Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw2.c
| Show First 20 Lines • Show All 3,089 Lines • ▼ Show 20 Lines | #endif | ||||
| case O_NAT: | case O_NAT: | ||||
| l = 0; /* exit inner loop */ | l = 0; /* exit inner loop */ | ||||
| done = 1; /* exit outer loop */ | done = 1; /* exit outer loop */ | ||||
| /* | /* | ||||
| * Ensure that we do not invoke NAT handler for | * Ensure that we do not invoke NAT handler for | ||||
| * non IPv4 packets. Libalias expects only IPv4. | * non IPv4 packets. Libalias expects only IPv4. | ||||
| */ | */ | ||||
| if (!is_ipv4 || !IPFW_NAT_LOADED) { | if (!is_ipv4 || chain->nat == NULL) { | ||||
| retval = IP_FW_DENY; | retval = IP_FW_DENY; | ||||
| break; | break; | ||||
| } | } | ||||
| struct cfg_nat *t; | struct cfg_nat *t; | ||||
| int nat_id; | int nat_id; | ||||
| args->rule.info = 0; | args->rule.info = 0; | ||||
| set_match(args, f_pos, chain); | set_match(args, f_pos, chain); | ||||
| /* Check if this is 'global' nat rule */ | /* Check if this is 'global' nat rule */ | ||||
| if (cmd->arg1 == IP_FW_NAT44_GLOBAL) { | if (cmd->arg1 == IP_FW_NAT44_GLOBAL) { | ||||
| retval = ipfw_nat_ptr(args, NULL, m); | retval = ipfw_nat_ptr(args, NULL, m); | ||||
| break; | break; | ||||
| } | } | ||||
| t = ((ipfw_insn_nat *)cmd)->nat; | |||||
| if (t == NULL) { | |||||
| nat_id = TARG(cmd->arg1, nat); | nat_id = TARG(cmd->arg1, nat); | ||||
| t = (*lookup_nat_ptr)(&chain->nat, nat_id); | t = (*lookup_nat_ptr)(chain->nat, nat_id); | ||||
| if (t == NULL) { | if (t == NULL) { | ||||
| retval = IP_FW_DENY; | retval = IP_FW_DENY; | ||||
| break; | break; | ||||
| } | } | ||||
| if (cmd->arg1 != IP_FW_TARG) | |||||
| ((ipfw_insn_nat *)cmd)->nat = t; | |||||
| } | |||||
| retval = ipfw_nat_ptr(args, t, m); | retval = ipfw_nat_ptr(args, t, m); | ||||
| break; | break; | ||||
| case O_REASS: { | case O_REASS: { | ||||
| int ip_off; | int ip_off; | ||||
| l = 0; /* in any case exit inner loop */ | l = 0; /* in any case exit inner loop */ | ||||
| if (is_ipv6) /* IPv6 is not supported yet */ | if (is_ipv6) /* IPv6 is not supported yet */ | ||||
| ▲ Show 20 Lines • Show All 231 Lines • ▼ Show 20 Lines | vnet_ipfw_init(const void *unused) | ||||
| /* First set up some values that are compile time options */ | /* First set up some values that are compile time options */ | ||||
| V_autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ | V_autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ | ||||
| V_fw_deny_unknown_exthdrs = 1; | V_fw_deny_unknown_exthdrs = 1; | ||||
| #ifdef IPFIREWALL_VERBOSE | #ifdef IPFIREWALL_VERBOSE | ||||
| V_fw_verbose = 1; | V_fw_verbose = 1; | ||||
| #endif | #endif | ||||
| #ifdef IPFIREWALL_VERBOSE_LIMIT | #ifdef IPFIREWALL_VERBOSE_LIMIT | ||||
| V_verbose_limit = IPFIREWALL_VERBOSE_LIMIT; | V_verbose_limit = IPFIREWALL_VERBOSE_LIMIT; | ||||
| #endif | |||||
| #ifdef IPFIREWALL_NAT | |||||
| LIST_INIT(&chain->nat); | |||||
| #endif | #endif | ||||
donner: Module specific initialization moved into the module. Zeroized memory at initialization is… | |||||
| /* Init shared services hash table */ | /* Init shared services hash table */ | ||||
| ipfw_init_srv(chain); | ipfw_init_srv(chain); | ||||
| ipfw_init_counters(); | ipfw_init_counters(); | ||||
| /* Set initial number of tables */ | /* Set initial number of tables */ | ||||
| V_fw_tables_max = default_fw_tables; | V_fw_tables_max = default_fw_tables; | ||||
| error = ipfw_init_tables(chain, first); | error = ipfw_init_tables(chain, first); | ||||
| ▲ Show 20 Lines • Show All 169 Lines • Show Last 20 Lines | |||||
Module specific initialization moved into the module. Zeroized memory at initialization is sufficient to avoid erroneous behavior.