcp->th_seq); 755 sel = aps->aps_sel[out]; 756 757 /* switch to other set ? */ 758 if ((aps->aps_ackmin[!sel] > aps->aps_ackmin[sel]) && 759 (seq1 > aps->aps_ackmin[!sel])) { |
517#if PROXY_DEBUG 518 printf("proxy in switch set ack %d -> %d %x > %x\n", 519 sel, !sel, seq1, aps->aps_ackmin[!sel]); 520#endif | 760 if (ipf_proxy_debug > 7) 761 printf("proxy in switch set ack %d -> %d %x > %x\n", 762 sel, !sel, seq1, aps->aps_ackmin[!sel]); |
521 sel = aps->aps_sel[out] = !sel; 522 } 523 524 if (aps->aps_ackoff[sel]) { 525 seq2 = aps->aps_ackmin[sel] - aps->aps_ackoff[sel]; 526 if (seq1 > seq2) { 527 seq2 = aps->aps_ackoff[sel]; 528 seq1 += seq2; 529 tcp->th_seq = htonl(seq1); 530 ch = 1; 531 } 532 } 533 534 if (inc && (seq1 > aps->aps_ackmin[!sel])) { 535 aps->aps_ackmin[!sel] = seq1 + nlen - 1; 536 aps->aps_ackoff[!sel] = aps->aps_ackoff[sel] + inc; | 763 sel = aps->aps_sel[out] = !sel; 764 } 765 766 if (aps->aps_ackoff[sel]) { 767 seq2 = aps->aps_ackmin[sel] - aps->aps_ackoff[sel]; 768 if (seq1 > seq2) { 769 seq2 = aps->aps_ackoff[sel]; 770 seq1 += seq2; 771 tcp->th_seq = htonl(seq1); 772 ch = 1; 773 } 774 } 775 776 if (inc && (seq1 > aps->aps_ackmin[!sel])) { 777 aps->aps_ackmin[!sel] = seq1 + nlen - 1; 778 aps->aps_ackoff[!sel] = aps->aps_ackoff[sel] + inc; |
537#if PROXY_DEBUG 538 printf("proxy ack set %d at %x to %d + %d\n", !sel, 539 aps->aps_seqmin[!sel], aps->aps_seqoff[sel], 540 inc); 541#endif | 779 780 if (ipf_proxy_debug > 7) 781 printf("proxy ack set %d at %x to %d + %d\n", 782 !sel, aps->aps_seqmin[!sel], 783 aps->aps_seqoff[sel], inc); |
542 } 543 544 /***/ 545 546 seq1 = ntohl(tcp->th_ack); 547 sel = aps->aps_sel[1 - out]; 548 549 /* switch to other set ? */ 550 if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 551 (seq1 > aps->aps_seqmin[!sel])) { | 784 } 785 786 /***/ 787 788 seq1 = ntohl(tcp->th_ack); 789 sel = aps->aps_sel[1 - out]; 790 791 /* switch to other set ? */ 792 if ((aps->aps_seqmin[!sel] > aps->aps_seqmin[sel]) && 793 (seq1 > aps->aps_seqmin[!sel])) { |
552#if PROXY_DEBUG 553 printf("proxy in switch set seq %d -> %d %x > %x\n", 554 sel, !sel, seq1, aps->aps_seqmin[!sel]); 555#endif | 794 if (ipf_proxy_debug > 7) 795 printf("proxy in switch set seq %d -> %d %x > %x\n", 796 sel, !sel, seq1, aps->aps_seqmin[!sel]); |
556 sel = aps->aps_sel[1 - out] = !sel; 557 } 558 559 if (aps->aps_seqoff[sel] != 0) { | 797 sel = aps->aps_sel[1 - out] = !sel; 798 } 799 800 if (aps->aps_seqoff[sel] != 0) { |
560#if PROXY_DEBUG 561 printf("sel %d seqoff %d seq1 %x seqmin %x\n", sel, 562 aps->aps_seqoff[sel], seq1, 563 aps->aps_seqmin[sel]); 564#endif | 801 if (ipf_proxy_debug > 7) 802 printf("sel %d seqoff %d seq1 %x seqmin %x\n", 803 sel, aps->aps_seqoff[sel], seq1, 804 aps->aps_seqmin[sel]); |
565 if (seq1 > aps->aps_seqmin[sel]) { 566 seq2 = aps->aps_seqoff[sel]; 567 tcp->th_ack = htonl(seq1 - seq2); 568 ch = 1; 569 } 570 } 571 } | 805 if (seq1 > aps->aps_seqmin[sel]) { 806 seq2 = aps->aps_seqoff[sel]; 807 tcp->th_ack = htonl(seq1 - seq2); 808 ch = 1; 809 } 810 } 811 } |
572#if PROXY_DEBUG 573 printf("appr_fixseqack: seq %x ack %x\n", ntohl(tcp->th_seq), 574 ntohl(tcp->th_ack)); 575#endif | 812 813 if (ipf_proxy_debug > 8) 814 printf("appr_fixseqack: seq %x ack %x\n", 815 ntohl(tcp->th_seq), ntohl(tcp->th_ack)); |
576 return ch ? 2 : 0; 577} 578 579 580/* 581 * Initialise hook for kernel application proxies. 582 * Call the initialise routine for all the compiled in kernel proxies. 583 */ 584int appr_init() 585{ 586 aproxy_t *ap; 587 int err = 0; 588 589 for (ap = ap_proxies; ap->apr_p; ap++) { | 816 return ch ? 2 : 0; 817} 818 819 820/* 821 * Initialise hook for kernel application proxies. 822 * Call the initialise routine for all the compiled in kernel proxies. 823 */ 824int appr_init() 825{ 826 aproxy_t *ap; 827 int err = 0; 828 829 for (ap = ap_proxies; ap->apr_p; ap++) { |
590 err = (*ap->apr_init)(); 591 if (err != 0) 592 break; | 830 if (ap->apr_init != NULL) { 831 err = (*ap->apr_init)(); 832 if (err != 0) 833 break; 834 } |
593 } 594 return err; 595} 596 597 598/* 599 * Unload hook for kernel application proxies. 600 * Call the finialise routine for all the compiled in kernel proxies. 601 */ 602void appr_unload() 603{ 604 aproxy_t *ap; 605 606 for (ap = ap_proxies; ap->apr_p; ap++) | 835 } 836 return err; 837} 838 839 840/* 841 * Unload hook for kernel application proxies. 842 * Call the finialise routine for all the compiled in kernel proxies. 843 */ 844void appr_unload() 845{ 846 aproxy_t *ap; 847 848 for (ap = ap_proxies; ap->apr_p; ap++) |
607 if (ap->apr_fini) | 849 if (ap->apr_fini != NULL) |
608 (*ap->apr_fini)(); 609 for (ap = ap_proxylist; ap; ap = ap->apr_next) | 850 (*ap->apr_fini)(); 851 for (ap = ap_proxylist; ap; ap = ap->apr_next) |
610 if (ap->apr_fini) | 852 if (ap->apr_fini != NULL) |
611 (*ap->apr_fini)(); 612} | 853 (*ap->apr_fini)(); 854} |