Deleted Added
sdiff udiff text old ( 92685 ) new ( 111815 )
full compact
mlfk_ipl.c (92685) mlfk_ipl.c (111815)
1/*
2 * Copyright 1999 Guido van Rooij. All rights reserved.
3 *
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 * DISCLAIMED. IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
18 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
1/*
2 * Copyright 1999 Guido van Rooij. All rights reserved.
3 *
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 * DISCLAIMED. IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
18 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c 92685 2002-03-19 11:44:16Z darrenr $
26 * $FreeBSD: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c 111815 2003-03-03 12:15:54Z phk $
27 */
28
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/module.h>
34#include <sys/conf.h>
35#include <sys/socket.h>
36#include <sys/sysctl.h>
37#include <net/if.h>
38#include <netinet/in_systm.h>
39#include <netinet/in.h>
40#include <netinet/ip.h>
41#if (__FreeBSD_version >= 199511)
42# include <net/route.h>
43# include <netinet/ip_var.h>
44# include <netinet/tcp.h>
45# include <netinet/tcpip.h>
46#endif
47
48
49#include <netinet/ipl.h>
50#include <netinet/ip_compat.h>
51#include <netinet/ip_fil.h>
52#include <netinet/ip_state.h>
53#include <netinet/ip_nat.h>
54#include <netinet/ip_auth.h>
55#include <netinet/ip_frag.h>
56#include <netinet/ip_proxy.h>
57
58static dev_t ipf_devs[IPL_LOGMAX + 1];
59
60SYSCTL_DECL(_net_inet);
61SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
62SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
63SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
64SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
65SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
66 &fr_tcpidletimeout, 0, "");
67SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
68 &fr_tcpclosewait, 0, "");
69SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
70 &fr_tcplastack, 0, "");
71SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
72 &fr_tcptimeout, 0, "");
73SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
74 &fr_tcpclosed, 0, "");
75SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
76 &fr_tcphalfclosed, 0, "");
77SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
78 &fr_udptimeout, 0, "");
79SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW,
80 &fr_udpacktimeout, 0, "");
81SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
82 &fr_icmptimeout, 0, "");
83SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW,
84 &fr_icmpacktimeout, 0, "");
85SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
86 &fr_defnatage, 0, "");
87SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
88 &fr_ipfrttl, 0, "");
89SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
90 &ipl_unreach, 0, "");
91SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
92 &fr_running, 0, "");
93SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
94 &fr_authsize, 0, "");
95SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
96 &fr_authused, 0, "");
97SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
98 &fr_defaultauthage, 0, "");
99SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
100SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
101 &ippr_ftp_pasvonly, 0, "");
102SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
103SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
104 &fr_minttllog, 0, "");
105
106#define CDEV_MAJOR 79
107static struct cdevsw ipl_cdevsw = {
27 */
28
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/module.h>
34#include <sys/conf.h>
35#include <sys/socket.h>
36#include <sys/sysctl.h>
37#include <net/if.h>
38#include <netinet/in_systm.h>
39#include <netinet/in.h>
40#include <netinet/ip.h>
41#if (__FreeBSD_version >= 199511)
42# include <net/route.h>
43# include <netinet/ip_var.h>
44# include <netinet/tcp.h>
45# include <netinet/tcpip.h>
46#endif
47
48
49#include <netinet/ipl.h>
50#include <netinet/ip_compat.h>
51#include <netinet/ip_fil.h>
52#include <netinet/ip_state.h>
53#include <netinet/ip_nat.h>
54#include <netinet/ip_auth.h>
55#include <netinet/ip_frag.h>
56#include <netinet/ip_proxy.h>
57
58static dev_t ipf_devs[IPL_LOGMAX + 1];
59
60SYSCTL_DECL(_net_inet);
61SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
62SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
63SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
64SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
65SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
66 &fr_tcpidletimeout, 0, "");
67SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
68 &fr_tcpclosewait, 0, "");
69SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
70 &fr_tcplastack, 0, "");
71SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
72 &fr_tcptimeout, 0, "");
73SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
74 &fr_tcpclosed, 0, "");
75SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
76 &fr_tcphalfclosed, 0, "");
77SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
78 &fr_udptimeout, 0, "");
79SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW,
80 &fr_udpacktimeout, 0, "");
81SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
82 &fr_icmptimeout, 0, "");
83SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW,
84 &fr_icmpacktimeout, 0, "");
85SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
86 &fr_defnatage, 0, "");
87SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
88 &fr_ipfrttl, 0, "");
89SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
90 &ipl_unreach, 0, "");
91SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
92 &fr_running, 0, "");
93SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
94 &fr_authsize, 0, "");
95SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
96 &fr_authused, 0, "");
97SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
98 &fr_defaultauthage, 0, "");
99SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
100SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
101 &ippr_ftp_pasvonly, 0, "");
102SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
103SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
104 &fr_minttllog, 0, "");
105
106#define CDEV_MAJOR 79
107static struct cdevsw ipl_cdevsw = {
108 /* open */ iplopen,
109 /* close */ iplclose,
110 /* read */ iplread,
111 /* write */ nowrite,
112 /* ioctl */ iplioctl,
113 /* poll */ nopoll,
114 /* mmap */ nommap,
115 /* strategy */ nostrategy,
116 /* name */ "ipl",
117 /* maj */ CDEV_MAJOR,
118 /* dump */ nodump,
119 /* psize */ nopsize,
120 /* flags */ 0,
108 .d_open = iplopen,
109 .d_close = iplclose,
110 .d_read = iplread,
111 .d_ioctl = iplioctl,
112 .d_name = "ipl",
113 .d_maj = CDEV_MAJOR,
121};
122
123static int
124ipfilter_modevent(module_t mod, int type, void *unused)
125{
126 char *c;
127 int i, error = 0;
128
129 switch (type) {
130 case MOD_LOAD :
131
132 error = iplattach();
133 if (error)
134 break;
135
136 c = NULL;
137 for(i=strlen(IPL_NAME); i>0; i--)
138 if (IPL_NAME[i] == '/') {
139 c = &IPL_NAME[i+1];
140 break;
141 }
142 if (!c)
143 c = IPL_NAME;
144 ipf_devs[IPL_LOGIPF] =
145 make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
146
147 c = NULL;
148 for(i=strlen(IPL_NAT); i>0; i--)
149 if (IPL_NAT[i] == '/') {
150 c = &IPL_NAT[i+1];
151 break;
152 }
153 if (!c)
154 c = IPL_NAT;
155 ipf_devs[IPL_LOGNAT] =
156 make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
157
158 c = NULL;
159 for(i=strlen(IPL_STATE); i>0; i--)
160 if (IPL_STATE[i] == '/') {
161 c = &IPL_STATE[i+1];
162 break;
163 }
164 if (!c)
165 c = IPL_STATE;
166 ipf_devs[IPL_LOGSTATE] =
167 make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
168
169 c = NULL;
170 for(i=strlen(IPL_AUTH); i>0; i--)
171 if (IPL_AUTH[i] == '/') {
172 c = &IPL_AUTH[i+1];
173 break;
174 }
175 if (!c)
176 c = IPL_AUTH;
177 ipf_devs[IPL_LOGAUTH] =
178 make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
179
180 break;
181 case MOD_UNLOAD :
182 destroy_dev(ipf_devs[IPL_LOGIPF]);
183 destroy_dev(ipf_devs[IPL_LOGNAT]);
184 destroy_dev(ipf_devs[IPL_LOGSTATE]);
185 destroy_dev(ipf_devs[IPL_LOGAUTH]);
186 error = ipldetach();
187 break;
188 default:
189 error = EINVAL;
190 break;
191 }
192 return error;
193}
194
195static moduledata_t ipfiltermod = {
196 IPL_VERSION,
197 ipfilter_modevent,
198 0
199};
200DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
114};
115
116static int
117ipfilter_modevent(module_t mod, int type, void *unused)
118{
119 char *c;
120 int i, error = 0;
121
122 switch (type) {
123 case MOD_LOAD :
124
125 error = iplattach();
126 if (error)
127 break;
128
129 c = NULL;
130 for(i=strlen(IPL_NAME); i>0; i--)
131 if (IPL_NAME[i] == '/') {
132 c = &IPL_NAME[i+1];
133 break;
134 }
135 if (!c)
136 c = IPL_NAME;
137 ipf_devs[IPL_LOGIPF] =
138 make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
139
140 c = NULL;
141 for(i=strlen(IPL_NAT); i>0; i--)
142 if (IPL_NAT[i] == '/') {
143 c = &IPL_NAT[i+1];
144 break;
145 }
146 if (!c)
147 c = IPL_NAT;
148 ipf_devs[IPL_LOGNAT] =
149 make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
150
151 c = NULL;
152 for(i=strlen(IPL_STATE); i>0; i--)
153 if (IPL_STATE[i] == '/') {
154 c = &IPL_STATE[i+1];
155 break;
156 }
157 if (!c)
158 c = IPL_STATE;
159 ipf_devs[IPL_LOGSTATE] =
160 make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
161
162 c = NULL;
163 for(i=strlen(IPL_AUTH); i>0; i--)
164 if (IPL_AUTH[i] == '/') {
165 c = &IPL_AUTH[i+1];
166 break;
167 }
168 if (!c)
169 c = IPL_AUTH;
170 ipf_devs[IPL_LOGAUTH] =
171 make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
172
173 break;
174 case MOD_UNLOAD :
175 destroy_dev(ipf_devs[IPL_LOGIPF]);
176 destroy_dev(ipf_devs[IPL_LOGNAT]);
177 destroy_dev(ipf_devs[IPL_LOGSTATE]);
178 destroy_dev(ipf_devs[IPL_LOGAUTH]);
179 error = ipldetach();
180 break;
181 default:
182 error = EINVAL;
183 break;
184 }
185 return error;
186}
187
188static moduledata_t ipfiltermod = {
189 IPL_VERSION,
190 ipfilter_modevent,
191 0
192};
193DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);