Recover from previous dummynet screwup

sys/netinet/ip_fw.c

@@ -12,14 +12,14 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.c,v 1.96 1998/08/23 03:07:14 wollman Exp $
+ *	$Id: ip_fw.c,v 1.100 1998/12/14 18:09:13 luigi Exp $
  */
 
 /*
  * Implement IP packet firewall
  */
 
-#ifndef IPFIREWALL_MODULE
+#if !defined(KLD_MODULE) && !defined(IPFIREWALL_MODULE)
 #include "opt_ipfw.h"
 #include "opt_ipdn.h"
 #include "opt_ipdivert.h"
@@ -71,9 +71,9 @@ static int fw_verbose_limit = 0;
 
 #define	IPFW_DEFAULT_RULE	((u_int)(u_short)~0)
 
-LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
+static LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
 
-MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
+static MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
 
 #ifdef SYSCTL_NODE
 SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
@@ -111,11 +111,6 @@ static void	ipfw_report __P((struct ip_fw *f, struct ip *ip,
 
 static void flush_rule_ptrs(void);
 
-#ifdef IPFIREWALL_MODULE
-static ip_fw_chk_t *old_chk_ptr;
-static ip_fw_ctl_t *old_ctl_ptr;
-#endif
-
 static int	ip_fw_chk __P((struct ip **pip, int hlen,
 			struct ifnet *oif, u_int16_t *cookie, struct mbuf **m,
 			struct ip_fw_chain **flow_id,
@@ -1275,7 +1270,10 @@ ip_fw_init(void)
 #endif
 }
 
-#ifdef IPFIREWALL_MODULE
+static ip_fw_chk_t *old_chk_ptr;
+static ip_fw_ctl_t *old_ctl_ptr;
+
+#if defined(IPFIREWALL_MODULE) && !defined(KLD_MODULE)
 
 #include <sys/exec.h>
 #include <sys/sysent.h>
@@ -1322,4 +1320,48 @@ ipfw_mod(struct lkm_table *lkmtp, int cmd, int ver)
 	MOD_DISPATCH(ipfw, lkmtp, cmd, ver,
 		ipfw_load, ipfw_unload, lkm_nullcmd);
 }
+#else
+static int
+ipfw_modevent(module_t mod, int type, void *unused)
+{
+	int s;
+	
+	switch (type) {
+	case MOD_LOAD:
+		s = splnet();
+
+		old_chk_ptr = ip_fw_chk_ptr;
+		old_ctl_ptr = ip_fw_ctl_ptr;
+
+		ip_fw_init();
+		splx(s);
+		return 0;
+	case MOD_UNLOAD:
+		s = splnet();
+
+		ip_fw_chk_ptr =  old_chk_ptr;
+		ip_fw_ctl_ptr =  old_ctl_ptr;
+
+		while (LIST_FIRST(&ip_fw_chain) != NULL) {
+			struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain);
+			LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain);
+			free(fcp->rule, M_IPFW);
+			free(fcp, M_IPFW);
+		}
+	
+		splx(s);
+		printf("IP firewall unloaded\n");
+		return 0;
+	default:
+		break;
+	}
+	return 0;
+}
+
+static moduledata_t ipfwmod = {
+	"ipfw",
+	ipfw_modevent,
+	0
+};
+DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY);
 #endif

sys/netinet/ip_input.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
- * $Id: ip_input.c,v 1.101 1998/09/10 08:56:40 dfr Exp $
+ * $Id: ip_input.c,v 1.109 1998/12/14 18:09:13 luigi Exp $
  *	$ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
  */
 
@@ -234,9 +234,6 @@ ip_init()
 
 	ip_id = time_second & 0xffff;
 	ipintrq.ifq_maxlen = ipqmaxlen;
-#ifdef IPFIREWALL
-	ip_fw_init();
-#endif
 #ifdef DUMMYNET
 	ip_dn_init();
 #endif
@@ -261,7 +258,6 @@ ip_input(struct mbuf *m)
 {
 	struct ip *ip;
 	struct ipq *fp;
-	struct ipqent *ipqe;
 	struct in_ifaddr *ia;
 	int    i, hlen, mff;
 	u_short sum;
@@ -566,7 +562,7 @@ ours:
 	 */
 	if (ip->ip_off & (IP_MF | IP_OFFMASK | IP_RF)) {
 		if (m->m_flags & M_EXT) {		/* XXX */
-			if ((m = m_pullup(m, sizeof (struct ip))) == 0) {
+			if ((m = m_pullup(m, hlen)) == 0) {
 				ipstat.ips_toosmall++;
 #ifdef IPDIVERT
 				frag_divert_port = 0;
@@ -764,13 +760,13 @@ ip_reass(m, fp, where)
 		fp->ipq_id = ip->ip_id;
 		fp->ipq_src = ip->ip_src;
 		fp->ipq_dst = ip->ip_dst;
-		fp->ipq_frags = 0;
+		fp->ipq_frags = m;
+		m->m_nextpkt = NULL;
 #ifdef IPDIVERT
 		fp->ipq_divert = 0;
 		fp->ipq_div_cookie = 0;
 #endif
-		q = 0;
+		goto inserted;
-		goto insert;
 	}
 
 #define GETIP(m)	((struct ip*)((m)->m_pkthdr.header))
@@ -785,7 +781,8 @@ ip_reass(m, fp, where)
 	/*
 	 * If there is a preceding segment, it may provide some of
 	 * our data already.  If so, drop the data from the incoming
-	 * segment.  If it provides all of our data, drop us.
+	 * segment.  If it provides all of our data, drop us, otherwise
+	 * stick new segment in the proper place.
 	 */
 	if (p) {
 		i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off;
@@ -796,6 +793,11 @@ ip_reass(m, fp, where)
 			ip->ip_off += i;
 			ip->ip_len -= i;
 		}
+		m->m_nextpkt = p->m_nextpkt;
+		p->m_nextpkt = m;
+	} else {
+		m->m_nextpkt = fp->ipq_frags;
+		fp->ipq_frags = m;
 	}
 
 	/*
@@ -803,7 +805,7 @@ ip_reass(m, fp, where)
 	 * if they are completely covered, dequeue them.
 	 */
 	for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off;
-	     p = q, q = nq) {
+	     q = nq) {
 		i = (ip->ip_off + ip->ip_len) -
 		    GETIP(q)->ip_off;
 		if (i < GETIP(q)->ip_len) {
@@ -813,14 +815,11 @@ ip_reass(m, fp, where)
 			break;
 		}
 		nq = q->m_nextpkt;
-		if (p)
+		m->m_nextpkt = nq;
-			p->m_nextpkt = nq;
-		else
-			fp->ipq_frags = nq;
 		m_freem(q);
 	}
 
-insert:
+inserted:
 
 #ifdef IPDIVERT
 	/*
@@ -835,16 +834,8 @@ insert:
 #endif
 
 	/*
-	 * Stick new segment in its place;
+	 * Check for complete reassembly.
-	 * check for complete reassembly.
 	 */
-	if (p == NULL) {
-		m->m_nextpkt = fp->ipq_frags;
-		fp->ipq_frags = m;
-	} else {
-		m->m_nextpkt = p->m_nextpkt;
-		p->m_nextpkt = m;
-	}
 	next = 0;
 	for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) {
 		if (GETIP(q)->ip_off != next)
@@ -1300,7 +1291,7 @@ ip_srcroute()
 	*(mtod(m, struct in_addr *)) = *p--;
 #ifdef DIAGNOSTIC
 	if (ipprintfs)
-		printf(" hops %lx", ntohl(mtod(m, struct in_addr *)->s_addr));
+		printf(" hops %lx", (u_long)ntohl(mtod(m, struct in_addr *)->s_addr));
 #endif
 
 	/*
@@ -1320,7 +1311,7 @@ ip_srcroute()
 	while (p >= ip_srcrt.route) {
 #ifdef DIAGNOSTIC
 		if (ipprintfs)
-			printf(" %lx", ntohl(q->s_addr));
+			printf(" %lx", (u_long)ntohl(q->s_addr));
 #endif
 		*q++ = *p--;
 	}
@@ -1330,7 +1321,7 @@ ip_srcroute()
 	*q = ip_srcrt.dst;
 #ifdef DIAGNOSTIC
 	if (ipprintfs)
-		printf(" %lx\n", ntohl(q->s_addr));
+		printf(" %lx\n", (u_long)ntohl(q->s_addr));
 #endif
 	return (m);
 }