kernel/netgraph7: Replace usage of MALLOC/FREE with kmalloc/kfree here too.
[dragonfly.git] / sys / netgraph7 / ng_ipfw.c
CommitLineData
b06ebda0
MD
1/*-
2 * Copyright 2005, Gleb Smirnoff <glebius@FreeBSD.org>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: src/sys/netgraph/ng_ipfw.c,v 1.9 2006/02/14 15:22:24 ru Exp $
5a975a3d 27 * $DragonFly: src/sys/netgraph7/ng_ipfw.c,v 1.2 2008/06/26 23:05:35 dillon Exp $
b06ebda0
MD
28 */
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/kernel.h>
33#include <sys/mbuf.h>
34#include <sys/malloc.h>
35#include <sys/ctype.h>
36#include <sys/errno.h>
37#include <sys/socket.h>
38#include <sys/syslog.h>
39
40#include <net/if.h>
41
42#include <netinet/in.h>
43#include <netinet/in_systm.h>
44#include <netinet/in_var.h>
45#include <netinet/ip_fw.h>
46#include <netinet/ip.h>
47#include <netinet/ip_var.h>
48
5a975a3d
MD
49#include "ng_message.h"
50#include "ng_parse.h"
51#include "ng_ipfw.h"
52#include "netgraph.h"
b06ebda0
MD
53
54static int ng_ipfw_mod_event(module_t mod, int event, void *data);
55static ng_constructor_t ng_ipfw_constructor;
56static ng_shutdown_t ng_ipfw_shutdown;
57static ng_newhook_t ng_ipfw_newhook;
58static ng_connect_t ng_ipfw_connect;
59static ng_findhook_t ng_ipfw_findhook;
60static ng_rcvdata_t ng_ipfw_rcvdata;
61static ng_disconnect_t ng_ipfw_disconnect;
62
63static hook_p ng_ipfw_findhook1(node_p, u_int16_t );
64static int ng_ipfw_input(struct mbuf **, int, struct ip_fw_args *,
65 int);
66
67/* We have only one node */
68static node_p fw_node;
69
70/* Netgraph node type descriptor */
71static struct ng_type ng_ipfw_typestruct = {
72 .version = NG_ABI_VERSION,
73 .name = NG_IPFW_NODE_TYPE,
74 .mod_event = ng_ipfw_mod_event,
75 .constructor = ng_ipfw_constructor,
76 .shutdown = ng_ipfw_shutdown,
77 .newhook = ng_ipfw_newhook,
78 .connect = ng_ipfw_connect,
79 .findhook = ng_ipfw_findhook,
80 .rcvdata = ng_ipfw_rcvdata,
81 .disconnect = ng_ipfw_disconnect,
82};
83NETGRAPH_INIT(ipfw, &ng_ipfw_typestruct);
84MODULE_DEPEND(ng_ipfw, ipfw, 2, 2, 2);
85
86/* Information we store for each hook */
87struct ng_ipfw_hook_priv {
88 hook_p hook;
89 u_int16_t rulenum;
90};
91typedef struct ng_ipfw_hook_priv *hpriv_p;
92
93static int
94ng_ipfw_mod_event(module_t mod, int event, void *data)
95{
96 int error = 0;
97
98 switch (event) {
99 case MOD_LOAD:
100
101 if (ng_ipfw_input_p != NULL) {
102 error = EEXIST;
103 break;
104 }
105
106 /* Setup node without any private data */
107 if ((error = ng_make_node_common(&ng_ipfw_typestruct, &fw_node))
108 != 0) {
109 log(LOG_ERR, "%s: can't create ng_ipfw node", __func__);
110 break;
111 };
112
113 /* Try to name node */
114 if (ng_name_node(fw_node, "ipfw") != 0)
115 log(LOG_WARNING, "%s: failed to name node \"ipfw\"",
116 __func__);
117
118 /* Register hook */
119 ng_ipfw_input_p = ng_ipfw_input;
120 break;
121
122 case MOD_UNLOAD:
123 /*
124 * This won't happen if a node exists.
125 * ng_ipfw_input_p is already cleared.
126 */
127 break;
128
129 default:
130 error = EOPNOTSUPP;
131 break;
132 }
133
134 return (error);
135}
136
137static int
138ng_ipfw_constructor(node_p node)
139{
140 return (EINVAL); /* Only one node */
141}
142
143static int
144ng_ipfw_newhook(node_p node, hook_p hook, const char *name)
145{
146 hpriv_p hpriv;
147 u_int16_t rulenum;
148 const char *cp;
149 char *endptr;
150
151 /* Protect from leading zero */
152 if (name[0] == '0' && name[1] != '\0')
153 return (EINVAL);
154
155 /* Check that name contains only digits */
156 for (cp = name; *cp != '\0'; cp++)
157 if (!isdigit(*cp))
158 return (EINVAL);
159
160 /* Convert it to integer */
161 rulenum = (u_int16_t)strtol(name, &endptr, 10);
162 if (*endptr != '\0')
163 return (EINVAL);
164
165 /* Allocate memory for this hook's private data */
fc025606
SW
166 hpriv = kmalloc(sizeof(*hpriv), M_NETGRAPH,
167 M_WAITOK | M_NULLOK | M_ZERO);
b06ebda0
MD
168 if (hpriv== NULL)
169 return (ENOMEM);
170
171 hpriv->hook = hook;
172 hpriv->rulenum = rulenum;
173
174 NG_HOOK_SET_PRIVATE(hook, hpriv);
175
176 return(0);
177}
178
179/*
180 * Set hooks into queueing mode, to avoid recursion between
181 * netgraph layer and ip_{input,output}.
182 */
183static int
184ng_ipfw_connect(hook_p hook)
185{
186 NG_HOOK_FORCE_QUEUE(hook);
187 return (0);
188}
189
190/* Look up hook by name */
191hook_p
192ng_ipfw_findhook(node_p node, const char *name)
193{
194 u_int16_t n; /* numeric representation of hook */
195 char *endptr;
196
197 n = (u_int16_t)strtol(name, &endptr, 10);
198 if (*endptr != '\0')
199 return NULL;
200 return ng_ipfw_findhook1(node, n);
201}
202
203/* Look up hook by rule number */
204static hook_p
205ng_ipfw_findhook1(node_p node, u_int16_t rulenum)
206{
207 hook_p hook;
208 hpriv_p hpriv;
209
210 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) {
211 hpriv = NG_HOOK_PRIVATE(hook);
212 if (NG_HOOK_IS_VALID(hook) && (hpriv->rulenum == rulenum))
213 return (hook);
214 }
215
216 return (NULL);
217}
218
219
220static int
221ng_ipfw_rcvdata(hook_p hook, item_p item)
222{
223 struct ng_ipfw_tag *ngit;
224 struct mbuf *m;
225
226 NGI_GET_M(item, m);
227 NG_FREE_ITEM(item);
228
229 if ((ngit = (struct ng_ipfw_tag *)m_tag_locate(m, NGM_IPFW_COOKIE, 0,
230 NULL)) == NULL) {
231 NG_FREE_M(m);
232 return (EINVAL); /* XXX: find smth better */
233 };
234
235 switch (ngit->dir) {
236 case NG_IPFW_OUT:
237 {
238 struct ip *ip;
239
240 if (m->m_len < sizeof(struct ip) &&
241 (m = m_pullup(m, sizeof(struct ip))) == NULL)
242 return (EINVAL);
243
244 ip = mtod(m, struct ip *);
245
246 ip->ip_len = ntohs(ip->ip_len);
247 ip->ip_off = ntohs(ip->ip_off);
248
249 return ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
250 }
251 case NG_IPFW_IN:
252 ip_input(m);
253 return (0);
254 default:
255 panic("ng_ipfw_rcvdata: bad dir %u", ngit->dir);
256 }
257
258 /* not reached */
259 return (0);
260}
261
262static int
263ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
264{
265 struct mbuf *m;
266 struct ng_ipfw_tag *ngit;
267 struct ip *ip;
268 hook_p hook;
269 int error = 0;
270
271 /*
272 * Node must be loaded and corresponding hook must be present.
273 */
274 if (fw_node == NULL ||
275 (hook = ng_ipfw_findhook1(fw_node, fwa->cookie)) == NULL) {
276 if (tee == 0)
277 m_freem(*m0);
278 return (ESRCH); /* no hook associated with this rule */
279 }
280
281 /*
282 * We have two modes: in normal mode we add a tag to packet, which is
283 * important to return packet back to IP stack. In tee mode we make
284 * a copy of a packet and forward it into netgraph without a tag.
285 */
286 if (tee == 0) {
287 m = *m0;
288 *m0 = NULL; /* it belongs now to netgraph */
289
290 if ((ngit = (struct ng_ipfw_tag *)m_tag_alloc(NGM_IPFW_COOKIE,
5a975a3d 291 0, TAGSIZ, MB_DONTWAIT)) == NULL) {
b06ebda0
MD
292 m_freem(m);
293 return (ENOMEM);
294 }
295 ngit->rule = fwa->rule;
296 ngit->dir = dir;
297 ngit->ifp = fwa->oif;
298 m_tag_prepend(m, &ngit->mt);
299
300 } else
5a975a3d 301 if ((m = m_dup(*m0, MB_DONTWAIT)) == NULL)
b06ebda0
MD
302 return (ENOMEM); /* which is ignored */
303
304 if (m->m_len < sizeof(struct ip) &&
305 (m = m_pullup(m, sizeof(struct ip))) == NULL)
306 return (EINVAL);
307
308 ip = mtod(m, struct ip *);
309 ip->ip_len = htons(ip->ip_len);
310 ip->ip_off = htons(ip->ip_off);
311
312 NG_SEND_DATA_ONLY(error, hook, m);
313
314 return (error);
315}
316
317static int
318ng_ipfw_shutdown(node_p node)
319{
320
321 /*
322 * After our single node has been removed,
323 * the only thing that can be done is
324 * 'kldunload ng_ipfw.ko'
325 */
326 ng_ipfw_input_p = NULL;
327 NG_NODE_UNREF(node);
328 return (0);
329}
330
331static int
332ng_ipfw_disconnect(hook_p hook)
333{
334 const hpriv_p hpriv = NG_HOOK_PRIVATE(hook);
335
fc025606 336 kfree(hpriv, M_NETGRAPH);
b06ebda0
MD
337 NG_HOOK_SET_PRIVATE(hook, NULL);
338
339 return (0);
340}