Recover from previous dummynet screwup
This commit is contained in:
parent
2296e7a82a
commit
af38c68c1e
|
@ -12,14 +12,14 @@
|
||||||
*
|
*
|
||||||
* This software is provided ``AS IS'' without any warranties of any kind.
|
* This software is provided ``AS IS'' without any warranties of any kind.
|
||||||
*
|
*
|
||||||
* $Id: ip_fw.c,v 1.96 1998/08/23 03:07:14 wollman Exp $
|
* $Id: ip_fw.c,v 1.100 1998/12/14 18:09:13 luigi Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Implement IP packet firewall
|
* Implement IP packet firewall
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef IPFIREWALL_MODULE
|
#if !defined(KLD_MODULE) && !defined(IPFIREWALL_MODULE)
|
||||||
#include "opt_ipfw.h"
|
#include "opt_ipfw.h"
|
||||||
#include "opt_ipdn.h"
|
#include "opt_ipdn.h"
|
||||||
#include "opt_ipdivert.h"
|
#include "opt_ipdivert.h"
|
||||||
|
@ -71,9 +71,9 @@ static int fw_verbose_limit = 0;
|
||||||
|
|
||||||
#define IPFW_DEFAULT_RULE ((u_int)(u_short)~0)
|
#define IPFW_DEFAULT_RULE ((u_int)(u_short)~0)
|
||||||
|
|
||||||
LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
|
static LIST_HEAD (ip_fw_head, ip_fw_chain) ip_fw_chain;
|
||||||
|
|
||||||
MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
|
static MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
|
||||||
|
|
||||||
#ifdef SYSCTL_NODE
|
#ifdef SYSCTL_NODE
|
||||||
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
|
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
|
||||||
|
@ -111,11 +111,6 @@ static void ipfw_report __P((struct ip_fw *f, struct ip *ip,
|
||||||
|
|
||||||
static void flush_rule_ptrs(void);
|
static void flush_rule_ptrs(void);
|
||||||
|
|
||||||
#ifdef IPFIREWALL_MODULE
|
|
||||||
static ip_fw_chk_t *old_chk_ptr;
|
|
||||||
static ip_fw_ctl_t *old_ctl_ptr;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static int ip_fw_chk __P((struct ip **pip, int hlen,
|
static int ip_fw_chk __P((struct ip **pip, int hlen,
|
||||||
struct ifnet *oif, u_int16_t *cookie, struct mbuf **m,
|
struct ifnet *oif, u_int16_t *cookie, struct mbuf **m,
|
||||||
struct ip_fw_chain **flow_id,
|
struct ip_fw_chain **flow_id,
|
||||||
|
@ -1275,7 +1270,10 @@ ip_fw_init(void)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef IPFIREWALL_MODULE
|
static ip_fw_chk_t *old_chk_ptr;
|
||||||
|
static ip_fw_ctl_t *old_ctl_ptr;
|
||||||
|
|
||||||
|
#if defined(IPFIREWALL_MODULE) && !defined(KLD_MODULE)
|
||||||
|
|
||||||
#include <sys/exec.h>
|
#include <sys/exec.h>
|
||||||
#include <sys/sysent.h>
|
#include <sys/sysent.h>
|
||||||
|
@ -1322,4 +1320,48 @@ ipfw_mod(struct lkm_table *lkmtp, int cmd, int ver)
|
||||||
MOD_DISPATCH(ipfw, lkmtp, cmd, ver,
|
MOD_DISPATCH(ipfw, lkmtp, cmd, ver,
|
||||||
ipfw_load, ipfw_unload, lkm_nullcmd);
|
ipfw_load, ipfw_unload, lkm_nullcmd);
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
static int
|
||||||
|
ipfw_modevent(module_t mod, int type, void *unused)
|
||||||
|
{
|
||||||
|
int s;
|
||||||
|
|
||||||
|
switch (type) {
|
||||||
|
case MOD_LOAD:
|
||||||
|
s = splnet();
|
||||||
|
|
||||||
|
old_chk_ptr = ip_fw_chk_ptr;
|
||||||
|
old_ctl_ptr = ip_fw_ctl_ptr;
|
||||||
|
|
||||||
|
ip_fw_init();
|
||||||
|
splx(s);
|
||||||
|
return 0;
|
||||||
|
case MOD_UNLOAD:
|
||||||
|
s = splnet();
|
||||||
|
|
||||||
|
ip_fw_chk_ptr = old_chk_ptr;
|
||||||
|
ip_fw_ctl_ptr = old_ctl_ptr;
|
||||||
|
|
||||||
|
while (LIST_FIRST(&ip_fw_chain) != NULL) {
|
||||||
|
struct ip_fw_chain *fcp = LIST_FIRST(&ip_fw_chain);
|
||||||
|
LIST_REMOVE(LIST_FIRST(&ip_fw_chain), chain);
|
||||||
|
free(fcp->rule, M_IPFW);
|
||||||
|
free(fcp, M_IPFW);
|
||||||
|
}
|
||||||
|
|
||||||
|
splx(s);
|
||||||
|
printf("IP firewall unloaded\n");
|
||||||
|
return 0;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static moduledata_t ipfwmod = {
|
||||||
|
"ipfw",
|
||||||
|
ipfw_modevent,
|
||||||
|
0
|
||||||
|
};
|
||||||
|
DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PSEUDO, SI_ORDER_ANY);
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
|
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
|
||||||
* $Id: ip_input.c,v 1.101 1998/09/10 08:56:40 dfr Exp $
|
* $Id: ip_input.c,v 1.109 1998/12/14 18:09:13 luigi Exp $
|
||||||
* $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
|
* $ANA: ip_input.c,v 1.5 1996/09/18 14:34:59 wollman Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -234,9 +234,6 @@ ip_init()
|
||||||
|
|
||||||
ip_id = time_second & 0xffff;
|
ip_id = time_second & 0xffff;
|
||||||
ipintrq.ifq_maxlen = ipqmaxlen;
|
ipintrq.ifq_maxlen = ipqmaxlen;
|
||||||
#ifdef IPFIREWALL
|
|
||||||
ip_fw_init();
|
|
||||||
#endif
|
|
||||||
#ifdef DUMMYNET
|
#ifdef DUMMYNET
|
||||||
ip_dn_init();
|
ip_dn_init();
|
||||||
#endif
|
#endif
|
||||||
|
@ -261,7 +258,6 @@ ip_input(struct mbuf *m)
|
||||||
{
|
{
|
||||||
struct ip *ip;
|
struct ip *ip;
|
||||||
struct ipq *fp;
|
struct ipq *fp;
|
||||||
struct ipqent *ipqe;
|
|
||||||
struct in_ifaddr *ia;
|
struct in_ifaddr *ia;
|
||||||
int i, hlen, mff;
|
int i, hlen, mff;
|
||||||
u_short sum;
|
u_short sum;
|
||||||
|
@ -566,7 +562,7 @@ ours:
|
||||||
*/
|
*/
|
||||||
if (ip->ip_off & (IP_MF | IP_OFFMASK | IP_RF)) {
|
if (ip->ip_off & (IP_MF | IP_OFFMASK | IP_RF)) {
|
||||||
if (m->m_flags & M_EXT) { /* XXX */
|
if (m->m_flags & M_EXT) { /* XXX */
|
||||||
if ((m = m_pullup(m, sizeof (struct ip))) == 0) {
|
if ((m = m_pullup(m, hlen)) == 0) {
|
||||||
ipstat.ips_toosmall++;
|
ipstat.ips_toosmall++;
|
||||||
#ifdef IPDIVERT
|
#ifdef IPDIVERT
|
||||||
frag_divert_port = 0;
|
frag_divert_port = 0;
|
||||||
|
@ -764,13 +760,13 @@ ip_reass(m, fp, where)
|
||||||
fp->ipq_id = ip->ip_id;
|
fp->ipq_id = ip->ip_id;
|
||||||
fp->ipq_src = ip->ip_src;
|
fp->ipq_src = ip->ip_src;
|
||||||
fp->ipq_dst = ip->ip_dst;
|
fp->ipq_dst = ip->ip_dst;
|
||||||
fp->ipq_frags = 0;
|
fp->ipq_frags = m;
|
||||||
|
m->m_nextpkt = NULL;
|
||||||
#ifdef IPDIVERT
|
#ifdef IPDIVERT
|
||||||
fp->ipq_divert = 0;
|
fp->ipq_divert = 0;
|
||||||
fp->ipq_div_cookie = 0;
|
fp->ipq_div_cookie = 0;
|
||||||
#endif
|
#endif
|
||||||
q = 0;
|
goto inserted;
|
||||||
goto insert;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#define GETIP(m) ((struct ip*)((m)->m_pkthdr.header))
|
#define GETIP(m) ((struct ip*)((m)->m_pkthdr.header))
|
||||||
|
@ -785,7 +781,8 @@ ip_reass(m, fp, where)
|
||||||
/*
|
/*
|
||||||
* If there is a preceding segment, it may provide some of
|
* If there is a preceding segment, it may provide some of
|
||||||
* our data already. If so, drop the data from the incoming
|
* our data already. If so, drop the data from the incoming
|
||||||
* segment. If it provides all of our data, drop us.
|
* segment. If it provides all of our data, drop us, otherwise
|
||||||
|
* stick new segment in the proper place.
|
||||||
*/
|
*/
|
||||||
if (p) {
|
if (p) {
|
||||||
i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off;
|
i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off;
|
||||||
|
@ -796,6 +793,11 @@ ip_reass(m, fp, where)
|
||||||
ip->ip_off += i;
|
ip->ip_off += i;
|
||||||
ip->ip_len -= i;
|
ip->ip_len -= i;
|
||||||
}
|
}
|
||||||
|
m->m_nextpkt = p->m_nextpkt;
|
||||||
|
p->m_nextpkt = m;
|
||||||
|
} else {
|
||||||
|
m->m_nextpkt = fp->ipq_frags;
|
||||||
|
fp->ipq_frags = m;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -803,7 +805,7 @@ ip_reass(m, fp, where)
|
||||||
* if they are completely covered, dequeue them.
|
* if they are completely covered, dequeue them.
|
||||||
*/
|
*/
|
||||||
for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off;
|
for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off;
|
||||||
p = q, q = nq) {
|
q = nq) {
|
||||||
i = (ip->ip_off + ip->ip_len) -
|
i = (ip->ip_off + ip->ip_len) -
|
||||||
GETIP(q)->ip_off;
|
GETIP(q)->ip_off;
|
||||||
if (i < GETIP(q)->ip_len) {
|
if (i < GETIP(q)->ip_len) {
|
||||||
|
@ -813,14 +815,11 @@ ip_reass(m, fp, where)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
nq = q->m_nextpkt;
|
nq = q->m_nextpkt;
|
||||||
if (p)
|
m->m_nextpkt = nq;
|
||||||
p->m_nextpkt = nq;
|
|
||||||
else
|
|
||||||
fp->ipq_frags = nq;
|
|
||||||
m_freem(q);
|
m_freem(q);
|
||||||
}
|
}
|
||||||
|
|
||||||
insert:
|
inserted:
|
||||||
|
|
||||||
#ifdef IPDIVERT
|
#ifdef IPDIVERT
|
||||||
/*
|
/*
|
||||||
|
@ -835,16 +834,8 @@ insert:
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Stick new segment in its place;
|
* Check for complete reassembly.
|
||||||
* check for complete reassembly.
|
|
||||||
*/
|
*/
|
||||||
if (p == NULL) {
|
|
||||||
m->m_nextpkt = fp->ipq_frags;
|
|
||||||
fp->ipq_frags = m;
|
|
||||||
} else {
|
|
||||||
m->m_nextpkt = p->m_nextpkt;
|
|
||||||
p->m_nextpkt = m;
|
|
||||||
}
|
|
||||||
next = 0;
|
next = 0;
|
||||||
for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) {
|
for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) {
|
||||||
if (GETIP(q)->ip_off != next)
|
if (GETIP(q)->ip_off != next)
|
||||||
|
@ -1300,7 +1291,7 @@ ip_srcroute()
|
||||||
*(mtod(m, struct in_addr *)) = *p--;
|
*(mtod(m, struct in_addr *)) = *p--;
|
||||||
#ifdef DIAGNOSTIC
|
#ifdef DIAGNOSTIC
|
||||||
if (ipprintfs)
|
if (ipprintfs)
|
||||||
printf(" hops %lx", ntohl(mtod(m, struct in_addr *)->s_addr));
|
printf(" hops %lx", (u_long)ntohl(mtod(m, struct in_addr *)->s_addr));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1320,7 +1311,7 @@ ip_srcroute()
|
||||||
while (p >= ip_srcrt.route) {
|
while (p >= ip_srcrt.route) {
|
||||||
#ifdef DIAGNOSTIC
|
#ifdef DIAGNOSTIC
|
||||||
if (ipprintfs)
|
if (ipprintfs)
|
||||||
printf(" %lx", ntohl(q->s_addr));
|
printf(" %lx", (u_long)ntohl(q->s_addr));
|
||||||
#endif
|
#endif
|
||||||
*q++ = *p--;
|
*q++ = *p--;
|
||||||
}
|
}
|
||||||
|
@ -1330,7 +1321,7 @@ ip_srcroute()
|
||||||
*q = ip_srcrt.dst;
|
*q = ip_srcrt.dst;
|
||||||
#ifdef DIAGNOSTIC
|
#ifdef DIAGNOSTIC
|
||||||
if (ipprintfs)
|
if (ipprintfs)
|
||||||
printf(" %lx\n", ntohl(q->s_addr));
|
printf(" %lx\n", (u_long)ntohl(q->s_addr));
|
||||||
#endif
|
#endif
|
||||||
return (m);
|
return (m);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue