clean up the changes made to ipfw over the last weeks

(should make the ipfw lkm work again)
svn path=/head/; revision=36707
2024-12-03 09:00:21 +00:00 · 1998-06-06 19:39:10 +00:00 · 1998-06-06 19:39:10 +00:00 · c977d4c735 · 2020-12-20 02:59:44 +00:00
commit c977d4c735
parent e110cb41dd
6 changed files with 53 additions and 102 deletions
--- a/sys/netinet/in.h
+++ b/sys/netinet/in.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)in.h	8.3 (Berkeley) 1/3/94
- * $Id: in.h,v 1.32 1998/05/10 20:51:46 jb Exp $
+ * $Id: in.h,v 1.33 1998/05/19 14:04:18 dg Exp $
 */

 #ifndef _NETINET_IN_H_
@ -431,7 +431,7 @@ char 	*inet_ntoa __P((struct in_addr)); /* in libkern */

 /* Firewall hooks */
 struct ip;
-typedef	int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int, struct mbuf**));
+typedef	int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int*, struct mbuf**));
 typedef	int ip_fw_ctl_t __P((int, struct mbuf**));
 extern	ip_fw_chk_t *ip_fw_chk_ptr;
 extern	ip_fw_ctl_t *ip_fw_ctl_ptr;
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@ -30,7 +30,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: ip_divert.c,v 1.26 1998/05/25 10:37:43 julian Exp $
+ *	$Id: ip_divert.c,v 1.27 1998/06/05 22:39:52 julian Exp $
 */

 #include "opt_inet.h"
@ -91,20 +91,14 @@ u_short ip_divert_port;
 * The user process can send it back to help the caller know something
 * about where the packet came from.
 *
- * If IPFW is the caller then the IN cookie is the rule that sent
- * us here and the OUT cookie is the rule after which processing
+ * If IPFW is the caller then the cookie is the rule that sent
+ * us here. On reinjection is is the rule after which processing
 * should continue. Leaving it the same will make processing start
 * at the rule number after that which sent it here. Setting it to
 * 0 will restart processing at the beginning. 
 * #endif 
 */
-#ifdef IPFW_DIVERT_OLDRESTART
-u_short ip_divert_ignore;
-#else
-
-u_short ip_divert_in_cookie;
-u_short ip_divert_out_cookie;
-#endif /* IPFW_DIVERT_OLDRESTART */
+u_short ip_divert_cookie;

 /* Internal variables */

@ -171,8 +165,8 @@ div_input(struct mbuf *m, int hlen)
 #ifdef IPFW_DIVERT_OLDRESTART
 	divsrc.sin_port = htons(ip_divert_port);
 #else
-	divsrc.sin_port = ip_divert_in_cookie;
-	ip_divert_in_cookie = 0;
+	divsrc.sin_port = ip_divert_cookie;
+	ip_divert_cookie = 0;
 #endif /* IPFW_DIVERT_OLDRESTART */

 	/* Restore packet header fields */
@ -274,19 +268,15 @@ div_output(so, m, addr, control)
 		m_freem(control);		/* XXX */

 	/* Loopback avoidance */
+	if (sin) {
 #ifdef IPFW_DIVERT_OLDRESTART
-	if (sin) {
-		ip_divert_ignore = ntohs(sin->sin_port);
-	} else {
-		ip_divert_ignore = 0;
-	}
+		ip_divert_cookie = ntohs(sin->sin_port);
 #else
-	if (sin) {
-		ip_divert_out_cookie = sin->sin_port;
-	} else {
-		ip_divert_out_cookie = 0;
-	}
+		ip_divert_cookie = sin->sin_port;
 #endif /* IPFW_DIVERT_OLDRESTART */
+	} else {
+		ip_divert_cookie = 0;
+	}

 	/* Reinject packet into the system as incoming or outgoing */
 	if (!sin || sin->sin_addr.s_addr == 0) {
@ -344,19 +334,11 @@ div_output(so, m, addr, control)
 	}

 	/* Reset for next time (and other packets) */
-#ifdef IPFW_DIVERT_OLDRESTART
-	ip_divert_ignore = 0;
-#else
-	ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+	ip_divert_cookie = 0;
 	return error;

 cantsend:
-#ifdef IPFW_DIVERT_OLDRESTART
-	ip_divert_ignore = 0;
-#else
-	ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+	ip_divert_cookie = 0;
 	m_freem(m);
 	return error;
 }
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@ -12,7 +12,7 @@
 *
 * This software is provided ``AS IS'' without any warranties of any kind.
 *
- *	$Id: ip_fw.c,v 1.85 1998/06/05 22:39:53 julian Exp $
+ *	$Id: ip_fw.c,v 1.86 1998/06/05 23:33:26 julian Exp $
 */

 /*
@ -103,13 +103,8 @@ static ip_fw_chk_t *old_chk_ptr;
 static ip_fw_ctl_t *old_ctl_ptr;
 #endif

-#ifdef IPFW_DIVERT_OLDRESTART
 static int	ip_fw_chk __P((struct ip **pip, int hlen,
-			struct ifnet *oif, int ignport, struct mbuf **m));
-#else
-static int	ip_fw_chk __P((struct ip **pip, int hlen,
-			struct ifnet *oif, int pastrule, struct mbuf **m));
-#endif /* IPFW_DIVERT_OLDRESTART */
+			struct ifnet *oif, int *cookie, struct mbuf **m));
 static int	ip_fw_ctl __P((int stage, struct mbuf **mm));

 static char err_prefix[] = "ip_fw_ctl:";
@ -387,9 +382,9 @@ ipfw_report(struct ip_fw *f, struct ip *ip,
 *	hlen	Packet header length
 *	oif	Outgoing interface, or NULL if packet is incoming
 * #ifdef IPFW_DIVERT_OLDRESTART
- *	ignport	Ignore all divert/tee rules to this port (if non-zero)
+ *	*ignport	Ignore all divert/tee rules to this port (if non-zero)
 * #else
- *	pastrule Skip up to the first rule past this rule number;
+ *	*cookie Skip up to the first rule past this rule number;
 * #endif
 *	*m	The packet; we set to NULL when/if we nuke it.
 *
@ -402,13 +397,8 @@ ipfw_report(struct ip_fw *f, struct ip *ip,
 */

 static int 
-#ifdef IPFW_DIVERT_OLDRESTART
 ip_fw_chk(struct ip **pip, int hlen,
-	struct ifnet *oif, int ignport, struct mbuf **m)
-#else
-ip_fw_chk(struct ip **pip, int hlen,
-	struct ifnet *oif, int pastrule, struct mbuf **m)
-#endif /* IPFW_DIVERT_OLDRESTART */
+	struct ifnet *oif, int *cookie, struct mbuf **m)
 {
 	struct ip_fw_chain *chain;
 	struct ip_fw *rule = NULL;
@ -416,7 +406,13 @@ ip_fw_chk(struct ip **pip, int hlen,
 	struct ifnet *const rif = (*m)->m_pkthdr.rcvif;
 	u_short offset = (ip->ip_off & IP_OFFMASK);
 	u_short src_port, dst_port;
+#ifdef	IPFW_DIVERT_OLDRESTART
+	int ignport = *cookie;
+#else
+	int skipto = *cookie;
+#endif /* IPFW_DIVERT_OLDRESTART */

+	*cookie = 0;
 	/*
 	 * Go down the chain, looking for enlightment
 	 * #ifndef IPFW_DIVERT_OLDRESTART
@ -424,13 +420,14 @@ ip_fw_chk(struct ip **pip, int hlen,
 	 * #endif
 	 */
 #ifdef IPFW_DIVERT_OLDRESTART
-	for (chain=LIST_FIRST(&ip_fw_chain); chain; chain = LIST_NEXT(chain, chain)) {
+	for (chain=LIST_FIRST(&ip_fw_chain); chain;
+			chain = LIST_NEXT(chain, chain)) {
 #else
-	chain=LIST_FIRST(&ip_fw_chain);
-	if ( pastrule ) {
-		if (pastrule >= 65535)
+	chain = LIST_FIRST(&ip_fw_chain);
+	if ( skipto ) {
+		if (skipto >= 65535)
 			goto dropit;
-		while (chain && (chain->rule->fw_number <= pastrule)) {
+		while (chain && (chain->rule->fw_number <= skipto)) {
 			chain = LIST_NEXT(chain, chain);
 		}
 		if (! chain) goto dropit;
@ -613,8 +610,10 @@ ip_fw_chk(struct ip **pip, int hlen,
 		case IP_FW_F_COUNT:
 			continue;
 		case IP_FW_F_DIVERT:
-#ifndef IPFW_DIVERT_OLDRESTART
-			ip_divert_in_cookie = f->fw_number;
+#ifdef IPFW_DIVERT_OLDRESTART
+			*cookie = f->fw_divert_port;
+#else
+			*cookie = f->fw_number;
 #endif /* IPFW_DIVERT_OLDRESTART */
 			return(f->fw_divert_port);
 		case IP_FW_F_TEE:
@ -702,6 +701,7 @@ ip_fw_chk(struct ip **pip, int hlen,
 	/*
 	 * Finally, drop the packet.
 	 */
+	*cookie = 0;
 	if (*m) {
 		m_freem(*m);
 		*m = NULL;
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
- * $Id: ip_input.c,v 1.85 1998/05/25 10:37:45 julian Exp $
+ * $Id: ip_input.c,v 1.86 1998/06/05 22:39:55 julian Exp $
 *	$ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
 */

@ -362,22 +362,15 @@ ip_input(struct mbuf *m)
 #ifdef IPDIVERT
 		u_short port;

-#ifdef IPFW_DIVERT_OLDRESTART
-		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, ip_divert_ignore, &m);
-		ip_divert_ignore = 0;
-#else
-		ip_divert_in_cookie = 0;
-		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL,
-					ip_divert_out_cookie, &m);
-		ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+		port = (*ip_fw_chk_ptr)(&ip, hlen, NULL, &ip_divert_cookie, &m);
 		if (port) {			/* Divert packet */
 			frag_divert_port = port;
 			goto ours;
 		}
 #else
+		int	dummy;
 		/* If ipfw says divert, we have to just drop packet */
-		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, 0, &m)) {
+		if ((*ip_fw_chk_ptr)(&ip, hlen, NULL, &dummy, &m)) {
 			m_freem(m);
 			m = NULL;
 		}
@ -503,6 +496,7 @@ ip_input(struct mbuf *m)
 				ipstat.ips_toosmall++;
 #ifdef IPDIVERT
 				frag_divert_port = 0;
+				ip_divert_cookie = 0;
 #endif
 				return;
 			}
@ -602,11 +596,6 @@ ip_input(struct mbuf *m)
 		goto bad;
 	}

-	/* Don't let packets divert themselves */
-	if (ip->ip_p == IPPROTO_DIVERT) {
-		ipstat.ips_noproto++;
-		goto bad;
-	}
 #endif

 	/*
@ -682,9 +671,7 @@ ip_reass(ip, fp, where)
 		fp->ipq_dst = ((struct ip *)ip)->ip_dst;
 #ifdef IPDIVERT
 		fp->ipq_divert = 0;
-#ifndef IPFW_DIVERT_OLDRESTART
 		fp->ipq_div_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
 #endif
 		q = (struct ipasfrag *)fp;
 		goto insert;
@ -741,11 +728,10 @@ ip_reass(ip, fp, where)
 	 */
 	if (frag_divert_port != 0) {
 		fp->ipq_divert = frag_divert_port;
-#ifndef IPFW_DIVERT_OLDRESTART
-		fp->ipq_div_cookie = ip_divert_in_cookie;
-#endif /* IPFW_DIVERT_OLDRESTART */
+		fp->ipq_div_cookie = ip_divert_cookie;
 	}
 	frag_divert_port = 0;
+	ip_divert_cookie = 0;
 #endif

 	/*
@ -789,12 +775,10 @@ ip_reass(ip, fp, where)

 #ifdef IPDIVERT
 	/*
-	 * Record divert port for packet, if any
+	 * extract divert port for packet, if any
 	 */
 	frag_divert_port = fp->ipq_divert;
-#ifndef IPFW_DIVERT_OLDRESTART
-	ip_divert_in_cookie = fp->ipq_div_cookie;
-#endif /* IPFW_DIVERT_OLDRESTART */
+	ip_divert_cookie = fp->ipq_div_cookie;
 #endif

 	/*
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
- *	$Id: ip_output.c,v 1.67 1998/05/25 10:37:47 julian Exp $
+ *	$Id: ip_output.c,v 1.68 1998/06/05 22:40:00 julian Exp $
 */

 #define _IP_VHL
@ -371,23 +371,16 @@ ip_output(m0, opt, ro, flags, imo)
 	 */
 	if (ip_fw_chk_ptr) {
 #ifdef IPDIVERT
-#ifdef IPFW_DIVERT_OLDRESTART
 		ip_divert_port = (*ip_fw_chk_ptr)(&ip,
-		    hlen, ifp, ip_divert_ignore, &m);
-		ip_divert_ignore = 0;
-#else
-		ip_divert_in_cookie = 0;
-		ip_divert_port = (*ip_fw_chk_ptr)(&ip,
-		    hlen, ifp, ip_divert_out_cookie, &m);
-		ip_divert_out_cookie = 0;
-#endif /* IPFW_DIVERT_OLDRESTART */
+		    hlen, ifp, &ip_divert_cookie, &m);
 		if (ip_divert_port) {		/* Divert packet */
 			(*inetsw[ip_protox[IPPROTO_DIVERT]].pr_input)(m, 0);
 			goto done;
 		}
 #else
+		int 	dummy;
 		/* If ipfw says divert, we have to just drop packet */
-		if ((*ip_fw_chk_ptr)(&ip, hlen, ifp, 0, &m)) {
+		if ((*ip_fw_chk_ptr)(&ip, hlen, ifp, &dummy, &m)) {
 			m_freem(m);
 			goto done;
 		}
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)ip_var.h	8.2 (Berkeley) 1/9/95
- *	$Id: ip_var.h,v 1.38 1998/05/25 10:37:48 julian Exp $
+ *	$Id: ip_var.h,v 1.39 1998/06/05 22:40:01 julian Exp $
 */

 #ifndef _NETINET_IP_VAR_H_
@ -65,9 +65,7 @@ struct ipq {
 	struct	in_addr ipq_src,ipq_dst;
 #ifdef IPDIVERT
 	u_short ipq_divert;		/* divert protocol port */
-#ifndef IPFW_DIVERT_OLDRESTART
 	u_short ipq_div_cookie;		/* divert protocol cookie */
-#endif /* IPFW_DIVERT_OLDRESTART */
 #endif
 };

@ -210,13 +208,7 @@ void	div_init __P((void));
 void	div_input __P((struct mbuf *, int));
 extern struct pr_usrreqs div_usrreqs;
 extern u_short ip_divert_port;
-#ifdef IPFW_DIVERT_OLDRESTART
-extern u_short ip_divert_ignore;
-#else
-extern u_short ip_divert_in_cookie;
-extern u_short ip_divert_out_cookie;
-
-#endif /* IPFW_DIVERT_OLDRESTART */
+extern u_short ip_divert_cookie;
 #endif /* IPDIVERT */

 #endif /* KERNEL */