sys/contrib/ipfilter/netinet/mlfk_ipl.c

   1 /*
   2  * Copyright 1999 Guido van Rooij.  All rights reserved.
   3  *
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions are
   7  * met:
   8  *  1. Redistributions of source code must retain the above copyright
   9  *     notice, this list of conditions and the following disclaimer.
  10  *  2. Redistributions in binary form must reproduce the above copyright notice,
  11  *     this list of conditions and the following disclaimer in the documentation
  12  *     and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS
  15  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  17  * DISCLAIMED.  IN NO EVENT SHALL THE HOLDER OR CONTRIBUTORS BE LIABLE FOR
  18  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  20  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  21  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  * $FreeBSD: src/sys/contrib/ipfilter/netinet/mlfk_ipl.c,v 1.9.2.2 2002/04/27 17:37:12 darrenr Exp $
  27  * $DragonFly: src/sys/contrib/ipfilter/netinet/mlfk_ipl.c,v 1.8.8.1 2008/08/14 07:44:43 swildner Exp $
  28  */
  29
  30
  31 #include <sys/param.h>
  32 #include <sys/systm.h>
  33 #include <sys/kernel.h>
  34 #include <sys/module.h>
  35 #include <sys/conf.h>
  36 #include <sys/socket.h>
  37 #include <sys/sysctl.h>
  38 #include <net/if.h>
  39 #include <netinet/in_systm.h>
  40 #include <netinet/in.h>
  41 #include <netinet/ip.h>
  42 #if defined(__DragonFly__) || (__FreeBSD_version >= 199511)
  43 # include <net/route.h>
  44 # include <netinet/ip_var.h>
  45 # include <netinet/tcp.h>
  46 # include <netinet/tcpip.h>
  47 #endif
  48
  49
  50 #include "ipl.h"
  51 #include "ip_compat.h"
  52 #include "ip_fil.h"
  53 #include "ip_state.h"
  54 #include "ip_nat.h"
  55 #include "ip_auth.h"
  56 #include "ip_frag.h"
  57 #include "ip_proxy.h"
  58
  59 SYSCTL_DECL(_net_inet);
  60 SYSCTL_NODE(_net_inet, OID_AUTO, ipf, CTLFLAG_RW, 0, "IPF");
  61 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_flags, CTLFLAG_RW, &fr_flags, 0, "");
  62 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_pass, CTLFLAG_RW, &fr_pass, 0, "");
  63 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_active, CTLFLAG_RD, &fr_active, 0, "");
  64 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpidletimeout, CTLFLAG_RW,
  65            &fr_tcpidletimeout, 0, "");
  66 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosewait, CTLFLAG_RW,
  67            &fr_tcpclosewait, 0, "");
  68 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcplastack, CTLFLAG_RW,
  69            &fr_tcplastack, 0, "");
  70 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcptimeout, CTLFLAG_RW,
  71            &fr_tcptimeout, 0, "");
  72 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcpclosed, CTLFLAG_RW,
  73            &fr_tcpclosed, 0, "");
  74 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_tcphalfclosed, CTLFLAG_RW,
  75            &fr_tcphalfclosed, 0, "");
  76 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udptimeout, CTLFLAG_RW,
  77            &fr_udptimeout, 0, "");
  78 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_udpacktimeout, CTLFLAG_RW,
  79            &fr_udpacktimeout, 0, "");
  80 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmptimeout, CTLFLAG_RW,
  81            &fr_icmptimeout, 0, "");
  82 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_icmpacktimeout, CTLFLAG_RW,
  83            &fr_icmpacktimeout, 0, "");
  84 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defnatage, CTLFLAG_RW,
  85            &fr_defnatage, 0, "");
  86 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_ipfrttl, CTLFLAG_RW,
  87            &fr_ipfrttl, 0, "");
  88 SYSCTL_INT(_net_inet_ipf, OID_AUTO, ipl_unreach, CTLFLAG_RW,
  89            &ipl_unreach, 0, "");
  90 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_running, CTLFLAG_RD,
  91            &fr_running, 0, "");
  92 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authsize, CTLFLAG_RD,
  93            &fr_authsize, 0, "");
  94 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_authused, CTLFLAG_RD,
  95            &fr_authused, 0, "");
  96 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_defaultauthage, CTLFLAG_RW,
  97            &fr_defaultauthage, 0, "");
  98 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_chksrc, CTLFLAG_RW, &fr_chksrc, 0, "");
  99 SYSCTL_INT(_net_inet_ipf, OID_AUTO, ippr_ftp_pasvonly, CTLFLAG_RW,
 100            &ippr_ftp_pasvonly, 0, "");
 101 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttl, CTLFLAG_RW, &fr_minttl, 0, "");
 102 SYSCTL_INT(_net_inet_ipf, OID_AUTO, fr_minttllog, CTLFLAG_RW,
 103            &fr_minttllog, 0, "");
 104
 105 #define CDEV_MAJOR 79
 106 static struct dev_ops ipl_ops = {
 107         { "ipl", CDEV_MAJOR, 0 },
 108         .d_open =       iplopen,
 109         .d_close =      iplclose,
 110         .d_read =       iplread,
 111         .d_ioctl =      iplioctl,
 112 };
 113
 114 static int
 115 ipfilter_modevent(module_t mod, int type, void *unused)
 116 {
 117         char    *c;
 118         int     i, error = 0;
 119
 120         switch (type) {
 121         case MOD_LOAD :
 122
 123                 error = iplattach();
 124                 if (error)
 125                         break;
 126                 dev_ops_add(&ipl_ops, 0, 0);
 127
 128                 c = NULL;
 129                 for(i=strlen(IPL_NAME); i>0; i--)
 130                         if (IPL_NAME[i] == '/') {
 131                                 c = &IPL_NAME[i+1];
 132                                 break;
 133                         }
 134                 if (!c)
 135                         c = IPL_NAME;
 136                 make_dev(&ipl_ops, IPL_LOGIPF, 0, 0, 0600, c);
 137
 138                 c = NULL;
 139                 for(i=strlen(IPL_NAT); i>0; i--)
 140                         if (IPL_NAT[i] == '/') {
 141                                 c = &IPL_NAT[i+1];
 142                                 break;
 143                         }
 144                 if (!c)
 145                         c = IPL_NAT;
 146                 make_dev(&ipl_ops, IPL_LOGNAT, 0, 0, 0600, c);
 147
 148                 c = NULL;
 149                 for(i=strlen(IPL_STATE); i>0; i--)
 150                         if (IPL_STATE[i] == '/') {
 151                                 c = &IPL_STATE[i+1];
 152                                 break;
 153                         }
 154                 if (!c)
 155                         c = IPL_STATE;
 156                 make_dev(&ipl_ops, IPL_LOGSTATE, 0, 0, 0600, c);
 157
 158                 c = NULL;
 159                 for(i=strlen(IPL_AUTH); i>0; i--)
 160                         if (IPL_AUTH[i] == '/') {
 161                                 c = &IPL_AUTH[i+1];
 162                                 break;
 163                         }
 164                 if (!c)
 165                         c = IPL_AUTH;
 166                 make_dev(&ipl_ops, IPL_LOGAUTH, 0, 0, 0600, c);
 167
 168                 break;
 169         case MOD_UNLOAD :
 170                 dev_ops_remove(&ipl_ops, 0, 0);
 171                 error = ipldetach();
 172                 break;
 173         default:
 174                 error = EINVAL;
 175                 break;
 176         }
 177         return error;
 178 }
 179
 180 static moduledata_t ipfiltermod = {
 181         "ipl",
 182         ipfilter_modevent,
 183         0
 184 };
 185 DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);