1 diff sys/arch/alpha/alpha/conf.c sys.ipf/arch/alpha/alpha/conf.c
2 *** sys/arch/alpha/alpha/conf.c Tue Jun 3 09:27:43 2003
3 --- sys.ipf/arch/alpha/alpha/conf.c Mon Jun 21 22:20:42 2004
9 cdev_decl(prom); /* XXX XXX XXX */
20 cdev_midi_init(NMIDI,midi), /* 41: MIDI I/O */
21 cdev_midi_init(NSEQUENCER,sequencer), /* 42: sequencer I/O */
22 cdev_disk_init(NRAID,raid), /* 43: RAIDframe disk driver */
23 ! cdev_notdef(), /* 44 */
24 cdev_usb_init(NUSB,usb), /* 45: USB controller */
25 cdev_usbdev_init(NUHID,uhid), /* 46: USB generic HID */
26 cdev_ulpt_init(NULPT,ulpt), /* 47: USB printer */
28 cdev_midi_init(NMIDI,midi), /* 41: MIDI I/O */
29 cdev_midi_init(NSEQUENCER,sequencer), /* 42: sequencer I/O */
30 cdev_disk_init(NRAID,raid), /* 43: RAIDframe disk driver */
31 ! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter log */
32 cdev_usb_init(NUSB,usb), /* 45: USB controller */
33 cdev_usbdev_init(NUHID,uhid), /* 46: USB generic HID */
34 cdev_ulpt_init(NULPT,ulpt), /* 47: USB printer */
35 diff sys/arch/hp300/hp300/conf.c sys.ipf/arch/hp300/hp300/conf.c
36 *** sys/arch/hp300/hp300/conf.c Tue Jun 3 09:27:45 2003
37 --- sys.ipf/arch/hp300/hp300/conf.c Mon Jun 21 22:20:43 2004
55 cdev_disk_init(NRD,rd), /* 34: RAM disk */
56 cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */
57 cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */
58 ! cdev_notdef(), /* 37 */
59 cdev_notdef(), /* 38 */
60 cdev_notdef(), /* 39 */
61 cdev_notdef(), /* 40 */
63 cdev_disk_init(NRD,rd), /* 34: RAM disk */
64 cdev_tty_init(NAPCI,apci), /* 35: Apollo APCI UARTs */
65 cdev_ksyms_init(NKSYMS,ksyms), /* 36: Kernel symbols device */
66 ! cdev_pf_init(NIPF,ipl), /* 37: packet filter */
67 cdev_notdef(), /* 38 */
68 cdev_notdef(), /* 39 */
69 cdev_notdef(), /* 40 */
70 diff sys/arch/hppa/hppa/conf.c sys.ipf/arch/hppa/hppa/conf.c
71 *** sys/arch/hppa/hppa/conf.c Tue Jun 3 09:27:46 2003
72 --- sys.ipf/arch/hppa/hppa/conf.c Mon Jun 21 22:20:43 2004
91 cdev_audio_init(NAUDIO,audio), /* 35: /dev/audio */
92 cdev_crypto_init(NCRYPTO,crypto), /* 36: /dev/crypto */
93 cdev_ses_init(NSES,ses), /* 37: SCSI SES/SAF-TE */
94 + cdev_gen_ipf(NIPF,ipl), /* 38: ip filtering */
98 diff sys/arch/i386/i386/conf.c sys.ipf/arch/i386/i386/conf.c
99 *** sys/arch/i386/i386/conf.c Sat Jun 28 02:57:14 2003
100 --- sys.ipf/arch/i386/i386/conf.c Mon Jun 21 22:20:43 2004
113 /* XXX -- this needs to be supported by config(8)! */
114 #if (NCOM > 0) && (NPCCOM > 0)
115 #error com and pccom are mutually exclusive. Sorry.
118 cdev_usbdev_init(NUSCANNER,uscanner), /* 77: USB scanners */
119 cdev_systrace_init(NSYSTRACE,systrace), /* 78: system call tracing */
120 cdev_oci_init(NBIO,bio), /* 79: ioctl tunnel */
121 ! cdev_ch_init(NGPR,gpr) /* 80: GPR400 SmartCard reader */
123 int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]);
126 cdev_usbdev_init(NUSCANNER,uscanner), /* 77: USB scanners */
127 cdev_systrace_init(NSYSTRACE,systrace), /* 78: system call tracing */
128 cdev_oci_init(NBIO,bio), /* 79: ioctl tunnel */
129 ! cdev_ch_init(NGPR,gpr), /* 80: GPR400 SmartCard reader */
130 ! cdev_gen_ipf(NIPF,ipl) /* 81: ip filtering */
133 int nchrdev = sizeof(cdevsw) / sizeof(cdevsw[0]);
135 diff sys/arch/mac68k/mac68k/conf.c sys.ipf/arch/mac68k/mac68k/conf.c
136 *** sys/arch/mac68k/mac68k/conf.c Tue Jun 3 09:27:49 2003
137 --- sys.ipf/arch/mac68k/mac68k/conf.c Mon Jun 21 22:20:43 2004
152 #include "systrace.h"
155 cdev_pf_init(NPF,pf), /* 35: packet filter */
156 cdev_audio_init(NASC,asc), /* 36: ASC audio device */
157 cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */
158 ! cdev_notdef(), /* 38 */
159 cdev_notdef(), /* 39 */
160 cdev_notdef(), /* 40 */
161 cdev_notdef(), /* 41 */
163 cdev_pf_init(NPF,pf), /* 35: packet filter */
164 cdev_audio_init(NASC,asc), /* 36: ASC audio device */
165 cdev_ksyms_init(NKSYMS,ksyms), /* 37: Kernel symbols device */
166 ! cdev_gen_ipf(NIPF,ipl), /* 38: IP filter log */
167 cdev_notdef(), /* 39 */
168 cdev_notdef(), /* 40 */
169 cdev_notdef(), /* 41 */
170 diff sys/arch/macppc/macppc/conf.c sys.ipf/arch/macppc/macppc/conf.c
171 *** sys/arch/macppc/macppc/conf.c Sat Jun 28 02:57:14 2003
172 --- sys.ipf/arch/macppc/macppc/conf.c Mon Jun 21 22:20:43 2004
186 #include <xfs/nxfs.h>
190 cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
191 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
192 cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */
193 ! cdev_notdef(), /* 45 */
194 cdev_notdef(), /* 46 */
195 cdev_crypto_init(NCRYPTO,crypto), /* 47: /dev/crypto */
196 cdev_notdef(), /* 48 */
198 cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
199 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
200 cdev_audio_init(NAUDIO,audio), /* 44: generic audio I/O */
201 ! cdev_gen_ipf(NIPF,ipl), /* 45: IP filter */
202 cdev_notdef(), /* 46 */
203 cdev_crypto_init(NCRYPTO,crypto), /* 47: /dev/crypto */
204 cdev_notdef(), /* 48 */
205 diff sys/arch/mvme68k/mvme68k/conf.c sys.ipf/arch/mvme68k/mvme68k/conf.c
206 *** sys/arch/mvme68k/mvme68k/conf.c Tue Jun 3 09:27:50 2003
207 --- sys.ipf/arch/mvme68k/mvme68k/conf.c Mon Jun 21 22:20:43 2004
211 #include "bpfilter.h"
222 #include "systrace.h"
225 cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
226 cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
227 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
228 ! cdev_lkm_dummy(), /* 44 */
229 cdev_lkm_dummy(), /* 45 */
230 cdev_lkm_dummy(), /* 46 */
231 cdev_lkm_dummy(), /* 47 */
233 cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
234 cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
235 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
236 ! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */
237 cdev_lkm_dummy(), /* 45 */
238 cdev_lkm_dummy(), /* 46 */
239 cdev_lkm_dummy(), /* 47 */
240 diff sys/arch/mvme88k/mvme88k/conf.c sys.ipf/arch/mvme88k/mvme88k/conf.c
241 *** sys/arch/mvme88k/mvme88k/conf.c Tue Jun 3 09:27:52 2003
242 --- sys.ipf/arch/mvme88k/mvme88k/conf.c Mon Jun 21 22:20:43 2004
257 #include "systrace.h"
260 cdev_lkm_dummy(), /* 38 */
261 cdev_pf_init(NPF,pf), /* 39: packet filter */
262 cdev_random_init(1,random), /* 40: random data source */
263 ! cdev_notdef(), /* 41 */
264 cdev_notdef(), /* 42 */
265 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
266 cdev_notdef(), /* 44 */
268 cdev_lkm_dummy(), /* 38 */
269 cdev_pf_init(NPF,pf), /* 39: packet filter */
270 cdev_random_init(1,random), /* 40: random data source */
271 ! cdev_gen_ipf(NIPF,ipl), /* 41: IP filter */
272 cdev_notdef(), /* 42 */
273 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
274 cdev_notdef(), /* 44 */
275 diff sys/arch/mvmeppc/mvmeppc/conf.c sys.ipf/arch/mvmeppc/mvmeppc/conf.c
276 *** sys/arch/mvmeppc/mvmeppc/conf.c Wed May 14 10:20:37 2003
277 --- sys.ipf/arch/mvmeppc/mvmeppc/conf.c Mon Jun 21 22:20:43 2004
292 #include "systrace.h"
295 cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
296 cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
297 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
298 ! cdev_notdef(), /* 44 */
299 cdev_notdef(), /* 45 */
300 cdev_notdef(), /* 46 */
301 cdev_notdef(), /* 47 */
303 cdev_uk_init(NUK,uk), /* 41: unknown SCSI */
304 cdev_ss_init(NSS,ss), /* 42: SCSI scanner */
305 cdev_ksyms_init(NKSYMS,ksyms), /* 43: Kernel symbols device */
306 ! cdev_gen_ipf(NIPF,ipl), /* 44: IP filter */
307 cdev_notdef(), /* 45 */
308 cdev_notdef(), /* 46 */
309 cdev_notdef(), /* 47 */
310 diff sys/arch/sparc/sparc/conf.c sys.ipf/arch/sparc/sparc/conf.c
311 *** sys/arch/sparc/sparc/conf.c Tue Jun 3 09:27:55 2003
312 --- sys.ipf/arch/sparc/sparc/conf.c Mon Jun 21 22:20:43 2004
317 int nblkdev = sizeof(bdevsw) / sizeof(bdevsw[0]);
327 #include "systrace.h"
330 cdev_notdef(), /* 57 */
331 cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */
332 cdev_pf_init(NPF,pf), /* 59: packet filter */
333 ! cdev_notdef(), /* 60 */
334 cdev_notdef(), /* 61 */
335 cdev_notdef(), /* 62 */
336 cdev_notdef(), /* 63 */
338 cdev_notdef(), /* 57 */
339 cdev_disk_init(NCD,cd), /* 58: SCSI CD-ROM */
340 cdev_pf_init(NPF,pf), /* 59: packet filter */
341 ! cdev_gen_ipf(NIPF,ipl), /* 60: ip filtering log */
342 cdev_notdef(), /* 61 */
343 cdev_notdef(), /* 62 */
344 cdev_notdef(), /* 63 */
345 diff sys/arch/sparc64/sparc64/conf.c sys.ipf/arch/sparc64/sparc64/conf.c
346 *** sys/arch/sparc64/sparc64/conf.c Sat Jun 28 02:57:14 2003
347 --- sys.ipf/arch/sparc64/sparc64/conf.c Mon Jun 21 22:20:44 2004
352 #include "uscanner.h"
365 cdev_mouse_init(NWSKBD, wskbd), /* 79: keyboards */
366 cdev_mouse_init(NWSMOUSE, wsmouse), /* 80: mice */
367 cdev_mouse_init(NWSMUX, wsmux), /* 81: ws multiplexor */
368 ! cdev_notdef(), /* 82 */
369 cdev_notdef(), /* 83 */
370 cdev_notdef(), /* 84 */
371 cdev_notdef(), /* 85 */
373 cdev_mouse_init(NWSKBD, wskbd), /* 79: keyboards */
374 cdev_mouse_init(NWSMOUSE, wsmouse), /* 80: mice */
375 cdev_mouse_init(NWSMUX, wsmux), /* 81: ws multiplexor */
376 ! cdev_gen_ipf(NIPF,ipl), /* 82: IP filter */
377 cdev_notdef(), /* 83 */
378 cdev_notdef(), /* 84 */
379 cdev_notdef(), /* 85 */
380 diff sys/arch/vax/vax/conf.c sys.ipf/arch/vax/vax/conf.c
381 *** sys/arch/vax/vax/conf.c Thu Jun 26 23:06:26 2003
382 --- sys.ipf/arch/vax/vax/conf.c Mon Jun 21 22:20:44 2004
397 #include "systrace.h"
400 cdev_notdef(), /* 44 was Datakit */
401 cdev_notdef(), /* 45 was Datakit */
402 cdev_notdef(), /* 46 was Datakit */
403 ! cdev_notdef(), /* 47 */
404 cdev_notdef(), /* 48 */
405 cdev_systrace_init(NSYSTRACE,systrace), /* 49: system call tracing */
406 cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */
408 cdev_notdef(), /* 44 was Datakit */
409 cdev_notdef(), /* 45 was Datakit */
410 cdev_notdef(), /* 46 was Datakit */
411 ! cdev_gen_ipf(NIPF,ipl), /* 47: IP filter */
412 cdev_notdef(), /* 48 */
413 cdev_systrace_init(NSYSTRACE,systrace), /* 49: system call tracing */
414 cdev_ksyms_init(NKSYMS,ksyms), /* 50: Kernel symbols device */
415 diff sys/conf/GENERIC sys.ipf/conf/GENERIC
416 *** sys/conf/GENERIC Thu May 15 00:24:43 2003
417 --- sys.ipf/conf/GENERIC Mon Jun 21 22:20:44 2004
421 #option EON # OSI tunneling over IP
422 #option NETATALK # AppleTalk
423 #option CCITT,LLC,HDLC # X.25
424 + option IPFILTER # IP packet filter for security
425 + option IPFILTER_LOG # use /dev/ipl to log IPF
426 option PPP_BSDCOMP # PPP BSD compression
428 #option MROUTING # Multicast router
429 diff sys/conf/files sys.ipf/conf/files
430 *** sys/conf/files Fri Aug 22 05:12:07 2003
431 --- sys.ipf/conf/files Mon Jun 21 22:20:44 2004
435 file netinet/tcp_usrreq.c inet
436 file netinet/udp_usrreq.c inet
437 file netinet/ip_gre.c inet
438 + file netinet/ip_fil.c ipfilter
439 + file netinet/fil.c ipfilter
440 + file netinet/ip_nat.c ipfilter
441 + file netinet/ip_frag.c ipfilter
442 + file netinet/ip_state.c ipfilter
443 + file netinet/ip_proxy.c ipfilter
444 + file netinet/ip_auth.c ipfilter
445 + file netinet/ip_log.c ipfilter
446 file netinet/ip_ipsp.c (inet | inet6) & (ipsec | tcp_signature)
447 file netinet/ip_spd.c (inet | inet6) & (ipsec | tcp_signature)
448 file netinet/ip_ipip.c inet | inet6
449 diff sys/net/bridgestp.c sys.ipf/net/bridgestp.c
450 *** sys/net/bridgestp.c Tue Jun 3 04:42:56 2003
451 --- sys.ipf/net/bridgestp.c Mon Jun 21 22:20:44 2004
455 #include <netinet/in_var.h>
456 #include <netinet/ip.h>
457 #include <netinet/if_ether.h>
460 + #include <netinet/ip_compat.h>
461 + #include <netinet/ip_fil.h>
466 diff sys/net/if.c sys.ipf/net/if.c
467 *** sys/net/if.c Wed Aug 27 10:33:34 2003
468 --- sys.ipf/net/if.c Mon Jun 21 22:20:44 2004
472 #include <netinet6/nd6.h>
476 + #include <netinet/ip_compat.h>
477 + #include <netinet/ip_fil.h>
478 + #include <netinet/ip_nat.h>
488 /* Remove the interface from the list of all interfaces. */
489 TAILQ_REMOVE(&ifnet, ifp, if_list);
492 + /* XXX More ipf & ipnat cleanup needed. */
497 * Deallocate private resources.
498 diff sys/net/if_bridge.c sys.ipf/net/if_bridge.c
499 *** sys/net/if_bridge.c Sat Aug 16 06:32:19 2003
500 --- sys.ipf/net/if_bridge.c Mon Jun 21 22:23:56 2004
504 #include <netinet/ip_ipsp.h>
506 #include <net/if_enc.h>
507 + #if (defined(IPFILTER) || defined(IPFILTER_LKM))
508 + #include <netinet/ip_compat.h>
509 + #include <netinet/ip_fil.h>
514 #include <netinet/ip6.h>
517 int bridge_brlconf(struct bridge_softc *, struct ifbrlconf *);
518 u_int8_t bridge_filterrule(struct brl_head *, struct ether_header *,
521 struct mbuf *bridge_filter(struct bridge_softc *, int, struct ifnet *,
522 struct ether_header *, struct mbuf *m);
525 int bridge_brlconf(struct bridge_softc *, struct ifbrlconf *);
526 u_int8_t bridge_filterrule(struct brl_head *, struct ether_header *,
528 ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
529 struct mbuf *bridge_filter(struct bridge_softc *, int, struct ifnet *,
530 struct ether_header *, struct mbuf *m);
538 m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m);
545 ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
546 m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m);
555 m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m);
562 ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
563 m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m);
572 mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc);
579 ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
580 mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc);
586 * We don't need to do loop detection, the
587 * bridge will do that for us.
589 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
590 + if (dir == BRIDGE_OUT && fr_checkp &&
591 + ((*fr_checkp)(ip, hlen, &encif[0].sc_if,
604 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
605 + if (dir == BRIDGE_IN && fr_checkp &&
606 + ((*fr_checkp)(ip, hlen, &encif[0].sc_if,
610 error = ipsp_process_packet(m, tdb, af, 0);
620 * Filter IP packets by peeking into the ethernet frame. This violates
621 * the ISO model, but allows us to act as a IP filter at the data link
626 ! #if (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM))
628 * Filter IP packets by peeking into the ethernet frame. This violates
629 * the ISO model, but allows us to act as a IP filter at the data link
636 /* Finally, we get to filter the packet! */
637 m->m_pkthdr.rcvif = ifp;
638 if (pf_test(dir, ifp, &m) != PF_PASS)
644 /* Rebuild the IP header */
645 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL))
650 ! #if defined(IPFILTER) || defined(IPFILTER_LKM) || (NPF > 0)
651 /* Finally, we get to filter the packet! */
652 m->m_pkthdr.rcvif = ifp;
654 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
655 + if (dir == BRIDGE_OUT) {
656 + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m))
663 if (pf_test(dir, ifp, &m) != PF_PASS)
668 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
669 + if (dir == BRIDGE_IN) {
670 + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 0, &m))
677 /* Rebuild the IP header */
678 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL))
685 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
686 + if (dir == BRIDGE_OUT) {
687 + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m))
694 if (pf_test6(dir, ifp, &m) != PF_PASS)
702 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
703 + if (dir == BRIDGE_IN) {
704 + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 0, &m))
718 ! #endif /* NPF > 0 */
721 bridge_fragment(struct bridge_softc *sc, struct ifnet *ifp,
726 ! #endif /* (NPF > 0) || (defined(IPFILTER) || defined(IPFILTER_LKM)) */
729 bridge_fragment(struct bridge_softc *sc, struct ifnet *ifp,
730 diff sys/netinet/in_proto.c sys.ipf/netinet/in_proto.c
731 *** sys/netinet/in_proto.c Tue Jun 3 09:28:14 2003
732 --- sys.ipf/netinet/in_proto.c Mon Jun 21 22:20:44 2004
736 #include <netinet/ip_mroute.h>
737 #endif /* MROUTING */
740 + void iplinit __P((void));
741 + #define ip_init iplinit
745 #include <netinet6/ip6_var.h>
747 diff sys/netinet/ip_input.c sys.ipf/netinet/ip_input.c
748 *** sys/netinet/ip_input.c Tue Jul 29 13:21:57 2003
749 --- sys.ipf/netinet/ip_input.c Mon Jun 21 22:20:45 2004
753 struct in_ifaddrhead in_ifaddr;
754 struct ifqueue ipintrq;
756 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
757 + int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
761 static __inline int ipq_lock_try(void);
762 static __inline void ipq_unlock(void);
766 ip = mtod(m, struct ip *);
767 hlen = ip->ip_hl << 2;
768 pfrdr = (pfrdr != ip->ip_dst.s_addr);
771 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
773 + * Check if we want to allow this packet to be processed.
774 + * Consider it to be bad if not.
777 + struct mbuf *m0 = m;
778 + if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) {
781 + if (m0 == 0) { /* in case of 'fastroute' */
784 + ip = mtod(m = m0, struct ip *);
789 diff sys/netinet/ip_output.c sys.ipf/netinet/ip_output.c
790 *** sys/netinet/ip_output.c Sat Aug 16 06:32:20 2003
791 --- sys.ipf/netinet/ip_output.c Mon Jun 21 22:20:45 2004
795 static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *);
796 static void ip_mloopback(struct ifnet *, struct mbuf *, struct sockaddr_in *);
798 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
799 + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
803 * IP output. The packet in mbuf chain m contains a skeletal IP
804 * header (with len, off, ttl, proto, tos, src, dst).
811 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
814 + * Ok, it's time for a simple round-trip to the IPF/NAT
815 + * code with the enc0 interface.
817 + struct mbuf *m1 = m;
818 + void *ifp = (void *)&encif[0].sc_if;
820 + if ((*fr_checkp)(ip, hlen, ifp, 1, &m1)) {
821 + error = EHOSTUNREACH;
825 + if (m1 == 0) { /* in case of 'fastroute' */
830 + ip = mtod(m = m1, struct ip *);
831 + hlen = ip->ip_hl << 2;
833 + #endif /* IPFILTER */
842 m->m_pkthdr.csum &= ~M_UDPV4_CSUM_OUT; /* Clear */
846 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
848 + * looks like most checking has been done now...do a filter check
851 + struct mbuf *m1 = m;
853 + if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m1)) {
854 + error = EHOSTUNREACH;
857 + if (m1 == 0) { /* in case of 'fastroute' */
861 + ip = mtod(m = m1, struct ip *);
867 diff sys/netinet6/ip6_input.c sys.ipf/netinet6/ip6_input.c
868 *** sys/netinet6/ip6_input.c Mon Jun 30 20:30:23 2003
869 --- sys.ipf/netinet6/ip6_input.c Mon Jun 21 22:20:45 2004
873 static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
874 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
876 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
877 + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
881 * IP6 initialization: fill in IP6 protocol switch table.
882 * All protocols not implemented in kernel go to raw IP6 protocol handler.
886 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
890 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
892 + * Check if we want to allow this packet to be processed.
893 + * Consider it to be bad if not.
895 + if (fr_checkp != NULL) {
896 + struct mbuf *m0 = m;
898 + if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6),
899 + m->m_pkthdr.rcvif, 0, &m0)) {
903 + if (m == 0) { /* in case of 'fastroute' */
906 + ip6 = mtod(m, struct ip6_hdr *);
912 diff sys/netinet6/ip6_output.c sys.ipf/netinet6/ip6_output.c
913 *** sys/netinet6/ip6_output.c Sat Aug 16 06:32:20 2003
914 --- sys.ipf/netinet6/ip6_output.c Mon Jun 21 22:20:45 2004
919 static int ip6_pcbopts(struct ip6_pktopts **, struct mbuf *, struct socket *);
920 static int ip6_setmoptions(int, struct ip6_moptions **, struct mbuf *);
921 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
922 + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
924 static int ip6_getmoptions(int, struct ip6_moptions *, struct mbuf **);
925 static int ip6_copyexthdr(struct mbuf **, caddr_t, int);
926 static int ip6_insertfraghdr(struct mbuf *, struct mbuf *, int,
930 static int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t);
931 static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *);
932 ! static int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
933 struct ifnet *, struct in6_addr *, u_long *);
938 static int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t);
939 static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *);
940 ! int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
941 struct ifnet *, struct in6_addr *, u_long *);
948 ip6 = mtod(m, struct ip6_hdr *);
951 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
953 + * looks like most checking has been done now...do a filter check
955 + if (fr_checkp != NULL) {
956 + struct mbuf *m1 = m;
957 + if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) {
958 + error = EHOSTUNREACH;
962 + if (m1 == 0) { /* in case of 'fastroute' */
966 + ip6 = mtod(m, struct ip6_hdr *);
971 * Send the packet to the outgoing interface.
978 ip6_getpmtu(ro_pmtu, ro, ifp, dst, mtup)
979 struct route_in6 *ro_pmtu, *ro;
986 ip6_getpmtu(ro_pmtu, ro, ifp, dst, mtup)
987 struct route_in6 *ro_pmtu, *ro;
989 diff sys/sys/conf.h sys.ipf/sys/conf.h
990 *** sys/sys/conf.h Sat Jun 28 02:57:14 2003
991 --- sys.ipf/sys/conf.h Mon Jun 21 22:20:45 2004
995 (dev_type_ioctl((*))) enodev, (dev_type_stop((*))) nullop, \
996 0, (dev_type_select((*))) enodev, (dev_type_mmap((*))) enodev }
998 + /* open, close, read, ioctl */
999 + #define cdev_gen_ipf(c, n) { \
1000 + dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
1001 + (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
1002 + (dev_type_stop((*))) enodev, 0, (dev_type_select((*))) enodev, \
1003 + (dev_type_mmap((*))) enodev }
1005 /* open, close, read, write, ioctl, select, nokqfilter */
1006 #define cdev_xfs_init(c, n) { \
1007 dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
projects / FreeBSD / FreeBSD.git / blob