1 /* $NetBSD: pfil.c,v 1.20 2001/11/12 23:49:46 lukem Exp $ */
2 /* $DragonFly: src/sys/net/pfil.c,v 1.13 2008/09/16 11:57:30 sephe Exp $ */
5 * Copyright (c) 1996 Matthew R. Green
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/param.h>
33 #include <sys/errno.h>
34 #include <sys/malloc.h>
35 #include <sys/socket.h>
36 #include <sys/socketvar.h>
37 #include <sys/systm.h>
39 #include <sys/queue.h>
43 #include <net/netmsg2.h>
46 * The packet filter hooks are designed for anything to call them to
47 * possibly intercept the packet.
49 struct packet_filter_hook {
50 TAILQ_ENTRY(packet_filter_hook) pfil_link;
51 pfil_func_t pfil_func;
56 #define PFIL_CFGPORT cpu_portfn(0)
59 struct netmsg pfil_nmsg;
60 pfil_func_t pfil_func;
63 struct pfil_head *pfil_ph;
66 static LIST_HEAD(, pfil_head) pfil_head_list =
67 LIST_HEAD_INITIALIZER(&pfil_head_list);
69 static pfil_list_t *pfil_list_alloc(void);
70 static void pfil_list_free(pfil_list_t *);
71 static void pfil_list_dup(const pfil_list_t *, pfil_list_t *,
72 const struct packet_filter_hook *);
73 static void pfil_list_add(pfil_list_t *, pfil_func_t, void *, int);
74 static struct packet_filter_hook *
75 pfil_list_find(const pfil_list_t *, pfil_func_t,
78 static void pfil_remove_hook_dispatch(struct netmsg *);
79 static void pfil_add_hook_dispatch(struct netmsg *);
82 * pfil_run_hooks() runs the specified packet filter hooks.
85 pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp,
88 struct packet_filter_hook *pfh;
95 else if (dir == PFIL_OUT)
98 return 0; /* XXX panic? */
100 TAILQ_FOREACH(pfh, list, pfil_link) {
101 if (pfh->pfil_func != NULL) {
102 rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir);
103 if (rv != 0 || m == NULL)
113 * pfil_head_register() registers a pfil_head with the packet filter
117 pfil_head_register(struct pfil_head *ph)
119 struct pfil_head *lph;
121 LIST_FOREACH(lph, &pfil_head_list, ph_list) {
122 if (ph->ph_type == lph->ph_type &&
123 ph->ph_un.phu_val == lph->ph_un.phu_val)
127 ph->ph_in = pfil_list_alloc();
128 ph->ph_out = pfil_list_alloc();
131 LIST_INSERT_HEAD(&pfil_head_list, ph, ph_list);
137 * pfil_head_unregister() removes a pfil_head from the packet filter
141 pfil_head_unregister(struct pfil_head *pfh)
143 LIST_REMOVE(pfh, ph_list);
148 * pfil_head_get() returns the pfil_head for a given key/dlt.
151 pfil_head_get(int type, u_long val)
153 struct pfil_head *ph;
155 LIST_FOREACH(ph, &pfil_head_list, ph_list) {
156 if (ph->ph_type == type && ph->ph_un.phu_val == val)
163 pfil_add_hook_dispatch(struct netmsg *nmsg)
165 struct netmsg_pfil *pfilmsg = (struct netmsg_pfil *)nmsg;
166 pfil_func_t func = pfilmsg->pfil_func;
167 void *arg = pfilmsg->pfil_arg;
168 int flags = pfilmsg->pfil_flags;
169 struct pfil_head *ph = pfilmsg->pfil_ph;
170 const struct packet_filter_hook *pfh;
171 pfil_list_t *list_in = NULL, *list_out = NULL;
172 pfil_list_t *old_list_in = NULL, *old_list_out = NULL;
175 /* This probably should not happen ... */
176 if ((flags & (PFIL_IN | PFIL_OUT)) == 0)
177 goto reply; /* XXX panic? */
180 * If pfil hooks exist on any of the requested lists,
183 if (flags & PFIL_IN) {
184 pfh = pfil_list_find(ph->ph_in, func, arg);
190 if (flags & PFIL_OUT) {
191 pfh = pfil_list_find(ph->ph_out, func, arg);
199 * Duplicate the requested lists, install new hooks
202 if (flags & PFIL_IN) {
203 list_in = pfil_list_alloc();
204 pfil_list_dup(ph->ph_in, list_in, NULL);
205 pfil_list_add(list_in, func, arg, flags & ~PFIL_OUT);
207 if (flags & PFIL_OUT) {
208 list_out = pfil_list_alloc();
209 pfil_list_dup(ph->ph_out, list_out, NULL);
210 pfil_list_add(list_out, func, arg, flags & ~PFIL_IN);
214 * Switch list pointers, but keep the old ones
216 if (list_in != NULL) {
217 old_list_in = ph->ph_in;
220 if (list_out != NULL) {
221 old_list_out = ph->ph_out;
222 ph->ph_out = list_out;
226 * Wait until everyone has finished the old lists iteration
228 netmsg_service_sync();
232 * Now it is safe to free the old lists, since no one sees it
234 if (old_list_in != NULL)
235 pfil_list_free(old_list_in);
236 if (old_list_out != NULL)
237 pfil_list_free(old_list_out);
239 lwkt_replymsg(&nmsg->nm_lmsg, err);
243 * pfil_add_hook() adds a function to the packet filter hook. the
245 * PFIL_IN call me on incoming packets
246 * PFIL_OUT call me on outgoing packets
247 * PFIL_ALL call me on all of the above
250 pfil_add_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph)
252 struct netmsg_pfil pfilmsg;
255 nmsg = &pfilmsg.pfil_nmsg;
256 netmsg_init(nmsg, &curthread->td_msgport, 0, pfil_add_hook_dispatch);
257 pfilmsg.pfil_func = func;
258 pfilmsg.pfil_arg = arg;
259 pfilmsg.pfil_flags = flags;
260 pfilmsg.pfil_ph = ph;
262 return lwkt_domsg(PFIL_CFGPORT, &nmsg->nm_lmsg, 0);
266 pfil_remove_hook_dispatch(struct netmsg *nmsg)
268 struct netmsg_pfil *pfilmsg = (struct netmsg_pfil *)nmsg;
269 pfil_func_t func = pfilmsg->pfil_func;
270 void *arg = pfilmsg->pfil_arg;
271 int flags = pfilmsg->pfil_flags;
272 struct pfil_head *ph = pfilmsg->pfil_ph;
273 struct packet_filter_hook *skip_in = NULL, *skip_out = NULL;
274 pfil_list_t *list_in = NULL, *list_out = NULL;
275 pfil_list_t *old_list_in = NULL, *old_list_out = NULL;
278 /* This probably should not happen ... */
279 if ((flags & (PFIL_IN | PFIL_OUT)) == 0)
280 goto reply; /* XXX panic? */
283 * The pfil hook should exist on all requested lists,
284 * if not just bail out
286 if (flags & PFIL_IN) {
287 skip_in = pfil_list_find(ph->ph_in, func, arg);
293 if (flags & PFIL_OUT) {
294 skip_out = pfil_list_find(ph->ph_out, func, arg);
302 * Duplicate the requested lists, but the pfil hook to
303 * be deleted is not copied
305 if (flags & PFIL_IN) {
306 KKASSERT(skip_in != NULL);
307 list_in = pfil_list_alloc();
308 pfil_list_dup(ph->ph_in, list_in, skip_in);
310 if (flags & PFIL_OUT) {
311 KKASSERT(skip_out != NULL);
312 list_out = pfil_list_alloc();
313 pfil_list_dup(ph->ph_out, list_out, skip_out);
317 * Switch list pointers, but keep the old ones
319 if (list_in != NULL) {
320 old_list_in = ph->ph_in;
323 if (list_out != NULL) {
324 old_list_out = ph->ph_out;
325 ph->ph_out = list_out;
329 * Wait until everyone has finished the old lists iteration
331 if (TAILQ_EMPTY(ph->ph_in) && TAILQ_EMPTY(ph->ph_out))
333 netmsg_service_sync();
336 * Now it is safe to free the old lists, since no one sees it
338 if (old_list_in != NULL)
339 pfil_list_free(old_list_in);
340 if (old_list_out != NULL)
341 pfil_list_free(old_list_out);
343 lwkt_replymsg(&nmsg->nm_lmsg, err);
347 * pfil_remove_hook removes a specific function from the packet filter
351 pfil_remove_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph)
353 struct netmsg_pfil pfilmsg;
356 nmsg = &pfilmsg.pfil_nmsg;
357 netmsg_init(nmsg, &curthread->td_msgport, 0, pfil_remove_hook_dispatch);
358 pfilmsg.pfil_func = func;
359 pfilmsg.pfil_arg = arg;
360 pfilmsg.pfil_flags = flags;
361 pfilmsg.pfil_ph = ph;
363 return lwkt_domsg(PFIL_CFGPORT, &nmsg->nm_lmsg, 0);
367 pfil_list_add(pfil_list_t *list, pfil_func_t func, void *arg, int flags)
369 struct packet_filter_hook *pfh;
371 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
373 pfh = kmalloc(sizeof(*pfh), M_IFADDR, M_WAITOK);
375 pfh->pfil_func = func;
377 pfh->pfil_flags = flags;
380 * Insert the input list in reverse order of the output list
381 * so that the same path is followed in or out of the kernel.
384 TAILQ_INSERT_HEAD(list, pfh, pfil_link);
386 TAILQ_INSERT_TAIL(list, pfh, pfil_link);
390 pfil_list_dup(const pfil_list_t *from, pfil_list_t *to,
391 const struct packet_filter_hook *skip)
393 struct packet_filter_hook *pfh_to, *pfh_from;
395 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
396 KKASSERT(TAILQ_EMPTY(to));
398 TAILQ_FOREACH(pfh_from, from, pfil_link) {
399 if (pfh_from == skip)
402 pfh_to = kmalloc(sizeof(*pfh_to), M_IFADDR, M_WAITOK);
403 bcopy(pfh_from, pfh_to, sizeof(*pfh_to));
405 TAILQ_INSERT_TAIL(to, pfh_to, pfil_link);
410 pfil_list_alloc(void)
414 list = kmalloc(sizeof(*list), M_IFADDR, M_WAITOK);
420 pfil_list_free(pfil_list_t *list)
422 struct packet_filter_hook *pfh;
424 while ((pfh = TAILQ_FIRST(list)) != NULL) {
425 TAILQ_REMOVE(list, pfh, pfil_link);
426 kfree(pfh, M_IFADDR);
428 kfree(list, M_IFADDR);
431 static struct packet_filter_hook *
432 pfil_list_find(const pfil_list_t *list, pfil_func_t func, const void *arg)
434 struct packet_filter_hook *pfh;
436 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
438 TAILQ_FOREACH(pfh, list, pfil_link) {
439 if (pfh->pfil_func == func && pfh->pfil_arg == arg)
lentferj's projects / dragonfly.git / blob