17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * Copyright (C) 1993-2001, 2003 by Darren Reed. 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 57c478bd9Sstevel@tonic-gate * 6*d6c23f6fSyx * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 77c478bd9Sstevel@tonic-gate * Use is subject to license terms. 87c478bd9Sstevel@tonic-gate */ 97c478bd9Sstevel@tonic-gate 107c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 117c478bd9Sstevel@tonic-gate 127c478bd9Sstevel@tonic-gate #if !defined(lint) 13ab25eeb5Syz static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; 14ab25eeb5Syz static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.133.2.9 2005/01/08 14:22:18 darrenr Exp $"; 157c478bd9Sstevel@tonic-gate #endif 167c478bd9Sstevel@tonic-gate 177c478bd9Sstevel@tonic-gate #ifndef SOLARIS 187c478bd9Sstevel@tonic-gate #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 197c478bd9Sstevel@tonic-gate #endif 207c478bd9Sstevel@tonic-gate 217c478bd9Sstevel@tonic-gate #include <sys/param.h> 227c478bd9Sstevel@tonic-gate #if defined(__FreeBSD__) && !defined(__FreeBSD_version) 237c478bd9Sstevel@tonic-gate # if defined(IPFILTER_LKM) 247c478bd9Sstevel@tonic-gate # ifndef __FreeBSD_cc_version 257c478bd9Sstevel@tonic-gate # include <osreldate.h> 267c478bd9Sstevel@tonic-gate # else 277c478bd9Sstevel@tonic-gate # if __FreeBSD_cc_version < 430000 287c478bd9Sstevel@tonic-gate # include <osreldate.h> 297c478bd9Sstevel@tonic-gate # endif 307c478bd9Sstevel@tonic-gate # endif 317c478bd9Sstevel@tonic-gate # endif 327c478bd9Sstevel@tonic-gate #endif 337c478bd9Sstevel@tonic-gate #include <sys/errno.h> 34ab25eeb5Syz #if defined(__hpux) && (HPUXREV >= 1111) && !defined(_KERNEL) 35ab25eeb5Syz # include <sys/kern_svcs.h> 36ab25eeb5Syz #endif 377c478bd9Sstevel@tonic-gate #include <sys/types.h> 38ab25eeb5Syz #define _KERNEL 39ab25eeb5Syz #define KERNEL 40ab25eeb5Syz #ifdef __OpenBSD__ 417c478bd9Sstevel@tonic-gate struct file; 427c478bd9Sstevel@tonic-gate #endif 43ab25eeb5Syz #include <sys/uio.h> 44ab25eeb5Syz #undef _KERNEL 45ab25eeb5Syz #undef KERNEL 467c478bd9Sstevel@tonic-gate #include <sys/file.h> 477c478bd9Sstevel@tonic-gate #include <sys/ioctl.h> 487c478bd9Sstevel@tonic-gate #ifdef __sgi 497c478bd9Sstevel@tonic-gate # include <sys/ptimers.h> 507c478bd9Sstevel@tonic-gate #endif 517c478bd9Sstevel@tonic-gate #include <sys/time.h> 527c478bd9Sstevel@tonic-gate #if !SOLARIS 537c478bd9Sstevel@tonic-gate # if (NetBSD > 199609) || (OpenBSD > 199603) || (__FreeBSD_version >= 300000) 547c478bd9Sstevel@tonic-gate # include <sys/dirent.h> 557c478bd9Sstevel@tonic-gate # else 567c478bd9Sstevel@tonic-gate # include <sys/dir.h> 577c478bd9Sstevel@tonic-gate # endif 587c478bd9Sstevel@tonic-gate #else 597c478bd9Sstevel@tonic-gate # include <sys/filio.h> 607c478bd9Sstevel@tonic-gate #endif 61ab25eeb5Syz #ifndef linux 62ab25eeb5Syz # include <sys/protosw.h> 63ab25eeb5Syz #endif 647c478bd9Sstevel@tonic-gate #include <sys/socket.h> 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate #include <stdio.h> 677c478bd9Sstevel@tonic-gate #include <string.h> 687c478bd9Sstevel@tonic-gate #include <stdlib.h> 697c478bd9Sstevel@tonic-gate #include <ctype.h> 707c478bd9Sstevel@tonic-gate #include <fcntl.h> 71f4b3ec61Sdh #include <sys/zone.h> 72ab25eeb5Syz #include <arpa/inet.h> 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate #ifdef __hpux 757c478bd9Sstevel@tonic-gate # define _NET_ROUTE_INCLUDED 767c478bd9Sstevel@tonic-gate #endif 777c478bd9Sstevel@tonic-gate #include <net/if.h> 787c478bd9Sstevel@tonic-gate #ifdef sun 797c478bd9Sstevel@tonic-gate # include <net/af.h> 807c478bd9Sstevel@tonic-gate #endif 817c478bd9Sstevel@tonic-gate #if __FreeBSD_version >= 300000 827c478bd9Sstevel@tonic-gate # include <net/if_var.h> 837c478bd9Sstevel@tonic-gate #endif 847c478bd9Sstevel@tonic-gate #ifdef __sgi 857c478bd9Sstevel@tonic-gate #include <sys/debug.h> 867c478bd9Sstevel@tonic-gate # ifdef IFF_DRVRLOCK /* IRIX6 */ 877c478bd9Sstevel@tonic-gate #include <sys/hashing.h> 887c478bd9Sstevel@tonic-gate # endif 897c478bd9Sstevel@tonic-gate #endif 90ab25eeb5Syz #if defined(__FreeBSD__) 91ab25eeb5Syz # include "radix_ipf.h" 92ab25eeb5Syz #endif 937c478bd9Sstevel@tonic-gate #include <net/route.h> 947c478bd9Sstevel@tonic-gate #include <netinet/in.h> 957c478bd9Sstevel@tonic-gate #if !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /* IRIX < 6 */ && \ 96ab25eeb5Syz !defined(__hpux) && !defined(linux) 977c478bd9Sstevel@tonic-gate # include <netinet/in_var.h> 987c478bd9Sstevel@tonic-gate #endif 997c478bd9Sstevel@tonic-gate #include <netinet/in_systm.h> 1007c478bd9Sstevel@tonic-gate #include <netinet/ip.h> 101ab25eeb5Syz #if !defined(linux) 102ab25eeb5Syz # include <netinet/ip_var.h> 103ab25eeb5Syz #endif 1047c478bd9Sstevel@tonic-gate #include <netinet/tcp.h> 1057c478bd9Sstevel@tonic-gate #if defined(__osf__) 1067c478bd9Sstevel@tonic-gate # include <netinet/tcp_timer.h> 1077c478bd9Sstevel@tonic-gate #endif 108ab25eeb5Syz #if defined(__osf__) || defined(__hpux) || defined(__sgi) 109ab25eeb5Syz # include "radix_ipf_local.h" 110ab25eeb5Syz # define _RADIX_H_ 111ab25eeb5Syz #endif 1127c478bd9Sstevel@tonic-gate #include <netinet/udp.h> 1137c478bd9Sstevel@tonic-gate #include <netinet/tcpip.h> 1147c478bd9Sstevel@tonic-gate #include <netinet/ip_icmp.h> 1157c478bd9Sstevel@tonic-gate #include <unistd.h> 1167c478bd9Sstevel@tonic-gate #include <syslog.h> 1177c478bd9Sstevel@tonic-gate #ifdef __hpux 1187c478bd9Sstevel@tonic-gate # undef _NET_ROUTE_INCLUDED 1197c478bd9Sstevel@tonic-gate #endif 1207c478bd9Sstevel@tonic-gate #include "netinet/ip_compat.h" 1217c478bd9Sstevel@tonic-gate #include "netinet/ip_fil.h" 1227c478bd9Sstevel@tonic-gate #include "netinet/ip_nat.h" 1237c478bd9Sstevel@tonic-gate #include "netinet/ip_frag.h" 1247c478bd9Sstevel@tonic-gate #include "netinet/ip_state.h" 1257c478bd9Sstevel@tonic-gate #include "netinet/ip_proxy.h" 1267c478bd9Sstevel@tonic-gate #include "netinet/ip_auth.h" 1277c478bd9Sstevel@tonic-gate #ifdef IPFILTER_SYNC 1287c478bd9Sstevel@tonic-gate #include "netinet/ip_sync.h" 1297c478bd9Sstevel@tonic-gate #endif 1307c478bd9Sstevel@tonic-gate #ifdef IPFILTER_SCAN 1317c478bd9Sstevel@tonic-gate #include "netinet/ip_scan.h" 1327c478bd9Sstevel@tonic-gate #endif 1337c478bd9Sstevel@tonic-gate #include "netinet/ip_pool.h" 1347c478bd9Sstevel@tonic-gate #ifdef IPFILTER_COMPILED 1357c478bd9Sstevel@tonic-gate # include "netinet/ip_rules.h" 1367c478bd9Sstevel@tonic-gate #endif 137f4b3ec61Sdh #include "netinet/ipf_stack.h" 1387c478bd9Sstevel@tonic-gate #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) 1397c478bd9Sstevel@tonic-gate # include <sys/malloc.h> 1407c478bd9Sstevel@tonic-gate #endif 1417c478bd9Sstevel@tonic-gate #ifdef __hpux 1427c478bd9Sstevel@tonic-gate struct rtentry; 1437c478bd9Sstevel@tonic-gate #endif 144ab25eeb5Syz #include "md5.h" 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate #if !defined(__osf__) 1487c478bd9Sstevel@tonic-gate extern struct protosw inetsw[]; 1497c478bd9Sstevel@tonic-gate #endif 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate #include "ipt.h" 1527c478bd9Sstevel@tonic-gate static struct ifnet **ifneta = NULL; 1537c478bd9Sstevel@tonic-gate static int nifs = 0; 1547c478bd9Sstevel@tonic-gate 155f4b3ec61Sdh static int frzerostats __P((caddr_t, ipf_stack_t *ifs)); 156ab25eeb5Syz static void fr_setifpaddr __P((struct ifnet *, char *)); 1577c478bd9Sstevel@tonic-gate void init_ifp __P((void)); 158ab25eeb5Syz #if defined(__sgi) && (IRIX < 60500) 1597c478bd9Sstevel@tonic-gate static int no_output __P((struct ifnet *, struct mbuf *, 1607c478bd9Sstevel@tonic-gate struct sockaddr *)); 1617c478bd9Sstevel@tonic-gate static int write_output __P((struct ifnet *, struct mbuf *, 1627c478bd9Sstevel@tonic-gate struct sockaddr *)); 1637c478bd9Sstevel@tonic-gate #else 1647c478bd9Sstevel@tonic-gate # if TRU64 >= 1885 1657c478bd9Sstevel@tonic-gate static int no_output __P((struct ifnet *, struct mbuf *, 1667c478bd9Sstevel@tonic-gate struct sockaddr *, struct rtentry *, char *)); 1677c478bd9Sstevel@tonic-gate static int write_output __P((struct ifnet *, struct mbuf *, 1687c478bd9Sstevel@tonic-gate struct sockaddr *, struct rtentry *, char *)); 1697c478bd9Sstevel@tonic-gate # else 1707c478bd9Sstevel@tonic-gate static int no_output __P((struct ifnet *, struct mbuf *, 1717c478bd9Sstevel@tonic-gate struct sockaddr *, struct rtentry *)); 1727c478bd9Sstevel@tonic-gate static int write_output __P((struct ifnet *, struct mbuf *, 1737c478bd9Sstevel@tonic-gate struct sockaddr *, struct rtentry *)); 1747c478bd9Sstevel@tonic-gate # endif 1757c478bd9Sstevel@tonic-gate #endif 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate 178f4b3ec61Sdh int iplattach(ifs, ns) 179f4b3ec61Sdh ipf_stack_t *ifs; 180f4b3ec61Sdh netstack_t *ns; 1817c478bd9Sstevel@tonic-gate { 182f4b3ec61Sdh ifs->ifs_fr_running = 1; 1837c478bd9Sstevel@tonic-gate return 0; 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate 187f4b3ec61Sdh int ipldetach(ifs) 188f4b3ec61Sdh ipf_stack_t *ifs; 1897c478bd9Sstevel@tonic-gate { 190f4b3ec61Sdh ifs->ifs_fr_running = -1; 1917c478bd9Sstevel@tonic-gate return 0; 1927c478bd9Sstevel@tonic-gate } 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate 195f4b3ec61Sdh static int frzerostats(data, ifs) 1967c478bd9Sstevel@tonic-gate caddr_t data; 197f4b3ec61Sdh ipf_stack_t *ifs; 1987c478bd9Sstevel@tonic-gate { 1997c478bd9Sstevel@tonic-gate friostat_t fio; 2007c478bd9Sstevel@tonic-gate int error; 2017c478bd9Sstevel@tonic-gate 202f4b3ec61Sdh fr_getstat(&fio, ifs); 2037c478bd9Sstevel@tonic-gate error = copyoutptr(&fio, data, sizeof(fio)); 2047c478bd9Sstevel@tonic-gate if (error) 2057c478bd9Sstevel@tonic-gate return EFAULT; 2067c478bd9Sstevel@tonic-gate 207f4b3ec61Sdh bzero((char *)ifs->ifs_frstats, sizeof(*ifs->ifs_frstats) * 2); 2087c478bd9Sstevel@tonic-gate 2097c478bd9Sstevel@tonic-gate return 0; 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate 2137c478bd9Sstevel@tonic-gate /* 2147c478bd9Sstevel@tonic-gate * Filter ioctl interface. 2157c478bd9Sstevel@tonic-gate */ 2167c478bd9Sstevel@tonic-gate int iplioctl(dev, cmd, data, mode) 2177c478bd9Sstevel@tonic-gate int dev; 218ab25eeb5Syz ioctlcmd_t cmd; 2197c478bd9Sstevel@tonic-gate caddr_t data; 2207c478bd9Sstevel@tonic-gate int mode; 2217c478bd9Sstevel@tonic-gate { 222f4b3ec61Sdh int error = 0, unit = 0, tmp, uid; 2237c478bd9Sstevel@tonic-gate friostat_t fio; 224f4b3ec61Sdh ipf_stack_t *ifs; 225f4b3ec61Sdh extern ipf_stack_t *get_ifs(); 2267c478bd9Sstevel@tonic-gate 2277c478bd9Sstevel@tonic-gate unit = dev; 228f4b3ec61Sdh uid = getuid(); 229f4b3ec61Sdh 230f4b3ec61Sdh ifs = get_ifs(); 2317c478bd9Sstevel@tonic-gate 2327c478bd9Sstevel@tonic-gate SPL_NET(s); 2337c478bd9Sstevel@tonic-gate 2347c478bd9Sstevel@tonic-gate if (unit == IPL_LOGNAT) { 235f4b3ec61Sdh if (ifs->ifs_fr_running > 0) 236f4b3ec61Sdh error = fr_nat_ioctl(data, cmd, mode, uid, NULL, ifs); 2377c478bd9Sstevel@tonic-gate else 2387c478bd9Sstevel@tonic-gate error = EIO; 2397c478bd9Sstevel@tonic-gate SPL_X(s); 2407c478bd9Sstevel@tonic-gate return error; 2417c478bd9Sstevel@tonic-gate } 2427c478bd9Sstevel@tonic-gate if (unit == IPL_LOGSTATE) { 243f4b3ec61Sdh if (ifs->ifs_fr_running > 0) 244f4b3ec61Sdh error = fr_state_ioctl(data, cmd, mode, uid, NULL, ifs); 2457c478bd9Sstevel@tonic-gate else 2467c478bd9Sstevel@tonic-gate error = EIO; 2477c478bd9Sstevel@tonic-gate SPL_X(s); 2487c478bd9Sstevel@tonic-gate return error; 2497c478bd9Sstevel@tonic-gate } 2507c478bd9Sstevel@tonic-gate if (unit == IPL_LOGAUTH) { 251f4b3ec61Sdh if (ifs->ifs_fr_running > 0) { 252ab25eeb5Syz if ((cmd == (ioctlcmd_t)SIOCADAFR) || 253ab25eeb5Syz (cmd == (ioctlcmd_t)SIOCRMAFR)) { 2547c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) { 2557c478bd9Sstevel@tonic-gate error = EPERM; 2567c478bd9Sstevel@tonic-gate } else { 2577c478bd9Sstevel@tonic-gate error = frrequest(unit, cmd, data, 258f4b3ec61Sdh ifs->ifs_fr_active, 1, ifs); 2597c478bd9Sstevel@tonic-gate } 2607c478bd9Sstevel@tonic-gate } else { 261f4b3ec61Sdh error = fr_auth_ioctl(data, mode, cmd, uid, NULL, ifs); 2627c478bd9Sstevel@tonic-gate } 2637c478bd9Sstevel@tonic-gate } else 2647c478bd9Sstevel@tonic-gate error = EIO; 2657c478bd9Sstevel@tonic-gate SPL_X(s); 2667c478bd9Sstevel@tonic-gate return error; 2677c478bd9Sstevel@tonic-gate } 2687c478bd9Sstevel@tonic-gate if (unit == IPL_LOGSYNC) { 2697c478bd9Sstevel@tonic-gate #ifdef IPFILTER_SYNC 270f4b3ec61Sdh if (ifs->ifs_fr_running > 0) 2717c478bd9Sstevel@tonic-gate error = fr_sync_ioctl(data, cmd, mode); 2727c478bd9Sstevel@tonic-gate else 2737c478bd9Sstevel@tonic-gate #endif 2747c478bd9Sstevel@tonic-gate error = EIO; 2757c478bd9Sstevel@tonic-gate SPL_X(s); 2767c478bd9Sstevel@tonic-gate return error; 2777c478bd9Sstevel@tonic-gate } 2787c478bd9Sstevel@tonic-gate if (unit == IPL_LOGSCAN) { 2797c478bd9Sstevel@tonic-gate #ifdef IPFILTER_SCAN 280f4b3ec61Sdh if (ifs->ifs_fr_running > 0) 2817c478bd9Sstevel@tonic-gate error = fr_scan_ioctl(data, cmd, mode); 2827c478bd9Sstevel@tonic-gate else 2837c478bd9Sstevel@tonic-gate #endif 2847c478bd9Sstevel@tonic-gate error = EIO; 2857c478bd9Sstevel@tonic-gate SPL_X(s); 2867c478bd9Sstevel@tonic-gate return error; 2877c478bd9Sstevel@tonic-gate } 2887c478bd9Sstevel@tonic-gate if (unit == IPL_LOGLOOKUP) { 289f4b3ec61Sdh if (ifs->ifs_fr_running > 0) 290f4b3ec61Sdh error = ip_lookup_ioctl(data, cmd, mode, uid, 291f4b3ec61Sdh NULL, ifs); 2927c478bd9Sstevel@tonic-gate else 2937c478bd9Sstevel@tonic-gate error = EIO; 2947c478bd9Sstevel@tonic-gate SPL_X(s); 2957c478bd9Sstevel@tonic-gate return error; 2967c478bd9Sstevel@tonic-gate } 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gate switch (cmd) 2997c478bd9Sstevel@tonic-gate { 3007c478bd9Sstevel@tonic-gate case FIONREAD : 3017c478bd9Sstevel@tonic-gate #ifdef IPFILTER_LOG 302f4b3ec61Sdh error = COPYOUT(&ifs->ifs_iplused[IPL_LOGIPF], (caddr_t)data, 303f4b3ec61Sdh sizeof(ifs->ifs_iplused[IPL_LOGIPF])); 3047c478bd9Sstevel@tonic-gate #endif 3057c478bd9Sstevel@tonic-gate break; 3067c478bd9Sstevel@tonic-gate case SIOCFRENB : 3077c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3087c478bd9Sstevel@tonic-gate error = EPERM; 3097c478bd9Sstevel@tonic-gate else { 3107c478bd9Sstevel@tonic-gate error = COPYIN(data, &tmp, sizeof(tmp)); 3117c478bd9Sstevel@tonic-gate if (error) 3127c478bd9Sstevel@tonic-gate break; 3137c478bd9Sstevel@tonic-gate if (tmp) 314f4b3ec61Sdh error = iplattach(ifs, NULL); 3157c478bd9Sstevel@tonic-gate else 316f4b3ec61Sdh error = ipldetach(ifs); 3177c478bd9Sstevel@tonic-gate } 3187c478bd9Sstevel@tonic-gate break; 319ab25eeb5Syz case SIOCIPFSET : 320ab25eeb5Syz if (!(mode & FWRITE)) { 321ab25eeb5Syz error = EPERM; 322ab25eeb5Syz break; 323ab25eeb5Syz } 324ab25eeb5Syz case SIOCIPFGETNEXT : 325ab25eeb5Syz case SIOCIPFGET : 326f4b3ec61Sdh error = fr_ipftune(cmd, (void *)data, ifs); 327ab25eeb5Syz break; 3287c478bd9Sstevel@tonic-gate case SIOCSETFF : 3297c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3307c478bd9Sstevel@tonic-gate error = EPERM; 3317c478bd9Sstevel@tonic-gate else 332f4b3ec61Sdh error = COPYIN(data, &ifs->ifs_fr_flags, 333f4b3ec61Sdh sizeof(ifs->ifs_fr_flags)); 3347c478bd9Sstevel@tonic-gate break; 3357c478bd9Sstevel@tonic-gate case SIOCGETFF : 336f4b3ec61Sdh error = COPYOUT(&ifs->ifs_fr_flags, data, 337f4b3ec61Sdh sizeof(ifs->ifs_fr_flags)); 3387c478bd9Sstevel@tonic-gate break; 3397c478bd9Sstevel@tonic-gate case SIOCFUNCL : 3407c478bd9Sstevel@tonic-gate error = fr_resolvefunc(data); 3417c478bd9Sstevel@tonic-gate break; 3427c478bd9Sstevel@tonic-gate case SIOCINAFR : 3437c478bd9Sstevel@tonic-gate case SIOCRMAFR : 3447c478bd9Sstevel@tonic-gate case SIOCADAFR : 3457c478bd9Sstevel@tonic-gate case SIOCZRLST : 3467c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3477c478bd9Sstevel@tonic-gate error = EPERM; 3487c478bd9Sstevel@tonic-gate else 349f4b3ec61Sdh error = frrequest(unit, cmd, data, 350f4b3ec61Sdh ifs->ifs_fr_active, 1, ifs); 3517c478bd9Sstevel@tonic-gate break; 3527c478bd9Sstevel@tonic-gate case SIOCINIFR : 3537c478bd9Sstevel@tonic-gate case SIOCRMIFR : 3547c478bd9Sstevel@tonic-gate case SIOCADIFR : 3557c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3567c478bd9Sstevel@tonic-gate error = EPERM; 3577c478bd9Sstevel@tonic-gate else 358f4b3ec61Sdh error = frrequest(unit, cmd, data, 359f4b3ec61Sdh 1 - ifs->ifs_fr_active, 1, ifs); 3607c478bd9Sstevel@tonic-gate break; 3617c478bd9Sstevel@tonic-gate case SIOCSWAPA : 3627c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3637c478bd9Sstevel@tonic-gate error = EPERM; 3647c478bd9Sstevel@tonic-gate else { 365f4b3ec61Sdh *(u_int *)data = ifs->ifs_fr_active; 366f4b3ec61Sdh ifs->ifs_fr_active = 1 - ifs->ifs_fr_active; 3677c478bd9Sstevel@tonic-gate } 3687c478bd9Sstevel@tonic-gate break; 3697c478bd9Sstevel@tonic-gate case SIOCGETFS : 370f4b3ec61Sdh fr_getstat(&fio, ifs); 3717c478bd9Sstevel@tonic-gate error = fr_outobj(data, &fio, IPFOBJ_IPFSTAT); 3727c478bd9Sstevel@tonic-gate break; 3737c478bd9Sstevel@tonic-gate case SIOCFRZST : 3747c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3757c478bd9Sstevel@tonic-gate error = EPERM; 3767c478bd9Sstevel@tonic-gate else 377f4b3ec61Sdh error = frzerostats(data, ifs); 3787c478bd9Sstevel@tonic-gate break; 3797c478bd9Sstevel@tonic-gate case SIOCIPFFL : 3807c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 3817c478bd9Sstevel@tonic-gate error = EPERM; 3827c478bd9Sstevel@tonic-gate else { 3837c478bd9Sstevel@tonic-gate error = COPYIN(data, &tmp, sizeof(tmp)); 3847c478bd9Sstevel@tonic-gate if (!error) { 385f4b3ec61Sdh tmp = frflush(unit, 4, tmp, ifs); 3867c478bd9Sstevel@tonic-gate error = COPYOUT(&tmp, data, sizeof(tmp)); 3877c478bd9Sstevel@tonic-gate } 3887c478bd9Sstevel@tonic-gate } 3897c478bd9Sstevel@tonic-gate break; 3907663b816Sml #ifdef USE_INET6 3917663b816Sml case SIOCIPFL6 : 3927663b816Sml if (!(mode & FWRITE)) 3937663b816Sml error = EPERM; 3947663b816Sml else { 3957663b816Sml error = COPYIN(data, &tmp, sizeof(tmp)); 3967663b816Sml if (!error) { 397f4b3ec61Sdh tmp = frflush(unit, 6, tmp, ifs); 3987663b816Sml error = COPYOUT(&tmp, data, sizeof(tmp)); 3997663b816Sml } 4007663b816Sml } 4017663b816Sml break; 4027663b816Sml #endif 4037c478bd9Sstevel@tonic-gate case SIOCSTLCK : 4047c478bd9Sstevel@tonic-gate error = COPYIN(data, &tmp, sizeof(tmp)); 4057c478bd9Sstevel@tonic-gate if (error == 0) { 406f4b3ec61Sdh ifs->ifs_fr_state_lock = tmp; 407f4b3ec61Sdh ifs->ifs_fr_nat_lock = tmp; 408f4b3ec61Sdh ifs->ifs_fr_frag_lock = tmp; 409f4b3ec61Sdh ifs->ifs_fr_auth_lock = tmp; 4107c478bd9Sstevel@tonic-gate } else 4117c478bd9Sstevel@tonic-gate error = EFAULT; 4127c478bd9Sstevel@tonic-gate break; 4137c478bd9Sstevel@tonic-gate #ifdef IPFILTER_LOG 4147c478bd9Sstevel@tonic-gate case SIOCIPFFB : 4157c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 4167c478bd9Sstevel@tonic-gate error = EPERM; 4177c478bd9Sstevel@tonic-gate else 418f4b3ec61Sdh *(int *)data = ipflog_clear(unit, ifs); 4197c478bd9Sstevel@tonic-gate break; 4207c478bd9Sstevel@tonic-gate #endif /* IPFILTER_LOG */ 4217c478bd9Sstevel@tonic-gate case SIOCGFRST : 422f4b3ec61Sdh error = fr_outobj(data, fr_fragstats(ifs), IPFOBJ_FRAGSTAT); 4237c478bd9Sstevel@tonic-gate break; 4247c478bd9Sstevel@tonic-gate case SIOCFRSYN : 4257c478bd9Sstevel@tonic-gate if (!(mode & FWRITE)) 4267c478bd9Sstevel@tonic-gate error = EPERM; 4277c478bd9Sstevel@tonic-gate else { 428f4b3ec61Sdh frsync(IPFSYNC_RESYNC, IPFSYNC_RESYNC, NULL, NULL, ifs); 4297c478bd9Sstevel@tonic-gate } 4307c478bd9Sstevel@tonic-gate break; 4317c478bd9Sstevel@tonic-gate default : 4327c478bd9Sstevel@tonic-gate error = EINVAL; 4337c478bd9Sstevel@tonic-gate break; 4347c478bd9Sstevel@tonic-gate } 4357c478bd9Sstevel@tonic-gate SPL_X(s); 4367c478bd9Sstevel@tonic-gate return error; 4377c478bd9Sstevel@tonic-gate } 4387c478bd9Sstevel@tonic-gate 4397c478bd9Sstevel@tonic-gate 440f4b3ec61Sdh void fr_forgetifp(ifp, ifs) 4417c478bd9Sstevel@tonic-gate void *ifp; 442f4b3ec61Sdh ipf_stack_t *ifs; 4437c478bd9Sstevel@tonic-gate { 4447c478bd9Sstevel@tonic-gate register frentry_t *f; 4457c478bd9Sstevel@tonic-gate 446f4b3ec61Sdh WRITE_ENTER(&ifs->ifs_ipf_mutex); 447f4b3ec61Sdh for (f = ifs->ifs_ipacct[0][ifs->ifs_fr_active]; (f != NULL); 448f4b3ec61Sdh f = f->fr_next) 4497c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4507c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 451f4b3ec61Sdh for (f = ifs->ifs_ipacct[1][ifs->ifs_fr_active]; (f != NULL); 452f4b3ec61Sdh f = f->fr_next) 4537c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4547c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 455f4b3ec61Sdh for (f = ifs->ifs_ipfilter[0][ifs->ifs_fr_active]; (f != NULL); 456f4b3ec61Sdh f = f->fr_next) 4577c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4587c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 459f4b3ec61Sdh for (f = ifs->ifs_ipfilter[1][ifs->ifs_fr_active]; (f != NULL); 460f4b3ec61Sdh f = f->fr_next) 4617c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4627c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 4637c478bd9Sstevel@tonic-gate #ifdef USE_INET6 464f4b3ec61Sdh for (f = ifs->ifs_ipacct6[0][ifs->ifs_fr_active]; (f != NULL); 465f4b3ec61Sdh f = f->fr_next) 4667c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4677c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 468f4b3ec61Sdh for (f = ifs->ifs_ipacct6[1][ifs->ifs_fr_active]; (f != NULL); 469f4b3ec61Sdh f = f->fr_next) 4707c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4717c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 472f4b3ec61Sdh for (f = ifs->ifs_ipfilter6[0][ifs->ifs_fr_active]; (f != NULL); 473f4b3ec61Sdh f = f->fr_next) 4747c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4757c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 476f4b3ec61Sdh for (f = ifs->ifs_ipfilter6[1][ifs->ifs_fr_active]; (f != NULL); 477f4b3ec61Sdh f = f->fr_next) 4787c478bd9Sstevel@tonic-gate if (f->fr_ifa == ifp) 4797c478bd9Sstevel@tonic-gate f->fr_ifa = (void *)-1; 4807c478bd9Sstevel@tonic-gate #endif 481f4b3ec61Sdh RWLOCK_EXIT(&ifs->ifs_ipf_mutex); 482*d6c23f6fSyx fr_natifpsync(IPFSYNC_OLDIFP, 4, ifp, NULL, ifs); 483*d6c23f6fSyx fr_natifpsync(IPFSYNC_OLDIFP, 6, ifp, NULL, ifs); 4847c478bd9Sstevel@tonic-gate } 4857c478bd9Sstevel@tonic-gate 4867c478bd9Sstevel@tonic-gate 487f4b3ec61Sdh void fr_resolvedest(fdp, v, ifs) 4887c478bd9Sstevel@tonic-gate frdest_t *fdp; 4897c478bd9Sstevel@tonic-gate int v; 490f4b3ec61Sdh ipf_stack_t *ifs; 4917c478bd9Sstevel@tonic-gate { 4927c478bd9Sstevel@tonic-gate fdp->fd_ifp = NULL; 4937c478bd9Sstevel@tonic-gate 4947c478bd9Sstevel@tonic-gate if (*fdp->fd_ifname) { 495f4b3ec61Sdh fdp->fd_ifp = GETIFP(fdp->fd_ifname, v, ifs); 4967c478bd9Sstevel@tonic-gate if (!fdp->fd_ifp) 4977c478bd9Sstevel@tonic-gate fdp->fd_ifp = (struct ifnet *)-1; 4987c478bd9Sstevel@tonic-gate } 4997c478bd9Sstevel@tonic-gate } 5007c478bd9Sstevel@tonic-gate 5017c478bd9Sstevel@tonic-gate 502ab25eeb5Syz #if defined(__sgi) && (IRIX < 60500) 5037c478bd9Sstevel@tonic-gate static int no_output(ifp, m, s) 5047c478bd9Sstevel@tonic-gate #else 5057c478bd9Sstevel@tonic-gate # if TRU64 >= 1885 5067c478bd9Sstevel@tonic-gate static int no_output (ifp, m, s, rt, cp) 5077c478bd9Sstevel@tonic-gate char *cp; 5087c478bd9Sstevel@tonic-gate # else 5097c478bd9Sstevel@tonic-gate static int no_output(ifp, m, s, rt) 5107c478bd9Sstevel@tonic-gate # endif 5117c478bd9Sstevel@tonic-gate struct rtentry *rt; 5127c478bd9Sstevel@tonic-gate #endif 5137c478bd9Sstevel@tonic-gate struct ifnet *ifp; 5147c478bd9Sstevel@tonic-gate struct mbuf *m; 5157c478bd9Sstevel@tonic-gate struct sockaddr *s; 5167c478bd9Sstevel@tonic-gate { 5177c478bd9Sstevel@tonic-gate return 0; 5187c478bd9Sstevel@tonic-gate } 5197c478bd9Sstevel@tonic-gate 5207c478bd9Sstevel@tonic-gate 521ab25eeb5Syz #if defined(__sgi) && (IRIX < 60500) 5227c478bd9Sstevel@tonic-gate static int write_output(ifp, m, s) 5237c478bd9Sstevel@tonic-gate #else 5247c478bd9Sstevel@tonic-gate # if TRU64 >= 1885 5257c478bd9Sstevel@tonic-gate static int write_output (ifp, m, s, rt, cp) 5267c478bd9Sstevel@tonic-gate char *cp; 5277c478bd9Sstevel@tonic-gate # else 5287c478bd9Sstevel@tonic-gate static int write_output(ifp, m, s, rt) 5297c478bd9Sstevel@tonic-gate # endif 5307c478bd9Sstevel@tonic-gate struct rtentry *rt; 5317c478bd9Sstevel@tonic-gate #endif 5327c478bd9Sstevel@tonic-gate struct ifnet *ifp; 5337c478bd9Sstevel@tonic-gate struct mbuf *m; 5347c478bd9Sstevel@tonic-gate struct sockaddr *s; 5357c478bd9Sstevel@tonic-gate { 5367c478bd9Sstevel@tonic-gate char fname[32]; 5377c478bd9Sstevel@tonic-gate mb_t *mb; 5387c478bd9Sstevel@tonic-gate ip_t *ip; 5397c478bd9Sstevel@tonic-gate int fd; 5407c478bd9Sstevel@tonic-gate 5417c478bd9Sstevel@tonic-gate mb = (mb_t *)m; 5427c478bd9Sstevel@tonic-gate ip = MTOD(mb, ip_t *); 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ 545ab25eeb5Syz (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ 546ab25eeb5Syz (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 5477c478bd9Sstevel@tonic-gate sprintf(fname, "/tmp/%s", ifp->if_xname); 5487c478bd9Sstevel@tonic-gate #else 5497c478bd9Sstevel@tonic-gate sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit); 5507c478bd9Sstevel@tonic-gate #endif 5517c478bd9Sstevel@tonic-gate fd = open(fname, O_WRONLY|O_APPEND); 5527c478bd9Sstevel@tonic-gate if (fd == -1) { 5537c478bd9Sstevel@tonic-gate perror("open"); 5547c478bd9Sstevel@tonic-gate return -1; 5557c478bd9Sstevel@tonic-gate } 5567c478bd9Sstevel@tonic-gate write(fd, (char *)ip, ntohs(ip->ip_len)); 5577c478bd9Sstevel@tonic-gate close(fd); 5587c478bd9Sstevel@tonic-gate return 0; 5597c478bd9Sstevel@tonic-gate } 5607c478bd9Sstevel@tonic-gate 5617c478bd9Sstevel@tonic-gate 562ab25eeb5Syz static void fr_setifpaddr(ifp, addr) 563ab25eeb5Syz struct ifnet *ifp; 564ab25eeb5Syz char *addr; 565ab25eeb5Syz { 566ab25eeb5Syz #ifdef __sgi 567ab25eeb5Syz struct in_ifaddr *ifa; 568ab25eeb5Syz #else 569ab25eeb5Syz struct ifaddr *ifa; 570ab25eeb5Syz #endif 571ab25eeb5Syz 572ab25eeb5Syz #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) 573ab25eeb5Syz if (ifp->if_addrlist.tqh_first != NULL) 574ab25eeb5Syz #else 575ab25eeb5Syz # ifdef __sgi 576ab25eeb5Syz if (ifp->in_ifaddr != NULL) 577ab25eeb5Syz # else 578ab25eeb5Syz if (ifp->if_addrlist != NULL) 579ab25eeb5Syz # endif 580ab25eeb5Syz #endif 581ab25eeb5Syz return; 582ab25eeb5Syz 583ab25eeb5Syz ifa = (struct ifaddr *)malloc(sizeof(*ifa)); 584ab25eeb5Syz #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) 585ab25eeb5Syz ifp->if_addrlist.tqh_first = ifa; 586ab25eeb5Syz #else 587ab25eeb5Syz # ifdef __sgi 588ab25eeb5Syz ifp->in_ifaddr = ifa; 589ab25eeb5Syz # else 590ab25eeb5Syz ifp->if_addrlist = ifa; 591ab25eeb5Syz # endif 592ab25eeb5Syz #endif 593ab25eeb5Syz 594ab25eeb5Syz if (ifa != NULL) { 595ab25eeb5Syz struct sockaddr_in *sin; 596ab25eeb5Syz 597ab25eeb5Syz #ifdef __sgi 598ab25eeb5Syz sin = (struct sockaddr_in *)&ifa->ia_addr; 599ab25eeb5Syz #else 600ab25eeb5Syz sin = (struct sockaddr_in *)&ifa->ifa_addr; 601ab25eeb5Syz #endif 602ab25eeb5Syz sin->sin_addr.s_addr = inet_addr(addr); 603ab25eeb5Syz if (sin->sin_addr.s_addr == 0) 604ab25eeb5Syz abort(); 605ab25eeb5Syz } 606ab25eeb5Syz } 607ab25eeb5Syz 608f4b3ec61Sdh /*ARGSUSED*/ 609f4b3ec61Sdh struct ifnet *get_unit(name, v, ifs) 6107c478bd9Sstevel@tonic-gate char *name; 6117c478bd9Sstevel@tonic-gate int v; 612f4b3ec61Sdh ipf_stack_t *ifs; 6137c478bd9Sstevel@tonic-gate { 614ab25eeb5Syz struct ifnet *ifp, **ifpp, **old_ifneta; 615ab25eeb5Syz char *addr; 6167c478bd9Sstevel@tonic-gate #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ 617ab25eeb5Syz (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ 618ab25eeb5Syz (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 6197c478bd9Sstevel@tonic-gate 6207c478bd9Sstevel@tonic-gate if (name == NULL) 6217c478bd9Sstevel@tonic-gate name = "anon0"; 6227c478bd9Sstevel@tonic-gate 623ab25eeb5Syz addr = strchr(name, '='); 624ab25eeb5Syz if (addr != NULL) 625ab25eeb5Syz *addr++ = '\0'; 626ab25eeb5Syz 627ab25eeb5Syz for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { 628ab25eeb5Syz if (!strcmp(name, ifp->if_xname)) { 629ab25eeb5Syz if (addr != NULL) 630ab25eeb5Syz fr_setifpaddr(ifp, addr); 6317c478bd9Sstevel@tonic-gate return ifp; 632ab25eeb5Syz } 6337c478bd9Sstevel@tonic-gate } 6347c478bd9Sstevel@tonic-gate #else 6357c478bd9Sstevel@tonic-gate char *s, ifname[LIFNAMSIZ+1]; 6367c478bd9Sstevel@tonic-gate 6377c478bd9Sstevel@tonic-gate if (name == NULL) 6387c478bd9Sstevel@tonic-gate name = "anon0"; 6397c478bd9Sstevel@tonic-gate 640ab25eeb5Syz addr = strchr(name, '='); 641ab25eeb5Syz if (addr != NULL) 642ab25eeb5Syz *addr++ = '\0'; 643ab25eeb5Syz 644ab25eeb5Syz for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { 645381a2a9aSdr COPYIFNAME(ifp, ifname, 0); 646ab25eeb5Syz if (!strcmp(name, ifname)) { 647ab25eeb5Syz if (addr != NULL) 648ab25eeb5Syz fr_setifpaddr(ifp, addr); 6497c478bd9Sstevel@tonic-gate return ifp; 650ab25eeb5Syz } 6517c478bd9Sstevel@tonic-gate } 6527c478bd9Sstevel@tonic-gate #endif 6537c478bd9Sstevel@tonic-gate 6547c478bd9Sstevel@tonic-gate if (!ifneta) { 6557c478bd9Sstevel@tonic-gate ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2); 6567c478bd9Sstevel@tonic-gate if (!ifneta) 6577c478bd9Sstevel@tonic-gate return NULL; 6587c478bd9Sstevel@tonic-gate ifneta[1] = NULL; 6597c478bd9Sstevel@tonic-gate ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp)); 6607c478bd9Sstevel@tonic-gate if (!ifneta[0]) { 6617c478bd9Sstevel@tonic-gate free(ifneta); 6627c478bd9Sstevel@tonic-gate return NULL; 6637c478bd9Sstevel@tonic-gate } 6647c478bd9Sstevel@tonic-gate nifs = 1; 6657c478bd9Sstevel@tonic-gate } else { 6667c478bd9Sstevel@tonic-gate old_ifneta = ifneta; 6677c478bd9Sstevel@tonic-gate nifs++; 6687c478bd9Sstevel@tonic-gate ifneta = (struct ifnet **)realloc(ifneta, 669ab25eeb5Syz (nifs + 1) * sizeof(ifp)); 6707c478bd9Sstevel@tonic-gate if (!ifneta) { 6717c478bd9Sstevel@tonic-gate free(old_ifneta); 6727c478bd9Sstevel@tonic-gate nifs = 0; 6737c478bd9Sstevel@tonic-gate return NULL; 6747c478bd9Sstevel@tonic-gate } 6757c478bd9Sstevel@tonic-gate ifneta[nifs] = NULL; 6767c478bd9Sstevel@tonic-gate ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp)); 6777c478bd9Sstevel@tonic-gate if (!ifneta[nifs - 1]) { 6787c478bd9Sstevel@tonic-gate nifs--; 6797c478bd9Sstevel@tonic-gate return NULL; 6807c478bd9Sstevel@tonic-gate } 6817c478bd9Sstevel@tonic-gate } 6827c478bd9Sstevel@tonic-gate ifp = ifneta[nifs - 1]; 6837c478bd9Sstevel@tonic-gate 6847c478bd9Sstevel@tonic-gate #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ 685ab25eeb5Syz (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ 686ab25eeb5Syz (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 687ab25eeb5Syz (void) strncpy(ifp->if_xname, name, sizeof(ifp->if_xname)); 6887c478bd9Sstevel@tonic-gate #else 689ab25eeb5Syz for (s = name; *s && !ISDIGIT(*s); s++) 6907c478bd9Sstevel@tonic-gate ; 691ab25eeb5Syz if (*s && ISDIGIT(*s)) { 6927c478bd9Sstevel@tonic-gate ifp->if_unit = atoi(s); 6937c478bd9Sstevel@tonic-gate ifp->if_name = (char *)malloc(s - name + 1); 6945e985db5Sschuster if (ifp->if_name == NULL) { 6955e985db5Sschuster /* 6965e985db5Sschuster * XXX do it more elegantly: free up mem, 6975e985db5Sschuster * return NULL 6985e985db5Sschuster */ 6995e985db5Sschuster perror("malloc"); 7005e985db5Sschuster exit(1); 7015e985db5Sschuster } 702ab25eeb5Syz (void) strncpy(ifp->if_name, name, s - name); 7037c478bd9Sstevel@tonic-gate ifp->if_name[s - name] = '\0'; 7047c478bd9Sstevel@tonic-gate } else { 7057c478bd9Sstevel@tonic-gate ifp->if_name = strdup(name); 7067c478bd9Sstevel@tonic-gate ifp->if_unit = -1; 7077c478bd9Sstevel@tonic-gate } 7087c478bd9Sstevel@tonic-gate #endif 7097c478bd9Sstevel@tonic-gate ifp->if_output = no_output; 710ab25eeb5Syz 711ab25eeb5Syz if (addr != NULL) { 712ab25eeb5Syz fr_setifpaddr(ifp, addr); 713ab25eeb5Syz } 714ab25eeb5Syz 7157c478bd9Sstevel@tonic-gate return ifp; 7167c478bd9Sstevel@tonic-gate } 7177c478bd9Sstevel@tonic-gate 7187c478bd9Sstevel@tonic-gate 7197c478bd9Sstevel@tonic-gate char *get_ifname(ifp) 7207c478bd9Sstevel@tonic-gate struct ifnet *ifp; 7217c478bd9Sstevel@tonic-gate { 7227c478bd9Sstevel@tonic-gate static char ifname[LIFNAMSIZ]; 7237c478bd9Sstevel@tonic-gate 724ab25eeb5Syz #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(linux) || \ 725ab25eeb5Syz (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 7267c478bd9Sstevel@tonic-gate sprintf(ifname, "%s", ifp->if_xname); 7277c478bd9Sstevel@tonic-gate #else 7287c478bd9Sstevel@tonic-gate sprintf(ifname, "%s%d", ifp->if_name, ifp->if_unit); 7297c478bd9Sstevel@tonic-gate #endif 7307c478bd9Sstevel@tonic-gate return ifname; 7317c478bd9Sstevel@tonic-gate } 7327c478bd9Sstevel@tonic-gate 7337c478bd9Sstevel@tonic-gate 7347c478bd9Sstevel@tonic-gate 7357c478bd9Sstevel@tonic-gate void init_ifp() 7367c478bd9Sstevel@tonic-gate { 737ab25eeb5Syz struct ifnet *ifp, **ifpp; 7387c478bd9Sstevel@tonic-gate char fname[32]; 7397c478bd9Sstevel@tonic-gate int fd; 7407c478bd9Sstevel@tonic-gate 7417c478bd9Sstevel@tonic-gate #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \ 742ab25eeb5Syz (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \ 743ab25eeb5Syz (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) 744ab25eeb5Syz for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { 7457c478bd9Sstevel@tonic-gate ifp->if_output = write_output; 7467c478bd9Sstevel@tonic-gate sprintf(fname, "/tmp/%s", ifp->if_xname); 7477c478bd9Sstevel@tonic-gate fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); 7487c478bd9Sstevel@tonic-gate if (fd == -1) 7497c478bd9Sstevel@tonic-gate perror("open"); 7507c478bd9Sstevel@tonic-gate else 7517c478bd9Sstevel@tonic-gate close(fd); 7527c478bd9Sstevel@tonic-gate } 7537c478bd9Sstevel@tonic-gate #else 7547c478bd9Sstevel@tonic-gate 755ab25eeb5Syz for (ifpp = ifneta; ifpp && (ifp = *ifpp); ifpp++) { 7567c478bd9Sstevel@tonic-gate ifp->if_output = write_output; 7577c478bd9Sstevel@tonic-gate sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit); 7587c478bd9Sstevel@tonic-gate fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); 7597c478bd9Sstevel@tonic-gate if (fd == -1) 7607c478bd9Sstevel@tonic-gate perror("open"); 7617c478bd9Sstevel@tonic-gate else 7627c478bd9Sstevel@tonic-gate close(fd); 7637c478bd9Sstevel@tonic-gate } 7647c478bd9Sstevel@tonic-gate #endif 7657c478bd9Sstevel@tonic-gate } 7667c478bd9Sstevel@tonic-gate 7677c478bd9Sstevel@tonic-gate 7687c478bd9Sstevel@tonic-gate int fr_fastroute(m, mpp, fin, fdp) 7697c478bd9Sstevel@tonic-gate mb_t *m, **mpp; 7707c478bd9Sstevel@tonic-gate fr_info_t *fin; 7717c478bd9Sstevel@tonic-gate frdest_t *fdp; 7727c478bd9Sstevel@tonic-gate { 7737c478bd9Sstevel@tonic-gate struct ifnet *ifp = fdp->fd_ifp; 7747c478bd9Sstevel@tonic-gate ip_t *ip = fin->fin_ip; 7757c478bd9Sstevel@tonic-gate 7767c478bd9Sstevel@tonic-gate if (!ifp) 7777c478bd9Sstevel@tonic-gate return 0; /* no routing table out here */ 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate ip->ip_len = htons((u_short)ip->ip_len); 7807c478bd9Sstevel@tonic-gate ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); 7817c478bd9Sstevel@tonic-gate ip->ip_sum = 0; 782ab25eeb5Syz #if defined(__sgi) && (IRIX < 60500) 7837c478bd9Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)ip, NULL); 7847c478bd9Sstevel@tonic-gate # if TRU64 >= 1885 7857c478bd9Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0); 7867c478bd9Sstevel@tonic-gate # else 7877c478bd9Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0); 7887c478bd9Sstevel@tonic-gate # endif 7897c478bd9Sstevel@tonic-gate #endif 7907c478bd9Sstevel@tonic-gate return 0; 7917c478bd9Sstevel@tonic-gate } 7927c478bd9Sstevel@tonic-gate 7937c478bd9Sstevel@tonic-gate 7947c478bd9Sstevel@tonic-gate int fr_send_reset(fin) 7957c478bd9Sstevel@tonic-gate fr_info_t *fin; 7967c478bd9Sstevel@tonic-gate { 7977c478bd9Sstevel@tonic-gate verbose("- TCP RST sent\n"); 7987c478bd9Sstevel@tonic-gate return 0; 7997c478bd9Sstevel@tonic-gate } 8007c478bd9Sstevel@tonic-gate 8017c478bd9Sstevel@tonic-gate 8027c478bd9Sstevel@tonic-gate int fr_send_icmp_err(type, fin, dst) 8037c478bd9Sstevel@tonic-gate int type; 8047c478bd9Sstevel@tonic-gate fr_info_t *fin; 8057c478bd9Sstevel@tonic-gate int dst; 8067c478bd9Sstevel@tonic-gate { 807ab25eeb5Syz verbose("- ICMP unreachable sent\n"); 8087c478bd9Sstevel@tonic-gate return 0; 8097c478bd9Sstevel@tonic-gate } 8107c478bd9Sstevel@tonic-gate 8117c478bd9Sstevel@tonic-gate 812f4b3ec61Sdh void frsync(command, version, nic, data, ifs) 813381a2a9aSdr int command, version; 814381a2a9aSdr void *nic; 815381a2a9aSdr char *data; 816f4b3ec61Sdh ipf_stack_t *ifs; 8177c478bd9Sstevel@tonic-gate { 8187c478bd9Sstevel@tonic-gate return; 8197c478bd9Sstevel@tonic-gate } 8207c478bd9Sstevel@tonic-gate 8217c478bd9Sstevel@tonic-gate 8227c478bd9Sstevel@tonic-gate void m_freem(m) 8237c478bd9Sstevel@tonic-gate mb_t *m; 8247c478bd9Sstevel@tonic-gate { 8257c478bd9Sstevel@tonic-gate return; 8267c478bd9Sstevel@tonic-gate } 8277c478bd9Sstevel@tonic-gate 8287c478bd9Sstevel@tonic-gate 8297c478bd9Sstevel@tonic-gate void m_copydata(m, off, len, cp) 8307c478bd9Sstevel@tonic-gate mb_t *m; 8317c478bd9Sstevel@tonic-gate int off, len; 8327c478bd9Sstevel@tonic-gate caddr_t cp; 8337c478bd9Sstevel@tonic-gate { 8347c478bd9Sstevel@tonic-gate bcopy((char *)m + off, cp, len); 8357c478bd9Sstevel@tonic-gate } 8367c478bd9Sstevel@tonic-gate 8377c478bd9Sstevel@tonic-gate 8387c478bd9Sstevel@tonic-gate int ipfuiomove(buf, len, rwflag, uio) 8397c478bd9Sstevel@tonic-gate caddr_t buf; 8407c478bd9Sstevel@tonic-gate int len, rwflag; 8417c478bd9Sstevel@tonic-gate struct uio *uio; 8427c478bd9Sstevel@tonic-gate { 8437c478bd9Sstevel@tonic-gate int left, ioc, num, offset; 8447c478bd9Sstevel@tonic-gate struct iovec *io; 8457c478bd9Sstevel@tonic-gate char *start; 8467c478bd9Sstevel@tonic-gate 8477c478bd9Sstevel@tonic-gate if (rwflag == UIO_READ) { 8487c478bd9Sstevel@tonic-gate left = len; 8497c478bd9Sstevel@tonic-gate ioc = 0; 8507c478bd9Sstevel@tonic-gate 8517c478bd9Sstevel@tonic-gate offset = uio->uio_offset; 8527c478bd9Sstevel@tonic-gate 8537c478bd9Sstevel@tonic-gate while ((left > 0) && (ioc < uio->uio_iovcnt)) { 8547c478bd9Sstevel@tonic-gate io = uio->uio_iov + ioc; 8557c478bd9Sstevel@tonic-gate num = io->iov_len; 8567c478bd9Sstevel@tonic-gate if (num > left) 8577c478bd9Sstevel@tonic-gate num = left; 8587c478bd9Sstevel@tonic-gate start = (char *)io->iov_base + offset; 8597c478bd9Sstevel@tonic-gate if (start > (char *)io->iov_base + io->iov_len) { 8607c478bd9Sstevel@tonic-gate offset -= io->iov_len; 8617c478bd9Sstevel@tonic-gate ioc++; 8627c478bd9Sstevel@tonic-gate continue; 8637c478bd9Sstevel@tonic-gate } 8647c478bd9Sstevel@tonic-gate bcopy(buf, start, num); 8657c478bd9Sstevel@tonic-gate uio->uio_resid -= num; 8667c478bd9Sstevel@tonic-gate uio->uio_offset += num; 8677c478bd9Sstevel@tonic-gate left -= num; 8687c478bd9Sstevel@tonic-gate if (left > 0) 8697c478bd9Sstevel@tonic-gate ioc++; 8707c478bd9Sstevel@tonic-gate } 8717c478bd9Sstevel@tonic-gate if (left > 0) 8727c478bd9Sstevel@tonic-gate return EFAULT; 8737c478bd9Sstevel@tonic-gate } 8747c478bd9Sstevel@tonic-gate return 0; 8757c478bd9Sstevel@tonic-gate } 8767c478bd9Sstevel@tonic-gate 8777c478bd9Sstevel@tonic-gate 8787c478bd9Sstevel@tonic-gate u_32_t fr_newisn(fin) 8797c478bd9Sstevel@tonic-gate fr_info_t *fin; 8807c478bd9Sstevel@tonic-gate { 8817c478bd9Sstevel@tonic-gate static int iss_seq_off = 0; 8827c478bd9Sstevel@tonic-gate u_char hash[16]; 8837c478bd9Sstevel@tonic-gate u_32_t newiss; 8847c478bd9Sstevel@tonic-gate MD5_CTX ctx; 8857c478bd9Sstevel@tonic-gate 8867c478bd9Sstevel@tonic-gate /* 8877c478bd9Sstevel@tonic-gate * Compute the base value of the ISS. It is a hash 8887c478bd9Sstevel@tonic-gate * of (saddr, sport, daddr, dport, secret). 8897c478bd9Sstevel@tonic-gate */ 8907c478bd9Sstevel@tonic-gate MD5Init(&ctx); 8917c478bd9Sstevel@tonic-gate 8927c478bd9Sstevel@tonic-gate MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_src, 8937c478bd9Sstevel@tonic-gate sizeof(fin->fin_fi.fi_src)); 8947c478bd9Sstevel@tonic-gate MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_dst, 8957c478bd9Sstevel@tonic-gate sizeof(fin->fin_fi.fi_dst)); 8967c478bd9Sstevel@tonic-gate MD5Update(&ctx, (u_char *) &fin->fin_dat, sizeof(fin->fin_dat)); 8977c478bd9Sstevel@tonic-gate 8987c478bd9Sstevel@tonic-gate /* MD5Update(&ctx, ipf_iss_secret, sizeof(ipf_iss_secret)); */ 8997c478bd9Sstevel@tonic-gate 9007c478bd9Sstevel@tonic-gate MD5Final(hash, &ctx); 9017c478bd9Sstevel@tonic-gate 9027c478bd9Sstevel@tonic-gate memcpy(&newiss, hash, sizeof(newiss)); 9037c478bd9Sstevel@tonic-gate 9047c478bd9Sstevel@tonic-gate /* 9057c478bd9Sstevel@tonic-gate * Now increment our "timer", and add it in to 9067c478bd9Sstevel@tonic-gate * the computed value. 9077c478bd9Sstevel@tonic-gate * 9087c478bd9Sstevel@tonic-gate * XXX Use `addin'? 9097c478bd9Sstevel@tonic-gate * XXX TCP_ISSINCR too large to use? 9107c478bd9Sstevel@tonic-gate */ 9117c478bd9Sstevel@tonic-gate iss_seq_off += 0x00010000; 9127c478bd9Sstevel@tonic-gate newiss += iss_seq_off; 9137c478bd9Sstevel@tonic-gate return newiss; 9147c478bd9Sstevel@tonic-gate } 9157c478bd9Sstevel@tonic-gate 9167c478bd9Sstevel@tonic-gate 9177c478bd9Sstevel@tonic-gate /* ------------------------------------------------------------------------ */ 9187c478bd9Sstevel@tonic-gate /* Function: fr_nextipid */ 9197c478bd9Sstevel@tonic-gate /* Returns: int - 0 == success, -1 == error (packet should be droppped) */ 9207c478bd9Sstevel@tonic-gate /* Parameters: fin(I) - pointer to packet information */ 9217c478bd9Sstevel@tonic-gate /* */ 9227c478bd9Sstevel@tonic-gate /* Returns the next IPv4 ID to use for this packet. */ 9237c478bd9Sstevel@tonic-gate /* ------------------------------------------------------------------------ */ 9247c478bd9Sstevel@tonic-gate INLINE u_short fr_nextipid(fin) 9257c478bd9Sstevel@tonic-gate fr_info_t *fin; 9267c478bd9Sstevel@tonic-gate { 9277c478bd9Sstevel@tonic-gate static u_short ipid = 0; 9287c478bd9Sstevel@tonic-gate u_short id; 929f4b3ec61Sdh ipf_stack_t *ifs = fin->fin_ifs; 9307c478bd9Sstevel@tonic-gate 931f4b3ec61Sdh MUTEX_ENTER(&ifs->ifs_ipf_rw); 9327c478bd9Sstevel@tonic-gate id = ipid++; 933f4b3ec61Sdh MUTEX_EXIT(&ifs->ifs_ipf_rw); 9347c478bd9Sstevel@tonic-gate 9357c478bd9Sstevel@tonic-gate return id; 9367c478bd9Sstevel@tonic-gate } 9377c478bd9Sstevel@tonic-gate 9387c478bd9Sstevel@tonic-gate 9397c478bd9Sstevel@tonic-gate INLINE void fr_checkv4sum(fin) 9407c478bd9Sstevel@tonic-gate fr_info_t *fin; 9417c478bd9Sstevel@tonic-gate { 9427c478bd9Sstevel@tonic-gate if (fr_checkl4sum(fin) == -1) 9437c478bd9Sstevel@tonic-gate fin->fin_flx |= FI_BAD; 9447c478bd9Sstevel@tonic-gate } 9457c478bd9Sstevel@tonic-gate 9467c478bd9Sstevel@tonic-gate 9477c478bd9Sstevel@tonic-gate #ifdef USE_INET6 9487c478bd9Sstevel@tonic-gate INLINE void fr_checkv6sum(fin) 9497c478bd9Sstevel@tonic-gate fr_info_t *fin; 9507c478bd9Sstevel@tonic-gate { 9517c478bd9Sstevel@tonic-gate if (fr_checkl4sum(fin) == -1) 9527c478bd9Sstevel@tonic-gate fin->fin_flx |= FI_BAD; 9537c478bd9Sstevel@tonic-gate } 9547c478bd9Sstevel@tonic-gate #endif 955ab25eeb5Syz 956ab25eeb5Syz 957ab25eeb5Syz /* 958ab25eeb5Syz * See above for description, except that all addressing is in user space. 959ab25eeb5Syz */ 960ab25eeb5Syz int copyoutptr(src, dst, size) 961ab25eeb5Syz void *src, *dst; 962ab25eeb5Syz size_t size; 963ab25eeb5Syz { 964ab25eeb5Syz caddr_t ca; 965ab25eeb5Syz 966ab25eeb5Syz bcopy(dst, (char *)&ca, sizeof(ca)); 967ab25eeb5Syz bcopy(src, ca, size); 968ab25eeb5Syz return 0; 969ab25eeb5Syz } 970ab25eeb5Syz 971ab25eeb5Syz 972ab25eeb5Syz /* 973ab25eeb5Syz * See above for description, except that all addressing is in user space. 974ab25eeb5Syz */ 975ab25eeb5Syz int copyinptr(src, dst, size) 976ab25eeb5Syz void *src, *dst; 977ab25eeb5Syz size_t size; 978ab25eeb5Syz { 979ab25eeb5Syz caddr_t ca; 980ab25eeb5Syz 981ab25eeb5Syz bcopy(src, (char *)&ca, sizeof(ca)); 982ab25eeb5Syz bcopy(ca, dst, size); 983ab25eeb5Syz return 0; 984ab25eeb5Syz } 985ab25eeb5Syz 986ab25eeb5Syz 987ab25eeb5Syz /* 988ab25eeb5Syz * return the first IP Address associated with an interface 989ab25eeb5Syz */ 990f4b3ec61Sdh int fr_ifpaddr(v, atype, ifptr, inp, inpmask, ifs) 991ab25eeb5Syz int v, atype; 992ab25eeb5Syz void *ifptr; 993ab25eeb5Syz struct in_addr *inp, *inpmask; 994f4b3ec61Sdh ipf_stack_t *ifs; 995ab25eeb5Syz { 996ab25eeb5Syz struct ifnet *ifp = ifptr; 997ab25eeb5Syz #ifdef __sgi 998ab25eeb5Syz struct in_ifaddr *ifa; 999ab25eeb5Syz #else 1000ab25eeb5Syz struct ifaddr *ifa; 1001ab25eeb5Syz #endif 1002ab25eeb5Syz 1003ab25eeb5Syz #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) 1004ab25eeb5Syz ifa = ifp->if_addrlist.tqh_first; 1005ab25eeb5Syz #else 1006ab25eeb5Syz # ifdef __sgi 1007ab25eeb5Syz ifa = (struct in_ifaddr *)ifp->in_ifaddr; 1008ab25eeb5Syz # else 1009ab25eeb5Syz ifa = ifp->if_addrlist; 1010ab25eeb5Syz # endif 1011ab25eeb5Syz #endif 1012ab25eeb5Syz if (ifa != NULL) { 1013ab25eeb5Syz struct sockaddr_in *sin, mask; 1014ab25eeb5Syz 1015ab25eeb5Syz mask.sin_addr.s_addr = 0xffffffff; 1016ab25eeb5Syz 1017ab25eeb5Syz #ifdef __sgi 1018ab25eeb5Syz sin = (struct sockaddr_in *)&ifa->ia_addr; 1019ab25eeb5Syz #else 1020ab25eeb5Syz sin = (struct sockaddr_in *)&ifa->ifa_addr; 1021ab25eeb5Syz #endif 1022ab25eeb5Syz 1023ab25eeb5Syz return fr_ifpfillv4addr(atype, sin, &mask, inp, inpmask); 1024ab25eeb5Syz } 1025ab25eeb5Syz return 0; 1026ab25eeb5Syz } 1027