2 * Copyright (C) 1993-1998 by Darren Reed.
4 * Redistribution and use in source and binary forms are permitted
5 * provided that this notice is preserved and due credit is given
6 * to the original author and the contributors.
9 static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-1995 Darren Reed";
10 static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.4.2.16 2000/01/16 10:12:42 darrenr Exp $";
14 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
17 #if defined(KERNEL) && !defined(_KERNEL)
20 #include <sys/param.h>
21 #if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
23 # include "opt_ipfilter_log.h"
26 # if defined(_KERNEL) && !defined(IPFILTER_LKM)
27 # include <sys/osreldate.h>
29 # include <osreldate.h>
39 #include <sys/errno.h>
40 #include <sys/types.h>
42 #if __FreeBSD_version >= 220000 && defined(_KERNEL)
43 # include <sys/fcntl.h>
44 # include <sys/filio.h>
46 # include <sys/ioctl.h>
50 # include <sys/systm.h>
54 # if (NetBSD > 199609) || (OpenBSD > 199603) || (__FreeBSD_version >= 300000)
55 # include <sys/dirent.h>
59 # include <sys/mbuf.h>
61 # include <sys/filio.h>
63 #include <sys/protosw.h>
64 #include <sys/socket.h>
70 #if __FreeBSD_version >= 300000
71 # include <net/if_var.h>
72 # if defined(_KERNEL) && !defined(IPFILTER_LKM)
73 # include "opt_ipfilter.h"
77 #include <sys/debug.h>
78 # ifdef IFF_DRVRLOCK /* IRIX6 */
79 #include <sys/hashing.h>
82 #include <net/route.h>
83 #include <netinet/in.h>
84 #if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /* IRIX < 6 */
85 # include <netinet/in_var.h>
87 #include <netinet/in_systm.h>
88 #include <netinet/ip.h>
89 #include <netinet/ip_var.h>
90 #include <netinet/tcp.h>
91 #include <netinet/udp.h>
92 #include <netinet/tcpip.h>
93 #include <netinet/ip_icmp.h>
98 #include "netinet/ip_compat.h"
99 #include "netinet/ip_fil.h"
100 #include "netinet/ip_proxy.h"
101 #include "netinet/ip_nat.h"
102 #include "netinet/ip_frag.h"
103 #include "netinet/ip_state.h"
104 #include "netinet/ip_auth.h"
105 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
106 # include <sys/malloc.h>
109 # define MIN(a,b) (((a)<(b))?(a):(b))
111 #if !SOLARIS && defined(_KERNEL) && !defined(__sgi)
112 # include <sys/kernel.h>
113 extern int ip_optcopy __P((struct ip *, struct ip *));
117 extern struct protosw inetsw[];
121 static struct ifnet **ifneta = NULL;
124 # if (BSD < 199306) || defined(__sgi)
129 int ipl_unreach = ICMP_UNREACH_FILTER;
130 u_long ipl_frouteok[2] = {0, 0};
132 static void frzerostats __P((caddr_t));
133 #if defined(__NetBSD__) || defined(__OpenBSD__)
134 static int frrequest __P((int, u_long, caddr_t, int));
136 static int frrequest __P((int, int, caddr_t, int));
139 static int (*fr_savep) __P((ip_t *, int, void *, int, struct mbuf **));
140 static int send_ip __P((struct mbuf *, ip_t *));
142 extern kmutex_t ipf_rw;
143 extern KRWLOCK_T ipf_mutex;
146 int ipllog __P((void));
147 void init_ifp __P((void));
149 static int no_output __P((struct ifnet *, struct mbuf *,
151 static int write_output __P((struct ifnet *, struct mbuf *,
154 static int no_output __P((struct ifnet *, struct mbuf *,
155 struct sockaddr *, struct rtentry *));
156 static int write_output __P((struct ifnet *, struct mbuf *,
157 struct sockaddr *, struct rtentry *));
160 #if defined(IPFILTER_LKM)
166 #if (__FreeBSD_version >= 300000) && defined(_KERNEL)
167 struct callout_handle ipfr_slowtimer_ch;
170 #if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
171 # include <sys/device.h>
172 # include <sys/conf.h>
174 struct cfdriver iplcd = {
175 NULL, "ipl", NULL, NULL, DV_DULL, 0
178 struct devsw iplsw = {
180 iplopen, iplclose, iplread, nowrite, iplioctl, noselect, nommap,
181 nostrat, nodump, nopsize, 0,
184 #endif /* _BSDI_VERSION >= 199510 && _KERNEL */
186 #if defined(__NetBSD__) || defined(__OpenBSD__) || (_BSDI_VERSION >= 199701)
187 # include <sys/conf.h>
188 # if defined(NETBSD_PF)
189 # include <net/pfil.h>
191 * We provide the fr_checkp name just to minimize changes later.
193 int (*fr_checkp) __P((ip_t *ip, int hlen, void *ifp, int out, mb_t **mp));
194 # endif /* NETBSD_PF */
195 #endif /* __NetBSD__ */
198 # if defined(IPFILTER_LKM) && !defined(__sgi)
202 if (strcmp(s, "ipl") == 0)
206 # endif /* IPFILTER_LKM */
210 * Try to detect the case when compiling for NetBSD with pseudo-device
212 # if defined(__NetBSD__) && defined(PFIL_HOOKS)
214 ipfilterattach(count)
217 if (iplattach() != 0)
218 printf("IP Filter failed to attach\n");
232 if (fr_running || (fr_checkp == fr_check)) {
233 printf("IP Filter: already initialized\n");
241 if (nat_init() == -1)
243 if (fr_stateinit() == -1)
245 if (appr_init() == -1)
249 pfil_add_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
253 error = ipfilter_sgi_attach();
260 bzero((char *)frcache, sizeof(frcache));
261 fr_savep = fr_checkp;
262 fr_checkp = fr_check;
265 if (fr_pass & FR_PASS)
267 else if (fr_pass & FR_BLOCK)
270 defpass = "no-match -> block";
272 printf("IP Filter: initialized. Default = %s all, Logging = %s\n",
279 printf("%s\n", ipfilter_version);
281 # if (__FreeBSD_version >= 300000) && defined(_KERNEL)
282 ipfr_slowtimer_ch = timeout(ipfr_slowtimer, NULL, hz/2);
284 timeout(ipfr_slowtimer, NULL, hz/2);
293 * Disable the filter by removing the hooks from the IP input/output
298 int s, i = FR_INQUE|FR_OUTQUE;
301 # if (__FreeBSD_version >= 300000)
302 untimeout(ipfr_slowtimer, NULL, ipfr_slowtimer_ch);
305 untimeout(ipfr_slowtimer);
307 untimeout(ipfr_slowtimer, NULL);
314 printf("IP Filter: not initialized\n");
319 fr_checkp = fr_savep;
320 i = frflush(IPL_LOGIPF, i);
324 pfil_remove_hook((void *)fr_check, PFIL_IN|PFIL_OUT);
328 ipfilter_sgi_detach();
342 static void frzerostats(data)
347 bcopy((char *)frstats, (char *)fio.f_st,
348 sizeof(struct filterstats) * 2);
349 fio.f_fin[0] = ipfilter[0][0];
350 fio.f_fin[1] = ipfilter[0][1];
351 fio.f_fout[0] = ipfilter[1][0];
352 fio.f_fout[1] = ipfilter[1][1];
353 fio.f_acctin[0] = ipacct[0][0];
354 fio.f_acctin[1] = ipacct[0][1];
355 fio.f_acctout[0] = ipacct[1][0];
356 fio.f_acctout[1] = ipacct[1][1];
357 fio.f_active = fr_active;
358 fio.f_froute[0] = ipl_frouteok[0];
359 fio.f_froute[1] = ipl_frouteok[1];
360 IWCOPY((caddr_t)&fio, data, sizeof(fio));
361 bzero((char *)frstats, sizeof(*frstats) * 2);
366 * Filter ioctl interface.
369 int IPL_EXTERN(ioctl)(dev_t dev, int cmd, caddr_t data, int mode
371 , cred_t *cp, int *rp
375 int IPL_EXTERN(ioctl)(dev, cmd, data, mode
376 #if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \
377 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL)
384 #if defined(__NetBSD__) || defined(__OpenBSD__) || \
385 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
394 #if defined(_KERNEL) && !SOLARIS
397 int error = 0, unit = 0, tmp;
399 #if (BSD >= 199306) && defined(_KERNEL)
400 if ((securelevel >= 2) && (mode & FWRITE))
404 unit = GET_MINOR(dev);
405 if ((IPL_LOGMAX < unit) || (unit < 0))
413 if (unit == IPL_LOGNAT) {
416 error = nat_ioctl(data, cmd, mode);
420 if (unit == IPL_LOGSTATE) {
423 error = fr_state_ioctl(data, cmd, mode);
430 IWCOPY((caddr_t)&iplused[IPL_LOGIPF], (caddr_t)data,
431 sizeof(iplused[IPL_LOGIPF]));
434 #if !defined(IPFILTER_LKM) && defined(_KERNEL)
439 if (!(mode & FWRITE))
442 IRCOPY(data, (caddr_t)&enable, sizeof(enable));
452 if (!(mode & FWRITE))
455 IRCOPY(data, (caddr_t)&fr_flags, sizeof(fr_flags));
458 IWCOPY((caddr_t)&fr_flags, data, sizeof(fr_flags));
464 if (!(mode & FWRITE))
467 error = frrequest(unit, cmd, data, fr_active);
472 if (!(mode & FWRITE))
475 error = frrequest(unit, cmd, data, 1 - fr_active);
478 if (!(mode & FWRITE))
481 bzero((char *)frcache, sizeof(frcache[0]) * 2);
482 *(u_int *)data = fr_active;
483 fr_active = 1 - fr_active;
490 bcopy((char *)frstats, (char *)fio.f_st,
491 sizeof(struct filterstats) * 2);
492 fio.f_fin[0] = ipfilter[0][0];
493 fio.f_fin[1] = ipfilter[0][1];
494 fio.f_fout[0] = ipfilter[1][0];
495 fio.f_fout[1] = ipfilter[1][1];
496 fio.f_acctin[0] = ipacct[0][0];
497 fio.f_acctin[1] = ipacct[0][1];
498 fio.f_acctout[0] = ipacct[1][0];
499 fio.f_acctout[1] = ipacct[1][1];
501 fio.f_active = fr_active;
502 fio.f_froute[0] = ipl_frouteok[0];
503 fio.f_froute[1] = ipl_frouteok[1];
504 fio.f_running = fr_running;
505 fio.f_groups[0][0] = ipfgroups[0][0];
506 fio.f_groups[0][1] = ipfgroups[0][1];
507 fio.f_groups[1][0] = ipfgroups[1][0];
508 fio.f_groups[1][1] = ipfgroups[1][1];
509 fio.f_groups[2][0] = ipfgroups[2][0];
510 fio.f_groups[2][1] = ipfgroups[2][1];
516 fio.f_defpass = fr_pass;
517 strncpy(fio.f_version, ipfilter_version,
518 sizeof(fio.f_version));
519 IWCOPY((caddr_t)&fio, data, sizeof(fio));
523 if (!(mode & FWRITE))
529 if (!(mode & FWRITE))
532 IRCOPY(data, (caddr_t)&tmp, sizeof(tmp));
533 tmp = frflush(unit, tmp);
534 IWCOPY((caddr_t)&tmp, data, sizeof(tmp));
539 if (!(mode & FWRITE))
542 *(int *)data = ipflog_clear(unit);
544 #endif /* IPFILTER_LOG */
546 IWCOPY((caddr_t)ipfr_fragstats(), data, sizeof(ipfrstat_t));
550 if (!(mode & FWRITE)) {
555 error = fr_auth_ioctl(data, cmd, NULL, NULL);
558 if (!(mode & FWRITE))
561 #if defined(_KERNEL) && defined(__sgi)
576 void fr_forgetifp(ifp)
579 register frentry_t *f;
581 WRITE_ENTER(&ipf_mutex);
582 for (f = ipacct[0][fr_active]; (f != NULL); f = f->fr_next)
583 if (f->fr_ifa == ifp)
584 f->fr_ifa = (void *)-1;
585 for (f = ipacct[1][fr_active]; (f != NULL); f = f->fr_next)
586 if (f->fr_ifa == ifp)
587 f->fr_ifa = (void *)-1;
588 for (f = ipfilter[0][fr_active]; (f != NULL); f = f->fr_next)
589 if (f->fr_ifa == ifp)
590 f->fr_ifa = (void *)-1;
591 for (f = ipfilter[1][fr_active]; (f != NULL); f = f->fr_next)
592 if (f->fr_ifa == ifp)
593 f->fr_ifa = (void *)-1;
594 RWLOCK_EXIT(&ipf_mutex);
599 static int frrequest(unit, req, data, set)
601 #if defined(__NetBSD__) || defined(__OpenBSD__)
609 register frentry_t *fp, *f, **fprev;
610 register frentry_t **ftail;
613 frgroup_t *fg = NULL;
618 IRCOPY(data, (caddr_t)fp, sizeof(*fp));
622 * Check that the group number does exist and that if a head group
623 * has been specified, doesn't exist.
625 if ((req != SIOCZRLST) && fp->fr_grhead &&
626 fr_findgroup((u_int)fp->fr_grhead, fp->fr_flags, unit, set, NULL))
628 if ((req != SIOCZRLST) && fp->fr_group &&
629 !fr_findgroup((u_int)fp->fr_group, fp->fr_flags, unit, set, NULL))
632 in = (fp->fr_flags & FR_INQUE) ? 0 : 1;
634 if (unit == IPL_LOGAUTH)
635 ftail = fprev = &ipauth;
636 else if (fp->fr_flags & FR_ACCOUNT)
637 ftail = fprev = &ipacct[in][set];
638 else if (fp->fr_flags & (FR_OUTQUE|FR_INQUE))
639 ftail = fprev = &ipfilter[in][set];
643 if ((group = fp->fr_group)) {
644 if (!(fg = fr_findgroup(group, fp->fr_flags, unit, set, NULL)))
646 ftail = fprev = fg->fg_start;
649 bzero((char *)frcache, sizeof(frcache[0]) * 2);
651 if (*fp->fr_ifname) {
652 fp->fr_ifa = GETUNIT(fp->fr_ifname);
654 fp->fr_ifa = (void *)-1;
657 if (*fp->fr_oifname) {
658 fp->fr_oifa = GETUNIT(fp->fr_oifname);
660 fp->fr_oifa = (void *)-1;
665 fp->fr_flags &= ~FR_DUP;
666 if (*fdp->fd_ifname) {
667 fdp->fd_ifp = GETUNIT(fdp->fd_ifname);
669 fdp->fd_ifp = (struct ifnet *)-1;
671 fp->fr_flags |= FR_DUP;
675 if (*fdp->fd_ifname) {
676 fdp->fd_ifp = GETUNIT(fdp->fd_ifname);
678 fdp->fd_ifp = (struct ifnet *)-1;
682 * Look for a matching filter rule, but don't include the next or
683 * interface pointer in the comparison (fr_next, fr_ifa).
685 for (; (f = *ftail); ftail = &f->fr_next)
686 if (bcmp((char *)&f->fr_ip, (char *)&fp->fr_ip,
691 * If zero'ing statistics, copy current to caller and zero.
693 if (req == SIOCZRLST) {
696 IWCOPY((caddr_t)f, data, sizeof(*f));
703 if (req != SIOCINAFR && req != SIOCINIFR)
709 while (--fp->fr_hits && (f = *ftail))
716 if (req == SIOCDELFR || req == SIOCRMIFR) {
722 if (fg && fg->fg_head)
723 fg->fg_head->fr_ref--;
724 if (unit == IPL_LOGAUTH)
725 return fr_auth_ioctl(data, req, f, ftail);
727 fr_delgroup((u_int)f->fr_grhead, fp->fr_flags,
729 fixskip(fprev, f, -1);
737 if (unit == IPL_LOGAUTH)
738 return fr_auth_ioctl(data, req, fp, ftail);
739 KMALLOC(f, frentry_t *);
741 if (fg && fg->fg_head)
742 fg->fg_head->fr_ref++;
743 bcopy((char *)fp, (char *)f, sizeof(*f));
748 if (req == SIOCINIFR || req == SIOCINAFR)
749 fixskip(fprev, f, 1);
751 if ((group = f->fr_grhead))
752 fg = fr_addgroup(group, f, unit, set);
763 * routines below for saving IP headers to buffer
767 int IPL_EXTERN(open)(dev_t *pdev, int flags, int devtype, cred_t *cp)
769 int IPL_EXTERN(open)(dev_t dev, int flags)
772 int IPL_EXTERN(open)(dev, flags
773 # if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \
774 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL)
785 # if defined(__sgi) && defined(_KERNEL)
786 u_int min = geteminor(*pdev);
788 u_int min = GET_MINOR(dev);
791 if (IPL_LOGMAX < min)
800 int IPL_EXTERN(close)(dev_t dev, int flags, int devtype, cred_t *cp)
802 int IPL_EXTERN(close)(dev, flags
803 # if ((_BSDI_VERSION >= 199510) || (BSD >= 199506) || (NetBSD >= 199511) || \
804 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)) && defined(_KERNEL)
815 u_int min = GET_MINOR(dev);
817 if (IPL_LOGMAX < min)
826 * both of these must operate with at least splnet() lest they be
827 * called during packet processing and cause an inconsistancy to appear in
831 int IPL_EXTERN(read)(dev_t dev, uio_t *uio, cred_t *crp)
834 int IPL_EXTERN(read)(dev, uio, ioflag)
837 int IPL_EXTERN(read)(dev, uio)
840 register struct uio *uio;
844 return ipflog_read(GET_MINOR(dev), uio);
852 * send_reset - this could conceivably be a call to tcp_respond(), but that
853 * requires a large amount of setting up and isn't any more efficient.
855 int send_reset(fin, oip)
859 struct tcphdr *tcp, *tcp2;
865 tcp = (struct tcphdr *)fin->fin_dp;
866 if (tcp->th_flags & TH_RST)
867 return -1; /* feedback loop */
868 # if (BSD < 199306) || defined(__sgi)
869 m = m_get(M_DONTWAIT, MT_HEADER);
871 m = m_gethdr(M_DONTWAIT, MT_HEADER);
878 if (tcp->th_flags & TH_SYN)
880 m->m_len = sizeof(*tcp2) + sizeof(*ip);
882 m->m_data += max_linkhdr;
883 m->m_pkthdr.len = m->m_len;
884 m->m_pkthdr.rcvif = (struct ifnet *)0;
886 bzero(mtod(m, char *), sizeof(struct tcpiphdr));
887 ip = mtod(m, struct ip *);
888 tp = mtod(m, struct tcpiphdr *);
889 tcp2 = (struct tcphdr *)((char *)ip + sizeof(*ip));
891 ip->ip_src.s_addr = oip->ip_dst.s_addr;
892 ip->ip_dst.s_addr = oip->ip_src.s_addr;
893 tcp2->th_dport = tcp->th_sport;
894 tcp2->th_sport = tcp->th_dport;
895 tcp2->th_ack = ntohl(tcp->th_seq);
896 tcp2->th_ack += tlen;
897 tcp2->th_ack = htonl(tcp2->th_ack);
898 tcp2->th_off = sizeof(*tcp2) >> 2;
899 tcp2->th_flags = TH_RST|TH_ACK;
900 tp->ti_pr = oip->ip_p;
901 tp->ti_len = htons(sizeof(struct tcphdr));
902 tcp2->th_sum = in_cksum(m, sizeof(*ip) + sizeof(*tcp2));
904 ip->ip_tos = oip->ip_tos;
905 ip->ip_p = oip->ip_p;
906 ip->ip_len = sizeof(*ip) + sizeof(*tcp2);
908 return send_ip(m, ip);
912 static int send_ip(m, ip)
916 # if (defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)) || \
917 (defined(_BSDI_VERSION) && (_BSDI_VERSION >= 199802))
921 # if (BSD < 199306) || defined(__sgi)
922 ip->ip_ttl = tcp_ttl;
924 ip->ip_ttl = ip_defttl;
928 m->m_pkthdr.rcvif = NULL;
930 # if defined(__FreeBSD_version) && (__FreeBSD_version >= 220000)
934 bzero((char *)&ro, sizeof(ro));
935 err = ip_output(m, (struct mbuf *)0, &ro, 0, 0);
942 * extra 0 in case of multicast
944 # if _BSDI_VERSION >= 199802
945 return ip_output(m, (struct mbuf *)0, &ro, 0, 0, NULL);
947 # if defined(__OpenBSD__)
948 return ip_output(m, (struct mbuf *)0, 0, 0, 0, NULL);
950 return ip_output(m, (struct mbuf *)0, 0, 0, 0);
957 int send_icmp_err(oip, type, code, ifp, dst)
967 # if (BSD < 199306) || defined(__sgi)
968 m = m_get(M_DONTWAIT, MT_HEADER);
970 m = m_gethdr(M_DONTWAIT, MT_HEADER);
974 m->m_len = sizeof(*nip) + sizeof(*icmp) + 8;
976 m->m_data += max_linkhdr;
977 m->m_pkthdr.len = sizeof(*nip) + sizeof(*icmp) + 8;
978 m->m_pkthdr.rcvif = (struct ifnet *)0;
981 bzero(mtod(m, char *), (size_t)sizeof(*nip) + sizeof(*icmp) + 8);
982 nip = mtod(m, ip_t *);
983 icmp = (struct icmp *)(nip + 1);
985 nip->ip_v = IPVERSION;
986 nip->ip_hl = (sizeof(*nip) >> 2);
987 nip->ip_p = IPPROTO_ICMP;
988 nip->ip_id = oip->ip_id;
991 nip->ip_tos = oip->ip_tos;
992 nip->ip_len = sizeof(*nip) + sizeof(*icmp) + 8;
993 if (dst.s_addr == 0) {
994 if (fr_ifpaddr(ifp, &dst) == -1)
998 nip->ip_dst = oip->ip_src;
1000 icmp->icmp_type = type;
1001 icmp->icmp_code = code;
1002 icmp->icmp_cksum = 0;
1003 bcopy((char *)oip, (char *)&icmp->icmp_ip, sizeof(*oip));
1004 bcopy((char *)oip + (oip->ip_hl << 2),
1005 (char *)&icmp->icmp_ip + sizeof(*oip), 8); /* 64 bits */
1008 register u_short __iplen, __ipoff;
1009 ip_t *ip = &icmp->icmp_ip;
1011 __iplen = ip->ip_len;
1012 __ipoff = ip->ip_off;
1013 ip->ip_len = htons(__iplen);
1014 ip->ip_off = htons(__ipoff);
1017 icmp->icmp_cksum = ipf_cksum((u_short *)icmp, sizeof(*icmp) + 8);
1018 return send_ip(m, nip);
1022 # if !defined(IPFILTER_LKM) && (__FreeBSD_version < 300000) && !defined(__sgi)
1024 int iplinit __P((void));
1028 void iplinit __P((void));
1034 if (iplattach() != 0)
1035 printf("IP Filter failed to attach\n");
1038 # endif /* ! __NetBSD__ */
1041 size_t mbufchainlen(m0)
1042 register struct mbuf *m0;
1044 register size_t len = 0;
1046 for (; m0; m0 = m0->m_next)
1052 int ipfr_fastroute(m0, fin, fdp)
1057 register struct ip *ip, *mhip;
1058 register struct mbuf *m = m0;
1059 register struct route *ro;
1060 int len, off, error = 0, hlen;
1061 struct sockaddr_in *dst;
1062 struct route iproute;
1066 hlen = fin->fin_hlen;
1067 ip = mtod(m0, struct ip *);
1072 bzero((caddr_t)ro, sizeof (*ro));
1073 dst = (struct sockaddr_in *)&ro->ro_dst;
1074 dst->sin_family = AF_INET;
1079 * In case we're here due to "to <if>" being used with "keep state",
1080 * check that we're going in the correct direction.
1082 if ((fr != NULL) && (fin->fin_rev != 0)) {
1083 if ((ifp != NULL) && (fdp == &fr->fr_tif))
1085 dst->sin_addr = ip->ip_dst;
1087 dst->sin_addr = fdp->fd_ip.s_addr ? fdp->fd_ip : ip->ip_dst;
1089 dst->sin_len = sizeof(*dst);
1091 # if (BSD >= 199306) && !defined(__NetBSD__) && !defined(__bsdi__) && \
1092 !defined(__OpenBSD__)
1094 rtalloc_ign(ro, RTF_CLONING);
1096 rtalloc_ign(ro, RTF_PRCLONING);
1102 if (!(fin->fin_fr->fr_flags & FR_FASTROUTE)) {
1106 if (ro->ro_rt == 0 || (ifp = ro->ro_rt->rt_ifp) == 0) {
1107 if (in_localaddr(ip->ip_dst))
1108 error = EHOSTUNREACH;
1110 error = ENETUNREACH;
1113 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
1114 dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway;
1117 ro->ro_rt->rt_use++;
1120 * For input packets which are being "fastrouted", they won't
1121 * go back through output filtering and miss their chance to get
1122 * NAT'd and counted.
1125 if (fin->fin_out == 0) {
1127 if ((fin->fin_fr = ipacct[1][fr_active]) &&
1128 (fr_scanlist(FR_NOMATCH, ip, fin, m) & FR_ACCOUNT)) {
1129 ATOMIC_INC(frstats[1].fr_acct);
1132 (void) fr_checkstate(ip, fin);
1133 (void) ip_natout(ip, fin);
1137 * If small enough for interface, can just send directly.
1139 if (ip->ip_len <= ifp->if_mtu) {
1141 ip->ip_id = htons(ip->ip_id);
1142 ip->ip_len = htons(ip->ip_len);
1143 ip->ip_off = htons(ip->ip_off);
1146 ip->ip_sum = in_cksum(m, hlen);
1148 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst,
1151 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst);
1156 * Too large for interface; fragment if possible.
1157 * Must be able to put at least 8 bytes per fragment.
1159 if (ip->ip_off & IP_DF) {
1163 len = (ifp->if_mtu - hlen) &~ 7;
1170 int mhlen, firstlen = len;
1171 struct mbuf **mnext = &m->m_act;
1174 * Loop through length of segment after first fragment,
1175 * make new header and copy data of each part and link onto chain.
1178 mhlen = sizeof (struct ip);
1179 for (off = hlen + len; off < ip->ip_len; off += len) {
1181 MGETHDR(m, M_DONTWAIT, MT_HEADER);
1183 MGET(m, M_DONTWAIT, MT_HEADER);
1190 m->m_data += max_linkhdr;
1192 m->m_off = MMAXOFF - hlen;
1194 mhip = mtod(m, struct ip *);
1195 bcopy((char *)ip, (char *)mhip, sizeof(*ip));
1196 if (hlen > sizeof (struct ip)) {
1197 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
1198 mhip->ip_hl = mhlen >> 2;
1201 mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF);
1202 if (ip->ip_off & IP_MF)
1203 mhip->ip_off |= IP_MF;
1204 if (off + len >= ip->ip_len)
1205 len = ip->ip_len - off;
1207 mhip->ip_off |= IP_MF;
1208 mhip->ip_len = htons((u_short)(len + mhlen));
1209 m->m_next = m_copy(m0, off, len);
1210 if (m->m_next == 0) {
1211 error = ENOBUFS; /* ??? */
1215 m->m_pkthdr.len = mhlen + len;
1216 m->m_pkthdr.rcvif = NULL;
1219 mhip->ip_off = htons((u_short)mhip->ip_off);
1222 mhip->ip_sum = in_cksum(m, mhlen);
1227 * Update first fragment by trimming what's been copied out
1228 * and updating header, then send each fragment (in order).
1230 m_adj(m0, hlen + firstlen - ip->ip_len);
1231 ip->ip_len = htons((u_short)(hlen + firstlen));
1232 ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
1234 ip->ip_sum = in_cksum(m0, hlen);
1236 for (m = m0; m; m = m0) {
1241 error = (*ifp->if_output)(ifp, m,
1242 (struct sockaddr *)dst, ro->ro_rt);
1244 error = (*ifp->if_output)(ifp, m,
1245 (struct sockaddr *)dst);
1261 if (error == EMSGSIZE)
1262 (void) send_icmp_err(ip, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG,
1267 #else /* #ifdef _KERNEL */
1271 static int no_output __P((struct ifnet *ifp, struct mbuf *m,
1272 struct sockaddr *s))
1274 static int no_output __P((struct ifnet *ifp, struct mbuf *m,
1275 struct sockaddr *s, struct rtentry *rt))
1284 static int write_output __P((struct ifnet *ifp, struct mbuf *m,
1285 struct sockaddr *s))
1287 static int write_output __P((struct ifnet *ifp, struct mbuf *m,
1288 struct sockaddr *s, struct rtentry *rt))
1291 ip_t *ip = (ip_t *)m;
1293 static int write_output(ifp, ip)
1301 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
1302 (defined(OpenBSD) && (OpenBSD >= 199603))
1303 sprintf(fname, "/tmp/%s", ifp->if_xname);
1305 sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
1307 fd = open(fname, O_WRONLY|O_APPEND);
1312 write(fd, (char *)ip, ntohs(ip->ip_len));
1318 struct ifnet *get_unit(name)
1321 struct ifnet *ifp, **ifa;
1322 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
1323 (defined(OpenBSD) && (OpenBSD >= 199603))
1324 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
1325 if (!strcmp(name, ifp->if_xname))
1329 char ifname[32], *s;
1331 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
1332 (void) sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit);
1333 if (!strcmp(name, ifname))
1339 ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
1341 ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
1345 ifneta = (struct ifnet **)realloc(ifneta,
1346 (nifs + 1) * sizeof(*ifa));
1347 ifneta[nifs] = NULL;
1348 ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
1350 ifp = ifneta[nifs - 1];
1352 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
1353 (defined(OpenBSD) && (OpenBSD >= 199603))
1354 strncpy(ifp->if_xname, name, sizeof(ifp->if_xname));
1356 for (s = name; *s && !isdigit(*s); s++)
1358 if (*s && isdigit(*s)) {
1359 ifp->if_unit = atoi(s);
1360 ifp->if_name = (char *)malloc(s - name + 1);
1361 strncpy(ifp->if_name, name, s - name);
1362 ifp->if_name[s - name] = '\0';
1364 ifp->if_name = strdup(name);
1368 ifp->if_output = no_output;
1376 struct ifnet *ifp, **ifa;
1380 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
1381 (defined(OpenBSD) && (OpenBSD >= 199603))
1382 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
1383 ifp->if_output = write_output;
1384 sprintf(fname, "/tmp/%s", ifp->if_xname);
1385 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
1393 for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
1394 ifp->if_output = write_output;
1395 sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
1396 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600);
1406 int ipfr_fastroute(ip, fin, fdp)
1411 struct ifnet *ifp = fdp->fd_ifp;
1414 return 0; /* no routing table out here */
1416 ip->ip_len = htons((u_short)ip->ip_len);
1417 ip->ip_off = htons((u_short)(ip->ip_off | IP_MF));
1420 (*ifp->if_output)(ifp, (void *)ip, NULL);
1422 (*ifp->if_output)(ifp, (void *)ip, NULL, 0);
1428 int ipllog __P((void))
1435 int send_reset(ip, ifp)
1439 verbose("- TCP RST sent\n");
1444 int icmp_error(ip, ifp)
1448 verbose("- TCP RST sent\n");
1457 #endif /* _KERNEL */
projects / FreeBSD / FreeBSD.git / blob