1145519Sdarrenr/* $FreeBSD$ */ 2145510Sdarrenr 331183Speter/* 480486Sdarrenr * Copyright (C) 1993-2001 by Darren Reed. 531183Speter * 680486Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 731183Speter */ 831183Speter/* 931183Speter * 29/12/94 Added code from Marc Huber <huber@fzi.de> to allow it to allocate 1031183Speter * its own major char number! Way cool patch! 1131183Speter */ 1231183Speter 1331183Speter 1431183Speter#include <sys/param.h> 1531183Speter 16145510Sdarrenr#ifdef IPFILTER_LKM 17145510Sdarrenr# ifndef __FreeBSD_cc_version 18145510Sdarrenr# include <osreldate.h> 19145510Sdarrenr# else 20145510Sdarrenr# if __FreeBSD_cc_version < 430000 2198005Sdarrenr# include <osreldate.h> 22145510Sdarrenr# endif 23145510Sdarrenr# endif 24145510Sdarrenr# define ACTUALLY_LKM_NOT_KERNEL 25145510Sdarrenr#else 26145510Sdarrenr# ifndef __FreeBSD_cc_version 27145510Sdarrenr# include <sys/osreldate.h> 28145510Sdarrenr# else 29145510Sdarrenr# if __FreeBSD_cc_version < 430000 3098005Sdarrenr# include <sys/osreldate.h> 3198005Sdarrenr# endif 3295419Sdarrenr# endif 3331183Speter#endif 3431183Speter#include <sys/systm.h> 3531183Speter#if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000) 3653024Sguido# ifndef ACTUALLY_LKM_NOT_KERNEL 3753024Sguido# include "opt_devfs.h" 3853024Sguido# endif 3931183Speter# include <sys/conf.h> 4031183Speter# include <sys/kernel.h> 4131183Speter# ifdef DEVFS 4231183Speter# include <sys/devfsext.h> 4331183Speter# endif /*DEVFS*/ 4431183Speter#endif 4531183Speter#include <sys/conf.h> 4631183Speter#include <sys/file.h> 4753024Sguido#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) 4853024Sguido# include <sys/lock.h> 4953024Sguido#endif 5031183Speter#include <sys/stat.h> 5131183Speter#include <sys/proc.h> 5231183Speter#include <sys/kernel.h> 5331183Speter#include <sys/vnode.h> 5431183Speter#include <sys/namei.h> 5531183Speter#include <sys/malloc.h> 5631183Speter#include <sys/mount.h> 5731183Speter#include <sys/exec.h> 5831183Speter#include <sys/mbuf.h> 5931183Speter#if BSD >= 199506 6031183Speter# include <sys/sysctl.h> 6131183Speter#endif 6253024Sguido#if (__FreeBSD_version >= 300000) 6353024Sguido# include <sys/socket.h> 6453024Sguido#endif 6531183Speter#include <net/if.h> 6631183Speter#include <netinet/in_systm.h> 6731183Speter#include <netinet/in.h> 6831183Speter#include <netinet/ip.h> 6931183Speter#include <net/route.h> 7031183Speter#include <netinet/ip_var.h> 7131183Speter#include <netinet/tcp.h> 7231183Speter#include <netinet/tcpip.h> 7380486Sdarrenr#include <sys/sysent.h> 7431183Speter#include <sys/lkm.h> 7531183Speter#include "netinet/ipl.h" 7631183Speter#include "netinet/ip_compat.h" 7731183Speter#include "netinet/ip_fil.h" 7831183Speter#include "netinet/ip_state.h" 7931183Speter#include "netinet/ip_nat.h" 8031183Speter#include "netinet/ip_auth.h" 8131183Speter#include "netinet/ip_frag.h" 8231183Speter 8331183Speter 8431183Speter#if !defined(VOP_LEASE) && defined(LEASE_CHECK) 8531183Speter#define VOP_LEASE LEASE_CHECK 8631183Speter#endif 8731183Speter 8831183Speterint xxxinit __P((struct lkm_table *, int, int)); 8931183Speter 90145510Sdarrenr#ifdef SYSCTL_OID 91145510Sdarrenrint sysctl_ipf_int SYSCTL_HANDLER_ARGS; 92145510Sdarrenr# define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \ 93145510Sdarrenr SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \ 94145510Sdarrenr ptr, val, sysctl_ipf_int, "I", descr); 95145510Sdarrenr# define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */ 96145510Sdarrenr# define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF) 9731183SpeterSYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF"); 98145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, ""); 99145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, ""); 100145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, ""); 101145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, ""); 102145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, ""); 103145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO, 10431183Speter &fr_tcpidletimeout, 0, ""); 105145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO, 10667615Sdarrenr &fr_tcphalfclosed, 0, ""); 107145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO, 10831183Speter &fr_tcpclosewait, 0, ""); 109145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO, 11031183Speter &fr_tcplastack, 0, ""); 111145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO, 11231183Speter &fr_tcptimeout, 0, ""); 113145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO, 11431183Speter &fr_tcpclosed, 0, ""); 115145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO, 11631183Speter &fr_udptimeout, 0, ""); 117145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO, 11831183Speter &fr_icmptimeout, 0, ""); 119145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO, 12031183Speter &fr_defnatage, 0, ""); 121145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW, 12231183Speter &fr_ipfrttl, 0, ""); 123145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD, 12457093Sguido &fr_running, 0, ""); 125145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO, 126145510Sdarrenr &fr_statesize, 0, ""); 127145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO, 128145510Sdarrenr &fr_statemax, 0, ""); 129145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO, 13031183Speter &fr_authsize, 0, ""); 131145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD, 13231183Speter &fr_authused, 0, ""); 133145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW, 13431183Speter &fr_defaultauthage, 0, ""); 135145510SdarrenrSYSCTL_IPF(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW, 13660841Sdarrenr &ippr_ftp_pasvonly, 0, ""); 13731183Speter#endif 13831183Speter 13934739Speter#ifdef DEVFS 140145510Sdarrenrstatic void *ipf_devfs[IPL_LOGSIZE]; 14134739Speter#endif 14234739Speter 14331183Speter#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000) 14431183Speterint ipl_major = 0; 14531183Speter 14653024Sguidostatic struct cdevsw ipldevsw = 14753024Sguido{ 148145510Sdarrenr iplopen, /* open */ 149145510Sdarrenr iplclose, /* close */ 150145510Sdarrenr iplread, /* read */ 151145510Sdarrenr (void *)nullop, /* write */ 152145510Sdarrenr iplioctl, /* ioctl */ 153145510Sdarrenr (void *)nullop, /* stop */ 154145510Sdarrenr (void *)nullop, /* reset */ 155145510Sdarrenr (void *)NULL, /* tty */ 156145510Sdarrenr (void *)nullop, /* select */ 157145510Sdarrenr (void *)nullop, /* mmap */ 158145510Sdarrenr NULL /* strategy */ 15953024Sguido}; 16053024Sguido 16131183SpeterMOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw); 16231183Speter 16331183Speterextern struct cdevsw cdevsw[]; 16431183Speterextern int vd_unuseddev __P((void)); 16531183Speterextern int nchrdev; 16631183Speter#else 16731183Speter 16831183Speterstatic struct cdevsw ipl_cdevsw = { 16931183Speter iplopen, iplclose, iplread, nowrite, /* 79 */ 17031183Speter iplioctl, nostop, noreset, nodevtotty, 17153024Sguido#if (__FreeBSD_version >= 300000) 17253024Sguido seltrue, nommap, nostrategy, "ipl", 17353024Sguido#else 17431183Speter noselect, nommap, nostrategy, "ipl", 17553024Sguido#endif 17631183Speter NULL, -1 17731183Speter}; 17831183Speter#endif 17931183Speter 18053024Sguidostatic void ipl_drvinit __P((void *)); 18131183Speter 18253024Sguido#ifdef ACTUALLY_LKM_NOT_KERNEL 18353024Sguidostatic int if_ipl_unload __P((struct lkm_table *, int)); 18453024Sguidostatic int if_ipl_load __P((struct lkm_table *, int)); 18553024Sguidostatic int if_ipl_remove __P((void)); 18653024Sguidostatic int ipl_major = CDEV_MAJOR; 18753024Sguido 18831183Speterstatic int iplaction __P((struct lkm_table *, int)); 189145510Sdarrenrstatic char *ipf_devfiles[] = { IPL_NAME, IPL_NAT, IPL_STATE, IPL_AUTH, 190145510Sdarrenr IPL_SCAN, IPL_SYNC, IPL_POOL, NULL }; 19131183Speter 19253024Sguidoextern int lkmenodev __P((void)); 19331183Speter 19431183Speterstatic int iplaction(lkmtp, cmd) 19531183Speterstruct lkm_table *lkmtp; 19631183Speterint cmd; 19731183Speter{ 19831183Speter#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000) 19931183Speter int i = ipl_major; 20031183Speter struct lkm_dev *args = lkmtp->private.lkm_dev; 20131183Speter#endif 20231183Speter int err = 0; 20331183Speter 20431183Speter switch (cmd) 20531183Speter { 20631183Speter case LKM_E_LOAD : 20731183Speter if (lkmexists(lkmtp)) 20831183Speter return EEXIST; 20931183Speter 21031183Speter#if !defined(__FreeBSD_version) || (__FreeBSD_version < 220000) 21131183Speter for (i = 0; i < nchrdev; i++) 21231183Speter if (cdevsw[i].d_open == lkmenodev || 21331183Speter cdevsw[i].d_open == iplopen) 21431183Speter break; 21531183Speter if (i == nchrdev) { 21631183Speter printf("IP Filter: No free cdevsw slots\n"); 21731183Speter return ENODEV; 21831183Speter } 21931183Speter 22031183Speter ipl_major = i; 22131183Speter args->lkm_offset = i; /* slot in cdevsw[] */ 22231183Speter#endif 22331183Speter printf("IP Filter: loaded into slot %d\n", ipl_major); 22434739Speter err = if_ipl_load(lkmtp, cmd); 22534739Speter if (!err) 22634739Speter ipl_drvinit((void *)NULL); 22734739Speter return err; 22831183Speter break; 22931183Speter case LKM_E_UNLOAD : 23031183Speter err = if_ipl_unload(lkmtp, cmd); 23134739Speter if (!err) { 23231183Speter printf("IP Filter: unloaded from slot %d\n", 23331183Speter ipl_major); 23453024Sguido#ifdef DEVFS 23534739Speter if (ipf_devfs[IPL_LOGIPF]) 23634739Speter devfs_remove_dev(ipf_devfs[IPL_LOGIPF]); 23734739Speter if (ipf_devfs[IPL_LOGNAT]) 23834739Speter devfs_remove_dev(ipf_devfs[IPL_LOGNAT]); 23934739Speter if (ipf_devfs[IPL_LOGSTATE]) 24034739Speter devfs_remove_dev(ipf_devfs[IPL_LOGSTATE]); 24134739Speter if (ipf_devfs[IPL_LOGAUTH]) 24234739Speter devfs_remove_dev(ipf_devfs[IPL_LOGAUTH]); 243145510Sdarrenr if (ipf_devfs[IPL_LOGSCAN]) 244145510Sdarrenr devfs_remove_dev(ipf_devfs[IPL_LOGSCAN]); 245145510Sdarrenr if (ipf_devfs[IPL_LOGSYNC]) 246145510Sdarrenr devfs_remove_dev(ipf_devfs[IPL_LOGSYNC]); 247145510Sdarrenr if (ipf_devfs[IPL_LOGLOOKUP]) 248145510Sdarrenr devfs_remove_dev(ipf_devfs[IPL_LOGLOOKUP]); 24953024Sguido#endif 25034739Speter } 25131183Speter return err; 25231183Speter case LKM_E_STAT : 25331183Speter break; 25431183Speter default: 25531183Speter err = EIO; 25631183Speter break; 25731183Speter } 25831183Speter return 0; 25931183Speter} 26031183Speter 26131183Speter 26231183Speterstatic int if_ipl_remove __P((void)) 26331183Speter{ 26431183Speter char *name; 26531183Speter struct nameidata nd; 26631183Speter int error, i; 26731183Speter 26831183Speter for (i = 0; (name = ipf_devfiles[i]); i++) { 26931183Speter NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc); 27031183Speter if ((error = namei(&nd))) 27131183Speter return (error); 27231183Speter VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE); 27353024Sguido#if (__FreeBSD_version >= 300000) 27453024Sguido VOP_LOCK(nd.ni_vp, LK_RETRY | LK_EXCLUSIVE, curproc); 27553024Sguido VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE); 27653024Sguido (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd); 27753024Sguido 27853024Sguido if (nd.ni_dvp == nd.ni_vp) 27953024Sguido vrele(nd.ni_dvp); 28053024Sguido else 28153024Sguido vput(nd.ni_dvp); 28253024Sguido if (nd.ni_vp != NULLVP) 28353024Sguido vput(nd.ni_vp); 28453024Sguido#else 28531183Speter VOP_LOCK(nd.ni_vp); 28631183Speter VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE); 28731183Speter (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd); 28853024Sguido#endif 28931183Speter } 29031183Speter 29131183Speter return 0; 29231183Speter} 29331183Speter 29431183Speter 29531183Speterstatic int if_ipl_unload(lkmtp, cmd) 29631183Speterstruct lkm_table *lkmtp; 29731183Speterint cmd; 29831183Speter{ 29931183Speter int error = 0; 30031183Speter 30131183Speter error = ipldetach(); 30231183Speter if (!error) 30331183Speter error = if_ipl_remove(); 30431183Speter return error; 30531183Speter} 30631183Speter 30731183Speter 30831183Speterstatic int if_ipl_load(lkmtp, cmd) 30931183Speterstruct lkm_table *lkmtp; 31031183Speterint cmd; 31131183Speter{ 31231183Speter struct nameidata nd; 31331183Speter struct vattr vattr; 31431183Speter int error = 0, fmode = S_IFCHR|0600, i; 31531183Speter char *name; 31631183Speter 31731183Speter error = iplattach(); 31831183Speter if (error) 31931183Speter return error; 32031183Speter (void) if_ipl_remove(); 32131183Speter 32231183Speter for (i = 0; (name = ipf_devfiles[i]); i++) { 32331183Speter NDINIT(&nd, CREATE, LOCKPARENT, UIO_SYSSPACE, name, curproc); 32431183Speter if ((error = namei(&nd))) 32531183Speter return error; 32631183Speter if (nd.ni_vp != NULL) { 32731183Speter VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); 32831183Speter if (nd.ni_dvp == nd.ni_vp) 32931183Speter vrele(nd.ni_dvp); 33031183Speter else 33131183Speter vput(nd.ni_dvp); 33231183Speter vrele(nd.ni_vp); 33331183Speter return (EEXIST); 33431183Speter } 33531183Speter VATTR_NULL(&vattr); 33631183Speter vattr.va_type = VCHR; 33731183Speter vattr.va_mode = (fmode & 07777); 33831183Speter vattr.va_rdev = (ipl_major << 8) | i; 33931183Speter VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE); 34031183Speter error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 34153024Sguido#if (__FreeBSD_version >= 300000) 342145510Sdarrenr vput(nd.ni_dvp); 34353024Sguido#endif 34431183Speter if (error) 34531183Speter return error; 34631183Speter } 34731183Speter return 0; 34831183Speter} 34931183Speter 35053024Sguido#endif /* actually LKM */ 35131183Speter 35231183Speter#if defined(__FreeBSD_version) && (__FreeBSD_version < 220000) 35331183Speter/* 35431183Speter * strlen isn't present in 2.1.* kernels. 35531183Speter */ 35631183Spetersize_t strlen(string) 35731183Speterchar *string; 35831183Speter{ 359145510Sdarrenr register char *s; 36031183Speter 361145510Sdarrenr for (s = string; *s; s++) 36231183Speter ; 363145510Sdarrenr return (size_t)(s - string); 36431183Speter} 36531183Speter 36631183Speter 36731183Speterint xxxinit(lkmtp, cmd, ver) 36831183Speterstruct lkm_table *lkmtp; 36931183Speterint cmd, ver; 37031183Speter{ 37131183Speter DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction); 37231183Speter} 37353024Sguido#else /* __FREEBSD_version >= 220000 */ 37431183Speter# ifdef IPFILTER_LKM 37531183Speter# include <sys/exec.h> 37631183Speter 37753024Sguido# if (__FreeBSD_version >= 300000) 37853024SguidoMOD_DEV(if_ipl, LM_DT_CHAR, CDEV_MAJOR, &ipl_cdevsw); 37953024Sguido# else 38031183SpeterMOD_DECL(if_ipl); 38131183Speter 38231183Speter 38331183Speterstatic struct lkm_dev _module = { 38431183Speter LM_DEV, 38531183Speter LKM_VERSION, 38631183Speter IPL_VERSION, 38731183Speter CDEV_MAJOR, 38831183Speter LM_DT_CHAR, 38931183Speter { (void *)&ipl_cdevsw } 39031183Speter}; 39153024Sguido# endif 39231183Speter 39331183Speter 39431183Speterint if_ipl __P((struct lkm_table *, int, int)); 39531183Speter 39631183Speter 39731183Speterint if_ipl(lkmtp, cmd, ver) 39831183Speterstruct lkm_table *lkmtp; 39931183Speterint cmd, ver; 40031183Speter{ 40153024Sguido# if (__FreeBSD_version >= 300000) 40253024Sguido MOD_DISPATCH(if_ipl, lkmtp, cmd, ver, iplaction, iplaction, iplaction); 40353024Sguido# else 40431183Speter DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction); 40553024Sguido# endif 40631183Speter} 40753024Sguido# endif /* IPFILTER_LKM */ 408145510Sdarrenrstatic ipl_devsw_installed = 0; 40931183Speter 41031183Speterstatic void ipl_drvinit __P((void *unused)) 41131183Speter{ 41231183Speter dev_t dev; 41334739Speter# ifdef DEVFS 41434739Speter void **tp = ipf_devfs; 41534739Speter# endif 41631183Speter 41731183Speter if (!ipl_devsw_installed ) { 41831183Speter dev = makedev(CDEV_MAJOR, 0); 41931183Speter cdevsw_add(&dev, &ipl_cdevsw, NULL); 42031183Speter ipl_devsw_installed = 1; 42131183Speter 42234739Speter# ifdef DEVFS 42331183Speter tp[IPL_LOGIPF] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGIPF, 42434739Speter DV_CHR, 0, 0, 0600, "ipf"); 42531183Speter tp[IPL_LOGNAT] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGNAT, 42634739Speter DV_CHR, 0, 0, 0600, "ipnat"); 42731183Speter tp[IPL_LOGSTATE] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGSTATE, 428145510Sdarrenr DV_CHR, 0, 0, 0600, 42934739Speter "ipstate"); 43031183Speter tp[IPL_LOGAUTH] = devfs_add_devswf(&ipl_cdevsw, IPL_LOGAUTH, 431145510Sdarrenr DV_CHR, 0, 0, 0600, 43234739Speter "ipauth"); 43334739Speter# endif 43431183Speter } 43531183Speter} 43631183Speter 437145510Sdarrenr 438145510Sdarrenr#ifdef SYSCTL_IPF 439145510Sdarrenrint 440145510Sdarrenrsysctl_ipf_int SYSCTL_HANDLER_ARGS 441145510Sdarrenr{ 442145510Sdarrenr int error = 0; 443145510Sdarrenr 444145510Sdarrenr if (arg1) 445145510Sdarrenr error = SYSCTL_OUT(req, arg1, sizeof(int)); 446145510Sdarrenr else 447145510Sdarrenr error = SYSCTL_OUT(req, &arg2, sizeof(int)); 448145510Sdarrenr 449145510Sdarrenr if (error || !req->newptr) 450145510Sdarrenr return (error); 451145510Sdarrenr 452145510Sdarrenr if (!arg1) 453145510Sdarrenr error = EPERM; 454145510Sdarrenr else { 455145510Sdarrenr if ((oidp->oid_kind & CTLFLAG_OFF) && (fr_running > 0)) 456145510Sdarrenr error = EBUSY; 457145510Sdarrenr else 458145510Sdarrenr error = SYSCTL_IN(req, arg1, sizeof(int)); 459145510Sdarrenr } 460145510Sdarrenr return (error); 461145510Sdarrenr} 462145510Sdarrenr#endif 463145510Sdarrenr 464145510Sdarrenr 46537074Speter# if defined(IPFILTER_LKM) || \ 46637074Speter defined(__FreeBSD_version) && (__FreeBSD_version >= 220000) 46731183SpeterSYSINIT(ipldev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,ipl_drvinit,NULL) 46831183Speter# endif /* IPFILTER_LKM */ 46931183Speter#endif /* _FreeBSD_version */ 470