1/*
2 * Copyright 1999 Guido van Rooij. All rights reserved.
3 *
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 * DISCLAIMED. IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
18 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c 142720 2005-02-27 22:19:35Z phk $
27 */
28
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/module.h>
34#include <sys/conf.h>
35#include <sys/socket.h>
36#include <sys/sysctl.h>
37#include <net/if.h>
38#include <netinet/in_systm.h>
39#include <netinet/in.h>
40#include <netinet/ip.h>
41#if (__FreeBSD_version >= 199511)
42# include <net/route.h>
43# include <netinet/ip_var.h>
44# include <netinet/tcp.h>
45# include <netinet/tcpip.h>
46#endif
47
48
49#include <netinet/ipl.h>
50#include <netinet/ip_compat.h>
51#include <netinet/ip_fil.h>
52#include <netinet/ip_state.h>
53#include <netinet/ip_nat.h>
54#include <netinet/ip_auth.h>
55#include <netinet/ip_frag.h>
56#include <netinet/ip_proxy.h>
57
58static struct cdev *ipf_devs[IPL_LOGMAX + 1];
59
60SYSCTL_DECL(_net_inet);
61SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
62SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
63SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
64SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
65SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
66 &fr_tcpidletimeout, 0, "");
67SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
68 &fr_tcpclosewait, 0, "");
69SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
70 &fr_tcplastack, 0, "");
71SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
72 &fr_tcptimeout, 0, "");
73SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
74 &fr_tcpclosed, 0, "");
75SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
76 &fr_tcphalfclosed, 0, "");
77SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
78 &fr_udptimeout, 0, "");
79SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW,
80 &fr_udpacktimeout, 0, "");
81SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
82 &fr_icmptimeout, 0, "");
83SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW,
84 &fr_icmpacktimeout, 0, "");
85SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
86 &fr_defnatage, 0, "");
87SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
88 &fr_ipfrttl, 0, "");
89SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
90 &ipl_unreach, 0, "");
91SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
92 &fr_running, 0, "");
93SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
94 &fr_authsize, 0, "");
95SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
96 &fr_authused, 0, "");
97SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
98 &fr_defaultauthage, 0, "");
99SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
100SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
101 &ippr_ftp_pasvonly, 0, "");
102SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
103SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
104 &fr_minttllog, 0, "");
105
106static struct cdevsw ipl_cdevsw = {
107 .d_version = D_VERSION,
108 .d_flags = 0,
109 .d_open = iplopen,
110 .d_close = iplclose,
111 .d_read = iplread,
112 .d_ioctl = iplioctl,
113 .d_name = "ipl",
114};
115
116#if (__FreeBSD_version >= 500000)
117kmutex_t ipl_mutex, ipf_rw;
118KRWLOCK_T ipf_mutex, ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth;
119#endif
120
121static int
122ipfilter_modevent(module_t mod, int type, void *unused)
123{
124 char *c;
125 int i, error = 0;
126
127 switch (type) {
128 case MOD_LOAD :
129
130 error = iplattach();
131 if (error)
132 break;
133#if (__FreeBSD_version >= 500000)
134 MUTEX_INIT(&ipl_mutex, "ipf log mutex", NULL);
135 MUTEX_INIT(&ipf_rw, "ipf rw mutex", NULL);
136 RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock", NULL);
137 RWLOCK_INIT(&ipf_frag, "ipf fragment rwlock", NULL);
138 RWLOCK_INIT(&ipf_state, "ipf IP state rwlock", NULL);
139 RWLOCK_INIT(&ipf_nat, "ipf IP NAT rwlock", NULL);
140 RWLOCK_INIT(&ipf_natfrag, "ipf IP NAT-Frag rwlock", NULL);
141 RWLOCK_INIT(&ipf_auth, "ipf User-Auth rwlock", NULL);
142#endif
143
144 c = NULL;
145 for(i = strlen(IPL_NAME); i > 0; i--)
146 if (IPL_NAME[i] == '/') {
147 c = &IPL_NAME[i + 1];
148 break;
149 }
150 if (!c)
151 c = IPL_NAME;
152 ipf_devs[IPL_LOGIPF] =
153 make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
154
155 c = NULL;
156 for(i = strlen(IPL_NAT); i > 0; i--)
157 if (IPL_NAT[i] == '/') {
158 c = &IPL_NAT[i + 1];
159 break;
160 }
161 if (!c)
162 c = IPL_NAT;
163 ipf_devs[IPL_LOGNAT] =
164 make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
165
166 c = NULL;
167 for(i = strlen(IPL_STATE); i > 0; i--)
168 if (IPL_STATE[i] == '/') {
169 c = &IPL_STATE[i + 1];
170 break;
171 }
172 if (!c)
173 c = IPL_STATE;
174 ipf_devs[IPL_LOGSTATE] =
175 make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
176
177 c = NULL;
178 for(i = strlen(IPL_AUTH); i > 0; i--)
179 if (IPL_AUTH[i] == '/') {
180 c = &IPL_AUTH[i + 1];
181 break;
182 }
183 if (!c)
184 c = IPL_AUTH;
185 ipf_devs[IPL_LOGAUTH] =
186 make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
187
188 break;
189 case MOD_UNLOAD :
190 destroy_dev(ipf_devs[IPL_LOGIPF]);
191 destroy_dev(ipf_devs[IPL_LOGNAT]);
192 destroy_dev(ipf_devs[IPL_LOGSTATE]);
193 destroy_dev(ipf_devs[IPL_LOGAUTH]);
194 error = ipldetach();
195 break;
196 default:
197 error = EINVAL;
198 break;
199 }
200 return error;
201}
202
203static moduledata_t ipfiltermod = {
204 IPL_VERSION,
205 ipfilter_modevent,
206 0
207};
208DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
2 * Copyright 1999 Guido van Rooij. All rights reserved.
3 *
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 * DISCLAIMED. IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
18 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c 142720 2005-02-27 22:19:35Z phk $
27 */
28
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/module.h>
34#include <sys/conf.h>
35#include <sys/socket.h>
36#include <sys/sysctl.h>
37#include <net/if.h>
38#include <netinet/in_systm.h>
39#include <netinet/in.h>
40#include <netinet/ip.h>
41#if (__FreeBSD_version >= 199511)
42# include <net/route.h>
43# include <netinet/ip_var.h>
44# include <netinet/tcp.h>
45# include <netinet/tcpip.h>
46#endif
47
48
49#include <netinet/ipl.h>
50#include <netinet/ip_compat.h>
51#include <netinet/ip_fil.h>
52#include <netinet/ip_state.h>
53#include <netinet/ip_nat.h>
54#include <netinet/ip_auth.h>
55#include <netinet/ip_frag.h>
56#include <netinet/ip_proxy.h>
57
58static struct cdev *ipf_devs[IPL_LOGMAX + 1];
59
60SYSCTL_DECL(_net_inet);
61SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
62SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
63SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
64SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
65SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
66 &fr_tcpidletimeout, 0, "");
67SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
68 &fr_tcpclosewait, 0, "");
69SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
70 &fr_tcplastack, 0, "");
71SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
72 &fr_tcptimeout, 0, "");
73SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
74 &fr_tcpclosed, 0, "");
75SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
76 &fr_tcphalfclosed, 0, "");
77SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
78 &fr_udptimeout, 0, "");
79SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW,
80 &fr_udpacktimeout, 0, "");
81SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
82 &fr_icmptimeout, 0, "");
83SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW,
84 &fr_icmpacktimeout, 0, "");
85SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
86 &fr_defnatage, 0, "");
87SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
88 &fr_ipfrttl, 0, "");
89SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
90 &ipl_unreach, 0, "");
91SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
92 &fr_running, 0, "");
93SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
94 &fr_authsize, 0, "");
95SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
96 &fr_authused, 0, "");
97SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
98 &fr_defaultauthage, 0, "");
99SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
100SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
101 &ippr_ftp_pasvonly, 0, "");
102SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
103SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
104 &fr_minttllog, 0, "");
105
106static struct cdevsw ipl_cdevsw = {
107 .d_version = D_VERSION,
108 .d_flags = 0,
109 .d_open = iplopen,
110 .d_close = iplclose,
111 .d_read = iplread,
112 .d_ioctl = iplioctl,
113 .d_name = "ipl",
114};
115
116#if (__FreeBSD_version >= 500000)
117kmutex_t ipl_mutex, ipf_rw;
118KRWLOCK_T ipf_mutex, ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth;
119#endif
120
121static int
122ipfilter_modevent(module_t mod, int type, void *unused)
123{
124 char *c;
125 int i, error = 0;
126
127 switch (type) {
128 case MOD_LOAD :
129
130 error = iplattach();
131 if (error)
132 break;
133#if (__FreeBSD_version >= 500000)
134 MUTEX_INIT(&ipl_mutex, "ipf log mutex", NULL);
135 MUTEX_INIT(&ipf_rw, "ipf rw mutex", NULL);
136 RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock", NULL);
137 RWLOCK_INIT(&ipf_frag, "ipf fragment rwlock", NULL);
138 RWLOCK_INIT(&ipf_state, "ipf IP state rwlock", NULL);
139 RWLOCK_INIT(&ipf_nat, "ipf IP NAT rwlock", NULL);
140 RWLOCK_INIT(&ipf_natfrag, "ipf IP NAT-Frag rwlock", NULL);
141 RWLOCK_INIT(&ipf_auth, "ipf User-Auth rwlock", NULL);
142#endif
143
144 c = NULL;
145 for(i = strlen(IPL_NAME); i > 0; i--)
146 if (IPL_NAME[i] == '/') {
147 c = &IPL_NAME[i + 1];
148 break;
149 }
150 if (!c)
151 c = IPL_NAME;
152 ipf_devs[IPL_LOGIPF] =
153 make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
154
155 c = NULL;
156 for(i = strlen(IPL_NAT); i > 0; i--)
157 if (IPL_NAT[i] == '/') {
158 c = &IPL_NAT[i + 1];
159 break;
160 }
161 if (!c)
162 c = IPL_NAT;
163 ipf_devs[IPL_LOGNAT] =
164 make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
165
166 c = NULL;
167 for(i = strlen(IPL_STATE); i > 0; i--)
168 if (IPL_STATE[i] == '/') {
169 c = &IPL_STATE[i + 1];
170 break;
171 }
172 if (!c)
173 c = IPL_STATE;
174 ipf_devs[IPL_LOGSTATE] =
175 make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
176
177 c = NULL;
178 for(i = strlen(IPL_AUTH); i > 0; i--)
179 if (IPL_AUTH[i] == '/') {
180 c = &IPL_AUTH[i + 1];
181 break;
182 }
183 if (!c)
184 c = IPL_AUTH;
185 ipf_devs[IPL_LOGAUTH] =
186 make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
187
188 break;
189 case MOD_UNLOAD :
190 destroy_dev(ipf_devs[IPL_LOGIPF]);
191 destroy_dev(ipf_devs[IPL_LOGNAT]);
192 destroy_dev(ipf_devs[IPL_LOGSTATE]);
193 destroy_dev(ipf_devs[IPL_LOGAUTH]);
194 error = ipldetach();
195 break;
196 default:
197 error = EINVAL;
198 break;
199 }
200 return error;
201}
202
203static moduledata_t ipfiltermod = {
204 IPL_VERSION,
205 ipfilter_modevent,
206 0
207};
208DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);