| ip_fw_pfil.c (135920) | ip_fw_pfil.c (136714) |
|---|---|
| 1/* 2 * Copyright (c) 2004 Andre Oppermann, Internet Business Solutions AG 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * | 1/* 2 * Copyright (c) 2004 Andre Oppermann, Internet Business Solutions AG 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * |
| 26 * $FreeBSD: head/sys/netinet/ip_fw_pfil.c 135920 2004-09-29 04:54:33Z mlaier $ | 26 * $FreeBSD: head/sys/netinet/ip_fw_pfil.c 136714 2004-10-19 21:14:57Z andre $ |
| 27 */ 28 29#if !defined(KLD_MODULE) 30#include "opt_ipfw.h" 31#include "opt_ipdn.h" | 27 */ 28 29#if !defined(KLD_MODULE) 30#include "opt_ipfw.h" 31#include "opt_ipdn.h" |
| 32#include "opt_ipdivert.h" | |
| 33#include "opt_inet.h" 34#ifndef INET 35#error IPFIREWALL requires INET. 36#endif /* INET */ 37#endif /* KLD_MODULE */ 38 39#include <sys/param.h> 40#include <sys/systm.h> --- 21 unchanged lines hidden (view full) --- 62 63#include <machine/in_cksum.h> 64 65static int ipfw_pfil_hooked = 0; 66 67/* Dummynet hooks. */ 68ip_dn_ruledel_t *ip_dn_ruledel_ptr = NULL; 69 | 32#include "opt_inet.h" 33#ifndef INET 34#error IPFIREWALL requires INET. 35#endif /* INET */ 36#endif /* KLD_MODULE */ 37 38#include <sys/param.h> 39#include <sys/systm.h> --- 21 unchanged lines hidden (view full) --- 61 62#include <machine/in_cksum.h> 63 64static int ipfw_pfil_hooked = 0; 65 66/* Dummynet hooks. */ 67ip_dn_ruledel_t *ip_dn_ruledel_ptr = NULL; 68 |
| 69/* Divert hooks. */ 70ip_divert_packet_t *ip_divert_ptr = NULL; 71 72/* Forward declarations. */ 73static int ipfw_divert(struct mbuf **, int, int); |
|
| 70#define DIV_DIR_IN 1 71#define DIV_DIR_OUT 0 72 | 74#define DIV_DIR_IN 1 75#define DIV_DIR_OUT 0 76 |
| 73static int ipfw_divert(struct mbuf **, int, int); 74 | |
| 75int 76ipfw_check_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, 77 struct inpcb *inp) 78{ 79 struct ip_fw_args args; 80 struct m_tag *dn_tag; 81 int ipfw = 0; 82 int divert; --- 167 unchanged lines hidden (view full) --- 250static int 251ipfw_divert(struct mbuf **m, int incoming, int tee) 252{ 253 /* 254 * ipfw_chk() has already tagged the packet with the divert tag. 255 * If tee is set, copy packet and return original. 256 * If not tee, consume packet and send it to divert socket. 257 */ | 77int 78ipfw_check_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, 79 struct inpcb *inp) 80{ 81 struct ip_fw_args args; 82 struct m_tag *dn_tag; 83 int ipfw = 0; 84 int divert; --- 167 unchanged lines hidden (view full) --- 252static int 253ipfw_divert(struct mbuf **m, int incoming, int tee) 254{ 255 /* 256 * ipfw_chk() has already tagged the packet with the divert tag. 257 * If tee is set, copy packet and return original. 258 * If not tee, consume packet and send it to divert socket. 259 */ |
| 258#ifdef IPDIVERT | |
| 259 struct mbuf *clone, *reass; 260 struct ip *ip; 261 int hlen; 262 263 reass = NULL; 264 | 260 struct mbuf *clone, *reass; 261 struct ip *ip; 262 int hlen; 263 264 reass = NULL; 265 |
| 266 /* Is divert module loaded? */ 267 if (ip_divert_ptr == NULL) 268 goto nodivert; 269 |
|
| 265 /* Cloning needed for tee? */ 266 if (tee) 267 clone = m_dup(*m, M_DONTWAIT); 268 else 269 clone = *m; 270 271 /* In case m_dup was unable to allocate mbufs. */ 272 if (clone == NULL) --- 31 unchanged lines hidden (view full) --- 304 clone = NULL; 305 } else { 306 /* Convert header to network byte order. */ 307 ip->ip_len = htons(ip->ip_len); 308 ip->ip_off = htons(ip->ip_off); 309 } 310 311 /* Do the dirty job... */ | 270 /* Cloning needed for tee? */ 271 if (tee) 272 clone = m_dup(*m, M_DONTWAIT); 273 else 274 clone = *m; 275 276 /* In case m_dup was unable to allocate mbufs. */ 277 if (clone == NULL) --- 31 unchanged lines hidden (view full) --- 309 clone = NULL; 310 } else { 311 /* Convert header to network byte order. */ 312 ip->ip_len = htons(ip->ip_len); 313 ip->ip_off = htons(ip->ip_off); 314 } 315 316 /* Do the dirty job... */ |
| 312 if (clone) 313 divert_packet(clone, incoming); | 317 if (clone && ip_divert_ptr != NULL) 318 ip_divert_ptr(clone, incoming); |
| 314 315teeout: 316 /* 317 * For tee we leave the divert tag attached to original packet. 318 * It will then continue rule evaluation after the tee rule. 319 */ 320 if (tee) 321 return 0; 322 323 /* Packet diverted and consumed */ 324 return 1; | 319 320teeout: 321 /* 322 * For tee we leave the divert tag attached to original packet. 323 * It will then continue rule evaluation after the tee rule. 324 */ 325 if (tee) 326 return 0; 327 328 /* Packet diverted and consumed */ 329 return 1; |
| 325#else | 330 331nodivert: |
| 326 m_freem(*m); 327 return 1; | 332 m_freem(*m); 333 return 1; |
| 328#endif /* ipdivert */ | |
| 329} 330 331static int 332ipfw_hook(void) 333{ 334 struct pfil_head *pfh_inet; 335 336 if (ipfw_pfil_hooked) --- 78 unchanged lines hidden --- | 334} 335 336static int 337ipfw_hook(void) 338{ 339 struct pfil_head *pfh_inet; 340 341 if (ipfw_pfil_hooked) --- 78 unchanged lines hidden --- |