search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lapic timer: Reimplement set_apic_timer using lapic_timer_oneshot
[dragonfly.git] / sys / net / pf / pf_if.c
blobb68ac99c7ec45e206b1c293d70cf332502f7c441
1 /* $FreeBSD: src/sys/contrib/pf/net/pf_if.c,v 1.6 2004/09/14 15:20:24 mlaier Exp $ */
2 /* $OpenBSD: pf_if.c,v 1.11 2004/03/15 11:38:23 cedric Exp $ */
3 /* add $OpenBSD: pf_if.c,v 1.19 2004/08/11 12:06:44 henning Exp $ */
4 /* $DragonFly: src/sys/net/pf/pf_if.c,v 1.10 2008/03/07 11:34:20 sephe Exp $ */
5
6 /*
7 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
8 *
9 * Copyright (c) 2001 Daniel Hartmeier
10 * Copyright (c) 2003 Cedric Berger
11 * All rights reserved.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * - Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * - Redistributions in binary form must reproduce the above
20 * copyright notice, this list of conditions and the following
21 * disclaimer in the documentation and/or other materials provided
22 * with the distribution.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
25 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
26 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
27 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
28 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
30 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
31 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
32 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
34 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/malloc.h>
44 #include <sys/mbuf.h>
45 #include <sys/eventhandler.h>
46 #include <sys/filio.h>
47 #include <sys/socket.h>
48 #include <sys/socketvar.h>
49 #include <sys/kernel.h>
50 #include <sys/thread2.h>
51 #include <sys/time.h>
52 #include <vm/vm_zone.h>
53
54 #include <net/if.h>
55 #include <net/if_types.h>
56 #include <net/route.h>
57
58 #include <netinet/in.h>
59 #include <netinet/in_var.h>
60 #include <netinet/in_systm.h>
61 #include <netinet/ip.h>
62 #include <netinet/ip_var.h>
63
64 #include <net/pf/pfvar.h>
65
66 #ifdef INET6
67 #include <netinet/ip6.h>
68 #endif /* INET6 */
69
70 #define ACCEPT_FLAGS(oklist) \
71 do { \
72 if ((flags & ~(oklist)) & \
73 PFI_FLAG_ALLMASK) \
74 return (EINVAL); \
75 } while (0)
76
77 #define senderr(e) do { rv = (e); goto _bad; } while (0)
78
79 struct pfi_kif **pfi_index2kif;
80 struct pfi_kif *pfi_self, *pfi_dummy;
81 int pfi_indexlim;
82 struct pfi_ifhead pfi_ifs;
83 struct pfi_statehead pfi_statehead;
84 int pfi_ifcnt;
85 vm_zone_t pfi_addr_pl;
86 long pfi_update = 1;
87 struct pfr_addr *pfi_buffer;
88 int pfi_buffer_cnt;
89 int pfi_buffer_max;
90 char pfi_reserved_anchor[PF_ANCHOR_NAME_SIZE] =
91 PF_RESERVED_ANCHOR;
92 char pfi_interface_ruleset[PF_RULESET_NAME_SIZE] =
93 PF_INTERFACE_RULESET;
94
95 eventhandler_tag pfi_clone_cookie = NULL;
96 eventhandler_tag pfi_attach_cookie = NULL;
97 eventhandler_tag pfi_detach_cookie = NULL;
98
99 void pfi_dynaddr_update(void *);
100 void pfi_kifaddr_update(void *);
101 void pfi_table_update(struct pfr_ktable *, struct pfi_kif *,
102 int, int);
103 void pfi_instance_add(struct ifnet *, int, int);
104 void pfi_address_add(struct sockaddr *, int, int);
105 int pfi_if_compare(struct pfi_kif *, struct pfi_kif *);
106 struct pfi_kif *pfi_if_create(const char *, struct pfi_kif *, int);
107 void pfi_copy_group(char *, const char *, int);
108 void pfi_dynamic_drivers(void);
109 void pfi_newgroup(const char *, int);
110 int pfi_skip_if(const char *, struct pfi_kif *, int);
111 int pfi_unmask(void *);
112 void pfi_dohooks(struct pfi_kif *);
113 void pfi_kifaddr_update_event(void *, struct ifnet *,
114 enum ifaddr_event, struct ifaddr *);
115 void pfi_attach_clone_event(void *, struct if_clone *);
116 void pfi_attach_ifnet_event(void *, struct ifnet *);
117 void pfi_detach_ifnet_event(void *, struct ifnet *);
118
119 RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
120 RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
121
122 #define PFI_DYNAMIC_BUSES { "pcmcia", "cardbus", "uhub" }
123 #define PFI_BUFFER_MAX 0x10000
124 MALLOC_DEFINE(PFI_MTYPE, "pf_if", "pf interface table");
125
126 void
127 pfi_initialize(void)
128 {
129 struct ifnet *ifp;
130
131 if (pfi_self != NULL) /* already initialized */
132 return;
133
134 TAILQ_INIT(&pfi_statehead);
135 pfi_buffer_max = 64;
136 pfi_buffer = kmalloc(pfi_buffer_max * sizeof(*pfi_buffer),
137 PFI_MTYPE, M_WAITOK);
138 pfi_self = pfi_if_create("self", NULL, PFI_IFLAG_GROUP);
139 pfi_dynamic_drivers();
140
141 TAILQ_FOREACH(ifp, &ifnet, if_link) {
142 if (ifp->if_dunit != IF_DUNIT_NONE)
143 pfi_attach_ifnet(ifp);
144 }
145 pfi_dummy = pfi_if_create("notyet", pfi_self,
146 PFI_IFLAG_GROUP | PFI_IFLAG_DYNAMIC);
147 pfi_attach_cookie = EVENTHANDLER_REGISTER(ifnet_attach_event,
148 pfi_attach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
149 pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_detach_event,
150 pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
151 pfi_clone_cookie = EVENTHANDLER_REGISTER(if_clone_event,
152 pfi_attach_clone_event, NULL, EVENTHANDLER_PRI_ANY);
153 }
154
155 void
156 pfi_cleanup(void)
157 {
158 struct pfi_kif *p, key;
159 struct ifnet *ifp;
160
161 EVENTHANDLER_DEREGISTER(ifnet_attach_event, pfi_attach_cookie);
162 EVENTHANDLER_DEREGISTER(ifnet_detach_event, pfi_detach_cookie);
163 EVENTHANDLER_DEREGISTER(if_clone_event, pfi_clone_cookie);
164
165 /* release PFI_IFLAG_INSTANCE */
166 TAILQ_FOREACH(ifp, &ifnet, if_link) {
167 strlcpy(key.pfik_name, ifp->if_xname, sizeof(key.pfik_name));
168 p = RB_FIND(pfi_ifhead, &pfi_ifs, &key);
169 if (p != NULL)
170 pfi_detach_ifnet(ifp);
171 }
172
173 /* XXX clear all other interface group */
174 while ((p = RB_MIN(pfi_ifhead, &pfi_ifs))) {
175 RB_REMOVE(pfi_ifhead, &pfi_ifs, p);
176
177 kfree(p->pfik_ah_head, PFI_MTYPE);
178 kfree(p, PFI_MTYPE);
179 }
180 kfree(pfi_index2kif, PFI_MTYPE);
181 kfree(pfi_buffer, PFI_MTYPE);
182 pfi_index2kif = NULL;
183 pfi_buffer = NULL;
184 pfi_self = NULL;
185 }
186
187 /*
188 * Wrapper functions for FreeBSD eventhandler
189 */
190 void
191 pfi_kifaddr_update_event(void *arg, struct ifnet *ifp,
192 enum ifaddr_event event __unused, struct ifaddr *ifa __unused)
193 {
194 struct pfi_kif *p = arg;
195
196 /*
197 * Check to see if it is 'our' interface as we do not have per
198 * interface hooks and thus get an update for every interface.
199 */
200 if (p && p->pfik_ifp == ifp)
201 pfi_kifaddr_update(p);
202 }
203
204 void
205 pfi_attach_clone_event(void *arg __unused, struct if_clone *ifc)
206 {
207 pfi_attach_clone(ifc);
208 }
209
210 void
211 pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp)
212 {
213 if (ifp->if_dunit != IF_DUNIT_NONE)
214 pfi_attach_ifnet(ifp);
215 }
216
217 void
218 pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp)
219 {
220 pfi_detach_ifnet(ifp);
221 }
222
223 void
224 pfi_attach_clone(struct if_clone *ifc)
225 {
226 pfi_initialize();
227 pfi_newgroup(ifc->ifc_name, PFI_IFLAG_CLONABLE);
228 }
229
230 void
231 pfi_attach_ifnet(struct ifnet *ifp)
232 {
233 struct pfi_kif *p, *q, key;
234 int realname;
235
236 pfi_initialize();
237 crit_enter();
238 pfi_update++;
239 if (ifp->if_index >= pfi_indexlim) {
240 /*
241 * grow pfi_index2kif, similar to ifindex2ifnet code in if.c
242 */
243 size_t m, n, oldlim;
244 struct pfi_kif **mp, **np;
245
246 oldlim = pfi_indexlim;
247 if (pfi_indexlim == 0)
248 pfi_indexlim = 64;
249 while (ifp->if_index >= pfi_indexlim)
250 pfi_indexlim <<= 1;
251
252 m = oldlim * sizeof(struct pfi_kif *);
253 mp = pfi_index2kif;
254 n = pfi_indexlim * sizeof(struct pfi_kif *);
255 np = kmalloc(n, PFI_MTYPE, M_NOWAIT | M_ZERO);
256 if (np == NULL)
257 panic("pfi_attach_ifnet: "
258 "cannot allocate translation table");
259 if (mp != NULL)
260 bcopy(mp, np, m);
261 pfi_index2kif = np;
262 if (mp != NULL)
263 kfree(mp, PFI_MTYPE);
264 }
265
266 strlcpy(key.pfik_name, ifp->if_xname, sizeof(key.pfik_name));
267 p = RB_FIND(pfi_ifhead, &pfi_ifs, &key);
268 /* some additional trickery for placeholders */
269 if ((p == NULL) || (p->pfik_parent == pfi_dummy)) {
270 /* are we looking at a renamed instance or not? */
271 pfi_copy_group(key.pfik_name, ifp->if_xname,
272 sizeof(key.pfik_name));
273 realname = (strncmp(key.pfik_name, ifp->if_dname,
274 sizeof(key.pfik_name)) == 0);
275 /* add group */
276 /* we can change if_xname, hence use if_dname as group id */
277 pfi_copy_group(key.pfik_name, ifp->if_dname,
278 sizeof(key.pfik_name));
279 q = RB_FIND(pfi_ifhead, &pfi_ifs, &key);
280 if (q == NULL)
281 q = pfi_if_create(key.pfik_name, pfi_self,
282 PFI_IFLAG_GROUP|PFI_IFLAG_DYNAMIC);
283 else if (q->pfik_parent == pfi_dummy) {
284 q->pfik_parent = pfi_self;
285 q->pfik_flags = (PFI_IFLAG_GROUP | PFI_IFLAG_DYNAMIC);
286 }
287 if (q == NULL)
288 panic("pfi_attach_ifnet: "
289 "cannot allocate '%s' group", key.pfik_name);
290
291 /* add/modify interface */
292 if (p == NULL)
293 p = pfi_if_create(ifp->if_xname, q,
294 realname?PFI_IFLAG_INSTANCE:PFI_IFLAG_PLACEHOLDER);
295 else {
296 /* remove from the dummy group */
297 /* XXX: copy stats? We should not have any!!! */
298 pfi_dummy->pfik_delcnt++;
299 TAILQ_REMOVE(&pfi_dummy->pfik_grouphead, p,
300 pfik_instances);
301 /* move to the right group */
302 p->pfik_parent = q;
303 q->pfik_addcnt++;
304 TAILQ_INSERT_TAIL(&q->pfik_grouphead, p,
305 pfik_instances);
306 if (realname) {
307 p->pfik_flags &= ~PFI_IFLAG_PLACEHOLDER;
308 p->pfik_flags |= PFI_IFLAG_INSTANCE;
309 }
310 }
311 if (p == NULL)
312 panic("pfi_attach_ifnet: "
313 "cannot allocate '%s' interface", ifp->if_xname);
314 } else
315 q = p->pfik_parent;
316 p->pfik_ifp = ifp;
317 p->pfik_flags |= PFI_IFLAG_ATTACHED;
318 p->pfik_ah_cookie = EVENTHANDLER_REGISTER(ifaddr_event,
319 pfi_kifaddr_update_event, p, EVENTHANDLER_PRI_ANY);
320 pfi_index2kif[ifp->if_index] = p;
321 pfi_dohooks(p);
322 crit_exit();
323 }
324
325 void
326 pfi_detach_ifnet(struct ifnet *ifp)
327 {
328 struct pfi_kif *p, *q, key;
329
330 strlcpy(key.pfik_name, ifp->if_xname, sizeof(key.pfik_name));
331
332 crit_enter();
333 pfi_update++;
334 p = RB_FIND(pfi_ifhead, &pfi_ifs, &key);
335 if (p == NULL) {
336 kprintf("pfi_detach_ifnet: cannot find %s", ifp->if_xname);
337 crit_exit();
338 return;
339 }
340 EVENTHANDLER_DEREGISTER(ifaddr_event, p->pfik_ah_cookie);
341 q = p->pfik_parent;
342 p->pfik_ifp = NULL;
343 p->pfik_flags &= ~PFI_IFLAG_ATTACHED;
344 pfi_index2kif[ifp->if_index] = NULL;
345 pfi_dohooks(p);
346 pfi_maybe_destroy(p);
347 crit_exit();
348 }
349
350 struct pfi_kif *
351 pfi_lookup_create(const char *name)
352 {
353 struct pfi_kif *p, *q, key;
354
355 crit_enter();
356 p = pfi_lookup_if(name);
357 if (p == NULL) {
358 pfi_copy_group(key.pfik_name, name, sizeof(key.pfik_name));
359 q = pfi_lookup_if(key.pfik_name);
360 if ((q != NULL) && (q->pfik_parent != pfi_dummy))
361 p = pfi_if_create(name, q, PFI_IFLAG_INSTANCE);
362 else {
363 if (pfi_dummy == NULL)
364 panic("no 'notyet' dummy group");
365 p = pfi_if_create(name, pfi_dummy,
366 PFI_IFLAG_PLACEHOLDER);
367 }
368 }
369 crit_exit();
370 return (p);
371 }
372
373 struct pfi_kif *
374 pfi_attach_rule(const char *name)
375 {
376 struct pfi_kif *p;
377
378 p = pfi_lookup_create(name);
379 if (p != NULL)
380 p->pfik_rules++;
381 return (p);
382 }
383
384 void
385 pfi_detach_rule(struct pfi_kif *p)
386 {
387 if (p == NULL)
388 return;
389 if (p->pfik_rules > 0)
390 p->pfik_rules--;
391 else
392 kprintf("pfi_detach_rule: reference count at 0\n");
393 pfi_maybe_destroy(p);
394 }
395
396 void
397 pfi_attach_state(struct pfi_kif *p)
398 {
399 if (!p->pfik_states++)
400 TAILQ_INSERT_TAIL(&pfi_statehead, p, pfik_w_states);
401 }
402
403 void
404 pfi_detach_state(struct pfi_kif *p)
405 {
406 if (p == NULL)
407 return;
408 if (p->pfik_states <= 0) {
409 kprintf("pfi_detach_state: reference count <= 0\n");
410 return;
411 }
412 if (!--p->pfik_states)
413 TAILQ_REMOVE(&pfi_statehead, p, pfik_w_states);
414 pfi_maybe_destroy(p);
415 }
416
417 int
418 pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
419 {
420 struct pfi_dynaddr *dyn;
421 char tblname[PF_TABLE_NAME_SIZE];
422 struct pf_ruleset *ruleset = NULL;
423 int rv = 0;
424
425 if (aw->type != PF_ADDR_DYNIFTL)
426 return (0);
427 dyn = pool_get(&pfi_addr_pl, PR_NOWAIT);
428 if (dyn == NULL)
429 return (1);
430 bzero(dyn, sizeof(*dyn));
431
432 crit_enter();
433 dyn->pfid_kif = pfi_attach_rule(aw->v.ifname);
434 if (dyn->pfid_kif == NULL)
435 senderr(1);
436
437 dyn->pfid_net = pfi_unmask(&aw->v.a.mask);
438 if (af == AF_INET && dyn->pfid_net == 32)
439 dyn->pfid_net = 128;
440 strlcpy(tblname, aw->v.ifname, sizeof(tblname));
441 if (aw->iflags & PFI_AFLAG_NETWORK)
442 strlcat(tblname, ":network", sizeof(tblname));
443 if (aw->iflags & PFI_AFLAG_BROADCAST)
444 strlcat(tblname, ":broadcast", sizeof(tblname));
445 if (aw->iflags & PFI_AFLAG_PEER)
446 strlcat(tblname, ":peer", sizeof(tblname));
447 if (aw->iflags & PFI_AFLAG_NOALIAS)
448 strlcat(tblname, ":0", sizeof(tblname));
449 if (dyn->pfid_net != 128)
450 ksnprintf(tblname + strlen(tblname),
451 sizeof(tblname) - strlen(tblname), "/%d", dyn->pfid_net);
452 ruleset = pf_find_or_create_ruleset(pfi_reserved_anchor,
453 pfi_interface_ruleset);
454 if (ruleset == NULL)
455 senderr(1);
456
457 dyn->pfid_kt = pfr_attach_table(ruleset, tblname);
458 if (dyn->pfid_kt == NULL)
459 senderr(1);
460
461 dyn->pfid_kt->pfrkt_flags |= PFR_TFLAG_ACTIVE;
462 dyn->pfid_iflags = aw->iflags;
463 dyn->pfid_af = af;
464 dyn->pfid_hook_cookie = hook_establish(dyn->pfid_kif->pfik_ah_head, 1,
465 pfi_dynaddr_update, dyn);
466 if (dyn->pfid_hook_cookie == NULL)
467 senderr(1);
468
469 aw->p.dyn = dyn;
470 pfi_dynaddr_update(aw->p.dyn);
471 crit_exit();
472 return (0);
473
474 _bad:
475 if (dyn->pfid_kt != NULL)
476 pfr_detach_table(dyn->pfid_kt);
477 if (ruleset != NULL)
478 pf_remove_if_empty_ruleset(ruleset);
479 if (dyn->pfid_kif != NULL)
480 pfi_detach_rule(dyn->pfid_kif);
481 pool_put(&pfi_addr_pl, dyn);
482 crit_exit();
483 return (rv);
484 }
485
486 void
487 pfi_dynaddr_update(void *p)
488 {
489 struct pfi_dynaddr *dyn = (struct pfi_dynaddr *)p;
490 struct pfi_kif *kif = dyn->pfid_kif;
491 struct pfr_ktable *kt = dyn->pfid_kt;
492
493 if (dyn == NULL || kif == NULL || kt == NULL)
494 panic("pfi_dynaddr_update");
495 if (kt->pfrkt_larg != pfi_update) {
496 /* this table needs to be brought up-to-date */
497 pfi_table_update(kt, kif, dyn->pfid_net, dyn->pfid_iflags);
498 kt->pfrkt_larg = pfi_update;
499 }
500 pfr_dynaddr_update(kt, dyn);
501 }
502
503 void
504 pfi_table_update(struct pfr_ktable *kt, struct pfi_kif *kif, int net, int flags)
505 {
506 int e, size2 = 0;
507 struct pfi_kif *p;
508 struct pfr_table t;
509
510 if ((kif->pfik_flags & PFI_IFLAG_INSTANCE) && kif->pfik_ifp == NULL) {
511 pfr_clr_addrs(&kt->pfrkt_t, NULL, 0);
512 return;
513 }
514 pfi_buffer_cnt = 0;
515 if ((kif->pfik_flags & PFI_IFLAG_INSTANCE))
516 pfi_instance_add(kif->pfik_ifp, net, flags);
517 else if (strcmp(kif->pfik_name, "self")) {
518 TAILQ_FOREACH(p, &kif->pfik_grouphead, pfik_instances)
519 pfi_instance_add(p->pfik_ifp, net, flags);
520 } else {
521 RB_FOREACH(p, pfi_ifhead, &pfi_ifs)
522 if (p->pfik_flags & PFI_IFLAG_INSTANCE)
523 pfi_instance_add(p->pfik_ifp, net, flags);
524 }
525 t = kt->pfrkt_t;
526 t.pfrt_flags = 0;
527 if ((e = pfr_set_addrs(&t, pfi_buffer, pfi_buffer_cnt, &size2,
528 NULL, NULL, NULL, 0)))
529 kprintf("pfi_table_update: cannot set %d new addresses "
530 "into table %s: %d\n", pfi_buffer_cnt, kt->pfrkt_name, e);
531 }
532
533 void
534 pfi_instance_add(struct ifnet *ifp, int net, int flags)
535 {
536 struct ifaddr_container *ifac;
537 int got4 = 0, got6 = 0;
538 int net2, af;
539
540 if (ifp == NULL)
541 return;
542 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) {
543 struct ifaddr *ia = ifac->ifa;
544
545 if (ia->ifa_addr == NULL)
546 continue;
547 af = ia->ifa_addr->sa_family;
548 if (af != AF_INET && af != AF_INET6)
549 continue;
550 /*
551 * XXX: For point-to-point interfaces, (ifname:0) and IPv4,
552 * jump over address without a proper route to work
553 * around a problem with ppp not fully removing the
554 * address used during IPCP.
555 */
556 if ((ifp->if_flags & IFF_POINTOPOINT) &&
557 !(ia->ifa_flags & IFA_ROUTE) &&
558 (flags & PFI_AFLAG_NOALIAS) && (af == AF_INET))
559 continue;
560 if ((flags & PFI_AFLAG_BROADCAST) && af == AF_INET6)
561 continue;
562 if ((flags & PFI_AFLAG_BROADCAST) &&
563 !(ifp->if_flags & IFF_BROADCAST))
564 continue;
565 if ((flags & PFI_AFLAG_PEER) &&
566 !(ifp->if_flags & IFF_POINTOPOINT))
567 continue;
568 if ((flags & PFI_AFLAG_NETWORK) && af == AF_INET6 &&
569 IN6_IS_ADDR_LINKLOCAL(
570 &((struct sockaddr_in6 *)ia->ifa_addr)->sin6_addr))
571 continue;
572 if (flags & PFI_AFLAG_NOALIAS) {
573 if (af == AF_INET && got4)
574 continue;
575 if (af == AF_INET6 && got6)
576 continue;
577 }
578 if (af == AF_INET)
579 got4 = 1;
580 else
581 got6 = 1;
582 net2 = net;
583 if (net2 == 128 && (flags & PFI_AFLAG_NETWORK)) {
584 if (af == AF_INET) {
585 net2 = pfi_unmask(&((struct sockaddr_in *)
586 ia->ifa_netmask)->sin_addr);
587 } else {
588 net2 = pfi_unmask(&((struct sockaddr_in6 *)
589 ia->ifa_netmask)->sin6_addr);
590 }
591 }
592 if (af == AF_INET && net2 > 32)
593 net2 = 32;
594 if (flags & PFI_AFLAG_BROADCAST)
595 pfi_address_add(ia->ifa_broadaddr, af, net2);
596 else if (flags & PFI_AFLAG_PEER)
597 pfi_address_add(ia->ifa_dstaddr, af, net2);
598 else
599 pfi_address_add(ia->ifa_addr, af, net2);
600 }
601 }
602
603 void
604 pfi_address_add(struct sockaddr *sa, int af, int net)
605 {
606 struct pfr_addr *p;
607 int i;
608
609 if (pfi_buffer_cnt >= pfi_buffer_max) {
610 int new_max = pfi_buffer_max * 2;
611
612 if (new_max > PFI_BUFFER_MAX) {
613 kprintf("pfi_address_add: address buffer full (%d/%d)\n",
614 pfi_buffer_cnt, PFI_BUFFER_MAX);
615 return;
616 }
617 p = kmalloc(new_max * sizeof(*pfi_buffer), PFI_MTYPE,
618 M_NOWAIT);
619 if (p == NULL) {
620 kprintf("pfi_address_add: no memory to grow buffer "
621 "(%d/%d)\n", pfi_buffer_cnt, PFI_BUFFER_MAX);
622 return;
623 }
624 memcpy(pfi_buffer, p, pfi_buffer_cnt * sizeof(*pfi_buffer));
625 /* no need to zero buffer */
626 kfree(pfi_buffer, PFI_MTYPE);
627 pfi_buffer = p;
628 pfi_buffer_max = new_max;
629 }
630 if (af == AF_INET && net > 32)
631 net = 128;
632 p = pfi_buffer + pfi_buffer_cnt++;
633 bzero(p, sizeof(*p));
634 p->pfra_af = af;
635 p->pfra_net = net;
636 if (af == AF_INET)
637 p->pfra_ip4addr = ((struct sockaddr_in *)sa)->sin_addr;
638 if (af == AF_INET6) {
639 p->pfra_ip6addr = ((struct sockaddr_in6 *)sa)->sin6_addr;
640 if (IN6_IS_ADDR_LINKLOCAL(&p->pfra_ip6addr))
641 p->pfra_ip6addr.s6_addr16[1] = 0;
642 }
643 /* mask network address bits */
644 if (net < 128)
645 ((caddr_t)p)[p->pfra_net/8] &= ~(0xFF >> (p->pfra_net%8));
646 for (i = (p->pfra_net+7)/8; i < sizeof(p->pfra_u); i++)
647 ((caddr_t)p)[i] = 0;
648 }
649
650 void
651 pfi_dynaddr_remove(struct pf_addr_wrap *aw)
652 {
653 if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL ||
654 aw->p.dyn->pfid_kif == NULL || aw->p.dyn->pfid_kt == NULL)
655 return;
656
657 crit_enter();
658 hook_disestablish(aw->p.dyn->pfid_kif->pfik_ah_head,
659 aw->p.dyn->pfid_hook_cookie);
660 pfi_detach_rule(aw->p.dyn->pfid_kif);
661 aw->p.dyn->pfid_kif = NULL;
662 pfr_detach_table(aw->p.dyn->pfid_kt);
663 aw->p.dyn->pfid_kt = NULL;
664 pool_put(&pfi_addr_pl, aw->p.dyn);
665 aw->p.dyn = NULL;
666 crit_exit();
667 }
668
669 void
670 pfi_dynaddr_copyout(struct pf_addr_wrap *aw)
671 {
672 if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL ||
673 aw->p.dyn->pfid_kif == NULL)
674 return;
675 aw->p.dyncnt = aw->p.dyn->pfid_acnt4 + aw->p.dyn->pfid_acnt6;
676 }
677
678 void
679 pfi_kifaddr_update(void *v)
680 {
681 crit_enter();
682 pfi_update++;
683 pfi_dohooks(v);
684 crit_exit();
685 }
686
687 int
688 pfi_if_compare(struct pfi_kif *p, struct pfi_kif *q)
689 {
690 return (strncmp(p->pfik_name, q->pfik_name, IFNAMSIZ));
691 }
692
693 struct pfi_kif *
694 pfi_if_create(const char *name, struct pfi_kif *q, int flags)
695 {
696 struct pfi_kif *p;
697
698 p = kmalloc(sizeof(*p), PFI_MTYPE, M_NOWAIT | M_ZERO);
699 if (p == NULL)
700 return (NULL);
701 p->pfik_ah_head = kmalloc(sizeof(*p->pfik_ah_head), PFI_MTYPE,
702 M_NOWAIT | M_ZERO);
703 if (p->pfik_ah_head == NULL) {
704 kfree(p, PFI_MTYPE);
705 return (NULL);
706 }
707 TAILQ_INIT(p->pfik_ah_head);
708 TAILQ_INIT(&p->pfik_grouphead);
709 strlcpy(p->pfik_name, name, sizeof(p->pfik_name));
710 RB_INIT(&p->pfik_lan_ext);
711 RB_INIT(&p->pfik_ext_gwy);
712 p->pfik_flags = flags;
713 p->pfik_parent = q;
714 p->pfik_tzero = time_second;
715
716 RB_INSERT(pfi_ifhead, &pfi_ifs, p);
717 if (q != NULL) {
718 q->pfik_addcnt++;
719 TAILQ_INSERT_TAIL(&q->pfik_grouphead, p, pfik_instances);
720 }
721 pfi_ifcnt++;
722 return (p);
723 }
724
725 int
726 pfi_maybe_destroy(struct pfi_kif *p)
727 {
728 int i, j, k;
729 struct pfi_kif *q = p->pfik_parent;
730
731 if ((p->pfik_flags & (PFI_IFLAG_ATTACHED | PFI_IFLAG_GROUP)) ||
732 p->pfik_rules > 0 || p->pfik_states > 0)
733 if (!(p->pfik_flags & PFI_IFLAG_PLACEHOLDER))
734 return (0);
735
736 crit_enter();
737 if (q != NULL) {
738 for (i = 0; i < 2; i++)
739 for (j = 0; j < 2; j++)
740 for (k = 0; k < 2; k++) {
741 q->pfik_bytes[i][j][k] +=
742 p->pfik_bytes[i][j][k];
743 q->pfik_packets[i][j][k] +=
744 p->pfik_packets[i][j][k];
745 /* clear stats in case we return to the dummy group */
746 p->pfik_bytes[i][j][k] = 0;
747 p->pfik_packets[i][j][k] = 0;
748 }
749 q->pfik_delcnt++;
750 TAILQ_REMOVE(&q->pfik_grouphead, p, pfik_instances);
751 }
752 if (p->pfik_rules > 0 || p->pfik_states > 0) {
753 /* move back to the dummy group */
754 p->pfik_parent = pfi_dummy;
755 pfi_dummy->pfik_addcnt++;
756 TAILQ_INSERT_TAIL(&pfi_dummy->pfik_grouphead, p,
757 pfik_instances);
758 crit_exit();
759 return (0);
760 }
761 pfi_ifcnt--;
762 RB_REMOVE(pfi_ifhead, &pfi_ifs, p);
763 crit_exit();
764
765 kfree(p->pfik_ah_head, PFI_MTYPE);
766 kfree(p, PFI_MTYPE);
767 return (1);
768 }
769
770 void
771 pfi_copy_group(char *p, const char *q, int m)
772 {
773 while (m > 1 && *q && !(*q >= '0' && *q <= '9')) {
774 *p++ = *q++;
775 m--;
776 }
777 if (m > 0)
778 *p++ = '\0';
779 }
780
781 void
782 pfi_dynamic_drivers(void)
783 {
784 struct ifnet *ifp;
785
786 /*
787 * For FreeBSD basically every interface is "dynamic" as we can unload
788 * modules e.g.
789 */
790 TAILQ_FOREACH(ifp, &ifnet, if_link) {
791 if (ifp->if_dunit == IF_DUNIT_NONE)
792 continue;
793 pfi_newgroup(ifp->if_dname, PFI_IFLAG_DYNAMIC);
794 }
795 }
796
797 void
798 pfi_newgroup(const char *name, int flags)
799 {
800 struct pfi_kif *p;
801
802 p = pfi_lookup_if(name);
803 if (p == NULL)
804 p = pfi_if_create(name, pfi_self, PFI_IFLAG_GROUP);
805 if (p == NULL) {
806 kprintf("pfi_newgroup: cannot allocate '%s' group", name);
807 return;
808 }
809 p->pfik_flags |= flags;
810 }
811
812 void
813 pfi_fill_oldstatus(struct pf_status *pfs)
814 {
815 struct pfi_kif *p, key;
816 int i, j, k;
817
818 strlcpy(key.pfik_name, pfs->ifname, sizeof(key.pfik_name));
819 crit_enter();
820 p = RB_FIND(pfi_ifhead, &pfi_ifs, &key);
821 if (p == NULL) {
822 crit_exit();
823 return;
824 }
825 bzero(pfs->pcounters, sizeof(pfs->pcounters));
826 bzero(pfs->bcounters, sizeof(pfs->bcounters));
827 for (i = 0; i < 2; i++)
828 for (j = 0; j < 2; j++)
829 for (k = 0; k < 2; k++) {
830 pfs->pcounters[i][j][k] =
831 p->pfik_packets[i][j][k];
832 pfs->bcounters[i][j] +=
833 p->pfik_bytes[i][j][k];
834 }
835 crit_exit();
836 }
837
838 int
839 pfi_clr_istats(const char *name, int *nzero, int flags)
840 {
841 struct pfi_kif *p;
842 int n = 0;
843 long tzero = time_second;
844
845 crit_enter();
846 ACCEPT_FLAGS(PFI_FLAG_GROUP|PFI_FLAG_INSTANCE);
847 RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
848 if (pfi_skip_if(name, p, flags))
849 continue;
850 bzero(p->pfik_packets, sizeof(p->pfik_packets));
851 bzero(p->pfik_bytes, sizeof(p->pfik_bytes));
852 p->pfik_tzero = tzero;
853 n++;
854 }
855 crit_exit();
856 if (nzero != NULL)
857 *nzero = n;
858 return (0);
859 }
860
861 int
862 pfi_get_ifaces(const char *name, struct pfi_if *buf, int *size, int flags)
863 {
864 struct pfi_kif *p;
865 int n = 0;
866
867 ACCEPT_FLAGS(PFI_FLAG_GROUP|PFI_FLAG_INSTANCE);
868 crit_enter();
869 RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
870 if (pfi_skip_if(name, p, flags))
871 continue;
872 if (*size > n++) {
873 if (!p->pfik_tzero)
874 p->pfik_tzero = boottime.tv_sec;
875 if (copyout(p, buf++, sizeof(*buf))) {
876 crit_exit();
877 return (EFAULT);
878 }
879 }
880 }
881 crit_exit();
882 *size = n;
883 return (0);
884 }
885
886 struct pfi_kif *
887 pfi_lookup_if(const char *name)
888 {
889 struct pfi_kif *p, key;
890
891 strlcpy(key.pfik_name, name, sizeof(key.pfik_name));
892 p = RB_FIND(pfi_ifhead, &pfi_ifs, &key);
893 return (p);
894 }
895
896 int
897 pfi_skip_if(const char *filter, struct pfi_kif *p, int f)
898 {
899 int n;
900
901 if ((p->pfik_flags & PFI_IFLAG_GROUP) && !(f & PFI_FLAG_GROUP))
902 return (1);
903 if ((p->pfik_flags & PFI_IFLAG_INSTANCE) && !(f & PFI_FLAG_INSTANCE))
904 return (1);
905 if (filter == NULL || !*filter)
906 return (0);
907 if (!strcmp(p->pfik_name, filter))
908 return (0); /* exact match */
909 n = strlen(filter);
910 if (n < 1 || n >= IFNAMSIZ)
911 return (1); /* sanity check */
912 if (filter[n-1] >= '0' && filter[n-1] <= '9')
913 return (1); /* only do exact match in that case */
914 if (strncmp(p->pfik_name, filter, n))
915 return (1); /* prefix doesn't match */
916 return (p->pfik_name[n] < '0' || p->pfik_name[n] > '9');
917 }
918
919 /* from pf_print_state.c */
920 int
921 pfi_unmask(void *addr)
922 {
923 struct pf_addr *m = addr;
924 int i = 31, j = 0, b = 0;
925 u_int32_t tmp;
926
927 while (j < 4 && m->addr32[j] == 0xffffffff) {
928 b += 32;
929 j++;
930 }
931 if (j < 4) {
932 tmp = ntohl(m->addr32[j]);
933 for (i = 31; tmp & (1 << i); --i)
934 b++;
935 }
936 return (b);
937 }
938
939 void
940 pfi_dohooks(struct pfi_kif *p)
941 {
942 for (; p != NULL; p = p->pfik_parent)
943 dohooks(p->pfik_ah_head, 0);
944 }
945
946 int
947 pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af)
948 {
949 if (af == AF_INET) {
950 switch (dyn->pfid_acnt4) {
951 case 0:
952 return (0);
953 case 1:
954 return (PF_MATCHA(0, &dyn->pfid_addr4,
955 &dyn->pfid_mask4, a, AF_INET));
956 default:
957 return (pfr_match_addr(dyn->pfid_kt, a, AF_INET));
958 }
959 } else {
960 switch (dyn->pfid_acnt6) {
961 case 0:
962 return (0);
963 case 1:
964 return (PF_MATCHA(0, &dyn->pfid_addr6,
965 &dyn->pfid_mask6, a, AF_INET6));
966 default:
967 return (pfr_match_addr(dyn->pfid_kt, a, AF_INET6));
968 }
969 }
970 }
DragonFly BSD