Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw2.c
Show First 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | |||||
#include <sys/kernel.h> | #include <sys/kernel.h> | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/jail.h> | #include <sys/jail.h> | ||||
#include <sys/module.h> | #include <sys/module.h> | ||||
#include <sys/priv.h> | #include <sys/priv.h> | ||||
#include <sys/proc.h> | #include <sys/proc.h> | ||||
#include <sys/rwlock.h> | #include <sys/rwlock.h> | ||||
#include <sys/rmlock.h> | #include <sys/rmlock.h> | ||||
#include <sys/sdt.h> | |||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/socketvar.h> | #include <sys/socketvar.h> | ||||
#include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
#include <sys/syslog.h> | #include <sys/syslog.h> | ||||
#include <sys/ucred.h> | #include <sys/ucred.h> | ||||
#include <net/ethernet.h> /* for ETHERTYPE_IP */ | #include <net/ethernet.h> /* for ETHERTYPE_IP */ | ||||
#include <net/if.h> | #include <net/if.h> | ||||
#include <net/if_var.h> | #include <net/if_var.h> | ||||
Show All 35 Lines | |||||
#include <netpfil/ipfw/ip_fw_private.h> | #include <netpfil/ipfw/ip_fw_private.h> | ||||
#include <machine/in_cksum.h> /* XXX for in_cksum */ | #include <machine/in_cksum.h> /* XXX for in_cksum */ | ||||
#ifdef MAC | #ifdef MAC | ||||
#include <security/mac/mac_framework.h> | #include <security/mac/mac_framework.h> | ||||
#endif | #endif | ||||
#define IPFW_PROBE(probe, arg0, arg1, arg2, arg3, arg4, arg5) \ | |||||
SDT_PROBE6(ipfw, , , probe, arg0, arg1, arg2, arg3, arg4, arg5) | |||||
SDT_PROVIDER_DEFINE(ipfw); | |||||
SDT_PROBE_DEFINE6(ipfw, , , rule__matched, | |||||
"int", /* retval */ | |||||
"int", /* af */ | |||||
"void *", /* src addr */ | |||||
"void *", /* dst addr */ | |||||
"struct ip_fw_args *", /* args */ | |||||
"struct ip_fw *" /* rule */); | |||||
/* | /* | ||||
* static variables followed by global ones. | * static variables followed by global ones. | ||||
* All ipfw global variables are here. | * All ipfw global variables are here. | ||||
*/ | */ | ||||
VNET_DEFINE_STATIC(int, fw_deny_unknown_exthdrs); | VNET_DEFINE_STATIC(int, fw_deny_unknown_exthdrs); | ||||
#define V_fw_deny_unknown_exthdrs VNET(fw_deny_unknown_exthdrs) | #define V_fw_deny_unknown_exthdrs VNET(fw_deny_unknown_exthdrs) | ||||
▲ Show 20 Lines • Show All 3,115 Lines • ▼ Show 20 Lines | |||||
/* next_rule:; */ /* try next rule */ | /* next_rule:; */ /* try next rule */ | ||||
} /* end of outer for, scan rules */ | } /* end of outer for, scan rules */ | ||||
if (done) { | if (done) { | ||||
struct ip_fw *rule = chain->map[f_pos]; | struct ip_fw *rule = chain->map[f_pos]; | ||||
/* Update statistics */ | /* Update statistics */ | ||||
IPFW_INC_RULE_COUNTER(rule, pktlen); | IPFW_INC_RULE_COUNTER(rule, pktlen); | ||||
IPFW_PROBE(rule__matched, retval, | |||||
is_ipv4 ? AF_INET : AF_INET6, | |||||
is_ipv4 ? (uintptr_t)&src_ip : | |||||
(uintptr_t)&args->f_id.src_ip6, | |||||
is_ipv4 ? (uintptr_t)&dst_ip : | |||||
(uintptr_t)&args->f_id.dst_ip6, | |||||
args, rule); | |||||
} else { | } else { | ||||
retval = IP_FW_DENY; | retval = IP_FW_DENY; | ||||
printf("ipfw: ouch!, skip past end of rules, denying packet\n"); | printf("ipfw: ouch!, skip past end of rules, denying packet\n"); | ||||
} | } | ||||
IPFW_PF_RUNLOCK(chain); | IPFW_PF_RUNLOCK(chain); | ||||
#ifdef __FreeBSD__ | #ifdef __FreeBSD__ | ||||
if (ucred_cache != NULL) | if (ucred_cache != NULL) | ||||
crfree(ucred_cache); | crfree(ucred_cache); | ||||
▲ Show 20 Lines • Show All 325 Lines • Show Last 20 Lines |