| ip_fw2.c (238977) | ip_fw2.c (240099) |
|---|---|
| 1/*- 2 * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 10 unchanged lines hidden (view full) --- 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 */ 25 26#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 10 unchanged lines hidden (view full) --- 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 */ 25 26#include <sys/cdefs.h> |
| 27__FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw2.c 238977 2012-08-01 18:49:00Z luigi $"); | 27__FBSDID("$FreeBSD: head/sys/netinet/ipfw/ip_fw2.c 240099 2012-09-04 19:43:26Z melifaro $"); |
| 28 29/* 30 * The FreeBSD IP packet firewall, main file 31 */ 32 33#include "opt_ipfw.h" 34#include "opt_ipdivert.h" 35#include "opt_inet.h" --- 2604 unchanged lines hidden (view full) --- 2640 2641 IPFW_LOCK_INIT(chain); 2642 ipfw_dyn_init(); 2643 2644 /* First set up some values that are compile time options */ 2645 V_ipfw_vnet_ready = 1; /* Open for business */ 2646 2647 /* | 28 29/* 30 * The FreeBSD IP packet firewall, main file 31 */ 32 33#include "opt_ipfw.h" 34#include "opt_ipdivert.h" 35#include "opt_inet.h" --- 2604 unchanged lines hidden (view full) --- 2640 2641 IPFW_LOCK_INIT(chain); 2642 ipfw_dyn_init(); 2643 2644 /* First set up some values that are compile time options */ 2645 V_ipfw_vnet_ready = 1; /* Open for business */ 2646 2647 /* |
| 2648 * Hook the sockopt handler, and the layer2 (V_ip_fw_chk_ptr) 2649 * and pfil hooks for ipv4 and ipv6. Even if the latter two fail 2650 * we still keep the module alive because the sockopt and 2651 * layer2 paths are still useful. | 2648 * Hook the sockopt handler and pfil hooks for ipv4 and ipv6. 2649 * Even if the latter two fail we still keep the module alive 2650 * because the sockopt and layer2 paths are still useful. |
| 2652 * ipfw[6]_hook return 0 on success, ENOENT on failure, 2653 * so we can ignore the exact return value and just set a flag. 2654 * 2655 * Note that V_fw[6]_enable are manipulated by a SYSCTL_PROC so 2656 * changes in the underlying (per-vnet) variables trigger 2657 * immediate hook()/unhook() calls. 2658 * In layer2 we have the same behaviour, except that V_ether_ipfw 2659 * is checked on each packet because there are no pfil hooks. 2660 */ 2661 V_ip_fw_ctl_ptr = ipfw_ctl; | 2651 * ipfw[6]_hook return 0 on success, ENOENT on failure, 2652 * so we can ignore the exact return value and just set a flag. 2653 * 2654 * Note that V_fw[6]_enable are manipulated by a SYSCTL_PROC so 2655 * changes in the underlying (per-vnet) variables trigger 2656 * immediate hook()/unhook() calls. 2657 * In layer2 we have the same behaviour, except that V_ether_ipfw 2658 * is checked on each packet because there are no pfil hooks. 2659 */ 2660 V_ip_fw_ctl_ptr = ipfw_ctl; |
| 2662 V_ip_fw_chk_ptr = ipfw_chk; | |
| 2663 error = ipfw_attach_hooks(1); 2664 return (error); 2665} 2666 2667/* 2668 * Called for the removal of each instance. 2669 */ 2670static int --- 5 unchanged lines hidden (view full) --- 2676 2677 V_ipfw_vnet_ready = 0; /* tell new callers to go away */ 2678 /* 2679 * disconnect from ipv4, ipv6, layer2 and sockopt. 2680 * Then grab, release and grab again the WLOCK so we make 2681 * sure the update is propagated and nobody will be in. 2682 */ 2683 (void)ipfw_attach_hooks(0 /* detach */); | 2661 error = ipfw_attach_hooks(1); 2662 return (error); 2663} 2664 2665/* 2666 * Called for the removal of each instance. 2667 */ 2668static int --- 5 unchanged lines hidden (view full) --- 2674 2675 V_ipfw_vnet_ready = 0; /* tell new callers to go away */ 2676 /* 2677 * disconnect from ipv4, ipv6, layer2 and sockopt. 2678 * Then grab, release and grab again the WLOCK so we make 2679 * sure the update is propagated and nobody will be in. 2680 */ 2681 (void)ipfw_attach_hooks(0 /* detach */); |
| 2684 V_ip_fw_chk_ptr = NULL; | |
| 2685 V_ip_fw_ctl_ptr = NULL; 2686 IPFW_UH_WLOCK(chain); 2687 IPFW_UH_WUNLOCK(chain); 2688 IPFW_UH_WLOCK(chain); 2689 2690 IPFW_WLOCK(chain); 2691 ipfw_dyn_uninit(0); /* run the callout_drain */ 2692 IPFW_WUNLOCK(chain); --- 91 unchanged lines hidden --- | 2682 V_ip_fw_ctl_ptr = NULL; 2683 IPFW_UH_WLOCK(chain); 2684 IPFW_UH_WUNLOCK(chain); 2685 IPFW_UH_WLOCK(chain); 2686 2687 IPFW_WLOCK(chain); 2688 ipfw_dyn_uninit(0); /* run the callout_drain */ 2689 IPFW_WUNLOCK(chain); --- 91 unchanged lines hidden --- |