diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2005-05-22 18:23:05 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2005-05-22 18:23:05 +0000 |
| commit | f4192b75d20bc1b7f08f5148e3db1ac5026003f9 (patch) | |
| tree | 2a03e4fc2588566038f0317a2d08503091bc4a32 /sys | |
| parent | dcc7340dcf077fb35446e18f971a3a5d88bab26d (diff) | |
allow pf to match on interface groups
pass on mygroup ...
markus ok
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/if.c | 4 | ||||
| -rw-r--r-- | sys/net/if.h | 3 | ||||
| -rw-r--r-- | sys/net/pf_if.c | 47 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 5 |
4 files changed, 51 insertions, 8 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index ab6f756d1f7..30e40a827f6 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.111 2005/05/21 21:24:38 henning Exp $ */ +/* $OpenBSD: if.c,v 1.112 2005/05/22 18:23:04 henning Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -1597,6 +1597,7 @@ if_addgroup(struct ifnet *ifp, char *groupname) } strlcpy(ifg->ifg_group, groupname, sizeof(ifg->ifg_group)); ifg->ifg_refcnt = 0; + pfi_attach_ifgroup(ifg); TAILQ_INSERT_TAIL(&ifg_head, ifg, ifg_next); } @@ -1626,6 +1627,7 @@ if_delgroup(struct ifnet *ifp, char *groupname) if (--ifgl->ifgl_group->ifg_refcnt == 0) { TAILQ_REMOVE(&ifg_head, ifgl->ifgl_group, ifg_next); + pfi_detach_ifgroup(ifgl->ifgl_group); free(ifgl->ifgl_group, M_TEMP); } diff --git a/sys/net/if.h b/sys/net/if.h index 89b1e843fff..8eb6bce9823 100644 --- a/sys/net/if.h +++ b/sys/net/if.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if.h,v 1.66 2005/05/21 21:03:57 henning Exp $ */ +/* $OpenBSD: if.h,v 1.67 2005/05/22 18:23:04 henning Exp $ */ /* $NetBSD: if.h,v 1.23 1996/05/07 02:40:27 thorpej Exp $ */ /* @@ -410,6 +410,7 @@ struct if_announcemsghdr { struct ifg_group { char ifg_group[IFNAMSIZ]; u_int ifg_refcnt; + caddr_t ifg_pf_kif; TAILQ_ENTRY(ifg_group) ifg_next; }; diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index f10d89e3919..35abf0156d2 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.26 2005/05/21 21:05:16 henning Exp $ */ +/* $OpenBSD: pf_if.c,v 1.27 2005/05/22 18:23:04 henning Exp $ */ /* * Copyright 2005 Henning Brauer <henning@openbsd.org> @@ -176,8 +176,7 @@ pfi_kif_unref(struct pfi_kif *kif, enum pfi_kif_refs what) panic("pfi_kif_unref with unknown type"); } - /* XXX check for ifgroups ptr too */ - if (kif->pfik_ifp != NULL || kif == pfi_all) + if (kif->pfik_ifp != NULL || kif->pfik_group != NULL || kif == pfi_all) return; if (kif->pfik_rules || kif->pfik_states) @@ -191,10 +190,15 @@ pfi_kif_unref(struct pfi_kif *kif, enum pfi_kif_refs what) int pfi_kif_match(struct pfi_kif *rule_kif, struct pfi_kif *packet_kif) { + struct ifg_list *p; + if (rule_kif == NULL || rule_kif == packet_kif) return (1); - /* XXX walk rule_kif's ifgroups and check for match */ + if (rule_kif->pfik_group != NULL) + TAILQ_FOREACH(p, &packet_kif->pfik_ifp->if_groups, ifgl_next) + if (p->ifgl_group == rule_kif->pfik_group) + return (1); return (0); } @@ -244,6 +248,40 @@ pfi_detach_ifnet(struct ifnet *ifp) splx(s); } +void +pfi_attach_ifgroup(struct ifg_group *ifg) +{ + struct pfi_kif *kif; + int s; + + pfi_initialize(); + s = splsoftnet(); + if ((kif = pfi_kif_get(ifg->ifg_group)) == NULL) + panic("pfi_kif_get failed"); + + kif->pfik_group = ifg; + ifg->ifg_pf_kif = (caddr_t)kif; + + splx(s); +} + +void +pfi_detach_ifgroup(struct ifg_group *ifg) +{ + int s; + struct pfi_kif *kif; + + if ((kif = (struct pfi_kif *)ifg->ifg_pf_kif) == NULL) + return; + + s = splsoftnet(); + + pfi_kif_unref(kif, PFI_KIF_REF_NONE); + kif->pfik_group = NULL; + ifg->ifg_pf_kif = NULL; + splx(s); +} + int pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af) { @@ -390,7 +428,6 @@ pfi_table_update(struct pfr_ktable *kt, struct pfi_kif *kif, int net, int flags) } pfi_buffer_cnt = 0; - /* XXXXXX bugs bugs bugs ? */ if (kif->pfik_ifp != NULL) pfi_instance_add(kif->pfik_ifp, net, flags); else diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 5aad97035b7..71a85ecf7ab 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.214 2005/05/21 21:03:57 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.215 2005/05/22 18:23:04 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -861,6 +861,7 @@ struct pfi_kif { struct hook_desc_head *pfik_ah_head; void *pfik_ah_cookie; struct ifnet *pfik_ifp; + struct ifg_group *pfik_group; int pfik_states; int pfik_rules; }; @@ -1495,6 +1496,8 @@ void pfi_kif_unref(struct pfi_kif *, enum pfi_kif_refs); int pfi_kif_match(struct pfi_kif *, struct pfi_kif *); void pfi_attach_ifnet(struct ifnet *); void pfi_detach_ifnet(struct ifnet *); +void pfi_attach_ifgroup(struct ifg_group *); +void pfi_detach_ifgroup(struct ifg_group *); int pfi_match_addr(struct pfi_dynaddr *, struct pf_addr *, sa_family_t); int pfi_dynaddr_setup(struct pf_addr_wrap *, sa_family_t); |