Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys PF from openbsd 3.5. missing features:
details: https://anonhg.NetBSD.org/src/rev/5a738fc18611
branches: trunk
changeset: 567600:5a738fc18611
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Jun 22 14:17:07 2004 +0000
description:
PF from openbsd 3.5. missing features:
- pfsync (due to protocol # assignment issues)
- carp (not really a PF portion, but thought important to mention)
- PF and ALTQ are mutually-exclusive. this will be sorted out when
kjc%csl.sony.co.jp@localhost updates ALTQ and PF (and API inbetween)
reviewed by matt, christos, perry
torture-test is very welcomed.
diffstat:
sys/conf/files | 3 +-
sys/dist/pf/net/if_pflog.c | 13 +
sys/dist/pf/net/if_pflog.h | 1 +
sys/dist/pf/net/if_pfsync.c | 1243 -------------------------------------------
sys/dist/pf/net/if_pfsync.h | 280 ---------
sys/dist/pf/net/pf.c | 219 ++++++-
sys/dist/pf/net/pf_if.c | 98 +++
sys/dist/pf/net/pf_ioctl.c | 213 +++++++
sys/dist/pf/net/pf_norm.c | 30 +-
sys/dist/pf/net/pf_osfp.c | 5 +
sys/dist/pf/net/pf_table.c | 40 +-
sys/dist/pf/net/pfvar.h | 28 +
12 files changed, 590 insertions(+), 1583 deletions(-)
diffs (truncated from 3090 to 300 lines):
diff -r 042f6336f619 -r 5a738fc18611 sys/conf/files
--- a/sys/conf/files Tue Jun 22 14:09:49 2004 +0000
+++ b/sys/conf/files Tue Jun 22 14:17:07 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files,v 1.676 2004/06/18 15:02:29 christos Exp $
+# $NetBSD: files,v 1.677 2004/06/22 14:17:07 itojun Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@@ -127,6 +127,7 @@
include "netnatm/files.netnatm"
include "netns/files.netns"
include "netsmb/files.netsmb"
+include "net/files.pf"
defflag IPX # IPX network stack
defflag PFIL_HOOKS # pfil(9)
diff -r 042f6336f619 -r 5a738fc18611 sys/dist/pf/net/if_pflog.c
--- a/sys/dist/pf/net/if_pflog.c Tue Jun 22 14:09:49 2004 +0000
+++ b/sys/dist/pf/net/if_pflog.c Tue Jun 22 14:17:07 2004 +0000
@@ -1,3 +1,4 @@
+/* $NetBSD: if_pflog.c,v 1.2 2004/06/22 14:17:07 itojun Exp $ */
/* $OpenBSD: if_pflog.c,v 1.11 2003/12/31 11:18:25 cedric Exp $ */
/*
* The authors of this code are John Ioannidis (ji%tla.org@localhost),
@@ -33,6 +34,10 @@
* PURPOSE.
*/
+#ifdef _KERNEL_OPT
+#include "opt_inet.h"
+#endif
+
#include "bpfilter.h"
#include "pflog.h"
@@ -106,8 +111,12 @@
if_alloc_sadl(ifp);
#if NBPFILTER > 0
+#ifdef __OpenBSD__
bpfattach(&pflogif[i].sc_if.if_bpf, ifp, DLT_PFLOG,
PFLOG_HDRLEN);
+#else
+ bpfattach(ifp, DLT_PFLOG, PFLOG_HDRLEN);
+#endif
#endif
}
}
@@ -122,7 +131,11 @@
int s;
for (;;) {
+#ifdef __OpenBSD__
s = splimp();
+#else
+ s = splnet();
+#endif
IF_DROP(&ifp->if_snd);
IF_DEQUEUE(&ifp->if_snd, m);
splx(s);
diff -r 042f6336f619 -r 5a738fc18611 sys/dist/pf/net/if_pflog.h
--- a/sys/dist/pf/net/if_pflog.h Tue Jun 22 14:09:49 2004 +0000
+++ b/sys/dist/pf/net/if_pflog.h Tue Jun 22 14:17:07 2004 +0000
@@ -1,3 +1,4 @@
+/* $NetBSD: if_pflog.h,v 1.2 2004/06/22 14:17:07 itojun Exp $ */
/* $OpenBSD: if_pflog.h,v 1.10 2004/03/19 04:52:04 frantzen Exp $ */
/*
* Copyright 2001 Niels Provos <provos%citi.umich.edu@localhost>
diff -r 042f6336f619 -r 5a738fc18611 sys/dist/pf/net/if_pfsync.c
--- a/sys/dist/pf/net/if_pfsync.c Tue Jun 22 14:09:49 2004 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1243 +0,0 @@
-/* $OpenBSD: if_pfsync.c,v 1.26 2004/03/28 18:14:20 mcbride Exp $ */
-
-/*
- * Copyright (c) 2002 Michael Shalayeff
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
- * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "bpfilter.h"
-#include "pfsync.h"
-
-#include <sys/param.h>
-#include <sys/proc.h>
-#include <sys/systm.h>
-#include <sys/time.h>
-#include <sys/mbuf.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <sys/timeout.h>
-
-#include <net/if.h>
-#include <net/if_types.h>
-#include <net/route.h>
-#include <net/bpf.h>
-
-#ifdef INET
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/in_var.h>
-#include <netinet/ip.h>
-#include <netinet/ip_var.h>
-#endif
-
-#ifdef INET6
-#ifndef INET
-#include <netinet/in.h>
-#endif
-#include <netinet6/nd6.h>
-#endif /* INET6 */
-
-#include <net/pfvar.h>
-#include <net/if_pfsync.h>
-
-#define PFSYNC_MINMTU \
- (sizeof(struct pfsync_header) + sizeof(struct pf_state))
-
-#ifdef PFSYNCDEBUG
-#define DPRINTF(x) do { if (pfsyncdebug) printf x ; } while (0)
-int pfsyncdebug;
-#else
-#define DPRINTF(x)
-#endif
-
-struct pfsync_softc pfsyncif;
-int pfsync_sync_ok;
-struct pfsyncstats pfsyncstats;
-
-void pfsyncattach(int);
-void pfsync_setmtu(struct pfsync_softc *, int);
-int pfsync_insert_net_state(struct pfsync_state *);
-int pfsyncoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
- struct rtentry *);
-int pfsyncioctl(struct ifnet *, u_long, caddr_t);
-void pfsyncstart(struct ifnet *);
-
-struct mbuf *pfsync_get_mbuf(struct pfsync_softc *, u_int8_t, void **);
-int pfsync_request_update(struct pfsync_state_upd *, struct in_addr *);
-int pfsync_sendout(struct pfsync_softc *);
-void pfsync_timeout(void *);
-void pfsync_send_bus(struct pfsync_softc *, u_int8_t);
-void pfsync_bulk_update(void *);
-void pfsync_bulkfail(void *);
-
-extern int ifqmaxlen;
-extern struct timeval time;
-extern struct timeval mono_time;
-extern int hz;
-
-void
-pfsyncattach(int npfsync)
-{
- struct ifnet *ifp;
-
- pfsync_sync_ok = 1;
- bzero(&pfsyncif, sizeof(pfsyncif));
- pfsyncif.sc_mbuf = NULL;
- pfsyncif.sc_mbuf_net = NULL;
- pfsyncif.sc_statep.s = NULL;
- pfsyncif.sc_statep_net.s = NULL;
- pfsyncif.sc_maxupdates = 128;
- pfsyncif.sc_sendaddr.s_addr = INADDR_PFSYNC_GROUP;
- pfsyncif.sc_ureq_received = 0;
- pfsyncif.sc_ureq_sent = 0;
- ifp = &pfsyncif.sc_if;
- strlcpy(ifp->if_xname, "pfsync0", sizeof ifp->if_xname);
- ifp->if_softc = &pfsyncif;
- ifp->if_ioctl = pfsyncioctl;
- ifp->if_output = pfsyncoutput;
- ifp->if_start = pfsyncstart;
- ifp->if_type = IFT_PFSYNC;
- ifp->if_snd.ifq_maxlen = ifqmaxlen;
- ifp->if_hdrlen = PFSYNC_HDRLEN;
- pfsync_setmtu(&pfsyncif, MCLBYTES);
- timeout_set(&pfsyncif.sc_tmo, pfsync_timeout, &pfsyncif);
- timeout_set(&pfsyncif.sc_bulk_tmo, pfsync_bulk_update, &pfsyncif);
- timeout_set(&pfsyncif.sc_bulkfail_tmo, pfsync_bulkfail, &pfsyncif);
- if_attach(ifp);
- if_alloc_sadl(ifp);
-
-#if NBPFILTER > 0
- bpfattach(&pfsyncif.sc_if.if_bpf, ifp, DLT_PFSYNC, PFSYNC_HDRLEN);
-#endif
-}
-
-/*
- * Start output on the pfsync interface.
- */
-void
-pfsyncstart(struct ifnet *ifp)
-{
- struct mbuf *m;
- int s;
-
- for (;;) {
- s = splimp();
- IF_DROP(&ifp->if_snd);
- IF_DEQUEUE(&ifp->if_snd, m);
- splx(s);
-
- if (m == NULL)
- return;
- else
- m_freem(m);
- }
-}
-
-int
-pfsync_insert_net_state(struct pfsync_state *sp)
-{
- struct pf_state *st = NULL;
- struct pf_rule *r = NULL;
- struct pfi_kif *kif;
-
- if (sp->creatorid == 0 && pf_status.debug >= PF_DEBUG_MISC) {
- printf("pfsync_insert_net_state: invalid creator id:"
- " %08x\n", ntohl(sp->creatorid));
- return (EINVAL);
- }
-
- kif = pfi_lookup_create(sp->ifname);
- if (kif == NULL) {
- if (pf_status.debug >= PF_DEBUG_MISC)
- printf("pfsync_insert_net_state: "
- "unknown interface: %s\n", sp->ifname);
- /* skip this state */
- return (0);
- }
-
- /*
- * Just use the default rule until we have infrastructure to find the
- * best matching rule.
- */
- r = &pf_default_rule;
-
- if (!r->max_states || r->states < r->max_states)
- st = pool_get(&pf_state_pl, PR_NOWAIT);
- if (st == NULL) {
- pfi_maybe_destroy(kif);
- return (ENOMEM);
- }
- bzero(st, sizeof(*st));
-
- st->rule.ptr = r;
- /* XXX get pointers to nat_rule and anchor */
-
- /* fill in the rest of the state entry */
- pf_state_host_ntoh(&sp->lan, &st->lan);
- pf_state_host_ntoh(&sp->gwy, &st->gwy);
- pf_state_host_ntoh(&sp->ext, &st->ext);
-
- pf_state_peer_ntoh(&sp->src, &st->src);
- pf_state_peer_ntoh(&sp->dst, &st->dst);
-
- bcopy(&sp->rt_addr, &st->rt_addr, sizeof(st->rt_addr));
- st->creation = ntohl(sp->creation) + time.tv_sec;
- st->expire = ntohl(sp->expire) + time.tv_sec;
-
- st->af = sp->af;
- st->proto = sp->proto;
- st->direction = sp->direction;
- st->log = sp->log;
- st->timeout = sp->timeout;
- st->allow_opts = sp->allow_opts;
-
- bcopy(sp->id, &st->id, sizeof(st->id));
- st->creatorid = sp->creatorid;
- st->sync_flags = sp->sync_flags | PFSTATE_FROMSYNC;
-
-
- if (pf_insert_state(kif, st)) {
- pfi_maybe_destroy(kif);
- pool_put(&pf_state_pl, st);
- return (EINVAL);
- }
-
- return (0);
-}
Home |
Main Index |
Thread Index |
Old Index