1 | /* $NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */ |
2 | |
3 | /* |
4 | * Copyright (C) 2012 by Darren Reed. |
5 | * |
6 | * See the IPFILTER.LICENCE file for details on licencing. |
7 | */ |
8 | #if defined(KERNEL) || defined(_KERNEL) |
9 | # undef KERNEL |
10 | # undef _KERNEL |
11 | # define KERNEL 1 |
12 | # define _KERNEL 1 |
13 | #endif |
14 | #include <sys/errno.h> |
15 | #include <sys/types.h> |
16 | #include <sys/param.h> |
17 | #include <sys/time.h> |
18 | #include <sys/file.h> |
19 | #ifdef __hpux |
20 | # include <sys/timeout.h> |
21 | #endif |
22 | #if !defined(_KERNEL) |
23 | # include <stdio.h> |
24 | # include <string.h> |
25 | # include <stdlib.h> |
26 | # define _KERNEL |
27 | # ifdef __OpenBSD__ |
28 | struct file; |
29 | # endif |
30 | # include <sys/uio.h> |
31 | # undef _KERNEL |
32 | #endif |
33 | #if defined(_KERNEL) && \ |
34 | defined(__FreeBSD_version) && (__FreeBSD_version >= 220000) |
35 | # include <sys/filio.h> |
36 | # include <sys/fcntl.h> |
37 | #else |
38 | # include <sys/ioctl.h> |
39 | #endif |
40 | #if !defined(linux) |
41 | # include <sys/protosw.h> |
42 | #endif |
43 | #include <sys/socket.h> |
44 | #if defined(_KERNEL) |
45 | # include <sys/systm.h> |
46 | # if !defined(__SVR4) && !defined(__svr4__) |
47 | # include <sys/mbuf.h> |
48 | # endif |
49 | #endif |
50 | #if !defined(__SVR4) && !defined(__svr4__) |
51 | # if defined(_KERNEL) && !defined(__sgi) && !defined(AIX) |
52 | # include <sys/kernel.h> |
53 | # endif |
54 | #else |
55 | # include <sys/byteorder.h> |
56 | # ifdef _KERNEL |
57 | # include <sys/dditypes.h> |
58 | # endif |
59 | # include <sys/stream.h> |
60 | # include <sys/kmem.h> |
61 | #endif |
62 | #include <net/if.h> |
63 | #ifdef sun |
64 | # include <net/af.h> |
65 | #endif |
66 | #include <netinet/in.h> |
67 | #include <netinet/in_systm.h> |
68 | #include <netinet/ip.h> |
69 | #if !defined(linux) |
70 | # include <netinet/ip_var.h> |
71 | #endif |
72 | #include <netinet/tcp.h> |
73 | #include <netinet/udp.h> |
74 | #include <netinet/ip_icmp.h> |
75 | #include "netinet/ip_compat.h" |
76 | #include <netinet/tcpip.h> |
77 | #include "netinet/ip_fil.h" |
78 | #include "netinet/ip_nat.h" |
79 | #include "netinet/ip_frag.h" |
80 | #include "netinet/ip_state.h" |
81 | #include "netinet/ip_auth.h" |
82 | #include "netinet/ip_lookup.h" |
83 | #include "netinet/ip_proxy.h" |
84 | #include "netinet/ip_sync.h" |
85 | /* END OF INCLUDES */ |
86 | |
87 | #if !defined(lint) |
88 | #if defined(__NetBSD__) |
89 | #include <sys/cdefs.h> |
90 | __KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $" ); |
91 | #else |
92 | static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed" ; |
93 | static const char rcsid[] = "@(#)Id: ip_frag.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp" ; |
94 | #endif |
95 | #endif |
96 | |
97 | |
98 | typedef struct ipf_frag_softc_s { |
99 | ipfrwlock_t ipfr_ipidfrag; |
100 | ipfrwlock_t ipfr_frag; |
101 | ipfrwlock_t ipfr_natfrag; |
102 | int ipfr_size; |
103 | int ipfr_ttl; |
104 | int ipfr_lock; |
105 | int ipfr_inited; |
106 | ipfr_t *ipfr_list; |
107 | ipfr_t **ipfr_tail; |
108 | ipfr_t *ipfr_natlist; |
109 | ipfr_t **ipfr_nattail; |
110 | ipfr_t *ipfr_ipidlist; |
111 | ipfr_t **ipfr_ipidtail; |
112 | ipfr_t **ipfr_heads; |
113 | ipfr_t **ipfr_nattab; |
114 | ipfr_t **ipfr_ipidtab; |
115 | ipfrstat_t ipfr_stats; |
116 | } ipf_frag_softc_t; |
117 | |
118 | |
119 | #ifdef USE_MUTEXES |
120 | static ipfr_t *ipfr_frag_new(ipf_main_softc_t *, ipf_frag_softc_t *, |
121 | fr_info_t *, u_32_t, ipfr_t **, |
122 | ipfrwlock_t *); |
123 | static ipfr_t *ipf_frag_lookup(ipf_main_softc_t *, ipf_frag_softc_t *, fr_info_t *, ipfr_t **, ipfrwlock_t *); |
124 | static void ipf_frag_deref(void *, ipfr_t **, ipfrwlock_t *); |
125 | static int ipf_frag_next(ipf_main_softc_t *, ipftoken_t *, ipfgeniter_t *, |
126 | ipfr_t **, ipfrwlock_t *); |
127 | #else |
128 | static ipfr_t *ipfr_frag_new(ipf_main_softc_t *, ipf_frag_softc_t *, |
129 | fr_info_t *, u_32_t, ipfr_t **); |
130 | static ipfr_t *ipf_frag_lookup(ipf_main_softc_t *, ipf_frag_softc_t *, fr_info_t *, ipfr_t **); |
131 | static void ipf_frag_deref(void *, ipfr_t **); |
132 | static int ipf_frag_next(ipf_main_softc_t *, ipftoken_t *, ipfgeniter_t *, |
133 | ipfr_t **); |
134 | #endif |
135 | static void ipf_frag_delete(ipf_main_softc_t *, ipfr_t *, ipfr_t ***); |
136 | static void ipf_frag_free(ipf_frag_softc_t *, ipfr_t *); |
137 | |
138 | static frentry_t ipfr_block; |
139 | |
140 | ipftuneable_t ipf_tuneables[] = { |
141 | { { (void *)offsetof(ipf_frag_softc_t, ipfr_size) }, |
142 | "frag_size" , 1, 0x7fffffff, |
143 | stsizeof(ipf_frag_softc_t, ipfr_size), |
144 | IPFT_WRDISABLED, NULL, NULL }, |
145 | { { (void *)offsetof(ipf_frag_softc_t, ipfr_ttl) }, |
146 | "frag_ttl" , 1, 0x7fffffff, |
147 | stsizeof(ipf_frag_softc_t, ipfr_ttl), |
148 | 0, NULL, NULL }, |
149 | { { NULL }, |
150 | NULL, 0, 0, |
151 | 0, |
152 | 0, NULL, NULL } |
153 | }; |
154 | |
155 | #define FBUMP(x) softf->ipfr_stats.x++ |
156 | #define FBUMPD(x) do { softf->ipfr_stats.x++; DT(x); } while (0) |
157 | |
158 | |
159 | /* ------------------------------------------------------------------------ */ |
160 | /* Function: ipf_frag_main_load */ |
161 | /* Returns: int - 0 == success, -1 == error */ |
162 | /* Parameters: Nil */ |
163 | /* */ |
164 | /* Initialise the filter rule associted with blocked packets - everyone can */ |
165 | /* use it. */ |
166 | /* ------------------------------------------------------------------------ */ |
167 | int |
168 | ipf_frag_main_load(void) |
169 | { |
170 | bzero((char *)&ipfr_block, sizeof(ipfr_block)); |
171 | ipfr_block.fr_flags = FR_BLOCK|FR_QUICK; |
172 | ipfr_block.fr_ref = 1; |
173 | |
174 | return 0; |
175 | } |
176 | |
177 | |
178 | /* ------------------------------------------------------------------------ */ |
179 | /* Function: ipf_frag_main_unload */ |
180 | /* Returns: int - 0 == success, -1 == error */ |
181 | /* Parameters: Nil */ |
182 | /* */ |
183 | /* A null-op function that exists as a placeholder so that the flow in */ |
184 | /* other functions is obvious. */ |
185 | /* ------------------------------------------------------------------------ */ |
186 | int |
187 | ipf_frag_main_unload(void) |
188 | { |
189 | return 0; |
190 | } |
191 | |
192 | |
193 | /* ------------------------------------------------------------------------ */ |
194 | /* Function: ipf_frag_soft_create */ |
195 | /* Returns: void * - NULL = failure, else pointer to local context */ |
196 | /* Parameters: softc(I) - pointer to soft context main structure */ |
197 | /* */ |
198 | /* Allocate a new soft context structure to track fragment related info. */ |
199 | /* ------------------------------------------------------------------------ */ |
200 | /*ARGSUSED*/ |
201 | void * |
202 | ipf_frag_soft_create(ipf_main_softc_t *softc) |
203 | { |
204 | ipf_frag_softc_t *softf; |
205 | |
206 | KMALLOC(softf, ipf_frag_softc_t *); |
207 | if (softf == NULL) |
208 | return NULL; |
209 | |
210 | bzero((char *)softf, sizeof(*softf)); |
211 | |
212 | RWLOCK_INIT(&softf->ipfr_ipidfrag, "frag ipid lock" ); |
213 | RWLOCK_INIT(&softf->ipfr_frag, "ipf fragment rwlock" ); |
214 | RWLOCK_INIT(&softf->ipfr_natfrag, "ipf NAT fragment rwlock" ); |
215 | |
216 | softf->ipfr_size = IPFT_SIZE; |
217 | softf->ipfr_ttl = IPF_TTLVAL(60); |
218 | softf->ipfr_lock = 1; |
219 | softf->ipfr_tail = &softf->ipfr_list; |
220 | softf->ipfr_nattail = &softf->ipfr_natlist; |
221 | softf->ipfr_ipidtail = &softf->ipfr_ipidlist; |
222 | |
223 | return softf; |
224 | } |
225 | |
226 | |
227 | /* ------------------------------------------------------------------------ */ |
228 | /* Function: ipf_frag_soft_destroy */ |
229 | /* Returns: Nil */ |
230 | /* Parameters: softc(I) - pointer to soft context main structure */ |
231 | /* arg(I) - pointer to local context to use */ |
232 | /* */ |
233 | /* Initialise the hash tables for the fragment cache lookups. */ |
234 | /* ------------------------------------------------------------------------ */ |
235 | void |
236 | ipf_frag_soft_destroy(ipf_main_softc_t *softc, void *arg) |
237 | { |
238 | ipf_frag_softc_t *softf = arg; |
239 | |
240 | RW_DESTROY(&softf->ipfr_ipidfrag); |
241 | RW_DESTROY(&softf->ipfr_frag); |
242 | RW_DESTROY(&softf->ipfr_natfrag); |
243 | |
244 | KFREE(softf); |
245 | } |
246 | |
247 | |
248 | /* ------------------------------------------------------------------------ */ |
249 | /* Function: ipf_frag_soft_init */ |
250 | /* Returns: int - 0 == success, -1 == error */ |
251 | /* Parameters: softc(I) - pointer to soft context main structure */ |
252 | /* arg(I) - pointer to local context to use */ |
253 | /* */ |
254 | /* Initialise the hash tables for the fragment cache lookups. */ |
255 | /* ------------------------------------------------------------------------ */ |
256 | /*ARGSUSED*/ |
257 | int |
258 | ipf_frag_soft_init(ipf_main_softc_t *softc, void *arg) |
259 | { |
260 | ipf_frag_softc_t *softf = arg; |
261 | |
262 | KMALLOCS(softf->ipfr_heads, ipfr_t **, |
263 | softf->ipfr_size * sizeof(ipfr_t *)); |
264 | if (softf->ipfr_heads == NULL) |
265 | return -1; |
266 | |
267 | bzero((char *)softf->ipfr_heads, softf->ipfr_size * sizeof(ipfr_t *)); |
268 | |
269 | KMALLOCS(softf->ipfr_nattab, ipfr_t **, |
270 | softf->ipfr_size * sizeof(ipfr_t *)); |
271 | if (softf->ipfr_nattab == NULL) |
272 | return -2; |
273 | |
274 | bzero((char *)softf->ipfr_nattab, softf->ipfr_size * sizeof(ipfr_t *)); |
275 | |
276 | KMALLOCS(softf->ipfr_ipidtab, ipfr_t **, |
277 | softf->ipfr_size * sizeof(ipfr_t *)); |
278 | if (softf->ipfr_ipidtab == NULL) |
279 | return -3; |
280 | |
281 | bzero((char *)softf->ipfr_ipidtab, |
282 | softf->ipfr_size * sizeof(ipfr_t *)); |
283 | |
284 | softf->ipfr_lock = 0; |
285 | softf->ipfr_inited = 1; |
286 | |
287 | return 0; |
288 | } |
289 | |
290 | |
291 | /* ------------------------------------------------------------------------ */ |
292 | /* Function: ipf_frag_soft_fini */ |
293 | /* Returns: int - 0 == success, -1 == error */ |
294 | /* Parameters: softc(I) - pointer to soft context main structure */ |
295 | /* arg(I) - pointer to local context to use */ |
296 | /* */ |
297 | /* Free all memory allocated whilst running and from initialisation. */ |
298 | /* ------------------------------------------------------------------------ */ |
299 | int |
300 | ipf_frag_soft_fini(ipf_main_softc_t *softc, void *arg) |
301 | { |
302 | ipf_frag_softc_t *softf = arg; |
303 | |
304 | softf->ipfr_lock = 1; |
305 | |
306 | if (softf->ipfr_inited == 1) { |
307 | ipf_frag_clear(softc); |
308 | |
309 | softf->ipfr_inited = 0; |
310 | } |
311 | |
312 | if (softf->ipfr_heads != NULL) |
313 | KFREES(softf->ipfr_heads, |
314 | softf->ipfr_size * sizeof(ipfr_t *)); |
315 | softf->ipfr_heads = NULL; |
316 | |
317 | if (softf->ipfr_nattab != NULL) |
318 | KFREES(softf->ipfr_nattab, |
319 | softf->ipfr_size * sizeof(ipfr_t *)); |
320 | softf->ipfr_nattab = NULL; |
321 | |
322 | if (softf->ipfr_ipidtab != NULL) |
323 | KFREES(softf->ipfr_ipidtab, |
324 | softf->ipfr_size * sizeof(ipfr_t *)); |
325 | softf->ipfr_ipidtab = NULL; |
326 | |
327 | return 0; |
328 | } |
329 | |
330 | |
331 | /* ------------------------------------------------------------------------ */ |
332 | /* Function: ipf_frag_set_lock */ |
333 | /* Returns: Nil */ |
334 | /* Parameters: arg(I) - pointer to local context to use */ |
335 | /* tmp(I) - new value for lock */ |
336 | /* */ |
337 | /* Stub function that allows for external manipulation of ipfr_lock */ |
338 | /* ------------------------------------------------------------------------ */ |
339 | void |
340 | ipf_frag_setlock(void *arg, int tmp) |
341 | { |
342 | ipf_frag_softc_t *softf = arg; |
343 | |
344 | softf->ipfr_lock = tmp; |
345 | } |
346 | |
347 | |
348 | /* ------------------------------------------------------------------------ */ |
349 | /* Function: ipf_frag_stats */ |
350 | /* Returns: ipfrstat_t* - pointer to struct with current frag stats */ |
351 | /* Parameters: arg(I) - pointer to local context to use */ |
352 | /* */ |
353 | /* Updates ipfr_stats with current information and returns a pointer to it */ |
354 | /* ------------------------------------------------------------------------ */ |
355 | ipfrstat_t * |
356 | ipf_frag_stats(void *arg) |
357 | { |
358 | ipf_frag_softc_t *softf = arg; |
359 | |
360 | softf->ipfr_stats.ifs_table = softf->ipfr_heads; |
361 | softf->ipfr_stats.ifs_nattab = softf->ipfr_nattab; |
362 | return &softf->ipfr_stats; |
363 | } |
364 | |
365 | |
366 | /* ------------------------------------------------------------------------ */ |
367 | /* Function: ipfr_frag_new */ |
368 | /* Returns: ipfr_t * - pointer to fragment cache state info or NULL */ |
369 | /* Parameters: fin(I) - pointer to packet information */ |
370 | /* table(I) - pointer to frag table to add to */ |
371 | /* lock(I) - pointer to lock to get a write hold of */ |
372 | /* */ |
373 | /* Add a new entry to the fragment cache, registering it as having come */ |
374 | /* through this box, with the result of the filter operation. */ |
375 | /* */ |
376 | /* If this function succeeds, it returns with a write lock held on "lock". */ |
377 | /* If it fails, no lock is held on return. */ |
378 | /* ------------------------------------------------------------------------ */ |
379 | static ipfr_t * |
380 | ipfr_frag_new( |
381 | ipf_main_softc_t *softc, |
382 | ipf_frag_softc_t *softf, |
383 | fr_info_t *fin, |
384 | u_32_t pass, |
385 | ipfr_t *table[] |
386 | #ifdef USE_MUTEXES |
387 | , ipfrwlock_t *lock |
388 | #endif |
389 | ) |
390 | { |
391 | ipfr_t *fra, frag, *fran; |
392 | u_int idx, off; |
393 | frentry_t *fr; |
394 | |
395 | if (softf->ipfr_stats.ifs_inuse >= softf->ipfr_size) { |
396 | FBUMPD(ifs_maximum); |
397 | return NULL; |
398 | } |
399 | |
400 | if ((fin->fin_flx & (FI_FRAG|FI_BAD)) != FI_FRAG) { |
401 | FBUMPD(ifs_newbad); |
402 | return NULL; |
403 | } |
404 | |
405 | if (pass & FR_FRSTRICT) { |
406 | if (fin->fin_off != 0) { |
407 | FBUMPD(ifs_newrestrictnot0); |
408 | return NULL; |
409 | } |
410 | } |
411 | |
412 | frag.ipfr_v = fin->fin_v; |
413 | idx = fin->fin_v; |
414 | frag.ipfr_p = fin->fin_p; |
415 | idx += fin->fin_p; |
416 | frag.ipfr_id = fin->fin_id; |
417 | idx += fin->fin_id; |
418 | frag.ipfr_source = fin->fin_fi.fi_src; |
419 | idx += frag.ipfr_src.s_addr; |
420 | frag.ipfr_dest = fin->fin_fi.fi_dst; |
421 | idx += frag.ipfr_dst.s_addr; |
422 | frag.ipfr_ifp = fin->fin_ifp; |
423 | idx *= 127; |
424 | idx %= softf->ipfr_size; |
425 | |
426 | frag.ipfr_optmsk = fin->fin_fi.fi_optmsk & IPF_OPTCOPY; |
427 | frag.ipfr_secmsk = fin->fin_fi.fi_secmsk; |
428 | frag.ipfr_auth = fin->fin_fi.fi_auth; |
429 | |
430 | off = fin->fin_off >> 3; |
431 | if (off == 0) { |
432 | char *ptr; |
433 | int end; |
434 | |
435 | #ifdef USE_INET6 |
436 | if (fin->fin_v == 6) { |
437 | |
438 | ptr = (char *)fin->fin_fraghdr + |
439 | sizeof(struct ip6_frag); |
440 | } else |
441 | #endif |
442 | { |
443 | ptr = fin->fin_dp; |
444 | } |
445 | end = fin->fin_plen - (ptr - (char *)fin->fin_ip); |
446 | frag.ipfr_firstend = end >> 3; |
447 | } else { |
448 | frag.ipfr_firstend = 0; |
449 | } |
450 | |
451 | /* |
452 | * allocate some memory, if possible, if not, just record that we |
453 | * failed to do so. |
454 | */ |
455 | KMALLOC(fran, ipfr_t *); |
456 | if (fran == NULL) { |
457 | FBUMPD(ifs_nomem); |
458 | return NULL; |
459 | } |
460 | |
461 | WRITE_ENTER(lock); |
462 | |
463 | /* |
464 | * first, make sure it isn't already there... |
465 | */ |
466 | for (fra = table[idx]; (fra != NULL); fra = fra->ipfr_hnext) |
467 | if (!bcmp((char *)&frag.ipfr_ifp, (char *)&fra->ipfr_ifp, |
468 | IPFR_CMPSZ)) { |
469 | RWLOCK_EXIT(lock); |
470 | FBUMPD(ifs_exists); |
471 | KFREE(fra); |
472 | return NULL; |
473 | } |
474 | |
475 | fra = fran; |
476 | fran = NULL; |
477 | fr = fin->fin_fr; |
478 | fra->ipfr_rule = fr; |
479 | if (fr != NULL) { |
480 | MUTEX_ENTER(&fr->fr_lock); |
481 | fr->fr_ref++; |
482 | MUTEX_EXIT(&fr->fr_lock); |
483 | } |
484 | |
485 | /* |
486 | * Insert the fragment into the fragment table, copy the struct used |
487 | * in the search using bcopy rather than reassign each field. |
488 | * Set the ttl to the default. |
489 | */ |
490 | if ((fra->ipfr_hnext = table[idx]) != NULL) |
491 | table[idx]->ipfr_hprev = &fra->ipfr_hnext; |
492 | fra->ipfr_hprev = table + idx; |
493 | fra->ipfr_data = NULL; |
494 | table[idx] = fra; |
495 | bcopy((char *)&frag.ipfr_ifp, (char *)&fra->ipfr_ifp, IPFR_CMPSZ); |
496 | fra->ipfr_v = fin->fin_v; |
497 | fra->ipfr_ttl = softc->ipf_ticks + softf->ipfr_ttl; |
498 | fra->ipfr_firstend = frag.ipfr_firstend; |
499 | |
500 | /* |
501 | * Compute the offset of the expected start of the next packet. |
502 | */ |
503 | if (off == 0) |
504 | fra->ipfr_seen0 = 1; |
505 | fra->ipfr_off = off + (fin->fin_dlen >> 3); |
506 | fra->ipfr_pass = pass; |
507 | fra->ipfr_ref = 1; |
508 | fra->ipfr_pkts = 1; |
509 | fra->ipfr_bytes = fin->fin_plen; |
510 | FBUMP(ifs_inuse); |
511 | FBUMP(ifs_new); |
512 | return fra; |
513 | } |
514 | |
515 | |
516 | /* ------------------------------------------------------------------------ */ |
517 | /* Function: ipf_frag_new */ |
518 | /* Returns: int - 0 == success, -1 == error */ |
519 | /* Parameters: fin(I) - pointer to packet information */ |
520 | /* */ |
521 | /* Add a new entry to the fragment cache table based on the current packet */ |
522 | /* ------------------------------------------------------------------------ */ |
523 | int |
524 | ipf_frag_new(ipf_main_softc_t *softc, fr_info_t *fin, u_32_t pass) |
525 | { |
526 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
527 | ipfr_t *fra; |
528 | |
529 | if (softf->ipfr_lock != 0) |
530 | return -1; |
531 | |
532 | #ifdef USE_MUTEXES |
533 | fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_heads, &softc->ipf_frag); |
534 | #else |
535 | fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_heads); |
536 | #endif |
537 | if (fra != NULL) { |
538 | *softf->ipfr_tail = fra; |
539 | fra->ipfr_prev = softf->ipfr_tail; |
540 | softf->ipfr_tail = &fra->ipfr_next; |
541 | fra->ipfr_next = NULL; |
542 | RWLOCK_EXIT(&softc->ipf_frag); |
543 | } |
544 | return fra ? 0 : -1; |
545 | } |
546 | |
547 | |
548 | /* ------------------------------------------------------------------------ */ |
549 | /* Function: ipf_frag_natnew */ |
550 | /* Returns: int - 0 == success, -1 == error */ |
551 | /* Parameters: fin(I) - pointer to packet information */ |
552 | /* nat(I) - pointer to NAT structure */ |
553 | /* */ |
554 | /* Create a new NAT fragment cache entry based on the current packet and */ |
555 | /* the NAT structure for this "session". */ |
556 | /* ------------------------------------------------------------------------ */ |
557 | int |
558 | ipf_frag_natnew(ipf_main_softc_t *softc, fr_info_t *fin, u_32_t pass, |
559 | nat_t *nat) |
560 | { |
561 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
562 | ipfr_t *fra; |
563 | |
564 | if (softf->ipfr_lock != 0) |
565 | return 0; |
566 | |
567 | #ifdef USE_MUTEXES |
568 | fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_nattab, |
569 | &softf->ipfr_natfrag); |
570 | #else |
571 | fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_nattab); |
572 | #endif |
573 | if (fra != NULL) { |
574 | fra->ipfr_data = nat; |
575 | nat->nat_data = fra; |
576 | *softf->ipfr_nattail = fra; |
577 | fra->ipfr_prev = softf->ipfr_nattail; |
578 | softf->ipfr_nattail = &fra->ipfr_next; |
579 | fra->ipfr_next = NULL; |
580 | RWLOCK_EXIT(&softf->ipfr_natfrag); |
581 | return 0; |
582 | } |
583 | return -1; |
584 | } |
585 | |
586 | |
587 | /* ------------------------------------------------------------------------ */ |
588 | /* Function: ipf_frag_ipidnew */ |
589 | /* Returns: int - 0 == success, -1 == error */ |
590 | /* Parameters: fin(I) - pointer to packet information */ |
591 | /* ipid(I) - new IP ID for this fragmented packet */ |
592 | /* */ |
593 | /* Create a new fragment cache entry for this packet and store, as a data */ |
594 | /* pointer, the new IP ID value. */ |
595 | /* ------------------------------------------------------------------------ */ |
596 | int |
597 | ipf_frag_ipidnew(fr_info_t *fin, u_32_t ipid) |
598 | { |
599 | ipf_main_softc_t *softc = fin->fin_main_soft; |
600 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
601 | ipfr_t *fra; |
602 | |
603 | if (softf->ipfr_lock) |
604 | return 0; |
605 | |
606 | #ifdef USE_MUTEXES |
607 | fra = ipfr_frag_new(softc, softf, fin, 0, softf->ipfr_ipidtab, &softf->ipfr_ipidfrag); |
608 | #else |
609 | fra = ipfr_frag_new(softc, softf, fin, 0, softf->ipfr_ipidtab); |
610 | #endif |
611 | if (fra != NULL) { |
612 | fra->ipfr_data = (void *)(intptr_t)ipid; |
613 | *softf->ipfr_ipidtail = fra; |
614 | fra->ipfr_prev = softf->ipfr_ipidtail; |
615 | softf->ipfr_ipidtail = &fra->ipfr_next; |
616 | fra->ipfr_next = NULL; |
617 | RWLOCK_EXIT(&softf->ipfr_ipidfrag); |
618 | } |
619 | return fra ? 0 : -1; |
620 | } |
621 | |
622 | |
623 | /* ------------------------------------------------------------------------ */ |
624 | /* Function: ipf_frag_lookup */ |
625 | /* Returns: ipfr_t * - pointer to ipfr_t structure if there's a */ |
626 | /* matching entry in the frag table, else NULL */ |
627 | /* Parameters: fin(I) - pointer to packet information */ |
628 | /* table(I) - pointer to fragment cache table to search */ |
629 | /* */ |
630 | /* Check the fragment cache to see if there is already a record of this */ |
631 | /* packet with its filter result known. */ |
632 | /* */ |
633 | /* If this function succeeds, it returns with a write lock held on "lock". */ |
634 | /* If it fails, no lock is held on return. */ |
635 | /* ------------------------------------------------------------------------ */ |
636 | static ipfr_t * |
637 | ipf_frag_lookup( |
638 | ipf_main_softc_t *softc, |
639 | ipf_frag_softc_t *softf, |
640 | fr_info_t *fin, |
641 | ipfr_t *table[] |
642 | #ifdef USE_MUTEXES |
643 | , ipfrwlock_t *lock |
644 | #endif |
645 | ) |
646 | { |
647 | ipfr_t *f, frag; |
648 | u_int idx; |
649 | |
650 | /* |
651 | * We don't want to let short packets match because they could be |
652 | * compromising the security of other rules that want to match on |
653 | * layer 4 fields (and can't because they have been fragmented off.) |
654 | * Why do this check here? The counter acts as an indicator of this |
655 | * kind of attack, whereas if it was elsewhere, it wouldn't know if |
656 | * other matching packets had been seen. |
657 | */ |
658 | if (fin->fin_flx & FI_SHORT) { |
659 | FBUMPD(ifs_short); |
660 | return NULL; |
661 | } |
662 | |
663 | if ((fin->fin_flx & FI_BAD) != 0) { |
664 | FBUMPD(ifs_bad); |
665 | return NULL; |
666 | } |
667 | |
668 | /* |
669 | * For fragments, we record protocol, packet id, TOS and both IP#'s |
670 | * (these should all be the same for all fragments of a packet). |
671 | * |
672 | * build up a hash value to index the table with. |
673 | */ |
674 | frag.ipfr_v = fin->fin_v; |
675 | idx = fin->fin_v; |
676 | frag.ipfr_p = fin->fin_p; |
677 | idx += fin->fin_p; |
678 | frag.ipfr_id = fin->fin_id; |
679 | idx += fin->fin_id; |
680 | frag.ipfr_source = fin->fin_fi.fi_src; |
681 | idx += frag.ipfr_src.s_addr; |
682 | frag.ipfr_dest = fin->fin_fi.fi_dst; |
683 | idx += frag.ipfr_dst.s_addr; |
684 | frag.ipfr_ifp = fin->fin_ifp; |
685 | idx *= 127; |
686 | idx %= softf->ipfr_size; |
687 | |
688 | frag.ipfr_optmsk = fin->fin_fi.fi_optmsk & IPF_OPTCOPY; |
689 | frag.ipfr_secmsk = fin->fin_fi.fi_secmsk; |
690 | frag.ipfr_auth = fin->fin_fi.fi_auth; |
691 | |
692 | READ_ENTER(lock); |
693 | |
694 | /* |
695 | * check the table, careful to only compare the right amount of data |
696 | */ |
697 | for (f = table[idx]; f; f = f->ipfr_hnext) { |
698 | if (!bcmp((char *)&frag.ipfr_ifp, (char *)&f->ipfr_ifp, |
699 | IPFR_CMPSZ)) { |
700 | u_short off; |
701 | |
702 | /* |
703 | * XXX - We really need to be guarding against the |
704 | * retransmission of (src,dst,id,offset-range) here |
705 | * because a fragmented packet is never resent with |
706 | * the same IP ID# (or shouldn't). |
707 | */ |
708 | off = fin->fin_off >> 3; |
709 | if (f->ipfr_seen0) { |
710 | if (off == 0) { |
711 | FBUMPD(ifs_retrans0); |
712 | continue; |
713 | } |
714 | |
715 | /* |
716 | * Case 3. See comment for frpr_fragment6. |
717 | */ |
718 | if ((f->ipfr_firstend != 0) && |
719 | (off < f->ipfr_firstend)) { |
720 | FBUMP(ifs_overlap); |
721 | DT2(ifs_overlap, u_short, off, |
722 | ipfr_t *, f); |
723 | fin->fin_flx |= FI_BAD; |
724 | break; |
725 | } |
726 | } else if (off == 0) |
727 | f->ipfr_seen0 = 1; |
728 | |
729 | if (f != table[idx]) { |
730 | ipfr_t **fp; |
731 | |
732 | /* |
733 | * Move fragment info. to the top of the list |
734 | * to speed up searches. First, delink... |
735 | */ |
736 | fp = f->ipfr_hprev; |
737 | (*fp) = f->ipfr_hnext; |
738 | if (f->ipfr_hnext != NULL) |
739 | f->ipfr_hnext->ipfr_hprev = fp; |
740 | /* |
741 | * Then put back at the top of the chain. |
742 | */ |
743 | f->ipfr_hnext = table[idx]; |
744 | table[idx]->ipfr_hprev = &f->ipfr_hnext; |
745 | f->ipfr_hprev = table + idx; |
746 | table[idx] = f; |
747 | } |
748 | |
749 | /* |
750 | * If we've follwed the fragments, and this is the |
751 | * last (in order), shrink expiration time. |
752 | */ |
753 | if (off == f->ipfr_off) { |
754 | f->ipfr_off = (fin->fin_dlen >> 3) + off; |
755 | |
756 | /* |
757 | * Well, we could shrink the expiration time |
758 | * but only if every fragment has been seen |
759 | * in order upto this, the last. ipfr_badorder |
760 | * is used here to count those out of order |
761 | * and if it equals 0 when we get to the last |
762 | * fragment then we can assume all of the |
763 | * fragments have been seen and in order. |
764 | */ |
765 | #if 0 |
766 | /* |
767 | * Doing this properly requires moving it to |
768 | * the head of the list which is infesible. |
769 | */ |
770 | if ((more == 0) && (f->ipfr_badorder == 0)) |
771 | f->ipfr_ttl = softc->ipf_ticks + 1; |
772 | #endif |
773 | } else { |
774 | f->ipfr_badorder++; |
775 | FBUMPD(ifs_unordered); |
776 | if (f->ipfr_pass & FR_FRSTRICT) { |
777 | FBUMPD(ifs_strict); |
778 | continue; |
779 | } |
780 | } |
781 | f->ipfr_pkts++; |
782 | f->ipfr_bytes += fin->fin_plen; |
783 | FBUMP(ifs_hits); |
784 | return f; |
785 | } |
786 | } |
787 | |
788 | RWLOCK_EXIT(lock); |
789 | FBUMP(ifs_miss); |
790 | return NULL; |
791 | } |
792 | |
793 | |
794 | /* ------------------------------------------------------------------------ */ |
795 | /* Function: ipf_frag_natknown */ |
796 | /* Returns: nat_t* - pointer to 'parent' NAT structure if frag table */ |
797 | /* match found, else NULL */ |
798 | /* Parameters: fin(I) - pointer to packet information */ |
799 | /* */ |
800 | /* Functional interface for NAT lookups of the NAT fragment cache */ |
801 | /* ------------------------------------------------------------------------ */ |
802 | nat_t * |
803 | ipf_frag_natknown(fr_info_t *fin) |
804 | { |
805 | ipf_main_softc_t *softc = fin->fin_main_soft; |
806 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
807 | nat_t *nat; |
808 | ipfr_t *ipf; |
809 | |
810 | if ((softf->ipfr_lock) || !softf->ipfr_natlist) |
811 | return NULL; |
812 | #ifdef USE_MUTEXES |
813 | ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_nattab, |
814 | &softf->ipfr_natfrag); |
815 | #else |
816 | ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_nattab); |
817 | #endif |
818 | if (ipf != NULL) { |
819 | nat = ipf->ipfr_data; |
820 | /* |
821 | * This is the last fragment for this packet. |
822 | */ |
823 | if ((ipf->ipfr_ttl == softc->ipf_ticks + 1) && (nat != NULL)) { |
824 | nat->nat_data = NULL; |
825 | ipf->ipfr_data = NULL; |
826 | } |
827 | RWLOCK_EXIT(&softf->ipfr_natfrag); |
828 | } else |
829 | nat = NULL; |
830 | return nat; |
831 | } |
832 | |
833 | |
834 | /* ------------------------------------------------------------------------ */ |
835 | /* Function: ipf_frag_ipidknown */ |
836 | /* Returns: u_32_t - IPv4 ID for this packet if match found, else */ |
837 | /* return 0xfffffff to indicate no match. */ |
838 | /* Parameters: fin(I) - pointer to packet information */ |
839 | /* */ |
840 | /* Functional interface for IP ID lookups of the IP ID fragment cache */ |
841 | /* ------------------------------------------------------------------------ */ |
842 | u_32_t |
843 | ipf_frag_ipidknown(fr_info_t *fin) |
844 | { |
845 | ipf_main_softc_t *softc = fin->fin_main_soft; |
846 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
847 | ipfr_t *ipf; |
848 | u_32_t id; |
849 | |
850 | if (softf->ipfr_lock || !softf->ipfr_ipidlist) |
851 | return 0xffffffff; |
852 | |
853 | #ifdef USE_MUTEXES |
854 | ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_ipidtab, |
855 | &softf->ipfr_ipidfrag); |
856 | #else |
857 | ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_ipidtab); |
858 | #endif |
859 | if (ipf != NULL) { |
860 | id = (u_32_t)(intptr_t)ipf->ipfr_data; |
861 | RWLOCK_EXIT(&softf->ipfr_ipidfrag); |
862 | } else |
863 | id = 0xffffffff; |
864 | return id; |
865 | } |
866 | |
867 | |
868 | /* ------------------------------------------------------------------------ */ |
869 | /* Function: ipf_frag_known */ |
870 | /* Returns: frentry_t* - pointer to filter rule if a match is found in */ |
871 | /* the frag cache table, else NULL. */ |
872 | /* Parameters: fin(I) - pointer to packet information */ |
873 | /* passp(O) - pointer to where to store rule flags resturned */ |
874 | /* */ |
875 | /* Functional interface for normal lookups of the fragment cache. If a */ |
876 | /* match is found, return the rule pointer and flags from the rule, except */ |
877 | /* that if FR_LOGFIRST is set, reset FR_LOG. */ |
878 | /* ------------------------------------------------------------------------ */ |
879 | frentry_t * |
880 | ipf_frag_known(fr_info_t *fin, u_32_t *passp) |
881 | { |
882 | ipf_main_softc_t *softc = fin->fin_main_soft; |
883 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
884 | frentry_t *fr = NULL; |
885 | ipfr_t *fra; |
886 | u_32_t pass; |
887 | |
888 | if ((softf->ipfr_lock) || (softf->ipfr_list == NULL)) |
889 | return NULL; |
890 | |
891 | #ifdef USE_MUTEXES |
892 | fra = ipf_frag_lookup(softc, softf, fin, softf->ipfr_heads, |
893 | &softc->ipf_frag); |
894 | #else |
895 | fra = ipf_frag_lookup(softc, softf, fin, softf->ipfr_heads); |
896 | #endif |
897 | if (fra != NULL) { |
898 | if (fin->fin_flx & FI_BAD) { |
899 | fr = &ipfr_block; |
900 | fin->fin_reason = FRB_BADFRAG; |
901 | } else { |
902 | fr = fra->ipfr_rule; |
903 | } |
904 | fin->fin_fr = fr; |
905 | if (fr != NULL) { |
906 | pass = fr->fr_flags; |
907 | if ((pass & FR_KEEPSTATE) != 0) { |
908 | fin->fin_flx |= FI_STATE; |
909 | /* |
910 | * Reset the keep state flag here so that we |
911 | * don't try and add a new state entry because |
912 | * of a match here. That leads to blocking of |
913 | * the packet later because the add fails. |
914 | */ |
915 | pass &= ~FR_KEEPSTATE; |
916 | } |
917 | if ((pass & FR_LOGFIRST) != 0) |
918 | pass &= ~(FR_LOGFIRST|FR_LOG); |
919 | *passp = pass; |
920 | } |
921 | RWLOCK_EXIT(&softc->ipf_frag); |
922 | } |
923 | return fr; |
924 | } |
925 | |
926 | |
927 | /* ------------------------------------------------------------------------ */ |
928 | /* Function: ipf_frag_natforget */ |
929 | /* Returns: Nil */ |
930 | /* Parameters: ptr(I) - pointer to data structure */ |
931 | /* */ |
932 | /* Search through all of the fragment cache entries for NAT and wherever a */ |
933 | /* pointer is found to match ptr, reset it to NULL. */ |
934 | /* ------------------------------------------------------------------------ */ |
935 | void |
936 | ipf_frag_natforget(ipf_main_softc_t *softc, void *ptr) |
937 | { |
938 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
939 | ipfr_t *fr; |
940 | |
941 | WRITE_ENTER(&softf->ipfr_natfrag); |
942 | for (fr = softf->ipfr_natlist; fr; fr = fr->ipfr_next) |
943 | if (fr->ipfr_data == ptr) |
944 | fr->ipfr_data = NULL; |
945 | RWLOCK_EXIT(&softf->ipfr_natfrag); |
946 | } |
947 | |
948 | |
949 | /* ------------------------------------------------------------------------ */ |
950 | /* Function: ipf_frag_delete */ |
951 | /* Returns: Nil */ |
952 | /* Parameters: fra(I) - pointer to fragment structure to delete */ |
953 | /* tail(IO) - pointer to the pointer to the tail of the frag */ |
954 | /* list */ |
955 | /* */ |
956 | /* Remove a fragment cache table entry from the table & list. Also free */ |
957 | /* the filter rule it is associated with it if it is no longer used as a */ |
958 | /* result of decreasing the reference count. */ |
959 | /* ------------------------------------------------------------------------ */ |
960 | static void |
961 | ipf_frag_delete(ipf_main_softc_t *softc, ipfr_t *fra, ipfr_t ***tail) |
962 | { |
963 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
964 | |
965 | if (fra->ipfr_next) |
966 | fra->ipfr_next->ipfr_prev = fra->ipfr_prev; |
967 | *fra->ipfr_prev = fra->ipfr_next; |
968 | if (*tail == &fra->ipfr_next) |
969 | *tail = fra->ipfr_prev; |
970 | |
971 | if (fra->ipfr_hnext) |
972 | fra->ipfr_hnext->ipfr_hprev = fra->ipfr_hprev; |
973 | *fra->ipfr_hprev = fra->ipfr_hnext; |
974 | |
975 | if (fra->ipfr_rule != NULL) { |
976 | (void) ipf_derefrule(softc, &fra->ipfr_rule); |
977 | } |
978 | |
979 | if (fra->ipfr_ref <= 0) |
980 | ipf_frag_free(softf, fra); |
981 | } |
982 | |
983 | |
984 | /* ------------------------------------------------------------------------ */ |
985 | /* Function: ipf_frag_free */ |
986 | /* Returns: Nil */ |
987 | /* */ |
988 | /* ------------------------------------------------------------------------ */ |
989 | static void |
990 | ipf_frag_free(ipf_frag_softc_t *softf, ipfr_t *fra) |
991 | { |
992 | KFREE(fra); |
993 | FBUMP(ifs_expire); |
994 | softf->ipfr_stats.ifs_inuse--; |
995 | } |
996 | |
997 | |
998 | /* ------------------------------------------------------------------------ */ |
999 | /* Function: ipf_frag_clear */ |
1000 | /* Returns: Nil */ |
1001 | /* Parameters: Nil */ |
1002 | /* */ |
1003 | /* Free memory in use by fragment state information kept. Do the normal */ |
1004 | /* fragment state stuff first and then the NAT-fragment table. */ |
1005 | /* ------------------------------------------------------------------------ */ |
1006 | void |
1007 | ipf_frag_clear(ipf_main_softc_t *softc) |
1008 | { |
1009 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
1010 | ipfr_t *fra; |
1011 | nat_t *nat; |
1012 | |
1013 | WRITE_ENTER(&softc->ipf_frag); |
1014 | while ((fra = softf->ipfr_list) != NULL) { |
1015 | fra->ipfr_ref--; |
1016 | ipf_frag_delete(softc, fra, &softf->ipfr_tail); |
1017 | } |
1018 | softf->ipfr_tail = &softf->ipfr_list; |
1019 | RWLOCK_EXIT(&softc->ipf_frag); |
1020 | |
1021 | WRITE_ENTER(&softc->ipf_nat); |
1022 | WRITE_ENTER(&softf->ipfr_natfrag); |
1023 | while ((fra = softf->ipfr_natlist) != NULL) { |
1024 | nat = fra->ipfr_data; |
1025 | if (nat != NULL) { |
1026 | if (nat->nat_data == fra) |
1027 | nat->nat_data = NULL; |
1028 | } |
1029 | fra->ipfr_ref--; |
1030 | ipf_frag_delete(softc, fra, &softf->ipfr_nattail); |
1031 | } |
1032 | softf->ipfr_nattail = &softf->ipfr_natlist; |
1033 | RWLOCK_EXIT(&softf->ipfr_natfrag); |
1034 | RWLOCK_EXIT(&softc->ipf_nat); |
1035 | } |
1036 | |
1037 | |
1038 | /* ------------------------------------------------------------------------ */ |
1039 | /* Function: ipf_frag_expire */ |
1040 | /* Returns: Nil */ |
1041 | /* Parameters: Nil */ |
1042 | /* */ |
1043 | /* Expire entries in the fragment cache table that have been there too long */ |
1044 | /* ------------------------------------------------------------------------ */ |
1045 | void |
1046 | ipf_frag_expire(ipf_main_softc_t *softc) |
1047 | { |
1048 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
1049 | ipfr_t **fp, *fra; |
1050 | nat_t *nat; |
1051 | SPL_INT(s); |
1052 | |
1053 | if (softf->ipfr_lock) |
1054 | return; |
1055 | |
1056 | SPL_NET(s); |
1057 | WRITE_ENTER(&softc->ipf_frag); |
1058 | /* |
1059 | * Go through the entire table, looking for entries to expire, |
1060 | * which is indicated by the ttl being less than or equal to ipf_ticks. |
1061 | */ |
1062 | for (fp = &softf->ipfr_list; ((fra = *fp) != NULL); ) { |
1063 | if (fra->ipfr_ttl > softc->ipf_ticks) |
1064 | break; |
1065 | fra->ipfr_ref--; |
1066 | ipf_frag_delete(softc, fra, &softf->ipfr_tail); |
1067 | } |
1068 | RWLOCK_EXIT(&softc->ipf_frag); |
1069 | |
1070 | WRITE_ENTER(&softf->ipfr_ipidfrag); |
1071 | for (fp = &softf->ipfr_ipidlist; ((fra = *fp) != NULL); ) { |
1072 | if (fra->ipfr_ttl > softc->ipf_ticks) |
1073 | break; |
1074 | fra->ipfr_ref--; |
1075 | ipf_frag_delete(softc, fra, &softf->ipfr_ipidtail); |
1076 | } |
1077 | RWLOCK_EXIT(&softf->ipfr_ipidfrag); |
1078 | |
1079 | /* |
1080 | * Same again for the NAT table, except that if the structure also |
1081 | * still points to a NAT structure, and the NAT structure points back |
1082 | * at the one to be free'd, NULL the reference from the NAT struct. |
1083 | * NOTE: We need to grab both mutex's early, and in this order so as |
1084 | * to prevent a deadlock if both try to expire at the same time. |
1085 | * The extra if() statement here is because it locks out all NAT |
1086 | * operations - no need to do that if there are no entries in this |
1087 | * list, right? |
1088 | */ |
1089 | if (softf->ipfr_natlist != NULL) { |
1090 | WRITE_ENTER(&softc->ipf_nat); |
1091 | WRITE_ENTER(&softf->ipfr_natfrag); |
1092 | for (fp = &softf->ipfr_natlist; ((fra = *fp) != NULL); ) { |
1093 | if (fra->ipfr_ttl > softc->ipf_ticks) |
1094 | break; |
1095 | nat = fra->ipfr_data; |
1096 | if (nat != NULL) { |
1097 | if (nat->nat_data == fra) |
1098 | nat->nat_data = NULL; |
1099 | } |
1100 | fra->ipfr_ref--; |
1101 | ipf_frag_delete(softc, fra, &softf->ipfr_nattail); |
1102 | } |
1103 | RWLOCK_EXIT(&softf->ipfr_natfrag); |
1104 | RWLOCK_EXIT(&softc->ipf_nat); |
1105 | } |
1106 | SPL_X(s); |
1107 | } |
1108 | |
1109 | |
1110 | /* ------------------------------------------------------------------------ */ |
1111 | /* Function: ipf_frag_pkt_next */ |
1112 | /* ------------------------------------------------------------------------ */ |
1113 | int |
1114 | ipf_frag_pkt_next(ipf_main_softc_t *softc, ipftoken_t *token, ipfgeniter_t *itp) |
1115 | { |
1116 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
1117 | |
1118 | #ifdef USE_MUTEXES |
1119 | return ipf_frag_next(softc, token, itp, &softf->ipfr_list, |
1120 | &softf->ipfr_frag); |
1121 | #else |
1122 | return ipf_frag_next(softc, token, itp, &softf->ipfr_list); |
1123 | #endif |
1124 | } |
1125 | |
1126 | |
1127 | /* ------------------------------------------------------------------------ */ |
1128 | /* Function: ipf_frag_nat_next */ |
1129 | /* ------------------------------------------------------------------------ */ |
1130 | int |
1131 | ipf_frag_nat_next(ipf_main_softc_t *softc, ipftoken_t *token, ipfgeniter_t *itp) |
1132 | { |
1133 | ipf_frag_softc_t *softf = softc->ipf_frag_soft;; |
1134 | |
1135 | #ifdef USE_MUTEXES |
1136 | return ipf_frag_next(softc, token, itp, &softf->ipfr_natlist, |
1137 | &softf->ipfr_natfrag); |
1138 | #else |
1139 | return ipf_frag_next(softc, token, itp, &softf->ipfr_natlist); |
1140 | #endif |
1141 | } |
1142 | |
1143 | /* ------------------------------------------------------------------------ */ |
1144 | /* Function: ipf_frag_next */ |
1145 | /* Returns: int - 0 == success, else error */ |
1146 | /* Parameters: token(I) - pointer to token information for this caller */ |
1147 | /* itp(I) - pointer to generic iterator from caller */ |
1148 | /* top(I) - top of the fragment list */ |
1149 | /* lock(I) - fragment cache lock */ |
1150 | /* */ |
1151 | /* This function is used to interate through the list of entries in the */ |
1152 | /* fragment cache. It increases the reference count on the one currently */ |
1153 | /* being returned so that the caller can come back and resume from it later.*/ |
1154 | /* */ |
1155 | /* This function is used for both the NAT fragment cache as well as the ipf */ |
1156 | /* fragment cache - hence the reason for passing in top and lock. */ |
1157 | /* ------------------------------------------------------------------------ */ |
1158 | static int |
1159 | ipf_frag_next( |
1160 | ipf_main_softc_t *softc, |
1161 | ipftoken_t *token, |
1162 | ipfgeniter_t *itp, |
1163 | ipfr_t **top |
1164 | #ifdef USE_MUTEXES |
1165 | , ipfrwlock_t *lock |
1166 | #endif |
1167 | ) |
1168 | { |
1169 | ipfr_t *frag, *next, zero; |
1170 | int error = 0; |
1171 | |
1172 | if (itp->igi_data == NULL) { |
1173 | IPFERROR(20001); |
1174 | return EFAULT; |
1175 | } |
1176 | |
1177 | if (itp->igi_nitems != 1) { |
1178 | IPFERROR(20003); |
1179 | return EFAULT; |
1180 | } |
1181 | |
1182 | frag = token->ipt_data; |
1183 | |
1184 | READ_ENTER(lock); |
1185 | |
1186 | if (frag == NULL) |
1187 | next = *top; |
1188 | else |
1189 | next = frag->ipfr_next; |
1190 | |
1191 | if (next != NULL) { |
1192 | ATOMIC_INC(next->ipfr_ref); |
1193 | token->ipt_data = next; |
1194 | } else { |
1195 | bzero(&zero, sizeof(zero)); |
1196 | next = &zero; |
1197 | token->ipt_data = NULL; |
1198 | } |
1199 | if (next->ipfr_next == NULL) |
1200 | ipf_token_mark_complete(token); |
1201 | |
1202 | RWLOCK_EXIT(lock); |
1203 | |
1204 | error = COPYOUT(next, itp->igi_data, sizeof(*next)); |
1205 | if (error != 0) |
1206 | IPFERROR(20002); |
1207 | |
1208 | if (frag != NULL) { |
1209 | #ifdef USE_MUTEXES |
1210 | ipf_frag_deref(softc, &frag, lock); |
1211 | #else |
1212 | ipf_frag_deref(softc, &frag); |
1213 | #endif |
1214 | } |
1215 | return error; |
1216 | } |
1217 | |
1218 | |
1219 | /* ------------------------------------------------------------------------ */ |
1220 | /* Function: ipf_frag_pkt_deref */ |
1221 | /* Returns: Nil */ |
1222 | /* */ |
1223 | /* ------------------------------------------------------------------------ */ |
1224 | void |
1225 | ipf_frag_pkt_deref(ipf_main_softc_t *softc, void *data) |
1226 | { |
1227 | ipfr_t **frp = data; |
1228 | |
1229 | #ifdef USE_MUTEXES |
1230 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
1231 | |
1232 | ipf_frag_deref(softc->ipf_frag_soft, frp, &softf->ipfr_frag); |
1233 | #else |
1234 | ipf_frag_deref(softc->ipf_frag_soft, frp); |
1235 | #endif |
1236 | } |
1237 | |
1238 | |
1239 | /* ------------------------------------------------------------------------ */ |
1240 | /* Function: ipf_frag_nat_deref */ |
1241 | /* Returns: Nil */ |
1242 | /* */ |
1243 | /* ------------------------------------------------------------------------ */ |
1244 | void |
1245 | ipf_frag_nat_deref(ipf_main_softc_t *softc, void *data) |
1246 | { |
1247 | ipfr_t **frp = data; |
1248 | |
1249 | #ifdef USE_MUTEXES |
1250 | ipf_frag_softc_t *softf = softc->ipf_frag_soft; |
1251 | |
1252 | ipf_frag_deref(softc->ipf_frag_soft, frp, &softf->ipfr_natfrag); |
1253 | #else |
1254 | ipf_frag_deref(softc->ipf_frag_soft, frp); |
1255 | #endif |
1256 | } |
1257 | |
1258 | |
1259 | /* ------------------------------------------------------------------------ */ |
1260 | /* Function: ipf_frag_deref */ |
1261 | /* Returns: Nil */ |
1262 | /* Parameters: frp(IO) - pointer to fragment structure to deference */ |
1263 | /* lock(I) - lock associated with the fragment */ |
1264 | /* */ |
1265 | /* This function dereferences a fragment structure (ipfr_t). The pointer */ |
1266 | /* passed in will always be reset back to NULL, even if the structure is */ |
1267 | /* not freed, to enforce the notion that the caller is no longer entitled */ |
1268 | /* to use the pointer it is dropping the reference to. */ |
1269 | /* ------------------------------------------------------------------------ */ |
1270 | static void |
1271 | ipf_frag_deref(void *arg, ipfr_t **frp |
1272 | #ifdef USE_MUTEXES |
1273 | , ipfrwlock_t *lock |
1274 | #endif |
1275 | ) |
1276 | { |
1277 | ipf_frag_softc_t *softf = arg; |
1278 | ipfr_t *fra; |
1279 | |
1280 | fra = *frp; |
1281 | *frp = NULL; |
1282 | |
1283 | WRITE_ENTER(lock); |
1284 | fra->ipfr_ref--; |
1285 | if (fra->ipfr_ref <= 0) |
1286 | ipf_frag_free(softf, fra); |
1287 | RWLOCK_EXIT(lock); |
1288 | } |
1289 | |