1 /* $NetBSD: pfil.c,v 1.20 2001/11/12 23:49:46 lukem Exp $ */
2 /* $DragonFly: src/sys/net/pfil.c,v 1.11 2008/09/14 11:13:00 sephe Exp $ */
5 * Copyright (c) 1996 Matthew R. Green
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/param.h>
33 #include <sys/errno.h>
34 #include <sys/malloc.h>
35 #include <sys/socket.h>
36 #include <sys/socketvar.h>
37 #include <sys/systm.h>
39 #include <sys/queue.h>
43 #include <net/netmsg2.h>
45 #define PFIL_CFGPORT cpu_portfn(0)
48 struct netmsg pfil_nmsg;
49 pfil_func_t pfil_func;
52 struct pfil_head *pfil_ph;
55 static LIST_HEAD(, pfil_head) pfil_head_list =
56 LIST_HEAD_INITIALIZER(&pfil_head_list);
58 static pfil_list_t *pfil_list_alloc(void);
59 static void pfil_list_free(pfil_list_t *);
60 static void pfil_list_dup(const pfil_list_t *, pfil_list_t *,
61 const struct packet_filter_hook *);
62 static void pfil_list_add(pfil_list_t *, pfil_func_t, void *, int);
63 static struct packet_filter_hook *
64 pfil_list_find(const pfil_list_t *, pfil_func_t,
67 static void pfil_remove_hook_dispatch(struct netmsg *);
68 static void pfil_add_hook_dispatch(struct netmsg *);
71 * pfil_run_hooks() runs the specified packet filter hooks.
74 pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp,
77 struct packet_filter_hook *pfh;
84 else if (dir == PFIL_OUT)
87 return 0; /* XXX panic? */
89 TAILQ_FOREACH(pfh, list, pfil_link) {
90 if (pfh->pfil_func != NULL) {
91 rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir);
92 if (rv != 0 || m == NULL)
102 * pfil_head_register() registers a pfil_head with the packet filter
106 pfil_head_register(struct pfil_head *ph)
108 struct pfil_head *lph;
110 LIST_FOREACH(lph, &pfil_head_list, ph_list) {
111 if (ph->ph_type == lph->ph_type &&
112 ph->ph_un.phu_val == lph->ph_un.phu_val)
116 ph->ph_in = pfil_list_alloc();
117 ph->ph_out = pfil_list_alloc();
120 LIST_INSERT_HEAD(&pfil_head_list, ph, ph_list);
126 * pfil_head_unregister() removes a pfil_head from the packet filter
130 pfil_head_unregister(struct pfil_head *pfh)
132 LIST_REMOVE(pfh, ph_list);
137 * pfil_head_get() returns the pfil_head for a given key/dlt.
140 pfil_head_get(int type, u_long val)
142 struct pfil_head *ph;
144 LIST_FOREACH(ph, &pfil_head_list, ph_list) {
145 if (ph->ph_type == type && ph->ph_un.phu_val == val)
152 pfil_add_hook_dispatch(struct netmsg *nmsg)
154 struct netmsg_pfil *pfilmsg = (struct netmsg_pfil *)nmsg;
155 pfil_func_t func = pfilmsg->pfil_func;
156 void *arg = pfilmsg->pfil_arg;
157 int flags = pfilmsg->pfil_flags;
158 struct pfil_head *ph = pfilmsg->pfil_ph;
159 const struct packet_filter_hook *pfh;
160 pfil_list_t *list_in = NULL, *list_out = NULL;
161 pfil_list_t *old_list_in = NULL, *old_list_out = NULL;
164 /* This probably should not happen ... */
165 if ((flags & (PFIL_IN | PFIL_OUT)) == 0)
166 goto reply; /* XXX panic? */
169 * If pfil hooks exist on any of the requested lists,
172 if (flags & PFIL_IN) {
173 pfh = pfil_list_find(ph->ph_in, func, arg);
179 if (flags & PFIL_OUT) {
180 pfh = pfil_list_find(ph->ph_out, func, arg);
188 * Duplicate the requested lists, install new hooks
191 if (flags & PFIL_IN) {
192 list_in = pfil_list_alloc();
193 pfil_list_dup(ph->ph_in, list_in, NULL);
194 pfil_list_add(list_in, func, arg, flags & ~PFIL_OUT);
196 if (flags & PFIL_OUT) {
197 list_out = pfil_list_alloc();
198 pfil_list_dup(ph->ph_out, list_out, NULL);
199 pfil_list_add(list_out, func, arg, flags & ~PFIL_IN);
203 * Switch list pointers, but keep the old ones
205 if (list_in != NULL) {
206 old_list_in = ph->ph_in;
209 if (list_out != NULL) {
210 old_list_out = ph->ph_out;
211 ph->ph_out = list_out;
215 * Wait until everyone has finished the old lists iteration
217 netmsg_service_sync();
221 * Now it is safe to free the old lists, since no one sees it
223 if (old_list_in != NULL)
224 pfil_list_free(old_list_in);
225 if (old_list_out != NULL)
226 pfil_list_free(old_list_out);
228 lwkt_replymsg(&nmsg->nm_lmsg, err);
232 * pfil_add_hook() adds a function to the packet filter hook. the
234 * PFIL_IN call me on incoming packets
235 * PFIL_OUT call me on outgoing packets
236 * PFIL_ALL call me on all of the above
239 pfil_add_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph)
241 struct netmsg_pfil pfilmsg;
244 nmsg = &pfilmsg.pfil_nmsg;
245 netmsg_init(nmsg, &curthread->td_msgport, 0, pfil_add_hook_dispatch);
246 pfilmsg.pfil_func = func;
247 pfilmsg.pfil_arg = arg;
248 pfilmsg.pfil_flags = flags;
249 pfilmsg.pfil_ph = ph;
251 return lwkt_domsg(PFIL_CFGPORT, &nmsg->nm_lmsg, 0);
255 pfil_remove_hook_dispatch(struct netmsg *nmsg)
257 struct netmsg_pfil *pfilmsg = (struct netmsg_pfil *)nmsg;
258 pfil_func_t func = pfilmsg->pfil_func;
259 void *arg = pfilmsg->pfil_arg;
260 int flags = pfilmsg->pfil_flags;
261 struct pfil_head *ph = pfilmsg->pfil_ph;
262 struct packet_filter_hook *skip_in = NULL, *skip_out = NULL;
263 pfil_list_t *list_in = NULL, *list_out = NULL;
264 pfil_list_t *old_list_in = NULL, *old_list_out = NULL;
267 /* This probably should not happen ... */
268 if ((flags & (PFIL_IN | PFIL_OUT)) == 0)
269 goto reply; /* XXX panic? */
272 * The pfil hook should exist on all requested lists,
273 * if not just bail out
275 if (flags & PFIL_IN) {
276 skip_in = pfil_list_find(ph->ph_in, func, arg);
282 if (flags & PFIL_OUT) {
283 skip_out = pfil_list_find(ph->ph_out, func, arg);
291 * Duplicate the requested lists, but the pfil hook to
292 * be deleted is not copied
294 if (flags & PFIL_IN) {
295 KKASSERT(skip_in != NULL);
296 list_in = pfil_list_alloc();
297 pfil_list_dup(ph->ph_in, list_in, skip_in);
299 if (flags & PFIL_OUT) {
300 KKASSERT(skip_out != NULL);
301 list_out = pfil_list_alloc();
302 pfil_list_dup(ph->ph_out, list_out, skip_out);
306 * Switch list pointers, but keep the old ones
308 if (list_in != NULL) {
309 old_list_in = ph->ph_in;
312 if (list_out != NULL) {
313 old_list_out = ph->ph_out;
314 ph->ph_out = list_out;
318 * Wait until everyone has finished the old lists iteration
320 if (TAILQ_EMPTY(ph->ph_in) && TAILQ_EMPTY(ph->ph_out))
322 netmsg_service_sync();
325 * Now it is safe to free the old lists, since no one sees it
327 if (old_list_in != NULL)
328 pfil_list_free(old_list_in);
329 if (old_list_out != NULL)
330 pfil_list_free(old_list_out);
332 lwkt_replymsg(&nmsg->nm_lmsg, err);
336 * pfil_remove_hook removes a specific function from the packet filter
340 pfil_remove_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph)
342 struct netmsg_pfil pfilmsg;
345 nmsg = &pfilmsg.pfil_nmsg;
346 netmsg_init(nmsg, &curthread->td_msgport, 0, pfil_remove_hook_dispatch);
347 pfilmsg.pfil_func = func;
348 pfilmsg.pfil_arg = arg;
349 pfilmsg.pfil_flags = flags;
350 pfilmsg.pfil_ph = ph;
352 return lwkt_domsg(PFIL_CFGPORT, &nmsg->nm_lmsg, 0);
356 pfil_list_add(pfil_list_t *list, pfil_func_t func, void *arg, int flags)
358 struct packet_filter_hook *pfh;
360 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
362 pfh = kmalloc(sizeof(*pfh), M_IFADDR, M_WAITOK);
364 pfh->pfil_func = func;
368 * Insert the input list in reverse order of the output list
369 * so that the same path is followed in or out of the kernel.
372 TAILQ_INSERT_HEAD(list, pfh, pfil_link);
374 TAILQ_INSERT_TAIL(list, pfh, pfil_link);
378 pfil_list_dup(const pfil_list_t *from, pfil_list_t *to,
379 const struct packet_filter_hook *skip)
381 struct packet_filter_hook *pfh_to, *pfh_from;
383 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
384 KKASSERT(TAILQ_EMPTY(to));
386 TAILQ_FOREACH(pfh_from, from, pfil_link) {
387 if (pfh_from == skip)
390 pfh_to = kmalloc(sizeof(*pfh_to), M_IFADDR, M_WAITOK);
391 bcopy(pfh_from, pfh_to, sizeof(*pfh_to));
393 TAILQ_INSERT_TAIL(to, pfh_to, pfil_link);
398 pfil_list_alloc(void)
402 list = kmalloc(sizeof(*list), M_IFADDR, M_WAITOK);
408 pfil_list_free(pfil_list_t *list)
410 struct packet_filter_hook *pfh;
412 while ((pfh = TAILQ_FIRST(list)) != NULL) {
413 TAILQ_REMOVE(list, pfh, pfil_link);
414 kfree(pfh, M_IFADDR);
416 kfree(list, M_IFADDR);
419 static struct packet_filter_hook *
420 pfil_list_find(const pfil_list_t *list, pfil_func_t func, const void *arg)
422 struct packet_filter_hook *pfh;
424 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
426 TAILQ_FOREACH(pfh, list, pfil_link) {
427 if (pfh->pfil_func == func && pfh->pfil_arg == arg)
lentferj's projects / dragonfly.git / blob