search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / ipf / mlfk_ipl.c
blob24a4e8bcaaeaabde73cdc7986a2e2b3cb1c5b847
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2000 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 */
8
9
10 #include <sys/param.h>
11 #include <sys/systm.h>
12 #include <sys/kernel.h>
13 #include <sys/module.h>
14 #include <sys/conf.h>
15 #include <sys/socket.h>
16 #include <sys/sysctl.h>
17 #include <sys/select.h>
18 #if __FreeBSD_version >= 500000
19 # include <sys/selinfo.h>
20 #endif
21 #include <net/if.h>
22 #include <netinet/in_systm.h>
23 #include <netinet/in.h>
24
25
26 #include <netinet/ipl.h>
27 #include <netinet/ip_compat.h>
28 #include <netinet/ip_fil.h>
29 #include <netinet/ip_state.h>
30 #include <netinet/ip_nat.h>
31 #include <netinet/ip_auth.h>
32 #include <netinet/ip_frag.h>
33 #include <netinet/ip_sync.h>
34
35 #if __FreeBSD_version >= 502116
36 static struct cdev *ipf_devs[IPL_LOGSIZE];
37 #else
38 static dev_t ipf_devs[IPL_LOGSIZE];
39 #endif
40
41 static int sysctl_ipf_int ( SYSCTL_HANDLER_ARGS );
42 static int ipf_modload(void);
43 static int ipf_modunload(void);
44
45 SYSCTL_DECL(_net_inet);
46 #define SYSCTL_IPF(parent, nbr, name, access, ptr, val, descr) \
47 SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|access, \
48 ptr, val, sysctl_ipf_int, "I", descr);
49 #define CTLFLAG_OFF 0x00800000 /* IPFilter must be disabled */
50 #define CTLFLAG_RWO (CTLFLAG_RW|CTLFLAG_OFF)
51 SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
52 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
53 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
54 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
55 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RWO,
56 &fr_tcpidletimeout, 0, "");
57 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RWO,
58 &fr_tcphalfclosed, 0, "");
59 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RWO,
60 &fr_tcpclosewait, 0, "");
61 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RWO,
62 &fr_tcplastack, 0, "");
63 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RWO,
64 &fr_tcptimeout, 0, "");
65 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RWO,
66 &fr_tcpclosed, 0, "");
67 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RWO,
68 &fr_udptimeout, 0, "");
69 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RWO,
70 &fr_udpacktimeout, 0, "");
71 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RWO,
72 &fr_icmptimeout, 0, "");
73 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RWO,
74 &fr_defnatage, 0, "");
75 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
76 &fr_ipfrttl, 0, "");
77 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
78 &fr_running, 0, "");
79 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statesize, CTLFLAG_RWO,
80 &fr_statesize, 0, "");
81 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_statemax, CTLFLAG_RWO,
82 &fr_statemax, 0, "");
83 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_nattable_sz, CTLFLAG_RWO,
84 &ipf_nattable_sz, 0, "");
85 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_natrules_sz, CTLFLAG_RWO,
86 &ipf_natrules_sz, 0, "");
87 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_rdrrules_sz, CTLFLAG_RWO,
88 &ipf_rdrrules_sz, 0, "");
89 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, ipf_hostmap_sz, CTLFLAG_RWO,
90 &ipf_hostmap_sz, 0, "");
91 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RWO,
92 &fr_authsize, 0, "");
93 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
94 &fr_authused, 0, "");
95 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
96 &fr_defaultauthage, 0, "");
97 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
98 SYSCTL_IPF(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
99
100 #define CDEV_MAJOR 79
101 #include <sys/poll.h>
102 #if __FreeBSD_version >= 500043
103 # include <sys/select.h>
104 static int iplpoll(struct cdev *dev, int events, struct thread *td);
105
106 static struct cdevsw ipl_cdevsw = {
107 # if __FreeBSD_version >= 502103
108 .d_version = D_VERSION,
109 .d_flags = 0, /* D_NEEDGIANT - Should be SMP safe */
110 # endif
111 .d_open = iplopen,
112 .d_close = iplclose,
113 .d_read = iplread,
114 .d_write = iplwrite,
115 .d_ioctl = iplioctl,
116 .d_name = "ipl",
117 # if __FreeBSD_version >= 500043
118 .d_poll = iplpoll,
119 # endif
120 # if __FreeBSD_version < 600000
121 .d_maj = CDEV_MAJOR,
122 # endif
123 };
124 #else
125 static int iplpoll(dev_t dev, int events, struct proc *p);
126
127 static struct cdevsw ipl_cdevsw = {
128 /* open */ iplopen,
129 /* close */ iplclose,
130 /* read */ iplread,
131 /* write */ iplwrite,
132 /* ioctl */ iplioctl,
133 /* poll */ iplpoll,
134 /* mmap */ nommap,
135 /* strategy */ nostrategy,
136 /* name */ "ipl",
137 /* maj */ CDEV_MAJOR,
138 /* dump */ nodump,
139 /* psize */ nopsize,
140 /* flags */ 0,
141 # if (__FreeBSD_version < 500043)
142 /* bmaj */ -1,
143 # endif
144 # if (__FreeBSD_version > 430000)
145 /* kqfilter */ NULL
146 # endif
147 };
148 #endif
149
150 static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME, IPAUTH_NAME,
151 IPSYNC_NAME, IPSCAN_NAME, IPLOOKUP_NAME, NULL };
152
153
154 static int
155 ipfilter_modevent(module_t mod, int type, void *unused)
156 {
157 int error = 0;
158
159 switch (type)
160 {
161 case MOD_LOAD :
162 error = ipf_modload();
163 break;
164
165 case MOD_UNLOAD :
166 error = ipf_modunload();
167 break;
168 default:
169 error = EINVAL;
170 break;
171 }
172 return error;
173 }
174
175
176 static int
177 ipf_modload()
178 {
179 char *defpass, *c, *str;
180 int i, j, error;
181
182 RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex");
183 RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock");
184 RWLOCK_INIT(&ipf_frcache, "ipf cache rwlock");
185
186 error = ipfattach();
187 if (error) {
188 RW_DESTROY(&ipf_global);
189 RW_DESTROY(&ipf_mutex);
190 RW_DESTROY(&ipf_frcache);
191 return error;
192 }
193
194 for (i = 0; i < IPL_LOGSIZE; i++)
195 ipf_devs[i] = NULL;
196
197 for (i = 0; (str = ipf_devfiles[i]); i++) {
198 c = NULL;
199 for(j = strlen(str); j > 0; j--)
200 if (str[j] == '/') {
201 c = str + j + 1;
202 break;
203 }
204 if (!c)
205 c = str;
206 ipf_devs[i] = make_dev(&ipl_cdevsw, i, 0, 0, 0600, c);
207 }
208
209 error = ipf_pfil_hook();
210 if (error != 0)
211 return error;
212 ipf_event_reg();
213
214 if (FR_ISPASS(fr_pass))
215 defpass = "pass";
216 else if (FR_ISBLOCK(fr_pass))
217 defpass = "block";
218 else
219 defpass = "no-match -> block";
220
221 printf("%s initialized. Default = %s all, Logging = %s%s\n",
222 ipfilter_version, defpass,
223 #ifdef IPFILTER_LOG
224 "enabled",
225 #else
226 "disabled",
227 #endif
228 #ifdef IPFILTER_COMPILED
229 " (COMPILED)"
230 #else
231 ""
232 #endif
233 );
234 return 0;
235 }
236
237
238 static int
239 ipf_modunload()
240 {
241 int error, i;
242
243 if (fr_refcnt)
244 return EBUSY;
245
246 if (fr_running >= 0) {
247 ipf_pfil_unhook();
248 ipf_event_dereg();
249 WRITE_ENTER(&ipf_global);
250 error = ipfdetach();
251 RWLOCK_EXIT(&ipf_global);
252 if (error != 0)
253 return error;
254 } else
255 error = 0;
256
257 RW_DESTROY(&ipf_global);
258 RW_DESTROY(&ipf_mutex);
259 RW_DESTROY(&ipf_frcache);
260
261 fr_running = -2;
262
263 for (i = 0; ipf_devfiles[i]; i++) {
264 if (ipf_devs[i] != NULL)
265 destroy_dev(ipf_devs[i]);
266 }
267
268 printf("%s unloaded\n", ipfilter_version);
269
270 return error;
271 }
272
273
274 static moduledata_t ipfiltermod = {
275 "ipfilter",
276 ipfilter_modevent,
277 0
278 };
279
280
281 DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
282 #ifdef MODULE_VERSION
283 MODULE_VERSION(ipfilter, 1);
284 #endif
285
286
287 #ifdef SYSCTL_IPF
288 int
289 sysctl_ipf_int ( SYSCTL_HANDLER_ARGS )
290 {
291 int error = 0;
292
293 if (arg1)
294 error = SYSCTL_OUT(req, arg1, sizeof(int));
295 else
296 error = SYSCTL_OUT(req, &arg2, sizeof(int));
297
298 if (error || !req->newptr)
299 return (error);
300
301 if (!arg1)
302 error = EPERM;
303 else {
304 if ((oidp->oid_kind & CTLFLAG_OFF) && (fr_running > 0))
305 error = EBUSY;
306 else
307 error = SYSCTL_IN(req, arg1, sizeof(int));
308 }
309 return (error);
310 }
311 #endif
312
313
314 static int
315 #if __FreeBSD_version >= 500043
316 iplpoll(struct cdev *dev, int events, struct thread *td)
317 #else
318 iplpoll(dev_t dev, int events, struct proc *td)
319 #endif
320 {
321 u_int xmin = GET_MINOR(dev);
322 int revents;
323
324 if (xmin < 0 || xmin > IPL_LOGMAX)
325 return 0;
326
327 revents = 0;
328
329 switch (xmin)
330 {
331 case IPL_LOGIPF :
332 case IPL_LOGNAT :
333 case IPL_LOGSTATE :
334 #ifdef IPFILTER_LOG
335 if ((events & (POLLIN | POLLRDNORM)) && ipflog_canread(xmin))
336 revents |= events & (POLLIN | POLLRDNORM);
337 #endif
338 break;
339 case IPL_LOGAUTH :
340 if ((events & (POLLIN | POLLRDNORM)) && fr_auth_waiting())
341 revents |= events & (POLLIN | POLLRDNORM);
342 break;
343 case IPL_LOGSYNC :
344 #ifdef IPFILTER_SYNC
345 if ((events & (POLLIN | POLLRDNORM)) && ipfsync_canread())
346 revents |= events & (POLLIN | POLLRDNORM);
347 if ((events & (POLLOUT | POLLWRNORM)) && ipfsync_canwrite())
348 revents |= events & (POLLOUT | POLLWRNORM);
349 #endif
350 break;
351 case IPL_LOGSCAN :
352 case IPL_LOGLOOKUP :
353 default :
354 break;
355 }
356
357 if ((revents == 0) && ((events & (POLLIN|POLLRDNORM)) != 0))
358 selrecord(td, &ipfselwait[xmin]);
359
360 return revents;
361 }
NetBSD on the FriendlyARM MINI2440