Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/jmcneill-usbmp]: src/sys/external/bsd/ipf/netinet Re-add new ipf on the ...
details: https://anonhg.NetBSD.org/src/rev/4c01aabae4e3
branches: jmcneill-usbmp
changeset: 771845:4c01aabae4e3
user: joerg <joerg%NetBSD.org@localhost>
date: Tue Apr 17 19:25:17 2012 +0000
description:
Re-add new ipf on the jmcneill-usbmp branch.
diffstat:
sys/external/bsd/ipf/netinet/fil.c | 9573 +++++++++++++++++++++++++
sys/external/bsd/ipf/netinet/ip_auth.c | 1277 +++
sys/external/bsd/ipf/netinet/ip_auth.h | 73 +
sys/external/bsd/ipf/netinet/ip_compat.h | 2827 +++++++
sys/external/bsd/ipf/netinet/ip_dns_pxy.c | 373 +
sys/external/bsd/ipf/netinet/ip_dstlist.c | 1254 +++
sys/external/bsd/ipf/netinet/ip_dstlist.h | 70 +
sys/external/bsd/ipf/netinet/ip_fil.h | 1954 +++++
sys/external/bsd/ipf/netinet/ip_fil_compat.c | 4739 ++++++++++++
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c | 2116 +++++
sys/external/bsd/ipf/netinet/ip_frag.c | 1278 +++
sys/external/bsd/ipf/netinet/ip_frag.h | 103 +
sys/external/bsd/ipf/netinet/ip_ftp_pxy.c | 1796 ++++
sys/external/bsd/ipf/netinet/ip_h323_pxy.c | 290 +
sys/external/bsd/ipf/netinet/ip_htable.c | 1439 +++
sys/external/bsd/ipf/netinet/ip_htable.h | 78 +
sys/external/bsd/ipf/netinet/ip_ipsec_pxy.c | 397 +
sys/external/bsd/ipf/netinet/ip_irc_pxy.c | 439 +
sys/external/bsd/ipf/netinet/ip_log.c | 871 ++
sys/external/bsd/ipf/netinet/ip_lookup.c | 962 ++
sys/external/bsd/ipf/netinet/ip_lookup.h | 154 +
sys/external/bsd/ipf/netinet/ip_nat.c | 8958 +++++++++++++++++++++++
sys/external/bsd/ipf/netinet/ip_nat.h | 770 ++
sys/external/bsd/ipf/netinet/ip_nat6.c | 4678 ++++++++++++
sys/external/bsd/ipf/netinet/ip_netbios_pxy.c | 121 +
sys/external/bsd/ipf/netinet/ip_pool.c | 1370 +++
sys/external/bsd/ipf/netinet/ip_pool.h | 68 +
sys/external/bsd/ipf/netinet/ip_pptp_pxy.c | 524 +
sys/external/bsd/ipf/netinet/ip_proxy.c | 1209 +++
sys/external/bsd/ipf/netinet/ip_proxy.h | 491 +
sys/external/bsd/ipf/netinet/ip_raudio_pxy.c | 342 +
sys/external/bsd/ipf/netinet/ip_rcmd_pxy.c | 314 +
sys/external/bsd/ipf/netinet/ip_rpcb_pxy.c | 1423 +++
sys/external/bsd/ipf/netinet/ip_scan.c | 632 +
sys/external/bsd/ipf/netinet/ip_scan.h | 108 +
sys/external/bsd/ipf/netinet/ip_state.c | 5200 +++++++++++++
sys/external/bsd/ipf/netinet/ip_state.h | 337 +
sys/external/bsd/ipf/netinet/ip_sync.c | 1452 +++
sys/external/bsd/ipf/netinet/ip_sync.h | 123 +
sys/external/bsd/ipf/netinet/ip_tftp_pxy.c | 281 +
sys/external/bsd/ipf/netinet/ipf_rb.h | 366 +
sys/external/bsd/ipf/netinet/ipl.h | 19 +
sys/external/bsd/ipf/netinet/radix_ipf.c | 1297 +++
sys/external/bsd/ipf/netinet/radix_ipf.h | 98 +
44 files changed, 62244 insertions(+), 0 deletions(-)
diffs (truncated from 62420 to 300 lines):
diff -r d48503165e00 -r 4c01aabae4e3 sys/external/bsd/ipf/netinet/fil.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/external/bsd/ipf/netinet/fil.c Tue Apr 17 19:25:17 2012 +0000
@@ -0,0 +1,9573 @@
+/* $NetBSD: fil.c,v 1.2.2.2 2012/04/17 19:25:17 joerg Exp $ */
+
+/*
+ * Copyright (C) 2012 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Id: fil.c,v 2.443.2.36 2012/01/29 05:30:35 darrenr Exp
+ *
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+# undef KERNEL
+# undef _KERNEL
+# define KERNEL 1
+# define _KERNEL 1
+#endif
+#include <sys/errno.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#if defined(_KERNEL) && defined(__FreeBSD_version) && \
+ (__FreeBSD_version >= 220000)
+# if (__FreeBSD_version >= 400000)
+# if !defined(IPFILTER_LKM)
+# include "opt_inet6.h"
+# endif
+# if (__FreeBSD_version == 400019)
+# define CSUM_DELAY_DATA
+# endif
+# endif
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
+#if (defined(__SVR4) || defined(__svr4__)) && defined(sun)
+# include <sys/filio.h>
+#endif
+#if !defined(_AIX51)
+# include <sys/fcntl.h>
+#endif
+#if defined(_KERNEL)
+# include <sys/systm.h>
+# include <sys/file.h>
+#else
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <stddef.h>
+# include <sys/file.h>
+# define _KERNEL
+# ifdef __OpenBSD__
+struct file;
+# endif
+# include <sys/uio.h>
+# undef _KERNEL
+#endif
+#if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux) && \
+ !defined(linux)
+# include <sys/mbuf.h>
+#else
+# if !defined(linux)
+# include <sys/byteorder.h>
+# endif
+# if (SOLARIS2 < 5) && defined(sun)
+# include <sys/dditypes.h>
+# endif
+#endif
+#ifdef __hpux
+# define _NET_ROUTE_INCLUDED
+#endif
+#if !defined(linux)
+# include <sys/protosw.h>
+#endif
+#include <sys/socket.h>
+#include <net/if.h>
+#ifdef sun
+# include <net/af.h>
+#endif
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#if defined(__sgi) && defined(IFF_DRVRLOCK) /* IRIX 6 */
+# include <sys/hashing.h>
+# include <netinet/in_var.h>
+#endif
+#include <netinet/tcp.h>
+#if (!defined(__sgi) && !defined(AIX)) || defined(_KERNEL)
+# include <netinet/udp.h>
+# include <netinet/ip_icmp.h>
+#endif
+#ifdef __hpux
+# undef _NET_ROUTE_INCLUDED
+#endif
+#ifdef __osf__
+# undef _RADIX_H_
+#endif
+#include "netinet/ip_compat.h"
+#ifdef USE_INET6
+# include <netinet/icmp6.h>
+# if !SOLARIS && defined(_KERNEL) && !defined(__osf__) && !defined(__hpux)
+# include <netinet6/in6_var.h>
+# endif
+#endif
+#include "netinet/ip_fil.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_frag.h"
+#include "netinet/ip_state.h"
+#include "netinet/ip_proxy.h"
+#include "netinet/ip_auth.h"
+#ifdef IPFILTER_SCAN
+# include "netinet/ip_scan.h"
+#endif
+#include "netinet/ip_sync.h"
+#include "netinet/ip_lookup.h"
+#include "netinet/ip_pool.h"
+#include "netinet/ip_htable.h"
+#ifdef IPFILTER_COMPILED
+# include "netinet/ip_rules.h"
+#endif
+#if defined(IPFILTER_BPF) && defined(_KERNEL)
+# include <net/bpf.h>
+#endif
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
+# include <sys/malloc.h>
+#endif
+#include "netinet/ipl.h"
+
+#if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
+# include <sys/callout.h>
+extern struct callout ipf_slowtimer_ch;
+#endif
+#if defined(__OpenBSD__)
+# include <sys/timeout.h>
+extern struct timeout ipf_slowtimer_ch;
+#endif
+/* END OF INCLUDES */
+
+#if !defined(lint)
+#if defined(__NetBSD__)
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.2.2.2 2012/04/17 19:25:17 joerg Exp $");
+#else
+static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: fil.c,v 2.443.2.36 2012/01/29 05:30:35 darrenr Exp";
+#endif
+#endif
+
+#ifndef _KERNEL
+# include "ipf.h"
+# include "ipt.h"
+extern int opts;
+extern int blockreason;
+#endif /* _KERNEL */
+
+#define LBUMP(x) softc->x++
+#define LBUMPD(x, y) do { softc->x.y++; DT(y); } while (0)
+
+static INLINE int ipf_check_ipf(fr_info_t *, frentry_t *, int);
+static u_32_t ipf_checkcipso(fr_info_t *, u_char *, int);
+static u_32_t ipf_checkripso(u_char *);
+static u_32_t ipf_decaps(fr_info_t *, u_32_t, int);
+#ifdef IPFILTER_LOG
+static frentry_t *ipf_dolog(fr_info_t *, u_32_t *);
+#endif
+static int ipf_flushlist(ipf_main_softc_t *, int, minor_t,
+ int *, frentry_t **);
+static int ipf_flush_groups(ipf_main_softc_t *, int, int, int);
+static ipfunc_t ipf_findfunc(ipfunc_t);
+static void *ipf_findlookup(ipf_main_softc_t *, int, frentry_t *,
+ i6addr_t *, i6addr_t *);
+static frentry_t *ipf_firewall(fr_info_t *, u_32_t *);
+static int ipf_fr_matcharray(fr_info_t *, int *);
+static int ipf_frruleiter(ipf_main_softc_t *, void *, int, void *);
+static void ipf_funcfini(ipf_main_softc_t *, frentry_t *);;
+static int ipf_funcinit(ipf_main_softc_t *, frentry_t *);
+static int ipf_geniter(ipf_main_softc_t *, ipftoken_t *,
+ ipfgeniter_t *);
+static void ipf_getstat(ipf_main_softc_t *,
+ struct friostat *, int);
+static int ipf_grpmapfini(struct ipf_main_softc_s *, frentry_t *);
+static int ipf_grpmapinit(struct ipf_main_softc_s *, frentry_t *);
+static int ipf_portcheck(frpcmp_t *, u_32_t);
+static INLINE int ipf_pr_ah(fr_info_t *);
+static INLINE void ipf_pr_esp(fr_info_t *);
+static INLINE void ipf_pr_gre(fr_info_t *);
+static INLINE void ipf_pr_udp(fr_info_t *);
+static INLINE void ipf_pr_tcp(fr_info_t *);
+static INLINE void ipf_pr_icmp(fr_info_t *);
+static INLINE void ipf_pr_ipv4hdr(fr_info_t *);
+static INLINE void ipf_pr_short(fr_info_t *, int);
+static INLINE int ipf_pr_tcpcommon(fr_info_t *);
+static INLINE int ipf_pr_udpcommon(fr_info_t *);
+static void ipf_rule_delete(ipf_main_softc_t *, frentry_t *f,
+ int, int);
+static void ipf_rule_expire_insert(ipf_main_softc_t *,
+ frentry_t *, int);
+static int ipf_synclist(ipf_main_softc_t *, frentry_t *, void *);
+static ipftuneable_t *ipf_tune_findbyname(ipftuneable_t *, const char *);
+static ipftuneable_t *ipf_tune_findbycookie(ipftuneable_t **, void *,
+ void **);
+static void ipf_token_unlink(ipf_main_softc_t *, ipftoken_t *);
+static int ipf_updateipid(fr_info_t *);
+static int ipf_settimeout(struct ipf_main_softc_s *,
+ struct ipftuneable *, ipftuneval_t *);
+
+
+/*
+ * bit values for identifying presence of individual IP options
+ * All of these tables should be ordered by increasing key value on the left
+ * hand side to allow for binary searching of the array and include a trailer
+ * with a 0 for the bitmask for linear searches to easily find the end with.
+ */
+static const struct optlist ipopts[20] = {
+ { IPOPT_NOP, 0x000001 },
+ { IPOPT_RR, 0x000002 },
+ { IPOPT_ZSU, 0x000004 },
+ { IPOPT_MTUP, 0x000008 },
+ { IPOPT_MTUR, 0x000010 },
+ { IPOPT_ENCODE, 0x000020 },
+ { IPOPT_TS, 0x000040 },
+ { IPOPT_TR, 0x000080 },
+ { IPOPT_SECURITY, 0x000100 },
+ { IPOPT_LSRR, 0x000200 },
+ { IPOPT_E_SEC, 0x000400 },
+ { IPOPT_CIPSO, 0x000800 },
+ { IPOPT_SATID, 0x001000 },
+ { IPOPT_SSRR, 0x002000 },
+ { IPOPT_ADDEXT, 0x004000 },
+ { IPOPT_VISA, 0x008000 },
+ { IPOPT_IMITD, 0x010000 },
+ { IPOPT_EIP, 0x020000 },
+ { IPOPT_FINN, 0x040000 },
+ { 0, 0x000000 }
+};
+
+#ifdef USE_INET6
+static struct optlist ip6exthdr[] = {
+ { IPPROTO_HOPOPTS, 0x000001 },
+ { IPPROTO_IPV6, 0x000002 },
+ { IPPROTO_ROUTING, 0x000004 },
+ { IPPROTO_FRAGMENT, 0x000008 },
+ { IPPROTO_ESP, 0x000010 },
+ { IPPROTO_AH, 0x000020 },
+ { IPPROTO_NONE, 0x000040 },
+ { IPPROTO_DSTOPTS, 0x000080 },
+ { IPPROTO_MOBILITY, 0x000100 },
+ { 0, 0 }
+};
+#endif
+
+/*
+ * bit values for identifying presence of individual IP security options
+ */
+static const struct optlist secopt[8] = {
+ { IPSO_CLASS_RES4, 0x01 },
+ { IPSO_CLASS_TOPS, 0x02 },
+ { IPSO_CLASS_SECR, 0x04 },
+ { IPSO_CLASS_RES3, 0x08 },
+ { IPSO_CLASS_CONF, 0x10 },
+ { IPSO_CLASS_UNCL, 0x20 },
+ { IPSO_CLASS_RES2, 0x40 },
+ { IPSO_CLASS_RES1, 0x80 }
+};
+
+char ipfilter_version[] = IPL_VERSION;
+
+int ipf_features = 0
+#ifdef IPFILTER_LKM
+ | IPF_FEAT_LKM
+#endif
+#ifdef IPFILTER_LOG
+ | IPF_FEAT_LOG
+#endif
+ | IPF_FEAT_LOOKUP
+#ifdef IPFILTER_BPF
+ | IPF_FEAT_BPF
+#endif
+#ifdef IPFILTER_COMPILED
+ | IPF_FEAT_COMPILED
+#endif
+#ifdef IPFILTER_CKSUM
+ | IPF_FEAT_CKSUM
+#endif
+ | IPF_FEAT_SYNC
+#ifdef IPFILTER_SCAN
+ | IPF_FEAT_SCAN
+#endif
+#ifdef USE_INET6
+ | IPF_FEAT_IPV6
+#endif
+ ;
+
+
+/*
+ * Table of functions available for use with call rules.
+ */
Home |
Main Index |
Thread Index |
Old Index