Differential D37977 Diff 114830 sys/netpfil/pf/pf_ioctl.c

Changeset View

Standalone View

sys/netpfil/pf/pf_ioctl.c

	Show First 20 Lines • Show All 6,524 Lines • ▼ Show 20 Lines
	VNET_DEFINE_STATIC(pfil_hook_t, pf_ip6_out_hook);			VNET_DEFINE_STATIC(pfil_hook_t, pf_ip6_out_hook);
	#define V_pf_ip6_in_hook VNET(pf_ip6_in_hook)			#define V_pf_ip6_in_hook VNET(pf_ip6_in_hook)
	#define V_pf_ip6_out_hook VNET(pf_ip6_out_hook)			#define V_pf_ip6_out_hook VNET(pf_ip6_out_hook)
	#endif			#endif

	static void			static void
	hook_pf_eth(void)			hook_pf_eth(void)
	{			{
	struct pfil_hook_args pha;			struct pfil_hook_args pha = {
	struct pfil_link_args pla;			.pa_version = PFIL_VERSION,
				.pa_modname = "pf",
				.pa_type = PFIL_TYPE_ETHERNET,
				};
				struct pfil_link_args pla = {
				.pa_version = PFIL_VERSION,
				};
	int ret __diagused;			int ret __diagused;

	if (atomic_load_bool(&V_pf_pfil_eth_hooked))			if (atomic_load_bool(&V_pf_pfil_eth_hooked))
	return;			return;

	pha.pa_version = PFIL_VERSION;			pha.pa_mbuf_chk = pf_eth_check_in;
	pha.pa_modname = "pf";
	pha.pa_ruleset = NULL;

	pla.pa_version = PFIL_VERSION;

	pha.pa_type = PFIL_TYPE_ETHERNET;
	pha.pa_func = pf_eth_check_in;
	pha.pa_flags = PFIL_IN;			pha.pa_flags = PFIL_IN;
	pha.pa_rulname = "eth-in";			pha.pa_rulname = "eth-in";
	V_pf_eth_in_hook = pfil_add_hook(&pha);			V_pf_eth_in_hook = pfil_add_hook(&pha);
	pla.pa_flags = PFIL_IN \| PFIL_HEADPTR \| PFIL_HOOKPTR;			pla.pa_flags = PFIL_IN \| PFIL_HEADPTR \| PFIL_HOOKPTR;
	pla.pa_head = V_link_pfil_head;			pla.pa_head = V_link_pfil_head;
	pla.pa_hook = V_pf_eth_in_hook;			pla.pa_hook = V_pf_eth_in_hook;
	ret = pfil_link(&pla);			ret = pfil_link(&pla);
	MPASS(ret == 0);			MPASS(ret == 0);
	pha.pa_func = pf_eth_check_out;			pha.pa_mbuf_chk = pf_eth_check_out;
	pha.pa_flags = PFIL_OUT;			pha.pa_flags = PFIL_OUT;
	pha.pa_rulname = "eth-out";			pha.pa_rulname = "eth-out";
	V_pf_eth_out_hook = pfil_add_hook(&pha);			V_pf_eth_out_hook = pfil_add_hook(&pha);
	pla.pa_flags = PFIL_OUT \| PFIL_HEADPTR \| PFIL_HOOKPTR;			pla.pa_flags = PFIL_OUT \| PFIL_HEADPTR \| PFIL_HOOKPTR;
	pla.pa_head = V_link_pfil_head;			pla.pa_head = V_link_pfil_head;
	pla.pa_hook = V_pf_eth_out_hook;			pla.pa_hook = V_pf_eth_out_hook;
	ret = pfil_link(&pla);			ret = pfil_link(&pla);
	MPASS(ret == 0);			MPASS(ret == 0);

	atomic_store_bool(&V_pf_pfil_eth_hooked, true);			atomic_store_bool(&V_pf_pfil_eth_hooked, true);
	}			}

	static void			static void
	hook_pf(void)			hook_pf(void)
	{			{
	struct pfil_hook_args pha;			struct pfil_hook_args pha = {
	struct pfil_link_args pla;			.pa_version = PFIL_VERSION,
				.pa_modname = "pf",
				};
				struct pfil_link_args pla = {
				.pa_version = PFIL_VERSION,
				};
	int ret __diagused;			int ret __diagused;

	if (atomic_load_bool(&V_pf_pfil_hooked))			if (atomic_load_bool(&V_pf_pfil_hooked))
	return;			return;

	pha.pa_version = PFIL_VERSION;
	pha.pa_modname = "pf";
	pha.pa_ruleset = NULL;

	pla.pa_version = PFIL_VERSION;

	#ifdef INET			#ifdef INET
	pha.pa_type = PFIL_TYPE_IP4;			pha.pa_type = PFIL_TYPE_IP4;
	pha.pa_func = pf_check_in;			pha.pa_mbuf_chk = pf_check_in;
	pha.pa_flags = PFIL_IN;			pha.pa_flags = PFIL_IN;
	pha.pa_rulname = "default-in";			pha.pa_rulname = "default-in";
	V_pf_ip4_in_hook = pfil_add_hook(&pha);			V_pf_ip4_in_hook = pfil_add_hook(&pha);
	pla.pa_flags = PFIL_IN \| PFIL_HEADPTR \| PFIL_HOOKPTR;			pla.pa_flags = PFIL_IN \| PFIL_HEADPTR \| PFIL_HOOKPTR;
	pla.pa_head = V_inet_pfil_head;			pla.pa_head = V_inet_pfil_head;
	pla.pa_hook = V_pf_ip4_in_hook;			pla.pa_hook = V_pf_ip4_in_hook;
	ret = pfil_link(&pla);			ret = pfil_link(&pla);
	MPASS(ret == 0);			MPASS(ret == 0);
	pha.pa_func = pf_check_out;			pha.pa_mbuf_chk = pf_check_out;
	pha.pa_flags = PFIL_OUT;			pha.pa_flags = PFIL_OUT;
	pha.pa_rulname = "default-out";			pha.pa_rulname = "default-out";
	V_pf_ip4_out_hook = pfil_add_hook(&pha);			V_pf_ip4_out_hook = pfil_add_hook(&pha);
	pla.pa_flags = PFIL_OUT \| PFIL_HEADPTR \| PFIL_HOOKPTR;			pla.pa_flags = PFIL_OUT \| PFIL_HEADPTR \| PFIL_HOOKPTR;
	pla.pa_head = V_inet_pfil_head;			pla.pa_head = V_inet_pfil_head;
	pla.pa_hook = V_pf_ip4_out_hook;			pla.pa_hook = V_pf_ip4_out_hook;
	ret = pfil_link(&pla);			ret = pfil_link(&pla);
	MPASS(ret == 0);			MPASS(ret == 0);
	#endif			#endif
	#ifdef INET6			#ifdef INET6
	pha.pa_type = PFIL_TYPE_IP6;			pha.pa_type = PFIL_TYPE_IP6;
	pha.pa_func = pf_check6_in;			pha.pa_mbuf_chk = pf_check6_in;
	pha.pa_flags = PFIL_IN;			pha.pa_flags = PFIL_IN;
	pha.pa_rulname = "default-in6";			pha.pa_rulname = "default-in6";
	V_pf_ip6_in_hook = pfil_add_hook(&pha);			V_pf_ip6_in_hook = pfil_add_hook(&pha);
	pla.pa_flags = PFIL_IN \| PFIL_HEADPTR \| PFIL_HOOKPTR;			pla.pa_flags = PFIL_IN \| PFIL_HEADPTR \| PFIL_HOOKPTR;
	pla.pa_head = V_inet6_pfil_head;			pla.pa_head = V_inet6_pfil_head;
	pla.pa_hook = V_pf_ip6_in_hook;			pla.pa_hook = V_pf_ip6_in_hook;
	ret = pfil_link(&pla);			ret = pfil_link(&pla);
	MPASS(ret == 0);			MPASS(ret == 0);
	pha.pa_func = pf_check6_out;			pha.pa_mbuf_chk = pf_check6_out;
	pha.pa_rulname = "default-out6";			pha.pa_rulname = "default-out6";
	pha.pa_flags = PFIL_OUT;			pha.pa_flags = PFIL_OUT;
	V_pf_ip6_out_hook = pfil_add_hook(&pha);			V_pf_ip6_out_hook = pfil_add_hook(&pha);
	pla.pa_flags = PFIL_OUT \| PFIL_HEADPTR \| PFIL_HOOKPTR;			pla.pa_flags = PFIL_OUT \| PFIL_HEADPTR \| PFIL_HOOKPTR;
	pla.pa_head = V_inet6_pfil_head;			pla.pa_head = V_inet6_pfil_head;
	pla.pa_hook = V_pf_ip6_out_hook;			pla.pa_hook = V_pf_ip6_out_hook;
	ret = pfil_link(&pla);			ret = pfil_link(&pla);
	MPASS(ret == 0);			MPASS(ret == 0);
	▲ Show 20 Lines • Show All 238 Lines • Show Last 20 Lines