4 * Copyright (C) 1993-2000 by Darren Reed.
6 * Redistribution and use in source and binary forms are permitted
7 * provided that this notice is preserved and due credit is given
8 * to the original author and the contributors.
11 #include <sys/types.h>
13 #include <sys/socket.h>
14 #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__sgi)
15 # include <sys/systm.h>
17 #include <sys/errno.h>
18 #include <sys/param.h>
19 #if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux)
20 # include <sys/mbuf.h>
22 #if defined(__FreeBSD__) && (__FreeBSD_version > 220000)
23 # include <sys/sockio.h>
25 # include <sys/ioctl.h>
28 #include <netinet/in.h>
29 #include <netinet/in_systm.h>
30 #include <netinet/ip.h>
31 #include <netinet/tcp.h>
32 #include "netinet/ip_compat.h"
33 #include "netinet/ip_fil.h"
35 #include "netinet/ip_rules.h"
41 #ifdef IPFILTER_COMPILED
43 static u_long in_rule__0[] = {
44 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x80000000, 0x8002, 0, 0, 0, 0xffff, 0, 0, 0x4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
47 static u_long out_rule__0[] = {
48 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xffffffff, 0, 0, 0, 0, 0, 0, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x80000000, 0x4002, 0, 0, 0, 0xffff, 0, 0, 0x4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
51 frentry_t *ipf_rules_in_[1] = {
52 (frentry_t *)&in_rule__0
55 frentry_t *ipfrule_match_in_(fin, passp)
61 fr = (frentry_t *)&in_rule__0;
65 frentry_t *ipf_rules_out_[1] = {
66 (frentry_t *)&out_rule__0
69 frentry_t *ipfrule_match_out_(fin, passp)
75 fr = (frentry_t *)&out_rule__0;
78 static frentry_t ipfrule_out_;
80 int ipfrule_add_out_()
82 int i, j, err = 0, max;
85 max = sizeof(ipf_rules_out_)/sizeof(frentry_t *);
86 for (i = 0; i < max; i++) {
87 fp = ipf_rules_out_[i];
89 for (j = i + 1; j < max; j++)
90 if (strncmp(fp->fr_group,
91 ipf_rules_out_[j]->fr_group,
93 fp->fr_next = ipf_rules_out_[j];
99 bzero((char *)fp, sizeof(*fp));
100 fp->fr_type = FR_T_CALLFUNC|FR_T_BUILTIN;
101 fp->fr_flags = FR_OUTQUE|FR_NOMATCH;
102 fp->fr_data = (void *)ipf_rules_out_[0];
103 fp->fr_dsize = sizeof(ipf_rules_out_[0]);
105 fp->fr_func = (ipfunc_t)ipfrule_match_out_;
106 err = frrequest(IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, fr_active, 0);
111 int ipfrule_remove_out_()
117 * Try to remove the outbound rule.
119 if (ipfrule_out_.fr_ref > 0) {
122 i = sizeof(ipf_rules_out_)/sizeof(frentry_t *) - 1;
123 for (; i >= 0; i--) {
124 fp = ipf_rules_out_[i];
125 if (fp->fr_ref > 1) {
132 err = frrequest(IPL_LOGIPF, SIOCDELFR,
133 (caddr_t)&ipfrule_out_, fr_active, 0);
140 static frentry_t ipfrule_in_;
142 int ipfrule_add_in_()
144 int i, j, err = 0, max;
147 max = sizeof(ipf_rules_in_)/sizeof(frentry_t *);
148 for (i = 0; i < max; i++) {
149 fp = ipf_rules_in_[i];
151 for (j = i + 1; j < max; j++)
152 if (strncmp(fp->fr_group,
153 ipf_rules_in_[j]->fr_group,
155 fp->fr_next = ipf_rules_in_[j];
161 bzero((char *)fp, sizeof(*fp));
162 fp->fr_type = FR_T_CALLFUNC|FR_T_BUILTIN;
163 fp->fr_flags = FR_INQUE|FR_NOMATCH;
164 fp->fr_data = (void *)ipf_rules_in_[0];
165 fp->fr_dsize = sizeof(ipf_rules_in_[0]);
167 fp->fr_func = (ipfunc_t)ipfrule_match_in_;
168 err = frrequest(IPL_LOGIPF, SIOCADDFR, (caddr_t)fp, fr_active, 0);
173 int ipfrule_remove_in_()
179 * Try to remove the inbound rule.
181 if (ipfrule_in_.fr_ref > 0) {
184 i = sizeof(ipf_rules_in_)/sizeof(frentry_t *) - 1;
185 for (; i >= 0; i--) {
186 fp = ipf_rules_in_[i];
187 if (fp->fr_ref > 1) {
194 err = frrequest(IPL_LOGIPF, SIOCDELFR,
195 (caddr_t)&ipfrule_in_, fr_active, 0);
207 err = ipfrule_add_out_();
210 err = ipfrule_add_in_();
221 err = ipfrule_remove_out_();
224 err = ipfrule_remove_in_();
229 #endif /* IPFILTER_COMPILED */