diff --git a/sys/conf/files b/sys/conf/files index 64874823223b..a7eea281d18c 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -251,6 +251,7 @@ netatalk/ddp_usrreq.c optional netatalk #netimp/if_imp.c optional imp #netimp/if_imphost.c optional imp #netimp/raw_imp.c optional imp +netinet/fil.c optional ipfilter inet netinet/if_atm.c optional atm netinet/if_ether.c optional ether netinet/igmp.c optional inet @@ -259,12 +260,20 @@ netinet/in.c optional inet netinet/in_pcb.c optional inet netinet/in_proto.c optional inet netinet/in_rmx.c optional inet +netinet/ip_auth.c optional ipfilter inet netinet/ip_divert.c optional ipdivert +netinet/ip_fil.c optional ipfilter inet +netinet/ip_frag.c optional ipfilter inet netinet/ip_fw.c optional ipfirewall netinet/ip_icmp.c optional inet netinet/ip_input.c optional inet +netinet/ip_log.c optional ipfilter inet netinet/ip_mroute.c optional inet +netinet/ip_nat.c optional ipfilter inet netinet/ip_output.c optional inet +netinet/ip_proxy.c optional ipfilter inet +netinet/ip_state.c optional ipfilter inet +netinet/mlf_ipl.c optional ipfilter inet netinet/raw_ip.c optional inet netinet/tcp_debug.c optional tcpdebug netinet/tcp_input.c optional inet @@ -273,13 +282,6 @@ netinet/tcp_subr.c optional inet netinet/tcp_timer.c optional inet netinet/tcp_usrreq.c optional inet netinet/udp_usrreq.c optional inet -netinet/ip_fil.c optional ipfilter inet -netinet/fil.c optional ipfilter inet -netinet/ip_nat.c optional ipfilter inet -netinet/ip_frag.c optional ipfilter inet -netinet/ip_state.c optional ipfilter inet -netinet/ip_proxy.c optional ipfilter inet -netinet/mln_ipl.c optional ipfilter inet netipx/ipx.c optional ipx netipx/ipx_cksum.c optional ipx netipx/ipx_input.c optional ipx diff --git a/sys/conf/options b/sys/conf/options index 3d60b25a6a58..1d4d85236ad1 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -1,4 +1,4 @@ -# $Id: options,v 1.67 1998/03/14 04:13:50 tegge Exp $ +# $Id: options,v 1.68 1998/03/19 22:37:37 dyson Exp $ # # On the handling of kernel options # @@ -179,6 +179,9 @@ PPP_DEFLATE opt_ppp.h PPP_FILTER opt_ppp.h TCP_COMPAT_42 opt_compat.h TCPDEBUG +IPFILTER opt_ipfilter.h +IPFILTER_LOG opt_ipfilter.h +IPFILTER_LKM opt_ipfilter.h # XXX Conflict: # of devices vs network protocol (Native ATM). # This makes "atm.h" unusable. diff --git a/sys/netinet/fil.c b/sys/netinet/fil.c index 58c28e14126b..57190a99dcd0 100644 --- a/sys/netinet/fil.c +++ b/sys/netinet/fil.c @@ -7,15 +7,19 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-1996 Darren Reed"; -static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: fil.c,v 1.1.1.6 1998/03/21 10:11:28 peter Exp $"; #endif +#include "opt_ipfilter.h" + #include #include #include #include #include -#include +#if !defined(__FreeBSD__) +# include +#endif #if (defined(_KERNEL) || defined(KERNEL)) && !defined(linux) # include #else @@ -32,6 +36,9 @@ static const char rcsid[] = "@(#)$Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 d # include # include #endif +#if defined(__FreeBSD__) +# include +#endif #ifndef linux # include # include @@ -1073,7 +1080,7 @@ int len; * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.0.2.41.2.9 1997/12/02 13:56:06 darrenr Exp $ + * $Id: fil.c,v 1.1.1.6 1998/03/21 10:11:28 peter Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index b153ca795211..de7d67d1194f 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)in_proto.c 8.2 (Berkeley) 2/9/95 - * $Id: in_proto.c,v 1.44 1997/11/05 20:17:16 joerg Exp $ + * $Id: in_proto.c,v 1.45 1997/12/15 20:31:11 eivind Exp $ */ #include "opt_ipdivert.h" @@ -80,12 +80,6 @@ int tp_ctloutput(), tp_usrreq(); void eoninput(), eonctlinput(), eonprotoinit(); #endif /* EON */ -#ifdef IPFILTER -void iplinit(); -#define ip_init iplinit -#endif - - extern struct domain inetdomain; static struct pr_usrreqs nousrreqs; diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c index 2640a77245cc..3a85af386cc9 100644 --- a/sys/netinet/ip_auth.c +++ b/sys/netinet/ip_auth.c @@ -6,9 +6,14 @@ * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.0.2.21.2.2 1997/11/12 10:45:51 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_auth.c,v 1.1.1.1 1997/11/16 05:55:52 peter Exp $"; #endif +#if defined(KERNEL) && !defined(_KERNEL) +#define _KERNEL +#endif +#define __FreeBSD_version 300000 /* just a hack - no */ + #if !defined(_KERNEL) && !defined(KERNEL) # include # include @@ -43,6 +48,9 @@ static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.0.2.21.2.2 1997/11/12 10:45: # include # include #endif +#if defined(KERNEL) && (__FreeBSD_version >= 300000) +# include +#endif #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(bsdi) # include #endif diff --git a/sys/netinet/ip_fil.c b/sys/netinet/ip_fil.c index d518d1793af0..598e457bae23 100644 --- a/sys/netinet/ip_fil.c +++ b/sys/netinet/ip_fil.c @@ -7,9 +7,11 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.0.2.44.2.5 1997/11/24 10:02:02 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_fil.c,v 1.1.1.6 1998/03/21 10:11:08 peter Exp $"; #endif +#include "opt_ipfilter.h" + #ifndef SOLARIS #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) #endif @@ -19,7 +21,7 @@ static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.0.2.44.2.5 1997/11/24 10:02:0 #endif #ifdef __FreeBSD__ # if defined(_KERNEL) && !defined(IPFILTER_LKM) -# include +# define __FreeBSD_version 300000 /* this will do as a hack */ # else # include # endif @@ -46,7 +48,7 @@ static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.0.2.44.2.5 1997/11/24 10:02:0 #endif #include #if !SOLARIS -# if (NetBSD > 199609) || (OpenBSD > 199603) +# if (NetBSD > 199609) || (OpenBSD > 199603) || __FreeBSD_version >= 220000 # include # else # include @@ -64,6 +66,7 @@ static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.0.2.44.2.5 1997/11/24 10:02:0 #endif #if __FreeBSD_version >= 300000 # include +# include #endif #ifdef __sgi #include @@ -510,7 +513,9 @@ static void frsync() #ifdef _KERNEL struct ifnet *ifp; -# if defined(__OpenBSD__) || (NetBSD >= 199511) +# if (__FreeBSD_version >= 300000) + for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_link.tqe_next) +# elif defined(__OpenBSD__) || (NetBSD >= 199511) for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_list.tqe_next) # else for (ifp = ifnet; ifp; ifp = ifp->if_next) diff --git a/sys/netinet/ip_frag.c b/sys/netinet/ip_frag.c index 923f68522261..a379c67b6601 100644 --- a/sys/netinet/ip_frag.c +++ b/sys/netinet/ip_frag.c @@ -7,9 +7,14 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.0.2.19.2.1 1997/11/12 10:50:21 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_frag.c,v 1.1.1.5 1997/11/16 05:55:34 peter Exp $"; #endif +#if !defined(_KERNEL) && defined(KERNEL) +#define _KERNEL +#endif +#define __FreeBSD_version 300000 /* it's a hack, but close enough */ + #if !defined(_KERNEL) && !defined(KERNEL) # include # include @@ -22,6 +27,7 @@ static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.0.2.19.2.1 1997/11/12 10:50: #if defined(KERNEL) && (__FreeBSD_version >= 220000) #include #include +#include #else #include #endif @@ -43,6 +49,9 @@ static const char rcsid[] = "@(#)$Id: ip_frag.c,v 2.0.2.19.2.1 1997/11/12 10:50: # include # include #endif +#if defined(KERNEL) && (__FreeBSD_version >= 300000) +#include +#endif #include #ifdef sun diff --git a/sys/netinet/ip_ftp_pxy.c b/sys/netinet/ip_ftp_pxy.c index 5d6ce1fc002d..2d218e9af519 100644 --- a/sys/netinet/ip_ftp_pxy.c +++ b/sys/netinet/ip_ftp_pxy.c @@ -20,17 +20,6 @@ int ippr_ftp_out __P((fr_info_t *, ip_t *, tcphdr_t *, u_short ipf_ftp_atoi __P((char **)); -int ippr_ftp_init __P((fr_info_t *, ip_t *, tcphdr_t *, ap_session_t *, - nat_t *)); -int ippr_ftp_in __P((fr_info_t *, ip_t *, tcphdr_t *, ap_session_t *, - nat_t *)); -int ippr_ftp_out __P((fr_info_t *, ip_t *, tcphdr_t *, ap_session_t *, - nat_t *)); - -u_short ipf_ftp_atoi __P((char **)); - - - /* * FTP application proxy initialization. */ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 3d6be9c13b28..1445d02f0bc8 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 - * $Id: ip_input.c,v 1.78 1998/02/16 19:23:58 guido Exp $ + * $Id: ip_input.c,v 1.79 1998/02/26 08:31:53 dima Exp $ * $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $ */ @@ -40,6 +40,7 @@ #include "opt_bootp.h" #include "opt_ipfw.h" #include "opt_ipdivert.h" +#include "opt_ipfilter.h" #include @@ -151,7 +152,7 @@ ip_nat_ctl_t *ip_nat_ctl_ptr; #endif #if defined(IPFILTER_LKM) || defined(IPFILTER) -int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); +int iplattach __P((void)); int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL; #endif @@ -226,6 +227,9 @@ ip_init() #ifdef IPNAT ip_nat_init(); #endif +#ifdef IPFILTER + iplattach(); +#endif } @@ -345,7 +349,7 @@ ip_input(struct mbuf *m) * Check if we want to allow this packet to be processed. * Consider it to be bad if not. */ - if (fr_check) { + if (fr_checkp) { struct mbuf *m1 = m; if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) diff --git a/sys/netinet/ip_log.c b/sys/netinet/ip_log.c index 81e89e5c022b..f6b3b59966b7 100644 --- a/sys/netinet/ip_log.c +++ b/sys/netinet/ip_log.c @@ -5,7 +5,7 @@ * provided that this notice is preserved and due credit is given * to the original author and the contributors. * - * $Id: ip_log.c,v 2.0.2.13.2.3 1997/11/20 12:41:40 darrenr Exp $ + * $Id: ip_log.c,v 1.1.1.2 1998/03/21 10:11:54 peter Exp $ */ #ifdef IPFILTER_LOG # ifndef SOLARIS @@ -17,7 +17,7 @@ # endif # ifdef __FreeBSD__ # if defined(_KERNEL) && !defined(IPFILTER_LKM) -# include +# define __FreeBSD_version 300000 /* this will do as a hack */ # else # include # endif diff --git a/sys/netinet/ip_nat.c b/sys/netinet/ip_nat.c index 0b6c07fc9b4f..447fb7a32c40 100644 --- a/sys/netinet/ip_nat.c +++ b/sys/netinet/ip_nat.c @@ -9,9 +9,12 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.7 1997/12/02 13:54:27 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_nat.c,v 1.1.1.6 1998/03/21 10:11:15 peter Exp $"; #endif +#include "opt_ipfilter.h" +#define __FreeBSD_version 300000 /* it's a hack, but close enough */ + #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) #define _KERNEL #endif @@ -54,6 +57,7 @@ static const char rcsid[] = "@(#)$Id: ip_nat.c,v 2.0.2.44.2.7 1997/12/02 13:54:2 #endif #if __FreeBSD_version >= 300000 # include +# include #endif #include #if __FreeBSD_version >= 300000 diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index c2eed305c622..158aba5f2046 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -31,12 +31,13 @@ * SUCH DAMAGE. * * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 - * $Id: ip_output.c,v 1.64 1998/02/06 12:13:52 eivind Exp $ + * $Id: ip_output.c,v 1.65 1998/02/20 13:37:38 bde Exp $ */ #define _IP_VHL #include "opt_ipdivert.h" +#include "opt_ipfilter.h" #include #include @@ -83,7 +84,6 @@ static int ip_setmoptions #if defined(IPFILTER_LKM) || defined(IPFILTER) int ip_optcopy __P((struct ip *, struct ip *)); -extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); #else static int ip_optcopy __P((struct ip *, struct ip *)); @@ -342,27 +342,22 @@ ip_output(m0, opt, ro, flags, imo) } sendit: -#if defined(IPFILTER) || defined(IPFILTER_LKM) /* - * looks like most checking has been done now...do a filter check - */ - if (fr_checkp) { - struct mbuf *m1 = m; - - if ((*fr_checkp)(ip, hlen, ifp, 1, &m1)) - error = EHOSTUNREACH; - if (error || !m1) - goto done; - ip = mtod(m = m1, struct ip *); - } -#endif - /* * IpHack's section. * - Xlate: translate packet's addr/port (NAT). * - Firewall: deny/allow/etc. * - Wrap: fake packet's addr/port * - Encapsulate: put it in another IP and send out. */ +#if defined(IPFILTER) || defined(IPFILTER_LKM) + if (fr_checkp) { + struct mbuf *m1 = m; + + if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1) + goto done; + ip = mtod(m = m1, struct ip *); + } +#endif #ifdef COMPAT_IPFW if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, ifp, IP_NAT_OUT)) { diff --git a/sys/netinet/ip_proxy.c b/sys/netinet/ip_proxy.c index cc3b9a0d032e..8bb86c074848 100644 --- a/sys/netinet/ip_proxy.c +++ b/sys/netinet/ip_proxy.c @@ -6,7 +6,7 @@ * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.0.2.11.2.6 1997/11/28 00:41:25 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 1.1.1.3 1998/03/21 10:11:30 peter Exp $"; #endif #if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL) @@ -23,7 +23,9 @@ static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.0.2.11.2.6 1997/11/28 00:41 #include #include #include -#include +#if !defined(__FreeBSD__) +# include +#endif #include #include #ifndef linux @@ -49,6 +51,7 @@ static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.0.2.11.2.6 1997/11/28 00:41 #endif #if __FreeBSD__ > 2 # include +# include #endif #include #ifdef sun diff --git a/sys/netinet/ip_state.c b/sys/netinet/ip_state.c index bffb17b7fa45..2a7de77863d7 100644 --- a/sys/netinet/ip_state.c +++ b/sys/netinet/ip_state.c @@ -7,9 +7,15 @@ */ #if !defined(lint) static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-1995 Darren Reed"; -static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.0.2.24.2.4 1997/11/19 11:44:09 darrenr Exp $"; +static const char rcsid[] = "@(#)$Id: ip_state.c,v 1.1.1.6 1998/03/21 10:11:25 peter Exp $"; #endif +#include "opt_ipfilter.h" +#if defined(KERNEL) && !defined(_KERNEL) +#define _KERNEL +#endif +#define __FreeBSD_version 300000 /* it's a hack, but close enough */ + #if !defined(_KERNEL) && !defined(KERNEL) && !defined(__KERNEL__) # include # include @@ -26,6 +32,7 @@ static const char rcsid[] = "@(#)$Id: ip_state.c,v 2.0.2.24.2.4 1997/11/19 11:44 #if defined(KERNEL) && (__FreeBSD_version >= 220000) # include # include +# include #else # include #endif diff --git a/sys/netinet/mlf_ipl.c b/sys/netinet/mlf_ipl.c index 6618153b1b6a..d0ce3d851f07 100644 --- a/sys/netinet/mlf_ipl.c +++ b/sys/netinet/mlf_ipl.c @@ -18,7 +18,7 @@ # include # define ACTUALLY_LKM_NOT_KERNEL # else -# include +# define __FreeBSD_version 300000 /* this will do as a hack */ # endif #endif #include @@ -154,7 +154,7 @@ int ipl_major = CDEV_MAJOR; static struct cdevsw ipl_cdevsw = { iplopen, iplclose, iplread, nowrite, /* 79 */ iplioctl, nostop, noreset, nodevtotty, - noselect, nommap, nostrategy, "ipl", + seltrue, nommap, nostrategy, "ipl", NULL, -1 }; #endif @@ -237,7 +237,7 @@ static int if_ipl_remove __P((void)) if ((error = namei(&nd))) return (error); VOP_LEASE(nd.ni_vp, curproc, curproc->p_ucred, LEASE_WRITE); - VOP_LOCK(nd.ni_vp); + vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY, curproc); VOP_LEASE(nd.ni_dvp, curproc, curproc->p_ucred, LEASE_WRITE); (void) VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd); }