File Manager

003 File Manager

Current Path: /usr/src/sys/netgraph

📁 ..
📄 NOTES(3.63 KB)
📁 atm
📁 bluetooth
📁 netflow
📄 netgraph.h(41.17 KB)
📄 ng_UI.c(6.29 KB)
📄 ng_UI.h(2.36 KB)
📄 ng_async.c(16.51 KB)
📄 ng_async.h(4.05 KB)
📄 ng_atmllc.c(7.25 KB)
📄 ng_atmllc.h(1.85 KB)
📄 ng_base.c(100.62 KB)
📄 ng_bpf.c(14.66 KB)
📄 ng_bpf.h(3.97 KB)
📄 ng_bridge.c(29.37 KB)
📄 ng_bridge.h(7.58 KB)
📄 ng_car.c(19.62 KB)
📄 ng_car.h(4.6 KB)
📄 ng_checksum.c(15.85 KB)
📄 ng_checksum.h(2.63 KB)
📄 ng_cisco.c(15.47 KB)
📄 ng_cisco.h(3.39 KB)
📄 ng_deflate.c(17.09 KB)
📄 ng_deflate.h(2.85 KB)
📄 ng_device.c(10.65 KB)
📄 ng_device.h(1.74 KB)
📄 ng_echo.c(3.52 KB)
📄 ng_echo.h(2.28 KB)
📄 ng_eiface.c(16.31 KB)
📄 ng_eiface.h(2.09 KB)
📄 ng_etf.c(12.84 KB)
📄 ng_etf.h(3.05 KB)
📄 ng_ether.c(22.26 KB)
📄 ng_ether.h(3.22 KB)
📄 ng_ether_echo.c(4.17 KB)
📄 ng_ether_echo.h(2.32 KB)
📄 ng_frame_relay.c(13.21 KB)
📄 ng_frame_relay.h(2.51 KB)
📄 ng_gif.c(15.86 KB)
📄 ng_gif.h(4.04 KB)
📄 ng_gif_demux.c(10.83 KB)
📄 ng_gif_demux.h(2.05 KB)
📄 ng_hole.c(5.85 KB)
📄 ng_hole.h(2.69 KB)
📄 ng_hub.c(4.33 KB)
📄 ng_hub.h(1.68 KB)
📄 ng_iface.c(19.58 KB)
📄 ng_iface.h(2.68 KB)
📄 ng_ip_input.c(4.97 KB)
📄 ng_ip_input.h(3.78 KB)
📄 ng_ipfw.c(8.29 KB)
📄 ng_ipfw.h(1.54 KB)
📄 ng_ksocket.c(33.9 KB)
📄 ng_ksocket.h(3.86 KB)
📄 ng_l2tp.c(40.16 KB)
📄 ng_l2tp.h(8.12 KB)
📄 ng_lmi.c(28.15 KB)
📄 ng_lmi.h(3.2 KB)
📄 ng_macfilter.c(24.45 KB)
📄 ng_macfilter.h(5.7 KB)
📄 ng_message.h(14.69 KB)
📄 ng_mppc.c(23.88 KB)
📄 ng_mppc.h(3.29 KB)
📄 ng_nat.c(23.43 KB)
📄 ng_nat.h(6.87 KB)
📄 ng_one2many.c(15.88 KB)
📄 ng_one2many.h(4.56 KB)
📄 ng_parse.c(43.85 KB)
📄 ng_parse.h(18.49 KB)
📄 ng_patch.c(15.54 KB)
📄 ng_patch.h(3.64 KB)
📄 ng_pipe.c(26.97 KB)
📄 ng_pipe.h(5.56 KB)
📄 ng_ppp.c(72.27 KB)
📄 ng_ppp.h(9.77 KB)
📄 ng_pppoe.c(58.34 KB)
📄 ng_pppoe.h(9.64 KB)
📄 ng_pptpgre.c(36.05 KB)
📄 ng_pptpgre.h(6.04 KB)
📄 ng_pred1.c(18.02 KB)
📄 ng_pred1.h(2.73 KB)
📄 ng_rfc1490.c(13.33 KB)
📄 ng_rfc1490.h(2.62 KB)
📄 ng_sample.c(15.14 KB)
📄 ng_sample.h(3.53 KB)
📄 ng_socket.c(29.91 KB)
📄 ng_socket.h(2.73 KB)
📄 ng_socketvar.h(2.51 KB)
📄 ng_source.c(21.72 KB)
📄 ng_source.h(4.96 KB)
📄 ng_split.c(4.54 KB)
📄 ng_split.h(1.84 KB)
📄 ng_sppp.c(9.39 KB)
📄 ng_sppp.h(1.03 KB)
📄 ng_tag.c(19.05 KB)
📄 ng_tag.h(4.55 KB)
📄 ng_tcpmss.c(10.63 KB)
📄 ng_tcpmss.h(2.73 KB)
📄 ng_tee.c(10.61 KB)
📄 ng_tee.h(3.51 KB)
📄 ng_tty.c(11.96 KB)
📄 ng_tty.h(2.49 KB)
📄 ng_vjc.c(15.66 KB)
📄 ng_vjc.h(3.5 KB)
📄 ng_vlan.c(17.61 KB)
📄 ng_vlan.h(3.47 KB)

Editing: ng_ipfw.c

/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright 2005, Gleb Smirnoff <glebius@FreeBSD.org>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $FreeBSD$
 */

#include "opt_inet.h"
#include "opt_inet6.h"

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/mbuf.h>
#include <sys/malloc.h>
#include <sys/ctype.h>
#include <sys/errno.h>
#include <sys/rwlock.h>
#include <sys/socket.h>
#include <sys/syslog.h>

#include <net/if.h>
#include <net/if_var.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>

#include <netpfil/ipfw/ip_fw_private.h>

#include <netgraph/ng_message.h>
#include <netgraph/ng_parse.h>
#include <netgraph/ng_ipfw.h>
#include <netgraph/netgraph.h>

static int		ng_ipfw_mod_event(module_t mod, int event, void *data);
static ng_constructor_t	ng_ipfw_constructor;
static ng_shutdown_t	ng_ipfw_shutdown;
static ng_newhook_t	ng_ipfw_newhook;
static ng_connect_t	ng_ipfw_connect;
static ng_findhook_t	ng_ipfw_findhook;
static ng_rcvdata_t	ng_ipfw_rcvdata;
static ng_disconnect_t	ng_ipfw_disconnect;

static hook_p		ng_ipfw_findhook1(node_p, u_int16_t );
static int	ng_ipfw_input(struct mbuf **, struct ip_fw_args *, bool);

/* We have only one node */
static node_p	fw_node;

/* Netgraph node type descriptor */
static struct ng_type ng_ipfw_typestruct = {
	.version =	NG_ABI_VERSION,
	.name =		NG_IPFW_NODE_TYPE,
	.mod_event =	ng_ipfw_mod_event,
	.constructor =	ng_ipfw_constructor,
	.shutdown =	ng_ipfw_shutdown,
	.newhook =	ng_ipfw_newhook,
	.connect =	ng_ipfw_connect,
	.findhook =	ng_ipfw_findhook,
	.rcvdata =	ng_ipfw_rcvdata,
	.disconnect =	ng_ipfw_disconnect,
};
NETGRAPH_INIT(ipfw, &ng_ipfw_typestruct);
MODULE_DEPEND(ng_ipfw, ipfw, 3, 3, 3);

/* Information we store for each hook */
struct ng_ipfw_hook_priv {
        hook_p		hook;
	u_int16_t	rulenum;
};
typedef struct ng_ipfw_hook_priv *hpriv_p;

static int
ng_ipfw_mod_event(module_t mod, int event, void *data)
{
	int error = 0;

switch (event) {
	case MOD_LOAD:

if (ng_ipfw_input_p != NULL) {
			error = EEXIST;
			break;
		}

/* Setup node without any private data */
		if ((error = ng_make_node_common(&ng_ipfw_typestruct, &fw_node))
		    != 0) {
			log(LOG_ERR, "%s: can't create ng_ipfw node", __func__);
                	break;
		}

/* Try to name node */
		if (ng_name_node(fw_node, "ipfw") != 0)
			log(LOG_WARNING, "%s: failed to name node \"ipfw\"",
			    __func__);

/* Register hook */
		ng_ipfw_input_p = ng_ipfw_input;
		break;

case MOD_UNLOAD:
		 /*
		  * This won't happen if a node exists.
		  * ng_ipfw_input_p is already cleared.
		  */
		break;

default:
		error = EOPNOTSUPP;
		break;
	}

return (error);
}

static int
ng_ipfw_constructor(node_p node)
{
	return (EINVAL);	/* Only one node */
}

static int
ng_ipfw_newhook(node_p node, hook_p hook, const char *name)
{
	hpriv_p	hpriv;
	u_int16_t rulenum;
	const char *cp;
	char *endptr;

/* Protect from leading zero */
	if (name[0] == '0' && name[1] != '\0')
		return (EINVAL);

/* Check that name contains only digits */
	for (cp = name; *cp != '\0'; cp++)
		if (!isdigit(*cp))
			return (EINVAL);

/* Convert it to integer */
	rulenum = (u_int16_t)strtol(name, &endptr, 10);
	if (*endptr != '\0')
		return (EINVAL);

/* Allocate memory for this hook's private data */
	hpriv = malloc(sizeof(*hpriv), M_NETGRAPH, M_NOWAIT | M_ZERO);
	if (hpriv== NULL)
		return (ENOMEM);

hpriv->hook = hook;
	hpriv->rulenum = rulenum;

NG_HOOK_SET_PRIVATE(hook, hpriv);

return(0);
}

/*
 * Set hooks into queueing mode, to avoid recursion between
 * netgraph layer and ip_{input,output}.
 */
static int
ng_ipfw_connect(hook_p hook)
{
	NG_HOOK_FORCE_QUEUE(hook);
	return (0);
}

/* Look up hook by name */
static hook_p
ng_ipfw_findhook(node_p node, const char *name)
{
	u_int16_t n;	/* numeric representation of hook */
	char *endptr;

n = (u_int16_t)strtol(name, &endptr, 10);
	if (*endptr != '\0')
		return NULL;
	return ng_ipfw_findhook1(node, n);
}

/* Look up hook by rule number */
static hook_p
ng_ipfw_findhook1(node_p node, u_int16_t rulenum)
{
	hook_p	hook;
	hpriv_p	hpriv;

LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) {
		hpriv = NG_HOOK_PRIVATE(hook);
		if (NG_HOOK_IS_VALID(hook) && (hpriv->rulenum == rulenum))
                        return (hook);
	}

return (NULL);
}

static int
ng_ipfw_rcvdata(hook_p hook, item_p item)
{
	struct m_tag *tag;
	struct ipfw_rule_ref *r;
	struct mbuf *m;
	struct ip *ip;

NGI_GET_M(item, m);
	NG_FREE_ITEM(item);

tag = m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL);
	if (tag == NULL) {
		NG_FREE_M(m);
		return (EINVAL);	/* XXX: find smth better */
	}

if (m->m_len < sizeof(struct ip) &&
	    (m = m_pullup(m, sizeof(struct ip))) == NULL)
		return (ENOBUFS);

ip = mtod(m, struct ip *);

r = (struct ipfw_rule_ref *)(tag + 1);
	if (r->info & IPFW_INFO_IN) {
		switch (ip->ip_v) {
#ifdef INET
		case IPVERSION:
			ip_input(m);
			return (0);
#endif
#ifdef INET6
		case IPV6_VERSION >> 4:
			ip6_input(m);
			return (0);
#endif
		}
	} else {
		switch (ip->ip_v) {
#ifdef INET
		case IPVERSION:
			return (ip_output(m, NULL, NULL, IP_FORWARDING,
			    NULL, NULL));
#endif
#ifdef INET6
		case IPV6_VERSION >> 4:
			return (ip6_output(m, NULL, NULL, 0, NULL,
			    NULL, NULL));
#endif
		}
	}

/* unknown IP protocol version */
	NG_FREE_M(m);
	return (EPROTONOSUPPORT);
}

static int
ng_ipfw_input(struct mbuf **m0, struct ip_fw_args *fwa, bool tee)
{
	struct mbuf *m;
	hook_p	hook;
	int error = 0;

/*
	 * Node must be loaded and corresponding hook must be present.
	 */
	if (fw_node == NULL || 
	   (hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL)
		return (ESRCH);		/* no hook associated with this rule */

/*
	 * We have two modes: in normal mode we add a tag to packet, which is
	 * important to return packet back to IP stack. In tee mode we make
	 * a copy of a packet and forward it into netgraph without a tag.
	 */
	if (tee == false) {
		struct m_tag *tag;
		struct ipfw_rule_ref *r;
		m = *m0;
		*m0 = NULL;	/* it belongs now to netgraph */

tag = m_tag_alloc(MTAG_IPFW_RULE, 0, sizeof(*r),
			M_NOWAIT|M_ZERO);
		if (tag == NULL) {
			m_freem(m);
			return (ENOMEM);
		}
		r = (struct ipfw_rule_ref *)(tag + 1);
		*r = fwa->rule;
		r->info &= IPFW_ONEPASS;  /* keep this info */
		r->info |= (fwa->flags & IPFW_ARGS_IN) ?
		    IPFW_INFO_IN : IPFW_INFO_OUT;
		m_tag_prepend(m, tag);

} else
		if ((m = m_dup(*m0, M_NOWAIT)) == NULL)
			return (ENOMEM);	/* which is ignored */

if (m->m_len < sizeof(struct ip) &&
	    (m = m_pullup(m, sizeof(struct ip))) == NULL)
		return (EINVAL);

NG_SEND_DATA_ONLY(error, hook, m);

return (error);
}

static int
ng_ipfw_shutdown(node_p node)
{

/*
	 * After our single node has been removed,
	 * the only thing that can be done is
	 * 'kldunload ng_ipfw.ko'
	 */
	ng_ipfw_input_p = NULL;
	NG_NODE_UNREF(node);
	return (0);
}

static int
ng_ipfw_disconnect(hook_p hook)
{
	const hpriv_p hpriv = NG_HOOK_PRIVATE(hook);

free(hpriv, M_NETGRAPH);
	NG_HOOK_SET_PRIVATE(hook, NULL);

return (0);
}

003 File Manager

Editing: ng_ipfw.c

Upload File

Create Folder