contrib/ipfilter/mlfk_ipl.c

   1 /*
   2  * Copyright 1999 Guido van Rooij.  All rights reserved.
   3  *
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions are
   7  * met:
   8  *  1. Redistributions of source code must retain the above copyright
   9  *     notice, this list of conditions and the following disclaimer.
  10  *  2. Redistributions in binary form must reproduce the above copyright notice,
  11  *     this list of conditions and the following disclaimer in the documentation
  12  *     and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
  15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  17  * DISCLAIMED.  IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
  18  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  20  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  21  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  * $Id: mlfk_ipl.c,v 2.1.2.6 2000/11/18 03:58:29 darrenr Exp $
  27  */
  28
  29
  30 #include <sys/param.h>
  31 #include <sys/systm.h>
  32 #include <sys/kernel.h>
  33 #include <sys/module.h>
  34 #include <sys/conf.h>
  35 #include <sys/socket.h>
  36 #include <sys/sysctl.h>
  37 #include <net/if.h>
  38 #include <netinet/in_systm.h>
  39 #include <netinet/in.h>
  40 #include <netinet/ip.h>
  41 #if (__FreeBSD_version >= 199511)
  42 # include <net/route.h>
  43 # include <netinet/ip_var.h>
  44 # include <netinet/tcp.h>
  45 # include <netinet/tcpip.h>
  46 #endif
  47
  48
  49 #include <netinet/ipl.h>
  50 #include <netinet/ip_compat.h>
  51 #include <netinet/ip_fil.h>
  52 #include <netinet/ip_state.h>
  53 #include <netinet/ip_nat.h>
  54 #include <netinet/ip_auth.h>
  55 #include <netinet/ip_frag.h>
  56 #include <netinet/ip_proxy.h>
  57
  58 static dev_t ipf_devs[IPL_LOGMAX + 1];
  59
  60 SYSCTL_DECL(_net_inet);
  61 SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
  62 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
  63 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
  64 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
  65 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
  66            &fr_tcpidletimeout, 0, "");
  67 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
  68            &fr_tcpclosewait, 0, "");
  69 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
  70            &fr_tcplastack, 0, "");
  71 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
  72            &fr_tcptimeout, 0, "");
  73 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
  74            &fr_tcpclosed, 0, "");
  75 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
  76            &fr_tcphalfclosed, 0, "");
  77 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
  78            &fr_udptimeout, 0, "");
  79 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
  80            &fr_icmptimeout, 0, "");
  81 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
  82            &fr_defnatage, 0, "");
  83 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
  84            &fr_ipfrttl, 0, "");
  85 SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
  86            &ipl_unreach, 0, "");
  87 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
  88            &fr_running, 0, "");
  89 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
  90            &fr_authsize, 0, "");
  91 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
  92            &fr_authused, 0, "");
  93 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
  94            &fr_defaultauthage, 0, "");
  95 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
  96 SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
  97            &ippr_ftp_pasvonly, 0, "");
  98 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
  99 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
 100            &fr_minttllog, 0, "");
 101
 102 #define CDEV_MAJOR 79
 103 static struct cdevsw ipl_cdevsw = {
 104         /* open */      iplopen,
 105         /* close */     iplclose,
 106         /* read */      iplread,
 107         /* write */     nowrite,
 108         /* ioctl */     iplioctl,
 109         /* poll */      nopoll,
 110         /* mmap */      nommap,
 111         /* strategy */  nostrategy,
 112         /* name */      "ipl",
 113         /* maj */       CDEV_MAJOR,
 114         /* dump */      nodump,
 115         /* psize */     nopsize,
 116         /* flags */     0,
 117         /* bmaj */      -1
 118 };
 119
 120 static int
 121 ipfilter_modevent(module_t mod, int type, void *unused)
 122 {
 123         char    *c;
 124         int     i, error = 0;
 125
 126         switch (type) {
 127         case MOD_LOAD :
 128
 129                 error = iplattach();
 130                 if (error)
 131                         break;
 132
 133                 c = NULL;
 134                 for(i=strlen(IPL_NAME); i>0; i--)
 135                         if (IPL_NAME[i] == '/') {
 136                                 c = &IPL_NAME[i+1];
 137                                 break;
 138                         }
 139                 if (!c)
 140                         c = IPL_NAME;
 141                 ipf_devs[IPL_LOGIPF] =
 142                     make_dev(&ipl_cdevsw, IPL_LOGIPF, 0, 0, 0600, c);
 143
 144                 c = NULL;
 145                 for(i=strlen(IPL_NAT); i>0; i--)
 146                         if (IPL_NAT[i] == '/') {
 147                                 c = &IPL_NAT[i+1];
 148                                 break;
 149                         }
 150                 if (!c)
 151                         c = IPL_NAT;
 152                 ipf_devs[IPL_LOGNAT] =
 153                     make_dev(&ipl_cdevsw, IPL_LOGNAT, 0, 0, 0600, c);
 154
 155                 c = NULL;
 156                 for(i=strlen(IPL_STATE); i>0; i--)
 157                         if (IPL_STATE[i] == '/') {
 158                                 c = &IPL_STATE[i+1];
 159                                 break;
 160                         }
 161                 if (!c)
 162                         c = IPL_STATE;
 163                 ipf_devs[IPL_LOGSTATE] =
 164                     make_dev(&ipl_cdevsw, IPL_LOGSTATE, 0, 0, 0600, c);
 165
 166                 c = NULL;
 167                 for(i=strlen(IPL_AUTH); i>0; i--)
 168                         if (IPL_AUTH[i] == '/') {
 169                                 c = &IPL_AUTH[i+1];
 170                                 break;
 171                         }
 172                 if (!c)
 173                         c = IPL_AUTH;
 174                 ipf_devs[IPL_LOGAUTH] =
 175                     make_dev(&ipl_cdevsw, IPL_LOGAUTH, 0, 0, 0600, c);
 176
 177                 break;
 178         case MOD_UNLOAD :
 179                 destroy_dev(ipf_devs[IPL_LOGIPF]);
 180                 destroy_dev(ipf_devs[IPL_LOGNAT]);
 181                 destroy_dev(ipf_devs[IPL_LOGSTATE]);
 182                 destroy_dev(ipf_devs[IPL_LOGAUTH]);
 183                 error = ipldetach();
 184                 break;
 185         default:
 186                 error = EINVAL;
 187                 break;
 188         }
 189         return error;
 190 }
 191
 192 static moduledata_t ipfiltermod = {
 193         IPL_VERSION,
 194         ipfilter_modevent,
 195         0
 196 };
 197 DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);