2 * Copyright (C) 1993-2001 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
7 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
10 #if defined(KERNEL) && !defined(_KERNEL)
13 #if defined(_KERNEL) && defined(__FreeBSD_version) && \
14 (__FreeBSD_version >= 400000) && !defined(KLD_MODULE)
15 #include "opt_inet6.h"
17 #include <sys/param.h>
18 #if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
19 defined(_KERNEL) && !defined(_LKM)
20 # include "opt_ipfilter_log.h"
22 #if defined(__FreeBSD__) && !defined(__FreeBSD_version)
23 # if !defined(_KERNEL) || defined(IPFILTER_LKM)
24 # include <osreldate.h>
27 #if defined(__sgi) && (IRIX > 602)
29 # include <sys/ptimers.h>
38 #include <sys/errno.h>
39 #include <sys/types.h>
41 #if __FreeBSD_version >= 220000 && defined(_KERNEL)
42 # include <sys/fcntl.h>
43 # include <sys/filio.h>
45 # include <sys/ioctl.h>
49 # include <sys/systm.h>
52 # if (NetBSD > 199609) || (OpenBSD > 199603) || (__FreeBSD_version >= 300000)
53 # include <sys/dirent.h>
57 # include <sys/mbuf.h>
59 # include <sys/filio.h>
61 #include <sys/protosw.h>
62 #include <sys/socket.h>
68 #if __FreeBSD_version >= 300000
69 # include <net/if_var.h>
70 # if defined(_KERNEL) && !defined(IPFILTER_LKM)
71 # include "opt_ipfilter.h"
75 #include <sys/debug.h>
76 # ifdef IFF_DRVRLOCK /* IRIX6 */
77 #include <sys/hashing.h>
80 #include <net/route.h>
81 #include <netinet/in.h>
82 #if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /* IRIX < 6 */
83 # include <netinet/in_var.h>
85 #include <netinet/in_systm.h>
86 #include <netinet/ip.h>
87 #include <netinet/ip_var.h>
88 #include <netinet/tcp.h>
89 #include <netinet/udp.h>
90 #include <netinet/tcpip.h>
91 #include <netinet/ip_icmp.h>
96 #include "netinet/ip_compat.h"
98 # include <netinet/icmp6.h>
100 # include <netinet6/ip6protosw.h>
101 # include <netinet6/nd6.h>
104 #include "netinet/ip_fil.h"
105 #include "netinet/ip_nat.h"
106 #include "netinet/ip_frag.h"
107 #include "netinet/ip_state.h"
108 #include "netinet/ip_proxy.h"
109 #include "netinet/ip_auth.h"
110 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
111 # include <sys/malloc.h>
114 # define MIN(a,b) (((a)<(b))?(a):(b))
116 #if !SOLARIS && defined(_KERNEL) && !defined(__sgi)
117 # include <sys/kernel.h>
118 extern int ip_optcopy __P((struct ip *, struct ip *));
120 #if defined(OpenBSD) && (OpenBSD >= 200211) && defined(_KERNEL)
121 extern int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
122 struct ifnet *, struct in6_addr *, u_long *);
126 static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
127 static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.64 2002/12/06 11:45:45 darrenr Exp $";
131 extern struct protosw inetsw[];
135 static struct ifnet **ifneta = NULL;
138 # if (BSD < 199306) || defined(__sgi)
143 #ifdef ICMP_UNREACH_FILTER_PROHIB
144 int ipl_unreach = ICMP_UNREACH_FILTER_PROHIB;
146 int ipl_unreach = ICMP_UNREACH_FILTER;
148 u_long ipl_frouteok[2] = {0, 0};
150 static int frzerostats __P((caddr_t));
151 #if defined(__NetBSD__) || defined(__OpenBSD__) || (__FreeBSD_version >= 300003)
152 static int frrequest __P((int, u_long, caddr_t, int));
154 static int frrequest __P((int, int, caddr_t, int));
157 static int (*fr_savep) __P((ip_t *, int, void *, int, struct mbuf **));
158 static int send_ip __P((ip_t *, fr_info_t *, struct mbuf **));
160 static int ipfr_fastroute6 __P((struct mbuf *, struct mbuf **,
161 fr_info_t *, frdest_t *));
164 extern int tcp_mtudisc;
165 extern kmutex_t ipf_rw;
166 extern KRWLOCK_T ipf_mutex;
169 void init_ifp __P((void));
170 # if defined(__sgi) && (IRIX < 605)
171 static int no_output __P((struct ifnet *, struct mbuf *,
173 static int write_output __P((struct ifnet *, struct mbuf *,
176 static int no_output __P((struct ifnet *, struct mbuf *,
177 struct sockaddr *, struct rtentry *));
178 static int write_output __P((struct ifnet *, struct mbuf *,
179 struct sockaddr *, struct rtentry *));
184 #if (__FreeBSD_version >= 300000) && defined(_KERNEL)
185 struct callout_handle ipfr_slowtimer_ch;
187 #if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
188 # include <sys/callout.h>
189 struct callout ipfr_slowtimer_ch;
191 #if defined(__OpenBSD__)
192 # include <sys/timeout.h>
193 struct timeout ipfr_slowtimer_ch;
195 #if defined(__sgi) && defined(_KERNEL)
196 toid_t ipfr_slowtimer_ch;
199 #if defined(__NetBSD__) && (__NetBSD_Version__ >= 106080000) && \
201 # include <sys/conf.h>
202 const struct cdevsw ipl_cdevsw = {
203 iplopen, iplclose, iplread, nowrite, iplioctl,
204 nostop, notty, nopoll, nommap,
208 #if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
209 # include <sys/device.h>
210 # include <sys/conf.h>
212 struct cfdriver iplcd = {
213 NULL, "ipl", NULL, NULL, DV_DULL, 0
216 struct devsw iplsw = {
218 iplopen, iplclose, iplread, nowrite, iplioctl, noselect, nommap,
219 nostrat, nodump, nopsize, 0,
222 #endif /* _BSDI_VERSION >= 199510 && _KERNEL */
224 #if defined(__NetBSD__) || defined(__OpenBSD__) || (_BSDI_VERSION >= 199701)
225 # include <sys/conf.h>
226 # if defined(NETBSD_PF)
227 # include <net/pfil.h>
229 * We provide the fr_checkp name just to minimize changes later.
231 int (*fr_checkp) __P((ip_t *ip, int hlen, void *ifp, int out, mb_t **mp));
232 # endif /* NETBSD_PF */
233 #endif /* __NetBSD__ */
236 #if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105110000) && \
238 # include <net/pfil.h>
240 static int fr_check_wrapper(void *, struct mbuf **, struct ifnet *, int );
242 static int fr_check_wrapper(arg, mp, ifp, dir)
248 struct ip *ip = mtod(*mp, struct ip *);
249 int rv, hlen = ip->ip_hl << 2;
251 #if defined(M_CSUM_TCPv4)
253 * If the packet is out-bound, we can't delay checksums
254 * here. For in-bound, the checksum has already been
257 if (dir == PFIL_OUT) {
258 if ((*mp)->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) {
259 in_delayed_cksum(*mp);
260 (*mp)->m_pkthdr.csum_flags &=
261 ~(M_CSUM_TCPv4|M_CSUM_UDPv4);
264 #endif /* M_CSUM_TCPv4 */
267 * We get the packet with all fields in network byte
268 * order. We expect ip_len and ip_off to be in host
269 * order. We frob them, call the filter, then frob
272 * Note, we don't need to update the checksum, because
273 * it has already been verified.
278 rv = fr_check(ip, hlen, ifp, (dir == PFIL_OUT), mp);
280 if (rv == 0 && *mp != NULL) {
281 ip = mtod(*mp, struct ip *);
290 # include <netinet/ip6.h>
292 static int fr_check_wrapper6(void *, struct mbuf **, struct ifnet *, int );
294 static int fr_check_wrapper6(arg, mp, ifp, dir)
301 return (fr_check(mtod(*mp, struct ip *), sizeof(struct ip6_hdr),
302 ifp, (dir == PFIL_OUT), mp));
305 #endif /* __NetBSD_Version >= 105110000 && _KERNEL */
307 # if defined(IPFILTER_LKM) && !defined(__sgi)
311 if (strcmp(s, "ipl") == 0)
315 # endif /* IPFILTER_LKM */
319 * Try to detect the case when compiling for NetBSD with pseudo-device
321 # if defined(__NetBSD__) && defined(PFIL_HOOKS)
323 ipfilterattach(count)
328 * Do nothing here, really. The filter will be enabled
329 * by the SIOCFRENB ioctl.
335 # if defined(__NetBSD__) || defined(__OpenBSD__)
343 # if defined(__sgi) || (defined(NETBSD_PF) && (__NetBSD_Version__ >= 104200000))
346 #if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105110000)
347 struct pfil_head *ph_inet;
349 struct pfil_head *ph_inet6;
354 if (fr_running || (fr_checkp == fr_check)) {
355 printf("IP Filter: already initialized\n");
363 if (nat_init() == -1) {
367 if (fr_stateinit() == -1) {
371 if (appr_init() == -1) {
377 # if (__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011)
378 # if __NetBSD_Version__ >= 105110000
379 ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
381 ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
391 error = pfil_add_hook((void *)fr_check_wrapper, NULL,
392 PFIL_IN|PFIL_OUT, ph_inet);
396 error = pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
397 &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
411 pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
414 # if __NetBSD_Version__ >= 105110000
415 if (ph_inet6 != NULL)
416 error = pfil_add_hook((void *)fr_check_wrapper6, NULL,
417 PFIL_IN|PFIL_OUT, ph_inet6);
421 pfil_remove_hook((void *)fr_check_wrapper6, NULL,
422 PFIL_IN|PFIL_OUT, ph_inet6);
424 error = pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
425 &inet6sw[ip6_protox[IPPROTO_IPV6]].pr_pfh);
427 pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
428 &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
441 error = ipfilter_sgi_attach();
451 bzero((char *)frcache, sizeof(frcache));
452 fr_savep = fr_checkp;
453 fr_checkp = fr_check;
457 if (fr_pass & FR_PASS)
459 else if (fr_pass & FR_BLOCK)
462 defpass = "no-match -> block";
464 printf("%s initialized. Default = %s all, Logging = %s\n",
465 ipfilter_version, defpass,
472 # if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
473 callout_init(&ipfr_slowtimer_ch);
474 callout_reset(&ipfr_slowtimer_ch, hz / 2, ipfr_slowtimer, NULL);
476 # if defined(__OpenBSD__)
477 timeout_set(&ipfr_slowtimer_ch, ipfr_slowtimer, NULL);
478 timeout_add(&ipfr_slowtimer_ch, hz/2);
480 # if (__FreeBSD_version >= 300000) || defined(__sgi)
481 ipfr_slowtimer_ch = timeout(ipfr_slowtimer, NULL, hz/2);
483 timeout(ipfr_slowtimer, NULL, hz/2);
493 * Disable the filter by removing the hooks from the IP input/output
496 # if defined(__NetBSD__)
503 #if defined(NETBSD_PF) && \
504 ((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011))
506 # if __NetBSD_Version__ >= 105150000
507 struct pfil_head *ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
509 struct pfil_head *ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
515 # if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
516 callout_stop(&ipfr_slowtimer_ch);
518 # if (__FreeBSD_version >= 300000)
519 untimeout(ipfr_slowtimer, NULL, ipfr_slowtimer_ch);
522 untimeout(ipfr_slowtimer_ch);
524 # if defined(__OpenBSD__)
525 timeout_del(&ipfr_slowtimer_ch);
527 untimeout(ipfr_slowtimer, NULL);
528 # endif /* OpenBSD */
530 # endif /* FreeBSD */
536 printf("IP Filter: not initialized\n");
541 printf("%s unloaded\n", ipfilter_version);
543 fr_checkp = fr_savep;
544 i = frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE);
545 i += frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE);
549 # if ((__NetBSD_Version__ >= 104200000) || (__FreeBSD_version >= 500011))
550 # if __NetBSD_Version__ >= 105110000
552 error = pfil_remove_hook((void *)fr_check_wrapper, NULL,
553 PFIL_IN|PFIL_OUT, ph_inet);
557 error = pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
558 &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
565 pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
568 # if __NetBSD_Version__ >= 105110000
569 if (ph_inet6 != NULL)
570 error = pfil_remove_hook((void *)fr_check_wrapper6, NULL,
571 PFIL_IN|PFIL_OUT, ph_inet6);
575 error = pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT,
576 &inet6sw[ip6_protox[IPPROTO_IPV6]].pr_pfh);
586 ipfilter_sgi_detach();
601 static int frzerostats(data)
608 error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
612 bzero((char *)frstats, sizeof(*frstats) * 2);
619 * Filter ioctl interface.
622 int IPL_EXTERN(ioctl)(dev_t dev, int cmd, caddr_t data, int mode
624 , cred_t *cp, int *rp
628 int IPL_EXTERN(ioctl)(dev, cmd, data, mode
629 # if (defined(_KERNEL) && ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || \
630 (NetBSD >= 199511) || (__FreeBSD_version >= 220000) || \
631 defined(__OpenBSD__)))
638 # if defined(__NetBSD__) || defined(__OpenBSD__) || \
639 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
648 #if defined(_KERNEL) && !SOLARIS
651 int error = 0, unit = 0, tmp;
653 #if (BSD >= 199306) && defined(_KERNEL)
654 if ((securelevel >= 2) && (mode & FWRITE))
658 unit = GET_MINOR(dev);
659 if ((IPL_LOGMAX < unit) || (unit < 0))
665 if (fr_running == 0 && (cmd != SIOCFRENB || unit != IPL_LOGIPF))
670 if (unit == IPL_LOGNAT) {
672 error = nat_ioctl(data, cmd, mode);
678 if (unit == IPL_LOGSTATE) {
680 error = fr_state_ioctl(data, cmd, mode);
686 if (unit == IPL_LOGAUTH) {
690 if ((cmd == SIOCADAFR) || (cmd == SIOCRMAFR)) {
691 if (!(mode & FWRITE)) {
694 error = frrequest(unit, cmd, data,
698 error = fr_auth_ioctl(data, mode, cmd);
707 error = IWCOPY((caddr_t)&iplused[IPL_LOGIPF], (caddr_t)data,
708 sizeof(iplused[IPL_LOGIPF]));
711 #if (!defined(IPFILTER_LKM) || defined(__NetBSD__)) && defined(_KERNEL)
716 if (!(mode & FWRITE))
719 error = IRCOPY(data, (caddr_t)&enable, sizeof(enable));
723 # if defined(__NetBSD__) || defined(__OpenBSD__)
724 error = ipl_enable();
729 # if defined(__NetBSD__)
730 error = ipl_disable();
739 if (!(mode & FWRITE))
742 error = IRCOPY(data, (caddr_t)&fr_flags,
746 error = IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags));
752 if (!(mode & FWRITE))
755 error = frrequest(unit, cmd, data, fr_active);
760 if (!(mode & FWRITE))
763 error = frrequest(unit, cmd, data, 1 - fr_active);
766 if (!(mode & FWRITE))
769 bzero((char *)frcache, sizeof(frcache[0]) * 2);
770 *(u_int *)data = fr_active;
771 fr_active = 1 - fr_active;
779 error = IWCOPYPTR((caddr_t)&fio, data, sizeof(fio));
785 if (!(mode & FWRITE))
788 error = frzerostats(data);
791 if (!(mode & FWRITE))
794 error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
796 tmp = frflush(unit, 4, tmp);
797 error = IWCOPY((caddr_t)&tmp, data,
804 if (!(mode & FWRITE))
807 error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
809 tmp = frflush(unit, 6, tmp);
810 error = IWCOPY((caddr_t)&tmp, data,
817 error = IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
828 if (!(mode & FWRITE))
831 *(int *)data = ipflog_clear(unit);
833 #endif /* IPFILTER_LOG */
835 error = IWCOPYPTR((caddr_t)ipfr_fragstats(), data,
841 if (!(mode & FWRITE))
844 #if defined(_KERNEL) && defined(__sgi)
859 void fr_forgetifp(ifp)
862 register frentry_t *f;
864 WRITE_ENTER(&ipf_mutex);
865 for (f = ipacct[0][fr_active]; (f != NULL); f = f->fr_next)
866 if (f->fr_ifa == ifp)
867 f->fr_ifa = (void *)-1;
868 for (f = ipacct[1][fr_active]; (f != NULL); f = f->fr_next)
869 if (f->fr_ifa == ifp)
870 f->fr_ifa = (void *)-1;
871 for (f = ipfilter[0][fr_active]; (f != NULL); f = f->fr_next)
872 if (f->fr_ifa == ifp)
873 f->fr_ifa = (void *)-1;
874 for (f = ipfilter[1][fr_active]; (f != NULL); f = f->fr_next)
875 if (f->fr_ifa == ifp)
876 f->fr_ifa = (void *)-1;
878 for (f = ipacct6[0][fr_active]; (f != NULL); f = f->fr_next)
879 if (f->fr_ifa == ifp)
880 f->fr_ifa = (void *)-1;
881 for (f = ipacct6[1][fr_active]; (f != NULL); f = f->fr_next)
882 if (f->fr_ifa == ifp)
883 f->fr_ifa = (void *)-1;
884 for (f = ipfilter6[0][fr_active]; (f != NULL); f = f->fr_next)
885 if (f->fr_ifa == ifp)
886 f->fr_ifa = (void *)-1;
887 for (f = ipfilter6[1][fr_active]; (f != NULL); f = f->fr_next)
888 if (f->fr_ifa == ifp)
889 f->fr_ifa = (void *)-1;
891 RWLOCK_EXIT(&ipf_mutex);
896 static int frrequest(unit, req, data, set)
898 #if defined(__NetBSD__) || defined(__OpenBSD__) || (__FreeBSD_version >= 300003)
906 register frentry_t *fp, *f, **fprev;
907 register frentry_t **ftail;
908 frgroup_t *fg = NULL;
909 int error = 0, in, i;
916 error = IRCOPYPTR(data, (caddr_t)fp, sizeof(*fp));
920 #if (BSD >= 199306) && defined(_KERNEL)
921 if ((securelevel > 0) && (fp->fr_func != NULL))
926 * Check that the group number does exist and that if a head group
927 * has been specified, doesn't exist.
929 if ((req != SIOCZRLST) && ((req == SIOCINAFR) || (req == SIOCINIFR) ||
930 (req == SIOCADAFR) || (req == SIOCADIFR)) && fp->fr_grhead &&
931 fr_findgroup((u_int)fp->fr_grhead, fp->fr_flags, unit, set, NULL))
933 if ((req != SIOCZRLST) && fp->fr_group &&
934 !fr_findgroup((u_int)fp->fr_group, fp->fr_flags, unit, set, NULL))
937 in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
939 if (unit == IPL_LOGAUTH)
940 ftail = fprev = &ipauth;
941 else if ((fp->fr_flags & FR_ACCOUNT) && (fp->fr_v == 4))
942 ftail = fprev = &ipacct[in][set];
943 else if ((fp->fr_flags & (FR_OUTQUE|FR_INQUE)) && (fp->fr_v == 4))
944 ftail = fprev = &ipfilter[in][set];
946 else if ((fp->fr_flags & FR_ACCOUNT) && (fp->fr_v == 6))
947 ftail = fprev = &ipacct6[in][set];
948 else if ((fp->fr_flags & (FR_OUTQUE|FR_INQUE)) && (fp->fr_v == 6))
949 ftail = fprev = &ipfilter6[in][set];
954 if ((group = fp->fr_group)) {
955 if (!(fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL)))
957 ftail = fprev = fg->fg_start;
960 bzero((char *)frcache, sizeof(frcache[0]) * 2);
962 for (i = 0; i < 4; i++) {
963 if ((fp->fr_ifnames[i][1] == '\0') &&
964 ((fp->fr_ifnames[i][0] == '-') ||
965 (fp->fr_ifnames[i][0] == '*'))) {
966 fp->fr_ifas[i] = NULL;
967 } else if (*fp->fr_ifnames[i]) {
968 fp->fr_ifas[i] = GETUNIT(fp->fr_ifnames[i], fp->fr_v);
970 fp->fr_ifas[i] = (void *)-1;
975 fp->fr_flags &= ~FR_DUP;
976 if (*fdp->fd_ifname) {
977 fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_v);
979 fdp->fd_ifp = (struct ifnet *)-1;
981 fp->fr_flags |= FR_DUP;
985 if (*fdp->fd_ifname) {
986 fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fp->fr_v);
988 fdp->fd_ifp = (struct ifnet *)-1;
992 * Look for a matching filter rule, but don't include the next or
993 * interface pointer in the comparison (fr_next, fr_ifa).
995 for (fp->fr_cksum = 0, p = (u_int *)&fp->fr_ip, pp = &fp->fr_cksum;
999 for (; (f = *ftail); ftail = &f->fr_next)
1000 if ((fp->fr_cksum == f->fr_cksum) &&
1001 !bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip, FR_CMPSIZ))
1005 * If zero'ing statistics, copy current to caller and zero.
1007 if (req == SIOCZRLST) {
1010 error = IWCOPYPTR((caddr_t)f, data, sizeof(*f));
1019 if (req != SIOCINAFR && req != SIOCINIFR)
1020 while ((f = *ftail))
1021 ftail = &f->fr_next;
1025 while (--fp->fr_hits && (f = *ftail))
1026 ftail = &f->fr_next;
1032 if (req == SIOCRMAFR || req == SIOCRMIFR) {
1037 * Only return EBUSY if there is a group list, else
1038 * it's probably just state information referencing
1041 if ((f->fr_ref > 1) && f->fr_grp)
1043 if (fg && fg->fg_head)
1044 fg->fg_head->fr_ref--;
1045 if (unit == IPL_LOGAUTH) {
1046 return fr_preauthcmd(req, f, ftail);
1049 fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
1051 fixskip(fprev, f, -1);
1052 *ftail = f->fr_next;
1062 if (unit == IPL_LOGAUTH) {
1063 return fr_preauthcmd(req, fp, ftail);
1065 KMALLOC(f, frentry_t *);
1067 if (fg && fg->fg_head)
1068 fg->fg_head->fr_ref++;
1069 bcopy((char *)fp, (char *)f, sizeof(*f));
1072 f->fr_next = *ftail;
1074 if (req == SIOCINIFR || req == SIOCINAFR)
1075 fixskip(fprev, f, 1);
1077 if ((group = f->fr_grhead))
1078 fg = fr_addgroup(group, f, unit, set);
1089 * routines below for saving IP headers to buffer
1093 int IPL_EXTERN(open)(dev_t *pdev, int flags, int devtype, cred_t *cp)
1095 int IPL_EXTERN(open)(dev_t dev, int flags)
1098 int IPL_EXTERN(open)(dev, flags
1099 # if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \
1100 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL)
1111 # if defined(__sgi) && defined(_KERNEL)
1112 u_int min = geteminor(*pdev);
1114 u_int min = GET_MINOR(dev);
1117 if (IPL_LOGMAX < min)
1126 int IPL_EXTERN(close)(dev_t dev, int flags, int devtype, cred_t *cp)
1128 int IPL_EXTERN(close)(dev, flags
1129 # if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \
1130 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL)
1141 u_int min = GET_MINOR(dev);
1143 if (IPL_LOGMAX < min)
1152 * both of these must operate with at least splnet() lest they be
1153 * called during packet processing and cause an inconsistancy to appear in
1157 int IPL_EXTERN(read)(dev_t dev, uio_t *uio, cred_t *crp)
1160 int IPL_EXTERN(read)(dev, uio, ioflag)
1163 int IPL_EXTERN(read)(dev, uio)
1166 register struct uio *uio;
1169 # ifdef IPFILTER_LOG
1170 return ipflog_read(GET_MINOR(dev), uio);
1178 * send_reset - this could conceivably be a call to tcp_respond(), but that
1179 * requires a large amount of setting up and isn't any more efficient.
1181 int send_reset(oip, fin)
1185 struct tcphdr *tcp, *tcp2;
1189 ip6_t *ip6, *oip6 = (ip6_t *)oip;
1193 tcp = (struct tcphdr *)fin->fin_dp;
1194 if (tcp->th_flags & TH_RST)
1195 return -1; /* feedback loop */
1196 # if (BSD < 199306) || defined(__sgi)
1197 m = m_get(M_DONTWAIT, MT_HEADER);
1199 m = m_gethdr(M_DONTWAIT, MT_HEADER);
1206 tlen = fin->fin_dlen - (tcp->th_off << 2) +
1207 ((tcp->th_flags & TH_SYN) ? 1 : 0) +
1208 ((tcp->th_flags & TH_FIN) ? 1 : 0);
1211 hlen = (fin->fin_v == 6) ? sizeof(ip6_t) : sizeof(ip_t);
1213 hlen = sizeof(ip_t);
1215 m->m_len = sizeof(*tcp2) + hlen;
1217 m->m_data += max_linkhdr;
1218 m->m_pkthdr.len = m->m_len;
1219 m->m_pkthdr.rcvif = (struct ifnet *)0;
1221 ip = mtod(m, struct ip *);
1225 bzero((char *)ip, sizeof(*tcp2) + hlen);
1226 tcp2 = (struct tcphdr *)((char *)ip + hlen);
1228 tcp2->th_sport = tcp->th_dport;
1229 tcp2->th_dport = tcp->th_sport;
1230 if (tcp->th_flags & TH_ACK) {
1231 tcp2->th_seq = tcp->th_ack;
1232 tcp2->th_flags = TH_RST;
1234 tcp2->th_ack = ntohl(tcp->th_seq);
1235 tcp2->th_ack += tlen;
1236 tcp2->th_ack = htonl(tcp2->th_ack);
1237 tcp2->th_flags = TH_RST|TH_ACK;
1239 tcp2->th_off = sizeof(*tcp2) >> 2;
1241 if (fin->fin_v == 6) {
1242 ip6->ip6_plen = htons(sizeof(struct tcphdr));
1243 ip6->ip6_nxt = IPPROTO_TCP;
1244 ip6->ip6_src = oip6->ip6_dst;
1245 ip6->ip6_dst = oip6->ip6_src;
1246 tcp2->th_sum = in6_cksum(m, IPPROTO_TCP,
1247 sizeof(*ip6), sizeof(*tcp2));
1248 return send_ip(oip, fin, &m);
1251 ip->ip_p = IPPROTO_TCP;
1252 ip->ip_len = htons(sizeof(struct tcphdr));
1253 ip->ip_src.s_addr = oip->ip_dst.s_addr;
1254 ip->ip_dst.s_addr = oip->ip_src.s_addr;
1255 tcp2->th_sum = in_cksum(m, hlen + sizeof(*tcp2));
1256 ip->ip_len = hlen + sizeof(*tcp2);
1257 return send_ip(oip, fin, &m);
1262 * Send an IP(v4/v6) datagram out into the network
1264 static int send_ip(oip, fin, mp)
1269 struct mbuf *m = *mp;
1274 bzero((char *)&frn, sizeof(frn));
1275 frn.fin_ifp = fin->fin_ifp;
1276 frn.fin_v = fin->fin_v;
1277 frn.fin_out = fin->fin_out;
1278 frn.fin_mp = fin->fin_mp;
1280 ip = mtod(m, ip_t *);
1283 ip->ip_v = fin->fin_v;
1284 if (ip->ip_v == 4) {
1285 ip->ip_hl = (sizeof(*oip) >> 2);
1286 ip->ip_v = IPVERSION;
1287 ip->ip_tos = oip->ip_tos;
1288 ip->ip_id = oip->ip_id;
1290 # if defined(__NetBSD__) || \
1291 (defined(__OpenBSD__) && (OpenBSD >= 200012))
1292 if (ip_mtudisc != 0)
1296 if (ip->ip_p == IPPROTO_TCP && tcp_mtudisc != 0)
1301 # if (BSD < 199306) || defined(__sgi)
1302 ip->ip_ttl = tcp_ttl;
1304 ip->ip_ttl = ip_defttl;
1307 frn.fin_dp = (char *)(ip + 1);
1310 else if (ip->ip_v == 6) {
1311 ip6_t *ip6 = (ip6_t *)ip;
1313 hlen = sizeof(*ip6);
1314 ip6->ip6_hlim = 127;
1315 frn.fin_dp = (char *)(ip6 + 1);
1319 m->m_pkthdr.rcvif = NULL;
1322 fr_makefrip(hlen, ip, &frn);
1324 error = ipfr_fastroute(m, mp, &frn, NULL);
1329 int send_icmp_err(oip, type, fin, dst)
1335 int err, hlen = 0, xtra = 0, iclen, ohlen = 0, avail, code;
1336 u_short shlen, slen = 0, soff = 0;
1337 struct in_addr dst4;
1342 ip6_t *ip6, *oip6 = (ip6_t *)oip;
1343 struct in6_addr dst6;
1347 if ((type < 0) || (type > ICMP_MAXTYPE))
1350 code = fin->fin_icode;
1352 if ((code < 0) || (code > sizeof(icmptoicmp6unreach)/sizeof(int)))
1359 if (fin->fin_v == 4) {
1360 if ((oip->ip_p == IPPROTO_ICMP) &&
1361 !(fin->fin_fi.fi_fl & FI_SHORT))
1362 switch (ntohs(fin->fin_data[0]) >> 8)
1373 # if (BSD < 199306) || defined(__sgi)
1375 m = m_get(M_DONTWAIT, MT_HEADER);
1378 m = m_gethdr(M_DONTWAIT, MT_HEADER);
1384 if (fr_ifpaddr(4, ifp, &dst4) == -1)
1387 dst4.s_addr = oip->ip_dst.s_addr;
1389 hlen = sizeof(ip_t);
1390 ohlen = oip->ip_hl << 2;
1395 else if (fin->fin_v == 6) {
1396 hlen = sizeof(ip6_t);
1397 ohlen = sizeof(ip6_t);
1398 type = icmptoicmp6types[type];
1399 if (type == ICMP6_DST_UNREACH)
1400 code = icmptoicmp6unreach[code];
1402 MGETHDR(m, M_DONTWAIT, MT_HEADER);
1406 MCLGET(m, M_DONTWAIT);
1407 if ((m->m_flags & M_EXT) == 0) {
1411 # ifdef M_TRAILINGSPACE
1413 avail = M_TRAILINGSPACE(m);
1415 avail = (m->m_flags & M_EXT) ? MCLBYTES : MHLEN;
1417 xtra = MIN(ntohs(oip6->ip6_plen) + sizeof(ip6_t),
1418 avail - hlen - sizeof(*icmp) - max_linkhdr);
1420 if (fr_ifpaddr(6, ifp, (struct in_addr *)&dst6) == -1)
1423 dst6 = oip6->ip6_dst;
1427 iclen = hlen + sizeof(*icmp);
1429 avail -= (max_linkhdr + iclen);
1430 m->m_data += max_linkhdr;
1431 m->m_pkthdr.rcvif = (struct ifnet *)0;
1435 m->m_pkthdr.len = iclen;
1437 avail -= (m->m_off + iclen);
1443 ip = mtod(m, ip_t *);
1444 icmp = (struct icmp *)((char *)ip + hlen);
1445 bzero((char *)ip, iclen);
1447 icmp->icmp_type = type;
1448 icmp->icmp_code = fin->fin_icode;
1449 icmp->icmp_cksum = 0;
1451 if (type == ICMP_UNREACH &&
1452 fin->fin_icode == ICMP_UNREACH_NEEDFRAG && ifp)
1453 icmp->icmp_nextmtu = htons(((struct ifnet *) ifp)->if_mtu);
1457 bcopy((char *)oip, (char *)&icmp->icmp_ip, MIN(ohlen, avail));
1458 avail -= MIN(ohlen, avail);
1463 if (fin->fin_v == 6) {
1465 ip6->ip6_plen = htons(iclen - hlen);
1466 ip6->ip6_nxt = IPPROTO_ICMPV6;
1468 ip6->ip6_src = dst6;
1469 ip6->ip6_dst = oip6->ip6_src;
1471 bcopy((char *)oip + ohlen,
1472 (char *)&icmp->icmp_ip + ohlen, avail);
1473 icmp->icmp_cksum = in6_cksum(m, IPPROTO_ICMPV6,
1474 sizeof(*ip6), iclen - hlen);
1479 oip->ip_len = htons(oip->ip_len);
1481 oip->ip_off = htons(ip->ip_off);
1483 ip->ip_src.s_addr = dst4.s_addr;
1484 ip->ip_dst.s_addr = oip->ip_src.s_addr;
1489 bcopy((char *)oip + ohlen,
1490 (char *)&icmp->icmp_ip + ohlen, avail);
1491 icmp->icmp_cksum = ipf_cksum((u_short *)icmp,
1494 ip->ip_p = IPPROTO_ICMP;
1497 shlen = fin->fin_hlen;
1498 fin->fin_hlen = hlen;
1499 err = send_ip(oip, fin, &m);
1500 fin->fin_hlen = shlen;
1502 if (fin->fin_v == 4)
1512 # if !defined(IPFILTER_LKM) && !defined(__sgi) && \
1513 (!defined(__FreeBSD_version) || (__FreeBSD_version < 300000))
1515 int iplinit __P((void));
1519 void iplinit __P((void));
1526 # if defined(__NetBSD__) || defined(__OpenBSD__)
1527 if (ipl_enable() != 0)
1529 if (iplattach() != 0)
1532 printf("IP Filter failed to attach\n");
1536 # endif /* ! __NetBSD__ */
1540 * Return the length of the entire mbuf.
1542 size_t mbufchainlen(m0)
1543 register struct mbuf *m0;
1546 return m0->m_pkthdr.len;
1548 register size_t len = 0;
1550 for (; m0; m0 = m0->m_next)
1557 int ipfr_fastroute(m0, mpp, fin, fdp)
1558 struct mbuf *m0, **mpp;
1562 register struct ip *ip, *mhip;
1563 register struct mbuf *m = m0;
1564 register struct route *ro;
1565 int len, off, error = 0, hlen, code;
1566 struct ifnet *ifp, *sifp;
1567 struct sockaddr_in *dst;
1568 struct route iproute;
1578 if (fin->fin_v == 6) {
1579 error = ipfr_fastroute6(m0, mpp, fin, fdp);
1585 if (fin->fin_v == 6)
1593 * If the mbuf we're about to send is not writable (because of
1594 * a cluster reference, for example) we'll need to make a copy
1595 * of it since this routine modifies the contents.
1597 * If you have non-crappy network hardware that can transmit data
1598 * from the mbuf, rather than making a copy, this is gonna be a
1601 if (M_WRITABLE(m) == 0) {
1602 if ((m0 = m_dup(m, M_DONTWAIT)) != NULL) {
1614 hlen = fin->fin_hlen;
1615 ip = mtod(m0, struct ip *);
1617 #if defined(__NetBSD__) && defined(M_CSUM_IPv4)
1619 * Clear any in-bound checksum flags for this packet.
1621 # if (__NetBSD_Version__ > 105009999)
1622 m0->m_pkthdr.csum_flags = 0;
1624 m0->m_pkthdr.csuminfo = 0;
1626 #endif /* __NetBSD__ && M_CSUM_IPv4 */
1631 #if defined(__sgi) && (IRIX >= 605)
1634 bzero((caddr_t)ro, sizeof (*ro));
1635 dst = (struct sockaddr_in *)&ro->ro_dst;
1636 dst->sin_family = AF_INET;
1637 dst->sin_addr = ip->ip_dst;
1646 * In case we're here due to "to <if>" being used with "keep state",
1647 * check that we're going in the correct direction.
1649 if ((fr != NULL) && (fin->fin_rev != 0)) {
1650 if ((ifp != NULL) && (fdp == &fr->fr_tif))
1652 } else if (fdp != NULL) {
1653 if (fdp->fd_ip.s_addr != 0)
1654 dst->sin_addr = fdp->fd_ip;
1658 dst->sin_len = sizeof(*dst);
1660 # if (BSD >= 199306) && !defined(__NetBSD__) && !defined(__bsdi__) && \
1661 !defined(__OpenBSD__)
1663 rtalloc_ign(ro, RTF_CLONING);
1665 rtalloc_ign(ro, RTF_PRCLONING);
1671 #if defined(__sgi) && (IRIX > 602)
1676 if (!fr || !(fr->fr_flags & FR_FASTROUTE)) {
1682 if ((ifp == NULL) && (ro->ro_rt != NULL))
1683 ifp = ro->ro_rt->rt_ifp;
1685 if ((ro->ro_rt == NULL) || (ifp == NULL)) {
1686 if (in_localaddr(ip->ip_dst))
1687 error = EHOSTUNREACH;
1689 error = ENETUNREACH;
1693 if (ro->ro_rt->rt_flags & RTF_GATEWAY) {
1695 dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
1697 dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway;
1700 ro->ro_rt->rt_use++;
1703 * For input packets which are being "fastrouted", they won't
1704 * go back through output filtering and miss their chance to get
1705 * NAT'd and counted.
1707 if (fin->fin_out == 0) {
1708 sifp = fin->fin_ifp;
1711 if ((fin->fin_fr = ipacct[1][fr_active]) &&
1712 (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT)) {
1713 ATOMIC_INCL(frstats[1].fr_acct);
1716 if (!fr || !(fr->fr_flags & FR_RETMASK))
1717 (void) fr_checkstate(ip, fin);
1718 (void) ip_natout(ip, fin);
1719 fin->fin_ifp = sifp;
1723 * If small enough for interface, can just send directly.
1725 if (ip->ip_len <= ifp->if_mtu) {
1727 # if (!defined(__FreeBSD__) && !(_BSDI_VERSION >= 199510)) && \
1728 !(__NetBSD_Version__ >= 105110000)
1729 ip->ip_id = htons(ip->ip_id);
1731 ip->ip_len = htons(ip->ip_len);
1732 ip->ip_off = htons(ip->ip_off);
1734 # if defined(__NetBSD__) && defined(M_CSUM_IPv4)
1735 # if (__NetBSD_Version__ > 105009999)
1736 if (ifp->if_csum_flags_tx & IFCAP_CSUM_IPv4)
1737 m->m_pkthdr.csum_flags |= M_CSUM_IPv4;
1738 else if (ip->ip_sum == 0)
1739 ip->ip_sum = in_cksum(m, hlen);
1741 if (ifp->if_capabilities & IFCAP_CSUM_IPv4)
1742 m->m_pkthdr.csuminfo |= M_CSUM_IPv4;
1743 else if (ip->ip_sum == 0)
1744 ip->ip_sum = in_cksum(m, hlen);
1748 ip->ip_sum = in_cksum(m, hlen);
1749 # endif /* __NetBSD__ && M_CSUM_IPv4 */
1750 # if (BSD >= 199306) || (defined(IRIX) && (IRIX >= 605))
1751 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst,
1754 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst);
1760 * Too large for interface; fragment if possible.
1761 * Must be able to put at least 8 bytes per fragment.
1763 if (ip->ip_off & IP_DF) {
1767 len = (ifp->if_mtu - hlen) &~ 7;
1774 int mhlen, firstlen = len;
1775 struct mbuf **mnext = &m->m_act;
1778 * Loop through length of segment after first fragment,
1779 * make new header and copy data of each part and link onto chain.
1782 mhlen = sizeof (struct ip);
1783 for (off = hlen + len; off < ip->ip_len; off += len) {
1785 MGETHDR(m, M_DONTWAIT, MT_HEADER);
1787 MGET(m, M_DONTWAIT, MT_HEADER);
1794 m->m_data += max_linkhdr;
1796 m->m_off = MMAXOFF - hlen;
1798 mhip = mtod(m, struct ip *);
1799 bcopy((char *)ip, (char *)mhip, sizeof(*ip));
1800 if (hlen > sizeof (struct ip)) {
1801 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
1802 mhip->ip_hl = mhlen >> 2;
1805 mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF);
1806 if (ip->ip_off & IP_MF)
1807 mhip->ip_off |= IP_MF;
1808 if (off + len >= ip->ip_len)
1809 len = ip->ip_len - off;
1811 mhip->ip_off |= IP_MF;
1812 mhip->ip_len = htons((u_short)(len + mhlen));
1813 m->m_next = m_copy(m0, off, len);
1814 if (m->m_next == 0) {
1815 error = ENOBUFS; /* ??? */
1819 m->m_pkthdr.len = mhlen + len;
1820 m->m_pkthdr.rcvif = NULL;
1822 mhip->ip_off = htons((u_short)mhip->ip_off);
1824 mhip->ip_sum = in_cksum(m, mhlen);
1829 * Update first fragment by trimming what's been copied out
1830 * and updating header, then send each fragment (in order).
1832 m_adj(m0, hlen + firstlen - ip->ip_len);
1833 ip->ip_len = htons((u_short)(hlen + firstlen));
1834 ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
1836 ip->ip_sum = in_cksum(m0, hlen);
1838 for (m = m0; m; m = m0) {
1842 # if (BSD >= 199306) || (defined(IRIX) && (IRIX >= 605))
1843 error = (*ifp->if_output)(ifp, m,
1844 (struct sockaddr *)dst, ro->ro_rt);
1846 error = (*ifp->if_output)(ifp, m,
1847 (struct sockaddr *)dst);
1859 if (ro->ro_rt != NULL) {
1865 if ((error == EMSGSIZE) && (fin->fin_v == 4)) {
1866 sifp = fin->fin_ifp;
1867 code = fin->fin_icode;
1868 fin->fin_icode = ICMP_UNREACH_NEEDFRAG;
1870 (void) send_icmp_err(ip, ICMP_UNREACH, fin, 1);
1871 fin->fin_ifp = sifp;
1872 fin->fin_icode = code;
1880 * Return true or false depending on whether the route to the
1881 * given IP address uses the same interface as the one passed.
1883 int fr_verifysrc(ipa, ifp)
1887 struct sockaddr_in *dst;
1888 struct route iproute;
1890 bzero((char *)&iproute, sizeof(iproute));
1891 dst = (struct sockaddr_in *)&iproute.ro_dst;
1892 # if (BSD >= 199306)
1893 dst->sin_len = sizeof(*dst);
1895 dst->sin_family = AF_INET;
1896 dst->sin_addr = ipa;
1897 # if (BSD >= 199306) && !defined(__NetBSD__) && !defined(__bsdi__) && \
1898 !defined(__OpenBSD__)
1900 rtalloc_ign(&iproute, RTF_CLONING);
1902 rtalloc_ign(&iproute, RTF_PRCLONING);
1907 if (iproute.ro_rt == NULL)
1909 return (ifp == iproute.ro_rt->rt_ifp);
1913 # ifdef USE_GETIFNAME
1918 static char workbuf[64];
1920 sprintf(workbuf, "%s%d", ifp->if_name, ifp->if_unit);
1926 # if defined(USE_INET6)
1928 * This is the IPv6 specific fastroute code. It doesn't clean up the mbuf's
1929 * or ensure that it is an IPv6 packet that is being forwarded, those are
1930 * expected to be done by the called (ipfr_fastroute).
1932 static int ipfr_fastroute6(m0, mpp, fin, fdp)
1933 struct mbuf *m0, **mpp;
1937 struct route_in6 ip6route;
1938 struct sockaddr_in6 *dst6;
1939 struct route_in6 *ro;
1942 #if defined(OpenBSD) && (OpenBSD >= 200211)
1943 struct route_in6 *ro_pmtu = NULL;
1944 struct in6_addr finaldst;
1953 bzero((caddr_t)ro, sizeof(*ro));
1954 dst6 = (struct sockaddr_in6 *)&ro->ro_dst;
1955 dst6->sin6_family = AF_INET6;
1956 dst6->sin6_len = sizeof(struct sockaddr_in6);
1957 dst6->sin6_addr = fin->fin_fi.fi_src.in6;
1962 if ((fr != NULL) && (fin->fin_rev != 0)) {
1963 if ((ifp != NULL) && (fdp == &fr->fr_tif))
1965 } else if (fdp != NULL) {
1966 if (IP6_NOTZERO(&fdp->fd_ip6))
1967 dst6->sin6_addr = fdp->fd_ip6.in6;
1969 if ((ifp == NULL) && ((fr == NULL) || !(fr->fr_flags & FR_FASTROUTE)))
1972 rtalloc((struct route *)ro);
1974 if ((ifp == NULL) && (ro->ro_rt != NULL))
1975 ifp = ro->ro_rt->rt_ifp;
1977 if ((ro->ro_rt == NULL) || (ifp == NULL) ||
1978 (ifp != ro->ro_rt->rt_ifp)) {
1979 error = EHOSTUNREACH;
1981 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
1982 dst6 = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
1983 ro->ro_rt->rt_use++;
1985 #if defined(OpenBSD) && (OpenBSD >= 200211)
1986 ip6 = mtod(m0, ip6_t *);
1988 finaldst = ip6->ip6_dst;
1989 error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu);
1992 mtu = nd_ifinfo[ifp->if_index].linkmtu;
1994 if (m0->m_pkthdr.len <= mtu)
1995 error = nd6_output(ifp, fin->fin_ifp, m0,
1999 #if defined(OpenBSD) && (OpenBSD >= 200211)
2004 if (ro->ro_rt != NULL) {
2010 #else /* #ifdef _KERNEL */
2013 # if defined(__sgi) && (IRIX < 605)
2014 static int no_output __P((struct ifnet *ifp, struct mbuf *m,
2015 struct sockaddr *s))
2017 static int no_output __P((struct ifnet *ifp, struct mbuf *m,
2018 struct sockaddr *s, struct rtentry *rt))
2026 # if defined(__sgi) && (IRIX < 605)
2027 static int write_output __P((struct ifnet *ifp, struct mbuf *m,
2028 struct sockaddr *s))
2030 static int write_output __P((struct ifnet *ifp, struct mbuf *m,
2031 struct sockaddr *s, struct rtentry *rt))
2034 ip_t *ip = (ip_t *)m;
2036 static int write_output(ifp, ip)
2044 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
2045 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
2046 sprintf(fname, "%s", ifp->if_xname);
2048 sprintf(fname, "%s%d", ifp->if_name, ifp->if_unit);
2050 fd = open(fname, O_WRONLY|O_APPEND);
2055 write(fd, (char *)ip, ntohs(ip->ip_len));
2061 char *get_ifname(ifp)
2064 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
2065 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
2066 return ifp->if_xname;
2068 static char fullifname[LIFNAMSIZ];
2070 sprintf(fullifname, "%s%d", ifp->if_name, ifp->if_unit);
2076 struct ifnet *get_unit(ifname, v)
2080 struct ifnet *ifp, **ifa, **old_ifneta;
2082 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
2083 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
2084 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
2085 if (!strncmp(ifname, ifp->if_xname, sizeof(ifp->if_xname)))
2087 char fullname[LIFNAMSIZ];
2089 sprintf(fullname, "%s%d", ifp->if_name, ifp->if_unit);
2090 if (!strcmp(ifname, fullname))
2096 ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
2100 ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
2107 old_ifneta = ifneta;
2109 ifneta = (struct ifnet **)realloc(ifneta,
2110 (nifs + 1) * sizeof(*ifa));
2116 ifneta[nifs] = NULL;
2117 ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
2118 if (!ifneta[nifs - 1]) {
2123 ifp = ifneta[nifs - 1];
2125 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
2126 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
2127 strncpy(ifp->if_xname, ifname, sizeof(ifp->if_xname));
2129 ifp->if_name = strdup(ifname);
2131 ifname = ifp->if_name;
2132 while (*ifname && !isdigit(*ifname))
2134 if (*ifname && isdigit(*ifname)) {
2135 ifp->if_unit = atoi(ifname);
2140 ifp->if_output = no_output;
2148 struct ifnet *ifp, **ifa;
2152 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
2153 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
2154 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
2155 ifp->if_output = write_output;
2156 sprintf(fname, "/tmp/%s", ifp->if_xname);
2157 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
2165 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
2166 ifp->if_output = write_output;
2167 sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
2168 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
2178 int send_reset(ip, fin)
2182 verbose("- TCP RST sent\n");
2187 int send_icmp_err(ip, code, fin, dst)
2193 verbose("- ICMP UNREACHABLE sent\n");
2203 void m_copydata(m, off, len, cp)
2208 bcopy((char *)m + off, cp, len);
2212 int ipfuiomove(buf, len, rwflag, uio)
2217 int left, ioc, num, offset;
2221 if (rwflag == UIO_READ) {
2225 offset = uio->uio_offset;
2227 while ((left > 0) && (ioc < uio->uio_iovcnt)) {
2228 io = uio->uio_iov + ioc;
2232 start = (char *)io->iov_base + offset;
2233 if (start > (char *)io->iov_base + io->iov_len) {
2234 offset -= io->iov_len;
2238 bcopy(buf, start, num);
2239 uio->uio_resid -= num;
2240 uio->uio_offset += num;
2250 #endif /* _KERNEL */
projects / dragonfly.git / blob