diff options
| author | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2001-01-17 04:47:19 +0000 |
|---|---|---|
| committer | Federico G. Schwindt <fgsch@cvs.openbsd.org> | 2001-01-17 04:47:19 +0000 |
| commit | 4c2f6e4f5fcdd3dd6e4318cbe93f5e67c3673e8c (patch) | |
| tree | 01a426346aace2e6b14e001d1276f0f17e3703e2 /sys/netinet/ip_auth.c | |
| parent | 5e7b102be725a3da894e929575e0b29d80c846e2 (diff) | |
IPF 3.4.15. (IPv6 not working yet).
Note: before building the userland part you need to do make includes.
Diffstat (limited to 'sys/netinet/ip_auth.c')
| -rw-r--r-- | sys/netinet/ip_auth.c | 68 |
1 files changed, 42 insertions, 26 deletions
diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c index 67f134fcd9d..e196aca1417 100644 --- a/sys/netinet/ip_auth.c +++ b/sys/netinet/ip_auth.c @@ -1,14 +1,14 @@ -/* $OpenBSD: ip_auth.c,v 1.14 2000/05/24 21:59:10 kjell Exp $ */ +/* $OpenBSD: ip_auth.c,v 1.15 2001/01/17 04:47:11 fgsch Exp $ */ /* - * Copyright (C) 1998 by Darren Reed & Guido van Rooij. + * Copyright (C) 1998-2000 by Darren Reed & Guido van Rooij. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.4 2000/05/22 06:57:45 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.11.2.4 2000/08/05 14:48:50 darrenr Exp $"; #endif #include <sys/errno.h> @@ -32,7 +32,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.4 2000/05/22 06:57 # include <sys/protosw.h> #endif #include <sys/socket.h> -#if defined(_KERNEL) && !defined(linux) +#if (defined(_KERNEL) || defined(KERNEL)) && !defined(linux) # include <sys/systm.h> #endif #if !defined(__SVR4) && !defined(__svr4__) @@ -48,7 +48,7 @@ static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.4 2000/05/22 06:57 # include <sys/stream.h> # include <sys/kmem.h> #endif -#if _BSDI_VERSION >= 199802 +#if (_BSDI_VERSION >= 199802) || (__FreeBSD_version >= 400000) # include <sys/queue.h> #endif #if defined(__NetBSD__) || defined(__OpenBSD__) || defined(bsdi) @@ -91,10 +91,10 @@ extern struct ifqueue ipintrq; /* ip packet input queue */ #endif #include <netinet/udp.h> #include <netinet/ip_icmp.h> -#include <netinet/ip_fil_compat.h> +#include "netinet/ip_compat.h" #include <netinet/tcpip.h> -#include <netinet/ip_fil.h> -#include <netinet/ip_auth.h> +#include "netinet/ip_fil.h" +#include "netinet/ip_auth.h" #if !SOLARIS && !defined(linux) # include <net/netisr.h> # ifdef __FreeBSD__ @@ -125,11 +125,12 @@ static struct wait_queue *ipfauthwait = NULL; int fr_authsize = FR_NUMAUTH; int fr_authused = 0; int fr_defaultauthage = 600; +int fr_auth_lock = 0; fr_authstat_t fr_authstats; -frauth_t fr_auth[FR_NUMAUTH]; +static frauth_t fr_auth[FR_NUMAUTH]; mb_t *fr_authpkts[FR_NUMAUTH]; -int fr_authstart = 0, fr_authend = 0, fr_authnext = 0; -frauthent_t *fae_list = NULL; +static int fr_authstart = 0, fr_authend = 0, fr_authnext = 0; +static frauthent_t *fae_list = NULL; frentry_t *ipauth = NULL; @@ -146,6 +147,9 @@ fr_info_t *fin; u_32_t pass; int i; + if (fr_auth_lock) + return 0; + READ_ENTER(&ipf_auth); for (i = fr_authstart; i != fr_authend; ) { /* @@ -208,6 +212,9 @@ ip_t *ip; #endif int i; + if (fr_auth_lock) + return 0; + WRITE_ENTER(&ipf_auth); if (fr_authstart > fr_authend) { fr_authstats.fas_nospace++; @@ -237,14 +244,15 @@ ip_t *ip; * them. */ # if SOLARIS && defined(_KERNEL) - if (ip == (ip_t *)m->b_rptr) + if ((ip == (ip_t *)m->b_rptr) && (ip->ip_v == 4)) # endif { register u_short bo; bo = ip->ip_len; ip->ip_len = htons(bo); -# if !SOLARIS /* 4.4BSD converts this ip_input.c, but I don't in solaris.c */ +# if !SOLARIS && !defined(__NetBSD__) + /* 4.4BSD converts this ip_input.c, but I don't in solaris.c */ bo = ip->ip_id; ip->ip_id = htons(bo); # endif @@ -271,7 +279,7 @@ ip_t *ip; int fr_auth_ioctl(data, cmd, fr, frptr) caddr_t data; -#if defined(__NetBSD__) || defined(__OpenBSD__) +#if defined(__NetBSD__) || defined(__OpenBSD__) || (FreeBSD_version >= 300003) u_long cmd; #else int cmd; @@ -279,11 +287,8 @@ int cmd; frentry_t *fr, **frptr; { mb_t *m; -#if defined(_KERNEL) -# if !SOLARIS +#if defined(_KERNEL) && !SOLARIS struct ifqueue *ifq; - int s; -# endif #endif frauth_t auth, *au = &auth; frauthent_t *fae, **faep; @@ -291,12 +296,17 @@ frentry_t *fr, **frptr; switch (cmd) { + case SIOCSTLCK : + error = fr_lock(data, &fr_auth_lock); + break; case SIOCINIFR : case SIOCRMIFR : case SIOCADIFR : error = EINVAL; break; case SIOCINAFR : + error = EINVAL; + break; case SIOCRMAFR : case SIOCADAFR : for (faep = &fae_list; (fae = *faep); ) @@ -317,8 +327,8 @@ frentry_t *fr, **frptr; } else { KMALLOC(fae, frauthent_t *); if (fae != NULL) { - IRCOPY((char *)data, (char *)&fae->fae_fr, - sizeof(fae->fae_fr)); + bcopy((char *)fr, (char *)&fae->fae_fr, + sizeof(*fr)); WRITE_ENTER(&ipf_auth); fae->fae_age = fr_defaultauthage; fae->fae_fr.fr_hits = 0; @@ -336,15 +346,18 @@ frentry_t *fr, **frptr; READ_ENTER(&ipf_auth); fr_authstats.fas_faelist = fae_list; RWLOCK_EXIT(&ipf_auth); - IWCOPY((char *)&fr_authstats, data, sizeof(fr_authstats)); + error = IWCOPYPTR((char *)&fr_authstats, data, + sizeof(fr_authstats)); break; case SIOCAUTHW: fr_authioctlloop: READ_ENTER(&ipf_auth); if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext]) { - IWCOPY((char *)&fr_auth[fr_authnext], data, - sizeof(fr_info_t)); + error = IWCOPYPTR((char *)&fr_auth[fr_authnext], data, + sizeof(fr_info_t)); RWLOCK_EXIT(&ipf_auth); + if (error) + break; WRITE_ENTER(&ipf_auth); fr_authnext++; if (fr_authnext == FR_NUMAUTH) @@ -375,7 +388,9 @@ fr_authioctlloop: goto fr_authioctlloop; break; case SIOCAUTHR: - IRCOPY(data, (caddr_t)&auth, sizeof(auth)); + error = IRCOPYPTR(data, (caddr_t)&auth, sizeof(auth)); + if (error) + return error; WRITE_ENTER(&ipf_auth); i = au->fra_index; if ((i < 0) || (i > FR_NUMAUTH) || @@ -389,7 +404,6 @@ fr_authioctlloop: fr_authpkts[i] = NULL; #ifdef _KERNEL RWLOCK_EXIT(&ipf_auth); - SPL_NET(s); # ifndef linux if (m && au->fra_info.fin_out) { # if SOLARIS @@ -455,7 +469,6 @@ fr_authioctlloop: } } # endif - SPL_X(s); #endif /* _KERNEL */ break; default : @@ -509,6 +522,9 @@ void fr_authexpire() int s; #endif + if (fr_auth_lock) + return; + SPL_NET(s); WRITE_ENTER(&ipf_auth); for (i = 0, fra = fr_auth; i < FR_NUMAUTH; i++, fra++) { |