search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lapic timer: Reimplement set_apic_timer using lapic_timer_oneshot
[dragonfly.git] / sys / net / pf / if_pflog.c
blobc35a7ca4ed37ea4400ff936c2f413ea62632b64a
1 /* $FreeBSD: src/sys/contrib/pf/net/if_pflog.c,v 1.9 2004/06/22 20:13:24 brooks Exp $ */
2 /* $OpenBSD: if_pflog.c,v 1.11 2003/12/31 11:18:25 cedric Exp $ */
3 /* $DragonFly: src/sys/net/pf/if_pflog.c,v 1.6 2006/12/22 23:44:57 swildner Exp $ */
4
5 /*
6 * The authors of this code are John Ioannidis (ji@tla.org),
7 * Angelos D. Keromytis (kermit@csd.uch.gr) and
8 * Niels Provos (provos@physnet.uni-hamburg.de).
9 *
10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11 * in November 1995.
12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis.
15 *
16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17 * and Niels Provos.
18 *
19 * Copyright (C) 1995, 1996, 1997, 1998 by John Ioannidis, Angelos D. Keromytis
20 * and Niels Provos.
21 * Copyright (c) 2001, Angelos D. Keromytis, Niels Provos.
22 *
23 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
24 *
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
39 */
40
41 #include "opt_inet.h"
42 #include "opt_inet6.h"
43
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/in_cksum.h>
47 #include <sys/mbuf.h>
48 #include <sys/socket.h>
49 #include <sys/kernel.h>
50 #include <sys/malloc.h>
51 #include <sys/module.h>
52 #include <sys/sockio.h>
53 #include <sys/thread2.h>
54 #include <vm/vm_zone.h>
55
56 #include <net/if.h>
57 #include <net/if_types.h>
58 #include <net/route.h>
59 #include <net/bpf.h>
60
61 #ifdef INET
62 #include <netinet/in.h>
63 #include <netinet/in_var.h>
64 #include <netinet/in_systm.h>
65 #include <netinet/ip.h>
66 #endif
67
68 #ifdef INET6
69 #ifndef INET
70 #include <netinet/in.h>
71 #endif
72 #include <netinet6/nd6.h>
73 #endif /* INET6 */
74
75 #include <net/pf/pfvar.h>
76 #include <net/pf/if_pflog.h>
77
78 #define PFLOGNAME "pflog"
79
80 #define PFLOGMTU (32768 + MHLEN + MLEN)
81
82 #ifdef PFLOGDEBUG
83 #define DPRINTF(x) do { if (pflogdebug) kprintf x ; } while (0)
84 #else
85 #define DPRINTF(x)
86 #endif
87
88
89 static void pflog_clone_destroy(struct ifnet *);
90 static int pflog_clone_create(struct if_clone *, int);
91 int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
92 struct rtentry *);
93 int pflogioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
94 void pflogrtrequest(int, struct rtentry *, struct sockaddr *);
95 void pflogstart(struct ifnet *);
96
97 static MALLOC_DEFINE(M_PFLOG, PFLOGNAME, "Packet Filter Logging Interface");
98 static LIST_HEAD(pflog_list, pflog_softc) pflog_list;
99 struct if_clone pflog_cloner = IF_CLONE_INITIALIZER("pflog", pflog_clone_create,
100 pflog_clone_destroy, 1, 1);
101
102 static void
103 pflog_clone_destroy(struct ifnet *ifp)
104 {
105 struct pflog_softc *sc;
106
107 sc = ifp->if_softc;
108
109 /*
110 * Do we really need this?
111 */
112 IF_DRAIN(&ifp->if_snd);
113
114 bpfdetach(ifp);
115 if_detach(ifp);
116 LIST_REMOVE(sc, sc_next);
117 kfree(sc, M_PFLOG);
118 }
119
120 static int
121 pflog_clone_create(struct if_clone *ifc, int unit)
122 {
123 struct pflog_softc *sc;
124
125 MALLOC(sc, struct pflog_softc *, sizeof(*sc), M_PFLOG, M_WAITOK|M_ZERO);
126
127 if_initname(&sc->sc_if, ifc->ifc_name, unit);
128 sc->sc_if.if_mtu = PFLOGMTU;
129 sc->sc_if.if_ioctl = pflogioctl;
130 sc->sc_if.if_output = pflogoutput;
131 sc->sc_if.if_start = pflogstart;
132 sc->sc_if.if_type = IFT_PFLOG;
133 sc->sc_if.if_snd.ifq_maxlen = ifqmaxlen;
134 sc->sc_if.if_hdrlen = PFLOG_HDRLEN;
135 sc->sc_if.if_softc = sc;
136 if_attach(&sc->sc_if, NULL);
137
138 LIST_INSERT_HEAD(&pflog_list, sc, sc_next);
139 bpfattach(&sc->sc_if, DLT_PFLOG, PFLOG_HDRLEN);
140
141 return (0);
142 }
143
144 /*
145 * Start output on the pflog interface.
146 */
147 void
148 pflogstart(struct ifnet *ifp)
149 {
150 crit_enter();
151 IF_DROP(&ifp->if_snd);
152 IF_DRAIN(&ifp->if_snd);
153 crit_exit();
154 }
155
156 int
157 pflogoutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
158 struct rtentry *rt)
159 {
160 m_freem(m);
161 return (0);
162 }
163
164 /* ARGSUSED */
165 void
166 pflogrtrequest(int cmd, struct rtentry *rt, struct sockaddr *sa)
167 {
168 if (rt)
169 rt->rt_rmx.rmx_mtu = PFLOGMTU;
170 }
171
172 /* ARGSUSED */
173 int
174 pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
175 {
176 switch (cmd) {
177 case SIOCSIFADDR:
178 case SIOCAIFADDR:
179 case SIOCSIFDSTADDR:
180 case SIOCSIFFLAGS:
181 if (ifp->if_flags & IFF_UP)
182 ifp->if_flags |= IFF_RUNNING;
183 else
184 ifp->if_flags &= ~IFF_RUNNING;
185 break;
186 default:
187 return (EINVAL);
188 }
189
190 return (0);
191 }
192
193 int
194 pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
195 u_int8_t reason, struct pf_rule *rm, struct pf_rule *am,
196 struct pf_ruleset *ruleset)
197 {
198 struct ifnet *ifn;
199 struct pfloghdr hdr;
200 struct mbuf m1;
201
202 if (kif == NULL || m == NULL || rm == NULL)
203 return (-1);
204
205 bzero(&hdr, sizeof(hdr));
206 hdr.length = PFLOG_REAL_HDRLEN;
207 hdr.af = af;
208 hdr.action = rm->action;
209 hdr.reason = reason;
210 memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname));
211
212 if (am == NULL) {
213 hdr.rulenr = htonl(rm->nr);
214 hdr.subrulenr = -1;
215 } else {
216 hdr.rulenr = htonl(am->nr);
217 hdr.subrulenr = htonl(rm->nr);
218 if (ruleset != NULL)
219 memcpy(hdr.ruleset, ruleset->name,
220 sizeof(hdr.ruleset));
221
222
223 }
224 hdr.dir = dir;
225
226 #ifdef INET
227 if (af == AF_INET) {
228 struct ip *ip = mtod(m, struct ip *);
229
230 ip->ip_len = htons(ip->ip_len);
231 ip->ip_off = htons(ip->ip_off);
232
233 if (dir == PF_OUT) {
234 ip->ip_sum = 0;
235 ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
236 }
237 }
238 #endif /* INET */
239
240 m1.m_next = m;
241 m1.m_len = PFLOG_HDRLEN;
242 m1.m_data = (char *) &hdr;
243
244 KASSERT((!LIST_EMPTY(&pflog_list)), ("pflog: no interface"));
245 ifn = &LIST_FIRST(&pflog_list)->sc_if;
246
247 BPF_MTAP(ifn, &m1);
248
249 #ifdef INET
250 if (af == AF_INET) {
251 struct ip *ip = mtod(m, struct ip *);
252
253 ip->ip_len = ntohs(ip->ip_len);
254 ip->ip_off = ntohs(ip->ip_off);
255 }
256 #endif /* INET */
257
258 return (0);
259 }
260
261 static int
262 pflog_modevent(module_t mod, int type, void *data)
263 {
264 int error = 0;
265
266 switch (type) {
267 case MOD_LOAD:
268 LIST_INIT(&pflog_list);
269 if_clone_attach(&pflog_cloner);
270 break;
271
272 case MOD_UNLOAD:
273 if_clone_detach(&pflog_cloner);
274 while (!LIST_EMPTY(&pflog_list))
275 pflog_clone_destroy(
276 &LIST_FIRST(&pflog_list)->sc_if);
277 break;
278
279 default:
280 error = EINVAL;
281 break;
282 }
283
284 return error;
285 }
286
287 static moduledata_t pflog_mod = {
288 "pflog",
289 pflog_modevent,
290 0
291 };
292
293 #define PFLOG_MODVER 1
294
295 DECLARE_MODULE(pflog, pflog_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
296 MODULE_VERSION(pflog, PFLOG_MODVER);
DragonFly BSD