search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / sys / dist / pf / net / if_pflog.c
blobfaff4de813feaeccb211533b188a451fb3769f7a
1 /* $NetBSD: if_pflog.c,v 1.14 2008/12/19 18:49:38 cegger Exp $ */
2 /* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */
3
4 /*
5 * The authors of this code are John Ioannidis (ji@tla.org),
6 * Angelos D. Keromytis (kermit@csd.uch.gr) and
7 * Niels Provos (provos@physnet.uni-hamburg.de).
8 *
9 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
10 * in November 1995.
11 *
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
14 *
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
17 *
18 * Copyright (C) 1995, 1996, 1997, 1998 by John Ioannidis, Angelos D. Keromytis
19 * and Niels Provos.
20 * Copyright (c) 2001, Angelos D. Keromytis, Niels Provos.
21 *
22 * Permission to use, copy, and modify this software with or without fee
23 * is hereby granted, provided that this entire notice is included in
24 * all copies of any software which is or includes a copy or
25 * modification of this software.
26 * You may use this code under the GNU public license if you so wish. Please
27 * contribute changes back to the authors under this freer than GPL license
28 * so that we may further the use of strong encryption without limitations to
29 * all.
30 *
31 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
32 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
33 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
34 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
35 * PURPOSE.
36 */
37
38 #include <sys/cdefs.h>
39 __KERNEL_RCSID(0, "$NetBSD: if_pflog.c,v 1.14 2008/12/19 18:49:38 cegger Exp $");
40
41 #ifdef _KERNEL_OPT
42 #include "opt_inet.h"
43 #endif
44
45 #include "bpfilter.h"
46 #include "pflog.h"
47
48 #include <sys/param.h>
49 #include <sys/systm.h>
50 #include <sys/mbuf.h>
51 #include <sys/proc.h>
52 #include <sys/socket.h>
53 #include <sys/ioctl.h>
54
55 #include <net/if.h>
56 #include <net/if_types.h>
57 #include <net/route.h>
58 #include <net/bpf.h>
59
60 #ifdef INET
61 #include <netinet/in.h>
62 #include <netinet/in_var.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #endif
66
67 #ifdef INET6
68 #ifndef INET
69 #include <netinet/in.h>
70 #endif
71 #include <netinet6/nd6.h>
72 #endif /* INET6 */
73
74 #include <net/pfvar.h>
75 #include <net/if_pflog.h>
76
77 #define PFLOGMTU (32768 + MHLEN + MLEN)
78
79 #ifdef PFLOGDEBUG
80 #define DPRINTF(x) do { if (pflogdebug) printf x ; } while (0)
81 #else
82 #define DPRINTF(x)
83 #endif
84
85 void pflogattach(int);
86 int pflogoutput(struct ifnet *, struct mbuf *, const struct sockaddr *,
87 struct rtentry *);
88 int pflogioctl(struct ifnet *, u_long, void *);
89 void pflogstart(struct ifnet *);
90 int pflog_clone_create(struct if_clone *, int);
91 int pflog_clone_destroy(struct ifnet *);
92
93 LIST_HEAD(, pflog_softc) pflogif_list;
94 struct if_clone pflog_cloner =
95 IF_CLONE_INITIALIZER("pflog", pflog_clone_create, pflog_clone_destroy);
96
97 struct ifnet *pflogifs[PFLOGIFS_MAX]; /* for fast access */
98
99 void
100 pflogattach(int npflog)
101 {
102 int i;
103
104 LIST_INIT(&pflogif_list);
105 for (i = 0; i < PFLOGIFS_MAX; i++)
106 pflogifs[i] = NULL;
107 if_clone_attach(&pflog_cloner);
108 }
109
110 int
111 pflog_clone_create(struct if_clone *ifc, int unit)
112 {
113 struct ifnet *ifp;
114 struct pflog_softc *pflogif;
115 int s;
116
117 if (unit >= PFLOGIFS_MAX)
118 return (EINVAL);
119
120 if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
121 return (ENOMEM);
122
123 pflogif->sc_unit = unit;
124 ifp = &pflogif->sc_if;
125 snprintf(ifp->if_xname, sizeof ifp->if_xname, "pflog%d", unit);
126 ifp->if_softc = pflogif;
127 ifp->if_mtu = PFLOGMTU;
128 ifp->if_ioctl = pflogioctl;
129 ifp->if_output = pflogoutput;
130 ifp->if_start = pflogstart;
131 ifp->if_type = IFT_PFLOG;
132 #ifndef __NetBSD__
133 ifp->if_snd.ifq_maxlen = ifqmaxlen;
134 #endif /* !__NetBSD__ */
135 ifp->if_hdrlen = PFLOG_HDRLEN;
136 if_attach(ifp);
137 if_alloc_sadl(ifp);
138
139 #if NBPFILTER > 0
140 #ifdef __NetBSD__
141 bpfattach(ifp, DLT_PFLOG, PFLOG_HDRLEN);
142 #else
143 bpfattach(&pflogif->sc_if.if_bpf, ifp, DLT_PFLOG, PFLOG_HDRLEN);
144 #endif /* !__NetBSD__ */
145 #endif
146
147 s = splnet();
148 LIST_INSERT_HEAD(&pflogif_list, pflogif, sc_list);
149 pflogifs[unit] = ifp;
150 splx(s);
151
152 return (0);
153 }
154
155 int
156 pflog_clone_destroy(struct ifnet *ifp)
157 {
158 struct pflog_softc *pflogif = ifp->if_softc;
159 int s;
160
161 s = splnet();
162 pflogifs[pflogif->sc_unit] = NULL;
163 LIST_REMOVE(pflogif, sc_list);
164 splx(s);
165
166 #if NBPFILTER > 0
167 bpfdetach(ifp);
168 #endif
169 if_detach(ifp);
170 free(pflogif, M_DEVBUF);
171 return (0);
172 }
173
174 /*
175 * Start output on the pflog interface.
176 */
177 void
178 pflogstart(struct ifnet *ifp)
179 {
180 struct mbuf *m;
181 int s;
182
183 for (;;) {
184 s = splnet();
185 IF_DROP(&ifp->if_snd);
186 IF_DEQUEUE(&ifp->if_snd, m);
187 splx(s);
188
189 if (m == NULL)
190 return;
191 else
192 m_freem(m);
193 }
194 }
195
196 int
197 pflogoutput(struct ifnet *ifp, struct mbuf *m,
198 const struct sockaddr *dst, struct rtentry *rt)
199 {
200 m_freem(m);
201 return (0);
202 }
203
204 /* ARGSUSED */
205 int
206 pflogioctl(struct ifnet *ifp, u_long cmd, void *data)
207 {
208 int error = 0;
209
210 switch (cmd) {
211 case SIOCSIFFLAGS:
212 if ((error = ifioctl_common(ifp, cmd, data)) != 0)
213 break;
214 /*FALLTHROUGH*/
215 case SIOCINITIFADDR:
216 case SIOCAIFADDR:
217 case SIOCSIFDSTADDR:
218 if (ifp->if_flags & IFF_UP)
219 ifp->if_flags |= IFF_RUNNING;
220 else
221 ifp->if_flags &= ~IFF_RUNNING;
222 break;
223 default:
224 error = ifioctl_common(ifp, cmd, data);
225 }
226
227 return error;
228 }
229
230 int
231 pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
232 u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
233 struct pf_ruleset *ruleset, struct pf_pdesc *pd)
234 {
235 #if NBPFILTER > 0
236 struct ifnet *ifn;
237 struct pfloghdr hdr;
238
239 if (kif == NULL || m == NULL || rm == NULL || pd == NULL)
240 return (-1);
241
242 if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf)
243 return (0);
244
245 bzero(&hdr, sizeof(hdr));
246 hdr.length = PFLOG_REAL_HDRLEN;
247 hdr.af = af;
248 hdr.action = rm->action;
249 hdr.reason = reason;
250 memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname));
251
252 if (am == NULL) {
253 hdr.rulenr = htonl(rm->nr);
254 hdr.subrulenr = -1;
255 } else {
256 hdr.rulenr = htonl(am->nr);
257 hdr.subrulenr = htonl(rm->nr);
258 if (ruleset != NULL && ruleset->anchor != NULL)
259 strlcpy(hdr.ruleset, ruleset->anchor->name,
260 sizeof(hdr.ruleset));
261 }
262 if (rm->log & PF_LOG_SOCKET_LOOKUP && !pd->lookup.done)
263 pd->lookup.done = pf_socket_lookup(dir, pd);
264 if (pd->lookup.done > 0) {
265 hdr.uid = pd->lookup.uid;
266 hdr.pid = pd->lookup.pid;
267 } else {
268 hdr.uid = UID_MAX;
269 hdr.pid = NO_PID;
270 }
271 hdr.rule_uid = rm->cuid;
272 hdr.rule_pid = rm->cpid;
273 hdr.dir = dir;
274
275 #ifdef INET
276 if (af == AF_INET && dir == PF_OUT) {
277 struct ip *ip;
278
279 ip = mtod(m, struct ip *);
280 ip->ip_sum = 0;
281 ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
282 }
283 #endif /* INET */
284
285 ifn->if_opackets++;
286 ifn->if_obytes += m->m_pkthdr.len;
287
288 #ifdef __NetBSD__
289 bpf_mtap2(ifn->if_bpf, &hdr, PFLOG_HDRLEN, m);
290 #else
291 bpf_mtap_hdr(ifn->if_bpf, (char *)&hdr, PFLOG_HDRLEN, m,
292 BPF_DIRECTION_OUT);
293 #endif /* !__NetBSD__ */
294
295 #endif
296
297 return (0);
298 }
NetBSD on the FriendlyARM MINI2440