2 * Copyright 1999 Guido van Rooij. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 * DISCLAIMED. IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
18 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
20 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
21 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * $Id: mlfk_ipl.c,v 2.1.2.4 2000/08/23 11:02:33 darrenr Exp $
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/kernel.h>
33 #include <sys/module.h>
35 #include <sys/socket.h>
36 #include <sys/sysctl.h>
38 #include <netinet/in_systm.h>
39 #include <netinet/in.h>
40 #include <netinet/ip.h>
43 #include <netinet/ipl.h>
44 #include <netinet/ip_compat.h>
45 #include <netinet/ip_fil.h>
46 #include <netinet/ip_state.h>
47 #include <netinet/ip_nat.h>
48 #include <netinet/ip_auth.h>
49 #include <netinet/ip_frag.h>
51 static dev_t ipf_devs[IPL_LOGMAX + 1];
53 SYSCTL_DECL(_net_inet);
54 SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
55 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
56 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
57 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
58 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
59 &fr_tcpidletimeout, 0, "");
60 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
61 &fr_tcpclosewait, 0, "");
62 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
63 &fr_tcplastack, 0, "");
64 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
65 &fr_tcptimeout, 0, "");
66 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
67 &fr_tcpclosed, 0, "");
68 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
69 &fr_tcphalfclosed, 0, "");
70 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
71 &fr_udptimeout, 0, "");
72 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
73 &fr_icmptimeout, 0, "");
74 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
75 &fr_defnatage, 0, "");
76 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
78 SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
80 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
82 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
84 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
86 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
87 &fr_defaultauthage, 0, "");
88 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
91 static struct cdevsw ipl_cdevsw = {
99 /* strategy */ nostrategy,
101 /* maj */ CDEV_MAJOR,
109 ipfilter_modevent(module_t mod, int type, void *unused)
122 for(i=strlen(IPL_NAME); i>0; i--)
123 if (IPL_NAME[i] == '/') {
129 ipf_devs[IPL_LOGIPF] =
130 make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
133 for(i=strlen(IPL_NAT); i>0; i--)
134 if (IPL_NAT[i] == '/') {
140 ipf_devs[IPL_LOGNAT] =
141 make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
144 for(i=strlen(IPL_STATE); i>0; i--)
145 if (IPL_STATE[i] == '/') {
151 ipf_devs[IPL_LOGSTATE] =
152 make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
155 for(i=strlen(IPL_AUTH); i>0; i--)
156 if (IPL_AUTH[i] == '/') {
162 ipf_devs[IPL_LOGAUTH] =
163 make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
167 destroy_dev(ipf_devs[IPL_LOGIPF]);
168 destroy_dev(ipf_devs[IPL_LOGNAT]);
169 destroy_dev(ipf_devs[IPL_LOGSTATE]);
170 destroy_dev(ipf_devs[IPL_LOGAUTH]);
180 static moduledata_t ipfiltermod = {
185 DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);