search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fetch.9: Minor fixes.
[dragonfly.git] / sys / net / pfil.c
blob4dbc9c0e7634fc973ca4d583f1be0ffb68a0ac8a
1 /* $NetBSD: pfil.c,v 1.20 2001/11/12 23:49:46 lukem Exp $ */
2 /* $DragonFly: src/sys/net/pfil.c,v 1.14 2008/09/20 06:08:13 sephe Exp $ */
3
4 /*
5 * Copyright (c) 1996 Matthew R. Green
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/param.h>
33 #include <sys/errno.h>
34 #include <sys/malloc.h>
35 #include <sys/socket.h>
36 #include <sys/socketvar.h>
37 #include <sys/systm.h>
38 #include <sys/proc.h>
39 #include <sys/queue.h>
40
41 #include <net/if.h>
42 #include <net/pfil.h>
43 #include <net/netmsg2.h>
44 #include <sys/mplock2.h>
45
46 #define PFIL_CFGPORT cpu_portfn(0)
47
48 #define PFIL_GETMPLOCK(pfh) \
49 do { \
50 if (((pfh)->pfil_flags & PFIL_MPSAFE) == 0) \
51 get_mplock(); \
52 } while (0)
53
54 #define PFIL_RELMPLOCK(pfh) \
55 do { \
56 if (((pfh)->pfil_flags & PFIL_MPSAFE) == 0) \
57 rel_mplock(); \
58 } while (0)
59
60 /*
61 * The packet filter hooks are designed for anything to call them to
62 * possibly intercept the packet.
63 */
64 struct packet_filter_hook {
65 TAILQ_ENTRY(packet_filter_hook) pfil_link;
66 pfil_func_t pfil_func;
67 void *pfil_arg;
68 int pfil_flags;
69 };
70
71 struct netmsg_pfil {
72 struct netmsg pfil_nmsg;
73 pfil_func_t pfil_func;
74 void *pfil_arg;
75 int pfil_flags;
76 struct pfil_head *pfil_ph;
77 };
78
79 static LIST_HEAD(, pfil_head) pfil_head_list =
80 LIST_HEAD_INITIALIZER(&pfil_head_list);
81
82 static pfil_list_t *pfil_list_alloc(void);
83 static void pfil_list_free(pfil_list_t *);
84 static void pfil_list_dup(const pfil_list_t *, pfil_list_t *,
85 const struct packet_filter_hook *);
86 static void pfil_list_add(pfil_list_t *, pfil_func_t, void *, int);
87 static struct packet_filter_hook *
88 pfil_list_find(const pfil_list_t *, pfil_func_t,
89 const void *);
90
91 static void pfil_remove_hook_dispatch(struct netmsg *);
92 static void pfil_add_hook_dispatch(struct netmsg *);
93
94 /*
95 * pfil_run_hooks() runs the specified packet filter hooks.
96 */
97 int
98 pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp,
99 int dir)
100 {
101 struct packet_filter_hook *pfh;
102 struct mbuf *m = *mp;
103 pfil_list_t *list;
104 int rv = 0;
105
106 if (dir == PFIL_IN)
107 list = ph->ph_in;
108 else if (dir == PFIL_OUT)
109 list = ph->ph_out;
110 else
111 return 0; /* XXX panic? */
112
113 TAILQ_FOREACH(pfh, list, pfil_link) {
114 if (pfh->pfil_func != NULL) {
115 PFIL_GETMPLOCK(pfh);
116 rv = pfh->pfil_func(pfh->pfil_arg, &m, ifp, dir);
117 PFIL_RELMPLOCK(pfh);
118
119 if (rv != 0 || m == NULL)
120 break;
121 }
122 }
123
124 *mp = m;
125 return (rv);
126 }
127
128 /*
129 * pfil_head_register() registers a pfil_head with the packet filter
130 * hook mechanism.
131 */
132 int
133 pfil_head_register(struct pfil_head *ph)
134 {
135 struct pfil_head *lph;
136
137 LIST_FOREACH(lph, &pfil_head_list, ph_list) {
138 if (ph->ph_type == lph->ph_type &&
139 ph->ph_un.phu_val == lph->ph_un.phu_val)
140 return EEXIST;
141 }
142
143 ph->ph_in = pfil_list_alloc();
144 ph->ph_out = pfil_list_alloc();
145 ph->ph_hashooks = 0;
146
147 LIST_INSERT_HEAD(&pfil_head_list, ph, ph_list);
148
149 return (0);
150 }
151
152 /*
153 * pfil_head_unregister() removes a pfil_head from the packet filter
154 * hook mechanism.
155 */
156 int
157 pfil_head_unregister(struct pfil_head *pfh)
158 {
159 LIST_REMOVE(pfh, ph_list);
160 return (0);
161 }
162
163 /*
164 * pfil_head_get() returns the pfil_head for a given key/dlt.
165 */
166 struct pfil_head *
167 pfil_head_get(int type, u_long val)
168 {
169 struct pfil_head *ph;
170
171 LIST_FOREACH(ph, &pfil_head_list, ph_list) {
172 if (ph->ph_type == type && ph->ph_un.phu_val == val)
173 break;
174 }
175 return (ph);
176 }
177
178 static void
179 pfil_add_hook_dispatch(struct netmsg *nmsg)
180 {
181 struct netmsg_pfil *pfilmsg = (struct netmsg_pfil *)nmsg;
182 pfil_func_t func = pfilmsg->pfil_func;
183 void *arg = pfilmsg->pfil_arg;
184 int flags = pfilmsg->pfil_flags;
185 struct pfil_head *ph = pfilmsg->pfil_ph;
186 const struct packet_filter_hook *pfh;
187 pfil_list_t *list_in = NULL, *list_out = NULL;
188 pfil_list_t *old_list_in = NULL, *old_list_out = NULL;
189 int err = 0;
190
191 /* This probably should not happen ... */
192 if ((flags & (PFIL_IN | PFIL_OUT)) == 0)
193 goto reply; /* XXX panic? */
194
195 /*
196 * If pfil hooks exist on any of the requested lists,
197 * then bail out.
198 */
199 if (flags & PFIL_IN) {
200 pfh = pfil_list_find(ph->ph_in, func, arg);
201 if (pfh != NULL) {
202 err = EEXIST;
203 goto reply;
204 }
205 }
206 if (flags & PFIL_OUT) {
207 pfh = pfil_list_find(ph->ph_out, func, arg);
208 if (pfh != NULL) {
209 err = EEXIST;
210 goto reply;
211 }
212 }
213
214 /*
215 * Duplicate the requested lists, install new hooks
216 * on the duplication
217 */
218 if (flags & PFIL_IN) {
219 list_in = pfil_list_alloc();
220 pfil_list_dup(ph->ph_in, list_in, NULL);
221 pfil_list_add(list_in, func, arg, flags & ~PFIL_OUT);
222 }
223 if (flags & PFIL_OUT) {
224 list_out = pfil_list_alloc();
225 pfil_list_dup(ph->ph_out, list_out, NULL);
226 pfil_list_add(list_out, func, arg, flags & ~PFIL_IN);
227 }
228
229 /*
230 * Switch list pointers, but keep the old ones
231 */
232 if (list_in != NULL) {
233 old_list_in = ph->ph_in;
234 ph->ph_in = list_in;
235 }
236 if (list_out != NULL) {
237 old_list_out = ph->ph_out;
238 ph->ph_out = list_out;
239 }
240
241 /*
242 * Wait until everyone has finished the old lists iteration
243 */
244 netmsg_service_sync();
245 ph->ph_hashooks = 1;
246
247 /*
248 * Now it is safe to free the old lists, since no one sees it
249 */
250 if (old_list_in != NULL)
251 pfil_list_free(old_list_in);
252 if (old_list_out != NULL)
253 pfil_list_free(old_list_out);
254 reply:
255 lwkt_replymsg(&nmsg->nm_lmsg, err);
256 }
257
258 /*
259 * pfil_add_hook() adds a function to the packet filter hook. the
260 * flags are:
261 * PFIL_IN call me on incoming packets
262 * PFIL_OUT call me on outgoing packets
263 * PFIL_ALL call me on all of the above
264 * PFIL_MPSAFE call me without BGL
265 */
266 int
267 pfil_add_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph)
268 {
269 struct netmsg_pfil pfilmsg;
270 struct netmsg *nmsg;
271
272 nmsg = &pfilmsg.pfil_nmsg;
273 netmsg_init(nmsg, NULL, &curthread->td_msgport,
274 0, pfil_add_hook_dispatch);
275 pfilmsg.pfil_func = func;
276 pfilmsg.pfil_arg = arg;
277 pfilmsg.pfil_flags = flags;
278 pfilmsg.pfil_ph = ph;
279
280 return lwkt_domsg(PFIL_CFGPORT, &nmsg->nm_lmsg, 0);
281 }
282
283 static void
284 pfil_remove_hook_dispatch(struct netmsg *nmsg)
285 {
286 struct netmsg_pfil *pfilmsg = (struct netmsg_pfil *)nmsg;
287 pfil_func_t func = pfilmsg->pfil_func;
288 void *arg = pfilmsg->pfil_arg;
289 int flags = pfilmsg->pfil_flags;
290 struct pfil_head *ph = pfilmsg->pfil_ph;
291 struct packet_filter_hook *skip_in = NULL, *skip_out = NULL;
292 pfil_list_t *list_in = NULL, *list_out = NULL;
293 pfil_list_t *old_list_in = NULL, *old_list_out = NULL;
294 int err = 0;
295
296 /* This probably should not happen ... */
297 if ((flags & (PFIL_IN | PFIL_OUT)) == 0)
298 goto reply; /* XXX panic? */
299
300 /*
301 * The pfil hook should exist on all requested lists,
302 * if not just bail out
303 */
304 if (flags & PFIL_IN) {
305 skip_in = pfil_list_find(ph->ph_in, func, arg);
306 if (!skip_in) {
307 err = ENOENT;
308 goto reply;
309 }
310 }
311 if (flags & PFIL_OUT) {
312 skip_out = pfil_list_find(ph->ph_out, func, arg);
313 if (!skip_out) {
314 err = ENOENT;
315 goto reply;
316 }
317 }
318
319 /*
320 * Duplicate the requested lists, but the pfil hook to
321 * be deleted is not copied
322 */
323 if (flags & PFIL_IN) {
324 KKASSERT(skip_in != NULL);
325 list_in = pfil_list_alloc();
326 pfil_list_dup(ph->ph_in, list_in, skip_in);
327 }
328 if (flags & PFIL_OUT) {
329 KKASSERT(skip_out != NULL);
330 list_out = pfil_list_alloc();
331 pfil_list_dup(ph->ph_out, list_out, skip_out);
332 }
333
334 /*
335 * Switch list pointers, but keep the old ones
336 */
337 if (list_in != NULL) {
338 old_list_in = ph->ph_in;
339 ph->ph_in = list_in;
340 }
341 if (list_out != NULL) {
342 old_list_out = ph->ph_out;
343 ph->ph_out = list_out;
344 }
345
346 /*
347 * Wait until everyone has finished the old lists iteration
348 */
349 if (TAILQ_EMPTY(ph->ph_in) && TAILQ_EMPTY(ph->ph_out))
350 ph->ph_hashooks = 0;
351 netmsg_service_sync();
352
353 /*
354 * Now it is safe to free the old lists, since no one sees it
355 */
356 if (old_list_in != NULL)
357 pfil_list_free(old_list_in);
358 if (old_list_out != NULL)
359 pfil_list_free(old_list_out);
360 reply:
361 lwkt_replymsg(&nmsg->nm_lmsg, err);
362 }
363
364 /*
365 * pfil_remove_hook removes a specific function from the packet filter
366 * hook list.
367 */
368 int
369 pfil_remove_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph)
370 {
371 struct netmsg_pfil pfilmsg;
372 struct netmsg *nmsg;
373
374 nmsg = &pfilmsg.pfil_nmsg;
375 netmsg_init(nmsg, NULL, &curthread->td_msgport,
376 0, pfil_remove_hook_dispatch);
377 pfilmsg.pfil_func = func;
378 pfilmsg.pfil_arg = arg;
379 pfilmsg.pfil_flags = flags;
380 pfilmsg.pfil_ph = ph;
381
382 return lwkt_domsg(PFIL_CFGPORT, &nmsg->nm_lmsg, 0);
383 }
384
385 static void
386 pfil_list_add(pfil_list_t *list, pfil_func_t func, void *arg, int flags)
387 {
388 struct packet_filter_hook *pfh;
389
390 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
391
392 pfh = kmalloc(sizeof(*pfh), M_IFADDR, M_WAITOK);
393
394 pfh->pfil_func = func;
395 pfh->pfil_arg = arg;
396 pfh->pfil_flags = flags;
397
398 /*
399 * Insert the input list in reverse order of the output list
400 * so that the same path is followed in or out of the kernel.
401 */
402 if (flags & PFIL_IN)
403 TAILQ_INSERT_HEAD(list, pfh, pfil_link);
404 else
405 TAILQ_INSERT_TAIL(list, pfh, pfil_link);
406 }
407
408 static void
409 pfil_list_dup(const pfil_list_t *from, pfil_list_t *to,
410 const struct packet_filter_hook *skip)
411 {
412 struct packet_filter_hook *pfh_to, *pfh_from;
413
414 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
415 KKASSERT(TAILQ_EMPTY(to));
416
417 TAILQ_FOREACH(pfh_from, from, pfil_link) {
418 if (pfh_from == skip)
419 continue;
420
421 pfh_to = kmalloc(sizeof(*pfh_to), M_IFADDR, M_WAITOK);
422 bcopy(pfh_from, pfh_to, sizeof(*pfh_to));
423
424 TAILQ_INSERT_TAIL(to, pfh_to, pfil_link);
425 }
426 }
427
428 static pfil_list_t *
429 pfil_list_alloc(void)
430 {
431 pfil_list_t *list;
432
433 list = kmalloc(sizeof(*list), M_IFADDR, M_WAITOK);
434 TAILQ_INIT(list);
435 return list;
436 }
437
438 static void
439 pfil_list_free(pfil_list_t *list)
440 {
441 struct packet_filter_hook *pfh;
442
443 while ((pfh = TAILQ_FIRST(list)) != NULL) {
444 TAILQ_REMOVE(list, pfh, pfil_link);
445 kfree(pfh, M_IFADDR);
446 }
447 kfree(list, M_IFADDR);
448 }
449
450 static struct packet_filter_hook *
451 pfil_list_find(const pfil_list_t *list, pfil_func_t func, const void *arg)
452 {
453 struct packet_filter_hook *pfh;
454
455 KKASSERT(&curthread->td_msgport == PFIL_CFGPORT);
456
457 TAILQ_FOREACH(pfh, list, pfil_link) {
458 if (pfh->pfil_func == func && pfh->pfil_arg == arg)
459 return pfh;
460 }
461 return NULL;
462 }
DragonFly BSD