27 */ 28 29 30#include <sys/param.h> 31#include <sys/systm.h> 32#include <sys/kernel.h> 33#include <sys/module.h> 34#include <sys/conf.h> 35#include <sys/socket.h> 36#include <sys/sysctl.h> 37#include <net/if.h> 38#include <netinet/in_systm.h> 39#include <netinet/in.h> 40#include <netinet/ip.h> 41#if (__FreeBSD_version >= 199511) 42# include <net/route.h> 43# include <netinet/ip_var.h> 44# include <netinet/tcp.h> 45# include <netinet/tcpip.h> 46#endif 47 48 49#include <netinet/ipl.h> 50#include <netinet/ip_compat.h> 51#include <netinet/ip_fil.h> 52#include <netinet/ip_state.h> 53#include <netinet/ip_nat.h> 54#include <netinet/ip_auth.h> 55#include <netinet/ip_frag.h> 56#include <netinet/ip_proxy.h> 57 58static dev_t ipf_devs[IPL_LOGMAX + 1]; 59 60SYSCTL_DECL(_net_inet); 61SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF"); 62SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, ""); 63SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, ""); 64SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, ""); 65SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW, 66 &fr_tcpidletimeout, 0, ""); 67SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW, 68 &fr_tcpclosewait, 0, ""); 69SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW, 70 &fr_tcplastack, 0, ""); 71SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW, 72 &fr_tcptimeout, 0, ""); 73SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW, 74 &fr_tcpclosed, 0, ""); 75SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW, 76 &fr_tcphalfclosed, 0, ""); 77SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW, 78 &fr_udptimeout, 0, ""); 79SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW, 80 &fr_udpacktimeout, 0, ""); 81SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW, 82 &fr_icmptimeout, 0, ""); 83SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW, 84 &fr_icmpacktimeout, 0, ""); 85SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW, 86 &fr_defnatage, 0, ""); 87SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW, 88 &fr_ipfrttl, 0, ""); 89SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW, 90 &ipl_unreach, 0, ""); 91SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD, 92 &fr_running, 0, ""); 93SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD, 94 &fr_authsize, 0, ""); 95SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD, 96 &fr_authused, 0, ""); 97SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW, 98 &fr_defaultauthage, 0, ""); 99SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, ""); 100SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW, 101 &ippr_ftp_pasvonly, 0, ""); 102SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, ""); 103SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW, 104 &fr_minttllog, 0, ""); 105 106#define CDEV_MAJOR 79 107static struct cdevsw ipl_cdevsw = {
|
114}; 115 116static int 117ipfilter_modevent(module_t mod, int type, void *unused) 118{ 119 char *c; 120 int i, error = 0; 121 122 switch (type) { 123 case MOD_LOAD : 124 125 error = iplattach(); 126 if (error) 127 break; 128 129 c = NULL; 130 for(i=strlen(IPL_NAME); i>0; i--) 131 if (IPL_NAME[i] == '/') { 132 c = &IPL_NAME[i+1]; 133 break; 134 } 135 if (!c) 136 c = IPL_NAME; 137 ipf_devs[IPL_LOGIPF] = 138 make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c); 139 140 c = NULL; 141 for(i=strlen(IPL_NAT); i>0; i--) 142 if (IPL_NAT[i] == '/') { 143 c = &IPL_NAT[i+1]; 144 break; 145 } 146 if (!c) 147 c = IPL_NAT; 148 ipf_devs[IPL_LOGNAT] = 149 make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c); 150 151 c = NULL; 152 for(i=strlen(IPL_STATE); i>0; i--) 153 if (IPL_STATE[i] == '/') { 154 c = &IPL_STATE[i+1]; 155 break; 156 } 157 if (!c) 158 c = IPL_STATE; 159 ipf_devs[IPL_LOGSTATE] = 160 make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c); 161 162 c = NULL; 163 for(i=strlen(IPL_AUTH); i>0; i--) 164 if (IPL_AUTH[i] == '/') { 165 c = &IPL_AUTH[i+1]; 166 break; 167 } 168 if (!c) 169 c = IPL_AUTH; 170 ipf_devs[IPL_LOGAUTH] = 171 make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c); 172 173 break; 174 case MOD_UNLOAD : 175 destroy_dev(ipf_devs[IPL_LOGIPF]); 176 destroy_dev(ipf_devs[IPL_LOGNAT]); 177 destroy_dev(ipf_devs[IPL_LOGSTATE]); 178 destroy_dev(ipf_devs[IPL_LOGAUTH]); 179 error = ipldetach(); 180 break; 181 default: 182 error = EINVAL; 183 break; 184 } 185 return error; 186} 187 188static moduledata_t ipfiltermod = { 189 IPL_VERSION, 190 ipfilter_modevent, 191 0 192}; 193DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
|