Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw2.c
Show First 20 Lines • Show All 174 Lines • ▼ Show 20 Lines | |||||
VNET_DEFINE(struct ip_fw_chain, layer3_chain); | VNET_DEFINE(struct ip_fw_chain, layer3_chain); | ||||
/* ipfw_vnet_ready controls when we are open for business */ | /* ipfw_vnet_ready controls when we are open for business */ | ||||
VNET_DEFINE(int, ipfw_vnet_ready) = 0; | VNET_DEFINE(int, ipfw_vnet_ready) = 0; | ||||
VNET_DEFINE(int, ipfw_nat_ready) = 0; | VNET_DEFINE(int, ipfw_nat_ready) = 0; | ||||
ipfw_nat_t *ipfw_nat_ptr = NULL; | ipfw_nat_t *ipfw_nat_ptr = NULL; | ||||
struct cfg_nat *(*lookup_nat_ptr)(struct nat_list *, int); | struct cfg_nat *(*lookup_nat_ptr)(struct nat_priv *, uint16_t); | ||||
ipfw_nat_cfg_t *ipfw_nat_cfg_ptr; | ipfw_nat_cfg_t *ipfw_nat_cfg_ptr; | ||||
ipfw_nat_cfg_t *ipfw_nat_del_ptr; | ipfw_nat_cfg_t *ipfw_nat_del_ptr; | ||||
ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr; | ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr; | ||||
ipfw_nat_cfg_t *ipfw_nat_get_log_ptr; | ipfw_nat_cfg_t *ipfw_nat_get_log_ptr; | ||||
#ifdef SYSCTL_NODE | #ifdef SYSCTL_NODE | ||||
uint32_t dummy_def = IPFW_DEFAULT_RULE; | uint32_t dummy_def = IPFW_DEFAULT_RULE; | ||||
static int sysctl_ipfw_table_num(SYSCTL_HANDLER_ARGS); | static int sysctl_ipfw_table_num(SYSCTL_HANDLER_ARGS); | ||||
▲ Show 20 Lines • Show All 2,954 Lines • ▼ Show 20 Lines | #endif | ||||
args->rule.info = 0; | args->rule.info = 0; | ||||
set_match(args, f_pos, chain); | set_match(args, f_pos, chain); | ||||
/* Check if this is 'global' nat rule */ | /* Check if this is 'global' nat rule */ | ||||
if (cmd->arg1 == IP_FW_NAT44_GLOBAL) { | if (cmd->arg1 == IP_FW_NAT44_GLOBAL) { | ||||
retval = ipfw_nat_ptr(args, NULL, m); | retval = ipfw_nat_ptr(args, NULL, m); | ||||
break; | break; | ||||
} | } | ||||
t = ((ipfw_insn_nat *)cmd)->nat; | |||||
if (t == NULL) { | |||||
nat_id = TARG(cmd->arg1, nat); | nat_id = TARG(cmd->arg1, nat); | ||||
t = (*lookup_nat_ptr)(&chain->nat, nat_id); | IPFW_UH_RLOCK(chain); | ||||
t = (*lookup_nat_ptr)(chain->nat, nat_id); | |||||
IPFW_UH_RUNLOCK(chain); | |||||
if (t == NULL) { | if (t == NULL) { | ||||
retval = IP_FW_DENY; | retval = IP_FW_DENY; | ||||
break; | break; | ||||
} | } | ||||
if (cmd->arg1 != IP_FW_TARG) | |||||
((ipfw_insn_nat *)cmd)->nat = t; | |||||
} | |||||
retval = ipfw_nat_ptr(args, t, m); | retval = ipfw_nat_ptr(args, t, m); | ||||
break; | break; | ||||
case O_REASS: { | case O_REASS: { | ||||
int ip_off; | int ip_off; | ||||
l = 0; /* in any case exit inner loop */ | l = 0; /* in any case exit inner loop */ | ||||
if (is_ipv6) /* IPv6 is not supported yet */ | if (is_ipv6) /* IPv6 is not supported yet */ | ||||
▲ Show 20 Lines • Show All 238 Lines • ▼ Show 20 Lines | vnet_ipfw_init(const void *unused) | ||||
/* First set up some values that are compile time options */ | /* First set up some values that are compile time options */ | ||||
V_autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ | V_autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ | ||||
V_fw_deny_unknown_exthdrs = 1; | V_fw_deny_unknown_exthdrs = 1; | ||||
#ifdef IPFIREWALL_VERBOSE | #ifdef IPFIREWALL_VERBOSE | ||||
V_fw_verbose = 1; | V_fw_verbose = 1; | ||||
#endif | #endif | ||||
#ifdef IPFIREWALL_VERBOSE_LIMIT | #ifdef IPFIREWALL_VERBOSE_LIMIT | ||||
V_verbose_limit = IPFIREWALL_VERBOSE_LIMIT; | V_verbose_limit = IPFIREWALL_VERBOSE_LIMIT; | ||||
#endif | |||||
#ifdef IPFIREWALL_NAT | |||||
LIST_INIT(&chain->nat); | |||||
#endif | #endif | ||||
donner: Module specific initialization moved into the module. Zeroized memory at initialization is… | |||||
/* Init shared services hash table */ | /* Init shared services hash table */ | ||||
ipfw_init_srv(chain); | ipfw_init_srv(chain); | ||||
ipfw_init_counters(); | ipfw_init_counters(); | ||||
/* Set initial number of tables */ | /* Set initial number of tables */ | ||||
V_fw_tables_max = default_fw_tables; | V_fw_tables_max = default_fw_tables; | ||||
error = ipfw_init_tables(chain, first); | error = ipfw_init_tables(chain, first); | ||||
▲ Show 20 Lines • Show All 169 Lines • Show Last 20 Lines |
Module specific initialization moved into the module. Zeroized memory at initialization is sufficient to avoid erroneous behavior.