Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Change the use of pfil hooks. There is no longer a sing...
details: https://anonhg.NetBSD.org/src/rev/18a3e113f987
branches: trunk
changeset: 482616:18a3e113f987
user: darrenr <darrenr%NetBSD.org@localhost>
date: Thu Feb 17 10:59:32 2000 +0000
description:
Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc. The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list. This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also. The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
diffstat:
sys/net/pfil.c | 63 +++++++++++++++++++++-----------------------
sys/net/pfil.h | 26 ++++++++++++------
sys/netinet/in.h | 3 +-
sys/netinet/in_proto.c | 4 ++-
sys/netinet/ip_fil.c | 10 ++++--
sys/netinet/ip_icmp.c | 5 +--
sys/netinet/ip_input.c | 10 +++---
sys/netinet/ip_output.c | 5 ++-
sys/netinet/raw_ip.c | 4 +--
sys/netinet6/ah_input.c | 5 +--
sys/netinet6/icmp6.c | 4 +--
sys/netinet6/in6.h | 3 +-
sys/netinet6/ip6_input.c | 36 ++++++++++++++++++++++++-
sys/netinet6/ip6_output.c | 30 ++++++++++++++++++++-
sys/netinet6/ip6protosw.h | 6 +++-
sys/netinet6/ipcomp_input.c | 5 +--
sys/sys/protosw.h | 9 +++++-
17 files changed, 149 insertions(+), 79 deletions(-)
diffs (truncated from 652 to 300 lines):
diff -r c9da3838f1a4 -r 18a3e113f987 sys/net/pfil.c
--- a/sys/net/pfil.c Thu Feb 17 09:05:07 2000 +0000
+++ b/sys/net/pfil.c Thu Feb 17 10:59:32 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfil.c,v 1.9 1999/10/10 09:07:32 mrg Exp $ */
+/* $NetBSD: pfil.c,v 1.10 2000/02/17 10:59:32 darrenr Exp $ */
/*
* Copyright (c) 1996 Matthew R. Green
@@ -35,29 +35,26 @@
#include <sys/socketvar.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/protosw.h>
#include <sys/queue.h>
#include <net/if.h>
#include <net/pfil.h>
-typedef TAILQ_HEAD(, packet_filter_hook) pfil_list_t;
-pfil_list_t pfil_in_list;
-pfil_list_t pfil_out_list;
-static int done_pfil_init;
-
-static void pfil_init __P((void));
+static void pfil_init __P((struct pfil_head *));
static void pfil_list_add(pfil_list_t *,
int (*) __P((void *, int, struct ifnet *, int, struct mbuf **)), int);
static void pfil_list_remove(pfil_list_t *,
int (*) __P((void *, int, struct ifnet *, int, struct mbuf **)));
static void
-pfil_init()
+pfil_init(ph)
+ struct pfil_head *ph;
{
- TAILQ_INIT(&pfil_in_list);
- TAILQ_INIT(&pfil_out_list);
- done_pfil_init = 1;
+ TAILQ_INIT(&ph->ph_in);
+ TAILQ_INIT(&ph->ph_out);
+ ph->ph_init = 1;
}
/*
@@ -69,21 +66,21 @@
* PFIL_WAITOK OK to call malloc with M_WAITOK.
*/
void
-pfil_add_hook(func, flags)
+pfil_add_hook(func, flags, psw)
int (*func) __P((void *, int, struct ifnet *, int,
struct mbuf **));
int flags;
+ struct protosw *psw;
{
+ struct pfil_head *ph = &psw->pr_pfh;
- if (done_pfil_init == 0)
- pfil_init();
+ if (ph->ph_init == 0)
+ pfil_init(ph);
if (flags & PFIL_IN)
- pfil_list_add(&pfil_in_list, func, PFIL_IN |
- (flags & PFIL_WAITOK));
+ pfil_list_add(&ph->ph_in, func, flags);
if (flags & PFIL_OUT)
- pfil_list_add(&pfil_out_list, func, PFIL_OUT |
- (flags & PFIL_WAITOK));
+ pfil_list_add(&ph->ph_out, func, flags);
}
static void
@@ -91,7 +88,7 @@
pfil_list_t *list;
int (*func) __P((void *, int, struct ifnet *, int,
struct mbuf **));
- int flags;
+ int flags;
{
struct packet_filter_hook *pfh;
@@ -99,16 +96,12 @@
flags & PFIL_WAITOK ? M_WAITOK : M_NOWAIT);
if (pfh == NULL)
panic("no memory for packet filter hook");
-
pfh->pfil_func = func;
/*
* insert the input list in reverse order of the output list
* so that the same path is followed in or out of the kernel.
*/
- if (flags & PFIL_IN)
- TAILQ_INSERT_HEAD(list, pfh, pfil_link);
- else
- TAILQ_INSERT_TAIL(list, pfh, pfil_link);
+ TAILQ_INSERT_TAIL(list, pfh, pfil_link);
}
/*
@@ -116,19 +109,21 @@
* hook list.
*/
void
-pfil_remove_hook(func, flags)
+pfil_remove_hook(func, flags, psw)
int (*func) __P((void *, int, struct ifnet *, int,
struct mbuf **));
int flags;
+ struct protosw *psw;
{
+ struct pfil_head *ph = &psw->pr_pfh;
- if (done_pfil_init == 0)
- pfil_init();
+ if (ph->ph_init == 0)
+ pfil_init(ph);
if (flags & PFIL_IN)
- pfil_list_remove(&pfil_in_list, func);
+ pfil_list_remove(&ph->ph_in, func);
if (flags & PFIL_OUT)
- pfil_list_remove(&pfil_out_list, func);
+ pfil_list_remove(&ph->ph_out, func);
}
/*
@@ -156,16 +151,18 @@
}
struct packet_filter_hook *
-pfil_hook_get(flag)
+pfil_hook_get(flag, psw)
int flag;
+ struct protosw *psw;
{
+ struct pfil_head *ph = &psw->pr_pfh;
- if (done_pfil_init)
+ if (ph->ph_init != 0)
switch (flag) {
case PFIL_IN:
- return (pfil_in_list.tqh_first);
+ return (ph->ph_in.tqh_first);
case PFIL_OUT:
- return (pfil_out_list.tqh_first);
+ return (ph->ph_out.tqh_first);
}
return NULL;
}
diff -r c9da3838f1a4 -r 18a3e113f987 sys/net/pfil.h
--- a/sys/net/pfil.h Thu Feb 17 09:05:07 2000 +0000
+++ b/sys/net/pfil.h Thu Feb 17 10:59:32 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfil.h,v 1.9 1998/03/19 15:45:30 mrg Exp $ */
+/* $NetBSD: pfil.h,v 1.10 2000/02/17 10:59:32 darrenr Exp $ */
/*
* Copyright (c) 1996 Matthew R. Green
@@ -31,10 +31,11 @@
#ifndef _NET_PFIL_H_
#define _NET_PFIL_H_
-/* note: this file needs <net/if.h> and <sys/mbuf.h> */
+#include <sys/queue.h>
-#ifdef _KERNEL
-#include <sys/queue.h>
+struct protosw;
+struct mbuf;
+struct ifnet;
/*
* The packet filter hooks are designed for anything to call them to
@@ -49,15 +50,22 @@
#define PFIL_IN 0x00000001
#define PFIL_OUT 0x00000002
-#define PFIL_WAITOK 0x00000008
+#define PFIL_WAITOK 0x00000004
#define PFIL_ALL (PFIL_IN|PFIL_OUT)
-struct packet_filter_hook *pfil_hook_get __P((int));
+typedef TAILQ_HEAD(pfil_list, packet_filter_hook) pfil_list_t;
+
+struct pfil_head {
+ pfil_list_t ph_in;
+ pfil_list_t ph_out;
+ int ph_init;
+} pfil_head_t;
+
+struct packet_filter_hook *pfil_hook_get __P((int, struct protosw *));
void pfil_add_hook __P((int (*func) __P((void *, int,
- struct ifnet *, int, struct mbuf **)), int));
+ struct ifnet *, int, struct mbuf **)), int, struct protosw *));
void pfil_remove_hook __P((int (*func) __P((void *, int,
- struct ifnet *, int, struct mbuf **)), int));
-#endif /* _KERNEL */
+ struct ifnet *, int, struct mbuf **)), int, struct protosw *));
/* XXX */
#if defined(_KERNEL) && !defined(_LKM)
diff -r c9da3838f1a4 -r 18a3e113f987 sys/netinet/in.h
--- a/sys/netinet/in.h Thu Feb 17 09:05:07 2000 +0000
+++ b/sys/netinet/in.h Thu Feb 17 10:59:32 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in.h,v 1.45 2000/02/09 00:54:55 itojun Exp $ */
+/* $NetBSD: in.h,v 1.46 2000/02/17 10:59:35 darrenr Exp $ */
/*
* Copyright (c) 1982, 1986, 1990, 1993
@@ -374,6 +374,7 @@
#ifdef _KERNEL
extern struct in_addr zeroin_addr;
+extern u_char ip_protox[];
int in_broadcast __P((struct in_addr, struct ifnet *));
int in_canforward __P((struct in_addr));
diff -r c9da3838f1a4 -r 18a3e113f987 sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c Thu Feb 17 09:05:07 2000 +0000
+++ b/sys/netinet/in_proto.c Thu Feb 17 10:59:32 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.37 2000/02/15 19:54:11 thorpej Exp $ */
+/* $NetBSD: in_proto.c,v 1.38 2000/02/17 10:59:35 darrenr Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -267,6 +267,8 @@
inetsw, &inetsw[sizeof(inetsw)/sizeof(inetsw[0])], 0,
rn_inithead, 32, sizeof(struct sockaddr_in) };
+u_char ip_protox[IPPROTO_MAX];
+
#define TCP_SYN_HASH_SIZE 293
#define TCP_SYN_BUCKET_SIZE 35
diff -r c9da3838f1a4 -r 18a3e113f987 sys/netinet/ip_fil.c
--- a/sys/netinet/ip_fil.c Thu Feb 17 09:05:07 2000 +0000
+++ b/sys/netinet/ip_fil.c Thu Feb 17 10:59:32 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil.c,v 1.40 2000/02/01 21:41:36 veego Exp $ */
+/* $NetBSD: ip_fil.c,v 1.41 2000/02/17 10:59:35 darrenr Exp $ */
/*
* Copyright (C) 1993-1998 by Darren Reed.
@@ -9,7 +9,7 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.40 2000/02/01 21:41:36 veego Exp $";
+static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.41 2000/02/17 10:59:35 darrenr Exp $";
#else
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.4.2.16 2000/01/16 10:12:42 darrenr Exp";
@@ -263,7 +263,8 @@
return -1;
# ifdef NETBSD_PF
- pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
+ pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
+ &inetsw[ip_protox[IPPROTO_IP]]);
# endif
# ifdef __sgi
@@ -341,7 +342,8 @@
fr_running = 0;
# ifdef NETBSD_PF
- pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
+ pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
+ &inetsw[ip_protox[IPPROTO_IP]]);
# endif
# ifdef __sgi
diff -r c9da3838f1a4 -r 18a3e113f987 sys/netinet/ip_icmp.c
--- a/sys/netinet/ip_icmp.c Thu Feb 17 09:05:07 2000 +0000
+++ b/sys/netinet/ip_icmp.c Thu Feb 17 10:59:32 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.40 2000/02/15 04:03:49 thorpej Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.41 2000/02/17 10:59:35 darrenr Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -153,8 +153,6 @@
/*static*/ int ip_next_mtu __P((int, int));
#endif
-extern struct protosw inetsw[];
-
extern struct timeval icmperrratelim;
static void icmp_mtudisc __P((struct icmp *));
@@ -293,7 +291,6 @@
struct in_ifaddr *ia;
void *(*ctlfunc) __P((int, struct sockaddr *, void *));
int code;
- extern u_char ip_protox[];
Home |
Main Index |
Thread Index |
Old Index