Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/lkm/netinet/if_ipl Better kernel module for IPF (kern/26...
details: https://anonhg.NetBSD.org/src/rev/7f089b37fe96
branches: trunk
changeset: 569698:7f089b37fe96
user: martti <martti%NetBSD.org@localhost>
date: Mon Aug 30 11:32:33 2004 +0000
description:
Better kernel module for IPF (kern/26112 by Peter Postma)
diffstat:
sys/lkm/netinet/if_ipl/mln_ipl.c | 345 +++++++++-----------------------------
1 files changed, 80 insertions(+), 265 deletions(-)
diffs (truncated from 395 to 300 lines):
diff -r 661a965ca8c7 -r 7f089b37fe96 sys/lkm/netinet/if_ipl/mln_ipl.c
--- a/sys/lkm/netinet/if_ipl/mln_ipl.c Mon Aug 30 10:30:38 2004 +0000
+++ b/sys/lkm/netinet/if_ipl/mln_ipl.c Mon Aug 30 11:32:33 2004 +0000
@@ -1,291 +1,88 @@
-/* $NetBSD: mln_ipl.c,v 1.33 2004/03/28 09:00:57 martti Exp $ */
+/* $NetBSD: mln_ipl.c,v 1.34 2004/08/30 11:32:33 martti Exp $ */
/*
- * Copyright (C) 1993-2001 by Darren Reed.
- *
- * See the IPFILTER.LICENCE file for details on licencing.
+ * Copyright (c) 2004 The NetBSD Foundation, Inc.
+ * All rights reserved.
*
- */
-/*
- * 29/12/94 Added code from Marc Huber <huber%fzi.de@localhost> to allow it to allocate
- * its own major char number! Way cool patch!
+ * This code is derived from software contributed to the NetBSD Foundation
+ * by Peter Postma.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the NetBSD
+ * Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mln_ipl.c,v 1.33 2004/03/28 09:00:57 martti Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mln_ipl.c,v 1.34 2004/08/30 11:32:33 martti Exp $");
#include <sys/param.h>
-
-/*
- * Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
- * on those hooks. We don't need any special mods with this!
- */
-#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
- (defined(NetBSD1_2) && NetBSD1_2 > 1)
-# define NETBSD_PF
-#endif
-
#include <sys/systm.h>
#include <sys/conf.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/proc.h>
-#include <sys/uio.h>
#include <sys/kernel.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/malloc.h>
-#include <sys/mount.h>
-#include <sys/exec.h>
-#include <sys/mbuf.h>
+#include <sys/lkm.h>
+
#include <net/if.h>
+#include <net/if_types.h>
+
+#include <netinet/in.h>
#include <netinet/in_systm.h>
-#include <netinet/in.h>
#include <netinet/ip.h>
-#include <net/route.h>
#include <netinet/ip_var.h>
-#include <netinet/tcp.h>
-#include <netinet/tcpip.h>
-#include <sys/lkm.h>
+
#include "ipl.h"
#include "ip_compat.h"
#include "ip_fil.h"
-#if !defined(__NetBSD_Version__) || __NetBSD_Version__ < 103050000
-#define vn_lock(v,f) VOP_LOCK(v)
-#endif
-
-#if !defined(VOP_LEASE) && defined(LEASE_CHECK)
-#define VOP_LEASE LEASE_CHECK
-#endif
-
-
-extern int lkmenodev __P((void));
+int if_ipl_lkmentry(struct lkm_table *, int, int);
+static int if_ipl_lkmload(struct lkm_table *, int);
+static int if_ipl_lkmunload(struct lkm_table *, int);
-#if NetBSD >= 199706
-int if_ipl_lkmentry __P((struct lkm_table *, int, int));
-#else
-int xxxinit __P((struct lkm_table *, int, int));
-#endif
-static int ipl_unload __P((void));
-static int ipl_load __P((void));
-static int ipl_remove __P((void));
-static int iplaction __P((struct lkm_table *, int));
-static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
- IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
- IPLOOKUP_NAME, NULL };
+extern const struct cdevsw ipl_cdevsw;
+MOD_DEV(IPL_VERSION, "ipl", NULL, -1, &ipl_cdevsw, -1);
-#if (defined(NetBSD1_0) && (NetBSD1_0 > 1)) || \
- (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199511))
-# if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
-extern const struct cdevsw ipl_cdevsw;
-# else
-struct cdevsw ipldevsw =
+int
+if_ipl_lkmentry(struct lkm_table *lkmtp, int cmd, int ver)
{
- iplopen, /* open */
- iplclose, /* close */
- iplread, /* read */
- 0, /* write */
- iplioctl, /* ioctl */
- 0, /* stop */
- 0, /* tty */
- 0, /* select */
- 0, /* mmap */
- NULL /* strategy */
-};
-# endif
-#else
-struct cdevsw ipldevsw =
-{
- iplopen, /* open */
- iplclose, /* close */
- iplread, /* read */
- (void *)nullop, /* write */
- iplioctl, /* ioctl */
- (void *)nullop, /* stop */
- (void *)nullop, /* reset */
- (void *)NULL, /* tty */
- (void *)nullop, /* select */
- (void *)nullop, /* mmap */
- NULL /* strategy */
-};
-#endif
-int ipl_major = 0;
-
-#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
-MOD_DEV(IPL_VERSION, "ipl", NULL, -1, &ipl_cdevsw, -1);
-#else
-MOD_DEV(IPL_VERSION, LM_DT_CHAR, -1, &ipldevsw);
-#endif
-
-extern int vd_unuseddev __P((void));
-extern struct cdevsw cdevsw[];
-extern int nchrdev;
-
-
-#if NetBSD >= 199706
-int if_ipl_lkmentry(lkmtp, cmd, ver)
-#else
-int xxxinit(lkmtp, cmd, ver)
-#endif
-struct lkm_table *lkmtp;
-int cmd, ver;
-{
- DISPATCH(lkmtp, cmd, ver, iplaction, iplaction, iplaction);
+ LKM_DISPATCH(lkmtp, cmd, ver, if_ipl_lkmload, if_ipl_lkmunload,
+ lkm_nofunc);
}
-
-static int iplaction(lkmtp, cmd)
-struct lkm_table *lkmtp;
-int cmd;
+static int
+if_ipl_lkmload(struct lkm_table *lkmtp, int cmd)
{
-#if !defined(__NetBSD__) || (__NetBSD_Version__ < 106080000)
- int i;
-#endif
- struct lkm_dev *args = lkmtp->private.lkm_dev;
- int err = 0;
-
- switch (cmd)
- {
- case LKM_E_LOAD :
- if (lkmexists(lkmtp))
- return EEXIST;
-
-#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
- err = devsw_attach(args->lkm_devname,
- args->lkm_bdev, &args->lkm_bdevmaj,
- args->lkm_cdev, &args->lkm_cdevmaj);
- if (err != 0)
- return (err);
- ipl_major = args->lkm_cdevmaj;
-#else
- for (i = 0; i < nchrdev; i++)
- if (cdevsw[i].d_open == (dev_type_open((*)))lkmenodev ||
- cdevsw[i].d_open == iplopen)
- break;
- if (i == nchrdev) {
- printf("IP Filter: No free cdevsw slots\n");
- return ENODEV;
- }
-
- ipl_major = i;
- args->lkm_offset = i; /* slot in cdevsw[] */
-#endif
- printf("IP Filter: loaded into slot %d\n", ipl_major);
- return ipl_load();
- case LKM_E_UNLOAD :
-#if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000)
- devsw_detach(args->lkm_bdev, args->lkm_cdev);
- args->lkm_bdevmaj = -1;
- args->lkm_cdevmaj = -1;
-#endif
- err = ipl_unload();
- if (!err)
- printf("IP Filter: unloaded from slot %d\n",
- ipl_major);
- break;
- case LKM_E_STAT :
- break;
- default:
- err = EIO;
- break;
- }
- return err;
-}
-
+ const char *defpass;
+ int error;
-static int ipl_remove()
-{
- char *name;
- struct nameidata nd;
- int error, i;
-
- for (i = 0; (name = ipf_devfiles[i]); i++) {
-#if (__NetBSD_Version__ > 106009999)
- NDINIT(&nd, DELETE, LOCKPARENT|LOCKLEAF, UIO_SYSSPACE,
- name, curproc);
-#else
- NDINIT(&nd, DELETE, LOCKPARENT, UIO_SYSSPACE, name, curproc);
-#endif
- if ((error = namei(&nd)))
- return (error);
- VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE);
-#if !defined(__NetBSD_Version__) || (__NetBSD_Version__ < 106000000)
- vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
-#endif
- VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE);
- (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
- }
- return 0;
-}
-
-
-static int ipl_unload()
-{
- int error = 0;
-
- /*
- * Unloading - remove the filter rule check from the IP
- * input/output stream.
- */
- if (fr_refcnt)
- error = EBUSY;
- else if (fr_running >= 0)
- error = ipldetach();
-
- if (error == 0) {
- fr_running = -2;
- error = ipl_remove();
- printf("%s unloaded\n", ipfilter_version);
- }
- return error;
-}
Home |
Main Index |
Thread Index |
Old Index