solaris.c revision ab25eeb551a4be927a4b6ae2cf8aff7ed17decb4
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/* #pragma ident "@(#)solaris.c 1.12 6/5/96 (C) 1995 Darren Reed"*/
#pragma ident "@(#)$Id: solaris.c,v 2.73.2.6 2005/07/13 21:40:47 darrenr Exp $"
#pragma ident "%Z%%M% %I% %E% SMI"
#include <sys/dditypes.h>
#include <sys/autoconf.h>
#include <sys/byteorder.h>
#if SOLARIS2 >= 6
# include <net/if_types.h>
#endif
#include <netinet/in_systm.h>
#include <netinet/if_ether.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_state.h"
extern struct filterstats frstats[];
extern int fr_running;
extern int fr_flags;
void *, void **));
#if SOLARIS2 < 10
#endif
IPLOOKUP_NAME, NULL };
#if SOLARIS2 >= 7
extern timeout_id_t fr_timer_id;
#else
extern int fr_timer_id;
#endif
static struct cb_ops ipf_cb_ops = {
nodev, /* strategy */
nodev, /* print */
nodev, /* dump */
iplwrite, /* write */
iplioctl, /* ioctl */
nodev, /* devmap */
nodev, /* mmap */
nodev, /* segmap */
nochpoll, /* poll */
NULL,
#if SOLARIS2 > 4
nodev, /* aread */
nodev, /* awrite */
#endif
};
0,
#if SOLARIS2 >= 10
#else
#endif
nodev, /* reset */
(struct bus_ops *)0
};
extern struct mod_ops mod_driverops;
#if SOLARIS2 >= 6
{ 0, 0 },
{ IFT_OTHER, 0 },
{ IFT_1822, 0 },
{ IFT_HDH1822, 0 },
{ IFT_X25DDN, 0 },
{ IFT_X25, 0 },
{ IFT_ETHER, 14 },
{ IFT_ISO88023, 0 },
{ IFT_ISO88024, 0 },
{ IFT_ISO88025, 0 },
{ IFT_ISO88026, 0 },
{ IFT_STARLAN, 0 },
{ IFT_P10, 0 },
{ IFT_P80, 0 },
{ IFT_HY, 0 },
{ IFT_FDDI, 24 },
{ IFT_LAPB, 0 },
{ IFT_SDLC, 0 },
{ IFT_T1, 0 },
{ IFT_CEPT, 0 },
{ IFT_ISDNBASIC, 0 },
{ IFT_ISDNPRIMARY, 0 },
{ IFT_PTPSERIAL, 0 },
{ IFT_PPP, 0 },
{ IFT_LOOP, 0 },
{ IFT_EON, 0 },
{ IFT_XETHER, 0 },
{ IFT_NSIP, 0 },
{ IFT_SLIP, 0 },
{ IFT_ULTRA, 0 },
{ IFT_DS3, 0 },
{ IFT_SIP, 0 },
{ IFT_FRELAY, 0 },
{ IFT_RS232, 0 },
{ IFT_PARA, 0 },
{ IFT_ARCNET, 0 },
{ IFT_ARCNETPLUS, 0 },
{ IFT_ATM, 0 },
{ IFT_MIOX25, 0 },
{ IFT_SONET, 0 },
{ IFT_X25PLE, 0 },
{ IFT_ISO88022LLC, 0 },
{ IFT_LOCALTALK, 0 },
{ IFT_SMDSDXI, 0 },
{ IFT_FRELAYDCE, 0 },
{ IFT_V35, 0 },
{ IFT_HSSI, 0 },
{ IFT_HIPPI, 0 },
{ IFT_MODEM, 0 },
{ IFT_AAL5, 0 },
{ IFT_SONETPATH, 0 },
{ IFT_SONETVT, 0 },
{ IFT_SMDSICIP, 0 },
{ IFT_PROPVIRTUAL, 0 },
{ IFT_PROPMUX, 0 },
};
#endif /* SOLARIS2 >= 6 */
static const filter_kstats_t ipf_kstat_tmp = {
{ "pass", KSTAT_DATA_ULONG },
{ "block", KSTAT_DATA_ULONG },
{ "nomatch", KSTAT_DATA_ULONG },
{ "short", KSTAT_DATA_ULONG },
{ "pass, logged", KSTAT_DATA_ULONG },
{ "block, logged", KSTAT_DATA_ULONG },
{ "nomatch, logged", KSTAT_DATA_ULONG },
{ "logged", KSTAT_DATA_ULONG },
{ "skip", KSTAT_DATA_ULONG },
{ "return sent", KSTAT_DATA_ULONG },
{ "acct", KSTAT_DATA_ULONG },
{ "bad frag state alloc", KSTAT_DATA_ULONG },
{ "new frag state kept", KSTAT_DATA_ULONG },
{ "new frag state compl. pkt", KSTAT_DATA_ULONG },
{ "bad pkt state alloc", KSTAT_DATA_ULONG },
{ "new pkt kept state", KSTAT_DATA_ULONG },
{ "cachehit", KSTAT_DATA_ULONG },
{ "tcp cksum bad", KSTAT_DATA_ULONG },
{{ "pullup ok", KSTAT_DATA_ULONG },
{ "pullup nok", KSTAT_DATA_ULONG }},
{ "src != route", KSTAT_DATA_ULONG },
{ "ttl invalid", KSTAT_DATA_ULONG },
{ "bad ip pkt", KSTAT_DATA_ULONG },
{ "ipv6 pkt", KSTAT_DATA_ULONG },
{ "dropped:pps ceiling", KSTAT_DATA_ULONG },
{ "ip upd. fail", KSTAT_DATA_ULONG }
};
static void
ipf_kstat_init(void)
{
int i;
for (i = 0; i < 2; i++) {
(i==0)?"inbound":"outbound",
"net",
sizeof (filter_kstats_t) / sizeof (kstat_named_t),
0);
if (ipf_kstatp[i] != NULL) {
sizeof (filter_kstats_t));
kstat_install(ipf_kstatp[i]);
}
}
#ifdef IPFDEBUG
#endif
}
static void
ipf_kstat_fini(void)
{
int i;
for (i = 0; i < 2; i++) {
if (ipf_kstatp[i] != NULL) {
kstat_delete(ipf_kstatp[i]);
ipf_kstatp[i] = NULL;
}
}
}
static int
{
if (rwflag == KSTAT_WRITE)
return (EACCES);
return (0);
}
int _init()
{
int ipfinst;
if (ipfinst != 0)
#ifdef IPFDEBUG
#endif
return ipfinst;
}
int _fini(void)
{
int ipfinst;
#ifdef IPFDEBUG
#endif
if (ipfinst == 0)
return ipfinst;
}
{
int ipfinst;
#ifdef IPFDEBUG
#endif
return ipfinst;
}
#if SOLARIS2 < 10
static int ipf_identify(dip)
{
# ifdef IPFDEBUG
# endif
return (DDI_IDENTIFIED);
return (DDI_NOT_IDENTIFIED);
}
#endif
{
char *s;
int i;
int instance;
#ifdef IPFDEBUG
#endif
return EINVAL;
}
switch (cmd)
{
case DDI_ATTACH:
/* Only one instance of ipf (instance 0) can be attached. */
if (instance > 0)
return DDI_FAILURE;
if (fr_running != 0)
return DDI_FAILURE;
#ifdef IPFDEBUG
#endif
(void) ipf_property_update(dip);
for (i = 0; ((s = ipf_devfiles[i]) != NULL); i++) {
s = strrchr(s, '/');
if (s == NULL)
continue;
s++;
DDI_PSEUDO, 0) ==
DDI_FAILURE) {
goto attach_failed;
}
}
ipf_dev_info = dip;
/*
* Initialize mutex's
*/
/*
* Lock people out while we set things up.
*/
goto attach_failed;
}
"pfil_add_hook");
#ifdef USE_INET6
"pfil_add_hook");
#endif
"pfil_add_hook");
drv_usectohz(500000));
fr_running = 1;
return DDI_SUCCESS;
/* NOTREACHED */
default:
break;
}
#ifdef IPFDEBUG
#endif
/*
* Use our own detach routine to toss
* away any stuff we allocated above.
*/
return DDI_FAILURE;
}
{
int i;
#ifdef IPFDEBUG
#endif
switch (cmd) {
case DDI_DETACH:
if (fr_refcnt != 0)
return DDI_FAILURE;
break;
/*
* Make sure we're the only one's modifying things. With
* this lock others should just fall out of the loop.
*/
if (fr_running <= 0) {
return DDI_FAILURE;
}
fr_running = -2;
"pfil_remove_hook");
#ifdef USE_INET6
"pfil_add_hook");
#endif
"pfil_remove_hook");
if (fr_timer_id != 0) {
(void) untimeout(fr_timer_id);
fr_timer_id = 0;
}
/*
* Undo what we did in ipf_attach, freeing resources
* and removing things we installed. The system
* framework guarantees we are not active with this devinfo
* node in any other entry points at this time.
*/
i = ddi_get_instance(dip);
if (i > 0) {
return DDI_FAILURE;
}
if (!ipldetach()) {
return (DDI_SUCCESS);
}
break;
default:
break;
}
return DDI_FAILURE;
}
/*ARGSUSED*/
{
int error;
if (fr_running <= 0)
return DDI_FAILURE;
error = DDI_FAILURE;
#ifdef IPFDEBUG
#endif
switch (infocmd) {
case DDI_INFO_DEVT2DEVINFO:
*result = ipf_dev_info;
error = DDI_SUCCESS;
break;
case DDI_INFO_DEVT2INSTANCE:
*result = (void *)0;
error = DDI_SUCCESS;
break;
default:
break;
}
return (error);
}
/*
* look for bad consistancies between the list of interfaces the filter knows
* about and those which are currently configured.
*/
/*ARGSUSED*/
int hlen;
void *il;
int out;
void *qif;
{
/*
* Resync. any NAT `connections' using this interface and its IP #.
*/
return 0;
}
/*
* look for bad consistancies between the list of interfaces the filter knows
* about and those which are currently configured.
*/
int ipfsync()
{
return 0;
}
/*
* Fetch configuration file values that have been entered into the ipf.conf
* driver file.
*/
static int ipf_property_update(dip)
{
char *name;
int *i32p;
int err;
#ifdef DDI_NO_AUTODETACH
return DDI_FAILURE;
}
#else
return DDI_FAILURE;
}
#endif
err = DDI_SUCCESS;
one = 1;
{
case 4 :
if (err == DDI_PROP_NOT_FOUND)
continue;
#ifdef IPFDEBUG
#endif
if (err != DDI_PROP_SUCCESS)
return err;
else
break;
#if SOLARIS2 > 8
case 8 :
if (err == DDI_PROP_NOT_FOUND)
continue;
# ifdef IPFDEBUG
# endif
if (err != DDI_PROP_SUCCESS)
return err;
else
break;
#endif
default :
break;
}
if (err != DDI_SUCCESS)
break;
}
return err;
}