solaris.c revision 40cdc2e8babc6bb3ab847f6a129fc9eb76c5f4d5
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * Copyright (C) 1993-2001, 2003 by Darren Reed.
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * See the IPFILTER.LICENCE file for details on licencing.
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * Use is subject to license terms.
193974072f41a843678abf5f61979c748687e66bSherry Moore void *, void **));
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yzstatic int ipf_attach __P((dev_info_t *, ddi_attach_cmd_t));
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yzstatic int ipf_detach __P((dev_info_t *, ddi_detach_cmd_t));
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reedstatic void *ipf_stack_create __P((const netid_t));
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reedstatic void ipf_stack_destroy __P((const netid_t, void *));
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yzstatic char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yzstatic struct modlinkage modlink1 = { MODREV_1, &iplmod, NULL };
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz#endif /* SOLARIS2 >= 6 */
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yzstatic void
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs->ifs_kstatp[0] = net_kstat_create(ifs->ifs_netid, "ipf", 0,
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed sizeof (filter_kstats_t) / sizeof (kstat_named_t), 0);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed bcopy(&ipf_kstat_tmp, ifs->ifs_kstatp[0]->ks_data,
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs->ifs_kstatp[0]->ks_update = ipf_kstat_update;
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs->ifs_kstatp[0]->ks_private = &ifs->ifs_frstats[0];
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs->ifs_kstatp[1] = net_kstat_create(ifs->ifs_netid, "ipf", 0,
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed sizeof (filter_kstats_t) / sizeof (kstat_named_t), 0);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed bcopy(&ipf_kstat_tmp, ifs->ifs_kstatp[1]->ks_data,
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs->ifs_kstatp[1]->ks_update = ipf_kstat_update;
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs->ifs_kstatp[1]->ks_private = &ifs->ifs_frstats[1];
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter: ipf_kstat_init(%p) installed %p, %p",
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yzstatic void
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz for (i = 0; i < 2; i++) {
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed net_kstat_delete(ifs->ifs_netid, ifs->ifs_kstatp[i]);
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz return (0);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed mutex_init(&ipf_stack_lock, NULL, MUTEX_DRIVER, NULL);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter: _info(%p) = %d", modinfop, ipfinst);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter: ipf_identify(%p)", dip);
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Initialize things for IPF for each stack instance
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dhstatic void *
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter:stack_create id=%d", id);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed ifs = (ipf_stack_t *)kmem_alloc(sizeof (*ifs), KM_SLEEP);
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Initialize mutex's
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh RWLOCK_INIT(&ifs->ifs_ipf_global, "ipf filter load/unload mutex");
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_CONT, "IP Filter:stack_create zone=%d", ifs->ifs_zone);
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Lock people out while we set things up.
23f4867fdff96a11dd674de6259a5a0d0a13251cnordmark /* Limit to global stack */
23f4867fdff96a11dd674de6259a5a0d0a13251cnordmark cmn_err(CE_CONT, "!%s, running.\n", ipfilter_version);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * This function should only ever be used to find the pointer to the
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * ipfilter stack structure for the zone that is currently being
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * executed... so if you're running in the context of zone 1, you
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * should not attempt to find the ipf_stack_t for zone 0 or 2 or
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * anything else but 1. In that way, the returned pointer is safe
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * as it will only be nuked when the instance is destroyed as part
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed * of the final shutdown of a zone.
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed for (ifs = ipf_stacks; ifs != NULL; ifs = ifs->ifs_next) {
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Make sure we're the only one's modifying things. With
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * this lock others should just fall out of the loop.
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh return (-1);
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Make sure there is no active filter rule.
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh return (-1);
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh return (0);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed for (ifs = ipf_stacks; ifs != NULL; ifs = ifs->ifs_next)
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Destroy things for ipf for one stack.
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh/* ARGSUSED */
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dhstatic void
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed (void) printf("ipf_stack_destroy(%p)\n", (void *)ifs);
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * Make sure we're the only one's modifying things. With
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh * this lock others should just fall out of the loop.
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed printf("ipf_stack_destroy: ipldetach failed\n");
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter: ipf_attach(%p,%x)", dip, cmd);
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz /* Only one instance of ipf (instance 0) can be attached. */
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_CONT, "IP Filter: attach ipf instance %d", instance);
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_CONT, "IP Filter:stack_create callback_reg=%d", i);
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz /* NOTREACHED */
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter: ipf_detach(%p,%x)", dip, cmd);
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz switch (cmd) {
193974072f41a843678abf5f61979c748687e66bSherry Moore * Undo what we did in ipf_attach, freeing resources
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * and removing things we installed. The system
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * framework guarantees we are not active with this devinfo
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * node in any other entry points at this time.
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz if (i > 0) {
f4b3ec61df05330d25f55a36b975b4d7519fdeb1dh /* NOTREACHED */
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz/*ARGSUSED*/
7ddc9b1afd18f260b9fb78ec7732facd91769131Darren Reed cmn_err(CE_NOTE, "IP Filter: ipf_getinfo(%p,%x,%p)", dip, infocmd, arg);
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz *result = (void *)0;
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * Fetch configuration file values that have been entered into the ipf.conf
ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4yz * driver file.
40cdc2e8babc6bb3ab847f6a129fc9eb76c5f4d5Alexandr Nedvedicky (name = ipft->ipft_name) != NULL; ipft++) {
40cdc2e8babc6bb3ab847f6a129fc9eb76c5f4d5Alexandr Nedvedicky err = ddi_prop_lookup_int_array(DDI_DEV_T_ANY, dip,
40cdc2e8babc6bb3ab847f6a129fc9eb76c5f4d5Alexandr Nedvedicky cmn_err(CE_CONT, "IP Filter: lookup_int(%s) = %d\n",
40cdc2e8babc6bb3ab847f6a129fc9eb76c5f4d5Alexandr Nedvedicky if (ipft->ipft_sz == sizeof (uint32_t)) {
40cdc2e8babc6bb3ab847f6a129fc9eb76c5f4d5Alexandr Nedvedicky } else if (ipft->ipft_sz == sizeof (uint64_t)) {