ip_frag.c revision 1.3.2.1
1 1.3.2.1 jdolecek /* $NetBSD: ip_frag.c,v 1.3.2.1 2017/12/03 11:38:02 jdolecek Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (C) 2012 by Darren Reed. 5 1.1 christos * 6 1.1 christos * See the IPFILTER.LICENCE file for details on licencing. 7 1.1 christos */ 8 1.1 christos #if defined(KERNEL) || defined(_KERNEL) 9 1.1 christos # undef KERNEL 10 1.1 christos # undef _KERNEL 11 1.1 christos # define KERNEL 1 12 1.1 christos # define _KERNEL 1 13 1.1 christos #endif 14 1.1 christos #include <sys/errno.h> 15 1.1 christos #include <sys/types.h> 16 1.1 christos #include <sys/param.h> 17 1.1 christos #include <sys/time.h> 18 1.1 christos #include <sys/file.h> 19 1.1 christos #ifdef __hpux 20 1.1 christos # include <sys/timeout.h> 21 1.1 christos #endif 22 1.1 christos #if !defined(_KERNEL) 23 1.1 christos # include <stdio.h> 24 1.1 christos # include <string.h> 25 1.1 christos # include <stdlib.h> 26 1.1 christos # define _KERNEL 27 1.1 christos # ifdef __OpenBSD__ 28 1.1 christos struct file; 29 1.1 christos # endif 30 1.1 christos # include <sys/uio.h> 31 1.1 christos # undef _KERNEL 32 1.1 christos #endif 33 1.1 christos #if defined(_KERNEL) && \ 34 1.1 christos defined(__FreeBSD_version) && (__FreeBSD_version >= 220000) 35 1.1 christos # include <sys/filio.h> 36 1.1 christos # include <sys/fcntl.h> 37 1.1 christos #else 38 1.1 christos # include <sys/ioctl.h> 39 1.1 christos #endif 40 1.1 christos #if !defined(linux) 41 1.1 christos # include <sys/protosw.h> 42 1.1 christos #endif 43 1.1 christos #include <sys/socket.h> 44 1.1 christos #if defined(_KERNEL) 45 1.1 christos # include <sys/systm.h> 46 1.1 christos # if !defined(__SVR4) && !defined(__svr4__) 47 1.1 christos # include <sys/mbuf.h> 48 1.1 christos # endif 49 1.1 christos #endif 50 1.1 christos #if !defined(__SVR4) && !defined(__svr4__) 51 1.1 christos # if defined(_KERNEL) && !defined(__sgi) && !defined(AIX) 52 1.1 christos # include <sys/kernel.h> 53 1.1 christos # endif 54 1.1 christos #else 55 1.1 christos # include <sys/byteorder.h> 56 1.1 christos # ifdef _KERNEL 57 1.1 christos # include <sys/dditypes.h> 58 1.1 christos # endif 59 1.1 christos # include <sys/stream.h> 60 1.1 christos # include <sys/kmem.h> 61 1.1 christos #endif 62 1.1 christos #include <net/if.h> 63 1.1 christos #ifdef sun 64 1.1 christos # include <net/af.h> 65 1.1 christos #endif 66 1.1 christos #include <netinet/in.h> 67 1.1 christos #include <netinet/in_systm.h> 68 1.1 christos #include <netinet/ip.h> 69 1.1 christos #if !defined(linux) 70 1.1 christos # include <netinet/ip_var.h> 71 1.1 christos #endif 72 1.1 christos #include <netinet/tcp.h> 73 1.1 christos #include <netinet/udp.h> 74 1.1 christos #include <netinet/ip_icmp.h> 75 1.1 christos #include "netinet/ip_compat.h" 76 1.1 christos #include <netinet/tcpip.h> 77 1.1 christos #include "netinet/ip_fil.h" 78 1.1 christos #include "netinet/ip_nat.h" 79 1.1 christos #include "netinet/ip_frag.h" 80 1.1 christos #include "netinet/ip_state.h" 81 1.1 christos #include "netinet/ip_auth.h" 82 1.1 christos #include "netinet/ip_lookup.h" 83 1.1 christos #include "netinet/ip_proxy.h" 84 1.1 christos #include "netinet/ip_sync.h" 85 1.1 christos /* END OF INCLUDES */ 86 1.1 christos 87 1.1 christos #if !defined(lint) 88 1.2 christos #if defined(__NetBSD__) 89 1.2 christos #include <sys/cdefs.h> 90 1.3.2.1 jdolecek __KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3.2.1 2017/12/03 11:38:02 jdolecek Exp $"); 91 1.2 christos #else 92 1.1 christos static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed"; 93 1.3 darrenr static const char rcsid[] = "@(#)Id: ip_frag.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp"; 94 1.2 christos #endif 95 1.1 christos #endif 96 1.1 christos 97 1.1 christos 98 1.1 christos typedef struct ipf_frag_softc_s { 99 1.1 christos ipfrwlock_t ipfr_ipidfrag; 100 1.1 christos ipfrwlock_t ipfr_frag; 101 1.1 christos ipfrwlock_t ipfr_natfrag; 102 1.1 christos int ipfr_size; 103 1.1 christos int ipfr_ttl; 104 1.1 christos int ipfr_lock; 105 1.1 christos int ipfr_inited; 106 1.1 christos ipfr_t *ipfr_list; 107 1.1 christos ipfr_t **ipfr_tail; 108 1.1 christos ipfr_t *ipfr_natlist; 109 1.1 christos ipfr_t **ipfr_nattail; 110 1.1 christos ipfr_t *ipfr_ipidlist; 111 1.1 christos ipfr_t **ipfr_ipidtail; 112 1.1 christos ipfr_t **ipfr_heads; 113 1.1 christos ipfr_t **ipfr_nattab; 114 1.1 christos ipfr_t **ipfr_ipidtab; 115 1.1 christos ipfrstat_t ipfr_stats; 116 1.1 christos } ipf_frag_softc_t; 117 1.1 christos 118 1.1 christos 119 1.1 christos #ifdef USE_MUTEXES 120 1.2 christos static ipfr_t *ipfr_frag_new(ipf_main_softc_t *, ipf_frag_softc_t *, 121 1.1 christos fr_info_t *, u_32_t, ipfr_t **, 122 1.2 christos ipfrwlock_t *); 123 1.2 christos static ipfr_t *ipf_frag_lookup(ipf_main_softc_t *, ipf_frag_softc_t *, fr_info_t *, ipfr_t **, ipfrwlock_t *); 124 1.2 christos static void ipf_frag_deref(void *, ipfr_t **, ipfrwlock_t *); 125 1.2 christos static int ipf_frag_next(ipf_main_softc_t *, ipftoken_t *, ipfgeniter_t *, 126 1.2 christos ipfr_t **, ipfrwlock_t *); 127 1.1 christos #else 128 1.2 christos static ipfr_t *ipfr_frag_new(ipf_main_softc_t *, ipf_frag_softc_t *, 129 1.2 christos fr_info_t *, u_32_t, ipfr_t **); 130 1.2 christos static ipfr_t *ipf_frag_lookup(ipf_main_softc_t *, ipf_frag_softc_t *, fr_info_t *, ipfr_t **); 131 1.2 christos static void ipf_frag_deref(void *, ipfr_t **); 132 1.2 christos static int ipf_frag_next(ipf_main_softc_t *, ipftoken_t *, ipfgeniter_t *, 133 1.2 christos ipfr_t **); 134 1.1 christos #endif 135 1.2 christos static void ipf_frag_delete(ipf_main_softc_t *, ipfr_t *, ipfr_t ***); 136 1.2 christos static void ipf_frag_free(ipf_frag_softc_t *, ipfr_t *); 137 1.1 christos 138 1.1 christos static frentry_t ipfr_block; 139 1.1 christos 140 1.1 christos ipftuneable_t ipf_tuneables[] = { 141 1.1 christos { { (void *)offsetof(ipf_frag_softc_t, ipfr_size) }, 142 1.1 christos "frag_size", 1, 0x7fffffff, 143 1.1 christos stsizeof(ipf_frag_softc_t, ipfr_size), 144 1.1 christos IPFT_WRDISABLED, NULL, NULL }, 145 1.1 christos { { (void *)offsetof(ipf_frag_softc_t, ipfr_ttl) }, 146 1.1 christos "frag_ttl", 1, 0x7fffffff, 147 1.1 christos stsizeof(ipf_frag_softc_t, ipfr_ttl), 148 1.1 christos 0, NULL, NULL }, 149 1.1 christos { { NULL }, 150 1.1 christos NULL, 0, 0, 151 1.1 christos 0, 152 1.1 christos 0, NULL, NULL } 153 1.1 christos }; 154 1.1 christos 155 1.1 christos #define FBUMP(x) softf->ipfr_stats.x++ 156 1.1 christos #define FBUMPD(x) do { softf->ipfr_stats.x++; DT(x); } while (0) 157 1.1 christos 158 1.1 christos 159 1.1 christos /* ------------------------------------------------------------------------ */ 160 1.1 christos /* Function: ipf_frag_main_load */ 161 1.1 christos /* Returns: int - 0 == success, -1 == error */ 162 1.1 christos /* Parameters: Nil */ 163 1.1 christos /* */ 164 1.1 christos /* Initialise the filter rule associted with blocked packets - everyone can */ 165 1.1 christos /* use it. */ 166 1.1 christos /* ------------------------------------------------------------------------ */ 167 1.1 christos int 168 1.2 christos ipf_frag_main_load(void) 169 1.1 christos { 170 1.1 christos bzero((char *)&ipfr_block, sizeof(ipfr_block)); 171 1.1 christos ipfr_block.fr_flags = FR_BLOCK|FR_QUICK; 172 1.1 christos ipfr_block.fr_ref = 1; 173 1.1 christos 174 1.1 christos return 0; 175 1.1 christos } 176 1.1 christos 177 1.1 christos 178 1.1 christos /* ------------------------------------------------------------------------ */ 179 1.1 christos /* Function: ipf_frag_main_unload */ 180 1.1 christos /* Returns: int - 0 == success, -1 == error */ 181 1.1 christos /* Parameters: Nil */ 182 1.1 christos /* */ 183 1.1 christos /* A null-op function that exists as a placeholder so that the flow in */ 184 1.1 christos /* other functions is obvious. */ 185 1.1 christos /* ------------------------------------------------------------------------ */ 186 1.1 christos int 187 1.2 christos ipf_frag_main_unload(void) 188 1.1 christos { 189 1.1 christos return 0; 190 1.1 christos } 191 1.1 christos 192 1.1 christos 193 1.1 christos /* ------------------------------------------------------------------------ */ 194 1.1 christos /* Function: ipf_frag_soft_create */ 195 1.1 christos /* Returns: void * - NULL = failure, else pointer to local context */ 196 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 197 1.1 christos /* */ 198 1.1 christos /* Allocate a new soft context structure to track fragment related info. */ 199 1.1 christos /* ------------------------------------------------------------------------ */ 200 1.1 christos /*ARGSUSED*/ 201 1.1 christos void * 202 1.2 christos ipf_frag_soft_create(ipf_main_softc_t *softc) 203 1.1 christos { 204 1.1 christos ipf_frag_softc_t *softf; 205 1.1 christos 206 1.1 christos KMALLOC(softf, ipf_frag_softc_t *); 207 1.1 christos if (softf == NULL) 208 1.1 christos return NULL; 209 1.1 christos 210 1.1 christos bzero((char *)softf, sizeof(*softf)); 211 1.1 christos 212 1.1 christos RWLOCK_INIT(&softf->ipfr_ipidfrag, "frag ipid lock"); 213 1.1 christos RWLOCK_INIT(&softf->ipfr_frag, "ipf fragment rwlock"); 214 1.1 christos RWLOCK_INIT(&softf->ipfr_natfrag, "ipf NAT fragment rwlock"); 215 1.1 christos 216 1.1 christos softf->ipfr_size = IPFT_SIZE; 217 1.1 christos softf->ipfr_ttl = IPF_TTLVAL(60); 218 1.1 christos softf->ipfr_lock = 1; 219 1.1 christos softf->ipfr_tail = &softf->ipfr_list; 220 1.1 christos softf->ipfr_nattail = &softf->ipfr_natlist; 221 1.1 christos softf->ipfr_ipidtail = &softf->ipfr_ipidlist; 222 1.1 christos 223 1.1 christos return softf; 224 1.1 christos } 225 1.1 christos 226 1.1 christos 227 1.1 christos /* ------------------------------------------------------------------------ */ 228 1.1 christos /* Function: ipf_frag_soft_destroy */ 229 1.1 christos /* Returns: Nil */ 230 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 231 1.1 christos /* arg(I) - pointer to local context to use */ 232 1.1 christos /* */ 233 1.1 christos /* Initialise the hash tables for the fragment cache lookups. */ 234 1.1 christos /* ------------------------------------------------------------------------ */ 235 1.1 christos void 236 1.2 christos ipf_frag_soft_destroy(ipf_main_softc_t *softc, void *arg) 237 1.1 christos { 238 1.1 christos ipf_frag_softc_t *softf = arg; 239 1.1 christos 240 1.1 christos RW_DESTROY(&softf->ipfr_ipidfrag); 241 1.1 christos RW_DESTROY(&softf->ipfr_frag); 242 1.1 christos RW_DESTROY(&softf->ipfr_natfrag); 243 1.1 christos 244 1.1 christos KFREE(softf); 245 1.1 christos } 246 1.1 christos 247 1.1 christos 248 1.1 christos /* ------------------------------------------------------------------------ */ 249 1.1 christos /* Function: ipf_frag_soft_init */ 250 1.1 christos /* Returns: int - 0 == success, -1 == error */ 251 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 252 1.1 christos /* arg(I) - pointer to local context to use */ 253 1.1 christos /* */ 254 1.1 christos /* Initialise the hash tables for the fragment cache lookups. */ 255 1.1 christos /* ------------------------------------------------------------------------ */ 256 1.1 christos /*ARGSUSED*/ 257 1.1 christos int 258 1.2 christos ipf_frag_soft_init(ipf_main_softc_t *softc, void *arg) 259 1.1 christos { 260 1.1 christos ipf_frag_softc_t *softf = arg; 261 1.1 christos 262 1.1 christos KMALLOCS(softf->ipfr_heads, ipfr_t **, 263 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 264 1.1 christos if (softf->ipfr_heads == NULL) 265 1.1 christos return -1; 266 1.1 christos 267 1.1 christos bzero((char *)softf->ipfr_heads, softf->ipfr_size * sizeof(ipfr_t *)); 268 1.1 christos 269 1.1 christos KMALLOCS(softf->ipfr_nattab, ipfr_t **, 270 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 271 1.1 christos if (softf->ipfr_nattab == NULL) 272 1.1 christos return -2; 273 1.1 christos 274 1.1 christos bzero((char *)softf->ipfr_nattab, softf->ipfr_size * sizeof(ipfr_t *)); 275 1.1 christos 276 1.1 christos KMALLOCS(softf->ipfr_ipidtab, ipfr_t **, 277 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 278 1.1 christos if (softf->ipfr_ipidtab == NULL) 279 1.1 christos return -3; 280 1.1 christos 281 1.1 christos bzero((char *)softf->ipfr_ipidtab, 282 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 283 1.1 christos 284 1.1 christos softf->ipfr_lock = 0; 285 1.1 christos softf->ipfr_inited = 1; 286 1.1 christos 287 1.1 christos return 0; 288 1.1 christos } 289 1.1 christos 290 1.1 christos 291 1.1 christos /* ------------------------------------------------------------------------ */ 292 1.1 christos /* Function: ipf_frag_soft_fini */ 293 1.1 christos /* Returns: int - 0 == success, -1 == error */ 294 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 295 1.1 christos /* arg(I) - pointer to local context to use */ 296 1.1 christos /* */ 297 1.1 christos /* Free all memory allocated whilst running and from initialisation. */ 298 1.1 christos /* ------------------------------------------------------------------------ */ 299 1.1 christos int 300 1.2 christos ipf_frag_soft_fini(ipf_main_softc_t *softc, void *arg) 301 1.1 christos { 302 1.1 christos ipf_frag_softc_t *softf = arg; 303 1.1 christos 304 1.1 christos softf->ipfr_lock = 1; 305 1.1 christos 306 1.1 christos if (softf->ipfr_inited == 1) { 307 1.1 christos ipf_frag_clear(softc); 308 1.1 christos 309 1.1 christos softf->ipfr_inited = 0; 310 1.1 christos } 311 1.1 christos 312 1.1 christos if (softf->ipfr_heads != NULL) 313 1.1 christos KFREES(softf->ipfr_heads, 314 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 315 1.1 christos softf->ipfr_heads = NULL; 316 1.1 christos 317 1.1 christos if (softf->ipfr_nattab != NULL) 318 1.1 christos KFREES(softf->ipfr_nattab, 319 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 320 1.1 christos softf->ipfr_nattab = NULL; 321 1.1 christos 322 1.1 christos if (softf->ipfr_ipidtab != NULL) 323 1.1 christos KFREES(softf->ipfr_ipidtab, 324 1.1 christos softf->ipfr_size * sizeof(ipfr_t *)); 325 1.1 christos softf->ipfr_ipidtab = NULL; 326 1.1 christos 327 1.1 christos return 0; 328 1.1 christos } 329 1.1 christos 330 1.1 christos 331 1.1 christos /* ------------------------------------------------------------------------ */ 332 1.1 christos /* Function: ipf_frag_set_lock */ 333 1.1 christos /* Returns: Nil */ 334 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 335 1.1 christos /* tmp(I) - new value for lock */ 336 1.1 christos /* */ 337 1.1 christos /* Stub function that allows for external manipulation of ipfr_lock */ 338 1.1 christos /* ------------------------------------------------------------------------ */ 339 1.1 christos void 340 1.2 christos ipf_frag_setlock(void *arg, int tmp) 341 1.1 christos { 342 1.1 christos ipf_frag_softc_t *softf = arg; 343 1.1 christos 344 1.1 christos softf->ipfr_lock = tmp; 345 1.1 christos } 346 1.1 christos 347 1.1 christos 348 1.1 christos /* ------------------------------------------------------------------------ */ 349 1.1 christos /* Function: ipf_frag_stats */ 350 1.1 christos /* Returns: ipfrstat_t* - pointer to struct with current frag stats */ 351 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 352 1.1 christos /* */ 353 1.1 christos /* Updates ipfr_stats with current information and returns a pointer to it */ 354 1.1 christos /* ------------------------------------------------------------------------ */ 355 1.1 christos ipfrstat_t * 356 1.2 christos ipf_frag_stats(void *arg) 357 1.1 christos { 358 1.1 christos ipf_frag_softc_t *softf = arg; 359 1.1 christos 360 1.1 christos softf->ipfr_stats.ifs_table = softf->ipfr_heads; 361 1.1 christos softf->ipfr_stats.ifs_nattab = softf->ipfr_nattab; 362 1.1 christos return &softf->ipfr_stats; 363 1.1 christos } 364 1.1 christos 365 1.1 christos 366 1.1 christos /* ------------------------------------------------------------------------ */ 367 1.1 christos /* Function: ipfr_frag_new */ 368 1.1 christos /* Returns: ipfr_t * - pointer to fragment cache state info or NULL */ 369 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 370 1.1 christos /* table(I) - pointer to frag table to add to */ 371 1.1 christos /* lock(I) - pointer to lock to get a write hold of */ 372 1.1 christos /* */ 373 1.1 christos /* Add a new entry to the fragment cache, registering it as having come */ 374 1.1 christos /* through this box, with the result of the filter operation. */ 375 1.1 christos /* */ 376 1.1 christos /* If this function succeeds, it returns with a write lock held on "lock". */ 377 1.1 christos /* If it fails, no lock is held on return. */ 378 1.1 christos /* ------------------------------------------------------------------------ */ 379 1.1 christos static ipfr_t * 380 1.2 christos ipfr_frag_new( 381 1.2 christos ipf_main_softc_t *softc, 382 1.2 christos ipf_frag_softc_t *softf, 383 1.2 christos fr_info_t *fin, 384 1.2 christos u_32_t pass, 385 1.2 christos ipfr_t *table[] 386 1.1 christos #ifdef USE_MUTEXES 387 1.2 christos , ipfrwlock_t *lock 388 1.1 christos #endif 389 1.1 christos ) 390 1.1 christos { 391 1.1 christos ipfr_t *fra, frag, *fran; 392 1.1 christos u_int idx, off; 393 1.1 christos frentry_t *fr; 394 1.1 christos 395 1.1 christos if (softf->ipfr_stats.ifs_inuse >= softf->ipfr_size) { 396 1.1 christos FBUMPD(ifs_maximum); 397 1.1 christos return NULL; 398 1.1 christos } 399 1.1 christos 400 1.1 christos if ((fin->fin_flx & (FI_FRAG|FI_BAD)) != FI_FRAG) { 401 1.1 christos FBUMPD(ifs_newbad); 402 1.1 christos return NULL; 403 1.1 christos } 404 1.1 christos 405 1.1 christos if (pass & FR_FRSTRICT) { 406 1.1 christos if (fin->fin_off != 0) { 407 1.1 christos FBUMPD(ifs_newrestrictnot0); 408 1.1 christos return NULL; 409 1.1 christos } 410 1.1 christos } 411 1.1 christos 412 1.1 christos frag.ipfr_v = fin->fin_v; 413 1.1 christos idx = fin->fin_v; 414 1.1 christos frag.ipfr_p = fin->fin_p; 415 1.1 christos idx += fin->fin_p; 416 1.1 christos frag.ipfr_id = fin->fin_id; 417 1.1 christos idx += fin->fin_id; 418 1.1 christos frag.ipfr_source = fin->fin_fi.fi_src; 419 1.1 christos idx += frag.ipfr_src.s_addr; 420 1.1 christos frag.ipfr_dest = fin->fin_fi.fi_dst; 421 1.1 christos idx += frag.ipfr_dst.s_addr; 422 1.1 christos frag.ipfr_ifp = fin->fin_ifp; 423 1.1 christos idx *= 127; 424 1.1 christos idx %= softf->ipfr_size; 425 1.1 christos 426 1.1 christos frag.ipfr_optmsk = fin->fin_fi.fi_optmsk & IPF_OPTCOPY; 427 1.1 christos frag.ipfr_secmsk = fin->fin_fi.fi_secmsk; 428 1.1 christos frag.ipfr_auth = fin->fin_fi.fi_auth; 429 1.1 christos 430 1.1 christos off = fin->fin_off >> 3; 431 1.3 darrenr if (off == 0) { 432 1.1 christos char *ptr; 433 1.1 christos int end; 434 1.1 christos 435 1.3 darrenr #ifdef USE_INET6 436 1.3 darrenr if (fin->fin_v == 6) { 437 1.3 darrenr 438 1.3 darrenr ptr = (char *)fin->fin_fraghdr + 439 1.3 darrenr sizeof(struct ip6_frag); 440 1.3 darrenr } else 441 1.3 darrenr #endif 442 1.3 darrenr { 443 1.3 darrenr ptr = fin->fin_dp; 444 1.3 darrenr } 445 1.1 christos end = fin->fin_plen - (ptr - (char *)fin->fin_ip); 446 1.1 christos frag.ipfr_firstend = end >> 3; 447 1.3 darrenr } else { 448 1.1 christos frag.ipfr_firstend = 0; 449 1.3 darrenr } 450 1.1 christos 451 1.1 christos /* 452 1.1 christos * allocate some memory, if possible, if not, just record that we 453 1.1 christos * failed to do so. 454 1.1 christos */ 455 1.1 christos KMALLOC(fran, ipfr_t *); 456 1.1 christos if (fran == NULL) { 457 1.1 christos FBUMPD(ifs_nomem); 458 1.1 christos return NULL; 459 1.1 christos } 460 1.1 christos 461 1.1 christos WRITE_ENTER(lock); 462 1.1 christos 463 1.1 christos /* 464 1.1 christos * first, make sure it isn't already there... 465 1.1 christos */ 466 1.1 christos for (fra = table[idx]; (fra != NULL); fra = fra->ipfr_hnext) 467 1.1 christos if (!bcmp((char *)&frag.ipfr_ifp, (char *)&fra->ipfr_ifp, 468 1.1 christos IPFR_CMPSZ)) { 469 1.1 christos RWLOCK_EXIT(lock); 470 1.1 christos FBUMPD(ifs_exists); 471 1.3.2.1 jdolecek KFREE(fran); 472 1.1 christos return NULL; 473 1.1 christos } 474 1.1 christos 475 1.1 christos fra = fran; 476 1.1 christos fran = NULL; 477 1.1 christos fr = fin->fin_fr; 478 1.1 christos fra->ipfr_rule = fr; 479 1.1 christos if (fr != NULL) { 480 1.1 christos MUTEX_ENTER(&fr->fr_lock); 481 1.1 christos fr->fr_ref++; 482 1.1 christos MUTEX_EXIT(&fr->fr_lock); 483 1.1 christos } 484 1.1 christos 485 1.1 christos /* 486 1.1 christos * Insert the fragment into the fragment table, copy the struct used 487 1.1 christos * in the search using bcopy rather than reassign each field. 488 1.1 christos * Set the ttl to the default. 489 1.1 christos */ 490 1.1 christos if ((fra->ipfr_hnext = table[idx]) != NULL) 491 1.1 christos table[idx]->ipfr_hprev = &fra->ipfr_hnext; 492 1.1 christos fra->ipfr_hprev = table + idx; 493 1.1 christos fra->ipfr_data = NULL; 494 1.1 christos table[idx] = fra; 495 1.1 christos bcopy((char *)&frag.ipfr_ifp, (char *)&fra->ipfr_ifp, IPFR_CMPSZ); 496 1.1 christos fra->ipfr_v = fin->fin_v; 497 1.1 christos fra->ipfr_ttl = softc->ipf_ticks + softf->ipfr_ttl; 498 1.1 christos fra->ipfr_firstend = frag.ipfr_firstend; 499 1.1 christos 500 1.1 christos /* 501 1.1 christos * Compute the offset of the expected start of the next packet. 502 1.1 christos */ 503 1.1 christos if (off == 0) 504 1.1 christos fra->ipfr_seen0 = 1; 505 1.1 christos fra->ipfr_off = off + (fin->fin_dlen >> 3); 506 1.1 christos fra->ipfr_pass = pass; 507 1.1 christos fra->ipfr_ref = 1; 508 1.1 christos fra->ipfr_pkts = 1; 509 1.1 christos fra->ipfr_bytes = fin->fin_plen; 510 1.1 christos FBUMP(ifs_inuse); 511 1.1 christos FBUMP(ifs_new); 512 1.1 christos return fra; 513 1.1 christos } 514 1.1 christos 515 1.1 christos 516 1.1 christos /* ------------------------------------------------------------------------ */ 517 1.1 christos /* Function: ipf_frag_new */ 518 1.1 christos /* Returns: int - 0 == success, -1 == error */ 519 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 520 1.1 christos /* */ 521 1.1 christos /* Add a new entry to the fragment cache table based on the current packet */ 522 1.1 christos /* ------------------------------------------------------------------------ */ 523 1.1 christos int 524 1.2 christos ipf_frag_new(ipf_main_softc_t *softc, fr_info_t *fin, u_32_t pass) 525 1.1 christos { 526 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 527 1.1 christos ipfr_t *fra; 528 1.1 christos 529 1.1 christos if (softf->ipfr_lock != 0) 530 1.1 christos return -1; 531 1.1 christos 532 1.1 christos #ifdef USE_MUTEXES 533 1.1 christos fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_heads, &softc->ipf_frag); 534 1.1 christos #else 535 1.1 christos fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_heads); 536 1.1 christos #endif 537 1.1 christos if (fra != NULL) { 538 1.1 christos *softf->ipfr_tail = fra; 539 1.1 christos fra->ipfr_prev = softf->ipfr_tail; 540 1.1 christos softf->ipfr_tail = &fra->ipfr_next; 541 1.1 christos fra->ipfr_next = NULL; 542 1.1 christos RWLOCK_EXIT(&softc->ipf_frag); 543 1.1 christos } 544 1.1 christos return fra ? 0 : -1; 545 1.1 christos } 546 1.1 christos 547 1.1 christos 548 1.1 christos /* ------------------------------------------------------------------------ */ 549 1.1 christos /* Function: ipf_frag_natnew */ 550 1.1 christos /* Returns: int - 0 == success, -1 == error */ 551 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 552 1.1 christos /* nat(I) - pointer to NAT structure */ 553 1.1 christos /* */ 554 1.1 christos /* Create a new NAT fragment cache entry based on the current packet and */ 555 1.1 christos /* the NAT structure for this "session". */ 556 1.1 christos /* ------------------------------------------------------------------------ */ 557 1.1 christos int 558 1.2 christos ipf_frag_natnew(ipf_main_softc_t *softc, fr_info_t *fin, u_32_t pass, 559 1.2 christos nat_t *nat) 560 1.1 christos { 561 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 562 1.1 christos ipfr_t *fra; 563 1.1 christos 564 1.3 darrenr if (softf->ipfr_lock != 0) 565 1.1 christos return 0; 566 1.1 christos 567 1.1 christos #ifdef USE_MUTEXES 568 1.1 christos fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_nattab, 569 1.1 christos &softf->ipfr_natfrag); 570 1.1 christos #else 571 1.1 christos fra = ipfr_frag_new(softc, softf, fin, pass, softf->ipfr_nattab); 572 1.1 christos #endif 573 1.1 christos if (fra != NULL) { 574 1.1 christos fra->ipfr_data = nat; 575 1.1 christos nat->nat_data = fra; 576 1.1 christos *softf->ipfr_nattail = fra; 577 1.1 christos fra->ipfr_prev = softf->ipfr_nattail; 578 1.1 christos softf->ipfr_nattail = &fra->ipfr_next; 579 1.1 christos fra->ipfr_next = NULL; 580 1.1 christos RWLOCK_EXIT(&softf->ipfr_natfrag); 581 1.3 darrenr return 0; 582 1.1 christos } 583 1.3 darrenr return -1; 584 1.1 christos } 585 1.1 christos 586 1.1 christos 587 1.1 christos /* ------------------------------------------------------------------------ */ 588 1.1 christos /* Function: ipf_frag_ipidnew */ 589 1.1 christos /* Returns: int - 0 == success, -1 == error */ 590 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 591 1.1 christos /* ipid(I) - new IP ID for this fragmented packet */ 592 1.1 christos /* */ 593 1.1 christos /* Create a new fragment cache entry for this packet and store, as a data */ 594 1.1 christos /* pointer, the new IP ID value. */ 595 1.1 christos /* ------------------------------------------------------------------------ */ 596 1.1 christos int 597 1.2 christos ipf_frag_ipidnew(fr_info_t *fin, u_32_t ipid) 598 1.1 christos { 599 1.1 christos ipf_main_softc_t *softc = fin->fin_main_soft; 600 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 601 1.1 christos ipfr_t *fra; 602 1.1 christos 603 1.1 christos if (softf->ipfr_lock) 604 1.1 christos return 0; 605 1.1 christos 606 1.1 christos #ifdef USE_MUTEXES 607 1.1 christos fra = ipfr_frag_new(softc, softf, fin, 0, softf->ipfr_ipidtab, &softf->ipfr_ipidfrag); 608 1.1 christos #else 609 1.1 christos fra = ipfr_frag_new(softc, softf, fin, 0, softf->ipfr_ipidtab); 610 1.1 christos #endif 611 1.1 christos if (fra != NULL) { 612 1.1 christos fra->ipfr_data = (void *)(intptr_t)ipid; 613 1.1 christos *softf->ipfr_ipidtail = fra; 614 1.1 christos fra->ipfr_prev = softf->ipfr_ipidtail; 615 1.1 christos softf->ipfr_ipidtail = &fra->ipfr_next; 616 1.1 christos fra->ipfr_next = NULL; 617 1.1 christos RWLOCK_EXIT(&softf->ipfr_ipidfrag); 618 1.1 christos } 619 1.1 christos return fra ? 0 : -1; 620 1.1 christos } 621 1.1 christos 622 1.1 christos 623 1.1 christos /* ------------------------------------------------------------------------ */ 624 1.1 christos /* Function: ipf_frag_lookup */ 625 1.1 christos /* Returns: ipfr_t * - pointer to ipfr_t structure if there's a */ 626 1.1 christos /* matching entry in the frag table, else NULL */ 627 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 628 1.1 christos /* table(I) - pointer to fragment cache table to search */ 629 1.1 christos /* */ 630 1.1 christos /* Check the fragment cache to see if there is already a record of this */ 631 1.1 christos /* packet with its filter result known. */ 632 1.1 christos /* */ 633 1.1 christos /* If this function succeeds, it returns with a write lock held on "lock". */ 634 1.1 christos /* If it fails, no lock is held on return. */ 635 1.1 christos /* ------------------------------------------------------------------------ */ 636 1.1 christos static ipfr_t * 637 1.2 christos ipf_frag_lookup( 638 1.2 christos ipf_main_softc_t *softc, 639 1.2 christos ipf_frag_softc_t *softf, 640 1.2 christos fr_info_t *fin, 641 1.2 christos ipfr_t *table[] 642 1.1 christos #ifdef USE_MUTEXES 643 1.2 christos , ipfrwlock_t *lock 644 1.1 christos #endif 645 1.1 christos ) 646 1.1 christos { 647 1.1 christos ipfr_t *f, frag; 648 1.1 christos u_int idx; 649 1.1 christos 650 1.1 christos /* 651 1.1 christos * We don't want to let short packets match because they could be 652 1.1 christos * compromising the security of other rules that want to match on 653 1.1 christos * layer 4 fields (and can't because they have been fragmented off.) 654 1.1 christos * Why do this check here? The counter acts as an indicator of this 655 1.1 christos * kind of attack, whereas if it was elsewhere, it wouldn't know if 656 1.1 christos * other matching packets had been seen. 657 1.1 christos */ 658 1.1 christos if (fin->fin_flx & FI_SHORT) { 659 1.1 christos FBUMPD(ifs_short); 660 1.1 christos return NULL; 661 1.1 christos } 662 1.1 christos 663 1.1 christos if ((fin->fin_flx & FI_BAD) != 0) { 664 1.1 christos FBUMPD(ifs_bad); 665 1.1 christos return NULL; 666 1.1 christos } 667 1.1 christos 668 1.1 christos /* 669 1.1 christos * For fragments, we record protocol, packet id, TOS and both IP#'s 670 1.1 christos * (these should all be the same for all fragments of a packet). 671 1.1 christos * 672 1.1 christos * build up a hash value to index the table with. 673 1.1 christos */ 674 1.1 christos frag.ipfr_v = fin->fin_v; 675 1.1 christos idx = fin->fin_v; 676 1.1 christos frag.ipfr_p = fin->fin_p; 677 1.1 christos idx += fin->fin_p; 678 1.1 christos frag.ipfr_id = fin->fin_id; 679 1.1 christos idx += fin->fin_id; 680 1.1 christos frag.ipfr_source = fin->fin_fi.fi_src; 681 1.1 christos idx += frag.ipfr_src.s_addr; 682 1.1 christos frag.ipfr_dest = fin->fin_fi.fi_dst; 683 1.1 christos idx += frag.ipfr_dst.s_addr; 684 1.1 christos frag.ipfr_ifp = fin->fin_ifp; 685 1.1 christos idx *= 127; 686 1.1 christos idx %= softf->ipfr_size; 687 1.1 christos 688 1.1 christos frag.ipfr_optmsk = fin->fin_fi.fi_optmsk & IPF_OPTCOPY; 689 1.1 christos frag.ipfr_secmsk = fin->fin_fi.fi_secmsk; 690 1.1 christos frag.ipfr_auth = fin->fin_fi.fi_auth; 691 1.1 christos 692 1.1 christos READ_ENTER(lock); 693 1.1 christos 694 1.1 christos /* 695 1.1 christos * check the table, careful to only compare the right amount of data 696 1.1 christos */ 697 1.1 christos for (f = table[idx]; f; f = f->ipfr_hnext) { 698 1.1 christos if (!bcmp((char *)&frag.ipfr_ifp, (char *)&f->ipfr_ifp, 699 1.1 christos IPFR_CMPSZ)) { 700 1.1 christos u_short off; 701 1.1 christos 702 1.1 christos /* 703 1.1 christos * XXX - We really need to be guarding against the 704 1.1 christos * retransmission of (src,dst,id,offset-range) here 705 1.1 christos * because a fragmented packet is never resent with 706 1.1 christos * the same IP ID# (or shouldn't). 707 1.1 christos */ 708 1.1 christos off = fin->fin_off >> 3; 709 1.1 christos if (f->ipfr_seen0) { 710 1.1 christos if (off == 0) { 711 1.1 christos FBUMPD(ifs_retrans0); 712 1.1 christos continue; 713 1.1 christos } 714 1.1 christos 715 1.1 christos /* 716 1.1 christos * Case 3. See comment for frpr_fragment6. 717 1.1 christos */ 718 1.1 christos if ((f->ipfr_firstend != 0) && 719 1.1 christos (off < f->ipfr_firstend)) { 720 1.3 darrenr FBUMP(ifs_overlap); 721 1.3 darrenr DT2(ifs_overlap, u_short, off, 722 1.3 darrenr ipfr_t *, f); 723 1.1 christos fin->fin_flx |= FI_BAD; 724 1.1 christos break; 725 1.1 christos } 726 1.1 christos } else if (off == 0) 727 1.1 christos f->ipfr_seen0 = 1; 728 1.1 christos 729 1.3.2.1 jdolecek #if 0 730 1.3.2.1 jdolecek /* We can't do this, since we only have a read lock! */ 731 1.1 christos if (f != table[idx]) { 732 1.1 christos ipfr_t **fp; 733 1.1 christos 734 1.1 christos /* 735 1.1 christos * Move fragment info. to the top of the list 736 1.1 christos * to speed up searches. First, delink... 737 1.1 christos */ 738 1.1 christos fp = f->ipfr_hprev; 739 1.1 christos (*fp) = f->ipfr_hnext; 740 1.1 christos if (f->ipfr_hnext != NULL) 741 1.1 christos f->ipfr_hnext->ipfr_hprev = fp; 742 1.1 christos /* 743 1.1 christos * Then put back at the top of the chain. 744 1.1 christos */ 745 1.1 christos f->ipfr_hnext = table[idx]; 746 1.1 christos table[idx]->ipfr_hprev = &f->ipfr_hnext; 747 1.1 christos f->ipfr_hprev = table + idx; 748 1.1 christos table[idx] = f; 749 1.1 christos } 750 1.3.2.1 jdolecek #endif 751 1.1 christos 752 1.1 christos /* 753 1.3.2.1 jdolecek * If we've followed the fragments, and this is the 754 1.1 christos * last (in order), shrink expiration time. 755 1.1 christos */ 756 1.1 christos if (off == f->ipfr_off) { 757 1.1 christos f->ipfr_off = (fin->fin_dlen >> 3) + off; 758 1.1 christos 759 1.1 christos /* 760 1.1 christos * Well, we could shrink the expiration time 761 1.1 christos * but only if every fragment has been seen 762 1.1 christos * in order upto this, the last. ipfr_badorder 763 1.1 christos * is used here to count those out of order 764 1.1 christos * and if it equals 0 when we get to the last 765 1.1 christos * fragment then we can assume all of the 766 1.1 christos * fragments have been seen and in order. 767 1.1 christos */ 768 1.1 christos #if 0 769 1.1 christos /* 770 1.1 christos * Doing this properly requires moving it to 771 1.1 christos * the head of the list which is infesible. 772 1.1 christos */ 773 1.1 christos if ((more == 0) && (f->ipfr_badorder == 0)) 774 1.1 christos f->ipfr_ttl = softc->ipf_ticks + 1; 775 1.1 christos #endif 776 1.1 christos } else { 777 1.1 christos f->ipfr_badorder++; 778 1.1 christos FBUMPD(ifs_unordered); 779 1.1 christos if (f->ipfr_pass & FR_FRSTRICT) { 780 1.1 christos FBUMPD(ifs_strict); 781 1.1 christos continue; 782 1.1 christos } 783 1.1 christos } 784 1.1 christos f->ipfr_pkts++; 785 1.1 christos f->ipfr_bytes += fin->fin_plen; 786 1.1 christos FBUMP(ifs_hits); 787 1.1 christos return f; 788 1.1 christos } 789 1.1 christos } 790 1.1 christos 791 1.1 christos RWLOCK_EXIT(lock); 792 1.1 christos FBUMP(ifs_miss); 793 1.1 christos return NULL; 794 1.1 christos } 795 1.1 christos 796 1.1 christos 797 1.1 christos /* ------------------------------------------------------------------------ */ 798 1.1 christos /* Function: ipf_frag_natknown */ 799 1.1 christos /* Returns: nat_t* - pointer to 'parent' NAT structure if frag table */ 800 1.1 christos /* match found, else NULL */ 801 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 802 1.1 christos /* */ 803 1.1 christos /* Functional interface for NAT lookups of the NAT fragment cache */ 804 1.1 christos /* ------------------------------------------------------------------------ */ 805 1.1 christos nat_t * 806 1.2 christos ipf_frag_natknown(fr_info_t *fin) 807 1.1 christos { 808 1.1 christos ipf_main_softc_t *softc = fin->fin_main_soft; 809 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 810 1.1 christos nat_t *nat; 811 1.1 christos ipfr_t *ipf; 812 1.1 christos 813 1.1 christos if ((softf->ipfr_lock) || !softf->ipfr_natlist) 814 1.1 christos return NULL; 815 1.1 christos #ifdef USE_MUTEXES 816 1.1 christos ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_nattab, 817 1.1 christos &softf->ipfr_natfrag); 818 1.1 christos #else 819 1.1 christos ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_nattab); 820 1.1 christos #endif 821 1.1 christos if (ipf != NULL) { 822 1.1 christos nat = ipf->ipfr_data; 823 1.1 christos /* 824 1.1 christos * This is the last fragment for this packet. 825 1.1 christos */ 826 1.1 christos if ((ipf->ipfr_ttl == softc->ipf_ticks + 1) && (nat != NULL)) { 827 1.1 christos nat->nat_data = NULL; 828 1.1 christos ipf->ipfr_data = NULL; 829 1.1 christos } 830 1.1 christos RWLOCK_EXIT(&softf->ipfr_natfrag); 831 1.1 christos } else 832 1.1 christos nat = NULL; 833 1.1 christos return nat; 834 1.1 christos } 835 1.1 christos 836 1.1 christos 837 1.1 christos /* ------------------------------------------------------------------------ */ 838 1.1 christos /* Function: ipf_frag_ipidknown */ 839 1.1 christos /* Returns: u_32_t - IPv4 ID for this packet if match found, else */ 840 1.1 christos /* return 0xfffffff to indicate no match. */ 841 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 842 1.1 christos /* */ 843 1.1 christos /* Functional interface for IP ID lookups of the IP ID fragment cache */ 844 1.1 christos /* ------------------------------------------------------------------------ */ 845 1.1 christos u_32_t 846 1.2 christos ipf_frag_ipidknown(fr_info_t *fin) 847 1.1 christos { 848 1.1 christos ipf_main_softc_t *softc = fin->fin_main_soft; 849 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 850 1.1 christos ipfr_t *ipf; 851 1.1 christos u_32_t id; 852 1.1 christos 853 1.3 darrenr if (softf->ipfr_lock || !softf->ipfr_ipidlist) 854 1.1 christos return 0xffffffff; 855 1.1 christos 856 1.1 christos #ifdef USE_MUTEXES 857 1.1 christos ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_ipidtab, 858 1.1 christos &softf->ipfr_ipidfrag); 859 1.1 christos #else 860 1.1 christos ipf = ipf_frag_lookup(softc, softf, fin, softf->ipfr_ipidtab); 861 1.1 christos #endif 862 1.1 christos if (ipf != NULL) { 863 1.1 christos id = (u_32_t)(intptr_t)ipf->ipfr_data; 864 1.1 christos RWLOCK_EXIT(&softf->ipfr_ipidfrag); 865 1.1 christos } else 866 1.1 christos id = 0xffffffff; 867 1.1 christos return id; 868 1.1 christos } 869 1.1 christos 870 1.1 christos 871 1.1 christos /* ------------------------------------------------------------------------ */ 872 1.1 christos /* Function: ipf_frag_known */ 873 1.1 christos /* Returns: frentry_t* - pointer to filter rule if a match is found in */ 874 1.1 christos /* the frag cache table, else NULL. */ 875 1.1 christos /* Parameters: fin(I) - pointer to packet information */ 876 1.1 christos /* passp(O) - pointer to where to store rule flags resturned */ 877 1.1 christos /* */ 878 1.1 christos /* Functional interface for normal lookups of the fragment cache. If a */ 879 1.1 christos /* match is found, return the rule pointer and flags from the rule, except */ 880 1.1 christos /* that if FR_LOGFIRST is set, reset FR_LOG. */ 881 1.1 christos /* ------------------------------------------------------------------------ */ 882 1.1 christos frentry_t * 883 1.2 christos ipf_frag_known(fr_info_t *fin, u_32_t *passp) 884 1.1 christos { 885 1.1 christos ipf_main_softc_t *softc = fin->fin_main_soft; 886 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 887 1.1 christos frentry_t *fr = NULL; 888 1.1 christos ipfr_t *fra; 889 1.1 christos u_32_t pass; 890 1.1 christos 891 1.1 christos if ((softf->ipfr_lock) || (softf->ipfr_list == NULL)) 892 1.1 christos return NULL; 893 1.1 christos 894 1.1 christos #ifdef USE_MUTEXES 895 1.1 christos fra = ipf_frag_lookup(softc, softf, fin, softf->ipfr_heads, 896 1.1 christos &softc->ipf_frag); 897 1.1 christos #else 898 1.1 christos fra = ipf_frag_lookup(softc, softf, fin, softf->ipfr_heads); 899 1.1 christos #endif 900 1.1 christos if (fra != NULL) { 901 1.1 christos if (fin->fin_flx & FI_BAD) { 902 1.1 christos fr = &ipfr_block; 903 1.1 christos fin->fin_reason = FRB_BADFRAG; 904 1.1 christos } else { 905 1.1 christos fr = fra->ipfr_rule; 906 1.1 christos } 907 1.1 christos fin->fin_fr = fr; 908 1.1 christos if (fr != NULL) { 909 1.1 christos pass = fr->fr_flags; 910 1.1 christos if ((pass & FR_KEEPSTATE) != 0) { 911 1.1 christos fin->fin_flx |= FI_STATE; 912 1.1 christos /* 913 1.1 christos * Reset the keep state flag here so that we 914 1.1 christos * don't try and add a new state entry because 915 1.1 christos * of a match here. That leads to blocking of 916 1.1 christos * the packet later because the add fails. 917 1.1 christos */ 918 1.1 christos pass &= ~FR_KEEPSTATE; 919 1.1 christos } 920 1.1 christos if ((pass & FR_LOGFIRST) != 0) 921 1.1 christos pass &= ~(FR_LOGFIRST|FR_LOG); 922 1.1 christos *passp = pass; 923 1.1 christos } 924 1.1 christos RWLOCK_EXIT(&softc->ipf_frag); 925 1.1 christos } 926 1.1 christos return fr; 927 1.1 christos } 928 1.1 christos 929 1.1 christos 930 1.1 christos /* ------------------------------------------------------------------------ */ 931 1.1 christos /* Function: ipf_frag_natforget */ 932 1.1 christos /* Returns: Nil */ 933 1.1 christos /* Parameters: ptr(I) - pointer to data structure */ 934 1.1 christos /* */ 935 1.1 christos /* Search through all of the fragment cache entries for NAT and wherever a */ 936 1.1 christos /* pointer is found to match ptr, reset it to NULL. */ 937 1.1 christos /* ------------------------------------------------------------------------ */ 938 1.1 christos void 939 1.2 christos ipf_frag_natforget(ipf_main_softc_t *softc, void *ptr) 940 1.1 christos { 941 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 942 1.1 christos ipfr_t *fr; 943 1.1 christos 944 1.1 christos WRITE_ENTER(&softf->ipfr_natfrag); 945 1.1 christos for (fr = softf->ipfr_natlist; fr; fr = fr->ipfr_next) 946 1.1 christos if (fr->ipfr_data == ptr) 947 1.1 christos fr->ipfr_data = NULL; 948 1.1 christos RWLOCK_EXIT(&softf->ipfr_natfrag); 949 1.1 christos } 950 1.1 christos 951 1.1 christos 952 1.1 christos /* ------------------------------------------------------------------------ */ 953 1.1 christos /* Function: ipf_frag_delete */ 954 1.1 christos /* Returns: Nil */ 955 1.1 christos /* Parameters: fra(I) - pointer to fragment structure to delete */ 956 1.1 christos /* tail(IO) - pointer to the pointer to the tail of the frag */ 957 1.1 christos /* list */ 958 1.1 christos /* */ 959 1.1 christos /* Remove a fragment cache table entry from the table & list. Also free */ 960 1.1 christos /* the filter rule it is associated with it if it is no longer used as a */ 961 1.1 christos /* result of decreasing the reference count. */ 962 1.1 christos /* ------------------------------------------------------------------------ */ 963 1.1 christos static void 964 1.2 christos ipf_frag_delete(ipf_main_softc_t *softc, ipfr_t *fra, ipfr_t ***tail) 965 1.1 christos { 966 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 967 1.1 christos 968 1.1 christos if (fra->ipfr_next) 969 1.1 christos fra->ipfr_next->ipfr_prev = fra->ipfr_prev; 970 1.1 christos *fra->ipfr_prev = fra->ipfr_next; 971 1.1 christos if (*tail == &fra->ipfr_next) 972 1.1 christos *tail = fra->ipfr_prev; 973 1.1 christos 974 1.1 christos if (fra->ipfr_hnext) 975 1.1 christos fra->ipfr_hnext->ipfr_hprev = fra->ipfr_hprev; 976 1.1 christos *fra->ipfr_hprev = fra->ipfr_hnext; 977 1.1 christos 978 1.1 christos if (fra->ipfr_rule != NULL) { 979 1.1 christos (void) ipf_derefrule(softc, &fra->ipfr_rule); 980 1.1 christos } 981 1.1 christos 982 1.1 christos if (fra->ipfr_ref <= 0) 983 1.1 christos ipf_frag_free(softf, fra); 984 1.1 christos } 985 1.1 christos 986 1.1 christos 987 1.1 christos /* ------------------------------------------------------------------------ */ 988 1.1 christos /* Function: ipf_frag_free */ 989 1.1 christos /* Returns: Nil */ 990 1.1 christos /* */ 991 1.1 christos /* ------------------------------------------------------------------------ */ 992 1.1 christos static void 993 1.2 christos ipf_frag_free(ipf_frag_softc_t *softf, ipfr_t *fra) 994 1.1 christos { 995 1.1 christos KFREE(fra); 996 1.1 christos FBUMP(ifs_expire); 997 1.1 christos softf->ipfr_stats.ifs_inuse--; 998 1.1 christos } 999 1.1 christos 1000 1.1 christos 1001 1.1 christos /* ------------------------------------------------------------------------ */ 1002 1.1 christos /* Function: ipf_frag_clear */ 1003 1.1 christos /* Returns: Nil */ 1004 1.1 christos /* Parameters: Nil */ 1005 1.1 christos /* */ 1006 1.1 christos /* Free memory in use by fragment state information kept. Do the normal */ 1007 1.1 christos /* fragment state stuff first and then the NAT-fragment table. */ 1008 1.1 christos /* ------------------------------------------------------------------------ */ 1009 1.1 christos void 1010 1.2 christos ipf_frag_clear(ipf_main_softc_t *softc) 1011 1.1 christos { 1012 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 1013 1.1 christos ipfr_t *fra; 1014 1.1 christos nat_t *nat; 1015 1.1 christos 1016 1.1 christos WRITE_ENTER(&softc->ipf_frag); 1017 1.1 christos while ((fra = softf->ipfr_list) != NULL) { 1018 1.1 christos fra->ipfr_ref--; 1019 1.1 christos ipf_frag_delete(softc, fra, &softf->ipfr_tail); 1020 1.1 christos } 1021 1.1 christos softf->ipfr_tail = &softf->ipfr_list; 1022 1.1 christos RWLOCK_EXIT(&softc->ipf_frag); 1023 1.1 christos 1024 1.1 christos WRITE_ENTER(&softc->ipf_nat); 1025 1.1 christos WRITE_ENTER(&softf->ipfr_natfrag); 1026 1.1 christos while ((fra = softf->ipfr_natlist) != NULL) { 1027 1.1 christos nat = fra->ipfr_data; 1028 1.1 christos if (nat != NULL) { 1029 1.1 christos if (nat->nat_data == fra) 1030 1.1 christos nat->nat_data = NULL; 1031 1.1 christos } 1032 1.1 christos fra->ipfr_ref--; 1033 1.1 christos ipf_frag_delete(softc, fra, &softf->ipfr_nattail); 1034 1.1 christos } 1035 1.1 christos softf->ipfr_nattail = &softf->ipfr_natlist; 1036 1.1 christos RWLOCK_EXIT(&softf->ipfr_natfrag); 1037 1.1 christos RWLOCK_EXIT(&softc->ipf_nat); 1038 1.1 christos } 1039 1.1 christos 1040 1.1 christos 1041 1.1 christos /* ------------------------------------------------------------------------ */ 1042 1.1 christos /* Function: ipf_frag_expire */ 1043 1.1 christos /* Returns: Nil */ 1044 1.1 christos /* Parameters: Nil */ 1045 1.1 christos /* */ 1046 1.1 christos /* Expire entries in the fragment cache table that have been there too long */ 1047 1.1 christos /* ------------------------------------------------------------------------ */ 1048 1.1 christos void 1049 1.2 christos ipf_frag_expire(ipf_main_softc_t *softc) 1050 1.1 christos { 1051 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 1052 1.1 christos ipfr_t **fp, *fra; 1053 1.1 christos nat_t *nat; 1054 1.1 christos SPL_INT(s); 1055 1.1 christos 1056 1.1 christos if (softf->ipfr_lock) 1057 1.1 christos return; 1058 1.1 christos 1059 1.1 christos SPL_NET(s); 1060 1.1 christos WRITE_ENTER(&softc->ipf_frag); 1061 1.1 christos /* 1062 1.1 christos * Go through the entire table, looking for entries to expire, 1063 1.1 christos * which is indicated by the ttl being less than or equal to ipf_ticks. 1064 1.1 christos */ 1065 1.1 christos for (fp = &softf->ipfr_list; ((fra = *fp) != NULL); ) { 1066 1.1 christos if (fra->ipfr_ttl > softc->ipf_ticks) 1067 1.1 christos break; 1068 1.1 christos fra->ipfr_ref--; 1069 1.1 christos ipf_frag_delete(softc, fra, &softf->ipfr_tail); 1070 1.1 christos } 1071 1.1 christos RWLOCK_EXIT(&softc->ipf_frag); 1072 1.1 christos 1073 1.1 christos WRITE_ENTER(&softf->ipfr_ipidfrag); 1074 1.1 christos for (fp = &softf->ipfr_ipidlist; ((fra = *fp) != NULL); ) { 1075 1.1 christos if (fra->ipfr_ttl > softc->ipf_ticks) 1076 1.1 christos break; 1077 1.1 christos fra->ipfr_ref--; 1078 1.1 christos ipf_frag_delete(softc, fra, &softf->ipfr_ipidtail); 1079 1.1 christos } 1080 1.1 christos RWLOCK_EXIT(&softf->ipfr_ipidfrag); 1081 1.1 christos 1082 1.1 christos /* 1083 1.1 christos * Same again for the NAT table, except that if the structure also 1084 1.1 christos * still points to a NAT structure, and the NAT structure points back 1085 1.1 christos * at the one to be free'd, NULL the reference from the NAT struct. 1086 1.1 christos * NOTE: We need to grab both mutex's early, and in this order so as 1087 1.1 christos * to prevent a deadlock if both try to expire at the same time. 1088 1.1 christos * The extra if() statement here is because it locks out all NAT 1089 1.1 christos * operations - no need to do that if there are no entries in this 1090 1.1 christos * list, right? 1091 1.1 christos */ 1092 1.1 christos if (softf->ipfr_natlist != NULL) { 1093 1.1 christos WRITE_ENTER(&softc->ipf_nat); 1094 1.1 christos WRITE_ENTER(&softf->ipfr_natfrag); 1095 1.1 christos for (fp = &softf->ipfr_natlist; ((fra = *fp) != NULL); ) { 1096 1.1 christos if (fra->ipfr_ttl > softc->ipf_ticks) 1097 1.1 christos break; 1098 1.1 christos nat = fra->ipfr_data; 1099 1.1 christos if (nat != NULL) { 1100 1.1 christos if (nat->nat_data == fra) 1101 1.1 christos nat->nat_data = NULL; 1102 1.1 christos } 1103 1.1 christos fra->ipfr_ref--; 1104 1.1 christos ipf_frag_delete(softc, fra, &softf->ipfr_nattail); 1105 1.1 christos } 1106 1.1 christos RWLOCK_EXIT(&softf->ipfr_natfrag); 1107 1.1 christos RWLOCK_EXIT(&softc->ipf_nat); 1108 1.1 christos } 1109 1.1 christos SPL_X(s); 1110 1.1 christos } 1111 1.1 christos 1112 1.1 christos 1113 1.1 christos /* ------------------------------------------------------------------------ */ 1114 1.1 christos /* Function: ipf_frag_pkt_next */ 1115 1.1 christos /* ------------------------------------------------------------------------ */ 1116 1.1 christos int 1117 1.2 christos ipf_frag_pkt_next(ipf_main_softc_t *softc, ipftoken_t *token, ipfgeniter_t *itp) 1118 1.1 christos { 1119 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 1120 1.1 christos 1121 1.1 christos #ifdef USE_MUTEXES 1122 1.1 christos return ipf_frag_next(softc, token, itp, &softf->ipfr_list, 1123 1.1 christos &softf->ipfr_frag); 1124 1.1 christos #else 1125 1.1 christos return ipf_frag_next(softc, token, itp, &softf->ipfr_list); 1126 1.1 christos #endif 1127 1.1 christos } 1128 1.1 christos 1129 1.1 christos 1130 1.1 christos /* ------------------------------------------------------------------------ */ 1131 1.1 christos /* Function: ipf_frag_nat_next */ 1132 1.1 christos /* ------------------------------------------------------------------------ */ 1133 1.1 christos int 1134 1.2 christos ipf_frag_nat_next(ipf_main_softc_t *softc, ipftoken_t *token, ipfgeniter_t *itp) 1135 1.1 christos { 1136 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft;; 1137 1.1 christos 1138 1.1 christos #ifdef USE_MUTEXES 1139 1.1 christos return ipf_frag_next(softc, token, itp, &softf->ipfr_natlist, 1140 1.1 christos &softf->ipfr_natfrag); 1141 1.1 christos #else 1142 1.1 christos return ipf_frag_next(softc, token, itp, &softf->ipfr_natlist); 1143 1.1 christos #endif 1144 1.1 christos } 1145 1.1 christos 1146 1.1 christos /* ------------------------------------------------------------------------ */ 1147 1.1 christos /* Function: ipf_frag_next */ 1148 1.1 christos /* Returns: int - 0 == success, else error */ 1149 1.1 christos /* Parameters: token(I) - pointer to token information for this caller */ 1150 1.1 christos /* itp(I) - pointer to generic iterator from caller */ 1151 1.1 christos /* top(I) - top of the fragment list */ 1152 1.1 christos /* lock(I) - fragment cache lock */ 1153 1.1 christos /* */ 1154 1.1 christos /* This function is used to interate through the list of entries in the */ 1155 1.1 christos /* fragment cache. It increases the reference count on the one currently */ 1156 1.1 christos /* being returned so that the caller can come back and resume from it later.*/ 1157 1.1 christos /* */ 1158 1.1 christos /* This function is used for both the NAT fragment cache as well as the ipf */ 1159 1.1 christos /* fragment cache - hence the reason for passing in top and lock. */ 1160 1.1 christos /* ------------------------------------------------------------------------ */ 1161 1.1 christos static int 1162 1.2 christos ipf_frag_next( 1163 1.2 christos ipf_main_softc_t *softc, 1164 1.2 christos ipftoken_t *token, 1165 1.2 christos ipfgeniter_t *itp, 1166 1.2 christos ipfr_t **top 1167 1.1 christos #ifdef USE_MUTEXES 1168 1.2 christos , ipfrwlock_t *lock 1169 1.1 christos #endif 1170 1.1 christos ) 1171 1.1 christos { 1172 1.1 christos ipfr_t *frag, *next, zero; 1173 1.1 christos int error = 0; 1174 1.1 christos 1175 1.1 christos if (itp->igi_data == NULL) { 1176 1.1 christos IPFERROR(20001); 1177 1.1 christos return EFAULT; 1178 1.1 christos } 1179 1.1 christos 1180 1.1 christos if (itp->igi_nitems != 1) { 1181 1.1 christos IPFERROR(20003); 1182 1.1 christos return EFAULT; 1183 1.1 christos } 1184 1.1 christos 1185 1.1 christos frag = token->ipt_data; 1186 1.1 christos 1187 1.1 christos READ_ENTER(lock); 1188 1.1 christos 1189 1.1 christos if (frag == NULL) 1190 1.1 christos next = *top; 1191 1.1 christos else 1192 1.1 christos next = frag->ipfr_next; 1193 1.1 christos 1194 1.1 christos if (next != NULL) { 1195 1.1 christos ATOMIC_INC(next->ipfr_ref); 1196 1.1 christos token->ipt_data = next; 1197 1.1 christos } else { 1198 1.1 christos bzero(&zero, sizeof(zero)); 1199 1.1 christos next = &zero; 1200 1.1 christos token->ipt_data = NULL; 1201 1.1 christos } 1202 1.1 christos if (next->ipfr_next == NULL) 1203 1.1 christos ipf_token_mark_complete(token); 1204 1.1 christos 1205 1.1 christos RWLOCK_EXIT(lock); 1206 1.1 christos 1207 1.1 christos error = COPYOUT(next, itp->igi_data, sizeof(*next)); 1208 1.1 christos if (error != 0) 1209 1.1 christos IPFERROR(20002); 1210 1.1 christos 1211 1.1 christos if (frag != NULL) { 1212 1.1 christos #ifdef USE_MUTEXES 1213 1.1 christos ipf_frag_deref(softc, &frag, lock); 1214 1.1 christos #else 1215 1.1 christos ipf_frag_deref(softc, &frag); 1216 1.1 christos #endif 1217 1.1 christos } 1218 1.1 christos return error; 1219 1.1 christos } 1220 1.1 christos 1221 1.1 christos 1222 1.1 christos /* ------------------------------------------------------------------------ */ 1223 1.1 christos /* Function: ipf_frag_pkt_deref */ 1224 1.1 christos /* Returns: Nil */ 1225 1.1 christos /* */ 1226 1.1 christos /* ------------------------------------------------------------------------ */ 1227 1.1 christos void 1228 1.2 christos ipf_frag_pkt_deref(ipf_main_softc_t *softc, void *data) 1229 1.1 christos { 1230 1.1 christos ipfr_t **frp = data; 1231 1.1 christos 1232 1.1 christos #ifdef USE_MUTEXES 1233 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 1234 1.1 christos 1235 1.1 christos ipf_frag_deref(softc->ipf_frag_soft, frp, &softf->ipfr_frag); 1236 1.1 christos #else 1237 1.1 christos ipf_frag_deref(softc->ipf_frag_soft, frp); 1238 1.1 christos #endif 1239 1.1 christos } 1240 1.1 christos 1241 1.1 christos 1242 1.1 christos /* ------------------------------------------------------------------------ */ 1243 1.1 christos /* Function: ipf_frag_nat_deref */ 1244 1.1 christos /* Returns: Nil */ 1245 1.1 christos /* */ 1246 1.1 christos /* ------------------------------------------------------------------------ */ 1247 1.1 christos void 1248 1.2 christos ipf_frag_nat_deref(ipf_main_softc_t *softc, void *data) 1249 1.1 christos { 1250 1.1 christos ipfr_t **frp = data; 1251 1.1 christos 1252 1.1 christos #ifdef USE_MUTEXES 1253 1.1 christos ipf_frag_softc_t *softf = softc->ipf_frag_soft; 1254 1.1 christos 1255 1.1 christos ipf_frag_deref(softc->ipf_frag_soft, frp, &softf->ipfr_natfrag); 1256 1.1 christos #else 1257 1.1 christos ipf_frag_deref(softc->ipf_frag_soft, frp); 1258 1.1 christos #endif 1259 1.1 christos } 1260 1.1 christos 1261 1.1 christos 1262 1.1 christos /* ------------------------------------------------------------------------ */ 1263 1.1 christos /* Function: ipf_frag_deref */ 1264 1.1 christos /* Returns: Nil */ 1265 1.1 christos /* Parameters: frp(IO) - pointer to fragment structure to deference */ 1266 1.1 christos /* lock(I) - lock associated with the fragment */ 1267 1.1 christos /* */ 1268 1.1 christos /* This function dereferences a fragment structure (ipfr_t). The pointer */ 1269 1.1 christos /* passed in will always be reset back to NULL, even if the structure is */ 1270 1.1 christos /* not freed, to enforce the notion that the caller is no longer entitled */ 1271 1.1 christos /* to use the pointer it is dropping the reference to. */ 1272 1.1 christos /* ------------------------------------------------------------------------ */ 1273 1.1 christos static void 1274 1.2 christos ipf_frag_deref(void *arg, ipfr_t **frp 1275 1.1 christos #ifdef USE_MUTEXES 1276 1.2 christos , ipfrwlock_t *lock 1277 1.1 christos #endif 1278 1.1 christos ) 1279 1.1 christos { 1280 1.1 christos ipf_frag_softc_t *softf = arg; 1281 1.1 christos ipfr_t *fra; 1282 1.1 christos 1283 1.1 christos fra = *frp; 1284 1.1 christos *frp = NULL; 1285 1.1 christos 1286 1.1 christos WRITE_ENTER(lock); 1287 1.1 christos fra->ipfr_ref--; 1288 1.1 christos if (fra->ipfr_ref <= 0) 1289 1.1 christos ipf_frag_free(softf, fra); 1290 1.1 christos RWLOCK_EXIT(lock); 1291 1.1 christos } 1292
Indexes created Tue Oct 21 19:09:51 GMT 2025