[src/trunk]: src/sys/external/bsd/ipf/netinet import kernel portion of ipfilt...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/external/bsd/ipf/netinet import kernel portion of ipfilt...
From: christos <christos%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 23:06:43 +0000
details:   https://anonhg.NetBSD.org/src/rev/b60d64af3403
branches:  trunk
changeset: 778370:b60d64af3403
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Mar 23 20:36:52 2012 +0000

description:
import kernel portion of ipfilter 5.1.1

diffstat:

 sys/external/bsd/ipf/netinet/fil.c            |  9869 +++++++++++++++++++++++++
 sys/external/bsd/ipf/netinet/ip_auth.c        |  1309 +++
 sys/external/bsd/ipf/netinet/ip_auth.h        |    73 +
 sys/external/bsd/ipf/netinet/ip_compat.h      |  2816 +++++++
 sys/external/bsd/ipf/netinet/ip_dns_pxy.c     |   401 +
 sys/external/bsd/ipf/netinet/ip_dstlist.c     |  1314 +++
 sys/external/bsd/ipf/netinet/ip_dstlist.h     |    71 +
 sys/external/bsd/ipf/netinet/ip_fil.h         |  1959 ++++
 sys/external/bsd/ipf/netinet/ip_fil_compat.c  |  4856 ++++++++++++
 sys/external/bsd/ipf/netinet/ip_fil_netbsd.c  |  2125 +++++
 sys/external/bsd/ipf/netinet/ip_frag.c        |  1327 +++
 sys/external/bsd/ipf/netinet/ip_frag.h        |   103 +
 sys/external/bsd/ipf/netinet/ip_ftp_pxy.c     |  1872 ++++
 sys/external/bsd/ipf/netinet/ip_htable.c      |  1508 +++
 sys/external/bsd/ipf/netinet/ip_htable.h      |    78 +
 sys/external/bsd/ipf/netinet/ip_ipsec_pxy.c   |   413 +
 sys/external/bsd/ipf/netinet/ip_irc_pxy.c     |   449 +
 sys/external/bsd/ipf/netinet/ip_log.c         |   894 ++
 sys/external/bsd/ipf/netinet/ip_lookup.c      |  1005 ++
 sys/external/bsd/ipf/netinet/ip_lookup.h      |   154 +
 sys/external/bsd/ipf/netinet/ip_nat.c         |  9092 +++++++++++++++++++++++
 sys/external/bsd/ipf/netinet/ip_nat.h         |   770 +
 sys/external/bsd/ipf/netinet/ip_nat6.c        |  4773 ++++++++++++
 sys/external/bsd/ipf/netinet/ip_netbios_pxy.c |   122 +
 sys/external/bsd/ipf/netinet/ip_pool.c        |  1429 +++
 sys/external/bsd/ipf/netinet/ip_pool.h        |    68 +
 sys/external/bsd/ipf/netinet/ip_pptp_pxy.c    |   543 +
 sys/external/bsd/ipf/netinet/ip_proxy.c       |  1226 +++
 sys/external/bsd/ipf/netinet/ip_proxy.h       |   491 +
 sys/external/bsd/ipf/netinet/ip_raudio_pxy.c  |   351 +
 sys/external/bsd/ipf/netinet/ip_rcmd_pxy.c    |   331 +
 sys/external/bsd/ipf/netinet/ip_rpcb_pxy.c    |  1472 +++
 sys/external/bsd/ipf/netinet/ip_scan.c        |   627 +
 sys/external/bsd/ipf/netinet/ip_scan.h        |   108 +
 sys/external/bsd/ipf/netinet/ip_state.c       |  5316 +++++++++++++
 sys/external/bsd/ipf/netinet/ip_state.h       |   337 +
 sys/external/bsd/ipf/netinet/ip_sync.c        |  1495 +++
 sys/external/bsd/ipf/netinet/ip_sync.h        |   123 +
 sys/external/bsd/ipf/netinet/ip_tftp_pxy.c    |   302 +
 sys/external/bsd/ipf/netinet/ipf_rb.h         |   366 +
 sys/external/bsd/ipf/netinet/ipl.h            |    19 +
 sys/external/bsd/ipf/netinet/radix_ipf.c      |  1324 +++
 sys/external/bsd/ipf/netinet/radix_ipf.h      |    98 +
 43 files changed, 63379 insertions(+), 0 deletions(-)

diffs (truncated from 63551 to 300 lines):

diff -r fd28dd22bf6f -r b60d64af3403 sys/external/bsd/ipf/netinet/fil.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/external/bsd/ipf/netinet/fil.c        Fri Mar 23 20:36:52 2012 +0000
@@ -0,0 +1,9869 @@
+/*     $NetBSD: fil.c,v 1.1.1.1 2012/03/23 20:36:52 christos Exp $     */
+
+/*
+ * Copyright (C) 2012 by Darren Reed.
+ *
+ * See the IPFILTER.LICENCE file for details on licencing.
+ *
+ * Copyright 2008 Sun Microsystems.
+ *
+ * Id
+ *
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+# undef KERNEL
+# undef _KERNEL
+# define        KERNEL 1
+# define        _KERNEL        1
+#endif
+#include <sys/errno.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#if defined(_KERNEL) && defined(__FreeBSD_version) && \
+    (__FreeBSD_version >= 220000)
+# if (__FreeBSD_version >= 400000)
+#  if !defined(IPFILTER_LKM)
+#   include "opt_inet6.h"
+#  endif
+#  if (__FreeBSD_version == 400019)
+#   define CSUM_DELAY_DATA
+#  endif
+# endif
+# include <sys/filio.h>
+#else
+# include <sys/ioctl.h>
+#endif
+#if (defined(__SVR4) || defined(__svr4__)) && defined(sun)
+# include <sys/filio.h>
+#endif
+#if !defined(_AIX51)
+# include <sys/fcntl.h>
+#endif
+#if defined(_KERNEL)
+# include <sys/systm.h>
+# include <sys/file.h>
+#else
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <stddef.h>
+# include <sys/file.h>
+# define _KERNEL
+# ifdef __OpenBSD__
+struct file;
+# endif
+# include <sys/uio.h>
+# undef _KERNEL
+#endif
+#if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux) && \
+    !defined(linux)
+# include <sys/mbuf.h>
+#else
+# if !defined(linux)
+#  include <sys/byteorder.h>
+# endif
+# if (SOLARIS2 < 5) && defined(sun)
+#  include <sys/dditypes.h>
+# endif
+#endif
+#ifdef __hpux
+# define _NET_ROUTE_INCLUDED
+#endif
+#if !defined(linux)
+# include <sys/protosw.h>
+#endif
+#include <sys/socket.h>
+#include <net/if.h>
+#ifdef sun
+# include <net/af.h>
+#endif
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#if defined(__sgi) && defined(IFF_DRVRLOCK) /* IRIX 6 */
+# include <sys/hashing.h>
+# include <netinet/in_var.h>
+#endif
+#include <netinet/tcp.h>
+#if (!defined(__sgi) && !defined(AIX)) || defined(_KERNEL)
+# include <netinet/udp.h>
+# include <netinet/ip_icmp.h>
+#endif
+#ifdef __hpux
+# undef _NET_ROUTE_INCLUDED
+#endif
+#ifdef __osf__
+# undef _RADIX_H_
+#endif
+#include "netinet/ip_compat.h"
+#ifdef USE_INET6
+# include <netinet/icmp6.h>
+# if !SOLARIS && defined(_KERNEL) && !defined(__osf__) && !defined(__hpux)
+#  include <netinet6/in6_var.h>
+# endif
+#endif
+#include "netinet/ip_fil.h"
+#include "netinet/ip_nat.h"
+#include "netinet/ip_frag.h"
+#include "netinet/ip_state.h"
+#include "netinet/ip_proxy.h"
+#include "netinet/ip_auth.h"
+#ifdef IPFILTER_SCAN
+# include "netinet/ip_scan.h"
+#endif
+#include "netinet/ip_sync.h"
+#include "netinet/ip_lookup.h"
+#include "netinet/ip_pool.h"
+#include "netinet/ip_htable.h"
+#ifdef IPFILTER_COMPILED
+# include "netinet/ip_rules.h"
+#endif
+#if defined(IPFILTER_BPF) && defined(_KERNEL)
+# include <net/bpf.h>
+#endif
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
+# include <sys/malloc.h>
+#endif
+#include "netinet/ipl.h"
+
+#if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
+# include <sys/callout.h>
+extern struct callout ipf_slowtimer_ch;
+#endif
+#if defined(__OpenBSD__)
+# include <sys/timeout.h>
+extern struct timeout ipf_slowtimer_ch;
+#endif
+/* END OF INCLUDES */
+
+#if !defined(lint)
+static const char sccsid[] = "@(#)fil.c        1.36 6/5/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id";
+#endif
+
+#ifndef        _KERNEL
+# include "ipf.h"
+# include "ipt.h"
+extern int     opts;
+extern int     blockreason;
+#endif /* _KERNEL */
+
+#define        LBUMP(x)        softc->x++
+#define        LBUMPD(x, y)    do { softc->x.y++; DT(y); } while (0)
+
+static INLINE int      ipf_check_ipf __P((fr_info_t *, frentry_t *, int));
+static u_32_t          ipf_checkcipso __P((fr_info_t *, u_char *, int));
+static u_32_t          ipf_checkripso __P((u_char *));
+static u_32_t          ipf_decaps __P((fr_info_t *, u_32_t, int));
+static frentry_t       *ipf_dolog __P((fr_info_t *, u_32_t *));
+static int             ipf_flushlist __P((ipf_main_softc_t *, int, minor_t,
+                                          int *, frentry_t **));
+static int             ipf_flush_groups __P((ipf_main_softc_t *,
+                                             int, int, int));
+static ipfunc_t        ipf_findfunc __P((ipfunc_t));
+static void            *ipf_findlookup __P((ipf_main_softc_t *, int,
+                                            frentry_t *,
+                                            i6addr_t *, i6addr_t *));
+static frentry_t       *ipf_firewall __P((fr_info_t *, u_32_t *));
+static int             ipf_fr_matcharray __P((fr_info_t *, int *));
+static int             ipf_frruleiter __P((ipf_main_softc_t *, void *, int,
+                                           void *));
+static void            ipf_funcfini __P((ipf_main_softc_t *, frentry_t *));;
+static int             ipf_funcinit __P((ipf_main_softc_t *, frentry_t *));
+static int             ipf_geniter __P((ipf_main_softc_t *, ipftoken_t *,
+                                        ipfgeniter_t *));
+static void            ipf_getstat __P((ipf_main_softc_t *,
+                                        struct friostat *, int));
+static int             ipf_grpmapfini __P((struct ipf_main_softc_s *,
+                                           frentry_t *));
+static int             ipf_grpmapinit __P((struct ipf_main_softc_s *,
+                                           frentry_t *));
+static int             ipf_portcheck __P((frpcmp_t *, u_32_t));
+static INLINE int      ipf_pr_ah __P((fr_info_t *));
+static INLINE void     ipf_pr_esp __P((fr_info_t *));
+static INLINE void     ipf_pr_gre __P((fr_info_t *));
+static INLINE void     ipf_pr_udp __P((fr_info_t *));
+static INLINE void     ipf_pr_tcp __P((fr_info_t *));
+static INLINE void     ipf_pr_icmp __P((fr_info_t *));
+static INLINE void     ipf_pr_ipv4hdr __P((fr_info_t *));
+static INLINE void     ipf_pr_short __P((fr_info_t *, int));
+static INLINE int      ipf_pr_tcpcommon __P((fr_info_t *));
+static INLINE int      ipf_pr_udpcommon __P((fr_info_t *));
+static void            ipf_rule_delete __P((ipf_main_softc_t *, frentry_t *f,
+                                            int, int));
+static void            ipf_rule_expire_insert __P((ipf_main_softc_t *,
+                                                   frentry_t *, int));
+static int             ipf_synclist __P((ipf_main_softc_t *, frentry_t *,
+                                         void *));
+static ipftuneable_t   *ipf_tune_findbyname __P((ipftuneable_t *,
+                                                 const char *));
+static ipftuneable_t   *ipf_tune_findbycookie __P((ipftuneable_t **, void *,
+                                                   void **));
+static void            ipf_token_unlink __P((ipf_main_softc_t *,
+                                             ipftoken_t *));
+static int             ipf_updateipid __P((fr_info_t *));
+static int             ipf_settimeout __P((struct ipf_main_softc_s *,
+                                           struct ipftuneable *,
+                                           ipftuneval_t *));
+
+
+/*
+ * bit values for identifying presence of individual IP options
+ * All of these tables should be ordered by increasing key value on the left
+ * hand side to allow for binary searching of the array and include a trailer
+ * with a 0 for the bitmask for linear searches to easily find the end with.
+ */
+static const   struct  optlist ipopts[20] = {
+       { IPOPT_NOP,    0x000001 },
+       { IPOPT_RR,     0x000002 },
+       { IPOPT_ZSU,    0x000004 },
+       { IPOPT_MTUP,   0x000008 },
+       { IPOPT_MTUR,   0x000010 },
+       { IPOPT_ENCODE, 0x000020 },
+       { IPOPT_TS,     0x000040 },
+       { IPOPT_TR,     0x000080 },
+       { IPOPT_SECURITY, 0x000100 },
+       { IPOPT_LSRR,   0x000200 },
+       { IPOPT_E_SEC,  0x000400 },
+       { IPOPT_CIPSO,  0x000800 },
+       { IPOPT_SATID,  0x001000 },
+       { IPOPT_SSRR,   0x002000 },
+       { IPOPT_ADDEXT, 0x004000 },
+       { IPOPT_VISA,   0x008000 },
+       { IPOPT_IMITD,  0x010000 },
+       { IPOPT_EIP,    0x020000 },
+       { IPOPT_FINN,   0x040000 },
+       { 0,            0x000000 }
+};
+
+#ifdef USE_INET6
+static struct optlist ip6exthdr[] = {
+       { IPPROTO_HOPOPTS,              0x000001 },
+       { IPPROTO_IPV6,                 0x000002 },
+       { IPPROTO_ROUTING,              0x000004 },
+       { IPPROTO_FRAGMENT,             0x000008 },
+       { IPPROTO_ESP,                  0x000010 },
+       { IPPROTO_AH,                   0x000020 },
+       { IPPROTO_NONE,                 0x000040 },
+       { IPPROTO_DSTOPTS,              0x000080 },
+       { IPPROTO_MOBILITY,             0x000100 },
+       { 0,                            0 }
+};
+#endif
+
+/*
+ * bit values for identifying presence of individual IP security options
+ */
+static const   struct  optlist secopt[8] = {
+       { IPSO_CLASS_RES4,      0x01 },
+       { IPSO_CLASS_TOPS,      0x02 },
+       { IPSO_CLASS_SECR,      0x04 },
+       { IPSO_CLASS_RES3,      0x08 },
+       { IPSO_CLASS_CONF,      0x10 },
+       { IPSO_CLASS_UNCL,      0x20 },
+       { IPSO_CLASS_RES2,      0x40 },
+       { IPSO_CLASS_RES1,      0x80 }
+};
+
+char   ipfilter_version[] = IPL_VERSION;
+
+int    ipf_features = 0
+#ifdef IPFILTER_LKM
+               | IPF_FEAT_LKM
+#endif
+#ifdef IPFILTER_LOG
+               | IPF_FEAT_LOG
+#endif
+               | IPF_FEAT_LOOKUP
+#ifdef IPFILTER_BPF
+               | IPF_FEAT_BPF
+#endif
+#ifdef IPFILTER_COMPILED
+               | IPF_FEAT_COMPILED
+#endif
+#ifdef IPFILTER_CKSUM
+               | IPF_FEAT_CKSUM
+#endif
+               | IPF_FEAT_SYNC
+#ifdef IPFILTER_SCAN
+               | IPF_FEAT_SCAN
+#endif
+#ifdef USE_INET6
+               | IPF_FEAT_IPV6
+#endif
+       ;
+
Prev by Date: [src/trunk]: src Bump the ramdisk size with 100KB so that the contents fits a...
Next by Date: [src/trunk]: src/external/bsd/dhcpcd/dist Comment in --version description. I...
Previous by Thread: [src/trunk]: src Bump the ramdisk size with 100KB so that the contents fits a...
Next by Thread: [src/trunk]: src/external/bsd/dhcpcd/dist Comment in --version description. I...
Indexes:
Home | Main Index | Thread Index | Old Index