Changeset View
Changeset View
Standalone View
Standalone View
sys/netgraph/ng_ipfw.c
Show First 20 Lines • Show All 66 Lines • ▼ Show 20 Lines | |||||
static ng_shutdown_t ng_ipfw_shutdown; | static ng_shutdown_t ng_ipfw_shutdown; | ||||
static ng_newhook_t ng_ipfw_newhook; | static ng_newhook_t ng_ipfw_newhook; | ||||
static ng_connect_t ng_ipfw_connect; | static ng_connect_t ng_ipfw_connect; | ||||
static ng_findhook_t ng_ipfw_findhook; | static ng_findhook_t ng_ipfw_findhook; | ||||
static ng_rcvdata_t ng_ipfw_rcvdata; | static ng_rcvdata_t ng_ipfw_rcvdata; | ||||
static ng_disconnect_t ng_ipfw_disconnect; | static ng_disconnect_t ng_ipfw_disconnect; | ||||
static hook_p ng_ipfw_findhook1(node_p, u_int16_t ); | static hook_p ng_ipfw_findhook1(node_p, u_int16_t ); | ||||
static int ng_ipfw_input(struct mbuf **, int, struct ip_fw_args *, | static int ng_ipfw_input(struct mbuf **, struct ip_fw_args *, bool); | ||||
int); | |||||
/* We have only one node */ | /* We have only one node */ | ||||
static node_p fw_node; | static node_p fw_node; | ||||
/* Netgraph node type descriptor */ | /* Netgraph node type descriptor */ | ||||
static struct ng_type ng_ipfw_typestruct = { | static struct ng_type ng_ipfw_typestruct = { | ||||
.version = NG_ABI_VERSION, | .version = NG_ABI_VERSION, | ||||
.name = NG_IPFW_NODE_TYPE, | .name = NG_IPFW_NODE_TYPE, | ||||
▲ Show 20 Lines • Show All 195 Lines • ▼ Show 20 Lines | #endif | ||||
} | } | ||||
/* unknown IP protocol version */ | /* unknown IP protocol version */ | ||||
NG_FREE_M(m); | NG_FREE_M(m); | ||||
return (EPROTONOSUPPORT); | return (EPROTONOSUPPORT); | ||||
} | } | ||||
static int | static int | ||||
ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee) | ng_ipfw_input(struct mbuf **m0, struct ip_fw_args *fwa, bool tee) | ||||
{ | { | ||||
struct mbuf *m; | struct mbuf *m; | ||||
hook_p hook; | hook_p hook; | ||||
int error = 0; | int error = 0; | ||||
/* | /* | ||||
* Node must be loaded and corresponding hook must be present. | * Node must be loaded and corresponding hook must be present. | ||||
*/ | */ | ||||
if (fw_node == NULL || | if (fw_node == NULL || | ||||
(hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL) | (hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL) | ||||
return (ESRCH); /* no hook associated with this rule */ | return (ESRCH); /* no hook associated with this rule */ | ||||
/* | /* | ||||
* We have two modes: in normal mode we add a tag to packet, which is | * We have two modes: in normal mode we add a tag to packet, which is | ||||
* important to return packet back to IP stack. In tee mode we make | * important to return packet back to IP stack. In tee mode we make | ||||
* a copy of a packet and forward it into netgraph without a tag. | * a copy of a packet and forward it into netgraph without a tag. | ||||
*/ | */ | ||||
if (tee == 0) { | if (tee == false) { | ||||
struct m_tag *tag; | struct m_tag *tag; | ||||
struct ipfw_rule_ref *r; | struct ipfw_rule_ref *r; | ||||
m = *m0; | m = *m0; | ||||
*m0 = NULL; /* it belongs now to netgraph */ | *m0 = NULL; /* it belongs now to netgraph */ | ||||
tag = m_tag_alloc(MTAG_IPFW_RULE, 0, sizeof(*r), | tag = m_tag_alloc(MTAG_IPFW_RULE, 0, sizeof(*r), | ||||
M_NOWAIT|M_ZERO); | M_NOWAIT|M_ZERO); | ||||
if (tag == NULL) { | if (tag == NULL) { | ||||
m_freem(m); | m_freem(m); | ||||
return (ENOMEM); | return (ENOMEM); | ||||
} | } | ||||
r = (struct ipfw_rule_ref *)(tag + 1); | r = (struct ipfw_rule_ref *)(tag + 1); | ||||
*r = fwa->rule; | *r = fwa->rule; | ||||
r->info &= IPFW_ONEPASS; /* keep this info */ | r->info &= IPFW_ONEPASS; /* keep this info */ | ||||
r->info |= dir ? IPFW_INFO_IN : IPFW_INFO_OUT; | r->info |= (fwa->flags & IPFW_ARGS_IN) ? | ||||
IPFW_INFO_IN : IPFW_INFO_OUT; | |||||
m_tag_prepend(m, tag); | m_tag_prepend(m, tag); | ||||
} else | } else | ||||
if ((m = m_dup(*m0, M_NOWAIT)) == NULL) | if ((m = m_dup(*m0, M_NOWAIT)) == NULL) | ||||
return (ENOMEM); /* which is ignored */ | return (ENOMEM); /* which is ignored */ | ||||
if (m->m_len < sizeof(struct ip) && | if (m->m_len < sizeof(struct ip) && | ||||
(m = m_pullup(m, sizeof(struct ip))) == NULL) | (m = m_pullup(m, sizeof(struct ip))) == NULL) | ||||
Show All 31 Lines |