Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Decouple inbound and outbound filters. Now instead of using...
details: https://anonhg.NetBSD.org/src/rev/d0f7553c5339
branches: trunk
changeset: 472928:d0f7553c5339
user: thorpej <thorpej%NetBSD.org@localhost>
date: Wed May 12 18:50:51 1999 +0000
description:
Decouple inbound and outbound filters. Now instead of using "active-filter"
and "pass-filter" and "inbound" and "outbound" qualifiers in the filter
expression, use new "active-filter-in", "active-filter-out", "pass-filter-in",
and "pass-filter-out" without these qualifiers.
This is necessary due to the horrible, awful way "inbound" and "outbound"
were specified for the filter programs when a packet was passed through them.
Basically, the "address" byte in the serial PPP header was overwritten with
a value to indicate the direction. However, the "address" byte doesn't even
exist on PPP headers for all other PPP encaps! So, this old method worked
only for serial encaps, and corrupted packets for all others (PPPoE, ATM, etc.)
diffstat:
sys/net/if_ppp.c | 78 +++++++++++++++++++++-------------------
sys/net/if_ppp.h | 16 +++++++-
sys/net/if_pppvar.h | 11 ++++-
usr.sbin/pppd/pppd/auth.c | 7 ++-
usr.sbin/pppd/pppd/demand.c | 11 +++--
usr.sbin/pppd/pppd/options.c | 84 ++++++++++++++++++++++++++++++++++---------
usr.sbin/pppd/pppd/pppd.8 | 40 +++++++++++---------
usr.sbin/pppd/pppd/pppd.h | 14 +++++--
usr.sbin/pppd/pppd/sys-bsd.c | 36 +++++++++++++-----
9 files changed, 196 insertions(+), 101 deletions(-)
diffs (truncated from 608 to 300 lines):
diff -r 2d4cf1c4a377 -r d0f7553c5339 sys/net/if_ppp.c
--- a/sys/net/if_ppp.c Wed May 12 18:42:43 1999 +0000
+++ b/sys/net/if_ppp.c Wed May 12 18:50:51 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ppp.c,v 1.51 1999/05/11 02:18:52 thorpej Exp $ */
+/* $NetBSD: if_ppp.c,v 1.52 1999/05/12 18:50:51 thorpej Exp $ */
/* Id: if_ppp.c,v 1.6 1997/03/04 03:33:00 paulus Exp */
/*
@@ -501,36 +501,57 @@
#ifdef PPP_FILTER
case PPPIOCSPASS:
case PPPIOCSACTIVE:
+ /* These are no longer supported. */
+ return EOPNOTSUPP;
+
+ case PPPIOCSIPASS:
+ case PPPIOCSOPASS:
+ case PPPIOCSIACTIVE:
+ case PPPIOCSOACTIVE:
nbp = (struct bpf_program *) data;
if ((unsigned) nbp->bf_len > BPF_MAXINSNS)
return EINVAL;
newcodelen = nbp->bf_len * sizeof(struct bpf_insn);
if (newcodelen != 0) {
- MALLOC(newcode, struct bpf_insn *, newcodelen, M_DEVBUF, M_WAITOK);
- if (newcode == 0) {
- return EINVAL; /* or sumpin */
- }
+ newcode = malloc(newcodelen, M_DEVBUF, M_WAITOK);
+ /* WAITOK -- malloc() never fails. */
if ((error = copyin((caddr_t)nbp->bf_insns, (caddr_t)newcode,
newcodelen)) != 0) {
- FREE(newcode, M_DEVBUF);
+ free(newcode, M_DEVBUF);
return error;
}
if (!bpf_validate(newcode, nbp->bf_len)) {
- FREE(newcode, M_DEVBUF);
+ free(newcode, M_DEVBUF);
return EINVAL;
}
} else
newcode = 0;
- bp = (cmd == PPPIOCSPASS)? &sc->sc_pass_filt: &sc->sc_active_filt;
+ switch (cmd) {
+ case PPPIOCSIPASS:
+ bp = &sc->sc_pass_filt_in;
+ break;
+
+ case PPPIOCSOPASS:
+ bp = &sc->sc_pass_filt_out;
+ break;
+
+ case PPPIOCSIACTIVE:
+ bp = &sc->sc_active_filt_in;
+ break;
+
+ case PPPIOCSOACTIVE:
+ bp = &sc->sc_active_filt_out;
+ break;
+ }
oldcode = bp->bf_insns;
s = splimp();
bp->bf_len = nbp->bf_len;
bp->bf_insns = newcode;
splx(s);
if (oldcode != 0)
- FREE(oldcode, M_DEVBUF);
+ free(oldcode, M_DEVBUF);
break;
-#endif
+#endif /* PPP_FILTER */
default:
return (-1);
@@ -738,18 +759,14 @@
pppdumpm(m0);
}
-#if defined(PPP_FILTER) || NBPFILTER > 0
- *mtod(m0, u_char *) = SLIPDIR_OUT;
-#endif
-
if ((protocol & 0x8000) == 0) {
#ifdef PPP_FILTER
/*
* Apply the pass and active filters to the packet,
* but only if it is a data packet.
*/
- if (sc->sc_pass_filt.bf_insns != 0
- && bpf_filter(sc->sc_pass_filt.bf_insns, (u_char *) m0,
+ if (sc->sc_pass_filt_out.bf_insns != 0
+ && bpf_filter(sc->sc_pass_filt_out.bf_insns, (u_char *) m0,
len, 0) == 0) {
error = 0; /* drop this packet */
goto bad;
@@ -758,10 +775,10 @@
/*
* Update the time we sent the most recent packet.
*/
- if (sc->sc_active_filt.bf_insns == 0
- || bpf_filter(sc->sc_active_filt.bf_insns, (u_char *) m0, len, 0))
+ if (sc->sc_active_filt_out.bf_insns == 0
+ || bpf_filter(sc->sc_active_filt_out.bf_insns, (u_char *) m0,
+ len, 0))
sc->sc_last_sent = time.tv_sec;
-
#else
/*
* Update the time we sent the most recent packet.
@@ -770,10 +787,6 @@
#endif /* PPP_FILTER */
}
-#if defined(PPP_FILTER) || NBPFILTER > 0
- *mtod(m0, u_char *) = address;
-#endif
-
#if NBPFILTER > 0
/*
* See if bpf wants to look at the packet.
@@ -1385,28 +1398,23 @@
m->m_pkthdr.len = ilen;
m->m_pkthdr.rcvif = ifp;
-#if defined(PPP_FILTER) || NBPFILTER > 0
- *mtod(m, u_char *) = SLIPDIR_IN;
-#endif
-
if ((proto & 0x8000) == 0) {
#ifdef PPP_FILTER
/*
* See whether we want to pass this packet, and
* if it counts as link activity.
*/
- adrs = *mtod(m, u_char *); /* save address field */
- if (sc->sc_pass_filt.bf_insns != 0
- && bpf_filter(sc->sc_pass_filt.bf_insns, (u_char *) m,
+ if (sc->sc_pass_filt_in.bf_insns != 0
+ && bpf_filter(sc->sc_pass_filt_in.bf_insns, (u_char *) m,
ilen, 0) == 0) {
/* drop this packet */
m_freem(m);
return;
}
- if (sc->sc_active_filt.bf_insns == 0
- || bpf_filter(sc->sc_active_filt.bf_insns, (u_char *) m, ilen, 0))
+ if (sc->sc_active_filt_in.bf_insns == 0
+ || bpf_filter(sc->sc_active_filt_in.bf_insns, (u_char *) m,
+ ilen, 0))
sc->sc_last_recv = time.tv_sec;
-
#else
/*
* Record the time that we received this packet.
@@ -1415,10 +1423,6 @@
#endif /* PPP_FILTER */
}
-#if defined(PPP_FILTER) || NBPFILTER > 0
- *mtod(m, u_char *) = adrs;
-#endif
-
#if NBPFILTER > 0
/* See if bpf wants to look at the packet. */
if (sc->sc_bpf)
diff -r 2d4cf1c4a377 -r d0f7553c5339 sys/net/if_ppp.h
--- a/sys/net/if_ppp.h Wed May 12 18:42:43 1999 +0000
+++ b/sys/net/if_ppp.h Wed May 12 18:50:51 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ppp.h,v 1.15 1998/02/09 17:43:51 perry Exp $ */
+/* $NetBSD: if_ppp.h,v 1.16 1999/05/12 18:50:51 thorpej Exp $ */
/* Id: if_ppp.h,v 1.16 1997/04/30 05:46:04 paulus Exp */
/*
@@ -107,8 +107,22 @@
#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */
#define PPPIOCGIDLE _IOR('t', 74, struct ppp_idle) /* get idle time */
#ifdef PPP_FILTER
+/*
+ * XXX These are deprecated; they can no longer be used, because they
+ * XXX don't play well with multiple encaps. The defs are here so that
+ * XXX we can return decent errors to old pppds, and so that new pppds
+ * XXX will work with old kernels.
+ */
#define PPPIOCSPASS _IOW('t', 71, struct bpf_program) /* set pass filter */
#define PPPIOCSACTIVE _IOW('t', 70, struct bpf_program) /* set active filt */
+
+/*
+ * Use these instead.
+ */
+#define PPPIOCSIPASS _IOW('t', 69, struct bpf_program) /* set in pass flt */
+#define PPPIOCSOPASS _IOW('t', 68, struct bpf_program) /* set out pass flt */
+#define PPPIOCSIACTIVE _IOW('t', 67, struct bpf_program) /* set in act flt */
+#define PPPIOCSOACTIVE _IOW('t', 66, struct bpf_program) /* set out act flt */
#endif /* PPP_FILTER */
/* PPPIOC[GS]MTU are alternatives to SIOC[GS]IFMTU, used under Ultrix */
diff -r 2d4cf1c4a377 -r d0f7553c5339 sys/net/if_pppvar.h
--- a/sys/net/if_pppvar.h Wed May 12 18:42:43 1999 +0000
+++ b/sys/net/if_pppvar.h Wed May 12 18:50:51 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppvar.h,v 1.8 1998/02/09 17:43:52 perry Exp $ */
+/* $NetBSD: if_pppvar.h,v 1.9 1999/05/12 18:50:51 thorpej Exp $ */
/* Id: if_pppvar.h,v 1.3 1996/07/01 01:04:37 paulus Exp */
/*
@@ -82,8 +82,13 @@
time_t sc_last_sent; /* time (secs) last NP pkt sent */
time_t sc_last_recv; /* time (secs) last NP pkt rcvd */
#ifdef PPP_FILTER
- struct bpf_program sc_pass_filt; /* filter for packets to pass */
- struct bpf_program sc_active_filt; /* filter for "non-idle" packets */
+ /* Filter for packets to pass. */
+ struct bpf_program sc_pass_filt_in;
+ struct bpf_program sc_pass_filt_out;
+
+ /* Filter for "non-idle" packets. */
+ struct bpf_program sc_active_filt_in;
+ struct bpf_program sc_active_filt_out;
#endif /* PPP_FILTER */
#ifdef VJC
struct slcompress *sc_comp; /* vjc control buffer */
diff -r 2d4cf1c4a377 -r d0f7553c5339 usr.sbin/pppd/pppd/auth.c
--- a/usr.sbin/pppd/pppd/auth.c Wed May 12 18:42:43 1999 +0000
+++ b/usr.sbin/pppd/pppd/auth.c Wed May 12 18:50:51 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth.c,v 1.23 1998/09/02 20:55:55 christos Exp $ */
+/* $NetBSD: auth.c,v 1.24 1999/05/12 18:50:52 thorpej Exp $ */
/*
* auth.c - PPP authentication and phase control.
@@ -39,7 +39,7 @@
#if 0
static char rcsid[] = "Id: auth.c,v 1.37 1998/03/26 04:46:03 paulus Exp ";
#else
-__RCSID("$NetBSD: auth.c,v 1.23 1998/09/02 20:55:55 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.24 1999/05/12 18:50:52 thorpej Exp $");
#endif
#endif
@@ -300,7 +300,8 @@
phase = PHASE_NETWORK;
#if 0
if (!demand)
- set_filters(&pass_filter, &active_filter);
+ set_filters(&pass_filter_in, &pass_filter_out,
+ &active_filter_int, &active_filter_out);
#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol < 0xC000 && protp->enabled_flag
diff -r 2d4cf1c4a377 -r d0f7553c5339 usr.sbin/pppd/pppd/demand.c
--- a/usr.sbin/pppd/pppd/demand.c Wed May 12 18:42:43 1999 +0000
+++ b/usr.sbin/pppd/pppd/demand.c Wed May 12 18:50:51 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: demand.c,v 1.7 1998/05/02 14:19:14 christos Exp $ */
+/* $NetBSD: demand.c,v 1.8 1999/05/12 18:50:52 thorpej Exp $ */
/*
* demand.c - Support routines for demand-dialling.
@@ -24,7 +24,7 @@
#if 0
static char rcsid[] = "Id: demand.c,v 1.7 1997/11/27 06:08:26 paulus Exp ";
#else
-__RCSID("$NetBSD: demand.c,v 1.7 1998/05/02 14:19:14 christos Exp $");
+__RCSID("$NetBSD: demand.c,v 1.8 1999/05/12 18:50:52 thorpej Exp $");
#endif
#endif
@@ -97,7 +97,8 @@
ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0);
#ifdef PPP_FILTER
- set_filters(&pass_filter, &active_filter);
+ set_filters(&pass_filter_in, &pass_filter_out,
+ &active_filter_in, &active_filter_out);
#endif
/*
@@ -338,8 +339,8 @@
return 0;
proto = PPP_PROTOCOL(p);
#ifdef PPP_FILTER
- if (active_filter.bf_len != 0
- && bpf_filter(active_filter.bf_insns, frame, len, len) == 0)
+ if (active_filter_out.bf_len != 0
+ && bpf_filter(active_filter_out.bf_insns, frame, len, len) == 0)
return 0;
#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i) {
diff -r 2d4cf1c4a377 -r d0f7553c5339 usr.sbin/pppd/pppd/options.c
--- a/usr.sbin/pppd/pppd/options.c Wed May 12 18:42:43 1999 +0000
+++ b/usr.sbin/pppd/pppd/options.c Wed May 12 18:50:51 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: options.c,v 1.27 1998/09/04 19:13:05 christos Exp $ */
+/* $NetBSD: options.c,v 1.28 1999/05/12 18:50:52 thorpej Exp $ */
/*
* options.c - handles option processing for PPP.
Home |
Main Index |
Thread Index |
Old Index