hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-14 06:12:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Really import sys/netinet changes for IP Filter 3.2alpha4 this time.

Browse Source
This commit is contained in:
Darren Reed 1997-04-03 10:39:35 +00:00
parent 413e00145c
commit 1fddb84ad6
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-sys/ipfilter/dist-old/; revision=24586
svn path=/vendor-sys/ipfilter/V3_2_A4/; revision=24588; tag=vendor/ipfilter-sys/V3_2_A4
10 changed files with 906 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
sys/netinet/fil.c
View File

@ -7,12 +7,13 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed";
static char rcsid[] = "$Id: fil.c,v 2.0.1.7 1997/02/18 10:53:47 darrenr Exp $";
static char rcsid[] = "$Id: fil.c,v 1.1.1.3 1997/04/03 10:10:10 darrenr Exp $";
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#if defined(_KERNEL) || defined(KERNEL)
@ -44,8 +45,8 @@ static char rcsid[] = "$Id: fil.c,v 2.0.1.7 1997/02/18 10:53:47 darrenr Exp $";
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_frag.h"
#include "ip_state.h"
@ -54,46 +55,48 @@ static char rcsid[] = "$Id: fil.c,v 2.0.1.7 1997/02/18 10:53:47 darrenr Exp $";
#endif
#ifndef _KERNEL
#include "ipf.h"
# include "ipf.h"
# include "ipt.h"
extern int opts;
extern void debug(), verbose();
#define FR_IFVERBOSE(ex,second,verb_pr) if (ex) { verbose verb_pr; second; }
#define FR_IFDEBUG(ex,second,verb_pr) if (ex) { debug verb_pr; second; }
#define FR_VERBOSE(verb_pr) verbose verb_pr
#define FR_DEBUG(verb_pr) debug verb_pr
#define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi)
# define FR_IFVERBOSE(ex,second,verb_pr) if (ex) { verbose verb_pr; \
second; }
# define FR_IFDEBUG(ex,second,verb_pr) if (ex) { debug verb_pr; \
second; }
# define FR_VERBOSE(verb_pr) verbose verb_pr
# define FR_DEBUG(verb_pr) debug verb_pr
# define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
# define SEND_RESET(ip, qif, q, if) send_reset(ip, if)
# define IPLLOG(a, c, d, e) ipllog()
# if SOLARIS
# define ICMP_ERROR(b, ip, t, c, if, src) icmp_error(ip)
# define bcmp memcmp
# endif
#else
#define FR_IFVERBOSE(ex,second,verb_pr) ;
#define FR_IFDEBUG(ex,second,verb_pr) ;
#define FR_VERBOSE(verb_pr)
#define FR_DEBUG(verb_pr)
#define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
extern int send_reset();
# if SOLARIS
extern int icmp_error(), ipfr_fastroute();
extern kmutex_t ipf_mutex, ipl_mutex;
# else
extern void ipfr_fastroute();
# define ICMP_ERROR(b, ip, t, c, if, src) icmp_error(b, ip, if)
# endif
extern int ipl_unreach, ipllog();
#endif
#if SOLARIS
# define SEND_RESET(ip, if, q) send_reset(ip, qif, q)
# define ICMP_ERROR(b, ip, t, c, if, src) \
#else /* #ifndef _KERNEL */
# define FR_IFVERBOSE(ex,second,verb_pr) ;
# define FR_IFDEBUG(ex,second,verb_pr) ;
# define FR_VERBOSE(verb_pr)
# define FR_DEBUG(verb_pr)
# define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
# define IPLLOG(a, c, d, e) ipllog(a, IPL_LOGIPF, c, d, e)
# if SOLARIS
extern kmutex_t ipf_mutex;
# define SEND_RESET(ip, qif, q, if) send_reset(ip, qif, q)
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(b, ip, t, c, if, src)
#else
# define SEND_RESET(ip, if, q) send_reset(ip)
# if BSD < 199103
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(mtod(b, ip_t *), t, c, if, src)
# else
# define ICMP_ERROR(b, ip, t, c, if, src) \
# define FR_SCANLIST(p, ip, fi, m) fr_scanlist(p, ip, fi, m)
# define SEND_RESET(ip, qif, q, if) send_reset((struct tcpiphdr *)ip)
# if BSD < 199103
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(mtod(b, ip_t *), t, c, if, src)
# else
# define ICMP_ERROR(b, ip, t, c, if, src) \
icmp_error(b, t, c, (src).s_addr, if)
# endif
# endif
#endif
@ -103,7 +106,7 @@ extern int ipl_unreach, ipllog();
#ifdef IPF_DEFAULT_PASS
#define IPF_NOMATCH (IPF_DEFAULT_PASS|FR_NOMATCH)
#else
#define IPF_NOMATCH (FR_NOMATCH)
#define IPF_NOMATCH (FR_PASS|FR_NOMATCH)
#endif
struct filterstats frstats[2] = {{0,0,0,0,0},{0,0,0,0,0}};
@ -113,6 +116,10 @@ int fr_flags = IPF_LOGGING, fr_active = 0;
fr_info_t frcache[2];
static void fr_makefrip __P((int, ip_t *, fr_info_t *));
static int fr_tcpudpchk __P((frentry_t *, fr_info_t *));
static int fr_scanlist __P((int, ip_t *, fr_info_t *, void *));
/*
* bit values for identifying presence of individual IP options
@ -159,7 +166,7 @@ struct optlist secopt[8] = {
* compact the IP header into a structure which contains just the info.
* which is useful for comparing IP headers with.
*/
void fr_makefrip(hlen, ip, fin)
static void fr_makefrip(hlen, ip, fin)
int hlen;
ip_t *ip;
fr_info_t *fin;
@ -278,7 +285,7 @@ getports:
/*
* check an IP packet for TCP/UDP characteristics such as ports and flags.
*/
int fr_tcpudpchk(fr, fin)
static int fr_tcpudpchk(fr, fin)
frentry_t *fr;
fr_info_t *fin;
{
@ -371,7 +378,7 @@ fr_info_t *fin;
* Could be per interface, but this gets real nasty when you don't have
* kernel sauce.
*/
int fr_scanlist(pass, ip, fin, m)
static int fr_scanlist(pass, ip, fin, m)
int pass;
ip_t *ip;
register fr_info_t *fin;
@ -404,8 +411,7 @@ void *m;
if (opts & (OPT_VERBOSE|OPT_DEBUG))
printf("\n");
FR_VERBOSE(("%c", (pass & FR_PASS) ? 'p' : 'b'));
if (fin->fin_ifp && *fr->fr_ifname &&
strcasecmp((char *)fin->fin_ifp, fr->fr_ifname))
if (fr->fr_ifa && fr->fr_ifa != fin->fin_ifp)
continue;
FR_VERBOSE((":i"));
#endif
@ -467,7 +473,7 @@ void *m;
pass = (*fr->fr_func)(pass, ip, fin);
#ifdef IPFILTER_LOG
if ((pass & FR_LOGMASK) == FR_LOG) {
if (!ipllog(fr->fr_flags, ip, fin, m))
if (!IPLLOG(fr->fr_flags, ip, fin, m))
frstats[fin->fin_out].fr_skip++;
frstats[fin->fin_out].fr_pkl++;
}
@ -475,7 +481,7 @@ void *m;
FR_DEBUG(("pass %#x\n", pass));
fr->fr_hits++;
if (pass & FR_ACCOUNT)
fr->fr_bytes += ip->ip_len;
fr->fr_bytes += (U_QUAD_T)ip->ip_len;
else
fin->fin_icode = fr->fr_icode;
fin->fin_rule = rulen;
@ -504,7 +510,8 @@ mblk_t **mp;
struct mbuf **mp;
# endif
#else
)
, mp)
char *mp;
#endif
ip_t *ip;
int hlen;
@ -518,8 +525,12 @@ int out;
register fr_info_t *fin = &frinfo;
frentry_t *fr = NULL;
int pass, changed;
#ifndef _KERNEL
char *mc = mp, *m = mp;
#endif
#if !defined(__SVR4) && !defined(__svr4__) && defined(_KERNEL)
#ifdef _KERNEL
# if !defined(__SVR4) && !defined(__svr4__)
register struct mbuf *m = *mp;
struct mbuf *mc = NULL;
@ -538,9 +549,10 @@ int out;
}
}
}
#endif
#if SOLARIS && defined(_KERNEL)
# endif
# if SOLARIS
mblk_t *mc = NULL, *m = qif->qf_m;
# endif
#endif
fr_makefrip(hlen, ip, fin);
fin->fin_ifp = ifp;
@ -608,7 +620,7 @@ int out;
}
}
if (fr && fr->fr_func)
if (fr && fr->fr_func && !(pass & FR_CALLNOW))
pass = (*fr->fr_func)(pass, ip, fin);
if (out) {
@ -639,7 +651,7 @@ int out;
pass |= FF_LOGBLOCK;
frstats[out].fr_bpkl++;
logit:
if (!ipllog(pass, ip, fin, m)) {
if (!IPLLOG(pass, ip, fin, m)) {
frstats[out].fr_skip++;
if ((pass & (FR_PASS|FR_LOGORBLOCK)) ==
(FR_PASS|FR_LOGORBLOCK))
@ -676,7 +688,7 @@ logit:
frstats[0].fr_ret++;
} else if ((pass & FR_RETRST) &&
!(fin->fin_fi.fi_fl & FI_SHORT)) {
if (SEND_RESET(ip, qif, q) == 0)
if (SEND_RESET(ip, qif, q, ifp) == 0)
frstats[1].fr_ret++;
}
#else
@ -736,37 +748,32 @@ logit:
#ifdef IPFILTER_LOG
# if !(defined(_KERNEL))
static void ipllog()
{
verbose("l");
}
# endif
int fr_copytolog(buf, len)
int fr_copytolog(dev, buf, len)
int dev;
char *buf;
int len;
{
int clen, tail;
register char *bufp = iplbuf[dev], *tp = iplt[dev], *hp = iplh[dev];
register int clen, tail;
tail = (iplh >= iplt) ? (iplbuf + IPLLOGSIZE - iplh) : (iplt - iplh);
tail = (hp >= tp) ? (bufp + IPLLOGSIZE - hp) : (tp - hp);
clen = MIN(tail, len);
bcopy(buf, iplh, clen);
bcopy(buf, hp, clen);
len -= clen;
tail -= clen;
iplh += clen;
hp += clen;
buf += clen;
if (iplh == iplbuf + IPLLOGSIZE) {
iplh = iplbuf;
tail = iplt - iplh;
if (hp == bufp + IPLLOGSIZE) {
hp = bufp;
tail = tp - hp;
}
if (len && tail) {
clen = MIN(tail, len);
bcopy(buf, iplh, clen);
bcopy(buf, hp, clen);
len -= clen;
iplh += clen;
hp += clen;
}
iplh[dev] = hp;
return len;
}
#endif

93
sys/netinet/ip_compat.h
View File

@ -6,17 +6,48 @@
* to the original author and the contributors.
*
* @(#)ip_compat.h 1.8 1/14/96
* $Id: ip_compat.h,v 2.0.1.4 1997/02/04 14:24:25 darrenr Exp $
* $Id: ip_compat.h,v 1.1.1.2 1997/04/03 10:10:48 darrenr Exp $
*/
#ifndef __IP_COMPAT_H_
#define __IP_COMPAT_H__
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#if SOLARIS
#define MTYPE(m) ((m)->b_datap->db_type)
# define MTYPE(m) ((m)->b_datap->db_type)
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
/*
* because Solaris 2 defines these in two places :-/
*/
# undef IPOPT_EOL
# undef IPOPT_NOP
# undef IPOPT_LSRR
# undef IPOPT_RR
# undef IPOPT_SSRR
# ifndef _KERNEL
# define _KERNEL
# undef RES_INIT
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# undef _KERNEL
# else
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# endif
#endif
#define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
@ -24,6 +55,13 @@
#define IP_OFFMASK 0x1fff
#endif
#if BSD > 199306
# define USE_QUAD_T
# define U_QUAD_T u_quad_t
#else
# define U_QUAD_T u_long
#endif
#ifndef MAX
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
#endif
@ -85,11 +123,18 @@
#define IPOPT_FINN 205 /* FINN */
#ifdef __FreeBSD__
# include <machine/spl.h>
# if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL)
# define ACTUALLY_LKM_NOT_KERNEL
# endif
#endif
/*
* Build some macros and #defines to enable the same code to compile anywhere
* Well, that's the idea, anyway :-)
*/
#ifdef _KERNEL
#if defined(_KERNEL) || defined(KERNEL)
# if SOLARIS
# define MUTEX_ENTER(x) mutex_enter(x)
# define MUTEX_EXIT(x) mutex_exit(x)
@ -108,6 +153,7 @@
# ifdef sun
# if defined(__svr4__) || defined(__SVR4)
extern ill_t *get_unit __P((char *));
# define GETUNIT(n) get_unit((n))
# else
# include <sys/kmem_alloc.h>
@ -132,8 +178,8 @@ typedef struct qif {
queue_t *qf_out;
void *qf_wqinfo;
void *qf_rqinfo;
int (*qf_inp)();
int (*qf_outp)();
int (*qf_inp) __P((queue_t *, mblk_t *));
int (*qf_outp) __P((queue_t *, mblk_t *));
mblk_t *qf_m;
int qf_len;
char qf_name[8];
@ -151,10 +197,10 @@ typedef struct qif {
# define htons(x) (x)
# define htonl(x) (x)
# endif
# define KMALLOC(x) kmem_alloc((x), KM_NOSLEEP)
# define KMALLOC(a,b,c) (a) = (b)kmem_alloc((c), KM_NOSLEEP)
# define GET_MINOR(x) getminor(x)
# else
# define KMALLOC(x) new_kmem_alloc((x), KMEM_NOSLEEP)
# define KMALLOC(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
# endif /* __svr4__ */
# endif /* sun && !linux */
# ifndef GET_MINOR
@ -162,7 +208,7 @@ typedef struct qif {
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
# include <vm/vm.h>
# if !defined(__FreeBSD__)
# if !defined(__FreeBSD__) || (defined (__FreeBSD__) && __FreeBSD__>=3)
# include <vm/vm_extern.h>
# include <sys/proc.h>
extern vm_map_t kmem_map;
@ -170,15 +216,15 @@ extern vm_map_t kmem_map;
# include <vm/vm_kern.h>
# endif /* __FreeBSD__ */
/*
** # define KMALLOC(x) kmem_alloc(kmem_map, (x))
** # define KFREE(x) kmem_free(kmem_map, (vm_offset_t)(x), \
# define KMALLOC(a,b,c) (a) = (b)kmem_alloc(kmem_map, (c))
# define KFREE(x) kmem_free(kmem_map, (vm_offset_t)(x), \
sizeof(*(x)))
*/
# ifdef M_PFIL
# define KMALLOC(x) malloc((x), M_PFIL, M_NOWAIT)
# define KMALLOC(a, b, c) MALLOC((a), b, (c), M_PFIL, M_NOWAIT)
# define KFREE(x) FREE((x), M_PFIL)
# else
# define KMALLOC(x) malloc((x), M_TEMP, M_NOWAIT)
# define KMALLOC(a, b, c) MALLOC((a), b, (c), M_TEMP, M_NOWAIT)
# define KFREE(x) FREE((x), M_TEMP)
# endif
# define UIOMOVE(a,b,c,d) uiomove(a,b,d)
@ -193,17 +239,16 @@ extern vm_map_t kmem_map;
# endif
# endif
#else
# ifndef linux
# define MUTEX_ENTER(x) ;
# define MUTEX_EXIT(x) ;
# define SPLNET(x) ;
# define SPLX(x) ;
# define KMALLOC(x) malloc(x)
# define KFREE(x) free(x)
# define GETUNIT(x) (x)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
# endif
# define MUTEX_ENTER(x) ;
# define MUTEX_EXIT(x) ;
# define SPLNET(x) ;
# undef SPLX
# define SPLX(x) ;
# define KMALLOC(a,b,c) (a) = (b)malloc(c)
# define KFREE(x) free(x)
# define GETUNIT(x) get_unit(x)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
#endif /* KERNEL */
#ifdef linux
@ -318,7 +363,7 @@ struct ipovly {
# define UNITNAME(n) dev_get((n))
# define ifnet device
# define KMALLOC(x) kmalloc((x), GFP_ATOMIC)
# define KMALLOC(a,b,c) (a) = (b)kmalloc((c), GFP_ATOMIC)
# define KFREE(x) kfree_s((x), sizeof(*(x)))
# define IRCOPY(a,b,c) { \
error = verify_area(VERIFY_READ, \

442
sys/netinet/ip_fil.c
View File

@ -7,17 +7,39 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_fil.c,v 2.0.1.7 1997/02/19 12:45:02 darrenr Exp $";
static char rcsid[] = "$Id: ip_fil.c,v 1.1.1.3 1997/04/03 10:10:52 darrenr Exp $";
#endif
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#ifdef __FreeBSD__
#include <osreldate.h>
#endif
#ifndef _KERNEL
#include <stdio.h>
#include <string.h>
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#ifdef _KERNEL
#include <sys/systm.h>
#endif
#include <sys/uio.h>
#if !SOLARIS
#include <sys/dir.h>
#include <sys/mbuf.h>
#else
#define bcmp memcmp
#define bzero(a,b) memset(a,0,b)
#define bcopy(a,b,c) memcpy(b,a,c)
#include <sys/filio.h>
#endif
#include <sys/protosw.h>
#include <sys/socket.h>
@ -36,8 +58,8 @@ static char rcsid[] = "$Id: ip_fil.c,v 2.0.1.7 1997/02/19 12:45:02 darrenr Exp $
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include <syslog.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_frag.h"
#include "ip_nat.h"
#include "ip_state.h"
@ -47,45 +69,49 @@ static char rcsid[] = "$Id: ip_fil.c,v 2.0.1.7 1997/02/19 12:45:02 darrenr Exp $
extern fr_flags, fr_active;
extern struct protosw inetsw[];
extern int (*fr_checkp)();
#if BSD < 199306
extern int ipfr_slowtimer();
static int (*fr_saveslowtimo)();
static int (*fr_saveslowtimo) __P((void));
extern int tcp_ttl;
#else
extern void ipfr_slowtimer();
static void (*fr_saveslowtimo)();
static void (*fr_saveslowtimo) __P((void));
#endif
int ipl_inited = 0;
int ipl_unreach = ICMP_UNREACH_FILTER;
int send_reset();
#ifndef _KERNEL
#include "ipt.h"
static struct ifnet **ifneta = NULL;
static int nifs = 0;
struct ifnet *get_unit __P((char *));
#endif
#ifdef IPFILTER_LOG
# define LOGSIZE 8192
int ipllog();
char iplbuf[LOGSIZE];
caddr_t iplh = iplbuf, iplt = iplbuf;
static int iplused = 0;
char iplbuf[3][IPLLOGSIZE];
caddr_t iplh[3], iplt[3];
int iplused[3] = {0,0,0};
#endif /* IPFILTER_LOG */
static void frflush();
static int frrequest();
static int (*fr_savep)() = NULL;
static void frflush __P((caddr_t));
static int frrequest __P((int, caddr_t, int));
static void frzerostats __P((caddr_t));
#ifdef _KERNEL
static int (*fr_savep) __P((struct ip *, int, struct ifnet *,
int, struct mbuf **));
#else
void init_ifp __P((void));
static int (*fr_savep) __P((struct ip *, int, struct ifnet *,
int, char *));
static int no_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
static int write_output __P((struct ifnet *, struct mbuf *,
struct sockaddr *, struct rtentry *));
#endif
#if _BSDI_VERSION >= 199501
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
# include <sys/device.h>
# include <sys/conf.h>
int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
int iplopen __P((dev_t, int, int, struct proc *));
int iplclose __P((dev_t, int, int, struct proc *));
# ifdef IPFILTER_LOG
int iplread __P((dev_t, struct uio *, int));
# else
# define iplread noread
# endif
int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
struct cfdriver iplcd = {
NULL, "ipl", NULL, NULL, DV_DULL, 0
};
@ -96,9 +122,11 @@ struct devsw iplsw = {
nostrat, nodump, nopsize, 0,
nostop
};
#endif /* _BSDI_VERSION >= 199501 */
#endif /* _BSDI_VERSION >= 199510 && _KERNEL */
#ifdef IPFILTER_LKM
#ifdef _KERNEL
# ifdef IPFILTER_LKM
int iplidentify(s)
char *s;
{
@ -106,12 +134,12 @@ char *s;
return 1;
return 0;
}
#endif /* IPFILTER_LKM */
# endif /* IPFILTER_LKM */
int iplattach()
{
int s;
int s, i;
SPLNET(s);
if (ipl_inited || (fr_checkp == fr_check)) {
@ -125,6 +153,14 @@ int iplattach()
fr_checkp = fr_check;
fr_saveslowtimo = inetsw[0].pr_slowtimo;
inetsw[0].pr_slowtimo = ipfr_slowtimer;
/*
* Set log buffer pointers for each of the log buffers
*/
for (i = 0; i <= 2; i++) {
iplh[i] = iplbuf[i];
iplt[i] = iplbuf[i];
}
SPLX(s);
return 0;
}
@ -142,7 +178,9 @@ int ipldetach()
return EBUSY;
}
#if defined(IPFILTER_LKM) || defined(IPFILTER)
fr_checkp = fr_savep;
#endif
inetsw[0].pr_slowtimo = fr_saveslowtimo;
frflush((caddr_t)&i);
ipl_inited = 0;
@ -154,6 +192,7 @@ int ipldetach()
SPLX(s);
return 0;
}
#endif /* _KERNEL */
static void frzerostats(data)
@ -219,7 +258,7 @@ caddr_t data;
* Filter ioctl interface.
*/
int iplioctl(dev, cmd, data, mode
#if _BSDI_VERSION >= 199501
#if ((_BSDI_VERSION >= 199510) || (BSD >= 199506)) && defined(_KERNEL)
, p)
struct proc *p;
#else
@ -232,18 +271,20 @@ int mode;
{
int error = 0, s, unit;
#ifdef _KERNEL
unit = minor(dev);
if (unit != 0)
if ((2 < unit) || (unit < 0))
return ENXIO;
#endif
SPLNET(s);
switch (cmd) {
case FIONREAD :
#ifdef IPFILTER_LOG
*(int *)data = iplused;
*(int *)data = iplused[unit];
#endif
break;
#ifndef IPFILTER_LKM
#if !defined(IPFILTER_LKM) && defined(_KERNEL)
case SIOCFRENB :
{
u_int enable;
@ -330,9 +371,9 @@ int mode;
if (!(mode & FWRITE))
error = EPERM;
else {
*(int *)data = iplused;
iplh = iplt = iplbuf;
iplused = 0;
*(int *)data = iplused[unit];
iplh[unit] = iplt[unit] = iplbuf[unit];
iplused[unit] = 0;
}
break;
#endif /* IPFILTER_LOG */
@ -365,16 +406,13 @@ caddr_t data;
{
register frentry_t *fp, *f, **fprev;
register frentry_t **ftail;
frentry_t fr;
frentry_t frd;
frdest_t *fdp;
struct frentry frd;
int error = 0, in;
fp = &fr;
fp = &frd;
IRCOPY(data, (caddr_t)fp, sizeof(*fp));
bzero((char *)frcache, sizeof(frcache[0]) * 2);
in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
if (fp->fr_flags & FR_ACCOUNT) {
ftail = fprev = &ipacct[in][set];
@ -383,8 +421,8 @@ caddr_t data;
else
return ESRCH;
IRCOPY((char *)fp, (char *)&frd, sizeof(frd));
fp = &frd;
bzero((char *)frcache, sizeof(frcache[0]) * 2);
if (*fp->fr_ifname) {
fp->fr_ifa = GETUNIT(fp->fr_ifname);
if (!fp->fr_ifa)
@ -451,7 +489,8 @@ caddr_t data;
if (f)
error = EEXIST;
else {
if ((f = (struct frentry *)KMALLOC(sizeof(*f)))) {
KMALLOC(f, frentry_t *, sizeof(*f));
if (f != NULL) {
bcopy((char *)fp, (char *)f, sizeof(*f));
f->fr_hits = 0;
f->fr_next = *ftail;
@ -464,44 +503,48 @@ caddr_t data;
}
#if !defined(linux)
#ifdef _KERNEL
/*
* routines below for saving IP headers to buffer
*/
int iplopen(dev, flags
#if _BSDI_VERSION >= 199501
#if ((_BSDI_VERSION >= 199510) || (BSD >= 199506)) && defined(_KERNEL)
, devtype, p)
int devtype;
struct proc *p;
#else
# else
)
#endif
# endif
dev_t dev;
int flags;
{
u_int min = minor(dev);
if (min)
if (2 < min)
min = ENXIO;
else
min = 0;
return min;
}
int iplclose(dev, flags
#if _BSDI_VERSION >= 199501
#if ((_BSDI_VERSION >= 199510) || (BSD >= 199506)) && defined(_KERNEL)
, devtype, p)
int devtype;
struct proc *p;
#else
# else
)
#endif
# endif
dev_t dev;
int flags;
{
u_int min = minor(dev);
if (min)
if (2 < min)
min = ENXIO;
else
min = 0;
return min;
}
@ -521,52 +564,57 @@ int iplread(dev, uio)
dev_t dev;
register struct uio *uio;
{
register int ret, s;
register int ret, s, unit;
register size_t sz, sx;
int error;
unit = minor(dev);
if ((2 < unit) || (unit < 0))
return ENXIO;
if (!uio->uio_resid)
return 0;
while (!iplused) {
error = SLEEP(iplbuf, "ipl sleep");
while (!iplused[unit]) {
error = SLEEP(iplbuf[unit], "ipl sleep");
if (error)
return error;
}
SPLNET(s);
sx = sz = MIN(uio->uio_resid, iplused);
if (iplh < iplt)
sz = MIN(sz, LOGSIZE - (iplt - iplbuf));
sx = sz = MIN(uio->uio_resid, iplused[unit]);
if (iplh[unit] < iplt[unit])
sz = MIN(sz, IPLLOGSIZE - (iplt[unit] - iplbuf[unit]));
sx -= sz;
# if BSD >= 199306 || defined(__FreeBSD__)
uio->uio_rw = UIO_READ;
# endif
if (!(ret = UIOMOVE(iplt, sz, UIO_READ, uio))) {
iplt += sz;
iplused -= sz;
if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
iplt = iplbuf;
if (!(ret = UIOMOVE(iplt[unit], sz, UIO_READ, uio))) {
iplt[unit] += sz;
iplused[unit] -= sz;
if ((iplh[unit] < iplt[unit]) && (iplt[unit] == iplbuf[unit] + IPLLOGSIZE))
iplt[unit] = iplbuf[unit];
if (sx && !(ret = UIOMOVE(iplt, sx, UIO_READ, uio))) {
iplt += sx;
iplused -= sx;
if ((iplh < iplt) && (iplt == iplbuf + LOGSIZE))
iplt = iplbuf;
if (sx && !(ret = UIOMOVE(iplt[unit], sx, UIO_READ, uio))) {
iplt[unit] += sx;
iplused[unit] -= sx;
if ((iplh[unit] < iplt[unit]) && (iplt[unit] == iplbuf[unit] + IPLLOGSIZE))
iplt[unit] = iplbuf[unit];
}
if (!iplused) /* minimise wrapping around the end */
iplh = iplt = iplbuf;
if (!iplused[unit]) /* minimise wrapping around the end */
iplh[unit] = iplt[unit] = iplbuf[unit];
}
SPLX(s);
return ret;
}
# endif /* IPFILTER_LOG */
#endif /* linux */
#ifdef IPFILTER_LOG
int ipllog(flags, ip, fin, m)
# ifdef IPFILTER_LOG
int ipllog(flags, dev, ip, fin, m)
u_int flags;
int dev;
ip_t *ip;
register fr_info_t *fin;
struct mbuf *m;
@ -597,16 +645,16 @@ struct mbuf *m;
mlen = (flags & FR_LOGBODY) ? MIN(ip->ip_len - hlen, 128) : 0;
len = hlen + sizeof(iplci) + mlen;
if (iplused + len > LOGSIZE)
if (iplused[dev] + len > IPLLOGSIZE)
return 0;
iplused += len;
iplused[dev] += len;
# ifdef sun
# ifdef sun
uniqtime(&iplci);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&iplci);
# endif
# endif
iplci.flags = flags;
iplci.hlen = (u_char)hlen;
iplci.plen = (u_char)mlen;
@ -619,22 +667,25 @@ struct mbuf *m;
if ((iplci.ifname[1] = ifp->if_name[1]))
if ((iplci.ifname[2] = ifp->if_name[2]))
iplci.ifname[3] = ifp->if_name[3];
# endif
# endif
if (iplh[dev] == iplbuf[dev] + IPLLOGSIZE)
iplh[dev] = iplbuf[dev];
/*
* Gauranteed to succeed from above
*/
(void) fr_copytolog(&iplci, sizeof(iplci));
(void) fr_copytolog(dev, (char *)&iplci, sizeof(iplci));
for (len -= sizeof(iplci); m && len > 0; m = m->m_next, len -= hlen) {
hlen = MIN(len, m->m_len);
if (fr_copytolog(mtod(m, char *), hlen))
if (fr_copytolog(dev, mtod(m, char *), hlen))
break;
}
wakeup(iplbuf);
wakeup(iplbuf[dev]);
return 1;
}
#endif /* IPFILTER_LOG */
# endif /* IPFILTER_LOG */
/*
* send_reset - this could conceivably be a call to tcp_respond(), but that
@ -651,22 +702,22 @@ struct tcpiphdr *ti;
if (ti->ti_flags & TH_RST)
return -1; /* feedback loop */
#if BSD < 199306
# if BSD < 199306
m = m_get(M_DONTWAIT, MT_HEADER);
#else
# else
m = m_gethdr(M_DONTWAIT, MT_HEADER);
m->m_data += max_linkhdr;
#endif
# endif
if (m == NULL)
return -1;
if (ti->ti_flags & TH_SYN)
tlen = 1;
m->m_len = sizeof (struct tcpiphdr);
#if BSD >= 199306
# if BSD >= 199306
m->m_pkthdr.len = sizeof (struct tcpiphdr);
m->m_pkthdr.rcvif = (struct ifnet *)0;
#endif
# endif
bzero(mtod(m, char *), sizeof(struct tcpiphdr));
ip = mtod(m, struct ip *);
tp = mtod(m, struct tcpiphdr *);
@ -686,11 +737,11 @@ struct tcpiphdr *ti;
ip->ip_tos = ((struct ip *)ti)->ip_tos;
ip->ip_p = ((struct ip *)ti)->ip_p;
ip->ip_len = sizeof (struct tcpiphdr);
#if BSD < 199306
# if BSD < 199306
ip->ip_ttl = tcp_ttl;
#else
# else
ip->ip_ttl = ip_defttl;
#endif
# endif
/*
* extra 0 in case of multicast
@ -700,13 +751,18 @@ struct tcpiphdr *ti;
}
#ifndef IPFILTER_LKM
void iplinit()
# ifndef IPFILTER_LKM
# if BSD < 199306
int
# else
void
# endif
iplinit()
{
(void) iplattach();
ip_init();
}
#endif
# endif
void ipfr_fastroute(m0, fin, fdp)
@ -738,12 +794,12 @@ frdest_t *fdp;
#if (BSD >= 199306) && !defined(__NetBSD__) && !defined(__bsdi__)
# ifdef RTF_CLONING
rtalloc_ign(ro, RTF_CLONING);
# else
# else
rtalloc_ign(ro, RTF_PRCLONING);
# endif
#else
# endif
# else
rtalloc(ro);
#endif
# endif
if (!ifp) {
if (!(fin->fin_fr->fr_flags & FR_FASTROUTE)) {
error = -2;
@ -773,19 +829,19 @@ frdest_t *fdp;
* If small enough for interface, can just send directly.
*/
if (ip->ip_len <= ifp->if_mtu) {
#ifndef sparc
# ifndef sparc
ip->ip_id = htons(ip->ip_id);
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
#endif
# endif
if (!ip->ip_sum)
ip->ip_sum = in_cksum(m, hlen);
#if BSD >= 199306
# if BSD >= 199306
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst,
ro->ro_rt);
#else
# else
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst);
#endif
# endif
goto done;
}
/*
@ -818,11 +874,11 @@ frdest_t *fdp;
error = ENOBUFS;
goto bad;
}
#if BSD >= 199306
# if BSD >= 199306
m->m_data += max_linkhdr;
#else
# else
m->m_off = MMAXOFF - hlen;
#endif
# endif
mhip = mtod(m, struct ip *);
bcopy((char *)ip, (char *)mhip, sizeof(*ip));
if (hlen > sizeof (struct ip)) {
@ -843,9 +899,9 @@ frdest_t *fdp;
error = ENOBUFS; /* ??? */
goto sendorfree;
}
#ifndef sparc
# ifndef sparc
mhip->ip_off = htons((u_short)mhip->ip_off);
#endif
# endif
mhip->ip_sum = 0;
mhip->ip_sum = in_cksum(m, mhlen);
*mnext = m;
@ -865,13 +921,13 @@ sendorfree:
m0 = m->m_act;
m->m_act = 0;
if (error == 0)
#if BSD >= 199306
# if BSD >= 199306
error = (*ifp->if_output)(ifp, m,
(struct sockaddr *)dst, ro->ro_rt);
#else
# else
error = (*ifp->if_output)(ifp, m,
(struct sockaddr *)dst);
#endif
# endif
else
m_freem(m);
}
@ -885,3 +941,159 @@ bad:
m_freem(m);
goto done;
}
#else /* #ifdef _KERNEL */
static int no_output __P((struct ifnet *ifp, struct mbuf *m,
struct sockaddr *s, struct rtentry *rt))
{
return 0;
}
# ifdef __STDC__
static int write_output __P((struct ifnet *ifp, struct mbuf *m,
struct sockaddr *s, struct rtentry *rt))
{
ip_t *ip = (ip_t *)m;
# else
static int write_output(ifp, ip)
struct ifnet *ifp;
ip_t *ip;
{
# endif
FILE *fp;
char fname[32];
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
sprintf(fname, "/tmp/%s", ifp->if_xname);
if ((fp = fopen(fname, "a"))) {
fclose(fp);
}
#else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
if ((fp = fopen(fname, "a"))) {
fwrite((char *)ip, ntohs(ip->ip_len), 1, fp);
fclose(fp);
}
#endif
}
struct ifnet *get_unit(name)
char *name;
{
struct ifnet *ifp, **ifa;
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
if (!strcmp(name, ifp->if_xname))
return ifp;
}
#else
char ifname[32], *s;
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
(void) sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);
if (!strcmp(name, ifname))
return ifp;
}
#endif
if (!ifneta) {
ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
ifneta[1] = NULL;
ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
nifs = 1;
} else {
nifs++;
ifneta = (struct ifnet **)realloc(ifneta,
(nifs + 1) * sizeof(*ifa));
ifneta[nifs] = NULL;
ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
}
ifp = ifneta[nifs - 1];
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
strncpy(ifp->if_xname, name, sizeof(ifp->if_xname));
#else
for (s = name; *s && !isdigit(*s); s++)
;
if (*s && isdigit(*s)) {
ifp->if_unit = atoi(s);
ifp->if_name = (char *)malloc(s - name + 1);
strncpy(ifp->if_name, name, s - name);
ifp->if_name[s - name] = '\0';
} else {
ifp->if_name = strdup(name);
ifp->if_unit = -1;
}
#endif
ifp->if_output = no_output;
return ifp;
}
void init_ifp()
{
FILE *fp;
struct ifnet *ifp, **ifa;
char fname[32];
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
if ((fp = fopen(fname, "w")))
fclose(fp);
}
#else
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
if ((fp = fopen(fname, "w")))
fclose(fp);
}
#endif
}
void ipfr_fastroute(ip, fin, fdp)
ip_t *ip;
fr_info_t *fin;
frdest_t *fdp;
{
struct ifnet *ifp = fdp->fd_ifp;
if (!ifp)
return; /* no routing table out here */
ip->ip_len = htons((u_short)ip->ip_len);
ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
ip->ip_sum = 0;
(*ifp->if_output)(ifp, (void *)ip, NULL, 0);
}
void ipllog()
{
verbose("l");
}
int send_reset(ip, ifp)
ip_t *ip;
struct ifnet *ifp;
{
verbose("- TCP RST sent\n");
return 0;
}
int icmp_error(ip, ifp)
ip_t *ip;
struct ifnet *ifp;
{
verbose("- TCP RST sent\n");
return 0;
}
#endif /* _KERNEL */

139
sys/netinet/ip_fil.h
View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_fil.h 1.35 6/5/96
* $Id: ip_fil.h,v 2.0.1.2 1997/01/10 00:28:15 darrenr Exp $
* $Id: ip_fil.h,v 1.1.1.2 1997/04/03 10:10:58 darrenr Exp $
*/
#ifndef __IP_FIL_H__
@ -19,20 +19,12 @@
#if defined(KERNEL) && !defined(_KERNEL)
#define _KERNEL
#endif
#if SOLARIS
# include <sys/ioccom.h>
# include <sys/sysmacros.h>
# ifdef _KERNEL
# include <inet/common.h>
/*
* because Solaris 2 defines these in two places :-/
*/
#undef IPOPT_EOL
#undef IPOPT_NOP
#undef IPOPT_LSRR
#undef IPOPT_RR
#undef IPOPT_SSRR
# include <inet/ip.h>
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
@ -118,9 +110,12 @@ typedef struct frdest {
typedef struct frentry {
struct frentry *fr_next;
struct ifnet *fr_ifa;
u_long fr_hits;
u_long fr_bytes; /* this is only incremented when a packet */
/* matches this rule and it is the last match*/
/*
* There are only incremented when a packet matches this rule and
* it is the last match
*/
U_QUAD_T fr_hits;
U_QUAD_T fr_bytes;
/*
* Fields after this may not change whilst in the kernel.
*/
@ -140,7 +135,7 @@ typedef struct frentry {
u_short fr_stop; /* top port for <> and >< */
u_short fr_dtop; /* top port for <> and >< */
u_long fr_flags; /* per-rule flags && options (see below) */
int (*fr_func)(); /* call this function */
int (*fr_func) __P((int, struct ip *, fr_info_t *)); /* call this function */
char fr_icode; /* return ICMP code */
char fr_ifname[IFNAMSIZ];
struct frdest fr_tif; /* "to" interface */
@ -162,7 +157,7 @@ typedef struct frentry {
/*
* fr_flags
*/
*/
#define FR_BLOCK 0x00001
#define FR_PASS 0x00002
#define FR_OUTQUE 0x00004
@ -276,18 +271,100 @@ typedef struct ipl_ci {
#define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
#define IPLLOGSIZE 8192
extern int fr_check();
extern int fr_copytolog();
extern fr_info_t frcache[];
extern char *iplh, *iplt;
extern char iplbuf[IPLLOGSIZE];
#ifdef _KERNEL
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
extern struct filterstats frstats[];
/*
* Device filenames. Use ipf on Solaris2 because ipl is already a name used
* by something else.
*/
#ifndef IPL_NAME
# if SOLARIS
extern int ipfsync();
# define IPL_NAME "/dev/ipf"
# else
# define IPL_NAME "/dev/ipl"
# endif
#endif
#define IPL_NAT "/dev/ipnat"
#define IPL_STATE "/dev/ipstate"
#define IPL_LOGIPF 0 /* Minor device #'s for accessing logs */
#define IPL_LOGNAT 1
#define IPL_LOGSTATE 2
#if !defined(CDEV_MAJOR) && defined (__FreeBSD_version) && \
(__FreeBSD_version >= 220000)
# define CDEV_MAJOR 79
#endif
#ifndef _KERNEL
extern int fr_check __P((struct ip *, int, struct ifnet *, int, char *));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *,
int, char *));
extern int send_reset __P((struct ip *, struct ifnet *));
extern int icmp_error __P((struct ip *, struct ifnet *));
extern void ipllog __P((void));
extern void ipfr_fastroute __P((struct ip *, fr_info_t *, frdest_t *));
#else
# if SOLARIS
extern int fr_check __P((struct ip *, int, struct ifnet *, int, qif_t *,
queue_t *, mblk_t **));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *,
int, qif_t *, queue_t *, mblk_t *));
extern int icmp_error __P((queue_t *, ip_t *, int, int, qif_t *,
struct in_addr));
# else
extern int fr_check __P((struct ip *, int, struct ifnet *, int,
struct mbuf **));
extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int,
struct mbuf **));
extern int send_reset __P((struct tcpiphdr *));
extern int ipllog __P((u_int, int, struct ip *, fr_info_t *, struct mbuf *));
extern void ipfr_fastroute __P((struct mbuf *, fr_info_t *, frdest_t *));
# endif
#endif
extern int fr_copytolog __P((int, char *, int));
extern int ipl_unreach;
extern fr_info_t frcache[];
extern char *iplh[3], *iplt[3];
extern char iplbuf[3][IPLLOGSIZE];
extern int iplused[3];
extern struct frentry *ipfilter[2][2], *ipacct[2][2];
extern struct filterstats frstats[];
#ifndef _KERNEL
extern int iplioctl __P((dev_t, int, caddr_t, int));
extern int iplopen __P((dev_t, int));
extern int iplclose __P((dev_t, int));
#else
extern int iplattach __P((void));
extern int ipldetach __P((void));
# if SOLARIS
extern int iplioctl __P((dev_t, int, int, int, cred_t *, int *));
extern int iplopen __P((dev_t *, int, int, cred_t *));
extern int iplclose __P((dev_t, int, int, cred_t *));
extern int ipfsync __P((void));
# ifdef IPFILTER_LOG
extern int iplread __P((dev_t, struct uio *, cred_t *));
# endif
# else
# ifdef IPFILTER_LKM
extern int iplidentify __P((char *));
# endif
# if (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 199612)
extern int iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
extern int iplopen __P((dev_t, int, int, struct proc *));
extern int iplclose __P((dev_t, int, int, struct proc *));
# else
extern int iplioctl __P((dev_t, int, caddr_t, int));
extern int iplopen __P((dev_t, int));
extern int iplclose __P((dev_t, int));
# endif /* (_BSDI_VERSION >= 199510) */
# ifdef IPFILTER_LOG
# if BSD >= 199306
extern int iplread __P((dev_t, struct uio *, int));
# else
extern int iplread __P((dev_t, struct uio *));
# endif /* BSD >= 199306 */
# else
# define iplread noread
# endif /* IPFILTER_LOG */
# endif /* SOLARIS */
#endif /* _KERNEL */
#endif /* __IP_FIL_H__ */

29
sys/netinet/ip_frag.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_frag.c,v 2.0.1.2 1997/02/16 06:17:35 darrenr Exp $";
static char rcsid[] = "$Id: ip_frag.c,v 1.1.1.3 1997/04/03 10:11:03 darrenr Exp $";
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -17,12 +17,19 @@ static char rcsid[] = "$Id: ip_frag.c,v 2.0.1.2 1997/02/16 06:17:35 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
#include <sys/ioccom.h>
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
#include <sys/ioctl.h>
#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -47,8 +54,8 @@ static char rcsid[] = "$Id: ip_frag.c,v 2.0.1.2 1997/02/16 06:17:35 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_frag.h"
#include "ip_nat.h"
#include "ip_state.h"
@ -69,6 +76,13 @@ extern kmutex_t ipf_frag;
# endif
#endif
#ifdef __FreeBSD__
# if BSD < 199306
int ipfr_slowtimer __P((void));
# else
void ipfr_slowtimer __P((void));
# endif
#endif /* __FreeBSD__ */
ipfrstat_t *ipfr_fragstats()
{
@ -114,7 +128,8 @@ int pass;
return -1;
}
if (!(fr = (ipfr_t *)KMALLOC(sizeof(*fr)))) {
KMALLOC(fr, ipfr_t *, sizeof(*fr));
if (fr == NULL) {
ipfr_stats.ifs_nomem++;
MUTEX_EXIT(&ipf_frag);
return -1;
@ -230,10 +245,10 @@ void ipfr_unload()
* Slowly expire held state for fragments. Timeouts are set * in expectation
* of this being called twice per second.
*/
# if BSD < 199306
int ipfr_slowtimer()
# else
# if (BSD >= 199306) || SOLARIS
void ipfr_slowtimer()
# else
int ipfr_slowtimer()
# endif
{
ipfr_t **fp, *fr;

16
sys/netinet/ip_frag.h
View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_frag.h 1.5 3/24/96
* $Id: ip_frag.h,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $
* $Id: ip_frag.h,v 1.1.1.2 1997/04/03 10:11:06 darrenr Exp $
*/
#ifndef __IP_FRAG_H_
@ -39,9 +39,13 @@ typedef struct ipfrstat {
#define IPFR_CMPSZ (4 + 4 + 2 + 1 + 1)
extern ipfrstat_t *ipfr_fragstats();
extern int ipfr_newfrag(), ipfr_knownfrag();
# ifdef _KERNEL
extern void ipfr_unload();
# endif
extern ipfrstat_t *ipfr_fragstats __P((void));
extern int ipfr_newfrag __P((ip_t *, fr_info_t *, int));
extern int ipfr_knownfrag __P((ip_t *, fr_info_t *));
extern void ipfr_unload __P((void));
#if (BSD >= 199306) || SOLARIS
extern void ipfr_slowtimer __P((void));
#else
extern int ipfr_slowtimer __P((void));
#endif
#endif /* __IP_FIL_H__ */

171
sys/netinet/ip_nat.c
View File

@ -9,7 +9,11 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static char rcsid[] = "$Id: ip_nat.c,v 2.0.1.11 1997/02/16 06:26:47 darrenr Exp $";
static char rcsid[] = "$Id: ip_nat.c,v 1.1.1.3 1997/04/03 10:11:11 darrenr Exp $";
#endif
#if defined(__FreeBSD__) && defined(KERNEL)
#define _KERNEL
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -20,12 +24,13 @@ static char rcsid[] = "$Id: ip_nat.c,v 2.0.1.11 1997/02/16 06:26:47 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -57,8 +62,8 @@ extern struct ifnet vpnif;
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#ifndef MIN
@ -80,10 +85,13 @@ extern kmutex_t ipf_nat;
# endif
#endif
static int flush_nattable(), clear_natlist();
static void nattable_sync();
static int flush_nattable __P((void)), clear_natlist __P((void));
static void nattable_sync __P((void)), nat_delete __P((struct nat *));
static nat_t *nat_new __P((ipnat_t *, ip_t *, fr_info_t *, u_short, int));
static void fix_outcksum __P((u_short *, u_long));
static void fix_incksum __P((u_short *, u_long));
void fix_outcksum(sp, n)
static void fix_outcksum(sp, n)
u_short *sp;
u_long n;
{
@ -104,7 +112,7 @@ u_long n;
}
void fix_incksum(sp, n)
static void fix_incksum(sp, n)
u_short *sp;
u_long n;
{
@ -182,7 +190,8 @@ int cmd, mode;
error = EEXIST;
break;
}
if (!(n = (ipnat_t *)KMALLOC(sizeof(*n)))) {
KMALLOC(n, ipnat_t *, sizeof(*n));
if (n == NULL) {
error = ENOMEM;
break;
}
@ -365,7 +374,7 @@ static int clear_natlist()
/*
* Create a new NAT table entry.
*/
nat_t *nat_new(np, ip, fin, flags, direction)
static nat_t *nat_new(np, ip, fin, flags, direction)
ipnat_t *np;
ip_t *ip;
fr_info_t *fin;
@ -387,15 +396,22 @@ int direction;
}
/* Give me a new nat */
if (!(nat = (nat_t *)KMALLOC(sizeof(*nat))))
KMALLOC(nat, nat_t *, sizeof(*nat));
if (nat == NULL)
return NULL;
bzero((char *)nat, sizeof(*nat));
nat->nat_flags = flags;
/*
* Search the current table for a match.
*/
if (direction == NAT_OUTBOUND) {
#if SOLARIS
ill_t *ill = fin->fin_ifp;
#else
struct ifnet *ifp = fin->fin_ifp;
#endif
/*
* If it's an outbound packet which doesn't match any existing
* record, then create a new port
@ -403,6 +419,34 @@ int direction;
do {
port = 0;
in.s_addr = np->in_nip;
if (!in.s_addr && (np->in_outmsk == 0xffffffff)) {
#if SOLARIS
in.s_addr = ill->ill_ipif->ipif_local_addr;
#else
struct ifaddr *ifa;
struct sockaddr_in *sin;
ifa = ifp->if_addrlist;
# if BSD < 199306
sin = (struct sockaddr_in *)&ifa->ifa_addr;
# else
sin = (struct sockaddr_in *)ifa->ifa_addr;
while (sin && ifa &&
sin->sin_family != AF_INET) {
ifa = ifa->ifa_next;
sin = (struct sockaddr_in *)ifa->ifa_addr;
}
if (!ifa)
sin = NULL;
if (!sin) {
KFREE(nat);
return NULL;
}
# endif
in = sin->sin_addr;
in.s_addr = ntohl(in.s_addr);
#endif
}
if (nflags & IPN_TCPUDP) {
port = htons(np->in_pnext++);
if (np->in_pnext >= ntohs(np->in_pmax)) {
@ -555,8 +599,9 @@ u_short sport, mapdport;
for (; nat; nat = nat->nat_hnext[1])
if (nat->nat_oip.s_addr == src.s_addr &&
nat->nat_outip.s_addr == mapdst.s_addr &&
(!flags || (nat->nat_oport == sport &&
nat->nat_outport == mapdport)))
flags == nat->nat_flags && (!flags ||
(nat->nat_oport == sport &&
nat->nat_outport == mapdport)))
return nat;
return NULL;
}
@ -581,8 +626,8 @@ u_short sport, dport;
for (; nat; nat = nat->nat_hnext[0])
if (nat->nat_inip.s_addr == src.s_addr &&
nat->nat_oip.s_addr == dst.s_addr &&
(!flags || (nat->nat_inport == sport &&
nat->nat_oport == dport)))
flags == nat->nat_flags && (!flags ||
(nat->nat_inport == sport && nat->nat_oport == dport)))
return nat;
return NULL;
}
@ -606,8 +651,9 @@ u_short mapsport, dport;
for (; nat; nat = nat->nat_hnext[0])
if (nat->nat_outip.s_addr == mapsrc.s_addr &&
nat->nat_oip.s_addr == dst.s_addr &&
(!flags || (nat->nat_outport == mapsport &&
nat->nat_oport == dport)))
flags == nat->nat_flags && (!flags ||
(nat->nat_outport == mapsport &&
nat->nat_oport == dport)))
return nat;
return NULL;
}
@ -684,17 +730,20 @@ fr_info_t *fin;
*/
if (!(nat = nat_outlookup(nflags, ip->ip_src, sport,
ip->ip_dst, dport))) {
if (np->in_redir == NAT_REDIRECT)
continue;
/*
* if it's a redirection, then we don't want
* If it's a redirection, then we don't want
* to create new outgoing port stuff.
* Redirections are only for incoming
* connections.
*/
if (np->in_redir == NAT_REDIRECT)
continue;
if (!(nat = nat_new(np, ip, fin, nflags,
NAT_OUTBOUND)))
break;
#ifdef IPFILTER_LOG
nat_log(nat, (u_short)np->in_redir);
#endif
}
ip->ip_src = nat->nat_outip;
@ -719,8 +768,8 @@ fr_info_t *fin;
if (ip->ip_p == IPPROTO_TCP) {
csump = &tcp->th_sum;
set_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,1);
fr_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,1);
} else if (ip->ip_p == IPPROTO_UDP) {
udphdr_t *udp = (udphdr_t *)tcp;
@ -787,20 +836,20 @@ fr_info_t *fin;
(np->in_redir == NAT_MAP || np->in_pmin == dport)) {
if (!(nat = nat_inlookup(nflags, ip->ip_src, sport,
ip->ip_dst, dport))) {
/*
* If this rule (np) is a redirection, rather
* than a mapping, then do a nat_new.
* Otherwise, if it's just a mapping, do a
* continue;
*/
if (np->in_redir == NAT_MAP)
continue;
else {
/*
* If this rule (np) is a redirection,
* rather than a mapping, then do a
* nat_new. Otherwise, if it's just a
* mapping, do a continue;
*/
if (!(nat = nat_new(np, ip, fin,
nflags,
NAT_INBOUND)))
break;
}
if (!(nat = nat_new(np, ip, fin, nflags,
NAT_INBOUND)))
break;
#ifdef IPFILTER_LOG
nat_log(nat, (u_short)np->in_redir);
#endif
}
ip->ip_dst = nat->nat_inip;
@ -824,8 +873,8 @@ fr_info_t *fin;
if (ip->ip_p == IPPROTO_TCP) {
csump = &tcp->th_sum;
set_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,0);
fr_tcp_age(&nat->nat_age,
nat->nat_state, ip, fin,0);
} else if (ip->ip_p == IPPROTO_UDP) {
udphdr_t *udp = (udphdr_t *)tcp;
@ -887,9 +936,61 @@ void ip_natexpire()
continue;
}
*natp = nat->nat_next;
#ifdef IPFILTER_LOG
nat_log(nat, NL_EXPIRE);
#endif
nat_delete(nat);
nat_stats.ns_expire++;
}
SPLX(s);
MUTEX_EXIT(&ipf_nat);
}
#ifdef IPFILTER_LOG
void nat_log(nat, type)
struct nat *nat;
u_short type;
{
struct ipnat *np;
struct natlog natl;
int rulen;
if (iplused[IPL_LOGNAT] + sizeof(natl) > IPLLOGSIZE) {
nat_stats.ns_logfail++;
return;
}
if (iplh[IPL_LOGNAT] == iplbuf[IPL_LOGNAT] + IPLLOGSIZE)
iplh[IPL_LOGNAT] = iplbuf[IPL_LOGNAT];
# ifdef sun
uniqtime(&natl);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&natl);
# endif
natl.nl_origport = nat->nat_oport;
natl.nl_outport = nat->nat_outport;
natl.nl_inport = nat->nat_inport;
natl.nl_origip = nat->nat_oip;
natl.nl_outip = nat->nat_outip;
natl.nl_inip = nat->nat_inip;
natl.nl_type = type;
natl.nl_rule = -1;
if (nat->nat_ptr) {
for (rulen = 0, np = nat_list; np; np = np->in_next, rulen++)
if (np == nat->nat_ptr) {
natl.nl_rule = rulen;
break;
}
}
if (!fr_copytolog(IPL_LOGNAT, (char *)&natl, sizeof(natl))) {
iplused[IPL_LOGNAT] += sizeof(natl);
nat_stats.ns_logged++;
} else
nat_stats.ns_logfail++;
wakeup(iplbuf[IPL_LOGNAT]);
}
#endif

43
sys/netinet/ip_nat.h
View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_nat.h 1.5 2/4/96
* $Id: ip_nat.h,v 2.0.1.7 1997/01/30 12:39:41 darrenr Exp $
* $Id: ip_nat.h,v 1.1.1.2 1997/04/03 10:11:19 darrenr Exp $
*/
#ifndef __IP_NAT_H_
@ -40,7 +40,8 @@
#define NAT_SIZE 367
typedef struct nat {
int nat_age;
u_long nat_age;
int nat_flags;
u_long nat_sumd;
u_long nat_ipsumd;
struct in_addr nat_inip;
@ -101,6 +102,8 @@ typedef struct natstat {
u_long ns_added;
u_long ns_expire;
u_long ns_inuse;
u_long ns_logged;
u_long ns_logfail;
nat_t **ns_table[2];
ipnat_t *ns_list;
} natstat_t;
@ -110,9 +113,37 @@ typedef struct natstat {
#define IPN_UDP 2
#define IPN_TCPUDP 3
typedef struct natlog {
struct timeval nl_tv;
struct in_addr nl_origip;
struct in_addr nl_outip;
struct in_addr nl_inip;
u_short nl_origport;
u_short nl_outport;
u_short nl_inport;
u_short nl_type;
int nl_rule;
} natlog_t;
#define NL_NEWMAP NAT_MAP
#define NL_NEWRDR NAT_REDIRECT
#define NL_EXPIRE 0xffff
extern nat_t *nat_table[2][NAT_SIZE];
extern int nat_ioctl();
extern nat_t *nat_outlookup(), *nat_inlookup(), *nat_lookupredir();
extern int ip_natout(), ip_natin();
extern void ip_natunload(), ip_natexpire();
extern int nat_ioctl __P((caddr_t, int, int));
extern nat_t *nat_outlookup __P((int, struct in_addr, u_short,
struct in_addr, u_short));
extern nat_t *nat_inlookup __P((int, struct in_addr, u_short,
struct in_addr, u_short));
extern nat_t *nat_lookupredir __P((natlookup_t *));
extern nat_t *nat_lookupmapip __P((int, struct in_addr, u_short,
struct in_addr, u_short));
extern int ip_natout __P((ip_t *, int, fr_info_t *));
extern int ip_natin __P((ip_t *, int, fr_info_t *));
extern void ip_natunload __P((void)), ip_natexpire __P((void));
extern void nat_log __P((struct nat *, u_short));
#endif /* __IP_NAT_H__ */

108
sys/netinet/ip_state.c
View File

@ -7,7 +7,7 @@
*/
#if !defined(lint) && defined(LIBC_SCCS)
static char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed";
static char rcsid[] = "$Id: ip_state.c,v 2.0.1.3 1997/02/16 06:18:36 darrenr Exp $";
static char rcsid[] = "$Id: ip_state.c,v 1.1.1.3 1997/04/03 10:11:29 darrenr Exp $";
#endif
#if !defined(_KERNEL) && !defined(KERNEL)
@ -17,12 +17,19 @@ static char rcsid[] = "$Id: ip_state.c,v 2.0.1.3 1997/02/16 06:18:36 darrenr Exp
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if defined(__FreeBSD__) && (__FreeBSD__ >= 3)
#include <sys/ioccom.h>
#include <sys/filio.h>
#include <sys/fcntl.h>
#else
#include <sys/ioctl.h>
#endif
#include <sys/uio.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#ifdef _KERNEL
#ifdef _KERNEL
# include <sys/systm.h>
#endif
#if !defined(__SVR4) && !defined(__svr4__)
@ -48,15 +55,13 @@ static char rcsid[] = "$Id: ip_state.c,v 2.0.1.3 1997/02/16 06:18:36 darrenr Exp
#include <netinet/udp.h>
#include <netinet/tcpip.h>
#include <netinet/ip_icmp.h>
#include "ip_fil.h"
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_state.h"
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
void set_tcp_age();
#define TCP_CLOSE (TH_FIN|TH_RST)
ipstate_t *ips_table[IPSTATE_SIZE];
@ -169,8 +174,8 @@ u_int pass;
*/
if ((tcp->th_flags & (TH_SYN|TH_ACK)) == TH_SYN)
is->is_ack = 0; /* Trumpet WinSock 'ism */
set_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
fr_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
break;
}
case IPPROTO_UDP :
@ -187,7 +192,8 @@ u_int pass;
return -1;
}
if (!(is = (ipstate_t *)KMALLOC(sizeof(*is)))) {
KMALLOC(is, ipstate_t *, sizeof(*is));
if (is == NULL) {
ips_stats.iss_nomem++;
return -1;
}
@ -197,9 +203,14 @@ u_int pass;
is->is_next = ips_table[hv];
ips_table[hv] = is;
is->is_pass = pass;
is->is_pkts = 1;
is->is_bytes = ip->ip_len;
if (pass & FR_LOGFIRST)
is->is_pass &= ~(FR_LOGFIRST|FR_LOG);
ips_num++;
#ifdef IPFILTER_LOG
ipstate_log(is, ISL_NEW);
#endif
MUTEX_EXIT(&ipf_state);
return 0;
}
@ -210,13 +221,7 @@ u_int pass;
* change timeout depending on whether new packet is a SYN-ACK returning for a
* SYN or a RST or FIN which indicate time to close up shop.
*/
int fr_tcpstate(is, fin, ip, tcp, sport
#ifndef _KERNEL
,isp)
ipstate_t **isp;
#else
)
#endif
int fr_tcpstate(is, fin, ip, tcp, sport)
register ipstate_t *is;
fr_info_t *fin;
ip_t *ip;
@ -278,11 +283,13 @@ u_short sport;
is->is_dwin = ntohs(tcp->th_win);
}
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
/*
* Nearing end of connection, start timeout.
*/
set_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
fr_tcp_age(&is->is_age, is->is_state, ip, fin,
tcp->th_sport == is->is_sport);
return 1;
}
return 0;
@ -301,7 +308,7 @@ fr_info_t *fin;
register u_char pr;
struct icmp *ic;
tcphdr_t *tcp;
u_int hv, hlen;
u_int hv, hlen, pass;
if ((ip->ip_off & 0x1fff) || (fin->fin_fi.fi_fl & FI_SHORT))
return 0;
@ -336,6 +343,8 @@ fr_info_t *fin;
is->is_icmp.ics_type != ic->icmp_type)
continue;
is->is_age = fr_icmptimeout;
is->is_pkts++;
is->is_bytes += ip->ip_len;
ips_stats.iss_hits++;
MUTEX_EXIT(&ipf_state);
return is->is_pass;
@ -357,7 +366,6 @@ fr_info_t *fin;
if (fr_tcpstate(is, fin, ip, tcp, sport)) {
#ifdef _KERNEL
MUTEX_EXIT(&ipf_state);
return is->is_pass;
#else
int pass = is->is_pass;
@ -366,8 +374,8 @@ fr_info_t *fin;
isp = &ips_table[hv];
KFREE(is);
}
return pass;
#endif
return pass;
}
}
MUTEX_EXIT(&ipf_state);
@ -389,9 +397,12 @@ fr_info_t *fin;
PAIRS(sport, dport, is->is_sport, is->is_dport) &&
IPPAIR(src, dst, is->is_src, is->is_dst)) {
ips_stats.iss_hits++;
is->is_pkts++;
is->is_bytes += ip->ip_len;
is->is_age = fr_udptimeout;
pass = is->is_pass;
MUTEX_EXIT(&ipf_state);
return is->is_pass;
return pass;
}
MUTEX_EXIT(&ipf_state);
break;
@ -445,6 +456,9 @@ void fr_timeoutstate()
ips_stats.iss_fin++;
else
ips_stats.iss_expire++;
#ifdef IPFILTER_LOG
ipstate_log(is, ISL_EXPIRE);
#endif
KFREE(is);
ips_num--;
} else
@ -458,8 +472,8 @@ void fr_timeoutstate()
* Original idea freom Pradeep Krishnan for use primarily with NAT code.
* (pkrishna@netcom.com)
*/
void set_tcp_age(age, state, ip, fin, dir)
int *age;
void fr_tcp_age(age, state, ip, fin, dir)
u_long *age;
u_char *state;
ip_t *ip;
fr_info_t *fin;
@ -540,3 +554,51 @@ int dir;
break;
}
}
#ifdef IPFILTER_LOG
void ipstate_log(is, type)
struct ipstate *is;
u_short type;
{
struct ipslog ipsl;
if (iplused[IPL_LOGSTATE] + sizeof(ipsl) > IPLLOGSIZE) {
ips_stats.iss_logfail++;
return;
}
if (iplh[IPL_LOGSTATE] == iplbuf[IPL_LOGSTATE] + IPLLOGSIZE)
iplh[IPL_LOGSTATE] = iplbuf[IPL_LOGSTATE];
# ifdef sun
uniqtime(&ipsl);
# endif
# if BSD >= 199306 || defined(__FreeBSD__)
microtime((struct timeval *)&ipsl);
# endif
ipsl.isl_pkts = is->is_pkts;
ipsl.isl_bytes = is->is_bytes;
ipsl.isl_src = is->is_src;
ipsl.isl_dst = is->is_dst;
ipsl.isl_p = is->is_p;
ipsl.isl_flags = is->is_flags;
ipsl.isl_type = type;
if (ipsl.isl_p == IPPROTO_TCP || ipsl.isl_p == IPPROTO_UDP) {
ipsl.isl_sport = is->is_sport;
ipsl.isl_dport = is->is_dport;
} else if (ipsl.isl_p == IPPROTO_ICMP)
ipsl.isl_itype = is->is_icmp.ics_type;
else {
ipsl.isl_ps.isl_filler[0] = 0;
ipsl.isl_ps.isl_filler[1] = 0;
}
if (!fr_copytolog(IPL_LOGSTATE, (char *)&ipsl, sizeof(ipsl))) {
iplused[IPL_LOGSTATE] += sizeof(ipsl);
ips_stats.iss_logged++;
} else
ips_stats.iss_logfail++;
wakeup(iplbuf[IPL_LOGSTATE]);
}
#endif

48
sys/netinet/ip_state.h
View File

@ -6,7 +6,7 @@
* to the original author and the contributors.
*
* @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed
* $Id: ip_state.h,v 2.0.1.1 1997/01/09 15:14:43 darrenr Exp $
* $Id: ip_state.h,v 1.1.1.2 1997/04/03 10:11:33 darrenr Exp $
*/
#ifndef __IP_STATE_H__
#define __IP_STATE_H__
@ -37,8 +37,10 @@ typedef struct tcpstate {
typedef struct ipstate {
struct ipstate *is_next;
int is_age;
u_long is_age;
u_int is_pass;
U_QUAD_T is_pkts;
U_QUAD_T is_bytes;
struct in_addr is_src;
struct in_addr is_dst;
u_char is_p;
@ -63,6 +65,31 @@ typedef struct ipstate {
#define TH_OPENING (TH_SYN|TH_ACK)
typedef struct ipslog {
struct timeval isl_tv;
U_QUAD_T isl_pkts;
U_QUAD_T isl_bytes;
struct in_addr isl_src;
struct in_addr isl_dst;
u_char isl_p;
u_char isl_flags;
u_short isl_type;
union {
u_short isl_filler[2];
u_short isl_ports[2];
u_short isl_icmp;
} isl_ps;
} ipslog_t;
#define isl_sport isl_ps.isl_ports[0]
#define isl_dport isl_ps.isl_ports[1]
#define isl_itype isl_ps.isl_icmp
#define ISL_NEW 0
#define ISL_EXPIRE 0xffff
typedef struct ips_stat {
u_long iss_hits;
u_long iss_miss;
@ -74,13 +101,18 @@ typedef struct ips_stat {
u_long iss_expire;
u_long iss_fin;
u_long iss_active;
u_long iss_logged;
u_long iss_logfail;
ipstate_t **iss_table;
} ips_stat_t;
extern ips_stat_t *fr_statetstats();
extern int fr_addstate(), fr_checkstate();
extern void fr_timeoutstate(), set_tcp_age();
# ifdef _KERNEL
extern void fr_stateunload();
# endif
extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *,
tcphdr_t *, u_short));
extern ips_stat_t *fr_statetstats __P((void));
extern int fr_addstate __P((ip_t *, fr_info_t *, u_int));
extern int fr_checkstate __P((ip_t *, fr_info_t *));
extern void fr_timeoutstate __P((void));
extern void fr_tcp_age __P((u_long *, u_char *, ip_t *, fr_info_t *, int));
extern void fr_stateunload __P((void));
extern void ipstate_log __P((struct ipstate *, u_short));
#endif /* __IP_STATE_H__ */